res_srtp: Add menuselect options to enable AES_192, AES_256 and AES_GCM

UserNote: Options are now available in the menuselect "Resource Modules"
category that allow you to enable the AES_192, AES_256 and AES_GCM
cipher suites in res_srtp. Of course, libsrtp and OpenSSL must support
them but modern versions do.  Previously, the only way to enable them was
to set the CFLAGS environment variable when running ./configure.
The default setting is to disable them preserving existing behavior.

diff --git a/build_tools/menuselect-deps.in b/build_tools/menuselect-deps.in
index 877eff070b8f32c4c2fb637d434bed335924285b..52c26e14a6fc230c410998306b6b8c166e01d693 100644 (file)
--- a/build_tools/menuselect-deps.in
+++ b/build_tools/menuselect-deps.in
@@ -80,3 +80,6 @@ CXX14=@PBX_CXX14@
 CXX17=@PBX_CXX17@
 CXX20=@PBX_CXX20@
 CXX23=@PBX_CXX23@
+HAVE_SRTP_192=@PBX_SRTP_192@
+HAVE_SRTP_256=@PBX_SRTP_256@
+HAVE_SRTP_GCM=@PBX_SRTP_GCM@

diff --git a/res/Makefile b/res/Makefile
index 1915ff35d31642080a6c71855cb28e652a3b92e8..79a1d80a56aa7218dfc3da4df75f8ce0e5be4f00 100644 (file)
--- a/res/Makefile
+++ b/res/Makefile
@@ -76,6 +76,21 @@ res_parking.o: _ASTCFLAGS+=$(AST_NO_FORMAT_TRUNCATION)
 snmp/agent.o: _ASTCFLAGS+=-fPIC
 res_snmp.o: _ASTCFLAGS+=-fPIC
 
+MODULE_EXCLUDE=ENABLE_SRTP_AES_192 ENABLE_SRTP_AES_256 ENABLE_SRTP_AES_GCM
+
+ifeq ($(findstring ENABLE_SRTP_AES_192,$(MENUSELECT_RES)),)
+res_srtp.o: _ASTCFLAGS+=-DENABLE_SRTP_AES_192
+endif
+
+ifeq ($(findstring ENABLE_SRTP_AES_256,$(MENUSELECT_RES)),)
+res_srtp.o: _ASTCFLAGS+=-DENABLE_SRTP_AES_256
+endif
+
+ifeq ($(findstring ENABLE_SRTP_AES_GCM,$(MENUSELECT_RES)),)
+res_srtp.o: _ASTCFLAGS+=-DENABLE_SRTP_AES_GCM
+endif
+
+
 # Dependencies for res_ari_*.so are generated, so they're in this file
 include ari.make
 

diff --git a/res/res_srtp.c b/res/res_srtp.c
index 09f33ac496a3175dbdc7c9d534570a17fee16f28..39454c6122adc53c166d98550d0c74a264c2b729 100644 (file)
--- a/res/res_srtp.c
+++ b/res/res_srtp.c
@@ -35,6 +35,32 @@
        <support_level>core</support_level>
 ***/
 
+/*** MAKEOPTS
+<category name="MENUSELECT_RES" displayname="Resource Modules">
+       <member name="ENABLE_SRTP_AES_192" displayname="Enable AES 192 cipher suite in res_srtp" touch_on_change="res/res_srtp.c">
+               <defaultenabled>no</defaultenabled>
+               <support_level>option</support_level>
+               <depend>srtp</depend>
+               <depend>res_srtp</depend>
+               <depend>HAVE_SRTP_192</depend>
+       </member>
+       <member name="ENABLE_SRTP_AES_256" displayname="Enable AES 256 cipher suite in res_srtp" touch_on_change="res/res_srtp.c">
+               <defaultenabled>no</defaultenabled>
+               <support_level>option</support_level>
+               <depend>srtp</depend>
+               <depend>res_srtp</depend>
+               <depend>HAVE_SRTP_256</depend>
+       </member>
+       <member name="ENABLE_SRTP_AES_GCM" displayname="Enable AES GCM cipher suite in res_srtp" touch_on_change="res/res_srtp.c">
+               <defaultenabled>no</defaultenabled>
+               <support_level>option</support_level>
+               <depend>srtp</depend>
+               <depend>res_srtp</depend>
+               <depend>HAVE_SRTP_GCM</depend>
+       </member>
+</category>
+***/
+
 /* See https://docs.asterisk.org/Deployment/Secure-Calling/ */
 
 #include "asterisk.h"                   /* for NULL, size_t, memcpy, etc */