diff options
| author | landry <> | 2021-06-11 15:28:14 +0000 |
|---|---|---|
| committer | landry <> | 2021-06-11 15:28:14 +0000 |
| commit | 8eb08269b2394f412e06e5fe98f463c2291efe8a (patch) | |
| tree | 30aa842b7ca74087437856fd043acad5f005814d | |
| parent | 7ca9aeeeb45847bc83fc6de845e2a5a1fe730838 (diff) | |
| download | openbsd-8eb08269b2394f412e06e5fe98f463c2291efe8a.tar.gz openbsd-8eb08269b2394f412e06e5fe98f463c2291efe8a.tar.bz2 openbsd-8eb08269b2394f412e06e5fe98f463c2291efe8a.zip | |
add AES-GCM constants from RFC 7714 for SRTP
SRTP_AEAD_AES_128_GCM/SRTP_AEAD_AES_256_GCM can be used as DTLS-SRTP
protection profiles - seen with an update of telephony/baresip i'm
working on.
adapted from openssl commit 43e5faa2539ae8aae6ef55be2239b9b1a77fea45
ok tb@ jsing@
| -rw-r--r-- | src/lib/libssl/d1_srtp.c | 10 | ||||
| -rw-r--r-- | src/lib/libssl/man/SSL_CTX_set_tlsext_use_srtp.3 | 8 | ||||
| -rw-r--r-- | src/lib/libssl/srtp.h | 6 |
3 files changed, 20 insertions, 4 deletions
diff --git a/src/lib/libssl/d1_srtp.c b/src/lib/libssl/d1_srtp.c index cbdb4a6144..70f9453f5f 100644 --- a/src/lib/libssl/d1_srtp.c +++ b/src/lib/libssl/d1_srtp.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: d1_srtp.c,v 1.28 2021/05/16 13:56:30 jsing Exp $ */ | 1 | /* $OpenBSD: d1_srtp.c,v 1.29 2021/06/11 15:28:13 landry Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -136,6 +136,14 @@ static const SRTP_PROTECTION_PROFILE srtp_known_profiles[] = { | |||
| 136 | "SRTP_AES128_CM_SHA1_32", | 136 | "SRTP_AES128_CM_SHA1_32", |
| 137 | SRTP_AES128_CM_SHA1_32, | 137 | SRTP_AES128_CM_SHA1_32, |
| 138 | }, | 138 | }, |
| 139 | { | ||
| 140 | "SRTP_AEAD_AES_128_GCM", | ||
| 141 | SRTP_AEAD_AES_128_GCM, | ||
| 142 | }, | ||
| 143 | { | ||
| 144 | "SRTP_AEAD_AES_256_GCM", | ||
| 145 | SRTP_AEAD_AES_256_GCM, | ||
| 146 | }, | ||
| 139 | {0} | 147 | {0} |
| 140 | }; | 148 | }; |
| 141 | 149 | ||
diff --git a/src/lib/libssl/man/SSL_CTX_set_tlsext_use_srtp.3 b/src/lib/libssl/man/SSL_CTX_set_tlsext_use_srtp.3 index c194a59d4b..f936f01d7b 100644 --- a/src/lib/libssl/man/SSL_CTX_set_tlsext_use_srtp.3 +++ b/src/lib/libssl/man/SSL_CTX_set_tlsext_use_srtp.3 | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | .\" $OpenBSD: SSL_CTX_set_tlsext_use_srtp.3,v 1.4 2019/06/12 09:36:30 schwarze Exp $ | 1 | .\" $OpenBSD: SSL_CTX_set_tlsext_use_srtp.3,v 1.5 2021/06/11 15:28:14 landry Exp $ |
| 2 | .\" full merge up to: OpenSSL b0edda11 Mar 20 13:00:17 2018 +0000 | 2 | .\" full merge up to: OpenSSL b0edda11 Mar 20 13:00:17 2018 +0000 |
| 3 | .\" | 3 | .\" |
| 4 | .\" This file was written by Matt Caswell <matt@openssl.org>. | 4 | .\" This file was written by Matt Caswell <matt@openssl.org>. |
| @@ -48,7 +48,7 @@ | |||
| 48 | .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | 48 | .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED |
| 49 | .\" OF THE POSSIBILITY OF SUCH DAMAGE. | 49 | .\" OF THE POSSIBILITY OF SUCH DAMAGE. |
| 50 | .\" | 50 | .\" |
| 51 | .Dd $Mdocdate: June 12 2019 $ | 51 | .Dd $Mdocdate: June 11 2021 $ |
| 52 | .Dt SSL_CTX_SET_TLSEXT_USE_SRTP 3 | 52 | .Dt SSL_CTX_SET_TLSEXT_USE_SRTP 3 |
| 53 | .Os | 53 | .Os |
| 54 | .Sh NAME | 54 | .Sh NAME |
| @@ -113,6 +113,10 @@ The currently supported protection profile names are: | |||
| 113 | This corresponds to SRTP_AES128_CM_HMAC_SHA1_80 defined in RFC5764. | 113 | This corresponds to SRTP_AES128_CM_HMAC_SHA1_80 defined in RFC5764. |
| 114 | .It Dv SRTP_AES128_CM_SHA1_32 | 114 | .It Dv SRTP_AES128_CM_SHA1_32 |
| 115 | This corresponds to SRTP_AES128_CM_HMAC_SHA1_32 defined in RFC5764. | 115 | This corresponds to SRTP_AES128_CM_HMAC_SHA1_32 defined in RFC5764. |
| 116 | .It Dv SRTP_AEAD_AES_128_GCM | ||
| 117 | This corresponds to SRTP_AEAD_AES_128_GCM defined in RFC7714. | ||
| 118 | .It Dv SRTP_AEAD_AES_256_GCM | ||
| 119 | This corresponds to SRTP_AEAD_AES_256_GCM defined in RFC7714. | ||
| 116 | .El | 120 | .El |
| 117 | .Pp | 121 | .Pp |
| 118 | Supplying an unrecognised protection profile name results in an error. | 122 | Supplying an unrecognised protection profile name results in an error. |
diff --git a/src/lib/libssl/srtp.h b/src/lib/libssl/srtp.h index 6daa02a791..89ce862020 100644 --- a/src/lib/libssl/srtp.h +++ b/src/lib/libssl/srtp.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: srtp.h,v 1.6 2015/09/01 15:18:23 jsing Exp $ */ | 1 | /* $OpenBSD: srtp.h,v 1.7 2021/06/11 15:28:13 landry Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -129,6 +129,10 @@ extern "C" { | |||
| 129 | #define SRTP_NULL_SHA1_80 0x0005 | 129 | #define SRTP_NULL_SHA1_80 0x0005 |
| 130 | #define SRTP_NULL_SHA1_32 0x0006 | 130 | #define SRTP_NULL_SHA1_32 0x0006 |
| 131 | 131 | ||
| 132 | /* AEAD SRTP protection profiles from RFC 7714 */ | ||
| 133 | #define SRTP_AEAD_AES_128_GCM 0x0007 | ||
| 134 | #define SRTP_AEAD_AES_256_GCM 0x0008 | ||
| 135 | |||
| 132 | int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles); | 136 | int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles); |
| 133 | int SSL_set_tlsext_use_srtp(SSL *ctx, const char *profiles); | 137 | int SSL_set_tlsext_use_srtp(SSL *ctx, const char *profiles); |
| 134 | 138 | ||