res_srtp: Add menuselect options to enable AES_192, AES_256 and AES_GCM

UserNote: Options are now available in the menuselect "Resource Modules" category that allow you to enable the AES_192, AES_256 and AES_GCM cipher suites in res_srtp. Of course, libsrtp and OpenSSL must support them but modern versions do. Previously, the only way to enable them was to set the CFLAGS environment variable when running ./configure. The default setting is to disable them preserving existing behavior.
2025-09-02 03:02:04 +00:00 · 2025-08-05 08:10:29 -06:00
parent 511d22ef5e
commit 22d405e900
3 changed files with 44 additions and 0 deletions
--- a/build_tools/menuselect-deps.in
+++ b/build_tools/menuselect-deps.in
@@ -80,3 +80,6 @@ CXX14=@PBX_CXX14@
 CXX17=@PBX_CXX17@
 CXX20=@PBX_CXX20@
 CXX23=@PBX_CXX23@
+HAVE_SRTP_192=@PBX_SRTP_192@
+HAVE_SRTP_256=@PBX_SRTP_256@
+HAVE_SRTP_GCM=@PBX_SRTP_GCM@
--- a/res/Makefile
+++ b/res/Makefile
@@ -76,6 +76,21 @@ res_parking.o: _ASTCFLAGS+=$(AST_NO_FORMAT_TRUNCATION)
 snmp/agent.o: _ASTCFLAGS+=-fPIC
 res_snmp.o: _ASTCFLAGS+=-fPIC

+MODULE_EXCLUDE=ENABLE_SRTP_AES_192 ENABLE_SRTP_AES_256 ENABLE_SRTP_AES_GCM
+
+ifeq ($(findstring ENABLE_SRTP_AES_192,$(MENUSELECT_RES)),)
+res_srtp.o: _ASTCFLAGS+=-DENABLE_SRTP_AES_192
+endif
+
+ifeq ($(findstring ENABLE_SRTP_AES_256,$(MENUSELECT_RES)),)
+res_srtp.o: _ASTCFLAGS+=-DENABLE_SRTP_AES_256
+endif
+
+ifeq ($(findstring ENABLE_SRTP_AES_GCM,$(MENUSELECT_RES)),)
+res_srtp.o: _ASTCFLAGS+=-DENABLE_SRTP_AES_GCM
+endif
+
+
 # Dependencies for res_ari_*.so are generated, so they're in this file
 include ari.make

--- a/res/res_srtp.c
+++ b/res/res_srtp.c
@@ -35,6 +35,32 @@
 	<support_level>core</support_level>
 ***/

+/*** MAKEOPTS
+<category name="MENUSELECT_RES" displayname="Resource Modules">
+	<member name="ENABLE_SRTP_AES_192" displayname="Enable AES 192 cipher suite in res_srtp" touch_on_change="res/res_srtp.c">
+		<defaultenabled>no</defaultenabled>
+		<support_level>option</support_level>
+		<depend>srtp</depend>
+		<depend>res_srtp</depend>
+		<depend>HAVE_SRTP_192</depend>
+	</member>
+	<member name="ENABLE_SRTP_AES_256" displayname="Enable AES 256 cipher suite in res_srtp" touch_on_change="res/res_srtp.c">
+		<defaultenabled>no</defaultenabled>
+		<support_level>option</support_level>
+		<depend>srtp</depend>
+		<depend>res_srtp</depend>
+		<depend>HAVE_SRTP_256</depend>
+	</member>
+	<member name="ENABLE_SRTP_AES_GCM" displayname="Enable AES GCM cipher suite in res_srtp" touch_on_change="res/res_srtp.c">
+		<defaultenabled>no</defaultenabled>
+		<support_level>option</support_level>
+		<depend>srtp</depend>
+		<depend>res_srtp</depend>
+		<depend>HAVE_SRTP_GCM</depend>
+	</member>
+</category>
+***/
+
 /* See https://docs.asterisk.org/Deployment/Secure-Calling/ */

 #include "asterisk.h"                   /* for NULL, size_t, memcpy, etc */