res_srtp: Disable parsing of not enabled cryptos

When compiled without extended srtp crypto suites also disable parsing
these from received SDP. This prevents using these, as some client
implementations are not stable.

ASTERISK-29625

Change-Id: I7dafb29be1cdaabdc984002573f4bea87520533a

res/res_srtp.c

@@ -275,7 +275,7 @@ static int policy_set_suite(crypto_policy_t *p, enum ast_srtp_suite suite)
 		crypto_policy_set_aes_cm_128_hmac_sha1_32(p);
 		return 0;
 
-#ifdef HAVE_SRTP_192
+#if defined(HAVE_SRTP_192) && defined(ENABLE_SRTP_AES_192)
 	case AST_AES_CM_192_HMAC_SHA1_80:
 		crypto_policy_set_aes_cm_192_hmac_sha1_80(p);
 		return 0;
@@ -284,7 +284,7 @@ static int policy_set_suite(crypto_policy_t *p, enum ast_srtp_suite suite)
 		crypto_policy_set_aes_cm_192_hmac_sha1_32(p);
 		return 0;
 #endif
-#ifdef HAVE_SRTP_256
+#if defined(HAVE_SRTP_256) && defined(ENABLE_SRTP_AES_256)
 	case AST_AES_CM_256_HMAC_SHA1_80:
 		crypto_policy_set_aes_cm_256_hmac_sha1_80(p);
 		return 0;
@@ -293,18 +293,19 @@ static int policy_set_suite(crypto_policy_t *p, enum ast_srtp_suite suite)
 		crypto_policy_set_aes_cm_256_hmac_sha1_32(p);
 		return 0;
 #endif
-#ifdef HAVE_SRTP_GCM
+#if defined(HAVE_SRTP_GCM) && defined(ENABLE_SRTP_AES_GCM)
 	case AST_AES_GCM_128:
 		crypto_policy_set_aes_gcm_128_16_auth(p);
 		return 0;
 
-	case AST_AES_GCM_256:
-		crypto_policy_set_aes_gcm_256_16_auth(p);
-		return 0;
-
 	case AST_AES_GCM_128_8:
 		crypto_policy_set_aes_gcm_128_8_auth(p);
 		return 0;
+#endif
+#if defined(HAVE_SRTP_GCM) && defined(ENABLE_SRTP_AES_GCM) && defined(ENABLE_SRTP_AES_256)
+	case AST_AES_GCM_256:
+		crypto_policy_set_aes_gcm_256_16_auth(p);
+		return 0;
 
 	case AST_AES_GCM_256_8:
 		crypto_policy_set_aes_gcm_256_8_auth(p);
@@ -880,7 +881,7 @@ static int res_sdp_crypto_parse_offer(struct ast_rtp_instance *rtp, struct ast_s
 		suite_val = AST_AES_CM_128_HMAC_SHA1_32;
 		ast_set_flag(srtp, AST_SRTP_CRYPTO_TAG_32);
 		key_len_expected = 30;
-#ifdef HAVE_SRTP_192
+#if defined(HAVE_SRTP_192) && defined(ENABLE_SRTP_AES_192)
 	} else if (!strcmp(suite, "AES_192_CM_HMAC_SHA1_80")) {
 		suite_val = AST_AES_CM_192_HMAC_SHA1_80;
 		ast_set_flag(srtp, AST_SRTP_CRYPTO_TAG_80);
@@ -905,7 +906,7 @@ static int res_sdp_crypto_parse_offer(struct ast_rtp_instance *rtp, struct ast_s
 		ast_set_flag(srtp, AST_SRTP_CRYPTO_OLD_NAME);
 		key_len_expected = 38;
 #endif
-#ifdef HAVE_SRTP_256
+#if defined(HAVE_SRTP_256) && defined(ENABLE_SRTP_AES_256)
 	} else if (!strcmp(suite, "AES_256_CM_HMAC_SHA1_80")) {
 		suite_val = AST_AES_CM_256_HMAC_SHA1_80;
 		ast_set_flag(srtp, AST_SRTP_CRYPTO_TAG_80);
@@ -930,21 +931,24 @@ static int res_sdp_crypto_parse_offer(struct ast_rtp_instance *rtp, struct ast_s
 		ast_set_flag(srtp, AST_SRTP_CRYPTO_OLD_NAME);
 		key_len_expected = 46;
 #endif
-#ifdef HAVE_SRTP_GCM
+#if defined(HAVE_SRTP_GCM) && defined(ENABLE_SRTP_AES_GCM)
 	} else if (!strcmp(suite, "AEAD_AES_128_GCM")) {
 		suite_val = AST_AES_GCM_128;
 		ast_set_flag(srtp, AST_SRTP_CRYPTO_TAG_16);
 		key_len_expected = AES_128_GCM_KEYSIZE_WSALT;
+	/* RFC contained a (too) short auth tag for RTP media, some still use that */
+	} else if (!strcmp(suite, "AEAD_AES_128_GCM_8")) {
+		suite_val = AST_AES_GCM_128_8;
+		ast_set_flag(srtp, AST_SRTP_CRYPTO_TAG_8);
+		key_len_expected = AES_128_GCM_KEYSIZE_WSALT;
+#endif
+#if defined(HAVE_SRTP_GCM) && defined(ENABLE_SRTP_AES_GCM) && defined(ENABLE_SRTP_AES_256)
 	} else if (!strcmp(suite, "AEAD_AES_256_GCM")) {
 		suite_val = AST_AES_GCM_256;
 		ast_set_flag(srtp, AST_SRTP_CRYPTO_TAG_16);
 		ast_set_flag(srtp, AST_SRTP_CRYPTO_AES_256);
 		key_len_expected = AES_256_GCM_KEYSIZE_WSALT;
 	/* RFC contained a (too) short auth tag for RTP media, some still use that */
-	} else if (!strcmp(suite, "AEAD_AES_128_GCM_8")) {
-		suite_val = AST_AES_GCM_128_8;
-		ast_set_flag(srtp, AST_SRTP_CRYPTO_TAG_8);
-		key_len_expected = AES_128_GCM_KEYSIZE_WSALT;
 	} else if (!strcmp(suite, "AEAD_AES_256_GCM_8")) {
 		suite_val = AST_AES_GCM_256_8;
 		ast_set_flag(srtp, AST_SRTP_CRYPTO_TAG_8);