--- /dev/null
+From 95b45d1c46b35232ee0b9bdb3135b080c164c7c6 Mon Sep 17 00:00:00 2001
+From: Alexander Traud <pabstraud@compuserve.com>
+Date: Wed, 18 Oct 2017 10:30:25 +0200
+Subject: [PATCH] res_srtp: Add support for libsrtp2 with AES-GCM.
+
+Beside allowing AES-GCM again, this adds AES-192 again.
+
+ASTERISK-27356
+
+Change-Id: Ia97a435faf26300335d9552fa676b5d17e5f7233
+[yann.morin.1998@free.fr: backport from upstream]
+Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
+---
+ configure | 104 +++++++++++++++++++++++++++++++++++++++++++++++++
+ configure.ac | 1 +
+ res/srtp/srtp_compat.h | 12 ++++++
+ 3 files changed, 117 insertions(+)
+
+diff --git a/configure b/configure
+index 59bc3b10b1..588fbfd0be 100755
+--- a/configure
++++ b/configure
+@@ -33793,6 +33793,110 @@ fi
+
+
+
++if test "x${PBX_SRTP_192}" != "x1" -a "${USE_SRTP_192}" != "no"; then
++ pbxlibdir=""
++ # if --with-SRTP_192=DIR has been specified, use it.
++ if test "x${SRTP_192_DIR}" != "x"; then
++ if test -d ${SRTP_192_DIR}/lib; then
++ pbxlibdir="-L${SRTP_192_DIR}/lib"
++ else
++ pbxlibdir="-L${SRTP_192_DIR}"
++ fi
++ fi
++ pbxfuncname="srtp_crypto_policy_set_aes_cm_192_hmac_sha1_80"
++ if test "x${pbxfuncname}" = "x" ; then # empty lib, assume only headers
++ AST_SRTP_192_FOUND=yes
++ else
++ ast_ext_lib_check_save_CFLAGS="${CFLAGS}"
++ CFLAGS="${CFLAGS} "
++ as_ac_Lib=`$as_echo "ac_cv_lib_srtp2_${pbxfuncname}" | $as_tr_sh`
++{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ${pbxfuncname} in -lsrtp2" >&5
++$as_echo_n "checking for ${pbxfuncname} in -lsrtp2... " >&6; }
++if eval \${$as_ac_Lib+:} false; then :
++ $as_echo_n "(cached) " >&6
++else
++ ac_check_lib_save_LIBS=$LIBS
++LIBS="-lsrtp2 ${pbxlibdir} $LIBS"
++cat confdefs.h - <<_ACEOF >conftest.$ac_ext
++/* end confdefs.h. */
++
++/* Override any GCC internal prototype to avoid an error.
++ Use char because int might match the return type of a GCC
++ builtin and then its argument prototype would still apply. */
++#ifdef __cplusplus
++extern "C"
++#endif
++char ${pbxfuncname} ();
++int
++main ()
++{
++return ${pbxfuncname} ();
++ ;
++ return 0;
++}
++_ACEOF
++if ac_fn_c_try_link "$LINENO"; then :
++ eval "$as_ac_Lib=yes"
++else
++ eval "$as_ac_Lib=no"
++fi
++rm -f core conftest.err conftest.$ac_objext \
++ conftest$ac_exeext conftest.$ac_ext
++LIBS=$ac_check_lib_save_LIBS
++fi
++eval ac_res=\$$as_ac_Lib
++ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
++$as_echo "$ac_res" >&6; }
++if eval test \"x\$"$as_ac_Lib"\" = x"yes"; then :
++ AST_SRTP_192_FOUND=yes
++else
++ AST_SRTP_192_FOUND=no
++fi
++
++ CFLAGS="${ast_ext_lib_check_save_CFLAGS}"
++ fi
++
++ # now check for the header.
++ if test "${AST_SRTP_192_FOUND}" = "yes"; then
++ SRTP_192_LIB="${pbxlibdir} -lsrtp2 "
++ # if --with-SRTP_192=DIR has been specified, use it.
++ if test "x${SRTP_192_DIR}" != "x"; then
++ SRTP_192_INCLUDE="-I${SRTP_192_DIR}/include"
++ fi
++ SRTP_192_INCLUDE="${SRTP_192_INCLUDE} "
++ if test "x" = "x" ; then # no header, assume found
++ SRTP_192_HEADER_FOUND="1"
++ else # check for the header
++ ast_ext_lib_check_saved_CPPFLAGS="${CPPFLAGS}"
++ CPPFLAGS="${CPPFLAGS} ${SRTP_192_INCLUDE}"
++ ac_fn_c_check_header_mongrel "$LINENO" "" "ac_cv_header_" "$ac_includes_default"
++if test "x$ac_cv_header_" = xyes; then :
++ SRTP_192_HEADER_FOUND=1
++else
++ SRTP_192_HEADER_FOUND=0
++fi
++
++
++ CPPFLAGS="${ast_ext_lib_check_saved_CPPFLAGS}"
++ fi
++ if test "x${SRTP_192_HEADER_FOUND}" = "x0" ; then
++ SRTP_192_LIB=""
++ SRTP_192_INCLUDE=""
++ else
++ if test "x${pbxfuncname}" = "x" ; then # only checking headers -> no library
++ SRTP_192_LIB=""
++ fi
++ PBX_SRTP_192=1
++ cat >>confdefs.h <<_ACEOF
++#define HAVE_SRTP_192 1
++_ACEOF
++
++ fi
++ fi
++fi
++
++
++
+ if test "x${PBX_SRTP_GCM}" != "x1" -a "${USE_SRTP_GCM}" != "no"; then
+ pbxlibdir=""
+ # if --with-SRTP_GCM=DIR has been specified, use it.
+diff --git a/configure.ac b/configure.ac
+index 9f95786e11..c729b94aba 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -2520,6 +2520,7 @@ AST_EXT_LIB_CHECK_SHARED([SRTP], [srtp2], [srtp_init], [srtp2/srtp.h], [], [], [
+ if test "x$PBX_SRTP" = x1;
+ then
+ AST_EXT_LIB_CHECK([SRTP_256], [srtp2], [srtp_crypto_policy_set_aes_cm_256_hmac_sha1_80])
++ AST_EXT_LIB_CHECK([SRTP_192], [srtp2], [srtp_crypto_policy_set_aes_cm_192_hmac_sha1_80])
+ AST_EXT_LIB_CHECK([SRTP_GCM], [srtp2], [srtp_crypto_policy_set_aes_gcm_128_8_auth])
+ AST_EXT_LIB_CHECK([SRTP_SHUTDOWN], [srtp2], [srtp_shutdown], [srtp2/srtp.h])
+
+diff --git a/res/srtp/srtp_compat.h b/res/srtp/srtp_compat.h
+index 56ffca1cc2..dbd8ddee0f 100644
+--- a/res/srtp/srtp_compat.h
++++ b/res/srtp/srtp_compat.h
+@@ -16,6 +16,18 @@
+ #define crypto_policy_set_aes_gcm_128_8_auth srtp_crypto_policy_set_aes_gcm_128_8_auth
+ #define crypto_policy_set_aes_gcm_256_8_auth srtp_crypto_policy_set_aes_gcm_256_8_auth
+
++#if defined(SRTP_AES_GCM_128_KEY_LEN_WSALT)
++#define AES_128_GCM_KEYSIZE_WSALT SRTP_AES_GCM_128_KEY_LEN_WSALT
++#else
++#define AES_128_GCM_KEYSIZE_WSALT SRTP_AES_128_GCM_KEYSIZE_WSALT
++#endif
++
++#if defined(SRTP_AES_GCM_256_KEY_LEN_WSALT)
++#define AES_256_GCM_KEYSIZE_WSALT SRTP_AES_GCM_256_KEY_LEN_WSALT
++#else
++#define AES_256_GCM_KEYSIZE_WSALT SRTP_AES_256_GCM_KEYSIZE_WSALT
++#endif
++
+ #define err_status_t srtp_err_status_t
+ #define err_status_ok srtp_err_status_ok
+ #define err_status_fail srtp_err_status_fail
+--
+2.14.1
+