How to compile libsrtp2.3.0 with AES-GCM cipher group support ?

I have read #620 and #464 and tried the solution discussed. I am using openssl-1.1.1s and libsrtp-2.3.0, this is my configure command and output:

./configure --enable-openssl --prefix=/usr/local/libsrtp2_3/ --with-openssl-dir=/usr/local/ssl_1_1_1s/ checking for gcc... gcc checking whether the C compiler works... yes checking for C compiler default output file name... a.out checking for suffix of executables... checking whether we are cross compiling... no checking for suffix of object files... o checking whether we are using the GNU C compiler... yes checking whether gcc accepts -g... yes checking for gcc option to accept ISO C89... none needed checking how to run the C preprocessor... gcc -E checking for g++... g++ checking whether we are using the GNU C++ compiler... yes checking whether g++ accepts -g... yes checking for ar... ar checking the archiver (ar) interface... ar checking for ranlib... ranlib checking for a BSD-compatible install... /usr/bin/install -c checking for a sed that does not truncate output... /usr/bin/sed checking for grep that handles long lines and -e... /usr/bin/grep checking for egrep... /usr/bin/grep -E checking for ANSI C header files... yes checking for sys/types.h... yes checking for sys/stat.h... yes checking for stdlib.h... yes checking for string.h... yes checking for memory.h... yes checking for strings.h... yes checking for inttypes.h... yes checking for stdint.h... yes checking for unistd.h... yes checking whether byte ordering is bigendian... no checking build system type... x86_64-pc-linux-gnu checking host system type... x86_64-pc-linux-gnu checking whether gcc accepts -Werror... yes checking whether gcc accepts -fPIC... yes checking whether gcc accepts -Wall... yes checking whether gcc accepts -pedantic... yes checking whether gcc accepts -Wstrict-prototypes... yes checking whether gcc accepts -O4... yes checking whether gcc accepts -fexpensive-optimizations... yes checking whether gcc accepts -funroll-loops... yes checking whether gcc accepts -Wno-language-extension-token... no checking for ANSI C header files... (cached) yes checking for unistd.h... (cached) yes checking for byteswap.h... yes checking for stdint.h... (cached) yes checking for sys/uio.h... yes checking for inttypes.h... (cached) yes checking for sys/types.h... (cached) yes checking for machine/types.h... no checking for sys/int_types.h... no checking for sys/socket.h... yes checking for netinet/in.h... yes checking for arpa/inet.h... yes checking for windows.h... no checking for int8_t... yes checking for uint8_t... yes checking for int16_t... yes checking for uint16_t... yes checking for int32_t... yes checking for uint32_t... yes checking for uint64_t... yes checking size of unsigned long... 8 checking size of unsigned long long... 8 checking for an ANSI C-conforming const... yes checking for inline... inline checking for size_t... yes checking for socket... yes checking for inet_aton... yes checking for usleep... yes checking for sigaction... yes checking whether to enable debug logging in all modules... no checking for pkg-config... /usr/bin/pkg-config checking pkg-config is at least version 0.9.0... yes checking whether to leverage OpenSSL crypto... yes checking whether to leverage NSS crypto... no checking for user specified OpenSSL directory... /usr/local/ssl_1_1_1s/ checking for crypto... yes checking for library containing EVP_EncryptInit... none required checking for library containing EVP_aes_128_ctr... none required checking for library containing EVP_aes_128_gcm... none required checking if OPENSSL_cleanse is broken... no checking whether to leverage OpenSSL KDF algorithm... no checking for pcap_create in -lpcap... yes checking for pcap_create in -lwpcap... no checking whether to redirect logging to stdout... no checking wheather to use a file for logging... no checking for extra C compiler flags... no configure: creating ./config.status config.status: creating Makefile config.status: creating crypto/Makefile config.status: creating doc/Makefile config.status: creating fuzzer/Makefile config.status: creating libsrtp2.pc config.status: creating crypto/include/config.h

As can be seen in above config log checking for library containing EVP_aes_128_gcm... none required here it is 'none required' instead of 'yes'. Which I suspect the reason for srtp_err_status_bad_param when I call srtp_crypto_policy_set_from_profile_for_rtp(&policy.rtp, srtp_profile_aead_aes_128_gcm), based on https://github.com/cisco/libsrtp/blob/main/srtp/srtp.c#L4531-L4538. My same code works for srtp_profile_aes128_cm_sha1_32 and srtp_profile_aes128_cm_sha1_80 srtp_profiles. I have tried compiling and linking with libsrtp-2.5.0 as well, I see same issue in config log and error when calling the API.

Can anyone please tell me how do I enable GCM srtp profiles in libsrtp? Or if anything extra I need to do to use srtp_profile_aead_aes_128_gcm and srtp_profile_aead_aes_256_gcm that I am missing. Thankyou!

cisco / libsrtp

How to compile libsrtp2.3.0 with AES-GCM cipher group support ? #650