iloeng · pull · Feb 16, 2026 · Feb 13, 2026 · Feb 13, 2026
diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
@@ -1063,6 +1063,7 @@ PROV_R_INIT_CALL_OUT_OF_ORDER:238:init call out of order
 PROV_R_INSUFFICIENT_DRBG_STRENGTH:181:insufficient drbg strength
 PROV_R_INVALID_AAD:108:invalid aad
 PROV_R_INVALID_AEAD:231:invalid aead
+PROV_R_INVALID_CIPHER:260:invalid cipher
 PROV_R_INVALID_CONFIG_DATA:211:invalid config data
 PROV_R_INVALID_CONSTANT_LENGTH:157:invalid constant length
 PROV_R_INVALID_CURVE:176:invalid curve
@@ -1074,6 +1075,7 @@ PROV_R_INVALID_DIGEST_SIZE:218:invalid digest size
 PROV_R_INVALID_EDDSA_INSTANCE_FOR_ATTEMPTED_OPERATION:243:\
 	invalid eddsa instance for attempted operation
 PROV_R_INVALID_FUNCTION_NAME:258:invalid function name
+PROV_R_INVALID_INDEX_LENGTH:259:invalid index length
 PROV_R_INVALID_INPUT_LENGTH:230:invalid input length
 PROV_R_INVALID_ITERATION_COUNT:123:invalid iteration count
 PROV_R_INVALID_IV_LENGTH:109:invalid iv length

diff --git a/doc/man7/EVP_KDF-SRTPKDF.pod b/doc/man7/EVP_KDF-SRTPKDF.pod
@@ -31,29 +31,30 @@ The supported parameters are:
 =item "cipher" (B<OSSL_KDF_PARAM_CIPHER>) <UTF8 string>
 
 This parameter sets the cipher to be used for the key derivation.
-Typically "AES-128-CTR" or "AES-256-CTR" is used.
+It must be set to one of "AES-128-CTR", "AES-192-CTR" or "AES-256-CTR".
 
 =item "key" (B<OSSL_KDF_PARAM_KEY>) <octet string>
 
-This parameter sets the master key value. This is typically 16 bytes
-for AES-128 or 32 bytes for AES-256.
+This parameter sets the master key value. This must be 16 bytes for AES-128,
+24 bytes for AES-192 or 32 bytes for AES-256.
 
 =item "salt" (B<OSSL_KDF_PARAM_SALT>) <octet string>
 
-This parameter sets the master salt value. This is typically 14 bytes
-as specified in RFC 3711.
+This parameter sets the master salt value. The must be at least 14 bytes.
+Note that larger salts are truncated.
 
 =item "kdr" (B<OSSL_KDF_PARAM_SRTPKDF_KDR>) <unsigned integer>
 
 This parameter sets the key derivation rate (KDR). The KDR controls
 how often keys are rederived. If not set or set to zero, no key
-rederivation is performed. The KDR value is power of 2 (range 2^0 to 2^24).
+rederivation is performed. The KDR value is power of 2 in the range 2^0 to 2^24.
 
 =item "index" (B<OSSL_KDF_PARAM_SRTPKDF_INDEX>) <octet string>
 
-This parameter sets the index value used in key derivation. For RTP
-packets, this is typically a 48-bit (6 byte) value. For RTCP packets,
-this is typically a 32-bit (4 byte) value. If not set, defaults to zero.
+This parameter sets the index value used in key derivation. The length must be
+at least 6 bytes for RTP packets, or at least 4 bytes for RTCP packets.
+Note that larger index values are truncated.
+If it is not set, or it has zero length, no key rederivation is performed.
 
 =item "label" (B<OSSL_KDF_PARAM_SRTPKDF_LABEL>) <unsigned integer>
 
@@ -89,7 +90,7 @@ A context for SRTP can be obtained by calling:
  EVP_KDF *kdf = EVP_KDF_fetch(NULL, "SRTP", NULL);
  EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf);
 
-The output length of the SRTP KDF operation is determined by the label:
+The output length of the SRTP KDF derive operation is determined by the label:
 
 =over 4
 

diff --git a/include/openssl/proverr.h b/include/openssl/proverr.h
@@ -56,6 +56,7 @@
 #define PROV_R_INSUFFICIENT_DRBG_STRENGTH 181
 #define PROV_R_INVALID_AAD 108
 #define PROV_R_INVALID_AEAD 231
+#define PROV_R_INVALID_CIPHER 260
 #define PROV_R_INVALID_CONFIG_DATA 211
 #define PROV_R_INVALID_CONSTANT_LENGTH 157
 #define PROV_R_INVALID_CURVE 176
@@ -66,6 +67,7 @@
 #define PROV_R_INVALID_DIGEST_SIZE 218
 #define PROV_R_INVALID_EDDSA_INSTANCE_FOR_ATTEMPTED_OPERATION 243
 #define PROV_R_INVALID_FUNCTION_NAME 258
+#define PROV_R_INVALID_INDEX_LENGTH 259
 #define PROV_R_INVALID_INPUT_LENGTH 230
 #define PROV_R_INVALID_ITERATION_COUNT 123
 #define PROV_R_INVALID_IV_LENGTH 109

diff --git a/providers/common/provider_err.c b/providers/common/provider_err.c
@@ -78,6 +78,7 @@ static const ERR_STRING_DATA PROV_str_reasons[] = {
         "insufficient drbg strength" },
     { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_AAD), "invalid aad" },
     { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_AEAD), "invalid aead" },
+    { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_CIPHER), "invalid cipher" },
     { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_CONFIG_DATA),
         "invalid config data" },
     { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_CONSTANT_LENGTH),
@@ -95,6 +96,8 @@ static const ERR_STRING_DATA PROV_str_reasons[] = {
         "invalid eddsa instance for attempted operation" },
     { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_FUNCTION_NAME),
         "invalid function name" },
+    { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_INDEX_LENGTH),
+        "invalid index length" },
     { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_INPUT_LENGTH),
         "invalid input length" },
     { ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_ITERATION_COUNT),