diff --git a/configure b/configure
index 8f56e27783..6b36ead7d7 100755
--- a/configure
+++ b/configure
@@ -1966,6 +1966,7 @@ rtmpts_protocol_select="ffrtmphttp_protocol https_protocol"
 rtp_protocol_select="udp_protocol"
 sctp_protocol_deps="struct_sctp_event_subscribe"
 sctp_protocol_select="network"
+srtp_protocol_select="rtp_protocol"
 tcp_protocol_select="network"
 tls_protocol_deps_any="openssl gnutls"
 tls_protocol_select="tcp_protocol"
diff --git a/libavformat/Makefile b/libavformat/Makefile
index dc3abfd786..2809911729 100644
--- a/libavformat/Makefile
+++ b/libavformat/Makefile
@@ -439,6 +439,7 @@ OBJS-$(CONFIG_UDP_PROTOCOL)              += udp.o
 SKIPHEADERS-$(CONFIG_FFRTMPCRYPT_PROTOCOL) += rtmpdh.h
 SKIPHEADERS-$(CONFIG_NETWORK)            += network.h rtsp.h
 TESTPROGS = seek                                                        \
+            srtp                                                        \
             url                                                         \
 
 TOOLS     = aviocat                                                     \
diff --git a/libavformat/srtp.c b/libavformat/srtp.c
index 55b3b5b40c..b3c428ba0f 100644
--- a/libavformat/srtp.c
+++ b/libavformat/srtp.c
@@ -291,3 +291,132 @@ int ff_srtp_encrypt(struct SRTPContext *s, const uint8_t *in, int len,
     len += s->hmac_size;
     return buf + len - out;
 }
+
+#ifdef TEST
+#include <stdio.h>
+
+static const char *aes128_80_key = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmn";
+
+static const uint8_t rtp_aes128_80[] = {
+    // RTP header
+    0x80, 0xe0, 0x12, 0x34,
+    0x12, 0x34, 0x56, 0x78,
+    0x12, 0x34, 0x56, 0x78,
+    // encrypted payload
+    0x62, 0x69, 0x76, 0xca, 0xc5,
+    // HMAC
+    0xa1, 0xac, 0x1b, 0xb4, 0xa0, 0x1c, 0xd5, 0x49, 0x28, 0x99,
+};
+
+static const uint8_t rtcp_aes128_80[] = {
+    // RTCP header
+    0x81, 0xc9, 0x00, 0x07,
+    0x12, 0x34, 0x56, 0x78,
+    // encrypted payload
+    0x8a, 0xac, 0xdc, 0xa5,
+    0x4c, 0xf6, 0x78, 0xa6,
+    0x62, 0x8f, 0x24, 0xda,
+    0x6c, 0x09, 0x3f, 0xa9,
+    0x28, 0x7a, 0xb5, 0x7f,
+    0x1f, 0x0f, 0xc9, 0x35,
+    // RTCP index
+    0x80, 0x00, 0x00, 0x03,
+    // HMAC
+    0xe9, 0x3b, 0xc0, 0x5c, 0x0c, 0x06, 0x9f, 0xab, 0xc0, 0xde,
+};
+
+static const char *aes128_32_key = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmn";
+
+static const uint8_t rtp_aes128_32[] = {
+    // RTP header
+    0x80, 0xe0, 0x12, 0x34,
+    0x12, 0x34, 0x56, 0x78,
+    0x12, 0x34, 0x56, 0x78,
+    // encrypted payload
+    0x62, 0x69, 0x76, 0xca, 0xc5,
+    // HMAC
+    0xa1, 0xac, 0x1b, 0xb4,
+};
+
+static const uint8_t rtcp_aes128_32[] = {
+    // RTCP header
+    0x81, 0xc9, 0x00, 0x07,
+    0x12, 0x34, 0x56, 0x78,
+    // encrypted payload
+    0x35, 0xe9, 0xb5, 0xff,
+    0x0d, 0xd1, 0xde, 0x70,
+    0x74, 0x10, 0xaa, 0x1b,
+    0xb2, 0x8d, 0xf0, 0x20,
+    0x02, 0x99, 0x6b, 0x1b,
+    0x0b, 0xd0, 0x47, 0x34,
+    // RTCP index
+    0x80, 0x00, 0x00, 0x04,
+    // HMAC
+    0x5b, 0xd2, 0xa9, 0x9d,
+};
+
+static void print_data(const uint8_t *buf, int len)
+{
+    int i;
+    for (i = 0; i < len; i++)
+        printf("%02x", buf[i]);
+    printf("\n");
+}
+
+static int test_decrypt(struct SRTPContext *srtp, const uint8_t *in, int len,
+                        uint8_t *out)
+{
+    memcpy(out, in, len);
+    if (!ff_srtp_decrypt(srtp, out, &len)) {
+        print_data(out, len);
+        return len;
+    } else
+        return -1;
+}
+
+static void test_encrypt(const uint8_t *data, int in_len, const char *suite,
+                         const char *key)
+{
+    struct SRTPContext enc = { 0 }, dec = { 0 };
+    int len;
+    char buf[1500];
+    ff_srtp_set_crypto(&enc, suite, key);
+    ff_srtp_set_crypto(&dec, suite, key);
+    len = ff_srtp_encrypt(&enc, data, in_len, buf, sizeof(buf));
+    if (!ff_srtp_decrypt(&dec, buf, &len)) {
+        if (len == in_len && !memcmp(buf, data, len))
+            printf("Decrypted content matches input\n");
+        else
+            printf("Decrypted content doesn't match input\n");
+    } else {
+        printf("Decryption failed\n");
+    }
+    ff_srtp_free(&enc);
+    ff_srtp_free(&dec);
+}
+
+int main(void)
+{
+    static const char *aes128_80_suite = "AES_CM_128_HMAC_SHA1_80";
+    static const char *aes128_32_suite = "AES_CM_128_HMAC_SHA1_32";
+    static const char *test_key = "abcdefghijklmnopqrstuvwxyz1234567890ABCD";
+    uint8_t buf[1500];
+    struct SRTPContext srtp = { 0 };
+    int len;
+    ff_srtp_set_crypto(&srtp, aes128_80_suite, aes128_80_key);
+    len = test_decrypt(&srtp, rtp_aes128_80, sizeof(rtp_aes128_80), buf);
+    test_encrypt(buf, len, aes128_80_suite, test_key);
+    test_encrypt(buf, len, aes128_32_suite, test_key);
+    test_decrypt(&srtp, rtcp_aes128_80, sizeof(rtcp_aes128_80), buf);
+    test_encrypt(buf, len, aes128_80_suite, test_key);
+    test_encrypt(buf, len, aes128_32_suite, test_key);
+    ff_srtp_free(&srtp);
+
+    memset(&srtp, 0, sizeof(srtp)); // Clear the context
+    ff_srtp_set_crypto(&srtp, aes128_32_suite, aes128_32_key);
+    test_decrypt(&srtp, rtp_aes128_32, sizeof(rtp_aes128_32), buf);
+    test_decrypt(&srtp, rtcp_aes128_32, sizeof(rtcp_aes128_32), buf);
+    ff_srtp_free(&srtp);
+    return 0;
+}
+#endif /* TEST */
diff --git a/libavutil/Makefile b/libavutil/Makefile
index a0044dade4..544c33f240 100644
--- a/libavutil/Makefile
+++ b/libavutil/Makefile
@@ -119,6 +119,7 @@ TESTPROGS = adler32                                                     \
             eval                                                        \
             file                                                        \
             fifo                                                        \
+            hmac                                                        \
             lfg                                                         \
             lls                                                         \
             md5                                                         \
diff --git a/libavutil/hmac.c b/libavutil/hmac.c
index 1520148246..e5f1434f9a 100644
--- a/libavutil/hmac.c
+++ b/libavutil/hmac.c
@@ -136,3 +136,51 @@ int av_hmac_calc(AVHMAC *c, const uint8_t *data, unsigned int len,
     av_hmac_update(c, data, len);
     return av_hmac_final(c, out, outlen);
 }
+
+#ifdef TEST
+#include <stdio.h>
+
+static void test(AVHMAC *hmac, const uint8_t *key, int keylen,
+                 const uint8_t *data, int datalen)
+{
+    uint8_t buf[MAX_HASHLEN];
+    int out, i;
+    // Some of the test vectors are strings, where sizeof() includes the
+    // trailing null byte - remove that.
+    if (!key[keylen - 1])
+        keylen--;
+    if (!data[datalen - 1])
+        datalen--;
+    out = av_hmac_calc(hmac, data, datalen, key, keylen, buf, sizeof(buf));
+    for (i = 0; i < out; i++)
+        printf("%02x", buf[i]);
+    printf("\n");
+}
+
+int main(void)
+{
+    uint8_t key1[16], key3[16], data3[50], key4[63], key5[64], key6[65];
+    const uint8_t key2[]  = "Jefe";
+    const uint8_t data1[] = "Hi There";
+    const uint8_t data2[] = "what do ya want for nothing?";
+    AVHMAC *hmac = av_hmac_alloc(AV_HMAC_MD5);
+    if (!hmac)
+        return 1;
+    memset(key1, 0x0b, sizeof(key1));
+    memset(key3, 0xaa, sizeof(key3));
+    memset(key4, 0x44, sizeof(key4));
+    memset(key5, 0x55, sizeof(key5));
+    memset(key6, 0x66, sizeof(key6));
+    memset(data3, 0xdd, sizeof(data3));
+    // RFC 2104 test vectors
+    test(hmac, key1, sizeof(key1), data1, sizeof(data1));
+    test(hmac, key2, sizeof(key2), data2, sizeof(data2));
+    test(hmac, key3, sizeof(key3), data3, sizeof(data3));
+    // Additional tests, to test cases where the key is too long
+    test(hmac, key4, sizeof(key4), data1, sizeof(data1));
+    test(hmac, key5, sizeof(key5), data2, sizeof(data2));
+    test(hmac, key6, sizeof(key6), data3, sizeof(data3));
+    av_hmac_free(hmac);
+    return 0;
+}
+#endif /* TEST */
diff --git a/tests/fate/libavformat.mak b/tests/fate/libavformat.mak
index b6eda42a63..20bc31999f 100644
--- a/tests/fate/libavformat.mak
+++ b/tests/fate/libavformat.mak
@@ -1,3 +1,7 @@
+FATE_LIBAVFORMAT += fate-srtp
+fate-srtp: libavformat/srtp-test$(EXESUF)
+fate-srtp: CMD = run libavformat/srtp-test
+
 FATE_LIBAVFORMAT += fate-url
 fate-url: libavformat/url-test$(EXESUF)
 fate-url: CMD = run libavformat/url-test
diff --git a/tests/fate/libavutil.mak b/tests/fate/libavutil.mak
index b2484a57f9..ac5e9330b1 100644
--- a/tests/fate/libavutil.mak
+++ b/tests/fate/libavutil.mak
@@ -41,6 +41,10 @@ FATE_LIBAVUTIL += fate-fifo
 fate-fifo: libavutil/fifo-test$(EXESUF)
 fate-fifo: CMD = run libavutil/fifo-test
 
+FATE_LIBAVUTIL += fate-hmac
+fate-hmac: libavutil/hmac-test$(EXESUF)
+fate-hmac: CMD = run libavutil/hmac-test
+
 FATE_LIBAVUTIL += fate-md5
 fate-md5: libavutil/md5-test$(EXESUF)
 fate-md5: CMD = run libavutil/md5-test
diff --git a/tests/ref/fate/hmac b/tests/ref/fate/hmac
new file mode 100644
index 0000000000..7d2a437c69
--- /dev/null
+++ b/tests/ref/fate/hmac
@@ -0,0 +1,6 @@
+9294727a3638bb1c13f48ef8158bfc9d
+750c783e6ab0b503eaa86e310a5db738
+56be34521d144c88dbb8c733f0e8b3f6
+467cb2560355d7fa3ab2d6b939e6e47c
+5a6ffd741d3e23b12f78b1baee9e609a
+8b4b9d11c9e186c58f2a53b08ddfa436
diff --git a/tests/ref/fate/srtp b/tests/ref/fate/srtp
new file mode 100644
index 0000000000..091d3f3a0d
--- /dev/null
+++ b/tests/ref/fate/srtp
@@ -0,0 +1,8 @@
+80e0123412345678123456780102030405
+Decrypted content matches input
+Decrypted content matches input
+81c90007123456788765432100000000000012340000069ec73069ba000001fd
+Decrypted content matches input
+Decrypted content matches input
+80e0123412345678123456780102030405
+81c90007123456788765432100000000000012340000069ec73069ba000001fd