API modified so server side can get mki value

+ client side discards self mki if server does not support it Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2025-08-08 17:42:09 +03:00 · 2020-10-26 22:45:58 +01:00
parent adbd9449ec
commit 20c7db3a67
6 changed files with 63 additions and 10 deletions
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -1925,6 +1925,14 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl,
                                        MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
        return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
    }
+
+    /* If server does not use mki in its reply, make sure the client won't keep
+     * one as negotiated */
+    if( len == 5 )
+    {
+        ssl->dtls_srtp_info.mki_len = 0;
+    }
+
    /*
     * RFC5764:
     *  If the client detects a nonzero-length MKI in the server's response
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -4751,10 +4751,10 @@ int mbedtls_ssl_conf_dtls_srtp_protection_profiles( mbedtls_ssl_config *conf,
    return( 0 );
 }

-mbedtls_ssl_srtp_profile
-     mbedtls_ssl_get_dtls_srtp_protection_profile( const mbedtls_ssl_context *ssl )
+const mbedtls_dtls_srtp_info *
+     mbedtls_ssl_get_dtls_srtp_negotiation_result( const mbedtls_ssl_context *ssl )
 {
-    return( ssl->dtls_srtp_info.chosen_dtls_srtp_profile );
+    return( &( ssl->dtls_srtp_info ) );
 }
 #endif /* MBEDTLS_SSL_DTLS_SRTP */