SRTP-DTLS protection profile configuration list not copied into ssl_config
+ improve test
+ minor style fix
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index a1056b7..44530cb 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -891,12 +891,12 @@
typedef struct mbedtls_dtls_srtp_info_t
{
- /*! The SRTP profile that was negotiated*/
+ /*! The SRTP profile that was negotiated. */
mbedtls_ssl_srtp_profile chosen_dtls_srtp_profile;
- /*! The mki_value used, with max size of 256 bytes */
+ /*! The mki_value used, with max size of 256 bytes. */
unsigned char mki_value[MBEDTLS_TLS_SRTP_MAX_MKI_LENGTH];
- /*! The length of mki_value */
- size_t mki_len;
+ /*! The length of mki_value. */
+ size_t mki_len;
}
mbedtls_dtls_srtp_info;
@@ -1110,7 +1110,7 @@
#if defined(MBEDTLS_SSL_DTLS_SRTP)
/*! ordered list of supported srtp profile */
- mbedtls_ssl_srtp_profile *dtls_srtp_profile_list;
+ const mbedtls_ssl_srtp_profile *dtls_srtp_profile_list;
/*! number of supported profiles */
size_t dtls_srtp_profile_list_len;
#endif /* MBEDTLS_SSL_DTLS_SRTP */
@@ -3190,13 +3190,14 @@
#if defined(MBEDTLS_SSL_DTLS_SRTP)
/**
- * \brief Add support for mki(master key id) value in use_srtp extension.
- * MKI is an optional part of SRTP used for key management and
- * re-keying. See RFC3711 section 3.1 for details
+ * \brief Manage support for mki(master key id) value
+ * in use_srtp extension.
+ * MKI is an optional part of SRTP used for key management
+ * and re-keying. See RFC3711 section 3.1 for details.
* The default value is
* #MBEDTLS_SSL_DTLS_SRTP_MKI_UNSUPPORTED.
*
- * \param conf SSL configuration
+ * \param conf The SSL configuration to manage mki support.
* \param support_mki_value Enable or disable mki usage. Values are
* #MBEDTLS_SSL_DTLS_SRTP_MKI_UNSUPPORTED
* or #MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED.
@@ -3210,10 +3211,15 @@
* \param conf SSL configuration
* \param profiles List of supported protection profiles,
* in decreasing preference order.
+ * The pointer to the list is
+ * recorded by the library for later reference as required,
+ * so the lifetime of the table must be at least as long
+ * as the lifetime of the SSL configuration structure.
* \param profiles_number Number of supported profiles.
*
* \return 0 on success
- * \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA when the list of protection profiles is incorrect
+ * \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA when the list of
+ * protection profiles is incorrect.
*/
int mbedtls_ssl_conf_dtls_srtp_protection_profiles
( mbedtls_ssl_config *conf,
@@ -3239,11 +3245,11 @@
* This function should be called after the handshake is
* completed.
*
- * \param ssl The SSL context to query
+ * \param ssl The SSL context to query.
*
- * \return The DTLS SRTP protection profile in use
- * \return #MBEDTLS_SRTP_UNSET_PROFILE if no protocol was negotiated or the handshake is still on
- * early stage
+ * \return The DTLS SRTP protection profile in use.
+ * \return #MBEDTLS_SRTP_UNSET_PROFILE if the use of SRTP was not negotiated
+ * or peer's Hello packet was not parsed yet.
*/
mbedtls_ssl_srtp_profile mbedtls_ssl_get_dtls_srtp_protection_profile
( const mbedtls_ssl_context *ssl );
@@ -3253,9 +3259,9 @@
*
* \param profile The DTLS-SRTP profile id to get info on.
*
- * \return Address of the SRTP profile information structure on
- * success
- * \return \c NULL if not found.
+ * \return The address of the SRTP profile information structure on
+ * success.
+ * \return \c NULL if the protection profile \p profile was not found.
*/
const mbedtls_ssl_srtp_profile_info *mbedtls_ssl_dtls_srtp_profile_info_from_id
( mbedtls_ssl_srtp_profile profile );
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 5bd303a..b8acc75 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -788,8 +788,7 @@
* } UseSRTPData;
* SRTPProtectionProfile SRTPProtectionProfiles<2..2^16-1>;
*/
- if( ssl->conf->dtls_srtp_mki_support == MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED &&
- ssl->dtls_srtp_info.mki_len != 0 )
+ if( ssl->conf->dtls_srtp_mki_support == MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED )
{
mki_len = ssl->dtls_srtp_info.mki_len;
}
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index d070505..6dc219b 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -2651,6 +2651,14 @@
mki_len = ssl->dtls_srtp_info.mki_len;
}
+ /* The extension total size is 9 bytes :
+ * - 2 bytes for the extension tag
+ * - 2 bytes for the total size
+ * - 2 bytes for the protection profile length
+ * - 2 bytes for the protection profile
+ * - 1 byte for the mki length
+ * + the actual mki length
+ * Check we have enough room in the output buffer */
if( end < buf + mki_len + 9 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 4872b69..93b60cc 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -4778,12 +4778,6 @@
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
}
- mbedtls_free( conf->dtls_srtp_profile_list );
- conf->dtls_srtp_profile_list =
- (mbedtls_ssl_srtp_profile*)mbedtls_calloc(1,
- profiles_number * sizeof( mbedtls_ssl_srtp_profile ) );
- if( conf->dtls_srtp_profile_list == NULL )
- return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
for( i=0; i < profiles_number; i++ ) {
switch( profiles[i] ) {
@@ -4791,17 +4785,15 @@
case MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32:
case MBEDTLS_SRTP_NULL_HMAC_SHA1_80:
case MBEDTLS_SRTP_NULL_HMAC_SHA1_32:
- conf->dtls_srtp_profile_list[i] = profiles[i];
break;
default:
- mbedtls_free( conf->dtls_srtp_profile_list );
conf->dtls_srtp_profile_list = NULL;
conf->dtls_srtp_profile_list_len = 0;
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
}
}
- /* assign array length */
+ conf->dtls_srtp_profile_list = profiles;
conf->dtls_srtp_profile_list_len = profiles_number;
return( 0 );
@@ -7164,10 +7156,6 @@
ssl_key_cert_free( conf->key_cert );
#endif
-#if defined (MBEDTLS_SSL_DTLS_SRTP)
- mbedtls_free( conf->dtls_srtp_profile_list );
-#endif
-
mbedtls_platform_zeroize( conf, sizeof( mbedtls_ssl_config ) );
}
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 644cafa..6adaf92 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -262,7 +262,7 @@
" use_srtp=%%d default: 0 (disabled)\n" \
" This cannot be used with eap_tls=1 or "\
" nss_keylog=1\n" \
- " srtp_force_profile=%%d default: all enabled\n" \
+ " srtp_force_profile=%%d default: 0 (all enabled)\n" \
" available profiles:\n" \
" 1 - SRTP_AES128_CM_HMAC_SHA1_80\n" \
" 2 - SRTP_AES128_CM_HMAC_SHA1_32\n" \
@@ -707,9 +707,9 @@
if( opt.debug_level > 2 )
{
- mbedtls_printf("exported maclen is %u\n", (unsigned)maclen);
- mbedtls_printf("exported keylen is %u\n", (unsigned)keylen);
- mbedtls_printf("exported ivlen is %u\n", (unsigned)ivlen);
+ mbedtls_printf( "exported maclen is %u\n", (unsigned) maclen );
+ mbedtls_printf( "exported keylen is %u\n", (unsigned) keylen );
+ mbedtls_printf( "exported ivlen is %u\n", (unsigned) ivlen );
}
return( 0 );
}
@@ -1242,9 +1242,15 @@
eap_tls_keys eap_tls_keying;
#if defined( MBEDTLS_SSL_DTLS_SRTP )
/*! master keys and master salt for SRTP generated during handshake */
- unsigned char dtls_srtp_key_material[MBEDTLS_TLS_SRTP_MAX_KEY_MATERIAL_LENGTH];
- const char* dtls_srtp_label = "EXTRACTOR-dtls_srtp";
- dtls_srtp_keys dtls_srtp_keying;
+ unsigned char dtls_srtp_key_material[MBEDTLS_TLS_SRTP_MAX_KEY_MATERIAL_LENGTH];
+ const char* dtls_srtp_label = "EXTRACTOR-dtls_srtp";
+ dtls_srtp_keys dtls_srtp_keying;
+ const mbedtls_ssl_srtp_profile default_profiles[] = {
+ MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80,
+ MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32,
+ MBEDTLS_SRTP_NULL_HMAC_SHA1_80,
+ MBEDTLS_SRTP_NULL_HMAC_SHA1_32
+ };
#endif /* MBEDTLS_SSL_DTLS_SRTP */
#endif /* MBEDTLS_SSL_EXPORT_KEYS */
@@ -2324,9 +2330,9 @@
#endif
#if defined(MBEDTLS_SSL_DTLS_SRTP)
- if( opt.use_srtp != DFL_USE_SRTP )
+ if( opt.use_srtp == 1 )
{
- if( opt.force_srtp_profile != DFL_SRTP_FORCE_PROFILE )
+ if( opt.force_srtp_profile != 0 )
{
const mbedtls_ssl_srtp_profile forced_profile[] = { opt.force_srtp_profile };
ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles
@@ -2336,11 +2342,6 @@
}
else
{
- const mbedtls_ssl_srtp_profile default_profiles[] =
- { MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80,
- MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32,
- MBEDTLS_SRTP_NULL_HMAC_SHA1_80,
- MBEDTLS_SRTP_NULL_HMAC_SHA1_32 };
ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles
( &conf,
default_profiles,
@@ -2349,12 +2350,14 @@
if( ret != 0 )
{
- mbedtls_printf( " failed\n ! mbedtls_ssl_conf_dtls_srtp_protection_profiles returned %d\n\n", ret );
+ mbedtls_printf( " failed\n ! "
+ "mbedtls_ssl_conf_dtls_srtp_protection_profiles returned %d\n\n",
+ ret );
goto exit;
}
}
- else if( opt.force_srtp_profile != DFL_SRTP_FORCE_PROFILE )
+ else if( opt.force_srtp_profile != 0 )
{
mbedtls_printf( " failed\n ! must enable use_srtp to force srtp profile\n\n" );
goto exit;
@@ -2605,13 +2608,13 @@
#endif
#if defined(MBEDTLS_SSL_DTLS_SRTP)
- if( opt.use_srtp != DFL_USE_SRTP && strlen( opt.mki ) != 0 )
+ if( opt.use_srtp != DFL_USE_SRTP && strlen( opt.mki ) != 0 )
{
if( mbedtls_test_unhexify( mki, sizeof( mki ),
opt.mki,&mki_len ) != 0 )
{
mbedtls_printf( "mki value not valid hex\n" );
- goto exit;
+ goto exit;
}
mbedtls_ssl_conf_srtp_mki_value_supported( &conf, MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED );
@@ -2751,30 +2754,39 @@
{
size_t j = 0;
- if( ( ret = mbedtls_ssl_tls_prf( dtls_srtp_keying.tls_prf_type,
- dtls_srtp_keying.master_secret,
- sizeof( dtls_srtp_keying.master_secret ),
- dtls_srtp_label,
- dtls_srtp_keying.randbytes,
- sizeof( dtls_srtp_keying.randbytes ),
- dtls_srtp_key_material,
- sizeof( dtls_srtp_key_material ) ) )
- != 0 )
+ if( (mbedtls_ssl_get_dtls_srtp_protection_profile( &ssl )
+ == MBEDTLS_SRTP_UNSET_PROFILE ) )
{
- mbedtls_printf( " failed\n ! mbedtls_ssl_tls_prf returned -0x%x\n\n",
- (unsigned int) -ret );
- goto exit;
+ mbedtls_printf( " DTLS-SRTP unable to negotiate "
+ "protection profile\n" );
}
-
- mbedtls_printf( " DTLS-SRTP key material is:" );
- for( j = 0; j < sizeof( dtls_srtp_key_material ); j++ )
+ else
{
- if( j % 8 == 0 )
- mbedtls_printf("\n ");
- mbedtls_printf("%02x ", dtls_srtp_key_material[j] );
- }
+ if( ( ret = mbedtls_ssl_tls_prf( dtls_srtp_keying.tls_prf_type,
+ dtls_srtp_keying.master_secret,
+ sizeof( dtls_srtp_keying.master_secret ),
+ dtls_srtp_label,
+ dtls_srtp_keying.randbytes,
+ sizeof( dtls_srtp_keying.randbytes ),
+ dtls_srtp_key_material,
+ sizeof( dtls_srtp_key_material ) ) )
+ != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ssl_tls_prf returned -0x%x\n\n",
+ (unsigned int) -ret );
+ goto exit;
+ }
- mbedtls_printf("\n");
+ mbedtls_printf( " DTLS-SRTP key material is:" );
+ for( j = 0; j < sizeof( dtls_srtp_key_material ); j++ )
+ {
+ if( j % 8 == 0 )
+ mbedtls_printf("\n ");
+ mbedtls_printf("%02x ", dtls_srtp_key_material[j] );
+ }
+
+ mbedtls_printf("\n");
+ }
}
#endif /* MBEDTLS_SSL_DTLS_SRTP */
#endif /* MBEDTLS_SSL_EXPORT_KEYS */
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 069bd44..350d8ca 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -331,7 +331,7 @@
#if defined(MBEDTLS_SSL_DTLS_SRTP)
#define USAGE_SRTP \
" use_srtp=%%d default: 0 (disabled)\n" \
- " srtp_force_profile=%%d default: all enabled\n" \
+ " srtp_force_profile=%%d default: 0 (all enabled)\n" \
" available profiles:\n" \
" 1 - SRTP_AES128_CM_HMAC_SHA1_80\n" \
" 2 - SRTP_AES128_CM_HMAC_SHA1_32\n" \
@@ -809,9 +809,9 @@
if( opt.debug_level > 2 )
{
- mbedtls_printf("exported maclen is %u\n", (unsigned)maclen);
- mbedtls_printf("exported keylen is %u\n", (unsigned)keylen);
- mbedtls_printf("exported ivlen is %u\n", (unsigned)ivlen);
+ mbedtls_printf( "exported maclen is %u\n", (unsigned) maclen );
+ mbedtls_printf( "exported keylen is %u\n", (unsigned) keylen );
+ mbedtls_printf( "exported ivlen is %u\n", (unsigned) ivlen );
}
return( 0 );
}
@@ -1876,6 +1876,12 @@
unsigned char dtls_srtp_key_material[MBEDTLS_TLS_SRTP_MAX_KEY_MATERIAL_LENGTH];
const char* dtls_srtp_label = "EXTRACTOR-dtls_srtp";
dtls_srtp_keys dtls_srtp_keying;
+ const mbedtls_ssl_srtp_profile default_profiles[] = {
+ MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80,
+ MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32,
+ MBEDTLS_SRTP_NULL_HMAC_SHA1_80,
+ MBEDTLS_SRTP_NULL_HMAC_SHA1_32
+ };
#endif /* MBEDTLS_SSL_DTLS_SRTP */
#endif /* MBEDTLS_SSL_EXPORT_KEYS */
@@ -3136,9 +3142,9 @@
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
#if defined(MBEDTLS_SSL_DTLS_SRTP)
- if( opt.use_srtp != DFL_USE_SRTP )
+ if( opt.use_srtp == 1 )
{
- if( opt.force_srtp_profile != DFL_SRTP_FORCE_PROFILE )
+ if( opt.force_srtp_profile != 0 )
{
const mbedtls_ssl_srtp_profile forced_profile[] = { opt.force_srtp_profile };
ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles( &conf,
@@ -3147,10 +3153,6 @@
}
else
{
- const mbedtls_ssl_srtp_profile default_profiles[] = { MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80,
- MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32,
- MBEDTLS_SRTP_NULL_HMAC_SHA1_80,
- MBEDTLS_SRTP_NULL_HMAC_SHA1_32 };
ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles( &conf,
default_profiles,
sizeof( default_profiles ) / sizeof( mbedtls_ssl_srtp_profile ) );
@@ -3168,7 +3170,7 @@
MBEDTLS_SSL_DTLS_SRTP_MKI_UNSUPPORTED );
}
- else if( opt.force_srtp_profile != DFL_SRTP_FORCE_PROFILE )
+ else if( opt.force_srtp_profile != 0 )
{
mbedtls_printf( " failed\n ! must enable use_srtp to force srtp profile\n\n" );
goto exit;
@@ -3861,30 +3863,39 @@
{
size_t j = 0;
- if( ( ret = mbedtls_ssl_tls_prf( dtls_srtp_keying.tls_prf_type,
- dtls_srtp_keying.master_secret,
- sizeof( dtls_srtp_keying.master_secret ),
- dtls_srtp_label,
- dtls_srtp_keying.randbytes,
- sizeof( dtls_srtp_keying.randbytes ),
- dtls_srtp_key_material,
- sizeof( dtls_srtp_key_material ) ) )
- != 0 )
+ if( (mbedtls_ssl_get_dtls_srtp_protection_profile( &ssl )
+ == MBEDTLS_SRTP_UNSET_PROFILE ) )
{
- mbedtls_printf( " failed\n ! mbedtls_ssl_tls_prf returned -0x%x\n\n",
- (unsigned int) -ret );
- goto exit;
+ mbedtls_printf( " DTLS-SRTP unable to negotiate "
+ "protection profile\n" );
}
-
- mbedtls_printf( " DTLS-SRTP key material is:" );
- for( j = 0; j < sizeof( dtls_srtp_key_material ); j++ )
+ else
{
- if( j % 8 == 0 )
- mbedtls_printf("\n ");
- mbedtls_printf("%02x ", dtls_srtp_key_material[j] );
- }
+ if( ( ret = mbedtls_ssl_tls_prf( dtls_srtp_keying.tls_prf_type,
+ dtls_srtp_keying.master_secret,
+ sizeof( dtls_srtp_keying.master_secret ),
+ dtls_srtp_label,
+ dtls_srtp_keying.randbytes,
+ sizeof( dtls_srtp_keying.randbytes ),
+ dtls_srtp_key_material,
+ sizeof( dtls_srtp_key_material ) ) )
+ != 0 )
+ {
+ mbedtls_printf( " failed\n ! mbedtls_ssl_tls_prf returned -0x%x\n\n",
+ (unsigned int) -ret );
+ goto exit;
+ }
- mbedtls_printf("\n");
+ mbedtls_printf( " DTLS-SRTP key material is:" );
+ for( j = 0; j < sizeof( dtls_srtp_key_material ); j++ )
+ {
+ if( j % 8 == 0 )
+ mbedtls_printf("\n ");
+ mbedtls_printf("%02x ", dtls_srtp_key_material[j] );
+ }
+
+ mbedtls_printf("\n");
+ }
}
#endif /* MBEDTLS_SSL_DTLS_SRTP */
#endif /* MBEDTLS_SSL_EXPORT_KEYS */
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index bb31a3c..b820a73 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -1074,7 +1074,7 @@
P_CLI="$P_CLI server_addr=127.0.0.1 server_port=+SRV_PORT"
P_PXY="$P_PXY server_addr=127.0.0.1 server_port=$SRV_PORT listen_addr=127.0.0.1 listen_port=$PXY_PORT ${SEED:+"seed=$SEED"}"
O_SRV="$O_SRV -accept $SRV_PORT -dhparam data_files/dhparams.pem"
-O_CLI="$O_CLI -connect localhost:+SRV_PORT"
+O_CLI="$O_CLI -connect 127.0.0.1:+SRV_PORT"
G_SRV="$G_SRV -p $SRV_PORT"
G_CLI="$G_CLI -p +SRV_PORT"
@@ -8723,10 +8723,12 @@
-s "found srtp profile" \
-s "selected srtp profile" \
-s "server hello, adding use_srtp extension" \
+ -s "DTLS-SRTP key material is"\
-c "client hello, adding use_srtp extension" \
-c "found use_srtp extension" \
-c "found srtp profile" \
-c "selected srtp profile" \
+ -c "DTLS-SRTP key material is"\
-C "error"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
@@ -8738,10 +8740,12 @@
-s "found srtp profile: MBEDTLS_SRTP_NULL_HMAC_SHA1_80" \
-s "selected srtp profile: MBEDTLS_SRTP_NULL_HMAC_SHA1_80" \
-s "server hello, adding use_srtp extension" \
+ -s "DTLS-SRTP key material is"\
-c "client hello, adding use_srtp extension" \
-c "found use_srtp extension" \
-c "found srtp profile: MBEDTLS_SRTP_NULL_HMAC_SHA1_80" \
-c "selected srtp profile" \
+ -c "DTLS-SRTP key material is"\
-C "error"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
@@ -8753,10 +8757,12 @@
-s "found srtp profile" \
-s "selected srtp profile: MBEDTLS_SRTP_NULL_HMAC_SHA1_32" \
-s "server hello, adding use_srtp extension" \
+ -s "DTLS-SRTP key material is"\
-c "client hello, adding use_srtp extension" \
-c "found use_srtp extension" \
-c "found srtp profile: MBEDTLS_SRTP_NULL_HMAC_SHA1_32" \
-c "selected srtp profile" \
+ -c "DTLS-SRTP key material is"\
-C "error"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
@@ -8768,10 +8774,12 @@
-s "found srtp profile: MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32" \
-s "selected srtp profile: MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32" \
-s "server hello, adding use_srtp extension" \
+ -s "DTLS-SRTP key material is"\
-c "client hello, adding use_srtp extension" \
-c "found use_srtp extension" \
-c "found srtp profile: MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32" \
-c "selected srtp profile" \
+ -c "DTLS-SRTP key material is"\
-C "error"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
@@ -8783,10 +8791,12 @@
-s "found srtp profile: MBEDTLS_SRTP_NULL_HMAC_SHA1_32" \
-S "selected srtp profile" \
-S "server hello, adding use_srtp extension" \
+ -S "DTLS-SRTP key material is"\
-c "client hello, adding use_srtp extension" \
-C "found use_srtp extension" \
-C "found srtp profile" \
-C "selected srtp profile" \
+ -C "DTLS-SRTP key material is"\
-C "error"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
@@ -8796,10 +8806,12 @@
0 \
-s "found use_srtp extension" \
-S "server hello, adding use_srtp extension" \
+ -S "DTLS-SRTP key material is"\
-c "client hello, adding use_srtp extension" \
-C "found use_srtp extension" \
-C "found srtp profile" \
-C "selected srtp profile" \
+ -C "DTLS-SRTP key material is"\
-C "error"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
@@ -8812,12 +8824,14 @@
-s "selected srtp profile" \
-s "server hello, adding use_srtp extension" \
-s "dumping 'using mki' (8 bytes)" \
+ -s "DTLS-SRTP key material is"\
-c "client hello, adding use_srtp extension" \
-c "found use_srtp extension" \
-c "found srtp profile" \
-c "selected srtp profile" \
-c "dumping 'sending mki' (8 bytes)" \
-c "dumping 'received mki' (8 bytes)" \
+ -c "DTLS-SRTP key material is"\
-C "error"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
@@ -8829,11 +8843,13 @@
-s "found srtp profile" \
-s "selected srtp profile" \
-s "server hello, adding use_srtp extension" \
+ -s "DTLS-SRTP key material is"\
-S "dumping 'using mki' (8 bytes)" \
-c "client hello, adding use_srtp extension" \
-c "found use_srtp extension" \
-c "found srtp profile" \
-c "selected srtp profile" \
+ -c "DTLS-SRTP key material is"\
-c "dumping 'sending mki' (8 bytes)" \
-C "dumping 'received mki' (8 bytes)" \
-C "error"
@@ -8847,6 +8863,7 @@
-s "found srtp profile" \
-s "selected srtp profile" \
-s "server hello, adding use_srtp extension" \
+ -s "DTLS-SRTP key material is"\
-c "SRTP Extension negotiated, profile=SRTP_AES128_CM_SHA1_80"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
@@ -8858,6 +8875,7 @@
-s "found srtp profile" \
-s "selected srtp profile" \
-s "server hello, adding use_srtp extension" \
+ -s "DTLS-SRTP key material is"\
-c "SRTP Extension negotiated, profile=SRTP_AES128_CM_SHA1_32"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
@@ -8869,6 +8887,7 @@
-s "found srtp profile" \
-s "selected srtp profile" \
-s "server hello, adding use_srtp extension" \
+ -s "DTLS-SRTP key material is"\
-c "SRTP Extension negotiated, profile=SRTP_AES128_CM_SHA1_32"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
@@ -8880,6 +8899,7 @@
-s "found srtp profile" \
-s "selected srtp profile" \
-s "server hello, adding use_srtp extension" \
+ -s "DTLS-SRTP key material is"\
-c "SRTP Extension negotiated, profile=SRTP_AES128_CM_SHA1_32"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
@@ -8891,6 +8911,7 @@
-s "found srtp profile" \
-s "selected srtp profile" \
-s "server hello, adding use_srtp extension" \
+ -s "DTLS-SRTP key material is"\
-c "SRTP Extension negotiated, profile=SRTP_AES128_CM_SHA1_32"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
@@ -8902,6 +8923,7 @@
-s "found srtp profile" \
-S "selected srtp profile" \
-S "server hello, adding use_srtp extension" \
+ -S "DTLS-SRTP key material is"\
-C "SRTP Extension negotiated, profile"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
@@ -8911,6 +8933,7 @@
0 \
-s "found use_srtp extension" \
-S "server hello, adding use_srtp extension" \
+ -S "DTLS-SRTP key material is"\
-C "SRTP Extension negotiated, profile"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
@@ -8922,6 +8945,7 @@
-c "found use_srtp extension" \
-c "found srtp profile" \
-c "selected srtp profile: MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80" \
+ -c "DTLS-SRTP key material is"\
-C "error"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
@@ -8933,6 +8957,7 @@
-c "found use_srtp extension" \
-c "found srtp profile" \
-c "selected srtp profile" \
+ -c "DTLS-SRTP key material is"\
-C "error"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
@@ -8944,6 +8969,7 @@
-c "found use_srtp extension" \
-c "found srtp profile: MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32" \
-c "selected srtp profile" \
+ -c "DTLS-SRTP key material is"\
-C "error"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
@@ -8955,6 +8981,7 @@
-c "found use_srtp extension" \
-c "found srtp profile: MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32" \
-c "selected srtp profile" \
+ -c "DTLS-SRTP key material is"\
-C "error"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
@@ -8966,6 +8993,7 @@
-c "found use_srtp extension" \
-c "found srtp profile: MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32" \
-c "selected srtp profile" \
+ -c "DTLS-SRTP key material is"\
-C "error"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
@@ -8977,6 +9005,7 @@
-C "found use_srtp extension" \
-C "found srtp profile" \
-C "selected srtp profile" \
+ -C "DTLS-SRTP key material is"\
-C "error"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
@@ -8988,6 +9017,7 @@
-C "found use_srtp extension" \
-C "found srtp profile" \
-C "selected srtp profile" \
+ -C "DTLS-SRTP key material is"\
-C "error"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
@@ -8999,6 +9029,7 @@
-c "found use_srtp extension" \
-c "found srtp profile" \
-c "selected srtp profile" \
+ -c "DTLS-SRTP key material is"\
-c "dumping 'sending mki' (8 bytes)" \
-C "dumping 'received mki' (8 bytes)" \
-C "error"
@@ -9013,6 +9044,7 @@
-s "found srtp profile" \
-s "selected srtp profile" \
-s "server hello, adding use_srtp extension" \
+ -s "DTLS-SRTP key material is"\
-c "SRTP profile: SRTP_AES128_CM_HMAC_SHA1_80"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
@@ -9025,6 +9057,7 @@
-s "found srtp profile" \
-s "selected srtp profile" \
-s "server hello, adding use_srtp extension" \
+ -s "DTLS-SRTP key material is"\
-c "SRTP profile: SRTP_NULL_HMAC_SHA1_80"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
@@ -9037,6 +9070,7 @@
-s "found srtp profile: MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32" \
-s "selected srtp profile: MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32" \
-s "server hello, adding use_srtp extension" \
+ -s "DTLS-SRTP key material is"\
-c "SRTP profile: SRTP_AES128_CM_HMAC_SHA1_32"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
@@ -9049,6 +9083,7 @@
-s "found srtp profile" \
-s "selected srtp profile: MBEDTLS_SRTP_NULL_HMAC_SHA1_32" \
-s "server hello, adding use_srtp extension" \
+ -s "DTLS-SRTP key material is"\
-c "SRTP profile: SRTP_NULL_SHA1_32"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
@@ -9061,6 +9096,7 @@
-s "found srtp profile" \
-s "selected srtp profile" \
-s "server hello, adding use_srtp extension" \
+ -s "DTLS-SRTP key material is"\
-c "SRTP profile: SRTP_AES128_CM_HMAC_SHA1_32"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
@@ -9073,6 +9109,7 @@
-s "found srtp profile" \
-S "selected srtp profile" \
-S "server hello, adding use_srtp extension" \
+ -S "DTLS-SRTP key material is"\
-C "SRTP profile:"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
@@ -9083,6 +9120,7 @@
0 \
-s "found use_srtp extension" \
-S "server hello, adding use_srtp extension" \
+ -S "DTLS-SRTP key material is"\
-C "SRTP profile:"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
@@ -9095,6 +9133,7 @@
-c "found use_srtp extension" \
-c "found srtp profile" \
-c "selected srtp profile: MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80" \
+ -c "DTLS-SRTP key material is"\
-C "error"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
@@ -9107,6 +9146,7 @@
-c "found use_srtp extension" \
-c "found srtp profile" \
-c "selected srtp profile: MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80" \
+ -c "DTLS-SRTP key material is"\
-C "error"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
@@ -9119,18 +9159,20 @@
-c "found use_srtp extension" \
-c "found srtp profile: MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32" \
-c "selected srtp profile" \
+ -c "DTLS-SRTP key material is"\
-C "error"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
requires_gnutls
run_test "DTLS-SRTP server supports one profile. Client supports all profiles. gnutls server." \
"$G_SRV -u --srtp-profiles=SRTP_NULL_HMAC_SHA1_80" \
- "$P_CLI dtls=1 use_srtp=30 debug_level=3" \
+ "$P_CLI dtls=1 use_srtp=1 debug_level=3" \
0 \
-c "client hello, adding use_srtp extension" \
-c "found use_srtp extension" \
-c "found srtp profile: MBEDTLS_SRTP_NULL_HMAC_SHA1_80" \
-c "selected srtp profile" \
+ -c "DTLS-SRTP key material is"\
-C "error"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
@@ -9143,6 +9185,7 @@
-c "found use_srtp extension" \
-c "found srtp profile: MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32" \
-c "selected srtp profile" \
+ -c "DTLS-SRTP key material is"\
-C "error"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
@@ -9155,6 +9198,7 @@
-C "found use_srtp extension" \
-C "found srtp profile" \
-C "selected srtp profile" \
+ -C "DTLS-SRTP key material is"\
-C "error"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
@@ -9167,6 +9211,7 @@
-C "found use_srtp extension" \
-C "found srtp profile" \
-C "selected srtp profile" \
+ -C "DTLS-SRTP key material is"\
-C "error"
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
@@ -9179,6 +9224,7 @@
-c "found use_srtp extension" \
-c "found srtp profile" \
-c "selected srtp profile" \
+ -c "DTLS-SRTP key material is"\
-c "dumping 'sending mki' (8 bytes)" \
-c "dumping 'received mki' (8 bytes)" \
-C "error"