diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index a1056b7730..44530cb243 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -891,12 +891,12 @@ mbedtls_ssl_srtp_profile_info; typedef struct mbedtls_dtls_srtp_info_t { - /*! The SRTP profile that was negotiated*/ + /*! The SRTP profile that was negotiated. */ mbedtls_ssl_srtp_profile chosen_dtls_srtp_profile; - /*! The mki_value used, with max size of 256 bytes */ + /*! The mki_value used, with max size of 256 bytes. */ unsigned char mki_value[MBEDTLS_TLS_SRTP_MAX_MKI_LENGTH]; - /*! The length of mki_value */ - size_t mki_len; + /*! The length of mki_value. */ + size_t mki_len; } mbedtls_dtls_srtp_info; @@ -1110,7 +1110,7 @@ struct mbedtls_ssl_config #if defined(MBEDTLS_SSL_DTLS_SRTP) /*! ordered list of supported srtp profile */ - mbedtls_ssl_srtp_profile *dtls_srtp_profile_list; + const mbedtls_ssl_srtp_profile *dtls_srtp_profile_list; /*! number of supported profiles */ size_t dtls_srtp_profile_list_len; #endif /* MBEDTLS_SSL_DTLS_SRTP */ @@ -3190,13 +3190,14 @@ const char *mbedtls_ssl_get_alpn_protocol( const mbedtls_ssl_context *ssl ); #if defined(MBEDTLS_SSL_DTLS_SRTP) /** - * \brief Add support for mki(master key id) value in use_srtp extension. - * MKI is an optional part of SRTP used for key management and - * re-keying. See RFC3711 section 3.1 for details + * \brief Manage support for mki(master key id) value + * in use_srtp extension. + * MKI is an optional part of SRTP used for key management + * and re-keying. See RFC3711 section 3.1 for details. * The default value is * #MBEDTLS_SSL_DTLS_SRTP_MKI_UNSUPPORTED. * - * \param conf SSL configuration + * \param conf The SSL configuration to manage mki support. * \param support_mki_value Enable or disable mki usage. Values are * #MBEDTLS_SSL_DTLS_SRTP_MKI_UNSUPPORTED * or #MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED. @@ -3210,10 +3211,15 @@ void mbedtls_ssl_conf_srtp_mki_value_supported( mbedtls_ssl_config *conf, * \param conf SSL configuration * \param profiles List of supported protection profiles, * in decreasing preference order. + * The pointer to the list is + * recorded by the library for later reference as required, + * so the lifetime of the table must be at least as long + * as the lifetime of the SSL configuration structure. * \param profiles_number Number of supported profiles. * * \return 0 on success - * \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA when the list of protection profiles is incorrect + * \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA when the list of + * protection profiles is incorrect. */ int mbedtls_ssl_conf_dtls_srtp_protection_profiles ( mbedtls_ssl_config *conf, @@ -3239,11 +3245,11 @@ int mbedtls_ssl_dtls_srtp_set_mki_value( mbedtls_ssl_context *ssl, * This function should be called after the handshake is * completed. * - * \param ssl The SSL context to query + * \param ssl The SSL context to query. * - * \return The DTLS SRTP protection profile in use - * \return #MBEDTLS_SRTP_UNSET_PROFILE if no protocol was negotiated or the handshake is still on - * early stage + * \return The DTLS SRTP protection profile in use. + * \return #MBEDTLS_SRTP_UNSET_PROFILE if the use of SRTP was not negotiated + * or peer's Hello packet was not parsed yet. */ mbedtls_ssl_srtp_profile mbedtls_ssl_get_dtls_srtp_protection_profile ( const mbedtls_ssl_context *ssl ); @@ -3253,9 +3259,9 @@ mbedtls_ssl_srtp_profile mbedtls_ssl_get_dtls_srtp_protection_profile * * \param profile The DTLS-SRTP profile id to get info on. * - * \return Address of the SRTP profile information structure on - * success - * \return \c NULL if not found. + * \return The address of the SRTP profile information structure on + * success. + * \return \c NULL if the protection profile \p profile was not found. */ const mbedtls_ssl_srtp_profile_info *mbedtls_ssl_dtls_srtp_profile_info_from_id ( mbedtls_ssl_srtp_profile profile ); diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 5bd303a38c..b8acc75624 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -788,8 +788,7 @@ static void ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl, * } UseSRTPData; * SRTPProtectionProfile SRTPProtectionProfiles<2..2^16-1>; */ - if( ssl->conf->dtls_srtp_mki_support == MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED && - ssl->dtls_srtp_info.mki_len != 0 ) + if( ssl->conf->dtls_srtp_mki_support == MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED ) { mki_len = ssl->dtls_srtp_info.mki_len; } diff --git a/library/ssl_srv.c b/library/ssl_srv.c index d07050534f..6dc219bdd5 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -2651,6 +2651,14 @@ static void ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl, mki_len = ssl->dtls_srtp_info.mki_len; } + /* The extension total size is 9 bytes : + * - 2 bytes for the extension tag + * - 2 bytes for the total size + * - 2 bytes for the protection profile length + * - 2 bytes for the protection profile + * - 1 byte for the mki length + * + the actual mki length + * Check we have enough room in the output buffer */ if( end < buf + mki_len + 9 ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) ); diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 4872b6974b..93b60cc9be 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4778,12 +4778,6 @@ int mbedtls_ssl_conf_dtls_srtp_protection_profiles( mbedtls_ssl_config *conf, return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); } - mbedtls_free( conf->dtls_srtp_profile_list ); - conf->dtls_srtp_profile_list = - (mbedtls_ssl_srtp_profile*)mbedtls_calloc(1, - profiles_number * sizeof( mbedtls_ssl_srtp_profile ) ); - if( conf->dtls_srtp_profile_list == NULL ) - return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); for( i=0; i < profiles_number; i++ ) { switch( profiles[i] ) { @@ -4791,17 +4785,15 @@ int mbedtls_ssl_conf_dtls_srtp_protection_profiles( mbedtls_ssl_config *conf, case MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32: case MBEDTLS_SRTP_NULL_HMAC_SHA1_80: case MBEDTLS_SRTP_NULL_HMAC_SHA1_32: - conf->dtls_srtp_profile_list[i] = profiles[i]; break; default: - mbedtls_free( conf->dtls_srtp_profile_list ); conf->dtls_srtp_profile_list = NULL; conf->dtls_srtp_profile_list_len = 0; return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); } } - /* assign array length */ + conf->dtls_srtp_profile_list = profiles; conf->dtls_srtp_profile_list_len = profiles_number; return( 0 ); @@ -7164,10 +7156,6 @@ void mbedtls_ssl_config_free( mbedtls_ssl_config *conf ) ssl_key_cert_free( conf->key_cert ); #endif -#if defined (MBEDTLS_SSL_DTLS_SRTP) - mbedtls_free( conf->dtls_srtp_profile_list ); -#endif - mbedtls_platform_zeroize( conf, sizeof( mbedtls_ssl_config ) ); } diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 644cafad6f..6adaf9216d 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -262,7 +262,7 @@ int main( void ) " use_srtp=%%d default: 0 (disabled)\n" \ " This cannot be used with eap_tls=1 or "\ " nss_keylog=1\n" \ - " srtp_force_profile=%%d default: all enabled\n" \ + " srtp_force_profile=%%d default: 0 (all enabled)\n" \ " available profiles:\n" \ " 1 - SRTP_AES128_CM_HMAC_SHA1_80\n" \ " 2 - SRTP_AES128_CM_HMAC_SHA1_32\n" \ @@ -707,9 +707,9 @@ static int dtls_srtp_key_derivation( void *p_expkey, if( opt.debug_level > 2 ) { - mbedtls_printf("exported maclen is %u\n", (unsigned)maclen); - mbedtls_printf("exported keylen is %u\n", (unsigned)keylen); - mbedtls_printf("exported ivlen is %u\n", (unsigned)ivlen); + mbedtls_printf( "exported maclen is %u\n", (unsigned) maclen ); + mbedtls_printf( "exported keylen is %u\n", (unsigned) keylen ); + mbedtls_printf( "exported ivlen is %u\n", (unsigned) ivlen ); } return( 0 ); } @@ -1242,9 +1242,15 @@ int main( int argc, char *argv[] ) eap_tls_keys eap_tls_keying; #if defined( MBEDTLS_SSL_DTLS_SRTP ) /*! master keys and master salt for SRTP generated during handshake */ - unsigned char dtls_srtp_key_material[MBEDTLS_TLS_SRTP_MAX_KEY_MATERIAL_LENGTH]; - const char* dtls_srtp_label = "EXTRACTOR-dtls_srtp"; - dtls_srtp_keys dtls_srtp_keying; + unsigned char dtls_srtp_key_material[MBEDTLS_TLS_SRTP_MAX_KEY_MATERIAL_LENGTH]; + const char* dtls_srtp_label = "EXTRACTOR-dtls_srtp"; + dtls_srtp_keys dtls_srtp_keying; + const mbedtls_ssl_srtp_profile default_profiles[] = { + MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80, + MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32, + MBEDTLS_SRTP_NULL_HMAC_SHA1_80, + MBEDTLS_SRTP_NULL_HMAC_SHA1_32 + }; #endif /* MBEDTLS_SSL_DTLS_SRTP */ #endif /* MBEDTLS_SSL_EXPORT_KEYS */ @@ -2324,9 +2330,9 @@ int main( int argc, char *argv[] ) #endif #if defined(MBEDTLS_SSL_DTLS_SRTP) - if( opt.use_srtp != DFL_USE_SRTP ) + if( opt.use_srtp == 1 ) { - if( opt.force_srtp_profile != DFL_SRTP_FORCE_PROFILE ) + if( opt.force_srtp_profile != 0 ) { const mbedtls_ssl_srtp_profile forced_profile[] = { opt.force_srtp_profile }; ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles @@ -2336,11 +2342,6 @@ int main( int argc, char *argv[] ) } else { - const mbedtls_ssl_srtp_profile default_profiles[] = - { MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80, - MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32, - MBEDTLS_SRTP_NULL_HMAC_SHA1_80, - MBEDTLS_SRTP_NULL_HMAC_SHA1_32 }; ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles ( &conf, default_profiles, @@ -2349,12 +2350,14 @@ int main( int argc, char *argv[] ) if( ret != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_ssl_conf_dtls_srtp_protection_profiles returned %d\n\n", ret ); + mbedtls_printf( " failed\n ! " + "mbedtls_ssl_conf_dtls_srtp_protection_profiles returned %d\n\n", + ret ); goto exit; } } - else if( opt.force_srtp_profile != DFL_SRTP_FORCE_PROFILE ) + else if( opt.force_srtp_profile != 0 ) { mbedtls_printf( " failed\n ! must enable use_srtp to force srtp profile\n\n" ); goto exit; @@ -2605,13 +2608,13 @@ int main( int argc, char *argv[] ) #endif #if defined(MBEDTLS_SSL_DTLS_SRTP) - if( opt.use_srtp != DFL_USE_SRTP && strlen( opt.mki ) != 0 ) + if( opt.use_srtp != DFL_USE_SRTP && strlen( opt.mki ) != 0 ) { if( mbedtls_test_unhexify( mki, sizeof( mki ), opt.mki,&mki_len ) != 0 ) { mbedtls_printf( "mki value not valid hex\n" ); - goto exit; + goto exit; } mbedtls_ssl_conf_srtp_mki_value_supported( &conf, MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED ); @@ -2751,30 +2754,39 @@ int main( int argc, char *argv[] ) { size_t j = 0; - if( ( ret = mbedtls_ssl_tls_prf( dtls_srtp_keying.tls_prf_type, - dtls_srtp_keying.master_secret, - sizeof( dtls_srtp_keying.master_secret ), - dtls_srtp_label, - dtls_srtp_keying.randbytes, - sizeof( dtls_srtp_keying.randbytes ), - dtls_srtp_key_material, - sizeof( dtls_srtp_key_material ) ) ) - != 0 ) + if( (mbedtls_ssl_get_dtls_srtp_protection_profile( &ssl ) + == MBEDTLS_SRTP_UNSET_PROFILE ) ) { - mbedtls_printf( " failed\n ! mbedtls_ssl_tls_prf returned -0x%x\n\n", - (unsigned int) -ret ); - goto exit; + mbedtls_printf( " DTLS-SRTP unable to negotiate " + "protection profile\n" ); } - - mbedtls_printf( " DTLS-SRTP key material is:" ); - for( j = 0; j < sizeof( dtls_srtp_key_material ); j++ ) + else { - if( j % 8 == 0 ) - mbedtls_printf("\n "); - mbedtls_printf("%02x ", dtls_srtp_key_material[j] ); - } + if( ( ret = mbedtls_ssl_tls_prf( dtls_srtp_keying.tls_prf_type, + dtls_srtp_keying.master_secret, + sizeof( dtls_srtp_keying.master_secret ), + dtls_srtp_label, + dtls_srtp_keying.randbytes, + sizeof( dtls_srtp_keying.randbytes ), + dtls_srtp_key_material, + sizeof( dtls_srtp_key_material ) ) ) + != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_ssl_tls_prf returned -0x%x\n\n", + (unsigned int) -ret ); + goto exit; + } - mbedtls_printf("\n"); + mbedtls_printf( " DTLS-SRTP key material is:" ); + for( j = 0; j < sizeof( dtls_srtp_key_material ); j++ ) + { + if( j % 8 == 0 ) + mbedtls_printf("\n "); + mbedtls_printf("%02x ", dtls_srtp_key_material[j] ); + } + + mbedtls_printf("\n"); + } } #endif /* MBEDTLS_SSL_DTLS_SRTP */ #endif /* MBEDTLS_SSL_EXPORT_KEYS */ diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 069bd44068..350d8ca517 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -331,7 +331,7 @@ int main( void ) #if defined(MBEDTLS_SSL_DTLS_SRTP) #define USAGE_SRTP \ " use_srtp=%%d default: 0 (disabled)\n" \ - " srtp_force_profile=%%d default: all enabled\n" \ + " srtp_force_profile=%%d default: 0 (all enabled)\n" \ " available profiles:\n" \ " 1 - SRTP_AES128_CM_HMAC_SHA1_80\n" \ " 2 - SRTP_AES128_CM_HMAC_SHA1_32\n" \ @@ -809,9 +809,9 @@ static int dtls_srtp_key_derivation( void *p_expkey, if( opt.debug_level > 2 ) { - mbedtls_printf("exported maclen is %u\n", (unsigned)maclen); - mbedtls_printf("exported keylen is %u\n", (unsigned)keylen); - mbedtls_printf("exported ivlen is %u\n", (unsigned)ivlen); + mbedtls_printf( "exported maclen is %u\n", (unsigned) maclen ); + mbedtls_printf( "exported keylen is %u\n", (unsigned) keylen ); + mbedtls_printf( "exported ivlen is %u\n", (unsigned) ivlen ); } return( 0 ); } @@ -1876,6 +1876,12 @@ int main( int argc, char *argv[] ) unsigned char dtls_srtp_key_material[MBEDTLS_TLS_SRTP_MAX_KEY_MATERIAL_LENGTH]; const char* dtls_srtp_label = "EXTRACTOR-dtls_srtp"; dtls_srtp_keys dtls_srtp_keying; + const mbedtls_ssl_srtp_profile default_profiles[] = { + MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80, + MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32, + MBEDTLS_SRTP_NULL_HMAC_SHA1_80, + MBEDTLS_SRTP_NULL_HMAC_SHA1_32 + }; #endif /* MBEDTLS_SSL_DTLS_SRTP */ #endif /* MBEDTLS_SSL_EXPORT_KEYS */ @@ -3136,9 +3142,9 @@ int main( int argc, char *argv[] ) #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ #if defined(MBEDTLS_SSL_DTLS_SRTP) - if( opt.use_srtp != DFL_USE_SRTP ) + if( opt.use_srtp == 1 ) { - if( opt.force_srtp_profile != DFL_SRTP_FORCE_PROFILE ) + if( opt.force_srtp_profile != 0 ) { const mbedtls_ssl_srtp_profile forced_profile[] = { opt.force_srtp_profile }; ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles( &conf, @@ -3147,10 +3153,6 @@ int main( int argc, char *argv[] ) } else { - const mbedtls_ssl_srtp_profile default_profiles[] = { MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80, - MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32, - MBEDTLS_SRTP_NULL_HMAC_SHA1_80, - MBEDTLS_SRTP_NULL_HMAC_SHA1_32 }; ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles( &conf, default_profiles, sizeof( default_profiles ) / sizeof( mbedtls_ssl_srtp_profile ) ); @@ -3168,7 +3170,7 @@ int main( int argc, char *argv[] ) MBEDTLS_SSL_DTLS_SRTP_MKI_UNSUPPORTED ); } - else if( opt.force_srtp_profile != DFL_SRTP_FORCE_PROFILE ) + else if( opt.force_srtp_profile != 0 ) { mbedtls_printf( " failed\n ! must enable use_srtp to force srtp profile\n\n" ); goto exit; @@ -3861,30 +3863,39 @@ handshake: { size_t j = 0; - if( ( ret = mbedtls_ssl_tls_prf( dtls_srtp_keying.tls_prf_type, - dtls_srtp_keying.master_secret, - sizeof( dtls_srtp_keying.master_secret ), - dtls_srtp_label, - dtls_srtp_keying.randbytes, - sizeof( dtls_srtp_keying.randbytes ), - dtls_srtp_key_material, - sizeof( dtls_srtp_key_material ) ) ) - != 0 ) + if( (mbedtls_ssl_get_dtls_srtp_protection_profile( &ssl ) + == MBEDTLS_SRTP_UNSET_PROFILE ) ) { - mbedtls_printf( " failed\n ! mbedtls_ssl_tls_prf returned -0x%x\n\n", - (unsigned int) -ret ); - goto exit; + mbedtls_printf( " DTLS-SRTP unable to negotiate " + "protection profile\n" ); } - - mbedtls_printf( " DTLS-SRTP key material is:" ); - for( j = 0; j < sizeof( dtls_srtp_key_material ); j++ ) + else { - if( j % 8 == 0 ) - mbedtls_printf("\n "); - mbedtls_printf("%02x ", dtls_srtp_key_material[j] ); - } + if( ( ret = mbedtls_ssl_tls_prf( dtls_srtp_keying.tls_prf_type, + dtls_srtp_keying.master_secret, + sizeof( dtls_srtp_keying.master_secret ), + dtls_srtp_label, + dtls_srtp_keying.randbytes, + sizeof( dtls_srtp_keying.randbytes ), + dtls_srtp_key_material, + sizeof( dtls_srtp_key_material ) ) ) + != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_ssl_tls_prf returned -0x%x\n\n", + (unsigned int) -ret ); + goto exit; + } - mbedtls_printf("\n"); + mbedtls_printf( " DTLS-SRTP key material is:" ); + for( j = 0; j < sizeof( dtls_srtp_key_material ); j++ ) + { + if( j % 8 == 0 ) + mbedtls_printf("\n "); + mbedtls_printf("%02x ", dtls_srtp_key_material[j] ); + } + + mbedtls_printf("\n"); + } } #endif /* MBEDTLS_SSL_DTLS_SRTP */ #endif /* MBEDTLS_SSL_EXPORT_KEYS */ diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index bb31a3cdec..b820a735b3 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -1074,7 +1074,7 @@ P_SRV="$P_SRV server_addr=127.0.0.1 server_port=$SRV_PORT" P_CLI="$P_CLI server_addr=127.0.0.1 server_port=+SRV_PORT" P_PXY="$P_PXY server_addr=127.0.0.1 server_port=$SRV_PORT listen_addr=127.0.0.1 listen_port=$PXY_PORT ${SEED:+"seed=$SEED"}" O_SRV="$O_SRV -accept $SRV_PORT -dhparam data_files/dhparams.pem" -O_CLI="$O_CLI -connect localhost:+SRV_PORT" +O_CLI="$O_CLI -connect 127.0.0.1:+SRV_PORT" G_SRV="$G_SRV -p $SRV_PORT" G_CLI="$G_CLI -p +SRV_PORT" @@ -8723,10 +8723,12 @@ run_test "DTLS-SRTP all profiles supported" \ -s "found srtp profile" \ -s "selected srtp profile" \ -s "server hello, adding use_srtp extension" \ + -s "DTLS-SRTP key material is"\ -c "client hello, adding use_srtp extension" \ -c "found use_srtp extension" \ -c "found srtp profile" \ -c "selected srtp profile" \ + -c "DTLS-SRTP key material is"\ -C "error" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP @@ -8738,10 +8740,12 @@ run_test "DTLS-SRTP server supports all profiles. Client supports one profile." -s "found srtp profile: MBEDTLS_SRTP_NULL_HMAC_SHA1_80" \ -s "selected srtp profile: MBEDTLS_SRTP_NULL_HMAC_SHA1_80" \ -s "server hello, adding use_srtp extension" \ + -s "DTLS-SRTP key material is"\ -c "client hello, adding use_srtp extension" \ -c "found use_srtp extension" \ -c "found srtp profile: MBEDTLS_SRTP_NULL_HMAC_SHA1_80" \ -c "selected srtp profile" \ + -c "DTLS-SRTP key material is"\ -C "error" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP @@ -8753,10 +8757,12 @@ run_test "DTLS-SRTP server supports one profile. Client supports all profiles." -s "found srtp profile" \ -s "selected srtp profile: MBEDTLS_SRTP_NULL_HMAC_SHA1_32" \ -s "server hello, adding use_srtp extension" \ + -s "DTLS-SRTP key material is"\ -c "client hello, adding use_srtp extension" \ -c "found use_srtp extension" \ -c "found srtp profile: MBEDTLS_SRTP_NULL_HMAC_SHA1_32" \ -c "selected srtp profile" \ + -c "DTLS-SRTP key material is"\ -C "error" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP @@ -8768,10 +8774,12 @@ run_test "DTLS-SRTP server and Client support only one matching profile." \ -s "found srtp profile: MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32" \ -s "selected srtp profile: MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32" \ -s "server hello, adding use_srtp extension" \ + -s "DTLS-SRTP key material is"\ -c "client hello, adding use_srtp extension" \ -c "found use_srtp extension" \ -c "found srtp profile: MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32" \ -c "selected srtp profile" \ + -c "DTLS-SRTP key material is"\ -C "error" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP @@ -8783,10 +8791,12 @@ run_test "DTLS-SRTP server and Client support only one different profile." \ -s "found srtp profile: MBEDTLS_SRTP_NULL_HMAC_SHA1_32" \ -S "selected srtp profile" \ -S "server hello, adding use_srtp extension" \ + -S "DTLS-SRTP key material is"\ -c "client hello, adding use_srtp extension" \ -C "found use_srtp extension" \ -C "found srtp profile" \ -C "selected srtp profile" \ + -C "DTLS-SRTP key material is"\ -C "error" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP @@ -8796,10 +8806,12 @@ run_test "DTLS-SRTP server doesn't support use_srtp extension." \ 0 \ -s "found use_srtp extension" \ -S "server hello, adding use_srtp extension" \ + -S "DTLS-SRTP key material is"\ -c "client hello, adding use_srtp extension" \ -C "found use_srtp extension" \ -C "found srtp profile" \ -C "selected srtp profile" \ + -C "DTLS-SRTP key material is"\ -C "error" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP @@ -8812,12 +8824,14 @@ run_test "DTLS-SRTP all profiles supported. mki used" \ -s "selected srtp profile" \ -s "server hello, adding use_srtp extension" \ -s "dumping 'using mki' (8 bytes)" \ + -s "DTLS-SRTP key material is"\ -c "client hello, adding use_srtp extension" \ -c "found use_srtp extension" \ -c "found srtp profile" \ -c "selected srtp profile" \ -c "dumping 'sending mki' (8 bytes)" \ -c "dumping 'received mki' (8 bytes)" \ + -c "DTLS-SRTP key material is"\ -C "error" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP @@ -8829,11 +8843,13 @@ run_test "DTLS-SRTP all profiles supported. server doesn't support mki." \ -s "found srtp profile" \ -s "selected srtp profile" \ -s "server hello, adding use_srtp extension" \ + -s "DTLS-SRTP key material is"\ -S "dumping 'using mki' (8 bytes)" \ -c "client hello, adding use_srtp extension" \ -c "found use_srtp extension" \ -c "found srtp profile" \ -c "selected srtp profile" \ + -c "DTLS-SRTP key material is"\ -c "dumping 'sending mki' (8 bytes)" \ -C "dumping 'received mki' (8 bytes)" \ -C "error" @@ -8847,6 +8863,7 @@ run_test "DTLS-SRTP all profiles supported. openssl client." \ -s "found srtp profile" \ -s "selected srtp profile" \ -s "server hello, adding use_srtp extension" \ + -s "DTLS-SRTP key material is"\ -c "SRTP Extension negotiated, profile=SRTP_AES128_CM_SHA1_80" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP @@ -8858,6 +8875,7 @@ run_test "DTLS-SRTP server supports all profiles. Client supports all profiles, -s "found srtp profile" \ -s "selected srtp profile" \ -s "server hello, adding use_srtp extension" \ + -s "DTLS-SRTP key material is"\ -c "SRTP Extension negotiated, profile=SRTP_AES128_CM_SHA1_32" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP @@ -8869,6 +8887,7 @@ run_test "DTLS-SRTP server supports all profiles. Client supports one profile. -s "found srtp profile" \ -s "selected srtp profile" \ -s "server hello, adding use_srtp extension" \ + -s "DTLS-SRTP key material is"\ -c "SRTP Extension negotiated, profile=SRTP_AES128_CM_SHA1_32" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP @@ -8880,6 +8899,7 @@ run_test "DTLS-SRTP server supports one profile. Client supports all profiles. -s "found srtp profile" \ -s "selected srtp profile" \ -s "server hello, adding use_srtp extension" \ + -s "DTLS-SRTP key material is"\ -c "SRTP Extension negotiated, profile=SRTP_AES128_CM_SHA1_32" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP @@ -8891,6 +8911,7 @@ run_test "DTLS-SRTP server and Client support only one matching profile. openss -s "found srtp profile" \ -s "selected srtp profile" \ -s "server hello, adding use_srtp extension" \ + -s "DTLS-SRTP key material is"\ -c "SRTP Extension negotiated, profile=SRTP_AES128_CM_SHA1_32" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP @@ -8902,6 +8923,7 @@ run_test "DTLS-SRTP server and Client support only one different profile. opens -s "found srtp profile" \ -S "selected srtp profile" \ -S "server hello, adding use_srtp extension" \ + -S "DTLS-SRTP key material is"\ -C "SRTP Extension negotiated, profile" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP @@ -8911,6 +8933,7 @@ run_test "DTLS-SRTP server doesn't support use_srtp extension. openssl client" 0 \ -s "found use_srtp extension" \ -S "server hello, adding use_srtp extension" \ + -S "DTLS-SRTP key material is"\ -C "SRTP Extension negotiated, profile" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP @@ -8922,6 +8945,7 @@ run_test "DTLS-SRTP all profiles supported. openssl server" \ -c "found use_srtp extension" \ -c "found srtp profile" \ -c "selected srtp profile: MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80" \ + -c "DTLS-SRTP key material is"\ -C "error" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP @@ -8933,6 +8957,7 @@ run_test "DTLS-SRTP server supports all profiles. Client supports all profiles, -c "found use_srtp extension" \ -c "found srtp profile" \ -c "selected srtp profile" \ + -c "DTLS-SRTP key material is"\ -C "error" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP @@ -8944,6 +8969,7 @@ run_test "DTLS-SRTP server supports all profiles. Client supports one profile. -c "found use_srtp extension" \ -c "found srtp profile: MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32" \ -c "selected srtp profile" \ + -c "DTLS-SRTP key material is"\ -C "error" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP @@ -8955,6 +8981,7 @@ run_test "DTLS-SRTP server supports one profile. Client supports all profiles. -c "found use_srtp extension" \ -c "found srtp profile: MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32" \ -c "selected srtp profile" \ + -c "DTLS-SRTP key material is"\ -C "error" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP @@ -8966,6 +8993,7 @@ run_test "DTLS-SRTP server and Client support only one matching profile. openss -c "found use_srtp extension" \ -c "found srtp profile: MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32" \ -c "selected srtp profile" \ + -c "DTLS-SRTP key material is"\ -C "error" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP @@ -8977,6 +9005,7 @@ run_test "DTLS-SRTP server and Client support only one different profile. opens -C "found use_srtp extension" \ -C "found srtp profile" \ -C "selected srtp profile" \ + -C "DTLS-SRTP key material is"\ -C "error" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP @@ -8988,6 +9017,7 @@ run_test "DTLS-SRTP server doesn't support use_srtp extension. openssl server" -C "found use_srtp extension" \ -C "found srtp profile" \ -C "selected srtp profile" \ + -C "DTLS-SRTP key material is"\ -C "error" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP @@ -8999,6 +9029,7 @@ run_test "DTLS-SRTP all profiles supported. server doesn't support mki. openssl -c "found use_srtp extension" \ -c "found srtp profile" \ -c "selected srtp profile" \ + -c "DTLS-SRTP key material is"\ -c "dumping 'sending mki' (8 bytes)" \ -C "dumping 'received mki' (8 bytes)" \ -C "error" @@ -9013,6 +9044,7 @@ run_test "DTLS-SRTP all profiles supported. gnutls client." \ -s "found srtp profile" \ -s "selected srtp profile" \ -s "server hello, adding use_srtp extension" \ + -s "DTLS-SRTP key material is"\ -c "SRTP profile: SRTP_AES128_CM_HMAC_SHA1_80" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP @@ -9025,6 +9057,7 @@ run_test "DTLS-SRTP server supports all profiles. Client supports all profiles, -s "found srtp profile" \ -s "selected srtp profile" \ -s "server hello, adding use_srtp extension" \ + -s "DTLS-SRTP key material is"\ -c "SRTP profile: SRTP_NULL_HMAC_SHA1_80" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP @@ -9037,6 +9070,7 @@ run_test "DTLS-SRTP server supports all profiles. Client supports one profile. -s "found srtp profile: MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32" \ -s "selected srtp profile: MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32" \ -s "server hello, adding use_srtp extension" \ + -s "DTLS-SRTP key material is"\ -c "SRTP profile: SRTP_AES128_CM_HMAC_SHA1_32" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP @@ -9049,6 +9083,7 @@ run_test "DTLS-SRTP server supports one profile. Client supports all profiles. -s "found srtp profile" \ -s "selected srtp profile: MBEDTLS_SRTP_NULL_HMAC_SHA1_32" \ -s "server hello, adding use_srtp extension" \ + -s "DTLS-SRTP key material is"\ -c "SRTP profile: SRTP_NULL_SHA1_32" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP @@ -9061,6 +9096,7 @@ run_test "DTLS-SRTP server and Client support only one matching profile. gnutls -s "found srtp profile" \ -s "selected srtp profile" \ -s "server hello, adding use_srtp extension" \ + -s "DTLS-SRTP key material is"\ -c "SRTP profile: SRTP_AES128_CM_HMAC_SHA1_32" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP @@ -9073,6 +9109,7 @@ run_test "DTLS-SRTP server and Client support only one different profile. gnutl -s "found srtp profile" \ -S "selected srtp profile" \ -S "server hello, adding use_srtp extension" \ + -S "DTLS-SRTP key material is"\ -C "SRTP profile:" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP @@ -9083,6 +9120,7 @@ run_test "DTLS-SRTP server doesn't support use_srtp extension. gnutls client" \ 0 \ -s "found use_srtp extension" \ -S "server hello, adding use_srtp extension" \ + -S "DTLS-SRTP key material is"\ -C "SRTP profile:" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP @@ -9095,6 +9133,7 @@ run_test "DTLS-SRTP all profiles supported. gnutls server" \ -c "found use_srtp extension" \ -c "found srtp profile" \ -c "selected srtp profile: MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80" \ + -c "DTLS-SRTP key material is"\ -C "error" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP @@ -9107,6 +9146,7 @@ run_test "DTLS-SRTP server supports all profiles. Client supports all profiles, -c "found use_srtp extension" \ -c "found srtp profile" \ -c "selected srtp profile: MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_80" \ + -c "DTLS-SRTP key material is"\ -C "error" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP @@ -9119,18 +9159,20 @@ run_test "DTLS-SRTP server supports all profiles. Client supports one profile. -c "found use_srtp extension" \ -c "found srtp profile: MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32" \ -c "selected srtp profile" \ + -c "DTLS-SRTP key material is"\ -C "error" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP requires_gnutls run_test "DTLS-SRTP server supports one profile. Client supports all profiles. gnutls server." \ "$G_SRV -u --srtp-profiles=SRTP_NULL_HMAC_SHA1_80" \ - "$P_CLI dtls=1 use_srtp=30 debug_level=3" \ + "$P_CLI dtls=1 use_srtp=1 debug_level=3" \ 0 \ -c "client hello, adding use_srtp extension" \ -c "found use_srtp extension" \ -c "found srtp profile: MBEDTLS_SRTP_NULL_HMAC_SHA1_80" \ -c "selected srtp profile" \ + -c "DTLS-SRTP key material is"\ -C "error" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP @@ -9143,6 +9185,7 @@ run_test "DTLS-SRTP server and Client support only one matching profile. gnutls -c "found use_srtp extension" \ -c "found srtp profile: MBEDTLS_SRTP_AES128_CM_HMAC_SHA1_32" \ -c "selected srtp profile" \ + -c "DTLS-SRTP key material is"\ -C "error" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP @@ -9155,6 +9198,7 @@ run_test "DTLS-SRTP server and Client support only one different profile. gnutl -C "found use_srtp extension" \ -C "found srtp profile" \ -C "selected srtp profile" \ + -C "DTLS-SRTP key material is"\ -C "error" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP @@ -9167,6 +9211,7 @@ run_test "DTLS-SRTP server doesn't support use_srtp extension. gnutls server" \ -C "found use_srtp extension" \ -C "found srtp profile" \ -C "selected srtp profile" \ + -C "DTLS-SRTP key material is"\ -C "error" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP @@ -9179,6 +9224,7 @@ run_test "DTLS-SRTP all profiles supported. mki used. gnutls server." \ -c "found use_srtp extension" \ -c "found srtp profile" \ -c "selected srtp profile" \ + -c "DTLS-SRTP key material is"\ -c "dumping 'sending mki' (8 bytes)" \ -c "dumping 'received mki' (8 bytes)" \ -C "error"