diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 398eb012a..4805c67b3 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -3275,11 +3275,8 @@ int mbedtls_ssl_dtls_srtp_set_mki_value( mbedtls_ssl_context *ssl, * or peer's Hello packet was not parsed yet. * - mki size and value (if size is > 0). These informations are valid only * if the protection profile returned is not MBEDTLS_TLS_SRTP_UNSET. - * Ownership of the returned structure is kept by the ssl context, - * the caller must duplicate any information that must live longer than - * the context (typically MKI size and value if any) */ -const mbedtls_dtls_srtp_info *mbedtls_ssl_get_dtls_srtp_negotiation_result +mbedtls_dtls_srtp_info mbedtls_ssl_get_dtls_srtp_negotiation_result ( const mbedtls_ssl_context *ssl ); #endif /* MBEDTLS_SSL_DTLS_SRTP */ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index cee8ba132..0739b8f05 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4751,10 +4751,16 @@ int mbedtls_ssl_conf_dtls_srtp_protection_profiles( mbedtls_ssl_config *conf, return( 0 ); } -const mbedtls_dtls_srtp_info * +mbedtls_dtls_srtp_info mbedtls_ssl_get_dtls_srtp_negotiation_result( const mbedtls_ssl_context *ssl ) { - return( &( ssl->dtls_srtp_info ) ); + mbedtls_dtls_srtp_info ret = ssl->dtls_srtp_info; + /* discard the mki if there is no chosen profile */ + if ( ret.chosen_dtls_srtp_profile == MBEDTLS_TLS_SRTP_UNSET ) + { + ret.mki_len = 0; + } + return( ret ); } #endif /* MBEDTLS_SSL_DTLS_SRTP */ diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index d53a40af8..2a6050789 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -2754,10 +2754,10 @@ int main( int argc, char *argv[] ) else if( opt.use_srtp != 0 ) { size_t j = 0; - const mbedtls_dtls_srtp_info *dtls_srtp_negotiation_result = + mbedtls_dtls_srtp_info dtls_srtp_negotiation_result = mbedtls_ssl_get_dtls_srtp_negotiation_result( &ssl ); - if( ( dtls_srtp_negotiation_result->chosen_dtls_srtp_profile + if( ( dtls_srtp_negotiation_result.chosen_dtls_srtp_profile == MBEDTLS_TLS_SRTP_UNSET ) ) { mbedtls_printf( " Unable to negotiate " @@ -2800,12 +2800,12 @@ int main( int argc, char *argv[] ) } mbedtls_printf( "\n" ); - if ( dtls_srtp_negotiation_result->mki_len > 0 ) + if ( dtls_srtp_negotiation_result.mki_len > 0 ) { mbedtls_printf( " DTLS-SRTP mki value: " ); - for( j = 0; j < dtls_srtp_negotiation_result->mki_len; j++ ) + for( j = 0; j < dtls_srtp_negotiation_result.mki_len; j++ ) { - mbedtls_printf( "%02X", dtls_srtp_negotiation_result->mki_value[j] ); + mbedtls_printf( "%02X", dtls_srtp_negotiation_result.mki_value[j] ); } } else diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 126a64c0d..81721bbca 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -3865,10 +3865,10 @@ handshake: else if( opt.use_srtp != 0 ) { size_t j = 0; - const mbedtls_dtls_srtp_info *dtls_srtp_negotiation_result = + mbedtls_dtls_srtp_info dtls_srtp_negotiation_result = mbedtls_ssl_get_dtls_srtp_negotiation_result( &ssl ); - if( ( dtls_srtp_negotiation_result->chosen_dtls_srtp_profile + if( ( dtls_srtp_negotiation_result.chosen_dtls_srtp_profile == MBEDTLS_TLS_SRTP_UNSET ) ) { mbedtls_printf( " Unable to negotiate " @@ -3911,12 +3911,12 @@ handshake: } mbedtls_printf( "\n" ); - if ( dtls_srtp_negotiation_result->mki_len > 0 ) + if ( dtls_srtp_negotiation_result.mki_len > 0 ) { mbedtls_printf( " DTLS-SRTP mki value: " ); - for( j = 0; j < dtls_srtp_negotiation_result->mki_len; j++ ) + for( j = 0; j < dtls_srtp_negotiation_result.mki_len; j++ ) { - mbedtls_printf( "%02X", dtls_srtp_negotiation_result->mki_value[j] ); + mbedtls_printf( "%02X", dtls_srtp_negotiation_result.mki_value[j] ); } } else