API modified so server side can get mki value

+ client side discards self mki if server does not support it Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-26 22:45:58 +01:00 · 2020-10-26 22:45:58 +01:00 · 20c7db3a67
commit 20c7db3a67
parent adbd9449ec
6 changed files with 63 additions and 10 deletions
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@ -1925,6 +1925,14 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl,
                                        MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
        return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
    }
+
+    /* If server does not use mki in its reply, make sure the client won't keep
+     * one as negotiated */
+    if( len == 5 )
+    {
+        ssl->dtls_srtp_info.mki_len = 0;
+    }
+
    /*
     * RFC5764:
     *  If the client detects a nonzero-length MKI in the server's response