Make API safer
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 398eb01..4805c67 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -3275,11 +3275,8 @@
* or peer's Hello packet was not parsed yet.
* - mki size and value (if size is > 0). These informations are valid only
* if the protection profile returned is not MBEDTLS_TLS_SRTP_UNSET.
- * Ownership of the returned structure is kept by the ssl context,
- * the caller must duplicate any information that must live longer than
- * the context (typically MKI size and value if any)
*/
-const mbedtls_dtls_srtp_info *mbedtls_ssl_get_dtls_srtp_negotiation_result
+mbedtls_dtls_srtp_info mbedtls_ssl_get_dtls_srtp_negotiation_result
( const mbedtls_ssl_context *ssl );
#endif /* MBEDTLS_SSL_DTLS_SRTP */
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index cee8ba1..0739b8f 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -4751,10 +4751,16 @@
return( 0 );
}
-const mbedtls_dtls_srtp_info *
+mbedtls_dtls_srtp_info
mbedtls_ssl_get_dtls_srtp_negotiation_result( const mbedtls_ssl_context *ssl )
{
- return( &( ssl->dtls_srtp_info ) );
+ mbedtls_dtls_srtp_info ret = ssl->dtls_srtp_info;
+ /* discard the mki if there is no chosen profile */
+ if ( ret.chosen_dtls_srtp_profile == MBEDTLS_TLS_SRTP_UNSET )
+ {
+ ret.mki_len = 0;
+ }
+ return( ret );
}
#endif /* MBEDTLS_SSL_DTLS_SRTP */
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index d53a40a..2a60507 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -2754,10 +2754,10 @@
else if( opt.use_srtp != 0 )
{
size_t j = 0;
- const mbedtls_dtls_srtp_info *dtls_srtp_negotiation_result =
+ mbedtls_dtls_srtp_info dtls_srtp_negotiation_result =
mbedtls_ssl_get_dtls_srtp_negotiation_result( &ssl );
- if( ( dtls_srtp_negotiation_result->chosen_dtls_srtp_profile
+ if( ( dtls_srtp_negotiation_result.chosen_dtls_srtp_profile
== MBEDTLS_TLS_SRTP_UNSET ) )
{
mbedtls_printf( " Unable to negotiate "
@@ -2800,12 +2800,12 @@
}
mbedtls_printf( "\n" );
- if ( dtls_srtp_negotiation_result->mki_len > 0 )
+ if ( dtls_srtp_negotiation_result.mki_len > 0 )
{
mbedtls_printf( " DTLS-SRTP mki value: " );
- for( j = 0; j < dtls_srtp_negotiation_result->mki_len; j++ )
+ for( j = 0; j < dtls_srtp_negotiation_result.mki_len; j++ )
{
- mbedtls_printf( "%02X", dtls_srtp_negotiation_result->mki_value[j] );
+ mbedtls_printf( "%02X", dtls_srtp_negotiation_result.mki_value[j] );
}
}
else
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 126a64c..81721bb 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -3865,10 +3865,10 @@
else if( opt.use_srtp != 0 )
{
size_t j = 0;
- const mbedtls_dtls_srtp_info *dtls_srtp_negotiation_result =
+ mbedtls_dtls_srtp_info dtls_srtp_negotiation_result =
mbedtls_ssl_get_dtls_srtp_negotiation_result( &ssl );
- if( ( dtls_srtp_negotiation_result->chosen_dtls_srtp_profile
+ if( ( dtls_srtp_negotiation_result.chosen_dtls_srtp_profile
== MBEDTLS_TLS_SRTP_UNSET ) )
{
mbedtls_printf( " Unable to negotiate "
@@ -3911,12 +3911,12 @@
}
mbedtls_printf( "\n" );
- if ( dtls_srtp_negotiation_result->mki_len > 0 )
+ if ( dtls_srtp_negotiation_result.mki_len > 0 )
{
mbedtls_printf( " DTLS-SRTP mki value: " );
- for( j = 0; j < dtls_srtp_negotiation_result->mki_len; j++ )
+ for( j = 0; j < dtls_srtp_negotiation_result.mki_len; j++ )
{
- mbedtls_printf( "%02X", dtls_srtp_negotiation_result->mki_value[j] );
+ mbedtls_printf( "%02X", dtls_srtp_negotiation_result.mki_value[j] );
}
}
else