Add RFC5764 - SRTP key generation during DTLS handshake

[jeannotlapin]

Hi,
here is the updated patch for DTLS-SRTP.

I didn't add any test as I couldn't really found any doc on how to do that.

Simple one shall be, setup a dtls_srtp_profile on server and client side, perform handshake and compare the key material generated on both side.(I manually did that using modified program/ssl/dtls_client/server to check it's working).
Srtp profile selection shall be tested too.
Interop tests with other libraries would be great.

I tested it against the original patch on polarssl1.4(which itself has been tested with chrome and firefox DTLS implementation) and it seems to be ok.

[ciarmcom]

Automatic CI verification build not done, please verify manually.

[simonbutcher]

I've emailed you directly concerning the CLA which needs to be signed and returned for us to be able to receive the contribution. Thanks!

[jeannotlapin]

Ok thanks, as the contribution is just update the one submitted for polarssl in april, I thought the CLA sent then was still valid.
I'll send you the new one today.

[jeannotlapin]

Simon,
I made new modifications (mainly moving some dtls_srtp fields from ssl context to ssl_config context and add a function to retrieve the generated key material instead of accessing directly some ssl_context fields).

Shall I push more commits or amend the original one(not exactly sure on how to do this by the way) ?

regards,

johan

[ciarmcom]

Automatic CI verification build not done, please verify manually.

[mpg]

I think pushing some more commits is the best way to go. It allows us to see the new changes easily.

(Generally speaking, it's best to err on the side of more granular commits, as it's easy to merge them after the fact using git rebase -i and its "squash" feature, while splitting commits after the fact is generally a pain (though it's possible, and also done with git rebase -i, it requires much more manual work and attention).)

[jeannotlapin]

Hi Simon,
any news on merging this enhancement into the dev branch?

regards,

johan

[simonbutcher]

Hi @jeannotlapin

We have been holding off merging pull requests while we prepare for a release. You may have noticed the last significant release was 2.2.1 in January, and when we last discussed merging this work, I said it would follow that release - which is unfortunately still pending.

Once that release has shipped, we will enter a window for merging many of these outstanding pull requests.

Hope this helps.

[jeannotlapin]

Hi Simon,
any news on merging this enhancement?

thanks,

johan

[jeannotlapin]

Hi Simon,
I just updated to latest commit from development branch and manage to get all the checks passed, any chance you would merge it?

regards,
johan

[carsonbaker]

+1

[simonbutcher]

Hi @jeannotlapin,

We're hoping to get it integrated soon. Apologies for the long, long wait.

Simon

[pasichnichenko]

+1

[jeannotlapin]

Hi,

any news on the integration on this merge?

thanks

johan

[simonbutcher]

@Patater - Please review for design, this and @RonEld's rework.

[Patater]

Reviewed and approved for design.

Still needs more tests and some more thought on run-time vs compile-time configuration.

[RonEld]

@jeannotlapin I have done some rework on this PR, and created a new PR #1540 which supersedes this one.
Please follow the new PR, as I am closing this PR