Skip to content

mbedtls files changed and cmake instruction added to support MbedTLS … #782

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
seyednasermoravej wants to merge 4 commits into
base: main
Choose a base branch
from
Draft

mbedtls files changed and cmake instruction added to support MbedTLS … #782

seyednasermoravej wants to merge 4 commits into from
+248 −85

Conversation

@seyednasermoravej
Copy link

@seyednasermoravej seyednasermoravej commented Dec 25, 2025

Hi Cisco team, and Merry Christmas 🎄

This PR is a draft for the migration to Mbed TLS v4.0.
For easier review and comparison, I’ve kept both the legacy code and the new implementation side by side.

There are still some unnecessary fields in a few structures, and in some places the implementation can be improved (for example, using status instead of errCode). I intentionally kept the changes as minimal as possible for now; we can clean up and refine these parts in follow-up steps once the migration direction is agreed upon.

Feedback and suggestions are very welcome.

This was referenced Dec 25, 2025
Open
Open
Draft
Open
hmaarrfk and others added 3 commits January 7, 2026 17:21
@hmaarrfk @seyednasermoravej
Improve installation paths on windows
656f43d 
This helps windows libraries get installed to

```
bin\srtp2.dll
lib\srtp2.lib
```

This is the split we use at conda-forge to help keep the dlls findable while keeking the lib files separate.

Let me know if you have any concerns.

Excited to see this upstreamed.
@hmaarrfk @seyednasermoravej
Try simplifying things so much
b84be18
@pabuhler @seyednasermoravej
add cmake release ci badge
9964b61
@seyednasermoravej
Copy link
Author

seyednasermoravej commented Jan 7, 2026

How can I check CI before push my code?
I'm facing GCM mode error in the CI while it passed on my side.
My command to build the code is:
cmake -S . -B build -DCRYPTO_LIBRARY=mbedtls -DMBEDTLS_INCLUDE_DIRS=/opt/mbedtls-4/include -DMBEDTLS_LIBRARY="/opt/mbedtls-4/lib/libmbedtls.a;/opt/mbedtls-4/lib/libmbedcrypto.a" && cmake --build build
assuming MbedTLS V4.0 is installed in /opt/mbedtls-4 directory.
I have tested rtpw application while the sender is output from mbedtls4.0 and the receiver is from previous mbedtls and vice versa.

@pabuhler
Copy link
Member

pabuhler commented Jan 7, 2026

I normally just try to replicate the environment, or else do a lot of pushing to a PR and then clean up and squash before creating the final PR.

Just looking quickly I would guess you need to update the CI scripts to use MbedTLS 4 or ?
If you tell me how to install the correct version of mbedtls on ubuntu I could try to build and run locally and look at CI script.

@seyednasermoravej
Copy link
Author

seyednasermoravej commented Jan 8, 2026

I normally just try to replicate the environment, or else do a lot of pushing to a PR and then clean up and squash before creating the final PR.

Just looking quickly I would guess you need to update the CI scripts to use MbedTLS 4 or ? If you tell me how to install the correct version of mbedtls on ubuntu I could try to build and run locally and look at CI script.

I tested this scripts on Ubuntu 24.04 and Ubuntu 22.04. Maybe you face python errors because of absence of some packages. Please install them via pip. If you face no python error, you could create a .sh file and source it:

cd ~ git clone https://github.com/Mbed-TLS/mbedtls.git cd mbedtls git checkout mbedtls-4.0.0 git submodule update --init --recursive cmake -S . -B build cmake --build build cd ~/mbedtls/build sudo cmake --install . --prefix=/opt/mbedtls-4 cd ~ git clone https://github.com/seyednasermoravej/libsrtp.git cd libsrtp git checkout migration-to-psa-crypto cmake -S . -B build -DCRYPTO_LIBRARY=mbedtls -DMBEDTLS_INCLUDE_DIRS=/opt/mbedtls-4/include -DMBEDTLS_LIBRARY=/opt/mbedtls-4/lib/libmbedtls.a -DMBEDX509_LIBRARY=/opt/mbedtls-4/lib/libmbedx509.a -DMBEDCRYPTO_LIBRARY=/opt/mbedtls-4/lib/libmbedcrypto.a cmake --build build cp test/words.txt build cd build ./rtpw -s -k c1eec3717da76195bb878578790af71c4ee9f859e197a414a78d5abc7451 -e 128 -a 0.0.0.0 9999
That is the sender, you could run the receiver using this command:
cd ~/libsrtp/build ./rtpw -r -k c1eec3717da76195bb878578790af71c4ee9f859e197a414a78d5abc7451 -e 128 -a 0.0.0.0 9999

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@seyednasermoravej @pabuhler @hmaarrfk