From d8fd19feb8db930e67b811506e11177e95346039 Mon Sep 17 00:00:00 2001
From: Juliusz Sosinowicz <juliusz@wolfssl.com>
Date: Mon, 29 Sep 2025 18:27:36 +0200
Subject: [PATCH] DTLS SRTP should also do a cookie exchange since it uses UDP

---
 src/ssl.c             |  3 +--
 tests/api.c           |  1 +
 tests/api/test_dtls.c | 38 ++++++++++++++++++++++++++++++++++++++
 tests/api/test_dtls.h |  1 +
 4 files changed, 41 insertions(+), 2 deletions(-)

diff --git a/src/ssl.c b/src/ssl.c
index 71cbdd17ce2..00d03823ecc 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -10836,8 +10836,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
             ssl->options.dtls   = 1;
             ssl->options.tls    = 1;
             ssl->options.tls1_1 = 1;
-            if (!IsDtlsNotSctpMode(ssl) || !IsDtlsNotSrtpMode(ssl) ||
-                    IsSCR(ssl))
+            if (!IsDtlsNotSctpMode(ssl) || IsSCR(ssl))
                 ssl->options.dtlsStateful = 1;
         }
     #endif
diff --git a/tests/api.c b/tests/api.c
index 1ae524f780d..c2b614ccc14 100644
--- a/tests/api.c
+++ b/tests/api.c
@@ -51226,6 +51226,7 @@ TEST_DECL(test_wc_RsaPSS_DigitalSignVerify),
     TEST_DECL(test_dtls_rtx_across_epoch_change),
     TEST_DECL(test_dtls_drop_client_ack),
     TEST_DECL(test_dtls_replay),
+    TEST_DECL(test_dtls_srtp),
     TEST_DECL(test_dtls13_ack_order),
     TEST_DECL(test_dtls_version_checking),
     TEST_DECL(test_ocsp_status_callback),
diff --git a/tests/api/test_dtls.c b/tests/api/test_dtls.c
index 9458874dc77..bdb327fee84 100644
--- a/tests/api/test_dtls.c
+++ b/tests/api/test_dtls.c
@@ -1525,3 +1525,41 @@ int test_dtls_replay(void)
 #endif
     return EXPECT_RESULT();
 }
+
+#if defined(WOLFSSL_DTLS13) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && \
+    defined(WOLFSSL_SRTP)
+static int test_dtls_srtp_ctx_ready(WOLFSSL_CTX* ctx)
+{
+    EXPECT_DECLS;
+    ExpectIntEQ(wolfSSL_CTX_set_tlsext_use_srtp(ctx, "SRTP_AEAD_AES_256_GCM:"
+         "SRTP_AEAD_AES_128_GCM:SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32"),
+          0);
+    return EXPECT_RESULT();
+}
+
+int test_dtls_srtp(void)
+{
+    EXPECT_DECLS;
+    test_ssl_cbf client_cbf;
+    test_ssl_cbf server_cbf;
+
+    XMEMSET(&client_cbf, 0, sizeof(client_cbf));
+    XMEMSET(&server_cbf, 0, sizeof(server_cbf));
+
+    client_cbf.method = wolfDTLSv1_3_client_method;
+    client_cbf.ctx_ready = test_dtls_srtp_ctx_ready;
+    server_cbf.method = wolfDTLSv1_3_server_method;
+    server_cbf.ctx_ready = test_dtls_srtp_ctx_ready;
+
+    ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&client_cbf,
+        &server_cbf, NULL), TEST_SUCCESS);
+
+    return EXPECT_RESULT();
+}
+#else
+int test_dtls_srtp(void)
+{
+    EXPECT_DECLS;
+    return EXPECT_RESULT();
+}
+#endif
diff --git a/tests/api/test_dtls.h b/tests/api/test_dtls.h
index 9c717826a1e..844697db5f8 100644
--- a/tests/api/test_dtls.h
+++ b/tests/api/test_dtls.h
@@ -39,4 +39,5 @@ int test_dtls_record_cross_boundaries(void);
 int test_dtls_rtx_across_epoch_change(void);
 int test_dtls_drop_client_ack(void);
 int test_dtls_replay(void);
+int test_dtls_srtp(void);
 #endif /* TESTS_API_DTLS_H */