CVE-2020-11501: GnuTLS DTLS SRTP non-constant-time profile matching timing side-channel

CVE-2020-11501 in GnuTLS before 3.6.13. A timing side-channel vulnerability exists in _gnutls_srtp_recv_params() in lib/ext/srtp.c. When parsing DTLS ClientHello SRTP extension profiles, the server uses a non-constant-time nested loop: the inner for-loop has condition priv->selected_profile == 0 which short-circuits as soon as a matching profile is found. This leaks which profile matched and at what position in the server's preference list. An attacker sends DTLS ClientHellos with varying SRTP profile orderings, measures response timing, and reconstructs the server's profile preference order. CWE-208 (Observable Timing Discrepancy).