add srtp

git-svn-id: http://svn.freeswitch.org/svn/freeswitch/trunk@1086 d0543943-73ff-0310-b7d9-9358b9ac24b2

libs/srtp/.cvsignore

+Makefile
+config.log
+config.status
+autom4te.cache

libs/srtp/CHANGES

+Changelog
+
+1.3.20
+
+  Lots of changes.  Thanks to Jeff Chan for catching a memory leak and
+  helping track down the endian issues with the SSRCs.
+
+1.3.8
+
+  This is an interim release.  Several little-endian bugs were identified
+  and fixed; this means that we can use intel/linux for development again.
+
+  Cleaned up sha1 and hmac code significantly, got rid of some excess
+  functions and properly documented the fuctions in the .h files.
+
+  Eliminated some vestigial files.
+
+  There is a SIGBUS error in the AES encrypt function on sparc
+  (observed on both solaris and openbsd) with gcc 2.95.  Was unable to
+  find bad pointer anywhere, so I'm wondering if it isn't a compiler
+  problem (there's a known problem whose profile it fits).  It doesn't
+  appear on any other platform, even in the cipher_driver stress
+  tests.
+
+  Planned changes
+
+  Change interface to nonces (xtd_seq_num_t) so that it uses
+  network byte ordering, and is consistent with other arguments.
+
+
+1.3.6 
+
+  Changed /dev/random (in configure.in and crypto/rng/rand_source.c) to
+  /dev/urandom; the latter is non-blocking on all known platforms (which 
+  corrects some programs that seem to hang) and is actually present on 
+  Open BSD (unlike /dev/random, which only works in the presence of 
+  hardware supported random number generation).
+
+  Added machine/types.h case in include/integers.h.
+
+1.3.5
+
+  Removing srtp_t::template and stream_clone().
+
+  Adding a new policy structure, which will reflect a complete SRTP
+  policy (including SRTCP).
+
+  This version is *incomplete* and will undergo more changes.  It is
+  provided only as a basis for discussion.
+
+1.3.4
+
+   Removed tmmh.c and tmmh.h, which implemented version one of TMMH.
+
+   Changed srtp_get_trailer_length() to act on streams rather than
+   sessions, and documented the macro SRTP_MAX_TRAILER_LEN, which should
+   usually be used rather than that function.
+
+   Removed 'salt' from cipher input. 
+
+   Changed rdbx to use err.h error codes.
+
+   Changed malloc() and free() to xalloc() and xfree; these functions
+   are defined in crypto/kernel/alloc.c and declared in 
+   include/alloc.h.
+
+   Added 'output' functions to cipher, in addition to 'encrypt'
+   functions.  It is no longer necessary to zeroize a buffer before
+   encrypting in order to get keystream.
+
+   Changed octet_string_hex_string() so that "times two" isn't needed
+   in its input.
+
+   Added crypto_kernel_init() prior to command-line parsing, so that
+   kernel can be passed command-line arguments, such as "-d
+   debug_module".  This was done to for the applications
+   test/srtp-driver, test/kernel-driver, and test/ust-driver.
+
+   Improved srtp_init_aes_128_prf - wrote key derivation function
+   (srtp_kdf_t).
+
+   Add the tag_len as an argument to the auth_compute() function, but
+   not the corresponding macro.  This change allows the tag length for
+   a given auth func to be set to different values at initialization
+   time.  Previously, the structure auth_t contained the
+   output_length, but that value was inaccessible from hmac_compute()
+   and other functions.
+
+   Re-named files from a-b.c to a_b.c. in order to help portability.
+
+   Re-named rijndael to aes (or aes_128 as appropriate).
+
+
+1.2.1 
+
+  Changes so that 1.2.0 compiles on cygwin-win2k.
+
+  Added better error reporting system.  If syslog is present on the
+  OS, then it is used.
+
+
+1.2.0 Many improvements and additions, and a fex fixes
+
+   Fixed endian issues in RTP header construction in the function
+   rtp_sendto() in srtp/rtp.c.
+
+   Implemented RIJNDAEL decryption operation, adding the functions
+   rijndael_decrypt() and rijndael_expand_decryption_key().  Also
+   re-named rijndael_expand_key() to rijndael_expand_encryption_key()
+   for consistency.
+
+   Implemented random number source using /dev/random, in the files
+   crypto/rng/rand_source.c and include/rand_source.h.
+
+   Added index check to SEAL cipher (only values less than 2^32 are
+   allowed)
+
+   Added test case for null_auth authentication function.
+
+   Added a timing test which tests the effect of CPU cache thrash on
+   cipher throughput.  The test is done by the function
+   cipher_test_throughput_array(); the function
+   cipher_array_alloc_init() creates an array of ciphers for use in
+   this test.  This test can be accessed by using the -a flag to
+   the application cipher-driver in the test subdirectory.
+ 
+   Added argument processing to ust-driver.c, and added that app to
+   the 'runtest' target in Makefile.in.
+
+   A minor auth_t API change: last argument of auth_init() eliminated.
+
+
+1.0.6 A small but important fix
+
+   Fixed srtp_init_aes_128_prf() by adding octet_string_set_to_zero()
+   after buffer allocation.
+
+   Eliminated references to no-longer-existing variables in debugging
+   code in srtp/srtp.c.  This fixes the compilation failure that
+   occured when using PRINT_DEBUG in that file.
+
+   Corrected spelling of Richard Priestley's name in credits.  Sorry
+   Richard!
+
+
+1.0.5 Many little fixes
+
+   Fixed octet_string_set_to_zero(), which was writing one
+   more zero octet than it should.  This bug caused srtp_protect()
+   and srtp_unprotect() to overwrite the byte that followed the
+   srtp packet.
+
+   Changed sizeof(uint32_t) to srtp_get_trailer_length() in
+   srtp-driver.c.  This is just defensive coding.
+
+   Added NULL check to malloc in srtp_alloc().
+
+
+1.0.4 Many minor fixes and two big ones (thanks for the bug reports!)
+
+   Removed 'ssrc' from the srtp_init_aes_128_prf() function argument
+   list.  This is so that applications which do not a priori know the
+   ssrc which they will be receiving can still use libsrtp.  Now the
+   SSRC value is gleaned from the rtp header and exored into the
+   counter mode offset in the srtp_protect() and srtp_unprotect()
+   functions, if that cipher is used.  This change cascaed through
+   many other functions, including srtp_init_from_hex(),
+   srtp_sender_init() and srtp_receiver_init() in rtp.c, and also
+   changing the CLI to test/rtpw.  In the future, another function
+   call will be added to the library that enables multiple ssrc/key
+   pairs to be installed into the same srtp session, so that libsrtp
+   works with multiple srtp senders.  For now, this functionality is
+   lacking.
+
+   Removed the GDOI interface to the rtpw demo program.  This will be
+   added again at a later date, after the SRTP and GDOI distributions
+   stabilize.  For now, I've left in the GDOI #defines and autoconf
+   definitions so that they'll be in place when needed.
+
+   Updated tmmhv2_compute() so that it didn't assume any particular
+   alginment of the output tag.
+
+   Changed bit field variables in srtp.h to unsigned char from
+   unsigned int in order to avoid a potential endianness issue.
+
+   Fixed rdbx_estimate_index() to handle all input cases.  This solves
+   the now notorious "abaft" bug in the rtpw demo app on linux/intel,
+   in which spurious replay protection failures happen after that word
+   is received.
+
+   Added ntohs(hdr->seq) to srtp_protect and srtp_unprotect, removed
+   from rijndael_icm_set_segment().
+
+   Added error checking and handling to srtp_sender_init() and
+   srtp_receiver_init().
+
+   Changed srtp_alloc() so that it does what you'd expect: allocate an
+   srtp_ctx_t structure.  This hides the library internals.
+
+
+1.0.1   Many minor fixes
+
+   Added cipher_driver_buffer_test(...) to test/cipher-driver.c.  This
+   function checks that the byte-buffering functions used by a cipher
+   are correct.
+
+   Fixed SunOS/Solaris build problems: added HAVE_SYS_INT_TYPES_H and
+   changed index_t to xtd_seq_num_t (see include/rdbx.h).
+
+   Fixed SEAL3.0 output byte buffering, added byte-buffering test to
+   cipher/cipher-driver.c.
+
+   Fixed roc-driver so that the non-sequential insertion test
+   automatically recovers from bad estimates.  This was required to
+   prevent spurious failures.
+
+   Made rdbx_estimate_index(...) function smarter, so that initial RTP
+   sequence numbers greater than 32,768 don't cause it to estimate the
+   rollover counter of 0xffffffff.
+
+
+1.0.0   Initial release
+

libs/srtp/CVS/Entries

+/.cvsignore/1.2/Thu Sep 29 12:23:16 2005//
+/CHANGES/1.1.1.1/Wed Sep 21 22:51:36 2005//
+/LICENSE/1.2/Fri Sep 23 19:34:11 2005//
+/Makefile.in/1.14/Fri Mar 17 21:00:46 2006//
+/README/1.3/Sun Oct  2 12:04:37 2005//
+/TODO/1.2/Fri Sep 23 19:34:11 2005//
+/VERSION/1.2/Fri Sep 23 19:34:11 2005//
+/config.guess/1.2/Sun Oct  2 19:03:54 2005//
+/config.sub/1.2/Sun Oct  2 19:03:53 2005//
+/config_in.h/1.7/Mon Oct  3 15:24:08 2005//
+/configure/1.9/Mon Oct  3 15:23:13 2005//
+/configure.in/1.10/Mon Oct  3 15:19:02 2005//
+/install-sh/1.1.1.1/Wed Sep 21 22:51:38 2005//
+/timing/1.1.1.1/Wed Sep 21 22:51:38 2005//
+/undos.sh/1.1.1.1/Wed Sep 21 22:51:38 2005//
+/update.sh/1.1.1.1/Wed Sep 21 22:51:38 2005//
+D/crypto////
+D/doc////
+D/include////
+D/srtp////
+D/tables////
+D/test////

libs/srtp/CVS/Repository

+srtp

libs/srtp/CVS/Root

+:pserver:anonymous@cvs.sourceforge.net:/cvsroot/srtp

libs/srtp/LICENSE

+/*
+ *	
+ * Copyright (c) 2001-2005 Cisco Systems, Inc.
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ *   Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ * 
+ *   Redistributions in binary form must reproduce the above
+ *   copyright notice, this list of conditions and the following
+ *   disclaimer in the documentation and/or other materials provided
+ *   with the distribution.
+ * 
+ *   Neither the name of the Cisco Systems, Inc. nor the names of its
+ *   contributors may be used to endorse or promote products derived
+ *   from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */

libs/srtp/Makefile

+# Makefile for secure rtp 
+#
+# David A. McGrew
+# Cisco Systems, Inc.
+
+# targets:
+#
+# runtest       runs test applications 
+# test		builds test applications
+# libcrypt.a	static library implementing crypto engine
+# libsrtp.a	static library implementing srtp
+# clean		removes objects, libs, and executables
+# distribution  cleans and builds a .tgz
+# tags          builds etags file from all .c and .h files
+
+.PHONY: all test build_table_apps
+
+all: test 
+
+runtest: build_table_apps test
+	@echo "running libsrtp test applications..."
+	crypto/test/cipher_driver$(EXE) -v >/dev/null
+	crypto/test/kernel_driver$(EXE) -v >/dev/null
+	test/rdbx_driver$(EXE) -v >/dev/null
+	test/srtp_driver$(EXE) -v >/dev/null
+	test/roc_driver$(EXE) -v >/dev/null
+	test/replay_driver$(EXE) -v >/dev/null
+	@echo "libsrtp test applications passed."
+	$(MAKE) -C crypto runtest
+
+# makefile variables
+
+CC	= gcc
+INCDIR	= -Icrypto/include -I$(srcdir)/include -I$(srcdir)/crypto/include
+DEFS	= -DHAVE_CONFIG_H
+CPPFLAGS= 
+CFLAGS	= -fPIC -Wall -O4 -fexpensive-optimizations -funroll-loops
+LIBS	= 
+LDFLAGS	=  -L.
+COMPILE = $(CC) $(DEFS) $(INCDIR) $(CPPFLAGS) $(CFLAGS)
+SRTPLIB	= -lsrtp
+
+RANLIB	= ranlib
+INSTALL	= /usr/bin/install -c
+
+# EXE defines the suffix on executables - it's .exe for Windows, and
+# null on linux, bsd, and OS X and other OSes.
+EXE	= 
+# gdoi is the group domain of interpretation for isakmp, a group key
+# management system which can provide keys for srtp
+gdoi	= 
+# Random source.
+RNG_OBJS = rand_source.o
+
+srcdir = .
+top_srcdir = .
+top_builddir = 
+
+prefix = /usr/local/freeswitch
+exec_prefix = ${prefix}
+includedir = ${prefix}/include
+libdir = ${exec_prefix}/lib
+
+
+# implicit rules for object files and test apps
+
+%.o: %.c
+	$(COMPILE) -c $< -o $@
+
+%$(EXE): %.c
+	$(COMPILE) $(LDFLAGS) $< -o $@ $(SRTPLIB) $(LIBS)
+
+
+# libcrypt.a (the crypto engine) 
+ciphers = crypto/cipher/cipher.o crypto/cipher/null_cipher.o      \
+          crypto/cipher/aes.o crypto/cipher/aes_icm.o             \
+          crypto/cipher/aes_cbc.o
+
+hashes  = crypto/hash/null_auth.o crypto/hash/sha1.o \
+          crypto/hash/hmac.o crypto/hash/auth.o # crypto/hash/tmmhv2.o 
+
+replay  = crypto/replay/rdb.o crypto/replay/rdbx.o               \
+          crypto/replay/ut_sim.o 
+
+math    = crypto/math/datatypes.o crypto/math/stat.o
+
+ust     = crypto/ust/ust.o 
+
+rng     = crypto/rng/$(RNG_OBJS) crypto/rng/prng.o crypto/rng/ctr_prng.o
+
+err     = crypto/kernel/err.o
+
+kernel  = crypto/kernel/crypto_kernel.o  crypto/kernel/alloc.o   \
+          crypto/kernel/key.o $(rng) $(err) # $(ust) 
+
+cryptobj =  $(ciphers) $(hashes) $(math) $(stat) $(kernel) $(replay)
+
+# libsrtp.a (implements srtp processing)
+
+srtpobj = srtp/srtp.o 
+
+libsrtp.a: $(srtpobj) $(cryptobj) $(gdoi)
+	ar cr libsrtp.a $^
+	$(RANLIB) libsrtp.a
+
+# libcryptomath.a contains general-purpose routines that are used to
+# generate tables and verify cryptoalgorithm implementations - this
+# library is not meant to be included in production code
+
+cryptomath = crypto/math/math.o crypto/math/gf2_8.o 
+
+libcryptomath.a: $(cryptomath)
+	ar cr libcryptomath.a $(cryptomath)
+	$(RANLIB) libcryptomath.a
+
+
+# test applications 
+
+crypto_testapp = crypto/test/aes_calc$(EXE) crypto/test/cipher_driver$(EXE) \
+	crypto/test/datatypes_driver$(EXE) crypto/test/kernel_driver$(EXE) \
+	crypto/test/rand_gen$(EXE) crypto/test/sha1_driver$(EXE) \
+	crypto/test/stat_driver$(EXE)
+
+testapp = $(crypto_testapp) test/srtp_driver$(EXE) test/replay_driver$(EXE) \
+	  test/roc_driver$(EXE) test/rdbx_driver$(EXE) test/rtpw$(EXE)
+
+$(testapp): libsrtp.a
+
+test/rtpw$(EXE): test/rtpw.c test/rtp.c
+	$(COMPILE) $(LDFLAGS) -o $@ $^ $(LIBS) $(SRTPLIB)
+
+test: $(testapp)
+	@echo "Build done. Please run '$(MAKE) runtest' to run self tests."
+
+memtest: test/srtp_driver
+	@test/srtp_driver -v -d "alloc" > tmp
+	@grep freed tmp | wc -l > freed
+	@grep allocated tmp | wc -l > allocated
+	@echo "checking for memory leaks (only works with --enable-stdout)"
+	cmp -s allocated freed
+	@echo "passed (same number of alloc() and dealloc() calls found)"
+	@rm freed allocated tmp
+
+# tables_apps are used to generate the tables used in the crypto
+# implementations; these need only be generated during porting, not
+# for building libsrtp or the test applications
+
+table_apps = tables/aes_tables 
+
+build_table_apps: $(table_apps)
+
+# in the tables/ subdirectory, we use libcryptomath instead of libsrtp
+
+tables/%: tables/%.c libcryptomath.a 
+	$(COMPILE) $(LDFLAGS) $< -o $@ $(LIBS) libcryptomath.a
+
+# the target 'plot' runs the timing test (test/srtp_driver -t) then
+# uses gnuplot to produce plots of the results - see the script file
+# 'timing'
+
+plot:	test/srtp_driver
+	test/srtp_driver -t > timing.dat
+
+
+# bookkeeping: tags, clean, and distribution
+
+tags:
+	etags */*.[ch] */*/*.[ch] 
+
+
+# documentation - the target libsrtpdoc builds a PDF file documenting
+# libsrtp
+
+libsrtpdoc:
+	$(MAKE) -C doc
+
+.PHONY: clean superclean install
+
+install:
+	@if [ -d $(DESTDIR)$(includedir)/srtp ]; then \
+	   echo "you should run 'make uninstall' first"; exit 1;  \
+	fi
+	$(INSTALL) -d $(DESTDIR)$(includedir)/srtp
+	$(INSTALL) -d $(DESTDIR)$(libdir)
+	cp include/*.h $(DESTDIR)$(includedir)/srtp  
+	cp crypto/include/*.h $(DESTDIR)$(includedir)/srtp
+	if [ -f libsrtp.a ]; then cp libsrtp.a $(DESTDIR)$(libdir)/; fi
+
+uninstall:
+	rm -rf $(DESTDIR)$(includedir)/srtp
+	rm -rf $(DESTDIR)$(libdir)/libsrtp.a
+
+clean:
+	rm -rf $(cryptobj) $(srtpobj) $(cryptomath) $(table_apps) TAGS \
+        libcryptomath.a libsrtp.a core *.core test/core
+	for a in * */* */*/*; do			\
+              if [ -f "$$a~" ] ; then rm -f $$a~; fi;	\
+        done;
+	for a in $(testapp) $(table_apps); do rm -rf $$a$(EXE); done
+	rm -rf *.pict *.jpg *.dat 
+	rm -rf freed allocated tmp
+	$(MAKE) -C doc clean
+	$(MAKE) -C crypto clean
+
+
+superclean: clean
+	rm -rf crypto/include/config.h config.log config.cache config.status \
+               Makefile .gdb_history test/.gdb_history .DS_Store
+	rm -rf autom4te.cache
+
+distname = srtp-$(shell cat VERSION)
+
+distribution: runtest superclean 
+	if ! [ -f VERSION ]; then exit 1; fi
+	if [ -f ../$(distname).tgz ]; then               \
+           mv ../$(distname).tgz ../$(distname).tgz.bak; \
+        fi
+	cd ..; tar cvzf $(distname).tgz srtp
+
+# EOF

libs/srtp/Makefile.in

+# Makefile for secure rtp 
+#
+# David A. McGrew
+# Cisco Systems, Inc.
+
+# targets:
+#
+# runtest       runs test applications 
+# test		builds test applications
+# libcrypt.a	static library implementing crypto engine
+# libsrtp.a	static library implementing srtp
+# clean		removes objects, libs, and executables
+# distribution  cleans and builds a .tgz
+# tags          builds etags file from all .c and .h files
+
+.PHONY: all test build_table_apps
+
+all: test 
+
+runtest: build_table_apps test
+	@echo "running libsrtp test applications..."
+	crypto/test/cipher_driver$(EXE) -v >/dev/null
+	crypto/test/kernel_driver$(EXE) -v >/dev/null
+	test/rdbx_driver$(EXE) -v >/dev/null
+	test/srtp_driver$(EXE) -v >/dev/null
+	test/roc_driver$(EXE) -v >/dev/null
+	test/replay_driver$(EXE) -v >/dev/null
+	@echo "libsrtp test applications passed."
+	$(MAKE) -C crypto runtest
+
+# makefile variables
+
+CC	= @CC@
+INCDIR	= -Icrypto/include -I$(srcdir)/include -I$(srcdir)/crypto/include
+DEFS	= @DEFS@
+CPPFLAGS= @CPPFLAGS@
+CFLAGS	= @CFLAGS@
+LIBS	= @LIBS@
+LDFLAGS	= @LDFLAGS@ -L.
+COMPILE = $(CC) $(DEFS) $(INCDIR) $(CPPFLAGS) $(CFLAGS)
+SRTPLIB	= -lsrtp
+
+RANLIB	= @RANLIB@
+INSTALL	= @INSTALL@
+
+# EXE defines the suffix on executables - it's .exe for Windows, and
+# null on linux, bsd, and OS X and other OSes.
+EXE	= @EXE@
+# gdoi is the group domain of interpretation for isakmp, a group key
+# management system which can provide keys for srtp
+gdoi	= @GDOI_OBJS@
+# Random source.
+RNG_OBJS = @RNG_OBJS@
+
+srcdir = @srcdir@
+top_srcdir = @top_srcdir@
+top_builddir = @top_builddir@
+VPATH = @srcdir@
+prefix = @prefix@
+exec_prefix = @exec_prefix@
+includedir = @includedir@
+libdir = @libdir@
+
+
+# implicit rules for object files and test apps
+
+%.o: %.c
+	$(COMPILE) -c $< -o $@
+
+%$(EXE): %.c
+	$(COMPILE) $(LDFLAGS) $< -o $@ $(SRTPLIB) $(LIBS)
+
+
+# libcrypt.a (the crypto engine) 
+ciphers = crypto/cipher/cipher.o crypto/cipher/null_cipher.o      \
+          crypto/cipher/aes.o crypto/cipher/aes_icm.o             \
+          crypto/cipher/aes_cbc.o
+
+hashes  = crypto/hash/null_auth.o crypto/hash/sha1.o \
+          crypto/hash/hmac.o crypto/hash/auth.o # crypto/hash/tmmhv2.o 
+
+replay  = crypto/replay/rdb.o crypto/replay/rdbx.o               \
+          crypto/replay/ut_sim.o 
+
+math    = crypto/math/datatypes.o crypto/math/stat.o
+
+ust     = crypto/ust/ust.o 
+
+rng     = crypto/rng/$(RNG_OBJS) crypto/rng/prng.o crypto/rng/ctr_prng.o
+
+err     = crypto/kernel/err.o
+
+kernel  = crypto/kernel/crypto_kernel.o  crypto/kernel/alloc.o   \
+          crypto/kernel/key.o $(rng) $(err) # $(ust) 
+
+cryptobj =  $(ciphers) $(hashes) $(math) $(stat) $(kernel) $(replay)
+
+# libsrtp.a (implements srtp processing)
+
+srtpobj = srtp/srtp.o 
+
+libsrtp.a: $(srtpobj) $(cryptobj) $(gdoi)
+	ar cr libsrtp.a $^
+	$(RANLIB) libsrtp.a
+
+# libcryptomath.a contains general-purpose routines that are used to
+# generate tables and verify cryptoalgorithm implementations - this
+# library is not meant to be included in production code
+
+cryptomath = crypto/math/math.o crypto/math/gf2_8.o 
+
+libcryptomath.a: $(cryptomath)
+	ar cr libcryptomath.a $(cryptomath)
+	$(RANLIB) libcryptomath.a
+
+
+# test applications 
+
+crypto_testapp = crypto/test/aes_calc$(EXE) crypto/test/cipher_driver$(EXE) \
+	crypto/test/datatypes_driver$(EXE) crypto/test/kernel_driver$(EXE) \
+	crypto/test/rand_gen$(EXE) crypto/test/sha1_driver$(EXE) \
+	crypto/test/stat_driver$(EXE)
+
+testapp = $(crypto_testapp) test/srtp_driver$(EXE) test/replay_driver$(EXE) \
+	  test/roc_driver$(EXE) test/rdbx_driver$(EXE) test/rtpw$(EXE)
+
+$(testapp): libsrtp.a
+
+test/rtpw$(EXE): test/rtpw.c test/rtp.c
+	$(COMPILE) $(LDFLAGS) -o $@ $^ $(LIBS) $(SRTPLIB)
+
+test: $(testapp)
+	@echo "Build done. Please run '$(MAKE) runtest' to run self tests."
+
+memtest: test/srtp_driver
+	@test/srtp_driver -v -d "alloc" > tmp
+	@grep freed tmp | wc -l > freed
+	@grep allocated tmp | wc -l > allocated
+	@echo "checking for memory leaks (only works with --enable-stdout)"
+	cmp -s allocated freed
+	@echo "passed (same number of alloc() and dealloc() calls found)"
+	@rm freed allocated tmp
+
+# tables_apps are used to generate the tables used in the crypto
+# implementations; these need only be generated during porting, not
+# for building libsrtp or the test applications
+
+table_apps = tables/aes_tables 
+
+build_table_apps: $(table_apps)
+
+# in the tables/ subdirectory, we use libcryptomath instead of libsrtp
+
+tables/%: tables/%.c libcryptomath.a 
+	$(COMPILE) $(LDFLAGS) $< -o $@ $(LIBS) libcryptomath.a
+
+# the target 'plot' runs the timing test (test/srtp_driver -t) then
+# uses gnuplot to produce plots of the results - see the script file
+# 'timing'
+
+plot:	test/srtp_driver
+	test/srtp_driver -t > timing.dat
+
+
+# bookkeeping: tags, clean, and distribution
+
+tags:
+	etags */*.[ch] */*/*.[ch] 
+
+
+# documentation - the target libsrtpdoc builds a PDF file documenting
+# libsrtp
+
+libsrtpdoc:
+	$(MAKE) -C doc
+
+.PHONY: clean superclean install
+
+install:
+	@if [ -d $(DESTDIR)$(includedir)/srtp ]; then \
+	   echo "you should run 'make uninstall' first"; exit 1;  \
+	fi
+	$(INSTALL) -d $(DESTDIR)$(includedir)/srtp
+	$(INSTALL) -d $(DESTDIR)$(libdir)
+	cp include/*.h $(DESTDIR)$(includedir)/srtp  
+	cp crypto/include/*.h $(DESTDIR)$(includedir)/srtp
+	if [ -f libsrtp.a ]; then cp libsrtp.a $(DESTDIR)$(libdir)/; fi
+
+uninstall:
+	rm -rf $(DESTDIR)$(includedir)/srtp
+	rm -rf $(DESTDIR)$(libdir)/libsrtp.a
+
+clean:
+	rm -rf $(cryptobj) $(srtpobj) $(cryptomath) $(table_apps) TAGS \
+        libcryptomath.a libsrtp.a core *.core test/core
+	for a in * */* */*/*; do			\
+              if [ -f "$$a~" ] ; then rm -f $$a~; fi;	\
+        done;
+	for a in $(testapp) $(table_apps); do rm -rf $$a$(EXE); done
+	rm -rf *.pict *.jpg *.dat 
+	rm -rf freed allocated tmp
+	$(MAKE) -C doc clean
+	$(MAKE) -C crypto clean
+
+
+superclean: clean
+	rm -rf crypto/include/config.h config.log config.cache config.status \
+               Makefile .gdb_history test/.gdb_history .DS_Store
+	rm -rf autom4te.cache
+
+distname = srtp-$(shell cat VERSION)
+
+distribution: runtest superclean 
+	if ! [ -f VERSION ]; then exit 1; fi
+	if [ -f ../$(distname).tgz ]; then               \
+           mv ../$(distname).tgz ../$(distname).tgz.bak; \
+        fi
+	cd ..; tar cvzf $(distname).tgz srtp
+
+# EOF

libs/srtp/README

+Secure RTP (SRTP) and UST Reference Implementations
+David A. McGrew
+Cisco Systems, Inc.
+mcgrew@cisco.com
+
+
+This package provides an implementation of the Secure Real-time
+Transport Protocol (SRTP), the Universal Security Transform (UST), and
+a supporting cryptographic kernel.  These mechanisms are documented in
+the Internet Drafts in the doc/ subdirectory.  The SRTP API is
+documented in include/srtp.h, and the library is in libsrtp.a (after
+compilation).
+
+
+Installation:
+
+./configure [ options ]       # GNU autoconf script 
+make                          # or gmake if needed; use GNU make
+
+The configure script accepts the following options:
+
+   --help              provides a usage summary
+   --disable-debug     compile without the runtime debugging system
+   --enable-syslog     use syslog for error reporting
+   --disable-stdout    use stdout for error reporting
+   --enable-console    use /dev/console for error reporting
+   --gdoi              use GDOI key management (disabled at present)
+
+By default, debbuging is enabled and stdout is used for debugging.
+You can use the above configure options to have the debugging output
+sent to syslog or the system console.  Alternatively, you can define
+ERR_REPORTING_FILE in include/conf.h to be any other file that can be
+opened by libSRTP, and debug messages will be sent to it.  
+
+This package has been tested on Mac OS X (powerpc-apple-darwin1.4),
+Cygwin (i686-pc-cygwin), and Sparc (sparc-sun-solaris2.6).  Previous
+versions have been tested on Linux and OpenBSD on both x86 and sparc
+platforms.
+
+A quick tour of this package:
+
+Makefile		targets: all, clean, ...
+README			this file
+CHANGES                 change log 
+VERSION			version number of this package
+LICENSE                 legal details (it's a BSD-like license)
+crypto/ciphers/		ciphers (null, aes_icm, ...)
+crypto/math/		crypto math routines
+crypto/hash/            crypto hashing (hmac, tmmhv2, ...)
+crypto/replay/		replay protection
+doc/			documentation: rfcs, apis, and suchlike
+include/		include files for all code in distribution
+srtp/			secure real-time transport protocol implementation
+tables/                 apps for generating tables (useful in porting)
+test/			test drivers 
+
+
+Applications
+
+  Several test drivers and a simple and portable srtp application
+  are included in the test/ subdirectory.
+
+  test driver	function tested	
+  -------------------------------------------------------------
+  kernel_driver crypto kernel (ciphers, auth funcs, rng)
+  srtp_driver	srtp in-memory tests (does not use the network)
+  rdbx_driver	rdbx (extended replay database)
+  roc_driver	extended sequence number functions 
+  replay_driver	replay database (n.b. not used in libsrtp)
+  cipher_driver	ciphers 
+  auth_driver	hash functions 
+
+  The app rtpw is a simple rtp application which reads words from
+  /usr/dict/words and then sends them out one at a time using [s]rtp.
+  Manual srtp keying uses the -k option; automated key management
+  using gdoi will be added later.
+
+usage: rtpw [-d <debug>]* [-k <key> [-a][-e]] [-s | -r] dest_ip dest_port
+or     rtpw -l
+
+  Either the -s (sender) or -r (receiver) option must be chosen.
+
+  The values dest_ip, dest_port are the ip address and udp port to
+  which the dictionary will be sent, respectively.  
+
+  options:
+
+  -s		(s)rtp sender - causes app to send words
+
+  -r		(s)rtp receive - causes app to receve words
+
+  -k <key>      use srtp master key <key>, where the
+		key is a hexadecimal value (without the
+                leading "0x")
+
+  -e            encrypt/decrypt (for data confidentiality)
+                (requires use of -k option as well)
+
+  -a            message authentication 
+                (requires use of -k option as well)
+
+  -l            list debug modules
+
+  -d <debug>    turn on debugging for module <debug>
+
+
+In order to get random 30-byte values for use as key/salt pairs , you
+can use the following bash function to format the output of
+/dev/random (where that device is available).
+
+function randhex() {
+   cat /dev/random | od --read-bytes=32 --width=32 -x | awk '{ print $2 $3 $4 $5 $6 $7 $8 $9 $10 $11 $12 $13 $14 $15 $16 }'
+}
+
+
+An example of an SRTP session using two rtpw programs follows:
+
+set k=c1eec3717da76195bb878578790af71c4ee9f859e197a414a78d5abc7451
+
+[sh1]$ test/rtpw -s -k $k -ea 0.0.0.0 9999 
+Security services: confidentiality message authentication
+set master key/salt to C1EEC3717DA76195BB878578790AF71C/4EE9F859E197A414A78D5ABC7451
+setting SSRC to 2078917053
+sending word: A
+sending word: a
+sending word: aa
+sending word: aal
+...
+
+[sh2]$ test/rtpw -r -k $k -ea 0.0.0.0 9999 
+security services: confidentiality message authentication
+set master key/salt to C1EEC3717DA76195BB878578790AF71C/4EE9F859E197A414A78D5ABC7451
+19 octets received from SSRC 2078917053 word: A
+19 octets received from SSRC 2078917053 word: a
+20 octets received from SSRC 2078917053 word: aa
+21 octets received from SSRC 2078917053 word: aal
+...
+
+Implementation Notes
+
+  * The srtp_protect() function assumes that the buffer holding the
+    rtp packet has enough storage allocated that the authentication 
+    tag can be written to the end of that packet.  If this assumption
+    is not valid, memory corruption will ensue.  
+
+  * Automated tests for the crypto functions are provided through
+    the cipher_type_self_test() and auth_type_self_test() functions.
+    These functions should be used to test each port of this code 
+    to a new platform.
+
+  * Replay protection is contained in the crypto engine, and
+    tests for it are provided.
+
+  * This implementation provides calls to initialize, protect, and
+    unprotect RTP packets, and makes as few as possible assumptions
+    about how these functions will be called.  For example, the
+    caller is not expected to provide packets in order (though if
+    they're called more than 65k out of sequence, synchronization
+    will be lost).
+    
+  * The sequence number in the rtp packet is used as the low 16 bits
+    of the sender's local packet index. Note that RTP will start its
+    sequence number in a random place, and the SRTP layer just jumps
+    forward to that number at its first invocation.  An earlier
+    version of this library used initial sequence numbers that are
+    less than 32,768; this trick is no longer required as the
+    rdbx_estimate_index(...) function has been made smarter.
+
+  * The replay window is 128 bits in length, and is hard-coded to this
+    value for now.  
+
+

libs/srtp/TODO

+TODO List
+
+1.4.1
+
+  - document which fields are in NBO/HBO, and check for consistency.
+
+  - move HAVE_U_LONG_LONG inside of datatypes.c, or some other
+    separate file
+
+  - re-write configure.in to make cross-compilation easier
+
+  - eliminate GENERIC_AESICM by generalizing the code a bit
+
+Older comments
+
+  - add tests for key_limit_t datatype 
+
+  - move octet_get_weight() from datatypes.c to math.c (any other
+    funcs?)
+
+Changes and additions planned
+
+  Make cipher and auth dealloc() functions zeroize the key-storage
+  areas before calling free().
+
+  Eliminate key_len from auth_init()
+
+  Doucument internal APIs (cipher, auth, srtp_protect, ...)
+
+
+SRTP options not (yet) included in this libaray:
+
+ - the aes-f8-mode cipher
+ - the Master Key Index
+ - re-keying using the key derivation function (only the initial
+   use of the PRF has been implemented, as it's sufficient
+   for most uses)
+
+
+(OLD) PLANNED CHANGES
+
+   strip out test/lfsr.c
+
+   Write new documentation!!!
+
+   Fix the x86 assembly code in aes.c.
+
+   Eliminate /* DAM */ - there's one in srtp.c
+
+   Change debugging so that it can print more than one line.  Or perhaps
+   just change it so that a single check of the debug-enabled flag is
+   needed.
+
+   Improve interface between cipher and rdbx - perhaps generalize rdbx
+   into 'nonce' datatype.
+
+   Make rijndael_icm accept variable sized keys.
+
+   Add rdbx functions that allow different-sized explicit sequence
+   numbers to be used.
+
+   Write uniform byte-buffering code for PRFs, preferably as macros.
+
+   Consider eliminating low-level alloc functions in favor of len()
+   functions, so that there need not be multiple allocations within a
+   particular alloc() function.

libs/srtp/VERSION

+1.4.2

libs/srtp/config_in.h

+/* config_in.h.  Generated from configure.in by autoheader.  */
+
+/* Define if building for a CISC machine (e.g. Intel). */
+#undef CPU_CISC
+
+/* Define if building for a RISC machine (assume slow byte access). */
+#undef CPU_RISC
+
+/* Path to random device */
+#undef DEV_URANDOM
+
+/* Define to compile in dynamic debugging system. */
+#undef ENABLE_DEBUGGING
+
+/* Report errors to this file. */
+#undef ERR_REPORTING_FILE
+
+/* Define to use logging to stdout. */
+#undef ERR_REPORTING_STDOUT
+
+/* Define this to use ISMAcryp code. */
+#undef GENERIC_AESICM
+
+/* Define to 1 if you have the <arpa/inet.h> header file. */
+#undef HAVE_ARPA_INET_H
+
+/* Define to 1 if you have the <byteswap.h> header file. */
+#undef HAVE_BYTESWAP_H
+
+/* Define to 1 if you have the `inet_aton' function. */
+#undef HAVE_INET_ATON
+
+/* Define to 1 if the system has the type `int16_t'. */
+#undef HAVE_INT16_T
+
+/* Define to 1 if the system has the type `int32_t'. */
+#undef HAVE_INT32_T
+
+/* Define to 1 if the system has the type `int8_t'. */
+#undef HAVE_INT8_T
+
+/* Define to 1 if you have the <inttypes.h> header file. */
+#undef HAVE_INTTYPES_H
+
+/* Define to 1 if you have the `socket' library (-lsocket). */
+#undef HAVE_LIBSOCKET
+
+/* Define to 1 if you have the <machine/types.h> header file. */
+#undef HAVE_MACHINE_TYPES_H
+
+/* Define to 1 if you have the <memory.h> header file. */
+#undef HAVE_MEMORY_H
+
+/* Define to 1 if you have the <netinet/in.h> header file. */
+#undef HAVE_NETINET_IN_H
+
+/* Define to 1 if you have the `socket' function. */
+#undef HAVE_SOCKET
+
+/* Define to 1 if you have the <stdint.h> header file. */
+#undef HAVE_STDINT_H
+
+/* Define to 1 if you have the <stdlib.h> header file. */
+#undef HAVE_STDLIB_H
+
+/* Define to 1 if you have the <strings.h> header file. */
+#undef HAVE_STRINGS_H
+
+/* Define to 1 if you have the <string.h> header file. */
+#undef HAVE_STRING_H
+
+/* Define to 1 if you have the <syslog.h> header file. */
+#undef HAVE_SYSLOG_H
+
+/* Define to 1 if you have the <sys/int_types.h> header file. */
+#undef HAVE_SYS_INT_TYPES_H
+
+/* Define to 1 if you have the <sys/socket.h> header file. */
+#undef HAVE_SYS_SOCKET_H
+
+/* Define to 1 if you have the <sys/stat.h> header file. */
+#undef HAVE_SYS_STAT_H
+
+/* Define to 1 if you have the <sys/types.h> header file. */
+#undef HAVE_SYS_TYPES_H
+
+/* Define to 1 if you have the <sys/uio.h> header file. */
+#undef HAVE_SYS_UIO_H
+
+/* Define to 1 if the system has the type `uint16_t'. */
+#undef HAVE_UINT16_T
+
+/* Define to 1 if the system has the type `uint32_t'. */
+#undef HAVE_UINT32_T
+
+/* Define to 1 if the system has the type `uint64_t'. */
+#undef HAVE_UINT64_T
+
+/* Define to 1 if the system has the type `uint8_t'. */
+#undef HAVE_UINT8_T
+
+/* Define to 1 if you have the <unistd.h> header file. */
+#undef HAVE_UNISTD_H
+
+/* Define to 1 if you have the `usleep' function. */
+#undef HAVE_USLEEP
+
+/* Define to 1 if you have the <windows.h> header file. */
+#undef HAVE_WINDOWS_H
+
+/* Define to 1 if you have the <winsock2.h> header file. */
+#undef HAVE_WINSOCK2_H
+
+/* Define to use X86 inlined assembly code */
+#undef HAVE_X86
+
+/* Define to the address where bug reports for this package should be sent. */
+#undef PACKAGE_BUGREPORT
+
+/* Define to the full name of this package. */
+#undef PACKAGE_NAME
+
+/* Define to the full name and version of this package. */
+#undef PACKAGE_STRING
+
+/* Define to the one symbol short name of this package. */
+#undef PACKAGE_TARNAME
+
+/* Define to the version of this package. */
+#undef PACKAGE_VERSION
+
+/* The size of a `unsigned long', as computed by sizeof. */
+#undef SIZEOF_UNSIGNED_LONG
+
+/* The size of a `unsigned long long', as computed by sizeof. */
+#undef SIZEOF_UNSIGNED_LONG_LONG
+
+/* Define to use GDOI. */
+#undef SRTP_GDOI
+
+/* Define to compile for kernel contexts. */
+#undef SRTP_KERNEL
+
+/* Define to compile for Linux kernel context. */
+#undef SRTP_KERNEL_LINUX
+
+/* Define to 1 if you have the ANSI C header files. */
+#undef STDC_HEADERS
+
+/* Write errors to this file */
+#undef USE_ERR_REPORTING_FILE
+
+/* Define to use syslog logging. */
+#undef USE_SYSLOG
+
+/* Define to 1 if your processor stores words with the most significant byte
+   first (like Motorola and SPARC, unlike Intel and VAX). */
+#undef WORDS_BIGENDIAN
+
+/* Define to empty if `const' does not conform to ANSI C. */
+#undef const
+
+/* Define to `__inline__' or `__inline' if that's what the C compiler
+   calls it, or to nothing if 'inline' is not supported under any name.  */
+#ifndef __cplusplus
+#undef inline
+#endif
+
+/* Define to `unsigned' if <sys/types.h> does not define. */
+#undef size_t

libs/srtp/configure.in

+dnl Process this file with autoconf to produce a configure script.
+AC_INIT(srtp)
+
+dnl Must come before AC_PROG_CC
+if test -z "$CFLAGS"; then
+   dnl Default value for CFLAGS if not specified.
+   CFLAGS="-Wall -O4 -fexpensive-optimizations -funroll-loops"
+fi
+
+dnl Checks for programs.
+AC_PROG_RANLIB
+AC_PROG_CC
+AC_PROG_INSTALL
+
+AC_ARG_ENABLE(pic, [AS_HELP_STRING([--enable-pic],[build with PIC])],[CFLAGS="-fPIC $CFLAGS"])
+
+AC_ARG_ENABLE(kernel-linux,
+  [AS_HELP_STRING([--enable-kernel-linux],
+		  [build library to run in Linux kernel context])],
+  [], enable_kernel_linux=no)
+AC_MSG_CHECKING(whether to build for Linux kernel context)
+if test "$enable_kernel_linux" = "yes"; then
+   AC_DEFINE(SRTP_KERNEL, 1,
+	[Define to compile for kernel contexts.])
+   AC_DEFINE(SRTP_KERNEL_LINUX, 1,
+	[Define to compile for Linux kernel context.])
+fi
+AC_MSG_RESULT($enable_kernel_linux)
+
+if test "$cross_compiling" != yes; then
+   dnl Check for /dev/urandom
+   AC_CHECK_FILE(/dev/urandom, DEV_URANDOM=/dev/urandom,
+      [AC_CHECK_FILE(/dev/random, DEV_URANDOM=/dev/random)])
+fi
+
+AC_MSG_CHECKING(which random device to use)
+if test "$enable_kernel_linux" = "yes"; then
+   RNG_OBJS=rand_linux_kernel.o
+   AC_MSG_RESULT([Linux kernel builtin])
+else
+   RNG_OBJS=rand_source.o
+   if test -n "$DEV_URANDOM"; then
+      AC_DEFINE_UNQUOTED(DEV_URANDOM, "$DEV_URANDOM",[Path to random device])
+      AC_MSG_RESULT([$DEV_URANDOM])
+   else
+      AC_MSG_RESULT([standard rand() function...])
+   fi
+fi
+AC_SUBST(RNG_OBJS)
+
+
+dnl Checks for header files.
+AC_HEADER_STDC
+AC_CHECK_HEADERS(stdlib.h)
+AC_CHECK_HEADERS(unistd.h)
+AC_CHECK_HEADERS(byteswap.h)
+AC_CHECK_HEADERS(stdint.h)
+AC_CHECK_HEADERS(sys/uio.h)
+AC_CHECK_HEADERS(inttypes.h)
+AC_CHECK_HEADERS(sys/types.h)
+AC_CHECK_HEADERS(machine/types.h)
+AC_CHECK_HEADERS(sys/int_types.h)
+
+dnl socket() and friends
+AC_CHECK_HEADERS(sys/socket.h netinet/in.h arpa/inet.h)
+AC_CHECK_HEADERS(windows.h, [AC_CHECK_HEADERS(winsock2.h)])
+
+AC_CHECK_HEADERS(syslog.h)
+
+AC_CHECK_TYPES([int8_t,uint8_t,int16_t,uint16_t,int32_t,uint32_t,uint64_t])
+AC_CHECK_SIZEOF(unsigned long)
+AC_CHECK_SIZEOF(unsigned long long)
+
+dnl Checks for typedefs, structures, and compiler characteristics.
+AC_C_CONST
+AC_C_INLINE
+AC_TYPE_SIZE_T
+
+dnl Checks for library functions.
+AC_CHECK_FUNCS(socket inet_aton usleep)
+
+dnl Find socket function if not found yet.
+if test "x$ac_cv_func_socket" = "xno"; then
+  AC_CHECK_LIB(socket, socket)
+  AC_MSG_CHECKING([for socket in -lwsock32])
+  SAVELIBS="$LIBS"
+  LIBS="$LIBS -lwsock32"
+  AC_TRY_LINK([
+#include <winsock2.h>
+],[
+socket(0, 0, 0);
+],
+    ac_cv_func_socket=yes
+    AC_MSG_RESULT(yes),
+    LIBS="$SAVELIBS"
+    AC_MSG_RESULT(no))
+fi
+
+dnl Check the byte order
+AC_C_BIGENDIAN
+
+AC_CANONICAL_HOST
+
+dnl check host_cpu type, set defines appropriately
+case $host_cpu in
+     i*86 )
+	AC_DEFINE(CPU_CISC, 1,
+	   [Define if building for a CISC machine (e.g. Intel).])
+        AC_DEFINE(HAVE_X86, 1,
+	   [Define to use X86 inlined assembly code]);; 
+	* )
+	# CPU_RISC is only supported for big endian machines.
+	if test "$ac_cv_c_bigendian" = "yes"; then
+	   AC_DEFINE(CPU_RISC, 1,
+	    [Define if building for a RISC machine (assume slow byte access).])
+	else
+	   AC_DEFINE(CPU_CISC, 1)
+	fi
+	;;
+esac	
+
+dnl Check if we're on a Windows platform.
+case $host_os in
+  *cygwin*|*mingw* ) 
+	      EXE=.exe;;
+         * )  EXE="";;
+esac
+
+AC_SUBST(EXE)   # define executable suffix; this is needed for `make clean'
+
+AC_MSG_CHECKING(whether to compile in debugging)
+AC_ARG_ENABLE(debug,
+  [AS_HELP_STRING([--disable-debug],
+		  [do not compile in dynamic debugging system])],
+  [], enable_debug=yes)
+if test "$enable_debug" = "yes"; then
+   AC_DEFINE(ENABLE_DEBUGGING, 1,
+      [Define to compile in dynamic debugging system.])
+fi
+AC_MSG_RESULT($enable_debug)
+
+AC_MSG_CHECKING(whether to use ISMAcryp code)
+AC_ARG_ENABLE(generic-aesicm,
+  [AS_HELP_STRING([--enable-generic-aesicm],
+		  [compile in changes for ISMAcryp])],
+  [], enable_generic_aesicm=no)
+if test "$enable_generic_aesicm" = "yes"; then
+   AC_DEFINE(GENERIC_AESICM, 1, [Define this to use ISMAcryp code.])
+fi
+AC_MSG_RESULT($enable_generic_aesicm)
+
+AC_MSG_CHECKING(whether to use syslog for error reporting)
+AC_ARG_ENABLE(syslog,
+  [AS_HELP_STRING([--enable-syslog], [use syslog for error reporting])],
+  [], enable_syslog=no)
+if test "$enable_syslog" = "yes"; then
+   AC_DEFINE(USE_SYSLOG, 1, [Define to use syslog logging.])
+fi
+AC_MSG_RESULT($enable_syslog)
+
+AC_MSG_CHECKING(whether to use stdout for error reporting)
+AC_ARG_ENABLE(stdout,
+  [AS_HELP_STRING([--disable-stdout], [don't use stdout for error reporting])],
+  [], enable_stdout=yes)
+if test "$enable_stdout" = "yes"; then
+   AC_DEFINE(ERR_REPORTING_STDOUT, 1, [Define to use logging to stdout.])
+fi
+AC_MSG_RESULT($enable_stdout)
+
+AC_MSG_CHECKING(whether to use /dev/console for error reporting)
+AC_ARG_ENABLE(console,
+  [AS_HELP_STRING([--enable-console], [use /dev/console for error reporting])],
+  [], enable_console=no)
+if test "$enable_console" = "yes"; then
+   AC_DEFINE(USE_ERR_REPORTING_FILE, 1, [Write errors to this file])
+   AC_DEFINE(ERR_REPORTING_FILE, "/dev/console", [Report errors to this file.])
+fi
+AC_MSG_RESULT($enable_console)
+
+AC_MSG_CHECKING(whether to use GDOI key management)
+AC_ARG_ENABLE(gdoi,
+  [AS_HELP_STRING([--enable-gdoi], [enable GDOI key management])],
+  [], enable_gdoi=no)
+if test "$enable_gdoi" = "yes"; then
+   AC_DEFINE(SRTP_GDOI, 1, [Define to use GDOI.])
+   GDOI_OBJS=gdoi/srtp+gdoi.o
+   AC_SUBST(GDOI_OBJS)                              
+fi
+AC_MSG_RESULT($enable_gdoi)
+
+AC_CONFIG_HEADER(crypto/include/config.h:config_in.h)
+
+AC_OUTPUT(Makefile crypto/Makefile doc/Makefile)
+
+# This is needed when building outside the source dir.
+AS_MKDIR_P(crypto/ae_xfm)
+AS_MKDIR_P(crypto/cipher)
+AS_MKDIR_P(crypto/hash)
+AS_MKDIR_P(crypto/kernel)
+AS_MKDIR_P(crypto/math)
+AS_MKDIR_P(crypto/replay)
+AS_MKDIR_P(crypto/rng)
+AS_MKDIR_P(crypto/test)
+AS_MKDIR_P(doc)
+AS_MKDIR_P(srtp)
+AS_MKDIR_P(tables)
+AS_MKDIR_P(test)

libs/srtp/crypto/.cvsignore

+Makefile

libs/srtp/crypto/CVS/Entries

+/.cvsignore/1.1/Thu Sep 29 13:27:59 2005//
+/Makefile.in/1.5/Mon Oct  3 15:16:37 2005//
+/VERSION/1.1.1.1/Wed Sep 21 22:51:38 2005//
+D/ae_xfm////
+D/cipher////
+D/hash////
+D/include////
+D/kernel////
+D/math////
+D/replay////
+D/rng////
+D/test////

libs/srtp/crypto/CVS/Repository

+srtp/crypto

libs/srtp/crypto/CVS/Root

+:pserver:anonymous@cvs.sourceforge.net:/cvsroot/srtp

libs/srtp/crypto/VERSION

+1.0.0

libs/srtp/crypto/ae_xfm/CVS/Entries

+/xfm.c/1.2/Sun Oct  2 20:23:23 2005//
+D

libs/srtp/crypto/ae_xfm/CVS/Repository

+srtp/crypto/ae_xfm

libs/srtp/crypto/ae_xfm/CVS/Root

+:pserver:anonymous@cvs.sourceforge.net:/cvsroot/srtp

libs/srtp/crypto/cipher/CVS/Entries

+/aes.c/1.8/Sat Oct  8 16:39:25 2005//
+/aes_cbc.c/1.5/Sat Oct  8 16:38:06 2005//
+/aes_icm.c/1.10/Thu Mar 16 17:11:29 2006//
+/cipher.c/1.4/Mon Oct  3 15:27:53 2005//
+/null_cipher.c/1.2/Thu Sep 29 12:36:43 2005//
+D

libs/srtp/crypto/cipher/CVS/Repository

+srtp/crypto/cipher

libs/srtp/crypto/cipher/CVS/Root

+:pserver:anonymous@cvs.sourceforge.net:/cvsroot/srtp

libs/srtp/crypto/hash/CVS/Entries

+/auth.c/1.2/Thu Sep 29 12:36:43 2005//
+/hmac.c/1.5/Mon Oct  3 15:53:26 2005//
+/null_auth.c/1.2/Thu Sep 29 12:36:43 2005//
+/sha1.c/1.5/Fri Mar 17 17:41:33 2006//
+D

libs/srtp/crypto/hash/CVS/Repository

+srtp/crypto/hash

libs/srtp/crypto/hash/CVS/Root

+:pserver:anonymous@cvs.sourceforge.net:/cvsroot/srtp

libs/srtp/crypto/include/.cvsignore

+config.h

libs/srtp/crypto/include/CVS/Entries

+/.cvsignore/1.1/Thu Sep 29 11:59:01 2005//
+/aes.h/1.3/Sat Oct  8 16:06:05 2005//
+/aes_cbc.h/1.2/Thu Sep 29 12:36:43 2005//
+/aes_icm.h/1.3/Fri Mar 17 21:00:46 2006//
+/alloc.h/1.3/Mon Oct  3 15:52:50 2005//
+/auth.h/1.2/Thu Sep 29 12:36:43 2005//
+/cipher.h/1.4/Wed Nov 30 18:47:18 2005//
+/crypto.h/1.1.1.1/Wed Sep 21 22:51:39 2005//
+/crypto_kernel.h/1.2/Thu Sep 29 12:48:41 2005//
+/crypto_math.h/1.3/Mon Oct  3 16:17:23 2005//
+/crypto_types.h/1.1.1.1/Wed Sep 21 22:51:39 2005//
+/cryptoalg.h/1.2/Wed Sep 28 14:23:06 2005//
+/datatypes.h/1.11/Sat Oct  8 16:35:31 2005//
+/err.h/1.9/Tue Oct 18 15:25:46 2005//
+/gf2_8.h/1.3/Thu Sep 29 12:36:43 2005//
+/hmac.h/1.4/Mon Oct  3 14:33:59 2005//
+/integers.h/1.6/Mon Oct  3 15:36:44 2005//
+/kernel_compat.h/1.3/Tue Oct 18 15:27:35 2005//
+/key.h/1.1.1.1/Wed Sep 21 22:51:39 2005//
+/null_auth.h/1.2/Thu Sep 29 12:36:43 2005//
+/null_cipher.h/1.2/Thu Sep 29 12:36:43 2005//
+/prng.h/1.5/Mon Oct  3 15:52:19 2005//
+/rand_source.h/1.3/Thu Sep 29 12:48:42 2005//
+/rdb.h/1.1/Mon Sep 26 20:41:14 2005//
+/rdbx.h/1.1.1.1/Wed Sep 21 22:51:40 2005//
+/sha1.h/1.3/Mon Oct  3 14:33:59 2005//
+/stat.h/1.3/Fri Mar 17 20:51:24 2006//
+/xfm.h/1.2/Wed Sep 28 14:23:06 2005//
+D

libs/srtp/crypto/include/CVS/Repository

+srtp/crypto/include

libs/srtp/crypto/include/CVS/Root

+:pserver:anonymous@cvs.sourceforge.net:/cvsroot/srtp

libs/srtp/crypto/include/crypto.h

+/*
+ * crypto.h
+ *
+ * API for libcrypto
+ * 
+ * David A. McGrew
+ * Cisco Systems, Inc.
+ */
+
+#ifndef CRYPTO_H
+#define CRYPTO_H
+
+#include "crypto_kernel.h"
+
+#endif /* CRYPTO_H */
+
+

libs/srtp/crypto/kernel/CVS/Entries

+/alloc.c/1.3/Wed Oct  5 11:50:56 2005//
+/crypto_kernel.c/1.5/Fri Mar 17 20:51:24 2006//
+/err.c/1.5/Tue Oct 18 15:26:31 2005//
+/key.c/1.6/Sun Oct  2 20:33:10 2005//
+D

libs/srtp/crypto/kernel/CVS/Repository

+srtp/crypto/kernel

libs/srtp/crypto/kernel/CVS/Root

+:pserver:anonymous@cvs.sourceforge.net:/cvsroot/srtp

libs/srtp/crypto/math/CVS/Entries

+/datatypes.c/1.6/Sat Oct  8 16:38:06 2005//
+/gf2_8.c/1.2/Fri Sep 23 19:34:12 2005//
+/math.c/1.5/Sat Oct  8 16:38:06 2005//
+/stat.c/1.4/Fri Mar 17 20:51:25 2006//
+D

libs/srtp/crypto/math/CVS/Repository

+srtp/crypto/math

libs/srtp/crypto/math/CVS/Root

+:pserver:anonymous@cvs.sourceforge.net:/cvsroot/srtp

libs/srtp/crypto/replay/CVS/Entries

+/rdb.c/1.2/Thu Mar 16 19:13:33 2006//
+/rdbx.c/1.3/Sun Oct  2 20:35:26 2005//
+/ut_sim.c/1.2/Sun Oct  2 20:36:02 2005//
+D