summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNanang Izzuddin <nanang@teluu.com>2016-03-15 03:57:39 +0000
committerNanang Izzuddin <nanang@teluu.com>2016-03-15 03:57:39 +0000
commit26d978a556ae9099f6610ace9834991636e4a71b (patch)
treed8789c5afbe3920f3f7ef46ad73aa34f48173591
parent8b9358503884ec1901d807ff56c2fc588be896a2 (diff)
Close #1847: Upgraded libsrtp version to 1.5.4 and added support for AES-CM-256 crypto.
git-svn-id: http://svn.pjsip.org/repos/pjproject/trunk@5261 74dad513-b988-da41-8d7b-12977e46ad98
Diffstat
-rw-r--r--pjmedia/src/pjmedia/transport_srtp.c28
-rw-r--r--third_party/build/srtp/Makefile2
-rw-r--r--third_party/build/srtp/config.h20
-rw-r--r--third_party/build/srtp/libsrtp.vcproj336
-rw-r--r--third_party/build/srtp/srtp_config.h16
-rw-r--r--third_party/srtp/CHANGES70
-rw-r--r--third_party/srtp/Makefile.in147
-rw-r--r--third_party/srtp/README20
-rw-r--r--third_party/srtp/VERSION2
-rw-r--r--third_party/srtp/config.guess968
-rw-r--r--third_party/srtp/config.h_win32vc74
-rw-r--r--third_party/srtp/config.hw4
-rw-r--r--third_party/srtp/config.sub381
-rw-r--r--third_party/srtp/config_in.h44
-rw-r--r--third_party/srtp/configure11332
-rw-r--r--third_party/srtp/configure.in154
-rw-r--r--third_party/srtp/crypto/Makefile130
-rw-r--r--third_party/srtp/crypto/Makefile.in75
-rw-r--r--third_party/srtp/crypto/ae_xfm/xfm.c573
-rw-r--r--third_party/srtp/crypto/cipher/aes.c393
-rw-r--r--third_party/srtp/crypto/cipher/aes_cbc.c177
-rw-r--r--third_party/srtp/crypto/cipher/aes_gcm_ossl.c570
-rw-r--r--third_party/srtp/crypto/cipher/aes_icm.c155
-rw-r--r--third_party/srtp/crypto/cipher/aes_icm_ossl.c563
-rw-r--r--third_party/srtp/crypto/cipher/cipher.c147
-rw-r--r--third_party/srtp/crypto/cipher/null_cipher.c19
-rw-r--r--third_party/srtp/crypto/hash/auth.c22
-rw-r--r--third_party/srtp/crypto/hash/hmac.c7
-rw-r--r--third_party/srtp/crypto/hash/hmac_ossl.c302
-rw-r--r--third_party/srtp/crypto/hash/null_auth.c7
-rw-r--r--third_party/srtp/crypto/hash/sha1.c16
-rw-r--r--third_party/srtp/crypto/include/aes.h26
-rw-r--r--third_party/srtp/crypto/include/aes_cbc.h42
-rw-r--r--third_party/srtp/crypto/include/aes_gcm_ossl.h63
-rw-r--r--third_party/srtp/crypto/include/aes_icm.h46
-rw-r--r--third_party/srtp/crypto/include/aes_icm_ossl.h85
-rw-r--r--third_party/srtp/crypto/include/auth.h12
-rw-r--r--third_party/srtp/crypto/include/cipher.h68
-rw-r--r--third_party/srtp/crypto/include/crypto.h36
-rw-r--r--third_party/srtp/crypto/include/crypto_kernel.h25
-rw-r--r--third_party/srtp/crypto/include/crypto_math.h34
-rw-r--r--third_party/srtp/crypto/include/crypto_types.h62
-rw-r--r--third_party/srtp/crypto/include/datatypes.h95
-rw-r--r--third_party/srtp/crypto/include/err.h11
-rw-r--r--third_party/srtp/crypto/include/hmac.h6
-rw-r--r--third_party/srtp/crypto/include/integers.h6
-rw-r--r--third_party/srtp/crypto/include/null_cipher.h4
-rw-r--r--third_party/srtp/crypto/include/prng.h41
-rw-r--r--third_party/srtp/crypto/include/rdb.h40
-rw-r--r--third_party/srtp/crypto/include/rdbx.h86
-rw-r--r--third_party/srtp/crypto/include/sha1.h44
-rw-r--r--third_party/srtp/crypto/include/xfm.h36
-rw-r--r--third_party/srtp/crypto/kernel/alloc.c12
-rw-r--r--third_party/srtp/crypto/kernel/crypto_kernel.c131
-rw-r--r--third_party/srtp/crypto/kernel/err.c10
-rw-r--r--third_party/srtp/crypto/kernel/key.c4
-rw-r--r--third_party/srtp/crypto/math/datatypes.c372
-rw-r--r--third_party/srtp/crypto/math/gf2_8.c6
-rw-r--r--third_party/srtp/crypto/math/math.c174
-rw-r--r--third_party/srtp/crypto/math/stat.c40
-rw-r--r--third_party/srtp/crypto/replay/rdb.c20
-rw-r--r--third_party/srtp/crypto/replay/rdbx.c107
-rw-r--r--third_party/srtp/crypto/replay/ut_sim.c4
-rw-r--r--third_party/srtp/crypto/rng/ctr_prng.c14
-rw-r--r--third_party/srtp/crypto/rng/prng.c18
-rw-r--r--third_party/srtp/crypto/rng/rand_source.c75
-rw-r--r--third_party/srtp/crypto/rng/rand_source_ossl.c70
-rw-r--r--third_party/srtp/crypto/test/aes_calc.c78
-rw-r--r--third_party/srtp/crypto/test/cipher_driver.c199
-rw-r--r--third_party/srtp/crypto/test/datatypes_driver.c6
-rw-r--r--third_party/srtp/crypto/test/env.c4
-rw-r--r--third_party/srtp/crypto/test/kernel_driver.c13
-rw-r--r--third_party/srtp/crypto/test/rand_gen.c15
-rw-r--r--third_party/srtp/crypto/test/rand_gen_soak.c116
-rw-r--r--third_party/srtp/crypto/test/sha1_driver.c33
-rw-r--r--third_party/srtp/crypto/test/stat_driver.c157
-rw-r--r--third_party/srtp/doc/Makefile44
-rw-r--r--third_party/srtp/doc/draft-irtf-cfrg-icm-00.txt1
-rw-r--r--third_party/srtp/doc/intro.txt18
-rw-r--r--third_party/srtp/doc/rfc3711.txt3139
-rw-r--r--third_party/srtp/include/ekt.h201
-rw-r--r--third_party/srtp/include/rtp.h24
-rw-r--r--third_party/srtp/include/srtp.h383
-rw-r--r--third_party/srtp/include/srtp_priv.h38
-rw-r--r--third_party/srtp/install-win.bat31
-rw-r--r--third_party/srtp/libsrtp.pc.in11
-rw-r--r--third_party/srtp/pjlib/srtp_err.c5
-rw-r--r--third_party/srtp/srtp.def1
-rw-r--r--third_party/srtp/srtp.sln26
-rw-r--r--third_party/srtp/srtp.vcproj34
-rw-r--r--third_party/srtp/srtp/ekt.c279
-rw-r--r--third_party/srtp/srtp/srtp.c1539
-rw-r--r--third_party/srtp/tables/aes_tables.c4
-rw-r--r--third_party/srtp/test/dtls_srtp_driver.c22
-rw-r--r--third_party/srtp/test/lfsr.c35
-rw-r--r--third_party/srtp/test/rdbx_driver.c106
-rw-r--r--third_party/srtp/test/replay_driver.c58
-rw-r--r--third_party/srtp/test/roc_driver.c10
-rw-r--r--third_party/srtp/test/rtp.c76
-rw-r--r--third_party/srtp/test/rtp_decoder.c515
-rw-r--r--third_party/srtp/test/rtp_decoder.h119
-rw-r--r--third_party/srtp/test/rtpw.c243
-rw-r--r--third_party/srtp/test/rtpw_test.sh95
-rw-r--r--third_party/srtp/test/rtpw_test_gcm.sh237
-rw-r--r--third_party/srtp/test/srtp_driver.c479
105 files changed, 14816 insertions, 12187 deletions
diff --git a/pjmedia/src/pjmedia/transport_srtp.c b/pjmedia/src/pjmedia/transport_srtp.c
index 989e8a9d..add4b434 100644
--- a/pjmedia/src/pjmedia/transport_srtp.c
+++ b/pjmedia/src/pjmedia/transport_srtp.c
@@ -47,6 +47,7 @@
# include <srtp/crypto_kernel.h>
#else
# include <srtp.h>
+# include <crypto_kernel.h>
#endif
#define THIS_FILE "transport_srtp.c"
@@ -88,6 +89,22 @@ static crypto_suite crypto_suites[] = {
/* plain RTP/RTCP (no cipher & no auth) */
{"NULL", NULL_CIPHER, 0, NULL_AUTH, 0, 0, 0, sec_serv_none},
+ /* cipher AES_CM_256, auth HMAC_SHA1, auth tag len = 10 octets */
+ {"AES_CM_256_HMAC_SHA1_80", AES_ICM, 46, HMAC_SHA1, 20, 10, 10,
+ sec_serv_conf_and_auth},
+
+ /* cipher AES_CM_256, auth HMAC_SHA1, auth tag len = 10 octets */
+ {"AES_CM_256_HMAC_SHA1_32", AES_ICM, 46, HMAC_SHA1, 20, 4, 10,
+ sec_serv_conf_and_auth},
+
+ /* cipher AES_CM_192, auth HMAC_SHA1, auth tag len = 10 octets */
+ //{"AES_CM_192_HMAC_SHA1_80", AES_ICM, 38, HMAC_SHA1, 20, 10, 10,
+ //sec_serv_conf_and_auth},
+
+ /* cipher AES_CM_192, auth HMAC_SHA1, auth tag len = 4 octets */
+ //{"AES_CM_192_HMAC_SHA1_80", AES_ICM, 38, HMAC_SHA1, 20, 4, 10,
+ //sec_serv_conf_and_auth},
+
/* cipher AES_CM, auth HMAC_SHA1, auth tag len = 10 octets */
{"AES_CM_128_HMAC_SHA1_80", AES_128_ICM, 30, HMAC_SHA1, 20, 10, 10,
sec_serv_conf_and_auth},
@@ -336,7 +353,9 @@ static void pjmedia_srtp_deinit_lib(pjmedia_endpt *endpt)
PJ_UNUSED_ARG(endpt);
-#if defined(PJMEDIA_EXTERNAL_SRTP) && (PJMEDIA_EXTERNAL_SRTP != 0)
+#if !defined(PJMEDIA_SRTP_HAS_DEINIT) && !defined(PJMEDIA_SRTP_HAS_SHUTDOWN)
+# define PJMEDIA_SRTP_HAS_SHUTDOWN 1
+#endif
# if defined(PJMEDIA_SRTP_HAS_DEINIT) && PJMEDIA_SRTP_HAS_DEINIT!=0
err = srtp_deinit();
@@ -345,10 +364,6 @@ static void pjmedia_srtp_deinit_lib(pjmedia_endpt *endpt)
# else
err = err_status_ok;
# endif
-
-#else
- err = srtp_deinit();
-#endif
if (err != err_status_ok) {
PJ_LOG(4, (THIS_FILE, "Failed to deinitialize libsrtp: %s",
get_libsrtp_errstr(err)));
@@ -1169,10 +1184,9 @@ static pj_status_t parse_attr_crypto(pj_pool_t *pool,
{
pj_str_t input;
char *token;
- pj_size_t token_len;
pj_str_t tmp;
pj_status_t status;
- int itmp;
+ int itmp, token_len;
pj_bzero(crypto, sizeof(*crypto));
pj_strdup_with_null(pool, &input, &attr->value);
diff --git a/third_party/build/srtp/Makefile b/third_party/build/srtp/Makefile
index 65f60613..7ef0f259 100644
--- a/third_party/build/srtp/Makefile
+++ b/third_party/build/srtp/Makefile
@@ -48,7 +48,7 @@ err = pjlib/srtp_err.o
kernel = crypto/kernel/crypto_kernel.o crypto/kernel/alloc.o \
crypto/kernel/key.o $(rng) $(err) # $(ust)
-srtpobj = srtp/srtp.o
+srtpobj = srtp/srtp.o srtp/ekt.o
cryptobj = $(ciphers) $(hashes) $(math) $(stat) $(kernel) $(replay)
diff --git a/third_party/build/srtp/config.h b/third_party/build/srtp/config.h
new file mode 100644
index 00000000..e8bc9346
--- /dev/null
+++ b/third_party/build/srtp/config.h
@@ -0,0 +1,20 @@
+/* $Id: config.h$ */
+/*
+ * Copyright (C) 2003-2007 Benny Prijono <benny@prijono.org>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ */
+
+#include "srtp_config.h"
diff --git a/third_party/build/srtp/libsrtp.vcproj b/third_party/build/srtp/libsrtp.vcproj
index 11b12fd1..67fd15d2 100644
--- a/third_party/build/srtp/libsrtp.vcproj
+++ b/third_party/build/srtp/libsrtp.vcproj
@@ -12,13 +12,13 @@
Name="Win32"
/>
<Platform
- Name="Pocket PC 2003 (ARMV4)"
+ Name="x64"
/>
<Platform
- Name="Smartphone 2003 (ARMV4)"
+ Name="Pocket PC 2003 (ARMV4)"
/>
<Platform
- Name="x64"
+ Name="Smartphone 2003 (ARMV4)"
/>
<Platform
Name="Windows Mobile 6 Standard SDK (ARMV4I)"
@@ -61,7 +61,7 @@
<Tool
Name="VCCLCompilerTool"
AdditionalIncludeDirectories=".,../../srtp/include,../../srtp/crypto/include,../../../pjlib/include"
- PreprocessorDefinitions="_LIB;"
+ PreprocessorDefinitions="_LIB;HAVE_CONFIG_H"
PrecompiledHeaderFile=""
/>
<Tool
@@ -94,11 +94,11 @@
/>
</Configuration>
<Configuration
- Name="Debug|Pocket PC 2003 (ARMV4)"
+ Name="Debug|x64"
ConfigurationType="4"
- InheritedPropertySheets="..\..\..\build\vs\pjproject-vs8-debug-static-defaults.vsprops;..\..\..\build\vs\pjproject-vs8-wm2003-common-defaults.vsprops"
+ InheritedPropertySheets="..\..\..\build\vs\pjproject-vs8-debug-static-defaults.vsprops;..\..\..\build\vs\pjproject-vs8-win64-common-defaults.vsprops"
ATLMinimizesCRunTimeLibraryUsage="false"
- CharacterSet="1"
+ CharacterSet="2"
>
<Tool
Name="VCPreBuildEventTool"
@@ -114,13 +114,14 @@
/>
<Tool
Name="VCMIDLTool"
+ TargetEnvironment="3"
/>
<Tool
Name="VCCLCompilerTool"
- ExecutionBucket="7"
AdditionalIncludeDirectories=".,../../srtp/include,../../srtp/crypto/include,../../../pjlib/include"
- PreprocessorDefinitions="_LIB;"
+ PreprocessorDefinitions="_LIB;HAVE_CONFIG_H"
PrecompiledHeaderFile=""
+ DebugInformationFormat="3"
/>
<Tool
Name="VCManagedResourceCompilerTool"
@@ -133,7 +134,7 @@
/>
<Tool
Name="VCLibrarianTool"
- OutputFile="..\..\lib\$(ProjectName)-$(TargetCPU)-wm2003ppc-vc$(VSVer)-$(ConfigurationName).lib"
+ OutputFile="..\..\lib\$(ProjectName)-$(TargetCPU)-$(PlatformName)-vc$(VSVer)-$(ConfigurationName).lib"
/>
<Tool
Name="VCALinkTool"
@@ -145,26 +146,18 @@
Name="VCBscMakeTool"
/>
<Tool
- Name="VCCodeSignTool"
+ Name="VCFxCopTool"
/>
<Tool
Name="VCPostBuildEventTool"
/>
- <DeploymentTool
- ForceDirty="-1"
- RemoteDirectory=""
- RegisterOutput="0"
- AdditionalFiles=""
- />
- <DebuggerTool
- />
</Configuration>
<Configuration
- Name="Debug|Smartphone 2003 (ARMV4)"
+ Name="Release|Win32"
ConfigurationType="4"
- InheritedPropertySheets="..\..\..\build\vs\pjproject-vs8-debug-static-defaults.vsprops;..\..\..\build\vs\pjproject-vs8-wm2003-common-defaults.vsprops"
+ InheritedPropertySheets="..\..\..\build\vs\pjproject-vs8-release-dynamic-defaults.vsprops;..\..\..\build\vs\pjproject-vs8-win32-release-defaults.vsprops"
ATLMinimizesCRunTimeLibraryUsage="false"
- CharacterSet="1"
+ CharacterSet="2"
>
<Tool
Name="VCPreBuildEventTool"
@@ -183,9 +176,8 @@
/>
<Tool
Name="VCCLCompilerTool"
- ExecutionBucket="7"
AdditionalIncludeDirectories=".,../../srtp/include,../../srtp/crypto/include,../../../pjlib/include"
- PreprocessorDefinitions="_LIB;"
+ PreprocessorDefinitions="_LIB;HAVE_CONFIG_H"
PrecompiledHeaderFile=""
/>
<Tool
@@ -199,7 +191,7 @@
/>
<Tool
Name="VCLibrarianTool"
- OutputFile="..\..\lib\$(ProjectName)-$(TargetCPU)-wm2003sp-vc$(VSVer)-$(ConfigurationName).lib"
+ OutputFile="..\..\lib\$(ProjectName)-$(TargetCPU)-$(PlatformName)-vc$(VSVer)-$(ConfigurationName).lib"
/>
<Tool
Name="VCALinkTool"
@@ -211,24 +203,16 @@
Name="VCBscMakeTool"
/>
<Tool
- Name="VCCodeSignTool"
+ Name="VCFxCopTool"
/>
<Tool
Name="VCPostBuildEventTool"
/>
- <DeploymentTool
- ForceDirty="-1"
- RemoteDirectory=""
- RegisterOutput="0"
- AdditionalFiles=""
- />
- <DebuggerTool
- />
</Configuration>
<Configuration
- Name="Debug|x64"
+ Name="Release|x64"
ConfigurationType="4"
- InheritedPropertySheets="..\..\..\build\vs\pjproject-vs8-debug-static-defaults.vsprops;..\..\..\build\vs\pjproject-vs8-win64-common-defaults.vsprops"
+ InheritedPropertySheets="..\..\..\build\vs\pjproject-vs8-release-dynamic-defaults.vsprops;..\..\..\build\vs\pjproject-vs8-win64-release-defaults.vsprops"
ATLMinimizesCRunTimeLibraryUsage="false"
CharacterSet="2"
>
@@ -251,9 +235,8 @@
<Tool
Name="VCCLCompilerTool"
AdditionalIncludeDirectories=".,../../srtp/include,../../srtp/crypto/include,../../../pjlib/include"
- PreprocessorDefinitions="_LIB;"
+ PreprocessorDefinitions="_LIB;HAVE_CONFIG_H"
PrecompiledHeaderFile=""
- DebugInformationFormat="3"
/>
<Tool
Name="VCManagedResourceCompilerTool"
@@ -285,9 +268,9 @@
/>
</Configuration>
<Configuration
- Name="Release|Win32"
+ Name="Debug-Static|Win32"
ConfigurationType="4"
- InheritedPropertySheets="..\..\..\build\vs\pjproject-vs8-release-dynamic-defaults.vsprops;..\..\..\build\vs\pjproject-vs8-win32-release-defaults.vsprops"
+ InheritedPropertySheets="..\..\..\build\vs\pjproject-vs8-debug-static-defaults.vsprops;..\..\..\build\vs\pjproject-vs8-win32-common-defaults.vsprops"
ATLMinimizesCRunTimeLibraryUsage="false"
CharacterSet="2"
>
@@ -309,7 +292,7 @@
<Tool
Name="VCCLCompilerTool"
AdditionalIncludeDirectories=".,../../srtp/include,../../srtp/crypto/include,../../../pjlib/include"
- PreprocessorDefinitions="_LIB;"
+ PreprocessorDefinitions="_LIB;HAVE_CONFIG_H"
PrecompiledHeaderFile=""
/>
<Tool
@@ -342,11 +325,11 @@
/>
</Configuration>
<Configuration
- Name="Release|Pocket PC 2003 (ARMV4)"
+ Name="Debug-Static|x64"
ConfigurationType="4"
- InheritedPropertySheets="..\..\..\build\vs\pjproject-vs8-release-dynamic-defaults.vsprops;..\..\..\build\vs\pjproject-vs8-wm2003-release-defaults.vsprops"
+ InheritedPropertySheets="..\..\..\build\vs\pjproject-vs8-debug-static-defaults.vsprops;..\..\..\build\vs\pjproject-vs8-win64-common-defaults.vsprops"
ATLMinimizesCRunTimeLibraryUsage="false"
- CharacterSet="1"
+ CharacterSet="2"
>
<Tool
Name="VCPreBuildEventTool"
@@ -362,13 +345,14 @@
/>
<Tool
Name="VCMIDLTool"
+ TargetEnvironment="3"
/>
<Tool
Name="VCCLCompilerTool"
- ExecutionBucket="7"
AdditionalIncludeDirectories=".,../../srtp/include,../../srtp/crypto/include,../../../pjlib/include"
- PreprocessorDefinitions="_LIB;"
+ PreprocessorDefinitions="_LIB;HAVE_CONFIG_H"
PrecompiledHeaderFile=""
+ DebugInformationFormat="3"
/>
<Tool
Name="VCManagedResourceCompilerTool"
@@ -381,7 +365,7 @@
/>
<Tool
Name="VCLibrarianTool"
- OutputFile="..\..\lib\$(ProjectName)-$(TargetCPU)-wm2003ppc-vc$(VSVer)-$(ConfigurationName).lib"
+ OutputFile="..\..\lib\$(ProjectName)-$(TargetCPU)-$(PlatformName)-vc$(VSVer)-$(ConfigurationName).lib"
/>
<Tool
Name="VCALinkTool"
@@ -393,26 +377,18 @@
Name="VCBscMakeTool"
/>
<Tool
- Name="VCCodeSignTool"
+ Name="VCFxCopTool"
/>
<Tool
Name="VCPostBuildEventTool"
/>
- <DeploymentTool
- ForceDirty="-1"
- RemoteDirectory=""
- RegisterOutput="0"
- AdditionalFiles=""
- />
- <DebuggerTool
- />
</Configuration>
<Configuration
- Name="Release|Smartphone 2003 (ARMV4)"
+ Name="Release-Dynamic|Win32"
ConfigurationType="4"
- InheritedPropertySheets="..\..\..\build\vs\pjproject-vs8-release-dynamic-defaults.vsprops;..\..\..\build\vs\pjproject-vs8-wm2003-release-defaults.vsprops"
+ InheritedPropertySheets="..\..\..\build\vs\pjproject-vs8-release-dynamic-defaults.vsprops;..\..\..\build\vs\pjproject-vs8-win32-release-defaults.vsprops"
ATLMinimizesCRunTimeLibraryUsage="false"
- CharacterSet="1"
+ CharacterSet="2"
>
<Tool
Name="VCPreBuildEventTool"
@@ -431,9 +407,8 @@
/>
<Tool
Name="VCCLCompilerTool"
- ExecutionBucket="7"
AdditionalIncludeDirectories=".,../../srtp/include,../../srtp/crypto/include,../../../pjlib/include"
- PreprocessorDefinitions="_LIB;"
+ PreprocessorDefinitions="_LIB;HAVE_CONFIG_H"
PrecompiledHeaderFile=""
/>
<Tool
@@ -447,7 +422,7 @@
/>
<Tool
Name="VCLibrarianTool"
- OutputFile="..\..\lib\$(ProjectName)-$(TargetCPU)-wm2003sp-vc$(VSVer)-$(ConfigurationName).lib"
+ OutputFile="..\..\lib\$(ProjectName)-$(TargetCPU)-$(PlatformName)-vc$(VSVer)-$(ConfigurationName).lib"
/>
<Tool
Name="VCALinkTool"
@@ -459,22 +434,14 @@
Name="VCBscMakeTool"
/>
<Tool
- Name="VCCodeSignTool"
+ Name="VCFxCopTool"
/>
<Tool
Name="VCPostBuildEventTool"
/>
- <DeploymentTool
- ForceDirty="-1"
- RemoteDirectory=""
- RegisterOutput="0"
- AdditionalFiles=""
- />
- <DebuggerTool
- />
</Configuration>
<Configuration
- Name="Release|x64"
+ Name="Release-Dynamic|x64"
ConfigurationType="4"
InheritedPropertySheets="..\..\..\build\vs\pjproject-vs8-release-dynamic-defaults.vsprops;..\..\..\build\vs\pjproject-vs8-win64-release-defaults.vsprops"
ATLMinimizesCRunTimeLibraryUsage="false"
@@ -499,7 +466,7 @@
<Tool
Name="VCCLCompilerTool"
AdditionalIncludeDirectories=".,../../srtp/include,../../srtp/crypto/include,../../../pjlib/include"
- PreprocessorDefinitions="_LIB;"
+ PreprocessorDefinitions="_LIB;HAVE_CONFIG_H"
PrecompiledHeaderFile=""
/>
<Tool
@@ -532,9 +499,9 @@
/>
</Configuration>
<Configuration
- Name="Debug-Static|Win32"
+ Name="Debug-Dynamic|Win32"
ConfigurationType="4"
- InheritedPropertySheets="..\..\..\build\vs\pjproject-vs8-debug-static-defaults.vsprops;..\..\..\build\vs\pjproject-vs8-win32-common-defaults.vsprops"
+ InheritedPropertySheets="..\..\..\build\vs\pjproject-vs8-debug-dynamic-defaults.vsprops;..\..\..\build\vs\pjproject-vs8-win32-common-defaults.vsprops"
ATLMinimizesCRunTimeLibraryUsage="false"
CharacterSet="2"
>
@@ -556,7 +523,7 @@
<Tool
Name="VCCLCompilerTool"
AdditionalIncludeDirectories=".,../../srtp/include,../../srtp/crypto/include,../../../pjlib/include"
- PreprocessorDefinitions="_LIB;"
+ PreprocessorDefinitions="_LIB;HAVE_CONFIG_H"
PrecompiledHeaderFile=""
/>
<Tool
@@ -589,11 +556,11 @@
/>
</Configuration>
<Configuration
- Name="Debug-Static|Pocket PC 2003 (ARMV4)"
+ Name="Debug-Dynamic|x64"
ConfigurationType="4"
- InheritedPropertySheets="..\..\..\build\vs\pjproject-vs8-debug-static-defaults.vsprops;..\..\..\build\vs\pjproject-vs8-wm2003-common-defaults.vsprops"
+ InheritedPropertySheets="..\..\..\build\vs\pjproject-vs8-debug-dynamic-defaults.vsprops;..\..\..\build\vs\pjproject-vs8-win64-common-defaults.vsprops"
ATLMinimizesCRunTimeLibraryUsage="false"
- CharacterSet="1"
+ CharacterSet="2"
>
<Tool
Name="VCPreBuildEventTool"
@@ -609,13 +576,14 @@
/>
<Tool
Name="VCMIDLTool"
+ TargetEnvironment="3"
/>
<Tool
Name="VCCLCompilerTool"
- ExecutionBucket="7"
AdditionalIncludeDirectories=".,../../srtp/include,../../srtp/crypto/include,../../../pjlib/include"
- PreprocessorDefinitions="_LIB;"
+ PreprocessorDefinitions="_LIB;HAVE_CONFIG_H"
PrecompiledHeaderFile=""
+ DebugInformationFormat="3"
/>
<Tool
Name="VCManagedResourceCompilerTool"
@@ -628,7 +596,7 @@
/>
<Tool
Name="VCLibrarianTool"
- OutputFile="..\..\lib\$(ProjectName)-$(TargetCPU)-wm2003ppc-vc$(VSVer)-$(ConfigurationName).lib"
+ OutputFile="..\..\lib\$(ProjectName)-$(TargetCPU)-$(PlatformName)-vc$(VSVer)-$(ConfigurationName).lib"
/>
<Tool
Name="VCALinkTool"
@@ -640,26 +608,18 @@
Name="VCBscMakeTool"
/>
<Tool
- Name="VCCodeSignTool"
+ Name="VCFxCopTool"
/>
<Tool
Name="VCPostBuildEventTool"
/>
- <DeploymentTool
- ForceDirty="-1"
- RemoteDirectory=""
- RegisterOutput="0"
- AdditionalFiles=""
- />
- <DebuggerTool
- />
</Configuration>
<Configuration
- Name="Debug-Static|Smartphone 2003 (ARMV4)"
+ Name="Release-Static|Win32"
ConfigurationType="4"
- InheritedPropertySheets="..\..\..\build\vs\pjproject-vs8-debug-static-defaults.vsprops;..\..\..\build\vs\pjproject-vs8-wm2003-common-defaults.vsprops"
+ InheritedPropertySheets="..\..\..\build\vs\pjproject-vs8-release-static-defaults.vsprops;..\..\..\build\vs\pjproject-vs8-win32-release-defaults.vsprops"
ATLMinimizesCRunTimeLibraryUsage="false"
- CharacterSet="1"
+ CharacterSet="2"
>
<Tool
Name="VCPreBuildEventTool"
@@ -678,9 +638,8 @@
/>
<Tool
Name="VCCLCompilerTool"
- ExecutionBucket="7"
AdditionalIncludeDirectories=".,../../srtp/include,../../srtp/crypto/include,../../../pjlib/include"
- PreprocessorDefinitions="_LIB;"
+ PreprocessorDefinitions="_LIB;HAVE_CONFIG_H"
PrecompiledHeaderFile=""
/>
<Tool
@@ -694,7 +653,7 @@
/>
<Tool
Name="VCLibrarianTool"
- OutputFile="..\..\lib\$(ProjectName)-$(TargetCPU)-wm2003sp-vc$(VSVer)-$(ConfigurationName).lib"
+ OutputFile="..\..\lib\$(ProjectName)-$(TargetCPU)-$(PlatformName)-vc$(VSVer)-$(ConfigurationName).lib"
/>
<Tool
Name="VCALinkTool"
@@ -706,24 +665,16 @@
Name="VCBscMakeTool"
/>
<Tool
- Name="VCCodeSignTool"
+ Name="VCFxCopTool"
/>
<Tool
Name="VCPostBuildEventTool"
/>
- <DeploymentTool
- ForceDirty="-1"
- RemoteDirectory=""
- RegisterOutput="0"
- AdditionalFiles=""
- />
- <DebuggerTool
- />
</Configuration>
<Configuration
- Name="Debug-Static|x64"
+ Name="Release-Static|x64"
ConfigurationType="4"
- InheritedPropertySheets="..\..\..\build\vs\pjproject-vs8-debug-static-defaults.vsprops;..\..\..\build\vs\pjproject-vs8-win64-common-defaults.vsprops"
+ InheritedPropertySheets="..\..\..\build\vs\pjproject-vs8-release-static-defaults.vsprops;..\..\..\build\vs\pjproject-vs8-win64-release-defaults.vsprops"
ATLMinimizesCRunTimeLibraryUsage="false"
CharacterSet="2"
>
@@ -746,9 +697,8 @@
<Tool
Name="VCCLCompilerTool"
AdditionalIncludeDirectories=".,../../srtp/include,../../srtp/crypto/include,../../../pjlib/include"
- PreprocessorDefinitions="_LIB;"
+ PreprocessorDefinitions="_LIB;HAVE_CONFIG_H"
PrecompiledHeaderFile=""
- DebugInformationFormat="3"
/>
<Tool
Name="VCManagedResourceCompilerTool"
@@ -780,11 +730,11 @@
/>
</Configuration>
<Configuration
- Name="Release-Dynamic|Win32"
+ Name="Debug|Pocket PC 2003 (ARMV4)"
ConfigurationType="4"
- InheritedPropertySheets="..\..\..\build\vs\pjproject-vs8-release-dynamic-defaults.vsprops;..\..\..\build\vs\pjproject-vs8-win32-release-defaults.vsprops"
+ InheritedPropertySheets="..\..\..\build\vs\pjproject-vs8-debug-static-defaults.vsprops;..\..\..\build\vs\pjproject-vs8-wm2003-common-defaults.vsprops"
ATLMinimizesCRunTimeLibraryUsage="false"
- CharacterSet="2"
+ CharacterSet="1"
>
<Tool
Name="VCPreBuildEventTool"
@@ -803,6 +753,7 @@
/>
<Tool
Name="VCCLCompilerTool"
+ ExecutionBucket="7"
AdditionalIncludeDirectories=".,../../srtp/include,../../srtp/crypto/include,../../../pjlib/include"
PreprocessorDefinitions="_LIB;"
PrecompiledHeaderFile=""
@@ -818,7 +769,7 @@
/>
<Tool
Name="VCLibrarianTool"
- OutputFile="..\..\lib\$(ProjectName)-$(TargetCPU)-$(PlatformName)-vc$(VSVer)-$(ConfigurationName).lib"
+ OutputFile="..\..\lib\$(ProjectName)-$(TargetCPU)-wm2003ppc-vc$(VSVer)-$(ConfigurationName).lib"
/>
<Tool
Name="VCALinkTool"
@@ -830,16 +781,24 @@
Name="VCBscMakeTool"
/>
<Tool
- Name="VCFxCopTool"
+ Name="VCCodeSignTool"
/>
<Tool
Name="VCPostBuildEventTool"
/>
+ <DeploymentTool
+ ForceDirty="-1"
+ RemoteDirectory=""
+ RegisterOutput="0"
+ AdditionalFiles=""
+ />
+ <DebuggerTool
+ />
</Configuration>
<Configuration
- Name="Release-Dynamic|Pocket PC 2003 (ARMV4)"
+ Name="Debug|Smartphone 2003 (ARMV4)"
ConfigurationType="4"
- InheritedPropertySheets="..\..\..\build\vs\pjproject-vs8-release-dynamic-defaults.vsprops;..\..\..\build\vs\pjproject-vs8-wm2003-release-defaults.vsprops"
+ InheritedPropertySheets="..\..\..\build\vs\pjproject-vs8-debug-static-defaults.vsprops;..\..\..\build\vs\pjproject-vs8-wm2003-common-defaults.vsprops"
ATLMinimizesCRunTimeLibraryUsage="false"
CharacterSet="1"
>
@@ -876,7 +835,7 @@
/>
<Tool
Name="VCLibrarianTool"
- OutputFile="..\..\lib\$(ProjectName)-$(TargetCPU)-wm2003ppc-vc$(VSVer)-$(ConfigurationName).lib"
+ OutputFile="..\..\lib\$(ProjectName)-$(TargetCPU)-wm2003sp-vc$(VSVer)-$(ConfigurationName).lib"
/>
<Tool
Name="VCALinkTool"
@@ -903,7 +862,7 @@
/>
</Configuration>
<Configuration
- Name="Release-Dynamic|Smartphone 2003 (ARMV4)"
+ Name="Release|Pocket PC 2003 (ARMV4)"
ConfigurationType="4"
InheritedPropertySheets="..\..\..\build\vs\pjproject-vs8-release-dynamic-defaults.vsprops;..\..\..\build\vs\pjproject-vs8-wm2003-release-defaults.vsprops"
ATLMinimizesCRunTimeLibraryUsage="false"
@@ -942,7 +901,7 @@
/>
<Tool
Name="VCLibrarianTool"
- OutputFile="..\..\lib\$(ProjectName)-$(TargetCPU)-wm2003sp-vc$(VSVer)-$(ConfigurationName).lib"
+ OutputFile="..\..\lib\$(ProjectName)-$(TargetCPU)-wm2003ppc-vc$(VSVer)-$(ConfigurationName).lib"
/>
<Tool
Name="VCALinkTool"
@@ -969,11 +928,11 @@
/>
</Configuration>
<Configuration
- Name="Release-Dynamic|x64"
+ Name="Release|Smartphone 2003 (ARMV4)"
ConfigurationType="4"
- InheritedPropertySheets="..\..\..\build\vs\pjproject-vs8-release-dynamic-defaults.vsprops;..\..\..\build\vs\pjproject-vs8-win64-release-defaults.vsprops"
+ InheritedPropertySheets="..\..\..\build\vs\pjproject-vs8-release-dynamic-defaults.vsprops;..\..\..\build\vs\pjproject-vs8-wm2003-release-defaults.vsprops"
ATLMinimizesCRunTimeLibraryUsage="false"
- CharacterSet="2"
+ CharacterSet="1"
>
<Tool
Name="VCPreBuildEventTool"
@@ -989,10 +948,10 @@
/>
<Tool
Name="VCMIDLTool"
- TargetEnvironment="3"
/>
<Tool
Name="VCCLCompilerTool"
+ ExecutionBucket="7"
AdditionalIncludeDirectories=".,../../srtp/include,../../srtp/crypto/include,../../../pjlib/include"
PreprocessorDefinitions="_LIB;"
PrecompiledHeaderFile=""
@@ -1008,7 +967,7 @@
/>
<Tool
Name="VCLibrarianTool"
- OutputFile="..\..\lib\$(ProjectName)-$(TargetCPU)-$(PlatformName)-vc$(VSVer)-$(ConfigurationName).lib"
+ OutputFile="..\..\lib\$(ProjectName)-$(TargetCPU)-wm2003sp-vc$(VSVer)-$(ConfigurationName).lib"
/>
<Tool
Name="VCALinkTool"
@@ -1020,18 +979,26 @@
Name="VCBscMakeTool"
/>
<Tool
- Name="VCFxCopTool"
+ Name="VCCodeSignTool"
/>
<Tool
Name="VCPostBuildEventTool"
/>
+ <DeploymentTool
+ ForceDirty="-1"
+ RemoteDirectory=""
+ RegisterOutput="0"
+ AdditionalFiles=""
+ />
+ <DebuggerTool
+ />
</Configuration>
<Configuration
- Name="Debug-Dynamic|Win32"
+ Name="Debug-Static|Pocket PC 2003 (ARMV4)"
ConfigurationType="4"
- InheritedPropertySheets="..\..\..\build\vs\pjproject-vs8-debug-dynamic-defaults.vsprops;..\..\..\build\vs\pjproject-vs8-win32-common-defaults.vsprops"
+ InheritedPropertySheets="..\..\..\build\vs\pjproject-vs8-debug-static-defaults.vsprops;..\..\..\build\vs\pjproject-vs8-wm2003-common-defaults.vsprops"
ATLMinimizesCRunTimeLibraryUsage="false"
- CharacterSet="2"
+ CharacterSet="1"
>
<Tool
Name="VCPreBuildEventTool"
@@ -1050,6 +1017,7 @@
/>
<Tool
Name="VCCLCompilerTool"
+ ExecutionBucket="7"
AdditionalIncludeDirectories=".,../../srtp/include,../../srtp/crypto/include,../../../pjlib/include"
PreprocessorDefinitions="_LIB;"
PrecompiledHeaderFile=""
@@ -1065,7 +1033,7 @@
/>
<Tool
Name="VCLibrarianTool"
- OutputFile="..\..\lib\$(ProjectName)-$(TargetCPU)-$(PlatformName)-vc$(VSVer)-$(ConfigurationName).lib"
+ OutputFile="..\..\lib\$(ProjectName)-$(TargetCPU)-wm2003ppc-vc$(VSVer)-$(ConfigurationName).lib"
/>
<Tool
Name="VCALinkTool"
@@ -1077,16 +1045,24 @@
Name="VCBscMakeTool"
/>
<Tool
- Name="VCFxCopTool"
+ Name="VCCodeSignTool"
/>
<Tool
Name="VCPostBuildEventTool"
/>
+ <DeploymentTool
+ ForceDirty="-1"
+ RemoteDirectory=""
+ RegisterOutput="0"
+ AdditionalFiles=""
+ />
+ <DebuggerTool
+ />
</Configuration>
<Configuration
- Name="Debug-Dynamic|Pocket PC 2003 (ARMV4)"
+ Name="Debug-Static|Smartphone 2003 (ARMV4)"
ConfigurationType="4"
- InheritedPropertySheets="..\..\..\build\vs\pjproject-vs8-debug-dynamic-defaults.vsprops;..\..\..\build\vs\pjproject-vs8-wm2003-common-defaults.vsprops"
+ InheritedPropertySheets="..\..\..\build\vs\pjproject-vs8-debug-static-defaults.vsprops;..\..\..\build\vs\pjproject-vs8-wm2003-common-defaults.vsprops"
ATLMinimizesCRunTimeLibraryUsage="false"
CharacterSet="1"
>
@@ -1123,7 +1099,7 @@
/>
<Tool
Name="VCLibrarianTool"
- OutputFile="..\..\lib\$(ProjectName)-$(TargetCPU)-wm2003ppc-vc$(VSVer)-$(ConfigurationName).lib"
+ OutputFile="..\..\lib\$(ProjectName)-$(TargetCPU)-wm2003sp-vc$(VSVer)-$(ConfigurationName).lib"
/>
<Tool
Name="VCALinkTool"
@@ -1150,9 +1126,9 @@
/>
</Configuration>
<Configuration
- Name="Debug-Dynamic|Smartphone 2003 (ARMV4)"
+ Name="Release-Dynamic|Pocket PC 2003 (ARMV4)"
ConfigurationType="4"
- InheritedPropertySheets="..\..\..\build\vs\pjproject-vs8-debug-dynamic-defaults.vsprops;..\..\..\build\vs\pjproject-vs8-wm2003-common-defaults.vsprops"
+ InheritedPropertySheets="..\..\..\build\vs\pjproject-vs8-release-dynamic-defaults.vsprops;..\..\..\build\vs\pjproject-vs8-wm2003-release-defaults.vsprops"
ATLMinimizesCRunTimeLibraryUsage="false"
CharacterSet="1"
>
@@ -1189,7 +1165,7 @@
/>
<Tool
Name="VCLibrarianTool"
- OutputFile="..\..\lib\$(ProjectName)-$(TargetCPU)-wm2003sp-vc$(VSVer)-$(ConfigurationName).lib"
+ OutputFile="..\..\lib\$(ProjectName)-$(TargetCPU)-wm2003ppc-vc$(VSVer)-$(ConfigurationName).lib"
/>
<Tool
Name="VCALinkTool"
@@ -1216,11 +1192,11 @@
/>
</Configuration>
<Configuration
- Name="Debug-Dynamic|x64"
+ Name="Release-Dynamic|Smartphone 2003 (ARMV4)"
ConfigurationType="4"
- InheritedPropertySheets="..\..\..\build\vs\pjproject-vs8-debug-dynamic-defaults.vsprops;..\..\..\build\vs\pjproject-vs8-win64-common-defaults.vsprops"
+ InheritedPropertySheets="..\..\..\build\vs\pjproject-vs8-release-dynamic-defaults.vsprops;..\..\..\build\vs\pjproject-vs8-wm2003-release-defaults.vsprops"
ATLMinimizesCRunTimeLibraryUsage="false"
- CharacterSet="2"
+ CharacterSet="1"
>
<Tool
Name="VCPreBuildEventTool"
@@ -1236,14 +1212,13 @@
/>
<Tool
Name="VCMIDLTool"
- TargetEnvironment="3"
/>
<Tool
Name="VCCLCompilerTool"
+ ExecutionBucket="7"
AdditionalIncludeDirectories=".,../../srtp/include,../../srtp/crypto/include,../../../pjlib/include"
PreprocessorDefinitions="_LIB;"
PrecompiledHeaderFile=""
- DebugInformationFormat="3"
/>
<Tool
Name="VCManagedResourceCompilerTool"
@@ -1256,7 +1231,7 @@
/>
<Tool
Name="VCLibrarianTool"
- OutputFile="..\..\lib\$(ProjectName)-$(TargetCPU)-$(PlatformName)-vc$(VSVer)-$(ConfigurationName).lib"
+ OutputFile="..\..\lib\$(ProjectName)-$(TargetCPU)-wm2003sp-vc$(VSVer)-$(ConfigurationName).lib"
/>
<Tool
Name="VCALinkTool"
@@ -1268,18 +1243,26 @@
Name="VCBscMakeTool"
/>
<Tool
- Name="VCFxCopTool"
+ Name="VCCodeSignTool"
/>
<Tool
Name="VCPostBuildEventTool"
/>
+ <DeploymentTool
+ ForceDirty="-1"
+ RemoteDirectory=""
+ RegisterOutput="0"
+ AdditionalFiles=""
+ />
+ <DebuggerTool
+ />
</Configuration>
<Configuration
- Name="Release-Static|Win32"
+ Name="Debug-Dynamic|Pocket PC 2003 (ARMV4)"
ConfigurationType="4"
- InheritedPropertySheets="..\..\..\build\vs\pjproject-vs8-release-static-defaults.vsprops;..\..\..\build\vs\pjproject-vs8-win32-release-defaults.vsprops"
+ InheritedPropertySheets="..\..\..\build\vs\pjproject-vs8-debug-dynamic-defaults.vsprops;..\..\..\build\vs\pjproject-vs8-wm2003-common-defaults.vsprops"
ATLMinimizesCRunTimeLibraryUsage="false"
- CharacterSet="2"
+ CharacterSet="1"
>
<Tool
Name="VCPreBuildEventTool"
@@ -1298,6 +1281,7 @@
/>
<Tool
Name="VCCLCompilerTool"
+ ExecutionBucket="7"
AdditionalIncludeDirectories=".,../../srtp/include,../../srtp/crypto/include,../../../pjlib/include"
PreprocessorDefinitions="_LIB;"
PrecompiledHeaderFile=""
@@ -1313,7 +1297,7 @@
/>
<Tool
Name="VCLibrarianTool"
- OutputFile="..\..\lib\$(ProjectName)-$(TargetCPU)-$(PlatformName)-vc$(VSVer)-$(ConfigurationName).lib"
+ OutputFile="..\..\lib\$(ProjectName)-$(TargetCPU)-wm2003ppc-vc$(VSVer)-$(ConfigurationName).lib"
/>
<Tool
Name="VCALinkTool"
@@ -1325,16 +1309,24 @@
Name="VCBscMakeTool"
/>
<Tool
- Name="VCFxCopTool"
+ Name="VCCodeSignTool"
/>
<Tool
Name="VCPostBuildEventTool"
/>
+ <DeploymentTool
+ ForceDirty="-1"
+ RemoteDirectory=""
+ RegisterOutput="0"
+ AdditionalFiles=""
+ />
+ <DebuggerTool
+ />
</Configuration>
<Configuration
- Name="Release-Static|Pocket PC 2003 (ARMV4)"
+ Name="Debug-Dynamic|Smartphone 2003 (ARMV4)"
ConfigurationType="4"
- InheritedPropertySheets="..\..\..\build\vs\pjproject-vs8-release-static-defaults.vsprops;..\..\..\build\vs\pjproject-vs8-wm2003-release-defaults.vsprops"
+ InheritedPropertySheets="..\..\..\build\vs\pjproject-vs8-debug-dynamic-defaults.vsprops;..\..\..\build\vs\pjproject-vs8-wm2003-common-defaults.vsprops"
ATLMinimizesCRunTimeLibraryUsage="false"
CharacterSet="1"
>
@@ -1371,7 +1363,7 @@
/>
<Tool
Name="VCLibrarianTool"
- OutputFile="..\..\lib\$(ProjectName)-$(TargetCPU)-wm2003ppc-vc$(VSVer)-$(ConfigurationName).lib"
+ OutputFile="..\..\lib\$(ProjectName)-$(TargetCPU)-wm2003sp-vc$(VSVer)-$(ConfigurationName).lib"
/>
<Tool
Name="VCALinkTool"
@@ -1398,7 +1390,7 @@
/>
</Configuration>
<Configuration
- Name="Release-Static|Smartphone 2003 (ARMV4)"
+ Name="Release-Static|Pocket PC 2003 (ARMV4)"
ConfigurationType="4"
InheritedPropertySheets="..\..\..\build\vs\pjproject-vs8-release-static-defaults.vsprops;..\..\..\build\vs\pjproject-vs8-wm2003-release-defaults.vsprops"
ATLMinimizesCRunTimeLibraryUsage="false"
@@ -1437,7 +1429,7 @@
/>
<Tool
Name="VCLibrarianTool"
- OutputFile="..\..\lib\$(ProjectName)-$(TargetCPU)-wm2003sp-vc$(VSVer)-$(ConfigurationName).lib"
+ OutputFile="..\..\lib\$(ProjectName)-$(TargetCPU)-wm2003ppc-vc$(VSVer)-$(ConfigurationName).lib"
/>
<Tool
Name="VCALinkTool"
@@ -1464,11 +1456,11 @@
/>
</Configuration>
<Configuration
- Name="Release-Static|x64"
+ Name="Release-Static|Smartphone 2003 (ARMV4)"
ConfigurationType="4"
- InheritedPropertySheets="..\..\..\build\vs\pjproject-vs8-release-static-defaults.vsprops;..\..\..\build\vs\pjproject-vs8-win64-release-defaults.vsprops"
+ InheritedPropertySheets="..\..\..\build\vs\pjproject-vs8-release-static-defaults.vsprops;..\..\..\build\vs\pjproject-vs8-wm2003-release-defaults.vsprops"
ATLMinimizesCRunTimeLibraryUsage="false"
- CharacterSet="2"
+ CharacterSet="1"
>
<Tool
Name="VCPreBuildEventTool"
@@ -1484,10 +1476,10 @@
/>
<Tool
Name="VCMIDLTool"
- TargetEnvironment="3"
/>
<Tool
Name="VCCLCompilerTool"
+ ExecutionBucket="7"
AdditionalIncludeDirectories=".,../../srtp/include,../../srtp/crypto/include,../../../pjlib/include"
PreprocessorDefinitions="_LIB;"
PrecompiledHeaderFile=""
@@ -1503,7 +1495,7 @@
/>
<Tool
Name="VCLibrarianTool"
- OutputFile="..\..\lib\$(ProjectName)-$(TargetCPU)-$(PlatformName)-vc$(VSVer)-$(ConfigurationName).lib"
+ OutputFile="..\..\lib\$(ProjectName)-$(TargetCPU)-wm2003sp-vc$(VSVer)-$(ConfigurationName).lib"
/>
<Tool
Name="VCALinkTool"
@@ -1515,11 +1507,19 @@
Name="VCBscMakeTool"
/>
<Tool
- Name="VCFxCopTool"
+ Name="VCCodeSignTool"
/>
<Tool
Name="VCPostBuildEventTool"
/>
+ <DeploymentTool
+ ForceDirty="-1"
+ RemoteDirectory=""
+ RegisterOutput="0"
+ AdditionalFiles=""
+ />
+ <DebuggerTool
+ />
</Configuration>
<Configuration
Name="Debug|Windows Mobile 6 Standard SDK (ARMV4I)"
@@ -3115,6 +3115,10 @@
UniqueIdentifier="{4FC737F1-C7A5-4376-A066-2A32D752A2FF}"
>
<File
+ RelativePath="..\..\srtp\srtp\ekt.c"
+ >
+ </File>
+ <File
RelativePath="..\..\srtp\srtp\srtp.c"
>
</File>
@@ -3129,6 +3133,10 @@
UniqueIdentifier="{93995380-89BD-4b04-88EB-625FBE52EBFB}"
>
<File
+ RelativePath="..\..\srtp\include\ekt.h"
+ >
+ </File>
+ <File
RelativePath="..\..\srtp\include\rtp.h"
>
</File>
@@ -3149,14 +3157,6 @@
Name="crypto"
>
<Filter
- Name="ae_xfm"
- >
- <File
- RelativePath="..\..\srtp\crypto\ae_xfm\xfm.c"
- >
- </File>
- </Filter>
- <Filter
Name="cipher"
>
<File
diff --git a/third_party/build/srtp/srtp_config.h b/third_party/build/srtp/srtp_config.h
index 5f708c8e..806bc8b8 100644
--- a/third_party/build/srtp/srtp_config.h
+++ b/third_party/build/srtp/srtp_config.h
@@ -137,11 +137,15 @@
# define inline _inline
# endif
-# pragma warning(disable:4311)
-# pragma warning(disable:4761) // integral mismatch
-# pragma warning(disable:4018) // signed/unsigned mismatch
+//# pragma warning(disable:4311)
+//# pragma warning(disable:4761) // integral mismatch
+//# pragma warning(disable:4018) // signed/unsigned mismatch
# pragma warning(disable:4244) // conversion from int64 to int
# pragma warning(disable:4100) // unreferenced formal parameter
+# pragma warning(disable:4214) // bit field types other than int
+# pragma warning(disable:4389) // '!=' : signed/unsigned mismatch
+# pragma warning(disable:4701) // potentially uninitialized local variable used
+# pragma warning(disable:4702) // unreachable code
#endif
/* clock() */
@@ -220,6 +224,12 @@
/* Define to `unsigned' if <sys/types.h> does not define. */
/* #undef size_t */
+/* Define to the full name and version of this package. */
+#define PACKAGE_STRING "libsrtp 1.5.4"
+
+/* Define to the version of this package. */
+#define PACKAGE_VERSION "1.5.4"
+
#endif /* __SRTP_CONFIG_H__ */
diff --git a/third_party/srtp/CHANGES b/third_party/srtp/CHANGES
index 949c3893..b19ae542 100644
--- a/third_party/srtp/CHANGES
+++ b/third_party/srtp/CHANGES
@@ -1,5 +1,75 @@
Changelog
+1.5.4
+
+ Use BE byte ordering of RTCP trailer.
+
+ Allow zero length payload on unprotect.
+
+1.5.3
+
+ Fix for CVE-2015-6360.
+
+ Pull request 103 - Makefile.in: Don't hard-code ar.
+
+ Pull request 99 - Various fixes for compiling with Visual Studio.
+
+ Pull request 98 - Do not duplicate shared library when installing.
+
+ Please see commit log for a full list of other minor fixes.
+
+1.5.2
+
+ Autoconf checks for libz and libdl for buildroot support.
+
+ Pull request 96 - Include config.h to get inline on Windows.
+
+ Pull request 93 - Don't include AES-192 when compiling against BoringSSL.
+
+1.5.1
+
+ Pull request 95 - Additional header check from Chromium
+
+ Pull request 94 - Add missing copyright headers.
+
+ Pull request 90 - Fix out-of-source tree builds.
+
+ Pull request 89 - Introduce little endian RISC support
+
+ Pull request 86 - Add support for cross-compiling the shared library for Windows and OS X
+
+ Pull request 85 - Add -f <pcap filter> option to rtp_decoder
+
+ Pull request 84 - Avoid problems due to unsafe macros
+
+ Pull request 82 - Align the AES ICM nonce
+
+ Pull request 80 - Take advantage of base64 conversion in testapps
+
+ Pull request 75 - Cleanup: miscellaneous cleanup of initial OpenSSL AES support
+
+ Pull request 74 - Allow testing with pcap file or capture - Issue #45
+
+ Other trivial fixes are included as well. Please see github for details.
+
+1.5.0
+
+ Add support for using OpenSSL crypto using the --enable-openssl
+ option.
+
+ Add support for AES-GCM crypto suites.
+
+ Add support for pkg_config.
+
+ Add user data API to allow user to associate additional data with a
+ SRTP context.
+
+ This release also includes a variety of bug fixes, which can be
+ viewed at: https://github.com/cisco/libsrtp/commits/master
+
+ Note: The change log was not maintained between versions 1.3.20 and
+ 1.4.5.
+
1.3.20
Lots of changes. Thanks to Jeff Chan for catching a memory leak and
diff --git a/third_party/srtp/Makefile.in b/third_party/srtp/Makefile.in
index 97f5cb82..d9b2c4ff 100644
--- a/third_party/srtp/Makefile.in
+++ b/third_party/srtp/Makefile.in
@@ -9,11 +9,16 @@
# test builds test applications
# libcrypt.a static library implementing crypto engine
# libsrtp.a static library implementing srtp
+# libsrtp.so shared library implementing srtp
# clean removes objects, libs, and executables
# distribution cleans and builds a .tgz
# tags builds etags file from all .c and .h files
-.PHONY: all test build_table_apps
+USE_OPENSSL = @USE_OPENSSL@
+HAVE_PCAP = @HAVE_PCAP@
+HAVE_PKG_CONFIG = @HAVE_PKG_CONFIG@
+
+.PHONY: all shared_library test build_table_apps
all: test
@@ -26,7 +31,11 @@ runtest: build_table_apps test
test/roc_driver$(EXE) -v >/dev/null
test/replay_driver$(EXE) -v >/dev/null
test/dtls_srtp_driver$(EXE) >/dev/null
- cd test; ./rtpw_test.sh >/dev/null
+ crypto/test/rand_gen_soak$(EXE) -v >/dev/null
+ cd test; $(abspath $(srcdir))/test/rtpw_test.sh >/dev/null
+ifeq (1, $(USE_OPENSSL))
+ cd test; $(abspath $(srcdir))/test/rtpw_test_gcm.sh >/dev/null
+endif
@echo "libsrtp test applications passed."
$(MAKE) -C crypto runtest
@@ -35,24 +44,30 @@ runtest: build_table_apps test
CC = @CC@
INCDIR = -Icrypto/include -I$(srcdir)/include -I$(srcdir)/crypto/include
DEFS = @DEFS@
-CPPFLAGS= @CPPFLAGS@
+CPPFLAGS= -fPIC @CPPFLAGS@
CFLAGS = @CFLAGS@
LIBS = @LIBS@
-LDFLAGS = @LDFLAGS@ -L.
+LDFLAGS = -L. @LDFLAGS@
COMPILE = $(CC) $(DEFS) $(INCDIR) $(CPPFLAGS) $(CFLAGS)
SRTPLIB = -lsrtp
+AR = @AR@
RANLIB = @RANLIB@
INSTALL = @INSTALL@
# EXE defines the suffix on executables - it's .exe for Windows, and
# null on linux, bsd, and OS X and other OSes.
EXE = @EXE@
+
# gdoi is the group domain of interpretation for isakmp, a group key
# management system which can provide keys for srtp
gdoi = @GDOI_OBJS@
+
# Random source.
RNG_OBJS = @RNG_OBJS@
+HMAC_OBJS = @HMAC_OBJS@
+RNG_EXTRA_OBJS = @RNG_EXTRA_OBJS@
+AES_ICM_OBJS = @AES_ICM_OBJS@
srcdir = @srcdir@
top_srcdir = @top_srcdir@
@@ -62,7 +77,32 @@ prefix = @prefix@
exec_prefix = @exec_prefix@
includedir = @includedir@
libdir = @libdir@
-
+bindir = @bindir@
+
+ifeq (1, $(HAVE_PKG_CONFIG))
+pkgconfigdir = $(libdir)/pkgconfig
+pkgconfig_DATA = libsrtp.pc
+endif
+
+SHAREDLIBVERSION = 1
+ifeq (linux,$(findstring linux,@host@))
+SHAREDLIB_DIR = $(libdir)
+SHAREDLIB_LDFLAGS = -shared -Wl,-soname,$@
+SHAREDLIBSUFFIXNOVER = so
+SHAREDLIBSUFFIX = $(SHAREDLIBSUFFIXNOVER).$(SHAREDLIBVERSION)
+else ifeq (mingw,$(findstring mingw,@host@))
+SHAREDLIB_DIR = $(bindir)
+SHAREDLIB_LDFLAGS = -shared -Wl,--out-implib,libsrtp.dll.a
+SHAREDLIBVERSION =
+SHAREDLIBSUFFIXNOVER = dll
+SHAREDLIBSUFFIX = $(SHAREDLIBSUFFIXNOVER)
+else ifeq (darwin,$(findstring darwin,@host@))
+SHAREDLIB_DIR = $(libdir)
+SHAREDLIB_LDFLAGS = -dynamiclib -twolevel_namespace -undefined dynamic_lookup \
+ -fno-common -headerpad_max_install_names -install_name $(libdir)/$@
+SHAREDLIBSUFFIXNOVER = dylib
+SHAREDLIBSUFFIX = $(SHAREDLIBVERSION).$(SHAREDLIBSUFFIXNOVER)
+endif
# implicit rules for object files and test apps
@@ -75,11 +115,10 @@ libdir = @libdir@
# libcrypt.a (the crypto engine)
ciphers = crypto/cipher/cipher.o crypto/cipher/null_cipher.o \
- crypto/cipher/aes.o crypto/cipher/aes_icm.o \
- crypto/cipher/aes_cbc.o
+ $(AES_ICM_OBJS)
-hashes = crypto/hash/null_auth.o crypto/hash/sha1.o \
- crypto/hash/hmac.o crypto/hash/auth.o # crypto/hash/tmmhv2.o
+hashes = crypto/hash/null_auth.o crypto/hash/auth.o \
+ $(HMAC_OBJS)
replay = crypto/replay/rdb.o crypto/replay/rdbx.o \
crypto/replay/ut_sim.o
@@ -88,7 +127,7 @@ math = crypto/math/datatypes.o crypto/math/stat.o
ust = crypto/ust/ust.o
-rng = crypto/rng/$(RNG_OBJS) crypto/rng/prng.o crypto/rng/ctr_prng.o
+rng = crypto/rng/$(RNG_OBJS) $(RNG_EXTRA_OBJS)
err = crypto/kernel/err.o
@@ -99,12 +138,21 @@ cryptobj = $(ciphers) $(hashes) $(math) $(stat) $(kernel) $(replay)
# libsrtp.a (implements srtp processing)
-srtpobj = srtp/srtp.o
+srtpobj = srtp/srtp.o srtp/ekt.o
libsrtp.a: $(srtpobj) $(cryptobj) $(gdoi)
- ar cr libsrtp.a $^
+ $(AR) cr libsrtp.a $^
$(RANLIB) libsrtp.a
+libsrtp.$(SHAREDLIBSUFFIX): $(srtpobj) $(cryptobj) $(gdoi)
+ $(CC) -shared -o $@ $(SHAREDLIB_LDFLAGS) \
+ $^ $(LDFLAGS) $(LIBS)
+ if [ -n "$(SHAREDLIBVERSION)" ]; then \
+ ln -sfn $@ libsrtp.$(SHAREDLIBSUFFIXNOVER); \
+ fi
+
+shared_library: libsrtp.$(SHAREDLIBSUFFIX)
+
# libcryptomath.a contains general-purpose routines that are used to
# generate tables and verify cryptoalgorithm implementations - this
# library is not meant to be included in production code
@@ -112,25 +160,39 @@ libsrtp.a: $(srtpobj) $(cryptobj) $(gdoi)
cryptomath = crypto/math/math.o crypto/math/gf2_8.o
libcryptomath.a: $(cryptomath)
- ar cr libcryptomath.a $(cryptomath)
+ $(AR) cr libcryptomath.a $(cryptomath)
$(RANLIB) libcryptomath.a
# test applications
+ifneq (1, $(USE_OPENSSL))
+AES_CALC = crypto/test/aes_calc$(EXE)
+endif
-crypto_testapp = crypto/test/aes_calc$(EXE) crypto/test/cipher_driver$(EXE) \
+crypto_testapp = $(AES_CALC) crypto/test/cipher_driver$(EXE) \
crypto/test/datatypes_driver$(EXE) crypto/test/kernel_driver$(EXE) \
crypto/test/rand_gen$(EXE) crypto/test/sha1_driver$(EXE) \
- crypto/test/stat_driver$(EXE)
+ crypto/test/stat_driver$(EXE) crypto/test/rand_gen_soak$(EXE)
testapp = $(crypto_testapp) test/srtp_driver$(EXE) test/replay_driver$(EXE) \
test/roc_driver$(EXE) test/rdbx_driver$(EXE) test/rtpw$(EXE) \
test/dtls_srtp_driver$(EXE)
+ifeq (1, $(HAVE_PCAP))
+testapp += test/rtp_decoder$(EXE)
+endif
+
$(testapp): libsrtp.a
-test/rtpw$(EXE): test/rtpw.c test/rtp.c test/getopt_s.c
- $(COMPILE) $(LDFLAGS) -o $@ $^ $(LIBS) $(SRTPLIB)
+test/rtpw$(EXE): test/rtpw.c test/rtp.c test/getopt_s.c \
+ crypto/math/datatypes.c
+ $(COMPILE) -DTESTAPP_SOURCE=1 $(LDFLAGS) -o $@ $^ $(LIBS) $(SRTPLIB)
+
+ifeq (1, $(HAVE_PCAP))
+test/rtp_decoder$(EXE): test/rtp_decoder.c test/rtp.c test/getopt_s.c \
+ crypto/math/datatypes.c
+ $(COMPILE) -DTESTAPP_SOURCE=1 $(LDFLAGS) -o $@ $^ $(LIBS) $(SRTPLIB)
+endif
test/srtp_driver$(EXE): test/srtp_driver.c test/getopt_s.c
$(COMPILE) $(LDFLAGS) -o $@ $^ $(LIBS) $(SRTPLIB)
@@ -141,6 +203,18 @@ test/rdbx_driver$(EXE): test/rdbx_driver.c test/getopt_s.c
test/dtls_srtp_driver$(EXE): test/dtls_srtp_driver.c test/getopt_s.c
$(COMPILE) $(LDFLAGS) -o $@ $^ $(LIBS) $(SRTPLIB)
+crypto/test/cipher_driver$(EXE): crypto/test/cipher_driver.c test/getopt_s.c
+ $(COMPILE) $(LDFLAGS) -o $@ $^ $(LIBS) $(SRTPLIB)
+
+crypto/test/kernel_driver$(EXE): crypto/test/kernel_driver.c test/getopt_s.c
+ $(COMPILE) $(LDFLAGS) -o $@ $^ $(LIBS) $(SRTPLIB)
+
+crypto/test/rand_gen$(EXE): crypto/test/rand_gen.c test/getopt_s.c
+ $(COMPILE) $(LDFLAGS) -o $@ $^ $(LIBS) $(SRTPLIB)
+
+crypto/test/rand_gen_soak$(EXE): crypto/test/rand_gen_soak.c test/getopt_s.c
+ $(COMPILE) $(LDFLAGS) -o $@ $^ $(LIBS) $(SRTPLIB)
+
test: $(testapp)
@echo "Build done. Please run '$(MAKE) runtest' to run self tests."
@@ -186,25 +260,37 @@ tags:
libsrtpdoc:
$(MAKE) -C doc
-.PHONY: clean superclean install
+.PHONY: clean superclean distclean install
install:
- @if [ -d $(DESTDIR)$(includedir)/srtp ]; then \
- echo "you should run 'make uninstall' first"; exit 1; \
- fi
$(INSTALL) -d $(DESTDIR)$(includedir)/srtp
$(INSTALL) -d $(DESTDIR)$(libdir)
- cp include/*.h $(DESTDIR)$(includedir)/srtp
- cp crypto/include/*.h $(DESTDIR)$(includedir)/srtp
+ cp $(srcdir)/include/*.h $(DESTDIR)$(includedir)/srtp
+ cp $(srcdir)/crypto/include/*.h $(DESTDIR)$(includedir)/srtp
+ if [ "$(srcdir)" != "." ]; then cp crypto/include/*.h $(DESTDIR)$(includedir)/srtp; fi
if [ -f libsrtp.a ]; then cp libsrtp.a $(DESTDIR)$(libdir)/; fi
+ if [ -f libsrtp.dll.a ]; then cp libsrtp.dll.a $(DESTDIR)$(libdir)/; fi
+ if [ -f libsrtp.$(SHAREDLIBSUFFIX) ]; then \
+ $(INSTALL) -d $(DESTDIR)$(SHAREDLIB_DIR); \
+ cp libsrtp.$(SHAREDLIBSUFFIX) $(DESTDIR)$(SHAREDLIB_DIR)/; \
+ ln -sfn libsrtp.$(SHAREDLIBSUFFIX) $(DESTDIR)$(SHAREDLIB_DIR)/libsrtp.$(SHAREDLIBSUFFIXNOVER); \
+ fi
+ if [ "$(pkgconfig_DATA)" != "" ]; then \
+ $(INSTALL) -d $(DESTDIR)$(pkgconfigdir); \
+ cp $(top_builddir)/$(pkgconfig_DATA) $(DESTDIR)$(pkgconfigdir)/; \
+ fi
uninstall:
- rm -rf $(DESTDIR)$(includedir)/srtp
- rm -rf $(DESTDIR)$(libdir)/libsrtp.a
+ rm -f $(DESTDIR)$(includedir)/srtp/*.h
+ rm -f $(DESTDIR)$(libdir)/libsrtp.*
+ -rmdir $(DESTDIR)$(includedir)/srtp
+ if [ "$(pkgconfig_DATA)" != "" ]; then \
+ rm -f $(DESTDIR)$(pkgconfigdir)/$(pkgconfig_DATA); \
+ fi
clean:
rm -rf $(cryptobj) $(srtpobj) $(cryptomath) TAGS \
- libcryptomath.a libsrtp.a core *.core test/core
+ libcryptomath.a libsrtp.a libsrtp.so libsrtp.dll.a core *.core test/core
for a in * */* */*/*; do \
if [ -f "$$a~" ] ; then rm -f $$a~; fi; \
done;
@@ -217,16 +303,19 @@ clean:
superclean: clean
rm -rf crypto/include/config.h config.log config.cache config.status \
- Makefile .gdb_history test/.gdb_history .DS_Store
+ Makefile crypto/Makefile doc/Makefile \
+ .gdb_history test/.gdb_history .DS_Store
rm -rf autom4te.cache
-distname = srtp-$(shell cat VERSION)
+distclean: superclean
+
+distname = libsrtp-$(shell cat VERSION)
distribution: runtest superclean
if ! [ -f VERSION ]; then exit 1; fi
if [ -f ../$(distname).tgz ]; then \
mv ../$(distname).tgz ../$(distname).tgz.bak; \
fi
- cd ..; tar cvzf $(distname).tgz srtp
+ cd ..; tar cvzf $(distname).tgz libsrtp
# EOF
diff --git a/third_party/srtp/README b/third_party/srtp/README
index 08fafaed..b3ee6086 100644
--- a/third_party/srtp/README
+++ b/third_party/srtp/README
@@ -26,9 +26,10 @@ The configure script accepts the following options:
--enable-syslog use syslog for error reporting
--disable-stdout use stdout for error reporting
--enable-console use /dev/console for error reporting
+ --enable-openssl use OpenSSL crypto primitives
--gdoi use GDOI key management (disabled at present)
-By default, debbuging is enabled and stdout is used for debugging.
+By default, debugging is enabled and stdout is used for debugging.
You can use the above configure options to have the debugging output
sent to syslog or the system console. Alternatively, you can define
ERR_REPORTING_FILE in include/conf.h to be any other file that can be
@@ -77,7 +78,7 @@ Applications
Manual srtp keying uses the -k option; automated key management
using gdoi will be added later.
-usage: rtpw [-d <debug>]* [-k <key> [-a][-e]] [-s | -r] dest_ip dest_port
+usage: rtpw [-d <debug>]* [-k|b <key> [-a][-e <key size>][-g]] [-s | -r] dest_ip dest_port
or rtpw -l
Either the -s (sender) or -r (receiver) option must be chosen.
@@ -89,14 +90,19 @@ or rtpw -l
-s (s)rtp sender - causes app to send words
- -r (s)rtp receive - causes app to receve words
+ -r (s)rtp receive - causes app to receive words
-k <key> use srtp master key <key>, where the
key is a hexadecimal value (without the
leading "0x")
- -e encrypt/decrypt (for data confidentiality)
+ -b <key> same as -k but with base64 encoded key
+
+ -e <keysize> encrypt/decrypt (for data confidentiality)
(requires use of -k option as well)
+ (use 128, 192, or 256 for keysize)
+
+ -g use AES-GCM mode (must be used with -e)
-a message authentication
(requires use of -k option as well)
@@ -104,6 +110,8 @@ or rtpw -l
-l list debug modules
-d <debug> turn on debugging for module <debug>
+ -i specify input/output file
+ (instead of using dictionary file)
In order to get random 30-byte values for use as key/salt pairs , you
@@ -119,7 +127,7 @@ An example of an SRTP session using two rtpw programs follows:
set k=c1eec3717da76195bb878578790af71c4ee9f859e197a414a78d5abc7451
-[sh1]$ test/rtpw -s -k $k -ea 0.0.0.0 9999
+[sh1]$ test/rtpw -s -k $k -e 128 -a 0.0.0.0 9999
Security services: confidentiality message authentication
set master key/salt to C1EEC3717DA76195BB878578790AF71C/4EE9F859E197A414A78D5ABC7451
setting SSRC to 2078917053
@@ -129,7 +137,7 @@ sending word: aa
sending word: aal
...
-[sh2]$ test/rtpw -r -k $k -ea 0.0.0.0 9999
+[sh2]$ test/rtpw -r -k $k -e 128 -a 0.0.0.0 9999
security services: confidentiality message authentication
set master key/salt to C1EEC3717DA76195BB878578790AF71C/4EE9F859E197A414A78D5ABC7451
19 octets received from SSRC 2078917053 word: A
diff --git a/third_party/srtp/VERSION b/third_party/srtp/VERSION
index 1c99cf0e..94fe62c2 100644
--- a/third_party/srtp/VERSION
+++ b/third_party/srtp/VERSION
@@ -1 +1 @@
-1.4.4
+1.5.4
diff --git a/third_party/srtp/config.guess b/third_party/srtp/config.guess
index 7d0185e0..b02565c7 100644
--- a/third_party/srtp/config.guess
+++ b/third_party/srtp/config.guess
@@ -1,9 +1,10 @@
#! /bin/sh
# Attempt to guess a canonical system name.
# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
-# 2000, 2001, 2002, 2003, 2004 Free Software Foundation, Inc.
+# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010,
+# 2011 Free Software Foundation, Inc.
-timestamp='2004-09-07'
+timestamp='2011-06-03'
# This file is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
@@ -17,23 +18,25 @@ timestamp='2004-09-07'
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA
+# 02110-1301, USA.
#
# As a special exception to the GNU General Public License, if you
# distribute this file as part of a program that contains a
# configuration script generated by Autoconf, you may include it under
# the same distribution terms that you use for the rest of that program.
-# Originally written by Per Bothner <per@bothner.com>.
-# Please send patches to <config-patches@gnu.org>. Submit a context
-# diff and a properly formatted ChangeLog entry.
+
+# Originally written by Per Bothner. Please send patches (context
+# diff format) to <config-patches@gnu.org> and include a ChangeLog
+# entry.
#
# This script attempts to guess a canonical system name similar to
# config.sub. If it succeeds, it prints the system name on stdout, and
# exits with 0. Otherwise, it exits with 1.
#
-# The plan is that this can be called by configure scripts if you
-# don't specify an explicit build system type.
+# You can get the latest version of this script from:
+# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD
me=`echo "$0" | sed -e 's,.*/,,'`
@@ -53,8 +56,9 @@ version="\
GNU config.guess ($timestamp)
Originally written by Per Bothner.
-Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004
-Free Software Foundation, Inc.
+Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000,
+2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free
+Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
@@ -66,11 +70,11 @@ Try \`$me --help' for more information."
while test $# -gt 0 ; do
case $1 in
--time-stamp | --time* | -t )
- echo "$timestamp" ; exit 0 ;;
+ echo "$timestamp" ; exit ;;
--version | -v )
- echo "$version" ; exit 0 ;;
+ echo "$version" ; exit ;;
--help | --h* | -h )
- echo "$usage"; exit 0 ;;
+ echo "$usage"; exit ;;
-- ) # Stop option processing
shift; break ;;
- ) # Use stdin as input.
@@ -104,7 +108,7 @@ set_cc_for_build='
trap "exitcode=\$?; (rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null) && exit \$exitcode" 0 ;
trap "rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null; exit 1" 1 2 13 15 ;
: ${TMPDIR=/tmp} ;
- { tmp=`(umask 077 && mktemp -d -q "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } ||
+ { tmp=`(umask 077 && mktemp -d "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } ||
{ test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir $tmp) ; } ||
{ tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir $tmp) && echo "Warning: creating insecure temp directory" >&2 ; } ||
{ echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; } ;
@@ -123,7 +127,7 @@ case $CC_FOR_BUILD,$HOST_CC,$CC in
;;
,,*) CC_FOR_BUILD=$CC ;;
,*,*) CC_FOR_BUILD=$HOST_CC ;;
-esac ;'
+esac ; set_cc_for_build= ;'
# This is needed to find uname on a Pyramid OSx when run in the BSD universe.
# (ghazi@noc.rutgers.edu 1994-08-24)
@@ -158,6 +162,7 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
arm*) machine=arm-unknown ;;
sh3el) machine=shl-unknown ;;
sh3eb) machine=sh-unknown ;;
+ sh5el) machine=sh5le-unknown ;;
*) machine=${UNAME_MACHINE_ARCH}-unknown ;;
esac
# The Operating System including object format, if it has switched
@@ -166,7 +171,7 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
arm*|i386|m68k|ns32k|sh3*|sparc|vax)
eval $set_cc_for_build
if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \
- | grep __ELF__ >/dev/null
+ | grep -q __ELF__
then
# Once all utilities can be ECOFF (netbsdecoff) or a.out (netbsdaout).
# Return netbsd for either. FIX?
@@ -176,7 +181,7 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
fi
;;
*)
- os=netbsd
+ os=netbsd
;;
esac
# The OS release
@@ -196,62 +201,30 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
# contains redundant information, the shorter form:
# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used.
echo "${machine}-${os}${release}"
- exit 0 ;;
- amd64:OpenBSD:*:*)
- echo x86_64-unknown-openbsd${UNAME_RELEASE}
- exit 0 ;;
- amiga:OpenBSD:*:*)
- echo m68k-unknown-openbsd${UNAME_RELEASE}
- exit 0 ;;
- cats:OpenBSD:*:*)
- echo arm-unknown-openbsd${UNAME_RELEASE}
- exit 0 ;;
- hp300:OpenBSD:*:*)
- echo m68k-unknown-openbsd${UNAME_RELEASE}
- exit 0 ;;
- luna88k:OpenBSD:*:*)
- echo m88k-unknown-openbsd${UNAME_RELEASE}
- exit 0 ;;
- mac68k:OpenBSD:*:*)
- echo m68k-unknown-openbsd${UNAME_RELEASE}
- exit 0 ;;
- macppc:OpenBSD:*:*)
- echo powerpc-unknown-openbsd${UNAME_RELEASE}
- exit 0 ;;
- mvme68k:OpenBSD:*:*)
- echo m68k-unknown-openbsd${UNAME_RELEASE}
- exit 0 ;;
- mvme88k:OpenBSD:*:*)
- echo m88k-unknown-openbsd${UNAME_RELEASE}
- exit 0 ;;
- mvmeppc:OpenBSD:*:*)
- echo powerpc-unknown-openbsd${UNAME_RELEASE}
- exit 0 ;;
- sgi:OpenBSD:*:*)
- echo mips64-unknown-openbsd${UNAME_RELEASE}
- exit 0 ;;
- sun3:OpenBSD:*:*)
- echo m68k-unknown-openbsd${UNAME_RELEASE}
- exit 0 ;;
+ exit ;;
*:OpenBSD:*:*)
- echo ${UNAME_MACHINE}-unknown-openbsd${UNAME_RELEASE}
- exit 0 ;;
+ UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'`
+ echo ${UNAME_MACHINE_ARCH}-unknown-openbsd${UNAME_RELEASE}
+ exit ;;
*:ekkoBSD:*:*)
echo ${UNAME_MACHINE}-unknown-ekkobsd${UNAME_RELEASE}
- exit 0 ;;
+ exit ;;
+ *:SolidBSD:*:*)
+ echo ${UNAME_MACHINE}-unknown-solidbsd${UNAME_RELEASE}
+ exit ;;
macppc:MirBSD:*:*)
- echo powerppc-unknown-mirbsd${UNAME_RELEASE}
- exit 0 ;;
+ echo powerpc-unknown-mirbsd${UNAME_RELEASE}
+ exit ;;
*:MirBSD:*:*)
echo ${UNAME_MACHINE}-unknown-mirbsd${UNAME_RELEASE}
- exit 0 ;;
+ exit ;;
alpha:OSF1:*:*)
case $UNAME_RELEASE in
*4.0)
UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'`
;;
*5.*)
- UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $4}'`
+ UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $4}'`
;;
esac
# According to Compaq, /usr/sbin/psrinfo has been available on
@@ -297,37 +270,46 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
# A Xn.n version is an unreleased experimental baselevel.
# 1.2 uses "1.2" for uname -r.
echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
- exit 0 ;;
+ # Reset EXIT trap before exiting to avoid spurious non-zero exit code.
+ exitcode=$?
+ trap '' 0
+ exit $exitcode ;;
Alpha\ *:Windows_NT*:*)
# How do we know it's Interix rather than the generic POSIX subsystem?
# Should we change UNAME_MACHINE based on the output of uname instead
# of the specific Alpha model?
echo alpha-pc-interix
- exit 0 ;;
+ exit ;;
21064:Windows_NT:50:3)
echo alpha-dec-winnt3.5
- exit 0 ;;
+ exit ;;
Amiga*:UNIX_System_V:4.0:*)
echo m68k-unknown-sysv4
- exit 0;;
+ exit ;;
*:[Aa]miga[Oo][Ss]:*:*)
echo ${UNAME_MACHINE}-unknown-amigaos
- exit 0 ;;
+ exit ;;
*:[Mm]orph[Oo][Ss]:*:*)
echo ${UNAME_MACHINE}-unknown-morphos
- exit 0 ;;
+ exit ;;
*:OS/390:*:*)
echo i370-ibm-openedition
- exit 0 ;;
+ exit ;;
+ *:z/VM:*:*)
+ echo s390-ibm-zvmoe
+ exit ;;
*:OS400:*:*)
- echo powerpc-ibm-os400
- exit 0 ;;
+ echo powerpc-ibm-os400
+ exit ;;
arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*)
echo arm-acorn-riscix${UNAME_RELEASE}
- exit 0;;
+ exit ;;
+ arm:riscos:*:*|arm:RISCOS:*:*)
+ echo arm-unknown-riscos
+ exit ;;
SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*)
echo hppa1.1-hitachi-hiuxmpp
- exit 0;;
+ exit ;;
Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*)
# akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE.
if test "`(/bin/universe) 2>/dev/null`" = att ; then
@@ -335,32 +317,51 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
else
echo pyramid-pyramid-bsd
fi
- exit 0 ;;
+ exit ;;
NILE*:*:*:dcosx)
echo pyramid-pyramid-svr4
- exit 0 ;;
+ exit ;;
DRS?6000:unix:4.0:6*)
echo sparc-icl-nx6
- exit 0 ;;
- DRS?6000:UNIX_SV:4.2*:7*)
+ exit ;;
+ DRS?6000:UNIX_SV:4.2*:7* | DRS?6000:isis:4.2*:7*)
case `/usr/bin/uname -p` in
- sparc) echo sparc-icl-nx7 && exit 0 ;;
+ sparc) echo sparc-icl-nx7; exit ;;
esac ;;
+ s390x:SunOS:*:*)
+ echo ${UNAME_MACHINE}-ibm-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+ exit ;;
sun4H:SunOS:5.*:*)
echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
- exit 0 ;;
+ exit ;;
sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*)
echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
- exit 0 ;;
- i86pc:SunOS:5.*:*)
- echo i386-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
- exit 0 ;;
+ exit ;;
+ i86pc:AuroraUX:5.*:* | i86xen:AuroraUX:5.*:*)
+ echo i386-pc-auroraux${UNAME_RELEASE}
+ exit ;;
+ i86pc:SunOS:5.*:* | i86xen:SunOS:5.*:*)
+ eval $set_cc_for_build
+ SUN_ARCH="i386"
+ # If there is a compiler, see if it is configured for 64-bit objects.
+ # Note that the Sun cc does not turn __LP64__ into 1 like gcc does.
+ # This test works for both compilers.
+ if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then
+ if (echo '#ifdef __amd64'; echo IS_64BIT_ARCH; echo '#endif') | \
+ (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \
+ grep IS_64BIT_ARCH >/dev/null
+ then
+ SUN_ARCH="x86_64"
+ fi
+ fi
+ echo ${SUN_ARCH}-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+ exit ;;
sun4*:SunOS:6*:*)
# According to config.sub, this is the proper way to canonicalize
# SunOS6. Hard to guess exactly what SunOS6 will be like, but
# it's likely to be more like Solaris than SunOS4.
echo sparc-sun-solaris3`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
- exit 0 ;;
+ exit ;;
sun4*:SunOS:*:*)
case "`/usr/bin/arch -k`" in
Series*|S4*)
@@ -369,10 +370,10 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
esac
# Japanese Language versions have a version number like `4.1.3-JL'.
echo sparc-sun-sunos`echo ${UNAME_RELEASE}|sed -e 's/-/_/'`
- exit 0 ;;
+ exit ;;
sun3*:SunOS:*:*)
echo m68k-sun-sunos${UNAME_RELEASE}
- exit 0 ;;
+ exit ;;
sun*:*:4.2BSD:*)
UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null`
test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3
@@ -384,10 +385,10 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
echo sparc-sun-sunos${UNAME_RELEASE}
;;
esac
- exit 0 ;;
+ exit ;;
aushp:SunOS:*:*)
echo sparc-auspex-sunos${UNAME_RELEASE}
- exit 0 ;;
+ exit ;;
# The situation for MiNT is a little confusing. The machine name
# can be virtually everything (everything which is not
# "atarist" or "atariste" at least should have a processor
@@ -397,41 +398,41 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
# MiNT. But MiNT is downward compatible to TOS, so this should
# be no problem.
atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*)
- echo m68k-atari-mint${UNAME_RELEASE}
- exit 0 ;;
+ echo m68k-atari-mint${UNAME_RELEASE}
+ exit ;;
atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*)
echo m68k-atari-mint${UNAME_RELEASE}
- exit 0 ;;
+ exit ;;
*falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*)
- echo m68k-atari-mint${UNAME_RELEASE}
- exit 0 ;;
+ echo m68k-atari-mint${UNAME_RELEASE}
+ exit ;;
milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*)
- echo m68k-milan-mint${UNAME_RELEASE}
- exit 0 ;;
+ echo m68k-milan-mint${UNAME_RELEASE}
+ exit ;;
hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*)
- echo m68k-hades-mint${UNAME_RELEASE}
- exit 0 ;;
+ echo m68k-hades-mint${UNAME_RELEASE}
+ exit ;;
*:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*)
- echo m68k-unknown-mint${UNAME_RELEASE}
- exit 0 ;;
+ echo m68k-unknown-mint${UNAME_RELEASE}
+ exit ;;
m68k:machten:*:*)
echo m68k-apple-machten${UNAME_RELEASE}
- exit 0 ;;
+ exit ;;
powerpc:machten:*:*)
echo powerpc-apple-machten${UNAME_RELEASE}
- exit 0 ;;
+ exit ;;
RISC*:Mach:*:*)
echo mips-dec-mach_bsd4.3
- exit 0 ;;
+ exit ;;
RISC*:ULTRIX:*:*)
echo mips-dec-ultrix${UNAME_RELEASE}
- exit 0 ;;
+ exit ;;
VAX*:ULTRIX*:*:*)
echo vax-dec-ultrix${UNAME_RELEASE}
- exit 0 ;;
+ exit ;;
2020:CLIX:*:* | 2430:CLIX:*:*)
echo clipper-intergraph-clix${UNAME_RELEASE}
- exit 0 ;;
+ exit ;;
mips:*:*:UMIPS | mips:*:*:RISCos)
eval $set_cc_for_build
sed 's/^ //' << EOF >$dummy.c
@@ -455,35 +456,36 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
exit (-1);
}
EOF
- $CC_FOR_BUILD -o $dummy $dummy.c \
- && $dummy `echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` \
- && exit 0
+ $CC_FOR_BUILD -o $dummy $dummy.c &&
+ dummyarg=`echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` &&
+ SYSTEM_NAME=`$dummy $dummyarg` &&
+ { echo "$SYSTEM_NAME"; exit; }
echo mips-mips-riscos${UNAME_RELEASE}
- exit 0 ;;
+ exit ;;
Motorola:PowerMAX_OS:*:*)
echo powerpc-motorola-powermax
- exit 0 ;;
+ exit ;;
Motorola:*:4.3:PL8-*)
echo powerpc-harris-powermax
- exit 0 ;;
+ exit ;;
Night_Hawk:*:*:PowerMAX_OS | Synergy:PowerMAX_OS:*:*)
echo powerpc-harris-powermax
- exit 0 ;;
+ exit ;;
Night_Hawk:Power_UNIX:*:*)
echo powerpc-harris-powerunix
- exit 0 ;;
+ exit ;;
m88k:CX/UX:7*:*)
echo m88k-harris-cxux7
- exit 0 ;;
+ exit ;;
m88k:*:4*:R4*)
echo m88k-motorola-sysv4
- exit 0 ;;
+ exit ;;
m88k:*:3*:R3*)
echo m88k-motorola-sysv3
- exit 0 ;;
+ exit ;;
AViiON:dgux:*:*)
- # DG/UX returns AViiON for all architectures
- UNAME_PROCESSOR=`/usr/bin/uname -p`
+ # DG/UX returns AViiON for all architectures
+ UNAME_PROCESSOR=`/usr/bin/uname -p`
if [ $UNAME_PROCESSOR = mc88100 ] || [ $UNAME_PROCESSOR = mc88110 ]
then
if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx ] || \
@@ -496,29 +498,29 @@ EOF
else
echo i586-dg-dgux${UNAME_RELEASE}
fi
- exit 0 ;;
+ exit ;;
M88*:DolphinOS:*:*) # DolphinOS (SVR3)
echo m88k-dolphin-sysv3
- exit 0 ;;
+ exit ;;
M88*:*:R3*:*)
# Delta 88k system running SVR3
echo m88k-motorola-sysv3
- exit 0 ;;
+ exit ;;
XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3)
echo m88k-tektronix-sysv3
- exit 0 ;;
+ exit ;;
Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD)
echo m68k-tektronix-bsd
- exit 0 ;;
+ exit ;;
*:IRIX*:*:*)
echo mips-sgi-irix`echo ${UNAME_RELEASE}|sed -e 's/-/_/g'`
- exit 0 ;;
+ exit ;;
????????:AIX?:[12].1:2) # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX.
- echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id
- exit 0 ;; # Note that: echo "'`uname -s`'" gives 'AIX '
+ echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id
+ exit ;; # Note that: echo "'`uname -s`'" gives 'AIX '
i*86:AIX:*:*)
echo i386-ibm-aix
- exit 0 ;;
+ exit ;;
ia64:AIX:*:*)
if [ -x /usr/bin/oslevel ] ; then
IBM_REV=`/usr/bin/oslevel`
@@ -526,7 +528,7 @@ EOF
IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE}
fi
echo ${UNAME_MACHINE}-ibm-aix${IBM_REV}
- exit 0 ;;
+ exit ;;
*:AIX:2:3)
if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then
eval $set_cc_for_build
@@ -541,15 +543,19 @@ EOF
exit(0);
}
EOF
- $CC_FOR_BUILD -o $dummy $dummy.c && $dummy && exit 0
- echo rs6000-ibm-aix3.2.5
+ if $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy`
+ then
+ echo "$SYSTEM_NAME"
+ else
+ echo rs6000-ibm-aix3.2.5
+ fi
elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then
echo rs6000-ibm-aix3.2.4
else
echo rs6000-ibm-aix3.2
fi
- exit 0 ;;
- *:AIX:*:[45])
+ exit ;;
+ *:AIX:*:[4567])
IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'`
if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then
IBM_ARCH=rs6000
@@ -562,28 +568,28 @@ EOF
IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE}
fi
echo ${IBM_ARCH}-ibm-aix${IBM_REV}
- exit 0 ;;
+ exit ;;
*:AIX:*:*)
echo rs6000-ibm-aix
- exit 0 ;;
+ exit ;;
ibmrt:4.4BSD:*|romp-ibm:BSD:*)
echo romp-ibm-bsd4.4
- exit 0 ;;
+ exit ;;
ibmrt:*BSD:*|romp-ibm:BSD:*) # covers RT/PC BSD and
echo romp-ibm-bsd${UNAME_RELEASE} # 4.3 with uname added to
- exit 0 ;; # report: romp-ibm BSD 4.3
+ exit ;; # report: romp-ibm BSD 4.3
*:BOSX:*:*)
echo rs6000-bull-bosx
- exit 0 ;;
+ exit ;;
DPX/2?00:B.O.S.:*:*)
echo m68k-bull-sysv3
- exit 0 ;;
+ exit ;;
9000/[34]??:4.3bsd:1.*:*)
echo m68k-hp-bsd
- exit 0 ;;
+ exit ;;
hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*)
echo m68k-hp-bsd4.4
- exit 0 ;;
+ exit ;;
9000/[34678]??:HP-UX:*:*)
HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'`
case "${UNAME_MACHINE}" in
@@ -592,52 +598,52 @@ EOF
9000/[678][0-9][0-9])
if [ -x /usr/bin/getconf ]; then
sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null`
- sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null`
- case "${sc_cpu_version}" in
- 523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0
- 528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1
- 532) # CPU_PA_RISC2_0
- case "${sc_kernel_bits}" in
- 32) HP_ARCH="hppa2.0n" ;;
- 64) HP_ARCH="hppa2.0w" ;;
+ sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null`
+ case "${sc_cpu_version}" in
+ 523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0
+ 528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1
+ 532) # CPU_PA_RISC2_0
+ case "${sc_kernel_bits}" in
+ 32) HP_ARCH="hppa2.0n" ;;
+ 64) HP_ARCH="hppa2.0w" ;;
'') HP_ARCH="hppa2.0" ;; # HP-UX 10.20
- esac ;;
- esac
+ esac ;;
+ esac
fi
if [ "${HP_ARCH}" = "" ]; then
eval $set_cc_for_build
- sed 's/^ //' << EOF >$dummy.c
+ sed 's/^ //' << EOF >$dummy.c
- #define _HPUX_SOURCE
- #include <stdlib.h>
- #include <unistd.h>
+ #define _HPUX_SOURCE
+ #include <stdlib.h>
+ #include <unistd.h>
- int main ()
- {
- #if defined(_SC_KERNEL_BITS)
- long bits = sysconf(_SC_KERNEL_BITS);
- #endif
- long cpu = sysconf (_SC_CPU_VERSION);
+ int main ()
+ {
+ #if defined(_SC_KERNEL_BITS)
+ long bits = sysconf(_SC_KERNEL_BITS);
+ #endif
+ long cpu = sysconf (_SC_CPU_VERSION);
- switch (cpu)
- {
- case CPU_PA_RISC1_0: puts ("hppa1.0"); break;
- case CPU_PA_RISC1_1: puts ("hppa1.1"); break;
- case CPU_PA_RISC2_0:
- #if defined(_SC_KERNEL_BITS)
- switch (bits)
- {
- case 64: puts ("hppa2.0w"); break;
- case 32: puts ("hppa2.0n"); break;
- default: puts ("hppa2.0"); break;
- } break;
- #else /* !defined(_SC_KERNEL_BITS) */
- puts ("hppa2.0"); break;
- #endif
- default: puts ("hppa1.0"); break;
- }
- exit (0);
- }
+ switch (cpu)
+ {
+ case CPU_PA_RISC1_0: puts ("hppa1.0"); break;
+ case CPU_PA_RISC1_1: puts ("hppa1.1"); break;
+ case CPU_PA_RISC2_0:
+ #if defined(_SC_KERNEL_BITS)
+ switch (bits)
+ {
+ case 64: puts ("hppa2.0w"); break;
+ case 32: puts ("hppa2.0n"); break;
+ default: puts ("hppa2.0"); break;
+ } break;
+ #else /* !defined(_SC_KERNEL_BITS) */
+ puts ("hppa2.0"); break;
+ #endif
+ default: puts ("hppa1.0"); break;
+ }
+ exit (0);
+ }
EOF
(CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy`
test -z "$HP_ARCH" && HP_ARCH=hppa
@@ -645,9 +651,19 @@ EOF
esac
if [ ${HP_ARCH} = "hppa2.0w" ]
then
- # avoid double evaluation of $set_cc_for_build
- test -n "$CC_FOR_BUILD" || eval $set_cc_for_build
- if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E -) | grep __LP64__ >/dev/null
+ eval $set_cc_for_build
+
+ # hppa2.0w-hp-hpux* has a 64-bit kernel and a compiler generating
+ # 32-bit code. hppa64-hp-hpux* has the same kernel and a compiler
+ # generating 64-bit code. GNU and HP use different nomenclature:
+ #
+ # $ CC_FOR_BUILD=cc ./config.guess
+ # => hppa2.0w-hp-hpux11.23
+ # $ CC_FOR_BUILD="cc +DA2.0w" ./config.guess
+ # => hppa64-hp-hpux11.23
+
+ if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) |
+ grep -q __LP64__
then
HP_ARCH="hppa2.0w"
else
@@ -655,11 +671,11 @@ EOF
fi
fi
echo ${HP_ARCH}-hp-hpux${HPUX_REV}
- exit 0 ;;
+ exit ;;
ia64:HP-UX:*:*)
HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'`
echo ia64-hp-hpux${HPUX_REV}
- exit 0 ;;
+ exit ;;
3050*:HI-UX:*:*)
eval $set_cc_for_build
sed 's/^ //' << EOF >$dummy.c
@@ -687,216 +703,254 @@ EOF
exit (0);
}
EOF
- $CC_FOR_BUILD -o $dummy $dummy.c && $dummy && exit 0
+ $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` &&
+ { echo "$SYSTEM_NAME"; exit; }
echo unknown-hitachi-hiuxwe2
- exit 0 ;;
+ exit ;;
9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* )
echo hppa1.1-hp-bsd
- exit 0 ;;
+ exit ;;
9000/8??:4.3bsd:*:*)
echo hppa1.0-hp-bsd
- exit 0 ;;
+ exit ;;
*9??*:MPE/iX:*:* | *3000*:MPE/iX:*:*)
echo hppa1.0-hp-mpeix
- exit 0 ;;
+ exit ;;
hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* )
echo hppa1.1-hp-osf
- exit 0 ;;
+ exit ;;
hp8??:OSF1:*:*)
echo hppa1.0-hp-osf
- exit 0 ;;
+ exit ;;
i*86:OSF1:*:*)
if [ -x /usr/sbin/sysversion ] ; then
echo ${UNAME_MACHINE}-unknown-osf1mk
else
echo ${UNAME_MACHINE}-unknown-osf1
fi
- exit 0 ;;
+ exit ;;
parisc*:Lites*:*:*)
echo hppa1.1-hp-lites
- exit 0 ;;
+ exit ;;
C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*)
echo c1-convex-bsd
- exit 0 ;;
+ exit ;;
C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*)
if getsysinfo -f scalar_acc
then echo c32-convex-bsd
else echo c2-convex-bsd
fi
- exit 0 ;;
+ exit ;;
C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*)
echo c34-convex-bsd
- exit 0 ;;
+ exit ;;
C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*)
echo c38-convex-bsd
- exit 0 ;;
+ exit ;;
C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*)
echo c4-convex-bsd
- exit 0 ;;
+ exit ;;
CRAY*Y-MP:*:*:*)
echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
- exit 0 ;;
+ exit ;;
CRAY*[A-Z]90:*:*:*)
echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \
| sed -e 's/CRAY.*\([A-Z]90\)/\1/' \
-e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ \
-e 's/\.[^.]*$/.X/'
- exit 0 ;;
+ exit ;;
CRAY*TS:*:*:*)
echo t90-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
- exit 0 ;;
+ exit ;;
CRAY*T3E:*:*:*)
echo alphaev5-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
- exit 0 ;;
+ exit ;;
CRAY*SV1:*:*:*)
echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
- exit 0 ;;
+ exit ;;
*:UNICOS/mp:*:*)
echo craynv-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
- exit 0 ;;
+ exit ;;
F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*)
FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
- FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
- FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'`
- echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
- exit 0 ;;
+ FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
+ FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'`
+ echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
+ exit ;;
5000:UNIX_System_V:4.*:*)
- FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
- FUJITSU_REL=`echo ${UNAME_RELEASE} | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/ /_/'`
- echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
- exit 0 ;;
+ FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
+ FUJITSU_REL=`echo ${UNAME_RELEASE} | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/ /_/'`
+ echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
+ exit ;;
i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*)
echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE}
- exit 0 ;;
+ exit ;;
sparc*:BSD/OS:*:*)
echo sparc-unknown-bsdi${UNAME_RELEASE}
- exit 0 ;;
+ exit ;;
*:BSD/OS:*:*)
echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE}
- exit 0 ;;
+ exit ;;
*:FreeBSD:*:*)
- echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`
- exit 0 ;;
+ case ${UNAME_MACHINE} in
+ pc98)
+ echo i386-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
+ amd64)
+ echo x86_64-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
+ *)
+ echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
+ esac
+ exit ;;
i*:CYGWIN*:*)
echo ${UNAME_MACHINE}-pc-cygwin
- exit 0 ;;
- i*:MINGW*:*)
+ exit ;;
+ *:MINGW*:*)
echo ${UNAME_MACHINE}-pc-mingw32
- exit 0 ;;
+ exit ;;
+ i*:windows32*:*)
+ # uname -m includes "-pc" on this system.
+ echo ${UNAME_MACHINE}-mingw32
+ exit ;;
i*:PW*:*)
echo ${UNAME_MACHINE}-pc-pw32
- exit 0 ;;
- x86:Interix*:[34]*)
- echo i586-pc-interix${UNAME_RELEASE}|sed -e 's/\..*//'
- exit 0 ;;
+ exit ;;
+ *:Interix*:*)
+ case ${UNAME_MACHINE} in
+ x86)
+ echo i586-pc-interix${UNAME_RELEASE}
+ exit ;;
+ authenticamd | genuineintel | EM64T)
+ echo x86_64-unknown-interix${UNAME_RELEASE}
+ exit ;;
+ IA64)
+ echo ia64-unknown-interix${UNAME_RELEASE}
+ exit ;;
+ esac ;;
[345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*)
echo i${UNAME_MACHINE}-pc-mks
- exit 0 ;;
+ exit ;;
+ 8664:Windows_NT:*)
+ echo x86_64-pc-mks
+ exit ;;
i*:Windows_NT*:* | Pentium*:Windows_NT*:*)
# How do we know it's Interix rather than the generic POSIX subsystem?
# It also conflicts with pre-2.0 versions of AT&T UWIN. Should we
# UNAME_MACHINE based on the output of uname instead of i386?
echo i586-pc-interix
- exit 0 ;;
+ exit ;;
i*:UWIN*:*)
echo ${UNAME_MACHINE}-pc-uwin
- exit 0 ;;
+ exit ;;
+ amd64:CYGWIN*:*:* | x86_64:CYGWIN*:*:*)
+ echo x86_64-unknown-cygwin
+ exit ;;
p*:CYGWIN*:*)
echo powerpcle-unknown-cygwin
- exit 0 ;;
+ exit ;;
prep*:SunOS:5.*:*)
echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
- exit 0 ;;
+ exit ;;
*:GNU:*:*)
# the GNU system
echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'`
- exit 0 ;;
+ exit ;;
*:GNU/*:*:*)
# other systems with GNU libc and userland
echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-gnu
- exit 0 ;;
+ exit ;;
i*86:Minix:*:*)
echo ${UNAME_MACHINE}-pc-minix
- exit 0 ;;
+ exit ;;
+ alpha:Linux:*:*)
+ case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in
+ EV5) UNAME_MACHINE=alphaev5 ;;
+ EV56) UNAME_MACHINE=alphaev56 ;;
+ PCA56) UNAME_MACHINE=alphapca56 ;;
+ PCA57) UNAME_MACHINE=alphapca56 ;;
+ EV6) UNAME_MACHINE=alphaev6 ;;
+ EV67) UNAME_MACHINE=alphaev67 ;;
+ EV68*) UNAME_MACHINE=alphaev68 ;;
+ esac
+ objdump --private-headers /bin/sh | grep -q ld.so.1
+ if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi
+ echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC}
+ exit ;;
arm*:Linux:*:*)
+ eval $set_cc_for_build
+ if echo __ARM_EABI__ | $CC_FOR_BUILD -E - 2>/dev/null \
+ | grep -q __ARM_EABI__
+ then
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+ else
+ if echo __ARM_PCS_VFP | $CC_FOR_BUILD -E - 2>/dev/null \
+ | grep -q __ARM_PCS_VFP
+ then
+ echo ${UNAME_MACHINE}-unknown-linux-gnueabi
+ else
+ echo ${UNAME_MACHINE}-unknown-linux-gnueabihf
+ fi
+ fi
+ exit ;;
+ avr32*:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-gnu
- exit 0 ;;
+ exit ;;
cris:Linux:*:*)
echo cris-axis-linux-gnu
- exit 0 ;;
+ exit ;;
crisv32:Linux:*:*)
echo crisv32-axis-linux-gnu
- exit 0 ;;
+ exit ;;
frv:Linux:*:*)
- echo frv-unknown-linux-gnu
- exit 0 ;;
+ echo frv-unknown-linux-gnu
+ exit ;;
+ i*86:Linux:*:*)
+ LIBC=gnu
+ eval $set_cc_for_build
+ sed 's/^ //' << EOF >$dummy.c
+ #ifdef __dietlibc__
+ LIBC=dietlibc
+ #endif
+EOF
+ eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^LIBC'`
+ echo "${UNAME_MACHINE}-pc-linux-${LIBC}"
+ exit ;;
ia64:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-gnu
- exit 0 ;;
+ exit ;;
m32r*:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-gnu
- exit 0 ;;
+ exit ;;
m68*:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-gnu
- exit 0 ;;
- mips:Linux:*:*)
+ exit ;;
+ mips:Linux:*:* | mips64:Linux:*:*)
eval $set_cc_for_build
sed 's/^ //' << EOF >$dummy.c
#undef CPU
- #undef mips
- #undef mipsel
+ #undef ${UNAME_MACHINE}
+ #undef ${UNAME_MACHINE}el
#if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL)
- CPU=mipsel
+ CPU=${UNAME_MACHINE}el
#else
#if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB)
- CPU=mips
+ CPU=${UNAME_MACHINE}
#else
CPU=
#endif
#endif
EOF
- eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^CPU=`
- test x"${CPU}" != x && echo "${CPU}-unknown-linux-gnu" && exit 0
+ eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^CPU'`
+ test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; }
;;
- mips64:Linux:*:*)
- eval $set_cc_for_build
- sed 's/^ //' << EOF >$dummy.c
- #undef CPU
- #undef mips64
- #undef mips64el
- #if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL)
- CPU=mips64el
- #else
- #if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB)
- CPU=mips64
- #else
- CPU=
- #endif
- #endif
-EOF
- eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^CPU=`
- test x"${CPU}" != x && echo "${CPU}-unknown-linux-gnu" && exit 0
- ;;
- ppc:Linux:*:*)
- echo powerpc-unknown-linux-gnu
- exit 0 ;;
- ppc64:Linux:*:*)
- echo powerpc64-unknown-linux-gnu
- exit 0 ;;
- alpha:Linux:*:*)
- case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in
- EV5) UNAME_MACHINE=alphaev5 ;;
- EV56) UNAME_MACHINE=alphaev56 ;;
- PCA56) UNAME_MACHINE=alphapca56 ;;
- PCA57) UNAME_MACHINE=alphapca56 ;;
- EV6) UNAME_MACHINE=alphaev6 ;;
- EV67) UNAME_MACHINE=alphaev67 ;;
- EV68*) UNAME_MACHINE=alphaev68 ;;
- esac
- objdump --private-headers /bin/sh | grep ld.so.1 >/dev/null
- if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi
- echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC}
- exit 0 ;;
+ or32:Linux:*:*)
+ echo or32-unknown-linux-gnu
+ exit ;;
+ padre:Linux:*:*)
+ echo sparc-unknown-linux-gnu
+ exit ;;
+ parisc64:Linux:*:* | hppa64:Linux:*:*)
+ echo hppa64-unknown-linux-gnu
+ exit ;;
parisc:Linux:*:* | hppa:Linux:*:*)
# Look for CPU level
case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in
@@ -904,115 +958,71 @@ EOF
PA8*) echo hppa2.0-unknown-linux-gnu ;;
*) echo hppa-unknown-linux-gnu ;;
esac
- exit 0 ;;
- parisc64:Linux:*:* | hppa64:Linux:*:*)
- echo hppa64-unknown-linux-gnu
- exit 0 ;;
+ exit ;;
+ ppc64:Linux:*:*)
+ echo powerpc64-unknown-linux-gnu
+ exit ;;
+ ppc:Linux:*:*)
+ echo powerpc-unknown-linux-gnu
+ exit ;;
s390:Linux:*:* | s390x:Linux:*:*)
echo ${UNAME_MACHINE}-ibm-linux
- exit 0 ;;
+ exit ;;
sh64*:Linux:*:*)
- echo ${UNAME_MACHINE}-unknown-linux-gnu
- exit 0 ;;
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+ exit ;;
sh*:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-gnu
- exit 0 ;;
+ exit ;;
sparc:Linux:*:* | sparc64:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-gnu
- exit 0 ;;
+ exit ;;
+ tile*:Linux:*:*)
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+ exit ;;
+ vax:Linux:*:*)
+ echo ${UNAME_MACHINE}-dec-linux-gnu
+ exit ;;
x86_64:Linux:*:*)
echo x86_64-unknown-linux-gnu
- exit 0 ;;
- i*86:Linux:*:*)
- # The BFD linker knows what the default object file format is, so
- # first see if it will tell us. cd to the root directory to prevent
- # problems with other programs or directories called `ld' in the path.
- # Set LC_ALL=C to ensure ld outputs messages in English.
- ld_supported_targets=`cd /; LC_ALL=C ld --help 2>&1 \
- | sed -ne '/supported targets:/!d
- s/[ ][ ]*/ /g
- s/.*supported targets: *//
- s/ .*//
- p'`
- case "$ld_supported_targets" in
- elf32-i386)
- TENTATIVE="${UNAME_MACHINE}-pc-linux-gnu"
- ;;
- a.out-i386-linux)
- echo "${UNAME_MACHINE}-pc-linux-gnuaout"
- exit 0 ;;
- coff-i386)
- echo "${UNAME_MACHINE}-pc-linux-gnucoff"
- exit 0 ;;
- "")
- # Either a pre-BFD a.out linker (linux-gnuoldld) or
- # one that does not give us useful --help.
- echo "${UNAME_MACHINE}-pc-linux-gnuoldld"
- exit 0 ;;
- esac
- # Determine whether the default compiler is a.out or elf
- eval $set_cc_for_build
- sed 's/^ //' << EOF >$dummy.c
- #include <features.h>
- #ifdef __ELF__
- # ifdef __GLIBC__
- # if __GLIBC__ >= 2
- LIBC=gnu
- # else
- LIBC=gnulibc1
- # endif
- # else
- LIBC=gnulibc1
- # endif
- #else
- #ifdef __INTEL_COMPILER
- LIBC=gnu
- #else
- LIBC=gnuaout
- #endif
- #endif
- #ifdef __dietlibc__
- LIBC=dietlibc
- #endif
-EOF
- eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^LIBC=`
- test x"${LIBC}" != x && echo "${UNAME_MACHINE}-pc-linux-${LIBC}" && exit 0
- test x"${TENTATIVE}" != x && echo "${TENTATIVE}" && exit 0
- ;;
+ exit ;;
+ xtensa*:Linux:*:*)
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+ exit ;;
i*86:DYNIX/ptx:4*:*)
# ptx 4.0 does uname -s correctly, with DYNIX/ptx in there.
# earlier versions are messed up and put the nodename in both
# sysname and nodename.
echo i386-sequent-sysv4
- exit 0 ;;
+ exit ;;
i*86:UNIX_SV:4.2MP:2.*)
- # Unixware is an offshoot of SVR4, but it has its own version
- # number series starting with 2...
- # I am not positive that other SVR4 systems won't match this,
+ # Unixware is an offshoot of SVR4, but it has its own version
+ # number series starting with 2...
+ # I am not positive that other SVR4 systems won't match this,
# I just have to hope. -- rms.
- # Use sysv4.2uw... so that sysv4* matches it.
+ # Use sysv4.2uw... so that sysv4* matches it.
echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION}
- exit 0 ;;
+ exit ;;
i*86:OS/2:*:*)
# If we were able to find `uname', then EMX Unix compatibility
# is probably installed.
echo ${UNAME_MACHINE}-pc-os2-emx
- exit 0 ;;
+ exit ;;
i*86:XTS-300:*:STOP)
echo ${UNAME_MACHINE}-unknown-stop
- exit 0 ;;
+ exit ;;
i*86:atheos:*:*)
echo ${UNAME_MACHINE}-unknown-atheos
- exit 0 ;;
- i*86:syllable:*:*)
+ exit ;;
+ i*86:syllable:*:*)
echo ${UNAME_MACHINE}-pc-syllable
- exit 0 ;;
- i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.0*:*)
+ exit ;;
+ i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.[02]*:*)
echo i386-unknown-lynxos${UNAME_RELEASE}
- exit 0 ;;
+ exit ;;
i*86:*DOS:*:*)
echo ${UNAME_MACHINE}-pc-msdosdjgpp
- exit 0 ;;
+ exit ;;
i*86:*:4.*:* | i*86:SYSTEM_V:4.*:*)
UNAME_REL=`echo ${UNAME_RELEASE} | sed 's/\/MP$//'`
if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then
@@ -1020,15 +1030,16 @@ EOF
else
echo ${UNAME_MACHINE}-pc-sysv${UNAME_REL}
fi
- exit 0 ;;
- i*86:*:5:[78]*)
+ exit ;;
+ i*86:*:5:[678]*)
+ # UnixWare 7.x, OpenUNIX and OpenServer 6.
case `/bin/uname -X | grep "^Machine"` in
*486*) UNAME_MACHINE=i486 ;;
*Pentium) UNAME_MACHINE=i586 ;;
*Pent*|*Celeron) UNAME_MACHINE=i686 ;;
esac
echo ${UNAME_MACHINE}-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION}
- exit 0 ;;
+ exit ;;
i*86:*:3.2:*)
if test -f /usr/options/cb.name; then
UNAME_REL=`sed -n 's/.*Version //p' </usr/options/cb.name`
@@ -1046,73 +1057,86 @@ EOF
else
echo ${UNAME_MACHINE}-pc-sysv32
fi
- exit 0 ;;
+ exit ;;
pc:*:*:*)
# Left here for compatibility:
- # uname -m prints for DJGPP always 'pc', but it prints nothing about
- # the processor, so we play safe by assuming i386.
- echo i386-pc-msdosdjgpp
- exit 0 ;;
+ # uname -m prints for DJGPP always 'pc', but it prints nothing about
+ # the processor, so we play safe by assuming i586.
+ # Note: whatever this is, it MUST be the same as what config.sub
+ # prints for the "djgpp" host, or else GDB configury will decide that
+ # this is a cross-build.
+ echo i586-pc-msdosdjgpp
+ exit ;;
Intel:Mach:3*:*)
echo i386-pc-mach3
- exit 0 ;;
+ exit ;;
paragon:*:*:*)
echo i860-intel-osf1
- exit 0 ;;
+ exit ;;
i860:*:4.*:*) # i860-SVR4
if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then
echo i860-stardent-sysv${UNAME_RELEASE} # Stardent Vistra i860-SVR4
else # Add other i860-SVR4 vendors below as they are discovered.
echo i860-unknown-sysv${UNAME_RELEASE} # Unknown i860-SVR4
fi
- exit 0 ;;
+ exit ;;
mini*:CTIX:SYS*5:*)
# "miniframe"
echo m68010-convergent-sysv
- exit 0 ;;
+ exit ;;
mc68k:UNIX:SYSTEM5:3.51m)
echo m68k-convergent-sysv
- exit 0 ;;
+ exit ;;
M680?0:D-NIX:5.3:*)
echo m68k-diab-dnix
- exit 0 ;;
+ exit ;;
M68*:*:R3V[5678]*:*)
- test -r /sysV68 && echo 'm68k-motorola-sysv' && exit 0 ;;
+ test -r /sysV68 && { echo 'm68k-motorola-sysv'; exit; } ;;
3[345]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0 | SHG2:*:4.0:3.0 | S7501*:*:4.0:3.0)
OS_REL=''
test -r /etc/.relid \
&& OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid`
/bin/uname -p 2>/dev/null | grep 86 >/dev/null \
- && echo i486-ncr-sysv4.3${OS_REL} && exit 0
+ && { echo i486-ncr-sysv4.3${OS_REL}; exit; }
/bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \
- && echo i586-ncr-sysv4.3${OS_REL} && exit 0 ;;
+ && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;;
3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*)
- /bin/uname -p 2>/dev/null | grep 86 >/dev/null \
- && echo i486-ncr-sysv4 && exit 0 ;;
+ /bin/uname -p 2>/dev/null | grep 86 >/dev/null \
+ && { echo i486-ncr-sysv4; exit; } ;;
+ NCR*:*:4.2:* | MPRAS*:*:4.2:*)
+ OS_REL='.3'
+ test -r /etc/.relid \
+ && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid`
+ /bin/uname -p 2>/dev/null | grep 86 >/dev/null \
+ && { echo i486-ncr-sysv4.3${OS_REL}; exit; }
+ /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \
+ && { echo i586-ncr-sysv4.3${OS_REL}; exit; }
+ /bin/uname -p 2>/dev/null | /bin/grep pteron >/dev/null \
+ && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;;
m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*)
echo m68k-unknown-lynxos${UNAME_RELEASE}
- exit 0 ;;
+ exit ;;
mc68030:UNIX_System_V:4.*:*)
echo m68k-atari-sysv4
- exit 0 ;;
+ exit ;;
TSUNAMI:LynxOS:2.*:*)
echo sparc-unknown-lynxos${UNAME_RELEASE}
- exit 0 ;;
+ exit ;;
rs6000:LynxOS:2.*:*)
echo rs6000-unknown-lynxos${UNAME_RELEASE}
- exit 0 ;;
- PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.0*:*)
+ exit ;;
+ PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.[02]*:*)
echo powerpc-unknown-lynxos${UNAME_RELEASE}
- exit 0 ;;
+ exit ;;
SM[BE]S:UNIX_SV:*:*)
echo mips-dde-sysv${UNAME_RELEASE}
- exit 0 ;;
+ exit ;;
RM*:ReliantUNIX-*:*:*)
echo mips-sni-sysv4
- exit 0 ;;
+ exit ;;
RM*:SINIX-*:*:*)
echo mips-sni-sysv4
- exit 0 ;;
+ exit ;;
*:SINIX-*:*:*)
if uname -p 2>/dev/null >/dev/null ; then
UNAME_MACHINE=`(uname -p) 2>/dev/null`
@@ -1120,69 +1144,94 @@ EOF
else
echo ns32k-sni-sysv
fi
- exit 0 ;;
- PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort
- # says <Richard.M.Bartel@ccMail.Census.GOV>
- echo i586-unisys-sysv4
- exit 0 ;;
+ exit ;;
+ PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort
+ # says <Richard.M.Bartel@ccMail.Census.GOV>
+ echo i586-unisys-sysv4
+ exit ;;
*:UNIX_System_V:4*:FTX*)
# From Gerald Hewes <hewes@openmarket.com>.
# How about differentiating between stratus architectures? -djm
echo hppa1.1-stratus-sysv4
- exit 0 ;;
+ exit ;;
*:*:*:FTX*)
# From seanf@swdc.stratus.com.
echo i860-stratus-sysv4
- exit 0 ;;
+ exit ;;
+ i*86:VOS:*:*)
+ # From Paul.Green@stratus.com.
+ echo ${UNAME_MACHINE}-stratus-vos
+ exit ;;
*:VOS:*:*)
# From Paul.Green@stratus.com.
echo hppa1.1-stratus-vos
- exit 0 ;;
+ exit ;;
mc68*:A/UX:*:*)
echo m68k-apple-aux${UNAME_RELEASE}
- exit 0 ;;
+ exit ;;
news*:NEWS-OS:6*:*)
echo mips-sony-newsos6
- exit 0 ;;
+ exit ;;
R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*)
if [ -d /usr/nec ]; then
- echo mips-nec-sysv${UNAME_RELEASE}
+ echo mips-nec-sysv${UNAME_RELEASE}
else
- echo mips-unknown-sysv${UNAME_RELEASE}
+ echo mips-unknown-sysv${UNAME_RELEASE}
fi
- exit 0 ;;
+ exit ;;
BeBox:BeOS:*:*) # BeOS running on hardware made by Be, PPC only.
echo powerpc-be-beos
- exit 0 ;;
+ exit ;;
BeMac:BeOS:*:*) # BeOS running on Mac or Mac clone, PPC only.
echo powerpc-apple-beos
- exit 0 ;;
+ exit ;;
BePC:BeOS:*:*) # BeOS running on Intel PC compatible.
echo i586-pc-beos
- exit 0 ;;
+ exit ;;
+ BePC:Haiku:*:*) # Haiku running on Intel PC compatible.
+ echo i586-pc-haiku
+ exit ;;
SX-4:SUPER-UX:*:*)
echo sx4-nec-superux${UNAME_RELEASE}
- exit 0 ;;
+ exit ;;
SX-5:SUPER-UX:*:*)
echo sx5-nec-superux${UNAME_RELEASE}
- exit 0 ;;
+ exit ;;
SX-6:SUPER-UX:*:*)
echo sx6-nec-superux${UNAME_RELEASE}
- exit 0 ;;
+ exit ;;
+ SX-7:SUPER-UX:*:*)
+ echo sx7-nec-superux${UNAME_RELEASE}
+ exit ;;
+ SX-8:SUPER-UX:*:*)
+ echo sx8-nec-superux${UNAME_RELEASE}
+ exit ;;
+ SX-8R:SUPER-UX:*:*)
+ echo sx8r-nec-superux${UNAME_RELEASE}
+ exit ;;
Power*:Rhapsody:*:*)
echo powerpc-apple-rhapsody${UNAME_RELEASE}
- exit 0 ;;
+ exit ;;
*:Rhapsody:*:*)
echo ${UNAME_MACHINE}-apple-rhapsody${UNAME_RELEASE}
- exit 0 ;;
+ exit ;;
*:Darwin:*:*)
UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown
case $UNAME_PROCESSOR in
- *86) UNAME_PROCESSOR=i686 ;;
+ i386)
+ eval $set_cc_for_build
+ if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then
+ if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \
+ (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \
+ grep IS_64BIT_ARCH >/dev/null
+ then
+ UNAME_PROCESSOR="x86_64"
+ fi
+ fi ;;
unknown) UNAME_PROCESSOR=powerpc ;;
esac
echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE}
- exit 0 ;;
+ exit ;;
*:procnto*:*:* | *:QNX:[0123456789]*:*)
UNAME_PROCESSOR=`uname -p`
if test "$UNAME_PROCESSOR" = "x86"; then
@@ -1190,22 +1239,28 @@ EOF
UNAME_MACHINE=pc
fi
echo ${UNAME_PROCESSOR}-${UNAME_MACHINE}-nto-qnx${UNAME_RELEASE}
- exit 0 ;;
+ exit ;;
*:QNX:*:4*)
echo i386-pc-qnx
- exit 0 ;;
+ exit ;;
+ NEO-?:NONSTOP_KERNEL:*:*)
+ echo neo-tandem-nsk${UNAME_RELEASE}
+ exit ;;
+ NSE-?:NONSTOP_KERNEL:*:*)
+ echo nse-tandem-nsk${UNAME_RELEASE}
+ exit ;;
NSR-?:NONSTOP_KERNEL:*:*)
echo nsr-tandem-nsk${UNAME_RELEASE}
- exit 0 ;;
+ exit ;;
*:NonStop-UX:*:*)
echo mips-compaq-nonstopux
- exit 0 ;;
+ exit ;;
BS2000:POSIX*:*:*)
echo bs2000-siemens-sysv
- exit 0 ;;
+ exit ;;
DS/*:UNIX_System_V:*:*)
echo ${UNAME_MACHINE}-${UNAME_SYSTEM}-${UNAME_RELEASE}
- exit 0 ;;
+ exit ;;
*:Plan9:*:*)
# "uname -m" is not consistent, so use $cputype instead. 386
# is converted to i386 for consistency with other x86
@@ -1216,38 +1271,50 @@ EOF
UNAME_MACHINE="$cputype"
fi
echo ${UNAME_MACHINE}-unknown-plan9
- exit 0 ;;
+ exit ;;
*:TOPS-10:*:*)
echo pdp10-unknown-tops10
- exit 0 ;;
+ exit ;;
*:TENEX:*:*)
echo pdp10-unknown-tenex
- exit 0 ;;
+ exit ;;
KS10:TOPS-20:*:* | KL10:TOPS-20:*:* | TYPE4:TOPS-20:*:*)
echo pdp10-dec-tops20
- exit 0 ;;
+ exit ;;
XKL-1:TOPS-20:*:* | TYPE5:TOPS-20:*:*)
echo pdp10-xkl-tops20
- exit 0 ;;
+ exit ;;
*:TOPS-20:*:*)
echo pdp10-unknown-tops20
- exit 0 ;;
+ exit ;;
*:ITS:*:*)
echo pdp10-unknown-its
- exit 0 ;;
+ exit ;;
SEI:*:*:SEIUX)
- echo mips-sei-seiux${UNAME_RELEASE}
- exit 0 ;;
+ echo mips-sei-seiux${UNAME_RELEASE}
+ exit ;;
*:DragonFly:*:*)
echo ${UNAME_MACHINE}-unknown-dragonfly`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`
- exit 0 ;;
+ exit ;;
*:*VMS:*:*)
- UNAME_MACHINE=`(uname -p) 2>/dev/null`
+ UNAME_MACHINE=`(uname -p) 2>/dev/null`
case "${UNAME_MACHINE}" in
- A*) echo alpha-dec-vms && exit 0 ;;
- I*) echo ia64-dec-vms && exit 0 ;;
- V*) echo vax-dec-vms && exit 0 ;;
- esac
+ A*) echo alpha-dec-vms ; exit ;;
+ I*) echo ia64-dec-vms ; exit ;;
+ V*) echo vax-dec-vms ; exit ;;
+ esac ;;
+ *:XENIX:*:SysV)
+ echo i386-pc-xenix
+ exit ;;
+ i*86:skyos:*:*)
+ echo ${UNAME_MACHINE}-pc-skyos`echo ${UNAME_RELEASE}` | sed -e 's/ .*$//'
+ exit ;;
+ i*86:rdos:*:*)
+ echo ${UNAME_MACHINE}-pc-rdos
+ exit ;;
+ i*86:AROS:*:*)
+ echo ${UNAME_MACHINE}-pc-aros
+ exit ;;
esac
#echo '(No uname command or uname output not recognized.)' 1>&2
@@ -1270,16 +1337,16 @@ main ()
#include <sys/param.h>
printf ("m68k-sony-newsos%s\n",
#ifdef NEWSOS4
- "4"
+ "4"
#else
- ""
+ ""
#endif
- ); exit (0);
+ ); exit (0);
#endif
#endif
#if defined (__arm) && defined (__acorn) && defined (__unix)
- printf ("arm-acorn-riscix"); exit (0);
+ printf ("arm-acorn-riscix\n"); exit (0);
#endif
#if defined (hp300) && !defined (hpux)
@@ -1368,11 +1435,12 @@ main ()
}
EOF
-$CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && $dummy && exit 0
+$CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && SYSTEM_NAME=`$dummy` &&
+ { echo "$SYSTEM_NAME"; exit; }
# Apollos put the system type in the environment.
-test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit 0; }
+test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit; }
# Convex versions that predate uname can use getsysinfo(1)
@@ -1381,22 +1449,22 @@ then
case `getsysinfo -f cpu_type` in
c1*)
echo c1-convex-bsd
- exit 0 ;;
+ exit ;;
c2*)
if getsysinfo -f scalar_acc
then echo c32-convex-bsd
else echo c2-convex-bsd
fi
- exit 0 ;;
+ exit ;;
c34*)
echo c34-convex-bsd
- exit 0 ;;
+ exit ;;
c38*)
echo c38-convex-bsd
- exit 0 ;;
+ exit ;;
c4*)
echo c4-convex-bsd
- exit 0 ;;
+ exit ;;
esac
fi
@@ -1407,7 +1475,9 @@ This script, last modified $timestamp, has failed to recognize
the operating system you are using. It is advised that you
download the most up to date version of the config scripts from
- ftp://ftp.gnu.org/pub/gnu/config/
+ http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD
+and
+ http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD
If the version you run ($0) is already up to date, please
send the following data and any information you think might be
diff --git a/third_party/srtp/config.h_win32vc7 b/third_party/srtp/config.h_win32vc7
index b6ae0a79..44e6696c 100644
--- a/third_party/srtp/config.h_win32vc7
+++ b/third_party/srtp/config.h_win32vc7
@@ -1,5 +1,9 @@
/* Hacked config.h for Windows XP 32-bit & VC7 */
+#ifdef (_MSC_VER >= 1400)
+# define HAVE_RAND_S 1
+#endif
+
/* Define if building for a CISC machine (e.g. Intel). */
#define CPU_CISC 1
diff --git a/third_party/srtp/config.hw b/third_party/srtp/config.hw
index 1cc4f5b8..39d4e073 100644
--- a/third_party/srtp/config.hw
+++ b/third_party/srtp/config.hw
@@ -1,6 +1,10 @@
/* crypto/include/config.h. Generated by configure. */
/* config_in.h. Generated from configure.in by autoheader. */
+#if (_MSC_VER >= 1400)
+# define HAVE_RAND_S 1
+#endif
+
/* Define if building for a CISC machine (e.g. Intel). */
#define CPU_CISC 1
diff --git a/third_party/srtp/config.sub b/third_party/srtp/config.sub
index edb6b663..f9fcdc87 100644
--- a/third_party/srtp/config.sub
+++ b/third_party/srtp/config.sub
@@ -1,9 +1,10 @@
#! /bin/sh
# Configuration validation subroutine script.
# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
-# 2000, 2001, 2002, 2003, 2004 Free Software Foundation, Inc.
+# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010,
+# 2011 Free Software Foundation, Inc.
-timestamp='2004-08-29'
+timestamp='2011-06-03'
# This file is (in principle) common to ALL GNU software.
# The presence of a machine in this file suggests that SOME GNU software
@@ -21,22 +22,26 @@ timestamp='2004-08-29'
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place - Suite 330,
-# Boston, MA 02111-1307, USA.
-
+# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA
+# 02110-1301, USA.
+#
# As a special exception to the GNU General Public License, if you
# distribute this file as part of a program that contains a
# configuration script generated by Autoconf, you may include it under
# the same distribution terms that you use for the rest of that program.
+
# Please send patches to <config-patches@gnu.org>. Submit a context
-# diff and a properly formatted ChangeLog entry.
+# diff and a properly formatted GNU ChangeLog entry.
#
# Configuration subroutine to validate and canonicalize a configuration type.
# Supply the specified configuration type as an argument.
# If it is invalid, we print an error message on stderr and exit with code 1.
# Otherwise, we print the canonical config type on stdout and succeed.
+# You can get the latest version of this script from:
+# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD
+
# This file is supposed to be the same for all GNU packages
# and recognize all the CPU types, system types and aliases
# that are meaningful with *any* GNU software.
@@ -70,8 +75,9 @@ Report bugs and patches to <config-patches@gnu.org>."
version="\
GNU config.sub ($timestamp)
-Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004
-Free Software Foundation, Inc.
+Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000,
+2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free
+Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
@@ -83,11 +89,11 @@ Try \`$me --help' for more information."
while test $# -gt 0 ; do
case $1 in
--time-stamp | --time* | -t )
- echo "$timestamp" ; exit 0 ;;
+ echo "$timestamp" ; exit ;;
--version | -v )
- echo "$version" ; exit 0 ;;
+ echo "$version" ; exit ;;
--help | --h* | -h )
- echo "$usage"; exit 0 ;;
+ echo "$usage"; exit ;;
-- ) # Stop option processing
shift; break ;;
- ) # Use stdin as input.
@@ -99,7 +105,7 @@ while test $# -gt 0 ; do
*local*)
# First pass through any local machine types.
echo $1
- exit 0;;
+ exit ;;
* )
break ;;
@@ -118,8 +124,11 @@ esac
# Here we must recognize all the valid KERNEL-OS combinations.
maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'`
case $maybe_os in
- nto-qnx* | linux-gnu* | linux-dietlibc | linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | \
- kfreebsd*-gnu* | knetbsd*-gnu* | netbsd*-gnu* | storm-chaos* | os2-emx* | rtmk-nova*)
+ nto-qnx* | linux-gnu* | linux-android* | linux-dietlibc | linux-newlib* | \
+ linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | \
+ knetbsd*-gnu* | netbsd*-gnu* | \
+ kopensolaris*-gnu* | \
+ storm-chaos* | os2-emx* | rtmk-nova*)
os=-$maybe_os
basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`
;;
@@ -145,10 +154,13 @@ case $os in
-convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\
-c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \
-harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \
- -apple | -axis | -knuth | -cray)
+ -apple | -axis | -knuth | -cray | -microblaze)
os=
basic_machine=$1
;;
+ -bluegene*)
+ os=-cnk
+ ;;
-sim | -cisco | -oki | -wec | -winbond)
os=
basic_machine=$1
@@ -163,13 +175,17 @@ case $os in
os=-chorusos
basic_machine=$1
;;
- -chorusrdb)
- os=-chorusrdb
+ -chorusrdb)
+ os=-chorusrdb
basic_machine=$1
- ;;
+ ;;
-hiux*)
os=-hiuxwe2
;;
+ -sco6)
+ os=-sco5v6
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+ ;;
-sco5)
os=-sco3.2v5
basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
@@ -186,6 +202,10 @@ case $os in
# Don't forget version if it is 3.2v4 or newer.
basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
;;
+ -sco5v6*)
+ # Don't forget version if it is 3.2v4 or newer.
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+ ;;
-sco*)
os=-sco3.2v2
basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
@@ -230,22 +250,28 @@ case $basic_machine in
| alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \
| alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \
| am33_2.0 \
- | arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr \
+ | arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr | avr32 \
+ | bfin \
| c4x | clipper \
| d10v | d30v | dlx | dsp16xx \
- | fr30 | frv \
+ | fido | fr30 | frv \
| h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \
| i370 | i860 | i960 | ia64 \
| ip2k | iq2000 \
- | m32r | m32rle | m68000 | m68k | m88k | mcore \
+ | lm32 \
+ | m32c | m32r | m32rle | m68000 | m68k | m88k \
+ | maxq | mb | microblaze | mcore | mep | metag \
| mips | mipsbe | mipseb | mipsel | mipsle \
| mips16 \
| mips64 | mips64el \
- | mips64vr | mips64vrel \
+ | mips64octeon | mips64octeonel \
| mips64orion | mips64orionel \
+ | mips64r5900 | mips64r5900el \
+ | mips64vr | mips64vrel \
| mips64vr4100 | mips64vr4100el \
| mips64vr4300 | mips64vr4300el \
| mips64vr5000 | mips64vr5000el \
+ | mips64vr5900 | mips64vr5900el \
| mipsisa32 | mipsisa32el \
| mipsisa32r2 | mipsisa32r2el \
| mipsisa64 | mipsisa64el \
@@ -254,30 +280,63 @@ case $basic_machine in
| mipsisa64sr71k | mipsisa64sr71kel \
| mipstx39 | mipstx39el \
| mn10200 | mn10300 \
+ | moxie \
+ | mt \
| msp430 \
+ | nds32 | nds32le | nds32be \
+ | nios | nios2 \
| ns16k | ns32k \
- | openrisc | or32 \
+ | open8 \
+ | or32 \
| pdp10 | pdp11 | pj | pjl \
- | powerpc | powerpc64 | powerpc64le | powerpcle | ppcbe \
+ | powerpc | powerpc64 | powerpc64le | powerpcle \
| pyramid \
- | sh | sh[1234] | sh[23]e | sh[34]eb | shbe | shle | sh[1234]le | sh3ele \
+ | rx \
+ | score \
+ | sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \
| sh64 | sh64le \
- | sparc | sparc64 | sparc86x | sparclet | sparclite | sparcv8 | sparcv9 | sparcv9b \
- | strongarm \
- | tahoe | thumb | tic4x | tic80 | tron \
- | v850 | v850e \
+ | sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \
+ | sparcv8 | sparcv9 | sparcv9b | sparcv9v \
+ | spu \
+ | tahoe | tic4x | tic54x | tic55x | tic6x | tic80 | tron \
+ | ubicom32 \
+ | v850 | v850e | v850e1 | v850e2 | v850es | v850e2v3 \
| we32k \
- | x86 | xscale | xstormy16 | xtensa \
- | z8k)
+ | x86 | xc16x | xstormy16 | xtensa \
+ | z8k | z80)
basic_machine=$basic_machine-unknown
;;
- m6811 | m68hc11 | m6812 | m68hc12)
+ c54x)
+ basic_machine=tic54x-unknown
+ ;;
+ c55x)
+ basic_machine=tic55x-unknown
+ ;;
+ c6x)
+ basic_machine=tic6x-unknown
+ ;;
+ m6811 | m68hc11 | m6812 | m68hc12 | picochip)
# Motorola 68HC11/12.
basic_machine=$basic_machine-unknown
os=-none
;;
m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | v70 | w65 | z8k)
;;
+ ms1)
+ basic_machine=mt-unknown
+ ;;
+
+ strongarm | thumb | xscale)
+ basic_machine=arm-unknown
+ ;;
+
+ xscaleeb)
+ basic_machine=armeb-unknown
+ ;;
+
+ xscaleel)
+ basic_machine=armel-unknown
+ ;;
# We use `pc' rather than `unknown'
# because (1) that's what they normally are, and
@@ -297,28 +356,32 @@ case $basic_machine in
| alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \
| alphapca5[67]-* | alpha64pca5[67]-* | arc-* \
| arm-* | armbe-* | armle-* | armeb-* | armv*-* \
- | avr-* \
- | bs2000-* \
- | c[123]* | c30-* | [cjt]90-* | c4x-* | c54x-* | c55x-* | c6x-* \
+ | avr-* | avr32-* \
+ | bfin-* | bs2000-* \
+ | c[123]* | c30-* | [cjt]90-* | c4x-* \
| clipper-* | craynv-* | cydra-* \
| d10v-* | d30v-* | dlx-* \
| elxsi-* \
- | f30[01]-* | f700-* | fr30-* | frv-* | fx80-* \
+ | f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \
| h8300-* | h8500-* \
| hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \
| i*86-* | i860-* | i960-* | ia64-* \
| ip2k-* | iq2000-* \
- | m32r-* | m32rle-* \
+ | lm32-* \
+ | m32c-* | m32r-* | m32rle-* \
| m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \
- | m88110-* | m88k-* | mcore-* \
+ | m88110-* | m88k-* | maxq-* | mcore-* | metag-* | microblaze-* \
| mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \
| mips16-* \
| mips64-* | mips64el-* \
- | mips64vr-* | mips64vrel-* \
+ | mips64octeon-* | mips64octeonel-* \
| mips64orion-* | mips64orionel-* \
+ | mips64r5900-* | mips64r5900el-* \
+ | mips64vr-* | mips64vrel-* \
| mips64vr4100-* | mips64vr4100el-* \
| mips64vr4300-* | mips64vr4300el-* \
| mips64vr5000-* | mips64vr5000el-* \
+ | mips64vr5900-* | mips64vr5900el-* \
| mipsisa32-* | mipsisa32el-* \
| mipsisa32r2-* | mipsisa32r2el-* \
| mipsisa64-* | mipsisa64el-* \
@@ -327,26 +390,38 @@ case $basic_machine in
| mipsisa64sr71k-* | mipsisa64sr71kel-* \
| mipstx39-* | mipstx39el-* \
| mmix-* \
+ | mt-* \
| msp430-* \
+ | nds32-* | nds32le-* | nds32be-* \
+ | nios-* | nios2-* \
| none-* | np1-* | ns16k-* | ns32k-* \
+ | open8-* \
| orion-* \
| pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \
- | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \
+ | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* \
| pyramid-* \
- | romp-* | rs6000-* \
- | sh-* | sh[1234]-* | sh[23]e-* | sh[34]eb-* | shbe-* \
+ | romp-* | rs6000-* | rx-* \
+ | sh-* | sh[1234]-* | sh[24]a-* | sh[24]aeb-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \
| shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \
- | sparc-* | sparc64-* | sparc86x-* | sparclet-* | sparclite-* \
- | sparcv8-* | sparcv9-* | sparcv9b-* | strongarm-* | sv1-* | sx?-* \
- | tahoe-* | thumb-* \
+ | sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \
+ | sparclite-* \
+ | sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | sv1-* | sx?-* \
+ | tahoe-* \
| tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \
+ | tile*-* \
| tron-* \
- | v850-* | v850e-* | vax-* \
+ | ubicom32-* \
+ | v850-* | v850e-* | v850e1-* | v850es-* | v850e2-* | v850e2v3-* \
+ | vax-* \
| we32k-* \
- | x86-* | x86_64-* | xps100-* | xscale-* | xstormy16-* \
- | xtensa-* \
+ | x86-* | x86_64-* | xc16x-* | xps100-* \
+ | xstormy16-* | xtensa*-* \
| ymp-* \
- | z8k-*)
+ | z8k-* | z80-*)
+ ;;
+ # Recognize the basic CPU types without company name, with glob match.
+ xtensa*)
+ basic_machine=$basic_machine-unknown
;;
# Recognize the various machine names and aliases which stand
# for a CPU type and a company and sometimes even an OS.
@@ -364,7 +439,7 @@ case $basic_machine in
basic_machine=a29k-amd
os=-udi
;;
- abacus)
+ abacus)
basic_machine=abacus-unknown
;;
adobe68k)
@@ -410,6 +485,10 @@ case $basic_machine in
basic_machine=m68k-apollo
os=-bsd
;;
+ aros)
+ basic_machine=i386-pc
+ os=-aros
+ ;;
aux)
basic_machine=m68k-apple
os=-aux
@@ -418,10 +497,35 @@ case $basic_machine in
basic_machine=ns32k-sequent
os=-dynix
;;
+ blackfin)
+ basic_machine=bfin-unknown
+ os=-linux
+ ;;
+ blackfin-*)
+ basic_machine=bfin-`echo $basic_machine | sed 's/^[^-]*-//'`
+ os=-linux
+ ;;
+ bluegene*)
+ basic_machine=powerpc-ibm
+ os=-cnk
+ ;;
+ c54x-*)
+ basic_machine=tic54x-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ c55x-*)
+ basic_machine=tic55x-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ c6x-*)
+ basic_machine=tic6x-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
c90)
basic_machine=c90-cray
os=-unicos
;;
+ cegcc)
+ basic_machine=arm-unknown
+ os=-cegcc
+ ;;
convex-c1)
basic_machine=c1-convex
os=-bsd
@@ -450,8 +554,8 @@ case $basic_machine in
basic_machine=craynv-cray
os=-unicosmp
;;
- cr16c)
- basic_machine=cr16c-unknown
+ cr16 | cr16-*)
+ basic_machine=cr16-unknown
os=-elf
;;
crds | unos)
@@ -489,6 +593,14 @@ case $basic_machine in
basic_machine=m88k-motorola
os=-sysv3
;;
+ dicos)
+ basic_machine=i686-pc
+ os=-dicos
+ ;;
+ djgpp)
+ basic_machine=i586-pc
+ os=-msdosdjgpp
+ ;;
dpx20 | dpx20-*)
basic_machine=rs6000-bull
os=-bosx
@@ -639,6 +751,14 @@ case $basic_machine in
basic_machine=m68k-isi
os=-sysv
;;
+ m68knommu)
+ basic_machine=m68k-unknown
+ os=-linux
+ ;;
+ m68knommu-*)
+ basic_machine=m68k-`echo $basic_machine | sed 's/^[^-]*-//'`
+ os=-linux
+ ;;
m88k-omron*)
basic_machine=m88k-omron
;;
@@ -650,10 +770,17 @@ case $basic_machine in
basic_machine=ns32k-utek
os=-sysv
;;
+ microblaze)
+ basic_machine=microblaze-xilinx
+ ;;
mingw32)
basic_machine=i386-pc
os=-mingw32
;;
+ mingw32ce)
+ basic_machine=arm-unknown
+ os=-mingw32ce
+ ;;
miniframe)
basic_machine=m68000-convergent
;;
@@ -679,6 +806,9 @@ case $basic_machine in
basic_machine=i386-pc
os=-msdos
;;
+ ms1-*)
+ basic_machine=`echo $basic_machine | sed -e 's/ms1-/mt-/'`
+ ;;
mvs)
basic_machine=i370-ibm
os=-mvs
@@ -747,6 +877,12 @@ case $basic_machine in
np1)
basic_machine=np1-gould
;;
+ neo-tandem)
+ basic_machine=neo-tandem
+ ;;
+ nse-tandem)
+ basic_machine=nse-tandem
+ ;;
nsr-tandem)
basic_machine=nsr-tandem
;;
@@ -754,9 +890,8 @@ case $basic_machine in
basic_machine=hppa1.1-oki
os=-proelf
;;
- or32 | or32-*)
+ openrisc | openrisc-*)
basic_machine=or32-unknown
- os=-coff
;;
os400)
basic_machine=powerpc-ibm
@@ -778,6 +913,14 @@ case $basic_machine in
basic_machine=i860-intel
os=-osf
;;
+ parisc)
+ basic_machine=hppa-unknown
+ os=-linux
+ ;;
+ parisc-*)
+ basic_machine=hppa-`echo $basic_machine | sed 's/^[^-]*-//'`
+ os=-linux
+ ;;
pbd)
basic_machine=sparc-tti
;;
@@ -787,6 +930,12 @@ case $basic_machine in
pc532 | pc532-*)
basic_machine=ns32k-pc532
;;
+ pc98)
+ basic_machine=i386-pc
+ ;;
+ pc98-*)
+ basic_machine=i386-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
pentium | p5 | k5 | k6 | nexgen | viac3)
basic_machine=i586-pc
;;
@@ -816,9 +965,10 @@ case $basic_machine in
;;
power) basic_machine=power-ibm
;;
- ppc) basic_machine=powerpc-unknown
+ ppc | ppcbe) basic_machine=powerpc-unknown
;;
- ppc-*) basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ppc-* | ppcbe-*)
+ basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'`
;;
ppcle | powerpclittle | ppc-le | powerpc-little)
basic_machine=powerpcle-unknown
@@ -843,6 +993,10 @@ case $basic_machine in
basic_machine=i586-unknown
os=-pw32
;;
+ rdos)
+ basic_machine=i386-pc
+ os=-rdos
+ ;;
rom68k)
basic_machine=m68k-rom68k
os=-coff
@@ -869,6 +1023,10 @@ case $basic_machine in
sb1el)
basic_machine=mipsisa64sb1el-unknown
;;
+ sde)
+ basic_machine=mipsisa32-sde
+ os=-elf
+ ;;
sei)
basic_machine=mips-sei
os=-seiux
@@ -880,6 +1038,9 @@ case $basic_machine in
basic_machine=sh-hitachi
os=-hms
;;
+ sh5el)
+ basic_machine=sh5le-unknown
+ ;;
sh64)
basic_machine=sh64-unknown
;;
@@ -901,6 +1062,9 @@ case $basic_machine in
basic_machine=i860-stratus
os=-sysv4
;;
+ strongarm-* | thumb-*)
+ basic_machine=arm-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
sun2)
basic_machine=m68000-sun
;;
@@ -957,17 +1121,9 @@ case $basic_machine in
basic_machine=t90-cray
os=-unicos
;;
- tic54x | c54x*)
- basic_machine=tic54x-unknown
- os=-coff
- ;;
- tic55x | c55x*)
- basic_machine=tic55x-unknown
- os=-coff
- ;;
- tic6x | c6x*)
- basic_machine=tic6x-unknown
- os=-coff
+ tile*)
+ basic_machine=$basic_machine-unknown
+ os=-linux-gnu
;;
tx39)
basic_machine=mipstx39-unknown
@@ -1029,9 +1185,16 @@ case $basic_machine in
basic_machine=hppa1.1-winbond
os=-proelf
;;
+ xbox)
+ basic_machine=i686-pc
+ os=-mingw32
+ ;;
xps | xps100)
basic_machine=xps100-honeywell
;;
+ xscale-* | xscalee[bl]-*)
+ basic_machine=`echo $basic_machine | sed 's/^xscale/arm/'`
+ ;;
ymp)
basic_machine=ymp-cray
os=-unicos
@@ -1040,6 +1203,10 @@ case $basic_machine in
basic_machine=z8k-unknown
os=-sim
;;
+ z80-*-coff)
+ basic_machine=z80-unknown
+ os=-sim
+ ;;
none)
basic_machine=none-none
os=-none
@@ -1078,13 +1245,10 @@ case $basic_machine in
we32k)
basic_machine=we32k-att
;;
- sh3 | sh4 | sh[34]eb | sh[1234]le | sh[23]ele)
+ sh[1234] | sh[24]a | sh[24]aeb | sh[34]eb | sh[1234]le | sh[23]ele)
basic_machine=sh-unknown
;;
- sh64)
- basic_machine=sh64-unknown
- ;;
- sparc | sparcv8 | sparcv9 | sparcv9b)
+ sparc | sparcv8 | sparcv9 | sparcv9b | sparcv9v)
basic_machine=sparc-sun
;;
cydra)
@@ -1128,9 +1292,12 @@ esac
if [ x"$os" != x"" ]
then
case $os in
- # First match some system type aliases
- # that might get confused with valid system types.
+ # First match some system type aliases
+ # that might get confused with valid system types.
# -solaris* is a basic system type, with this one exception.
+ -auroraux)
+ os=-auroraux
+ ;;
-solaris1 | -solaris1.*)
os=`echo $os | sed -e 's|solaris1|sunos4|'`
;;
@@ -1151,26 +1318,31 @@ case $os in
# Each alternative MUST END IN A *, to match a version number.
# -sysv* is not here because it comes later, after sysvr4.
-gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \
- | -*vms* | -sco* | -esix* | -isc* | -aix* | -sunos | -sunos[34]*\
- | -hpux* | -unos* | -osf* | -luna* | -dgux* | -solaris* | -sym* \
+ | -*vms* | -sco* | -esix* | -isc* | -aix* | -cnk* | -sunos | -sunos[34]*\
+ | -hpux* | -unos* | -osf* | -luna* | -dgux* | -auroraux* | -solaris* \
+ | -sym* | -kopensolaris* \
| -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \
- | -aos* \
+ | -aos* | -aros* \
| -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \
| -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \
- | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* | -openbsd* \
+ | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \
+ | -openbsd* | -solidbsd* \
| -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \
| -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \
| -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \
| -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \
- | -chorusos* | -chorusrdb* \
+ | -chorusos* | -chorusrdb* | -cegcc* \
| -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \
- | -mingw32* | -linux-gnu* | -linux-uclibc* | -uxpv* | -beos* | -mpeix* | -udk* \
+ | -mingw32* | -linux-gnu* | -linux-android* \
+ | -linux-newlib* | -linux-uclibc* \
+ | -uxpv* | -beos* | -mpeix* | -udk* \
| -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \
| -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \
| -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \
| -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \
| -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \
- | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly*)
+ | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \
+ | -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es*)
# Remember, each alternative MUST END IN *, to match a version number.
;;
-qnx*)
@@ -1188,7 +1360,7 @@ case $os in
os=`echo $os | sed -e 's|nto|nto-qnx|'`
;;
-sim | -es1800* | -hms* | -xray | -os68k* | -none* | -v88r* \
- | -windows* | -osx | -abug | -netware* | -os9* | -beos* \
+ | -windows* | -osx | -abug | -netware* | -os9* | -beos* | -haiku* \
| -macos* | -mpw* | -magic* | -mmixware* | -mon960* | -lnews*)
;;
-mac*)
@@ -1209,7 +1381,7 @@ case $os in
-opened*)
os=-openedition
;;
- -os400*)
+ -os400*)
os=-os400
;;
-wince*)
@@ -1258,7 +1430,7 @@ case $os in
-sinix*)
os=-sysv4
;;
- -tpf*)
+ -tpf*)
os=-tpf
;;
-triton*)
@@ -1297,6 +1469,14 @@ case $os in
-kaos*)
os=-kaos
;;
+ -zvmoe)
+ os=-zvmoe
+ ;;
+ -dicos*)
+ os=-dicos
+ ;;
+ -nacl*)
+ ;;
-none)
;;
*)
@@ -1319,6 +1499,12 @@ else
# system, and we'll never get to this point.
case $basic_machine in
+ score-*)
+ os=-elf
+ ;;
+ spu-*)
+ os=-elf
+ ;;
*-acorn)
os=-riscix1.2
;;
@@ -1328,9 +1514,18 @@ case $basic_machine in
arm*-semi)
os=-aout
;;
- c4x-* | tic4x-*)
- os=-coff
- ;;
+ c4x-* | tic4x-*)
+ os=-coff
+ ;;
+ tic54x-*)
+ os=-coff
+ ;;
+ tic55x-*)
+ os=-coff
+ ;;
+ tic6x-*)
+ os=-coff
+ ;;
# This must come before the *-dec entry.
pdp10-*)
os=-tops20
@@ -1356,6 +1551,9 @@ case $basic_machine in
m68*-cisco)
os=-aout
;;
+ mep-*)
+ os=-elf
+ ;;
mips*-cisco)
os=-elf
;;
@@ -1374,10 +1572,13 @@ case $basic_machine in
*-be)
os=-beos
;;
+ *-haiku)
+ os=-haiku
+ ;;
*-ibm)
os=-aix
;;
- *-knuth)
+ *-knuth)
os=-mmixware
;;
*-wec)
@@ -1482,7 +1683,7 @@ case $basic_machine in
-sunos*)
vendor=sun
;;
- -aix*)
+ -cnk*|-aix*)
vendor=ibm
;;
-beos*)
@@ -1545,7 +1746,7 @@ case $basic_machine in
esac
echo $basic_machine$os
-exit 0
+exit
# Local variables:
# eval: (add-hook 'write-file-hooks 'time-stamp)
diff --git a/third_party/srtp/config_in.h b/third_party/srtp/config_in.h
index 5951861e..73217002 100644
--- a/third_party/srtp/config_in.h
+++ b/third_party/srtp/config_in.h
@@ -1,5 +1,8 @@
/* config_in.h. Generated from configure.in by autoheader. */
+/* Define if building universal (internal helper macro) */
+#undef AC_APPLE_UNIVERSAL_BUILD
+
/* Define if building for a CISC machine (e.g. Intel). */
#undef CPU_CISC
@@ -42,9 +45,18 @@
/* Define to 1 if you have the <inttypes.h> header file. */
#undef HAVE_INTTYPES_H
+/* Define to 1 if you have the `crypto' library (-lcrypto). */
+#undef HAVE_LIBCRYPTO
+
+/* Define to 1 if you have the `dl' library (-ldl). */
+#undef HAVE_LIBDL
+
/* Define to 1 if you have the `socket' library (-lsocket). */
#undef HAVE_LIBSOCKET
+/* Define to 1 if you have the `z' library (-lz). */
+#undef HAVE_LIBZ
+
/* Define to 1 if you have the <machine/types.h> header file. */
#undef HAVE_MACHINE_TYPES_H
@@ -54,6 +66,12 @@
/* Define to 1 if you have the <netinet/in.h> header file. */
#undef HAVE_NETINET_IN_H
+/* Define to 1 if you have the `pcap' library (-lpcap) */
+#undef HAVE_PCAP
+
+/* Define to 1 if you have the `sigaction' function. */
+#undef HAVE_SIGACTION
+
/* Define to 1 if you have the `socket' function. */
#undef HAVE_SOCKET
@@ -114,6 +132,9 @@
/* Define to use X86 inlined assembly code */
#undef HAVE_X86
+/* Define this to use OpenSSL crypto. */
+#undef OPENSSL
+
/* Define to the address where bug reports for this package should be sent. */
#undef PACKAGE_BUGREPORT
@@ -126,13 +147,16 @@
/* Define to the one symbol short name of this package. */
#undef PACKAGE_TARNAME
+/* Define to the home page for this package. */
+#undef PACKAGE_URL
+
/* Define to the version of this package. */
#undef PACKAGE_VERSION
-/* The size of a `unsigned long', as computed by sizeof. */
+/* The size of `unsigned long', as computed by sizeof. */
#undef SIZEOF_UNSIGNED_LONG
-/* The size of a `unsigned long long', as computed by sizeof. */
+/* The size of `unsigned long long', as computed by sizeof. */
#undef SIZEOF_UNSIGNED_LONG_LONG
/* Define to use GDOI. */
@@ -153,9 +177,17 @@
/* Define to use syslog logging. */
#undef USE_SYSLOG
-/* Define to 1 if your processor stores words with the most significant byte
- first (like Motorola and SPARC, unlike Intel and VAX). */
-#undef WORDS_BIGENDIAN
+/* Define WORDS_BIGENDIAN to 1 if your processor stores words with the most
+ significant byte first (like Motorola and SPARC, unlike Intel). */
+#if defined AC_APPLE_UNIVERSAL_BUILD
+# if defined __BIG_ENDIAN__
+# define WORDS_BIGENDIAN 1
+# endif
+#else
+# ifndef WORDS_BIGENDIAN
+# undef WORDS_BIGENDIAN
+# endif
+#endif
/* Define to empty if `const' does not conform to ANSI C. */
#undef const
@@ -166,5 +198,5 @@
#undef inline
#endif
-/* Define to `unsigned' if <sys/types.h> does not define. */
+/* Define to `unsigned int' if <sys/types.h> does not define. */
#undef size_t
diff --git a/third_party/srtp/configure b/third_party/srtp/configure
index b959b113..22197cb7 100644
--- a/third_party/srtp/configure
+++ b/third_party/srtp/configure
@@ -1,81 +1,462 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.59.
+# Generated by GNU Autoconf 2.69 for libsrtp 1.5.4.
+#
+# Report bugs to <https://github.com/cisco/libsrtp/issues>.
+#
+#
+# Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc.
+#
#
-# Copyright (C) 2003 Free Software Foundation, Inc.
# This configure script is free software; the Free Software Foundation
# gives unlimited permission to copy, distribute and modify it.
-## --------------------- ##
-## M4sh Initialization. ##
-## --------------------- ##
+## -------------------- ##
+## M4sh Initialization. ##
+## -------------------- ##
-# Be Bourne compatible
-if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then
+# Be more Bourne compatible
+DUALCASE=1; export DUALCASE # for MKS sh
+if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then :
emulate sh
NULLCMD=:
- # Zsh 3.x and 4.x performs word splitting on ${1+"$@"}, which
+ # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which
# is contrary to our usage. Disable this feature.
alias -g '${1+"$@"}'='"$@"'
-elif test -n "${BASH_VERSION+set}" && (set -o posix) >/dev/null 2>&1; then
- set -o posix
+ setopt NO_GLOB_SUBST
+else
+ case `(set -o) 2>/dev/null` in #(
+ *posix*) :
+ set -o posix ;; #(
+ *) :
+ ;;
+esac
fi
-DUALCASE=1; export DUALCASE # for MKS sh
-# Support unset when possible.
-if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then
- as_unset=unset
-else
- as_unset=false
+
+as_nl='
+'
+export as_nl
+# Printing a long string crashes Solaris 7 /usr/bin/printf.
+as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
+as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo
+as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo
+# Prefer a ksh shell builtin over an external printf program on Solaris,
+# but without wasting forks for bash or zsh.
+if test -z "$BASH_VERSION$ZSH_VERSION" \
+ && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then
+ as_echo='print -r --'
+ as_echo_n='print -rn --'
+elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then
+ as_echo='printf %s\n'
+ as_echo_n='printf %s'
+else
+ if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then
+ as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"'
+ as_echo_n='/usr/ucb/echo -n'
+ else
+ as_echo_body='eval expr "X$1" : "X\\(.*\\)"'
+ as_echo_n_body='eval
+ arg=$1;
+ case $arg in #(
+ *"$as_nl"*)
+ expr "X$arg" : "X\\(.*\\)$as_nl";
+ arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;;
+ esac;
+ expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl"
+ '
+ export as_echo_n_body
+ as_echo_n='sh -c $as_echo_n_body as_echo'
+ fi
+ export as_echo_body
+ as_echo='sh -c $as_echo_body as_echo'
fi
+# The user is always right.
+if test "${PATH_SEPARATOR+set}" != set; then
+ PATH_SEPARATOR=:
+ (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && {
+ (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 ||
+ PATH_SEPARATOR=';'
+ }
+fi
+
+
+# IFS
+# We need space, tab and new line, in precisely that order. Quoting is
+# there to prevent editors from complaining about space-tab.
+# (If _AS_PATH_WALK were called with IFS unset, it would disable word
+# splitting by setting IFS to empty value.)
+IFS=" "" $as_nl"
+
+# Find who we are. Look in the path if we contain no directory separator.
+as_myself=
+case $0 in #((
+ *[\\/]* ) as_myself=$0 ;;
+ *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break
+ done
+IFS=$as_save_IFS
-# Work around bugs in pre-3.0 UWIN ksh.
-$as_unset ENV MAIL MAILPATH
+ ;;
+esac
+# We did not find ourselves, most probably we were run as `sh COMMAND'
+# in which case we are not to be found in the path.
+if test "x$as_myself" = x; then
+ as_myself=$0
+fi
+if test ! -f "$as_myself"; then
+ $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2
+ exit 1
+fi
+
+# Unset variables that we do not need and which cause bugs (e.g. in
+# pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1"
+# suppresses any "Segmentation fault" message there. '((' could
+# trigger a bug in pdksh 5.2.14.
+for as_var in BASH_ENV ENV MAIL MAILPATH
+do eval test x\${$as_var+set} = xset \
+ && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || :
+done
PS1='$ '
PS2='> '
PS4='+ '
# NLS nuisances.
-for as_var in \
- LANG LANGUAGE LC_ADDRESS LC_ALL LC_COLLATE LC_CTYPE LC_IDENTIFICATION \
- LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER \
- LC_TELEPHONE LC_TIME
+LC_ALL=C
+export LC_ALL
+LANGUAGE=C
+export LANGUAGE
+
+# CDPATH.
+(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
+
+# Use a proper internal environment variable to ensure we don't fall
+ # into an infinite loop, continuously re-executing ourselves.
+ if test x"${_as_can_reexec}" != xno && test "x$CONFIG_SHELL" != x; then
+ _as_can_reexec=no; export _as_can_reexec;
+ # We cannot yet assume a decent shell, so we have to provide a
+# neutralization value for shells without unset; and this also
+# works around shells that cannot unset nonexistent variables.
+# Preserve -v and -x to the replacement shell.
+BASH_ENV=/dev/null
+ENV=/dev/null
+(unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV
+case $- in # ((((
+ *v*x* | *x*v* ) as_opts=-vx ;;
+ *v* ) as_opts=-v ;;
+ *x* ) as_opts=-x ;;
+ * ) as_opts= ;;
+esac
+exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"}
+# Admittedly, this is quite paranoid, since all the known shells bail
+# out after a failed `exec'.
+$as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2
+as_fn_exit 255
+ fi
+ # We don't want this to propagate to other subprocesses.
+ { _as_can_reexec=; unset _as_can_reexec;}
+if test "x$CONFIG_SHELL" = x; then
+ as_bourne_compatible="if test -n \"\${ZSH_VERSION+set}\" && (emulate sh) >/dev/null 2>&1; then :
+ emulate sh
+ NULLCMD=:
+ # Pre-4.2 versions of Zsh do word splitting on \${1+\"\$@\"}, which
+ # is contrary to our usage. Disable this feature.
+ alias -g '\${1+\"\$@\"}'='\"\$@\"'
+ setopt NO_GLOB_SUBST
+else
+ case \`(set -o) 2>/dev/null\` in #(
+ *posix*) :
+ set -o posix ;; #(
+ *) :
+ ;;
+esac
+fi
+"
+ as_required="as_fn_return () { (exit \$1); }
+as_fn_success () { as_fn_return 0; }
+as_fn_failure () { as_fn_return 1; }
+as_fn_ret_success () { return 0; }
+as_fn_ret_failure () { return 1; }
+
+exitcode=0
+as_fn_success || { exitcode=1; echo as_fn_success failed.; }
+as_fn_failure && { exitcode=1; echo as_fn_failure succeeded.; }
+as_fn_ret_success || { exitcode=1; echo as_fn_ret_success failed.; }
+as_fn_ret_failure && { exitcode=1; echo as_fn_ret_failure succeeded.; }
+if ( set x; as_fn_ret_success y && test x = \"\$1\" ); then :
+
+else
+ exitcode=1; echo positional parameters were not saved.
+fi
+test x\$exitcode = x0 || exit 1
+test -x / || exit 1"
+ as_suggested=" as_lineno_1=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_1a=\$LINENO
+ as_lineno_2=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_2a=\$LINENO
+ eval 'test \"x\$as_lineno_1'\$as_run'\" != \"x\$as_lineno_2'\$as_run'\" &&
+ test \"x\`expr \$as_lineno_1'\$as_run' + 1\`\" = \"x\$as_lineno_2'\$as_run'\"' || exit 1
+test \$(( 1 + 1 )) = 2 || exit 1"
+ if (eval "$as_required") 2>/dev/null; then :
+ as_have_required=yes
+else
+ as_have_required=no
+fi
+ if test x$as_have_required = xyes && (eval "$as_suggested") 2>/dev/null; then :
+
+else
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+as_found=false
+for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH
do
- if (set +x; test -z "`(eval $as_var=C; export $as_var) 2>&1`"); then
- eval $as_var=C; export $as_var
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ as_found=:
+ case $as_dir in #(
+ /*)
+ for as_base in sh bash ksh sh5; do
+ # Try only shells that exist, to save several forks.
+ as_shell=$as_dir/$as_base
+ if { test -f "$as_shell" || test -f "$as_shell.exe"; } &&
+ { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$as_shell"; } 2>/dev/null; then :
+ CONFIG_SHELL=$as_shell as_have_required=yes
+ if { $as_echo "$as_bourne_compatible""$as_suggested" | as_run=a "$as_shell"; } 2>/dev/null; then :
+ break 2
+fi
+fi
+ done;;
+ esac
+ as_found=false
+done
+$as_found || { if { test -f "$SHELL" || test -f "$SHELL.exe"; } &&
+ { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$SHELL"; } 2>/dev/null; then :
+ CONFIG_SHELL=$SHELL as_have_required=yes
+fi; }
+IFS=$as_save_IFS
+
+
+ if test "x$CONFIG_SHELL" != x; then :
+ export CONFIG_SHELL
+ # We cannot yet assume a decent shell, so we have to provide a
+# neutralization value for shells without unset; and this also
+# works around shells that cannot unset nonexistent variables.
+# Preserve -v and -x to the replacement shell.
+BASH_ENV=/dev/null
+ENV=/dev/null
+(unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV
+case $- in # ((((
+ *v*x* | *x*v* ) as_opts=-vx ;;
+ *v* ) as_opts=-v ;;
+ *x* ) as_opts=-x ;;
+ * ) as_opts= ;;
+esac
+exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"}
+# Admittedly, this is quite paranoid, since all the known shells bail
+# out after a failed `exec'.
+$as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2
+exit 255
+fi
+
+ if test x$as_have_required = xno; then :
+ $as_echo "$0: This script requires a shell more modern than all"
+ $as_echo "$0: the shells that I found on your system."
+ if test x${ZSH_VERSION+set} = xset ; then
+ $as_echo "$0: In particular, zsh $ZSH_VERSION has bugs and should"
+ $as_echo "$0: be upgraded to zsh 4.3.4 or later."
else
- $as_unset $as_var
+ $as_echo "$0: Please tell bug-autoconf@gnu.org and
+$0: https://github.com/cisco/libsrtp/issues about your
+$0: system, including any error possibly output before this
+$0: message. Then install a modern shell, or manually run
+$0: the script under such a shell if you do have one."
fi
-done
+ exit 1
+fi
+fi
+fi
+SHELL=${CONFIG_SHELL-/bin/sh}
+export SHELL
+# Unset more variables known to interfere with behavior of common tools.
+CLICOLOR_FORCE= GREP_OPTIONS=
+unset CLICOLOR_FORCE GREP_OPTIONS
+
+## --------------------- ##
+## M4sh Shell Functions. ##
+## --------------------- ##
+# as_fn_unset VAR
+# ---------------
+# Portably unset VAR.
+as_fn_unset ()
+{
+ { eval $1=; unset $1;}
+}
+as_unset=as_fn_unset
+
+# as_fn_set_status STATUS
+# -----------------------
+# Set $? to STATUS, without forking.
+as_fn_set_status ()
+{
+ return $1
+} # as_fn_set_status
+
+# as_fn_exit STATUS
+# -----------------
+# Exit the shell with STATUS, even in a "trap 0" or "set -e" context.
+as_fn_exit ()
+{
+ set +e
+ as_fn_set_status $1
+ exit $1
+} # as_fn_exit
+
+# as_fn_mkdir_p
+# -------------
+# Create "$as_dir" as a directory, including parents if necessary.
+as_fn_mkdir_p ()
+{
+
+ case $as_dir in #(
+ -*) as_dir=./$as_dir;;
+ esac
+ test -d "$as_dir" || eval $as_mkdir_p || {
+ as_dirs=
+ while :; do
+ case $as_dir in #(
+ *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'(
+ *) as_qdir=$as_dir;;
+ esac
+ as_dirs="'$as_qdir' $as_dirs"
+ as_dir=`$as_dirname -- "$as_dir" ||
+$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+ X"$as_dir" : 'X\(//\)[^/]' \| \
+ X"$as_dir" : 'X\(//\)$' \| \
+ X"$as_dir" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$as_dir" |
+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)[^/].*/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\).*/{
+ s//\1/
+ q
+ }
+ s/.*/./; q'`
+ test -d "$as_dir" && break
+ done
+ test -z "$as_dirs" || eval "mkdir $as_dirs"
+ } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir"
+
+
+} # as_fn_mkdir_p
+
+# as_fn_executable_p FILE
+# -----------------------
+# Test if FILE is an executable regular file.
+as_fn_executable_p ()
+{
+ test -f "$1" && test -x "$1"
+} # as_fn_executable_p
+# as_fn_append VAR VALUE
+# ----------------------
+# Append the text in VALUE to the end of the definition contained in VAR. Take
+# advantage of any shell optimizations that allow amortized linear growth over
+# repeated appends, instead of the typical quadratic growth present in naive
+# implementations.
+if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then :
+ eval 'as_fn_append ()
+ {
+ eval $1+=\$2
+ }'
+else
+ as_fn_append ()
+ {
+ eval $1=\$$1\$2
+ }
+fi # as_fn_append
+
+# as_fn_arith ARG...
+# ------------------
+# Perform arithmetic evaluation on the ARGs, and store the result in the
+# global $as_val. Take advantage of shells that can avoid forks. The arguments
+# must be portable across $(()) and expr.
+if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then :
+ eval 'as_fn_arith ()
+ {
+ as_val=$(( $* ))
+ }'
+else
+ as_fn_arith ()
+ {
+ as_val=`expr "$@" || test $? -eq 1`
+ }
+fi # as_fn_arith
-# Required to use basename.
-if expr a : '\(a\)' >/dev/null 2>&1; then
+
+# as_fn_error STATUS ERROR [LINENO LOG_FD]
+# ----------------------------------------
+# Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are
+# provided, also output the error to LOG_FD, referencing LINENO. Then exit the
+# script with STATUS, using 1 if that was 0.
+as_fn_error ()
+{
+ as_status=$1; test $as_status -eq 0 && as_status=1
+ if test "$4"; then
+ as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4
+ fi
+ $as_echo "$as_me: error: $2" >&2
+ as_fn_exit $as_status
+} # as_fn_error
+
+if expr a : '\(a\)' >/dev/null 2>&1 &&
+ test "X`expr 00001 : '.*\(...\)'`" = X001; then
as_expr=expr
else
as_expr=false
fi
-if (basename /) >/dev/null 2>&1 && test "X`basename / 2>&1`" = "X/"; then
+if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then
as_basename=basename
else
as_basename=false
fi
+if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then
+ as_dirname=dirname
+else
+ as_dirname=false
+fi
-# Name of the executable.
-as_me=`$as_basename "$0" ||
+as_me=`$as_basename -- "$0" ||
$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
X"$0" : 'X\(//\)$' \| \
- X"$0" : 'X\(/\)$' \| \
- . : '\(.\)' 2>/dev/null ||
-echo X/"$0" |
- sed '/^.*\/\([^/][^/]*\)\/*$/{ s//\1/; q; }
- /^X\/\(\/\/\)$/{ s//\1/; q; }
- /^X\/\(\/\).*/{ s//\1/; q; }
- s/.*/./; q'`
-
+ X"$0" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X/"$0" |
+ sed '/^.*\/\([^/][^/]*\)\/*$/{
+ s//\1/
+ q
+ }
+ /^X\/\(\/\/\)$/{
+ s//\1/
+ q
+ }
+ /^X\/\(\/\).*/{
+ s//\1/
+ q
+ }
+ s/.*/./; q'`
-# PATH needs CR, and LINENO needs CR and PATH.
# Avoid depending upon Character Ranges.
as_cr_letters='abcdefghijklmnopqrstuvwxyz'
as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
@@ -83,146 +464,91 @@ as_cr_Letters=$as_cr_letters$as_cr_LETTERS
as_cr_digits='0123456789'
as_cr_alnum=$as_cr_Letters$as_cr_digits
-# The user is always right.
-if test "${PATH_SEPARATOR+set}" != set; then
- echo "#! /bin/sh" >conf$$.sh
- echo "exit 0" >>conf$$.sh
- chmod +x conf$$.sh
- if (PATH="/nonexistent;."; conf$$.sh) >/dev/null 2>&1; then
- PATH_SEPARATOR=';'
- else
- PATH_SEPARATOR=:
- fi
- rm -f conf$$.sh
-fi
-
-
- as_lineno_1=$LINENO
- as_lineno_2=$LINENO
- as_lineno_3=`(expr $as_lineno_1 + 1) 2>/dev/null`
- test "x$as_lineno_1" != "x$as_lineno_2" &&
- test "x$as_lineno_3" = "x$as_lineno_2" || {
- # Find who we are. Look in the path if we contain no path at all
- # relative or not.
- case $0 in
- *[\\/]* ) as_myself=$0 ;;
- *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break
-done
-
- ;;
- esac
- # We did not find ourselves, most probably we were run as `sh COMMAND'
- # in which case we are not to be found in the path.
- if test "x$as_myself" = x; then
- as_myself=$0
- fi
- if test ! -f "$as_myself"; then
- { echo "$as_me: error: cannot find myself; rerun with an absolute path" >&2
- { (exit 1); exit 1; }; }
- fi
- case $CONFIG_SHELL in
- '')
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for as_base in sh bash ksh sh5; do
- case $as_dir in
- /*)
- if ("$as_dir/$as_base" -c '
- as_lineno_1=$LINENO
- as_lineno_2=$LINENO
- as_lineno_3=`(expr $as_lineno_1 + 1) 2>/dev/null`
- test "x$as_lineno_1" != "x$as_lineno_2" &&
- test "x$as_lineno_3" = "x$as_lineno_2" ') 2>/dev/null; then
- $as_unset BASH_ENV || test "${BASH_ENV+set}" != set || { BASH_ENV=; export BASH_ENV; }
- $as_unset ENV || test "${ENV+set}" != set || { ENV=; export ENV; }
- CONFIG_SHELL=$as_dir/$as_base
- export CONFIG_SHELL
- exec "$CONFIG_SHELL" "$0" ${1+"$@"}
- fi;;
- esac
- done
-done
-;;
- esac
- # Create $as_me.lineno as a copy of $as_myself, but with $LINENO
- # uniformly replaced by the line number. The first 'sed' inserts a
- # line-number line before each line; the second 'sed' does the real
- # work. The second script uses 'N' to pair each line-number line
- # with the numbered line, and appends trailing '-' during
- # substitution so that $LINENO is not a special case at line end.
- # (Raja R Harinath suggested sed '=', and Paul Eggert wrote the
- # second 'sed' script. Blame Lee E. McMahon for sed's syntax. :-)
- sed '=' <$as_myself |
+ as_lineno_1=$LINENO as_lineno_1a=$LINENO
+ as_lineno_2=$LINENO as_lineno_2a=$LINENO
+ eval 'test "x$as_lineno_1'$as_run'" != "x$as_lineno_2'$as_run'" &&
+ test "x`expr $as_lineno_1'$as_run' + 1`" = "x$as_lineno_2'$as_run'"' || {
+ # Blame Lee E. McMahon (1931-1989) for sed's syntax. :-)
+ sed -n '
+ p
+ /[$]LINENO/=
+ ' <$as_myself |
sed '
+ s/[$]LINENO.*/&-/
+ t lineno
+ b
+ :lineno
N
- s,$,-,
- : loop
- s,^\(['$as_cr_digits']*\)\(.*\)[$]LINENO\([^'$as_cr_alnum'_]\),\1\2\1\3,
+ :loop
+ s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/
t loop
- s,-$,,
- s,^['$as_cr_digits']*\n,,
+ s/-\n.*//
' >$as_me.lineno &&
- chmod +x $as_me.lineno ||
- { echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2
- { (exit 1); exit 1; }; }
+ chmod +x "$as_me.lineno" ||
+ { $as_echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2; as_fn_exit 1; }
+ # If we had to re-execute with $CONFIG_SHELL, we're ensured to have
+ # already done that, so ensure we don't try to do so again and fall
+ # in an infinite loop. This has already happened in practice.
+ _as_can_reexec=no; export _as_can_reexec
# Don't try to exec as it changes $[0], causing all sort of problems
# (the dirname of $[0] is not the place where we might find the
- # original and so on. Autoconf is especially sensible to this).
- . ./$as_me.lineno
+ # original and so on. Autoconf is especially sensitive to this).
+ . "./$as_me.lineno"
# Exit status is that of the last command.
exit
}
-
-case `echo "testing\c"; echo 1,2,3`,`echo -n testing; echo 1,2,3` in
- *c*,-n*) ECHO_N= ECHO_C='
-' ECHO_T=' ' ;;
- *c*,* ) ECHO_N=-n ECHO_C= ECHO_T= ;;
- *) ECHO_N= ECHO_C='\c' ECHO_T= ;;
+ECHO_C= ECHO_N= ECHO_T=
+case `echo -n x` in #(((((
+-n*)
+ case `echo 'xy\c'` in
+ *c*) ECHO_T=' ';; # ECHO_T is single tab character.
+ xy) ECHO_C='\c';;
+ *) echo `echo ksh88 bug on AIX 6.1` > /dev/null
+ ECHO_T=' ';;
+ esac;;
+*)
+ ECHO_N='-n';;
esac
-if expr a : '\(a\)' >/dev/null 2>&1; then
- as_expr=expr
+rm -f conf$$ conf$$.exe conf$$.file
+if test -d conf$$.dir; then
+ rm -f conf$$.dir/conf$$.file
else
- as_expr=false
+ rm -f conf$$.dir
+ mkdir conf$$.dir 2>/dev/null
fi
-
-rm -f conf$$ conf$$.exe conf$$.file
-echo >conf$$.file
-if ln -s conf$$.file conf$$ 2>/dev/null; then
- # We could just check for DJGPP; but this test a) works b) is more generic
- # and c) will remain valid once DJGPP supports symlinks (DJGPP 2.04).
- if test -f conf$$.exe; then
- # Don't use ln at all; we don't have any links
- as_ln_s='cp -p'
- else
+if (echo >conf$$.file) 2>/dev/null; then
+ if ln -s conf$$.file conf$$ 2>/dev/null; then
as_ln_s='ln -s'
+ # ... but there are two gotchas:
+ # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail.
+ # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable.
+ # In both cases, we have to default to `cp -pR'.
+ ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe ||
+ as_ln_s='cp -pR'
+ elif ln conf$$.file conf$$ 2>/dev/null; then
+ as_ln_s=ln
+ else
+ as_ln_s='cp -pR'
fi
-elif ln conf$$.file conf$$ 2>/dev/null; then
- as_ln_s=ln
else
- as_ln_s='cp -p'
+ as_ln_s='cp -pR'
fi
-rm -f conf$$ conf$$.exe conf$$.file
+rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file
+rmdir conf$$.dir 2>/dev/null
if mkdir -p . 2>/dev/null; then
- as_mkdir_p=:
+ as_mkdir_p='mkdir -p "$as_dir"'
else
test -d ./-p && rmdir ./-p
as_mkdir_p=false
fi
-as_executable_p="test -f"
+as_test_x='test -x'
+as_executable_p=as_fn_executable_p
# Sed expression to map a string onto a valid CPP name.
as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
@@ -231,90 +557,172 @@ as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'"
-# IFS
-# We need space, tab and new line, in precisely that order.
-as_nl='
-'
-IFS=" $as_nl"
-
-# CDPATH.
-$as_unset CDPATH
-
+test -n "$DJDIR" || exec 7<&0 </dev/null
+exec 6>&1
# Name of the host.
-# hostname on some systems (SVR3.2, Linux) returns a bogus exit status,
+# hostname on some systems (SVR3.2, old GNU/Linux) returns a bogus exit status,
# so uname gets run too.
ac_hostname=`(hostname || uname -n) 2>/dev/null | sed 1q`
-exec 6>&1
-
#
# Initializations.
#
ac_default_prefix=/usr/local
+ac_clean_files=
ac_config_libobj_dir=.
+LIBOBJS=
cross_compiling=no
subdirs=
MFLAGS=
MAKEFLAGS=
-SHELL=${CONFIG_SHELL-/bin/sh}
-
-# Maximum number of lines to put in a shell here document.
-# This variable seems obsolete. It should probably be removed, and
-# only ac_max_sed_lines should be used.
-: ${ac_max_here_lines=38}
# Identity of this package.
-PACKAGE_NAME=
-PACKAGE_TARNAME=
-PACKAGE_VERSION=
-PACKAGE_STRING=
-PACKAGE_BUGREPORT=
+PACKAGE_NAME='libsrtp'
+PACKAGE_TARNAME='libsrtp'
+PACKAGE_VERSION='1.5.4'
+PACKAGE_STRING='libsrtp 1.5.4'
+PACKAGE_BUGREPORT='https://github.com/cisco/libsrtp/issues'
+PACKAGE_URL=''
-ac_unique_file="srtp"
# Factoring default headers for most tests.
ac_includes_default="\
#include <stdio.h>
-#if HAVE_SYS_TYPES_H
+#ifdef HAVE_SYS_TYPES_H
# include <sys/types.h>
#endif
-#if HAVE_SYS_STAT_H
+#ifdef HAVE_SYS_STAT_H
# include <sys/stat.h>
#endif
-#if STDC_HEADERS
+#ifdef STDC_HEADERS
# include <stdlib.h>
# include <stddef.h>
#else
-# if HAVE_STDLIB_H
+# ifdef HAVE_STDLIB_H
# include <stdlib.h>
# endif
#endif
-#if HAVE_STRING_H
-# if !STDC_HEADERS && HAVE_MEMORY_H
+#ifdef HAVE_STRING_H
+# if !defined STDC_HEADERS && defined HAVE_MEMORY_H
# include <memory.h>
# endif
# include <string.h>
#endif
-#if HAVE_STRINGS_H
+#ifdef HAVE_STRINGS_H
# include <strings.h>
#endif
-#if HAVE_INTTYPES_H
+#ifdef HAVE_INTTYPES_H
# include <inttypes.h>
-#else
-# if HAVE_STDINT_H
-# include <stdint.h>
-# endif
#endif
-#if HAVE_UNISTD_H
+#ifdef HAVE_STDINT_H
+# include <stdint.h>
+#endif
+#ifdef HAVE_UNISTD_H
# include <unistd.h>
#endif"
-ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS RANLIB ac_ct_RANLIB CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA RNG_OBJS CPP EGREP build build_cpu build_vendor build_os host host_cpu host_vendor host_os EXE GDOI_OBJS LIBOBJS LTLIBOBJS'
+ac_subst_vars='LTLIBOBJS
+LIBOBJS
+HAVE_PKG_CONFIG
+PKG_CONFIG
+GDOI_OBJS
+HAVE_PCAP
+HMAC_OBJS
+RNG_EXTRA_OBJS
+RNG_OBJS
+AES_ICM_OBJS
+USE_OPENSSL
+EXE
+host_os
+host_vendor
+host_cpu
+host
+build_os
+build_vendor
+build_cpu
+build
+EGREP
+GREP
+CPP
+INSTALL_DATA
+INSTALL_SCRIPT
+INSTALL_PROGRAM
+RANLIB
+OBJEXT
+EXEEXT
+ac_ct_CC
+CPPFLAGS
+LDFLAGS
+CFLAGS
+CC
+ac_ct_AR
+AR
+target_alias
+host_alias
+build_alias
+LIBS
+ECHO_T
+ECHO_N
+ECHO_C
+DEFS
+mandir
+localedir
+libdir
+psdir
+pdfdir
+dvidir
+htmldir
+infodir
+docdir
+oldincludedir
+includedir
+localstatedir
+sharedstatedir
+sysconfdir
+datadir
+datarootdir
+libexecdir
+sbindir
+bindir
+program_transform_name
+prefix
+exec_prefix
+PACKAGE_URL
+PACKAGE_BUGREPORT
+PACKAGE_STRING
+PACKAGE_VERSION
+PACKAGE_TARNAME
+PACKAGE_NAME
+PATH_SEPARATOR
+SHELL'
ac_subst_files=''
+ac_user_opts='
+enable_option_checking
+enable_kernel_linux
+enable_debug
+enable_generic_aesicm
+enable_openssl
+enable_syslog
+enable_stdout
+enable_console
+enable_gdoi
+'
+ ac_precious_vars='build_alias
+host_alias
+target_alias
+CC
+CFLAGS
+LDFLAGS
+LIBS
+CPPFLAGS
+CPP'
+
# Initialize some variables set by options.
ac_init_help=
ac_init_version=false
+ac_unrecognized_opts=
+ac_unrecognized_sep=
# The variables have the same names as the options, with
# dashes changed to underlines.
cache_file=/dev/null
@@ -337,34 +745,49 @@ x_libraries=NONE
# and all the variables that are supposed to be based on exec_prefix
# by default will actually change.
# Use braces instead of parens because sh, perl, etc. also accept them.
+# (The list follows the same order as the GNU Coding Standards.)
bindir='${exec_prefix}/bin'
sbindir='${exec_prefix}/sbin'
libexecdir='${exec_prefix}/libexec'
-datadir='${prefix}/share'
+datarootdir='${prefix}/share'
+datadir='${datarootdir}'
sysconfdir='${prefix}/etc'
sharedstatedir='${prefix}/com'
localstatedir='${prefix}/var'
-libdir='${exec_prefix}/lib'
includedir='${prefix}/include'
oldincludedir='/usr/include'
-infodir='${prefix}/info'
-mandir='${prefix}/man'
+docdir='${datarootdir}/doc/${PACKAGE_TARNAME}'
+infodir='${datarootdir}/info'
+htmldir='${docdir}'
+dvidir='${docdir}'
+pdfdir='${docdir}'
+psdir='${docdir}'
+libdir='${exec_prefix}/lib'
+localedir='${datarootdir}/locale'
+mandir='${datarootdir}/man'
ac_prev=
+ac_dashdash=
for ac_option
do
# If the previous option needs an argument, assign it.
if test -n "$ac_prev"; then
- eval "$ac_prev=\$ac_option"
+ eval $ac_prev=\$ac_option
ac_prev=
continue
fi
- ac_optarg=`expr "x$ac_option" : 'x[^=]*=\(.*\)'`
+ case $ac_option in
+ *=?*) ac_optarg=`expr "X$ac_option" : '[^=]*=\(.*\)'` ;;
+ *=) ac_optarg= ;;
+ *) ac_optarg=yes ;;
+ esac
# Accept the important Cygnus configure options, so we can diagnose typos.
- case $ac_option in
+ case $ac_dashdash$ac_option in
+ --)
+ ac_dashdash=yes ;;
-bindir | --bindir | --bindi | --bind | --bin | --bi)
ac_prev=bindir ;;
@@ -386,33 +809,59 @@ do
--config-cache | -C)
cache_file=config.cache ;;
- -datadir | --datadir | --datadi | --datad | --data | --dat | --da)
+ -datadir | --datadir | --datadi | --datad)
ac_prev=datadir ;;
- -datadir=* | --datadir=* | --datadi=* | --datad=* | --data=* | --dat=* \
- | --da=*)
+ -datadir=* | --datadir=* | --datadi=* | --datad=*)
datadir=$ac_optarg ;;
+ -datarootdir | --datarootdir | --datarootdi | --datarootd | --dataroot \
+ | --dataroo | --dataro | --datar)
+ ac_prev=datarootdir ;;
+ -datarootdir=* | --datarootdir=* | --datarootdi=* | --datarootd=* \
+ | --dataroot=* | --dataroo=* | --dataro=* | --datar=*)
+ datarootdir=$ac_optarg ;;
+
-disable-* | --disable-*)
- ac_feature=`expr "x$ac_option" : 'x-*disable-\(.*\)'`
+ ac_useropt=`expr "x$ac_option" : 'x-*disable-\(.*\)'`
# Reject names that are not valid shell variable names.
- expr "x$ac_feature" : ".*[^-_$as_cr_alnum]" >/dev/null &&
- { echo "$as_me: error: invalid feature name: $ac_feature" >&2
- { (exit 1); exit 1; }; }
- ac_feature=`echo $ac_feature | sed 's/-/_/g'`
- eval "enable_$ac_feature=no" ;;
+ expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
+ as_fn_error $? "invalid feature name: $ac_useropt"
+ ac_useropt_orig=$ac_useropt
+ ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
+ case $ac_user_opts in
+ *"
+"enable_$ac_useropt"
+"*) ;;
+ *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--disable-$ac_useropt_orig"
+ ac_unrecognized_sep=', ';;
+ esac
+ eval enable_$ac_useropt=no ;;
+
+ -docdir | --docdir | --docdi | --doc | --do)
+ ac_prev=docdir ;;
+ -docdir=* | --docdir=* | --docdi=* | --doc=* | --do=*)
+ docdir=$ac_optarg ;;
+
+ -dvidir | --dvidir | --dvidi | --dvid | --dvi | --dv)
+ ac_prev=dvidir ;;
+ -dvidir=* | --dvidir=* | --dvidi=* | --dvid=* | --dvi=* | --dv=*)
+ dvidir=$ac_optarg ;;
-enable-* | --enable-*)
- ac_feature=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'`
+ ac_useropt=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'`
# Reject names that are not valid shell variable names.
- expr "x$ac_feature" : ".*[^-_$as_cr_alnum]" >/dev/null &&
- { echo "$as_me: error: invalid feature name: $ac_feature" >&2
- { (exit 1); exit 1; }; }
- ac_feature=`echo $ac_feature | sed 's/-/_/g'`
- case $ac_option in
- *=*) ac_optarg=`echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"`;;
- *) ac_optarg=yes ;;
+ expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
+ as_fn_error $? "invalid feature name: $ac_useropt"
+ ac_useropt_orig=$ac_useropt
+ ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
+ case $ac_user_opts in
+ *"
+"enable_$ac_useropt"
+"*) ;;
+ *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--enable-$ac_useropt_orig"
+ ac_unrecognized_sep=', ';;
esac
- eval "enable_$ac_feature='$ac_optarg'" ;;
+ eval enable_$ac_useropt=\$ac_optarg ;;
-exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \
| --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \
@@ -439,6 +888,12 @@ do
-host=* | --host=* | --hos=* | --ho=*)
host_alias=$ac_optarg ;;
+ -htmldir | --htmldir | --htmldi | --htmld | --html | --htm | --ht)
+ ac_prev=htmldir ;;
+ -htmldir=* | --htmldir=* | --htmldi=* | --htmld=* | --html=* | --htm=* \
+ | --ht=*)
+ htmldir=$ac_optarg ;;
+
-includedir | --includedir | --includedi | --included | --include \
| --includ | --inclu | --incl | --inc)
ac_prev=includedir ;;
@@ -463,13 +918,16 @@ do
| --libexe=* | --libex=* | --libe=*)
libexecdir=$ac_optarg ;;
+ -localedir | --localedir | --localedi | --localed | --locale)
+ ac_prev=localedir ;;
+ -localedir=* | --localedir=* | --localedi=* | --localed=* | --locale=*)
+ localedir=$ac_optarg ;;
+
-localstatedir | --localstatedir | --localstatedi | --localstated \
- | --localstate | --localstat | --localsta | --localst \
- | --locals | --local | --loca | --loc | --lo)
+ | --localstate | --localstat | --localsta | --localst | --locals)
ac_prev=localstatedir ;;
-localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \
- | --localstate=* | --localstat=* | --localsta=* | --localst=* \
- | --locals=* | --local=* | --loca=* | --loc=* | --lo=*)
+ | --localstate=* | --localstat=* | --localsta=* | --localst=* | --locals=*)
localstatedir=$ac_optarg ;;
-mandir | --mandir | --mandi | --mand | --man | --ma | --m)
@@ -534,6 +992,16 @@ do
| --progr-tra=* | --program-tr=* | --program-t=*)
program_transform_name=$ac_optarg ;;
+ -pdfdir | --pdfdir | --pdfdi | --pdfd | --pdf | --pd)
+ ac_prev=pdfdir ;;
+ -pdfdir=* | --pdfdir=* | --pdfdi=* | --pdfd=* | --pdf=* | --pd=*)
+ pdfdir=$ac_optarg ;;
+
+ -psdir | --psdir | --psdi | --psd | --ps)
+ ac_prev=psdir ;;
+ -psdir=* | --psdir=* | --psdi=* | --psd=* | --ps=*)
+ psdir=$ac_optarg ;;
+
-q | -quiet | --quiet | --quie | --qui | --qu | --q \
| -silent | --silent | --silen | --sile | --sil)
silent=yes ;;
@@ -584,26 +1052,36 @@ do
ac_init_version=: ;;
-with-* | --with-*)
- ac_package=`expr "x$ac_option" : 'x-*with-\([^=]*\)'`
+ ac_useropt=`expr "x$ac_option" : 'x-*with-\([^=]*\)'`
# Reject names that are not valid shell variable names.
- expr "x$ac_package" : ".*[^-_$as_cr_alnum]" >/dev/null &&
- { echo "$as_me: error: invalid package name: $ac_package" >&2
- { (exit 1); exit 1; }; }
- ac_package=`echo $ac_package| sed 's/-/_/g'`
- case $ac_option in
- *=*) ac_optarg=`echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"`;;
- *) ac_optarg=yes ;;
+ expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
+ as_fn_error $? "invalid package name: $ac_useropt"
+ ac_useropt_orig=$ac_useropt
+ ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
+ case $ac_user_opts in
+ *"
+"with_$ac_useropt"
+"*) ;;
+ *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--with-$ac_useropt_orig"
+ ac_unrecognized_sep=', ';;
esac
- eval "with_$ac_package='$ac_optarg'" ;;
+ eval with_$ac_useropt=\$ac_optarg ;;
-without-* | --without-*)
- ac_package=`expr "x$ac_option" : 'x-*without-\(.*\)'`
+ ac_useropt=`expr "x$ac_option" : 'x-*without-\(.*\)'`
# Reject names that are not valid shell variable names.
- expr "x$ac_package" : ".*[^-_$as_cr_alnum]" >/dev/null &&
- { echo "$as_me: error: invalid package name: $ac_package" >&2
- { (exit 1); exit 1; }; }
- ac_package=`echo $ac_package | sed 's/-/_/g'`
- eval "with_$ac_package=no" ;;
+ expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
+ as_fn_error $? "invalid package name: $ac_useropt"
+ ac_useropt_orig=$ac_useropt
+ ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
+ case $ac_user_opts in
+ *"
+"with_$ac_useropt"
+"*) ;;
+ *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--without-$ac_useropt_orig"
+ ac_unrecognized_sep=', ';;
+ esac
+ eval with_$ac_useropt=no ;;
--x)
# Obsolete; use --with-x.
@@ -623,27 +1101,26 @@ do
| --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*)
x_libraries=$ac_optarg ;;
- -*) { echo "$as_me: error: unrecognized option: $ac_option
-Try \`$0 --help' for more information." >&2
- { (exit 1); exit 1; }; }
+ -*) as_fn_error $? "unrecognized option: \`$ac_option'
+Try \`$0 --help' for more information"
;;
*=*)
ac_envvar=`expr "x$ac_option" : 'x\([^=]*\)='`
# Reject names that are not valid shell variable names.
- expr "x$ac_envvar" : ".*[^_$as_cr_alnum]" >/dev/null &&
- { echo "$as_me: error: invalid variable name: $ac_envvar" >&2
- { (exit 1); exit 1; }; }
- ac_optarg=`echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"`
- eval "$ac_envvar='$ac_optarg'"
+ case $ac_envvar in #(
+ '' | [0-9]* | *[!_$as_cr_alnum]* )
+ as_fn_error $? "invalid variable name: \`$ac_envvar'" ;;
+ esac
+ eval $ac_envvar=\$ac_optarg
export $ac_envvar ;;
*)
# FIXME: should be removed in autoconf 3.0.
- echo "$as_me: WARNING: you should use --build, --host, --target" >&2
+ $as_echo "$as_me: WARNING: you should use --build, --host, --target" >&2
expr "x$ac_option" : ".*[^-._$as_cr_alnum]" >/dev/null &&
- echo "$as_me: WARNING: invalid host type: $ac_option" >&2
- : ${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option}
+ $as_echo "$as_me: WARNING: invalid host type: $ac_option" >&2
+ : "${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option}"
;;
esac
@@ -651,31 +1128,36 @@ done
if test -n "$ac_prev"; then
ac_option=--`echo $ac_prev | sed 's/_/-/g'`
- { echo "$as_me: error: missing argument to $ac_option" >&2
- { (exit 1); exit 1; }; }
+ as_fn_error $? "missing argument to $ac_option"
fi
-# Be sure to have absolute paths.
-for ac_var in exec_prefix prefix
-do
- eval ac_val=$`echo $ac_var`
- case $ac_val in
- [\\/$]* | ?:[\\/]* | NONE | '' ) ;;
- *) { echo "$as_me: error: expected an absolute directory name for --$ac_var: $ac_val" >&2
- { (exit 1); exit 1; }; };;
+if test -n "$ac_unrecognized_opts"; then
+ case $enable_option_checking in
+ no) ;;
+ fatal) as_fn_error $? "unrecognized options: $ac_unrecognized_opts" ;;
+ *) $as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2 ;;
esac
-done
+fi
-# Be sure to have absolute paths.
-for ac_var in bindir sbindir libexecdir datadir sysconfdir sharedstatedir \
- localstatedir libdir includedir oldincludedir infodir mandir
+# Check all directory arguments for consistency.
+for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \
+ datadir sysconfdir sharedstatedir localstatedir includedir \
+ oldincludedir docdir infodir htmldir dvidir pdfdir psdir \
+ libdir localedir mandir
do
- eval ac_val=$`echo $ac_var`
+ eval ac_val=\$$ac_var
+ # Remove trailing slashes.
+ case $ac_val in
+ */ )
+ ac_val=`expr "X$ac_val" : 'X\(.*[^/]\)' \| "X$ac_val" : 'X\(.*\)'`
+ eval $ac_var=\$ac_val;;
+ esac
+ # Be sure to have absolute directory names.
case $ac_val in
- [\\/$]* | ?:[\\/]* ) ;;
- *) { echo "$as_me: error: expected an absolute directory name for --$ac_var: $ac_val" >&2
- { (exit 1); exit 1; }; };;
+ [\\/$]* | ?:[\\/]* ) continue;;
+ NONE | '' ) case $ac_var in *prefix ) continue;; esac;;
esac
+ as_fn_error $? "expected an absolute directory name for --$ac_var: $ac_val"
done
# There might be people who depend on the old broken behavior: `$host'
@@ -689,8 +1171,6 @@ target=$target_alias
if test "x$host_alias" != x; then
if test "x$build_alias" = x; then
cross_compiling=maybe
- echo "$as_me: WARNING: If you wanted to set the --build type, don't use --host.
- If a cross compiler is detected then cross compile mode will be used." >&2
elif test "x$build_alias" != "x$host_alias"; then
cross_compiling=yes
fi
@@ -702,74 +1182,72 @@ test -n "$host_alias" && ac_tool_prefix=$host_alias-
test "$silent" = yes && exec 6>/dev/null
+ac_pwd=`pwd` && test -n "$ac_pwd" &&
+ac_ls_di=`ls -di .` &&
+ac_pwd_ls_di=`cd "$ac_pwd" && ls -di .` ||
+ as_fn_error $? "working directory cannot be determined"
+test "X$ac_ls_di" = "X$ac_pwd_ls_di" ||
+ as_fn_error $? "pwd does not report name of working directory"
+
+
# Find the source files, if location was not specified.
if test -z "$srcdir"; then
ac_srcdir_defaulted=yes
- # Try the directory containing this script, then its parent.
- ac_confdir=`(dirname "$0") 2>/dev/null ||
-$as_expr X"$0" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
- X"$0" : 'X\(//\)[^/]' \| \
- X"$0" : 'X\(//\)$' \| \
- X"$0" : 'X\(/\)' \| \
- . : '\(.\)' 2>/dev/null ||
-echo X"$0" |
- sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; }
- /^X\(\/\/\)[^/].*/{ s//\1/; q; }
- /^X\(\/\/\)$/{ s//\1/; q; }
- /^X\(\/\).*/{ s//\1/; q; }
- s/.*/./; q'`
+ # Try the directory containing this script, then the parent directory.
+ ac_confdir=`$as_dirname -- "$as_myself" ||
+$as_expr X"$as_myself" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+ X"$as_myself" : 'X\(//\)[^/]' \| \
+ X"$as_myself" : 'X\(//\)$' \| \
+ X"$as_myself" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$as_myself" |
+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)[^/].*/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\).*/{
+ s//\1/
+ q
+ }
+ s/.*/./; q'`
srcdir=$ac_confdir
- if test ! -r $srcdir/$ac_unique_file; then
+ if test ! -r "$srcdir/$ac_unique_file"; then
srcdir=..
fi
else
ac_srcdir_defaulted=no
fi
-if test ! -r $srcdir/$ac_unique_file; then
- if test "$ac_srcdir_defaulted" = yes; then
- { echo "$as_me: error: cannot find sources ($ac_unique_file) in $ac_confdir or .." >&2
- { (exit 1); exit 1; }; }
- else
- { echo "$as_me: error: cannot find sources ($ac_unique_file) in $srcdir" >&2
- { (exit 1); exit 1; }; }
- fi
-fi
-(cd $srcdir && test -r ./$ac_unique_file) 2>/dev/null ||
- { echo "$as_me: error: sources are in $srcdir, but \`cd $srcdir' does not work" >&2
- { (exit 1); exit 1; }; }
-srcdir=`echo "$srcdir" | sed 's%\([^\\/]\)[\\/]*$%\1%'`
-ac_env_build_alias_set=${build_alias+set}
-ac_env_build_alias_value=$build_alias
-ac_cv_env_build_alias_set=${build_alias+set}
-ac_cv_env_build_alias_value=$build_alias
-ac_env_host_alias_set=${host_alias+set}
-ac_env_host_alias_value=$host_alias
-ac_cv_env_host_alias_set=${host_alias+set}
-ac_cv_env_host_alias_value=$host_alias
-ac_env_target_alias_set=${target_alias+set}
-ac_env_target_alias_value=$target_alias
-ac_cv_env_target_alias_set=${target_alias+set}
-ac_cv_env_target_alias_value=$target_alias
-ac_env_CC_set=${CC+set}
-ac_env_CC_value=$CC
-ac_cv_env_CC_set=${CC+set}
-ac_cv_env_CC_value=$CC
-ac_env_CFLAGS_set=${CFLAGS+set}
-ac_env_CFLAGS_value=$CFLAGS
-ac_cv_env_CFLAGS_set=${CFLAGS+set}
-ac_cv_env_CFLAGS_value=$CFLAGS
-ac_env_LDFLAGS_set=${LDFLAGS+set}
-ac_env_LDFLAGS_value=$LDFLAGS
-ac_cv_env_LDFLAGS_set=${LDFLAGS+set}
-ac_cv_env_LDFLAGS_value=$LDFLAGS
-ac_env_CPPFLAGS_set=${CPPFLAGS+set}
-ac_env_CPPFLAGS_value=$CPPFLAGS
-ac_cv_env_CPPFLAGS_set=${CPPFLAGS+set}
-ac_cv_env_CPPFLAGS_value=$CPPFLAGS
-ac_env_CPP_set=${CPP+set}
-ac_env_CPP_value=$CPP
-ac_cv_env_CPP_set=${CPP+set}
-ac_cv_env_CPP_value=$CPP
+if test ! -r "$srcdir/$ac_unique_file"; then
+ test "$ac_srcdir_defaulted" = yes && srcdir="$ac_confdir or .."
+ as_fn_error $? "cannot find sources ($ac_unique_file) in $srcdir"
+fi
+ac_msg="sources are in $srcdir, but \`cd $srcdir' does not work"
+ac_abs_confdir=`(
+ cd "$srcdir" && test -r "./$ac_unique_file" || as_fn_error $? "$ac_msg"
+ pwd)`
+# When building in place, set srcdir=.
+if test "$ac_abs_confdir" = "$ac_pwd"; then
+ srcdir=.
+fi
+# Remove unnecessary trailing slashes from srcdir.
+# Double slashes in file names in object file debugging info
+# mess up M-x gdb in Emacs.
+case $srcdir in
+*/) srcdir=`expr "X$srcdir" : 'X\(.*[^/]\)' \| "X$srcdir" : 'X\(.*\)'`;;
+esac
+for ac_var in $ac_precious_vars; do
+ eval ac_env_${ac_var}_set=\${${ac_var}+set}
+ eval ac_env_${ac_var}_value=\$${ac_var}
+ eval ac_cv_env_${ac_var}_set=\${${ac_var}+set}
+ eval ac_cv_env_${ac_var}_value=\$${ac_var}
+done
#
# Report the --help message.
@@ -778,7 +1256,7 @@ if test "$ac_init_help" = "long"; then
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures this package to adapt to many kinds of systems.
+\`configure' configures libsrtp 1.5.4 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -792,20 +1270,17 @@ Configuration:
--help=short display options specific to this package
--help=recursive display the short help of all the included packages
-V, --version display version information and exit
- -q, --quiet, --silent do not print \`checking...' messages
+ -q, --quiet, --silent do not print \`checking ...' messages
--cache-file=FILE cache test results in FILE [disabled]
-C, --config-cache alias for \`--cache-file=config.cache'
-n, --no-create do not create output files
--srcdir=DIR find the sources in DIR [configure dir or \`..']
-_ACEOF
-
- cat <<_ACEOF
Installation directories:
--prefix=PREFIX install architecture-independent files in PREFIX
- [$ac_default_prefix]
+ [$ac_default_prefix]
--exec-prefix=EPREFIX install architecture-dependent files in EPREFIX
- [PREFIX]
+ [PREFIX]
By default, \`make install' will install all the files in
\`$ac_default_prefix/bin', \`$ac_default_prefix/lib' etc. You can specify
@@ -815,18 +1290,25 @@ for instance \`--prefix=\$HOME'.
For better control, use the options below.
Fine tuning of the installation directories:
- --bindir=DIR user executables [EPREFIX/bin]
- --sbindir=DIR system admin executables [EPREFIX/sbin]
- --libexecdir=DIR program executables [EPREFIX/libexec]
- --datadir=DIR read-only architecture-independent data [PREFIX/share]
- --sysconfdir=DIR read-only single-machine data [PREFIX/etc]
- --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com]
- --localstatedir=DIR modifiable single-machine data [PREFIX/var]
- --libdir=DIR object code libraries [EPREFIX/lib]
- --includedir=DIR C header files [PREFIX/include]
- --oldincludedir=DIR C header files for non-gcc [/usr/include]
- --infodir=DIR info documentation [PREFIX/info]
- --mandir=DIR man documentation [PREFIX/man]
+ --bindir=DIR user executables [EPREFIX/bin]
+ --sbindir=DIR system admin executables [EPREFIX/sbin]
+ --libexecdir=DIR program executables [EPREFIX/libexec]
+ --sysconfdir=DIR read-only single-machine data [PREFIX/etc]
+ --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com]
+ --localstatedir=DIR modifiable single-machine data [PREFIX/var]
+ --libdir=DIR object code libraries [EPREFIX/lib]
+ --includedir=DIR C header files [PREFIX/include]
+ --oldincludedir=DIR C header files for non-gcc [/usr/include]
+ --datarootdir=DIR read-only arch.-independent data root [PREFIX/share]
+ --datadir=DIR read-only architecture-independent data [DATAROOTDIR]
+ --infodir=DIR info documentation [DATAROOTDIR/info]
+ --localedir=DIR locale-dependent data [DATAROOTDIR/locale]
+ --mandir=DIR man documentation [DATAROOTDIR/man]
+ --docdir=DIR documentation root [DATAROOTDIR/doc/libsrtp]
+ --htmldir=DIR html documentation [DOCDIR]
+ --dvidir=DIR dvi documentation [DOCDIR]
+ --pdfdir=DIR pdf documentation [DOCDIR]
+ --psdir=DIR ps documentation [DOCDIR]
_ACEOF
cat <<\_ACEOF
@@ -838,15 +1320,19 @@ _ACEOF
fi
if test -n "$ac_init_help"; then
-
+ case $ac_init_help in
+ short | recursive ) echo "Configuration of libsrtp 1.5.4:";;
+ esac
cat <<\_ACEOF
Optional Features:
+ --disable-option-checking ignore unrecognized --enable/--with options
--disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no)
--enable-FEATURE[=ARG] include FEATURE [ARG=yes]
--enable-kernel-linux build library to run in Linux kernel context
--disable-debug do not compile in dynamic debugging system
--enable-generic-aesicm compile in changes for ISMAcryp
+ --enable-openssl compile in OpenSSL crypto engine
--enable-syslog use syslog for error reporting
--disable-stdout don't use stdout for error reporting
--enable-console use /dev/console for error reporting
@@ -857,126 +1343,690 @@ Some influential environment variables:
CFLAGS C compiler flags
LDFLAGS linker flags, e.g. -L<lib dir> if you have libraries in a
nonstandard directory <lib dir>
- CPPFLAGS C/C++ preprocessor flags, e.g. -I<include dir> if you have
- headers in a nonstandard directory <include dir>
+ LIBS libraries to pass to the linker, e.g. -l<library>
+ CPPFLAGS (Objective) C/C++ preprocessor flags, e.g. -I<include dir> if
+ you have headers in a nonstandard directory <include dir>
CPP C preprocessor
Use these variables to override the choices made by `configure' or to help
it to find libraries and programs with nonstandard names/locations.
+Report bugs to <https://github.com/cisco/libsrtp/issues>.
_ACEOF
+ac_status=$?
fi
if test "$ac_init_help" = "recursive"; then
# If there are subdirs, report their specific --help.
- ac_popdir=`pwd`
for ac_dir in : $ac_subdirs_all; do test "x$ac_dir" = x: && continue
- test -d $ac_dir || continue
+ test -d "$ac_dir" ||
+ { cd "$srcdir" && ac_pwd=`pwd` && srcdir=. && test -d "$ac_dir"; } ||
+ continue
ac_builddir=.
-if test "$ac_dir" != .; then
- ac_dir_suffix=/`echo "$ac_dir" | sed 's,^\.[\\/],,'`
- # A "../" for each directory in $ac_dir_suffix.
- ac_top_builddir=`echo "$ac_dir_suffix" | sed 's,/[^\\/]*,../,g'`
-else
- ac_dir_suffix= ac_top_builddir=
-fi
+case "$ac_dir" in
+.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;;
+*)
+ ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'`
+ # A ".." for each directory in $ac_dir_suffix.
+ ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'`
+ case $ac_top_builddir_sub in
+ "") ac_top_builddir_sub=. ac_top_build_prefix= ;;
+ *) ac_top_build_prefix=$ac_top_builddir_sub/ ;;
+ esac ;;
+esac
+ac_abs_top_builddir=$ac_pwd
+ac_abs_builddir=$ac_pwd$ac_dir_suffix
+# for backward compatibility:
+ac_top_builddir=$ac_top_build_prefix
case $srcdir in
- .) # No --srcdir option. We are building in place.
+ .) # We are building in place.
ac_srcdir=.
- if test -z "$ac_top_builddir"; then
- ac_top_srcdir=.
- else
- ac_top_srcdir=`echo $ac_top_builddir | sed 's,/$,,'`
- fi ;;
- [\\/]* | ?:[\\/]* ) # Absolute path.
+ ac_top_srcdir=$ac_top_builddir_sub
+ ac_abs_top_srcdir=$ac_pwd ;;
+ [\\/]* | ?:[\\/]* ) # Absolute name.
ac_srcdir=$srcdir$ac_dir_suffix;
- ac_top_srcdir=$srcdir ;;
- *) # Relative path.
- ac_srcdir=$ac_top_builddir$srcdir$ac_dir_suffix
- ac_top_srcdir=$ac_top_builddir$srcdir ;;
+ ac_top_srcdir=$srcdir
+ ac_abs_top_srcdir=$srcdir ;;
+ *) # Relative name.
+ ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix
+ ac_top_srcdir=$ac_top_build_prefix$srcdir
+ ac_abs_top_srcdir=$ac_pwd/$srcdir ;;
esac
+ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix
+
+ cd "$ac_dir" || { ac_status=$?; continue; }
+ # Check for guested configure.
+ if test -f "$ac_srcdir/configure.gnu"; then
+ echo &&
+ $SHELL "$ac_srcdir/configure.gnu" --help=recursive
+ elif test -f "$ac_srcdir/configure"; then
+ echo &&
+ $SHELL "$ac_srcdir/configure" --help=recursive
+ else
+ $as_echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2
+ fi || ac_status=$?
+ cd "$ac_pwd" || { ac_status=$?; break; }
+ done
+fi
-# Do not use `cd foo && pwd` to compute absolute paths, because
-# the directories may not exist.
-case `pwd` in
-.) ac_abs_builddir="$ac_dir";;
-*)
- case "$ac_dir" in
- .) ac_abs_builddir=`pwd`;;
- [\\/]* | ?:[\\/]* ) ac_abs_builddir="$ac_dir";;
- *) ac_abs_builddir=`pwd`/"$ac_dir";;
- esac;;
+test -n "$ac_init_help" && exit $ac_status
+if $ac_init_version; then
+ cat <<\_ACEOF
+libsrtp configure 1.5.4
+generated by GNU Autoconf 2.69
+
+Copyright (C) 2012 Free Software Foundation, Inc.
+This configure script is free software; the Free Software Foundation
+gives unlimited permission to copy, distribute and modify it.
+_ACEOF
+ exit
+fi
+
+## ------------------------ ##
+## Autoconf initialization. ##
+## ------------------------ ##
+
+# ac_fn_c_try_compile LINENO
+# --------------------------
+# Try to compile conftest.$ac_ext, and return whether this succeeded.
+ac_fn_c_try_compile ()
+{
+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ rm -f conftest.$ac_objext
+ if { { ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
esac
-case $ac_abs_builddir in
-.) ac_abs_top_builddir=${ac_top_builddir}.;;
-*)
- case ${ac_top_builddir}. in
- .) ac_abs_top_builddir=$ac_abs_builddir;;
- [\\/]* | ?:[\\/]* ) ac_abs_top_builddir=${ac_top_builddir}.;;
- *) ac_abs_top_builddir=$ac_abs_builddir/${ac_top_builddir}.;;
- esac;;
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_compile") 2>conftest.err
+ ac_status=$?
+ if test -s conftest.err; then
+ grep -v '^ *+' conftest.err >conftest.er1
+ cat conftest.er1 >&5
+ mv -f conftest.er1 conftest.err
+ fi
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then :
+ ac_retval=0
+else
+ $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_retval=1
+fi
+ eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
+ as_fn_set_status $ac_retval
+
+} # ac_fn_c_try_compile
+
+# ac_fn_c_try_run LINENO
+# ----------------------
+# Try to link conftest.$ac_ext, and return whether this succeeded. Assumes
+# that executables *can* be run.
+ac_fn_c_try_run ()
+{
+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ if { { ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
esac
-case $ac_abs_builddir in
-.) ac_abs_srcdir=$ac_srcdir;;
-*)
- case $ac_srcdir in
- .) ac_abs_srcdir=$ac_abs_builddir;;
- [\\/]* | ?:[\\/]* ) ac_abs_srcdir=$ac_srcdir;;
- *) ac_abs_srcdir=$ac_abs_builddir/$ac_srcdir;;
- esac;;
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_link") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; } && { ac_try='./conftest$ac_exeext'
+ { { case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
esac
-case $ac_abs_builddir in
-.) ac_abs_top_srcdir=$ac_top_srcdir;;
-*)
- case $ac_top_srcdir in
- .) ac_abs_top_srcdir=$ac_abs_builddir;;
- [\\/]* | ?:[\\/]* ) ac_abs_top_srcdir=$ac_top_srcdir;;
- *) ac_abs_top_srcdir=$ac_abs_builddir/$ac_top_srcdir;;
- esac;;
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_try") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; }; then :
+ ac_retval=0
+else
+ $as_echo "$as_me: program exited with status $ac_status" >&5
+ $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_retval=$ac_status
+fi
+ rm -rf conftest.dSYM conftest_ipa8_conftest.oo
+ eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
+ as_fn_set_status $ac_retval
+
+} # ac_fn_c_try_run
+
+# ac_fn_c_try_cpp LINENO
+# ----------------------
+# Try to preprocess conftest.$ac_ext, and return whether this succeeded.
+ac_fn_c_try_cpp ()
+{
+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ if { { ac_try="$ac_cpp conftest.$ac_ext"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_cpp conftest.$ac_ext") 2>conftest.err
+ ac_status=$?
+ if test -s conftest.err; then
+ grep -v '^ *+' conftest.err >conftest.er1
+ cat conftest.er1 >&5
+ mv -f conftest.er1 conftest.err
+ fi
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; } > conftest.i && {
+ test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ }; then :
+ ac_retval=0
+else
+ $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
- cd $ac_dir
- # Check for guested configure; otherwise get Cygnus style configure.
- if test -f $ac_srcdir/configure.gnu; then
- echo
- $SHELL $ac_srcdir/configure.gnu --help=recursive
- elif test -f $ac_srcdir/configure; then
- echo
- $SHELL $ac_srcdir/configure --help=recursive
- elif test -f $ac_srcdir/configure.ac ||
- test -f $ac_srcdir/configure.in; then
- echo
- $ac_configure --help
- else
- echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2
- fi
- cd $ac_popdir
+ ac_retval=1
+fi
+ eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
+ as_fn_set_status $ac_retval
+
+} # ac_fn_c_try_cpp
+
+# ac_fn_c_check_header_compile LINENO HEADER VAR INCLUDES
+# -------------------------------------------------------
+# Tests whether HEADER exists and can be compiled using the include files in
+# INCLUDES, setting the cache variable VAR accordingly.
+ac_fn_c_check_header_compile ()
+{
+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
+$as_echo_n "checking for $2... " >&6; }
+if eval \${$3+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$4
+#include <$2>
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ eval "$3=yes"
+else
+ eval "$3=no"
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+eval ac_res=\$$3
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+$as_echo "$ac_res" >&6; }
+ eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
+
+} # ac_fn_c_check_header_compile
+
+# ac_fn_c_check_header_mongrel LINENO HEADER VAR INCLUDES
+# -------------------------------------------------------
+# Tests whether HEADER exists, giving a warning if it cannot be compiled using
+# the include files in INCLUDES and setting the cache variable VAR
+# accordingly.
+ac_fn_c_check_header_mongrel ()
+{
+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ if eval \${$3+:} false; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
+$as_echo_n "checking for $2... " >&6; }
+if eval \${$3+:} false; then :
+ $as_echo_n "(cached) " >&6
+fi
+eval ac_res=\$$3
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+$as_echo "$ac_res" >&6; }
+else
+ # Is the header compilable?
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking $2 usability" >&5
+$as_echo_n "checking $2 usability... " >&6; }
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$4
+#include <$2>
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_header_compiler=yes
+else
+ ac_header_compiler=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_header_compiler" >&5
+$as_echo "$ac_header_compiler" >&6; }
+
+# Is the header present?
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking $2 presence" >&5
+$as_echo_n "checking $2 presence... " >&6; }
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <$2>
+_ACEOF
+if ac_fn_c_try_cpp "$LINENO"; then :
+ ac_header_preproc=yes
+else
+ ac_header_preproc=no
+fi
+rm -f conftest.err conftest.i conftest.$ac_ext
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_header_preproc" >&5
+$as_echo "$ac_header_preproc" >&6; }
+
+# So? What about this header?
+case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in #((
+ yes:no: )
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: accepted by the compiler, rejected by the preprocessor!" >&5
+$as_echo "$as_me: WARNING: $2: accepted by the compiler, rejected by the preprocessor!" >&2;}
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5
+$as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;}
+ ;;
+ no:yes:* )
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: present but cannot be compiled" >&5
+$as_echo "$as_me: WARNING: $2: present but cannot be compiled" >&2;}
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: check for missing prerequisite headers?" >&5
+$as_echo "$as_me: WARNING: $2: check for missing prerequisite headers?" >&2;}
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: see the Autoconf documentation" >&5
+$as_echo "$as_me: WARNING: $2: see the Autoconf documentation" >&2;}
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: section \"Present But Cannot Be Compiled\"" >&5
+$as_echo "$as_me: WARNING: $2: section \"Present But Cannot Be Compiled\"" >&2;}
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5
+$as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;}
+( $as_echo "## ------------------------------------------------------ ##
+## Report this to https://github.com/cisco/libsrtp/issues ##
+## ------------------------------------------------------ ##"
+ ) | sed "s/^/$as_me: WARNING: /" >&2
+ ;;
+esac
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
+$as_echo_n "checking for $2... " >&6; }
+if eval \${$3+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ eval "$3=\$ac_header_compiler"
+fi
+eval ac_res=\$$3
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+$as_echo "$ac_res" >&6; }
+fi
+ eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
+
+} # ac_fn_c_check_header_mongrel
+
+# ac_fn_c_check_type LINENO TYPE VAR INCLUDES
+# -------------------------------------------
+# Tests whether TYPE exists after having included INCLUDES, setting cache
+# variable VAR accordingly.
+ac_fn_c_check_type ()
+{
+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
+$as_echo_n "checking for $2... " >&6; }
+if eval \${$3+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ eval "$3=no"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$4
+int
+main ()
+{
+if (sizeof ($2))
+ return 0;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$4
+int
+main ()
+{
+if (sizeof (($2)))
+ return 0;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+
+else
+ eval "$3=yes"
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+eval ac_res=\$$3
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+$as_echo "$ac_res" >&6; }
+ eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
+
+} # ac_fn_c_check_type
+
+# ac_fn_c_compute_int LINENO EXPR VAR INCLUDES
+# --------------------------------------------
+# Tries to find the compile-time value of EXPR in a program that includes
+# INCLUDES, setting VAR accordingly. Returns whether the value could be
+# computed
+ac_fn_c_compute_int ()
+{
+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ if test "$cross_compiling" = yes; then
+ # Depending upon the size, compute the lo and hi bounds.
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$4
+int
+main ()
+{
+static int test_array [1 - 2 * !(($2) >= 0)];
+test_array [0] = 0;
+return test_array [0];
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_lo=0 ac_mid=0
+ while :; do
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$4
+int
+main ()
+{
+static int test_array [1 - 2 * !(($2) <= $ac_mid)];
+test_array [0] = 0;
+return test_array [0];
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_hi=$ac_mid; break
+else
+ as_fn_arith $ac_mid + 1 && ac_lo=$as_val
+ if test $ac_lo -le $ac_mid; then
+ ac_lo= ac_hi=
+ break
+ fi
+ as_fn_arith 2 '*' $ac_mid + 1 && ac_mid=$as_val
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ done
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$4
+int
+main ()
+{
+static int test_array [1 - 2 * !(($2) < 0)];
+test_array [0] = 0;
+return test_array [0];
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_hi=-1 ac_mid=-1
+ while :; do
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$4
+int
+main ()
+{
+static int test_array [1 - 2 * !(($2) >= $ac_mid)];
+test_array [0] = 0;
+return test_array [0];
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_lo=$ac_mid; break
+else
+ as_fn_arith '(' $ac_mid ')' - 1 && ac_hi=$as_val
+ if test $ac_mid -le $ac_hi; then
+ ac_lo= ac_hi=
+ break
+ fi
+ as_fn_arith 2 '*' $ac_mid && ac_mid=$as_val
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
done
+else
+ ac_lo= ac_hi=
fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+# Binary search between lo and hi bounds.
+while test "x$ac_lo" != "x$ac_hi"; do
+ as_fn_arith '(' $ac_hi - $ac_lo ')' / 2 + $ac_lo && ac_mid=$as_val
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$4
+int
+main ()
+{
+static int test_array [1 - 2 * !(($2) <= $ac_mid)];
+test_array [0] = 0;
+return test_array [0];
-test -n "$ac_init_help" && exit 0
-if $ac_init_version; then
- cat <<\_ACEOF
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_hi=$ac_mid
+else
+ as_fn_arith '(' $ac_mid ')' + 1 && ac_lo=$as_val
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+done
+case $ac_lo in #((
+?*) eval "$3=\$ac_lo"; ac_retval=0 ;;
+'') ac_retval=1 ;;
+esac
+ else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$4
+static long int longval () { return $2; }
+static unsigned long int ulongval () { return $2; }
+#include <stdio.h>
+#include <stdlib.h>
+int
+main ()
+{
-Copyright (C) 2003 Free Software Foundation, Inc.
-This configure script is free software; the Free Software Foundation
-gives unlimited permission to copy, distribute and modify it.
+ FILE *f = fopen ("conftest.val", "w");
+ if (! f)
+ return 1;
+ if (($2) < 0)
+ {
+ long int i = longval ();
+ if (i != ($2))
+ return 1;
+ fprintf (f, "%ld", i);
+ }
+ else
+ {
+ unsigned long int i = ulongval ();
+ if (i != ($2))
+ return 1;
+ fprintf (f, "%lu", i);
+ }
+ /* Do not output a trailing newline, as this causes \r\n confusion
+ on some platforms. */
+ return ferror (f) || fclose (f) != 0;
+
+ ;
+ return 0;
+}
_ACEOF
- exit 0
+if ac_fn_c_try_run "$LINENO"; then :
+ echo >>conftest.val; read $3 <conftest.val; ac_retval=0
+else
+ ac_retval=1
fi
-exec 5>config.log
-cat >&5 <<_ACEOF
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+ conftest.$ac_objext conftest.beam conftest.$ac_ext
+rm -f conftest.val
+
+ fi
+ eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
+ as_fn_set_status $ac_retval
+
+} # ac_fn_c_compute_int
+
+# ac_fn_c_try_link LINENO
+# -----------------------
+# Try to link conftest.$ac_ext, and return whether this succeeded.
+ac_fn_c_try_link ()
+{
+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ rm -f conftest.$ac_objext conftest$ac_exeext
+ if { { ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_link") 2>conftest.err
+ ac_status=$?
+ if test -s conftest.err; then
+ grep -v '^ *+' conftest.err >conftest.er1
+ cat conftest.er1 >&5
+ mv -f conftest.er1 conftest.err
+ fi
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext && {
+ test "$cross_compiling" = yes ||
+ test -x conftest$ac_exeext
+ }; then :
+ ac_retval=0
+else
+ $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_retval=1
+fi
+ # Delete the IPA/IPO (Inter Procedural Analysis/Optimization) information
+ # created by the PGI compiler (conftest_ipa8_conftest.oo), as it would
+ # interfere with the next link command; also delete a directory that is
+ # left behind by Apple's compiler. We do this before executing the actions.
+ rm -rf conftest.dSYM conftest_ipa8_conftest.oo
+ eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
+ as_fn_set_status $ac_retval
+
+} # ac_fn_c_try_link
+
+# ac_fn_c_check_func LINENO FUNC VAR
+# ----------------------------------
+# Tests whether FUNC exists, setting the cache variable VAR accordingly
+ac_fn_c_check_func ()
+{
+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
+$as_echo_n "checking for $2... " >&6; }
+if eval \${$3+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+/* Define $2 to an innocuous variant, in case <limits.h> declares $2.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define $2 innocuous_$2
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char $2 (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef $2
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char $2 ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_$2 || defined __stub___$2
+choke me
+#endif
+
+int
+main ()
+{
+return $2 ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ eval "$3=yes"
+else
+ eval "$3=no"
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+eval ac_res=\$$3
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+$as_echo "$ac_res" >&6; }
+ eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
+
+} # ac_fn_c_check_func
+cat >config.log <<_ACEOF
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by $as_me, which was
-generated by GNU Autoconf 2.59. Invocation command line was
+It was created by libsrtp $as_me 1.5.4, which was
+generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
_ACEOF
+exec 5>>config.log
{
cat <<_ASUNAME
## --------- ##
@@ -995,7 +2045,7 @@ uname -v = `(uname -v) 2>/dev/null || echo unknown`
/bin/arch = `(/bin/arch) 2>/dev/null || echo unknown`
/usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null || echo unknown`
/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null || echo unknown`
-hostinfo = `(hostinfo) 2>/dev/null || echo unknown`
+/usr/bin/hostinfo = `(/usr/bin/hostinfo) 2>/dev/null || echo unknown`
/bin/machine = `(/bin/machine) 2>/dev/null || echo unknown`
/usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null || echo unknown`
/bin/universe = `(/bin/universe) 2>/dev/null || echo unknown`
@@ -1007,8 +2057,9 @@ for as_dir in $PATH
do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
- echo "PATH: $as_dir"
-done
+ $as_echo "PATH: $as_dir"
+ done
+IFS=$as_save_IFS
} >&5
@@ -1030,7 +2081,6 @@ _ACEOF
ac_configure_args=
ac_configure_args0=
ac_configure_args1=
-ac_sep=
ac_must_keep_next=false
for ac_pass in 1 2
do
@@ -1041,13 +2091,13 @@ do
-q | -quiet | --quiet | --quie | --qui | --qu | --q \
| -silent | --silent | --silen | --sile | --sil)
continue ;;
- *" "*|*" "*|*[\[\]\~\#\$\^\&\*\(\)\{\}\\\|\;\<\>\?\"\']*)
- ac_arg=`echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;;
+ *\'*)
+ ac_arg=`$as_echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;;
esac
case $ac_pass in
- 1) ac_configure_args0="$ac_configure_args0 '$ac_arg'" ;;
+ 1) as_fn_append ac_configure_args0 " '$ac_arg'" ;;
2)
- ac_configure_args1="$ac_configure_args1 '$ac_arg'"
+ as_fn_append ac_configure_args1 " '$ac_arg'"
if test $ac_must_keep_next = true; then
ac_must_keep_next=false # Got value, back to normal.
else
@@ -1063,104 +2113,115 @@ do
-* ) ac_must_keep_next=true ;;
esac
fi
- ac_configure_args="$ac_configure_args$ac_sep'$ac_arg'"
- # Get rid of the leading space.
- ac_sep=" "
+ as_fn_append ac_configure_args " '$ac_arg'"
;;
esac
done
done
-$as_unset ac_configure_args0 || test "${ac_configure_args0+set}" != set || { ac_configure_args0=; export ac_configure_args0; }
-$as_unset ac_configure_args1 || test "${ac_configure_args1+set}" != set || { ac_configure_args1=; export ac_configure_args1; }
+{ ac_configure_args0=; unset ac_configure_args0;}
+{ ac_configure_args1=; unset ac_configure_args1;}
# When interrupted or exit'd, cleanup temporary files, and complete
# config.log. We remove comments because anyway the quotes in there
# would cause problems or look ugly.
-# WARNING: Be sure not to use single quotes in there, as some shells,
-# such as our DU 5.0 friend, will then `close' the trap.
+# WARNING: Use '\'' to represent an apostrophe within the trap.
+# WARNING: Do not start the trap code with a newline, due to a FreeBSD 4.0 bug.
trap 'exit_status=$?
# Save into config.log some information that might help in debugging.
{
echo
- cat <<\_ASBOX
-## ---------------- ##
+ $as_echo "## ---------------- ##
## Cache variables. ##
-## ---------------- ##
-_ASBOX
+## ---------------- ##"
echo
# The following way of writing the cache mishandles newlines in values,
-{
+(
+ for ac_var in `(set) 2>&1 | sed -n '\''s/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'\''`; do
+ eval ac_val=\$$ac_var
+ case $ac_val in #(
+ *${as_nl}*)
+ case $ac_var in #(
+ *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5
+$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;;
+ esac
+ case $ac_var in #(
+ _ | IFS | as_nl) ;; #(
+ BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #(
+ *) { eval $ac_var=; unset $ac_var;} ;;
+ esac ;;
+ esac
+ done
(set) 2>&1 |
- case `(ac_space='"'"' '"'"'; set | grep ac_space) 2>&1` in
- *ac_space=\ *)
+ case $as_nl`(ac_space='\'' '\''; set) 2>&1` in #(
+ *${as_nl}ac_space=\ *)
sed -n \
- "s/'"'"'/'"'"'\\\\'"'"''"'"'/g;
- s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='"'"'\\2'"'"'/p"
- ;;
+ "s/'\''/'\''\\\\'\'''\''/g;
+ s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\''\\2'\''/p"
+ ;; #(
*)
- sed -n \
- "s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1=\\2/p"
+ sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p"
;;
- esac;
-}
+ esac |
+ sort
+)
echo
- cat <<\_ASBOX
-## ----------------- ##
+ $as_echo "## ----------------- ##
## Output variables. ##
-## ----------------- ##
-_ASBOX
+## ----------------- ##"
echo
for ac_var in $ac_subst_vars
do
- eval ac_val=$`echo $ac_var`
- echo "$ac_var='"'"'$ac_val'"'"'"
+ eval ac_val=\$$ac_var
+ case $ac_val in
+ *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;;
+ esac
+ $as_echo "$ac_var='\''$ac_val'\''"
done | sort
echo
if test -n "$ac_subst_files"; then
- cat <<\_ASBOX
-## ------------- ##
-## Output files. ##
-## ------------- ##
-_ASBOX
+ $as_echo "## ------------------- ##
+## File substitutions. ##
+## ------------------- ##"
echo
for ac_var in $ac_subst_files
do
- eval ac_val=$`echo $ac_var`
- echo "$ac_var='"'"'$ac_val'"'"'"
+ eval ac_val=\$$ac_var
+ case $ac_val in
+ *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;;
+ esac
+ $as_echo "$ac_var='\''$ac_val'\''"
done | sort
echo
fi
if test -s confdefs.h; then
- cat <<\_ASBOX
-## ----------- ##
+ $as_echo "## ----------- ##
## confdefs.h. ##
-## ----------- ##
-_ASBOX
+## ----------- ##"
echo
- sed "/^$/d" confdefs.h | sort
+ cat confdefs.h
echo
fi
test "$ac_signal" != 0 &&
- echo "$as_me: caught signal $ac_signal"
- echo "$as_me: exit $exit_status"
+ $as_echo "$as_me: caught signal $ac_signal"
+ $as_echo "$as_me: exit $exit_status"
} >&5
- rm -f core *.core &&
- rm -rf conftest* confdefs* conf$$* $ac_clean_files &&
+ rm -f core *.core core.conftest.* &&
+ rm -f -r conftest* confdefs* conf$$* $ac_clean_files &&
exit $exit_status
- ' 0
+' 0
for ac_signal in 1 2 13 15; do
- trap 'ac_signal='$ac_signal'; { (exit 1); exit 1; }' $ac_signal
+ trap 'ac_signal='$ac_signal'; as_fn_exit 1' $ac_signal
done
ac_signal=0
# confdefs.h avoids OS command line length limits that DEFS can exceed.
-rm -rf conftest* confdefs.h
-# AIX cpp loses on an empty file, so make sure it contains at least a newline.
-echo >confdefs.h
+rm -f -r conftest* confdefs.h
+
+$as_echo "/* confdefs.h */" > confdefs.h
# Predefined preprocessor variables.
@@ -1168,112 +2229,137 @@ cat >>confdefs.h <<_ACEOF
#define PACKAGE_NAME "$PACKAGE_NAME"
_ACEOF
-
cat >>confdefs.h <<_ACEOF
#define PACKAGE_TARNAME "$PACKAGE_TARNAME"
_ACEOF
-
cat >>confdefs.h <<_ACEOF
#define PACKAGE_VERSION "$PACKAGE_VERSION"
_ACEOF
-
cat >>confdefs.h <<_ACEOF
#define PACKAGE_STRING "$PACKAGE_STRING"
_ACEOF
-
cat >>confdefs.h <<_ACEOF
#define PACKAGE_BUGREPORT "$PACKAGE_BUGREPORT"
_ACEOF
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_URL "$PACKAGE_URL"
+_ACEOF
+
# Let the site file select an alternate cache file if it wants to.
-# Prefer explicitly selected file to automatically selected ones.
-if test -z "$CONFIG_SITE"; then
- if test "x$prefix" != xNONE; then
- CONFIG_SITE="$prefix/share/config.site $prefix/etc/config.site"
- else
- CONFIG_SITE="$ac_default_prefix/share/config.site $ac_default_prefix/etc/config.site"
- fi
+# Prefer an explicitly selected file to automatically selected ones.
+ac_site_file1=NONE
+ac_site_file2=NONE
+if test -n "$CONFIG_SITE"; then
+ # We do not want a PATH search for config.site.
+ case $CONFIG_SITE in #((
+ -*) ac_site_file1=./$CONFIG_SITE;;
+ */*) ac_site_file1=$CONFIG_SITE;;
+ *) ac_site_file1=./$CONFIG_SITE;;
+ esac
+elif test "x$prefix" != xNONE; then
+ ac_site_file1=$prefix/share/config.site
+ ac_site_file2=$prefix/etc/config.site
+else
+ ac_site_file1=$ac_default_prefix/share/config.site
+ ac_site_file2=$ac_default_prefix/etc/config.site
fi
-for ac_site_file in $CONFIG_SITE; do
- if test -r "$ac_site_file"; then
- { echo "$as_me:$LINENO: loading site script $ac_site_file" >&5
-echo "$as_me: loading site script $ac_site_file" >&6;}
+for ac_site_file in "$ac_site_file1" "$ac_site_file2"
+do
+ test "x$ac_site_file" = xNONE && continue
+ if test /dev/null != "$ac_site_file" && test -r "$ac_site_file"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: loading site script $ac_site_file" >&5
+$as_echo "$as_me: loading site script $ac_site_file" >&6;}
sed 's/^/| /' "$ac_site_file" >&5
- . "$ac_site_file"
+ . "$ac_site_file" \
+ || { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "failed to load site script $ac_site_file
+See \`config.log' for more details" "$LINENO" 5; }
fi
done
if test -r "$cache_file"; then
- # Some versions of bash will fail to source /dev/null (special
- # files actually), so we avoid doing that.
- if test -f "$cache_file"; then
- { echo "$as_me:$LINENO: loading cache $cache_file" >&5
-echo "$as_me: loading cache $cache_file" >&6;}
+ # Some versions of bash will fail to source /dev/null (special files
+ # actually), so we avoid doing that. DJGPP emulates it as a regular file.
+ if test /dev/null != "$cache_file" && test -f "$cache_file"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: loading cache $cache_file" >&5
+$as_echo "$as_me: loading cache $cache_file" >&6;}
case $cache_file in
- [\\/]* | ?:[\\/]* ) . $cache_file;;
- *) . ./$cache_file;;
+ [\\/]* | ?:[\\/]* ) . "$cache_file";;
+ *) . "./$cache_file";;
esac
fi
else
- { echo "$as_me:$LINENO: creating cache $cache_file" >&5
-echo "$as_me: creating cache $cache_file" >&6;}
+ { $as_echo "$as_me:${as_lineno-$LINENO}: creating cache $cache_file" >&5
+$as_echo "$as_me: creating cache $cache_file" >&6;}
>$cache_file
fi
# Check that the precious variables saved in the cache have kept the same
# value.
ac_cache_corrupted=false
-for ac_var in `(set) 2>&1 |
- sed -n 's/^ac_env_\([a-zA-Z_0-9]*\)_set=.*/\1/p'`; do
+for ac_var in $ac_precious_vars; do
eval ac_old_set=\$ac_cv_env_${ac_var}_set
eval ac_new_set=\$ac_env_${ac_var}_set
- eval ac_old_val="\$ac_cv_env_${ac_var}_value"
- eval ac_new_val="\$ac_env_${ac_var}_value"
+ eval ac_old_val=\$ac_cv_env_${ac_var}_value
+ eval ac_new_val=\$ac_env_${ac_var}_value
case $ac_old_set,$ac_new_set in
set,)
- { echo "$as_me:$LINENO: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5
-echo "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;}
+ { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5
+$as_echo "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;}
ac_cache_corrupted=: ;;
,set)
- { echo "$as_me:$LINENO: error: \`$ac_var' was not set in the previous run" >&5
-echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;}
+ { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was not set in the previous run" >&5
+$as_echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;}
ac_cache_corrupted=: ;;
,);;
*)
if test "x$ac_old_val" != "x$ac_new_val"; then
- { echo "$as_me:$LINENO: error: \`$ac_var' has changed since the previous run:" >&5
-echo "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;}
- { echo "$as_me:$LINENO: former value: $ac_old_val" >&5
-echo "$as_me: former value: $ac_old_val" >&2;}
- { echo "$as_me:$LINENO: current value: $ac_new_val" >&5
-echo "$as_me: current value: $ac_new_val" >&2;}
- ac_cache_corrupted=:
+ # differences in whitespace do not lead to failure.
+ ac_old_val_w=`echo x $ac_old_val`
+ ac_new_val_w=`echo x $ac_new_val`
+ if test "$ac_old_val_w" != "$ac_new_val_w"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' has changed since the previous run:" >&5
+$as_echo "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;}
+ ac_cache_corrupted=:
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&5
+$as_echo "$as_me: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&2;}
+ eval $ac_var=\$ac_old_val
+ fi
+ { $as_echo "$as_me:${as_lineno-$LINENO}: former value: \`$ac_old_val'" >&5
+$as_echo "$as_me: former value: \`$ac_old_val'" >&2;}
+ { $as_echo "$as_me:${as_lineno-$LINENO}: current value: \`$ac_new_val'" >&5
+$as_echo "$as_me: current value: \`$ac_new_val'" >&2;}
fi;;
esac
# Pass precious variables to config.status.
if test "$ac_new_set" = set; then
case $ac_new_val in
- *" "*|*" "*|*[\[\]\~\#\$\^\&\*\(\)\{\}\\\|\;\<\>\?\"\']*)
- ac_arg=$ac_var=`echo "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;;
+ *\'*) ac_arg=$ac_var=`$as_echo "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;;
*) ac_arg=$ac_var=$ac_new_val ;;
esac
case " $ac_configure_args " in
*" '$ac_arg' "*) ;; # Avoid dups. Use of quotes ensures accuracy.
- *) ac_configure_args="$ac_configure_args '$ac_arg'" ;;
+ *) as_fn_append ac_configure_args " '$ac_arg'" ;;
esac
fi
done
if $ac_cache_corrupted; then
- { echo "$as_me:$LINENO: error: changes in the environment can compromise the build" >&5
-echo "$as_me: error: changes in the environment can compromise the build" >&2;}
- { { echo "$as_me:$LINENO: error: run \`make distclean' and/or \`rm $cache_file' and start over" >&5
-echo "$as_me: error: run \`make distclean' and/or \`rm $cache_file' and start over" >&2;}
- { (exit 1); exit 1; }; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+ { $as_echo "$as_me:${as_lineno-$LINENO}: error: changes in the environment can compromise the build" >&5
+$as_echo "$as_me: error: changes in the environment can compromise the build" >&2;}
+ as_fn_error $? "run \`make distclean' and/or \`rm $cache_file' and start over" "$LINENO" 5
fi
+## -------------------- ##
+## Main body of script. ##
+## -------------------- ##
ac_ext=c
ac_cpp='$CPP $CPPFLAGS'
@@ -1283,106 +2369,12 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
if test -z "$CFLAGS"; then
- CFLAGS="-Wall -O4 -fexpensive-optimizations -funroll-loops"
+ CFLAGS="-fPIC -Wall -O4 -fexpensive-optimizations -funroll-loops"
fi
-if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}ranlib", so it can be a program name with args.
-set dummy ${ac_tool_prefix}ranlib; ac_word=$2
-echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
-if test "${ac_cv_prog_RANLIB+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- if test -n "$RANLIB"; then
- ac_cv_prog_RANLIB="$RANLIB" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
- ac_cv_prog_RANLIB="${ac_tool_prefix}ranlib"
- echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
-done
-
-fi
-fi
-RANLIB=$ac_cv_prog_RANLIB
-if test -n "$RANLIB"; then
- echo "$as_me:$LINENO: result: $RANLIB" >&5
-echo "${ECHO_T}$RANLIB" >&6
-else
- echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-fi
-
-fi
-if test -z "$ac_cv_prog_RANLIB"; then
- ac_ct_RANLIB=$RANLIB
- # Extract the first word of "ranlib", so it can be a program name with args.
-set dummy ranlib; ac_word=$2
-echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
-if test "${ac_cv_prog_ac_ct_RANLIB+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- if test -n "$ac_ct_RANLIB"; then
- ac_cv_prog_ac_ct_RANLIB="$ac_ct_RANLIB" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
- ac_cv_prog_ac_ct_RANLIB="ranlib"
- echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
-done
-
- test -z "$ac_cv_prog_ac_ct_RANLIB" && ac_cv_prog_ac_ct_RANLIB=":"
-fi
-fi
-ac_ct_RANLIB=$ac_cv_prog_ac_ct_RANLIB
-if test -n "$ac_ct_RANLIB"; then
- echo "$as_me:$LINENO: result: $ac_ct_RANLIB" >&5
-echo "${ECHO_T}$ac_ct_RANLIB" >&6
-else
- echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-fi
-
- RANLIB=$ac_ct_RANLIB
-else
- RANLIB="$ac_cv_prog_RANLIB"
-fi
+# expand $ac_aux_dir to an absolute path
+am_aux_dir=`cd $ac_aux_dir && pwd`
ac_ext=c
ac_cpp='$CPP $CPPFLAGS'
@@ -1392,10 +2384,10 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu
if test -n "$ac_tool_prefix"; then
# Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args.
set dummy ${ac_tool_prefix}gcc; ac_word=$2
-echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
-if test "${ac_cv_prog_CC+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_CC+:} false; then :
+ $as_echo_n "(cached) " >&6
else
if test -n "$CC"; then
ac_cv_prog_CC="$CC" # Let the user override the test.
@@ -1405,35 +2397,37 @@ for as_dir in $PATH
do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_prog_CC="${ac_tool_prefix}gcc"
- echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
break 2
fi
done
-done
+ done
+IFS=$as_save_IFS
fi
fi
CC=$ac_cv_prog_CC
if test -n "$CC"; then
- echo "$as_me:$LINENO: result: $CC" >&5
-echo "${ECHO_T}$CC" >&6
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
+$as_echo "$CC" >&6; }
else
- echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
fi
+
fi
if test -z "$ac_cv_prog_CC"; then
ac_ct_CC=$CC
# Extract the first word of "gcc", so it can be a program name with args.
set dummy gcc; ac_word=$2
-echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
-if test "${ac_cv_prog_ac_ct_CC+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_ac_ct_CC+:} false; then :
+ $as_echo_n "(cached) " >&6
else
if test -n "$ac_ct_CC"; then
ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
@@ -1443,39 +2437,50 @@ for as_dir in $PATH
do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_prog_ac_ct_CC="gcc"
- echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
break 2
fi
done
-done
+ done
+IFS=$as_save_IFS
fi
fi
ac_ct_CC=$ac_cv_prog_ac_ct_CC
if test -n "$ac_ct_CC"; then
- echo "$as_me:$LINENO: result: $ac_ct_CC" >&5
-echo "${ECHO_T}$ac_ct_CC" >&6
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5
+$as_echo "$ac_ct_CC" >&6; }
else
- echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
fi
- CC=$ac_ct_CC
+ if test "x$ac_ct_CC" = x; then
+ CC=""
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+ CC=$ac_ct_CC
+ fi
else
CC="$ac_cv_prog_CC"
fi
if test -z "$CC"; then
- if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args.
+ if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args.
set dummy ${ac_tool_prefix}cc; ac_word=$2
-echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
-if test "${ac_cv_prog_CC+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_CC+:} false; then :
+ $as_echo_n "(cached) " >&6
else
if test -n "$CC"; then
ac_cv_prog_CC="$CC" # Let the user override the test.
@@ -1485,77 +2490,37 @@ for as_dir in $PATH
do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_prog_CC="${ac_tool_prefix}cc"
- echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
break 2
fi
done
-done
+ done
+IFS=$as_save_IFS
fi
fi
CC=$ac_cv_prog_CC
if test -n "$CC"; then
- echo "$as_me:$LINENO: result: $CC" >&5
-echo "${ECHO_T}$CC" >&6
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
+$as_echo "$CC" >&6; }
else
- echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
fi
-fi
-if test -z "$ac_cv_prog_CC"; then
- ac_ct_CC=$CC
- # Extract the first word of "cc", so it can be a program name with args.
-set dummy cc; ac_word=$2
-echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
-if test "${ac_cv_prog_ac_ct_CC+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- if test -n "$ac_ct_CC"; then
- ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
- ac_cv_prog_ac_ct_CC="cc"
- echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
-done
-
-fi
-fi
-ac_ct_CC=$ac_cv_prog_ac_ct_CC
-if test -n "$ac_ct_CC"; then
- echo "$as_me:$LINENO: result: $ac_ct_CC" >&5
-echo "${ECHO_T}$ac_ct_CC" >&6
-else
- echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-fi
-
- CC=$ac_ct_CC
-else
- CC="$ac_cv_prog_CC"
-fi
+ fi
fi
if test -z "$CC"; then
# Extract the first word of "cc", so it can be a program name with args.
set dummy cc; ac_word=$2
-echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
-if test "${ac_cv_prog_CC+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_CC+:} false; then :
+ $as_echo_n "(cached) " >&6
else
if test -n "$CC"; then
ac_cv_prog_CC="$CC" # Let the user override the test.
@@ -1566,18 +2531,19 @@ for as_dir in $PATH
do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then
ac_prog_rejected=yes
continue
fi
ac_cv_prog_CC="cc"
- echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
break 2
fi
done
-done
+ done
+IFS=$as_save_IFS
if test $ac_prog_rejected = yes; then
# We found a bogon in the path, so make sure we never use it.
@@ -1595,24 +2561,25 @@ fi
fi
CC=$ac_cv_prog_CC
if test -n "$CC"; then
- echo "$as_me:$LINENO: result: $CC" >&5
-echo "${ECHO_T}$CC" >&6
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
+$as_echo "$CC" >&6; }
else
- echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
fi
+
fi
if test -z "$CC"; then
if test -n "$ac_tool_prefix"; then
- for ac_prog in cl
+ for ac_prog in cl.exe
do
# Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
set dummy $ac_tool_prefix$ac_prog; ac_word=$2
-echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
-if test "${ac_cv_prog_CC+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_CC+:} false; then :
+ $as_echo_n "(cached) " >&6
else
if test -n "$CC"; then
ac_cv_prog_CC="$CC" # Let the user override the test.
@@ -1622,39 +2589,41 @@ for as_dir in $PATH
do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_prog_CC="$ac_tool_prefix$ac_prog"
- echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
break 2
fi
done
-done
+ done
+IFS=$as_save_IFS
fi
fi
CC=$ac_cv_prog_CC
if test -n "$CC"; then
- echo "$as_me:$LINENO: result: $CC" >&5
-echo "${ECHO_T}$CC" >&6
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
+$as_echo "$CC" >&6; }
else
- echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
fi
+
test -n "$CC" && break
done
fi
if test -z "$CC"; then
ac_ct_CC=$CC
- for ac_prog in cl
+ for ac_prog in cl.exe
do
# Extract the first word of "$ac_prog", so it can be a program name with args.
set dummy $ac_prog; ac_word=$2
-echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
-if test "${ac_cv_prog_ac_ct_CC+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_ac_ct_CC+:} false; then :
+ $as_echo_n "(cached) " >&6
else
if test -n "$ac_ct_CC"; then
ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
@@ -1664,66 +2633,78 @@ for as_dir in $PATH
do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_prog_ac_ct_CC="$ac_prog"
- echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
break 2
fi
done
-done
+ done
+IFS=$as_save_IFS
fi
fi
ac_ct_CC=$ac_cv_prog_ac_ct_CC
if test -n "$ac_ct_CC"; then
- echo "$as_me:$LINENO: result: $ac_ct_CC" >&5
-echo "${ECHO_T}$ac_ct_CC" >&6
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5
+$as_echo "$ac_ct_CC" >&6; }
else
- echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
fi
+
test -n "$ac_ct_CC" && break
done
- CC=$ac_ct_CC
+ if test "x$ac_ct_CC" = x; then
+ CC=""
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+ CC=$ac_ct_CC
+ fi
fi
fi
-test -z "$CC" && { { echo "$as_me:$LINENO: error: no acceptable C compiler found in \$PATH
-See \`config.log' for more details." >&5
-echo "$as_me: error: no acceptable C compiler found in \$PATH
-See \`config.log' for more details." >&2;}
- { (exit 1); exit 1; }; }
+test -z "$CC" && { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "no acceptable C compiler found in \$PATH
+See \`config.log' for more details" "$LINENO" 5; }
# Provide some information about the compiler.
-echo "$as_me:$LINENO:" \
- "checking for C compiler version" >&5
-ac_compiler=`set X $ac_compile; echo $2`
-{ (eval echo "$as_me:$LINENO: \"$ac_compiler --version </dev/null >&5\"") >&5
- (eval $ac_compiler --version </dev/null >&5) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }
-{ (eval echo "$as_me:$LINENO: \"$ac_compiler -v </dev/null >&5\"") >&5
- (eval $ac_compiler -v </dev/null >&5) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }
-{ (eval echo "$as_me:$LINENO: \"$ac_compiler -V </dev/null >&5\"") >&5
- (eval $ac_compiler -V </dev/null >&5) 2>&5
+$as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler version" >&5
+set X $ac_compile
+ac_compiler=$2
+for ac_option in --version -v -V -qversion; do
+ { { ac_try="$ac_compiler $ac_option >&5"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_compiler $ac_option >&5") 2>conftest.err
ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }
+ if test -s conftest.err; then
+ sed '10a\
+... rest of stderr output deleted ...
+ 10q' conftest.err >conftest.er1
+ cat conftest.er1 >&5
+ fi
+ rm -f conftest.er1 conftest.err
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }
+done
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
int
@@ -1735,112 +2716,108 @@ main ()
}
_ACEOF
ac_clean_files_save=$ac_clean_files
-ac_clean_files="$ac_clean_files a.out a.exe b.out"
+ac_clean_files="$ac_clean_files a.out a.out.dSYM a.exe b.out"
# Try to create an executable without -o first, disregard a.out.
# It will help us diagnose broken compilers, and finding out an intuition
# of exeext.
-echo "$as_me:$LINENO: checking for C compiler default output file name" >&5
-echo $ECHO_N "checking for C compiler default output file name... $ECHO_C" >&6
-ac_link_default=`echo "$ac_link" | sed 's/ -o *conftest[^ ]*//'`
-if { (eval echo "$as_me:$LINENO: \"$ac_link_default\"") >&5
- (eval $ac_link_default) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; then
- # Find the output, starting from the most likely. This scheme is
-# not robust to junk in `.', hence go to wildcards (a.*) only as a last
-# resort.
-
-# Be careful to initialize this variable, since it used to be cached.
-# Otherwise an old cache value of `no' led to `EXEEXT = no' in a Makefile.
-ac_cv_exeext=
-# b.out is created by i960 compilers.
-for ac_file in a_out.exe a.exe conftest.exe a.out conftest a.* conftest.* b.out
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the C compiler works" >&5
+$as_echo_n "checking whether the C compiler works... " >&6; }
+ac_link_default=`$as_echo "$ac_link" | sed 's/ -o *conftest[^ ]*//'`
+
+# The possible output files:
+ac_files="a.out conftest.exe conftest a.exe a_out.exe b.out conftest.*"
+
+ac_rmfiles=
+for ac_file in $ac_files
+do
+ case $ac_file in
+ *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;;
+ * ) ac_rmfiles="$ac_rmfiles $ac_file";;
+ esac
+done
+rm -f $ac_rmfiles
+
+if { { ac_try="$ac_link_default"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_link_default") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then :
+ # Autoconf-2.13 could set the ac_cv_exeext variable to `no'.
+# So ignore a value of `no', otherwise this would lead to `EXEEXT = no'
+# in a Makefile. We should not override ac_cv_exeext if it was cached,
+# so that the user can short-circuit this test for compilers unknown to
+# Autoconf.
+for ac_file in $ac_files ''
do
test -f "$ac_file" || continue
case $ac_file in
- *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.o | *.obj )
- ;;
- conftest.$ac_ext )
- # This is the source file.
+ *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj )
;;
[ab].out )
# We found the default executable, but exeext='' is most
# certainly right.
break;;
*.* )
- ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'`
- # FIXME: I believe we export ac_cv_exeext for Libtool,
- # but it would be cool to find out if it's true. Does anybody
- # maintain Libtool? --akim.
- export ac_cv_exeext
+ if test "${ac_cv_exeext+set}" = set && test "$ac_cv_exeext" != no;
+ then :; else
+ ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'`
+ fi
+ # We set ac_cv_exeext here because the later test for it is not
+ # safe: cross compilers may not add the suffix if given an `-o'
+ # argument, so we may need to know it at that point already.
+ # Even if this section looks crufty: it has the advantage of
+ # actually working.
break;;
* )
break;;
esac
done
+test "$ac_cv_exeext" = no && ac_cv_exeext=
+
else
- echo "$as_me: failed program was:" >&5
+ ac_file=''
+fi
+if test -z "$ac_file"; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+$as_echo "$as_me: failed program was:" >&5
sed 's/^/| /' conftest.$ac_ext >&5
-{ { echo "$as_me:$LINENO: error: C compiler cannot create executables
-See \`config.log' for more details." >&5
-echo "$as_me: error: C compiler cannot create executables
-See \`config.log' for more details." >&2;}
- { (exit 77); exit 77; }; }
+{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error 77 "C compiler cannot create executables
+See \`config.log' for more details" "$LINENO" 5; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
fi
-
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler default output file name" >&5
+$as_echo_n "checking for C compiler default output file name... " >&6; }
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_file" >&5
+$as_echo "$ac_file" >&6; }
ac_exeext=$ac_cv_exeext
-echo "$as_me:$LINENO: result: $ac_file" >&5
-echo "${ECHO_T}$ac_file" >&6
-
-# Check the compiler produces executables we can run. If not, either
-# the compiler is broken, or we cross compile.
-echo "$as_me:$LINENO: checking whether the C compiler works" >&5
-echo $ECHO_N "checking whether the C compiler works... $ECHO_C" >&6
-# FIXME: These cross compiler hacks should be removed for Autoconf 3.0
-# If not cross compiling, check that we can run a simple program.
-if test "$cross_compiling" != yes; then
- if { ac_try='./$ac_file'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- cross_compiling=no
- else
- if test "$cross_compiling" = maybe; then
- cross_compiling=yes
- else
- { { echo "$as_me:$LINENO: error: cannot run C compiled programs.
-If you meant to cross compile, use \`--host'.
-See \`config.log' for more details." >&5
-echo "$as_me: error: cannot run C compiled programs.
-If you meant to cross compile, use \`--host'.
-See \`config.log' for more details." >&2;}
- { (exit 1); exit 1; }; }
- fi
- fi
-fi
-echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-rm -f a.out a.exe conftest$ac_cv_exeext b.out
+rm -f -r a.out a.out.dSYM a.exe conftest$ac_cv_exeext b.out
ac_clean_files=$ac_clean_files_save
-# Check the compiler produces executables we can run. If not, either
-# the compiler is broken, or we cross compile.
-echo "$as_me:$LINENO: checking whether we are cross compiling" >&5
-echo $ECHO_N "checking whether we are cross compiling... $ECHO_C" >&6
-echo "$as_me:$LINENO: result: $cross_compiling" >&5
-echo "${ECHO_T}$cross_compiling" >&6
-
-echo "$as_me:$LINENO: checking for suffix of executables" >&5
-echo $ECHO_N "checking for suffix of executables... $ECHO_C" >&6
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
- (eval $ac_link) 2>&5
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of executables" >&5
+$as_echo_n "checking for suffix of executables... " >&6; }
+if { { ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_link") 2>&5
ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; then
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then :
# If both `conftest.exe' and `conftest' are `present' (well, observable)
# catch `conftest.exe'. For instance with Cygwin, `ls conftest' will
# work properly (i.e., refer to `conftest.exe'), while it won't with
@@ -1848,38 +2825,90 @@ if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
for ac_file in conftest.exe conftest conftest.*; do
test -f "$ac_file" || continue
case $ac_file in
- *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.o | *.obj ) ;;
+ *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;;
*.* ) ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'`
- export ac_cv_exeext
break;;
* ) break;;
esac
done
else
- { { echo "$as_me:$LINENO: error: cannot compute suffix of executables: cannot compile and link
-See \`config.log' for more details." >&5
-echo "$as_me: error: cannot compute suffix of executables: cannot compile and link
-See \`config.log' for more details." >&2;}
- { (exit 1); exit 1; }; }
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "cannot compute suffix of executables: cannot compile and link
+See \`config.log' for more details" "$LINENO" 5; }
fi
-
-rm -f conftest$ac_cv_exeext
-echo "$as_me:$LINENO: result: $ac_cv_exeext" >&5
-echo "${ECHO_T}$ac_cv_exeext" >&6
+rm -f conftest conftest$ac_cv_exeext
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_exeext" >&5
+$as_echo "$ac_cv_exeext" >&6; }
rm -f conftest.$ac_ext
EXEEXT=$ac_cv_exeext
ac_exeext=$EXEEXT
-echo "$as_me:$LINENO: checking for suffix of object files" >&5
-echo $ECHO_N "checking for suffix of object files... $ECHO_C" >&6
-if test "${ac_cv_objext+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <stdio.h>
+int
+main ()
+{
+FILE *f = fopen ("conftest.out", "w");
+ return ferror (f) || fclose (f) != 0;
+
+ ;
+ return 0;
+}
_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
+ac_clean_files="$ac_clean_files conftest.out"
+# Check that the compiler produces executables we can run. If not, either
+# the compiler is broken, or we cross compile.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are cross compiling" >&5
+$as_echo_n "checking whether we are cross compiling... " >&6; }
+if test "$cross_compiling" != yes; then
+ { { ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_link") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }
+ if { ac_try='./conftest$ac_cv_exeext'
+ { { case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_try") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; }; then
+ cross_compiling=no
+ else
+ if test "$cross_compiling" = maybe; then
+ cross_compiling=yes
+ else
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "cannot run C compiled programs.
+If you meant to cross compile, use \`--host'.
+See \`config.log' for more details" "$LINENO" 5; }
+ fi
+ fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $cross_compiling" >&5
+$as_echo "$cross_compiling" >&6; }
+
+rm -f conftest.$ac_ext conftest$ac_cv_exeext conftest.out
+ac_clean_files=$ac_clean_files_save
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of object files" >&5
+$as_echo_n "checking for suffix of object files... " >&6; }
+if ${ac_cv_objext+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
int
@@ -1891,45 +2920,46 @@ main ()
}
_ACEOF
rm -f conftest.o conftest.obj
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; then
- for ac_file in `(ls conftest.o conftest.obj; ls conftest.*) 2>/dev/null`; do
+if { { ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_compile") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then :
+ for ac_file in conftest.o conftest.obj conftest.*; do
+ test -f "$ac_file" || continue;
case $ac_file in
- *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg ) ;;
+ *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM ) ;;
*) ac_cv_objext=`expr "$ac_file" : '.*\.\(.*\)'`
break;;
esac
done
else
- echo "$as_me: failed program was:" >&5
+ $as_echo "$as_me: failed program was:" >&5
sed 's/^/| /' conftest.$ac_ext >&5
-{ { echo "$as_me:$LINENO: error: cannot compute suffix of object files: cannot compile
-See \`config.log' for more details." >&5
-echo "$as_me: error: cannot compute suffix of object files: cannot compile
-See \`config.log' for more details." >&2;}
- { (exit 1); exit 1; }; }
+{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "cannot compute suffix of object files: cannot compile
+See \`config.log' for more details" "$LINENO" 5; }
fi
-
rm -f conftest.$ac_cv_objext conftest.$ac_ext
fi
-echo "$as_me:$LINENO: result: $ac_cv_objext" >&5
-echo "${ECHO_T}$ac_cv_objext" >&6
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_objext" >&5
+$as_echo "$ac_cv_objext" >&6; }
OBJEXT=$ac_cv_objext
ac_objext=$OBJEXT
-echo "$as_me:$LINENO: checking whether we are using the GNU C compiler" >&5
-echo $ECHO_N "checking whether we are using the GNU C compiler... $ECHO_C" >&6
-if test "${ac_cv_c_compiler_gnu+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using the GNU C compiler" >&5
+$as_echo_n "checking whether we are using the GNU C compiler... " >&6; }
+if ${ac_cv_c_compiler_gnu+:} false; then :
+ $as_echo_n "(cached) " >&6
else
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
int
@@ -1943,55 +2973,34 @@ main ()
return 0;
}
_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -z "$ac_c_werror_flag"
- || test ! -s conftest.err'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
+if ac_fn_c_try_compile "$LINENO"; then :
ac_compiler_gnu=yes
else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-ac_compiler_gnu=no
+ ac_compiler_gnu=no
fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
ac_cv_c_compiler_gnu=$ac_compiler_gnu
fi
-echo "$as_me:$LINENO: result: $ac_cv_c_compiler_gnu" >&5
-echo "${ECHO_T}$ac_cv_c_compiler_gnu" >&6
-GCC=`test $ac_compiler_gnu = yes && echo yes`
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_compiler_gnu" >&5
+$as_echo "$ac_cv_c_compiler_gnu" >&6; }
+if test $ac_compiler_gnu = yes; then
+ GCC=yes
+else
+ GCC=
+fi
ac_test_CFLAGS=${CFLAGS+set}
ac_save_CFLAGS=$CFLAGS
-CFLAGS="-g"
-echo "$as_me:$LINENO: checking whether $CC accepts -g" >&5
-echo $ECHO_N "checking whether $CC accepts -g... $ECHO_C" >&6
-if test "${ac_cv_prog_cc_g+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC accepts -g" >&5
+$as_echo_n "checking whether $CC accepts -g... " >&6; }
+if ${ac_cv_prog_cc_g+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_save_c_werror_flag=$ac_c_werror_flag
+ ac_c_werror_flag=yes
+ ac_cv_prog_cc_g=no
+ CFLAGS="-g"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
int
@@ -2002,39 +3011,49 @@ main ()
return 0;
}
_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -z "$ac_c_werror_flag"
- || test ! -s conftest.err'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
+if ac_fn_c_try_compile "$LINENO"; then :
ac_cv_prog_cc_g=yes
else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
+ CFLAGS=""
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
-ac_cv_prog_cc_g=no
+else
+ ac_c_werror_flag=$ac_save_c_werror_flag
+ CFLAGS="-g"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_prog_cc_g=yes
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
fi
-echo "$as_me:$LINENO: result: $ac_cv_prog_cc_g" >&5
-echo "${ECHO_T}$ac_cv_prog_cc_g" >&6
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ ac_c_werror_flag=$ac_save_c_werror_flag
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_g" >&5
+$as_echo "$ac_cv_prog_cc_g" >&6; }
if test "$ac_test_CFLAGS" = set; then
CFLAGS=$ac_save_CFLAGS
elif test $ac_cv_prog_cc_g = yes; then
@@ -2050,23 +3069,18 @@ else
CFLAGS=
fi
fi
-echo "$as_me:$LINENO: checking for $CC option to accept ANSI C" >&5
-echo $ECHO_N "checking for $CC option to accept ANSI C... $ECHO_C" >&6
-if test "${ac_cv_prog_cc_stdc+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $CC option to accept ISO C89" >&5
+$as_echo_n "checking for $CC option to accept ISO C89... " >&6; }
+if ${ac_cv_prog_cc_c89+:} false; then :
+ $as_echo_n "(cached) " >&6
else
- ac_cv_prog_cc_stdc=no
+ ac_cv_prog_cc_c89=no
ac_save_CC=$CC
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
#include <stdarg.h>
#include <stdio.h>
-#include <sys/types.h>
-#include <sys/stat.h>
+struct stat;
/* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */
struct buf { int x; };
FILE * (*rcsopen) (struct buf *, struct stat *, int);
@@ -2089,12 +3103,17 @@ static char *f (char * (*g) (char **, int), char **p, ...)
/* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has
function prototypes and stuff, but not '\xHH' hex character constants.
These don't provoke an error unfortunately, instead are silently treated
- as 'x'. The following induces an error, until -std1 is added to get
+ as 'x'. The following induces an error, until -std is added to get
proper ANSI mode. Curiously '\x00'!='x' always comes out true, for an
array size at least. It's necessary to write '\x00'==0 to get something
- that's true only with -std1. */
+ that's true only with -std. */
int osf4_cc_array ['\x00' == 0 ? 1 : -1];
+/* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters
+ inside strings and character constants. */
+#define FOO(x) 'x'
+int xlc6_cc_array[FOO(a) == 'x' ? 1 : -1];
+
int test (int i, double x);
struct s1 {int (*f) (int a);};
struct s2 {int (*f) (double a);};
@@ -2109,205 +3128,840 @@ return f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1];
return 0;
}
_ACEOF
-# Don't try gcc -ansi; that turns off useful extensions and
-# breaks some systems' header files.
-# AIX -qlanglvl=ansi
-# Ultrix and OSF/1 -std1
-# HP-UX 10.20 and later -Ae
-# HP-UX older versions -Aa -D_HPUX_SOURCE
-# SVR4 -Xc -D__EXTENSIONS__
-for ac_arg in "" -qlanglvl=ansi -std1 -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__"
+for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std \
+ -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__"
do
CC="$ac_save_CC $ac_arg"
- rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -z "$ac_c_werror_flag"
- || test ! -s conftest.err'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_prog_cc_stdc=$ac_arg
-break
+ if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_prog_cc_c89=$ac_arg
+fi
+rm -f core conftest.err conftest.$ac_objext
+ test "x$ac_cv_prog_cc_c89" != "xno" && break
+done
+rm -f conftest.$ac_ext
+CC=$ac_save_CC
+
+fi
+# AC_CACHE_VAL
+case "x$ac_cv_prog_cc_c89" in
+ x)
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: none needed" >&5
+$as_echo "none needed" >&6; } ;;
+ xno)
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5
+$as_echo "unsupported" >&6; } ;;
+ *)
+ CC="$CC $ac_cv_prog_cc_c89"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5
+$as_echo "$ac_cv_prog_cc_c89" >&6; } ;;
+esac
+if test "x$ac_cv_prog_cc_c89" != xno; then :
+
+fi
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+
+if test -n "$ac_tool_prefix"; then
+ for ac_prog in ar lib "link -lib"
+ do
+ # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
+set dummy $ac_tool_prefix$ac_prog; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_AR+:} false; then :
+ $as_echo_n "(cached) " >&6
else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
+ if test -n "$AR"; then
+ ac_cv_prog_AR="$AR" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ ac_cv_prog_AR="$ac_tool_prefix$ac_prog"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
fi
-rm -f conftest.err conftest.$ac_objext
+fi
+AR=$ac_cv_prog_AR
+if test -n "$AR"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $AR" >&5
+$as_echo "$AR" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+ test -n "$AR" && break
+ done
+fi
+if test -z "$AR"; then
+ ac_ct_AR=$AR
+ for ac_prog in ar lib "link -lib"
+do
+ # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_ac_ct_AR+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$ac_ct_AR"; then
+ ac_cv_prog_ac_ct_AR="$ac_ct_AR" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ ac_cv_prog_ac_ct_AR="$ac_prog"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
done
-rm -f conftest.$ac_ext conftest.$ac_objext
-CC=$ac_save_CC
+ done
+IFS=$as_save_IFS
fi
+fi
+ac_ct_AR=$ac_cv_prog_ac_ct_AR
+if test -n "$ac_ct_AR"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_AR" >&5
+$as_echo "$ac_ct_AR" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
-case "x$ac_cv_prog_cc_stdc" in
- x|xno)
- echo "$as_me:$LINENO: result: none needed" >&5
-echo "${ECHO_T}none needed" >&6 ;;
- *)
- echo "$as_me:$LINENO: result: $ac_cv_prog_cc_stdc" >&5
-echo "${ECHO_T}$ac_cv_prog_cc_stdc" >&6
- CC="$CC $ac_cv_prog_cc_stdc" ;;
+
+ test -n "$ac_ct_AR" && break
+done
+
+ if test "x$ac_ct_AR" = x; then
+ AR="false"
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
esac
+ AR=$ac_ct_AR
+ fi
+fi
-# Some people use a C++ compiler to compile C. Since we use `exit',
-# in C++ we need to declare it. In case someone uses the same compiler
-# for both compiling C and C++ we need to have the C++ compiler decide
-# the declaration of exit, since it's the most demanding environment.
-cat >conftest.$ac_ext <<_ACEOF
-#ifndef __cplusplus
- choke me
-#endif
+: ${AR=ar}
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking the archiver ($AR) interface" >&5
+$as_echo_n "checking the archiver ($AR) interface... " >&6; }
+if ${am_cv_ar_interface+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+ am_cv_ar_interface=ar
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+int some_variable = 0;
_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -z "$ac_c_werror_flag"
- || test ! -s conftest.err'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
+if ac_fn_c_try_compile "$LINENO"; then :
+ am_ar_try='$AR cru libconftest.a conftest.$ac_objext >&5'
+ { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$am_ar_try\""; } >&5
+ (eval $am_ar_try) 2>&5
ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- for ac_declaration in \
- '' \
- 'extern "C" void std::exit (int) throw (); using std::exit;' \
- 'extern "C" void std::exit (int); using std::exit;' \
- 'extern "C" void exit (int) throw ();' \
- 'extern "C" void exit (int);' \
- 'void exit (int);'
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }
+ if test "$ac_status" -eq 0; then
+ am_cv_ar_interface=ar
+ else
+ am_ar_try='$AR -NOLOGO -OUT:conftest.lib conftest.$ac_objext >&5'
+ { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$am_ar_try\""; } >&5
+ (eval $am_ar_try) 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }
+ if test "$ac_status" -eq 0; then
+ am_cv_ar_interface=lib
+ else
+ am_cv_ar_interface=unknown
+ fi
+ fi
+ rm -f conftest.lib libconftest.a
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_ar_interface" >&5
+$as_echo "$am_cv_ar_interface" >&6; }
+
+case $am_cv_ar_interface in
+ar)
+ ;;
+lib)
+ # Microsoft lib, so override with the ar-lib wrapper script.
+ # FIXME: It is wrong to rewrite AR.
+ # But if we don't then we get into trouble of one sort or another.
+ # A longer-term fix would be to have automake use am__AR in this case,
+ # and then we could set am__AR="$am_aux_dir/ar-lib \$(AR)" or something
+ # similar.
+ AR="$am_aux_dir/ar-lib $AR"
+ ;;
+unknown)
+ as_fn_error $? "could not determine $AR interface" "$LINENO" 5
+ ;;
+esac
+
+if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}ranlib", so it can be a program name with args.
+set dummy ${ac_tool_prefix}ranlib; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_RANLIB+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$RANLIB"; then
+ ac_cv_prog_RANLIB="$RANLIB" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
do
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ ac_cv_prog_RANLIB="${ac_tool_prefix}ranlib"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+RANLIB=$ac_cv_prog_RANLIB
+if test -n "$RANLIB"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $RANLIB" >&5
+$as_echo "$RANLIB" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_RANLIB"; then
+ ac_ct_RANLIB=$RANLIB
+ # Extract the first word of "ranlib", so it can be a program name with args.
+set dummy ranlib; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_ac_ct_RANLIB+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$ac_ct_RANLIB"; then
+ ac_cv_prog_ac_ct_RANLIB="$ac_ct_RANLIB" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ ac_cv_prog_ac_ct_RANLIB="ranlib"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_RANLIB=$ac_cv_prog_ac_ct_RANLIB
+if test -n "$ac_ct_RANLIB"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_RANLIB" >&5
+$as_echo "$ac_ct_RANLIB" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+ if test "x$ac_ct_RANLIB" = x; then
+ RANLIB=":"
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+ RANLIB=$ac_ct_RANLIB
+ fi
+else
+ RANLIB="$ac_cv_prog_RANLIB"
+fi
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args.
+set dummy ${ac_tool_prefix}gcc; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_CC+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$CC"; then
+ ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ ac_cv_prog_CC="${ac_tool_prefix}gcc"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
+$as_echo "$CC" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_CC"; then
+ ac_ct_CC=$CC
+ # Extract the first word of "gcc", so it can be a program name with args.
+set dummy gcc; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_ac_ct_CC+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$ac_ct_CC"; then
+ ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ ac_cv_prog_ac_ct_CC="gcc"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_CC=$ac_cv_prog_ac_ct_CC
+if test -n "$ac_ct_CC"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5
+$as_echo "$ac_ct_CC" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+ if test "x$ac_ct_CC" = x; then
+ CC=""
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+ CC=$ac_ct_CC
+ fi
+else
+ CC="$ac_cv_prog_CC"
+fi
+
+if test -z "$CC"; then
+ if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args.
+set dummy ${ac_tool_prefix}cc; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_CC+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$CC"; then
+ ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ ac_cv_prog_CC="${ac_tool_prefix}cc"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
+$as_echo "$CC" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+ fi
+fi
+if test -z "$CC"; then
+ # Extract the first word of "cc", so it can be a program name with args.
+set dummy cc; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_CC+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$CC"; then
+ ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+ ac_prog_rejected=no
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then
+ ac_prog_rejected=yes
+ continue
+ fi
+ ac_cv_prog_CC="cc"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+if test $ac_prog_rejected = yes; then
+ # We found a bogon in the path, so make sure we never use it.
+ set dummy $ac_cv_prog_CC
+ shift
+ if test $# != 0; then
+ # We chose a different compiler from the bogus one.
+ # However, it has the same basename, so the bogon will be chosen
+ # first if we set CC to just the basename; use the full file name.
+ shift
+ ac_cv_prog_CC="$as_dir/$ac_word${1+' '}$@"
+ fi
+fi
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
+$as_echo "$CC" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$CC"; then
+ if test -n "$ac_tool_prefix"; then
+ for ac_prog in cl.exe
+ do
+ # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
+set dummy $ac_tool_prefix$ac_prog; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_CC+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$CC"; then
+ ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ ac_cv_prog_CC="$ac_tool_prefix$ac_prog"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
+$as_echo "$CC" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+ test -n "$CC" && break
+ done
+fi
+if test -z "$CC"; then
+ ac_ct_CC=$CC
+ for ac_prog in cl.exe
+do
+ # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_ac_ct_CC+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$ac_ct_CC"; then
+ ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ ac_cv_prog_ac_ct_CC="$ac_prog"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_CC=$ac_cv_prog_ac_ct_CC
+if test -n "$ac_ct_CC"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5
+$as_echo "$ac_ct_CC" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+ test -n "$ac_ct_CC" && break
+done
+
+ if test "x$ac_ct_CC" = x; then
+ CC=""
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+ CC=$ac_ct_CC
+ fi
+fi
+
+fi
+
+
+test -z "$CC" && { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "no acceptable C compiler found in \$PATH
+See \`config.log' for more details" "$LINENO" 5; }
+
+# Provide some information about the compiler.
+$as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler version" >&5
+set X $ac_compile
+ac_compiler=$2
+for ac_option in --version -v -V -qversion; do
+ { { ac_try="$ac_compiler $ac_option >&5"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_compiler $ac_option >&5") 2>conftest.err
+ ac_status=$?
+ if test -s conftest.err; then
+ sed '10a\
+... rest of stderr output deleted ...
+ 10q' conftest.err >conftest.er1
+ cat conftest.er1 >&5
+ fi
+ rm -f conftest.er1 conftest.err
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }
+done
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using the GNU C compiler" >&5
+$as_echo_n "checking whether we are using the GNU C compiler... " >&6; }
+if ${ac_cv_c_compiler_gnu+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
-$ac_declaration
-#include <stdlib.h>
+
int
main ()
{
-exit (42);
+#ifndef __GNUC__
+ choke me
+#endif
+
;
return 0;
}
_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -z "$ac_c_werror_flag"
- || test ! -s conftest.err'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- :
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_compiler_gnu=yes
else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
+ ac_compiler_gnu=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ac_cv_c_compiler_gnu=$ac_compiler_gnu
-continue
fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_compiler_gnu" >&5
+$as_echo "$ac_cv_c_compiler_gnu" >&6; }
+if test $ac_compiler_gnu = yes; then
+ GCC=yes
+else
+ GCC=
+fi
+ac_test_CFLAGS=${CFLAGS+set}
+ac_save_CFLAGS=$CFLAGS
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC accepts -g" >&5
+$as_echo_n "checking whether $CC accepts -g... " >&6; }
+if ${ac_cv_prog_cc_g+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_save_c_werror_flag=$ac_c_werror_flag
+ ac_c_werror_flag=yes
+ ac_cv_prog_cc_g=no
+ CFLAGS="-g"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_prog_cc_g=yes
+else
+ CFLAGS=""
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
-$ac_declaration
+
int
main ()
{
-exit (42);
+
;
return 0;
}
_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -z "$ac_c_werror_flag"
- || test ! -s conftest.err'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- break
+if ac_fn_c_try_compile "$LINENO"; then :
+
else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
+ ac_c_werror_flag=$ac_save_c_werror_flag
+ CFLAGS="-g"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_prog_cc_g=yes
fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
-done
-rm -f conftest*
-if test -n "$ac_declaration"; then
- echo '#ifdef __cplusplus' >>confdefs.h
- echo $ac_declaration >>confdefs.h
- echo '#endif' >>confdefs.h
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
fi
-
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ ac_c_werror_flag=$ac_save_c_werror_flag
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_g" >&5
+$as_echo "$ac_cv_prog_cc_g" >&6; }
+if test "$ac_test_CFLAGS" = set; then
+ CFLAGS=$ac_save_CFLAGS
+elif test $ac_cv_prog_cc_g = yes; then
+ if test "$GCC" = yes; then
+ CFLAGS="-g -O2"
+ else
+ CFLAGS="-g"
+ fi
else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
+ if test "$GCC" = yes; then
+ CFLAGS="-O2"
+ else
+ CFLAGS=
+ fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $CC option to accept ISO C89" >&5
+$as_echo_n "checking for $CC option to accept ISO C89... " >&6; }
+if ${ac_cv_prog_cc_c89+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_cv_prog_cc_c89=no
+ac_save_CC=$CC
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <stdarg.h>
+#include <stdio.h>
+struct stat;
+/* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */
+struct buf { int x; };
+FILE * (*rcsopen) (struct buf *, struct stat *, int);
+static char *e (p, i)
+ char **p;
+ int i;
+{
+ return p[i];
+}
+static char *f (char * (*g) (char **, int), char **p, ...)
+{
+ char *s;
+ va_list v;
+ va_start (v,p);
+ s = g (p, va_arg (v,int));
+ va_end (v);
+ return s;
+}
+
+/* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has
+ function prototypes and stuff, but not '\xHH' hex character constants.
+ These don't provoke an error unfortunately, instead are silently treated
+ as 'x'. The following induces an error, until -std is added to get
+ proper ANSI mode. Curiously '\x00'!='x' always comes out true, for an
+ array size at least. It's necessary to write '\x00'==0 to get something
+ that's true only with -std. */
+int osf4_cc_array ['\x00' == 0 ? 1 : -1];
+
+/* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters
+ inside strings and character constants. */
+#define FOO(x) 'x'
+int xlc6_cc_array[FOO(a) == 'x' ? 1 : -1];
+
+int test (int i, double x);
+struct s1 {int (*f) (int a);};
+struct s2 {int (*f) (double a);};
+int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int);
+int argc;
+char **argv;
+int
+main ()
+{
+return f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1];
+ ;
+ return 0;
+}
+_ACEOF
+for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std \
+ -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__"
+do
+ CC="$ac_save_CC $ac_arg"
+ if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_prog_cc_c89=$ac_arg
+fi
+rm -f core conftest.err conftest.$ac_objext
+ test "x$ac_cv_prog_cc_c89" != "xno" && break
+done
+rm -f conftest.$ac_ext
+CC=$ac_save_CC
fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+# AC_CACHE_VAL
+case "x$ac_cv_prog_cc_c89" in
+ x)
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: none needed" >&5
+$as_echo "none needed" >&6; } ;;
+ xno)
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5
+$as_echo "unsupported" >&6; } ;;
+ *)
+ CC="$CC $ac_cv_prog_cc_c89"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5
+$as_echo "$ac_cv_prog_cc_c89" >&6; } ;;
+esac
+if test "x$ac_cv_prog_cc_c89" != xno; then :
+
+fi
+
ac_ext=c
ac_cpp='$CPP $CPPFLAGS'
ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
@@ -2315,29 +3969,33 @@ ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $
ac_compiler_gnu=$ac_cv_c_compiler_gnu
ac_aux_dir=
-for ac_dir in $srcdir $srcdir/.. $srcdir/../..; do
- if test -f $ac_dir/install-sh; then
+for ac_dir in "$srcdir" "$srcdir/.." "$srcdir/../.."; do
+ if test -f "$ac_dir/install-sh"; then
ac_aux_dir=$ac_dir
ac_install_sh="$ac_aux_dir/install-sh -c"
break
- elif test -f $ac_dir/install.sh; then
+ elif test -f "$ac_dir/install.sh"; then
ac_aux_dir=$ac_dir
ac_install_sh="$ac_aux_dir/install.sh -c"
break
- elif test -f $ac_dir/shtool; then
+ elif test -f "$ac_dir/shtool"; then
ac_aux_dir=$ac_dir
ac_install_sh="$ac_aux_dir/shtool install -c"
break
fi
done
if test -z "$ac_aux_dir"; then
- { { echo "$as_me:$LINENO: error: cannot find install-sh or install.sh in $srcdir $srcdir/.. $srcdir/../.." >&5
-echo "$as_me: error: cannot find install-sh or install.sh in $srcdir $srcdir/.. $srcdir/../.." >&2;}
- { (exit 1); exit 1; }; }
+ as_fn_error $? "cannot find install-sh, install.sh, or shtool in \"$srcdir\" \"$srcdir/..\" \"$srcdir/../..\"" "$LINENO" 5
fi
-ac_config_guess="$SHELL $ac_aux_dir/config.guess"
-ac_config_sub="$SHELL $ac_aux_dir/config.sub"
-ac_configure="$SHELL $ac_aux_dir/configure" # This should be Cygnus configure.
+
+# These three variables are undocumented and unsupported,
+# and are intended to be withdrawn in a future Autoconf release.
+# They can cause serious problems if a builder's source tree is in a directory
+# whose full name contains unusual characters.
+ac_config_guess="$SHELL $ac_aux_dir/config.guess" # Please don't use this var.
+ac_config_sub="$SHELL $ac_aux_dir/config.sub" # Please don't use this var.
+ac_configure="$SHELL $ac_aux_dir/configure" # Please don't use this var.
+
# Find a good install program. We prefer a C program (faster),
# so one script is as good as another. But avoid the broken or
@@ -2352,22 +4010,23 @@ ac_configure="$SHELL $ac_aux_dir/configure" # This should be Cygnus configure.
# SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff"
# OS/2's system install, which has a completely different semantic
# ./install, which can be erroneously created by make from ./install.sh.
-echo "$as_me:$LINENO: checking for a BSD-compatible install" >&5
-echo $ECHO_N "checking for a BSD-compatible install... $ECHO_C" >&6
+# Reject install programs that cannot install multiple files.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a BSD-compatible install" >&5
+$as_echo_n "checking for a BSD-compatible install... " >&6; }
if test -z "$INSTALL"; then
-if test "${ac_cv_path_install+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+if ${ac_cv_path_install+:} false; then :
+ $as_echo_n "(cached) " >&6
else
as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
- # Account for people who put trailing slashes in PATH elements.
-case $as_dir/ in
- ./ | .// | /cC/* | \
+ # Account for people who put trailing slashes in PATH elements.
+case $as_dir/ in #((
+ ./ | .// | /[cC]/* | \
/etc/* | /usr/sbin/* | /usr/etc/* | /sbin/* | /usr/afsws/bin/* | \
- ?:\\/os2\\/install\\/* | ?:\\/OS2\\/INSTALL\\/* | \
+ ?:[\\/]os2[\\/]install[\\/]* | ?:[\\/]OS2[\\/]INSTALL[\\/]* | \
/usr/ucb/* ) ;;
*)
# OSF1 and SCO ODT 3.0 have their own names for install.
@@ -2375,7 +4034,7 @@ case $as_dir/ in
# by default.
for ac_prog in ginstall scoinst install; do
for ac_exec_ext in '' $ac_executable_extensions; do
- if $as_executable_p "$as_dir/$ac_prog$ac_exec_ext"; then
+ if as_fn_executable_p "$as_dir/$ac_prog$ac_exec_ext"; then
if test $ac_prog = install &&
grep dspmsg "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then
# AIX install. It has an incompatible calling convention.
@@ -2385,30 +4044,43 @@ case $as_dir/ in
# program-specific install script used by HP pwplus--don't use.
:
else
- ac_cv_path_install="$as_dir/$ac_prog$ac_exec_ext -c"
- break 3
+ rm -rf conftest.one conftest.two conftest.dir
+ echo one > conftest.one
+ echo two > conftest.two
+ mkdir conftest.dir
+ if "$as_dir/$ac_prog$ac_exec_ext" -c conftest.one conftest.two "`pwd`/conftest.dir" &&
+ test -s conftest.one && test -s conftest.two &&
+ test -s conftest.dir/conftest.one &&
+ test -s conftest.dir/conftest.two
+ then
+ ac_cv_path_install="$as_dir/$ac_prog$ac_exec_ext -c"
+ break 3
+ fi
fi
fi
done
done
;;
esac
-done
+ done
+IFS=$as_save_IFS
+
+rm -rf conftest.one conftest.two conftest.dir
fi
if test "${ac_cv_path_install+set}" = set; then
INSTALL=$ac_cv_path_install
else
- # As a last resort, use the slow shell script. We don't cache a
- # path for INSTALL within a source directory, because that will
+ # As a last resort, use the slow shell script. Don't cache a
+ # value for INSTALL within a source directory, because that will
# break other packages using the cache if that directory is
- # removed, or if the path is relative.
+ # removed, or if the value is a relative name.
INSTALL=$ac_install_sh
fi
fi
-echo "$as_me:$LINENO: result: $INSTALL" >&5
-echo "${ECHO_T}$INSTALL" >&6
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $INSTALL" >&5
+$as_echo "$INSTALL" >&6; }
# Use test -z because SunOS4 sh mishandles braces in ${var-val}.
# It thinks the first close brace ends the variable substitution.
@@ -2419,116 +4091,20 @@ test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL}'
test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644'
-
-# Check whether --enable-kernel-linux or --disable-kernel-linux was given.
-if test "${enable_kernel_linux+set}" = set; then
- enableval="$enable_kernel_linux"
-
-else
- enable_kernel_linux=no
-fi;
-echo "$as_me:$LINENO: checking whether to build for Linux kernel context" >&5
-echo $ECHO_N "checking whether to build for Linux kernel context... $ECHO_C" >&6
-if test "$enable_kernel_linux" = "yes"; then
-
-cat >>confdefs.h <<\_ACEOF
-#define SRTP_KERNEL 1
-_ACEOF
-
-
-cat >>confdefs.h <<\_ACEOF
-#define SRTP_KERNEL_LINUX 1
-_ACEOF
-
-fi
-echo "$as_me:$LINENO: result: $enable_kernel_linux" >&5
-echo "${ECHO_T}$enable_kernel_linux" >&6
-
-if test "$cross_compiling" != yes; then
- echo "$as_me:$LINENO: checking for /dev/urandom" >&5
-echo $ECHO_N "checking for /dev/urandom... $ECHO_C" >&6
-if test "${ac_cv_file__dev_urandom+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- test "$cross_compiling" = yes &&
- { { echo "$as_me:$LINENO: error: cannot check for file existence when cross compiling" >&5
-echo "$as_me: error: cannot check for file existence when cross compiling" >&2;}
- { (exit 1); exit 1; }; }
-if test -r "/dev/urandom"; then
- ac_cv_file__dev_urandom=yes
-else
- ac_cv_file__dev_urandom=no
-fi
-fi
-echo "$as_me:$LINENO: result: $ac_cv_file__dev_urandom" >&5
-echo "${ECHO_T}$ac_cv_file__dev_urandom" >&6
-if test $ac_cv_file__dev_urandom = yes; then
- DEV_URANDOM=/dev/urandom
-else
- echo "$as_me:$LINENO: checking for /dev/random" >&5
-echo $ECHO_N "checking for /dev/random... $ECHO_C" >&6
-if test "${ac_cv_file__dev_random+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- test "$cross_compiling" = yes &&
- { { echo "$as_me:$LINENO: error: cannot check for file existence when cross compiling" >&5
-echo "$as_me: error: cannot check for file existence when cross compiling" >&2;}
- { (exit 1); exit 1; }; }
-if test -r "/dev/random"; then
- ac_cv_file__dev_random=yes
-else
- ac_cv_file__dev_random=no
-fi
-fi
-echo "$as_me:$LINENO: result: $ac_cv_file__dev_random" >&5
-echo "${ECHO_T}$ac_cv_file__dev_random" >&6
-if test $ac_cv_file__dev_random = yes; then
- DEV_URANDOM=/dev/random
-fi
-
-fi
-
-fi
-
-echo "$as_me:$LINENO: checking which random device to use" >&5
-echo $ECHO_N "checking which random device to use... $ECHO_C" >&6
-if test "$enable_kernel_linux" = "yes"; then
- RNG_OBJS=rand_linux_kernel.o
- echo "$as_me:$LINENO: result: Linux kernel builtin" >&5
-echo "${ECHO_T}Linux kernel builtin" >&6
-else
- RNG_OBJS=rand_source.o
- if test -n "$DEV_URANDOM"; then
-
-cat >>confdefs.h <<_ACEOF
-#define DEV_URANDOM "$DEV_URANDOM"
-_ACEOF
-
- echo "$as_me:$LINENO: result: $DEV_URANDOM" >&5
-echo "${ECHO_T}$DEV_URANDOM" >&6
- else
- echo "$as_me:$LINENO: result: standard rand() function..." >&5
-echo "${ECHO_T}standard rand() function..." >&6
- fi
-fi
-
-
-
-
ac_ext=c
ac_cpp='$CPP $CPPFLAGS'
ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
ac_compiler_gnu=$ac_cv_c_compiler_gnu
-echo "$as_me:$LINENO: checking how to run the C preprocessor" >&5
-echo $ECHO_N "checking how to run the C preprocessor... $ECHO_C" >&6
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to run the C preprocessor" >&5
+$as_echo_n "checking how to run the C preprocessor... " >&6; }
# On Suns, sometimes $CPP names a directory.
if test -n "$CPP" && test -d "$CPP"; then
CPP=
fi
if test -z "$CPP"; then
- if test "${ac_cv_prog_CPP+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+ if ${ac_cv_prog_CPP+:} false; then :
+ $as_echo_n "(cached) " >&6
else
# Double quotes because CPP needs to be expanded
for CPP in "$CC -E" "$CC -E -traditional-cpp" "/lib/cpp"
@@ -2542,11 +4118,7 @@ do
# <limits.h> exists even on freestanding compilers.
# On the NeXT, cc -E runs the code through the compiler's parser,
# not just through cpp. "Syntax error" is here to catch this case.
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
#ifdef __STDC__
# include <limits.h>
@@ -2555,78 +4127,34 @@ cat >>conftest.$ac_ext <<_ACEOF
#endif
Syntax error
_ACEOF
-if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
- (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } >/dev/null; then
- if test -s conftest.err; then
- ac_cpp_err=$ac_c_preproc_warn_flag
- ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
- else
- ac_cpp_err=
- fi
-else
- ac_cpp_err=yes
-fi
-if test -z "$ac_cpp_err"; then
- :
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
+if ac_fn_c_try_cpp "$LINENO"; then :
+else
# Broken: fails on valid input.
continue
fi
-rm -f conftest.err conftest.$ac_ext
+rm -f conftest.err conftest.i conftest.$ac_ext
- # OK, works on sane cases. Now check whether non-existent headers
+ # OK, works on sane cases. Now check whether nonexistent headers
# can be detected and how.
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
#include <ac_nonexistent.h>
_ACEOF
-if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
- (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } >/dev/null; then
- if test -s conftest.err; then
- ac_cpp_err=$ac_c_preproc_warn_flag
- ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
- else
- ac_cpp_err=
- fi
-else
- ac_cpp_err=yes
-fi
-if test -z "$ac_cpp_err"; then
+if ac_fn_c_try_cpp "$LINENO"; then :
# Broken: success on invalid input.
continue
else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
# Passes both tests.
ac_preproc_ok=:
break
fi
-rm -f conftest.err conftest.$ac_ext
+rm -f conftest.err conftest.i conftest.$ac_ext
done
# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
-rm -f conftest.err conftest.$ac_ext
-if $ac_preproc_ok; then
+rm -f conftest.i conftest.err conftest.$ac_ext
+if $ac_preproc_ok; then :
break
fi
@@ -2638,8 +4166,8 @@ fi
else
ac_cv_prog_CPP=$CPP
fi
-echo "$as_me:$LINENO: result: $CPP" >&5
-echo "${ECHO_T}$CPP" >&6
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $CPP" >&5
+$as_echo "$CPP" >&6; }
ac_preproc_ok=false
for ac_c_preproc_warn_flag in '' yes
do
@@ -2649,11 +4177,7 @@ do
# <limits.h> exists even on freestanding compilers.
# On the NeXT, cc -E runs the code through the compiler's parser,
# not just through cpp. "Syntax error" is here to catch this case.
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
#ifdef __STDC__
# include <limits.h>
@@ -2662,85 +4186,40 @@ cat >>conftest.$ac_ext <<_ACEOF
#endif
Syntax error
_ACEOF
-if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
- (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } >/dev/null; then
- if test -s conftest.err; then
- ac_cpp_err=$ac_c_preproc_warn_flag
- ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
- else
- ac_cpp_err=
- fi
-else
- ac_cpp_err=yes
-fi
-if test -z "$ac_cpp_err"; then
- :
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
+if ac_fn_c_try_cpp "$LINENO"; then :
+else
# Broken: fails on valid input.
continue
fi
-rm -f conftest.err conftest.$ac_ext
+rm -f conftest.err conftest.i conftest.$ac_ext
- # OK, works on sane cases. Now check whether non-existent headers
+ # OK, works on sane cases. Now check whether nonexistent headers
# can be detected and how.
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
#include <ac_nonexistent.h>
_ACEOF
-if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
- (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } >/dev/null; then
- if test -s conftest.err; then
- ac_cpp_err=$ac_c_preproc_warn_flag
- ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
- else
- ac_cpp_err=
- fi
-else
- ac_cpp_err=yes
-fi
-if test -z "$ac_cpp_err"; then
+if ac_fn_c_try_cpp "$LINENO"; then :
# Broken: success on invalid input.
continue
else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
# Passes both tests.
ac_preproc_ok=:
break
fi
-rm -f conftest.err conftest.$ac_ext
+rm -f conftest.err conftest.i conftest.$ac_ext
done
# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
-rm -f conftest.err conftest.$ac_ext
-if $ac_preproc_ok; then
- :
+rm -f conftest.i conftest.err conftest.$ac_ext
+if $ac_preproc_ok; then :
+
else
- { { echo "$as_me:$LINENO: error: C preprocessor \"$CPP\" fails sanity check
-See \`config.log' for more details." >&5
-echo "$as_me: error: C preprocessor \"$CPP\" fails sanity check
-See \`config.log' for more details." >&2;}
- { (exit 1); exit 1; }; }
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "C preprocessor \"$CPP\" fails sanity check
+See \`config.log' for more details" "$LINENO" 5; }
fi
ac_ext=c
@@ -2750,31 +4229,142 @@ ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $
ac_compiler_gnu=$ac_cv_c_compiler_gnu
-echo "$as_me:$LINENO: checking for egrep" >&5
-echo $ECHO_N "checking for egrep... $ECHO_C" >&6
-if test "${ac_cv_prog_egrep+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for grep that handles long lines and -e" >&5
+$as_echo_n "checking for grep that handles long lines and -e... " >&6; }
+if ${ac_cv_path_GREP+:} false; then :
+ $as_echo_n "(cached) " >&6
else
- if echo a | (grep -E '(a|b)') >/dev/null 2>&1
- then ac_cv_prog_egrep='grep -E'
- else ac_cv_prog_egrep='egrep'
+ if test -z "$GREP"; then
+ ac_path_GREP_found=false
+ # Loop through the user's path and test for each of PROGNAME-LIST
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_prog in grep ggrep; do
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ ac_path_GREP="$as_dir/$ac_prog$ac_exec_ext"
+ as_fn_executable_p "$ac_path_GREP" || continue
+# Check for GNU ac_path_GREP and select it if it is found.
+ # Check for GNU $ac_path_GREP
+case `"$ac_path_GREP" --version 2>&1` in
+*GNU*)
+ ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_found=:;;
+*)
+ ac_count=0
+ $as_echo_n 0123456789 >"conftest.in"
+ while :
+ do
+ cat "conftest.in" "conftest.in" >"conftest.tmp"
+ mv "conftest.tmp" "conftest.in"
+ cp "conftest.in" "conftest.nl"
+ $as_echo 'GREP' >> "conftest.nl"
+ "$ac_path_GREP" -e 'GREP$' -e '-(cannot match)-' < "conftest.nl" >"conftest.out" 2>/dev/null || break
+ diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
+ as_fn_arith $ac_count + 1 && ac_count=$as_val
+ if test $ac_count -gt ${ac_path_GREP_max-0}; then
+ # Best one so far, save it but keep looking for a better one
+ ac_cv_path_GREP="$ac_path_GREP"
+ ac_path_GREP_max=$ac_count
fi
+ # 10*(2^10) chars as input seems more than enough
+ test $ac_count -gt 10 && break
+ done
+ rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
+esac
+
+ $ac_path_GREP_found && break 3
+ done
+ done
+ done
+IFS=$as_save_IFS
+ if test -z "$ac_cv_path_GREP"; then
+ as_fn_error $? "no acceptable grep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5
+ fi
+else
+ ac_cv_path_GREP=$GREP
+fi
+
fi
-echo "$as_me:$LINENO: result: $ac_cv_prog_egrep" >&5
-echo "${ECHO_T}$ac_cv_prog_egrep" >&6
- EGREP=$ac_cv_prog_egrep
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_GREP" >&5
+$as_echo "$ac_cv_path_GREP" >&6; }
+ GREP="$ac_cv_path_GREP"
-echo "$as_me:$LINENO: checking for ANSI C header files" >&5
-echo $ECHO_N "checking for ANSI C header files... $ECHO_C" >&6
-if test "${ac_cv_header_stdc+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for egrep" >&5
+$as_echo_n "checking for egrep... " >&6; }
+if ${ac_cv_path_EGREP+:} false; then :
+ $as_echo_n "(cached) " >&6
else
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
+ if echo a | $GREP -E '(a|b)' >/dev/null 2>&1
+ then ac_cv_path_EGREP="$GREP -E"
+ else
+ if test -z "$EGREP"; then
+ ac_path_EGREP_found=false
+ # Loop through the user's path and test for each of PROGNAME-LIST
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_prog in egrep; do
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ ac_path_EGREP="$as_dir/$ac_prog$ac_exec_ext"
+ as_fn_executable_p "$ac_path_EGREP" || continue
+# Check for GNU ac_path_EGREP and select it if it is found.
+ # Check for GNU $ac_path_EGREP
+case `"$ac_path_EGREP" --version 2>&1` in
+*GNU*)
+ ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_found=:;;
+*)
+ ac_count=0
+ $as_echo_n 0123456789 >"conftest.in"
+ while :
+ do
+ cat "conftest.in" "conftest.in" >"conftest.tmp"
+ mv "conftest.tmp" "conftest.in"
+ cp "conftest.in" "conftest.nl"
+ $as_echo 'EGREP' >> "conftest.nl"
+ "$ac_path_EGREP" 'EGREP$' < "conftest.nl" >"conftest.out" 2>/dev/null || break
+ diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
+ as_fn_arith $ac_count + 1 && ac_count=$as_val
+ if test $ac_count -gt ${ac_path_EGREP_max-0}; then
+ # Best one so far, save it but keep looking for a better one
+ ac_cv_path_EGREP="$ac_path_EGREP"
+ ac_path_EGREP_max=$ac_count
+ fi
+ # 10*(2^10) chars as input seems more than enough
+ test $ac_count -gt 10 && break
+ done
+ rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
+esac
+
+ $ac_path_EGREP_found && break 3
+ done
+ done
+ done
+IFS=$as_save_IFS
+ if test -z "$ac_cv_path_EGREP"; then
+ as_fn_error $? "no acceptable egrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5
+ fi
+else
+ ac_cv_path_EGREP=$EGREP
+fi
+
+ fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_EGREP" >&5
+$as_echo "$ac_cv_path_EGREP" >&6; }
+ EGREP="$ac_cv_path_EGREP"
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ANSI C header files" >&5
+$as_echo_n "checking for ANSI C header files... " >&6; }
+if ${ac_cv_header_stdc+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
#include <stdlib.h>
#include <stdarg.h>
@@ -2789,51 +4379,23 @@ main ()
return 0;
}
_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -z "$ac_c_werror_flag"
- || test ! -s conftest.err'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
+if ac_fn_c_try_compile "$LINENO"; then :
ac_cv_header_stdc=yes
else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-ac_cv_header_stdc=no
+ ac_cv_header_stdc=no
fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
if test $ac_cv_header_stdc = yes; then
# SunOS 4.x string.h does not declare mem*, contrary to ANSI.
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
#include <string.h>
_ACEOF
if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
- $EGREP "memchr" >/dev/null 2>&1; then
- :
+ $EGREP "memchr" >/dev/null 2>&1; then :
+
else
ac_cv_header_stdc=no
fi
@@ -2843,18 +4405,14 @@ fi
if test $ac_cv_header_stdc = yes; then
# ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI.
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
#include <stdlib.h>
_ACEOF
if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
- $EGREP "free" >/dev/null 2>&1; then
- :
+ $EGREP "free" >/dev/null 2>&1; then :
+
else
ac_cv_header_stdc=no
fi
@@ -2864,16 +4422,13 @@ fi
if test $ac_cv_header_stdc = yes; then
# /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi.
- if test "$cross_compiling" = yes; then
+ if test "$cross_compiling" = yes; then :
:
else
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
#include <ctype.h>
+#include <stdlib.h>
#if ((' ' & 0x0FF) == 0x020)
# define ISLOWER(c) ('a' <= (c) && (c) <= 'z')
# define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c))
@@ -2893,109 +4448,39 @@ main ()
for (i = 0; i < 256; i++)
if (XOR (islower (i), ISLOWER (i))
|| toupper (i) != TOUPPER (i))
- exit(2);
- exit (0);
+ return 2;
+ return 0;
}
_ACEOF
-rm -f conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
- (eval $ac_link) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- :
-else
- echo "$as_me: program exited with status $ac_status" >&5
-echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
+if ac_fn_c_try_run "$LINENO"; then :
-( exit $ac_status )
-ac_cv_header_stdc=no
+else
+ ac_cv_header_stdc=no
fi
-rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+ conftest.$ac_objext conftest.beam conftest.$ac_ext
fi
+
fi
fi
-echo "$as_me:$LINENO: result: $ac_cv_header_stdc" >&5
-echo "${ECHO_T}$ac_cv_header_stdc" >&6
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_stdc" >&5
+$as_echo "$ac_cv_header_stdc" >&6; }
if test $ac_cv_header_stdc = yes; then
-cat >>confdefs.h <<\_ACEOF
-#define STDC_HEADERS 1
-_ACEOF
+$as_echo "#define STDC_HEADERS 1" >>confdefs.h
fi
# On IRIX 5.3, sys/types and inttypes.h are conflicting.
-
-
-
-
-
-
-
-
-
for ac_header in sys/types.h sys/stat.h stdlib.h string.h memory.h strings.h \
inttypes.h stdint.h unistd.h
-do
-as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-$ac_includes_default
-
-#include <$ac_header>
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -z "$ac_c_werror_flag"
- || test ! -s conftest.err'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- eval "$as_ac_Header=yes"
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-eval "$as_ac_Header=no"
-fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
-if test `eval echo '${'$as_ac_Header'}'` = yes; then
+do :
+ as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
+ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default
+"
+if eval test \"x\$"$as_ac_Header"\" = x"yes"; then :
cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
+#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
_ACEOF
fi
@@ -3003,1953 +4488,658 @@ fi
done
-
-for ac_header in stdlib.h
-do
-as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
- echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether byte ordering is bigendian" >&5
+$as_echo_n "checking whether byte ordering is bigendian... " >&6; }
+if ${ac_cv_c_bigendian+:} false; then :
+ $as_echo_n "(cached) " >&6
else
- # Is the header compilable?
-echo "$as_me:$LINENO: checking $ac_header usability" >&5
-echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
+ ac_cv_c_bigendian=unknown
+ # See if we're dealing with a universal compiler.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
-$ac_includes_default
-#include <$ac_header>
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -z "$ac_c_werror_flag"
- || test ! -s conftest.err'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_header_compiler=yes
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-ac_header_compiler=no
+#ifndef __APPLE_CC__
+ not a universal capable compiler
+ #endif
+ typedef int dummy;
+
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+
+ # Check for potential -arch flags. It is not universal unless
+ # there are at least two -arch flags with different values.
+ ac_arch=
+ ac_prev=
+ for ac_word in $CC $CFLAGS $CPPFLAGS $LDFLAGS; do
+ if test -n "$ac_prev"; then
+ case $ac_word in
+ i?86 | x86_64 | ppc | ppc64)
+ if test -z "$ac_arch" || test "$ac_arch" = "$ac_word"; then
+ ac_arch=$ac_word
+ else
+ ac_cv_c_bigendian=universal
+ break
+ fi
+ ;;
+ esac
+ ac_prev=
+ elif test "x$ac_word" = "x-arch"; then
+ ac_prev=arch
+ fi
+ done
fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
-echo "${ECHO_T}$ac_header_compiler" >&6
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ if test $ac_cv_c_bigendian = unknown; then
+ # See if sys/param.h defines the BYTE_ORDER macro.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <sys/types.h>
+ #include <sys/param.h>
-# Is the header present?
-echo "$as_me:$LINENO: checking $ac_header presence" >&5
-echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
+int
+main ()
+{
+#if ! (defined BYTE_ORDER && defined BIG_ENDIAN \
+ && defined LITTLE_ENDIAN && BYTE_ORDER && BIG_ENDIAN \
+ && LITTLE_ENDIAN)
+ bogus endian macros
+ #endif
+
+ ;
+ return 0;
+}
_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ # It does; now see whether it defined to BIG_ENDIAN or not.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
-#include <$ac_header>
-_ACEOF
-if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
- (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } >/dev/null; then
- if test -s conftest.err; then
- ac_cpp_err=$ac_c_preproc_warn_flag
- ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
- else
- ac_cpp_err=
- fi
-else
- ac_cpp_err=yes
-fi
-if test -z "$ac_cpp_err"; then
- ac_header_preproc=yes
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_header_preproc=no
-fi
-rm -f conftest.err conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
-echo "${ECHO_T}$ac_header_preproc" >&6
+#include <sys/types.h>
+ #include <sys/param.h>
-# So? What about this header?
-case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
- yes:no: )
- { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
-echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
- ac_header_preproc=yes
- ;;
- no:yes:* )
- { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
-echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5
-echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
-echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5
-echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
-echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
- (
- cat <<\_ASBOX
-## ------------------------------------------ ##
-## Report this to the AC_PACKAGE_NAME lists. ##
-## ------------------------------------------ ##
-_ASBOX
- ) |
- sed "s/^/$as_me: WARNING: /" >&2
- ;;
-esac
-echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- eval "$as_ac_Header=\$ac_header_preproc"
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+int
+main ()
+{
+#if BYTE_ORDER != BIG_ENDIAN
+ not big endian
+ #endif
-fi
-if test `eval echo '${'$as_ac_Header'}'` = yes; then
- cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
+ ;
+ return 0;
+}
_ACEOF
-
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_c_bigendian=yes
+else
+ ac_cv_c_bigendian=no
fi
-
-done
-
-
-for ac_header in unistd.h
-do
-as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
- echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
-else
- # Is the header compilable?
-echo "$as_me:$LINENO: checking $ac_header usability" >&5
-echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ fi
+ if test $ac_cv_c_bigendian = unknown; then
+ # See if <limits.h> defines _LITTLE_ENDIAN or _BIG_ENDIAN (e.g., Solaris).
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
-$ac_includes_default
-#include <$ac_header>
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -z "$ac_c_werror_flag"
- || test ! -s conftest.err'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_header_compiler=yes
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
+#include <limits.h>
-ac_header_compiler=no
-fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
-echo "${ECHO_T}$ac_header_compiler" >&6
+int
+main ()
+{
+#if ! (defined _LITTLE_ENDIAN || defined _BIG_ENDIAN)
+ bogus endian macros
+ #endif
-# Is the header present?
-echo "$as_me:$LINENO: checking $ac_header presence" >&5
-echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
+ ;
+ return 0;
+}
_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ # It does; now see whether it defined to _BIG_ENDIAN or not.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
-#include <$ac_header>
-_ACEOF
-if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
- (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } >/dev/null; then
- if test -s conftest.err; then
- ac_cpp_err=$ac_c_preproc_warn_flag
- ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
- else
- ac_cpp_err=
- fi
-else
- ac_cpp_err=yes
-fi
-if test -z "$ac_cpp_err"; then
- ac_header_preproc=yes
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
+#include <limits.h>
- ac_header_preproc=no
-fi
-rm -f conftest.err conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
-echo "${ECHO_T}$ac_header_preproc" >&6
+int
+main ()
+{
+#ifndef _BIG_ENDIAN
+ not big endian
+ #endif
-# So? What about this header?
-case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
- yes:no: )
- { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
-echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
- ac_header_preproc=yes
- ;;
- no:yes:* )
- { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
-echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5
-echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
-echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5
-echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
-echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
- (
- cat <<\_ASBOX
-## ------------------------------------------ ##
-## Report this to the AC_PACKAGE_NAME lists. ##
-## ------------------------------------------ ##
-_ASBOX
- ) |
- sed "s/^/$as_me: WARNING: /" >&2
- ;;
-esac
-echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_c_bigendian=yes
else
- eval "$as_ac_Header=\$ac_header_preproc"
+ ac_cv_c_bigendian=no
fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
-
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
fi
-if test `eval echo '${'$as_ac_Header'}'` = yes; then
- cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-
-done
-
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ fi
+ if test $ac_cv_c_bigendian = unknown; then
+ # Compile a test program.
+ if test "$cross_compiling" = yes; then :
+ # Try to guess by grepping values from an object file.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+short int ascii_mm[] =
+ { 0x4249, 0x4765, 0x6E44, 0x6961, 0x6E53, 0x7953, 0 };
+ short int ascii_ii[] =
+ { 0x694C, 0x5454, 0x656C, 0x6E45, 0x6944, 0x6E61, 0 };
+ int use_ascii (int i) {
+ return ascii_mm[i] + ascii_ii[i];
+ }
+ short int ebcdic_ii[] =
+ { 0x89D3, 0xE3E3, 0x8593, 0x95C5, 0x89C4, 0x9581, 0 };
+ short int ebcdic_mm[] =
+ { 0xC2C9, 0xC785, 0x95C4, 0x8981, 0x95E2, 0xA8E2, 0 };
+ int use_ebcdic (int i) {
+ return ebcdic_mm[i] + ebcdic_ii[i];
+ }
+ extern int foo;
-for ac_header in byteswap.h
-do
-as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
- echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
-else
- # Is the header compilable?
-echo "$as_me:$LINENO: checking $ac_header usability" >&5
-echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
+int
+main ()
+{
+return use_ascii (foo) == use_ebcdic (foo);
+ ;
+ return 0;
+}
_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ if grep BIGenDianSyS conftest.$ac_objext >/dev/null; then
+ ac_cv_c_bigendian=yes
+ fi
+ if grep LiTTleEnDian conftest.$ac_objext >/dev/null ; then
+ if test "$ac_cv_c_bigendian" = unknown; then
+ ac_cv_c_bigendian=no
+ else
+ # finding both strings is unlikely to happen, but who knows?
+ ac_cv_c_bigendian=unknown
+ fi
+ fi
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
$ac_includes_default
-#include <$ac_header>
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -z "$ac_c_werror_flag"
- || test ! -s conftest.err'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_header_compiler=yes
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
+int
+main ()
+{
-ac_header_compiler=no
-fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
-echo "${ECHO_T}$ac_header_compiler" >&6
+ /* Are we little or big endian? From Harbison&Steele. */
+ union
+ {
+ long int l;
+ char c[sizeof (long int)];
+ } u;
+ u.l = 1;
+ return u.c[sizeof (long int) - 1] == 1;
-# Is the header present?
-echo "$as_me:$LINENO: checking $ac_header presence" >&5
-echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-#include <$ac_header>
+ ;
+ return 0;
+}
_ACEOF
-if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
- (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } >/dev/null; then
- if test -s conftest.err; then
- ac_cpp_err=$ac_c_preproc_warn_flag
- ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
- else
- ac_cpp_err=
- fi
-else
- ac_cpp_err=yes
-fi
-if test -z "$ac_cpp_err"; then
- ac_header_preproc=yes
+if ac_fn_c_try_run "$LINENO"; then :
+ ac_cv_c_bigendian=no
else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_header_preproc=no
+ ac_cv_c_bigendian=yes
fi
-rm -f conftest.err conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
-echo "${ECHO_T}$ac_header_preproc" >&6
-
-# So? What about this header?
-case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
- yes:no: )
- { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
-echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
- ac_header_preproc=yes
- ;;
- no:yes:* )
- { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
-echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5
-echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
-echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5
-echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
-echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
- (
- cat <<\_ASBOX
-## ------------------------------------------ ##
-## Report this to the AC_PACKAGE_NAME lists. ##
-## ------------------------------------------ ##
-_ASBOX
- ) |
- sed "s/^/$as_me: WARNING: /" >&2
- ;;
-esac
-echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- eval "$as_ac_Header=\$ac_header_preproc"
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+ conftest.$ac_objext conftest.beam conftest.$ac_ext
fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+ fi
fi
-if test `eval echo '${'$as_ac_Header'}'` = yes; then
- cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
-_ACEOF
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_bigendian" >&5
+$as_echo "$ac_cv_c_bigendian" >&6; }
+ case $ac_cv_c_bigendian in #(
+ yes)
+ $as_echo "#define WORDS_BIGENDIAN 1" >>confdefs.h
+;; #(
+ no)
+ ;; #(
+ universal)
-fi
+$as_echo "#define AC_APPLE_UNIVERSAL_BUILD 1" >>confdefs.h
-done
+ ;; #(
+ *)
+ as_fn_error $? "unknown endianness
+ presetting ac_cv_c_bigendian=no (or yes) will help" "$LINENO" 5 ;;
+ esac
-for ac_header in stdint.h
-do
-as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
- echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
-else
- # Is the header compilable?
-echo "$as_me:$LINENO: checking $ac_header usability" >&5
-echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-$ac_includes_default
-#include <$ac_header>
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -z "$ac_c_werror_flag"
- || test ! -s conftest.err'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_header_compiler=yes
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
+# Make sure we can run config.sub.
+$SHELL "$ac_aux_dir/config.sub" sun4 >/dev/null 2>&1 ||
+ as_fn_error $? "cannot run $SHELL $ac_aux_dir/config.sub" "$LINENO" 5
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking build system type" >&5
+$as_echo_n "checking build system type... " >&6; }
+if ${ac_cv_build+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_build_alias=$build_alias
+test "x$ac_build_alias" = x &&
+ ac_build_alias=`$SHELL "$ac_aux_dir/config.guess"`
+test "x$ac_build_alias" = x &&
+ as_fn_error $? "cannot guess build type; you must specify one" "$LINENO" 5
+ac_cv_build=`$SHELL "$ac_aux_dir/config.sub" $ac_build_alias` ||
+ as_fn_error $? "$SHELL $ac_aux_dir/config.sub $ac_build_alias failed" "$LINENO" 5
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_build" >&5
+$as_echo "$ac_cv_build" >&6; }
+case $ac_cv_build in
+*-*-*) ;;
+*) as_fn_error $? "invalid value of canonical build" "$LINENO" 5;;
+esac
+build=$ac_cv_build
+ac_save_IFS=$IFS; IFS='-'
+set x $ac_cv_build
+shift
+build_cpu=$1
+build_vendor=$2
+shift; shift
+# Remember, the first character of IFS is used to create $*,
+# except with old shells:
+build_os=$*
+IFS=$ac_save_IFS
+case $build_os in *\ *) build_os=`echo "$build_os" | sed 's/ /-/g'`;; esac
-ac_header_compiler=no
-fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
-echo "${ECHO_T}$ac_header_compiler" >&6
-# Is the header present?
-echo "$as_me:$LINENO: checking $ac_header presence" >&5
-echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-#include <$ac_header>
-_ACEOF
-if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
- (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } >/dev/null; then
- if test -s conftest.err; then
- ac_cpp_err=$ac_c_preproc_warn_flag
- ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
- else
- ac_cpp_err=
- fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking host system type" >&5
+$as_echo_n "checking host system type... " >&6; }
+if ${ac_cv_host+:} false; then :
+ $as_echo_n "(cached) " >&6
else
- ac_cpp_err=yes
-fi
-if test -z "$ac_cpp_err"; then
- ac_header_preproc=yes
+ if test "x$host_alias" = x; then
+ ac_cv_host=$ac_cv_build
else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_header_preproc=no
+ ac_cv_host=`$SHELL "$ac_aux_dir/config.sub" $host_alias` ||
+ as_fn_error $? "$SHELL $ac_aux_dir/config.sub $host_alias failed" "$LINENO" 5
fi
-rm -f conftest.err conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
-echo "${ECHO_T}$ac_header_preproc" >&6
-# So? What about this header?
-case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
- yes:no: )
- { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
-echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
- ac_header_preproc=yes
- ;;
- no:yes:* )
- { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
-echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5
-echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
-echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5
-echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
-echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
- (
- cat <<\_ASBOX
-## ------------------------------------------ ##
-## Report this to the AC_PACKAGE_NAME lists. ##
-## ------------------------------------------ ##
-_ASBOX
- ) |
- sed "s/^/$as_me: WARNING: /" >&2
- ;;
-esac
-echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- eval "$as_ac_Header=\$ac_header_preproc"
fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_host" >&5
+$as_echo "$ac_cv_host" >&6; }
+case $ac_cv_host in
+*-*-*) ;;
+*) as_fn_error $? "invalid value of canonical host" "$LINENO" 5;;
+esac
+host=$ac_cv_host
+ac_save_IFS=$IFS; IFS='-'
+set x $ac_cv_host
+shift
+host_cpu=$1
+host_vendor=$2
+shift; shift
+# Remember, the first character of IFS is used to create $*,
+# except with old shells:
+host_os=$*
+IFS=$ac_save_IFS
+case $host_os in *\ *) host_os=`echo "$host_os" | sed 's/ /-/g'`;; esac
-fi
-if test `eval echo '${'$as_ac_Header'}'` = yes; then
- cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
-_ACEOF
-fi
-done
+case $host_cpu in
+ i*86 | x86_64 )
+$as_echo "#define CPU_CISC 1" >>confdefs.h
-for ac_header in sys/uio.h
-do
-as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
- echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
-else
- # Is the header compilable?
-echo "$as_me:$LINENO: checking $ac_header usability" >&5
-echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-$ac_includes_default
-#include <$ac_header>
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -z "$ac_c_werror_flag"
- || test ! -s conftest.err'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_header_compiler=yes
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-ac_header_compiler=no
-fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
-echo "${ECHO_T}$ac_header_compiler" >&6
+$as_echo "#define HAVE_X86 1" >>confdefs.h
+;;
+ * )
-# Is the header present?
-echo "$as_me:$LINENO: checking $ac_header presence" >&5
-echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-#include <$ac_header>
-_ACEOF
-if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
- (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } >/dev/null; then
- if test -s conftest.err; then
- ac_cpp_err=$ac_c_preproc_warn_flag
- ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
- else
- ac_cpp_err=
- fi
-else
- ac_cpp_err=yes
-fi
-if test -z "$ac_cpp_err"; then
- ac_header_preproc=yes
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
+$as_echo "#define CPU_RISC 1" >>confdefs.h
- ac_header_preproc=no
-fi
-rm -f conftest.err conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
-echo "${ECHO_T}$ac_header_preproc" >&6
+ ;;
+esac
-# So? What about this header?
-case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
- yes:no: )
- { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
-echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
- ac_header_preproc=yes
- ;;
- no:yes:* )
- { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
-echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5
-echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
-echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5
-echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
-echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
- (
- cat <<\_ASBOX
-## ------------------------------------------ ##
-## Report this to the AC_PACKAGE_NAME lists. ##
-## ------------------------------------------ ##
-_ASBOX
- ) |
- sed "s/^/$as_me: WARNING: /" >&2
- ;;
+case $host_os in
+ *cygwin*|*mingw* )
+ EXE=.exe
+ HOST_IS_WINDOWS=yes
+ ;;
+ * )
+ EXE=""
+ ;;
esac
-echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+ # define executable suffix; this is needed for `make clean'
+
+
+# Check whether --enable-kernel-linux was given.
+if test "${enable_kernel_linux+set}" = set; then :
+ enableval=$enable_kernel_linux;
else
- eval "$as_ac_Header=\$ac_header_preproc"
+ enable_kernel_linux=no
fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
-fi
-if test `eval echo '${'$as_ac_Header'}'` = yes; then
- cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
-_ACEOF
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to build for Linux kernel context" >&5
+$as_echo_n "checking whether to build for Linux kernel context... " >&6; }
+if test "$enable_kernel_linux" = "yes"; then
-fi
+$as_echo "#define SRTP_KERNEL 1" >>confdefs.h
-done
+$as_echo "#define SRTP_KERNEL_LINUX 1" >>confdefs.h
-for ac_header in inttypes.h
-do
-as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
- echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_kernel_linux" >&5
+$as_echo "$enable_kernel_linux" >&6; }
+
+if test "$cross_compiling" != yes -a "$HOST_IS_WINDOWS" != yes; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for /dev/urandom" >&5
+$as_echo_n "checking for /dev/urandom... " >&6; }
+if ${ac_cv_file__dev_urandom+:} false; then :
+ $as_echo_n "(cached) " >&6
else
- # Is the header compilable?
-echo "$as_me:$LINENO: checking $ac_header usability" >&5
-echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-$ac_includes_default
-#include <$ac_header>
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -z "$ac_c_werror_flag"
- || test ! -s conftest.err'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_header_compiler=yes
+ test "$cross_compiling" = yes &&
+ as_fn_error $? "cannot check for file existence when cross compiling" "$LINENO" 5
+if test -r "/dev/urandom"; then
+ ac_cv_file__dev_urandom=yes
else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-ac_header_compiler=no
+ ac_cv_file__dev_urandom=no
fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
-echo "${ECHO_T}$ac_header_compiler" >&6
-
-# Is the header present?
-echo "$as_me:$LINENO: checking $ac_header presence" >&5
-echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-#include <$ac_header>
-_ACEOF
-if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
- (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } >/dev/null; then
- if test -s conftest.err; then
- ac_cpp_err=$ac_c_preproc_warn_flag
- ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
- else
- ac_cpp_err=
- fi
-else
- ac_cpp_err=yes
fi
-if test -z "$ac_cpp_err"; then
- ac_header_preproc=yes
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_file__dev_urandom" >&5
+$as_echo "$ac_cv_file__dev_urandom" >&6; }
+if test "x$ac_cv_file__dev_urandom" = xyes; then :
+ DEV_URANDOM=/dev/urandom
else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_header_preproc=no
-fi
-rm -f conftest.err conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
-echo "${ECHO_T}$ac_header_preproc" >&6
-
-# So? What about this header?
-case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
- yes:no: )
- { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
-echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
- ac_header_preproc=yes
- ;;
- no:yes:* )
- { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
-echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5
-echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
-echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5
-echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
-echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
- (
- cat <<\_ASBOX
-## ------------------------------------------ ##
-## Report this to the AC_PACKAGE_NAME lists. ##
-## ------------------------------------------ ##
-_ASBOX
- ) |
- sed "s/^/$as_me: WARNING: /" >&2
- ;;
-esac
-echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for /dev/random" >&5
+$as_echo_n "checking for /dev/random... " >&6; }
+if ${ac_cv_file__dev_random+:} false; then :
+ $as_echo_n "(cached) " >&6
else
- eval "$as_ac_Header=\$ac_header_preproc"
+ test "$cross_compiling" = yes &&
+ as_fn_error $? "cannot check for file existence when cross compiling" "$LINENO" 5
+if test -r "/dev/random"; then
+ ac_cv_file__dev_random=yes
+else
+ ac_cv_file__dev_random=no
+fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_file__dev_random" >&5
+$as_echo "$ac_cv_file__dev_random" >&6; }
+if test "x$ac_cv_file__dev_random" = xyes; then :
+ DEV_URANDOM=/dev/random
fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
fi
-if test `eval echo '${'$as_ac_Header'}'` = yes; then
- cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
-_ACEOF
fi
-done
-for ac_header in sys/types.h
-do
-as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
- echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ANSI C header files" >&5
+$as_echo_n "checking for ANSI C header files... " >&6; }
+if ${ac_cv_header_stdc+:} false; then :
+ $as_echo_n "(cached) " >&6
else
- # Is the header compilable?
-echo "$as_me:$LINENO: checking $ac_header usability" >&5
-echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
-$ac_includes_default
-#include <$ac_header>
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -z "$ac_c_werror_flag"
- || test ! -s conftest.err'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_header_compiler=yes
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
+#include <stdlib.h>
+#include <stdarg.h>
+#include <string.h>
+#include <float.h>
-ac_header_compiler=no
-fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
-echo "${ECHO_T}$ac_header_compiler" >&6
+int
+main ()
+{
-# Is the header present?
-echo "$as_me:$LINENO: checking $ac_header presence" >&5
-echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-#include <$ac_header>
+ ;
+ return 0;
+}
_ACEOF
-if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
- (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } >/dev/null; then
- if test -s conftest.err; then
- ac_cpp_err=$ac_c_preproc_warn_flag
- ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
- else
- ac_cpp_err=
- fi
-else
- ac_cpp_err=yes
-fi
-if test -z "$ac_cpp_err"; then
- ac_header_preproc=yes
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_header_stdc=yes
else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_header_preproc=no
+ ac_cv_header_stdc=no
fi
-rm -f conftest.err conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
-echo "${ECHO_T}$ac_header_preproc" >&6
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-# So? What about this header?
-case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
- yes:no: )
- { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
-echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
- ac_header_preproc=yes
- ;;
- no:yes:* )
- { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
-echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5
-echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
-echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5
-echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
-echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
- (
- cat <<\_ASBOX
-## ------------------------------------------ ##
-## Report this to the AC_PACKAGE_NAME lists. ##
-## ------------------------------------------ ##
-_ASBOX
- ) |
- sed "s/^/$as_me: WARNING: /" >&2
- ;;
-esac
-echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- eval "$as_ac_Header=\$ac_header_preproc"
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+if test $ac_cv_header_stdc = yes; then
+ # SunOS 4.x string.h does not declare mem*, contrary to ANSI.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <string.h>
-fi
-if test `eval echo '${'$as_ac_Header'}'` = yes; then
- cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "memchr" >/dev/null 2>&1; then :
-fi
-
-done
-
-
-for ac_header in machine/types.h
-do
-as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
- echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
else
- # Is the header compilable?
-echo "$as_me:$LINENO: checking $ac_header usability" >&5
-echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-$ac_includes_default
-#include <$ac_header>
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -z "$ac_c_werror_flag"
- || test ! -s conftest.err'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_header_compiler=yes
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
+ ac_cv_header_stdc=no
+fi
+rm -f conftest*
-ac_header_compiler=no
fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
-echo "${ECHO_T}$ac_header_compiler" >&6
-# Is the header present?
-echo "$as_me:$LINENO: checking $ac_header presence" >&5
-echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
+if test $ac_cv_header_stdc = yes; then
+ # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
-#include <$ac_header>
+#include <stdlib.h>
+
_ACEOF
-if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
- (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } >/dev/null; then
- if test -s conftest.err; then
- ac_cpp_err=$ac_c_preproc_warn_flag
- ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
- else
- ac_cpp_err=
- fi
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "free" >/dev/null 2>&1; then :
+
else
- ac_cpp_err=yes
+ ac_cv_header_stdc=no
fi
-if test -z "$ac_cpp_err"; then
- ac_header_preproc=yes
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
+rm -f conftest*
- ac_header_preproc=no
fi
-rm -f conftest.err conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
-echo "${ECHO_T}$ac_header_preproc" >&6
-# So? What about this header?
-case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
- yes:no: )
- { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
-echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
- ac_header_preproc=yes
- ;;
- no:yes:* )
- { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
-echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5
-echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
-echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5
-echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
-echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
- (
- cat <<\_ASBOX
-## ------------------------------------------ ##
-## Report this to the AC_PACKAGE_NAME lists. ##
-## ------------------------------------------ ##
-_ASBOX
- ) |
- sed "s/^/$as_me: WARNING: /" >&2
- ;;
-esac
-echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+if test $ac_cv_header_stdc = yes; then
+ # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi.
+ if test "$cross_compiling" = yes; then :
+ :
else
- eval "$as_ac_Header=\$ac_header_preproc"
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <ctype.h>
+#include <stdlib.h>
+#if ((' ' & 0x0FF) == 0x020)
+# define ISLOWER(c) ('a' <= (c) && (c) <= 'z')
+# define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c))
+#else
+# define ISLOWER(c) \
+ (('a' <= (c) && (c) <= 'i') \
+ || ('j' <= (c) && (c) <= 'r') \
+ || ('s' <= (c) && (c) <= 'z'))
+# define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c))
+#endif
-fi
-if test `eval echo '${'$as_ac_Header'}'` = yes; then
- cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
+#define XOR(e, f) (((e) && !(f)) || (!(e) && (f)))
+int
+main ()
+{
+ int i;
+ for (i = 0; i < 256; i++)
+ if (XOR (islower (i), ISLOWER (i))
+ || toupper (i) != TOUPPER (i))
+ return 2;
+ return 0;
+}
_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+else
+ ac_cv_header_stdc=no
fi
-
-done
-
-
-for ac_header in sys/int_types.h
-do
-as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
- echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+ conftest.$ac_objext conftest.beam conftest.$ac_ext
fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
-else
- # Is the header compilable?
-echo "$as_me:$LINENO: checking $ac_header usability" >&5
-echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-$ac_includes_default
-#include <$ac_header>
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -z "$ac_c_werror_flag"
- || test ! -s conftest.err'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_header_compiler=yes
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-ac_header_compiler=no
fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
-echo "${ECHO_T}$ac_header_compiler" >&6
-
-# Is the header present?
-echo "$as_me:$LINENO: checking $ac_header presence" >&5
-echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-#include <$ac_header>
-_ACEOF
-if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
- (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } >/dev/null; then
- if test -s conftest.err; then
- ac_cpp_err=$ac_c_preproc_warn_flag
- ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
- else
- ac_cpp_err=
- fi
-else
- ac_cpp_err=yes
fi
-if test -z "$ac_cpp_err"; then
- ac_header_preproc=yes
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_stdc" >&5
+$as_echo "$ac_cv_header_stdc" >&6; }
+if test $ac_cv_header_stdc = yes; then
- ac_header_preproc=no
-fi
-rm -f conftest.err conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
-echo "${ECHO_T}$ac_header_preproc" >&6
+$as_echo "#define STDC_HEADERS 1" >>confdefs.h
-# So? What about this header?
-case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
- yes:no: )
- { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
-echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
- ac_header_preproc=yes
- ;;
- no:yes:* )
- { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
-echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5
-echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
-echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5
-echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
-echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
- (
- cat <<\_ASBOX
-## ------------------------------------------ ##
-## Report this to the AC_PACKAGE_NAME lists. ##
-## ------------------------------------------ ##
-_ASBOX
- ) |
- sed "s/^/$as_me: WARNING: /" >&2
- ;;
-esac
-echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- eval "$as_ac_Header=\$ac_header_preproc"
fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
-fi
-if test `eval echo '${'$as_ac_Header'}'` = yes; then
+for ac_header in stdlib.h
+do :
+ ac_fn_c_check_header_mongrel "$LINENO" "stdlib.h" "ac_cv_header_stdlib_h" "$ac_includes_default"
+if test "x$ac_cv_header_stdlib_h" = xyes; then :
cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
+#define HAVE_STDLIB_H 1
_ACEOF
fi
done
-
-
-
-
-for ac_header in sys/socket.h netinet/in.h arpa/inet.h
-do
-as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
- echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
-else
- # Is the header compilable?
-echo "$as_me:$LINENO: checking $ac_header usability" >&5
-echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-$ac_includes_default
-#include <$ac_header>
+for ac_header in unistd.h
+do :
+ ac_fn_c_check_header_mongrel "$LINENO" "unistd.h" "ac_cv_header_unistd_h" "$ac_includes_default"
+if test "x$ac_cv_header_unistd_h" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_UNISTD_H 1
_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -z "$ac_c_werror_flag"
- || test ! -s conftest.err'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_header_compiler=yes
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-ac_header_compiler=no
fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
-echo "${ECHO_T}$ac_header_compiler" >&6
-# Is the header present?
-echo "$as_me:$LINENO: checking $ac_header presence" >&5
-echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-#include <$ac_header>
+done
+
+for ac_header in byteswap.h
+do :
+ ac_fn_c_check_header_mongrel "$LINENO" "byteswap.h" "ac_cv_header_byteswap_h" "$ac_includes_default"
+if test "x$ac_cv_header_byteswap_h" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_BYTESWAP_H 1
_ACEOF
-if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
- (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } >/dev/null; then
- if test -s conftest.err; then
- ac_cpp_err=$ac_c_preproc_warn_flag
- ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
- else
- ac_cpp_err=
- fi
-else
- ac_cpp_err=yes
-fi
-if test -z "$ac_cpp_err"; then
- ac_header_preproc=yes
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
- ac_header_preproc=no
fi
-rm -f conftest.err conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
-echo "${ECHO_T}$ac_header_preproc" >&6
-# So? What about this header?
-case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
- yes:no: )
- { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
-echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
- ac_header_preproc=yes
- ;;
- no:yes:* )
- { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
-echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5
-echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
-echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5
-echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
-echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
- (
- cat <<\_ASBOX
-## ------------------------------------------ ##
-## Report this to the AC_PACKAGE_NAME lists. ##
-## ------------------------------------------ ##
-_ASBOX
- ) |
- sed "s/^/$as_me: WARNING: /" >&2
- ;;
-esac
-echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- eval "$as_ac_Header=\$ac_header_preproc"
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+done
-fi
-if test `eval echo '${'$as_ac_Header'}'` = yes; then
+for ac_header in stdint.h
+do :
+ ac_fn_c_check_header_mongrel "$LINENO" "stdint.h" "ac_cv_header_stdint_h" "$ac_includes_default"
+if test "x$ac_cv_header_stdint_h" = xyes; then :
cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
+#define HAVE_STDINT_H 1
_ACEOF
fi
done
-
-for ac_header in windows.h
-do
-as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
- echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
-else
- # Is the header compilable?
-echo "$as_me:$LINENO: checking $ac_header usability" >&5
-echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-$ac_includes_default
-#include <$ac_header>
+for ac_header in sys/uio.h
+do :
+ ac_fn_c_check_header_mongrel "$LINENO" "sys/uio.h" "ac_cv_header_sys_uio_h" "$ac_includes_default"
+if test "x$ac_cv_header_sys_uio_h" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_SYS_UIO_H 1
_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -z "$ac_c_werror_flag"
- || test ! -s conftest.err'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_header_compiler=yes
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-ac_header_compiler=no
fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
-echo "${ECHO_T}$ac_header_compiler" >&6
-# Is the header present?
-echo "$as_me:$LINENO: checking $ac_header presence" >&5
-echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-#include <$ac_header>
+done
+
+for ac_header in inttypes.h
+do :
+ ac_fn_c_check_header_mongrel "$LINENO" "inttypes.h" "ac_cv_header_inttypes_h" "$ac_includes_default"
+if test "x$ac_cv_header_inttypes_h" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_INTTYPES_H 1
_ACEOF
-if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
- (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } >/dev/null; then
- if test -s conftest.err; then
- ac_cpp_err=$ac_c_preproc_warn_flag
- ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
- else
- ac_cpp_err=
- fi
-else
- ac_cpp_err=yes
-fi
-if test -z "$ac_cpp_err"; then
- ac_header_preproc=yes
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
- ac_header_preproc=no
fi
-rm -f conftest.err conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
-echo "${ECHO_T}$ac_header_preproc" >&6
-# So? What about this header?
-case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
- yes:no: )
- { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
-echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
- ac_header_preproc=yes
- ;;
- no:yes:* )
- { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
-echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5
-echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
-echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5
-echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
-echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
- (
- cat <<\_ASBOX
-## ------------------------------------------ ##
-## Report this to the AC_PACKAGE_NAME lists. ##
-## ------------------------------------------ ##
-_ASBOX
- ) |
- sed "s/^/$as_me: WARNING: /" >&2
- ;;
-esac
-echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- eval "$as_ac_Header=\$ac_header_preproc"
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+done
-fi
-if test `eval echo '${'$as_ac_Header'}'` = yes; then
+for ac_header in sys/types.h
+do :
+ ac_fn_c_check_header_mongrel "$LINENO" "sys/types.h" "ac_cv_header_sys_types_h" "$ac_includes_default"
+if test "x$ac_cv_header_sys_types_h" = xyes; then :
cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
+#define HAVE_SYS_TYPES_H 1
_ACEOF
-for ac_header in winsock2.h
-do
-as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
- echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
-else
- # Is the header compilable?
-echo "$as_me:$LINENO: checking $ac_header usability" >&5
-echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-$ac_includes_default
-#include <$ac_header>
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -z "$ac_c_werror_flag"
- || test ! -s conftest.err'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_header_compiler=yes
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-ac_header_compiler=no
-fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
-echo "${ECHO_T}$ac_header_compiler" >&6
+done
-# Is the header present?
-echo "$as_me:$LINENO: checking $ac_header presence" >&5
-echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-#include <$ac_header>
+for ac_header in machine/types.h
+do :
+ ac_fn_c_check_header_mongrel "$LINENO" "machine/types.h" "ac_cv_header_machine_types_h" "$ac_includes_default"
+if test "x$ac_cv_header_machine_types_h" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_MACHINE_TYPES_H 1
_ACEOF
-if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
- (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } >/dev/null; then
- if test -s conftest.err; then
- ac_cpp_err=$ac_c_preproc_warn_flag
- ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
- else
- ac_cpp_err=
- fi
-else
- ac_cpp_err=yes
-fi
-if test -z "$ac_cpp_err"; then
- ac_header_preproc=yes
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
- ac_header_preproc=no
fi
-rm -f conftest.err conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
-echo "${ECHO_T}$ac_header_preproc" >&6
-# So? What about this header?
-case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
- yes:no: )
- { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
-echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
- ac_header_preproc=yes
- ;;
- no:yes:* )
- { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
-echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5
-echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
-echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5
-echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
-echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
- (
- cat <<\_ASBOX
-## ------------------------------------------ ##
-## Report this to the AC_PACKAGE_NAME lists. ##
-## ------------------------------------------ ##
-_ASBOX
- ) |
- sed "s/^/$as_me: WARNING: /" >&2
- ;;
-esac
-echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- eval "$as_ac_Header=\$ac_header_preproc"
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+done
-fi
-if test `eval echo '${'$as_ac_Header'}'` = yes; then
+for ac_header in sys/int_types.h
+do :
+ ac_fn_c_check_header_mongrel "$LINENO" "sys/int_types.h" "ac_cv_header_sys_int_types_h" "$ac_includes_default"
+if test "x$ac_cv_header_sys_int_types_h" = xyes; then :
cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
+#define HAVE_SYS_INT_TYPES_H 1
_ACEOF
fi
done
-fi
-done
+for ac_header in sys/socket.h netinet/in.h arpa/inet.h
+do :
+ as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
+ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default"
+if eval test \"x\$"$as_ac_Header"\" = x"yes"; then :
+ cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+fi
+done
-for ac_header in syslog.h
-do
-as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
- echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
-else
- # Is the header compilable?
-echo "$as_me:$LINENO: checking $ac_header usability" >&5
-echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
+for ac_header in windows.h
+do :
+ ac_fn_c_check_header_mongrel "$LINENO" "windows.h" "ac_cv_header_windows_h" "$ac_includes_default"
+if test "x$ac_cv_header_windows_h" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_WINDOWS_H 1
_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-$ac_includes_default
-#include <$ac_header>
+ for ac_header in winsock2.h
+do :
+ ac_fn_c_check_header_mongrel "$LINENO" "winsock2.h" "ac_cv_header_winsock2_h" "$ac_includes_default"
+if test "x$ac_cv_header_winsock2_h" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_WINSOCK2_H 1
_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -z "$ac_c_werror_flag"
- || test ! -s conftest.err'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_header_compiler=yes
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-ac_header_compiler=no
fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
-echo "${ECHO_T}$ac_header_compiler" >&6
-# Is the header present?
-echo "$as_me:$LINENO: checking $ac_header presence" >&5
-echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-#include <$ac_header>
-_ACEOF
-if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
- (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } >/dev/null; then
- if test -s conftest.err; then
- ac_cpp_err=$ac_c_preproc_warn_flag
- ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
- else
- ac_cpp_err=
- fi
-else
- ac_cpp_err=yes
-fi
-if test -z "$ac_cpp_err"; then
- ac_header_preproc=yes
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
+done
- ac_header_preproc=no
fi
-rm -f conftest.err conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
-echo "${ECHO_T}$ac_header_preproc" >&6
-# So? What about this header?
-case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
- yes:no: )
- { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
-echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
- ac_header_preproc=yes
- ;;
- no:yes:* )
- { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
-echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5
-echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
-echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5
-echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
-echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
- (
- cat <<\_ASBOX
-## ------------------------------------------ ##
-## Report this to the AC_PACKAGE_NAME lists. ##
-## ------------------------------------------ ##
-_ASBOX
- ) |
- sed "s/^/$as_me: WARNING: /" >&2
- ;;
-esac
-echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- eval "$as_ac_Header=\$ac_header_preproc"
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+done
-fi
-if test `eval echo '${'$as_ac_Header'}'` = yes; then
+
+for ac_header in syslog.h
+do :
+ ac_fn_c_check_header_mongrel "$LINENO" "syslog.h" "ac_cv_header_syslog_h" "$ac_includes_default"
+if test "x$ac_cv_header_syslog_h" = xyes; then :
cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
+#define HAVE_SYSLOG_H 1
_ACEOF
fi
@@ -4957,63 +5147,8 @@ fi
done
-echo "$as_me:$LINENO: checking for int8_t" >&5
-echo $ECHO_N "checking for int8_t... $ECHO_C" >&6
-if test "${ac_cv_type_int8_t+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-$ac_includes_default
-int
-main ()
-{
-if ((int8_t *) 0)
- return 0;
-if (sizeof (int8_t))
- return 0;
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -z "$ac_c_werror_flag"
- || test ! -s conftest.err'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_type_int8_t=yes
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-ac_cv_type_int8_t=no
-fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_type_int8_t" >&5
-echo "${ECHO_T}$ac_cv_type_int8_t" >&6
-if test $ac_cv_type_int8_t = yes; then
+ac_fn_c_check_type "$LINENO" "int8_t" "ac_cv_type_int8_t" "$ac_includes_default"
+if test "x$ac_cv_type_int8_t" = xyes; then :
cat >>confdefs.h <<_ACEOF
#define HAVE_INT8_T 1
@@ -5021,63 +5156,8 @@ _ACEOF
fi
-echo "$as_me:$LINENO: checking for uint8_t" >&5
-echo $ECHO_N "checking for uint8_t... $ECHO_C" >&6
-if test "${ac_cv_type_uint8_t+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-$ac_includes_default
-int
-main ()
-{
-if ((uint8_t *) 0)
- return 0;
-if (sizeof (uint8_t))
- return 0;
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -z "$ac_c_werror_flag"
- || test ! -s conftest.err'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_type_uint8_t=yes
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-ac_cv_type_uint8_t=no
-fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_type_uint8_t" >&5
-echo "${ECHO_T}$ac_cv_type_uint8_t" >&6
-if test $ac_cv_type_uint8_t = yes; then
+ac_fn_c_check_type "$LINENO" "uint8_t" "ac_cv_type_uint8_t" "$ac_includes_default"
+if test "x$ac_cv_type_uint8_t" = xyes; then :
cat >>confdefs.h <<_ACEOF
#define HAVE_UINT8_T 1
@@ -5085,63 +5165,8 @@ _ACEOF
fi
-echo "$as_me:$LINENO: checking for int16_t" >&5
-echo $ECHO_N "checking for int16_t... $ECHO_C" >&6
-if test "${ac_cv_type_int16_t+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-$ac_includes_default
-int
-main ()
-{
-if ((int16_t *) 0)
- return 0;
-if (sizeof (int16_t))
- return 0;
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -z "$ac_c_werror_flag"
- || test ! -s conftest.err'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_type_int16_t=yes
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-ac_cv_type_int16_t=no
-fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_type_int16_t" >&5
-echo "${ECHO_T}$ac_cv_type_int16_t" >&6
-if test $ac_cv_type_int16_t = yes; then
+ac_fn_c_check_type "$LINENO" "int16_t" "ac_cv_type_int16_t" "$ac_includes_default"
+if test "x$ac_cv_type_int16_t" = xyes; then :
cat >>confdefs.h <<_ACEOF
#define HAVE_INT16_T 1
@@ -5149,63 +5174,8 @@ _ACEOF
fi
-echo "$as_me:$LINENO: checking for uint16_t" >&5
-echo $ECHO_N "checking for uint16_t... $ECHO_C" >&6
-if test "${ac_cv_type_uint16_t+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-$ac_includes_default
-int
-main ()
-{
-if ((uint16_t *) 0)
- return 0;
-if (sizeof (uint16_t))
- return 0;
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -z "$ac_c_werror_flag"
- || test ! -s conftest.err'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_type_uint16_t=yes
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-ac_cv_type_uint16_t=no
-fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_type_uint16_t" >&5
-echo "${ECHO_T}$ac_cv_type_uint16_t" >&6
-if test $ac_cv_type_uint16_t = yes; then
+ac_fn_c_check_type "$LINENO" "uint16_t" "ac_cv_type_uint16_t" "$ac_includes_default"
+if test "x$ac_cv_type_uint16_t" = xyes; then :
cat >>confdefs.h <<_ACEOF
#define HAVE_UINT16_T 1
@@ -5213,63 +5183,8 @@ _ACEOF
fi
-echo "$as_me:$LINENO: checking for int32_t" >&5
-echo $ECHO_N "checking for int32_t... $ECHO_C" >&6
-if test "${ac_cv_type_int32_t+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-$ac_includes_default
-int
-main ()
-{
-if ((int32_t *) 0)
- return 0;
-if (sizeof (int32_t))
- return 0;
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -z "$ac_c_werror_flag"
- || test ! -s conftest.err'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_type_int32_t=yes
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-ac_cv_type_int32_t=no
-fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_type_int32_t" >&5
-echo "${ECHO_T}$ac_cv_type_int32_t" >&6
-if test $ac_cv_type_int32_t = yes; then
+ac_fn_c_check_type "$LINENO" "int32_t" "ac_cv_type_int32_t" "$ac_includes_default"
+if test "x$ac_cv_type_int32_t" = xyes; then :
cat >>confdefs.h <<_ACEOF
#define HAVE_INT32_T 1
@@ -5277,63 +5192,8 @@ _ACEOF
fi
-echo "$as_me:$LINENO: checking for uint32_t" >&5
-echo $ECHO_N "checking for uint32_t... $ECHO_C" >&6
-if test "${ac_cv_type_uint32_t+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-$ac_includes_default
-int
-main ()
-{
-if ((uint32_t *) 0)
- return 0;
-if (sizeof (uint32_t))
- return 0;
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -z "$ac_c_werror_flag"
- || test ! -s conftest.err'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_type_uint32_t=yes
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-ac_cv_type_uint32_t=no
-fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_type_uint32_t" >&5
-echo "${ECHO_T}$ac_cv_type_uint32_t" >&6
-if test $ac_cv_type_uint32_t = yes; then
+ac_fn_c_check_type "$LINENO" "uint32_t" "ac_cv_type_uint32_t" "$ac_includes_default"
+if test "x$ac_cv_type_uint32_t" = xyes; then :
cat >>confdefs.h <<_ACEOF
#define HAVE_UINT32_T 1
@@ -5341,63 +5201,8 @@ _ACEOF
fi
-echo "$as_me:$LINENO: checking for uint64_t" >&5
-echo $ECHO_N "checking for uint64_t... $ECHO_C" >&6
-if test "${ac_cv_type_uint64_t+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-$ac_includes_default
-int
-main ()
-{
-if ((uint64_t *) 0)
- return 0;
-if (sizeof (uint64_t))
- return 0;
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -z "$ac_c_werror_flag"
- || test ! -s conftest.err'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_type_uint64_t=yes
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-ac_cv_type_uint64_t=no
-fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_type_uint64_t" >&5
-echo "${ECHO_T}$ac_cv_type_uint64_t" >&6
-if test $ac_cv_type_uint64_t = yes; then
+ac_fn_c_check_type "$LINENO" "uint64_t" "ac_cv_type_uint64_t" "$ac_includes_default"
+if test "x$ac_cv_type_uint64_t" = xyes; then :
cat >>confdefs.h <<_ACEOF
#define HAVE_UINT64_T 1
@@ -5406,858 +5211,92 @@ _ACEOF
fi
-echo "$as_me:$LINENO: checking for unsigned long" >&5
-echo $ECHO_N "checking for unsigned long... $ECHO_C" >&6
-if test "${ac_cv_type_unsigned_long+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+# The cast to long int works around a bug in the HP C Compiler
+# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
+# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
+# This bug is HP SR number 8606223364.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of unsigned long" >&5
+$as_echo_n "checking size of unsigned long... " >&6; }
+if ${ac_cv_sizeof_unsigned_long+:} false; then :
+ $as_echo_n "(cached) " >&6
else
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-$ac_includes_default
-int
-main ()
-{
-if ((unsigned long *) 0)
- return 0;
-if (sizeof (unsigned long))
- return 0;
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -z "$ac_c_werror_flag"
- || test ! -s conftest.err'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_type_unsigned_long=yes
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-ac_cv_type_unsigned_long=no
-fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_type_unsigned_long" >&5
-echo "${ECHO_T}$ac_cv_type_unsigned_long" >&6
+ if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (unsigned long))" "ac_cv_sizeof_unsigned_long" "$ac_includes_default"; then :
-echo "$as_me:$LINENO: checking size of unsigned long" >&5
-echo $ECHO_N "checking size of unsigned long... $ECHO_C" >&6
-if test "${ac_cv_sizeof_unsigned_long+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
else
if test "$ac_cv_type_unsigned_long" = yes; then
- # The cast to unsigned long works around a bug in the HP C Compiler
- # version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
- # declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
- # This bug is HP SR number 8606223364.
- if test "$cross_compiling" = yes; then
- # Depending upon the size, compute the lo and hi bounds.
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-$ac_includes_default
-int
-main ()
-{
-static int test_array [1 - 2 * !(((long) (sizeof (unsigned long))) >= 0)];
-test_array [0] = 0
-
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -z "$ac_c_werror_flag"
- || test ! -s conftest.err'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_lo=0 ac_mid=0
- while :; do
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-$ac_includes_default
-int
-main ()
-{
-static int test_array [1 - 2 * !(((long) (sizeof (unsigned long))) <= $ac_mid)];
-test_array [0] = 0
-
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -z "$ac_c_werror_flag"
- || test ! -s conftest.err'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_hi=$ac_mid; break
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-ac_lo=`expr $ac_mid + 1`
- if test $ac_lo -le $ac_mid; then
- ac_lo= ac_hi=
- break
- fi
- ac_mid=`expr 2 '*' $ac_mid + 1`
-fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
- done
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-$ac_includes_default
-int
-main ()
-{
-static int test_array [1 - 2 * !(((long) (sizeof (unsigned long))) < 0)];
-test_array [0] = 0
-
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -z "$ac_c_werror_flag"
- || test ! -s conftest.err'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_hi=-1 ac_mid=-1
- while :; do
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-$ac_includes_default
-int
-main ()
-{
-static int test_array [1 - 2 * !(((long) (sizeof (unsigned long))) >= $ac_mid)];
-test_array [0] = 0
-
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -z "$ac_c_werror_flag"
- || test ! -s conftest.err'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_lo=$ac_mid; break
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-ac_hi=`expr '(' $ac_mid ')' - 1`
- if test $ac_mid -le $ac_hi; then
- ac_lo= ac_hi=
- break
- fi
- ac_mid=`expr 2 '*' $ac_mid`
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error 77 "cannot compute sizeof (unsigned long)
+See \`config.log' for more details" "$LINENO" 5; }
+ else
+ ac_cv_sizeof_unsigned_long=0
+ fi
fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
- done
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-ac_lo= ac_hi=
-fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
-# Binary search between lo and hi bounds.
-while test "x$ac_lo" != "x$ac_hi"; do
- ac_mid=`expr '(' $ac_hi - $ac_lo ')' / 2 + $ac_lo`
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-$ac_includes_default
-int
-main ()
-{
-static int test_array [1 - 2 * !(((long) (sizeof (unsigned long))) <= $ac_mid)];
-test_array [0] = 0
-
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -z "$ac_c_werror_flag"
- || test ! -s conftest.err'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_hi=$ac_mid
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-ac_lo=`expr '(' $ac_mid ')' + 1`
-fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
-done
-case $ac_lo in
-?*) ac_cv_sizeof_unsigned_long=$ac_lo;;
-'') { { echo "$as_me:$LINENO: error: cannot compute sizeof (unsigned long), 77
-See \`config.log' for more details." >&5
-echo "$as_me: error: cannot compute sizeof (unsigned long), 77
-See \`config.log' for more details." >&2;}
- { (exit 1); exit 1; }; } ;;
-esac
-else
- if test "$cross_compiling" = yes; then
- { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling
-See \`config.log' for more details." >&5
-echo "$as_me: error: cannot run test program while cross compiling
-See \`config.log' for more details." >&2;}
- { (exit 1); exit 1; }; }
-else
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-$ac_includes_default
-long longval () { return (long) (sizeof (unsigned long)); }
-unsigned long ulongval () { return (long) (sizeof (unsigned long)); }
-#include <stdio.h>
-#include <stdlib.h>
-int
-main ()
-{
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_unsigned_long" >&5
+$as_echo "$ac_cv_sizeof_unsigned_long" >&6; }
- FILE *f = fopen ("conftest.val", "w");
- if (! f)
- exit (1);
- if (((long) (sizeof (unsigned long))) < 0)
- {
- long i = longval ();
- if (i != ((long) (sizeof (unsigned long))))
- exit (1);
- fprintf (f, "%ld\n", i);
- }
- else
- {
- unsigned long i = ulongval ();
- if (i != ((long) (sizeof (unsigned long))))
- exit (1);
- fprintf (f, "%lu\n", i);
- }
- exit (ferror (f) || fclose (f) != 0);
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
- (eval $ac_link) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_sizeof_unsigned_long=`cat conftest.val`
-else
- echo "$as_me: program exited with status $ac_status" >&5
-echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-( exit $ac_status )
-{ { echo "$as_me:$LINENO: error: cannot compute sizeof (unsigned long), 77
-See \`config.log' for more details." >&5
-echo "$as_me: error: cannot compute sizeof (unsigned long), 77
-See \`config.log' for more details." >&2;}
- { (exit 1); exit 1; }; }
-fi
-rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
-fi
-fi
-rm -f conftest.val
-else
- ac_cv_sizeof_unsigned_long=0
-fi
-fi
-echo "$as_me:$LINENO: result: $ac_cv_sizeof_unsigned_long" >&5
-echo "${ECHO_T}$ac_cv_sizeof_unsigned_long" >&6
cat >>confdefs.h <<_ACEOF
#define SIZEOF_UNSIGNED_LONG $ac_cv_sizeof_unsigned_long
_ACEOF
-echo "$as_me:$LINENO: checking for unsigned long long" >&5
-echo $ECHO_N "checking for unsigned long long... $ECHO_C" >&6
-if test "${ac_cv_type_unsigned_long_long+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+# The cast to long int works around a bug in the HP C Compiler
+# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
+# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
+# This bug is HP SR number 8606223364.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of unsigned long long" >&5
+$as_echo_n "checking size of unsigned long long... " >&6; }
+if ${ac_cv_sizeof_unsigned_long_long+:} false; then :
+ $as_echo_n "(cached) " >&6
else
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-$ac_includes_default
-int
-main ()
-{
-if ((unsigned long long *) 0)
- return 0;
-if (sizeof (unsigned long long))
- return 0;
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -z "$ac_c_werror_flag"
- || test ! -s conftest.err'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_type_unsigned_long_long=yes
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-ac_cv_type_unsigned_long_long=no
-fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_type_unsigned_long_long" >&5
-echo "${ECHO_T}$ac_cv_type_unsigned_long_long" >&6
+ if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (unsigned long long))" "ac_cv_sizeof_unsigned_long_long" "$ac_includes_default"; then :
-echo "$as_me:$LINENO: checking size of unsigned long long" >&5
-echo $ECHO_N "checking size of unsigned long long... $ECHO_C" >&6
-if test "${ac_cv_sizeof_unsigned_long_long+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
else
if test "$ac_cv_type_unsigned_long_long" = yes; then
- # The cast to unsigned long works around a bug in the HP C Compiler
- # version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
- # declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
- # This bug is HP SR number 8606223364.
- if test "$cross_compiling" = yes; then
- # Depending upon the size, compute the lo and hi bounds.
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-$ac_includes_default
-int
-main ()
-{
-static int test_array [1 - 2 * !(((long) (sizeof (unsigned long long))) >= 0)];
-test_array [0] = 0
-
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -z "$ac_c_werror_flag"
- || test ! -s conftest.err'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_lo=0 ac_mid=0
- while :; do
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-$ac_includes_default
-int
-main ()
-{
-static int test_array [1 - 2 * !(((long) (sizeof (unsigned long long))) <= $ac_mid)];
-test_array [0] = 0
-
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -z "$ac_c_werror_flag"
- || test ! -s conftest.err'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_hi=$ac_mid; break
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-ac_lo=`expr $ac_mid + 1`
- if test $ac_lo -le $ac_mid; then
- ac_lo= ac_hi=
- break
- fi
- ac_mid=`expr 2 '*' $ac_mid + 1`
-fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
- done
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-$ac_includes_default
-int
-main ()
-{
-static int test_array [1 - 2 * !(((long) (sizeof (unsigned long long))) < 0)];
-test_array [0] = 0
-
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -z "$ac_c_werror_flag"
- || test ! -s conftest.err'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_hi=-1 ac_mid=-1
- while :; do
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-$ac_includes_default
-int
-main ()
-{
-static int test_array [1 - 2 * !(((long) (sizeof (unsigned long long))) >= $ac_mid)];
-test_array [0] = 0
-
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -z "$ac_c_werror_flag"
- || test ! -s conftest.err'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_lo=$ac_mid; break
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-ac_hi=`expr '(' $ac_mid ')' - 1`
- if test $ac_mid -le $ac_hi; then
- ac_lo= ac_hi=
- break
- fi
- ac_mid=`expr 2 '*' $ac_mid`
-fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
- done
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-ac_lo= ac_hi=
-fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error 77 "cannot compute sizeof (unsigned long long)
+See \`config.log' for more details" "$LINENO" 5; }
+ else
+ ac_cv_sizeof_unsigned_long_long=0
+ fi
fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
-# Binary search between lo and hi bounds.
-while test "x$ac_lo" != "x$ac_hi"; do
- ac_mid=`expr '(' $ac_hi - $ac_lo ')' / 2 + $ac_lo`
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-$ac_includes_default
-int
-main ()
-{
-static int test_array [1 - 2 * !(((long) (sizeof (unsigned long long))) <= $ac_mid)];
-test_array [0] = 0
-
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -z "$ac_c_werror_flag"
- || test ! -s conftest.err'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_hi=$ac_mid
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-ac_lo=`expr '(' $ac_mid ')' + 1`
fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
-done
-case $ac_lo in
-?*) ac_cv_sizeof_unsigned_long_long=$ac_lo;;
-'') { { echo "$as_me:$LINENO: error: cannot compute sizeof (unsigned long long), 77
-See \`config.log' for more details." >&5
-echo "$as_me: error: cannot compute sizeof (unsigned long long), 77
-See \`config.log' for more details." >&2;}
- { (exit 1); exit 1; }; } ;;
-esac
-else
- if test "$cross_compiling" = yes; then
- { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling
-See \`config.log' for more details." >&5
-echo "$as_me: error: cannot run test program while cross compiling
-See \`config.log' for more details." >&2;}
- { (exit 1); exit 1; }; }
-else
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-$ac_includes_default
-long longval () { return (long) (sizeof (unsigned long long)); }
-unsigned long ulongval () { return (long) (sizeof (unsigned long long)); }
-#include <stdio.h>
-#include <stdlib.h>
-int
-main ()
-{
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_unsigned_long_long" >&5
+$as_echo "$ac_cv_sizeof_unsigned_long_long" >&6; }
- FILE *f = fopen ("conftest.val", "w");
- if (! f)
- exit (1);
- if (((long) (sizeof (unsigned long long))) < 0)
- {
- long i = longval ();
- if (i != ((long) (sizeof (unsigned long long))))
- exit (1);
- fprintf (f, "%ld\n", i);
- }
- else
- {
- unsigned long i = ulongval ();
- if (i != ((long) (sizeof (unsigned long long))))
- exit (1);
- fprintf (f, "%lu\n", i);
- }
- exit (ferror (f) || fclose (f) != 0);
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
- (eval $ac_link) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_sizeof_unsigned_long_long=`cat conftest.val`
-else
- echo "$as_me: program exited with status $ac_status" >&5
-echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-( exit $ac_status )
-{ { echo "$as_me:$LINENO: error: cannot compute sizeof (unsigned long long), 77
-See \`config.log' for more details." >&5
-echo "$as_me: error: cannot compute sizeof (unsigned long long), 77
-See \`config.log' for more details." >&2;}
- { (exit 1); exit 1; }; }
-fi
-rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
-fi
-fi
-rm -f conftest.val
-else
- ac_cv_sizeof_unsigned_long_long=0
-fi
-fi
-echo "$as_me:$LINENO: result: $ac_cv_sizeof_unsigned_long_long" >&5
-echo "${ECHO_T}$ac_cv_sizeof_unsigned_long_long" >&6
cat >>confdefs.h <<_ACEOF
#define SIZEOF_UNSIGNED_LONG_LONG $ac_cv_sizeof_unsigned_long_long
_ACEOF
-echo "$as_me:$LINENO: checking for an ANSI C-conforming const" >&5
-echo $ECHO_N "checking for an ANSI C-conforming const... $ECHO_C" >&6
-if test "${ac_cv_c_const+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for an ANSI C-conforming const" >&5
+$as_echo_n "checking for an ANSI C-conforming const... " >&6; }
+if ${ac_cv_c_const+:} false; then :
+ $as_echo_n "(cached) " >&6
else
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
int
main ()
{
-/* FIXME: Include the comments suggested by Paul. */
+
#ifndef __cplusplus
- /* Ultrix mips cc rejects this. */
+ /* Ultrix mips cc rejects this sort of thing. */
typedef int charset[2];
- const charset x;
+ const charset cs = { 0, 0 };
/* SunOS 4.1.1 cc rejects this. */
- char const *const *ccp;
- char **p;
+ char const *const *pcpcc;
+ char **ppc;
/* NEC SVR4.0.2 mips cc rejects this. */
struct point {int x, y;};
static struct point const zero = {0,0};
@@ -6266,16 +5305,18 @@ main ()
an arm of an if-expression whose if-part is not a constant
expression */
const char *g = "string";
- ccp = &g + (g ? g-g : 0);
+ pcpcc = &g + (g ? g-g : 0);
/* HPUX 7.0 cc rejects these. */
- ++ccp;
- p = (char**) ccp;
- ccp = (char const *const *) p;
- { /* SCO 3.2v4 cc rejects this. */
- char *t;
+ ++pcpcc;
+ ppc = (char**) pcpcc;
+ pcpcc = (char const *const *) ppc;
+ { /* SCO 3.2v4 cc rejects this sort of thing. */
+ char tx;
+ char *t = &tx;
char const *s = 0 ? (char *) 0 : (char const *) 0;
*t++ = 0;
+ if (s) return 0;
}
{ /* Someone thinks the Sun supposedly-ANSI compiler will reject this. */
int x[] = {25, 17};
@@ -6287,73 +5328,45 @@ main ()
iptr p = 0;
++p;
}
- { /* AIX XL C 1.02.0.0 rejects this saying
+ { /* AIX XL C 1.02.0.0 rejects this sort of thing, saying
"k.c", line 2.27: 1506-025 (S) Operand must be a modifiable lvalue. */
- struct s { int j; const int *ap[3]; };
- struct s *b; b->j = 5;
+ struct s { int j; const int *ap[3]; } bx;
+ struct s *b = &bx; b->j = 5;
}
{ /* ULTRIX-32 V3.1 (Rev 9) vcc rejects this */
const int foo = 10;
+ if (!foo) return 0;
}
+ return !cs[0] && !zero.x;
#endif
;
return 0;
}
_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -z "$ac_c_werror_flag"
- || test ! -s conftest.err'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
+if ac_fn_c_try_compile "$LINENO"; then :
ac_cv_c_const=yes
else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-ac_cv_c_const=no
+ ac_cv_c_const=no
fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
fi
-echo "$as_me:$LINENO: result: $ac_cv_c_const" >&5
-echo "${ECHO_T}$ac_cv_c_const" >&6
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_const" >&5
+$as_echo "$ac_cv_c_const" >&6; }
if test $ac_cv_c_const = no; then
-cat >>confdefs.h <<\_ACEOF
-#define const
-_ACEOF
+$as_echo "#define const /**/" >>confdefs.h
fi
-echo "$as_me:$LINENO: checking for inline" >&5
-echo $ECHO_N "checking for inline... $ECHO_C" >&6
-if test "${ac_cv_c_inline+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for inline" >&5
+$as_echo_n "checking for inline... " >&6; }
+if ${ac_cv_c_inline+:} false; then :
+ $as_echo_n "(cached) " >&6
else
ac_cv_c_inline=no
for ac_kw in inline __inline__ __inline; do
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
#ifndef __cplusplus
typedef int foo_t;
@@ -6362,41 +5375,16 @@ $ac_kw foo_t foo () {return 0; }
#endif
_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -z "$ac_c_werror_flag"
- || test ! -s conftest.err'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_c_inline=$ac_kw; break
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_c_inline=$ac_kw
fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ test "$ac_cv_c_inline" != no && break
done
fi
-echo "$as_me:$LINENO: result: $ac_cv_c_inline" >&5
-echo "${ECHO_T}$ac_cv_c_inline" >&6
-
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_inline" >&5
+$as_echo "$ac_cv_c_inline" >&6; }
case $ac_cv_c_inline in
inline | yes) ;;
@@ -6413,172 +5401,25 @@ _ACEOF
;;
esac
-echo "$as_me:$LINENO: checking for size_t" >&5
-echo $ECHO_N "checking for size_t... $ECHO_C" >&6
-if test "${ac_cv_type_size_t+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-$ac_includes_default
-int
-main ()
-{
-if ((size_t *) 0)
- return 0;
-if (sizeof (size_t))
- return 0;
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -z "$ac_c_werror_flag"
- || test ! -s conftest.err'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_type_size_t=yes
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
+ac_fn_c_check_type "$LINENO" "size_t" "ac_cv_type_size_t" "$ac_includes_default"
+if test "x$ac_cv_type_size_t" = xyes; then :
-ac_cv_type_size_t=no
-fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_type_size_t" >&5
-echo "${ECHO_T}$ac_cv_type_size_t" >&6
-if test $ac_cv_type_size_t = yes; then
- :
else
cat >>confdefs.h <<_ACEOF
-#define size_t unsigned
+#define size_t unsigned int
_ACEOF
fi
-
-
-
-for ac_func in socket inet_aton usleep
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
- For example, HP-UX 11i <limits.h> declares gettimeofday. */
-#define $ac_func innocuous_$ac_func
-
-/* System header to define __stub macros and hopefully few prototypes,
- which can conflict with char $ac_func (); below.
- Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
- <limits.h> exists even on freestanding compilers. */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-
-#undef $ac_func
-
-/* Override any gcc2 internal prototype to avoid an error. */
-#ifdef __cplusplus
-extern "C"
-{
-#endif
-/* We use char because int might match the return type of a gcc2
- builtin and then its argument prototype would still apply. */
-char $ac_func ();
-/* The GNU C library defines this for functions which it implements
- to always fail with ENOSYS. Some functions are actually named
- something starting with __ and the normal name is an alias. */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
-choke me
-#else
-char (*f) () = $ac_func;
-#endif
-#ifdef __cplusplus
-}
-#endif
-
-int
-main ()
-{
-return f != $ac_func;
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
- (eval $ac_link) 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -z "$ac_c_werror_flag"
- || test ! -s conftest.err'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; } &&
- { ac_try='test -s conftest$ac_exeext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- eval "$as_ac_var=yes"
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-eval "$as_ac_var=no"
-fi
-rm -f conftest.err conftest.$ac_objext \
- conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
-if test `eval echo '${'$as_ac_var'}'` = yes; then
+for ac_func in socket inet_aton usleep sigaction
+do :
+ as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
+#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
_ACEOF
fi
@@ -6586,72 +5427,43 @@ done
if test "x$ac_cv_func_socket" = "xno"; then
-
-echo "$as_me:$LINENO: checking for socket in -lsocket" >&5
-echo $ECHO_N "checking for socket in -lsocket... $ECHO_C" >&6
-if test "${ac_cv_lib_socket_socket+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for socket in -lsocket" >&5
+$as_echo_n "checking for socket in -lsocket... " >&6; }
+if ${ac_cv_lib_socket_socket+:} false; then :
+ $as_echo_n "(cached) " >&6
else
ac_check_lib_save_LIBS=$LIBS
LIBS="-lsocket $LIBS"
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
-/* Override any gcc2 internal prototype to avoid an error. */
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
#ifdef __cplusplus
extern "C"
#endif
-/* We use char because int might match the return type of a gcc2
- builtin and then its argument prototype would still apply. */
char socket ();
int
main ()
{
-socket ();
+return socket ();
;
return 0;
}
_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
- (eval $ac_link) 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -z "$ac_c_werror_flag"
- || test ! -s conftest.err'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; } &&
- { ac_try='test -s conftest$ac_exeext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
+if ac_fn_c_try_link "$LINENO"; then :
ac_cv_lib_socket_socket=yes
else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-ac_cv_lib_socket_socket=no
+ ac_cv_lib_socket_socket=no
fi
-rm -f conftest.err conftest.$ac_objext \
- conftest$ac_exeext conftest.$ac_ext
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
LIBS=$ac_check_lib_save_LIBS
fi
-echo "$as_me:$LINENO: result: $ac_cv_lib_socket_socket" >&5
-echo "${ECHO_T}$ac_cv_lib_socket_socket" >&6
-if test $ac_cv_lib_socket_socket = yes; then
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_socket_socket" >&5
+$as_echo "$ac_cv_lib_socket_socket" >&6; }
+if test "x$ac_cv_lib_socket_socket" = xyes; then :
cat >>confdefs.h <<_ACEOF
#define HAVE_LIBSOCKET 1
_ACEOF
@@ -6660,15 +5472,11 @@ _ACEOF
fi
- echo "$as_me:$LINENO: checking for socket in -lwsock32" >&5
-echo $ECHO_N "checking for socket in -lwsock32... $ECHO_C" >&6
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for socket in -lwsock32" >&5
+$as_echo_n "checking for socket in -lwsock32... " >&6; }
SAVELIBS="$LIBS"
LIBS="$LIBS -lwsock32"
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
#include <winsock2.h>
@@ -6683,491 +5491,524 @@ socket(0, 0, 0);
return 0;
}
_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
- (eval $ac_link) 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -z "$ac_c_werror_flag"
- || test ! -s conftest.err'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; } &&
- { ac_try='test -s conftest$ac_exeext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
+if ac_fn_c_try_link "$LINENO"; then :
ac_cv_func_socket=yes
- echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
+ LIBS="$SAVELIBS"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+fi
-LIBS="$SAVELIBS"
- echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to compile in debugging" >&5
+$as_echo_n "checking whether to compile in debugging... " >&6; }
+# Check whether --enable-debug was given.
+if test "${enable_debug+set}" = set; then :
+ enableval=$enable_debug;
+else
+ enable_debug=yes
fi
-rm -f conftest.err conftest.$ac_objext \
- conftest$ac_exeext conftest.$ac_ext
+
+if test "$enable_debug" = "yes"; then
+
+$as_echo "#define ENABLE_DEBUGGING 1" >>confdefs.h
+
fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_debug" >&5
+$as_echo "$enable_debug" >&6; }
-echo "$as_me:$LINENO: checking whether byte ordering is bigendian" >&5
-echo $ECHO_N "checking whether byte ordering is bigendian... $ECHO_C" >&6
-if test "${ac_cv_c_bigendian+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to use ISMAcryp code" >&5
+$as_echo_n "checking whether to use ISMAcryp code... " >&6; }
+# Check whether --enable-generic-aesicm was given.
+if test "${enable_generic_aesicm+set}" = set; then :
+ enableval=$enable_generic_aesicm;
else
- # See if sys/param.h defines the BYTE_ORDER macro.
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
+ enable_generic_aesicm=no
+fi
+
+if test "$enable_generic_aesicm" = "yes"; then
+
+$as_echo "#define GENERIC_AESICM 1" >>confdefs.h
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_generic_aesicm" >&5
+$as_echo "$enable_generic_aesicm" >&6; }
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to leverage OpenSSL crypto" >&5
+$as_echo_n "checking whether to leverage OpenSSL crypto... " >&6; }
+# Check whether --enable-openssl was given.
+if test "${enable_openssl+set}" = set; then :
+ enableval=$enable_openssl;
+else
+ enable_openssl=no
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_openssl" >&5
+$as_echo "$enable_openssl" >&6; }
+if test "$enable_openssl" = "yes"; then
+ LDFLAGS="$LDFLAGS $(pkg-config --libs openssl)";
+ CFLAGS="$CFLAGS $(pkg-config --cflags openssl)";
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen in -ldl" >&5
+$as_echo_n "checking for dlopen in -ldl... " >&6; }
+if ${ac_cv_lib_dl_dlopen+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-ldl $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
-#include <sys/types.h>
-#include <sys/param.h>
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char dlopen ();
int
main ()
{
-#if !BYTE_ORDER || !BIG_ENDIAN || !LITTLE_ENDIAN
- bogus endian macros
-#endif
-
+return dlopen ();
;
return 0;
}
_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -z "$ac_c_werror_flag"
- || test ! -s conftest.err'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- # It does; now see whether it defined to BIG_ENDIAN or not.
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_dl_dlopen=yes
+else
+ ac_cv_lib_dl_dlopen=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5
+$as_echo "$ac_cv_lib_dl_dlopen" >&6; }
+if test "x$ac_cv_lib_dl_dlopen" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_LIBDL 1
_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
+
+ LIBS="-ldl $LIBS"
+
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: can't find libdl" >&5
+$as_echo "$as_me: WARNING: can't find libdl" >&2;}
+fi
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for inflate in -lz" >&5
+$as_echo_n "checking for inflate in -lz... " >&6; }
+if ${ac_cv_lib_z_inflate+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lz $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
-#include <sys/types.h>
-#include <sys/param.h>
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char inflate ();
int
main ()
{
-#if BYTE_ORDER != BIG_ENDIAN
- not big endian
-#endif
-
+return inflate ();
;
return 0;
}
_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -z "$ac_c_werror_flag"
- || test ! -s conftest.err'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_c_bigendian=yes
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_z_inflate=yes
else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-ac_cv_c_bigendian=no
+ ac_cv_lib_z_inflate=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_z_inflate" >&5
+$as_echo "$ac_cv_lib_z_inflate" >&6; }
+if test "x$ac_cv_lib_z_inflate" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_LIBZ 1
+_ACEOF
+
+ LIBS="-lz $LIBS"
+
else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: can't find libz" >&5
+$as_echo "$as_me: WARNING: can't find libz" >&2;}
+fi
-# It does not; compile a test program.
-if test "$cross_compiling" = yes; then
- # try to guess the endianness by grepping values into an object file
- ac_cv_c_bigendian=unknown
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for EVP_EncryptInit in -lcrypto" >&5
+$as_echo_n "checking for EVP_EncryptInit in -lcrypto... " >&6; }
+if ${ac_cv_lib_crypto_EVP_EncryptInit+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lcrypto $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
-short ascii_mm[] = { 0x4249, 0x4765, 0x6E44, 0x6961, 0x6E53, 0x7953, 0 };
-short ascii_ii[] = { 0x694C, 0x5454, 0x656C, 0x6E45, 0x6944, 0x6E61, 0 };
-void _ascii () { char *s = (char *) ascii_mm; s = (char *) ascii_ii; }
-short ebcdic_ii[] = { 0x89D3, 0xE3E3, 0x8593, 0x95C5, 0x89C4, 0x9581, 0 };
-short ebcdic_mm[] = { 0xC2C9, 0xC785, 0x95C4, 0x8981, 0x95E2, 0xA8E2, 0 };
-void _ebcdic () { char *s = (char *) ebcdic_mm; s = (char *) ebcdic_ii; }
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char EVP_EncryptInit ();
int
main ()
{
- _ascii (); _ebcdic ();
+return EVP_EncryptInit ();
;
return 0;
}
_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -z "$ac_c_werror_flag"
- || test ! -s conftest.err'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- if grep BIGenDianSyS conftest.$ac_objext >/dev/null ; then
- ac_cv_c_bigendian=yes
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_crypto_EVP_EncryptInit=yes
+else
+ ac_cv_lib_crypto_EVP_EncryptInit=no
fi
-if grep LiTTleEnDian conftest.$ac_objext >/dev/null ; then
- if test "$ac_cv_c_bigendian" = unknown; then
- ac_cv_c_bigendian=no
- else
- # finding both strings is unlikely to happen, but who knows?
- ac_cv_c_bigendian=unknown
- fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
fi
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_crypto_EVP_EncryptInit" >&5
+$as_echo "$ac_cv_lib_crypto_EVP_EncryptInit" >&6; }
+if test "x$ac_cv_lib_crypto_EVP_EncryptInit" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_LIBCRYPTO 1
+_ACEOF
+
+ LIBS="-lcrypto $LIBS"
+else
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "can't find openssl >1.0.1 crypto lib
+See \`config.log' for more details" "$LINENO" 5; }
fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for EVP_aes_128_ctr in -lcrypto" >&5
+$as_echo_n "checking for EVP_aes_128_ctr in -lcrypto... " >&6; }
+if ${ac_cv_lib_crypto_EVP_aes_128_ctr+:} false; then :
+ $as_echo_n "(cached) " >&6
else
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lcrypto $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char EVP_aes_128_ctr ();
int
main ()
{
- /* Are we little or big endian? From Harbison&Steele. */
- union
- {
- long l;
- char c[sizeof (long)];
- } u;
- u.l = 1;
- exit (u.c[sizeof (long) - 1] == 1);
+return EVP_aes_128_ctr ();
+ ;
+ return 0;
}
_ACEOF
-rm -f conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
- (eval $ac_link) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_c_bigendian=no
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_crypto_EVP_aes_128_ctr=yes
else
- echo "$as_me: program exited with status $ac_status" >&5
-echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-( exit $ac_status )
-ac_cv_c_bigendian=yes
+ ac_cv_lib_crypto_EVP_aes_128_ctr=no
fi
-rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
-fi
-fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
fi
-echo "$as_me:$LINENO: result: $ac_cv_c_bigendian" >&5
-echo "${ECHO_T}$ac_cv_c_bigendian" >&6
-case $ac_cv_c_bigendian in
- yes)
-
-cat >>confdefs.h <<\_ACEOF
-#define WORDS_BIGENDIAN 1
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_crypto_EVP_aes_128_ctr" >&5
+$as_echo "$ac_cv_lib_crypto_EVP_aes_128_ctr" >&6; }
+if test "x$ac_cv_lib_crypto_EVP_aes_128_ctr" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_LIBCRYPTO 1
_ACEOF
- ;;
- no)
- ;;
- *)
- { { echo "$as_me:$LINENO: error: unknown endianness
-presetting ac_cv_c_bigendian=no (or yes) will help" >&5
-echo "$as_me: error: unknown endianness
-presetting ac_cv_c_bigendian=no (or yes) will help" >&2;}
- { (exit 1); exit 1; }; } ;;
-esac
-
-# Make sure we can run config.sub.
-$ac_config_sub sun4 >/dev/null 2>&1 ||
- { { echo "$as_me:$LINENO: error: cannot run $ac_config_sub" >&5
-echo "$as_me: error: cannot run $ac_config_sub" >&2;}
- { (exit 1); exit 1; }; }
-
-echo "$as_me:$LINENO: checking build system type" >&5
-echo $ECHO_N "checking build system type... $ECHO_C" >&6
-if test "${ac_cv_build+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- ac_cv_build_alias=$build_alias
-test -z "$ac_cv_build_alias" &&
- ac_cv_build_alias=`$ac_config_guess`
-test -z "$ac_cv_build_alias" &&
- { { echo "$as_me:$LINENO: error: cannot guess build type; you must specify one" >&5
-echo "$as_me: error: cannot guess build type; you must specify one" >&2;}
- { (exit 1); exit 1; }; }
-ac_cv_build=`$ac_config_sub $ac_cv_build_alias` ||
- { { echo "$as_me:$LINENO: error: $ac_config_sub $ac_cv_build_alias failed" >&5
-echo "$as_me: error: $ac_config_sub $ac_cv_build_alias failed" >&2;}
- { (exit 1); exit 1; }; }
-
-fi
-echo "$as_me:$LINENO: result: $ac_cv_build" >&5
-echo "${ECHO_T}$ac_cv_build" >&6
-build=$ac_cv_build
-build_cpu=`echo $ac_cv_build | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\1/'`
-build_vendor=`echo $ac_cv_build | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\2/'`
-build_os=`echo $ac_cv_build | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\3/'`
+ LIBS="-lcrypto $LIBS"
+else
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "can't find openssl >1.0.1 crypto lib
+See \`config.log' for more details" "$LINENO" 5; }
+fi
-echo "$as_me:$LINENO: checking host system type" >&5
-echo $ECHO_N "checking host system type... $ECHO_C" >&6
-if test "${ac_cv_host+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for EVP_aes_128_gcm in -lcrypto" >&5
+$as_echo_n "checking for EVP_aes_128_gcm in -lcrypto... " >&6; }
+if ${ac_cv_lib_crypto_EVP_aes_128_gcm+:} false; then :
+ $as_echo_n "(cached) " >&6
else
- ac_cv_host_alias=$host_alias
-test -z "$ac_cv_host_alias" &&
- ac_cv_host_alias=$ac_cv_build_alias
-ac_cv_host=`$ac_config_sub $ac_cv_host_alias` ||
- { { echo "$as_me:$LINENO: error: $ac_config_sub $ac_cv_host_alias failed" >&5
-echo "$as_me: error: $ac_config_sub $ac_cv_host_alias failed" >&2;}
- { (exit 1); exit 1; }; }
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lcrypto $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char EVP_aes_128_gcm ();
+int
+main ()
+{
+return EVP_aes_128_gcm ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_crypto_EVP_aes_128_gcm=yes
+else
+ ac_cv_lib_crypto_EVP_aes_128_gcm=no
fi
-echo "$as_me:$LINENO: result: $ac_cv_host" >&5
-echo "${ECHO_T}$ac_cv_host" >&6
-host=$ac_cv_host
-host_cpu=`echo $ac_cv_host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\1/'`
-host_vendor=`echo $ac_cv_host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\2/'`
-host_os=`echo $ac_cv_host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\3/'`
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_crypto_EVP_aes_128_gcm" >&5
+$as_echo "$ac_cv_lib_crypto_EVP_aes_128_gcm" >&6; }
+if test "x$ac_cv_lib_crypto_EVP_aes_128_gcm" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_LIBCRYPTO 1
+_ACEOF
+ LIBS="-lcrypto $LIBS"
+else
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "can't find openssl >1.0.1 crypto lib
+See \`config.log' for more details" "$LINENO" 5; }
+fi
-case $host_cpu in
- i*86 )
-cat >>confdefs.h <<\_ACEOF
-#define CPU_CISC 1
-_ACEOF
+$as_echo "#define OPENSSL 1" >>confdefs.h
+ AES_ICM_OBJS="crypto/cipher/aes_icm_ossl.o crypto/cipher/aes_gcm_ossl.o"
+ RNG_OBJS=rand_source_ossl.o
+ HMAC_OBJS=crypto/hash/hmac_ossl.o
+ USE_OPENSSL=1
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_X86 1
-_ACEOF
-;;
- * )
- # CPU_RISC is only supported for big endian machines.
- if test "$ac_cv_c_bigendian" = "yes"; then
+else
+ AES_ICM_OBJS="crypto/cipher/aes_icm.o crypto/cipher/aes.o crypto/cipher/aes_cbc.o"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking which random device to use" >&5
+$as_echo_n "checking which random device to use... " >&6; }
+ if test "$enable_kernel_linux" = "yes"; then
+ RNG_OBJS=rand_linux_kernel.o
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: Linux kernel builtin" >&5
+$as_echo "Linux kernel builtin" >&6; }
+ else
+ RNG_OBJS=rand_source.o
+ if test -n "$DEV_URANDOM"; then
-cat >>confdefs.h <<\_ACEOF
-#define CPU_RISC 1
+cat >>confdefs.h <<_ACEOF
+#define DEV_URANDOM "$DEV_URANDOM"
_ACEOF
- else
- cat >>confdefs.h <<\_ACEOF
-#define CPU_CISC 1
-_ACEOF
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $DEV_URANDOM" >&5
+$as_echo "$DEV_URANDOM" >&6; }
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: standard rand() function..." >&5
+$as_echo "standard rand() function..." >&6; }
+ fi
+ fi
+ RNG_EXTRA_OBJS="crypto/rng/prng.o crypto/rng/ctr_prng.o"
+ HMAC_OBJS="crypto/hash/hmac.o crypto/hash/sha1.o"
+fi
- fi
- ;;
-esac
-case $host_os in
- *cygwin*|*mingw* )
- EXE=.exe;;
- * ) EXE="";;
-esac
- # define executable suffix; this is needed for `make clean'
-echo "$as_me:$LINENO: checking whether to compile in debugging" >&5
-echo $ECHO_N "checking whether to compile in debugging... $ECHO_C" >&6
-# Check whether --enable-debug or --disable-debug was given.
-if test "${enable_debug+set}" = set; then
- enableval="$enable_debug"
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for pcap_create in -lpcap" >&5
+$as_echo_n "checking for pcap_create in -lpcap... " >&6; }
+if ${ac_cv_lib_pcap_pcap_create+:} false; then :
+ $as_echo_n "(cached) " >&6
else
- enable_debug=yes
-fi;
-if test "$enable_debug" = "yes"; then
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lpcap $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
-cat >>confdefs.h <<\_ACEOF
-#define ENABLE_DEBUGGING 1
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char pcap_create ();
+int
+main ()
+{
+return pcap_create ();
+ ;
+ return 0;
+}
_ACEOF
-
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_pcap_pcap_create=yes
+else
+ ac_cv_lib_pcap_pcap_create=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
fi
-echo "$as_me:$LINENO: result: $enable_debug" >&5
-echo "${ECHO_T}$enable_debug" >&6
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_pcap_pcap_create" >&5
+$as_echo "$ac_cv_lib_pcap_pcap_create" >&6; }
+if test "x$ac_cv_lib_pcap_pcap_create" = xyes; then :
+ PCAP=1
+ LIBS="-lpcap $LIBS"
+ HAVE_PCAP=1
-echo "$as_me:$LINENO: checking whether to use ISMAcryp code" >&5
-echo $ECHO_N "checking whether to use ISMAcryp code... $ECHO_C" >&6
-# Check whether --enable-generic-aesicm or --disable-generic-aesicm was given.
-if test "${enable_generic_aesicm+set}" = set; then
- enableval="$enable_generic_aesicm"
+$as_echo "#define HAVE_PCAP 1" >>confdefs.h
-else
- enable_generic_aesicm=no
-fi;
-if test "$enable_generic_aesicm" = "yes"; then
-cat >>confdefs.h <<\_ACEOF
-#define GENERIC_AESICM 1
-_ACEOF
fi
-echo "$as_me:$LINENO: result: $enable_generic_aesicm" >&5
-echo "${ECHO_T}$enable_generic_aesicm" >&6
-echo "$as_me:$LINENO: checking whether to use syslog for error reporting" >&5
-echo $ECHO_N "checking whether to use syslog for error reporting... $ECHO_C" >&6
-# Check whether --enable-syslog or --disable-syslog was given.
-if test "${enable_syslog+set}" = set; then
- enableval="$enable_syslog"
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to use syslog for error reporting" >&5
+$as_echo_n "checking whether to use syslog for error reporting... " >&6; }
+# Check whether --enable-syslog was given.
+if test "${enable_syslog+set}" = set; then :
+ enableval=$enable_syslog;
else
enable_syslog=no
-fi;
+fi
+
if test "$enable_syslog" = "yes"; then
-cat >>confdefs.h <<\_ACEOF
-#define USE_SYSLOG 1
-_ACEOF
+$as_echo "#define USE_SYSLOG 1" >>confdefs.h
fi
-echo "$as_me:$LINENO: result: $enable_syslog" >&5
-echo "${ECHO_T}$enable_syslog" >&6
-
-echo "$as_me:$LINENO: checking whether to use stdout for error reporting" >&5
-echo $ECHO_N "checking whether to use stdout for error reporting... $ECHO_C" >&6
-# Check whether --enable-stdout or --disable-stdout was given.
-if test "${enable_stdout+set}" = set; then
- enableval="$enable_stdout"
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_syslog" >&5
+$as_echo "$enable_syslog" >&6; }
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to use stdout for error reporting" >&5
+$as_echo_n "checking whether to use stdout for error reporting... " >&6; }
+# Check whether --enable-stdout was given.
+if test "${enable_stdout+set}" = set; then :
+ enableval=$enable_stdout;
else
enable_stdout=yes
-fi;
+fi
+
if test "$enable_stdout" = "yes"; then
-cat >>confdefs.h <<\_ACEOF
-#define ERR_REPORTING_STDOUT 1
-_ACEOF
+$as_echo "#define ERR_REPORTING_STDOUT 1" >>confdefs.h
fi
-echo "$as_me:$LINENO: result: $enable_stdout" >&5
-echo "${ECHO_T}$enable_stdout" >&6
-
-echo "$as_me:$LINENO: checking whether to use /dev/console for error reporting" >&5
-echo $ECHO_N "checking whether to use /dev/console for error reporting... $ECHO_C" >&6
-# Check whether --enable-console or --disable-console was given.
-if test "${enable_console+set}" = set; then
- enableval="$enable_console"
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_stdout" >&5
+$as_echo "$enable_stdout" >&6; }
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to use /dev/console for error reporting" >&5
+$as_echo_n "checking whether to use /dev/console for error reporting... " >&6; }
+# Check whether --enable-console was given.
+if test "${enable_console+set}" = set; then :
+ enableval=$enable_console;
else
enable_console=no
-fi;
+fi
+
if test "$enable_console" = "yes"; then
-cat >>confdefs.h <<\_ACEOF
-#define USE_ERR_REPORTING_FILE 1
-_ACEOF
+$as_echo "#define USE_ERR_REPORTING_FILE 1" >>confdefs.h
-cat >>confdefs.h <<\_ACEOF
-#define ERR_REPORTING_FILE "/dev/console"
-_ACEOF
+$as_echo "#define ERR_REPORTING_FILE \"/dev/console\"" >>confdefs.h
fi
-echo "$as_me:$LINENO: result: $enable_console" >&5
-echo "${ECHO_T}$enable_console" >&6
-
-echo "$as_me:$LINENO: checking whether to use GDOI key management" >&5
-echo $ECHO_N "checking whether to use GDOI key management... $ECHO_C" >&6
-# Check whether --enable-gdoi or --disable-gdoi was given.
-if test "${enable_gdoi+set}" = set; then
- enableval="$enable_gdoi"
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_console" >&5
+$as_echo "$enable_console" >&6; }
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to use GDOI key management" >&5
+$as_echo_n "checking whether to use GDOI key management... " >&6; }
+# Check whether --enable-gdoi was given.
+if test "${enable_gdoi+set}" = set; then :
+ enableval=$enable_gdoi;
else
enable_gdoi=no
-fi;
+fi
+
if test "$enable_gdoi" = "yes"; then
-cat >>confdefs.h <<\_ACEOF
-#define SRTP_GDOI 1
-_ACEOF
+$as_echo "#define SRTP_GDOI 1" >>confdefs.h
GDOI_OBJS=gdoi/srtp+gdoi.o
fi
-echo "$as_me:$LINENO: result: $enable_gdoi" >&5
-echo "${ECHO_T}$enable_gdoi" >&6
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_gdoi" >&5
+$as_echo "$enable_gdoi" >&6; }
- ac_config_headers="$ac_config_headers crypto/include/config.h:config_in.h"
+ac_config_headers="$ac_config_headers crypto/include/config.h:config_in.h"
- ac_config_files="$ac_config_files Makefile crypto/Makefile doc/Makefile"
+# Extract the first word of "pkg-config", so it can be a program name with args.
+set dummy pkg-config; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_PKG_CONFIG+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$PKG_CONFIG"; then
+ ac_cv_prog_PKG_CONFIG="$PKG_CONFIG" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ ac_cv_prog_PKG_CONFIG="yes"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+PKG_CONFIG=$ac_cv_prog_PKG_CONFIG
+if test -n "$PKG_CONFIG"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PKG_CONFIG" >&5
+$as_echo "$PKG_CONFIG" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+if test "x$PKG_CONFIG" != "x"; then
+ HAVE_PKG_CONFIG=1
+ ac_config_files="$ac_config_files libsrtp.pc"
+
+else
+ HAVE_PKG_CONFIG=0
+fi
+
+ac_config_files="$ac_config_files Makefile crypto/Makefile doc/Makefile"
+
cat >confcache <<\_ACEOF
# This file is a shell script that caches the results of configure
# tests run on this system so they can be shared between configure
@@ -7186,39 +6027,70 @@ _ACEOF
# The following way of writing the cache mishandles newlines in values,
# but we know of no workaround that is simple, portable, and efficient.
-# So, don't put newlines in cache variables' values.
+# So, we kill variables containing newlines.
# Ultrix sh set writes to stderr and can't be redirected directly,
# and sets the high bit in the cache file unless we assign to the vars.
-{
+(
+ for ac_var in `(set) 2>&1 | sed -n 's/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'`; do
+ eval ac_val=\$$ac_var
+ case $ac_val in #(
+ *${as_nl}*)
+ case $ac_var in #(
+ *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5
+$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;;
+ esac
+ case $ac_var in #(
+ _ | IFS | as_nl) ;; #(
+ BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #(
+ *) { eval $ac_var=; unset $ac_var;} ;;
+ esac ;;
+ esac
+ done
+
(set) 2>&1 |
- case `(ac_space=' '; set | grep ac_space) 2>&1` in
- *ac_space=\ *)
- # `set' does not quote correctly, so add quotes (double-quote
- # substitution turns \\\\ into \\, and sed turns \\ into \).
+ case $as_nl`(ac_space=' '; set) 2>&1` in #(
+ *${as_nl}ac_space=\ *)
+ # `set' does not quote correctly, so add quotes: double-quote
+ # substitution turns \\\\ into \\, and sed turns \\ into \.
sed -n \
"s/'/'\\\\''/g;
s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p"
- ;;
+ ;; #(
*)
# `set' quotes correctly as required by POSIX, so do not add quotes.
- sed -n \
- "s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1=\\2/p"
+ sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p"
;;
- esac;
-} |
+ esac |
+ sort
+) |
sed '
+ /^ac_cv_env_/b end
t clear
- : clear
+ :clear
s/^\([^=]*\)=\(.*[{}].*\)$/test "${\1+set}" = set || &/
t end
- /^ac_cv_env/!s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/
- : end' >>confcache
-if diff $cache_file confcache >/dev/null 2>&1; then :; else
- if test -w $cache_file; then
- test "x$cache_file" != "x/dev/null" && echo "updating cache $cache_file"
- cat confcache >$cache_file
+ s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/
+ :end' >>confcache
+if diff "$cache_file" confcache >/dev/null 2>&1; then :; else
+ if test -w "$cache_file"; then
+ if test "x$cache_file" != "x/dev/null"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: updating cache $cache_file" >&5
+$as_echo "$as_me: updating cache $cache_file" >&6;}
+ if test ! -f "$cache_file" || test -h "$cache_file"; then
+ cat confcache >"$cache_file"
+ else
+ case $cache_file in #(
+ */* | ?:*)
+ mv -f confcache "$cache_file"$$ &&
+ mv -f "$cache_file"$$ "$cache_file" ;; #(
+ *)
+ mv -f confcache "$cache_file" ;;
+ esac
+ fi
+ fi
else
- echo "not updating unwritable cache $cache_file"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: not updating unwritable cache $cache_file" >&5
+$as_echo "$as_me: not updating unwritable cache $cache_file" >&6;}
fi
fi
rm -f confcache
@@ -7227,32 +6099,19 @@ test "x$prefix" = xNONE && prefix=$ac_default_prefix
# Let make expand exec_prefix.
test "x$exec_prefix" = xNONE && exec_prefix='${prefix}'
-# VPATH may cause trouble with some makes, so we remove $(srcdir),
-# ${srcdir} and @srcdir@ from VPATH if srcdir is ".", strip leading and
-# trailing colons and then remove the whole line if VPATH becomes empty
-# (actually we leave an empty line to preserve line numbers).
-if test "x$srcdir" = x.; then
- ac_vpsub='/^[ ]*VPATH[ ]*=/{
-s/:*\$(srcdir):*/:/;
-s/:*\${srcdir}:*/:/;
-s/:*@srcdir@:*/:/;
-s/^\([^=]*=[ ]*\):*/\1/;
-s/:*$//;
-s/^[^=]*=[ ]*$//;
-}'
-fi
-
DEFS=-DHAVE_CONFIG_H
ac_libobjs=
ac_ltlibobjs=
+U=
for ac_i in : $LIBOBJS; do test "x$ac_i" = x: && continue
# 1. Remove the extension, and $U if already installed.
- ac_i=`echo "$ac_i" |
- sed 's/\$U\././;s/\.o$//;s/\.obj$//'`
- # 2. Add them.
- ac_libobjs="$ac_libobjs $ac_i\$U.$ac_objext"
- ac_ltlibobjs="$ac_ltlibobjs $ac_i"'$U.lo'
+ ac_script='s/\$U\././;s/\.o$//;s/\.obj$//'
+ ac_i=`$as_echo "$ac_i" | sed "$ac_script"`
+ # 2. Prepend LIBOBJDIR. When used with automake>=1.10 LIBOBJDIR
+ # will be set to the directory where LIBOBJS objects are built.
+ as_fn_append ac_libobjs " \${LIBOBJDIR}$ac_i\$U.$ac_objext"
+ as_fn_append ac_ltlibobjs " \${LIBOBJDIR}$ac_i"'$U.lo'
done
LIBOBJS=$ac_libobjs
@@ -7260,12 +6119,15 @@ LTLIBOBJS=$ac_ltlibobjs
-: ${CONFIG_STATUS=./config.status}
+
+: "${CONFIG_STATUS=./config.status}"
+ac_write_fail=0
ac_clean_files_save=$ac_clean_files
ac_clean_files="$ac_clean_files $CONFIG_STATUS"
-{ echo "$as_me:$LINENO: creating $CONFIG_STATUS" >&5
-echo "$as_me: creating $CONFIG_STATUS" >&6;}
-cat >$CONFIG_STATUS <<_ACEOF
+{ $as_echo "$as_me:${as_lineno-$LINENO}: creating $CONFIG_STATUS" >&5
+$as_echo "$as_me: creating $CONFIG_STATUS" >&6;}
+as_write_fail=0
+cat >$CONFIG_STATUS <<_ASEOF || as_write_fail=1
#! $SHELL
# Generated by $as_me.
# Run this file to recreate the current configuration.
@@ -7275,81 +6137,253 @@ cat >$CONFIG_STATUS <<_ACEOF
debug=false
ac_cs_recheck=false
ac_cs_silent=false
-SHELL=\${CONFIG_SHELL-$SHELL}
-_ACEOF
-
-cat >>$CONFIG_STATUS <<\_ACEOF
-## --------------------- ##
-## M4sh Initialization. ##
-## --------------------- ##
-# Be Bourne compatible
-if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then
+SHELL=\${CONFIG_SHELL-$SHELL}
+export SHELL
+_ASEOF
+cat >>$CONFIG_STATUS <<\_ASEOF || as_write_fail=1
+## -------------------- ##
+## M4sh Initialization. ##
+## -------------------- ##
+
+# Be more Bourne compatible
+DUALCASE=1; export DUALCASE # for MKS sh
+if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then :
emulate sh
NULLCMD=:
- # Zsh 3.x and 4.x performs word splitting on ${1+"$@"}, which
+ # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which
# is contrary to our usage. Disable this feature.
alias -g '${1+"$@"}'='"$@"'
-elif test -n "${BASH_VERSION+set}" && (set -o posix) >/dev/null 2>&1; then
- set -o posix
+ setopt NO_GLOB_SUBST
+else
+ case `(set -o) 2>/dev/null` in #(
+ *posix*) :
+ set -o posix ;; #(
+ *) :
+ ;;
+esac
fi
-DUALCASE=1; export DUALCASE # for MKS sh
-# Support unset when possible.
-if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then
- as_unset=unset
-else
- as_unset=false
+
+as_nl='
+'
+export as_nl
+# Printing a long string crashes Solaris 7 /usr/bin/printf.
+as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
+as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo
+as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo
+# Prefer a ksh shell builtin over an external printf program on Solaris,
+# but without wasting forks for bash or zsh.
+if test -z "$BASH_VERSION$ZSH_VERSION" \
+ && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then
+ as_echo='print -r --'
+ as_echo_n='print -rn --'
+elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then
+ as_echo='printf %s\n'
+ as_echo_n='printf %s'
+else
+ if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then
+ as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"'
+ as_echo_n='/usr/ucb/echo -n'
+ else
+ as_echo_body='eval expr "X$1" : "X\\(.*\\)"'
+ as_echo_n_body='eval
+ arg=$1;
+ case $arg in #(
+ *"$as_nl"*)
+ expr "X$arg" : "X\\(.*\\)$as_nl";
+ arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;;
+ esac;
+ expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl"
+ '
+ export as_echo_n_body
+ as_echo_n='sh -c $as_echo_n_body as_echo'
+ fi
+ export as_echo_body
+ as_echo='sh -c $as_echo_body as_echo'
+fi
+
+# The user is always right.
+if test "${PATH_SEPARATOR+set}" != set; then
+ PATH_SEPARATOR=:
+ (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && {
+ (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 ||
+ PATH_SEPARATOR=';'
+ }
fi
-# Work around bugs in pre-3.0 UWIN ksh.
-$as_unset ENV MAIL MAILPATH
+# IFS
+# We need space, tab and new line, in precisely that order. Quoting is
+# there to prevent editors from complaining about space-tab.
+# (If _AS_PATH_WALK were called with IFS unset, it would disable word
+# splitting by setting IFS to empty value.)
+IFS=" "" $as_nl"
+
+# Find who we are. Look in the path if we contain no directory separator.
+as_myself=
+case $0 in #((
+ *[\\/]* ) as_myself=$0 ;;
+ *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break
+ done
+IFS=$as_save_IFS
+
+ ;;
+esac
+# We did not find ourselves, most probably we were run as `sh COMMAND'
+# in which case we are not to be found in the path.
+if test "x$as_myself" = x; then
+ as_myself=$0
+fi
+if test ! -f "$as_myself"; then
+ $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2
+ exit 1
+fi
+
+# Unset variables that we do not need and which cause bugs (e.g. in
+# pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1"
+# suppresses any "Segmentation fault" message there. '((' could
+# trigger a bug in pdksh 5.2.14.
+for as_var in BASH_ENV ENV MAIL MAILPATH
+do eval test x\${$as_var+set} = xset \
+ && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || :
+done
PS1='$ '
PS2='> '
PS4='+ '
# NLS nuisances.
-for as_var in \
- LANG LANGUAGE LC_ADDRESS LC_ALL LC_COLLATE LC_CTYPE LC_IDENTIFICATION \
- LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER \
- LC_TELEPHONE LC_TIME
-do
- if (set +x; test -z "`(eval $as_var=C; export $as_var) 2>&1`"); then
- eval $as_var=C; export $as_var
- else
- $as_unset $as_var
+LC_ALL=C
+export LC_ALL
+LANGUAGE=C
+export LANGUAGE
+
+# CDPATH.
+(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
+
+
+# as_fn_error STATUS ERROR [LINENO LOG_FD]
+# ----------------------------------------
+# Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are
+# provided, also output the error to LOG_FD, referencing LINENO. Then exit the
+# script with STATUS, using 1 if that was 0.
+as_fn_error ()
+{
+ as_status=$1; test $as_status -eq 0 && as_status=1
+ if test "$4"; then
+ as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4
fi
-done
+ $as_echo "$as_me: error: $2" >&2
+ as_fn_exit $as_status
+} # as_fn_error
+
+
+# as_fn_set_status STATUS
+# -----------------------
+# Set $? to STATUS, without forking.
+as_fn_set_status ()
+{
+ return $1
+} # as_fn_set_status
+
+# as_fn_exit STATUS
+# -----------------
+# Exit the shell with STATUS, even in a "trap 0" or "set -e" context.
+as_fn_exit ()
+{
+ set +e
+ as_fn_set_status $1
+ exit $1
+} # as_fn_exit
+
+# as_fn_unset VAR
+# ---------------
+# Portably unset VAR.
+as_fn_unset ()
+{
+ { eval $1=; unset $1;}
+}
+as_unset=as_fn_unset
+# as_fn_append VAR VALUE
+# ----------------------
+# Append the text in VALUE to the end of the definition contained in VAR. Take
+# advantage of any shell optimizations that allow amortized linear growth over
+# repeated appends, instead of the typical quadratic growth present in naive
+# implementations.
+if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then :
+ eval 'as_fn_append ()
+ {
+ eval $1+=\$2
+ }'
+else
+ as_fn_append ()
+ {
+ eval $1=\$$1\$2
+ }
+fi # as_fn_append
+
+# as_fn_arith ARG...
+# ------------------
+# Perform arithmetic evaluation on the ARGs, and store the result in the
+# global $as_val. Take advantage of shells that can avoid forks. The arguments
+# must be portable across $(()) and expr.
+if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then :
+ eval 'as_fn_arith ()
+ {
+ as_val=$(( $* ))
+ }'
+else
+ as_fn_arith ()
+ {
+ as_val=`expr "$@" || test $? -eq 1`
+ }
+fi # as_fn_arith
-# Required to use basename.
-if expr a : '\(a\)' >/dev/null 2>&1; then
+
+if expr a : '\(a\)' >/dev/null 2>&1 &&
+ test "X`expr 00001 : '.*\(...\)'`" = X001; then
as_expr=expr
else
as_expr=false
fi
-if (basename /) >/dev/null 2>&1 && test "X`basename / 2>&1`" = "X/"; then
+if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then
as_basename=basename
else
as_basename=false
fi
+if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then
+ as_dirname=dirname
+else
+ as_dirname=false
+fi
-# Name of the executable.
-as_me=`$as_basename "$0" ||
+as_me=`$as_basename -- "$0" ||
$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
X"$0" : 'X\(//\)$' \| \
- X"$0" : 'X\(/\)$' \| \
- . : '\(.\)' 2>/dev/null ||
-echo X/"$0" |
- sed '/^.*\/\([^/][^/]*\)\/*$/{ s//\1/; q; }
- /^X\/\(\/\/\)$/{ s//\1/; q; }
- /^X\/\(\/\).*/{ s//\1/; q; }
- s/.*/./; q'`
+ X"$0" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X/"$0" |
+ sed '/^.*\/\([^/][^/]*\)\/*$/{
+ s//\1/
+ q
+ }
+ /^X\/\(\/\/\)$/{
+ s//\1/
+ q
+ }
+ /^X\/\(\/\).*/{
+ s//\1/
+ q
+ }
+ s/.*/./; q'`
-
-# PATH needs CR, and LINENO needs CR and PATH.
# Avoid depending upon Character Ranges.
as_cr_letters='abcdefghijklmnopqrstuvwxyz'
as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
@@ -7357,148 +6391,111 @@ as_cr_Letters=$as_cr_letters$as_cr_LETTERS
as_cr_digits='0123456789'
as_cr_alnum=$as_cr_Letters$as_cr_digits
-# The user is always right.
-if test "${PATH_SEPARATOR+set}" != set; then
- echo "#! /bin/sh" >conf$$.sh
- echo "exit 0" >>conf$$.sh
- chmod +x conf$$.sh
- if (PATH="/nonexistent;."; conf$$.sh) >/dev/null 2>&1; then
- PATH_SEPARATOR=';'
- else
- PATH_SEPARATOR=:
- fi
- rm -f conf$$.sh
-fi
-
-
- as_lineno_1=$LINENO
- as_lineno_2=$LINENO
- as_lineno_3=`(expr $as_lineno_1 + 1) 2>/dev/null`
- test "x$as_lineno_1" != "x$as_lineno_2" &&
- test "x$as_lineno_3" = "x$as_lineno_2" || {
- # Find who we are. Look in the path if we contain no path at all
- # relative or not.
- case $0 in
- *[\\/]* ) as_myself=$0 ;;
- *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break
-done
-
- ;;
- esac
- # We did not find ourselves, most probably we were run as `sh COMMAND'
- # in which case we are not to be found in the path.
- if test "x$as_myself" = x; then
- as_myself=$0
- fi
- if test ! -f "$as_myself"; then
- { { echo "$as_me:$LINENO: error: cannot find myself; rerun with an absolute path" >&5
-echo "$as_me: error: cannot find myself; rerun with an absolute path" >&2;}
- { (exit 1); exit 1; }; }
- fi
- case $CONFIG_SHELL in
- '')
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for as_base in sh bash ksh sh5; do
- case $as_dir in
- /*)
- if ("$as_dir/$as_base" -c '
- as_lineno_1=$LINENO
- as_lineno_2=$LINENO
- as_lineno_3=`(expr $as_lineno_1 + 1) 2>/dev/null`
- test "x$as_lineno_1" != "x$as_lineno_2" &&
- test "x$as_lineno_3" = "x$as_lineno_2" ') 2>/dev/null; then
- $as_unset BASH_ENV || test "${BASH_ENV+set}" != set || { BASH_ENV=; export BASH_ENV; }
- $as_unset ENV || test "${ENV+set}" != set || { ENV=; export ENV; }
- CONFIG_SHELL=$as_dir/$as_base
- export CONFIG_SHELL
- exec "$CONFIG_SHELL" "$0" ${1+"$@"}
- fi;;
- esac
- done
-done
-;;
- esac
-
- # Create $as_me.lineno as a copy of $as_myself, but with $LINENO
- # uniformly replaced by the line number. The first 'sed' inserts a
- # line-number line before each line; the second 'sed' does the real
- # work. The second script uses 'N' to pair each line-number line
- # with the numbered line, and appends trailing '-' during
- # substitution so that $LINENO is not a special case at line end.
- # (Raja R Harinath suggested sed '=', and Paul Eggert wrote the
- # second 'sed' script. Blame Lee E. McMahon for sed's syntax. :-)
- sed '=' <$as_myself |
- sed '
- N
- s,$,-,
- : loop
- s,^\(['$as_cr_digits']*\)\(.*\)[$]LINENO\([^'$as_cr_alnum'_]\),\1\2\1\3,
- t loop
- s,-$,,
- s,^['$as_cr_digits']*\n,,
- ' >$as_me.lineno &&
- chmod +x $as_me.lineno ||
- { { echo "$as_me:$LINENO: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&5
-echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2;}
- { (exit 1); exit 1; }; }
-
- # Don't try to exec as it changes $[0], causing all sort of problems
- # (the dirname of $[0] is not the place where we might find the
- # original and so on. Autoconf is especially sensible to this).
- . ./$as_me.lineno
- # Exit status is that of the last command.
- exit
-}
-
-
-case `echo "testing\c"; echo 1,2,3`,`echo -n testing; echo 1,2,3` in
- *c*,-n*) ECHO_N= ECHO_C='
-' ECHO_T=' ' ;;
- *c*,* ) ECHO_N=-n ECHO_C= ECHO_T= ;;
- *) ECHO_N= ECHO_C='\c' ECHO_T= ;;
+ECHO_C= ECHO_N= ECHO_T=
+case `echo -n x` in #(((((
+-n*)
+ case `echo 'xy\c'` in
+ *c*) ECHO_T=' ';; # ECHO_T is single tab character.
+ xy) ECHO_C='\c';;
+ *) echo `echo ksh88 bug on AIX 6.1` > /dev/null
+ ECHO_T=' ';;
+ esac;;
+*)
+ ECHO_N='-n';;
esac
-if expr a : '\(a\)' >/dev/null 2>&1; then
- as_expr=expr
+rm -f conf$$ conf$$.exe conf$$.file
+if test -d conf$$.dir; then
+ rm -f conf$$.dir/conf$$.file
else
- as_expr=false
+ rm -f conf$$.dir
+ mkdir conf$$.dir 2>/dev/null
fi
-
-rm -f conf$$ conf$$.exe conf$$.file
-echo >conf$$.file
-if ln -s conf$$.file conf$$ 2>/dev/null; then
- # We could just check for DJGPP; but this test a) works b) is more generic
- # and c) will remain valid once DJGPP supports symlinks (DJGPP 2.04).
- if test -f conf$$.exe; then
- # Don't use ln at all; we don't have any links
- as_ln_s='cp -p'
- else
+if (echo >conf$$.file) 2>/dev/null; then
+ if ln -s conf$$.file conf$$ 2>/dev/null; then
as_ln_s='ln -s'
+ # ... but there are two gotchas:
+ # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail.
+ # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable.
+ # In both cases, we have to default to `cp -pR'.
+ ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe ||
+ as_ln_s='cp -pR'
+ elif ln conf$$.file conf$$ 2>/dev/null; then
+ as_ln_s=ln
+ else
+ as_ln_s='cp -pR'
fi
-elif ln conf$$.file conf$$ 2>/dev/null; then
- as_ln_s=ln
else
- as_ln_s='cp -p'
+ as_ln_s='cp -pR'
fi
-rm -f conf$$ conf$$.exe conf$$.file
+rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file
+rmdir conf$$.dir 2>/dev/null
+
+
+# as_fn_mkdir_p
+# -------------
+# Create "$as_dir" as a directory, including parents if necessary.
+as_fn_mkdir_p ()
+{
+ case $as_dir in #(
+ -*) as_dir=./$as_dir;;
+ esac
+ test -d "$as_dir" || eval $as_mkdir_p || {
+ as_dirs=
+ while :; do
+ case $as_dir in #(
+ *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'(
+ *) as_qdir=$as_dir;;
+ esac
+ as_dirs="'$as_qdir' $as_dirs"
+ as_dir=`$as_dirname -- "$as_dir" ||
+$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+ X"$as_dir" : 'X\(//\)[^/]' \| \
+ X"$as_dir" : 'X\(//\)$' \| \
+ X"$as_dir" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$as_dir" |
+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)[^/].*/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\).*/{
+ s//\1/
+ q
+ }
+ s/.*/./; q'`
+ test -d "$as_dir" && break
+ done
+ test -z "$as_dirs" || eval "mkdir $as_dirs"
+ } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir"
+
+
+} # as_fn_mkdir_p
if mkdir -p . 2>/dev/null; then
- as_mkdir_p=:
+ as_mkdir_p='mkdir -p "$as_dir"'
else
test -d ./-p && rmdir ./-p
as_mkdir_p=false
fi
-as_executable_p="test -f"
+
+# as_fn_executable_p FILE
+# -----------------------
+# Test if FILE is an executable regular file.
+as_fn_executable_p ()
+{
+ test -f "$1" && test -x "$1"
+} # as_fn_executable_p
+as_test_x='test -x'
+as_executable_p=as_fn_executable_p
# Sed expression to map a string onto a valid CPP name.
as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
@@ -7507,31 +6504,20 @@ as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'"
-# IFS
-# We need space, tab and new line, in precisely that order.
-as_nl='
-'
-IFS=" $as_nl"
-
-# CDPATH.
-$as_unset CDPATH
-
exec 6>&1
-
-# Open the log real soon, to keep \$[0] and so on meaningful, and to
+## ----------------------------------- ##
+## Main body of $CONFIG_STATUS script. ##
+## ----------------------------------- ##
+_ASEOF
+test $as_write_fail = 0 && chmod +x $CONFIG_STATUS || ac_write_fail=1
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+# Save the log message, to keep $0 and so on meaningful, and to
# report actual input values of CONFIG_FILES etc. instead of their
-# values after options handling. Logging --version etc. is OK.
-exec 5>>config.log
-{
- echo
- sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX
-## Running $as_me. ##
-_ASBOX
-} >&5
-cat >&5 <<_CSEOF
-
-This file was extended by $as_me, which was
-generated by GNU Autoconf 2.59. Invocation command line was
+# values after options handling.
+ac_log="
+This file was extended by libsrtp $as_me 1.5.4, which was
+generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
CONFIG_HEADERS = $CONFIG_HEADERS
@@ -7539,45 +6525,46 @@ generated by GNU Autoconf 2.59. Invocation command line was
CONFIG_COMMANDS = $CONFIG_COMMANDS
$ $0 $@
-_CSEOF
-echo "on `(hostname || uname -n) 2>/dev/null | sed 1q`" >&5
-echo >&5
+on `(hostname || uname -n) 2>/dev/null | sed 1q`
+"
+
_ACEOF
-# Files that config.status was made for.
-if test -n "$ac_config_files"; then
- echo "config_files=\"$ac_config_files\"" >>$CONFIG_STATUS
-fi
+case $ac_config_files in *"
+"*) set x $ac_config_files; shift; ac_config_files=$*;;
+esac
-if test -n "$ac_config_headers"; then
- echo "config_headers=\"$ac_config_headers\"" >>$CONFIG_STATUS
-fi
+case $ac_config_headers in *"
+"*) set x $ac_config_headers; shift; ac_config_headers=$*;;
+esac
-if test -n "$ac_config_links"; then
- echo "config_links=\"$ac_config_links\"" >>$CONFIG_STATUS
-fi
-if test -n "$ac_config_commands"; then
- echo "config_commands=\"$ac_config_commands\"" >>$CONFIG_STATUS
-fi
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+# Files that config.status was made for.
+config_files="$ac_config_files"
+config_headers="$ac_config_headers"
-cat >>$CONFIG_STATUS <<\_ACEOF
+_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
ac_cs_usage="\
-\`$as_me' instantiates files from templates according to the
-current configuration.
+\`$as_me' instantiates files and other configuration actions
+from templates according to the current configuration. Unless the files
+and actions are specified as TAGs, all are instantiated by default.
-Usage: $0 [OPTIONS] [FILE]...
+Usage: $0 [OPTION]... [TAG]...
-h, --help print this help, then exit
- -V, --version print version number, then exit
- -q, --quiet do not print progress messages
+ -V, --version print version number and configuration settings, then exit
+ --config print configuration, then exit
+ -q, --quiet, --silent
+ do not print progress messages
-d, --debug don't remove temporary files
--recheck update $as_me by reconfiguring in the same conditions
- --file=FILE[:TEMPLATE]
- instantiate the configuration file FILE
- --header=FILE[:TEMPLATE]
- instantiate the configuration header FILE
+ --file=FILE[:TEMPLATE]
+ instantiate the configuration file FILE
+ --header=FILE[:TEMPLATE]
+ instantiate the configuration header FILE
Configuration files:
$config_files
@@ -7585,84 +6572,90 @@ $config_files
Configuration headers:
$config_headers
-Report bugs to <bug-autoconf@gnu.org>."
-_ACEOF
+Report bugs to <https://github.com/cisco/libsrtp/issues>."
-cat >>$CONFIG_STATUS <<_ACEOF
+_ACEOF
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
-config.status
-configured by $0, generated by GNU Autoconf 2.59,
- with options \\"`echo "$ac_configure_args" | sed 's/[\\""\`\$]/\\\\&/g'`\\"
+libsrtp config.status 1.5.4
+configured by $0, generated by GNU Autoconf 2.69,
+ with options \\"\$ac_cs_config\\"
-Copyright (C) 2003 Free Software Foundation, Inc.
+Copyright (C) 2012 Free Software Foundation, Inc.
This config.status script is free software; the Free Software Foundation
gives unlimited permission to copy, distribute and modify it."
-srcdir=$srcdir
-INSTALL="$INSTALL"
+
+ac_pwd='$ac_pwd'
+srcdir='$srcdir'
+INSTALL='$INSTALL'
+test -n "\$AWK" || AWK=awk
_ACEOF
-cat >>$CONFIG_STATUS <<\_ACEOF
-# If no file are specified by the user, then we need to provide default
-# value. By we need to know if files were specified by the user.
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+# The default lists apply if the user does not specify any file.
ac_need_defaults=:
while test $# != 0
do
case $1 in
- --*=*)
- ac_option=`expr "x$1" : 'x\([^=]*\)='`
- ac_optarg=`expr "x$1" : 'x[^=]*=\(.*\)'`
+ --*=?*)
+ ac_option=`expr "X$1" : 'X\([^=]*\)='`
+ ac_optarg=`expr "X$1" : 'X[^=]*=\(.*\)'`
ac_shift=:
;;
- -*)
+ --*=)
+ ac_option=`expr "X$1" : 'X\([^=]*\)='`
+ ac_optarg=
+ ac_shift=:
+ ;;
+ *)
ac_option=$1
ac_optarg=$2
ac_shift=shift
;;
- *) # This is not an option, so the user has probably given explicit
- # arguments.
- ac_option=$1
- ac_need_defaults=false;;
esac
case $ac_option in
# Handling of the options.
-_ACEOF
-cat >>$CONFIG_STATUS <<\_ACEOF
-recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r)
ac_cs_recheck=: ;;
- --version | --vers* | -V )
- echo "$ac_cs_version"; exit 0 ;;
- --he | --h)
- # Conflict between --help and --header
- { { echo "$as_me:$LINENO: error: ambiguous option: $1
-Try \`$0 --help' for more information." >&5
-echo "$as_me: error: ambiguous option: $1
-Try \`$0 --help' for more information." >&2;}
- { (exit 1); exit 1; }; };;
- --help | --hel | -h )
- echo "$ac_cs_usage"; exit 0 ;;
- --debug | --d* | -d )
+ --version | --versio | --versi | --vers | --ver | --ve | --v | -V )
+ $as_echo "$ac_cs_version"; exit ;;
+ --config | --confi | --conf | --con | --co | --c )
+ $as_echo "$ac_cs_config"; exit ;;
+ --debug | --debu | --deb | --de | --d | -d )
debug=: ;;
--file | --fil | --fi | --f )
$ac_shift
- CONFIG_FILES="$CONFIG_FILES $ac_optarg"
+ case $ac_optarg in
+ *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;;
+ '') as_fn_error $? "missing file argument" ;;
+ esac
+ as_fn_append CONFIG_FILES " '$ac_optarg'"
ac_need_defaults=false;;
--header | --heade | --head | --hea )
$ac_shift
- CONFIG_HEADERS="$CONFIG_HEADERS $ac_optarg"
+ case $ac_optarg in
+ *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;;
+ esac
+ as_fn_append CONFIG_HEADERS " '$ac_optarg'"
ac_need_defaults=false;;
+ --he | --h)
+ # Conflict between --help and --header
+ as_fn_error $? "ambiguous option: \`$1'
+Try \`$0 --help' for more information.";;
+ --help | --hel | -h )
+ $as_echo "$ac_cs_usage"; exit ;;
-q | -quiet | --quiet | --quie | --qui | --qu | --q \
| -silent | --silent | --silen | --sile | --sil | --si | --s)
ac_cs_silent=: ;;
# This is an error.
- -*) { { echo "$as_me:$LINENO: error: unrecognized option: $1
-Try \`$0 --help' for more information." >&5
-echo "$as_me: error: unrecognized option: $1
-Try \`$0 --help' for more information." >&2;}
- { (exit 1); exit 1; }; } ;;
+ -*) as_fn_error $? "unrecognized option: \`$1'
+Try \`$0 --help' for more information." ;;
- *) ac_config_targets="$ac_config_targets $1" ;;
+ *) as_fn_append ac_config_targets " $1"
+ ac_need_defaults=false ;;
esac
shift
@@ -7676,33 +6669,48 @@ if $ac_cs_silent; then
fi
_ACEOF
-cat >>$CONFIG_STATUS <<_ACEOF
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
if \$ac_cs_recheck; then
- echo "running $SHELL $0 " $ac_configure_args \$ac_configure_extra_args " --no-create --no-recursion" >&6
- exec $SHELL $0 $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion
+ set X $SHELL '$0' $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion
+ shift
+ \$as_echo "running CONFIG_SHELL=$SHELL \$*" >&6
+ CONFIG_SHELL='$SHELL'
+ export CONFIG_SHELL
+ exec "\$@"
fi
_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+exec 5>>config.log
+{
+ echo
+ sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX
+## Running $as_me. ##
+_ASBOX
+ $as_echo "$ac_log"
+} >&5
+_ACEOF
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
-
-
-cat >>$CONFIG_STATUS <<\_ACEOF
+# Handling of arguments.
for ac_config_target in $ac_config_targets
do
- case "$ac_config_target" in
- # Handling of arguments.
- "Makefile" ) CONFIG_FILES="$CONFIG_FILES Makefile" ;;
- "crypto/Makefile" ) CONFIG_FILES="$CONFIG_FILES crypto/Makefile" ;;
- "doc/Makefile" ) CONFIG_FILES="$CONFIG_FILES doc/Makefile" ;;
- "crypto/include/config.h" ) CONFIG_HEADERS="$CONFIG_HEADERS crypto/include/config.h:config_in.h" ;;
- *) { { echo "$as_me:$LINENO: error: invalid argument: $ac_config_target" >&5
-echo "$as_me: error: invalid argument: $ac_config_target" >&2;}
- { (exit 1); exit 1; }; };;
+ case $ac_config_target in
+ "crypto/include/config.h") CONFIG_HEADERS="$CONFIG_HEADERS crypto/include/config.h:config_in.h" ;;
+ "libsrtp.pc") CONFIG_FILES="$CONFIG_FILES libsrtp.pc" ;;
+ "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;;
+ "crypto/Makefile") CONFIG_FILES="$CONFIG_FILES crypto/Makefile" ;;
+ "doc/Makefile") CONFIG_FILES="$CONFIG_FILES doc/Makefile" ;;
+
+ *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;;
esac
done
+
# If the user did not use the arguments to specify the items to instantiate,
# then the envvar interface is used. Set only those that are not.
# We use the long form for the default assignment because of an extremely
@@ -7713,570 +6721,550 @@ if $ac_need_defaults; then
fi
# Have a temporary directory for convenience. Make it in the build tree
-# simply because there is no reason to put it here, and in addition,
+# simply because there is no reason against having it here, and in addition,
# creating and moving files from /tmp can sometimes cause problems.
-# Create a temporary directory, and hook for its removal unless debugging.
+# Hook for its removal unless debugging.
+# Note that there is a small window in which the directory will not be cleaned:
+# after its creation but before its name has been assigned to `$tmp'.
$debug ||
{
- trap 'exit_status=$?; rm -rf $tmp && exit $exit_status' 0
- trap '{ (exit 1); exit 1; }' 1 2 13 15
+ tmp= ac_tmp=
+ trap 'exit_status=$?
+ : "${ac_tmp:=$tmp}"
+ { test ! -d "$ac_tmp" || rm -fr "$ac_tmp"; } && exit $exit_status
+' 0
+ trap 'as_fn_exit 1' 1 2 13 15
}
-
# Create a (secure) tmp directory for tmp files.
{
- tmp=`(umask 077 && mktemp -d -q "./confstatXXXXXX") 2>/dev/null` &&
- test -n "$tmp" && test -d "$tmp"
+ tmp=`(umask 077 && mktemp -d "./confXXXXXX") 2>/dev/null` &&
+ test -d "$tmp"
} ||
{
- tmp=./confstat$$-$RANDOM
- (umask 077 && mkdir $tmp)
-} ||
+ tmp=./conf$$-$RANDOM
+ (umask 077 && mkdir "$tmp")
+} || as_fn_error $? "cannot create a temporary directory in ." "$LINENO" 5
+ac_tmp=$tmp
+
+# Set up the scripts for CONFIG_FILES section.
+# No need to generate them if there are no CONFIG_FILES.
+# This happens for instance with `./config.status config.h'.
+if test -n "$CONFIG_FILES"; then
+
+
+ac_cr=`echo X | tr X '\015'`
+# On cygwin, bash can eat \r inside `` if the user requested igncr.
+# But we know of no other shell where ac_cr would be empty at this
+# point, so we can use a bashism as a fallback.
+if test "x$ac_cr" = x; then
+ eval ac_cr=\$\'\\r\'
+fi
+ac_cs_awk_cr=`$AWK 'BEGIN { print "a\rb" }' </dev/null 2>/dev/null`
+if test "$ac_cs_awk_cr" = "a${ac_cr}b"; then
+ ac_cs_awk_cr='\\r'
+else
+ ac_cs_awk_cr=$ac_cr
+fi
+
+echo 'BEGIN {' >"$ac_tmp/subs1.awk" &&
+_ACEOF
+
+
{
- echo "$me: cannot create a temporary directory in ." >&2
- { (exit 1); exit 1; }
+ echo "cat >conf$$subs.awk <<_ACEOF" &&
+ echo "$ac_subst_vars" | sed 's/.*/&!$&$ac_delim/' &&
+ echo "_ACEOF"
+} >conf$$subs.sh ||
+ as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5
+ac_delim_num=`echo "$ac_subst_vars" | grep -c '^'`
+ac_delim='%!_!# '
+for ac_last_try in false false false false false :; do
+ . ./conf$$subs.sh ||
+ as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5
+
+ ac_delim_n=`sed -n "s/.*$ac_delim\$/X/p" conf$$subs.awk | grep -c X`
+ if test $ac_delim_n = $ac_delim_num; then
+ break
+ elif $ac_last_try; then
+ as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5
+ else
+ ac_delim="$ac_delim!$ac_delim _$ac_delim!! "
+ fi
+done
+rm -f conf$$subs.sh
+
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+cat >>"\$ac_tmp/subs1.awk" <<\\_ACAWK &&
+_ACEOF
+sed -n '
+h
+s/^/S["/; s/!.*/"]=/
+p
+g
+s/^[^!]*!//
+:repl
+t repl
+s/'"$ac_delim"'$//
+t delim
+:nl
+h
+s/\(.\{148\}\)..*/\1/
+t more1
+s/["\\]/\\&/g; s/^/"/; s/$/\\n"\\/
+p
+n
+b repl
+:more1
+s/["\\]/\\&/g; s/^/"/; s/$/"\\/
+p
+g
+s/.\{148\}//
+t nl
+:delim
+h
+s/\(.\{148\}\)..*/\1/
+t more2
+s/["\\]/\\&/g; s/^/"/; s/$/"/
+p
+b
+:more2
+s/["\\]/\\&/g; s/^/"/; s/$/"\\/
+p
+g
+s/.\{148\}//
+t delim
+' <conf$$subs.awk | sed '
+/^[^""]/{
+ N
+ s/\n//
}
+' >>$CONFIG_STATUS || ac_write_fail=1
+rm -f conf$$subs.awk
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+_ACAWK
+cat >>"\$ac_tmp/subs1.awk" <<_ACAWK &&
+ for (key in S) S_is_set[key] = 1
+ FS = ""
-_ACEOF
+}
+{
+ line = $ 0
+ nfields = split(line, field, "@")
+ substed = 0
+ len = length(field[1])
+ for (i = 2; i < nfields; i++) {
+ key = field[i]
+ keylen = length(key)
+ if (S_is_set[key]) {
+ value = S[key]
+ line = substr(line, 1, len) "" value "" substr(line, len + keylen + 3)
+ len += length(value) + length(field[++i])
+ substed = 1
+ } else
+ len += 1 + keylen
+ }
-cat >>$CONFIG_STATUS <<_ACEOF
+ print line
+}
-#
-# CONFIG_FILES section.
-#
+_ACAWK
+_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+if sed "s/$ac_cr//" < /dev/null > /dev/null 2>&1; then
+ sed "s/$ac_cr\$//; s/$ac_cr/$ac_cs_awk_cr/g"
+else
+ cat
+fi < "$ac_tmp/subs1.awk" > "$ac_tmp/subs.awk" \
+ || as_fn_error $? "could not setup config files machinery" "$LINENO" 5
+_ACEOF
-# No need to generate the scripts if there are no CONFIG_FILES.
-# This happens for instance when ./config.status config.h
-if test -n "\$CONFIG_FILES"; then
- # Protect against being on the right side of a sed subst in config.status.
- sed 's/,@/@@/; s/@,/@@/; s/,;t t\$/@;t t/; /@;t t\$/s/[\\\\&,]/\\\\&/g;
- s/@@/,@/; s/@@/@,/; s/@;t t\$/,;t t/' >\$tmp/subs.sed <<\\CEOF
-s,@SHELL@,$SHELL,;t t
-s,@PATH_SEPARATOR@,$PATH_SEPARATOR,;t t
-s,@PACKAGE_NAME@,$PACKAGE_NAME,;t t
-s,@PACKAGE_TARNAME@,$PACKAGE_TARNAME,;t t
-s,@PACKAGE_VERSION@,$PACKAGE_VERSION,;t t
-s,@PACKAGE_STRING@,$PACKAGE_STRING,;t t
-s,@PACKAGE_BUGREPORT@,$PACKAGE_BUGREPORT,;t t
-s,@exec_prefix@,$exec_prefix,;t t
-s,@prefix@,$prefix,;t t
-s,@program_transform_name@,$program_transform_name,;t t
-s,@bindir@,$bindir,;t t
-s,@sbindir@,$sbindir,;t t
-s,@libexecdir@,$libexecdir,;t t
-s,@datadir@,$datadir,;t t
-s,@sysconfdir@,$sysconfdir,;t t
-s,@sharedstatedir@,$sharedstatedir,;t t
-s,@localstatedir@,$localstatedir,;t t
-s,@libdir@,$libdir,;t t
-s,@includedir@,$includedir,;t t
-s,@oldincludedir@,$oldincludedir,;t t
-s,@infodir@,$infodir,;t t
-s,@mandir@,$mandir,;t t
-s,@build_alias@,$build_alias,;t t
-s,@host_alias@,$host_alias,;t t
-s,@target_alias@,$target_alias,;t t
-s,@DEFS@,$DEFS,;t t
-s,@ECHO_C@,$ECHO_C,;t t
-s,@ECHO_N@,$ECHO_N,;t t
-s,@ECHO_T@,$ECHO_T,;t t
-s,@LIBS@,$LIBS,;t t
-s,@RANLIB@,$RANLIB,;t t
-s,@ac_ct_RANLIB@,$ac_ct_RANLIB,;t t
-s,@CC@,$CC,;t t
-s,@CFLAGS@,$CFLAGS,;t t
-s,@LDFLAGS@,$LDFLAGS,;t t
-s,@CPPFLAGS@,$CPPFLAGS,;t t
-s,@ac_ct_CC@,$ac_ct_CC,;t t
-s,@EXEEXT@,$EXEEXT,;t t
-s,@OBJEXT@,$OBJEXT,;t t
-s,@INSTALL_PROGRAM@,$INSTALL_PROGRAM,;t t
-s,@INSTALL_SCRIPT@,$INSTALL_SCRIPT,;t t
-s,@INSTALL_DATA@,$INSTALL_DATA,;t t
-s,@RNG_OBJS@,$RNG_OBJS,;t t
-s,@CPP@,$CPP,;t t
-s,@EGREP@,$EGREP,;t t
-s,@build@,$build,;t t
-s,@build_cpu@,$build_cpu,;t t
-s,@build_vendor@,$build_vendor,;t t
-s,@build_os@,$build_os,;t t
-s,@host@,$host,;t t
-s,@host_cpu@,$host_cpu,;t t
-s,@host_vendor@,$host_vendor,;t t
-s,@host_os@,$host_os,;t t
-s,@EXE@,$EXE,;t t
-s,@GDOI_OBJS@,$GDOI_OBJS,;t t
-s,@LIBOBJS@,$LIBOBJS,;t t
-s,@LTLIBOBJS@,$LTLIBOBJS,;t t
-CEOF
+# VPATH may cause trouble with some makes, so we remove sole $(srcdir),
+# ${srcdir} and @srcdir@ entries from VPATH if srcdir is ".", strip leading and
+# trailing colons and then remove the whole line if VPATH becomes empty
+# (actually we leave an empty line to preserve line numbers).
+if test "x$srcdir" = x.; then
+ ac_vpsub='/^[ ]*VPATH[ ]*=[ ]*/{
+h
+s///
+s/^/:/
+s/[ ]*$/:/
+s/:\$(srcdir):/:/g
+s/:\${srcdir}:/:/g
+s/:@srcdir@:/:/g
+s/^:*//
+s/:*$//
+x
+s/\(=[ ]*\).*/\1/
+G
+s/\n//
+s/^[^=]*=[ ]*$//
+}'
+fi
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+fi # test -n "$CONFIG_FILES"
+
+# Set up the scripts for CONFIG_HEADERS section.
+# No need to generate them if there are no CONFIG_HEADERS.
+# This happens for instance with `./config.status Makefile'.
+if test -n "$CONFIG_HEADERS"; then
+cat >"$ac_tmp/defines.awk" <<\_ACAWK ||
+BEGIN {
_ACEOF
- cat >>$CONFIG_STATUS <<\_ACEOF
- # Split the substitutions into bite-sized pieces for seds with
- # small command number limits, like on Digital OSF/1 and HP-UX.
- ac_max_sed_lines=48
- ac_sed_frag=1 # Number of current file.
- ac_beg=1 # First line for current file.
- ac_end=$ac_max_sed_lines # Line after last line for current file.
- ac_more_lines=:
- ac_sed_cmds=
- while $ac_more_lines; do
- if test $ac_beg -gt 1; then
- sed "1,${ac_beg}d; ${ac_end}q" $tmp/subs.sed >$tmp/subs.frag
- else
- sed "${ac_end}q" $tmp/subs.sed >$tmp/subs.frag
- fi
- if test ! -s $tmp/subs.frag; then
- ac_more_lines=false
- else
- # The purpose of the label and of the branching condition is to
- # speed up the sed processing (if there are no `@' at all, there
- # is no need to browse any of the substitutions).
- # These are the two extra sed commands mentioned above.
- (echo ':t
- /@[a-zA-Z_][a-zA-Z_0-9]*@/!b' && cat $tmp/subs.frag) >$tmp/subs-$ac_sed_frag.sed
- if test -z "$ac_sed_cmds"; then
- ac_sed_cmds="sed -f $tmp/subs-$ac_sed_frag.sed"
- else
- ac_sed_cmds="$ac_sed_cmds | sed -f $tmp/subs-$ac_sed_frag.sed"
- fi
- ac_sed_frag=`expr $ac_sed_frag + 1`
- ac_beg=$ac_end
- ac_end=`expr $ac_end + $ac_max_sed_lines`
- fi
- done
- if test -z "$ac_sed_cmds"; then
- ac_sed_cmds=cat
+# Transform confdefs.h into an awk script `defines.awk', embedded as
+# here-document in config.status, that substitutes the proper values into
+# config.h.in to produce config.h.
+
+# Create a delimiter string that does not exist in confdefs.h, to ease
+# handling of long lines.
+ac_delim='%!_!# '
+for ac_last_try in false false :; do
+ ac_tt=`sed -n "/$ac_delim/p" confdefs.h`
+ if test -z "$ac_tt"; then
+ break
+ elif $ac_last_try; then
+ as_fn_error $? "could not make $CONFIG_HEADERS" "$LINENO" 5
+ else
+ ac_delim="$ac_delim!$ac_delim _$ac_delim!! "
fi
-fi # test -n "$CONFIG_FILES"
+done
+# For the awk script, D is an array of macro values keyed by name,
+# likewise P contains macro parameters if any. Preserve backslash
+# newline sequences.
+
+ac_word_re=[_$as_cr_Letters][_$as_cr_alnum]*
+sed -n '
+s/.\{148\}/&'"$ac_delim"'/g
+t rset
+:rset
+s/^[ ]*#[ ]*define[ ][ ]*/ /
+t def
+d
+:def
+s/\\$//
+t bsnl
+s/["\\]/\\&/g
+s/^ \('"$ac_word_re"'\)\(([^()]*)\)[ ]*\(.*\)/P["\1"]="\2"\
+D["\1"]=" \3"/p
+s/^ \('"$ac_word_re"'\)[ ]*\(.*\)/D["\1"]=" \2"/p
+d
+:bsnl
+s/["\\]/\\&/g
+s/^ \('"$ac_word_re"'\)\(([^()]*)\)[ ]*\(.*\)/P["\1"]="\2"\
+D["\1"]=" \3\\\\\\n"\\/p
+t cont
+s/^ \('"$ac_word_re"'\)[ ]*\(.*\)/D["\1"]=" \2\\\\\\n"\\/p
+t cont
+d
+:cont
+n
+s/.\{148\}/&'"$ac_delim"'/g
+t clear
+:clear
+s/\\$//
+t bsnlc
+s/["\\]/\\&/g; s/^/"/; s/$/"/p
+d
+:bsnlc
+s/["\\]/\\&/g; s/^/"/; s/$/\\\\\\n"\\/p
+b cont
+' <confdefs.h | sed '
+s/'"$ac_delim"'/"\\\
+"/g' >>$CONFIG_STATUS || ac_write_fail=1
+
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+ for (key in D) D_is_set[key] = 1
+ FS = ""
+}
+/^[\t ]*#[\t ]*(define|undef)[\t ]+$ac_word_re([\t (]|\$)/ {
+ line = \$ 0
+ split(line, arg, " ")
+ if (arg[1] == "#") {
+ defundef = arg[2]
+ mac1 = arg[3]
+ } else {
+ defundef = substr(arg[1], 2)
+ mac1 = arg[2]
+ }
+ split(mac1, mac2, "(") #)
+ macro = mac2[1]
+ prefix = substr(line, 1, index(line, defundef) - 1)
+ if (D_is_set[macro]) {
+ # Preserve the white space surrounding the "#".
+ print prefix "define", macro P[macro] D[macro]
+ next
+ } else {
+ # Replace #undef with comments. This is necessary, for example,
+ # in the case of _POSIX_SOURCE, which is predefined and required
+ # on some systems where configure will not decide to define it.
+ if (defundef == "undef") {
+ print "/*", prefix defundef, macro, "*/"
+ next
+ }
+ }
+}
+{ print }
+_ACAWK
_ACEOF
-cat >>$CONFIG_STATUS <<\_ACEOF
-for ac_file in : $CONFIG_FILES; do test "x$ac_file" = x: && continue
- # Support "outfile[:infile[:infile...]]", defaulting infile="outfile.in".
- case $ac_file in
- - | *:- | *:-:* ) # input from stdin
- cat >$tmp/stdin
- ac_file_in=`echo "$ac_file" | sed 's,[^:]*:,,'`
- ac_file=`echo "$ac_file" | sed 's,:.*,,'` ;;
- *:* ) ac_file_in=`echo "$ac_file" | sed 's,[^:]*:,,'`
- ac_file=`echo "$ac_file" | sed 's,:.*,,'` ;;
- * ) ac_file_in=$ac_file.in ;;
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+ as_fn_error $? "could not setup config headers machinery" "$LINENO" 5
+fi # test -n "$CONFIG_HEADERS"
+
+
+eval set X " :F $CONFIG_FILES :H $CONFIG_HEADERS "
+shift
+for ac_tag
+do
+ case $ac_tag in
+ :[FHLC]) ac_mode=$ac_tag; continue;;
+ esac
+ case $ac_mode$ac_tag in
+ :[FHL]*:*);;
+ :L* | :C*:*) as_fn_error $? "invalid tag \`$ac_tag'" "$LINENO" 5;;
+ :[FH]-) ac_tag=-:-;;
+ :[FH]*) ac_tag=$ac_tag:$ac_tag.in;;
+ esac
+ ac_save_IFS=$IFS
+ IFS=:
+ set x $ac_tag
+ IFS=$ac_save_IFS
+ shift
+ ac_file=$1
+ shift
+
+ case $ac_mode in
+ :L) ac_source=$1;;
+ :[FH])
+ ac_file_inputs=
+ for ac_f
+ do
+ case $ac_f in
+ -) ac_f="$ac_tmp/stdin";;
+ *) # Look for the file first in the build tree, then in the source tree
+ # (if the path is not absolute). The absolute path cannot be DOS-style,
+ # because $ac_f cannot contain `:'.
+ test -f "$ac_f" ||
+ case $ac_f in
+ [\\/$]*) false;;
+ *) test -f "$srcdir/$ac_f" && ac_f="$srcdir/$ac_f";;
+ esac ||
+ as_fn_error 1 "cannot find input file: \`$ac_f'" "$LINENO" 5;;
+ esac
+ case $ac_f in *\'*) ac_f=`$as_echo "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac
+ as_fn_append ac_file_inputs " '$ac_f'"
+ done
+
+ # Let's still pretend it is `configure' which instantiates (i.e., don't
+ # use $as_me), people would be surprised to read:
+ # /* config.h. Generated by config.status. */
+ configure_input='Generated from '`
+ $as_echo "$*" | sed 's|^[^:]*/||;s|:[^:]*/|, |g'
+ `' by configure.'
+ if test x"$ac_file" != x-; then
+ configure_input="$ac_file. $configure_input"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: creating $ac_file" >&5
+$as_echo "$as_me: creating $ac_file" >&6;}
+ fi
+ # Neutralize special characters interpreted by sed in replacement strings.
+ case $configure_input in #(
+ *\&* | *\|* | *\\* )
+ ac_sed_conf_input=`$as_echo "$configure_input" |
+ sed 's/[\\\\&|]/\\\\&/g'`;; #(
+ *) ac_sed_conf_input=$configure_input;;
+ esac
+
+ case $ac_tag in
+ *:-:* | *:-) cat >"$ac_tmp/stdin" \
+ || as_fn_error $? "could not create $ac_file" "$LINENO" 5 ;;
+ esac
+ ;;
esac
- # Compute @srcdir@, @top_srcdir@, and @INSTALL@ for subdirectories.
- ac_dir=`(dirname "$ac_file") 2>/dev/null ||
+ ac_dir=`$as_dirname -- "$ac_file" ||
$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
X"$ac_file" : 'X\(//\)[^/]' \| \
X"$ac_file" : 'X\(//\)$' \| \
- X"$ac_file" : 'X\(/\)' \| \
- . : '\(.\)' 2>/dev/null ||
-echo X"$ac_file" |
- sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; }
- /^X\(\/\/\)[^/].*/{ s//\1/; q; }
- /^X\(\/\/\)$/{ s//\1/; q; }
- /^X\(\/\).*/{ s//\1/; q; }
- s/.*/./; q'`
- { if $as_mkdir_p; then
- mkdir -p "$ac_dir"
- else
- as_dir="$ac_dir"
- as_dirs=
- while test ! -d "$as_dir"; do
- as_dirs="$as_dir $as_dirs"
- as_dir=`(dirname "$as_dir") 2>/dev/null ||
-$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
- X"$as_dir" : 'X\(//\)[^/]' \| \
- X"$as_dir" : 'X\(//\)$' \| \
- X"$as_dir" : 'X\(/\)' \| \
- . : '\(.\)' 2>/dev/null ||
-echo X"$as_dir" |
- sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; }
- /^X\(\/\/\)[^/].*/{ s//\1/; q; }
- /^X\(\/\/\)$/{ s//\1/; q; }
- /^X\(\/\).*/{ s//\1/; q; }
- s/.*/./; q'`
- done
- test ! -n "$as_dirs" || mkdir $as_dirs
- fi || { { echo "$as_me:$LINENO: error: cannot create directory \"$ac_dir\"" >&5
-echo "$as_me: error: cannot create directory \"$ac_dir\"" >&2;}
- { (exit 1); exit 1; }; }; }
-
+ X"$ac_file" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$ac_file" |
+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)[^/].*/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\).*/{
+ s//\1/
+ q
+ }
+ s/.*/./; q'`
+ as_dir="$ac_dir"; as_fn_mkdir_p
ac_builddir=.
-if test "$ac_dir" != .; then
- ac_dir_suffix=/`echo "$ac_dir" | sed 's,^\.[\\/],,'`
- # A "../" for each directory in $ac_dir_suffix.
- ac_top_builddir=`echo "$ac_dir_suffix" | sed 's,/[^\\/]*,../,g'`
-else
- ac_dir_suffix= ac_top_builddir=
-fi
+case "$ac_dir" in
+.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;;
+*)
+ ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'`
+ # A ".." for each directory in $ac_dir_suffix.
+ ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'`
+ case $ac_top_builddir_sub in
+ "") ac_top_builddir_sub=. ac_top_build_prefix= ;;
+ *) ac_top_build_prefix=$ac_top_builddir_sub/ ;;
+ esac ;;
+esac
+ac_abs_top_builddir=$ac_pwd
+ac_abs_builddir=$ac_pwd$ac_dir_suffix
+# for backward compatibility:
+ac_top_builddir=$ac_top_build_prefix
case $srcdir in
- .) # No --srcdir option. We are building in place.
+ .) # We are building in place.
ac_srcdir=.
- if test -z "$ac_top_builddir"; then
- ac_top_srcdir=.
- else
- ac_top_srcdir=`echo $ac_top_builddir | sed 's,/$,,'`
- fi ;;
- [\\/]* | ?:[\\/]* ) # Absolute path.
+ ac_top_srcdir=$ac_top_builddir_sub
+ ac_abs_top_srcdir=$ac_pwd ;;
+ [\\/]* | ?:[\\/]* ) # Absolute name.
ac_srcdir=$srcdir$ac_dir_suffix;
- ac_top_srcdir=$srcdir ;;
- *) # Relative path.
- ac_srcdir=$ac_top_builddir$srcdir$ac_dir_suffix
- ac_top_srcdir=$ac_top_builddir$srcdir ;;
+ ac_top_srcdir=$srcdir
+ ac_abs_top_srcdir=$srcdir ;;
+ *) # Relative name.
+ ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix
+ ac_top_srcdir=$ac_top_build_prefix$srcdir
+ ac_abs_top_srcdir=$ac_pwd/$srcdir ;;
esac
+ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix
-# Do not use `cd foo && pwd` to compute absolute paths, because
-# the directories may not exist.
-case `pwd` in
-.) ac_abs_builddir="$ac_dir";;
-*)
- case "$ac_dir" in
- .) ac_abs_builddir=`pwd`;;
- [\\/]* | ?:[\\/]* ) ac_abs_builddir="$ac_dir";;
- *) ac_abs_builddir=`pwd`/"$ac_dir";;
- esac;;
-esac
-case $ac_abs_builddir in
-.) ac_abs_top_builddir=${ac_top_builddir}.;;
-*)
- case ${ac_top_builddir}. in
- .) ac_abs_top_builddir=$ac_abs_builddir;;
- [\\/]* | ?:[\\/]* ) ac_abs_top_builddir=${ac_top_builddir}.;;
- *) ac_abs_top_builddir=$ac_abs_builddir/${ac_top_builddir}.;;
- esac;;
-esac
-case $ac_abs_builddir in
-.) ac_abs_srcdir=$ac_srcdir;;
-*)
- case $ac_srcdir in
- .) ac_abs_srcdir=$ac_abs_builddir;;
- [\\/]* | ?:[\\/]* ) ac_abs_srcdir=$ac_srcdir;;
- *) ac_abs_srcdir=$ac_abs_builddir/$ac_srcdir;;
- esac;;
-esac
-case $ac_abs_builddir in
-.) ac_abs_top_srcdir=$ac_top_srcdir;;
-*)
- case $ac_top_srcdir in
- .) ac_abs_top_srcdir=$ac_abs_builddir;;
- [\\/]* | ?:[\\/]* ) ac_abs_top_srcdir=$ac_top_srcdir;;
- *) ac_abs_top_srcdir=$ac_abs_builddir/$ac_top_srcdir;;
- esac;;
-esac
+ case $ac_mode in
+ :F)
+ #
+ # CONFIG_FILE
+ #
case $INSTALL in
[\\/$]* | ?:[\\/]* ) ac_INSTALL=$INSTALL ;;
- *) ac_INSTALL=$ac_top_builddir$INSTALL ;;
+ *) ac_INSTALL=$ac_top_build_prefix$INSTALL ;;
esac
+_ACEOF
- if test x"$ac_file" != x-; then
- { echo "$as_me:$LINENO: creating $ac_file" >&5
-echo "$as_me: creating $ac_file" >&6;}
- rm -f "$ac_file"
- fi
- # Let's still pretend it is `configure' which instantiates (i.e., don't
- # use $as_me), people would be surprised to read:
- # /* config.h. Generated by config.status. */
- if test x"$ac_file" = x-; then
- configure_input=
- else
- configure_input="$ac_file. "
- fi
- configure_input=$configure_input"Generated from `echo $ac_file_in |
- sed 's,.*/,,'` by configure."
-
- # First look for the input files in the build tree, otherwise in the
- # src tree.
- ac_file_inputs=`IFS=:
- for f in $ac_file_in; do
- case $f in
- -) echo $tmp/stdin ;;
- [\\/$]*)
- # Absolute (can't be DOS-style, as IFS=:)
- test -f "$f" || { { echo "$as_me:$LINENO: error: cannot find input file: $f" >&5
-echo "$as_me: error: cannot find input file: $f" >&2;}
- { (exit 1); exit 1; }; }
- echo "$f";;
- *) # Relative
- if test -f "$f"; then
- # Build tree
- echo "$f"
- elif test -f "$srcdir/$f"; then
- # Source tree
- echo "$srcdir/$f"
- else
- # /dev/null tree
- { { echo "$as_me:$LINENO: error: cannot find input file: $f" >&5
-echo "$as_me: error: cannot find input file: $f" >&2;}
- { (exit 1); exit 1; }; }
- fi;;
- esac
- done` || { (exit 1); exit 1; }
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+# If the template does not know about datarootdir, expand it.
+# FIXME: This hack should be removed a few years after 2.60.
+ac_datarootdir_hack=; ac_datarootdir_seen=
+ac_sed_dataroot='
+/datarootdir/ {
+ p
+ q
+}
+/@datadir@/p
+/@docdir@/p
+/@infodir@/p
+/@localedir@/p
+/@mandir@/p'
+case `eval "sed -n \"\$ac_sed_dataroot\" $ac_file_inputs"` in
+*datarootdir*) ac_datarootdir_seen=yes;;
+*@datadir@*|*@docdir@*|*@infodir@*|*@localedir@*|*@mandir@*)
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5
+$as_echo "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;}
+_ACEOF
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+ ac_datarootdir_hack='
+ s&@datadir@&$datadir&g
+ s&@docdir@&$docdir&g
+ s&@infodir@&$infodir&g
+ s&@localedir@&$localedir&g
+ s&@mandir@&$mandir&g
+ s&\\\${datarootdir}&$datarootdir&g' ;;
+esac
_ACEOF
-cat >>$CONFIG_STATUS <<_ACEOF
- sed "$ac_vpsub
+
+# Neutralize VPATH when `$srcdir' = `.'.
+# Shell code in configure.ac might set extrasub.
+# FIXME: do we really want to maintain this feature?
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+ac_sed_extra="$ac_vpsub
$extrasub
_ACEOF
-cat >>$CONFIG_STATUS <<\_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
:t
/@[a-zA-Z_][a-zA-Z_0-9]*@/!b
-s,@configure_input@,$configure_input,;t t
-s,@srcdir@,$ac_srcdir,;t t
-s,@abs_srcdir@,$ac_abs_srcdir,;t t
-s,@top_srcdir@,$ac_top_srcdir,;t t
-s,@abs_top_srcdir@,$ac_abs_top_srcdir,;t t
-s,@builddir@,$ac_builddir,;t t
-s,@abs_builddir@,$ac_abs_builddir,;t t
-s,@top_builddir@,$ac_top_builddir,;t t
-s,@abs_top_builddir@,$ac_abs_top_builddir,;t t
-s,@INSTALL@,$ac_INSTALL,;t t
-" $ac_file_inputs | (eval "$ac_sed_cmds") >$tmp/out
- rm -f $tmp/stdin
+s|@configure_input@|$ac_sed_conf_input|;t t
+s&@top_builddir@&$ac_top_builddir_sub&;t t
+s&@top_build_prefix@&$ac_top_build_prefix&;t t
+s&@srcdir@&$ac_srcdir&;t t
+s&@abs_srcdir@&$ac_abs_srcdir&;t t
+s&@top_srcdir@&$ac_top_srcdir&;t t
+s&@abs_top_srcdir@&$ac_abs_top_srcdir&;t t
+s&@builddir@&$ac_builddir&;t t
+s&@abs_builddir@&$ac_abs_builddir&;t t
+s&@abs_top_builddir@&$ac_abs_top_builddir&;t t
+s&@INSTALL@&$ac_INSTALL&;t t
+$ac_datarootdir_hack
+"
+eval sed \"\$ac_sed_extra\" "$ac_file_inputs" | $AWK -f "$ac_tmp/subs.awk" \
+ >$ac_tmp/out || as_fn_error $? "could not create $ac_file" "$LINENO" 5
+
+test -z "$ac_datarootdir_hack$ac_datarootdir_seen" &&
+ { ac_out=`sed -n '/\${datarootdir}/p' "$ac_tmp/out"`; test -n "$ac_out"; } &&
+ { ac_out=`sed -n '/^[ ]*datarootdir[ ]*:*=/p' \
+ "$ac_tmp/out"`; test -z "$ac_out"; } &&
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file contains a reference to the variable \`datarootdir'
+which seems to be undefined. Please make sure it is defined" >&5
+$as_echo "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir'
+which seems to be undefined. Please make sure it is defined" >&2;}
+
+ rm -f "$ac_tmp/stdin"
+ case $ac_file in
+ -) cat "$ac_tmp/out" && rm -f "$ac_tmp/out";;
+ *) rm -f "$ac_file" && mv "$ac_tmp/out" "$ac_file";;
+ esac \
+ || as_fn_error $? "could not create $ac_file" "$LINENO" 5
+ ;;
+ :H)
+ #
+ # CONFIG_HEADER
+ #
if test x"$ac_file" != x-; then
- mv $tmp/out $ac_file
+ {
+ $as_echo "/* $configure_input */" \
+ && eval '$AWK -f "$ac_tmp/defines.awk"' "$ac_file_inputs"
+ } >"$ac_tmp/config.h" \
+ || as_fn_error $? "could not create $ac_file" "$LINENO" 5
+ if diff "$ac_file" "$ac_tmp/config.h" >/dev/null 2>&1; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: $ac_file is unchanged" >&5
+$as_echo "$as_me: $ac_file is unchanged" >&6;}
+ else
+ rm -f "$ac_file"
+ mv "$ac_tmp/config.h" "$ac_file" \
+ || as_fn_error $? "could not create $ac_file" "$LINENO" 5
+ fi
else
- cat $tmp/out
- rm -f $tmp/out
+ $as_echo "/* $configure_input */" \
+ && eval '$AWK -f "$ac_tmp/defines.awk"' "$ac_file_inputs" \
+ || as_fn_error $? "could not create -" "$LINENO" 5
fi
+ ;;
-done
-_ACEOF
-cat >>$CONFIG_STATUS <<\_ACEOF
-#
-# CONFIG_HEADER section.
-#
-
-# These sed commands are passed to sed as "A NAME B NAME C VALUE D", where
-# NAME is the cpp macro being defined and VALUE is the value it is being given.
-#
-# ac_d sets the value in "#define NAME VALUE" lines.
-ac_dA='s,^\([ ]*\)#\([ ]*define[ ][ ]*\)'
-ac_dB='[ ].*$,\1#\2'
-ac_dC=' '
-ac_dD=',;t'
-# ac_u turns "#undef NAME" without trailing blanks into "#define NAME VALUE".
-ac_uA='s,^\([ ]*\)#\([ ]*\)undef\([ ][ ]*\)'
-ac_uB='$,\1#\2define\3'
-ac_uC=' '
-ac_uD=',;t'
-
-for ac_file in : $CONFIG_HEADERS; do test "x$ac_file" = x: && continue
- # Support "outfile[:infile[:infile...]]", defaulting infile="outfile.in".
- case $ac_file in
- - | *:- | *:-:* ) # input from stdin
- cat >$tmp/stdin
- ac_file_in=`echo "$ac_file" | sed 's,[^:]*:,,'`
- ac_file=`echo "$ac_file" | sed 's,:.*,,'` ;;
- *:* ) ac_file_in=`echo "$ac_file" | sed 's,[^:]*:,,'`
- ac_file=`echo "$ac_file" | sed 's,:.*,,'` ;;
- * ) ac_file_in=$ac_file.in ;;
esac
- test x"$ac_file" != x- && { echo "$as_me:$LINENO: creating $ac_file" >&5
-echo "$as_me: creating $ac_file" >&6;}
-
- # First look for the input files in the build tree, otherwise in the
- # src tree.
- ac_file_inputs=`IFS=:
- for f in $ac_file_in; do
- case $f in
- -) echo $tmp/stdin ;;
- [\\/$]*)
- # Absolute (can't be DOS-style, as IFS=:)
- test -f "$f" || { { echo "$as_me:$LINENO: error: cannot find input file: $f" >&5
-echo "$as_me: error: cannot find input file: $f" >&2;}
- { (exit 1); exit 1; }; }
- # Do quote $f, to prevent DOS paths from being IFS'd.
- echo "$f";;
- *) # Relative
- if test -f "$f"; then
- # Build tree
- echo "$f"
- elif test -f "$srcdir/$f"; then
- # Source tree
- echo "$srcdir/$f"
- else
- # /dev/null tree
- { { echo "$as_me:$LINENO: error: cannot find input file: $f" >&5
-echo "$as_me: error: cannot find input file: $f" >&2;}
- { (exit 1); exit 1; }; }
- fi;;
- esac
- done` || { (exit 1); exit 1; }
- # Remove the trailing spaces.
- sed 's/[ ]*$//' $ac_file_inputs >$tmp/in
-
-_ACEOF
-
-# Transform confdefs.h into two sed scripts, `conftest.defines' and
-# `conftest.undefs', that substitutes the proper values into
-# config.h.in to produce config.h. The first handles `#define'
-# templates, and the second `#undef' templates.
-# And first: Protect against being on the right side of a sed subst in
-# config.status. Protect against being in an unquoted here document
-# in config.status.
-rm -f conftest.defines conftest.undefs
-# Using a here document instead of a string reduces the quoting nightmare.
-# Putting comments in sed scripts is not portable.
-#
-# `end' is used to avoid that the second main sed command (meant for
-# 0-ary CPP macros) applies to n-ary macro definitions.
-# See the Autoconf documentation for `clear'.
-cat >confdef2sed.sed <<\_ACEOF
-s/[\\&,]/\\&/g
-s,[\\$`],\\&,g
-t clear
-: clear
-s,^[ ]*#[ ]*define[ ][ ]*\([^ (][^ (]*\)\(([^)]*)\)[ ]*\(.*\)$,${ac_dA}\1${ac_dB}\1\2${ac_dC}\3${ac_dD},gp
-t end
-s,^[ ]*#[ ]*define[ ][ ]*\([^ ][^ ]*\)[ ]*\(.*\)$,${ac_dA}\1${ac_dB}\1${ac_dC}\2${ac_dD},gp
-: end
-_ACEOF
-# If some macros were called several times there might be several times
-# the same #defines, which is useless. Nevertheless, we may not want to
-# sort them, since we want the *last* AC-DEFINE to be honored.
-uniq confdefs.h | sed -n -f confdef2sed.sed >conftest.defines
-sed 's/ac_d/ac_u/g' conftest.defines >conftest.undefs
-rm -f confdef2sed.sed
-
-# This sed command replaces #undef with comments. This is necessary, for
-# example, in the case of _POSIX_SOURCE, which is predefined and required
-# on some systems where configure will not decide to define it.
-cat >>conftest.undefs <<\_ACEOF
-s,^[ ]*#[ ]*undef[ ][ ]*[a-zA-Z_][a-zA-Z_0-9]*,/* & */,
-_ACEOF
-
-# Break up conftest.defines because some shells have a limit on the size
-# of here documents, and old seds have small limits too (100 cmds).
-echo ' # Handle all the #define templates only if necessary.' >>$CONFIG_STATUS
-echo ' if grep "^[ ]*#[ ]*define" $tmp/in >/dev/null; then' >>$CONFIG_STATUS
-echo ' # If there are no defines, we may have an empty if/fi' >>$CONFIG_STATUS
-echo ' :' >>$CONFIG_STATUS
-rm -f conftest.tail
-while grep . conftest.defines >/dev/null
-do
- # Write a limited-size here document to $tmp/defines.sed.
- echo ' cat >$tmp/defines.sed <<CEOF' >>$CONFIG_STATUS
- # Speed up: don't consider the non `#define' lines.
- echo '/^[ ]*#[ ]*define/!b' >>$CONFIG_STATUS
- # Work around the forget-to-reset-the-flag bug.
- echo 't clr' >>$CONFIG_STATUS
- echo ': clr' >>$CONFIG_STATUS
- sed ${ac_max_here_lines}q conftest.defines >>$CONFIG_STATUS
- echo 'CEOF
- sed -f $tmp/defines.sed $tmp/in >$tmp/out
- rm -f $tmp/in
- mv $tmp/out $tmp/in
-' >>$CONFIG_STATUS
- sed 1,${ac_max_here_lines}d conftest.defines >conftest.tail
- rm -f conftest.defines
- mv conftest.tail conftest.defines
-done
-rm -f conftest.defines
-echo ' fi # grep' >>$CONFIG_STATUS
-echo >>$CONFIG_STATUS
-
-# Break up conftest.undefs because some shells have a limit on the size
-# of here documents, and old seds have small limits too (100 cmds).
-echo ' # Handle all the #undef templates' >>$CONFIG_STATUS
-rm -f conftest.tail
-while grep . conftest.undefs >/dev/null
-do
- # Write a limited-size here document to $tmp/undefs.sed.
- echo ' cat >$tmp/undefs.sed <<CEOF' >>$CONFIG_STATUS
- # Speed up: don't consider the non `#undef'
- echo '/^[ ]*#[ ]*undef/!b' >>$CONFIG_STATUS
- # Work around the forget-to-reset-the-flag bug.
- echo 't clr' >>$CONFIG_STATUS
- echo ': clr' >>$CONFIG_STATUS
- sed ${ac_max_here_lines}q conftest.undefs >>$CONFIG_STATUS
- echo 'CEOF
- sed -f $tmp/undefs.sed $tmp/in >$tmp/out
- rm -f $tmp/in
- mv $tmp/out $tmp/in
-' >>$CONFIG_STATUS
- sed 1,${ac_max_here_lines}d conftest.undefs >conftest.tail
- rm -f conftest.undefs
- mv conftest.tail conftest.undefs
-done
-rm -f conftest.undefs
-
-cat >>$CONFIG_STATUS <<\_ACEOF
- # Let's still pretend it is `configure' which instantiates (i.e., don't
- # use $as_me), people would be surprised to read:
- # /* config.h. Generated by config.status. */
- if test x"$ac_file" = x-; then
- echo "/* Generated by configure. */" >$tmp/config.h
- else
- echo "/* $ac_file. Generated by configure. */" >$tmp/config.h
- fi
- cat $tmp/in >>$tmp/config.h
- rm -f $tmp/in
- if test x"$ac_file" != x-; then
- if diff $ac_file $tmp/config.h >/dev/null 2>&1; then
- { echo "$as_me:$LINENO: $ac_file is unchanged" >&5
-echo "$as_me: $ac_file is unchanged" >&6;}
- else
- ac_dir=`(dirname "$ac_file") 2>/dev/null ||
-$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
- X"$ac_file" : 'X\(//\)[^/]' \| \
- X"$ac_file" : 'X\(//\)$' \| \
- X"$ac_file" : 'X\(/\)' \| \
- . : '\(.\)' 2>/dev/null ||
-echo X"$ac_file" |
- sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; }
- /^X\(\/\/\)[^/].*/{ s//\1/; q; }
- /^X\(\/\/\)$/{ s//\1/; q; }
- /^X\(\/\).*/{ s//\1/; q; }
- s/.*/./; q'`
- { if $as_mkdir_p; then
- mkdir -p "$ac_dir"
- else
- as_dir="$ac_dir"
- as_dirs=
- while test ! -d "$as_dir"; do
- as_dirs="$as_dir $as_dirs"
- as_dir=`(dirname "$as_dir") 2>/dev/null ||
-$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
- X"$as_dir" : 'X\(//\)[^/]' \| \
- X"$as_dir" : 'X\(//\)$' \| \
- X"$as_dir" : 'X\(/\)' \| \
- . : '\(.\)' 2>/dev/null ||
-echo X"$as_dir" |
- sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; }
- /^X\(\/\/\)[^/].*/{ s//\1/; q; }
- /^X\(\/\/\)$/{ s//\1/; q; }
- /^X\(\/\).*/{ s//\1/; q; }
- s/.*/./; q'`
- done
- test ! -n "$as_dirs" || mkdir $as_dirs
- fi || { { echo "$as_me:$LINENO: error: cannot create directory \"$ac_dir\"" >&5
-echo "$as_me: error: cannot create directory \"$ac_dir\"" >&2;}
- { (exit 1); exit 1; }; }; }
-
- rm -f $ac_file
- mv $tmp/config.h $ac_file
- fi
- else
- cat $tmp/config.h
- rm -f $tmp/config.h
- fi
-done
-_ACEOF
+done # for ac_tag
-cat >>$CONFIG_STATUS <<\_ACEOF
-{ (exit 0); exit 0; }
+as_fn_exit 0
_ACEOF
-chmod +x $CONFIG_STATUS
ac_clean_files=$ac_clean_files_save
+test $ac_write_fail = 0 ||
+ as_fn_error $? "write failure creating $CONFIG_STATUS" "$LINENO" 5
+
# configure is writing to config.log, and then calls config.status.
# config.status does its own redirection, appending to config.log.
@@ -8296,308 +7284,24 @@ if test "$no_create" != yes; then
exec 5>>config.log
# Use ||, not &&, to avoid exiting from the if with $? = 1, which
# would make configure fail if this is the last instruction.
- $ac_cs_success || { (exit 1); exit 1; }
+ $ac_cs_success || as_fn_exit 1
+fi
+if test -n "$ac_unrecognized_opts" && test "$enable_option_checking" != no; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: unrecognized options: $ac_unrecognized_opts" >&5
+$as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2;}
fi
# This is needed when building outside the source dir.
-{ if $as_mkdir_p; then
- mkdir -p crypto/ae_xfm
- else
- as_dir=crypto/ae_xfm
- as_dirs=
- while test ! -d "$as_dir"; do
- as_dirs="$as_dir $as_dirs"
- as_dir=`(dirname "$as_dir") 2>/dev/null ||
-$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
- X"$as_dir" : 'X\(//\)[^/]' \| \
- X"$as_dir" : 'X\(//\)$' \| \
- X"$as_dir" : 'X\(/\)' \| \
- . : '\(.\)' 2>/dev/null ||
-echo X"$as_dir" |
- sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; }
- /^X\(\/\/\)[^/].*/{ s//\1/; q; }
- /^X\(\/\/\)$/{ s//\1/; q; }
- /^X\(\/\).*/{ s//\1/; q; }
- s/.*/./; q'`
- done
- test ! -n "$as_dirs" || mkdir $as_dirs
- fi || { { echo "$as_me:$LINENO: error: cannot create directory crypto/ae_xfm" >&5
-echo "$as_me: error: cannot create directory crypto/ae_xfm" >&2;}
- { (exit 1); exit 1; }; }; }
-
-{ if $as_mkdir_p; then
- mkdir -p crypto/cipher
- else
- as_dir=crypto/cipher
- as_dirs=
- while test ! -d "$as_dir"; do
- as_dirs="$as_dir $as_dirs"
- as_dir=`(dirname "$as_dir") 2>/dev/null ||
-$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
- X"$as_dir" : 'X\(//\)[^/]' \| \
- X"$as_dir" : 'X\(//\)$' \| \
- X"$as_dir" : 'X\(/\)' \| \
- . : '\(.\)' 2>/dev/null ||
-echo X"$as_dir" |
- sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; }
- /^X\(\/\/\)[^/].*/{ s//\1/; q; }
- /^X\(\/\/\)$/{ s//\1/; q; }
- /^X\(\/\).*/{ s//\1/; q; }
- s/.*/./; q'`
- done
- test ! -n "$as_dirs" || mkdir $as_dirs
- fi || { { echo "$as_me:$LINENO: error: cannot create directory crypto/cipher" >&5
-echo "$as_me: error: cannot create directory crypto/cipher" >&2;}
- { (exit 1); exit 1; }; }; }
-
-{ if $as_mkdir_p; then
- mkdir -p crypto/hash
- else
- as_dir=crypto/hash
- as_dirs=
- while test ! -d "$as_dir"; do
- as_dirs="$as_dir $as_dirs"
- as_dir=`(dirname "$as_dir") 2>/dev/null ||
-$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
- X"$as_dir" : 'X\(//\)[^/]' \| \
- X"$as_dir" : 'X\(//\)$' \| \
- X"$as_dir" : 'X\(/\)' \| \
- . : '\(.\)' 2>/dev/null ||
-echo X"$as_dir" |
- sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; }
- /^X\(\/\/\)[^/].*/{ s//\1/; q; }
- /^X\(\/\/\)$/{ s//\1/; q; }
- /^X\(\/\).*/{ s//\1/; q; }
- s/.*/./; q'`
- done
- test ! -n "$as_dirs" || mkdir $as_dirs
- fi || { { echo "$as_me:$LINENO: error: cannot create directory crypto/hash" >&5
-echo "$as_me: error: cannot create directory crypto/hash" >&2;}
- { (exit 1); exit 1; }; }; }
-
-{ if $as_mkdir_p; then
- mkdir -p crypto/kernel
- else
- as_dir=crypto/kernel
- as_dirs=
- while test ! -d "$as_dir"; do
- as_dirs="$as_dir $as_dirs"
- as_dir=`(dirname "$as_dir") 2>/dev/null ||
-$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
- X"$as_dir" : 'X\(//\)[^/]' \| \
- X"$as_dir" : 'X\(//\)$' \| \
- X"$as_dir" : 'X\(/\)' \| \
- . : '\(.\)' 2>/dev/null ||
-echo X"$as_dir" |
- sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; }
- /^X\(\/\/\)[^/].*/{ s//\1/; q; }
- /^X\(\/\/\)$/{ s//\1/; q; }
- /^X\(\/\).*/{ s//\1/; q; }
- s/.*/./; q'`
- done
- test ! -n "$as_dirs" || mkdir $as_dirs
- fi || { { echo "$as_me:$LINENO: error: cannot create directory crypto/kernel" >&5
-echo "$as_me: error: cannot create directory crypto/kernel" >&2;}
- { (exit 1); exit 1; }; }; }
-
-{ if $as_mkdir_p; then
- mkdir -p crypto/math
- else
- as_dir=crypto/math
- as_dirs=
- while test ! -d "$as_dir"; do
- as_dirs="$as_dir $as_dirs"
- as_dir=`(dirname "$as_dir") 2>/dev/null ||
-$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
- X"$as_dir" : 'X\(//\)[^/]' \| \
- X"$as_dir" : 'X\(//\)$' \| \
- X"$as_dir" : 'X\(/\)' \| \
- . : '\(.\)' 2>/dev/null ||
-echo X"$as_dir" |
- sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; }
- /^X\(\/\/\)[^/].*/{ s//\1/; q; }
- /^X\(\/\/\)$/{ s//\1/; q; }
- /^X\(\/\).*/{ s//\1/; q; }
- s/.*/./; q'`
- done
- test ! -n "$as_dirs" || mkdir $as_dirs
- fi || { { echo "$as_me:$LINENO: error: cannot create directory crypto/math" >&5
-echo "$as_me: error: cannot create directory crypto/math" >&2;}
- { (exit 1); exit 1; }; }; }
-
-{ if $as_mkdir_p; then
- mkdir -p crypto/replay
- else
- as_dir=crypto/replay
- as_dirs=
- while test ! -d "$as_dir"; do
- as_dirs="$as_dir $as_dirs"
- as_dir=`(dirname "$as_dir") 2>/dev/null ||
-$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
- X"$as_dir" : 'X\(//\)[^/]' \| \
- X"$as_dir" : 'X\(//\)$' \| \
- X"$as_dir" : 'X\(/\)' \| \
- . : '\(.\)' 2>/dev/null ||
-echo X"$as_dir" |
- sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; }
- /^X\(\/\/\)[^/].*/{ s//\1/; q; }
- /^X\(\/\/\)$/{ s//\1/; q; }
- /^X\(\/\).*/{ s//\1/; q; }
- s/.*/./; q'`
- done
- test ! -n "$as_dirs" || mkdir $as_dirs
- fi || { { echo "$as_me:$LINENO: error: cannot create directory crypto/replay" >&5
-echo "$as_me: error: cannot create directory crypto/replay" >&2;}
- { (exit 1); exit 1; }; }; }
-
-{ if $as_mkdir_p; then
- mkdir -p crypto/rng
- else
- as_dir=crypto/rng
- as_dirs=
- while test ! -d "$as_dir"; do
- as_dirs="$as_dir $as_dirs"
- as_dir=`(dirname "$as_dir") 2>/dev/null ||
-$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
- X"$as_dir" : 'X\(//\)[^/]' \| \
- X"$as_dir" : 'X\(//\)$' \| \
- X"$as_dir" : 'X\(/\)' \| \
- . : '\(.\)' 2>/dev/null ||
-echo X"$as_dir" |
- sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; }
- /^X\(\/\/\)[^/].*/{ s//\1/; q; }
- /^X\(\/\/\)$/{ s//\1/; q; }
- /^X\(\/\).*/{ s//\1/; q; }
- s/.*/./; q'`
- done
- test ! -n "$as_dirs" || mkdir $as_dirs
- fi || { { echo "$as_me:$LINENO: error: cannot create directory crypto/rng" >&5
-echo "$as_me: error: cannot create directory crypto/rng" >&2;}
- { (exit 1); exit 1; }; }; }
-
-{ if $as_mkdir_p; then
- mkdir -p crypto/test
- else
- as_dir=crypto/test
- as_dirs=
- while test ! -d "$as_dir"; do
- as_dirs="$as_dir $as_dirs"
- as_dir=`(dirname "$as_dir") 2>/dev/null ||
-$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
- X"$as_dir" : 'X\(//\)[^/]' \| \
- X"$as_dir" : 'X\(//\)$' \| \
- X"$as_dir" : 'X\(/\)' \| \
- . : '\(.\)' 2>/dev/null ||
-echo X"$as_dir" |
- sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; }
- /^X\(\/\/\)[^/].*/{ s//\1/; q; }
- /^X\(\/\/\)$/{ s//\1/; q; }
- /^X\(\/\).*/{ s//\1/; q; }
- s/.*/./; q'`
- done
- test ! -n "$as_dirs" || mkdir $as_dirs
- fi || { { echo "$as_me:$LINENO: error: cannot create directory crypto/test" >&5
-echo "$as_me: error: cannot create directory crypto/test" >&2;}
- { (exit 1); exit 1; }; }; }
-
-{ if $as_mkdir_p; then
- mkdir -p doc
- else
- as_dir=doc
- as_dirs=
- while test ! -d "$as_dir"; do
- as_dirs="$as_dir $as_dirs"
- as_dir=`(dirname "$as_dir") 2>/dev/null ||
-$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
- X"$as_dir" : 'X\(//\)[^/]' \| \
- X"$as_dir" : 'X\(//\)$' \| \
- X"$as_dir" : 'X\(/\)' \| \
- . : '\(.\)' 2>/dev/null ||
-echo X"$as_dir" |
- sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; }
- /^X\(\/\/\)[^/].*/{ s//\1/; q; }
- /^X\(\/\/\)$/{ s//\1/; q; }
- /^X\(\/\).*/{ s//\1/; q; }
- s/.*/./; q'`
- done
- test ! -n "$as_dirs" || mkdir $as_dirs
- fi || { { echo "$as_me:$LINENO: error: cannot create directory doc" >&5
-echo "$as_me: error: cannot create directory doc" >&2;}
- { (exit 1); exit 1; }; }; }
-
-{ if $as_mkdir_p; then
- mkdir -p srtp
- else
- as_dir=srtp
- as_dirs=
- while test ! -d "$as_dir"; do
- as_dirs="$as_dir $as_dirs"
- as_dir=`(dirname "$as_dir") 2>/dev/null ||
-$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
- X"$as_dir" : 'X\(//\)[^/]' \| \
- X"$as_dir" : 'X\(//\)$' \| \
- X"$as_dir" : 'X\(/\)' \| \
- . : '\(.\)' 2>/dev/null ||
-echo X"$as_dir" |
- sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; }
- /^X\(\/\/\)[^/].*/{ s//\1/; q; }
- /^X\(\/\/\)$/{ s//\1/; q; }
- /^X\(\/\).*/{ s//\1/; q; }
- s/.*/./; q'`
- done
- test ! -n "$as_dirs" || mkdir $as_dirs
- fi || { { echo "$as_me:$LINENO: error: cannot create directory srtp" >&5
-echo "$as_me: error: cannot create directory srtp" >&2;}
- { (exit 1); exit 1; }; }; }
-
-{ if $as_mkdir_p; then
- mkdir -p tables
- else
- as_dir=tables
- as_dirs=
- while test ! -d "$as_dir"; do
- as_dirs="$as_dir $as_dirs"
- as_dir=`(dirname "$as_dir") 2>/dev/null ||
-$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
- X"$as_dir" : 'X\(//\)[^/]' \| \
- X"$as_dir" : 'X\(//\)$' \| \
- X"$as_dir" : 'X\(/\)' \| \
- . : '\(.\)' 2>/dev/null ||
-echo X"$as_dir" |
- sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; }
- /^X\(\/\/\)[^/].*/{ s//\1/; q; }
- /^X\(\/\/\)$/{ s//\1/; q; }
- /^X\(\/\).*/{ s//\1/; q; }
- s/.*/./; q'`
- done
- test ! -n "$as_dirs" || mkdir $as_dirs
- fi || { { echo "$as_me:$LINENO: error: cannot create directory tables" >&5
-echo "$as_me: error: cannot create directory tables" >&2;}
- { (exit 1); exit 1; }; }; }
-
-{ if $as_mkdir_p; then
- mkdir -p test
- else
- as_dir=test
- as_dirs=
- while test ! -d "$as_dir"; do
- as_dirs="$as_dir $as_dirs"
- as_dir=`(dirname "$as_dir") 2>/dev/null ||
-$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
- X"$as_dir" : 'X\(//\)[^/]' \| \
- X"$as_dir" : 'X\(//\)$' \| \
- X"$as_dir" : 'X\(/\)' \| \
- . : '\(.\)' 2>/dev/null ||
-echo X"$as_dir" |
- sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; }
- /^X\(\/\/\)[^/].*/{ s//\1/; q; }
- /^X\(\/\/\)$/{ s//\1/; q; }
- /^X\(\/\).*/{ s//\1/; q; }
- s/.*/./; q'`
- done
- test ! -n "$as_dirs" || mkdir $as_dirs
- fi || { { echo "$as_me:$LINENO: error: cannot create directory test" >&5
-echo "$as_me: error: cannot create directory test" >&2;}
- { (exit 1); exit 1; }; }; }
-
+as_dir=crypto/ae_xfm; as_fn_mkdir_p
+as_dir=crypto/cipher; as_fn_mkdir_p
+as_dir=crypto/hash; as_fn_mkdir_p
+as_dir=crypto/kernel; as_fn_mkdir_p
+as_dir=crypto/math; as_fn_mkdir_p
+as_dir=crypto/replay; as_fn_mkdir_p
+as_dir=crypto/rng; as_fn_mkdir_p
+as_dir=crypto/test; as_fn_mkdir_p
+as_dir=doc; as_fn_mkdir_p
+as_dir=srtp; as_fn_mkdir_p
+as_dir=tables; as_fn_mkdir_p
+as_dir=test; as_fn_mkdir_p
diff --git a/third_party/srtp/configure.in b/third_party/srtp/configure.in
index 49aaf8e0..445d8237 100644
--- a/third_party/srtp/configure.in
+++ b/third_party/srtp/configure.in
@@ -1,17 +1,48 @@
dnl Process this file with autoconf to produce a configure script.
-AC_INIT(srtp)
+AC_INIT([libsrtp], [1.5.4], [https://github.com/cisco/libsrtp/issues])
dnl Must come before AC_PROG_CC
if test -z "$CFLAGS"; then
dnl Default value for CFLAGS if not specified.
- CFLAGS="-Wall -O4 -fexpensive-optimizations -funroll-loops"
+ CFLAGS="-fPIC -Wall -O4 -fexpensive-optimizations -funroll-loops"
fi
dnl Checks for programs.
+AM_PROG_AR
AC_PROG_RANLIB
AC_PROG_CC
AC_PROG_INSTALL
+dnl Check the byte order
+AC_C_BIGENDIAN
+
+AC_CANONICAL_HOST
+
+dnl check host_cpu type, set defines appropriately
+case $host_cpu in
+ i*86 | x86_64 )
+ AC_DEFINE(CPU_CISC, 1,
+ [Define if building for a CISC machine (e.g. Intel).])
+ AC_DEFINE(HAVE_X86, 1,
+ [Define to use X86 inlined assembly code]);;
+ * )
+ AC_DEFINE(CPU_RISC, 1,
+ [Define if building for a RISC machine (assume slow byte access).])
+ ;;
+esac
+
+dnl Check if we are on a Windows platform.
+case $host_os in
+ *cygwin*|*mingw* )
+ EXE=.exe
+ HOST_IS_WINDOWS=yes
+ ;;
+ * )
+ EXE=""
+ ;;
+esac
+AC_SUBST(EXE) # define executable suffix; this is needed for `make clean'
+
AC_ARG_ENABLE(kernel-linux,
[AS_HELP_STRING([--enable-kernel-linux],
@@ -26,26 +57,12 @@ if test "$enable_kernel_linux" = "yes"; then
fi
AC_MSG_RESULT($enable_kernel_linux)
-if test "$cross_compiling" != yes; then
+if test "$cross_compiling" != yes -a "$HOST_IS_WINDOWS" != yes; then
dnl Check for /dev/urandom
AC_CHECK_FILE(/dev/urandom, DEV_URANDOM=/dev/urandom,
[AC_CHECK_FILE(/dev/random, DEV_URANDOM=/dev/random)])
fi
-AC_MSG_CHECKING(which random device to use)
-if test "$enable_kernel_linux" = "yes"; then
- RNG_OBJS=rand_linux_kernel.o
- AC_MSG_RESULT([Linux kernel builtin])
-else
- RNG_OBJS=rand_source.o
- if test -n "$DEV_URANDOM"; then
- AC_DEFINE_UNQUOTED(DEV_URANDOM, "$DEV_URANDOM",[Path to random device])
- AC_MSG_RESULT([$DEV_URANDOM])
- else
- AC_MSG_RESULT([standard rand() function...])
- fi
-fi
-AC_SUBST(RNG_OBJS)
dnl Checks for header files.
@@ -76,7 +93,7 @@ AC_C_INLINE
AC_TYPE_SIZE_T
dnl Checks for library functions.
-AC_CHECK_FUNCS(socket inet_aton usleep)
+AC_CHECK_FUNCS(socket inet_aton usleep sigaction)
dnl Find socket function if not found yet.
if test "x$ac_cv_func_socket" = "xno"; then
@@ -95,38 +112,6 @@ socket(0, 0, 0);
AC_MSG_RESULT(no))
fi
-dnl Check the byte order
-AC_C_BIGENDIAN
-
-AC_CANONICAL_HOST
-
-dnl check host_cpu type, set defines appropriately
-case $host_cpu in
- i*86 )
- AC_DEFINE(CPU_CISC, 1,
- [Define if building for a CISC machine (e.g. Intel).])
- AC_DEFINE(HAVE_X86, 1,
- [Define to use X86 inlined assembly code]);;
- * )
- # CPU_RISC is only supported for big endian machines.
- if test "$ac_cv_c_bigendian" = "yes"; then
- AC_DEFINE(CPU_RISC, 1,
- [Define if building for a RISC machine (assume slow byte access).])
- else
- AC_DEFINE(CPU_CISC, 1)
- fi
- ;;
-esac
-
-dnl Check if we're on a Windows platform.
-case $host_os in
- *cygwin*|*mingw* )
- EXE=.exe;;
- * ) EXE="";;
-esac
-
-AC_SUBST(EXE) # define executable suffix; this is needed for `make clean'
-
AC_MSG_CHECKING(whether to compile in debugging)
AC_ARG_ENABLE(debug,
[AS_HELP_STRING([--disable-debug],
@@ -148,6 +133,64 @@ if test "$enable_generic_aesicm" = "yes"; then
fi
AC_MSG_RESULT($enable_generic_aesicm)
+AC_MSG_CHECKING(whether to leverage OpenSSL crypto)
+AC_ARG_ENABLE(openssl,
+ [AS_HELP_STRING([--enable-openssl],
+ [compile in OpenSSL crypto engine])],
+ [], enable_openssl=no)
+AC_MSG_RESULT($enable_openssl)
+if test "$enable_openssl" = "yes"; then
+ LDFLAGS="$LDFLAGS $(pkg-config --libs openssl)";
+ CFLAGS="$CFLAGS $(pkg-config --cflags openssl)";
+
+ AC_CHECK_LIB([dl], [dlopen], [],
+ [AC_MSG_WARN([can't find libdl])])
+ AC_CHECK_LIB([z], [inflate], [],
+ [AC_MSG_WARN([can't find libz])])
+ AC_CHECK_LIB([crypto], [EVP_EncryptInit], [],
+ [AC_MSG_FAILURE([can't find openssl >1.0.1 crypto lib])])
+ AC_CHECK_LIB([crypto], [EVP_aes_128_ctr], [],
+ [AC_MSG_FAILURE([can't find openssl >1.0.1 crypto lib])])
+ AC_CHECK_LIB([crypto], [EVP_aes_128_gcm], [],
+ [AC_MSG_FAILURE([can't find openssl >1.0.1 crypto lib])])
+ AC_DEFINE(OPENSSL, 1, [Define this to use OpenSSL crypto.])
+ AES_ICM_OBJS="crypto/cipher/aes_icm_ossl.o crypto/cipher/aes_gcm_ossl.o"
+ RNG_OBJS=rand_source_ossl.o
+ HMAC_OBJS=crypto/hash/hmac_ossl.o
+ USE_OPENSSL=1
+ AC_SUBST(USE_OPENSSL)
+else
+ AES_ICM_OBJS="crypto/cipher/aes_icm.o crypto/cipher/aes.o crypto/cipher/aes_cbc.o"
+ AC_MSG_CHECKING(which random device to use)
+ if test "$enable_kernel_linux" = "yes"; then
+ RNG_OBJS=rand_linux_kernel.o
+ AC_MSG_RESULT([Linux kernel builtin])
+ else
+ RNG_OBJS=rand_source.o
+ if test -n "$DEV_URANDOM"; then
+ AC_DEFINE_UNQUOTED(DEV_URANDOM, "$DEV_URANDOM",[Path to random device])
+ AC_MSG_RESULT([$DEV_URANDOM])
+ else
+ AC_MSG_RESULT([standard rand() function...])
+ fi
+ fi
+ RNG_EXTRA_OBJS="crypto/rng/prng.o crypto/rng/ctr_prng.o"
+ HMAC_OBJS="crypto/hash/hmac.o crypto/hash/sha1.o"
+fi
+AC_SUBST(AES_ICM_OBJS)
+AC_SUBST(RNG_OBJS)
+AC_SUBST(RNG_EXTRA_OBJS)
+AC_SUBST(HMAC_OBJS)
+
+dnl Checking for PCAP
+AC_CHECK_LIB([pcap],[pcap_create],
+ [PCAP=1
+ LIBS="-lpcap $LIBS"
+ HAVE_PCAP=1
+ AC_DEFINE(HAVE_PCAP, 1, [Define to 1 if you have the `pcap' library (-lpcap)])
+ AC_SUBST(HAVE_PCAP)
+])
+
AC_MSG_CHECKING(whether to use syslog for error reporting)
AC_ARG_ENABLE(syslog,
[AS_HELP_STRING([--enable-syslog], [use syslog for error reporting])],
@@ -189,7 +232,16 @@ AC_MSG_RESULT($enable_gdoi)
AC_CONFIG_HEADER(crypto/include/config.h:config_in.h)
-AC_OUTPUT(Makefile crypto/Makefile doc/Makefile)
+AC_CHECK_PROG(PKG_CONFIG, pkg-config, yes)
+if test "x$PKG_CONFIG" != "x"; then
+ HAVE_PKG_CONFIG=1
+ AC_CONFIG_FILES([libsrtp.pc])
+else
+ HAVE_PKG_CONFIG=0
+fi
+AC_SUBST(HAVE_PKG_CONFIG)
+AC_CONFIG_FILES([Makefile crypto/Makefile doc/Makefile])
+AC_OUTPUT
# This is needed when building outside the source dir.
AS_MKDIR_P(crypto/ae_xfm)
diff --git a/third_party/srtp/crypto/Makefile b/third_party/srtp/crypto/Makefile
deleted file mode 100644
index d7ac61fb..00000000
--- a/third_party/srtp/crypto/Makefile
+++ /dev/null
@@ -1,130 +0,0 @@
-# Makefile for libcryptomodule.a
-#
-# David A. McGrew
-# Cisco Systems, Inc.
-
-srcdir = .
-top_srcdir = ..
-top_builddir = ../
-
-
-CC = gcc
-INCDIR = -Iinclude -I$(srcdir)/include
-DEFS = -DHAVE_CONFIG_H
-CPPFLAGS=
-CFLAGS = -Wall -O4 -fexpensive-optimizations -funroll-loops
-LIBS =
-LDFLAGS = -L.
-COMPILE = $(CC) $(DEFS) $(INCDIR) $(CPPFLAGS) $(CFLAGS)
-CRYPTOLIB = -lcryptomodule
-
-RANLIB = ranlib
-
-# EXE defines the suffix on executables - it's .exe for cygwin, and
-# null on linux, bsd, and OS X and other OSes. we define this so that
-# `make clean` will work on the cygwin platform
-EXE =
-# Random source.
-RNG_OBJS = rand_source.o
-
-ifdef ARCH
- DEFS += -D$(ARCH)=1
-endif
-
-ifdef sysname
- DEFS += -D$(sysname)=1
-endif
-
-.PHONY: dummy all runtest clean superclean
-
-dummy : all runtest
-
-# test applications
-
-testapp = test/cipher_driver$(EXE) test/datatypes_driver$(EXE) \
- test/stat_driver$(EXE) test/sha1_driver$(EXE) \
- test/kernel_driver$(EXE) test/aes_calc$(EXE) test/rand_gen$(EXE) \
- test/env$(EXE)
-
-# data values used to test the aes_calc application
-
-k=000102030405060708090a0b0c0d0e0f
-p=00112233445566778899aabbccddeeff
-c=69c4e0d86a7b0430d8cdb78070b4c55a
-
-runtest: libcryptomodule.a $(testapp)
- test/env$(EXE) # print out information on the build environment
- @echo "running libcryptomodule test applications..."
- test `test/aes_calc $k $p` = $c
- test/cipher_driver$(EXE) -v >/dev/null
- test/datatypes_driver$(EXE) -v >/dev/null
- test/stat_driver$(EXE) >/dev/null
- test/sha1_driver$(EXE) -v >/dev/null
- test/kernel_driver$(EXE) -v >/dev/null
- test/rand_gen$(EXE) -n 256 >/dev/null
- @echo "libcryptomodule test applications passed."
-
-# libcryptomodule.a (the crypto engine)
-
-ciphers = cipher/cipher.o cipher/null_cipher.o \
- cipher/aes.o cipher/aes_icm.o \
- cipher/aes_cbc.o
-
-hashes = hash/null_auth.o hash/sha1.o \
- hash/hmac.o hash/auth.o
-
-math = math/datatypes.o math/stat.o
-
-rng = rng/$(RNG_OBJS) rng/rand_source.o rng/prng.o rng/ctr_prng.o
-
-err = kernel/err.o
-
-kernel = kernel/crypto_kernel.o kernel/alloc.o \
- kernel/key.o $(rng) $(err)
-
-xfm = ae_xfm/xfm.o
-
-cryptobj = $(ciphers) $(hashes) $(math) $(stat) $(kernel) $(xfm)
-
-# the rule for making object files and test apps
-
-%.o: %.c
- $(COMPILE) -c $< -o $@
-
-%$(EXE): %.c libcryptomodule.a
- $(COMPILE) $(LDFLAGS) $< -o $@ $(CRYPTOLIB) $(LIBS)
-
-ifndef AR
- AR=ar
-endif
-
-# and the crypto module library itself
-
-libcryptomodule.a: $(cryptobj)
- $(AR) cr libcryptomodule.a $(cryptobj)
- $(RANLIB) libcryptomodule.a
-
-all: libcryptomodule.a $(testapp)
-
-# housekeeping functions
-
-clean:
- rm -f libcryptomodule.a
- rm -f $(testapp) *.o */*.o
- for a in * .* */*; do if [ -f "$$a~" ] ; then rm $$a~; fi; done;
- rm -f `find . -name "*.[ch]~*~"`
- rm -rf latex
-
-superclean: clean
- rm -f *core TAGS ktrace.out
-
-
-# the target 'package' builds a compressed tar archive of the source code
-
-distname = crypto-$(shell cat VERSION)
-
-package: superclean
- cd ..; tar cvzf $(distname).tgz crypto/
-
-
-# EOF
diff --git a/third_party/srtp/crypto/Makefile.in b/third_party/srtp/crypto/Makefile.in
index c14dba50..49384376 100644
--- a/third_party/srtp/crypto/Makefile.in
+++ b/third_party/srtp/crypto/Makefile.in
@@ -9,14 +9,14 @@ top_builddir = @top_builddir@
VPATH = @srcdir@
CC = @CC@
-INCDIR = -Iinclude -I$(srcdir)/include
+INCDIR = -Iinclude -I$(srcdir)/include -I$(top_srcdir)/include
DEFS = @DEFS@
CPPFLAGS= @CPPFLAGS@
CFLAGS = @CFLAGS@
LIBS = @LIBS@
-LDFLAGS = @LDFLAGS@ -L.
+LDFLAGS = @LDFLAGS@ -L. -L..
COMPILE = $(CC) $(DEFS) $(INCDIR) $(CPPFLAGS) $(CFLAGS)
-CRYPTOLIB = -lcryptomodule
+CRYPTOLIB = -lsrtp
RANLIB = @RANLIB@
@@ -25,7 +25,7 @@ RANLIB = @RANLIB@
# `make clean` will work on the cygwin platform
EXE = @EXE@
# Random source.
-RNG_OBJS = @RNG_OBJS@
+USE_OPENSSL = @USE_OPENSSL@
ifdef ARCH
DEFS += -D$(ARCH)=1
@@ -40,71 +40,52 @@ endif
dummy : all runtest
# test applications
+ifneq (1, $(USE_OPENSSL))
+AES_CALC = test/aes_calc$(EXE)
+endif
testapp = test/cipher_driver$(EXE) test/datatypes_driver$(EXE) \
test/stat_driver$(EXE) test/sha1_driver$(EXE) \
- test/kernel_driver$(EXE) test/aes_calc$(EXE) test/rand_gen$(EXE) \
+ test/kernel_driver$(EXE) $(AES_CALC) test/rand_gen$(EXE) \
test/env$(EXE)
-# data values used to test the aes_calc application
+# data values used to test the aes_calc application for AES-128
+k128=000102030405060708090a0b0c0d0e0f
+p128=00112233445566778899aabbccddeeff
+c128=69c4e0d86a7b0430d8cdb78070b4c55a
+
-k=000102030405060708090a0b0c0d0e0f
-p=00112233445566778899aabbccddeeff
-c=69c4e0d86a7b0430d8cdb78070b4c55a
+# data values used to test the aes_calc application for AES-256
+k256=000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f
+p256=00112233445566778899aabbccddeeff
+c256=8ea2b7ca516745bfeafc49904b496089
-runtest: libcryptomodule.a $(testapp)
+
+runtest: $(testapp)
test/env$(EXE) # print out information on the build environment
- @echo "running libcryptomodule test applications..."
- test `test/aes_calc $k $p` = $c
+ @echo "running crypto test applications..."
+ifneq (1, $(USE_OPENSSL))
+ test `test/aes_calc $(k128) $(p128)` = $(c128)
+ test `test/aes_calc $(k256) $(p256)` = $(c256)
+endif
test/cipher_driver$(EXE) -v >/dev/null
test/datatypes_driver$(EXE) -v >/dev/null
test/stat_driver$(EXE) >/dev/null
test/sha1_driver$(EXE) -v >/dev/null
test/kernel_driver$(EXE) -v >/dev/null
test/rand_gen$(EXE) -n 256 >/dev/null
- @echo "libcryptomodule test applications passed."
-
-# libcryptomodule.a (the crypto engine)
-
-ciphers = cipher/cipher.o cipher/null_cipher.o \
- cipher/aes.o cipher/aes_icm.o \
- cipher/aes_cbc.o
-
-hashes = hash/null_auth.o hash/sha1.o \
- hash/hmac.o hash/auth.o
-
-math = math/datatypes.o math/stat.o
+ @echo "crypto test applications passed."
-rng = rng/$(RNG_OBJS) rng/rand_source.o rng/prng.o rng/ctr_prng.o
-
-err = kernel/err.o
-
-kernel = kernel/crypto_kernel.o kernel/alloc.o \
- kernel/key.o $(rng) $(err)
-
-xfm = ae_xfm/xfm.o
-
-cryptobj = $(ciphers) $(hashes) $(math) $(stat) $(kernel) $(xfm)
# the rule for making object files and test apps
%.o: %.c
$(COMPILE) -c $< -o $@
-%$(EXE): %.c libcryptomodule.a
- $(COMPILE) $(LDFLAGS) $< -o $@ $(CRYPTOLIB) $(LIBS)
-
-ifndef AR
- AR=ar
-endif
-
-# and the crypto module library itself
-
-libcryptomodule.a: $(cryptobj)
- $(AR) cr libcryptomodule.a $(cryptobj)
- $(RANLIB) libcryptomodule.a
+%$(EXE): %.c ../test/getopt_s.c
+ $(COMPILE) $(LDFLAGS) $< ../test/getopt_s.c -o $@ $(CRYPTOLIB) $(LIBS)
-all: libcryptomodule.a $(testapp)
+all: $(testapp)
# housekeeping functions
diff --git a/third_party/srtp/crypto/ae_xfm/xfm.c b/third_party/srtp/crypto/ae_xfm/xfm.c
deleted file mode 100644
index 0655aca4..00000000
--- a/third_party/srtp/crypto/ae_xfm/xfm.c
+++ /dev/null
@@ -1,573 +0,0 @@
-/*
- * xfm.c
- *
- * Crypto transform implementation
- *
- * David A. McGrew
- * Cisco Systems, Inc.
- */
-
-#include "cryptoalg.h"
-#include "aes_cbc.h"
-#include "hmac.h"
-#include "crypto_kernel.h" /* for crypto_get_random() */
-
-#define KEY_LEN 16
-#define ENC_KEY_LEN 16
-#define MAC_KEY_LEN 16
-#define IV_LEN 16
-#define TAG_LEN 12
-#define MAX_EXPAND 27
-
-err_status_t
-aes_128_cbc_hmac_sha1_96_func(void *key,
- void *clear,
- unsigned clear_len,
- void *iv,
- void *opaque,
- unsigned *opaque_len,
- void *auth_tag) {
- aes_cbc_ctx_t aes_ctx;
- hmac_ctx_t hmac_ctx;
- unsigned char enc_key[ENC_KEY_LEN];
- unsigned char mac_key[MAC_KEY_LEN];
- err_status_t status;
-
- /* check if we're doing authentication only */
- if ((iv == NULL) && (opaque == NULL) && (opaque_len == NULL)) {
-
- /* perform authentication only */
-
- } else if ((iv == NULL) || (opaque == NULL) || (opaque_len == NULL)) {
-
- /*
- * bad parameter - we expect either all three pointers to be NULL,
- * or none of those pointers to be NULL
- */
- return err_status_fail;
-
- } else {
-
- /* derive encryption and authentication keys from the input key */
- status = hmac_init(&hmac_ctx, key, KEY_LEN);
- if (status) return status;
- status = hmac_compute(&hmac_ctx, "ENC", 3, ENC_KEY_LEN, enc_key);
- if (status) return status;
-
- status = hmac_init(&hmac_ctx, key, KEY_LEN);
- if (status) return status;
- status = hmac_compute(&hmac_ctx, "MAC", 3, MAC_KEY_LEN, mac_key);
- if (status) return status;
-
-
- /* perform encryption and authentication */
-
- /* set aes key */
- status = aes_cbc_context_init(&aes_ctx, key, direction_encrypt);
- if (status) return status;
-
- /* set iv */
- status = crypto_get_random(iv, IV_LEN);
- if (status) return status;
- status = aes_cbc_set_iv(&aes_ctx, iv);
-
- /* encrypt the opaque data */
- status = aes_cbc_nist_encrypt(&aes_ctx, opaque, opaque_len);
- if (status) return status;
-
- /* authenticate clear and opaque data */
- status = hmac_init(&hmac_ctx, mac_key, MAC_KEY_LEN);
- if (status) return status;
-
- status = hmac_start(&hmac_ctx);
- if (status) return status;
-
- status = hmac_update(&hmac_ctx, clear, clear_len);
- if (status) return status;
-
- status = hmac_compute(&hmac_ctx, opaque, *opaque_len, TAG_LEN, auth_tag);
- if (status) return status;
-
- }
-
- return err_status_ok;
-}
-
-err_status_t
-aes_128_cbc_hmac_sha1_96_inv(void *key,
- void *clear,
- unsigned clear_len,
- void *iv,
- void *opaque,
- unsigned *opaque_len,
- void *auth_tag) {
- aes_cbc_ctx_t aes_ctx;
- hmac_ctx_t hmac_ctx;
- unsigned char enc_key[ENC_KEY_LEN];
- unsigned char mac_key[MAC_KEY_LEN];
- unsigned char tmp_tag[TAG_LEN];
- unsigned char *tag = auth_tag;
- err_status_t status;
- int i;
-
- /* check if we're doing authentication only */
- if ((iv == NULL) && (opaque == NULL) && (opaque_len == NULL)) {
-
- /* perform authentication only */
-
- } else if ((iv == NULL) || (opaque == NULL) || (opaque_len == NULL)) {
-
- /*
- * bad parameter - we expect either all three pointers to be NULL,
- * or none of those pointers to be NULL
- */
- return err_status_fail;
-
- } else {
-
- /* derive encryption and authentication keys from the input key */
- status = hmac_init(&hmac_ctx, key, KEY_LEN);
- if (status) return status;
- status = hmac_compute(&hmac_ctx, "ENC", 3, ENC_KEY_LEN, enc_key);
- if (status) return status;
-
- status = hmac_init(&hmac_ctx, key, KEY_LEN);
- if (status) return status;
- status = hmac_compute(&hmac_ctx, "MAC", 3, MAC_KEY_LEN, mac_key);
- if (status) return status;
-
- /* perform encryption and authentication */
-
- /* set aes key */
- status = aes_cbc_context_init(&aes_ctx, key, direction_decrypt);
- if (status) return status;
-
- /* set iv */
- status = rand_source_get_octet_string(iv, IV_LEN);
- if (status) return status;
- status = aes_cbc_set_iv(&aes_ctx, iv);
-
- /* encrypt the opaque data */
- status = aes_cbc_nist_decrypt(&aes_ctx, opaque, opaque_len);
- if (status) return status;
-
- /* authenticate clear and opaque data */
- status = hmac_init(&hmac_ctx, mac_key, MAC_KEY_LEN);
- if (status) return status;
-
- status = hmac_start(&hmac_ctx);
- if (status) return status;
-
- status = hmac_update(&hmac_ctx, clear, clear_len);
- if (status) return status;
-
- status = hmac_compute(&hmac_ctx, opaque, *opaque_len, TAG_LEN, tmp_tag);
- if (status) return status;
-
- /* compare the computed tag with the one provided as input */
- for (i=0; i < TAG_LEN; i++)
- if (tmp_tag[i] != tag[i])
- return err_status_auth_fail;
-
- }
-
- return err_status_ok;
-}
-
-
-#define ENC 1
-
-// eVC4 declares DEBUG
-#undef DEBUG
-
-#define DEBUG 0
-
-err_status_t
-aes_128_cbc_hmac_sha1_96_enc(void *key,
- const void *clear,
- unsigned clear_len,
- void *iv,
- void *opaque,
- unsigned *opaque_len) {
- aes_cbc_ctx_t aes_ctx;
- hmac_ctx_t hmac_ctx;
- unsigned char enc_key[ENC_KEY_LEN];
- unsigned char mac_key[MAC_KEY_LEN];
- unsigned char *auth_tag;
- err_status_t status;
-
- /* check if we're doing authentication only */
- if ((iv == NULL) && (opaque == NULL) && (opaque_len == NULL)) {
-
- /* perform authentication only */
-
- } else if ((iv == NULL) || (opaque == NULL) || (opaque_len == NULL)) {
-
- /*
- * bad parameter - we expect either all three pointers to be NULL,
- * or none of those pointers to be NULL
- */
- return err_status_fail;
-
- } else {
-
-#if DEBUG
- printf("ENC using key %s\n", octet_string_hex_string(key, KEY_LEN));
-#endif
-
- /* derive encryption and authentication keys from the input key */
- status = hmac_init(&hmac_ctx, key, KEY_LEN);
- if (status) return status;
- status = hmac_compute(&hmac_ctx, "ENC", 3, ENC_KEY_LEN, enc_key);
- if (status) return status;
-
- status = hmac_init(&hmac_ctx, key, KEY_LEN);
- if (status) return status;
- status = hmac_compute(&hmac_ctx, "MAC", 3, MAC_KEY_LEN, mac_key);
- if (status) return status;
-
-
- /* perform encryption and authentication */
-
- /* set aes key */
- status = aes_cbc_context_init(&aes_ctx, key, direction_encrypt);
- if (status) return status;
-
- /* set iv */
- status = rand_source_get_octet_string(iv, IV_LEN);
- if (status) return status;
- status = aes_cbc_set_iv(&aes_ctx, iv);
- if (status) return status;
-
-#if DEBUG
- printf("plaintext len: %d\n", *opaque_len);
- printf("iv: %s\n", octet_string_hex_string(iv, IV_LEN));
- printf("plaintext: %s\n", octet_string_hex_string(opaque, *opaque_len));
-#endif
-
-#if ENC
- /* encrypt the opaque data */
- status = aes_cbc_nist_encrypt(&aes_ctx, opaque, opaque_len);
- if (status) return status;
-#endif
-
-#if DEBUG
- printf("ciphertext len: %d\n", *opaque_len);
- printf("ciphertext: %s\n", octet_string_hex_string(opaque, *opaque_len));
-#endif
-
- /*
- * authenticate clear and opaque data, then write the
- * authentication tag to the location immediately following the
- * ciphertext
- */
- status = hmac_init(&hmac_ctx, mac_key, MAC_KEY_LEN);
- if (status) return status;
-
- status = hmac_start(&hmac_ctx);
- if (status) return status;
-
- status = hmac_update(&hmac_ctx, clear, clear_len);
- if (status) return status;
-#if DEBUG
- printf("hmac input: %s\n",
- octet_string_hex_string(clear, clear_len));
-#endif
- auth_tag = (unsigned char *)opaque;
- auth_tag += *opaque_len;
- status = hmac_compute(&hmac_ctx, opaque, *opaque_len, TAG_LEN, auth_tag);
- if (status) return status;
-#if DEBUG
- printf("hmac input: %s\n",
- octet_string_hex_string(opaque, *opaque_len));
-#endif
- /* bump up the opaque_len to reflect the authentication tag */
- *opaque_len += TAG_LEN;
-
-#if DEBUG
- printf("prot data len: %d\n", *opaque_len);
- printf("prot data: %s\n", octet_string_hex_string(opaque, *opaque_len));
-#endif
- }
-
- return err_status_ok;
-}
-
-err_status_t
-aes_128_cbc_hmac_sha1_96_dec(void *key,
- const void *clear,
- unsigned clear_len,
- void *iv,
- void *opaque,
- unsigned *opaque_len) {
- aes_cbc_ctx_t aes_ctx;
- hmac_ctx_t hmac_ctx;
- unsigned char enc_key[ENC_KEY_LEN];
- unsigned char mac_key[MAC_KEY_LEN];
- unsigned char tmp_tag[TAG_LEN];
- unsigned char *auth_tag;
- unsigned ciphertext_len;
- err_status_t status;
- int i;
-
- /* check if we're doing authentication only */
- if ((iv == NULL) && (opaque == NULL) && (opaque_len == NULL)) {
-
- /* perform authentication only */
-
- } else if ((iv == NULL) || (opaque == NULL) || (opaque_len == NULL)) {
-
- /*
- * bad parameter - we expect either all three pointers to be NULL,
- * or none of those pointers to be NULL
- */
- return err_status_fail;
-
- } else {
-#if DEBUG
- printf("DEC using key %s\n", octet_string_hex_string(key, KEY_LEN));
-#endif
-
- /* derive encryption and authentication keys from the input key */
- status = hmac_init(&hmac_ctx, key, KEY_LEN);
- if (status) return status;
- status = hmac_compute(&hmac_ctx, "ENC", 3, ENC_KEY_LEN, enc_key);
- if (status) return status;
-
- status = hmac_init(&hmac_ctx, key, KEY_LEN);
- if (status) return status;
- status = hmac_compute(&hmac_ctx, "MAC", 3, MAC_KEY_LEN, mac_key);
- if (status) return status;
-
-#if DEBUG
- printf("prot data len: %d\n", *opaque_len);
- printf("prot data: %s\n", octet_string_hex_string(opaque, *opaque_len));
-#endif
-
- /*
- * set the protected data length to that of the ciphertext, by
- * subtracting out the length of the authentication tag
- */
- ciphertext_len = *opaque_len - TAG_LEN;
-
-#if DEBUG
- printf("ciphertext len: %d\n", ciphertext_len);
-#endif
- /* verify the authentication tag */
-
- /*
- * compute the authentication tag for the clear and opaque data,
- * and write it to a temporary location
- */
- status = hmac_init(&hmac_ctx, mac_key, MAC_KEY_LEN);
- if (status) return status;
-
- status = hmac_start(&hmac_ctx);
- if (status) return status;
-
- status = hmac_update(&hmac_ctx, clear, clear_len);
- if (status) return status;
-
-#if DEBUG
- printf("hmac input: %s\n",
- octet_string_hex_string(clear, clear_len));
-#endif
-
- status = hmac_compute(&hmac_ctx, opaque, ciphertext_len, TAG_LEN, tmp_tag);
- if (status) return status;
-
-#if DEBUG
- printf("hmac input: %s\n",
- octet_string_hex_string(opaque, ciphertext_len));
-#endif
-
- /*
- * compare the computed tag with the one provided as input (which
- * immediately follows the ciphertext)
- */
- auth_tag = (unsigned char *)opaque;
- auth_tag += ciphertext_len;
-#if DEBUG
- printf("auth_tag: %s\n", octet_string_hex_string(auth_tag, TAG_LEN));
- printf("tmp_tag: %s\n", octet_string_hex_string(tmp_tag, TAG_LEN));
-#endif
- for (i=0; i < TAG_LEN; i++) {
- if (tmp_tag[i] != auth_tag[i])
- return err_status_auth_fail;
- }
-
- /* bump down the opaque_len to reflect the authentication tag */
- *opaque_len -= TAG_LEN;
-
- /* decrypt the confidential data */
- status = aes_cbc_context_init(&aes_ctx, key, direction_decrypt);
- if (status) return status;
- status = aes_cbc_set_iv(&aes_ctx, iv);
- if (status) return status;
-
-#if DEBUG
- printf("ciphertext: %s\n", octet_string_hex_string(opaque, *opaque_len));
- printf("iv: %s\n", octet_string_hex_string(iv, IV_LEN));
-#endif
-
-#if ENC
- status = aes_cbc_nist_decrypt(&aes_ctx, opaque, &ciphertext_len);
- if (status) return status;
-#endif
-
-#if DEBUG
- printf("plaintext len: %d\n", ciphertext_len);
- printf("plaintext: %s\n",
- octet_string_hex_string(opaque, ciphertext_len));
-#endif
-
- /* indicate the length of the plaintext */
- *opaque_len = ciphertext_len;
- }
-
- return err_status_ok;
-}
-
-cryptoalg_ctx_t cryptoalg_ctx = {
- aes_128_cbc_hmac_sha1_96_enc,
- aes_128_cbc_hmac_sha1_96_dec,
- KEY_LEN,
- IV_LEN,
- TAG_LEN,
- MAX_EXPAND,
-};
-
-cryptoalg_t cryptoalg = &cryptoalg_ctx;
-
-#define NULL_TAG_LEN 12
-
-err_status_t
-null_enc(void *key,
- const void *clear,
- unsigned clear_len,
- void *iv,
- void *opaque,
- unsigned *opaque_len) {
- int i;
- unsigned char *auth_tag;
- unsigned char *init_vec = iv;
-
- /* check if we're doing authentication only */
- if ((iv == NULL) && (opaque == NULL) && (opaque_len == NULL)) {
-
- /* perform authentication only */
-
- } else if ((iv == NULL) || (opaque == NULL) || (opaque_len == NULL)) {
-
- /*
- * bad parameter - we expect either all three pointers to be NULL,
- * or none of those pointers to be NULL
- */
- return err_status_fail;
-
- } else {
-
-#if DEBUG
- printf("NULL ENC using key %s\n", octet_string_hex_string(key, KEY_LEN));
- printf("NULL_TAG_LEN: %d\n", NULL_TAG_LEN);
- printf("plaintext len: %d\n", *opaque_len);
-#endif
- for (i=0; i < IV_LEN; i++)
- init_vec[i] = i + (i * 16);
-#if DEBUG
- printf("iv: %s\n",
- octet_string_hex_string(iv, IV_LEN));
- printf("plaintext: %s\n",
- octet_string_hex_string(opaque, *opaque_len));
-#endif
- auth_tag = opaque;
- auth_tag += *opaque_len;
- for (i=0; i < NULL_TAG_LEN; i++)
- auth_tag[i] = i + (i * 16);
- *opaque_len += NULL_TAG_LEN;
-#if DEBUG
- printf("protected data len: %d\n", *opaque_len);
- printf("protected data: %s\n",
- octet_string_hex_string(opaque, *opaque_len));
-#endif
-
- }
-
- return err_status_ok;
-}
-
-err_status_t
-null_dec(void *key,
- const void *clear,
- unsigned clear_len,
- void *iv,
- void *opaque,
- unsigned *opaque_len) {
- unsigned char *auth_tag;
-
- /* check if we're doing authentication only */
- if ((iv == NULL) && (opaque == NULL) && (opaque_len == NULL)) {
-
- /* perform authentication only */
-
- } else if ((iv == NULL) || (opaque == NULL) || (opaque_len == NULL)) {
-
- /*
- * bad parameter - we expect either all three pointers to be NULL,
- * or none of those pointers to be NULL
- */
- return err_status_fail;
-
- } else {
-
-#if DEBUG
- printf("NULL DEC using key %s\n", octet_string_hex_string(key, KEY_LEN));
-
- printf("protected data len: %d\n", *opaque_len);
- printf("protected data: %s\n",
- octet_string_hex_string(opaque, *opaque_len));
-#endif
- auth_tag = opaque;
- auth_tag += (*opaque_len - NULL_TAG_LEN);
-#if DEBUG
- printf("iv: %s\n", octet_string_hex_string(iv, IV_LEN));
-#endif
- *opaque_len -= NULL_TAG_LEN;
-#if DEBUG
- printf("plaintext len: %d\n", *opaque_len);
- printf("plaintext: %s\n",
- octet_string_hex_string(opaque, *opaque_len));
-#endif
- }
-
- return err_status_ok;
-}
-
-cryptoalg_ctx_t null_cryptoalg_ctx = {
- null_enc,
- null_dec,
- KEY_LEN,
- IV_LEN,
- NULL_TAG_LEN,
- MAX_EXPAND,
-};
-
-cryptoalg_t null_cryptoalg = &null_cryptoalg_ctx;
-
-int
-cryptoalg_get_id(cryptoalg_t c) {
- if (c == cryptoalg)
- return 1;
- return 0;
-}
-
-cryptoalg_t
-cryptoalg_find_by_id(int id) {
- switch(id) {
- case 1:
- return cryptoalg;
- default:
- break;
- }
- return 0;
-}
diff --git a/third_party/srtp/crypto/cipher/aes.c b/third_party/srtp/crypto/cipher/aes.c
index f1286c36..e91e5254 100644
--- a/third_party/srtp/crypto/cipher/aes.c
+++ b/third_party/srtp/crypto/cipher/aes.c
@@ -43,6 +43,9 @@
*
*/
+#ifdef HAVE_CONFIG_H
+ #include <config.h>
+#endif
#include "aes.h"
#include "err.h"
@@ -1358,51 +1361,50 @@ static uint32_t U4[256] = {
extern debug_module_t mod_aes_icm;
-void
-aes_expand_encryption_key(const v128_t *key,
- aes_expanded_key_t expanded_key) {
+static void
+aes_128_expand_encryption_key(const uint8_t *key,
+ aes_expanded_key_t *expanded_key) {
int i;
gf2_8 rc;
/* initialize round constant */
rc = 1;
- expanded_key[0].v32[0] = key->v32[0];
- expanded_key[0].v32[1] = key->v32[1];
- expanded_key[0].v32[2] = key->v32[2];
- expanded_key[0].v32[3] = key->v32[3];
+ expanded_key->num_rounds = 10;
+
+ v128_copy_octet_string(&expanded_key->round[0], key);
#if 0
debug_print(mod_aes_icm,
- "expanded key[0]: %s", v128_hex_string(&expanded_key[0]));
+ "expanded key[0]: %s", v128_hex_string(&expanded_key->round[0]));
#endif
/* loop over round keys */
for (i=1; i < 11; i++) {
/* munge first word of round key */
- expanded_key[i].v8[0] = aes_sbox[expanded_key[i-1].v8[13]] ^ rc;
- expanded_key[i].v8[1] = aes_sbox[expanded_key[i-1].v8[14]];
- expanded_key[i].v8[2] = aes_sbox[expanded_key[i-1].v8[15]];
- expanded_key[i].v8[3] = aes_sbox[expanded_key[i-1].v8[12]];
+ expanded_key->round[i].v8[0] = aes_sbox[expanded_key->round[i-1].v8[13]] ^ rc;
+ expanded_key->round[i].v8[1] = aes_sbox[expanded_key->round[i-1].v8[14]];
+ expanded_key->round[i].v8[2] = aes_sbox[expanded_key->round[i-1].v8[15]];
+ expanded_key->round[i].v8[3] = aes_sbox[expanded_key->round[i-1].v8[12]];
- expanded_key[i].v32[0] ^= expanded_key[i-1].v32[0];
+ expanded_key->round[i].v32[0] ^= expanded_key->round[i-1].v32[0];
/* set remaining 32 bit words to the exor of the one previous with
* the one four words previous */
- expanded_key[i].v32[1] =
- expanded_key[i].v32[0] ^ expanded_key[i-1].v32[1];
+ expanded_key->round[i].v32[1] =
+ expanded_key->round[i].v32[0] ^ expanded_key->round[i-1].v32[1];
- expanded_key[i].v32[2] =
- expanded_key[i].v32[1] ^ expanded_key[i-1].v32[2];
+ expanded_key->round[i].v32[2] =
+ expanded_key->round[i].v32[1] ^ expanded_key->round[i-1].v32[2];
- expanded_key[i].v32[3] =
- expanded_key[i].v32[2] ^ expanded_key[i-1].v32[3];
+ expanded_key->round[i].v32[3] =
+ expanded_key->round[i].v32[2] ^ expanded_key->round[i-1].v32[3];
#if 0
debug_print2(mod_aes_icm,
- "expanded key[%d]: %s", i,v128_hex_string(&expanded_key[i]));
+ "expanded key[%d]: %s", i,v128_hex_string(&expanded_key->round[i]));
#endif
/* modify round constant */
@@ -1411,19 +1413,107 @@ aes_expand_encryption_key(const v128_t *key,
}
}
-void
-aes_expand_decryption_key(const v128_t *key,
- aes_expanded_key_t expanded_key) {
+static void
+aes_256_expand_encryption_key(const unsigned char *key,
+ aes_expanded_key_t *expanded_key) {
+ int i;
+ gf2_8 rc;
+
+ /* initialize round constant */
+ rc = 1;
+
+ expanded_key->num_rounds = 14;
+
+ v128_copy_octet_string(&expanded_key->round[0], key);
+ v128_copy_octet_string(&expanded_key->round[1], key+16);
+
+#if 0
+ debug_print(mod_aes_icm,
+ "expanded key[0]: %s", v128_hex_string(&expanded_key->round[0]));
+ debug_print(mod_aes_icm,
+ "expanded key[1]: %s", v128_hex_string(&expanded_key->round[1]));
+#endif
+
+ /* loop over rest of round keys */
+ for (i=2; i < 15; i++) {
+
+ /* munge first word of round key */
+ if ((i & 1) == 0) {
+ expanded_key->round[i].v8[0] = aes_sbox[expanded_key->round[i-1].v8[13]] ^ rc;
+ expanded_key->round[i].v8[1] = aes_sbox[expanded_key->round[i-1].v8[14]];
+ expanded_key->round[i].v8[2] = aes_sbox[expanded_key->round[i-1].v8[15]];
+ expanded_key->round[i].v8[3] = aes_sbox[expanded_key->round[i-1].v8[12]];
+
+ /* modify round constant */
+ rc = gf2_8_shift(rc);
+ }
+ else {
+ expanded_key->round[i].v8[0] = aes_sbox[expanded_key->round[i-1].v8[12]];
+ expanded_key->round[i].v8[1] = aes_sbox[expanded_key->round[i-1].v8[13]];
+ expanded_key->round[i].v8[2] = aes_sbox[expanded_key->round[i-1].v8[14]];
+ expanded_key->round[i].v8[3] = aes_sbox[expanded_key->round[i-1].v8[15]];
+ }
+
+ expanded_key->round[i].v32[0] ^= expanded_key->round[i-2].v32[0];
+
+ /* set remaining 32 bit words to the exor of the one previous with
+ * the one eight words previous */
+
+ expanded_key->round[i].v32[1] =
+ expanded_key->round[i].v32[0] ^ expanded_key->round[i-2].v32[1];
+
+ expanded_key->round[i].v32[2] =
+ expanded_key->round[i].v32[1] ^ expanded_key->round[i-2].v32[2];
+
+ expanded_key->round[i].v32[3] =
+ expanded_key->round[i].v32[2] ^ expanded_key->round[i-2].v32[3];
+
+#if 0
+ debug_print2(mod_aes_icm,
+ "expanded key[%d]: %s", i,v128_hex_string(&expanded_key->round[i]));
+#endif
+
+ }
+}
+
+err_status_t
+aes_expand_encryption_key(const uint8_t *key,
+ int key_len,
+ aes_expanded_key_t *expanded_key) {
+ if (key_len == 16) {
+ aes_128_expand_encryption_key(key, expanded_key);
+ return err_status_ok;
+ }
+ else if (key_len == 24) {
+ /* AES-192 not yet supported */
+ return err_status_bad_param;
+ }
+ else if (key_len == 32) {
+ aes_256_expand_encryption_key(key, expanded_key);
+ return err_status_ok;
+ }
+ else
+ return err_status_bad_param;
+}
+
+err_status_t
+aes_expand_decryption_key(const uint8_t *key,
+ int key_len,
+ aes_expanded_key_t *expanded_key) {
int i;
+ err_status_t status;
+ int num_rounds = expanded_key->num_rounds;
- aes_expand_encryption_key(key, expanded_key);
+ status = aes_expand_encryption_key(key, key_len, expanded_key);
+ if (status)
+ return status;
/* invert the order of the round keys */
- for (i=0; i < 5; i++) {
+ for (i=0; i < num_rounds/2; i++) {
v128_t tmp;
- v128_copy(&tmp, &expanded_key[10-i]);
- v128_copy(&expanded_key[10-i], &expanded_key[i]);
- v128_copy(&expanded_key[i], &tmp);
+ v128_copy(&tmp, &expanded_key->round[num_rounds-i]);
+ v128_copy(&expanded_key->round[num_rounds-i], &expanded_key->round[i]);
+ v128_copy(&expanded_key->round[i], &tmp);
}
/*
@@ -1434,68 +1524,101 @@ aes_expand_decryption_key(const v128_t *key,
* followed by the T4 table (which cancels out the use of the sbox
* in the U-tables)
*/
- for (i=1; i < 10; i++) {
+ for (i=1; i < num_rounds; i++) {
#ifdef CPU_RISC
uint32_t tmp;
- tmp = expanded_key[i].v32[0];
- expanded_key[i].v32[0] =
+#ifdef WORDS_BIGENDIAN
+ tmp = expanded_key->round[i].v32[0];
+ expanded_key->round[i].v32[0] =
U0[T4[(tmp >> 24) ] & 0xff] ^
U1[T4[(tmp >> 16) & 0xff] & 0xff] ^
U2[T4[(tmp >> 8) & 0xff] & 0xff] ^
U3[T4[(tmp) & 0xff] & 0xff];
- tmp = expanded_key[i].v32[1];
- expanded_key[i].v32[1] =
+ tmp = expanded_key->round[i].v32[1];
+ expanded_key->round[i].v32[1] =
U0[T4[(tmp >> 24) ] & 0xff] ^
U1[T4[(tmp >> 16) & 0xff] & 0xff] ^
U2[T4[(tmp >> 8) & 0xff] & 0xff] ^
U3[T4[(tmp) & 0xff] & 0xff];
- tmp = expanded_key[i].v32[2];
- expanded_key[i].v32[2] =
+ tmp = expanded_key->round[i].v32[2];
+ expanded_key->round[i].v32[2] =
U0[T4[(tmp >> 24) ] & 0xff] ^
U1[T4[(tmp >> 16) & 0xff] & 0xff] ^
U2[T4[(tmp >> 8) & 0xff] & 0xff] ^
U3[T4[(tmp) & 0xff] & 0xff];
- tmp = expanded_key[i].v32[3];
- expanded_key[i].v32[3] =
+ tmp = expanded_key->round[i].v32[3];
+ expanded_key->round[i].v32[3] =
U0[T4[(tmp >> 24) ] & 0xff] ^
U1[T4[(tmp >> 16) & 0xff] & 0xff] ^
U2[T4[(tmp >> 8) & 0xff] & 0xff] ^
U3[T4[(tmp) & 0xff] & 0xff];
+#else
+ tmp = expanded_key->round[i].v32[0];
+ expanded_key->round[i].v32[0] =
+ U3[T4[(tmp >> 24) ] & 0xff] ^
+ U2[T4[(tmp >> 16) & 0xff] & 0xff] ^
+ U1[T4[(tmp >> 8) & 0xff] & 0xff] ^
+ U0[T4[(tmp) & 0xff] & 0xff];
+
+ tmp = expanded_key->round[i].v32[1];
+ expanded_key->round[i].v32[1] =
+ U3[T4[(tmp >> 24) ] & 0xff] ^
+ U2[T4[(tmp >> 16) & 0xff] & 0xff] ^
+ U1[T4[(tmp >> 8) & 0xff] & 0xff] ^
+ U0[T4[(tmp) & 0xff] & 0xff];
+
+ tmp = expanded_key->round[i].v32[2];
+ expanded_key->round[i].v32[2] =
+ U3[T4[(tmp >> 24) ] & 0xff] ^
+ U2[T4[(tmp >> 16) & 0xff] & 0xff] ^
+ U1[T4[(tmp >> 8) & 0xff] & 0xff] ^
+ U0[T4[(tmp) & 0xff] & 0xff];
+
+ tmp = expanded_key->round[i].v32[3];
+ expanded_key->round[i].v32[3] =
+ U3[T4[(tmp >> 24) ] & 0xff] ^
+ U2[T4[(tmp >> 16) & 0xff] & 0xff] ^
+ U1[T4[(tmp >> 8) & 0xff] & 0xff] ^
+ U0[T4[(tmp) & 0xff] & 0xff];
+#endif /* WORDS_BIGENDIAN */
+
#else /* assume CPU_CISC */
uint32_t c0, c1, c2, c3;
- c0 = U0[aes_sbox[expanded_key[i].v8[0]]]
- ^ U1[aes_sbox[expanded_key[i].v8[1]]]
- ^ U2[aes_sbox[expanded_key[i].v8[2]]]
- ^ U3[aes_sbox[expanded_key[i].v8[3]]];
+ c0 = U0[aes_sbox[expanded_key->round[i].v8[0]]]
+ ^ U1[aes_sbox[expanded_key->round[i].v8[1]]]
+ ^ U2[aes_sbox[expanded_key->round[i].v8[2]]]
+ ^ U3[aes_sbox[expanded_key->round[i].v8[3]]];
- c1 = U0[aes_sbox[expanded_key[i].v8[4]]]
- ^ U1[aes_sbox[expanded_key[i].v8[5]]]
- ^ U2[aes_sbox[expanded_key[i].v8[6]]]
- ^ U3[aes_sbox[expanded_key[i].v8[7]]];
+ c1 = U0[aes_sbox[expanded_key->round[i].v8[4]]]
+ ^ U1[aes_sbox[expanded_key->round[i].v8[5]]]
+ ^ U2[aes_sbox[expanded_key->round[i].v8[6]]]
+ ^ U3[aes_sbox[expanded_key->round[i].v8[7]]];
- c2 = U0[aes_sbox[expanded_key[i].v8[8]]]
- ^ U1[aes_sbox[expanded_key[i].v8[9]]]
- ^ U2[aes_sbox[expanded_key[i].v8[10]]]
- ^ U3[aes_sbox[expanded_key[i].v8[11]]];
+ c2 = U0[aes_sbox[expanded_key->round[i].v8[8]]]
+ ^ U1[aes_sbox[expanded_key->round[i].v8[9]]]
+ ^ U2[aes_sbox[expanded_key->round[i].v8[10]]]
+ ^ U3[aes_sbox[expanded_key->round[i].v8[11]]];
- c3 = U0[aes_sbox[expanded_key[i].v8[12]]]
- ^ U1[aes_sbox[expanded_key[i].v8[13]]]
- ^ U2[aes_sbox[expanded_key[i].v8[14]]]
- ^ U3[aes_sbox[expanded_key[i].v8[15]]];
+ c3 = U0[aes_sbox[expanded_key->round[i].v8[12]]]
+ ^ U1[aes_sbox[expanded_key->round[i].v8[13]]]
+ ^ U2[aes_sbox[expanded_key->round[i].v8[14]]]
+ ^ U3[aes_sbox[expanded_key->round[i].v8[15]]];
- expanded_key[i].v32[0] = c0;
- expanded_key[i].v32[1] = c1;
- expanded_key[i].v32[2] = c2;
- expanded_key[i].v32[3] = c3;
+ expanded_key->round[i].v32[0] = c0;
+ expanded_key->round[i].v32[1] = c1;
+ expanded_key->round[i].v32[2] = c2;
+ expanded_key->round[i].v32[3] = c3;
#endif
}
+
+ return err_status_ok;
}
#ifdef CPU_CISC
@@ -1676,7 +1799,6 @@ aes_inv_round(v128_t *state, const v128_t *round_key) {
of state, using the tables U0, U1, U2, U3 */
#ifdef WORDS_BIGENDIAN
- /* FIX! WRong indexes */
column0 = U0[state->v32[0] >> 24] ^ U1[(state->v32[3] >> 16) & 0xff]
^ U2[(state->v32[2] >> 8) & 0xff] ^ U3[state->v32[1] & 0xff];
@@ -1689,17 +1811,17 @@ aes_inv_round(v128_t *state, const v128_t *round_key) {
column3 = U0[state->v32[3] >> 24] ^ U1[(state->v32[2] >> 16) & 0xff]
^ U2[(state->v32[1] >> 8) & 0xff] ^ U3[state->v32[0] & 0xff];
#else
- column0 = U0[state->v32[0] & 0xff] ^ U1[(state->v32[1] >> 8) & 0xff]
- ^ U2[(state->v32[2] >> 16) & 0xff] ^ U3[state->v32[3] >> 24];
+ column0 = U0[state->v32[0] & 0xff] ^ U1[(state->v32[3] >> 8) & 0xff]
+ ^ U2[(state->v32[2] >> 16) & 0xff] ^ U3[(state->v32[1] >> 24) & 0xff];
- column1 = U0[state->v32[1] & 0xff] ^ U1[(state->v32[2] >> 8) & 0xff]
- ^ U2[(state->v32[3] >> 16) & 0xff] ^ U3[state->v32[0] >> 24];
+ column1 = U0[state->v32[1] & 0xff] ^ U1[(state->v32[0] >> 8) & 0xff]
+ ^ U2[(state->v32[3] >> 16) & 0xff] ^ U3[(state->v32[2] >> 24) & 0xff];
- column2 = U0[state->v32[2] & 0xff] ^ U1[(state->v32[3] >> 8) & 0xff]
- ^ U2[(state->v32[0] >> 16) & 0xff] ^ U3[state->v32[1] >> 24];
+ column2 = U0[state->v32[2] & 0xff] ^ U1[(state->v32[1] >> 8) & 0xff]
+ ^ U2[(state->v32[0] >> 16) & 0xff] ^ U3[(state->v32[3] >> 24) & 0xff];
- column3 = U0[state->v32[3] & 0xff] ^ U1[(state->v32[0] >> 8) & 0xff]
- ^ U2[(state->v32[1] >> 16) & 0xff] ^ U3[state->v32[2] >> 24];
+ column3 = U0[state->v32[3] & 0xff] ^ U1[(state->v32[2] >> 8) & 0xff]
+ ^ U2[(state->v32[1] >> 16) & 0xff] ^ U3[(state->v32[0] >> 24) & 0xff];
#endif /* WORDS_BIGENDIAN */
state->v32[0] = column0 ^ round_key->v32[0];
@@ -1713,6 +1835,7 @@ static inline void
aes_final_round(v128_t *state, const v128_t *round_key) {
uint32_t tmp0, tmp1, tmp2, tmp3;
+#ifdef WORDS_BIGENDIAN
tmp0 = (T4[(state->v32[0] >> 24)] & 0xff000000)
^ (T4[(state->v32[1] >> 16) & 0xff] & 0x00ff0000)
^ (T4[(state->v32[2] >> 8) & 0xff] & 0x0000ff00)
@@ -1736,6 +1859,31 @@ aes_final_round(v128_t *state, const v128_t *round_key) {
^ (T4[(state->v32[1] >> 8) & 0xff] & 0x0000ff00)
^ (T4[(state->v32[2] ) & 0xff] & 0x000000ff)
^ round_key->v32[3];
+#else
+ tmp0 = (T4[(state->v32[3] >> 24)] & 0xff000000)
+ ^ (T4[(state->v32[2] >> 16) & 0xff] & 0x00ff0000)
+ ^ (T4[(state->v32[1] >> 8) & 0xff] & 0x0000ff00)
+ ^ (T4[(state->v32[0] ) & 0xff] & 0x000000ff)
+ ^ round_key->v32[0];
+
+ tmp1 = (T4[(state->v32[0] >> 24)] & 0xff000000)
+ ^ (T4[(state->v32[3] >> 16) & 0xff] & 0x00ff0000)
+ ^ (T4[(state->v32[2] >> 8) & 0xff] & 0x0000ff00)
+ ^ (T4[(state->v32[1] ) & 0xff] & 0x000000ff)
+ ^ round_key->v32[1];
+
+ tmp2 = (T4[(state->v32[1] >> 24)] & 0xff000000)
+ ^ (T4[(state->v32[0] >> 16) & 0xff] & 0x00ff0000)
+ ^ (T4[(state->v32[3] >> 8) & 0xff] & 0x0000ff00)
+ ^ (T4[(state->v32[2] ) & 0xff] & 0x000000ff)
+ ^ round_key->v32[2];
+
+ tmp3 = (T4[(state->v32[2] >> 24)] & 0xff000000)
+ ^ (T4[(state->v32[1] >> 16) & 0xff] & 0x00ff0000)
+ ^ (T4[(state->v32[0] >> 8) & 0xff] & 0x0000ff00)
+ ^ (T4[(state->v32[3] ) & 0xff] & 0x000000ff)
+ ^ round_key->v32[3];
+#endif /* WORDS_BIGENDIAN */
state->v32[0] = tmp0;
state->v32[1] = tmp1;
@@ -1748,6 +1896,7 @@ static inline void
aes_inv_final_round(v128_t *state, const v128_t *round_key) {
uint32_t tmp0, tmp1, tmp2, tmp3;
+#ifdef WORDS_BIGENDIAN
tmp0 = (U4[(state->v32[0] >> 24)] & 0xff000000)
^ (U4[(state->v32[3] >> 16) & 0xff] & 0x00ff0000)
^ (U4[(state->v32[2] >> 8) & 0xff] & 0x0000ff00)
@@ -1771,6 +1920,31 @@ aes_inv_final_round(v128_t *state, const v128_t *round_key) {
^ (U4[(state->v32[1] >> 8) & 0xff] & 0x0000ff00)
^ (U4[(state->v32[0] ) & 0xff] & 0x000000ff)
^ round_key->v32[3];
+#else
+ tmp0 = (U4[(state->v32[1] >> 24)] & 0xff000000)
+ ^ (U4[(state->v32[2] >> 16) & 0xff] & 0x00ff0000)
+ ^ (U4[(state->v32[3] >> 8) & 0xff] & 0x0000ff00)
+ ^ (U4[(state->v32[0] ) & 0xff] & 0x000000ff)
+ ^ round_key->v32[0];
+
+ tmp1 = (U4[(state->v32[2] >> 24)] & 0xff000000)
+ ^ (U4[(state->v32[3] >> 16) & 0xff] & 0x00ff0000)
+ ^ (U4[(state->v32[0] >> 8) & 0xff] & 0x0000ff00)
+ ^ (U4[(state->v32[1] ) & 0xff] & 0x000000ff)
+ ^ round_key->v32[1];
+
+ tmp2 = (U4[(state->v32[3] >> 24)] & 0xff000000)
+ ^ (U4[(state->v32[0] >> 16) & 0xff] & 0x00ff0000)
+ ^ (U4[(state->v32[1] >> 8) & 0xff] & 0x0000ff00)
+ ^ (U4[(state->v32[2] ) & 0xff] & 0x000000ff)
+ ^ round_key->v32[2];
+
+ tmp3 = (U4[(state->v32[0] >> 24)] & 0xff000000)
+ ^ (U4[(state->v32[1] >> 16) & 0xff] & 0x00ff0000)
+ ^ (U4[(state->v32[2] >> 8) & 0xff] & 0x0000ff00)
+ ^ (U4[(state->v32[3] ) & 0xff] & 0x000000ff)
+ ^ round_key->v32[3];
+#endif /* WORDS_BIGENDIAN */
state->v32[0] = tmp0;
state->v32[1] = tmp1;
@@ -1910,42 +2084,67 @@ aes_inv_final_round(v128_t *state, const v128_t *round_key) {
void
-aes_encrypt(v128_t *plaintext, const aes_expanded_key_t exp_key) {
+aes_encrypt(v128_t *plaintext, const aes_expanded_key_t *exp_key) {
/* add in the subkey */
- v128_xor_eq(plaintext, exp_key + 0);
-
- /* now do nine rounds */
- aes_round(plaintext, exp_key + 1);
- aes_round(plaintext, exp_key + 2);
- aes_round(plaintext, exp_key + 3);
- aes_round(plaintext, exp_key + 4);
- aes_round(plaintext, exp_key + 5);
- aes_round(plaintext, exp_key + 6);
- aes_round(plaintext, exp_key + 7);
- aes_round(plaintext, exp_key + 8);
- aes_round(plaintext, exp_key + 9);
- /* the last round is different */
-
- aes_final_round(plaintext, exp_key + 10);
+ v128_xor_eq(plaintext, &exp_key->round[0]);
+
+ /* now do the rounds */
+ aes_round(plaintext, &exp_key->round[1]);
+ aes_round(plaintext, &exp_key->round[2]);
+ aes_round(plaintext, &exp_key->round[3]);
+ aes_round(plaintext, &exp_key->round[4]);
+ aes_round(plaintext, &exp_key->round[5]);
+ aes_round(plaintext, &exp_key->round[6]);
+ aes_round(plaintext, &exp_key->round[7]);
+ aes_round(plaintext, &exp_key->round[8]);
+ aes_round(plaintext, &exp_key->round[9]);
+ if (exp_key->num_rounds == 10) {
+ aes_final_round(plaintext, &exp_key->round[10]);
+ }
+ else if (exp_key->num_rounds == 12) {
+ aes_round(plaintext, &exp_key->round[10]);
+ aes_round(plaintext, &exp_key->round[11]);
+ aes_final_round(plaintext, &exp_key->round[12]);
+ }
+ else if (exp_key->num_rounds == 14) {
+ aes_round(plaintext, &exp_key->round[10]);
+ aes_round(plaintext, &exp_key->round[11]);
+ aes_round(plaintext, &exp_key->round[12]);
+ aes_round(plaintext, &exp_key->round[13]);
+ aes_final_round(plaintext, &exp_key->round[14]);
+ }
}
void
-aes_decrypt(v128_t *plaintext, const aes_expanded_key_t exp_key) {
+aes_decrypt(v128_t *plaintext, const aes_expanded_key_t *exp_key) {
/* add in the subkey */
- v128_xor_eq(plaintext, exp_key + 0);
-
- /* now do nine rounds */
- aes_inv_round(plaintext, exp_key + 1);
- aes_inv_round(plaintext, exp_key + 2);
- aes_inv_round(plaintext, exp_key + 3);
- aes_inv_round(plaintext, exp_key + 4);
- aes_inv_round(plaintext, exp_key + 5);
- aes_inv_round(plaintext, exp_key + 6);
- aes_inv_round(plaintext, exp_key + 7);
- aes_inv_round(plaintext, exp_key + 8);
- aes_inv_round(plaintext, exp_key + 9);
- /* the last round is different */
- aes_inv_final_round(plaintext, exp_key + 10);
+ v128_xor_eq(plaintext, &exp_key->round[0]);
+
+ /* now do the rounds */
+ aes_inv_round(plaintext, &exp_key->round[1]);
+ aes_inv_round(plaintext, &exp_key->round[2]);
+ aes_inv_round(plaintext, &exp_key->round[3]);
+ aes_inv_round(plaintext, &exp_key->round[4]);
+ aes_inv_round(plaintext, &exp_key->round[5]);
+ aes_inv_round(plaintext, &exp_key->round[6]);
+ aes_inv_round(plaintext, &exp_key->round[7]);
+ aes_inv_round(plaintext, &exp_key->round[8]);
+ aes_inv_round(plaintext, &exp_key->round[9]);
+ if (exp_key->num_rounds == 10) {
+ aes_inv_final_round(plaintext, &exp_key->round[10]);
+ }
+ else if (exp_key->num_rounds == 12) {
+ aes_inv_round(plaintext, &exp_key->round[10]);
+ aes_inv_round(plaintext, &exp_key->round[11]);
+ aes_inv_final_round(plaintext, &exp_key->round[12]);
+ }
+ else if (exp_key->num_rounds == 14) {
+ aes_inv_round(plaintext, &exp_key->round[10]);
+ aes_inv_round(plaintext, &exp_key->round[11]);
+ aes_inv_round(plaintext, &exp_key->round[12]);
+ aes_inv_round(plaintext, &exp_key->round[13]);
+ aes_inv_final_round(plaintext, &exp_key->round[14]);
+ }
}
diff --git a/third_party/srtp/crypto/cipher/aes_cbc.c b/third_party/srtp/crypto/cipher/aes_cbc.c
index 8fc6a327..11953bf2 100644
--- a/third_party/srtp/crypto/cipher/aes_cbc.c
+++ b/third_party/srtp/crypto/cipher/aes_cbc.c
@@ -43,6 +43,9 @@
*
*/
+#ifdef HAVE_CONFIG_H
+ #include <config.h>
+#endif
#include "aes_cbc.h"
#include "alloc.h"
@@ -55,7 +58,7 @@ debug_module_t mod_aes_cbc = {
err_status_t
-aes_cbc_alloc(cipher_t **c, int key_len) {
+aes_cbc_alloc(cipher_t **c, int key_len, int tlen) {
extern cipher_type_t aes_cbc;
uint8_t *pointer;
int tmp;
@@ -63,10 +66,10 @@ aes_cbc_alloc(cipher_t **c, int key_len) {
debug_print(mod_aes_cbc,
"allocating cipher with key length %d", key_len);
- if (key_len != 16)
+ if (key_len != 16 && key_len != 24 && key_len != 32)
return err_status_bad_param;
- /* allocate memory a cipher of type aes_icm */
+ /* allocate memory a cipher of type aes_cbc */
tmp = (sizeof(aes_cbc_ctx_t) + sizeof(cipher_t));
pointer = (uint8_t*)crypto_alloc(tmp);
if (pointer == NULL)
@@ -74,6 +77,7 @@ aes_cbc_alloc(cipher_t **c, int key_len) {
/* set pointers */
*c = (cipher_t *)pointer;
+ (*c)->algorithm = AES_CBC;
(*c)->type = &aes_cbc;
(*c)->state = pointer + sizeof(cipher_t);
@@ -104,35 +108,25 @@ aes_cbc_dealloc(cipher_t *c) {
}
err_status_t
-aes_cbc_context_init(aes_cbc_ctx_t *c, const uint8_t *key,
- cipher_direction_t dir) {
- v128_t tmp_key;
-
- /* set tmp_key (for alignment) */
- v128_copy_octet_string(&tmp_key, key);
+aes_cbc_context_init(aes_cbc_ctx_t *c, const uint8_t *key, int key_len) {
debug_print(mod_aes_cbc,
- "key: %s", v128_hex_string(&tmp_key));
-
- /* expand key for the appropriate direction */
- switch (dir) {
- case (direction_encrypt):
- aes_expand_encryption_key(&tmp_key, c->expanded_key);
- break;
- case (direction_decrypt):
- aes_expand_decryption_key(&tmp_key, c->expanded_key);
- break;
- default:
- return err_status_bad_param;
- }
+ "key: %s", octet_string_hex_string(key, key_len));
+ /*
+ * Save the key until we have the IV later. We don't
+ * know the direction until the IV is set.
+ */
+ c->key_len = (key_len <= 32 ? key_len : 32);
+ memcpy(c->key, key, c->key_len);
return err_status_ok;
}
err_status_t
-aes_cbc_set_iv(aes_cbc_ctx_t *c, void *iv) {
+aes_cbc_set_iv(aes_cbc_ctx_t *c, void *iv, int direction) {
+ err_status_t status;
int i;
/* v128_t *input = iv; */
uint8_t *input = (uint8_t*) iv;
@@ -143,6 +137,24 @@ aes_cbc_set_iv(aes_cbc_ctx_t *c, void *iv) {
debug_print(mod_aes_cbc, "setting iv: %s", v128_hex_string(&c->state));
+ /* expand key for the appropriate direction */
+ switch (direction) {
+ case (direction_encrypt):
+ status = aes_expand_encryption_key(c->key, c->key_len, &c->expanded_key);
+ memset(c->key, 0, 32);
+ if (status)
+ return status;
+ break;
+ case (direction_decrypt):
+ status = aes_expand_decryption_key(c->key, c->key_len, &c->expanded_key);
+ memset(c->key, 0, 32);
+ if (status)
+ return status;
+ break;
+ default:
+ return err_status_bad_param;
+ }
+
return err_status_ok;
}
@@ -181,7 +193,7 @@ aes_cbc_encrypt(aes_cbc_ctx_t *c,
debug_print(mod_aes_cbc, "inblock: %s",
v128_hex_string(&c->state));
- aes_encrypt(&c->state, c->expanded_key);
+ aes_encrypt(&c->state, &c->expanded_key);
debug_print(mod_aes_cbc, "outblock: %s",
v128_hex_string(&c->state));
@@ -236,7 +248,7 @@ aes_cbc_decrypt(aes_cbc_ctx_t *c,
v128_hex_string(&state));
/* decrypt state */
- aes_decrypt(&state, c->expanded_key);
+ aes_decrypt(&state, &c->expanded_key);
debug_print(mod_aes_cbc, "outblock: %s",
v128_hex_string(&state));
@@ -332,7 +344,7 @@ char
aes_cbc_description[] = "aes cipher block chaining (cbc) mode";
/*
- * Test case 0 is derived from FIPS 197 Appendix A; it uses an
+ * Test case 0 is derived from FIPS 197 Appendix C; it uses an
* all-zero IV, so that the first block encryption matches the test
* case in that appendix. This property provides a check of the base
* AES encryption and decryption algorithms; if CBC fails on some
@@ -374,6 +386,9 @@ cipher_test_case_t aes_cbc_test_case_0 = {
aes_cbc_test_case_0_plaintext, /* plaintext */
32, /* octets in ciphertext */
aes_cbc_test_case_0_ciphertext, /* ciphertext */
+ 0,
+ NULL,
+ 0,
NULL /* pointer to next testcase */
};
@@ -425,20 +440,126 @@ cipher_test_case_t aes_cbc_test_case_1 = {
aes_cbc_test_case_1_plaintext, /* plaintext */
80, /* octets in ciphertext */
aes_cbc_test_case_1_ciphertext, /* ciphertext */
+ 0,
+ NULL,
+ 0,
&aes_cbc_test_case_0 /* pointer to next testcase */
};
+/*
+ * Test case 2 is like test case 0, but for 256-bit keys. (FIPS 197
+ * appendix C.3).
+ */
+
+
+uint8_t aes_cbc_test_case_2_key[32] = {
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+ 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+ 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
+};
+
+uint8_t aes_cbc_test_case_2_plaintext[64] = {
+ 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
+ 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff
+};
+
+uint8_t aes_cbc_test_case_2_ciphertext[80] = {
+ 0x8e, 0xa2, 0xb7, 0xca, 0x51, 0x67, 0x45, 0xbf,
+ 0xea, 0xfc, 0x49, 0x90, 0x4b, 0x49, 0x60, 0x89,
+ 0x72, 0x72, 0x6e, 0xe7, 0x71, 0x39, 0xbf, 0x11,
+ 0xe5, 0x40, 0xe2, 0x7c, 0x54, 0x65, 0x1d, 0xee
+};
+
+uint8_t aes_cbc_test_case_2_iv[16] = {
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+};
+
+cipher_test_case_t aes_cbc_test_case_2 = {
+ 32, /* octets in key */
+ aes_cbc_test_case_2_key, /* key */
+ aes_cbc_test_case_2_iv, /* initialization vector */
+ 16, /* octets in plaintext */
+ aes_cbc_test_case_2_plaintext, /* plaintext */
+ 32, /* octets in ciphertext */
+ aes_cbc_test_case_2_ciphertext, /* ciphertext */
+ 0,
+ NULL,
+ 0,
+ &aes_cbc_test_case_1 /* pointer to next testcase */
+};
+
+
+/*
+ * this test case is taken directly from Appendix F.2 of NIST Special
+ * Publication SP 800-38A
+ */
+
+uint8_t aes_cbc_test_case_3_key[32] = {
+ 0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe,
+ 0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81,
+ 0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7,
+ 0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4
+};
+
+uint8_t aes_cbc_test_case_3_plaintext[64] = {
+ 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
+ 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
+ 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
+ 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
+ 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11,
+ 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef,
+ 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17,
+ 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10
+};
+
+uint8_t aes_cbc_test_case_3_ciphertext[80] = {
+ 0xf5, 0x8c, 0x4c, 0x04, 0xd6, 0xe5, 0xf1, 0xba,
+ 0x77, 0x9e, 0xab, 0xfb, 0x5f, 0x7b, 0xfb, 0xd6,
+ 0x9c, 0xfc, 0x4e, 0x96, 0x7e, 0xdb, 0x80, 0x8d,
+ 0x67, 0x9f, 0x77, 0x7b, 0xc6, 0x70, 0x2c, 0x7d,
+ 0x39, 0xf2, 0x33, 0x69, 0xa9, 0xd9, 0xba, 0xcf,
+ 0xa5, 0x30, 0xe2, 0x63, 0x04, 0x23, 0x14, 0x61,
+ 0xb2, 0xeb, 0x05, 0xe2, 0xc3, 0x9b, 0xe9, 0xfc,
+ 0xda, 0x6c, 0x19, 0x07, 0x8c, 0x6a, 0x9d, 0x1b,
+ 0xfb, 0x98, 0x20, 0x2c, 0x45, 0xb2, 0xe4, 0xa0,
+ 0x63, 0xc4, 0x68, 0xba, 0x84, 0x39, 0x16, 0x5a
+};
+
+uint8_t aes_cbc_test_case_3_iv[16] = {
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
+};
+
+cipher_test_case_t aes_cbc_test_case_3 = {
+ 32, /* octets in key */
+ aes_cbc_test_case_3_key, /* key */
+ aes_cbc_test_case_3_iv, /* initialization vector */
+ 64, /* octets in plaintext */
+ aes_cbc_test_case_3_plaintext, /* plaintext */
+ 80, /* octets in ciphertext */
+ aes_cbc_test_case_3_ciphertext, /* ciphertext */
+ 0,
+ NULL,
+ 0,
+ &aes_cbc_test_case_2 /* pointer to next testcase */
+};
+
cipher_type_t aes_cbc = {
(cipher_alloc_func_t) aes_cbc_alloc,
(cipher_dealloc_func_t) aes_cbc_dealloc,
(cipher_init_func_t) aes_cbc_context_init,
+ (cipher_set_aad_func_t) 0,
(cipher_encrypt_func_t) aes_cbc_nist_encrypt,
(cipher_decrypt_func_t) aes_cbc_nist_decrypt,
(cipher_set_iv_func_t) aes_cbc_set_iv,
+ (cipher_get_tag_func_t) 0,
(char *) aes_cbc_description,
(int) 0, /* instance count */
- (cipher_test_case_t *) &aes_cbc_test_case_0,
- (debug_module_t *) &mod_aes_cbc
+ (cipher_test_case_t *) &aes_cbc_test_case_3,
+ (debug_module_t *) &mod_aes_cbc,
+ (cipher_type_id_t) AES_CBC
};
diff --git a/third_party/srtp/crypto/cipher/aes_gcm_ossl.c b/third_party/srtp/crypto/cipher/aes_gcm_ossl.c
new file mode 100644
index 00000000..dce2a337
--- /dev/null
+++ b/third_party/srtp/crypto/cipher/aes_gcm_ossl.c
@@ -0,0 +1,570 @@
+/*
+ * aes_gcm_ossl.c
+ *
+ * AES Galois Counter Mode
+ *
+ * John A. Foley
+ * Cisco Systems, Inc.
+ *
+ */
+
+/*
+ *
+ * Copyright (c) 2013, Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following
+ * disclaimer in the documentation and/or other materials provided
+ * with the distribution.
+ *
+ * Neither the name of the Cisco Systems, Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#ifdef HAVE_CONFIG_H
+ #include <config.h>
+#endif
+
+#include <openssl/evp.h>
+#include "aes_icm_ossl.h"
+#include "aes_gcm_ossl.h"
+#include "alloc.h"
+#include "crypto_types.h"
+
+
+debug_module_t mod_aes_gcm = {
+ 0, /* debugging is off by default */
+ "aes gcm" /* printable module name */
+};
+
+/*
+ * The following are the global singleton instances for the
+ * 128-bit and 256-bit GCM ciphers.
+ */
+extern cipher_type_t aes_gcm_128_openssl;
+extern cipher_type_t aes_gcm_256_openssl;
+
+/*
+ * For now we only support 8 and 16 octet tags. The spec allows for
+ * optional 12 byte tag, which may be supported in the future.
+ */
+#define GCM_AUTH_TAG_LEN 16
+#define GCM_AUTH_TAG_LEN_8 8
+
+
+/*
+ * This function allocates a new instance of this crypto engine.
+ * The key_len parameter should be one of 28 or 44 for
+ * AES-128-GCM or AES-256-GCM respectively. Note that the
+ * key length includes the 14 byte salt value that is used when
+ * initializing the KDF.
+ */
+err_status_t aes_gcm_openssl_alloc (cipher_t **c, int key_len, int tlen)
+{
+ aes_gcm_ctx_t *gcm;
+ int tmp;
+ uint8_t *allptr;
+
+ debug_print(mod_aes_gcm, "allocating cipher with key length %d", key_len);
+ debug_print(mod_aes_gcm, "allocating cipher with tag length %d", tlen);
+
+ /*
+ * Verify the key_len is valid for one of: AES-128/256
+ */
+ if (key_len != AES_128_GCM_KEYSIZE_WSALT &&
+ key_len != AES_256_GCM_KEYSIZE_WSALT) {
+ return (err_status_bad_param);
+ }
+
+ if (tlen != GCM_AUTH_TAG_LEN &&
+ tlen != GCM_AUTH_TAG_LEN_8) {
+ return (err_status_bad_param);
+ }
+
+ /* allocate memory a cipher of type aes_gcm */
+ tmp = sizeof(cipher_t) + sizeof(aes_gcm_ctx_t);
+ allptr = crypto_alloc(tmp);
+ if (allptr == NULL) {
+ return (err_status_alloc_fail);
+ }
+
+ /* set pointers */
+ *c = (cipher_t*)allptr;
+ (*c)->state = allptr + sizeof(cipher_t);
+ gcm = (aes_gcm_ctx_t *)(*c)->state;
+
+ /* increment ref_count */
+ switch (key_len) {
+ case AES_128_GCM_KEYSIZE_WSALT:
+ (*c)->type = &aes_gcm_128_openssl;
+ (*c)->algorithm = AES_128_GCM;
+ aes_gcm_128_openssl.ref_count++;
+ ((aes_gcm_ctx_t*)(*c)->state)->key_size = AES_128_KEYSIZE;
+ ((aes_gcm_ctx_t*)(*c)->state)->tag_len = tlen;
+ break;
+ case AES_256_GCM_KEYSIZE_WSALT:
+ (*c)->type = &aes_gcm_256_openssl;
+ (*c)->algorithm = AES_256_GCM;
+ aes_gcm_256_openssl.ref_count++;
+ ((aes_gcm_ctx_t*)(*c)->state)->key_size = AES_256_KEYSIZE;
+ ((aes_gcm_ctx_t*)(*c)->state)->tag_len = tlen;
+ break;
+ }
+
+ /* set key size */
+ (*c)->key_len = key_len;
+ EVP_CIPHER_CTX_init(&gcm->ctx);
+
+ return (err_status_ok);
+}
+
+
+/*
+ * This function deallocates a GCM session
+ */
+err_status_t aes_gcm_openssl_dealloc (cipher_t *c)
+{
+ aes_gcm_ctx_t *ctx;
+
+ ctx = (aes_gcm_ctx_t*)c->state;
+ if (ctx) {
+ EVP_CIPHER_CTX_cleanup(&ctx->ctx);
+ /* decrement ref_count for the appropriate engine */
+ switch (ctx->key_size) {
+ case AES_256_KEYSIZE:
+ aes_gcm_256_openssl.ref_count--;
+ break;
+ case AES_128_KEYSIZE:
+ aes_gcm_128_openssl.ref_count--;
+ break;
+ default:
+ return (err_status_dealloc_fail);
+ break;
+ }
+ }
+
+ /* zeroize entire state*/
+ octet_string_set_to_zero((uint8_t*)c, sizeof(cipher_t) + sizeof(aes_gcm_ctx_t));
+
+ /* free memory */
+ crypto_free(c);
+
+ return (err_status_ok);
+}
+
+/*
+ * aes_gcm_openssl_context_init(...) initializes the aes_gcm_context
+ * using the value in key[].
+ *
+ * the key is the secret key
+ */
+err_status_t aes_gcm_openssl_context_init (aes_gcm_ctx_t *c, const uint8_t *key)
+{
+ c->dir = direction_any;
+
+ /* copy key to be used later when CiscoSSL crypto context is created */
+ v128_copy_octet_string((v128_t*)&c->key, key);
+
+ if (c->key_size == AES_256_KEYSIZE) {
+ debug_print(mod_aes_gcm, "Copying last 16 bytes of key: %s",
+ v128_hex_string((v128_t*)(key + AES_128_KEYSIZE)));
+ v128_copy_octet_string(((v128_t*)(&c->key.v8)) + 1,
+ key + AES_128_KEYSIZE);
+ }
+
+ debug_print(mod_aes_gcm, "key: %s", v128_hex_string((v128_t*)&c->key));
+
+ EVP_CIPHER_CTX_cleanup(&c->ctx);
+
+ return (err_status_ok);
+}
+
+
+/*
+ * aes_gcm_openssl_set_iv(c, iv) sets the counter value to the exor of iv with
+ * the offset
+ */
+err_status_t aes_gcm_openssl_set_iv (aes_gcm_ctx_t *c, void *iv,
+ int direction)
+{
+ const EVP_CIPHER *evp;
+
+ if (direction != direction_encrypt && direction != direction_decrypt) {
+ return (err_status_bad_param);
+ }
+ c->dir = direction;
+
+ debug_print(mod_aes_gcm, "setting iv: %s", v128_hex_string(iv));
+
+ switch (c->key_size) {
+ case AES_256_KEYSIZE:
+ evp = EVP_aes_256_gcm();
+ break;
+ case AES_128_KEYSIZE:
+ evp = EVP_aes_128_gcm();
+ break;
+ default:
+ return (err_status_bad_param);
+ break;
+ }
+
+ if (!EVP_CipherInit_ex(&c->ctx, evp, NULL, (const unsigned char*)&c->key.v8,
+ NULL, (c->dir == direction_encrypt ? 1 : 0))) {
+ return (err_status_init_fail);
+ }
+
+ /* set IV len and the IV value, the followiong 3 calls are required */
+ if (!EVP_CIPHER_CTX_ctrl(&c->ctx, EVP_CTRL_GCM_SET_IVLEN, 12, 0)) {
+ return (err_status_init_fail);
+ }
+ if (!EVP_CIPHER_CTX_ctrl(&c->ctx, EVP_CTRL_GCM_SET_IV_FIXED, -1, iv)) {
+ return (err_status_init_fail);
+ }
+ if (!EVP_CIPHER_CTX_ctrl(&c->ctx, EVP_CTRL_GCM_IV_GEN, 0, iv)) {
+ return (err_status_init_fail);
+ }
+
+ return (err_status_ok);
+}
+
+/*
+ * This function processes the AAD
+ *
+ * Parameters:
+ * c Crypto context
+ * aad Additional data to process for AEAD cipher suites
+ * aad_len length of aad buffer
+ */
+err_status_t aes_gcm_openssl_set_aad (aes_gcm_ctx_t *c, unsigned char *aad,
+ unsigned int aad_len)
+{
+ int rv;
+
+ /*
+ * Set dummy tag, OpenSSL requires the Tag to be set before
+ * processing AAD
+ */
+ EVP_CIPHER_CTX_ctrl(&c->ctx, EVP_CTRL_GCM_SET_TAG, c->tag_len, aad);
+
+ rv = EVP_Cipher(&c->ctx, NULL, aad, aad_len);
+ if (rv != aad_len) {
+ return (err_status_algo_fail);
+ } else {
+ return (err_status_ok);
+ }
+}
+
+/*
+ * This function encrypts a buffer using AES GCM mode
+ *
+ * Parameters:
+ * c Crypto context
+ * buf data to encrypt
+ * enc_len length of encrypt buffer
+ */
+err_status_t aes_gcm_openssl_encrypt (aes_gcm_ctx_t *c, unsigned char *buf,
+ unsigned int *enc_len)
+{
+ if (c->dir != direction_encrypt && c->dir != direction_decrypt) {
+ return (err_status_bad_param);
+ }
+
+ /*
+ * Encrypt the data
+ */
+ EVP_Cipher(&c->ctx, buf, buf, *enc_len);
+
+ return (err_status_ok);
+}
+
+/*
+ * This function calculates and returns the GCM tag for a given context.
+ * This should be called after encrypting the data. The *len value
+ * is increased by the tag size. The caller must ensure that *buf has
+ * enough room to accept the appended tag.
+ *
+ * Parameters:
+ * c Crypto context
+ * buf data to encrypt
+ * len length of encrypt buffer
+ */
+err_status_t aes_gcm_openssl_get_tag (aes_gcm_ctx_t *c, unsigned char *buf,
+ int *len)
+{
+ /*
+ * Calculate the tag
+ */
+ EVP_Cipher(&c->ctx, NULL, NULL, 0);
+
+ /*
+ * Retreive the tag
+ */
+ EVP_CIPHER_CTX_ctrl(&c->ctx, EVP_CTRL_GCM_GET_TAG, c->tag_len, buf);
+
+ /*
+ * Increase encryption length by desired tag size
+ */
+ *len = c->tag_len;
+
+ return (err_status_ok);
+}
+
+
+/*
+ * This function decrypts a buffer using AES GCM mode
+ *
+ * Parameters:
+ * c Crypto context
+ * buf data to encrypt
+ * enc_len length of encrypt buffer
+ */
+err_status_t aes_gcm_openssl_decrypt (aes_gcm_ctx_t *c, unsigned char *buf,
+ unsigned int *enc_len)
+{
+ if (c->dir != direction_encrypt && c->dir != direction_decrypt) {
+ return (err_status_bad_param);
+ }
+
+ /*
+ * Set the tag before decrypting
+ */
+ EVP_CIPHER_CTX_ctrl(&c->ctx, EVP_CTRL_GCM_SET_TAG, c->tag_len,
+ buf + (*enc_len - c->tag_len));
+ EVP_Cipher(&c->ctx, buf, buf, *enc_len - c->tag_len);
+
+ /*
+ * Check the tag
+ */
+ if (EVP_Cipher(&c->ctx, NULL, NULL, 0)) {
+ return (err_status_auth_fail);
+ }
+
+ /*
+ * Reduce the buffer size by the tag length since the tag
+ * is not part of the original payload
+ */
+ *enc_len -= c->tag_len;
+
+ return (err_status_ok);
+}
+
+
+
+/*
+ * Name of this crypto engine
+ */
+char aes_gcm_128_openssl_description[] = "AES-128 GCM using openssl";
+char aes_gcm_256_openssl_description[] = "AES-256 GCM using openssl";
+
+
+/*
+ * KAT values for AES self-test. These
+ * values we're derived from independent test code
+ * using OpenSSL.
+ */
+uint8_t aes_gcm_test_case_0_key[AES_128_GCM_KEYSIZE_WSALT] = {
+ 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
+ 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
+ 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
+ 0x09, 0x0a, 0x0b, 0x0c,
+};
+
+uint8_t aes_gcm_test_case_0_iv[12] = {
+ 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
+ 0xde, 0xca, 0xf8, 0x88
+};
+
+uint8_t aes_gcm_test_case_0_plaintext[60] = {
+ 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
+ 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
+ 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
+ 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
+ 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
+ 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
+ 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
+ 0xba, 0x63, 0x7b, 0x39
+};
+
+uint8_t aes_gcm_test_case_0_aad[20] = {
+ 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
+ 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
+ 0xab, 0xad, 0xda, 0xd2
+};
+
+uint8_t aes_gcm_test_case_0_ciphertext[76] = {
+ 0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24,
+ 0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c,
+ 0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0,
+ 0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e,
+ 0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c,
+ 0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05,
+ 0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97,
+ 0x3d, 0x58, 0xe0, 0x91,
+ /* the last 16 bytes are the tag */
+ 0x5b, 0xc9, 0x4f, 0xbc, 0x32, 0x21, 0xa5, 0xdb,
+ 0x94, 0xfa, 0xe9, 0x5a, 0xe7, 0x12, 0x1a, 0x47,
+};
+
+cipher_test_case_t aes_gcm_test_case_0a = {
+ AES_128_GCM_KEYSIZE_WSALT, /* octets in key */
+ aes_gcm_test_case_0_key, /* key */
+ aes_gcm_test_case_0_iv, /* packet index */
+ 60, /* octets in plaintext */
+ aes_gcm_test_case_0_plaintext, /* plaintext */
+ 68, /* octets in ciphertext */
+ aes_gcm_test_case_0_ciphertext, /* ciphertext + tag */
+ 20, /* octets in AAD */
+ aes_gcm_test_case_0_aad, /* AAD */
+ GCM_AUTH_TAG_LEN_8,
+ NULL /* pointer to next testcase */
+};
+
+cipher_test_case_t aes_gcm_test_case_0 = {
+ AES_128_GCM_KEYSIZE_WSALT, /* octets in key */
+ aes_gcm_test_case_0_key, /* key */
+ aes_gcm_test_case_0_iv, /* packet index */
+ 60, /* octets in plaintext */
+ aes_gcm_test_case_0_plaintext, /* plaintext */
+ 76, /* octets in ciphertext */
+ aes_gcm_test_case_0_ciphertext, /* ciphertext + tag */
+ 20, /* octets in AAD */
+ aes_gcm_test_case_0_aad, /* AAD */
+ GCM_AUTH_TAG_LEN,
+ &aes_gcm_test_case_0a /* pointer to next testcase */
+};
+
+uint8_t aes_gcm_test_case_1_key[AES_256_GCM_KEYSIZE_WSALT] = {
+ 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
+ 0xa5, 0x59, 0x09, 0xc5, 0x54, 0x66, 0x93, 0x1c,
+ 0xaf, 0xf5, 0x26, 0x9a, 0x21, 0xd5, 0x14, 0xb2,
+ 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
+ 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
+ 0x09, 0x0a, 0x0b, 0x0c,
+
+};
+
+uint8_t aes_gcm_test_case_1_iv[12] = {
+ 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
+ 0xde, 0xca, 0xf8, 0x88
+};
+
+uint8_t aes_gcm_test_case_1_plaintext[60] = {
+ 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
+ 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
+ 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
+ 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
+ 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
+ 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
+ 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
+ 0xba, 0x63, 0x7b, 0x39
+};
+
+uint8_t aes_gcm_test_case_1_aad[20] = {
+ 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
+ 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
+ 0xab, 0xad, 0xda, 0xd2
+};
+
+uint8_t aes_gcm_test_case_1_ciphertext[76] = {
+ 0x0b, 0x11, 0xcf, 0xaf, 0x68, 0x4d, 0xae, 0x46,
+ 0xc7, 0x90, 0xb8, 0x8e, 0xb7, 0x6a, 0x76, 0x2a,
+ 0x94, 0x82, 0xca, 0xab, 0x3e, 0x39, 0xd7, 0x86,
+ 0x1b, 0xc7, 0x93, 0xed, 0x75, 0x7f, 0x23, 0x5a,
+ 0xda, 0xfd, 0xd3, 0xe2, 0x0e, 0x80, 0x87, 0xa9,
+ 0x6d, 0xd7, 0xe2, 0x6a, 0x7d, 0x5f, 0xb4, 0x80,
+ 0xef, 0xef, 0xc5, 0x29, 0x12, 0xd1, 0xaa, 0x10,
+ 0x09, 0xc9, 0x86, 0xc1,
+ /* the last 16 bytes are the tag */
+ 0x45, 0xbc, 0x03, 0xe6, 0xe1, 0xac, 0x0a, 0x9f,
+ 0x81, 0xcb, 0x8e, 0x5b, 0x46, 0x65, 0x63, 0x1d,
+};
+
+cipher_test_case_t aes_gcm_test_case_1a = {
+ AES_256_GCM_KEYSIZE_WSALT, /* octets in key */
+ aes_gcm_test_case_1_key, /* key */
+ aes_gcm_test_case_1_iv, /* packet index */
+ 60, /* octets in plaintext */
+ aes_gcm_test_case_1_plaintext, /* plaintext */
+ 68, /* octets in ciphertext */
+ aes_gcm_test_case_1_ciphertext, /* ciphertext + tag */
+ 20, /* octets in AAD */
+ aes_gcm_test_case_1_aad, /* AAD */
+ GCM_AUTH_TAG_LEN_8,
+ NULL /* pointer to next testcase */
+};
+
+cipher_test_case_t aes_gcm_test_case_1 = {
+ AES_256_GCM_KEYSIZE_WSALT, /* octets in key */
+ aes_gcm_test_case_1_key, /* key */
+ aes_gcm_test_case_1_iv, /* packet index */
+ 60, /* octets in plaintext */
+ aes_gcm_test_case_1_plaintext, /* plaintext */
+ 76, /* octets in ciphertext */
+ aes_gcm_test_case_1_ciphertext, /* ciphertext + tag */
+ 20, /* octets in AAD */
+ aes_gcm_test_case_1_aad, /* AAD */
+ GCM_AUTH_TAG_LEN,
+ &aes_gcm_test_case_1a /* pointer to next testcase */
+};
+
+/*
+ * This is the vector function table for this crypto engine.
+ */
+cipher_type_t aes_gcm_128_openssl = {
+ (cipher_alloc_func_t) aes_gcm_openssl_alloc,
+ (cipher_dealloc_func_t) aes_gcm_openssl_dealloc,
+ (cipher_init_func_t) aes_gcm_openssl_context_init,
+ (cipher_set_aad_func_t) aes_gcm_openssl_set_aad,
+ (cipher_encrypt_func_t) aes_gcm_openssl_encrypt,
+ (cipher_decrypt_func_t) aes_gcm_openssl_decrypt,
+ (cipher_set_iv_func_t) aes_gcm_openssl_set_iv,
+ (cipher_get_tag_func_t) aes_gcm_openssl_get_tag,
+ (char*) aes_gcm_128_openssl_description,
+ (int) 0, /* instance count */
+ (cipher_test_case_t*) &aes_gcm_test_case_0,
+ (debug_module_t*) &mod_aes_gcm,
+ (cipher_type_id_t) AES_128_GCM
+};
+
+/*
+ * This is the vector function table for this crypto engine.
+ */
+cipher_type_t aes_gcm_256_openssl = {
+ (cipher_alloc_func_t) aes_gcm_openssl_alloc,
+ (cipher_dealloc_func_t) aes_gcm_openssl_dealloc,
+ (cipher_init_func_t) aes_gcm_openssl_context_init,
+ (cipher_set_aad_func_t) aes_gcm_openssl_set_aad,
+ (cipher_encrypt_func_t) aes_gcm_openssl_encrypt,
+ (cipher_decrypt_func_t) aes_gcm_openssl_decrypt,
+ (cipher_set_iv_func_t) aes_gcm_openssl_set_iv,
+ (cipher_get_tag_func_t) aes_gcm_openssl_get_tag,
+ (char*) aes_gcm_256_openssl_description,
+ (int) 0, /* instance count */
+ (cipher_test_case_t*) &aes_gcm_test_case_1,
+ (debug_module_t*) &mod_aes_gcm,
+ (cipher_type_id_t) AES_256_GCM
+};
+
diff --git a/third_party/srtp/crypto/cipher/aes_icm.c b/third_party/srtp/crypto/cipher/aes_icm.c
index e7e8c599..3d97e2ba 100644
--- a/third_party/srtp/crypto/cipher/aes_icm.c
+++ b/third_party/srtp/crypto/cipher/aes_icm.c
@@ -9,7 +9,7 @@
/*
*
- * Copyright (c) 2001-2006, Cisco Systems, Inc.
+ * Copyright (c) 2001-2006,2013 Cisco Systems, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -43,6 +43,9 @@
*
*/
+#ifdef HAVE_CONFIG_H
+ #include <config.h>
+#endif
#define ALIGN_32 0
@@ -101,12 +104,13 @@ aes_icm_alloc_ismacryp(cipher_t **c, int key_len, int forIsmacryp) {
/*
* Ismacryp, for example, uses 16 byte key + 8 byte
* salt so this function is called with key_len = 24.
- * The check for key_len = 30 does not apply. Our usage
+ * The check for key_len = 30/38/46 does not apply. Our usage
* of aes functions with key_len = values other than 30
* has not broken anything. Don't know what would be the
* effect of skipping this check for srtp in general.
*/
- if (!forIsmacryp && key_len != 30)
+ if (!(forIsmacryp && key_len > 16 && key_len < 30) &&
+ key_len != 30 && key_len != 38 && key_len != 46)
return err_status_bad_param;
/* allocate memory a cipher of type aes_icm */
@@ -117,6 +121,17 @@ aes_icm_alloc_ismacryp(cipher_t **c, int key_len, int forIsmacryp) {
/* set pointers */
*c = (cipher_t *)pointer;
+ switch (key_len) {
+ case 46:
+ (*c)->algorithm = AES_256_ICM;
+ break;
+ case 38:
+ (*c)->algorithm = AES_192_ICM;
+ break;
+ default:
+ (*c)->algorithm = AES_128_ICM;
+ break;
+ }
(*c)->type = &aes_icm;
(*c)->state = pointer + sizeof(cipher_t);
@@ -162,30 +177,44 @@ aes_icm_dealloc(cipher_t *c) {
*/
err_status_t
-aes_icm_context_init(aes_icm_ctx_t *c, const uint8_t *key) {
- v128_t tmp_key;
-
- /* set counter and initial values to 'offset' value */
- /* FIX!!! this assumes the salt is at key + 16, and thus that the */
- /* FIX!!! cipher key length is 16! Also note this copies past the
- end of the 'key' array by 2 bytes! */
- v128_copy_octet_string(&c->counter, key + 16);
- v128_copy_octet_string(&c->offset, key + 16);
-
- /* force last two octets of the offset to zero (for srtp compatibility) */
- c->offset.v8[14] = c->offset.v8[15] = 0;
- c->counter.v8[14] = c->counter.v8[15] = 0;
-
- /* set tmp_key (for alignment) */
- v128_copy_octet_string(&tmp_key, key);
+aes_icm_context_init(aes_icm_ctx_t *c, const uint8_t *key, int key_len) {
+ err_status_t status;
+ int base_key_len, copy_len;
+
+ if (key_len > 16 && key_len < 30) /* Ismacryp */
+ base_key_len = 16;
+ else if (key_len == 30 || key_len == 38 || key_len == 46)
+ base_key_len = key_len - 14;
+ else
+ return err_status_bad_param;
+
+ /*
+ * set counter and initial values to 'offset' value, being careful not to
+ * go past the end of the key buffer
+ */
+ v128_set_to_zero(&c->counter);
+ v128_set_to_zero(&c->offset);
+
+ copy_len = key_len - base_key_len;
+ /* force last two octets of the offset to be left zero (for srtp compatibility) */
+ if (copy_len > 14)
+ copy_len = 14;
+
+ memcpy(&c->counter, key + base_key_len, copy_len);
+ memcpy(&c->offset, key + base_key_len, copy_len);
debug_print(mod_aes_icm,
- "key: %s", v128_hex_string(&tmp_key));
+ "key: %s", octet_string_hex_string(key, base_key_len));
debug_print(mod_aes_icm,
"offset: %s", v128_hex_string(&c->offset));
/* expand key */
- aes_expand_encryption_key(&tmp_key, c->expanded_key);
+ status = aes_expand_encryption_key(key, base_key_len, &c->expanded_key);
+ if (status) {
+ v128_set_to_zero(&c->counter);
+ v128_set_to_zero(&c->offset);
+ return status;
+ }
/* indicate that the keystream_buffer is empty */
c->bytes_in_buffer = 0;
@@ -210,7 +239,7 @@ aes_icm_set_octet(aes_icm_ctx_t *c,
((high32(octet_num) & 0x0f)<<(32-4)) |
(low32(octet_num) >> 4));
#else
- int tail_num = octet_num % 16;
+ int tail_num = (int)(octet_num % 16);
uint64_t block_num = octet_num / 16;
#endif
@@ -231,7 +260,7 @@ aes_icm_set_octet(aes_icm_ctx_t *c,
/* fill keystream buffer, if needed */
if (tail_num) {
v128_copy(&c->keystream_buffer, &c->counter);
- aes_encrypt(&c->keystream_buffer, c->expanded_key);
+ aes_encrypt(&c->keystream_buffer, &c->expanded_key);
c->bytes_in_buffer = sizeof(v128_t);
debug_print(mod_aes_icm, "counter: %s",
@@ -257,13 +286,16 @@ aes_icm_set_octet(aes_icm_ctx_t *c,
*/
err_status_t
-aes_icm_set_iv(aes_icm_ctx_t *c, void *iv) {
- v128_t *nonce = (v128_t *) iv;
+aes_icm_set_iv(aes_icm_ctx_t *c, void *iv, int direction) {
+ v128_t nonce;
+
+ /* set nonce (for alignment) */
+ v128_copy_octet_string(&nonce, iv);
debug_print(mod_aes_icm,
- "setting iv: %s", v128_hex_string(nonce));
+ "setting iv: %s", v128_hex_string(&nonce));
- v128_xor(&c->counter, &c->offset, nonce);
+ v128_xor(&c->counter, &c->offset, &nonce);
debug_print(mod_aes_icm,
"set_counter: %s", v128_hex_string(&c->counter));
@@ -287,7 +319,7 @@ static inline void
aes_icm_advance_ismacryp(aes_icm_ctx_t *c, uint8_t forIsmacryp) {
/* fill buffer with new keystream */
v128_copy(&c->keystream_buffer, &c->counter);
- aes_encrypt(&c->keystream_buffer, c->expanded_key);
+ aes_encrypt(&c->keystream_buffer, &c->expanded_key);
c->bytes_in_buffer = sizeof(v128_t);
debug_print(mod_aes_icm, "counter: %s",
@@ -301,18 +333,14 @@ aes_icm_advance_ismacryp(aes_icm_ctx_t *c, uint8_t forIsmacryp) {
uint32_t temp;
//alex's clock counter forward
temp = ntohl(c->counter.v32[3]);
- c->counter.v32[3] = htonl(++temp);
+ ++temp;
+ c->counter.v32[3] = htonl(temp);
} else {
if (!++(c->counter.v8[15]))
++(c->counter.v8[14]);
}
}
-inline void aes_icm_advance(aes_icm_ctx_t *c) {
- aes_icm_advance_ismacryp(c, 0);
-}
-
-
/*e
* icm_encrypt deals with the following cases:
*
@@ -440,7 +468,7 @@ aes_icm_encrypt(aes_icm_ctx_t *c, unsigned char *buf, unsigned int *enc_len) {
}
err_status_t
-aes_icm_output(aes_icm_ctx_t *c, uint8_t *buffer, int num_octets_to_output) {
+aes_icm_output(aes_icm_ctx_t *c, uint8_t *buffer, unsigned int num_octets_to_output) {
unsigned int len = num_octets_to_output;
/* zeroize the buffer */
@@ -450,6 +478,10 @@ aes_icm_output(aes_icm_ctx_t *c, uint8_t *buffer, int num_octets_to_output) {
return aes_icm_encrypt(c, buffer, &len);
}
+uint16_t
+aes_icm_bytes_encrypted(aes_icm_ctx_t *c) {
+ return htons(c->counter.v16[7]);
+}
char
aes_icm_description[] = "aes integer counter mode";
@@ -488,9 +520,55 @@ cipher_test_case_t aes_icm_test_case_0 = {
aes_icm_test_case_0_plaintext, /* plaintext */
32, /* octets in ciphertext */
aes_icm_test_case_0_ciphertext, /* ciphertext */
+ 0,
+ NULL,
+ 0,
NULL /* pointer to next testcase */
};
+uint8_t aes_icm_test_case_1_key[46] = {
+ 0x57, 0xf8, 0x2f, 0xe3, 0x61, 0x3f, 0xd1, 0x70,
+ 0xa8, 0x5e, 0xc9, 0x3c, 0x40, 0xb1, 0xf0, 0x92,
+ 0x2e, 0xc4, 0xcb, 0x0d, 0xc0, 0x25, 0xb5, 0x82,
+ 0x72, 0x14, 0x7c, 0xc4, 0x38, 0x94, 0x4a, 0x98,
+ 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
+ 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd
+};
+
+uint8_t aes_icm_test_case_1_nonce[16] = {
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+};
+
+uint8_t aes_icm_test_case_1_plaintext[32] = {
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+};
+
+uint8_t aes_icm_test_case_1_ciphertext[32] = {
+ 0x92, 0xbd, 0xd2, 0x8a, 0x93, 0xc3, 0xf5, 0x25,
+ 0x11, 0xc6, 0x77, 0xd0, 0x8b, 0x55, 0x15, 0xa4,
+ 0x9d, 0xa7, 0x1b, 0x23, 0x78, 0xa8, 0x54, 0xf6,
+ 0x70, 0x50, 0x75, 0x6d, 0xed, 0x16, 0x5b, 0xac
+};
+
+cipher_test_case_t aes_icm_test_case_1 = {
+ 46, /* octets in key */
+ aes_icm_test_case_1_key, /* key */
+ aes_icm_test_case_1_nonce, /* packet index */
+ 32, /* octets in plaintext */
+ aes_icm_test_case_1_plaintext, /* plaintext */
+ 32, /* octets in ciphertext */
+ aes_icm_test_case_1_ciphertext, /* ciphertext */
+ 0,
+ NULL,
+ 0,
+ &aes_icm_test_case_0 /* pointer to next testcase */
+};
+
+
/*
* note: the encrypt function is identical to the decrypt function
@@ -500,12 +578,15 @@ cipher_type_t aes_icm = {
(cipher_alloc_func_t) aes_icm_alloc,
(cipher_dealloc_func_t) aes_icm_dealloc,
(cipher_init_func_t) aes_icm_context_init,
+ (cipher_set_aad_func_t) 0,
(cipher_encrypt_func_t) aes_icm_encrypt,
(cipher_decrypt_func_t) aes_icm_encrypt,
(cipher_set_iv_func_t) aes_icm_set_iv,
+ (cipher_get_tag_func_t) 0,
(char *) aes_icm_description,
(int) 0, /* instance count */
- (cipher_test_case_t *) &aes_icm_test_case_0,
- (debug_module_t *) &mod_aes_icm
+ (cipher_test_case_t *) &aes_icm_test_case_1,
+ (debug_module_t *) &mod_aes_icm,
+ (cipher_type_id_t) AES_ICM
};
diff --git a/third_party/srtp/crypto/cipher/aes_icm_ossl.c b/third_party/srtp/crypto/cipher/aes_icm_ossl.c
new file mode 100644
index 00000000..eb585391
--- /dev/null
+++ b/third_party/srtp/crypto/cipher/aes_icm_ossl.c
@@ -0,0 +1,563 @@
+/*
+ * aes_icm_ossl.c
+ *
+ * AES Integer Counter Mode
+ *
+ * John A. Foley
+ * Cisco Systems, Inc.
+ *
+ * 2/24/2012: This module was modified to use CiscoSSL for AES counter
+ * mode. Eddy Lem contributed the code to allow this.
+ *
+ * 12/20/2012: Added support for AES-192 and AES-256.
+ */
+
+/*
+ *
+ * Copyright (c) 2013, Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following
+ * disclaimer in the documentation and/or other materials provided
+ * with the distribution.
+ *
+ * Neither the name of the Cisco Systems, Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#ifdef HAVE_CONFIG_H
+ #include <config.h>
+#endif
+
+#include <openssl/evp.h>
+#include "aes_icm_ossl.h"
+#include "crypto_types.h"
+#include "alloc.h"
+#include "crypto_types.h"
+
+
+debug_module_t mod_aes_icm = {
+ 0, /* debugging is off by default */
+ "aes icm ossl" /* printable module name */
+};
+extern cipher_test_case_t aes_icm_test_case_0;
+extern cipher_type_t aes_icm;
+#ifndef SRTP_NO_AES192
+extern cipher_type_t aes_icm_192;
+#endif
+extern cipher_type_t aes_icm_256;
+
+/*
+ * integer counter mode works as follows:
+ *
+ * 16 bits
+ * <----->
+ * +------+------+------+------+------+------+------+------+
+ * | nonce | packet index | ctr |---+
+ * +------+------+------+------+------+------+------+------+ |
+ * |
+ * +------+------+------+------+------+------+------+------+ v
+ * | salt |000000|->(+)
+ * +------+------+------+------+------+------+------+------+ |
+ * |
+ * +---------+
+ * | encrypt |
+ * +---------+
+ * |
+ * +------+------+------+------+------+------+------+------+ |
+ * | keystream block |<--+
+ * +------+------+------+------+------+------+------+------+
+ *
+ * All fields are big-endian
+ *
+ * ctr is the block counter, which increments from zero for
+ * each packet (16 bits wide)
+ *
+ * packet index is distinct for each packet (48 bits wide)
+ *
+ * nonce can be distinct across many uses of the same key, or
+ * can be a fixed value per key, or can be per-packet randomness
+ * (64 bits)
+ *
+ */
+
+/*
+ * This function allocates a new instance of this crypto engine.
+ * The key_len parameter should be one of 30, 38, or 46 for
+ * AES-128, AES-192, and AES-256 respectively. Note, this key_len
+ * value is inflated, as it also accounts for the 112 bit salt
+ * value. The tlen argument is for the AEAD tag length, which
+ * isn't used in counter mode.
+ */
+err_status_t aes_icm_openssl_alloc (cipher_t **c, int key_len, int tlen)
+{
+ aes_icm_ctx_t *icm;
+ int tmp;
+ uint8_t *allptr;
+
+ debug_print(mod_aes_icm, "allocating cipher with key length %d", key_len);
+
+ /*
+ * Verify the key_len is valid for one of: AES-128/192/256
+ */
+ if (key_len != AES_128_KEYSIZE_WSALT &&
+#ifndef SRTP_NO_AES192
+ key_len != AES_192_KEYSIZE_WSALT &&
+#endif
+ key_len != AES_256_KEYSIZE_WSALT) {
+ return err_status_bad_param;
+ }
+
+ /* allocate memory a cipher of type aes_icm */
+ tmp = sizeof(cipher_t) + sizeof(aes_icm_ctx_t);
+ allptr = (uint8_t*)crypto_alloc(tmp);
+ if (allptr == NULL) {
+ return err_status_alloc_fail;
+ }
+
+ /* set pointers */
+ *c = (cipher_t*)allptr;
+ (*c)->state = allptr + sizeof(cipher_t);
+ icm = (aes_icm_ctx_t*)(*c)->state;
+
+ /* increment ref_count */
+ switch (key_len) {
+ case AES_128_KEYSIZE_WSALT:
+ (*c)->algorithm = AES_128_ICM;
+ (*c)->type = &aes_icm;
+ aes_icm.ref_count++;
+ ((aes_icm_ctx_t*)(*c)->state)->key_size = AES_128_KEYSIZE;
+ break;
+#ifndef SRTP_NO_AES192
+ case AES_192_KEYSIZE_WSALT:
+ (*c)->algorithm = AES_192_ICM;
+ (*c)->type = &aes_icm_192;
+ aes_icm_192.ref_count++;
+ ((aes_icm_ctx_t*)(*c)->state)->key_size = AES_192_KEYSIZE;
+ break;
+#endif
+ case AES_256_KEYSIZE_WSALT:
+ (*c)->algorithm = AES_256_ICM;
+ (*c)->type = &aes_icm_256;
+ aes_icm_256.ref_count++;
+ ((aes_icm_ctx_t*)(*c)->state)->key_size = AES_256_KEYSIZE;
+ break;
+ }
+
+ /* set key size */
+ (*c)->key_len = key_len;
+ EVP_CIPHER_CTX_init(&icm->ctx);
+
+ return err_status_ok;
+}
+
+
+/*
+ * This function deallocates an instance of this engine
+ */
+err_status_t aes_icm_openssl_dealloc (cipher_t *c)
+{
+ aes_icm_ctx_t *ctx;
+
+ if (c == NULL) {
+ return err_status_bad_param;
+ }
+
+ /*
+ * Free the EVP context
+ */
+ ctx = (aes_icm_ctx_t*)c->state;
+ if (ctx != NULL) {
+ EVP_CIPHER_CTX_cleanup(&ctx->ctx);
+ /* decrement ref_count for the appropriate engine */
+ switch (ctx->key_size) {
+ case AES_256_KEYSIZE:
+ aes_icm_256.ref_count--;
+ break;
+#ifndef SRTP_NO_AES192
+ case AES_192_KEYSIZE:
+ aes_icm_192.ref_count--;
+ break;
+#endif
+ case AES_128_KEYSIZE:
+ aes_icm.ref_count--;
+ break;
+ default:
+ return err_status_dealloc_fail;
+ break;
+ }
+ }
+
+ /* zeroize entire state*/
+ octet_string_set_to_zero((uint8_t*)c,
+ sizeof(cipher_t) + sizeof(aes_icm_ctx_t));
+
+ /* free memory */
+ crypto_free(c);
+
+ return err_status_ok;
+}
+
+/*
+ * aes_icm_openssl_context_init(...) initializes the aes_icm_context
+ * using the value in key[].
+ *
+ * the key is the secret key
+ *
+ * the salt is unpredictable (but not necessarily secret) data which
+ * randomizes the starting point in the keystream
+ */
+err_status_t aes_icm_openssl_context_init (aes_icm_ctx_t *c, const uint8_t *key, int len)
+{
+ /*
+ * set counter and initial values to 'offset' value, being careful not to
+ * go past the end of the key buffer
+ */
+
+ if (c->key_size + SALT_SIZE != len)
+ return err_status_bad_param;
+
+ v128_set_to_zero(&c->counter);
+ v128_set_to_zero(&c->offset);
+ memcpy(&c->counter, key + c->key_size, SALT_SIZE);
+ memcpy(&c->offset, key + c->key_size, SALT_SIZE);
+
+ /* force last two octets of the offset to zero (for srtp compatibility) */
+ c->offset.v8[SALT_SIZE] = c->offset.v8[SALT_SIZE + 1] = 0;
+ c->counter.v8[SALT_SIZE] = c->counter.v8[SALT_SIZE + 1] = 0;
+
+ /* copy key to be used later when CiscoSSL crypto context is created */
+ v128_copy_octet_string((v128_t*)&c->key, key);
+
+ /* if the key is greater than 16 bytes, copy the second
+ * half. Note, we treat AES-192 and AES-256 the same here
+ * for simplicity. The storage location receiving the
+ * key is statically allocated to handle a full 32 byte key
+ * regardless of the cipher in use.
+ */
+ if (c->key_size == AES_256_KEYSIZE
+#ifndef SRTP_NO_AES192
+ || c->key_size == AES_192_KEYSIZE
+#endif
+ ) {
+ debug_print(mod_aes_icm, "Copying last 16 bytes of key: %s",
+ v128_hex_string((v128_t*)(key + AES_128_KEYSIZE)));
+ v128_copy_octet_string(((v128_t*)(&c->key.v8)) + 1, key + AES_128_KEYSIZE);
+ }
+
+ debug_print(mod_aes_icm, "key: %s", v128_hex_string((v128_t*)&c->key));
+ debug_print(mod_aes_icm, "offset: %s", v128_hex_string(&c->offset));
+
+ EVP_CIPHER_CTX_cleanup(&c->ctx);
+
+ return err_status_ok;
+}
+
+
+/*
+ * aes_icm_set_iv(c, iv) sets the counter value to the exor of iv with
+ * the offset
+ */
+err_status_t aes_icm_openssl_set_iv (aes_icm_ctx_t *c, void *iv, int dir)
+{
+ const EVP_CIPHER *evp;
+ v128_t nonce;
+
+ /* set nonce (for alignment) */
+ v128_copy_octet_string(&nonce, iv);
+
+ debug_print(mod_aes_icm, "setting iv: %s", v128_hex_string(&nonce));
+
+ v128_xor(&c->counter, &c->offset, &nonce);
+
+ debug_print(mod_aes_icm, "set_counter: %s", v128_hex_string(&c->counter));
+
+ switch (c->key_size) {
+ case AES_256_KEYSIZE:
+ evp = EVP_aes_256_ctr();
+ break;
+#ifndef SRTP_NO_AES192
+ case AES_192_KEYSIZE:
+ evp = EVP_aes_192_ctr();
+ break;
+#endif
+ case AES_128_KEYSIZE:
+ evp = EVP_aes_128_ctr();
+ break;
+ default:
+ return err_status_bad_param;
+ break;
+ }
+
+ if (!EVP_EncryptInit_ex(&c->ctx, evp,
+ NULL, c->key.v8, c->counter.v8)) {
+ return err_status_fail;
+ } else {
+ return err_status_ok;
+ }
+}
+
+/*
+ * This function encrypts a buffer using AES CTR mode
+ *
+ * Parameters:
+ * c Crypto context
+ * buf data to encrypt
+ * enc_len length of encrypt buffer
+ */
+err_status_t aes_icm_openssl_encrypt (aes_icm_ctx_t *c, unsigned char *buf, unsigned int *enc_len)
+{
+ int len = 0;
+
+ debug_print(mod_aes_icm, "rs0: %s", v128_hex_string(&c->counter));
+
+ if (!EVP_EncryptUpdate(&c->ctx, buf, &len, buf, *enc_len)) {
+ return err_status_cipher_fail;
+ }
+ *enc_len = len;
+
+ if (!EVP_EncryptFinal_ex(&c->ctx, buf, &len)) {
+ return err_status_cipher_fail;
+ }
+ *enc_len += len;
+
+ return err_status_ok;
+}
+
+uint16_t aes_icm_bytes_encrypted(aes_icm_ctx_t *c)
+{
+ return htons(c->counter.v16[7]);
+}
+
+/*
+ * Name of this crypto engine
+ */
+char aes_icm_openssl_description[] = "AES-128 counter mode using openssl";
+#ifndef SRTP_NO_AES192
+char aes_icm_192_openssl_description[] = "AES-192 counter mode using openssl";
+#endif
+char aes_icm_256_openssl_description[] = "AES-256 counter mode using openssl";
+
+
+/*
+ * KAT values for AES self-test. These
+ * values came from the legacy libsrtp code.
+ */
+uint8_t aes_icm_test_case_0_key[AES_128_KEYSIZE_WSALT] = {
+ 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
+ 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c,
+ 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
+ 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd
+};
+
+uint8_t aes_icm_test_case_0_nonce[16] = {
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+};
+
+uint8_t aes_icm_test_case_0_plaintext[32] = {
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+};
+
+uint8_t aes_icm_test_case_0_ciphertext[32] = {
+ 0xe0, 0x3e, 0xad, 0x09, 0x35, 0xc9, 0x5e, 0x80,
+ 0xe1, 0x66, 0xb1, 0x6d, 0xd9, 0x2b, 0x4e, 0xb4,
+ 0xd2, 0x35, 0x13, 0x16, 0x2b, 0x02, 0xd0, 0xf7,
+ 0x2a, 0x43, 0xa2, 0xfe, 0x4a, 0x5f, 0x97, 0xab
+};
+
+cipher_test_case_t aes_icm_test_case_0 = {
+ AES_128_KEYSIZE_WSALT, /* octets in key */
+ aes_icm_test_case_0_key, /* key */
+ aes_icm_test_case_0_nonce, /* packet index */
+ 32, /* octets in plaintext */
+ aes_icm_test_case_0_plaintext, /* plaintext */
+ 32, /* octets in ciphertext */
+ aes_icm_test_case_0_ciphertext, /* ciphertext */
+ 0,
+ NULL,
+ 0,
+ NULL /* pointer to next testcase */
+};
+
+#ifndef SRTP_NO_AES192
+/*
+ * KAT values for AES-192-CTR self-test. These
+ * values came from section 7 of RFC 6188.
+ */
+uint8_t aes_icm_192_test_case_1_key[AES_192_KEYSIZE_WSALT] = {
+ 0xea, 0xb2, 0x34, 0x76, 0x4e, 0x51, 0x7b, 0x2d,
+ 0x3d, 0x16, 0x0d, 0x58, 0x7d, 0x8c, 0x86, 0x21,
+ 0x97, 0x40, 0xf6, 0x5f, 0x99, 0xb6, 0xbc, 0xf7,
+ 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
+ 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd
+};
+
+uint8_t aes_icm_192_test_case_1_nonce[16] = {
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+};
+
+uint8_t aes_icm_192_test_case_1_plaintext[32] = {
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+};
+
+uint8_t aes_icm_192_test_case_1_ciphertext[32] = {
+ 0x35, 0x09, 0x6c, 0xba, 0x46, 0x10, 0x02, 0x8d,
+ 0xc1, 0xb5, 0x75, 0x03, 0x80, 0x4c, 0xe3, 0x7c,
+ 0x5d, 0xe9, 0x86, 0x29, 0x1d, 0xcc, 0xe1, 0x61,
+ 0xd5, 0x16, 0x5e, 0xc4, 0x56, 0x8f, 0x5c, 0x9a
+};
+
+cipher_test_case_t aes_icm_192_test_case_1 = {
+ AES_192_KEYSIZE_WSALT, /* octets in key */
+ aes_icm_192_test_case_1_key, /* key */
+ aes_icm_192_test_case_1_nonce, /* packet index */
+ 32, /* octets in plaintext */
+ aes_icm_192_test_case_1_plaintext, /* plaintext */
+ 32, /* octets in ciphertext */
+ aes_icm_192_test_case_1_ciphertext, /* ciphertext */
+ 0,
+ NULL,
+ 0,
+ NULL /* pointer to next testcase */
+};
+#endif
+
+/*
+ * KAT values for AES-256-CTR self-test. These
+ * values came from section 7 of RFC 6188.
+ */
+uint8_t aes_icm_256_test_case_2_key[AES_256_KEYSIZE_WSALT] = {
+ 0x57, 0xf8, 0x2f, 0xe3, 0x61, 0x3f, 0xd1, 0x70,
+ 0xa8, 0x5e, 0xc9, 0x3c, 0x40, 0xb1, 0xf0, 0x92,
+ 0x2e, 0xc4, 0xcb, 0x0d, 0xc0, 0x25, 0xb5, 0x82,
+ 0x72, 0x14, 0x7c, 0xc4, 0x38, 0x94, 0x4a, 0x98,
+ 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
+ 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd
+};
+
+uint8_t aes_icm_256_test_case_2_nonce[16] = {
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+};
+
+uint8_t aes_icm_256_test_case_2_plaintext[32] = {
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+};
+
+uint8_t aes_icm_256_test_case_2_ciphertext[32] = {
+ 0x92, 0xbd, 0xd2, 0x8a, 0x93, 0xc3, 0xf5, 0x25,
+ 0x11, 0xc6, 0x77, 0xd0, 0x8b, 0x55, 0x15, 0xa4,
+ 0x9d, 0xa7, 0x1b, 0x23, 0x78, 0xa8, 0x54, 0xf6,
+ 0x70, 0x50, 0x75, 0x6d, 0xed, 0x16, 0x5b, 0xac
+};
+
+cipher_test_case_t aes_icm_256_test_case_2 = {
+ AES_256_KEYSIZE_WSALT, /* octets in key */
+ aes_icm_256_test_case_2_key, /* key */
+ aes_icm_256_test_case_2_nonce, /* packet index */
+ 32, /* octets in plaintext */
+ aes_icm_256_test_case_2_plaintext, /* plaintext */
+ 32, /* octets in ciphertext */
+ aes_icm_256_test_case_2_ciphertext, /* ciphertext */
+ 0,
+ NULL,
+ 0,
+ NULL /* pointer to next testcase */
+};
+
+/*
+ * This is the function table for this crypto engine.
+ * note: the encrypt function is identical to the decrypt function
+ */
+cipher_type_t aes_icm = {
+ (cipher_alloc_func_t) aes_icm_openssl_alloc,
+ (cipher_dealloc_func_t) aes_icm_openssl_dealloc,
+ (cipher_init_func_t) aes_icm_openssl_context_init,
+ (cipher_set_aad_func_t) 0,
+ (cipher_encrypt_func_t) aes_icm_openssl_encrypt,
+ (cipher_decrypt_func_t) aes_icm_openssl_encrypt,
+ (cipher_set_iv_func_t) aes_icm_openssl_set_iv,
+ (cipher_get_tag_func_t) 0,
+ (char*) aes_icm_openssl_description,
+ (int) 0, /* instance count */
+ (cipher_test_case_t*) &aes_icm_test_case_0,
+ (debug_module_t*) &mod_aes_icm,
+ (cipher_type_id_t) AES_ICM
+};
+
+#ifndef SRTP_NO_AES192
+/*
+ * This is the function table for this crypto engine.
+ * note: the encrypt function is identical to the decrypt function
+ */
+cipher_type_t aes_icm_192 = {
+ (cipher_alloc_func_t) aes_icm_openssl_alloc,
+ (cipher_dealloc_func_t) aes_icm_openssl_dealloc,
+ (cipher_init_func_t) aes_icm_openssl_context_init,
+ (cipher_set_aad_func_t) 0,
+ (cipher_encrypt_func_t) aes_icm_openssl_encrypt,
+ (cipher_decrypt_func_t) aes_icm_openssl_encrypt,
+ (cipher_set_iv_func_t) aes_icm_openssl_set_iv,
+ (cipher_get_tag_func_t) 0,
+ (char*) aes_icm_192_openssl_description,
+ (int) 0, /* instance count */
+ (cipher_test_case_t*) &aes_icm_192_test_case_1,
+ (debug_module_t*) &mod_aes_icm,
+ (cipher_type_id_t) AES_192_ICM
+};
+#endif
+
+/*
+ * This is the function table for this crypto engine.
+ * note: the encrypt function is identical to the decrypt function
+ */
+cipher_type_t aes_icm_256 = {
+ (cipher_alloc_func_t) aes_icm_openssl_alloc,
+ (cipher_dealloc_func_t) aes_icm_openssl_dealloc,
+ (cipher_init_func_t) aes_icm_openssl_context_init,
+ (cipher_set_aad_func_t) 0,
+ (cipher_encrypt_func_t) aes_icm_openssl_encrypt,
+ (cipher_decrypt_func_t) aes_icm_openssl_encrypt,
+ (cipher_set_iv_func_t) aes_icm_openssl_set_iv,
+ (cipher_get_tag_func_t) 0,
+ (char*) aes_icm_256_openssl_description,
+ (int) 0, /* instance count */
+ (cipher_test_case_t*) &aes_icm_256_test_case_2,
+ (debug_module_t*) &mod_aes_icm,
+ (cipher_type_id_t) AES_256_ICM
+};
+
diff --git a/third_party/srtp/crypto/cipher/cipher.c b/third_party/srtp/crypto/cipher/cipher.c
index 489a52d9..15b9088f 100644
--- a/third_party/srtp/crypto/cipher/cipher.c
+++ b/third_party/srtp/crypto/cipher/cipher.c
@@ -10,7 +10,7 @@
/*
*
- * Copyright (c) 2001-2006, Cisco Systems, Inc.
+ * Copyright (c) 2001-2006,2013 Cisco Systems, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -44,7 +44,12 @@
*
*/
+#ifdef HAVE_CONFIG_H
+ #include <config.h>
+#endif
+
#include "cipher.h"
+#include "crypto_types.h"
#include "rand_source.h" /* used in invertibiltiy tests */
#include "alloc.h" /* for crypto_alloc(), crypto_free() */
@@ -71,8 +76,8 @@ cipher_get_key_length(const cipher_t *c) {
}
/*
- * cipher_type_self_test(ct) tests a cipher of type ct against test cases
- * provided in an array of values of key, salt, xtd_seq_num_t,
+ * cipher_type_test(ct, test_data) tests a cipher of type ct against
+ * test cases provided in a list test_data of values of key, salt, iv,
* plaintext, and ciphertext that is known to be good
*/
@@ -81,12 +86,13 @@ cipher_get_key_length(const cipher_t *c) {
#define MAX_KEY_LEN 64
err_status_t
-cipher_type_self_test(const cipher_type_t *ct) {
- const cipher_test_case_t *test_case = ct->test_data;
+cipher_type_test(const cipher_type_t *ct, const cipher_test_case_t *test_data) {
+ const cipher_test_case_t *test_case = test_data;
cipher_t *c;
err_status_t status;
uint8_t buffer[SELF_TEST_BUF_OCTETS];
uint8_t buffer2[SELF_TEST_BUF_OCTETS];
+ int tag_len;
unsigned int len;
int i, j, case_num = 0;
@@ -105,9 +111,8 @@ cipher_type_self_test(const cipher_type_t *ct) {
* encryption and decryption functions
*/
while (test_case != NULL) {
-
/* allocate cipher */
- status = cipher_type_alloc(ct, &c, test_case->key_length_octets);
+ status = cipher_type_alloc(ct, &c, test_case->key_length_octets, test_case->tag_length_octets);
if (status)
return status;
@@ -117,7 +122,7 @@ cipher_type_self_test(const cipher_type_t *ct) {
debug_print(mod_cipher, "testing encryption", NULL);
/* initialize cipher */
- status = cipher_init(c, test_case->key, direction_encrypt);
+ status = cipher_init(c, test_case->key);
if (status) {
cipher_dealloc(c);
return status;
@@ -136,12 +141,30 @@ cipher_type_self_test(const cipher_type_t *ct) {
test_case->plaintext_length_octets));
/* set the initialization vector */
- status = cipher_set_iv(c, test_case->idx);
+ status = cipher_set_iv(c, test_case->idx, direction_encrypt);
if (status) {
cipher_dealloc(c);
return status;
}
+ if (c->algorithm == AES_128_GCM || c->algorithm == AES_256_GCM) {
+ debug_print(mod_cipher, "IV: %s",
+ octet_string_hex_string(test_case->idx, 12));
+
+ /*
+ * Set the AAD
+ */
+ status = cipher_set_aad(c, test_case->aad,
+ test_case->aad_length_octets);
+ if (status) {
+ cipher_dealloc(c);
+ return status;
+ }
+ debug_print(mod_cipher, "AAD: %s",
+ octet_string_hex_string(test_case->aad,
+ test_case->aad_length_octets));
+ }
+
/* encrypt */
len = test_case->plaintext_length_octets;
status = cipher_encrypt(c, buffer, &len);
@@ -150,6 +173,18 @@ cipher_type_self_test(const cipher_type_t *ct) {
return status;
}
+ if (c->algorithm == AES_128_GCM || c->algorithm == AES_256_GCM) {
+ /*
+ * Get the GCM tag
+ */
+ status = cipher_get_tag(c, buffer + len, &tag_len);
+ if (status) {
+ cipher_dealloc(c);
+ return status;
+ }
+ len += tag_len;
+ }
+
debug_print(mod_cipher, "ciphertext: %s",
octet_string_hex_string(buffer,
test_case->ciphertext_length_octets));
@@ -184,7 +219,7 @@ cipher_type_self_test(const cipher_type_t *ct) {
debug_print(mod_cipher, "testing decryption", NULL);
/* re-initialize cipher for decryption */
- status = cipher_init(c, test_case->key, direction_decrypt);
+ status = cipher_init(c, test_case->key);
if (status) {
cipher_dealloc(c);
return status;
@@ -203,12 +238,27 @@ cipher_type_self_test(const cipher_type_t *ct) {
test_case->plaintext_length_octets));
/* set the initialization vector */
- status = cipher_set_iv(c, test_case->idx);
+ status = cipher_set_iv(c, test_case->idx, direction_decrypt);
if (status) {
cipher_dealloc(c);
return status;
}
+ if (c->algorithm == AES_128_GCM || c->algorithm == AES_256_GCM) {
+ /*
+ * Set the AAD
+ */
+ status = cipher_set_aad(c, test_case->aad,
+ test_case->aad_length_octets);
+ if (status) {
+ cipher_dealloc(c);
+ return status;
+ }
+ debug_print(mod_cipher, "AAD: %s",
+ octet_string_hex_string(test_case->aad,
+ test_case->aad_length_octets));
+ }
+
/* decrypt */
len = test_case->ciphertext_length_octets;
status = cipher_decrypt(c, buffer, &len);
@@ -260,8 +310,8 @@ cipher_type_self_test(const cipher_type_t *ct) {
/* now run some random invertibility tests */
/* allocate cipher, using paramaters from the first test case */
- test_case = ct->test_data;
- status = cipher_type_alloc(ct, &c, test_case->key_length_octets);
+ test_case = test_data;
+ status = cipher_type_alloc(ct, &c, test_case->key_length_octets, test_case->tag_length_octets);
if (status)
return status;
@@ -269,7 +319,7 @@ cipher_type_self_test(const cipher_type_t *ct) {
for (j=0; j < NUM_RAND_TESTS; j++) {
unsigned length;
- unsigned plaintext_len;
+ int plaintext_len;
uint8_t key[MAX_KEY_LEN];
uint8_t iv[MAX_KEY_LEN];
@@ -297,19 +347,34 @@ cipher_type_self_test(const cipher_type_t *ct) {
if (status) return status;
/* initialize cipher */
- status = cipher_init(c, key, direction_encrypt);
+ status = cipher_init(c, key);
if (status) {
cipher_dealloc(c);
return status;
}
/* set initialization vector */
- status = cipher_set_iv(c, test_case->idx);
+ status = cipher_set_iv(c, test_case->idx, direction_encrypt);
if (status) {
cipher_dealloc(c);
return status;
}
+ if (c->algorithm == AES_128_GCM || c->algorithm == AES_256_GCM) {
+ /*
+ * Set the AAD
+ */
+ status = cipher_set_aad(c, test_case->aad,
+ test_case->aad_length_octets);
+ if (status) {
+ cipher_dealloc(c);
+ return status;
+ }
+ debug_print(mod_cipher, "AAD: %s",
+ octet_string_hex_string(test_case->aad,
+ test_case->aad_length_octets));
+ }
+
/* encrypt buffer with cipher */
plaintext_len = length;
status = cipher_encrypt(c, buffer, &length);
@@ -317,6 +382,17 @@ cipher_type_self_test(const cipher_type_t *ct) {
cipher_dealloc(c);
return status;
}
+ if (c->algorithm == AES_128_GCM || c->algorithm == AES_256_GCM) {
+ /*
+ * Get the GCM tag
+ */
+ status = cipher_get_tag(c, buffer + length, &tag_len);
+ if (status) {
+ cipher_dealloc(c);
+ return status;
+ }
+ length += tag_len;
+ }
debug_print(mod_cipher, "ciphertext: %s",
octet_string_hex_string(buffer, length));
@@ -324,16 +400,30 @@ cipher_type_self_test(const cipher_type_t *ct) {
* re-initialize cipher for decryption, re-set the iv, then
* decrypt the ciphertext
*/
- status = cipher_init(c, key, direction_decrypt);
+ status = cipher_init(c, key);
if (status) {
cipher_dealloc(c);
return status;
}
- status = cipher_set_iv(c, test_case->idx);
+ status = cipher_set_iv(c, test_case->idx, direction_decrypt);
if (status) {
cipher_dealloc(c);
return status;
}
+ if (c->algorithm == AES_128_GCM || c->algorithm == AES_256_GCM) {
+ /*
+ * Set the AAD
+ */
+ status = cipher_set_aad(c, test_case->aad,
+ test_case->aad_length_octets);
+ if (status) {
+ cipher_dealloc(c);
+ return status;
+ }
+ debug_print(mod_cipher, "AAD: %s",
+ octet_string_hex_string(test_case->aad,
+ test_case->aad_length_octets));
+ }
status = cipher_decrypt(c, buffer, &length);
if (status) {
cipher_dealloc(c);
@@ -344,8 +434,9 @@ cipher_type_self_test(const cipher_type_t *ct) {
octet_string_hex_string(buffer, length));
/* compare the resulting plaintext with the original one */
- if (length != plaintext_len)
+ if (length != plaintext_len) {
return err_status_algo_fail;
+ }
status = err_status_ok;
for (i=0; i < plaintext_len; i++)
if (buffer[i] != buffer2[i]) {
@@ -359,13 +450,25 @@ cipher_type_self_test(const cipher_type_t *ct) {
}
}
-
- cipher_dealloc(c);
+
+ status = cipher_dealloc(c);
+ if (status)
+ return status;
return err_status_ok;
}
+/*
+ * cipher_type_self_test(ct) performs cipher_type_test on ct's internal
+ * list of test data.
+ */
+
+err_status_t
+cipher_type_self_test(const cipher_type_t *ct) {
+ return cipher_type_test(ct, ct->test_data);
+}
+
/*
* cipher_bits_per_second(c, l, t) computes (an estimate of) the
* number of bits that a cipher implementation can encrypt in a second
@@ -393,7 +496,7 @@ cipher_bits_per_second(cipher_t *c, int octets_in_buffer, int num_trials) {
v128_set_to_zero(&nonce);
timer = clock();
for(i=0; i < num_trials; i++, nonce.v32[3] = i) {
- cipher_set_iv(c, &nonce);
+ cipher_set_iv(c, &nonce, direction_encrypt);
cipher_encrypt(c, enc_buf, &len);
}
timer = clock() - timer;
diff --git a/third_party/srtp/crypto/cipher/null_cipher.c b/third_party/srtp/crypto/cipher/null_cipher.c
index 721f50cf..3cd49fb9 100644
--- a/third_party/srtp/crypto/cipher/null_cipher.c
+++ b/third_party/srtp/crypto/cipher/null_cipher.c
@@ -10,7 +10,7 @@
/*
*
- * Copyright (c) 2001-2006, Cisco Systems, Inc.
+ * Copyright (c) 2001-2006,2013 Cisco Systems, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -44,6 +44,10 @@
*
*/
+#ifdef HAVE_CONFIG_H
+ #include <config.h>
+#endif
+
#include "datatypes.h"
#include "null_cipher.h"
#include "alloc.h"
@@ -53,7 +57,7 @@
extern debug_module_t mod_cipher;
err_status_t
-null_cipher_alloc(cipher_t **c, int key_len) {
+null_cipher_alloc(cipher_t **c, int key_len, int tlen) {
extern cipher_type_t null_cipher;
uint8_t *pointer;
@@ -67,6 +71,7 @@ null_cipher_alloc(cipher_t **c, int key_len) {
/* set pointers */
*c = (cipher_t *)pointer;
+ (*c)->algorithm = NULL_CIPHER;
(*c)->type = &null_cipher;
(*c)->state = pointer + sizeof(cipher_t);
@@ -99,7 +104,7 @@ null_cipher_dealloc(cipher_t *c) {
}
err_status_t
-null_cipher_init(null_cipher_ctx_t *ctx, const uint8_t *key) {
+null_cipher_init(null_cipher_ctx_t *ctx, const uint8_t *key, int key_len) {
debug_print(mod_cipher, "initializing null cipher", NULL);
@@ -129,6 +134,9 @@ null_cipher_test_0 = {
NULL, /* plaintext */
0, /* octets in plaintext */
NULL, /* ciphertext */
+ 0,
+ NULL,
+ 0,
NULL /* pointer to next testcase */
};
@@ -141,12 +149,15 @@ cipher_type_t null_cipher = {
(cipher_alloc_func_t) null_cipher_alloc,
(cipher_dealloc_func_t) null_cipher_dealloc,
(cipher_init_func_t) null_cipher_init,
+ (cipher_set_aad_func_t) 0,
(cipher_encrypt_func_t) null_cipher_encrypt,
(cipher_decrypt_func_t) null_cipher_encrypt,
(cipher_set_iv_func_t) null_cipher_set_iv,
+ (cipher_get_tag_func_t) 0,
(char *) null_cipher_description,
(int) 0,
(cipher_test_case_t *) &null_cipher_test_0,
- (debug_module_t *) NULL
+ (debug_module_t *) NULL,
+ (cipher_type_id_t) NULL_CIPHER
};
diff --git a/third_party/srtp/crypto/hash/auth.c b/third_party/srtp/crypto/hash/auth.c
index 8eb722d0..4ca0f03e 100644
--- a/third_party/srtp/crypto/hash/auth.c
+++ b/third_party/srtp/crypto/hash/auth.c
@@ -43,6 +43,10 @@
*
*/
+#ifdef HAVE_CONFIG_H
+ #include <config.h>
+#endif
+
#include "auth.h"
/* the debug module for authentiation */
@@ -74,8 +78,8 @@ auth_type_get_ref_count(const auth_type_t *at) {
}
/*
- * auth_type_self_test() tests an auth function of type ct against
- * test cases provided in an array of values of key, data, and tag
+ * auth_type_test() tests an auth function of type ct against
+ * test cases provided in a list test_data of values of key, data, and tag
* that is known to be good
*/
@@ -83,8 +87,8 @@ auth_type_get_ref_count(const auth_type_t *at) {
#define SELF_TEST_TAG_BUF_OCTETS 32
err_status_t
-auth_type_self_test(const auth_type_t *at) {
- auth_test_case_t *test_case = at->test_data;
+auth_type_test(const auth_type_t *at, const auth_test_case_t *test_data) {
+ const auth_test_case_t *test_case = test_data;
auth_t *a;
err_status_t status;
uint8_t tag[SELF_TEST_TAG_BUF_OCTETS];
@@ -171,3 +175,13 @@ auth_type_self_test(const auth_type_t *at) {
}
+/*
+ * auth_type_self_test(at) performs auth_type_test on at's internal
+ * list of test data.
+ */
+
+err_status_t
+auth_type_self_test(const auth_type_t *at) {
+ return auth_type_test(at, at->test_data);
+}
+
diff --git a/third_party/srtp/crypto/hash/hmac.c b/third_party/srtp/crypto/hash/hmac.c
index 4336cf0a..ddb75ea3 100644
--- a/third_party/srtp/crypto/hash/hmac.c
+++ b/third_party/srtp/crypto/hash/hmac.c
@@ -42,6 +42,10 @@
*
*/
+#ifdef HAVE_CONFIG_H
+ #include <config.h>
+#endif
+
#include "hmac.h"
#include "alloc.h"
@@ -262,6 +266,7 @@ hmac = {
(char *) hmac_description,
(int) 0, /* instance count */
(auth_test_case_t *) &hmac_test_case_0,
- (debug_module_t *) &mod_hmac
+ (debug_module_t *) &mod_hmac,
+ (auth_type_id_t) HMAC_SHA1
};
diff --git a/third_party/srtp/crypto/hash/hmac_ossl.c b/third_party/srtp/crypto/hash/hmac_ossl.c
new file mode 100644
index 00000000..f62ce570
--- /dev/null
+++ b/third_party/srtp/crypto/hash/hmac_ossl.c
@@ -0,0 +1,302 @@
+/*
+ * hmac_ossl.c
+ *
+ * Implementation of hmac auth_type_t that leverages OpenSSL
+ *
+ * John A. Foley
+ * Cisco Systems, Inc.
+ */
+/*
+ *
+ * Copyright(c) 2013, Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following
+ * disclaimer in the documentation and/or other materials provided
+ * with the distribution.
+ *
+ * Neither the name of the Cisco Systems, Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#ifdef HAVE_CONFIG_H
+ #include <config.h>
+#endif
+
+#include "hmac.h"
+#include "alloc.h"
+#include <openssl/evp.h>
+
+#define HMAC_KEYLEN_MAX 20
+
+/* the debug module for authentiation */
+
+debug_module_t mod_hmac = {
+ 0, /* debugging is off by default */
+ "hmac sha-1 openssl" /* printable name for module */
+};
+
+
+err_status_t
+hmac_alloc (auth_t **a, int key_len, int out_len)
+{
+ extern auth_type_t hmac;
+ uint8_t *pointer;
+ hmac_ctx_t *new_hmac_ctx;
+
+ debug_print(mod_hmac, "allocating auth func with key length %d", key_len);
+ debug_print(mod_hmac, " tag length %d", out_len);
+
+ /*
+ * check key length - note that we don't support keys larger
+ * than 20 bytes yet
+ */
+ if (key_len > HMAC_KEYLEN_MAX) {
+ return err_status_bad_param;
+ }
+
+ /* check output length - should be less than 20 bytes */
+ if (out_len > HMAC_KEYLEN_MAX) {
+ return err_status_bad_param;
+ }
+
+ /* allocate memory for auth and hmac_ctx_t structures */
+ pointer = (uint8_t*)crypto_alloc(sizeof(hmac_ctx_t) + sizeof(auth_t));
+ if (pointer == NULL) {
+ return err_status_alloc_fail;
+ }
+
+ /* set pointers */
+ *a = (auth_t*)pointer;
+ (*a)->type = &hmac;
+ (*a)->state = pointer + sizeof(auth_t);
+ (*a)->out_len = out_len;
+ (*a)->key_len = key_len;
+ (*a)->prefix_len = 0;
+ new_hmac_ctx = (hmac_ctx_t*)((*a)->state);
+ memset(new_hmac_ctx, 0, sizeof(hmac_ctx_t));
+
+ /* increment global count of all hmac uses */
+ hmac.ref_count++;
+
+ return err_status_ok;
+}
+
+err_status_t
+hmac_dealloc (auth_t *a)
+{
+ extern auth_type_t hmac;
+ hmac_ctx_t *hmac_ctx;
+
+ hmac_ctx = (hmac_ctx_t*)a->state;
+ if (hmac_ctx->ctx_initialized) {
+ EVP_MD_CTX_cleanup(&hmac_ctx->ctx);
+ }
+ if (hmac_ctx->init_ctx_initialized) {
+ EVP_MD_CTX_cleanup(&hmac_ctx->init_ctx);
+ }
+
+ /* zeroize entire state*/
+ octet_string_set_to_zero((uint8_t*)a,
+ sizeof(hmac_ctx_t) + sizeof(auth_t));
+
+ /* free memory */
+ crypto_free(a);
+
+ /* decrement global count of all hmac uses */
+ hmac.ref_count--;
+
+ return err_status_ok;
+}
+
+err_status_t
+hmac_init (hmac_ctx_t *state, const uint8_t *key, int key_len)
+{
+ int i;
+ uint8_t ipad[64];
+
+ /*
+ * check key length - note that we don't support keys larger
+ * than 20 bytes yet
+ */
+ if (key_len > HMAC_KEYLEN_MAX) {
+ return err_status_bad_param;
+ }
+
+ /*
+ * set values of ipad and opad by exoring the key into the
+ * appropriate constant values
+ */
+ for (i = 0; i < key_len; i++) {
+ ipad[i] = key[i] ^ 0x36;
+ state->opad[i] = key[i] ^ 0x5c;
+ }
+ /* set the rest of ipad, opad to constant values */
+ for (; i < sizeof(ipad); i++) {
+ ipad[i] = 0x36;
+ ((uint8_t*)state->opad)[i] = 0x5c;
+ }
+
+ debug_print(mod_hmac, "ipad: %s", octet_string_hex_string(ipad, sizeof(ipad)));
+
+ /* initialize sha1 context */
+ sha1_init(&state->init_ctx);
+ state->init_ctx_initialized = 1;
+
+ /* hash ipad ^ key */
+ sha1_update(&state->init_ctx, ipad, sizeof(ipad));
+ return (hmac_start(state));
+}
+
+err_status_t
+hmac_start (hmac_ctx_t *state)
+{
+ if (state->ctx_initialized) {
+ EVP_MD_CTX_cleanup(&state->ctx);
+ }
+ if (!EVP_MD_CTX_copy(&state->ctx, &state->init_ctx)) {
+ return err_status_auth_fail;
+ } else {
+ state->ctx_initialized = 1;
+ return err_status_ok;
+ }
+}
+
+err_status_t
+hmac_update (hmac_ctx_t *state, const uint8_t *message, int msg_octets)
+{
+ debug_print(mod_hmac, "input: %s",
+ octet_string_hex_string(message, msg_octets));
+
+ /* hash message into sha1 context */
+ sha1_update(&state->ctx, message, msg_octets);
+
+ return err_status_ok;
+}
+
+err_status_t
+hmac_compute (hmac_ctx_t *state, const void *message,
+ int msg_octets, int tag_len, uint8_t *result)
+{
+ uint32_t hash_value[5];
+ uint32_t H[5];
+ int i;
+
+ /* check tag length, return error if we can't provide the value expected */
+ if (tag_len > HMAC_KEYLEN_MAX) {
+ return err_status_bad_param;
+ }
+
+ /* hash message, copy output into H */
+ sha1_update(&state->ctx, message, msg_octets);
+ sha1_final(&state->ctx, H);
+
+ /*
+ * note that we don't need to debug_print() the input, since the
+ * function hmac_update() already did that for us
+ */
+ debug_print(mod_hmac, "intermediate state: %s",
+ octet_string_hex_string((uint8_t*)H, sizeof(H)));
+
+ /* re-initialize hash context */
+ sha1_init(&state->ctx);
+
+ /* hash opad ^ key */
+ sha1_update(&state->ctx, (uint8_t*)state->opad, sizeof(state->opad));
+
+ /* hash the result of the inner hash */
+ sha1_update(&state->ctx, (uint8_t*)H, sizeof(H));
+
+ /* the result is returned in the array hash_value[] */
+ sha1_final(&state->ctx, hash_value);
+
+ /* copy hash_value to *result */
+ for (i = 0; i < tag_len; i++) {
+ result[i] = ((uint8_t*)hash_value)[i];
+ }
+
+ debug_print(mod_hmac, "output: %s",
+ octet_string_hex_string((uint8_t*)hash_value, tag_len));
+
+ return err_status_ok;
+}
+
+
+/* begin test case 0 */
+
+uint8_t
+ hmac_test_case_0_key[HMAC_KEYLEN_MAX] = {
+ 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
+ 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
+ 0x0b, 0x0b, 0x0b, 0x0b
+};
+
+uint8_t
+ hmac_test_case_0_data[8] = {
+ 0x48, 0x69, 0x20, 0x54, 0x68, 0x65, 0x72, 0x65 /* "Hi There" */
+};
+
+uint8_t
+ hmac_test_case_0_tag[HMAC_KEYLEN_MAX] = {
+ 0xb6, 0x17, 0x31, 0x86, 0x55, 0x05, 0x72, 0x64,
+ 0xe2, 0x8b, 0xc0, 0xb6, 0xfb, 0x37, 0x8c, 0x8e,
+ 0xf1, 0x46, 0xbe, 0x00
+};
+
+auth_test_case_t
+ hmac_test_case_0 = {
+ sizeof(hmac_test_case_0_key), /* octets in key */
+ hmac_test_case_0_key, /* key */
+ sizeof(hmac_test_case_0_data), /* octets in data */
+ hmac_test_case_0_data, /* data */
+ sizeof(hmac_test_case_0_tag), /* octets in tag */
+ hmac_test_case_0_tag, /* tag */
+ NULL /* pointer to next testcase */
+};
+
+/* end test case 0 */
+
+char hmac_description[] = "hmac sha-1 authentication function";
+
+/*
+ * auth_type_t hmac is the hmac metaobject
+ */
+
+auth_type_t
+ hmac = {
+ (auth_alloc_func) hmac_alloc,
+ (auth_dealloc_func) hmac_dealloc,
+ (auth_init_func) hmac_init,
+ (auth_compute_func) hmac_compute,
+ (auth_update_func) hmac_update,
+ (auth_start_func) hmac_start,
+ (char*) hmac_description,
+ (int) 0, /* instance count */
+ (auth_test_case_t*) &hmac_test_case_0,
+ (debug_module_t*) &mod_hmac,
+ (auth_type_id_t) HMAC_SHA1
+};
+
diff --git a/third_party/srtp/crypto/hash/null_auth.c b/third_party/srtp/crypto/hash/null_auth.c
index 301348b6..73fd9187 100644
--- a/third_party/srtp/crypto/hash/null_auth.c
+++ b/third_party/srtp/crypto/hash/null_auth.c
@@ -44,6 +44,9 @@
*
*/
+#ifdef HAVE_CONFIG_H
+ #include <config.h>
+#endif
#include "null_auth.h"
#include "alloc.h"
@@ -155,6 +158,8 @@ null_auth = {
(auth_start_func) null_auth_start,
(char *) null_auth_description,
(int) 0, /* instance count */
- (auth_test_case_t *) &null_auth_test_case_0
+ (auth_test_case_t *) &null_auth_test_case_0,
+ (debug_module_t *) NULL,
+ (auth_type_id_t) NULL_AUTH
};
diff --git a/third_party/srtp/crypto/hash/sha1.c b/third_party/srtp/crypto/hash/sha1.c
index 566672de..c200437b 100644
--- a/third_party/srtp/crypto/hash/sha1.c
+++ b/third_party/srtp/crypto/hash/sha1.c
@@ -44,6 +44,9 @@
*
*/
+#ifdef HAVE_CONFIG_H
+ #include <config.h>
+#endif
#include "sha1.h"
@@ -114,7 +117,7 @@ sha1_core(const uint32_t M[16], uint32_t hash_value[5]) {
H4 = hash_value[4];
/* copy/xor message into array */
-
+
W[0] = be32_to_cpu(M[0]);
W[1] = be32_to_cpu(M[1]);
W[2] = be32_to_cpu(M[2]);
@@ -184,7 +187,7 @@ sha1_core(const uint32_t M[16], uint32_t hash_value[5]) {
void
sha1_init(sha1_ctx_t *ctx) {
-
+
/* initialize state vector */
ctx->H[0] = 0x67452301;
ctx->H[1] = 0xefcdab89;
@@ -210,7 +213,7 @@ sha1_update(sha1_ctx_t *ctx, const uint8_t *msg, int octets_in_msg) {
/* loop over 16-word blocks of M */
while (octets_in_msg > 0) {
-
+
if (octets_in_msg + ctx->octets_in_buffer >= 64) {
/*
@@ -260,7 +263,7 @@ sha1_final(sha1_ctx_t *ctx, uint32_t *output) {
*/
{
int tail = ctx->octets_in_buffer % 4;
-
+
/* copy/xor message into array */
for (i=0; i < (ctx->octets_in_buffer+3)/4; i++)
W[i] = be32_to_cpu(ctx->M[i]);
@@ -283,7 +286,7 @@ sha1_final(sha1_ctx_t *ctx, uint32_t *output) {
W[i] = 0x80000000;
break;
}
-
+
/* zeroize remaining words */
for (i++ ; i < 15; i++)
W[i] = 0x0;
@@ -299,7 +302,8 @@ sha1_final(sha1_ctx_t *ctx, uint32_t *output) {
else if (ctx->octets_in_buffer < 60)
W[15] = 0x0;
- /* process the word array */ for (t=16; t < 80; t++) {
+ /* process the word array */
+ for (t=16; t < 80; t++) {
TEMP = W[t-3] ^ W[t-8] ^ W[t-14] ^ W[t-16];
W[t] = S1(TEMP);
}
diff --git a/third_party/srtp/crypto/include/aes.h b/third_party/srtp/crypto/include/aes.h
index 20d28047..d88ce403 100644
--- a/third_party/srtp/crypto/include/aes.h
+++ b/third_party/srtp/crypto/include/aes.h
@@ -46,28 +46,32 @@
#ifndef _AES_H
#define _AES_H
-#include "srtp_config.h"
-
#include "datatypes.h"
#include "gf2_8.h"
+#include "err.h"
/* aes internals */
-typedef v128_t aes_expanded_key_t[11];
+typedef struct {
+ v128_t round[15];
+ int num_rounds;
+} aes_expanded_key_t;
-void
-aes_expand_encryption_key(const v128_t *key,
- aes_expanded_key_t expanded_key);
+err_status_t
+aes_expand_encryption_key(const uint8_t *key,
+ int key_len,
+ aes_expanded_key_t *expanded_key);
-void
-aes_expand_decryption_key(const v128_t *key,
- aes_expanded_key_t expanded_key);
+err_status_t
+aes_expand_decryption_key(const uint8_t *key,
+ int key_len,
+ aes_expanded_key_t *expanded_key);
void
-aes_encrypt(v128_t *plaintext, const aes_expanded_key_t exp_key);
+aes_encrypt(v128_t *plaintext, const aes_expanded_key_t *exp_key);
void
-aes_decrypt(v128_t *plaintext, const aes_expanded_key_t exp_key);
+aes_decrypt(v128_t *plaintext, const aes_expanded_key_t *exp_key);
#if 0
/*
diff --git a/third_party/srtp/crypto/include/aes_cbc.h b/third_party/srtp/crypto/include/aes_cbc.h
index 9fb6682b..4fda3903 100644
--- a/third_party/srtp/crypto/include/aes_cbc.h
+++ b/third_party/srtp/crypto/include/aes_cbc.h
@@ -8,6 +8,42 @@
*
*/
+/*
+ *
+ * Copyright (c) 2001-2006, Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following
+ * disclaimer in the documentation and/or other materials provided
+ * with the distribution.
+ *
+ * Neither the name of the Cisco Systems, Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
#ifndef AES_CBC_H
#define AES_CBC_H
@@ -17,6 +53,8 @@
typedef struct {
v128_t state; /* cipher chaining state */
v128_t previous; /* previous ciphertext block */
+ uint8_t key[32];
+ int key_len;
aes_expanded_key_t expanded_key; /* the cipher key */
} aes_cbc_ctx_t;
@@ -31,10 +69,10 @@ aes_cbc_encrypt(aes_cbc_ctx_t *c,
err_status_t
aes_cbc_context_init(aes_cbc_ctx_t *c, const uint8_t *key,
- cipher_direction_t dir);
+ int key_len);
err_status_t
-aes_cbc_set_iv(aes_cbc_ctx_t *c, void *iv);
+aes_cbc_set_iv(aes_cbc_ctx_t *c, void *iv, int direction);
err_status_t
aes_cbc_nist_encrypt(aes_cbc_ctx_t *c,
diff --git a/third_party/srtp/crypto/include/aes_gcm_ossl.h b/third_party/srtp/crypto/include/aes_gcm_ossl.h
new file mode 100644
index 00000000..8e7711dc
--- /dev/null
+++ b/third_party/srtp/crypto/include/aes_gcm_ossl.h
@@ -0,0 +1,63 @@
+/*
+ * aes_gcm_ossl.h
+ *
+ * Header for AES Galois Counter Mode.
+ *
+ * John A. Foley
+ * Cisco Systems, Inc.
+ *
+ */
+/*
+ *
+ * Copyright (c) 2013, Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following
+ * disclaimer in the documentation and/or other materials provided
+ * with the distribution.
+ *
+ * Neither the name of the Cisco Systems, Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#ifndef AES_GCM_OSSL_H
+#define AES_GCM_OSSL_H
+
+#include "cipher.h"
+#include "srtp.h"
+#include <openssl/evp.h>
+#include <openssl/aes.h>
+
+typedef struct {
+ v256_t key;
+ int key_size;
+ int tag_len;
+ EVP_CIPHER_CTX ctx;
+ cipher_direction_t dir;
+} aes_gcm_ctx_t;
+
+#endif /* AES_GCM_OSSL_H */
+
diff --git a/third_party/srtp/crypto/include/aes_icm.h b/third_party/srtp/crypto/include/aes_icm.h
index 17a1ddba..1a2fd82c 100644
--- a/third_party/srtp/crypto/include/aes_icm.h
+++ b/third_party/srtp/crypto/include/aes_icm.h
@@ -8,6 +8,42 @@
*
*/
+/*
+ *
+ * Copyright (c) 2001-2006, Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following
+ * disclaimer in the documentation and/or other materials provided
+ * with the distribution.
+ *
+ * Neither the name of the Cisco Systems, Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
#ifndef AES_ICM_H
#define AES_ICM_H
@@ -25,10 +61,11 @@ typedef struct {
err_status_t
aes_icm_context_init(aes_icm_ctx_t *c,
- const unsigned char *key);
+ const unsigned char *key,
+ int key_len);
err_status_t
-aes_icm_set_iv(aes_icm_ctx_t *c, void *iv);
+aes_icm_set_iv(aes_icm_ctx_t *c, void *iv, int direction);
err_status_t
aes_icm_encrypt(aes_icm_ctx_t *c,
@@ -36,7 +73,7 @@ aes_icm_encrypt(aes_icm_ctx_t *c,
err_status_t
aes_icm_output(aes_icm_ctx_t *c,
- unsigned char *buf, int bytes_to_output);
+ unsigned char *buf, unsigned int bytes_to_output);
err_status_t
aes_icm_dealloc(cipher_t *c);
@@ -52,5 +89,8 @@ aes_icm_alloc_ismacryp(cipher_t **c,
int key_len,
int forIsmacryp);
+uint16_t
+aes_icm_bytes_encrypted(aes_icm_ctx_t *c);
+
#endif /* AES_ICM_H */
diff --git a/third_party/srtp/crypto/include/aes_icm_ossl.h b/third_party/srtp/crypto/include/aes_icm_ossl.h
new file mode 100644
index 00000000..b4ec40a4
--- /dev/null
+++ b/third_party/srtp/crypto/include/aes_icm_ossl.h
@@ -0,0 +1,85 @@
+/*
+ * aes_icm.h
+ *
+ * Header for AES Integer Counter Mode.
+ *
+ * David A. McGrew
+ * Cisco Systems, Inc.
+ *
+ */
+/*
+ *
+ * Copyright (c) 2001-2005,2012, Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following
+ * disclaimer in the documentation and/or other materials provided
+ * with the distribution.
+ *
+ * Neither the name of the Cisco Systems, Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#ifndef AES_ICM_H
+#define AES_ICM_H
+
+#include "cipher.h"
+#include <openssl/evp.h>
+#include <openssl/aes.h>
+
+#ifdef OPENSSL_IS_BORINGSSL
+// BoringSSL doesn't support AES-192, cipher will be disabled
+#define SRTP_NO_AES192
+#endif
+
+#define SALT_SIZE 14
+#define AES_128_KEYSIZE AES_BLOCK_SIZE
+#ifndef SRTP_NO_AES192
+#define AES_192_KEYSIZE AES_BLOCK_SIZE + AES_BLOCK_SIZE / 2
+#endif
+#define AES_256_KEYSIZE AES_BLOCK_SIZE * 2
+#define AES_128_KEYSIZE_WSALT AES_128_KEYSIZE + SALT_SIZE
+#ifndef SRTP_NO_AES192
+#define AES_192_KEYSIZE_WSALT AES_192_KEYSIZE + SALT_SIZE
+#endif
+#define AES_256_KEYSIZE_WSALT AES_256_KEYSIZE + SALT_SIZE
+
+typedef struct {
+ v128_t counter; /* holds the counter value */
+ v128_t offset; /* initial offset value */
+ v256_t key;
+ int key_size;
+ EVP_CIPHER_CTX ctx;
+} aes_icm_ctx_t;
+
+err_status_t aes_icm_openssl_set_iv(aes_icm_ctx_t *c, void *iv, int dir);
+err_status_t aes_icm_openssl_context_init(aes_icm_ctx_t *c, const uint8_t *key, int len);
+err_status_t aes_icm_output(aes_icm_ctx_t *c, uint8_t *buffer, int num_octets_to_output);
+uint16_t aes_icm_bytes_encrypted(aes_icm_ctx_t *c);
+
+
+#endif /* AES_ICM_H */
+
diff --git a/third_party/srtp/crypto/include/auth.h b/third_party/srtp/crypto/include/auth.h
index 295b5f6f..5b5e4b21 100644
--- a/third_party/srtp/crypto/include/auth.h
+++ b/third_party/srtp/crypto/include/auth.h
@@ -48,6 +48,8 @@
#include "datatypes.h"
#include "err.h" /* error codes */
+#include "crypto.h" /* for auth_type_id_t */
+#include "crypto_types.h" /* for values of auth_type_id_t */
typedef struct auth_type_t *auth_type_pointer;
typedef struct auth_t *auth_pointer_t;
@@ -129,6 +131,7 @@ typedef struct auth_type_t {
int ref_count;
auth_test_case_t *test_data;
debug_module_t *debug;
+ auth_type_id_t id;
} auth_type_t;
typedef struct auth_t {
@@ -148,6 +151,15 @@ typedef struct auth_t {
err_status_t
auth_type_self_test(const auth_type_t *at);
+/*
+ * auth_type_test() tests an auth_type against external test cases
+ * provided in an array of values of key/message/tag that is known to
+ * be good
+ */
+
+err_status_t
+auth_type_test(const auth_type_t *at, const auth_test_case_t *test_data);
+
/*
* auth_type_get_ref_count(at) returns the reference count (the number
* of instantiations) of the auth_type_t at
diff --git a/third_party/srtp/crypto/include/cipher.h b/third_party/srtp/crypto/include/cipher.h
index f485660c..d0d6b57f 100644
--- a/third_party/srtp/crypto/include/cipher.h
+++ b/third_party/srtp/crypto/include/cipher.h
@@ -8,7 +8,7 @@
*/
/*
*
- * Copyright (c) 2001-2006, Cisco Systems, Inc.
+ * Copyright (c) 2001-2006,2013 Cisco Systems, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -49,6 +49,8 @@
#include "datatypes.h"
#include "rdbx.h" /* for xtd_seq_num_t */
#include "err.h" /* for error codes */
+#include "crypto.h" /* for cipher_type_id_t */
+#include "crypto_types.h" /* for values of cipher_type_id_t */
/**
@@ -78,15 +80,14 @@ typedef struct cipher_t *cipher_pointer_t;
*/
typedef err_status_t (*cipher_alloc_func_t)
- (cipher_pointer_t *cp, int key_len);
+ (cipher_pointer_t *cp, int key_len, int tag_len);
/*
* a cipher_init_func_t [re-]initializes a cipher_t with a given key
- * and direction (i.e., encrypt or decrypt)
*/
typedef err_status_t (*cipher_init_func_t)
- (void *state, const uint8_t *key, cipher_direction_t dir);
+(void *state, const uint8_t *key, int key_len);
/* a cipher_dealloc_func_t de-allocates a cipher_t */
@@ -97,6 +98,13 @@ typedef err_status_t (*cipher_dealloc_func_t)(cipher_pointer_t cp);
typedef err_status_t (*cipher_set_segment_func_t)
(void *state, xtd_seq_num_t idx);
+/*
+ * a cipher_set_aad_func_t processes the AAD data for AEAD ciphers
+ */
+typedef err_status_t (*cipher_set_aad_func_t)
+ (void *state, uint8_t *aad, unsigned int aad_len);
+
+
/* a cipher_encrypt_func_t encrypts data in-place */
typedef err_status_t (*cipher_encrypt_func_t)
@@ -108,12 +116,19 @@ typedef err_status_t (*cipher_decrypt_func_t)
(void *state, uint8_t *buffer, unsigned int *octets_to_decrypt);
/*
- * a cipher_set_nonce_seq_func_t function sets both the nonce
- * and the extended sequence number
+ * a cipher_set_iv_func_t function sets the current initialization vector
*/
typedef err_status_t (*cipher_set_iv_func_t)
- (cipher_pointer_t cp, void *iv);
+ (cipher_pointer_t cp, void *iv, cipher_direction_t direction);
+
+/*
+ * a cipher_get_tag_funct_t function is used to get the authentication
+ * tag that was calculated by an AEAD cipher.
+ */
+typedef err_status_t (*cipher_get_tag_func_t)
+ (void *state, void *tag, int *len);
+
/*
* cipher_test_case_t is a (list of) key, salt, xtd_seq_num_t,
@@ -127,10 +142,13 @@ typedef struct cipher_test_case_t {
int key_length_octets; /* octets in key */
uint8_t *key; /* key */
uint8_t *idx; /* packet index */
- unsigned int plaintext_length_octets; /* octets in plaintext */
+ int plaintext_length_octets; /* octets in plaintext */
uint8_t *plaintext; /* plaintext */
- unsigned int ciphertext_length_octets; /* octets in plaintext */
+ int ciphertext_length_octets; /* octets in plaintext */
uint8_t *ciphertext; /* ciphertext */
+ int aad_length_octets; /* octets in AAD */
+ uint8_t *aad; /* AAD */
+ int tag_length_octets; /* Length of AEAD tag */
struct cipher_test_case_t *next_test_case; /* pointer to next testcase */
} cipher_test_case_t;
@@ -140,13 +158,16 @@ typedef struct cipher_type_t {
cipher_alloc_func_t alloc;
cipher_dealloc_func_t dealloc;
cipher_init_func_t init;
+ cipher_set_aad_func_t set_aad;
cipher_encrypt_func_t encrypt;
cipher_encrypt_func_t decrypt;
cipher_set_iv_func_t set_iv;
+ cipher_get_tag_func_t get_tag;
char *description;
int ref_count;
cipher_test_case_t *test_data;
debug_module_t *debug;
+ cipher_type_id_t id;
} cipher_type_t;
/*
@@ -158,27 +179,32 @@ typedef struct cipher_t {
cipher_type_t *type;
void *state;
int key_len;
-#ifdef FORCE_64BIT_ALIGN
- int pad;
-#endif
+ int algorithm;
} cipher_t;
/* some syntactic sugar on these function types */
-#define cipher_type_alloc(ct, c, klen) ((ct)->alloc((c), (klen)))
+#define cipher_type_alloc(ct, c, klen, tlen) ((ct)->alloc((c), (klen), (tlen)))
#define cipher_dealloc(c) (((c)->type)->dealloc(c))
-#define cipher_init(c, k, dir) (((c)->type)->init(((c)->state), (k), (dir)))
+#define cipher_init(c, k) (((c)->type)->init(((c)->state), (k), ((c)->key_len)))
#define cipher_encrypt(c, buf, len) \
(((c)->type)->encrypt(((c)->state), (buf), (len)))
+#define cipher_get_tag(c, buf, len) \
+ (((c)->type)->get_tag(((c)->state), (buf), (len)))
+
#define cipher_decrypt(c, buf, len) \
(((c)->type)->decrypt(((c)->state), (buf), (len)))
-#define cipher_set_iv(c, n) \
- ((c) ? (((c)->type)->set_iv(((cipher_pointer_t)(c)->state), (n))) : \
+#define cipher_set_iv(c, n, dir) \
+ ((c) ? (((c)->type)->set_iv(((cipher_pointer_t)(c)->state), (n), (dir))) : \
+ err_status_no_such_op)
+#define cipher_set_aad(c, a, l) \
+ (((c) && (((c)->type)->set_aad)) ? \
+ (((c)->type)->set_aad(((c)->state), (a), (l))) : \
err_status_no_such_op)
err_status_t
@@ -201,6 +227,16 @@ err_status_t
cipher_type_self_test(const cipher_type_t *ct);
+/*
+ * cipher_type_test() tests a cipher against external test cases provided in
+ * an array of values of key/xtd_seq_num_t/plaintext/ciphertext
+ * that is known to be good
+ */
+
+err_status_t
+cipher_type_test(const cipher_type_t *ct, const cipher_test_case_t *test_data);
+
+
/*
* cipher_bits_per_second(c, l, t) computes (and estimate of) the
* number of bits that a cipher implementation can encrypt in a second
diff --git a/third_party/srtp/crypto/include/crypto.h b/third_party/srtp/crypto/include/crypto.h
index 0e9667da..ab6f6bef 100644
--- a/third_party/srtp/crypto/include/crypto.h
+++ b/third_party/srtp/crypto/include/crypto.h
@@ -7,6 +7,42 @@
* Cisco Systems, Inc.
*/
+/*
+ *
+ * Copyright (c) 2001-2006, Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following
+ * disclaimer in the documentation and/or other materials provided
+ * with the distribution.
+ *
+ * Neither the name of the Cisco Systems, Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
#ifndef CRYPTO_H
#define CRYPTO_H
diff --git a/third_party/srtp/crypto/include/crypto_kernel.h b/third_party/srtp/crypto/include/crypto_kernel.h
index b8cd9be1..caccfa03 100644
--- a/third_party/srtp/crypto/include/crypto_kernel.h
+++ b/third_party/srtp/crypto/include/crypto_kernel.h
@@ -182,6 +182,28 @@ crypto_kernel_load_cipher_type(cipher_type_t *ct, cipher_type_id_t id);
err_status_t
crypto_kernel_load_auth_type(auth_type_t *ct, auth_type_id_t id);
+/*
+ * crypto_kernel_replace_cipher_type(ct, id)
+ *
+ * replaces the crypto kernel's existing cipher for the cipher_type id
+ * with a new one passed in externally. The new cipher must pass all the
+ * existing cipher_type's self tests as well as its own.
+ */
+err_status_t
+crypto_kernel_replace_cipher_type(cipher_type_t *ct, cipher_type_id_t id);
+
+
+/*
+ * crypto_kernel_replace_auth_type(ct, id)
+ *
+ * replaces the crypto kernel's existing cipher for the auth_type id
+ * with a new one passed in externally. The new auth type must pass all the
+ * existing auth_type's self tests as well as its own.
+ */
+err_status_t
+crypto_kernel_replace_auth_type(auth_type_t *ct, auth_type_id_t id);
+
+
err_status_t
crypto_kernel_load_debug_module(debug_module_t *new_dm);
@@ -199,7 +221,8 @@ crypto_kernel_load_debug_module(debug_module_t *new_dm);
err_status_t
crypto_kernel_alloc_cipher(cipher_type_id_t id,
cipher_pointer_t *cp,
- int key_len);
+ int key_len,
+ int tag_len);
/*
* crypto_kernel_alloc_auth(id, ap, key_len, tag_len);
diff --git a/third_party/srtp/crypto/include/crypto_math.h b/third_party/srtp/crypto/include/crypto_math.h
index c3e7b76b..52f08372 100644
--- a/third_party/srtp/crypto/include/crypto_math.h
+++ b/third_party/srtp/crypto/include/crypto_math.h
@@ -233,40 +233,6 @@ void
octet_string_set_to_zero(uint8_t *s, int len);
-/*
- * functions manipulating bit_vector_t
- *
- * A bitvector_t consists of an array of words and an integer
- * representing the number of significant bits stored in the array.
- * The bits are packed as follows: the least significant bit is that
- * of word[0], while the most significant bit is the nth most
- * significant bit of word[m], where length = bits_per_word * m + n.
- *
- */
-
-#define bits_per_word 32
-#define bytes_per_word 4
-
-typedef struct {
- uint32_t length;
- uint32_t *word;
-} bitvector_t;
-
-int
-bitvector_alloc(bitvector_t *v, unsigned long length);
-
-void
-bitvector_set_bit(bitvector_t *v, int bit_index);
-
-int
-bitvector_get_bit(const bitvector_t *v, int bit_index);
-
-int
-bitvector_print_hex(const bitvector_t *v, FILE *stream);
-
-int
-bitvector_set_from_hex(bitvector_t *v, char *string);
-
#endif /* MATH_H */
diff --git a/third_party/srtp/crypto/include/crypto_types.h b/third_party/srtp/crypto/include/crypto_types.h
index 0ce50f4b..dbb50c37 100644
--- a/third_party/srtp/crypto/include/crypto_types.h
+++ b/third_party/srtp/crypto/include/crypto_types.h
@@ -8,7 +8,7 @@
*/
/*
*
- * Copyright(c) 2001-2006 Cisco Systems, Inc.
+ * Copyright(c) 2001-2006,2013 Cisco Systems, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -97,12 +97,19 @@
#define NULL_CIPHER 0
/**
- * @brief AES-128 Integer Counter Mode (AES ICM)
+ * @brief AES Integer Counter Mode (AES ICM)
*
- * AES-128 ICM is the variant of counter mode that is used by Secure RTP.
- * This cipher uses a 16-octet key and a 30-octet offset (or salt) value.
+ * AES ICM is the variant of counter mode that is used by Secure RTP.
+ * This cipher uses a 16-, 24-, or 32-octet key concatenated with a
+ * 14-octet offset (or salt) value.
+ */
+#define AES_ICM 1
+
+/**
+ * @brief AES-128 Integer Counter Mode (AES ICM)
+ * AES-128 ICM is a deprecated alternate name for AES ICM.
*/
-#define AES_128_ICM 1
+#define AES_128_ICM AES_ICM
/**
* @brief SEAL 3.0
@@ -113,19 +120,54 @@
#define SEAL 2
/**
- * @brief AES-128 Integer Counter Mode (AES ICM)
+ * @brief AES Cipher Block Chaining mode (AES CBC)
*
- * AES-128 ICM is the variant of counter mode that is used by Secure RTP.
- * This cipher uses a 16-octet key and a 30-octet offset (or salt) value.
+ * AES CBC is the AES Cipher Block Chaining mode.
+ * This cipher uses a 16-, 24-, or 32-octet key.
*/
-#define AES_128_CBC 3
+#define AES_CBC 3
+
+/**
+ * @brief AES-128 Cipher Block Chaining mode (AES CBC)
+ *
+ * AES-128 CBC is a deprecated alternate name for AES CBC.
+ */
+#define AES_128_CBC AES_CBC
/**
* @brief Strongest available cipher.
*
* This identifier resolves to the strongest cipher type available.
*/
-#define STRONGHOLD_CIPHER AES_128_ICM
+#define STRONGHOLD_CIPHER AES_ICM
+
+/**
+ * @brief AES-192 Integer Counter Mode (AES ICM)
+ * AES-192 ICM is a deprecated alternate name for AES ICM.
+ */
+#define AES_192_ICM 4
+
+/**
+ * @brief AES-256 Integer Counter Mode (AES ICM)
+ * AES-256 ICM is a deprecated alternate name for AES ICM.
+ */
+#define AES_256_ICM 5
+
+/**
+ * @brief AES-128_GCM Galois Counter Mode (AES GCM)
+ *
+ * AES-128 GCM is the variant of galois counter mode that is used by
+ * Secure RTP. This cipher uses a 16-octet key.
+ */
+#define AES_128_GCM 6
+
+/**
+ * @brief AES-256_GCM Galois Counter Mode (AES GCM)
+ *
+ * AES-256 GCM is the variant of galois counter mode that is used by
+ * Secure RTP. This cipher uses a 32-octet key.
+ */
+#define AES_256_GCM 7
/**
* @}
diff --git a/third_party/srtp/crypto/include/datatypes.h b/third_party/srtp/crypto/include/datatypes.h
index 4f86b556..b18435f0 100644
--- a/third_party/srtp/crypto/include/datatypes.h
+++ b/third_party/srtp/crypto/include/datatypes.h
@@ -92,6 +92,12 @@ typedef union {
uint64_t v64[2];
} v128_t;
+typedef union {
+ uint8_t v8[32];
+ uint16_t v16[16];
+ uint32_t v32[8];
+ uint64_t v64[4];
+} v256_t;
/* some useful and simple math functions */
@@ -155,10 +161,10 @@ void
v128_copy_octet_string(v128_t *x, const uint8_t s[16]);
void
-v128_left_shift(v128_t *x, int index);
+v128_left_shift(v128_t *x, int shift_index);
void
-v128_right_shift(v128_t *x, int index);
+v128_right_shift(v128_t *x, int shift_index);
/*
* the following macros define the data manipulation functions
@@ -377,7 +383,7 @@ void
octet_string_set_to_zero(uint8_t *s, int len);
-#ifndef SRTP_KERNEL_LINUX
+#if !defined(SRTP_KERNEL_LINUX) && defined(HAVE_CONFIG_H)
/*
* Convert big endian integers to CPU byte order.
@@ -424,4 +430,87 @@ static inline uint64_t be64_to_cpu(uint64_t v) {
#endif /* WORDS_BIGENDIAN */
+/*
+ * functions manipulating bitvector_t
+ *
+ * A bitvector_t consists of an array of words and an integer
+ * representing the number of significant bits stored in the array.
+ * The bits are packed as follows: the least significant bit is that
+ * of word[0], while the most significant bit is the nth most
+ * significant bit of word[m], where length = bits_per_word * m + n.
+ *
+ */
+
+#define bits_per_word 32
+#define bytes_per_word 4
+
+typedef struct {
+ uint32_t length;
+ uint32_t *word;
+} bitvector_t;
+
+
+#define _bitvector_get_bit(v, bit_index) \
+( \
+ ((((v)->word[((bit_index) >> 5)]) >> ((bit_index) & 31)) & 1) \
+)
+
+
+#define _bitvector_set_bit(v, bit_index) \
+( \
+ (((v)->word[((bit_index) >> 5)] |= ((uint32_t)1 << ((bit_index) & 31)))) \
+)
+
+#define _bitvector_clear_bit(v, bit_index) \
+( \
+ (((v)->word[((bit_index) >> 5)] &= ~((uint32_t)1 << ((bit_index) & 31)))) \
+)
+
+#define _bitvector_get_length(v) \
+( \
+ ((v)->length) \
+)
+
+#ifdef DATATYPES_USE_MACROS /* little functions are really macros */
+
+#define bitvector_get_bit(v, bit_index) _bitvector_get_bit(v, bit_index)
+#define bitvector_set_bit(v, bit_index) _bitvector_set_bit(v, bit_index)
+#define bitvector_clear_bit(v, bit_index) _bitvector_clear_bit(v, bit_index)
+#define bitvector_get_length(v) _bitvector_get_length(v)
+
+#else
+
+int
+bitvector_get_bit(const bitvector_t *v, int bit_index);
+
+void
+bitvector_set_bit(bitvector_t *v, int bit_index);
+
+void
+bitvector_clear_bit(bitvector_t *v, int bit_index);
+
+unsigned long
+bitvector_get_length(const bitvector_t *v);
+
+#endif
+
+int
+bitvector_alloc(bitvector_t *v, unsigned long length);
+
+void
+bitvector_dealloc(bitvector_t *v);
+
+void
+bitvector_set_to_zero(bitvector_t *x);
+
+void
+bitvector_left_shift(bitvector_t *x, int index);
+
+char *
+bitvector_bit_string(bitvector_t *x, char* buf, int len);
+
+#ifdef TESTAPP_SOURCE
+int base64_string_to_octet_string(char *raw, int *pad, char *base64, int len);
+#endif
+
#endif /* _DATATYPES_H */
diff --git a/third_party/srtp/crypto/include/err.h b/third_party/srtp/crypto/include/err.h
index 1a6e1701..4f401a6d 100644
--- a/third_party/srtp/crypto/include/err.h
+++ b/third_party/srtp/crypto/include/err.h
@@ -46,7 +46,8 @@
#ifndef ERR_H
#define ERR_H
-#include "datatypes.h"
+#include <stdio.h>
+#include <stdarg.h>
/**
* @defgroup Error Error Codes
@@ -87,7 +88,7 @@ typedef enum {
err_status_nonce_bad = 18, /**< nonce check failed */
err_status_read_fail = 19, /**< couldn't read data */
err_status_write_fail = 20, /**< couldn't write data */
- err_status_parse_err = 21, /**< error pasring data */
+ err_status_parse_err = 21, /**< error parsing data */
err_status_encode_err = 22, /**< error encoding data */
err_status_semaphore_err = 23,/**< error while using semaphores */
err_status_pfkey_err = 24 /**< error while using pfkey */
@@ -118,7 +119,7 @@ typedef enum {
*/
err_status_t
-err_reporting_init(char *ident);
+err_reporting_init(const char *ident);
#ifdef SRTP_KERNEL_LINUX
extern err_reporting_level_t err_level;
@@ -135,7 +136,7 @@ extern err_reporting_level_t err_level;
*/
void
-err_report(int priority, char *format, ...);
+err_report(int priority, const char *format, ...);
#endif /* ! SRTP_KERNEL_LINUX */
@@ -145,7 +146,7 @@ err_report(int priority, char *format, ...);
typedef struct {
int on; /* 1 if debugging is on, 0 if it is off */
- char *name; /* printable name for debug module */
+ const char *name; /* printable name for debug module */
} debug_module_t;
#ifdef ENABLE_DEBUGGING
diff --git a/third_party/srtp/crypto/include/hmac.h b/third_party/srtp/crypto/include/hmac.h
index 262c0e2d..875f45c6 100644
--- a/third_party/srtp/crypto/include/hmac.h
+++ b/third_party/srtp/crypto/include/hmac.h
@@ -9,7 +9,7 @@
*/
/*
*
- * Copyright (c) 2001-2006, Cisco Systems, Inc.
+ * Copyright (c) 2001-2006,2013, Cisco Systems, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -53,6 +53,10 @@ typedef struct {
uint8_t opad[64];
sha1_ctx_t ctx;
sha1_ctx_t init_ctx;
+#ifdef OPENSSL
+ int ctx_initialized;
+ int init_ctx_initialized;
+#endif
} hmac_ctx_t;
err_status_t
diff --git a/third_party/srtp/crypto/include/integers.h b/third_party/srtp/crypto/include/integers.h
index 138ea9c5..179ec39f 100644
--- a/third_party/srtp/crypto/include/integers.h
+++ b/third_party/srtp/crypto/include/integers.h
@@ -47,7 +47,7 @@
#ifndef INTEGERS_H
#define INTEGERS_H
-#include "srtp_config.h" /* configuration file, using autoconf */
+#include "config.h"
#ifdef SRTP_KERNEL
@@ -76,7 +76,7 @@
#endif
/* Can we do 64 bit integers? */
-#ifndef HAVE_UINT64_T
+#if !defined(HAVE_UINT64_T)
# if SIZEOF_UNSIGNED_LONG == 8
typedef unsigned long uint64_t;
# elif SIZEOF_UNSIGNED_LONG_LONG == 8
@@ -99,7 +99,7 @@ typedef unsigned int uint32_t;
#endif
-#ifdef NO_64BIT_MATH
+#if defined(NO_64BIT_MATH) && defined(HAVE_CONFIG_H)
typedef double uint64_t;
/* assert that sizeof(double) == 8 */
extern uint64_t make64(uint32_t high, uint32_t low);
diff --git a/third_party/srtp/crypto/include/null_cipher.h b/third_party/srtp/crypto/include/null_cipher.h
index 7d6bbdd6..39da59a8 100644
--- a/third_party/srtp/crypto/include/null_cipher.h
+++ b/third_party/srtp/crypto/include/null_cipher.h
@@ -62,11 +62,11 @@ typedef struct {
*/
err_status_t
-null_cipher_init(null_cipher_ctx_t *c, const uint8_t *key);
+null_cipher_init(null_cipher_ctx_t *c, const uint8_t *key, int key_len);
err_status_t
null_cipher_set_segment(null_cipher_ctx_t *c,
- unsigned long index);
+ unsigned long segment_index);
err_status_t
null_cipher_encrypt(null_cipher_ctx_t *c,
diff --git a/third_party/srtp/crypto/include/prng.h b/third_party/srtp/crypto/include/prng.h
index fb96b5eb..c5ec2306 100644
--- a/third_party/srtp/crypto/include/prng.h
+++ b/third_party/srtp/crypto/include/prng.h
@@ -7,12 +7,53 @@
* Cisco Systems, Inc.
*/
+/*
+ *
+ * Copyright (c) 2001-2006, Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following
+ * disclaimer in the documentation and/or other materials provided
+ * with the distribution.
+ *
+ * Neither the name of the Cisco Systems, Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
#ifndef PRNG_H
#define PRNG_H
#include "rand_source.h" /* for rand_source_func_t definition */
#include "aes.h" /* for aes */
+//FIXME: this is temporary until we pull in the code to use OpenSSL for RNG
+#ifdef OPENSSL
+#include "aes_icm_ossl.h" /* for aes ctr */
+#else
#include "aes_icm.h" /* for aes ctr */
+#endif
#define MAX_PRNG_OUT_LEN 0xffffffffU
diff --git a/third_party/srtp/crypto/include/rdb.h b/third_party/srtp/crypto/include/rdb.h
index 5a26c5e3..300c569f 100644
--- a/third_party/srtp/crypto/include/rdb.h
+++ b/third_party/srtp/crypto/include/rdb.h
@@ -8,6 +8,42 @@
*/
+/*
+ *
+ * Copyright (c) 2001-2006, Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following
+ * disclaimer in the documentation and/or other materials provided
+ * with the distribution.
+ *
+ * Neither the name of the Cisco Systems, Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
#ifndef REPLAY_DB_H
#define REPLAY_DB_H
@@ -49,7 +85,7 @@ rdb_init(rdb_t *rdb);
*/
err_status_t
-rdb_check(const rdb_t *rdb, uint32_t index);
+rdb_check(const rdb_t *rdb, uint32_t rdb_index);
/*
* rdb_add_index
@@ -61,7 +97,7 @@ rdb_check(const rdb_t *rdb, uint32_t index);
*/
err_status_t
-rdb_add_index(rdb_t *rdb, uint32_t index);
+rdb_add_index(rdb_t *rdb, uint32_t rdb_index);
/*
* the functions rdb_increment() and rdb_get_value() are for use by
diff --git a/third_party/srtp/crypto/include/rdbx.h b/third_party/srtp/crypto/include/rdbx.h
index ce9ecf6f..4b8dd229 100644
--- a/third_party/srtp/crypto/include/rdbx.h
+++ b/third_party/srtp/crypto/include/rdbx.h
@@ -8,6 +8,42 @@
*
*/
+/*
+ *
+ * Copyright (c) 2001-2006, Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following
+ * disclaimer in the documentation and/or other materials provided
+ * with the distribution.
+ *
+ * Neither the name of the Cisco Systems, Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
#ifndef RDBX_H
#define RDBX_H
@@ -46,19 +82,29 @@ typedef uint64_t xtd_seq_num_t;
typedef struct {
xtd_seq_num_t index;
- v128_t bitmask;
+ bitvector_t bitmask;
} rdbx_t;
/*
- * rdbx_init(rdbx_ptr)
+ * rdbx_init(rdbx_ptr, ws)
*
- * initializes the rdbx pointed to by its argument, setting the
- * rollover counter and sequence number to zero
+ * initializes the rdbx pointed to by its argument with the window size ws,
+ * setting the rollover counter and sequence number to zero
*/
err_status_t
-rdbx_init(rdbx_t *rdbx);
+rdbx_init(rdbx_t *rdbx, unsigned long ws);
+
+
+/*
+ * rdbx_dealloc(rdbx_ptr)
+ *
+ * frees memory associated with the rdbx
+ */
+
+err_status_t
+rdbx_dealloc(rdbx_t *rdbx);
/*
@@ -100,12 +146,42 @@ rdbx_check(const rdbx_t *rdbx, int difference);
err_status_t
rdbx_add_index(rdbx_t *rdbx, int delta);
+
+/*
+ * rdbx_set_roc(rdbx, roc) initalizes the rdbx_t at the location rdbx
+ * to have the rollover counter value roc. If that value is less than
+ * the current rollover counter value, then the function returns
+ * err_status_replay_old; otherwise, err_status_ok is returned.
+ *
+ */
+
+err_status_t
+rdbx_set_roc(rdbx_t *rdbx, uint32_t roc);
+
+/*
+ * rdbx_get_roc(rdbx) returns the value of the rollover counter for
+ * the rdbx_t pointed to by rdbx
+ *
+ */
+
+xtd_seq_num_t
+rdbx_get_packet_index(const rdbx_t *rdbx);
+
/*
* xtd_seq_num_t functions - these are *internal* functions of rdbx, and
* shouldn't be used to manipulate rdbx internal values. use the rdbx
* api instead!
*/
+/*
+ * rdbx_get_ws(rdbx_ptr)
+ *
+ * gets the window size which was used to initialize the rdbx
+ */
+
+unsigned long
+rdbx_get_window_size(const rdbx_t *rdbx);
+
/* index_init(&pi) initializes a packet index pi (sets it to zero) */
diff --git a/third_party/srtp/crypto/include/sha1.h b/third_party/srtp/crypto/include/sha1.h
index e3af4d4b..f1744ced 100644
--- a/third_party/srtp/crypto/include/sha1.h
+++ b/third_party/srtp/crypto/include/sha1.h
@@ -47,7 +47,49 @@
#ifndef SHA1_H
#define SHA1_H
+#ifdef HAVE_CONFIG_H
+ #include <config.h>
+#endif
+
#include "err.h"
+#ifdef OPENSSL
+#include <openssl/evp.h>
+#include <stdint.h>
+
+typedef EVP_MD_CTX sha1_ctx_t;
+
+/*
+ * sha1_init(&ctx) initializes the SHA1 context ctx
+ *
+ * sha1_update(&ctx, msg, len) hashes the len octets starting at msg
+ * into the SHA1 context
+ *
+ * sha1_final(&ctx, output) performs the final processing of the SHA1
+ * context and writes the result to the 20 octets at output
+ *
+ * Return values are ignored on the EVP functions since all three
+ * of these functions return void.
+ *
+ */
+
+static inline void sha1_init (sha1_ctx_t *ctx)
+{
+ EVP_MD_CTX_init(ctx);
+ EVP_DigestInit(ctx, EVP_sha1());
+}
+
+static inline void sha1_update (sha1_ctx_t *ctx, const uint8_t *M, int octets_in_msg)
+{
+ EVP_DigestUpdate(ctx, M, octets_in_msg);
+}
+
+static inline void sha1_final (sha1_ctx_t *ctx, uint32_t *output)
+{
+ unsigned int len = 0;
+
+ EVP_DigestFinal(ctx, (unsigned char*)output, &len);
+}
+#else
#include "datatypes.h"
typedef struct {
@@ -104,5 +146,7 @@ sha1_final(sha1_ctx_t *ctx, uint32_t output[5]);
void
sha1_core(const uint32_t M[16], uint32_t hash_value[5]);
+
+#endif /* else OPENSSL */
#endif /* SHA1_H */
diff --git a/third_party/srtp/crypto/include/xfm.h b/third_party/srtp/crypto/include/xfm.h
index 5837149b..80774f96 100644
--- a/third_party/srtp/crypto/include/xfm.h
+++ b/third_party/srtp/crypto/include/xfm.h
@@ -7,6 +7,42 @@
* Cisco Systems, Inc.
*/
+/*
+ *
+ * Copyright (c) 2001-2006, Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following
+ * disclaimer in the documentation and/or other materials provided
+ * with the distribution.
+ *
+ * Neither the name of the Cisco Systems, Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
#ifndef XFM_H
#define XFM_H
diff --git a/third_party/srtp/crypto/kernel/alloc.c b/third_party/srtp/crypto/kernel/alloc.c
index 5dd09474..e728798c 100644
--- a/third_party/srtp/crypto/kernel/alloc.c
+++ b/third_party/srtp/crypto/kernel/alloc.c
@@ -42,6 +42,10 @@
*
*/
+#ifdef HAVE_CONFIG_H
+ #include <config.h>
+#endif
+
#include "alloc.h"
#include "crypto_kernel.h"
@@ -73,8 +77,9 @@ crypto_alloc(size_t size) {
if (ptr) {
debug_print(mod_alloc, "(location: %p) allocated", ptr);
- } else
+ } else {
debug_print(mod_alloc, "allocation failed (asked for %d bytes)\n", size);
+ }
return ptr;
}
@@ -98,9 +103,10 @@ crypto_alloc(size_t size) {
if (ptr) {
debug_print(mod_alloc, "(location: %p) allocated", ptr);
- } else
+ } else {
debug_print(mod_alloc, "allocation failed (asked for %d bytes)\n", size);
-
+ }
+
return ptr;
}
diff --git a/third_party/srtp/crypto/kernel/crypto_kernel.c b/third_party/srtp/crypto/kernel/crypto_kernel.c
index 230dda62..f01a72a5 100644
--- a/third_party/srtp/crypto/kernel/crypto_kernel.c
+++ b/third_party/srtp/crypto/kernel/crypto_kernel.c
@@ -8,7 +8,7 @@
*/
/*
*
- * Copyright(c) 2001-2006 Cisco Systems, Inc.
+ * Copyright(c) 2001-2006,2013 Cisco Systems, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -43,6 +43,10 @@
*/
+#ifdef HAVE_CONFIG_H
+ #include <config.h>
+#endif
+
#include "alloc.h"
#include "crypto_kernel.h"
@@ -69,7 +73,12 @@ extern debug_module_t mod_alloc;
extern cipher_type_t null_cipher;
extern cipher_type_t aes_icm;
+#ifndef OPENSSL
extern cipher_type_t aes_cbc;
+#else
+extern cipher_type_t aes_gcm_128_openssl;
+extern cipher_type_t aes_gcm_256_openssl;
+#endif
/*
@@ -137,6 +146,7 @@ crypto_kernel_init() {
if (status)
return status;
+#ifndef OPENSSL
/* initialize pseudorandom number generator */
status = ctr_prng_init(rand_source_get_octet_string);
if (status)
@@ -146,17 +156,29 @@ crypto_kernel_init() {
status = stat_test_rand_source_with_repetition(ctr_prng_get_octet_string, MAX_RNG_TRIALS);
if (status)
return status;
+#endif
/* load cipher types */
status = crypto_kernel_load_cipher_type(&null_cipher, NULL_CIPHER);
if (status)
return status;
- status = crypto_kernel_load_cipher_type(&aes_icm, AES_128_ICM);
+ status = crypto_kernel_load_cipher_type(&aes_icm, AES_ICM);
if (status)
return status;
- status = crypto_kernel_load_cipher_type(&aes_cbc, AES_128_CBC);
+#ifndef OPENSSL
+ status = crypto_kernel_load_cipher_type(&aes_cbc, AES_CBC);
if (status)
return status;
+#else
+ status = crypto_kernel_load_cipher_type(&aes_gcm_128_openssl, AES_128_GCM);
+ if (status) {
+ return status;
+ }
+ status = crypto_kernel_load_cipher_type(&aes_gcm_256_openssl, AES_256_GCM);
+ if (status) {
+ return status;
+ }
+#endif
/* load auth func types */
status = crypto_kernel_load_auth_type(&null_auth, NULL_AUTH);
@@ -297,8 +319,9 @@ crypto_kernel_shutdown() {
return err_status_ok;
}
-err_status_t
-crypto_kernel_load_cipher_type(cipher_type_t *new_ct, cipher_type_id_t id) {
+static inline err_status_t
+crypto_kernel_do_load_cipher_type(cipher_type_t *new_ct, cipher_type_id_t id,
+ int replace) {
kernel_cipher_type_t *ctype, *new_ctype;
err_status_t status;
@@ -306,6 +329,9 @@ crypto_kernel_load_cipher_type(cipher_type_t *new_ct, cipher_type_id_t id) {
if (new_ct == NULL)
return err_status_bad_param;
+ if (new_ct->id != id)
+ return err_status_bad_param;
+
/* check cipher type by running self-test */
status = cipher_type_self_test(new_ct);
if (status) {
@@ -315,24 +341,35 @@ crypto_kernel_load_cipher_type(cipher_type_t *new_ct, cipher_type_id_t id) {
/* walk down list, checking if this type is in the list already */
ctype = crypto_kernel.cipher_type_list;
while (ctype != NULL) {
- if ((new_ct == ctype->cipher_type) || (id == ctype->id))
+ if (id == ctype->id) {
+ if (!replace)
+ return err_status_bad_param;
+ status = cipher_type_test(new_ct, ctype->cipher_type->test_data);
+ if (status)
+ return status;
+ new_ctype = ctype;
+ break;
+ }
+ else if (new_ct == ctype->cipher_type)
return err_status_bad_param;
ctype = ctype->next;
}
- /* put new_ct at the head of the list */
+ /* if not found, put new_ct at the head of the list */
+ if (ctype == NULL) {
/* allocate memory */
- new_ctype = (kernel_cipher_type_t *) crypto_alloc(sizeof(kernel_cipher_type_t));
- if (new_ctype == NULL)
- return err_status_alloc_fail;
+ new_ctype = (kernel_cipher_type_t *) crypto_alloc(sizeof(kernel_cipher_type_t));
+ if (new_ctype == NULL)
+ return err_status_alloc_fail;
+ new_ctype->next = crypto_kernel.cipher_type_list;
+
+ /* set head of list to new cipher type */
+ crypto_kernel.cipher_type_list = new_ctype;
+ }
/* set fields */
new_ctype->cipher_type = new_ct;
new_ctype->id = id;
- new_ctype->next = crypto_kernel.cipher_type_list;
-
- /* set head of list to new cipher type */
- crypto_kernel.cipher_type_list = new_ctype;
/* load debug module, if there is one present */
if (new_ct->debug != NULL)
@@ -343,7 +380,18 @@ crypto_kernel_load_cipher_type(cipher_type_t *new_ct, cipher_type_id_t id) {
}
err_status_t
-crypto_kernel_load_auth_type(auth_type_t *new_at, auth_type_id_t id) {
+crypto_kernel_load_cipher_type(cipher_type_t *new_ct, cipher_type_id_t id) {
+ return crypto_kernel_do_load_cipher_type(new_ct, id, 0);
+}
+
+err_status_t
+crypto_kernel_replace_cipher_type(cipher_type_t *new_ct, cipher_type_id_t id) {
+ return crypto_kernel_do_load_cipher_type(new_ct, id, 1);
+}
+
+err_status_t
+crypto_kernel_do_load_auth_type(auth_type_t *new_at, auth_type_id_t id,
+ int replace) {
kernel_auth_type_t *atype, *new_atype;
err_status_t status;
@@ -351,6 +399,9 @@ crypto_kernel_load_auth_type(auth_type_t *new_at, auth_type_id_t id) {
if (new_at == NULL)
return err_status_bad_param;
+ if (new_at->id != id)
+ return err_status_bad_param;
+
/* check auth type by running self-test */
status = auth_type_self_test(new_at);
if (status) {
@@ -360,24 +411,35 @@ crypto_kernel_load_auth_type(auth_type_t *new_at, auth_type_id_t id) {
/* walk down list, checking if this type is in the list already */
atype = crypto_kernel.auth_type_list;
while (atype != NULL) {
- if ((new_at == atype->auth_type) || (id == atype->id))
+ if (id == atype->id) {
+ if (!replace)
+ return err_status_bad_param;
+ status = auth_type_test(new_at, atype->auth_type->test_data);
+ if (status)
+ return status;
+ new_atype = atype;
+ break;
+ }
+ else if (new_at == atype->auth_type)
return err_status_bad_param;
atype = atype->next;
}
- /* put new_at at the head of the list */
- /* allocate memory */
- new_atype = (kernel_auth_type_t *)crypto_alloc(sizeof(kernel_auth_type_t));
- if (new_atype == NULL)
- return err_status_alloc_fail;
+ /* if not found, put new_at at the head of the list */
+ if (atype == NULL) {
+ /* allocate memory */
+ new_atype = (kernel_auth_type_t *)crypto_alloc(sizeof(kernel_auth_type_t));
+ if (new_atype == NULL)
+ return err_status_alloc_fail;
+
+ new_atype->next = crypto_kernel.auth_type_list;
+ /* set head of list to new auth type */
+ crypto_kernel.auth_type_list = new_atype;
+ }
/* set fields */
new_atype->auth_type = new_at;
new_atype->id = id;
- new_atype->next = crypto_kernel.auth_type_list;
-
- /* set head of list to new auth type */
- crypto_kernel.auth_type_list = new_atype;
/* load debug module, if there is one present */
if (new_at->debug != NULL)
@@ -388,6 +450,16 @@ crypto_kernel_load_auth_type(auth_type_t *new_at, auth_type_id_t id) {
}
+err_status_t
+crypto_kernel_load_auth_type(auth_type_t *new_at, auth_type_id_t id) {
+ return crypto_kernel_do_load_auth_type(new_at, id, 0);
+}
+
+err_status_t
+crypto_kernel_replace_auth_type(auth_type_t *new_at, auth_type_id_t id) {
+ return crypto_kernel_do_load_auth_type(new_at, id, 1);
+}
+
cipher_type_t *
crypto_kernel_get_cipher_type(cipher_type_id_t id) {
@@ -409,7 +481,8 @@ crypto_kernel_get_cipher_type(cipher_type_id_t id) {
err_status_t
crypto_kernel_alloc_cipher(cipher_type_id_t id,
cipher_pointer_t *cp,
- int key_len) {
+ int key_len,
+ int tag_len) {
cipher_type_t *ct;
/*
@@ -423,7 +496,7 @@ crypto_kernel_alloc_cipher(cipher_type_id_t id,
if (!ct)
return err_status_fail;
- return ((ct)->alloc(cp, key_len));
+ return ((ct)->alloc(cp, key_len, tag_len));
}
@@ -517,7 +590,11 @@ crypto_kernel_set_debug_module(char *name, int on) {
err_status_t
crypto_get_random(unsigned char *buffer, unsigned int length) {
if (crypto_kernel.state == crypto_kernel_state_secure)
+#ifdef OPENSSL
+ return rand_source_get_octet_string(buffer, length);
+#else
return ctr_prng_get_octet_string(buffer, length);
+#endif
else
return err_status_fail;
}
diff --git a/third_party/srtp/crypto/kernel/err.c b/third_party/srtp/crypto/kernel/err.c
index 4a3a8589..fcd90784 100644
--- a/third_party/srtp/crypto/kernel/err.c
+++ b/third_party/srtp/crypto/kernel/err.c
@@ -42,6 +42,10 @@
*
*/
+#ifdef HAVE_CONFIG_H
+ #include <config.h>
+#endif
+
#include "err.h"
#ifdef ERR_REPORTING_SYSLOG
@@ -57,7 +61,7 @@ err_reporting_level_t err_level = err_level_none;
#ifdef SRTP_KERNEL_LINUX
err_status_t
-err_reporting_init(char *ident) {
+err_reporting_init(const char *ident) {
return err_status_ok;
}
@@ -69,7 +73,7 @@ err_reporting_init(char *ident) {
static FILE *err_file = NULL;
err_status_t
-err_reporting_init(char *ident) {
+err_reporting_init(const char *ident) {
#ifdef ERR_REPORTING_SYSLOG
openlog(ident, LOG_PID, LOG_AUTHPRIV);
#endif
@@ -92,7 +96,7 @@ err_reporting_init(char *ident) {
}
void
-err_report(int priority, char *format, ...) {
+err_report(int priority, const char *format, ...) {
va_list args;
if (priority <= err_level) {
diff --git a/third_party/srtp/crypto/kernel/key.c b/third_party/srtp/crypto/kernel/key.c
index 9f63b22c..3521e2f8 100644
--- a/third_party/srtp/crypto/kernel/key.c
+++ b/third_party/srtp/crypto/kernel/key.c
@@ -42,6 +42,10 @@
*
*/
+#ifdef HAVE_CONFIG_H
+ #include <config.h>
+#endif
+
#include "key.h"
#define soft_limit 0x10000
diff --git a/third_party/srtp/crypto/math/datatypes.c b/third_party/srtp/crypto/math/datatypes.c
index c8f44a52..a30873ee 100644
--- a/third_party/srtp/crypto/math/datatypes.c
+++ b/third_party/srtp/crypto/math/datatypes.c
@@ -43,6 +43,10 @@
*
*/
+#ifdef HAVE_CONFIG_H
+ #include <config.h>
+#endif
+
#include "datatypes.h"
int
@@ -113,8 +117,8 @@ octet_string_hex_string(const void *s, int length) {
length *= 2;
/* truncate string if it would be too long */
- if (length >= MAX_PRINT_STRING_LEN-1)
- length = MAX_PRINT_STRING_LEN-2;
+ if (length > MAX_PRINT_STRING_LEN)
+ length = MAX_PRINT_STRING_LEN-1;
for (i=0; i < length; i+=2) {
bit_string[i] = nibble_to_hex_char(*str >> 4);
@@ -149,9 +153,10 @@ hex_char_to_nibble(uint8_t c) {
case ('E'): return 0xe;
case ('f'): return 0xf;
case ('F'): return 0xf;
- default: break; /* this flags an error */
+ default: return -1; /* this flags an error */
}
- return -1;
+ /* NOTREACHED */
+ return -1; /* this keeps compilers from complaining */
}
int
@@ -206,16 +211,16 @@ v128_hex_string(v128_t *x) {
char *
v128_bit_string(v128_t *x) {
- int j, index;
+ int j, i;
uint32_t mask;
- for (j=index=0; j < 4; j++) {
+ for (j=i=0; j < 4; j++) {
for (mask=0x80000000; mask > 0; mask >>= 1) {
if (x->v32[j] & mask)
- bit_string[index] = '1';
+ bit_string[i] = '1';
else
- bit_string[index] = '0';
- ++index;
+ bit_string[i] = '0';
+ ++i;
}
}
bit_string[128] = 0; /* null terminate string */
@@ -322,13 +327,13 @@ v128_set_bit_to(v128_t *x, int i, int y){
#endif /* DATATYPES_USE_MACROS */
void
-v128_right_shift(v128_t *x, int index) {
- const int base_index = index >> 5;
- const int bit_index = index & 31;
+v128_right_shift(v128_t *x, int shift) {
+ const int base_index = shift >> 5;
+ const int bit_index = shift & 31;
int i, from;
uint32_t b;
- if (index > 127) {
+ if (shift > 127) {
v128_set_to_zero(x);
return;
}
@@ -360,12 +365,12 @@ v128_right_shift(v128_t *x, int index) {
}
void
-v128_left_shift(v128_t *x, int index) {
+v128_left_shift(v128_t *x, int shift) {
int i;
- const int base_index = index >> 5;
- const int bit_index = index & 31;
+ const int base_index = shift >> 5;
+ const int bit_index = shift & 31;
- if (index > 127) {
+ if (shift > 127) {
v128_set_to_zero(x);
return;
}
@@ -386,6 +391,124 @@ v128_left_shift(v128_t *x, int index) {
}
+/* functions manipulating bitvector_t */
+
+#ifndef DATATYPES_USE_MACROS /* little functions are not macros */
+
+int
+bitvector_get_bit(const bitvector_t *v, int bit_index)
+{
+ return _bitvector_get_bit(v, bit_index);
+}
+
+void
+bitvector_set_bit(bitvector_t *v, int bit_index)
+{
+ _bitvector_set_bit(v, bit_index);
+}
+
+void
+bitvector_clear_bit(bitvector_t *v, int bit_index)
+{
+ _bitvector_clear_bit(v, bit_index);
+}
+
+
+#endif /* DATATYPES_USE_MACROS */
+
+int
+bitvector_alloc(bitvector_t *v, unsigned long length) {
+ unsigned long l;
+
+ /* Round length up to a multiple of bits_per_word */
+ length = (length + bits_per_word - 1) & ~(unsigned long)((bits_per_word - 1));
+
+ l = length / bits_per_word * bytes_per_word;
+
+ /* allocate memory, then set parameters */
+ if (l == 0)
+ v->word = NULL;
+ else {
+ v->word = (uint32_t*)crypto_alloc(l);
+ if (v->word == NULL) {
+ v->word = NULL;
+ v->length = 0;
+ return -1;
+ }
+ }
+ v->length = length;
+
+ /* initialize bitvector to zero */
+ bitvector_set_to_zero(v);
+
+ return 0;
+}
+
+
+void
+bitvector_dealloc(bitvector_t *v) {
+ if (v->word != NULL)
+ crypto_free(v->word);
+ v->word = NULL;
+ v->length = 0;
+}
+
+void
+bitvector_set_to_zero(bitvector_t *x)
+{
+ /* C99 guarantees that memset(0) will set the value 0 for uint32_t */
+ memset(x->word, 0, x->length >> 3);
+}
+
+char *
+bitvector_bit_string(bitvector_t *x, char* buf, int len) {
+ int j, i;
+ uint32_t mask;
+
+ for (j=i=0; j < (int)(x->length>>5) && i < len-1; j++) {
+ for (mask=0x80000000; mask > 0; mask >>= 1) {
+ if (x->word[j] & mask)
+ buf[i] = '1';
+ else
+ buf[i] = '0';
+ ++i;
+ if (i >= len-1)
+ break;
+ }
+ }
+ buf[i] = 0; /* null terminate string */
+
+ return buf;
+}
+
+void
+bitvector_left_shift(bitvector_t *x, int shift) {
+ int i;
+ const int base_index = shift >> 5;
+ const int bit_index = shift & 31;
+ const int word_length = x->length >> 5;
+
+ if (shift >= (int)x->length) {
+ bitvector_set_to_zero(x);
+ return;
+ }
+
+ if (bit_index == 0) {
+ for (i=0; i < word_length - base_index; i++)
+ x->word[i] = x->word[i+base_index];
+ } else {
+ for (i=0; i < word_length - base_index - 1; i++)
+ x->word[i] = (x->word[i+base_index] >> bit_index) ^
+ (x->word[i+base_index+1] << (32 - bit_index));
+ x->word[word_length - base_index-1] = x->word[word_length-1] >> bit_index;
+ }
+
+ /* now wrap up the final portion */
+ for (i = word_length - base_index; i < word_length; i++)
+ x->word[i] = 0;
+
+}
+
int
octet_string_is_eq(uint8_t *a, uint8_t *b, int len) {
@@ -406,194 +529,41 @@ octet_string_set_to_zero(uint8_t *s, int len) {
}
+#ifdef TESTAPP_SOURCE
-/*
- * From RFC 1521: The Base64 Alphabet
- *
- * Value Encoding Value Encoding Value Encoding Value Encoding
- * 0 A 17 R 34 i 51 z
- * 1 B 18 S 35 j 52 0
- * 2 C 19 T 36 k 53 1
- * 3 D 20 U 37 l 54 2
- * 4 E 21 V 38 m 55 3
- * 5 F 22 W 39 n 56 4
- * 6 G 23 X 40 o 57 5
- * 7 H 24 Y 41 p 58 6
- * 8 I 25 Z 42 q 59 7
- * 9 J 26 a 43 r 60 8
- * 10 K 27 b 44 s 61 9
- * 11 L 28 c 45 t 62 +
- * 12 M 29 d 46 u 63 /
- * 13 N 30 e 47 v
- * 14 O 31 f 48 w (pad) =
- * 15 P 32 g 49 x
- * 16 Q 33 h 50 y
- */
+static const char b64chars[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+ "abcdefghijklmnopqrstuvwxyz0123456789+/";
-int
-base64_char_to_sextet(uint8_t c) {
- switch(c) {
- case 'A':
- return 0;
- case 'B':
- return 1;
- case 'C':
- return 2;
- case 'D':
- return 3;
- case 'E':
- return 4;
- case 'F':
- return 5;
- case 'G':
- return 6;
- case 'H':
- return 7;
- case 'I':
- return 8;
- case 'J':
- return 9;
- case 'K':
- return 10;
- case 'L':
- return 11;
- case 'M':
- return 12;
- case 'N':
- return 13;
- case 'O':
- return 14;
- case 'P':
- return 15;
- case 'Q':
- return 16;
- case 'R':
- return 17;
- case 'S':
- return 18;
- case 'T':
- return 19;
- case 'U':
- return 20;
- case 'V':
- return 21;
- case 'W':
- return 22;
- case 'X':
- return 23;
- case 'Y':
- return 24;
- case 'Z':
- return 25;
- case 'a':
- return 26;
- case 'b':
- return 27;
- case 'c':
- return 28;
- case 'd':
- return 29;
- case 'e':
- return 30;
- case 'f':
- return 31;
- case 'g':
- return 32;
- case 'h':
- return 33;
- case 'i':
- return 34;
- case 'j':
- return 35;
- case 'k':
- return 36;
- case 'l':
- return 37;
- case 'm':
- return 38;
- case 'n':
- return 39;
- case 'o':
- return 40;
- case 'p':
- return 41;
- case 'q':
- return 42;
- case 'r':
- return 43;
- case 's':
- return 44;
- case 't':
- return 45;
- case 'u':
- return 46;
- case 'v':
- return 47;
- case 'w':
- return 48;
- case 'x':
- return 49;
- case 'y':
- return 50;
- case 'z':
- return 51;
- case '0':
- return 52;
- case '1':
- return 53;
- case '2':
- return 54;
- case '3':
- return 55;
- case '4':
- return 56;
- case '5':
- return 57;
- case '6':
- return 58;
- case '7':
- return 59;
- case '8':
- return 60;
- case '9':
- return 61;
- case '+':
- return 62;
- case '/':
- return 63;
- case '=':
- return 64;
- default:
- break;
- }
- return -1;
-}
+static int base64_block_to_octet_triple(char *out, char *in) {
+ unsigned char sextets[4] = {0};
+ int j = 0;
+ int i;
-/*
- * base64_string_to_octet_string converts a hexadecimal string
- * of length 2 * len to a raw octet string of length len
- */
+ for (i = 0; i < 4; i++) {
+ char *p = strchr(b64chars, in[i]);
+ if (p != NULL) sextets[i] = p - b64chars;
+ else j++;
+ }
-int
-base64_string_to_octet_string(char *raw, char *base64, int len) {
- uint8_t x;
- int tmp;
- int base64_len;
+ out[0] = (sextets[0]<<2)|(sextets[1]>>4);
+ if (j < 2) out[1] = (sextets[1]<<4)|(sextets[2]>>2);
+ if (j < 1) out[2] = (sextets[2]<<6)|sextets[3];
+ return j;
+}
- base64_len = 0;
- while (base64_len < len) {
- tmp = base64_char_to_sextet(base64[0]);
- if (tmp == -1)
- return base64_len;
- x = (tmp << 6);
- base64_len++;
- tmp = base64_char_to_sextet(base64[1]);
- if (tmp == -1)
- return base64_len;
- x |= (tmp & 0xffff);
- base64_len++;
- *raw++ = x;
- base64 += 2;
+int base64_string_to_octet_string(char *out, int *pad, char *in, int len) {
+ int k = 0;
+ int i = 0;
+ int j = 0;
+ if (len % 4 != 0) return 0;
+
+ while (i < len && j == 0) {
+ j = base64_block_to_octet_triple(out + k, in + i);
+ k += 3;
+ i += 4;
}
- return base64_len;
+ *pad = j;
+ return i;
}
+
+#endif
diff --git a/third_party/srtp/crypto/math/gf2_8.c b/third_party/srtp/crypto/math/gf2_8.c
index 8a112ba7..c57f8d23 100644
--- a/third_party/srtp/crypto/math/gf2_8.c
+++ b/third_party/srtp/crypto/math/gf2_8.c
@@ -45,12 +45,16 @@
*/
+#ifdef HAVE_CONFIG_H
+ #include <config.h>
+#endif
+
#include "datatypes.h"
#include "gf2_8.h"
/* gf2_8_shift() moved to gf2_8.h as an inline function */
-inline gf2_8
+gf2_8
gf2_8_multiply(gf2_8 x, gf2_8 y) {
gf2_8 z = 0;
diff --git a/third_party/srtp/crypto/math/math.c b/third_party/srtp/crypto/math/math.c
index 3e619979..7f0bcd2b 100644
--- a/third_party/srtp/crypto/math/math.c
+++ b/third_party/srtp/crypto/math/math.c
@@ -42,8 +42,11 @@
*
*/
+#ifdef HAVE_CONFIG_H
+ #include <config.h>
+#endif
+
#include "crypto_math.h"
-#include <stdlib.h> /* malloc() used in bitvector_alloc */
int
octet_weight[256] = {
@@ -173,7 +176,7 @@ v32_weight(v32_t a) {
return wt;
}
-inline unsigned char
+unsigned char
v32_distance(v32_t x, v32_t y) {
x.value ^= y.value;
return v32_weight(x);
@@ -524,13 +527,13 @@ A_times_x_plus_b(uint8_t A[8], uint8_t x, uint8_t b) {
return b;
}
-inline void
+void
v16_copy_octet_string(v16_t *x, const uint8_t s[2]) {
x->v8[0] = s[0];
x->v8[1] = s[1];
}
-inline void
+void
v32_copy_octet_string(v32_t *x, const uint8_t s[4]) {
x->v8[0] = s[0];
x->v8[1] = s[1];
@@ -538,7 +541,7 @@ v32_copy_octet_string(v32_t *x, const uint8_t s[4]) {
x->v8[3] = s[3];
}
-inline void
+void
v64_copy_octet_string(v64_t *x, const uint8_t s[8]) {
x->v8[0] = s[0];
x->v8[1] = s[1];
@@ -632,7 +635,7 @@ v128_set_bit_to(v128_t *x, int i, int y){
#endif /* DATATYPES_USE_MACROS */
-inline void
+static inline void
v128_left_shift2(v128_t *x, int num_bits) {
int i;
int word_shift = num_bits >> 5;
@@ -773,165 +776,6 @@ octet_string_set_to_zero(uint8_t *s, int len) {
}
-/* functions manipulating bit_vector_t */
-
-#define BITVECTOR_MAX_WORDS 5
-
-int
-bitvector_alloc(bitvector_t *v, unsigned long length) {
- unsigned long l = (length + bytes_per_word - 1) / bytes_per_word;
- int i;
-
- /* allocate memory, then set parameters */
- if (l > BITVECTOR_MAX_WORDS)
- return -1;
- else
- l = BITVECTOR_MAX_WORDS;
- v->word = malloc(l);
- if (v->word == NULL)
- return -1;
- v->length = length;
-
- /* initialize bitvector to zero */
- for (i=0; i < (length >> 5); i++) {
- v->word = 0;
- }
-
- return 0;
-}
-
-void
-bitvector_set_bit(bitvector_t *v, int bit_index) {
-
- v->word[(bit_index >> 5)] |= (1 << (bit_index & 31));
-
-}
-
-int
-bitvector_get_bit(const bitvector_t *v, int bit_index) {
-
- return ((v->word[(bit_index >> 5)]) >> (bit_index & 31)) & 1;
-
-}
-
-#include <stdio.h>
-
-int
-bitvector_print_hex(const bitvector_t *v, FILE *stream) {
- int i;
- int m = v->length >> 5;
- int n = v->length & 31;
- char string[9];
- uint32_t tmp;
-
- /* if length isn't a multiple of four, we can't hex_print */
- if (n & 3)
- return -1;
-
- /* if the length is zero, do nothing */
- if (v->length == 0)
- return 0;
-
- /*
- * loop over words from most significant to least significant -
- */
-
- for (i=m; i > 0; i++) {
- char *str = string + 7;
- tmp = v->word[i];
-
- /* null terminate string */
- string[8] = 0;
-
- /* loop over nibbles */
- *str-- = nibble_to_hex_char(tmp & 0xf); tmp >>= 4;
- *str-- = nibble_to_hex_char(tmp & 0xf); tmp >>= 4;
- *str-- = nibble_to_hex_char(tmp & 0xf); tmp >>= 4;
- *str-- = nibble_to_hex_char(tmp & 0xf); tmp >>= 4;
- *str-- = nibble_to_hex_char(tmp & 0xf); tmp >>= 4;
- *str-- = nibble_to_hex_char(tmp & 0xf); tmp >>= 4;
- *str-- = nibble_to_hex_char(tmp & 0xf); tmp >>= 4;
- *str-- = nibble_to_hex_char(tmp & 0xf);
-
- /* now print stream */
- fprintf(stream, string);
- }
-
- return 0;
-
-}
-
-
-int
-hex_string_length(char *s) {
- int count = 0;
-
- /* ignore leading zeros */
- while ((*s != 0) && *s == '0')
- s++;
-
- /* count remaining characters */
- while (*s != 0) {
- if (hex_char_to_nibble(*s++) == -1)
- return -1;
- count++;
- }
-
- return count;
-}
-
-int
-bitvector_set_from_hex(bitvector_t *v, char *string) {
- int num_hex_chars, m, n, i, j;
- uint32_t tmp;
-
- num_hex_chars = hex_string_length(string);
- if (num_hex_chars == -1)
- return -1;
-
- /* set length */
- v->length = num_hex_chars * 4;
- /*
- * at this point, we should subtract away a bit if the high
- * bit of the first character is zero, but we ignore that
- * for now and assume that we're four-bit aligned - DAM
- */
-
-
- m = num_hex_chars / 8; /* number of words */
- n = num_hex_chars % 8; /* number of nibbles in last word */
-
- /* if the length is greater than the bitvector, return an error */
- if (m > BITVECTOR_MAX_WORDS)
- return -1;
-
- /*
- * loop over words from most significant - first word is a special
- * case
- */
-
- if (n) {
- tmp = 0;
- for (i=0; i < n; i++) {
- tmp = hex_char_to_nibble(*string++);
- tmp <<= 4;
- }
- v->word[m] = tmp;
- }
-
- /* now loop over the rest of the words */
- for (i=m-1; i >= 0; i--) {
- tmp = 0;
- for (j=0; j < 8; j++) {
- tmp = hex_char_to_nibble(*string++);
- tmp <<= 4;
- }
- v->word[i] = tmp;
- }
-
- return 0;
-}
-
/* functions below not yet tested! */
diff --git a/third_party/srtp/crypto/math/stat.c b/third_party/srtp/crypto/math/stat.c
index 5e46c209..aaff3c4f 100644
--- a/third_party/srtp/crypto/math/stat.c
+++ b/third_party/srtp/crypto/math/stat.c
@@ -7,6 +7,46 @@
* Cisco Systems, Inc.
*/
+/*
+ *
+ * Copyright (c) 2001-2006, Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following
+ * disclaimer in the documentation and/or other materials provided
+ * with the distribution.
+ *
+ * Neither the name of the Cisco Systems, Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#ifdef HAVE_CONFIG_H
+ #include <config.h>
+#endif
+
#include "stat.h"
debug_module_t mod_stat = {
diff --git a/third_party/srtp/crypto/replay/rdb.c b/third_party/srtp/crypto/replay/rdb.c
index c826912a..c84222fd 100644
--- a/third_party/srtp/crypto/replay/rdb.c
+++ b/third_party/srtp/crypto/replay/rdb.c
@@ -44,6 +44,10 @@
*/
+#ifdef HAVE_CONFIG_H
+ #include <config.h>
+#endif
+
#include "rdb.h"
@@ -70,18 +74,18 @@ rdb_init(rdb_t *rdb) {
*/
err_status_t
-rdb_check(const rdb_t *rdb, uint32_t index) {
+rdb_check(const rdb_t *rdb, uint32_t p_index) {
/* if the index appears after (or at very end of) the window, its good */
- if (index >= rdb->window_start + rdb_bits_in_bitmask)
+ if (p_index >= rdb->window_start + rdb_bits_in_bitmask)
return err_status_ok;
/* if the index appears before the window, its bad */
- if (index < rdb->window_start)
+ if (p_index < rdb->window_start)
return err_status_replay_old;
/* otherwise, the index appears within the window, so check the bitmask */
- if (v128_get_bit(&rdb->bitmask, (index - rdb->window_start)) == 1)
+ if (v128_get_bit(&rdb->bitmask, (p_index - rdb->window_start)) == 1)
return err_status_replay_fail;
/* otherwise, the index is okay */
@@ -98,15 +102,15 @@ rdb_check(const rdb_t *rdb, uint32_t index) {
*/
err_status_t
-rdb_add_index(rdb_t *rdb, uint32_t index) {
+rdb_add_index(rdb_t *rdb, uint32_t p_index) {
int delta;
- /* here we *assume* that index > rdb->window_start */
+ /* here we *assume* that p_index > rdb->window_start */
- delta = (index - rdb->window_start);
+ delta = (p_index - rdb->window_start);
if (delta < rdb_bits_in_bitmask) {
- /* if the index is within the window, set the appropriate bit */
+ /* if the p_index is within the window, set the appropriate bit */
v128_set_bit(&rdb->bitmask, delta);
} else {
diff --git a/third_party/srtp/crypto/replay/rdbx.c b/third_party/srtp/crypto/replay/rdbx.c
index 12e4e8f8..153676f3 100644
--- a/third_party/srtp/crypto/replay/rdbx.c
+++ b/third_party/srtp/crypto/replay/rdbx.c
@@ -43,20 +43,23 @@
*
*/
+#ifdef HAVE_CONFIG_H
+ #include <config.h>
+#endif
+
#include "rdbx.h"
-#define rdbx_high_bit_in_bitmask 127
/*
- * from draft-ietf-avt-srtp-00.txt:
+ * from RFC 3711:
*
* A receiver reconstructs the index i of a packet with sequence
- * number s using the estimate
+ * number SEQ using the estimate
*
- * i = 65,536 * t + s,
+ * i = 2^16 * v + SEQ,
*
- * where t is chosen from the set { r-1, r, r+1 } such that i is
- * closest to the value 65,536 * r + s_l. If the value r+1 is used,
+ * where v is chosen from the set { ROC-1, ROC, ROC+1 } such that i is
+ * closest to the value 2^16 * ROC + s_l. If the value r+1 is used,
* then the rollover counter r in the cryptographic context is
* incremented by one (if the packet containing s is authentic).
*/
@@ -146,18 +149,18 @@ index_guess(const xtd_seq_num_t *local,
if (local_seq < seq_num_median) {
if (s - local_seq > seq_num_median) {
guess_roc = local_roc - 1;
- difference = seq_num_max - s + local_seq;
+ difference = s - local_seq - seq_num_max;
} else {
guess_roc = local_roc;
difference = s - local_seq;
}
} else {
if (local_seq - seq_num_median > s) {
- guess_roc = local_roc+1;
- difference = seq_num_max - local_seq + s;
+ guess_roc = local_roc + 1;
+ difference = s - local_seq + seq_num_max;
} else {
- difference = s - local_seq;
guess_roc = local_roc;
+ difference = s - local_seq;
}
}
guess_seq = s;
@@ -180,17 +183,81 @@ index_guess(const xtd_seq_num_t *local,
/*
- * rdbx_init(&r) initalizes the rdbx_t pointed to by r
+ * rdbx_init(&r, ws) initializes the rdbx_t pointed to by r with window size ws
*/
err_status_t
-rdbx_init(rdbx_t *rdbx) {
- v128_set_to_zero(&rdbx->bitmask);
+rdbx_init(rdbx_t *rdbx, unsigned long ws) {
+ if (ws == 0)
+ return err_status_bad_param;
+
+ if (bitvector_alloc(&rdbx->bitmask, ws) != 0)
+ return err_status_alloc_fail;
+
index_init(&rdbx->index);
return err_status_ok;
}
+/*
+ * rdbx_dealloc(&r) frees memory for the rdbx_t pointed to by r
+ */
+
+err_status_t
+rdbx_dealloc(rdbx_t *rdbx) {
+ bitvector_dealloc(&rdbx->bitmask);
+
+ return err_status_ok;
+}
+
+/*
+ * rdbx_set_roc(rdbx, roc) initalizes the rdbx_t at the location rdbx
+ * to have the rollover counter value roc. If that value is less than
+ * the current rollover counter value, then the function returns
+ * err_status_replay_old; otherwise, err_status_ok is returned.
+ *
+ */
+
+err_status_t
+rdbx_set_roc(rdbx_t *rdbx, uint32_t roc) {
+ bitvector_set_to_zero(&rdbx->bitmask);
+
+#ifdef NO_64BIT_MATH
+ #error not yet implemented
+#else
+
+ /* make sure that we're not moving backwards */
+ if (roc < (rdbx->index >> 16))
+ return err_status_replay_old;
+
+ rdbx->index &= 0xffff; /* retain lowest 16 bits */
+ rdbx->index |= ((uint64_t)roc) << 16; /* set ROC */
+#endif
+
+ return err_status_ok;
+}
+
+/*
+ * rdbx_get_packet_index(rdbx) returns the value of the packet index
+ * for the rdbx_t pointed to by rdbx
+ *
+ */
+
+xtd_seq_num_t
+rdbx_get_packet_index(const rdbx_t *rdbx) {
+ return rdbx->index;
+}
+
+/*
+ * rdbx_get_window_size(rdbx) returns the value of the window size
+ * for the rdbx_t pointed to by rdbx
+ *
+ */
+
+unsigned long
+rdbx_get_window_size(const rdbx_t *rdbx) {
+ return bitvector_get_length(&rdbx->bitmask);
+}
/*
* rdbx_check(&r, delta) checks to see if the xtd_seq_num_t
@@ -202,11 +269,11 @@ rdbx_check(const rdbx_t *rdbx, int delta) {
if (delta > 0) { /* if delta is positive, it's good */
return err_status_ok;
- } else if (rdbx_high_bit_in_bitmask + delta < 0) {
+ } else if ((int)(bitvector_get_length(&rdbx->bitmask) - 1) + delta < 0) {
/* if delta is lower than the bitmask, it's bad */
return err_status_replay_old;
- } else if (v128_get_bit(&rdbx->bitmask,
- rdbx_high_bit_in_bitmask + delta) == 1) {
+ } else if (bitvector_get_bit(&rdbx->bitmask,
+ (int)(bitvector_get_length(&rdbx->bitmask) - 1) + delta) == 1) {
/* delta is within the window, so check the bitmask */
return err_status_replay_fail;
}
@@ -230,11 +297,11 @@ rdbx_add_index(rdbx_t *rdbx, int delta) {
if (delta > 0) {
/* shift forward by delta */
index_advance(&rdbx->index, delta);
- v128_left_shift(&rdbx->bitmask, delta);
- v128_set_bit(&rdbx->bitmask, 127);
+ bitvector_left_shift(&rdbx->bitmask, delta);
+ bitvector_set_bit(&rdbx->bitmask, bitvector_get_length(&rdbx->bitmask) - 1);
} else {
- /* delta is in window, so flip bit in bitmask */
- v128_set_bit(&rdbx->bitmask, -delta);
+ /* delta is in window */
+ bitvector_set_bit(&rdbx->bitmask, bitvector_get_length(&rdbx->bitmask) -1 + delta);
}
/* note that we need not consider the case that delta == 0 */
diff --git a/third_party/srtp/crypto/replay/ut_sim.c b/third_party/srtp/crypto/replay/ut_sim.c
index 43c411e4..5a1c37c7 100644
--- a/third_party/srtp/crypto/replay/ut_sim.c
+++ b/third_party/srtp/crypto/replay/ut_sim.c
@@ -45,6 +45,10 @@
*/
+#ifdef HAVE_CONFIG_H
+ #include <config.h>
+#endif
+
#include "ut_sim.h"
diff --git a/third_party/srtp/crypto/rng/ctr_prng.c b/third_party/srtp/crypto/rng/ctr_prng.c
index ab76df36..e24b0aba 100644
--- a/third_party/srtp/crypto/rng/ctr_prng.c
+++ b/third_party/srtp/crypto/rng/ctr_prng.c
@@ -43,6 +43,10 @@
*/
+#ifdef HAVE_CONFIG_H
+ #include <config.h>
+#endif
+
#include "prng.h"
/* single, global prng structure */
@@ -66,7 +70,11 @@ ctr_prng_init(rand_source_func_t random_source) {
return status;
/* initialize aes ctr context with random key */
- status = aes_icm_context_init(&ctr_prng.state, tmp_key);
+#ifdef OPENSSL
+ status = aes_icm_openssl_context_init(&ctr_prng.state, tmp_key, 30);
+#else
+ status = aes_icm_context_init(&ctr_prng.state, tmp_key, 30);
+#endif
if (status)
return status;
@@ -79,10 +87,8 @@ ctr_prng_get_octet_string(void *dest, uint32_t len) {
/*
* if we need to re-initialize the prng, do so now
- *
- * avoid 32-bit overflows by subtracting instead of adding
*/
- if (ctr_prng.octet_count > MAX_PRNG_OUT_LEN - len) {
+ if ((aes_icm_bytes_encrypted(&ctr_prng.state) + len) > 0xffff) {
status = ctr_prng_init(ctr_prng.rand);
if (status)
return status;
diff --git a/third_party/srtp/crypto/rng/prng.c b/third_party/srtp/crypto/rng/prng.c
index 69350a48..208e2680 100644
--- a/third_party/srtp/crypto/rng/prng.c
+++ b/third_party/srtp/crypto/rng/prng.c
@@ -43,6 +43,10 @@
*/
+#ifdef HAVE_CONFIG_H
+ #include <config.h>
+#endif
+
#include "prng.h"
/* single, global prng structure */
@@ -51,7 +55,7 @@ x917_prng_t x917_prng;
err_status_t
x917_prng_init(rand_source_func_t random_source) {
- v128_t tmp_key;
+ uint8_t tmp_key[16];
err_status_t status;
/* initialize output count to zero */
@@ -61,12 +65,12 @@ x917_prng_init(rand_source_func_t random_source) {
x917_prng.rand = random_source;
/* initialize secret key from random source */
- status = random_source((uint8_t *)&tmp_key, 16);
+ status = random_source(tmp_key, 16);
if (status)
return status;
/* expand aes key */
- aes_expand_encryption_key(&tmp_key, x917_prng.key);
+ aes_expand_encryption_key(tmp_key, 16, &x917_prng.key);
/* initialize prng state from random source */
status = x917_prng.rand((uint8_t *)&x917_prng.state, 16);
@@ -108,7 +112,7 @@ x917_prng_get_octet_string(uint8_t *dest, uint32_t len) {
v128_copy(&buffer, &x917_prng.state);
/* apply aes to buffer */
- aes_encrypt(&buffer, x917_prng.key);
+ aes_encrypt(&buffer, &x917_prng.key);
/* write data to output */
*dest++ = buffer.v8[0];
@@ -132,7 +136,7 @@ x917_prng_get_octet_string(uint8_t *dest, uint32_t len) {
buffer.v32[0] ^= t;
/* encrypt buffer */
- aes_encrypt(&buffer, x917_prng.key);
+ aes_encrypt(&buffer, &x917_prng.key);
/* copy buffer into state */
v128_copy(&x917_prng.state, &buffer);
@@ -150,7 +154,7 @@ x917_prng_get_octet_string(uint8_t *dest, uint32_t len) {
v128_copy(&buffer, &x917_prng.state);
/* apply aes to buffer */
- aes_encrypt(&buffer, x917_prng.key);
+ aes_encrypt(&buffer, &x917_prng.key);
/* write data to output */
for (i=0; i < tail_len; i++) {
@@ -163,7 +167,7 @@ x917_prng_get_octet_string(uint8_t *dest, uint32_t len) {
buffer.v32[0] ^= t;
/* encrypt buffer */
- aes_encrypt(&buffer, x917_prng.key);
+ aes_encrypt(&buffer, &x917_prng.key);
/* copy buffer into state */
v128_copy(&x917_prng.state, &buffer);
diff --git a/third_party/srtp/crypto/rng/rand_source.c b/third_party/srtp/crypto/rng/rand_source.c
index 3d01d25a..1eb6fbb0 100644
--- a/third_party/srtp/crypto/rng/rand_source.c
+++ b/third_party/srtp/crypto/rng/rand_source.c
@@ -42,15 +42,14 @@
*
*/
-#include "srtp_config.h"
+#include "config.h"
-#if defined(DEV_URANDOM) || defined(PJ_DEV_URANDOM)
+#ifdef DEV_URANDOM
# include <fcntl.h> /* for open() */
# include <unistd.h> /* for close() */
-#elif (_MSC_VER >= 1400)
-#define _CRT_RAND_S
+#elif defined(HAVE_RAND_S)
+# define _CRT_RAND_S
# include <stdlib.h>
-# include <stdio.h>
#else
# include <stdio.h>
#endif
@@ -87,18 +86,11 @@ rand_source_init(void) {
dev_random_fdes = open(DEV_URANDOM, O_RDONLY);
if (dev_random_fdes < 0)
return err_status_init_fail;
-#elif defined(PJ_DEV_URANDOM)
- /* open random source for reading */
- dev_random_fdes = open(PJ_DEV_URANDOM, O_RDONLY);
- if (dev_random_fdes < 0) {
- err_report(3,"Ugh: /dev/urandom not present, using rand() instead");
- return err_status_ok; /* it's ok, it'll fallback to using rand() */
- }
-#elif (_MSC_VER >= 1400)
+#elif defined(HAVE_RAND_S)
dev_random_fdes = RAND_SOURCE_READY;
#else
- /* no random source available; let the user know */
- err_report(err_level_info, "WARNING: no real random source present!\n");
+ /* no random source available; let the user know */
+ fprintf(stderr, "WARNING: no real random source present!\n");
dev_random_fdes = RAND_SOURCE_READY;
#endif
return err_status_ok;
@@ -113,35 +105,32 @@ rand_source_get_octet_string(void *dest, uint32_t len) {
* written
*/
#ifdef DEV_URANDOM
- if (read(dev_random_fdes, dest, len) != len)
- return err_status_fail;
-#elif 0 && (_MSC_VER >= 1400) /* disabled rand_s, causing assertion 'rand_s not supported' in vs8 */
- unsigned int *dst = dest;
+ uint8_t *dst = (uint8_t *)dest;
while (len)
{
- unsigned int val = 0;
- errno_t err = rand_s(&val);
- if (err != 0)
- {
- return err_status_fail;
- }
-
- *dst++ = val;
- len--;
+ ssize_t num_read = read(dev_random_fdes, dst, len);
+ if (num_read <= 0 || num_read > len)
+ return err_status_fail;
+ len -= num_read;
+ dst += num_read;
}
-#else
+#elif defined(HAVE_RAND_S)
uint8_t *dst = (uint8_t *)dest;
-
-#ifdef PJ_DEV_URANDOM
- /* First try with /dev/urandom, if it's opened */
- if (dev_random_fdes >= 0) {
- if (read(dev_random_fdes, dest, len) == len)
- return err_status_ok; /* success */
- }
-#endif
+ while (len)
+ {
+ unsigned int val;
+ errno_t err = rand_s(&val);
+ if (err != 0)
+ return err_status_fail;
+
+ *dst++ = val & 0xff;
+ len--;
+ }
+#else
/* Generic C-library (rand()) version */
/* This is a random source of last resort */
+ uint8_t *dst = (uint8_t *)dest;
while (len)
{
int val = rand();
@@ -157,19 +146,13 @@ rand_source_get_octet_string(void *dest, uint32_t len) {
err_status_t
rand_source_deinit(void) {
-#ifndef PJ_DEV_URANDOM
if (dev_random_fdes < 0)
return err_status_dealloc_fail; /* well, we haven't really failed, *
* but there is something wrong */
+#ifdef DEV_URANDOM
+ close(dev_random_fdes);
#endif
-
-#if defined(DEV_URANDOM) || defined(PJ_DEV_URANDOM)
- if (dev_random_fdes >= 0)
- close(dev_random_fdes);
-
- dev_random_fdes = RAND_SOURCE_NOT_READY;
-#endif
+ dev_random_fdes = RAND_SOURCE_NOT_READY;
return err_status_ok;
}
-
diff --git a/third_party/srtp/crypto/rng/rand_source_ossl.c b/third_party/srtp/crypto/rng/rand_source_ossl.c
new file mode 100644
index 00000000..4bca6ac8
--- /dev/null
+++ b/third_party/srtp/crypto/rng/rand_source_ossl.c
@@ -0,0 +1,70 @@
+/*
+ * rand_source_ossl.c
+ *
+ * implements a random source based on OpenSSL RAND_bytes()
+ *
+ * John A. Foley
+ * Cisco Systems, Inc.
+ */
+/*
+ *
+ * Copyright(c) 2013, Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:crypto/test/aes_calc.c
+ *
+ * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following
+ * disclaimer in the documentation and/or other materials provided
+ * with the distribution.
+ *
+ * Neither the name of the Cisco Systems, Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#ifdef HAVE_CONFIG_H
+ #include <config.h>
+#endif
+
+#include "rand_source.h"
+#include <openssl/rand.h>
+
+
+err_status_t rand_source_init (void)
+{
+ return err_status_ok;
+}
+
+err_status_t rand_source_get_octet_string (void *dest, uint32_t len)
+{
+ if (RAND_bytes(dest, len) == 1) {
+ return err_status_ok;
+ } else {
+ return err_status_fail;
+ }
+}
+
+err_status_t rand_source_deinit (void)
+{
+ return err_status_ok;
+}
diff --git a/third_party/srtp/crypto/test/aes_calc.c b/third_party/srtp/crypto/test/aes_calc.c
index 2fac07ae..b40e3726 100644
--- a/third_party/srtp/crypto/test/aes_calc.c
+++ b/third_party/srtp/crypto/test/aes_calc.c
@@ -8,6 +8,42 @@
*/
/*
+ *
+ * Copyright (c) 2001-2006, Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following
+ * disclaimer in the documentation and/or other materials provided
+ * with the distribution.
+ *
+ * Neither the name of the Cisco Systems, Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+/*
Example usage (with first NIST FIPS 197 test case):
@@ -18,6 +54,10 @@
*/
+#ifdef HAVE_CONFIG_H
+ #include <config.h>
+#endif
+
#include "aes.h"
#include <stdio.h>
#include <string.h>
@@ -28,14 +68,16 @@ usage(char *prog_name) {
exit(255);
}
-#define AES_KEY_LEN 16
+#define AES_MAX_KEY_LEN 32
int
main (int argc, char *argv[]) {
- v128_t data, key;
+ v128_t data;
+ uint8_t key[AES_MAX_KEY_LEN];
aes_expanded_key_t exp_key;
- int len;
- int verbose;
+ int key_len, len;
+ int verbose = 0;
+ err_status_t status;
if (argc == 3) {
/* we're not in verbose mode */
@@ -54,22 +96,23 @@ main (int argc, char *argv[]) {
}
/* read in key, checking length */
- if (strlen(argv[1]) > AES_KEY_LEN*2) {
+ if (strlen(argv[1]) > AES_MAX_KEY_LEN*2) {
fprintf(stderr,
"error: too many digits in key "
- "(should be %d hexadecimal digits, found %u)\n",
- AES_KEY_LEN*2, (unsigned)strlen(argv[1]));
+ "(should be at most %d hexadecimal digits, found %u)\n",
+ AES_MAX_KEY_LEN*2, (unsigned)strlen(argv[1]));
exit(1);
}
- len = hex_string_to_octet_string((char *)&key, argv[1], AES_KEY_LEN*2);
+ len = hex_string_to_octet_string((char*)key, argv[1], AES_MAX_KEY_LEN*2);
/* check that hex string is the right length */
- if (len < AES_KEY_LEN*2) {
+ if (len != 32 && len != 48 && len != 64) {
fprintf(stderr,
- "error: too few digits in key "
- "(should be %d hexadecimal digits, found %d)\n",
- AES_KEY_LEN*2, len);
+ "error: bad number of digits in key "
+ "(should be 32/48/64 hexadecimal digits, found %d)\n",
+ len);
exit(1);
}
+ key_len = len/2;
/* read in plaintext, checking length */
if (strlen(argv[2]) > 16*2) {
@@ -95,13 +138,18 @@ main (int argc, char *argv[]) {
}
/* encrypt plaintext */
- aes_expand_encryption_key(&key, exp_key);
+ status = aes_expand_encryption_key(key, key_len, &exp_key);
+ if (status) {
+ fprintf(stderr,
+ "error: AES key expansion failed.\n");
+ exit(1);
+ }
- aes_encrypt(&data, exp_key);
+ aes_encrypt(&data, &exp_key);
/* write ciphertext to output */
if (verbose) {
- printf("key:\t\t%s\n", v128_hex_string(&key));
+ printf("key:\t\t%s\n", octet_string_hex_string(key, key_len));
printf("ciphertext:\t");
}
printf("%s\n", v128_hex_string(&data));
diff --git a/third_party/srtp/crypto/test/cipher_driver.c b/third_party/srtp/crypto/test/cipher_driver.c
index 25ca90af..9c9c2203 100644
--- a/third_party/srtp/crypto/test/cipher_driver.c
+++ b/third_party/srtp/crypto/test/cipher_driver.c
@@ -9,7 +9,7 @@
/*
*
- * Copyright (c) 2001-2006, Cisco Systems, Inc.
+ * Copyright (c) 2001-2006,2013 Cisco Systems, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -43,12 +43,21 @@
*
*/
+#ifdef HAVE_CONFIG_H
+ #include <config.h>
+#endif
+
#include <stdio.h> /* for printf() */
#include <stdlib.h> /* for rand() */
#include <string.h> /* for memset() */
-#include <unistd.h> /* for getopt() */
+#include "getopt_s.h"
#include "cipher.h"
+#ifdef OPENSSL
+#include "aes_icm_ossl.h"
+#include "aes_gcm_ossl.h"
+#else
#include "aes_icm.h"
+#endif
#include "null_cipher.h"
#define PRINT_DEBUG 0
@@ -114,16 +123,28 @@ check_status(err_status_t s) {
extern cipher_type_t null_cipher;
extern cipher_type_t aes_icm;
+#ifndef OPENSSL
extern cipher_type_t aes_cbc;
+#else
+#ifndef SRTP_NO_AES192
+extern cipher_type_t aes_icm_192;
+#endif
+extern cipher_type_t aes_icm_256;
+extern cipher_type_t aes_gcm_128_openssl;
+extern cipher_type_t aes_gcm_256_openssl;
+#endif
int
main(int argc, char *argv[]) {
cipher_t *c = NULL;
err_status_t status;
- unsigned char test_key[20] = {
+ unsigned char test_key[48] = {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
- 0x10, 0x11, 0x12, 0x13
+ 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+ 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
+ 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+ 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
};
int q;
unsigned do_timing_test = 0;
@@ -132,7 +153,7 @@ main(int argc, char *argv[]) {
/* process input arguments */
while (1) {
- q = getopt(argc, argv, "tva");
+ q = getopt_s(argc, argv, "tva");
if (q == -1)
break;
switch (q) {
@@ -168,22 +189,53 @@ main(int argc, char *argv[]) {
for (num_cipher=1; num_cipher < max_num_cipher; num_cipher *=8)
cipher_driver_test_array_throughput(&aes_icm, 30, num_cipher);
+#ifndef OPENSSL
+ for (num_cipher=1; num_cipher < max_num_cipher; num_cipher *=8)
+ cipher_driver_test_array_throughput(&aes_icm, 46, num_cipher);
+
for (num_cipher=1; num_cipher < max_num_cipher; num_cipher *=8)
cipher_driver_test_array_throughput(&aes_cbc, 16, num_cipher);
+ for (num_cipher=1; num_cipher < max_num_cipher; num_cipher *=8)
+ cipher_driver_test_array_throughput(&aes_cbc, 32, num_cipher);
+#else
+#ifndef SRTP_NO_AES192
+ for (num_cipher=1; num_cipher < max_num_cipher; num_cipher *=8)
+ cipher_driver_test_array_throughput(&aes_icm_192, 38, num_cipher);
+#endif
+ for (num_cipher=1; num_cipher < max_num_cipher; num_cipher *=8)
+ cipher_driver_test_array_throughput(&aes_icm_256, 46, num_cipher);
+
+ for (num_cipher=1; num_cipher < max_num_cipher; num_cipher *=8) {
+ cipher_driver_test_array_throughput(&aes_gcm_128_openssl, AES_128_GCM_KEYSIZE_WSALT, num_cipher);
+ }
+
+ for (num_cipher=1; num_cipher < max_num_cipher; num_cipher *=8) {
+ cipher_driver_test_array_throughput(&aes_gcm_256_openssl, AES_256_GCM_KEYSIZE_WSALT, num_cipher);
+ }
+#endif
}
if (do_validation) {
cipher_driver_self_test(&null_cipher);
cipher_driver_self_test(&aes_icm);
+#ifndef OPENSSL
cipher_driver_self_test(&aes_cbc);
+#else
+#ifndef SRTP_NO_AES192
+ cipher_driver_self_test(&aes_icm_192);
+#endif
+ cipher_driver_self_test(&aes_icm_256);
+ cipher_driver_self_test(&aes_gcm_128_openssl);
+ cipher_driver_self_test(&aes_gcm_256_openssl);
+#endif
}
/* do timing and/or buffer_test on null_cipher */
- status = cipher_type_alloc(&null_cipher, &c, 0);
+ status = cipher_type_alloc(&null_cipher, &c, 0, 0);
check_status(status);
- status = cipher_init(c, NULL, direction_encrypt);
+ status = cipher_init(c, NULL);
check_status(status);
if (do_timing_test)
@@ -196,14 +248,14 @@ main(int argc, char *argv[]) {
check_status(status);
- /* run the throughput test on the aes_icm cipher */
- status = cipher_type_alloc(&aes_icm, &c, 30);
+ /* run the throughput test on the aes_icm cipher (128-bit key) */
+ status = cipher_type_alloc(&aes_icm, &c, 30, 0);
if (status) {
fprintf(stderr, "error: can't allocate cipher\n");
exit(status);
}
- status = cipher_init(c, test_key, direction_encrypt);
+ status = cipher_init(c, test_key);
check_status(status);
if (do_timing_test)
@@ -216,8 +268,73 @@ main(int argc, char *argv[]) {
status = cipher_dealloc(c);
check_status(status);
-
- return 0;
+
+ /* repeat the tests with 256-bit keys */
+#ifndef OPENSSL
+ status = cipher_type_alloc(&aes_icm, &c, 46, 0);
+#else
+ status = cipher_type_alloc(&aes_icm_256, &c, 46, 0);
+#endif
+ if (status) {
+ fprintf(stderr, "error: can't allocate cipher\n");
+ exit(status);
+ }
+
+ status = cipher_init(c, test_key);
+ check_status(status);
+
+ if (do_timing_test)
+ cipher_driver_test_throughput(c);
+
+ if (do_validation) {
+ status = cipher_driver_test_buffering(c);
+ check_status(status);
+ }
+
+ status = cipher_dealloc(c);
+ check_status(status);
+
+#ifdef OPENSSL
+ /* run the throughput test on the aes_gcm_128_openssl cipher */
+ status = cipher_type_alloc(&aes_gcm_128_openssl, &c, AES_128_GCM_KEYSIZE_WSALT, 8);
+ if (status) {
+ fprintf(stderr, "error: can't allocate GCM 128 cipher\n");
+ exit(status);
+ }
+ status = cipher_init(c, test_key);
+ check_status(status);
+ if (do_timing_test) {
+ cipher_driver_test_throughput(c);
+ }
+
+ if (do_validation) {
+ status = cipher_driver_test_buffering(c);
+ check_status(status);
+ }
+ status = cipher_dealloc(c);
+ check_status(status);
+
+ /* run the throughput test on the aes_gcm_256_openssl cipher */
+ status = cipher_type_alloc(&aes_gcm_256_openssl, &c, AES_256_GCM_KEYSIZE_WSALT, 16);
+ if (status) {
+ fprintf(stderr, "error: can't allocate GCM 256 cipher\n");
+ exit(status);
+ }
+ status = cipher_init(c, test_key);
+ check_status(status);
+ if (do_timing_test) {
+ cipher_driver_test_throughput(c);
+ }
+
+ if (do_validation) {
+ status = cipher_driver_test_buffering(c);
+ check_status(status);
+ }
+ status = cipher_dealloc(c);
+ check_status(status);
+#endif
+
+ return 0;
}
void
@@ -225,9 +342,9 @@ cipher_driver_test_throughput(cipher_t *c) {
int i;
int min_enc_len = 32;
int max_enc_len = 2048; /* should be a power of two */
- int num_trials = 100000;
+ int num_trials = 1000000;
- printf("timing %s throughput:\n", c->type->description);
+ printf("timing %s throughput, key length %d:\n", c->type->description, c->key_len);
fflush(stdout);
for (i=min_enc_len; i <= max_enc_len; i = i * 2)
printf("msg len: %d\tgigabits per second: %f\n",
@@ -256,11 +373,12 @@ cipher_driver_self_test(cipher_type_t *ct) {
* calls
*/
+#define INITIAL_BUFLEN 1024
err_status_t
cipher_driver_test_buffering(cipher_t *c) {
int i, j, num_trials = 1000;
- unsigned len, buflen = 1024;
- uint8_t buffer0[buflen], buffer1[buflen], *current, *end;
+ unsigned len, buflen = INITIAL_BUFLEN;
+ uint8_t buffer0[INITIAL_BUFLEN], buffer1[INITIAL_BUFLEN], *current, *end;
uint8_t idx[16] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x12, 0x34
@@ -273,11 +391,12 @@ cipher_driver_test_buffering(cipher_t *c) {
for (i=0; i < num_trials; i++) {
/* set buffers to zero */
- for (j=0; j < buflen; j++)
+ for (j=0; j < (int) buflen; j++) {
buffer0[j] = buffer1[j] = 0;
+ }
/* initialize cipher */
- status = cipher_set_iv(c, idx);
+ status = cipher_set_iv(c, idx, direction_encrypt);
if (status)
return status;
@@ -287,7 +406,7 @@ cipher_driver_test_buffering(cipher_t *c) {
return status;
/* re-initialize cipher */
- status = cipher_set_iv(c, idx);
+ status = cipher_set_iv(c, idx, direction_encrypt);
if (status)
return status;
@@ -316,7 +435,7 @@ cipher_driver_test_buffering(cipher_t *c) {
}
/* compare buffers */
- for (j=0; j < buflen; j++)
+ for (j=0; j < (int) buflen; j++) {
if (buffer0[j] != buffer1[j]) {
#if PRINT_DEBUG
printf("test case %d failed at byte %d\n", i, j);
@@ -325,6 +444,7 @@ cipher_driver_test_buffering(cipher_t *c) {
#endif
return err_status_algo_fail;
}
+ }
}
printf("passed\n");
@@ -348,6 +468,9 @@ cipher_array_alloc_init(cipher_t ***ca, int num_ciphers,
err_status_t status;
uint8_t *key;
cipher_t **cipher_array;
+ /* pad klen allocation, to handle aes_icm reading 16 bytes for the
+ 14-byte salt */
+ int klen_pad = ((klen + 15) >> 4) << 4;
/* allocate array of pointers to ciphers */
cipher_array = (cipher_t **) malloc(sizeof(cipher_t *) * num_ciphers);
@@ -358,7 +481,7 @@ cipher_array_alloc_init(cipher_t ***ca, int num_ciphers,
*ca = cipher_array;
/* allocate key */
- key = crypto_alloc(klen);
+ key = crypto_alloc(klen_pad);
if (key == NULL) {
free(cipher_array);
return err_status_alloc_fail;
@@ -368,14 +491,16 @@ cipher_array_alloc_init(cipher_t ***ca, int num_ciphers,
for (i=0; i < num_ciphers; i++) {
/* allocate cipher */
- status = cipher_type_alloc(ctype, cipher_array, klen);
+ status = cipher_type_alloc(ctype, cipher_array, klen, 16);
if (status)
return status;
/* generate random key and initialize cipher */
for (j=0; j < klen; j++)
key[j] = (uint8_t) rand();
- status = cipher_init(*cipher_array, key, direction_encrypt);
+ for (; j < klen_pad; j++)
+ key[j] = 0;
+ status = cipher_init(*cipher_array, key);
if (status)
return status;
@@ -387,6 +512,8 @@ cipher_array_alloc_init(cipher_t ***ca, int num_ciphers,
cipher_array++;
}
+ crypto_free(key);
+
return err_status_ok;
}
@@ -423,24 +550,28 @@ cipher_array_bits_per_second(cipher_t *cipher_array[], int num_cipher,
v128_t nonce;
clock_t timer;
unsigned char *enc_buf;
- int cipher_index = 0;
+ int cipher_index = rand() % num_cipher;
-
- enc_buf = crypto_alloc(octets_in_buffer);
+ /* Over-alloc, for NIST CBC padding */
+ enc_buf = crypto_alloc(octets_in_buffer+17);
if (enc_buf == NULL)
return 0; /* indicate bad parameters by returning null */
+ memset(enc_buf, 0, octets_in_buffer);
/* time repeated trials */
v128_set_to_zero(&nonce);
timer = clock();
for(i=0; i < num_trials; i++, nonce.v32[3] = i) {
+ /* length parameter to cipher_encrypt is in/out -- out is total, padded
+ * length -- so reset it each time. */
+ unsigned octets_to_encrypt = octets_in_buffer;
+
+ /* encrypt buffer with cipher */
+ cipher_set_iv(cipher_array[cipher_index], &nonce, direction_encrypt);
+ cipher_encrypt(cipher_array[cipher_index], enc_buf, &octets_to_encrypt);
/* choose a cipher at random from the array*/
cipher_index = (*((uint32_t *)enc_buf)) % num_cipher;
-
- /* encrypt buffer with cipher */
- cipher_set_iv(cipher_array[cipher_index], &nonce);
- cipher_encrypt(cipher_array[cipher_index], enc_buf, &octets_in_buffer);
}
timer = clock() - timer;
@@ -451,7 +582,7 @@ cipher_array_bits_per_second(cipher_t *cipher_array[], int num_cipher,
return 0;
}
- return CLOCKS_PER_SEC * num_trials * 8 * octets_in_buffer / timer;
+ return (uint64_t)CLOCKS_PER_SEC * num_trials * 8 * octets_in_buffer / timer;
}
void
@@ -459,10 +590,10 @@ cipher_array_test_throughput(cipher_t *ca[], int num_cipher) {
int i;
int min_enc_len = 16;
int max_enc_len = 2048; /* should be a power of two */
- int num_trials = 10000;
+ int num_trials = 1000000;
- printf("timing %s throughput with array size %d:\n",
- (ca[0])->type->description, num_cipher);
+ printf("timing %s throughput with key length %d, array size %d:\n",
+ (ca[0])->type->description, (ca[0])->key_len, num_cipher);
fflush(stdout);
for (i=min_enc_len; i <= max_enc_len; i = i * 4)
printf("msg len: %d\tgigabits per second: %f\n", i,
diff --git a/third_party/srtp/crypto/test/datatypes_driver.c b/third_party/srtp/crypto/test/datatypes_driver.c
index f1866524..4b5e46c7 100644
--- a/third_party/srtp/crypto/test/datatypes_driver.c
+++ b/third_party/srtp/crypto/test/datatypes_driver.c
@@ -44,6 +44,10 @@
*/
+#ifdef HAVE_CONFIG_H
+ #include <config.h>
+#endif
+
#include <stdio.h> /* for printf() */
#include <string.h> /* for strlen() */
#include "datatypes.h"
@@ -205,7 +209,7 @@ test_hex_string_funcs(void) {
void
print_string(char *s) {
- int i;
+ size_t i;
printf("%s\n", s);
printf("strlen(s) = %u\n", (unsigned)strlen(s));
printf("{ ");
diff --git a/third_party/srtp/crypto/test/env.c b/third_party/srtp/crypto/test/env.c
index 37a6e273..6cc0f958 100644
--- a/third_party/srtp/crypto/test/env.c
+++ b/third_party/srtp/crypto/test/env.c
@@ -49,7 +49,9 @@
int
main(void) {
int err_count = 0;
+#ifndef OPENSSL
char *str;
+#endif
#ifdef WORDS_BIGENDIAN
printf("CPU set to big-endian\t\t\t(WORDS_BIGENDIAN == 1)\n");
@@ -80,6 +82,7 @@ main(void) {
printf("using stdout for error reporting\t(ERR_REPORTING_STDOUT == 1)\n");
#endif
+#ifndef OPENSSL
#ifdef DEV_URANDOM
str = DEV_URANDOM;
#else
@@ -90,6 +93,7 @@ main(void) {
if (strcmp("", str) == 0) {
err_count++;
}
+#endif
if (err_count)
printf("warning: configuration is probably in error "
diff --git a/third_party/srtp/crypto/test/kernel_driver.c b/third_party/srtp/crypto/test/kernel_driver.c
index 8ef8a5f4..188637cd 100644
--- a/third_party/srtp/crypto/test/kernel_driver.c
+++ b/third_party/srtp/crypto/test/kernel_driver.c
@@ -43,8 +43,12 @@
*/
+#ifdef HAVE_CONFIG_H
+ #include <config.h>
+#endif
+
#include <stdio.h> /* for printf() */
-#include <unistd.h> /* for getopt() */
+#include "getopt_s.h"
#include "crypto_kernel.h"
void
@@ -55,7 +59,6 @@ usage(char *prog_name) {
int
main (int argc, char *argv[]) {
- extern char *optarg;
int q;
int do_validation = 0;
err_status_t status;
@@ -73,7 +76,7 @@ main (int argc, char *argv[]) {
/* process input arguments */
while (1) {
- q = getopt(argc, argv, "vd:");
+ q = getopt_s(argc, argv, "vd:");
if (q == -1)
break;
switch (q) {
@@ -81,9 +84,9 @@ main (int argc, char *argv[]) {
do_validation = 1;
break;
case 'd':
- status = crypto_kernel_set_debug_module(optarg, 1);
+ status = crypto_kernel_set_debug_module(optarg_s, 1);
if (status) {
- printf("error: set debug module (%s) failed\n", optarg);
+ printf("error: set debug module (%s) failed\n", optarg_s);
exit(1);
}
break;
diff --git a/third_party/srtp/crypto/test/rand_gen.c b/third_party/srtp/crypto/test/rand_gen.c
index ccea097f..b8051d5b 100644
--- a/third_party/srtp/crypto/test/rand_gen.c
+++ b/third_party/srtp/crypto/test/rand_gen.c
@@ -43,8 +43,12 @@
*/
+#ifdef HAVE_CONFIG_H
+ #include <config.h>
+#endif
+
#include <stdio.h> /* for printf() */
-#include <unistd.h> /* for getopt() */
+#include "getopt_s.h"
#include "crypto_kernel.h"
/*
@@ -68,7 +72,6 @@ usage(char *prog_name) {
int
main (int argc, char *argv[]) {
- extern char *optarg;
int q;
int num_octets = 0;
unsigned do_list_mods = 0;
@@ -86,14 +89,14 @@ main (int argc, char *argv[]) {
/* process input arguments */
while (1) {
- q = getopt(argc, argv, "ld:n:");
+ q = getopt_s(argc, argv, "ld:n:");
if (q == -1)
break;
switch (q) {
case 'd':
- status = crypto_kernel_set_debug_module(optarg, 1);
+ status = crypto_kernel_set_debug_module(optarg_s, 1);
if (status) {
- printf("error: set debug module (%s) failed\n", optarg);
+ printf("error: set debug module (%s) failed\n", optarg_s);
exit(1);
}
break;
@@ -101,7 +104,7 @@ main (int argc, char *argv[]) {
do_list_mods = 1;
break;
case 'n':
- num_octets = atoi(optarg);
+ num_octets = atoi(optarg_s);
if (num_octets < 0 || num_octets > BUF_LEN)
usage(argv[0]);
break;
diff --git a/third_party/srtp/crypto/test/rand_gen_soak.c b/third_party/srtp/crypto/test/rand_gen_soak.c
new file mode 100644
index 00000000..b0e67a73
--- /dev/null
+++ b/third_party/srtp/crypto/test/rand_gen_soak.c
@@ -0,0 +1,116 @@
+/*
+ * Soak test the RNG for exhaustion failures
+ */
+
+/*
+ *
+ * Copyright (c) 2001-2006, Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following
+ * disclaimer in the documentation and/or other materials provided
+ * with the distribution.
+ *
+ * Neither the name of the Cisco Systems, Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#ifdef HAVE_CONFIG_H
+ #include <config.h>
+#endif
+
+#include <stdio.h> /* for printf() */
+#include "getopt_s.h"
+#include "crypto_kernel.h"
+
+#define BUF_LEN (MAX_PRINT_STRING_LEN/2)
+
+int main(int argc, char *argv[])
+{
+ int q;
+ int num_octets = 0;
+ err_status_t status;
+ uint32_t iterations = 0;
+ int print_values = 0;
+
+ if (argc == 1) {
+ exit(255);
+ }
+
+ status = crypto_kernel_init();
+ if (status) {
+ printf("error: crypto_kernel init failed\n");
+ exit(1);
+ }
+
+ while (1) {
+ q = getopt_s(argc, argv, "pvn:");
+ if (q == -1) {
+ break;
+ }
+ switch (q) {
+ case 'p':
+ print_values = 1;
+ break;
+ case 'n':
+ num_octets = atoi(optarg_s);
+ if (num_octets < 0 || num_octets > BUF_LEN) {
+ exit(255);
+ }
+ break;
+ case 'v':
+ num_octets = 30;
+ print_values = 0;
+ break;
+ default:
+ exit(255);
+ }
+ }
+
+ if (num_octets > 0) {
+ while (iterations < 300000) {
+ uint8_t buffer[BUF_LEN];
+
+ status = crypto_get_random(buffer, num_octets);
+ if (status) {
+ printf("iteration %d error: failure in random source\n", iterations);
+ exit(255);
+ } else if (print_values) {
+ printf("%s\n", octet_string_hex_string(buffer, num_octets));
+ }
+ iterations++;
+ }
+ }
+
+ status = crypto_kernel_shutdown();
+ if (status) {
+ printf("error: crypto_kernel shutdown failed\n");
+ exit(1);
+ }
+
+ return 0;
+}
+
diff --git a/third_party/srtp/crypto/test/sha1_driver.c b/third_party/srtp/crypto/test/sha1_driver.c
index f7cb6ca2..6adfad17 100644
--- a/third_party/srtp/crypto/test/sha1_driver.c
+++ b/third_party/srtp/crypto/test/sha1_driver.c
@@ -43,8 +43,14 @@
*
*/
+#ifdef HAVE_CONFIG_H
+ #include <config.h>
+#endif
+
#include <stdio.h>
+#include <string.h>
#include "sha1.h"
+#include "datatypes.h"
#define SHA_PASS 0
#define SHA_FAIL 1
@@ -113,17 +119,17 @@ sha1_test_case_validate(const hash_test_case_t *test_case) {
if (0 == memcmp(test_case->hash, hash_value, 20)) {
#if VERBOSE
printf("PASSED: reference value: %s\n",
- octet_string_hex_string((uint8_t *)test_case->hash, 20));
+ octet_string_hex_string((const uint8_t *)test_case->hash, 20));
printf("PASSED: computed value: %s\n",
- octet_string_hex_string((uint8_t *)hash_value, 20));
+ octet_string_hex_string((const uint8_t *)hash_value, 20));
#endif
return err_status_ok;
}
printf("reference value: %s\n",
- octet_string_hex_string((uint8_t *)test_case->hash, 20));
+ octet_string_hex_string((const uint8_t *)test_case->hash, 20));
printf("computed value: %s\n",
- octet_string_hex_string((uint8_t *)hash_value, 20));
+ octet_string_hex_string((const uint8_t *)hash_value, 20));
return err_status_algo_fail;
@@ -136,7 +142,7 @@ struct hex_sha1_test_case_t {
};
err_status_t
-sha1_add_test_cases() {
+sha1_add_test_cases(void) {
int i;
err_status_t err;
@@ -485,6 +491,21 @@ sha1_add_test_cases() {
return err_status_ok;
}
+err_status_t
+sha1_dealloc_test_cases(void) {
+ hash_test_case_t *t, *next;
+
+ for (t = sha1_test_case_list; t != NULL; t = next) {
+ next = t->next_test_case;
+ free(t);
+ }
+
+ sha1_test_case_list = NULL;
+
+ return err_status_ok;
+}
+
+
err_status_t
sha1_validate(void) {
@@ -510,6 +531,8 @@ sha1_validate(void) {
test_case = test_case->next_test_case;
}
+ sha1_dealloc_test_cases();
+
return err_status_ok;
}
diff --git a/third_party/srtp/crypto/test/stat_driver.c b/third_party/srtp/crypto/test/stat_driver.c
index 09cc44a6..962f7484 100644
--- a/third_party/srtp/crypto/test/stat_driver.c
+++ b/third_party/srtp/crypto/test/stat_driver.c
@@ -7,11 +7,51 @@
* Cisco Systems, Inc.
*/
+/*
+ *
+ * Copyright (c) 2001-2006, Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following
+ * disclaimer in the documentation and/or other materials provided
+ * with the distribution.
+ *
+ * Neither the name of the Cisco Systems, Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#ifdef HAVE_CONFIG_H
+ #include <config.h>
+#endif
#include <stdio.h> /* for printf() */
#include "err.h"
#include "stat.h"
+#include "srtp.h"
#include "cipher.h"
@@ -32,12 +72,18 @@ err_check(err_status_t s) {
int
main (int argc, char *argv[]) {
- uint8_t buffer[2500];
+ uint8_t buffer[2532];
unsigned int buf_len = 2500;
int i, j;
extern cipher_type_t aes_icm;
+#ifdef OPENSSL
+ extern cipher_type_t aes_gcm_128_openssl;
+ extern cipher_type_t aes_gcm_256_openssl;
+#endif
cipher_t *c;
- uint8_t key[30] = {
+ uint8_t key[46] = {
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
@@ -49,6 +95,7 @@ main (int argc, char *argv[]) {
printf("statistical tests driver\n");
+ v128_set_to_zero(&nonce);
for (i=0; i < 2500; i++)
buffer[i] = 0;
@@ -69,9 +116,9 @@ main (int argc, char *argv[]) {
/* set buffer to cipher output */
for (i=0; i < 2500; i++)
buffer[i] = 0;
- err_check(cipher_type_alloc(&aes_icm, &c, 30));
- err_check(cipher_init(c, key, direction_encrypt));
- err_check(cipher_set_iv(c, &nonce));
+ err_check(cipher_type_alloc(&aes_icm, &c, 30, 0));
+ err_check(cipher_init(c, key));
+ err_check(cipher_set_iv(c, &nonce, direction_encrypt));
err_check(cipher_encrypt(c, buffer, &buf_len));
/* run tests on cipher outout */
printf("monobit %d\n", stat_test_monobit(buffer));
@@ -86,7 +133,7 @@ main (int argc, char *argv[]) {
for (i=0; i < 2500; i++)
buffer[i] = 0;
nonce.v32[3] = i;
- err_check(cipher_set_iv(c, &nonce));
+ err_check(cipher_set_iv(c, &nonce, direction_encrypt));
err_check(cipher_encrypt(c, buffer, &buf_len));
if (stat_test_runs(buffer)) {
num_fail++;
@@ -97,5 +144,103 @@ main (int argc, char *argv[]) {
printf("(nota bene: a small fraction of stat_test failures does not \n"
"indicate that the random source is invalid)\n");
+ err_check(cipher_dealloc(c));
+
+ printf("running stat_tests on AES-256-ICM, expecting success\n");
+ /* set buffer to cipher output */
+ for (i=0; i < 2500; i++)
+ buffer[i] = 0;
+ err_check(cipher_type_alloc(&aes_icm, &c, 46, 0));
+ err_check(cipher_init(c, key));
+ err_check(cipher_set_iv(c, &nonce, direction_encrypt));
+ err_check(cipher_encrypt(c, buffer, &buf_len));
+ /* run tests on cipher outout */
+ printf("monobit %d\n", stat_test_monobit(buffer));
+ printf("poker %d\n", stat_test_poker(buffer));
+ printf("runs %d\n", stat_test_runs(buffer));
+
+ printf("runs test (please be patient): ");
+ fflush(stdout);
+ num_fail = 0;
+ v128_set_to_zero(&nonce);
+ for(j=0; j < num_trials; j++) {
+ for (i=0; i < 2500; i++)
+ buffer[i] = 0;
+ nonce.v32[3] = i;
+ err_check(cipher_set_iv(c, &nonce, direction_encrypt));
+ err_check(cipher_encrypt(c, buffer, &buf_len));
+ if (stat_test_runs(buffer)) {
+ num_fail++;
+ }
+ }
+
+#ifdef OPENSSL
+ {
+ printf("running stat_tests on AES-128-GCM, expecting success\n");
+ /* set buffer to cipher output */
+ for (i=0; i < 2500; i++) {
+ buffer[i] = 0;
+ }
+ err_check(cipher_type_alloc(&aes_gcm_128_openssl, &c, AES_128_GCM_KEYSIZE_WSALT, 8));
+ err_check(cipher_init(c, key));
+ err_check(cipher_set_iv(c, &nonce, direction_encrypt));
+ err_check(cipher_encrypt(c, buffer, &buf_len));
+ /* run tests on cipher outout */
+ printf("monobit %d\n", stat_test_monobit(buffer));
+ printf("poker %d\n", stat_test_poker(buffer));
+ printf("runs %d\n", stat_test_runs(buffer));
+ fflush(stdout);
+ num_fail = 0;
+ v128_set_to_zero(&nonce);
+ for(j=0; j < num_trials; j++) {
+ for (i=0; i < 2500; i++) {
+ buffer[i] = 0;
+ }
+ nonce.v32[3] = i;
+ err_check(cipher_set_iv(c, &nonce, direction_encrypt));
+ err_check(cipher_encrypt(c, buffer, &buf_len));
+ buf_len = 2500;
+ if (stat_test_runs(buffer)) {
+ num_fail++;
+ }
+ }
+
+ printf("running stat_tests on AES-256-GCM, expecting success\n");
+ /* set buffer to cipher output */
+ for (i=0; i < 2500; i++) {
+ buffer[i] = 0;
+ }
+ err_check(cipher_type_alloc(&aes_gcm_256_openssl, &c, AES_256_GCM_KEYSIZE_WSALT, 16));
+ err_check(cipher_init(c, key));
+ err_check(cipher_set_iv(c, &nonce, direction_encrypt));
+ err_check(cipher_encrypt(c, buffer, &buf_len));
+ /* run tests on cipher outout */
+ printf("monobit %d\n", stat_test_monobit(buffer));
+ printf("poker %d\n", stat_test_poker(buffer));
+ printf("runs %d\n", stat_test_runs(buffer));
+ fflush(stdout);
+ num_fail = 0;
+ v128_set_to_zero(&nonce);
+ for(j=0; j < num_trials; j++) {
+ for (i=0; i < 2500; i++) {
+ buffer[i] = 0;
+ }
+ nonce.v32[3] = i;
+ err_check(cipher_set_iv(c, &nonce, direction_encrypt));
+ err_check(cipher_encrypt(c, buffer, &buf_len));
+ buf_len = 2500;
+ if (stat_test_runs(buffer)) {
+ num_fail++;
+ }
+ }
+ }
+#endif
+
+ printf("%d failures in %d tests\n", num_fail, num_trials);
+ printf("(nota bene: a small fraction of stat_test failures does not \n"
+ "indicate that the random source is invalid)\n");
+
+ err_check(cipher_dealloc(c));
+
return 0;
}
diff --git a/third_party/srtp/doc/Makefile b/third_party/srtp/doc/Makefile
deleted file mode 100644
index d4c0845e..00000000
--- a/third_party/srtp/doc/Makefile
+++ /dev/null
@@ -1,44 +0,0 @@
-# Makefile for libSRTP documentation
-#
-# David A. McGrew
-# Cisco Systems, Inc.
-#
-# This makefile does not use the autoconf system; we don't really need
-# it. We just run doxygen then latex. If you don't have either of
-# these, then there is no way that you can make your own
-# documentation. Of course, you can just go online at pick up the
-# documentation from http://srtp.sourceforge.net.
-
-srcdir = .
-top_srcdir = ..
-top_builddir = ../
-
-
-# Determine the version of the library
-
-version = $(shell cat $(top_srcdir)/VERSION)
-
-
-.PHONY: libsrtpdoc cryptodoc clean
-libsrtpdoc:
- @if test ! -e Doxyfile; then \
- echo "*** Sorry, can't build doc outside source dir"; exit 1; \
- fi
- sed 's/LIBSRTPVERSION/$(version)/' header.template > header.tex
- doxygen
- sed 's/\subsection/\section/' latex/index.tex > latex/index.tmp
- mv latex/index.tmp latex/index.tex
- cd latex; make
- cp latex/refman.pdf libsrtp.pdf
-
-
-cryptodoc: clean
- doxygen crypto.dox
- cd latex; make
- cp latex/refman.pdf crypto.pdf
-
-clean:
- rm -rf latex/ header.tex
- for a in * ; do \
- if [ -f "$$a~" ] ; then rm -f $$a~; fi; \
- done;
diff --git a/third_party/srtp/doc/draft-irtf-cfrg-icm-00.txt b/third_party/srtp/doc/draft-irtf-cfrg-icm-00.txt
deleted file mode 100644
index ddfce338..00000000
--- a/third_party/srtp/doc/draft-irtf-cfrg-icm-00.txt
+++ /dev/null
@@ -1 +0,0 @@
- Crypto Forum Research Group David A. McGrew Internet Draft Cisco Systems, Inc. Expires April, 2003 October, 2002 Integer Counter Mode <draft-irtf-cfrg-icm-00.txt> Status of this Memo This document is an Internet Draft and is in full conformance with all provisions of Section 10 of RFC-2026. Internet Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and working groups. Note that other groups may also distribute working documents as Internet Drafts. Internet Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. 1. Abstract This document specifies Integer Counter Mode (ICM), a mode of operation of a block cipher which defines an indexed keystream generator (which generates a keystream segment given an index). This mode is efficient, parallelizable, and has been proven secure given realistic assumptions about the block cipher. Test vectors are provided for AES. Counter Mode admits many variations. The variant specified in this document is secure and flexible, yet it enables a single implementation of a keystream generator to suffice in different application domains. McGrew [Page 1] Internet Draft Integer Counter Mode October, 2002 2. Notational Conventions The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC-2119 [B97]. 3. Introduction Counter Mode is a way to define a pseudorandom keystream generator using a block cipher [CTR]. The keystream can be used for additive encryption, key derivation, or any other application requiring pseudorandom data. In ICM, the keystream is logically broken into segments. Each segment is identified with a segment index, and the segments have equal lengths. This segmentation makes ICM especially appropriate for securing packet-based protocols. 4. ICM In this section, ICM keystream generation and encryption are defined. 4.1. ICM Parameters The following parameters are used in ICM. These parameters MUST remain fixed for any given use of a key. Parameter Meaning ----------------------------------------------------------------- BLOCK_LENGTH the number of octets in the cipher block KEY_LENGTH the number of octets in the cipher key OFFSET_LENGTH the number of octets in the offset SEGMENT_INDEX_LENGTH the number of octets in the segment index BLOCK_INDEX_LENGTH the number of octets in the block index 4.2. Keystream Segments Conceptually, ICM is a keystream generator that takes a secret key and a segment index as an input and then outputs a keystream segment. The segmentation lends itself to packet encryption, as each keystream segment can be used to encrypt a distinct packet. A counter is a value containing BLOCK_LENGTH octets which is McGrew [Page 2] Internet Draft Integer Counter Mode October, 2002 incremented using an increment function based on integer addition, to produce a sequence of distinct values which are used as inputs to the block cipher. (In the context of this specification, an integer is an octet string, the most significant of which is the first.) The output blocks of the cipher are concatenated to form the keystream segment. The first octet of the segment is the first octet of the first output block, and so on. A schematic of this process is shown in Figure 1. Figure 1. The generation of a keystream segment given a segment index and a block cipher key K. Here C[i] and S[i] denote the ith counter and keystream block, respectively. segment index | v C[0] -----> C[1] -----> C[2] -----> ... | | | v v v +---+ +---+ +---+ K->| E | K->| E | K->| E | ... +---+ +---+ +---+ | | | v v v S[0] S[1] S[2] ... The ith counter C[i] of the keystream segment with segment index s is defined as C[i] = (i + s * (256^BLOCK_INDEX_LENGTH)) (+) r where r denotes the shifted Offset, which is defined as the Offset times 256^(BLOCK_LENGTH - OFFSET_LENGTH). (This multiplication left-shifts the Offset so that it is aligned with the leftmost edge of the block.) Here ^ denotes exponentiation and (+) denotes the bitwise exclusive-or operation. The number of blocks in any segment MUST NOT exceed 256^BLOCK_INDEX_LENGTH. The number of segments MUST NOT exceed 256^SEGMENT_INDEX_LENGTH. These restrictions ensure the uniqueness of each block cipher input. They also imply that each segment contains no more than (256^BLOCK_INDEX_LENGTH)*BLOCK_LENGTH octets. The sum of SEGMENT_INDEX_LENGTH and BLOCK_INDEX_LENGTH MUST NOT exceed BLOCK_LENGTH / 2. This requirement protects the ICM keystream generator from potentially failing to be pseudorandom (see McGrew [Page 3] Internet Draft Integer Counter Mode October, 2002 the rationale). Figure 2. An illustration of the structure of a counter with BLOCK_LENGTH = 8, SEGMENT_INDEX_LENGTH = 2, and BLOCK_INDEX_LENGTH = 2. The field marked `null' is not part of either the block or segment indices. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | null | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | segment index | block index | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 4.3. ICM Encryption Unless otherwise specified, ICM encryption consists of bitwise exclusive-oring the keystream into the plaintext to produce the ciphertext. 4.4 ICM KEY An ICM key consists of the block cipher key and an Offset. The Offset is an integer with OFFSET_LENGTH octets, which is used to `randomize' the logical starting point of keystream. The Offset is crucial to providing security; see the rationale. The value of OFFSET_LENGTH SHOULD be at least half that of BLOCK_LENGTH. For the purposes of transporting an ICM key, e.g. in a signaling protocol, that key SHOULD be considered a sequence of octets in which the block cipher key precedes the Offset. 5. Implementation Considerations Implementation of the `add one modulo 2^m' operation is simple. For example, with BLOCK_LENGTH = 8 (m=64), it can be implemented in C as if (!++x) ++y; where x and y are 32-bit unsigned integers in network byte order. The implementation of general purpose addition modulo 2^m is slightly more complicated. The fact that the Offset is left-aligned enables an implementation McGrew [Page 4] Internet Draft Integer Counter Mode October, 2002 to avoid propagating carry values outside of the block index and/or the segment index. Choosing an OFFSET_LENGTH value equal to half that of BLOCK_LENGTH avoids all of these carries, since the Offset is then shifted so that it occupies the most significant octets of the block, while the block and segment indices occupy the least significant ones. 6. Parameters and Test Vectors for AES This section provides ICM parameters and test vectors for AES with a 128 bit block size and 128 bit key (that is, with a BLOCK_LENGTH and KEY_LENGTH of 16). All integers are expressed in hexadecimal. Each consecutive pair of hex digits corresponds to an octet, so that the integer 000102030405060708090A0B0C0D0E0F corresponds to the octet sequence { 00, 01, 02, 02 ... }. BLOCK_LENGTH 16 KEY_LENGTH 16 OFFSET_LENGTH 14 SEGMENT_INDEX_LENGTH 6 BLOCK_INDEX_LENGTH 2 Block Cipher Key: 2b7e151628aed2a6abf7158809cf4f3c Offset: f0f1f2f3f4f5f6f7f8f9fafbfcfd Segment Index: 000000000000 Keystream: e03ead0935c95e80e166b16dd92b4eb4 d23513162b02d0f72a43a2fe4a5f97ab ... The counter values that correspond to the keystream blocks are outlined below. Counter Keystream f0f1f2f3f4f5f6f7f8f9fafbfcfd0000 e03ead0935c95e80e166b16dd92b4eb4 f0f1f2f3f4f5f6f7f8f9fafbfcfd0001 d23513162b02d0f72a43a2fe4a5f97ab f0f1f2f3f4f5f6f7f8f9fafbfcfd0002 41e95b3bb0a2e8dd477901e4fca894c0 ... ... 7. Security Considerations Each block cipher input is distinct for any segment and any block index. To see this fact, subtract any two counter values with distinct segment or block indices; the result is non-zero. McGrew [Page 5] Internet Draft Integer Counter Mode October, 2002 The limitation on the number of segments which can be generated ensures that the probability with which an adversary can distinguish the keystream generator from random is negligible. For a theoretical justification of this fact, see Bellare et. al. [BR98]. Their analysis shows that if the block cipher cannot be distinguished from a random permutation, then the keystream generated by ICM cannot be distinguished from keystream generated by a truly random process, as long as the length of keystream which is generated is kept below some threshold. The threshold defined in Section 4.2 is sufficient for most uses of ICM for encryption. This specification refrains from dictating a lower threshold in order to refrain from dictating a particular policy, and to avoid a complicated digression. The use of the Offset, a key-dependent value which randomizes the starting position of the keystream, is essential for security. The omission of this mechanism leaves the door open for practical attacks, such as the key collision attack and Hellman's time-memory tradeoff attack; see McGrew and Fluhrer [MF00] for a description of these attacks which is applicable to ICM. Several counter mode proposals do not include an offset, and are thus vulnerable to these attacks. 8. Rationale This speficiation includes input from implementation experience with several counter mode variants. The goals of ICM are to provide: o a secure keystream generator and cipher, and o a definition flexible enough that a single implementation can be used for a variety of applications (e.g., Secure RTP [SRTP], IPsec ESP [KA96]). The Offset slightly increases the key management overhead, but this minor disadvantage is well outweighed by other savings. The Offset is no larger than a CBC mode IV, and ICM enables the use of an explicit IV (as is commonly used with CBC [MD98]) to be avoided. 9. History This draft is based on draft-mcgrew-saag-icm-00.txt, which was submitted to SAAG on November, 2001 and which expired in May, 2002. The current definition of ICM has changed from the earlier one; the counter formation is different and the specifications are McGrew [Page 6] Internet Draft Integer Counter Mode October, 2002 unfortunately not interoperable. This change was motivated by a considerable amount of feedback on the desirability of admitting optimizations of the sort described in Section 5, in which the carry operations of counter addition need not be propagated across a large register. The current definition of ICM is interoperable with that defined in Secure RTP [SRTP]. 10. Acknowledgements Thanks are due to Helger Lipmaa, Jerome Etienne, Scott Fluhrer and Mats Naslund for their helpful discussion and comments. 11. Contact Information Questions and comments on this draft SHOULD be sent to: David A. McGrew Cisco Systems, Inc. mcgrew@cisco.com and copied to the Crypto Forum Research Group at: cfrg@ietf.org. 12. References [BR98] M. Bellare, A. Desai, E. Lokipii and P. Rogaway, A Concrete Security Treatment of Symmetric Encryption: Analysis of DES Modes of Operation, Proceedings of the 38th Symposium on Foundations of Computer Science, IEEE, 1997. [B97] S. Bradner, Key words for use in RFCs to Indicate Requirement Levels, RFC 2119, March 1997. [AES] The Advanced Encryption Standard, United States National Institute for Standards and Technology (NIST), http://www.nist.gov/aes/. [CTR] M. Dworkin, NIST Special Publication 800-38A, "Recommendation for Block Cipher Modes of Operation: Methods and Techniques", 2001. Online at McGrew [Page 7] Internet Draft Integer Counter Mode October, 2002 http://csrc.nist.gov/publications/nistpubs/800-38a/sp800- 38a.pdf. [MD98] Madson, C., and Doraswamy, N., "The ESP DES-CBC Cipher Algorithm With Explicit IV", RFC 2405, November 1998. [MF00] D. McGrew and S. Fluhrer, Attacks on Additive Encryption and Implications on Internet Security, Selected Areas in Cryptography 2000. [SRTP] The Secure Real-time Transport Protocol, Baugher et. al., Internet Draft, draft-ietf-avt-srtp-05.txt. McGrew [Page 8] \ No newline at end of file
diff --git a/third_party/srtp/doc/intro.txt b/third_party/srtp/doc/intro.txt
index f3155992..e8607d1c 100644
--- a/third_party/srtp/doc/intro.txt
+++ b/third_party/srtp/doc/intro.txt
@@ -5,10 +5,10 @@
This document describes libSRTP, the Open Source Secure RTP library
from Cisco Systems, Inc. RTP is the Real-time Transport Protocol, an
IETF standard for the transport of real-time data such as telephony,
-audio, and video, defined by RFC1889. Secure RTP (SRTP) is an RTP
+audio, and video, defined by RFC 3550. Secure RTP (SRTP) is an RTP
profile for providing confidentiality to RTP data and authentication
-to the RTP header and payload. SRTP is an IETF Proposed Standard, and
-is defined in RFC 3711, and was developed in the IETF Audio/Video
+to the RTP header and payload. SRTP is an IETF Proposed Standard,
+defined in RFC 3711, and was developed in the IETF Audio/Video
Transport (AVT) Working Group. This library supports all of the
mandatory features of SRTP, but not all of the optional features. See
the @ref Features section for more detailed information.
@@ -110,7 +110,7 @@ the minor release number, and \texttt{tgz} is the file
extension\footnote{The extension \texttt{.tgz} is identical to
\texttt{tar.gz}, and indicates a compressed tar file.} You probably
want to get the most recent release. Unpack the distribution and
-extract the source files; the directory into which the soruce files
+extract the source files; the directory into which the source files
will go is named \texttt{srtp}.
libSRTP uses the GNU \texttt{autoconf} and \texttt{make}
@@ -135,7 +135,7 @@ The configure script accepts the following options:
\end{description}
\end{quote}
-By default, dynamic debbuging is enabled and stdout is used for
+By default, dynamic debugging is enabled and stdout is used for
debugging. You can use the configure options to have the debugging
output sent to syslog or the system console. Alternatively, you can
define ERR\_REPORTING\_FILE in \texttt{include/conf.h} to be any other
@@ -181,7 +181,7 @@ using gdoi will be added later.
The usage for rtpw is
\texttt{rtpw [[-d $<$debug$>$]* [-k $<$key$>$ [-a][-e]] [-s | -r] dest\_ip
-dest\_port][-l]}
+dest\_port] | [-l]}
Either the -s (sender) or -r (receiver) option must be chosen. The
values dest\_ip, dest\_port are the IP address and UDP port to which
@@ -189,7 +189,7 @@ the dictionary will be sent, respectively. The options are:
\begin{center}
\begin{tabular}{ll}
-s & (S)RTP sender - causes app to send words \\
- -r & (S)RTP receive - causes app to receve words \\
+ -r & (S)RTP receive - causes app to receive words \\
-k $<$key$>$ & use SRTP master key $<$key$>$, where the
key is a hexadecimal value (without the
leading "0x") \\
@@ -197,7 +197,7 @@ the dictionary will be sent, respectively. The options are:
(requires use of -k option as well)\\
-a & message authentication
(requires use of -k option as well) \\
- -l & list the avaliable debug modules \\
+ -l & list the available debug modules \\
-d $<$debug$>$ & turn on debugging for module $<$debug$>$ \\
\end{tabular}
\end{center}
@@ -359,7 +359,7 @@ length as its second argument.
crypto_get_random(key, 30);
// allocate and initialize the SRTP session
- srtp_create(&session, policy);
+ srtp_create(&session, &policy);
// main loop: get rtp packets, send srtp packets
while (1) {
diff --git a/third_party/srtp/doc/rfc3711.txt b/third_party/srtp/doc/rfc3711.txt
deleted file mode 100644
index ecc0648a..00000000
--- a/third_party/srtp/doc/rfc3711.txt
+++ /dev/null
@@ -1,3139 +0,0 @@
-
-
-
-
-
-
-Network Working Group M. Baugher
-Request for Comments: 3711 D. McGrew
-Category: Standards Track Cisco Systems, Inc.
- M. Naslund
- E. Carrara
- K. Norrman
- Ericsson Research
- March 2004
-
-
- The Secure Real-time Transport Protocol (SRTP)
-
-Status of this Memo
-
- This document specifies an Internet standards track protocol for the
- Internet community, and requests discussion and suggestions for
- improvements. Please refer to the current edition of the "Internet
- Official Protocol Standards" (STD 1) for the standardization state
- and status of this protocol. Distribution of this memo is unlimited.
-
-Copyright Notice
-
- Copyright (C) The Internet Society (2004). All Rights Reserved.
-
-Abstract
-
- This document describes the Secure Real-time Transport Protocol
- (SRTP), a profile of the Real-time Transport Protocol (RTP), which
- can provide confidentiality, message authentication, and replay
- protection to the RTP traffic and to the control traffic for RTP, the
- Real-time Transport Control Protocol (RTCP).
-
-Table of Contents
-
- 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
- 1.1. Notational Conventions . . . . . . . . . . . . . . . . . 3
- 2. Goals and Features . . . . . . . . . . . . . . . . . . . . . . 4
- 2.1. Features . . . . . . . . . . . . . . . . . . . . . . . . 5
- 3. SRTP Framework . . . . . . . . . . . . . . . . . . . . . . . . 5
- 3.1. Secure RTP . . . . . . . . . . . . . . . . . . . . . . . 6
- 3.2. SRTP Cryptographic Contexts. . . . . . . . . . . . . . . 7
- 3.2.1. Transform-independent parameters . . . . . . . . 8
- 3.2.2. Transform-dependent parameters . . . . . . . . . 10
- 3.2.3. Mapping SRTP Packets to Cryptographic Contexts . 10
- 3.3. SRTP Packet Processing . . . . . . . . . . . . . . . . . 11
- 3.3.1. Packet Index Determination, and ROC, s_l Update. 13
- 3.3.2. Replay Protection. . . . . . . . . . . . . . . . 15
- 3.4. Secure RTCP . . . . . . . . . . . . . . . . . . . . . . . 15
-
-
-
-Baugher, et al. Standards Track [Page 1]
-
-RFC 3711 SRTP March 2004
-
-
- 4. Pre-Defined Cryptographic Transforms . . . . . . . . . . . . . 19
- 4.1. Encryption . . . . . . . . . . . . . . . . . . . . . . . 19
- 4.1.1. AES in Counter Mode. . . . . . . . . . . . . . . 21
- 4.1.2. AES in f8-mode . . . . . . . . . . . . . . . . . 22
- 4.1.3. NULL Cipher. . . . . . . . . . . . . . . . . . . 25
- 4.2. Message Authentication and Integrity . . . . . . . . . . 25
- 4.2.1. HMAC-SHA1. . . . . . . . . . . . . . . . . . . . 25
- 4.3. Key Derivation . . . . . . . . . . . . . . . . . . . . . 26
- 4.3.1. Key Derivation Algorithm . . . . . . . . . . . . 26
- 4.3.2. SRTCP Key Derivation . . . . . . . . . . . . . . 28
- 4.3.3. AES-CM PRF . . . . . . . . . . . . . . . . . . . 28
- 5. Default and mandatory-to-implement Transforms. . . . . . . . . 28
- 5.1. Encryption: AES-CM and NULL. . . . . . . . . . . . . . . 29
- 5.2. Message Authentication/Integrity: HMAC-SHA1. . . . . . . 29
- 5.3. Key Derivation: AES-CM PRF . . . . . . . . . . . . . . . 29
- 6. Adding SRTP Transforms . . . . . . . . . . . . . . . . . . . . 29
- 7. Rationale. . . . . . . . . . . . . . . . . . . . . . . . . . . 30
- 7.1. Key derivation . . . . . . . . . . . . . . . . . . . . . 30
- 7.2. Salting key. . . . . . . . . . . . . . . . . . . . . . . 30
- 7.3. Message Integrity from Universal Hashing . . . . . . . . 31
- 7.4. Data Origin Authentication Considerations. . . . . . . . 31
- 7.5. Short and Zero-length Message Authentication . . . . . . 32
- 8. Key Management Considerations. . . . . . . . . . . . . . . . . 33
- 8.1. Re-keying . . . . . . . . . . . . . . . . . . . . . . . 34
- 8.1.1. Use of the <From, To> for re-keying. . . . . . . 34
- 8.2. Key Management parameters. . . . . . . . . . . . . . . . 35
- 9. Security Considerations. . . . . . . . . . . . . . . . . . . . 37
- 9.1. SSRC collision and two-time pad. . . . . . . . . . . . . 37
- 9.2. Key Usage. . . . . . . . . . . . . . . . . . . . . . . . 38
- 9.3. Confidentiality of the RTP Payload . . . . . . . . . . . 39
- 9.4. Confidentiality of the RTP Header. . . . . . . . . . . . 40
- 9.5. Integrity of the RTP payload and header. . . . . . . . . 40
- 9.5.1. Risks of Weak or Null Message Authentication. . . 42
- 9.5.2. Implicit Header Authentication . . . . . . . . . 43
- 10. Interaction with Forward Error Correction mechanisms. . . . . 43
- 11. Scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . 43
- 11.1. Unicast. . . . . . . . . . . . . . . . . . . . . . . . . 43
- 11.2. Multicast (one sender) . . . . . . . . . . . . . . . . . 44
- 11.3. Re-keying and access control . . . . . . . . . . . . . . 45
- 11.4. Summary of basic scenarios . . . . . . . . . . . . . . . 46
- 12. IANA Considerations. . . . . . . . . . . . . . . . . . . . . . 46
- 13. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 47
- 14. References . . . . . . . . . . . . . . . . . . . . . . . . . . 47
- 14.1. Normative References . . . . . . . . . . . . . . . . . . 47
- 14.2. Informative References . . . . . . . . . . . . . . . . . 48
- Appendix A: Pseudocode for Index Determination . . . . . . . . . . 51
- Appendix B: Test Vectors . . . . . . . . . . . . . . . . . . . . . 51
- B.1. AES-f8 Test Vectors. . . . . . . . . . . . . . . . . . . 51
-
-
-
-Baugher, et al. Standards Track [Page 2]
-
-RFC 3711 SRTP March 2004
-
-
- B.2. AES-CM Test Vectors. . . . . . . . . . . . . . . . . . . 52
- B.3. Key Derivation Test Vectors. . . . . . . . . . . . . . . 53
- Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 55
- Full Copyright Statement . . . . . . . . . . . . . . . . . . . . . 56
-
-1. Introduction
-
- This document describes the Secure Real-time Transport Protocol
- (SRTP), a profile of the Real-time Transport Protocol (RTP), which
- can provide confidentiality, message authentication, and replay
- protection to the RTP traffic and to the control traffic for RTP,
- RTCP (the Real-time Transport Control Protocol) [RFC3350].
-
- SRTP provides a framework for encryption and message authentication
- of RTP and RTCP streams (Section 3). SRTP defines a set of default
- cryptographic transforms (Sections 4 and 5), and it allows new
- transforms to be introduced in the future (Section 6). With
- appropriate key management (Sections 7 and 8), SRTP is secure
- (Sections 9) for unicast and multicast RTP applications (Section 11).
-
- SRTP can achieve high throughput and low packet expansion. SRTP
- proves to be a suitable protection for heterogeneous environments
- (mix of wired and wireless networks). To get such features, default
- transforms are described, based on an additive stream cipher for
- encryption, a keyed-hash based function for message authentication,
- and an "implicit" index for sequencing/synchronization based on the
- RTP sequence number for SRTP and an index number for Secure RTCP
- (SRTCP).
-
-1.1. Notational Conventions
-
- The keywords "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
- "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
- document are to be interpreted as described in [RFC2119]. The
- terminology conforms to [RFC2828] with the following exception. For
- simplicity we use the term "random" throughout the document to denote
- randomly or pseudo-randomly generated values. Large amounts of
- random bits may be difficult to obtain, and for the security of SRTP,
- pseudo-randomness is sufficient [RFC1750].
-
- By convention, the adopted representation is the network byte order,
- i.e., the left most bit (octet) is the most significant one. By XOR
- we mean bitwise addition modulo 2 of binary strings, and || denotes
- concatenation. In other words, if C = A || B, then the most
- significant bits of C are the bits of A, and the least significant
- bits of C equal the bits of B. Hexadecimal numbers are prefixed by
- 0x.
-
-
-
-
-Baugher, et al. Standards Track [Page 3]
-
-RFC 3711 SRTP March 2004
-
-
- The word "encryption" includes also use of the NULL algorithm (which
- in practice does leave the data in the clear).
-
- With slight abuse of notation, we use the terms "message
- authentication" and "authentication tag" as is common practice, even
- though in some circumstances, e.g., group communication, the service
- provided is actually only integrity protection and not data origin
- authentication.
-
-2. Goals and Features
-
- The security goals for SRTP are to ensure:
-
- * the confidentiality of the RTP and RTCP payloads, and
-
- * the integrity of the entire RTP and RTCP packets, together with
- protection against replayed packets.
-
- These security services are optional and independent from each other,
- except that SRTCP integrity protection is mandatory (malicious or
- erroneous alteration of RTCP messages could otherwise disrupt the
- processing of the RTP stream).
-
- Other, functional, goals for the protocol are:
-
- * a framework that permits upgrading with new cryptographic
- transforms,
-
- * low bandwidth cost, i.e., a framework preserving RTP header
- compression efficiency,
-
- and, asserted by the pre-defined transforms:
-
- * a low computational cost,
-
- * a small footprint (i.e., small code size and data memory for
- keying information and replay lists),
-
- * limited packet expansion to support the bandwidth economy goal,
-
- * independence from the underlying transport, network, and physical
- layers used by RTP, in particular high tolerance to packet loss
- and re-ordering.
-
- These properties ensure that SRTP is a suitable protection scheme for
- RTP/RTCP in both wired and wireless scenarios.
-
-
-
-
-
-Baugher, et al. Standards Track [Page 4]
-
-RFC 3711 SRTP March 2004
-
-
-2.1. Features
-
- Besides the above mentioned direct goals, SRTP provides for some
- additional features. They have been introduced to lighten the burden
- on key management and to further increase security. They include:
-
- * A single "master key" can provide keying material for
- confidentiality and integrity protection, both for the SRTP stream
- and the corresponding SRTCP stream. This is achieved with a key
- derivation function (see Section 4.3), providing "session keys"
- for the respective security primitive, securely derived from the
- master key.
-
- * In addition, the key derivation can be configured to periodically
- refresh the session keys, which limits the amount of ciphertext
- produced by a fixed key, available for an adversary to
- cryptanalyze.
-
- * "Salting keys" are used to protect against pre-computation and
- time-memory tradeoff attacks [MF00] [BS00].
-
- Detailed rationale for these features can be found in Section 7.
-
-3. SRTP Framework
-
- RTP is the Real-time Transport Protocol [RFC3550]. We define SRTP as
- a profile of RTP. This profile is an extension to the RTP
- Audio/Video Profile [RFC3551]. Except where explicitly noted, all
- aspects of that profile apply, with the addition of the SRTP security
- features. Conceptually, we consider SRTP to be a "bump in the stack"
- implementation which resides between the RTP application and the
- transport layer. SRTP intercepts RTP packets and then forwards an
- equivalent SRTP packet on the sending side, and intercepts SRTP
- packets and passes an equivalent RTP packet up the stack on the
- receiving side.
-
- Secure RTCP (SRTCP) provides the same security services to RTCP as
- SRTP does to RTP. SRTCP message authentication is MANDATORY and
- thereby protects the RTCP fields to keep track of membership, provide
- feedback to RTP senders, or maintain packet sequence counters. SRTCP
- is described in Section 3.4.
-
-
-
-
-
-
-
-
-
-
-Baugher, et al. Standards Track [Page 5]
-
-RFC 3711 SRTP March 2004
-
-
-3.1. Secure RTP
-
- The format of an SRTP packet is illustrated in Figure 1.
-
- 0 1 2 3
- 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+<+
- |V=2|P|X| CC |M| PT | sequence number | |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
- | timestamp | |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
- | synchronization source (SSRC) identifier | |
- +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ |
- | contributing source (CSRC) identifiers | |
- | .... | |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
- | RTP extension (OPTIONAL) | |
- +>+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
- | | payload ... | |
- | | +-------------------------------+ |
- | | | RTP padding | RTP pad count | |
- +>+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+<+
- | ~ SRTP MKI (OPTIONAL) ~ |
- | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
- | : authentication tag (RECOMMENDED) : |
- | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
- | |
- +- Encrypted Portion* Authenticated Portion ---+
-
- Figure 1. The format of an SRTP packet. *Encrypted Portion is the
- same size as the plaintext for the Section 4 pre-defined transforms.
-
- The "Encrypted Portion" of an SRTP packet consists of the encryption
- of the RTP payload (including RTP padding when present) of the
- equivalent RTP packet. The Encrypted Portion MAY be the exact size
- of the plaintext or MAY be larger. Figure 1 shows the RTP payload
- including any possible padding for RTP [RFC3550].
-
- None of the pre-defined encryption transforms uses any padding; for
- these, the RTP and SRTP payload sizes match exactly. New transforms
- added to SRTP (following Section 6) may require padding, and may
- hence produce larger payloads. RTP provides its own padding format
- (as seen in Fig. 1), which due to the padding indicator in the RTP
- header has merits in terms of compactness relative to paddings using
- prefix-free codes. This RTP padding SHALL be the default method for
- transforms requiring padding. Transforms MAY specify other padding
- methods, and MUST then specify the amount, format, and processing of
- their padding. It is important to note that encryption transforms
-
-
-
-Baugher, et al. Standards Track [Page 6]
-
-RFC 3711 SRTP March 2004
-
-
- that use padding are vulnerable to subtle attacks, especially when
- message authentication is not used [V02]. Each specification for a
- new encryption transform needs to carefully consider and describe the
- security implications of the padding that it uses. Message
- authentication codes define their own padding, so this default does
- not apply to authentication transforms.
-
- The OPTIONAL MKI and the RECOMMENDED authentication tag are the only
- fields defined by SRTP that are not in RTP. Only 8-bit alignment is
- assumed.
-
- MKI (Master Key Identifier): configurable length, OPTIONAL. The
- MKI is defined, signaled, and used by key management. The
- MKI identifies the master key from which the session
- key(s) were derived that authenticate and/or encrypt the
- particular packet. Note that the MKI SHALL NOT identify
- the SRTP cryptographic context, which is identified
- according to Section 3.2.3. The MKI MAY be used by key
- management for the purposes of re-keying, identifying a
- particular master key within the cryptographic context
- (Section 3.2.1).
-
- Authentication tag: configurable length, RECOMMENDED. The
- authentication tag is used to carry message authentication
- data. The Authenticated Portion of an SRTP packet
- consists of the RTP header followed by the Encrypted
- Portion of the SRTP packet. Thus, if both encryption and
- authentication are applied, encryption SHALL be applied
- before authentication on the sender side and conversely on
- the receiver side. The authentication tag provides
- authentication of the RTP header and payload, and it
- indirectly provides replay protection by authenticating
- the sequence number. Note that the MKI is not integrity
- protected as this does not provide any extra protection.
-
-3.2. SRTP Cryptographic Contexts
-
- Each SRTP stream requires the sender and receiver to maintain
- cryptographic state information. This information is called the
- "cryptographic context".
-
- SRTP uses two types of keys: session keys and master keys. By a
- "session key", we mean a key which is used directly in a
- cryptographic transform (e.g., encryption or message authentication),
- and by a "master key", we mean a random bit string (given by the key
- management protocol) from which session keys are derived in a
-
-
-
-
-
-Baugher, et al. Standards Track [Page 7]
-
-RFC 3711 SRTP March 2004
-
-
- cryptographically secure way. The master key(s) and other parameters
- in the cryptographic context are provided by key management
- mechanisms external to SRTP, see Section 8.
-
-3.2.1. Transform-independent parameters
-
- Transform-independent parameters are present in the cryptographic
- context independently of the particular encryption or authentication
- transforms that are used. The transform-independent parameters of
- the cryptographic context for SRTP consist of:
-
- * a 32-bit unsigned rollover counter (ROC), which records how many
- times the 16-bit RTP sequence number has been reset to zero after
- passing through 65,535. Unlike the sequence number (SEQ), which
- SRTP extracts from the RTP packet header, the ROC is maintained by
- SRTP as described in Section 3.3.1.
-
- We define the index of the SRTP packet corresponding to a given
- ROC and RTP sequence number to be the 48-bit quantity
-
- i = 2^16 * ROC + SEQ.
-
- * for the receiver only, a 16-bit sequence number s_l, which can be
- thought of as the highest received RTP sequence number (see
- Section 3.3.1 for its handling), which SHOULD be authenticated
- since message authentication is RECOMMENDED,
-
- * an identifier for the encryption algorithm, i.e., the cipher and
- its mode of operation,
-
- * an identifier for the message authentication algorithm,
-
- * a replay list, maintained by the receiver only (when
- authentication and replay protection are provided), containing
- indices of recently received and authenticated SRTP packets,
-
- * an MKI indicator (0/1) as to whether an MKI is present in SRTP and
- SRTCP packets,
-
- * if the MKI indicator is set to one, the length (in octets) of the
- MKI field, and (for the sender) the actual value of the currently
- active MKI (the value of the MKI indicator and length MUST be kept
- fixed for the lifetime of the context),
-
- * the master key(s), which MUST be random and kept secret,
-
-
-
-
-
-
-Baugher, et al. Standards Track [Page 8]
-
-RFC 3711 SRTP March 2004
-
-
- * for each master key, there is a counter of the number of SRTP
- packets that have been processed (sent) with that master key
- (essential for security, see Sections 3.3.1 and 9),
-
- * non-negative integers n_e, and n_a, determining the length of the
- session keys for encryption, and message authentication.
-
- In addition, for each master key, an SRTP stream MAY use the
- following associated values:
-
- * a master salt, to be used in the key derivation of session keys.
- This value, when used, MUST be random, but MAY be public. Use of
- master salt is strongly RECOMMENDED, see Section 9.2. A "NULL"
- salt is treated as 00...0.
-
- * an integer in the set {1,2,4,...,2^24}, the "key_derivation_rate",
- where an unspecified value is treated as zero. The constraint to
- be a power of 2 simplifies the session-key derivation
- implementation, see Section 4.3.
-
- * an MKI value,
-
- * <From, To> values, specifying the lifetime for a master key,
- expressed in terms of the two 48-bit index values inside whose
- range (including the range end-points) the master key is valid.
- For the use of <From, To>, see Section 8.1.1. <From, To> is an
- alternative to the MKI and assumes that a master key is in one-
- to-one correspondence with the SRTP session key on which the
- <From, To> range is defined.
-
- SRTCP SHALL by default share the crypto context with SRTP, except:
-
- * no rollover counter and s_l-value need to be maintained as the
- RTCP index is explicitly carried in each SRTCP packet,
-
- * a separate replay list is maintained (when replay protection is
- provided),
-
- * SRTCP maintains a separate counter for its master key (even if the
- master key is the same as that for SRTP, see below), as a means to
- maintain a count of the number of SRTCP packets that have been
- processed with that key.
-
- Note in particular that the master key(s) MAY be shared between SRTP
- and the corresponding SRTCP, if the pre-defined transforms (including
- the key derivation) are used but the session key(s) MUST NOT be so
- shared.
-
-
-
-
-Baugher, et al. Standards Track [Page 9]
-
-RFC 3711 SRTP March 2004
-
-
- In addition, there can be cases (see Sections 8 and 9.1) where
- several SRTP streams within a given RTP session, identified by their
- synchronization source (SSRCs, which is part of the RTP header),
- share most of the crypto context parameters (including possibly
- master and session keys). In such cases, just as in the normal
- SRTP/SRTCP parameter sharing above, separate replay lists and packet
- counters for each stream (SSRC) MUST still be maintained. Also,
- separate SRTP indices MUST then be maintained.
-
- A summary of parameters, pre-defined transforms, and default values
- for the above parameters (and other SRTP parameters) can be found in
- Sections 5 and 8.2.
-
-3.2.2. Transform-dependent parameters
-
- All encryption, authentication/integrity, and key derivation
- parameters are defined in the transforms section (Section 4).
- Typical examples of such parameters are block size of ciphers,
- session keys, data for the Initialization Vector (IV) formation, etc.
- Future SRTP transform specifications MUST include a section to list
- the additional cryptographic context's parameters for that transform,
- if any.
-
-3.2.3. Mapping SRTP Packets to Cryptographic Contexts
-
- Recall that an RTP session for each participant is defined [RFC3550]
- by a pair of destination transport addresses (one network address
- plus a port pair for RTP and RTCP), and that a multimedia session is
- defined as a collection of RTP sessions. For example, a particular
- multimedia session could include an audio RTP session, a video RTP
- session, and a text RTP session.
-
- A cryptographic context SHALL be uniquely identified by the triplet
- context identifier:
-
- context id = <SSRC, destination network address, destination
- transport port number>
-
- where the destination network address and the destination transport
- port are the ones in the SRTP packet. It is assumed that, when
- presented with this information, the key management returns a context
- with the information as described in Section 3.2.
-
- As noted above, SRTP and SRTCP by default share the bulk of the
- parameters in the cryptographic context. Thus, retrieving the crypto
- context parameters for an SRTCP stream in practice may imply a
- binding to the correspondent SRTP crypto context. It is up to the
- implementation to assure such binding, since the RTCP port may not be
-
-
-
-Baugher, et al. Standards Track [Page 10]
-
-RFC 3711 SRTP March 2004
-
-
- directly deducible from the RTP port only. Alternatively, the key
- management may choose to provide separate SRTP- and SRTCP- contexts,
- duplicating the common parameters (such as master key(s)). The
- latter approach then also enables SRTP and SRTCP to use, e.g.,
- distinct transforms, if so desired. Similar considerations arise
- when multiple SRTP streams, forming part of one single RTP session,
- share keys and other parameters.
-
- If no valid context can be found for a packet corresponding to a
- certain context identifier, that packet MUST be discarded.
-
-3.3. SRTP Packet Processing
-
- The following applies to SRTP. SRTCP is described in Section 3.4.
-
- Assuming initialization of the cryptographic context(s) has taken
- place via key management, the sender SHALL do the following to
- construct an SRTP packet:
-
- 1. Determine which cryptographic context to use as described in
- Section 3.2.3.
-
- 2. Determine the index of the SRTP packet using the rollover counter,
- the highest sequence number in the cryptographic context, and the
- sequence number in the RTP packet, as described in Section 3.3.1.
-
- 3. Determine the master key and master salt. This is done using the
- index determined in the previous step or the current MKI in the
- cryptographic context, according to Section 8.1.
-
- 4. Determine the session keys and session salt (if they are used by
- the transform) as described in Section 4.3, using master key,
- master salt, key_derivation_rate, and session key-lengths in the
- cryptographic context with the index, determined in Steps 2 and 3.
-
- 5. Encrypt the RTP payload to produce the Encrypted Portion of the
- packet (see Section 4.1, for the defined ciphers). This step uses
- the encryption algorithm indicated in the cryptographic context,
- the session encryption key and the session salt (if used) found in
- Step 4 together with the index found in Step 2.
-
- 6. If the MKI indicator is set to one, append the MKI to the packet.
-
- 7. For message authentication, compute the authentication tag for the
- Authenticated Portion of the packet, as described in Section 4.2.
- This step uses the current rollover counter, the authentication
-
-
-
-
-
-Baugher, et al. Standards Track [Page 11]
-
-RFC 3711 SRTP March 2004
-
-
- algorithm indicated in the cryptographic context, and the session
- authentication key found in Step 4. Append the authentication tag
- to the packet.
-
- 8. If necessary, update the ROC as in Section 3.3.1, using the packet
- index determined in Step 2.
-
- To authenticate and decrypt an SRTP packet, the receiver SHALL do the
- following:
-
- 1. Determine which cryptographic context to use as described in
- Section 3.2.3.
-
- 2. Run the algorithm in Section 3.3.1 to get the index of the SRTP
- packet. The algorithm uses the rollover counter and highest
- sequence number in the cryptographic context with the sequence
- number in the SRTP packet, as described in Section 3.3.1.
-
- 3. Determine the master key and master salt. If the MKI indicator in
- the context is set to one, use the MKI in the SRTP packet,
- otherwise use the index from the previous step, according to
- Section 8.1.
-
- 4. Determine the session keys, and session salt (if used by the
- transform) as described in Section 4.3, using master key, master
- salt, key_derivation_rate and session key-lengths in the
- cryptographic context with the index, determined in Steps 2 and 3.
-
- 5. For message authentication and replay protection, first check if
- the packet has been replayed (Section 3.3.2), using the Replay
- List and the index as determined in Step 2. If the packet is
- judged to be replayed, then the packet MUST be discarded, and the
- event SHOULD be logged.
-
- Next, perform verification of the authentication tag, using the
- rollover counter from Step 2, the authentication algorithm
- indicated in the cryptographic context, and the session
- authentication key from Step 4. If the result is "AUTHENTICATION
- FAILURE" (see Section 4.2), the packet MUST be discarded from
- further processing and the event SHOULD be logged.
-
- 6. Decrypt the Encrypted Portion of the packet (see Section 4.1, for
- the defined ciphers), using the decryption algorithm indicated in
- the cryptographic context, the session encryption key and salt (if
- used) found in Step 4 with the index from Step 2.
-
-
-
-
-
-
-Baugher, et al. Standards Track [Page 12]
-
-RFC 3711 SRTP March 2004
-
-
- 7. Update the rollover counter and highest sequence number, s_l, in
- the cryptographic context as in Section 3.3.1, using the packet
- index estimated in Step 2. If replay protection is provided, also
- update the Replay List as described in Section 3.3.2.
-
- 8. When present, remove the MKI and authentication tag fields from
- the packet.
-
-3.3.1. Packet Index Determination, and ROC, s_l Update
-
- SRTP implementations use an "implicit" packet index for sequencing,
- i.e., not all of the index is explicitly carried in the SRTP packet.
- For the pre-defined transforms, the index i is used in replay
- protection (Section 3.3.2), encryption (Section 4.1), message
- authentication (Section 4.2), and for the key derivation (Section
- 4.3).
-
- When the session starts, the sender side MUST set the rollover
- counter, ROC, to zero. Each time the RTP sequence number, SEQ, wraps
- modulo 2^16, the sender side MUST increment ROC by one, modulo 2^32
- (see security aspects below). The sender's packet index is then
- defined as
-
- i = 2^16 * ROC + SEQ.
-
- Receiver-side implementations use the RTP sequence number to
- determine the correct index of a packet, which is the location of the
- packet in the sequence of all SRTP packets. A robust approach for
- the proper use of a rollover counter requires its handling and use to
- be well defined. In particular, out-of-order RTP packets with
- sequence numbers close to 2^16 or zero must be properly handled.
-
- The index estimate is based on the receiver's locally maintained ROC
- and s_l values. At the setup of the session, the ROC MUST be set to
- zero. Receivers joining an on-going session MUST be given the
- current ROC value using out-of-band signaling such as key-management
- signaling. Furthermore, the receiver SHALL initialize s_l to the RTP
- sequence number (SEQ) of the first observed SRTP packet (unless the
- initial value is provided by out of band signaling such as key
- management).
-
- On consecutive SRTP packets, the receiver SHOULD estimate the index
- as
- i = 2^16 * v + SEQ,
-
- where v is chosen from the set { ROC-1, ROC, ROC+1 } (modulo 2^32)
- such that i is closest (in modulo 2^48 sense) to the value 2^16 * ROC
- + s_l (see Appendix A for pseudocode).
-
-
-
-Baugher, et al. Standards Track [Page 13]
-
-RFC 3711 SRTP March 2004
-
-
- After the packet has been processed and authenticated (when enabled
- for SRTP packets for the session), the receiver MUST use v to
- conditionally update its s_l and ROC variables as follows. If
- v=(ROC-1) mod 2^32, then there is no update to s_l or ROC. If v=ROC,
- then s_l is set to SEQ if and only if SEQ is larger than the current
- s_l; there is no change to ROC. If v=(ROC+1) mod 2^32, then s_l is
- set to SEQ and ROC is set to v.
-
- After a re-keying occurs (changing to a new master key), the rollover
- counter always maintains its sequence of values, i.e., it MUST NOT be
- reset to zero.
-
- As the rollover counter is 32 bits long and the sequence number is 16
- bits long, the maximum number of packets belonging to a given SRTP
- stream that can be secured with the same key is 2^48 using the pre-
- defined transforms. After that number of SRTP packets have been sent
- with a given (master or session) key, the sender MUST NOT send any
- more packets with that key. (There exists a similar limit for SRTCP,
- which in practice may be more restrictive, see Section 9.2.) This
- limitation enforces a security benefit by providing an upper bound on
- the amount of traffic that can pass before cryptographic keys are
- changed. Re-keying (see Section 8.1) MUST be triggered, before this
- amount of traffic, and MAY be triggered earlier, e.g., for increased
- security and access control to media. Recurring key derivation by
- means of a non-zero key_derivation_rate (see Section 4.3), also gives
- stronger security but does not change the above absolute maximum
- value.
-
- On the receiver side, there is a caveat to updating s_l and ROC: if
- message authentication is not present, neither the initialization of
- s_l, nor the ROC update can be made completely robust. The
- receiver's "implicit index" approach works for the pre-defined
- transforms as long as the reorder and loss of the packets are not too
- great and bit-errors do not occur in unfortunate ways. In
- particular, 2^15 packets would need to be lost, or a packet would
- need to be 2^15 packets out of sequence before synchronization is
- lost. Such drastic loss or reorder is likely to disrupt the RTP
- application itself.
-
- The algorithm for the index estimate and ROC update is a matter of
- implementation, and should take into consideration the environment
- (e.g., packet loss rate) and the cases when synchronization is likely
- to be lost, e.g., when the initial sequence number (randomly chosen
- by RTP) is not known in advance (not sent in the key management
- protocol) but may be near to wrap modulo 2^16.
-
-
-
-
-
-
-Baugher, et al. Standards Track [Page 14]
-
-RFC 3711 SRTP March 2004
-
-
- A more elaborate and more robust scheme than the one given above is
- the handling of RTP's own "rollover counter", see Appendix A.1 of
- [RFC3550].
-
-3.3.2. Replay Protection
-
- Secure replay protection is only possible when integrity protection
- is present. It is RECOMMENDED to use replay protection, both for RTP
- and RTCP, as integrity protection alone cannot assure security
- against replay attacks.
-
- A packet is "replayed" when it is stored by an adversary, and then
- re-injected into the network. When message authentication is
- provided, SRTP protects against such attacks through a Replay List.
- Each SRTP receiver maintains a Replay List, which conceptually
- contains the indices of all of the packets which have been received
- and authenticated. In practice, the list can use a "sliding window"
- approach, so that a fixed amount of storage suffices for replay
- protection. Packet indices which lag behind the packet index in the
- context by more than SRTP-WINDOW-SIZE can be assumed to have been
- received, where SRTP-WINDOW-SIZE is a receiver-side, implementation-
- dependent parameter and MUST be at least 64, but which MAY be set to
- a higher value.
-
- The receiver checks the index of an incoming packet against the
- replay list and the window. Only packets with index ahead of the
- window, or, inside the window but not already received, SHALL be
- accepted.
-
- After the packet has been authenticated (if necessary the window is
- first moved ahead), the replay list SHALL be updated with the new
- index.
-
- The Replay List can be efficiently implemented by using a bitmap to
- represent which packets have been received, as described in the
- Security Architecture for IP [RFC2401].
-
-3.4. Secure RTCP
-
- Secure RTCP follows the definition of Secure RTP. SRTCP adds three
- mandatory new fields (the SRTCP index, an "encrypt-flag", and the
- authentication tag) and one optional field (the MKI) to the RTCP
- packet definition. The three mandatory fields MUST be appended to an
- RTCP packet in order to form an equivalent SRTCP packet. The added
- fields follow any other profile-specific extensions.
-
-
-
-
-
-
-Baugher, et al. Standards Track [Page 15]
-
-RFC 3711 SRTP March 2004
-
-
- According to Section 6.1 of [RFC3550], there is a REQUIRED packet
- format for compound packets. SRTCP MUST be given packets according
- to that requirement in the sense that the first part MUST be a sender
- report or a receiver report. However, the RTCP encryption prefix (a
- random 32-bit quantity) specified in that Section MUST NOT be used
- since, as is stated there, it is only applicable to the encryption
- method specified in [RFC3550] and is not needed by the cryptographic
- mechanisms used in SRTP.
-
- 0 1 2 3
- 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+<+
- |V=2|P| RC | PT=SR or RR | length | |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
- | SSRC of sender | |
- +>+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ |
- | ~ sender info ~ |
- | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
- | ~ report block 1 ~ |
- | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
- | ~ report block 2 ~ |
- | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
- | ~ ... ~ |
- | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
- | |V=2|P| SC | PT=SDES=202 | length | |
- | +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ |
- | | SSRC/CSRC_1 | |
- | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
- | ~ SDES items ~ |
- | +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ |
- | ~ ... ~ |
- +>+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ |
- | |E| SRTCP index | |
- | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+<+
- | ~ SRTCP MKI (OPTIONAL) ~ |
- | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
- | : authentication tag : |
- | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
- | |
- +-- Encrypted Portion Authenticated Portion -----+
-
-
- Figure 2. An example of the format of a Secure RTCP packet,
- consisting of an underlying RTCP compound packet with a Sender Report
- and SDES packet.
-
-
-
-
-
-
-Baugher, et al. Standards Track [Page 16]
-
-RFC 3711 SRTP March 2004
-
-
- The Encrypted Portion of an SRTCP packet consists of the encryption
- (Section 4.1) of the RTCP payload of the equivalent compound RTCP
- packet, from the first RTCP packet, i.e., from the ninth (9) octet to
- the end of the compound packet. The Authenticated Portion of an
- SRTCP packet consists of the entire equivalent (eventually compound)
- RTCP packet, the E flag, and the SRTCP index (after any encryption
- has been applied to the payload).
-
- The added fields are:
-
- E-flag: 1 bit, REQUIRED
- The E-flag indicates if the current SRTCP packet is
- encrypted or unencrypted. Section 9.1 of [RFC3550] allows
- the split of a compound RTCP packet into two lower-layer
- packets, one to be encrypted and one to be sent in the
- clear. The E bit set to "1" indicates encrypted packet, and
- "0" indicates non-encrypted packet.
-
- SRTCP index: 31 bits, REQUIRED
- The SRTCP index is a 31-bit counter for the SRTCP packet.
- The index is explicitly included in each packet, in contrast
- to the "implicit" index approach used for SRTP. The SRTCP
- index MUST be set to zero before the first SRTCP packet is
- sent, and MUST be incremented by one, modulo 2^31, after
- each SRTCP packet is sent. In particular, after a re-key,
- the SRTCP index MUST NOT be reset to zero again.
-
- Authentication Tag: configurable length, REQUIRED
- The authentication tag is used to carry message
- authentication data.
-
- MKI: configurable length, OPTIONAL
- The MKI is the Master Key Indicator, and functions according
- to the MKI definition in Section 3.
-
- SRTCP uses the cryptographic context parameters and packet processing
- of SRTP by default, with the following changes:
-
- * The receiver does not need to "estimate" the index, as it is
- explicitly signaled in the packet.
-
- * Pre-defined SRTCP encryption is as specified in Section 4.1, but
- using the definition of the SRTCP Encrypted Portion given in this
- section, and using the SRTCP index as the index i. The encryption
- transform and related parameters SHALL by default be the same
- selected for the protection of the associated SRTP stream(s),
- while the NULL algorithm SHALL be applied to the RTCP packets not
- to be encrypted. SRTCP may have a different encryption transform
-
-
-
-Baugher, et al. Standards Track [Page 17]
-
-RFC 3711 SRTP March 2004
-
-
- than the one used by the corresponding SRTP. The expected use for
- this feature is when the former has NULL-encryption and the latter
- has a non NULL-encryption.
-
- The E-flag is assigned a value by the sender depending on whether the
- packet was encrypted or not.
-
- * SRTCP decryption is performed as in Section 4, but only if the E
- flag is equal to 1. If so, the Encrypted Portion is decrypted,
- using the SRTCP index as the index i. In case the E-flag is 0,
- the payload is simply left unmodified.
-
- * SRTCP replay protection is as defined in Section 3.3.2, but using
- the SRTCP index as the index i and a separate Replay List that is
- specific to SRTCP.
-
- * The pre-defined SRTCP authentication tag is specified as in
- Section 4.2, but with the Authenticated Portion of the SRTCP
- packet given in this section (which includes the index). The
- authentication transform and related parameters (e.g., key size)
- SHALL by default be the same as selected for the protection of the
- associated SRTP stream(s).
-
- * In the last step of the processing, only the sender needs to
- update the value of the SRTCP index by incrementing it modulo 2^31
- and for security reasons the sender MUST also check the number of
- SRTCP packets processed, see Section 9.2.
-
- Message authentication for RTCP is REQUIRED, as it is the control
- protocol (e.g., it has a BYE packet) for RTP.
-
- Precautions must be taken so that the packet expansion in SRTCP (due
- to the added fields) does not cause SRTCP messages to use more than
- their share of RTCP bandwidth. To avoid this, the following two
- measures MUST be taken:
-
- 1. When initializing the RTCP variable "avg_rtcp_size" defined in
- chapter 6.3 of [RFC3550], it MUST include the size of the fields
- that will be added by SRTCP (index, E-bit, authentication tag, and
- when present, the MKI).
-
- 2. When updating the "avg_rtcp_size" using the variable "packet_size"
- (section 6.3.3 of [RFC3550]), the value of "packet_size" MUST
- include the size of the additional fields added by SRTCP.
-
-
-
-
-
-
-
-Baugher, et al. Standards Track [Page 18]
-
-RFC 3711 SRTP March 2004
-
-
- With these measures in place the SRTCP messages will not use more
- than the allotted bandwidth. The effect of the size of the added
- fields on the SRTCP traffic will be that messages will be sent with
- longer packet intervals. The increase in the intervals will be
- directly proportional to size of the added fields. For the pre-
- defined transforms, the size of the added fields will be at least 14
- octets, and upper bounded depending on MKI and the authentication tag
- sizes.
-
-4. Pre-Defined Cryptographic Transforms
-
- While there are numerous encryption and message authentication
- algorithms that can be used in SRTP, below we define default
- algorithms in order to avoid the complexity of specifying the
- encodings for the signaling of algorithm and parameter identifiers.
- The defined algorithms have been chosen as they fulfill the goals
- listed in Section 2. Recommendations on how to extend SRTP with new
- transforms are given in Section 6.
-
-4.1. Encryption
-
- The following parameters are common to both pre-defined, non-NULL,
- encryption transforms specified in this section.
-
- * BLOCK_CIPHER-MODE indicates the block cipher used and its mode of
- operation
- * n_b is the bit-size of the block for the block cipher
- * k_e is the session encryption key
- * n_e is the bit-length of k_e
- * k_s is the session salting key
- * n_s is the bit-length of k_s
- * SRTP_PREFIX_LENGTH is the octet length of the keystream prefix, a
- non-negative integer, specified by the message authentication code
- in use.
-
- The distinct session keys and salts for SRTP/SRTCP are by default
- derived as specified in Section 4.3.
-
- The encryption transforms defined in SRTP map the SRTP packet index
- and secret key into a pseudo-random keystream segment. Each
- keystream segment encrypts a single RTP packet. The process of
- encrypting a packet consists of generating the keystream segment
- corresponding to the packet, and then bitwise exclusive-oring that
- keystream segment onto the payload of the RTP packet to produce the
- Encrypted Portion of the SRTP packet. In case the payload size is
- not an integer multiple of n_b bits, the excess (least significant)
- bits of the keystream are simply discarded. Decryption is done the
- same way, but swapping the roles of the plaintext and ciphertext.
-
-
-
-Baugher, et al. Standards Track [Page 19]
-
-RFC 3711 SRTP March 2004
-
-
- +----+ +------------------+---------------------------------+
- | KG |-->| Keystream Prefix | Keystream Suffix |---+
- +----+ +------------------+---------------------------------+ |
- |
- +---------------------------------+ v
- | Payload of RTP Packet |->(*)
- +---------------------------------+ |
- |
- +---------------------------------+ |
- | Encrypted Portion of SRTP Packet|<--+
- +---------------------------------+
-
- Figure 3: Default SRTP Encryption Processing. Here KG denotes the
- keystream generator, and (*) denotes bitwise exclusive-or.
-
- The definition of how the keystream is generated, given the index,
- depends on the cipher and its mode of operation. Below, two such
- keystream generators are defined. The NULL cipher is also defined,
- to be used when encryption of RTP is not required.
-
- The SRTP definition of the keystream is illustrated in Figure 3. The
- initial octets of each keystream segment MAY be reserved for use in a
- message authentication code, in which case the keystream used for
- encryption starts immediately after the last reserved octet. The
- initial reserved octets are called the "keystream prefix" (not to be
- confused with the "encryption prefix" of [RFC3550, Section 6.1]), and
- the remaining octets are called the "keystream suffix". The
- keystream prefix MUST NOT be used for encryption. The process is
- illustrated in Figure 3.
-
- The number of octets in the keystream prefix is denoted as
- SRTP_PREFIX_LENGTH. The keystream prefix is indicated by a positive,
- non-zero value of SRTP_PREFIX_LENGTH. This means that, even if
- confidentiality is not to be provided, the keystream generator output
- may still need to be computed for packet authentication, in which
- case the default keystream generator (mode) SHALL be used.
-
- The default cipher is the Advanced Encryption Standard (AES) [AES],
- and we define two modes of running AES, (1) Segmented Integer Counter
- Mode AES and (2) AES in f8-mode. In the remainder of this section,
- let E(k,x) be AES applied to key k and input block x.
-
-
-
-
-
-
-
-
-
-
-Baugher, et al. Standards Track [Page 20]
-
-RFC 3711 SRTP March 2004
-
-
-4.1.1. AES in Counter Mode
-
- Conceptually, counter mode [AES-CTR] consists of encrypting
- successive integers. The actual definition is somewhat more
- complicated, in order to randomize the starting point of the integer
- sequence. Each packet is encrypted with a distinct keystream
- segment, which SHALL be computed as follows.
-
- A keystream segment SHALL be the concatenation of the 128-bit output
- blocks of the AES cipher in the encrypt direction, using key k = k_e,
- in which the block indices are in increasing order. Symbolically,
- each keystream segment looks like
-
- E(k, IV) || E(k, IV + 1 mod 2^128) || E(k, IV + 2 mod 2^128) ...
-
- where the 128-bit integer value IV SHALL be defined by the SSRC, the
- SRTP packet index i, and the SRTP session salting key k_s, as below.
-
- IV = (k_s * 2^16) XOR (SSRC * 2^64) XOR (i * 2^16)
-
- Each of the three terms in the XOR-sum above is padded with as many
- leading zeros as needed to make the operation well-defined,
- considered as a 128-bit value.
-
- The inclusion of the SSRC allows the use of the same key to protect
- distinct SRTP streams within the same RTP session, see the security
- caveats in Section 9.1.
-
- In the case of SRTCP, the SSRC of the first header of the compound
- packet MUST be used, i SHALL be the 31-bit SRTCP index and k_e, k_s
- SHALL be replaced by the SRTCP encryption session key and salt.
-
- Note that the initial value, IV, is fixed for each packet and is
- formed by "reserving" 16 zeros in the least significant bits for the
- purpose of the counter. The number of blocks of keystream generated
- for any fixed value of IV MUST NOT exceed 2^16 to avoid keystream
- re-use, see below. The AES has a block size of 128 bits, so 2^16
- output blocks are sufficient to generate the 2^23 bits of keystream
- needed to encrypt the largest possible RTP packet (except for IPv6
- "jumbograms" [RFC2675], which are not likely to be used for RTP-based
- multimedia traffic). This restriction on the maximum bit-size of the
- packet that can be encrypted ensures the security of the encryption
- method by limiting the effectiveness of probabilistic attacks [BDJR].
-
- For a particular Counter Mode key, each IV value used as an input
- MUST be distinct, in order to avoid the security exposure of a two-
- time pad situation (Section 9.1). To satisfy this constraint, an
- implementation MUST ensure that the combination of the SRTP packet
-
-
-
-Baugher, et al. Standards Track [Page 21]
-
-RFC 3711 SRTP March 2004
-
-
- index of ROC || SEQ, and the SSRC used in the construction of the IV
- are distinct for any particular key. The failure to ensure this
- uniqueness could be catastrophic for Secure RTP. This is in contrast
- to the situation for RTP itself, which may be able to tolerate such
- failures. It is RECOMMENDED that, if a dedicated security module is
- present, the RTP sequence numbers and SSRC either be generated or
- checked by that module (i.e., sequence-number and SSRC processing in
- an SRTP system needs to be protected as well as the key).
-
-4.1.2. AES in f8-mode
-
- To encrypt UMTS (Universal Mobile Telecommunications System, as 3G
- networks) data, a solution (see [f8-a] [f8-b]) known as the f8-
- algorithm has been developed. On a high level, the proposed scheme
- is a variant of Output Feedback Mode (OFB) [HAC], with a more
- elaborate initialization and feedback function. As in normal OFB,
- the core consists of a block cipher. We also define here the use of
- AES as a block cipher to be used in what we shall call "f8-mode of
- operation" RTP encryption. The AES f8-mode SHALL use the same
- default sizes for session key and salt as AES counter mode.
-
- Figure 4 shows the structure of block cipher, E, running in f8-mode.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Baugher, et al. Standards Track [Page 22]
-
-RFC 3711 SRTP March 2004
-
-
- IV
- |
- v
- +------+
- | |
- +--->| E |
- | +------+
- | |
- m -> (*) +-----------+-------------+-- ... ------+
- | IV' | | | |
- | | j=1 -> (*) j=2 -> (*) ... j=L-1 ->(*)
- | | | | |
- | | +-> (*) +-> (*) ... +-> (*)
- | | | | | | | |
- | v | v | v | v
- | +------+ | +------+ | +------+ | +------+
- k_e ---+--->| E | | | E | | | E | | | E |
- | | | | | | | | | | |
- +------+ | +------+ | +------+ | +------+
- | | | | | | |
- +------+ +--------+ +-- ... ----+ |
- | | | |
- v v v v
- S(0) S(1) S(2) . . . S(L-1)
-
- Figure 4. f8-mode of operation (asterisk, (*), denotes bitwise XOR).
- The figure represents the KG in Figure 3, when AES-f8 is used.
-
-4.1.2.1. f8 Keystream Generation
-
- The Initialization Vector (IV) SHALL be determined as described in
- Section 4.1.2.2 (and in Section 4.1.2.3 for SRTCP).
-
- Let IV', S(j), and m denote n_b-bit blocks. The keystream,
- S(0) ||... || S(L-1), for an N-bit message SHALL be defined by
- setting IV' = E(k_e XOR m, IV), and S(-1) = 00..0. For
- j = 0,1,..,L-1 where L = N/n_b (rounded up to nearest integer if it
- is not already an integer) compute
-
- S(j) = E(k_e, IV' XOR j XOR S(j-1))
-
- Notice that the IV is not used directly. Instead it is fed through E
- under another key to produce an internal, "masked" value (denoted
- IV') to prevent an attacker from gaining known input/output pairs.
-
-
-
-
-
-
-
-Baugher, et al. Standards Track [Page 23]
-
-RFC 3711 SRTP March 2004
-
-
- The role of the internal counter, j, is to prevent short keystream
- cycles. The value of the key mask m SHALL be
-
- m = k_s || 0x555..5,
-
- i.e., the session salting key, appended by the binary pattern 0101..
- to fill out the entire desired key size, n_e.
-
- The sender SHOULD NOT generate more than 2^32 blocks, which is
- sufficient to generate 2^39 bits of keystream. Unlike counter mode,
- there is no absolute threshold above (below) which f8 is guaranteed
- to be insecure (secure). The above bound has been chosen to limit,
- with sufficient security margin, the probability of degenerative
- behavior in the f8 keystream generation.
-
-4.1.2.2. f8 SRTP IV Formation
-
- The purpose of the following IV formation is to provide a feature
- which we call implicit header authentication (IHA), see Section 9.5.
-
- The SRTP IV for 128-bit block AES-f8 SHALL be formed in the following
- way:
-
- IV = 0x00 || M || PT || SEQ || TS || SSRC || ROC
-
- M, PT, SEQ, TS, SSRC SHALL be taken from the RTP header; ROC is from
- the cryptographic context.
-
- The presence of the SSRC as part of the IV allows AES-f8 to be used
- when a master key is shared between multiple streams within the same
- RTP session, see Section 9.1.
-
-4.1.2.3. f8 SRTCP IV Formation
-
- The SRTCP IV for 128-bit block AES-f8 SHALL be formed in the
- following way:
-
- IV= 0..0 || E || SRTCP index || V || P || RC || PT || length || SSRC
-
- where V, P, RC, PT, length, SSRC SHALL be taken from the first header
- in the RTCP compound packet. E and SRTCP index are the 1-bit and
- 31-bit fields added to the packet.
-
-
-
-
-
-
-
-
-
-Baugher, et al. Standards Track [Page 24]
-
-RFC 3711 SRTP March 2004
-
-
-4.1.3. NULL Cipher
-
- The NULL cipher is used when no confidentiality for RTP/RTCP is
- requested. The keystream can be thought of as "000..0", i.e., the
- encryption SHALL simply copy the plaintext input into the ciphertext
- output.
-
-4.2. Message Authentication and Integrity
-
- Throughout this section, M will denote data to be integrity
- protected. In the case of SRTP, M SHALL consist of the Authenticated
- Portion of the packet (as specified in Figure 1) concatenated with
- the ROC, M = Authenticated Portion || ROC; in the case of SRTCP, M
- SHALL consist of the Authenticated Portion (as specified in Figure 2)
- only.
-
- Common parameters:
-
- * AUTH_ALG is the authentication algorithm
- * k_a is the session message authentication key
- * n_a is the bit-length of the authentication key
- * n_tag is the bit-length of the output authentication tag
- * SRTP_PREFIX_LENGTH is the octet length of the keystream prefix as
- defined above, a parameter of AUTH_ALG
-
- The distinct session authentication keys for SRTP/SRTCP are by
- default derived as specified in Section 4.3.
-
- The values of n_a, n_tag, and SRTP_PREFIX_LENGTH MUST be fixed for
- any particular fixed value of the key.
-
- We describe the process of computing authentication tags as follows.
- The sender computes the tag of M and appends it to the packet. The
- SRTP receiver verifies a message/authentication tag pair by computing
- a new authentication tag over M using the selected algorithm and key,
- and then compares it to the tag associated with the received message.
- If the two tags are equal, then the message/tag pair is valid;
- otherwise, it is invalid and the error audit message "AUTHENTICATION
- FAILURE" MUST be returned.
-
-4.2.1. HMAC-SHA1
-
- The pre-defined authentication transform for SRTP is HMAC-SHA1
- [RFC2104]. With HMAC-SHA1, the SRTP_PREFIX_LENGTH (Figure 3) SHALL
- be 0. For SRTP (respectively SRTCP), the HMAC SHALL be applied to
- the session authentication key and M as specified above, i.e.,
- HMAC(k_a, M). The HMAC output SHALL then be truncated to the n_tag
- left-most bits.
-
-
-
-Baugher, et al. Standards Track [Page 25]
-
-RFC 3711 SRTP March 2004
-
-
-4.3. Key Derivation
-
-4.3.1. Key Derivation Algorithm
-
- Regardless of the encryption or message authentication transform that
- is employed (it may be an SRTP pre-defined transform or newly
- introduced according to Section 6), interoperable SRTP
- implementations MUST use the SRTP key derivation to generate session
- keys. Once the key derivation rate is properly signaled at the start
- of the session, there is no need for extra communication between the
- parties that use SRTP key derivation.
-
- packet index ---+
- |
- v
- +-----------+ master +--------+ session encr_key
- | ext | key | |---------->
- | key mgmt |-------->| key | session auth_key
- | (optional | | deriv |---------->
- | rekey) |-------->| | session salt_key
- | | master | |---------->
- +-----------+ salt +--------+
-
- Figure 5: SRTP key derivation.
-
- At least one initial key derivation SHALL be performed by SRTP, i.e.,
- the first key derivation is REQUIRED. Further applications of the
- key derivation MAY be performed, according to the
- "key_derivation_rate" value in the cryptographic context. The key
- derivation function SHALL initially be invoked before the first
- packet and then, when r > 0, a key derivation is performed whenever
- index mod r equals zero. This can be thought of as "refreshing" the
- session keys. The value of "key_derivation_rate" MUST be kept fixed
- for the lifetime of the associated master key.
-
- Interoperable SRTP implementations MAY also derive session salting
- keys for encryption transforms, as is done in both of the pre-
- defined transforms.
-
- Let m and n be positive integers. A pseudo-random function family is
- a set of keyed functions {PRF_n(k,x)} such that for the (secret)
- random key k, given m-bit x, PRF_n(k,x) is an n-bit string,
- computationally indistinguishable from random n-bit strings, see
- [HAC]. For the purpose of key derivation in SRTP, a secure PRF with
- m = 128 (or more) MUST be used, and a default PRF transform is
- defined in Section 4.3.3.
-
-
-
-
-
-Baugher, et al. Standards Track [Page 26]
-
-RFC 3711 SRTP March 2004
-
-
- Let "a DIV t" denote integer division of a by t, rounded down, and
- with the convention that "a DIV 0 = 0" for all a. We also make the
- convention of treating "a DIV t" as a bit string of the same length
- as a, and thus "a DIV t" will in general have leading zeros.
-
- Key derivation SHALL be defined as follows in terms of <label>, an
- 8-bit constant (see below), master_salt and key_derivation_rate, as
- determined in the cryptographic context, and index, the packet index
- (i.e., the 48-bit ROC || SEQ for SRTP):
-
- * Let r = index DIV key_derivation_rate (with DIV as defined above).
-
- * Let key_id = <label> || r.
-
- * Let x = key_id XOR master_salt, where key_id and master_salt are
- aligned so that their least significant bits agree (right-
- alignment).
-
- <label> MUST be unique for each type of key to be derived. We
- currently define <label> 0x00 to 0x05 (see below), and future
- extensions MAY specify new values in the range 0x06 to 0xff for other
- purposes. The n-bit SRTP key (or salt) for this packet SHALL then be
- derived from the master key, k_master as follows:
-
- PRF_n(k_master, x).
-
- (The PRF may internally specify additional formatting and padding of
- x, see e.g., Section 4.3.3 for the default PRF.)
-
- The session keys and salt SHALL now be derived using:
-
- - k_e (SRTP encryption): <label> = 0x00, n = n_e.
-
- - k_a (SRTP message authentication): <label> = 0x01, n = n_a.
-
- - k_s (SRTP salting key): <label> = 0x02, n = n_s.
-
- where n_e, n_s, and n_a are from the cryptographic context.
-
- The master key and master salt MUST be random, but the master salt
- MAY be public.
-
- Note that for a key_derivation_rate of 0, the application of the key
- derivation SHALL take place exactly once.
-
- The definition of DIV above is purely for notational convenience.
- For a non-zero t among the set of allowed key derivation rates, "a
- DIV t" can be implemented as a right-shift by the base-2 logarithm of
-
-
-
-Baugher, et al. Standards Track [Page 27]
-
-RFC 3711 SRTP March 2004
-
-
- t. The derivation operation is further facilitated if the rates are
- chosen to be powers of 256, but that granularity was considered too
- coarse to be a requirement of this specification.
-
- The upper limit on the number of packets that can be secured using
- the same master key (see Section 9.2) is independent of the key
- derivation.
-
-4.3.2. SRTCP Key Derivation
-
- SRTCP SHALL by default use the same master key (and master salt) as
- SRTP. To do this securely, the following changes SHALL be done to
- the definitions in Section 4.3.1 when applying session key derivation
- for SRTCP.
-
- Replace the SRTP index by the 32-bit quantity: 0 || SRTCP index
- (i.e., excluding the E-bit, replacing it with a fixed 0-bit), and use
- <label> = 0x03 for the SRTCP encryption key, <label> = 0x04 for the
- SRTCP authentication key, and, <label> = 0x05 for the SRTCP salting
- key.
-
-4.3.3. AES-CM PRF
-
- The currently defined PRF, keyed by 128, 192, or 256 bit master key,
- has input block size m = 128 and can produce n-bit outputs for n up
- to 2^23. PRF_n(k_master,x) SHALL be AES in Counter Mode as described
- in Section 4.1.1, applied to key k_master, and IV equal to (x*2^16),
- and with the output keystream truncated to the n first (left-most)
- bits. (Requiring n/128, rounded up, applications of AES.)
-
-5. Default and mandatory-to-implement Transforms
-
- The default transforms also are mandatory-to-implement transforms in
- SRTP. Of course, "mandatory-to-implement" does not imply
- "mandatory-to-use". Table 1 summarizes the pre-defined transforms.
- The default values below are valid for the pre-defined transforms.
-
- mandatory-to-impl. optional default
-
- encryption AES-CM, NULL AES-f8 AES-CM
- message integrity HMAC-SHA1 - HMAC-SHA1
- key derivation (PRF) AES-CM - AES-CM
-
- Table 1: Mandatory-to-implement, optional and default transforms in
- SRTP and SRTCP.
-
-
-
-
-
-
-Baugher, et al. Standards Track [Page 28]
-
-RFC 3711 SRTP March 2004
-
-
-5.1. Encryption: AES-CM and NULL
-
- AES running in Segmented Integer Counter Mode, as defined in Section
- 4.1.1, SHALL be the default encryption algorithm. The default key
- lengths SHALL be 128-bit for the session encryption key (n_e). The
- default session salt key-length (n_s) SHALL be 112 bits.
-
- The NULL cipher SHALL also be mandatory-to-implement.
-
-5.2. Message Authentication/Integrity: HMAC-SHA1
-
- HMAC-SHA1, as defined in Section 4.2.1, SHALL be the default message
- authentication code. The default session authentication key-length
- (n_a) SHALL be 160 bits, the default authentication tag length
- (n_tag) SHALL be 80 bits, and the SRTP_PREFIX_LENGTH SHALL be zero
- for HMAC-SHA1. In addition, for SRTCP, the pre-defined HMAC-SHA1
- MUST NOT be applied with a value of n_tag, nor n_a, that are smaller
- than these defaults. For SRTP, smaller values are NOT RECOMMENDED,
- but MAY be used after careful consideration of the issues in Section
- 7.5 and 9.5.
-
-5.3. Key Derivation: AES-CM PRF
-
- The AES Counter Mode based key derivation and PRF defined in Sections
- 4.3.1 to 4.3.3, using a 128-bit master key, SHALL be the default
- method for generating session keys. The default master salt length
- SHALL be 112 bits and the default key-derivation rate SHALL be zero.
-
-6. Adding SRTP Transforms
-
- Section 4 provides examples of the level of detail needed for
- defining transforms. Whenever a new transform is to be added to
- SRTP, a companion standard track RFC MUST be written to exactly
- define how the new transform can be used with SRTP (and SRTCP). Such
- a companion RFC SHOULD avoid overlap with the SRTP protocol document.
- Note however, that it MAY be necessary to extend the SRTP or SRTCP
- cryptographic context definition with new parameters (including fixed
- or default values), add steps to the packet processing, or even add
- fields to the SRTP/SRTCP packets. The companion RFC SHALL explain
- any known issues regarding interactions between the transform and
- other aspects of SRTP.
-
- Each new transform document SHOULD specify its key attributes, e.g.,
- size of keys (minimum, maximum, recommended), format of keys,
- recommended/required processing of input keying material,
- requirements/recommendations on key lifetime, re-keying and key
- derivation, whether sharing of keys between SRTP and SRTCP is allowed
- or not, etc.
-
-
-
-Baugher, et al. Standards Track [Page 29]
-
-RFC 3711 SRTP March 2004
-
-
- An added message integrity transform SHOULD define a minimum
- acceptable key/tag size for SRTCP, equivalent in strength to the
- minimum values as defined in Section 5.2.
-
-7. Rationale
-
- This section explains the rationale behind several important features
- of SRTP.
-
-7.1. Key derivation
-
- Key derivation reduces the burden on the key establishment. As many
- as six different keys are needed per crypto context (SRTP and SRTCP
- encryption keys and salts, SRTP and SRTCP authentication keys), but
- these are derived from a single master key in a cryptographically
- secure way. Thus, the key management protocol needs to exchange only
- one master key (plus master salt when required), and then SRTP itself
- derives all the necessary session keys (via the first, mandatory
- application of the key derivation function).
-
- Multiple applications of the key derivation function are optional,
- but will give security benefits when enabled. They prevent an
- attacker from obtaining large amounts of ciphertext produced by a
- single fixed session key. If the attacker was able to collect a
- large amount of ciphertext for a certain session key, he might be
- helped in mounting certain attacks.
-
- Multiple applications of the key derivation function provide
- backwards and forward security in the sense that a compromised
- session key does not compromise other session keys derived from the
- same master key. This means that the attacker who is able to recover
- a certain session key, is anyway not able to have access to messages
- secured under previous and later session keys (derived from the same
- master key). (Note that, of course, a leaked master key reveals all
- the session keys derived from it.)
-
- Considerations arise with high-rate key refresh, especially in large
- multicast settings, see Section 11.
-
-7.2. Salting key
-
- The master salt guarantees security against off-line key-collision
- attacks on the key derivation that might otherwise reduce the
- effective key size [MF00].
-
-
-
-
-
-
-
-Baugher, et al. Standards Track [Page 30]
-
-RFC 3711 SRTP March 2004
-
-
- The derived session salting key used in the encryption, has been
- introduced to protect against some attacks on additive stream
- ciphers, see Section 9.2. The explicit inclusion method of the salt
- in the IV has been selected for ease of hardware implementation.
-
-7.3. Message Integrity from Universal Hashing
-
- The particular definition of the keystream given in Section 4.1 (the
- keystream prefix) is to give provision for particular universal hash
- functions, suitable for message authentication in the Wegman-Carter
- paradigm [WC81]. Such functions are provably secure, simple, quick,
- and especially appropriate for Digital Signal Processors and other
- processors with a fast multiply operation.
-
- No authentication transforms are currently provided in SRTP other
- than HMAC-SHA1. Future transforms, like the above mentioned
- universal hash functions, MAY be added following the guidelines in
- Section 6.
-
-7.4. Data Origin Authentication Considerations
-
- Note that in pair-wise communications, integrity and data origin
- authentication are provided together. However, in group scenarios
- where the keys are shared between members, the MAC tag only proves
- that a member of the group sent the packet, but does not prevent
- against a member impersonating another. Data origin authentication
- (DOA) for multicast and group RTP sessions is a hard problem that
- needs a solution; while some promising proposals are being
- investigated [PCST1] [PCST2], more work is needed to rigorously
- specify these technologies. Thus SRTP data origin authentication in
- groups is for further study.
-
- DOA can be done otherwise using signatures. However, this has high
- impact in terms of bandwidth and processing time, therefore we do not
- offer this form of authentication in the pre-defined packet-integrity
- transform.
-
- The presence of mixers and translators does not allow data origin
- authentication in case the RTP payload and/or the RTP header are
- manipulated. Note that these types of middle entities also disrupt
- end-to-end confidentiality (as the IV formation depends e.g., on the
- RTP header preservation). A certain trust model may choose to trust
- the mixers/translators to decrypt/re-encrypt the media (this would
- imply breaking the end-to-end security, with related security
- implications).
-
-
-
-
-
-
-Baugher, et al. Standards Track [Page 31]
-
-RFC 3711 SRTP March 2004
-
-
-7.5. Short and Zero-length Message Authentication
-
- As shown in Figure 1, the authentication tag is RECOMMENDED in SRTP.
- A full 80-bit authentication-tag SHOULD be used, but a shorter tag or
- even a zero-length tag (i.e., no message authentication) MAY be used
- under certain conditions to support either of the following two
- application environments.
-
- 1. Strong authentication can be impractical in environments where
- bandwidth preservation is imperative. An important special
- case is wireless communication systems, in which bandwidth is a
- scarce and expensive resource. Studies have shown that for
- certain applications and link technologies, additional bytes
- may result in a significant decrease in spectrum efficiency
- [SWO]. Considerable effort has been made to design IP header
- compression techniques to improve spectrum efficiency
- [RFC3095]. A typical voice application produces 20 byte
- samples, and the RTP, UDP and IP headers need to be jointly
- compressed to one or two bytes on average in order to obtain
- acceptable wireless bandwidth economy [RFC3095]. In this case,
- strong authentication would impose nearly fifty percent
- overhead.
-
- 2. Authentication is impractical for applications that use data
- links with fixed-width fields that cannot accommodate the
- expansion due to the authentication tag. This is the case for
- some important existing wireless channels. For example, zero-
- byte header compression is used to adapt EVRC/SMV voice with
- the legacy IS-95 bearer channel in CDMA2000 VoIP services. It
- was found that not a single additional octet could be added to
- the data, which motivated the creation of a zero-byte profile
- for ROHC [RFC3242].
-
- A short tag is secure for a restricted set of applications. Consider
- a voice telephony application, for example, such as a G.729 audio
- codec with a 20-millisecond packetization interval, protected by a
- 32-bit message authentication tag. The likelihood of any given
- packet being successfully forged is only one in 2^32. Thus an
- adversary can control no more than 20 milliseconds of audio output
- during a 994-day period, on average. In contrast, the effect of a
- single forged packet can be much larger if the application is
- stateful. A codec that uses relative or predictive compression
- across packets will propagate the maliciously generated state,
- affecting a longer duration of output.
-
-
-
-
-
-
-
-Baugher, et al. Standards Track [Page 32]
-
-RFC 3711 SRTP March 2004
-
-
- Certainly not all SRTP or telephony applications meet the criteria
- for short or zero-length authentication tags. Section 9.5.1
- discusses the risks of weak or no message authentication, and section
- 9.5 describes the circumstances when it is acceptable and when it is
- unacceptable.
-
-8. Key Management Considerations
-
- There are emerging key management standards [MIKEY] [KEYMGT] [SDMS]
- for establishing an SRTP cryptographic context (e.g., an SRTP master
- key). Both proprietary and open-standard key management methods are
- likely to be used for telephony applications [MIKEY] [KINK] and
- multicast applications [GDOI]. This section provides guidance for
- key management systems that service SRTP session.
-
- For initialization, an interoperable SRTP implementation SHOULD be
- given the SSRC and MAY be given the initial RTP sequence number for
- the RTP stream by key management (thus, key management has a
- dependency on RTP operational parameters). Sending the RTP sequence
- number in the key management may be useful e.g., when the initial
- sequence number is close to wrapping (to avoid synchronization
- problems), and to communicate the current sequence number to a
- joining endpoint (to properly initialize its replay list).
-
- If the pre-defined transforms are used, SRTP allows sharing of the
- same master key between SRTP/SRTCP streams belonging to the same RTP
- session.
-
- First, sharing between SRTP streams belonging to the same RTP session
- is secure if the design of the synchronization mechanism, i.e., the
- IV, avoids keystream re-use (the two-time pad, Section 9.1). This is
- taken care of by the fact that RTP provides for unique SSRCs for
- streams belonging to the same RTP session. See Section 9.1 for
- further discussion.
-
- Second, sharing between SRTP and the corresponding SRTCP is secure.
- The fact that an SRTP stream and its associated SRTCP stream both
- carry the same SSRC does not constitute a problem for the two-time
- pad due to the key derivation. Thus, SRTP and SRTCP corresponding to
- one RTP session MAY share master keys (as they do by default).
-
- Note that message authentication also has a dependency on SSRC
- uniqueness that is unrelated to the problem of keystream reuse: SRTP
- streams authenticated under the same key MUST have a distinct SSRC in
- order to identify the sender of the message. This requirement is
- needed because the SSRC is the cryptographically authenticated field
-
-
-
-
-
-Baugher, et al. Standards Track [Page 33]
-
-RFC 3711 SRTP March 2004
-
-
- used to distinguish between different SRTP streams. Were two streams
- to use identical SSRC values, then an adversary could substitute
- messages from one stream into the other without detection.
-
- SRTP/SRTCP MUST NOT share master keys under any other circumstances
- than the ones given above, i.e., between SRTP and its corresponding
- SRTCP, and, between streams belonging to the same RTP session.
-
-8.1. Re-keying
-
- The recommended way for a particular key management system to provide
- re-key within SRTP is by associating a master key in a crypto context
- with an MKI.
-
- This provides for easy master key retrieval (see Scenarios in Section
- 11), but has the disadvantage of adding extra bits to each packet.
- As noted in Section 7.5, some wireless links do not cater for added
- bits, therefore SRTP also defines a more economic way of triggering
- re-keying, via use of <From, To>, which works in some specific,
- simple scenarios (see Section 8.1.1).
-
- SRTP senders SHALL count the amount of SRTP and SRTCP traffic being
- used for a master key and invoke key management to re-key if needed
- (Section 9.2). These interactions are defined by the key management
- interface to SRTP and are not defined by this protocol specification.
-
-8.1.1. Use of the <From, To> for re-keying
-
- In addition to the use of the MKI, SRTP defines another optional
- mechanism for master key retrieval, the <From, To>. The <From, To>
- specifies the range of SRTP indices (a pair of sequence number and
- ROC) within which a certain master key is valid, and is (when used)
- part of the crypto context. By looking at the 48-bit SRTP index of
- the current SRTP packet, the corresponding master key can be found by
- determining which From-To interval it belongs to. For SRTCP, the
- most recently observed/used SRTP index (which can be obtained from
- the cryptographic context) is used for this purpose, even though
- SRTCP has its own (31-bit) index (see caveat below).
-
- This method, compared to the MKI, has the advantage of identifying
- the master key and defining its lifetime without adding extra bits to
- each packet. This could be useful, as already noted, for some
- wireless links that do not cater for added bits. However, its use
- SHOULD be limited to specific, very simple scenarios. We recommend
- to limit its use when the RTP session is a simple unidirectional or
- bi-directional stream. This is because in case of multiple streams,
- it is difficult to trigger the re-key based on the <From, To> of a
- single RTP stream. For example, if several streams share a master
-
-
-
-Baugher, et al. Standards Track [Page 34]
-
-RFC 3711 SRTP March 2004
-
-
- key, there is no simple one-to-one correspondence between the index
- sequence space of a certain stream, and the index sequence space on
- which the <From, To> values are based. Consequently, when a master
- key is shared between streams, one of these streams MUST be
- designated by key management as the one whose index space defines the
- re-keying points. Also, the re-key triggering on SRTCP is based on
- the correspondent SRTP stream, i.e., when the SRTP stream changes the
- master key, so does the correspondent SRTCP. This becomes obviously
- more and more complex with multiple streams.
-
- The default values for the <From, To> are "from the first observed
- packet" and "until further notice". However, the maximum limit of
- SRTP/SRTCP packets that are sent under each given master/session key
- (Section 9.2) MUST NOT be exceeded.
-
- In case the <From, To> is used as key retrieval, then the MKI is not
- inserted in the packet (and its indicator in the crypto context is
- zero). However, using the MKI does not exclude using <From, To> key
- lifetime simultaneously. This can for instance be useful to signal
- at the sender side at which point in time an MKI is to be made
- active.
-
-8.2. Key Management parameters
-
- The table below lists all SRTP parameters that key management can
- supply. For reference, it also provides a summary of the default and
- mandatory-to-support values for an SRTP implementation as described
- in Section 5.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Baugher, et al. Standards Track [Page 35]
-
-RFC 3711 SRTP March 2004
-
-
- Parameter Mandatory-to-support Default
- --------- -------------------- -------
-
- SRTP and SRTCP encr transf. AES_CM, NULL AES_CM
- (Other possible values: AES_f8)
-
- SRTP and SRTCP auth transf. HMAC-SHA1 HMAC-SHA1
-
- SRTP and SRTCP auth params:
- n_tag (tag length) 80 80
- SRTP prefix_length 0 0
-
- Key derivation PRF AES_CM AES_CM
-
- Key material params
- (for each master key):
- master key length 128 128
- n_e (encr session key length) 128 128
- n_a (auth session key length) 160 160
- master salt key
- length of the master salt 112 112
- n_s (session salt key length) 112 112
- key derivation rate 0 0
-
- key lifetime
- SRTP-packets-max-lifetime 2^48 2^48
- SRTCP-packets-max-lifetime 2^31 2^31
- from-to-lifetime <From, To>
- MKI indicator 0 0
- length of the MKI 0 0
- value of the MKI
-
- Crypto context index params:
- SSRC value
- ROC
- SEQ
- SRTCP Index
- Transport address
- Port number
-
- Relation to other RTP profiles:
- sender's order between FEC and SRTP FEC-SRTP FEC-SRTP
- (see Section 10)
-
-
-
-
-
-
-
-
-Baugher, et al. Standards Track [Page 36]
-
-RFC 3711 SRTP March 2004
-
-
-9. Security Considerations
-
-9.1. SSRC collision and two-time pad
-
- Any fixed keystream output, generated from the same key and index
- MUST only be used to encrypt once. Re-using such keystream (jokingly
- called a "two-time pad" system by cryptographers), can seriously
- compromise security. The NSA's VENONA project [C99] provides a
- historical example of such a compromise. It is REQUIRED that
- automatic key management be used for establishing and maintaining
- SRTP and SRTCP keying material; this requirement is to avoid
- keystream reuse, which is more likely to occur with manual key
- management. Furthermore, in SRTP, a "two-time pad" is avoided by
- requiring the key, or some other parameter of cryptographic
- significance, to be unique per RTP/RTCP stream and packet. The pre-
- defined SRTP transforms accomplish packet-uniqueness by including the
- packet index and stream-uniqueness by inclusion of the SSRC.
-
- The pre-defined transforms (AES-CM and AES-f8) allow master keys to
- be shared across streams belonging to the same RTP session by the
- inclusion of the SSRC in the IV. A master key MUST NOT be shared
- among different RTP sessions.
-
- Thus, the SSRC MUST be unique between all the RTP streams within the
- same RTP session that share the same master key. RTP itself provides
- an algorithm for detecting SSRC collisions within the same RTP
- session. Thus, temporary collisions could lead to temporary two-time
- pad, in the unfortunate event that SSRCs collide at a point in time
- when the streams also have identical sequence numbers (occurring with
- probability roughly 2^(-48)). Therefore, the key management SHOULD
- take care of avoiding such SSRC collisions by including the SSRCs to
- be used in the session as negotiation parameters, proactively
- assuring their uniqueness. This is a strong requirements in
- scenarios where for example, there are multiple senders that can
- start to transmit simultaneously, before SSRC collision are detected
- at the RTP level.
-
- Note also that even with distinct SSRCs, extensive use of the same
- key might improve chances of probabilistic collision and time-
- memory-tradeoff attacks succeeding.
-
- As described, master keys MAY be shared between streams belonging to
- the same RTP session, but it is RECOMMENDED that each SSRC have its
- own master key. When master keys are shared among SSRC participants
- and SSRCs are managed by a key management module as recommended
- above, the RECOMMENDED policy for an SSRC collision error is for the
- participant to leave the SRTP session as it is a sign of malfunction.
-
-
-
-
-Baugher, et al. Standards Track [Page 37]
-
-RFC 3711 SRTP March 2004
-
-
-9.2. Key Usage
-
- The effective key size is determined (upper bounded) by the size of
- the master key and, for encryption, the size of the salting key. Any
- additive stream cipher is vulnerable to attacks that use statistical
- knowledge about the plaintext source to enable key collision and
- time-memory tradeoff attacks [MF00] [H80] [BS00]. These attacks take
- advantage of commonalities among plaintexts, and provide a way for a
- cryptanalyst to amortize the computational effort of decryption over
- many keys, or over many bytes of output, thus reducing the effective
- key size of the cipher. A detailed analysis of these attacks and
- their applicability to the encryption of Internet traffic is provided
- in [MF00]. In summary, the effective key size of SRTP when used in a
- security system in which m distinct keys are used, is equal to the
- key size of the cipher less the logarithm (base two) of m.
- Protection against such attacks can be provided simply by increasing
- the size of the keys used, which here can be accomplished by the use
- of the salting key. Note that the salting key MUST be random but MAY
- be public. A salt size of (the suggested) size 112 bits protects
- against attacks in scenarios where at most 2^112 keys are in use.
- This is sufficient for all practical purposes.
-
- Implementations SHOULD use keys that are as large as possible.
- Please note that in many cases increasing the key size of a cipher
- does not affect the throughput of that cipher.
-
- The use of the SRTP and SRTCP indices in the pre-defined transforms
- fixes the maximum number of packets that can be secured with the same
- key. This limit is fixed to 2^48 SRTP packets for an SRTP stream,
- and 2^31 SRTCP packets, when SRTP and SRTCP are considered
- independently. Due to for example re-keying, reaching this limit may
- or may not coincide with wrapping of the indices, and thus the sender
- MUST keep packet counts. However, when the session keys for related
- SRTP and SRTCP streams are derived from the same master key (the
- default behavior, Section 4.3), the upper bound that has to be
- considered is in practice the minimum of the two quantities. That
- is, when 2^48 SRTP packets or 2^31 SRTCP packets have been secured
- with the same key (whichever occurs before), the key management MUST
- be called to provide new master key(s) (previously stored and used
- keys MUST NOT be used again), or the session MUST be terminated. If
- a sender of RTCP discovers that the sender of SRTP (or SRTCP) has not
- updated the master or session key prior to sending 2^48 SRTP (or 2^31
- SRTCP) packets belonging to the same SRTP (SRTCP) stream, it is up to
- the security policy of the RTCP sender how to behave, e.g., whether
- an RTCP BYE-packet should be sent and/or if the event should be
- logged.
-
-
-
-
-
-Baugher, et al. Standards Track [Page 38]
-
-RFC 3711 SRTP March 2004
-
-
- Note: in most typical applications (assuming at least one RTCP packet
- for every 128,000 RTP packets), it will be the SRTCP index that first
- reaches the upper limit, although the time until this occurs is very
- long: even at 200 SRTCP packets/sec, the 2^31 index space of SRTCP is
- enough to secure approximately 4 months of communication.
-
- Note that if the master key is to be shared between SRTP streams
- within the same RTP session (Section 9.1), although the above bounds
- are on a per stream (i.e., per SSRC) basis, the sender MUST base re-
- key decision on the stream whose sequence number space is the first
- to be exhausted.
-
- Key derivation limits the amount of plaintext that is encrypted with
- a fixed session key, and made available to an attacker for analysis,
- but key derivation does not extend the master key's lifetime. To see
- this, simply consider our requirements to avoid two-time pad: two
- distinct packets MUST either be processed with distinct IVs, or with
- distinct session keys, and both the distinctness of IV and of the
- session keys are (for the pre-defined transforms) dependent on the
- distinctness of the packet indices.
-
- Note that with the key derivation, the effective key size is at most
- that of the master key, even if the derived session key is
- considerably longer. With the pre-defined authentication transform,
- the session authentication key is 160 bits, but the master key by
- default is only 128 bits. This design choice was made to comply with
- certain recommendations in [RFC2104] so that an existing HMAC
- implementation can be plugged into SRTP without problems. Since the
- default tag size is 80 bits, it is, for the applications in mind,
- also considered acceptable from security point of view. Users having
- concerns about this are RECOMMENDED to instead use a 192 bit master
- key in the key derivation. It was, however, chosen not to mandate
- 192-bit keys since existing AES implementations to be used in the
- key-derivation may not always support key-lengths other than 128
- bits. Since AES is not defined (or properly analyzed) for use with
- 160 bit keys it is NOT RECOMMENDED that ad-hoc key-padding schemes
- are used to pad shorter keys to 192 or 256 bits.
-
-9.3. Confidentiality of the RTP Payload
-
- SRTP's pre-defined ciphers are "seekable" stream ciphers, i.e.,
- ciphers able to efficiently seek to arbitrary locations in their
- keystream (so that the encryption or decryption of one packet does
- not depend on preceding packets). By using seekable stream ciphers,
- SRTP avoids the denial of service attacks that are possible on stream
- ciphers that lack this property. It is important to be aware that,
- as with any stream cipher, the exact length of the payload is
- revealed by the encryption. This means that it may be possible to
-
-
-
-Baugher, et al. Standards Track [Page 39]
-
-RFC 3711 SRTP March 2004
-
-
- deduce certain "formatting bits" of the payload, as the length of the
- codec output might vary due to certain parameter settings etc. This,
- in turn, implies that the corresponding bit of the keystream can be
- deduced. However, if the stream cipher is secure (counter mode and
- f8 are provably secure under certain assumptions [BDJR] [KSYH] [IK]),
- knowledge of a few bits of the keystream will not aid an attacker in
- predicting subsequent keystream bits. Thus, the payload length (and
- information deducible from this) will leak, but nothing else.
-
- As some RTP packet could contain highly predictable data, e.g., SID,
- it is important to use a cipher designed to resist known plaintext
- attacks (which is the current practice).
-
-9.4. Confidentiality of the RTP Header
-
- In SRTP, RTP headers are sent in the clear to allow for header
- compression. This means that data such as payload type,
- synchronization source identifier, and timestamp are available to an
- eavesdropper. Moreover, since RTP allows for future extensions of
- headers, we cannot foresee what kind of possibly sensitive
- information might also be "leaked".
-
- SRTP is a low-cost method, which allows header compression to reduce
- bandwidth. It is up to the endpoints' policies to decide about the
- security protocol to employ. If one really needs to protect headers,
- and is allowed to do so by the surrounding environment, then one
- should also look at alternatives, e.g., IPsec [RFC2401].
-
-9.5. Integrity of the RTP payload and header
-
- SRTP messages are subject to attacks on their integrity and source
- identification, and these risks are discussed in Section 9.5.1. To
- protect against these attacks, each SRTP stream SHOULD be protected
- by HMAC-SHA1 [RFC2104] with an 80-bit output tag and a 160-bit key,
- or a message authentication code with equivalent strength. Secure
- RTP SHOULD NOT be used without message authentication, except under
- the circumstances described in this section. It is important to note
- that encryption algorithms, including AES Counter Mode and f8, do not
- provide message authentication. SRTCP MUST NOT be used with weak (or
- NULL) authentication.
-
- SRTP MAY be used with weak authentication (e.g., a 32-bit
- authentication tag), or with no authentication (the NULL
- authentication algorithm). These options allow SRTP to be used to
- provide confidentiality in situations where
-
- * weak or null authentication is an acceptable security risk, and
- * it is impractical to provide strong message authentication.
-
-
-
-Baugher, et al. Standards Track [Page 40]
-
-RFC 3711 SRTP March 2004
-
-
- These conditions are described below and in Section 7.5. Note that
- both conditions MUST hold in order for weak or null authentication to
- be used. The risks associated with exercising the weak or null
- authentication options need to be considered by a security audit
- prior to their use for a particular application or environment given
- the risks, which are discussed in Section 9.5.1.
-
- Weak authentication is acceptable when the RTP application is such
- that the effect of a small fraction of successful forgeries is
- negligible. If the application is stateless, then the effect of a
- single forged RTP packet is limited to the decoding of that
- particular packet. Under this condition, the size of the
- authentication tag MUST ensure that only a negligible fraction of the
- packets passed to the RTP application by the SRTP receiver can be
- forgeries. This fraction is negligible when an adversary, if given
- control of the forged packets, is not able to make a significant
- impact on the output of the RTP application (see the example of
- Section 7.5).
-
- Weak or null authentication MAY be acceptable when it is unlikely
- that an adversary can modify ciphertext so that it decrypts to an
- intelligible value. One important case is when it is difficult for
- an adversary to acquire the RTP plaintext data, since for many
- codecs, an adversary that does not know the input signal cannot
- manipulate the output signal in a controlled way. In many cases it
- may be difficult for the adversary to determine the actual value of
- the plaintext. For example, a hidden snooping device might be
- required in order to know a live audio or video signal. The
- adversary's signal must have a quality equivalent to or greater than
- that of the signal under attack, since otherwise the adversary would
- not have enough information to encode that signal with the codec used
- by the victim. Plaintext prediction may also be especially difficult
- for an interactive application such as a telephone call.
-
- Weak or null authentication MUST NOT be used when the RTP application
- makes data forwarding or access control decisions based on the RTP
- data. In such a case, an attacker may be able to subvert
- confidentiality by causing the receiver to forward data to an
- attacker. See Section 3 of [B96] for a real-life example of such
- attacks.
-
- Null authentication MUST NOT be used when a replay attack, in which
- an adversary stores packets then replays them later in the session,
- could have a non-negligible impact on the receiver. An example of a
- successful replay attack is the storing of the output of a
- surveillance camera for a period of time, later followed by the
-
-
-
-
-
-Baugher, et al. Standards Track [Page 41]
-
-RFC 3711 SRTP March 2004
-
-
- injection of that output to the monitoring station to avoid
- surveillance. Encryption does not protect against this attack, and
- non-null authentication is REQUIRED in order to defeat it.
-
- If existential message forgery is an issue, i.e., when the accuracy
- of the received data is of non-negligible importance, null
- authentication MUST NOT be used.
-
-9.5.1. Risks of Weak or Null Message Authentication
-
- During a security audit considering the use of weak or null
- authentication, it is important to keep in mind the following attacks
- which are possible when no message authentication algorithm is used.
-
- An attacker who cannot predict the plaintext is still always able to
- modify the message sent between the sender and the receiver so that
- it decrypts to a random plaintext value, or to send a stream of bogus
- packets to the receiver that will decrypt to random plaintext values.
- This attack is essentially a denial of service attack, though in the
- absence of message authentication, the RTP application will have
- inputs that are bit-wise correlated with the true value. Some
- multimedia codecs and common operating systems will crash when such
- data are accepted as valid video data. This denial of service attack
- may be a much larger threat than that due to an attacker dropping,
- delaying, or re-ordering packets.
-
- An attacker who cannot predict the plaintext can still replay a
- previous message with certainty that the receiver will accept it.
- Applications with stateless codecs might be robust against this type
- of attack, but for other, more complex applications these attacks may
- be far more grave.
-
- An attacker who can predict the plaintext can modify the ciphertext
- so that it will decrypt to any value of her choosing. With an
- additive stream cipher, an attacker will always be able to change
- individual bits.
-
- An attacker may be able to subvert confidentiality due to the lack of
- authentication when a data forwarding or access control decision is
- made on decrypted but unauthenticated plaintext. This is because the
- receiver may be fooled into forwarding data to an attacker, leading
- to an indirect breach of confidentiality (see Section 3 of [B96]).
- This is because data-forwarding decisions are made on the decrypted
- plaintext; information in the plaintext will determine to what subnet
- (or process) the plaintext is forwarded in ESP [RFC2401] tunnel mode
- (respectively, transport mode). When Secure RTP is used without
-
-
-
-
-
-Baugher, et al. Standards Track [Page 42]
-
-RFC 3711 SRTP March 2004
-
-
- message authentication, it should be verified that the application
- does not make data forwarding or access control decisions based on
- the decrypted plaintext.
-
- Some cipher modes of operation that require padding, e.g., standard
- cipher block chaining (CBC) are very sensitive to attacks on
- confidentiality if certain padding types are used in the absence of
- integrity. The attack [V02] shows that this is indeed the case for
- the standard RTP padding as discussed in reference to Figure 1, when
- used together with CBC mode. Later transform additions to SRTP MUST
- therefore carefully consider the risk of using this padding without
- proper integrity protection.
-
-9.5.2. Implicit Header Authentication
-
- The IV formation of the f8-mode gives implicit authentication (IHA)
- of the RTP header, even when message authentication is not used.
- When IHA is used, an attacker that modifies the value of the RTP
- header will cause the decryption process at the receiver to produce
- random plaintext values. While this protection is not equivalent to
- message authentication, it may be useful for some applications.
-
-10. Interaction with Forward Error Correction mechanisms
-
- The default processing when using Forward Error Correction (e.g., RFC
- 2733) processing with SRTP SHALL be to perform FEC processing prior
- to SRTP processing on the sender side and to perform SRTP processing
- prior to FEC processing on the receiver side. Any change to this
- ordering (reversing it, or, placing FEC between SRTP encryption and
- SRTP authentication) SHALL be signaled out of band.
-
-11. Scenarios
-
- SRTP can be used as security protocol for the RTP/RTCP traffic in
- many different scenarios. SRTP has a number of configuration
- options, in particular regarding key usage, and can have impact on
- the total performance of the application according to the way it is
- used. Hence, the use of SRTP is dependent on the kind of scenario
- and application it is used with. In the following, we briefly
- illustrate some use cases for SRTP, and give some guidelines for
- recommended setting of its options.
-
-11.1. Unicast
-
- A typical example would be a voice call or video-on-demand
- application.
-
-
-
-
-
-Baugher, et al. Standards Track [Page 43]
-
-RFC 3711 SRTP March 2004
-
-
- Consider one bi-directional RTP stream, as one RTP session. It is
- possible for the two parties to share the same master key in the two
- directions according to the principles of Section 9.1. The first
- round of the key derivation splits the master key into any or all of
- the following session keys (according to the provided security
- functions):
-
- SRTP_encr_key, SRTP_auth_key, SRTCP_encr_key, and SRTCP_auth key.
-
- (For simplicity, we omit discussion of the salts, which are also
- derived.) In this scenario, it will in most cases suffice to have a
- single master key with the default lifetime. This guarantees
- sufficiently long lifetime of the keys and a minimum set of keys in
- place for most practical purposes. Also, in this case RTCP
- protection can be applied smoothly. Under these assumptions, use of
- the MKI can be omitted. As the key-derivation in combination with
- large difference in the packet rate in the respective directions may
- require simultaneous storage of several session keys, if storage is
- an issue, we recommended to use low-rate key derivation.
-
- The same considerations can be extended to the unicast scenario with
- multiple RTP sessions, where each session would have a distinct
- master key.
-
-11.2. Multicast (one sender)
-
- Just as with (unprotected) RTP, a scalability issue arises in big
- groups due to the possibly very large amount of SRTCP Receiver
- Reports that the sender might need to process. In SRTP, the sender
- may have to keep state (the cryptographic context) for each receiver,
- or more precisely, for the SRTCP used to protect Receiver Reports.
- The overhead increases proportionally to the size of the group. In
- particular, re-keying requires special concern, see below.
-
- Consider first a small group of receivers. There are a few possible
- setups with the distribution of master keys among the receivers.
- Given a single RTP session, one possibility is that the receivers
- share the same master key as per Section 9.1 to secure all their
- respective RTCP traffic. This shared master key could then be the
- same one used by the sender to protect its outbound SRTP traffic.
- Alternatively, it could be a master key shared only among the
- receivers and used solely for their SRTCP traffic. Both alternatives
- require the receivers to trust each other.
-
- Considering SRTCP and key storage, it is recommended to use low-rate
- (or zero) key_derivation (except the mandatory initial one), so that
- the sender does not need to store too many session keys (each SRTCP
- stream might otherwise have a different session key at a given point
-
-
-
-Baugher, et al. Standards Track [Page 44]
-
-RFC 3711 SRTP March 2004
-
-
- in time, as the SRTCP sources send at different times). Thus, in
- case key derivation is wanted for SRTP, the cryptographic context for
- SRTP can be kept separate from the SRTCP crypto context, so that it
- is possible to have a key_derivation_rate of 0 for SRTCP and a non-
- zero value for SRTP.
-
- Use of the MKI for re-keying is RECOMMENDED for most applications
- (see Section 8.1).
-
- If there are more than one SRTP/SRTCP stream (within the same RTP
- session) that share the master key, the upper limit of 2^48 SRTP
- packets / 2^31 SRTCP packets means that, before one of the streams
- reaches its maximum number of packets, re-keying MUST be triggered on
- ALL streams sharing the master key. (From strict security point of
- view, only the stream reaching the maximum would need to be re-keyed,
- but then the streams would no longer be sharing master key, which is
- the intention.) A local policy at the sender side should force
- rekeying in a way that the maximum packet limit is not reached on any
- of the streams. Use of the MKI for re-keying is RECOMMENDED.
-
- In large multicast with one sender, the same considerations as for
- the small group multicast hold. The biggest issue in this scenario
- is the additional load placed at the sender side, due to the state
- (cryptographic contexts) that has to be maintained for each receiver,
- sending back RTCP Receiver Reports. At minimum, a replay window
- might need to be maintained for each RTCP source.
-
-11.3. Re-keying and access control
-
- Re-keying may occur due to access control (e.g., when a member is
- removed during a multicast RTP session), or for pure cryptographic
- reasons (e.g., the key is at the end of its lifetime). When using
- SRTP default transforms, the master key MUST be replaced before any
- of the index spaces are exhausted for any of the streams protected by
- one and the same master key.
-
- How key management re-keys SRTP implementations is out of scope, but
- it is clear that there are straightforward ways to manage keys for a
- multicast group. In one-sender multicast, for example, it is
- typically the responsibility of the sender to determine when a new
- key is needed. The sender is the one entity that can keep track of
- when the maximum number of packets has been sent, as receivers may
- join and leave the session at any time, there may be packet loss and
- delay etc. In scenarios other than one-sender multicast, other
- methods can be used. Here, one must take into consideration that key
- exchange can be a costly operation, taking several seconds for a
- single exchange. Hence, some time before the master key is
- exhausted/expires, out-of-band key management is initiated, resulting
-
-
-
-Baugher, et al. Standards Track [Page 45]
-
-RFC 3711 SRTP March 2004
-
-
- in a new master key that is shared with the receiver(s). In any
- event, to maintain synchronization when switching to the new key,
- group policy might choose between using the MKI and the <From, To>,
- as described in Section 8.1.
-
- For access control purposes, the <From, To> periods are set at the
- desired granularity, dependent on the packet rate. High rate re-
- keying can be problematic for SRTCP in some large-group scenarios.
- As mentioned, there are potential problems in using the SRTP index,
- rather than the SRTCP index, for determining the master key. In
- particular, for short periods during switching of master keys, it may
- be the case that SRTCP packets are not under the current master key
- of the correspondent SRTP. Therefore, using the MKI for re-keying in
- such scenarios will produce better results.
-
-11.4. Summary of basic scenarios
-
- The description of these scenarios highlights some recommendations on
- the use of SRTP, mainly related to re-keying and large scale
- multicast:
-
- - Do not use fast re-keying with the <From, To> feature. It may, in
- particular, give problems in retrieving the correct SRTCP key, if
- an SRTCP packet arrives close to the re-keying time. The MKI
- SHOULD be used in this case.
-
- - If multiple SRTP streams in the same RTP session share the same
- master key, also moderate rate re-keying MAY have the same
- problems, and the MKI SHOULD be used.
-
- - Though offering increased security, a non-zero key_derivation_rate
- is NOT RECOMMENDED when trying to minimize the number of keys in
- use with multiple streams.
-
-12. IANA Considerations
-
- The RTP specification establishes a registry of profile names for use
- by higher-level control protocols, such as the Session Description
- Protocol (SDP), to refer to transport methods. This profile
- registers the name "RTP/SAVP".
-
- SRTP uses cryptographic transforms which a key management protocol
- signals. It is the task of each particular key management protocol
- to register the cryptographic transforms or suites of transforms with
- IANA. The key management protocol conveys these protocol numbers,
- not SRTP, and each key management protocol chooses the numbering
- scheme and syntax that it requires.
-
-
-
-
-Baugher, et al. Standards Track [Page 46]
-
-RFC 3711 SRTP March 2004
-
-
- Specification of a key management protocol for SRTP is out of scope
- here. Section 8.2, however, provides guidance on the parameters that
- need to be defined for the default and mandatory transforms.
-
-13. Acknowledgements
-
- David Oran (Cisco) and Rolf Blom (Ericsson) are co-authors of this
- document but their valuable contributions are acknowledged here to
- keep the length of the author list down.
-
- The authors would in addition like to thank Magnus Westerlund, Brian
- Weis, Ghyslain Pelletier, Morgan Lindqvist, Robert Fairlie-
- Cuninghame, Adrian Perrig, the AVT WG and in particular the chairmen
- Colin Perkins and Stephen Casner, the Transport and Security Area
- Directors, and Eric Rescorla for their reviews and support.
-
-14. References
-
-14.1. Normative References
-
- [AES] NIST, "Advanced Encryption Standard (AES)", FIPS PUB 197,
- http://www.nist.gov/aes/
-
- [RFC2104] Krawczyk, H., Bellare, M. and R. Canetti, "HMAC: Keyed-
- Hashing for Message Authentication", RFC 2104, February
- 1997.
-
- [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
- Requirement Levels", BCP 14, RFC 2119, March 1997.
-
- [RFC2401] Kent, S. and R. Atkinson, "Security Architecture for
- Internet Protocol", RFC 2401, November 1998.
-
- [RFC2828] Shirey, R., "Internet Security Glossary", FYI 36, RFC 2828,
- May 2000.
-
- [RFC3550] Schulzrinne, H., Casner, S., Frederick, R. and V. Jacobson,
- "RTP: A Transport Protocol for Real-time Applications", RFC
- 3550, July 2003.
-
- [RFC3551] Schulzrinne, H. and S. Casner, "RTP Profile for Audio and
- Video Conferences with Minimal Control", RFC 3551, July
- 2003.
-
-
-
-
-
-
-
-
-Baugher, et al. Standards Track [Page 47]
-
-RFC 3711 SRTP March 2004
-
-
-14.2. Informative References
-
- [AES-CTR] Lipmaa, H., Rogaway, P. and D. Wagner, "CTR-Mode
- Encryption", NIST, http://csrc.nist.gov/encryption/modes/
- workshop1/papers/lipmaa-ctr.pdf
-
- [B96] Bellovin, S., "Problem Areas for the IP Security
- Protocols," in Proceedings of the Sixth Usenix Unix
- Security Symposium, pp. 1-16, San Jose, CA, July 1996
- (http://www.research.att.com/~smb/papers/index.html).
-
- [BDJR] Bellare, M., Desai, A., Jokipii, E. and P. Rogaway, "A
- Concrete Treatment of Symmetric Encryption: Analysis of DES
- Modes of Operation", Proceedings 38th IEEE FOCS, pp. 394-
- 403, 1997.
-
- [BS00] Biryukov, A. and A. Shamir, "Cryptanalytic Time/Memory/Data
- Tradeoffs for Stream Ciphers", Proceedings, ASIACRYPT 2000,
- LNCS 1976, pp. 1-13, Springer Verlag.
-
- [C99] Crowell, W. P., "Introduction to the VENONA Project",
- http://www.nsa.gov:8080/docs/venona/index.html.
-
- [CTR] Dworkin, M., NIST Special Publication 800-38A,
- "Recommendation for Block Cipher Modes of Operation:
- Methods and Techniques", 2001.
- http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-
- 38a.pdf.
-
- [f8-a] 3GPP TS 35.201 V4.1.0 (2001-12) Technical Specification 3rd
- Generation Partnership Project; Technical Specification
- Group Services and System Aspects; 3G Security;
- Specification of the 3GPP Confidentiality and Integrity
- Algorithms; Document 1: f8 and f9 Specification (Release
- 4).
-
- [f8-b] 3GPP TR 33.908 V4.0.0 (2001-09) Technical Report 3rd
- Generation Partnership Project; Technical Specification
- Group Services and System Aspects; 3G Security; General
- Report on the Design, Specification and Evaluation of 3GPP
- Standard Confidentiality and Integrity Algorithms (Release
- 4).
-
- [GDOI] Baugher, M., Weis, B., Hardjono, T. and H. Harney, "The
- Group Domain of Interpretation, RFC 3547, July 2003.
-
-
-
-
-
-
-Baugher, et al. Standards Track [Page 48]
-
-RFC 3711 SRTP March 2004
-
-
- [HAC] Menezes, A., Van Oorschot, P. and S. Vanstone, "Handbook
- of Applied Cryptography", CRC Press, 1997, ISBN 0-8493-
- 8523-7.
-
- [H80] Hellman, M. E., "A cryptanalytic time-memory trade-off",
- IEEE Transactions on Information Theory, July 1980, pp.
- 401-406.
-
- [IK] T. Iwata and T. Kohno: "New Security Proofs for the 3GPP
- Confidentiality and Integrity Algorithms", Proceedings of
- FSE 2004.
-
- [KINK] Thomas, M. and J. Vilhuber, "Kerberized Internet
- Negotiation of Keys (KINK)", Work in Progress.
-
- [KEYMGT] Arrko, J., et al., "Key Management Extensions for Session
- Description Protocol (SDP) and Real Time Streaming Protocol
- (RTSP)", Work in Progress.
-
- [KSYH] Kang, J-S., Shin, S-U., Hong, D. and O. Yi, "Provable
- Security of KASUMI and 3GPP Encryption Mode f8",
- Proceedings Asiacrypt 2001, Springer Verlag LNCS 2248, pp.
- 255-271, 2001.
-
- [MIKEY] Arrko, J., et. al., "MIKEY: Multimedia Internet KEYing",
- Work in Progress.
-
- [MF00] McGrew, D. and S. Fluhrer, "Attacks on Encryption of
- Redundant Plaintext and Implications on Internet Security",
- the Proceedings of the Seventh Annual Workshop on Selected
- Areas in Cryptography (SAC 2000), Springer-Verlag.
-
- [PCST1] Perrig, A., Canetti, R., Tygar, D. and D. Song, "Efficient
- and Secure Source Authentication for Multicast", in Proc.
- of Network and Distributed System Security Symposium NDSS
- 2001, pp. 35-46, 2001.
-
- [PCST2] Perrig, A., Canetti, R., Tygar, D. and D. Song, "Efficient
- Authentication and Signing of Multicast Streams over Lossy
- Channels", in Proc. of IEEE Security and Privacy Symposium
- S&P2000, pp. 56-73, 2000.
-
- [RFC1750] Eastlake, D., Crocker, S. and J. Schiller, "Randomness
- Recommendations for Security", RFC 1750, December 1994.
-
- [RFC2675] Borman, D., Deering, S. and R. Hinden, "IPv6 Jumbograms",
- RFC 2675, August 1999.
-
-
-
-
-Baugher, et al. Standards Track [Page 49]
-
-RFC 3711 SRTP March 2004
-
-
- [RFC3095] Bormann, C., Burmeister, C., Degermark, M., Fukuhsima, H.,
- Hannu, H., Jonsson, L-E., Hakenberg, R., Koren, T., Le, K.,
- Liu, Z., Martensson, A., Miyazaki, A., Svanbro, K., Wiebke,
- T., Yoshimura, T. and H. Zheng, "RObust Header Compression:
- Framework and Four Profiles: RTP, UDP, ESP, and
- uncompressed (ROHC)", RFC 3095, July 2001.
-
- [RFC3242] Jonsson, L-E. and G. Pelletier, "RObust Header Compression
- (ROHC): A Link-Layer Assisted Profile for IP/UDP/RTP ", RFC
- 3242, April 2002.
-
- [SDMS] Andreasen, F., Baugher, M. and D. Wing, "Session
- Description Protocol Security Descriptions for Media
- Streams", Work in Progress.
-
- [SWO] Svanbro, K., Wiorek, J. and B. Olin, "Voice-over-IP-over-
- wireless", Proc. PIMRC 2000, London, Sept. 2000.
-
- [V02] Vaudenay, S., "Security Flaws Induced by CBC Padding -
- Application to SSL, IPsec, WTLS...", Advances in
- Cryptology, EUROCRYPT'02, LNCS 2332, pp. 534-545.
-
- [WC81] Wegman, M. N., and J.L. Carter, "New Hash Functions and
- Their Use in Authentication and Set Equality", JCSS 22,
- 265-279, 1981.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Baugher, et al. Standards Track [Page 50]
-
-RFC 3711 SRTP March 2004
-
-
-Appendix A: Pseudocode for Index Determination
-
- The following is an example of pseudo-code for the algorithm to
- determine the index i of an SRTP packet with sequence number SEQ. In
- the following, signed arithmetic is assumed.
-
- if (s_l < 32,768)
- if (SEQ - s_l > 32,768)
- set v to (ROC-1) mod 2^32
- else
- set v to ROC
- endif
- else
- if (s_l - 32,768 > SEQ)
- set v to (ROC+1) mod 2^32
- else
- set v to ROC
- endif
- endif
- return SEQ + v*65,536
-
-Appendix B: Test Vectors
-
- All values are in hexadecimal.
-
-B.1. AES-f8 Test Vectors
-
- SRTP PREFIX LENGTH : 0
-
- RTP packet header : 806e5cba50681de55c621599
-
- RTP packet payload : 70736575646f72616e646f6d6e657373
- 20697320746865206e65787420626573
- 74207468696e67
-
- ROC : d462564a
- key : 234829008467be186c3de14aae72d62c
- salt key : 32f2870d
- key-mask (m) : 32f2870d555555555555555555555555
- key XOR key-mask : 11baae0dd132eb4d3968b41ffb278379
-
- IV : 006e5cba50681de55c621599d462564a
- IV' : 595b699bbd3bc0df26062093c1ad8f73
-
-
-
-
-
-
-
-
-Baugher, et al. Standards Track [Page 51]
-
-RFC 3711 SRTP March 2004
-
-
- j = 0
- IV' xor j : 595b699bbd3bc0df26062093c1ad8f73
- S(-1) : 00000000000000000000000000000000
- IV' xor S(-1) xor j : 595b699bbd3bc0df26062093c1ad8f73
- S(0) : 71ef82d70a172660240709c7fbb19d8e
- plaintext : 70736575646f72616e646f6d6e657373
- ciphertext : 019ce7a26e7854014a6366aa95d4eefd
-
- j = 1
- IV' xor j : 595b699bbd3bc0df26062093c1ad8f72
- S(0) : 71ef82d70a172660240709c7fbb19d8e
- IV' xor S(0) xor j : 28b4eb4cb72ce6bf020129543a1c12fc
- S(1) : 3abd640a60919fd43bd289a09649b5fc
- plaintext : 20697320746865206e65787420626573
- ciphertext : 1ad4172a14f9faf455b7f1d4b62bd08f
-
- j = 2
- IV' xor j : 595b699bbd3bc0df26062093c1ad8f71
- S(1) : 3abd640a60919fd43bd289a09649b5fc
- IV' xor S(1) xor j : 63e60d91ddaa5f0b1dd4a93357e43a8d
- S(2) : 220c7a8715266565b09ecc8a2a62b11b
- plaintext : 74207468696e67
- ciphertext : 562c0eef7c4802
-
-B.2. AES-CM Test Vectors
-
- Keystream segment length: 1044512 octets (65282 AES blocks)
- Session Key: 2B7E151628AED2A6ABF7158809CF4F3C
- Rollover Counter: 00000000
- Sequence Number: 0000
- SSRC: 00000000
- Session Salt: F0F1F2F3F4F5F6F7F8F9FAFBFCFD0000 (already shifted)
- Offset: F0F1F2F3F4F5F6F7F8F9FAFBFCFD0000
-
- Counter Keystream
-
- F0F1F2F3F4F5F6F7F8F9FAFBFCFD0000 E03EAD0935C95E80E166B16DD92B4EB4
- F0F1F2F3F4F5F6F7F8F9FAFBFCFD0001 D23513162B02D0F72A43A2FE4A5F97AB
- F0F1F2F3F4F5F6F7F8F9FAFBFCFD0002 41E95B3BB0A2E8DD477901E4FCA894C0
- ... ...
- F0F1F2F3F4F5F6F7F8F9FAFBFCFDFEFF EC8CDF7398607CB0F2D21675EA9EA1E4
- F0F1F2F3F4F5F6F7F8F9FAFBFCFDFF00 362B7C3C6773516318A077D7FC5073AE
- F0F1F2F3F4F5F6F7F8F9FAFBFCFDFF01 6A2CC3787889374FBEB4C81B17BA6C44
-
- Nota Bene: this test case is contrived so that the latter part of the
- keystream segment coincides with the test case in Section F.5.1 of
- [CTR].
-
-
-
-
-Baugher, et al. Standards Track [Page 52]
-
-RFC 3711 SRTP March 2004
-
-
-B.3. Key Derivation Test Vectors
-
- This section provides test data for the default key derivation
- function, which uses AES-128 in Counter Mode. In the following, we
- walk through the initial key derivation for the AES-128 Counter Mode
- cipher, which requires a 16 octet session encryption key and a 14
- octet session salt, and an authentication function which requires a
- 94-octet session authentication key. These values are called the
- cipher key, the cipher salt, and the auth key in the following.
- Since this is the initial key derivation and the key derivation rate
- is equal to zero, the value of (index DIV key_derivation_rate) is
- zero (actually, a six-octet string of zeros). In the following, we
- shorten key_derivation_rate to kdr.
-
- The inputs to the key derivation function are the 16 octet master key
- and the 14 octet master salt:
-
- master key: E1F97A0D3E018BE0D64FA32C06DE4139
- master salt: 0EC675AD498AFEEBB6960B3AABE6
-
- We first show how the cipher key is generated. The input block for
- AES-CM is generated by exclusive-oring the master salt with the
- concatenation of the encryption key label 0x00 with (index DIV kdr),
- then padding on the right with two null octets (which implements the
- multiply-by-2^16 operation, see Section 4.3.3). The resulting value
- is then AES-CM- encrypted using the master key to get the cipher key.
-
- index DIV kdr: 000000000000
- label: 00
- master salt: 0EC675AD498AFEEBB6960B3AABE6
- -----------------------------------------------
- xor: 0EC675AD498AFEEBB6960B3AABE6 (x, PRF input)
-
- x*2^16: 0EC675AD498AFEEBB6960B3AABE60000 (AES-CM input)
-
- cipher key: C61E7A93744F39EE10734AFE3FF7A087 (AES-CM output)
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Baugher, et al. Standards Track [Page 53]
-
-RFC 3711 SRTP March 2004
-
-
- Next, we show how the cipher salt is generated. The input block for
- AES-CM is generated by exclusive-oring the master salt with the
- concatenation of the encryption salt label. That value is padded and
- encrypted as above.
-
- index DIV kdr: 000000000000
- label: 02
- master salt: 0EC675AD498AFEEBB6960B3AABE6
-
- ----------------------------------------------
- xor: 0EC675AD498AFEE9B6960B3AABE6 (x, PRF input)
-
- x*2^16: 0EC675AD498AFEE9B6960B3AABE60000 (AES-CM input)
-
- 30CBBC08863D8C85D49DB34A9AE17AC6 (AES-CM ouptut)
-
- cipher salt: 30CBBC08863D8C85D49DB34A9AE1
-
- We now show how the auth key is generated. The input block for AES-
- CM is generated as above, but using the authentication key label.
-
- index DIV kdr: 000000000000
- label: 01
- master salt: 0EC675AD498AFEEBB6960B3AABE6
- -----------------------------------------------
- xor: 0EC675AD498AFEEAB6960B3AABE6 (x, PRF input)
-
- x*2^16: 0EC675AD498AFEEAB6960B3AABE60000 (AES-CM input)
-
- Below, the auth key is shown on the left, while the corresponding AES
- input blocks are shown on the right.
-
- auth key AES input blocks
- CEBE321F6FF7716B6FD4AB49AF256A15 0EC675AD498AFEEAB6960B3AABE60000
- 6D38BAA48F0A0ACF3C34E2359E6CDBCE 0EC675AD498AFEEAB6960B3AABE60001
- E049646C43D9327AD175578EF7227098 0EC675AD498AFEEAB6960B3AABE60002
- 6371C10C9A369AC2F94A8C5FBCDDDC25 0EC675AD498AFEEAB6960B3AABE60003
- 6D6E919A48B610EF17C2041E47403576 0EC675AD498AFEEAB6960B3AABE60004
- 6B68642C59BBFC2F34DB60DBDFB2 0EC675AD498AFEEAB6960B3AABE60005
-
-
-
-
-
-
-
-
-
-
-
-
-Baugher, et al. Standards Track [Page 54]
-
-RFC 3711 SRTP March 2004
-
-
-Authors' Addresses
-
- Questions and comments should be directed to the authors and
- avt@ietf.org:
-
- Mark Baugher
- Cisco Systems, Inc.
- 5510 SW Orchid Street
- Portland, OR 97219 USA
-
- Phone: +1 408-853-4418
- EMail: mbaugher@cisco.com
-
-
- Elisabetta Carrara
- Ericsson Research
- SE-16480 Stockholm
- Sweden
-
- Phone: +46 8 50877040
- EMail: elisabetta.carrara@ericsson.com
-
-
- David A. McGrew
- Cisco Systems, Inc.
- San Jose, CA 95134-1706
- USA
-
- Phone: +1 301-349-5815
- EMail: mcgrew@cisco.com
-
-
- Mats Naslund
- Ericsson Research
- SE-16480 Stockholm
- Sweden
-
- Phone: +46 8 58533739
- EMail: mats.naslund@ericsson.com
-
-
- Karl Norrman
- Ericsson Research
- SE-16480 Stockholm
- Sweden
-
- Phone: +46 8 4044502
- EMail: karl.norrman@ericsson.com
-
-
-
-Baugher, et al. Standards Track [Page 55]
-
-RFC 3711 SRTP March 2004
-
-
-Full Copyright Statement
-
- Copyright (C) The Internet Society (2004). This document is subject
- to the rights, licenses and restrictions contained in BCP 78 and
- except as set forth therein, the authors retain all their rights.
-
- This document and the information contained herein are provided on an
- "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
- OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
- ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
- INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
- INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
- WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
-
-Intellectual Property
-
- The IETF takes no position regarding the validity or scope of any
- Intellectual Property Rights or other rights that might be claimed to
- pertain to the implementation or use of the technology described in
- this document or the extent to which any license under such rights
- might or might not be available; nor does it represent that it has
- made any independent effort to identify any such rights. Information
- on the procedures with respect to rights in RFC documents can be
- found in BCP 78 and BCP 79.
-
- Copies of IPR disclosures made to the IETF Secretariat and any
- assurances of licenses to be made available, or the result of an
- attempt made to obtain a general license or permission for the use of
- such proprietary rights by implementers or users of this
- specification can be obtained from the IETF on-line IPR repository at
- http://www.ietf.org/ipr.
-
- The IETF invites any interested party to bring to its attention any
- copyrights, patents or patent applications, or other proprietary
- rights that may cover technology that may be required to implement
- this standard. Please address the information to the IETF at ietf-
- ipr@ietf.org.
-
-Acknowledgement
-
- Funding for the RFC Editor function is currently provided by the
- Internet Society.
-
-
-
-
-
-
-
-
-
-Baugher, et al. Standards Track [Page 56]
-
diff --git a/third_party/srtp/include/ekt.h b/third_party/srtp/include/ekt.h
new file mode 100644
index 00000000..b0d888ba
--- /dev/null
+++ b/third_party/srtp/include/ekt.h
@@ -0,0 +1,201 @@
+/*
+ * ekt.h
+ *
+ * interface to Encrypted Key Transport for SRTP
+ *
+ * David McGrew
+ * Cisco Systems, Inc.
+ */
+/*
+ *
+ * Copyright (c) 2001-2005 Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following
+ * disclaimer in the documentation and/or other materials provided
+ * with the distribution.
+ *
+ * Neither the name of the Cisco Systems, Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+
+
+/*
+ * EKT implementation strategy
+ *
+ * use stream_template approach
+ *
+ * in srtp_unprotect, when a new stream appears, check if template has
+ * EKT defined, and if it does, then apply EKT processing
+ *
+ * question: will we want to allow key-sharing templates in addition
+ * to EKT templates? could define a new ssrc_type_t that's associated
+ * with an EKT, e.g. ssrc_any_ekt.
+ *
+ *
+ */
+
+#ifndef EKT_H
+#define EKT_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#include "srtp_priv.h"
+
+#define EKT_CIPHER_DEFAULT 1
+#define EKT_CIPHER_AES_128_ECB 1
+#define EKT_CIPHER_AES_192_KEY_WRAP 2
+#define EKT_CIPHER_AES_256_KEY_WRAP 3
+
+typedef uint16_t ekt_spi_t;
+
+
+unsigned
+ekt_octets_after_base_tag(ekt_stream_t ekt);
+
+/*
+ * an srtp_policy_t structure can contain a pointer to an
+ * ekt_policy_t structure
+ *
+ * this structure holds all of the high level EKT information, and it
+ * is passed into libsrtp to indicate what policy should be in effect
+ */
+
+typedef struct ekt_policy_ctx_t {
+ ekt_spi_t spi; /* security parameter index */
+ uint8_t ekt_cipher_type;
+ uint8_t *ekt_key;
+ struct ekt_policy_ctx_t *next_ekt_policy;
+} ekt_policy_ctx_t;
+
+
+/*
+ * an ekt_data_t structure holds the data corresponding to an ekt key,
+ * spi, and so on
+ */
+
+typedef struct ekt_data_t {
+ ekt_spi_t spi;
+ uint8_t ekt_cipher_type;
+ aes_expanded_key_t ekt_enc_key;
+ aes_expanded_key_t ekt_dec_key;
+ struct ekt_data_t *next_ekt_data;
+} ekt_data_t;
+
+/*
+ * an srtp_stream_ctx_t can contain an ekt_stream_ctx_t
+ *
+ * an ekt_stream_ctx_t structure holds all of the EKT information for
+ * a specific SRTP stream
+ */
+
+typedef struct ekt_stream_ctx_t {
+ ekt_data_t *data;
+ uint16_t isn; /* initial sequence number */
+ uint8_t encrypted_master_key[SRTP_MAX_KEY_LEN];
+} ekt_stream_ctx_t;
+
+
+
+err_status_t
+ekt_alloc(ekt_stream_t *stream_data, ekt_policy_t policy);
+
+err_status_t
+ekt_stream_init(ekt_stream_t e,
+ ekt_spi_t spi,
+ void *ekt_key,
+ unsigned ekt_cipher_type);
+
+err_status_t
+ekt_stream_init_from_policy(ekt_stream_t e, ekt_policy_t p);
+
+
+
+err_status_t
+srtp_stream_init_from_ekt(srtp_stream_t stream,
+ const void *srtcp_hdr,
+ unsigned pkt_octet_len);
+
+
+void
+ekt_write_data(ekt_stream_t ekt,
+ uint8_t *base_tag,
+ unsigned base_tag_len,
+ int *packet_len,
+ xtd_seq_num_t pkt_index);
+
+/*
+ * We handle EKT by performing some additional steps before
+ * authentication (copying the auth tag into a temporary location,
+ * zeroizing the "base tag" field in the packet)
+ *
+ * With EKT, the tag_len parameter is actually the base tag
+ * length
+ */
+
+err_status_t
+ekt_tag_verification_preproces(uint8_t *pkt_tag,
+ uint8_t *pkt_tag_copy,
+ unsigned tag_len);
+
+err_status_t
+ekt_tag_verification_postproces(uint8_t *pkt_tag,
+ uint8_t *pkt_tag_copy,
+ unsigned tag_len);
+
+
+/*
+ * @brief EKT pre-processing for srtcp tag generation
+ *
+ * This function does the pre-processing of the SRTCP authentication
+ * tag format. When EKT is used, it consists of writing the Encrypted
+ * Master Key, the SRTP ROC, the Initial Sequence Number, and SPI
+ * fields. The Base Authentication Tag field is set to the all-zero
+ * value
+ *
+ * When EKT is not used, this function is a no-op.
+ *
+ */
+
+err_status_t
+srtp_stream_srtcp_auth_tag_generation_preprocess(const srtp_stream_t *s,
+ uint8_t *pkt_tag,
+ unsigned pkt_octet_len);
+
+/* it's not clear that a tag_generation_postprocess function is needed */
+
+err_status_t
+srtcp_auth_tag_generation_postprocess(void);
+
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* EKT_H */
diff --git a/third_party/srtp/include/rtp.h b/third_party/srtp/include/rtp.h
index 94279f56..0e0119cf 100644
--- a/third_party/srtp/include/rtp.h
+++ b/third_party/srtp/include/rtp.h
@@ -66,18 +66,18 @@ typedef struct rtp_sender_ctx_t *rtp_sender_t;
typedef struct rtp_receiver_ctx_t *rtp_receiver_t;
-unsigned int
+int
rtp_sendto(rtp_sender_t sender, const void* msg, int len);
-unsigned int
+int
rtp_recvfrom(rtp_receiver_t receiver, void *msg, int *len);
int
-rtp_receiver_init(rtp_receiver_t rcvr, int socket,
+rtp_receiver_init(rtp_receiver_t rcvr, int sock,
struct sockaddr_in addr, unsigned int ssrc);
int
-rtp_sender_init(rtp_sender_t sender, int socket,
+rtp_sender_init(rtp_sender_t sender, int sock,
struct sockaddr_in addr, unsigned int ssrc);
/*
@@ -103,14 +103,26 @@ int
rtp_sender_init_srtp(rtp_sender_t sender, const srtp_policy_t *policy);
int
+rtp_sender_deinit_srtp(rtp_sender_t sender);
+
+int
rtp_receiver_init_srtp(rtp_receiver_t sender, const srtp_policy_t *policy);
+int
+rtp_receiver_deinit_srtp(rtp_receiver_t sender);
+
rtp_sender_t
-rtp_sender_alloc();
+rtp_sender_alloc(void);
+
+void
+rtp_sender_dealloc(rtp_sender_t rtp_ctx);
rtp_receiver_t
-rtp_receiver_alloc();
+rtp_receiver_alloc(void);
+
+void
+rtp_receiver_dealloc(rtp_receiver_t rtp_ctx);
/*
diff --git a/third_party/srtp/include/srtp.h b/third_party/srtp/include/srtp.h
index 21d8531a..81af5198 100644
--- a/third_party/srtp/include/srtp.h
+++ b/third_party/srtp/include/srtp.h
@@ -50,15 +50,10 @@
extern "C" {
#endif
-#ifdef _MSC_VER
-# ifdef WIN64
-# pragma pack(8)
-# else
-# pragma pack(4)
-# endif
-#endif
-
-#include "crypto_kernel.h"
+#include <stdint.h>
+#include "crypto.h"
+#include "crypto_types.h"
+#include "err.h"
/**
* @defgroup SRTP Secure RTP
@@ -84,7 +79,7 @@ extern "C" {
* SRTP_MAX_TAG_LEN is the maximum tag length supported by libSRTP
*/
-#define SRTP_MAX_TAG_LEN 12
+#define SRTP_MAX_TAG_LEN 16
/**
* SRTP_MAX_TRAILER_LEN is the maximum length of the SRTP trailer
@@ -96,6 +91,18 @@ extern "C" {
*/
#define SRTP_MAX_TRAILER_LEN SRTP_MAX_TAG_LEN
+/*
+ * SRTP_AEAD_SALT_LEN is the length of the SALT values used with
+ * GCM mode. GCM mode requires an IV. The SALT value is used
+ * as part of the IV formation logic applied to each RTP packet.
+ */
+#define SRTP_AEAD_SALT_LEN 12
+#define AES_128_GCM_KEYSIZE_WSALT SRTP_AEAD_SALT_LEN + 16
+#define AES_192_GCM_KEYSIZE_WSALT SRTP_AEAD_SALT_LEN + 24
+#define AES_256_GCM_KEYSIZE_WSALT SRTP_AEAD_SALT_LEN + 32
+
+
+
/*
* nota bene: since libSRTP doesn't support the use of the MKI, the
* SRTP_MAX_TRAILER_LEN value is just the maximum tag length
@@ -176,6 +183,18 @@ typedef struct {
} ssrc_t;
+/**
+ * @brief points to an EKT policy
+ */
+typedef struct ekt_policy_ctx_t *ekt_policy_t;
+
+
+/**
+ * @brief points to EKT stream data
+ */
+typedef struct ekt_stream_ctx_t *ekt_stream_t;
+
+
/**
* @brief represents the policy for an SRTP session.
*
@@ -213,6 +232,16 @@ typedef struct srtp_policy_t {
crypto_policy_t rtcp; /**< SRTCP crypto policy. */
unsigned char *key; /**< Pointer to the SRTP master key for
* this stream. */
+ ekt_policy_t ekt; /**< Pointer to the EKT policy structure
+ * for this stream (if any) */
+ unsigned long window_size; /**< The window size to use for replay
+ * protection. */
+ int allow_repeat_tx; /**< Whether retransmissions of
+ * packets with the same sequence number
+ * are allowed. (Note that such repeated
+ * transmissions must have the same RTP
+ * payload, or a severe security weakness
+ * is introduced!) */
struct srtp_policy_t *next; /**< Pointer to next stream policy. */
} srtp_policy_t;
@@ -262,14 +291,13 @@ err_status_t
srtp_init(void);
/**
- * @brief srtp_deinit() deinitializes the srtp library.
+ * @brief srtp_shutdown() de-initializes the srtp library.
*
- * @warning This function @b must be called on quitting application or
- * after srtp is no longer used.
+ * @warning No srtp functions may be called after calling this function.
*/
err_status_t
-srtp_deinit(void);
+srtp_shutdown(void);
/**
* @brief srtp_protect() is the Secure RTP sender-side packet processing
@@ -291,6 +319,11 @@ srtp_deinit(void);
* packet, and assumes that the RTP packet is aligned on a 32-bit
* boundary.
*
+ * @warning This function assumes that it can write SRTP_MAX_TRAILER_LEN
+ * into the location in memory immediately following the RTP packet.
+ * Callers MUST ensure that this much writable memory is available in
+ * the buffer that holds the RTP packet.
+ *
* @param ctx is the SRTP context to use in processing the packet.
*
* @param rtp_hdr is a pointer to the RTP packet (before the call); after
@@ -329,8 +362,7 @@ srtp_protect(srtp_t ctx, void *rtp_hdr, int *len_ptr);
* @warning This function assumes that the SRTP packet is aligned on a
* 32-bit boundary.
*
- * @param ctx is a pointer to the srtp_t which applies to the
- * particular packet.
+ * @param ctx is the SRTP session which applies to the particular packet.
*
* @param srtp_hdr is a pointer to the header of the SRTP packet
* (before the call). after the function returns, it points to the
@@ -363,7 +395,8 @@ srtp_unprotect(srtp_t ctx, void *srtp_hdr, int *len_ptr);
* initializes an SRTP session context, applying the given policy and
* key.
*
- * @param session is the SRTP session to which the policy is to be added.
+ * @param session is a pointer to the SRTP session to which the policy is
+ * to be added.
*
* @param policy is the srtp_policy_t struct that describes the policy
* for the session. The struct may be a single element, or it may be
@@ -478,8 +511,8 @@ crypto_policy_set_rtcp_default(crypto_policy_t *p);
*
* The function crypto_policy_set_aes_cm_128_hmac_sha1_80() is a
* synonym for crypto_policy_set_rtp_default(). It conforms to the
- * naming convention used in
- * http://www.ietf.org/internet-drafts/draft-ietf-mmusic-sdescriptions-12.txt
+ * naming convention used in RFC 4568 (SDP Security Descriptions for
+ * Media Streams).
*
* @return void.
*
@@ -496,8 +529,8 @@ crypto_policy_set_rtcp_default(crypto_policy_t *p);
*
* The function call crypto_policy_set_aes_cm_128_hmac_sha1_32(&p)
* sets the crypto_policy_t at location p to use policy
- * AES_CM_128_HMAC_SHA1_32 as defined in
- * draft-ietf-mmusic-sdescriptions-12.txt. This policy uses AES-128
+ * AES_CM_128_HMAC_SHA1_32 as defined in RFC 4568.
+ * This policy uses AES-128
* Counter Mode encryption and HMAC-SHA1 authentication, with an
* authentication tag that is only 32 bits long. This length is
* considered adequate only for protecting audio and video media that
@@ -582,6 +615,242 @@ crypto_policy_set_aes_cm_128_null_auth(crypto_policy_t *p);
void
crypto_policy_set_null_cipher_hmac_sha1_80(crypto_policy_t *p);
+
+/**
+ * @brief crypto_policy_set_aes_cm_256_hmac_sha1_80() sets a crypto
+ * policy structure to a encryption and authentication policy using AES-256
+ * for RTP protection.
+ *
+ * @param p is a pointer to the policy structure to be set
+ *
+ * The function call crypto_policy_set_aes_cm_256_hmac_sha1_80(&p)
+ * sets the crypto_policy_t at location p to use policy
+ * AES_CM_256_HMAC_SHA1_80 as defined in
+ * draft-ietf-avt-srtp-big-aes-03.txt. This policy uses AES-256
+ * Counter Mode encryption and HMAC-SHA1 authentication, with an 80 bit
+ * authentication tag.
+ *
+ * This function is a convenience that helps to avoid dealing directly
+ * with the policy data structure. You are encouraged to initialize
+ * policy elements with this function call. Doing so may allow your
+ * code to be forward compatible with later versions of libSRTP that
+ * include more elements in the crypto_policy_t datatype.
+ *
+ * @return void.
+ *
+ */
+
+void crypto_policy_set_aes_cm_256_hmac_sha1_80(crypto_policy_t *p);
+
+
+/**
+ * @brief crypto_policy_set_aes_cm_256_hmac_sha1_32() sets a crypto
+ * policy structure to a short-authentication tag policy using AES-256
+ * encryption.
+ *
+ * @param p is a pointer to the policy structure to be set
+ *
+ * The function call crypto_policy_set_aes_cm_256_hmac_sha1_32(&p)
+ * sets the crypto_policy_t at location p to use policy
+ * AES_CM_256_HMAC_SHA1_32 as defined in
+ * draft-ietf-avt-srtp-big-aes-03.txt. This policy uses AES-256
+ * Counter Mode encryption and HMAC-SHA1 authentication, with an
+ * authentication tag that is only 32 bits long. This length is
+ * considered adequate only for protecting audio and video media that
+ * use a stateless playback function. See Section 7.5 of RFC 3711
+ * (http://www.ietf.org/rfc/rfc3711.txt).
+ *
+ * This function is a convenience that helps to avoid dealing directly
+ * with the policy data structure. You are encouraged to initialize
+ * policy elements with this function call. Doing so may allow your
+ * code to be forward compatible with later versions of libSRTP that
+ * include more elements in the crypto_policy_t datatype.
+ *
+ * @warning This crypto policy is intended for use in SRTP, but not in
+ * SRTCP. It is recommended that a policy that uses longer
+ * authentication tags be used for SRTCP. See Section 7.5 of RFC 3711
+ * (http://www.ietf.org/rfc/rfc3711.txt).
+ *
+ * @return void.
+ *
+ */
+
+void
+crypto_policy_set_aes_cm_256_hmac_sha1_32(crypto_policy_t *p);
+
+/**
+ * @brief crypto_policy_set_aes_cm_256_null_auth() sets a crypto
+ * policy structure to an encryption-only policy
+ *
+ * @param p is a pointer to the policy structure to be set
+ *
+ * The function call crypto_policy_set_aes_cm_256_null_auth(&p) sets
+ * the crypto_policy_t at location p to use the SRTP default cipher
+ * (AES-256 Counter Mode), but to use no authentication method. This
+ * policy is NOT RECOMMENDED unless it is unavoidable; see Section 7.5
+ * of RFC 3711 (http://www.ietf.org/rfc/rfc3711.txt).
+ *
+ * This function is a convenience that helps to avoid dealing directly
+ * with the policy data structure. You are encouraged to initialize
+ * policy elements with this function call. Doing so may allow your
+ * code to be forward compatible with later versions of libSRTP that
+ * include more elements in the crypto_policy_t datatype.
+ *
+ * @warning This policy is NOT RECOMMENDED for SRTP unless it is
+ * unavoidable, and it is NOT RECOMMENDED at all for SRTCP; see
+ * Section 7.5 of RFC 3711 (http://www.ietf.org/rfc/rfc3711.txt).
+ *
+ * @return void.
+ *
+ */
+void
+crypto_policy_set_aes_cm_256_null_auth(crypto_policy_t *p);
+
+/**
+ * @brief crypto_policy_set_aes_gcm_128_8_auth() sets a crypto
+ * policy structure to an AEAD encryption policy.
+ *
+ * @param p is a pointer to the policy structure to be set
+ *
+ * The function call crypto_policy_set_aes_gcm_128_8_auth(&p) sets
+ * the crypto_policy_t at location p to use the SRTP default cipher
+ * (AES-128 Galois Counter Mode) with 8 octet auth tag. This
+ * policy applies confidentiality and authentication to both the
+ * RTP and RTCP packets.
+ *
+ * This function is a convenience that helps to avoid dealing directly
+ * with the policy data structure. You are encouraged to initialize
+ * policy elements with this function call. Doing so may allow your
+ * code to be forward compatible with later versions of libSRTP that
+ * include more elements in the crypto_policy_t datatype.
+ *
+ * @return void.
+ *
+ */
+void
+crypto_policy_set_aes_gcm_128_8_auth(crypto_policy_t *p);
+
+/**
+ * @brief crypto_policy_set_aes_gcm_256_8_auth() sets a crypto
+ * policy structure to an AEAD encryption policy
+ *
+ * @param p is a pointer to the policy structure to be set
+ *
+ * The function call crypto_policy_set_aes_gcm_256_8_auth(&p) sets
+ * the crypto_policy_t at location p to use the SRTP default cipher
+ * (AES-256 Galois Counter Mode) with 8 octet auth tag. This
+ * policy applies confidentiality and authentication to both the
+ * RTP and RTCP packets.
+ *
+ * This function is a convenience that helps to avoid dealing directly
+ * with the policy data structure. You are encouraged to initialize
+ * policy elements with this function call. Doing so may allow your
+ * code to be forward compatible with later versions of libSRTP that
+ * include more elements in the crypto_policy_t datatype.
+ *
+ * @return void.
+ *
+ */
+void
+crypto_policy_set_aes_gcm_256_8_auth(crypto_policy_t *p);
+
+/**
+ * @brief crypto_policy_set_aes_gcm_128_8_only_auth() sets a crypto
+ * policy structure to an AEAD authentication-only policy
+ *
+ * @param p is a pointer to the policy structure to be set
+ *
+ * The function call crypto_policy_set_aes_gcm_128_8_only_auth(&p) sets
+ * the crypto_policy_t at location p to use the SRTP default cipher
+ * (AES-128 Galois Counter Mode) with 8 octet auth tag. This policy
+ * applies confidentiality and authentication to the RTP packets,
+ * but only authentication to the RTCP packets.
+ *
+ * This function is a convenience that helps to avoid dealing directly
+ * with the policy data structure. You are encouraged to initialize
+ * policy elements with this function call. Doing so may allow your
+ * code to be forward compatible with later versions of libSRTP that
+ * include more elements in the crypto_policy_t datatype.
+ *
+ * @return void.
+ *
+ */
+void
+crypto_policy_set_aes_gcm_128_8_only_auth(crypto_policy_t *p);
+
+/**
+ * @brief crypto_policy_set_aes_gcm_256_8_only_auth() sets a crypto
+ * policy structure to an AEAD authentication-only policy
+ *
+ * @param p is a pointer to the policy structure to be set
+ *
+ * The function call crypto_policy_set_aes_gcm_256_8_only_auth(&p) sets
+ * the crypto_policy_t at location p to use the SRTP default cipher
+ * (AES-256 Galois Counter Mode) with 8 octet auth tag. This policy
+ * applies confidentiality and authentication to the RTP packets,
+ * but only authentication to the RTCP packets.
+ *
+ * This function is a convenience that helps to avoid dealing directly
+ * with the policy data structure. You are encouraged to initialize
+ * policy elements with this function call. Doing so may allow your
+ * code to be forward compatible with later versions of libSRTP that
+ * include more elements in the crypto_policy_t datatype.
+ *
+ * @return void.
+ *
+ */
+void
+crypto_policy_set_aes_gcm_256_8_only_auth(crypto_policy_t *p);
+
+/**
+ * @brief crypto_policy_set_aes_gcm_128_16_auth() sets a crypto
+ * policy structure to an AEAD encryption policy.
+ *
+ * @param p is a pointer to the policy structure to be set
+ *
+ * The function call crypto_policy_set_aes_gcm_128_16_auth(&p) sets
+ * the crypto_policy_t at location p to use the SRTP default cipher
+ * (AES-128 Galois Counter Mode) with 16 octet auth tag. This
+ * policy applies confidentiality and authentication to both the
+ * RTP and RTCP packets.
+ *
+ * This function is a convenience that helps to avoid dealing directly
+ * with the policy data structure. You are encouraged to initialize
+ * policy elements with this function call. Doing so may allow your
+ * code to be forward compatible with later versions of libSRTP that
+ * include more elements in the crypto_policy_t datatype.
+ *
+ * @return void.
+ *
+ */
+void
+crypto_policy_set_aes_gcm_128_16_auth(crypto_policy_t *p);
+
+/**
+ * @brief crypto_policy_set_aes_gcm_256_16_auth() sets a crypto
+ * policy structure to an AEAD encryption policy
+ *
+ * @param p is a pointer to the policy structure to be set
+ *
+ * The function call crypto_policy_set_aes_gcm_256_16_auth(&p) sets
+ * the crypto_policy_t at location p to use the SRTP default cipher
+ * (AES-256 Galois Counter Mode) with 16 octet auth tag. This
+ * policy applies confidentiality and authentication to both the
+ * RTP and RTCP packets.
+ *
+ * This function is a convenience that helps to avoid dealing directly
+ * with the policy data structure. You are encouraged to initialize
+ * policy elements with this function call. Doing so may allow your
+ * code to be forward compatible with later versions of libSRTP that
+ * include more elements in the crypto_policy_t datatype.
+ *
+ * @return void.
+ *
+ */
+void
+crypto_policy_set_aes_gcm_256_16_auth(crypto_policy_t *p);
+
+
/**
* @brief srtp_dealloc() deallocates storage for an SRTP session
* context.
@@ -746,6 +1015,11 @@ append_salt_to_key(unsigned char *key, unsigned int bytes_in_key,
* packet, and assumes that the RTCP packet is aligned on a 32-bit
* boundary.
*
+ * @warning This function assumes that it can write SRTP_MAX_TRAILER_LEN+4
+ * into the location in memory immediately following the RTCP packet.
+ * Callers MUST ensure that this much writable memory is available in
+ * the buffer that holds the RTCP packet.
+ *
* @param ctx is the SRTP context to use in processing the packet.
*
* @param rtcp_hdr is a pointer to the RTCP packet (before the call); after
@@ -813,6 +1087,57 @@ srtp_unprotect_rtcp(srtp_t ctx, void *srtcp_hdr, int *pkt_octet_len);
* @}
*/
+
+/**
+ * @defgroup User data associated to a SRTP session.
+ * @ingroup SRTP
+ *
+ * @brief Store custom user data within a SRTP session.
+ *
+ * @{
+ */
+
+/**
+ * @brief srtp_set_user_data() stores the given pointer into the SRTP
+ * session for later retrieval.
+ *
+ * @param ctx is the srtp_t context in which the given data pointer is
+ * stored.
+ *
+ * @param data is a pointer to the custom information (struct, function,
+ * etc) associated with the SRTP session.
+ *
+ * @return void.
+ *
+ */
+
+void
+srtp_set_user_data(srtp_t ctx, void *data);
+
+/**
+ * @brief srtp_get_user_data() retrieves the pointer to the custom data
+ * previously stored with srtp_set_user_data().
+ *
+ * This function is mostly useful for retrieving data associated to a
+ * SRTP session when an event fires. The user can then get such a custom
+ * data by calling this function with the session field of the
+ * srtp_event_data_t struct as argument.
+ *
+ * @param ctx is the srtp_t context in which the given data pointer was
+ * stored.
+ *
+ * @return void* pointer to the user data.
+ *
+ */
+
+void*
+srtp_get_user_data(srtp_t ctx);
+
+/**
+ * @}
+ */
+
+
/**
* @defgroup SRTPevents SRTP events and callbacks
* @ingroup SRTP
@@ -914,6 +1239,18 @@ err_status_t
srtp_install_event_handler(srtp_event_handler_func_t func);
/**
+ * @brief Returns the version string of the library.
+ *
+ */
+const char *srtp_get_version_string(void);
+
+/**
+ * @brief Returns the numeric representation of the library version.
+ *
+ */
+unsigned int srtp_get_version(void);
+
+/**
* @}
*/
/* in host order, so outside the #if */
@@ -922,10 +1259,6 @@ srtp_install_event_handler(srtp_event_handler_func_t func);
#define SRTCP_E_BYTE_BIT 0x80
#define SRTCP_INDEX_MASK 0x7fffffff
-#ifdef _MSC_VER
-#pragma pack()
-#endif
-
#ifdef __cplusplus
}
#endif
diff --git a/third_party/srtp/include/srtp_priv.h b/third_party/srtp/include/srtp_priv.h
index 9214a650..170df5b1 100644
--- a/third_party/srtp/include/srtp_priv.h
+++ b/third_party/srtp/include/srtp_priv.h
@@ -45,10 +45,20 @@
#ifndef SRTP_PRIV_H
#define SRTP_PRIV_H
+#include "config.h"
#include "srtp.h"
#include "rdbx.h"
#include "rdb.h"
#include "integers.h"
+#include "crypto.h"
+#include "cipher.h"
+#include "auth.h"
+#include "aes.h"
+#include "key.h"
+#include "crypto_kernel.h"
+
+#define SRTP_VER_STRING PACKAGE_STRING
+#define SRTP_VERSION PACKAGE_VERSION
/*
* an srtp_hdr_t represents the srtp header
@@ -59,11 +69,6 @@
* is not identical)
*/
-#ifdef _MSC_VER
-# pragma warning(push)
-# pragma warning(disable:4214) // bit field types other than int
-#endif
-
#ifndef WORDS_BIGENDIAN
/*
@@ -72,6 +77,7 @@
* "unsigned char", but doing so causes the MS compiler to not
* fully pack the bit fields.
*/
+
typedef struct {
unsigned char cc:4; /* CSRC count */
unsigned char x:1; /* header extension flag */
@@ -92,14 +98,13 @@ typedef struct {
unsigned char x:1; /* header extension flag */
unsigned char cc:4; /* CSRC count */
unsigned char m:1; /* marker bit */
- unsigned pt:7; /* payload type */
+ unsigned char pt:7; /* payload type */
uint16_t seq; /* sequence number */
uint32_t ts; /* timestamp */
uint32_t ssrc; /* synchronization source */
} srtp_hdr_t;
#endif
-
typedef struct {
uint16_t profile_specific; /* profile-specific info */
@@ -162,11 +167,6 @@ typedef struct {
#endif
-#ifdef _MSC_VER
-# pragma warning( pop )
-#endif
-
-
/*
* the following declarations are libSRTP internal functions
*/
@@ -190,6 +190,15 @@ err_status_t
srtp_stream_init_keys(srtp_stream_t srtp, const void *key);
/*
+ * srtp_stream_init(s, p) initializes the srtp_stream_t s to
+ * use the policy at the location p
+ */
+err_status_t
+srtp_stream_init(srtp_stream_t srtp,
+ const srtp_policy_t *p);
+
+
+/*
* libsrtp internal datatypes
*/
@@ -219,6 +228,10 @@ typedef struct srtp_stream_ctx_t {
sec_serv_t rtcp_services;
key_limit_ctx_t *limit;
direction_t direction;
+ int allow_repeat_tx;
+ ekt_stream_t ekt;
+ uint8_t salt[SRTP_AEAD_SALT_LEN]; /* used with GCM mode for SRTP */
+ uint8_t c_salt[SRTP_AEAD_SALT_LEN]; /* used with GCM mode for SRTCP */
struct srtp_stream_ctx_t *next; /* linked list of streams */
} srtp_stream_ctx_t;
@@ -230,6 +243,7 @@ typedef struct srtp_stream_ctx_t {
typedef struct srtp_ctx_t {
srtp_stream_ctx_t *stream_list; /* linked list of streams */
srtp_stream_ctx_t *stream_template; /* act as template for other streams */
+ void *user_data; /* user custom data */
} srtp_ctx_t;
diff --git a/third_party/srtp/install-win.bat b/third_party/srtp/install-win.bat
new file mode 100644
index 00000000..d95d6d9f
--- /dev/null
+++ b/third_party/srtp/install-win.bat
@@ -0,0 +1,31 @@
+:: Installs from srtp windows build directory to directory specified on
+:: command line
+
+
+@if "%1"=="" (
+ echo "Usage: %~nx0 destdir"
+ exit /b 1
+) else (
+ set destdir=%1
+)
+
+@if not exist %destdir% (
+ echo %destdir% not found
+ exit /b 1
+)
+
+@for %%d in (include\srtp.h crypto\include\crypto.h Debug\srtp.lib Release\srtp.lib) do (
+ if not exist "%%d" (
+ echo "%%d not found: are you in the right directory?"
+ exit /b 1
+ )
+)
+
+mkdir %destdir%\include
+mkdir %destdir%\include\srtp
+mkdir %destdir%\lib
+
+copy include\*.h %destdir%\include\srtp
+copy crypto\include\*.h %destdir%\include\srtp
+copy Release\srtp.lib %destdir%\lib\srtp.lib
+copy Debug\srtp.lib %destdir%\lib\srtpd.lib
diff --git a/third_party/srtp/libsrtp.pc.in b/third_party/srtp/libsrtp.pc.in
new file mode 100644
index 00000000..957c9dd1
--- /dev/null
+++ b/third_party/srtp/libsrtp.pc.in
@@ -0,0 +1,11 @@
+prefix=@prefix@
+exec_prefix=@prefix@
+libdir=@libdir@
+includedir=@includedir@
+
+Name: @PACKAGE_NAME@
+Version: @PACKAGE_VERSION@
+Description: Library for SRTP (Secure Realtime Transport Protocol)
+
+Libs: -L${libdir} -lsrtp @LIBS@
+Cflags: -I${includedir}
diff --git a/third_party/srtp/pjlib/srtp_err.c b/third_party/srtp/pjlib/srtp_err.c
index 8a92c56b..bd60ca17 100644
--- a/third_party/srtp/pjlib/srtp_err.c
+++ b/third_party/srtp/pjlib/srtp_err.c
@@ -24,12 +24,13 @@
err_reporting_level_t err_level = err_level_none;
err_status_t
-err_reporting_init(char *ident) {
+err_reporting_init(const char *ident) {
+ PJ_UNUSED_ARG(ident);
return err_status_ok;
}
void
-err_report(int priority, char *format, ...) {
+err_report(int priority, const char *format, ...) {
va_list args;
#if PJ_LOG_MAX_LEVEL >= 1
diff --git a/third_party/srtp/srtp.def b/third_party/srtp/srtp.def
index c1198c5e..6fc94da0 100644
--- a/third_party/srtp/srtp.def
+++ b/third_party/srtp/srtp.def
@@ -89,4 +89,3 @@ aes_icm_encrypt_ismacryp
aes_icm_alloc_ismacryp
crypto_alloc
crypto_free
-\ No newline at end of file \ No newline at end of file
diff --git a/third_party/srtp/srtp.sln b/third_party/srtp/srtp.sln
new file mode 100644
index 00000000..b58d14c9
--- /dev/null
+++ b/third_party/srtp/srtp.sln
@@ -0,0 +1,26 @@
+
+Microsoft Visual Studio Solution File, Format Version 9.00
+# Visual C++ Express 2005
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "srtp", "srtp.vcproj", "{EEF031CB-FED8-451E-A471-91EC8D4F6750}"
+EndProject
+Global
+ GlobalSection(SolutionConfigurationPlatforms) = preSolution
+ Debug Dll|Win32 = Debug Dll|Win32
+ Debug|Win32 = Debug|Win32
+ Release Dll|Win32 = Release Dll|Win32
+ Release|Win32 = Release|Win32
+ EndGlobalSection
+ GlobalSection(ProjectConfigurationPlatforms) = postSolution
+ {EEF031CB-FED8-451E-A471-91EC8D4F6750}.Debug Dll|Win32.ActiveCfg = Debug Dll|Win32
+ {EEF031CB-FED8-451E-A471-91EC8D4F6750}.Debug Dll|Win32.Build.0 = Debug Dll|Win32
+ {EEF031CB-FED8-451E-A471-91EC8D4F6750}.Debug|Win32.ActiveCfg = Debug|Win32
+ {EEF031CB-FED8-451E-A471-91EC8D4F6750}.Debug|Win32.Build.0 = Debug|Win32
+ {EEF031CB-FED8-451E-A471-91EC8D4F6750}.Release Dll|Win32.ActiveCfg = Release Dll|Win32
+ {EEF031CB-FED8-451E-A471-91EC8D4F6750}.Release Dll|Win32.Build.0 = Release Dll|Win32
+ {EEF031CB-FED8-451E-A471-91EC8D4F6750}.Release|Win32.ActiveCfg = Release|Win32
+ {EEF031CB-FED8-451E-A471-91EC8D4F6750}.Release|Win32.Build.0 = Release|Win32
+ EndGlobalSection
+ GlobalSection(SolutionProperties) = preSolution
+ HideSolutionNode = FALSE
+ EndGlobalSection
+EndGlobal
diff --git a/third_party/srtp/srtp.vcproj b/third_party/srtp/srtp.vcproj
index 989646e8..d781746e 100644
--- a/third_party/srtp/srtp.vcproj
+++ b/third_party/srtp/srtp.vcproj
@@ -49,7 +49,7 @@
PreprocessorDefinitions="WIN32;_DEBUG;_LIB;HAVE_CONFIG_H"
MinimalRebuild="true"
BasicRuntimeChecks="3"
- RuntimeLibrary="3"
+ RuntimeLibrary="1"
StructMemberAlignment="0"
UsePrecompiledHeader="0"
WarningLevel="3"
@@ -116,7 +116,7 @@
Name="VCCLCompilerTool"
AdditionalIncludeDirectories="crypto/include;include"
PreprocessorDefinitions="WIN32;NDEBUG;_LIB;HAVE_CONFIG_H"
- RuntimeLibrary="2"
+ RuntimeLibrary="0"
StructMemberAlignment="0"
UsePrecompiledHeader="0"
WarningLevel="3"
@@ -324,6 +324,10 @@
UniqueIdentifier="{4FC737F1-C7A5-4376-A066-2A32D752A2FF}"
>
<File
+ RelativePath=".\srtp\ekt.c"
+ >
+ </File>
+ <File
RelativePath=".\srtp\srtp.c"
>
</File>
@@ -484,10 +488,6 @@
>
</File>
<File
- RelativePath=".\crypto\include\crypto_math.h"
- >
- </File>
- <File
RelativePath=".\crypto\include\crypto_types.h"
>
</File>
@@ -500,6 +500,10 @@
>
</File>
<File
+ RelativePath=".\include\ekt.h"
+ >
+ </File>
+ <File
RelativePath=".\crypto\include\err.h"
>
</File>
@@ -516,10 +520,6 @@
>
</File>
<File
- RelativePath=".\crypto\include\kernel_compat.h"
- >
- </File>
- <File
RelativePath=".\crypto\include\key.h"
>
</File>
@@ -548,10 +548,6 @@
>
</File>
<File
- RelativePath=".\include\rtp.h"
- >
- </File>
- <File
RelativePath=".\crypto\include\sha1.h"
>
</File>
@@ -560,15 +556,15 @@
>
</File>
<File
- RelativePath=".\crypto\include\stat.h"
+ RelativePath=".\include\srtp_priv.h"
>
</File>
<File
- RelativePath=".\include\ut_sim.h"
+ RelativePath=".\crypto\include\stat.h"
>
</File>
<File
- RelativePath=".\crypto\include\xfm.h"
+ RelativePath=".\include\ut_sim.h"
>
</File>
</Filter>
@@ -579,6 +575,10 @@
>
</Filter>
<File
+ RelativePath=".\config.hw"
+ >
+ </File>
+ <File
RelativePath=".\srtp.def"
>
</File>
diff --git a/third_party/srtp/srtp/ekt.c b/third_party/srtp/srtp/ekt.c
new file mode 100644
index 00000000..335a21ff
--- /dev/null
+++ b/third_party/srtp/srtp/ekt.c
@@ -0,0 +1,279 @@
+/*
+ * ekt.c
+ *
+ * Encrypted Key Transport for SRTP
+ *
+ * David McGrew
+ * Cisco Systems, Inc.
+ */
+/*
+ *
+ * Copyright (c) 2001-2006 Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following
+ * disclaimer in the documentation and/or other materials provided
+ * with the distribution.
+ *
+ * Neither the name of the Cisco Systems, Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+
+#include "srtp_priv.h"
+#include "err.h"
+#include "ekt.h"
+
+extern debug_module_t mod_srtp;
+
+/*
+ * The EKT Authentication Tag format.
+ *
+ * 0 1 2 3
+ * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * : Base Authentication Tag :
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * : Encrypted Master Key :
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | Rollover Counter |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | Initial Sequence Number | Security Parameter Index |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ *
+ */
+
+#define EKT_OCTETS_AFTER_BASE_TAG 24
+#define EKT_OCTETS_AFTER_EMK 8
+#define EKT_OCTETS_AFTER_ROC 4
+#define EKT_SPI_LEN 2
+
+unsigned
+ekt_octets_after_base_tag(ekt_stream_t ekt) {
+ /*
+ * if the pointer ekt is NULL, then EKT is not in effect, so we
+ * indicate this by returning zero
+ */
+ if (!ekt)
+ return 0;
+
+ switch(ekt->data->ekt_cipher_type) {
+ case EKT_CIPHER_AES_128_ECB:
+ return 16 + EKT_OCTETS_AFTER_EMK;
+ break;
+ default:
+ break;
+ }
+ return 0;
+}
+
+static inline ekt_spi_t
+srtcp_packet_get_ekt_spi(const uint8_t *packet_start, unsigned pkt_octet_len) {
+ const uint8_t *spi_location;
+
+ spi_location = packet_start + (pkt_octet_len - EKT_SPI_LEN);
+
+ return *((const ekt_spi_t *)spi_location);
+}
+
+static inline uint32_t
+srtcp_packet_get_ekt_roc(const uint8_t *packet_start, unsigned pkt_octet_len) {
+ const uint8_t *roc_location;
+
+ roc_location = packet_start + (pkt_octet_len - EKT_OCTETS_AFTER_ROC);
+
+ return *((const uint32_t *)roc_location);
+}
+
+static inline const uint8_t *
+srtcp_packet_get_emk_location(const uint8_t *packet_start,
+ unsigned pkt_octet_len) {
+ const uint8_t *location;
+
+ location = packet_start + (pkt_octet_len - EKT_OCTETS_AFTER_BASE_TAG);
+
+ return location;
+}
+
+
+err_status_t
+ekt_alloc(ekt_stream_t *stream_data, ekt_policy_t policy) {
+
+ /*
+ * if the policy pointer is NULL, then EKT is not in use
+ * so we just set the EKT stream data pointer to NULL
+ */
+ if (!policy) {
+ *stream_data = NULL;
+ return err_status_ok;
+ }
+
+ /* TODO */
+ *stream_data = NULL;
+
+ return err_status_ok;
+}
+
+err_status_t
+ekt_stream_init_from_policy(ekt_stream_t stream_data, ekt_policy_t policy) {
+ if (!stream_data)
+ return err_status_ok;
+
+ return err_status_ok;
+}
+
+
+void
+aes_decrypt_with_raw_key(void *ciphertext, const void *key, int key_len) {
+#ifndef OPENSSL
+//FIXME: need to get this working through the crypto module interface
+ aes_expanded_key_t expanded_key;
+
+ aes_expand_decryption_key(key, key_len, &expanded_key);
+ aes_decrypt(ciphertext, &expanded_key);
+#endif
+}
+
+/*
+ * The function srtp_stream_init_from_ekt() initializes a stream using
+ * the EKT data from an SRTCP trailer.
+ */
+
+err_status_t
+srtp_stream_init_from_ekt(srtp_stream_t stream,
+ const void *srtcp_hdr,
+ unsigned pkt_octet_len) {
+ err_status_t err;
+ const uint8_t *master_key;
+ srtp_policy_t srtp_policy;
+ uint32_t roc;
+
+ /*
+ * NOTE: at present, we only support a single ekt_policy at a time.
+ */
+ if (stream->ekt->data->spi !=
+ srtcp_packet_get_ekt_spi(srtcp_hdr, pkt_octet_len))
+ return err_status_no_ctx;
+
+ if (stream->ekt->data->ekt_cipher_type != EKT_CIPHER_AES_128_ECB)
+ return err_status_bad_param;
+
+ /* decrypt the Encrypted Master Key field */
+ master_key = srtcp_packet_get_emk_location(srtcp_hdr, pkt_octet_len);
+ /* FIX!? This decrypts the master key in-place, and never uses it */
+ /* FIX!? It's also passing to ekt_dec_key (which is an aes_expanded_key_t)
+ * to a function which expects a raw (unexpanded) key */
+ aes_decrypt_with_raw_key((void*)master_key, &stream->ekt->data->ekt_dec_key, 16);
+
+ /* set the SRTP ROC */
+ roc = srtcp_packet_get_ekt_roc(srtcp_hdr, pkt_octet_len);
+ err = rdbx_set_roc(&stream->rtp_rdbx, roc);
+ if (err) return err;
+
+ err = srtp_stream_init(stream, &srtp_policy);
+ if (err) return err;
+
+ return err_status_ok;
+}
+
+void
+ekt_write_data(ekt_stream_t ekt,
+ uint8_t *base_tag,
+ unsigned base_tag_len,
+ int *packet_len,
+ xtd_seq_num_t pkt_index) {
+ uint32_t roc;
+ uint16_t isn;
+ unsigned emk_len;
+ uint8_t *packet;
+
+ /* if the pointer ekt is NULL, then EKT is not in effect */
+ if (!ekt) {
+ debug_print(mod_srtp, "EKT not in use", NULL);
+ return;
+ }
+
+ /* write zeros into the location of the base tag */
+ octet_string_set_to_zero(base_tag, base_tag_len);
+ packet = base_tag + base_tag_len;
+
+ /* copy encrypted master key into packet */
+ emk_len = ekt_octets_after_base_tag(ekt);
+ memcpy(packet, ekt->encrypted_master_key, emk_len);
+ debug_print(mod_srtp, "writing EKT EMK: %s,",
+ octet_string_hex_string(packet, emk_len));
+ packet += emk_len;
+
+ /* copy ROC into packet */
+ roc = (uint32_t)(pkt_index >> 16);
+ *((uint32_t *)packet) = be32_to_cpu(roc);
+ debug_print(mod_srtp, "writing EKT ROC: %s,",
+ octet_string_hex_string(packet, sizeof(roc)));
+ packet += sizeof(roc);
+
+ /* copy ISN into packet */
+ isn = (uint16_t)pkt_index;
+ *((uint16_t *)packet) = htons(isn);
+ debug_print(mod_srtp, "writing EKT ISN: %s,",
+ octet_string_hex_string(packet, sizeof(isn)));
+ packet += sizeof(isn);
+
+ /* copy SPI into packet */
+ *((uint16_t *)packet) = htons(ekt->data->spi);
+ debug_print(mod_srtp, "writing EKT SPI: %s,",
+ octet_string_hex_string(packet, sizeof(ekt->data->spi)));
+
+ /* increase packet length appropriately */
+ *packet_len += EKT_OCTETS_AFTER_EMK + emk_len;
+}
+
+
+/*
+ * The function call srtcp_ekt_trailer(ekt, auth_len, auth_tag )
+ *
+ * If the pointer ekt is NULL, then the other inputs are unaffected.
+ *
+ * auth_tag is a pointer to the pointer to the location of the
+ * authentication tag in the packet. If EKT is in effect, then the
+ * auth_tag pointer is set to the location
+ */
+
+void
+srtcp_ekt_trailer(ekt_stream_t ekt,
+ unsigned *auth_len,
+ void **auth_tag,
+ void *tag_copy) {
+
+ /*
+ * if there is no EKT policy, then the other inputs are unaffected
+ */
+ if (!ekt)
+ return;
+
+ /* copy auth_tag into temporary location */
+
+}
+
diff --git a/third_party/srtp/srtp/srtp.c b/third_party/srtp/srtp/srtp.c
index b30f6d38..e06f5860 100644
--- a/third_party/srtp/srtp/srtp.c
+++ b/third_party/srtp/srtp/srtp.c
@@ -44,8 +44,11 @@
#include "srtp_priv.h"
-#include "aes_icm.h" /* aes_icm is used in the KDF */
+#include "ekt.h" /* for SRTP Encrypted Key Transport */
#include "alloc.h" /* for crypto_alloc() */
+#ifdef OPENSSL
+#include "aes_gcm_ossl.h" /* for AES GCM mode */
+#endif
#ifndef SRTP_KERNEL
# include <limits.h>
@@ -57,9 +60,6 @@
#endif /* ! SRTP_KERNEL */
-extern cipher_type_t aes_icm;
-extern auth_type_t tmmhv2;
-
/* the debug module for srtp */
debug_module_t mod_srtp = {
@@ -71,7 +71,71 @@ debug_module_t mod_srtp = {
#define uint32s_in_rtp_header 3
#define octets_in_rtcp_header 8
#define uint32s_in_rtcp_header 2
+#define octets_in_rtp_extn_hdr 4
+
+static err_status_t
+srtp_validate_rtp_header(void *rtp_hdr, int *pkt_octet_len) {
+ srtp_hdr_t *hdr = (srtp_hdr_t *)rtp_hdr;
+
+ /* Check RTP header length */
+ int rtp_header_len = octets_in_rtp_header + 4 * hdr->cc;
+ if (hdr->x == 1)
+ rtp_header_len += octets_in_rtp_extn_hdr;
+
+ if (*pkt_octet_len < rtp_header_len)
+ return err_status_bad_param;
+
+ /* Verifing profile length. */
+ if (hdr->x == 1) {
+ srtp_hdr_xtnd_t *xtn_hdr =
+ (srtp_hdr_xtnd_t *)((uint32_t *)hdr + uint32s_in_rtp_header + hdr->cc);
+ int profile_len = ntohs(xtn_hdr->length);
+ rtp_header_len += profile_len * 4;
+ /* profile length counts the number of 32-bit words */
+ if (*pkt_octet_len < rtp_header_len)
+ return err_status_bad_param;
+ }
+ return err_status_ok;
+}
+
+const char *srtp_get_version_string ()
+{
+ /*
+ * Simply return the autotools generated string
+ */
+ return SRTP_VER_STRING;
+}
+
+unsigned int srtp_get_version ()
+{
+ unsigned int major = 0, minor = 0, micro = 0;
+ unsigned int rv = 0;
+ int parse_rv;
+
+ /*
+ * Parse the autotools generated version
+ */
+ parse_rv = sscanf(SRTP_VERSION, "%u.%u.%u", &major, &minor, &micro);
+ if (parse_rv != 3) {
+ /*
+ * We're expected to parse all 3 version levels.
+ * If not, then this must not be an official release.
+ * Return all zeros on the version
+ */
+ return (0);
+ }
+ /*
+ * We allow 8 bits for the major and minor, while
+ * allowing 16 bits for the micro. 16 bits for the micro
+ * may be beneficial for a continuous delivery model
+ * in the future.
+ */
+ rv |= (major & 0xFF) << 24;
+ rv |= (minor & 0xFF) << 16;
+ rv |= micro & 0xFF;
+ return rv;
+}
err_status_t
srtp_stream_alloc(srtp_stream_ctx_t **str_ptr,
@@ -96,7 +160,8 @@ srtp_stream_alloc(srtp_stream_ctx_t **str_ptr,
/* allocate cipher */
stat = crypto_kernel_alloc_cipher(p->rtp.cipher_type,
&str->rtp_cipher,
- p->rtp.cipher_key_len);
+ p->rtp.cipher_key_len,
+ p->rtp.auth_tag_len);
if (stat) {
crypto_free(str);
return stat;
@@ -128,7 +193,8 @@ srtp_stream_alloc(srtp_stream_ctx_t **str_ptr,
*/
stat = crypto_kernel_alloc_cipher(p->rtcp.cipher_type,
&str->rtcp_cipher,
- p->rtcp.cipher_key_len);
+ p->rtcp.cipher_key_len,
+ p->rtcp.auth_tag_len);
if (stat) {
auth_dealloc(str->rtp_auth);
cipher_dealloc(str->rtp_cipher);
@@ -151,6 +217,18 @@ srtp_stream_alloc(srtp_stream_ctx_t **str_ptr,
return stat;
}
+ /* allocate ekt data associated with stream */
+ stat = ekt_alloc(&str->ekt, p->ekt);
+ if (stat) {
+ auth_dealloc(str->rtcp_auth);
+ cipher_dealloc(str->rtcp_cipher);
+ auth_dealloc(str->rtp_auth);
+ cipher_dealloc(str->rtp_cipher);
+ crypto_free(str->limit);
+ crypto_free(str);
+ return stat;
+ }
+
return err_status_ok;
}
@@ -217,6 +295,19 @@ srtp_stream_dealloc(srtp_t session, srtp_stream_ctx_t *stream) {
if (status)
return status;
}
+
+ status = rdbx_dealloc(&stream->rtp_rdbx);
+ if (status)
+ return status;
+
+ /* DAM - need to deallocate EKT here */
+
+ /*
+ * zeroize the salt value
+ */
+ memset(stream->salt, 0, SRTP_AEAD_SALT_LEN);
+ memset(stream->c_salt, 0, SRTP_AEAD_SALT_LEN);
+
/* deallocate srtp stream context */
crypto_free(stream);
@@ -256,12 +347,22 @@ srtp_stream_clone(const srtp_stream_ctx_t *stream_template,
/* set key limit to point to that of the template */
status = key_limit_clone(stream_template->limit, &str->limit);
- if (status)
+ if (status) {
+ crypto_free(*str_ptr);
+ *str_ptr = NULL;
return status;
+ }
/* initialize replay databases */
- rdbx_init(&str->rtp_rdbx);
+ status = rdbx_init(&str->rtp_rdbx,
+ rdbx_get_window_size(&stream_template->rtp_rdbx));
+ if (status) {
+ crypto_free(*str_ptr);
+ *str_ptr = NULL;
+ return status;
+ }
rdb_init(&str->rtcp_rdb);
+ str->allow_repeat_tx = stream_template->allow_repeat_tx;
/* set ssrc to that provided */
str->ssrc = ssrc;
@@ -271,6 +372,13 @@ srtp_stream_clone(const srtp_stream_ctx_t *stream_template,
str->rtp_services = stream_template->rtp_services;
str->rtcp_services = stream_template->rtcp_services;
+ /* set pointer to EKT data associated with stream */
+ str->ekt = stream_template->ekt;
+
+ /* Copy the salt values */
+ memcpy(str->salt, stream_template->salt, SRTP_AEAD_SALT_LEN);
+ memcpy(str->c_salt, stream_template->c_salt, SRTP_AEAD_SALT_LEN);
+
/* defensive coding */
str->next = NULL;
@@ -283,14 +391,15 @@ srtp_stream_clone(const srtp_stream_ctx_t *stream_template,
*
* srtp_kdf_t is a key derivation context
*
- * srtp_kdf_init(&kdf, k) initializes kdf with the key k
+ * srtp_kdf_init(&kdf, cipher_id, k, keylen) initializes kdf to use cipher
+ * described by cipher_id, with the master key k with length in octets keylen.
*
* srtp_kdf_generate(&kdf, l, kl, keylen) derives the key
* corresponding to label l and puts it into kl; the length
* of the key in octets is provided as keylen. this function
* should be called once for each subkey that is derived.
*
- * srtp_kdf_clear(&kdf) zeroizes the kdf state
+ * srtp_kdf_clear(&kdf) zeroizes and deallocates the kdf state
*/
typedef enum {
@@ -309,40 +418,57 @@ typedef enum {
*/
typedef struct {
- aes_icm_ctx_t c; /* cipher used for key derivation */
+ cipher_t *cipher; /* cipher used for key derivation */
} srtp_kdf_t;
err_status_t
-srtp_kdf_init(srtp_kdf_t *kdf, const uint8_t key[30]) {
+srtp_kdf_init(srtp_kdf_t *kdf, cipher_type_id_t cipher_id, const uint8_t *key, int length) {
- aes_icm_context_init(&kdf->c, key);
+ err_status_t stat;
+ stat = crypto_kernel_alloc_cipher(cipher_id, &kdf->cipher, length, 0);
+ if (stat)
+ return stat;
+
+ stat = cipher_init(kdf->cipher, key);
+ if (stat) {
+ cipher_dealloc(kdf->cipher);
+ return stat;
+ }
return err_status_ok;
}
err_status_t
srtp_kdf_generate(srtp_kdf_t *kdf, srtp_prf_label label,
- uint8_t *key, int length) {
+ uint8_t *key, unsigned int length) {
v128_t nonce;
+ err_status_t status;
/* set eigth octet of nonce to <label>, set the rest of it to zero */
v128_set_to_zero(&nonce);
nonce.v8[7] = label;
- aes_icm_set_iv(&kdf->c, &nonce);
+ status = cipher_set_iv(kdf->cipher, &nonce, direction_encrypt);
+ if (status)
+ return status;
/* generate keystream output */
- aes_icm_output(&kdf->c, key, length);
+ octet_string_set_to_zero(key, length);
+ status = cipher_encrypt(kdf->cipher, key, &length);
+ if (status)
+ return status;
return err_status_ok;
}
err_status_t
srtp_kdf_clear(srtp_kdf_t *kdf) {
-
- /* zeroize aes context */
- octet_string_set_to_zero((uint8_t *)kdf, sizeof(srtp_kdf_t));
+ err_status_t status;
+ status = cipher_dealloc(kdf->cipher);
+ if (status)
+ return status;
+ kdf->cipher = NULL;
return err_status_ok;
}
@@ -354,39 +480,113 @@ srtp_kdf_clear(srtp_kdf_t *kdf) {
#define MAX_SRTP_KEY_LEN 256
+/* Get the base key length corresponding to a given combined key+salt
+ * length for the given cipher.
+ * Assumption is that for AES-ICM a key length < 30 is Ismacryp using
+ * AES-128 and short salts; everything else uses a salt length of 14.
+ * TODO: key and salt lengths should be separate fields in the policy. */
+static inline int base_key_length(const cipher_type_t *cipher, int key_length)
+{
+ switch (cipher->id) {
+ case AES_128_ICM:
+ case AES_192_ICM:
+ case AES_256_ICM:
+ /* The legacy modes are derived from
+ * the configured key length on the policy */
+ return key_length - 14;
+ break;
+ case AES_128_GCM:
+ return 16;
+ break;
+ case AES_256_GCM:
+ return 32;
+ break;
+ default:
+ return key_length;
+ break;
+ }
+}
+
err_status_t
srtp_stream_init_keys(srtp_stream_ctx_t *srtp, const void *key) {
err_status_t stat;
srtp_kdf_t kdf;
uint8_t tmp_key[MAX_SRTP_KEY_LEN];
-
+ int kdf_keylen = 30, rtp_keylen, rtcp_keylen;
+ int rtp_base_key_len, rtp_salt_len;
+ int rtcp_base_key_len, rtcp_salt_len;
+
+ /* If RTP or RTCP have a key length > AES-128, assume matching kdf. */
+ /* TODO: kdf algorithm, master key length, and master salt length should
+ * be part of srtp_policy_t. */
+ rtp_keylen = cipher_get_key_length(srtp->rtp_cipher);
+ rtcp_keylen = cipher_get_key_length(srtp->rtcp_cipher);
+ rtp_base_key_len = base_key_length(srtp->rtp_cipher->type, rtp_keylen);
+ rtp_salt_len = rtp_keylen - rtp_base_key_len;
+
+ if (rtp_keylen > kdf_keylen) {
+ kdf_keylen = 46; /* AES-CTR mode is always used for KDF */
+ }
+
+ if (rtcp_keylen > kdf_keylen) {
+ kdf_keylen = 46; /* AES-CTR mode is always used for KDF */
+ }
+
+ debug_print(mod_srtp, "srtp key len: %d", rtp_keylen);
+ debug_print(mod_srtp, "srtcp key len: %d", rtcp_keylen);
+ debug_print(mod_srtp, "base key len: %d", rtp_base_key_len);
+ debug_print(mod_srtp, "kdf key len: %d", kdf_keylen);
+ debug_print(mod_srtp, "rtp salt len: %d", rtp_salt_len);
+
+ /*
+ * Make sure the key given to us is 'zero' appended. GCM
+ * mode uses a shorter master SALT (96 bits), but still relies on
+ * the legacy CTR mode KDF, which uses a 112 bit master SALT.
+ */
+ memset(tmp_key, 0x0, MAX_SRTP_KEY_LEN);
+ memcpy(tmp_key, key, (rtp_base_key_len + rtp_salt_len));
+
/* initialize KDF state */
- srtp_kdf_init(&kdf, (const uint8_t *)key);
+ stat = srtp_kdf_init(&kdf, AES_ICM, (const uint8_t *)tmp_key, kdf_keylen);
+ if (stat) {
+ return err_status_init_fail;
+ }
/* generate encryption key */
- srtp_kdf_generate(&kdf, label_rtp_encryption,
- tmp_key, cipher_get_key_length(srtp->rtp_cipher));
+ stat = srtp_kdf_generate(&kdf, label_rtp_encryption,
+ tmp_key, rtp_base_key_len);
+ if (stat) {
+ /* zeroize temp buffer */
+ octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN);
+ return err_status_init_fail;
+ }
+ debug_print(mod_srtp, "cipher key: %s",
+ octet_string_hex_string(tmp_key, rtp_base_key_len));
+
/*
- * if the cipher in the srtp context is aes_icm, then we need
+ * if the cipher in the srtp context uses a salt, then we need
* to generate the salt value
*/
- if (srtp->rtp_cipher->type == &aes_icm) {
- /* FIX!!! this is really the cipher key length; rest is salt */
- int base_key_len = 16;
- int salt_len = cipher_get_key_length(srtp->rtp_cipher) - base_key_len;
-
- debug_print(mod_srtp, "found aes_icm, generating salt", NULL);
+ if (rtp_salt_len > 0) {
+ debug_print(mod_srtp, "found rtp_salt_len > 0, generating salt", NULL);
/* generate encryption salt, put after encryption key */
- srtp_kdf_generate(&kdf, label_rtp_salt,
- tmp_key + base_key_len, salt_len);
+ stat = srtp_kdf_generate(&kdf, label_rtp_salt,
+ tmp_key + rtp_base_key_len, rtp_salt_len);
+ if (stat) {
+ /* zeroize temp buffer */
+ octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN);
+ return err_status_init_fail;
+ }
+ memcpy(srtp->salt, tmp_key + rtp_base_key_len, SRTP_AEAD_SALT_LEN);
+ }
+ if (rtp_salt_len > 0) {
+ debug_print(mod_srtp, "cipher salt: %s",
+ octet_string_hex_string(tmp_key + rtp_base_key_len, rtp_salt_len));
}
- debug_print(mod_srtp, "cipher key: %s",
- octet_string_hex_string(tmp_key,
- cipher_get_key_length(srtp->rtp_cipher)));
/* initialize cipher */
- stat = cipher_init(srtp->rtp_cipher, tmp_key, direction_any);
+ stat = cipher_init(srtp->rtp_cipher, tmp_key);
if (stat) {
/* zeroize temp buffer */
octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN);
@@ -394,8 +594,13 @@ srtp_stream_init_keys(srtp_stream_ctx_t *srtp, const void *key) {
}
/* generate authentication key */
- srtp_kdf_generate(&kdf, label_rtp_msg_auth,
- tmp_key, auth_get_key_length(srtp->rtp_auth));
+ stat = srtp_kdf_generate(&kdf, label_rtp_msg_auth,
+ tmp_key, auth_get_key_length(srtp->rtp_auth));
+ if (stat) {
+ /* zeroize temp buffer */
+ octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN);
+ return err_status_init_fail;
+ }
debug_print(mod_srtp, "auth key: %s",
octet_string_hex_string(tmp_key,
auth_get_key_length(srtp->rtp_auth)));
@@ -412,30 +617,46 @@ srtp_stream_init_keys(srtp_stream_ctx_t *srtp, const void *key) {
* ...now initialize SRTCP keys
*/
+ rtcp_base_key_len = base_key_length(srtp->rtcp_cipher->type, rtcp_keylen);
+ rtcp_salt_len = rtcp_keylen - rtcp_base_key_len;
+ debug_print(mod_srtp, "rtcp salt len: %d", rtcp_salt_len);
+
/* generate encryption key */
- srtp_kdf_generate(&kdf, label_rtcp_encryption,
- tmp_key, cipher_get_key_length(srtp->rtcp_cipher));
+ stat = srtp_kdf_generate(&kdf, label_rtcp_encryption,
+ tmp_key, rtcp_base_key_len);
+ if (stat) {
+ /* zeroize temp buffer */
+ octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN);
+ return err_status_init_fail;
+ }
+
/*
- * if the cipher in the srtp context is aes_icm, then we need
+ * if the cipher in the srtp context uses a salt, then we need
* to generate the salt value
*/
- if (srtp->rtcp_cipher->type == &aes_icm) {
- /* FIX!!! this is really the cipher key length; rest is salt */
- int base_key_len = 16;
- int salt_len = cipher_get_key_length(srtp->rtcp_cipher) - base_key_len;
-
- debug_print(mod_srtp, "found aes_icm, generating rtcp salt", NULL);
+ if (rtcp_salt_len > 0) {
+ debug_print(mod_srtp, "found rtcp_salt_len > 0, generating rtcp salt",
+ NULL);
/* generate encryption salt, put after encryption key */
- srtp_kdf_generate(&kdf, label_rtcp_salt,
- tmp_key + base_key_len, salt_len);
+ stat = srtp_kdf_generate(&kdf, label_rtcp_salt,
+ tmp_key + rtcp_base_key_len, rtcp_salt_len);
+ if (stat) {
+ /* zeroize temp buffer */
+ octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN);
+ return err_status_init_fail;
+ }
+ memcpy(srtp->c_salt, tmp_key + rtcp_base_key_len, SRTP_AEAD_SALT_LEN);
}
debug_print(mod_srtp, "rtcp cipher key: %s",
- octet_string_hex_string(tmp_key,
- cipher_get_key_length(srtp->rtcp_cipher)));
+ octet_string_hex_string(tmp_key, rtcp_base_key_len));
+ if (rtcp_salt_len > 0) {
+ debug_print(mod_srtp, "rtcp cipher salt: %s",
+ octet_string_hex_string(tmp_key + rtcp_base_key_len, rtcp_salt_len));
+ }
/* initialize cipher */
- stat = cipher_init(srtp->rtcp_cipher, tmp_key, direction_any);
+ stat = cipher_init(srtp->rtcp_cipher, tmp_key);
if (stat) {
/* zeroize temp buffer */
octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN);
@@ -443,8 +664,14 @@ srtp_stream_init_keys(srtp_stream_ctx_t *srtp, const void *key) {
}
/* generate authentication key */
- srtp_kdf_generate(&kdf, label_rtcp_msg_auth,
- tmp_key, auth_get_key_length(srtp->rtcp_auth));
+ stat = srtp_kdf_generate(&kdf, label_rtcp_msg_auth,
+ tmp_key, auth_get_key_length(srtp->rtcp_auth));
+ if (stat) {
+ /* zeroize temp buffer */
+ octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN);
+ return err_status_init_fail;
+ }
+
debug_print(mod_srtp, "rtcp auth key: %s",
octet_string_hex_string(tmp_key,
auth_get_key_length(srtp->rtcp_auth)));
@@ -458,8 +685,10 @@ srtp_stream_init_keys(srtp_stream_ctx_t *srtp, const void *key) {
}
/* clear memory then return */
- srtp_kdf_clear(&kdf);
+ stat = srtp_kdf_clear(&kdf);
octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN);
+ if (stat)
+ return err_status_init_fail;
return err_status_ok;
}
@@ -473,7 +702,18 @@ srtp_stream_init(srtp_stream_ctx_t *srtp,
p->ssrc.value);
/* initialize replay database */
- rdbx_init(&srtp->rtp_rdbx);
+ /* window size MUST be at least 64. MAY be larger. Values more than
+ * 2^15 aren't meaningful due to how extended sequence numbers are
+ * calculated. Let a window size of 0 imply the default value. */
+
+ if (p->window_size != 0 && (p->window_size < 64 || p->window_size >= 0x8000))
+ return err_status_bad_param;
+
+ if (p->window_size != 0)
+ err = rdbx_init(&srtp->rtp_rdbx, p->window_size);
+ else
+ err = rdbx_init(&srtp->rtp_rdbx, 128);
+ if (err) return err;
/* initialize key limit to maximum value */
#ifdef NO_64BIT_MATH
@@ -483,7 +723,7 @@ srtp_stream_init(srtp_stream_ctx_t *srtp,
key_limit_set(srtp->limit, temp);
}
#else
- key_limit_set(srtp->limit, PJ_UINT64(0xffffffffffff));
+ key_limit_set(srtp->limit, 0xffffffffffffLL);
#endif
/* set the SSRC value */
@@ -503,11 +743,32 @@ srtp_stream_init(srtp_stream_ctx_t *srtp,
/* initialize SRTCP replay database */
rdb_init(&srtp->rtcp_rdb);
+ /* initialize allow_repeat_tx */
+ /* guard against uninitialized memory: allow only 0 or 1 here */
+ if (p->allow_repeat_tx != 0 && p->allow_repeat_tx != 1) {
+ rdbx_dealloc(&srtp->rtp_rdbx);
+ return err_status_bad_param;
+ }
+ srtp->allow_repeat_tx = p->allow_repeat_tx;
+
/* DAM - no RTCP key limit at present */
/* initialize keys */
err = srtp_stream_init_keys(srtp, p->key);
- if (err) return err;
+ if (err) {
+ rdbx_dealloc(&srtp->rtp_rdbx);
+ return err;
+ }
+
+ /*
+ * if EKT is in use, then initialize the EKT data associated with
+ * the stream
+ */
+ err = ekt_stream_init_from_policy(srtp->ekt, p->ekt);
+ if (err) {
+ rdbx_dealloc(&srtp->rtp_rdbx);
+ return err;
+ }
return err_status_ok;
}
@@ -568,12 +829,373 @@ srtp_stream_init(srtp_stream_ctx_t *srtp,
return err_status_ok;
}
+/*
+ * AEAD uses a new IV formation method. This function implements
+ * section 9.1 from draft-ietf-avtcore-srtp-aes-gcm-07.txt. The
+ * calculation is defined as, where (+) is the xor operation:
+ *
+ *
+ * 0 0 0 0 0 0 0 0 0 0 1 1
+ * 0 1 2 3 4 5 6 7 8 9 0 1
+ * +--+--+--+--+--+--+--+--+--+--+--+--+
+ * |00|00| SSRC | ROC | SEQ |---+
+ * +--+--+--+--+--+--+--+--+--+--+--+--+ |
+ * |
+ * +--+--+--+--+--+--+--+--+--+--+--+--+ |
+ * | Encryption Salt |->(+)
+ * +--+--+--+--+--+--+--+--+--+--+--+--+ |
+ * |
+ * +--+--+--+--+--+--+--+--+--+--+--+--+ |
+ * | Initialization Vector |<--+
+ * +--+--+--+--+--+--+--+--+--+--+--+--+*
+ *
+ * Input: *stream - pointer to SRTP stream context, used to retrieve
+ * the SALT
+ * *iv - Pointer to receive the calculated IV
+ * *seq - The ROC and SEQ value to use for the
+ * IV calculation.
+ * *hdr - The RTP header, used to get the SSRC value
+ *
+ */
+static void srtp_calc_aead_iv(srtp_stream_ctx_t *stream, v128_t *iv,
+ xtd_seq_num_t *seq, srtp_hdr_t *hdr)
+{
+ v128_t in;
+ v128_t salt;
+
+#ifdef NO_64BIT_MATH
+ uint32_t local_roc = ((high32(*seq) << 16) |
+ (low32(*seq) >> 16));
+ uint16_t local_seq = (uint16_t) (low32(*seq));
+#else
+ uint32_t local_roc = (uint32_t)(*seq >> 16);
+ uint16_t local_seq = (uint16_t) *seq;
+#endif
+
+ memset(&in, 0, sizeof(v128_t));
+ memset(&salt, 0, sizeof(v128_t));
+
+ in.v16[5] = htons(local_seq);
+ local_roc = htonl(local_roc);
+ memcpy(&in.v16[3], &local_roc, sizeof(local_roc));
+
+ /*
+ * Copy in the RTP SSRC value
+ */
+ memcpy(&in.v8[2], &hdr->ssrc, 4);
+ debug_print(mod_srtp, "Pre-salted RTP IV = %s\n", v128_hex_string(&in));
+
+ /*
+ * Get the SALT value from the context
+ */
+ memcpy(salt.v8, stream->salt, SRTP_AEAD_SALT_LEN);
+ debug_print(mod_srtp, "RTP SALT = %s\n", v128_hex_string(&salt));
+
+ /*
+ * Finally, apply tyhe SALT to the input
+ */
+ v128_xor(iv, &in, &salt);
+}
+
+
+/*
+ * This function handles outgoing SRTP packets while in AEAD mode,
+ * which currently supports AES-GCM encryption. All packets are
+ * encrypted and authenticated.
+ */
+static err_status_t
+srtp_protect_aead (srtp_ctx_t *ctx, srtp_stream_ctx_t *stream,
+ void *rtp_hdr, unsigned int *pkt_octet_len)
+{
+ srtp_hdr_t *hdr = (srtp_hdr_t*)rtp_hdr;
+ uint32_t *enc_start; /* pointer to start of encrypted portion */
+ int enc_octet_len = 0; /* number of octets in encrypted portion */
+ xtd_seq_num_t est; /* estimated xtd_seq_num_t of *hdr */
+ int delta; /* delta of local pkt idx and that in hdr */
+ err_status_t status;
+ int tag_len;
+ v128_t iv;
+ unsigned int aad_len;
+
+ debug_print(mod_srtp, "function srtp_protect_aead", NULL);
+
+ /*
+ * update the key usage limit, and check it to make sure that we
+ * didn't just hit either the soft limit or the hard limit, and call
+ * the event handler if we hit either.
+ */
+ switch (key_limit_update(stream->limit)) {
+ case key_event_normal:
+ break;
+ case key_event_hard_limit:
+ srtp_handle_event(ctx, stream, event_key_hard_limit);
+ return err_status_key_expired;
+ case key_event_soft_limit:
+ default:
+ srtp_handle_event(ctx, stream, event_key_soft_limit);
+ break;
+ }
+
+ /* get tag length from stream */
+ tag_len = auth_get_tag_length(stream->rtp_auth);
+
+ /*
+ * find starting point for encryption and length of data to be
+ * encrypted - the encrypted portion starts after the rtp header
+ * extension, if present; otherwise, it starts after the last csrc,
+ * if any are present
+ */
+ enc_start = (uint32_t*)hdr + uint32s_in_rtp_header + hdr->cc;
+ if (hdr->x == 1) {
+ srtp_hdr_xtnd_t *xtn_hdr = (srtp_hdr_xtnd_t*)enc_start;
+ enc_start += (ntohs(xtn_hdr->length) + 1);
+ }
+ if (!((uint8_t*)enc_start <= (uint8_t*)hdr + *pkt_octet_len))
+ return err_status_parse_err;
+ enc_octet_len = (int)(*pkt_octet_len -
+ ((uint8_t*)enc_start - (uint8_t*)hdr));
+ if (enc_octet_len < 0) return err_status_parse_err;
+
+ /*
+ * estimate the packet index using the start of the replay window
+ * and the sequence number from the header
+ */
+ delta = rdbx_estimate_index(&stream->rtp_rdbx, &est, ntohs(hdr->seq));
+ status = rdbx_check(&stream->rtp_rdbx, delta);
+ if (status) {
+ if (status != err_status_replay_fail || !stream->allow_repeat_tx) {
+ return status; /* we've been asked to reuse an index */
+ }
+ } else {
+ rdbx_add_index(&stream->rtp_rdbx, delta);
+ }
+
+#ifdef NO_64BIT_MATH
+ debug_print2(mod_srtp, "estimated packet index: %08x%08x",
+ high32(est), low32(est));
+#else
+ debug_print(mod_srtp, "estimated packet index: %016llx", est);
+#endif
+
+ /*
+ * AEAD uses a new IV formation method
+ */
+ srtp_calc_aead_iv(stream, &iv, &est, hdr);
+ status = cipher_set_iv(stream->rtp_cipher, &iv, direction_encrypt);
+ if (status) {
+ return err_status_cipher_fail;
+ }
+
+ /* shift est, put into network byte order */
+#ifdef NO_64BIT_MATH
+ est = be64_to_cpu(make64((high32(est) << 16) |
+ (low32(est) >> 16),
+ low32(est) << 16));
+#else
+ est = be64_to_cpu(est << 16);
+#endif
+
+ /*
+ * Set the AAD over the RTP header
+ */
+ aad_len = (uint8_t *)enc_start - (uint8_t *)hdr;
+ status = cipher_set_aad(stream->rtp_cipher, (uint8_t*)hdr, aad_len);
+ if (status) {
+ return ( err_status_cipher_fail);
+ }
+
+ /* Encrypt the payload */
+ status = cipher_encrypt(stream->rtp_cipher,
+ (uint8_t*)enc_start, (unsigned int *)&enc_octet_len);
+ if (status) {
+ return err_status_cipher_fail;
+ }
+ /*
+ * If we're doing GCM, we need to get the tag
+ * and append that to the output
+ */
+ status = cipher_get_tag(stream->rtp_cipher,
+ (uint8_t*)enc_start+enc_octet_len, &tag_len);
+ if (status) {
+ return ( err_status_cipher_fail);
+ }
+
+ /* increase the packet length by the length of the auth tag */
+ *pkt_octet_len += tag_len;
+
+ return err_status_ok;
+}
+
+
+/*
+ * This function handles incoming SRTP packets while in AEAD mode,
+ * which currently supports AES-GCM encryption. All packets are
+ * encrypted and authenticated. Note, the auth tag is at the end
+ * of the packet stream and is automatically checked by GCM
+ * when decrypting the payload.
+ */
+static err_status_t
+srtp_unprotect_aead (srtp_ctx_t *ctx, srtp_stream_ctx_t *stream, int delta,
+ xtd_seq_num_t est, void *srtp_hdr, unsigned int *pkt_octet_len)
+{
+ srtp_hdr_t *hdr = (srtp_hdr_t*)srtp_hdr;
+ uint32_t *enc_start; /* pointer to start of encrypted portion */
+ unsigned int enc_octet_len = 0; /* number of octets in encrypted portion */
+ v128_t iv;
+ err_status_t status;
+ int tag_len;
+ unsigned int aad_len;
+
+ debug_print(mod_srtp, "function srtp_unprotect_aead", NULL);
+
+#ifdef NO_64BIT_MATH
+ debug_print2(mod_srtp, "estimated u_packet index: %08x%08x", high32(est), low32(est));
+#else
+ debug_print(mod_srtp, "estimated u_packet index: %016llx", est);
+#endif
+
+ /* get tag length from stream */
+ tag_len = auth_get_tag_length(stream->rtp_auth);
+
+ /*
+ * AEAD uses a new IV formation method
+ */
+ srtp_calc_aead_iv(stream, &iv, &est, hdr);
+ status = cipher_set_iv(stream->rtp_cipher, &iv, direction_decrypt);
+ if (status) {
+ return err_status_cipher_fail;
+ }
+
+ /*
+ * find starting point for decryption and length of data to be
+ * decrypted - the encrypted portion starts after the rtp header
+ * extension, if present; otherwise, it starts after the last csrc,
+ * if any are present
+ */
+ enc_start = (uint32_t*)hdr + uint32s_in_rtp_header + hdr->cc;
+ if (hdr->x == 1) {
+ srtp_hdr_xtnd_t *xtn_hdr = (srtp_hdr_xtnd_t*)enc_start;
+ enc_start += (ntohs(xtn_hdr->length) + 1);
+ }
+ if (!((uint8_t*)enc_start <= (uint8_t*)hdr + (*pkt_octet_len - tag_len)))
+ return err_status_parse_err;
+ /*
+ * We pass the tag down to the cipher when doing GCM mode
+ */
+ enc_octet_len = (unsigned int)(*pkt_octet_len -
+ ((uint8_t*)enc_start - (uint8_t*)hdr));
+
+ /*
+ * Sanity check the encrypted payload length against
+ * the tag size. It must always be at least as large
+ * as the tag length.
+ */
+ if (enc_octet_len < (unsigned int) tag_len) {
+ return err_status_cipher_fail;
+ }
+
+ /*
+ * update the key usage limit, and check it to make sure that we
+ * didn't just hit either the soft limit or the hard limit, and call
+ * the event handler if we hit either.
+ */
+ switch (key_limit_update(stream->limit)) {
+ case key_event_normal:
+ break;
+ case key_event_soft_limit:
+ srtp_handle_event(ctx, stream, event_key_soft_limit);
+ break;
+ case key_event_hard_limit:
+ srtp_handle_event(ctx, stream, event_key_hard_limit);
+ return err_status_key_expired;
+ default:
+ break;
+ }
+
+ /*
+ * Set the AAD for AES-GCM, which is the RTP header
+ */
+ aad_len = (uint8_t *)enc_start - (uint8_t *)hdr;
+ status = cipher_set_aad(stream->rtp_cipher, (uint8_t*)hdr, aad_len);
+ if (status) {
+ return ( err_status_cipher_fail);
+ }
+
+ /* Decrypt the ciphertext. This also checks the auth tag based
+ * on the AAD we just specified above */
+ status = cipher_decrypt(stream->rtp_cipher,
+ (uint8_t*)enc_start, &enc_octet_len);
+ if (status) {
+ return status;
+ }
+
+ /*
+ * verify that stream is for received traffic - this check will
+ * detect SSRC collisions, since a stream that appears in both
+ * srtp_protect() and srtp_unprotect() will fail this test in one of
+ * those functions.
+ *
+ * we do this check *after* the authentication check, so that the
+ * latter check will catch any attempts to fool us into thinking
+ * that we've got a collision
+ */
+ if (stream->direction != dir_srtp_receiver) {
+ if (stream->direction == dir_unknown) {
+ stream->direction = dir_srtp_receiver;
+ } else {
+ srtp_handle_event(ctx, stream, event_ssrc_collision);
+ }
+ }
+
+ /*
+ * if the stream is a 'provisional' one, in which the template context
+ * is used, then we need to allocate a new stream at this point, since
+ * the authentication passed
+ */
+ if (stream == ctx->stream_template) {
+ srtp_stream_ctx_t *new_stream;
+
+ /*
+ * allocate and initialize a new stream
+ *
+ * note that we indicate failure if we can't allocate the new
+ * stream, and some implementations will want to not return
+ * failure here
+ */
+ status = srtp_stream_clone(ctx->stream_template, hdr->ssrc, &new_stream);
+ if (status) {
+ return status;
+ }
+
+ /* add new stream to the head of the stream_list */
+ new_stream->next = ctx->stream_list;
+ ctx->stream_list = new_stream;
+
+ /* set stream (the pointer used in this function) */
+ stream = new_stream;
+ }
+
+ /*
+ * the message authentication function passed, so add the packet
+ * index into the replay database
+ */
+ rdbx_add_index(&stream->rtp_rdbx, delta);
+
+ /* decrease the packet length by the length of the auth tag */
+ *pkt_octet_len -= tag_len;
+
+ return err_status_ok;
+}
+
+
+
+
err_status_t
srtp_protect(srtp_ctx_t *ctx, void *rtp_hdr, int *pkt_octet_len) {
srtp_hdr_t *hdr = (srtp_hdr_t *)rtp_hdr;
uint32_t *enc_start; /* pointer to start of encrypted portion */
uint32_t *auth_start; /* pointer to start of auth. portion */
- unsigned enc_octet_len = 0; /* number of octets in encrypted portion */
+ int enc_octet_len = 0; /* number of octets in encrypted portion */
xtd_seq_num_t est; /* estimated xtd_seq_num_t of *hdr */
int delta; /* delta of local pkt idx and that in hdr */
uint8_t *auth_tag = NULL; /* location of auth_tag within packet */
@@ -586,6 +1208,11 @@ srtp_stream_init(srtp_stream_ctx_t *srtp,
/* we assume the hdr is 32-bit aligned to start */
+ /* Verify RTP header */
+ status = srtp_validate_rtp_header(rtp_hdr, pkt_octet_len);
+ if (status)
+ return status;
+
/* check the packet length - it must at least contain a full header */
if (*pkt_octet_len < octets_in_rtp_header)
return err_status_bad_param;
@@ -629,13 +1256,22 @@ srtp_stream_init(srtp_stream_ctx_t *srtp,
* srtp_protect() and srtp_unprotect() will fail this test in one of
* those functions.
*/
- if (stream->direction != dir_srtp_sender) {
+ if (stream->direction != dir_srtp_sender) {
if (stream->direction == dir_unknown) {
stream->direction = dir_srtp_sender;
} else {
srtp_handle_event(ctx, stream, event_ssrc_collision);
}
- }
+ }
+
+ /*
+ * Check if this is an AEAD stream (GCM mode). If so, then dispatch
+ * the request to our AEAD handler.
+ */
+ if (stream->rtp_cipher->algorithm == AES_128_GCM ||
+ stream->rtp_cipher->algorithm == AES_256_GCM) {
+ return srtp_protect_aead(ctx, stream, rtp_hdr, (unsigned int*)pkt_octet_len);
+ }
/*
* update the key usage limit, and check it to make sure that we
@@ -672,8 +1308,11 @@ srtp_stream_init(srtp_stream_ctx_t *srtp,
srtp_hdr_xtnd_t *xtn_hdr = (srtp_hdr_xtnd_t *)enc_start;
enc_start += (ntohs(xtn_hdr->length) + 1);
}
- enc_octet_len = (unsigned int)(*pkt_octet_len
- - ((enc_start - (uint32_t *)hdr) << 2));
+ if (!((uint8_t*)enc_start <= (uint8_t*)hdr + *pkt_octet_len))
+ return err_status_parse_err;
+ enc_octet_len = (int)(*pkt_octet_len -
+ ((uint8_t*)enc_start - (uint8_t*)hdr));
+ if (enc_octet_len < 0) return err_status_parse_err;
} else {
enc_start = NULL;
}
@@ -697,9 +1336,12 @@ srtp_stream_init(srtp_stream_ctx_t *srtp,
*/
delta = rdbx_estimate_index(&stream->rtp_rdbx, &est, ntohs(hdr->seq));
status = rdbx_check(&stream->rtp_rdbx, delta);
- if (status)
- return status; /* we've been asked to reuse an index */
- rdbx_add_index(&stream->rtp_rdbx, delta);
+ if (status) {
+ if (status != err_status_replay_fail || !stream->allow_repeat_tx)
+ return status; /* we've been asked to reuse an index */
+ }
+ else
+ rdbx_add_index(&stream->rtp_rdbx, delta);
#ifdef NO_64BIT_MATH
debug_print2(mod_srtp, "estimated packet index: %08x%08x",
@@ -711,7 +1353,8 @@ srtp_stream_init(srtp_stream_ctx_t *srtp,
/*
* if we're using rindael counter mode, set nonce and seq
*/
- if (stream->rtp_cipher->type == &aes_icm) {
+ if (stream->rtp_cipher->type->id == AES_ICM ||
+ stream->rtp_cipher->type->id == AES_256_ICM) {
v128_t iv;
iv.v32[0] = 0;
@@ -722,7 +1365,7 @@ srtp_stream_init(srtp_stream_ctx_t *srtp,
#else
iv.v64[1] = be64_to_cpu(est << 16);
#endif
- status = cipher_set_iv(stream->rtp_cipher, &iv);
+ status = cipher_set_iv(stream->rtp_cipher, &iv, direction_encrypt);
} else {
v128_t iv;
@@ -735,7 +1378,7 @@ srtp_stream_init(srtp_stream_ctx_t *srtp,
iv.v64[0] = 0;
#endif
iv.v64[1] = be64_to_cpu(est);
- status = cipher_set_iv(stream->rtp_cipher, &iv);
+ status = cipher_set_iv(stream->rtp_cipher, &iv, direction_encrypt);
}
if (status)
return err_status_cipher_fail;
@@ -768,7 +1411,7 @@ srtp_stream_init(srtp_stream_ctx_t *srtp,
/* if we're encrypting, exor keystream into the message */
if (enc_start) {
status = cipher_encrypt(stream->rtp_cipher,
- (uint8_t *)enc_start, &enc_octet_len);
+ (uint8_t *)enc_start, (unsigned int*)&enc_octet_len);
if (status)
return err_status_cipher_fail;
}
@@ -813,7 +1456,7 @@ srtp_unprotect(srtp_ctx_t *ctx, void *srtp_hdr, int *pkt_octet_len) {
srtp_hdr_t *hdr = (srtp_hdr_t *)srtp_hdr;
uint32_t *enc_start; /* pointer to start of encrypted portion */
uint32_t *auth_start; /* pointer to start of auth. portion */
- unsigned enc_octet_len = 0;/* number of octets in encrypted portion */
+ unsigned int enc_octet_len = 0;/* number of octets in encrypted portion */
uint8_t *auth_tag = NULL; /* location of auth_tag within packet */
xtd_seq_num_t est; /* estimated xtd_seq_num_t of *hdr */
int delta; /* delta of local pkt idx and that in hdr */
@@ -827,6 +1470,11 @@ srtp_unprotect(srtp_ctx_t *ctx, void *srtp_hdr, int *pkt_octet_len) {
/* we assume the hdr is 32-bit aligned to start */
+ /* Verify RTP header */
+ status = srtp_validate_rtp_header(srtp_hdr, pkt_octet_len);
+ if (status)
+ return status;
+
/* check the packet length - it must at least contain a full header */
if (*pkt_octet_len < octets_in_rtp_header)
return err_status_bad_param;
@@ -881,6 +1529,15 @@ srtp_unprotect(srtp_ctx_t *ctx, void *srtp_hdr, int *pkt_octet_len) {
debug_print(mod_srtp, "estimated u_packet index: %016llx", est);
#endif
+ /*
+ * Check if this is an AEAD stream (GCM mode). If so, then dispatch
+ * the request to our AEAD handler.
+ */
+ if (stream->rtp_cipher->algorithm == AES_128_GCM ||
+ stream->rtp_cipher->algorithm == AES_256_GCM) {
+ return srtp_unprotect_aead(ctx, stream, delta, est, srtp_hdr, (unsigned int*)pkt_octet_len);
+ }
+
/* get tag length from stream */
tag_len = auth_get_tag_length(stream->rtp_auth);
@@ -888,7 +1545,8 @@ srtp_unprotect(srtp_ctx_t *ctx, void *srtp_hdr, int *pkt_octet_len) {
* set the cipher's IV properly, depending on whatever cipher we
* happen to be using
*/
- if (stream->rtp_cipher->type == &aes_icm) {
+ if (stream->rtp_cipher->type->id == AES_ICM ||
+ stream->rtp_cipher->type->id == AES_256_ICM) {
/* aes counter mode */
iv.v32[0] = 0;
@@ -899,7 +1557,7 @@ srtp_unprotect(srtp_ctx_t *ctx, void *srtp_hdr, int *pkt_octet_len) {
#else
iv.v64[1] = be64_to_cpu(est << 16);
#endif
- status = aes_icm_set_iv((aes_icm_ctx_t*)stream->rtp_cipher->state, &iv);
+ status = cipher_set_iv(stream->rtp_cipher, &iv, direction_decrypt);
} else {
/* no particular format - set the iv to the pakcet index */
@@ -910,7 +1568,7 @@ srtp_unprotect(srtp_ctx_t *ctx, void *srtp_hdr, int *pkt_octet_len) {
iv.v64[0] = 0;
#endif
iv.v64[1] = be64_to_cpu(est);
- status = cipher_set_iv(stream->rtp_cipher, &iv);
+ status = cipher_set_iv(stream->rtp_cipher, &iv, direction_decrypt);
}
if (status)
return err_status_cipher_fail;
@@ -938,8 +1596,10 @@ srtp_unprotect(srtp_ctx_t *ctx, void *srtp_hdr, int *pkt_octet_len) {
srtp_hdr_xtnd_t *xtn_hdr = (srtp_hdr_xtnd_t *)enc_start;
enc_start += (ntohs(xtn_hdr->length) + 1);
}
- enc_octet_len = (uint32_t)(*pkt_octet_len - tag_len
- - ((enc_start - (uint32_t *)hdr) << 2));
+ if (!((uint8_t*)enc_start <= (uint8_t*)hdr + (*pkt_octet_len - tag_len)))
+ return err_status_parse_err;
+ enc_octet_len = (uint32_t)(*pkt_octet_len - tag_len -
+ ((uint8_t*)enc_start - (uint8_t*)hdr));
} else {
enc_start = NULL;
}
@@ -1020,9 +1680,9 @@ srtp_unprotect(srtp_ctx_t *ctx, void *srtp_hdr, int *pkt_octet_len) {
break;
}
- /* if we're encrypting, add keystream into ciphertext */
+ /* if we're decrypting, add keystream into ciphertext */
if (enc_start) {
- status = cipher_encrypt(stream->rtp_cipher,
+ status = cipher_decrypt(stream->rtp_cipher,
(uint8_t *)enc_start, &enc_octet_len);
if (status)
return err_status_cipher_fail;
@@ -1103,14 +1763,20 @@ srtp_init() {
}
err_status_t
-srtp_deinit() {
+srtp_shutdown() {
err_status_t status;
+ /* shut down crypto kernel */
status = crypto_kernel_shutdown();
+ if (status)
+ return status;
+
+ /* shutting down crypto kernel frees the srtp debug module as well */
- return status;
+ return err_status_ok;
}
+
/*
* The following code is under consideration for removal. See
* SRTP_MAX_TRAILER_LEN
@@ -1189,6 +1855,9 @@ srtp_dealloc(srtp_t session) {
status = auth_dealloc(session->stream_template->rtp_auth);
if (status)
return status;
+ status = rdbx_dealloc(&session->stream_template->rtp_rdbx);
+ if (status)
+ return status;
crypto_free(session->stream_template);
}
@@ -1281,6 +1950,7 @@ srtp_create(srtp_t *session, /* handle for session */
*/
ctx->stream_template = NULL;
ctx->stream_list = NULL;
+ ctx->user_data = NULL;
while (policy != NULL) {
stat = srtp_add_stream(ctx, policy);
@@ -1317,7 +1987,11 @@ srtp_remove_stream(srtp_t session, uint32_t ssrc) {
return err_status_no_ctx;
/* remove stream from the list */
- last_stream->next = stream->next;
+ if (last_stream == stream)
+ /* stream was first in list */
+ session->stream_list = stream->next;
+ else
+ last_stream->next = stream->next;
/* deallocate the stream */
status = srtp_stream_dealloc(session, stream);
@@ -1345,7 +2019,7 @@ srtp_remove_stream(srtp_t session, uint32_t ssrc) {
void
crypto_policy_set_rtp_default(crypto_policy_t *p) {
- p->cipher_type = AES_128_ICM;
+ p->cipher_type = AES_ICM;
p->cipher_key_len = 30; /* default 128 bits per RFC 3711 */
p->auth_type = HMAC_SHA1;
p->auth_key_len = 20; /* default 160 bits per RFC 3711 */
@@ -1357,7 +2031,7 @@ crypto_policy_set_rtp_default(crypto_policy_t *p) {
void
crypto_policy_set_rtcp_default(crypto_policy_t *p) {
- p->cipher_type = AES_128_ICM;
+ p->cipher_type = AES_ICM;
p->cipher_key_len = 30; /* default 128 bits per RFC 3711 */
p->auth_type = HMAC_SHA1;
p->auth_key_len = 20; /* default 160 bits per RFC 3711 */
@@ -1370,12 +2044,12 @@ void
crypto_policy_set_aes_cm_128_hmac_sha1_32(crypto_policy_t *p) {
/*
- * corresponds to draft-ietf-mmusic-sdescriptions-12.txt
+ * corresponds to RFC 4568
*
* note that this crypto policy is intended for SRTP, but not SRTCP
*/
- p->cipher_type = AES_128_ICM;
+ p->cipher_type = AES_ICM;
p->cipher_key_len = 30; /* 128 bit key, 112 bit salt */
p->auth_type = HMAC_SHA1;
p->auth_key_len = 20; /* 160 bit key */
@@ -1389,12 +2063,12 @@ void
crypto_policy_set_aes_cm_128_null_auth(crypto_policy_t *p) {
/*
- * corresponds to draft-ietf-mmusic-sdescriptions-12.txt
+ * corresponds to RFC 4568
*
* note that this crypto policy is intended for SRTP, but not SRTCP
*/
- p->cipher_type = AES_128_ICM;
+ p->cipher_type = AES_ICM;
p->cipher_key_len = 30; /* 128 bit key, 112 bit salt */
p->auth_type = NULL_AUTH;
p->auth_key_len = 0;
@@ -1408,7 +2082,7 @@ void
crypto_policy_set_null_cipher_hmac_sha1_80(crypto_policy_t *p) {
/*
- * corresponds to draft-ietf-mmusic-sdescriptions-12.txt
+ * corresponds to RFC 4568
*/
p->cipher_type = NULL_CIPHER;
@@ -1421,17 +2095,531 @@ crypto_policy_set_null_cipher_hmac_sha1_80(crypto_policy_t *p) {
}
+void
+crypto_policy_set_aes_cm_256_hmac_sha1_80(crypto_policy_t *p) {
+
+ /*
+ * corresponds to draft-ietf-avt-big-aes-03.txt
+ */
+
+ p->cipher_type = AES_ICM;
+ p->cipher_key_len = 46;
+ p->auth_type = HMAC_SHA1;
+ p->auth_key_len = 20; /* default 160 bits per RFC 3711 */
+ p->auth_tag_len = 10; /* default 80 bits per RFC 3711 */
+ p->sec_serv = sec_serv_conf_and_auth;
+}
+
+
+void
+crypto_policy_set_aes_cm_256_hmac_sha1_32(crypto_policy_t *p) {
+
+ /*
+ * corresponds to draft-ietf-avt-big-aes-03.txt
+ *
+ * note that this crypto policy is intended for SRTP, but not SRTCP
+ */
+
+ p->cipher_type = AES_ICM;
+ p->cipher_key_len = 46;
+ p->auth_type = HMAC_SHA1;
+ p->auth_key_len = 20; /* default 160 bits per RFC 3711 */
+ p->auth_tag_len = 4; /* default 80 bits per RFC 3711 */
+ p->sec_serv = sec_serv_conf_and_auth;
+}
+
+/*
+ * AES-256 with no authentication.
+ */
+void
+crypto_policy_set_aes_cm_256_null_auth (crypto_policy_t *p)
+{
+ p->cipher_type = AES_ICM;
+ p->cipher_key_len = 46;
+ p->auth_type = NULL_AUTH;
+ p->auth_key_len = 0;
+ p->auth_tag_len = 0;
+ p->sec_serv = sec_serv_conf;
+}
+
+#ifdef OPENSSL
+/*
+ * AES-128 GCM mode with 8 octet auth tag.
+ */
+void
+crypto_policy_set_aes_gcm_128_8_auth(crypto_policy_t *p) {
+ p->cipher_type = AES_128_GCM;
+ p->cipher_key_len = AES_128_GCM_KEYSIZE_WSALT;
+ p->auth_type = NULL_AUTH; /* GCM handles the auth for us */
+ p->auth_key_len = 0;
+ p->auth_tag_len = 8; /* 8 octet tag length */
+ p->sec_serv = sec_serv_conf_and_auth;
+}
+
+/*
+ * AES-256 GCM mode with 8 octet auth tag.
+ */
+void
+crypto_policy_set_aes_gcm_256_8_auth(crypto_policy_t *p) {
+ p->cipher_type = AES_256_GCM;
+ p->cipher_key_len = AES_256_GCM_KEYSIZE_WSALT;
+ p->auth_type = NULL_AUTH; /* GCM handles the auth for us */
+ p->auth_key_len = 0;
+ p->auth_tag_len = 8; /* 8 octet tag length */
+ p->sec_serv = sec_serv_conf_and_auth;
+}
+
+/*
+ * AES-128 GCM mode with 8 octet auth tag, no RTCP encryption.
+ */
+void
+crypto_policy_set_aes_gcm_128_8_only_auth(crypto_policy_t *p) {
+ p->cipher_type = AES_128_GCM;
+ p->cipher_key_len = AES_128_GCM_KEYSIZE_WSALT;
+ p->auth_type = NULL_AUTH; /* GCM handles the auth for us */
+ p->auth_key_len = 0;
+ p->auth_tag_len = 8; /* 8 octet tag length */
+ p->sec_serv = sec_serv_auth; /* This only applies to RTCP */
+}
+
+/*
+ * AES-256 GCM mode with 8 octet auth tag, no RTCP encryption.
+ */
+void
+crypto_policy_set_aes_gcm_256_8_only_auth(crypto_policy_t *p) {
+ p->cipher_type = AES_256_GCM;
+ p->cipher_key_len = AES_256_GCM_KEYSIZE_WSALT;
+ p->auth_type = NULL_AUTH; /* GCM handles the auth for us */
+ p->auth_key_len = 0;
+ p->auth_tag_len = 8; /* 8 octet tag length */
+ p->sec_serv = sec_serv_auth; /* This only applies to RTCP */
+}
+
+/*
+ * AES-128 GCM mode with 16 octet auth tag.
+ */
+void
+crypto_policy_set_aes_gcm_128_16_auth(crypto_policy_t *p) {
+ p->cipher_type = AES_128_GCM;
+ p->cipher_key_len = AES_128_GCM_KEYSIZE_WSALT;
+ p->auth_type = NULL_AUTH; /* GCM handles the auth for us */
+ p->auth_key_len = 0;
+ p->auth_tag_len = 16; /* 16 octet tag length */
+ p->sec_serv = sec_serv_conf_and_auth;
+}
+
+/*
+ * AES-256 GCM mode with 16 octet auth tag.
+ */
+void
+crypto_policy_set_aes_gcm_256_16_auth(crypto_policy_t *p) {
+ p->cipher_type = AES_256_GCM;
+ p->cipher_key_len = AES_256_GCM_KEYSIZE_WSALT;
+ p->auth_type = NULL_AUTH; /* GCM handles the auth for us */
+ p->auth_key_len = 0;
+ p->auth_tag_len = 16; /* 16 octet tag length */
+ p->sec_serv = sec_serv_conf_and_auth;
+}
+
+#endif
+
/*
* secure rtcp functions
*/
+/*
+ * AEAD uses a new IV formation method. This function implements
+ * section 10.1 from draft-ietf-avtcore-srtp-aes-gcm-07.txt. The
+ * calculation is defined as, where (+) is the xor operation:
+ *
+ * 0 1 2 3 4 5 6 7 8 9 10 11
+ * +--+--+--+--+--+--+--+--+--+--+--+--+
+ * |00|00| SSRC |00|00|0+SRTCP Idx|---+
+ * +--+--+--+--+--+--+--+--+--+--+--+--+ |
+ * |
+ * +--+--+--+--+--+--+--+--+--+--+--+--+ |
+ * | Encryption Salt |->(+)
+ * +--+--+--+--+--+--+--+--+--+--+--+--+ |
+ * |
+ * +--+--+--+--+--+--+--+--+--+--+--+--+ |
+ * | Initialization Vector |<--+
+ * +--+--+--+--+--+--+--+--+--+--+--+--+*
+ *
+ * Input: *stream - pointer to SRTP stream context, used to retrieve
+ * the SALT
+ * *iv - Pointer to recieve the calculated IV
+ * seq_num - The SEQ value to use for the IV calculation.
+ * *hdr - The RTP header, used to get the SSRC value
+ *
+ */
+static void srtp_calc_aead_iv_srtcp(srtp_stream_ctx_t *stream, v128_t *iv,
+ uint32_t seq_num, srtcp_hdr_t *hdr)
+{
+ v128_t in;
+ v128_t salt;
+
+ memset(&in, 0, sizeof(v128_t));
+ memset(&salt, 0, sizeof(v128_t));
+
+ in.v16[0] = 0;
+ memcpy(&in.v16[1], &hdr->ssrc, 4); /* still in network order! */
+ in.v16[3] = 0;
+ in.v32[2] = 0x7FFFFFFF & htonl(seq_num); /* bit 32 is suppose to be zero */
+
+ debug_print(mod_srtp, "Pre-salted RTCP IV = %s\n", v128_hex_string(&in));
+
+ /*
+ * Get the SALT value from the context
+ */
+ memcpy(salt.v8, stream->c_salt, 12);
+ debug_print(mod_srtp, "RTCP SALT = %s\n", v128_hex_string(&salt));
+
+ /*
+ * Finally, apply the SALT to the input
+ */
+ v128_xor(iv, &in, &salt);
+}
+
+/*
+ * This code handles AEAD ciphers for outgoing RTCP. We currently support
+ * AES-GCM mode with 128 or 256 bit keys.
+ */
+static err_status_t
+srtp_protect_rtcp_aead (srtp_t ctx, srtp_stream_ctx_t *stream,
+ void *rtcp_hdr, unsigned int *pkt_octet_len)
+{
+ srtcp_hdr_t *hdr = (srtcp_hdr_t*)rtcp_hdr;
+ uint32_t *enc_start; /* pointer to start of encrypted portion */
+ uint32_t *trailer; /* pointer to start of trailer */
+ unsigned int enc_octet_len = 0; /* number of octets in encrypted portion */
+ uint8_t *auth_tag = NULL; /* location of auth_tag within packet */
+ err_status_t status;
+ int tag_len;
+ uint32_t seq_num;
+ v128_t iv;
+ uint32_t tseq;
+
+ /* get tag length from stream context */
+ tag_len = auth_get_tag_length(stream->rtcp_auth);
+
+ /*
+ * set encryption start and encryption length - if we're not
+ * providing confidentiality, set enc_start to NULL
+ */
+ enc_start = (uint32_t*)hdr + uint32s_in_rtcp_header;
+ enc_octet_len = *pkt_octet_len - octets_in_rtcp_header;
+
+ /* NOTE: hdr->length is not usable - it refers to only the first
+ RTCP report in the compound packet! */
+ /* NOTE: trailer is 32-bit aligned because RTCP 'packets' are always
+ multiples of 32-bits (RFC 3550 6.1) */
+ trailer = (uint32_t*)((char*)enc_start + enc_octet_len + tag_len);
+
+ if (stream->rtcp_services & sec_serv_conf) {
+ *trailer = htonl(SRTCP_E_BIT); /* set encrypt bit */
+ } else {
+ enc_start = NULL;
+ enc_octet_len = 0;
+ /* 0 is network-order independant */
+ *trailer = 0x00000000; /* set encrypt bit */
+ }
+
+ /*
+ * set the auth_tag pointer to the proper location, which is after
+ * the payload, but before the trailer
+ * (note that srtpc *always* provides authentication, unlike srtp)
+ */
+ /* Note: This would need to change for optional mikey data */
+ auth_tag = (uint8_t*)hdr + *pkt_octet_len;
+
+ /*
+ * check sequence number for overruns, and copy it into the packet
+ * if its value isn't too big
+ */
+ status = rdb_increment(&stream->rtcp_rdb);
+ if (status) {
+ return status;
+ }
+ seq_num = rdb_get_value(&stream->rtcp_rdb);
+ *trailer |= htonl(seq_num);
+ debug_print(mod_srtp, "srtcp index: %x", seq_num);
+
+ /*
+ * Calculating the IV and pass it down to the cipher
+ */
+ srtp_calc_aead_iv_srtcp(stream, &iv, seq_num, hdr);
+ status = cipher_set_iv(stream->rtcp_cipher, &iv, direction_encrypt);
+ if (status) {
+ return err_status_cipher_fail;
+ }
+
+ /*
+ * Set the AAD for GCM mode
+ */
+ if (enc_start) {
+ /*
+ * If payload encryption is enabled, then the AAD consist of
+ * the RTCP header and the seq# at the end of the packet
+ */
+ status = cipher_set_aad(stream->rtcp_cipher, (uint8_t*)hdr,
+ octets_in_rtcp_header);
+ if (status) {
+ return ( err_status_cipher_fail);
+ }
+ } else {
+ /*
+ * Since payload encryption is not enabled, we must authenticate
+ * the entire packet as described in section 10.3 in revision 07
+ * of the draft.
+ */
+ status = cipher_set_aad(stream->rtcp_cipher, (uint8_t*)hdr,
+ *pkt_octet_len);
+ if (status) {
+ return ( err_status_cipher_fail);
+ }
+ }
+ /*
+ * Process the sequence# as AAD
+ */
+ tseq = *trailer;
+ status = cipher_set_aad(stream->rtcp_cipher, (uint8_t*)&tseq,
+ sizeof(srtcp_trailer_t));
+ if (status) {
+ return ( err_status_cipher_fail);
+ }
+
+ /* if we're encrypting, exor keystream into the message */
+ if (enc_start) {
+ status = cipher_encrypt(stream->rtcp_cipher,
+ (uint8_t*)enc_start, &enc_octet_len);
+ if (status) {
+ return err_status_cipher_fail;
+ }
+ /*
+ * Get the tag and append that to the output
+ */
+ status = cipher_get_tag(stream->rtcp_cipher, (uint8_t*)auth_tag,
+ &tag_len);
+ if (status) {
+ return ( err_status_cipher_fail);
+ }
+ enc_octet_len += tag_len;
+ } else {
+ /*
+ * Even though we're not encrypting the payload, we need
+ * to run the cipher to get the auth tag.
+ */
+ unsigned int nolen = 0;
+ status = cipher_encrypt(stream->rtcp_cipher, NULL, &nolen);
+ if (status) {
+ return err_status_cipher_fail;
+ }
+ /*
+ * Get the tag and append that to the output
+ */
+ status = cipher_get_tag(stream->rtcp_cipher, (uint8_t*)auth_tag,
+ &tag_len);
+ if (status) {
+ return ( err_status_cipher_fail);
+ }
+ enc_octet_len += tag_len;
+ }
+
+ /* increase the packet length by the length of the auth tag and seq_num*/
+ *pkt_octet_len += (tag_len + sizeof(srtcp_trailer_t));
+
+ return err_status_ok;
+}
+
+/*
+ * This function handles incoming SRTCP packets while in AEAD mode,
+ * which currently supports AES-GCM encryption. Note, the auth tag is
+ * at the end of the packet stream and is automatically checked by GCM
+ * when decrypting the payload.
+ */
+static err_status_t
+srtp_unprotect_rtcp_aead (srtp_t ctx, srtp_stream_ctx_t *stream,
+ void *srtcp_hdr, unsigned int *pkt_octet_len)
+{
+ srtcp_hdr_t *hdr = (srtcp_hdr_t*)srtcp_hdr;
+ uint32_t *enc_start; /* pointer to start of encrypted portion */
+ uint32_t *trailer; /* pointer to start of trailer */
+ unsigned int enc_octet_len = 0; /* number of octets in encrypted portion */
+ uint8_t *auth_tag = NULL; /* location of auth_tag within packet */
+ err_status_t status;
+ int tag_len;
+ unsigned int tmp_len;
+ uint32_t seq_num;
+ v128_t iv;
+ uint32_t tseq;
+
+ /* get tag length from stream context */
+ tag_len = auth_get_tag_length(stream->rtcp_auth);
+
+ /*
+ * set encryption start, encryption length, and trailer
+ */
+ /* index & E (encryption) bit follow normal data. hdr->len
+ is the number of words (32-bit) in the normal packet minus 1 */
+ /* This should point trailer to the word past the end of the
+ normal data. */
+ /* This would need to be modified for optional mikey data */
+ /*
+ * NOTE: trailer is 32-bit aligned because RTCP 'packets' are always
+ * multiples of 32-bits (RFC 3550 6.1)
+ */
+ trailer = (uint32_t*)((char*)hdr + *pkt_octet_len - sizeof(srtcp_trailer_t));
+ /*
+ * We pass the tag down to the cipher when doing GCM mode
+ */
+ enc_octet_len = *pkt_octet_len - (octets_in_rtcp_header +
+ sizeof(srtcp_trailer_t));
+ auth_tag = (uint8_t*)hdr + *pkt_octet_len - tag_len - sizeof(srtcp_trailer_t);
+
+ if (*((unsigned char*)trailer) & SRTCP_E_BYTE_BIT) {
+ enc_start = (uint32_t*)hdr + uint32s_in_rtcp_header;
+ } else {
+ enc_octet_len = 0;
+ enc_start = NULL; /* this indicates that there's no encryption */
+ }
+
+ /*
+ * check the sequence number for replays
+ */
+ /* this is easier than dealing with bitfield access */
+ seq_num = ntohl(*trailer) & SRTCP_INDEX_MASK;
+ debug_print(mod_srtp, "srtcp index: %x", seq_num);
+ status = rdb_check(&stream->rtcp_rdb, seq_num);
+ if (status) {
+ return status;
+ }
+
+ /*
+ * Calculate and set the IV
+ */
+ srtp_calc_aead_iv_srtcp(stream, &iv, seq_num, hdr);
+ status = cipher_set_iv(stream->rtcp_cipher, &iv, direction_decrypt);
+ if (status) {
+ return err_status_cipher_fail;
+ }
+
+ /*
+ * Set the AAD for GCM mode
+ */
+ if (enc_start) {
+ /*
+ * If payload encryption is enabled, then the AAD consist of
+ * the RTCP header and the seq# at the end of the packet
+ */
+ status = cipher_set_aad(stream->rtcp_cipher, (uint8_t*)hdr,
+ octets_in_rtcp_header);
+ if (status) {
+ return ( err_status_cipher_fail);
+ }
+ } else {
+ /*
+ * Since payload encryption is not enabled, we must authenticate
+ * the entire packet as described in section 10.3 in revision 07
+ * of the draft.
+ */
+ status = cipher_set_aad(stream->rtcp_cipher, (uint8_t*)hdr,
+ (*pkt_octet_len - tag_len - sizeof(srtcp_trailer_t)));
+ if (status) {
+ return ( err_status_cipher_fail);
+ }
+ }
+
+ /*
+ * Process the sequence# as AAD
+ */
+ tseq = *trailer;
+ status = cipher_set_aad(stream->rtcp_cipher, (uint8_t*)&tseq,
+ sizeof(srtcp_trailer_t));
+ if (status) {
+ return ( err_status_cipher_fail);
+ }
+
+ /* if we're decrypting, exor keystream into the message */
+ if (enc_start) {
+ status = cipher_decrypt(stream->rtcp_cipher,
+ (uint8_t*)enc_start, &enc_octet_len);
+ if (status) {
+ return status;
+ }
+ } else {
+ /*
+ * Still need to run the cipher to check the tag
+ */
+ tmp_len = tag_len;
+ status = cipher_decrypt(stream->rtcp_cipher, (uint8_t*)auth_tag,
+ &tmp_len);
+ if (status) {
+ return status;
+ }
+ }
+
+ /* decrease the packet length by the length of the auth tag and seq_num*/
+ *pkt_octet_len -= (tag_len + sizeof(srtcp_trailer_t));
+
+ /*
+ * verify that stream is for received traffic - this check will
+ * detect SSRC collisions, since a stream that appears in both
+ * srtp_protect() and srtp_unprotect() will fail this test in one of
+ * those functions.
+ *
+ * we do this check *after* the authentication check, so that the
+ * latter check will catch any attempts to fool us into thinking
+ * that we've got a collision
+ */
+ if (stream->direction != dir_srtp_receiver) {
+ if (stream->direction == dir_unknown) {
+ stream->direction = dir_srtp_receiver;
+ } else {
+ srtp_handle_event(ctx, stream, event_ssrc_collision);
+ }
+ }
+
+ /*
+ * if the stream is a 'provisional' one, in which the template context
+ * is used, then we need to allocate a new stream at this point, since
+ * the authentication passed
+ */
+ if (stream == ctx->stream_template) {
+ srtp_stream_ctx_t *new_stream;
+
+ /*
+ * allocate and initialize a new stream
+ *
+ * note that we indicate failure if we can't allocate the new
+ * stream, and some implementations will want to not return
+ * failure here
+ */
+ status = srtp_stream_clone(ctx->stream_template, hdr->ssrc, &new_stream);
+ if (status) {
+ return status;
+ }
+
+ /* add new stream to the head of the stream_list */
+ new_stream->next = ctx->stream_list;
+ ctx->stream_list = new_stream;
+
+ /* set stream (the pointer used in this function) */
+ stream = new_stream;
+ }
+
+ /* we've passed the authentication check, so add seq_num to the rdb */
+ rdb_add_index(&stream->rtcp_rdb, seq_num);
+
+ return err_status_ok;
+}
+
err_status_t
srtp_protect_rtcp(srtp_t ctx, void *rtcp_hdr, int *pkt_octet_len) {
srtcp_hdr_t *hdr = (srtcp_hdr_t *)rtcp_hdr;
uint32_t *enc_start; /* pointer to start of encrypted portion */
uint32_t *auth_start; /* pointer to start of auth. portion */
uint32_t *trailer; /* pointer to start of trailer */
- unsigned enc_octet_len = 0;/* number of octets in encrypted portion */
+ unsigned int enc_octet_len = 0;/* number of octets in encrypted portion */
uint8_t *auth_tag = NULL; /* location of auth_tag within packet */
err_status_t status;
int tag_len;
@@ -1440,6 +2628,11 @@ srtp_protect_rtcp(srtp_t ctx, void *rtcp_hdr, int *pkt_octet_len) {
uint32_t seq_num;
/* we assume the hdr is 32-bit aligned to start */
+
+ /* check the packet length - it must at least contain a full header */
+ if (*pkt_octet_len < octets_in_rtcp_header)
+ return err_status_bad_param;
+
/*
* look up ssrc in srtp_stream list, and process the packet with
* the appropriate stream. if we haven't seen this stream before,
@@ -1484,6 +2677,15 @@ srtp_protect_rtcp(srtp_t ctx, void *rtcp_hdr, int *pkt_octet_len) {
}
}
+ /*
+ * Check if this is an AEAD stream (GCM mode). If so, then dispatch
+ * the request to our AEAD handler.
+ */
+ if (stream->rtp_cipher->algorithm == AES_128_GCM ||
+ stream->rtp_cipher->algorithm == AES_256_GCM) {
+ return srtp_protect_rtcp_aead(ctx, stream, rtcp_hdr, (unsigned int*)pkt_octet_len);
+ }
+
/* get tag length from stream context */
tag_len = auth_get_tag_length(stream->rtcp_auth);
@@ -1518,6 +2720,10 @@ srtp_protect_rtcp(srtp_t ctx, void *rtcp_hdr, int *pkt_octet_len) {
auth_start = (uint32_t *)hdr;
auth_tag = (uint8_t *)hdr + *pkt_octet_len + sizeof(srtcp_trailer_t);
+ /* perform EKT processing if needed */
+ ekt_write_data(stream->ekt, auth_tag, tag_len, pkt_octet_len,
+ rdbx_get_packet_index(&stream->rtp_rdbx));
+
/*
* check sequence number for overruns, and copy it into the packet
* if its value isn't too big
@@ -1532,14 +2738,14 @@ srtp_protect_rtcp(srtp_t ctx, void *rtcp_hdr, int *pkt_octet_len) {
/*
* if we're using rindael counter mode, set nonce and seq
*/
- if (stream->rtcp_cipher->type == &aes_icm) {
+ if (stream->rtcp_cipher->type->id == AES_ICM) {
v128_t iv;
iv.v32[0] = 0;
iv.v32[1] = hdr->ssrc; /* still in network order! */
iv.v32[2] = htonl(seq_num >> 16);
iv.v32[3] = htonl(seq_num << 16);
- status = aes_icm_set_iv((aes_icm_ctx_t*)stream->rtcp_cipher->state, &iv);
+ status = cipher_set_iv(stream->rtcp_cipher, &iv, direction_encrypt);
} else {
v128_t iv;
@@ -1549,7 +2755,7 @@ srtp_protect_rtcp(srtp_t ctx, void *rtcp_hdr, int *pkt_octet_len) {
iv.v32[1] = 0;
iv.v32[2] = 0;
iv.v32[3] = htonl(seq_num);
- status = cipher_set_iv(stream->rtcp_cipher, &iv);
+ status = cipher_set_iv(stream->rtcp_cipher, &iv, direction_encrypt);
}
if (status)
return err_status_cipher_fail;
@@ -1610,16 +2816,27 @@ srtp_unprotect_rtcp(srtp_t ctx, void *srtcp_hdr, int *pkt_octet_len) {
uint32_t *enc_start; /* pointer to start of encrypted portion */
uint32_t *auth_start; /* pointer to start of auth. portion */
uint32_t *trailer; /* pointer to start of trailer */
- unsigned enc_octet_len = 0;/* number of octets in encrypted portion */
+ unsigned int enc_octet_len = 0;/* number of octets in encrypted portion */
uint8_t *auth_tag = NULL; /* location of auth_tag within packet */
uint8_t tmp_tag[SRTP_MAX_TAG_LEN];
+ uint8_t tag_copy[SRTP_MAX_TAG_LEN];
err_status_t status;
+ unsigned int auth_len;
int tag_len;
srtp_stream_ctx_t *stream;
int prefix_len;
uint32_t seq_num;
+ int e_bit_in_packet; /* whether the E-bit was found in the packet */
+ int sec_serv_confidentiality; /* whether confidentiality was requested */
/* we assume the hdr is 32-bit aligned to start */
+
+ /* check that the length value is sane; we'll check again once we
+ know the tag length, but we at least want to know that it is
+ a positive value */
+ if (*pkt_octet_len < octets_in_rtcp_header + sizeof(srtcp_trailer_t))
+ return err_status_bad_param;
+
/*
* look up ssrc in srtp_stream list, and process the packet with
* the appropriate stream. if we haven't seen this stream before,
@@ -1631,6 +2848,23 @@ srtp_unprotect_rtcp(srtp_t ctx, void *srtcp_hdr, int *pkt_octet_len) {
if (stream == NULL) {
if (ctx->stream_template != NULL) {
stream = ctx->stream_template;
+
+ /*
+ * check to see if stream_template has an EKT data structure, in
+ * which case we initialize the template using the EKT policy
+ * referenced by that data (which consists of decrypting the
+ * master key from the EKT field)
+ *
+ * this function initializes a *provisional* stream, and this
+ * stream should not be accepted until and unless the packet
+ * passes its authentication check
+ */
+ if (stream->ekt != NULL) {
+ status = srtp_stream_init_from_ekt(stream, srtcp_hdr, *pkt_octet_len);
+ if (status)
+ return status;
+ }
+
debug_print(mod_srtp, "srtcp using provisional stream (SSRC: 0x%08x)",
hdr->ssrc);
} else {
@@ -1640,7 +2874,26 @@ srtp_unprotect_rtcp(srtp_t ctx, void *srtcp_hdr, int *pkt_octet_len) {
}
/* get tag length from stream context */
- tag_len = auth_get_tag_length(stream->rtcp_auth);
+ tag_len = auth_get_tag_length(stream->rtcp_auth);
+
+ /* check the packet length - it must contain at least a full RTCP
+ header, an auth tag (if applicable), and the SRTCP encrypted flag
+ and 31-bit index value */
+ if (*pkt_octet_len < (int) (octets_in_rtcp_header + tag_len + sizeof(srtcp_trailer_t))) {
+ return err_status_bad_param;
+ }
+
+ /*
+ * Check if this is an AEAD stream (GCM mode). If so, then dispatch
+ * the request to our AEAD handler.
+ */
+ if (stream->rtp_cipher->algorithm == AES_128_GCM ||
+ stream->rtp_cipher->algorithm == AES_256_GCM) {
+ return srtp_unprotect_rtcp_aead(ctx, stream, srtcp_hdr, (unsigned int*)pkt_octet_len);
+ }
+
+ sec_serv_confidentiality = stream->rtcp_services == sec_serv_conf ||
+ stream->rtcp_services == sec_serv_conf_and_auth;
/*
* set encryption start, encryption length, and trailer
@@ -1657,8 +2910,13 @@ srtp_unprotect_rtcp(srtp_t ctx, void *srtcp_hdr, int *pkt_octet_len) {
* multiples of 32-bits (RFC 3550 6.1)
*/
trailer = (uint32_t *) ((char *) hdr +
- *pkt_octet_len -(tag_len + sizeof(srtcp_trailer_t)));
- if (*((unsigned char *) trailer) & SRTCP_E_BYTE_BIT) {
+ *pkt_octet_len -(tag_len + sizeof(srtcp_trailer_t)));
+ e_bit_in_packet =
+ (*((unsigned char *) trailer) & SRTCP_E_BYTE_BIT) == SRTCP_E_BYTE_BIT;
+ if (e_bit_in_packet != sec_serv_confidentiality) {
+ return err_status_cant_check;
+ }
+ if (sec_serv_confidentiality) {
enc_start = (uint32_t *)hdr + uint32s_in_rtcp_header;
} else {
enc_octet_len = 0;
@@ -1670,7 +2928,23 @@ srtp_unprotect_rtcp(srtp_t ctx, void *srtcp_hdr, int *pkt_octet_len) {
* (note that srtcp *always* uses authentication, unlike srtp)
*/
auth_start = (uint32_t *)hdr;
- auth_tag = (uint8_t *)hdr + *pkt_octet_len - tag_len;
+ auth_len = *pkt_octet_len - tag_len;
+ auth_tag = (uint8_t *)hdr + auth_len;
+
+ /*
+ * if EKT is in use, then we make a copy of the tag from the packet,
+ * and then zeroize the location of the base tag
+ *
+ * we first re-position the auth_tag pointer so that it points to
+ * the base tag
+ */
+ if (stream->ekt) {
+ auth_tag -= ekt_octets_after_base_tag(stream->ekt);
+ memcpy(tag_copy, auth_tag, tag_len);
+ octet_string_set_to_zero(auth_tag, tag_len);
+ auth_tag = tag_copy;
+ auth_len += tag_len;
+ }
/*
* check the sequence number for replays
@@ -1685,14 +2959,14 @@ srtp_unprotect_rtcp(srtp_t ctx, void *srtcp_hdr, int *pkt_octet_len) {
/*
* if we're using aes counter mode, set nonce and seq
*/
- if (stream->rtcp_cipher->type == &aes_icm) {
+ if (stream->rtcp_cipher->type->id == AES_ICM) {
v128_t iv;
iv.v32[0] = 0;
iv.v32[1] = hdr->ssrc; /* still in network order! */
iv.v32[2] = htonl(seq_num >> 16);
iv.v32[3] = htonl(seq_num << 16);
- status = aes_icm_set_iv((aes_icm_ctx_t*)stream->rtcp_cipher->state, &iv);
+ status = cipher_set_iv(stream->rtcp_cipher, &iv, direction_decrypt);
} else {
v128_t iv;
@@ -1702,7 +2976,7 @@ srtp_unprotect_rtcp(srtp_t ctx, void *srtcp_hdr, int *pkt_octet_len) {
iv.v32[1] = 0;
iv.v32[2] = 0;
iv.v32[3] = htonl(seq_num);
- status = cipher_set_iv(stream->rtcp_cipher, &iv);
+ status = cipher_set_iv(stream->rtcp_cipher, &iv, direction_decrypt);
}
if (status)
@@ -1713,8 +2987,7 @@ srtp_unprotect_rtcp(srtp_t ctx, void *srtcp_hdr, int *pkt_octet_len) {
/* run auth func over packet, put result into tmp_tag */
status = auth_compute(stream->rtcp_auth, (uint8_t *)auth_start,
- *pkt_octet_len - tag_len,
- tmp_tag);
+ auth_len, tmp_tag);
debug_print(mod_srtp, "srtcp computed tag: %s",
octet_string_hex_string(tmp_tag, tag_len));
if (status)
@@ -1741,15 +3014,21 @@ srtp_unprotect_rtcp(srtp_t ctx, void *srtcp_hdr, int *pkt_octet_len) {
/* if we're decrypting, exor keystream into the message */
if (enc_start) {
- status = cipher_encrypt(stream->rtcp_cipher,
+ status = cipher_decrypt(stream->rtcp_cipher,
(uint8_t *)enc_start, &enc_octet_len);
if (status)
return err_status_cipher_fail;
}
- /* decrease the packet length by the length of the auth tag and seq_num*/
+ /* decrease the packet length by the length of the auth tag and seq_num */
*pkt_octet_len -= (tag_len + sizeof(srtcp_trailer_t));
+ /*
+ * if EKT is in effect, subtract the EKT data out of the packet
+ * length
+ */
+ *pkt_octet_len -= ekt_octets_after_base_tag(stream->ekt);
+
/*
* verify that stream is for received traffic - this check will
* detect SSRC collisions, since a stream that appears in both
@@ -1803,6 +3082,20 @@ srtp_unprotect_rtcp(srtp_t ctx, void *srtcp_hdr, int *pkt_octet_len) {
}
+/*
+ * user data within srtp_t context
+ */
+
+void
+srtp_set_user_data(srtp_t ctx, void *data) {
+ ctx->user_data = data;
+}
+
+void*
+srtp_get_user_data(srtp_t ctx) {
+ return ctx->user_data;
+}
+
/*
* dtls keying for srtp
@@ -1823,10 +3116,14 @@ crypto_policy_set_from_profile_for_rtp(crypto_policy_t *policy,
case srtp_profile_null_sha1_80:
crypto_policy_set_null_cipher_hmac_sha1_80(policy);
break;
- /* the following profiles are not (yet) supported */
- case srtp_profile_null_sha1_32:
case srtp_profile_aes256_cm_sha1_80:
+ crypto_policy_set_aes_cm_256_hmac_sha1_80(policy);
+ break;
case srtp_profile_aes256_cm_sha1_32:
+ crypto_policy_set_aes_cm_256_hmac_sha1_32(policy);
+ break;
+ /* the following profiles are not (yet) supported */
+ case srtp_profile_null_sha1_32:
default:
return err_status_bad_param;
}
@@ -1844,15 +3141,23 @@ crypto_policy_set_from_profile_for_rtcp(crypto_policy_t *policy,
crypto_policy_set_aes_cm_128_hmac_sha1_80(policy);
break;
case srtp_profile_aes128_cm_sha1_32:
- crypto_policy_set_aes_cm_128_hmac_sha1_32(policy);
+ /* We do not honor the 32-bit auth tag request since
+ * this is not compliant with RFC 3711 */
+ crypto_policy_set_aes_cm_128_hmac_sha1_80(policy);
break;
case srtp_profile_null_sha1_80:
crypto_policy_set_null_cipher_hmac_sha1_80(policy);
break;
- /* the following profiles are not (yet) supported */
- case srtp_profile_null_sha1_32:
case srtp_profile_aes256_cm_sha1_80:
+ crypto_policy_set_aes_cm_256_hmac_sha1_80(policy);
+ break;
case srtp_profile_aes256_cm_sha1_32:
+ /* We do not honor the 32-bit auth tag request since
+ * this is not compliant with RFC 3711 */
+ crypto_policy_set_aes_cm_256_hmac_sha1_80(policy);
+ break;
+ /* the following profiles are not (yet) supported */
+ case srtp_profile_null_sha1_32:
default:
return err_status_bad_param;
}
@@ -1881,10 +3186,14 @@ srtp_profile_get_master_key_length(srtp_profile_t profile) {
case srtp_profile_null_sha1_80:
return 16;
break;
- /* the following profiles are not (yet) supported */
- case srtp_profile_null_sha1_32:
case srtp_profile_aes256_cm_sha1_80:
+ return 32;
+ break;
case srtp_profile_aes256_cm_sha1_32:
+ return 32;
+ break;
+ /* the following profiles are not (yet) supported */
+ case srtp_profile_null_sha1_32:
default:
return 0; /* indicate error by returning a zero */
}
@@ -1903,10 +3212,14 @@ srtp_profile_get_master_salt_length(srtp_profile_t profile) {
case srtp_profile_null_sha1_80:
return 14;
break;
- /* the following profiles are not (yet) supported */
- case srtp_profile_null_sha1_32:
case srtp_profile_aes256_cm_sha1_80:
+ return 14;
+ break;
case srtp_profile_aes256_cm_sha1_32:
+ return 14;
+ break;
+ /* the following profiles are not (yet) supported */
+ case srtp_profile_null_sha1_32:
default:
return 0; /* indicate error by returning a zero */
}
diff --git a/third_party/srtp/tables/aes_tables.c b/third_party/srtp/tables/aes_tables.c
index b2bc1d78..96d28ce7 100644
--- a/third_party/srtp/tables/aes_tables.c
+++ b/third_party/srtp/tables/aes_tables.c
@@ -42,6 +42,10 @@
*
*/
+#ifdef HAVE_CONFIG_H
+ #include <config.h>
+#endif
+
#include <stdio.h>
#include "gf2_8.h"
#include "crypto_math.h"
diff --git a/third_party/srtp/test/dtls_srtp_driver.c b/third_party/srtp/test/dtls_srtp_driver.c
index a8eddc08..48e72fbf 100644
--- a/third_party/srtp/test/dtls_srtp_driver.c
+++ b/third_party/srtp/test/dtls_srtp_driver.c
@@ -47,7 +47,7 @@
#include "srtp_priv.h"
err_status_t
-test_dtls_srtp();
+test_dtls_srtp(void);
srtp_hdr_t *
srtp_create_test_packet(int pkt_octet_len, uint32_t ssrc);
@@ -63,7 +63,7 @@ usage(char *prog_name) {
int
main(int argc, char *argv[]) {
unsigned do_list_mods = 0;
- char q;
+ int q;
err_status_t err;
printf("dtls_srtp_driver\n");
@@ -112,12 +112,19 @@ main(int argc, char *argv[]) {
}
printf("passed\n");
+ /* shut down srtp library */
+ err = srtp_shutdown();
+ if (err) {
+ printf("error: srtp shutdown failed with error code %d\n", err);
+ exit(1);
+ }
+
return 0;
}
err_status_t
-test_dtls_srtp() {
+test_dtls_srtp(void) {
srtp_hdr_t *test_packet;
int test_packet_len = 80;
srtp_t s;
@@ -183,12 +190,21 @@ test_dtls_srtp() {
err = crypto_policy_set_from_profile_for_rtcp(&policy.rtcp, profile);
if (err) return err;
policy.ssrc.type = ssrc_any_inbound;
+ policy.ekt = NULL;
+ policy.window_size = 128;
+ policy.allow_repeat_tx = 0;
policy.next = NULL;
err = srtp_add_stream(s, &policy);
if (err)
return err;
+ err = srtp_dealloc(s);
+ if (err)
+ return err;
+
+ free(test_packet);
+
return err_status_ok;
}
diff --git a/third_party/srtp/test/lfsr.c b/third_party/srtp/test/lfsr.c
index 28ea02eb..240590c5 100644
--- a/third_party/srtp/test/lfsr.c
+++ b/third_party/srtp/test/lfsr.c
@@ -3,6 +3,41 @@
*
*/
+/*
+ *
+ * Copyright (c) 2001-2006, Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following
+ * disclaimer in the documentation and/or other materials provided
+ * with the distribution.
+ *
+ * Neither the name of the Cisco Systems, Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
#include <stdio.h>
#include "datatypes.h"
diff --git a/third_party/srtp/test/rdbx_driver.c b/third_party/srtp/test/rdbx_driver.c
index 7db67a2b..90bd72e7 100644
--- a/third_party/srtp/test/rdbx_driver.c
+++ b/third_party/srtp/test/rdbx_driver.c
@@ -43,6 +43,10 @@
*
*/
+#ifdef HAVE_CONFIG_H
+ #include <config.h>
+#endif
+
#include <stdio.h> /* for printf() */
#include "getopt_s.h" /* for local getopt() */
@@ -55,10 +59,10 @@
#include "ut_sim.h"
err_status_t
-test_replay_dbx(int num_trials);
+test_replay_dbx(int num_trials, unsigned long ws);
double
-rdbx_check_adds_per_second(int num_trials);
+rdbx_check_adds_per_second(int num_trials, unsigned long ws);
void
usage(char *prog_name) {
@@ -70,7 +74,7 @@ int
main (int argc, char *argv[]) {
double rate;
err_status_t status;
- char q;
+ int q;
unsigned do_timing_test = 0;
unsigned do_validation = 0;
@@ -99,9 +103,18 @@ main (int argc, char *argv[]) {
usage(argv[0]);
if (do_validation) {
- printf("testing rdbx_t...\n");
+ printf("testing rdbx_t (ws=128)...\n");
+
+ status = test_replay_dbx(1 << 12, 128);
+ if (status) {
+ printf("failed\n");
+ exit(1);
+ }
+ printf("passed\n");
- status = test_replay_dbx(1 << 12);
+ printf("testing rdbx_t (ws=1024)...\n");
+
+ status = test_replay_dbx(1 << 12, 1024);
if (status) {
printf("failed\n");
exit(1);
@@ -110,8 +123,10 @@ main (int argc, char *argv[]) {
}
if (do_timing_test) {
- rate = rdbx_check_adds_per_second(1 << 18);
- printf("rdbx_check/replay_adds per second: %e\n", rate);
+ rate = rdbx_check_adds_per_second(1 << 18, 128);
+ printf("rdbx_check/replay_adds per second (ws=128): %e\n", rate);
+ rate = rdbx_check_adds_per_second(1 << 18, 1024);
+ printf("rdbx_check/replay_adds per second (ws=1024): %e\n", rate);
}
return 0;
@@ -119,8 +134,11 @@ main (int argc, char *argv[]) {
void
print_rdbx(rdbx_t *rdbx) {
+ char buf[2048];
printf("rdbx: {%llu, %s}\n",
- (unsigned long long)(rdbx->index), v128_bit_string(&rdbx->bitmask));
+ (unsigned long long)(rdbx->index),
+ bitvector_bit_string(&rdbx->bitmask, buf, sizeof(buf))
+);
}
@@ -183,28 +201,38 @@ rdbx_check_expect_failure(rdbx_t *rdbx, uint32_t idx) {
}
err_status_t
-rdbx_check_unordered(rdbx_t *rdbx, uint32_t idx) {
+rdbx_check_add_unordered(rdbx_t *rdbx, uint32_t idx) {
+ int delta;
+ xtd_seq_num_t est;
err_status_t rstat;
- rstat = rdbx_check(rdbx, idx);
+ delta = index_guess(&rdbx->index, &est, idx);
+
+ rstat = rdbx_check(rdbx, delta);
if ((rstat != err_status_ok) && (rstat != err_status_replay_old)) {
- printf("replay_check_unordered failed at index %u\n", idx);
+ printf("replay_check_add_unordered failed at index %u\n", idx);
return err_status_algo_fail;
}
+ if (rstat == err_status_replay_old) {
+ return err_status_ok;
+ }
+ if (rdbx_add_index(rdbx, delta) != err_status_ok) {
+ printf("rdbx_add_index failed at index %u\n", idx);
+ return err_status_algo_fail;
+ }
+
return err_status_ok;
}
-#define MAX_IDX 160
-
err_status_t
-test_replay_dbx(int num_trials) {
+test_replay_dbx(int num_trials, unsigned long ws) {
rdbx_t rdbx;
uint32_t idx, ircvd;
ut_connection utc;
err_status_t status;
int num_fp_trials;
- status = rdbx_init(&rdbx);
+ status = rdbx_init(&rdbx, ws);
if (status) {
printf("replay_init failed with error code %d\n", status);
exit(1);
@@ -214,7 +242,7 @@ test_replay_dbx(int num_trials) {
* test sequential insertion
*/
printf("\ttesting sequential insertion...");
- for (idx=0; idx < num_trials; idx++) {
+ for (idx=0; (int) idx < num_trials; idx++) {
status = rdbx_check_add(&rdbx, idx);
if (status)
return status;
@@ -233,7 +261,7 @@ test_replay_dbx(int num_trials) {
printf("warning: no false positive tests performed\n");
}
printf("\ttesting for false positives...");
- for (idx=0; idx < num_fp_trials; idx++) {
+ for (idx=0; (int) idx < num_fp_trials; idx++) {
status = rdbx_check_expect_failure(&rdbx, idx);
if (status)
return status;
@@ -241,7 +269,9 @@ test_replay_dbx(int num_trials) {
printf("passed\n");
/* re-initialize */
- if (rdbx_init(&rdbx) != err_status_ok) {
+ rdbx_dealloc(&rdbx);
+
+ if (rdbx_init(&rdbx, ws) != err_status_ok) {
printf("replay_init failed\n");
return err_status_init_fail;
}
@@ -255,14 +285,42 @@ test_replay_dbx(int num_trials) {
ut_init(&utc);
printf("\ttesting non-sequential insertion...");
- for (idx=0; idx < num_trials; idx++) {
+ for (idx=0; (int) idx < num_trials; idx++) {
ircvd = ut_next_index(&utc);
- status = rdbx_check_unordered(&rdbx, ircvd);
+ status = rdbx_check_add_unordered(&rdbx, ircvd);
if (status)
return status;
+ status = rdbx_check_expect_failure(&rdbx, ircvd);
+ if (status)
+ return status;
}
printf("passed\n");
+ /* re-initialize */
+ rdbx_dealloc(&rdbx);
+
+ if (rdbx_init(&rdbx, ws) != err_status_ok) {
+ printf("replay_init failed\n");
+ return err_status_init_fail;
+ }
+
+ /*
+ * test insertion with large gaps.
+ * check for false positives for each insertion.
+ */
+ printf("\ttesting insertion with large gaps...");
+ for (idx=0, ircvd=0; (int) idx < num_trials; idx++, ircvd += (1 << (rand() % 12))) {
+ status = rdbx_check_add(&rdbx, ircvd);
+ if (status)
+ return status;
+ status = rdbx_check_expect_failure(&rdbx, ircvd);
+ if (status)
+ return status;
+ }
+ printf("passed\n");
+
+ rdbx_dealloc(&rdbx);
+
return err_status_ok;
}
@@ -272,7 +330,7 @@ test_replay_dbx(int num_trials) {
#include <stdlib.h> /* for random() */
double
-rdbx_check_adds_per_second(int num_trials) {
+rdbx_check_adds_per_second(int num_trials, unsigned long ws) {
uint32_t i;
int delta;
rdbx_t rdbx;
@@ -280,14 +338,14 @@ rdbx_check_adds_per_second(int num_trials) {
clock_t timer;
int failures; /* count number of failures */
- if (rdbx_init(&rdbx) != err_status_ok) {
+ if (rdbx_init(&rdbx, ws) != err_status_ok) {
printf("replay_init failed\n");
exit(1);
}
failures = 0;
timer = clock();
- for(i=0; i < num_trials; i++) {
+ for(i=0; (int) i < num_trials; i++) {
delta = index_guess(&rdbx.index, &est, i);
@@ -301,6 +359,8 @@ rdbx_check_adds_per_second(int num_trials) {
printf("number of failures: %d \n", failures);
+ rdbx_dealloc(&rdbx);
+
return (double) CLOCKS_PER_SEC * num_trials / timer;
}
diff --git a/third_party/srtp/test/replay_driver.c b/third_party/srtp/test/replay_driver.c
index 369a77a4..e4d17015 100644
--- a/third_party/srtp/test/replay_driver.c
+++ b/third_party/srtp/test/replay_driver.c
@@ -43,6 +43,10 @@
*
*/
+#ifdef HAVE_CONFIG_H
+ #include <config.h>
+#endif
+
#include <stdio.h>
#include "rdb.h"
@@ -114,15 +118,23 @@ rdb_check_expect_failure(rdb_t *rdb, uint32_t idx) {
}
err_status_t
-rdb_check_unordered(rdb_t *rdb, uint32_t idx) {
+rdb_check_add_unordered(rdb_t *rdb, uint32_t idx) {
err_status_t rstat;
/* printf("index: %u\n", idx); */
rstat = rdb_check(rdb, idx);
if ((rstat != err_status_ok) && (rstat != err_status_replay_old)) {
- printf("rdb_check_unordered failed at index %u\n", idx);
+ printf("rdb_check_add_unordered failed at index %u\n", idx);
return rstat;
}
+ if (rstat == err_status_replay_old) {
+ return err_status_ok;
+ }
+ if (rdb_add_index(rdb, idx) != err_status_ok) {
+ printf("rdb_add_index failed at index %u\n", idx);
+ return err_status_fail;
+ }
+
return err_status_ok;
}
@@ -163,11 +175,51 @@ test_rdb_db() {
for (idx=0; idx < num_trials; idx++) {
ircvd = ut_next_index(&utc);
- err = rdb_check_unordered(&rdb, ircvd);
+ err = rdb_check_add_unordered(&rdb, ircvd);
if (err)
return err;
+ err = rdb_check_expect_failure(&rdb, ircvd);
+ if (err)
+ return err;
+ }
+
+ /* re-initialize */
+ if (rdb_init(&rdb) != err_status_ok) {
+ printf("rdb_init failed\n");
+ return err_status_fail;
+ }
+
+ /* test insertion with large gaps */
+ for (idx=0, ircvd=0; idx < num_trials; idx++, ircvd += (1 << (rand() % 10))) {
+ err = rdb_check_add(&rdb, ircvd);
+ if (err)
+ return err;
+ err = rdb_check_expect_failure(&rdb, ircvd);
+ if (err)
+ return err;
}
+ /* re-initialize */
+ if (rdb_init(&rdb) != err_status_ok) {
+ printf("rdb_init failed\n");
+ return err_status_fail;
+ }
+
+ /* test loss of first 513 packets */
+ for (idx=0; idx < num_trials; idx++) {
+ err = rdb_check_add(&rdb, idx + 513);
+ if (err)
+ return err;
+ }
+
+ /* test for false positives */
+ for (idx=0; idx < num_trials + 513; idx++) {
+ err = rdb_check_expect_failure(&rdb, idx);
+ if (err)
+ return err;
+ }
+
+
return err_status_ok;
}
diff --git a/third_party/srtp/test/roc_driver.c b/third_party/srtp/test/roc_driver.c
index 396c9a79..6fdc6f19 100644
--- a/third_party/srtp/test/roc_driver.c
+++ b/third_party/srtp/test/roc_driver.c
@@ -44,6 +44,10 @@
*/
+#ifdef HAVE_CONFIG_H
+ #include <config.h>
+#endif
+
#include <stdio.h>
/*
@@ -138,6 +142,12 @@ roc_test(int num_trials) {
ref, local, est, ircvd, delta);
#endif
+ if (local + delta != est) {
+ printf(" *bad delta*: local %llu + delta %d != est %llu\n",
+ (unsigned long long)local, delta, (unsigned long long)est);
+ return err_status_algo_fail;
+ }
+
/* now update local xtd_seq_num_t as necessary */
if (delta > 0)
index_advance(&local, delta);
diff --git a/third_party/srtp/test/rtp.c b/third_party/srtp/test/rtp.c
index 69968f3f..20c50f46 100644
--- a/third_party/srtp/test/rtp.c
+++ b/third_party/srtp/test/rtp.c
@@ -7,6 +7,41 @@
* Cisco Systems, Inc.
*/
+/*
+ *
+ * Copyright (c) 2001-2006, Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following
+ * disclaimer in the documentation and/or other materials provided
+ * with the distribution.
+ *
+ * Neither the name of the Cisco Systems, Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
#include "rtp_priv.h"
@@ -21,7 +56,7 @@
#define PRINT_DEBUG 0 /* set to 1 to print out debugging data */
#define VERBOSE_DEBUG 0 /* set to 1 to print out more data */
-unsigned int
+int
rtp_sendto(rtp_sender_t sender, const void* msg, int len) {
int octets_sent;
err_status_t stat;
@@ -61,7 +96,7 @@ rtp_sendto(rtp_sender_t sender, const void* msg, int len) {
return octets_sent;
}
-unsigned int
+int
rtp_recvfrom(rtp_receiver_t receiver, void *msg, int *len) {
int octets_recvd;
err_status_t stat;
@@ -69,6 +104,11 @@ rtp_recvfrom(rtp_receiver_t receiver, void *msg, int *len) {
octets_recvd = recvfrom(receiver->socket, (void *)&receiver->message,
*len, 0, (struct sockaddr *) NULL, 0);
+ if (octets_recvd == -1) {
+ *len = 0;
+ return -1;
+ }
+
/* verify rtp header */
if (receiver->message.header.version != 2) {
*len = 0;
@@ -100,7 +140,7 @@ rtp_recvfrom(rtp_receiver_t receiver, void *msg, int *len) {
int
rtp_sender_init(rtp_sender_t sender,
- int socket,
+ int sock,
struct sockaddr_in addr,
unsigned int ssrc) {
@@ -116,7 +156,7 @@ rtp_sender_init(rtp_sender_t sender,
sender->message.header.cc = 0;
/* set other stuff */
- sender->socket = socket;
+ sender->socket = sock;
sender->addr = addr;
return 0;
@@ -124,7 +164,7 @@ rtp_sender_init(rtp_sender_t sender,
int
rtp_receiver_init(rtp_receiver_t rcvr,
- int socket,
+ int sock,
struct sockaddr_in addr,
unsigned int ssrc) {
@@ -140,7 +180,7 @@ rtp_receiver_init(rtp_receiver_t rcvr,
rcvr->message.header.cc = 0;
/* set other stuff */
- rcvr->socket = socket;
+ rcvr->socket = sock;
rcvr->addr = addr;
return 0;
@@ -152,16 +192,36 @@ rtp_sender_init_srtp(rtp_sender_t sender, const srtp_policy_t *policy) {
}
int
+rtp_sender_deinit_srtp(rtp_sender_t sender) {
+ return srtp_dealloc(sender->srtp_ctx);
+}
+
+int
rtp_receiver_init_srtp(rtp_receiver_t sender, const srtp_policy_t *policy) {
return srtp_create(&sender->srtp_ctx, policy);
}
+int
+rtp_receiver_deinit_srtp(rtp_receiver_t sender) {
+ return srtp_dealloc(sender->srtp_ctx);
+}
+
rtp_sender_t
-rtp_sender_alloc() {
+rtp_sender_alloc(void) {
return (rtp_sender_t)malloc(sizeof(rtp_sender_ctx_t));
}
+void
+rtp_sender_dealloc(rtp_sender_t rtp_ctx) {
+ free(rtp_ctx);
+}
+
rtp_receiver_t
-rtp_receiver_alloc() {
+rtp_receiver_alloc(void) {
return (rtp_receiver_t)malloc(sizeof(rtp_receiver_ctx_t));
}
+
+void
+rtp_receiver_dealloc(rtp_receiver_t rtp_ctx) {
+ free(rtp_ctx);
+}
diff --git a/third_party/srtp/test/rtp_decoder.c b/third_party/srtp/test/rtp_decoder.c
new file mode 100644
index 00000000..57e2d331
--- /dev/null
+++ b/third_party/srtp/test/rtp_decoder.c
@@ -0,0 +1,515 @@
+/*
+ * rtp_decoder.c
+ *
+ * decoder structures and functions for SRTP pcap decoder
+ *
+ * Example:
+ * $ wget --no-check-certificate https://raw.githubusercontent.com/gteissier/srtp-decrypt/master/marseillaise-srtp.pcap
+ * $ ./test/rtp_decoder -a -t 0 -e 128 -b aSBrbm93IGFsbCB5b3VyIGxpdHRsZSBzZWNyZXRz \
+ * < ~/marseillaise-srtp.pcap | text2pcap -t "%M:%S." -u 10000,10000 - - > ./marseillaise-rtp.pcap
+ *
+ * Bernardo Torres <bernardo@torresautomacao.com.br>
+ *
+ * Some structure and code from https://github.com/gteissier/srtp-decrypt
+ */
+/*
+ *
+ * Copyright (c) 2001-2006 Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following
+ * disclaimer in the documentation and/or other materials provided
+ * with the distribution.
+ *
+ * Neither the name of the Cisco Systems, Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+#include "getopt_s.h" /* for local getopt() */
+#include <assert.h> /* for assert() */
+
+#include <pcap.h>
+#include "rtp_decoder.h"
+
+#define MAX_KEY_LEN 96
+#define MAX_FILTER 256
+
+int
+main (int argc, char *argv[]) {
+ char errbuf[PCAP_ERRBUF_SIZE];
+ bpf_u_int32 pcap_net = 0;
+ pcap_t *pcap_handle;
+#if BEW
+ struct sockaddr_in local;
+#endif
+ sec_serv_t sec_servs = sec_serv_none;
+ int c;
+ int key_size = 128;
+ int tag_size = 8;
+ int gcm_on = 0;
+ char *input_key = NULL;
+ int b64_input = 0;
+ char key[MAX_KEY_LEN];
+ struct bpf_program fp;
+ char filter_exp[MAX_FILTER] = "";
+ rtp_decoder_t dec;
+ srtp_policy_t policy;
+ err_status_t status;
+ int len;
+ int expected_len;
+ int do_list_mods = 0;
+
+ fprintf(stderr, "Using %s [0x%x]\n", srtp_get_version_string(), srtp_get_version());
+
+ /* initialize srtp library */
+ status = srtp_init();
+ if (status) {
+ fprintf(stderr, "error: srtp initialization failed with error code %d\n", status);
+ exit(1);
+ }
+
+ /* check args */
+ while (1) {
+ c = getopt_s(argc, argv, "b:k:gt:ae:ld:f:");
+ if (c == -1) {
+ break;
+ }
+ switch (c) {
+ case 'b':
+ b64_input = 1;
+ /* fall thru */
+ case 'k':
+ input_key = optarg_s;
+ break;
+ case 'e':
+ key_size = atoi(optarg_s);
+ if (key_size != 128 && key_size != 256) {
+ fprintf(stderr, "error: encryption key size must be 128 or 256 (%d)\n", key_size);
+ exit(1);
+ }
+ input_key = malloc(key_size);
+ sec_servs |= sec_serv_conf;
+ break;
+ case 't':
+ tag_size = atoi(optarg_s);
+ if (tag_size != 8 && tag_size != 16) {
+ fprintf(stderr, "error: GCM tag size must be 8 or 16 (%d)\n", tag_size);
+ //exit(1);
+ }
+ break;
+ case 'a':
+ sec_servs |= sec_serv_auth;
+ break;
+ case 'g':
+ gcm_on = 1;
+ sec_servs |= sec_serv_auth;
+ break;
+ case 'd':
+ status = crypto_kernel_set_debug_module(optarg_s, 1);
+ if (status) {
+ fprintf(stderr, "error: set debug module (%s) failed\n", optarg_s);
+ exit(1);
+ }
+ break;
+ case 'f':
+ if(strlen(optarg_s) > MAX_FILTER){
+ fprintf(stderr, "error: filter bigger than %d characters\n", MAX_FILTER);
+ exit(1);
+ }
+ fprintf(stderr, "Setting filter as %s\n", optarg_s);
+ strcpy(filter_exp, optarg_s);
+ break;
+ case 'l':
+ do_list_mods = 1;
+ break;
+ default:
+ usage(argv[0]);
+ }
+ }
+
+ if (do_list_mods) {
+ status = crypto_kernel_list_debug_modules();
+ if (status) {
+ fprintf(stderr, "error: list of debug modules failed\n");
+ exit(1);
+ }
+ return 0;
+ }
+
+ if ((sec_servs && !input_key) || (!sec_servs && input_key)) {
+ /*
+ * a key must be provided if and only if security services have
+ * been requested
+ */
+ if(input_key == NULL){
+ fprintf(stderr, "key not provided\n");
+ }
+ if(!sec_servs){
+ fprintf(stderr, "no secservs\n");
+ }
+ fprintf(stderr, "provided\n");
+ usage(argv[0]);
+ }
+
+
+
+ /* report security services selected on the command line */
+ fprintf(stderr, "security services: ");
+ if (sec_servs & sec_serv_conf)
+ fprintf(stderr, "confidentiality ");
+ if (sec_servs & sec_serv_auth)
+ fprintf(stderr, "message authentication");
+ if (sec_servs == sec_serv_none)
+ fprintf(stderr, "none");
+ fprintf(stderr, "\n");
+
+ /* set up the srtp policy and master key */
+ if (sec_servs) {
+ /*
+ * create policy structure, using the default mechanisms but
+ * with only the security services requested on the command line,
+ * using the right SSRC value
+ */
+ switch (sec_servs) {
+ case sec_serv_conf_and_auth:
+ if (gcm_on) {
+#ifdef OPENSSL
+ switch (key_size) {
+ case 128:
+ crypto_policy_set_aes_gcm_128_8_auth(&policy.rtp);
+ crypto_policy_set_aes_gcm_128_8_auth(&policy.rtcp);
+ break;
+ case 256:
+ crypto_policy_set_aes_gcm_256_8_auth(&policy.rtp);
+ crypto_policy_set_aes_gcm_256_8_auth(&policy.rtcp);
+ break;
+ }
+#else
+ fprintf(stderr, "error: GCM mode only supported when using the OpenSSL crypto engine.\n");
+ return 0;
+#endif
+ } else {
+ switch (key_size) {
+ case 128:
+ crypto_policy_set_rtp_default(&policy.rtp);
+ crypto_policy_set_rtcp_default(&policy.rtcp);
+ break;
+ case 256:
+ crypto_policy_set_aes_cm_256_hmac_sha1_80(&policy.rtp);
+ crypto_policy_set_rtcp_default(&policy.rtcp);
+ break;
+ }
+ }
+ break;
+ case sec_serv_conf:
+ if (gcm_on) {
+ fprintf(stderr, "error: GCM mode must always be used with auth enabled\n");
+ return -1;
+ } else {
+ switch (key_size) {
+ case 128:
+ crypto_policy_set_aes_cm_128_null_auth(&policy.rtp);
+ crypto_policy_set_rtcp_default(&policy.rtcp);
+ break;
+ case 256:
+ crypto_policy_set_aes_cm_256_null_auth(&policy.rtp);
+ crypto_policy_set_rtcp_default(&policy.rtcp);
+ break;
+ }
+ }
+ break;
+ case sec_serv_auth:
+ if (gcm_on) {
+#ifdef OPENSSL
+ switch (key_size) {
+ case 128:
+ crypto_policy_set_aes_gcm_128_8_only_auth(&policy.rtp);
+ crypto_policy_set_aes_gcm_128_8_only_auth(&policy.rtcp);
+ break;
+ case 256:
+ crypto_policy_set_aes_gcm_256_8_only_auth(&policy.rtp);
+ crypto_policy_set_aes_gcm_256_8_only_auth(&policy.rtcp);
+ break;
+ }
+#else
+ printf("error: GCM mode only supported when using the OpenSSL crypto engine.\n");
+ return 0;
+#endif
+ } else {
+ crypto_policy_set_null_cipher_hmac_sha1_80(&policy.rtp);
+ crypto_policy_set_rtcp_default(&policy.rtcp);
+ }
+ break;
+ default:
+ fprintf(stderr, "error: unknown security service requested\n");
+ return -1;
+ }
+
+ policy.key = (uint8_t *) key;
+ policy.ekt = NULL;
+ policy.next = NULL;
+ policy.window_size = 128;
+ policy.allow_repeat_tx = 0;
+ policy.rtp.sec_serv = sec_servs;
+ policy.rtcp.sec_serv = sec_servs; //sec_serv_none; /* we don't do RTCP anyway */
+ fprintf(stderr, "setting tag len %d\n", tag_size);
+policy.rtp.auth_tag_len = tag_size;
+
+ if (gcm_on && tag_size != 8) {
+ fprintf(stderr, "setted tag len %d\n", tag_size);
+ policy.rtp.auth_tag_len = tag_size;
+ }
+
+ /*
+ * read key from hexadecimal or base64 on command line into an octet string
+ */
+ if (b64_input) {
+ int pad;
+ expected_len = policy.rtp.cipher_key_len*4/3;
+ len = base64_string_to_octet_string(key, &pad, input_key, expected_len);
+ if (pad != 0) {
+ fprintf(stderr, "error: padding in base64 unexpected\n");
+ exit(1);
+ }
+ } else {
+ expected_len = policy.rtp.cipher_key_len*2;
+ len = hex_string_to_octet_string(key, input_key, expected_len);
+ }
+ /* check that hex string is the right length */
+ if (len < expected_len) {
+ fprintf(stderr,
+ "error: too few digits in key/salt "
+ "(should be %d digits, found %d)\n",
+ expected_len, len);
+ exit(1);
+ }
+ if (strlen(input_key) > policy.rtp.cipher_key_len*2) {
+ fprintf(stderr,
+ "error: too many digits in key/salt "
+ "(should be %d hexadecimal digits, found %u)\n",
+ policy.rtp.cipher_key_len*2, (unsigned)strlen(input_key));
+ exit(1);
+ }
+
+ fprintf(stderr, "set master key/salt to %s/", octet_string_hex_string(key, 16));
+ fprintf(stderr, "%s\n", octet_string_hex_string(key+16, 14));
+
+ } else {
+ /*
+ * we're not providing security services, so set the policy to the
+ * null policy
+ *
+ * Note that this policy does not conform to the SRTP
+ * specification, since RTCP authentication is required. However,
+ * the effect of this policy is to turn off SRTP, so that this
+ * application is now a vanilla-flavored RTP application.
+ */
+ policy.key = (uint8_t *)key;
+ policy.ssrc.type = ssrc_specific;
+ policy.rtp.cipher_type = NULL_CIPHER;
+ policy.rtp.cipher_key_len = 0;
+ policy.rtp.auth_type = NULL_AUTH;
+ policy.rtp.auth_key_len = 0;
+ policy.rtp.auth_tag_len = 0;
+ policy.rtp.sec_serv = sec_serv_none;
+ policy.rtcp.cipher_type = NULL_CIPHER;
+ policy.rtcp.cipher_key_len = 0;
+ policy.rtcp.auth_type = NULL_AUTH;
+ policy.rtcp.auth_key_len = 0;
+ policy.rtcp.auth_tag_len = 0;
+ policy.rtcp.sec_serv = sec_serv_none;
+ policy.window_size = 0;
+ policy.allow_repeat_tx = 0;
+ policy.ekt = NULL;
+ policy.next = NULL;
+ }
+
+ pcap_handle = pcap_open_offline("-", errbuf);
+
+ if (!pcap_handle) {
+ fprintf(stderr, "libpcap failed to open file '%s'\n", errbuf);
+ exit(1);
+ }
+ assert(pcap_handle != NULL);
+ if ((pcap_compile(pcap_handle, &fp, filter_exp, 1, pcap_net)) == -1){
+ fprintf(stderr, "Couldn't parse filter %s: %s\n", filter_exp,
+ pcap_geterr(pcap_handle));
+ return (2);
+ }
+ if (pcap_setfilter(pcap_handle, &fp) == -1){
+ fprintf(stderr, "couldn't install filter %s: %s\n", filter_exp,
+ pcap_geterr(pcap_handle));
+ return (2);
+ }
+ dec = rtp_decoder_alloc();
+ if (dec == NULL) {
+ fprintf(stderr, "error: malloc() failed\n");
+ exit(1);
+ }
+ fprintf(stderr, "Starting decoder\n");
+ rtp_decoder_init(dec, policy);
+
+ pcap_loop(pcap_handle, 0, rtp_decoder_handle_pkt, (u_char *)dec);
+
+ rtp_decoder_deinit_srtp(dec);
+ rtp_decoder_dealloc(dec);
+
+ status = srtp_shutdown();
+ if (status) {
+ fprintf(stderr, "error: srtp shutdown failed with error code %d\n", status);
+ exit(1);
+ }
+
+ return 0;
+}
+
+
+void
+usage(char *string) {
+
+ fprintf(stderr, "usage: %s [-d <debug>]* [[-k][-b] <key> [-a][-e]]\n"
+ "or %s -l\n"
+ "where -a use message authentication\n"
+ " -e <key size> use encryption (use 128 or 256 for key size)\n"
+ " -g Use AES-GCM mode (must be used with -e)\n"
+ " -t <tag size> Tag size to use in GCM mode (use 8 or 16)\n"
+ " -k <key> sets the srtp master key given in hexadecimal\n"
+ " -b <key> sets the srtp master key given in base64\n"
+ " -l list debug modules\n"
+ " -f \"<pcap filter>\" to filter only the desired SRTP packets\n"
+ " -d <debug> turn on debugging for module <debug>\n",
+ string, string);
+ exit(1);
+
+}
+
+rtp_decoder_t
+rtp_decoder_alloc(void) {
+ return (rtp_decoder_t)malloc(sizeof(rtp_decoder_ctx_t));
+}
+
+void
+rtp_decoder_dealloc(rtp_decoder_t rtp_ctx) {
+ free(rtp_ctx);
+}
+
+err_status_t
+rtp_decoder_init_srtp(rtp_decoder_t decoder, unsigned int ssrc) {
+ decoder->policy.ssrc.value = htonl(ssrc);
+ return srtp_create(&decoder->srtp_ctx, &decoder->policy);
+}
+
+int
+rtp_decoder_deinit_srtp(rtp_decoder_t decoder) {
+ return srtp_dealloc(decoder->srtp_ctx);
+}
+
+int
+rtp_decoder_init(rtp_decoder_t dcdr, srtp_policy_t policy){
+ dcdr->rtp_offset = DEFAULT_RTP_OFFSET;
+ dcdr->srtp_ctx = NULL;
+ dcdr->start_tv.tv_usec = 0;
+ dcdr->start_tv.tv_sec = 0;
+ dcdr->frame_nr = -1;
+ dcdr->policy = policy;
+ dcdr->policy.ssrc.type = ssrc_specific;
+ return 0;
+}
+
+/*
+ * decodes key as base64
+ */
+
+void hexdump(const void *ptr, size_t size) {
+ int i, j;
+ const unsigned char *cptr = ptr;
+
+ for (i = 0; i < size; i += 16) {
+ fprintf(stdout, "%04x ", i);
+ for (j = 0; j < 16 && i+j < size; j++) {
+ fprintf(stdout, "%02x ", cptr[i+j]);
+ }
+ fprintf(stdout, "\n");
+ }
+}
+
+void
+rtp_decoder_handle_pkt(u_char *arg, const struct pcap_pkthdr *hdr,
+ const u_char *bytes){
+ rtp_decoder_t dcdr = (rtp_decoder_t)arg;
+ int pktsize;
+ struct timeval delta;
+ int octets_recvd;
+ err_status_t status;
+ dcdr->frame_nr++;
+
+ if (dcdr->start_tv.tv_sec == 0 && dcdr->start_tv.tv_sec == 0) {
+ dcdr->start_tv = hdr->ts;
+ }
+
+ if (hdr->caplen < dcdr->rtp_offset) {
+ return;
+ }
+ const void *rtp_packet = bytes + dcdr->rtp_offset;
+
+ memcpy((void *)&dcdr->message, rtp_packet, hdr->caplen - dcdr->rtp_offset);
+ pktsize = hdr->caplen - dcdr->rtp_offset;
+ octets_recvd = pktsize;
+
+ if (octets_recvd == -1) {
+ return;
+ }
+
+ /* verify rtp header */
+ if (dcdr->message.header.version != 2) {
+ return; //return -1;
+ }
+ if(dcdr->srtp_ctx == NULL){
+ status = rtp_decoder_init_srtp(dcdr, dcdr->message.header.ssrc);
+ if (status) {
+ exit(1);
+ }
+ }
+ if(dcdr->srtp_ctx != NULL){
+ }
+ status = srtp_unprotect(dcdr->srtp_ctx, &dcdr->message, &octets_recvd);
+ if (status){
+ return;
+ }
+ timersub(&hdr->ts, &dcdr->start_tv, &delta);
+ fprintf(stdout, "%02ld:%02ld.%06lu\n", delta.tv_sec/60, delta.tv_sec%60, delta.tv_usec);
+ hexdump(&dcdr->message, pktsize);
+}
+
+void rtp_print_error(err_status_t status, char *message){
+ fprintf(stderr,
+ "error: %s %d%s\n", message, status,
+ status == err_status_replay_fail ? " (replay check failed)" :
+ status == err_status_bad_param ? " (bad param)" :
+ status == err_status_no_ctx ? " (no context)" :
+ status == err_status_cipher_fail ? " (cipher failed)" :
+ status == err_status_key_expired ? " (key expired)" :
+ status == err_status_auth_fail ? " (auth check failed)" : "");
+}
diff --git a/third_party/srtp/test/rtp_decoder.h b/third_party/srtp/test/rtp_decoder.h
new file mode 100644
index 00000000..3a92d8aa
--- /dev/null
+++ b/third_party/srtp/test/rtp_decoder.h
@@ -0,0 +1,119 @@
+/*
+ * rtp_decoder.h
+ *
+ * decoder structures and functions for SRTP pcap decoder
+ *
+ * Bernardo Torres <bernardo@torresautomacao.com.br>
+ *
+ * Some structure and code from https://github.com/gteissier/srtp-decrypt
+ *
+ */
+/*
+ *
+ * Copyright (c) 2001-2006 Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following
+ * disclaimer in the documentation and/or other materials provided
+ * with the distribution.
+ *
+ * Neither the name of the Cisco Systems, Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+
+#ifndef RTP_DECODER_H
+#define RTP_DECODER_H
+
+#include "srtp_priv.h"
+#include "rtp_priv.h"
+#include "rtp.h"
+#include "datatypes.h"
+
+#define DEFAULT_RTP_OFFSET 42
+
+typedef struct rtp_decoder_ctx_t {
+ srtp_policy_t policy;
+ srtp_ctx_t *srtp_ctx;
+ int rtp_offset;
+ struct timeval start_tv;
+ int frame_nr;
+ rtp_msg_t message;
+} rtp_decoder_ctx_t;
+
+typedef struct rtp_decoder_ctx_t *rtp_decoder_t;
+
+/*
+ * error to string
+ */
+
+void rtp_print_error(err_status_t status, char *message);
+
+/*
+ * prints the output of a random buffer in hexadecimal
+ */
+
+void
+hexdump(const void *ptr, size_t size);
+
+/*
+ * the function usage() prints an error message describing how this
+ * program should be called, then calls exit()
+ */
+
+void
+usage(char *prog_name);
+
+/*
+ * transforms base64 key into octet
+ */
+
+char *decode_sdes(char *in, char *out);
+
+/*
+ * pcap handling
+ */
+
+void
+rtp_decoder_handle_pkt(u_char *arg, const struct pcap_pkthdr *hdr,
+ const u_char *bytes);
+
+rtp_decoder_t
+rtp_decoder_alloc(void);
+
+void
+rtp_decoder_dealloc(rtp_decoder_t rtp_ctx);
+
+int
+rtp_decoder_init(rtp_decoder_t dcdr, srtp_policy_t policy);
+
+err_status_t
+rtp_decoder_init_srtp(rtp_decoder_t decoder, unsigned int ssrc);
+
+int
+rtp_decoder_deinit_srtp(rtp_decoder_t decoder);
+
+#endif /* RTP_DECODER_H */
diff --git a/third_party/srtp/test/rtpw.c b/third_party/srtp/test/rtpw.c
index e477a779..9d560b6d 100644
--- a/third_party/srtp/test/rtpw.c
+++ b/third_party/srtp/test/rtpw.c
@@ -51,16 +51,27 @@
*/
+#ifdef HAVE_CONFIG_H
+ #include <config.h>
+#endif
+
#include "datatypes.h"
#include "getopt_s.h" /* for local getopt() */
#include <stdio.h> /* for printf, fprintf */
#include <stdlib.h> /* for atoi() */
#include <errno.h>
-#include <unistd.h> /* for close() */
+#include <signal.h> /* for signal() */
#include <string.h> /* for strncpy() */
#include <time.h> /* for usleep() */
+
+#ifdef HAVE_UNISTD_H
+#include <unistd.h> /* for close() */
+#elif defined(_MSC_VER)
+#include <io.h> /* for _close() */
+#define close _close
+#endif
#ifdef HAVE_SYS_SOCKET_H
# include <sys/socket.h>
#endif
@@ -77,6 +88,7 @@
#include "srtp.h"
#include "rtp.h"
+#include "crypto_kernel.h"
#ifdef RTPW_USE_WINSOCK2
# define DICT_FILE "words.txt"
@@ -86,8 +98,7 @@
#define USEC_RATE (5e5)
#define MAX_WORD_LEN 128
#define ADDR_IS_MULTICAST(a) IN_MULTICAST(htonl(a))
-#define MAX_KEY_LEN 64
-#define MASTER_KEY_LEN 30
+#define MAX_KEY_LEN 96
#ifndef HAVE_USLEEP
@@ -116,6 +127,18 @@ leave_group(int sock, struct ip_mreq mreq, char *name);
/*
+ * setup_signal_handler() sets up a signal handler to trigger
+ * cleanups after an interrupt
+ */
+int setup_signal_handler(char* name);
+
+/*
+ * handle_signal(...) handles interrupt signal to trigger cleanups
+ */
+
+volatile int interrupted = 0;
+
+/*
* program_type distinguishes the [s]rtp sender and receiver cases
*/
@@ -137,7 +160,11 @@ main (int argc, char *argv[]) {
sec_serv_t sec_servs = sec_serv_none;
unsigned char ttl = 5;
int c;
+ int key_size = 128;
+ int tag_size = 8;
+ int gcm_on = 0;
char *input_key = NULL;
+ int b64_input = 0;
char *address = NULL;
char key[MAX_KEY_LEN];
unsigned short port = 0;
@@ -145,6 +172,7 @@ main (int argc, char *argv[]) {
srtp_policy_t policy;
err_status_t status;
int len;
+ int expected_len;
int do_list_mods = 0;
uint32_t ssrc = 0xdeadbeef; /* ssrc value hardcoded for now */
#ifdef RTPW_USE_WINSOCK2
@@ -158,6 +186,12 @@ main (int argc, char *argv[]) {
}
#endif
+ printf("Using %s [0x%x]\n", srtp_get_version_string(), srtp_get_version());
+
+ if (setup_signal_handler(argv[0]) != 0) {
+ exit(1);
+ }
+
/* initialize srtp library */
status = srtp_init();
if (status) {
@@ -167,20 +201,39 @@ main (int argc, char *argv[]) {
/* check args */
while (1) {
- c = getopt_s(argc, argv, "k:rsaeld:");
+ c = getopt_s(argc, argv, "b:k:rsgt:ae:ld:");
if (c == -1) {
break;
}
switch (c) {
+ case 'b':
+ b64_input = 1;
+ /* fall thru */
case 'k':
input_key = optarg_s;
break;
case 'e':
+ key_size = atoi(optarg_s);
+ if (key_size != 128 && key_size != 256) {
+ printf("error: encryption key size must be 128 or 256 (%d)\n", key_size);
+ exit(1);
+ }
sec_servs |= sec_serv_conf;
break;
+ case 't':
+ tag_size = atoi(optarg_s);
+ if (tag_size != 8 && tag_size != 16) {
+ printf("error: GCM tag size must be 8 or 16 (%d)\n", tag_size);
+ exit(1);
+ }
+ break;
case 'a':
sec_servs |= sec_serv_auth;
break;
+ case 'g':
+ gcm_on = 1;
+ sec_servs |= sec_serv_auth;
+ break;
case 'r':
prog_type = receiver;
break;
@@ -263,7 +316,7 @@ main (int argc, char *argv[]) {
err = errno;
#endif
fprintf(stderr, "%s: couldn't open socket: %d\n", argv[0], err);
- exit(1);
+ exit(1);
}
name.sin_addr = rcvr_addr;
@@ -311,16 +364,73 @@ main (int argc, char *argv[]) {
*/
switch (sec_servs) {
case sec_serv_conf_and_auth:
- crypto_policy_set_rtp_default(&policy.rtp);
- crypto_policy_set_rtcp_default(&policy.rtcp);
+ if (gcm_on) {
+#ifdef OPENSSL
+ switch (key_size) {
+ case 128:
+ crypto_policy_set_aes_gcm_128_8_auth(&policy.rtp);
+ crypto_policy_set_aes_gcm_128_8_auth(&policy.rtcp);
+ break;
+ case 256:
+ crypto_policy_set_aes_gcm_256_8_auth(&policy.rtp);
+ crypto_policy_set_aes_gcm_256_8_auth(&policy.rtcp);
+ break;
+ }
+#else
+ printf("error: GCM mode only supported when using the OpenSSL crypto engine.\n");
+ return 0;
+#endif
+ } else {
+ switch (key_size) {
+ case 128:
+ crypto_policy_set_rtp_default(&policy.rtp);
+ crypto_policy_set_rtcp_default(&policy.rtcp);
+ break;
+ case 256:
+ crypto_policy_set_aes_cm_256_hmac_sha1_80(&policy.rtp);
+ crypto_policy_set_rtcp_default(&policy.rtcp);
+ break;
+ }
+ }
break;
case sec_serv_conf:
- crypto_policy_set_aes_cm_128_null_auth(&policy.rtp);
- crypto_policy_set_rtcp_default(&policy.rtcp);
+ if (gcm_on) {
+ printf("error: GCM mode must always be used with auth enabled\n");
+ return -1;
+ } else {
+ switch (key_size) {
+ case 128:
+ crypto_policy_set_aes_cm_128_null_auth(&policy.rtp);
+ crypto_policy_set_rtcp_default(&policy.rtcp);
+ break;
+ case 256:
+ crypto_policy_set_aes_cm_256_null_auth(&policy.rtp);
+ crypto_policy_set_rtcp_default(&policy.rtcp);
+ break;
+ }
+ }
break;
case sec_serv_auth:
- crypto_policy_set_null_cipher_hmac_sha1_80(&policy.rtp);
- crypto_policy_set_rtcp_default(&policy.rtcp);
+ if (gcm_on) {
+#ifdef OPENSSL
+ switch (key_size) {
+ case 128:
+ crypto_policy_set_aes_gcm_128_8_only_auth(&policy.rtp);
+ crypto_policy_set_aes_gcm_128_8_only_auth(&policy.rtcp);
+ break;
+ case 256:
+ crypto_policy_set_aes_gcm_256_8_only_auth(&policy.rtp);
+ crypto_policy_set_aes_gcm_256_8_only_auth(&policy.rtcp);
+ break;
+ }
+#else
+ printf("error: GCM mode only supported when using the OpenSSL crypto engine.\n");
+ return 0;
+#endif
+ } else {
+ crypto_policy_set_null_cipher_hmac_sha1_80(&policy.rtp);
+ crypto_policy_set_rtcp_default(&policy.rtcp);
+ }
break;
default:
printf("error: unknown security service requested\n");
@@ -329,28 +439,45 @@ main (int argc, char *argv[]) {
policy.ssrc.type = ssrc_specific;
policy.ssrc.value = ssrc;
policy.key = (uint8_t *) key;
+ policy.ekt = NULL;
policy.next = NULL;
+ policy.window_size = 128;
+ policy.allow_repeat_tx = 0;
policy.rtp.sec_serv = sec_servs;
policy.rtcp.sec_serv = sec_serv_none; /* we don't do RTCP anyway */
+ if (gcm_on && tag_size != 8) {
+ policy.rtp.auth_tag_len = tag_size;
+ }
+
/*
- * read key from hexadecimal on command line into an octet string
+ * read key from hexadecimal or base64 on command line into an octet string
*/
- len = hex_string_to_octet_string(key, input_key, MASTER_KEY_LEN*2);
-
+ if (b64_input) {
+ int pad;
+ expected_len = (policy.rtp.cipher_key_len*4)/3;
+ len = base64_string_to_octet_string(key, &pad, input_key, expected_len);
+ if (pad != 0) {
+ fprintf(stderr, "error: padding in base64 unexpected\n");
+ exit(1);
+ }
+ } else {
+ expected_len = policy.rtp.cipher_key_len*2;
+ len = hex_string_to_octet_string(key, input_key, expected_len);
+ }
/* check that hex string is the right length */
- if (len < MASTER_KEY_LEN*2) {
+ if (len < expected_len) {
fprintf(stderr,
"error: too few digits in key/salt "
- "(should be %d hexadecimal digits, found %d)\n",
- MASTER_KEY_LEN*2, len);
+ "(should be %d digits, found %d)\n",
+ expected_len, len);
exit(1);
}
- if (strlen(input_key) > MASTER_KEY_LEN*2) {
+ if ((int) strlen(input_key) > policy.rtp.cipher_key_len*2) {
fprintf(stderr,
"error: too many digits in key/salt "
"(should be %d hexadecimal digits, found %u)\n",
- MASTER_KEY_LEN*2, (unsigned)strlen(input_key));
+ policy.rtp.cipher_key_len*2, (unsigned)strlen(input_key));
exit(1);
}
@@ -382,6 +509,9 @@ main (int argc, char *argv[]) {
policy.rtcp.auth_key_len = 0;
policy.rtcp.auth_tag_len = 0;
policy.rtcp.sec_serv = sec_serv_none;
+ policy.window_size = 0;
+ policy.allow_repeat_tx = 0;
+ policy.ekt = NULL;
policy.next = NULL;
}
@@ -426,7 +556,7 @@ main (int argc, char *argv[]) {
}
/* read words from dictionary, then send them off */
- while (fgets(word, MAX_WORD_LEN, dict) != NULL) {
+ while (!interrupted && fgets(word, MAX_WORD_LEN, dict) != NULL) {
len = strlen(word) + 1; /* plus one for null */
if (len > MAX_WORD_LEN)
@@ -437,7 +567,11 @@ main (int argc, char *argv[]) {
}
usleep(USEC_RATE);
}
-
+
+ rtp_sender_deinit_srtp(snd);
+ rtp_sender_dealloc(snd);
+
+ fclose(dict);
} else { /* prog_type == receiver */
rtp_receiver_t rcvr;
@@ -466,12 +600,14 @@ main (int argc, char *argv[]) {
}
/* get next word and loop */
- while (1) {
+ while (!interrupted) {
len = MAX_WORD_LEN;
if (rtp_recvfrom(rcvr, word, &len) > -1)
- printf("\tword: %s", word);
+ printf("\tword: %s\n", word);
}
+ rtp_receiver_deinit_srtp(rcvr);
+ rtp_receiver_dealloc(rcvr);
}
if (ADDR_IS_MULTICAST(rcvr_addr.s_addr)) {
@@ -479,6 +615,22 @@ main (int argc, char *argv[]) {
}
#ifdef RTPW_USE_WINSOCK2
+ ret = closesocket(sock);
+#else
+ ret = close(sock);
+#endif
+ if (ret < 0) {
+ fprintf(stderr, "%s: Failed to close socket", argv[0]);
+ perror("");
+ }
+
+ status = srtp_shutdown();
+ if (status) {
+ printf("error: srtp shutdown failed with error code %d\n", status);
+ exit(1);
+ }
+
+#ifdef RTPW_USE_WINSOCK2
WSACleanup();
#endif
@@ -493,8 +645,11 @@ usage(char *string) {
"[-s | -r] dest_ip dest_port\n"
"or %s -l\n"
"where -a use message authentication\n"
- " -e use encryption\n"
- " -k <key> sets the srtp master key\n"
+ " -e <key size> use encryption (use 128 or 256 for key size)\n"
+ " -g Use AES-GCM mode (must be used with -e)\n"
+ " -t <tag size> Tag size to use in GCM mode (use 8 or 16)\n"
+ " -k <key> sets the srtp master key given in hexadecimal\n"
+ " -b <key> sets the srtp master key given in base64\n"
" -s act as rtp sender\n"
" -r act as rtp receiver\n"
" -l list debug modules\n"
@@ -517,3 +672,41 @@ leave_group(int sock, struct ip_mreq mreq, char *name) {
}
}
+void handle_signal(int signum)
+{
+ interrupted = 1;
+ /* Reset handler explicitly, in case we don't have sigaction() (and signal()
+ has BSD semantics), or we don't have SA_RESETHAND */
+ signal(signum, SIG_DFL);
+}
+
+int setup_signal_handler(char* name)
+{
+#if HAVE_SIGACTION
+ struct sigaction act;
+ memset(&act, 0, sizeof(act));
+
+ act.sa_handler = handle_signal;
+ sigemptyset(&act.sa_mask);
+#if defined(SA_RESETHAND)
+ act.sa_flags = SA_RESETHAND;
+#else
+ act.sa_flags = 0;
+#endif
+ /* Note that we're not setting SA_RESTART; we want recvfrom to return
+ * EINTR when we signal the receiver. */
+
+ if (sigaction(SIGTERM, &act, NULL) != 0) {
+ fprintf(stderr, "%s: error setting up signal handler", name);
+ perror("");
+ return -1;
+ }
+#else
+ if (signal(SIGTERM, handle_signal) == SIG_ERR) {
+ fprintf(stderr, "%s: error setting up signal handler", name);
+ perror("");
+ return -1;
+ }
+#endif
+ return 0;
+}
diff --git a/third_party/srtp/test/rtpw_test.sh b/third_party/srtp/test/rtpw_test.sh
index f82e9370..d5808aba 100644
--- a/third_party/srtp/test/rtpw_test.sh
+++ b/third_party/srtp/test/rtpw_test.sh
@@ -3,14 +3,47 @@
# usage: rtpw_test <rtpw_commands>
#
# tests the rtpw sender and receiver functions
-
-RTPW=rtpw
+#
+# Copyright (c) 2001-2006, Cisco Systems, Inc.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#
+# Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+#
+# Neither the name of the Cisco Systems, Inc. nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+# COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+# INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+# OF THE POSSIBILITY OF SUCH DAMAGE.
+#
+
+RTPW=./rtpw
DEST_PORT=9999
DURATION=3
-key=2b2edc5034f61a72345ca5986d7bfd0189aa6dc2ecab32fd9af74df6dfc6
+key=Ky7cUDT2GnI0XKWYbXv9AYmqbcLsqzL9mvdN9t/G
-ARGS="-k $key -ae"
+ARGS="-b $key -a -e 128"
# First, we run "killall" to get rid of all existing rtpw processes.
# This step also enables this script to clean up after itself; if this
@@ -18,7 +51,7 @@ ARGS="-k $key -ae"
# they are killed, those processes will linger. Re-running the script
# will get rid of them.
-killall rtpw 2&>/dev/null
+killall rtpw 2>/dev/null
if test -x $RTPW; then
@@ -63,6 +96,58 @@ sleep $DURATION
kill $receiver_pid
kill $sender_pid
+wait $receiver_pid
+wait $sender_pid
+
+
+key=033490ba9e82994fc21013395739038992b2edc5034f61a72345ca598d7bfd0189aa6dc2ecab32fd9af74df6dfc6
+
+ARGS="-k $key -a -e 256"
+
+echo $0 ": starting rtpw receiver process... "
+
+$RTPW $* $ARGS -r 0.0.0.0 $DEST_PORT &
+
+receiver_pid=$!
+
+echo $0 ": receiver PID = $receiver_pid"
+
+sleep 1
+
+# verify that the background job is running
+ps | grep -q $receiver_pid
+retval=$?
+echo $retval
+if [ $retval != 0 ]; then
+ echo $0 ": error"
+ exit 254
+fi
+
+echo $0 ": starting rtpw sender process..."
+
+$RTPW $* $ARGS -s 127.0.0.1 $DEST_PORT &
+
+sender_pid=$!
+
+echo $0 ": sender PID = $sender_pid"
+
+# verify that the background job is running
+ps | grep -q $sender_pid
+retval=$?
+echo $retval
+if [ $retval != 0 ]; then
+ echo $0 ": error"
+ exit 255
+fi
+
+sleep $DURATION
+
+kill $receiver_pid
+kill $sender_pid
+
+wait $receiver_pid
+wait $sender_pid
+
echo $0 ": done (test passed)"
else
diff --git a/third_party/srtp/test/rtpw_test_gcm.sh b/third_party/srtp/test/rtpw_test_gcm.sh
new file mode 100644
index 00000000..6e58b6c8
--- /dev/null
+++ b/third_party/srtp/test/rtpw_test_gcm.sh
@@ -0,0 +1,237 @@
+#!/bin/sh
+#
+# usage: rtpw_test <rtpw_commands>
+#
+# tests the rtpw sender and receiver functions
+#
+# Copyright (c) 2001-2006, Cisco Systems, Inc.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#
+# Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+#
+# Neither the name of the Cisco Systems, Inc. nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+# COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+# INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+# OF THE POSSIBILITY OF SUCH DAMAGE.
+#
+
+RTPW=./rtpw
+DEST_PORT=9999
+DURATION=3
+
+# First, we run "killall" to get rid of all existing rtpw processes.
+# This step also enables this script to clean up after itself; if this
+# script is interrupted after the rtpw processes are started but before
+# they are killed, those processes will linger. Re-running the script
+# will get rid of them.
+
+killall rtpw 2>/dev/null
+
+if test -x $RTPW; then
+
+GCMARGS128="-k 01234567890123456789012345678901234567890123456789012345 -g -e 128"
+echo $0 ": starting GCM mode 128-bit rtpw receiver process... "
+
+exec $RTPW $* $GCMARGS128 -r 127.0.0.1 $DEST_PORT &
+
+receiver_pid=$!
+
+echo $0 ": receiver PID = $receiver_pid"
+
+sleep 1
+
+# verify that the background job is running
+ps | grep -q $receiver_pid
+retval=$?
+echo $retval
+if [ $retval != 0 ]; then
+ echo $0 ": error"
+ exit 254
+fi
+
+echo $0 ": starting GCM 128-bit rtpw sender process..."
+
+exec $RTPW $* $GCMARGS128 -s 127.0.0.1 $DEST_PORT &
+
+sender_pid=$!
+
+echo $0 ": sender PID = $sender_pid"
+
+# verify that the background job is running
+ps | grep -q $sender_pid
+retval=$?
+echo $retval
+if [ $retval != 0 ]; then
+ echo $0 ": error"
+ exit 255
+fi
+
+sleep $DURATION
+
+kill $receiver_pid
+kill $sender_pid
+
+GCMARGS128="-k 01234567890123456789012345678901234567890123456789012345 -g -t 16 -e 128"
+echo $0 ": starting GCM mode 128-bit (16 byte tag) rtpw receiver process... "
+
+exec $RTPW $* $GCMARGS128 -r 127.0.0.1 $DEST_PORT &
+
+receiver_pid=$!
+
+echo $0 ": receiver PID = $receiver_pid"
+
+sleep 1
+
+# verify that the background job is running
+ps | grep -q $receiver_pid
+retval=$?
+echo $retval
+if [ $retval != 0 ]; then
+ echo $0 ": error"
+ exit 254
+fi
+
+echo $0 ": starting GCM 128-bit (16 byte tag) rtpw sender process..."
+
+exec $RTPW $* $GCMARGS128 -s 127.0.0.1 $DEST_PORT &
+
+sender_pid=$!
+
+echo $0 ": sender PID = $sender_pid"
+
+# verify that the background job is running
+ps | grep -q $sender_pid
+retval=$?
+echo $retval
+if [ $retval != 0 ]; then
+ echo $0 ": error"
+ exit 255
+fi
+
+sleep $DURATION
+
+kill $receiver_pid
+kill $sender_pid
+
+
+
+GCMARGS256="-k 0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567 -g -e 256"
+echo $0 ": starting GCM mode 256-bit rtpw receiver process... "
+
+exec $RTPW $* $GCMARGS256 -r 127.0.0.1 $DEST_PORT &
+
+receiver_pid=$!
+
+echo $0 ": receiver PID = $receiver_pid"
+
+sleep 1
+
+# verify that the background job is running
+ps | grep -q $receiver_pid
+retval=$?
+echo $retval
+if [ $retval != 0 ]; then
+ echo $0 ": error"
+ exit 254
+fi
+
+echo $0 ": starting GCM 256-bit rtpw sender process..."
+
+exec $RTPW $* $GCMARGS256 -s 127.0.0.1 $DEST_PORT &
+
+sender_pid=$!
+
+echo $0 ": sender PID = $sender_pid"
+
+# verify that the background job is running
+ps | grep -q $sender_pid
+retval=$?
+echo $retval
+if [ $retval != 0 ]; then
+ echo $0 ": error"
+ exit 255
+fi
+
+sleep $DURATION
+
+kill $receiver_pid
+kill $sender_pid
+
+
+GCMARGS256="-k a123456789012345678901234567890123456789012345678901234567890123456789012345678901234567 -g -t 16 -e 256"
+echo $0 ": starting GCM mode 256-bit (16 byte tag) rtpw receiver process... "
+
+exec $RTPW $* $GCMARGS256 -r 127.0.0.1 $DEST_PORT &
+
+receiver_pid=$!
+
+echo $0 ": receiver PID = $receiver_pid"
+
+sleep 1
+
+# verify that the background job is running
+ps | grep -q $receiver_pid
+retval=$?
+echo $retval
+if [ $retval != 0 ]; then
+ echo $0 ": error"
+ exit 254
+fi
+
+echo $0 ": starting GCM 256-bit (16 byte tag) rtpw sender process..."
+
+exec $RTPW $* $GCMARGS256 -s 127.0.0.1 $DEST_PORT &
+
+sender_pid=$!
+
+echo $0 ": sender PID = $sender_pid"
+
+# verify that the background job is running
+ps | grep -q $sender_pid
+retval=$?
+echo $retval
+if [ $retval != 0 ]; then
+ echo $0 ": error"
+ exit 255
+fi
+
+sleep $DURATION
+
+kill $receiver_pid
+kill $sender_pid
+
+
+echo $0 ": done (test passed)"
+
+else
+
+echo "error: can't find executable" $RTPW
+exit 1
+
+fi
+
+# EOF
+
+
diff --git a/third_party/srtp/test/srtp_driver.c b/third_party/srtp/test/srtp_driver.c
index 12d1c8c2..88729717 100644
--- a/third_party/srtp/test/srtp_driver.c
+++ b/third_party/srtp/test/srtp_driver.c
@@ -63,9 +63,15 @@ err_status_t
srtp_validate(void);
err_status_t
+srtp_validate_aes_256(void);
+
+err_status_t
srtp_create_big_policy(srtp_policy_t **list);
err_status_t
+srtp_dealloc_big_policy(srtp_policy_t *list);
+
+err_status_t
srtp_test_remove_stream(void);
double
@@ -98,7 +104,7 @@ srtp_packet_to_string(srtp_hdr_t *hdr, int packet_len);
double
mips_estimate(int num_trials, int *ignore);
-extern uint8_t test_key[30];
+extern uint8_t test_key[46];
void
usage(char *prog_name) {
@@ -138,7 +144,7 @@ debug_module_t mod_driver = {
int
main (int argc, char *argv[]) {
- char q;
+ int q;
unsigned do_timing_test = 0;
unsigned do_rejection_test = 0;
unsigned do_codec_timing = 0;
@@ -153,7 +159,7 @@ main (int argc, char *argv[]) {
if (sizeof(srtp_hdr_t) != 12) {
printf("error: srtp_hdr_t has incorrect size"
"(size is %ld bytes, expected 12)\n",
- sizeof(srtp_hdr_t));
+ (long)sizeof(srtp_hdr_t));
exit(1);
}
@@ -253,6 +259,11 @@ main (int argc, char *argv[]) {
printf("failed\n");
exit(1);
}
+ status = srtp_dealloc_big_policy(big_policy);
+ if (status) {
+ printf("unexpected failure with error code %d\n", status);
+ exit(1);
+ }
/* run test on wildcard policy */
printf("testing srtp_protect and srtp_unprotect on "
@@ -277,6 +288,22 @@ main (int argc, char *argv[]) {
exit(1);
}
+//FIXME: need to get this working with the OpenSSL AES module
+#ifndef OPENSSL
+ /*
+ * run validation test against the reference packets for
+ * AES-256
+ */
+ printf("testing srtp_protect and srtp_unprotect against "
+ "reference packets (AES-256)\n");
+ if (srtp_validate_aes_256() == err_status_ok)
+ printf("passed\n\n");
+ else {
+ printf("failed\n");
+ exit(1);
+ }
+#endif
+
/*
* test the function srtp_remove_stream()
*/
@@ -321,6 +348,9 @@ main (int argc, char *argv[]) {
policy.ssrc.type = ssrc_specific;
policy.ssrc.value = 0xdecafbad;
policy.key = test_key;
+ policy.ekt = NULL;
+ policy.window_size = 128;
+ policy.allow_repeat_tx = 0;
policy.next = NULL;
printf("mips estimate: %e\n", mips);
@@ -353,6 +383,12 @@ main (int argc, char *argv[]) {
srtp_bits_per_second(640, &policy) / .02 );
}
+ status = srtp_shutdown();
+ if (status) {
+ printf("error: srtp shutdown failed with error code %d\n", status);
+ exit(1);
+ }
+
return 0;
}
@@ -492,7 +528,6 @@ srtp_bits_per_second(int msg_len_octets, const srtp_policy_t *policy) {
timer = clock();
for (i=0; i < num_trials; i++) {
- err_status_t status;
len = msg_len_octets + 12; /* add in rtp header length */
/* srtp protect message */
@@ -503,12 +538,21 @@ srtp_bits_per_second(int msg_len_octets, const srtp_policy_t *policy) {
}
/* increment message number */
- mesg->seq = htons(ntohs(mesg->seq) + 1);
-
+ {
+ /* hack sequence to avoid problems with macros for htons/ntohs on some systems */
+ short new_seq = ntohs(mesg->seq) + 1;
+ mesg->seq = htons(new_seq);
+ }
}
timer = clock() - timer;
free(mesg);
+
+ status = srtp_dealloc(srtp);
+ if (status) {
+ printf("error: srtp_dealloc() failed with error code %d\n", status);
+ exit(1);
+ }
return (double) (msg_len_octets) * 8 *
num_trials * CLOCKS_PER_SEC / timer;
@@ -549,7 +593,13 @@ srtp_rejections_per_second(int msg_len_octets, const srtp_policy_t *policy) {
timer = clock() - timer;
free(mesg);
-
+
+ status = srtp_dealloc(srtp);
+ if (status) {
+ printf("error: srtp_dealloc() failed with error code %d\n", status);
+ exit(1);
+ }
+
return (double) num_trials * CLOCKS_PER_SEC / timer;
}
@@ -678,8 +728,11 @@ srtp_test(const srtp_policy_t *policy) {
* the compiler would fret about the constness of the policy
*/
rcvr_policy = (srtp_policy_t*) malloc(sizeof(srtp_policy_t));
- if (rcvr_policy == NULL)
+ if (rcvr_policy == NULL) {
+ free(hdr);
+ free(hdr2);
return err_status_alloc_fail;
+ }
memcpy(rcvr_policy, policy, sizeof(srtp_policy_t));
if (policy->ssrc.type == ssrc_any_outbound) {
rcvr_policy->ssrc.type = ssrc_any_inbound;
@@ -701,6 +754,7 @@ srtp_test(const srtp_policy_t *policy) {
if (status) {
free(hdr);
free(hdr2);
+ free(rcvr_policy);
return status;
}
@@ -721,6 +775,7 @@ srtp_test(const srtp_policy_t *policy) {
printf("failed with error code %d\n", status);
free(hdr);
free(hdr2);
+ free(rcvr_policy);
return status;
} else {
printf("passed\n");
@@ -746,6 +801,7 @@ srtp_test(const srtp_policy_t *policy) {
printf("failed\n");
free(hdr);
free(hdr2);
+ free(rcvr_policy);
return status;
} else {
printf("passed\n");
@@ -758,6 +814,7 @@ srtp_test(const srtp_policy_t *policy) {
free(hdr);
free(hdr2);
+ free(rcvr_policy);
return err_status_ok;
}
@@ -900,6 +957,7 @@ srtcp_test(const srtp_policy_t *policy) {
if (status) {
free(hdr);
free(hdr2);
+ free(rcvr_policy);
return status;
}
@@ -920,6 +978,7 @@ srtcp_test(const srtp_policy_t *policy) {
printf("failed with error code %d\n", status);
free(hdr);
free(hdr2);
+ free(rcvr_policy);
return status;
} else {
printf("passed\n");
@@ -945,6 +1004,7 @@ srtcp_test(const srtp_policy_t *policy) {
printf("failed\n");
free(hdr);
free(hdr2);
+ free(rcvr_policy);
return status;
} else {
printf("passed\n");
@@ -957,6 +1017,7 @@ srtcp_test(const srtp_policy_t *policy) {
free(hdr);
free(hdr2);
+ free(rcvr_policy);
return err_status_ok;
}
@@ -989,14 +1050,18 @@ srtp_session_print_policy(srtp_t srtp) {
"# rtp services: %s\r\n"
"# rtcp cipher: %s\r\n"
"# rtcp auth: %s\r\n"
- "# rtcp services: %s\r\n",
+ "# rtcp services: %s\r\n"
+ "# window size: %lu\r\n"
+ "# tx rtx allowed:%s\r\n",
direction[stream->direction],
stream->rtp_cipher->type->description,
stream->rtp_auth->type->description,
serv_descr[stream->rtp_services],
stream->rtcp_cipher->type->description,
stream->rtcp_auth->type->description,
- serv_descr[stream->rtcp_services]);
+ serv_descr[stream->rtcp_services],
+ rdbx_get_window_size(&stream->rtp_rdbx),
+ stream->allow_repeat_tx ? "true" : "false");
}
/* loop over streams in session, printing the policy of each */
@@ -1011,14 +1076,18 @@ srtp_session_print_policy(srtp_t srtp) {
"# rtp services: %s\r\n"
"# rtcp cipher: %s\r\n"
"# rtcp auth: %s\r\n"
- "# rtcp services: %s\r\n",
+ "# rtcp services: %s\r\n"
+ "# window size: %lu\r\n"
+ "# tx rtx allowed:%s\r\n",
stream->ssrc,
stream->rtp_cipher->type->description,
stream->rtp_auth->type->description,
serv_descr[stream->rtp_services],
stream->rtcp_cipher->type->description,
stream->rtcp_auth->type->description,
- serv_descr[stream->rtcp_services]);
+ serv_descr[stream->rtcp_services],
+ rdbx_get_window_size(&stream->rtp_rdbx),
+ stream->allow_repeat_tx ? "true" : "false");
/* advance to next stream in the list */
stream = stream->next;
@@ -1108,7 +1177,7 @@ srtp_packet_to_string(srtp_hdr_t *hdr, int pkt_octet_len) {
double
mips_estimate(int num_trials, int *ignore) {
clock_t t;
- int i, sum;
+ volatile int i, sum;
sum = 0;
t = clock();
@@ -1132,12 +1201,6 @@ mips_estimate(int num_trials, int *ignore) {
err_status_t
srtp_validate() {
- unsigned char test_key[30] = {
- 0xe1, 0xf9, 0x7a, 0x0d, 0x3e, 0x01, 0x8b, 0xe0,
- 0xd6, 0x4f, 0xa3, 0x2c, 0x06, 0xde, 0x41, 0x39,
- 0x0e, 0xc6, 0x75, 0xad, 0x49, 0x8a, 0xfe, 0xeb,
- 0xb6, 0x96, 0x0b, 0x3a, 0xab, 0xe6
- };
uint8_t srtp_plaintext_ref[28] = {
0x80, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
0xca, 0xfe, 0xba, 0xbe, 0xab, 0xab, 0xab, 0xab,
@@ -1172,6 +1235,9 @@ srtp_validate() {
policy.ssrc.type = ssrc_specific;
policy.ssrc.value = 0xcafebabe;
policy.key = test_key;
+ policy.ekt = NULL;
+ policy.window_size = 128;
+ policy.allow_repeat_tx = 0;
policy.next = NULL;
status = srtp_create(&srtp_snd, &policy);
@@ -1213,6 +1279,122 @@ srtp_validate() {
if (octet_string_is_eq(srtp_ciphertext, srtp_plaintext_ref, len))
return err_status_fail;
+ status = srtp_dealloc(srtp_snd);
+ if (status)
+ return status;
+
+ status = srtp_dealloc(srtp_recv);
+ if (status)
+ return status;
+
+ return err_status_ok;
+}
+
+
+/*
+ * srtp_validate_aes_256() verifies the correctness of libsrtp by comparing
+ * some computed packets against some pre-computed reference values.
+ * These packets were made with the AES-CM-256/HMAC-SHA-1-80 policy.
+ */
+
+
+err_status_t
+srtp_validate_aes_256() {
+ unsigned char aes_256_test_key[46] = {
+ 0xf0, 0xf0, 0x49, 0x14, 0xb5, 0x13, 0xf2, 0x76,
+ 0x3a, 0x1b, 0x1f, 0xa1, 0x30, 0xf1, 0x0e, 0x29,
+ 0x98, 0xf6, 0xf6, 0xe4, 0x3e, 0x43, 0x09, 0xd1,
+ 0xe6, 0x22, 0xa0, 0xe3, 0x32, 0xb9, 0xf1, 0xb6,
+
+ 0x3b, 0x04, 0x80, 0x3d, 0xe5, 0x1e, 0xe7, 0xc9,
+ 0x64, 0x23, 0xab, 0x5b, 0x78, 0xd2
+ };
+ uint8_t srtp_plaintext_ref[28] = {
+ 0x80, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
+ 0xca, 0xfe, 0xba, 0xbe, 0xab, 0xab, 0xab, 0xab,
+ 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
+ 0xab, 0xab, 0xab, 0xab
+ };
+ uint8_t srtp_plaintext[38] = {
+ 0x80, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
+ 0xca, 0xfe, 0xba, 0xbe, 0xab, 0xab, 0xab, 0xab,
+ 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
+ 0xab, 0xab, 0xab, 0xab, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ };
+ uint8_t srtp_ciphertext[38] = {
+ 0x80, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
+ 0xca, 0xfe, 0xba, 0xbe, 0xf1, 0xd9, 0xde, 0x17,
+ 0xff, 0x25, 0x1f, 0xf1, 0xaa, 0x00, 0x77, 0x74,
+ 0xb0, 0xb4, 0xb4, 0x0d, 0xa0, 0x8d, 0x9d, 0x9a,
+ 0x5b, 0x3a, 0x55, 0xd8, 0x87, 0x3b
+ };
+ srtp_t srtp_snd, srtp_recv;
+ err_status_t status;
+ int len;
+ srtp_policy_t policy;
+
+ /*
+ * create a session with a single stream using the default srtp
+ * policy and with the SSRC value 0xcafebabe
+ */
+ crypto_policy_set_aes_cm_256_hmac_sha1_80(&policy.rtp);
+ crypto_policy_set_aes_cm_256_hmac_sha1_80(&policy.rtcp);
+ policy.ssrc.type = ssrc_specific;
+ policy.ssrc.value = 0xcafebabe;
+ policy.key = aes_256_test_key;
+ policy.ekt = NULL;
+ policy.window_size = 128;
+ policy.allow_repeat_tx = 0;
+ policy.next = NULL;
+
+ status = srtp_create(&srtp_snd, &policy);
+ if (status)
+ return status;
+
+ /*
+ * protect plaintext, then compare with ciphertext
+ */
+ len = 28;
+ status = srtp_protect(srtp_snd, srtp_plaintext, &len);
+ if (status || (len != 38))
+ return err_status_fail;
+
+ debug_print(mod_driver, "ciphertext:\n %s",
+ octet_string_hex_string(srtp_plaintext, len));
+ debug_print(mod_driver, "ciphertext reference:\n %s",
+ octet_string_hex_string(srtp_ciphertext, len));
+
+ if (octet_string_is_eq(srtp_plaintext, srtp_ciphertext, len))
+ return err_status_fail;
+
+ /*
+ * create a receiver session context comparable to the one created
+ * above - we need to do this so that the replay checking doesn't
+ * complain
+ */
+ status = srtp_create(&srtp_recv, &policy);
+ if (status)
+ return status;
+
+ /*
+ * unprotect ciphertext, then compare with plaintext
+ */
+ status = srtp_unprotect(srtp_recv, srtp_ciphertext, &len);
+ if (status || (len != 28))
+ return status;
+
+ if (octet_string_is_eq(srtp_ciphertext, srtp_plaintext_ref, len))
+ return err_status_fail;
+
+ status = srtp_dealloc(srtp_snd);
+ if (status)
+ return status;
+
+ status = srtp_dealloc(srtp_recv);
+ if (status)
+ return status;
+
return err_status_ok;
}
@@ -1250,9 +1432,22 @@ srtp_create_big_policy(srtp_policy_t **list) {
}
err_status_t
+srtp_dealloc_big_policy(srtp_policy_t *list) {
+ srtp_policy_t *p, *next;
+
+ for (p = list; p != NULL; p = next) {
+ next = p->next;
+ free(p);
+ }
+
+ return err_status_ok;
+}
+
+
+err_status_t
srtp_test_remove_stream() {
err_status_t status;
- srtp_policy_t *policy_list;
+ srtp_policy_t *policy_list, policy;
srtp_t session;
srtp_stream_t stream;
/*
@@ -1293,6 +1488,41 @@ srtp_test_remove_stream() {
if (stream == NULL)
return err_status_fail;
+ status = srtp_dealloc(session);
+ if (status != err_status_ok)
+ return status;
+
+ status = srtp_dealloc_big_policy(policy_list);
+ if (status != err_status_ok)
+ return status;
+
+ /* Now test adding and removing a single stream */
+ crypto_policy_set_rtp_default(&policy.rtp);
+ crypto_policy_set_rtcp_default(&policy.rtcp);
+ policy.ssrc.type = ssrc_specific;
+ policy.ssrc.value = 0xcafebabe;
+ policy.key = test_key;
+ policy.ekt = NULL;
+ policy.window_size = 128;
+ policy.allow_repeat_tx = 0;
+ policy.next = NULL;
+
+ status = srtp_create(&session, NULL);
+ if (status != err_status_ok)
+ return status;
+
+ status = srtp_add_stream(session, &policy);
+ if (status != err_status_ok)
+ return status;
+
+ status = srtp_remove_stream(session, htonl(0xcafebabe));
+ if (status != err_status_ok)
+ return status;
+
+ status = srtp_dealloc(session);
+ if (status != err_status_ok)
+ return status;
+
return err_status_ok;
}
@@ -1300,10 +1530,12 @@ srtp_test_remove_stream() {
* srtp policy definitions - these definitions are used above
*/
-unsigned char test_key[30] = {
+unsigned char test_key[46] = {
0xe1, 0xf9, 0x7a, 0x0d, 0x3e, 0x01, 0x8b, 0xe0,
0xd6, 0x4f, 0xa3, 0x2c, 0x06, 0xde, 0x41, 0x39,
0x0e, 0xc6, 0x75, 0xad, 0x49, 0x8a, 0xfe, 0xeb,
+ 0xb6, 0x96, 0x0b, 0x3a, 0xab, 0xe6, 0xc1, 0x73,
+ 0xc3, 0x17, 0xf2, 0xda, 0xbe, 0x35, 0x77, 0x93,
0xb6, 0x96, 0x0b, 0x3a, 0xab, 0xe6
};
@@ -1327,6 +1559,9 @@ const srtp_policy_t default_policy = {
sec_serv_conf_and_auth /* security services flag */
},
test_key,
+ NULL, /* indicates that EKT is not in use */
+ 128, /* replay window size */
+ 0, /* retransmission not allowed */
NULL
};
@@ -1349,6 +1584,9 @@ const srtp_policy_t aes_tmmh_policy = {
sec_serv_conf_and_auth /* security services flag */
},
test_key,
+ NULL, /* indicates that EKT is not in use */
+ 128, /* replay window size */
+ 0, /* retransmission not allowed */
NULL
};
@@ -1371,6 +1609,9 @@ const srtp_policy_t tmmh_only_policy = {
sec_serv_auth /* security services flag */
},
test_key,
+ NULL, /* indicates that EKT is not in use */
+ 128, /* replay window size */
+ 0, /* retransmission not allowed */
NULL
};
@@ -1393,6 +1634,9 @@ const srtp_policy_t aes_only_policy = {
sec_serv_conf /* security services flag */
},
test_key,
+ NULL, /* indicates that EKT is not in use */
+ 128, /* replay window size */
+ 0, /* retransmission not allowed */
NULL
};
@@ -1415,9 +1659,114 @@ const srtp_policy_t hmac_only_policy = {
sec_serv_auth /* security services flag */
},
test_key,
+ NULL, /* indicates that EKT is not in use */
+ 128, /* replay window size */
+ 0, /* retransmission not allowed */
NULL
};
+#ifdef OPENSSL
+const srtp_policy_t aes128_gcm_8_policy = {
+ { ssrc_any_outbound, 0 }, /* SSRC */
+ { /* SRTP policy */
+ AES_128_GCM, /* cipher type */
+ AES_128_GCM_KEYSIZE_WSALT, /* cipher key length in octets */
+ NULL_AUTH, /* authentication func type */
+ 0, /* auth key length in octets */
+ 8, /* auth tag length in octets */
+ sec_serv_conf_and_auth /* security services flag */
+ },
+ { /* SRTCP policy */
+ AES_128_GCM, /* cipher type */
+ AES_128_GCM_KEYSIZE_WSALT, /* cipher key length in octets */
+ NULL_AUTH, /* authentication func type */
+ 0, /* auth key length in octets */
+ 8, /* auth tag length in octets */
+ sec_serv_conf_and_auth /* security services flag */
+ },
+ test_key,
+ NULL, /* indicates that EKT is not in use */
+ 128, /* replay window size */
+ 0, /* retransmission not allowed */
+ NULL
+};
+
+const srtp_policy_t aes128_gcm_8_cauth_policy = {
+ { ssrc_any_outbound, 0 }, /* SSRC */
+ { /* SRTP policy */
+ AES_128_GCM, /* cipher type */
+ AES_128_GCM_KEYSIZE_WSALT, /* cipher key length in octets */
+ NULL_AUTH, /* authentication func type */
+ 0, /* auth key length in octets */
+ 8, /* auth tag length in octets */
+ sec_serv_conf_and_auth /* security services flag */
+ },
+ { /* SRTCP policy */
+ AES_128_GCM, /* cipher type */
+ AES_128_GCM_KEYSIZE_WSALT, /* cipher key length in octets */
+ NULL_AUTH, /* authentication func type */
+ 0, /* auth key length in octets */
+ 8, /* auth tag length in octets */
+ sec_serv_auth /* security services flag */
+ },
+ test_key,
+ NULL, /* indicates that EKT is not in use */
+ 128, /* replay window size */
+ 0, /* retransmission not allowed */
+ NULL
+};
+
+const srtp_policy_t aes256_gcm_8_policy = {
+ { ssrc_any_outbound, 0 }, /* SSRC */
+ { /* SRTP policy */
+ AES_256_GCM, /* cipher type */
+ AES_256_GCM_KEYSIZE_WSALT, /* cipher key length in octets */
+ NULL_AUTH, /* authentication func type */
+ 0, /* auth key length in octets */
+ 8, /* auth tag length in octets */
+ sec_serv_conf_and_auth /* security services flag */
+ },
+ { /* SRTCP policy */
+ AES_256_GCM, /* cipher type */
+ AES_256_GCM_KEYSIZE_WSALT, /* cipher key length in octets */
+ NULL_AUTH, /* authentication func type */
+ 0, /* auth key length in octets */
+ 8, /* auth tag length in octets */
+ sec_serv_conf_and_auth /* security services flag */
+ },
+ test_key,
+ NULL, /* indicates that EKT is not in use */
+ 128, /* replay window size */
+ 0, /* retransmission not allowed */
+ NULL
+};
+
+const srtp_policy_t aes256_gcm_8_cauth_policy = {
+ { ssrc_any_outbound, 0 }, /* SSRC */
+ { /* SRTP policy */
+ AES_256_GCM, /* cipher type */
+ AES_256_GCM_KEYSIZE_WSALT, /* cipher key length in octets */
+ NULL_AUTH, /* authentication func type */
+ 0, /* auth key length in octets */
+ 8, /* auth tag length in octets */
+ sec_serv_conf_and_auth /* security services flag */
+ },
+ { /* SRTCP policy */
+ AES_256_GCM, /* cipher type */
+ AES_256_GCM_KEYSIZE_WSALT, /* cipher key length in octets */
+ NULL_AUTH, /* authentication func type */
+ 0, /* auth key length in octets */
+ 8, /* auth tag length in octets */
+ sec_serv_auth /* security services flag */
+ },
+ test_key,
+ NULL, /* indicates that EKT is not in use */
+ 128, /* replay window size */
+ 0, /* retransmission not allowed */
+ NULL
+};
+#endif
+
const srtp_policy_t null_policy = {
{ ssrc_any_outbound, 0 }, /* SSRC */
{
@@ -1437,6 +1786,83 @@ const srtp_policy_t null_policy = {
sec_serv_none /* security services flag */
},
test_key,
+ NULL, /* indicates that EKT is not in use */
+ 128, /* replay window size */
+ 0, /* retransmission not allowed */
+ NULL
+};
+
+unsigned char test_256_key[46] = {
+ 0xf0, 0xf0, 0x49, 0x14, 0xb5, 0x13, 0xf2, 0x76,
+ 0x3a, 0x1b, 0x1f, 0xa1, 0x30, 0xf1, 0x0e, 0x29,
+ 0x98, 0xf6, 0xf6, 0xe4, 0x3e, 0x43, 0x09, 0xd1,
+ 0xe6, 0x22, 0xa0, 0xe3, 0x32, 0xb9, 0xf1, 0xb6,
+
+ 0x3b, 0x04, 0x80, 0x3d, 0xe5, 0x1e, 0xe7, 0xc9,
+ 0x64, 0x23, 0xab, 0x5b, 0x78, 0xd2
+};
+
+const srtp_policy_t aes_256_hmac_policy = {
+ { ssrc_any_outbound, 0 }, /* SSRC */
+ { /* SRTP policy */
+ AES_ICM, /* cipher type */
+ 46, /* cipher key length in octets */
+ HMAC_SHA1, /* authentication func type */
+ 20, /* auth key length in octets */
+ 10, /* auth tag length in octets */
+ sec_serv_conf_and_auth /* security services flag */
+ },
+ { /* SRTCP policy */
+ AES_ICM, /* cipher type */
+ 46, /* cipher key length in octets */
+ HMAC_SHA1, /* authentication func type */
+ 20, /* auth key length in octets */
+ 10, /* auth tag length in octets */
+ sec_serv_conf_and_auth /* security services flag */
+ },
+ test_256_key,
+ NULL, /* indicates that EKT is not in use */
+ 128, /* replay window size */
+ 0, /* retransmission not allowed */
+ NULL
+};
+
+uint8_t ekt_test_key[16] = {
+ 0x77, 0x26, 0x9d, 0xac, 0x16, 0xa3, 0x28, 0xca,
+ 0x8e, 0xc9, 0x68, 0x4b, 0xcc, 0xc4, 0xd2, 0x1b
+};
+
+#include "ekt.h"
+
+ekt_policy_ctx_t ekt_test_policy = {
+ 0xa5a5, /* SPI */
+ EKT_CIPHER_AES_128_ECB,
+ ekt_test_key,
+ NULL
+};
+
+const srtp_policy_t hmac_only_with_ekt_policy = {
+ { ssrc_any_outbound, 0 }, /* SSRC */
+ {
+ NULL_CIPHER, /* cipher type */
+ 0, /* cipher key length in octets */
+ HMAC_SHA1, /* authentication func type */
+ 20, /* auth key length in octets */
+ 4, /* auth tag length in octets */
+ sec_serv_auth /* security services flag */
+ },
+ {
+ NULL_CIPHER, /* cipher type */
+ 0, /* cipher key length in octets */
+ HMAC_SHA1, /* authentication func type */
+ 20, /* auth key length in octets */
+ 4, /* auth tag length in octets */
+ sec_serv_auth /* security services flag */
+ },
+ test_key,
+ &ekt_test_policy, /* indicates that EKT is not in use */
+ 128, /* replay window size */
+ 0, /* retransmission not allowed */
NULL
};
@@ -1464,7 +1890,15 @@ policy_array[] = {
&aes_tmmh_policy,
#endif
&default_policy,
+#ifdef OPENSSL
+ &aes128_gcm_8_policy,
+ &aes128_gcm_8_cauth_policy,
+ &aes256_gcm_8_policy,
+ &aes256_gcm_8_cauth_policy,
+#endif
&null_policy,
+ &aes_256_hmac_policy,
+ &hmac_only_with_ekt_policy,
NULL
};
@@ -1487,5 +1921,8 @@ const srtp_policy_t wildcard_policy = {
sec_serv_conf_and_auth /* security services flag */
},
test_key,
+ NULL,
+ 128, /* replay window size */
+ 0, /* retransmission not allowed */
NULL
};
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-09 11:29:32 +0000