13 changed files with 948 additions and 162 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1 @@
-SOURCES/v2.3.0.tar.gz
+SOURCES/v1.5.4.tar.gz
--- a/.libsrtp.metadata
+++ b/.libsrtp.metadata
@ -1 +1 @@
-263a45a82cb1acb1a6c7beef64def31949496a02 SOURCES/v2.3.0.tar.gz
+568030da728a03b1d39d3dc1a5c31c3228fa73d5 SOURCES/v1.5.4.tar.gz
--- a/SOURCES/0001-Changes-for-OpenSSL-1.1.0-compatibility.patch
+++ b/SOURCES/0001-Changes-for-OpenSSL-1.1.0-compatibility.patch
@ -0,0 +1,502 @@
 From b1858f6b5fa33b9ef9eeea1f6152185d54bba323 Mon Sep 17 00:00:00 2001
 From: Wim Taymans <wtaymans@redhat.com>
 Date: Mon, 3 Sep 2018 13:19:44 +0200
 Subject: [PATCH] Changes for OpenSSL 1.1.0 compatibility
 ---
 crypto/cipher/aes_gcm_ossl.c  |  36 +++++----
 crypto/cipher/aes_icm_ossl.c  |  18 +++--
 crypto/hash/hmac_ossl.c       | 135 ++++++++++++----------------------
 crypto/include/aes_gcm_ossl.h |   2 +-
 crypto/include/aes_icm_ossl.h |   2 +-
 crypto/include/sha1.h         |  14 ++--
 6 files changed, 89 insertions(+), 118 deletions(-)
 diff --git a/crypto/cipher/aes_gcm_ossl.c b/crypto/cipher/aes_gcm_ossl.c
 index dce2a33..943dbd5 100644
 --- a/crypto/cipher/aes_gcm_ossl.c
 +++ b/crypto/cipher/aes_gcm_ossl.c
@@ -116,6 +116,13 @@ err_status_t aes_gcm_openssl_alloc (cipher_t **c, int key_len, int tlen)
     (*c)->state = allptr + sizeof(cipher_t);
     gcm = (aes_gcm_ctx_t *)(*c)->state;
 +    gcm->ctx = EVP_CIPHER_CTX_new();
 +    if (gcm->ctx == NULL) {
 +        crypto_free(*c);
 +        *c = NULL;
 +        return (err_status_alloc_fail);
 +    }
 +
     /* increment ref_count */
     switch (key_len) {
     case AES_128_GCM_KEYSIZE_WSALT:
@@ -136,7 +143,6 @@ err_status_t aes_gcm_openssl_alloc (cipher_t **c, int key_len, int tlen)
     /* set key size        */
     (*c)->key_len = key_len;
 -    EVP_CIPHER_CTX_init(&gcm->ctx);
     return (err_status_ok);
 }
@@ -151,7 +157,7 @@ err_status_t aes_gcm_openssl_dealloc (cipher_t *c)
     ctx = (aes_gcm_ctx_t*)c->state;
     if (ctx) {
 -	EVP_CIPHER_CTX_cleanup(&ctx->ctx);
 +	EVP_CIPHER_CTX_free(ctx->ctx);
         /* decrement ref_count for the appropriate engine */
         switch (ctx->key_size) {
         case AES_256_KEYSIZE:
@@ -197,7 +203,7 @@ err_status_t aes_gcm_openssl_context_init (aes_gcm_ctx_t *c, const uint8_t *key)
     debug_print(mod_aes_gcm, "key:  %s", v128_hex_string((v128_t*)&c->key));
 -    EVP_CIPHER_CTX_cleanup(&c->ctx);
 +    EVP_CIPHER_CTX_cleanup(c->ctx);
     return (err_status_ok);
 }
@@ -231,19 +237,19 @@ err_status_t aes_gcm_openssl_set_iv (aes_gcm_ctx_t *c, void *iv,
         break;
     }
 -    if (!EVP_CipherInit_ex(&c->ctx, evp, NULL, (const unsigned char*)&c->key.v8,
 +    if (!EVP_CipherInit_ex(c->ctx, evp, NULL, (const unsigned char*)&c->key.v8,
                            NULL, (c->dir == direction_encrypt ? 1 : 0))) {
         return (err_status_init_fail);
     }
     /* set IV len  and the IV value, the followiong 3 calls are required */
 -    if (!EVP_CIPHER_CTX_ctrl(&c->ctx, EVP_CTRL_GCM_SET_IVLEN, 12, 0)) {
 +    if (!EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_SET_IVLEN, 12, 0)) {
         return (err_status_init_fail);
     }
 -    if (!EVP_CIPHER_CTX_ctrl(&c->ctx, EVP_CTRL_GCM_SET_IV_FIXED, -1, iv)) {
 +    if (!EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_SET_IV_FIXED, -1, iv)) {
         return (err_status_init_fail);
     }
 -    if (!EVP_CIPHER_CTX_ctrl(&c->ctx, EVP_CTRL_GCM_IV_GEN, 0, iv)) {
 +    if (!EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_IV_GEN, 0, iv)) {
         return (err_status_init_fail);
     }
@@ -267,9 +273,9 @@ err_status_t aes_gcm_openssl_set_aad (aes_gcm_ctx_t *c, unsigned char *aad,
      * Set dummy tag, OpenSSL requires the Tag to be set before
      * processing AAD
      */
 -    EVP_CIPHER_CTX_ctrl(&c->ctx, EVP_CTRL_GCM_SET_TAG, c->tag_len, aad);
 +    EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_SET_TAG, c->tag_len, aad);
 -    rv = EVP_Cipher(&c->ctx, NULL, aad, aad_len);
 +    rv = EVP_Cipher(c->ctx, NULL, aad, aad_len);
     if (rv != aad_len) {
         return (err_status_algo_fail);
     } else {
@@ -295,7 +301,7 @@ err_status_t aes_gcm_openssl_encrypt (aes_gcm_ctx_t *c, unsigned char *buf,
     /*
      * Encrypt the data
      */
 -    EVP_Cipher(&c->ctx, buf, buf, *enc_len);
 +    EVP_Cipher(c->ctx, buf, buf, *enc_len);
     return (err_status_ok);
 }
@@ -317,12 +323,12 @@ err_status_t aes_gcm_openssl_get_tag (aes_gcm_ctx_t *c, unsigned char *buf,
     /*
      * Calculate the tag
      */
 -    EVP_Cipher(&c->ctx, NULL, NULL, 0);
 +    EVP_Cipher(c->ctx, NULL, NULL, 0);
     /*
      * Retreive the tag
      */
 -    EVP_CIPHER_CTX_ctrl(&c->ctx, EVP_CTRL_GCM_GET_TAG, c->tag_len, buf);
 +    EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_GET_TAG, c->tag_len, buf);
     /*
      * Increase encryption length by desired tag size
@@ -351,14 +357,14 @@ err_status_t aes_gcm_openssl_decrypt (aes_gcm_ctx_t *c, unsigned char *buf,
     /*
      * Set the tag before decrypting
      */
 -    EVP_CIPHER_CTX_ctrl(&c->ctx, EVP_CTRL_GCM_SET_TAG, c->tag_len, 
 +    EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_SET_TAG, c->tag_len, 
 	                buf + (*enc_len - c->tag_len));
 -    EVP_Cipher(&c->ctx, buf, buf, *enc_len - c->tag_len);
 +    EVP_Cipher(c->ctx, buf, buf, *enc_len - c->tag_len);
     /*
      * Check the tag
      */
 -    if (EVP_Cipher(&c->ctx, NULL, NULL, 0)) {
 +    if (EVP_Cipher(c->ctx, NULL, NULL, 0)) {
         return (err_status_auth_fail);
     }
 diff --git a/crypto/cipher/aes_icm_ossl.c b/crypto/cipher/aes_icm_ossl.c
 index eb58539..1ddd39e 100644
 --- a/crypto/cipher/aes_icm_ossl.c
 +++ b/crypto/cipher/aes_icm_ossl.c
@@ -143,6 +143,13 @@ err_status_t aes_icm_openssl_alloc (cipher_t **c, int key_len, int tlen)
     (*c)->state = allptr + sizeof(cipher_t);
     icm = (aes_icm_ctx_t*)(*c)->state;
 +    icm->ctx = EVP_CIPHER_CTX_new();
 +    if (icm->ctx == NULL) {
 +        crypto_free(*c);
 +        *c = NULL;
 +        return err_status_alloc_fail;
 +    }
 +
     /* increment ref_count */
     switch (key_len) {
     case AES_128_KEYSIZE_WSALT:
@@ -169,7 +176,6 @@ err_status_t aes_icm_openssl_alloc (cipher_t **c, int key_len, int tlen)
     /* set key size        */
     (*c)->key_len = key_len;
 -    EVP_CIPHER_CTX_init(&icm->ctx);
     return err_status_ok;
 }
@@ -191,7 +197,7 @@ err_status_t aes_icm_openssl_dealloc (cipher_t *c)
      */
     ctx = (aes_icm_ctx_t*)c->state;
     if (ctx != NULL) {
 -        EVP_CIPHER_CTX_cleanup(&ctx->ctx);
 +        EVP_CIPHER_CTX_free(ctx->ctx);
         /* decrement ref_count for the appropriate engine */
         switch (ctx->key_size) {
         case AES_256_KEYSIZE:
@@ -271,7 +277,7 @@ err_status_t aes_icm_openssl_context_init (aes_icm_ctx_t *c, const uint8_t *key,
     debug_print(mod_aes_icm, "key:  %s", v128_hex_string((v128_t*)&c->key));
     debug_print(mod_aes_icm, "offset: %s", v128_hex_string(&c->offset));
 -    EVP_CIPHER_CTX_cleanup(&c->ctx);
 +    EVP_CIPHER_CTX_cleanup(c->ctx);
     return err_status_ok;
 }
@@ -312,7 +318,7 @@ err_status_t aes_icm_openssl_set_iv (aes_icm_ctx_t *c, void *iv, int dir)
         break;
     }
 -    if (!EVP_EncryptInit_ex(&c->ctx, evp,
 +    if (!EVP_EncryptInit_ex(c->ctx, evp,
                             NULL, c->key.v8, c->counter.v8)) {
         return err_status_fail;
     } else {
@@ -334,12 +340,12 @@ err_status_t aes_icm_openssl_encrypt (aes_icm_ctx_t *c, unsigned char *buf, unsi
     debug_print(mod_aes_icm, "rs0: %s", v128_hex_string(&c->counter));
 -    if (!EVP_EncryptUpdate(&c->ctx, buf, &len, buf, *enc_len)) {
 +    if (!EVP_EncryptUpdate(c->ctx, buf, &len, buf, *enc_len)) {
         return err_status_cipher_fail;
     }
     *enc_len = len;
 -    if (!EVP_EncryptFinal_ex(&c->ctx, buf, &len)) {
 +    if (!EVP_EncryptFinal_ex(c->ctx, buf, &len)) {
         return err_status_cipher_fail;
     }
     *enc_len += len;
 diff --git a/crypto/hash/hmac_ossl.c b/crypto/hash/hmac_ossl.c
 index f62ce57..3f6f97d 100644
 --- a/crypto/hash/hmac_ossl.c
 +++ b/crypto/hash/hmac_ossl.c
@@ -49,8 +49,10 @@
 #include "hmac.h"
 #include "alloc.h"
 #include <openssl/evp.h>
 +#include <openssl/hmac.h>
 -#define HMAC_KEYLEN_MAX		20
 +#define HMAC_KEYLEN_MAX                20
 +#define SHA1_DIGEST_SIZE               20
 /* the debug module for authentiation */
@@ -64,8 +66,6 @@ err_status_t
 hmac_alloc (auth_t **a, int key_len, int out_len)
 {
     extern auth_type_t hmac;
 -    uint8_t *pointer;
 -    hmac_ctx_t *new_hmac_ctx;
     debug_print(mod_hmac, "allocating auth func with key length %d", key_len);
     debug_print(mod_hmac, "                          tag length %d", out_len);
@@ -79,25 +79,28 @@ hmac_alloc (auth_t **a, int key_len, int out_len)
     }
     /* check output length - should be less than 20 bytes */
 -    if (out_len > HMAC_KEYLEN_MAX) {
 +    if (out_len > SHA1_DIGEST_SIZE) {
         return err_status_bad_param;
     }
     /* allocate memory for auth and hmac_ctx_t structures */
 -    pointer = (uint8_t*)crypto_alloc(sizeof(hmac_ctx_t) + sizeof(auth_t));
 -    if (pointer == NULL) {
 +    *a = crypto_alloc(sizeof(auth_t));
 +    if (*a == NULL) {
 +        return err_status_alloc_fail;
 +    }
 +
 +    (*a)->state = HMAC_CTX_new();
 +    if ((*a)->state == NULL) {
 +        crypto_free(*a);
 +        *a = NULL;
         return err_status_alloc_fail;
     }
     /* set pointers */
 -    *a = (auth_t*)pointer;
     (*a)->type = &hmac;
 -    (*a)->state = pointer + sizeof(auth_t);
     (*a)->out_len = out_len;
     (*a)->key_len = key_len;
     (*a)->prefix_len = 0;
 -    new_hmac_ctx = (hmac_ctx_t*)((*a)->state);
 -    memset(new_hmac_ctx, 0, sizeof(hmac_ctx_t));
     /* increment global count of all hmac uses */
     hmac.ref_count++;
@@ -109,19 +112,14 @@ err_status_t
 hmac_dealloc (auth_t *a)
 {
     extern auth_type_t hmac;
 -    hmac_ctx_t *hmac_ctx;
 +    HMAC_CTX *hmac_ctx;
 -    hmac_ctx = (hmac_ctx_t*)a->state;
 -    if (hmac_ctx->ctx_initialized) {
 -        EVP_MD_CTX_cleanup(&hmac_ctx->ctx);
 -    }
 -    if (hmac_ctx->init_ctx_initialized) {
 -        EVP_MD_CTX_cleanup(&hmac_ctx->init_ctx);
 -    }
 +    hmac_ctx = (HMAC_CTX*)a->state;
 +
 +    HMAC_CTX_free(hmac_ctx);
     /* zeroize entire state*/
 -    octet_string_set_to_zero((uint8_t*)a,
 -                             sizeof(hmac_ctx_t) + sizeof(auth_t));
 +    octet_string_set_to_zero((uint8_t*)a, sizeof(auth_t));
     /* free memory */
     crypto_free(a);
@@ -133,109 +131,68 @@ hmac_dealloc (auth_t *a)
 }
 err_status_t
 -hmac_init (hmac_ctx_t *state, const uint8_t *key, int key_len)
 +hmac_start (hmac_ctx_t *statev)
 {
 -    int i;
 -    uint8_t ipad[64];
 -
 -    /*
 -     * check key length - note that we don't support keys larger
 -     * than 20 bytes yet
 -     */
 -    if (key_len > HMAC_KEYLEN_MAX) {
 -        return err_status_bad_param;
 -    }
 -
 -    /*
 -     * set values of ipad and opad by exoring the key into the
 -     * appropriate constant values
 -     */
 -    for (i = 0; i < key_len; i++) {
 -        ipad[i] = key[i] ^ 0x36;
 -        state->opad[i] = key[i] ^ 0x5c;
 -    }
 -    /* set the rest of ipad, opad to constant values */
 -    for (; i < sizeof(ipad); i++) {
 -        ipad[i] = 0x36;
 -        ((uint8_t*)state->opad)[i] = 0x5c;
 -    }
 -
 -    debug_print(mod_hmac, "ipad: %s", octet_string_hex_string(ipad, sizeof(ipad)));
 +    HMAC_CTX *state = (HMAC_CTX *)statev;
 -    /* initialize sha1 context */
 -    sha1_init(&state->init_ctx);
 -    state->init_ctx_initialized = 1;
 +    if (HMAC_Init_ex(state, NULL, 0, NULL, NULL) == 0)
 +        return err_status_auth_fail;
 -    /* hash ipad ^ key */
 -    sha1_update(&state->init_ctx, ipad, sizeof(ipad));
 -    return (hmac_start(state));
 +    return err_status_ok;
 }
 err_status_t
 -hmac_start (hmac_ctx_t *state)
 +hmac_init (hmac_ctx_t *statev, const uint8_t *key, int key_len)
 {
 -    if (state->ctx_initialized) {
 -        EVP_MD_CTX_cleanup(&state->ctx);
 -    }
 -    if (!EVP_MD_CTX_copy(&state->ctx, &state->init_ctx)) {
 +    HMAC_CTX *state = (HMAC_CTX *)statev;
 +
 +    if (HMAC_Init_ex(state, key, key_len, EVP_sha1(), NULL) == 0)
         return err_status_auth_fail;
 -    } else {
 -        state->ctx_initialized = 1;
 -        return err_status_ok;
 -    }
 +
 +    return err_status_ok;
 }
 err_status_t
 -hmac_update (hmac_ctx_t *state, const uint8_t *message, int msg_octets)
 +hmac_update (hmac_ctx_t *statev, const uint8_t *message, int msg_octets)
 {
 +    HMAC_CTX *state = (HMAC_CTX *)statev;
 +
     debug_print(mod_hmac, "input: %s",
                 octet_string_hex_string(message, msg_octets));
 -    /* hash message into sha1 context */
 -    sha1_update(&state->ctx, message, msg_octets);
 +    if (HMAC_Update(state, message, msg_octets) == 0)
 +        return err_status_auth_fail;
     return err_status_ok;
 }
 err_status_t
 -hmac_compute (hmac_ctx_t *state, const void *message,
 +hmac_compute (hmac_ctx_t *statev, const void *message,
               int msg_octets, int tag_len, uint8_t *result)
 {
 -    uint32_t hash_value[5];
 -    uint32_t H[5];
 +    HMAC_CTX *state = (HMAC_CTX *)statev;
 +    uint8_t hash_value[SHA1_DIGEST_SIZE];
     int i;
 +    unsigned int len;
     /* check tag length, return error if we can't provide the value expected */
 -    if (tag_len > HMAC_KEYLEN_MAX) {
 +    if (tag_len > SHA1_DIGEST_SIZE) {
         return err_status_bad_param;
     }
     /* hash message, copy output into H */
 -    sha1_update(&state->ctx, message, msg_octets);
 -    sha1_final(&state->ctx, H);
 -
 -    /*
 -     * note that we don't need to debug_print() the input, since the
 -     * function hmac_update() already did that for us
 -     */
 -    debug_print(mod_hmac, "intermediate state: %s",
 -                octet_string_hex_string((uint8_t*)H, sizeof(H)));
 -
 -    /* re-initialize hash context */
 -    sha1_init(&state->ctx);
 -
 -    /* hash opad ^ key  */
 -    sha1_update(&state->ctx, (uint8_t*)state->opad, sizeof(state->opad));
 +    if (HMAC_Update(state, message, msg_octets) == 0)
 +        return err_status_auth_fail;
 -    /* hash the result of the inner hash */
 -    sha1_update(&state->ctx, (uint8_t*)H, sizeof(H));
 +    if (HMAC_Final(state, hash_value, &len) == 0)
 +        return err_status_auth_fail;
 -    /* the result is returned in the array hash_value[] */
 -    sha1_final(&state->ctx, hash_value);
 +    if (len < tag_len)
 +        return err_status_auth_fail;
     /* copy hash_value to *result */
     for (i = 0; i < tag_len; i++) {
 -        result[i] = ((uint8_t*)hash_value)[i];
 +        result[i] = hash_value[i];
     }
     debug_print(mod_hmac, "output: %s",
 diff --git a/crypto/include/aes_gcm_ossl.h b/crypto/include/aes_gcm_ossl.h
 index 8e7711d..4f49b51 100644
 --- a/crypto/include/aes_gcm_ossl.h
 +++ b/crypto/include/aes_gcm_ossl.h
@@ -55,7 +55,7 @@ typedef struct {
   v256_t   key;
   int      key_size;
   int      tag_len;
 -  EVP_CIPHER_CTX ctx;
 +  EVP_CIPHER_CTX* ctx;
   cipher_direction_t dir;
 } aes_gcm_ctx_t;
 diff --git a/crypto/include/aes_icm_ossl.h b/crypto/include/aes_icm_ossl.h
 index b4ec40a..af23320 100644
 --- a/crypto/include/aes_icm_ossl.h
 +++ b/crypto/include/aes_icm_ossl.h
@@ -72,7 +72,7 @@ typedef struct {
     v128_t offset;                 /* initial offset value             */
     v256_t key;
     int key_size;
 -    EVP_CIPHER_CTX ctx;
 +    EVP_CIPHER_CTX* ctx;
 } aes_icm_ctx_t;
 err_status_t aes_icm_openssl_set_iv(aes_icm_ctx_t *c, void *iv, int dir);
 diff --git a/crypto/include/sha1.h b/crypto/include/sha1.h
 index 2ce53e8..fb5bd95 100644
 --- a/crypto/include/sha1.h
 +++ b/crypto/include/sha1.h
@@ -56,8 +56,6 @@
 #include <openssl/evp.h>
 #include <stdint.h>
 -typedef EVP_MD_CTX sha1_ctx_t;
 -
 /*
  * sha1_init(&ctx) initializes the SHA1 context ctx
  *
@@ -72,23 +70,27 @@ typedef EVP_MD_CTX sha1_ctx_t;
  *
  */
 +typedef EVP_MD_CTX* sha1_ctx_t;
 +
 static inline void sha1_init (sha1_ctx_t *ctx)
 {
 -    EVP_MD_CTX_init(ctx);
 -    EVP_DigestInit(ctx, EVP_sha1());
 +    *ctx = EVP_MD_CTX_new();
 +    EVP_DigestInit(*ctx, EVP_sha1());
 }
 static inline void sha1_update (sha1_ctx_t *ctx, const uint8_t *M, int octets_in_msg)
 {
 -    EVP_DigestUpdate(ctx, M, octets_in_msg);
 +    EVP_DigestUpdate(*ctx, M, octets_in_msg);
 }
 static inline void sha1_final (sha1_ctx_t *ctx, uint32_t *output)
 {
     unsigned int len = 0;
 -    EVP_DigestFinal(ctx, (unsigned char*)output, &len);
 +    EVP_DigestFinal(*ctx, (unsigned char*)output, &len);
 +    EVP_MD_CTX_free(*ctx);
 }
 +
 #else
 #include "datatypes.h"
 -- 
 2.17.1
--- a/SOURCES/config.h
+++ b/SOURCES/config.h
@ -0,0 +1,18 @@
 /* This file is here to prevent a file conflict on multiarch systems.  A
 * conflict will frequently occur because arch-specific build-time
 * configuration options are stored (and used, so they can't just be stripped
 * out) in config.h.  The original config.h has been renamed.
 * DO NOT INCLUDE THE NEW FILE DIRECTLY -- ALWAYS INCLUDE THIS ONE INSTEAD. */
 #ifdef srtp_multilib_redirection_h
 #error "Do not define srtp_multilib_redirection_h!"
 #endif
 #define srtp_multilib_redirection_h
 #if defined(__x86_64__) || defined(__PPC64__) || (defined(__sparc__) && defined(__arch64__)) || defined(__s390x__) || defined(__aarch64__)
 #include "srtp/config-64.h"
 #else
 #include "srtp/config-32.h"
 #endif
 #undef srtp_multilib_redirection_h
--- a/SOURCES/libsrtp-1.5.4-shared-fix.patch
+++ b/SOURCES/libsrtp-1.5.4-shared-fix.patch
@ -0,0 +1,36 @@
 diff -up libsrtp-1.5.4/Makefile.in.sharedfix libsrtp-1.5.4/Makefile.in
 --- libsrtp-1.5.4/Makefile.in.sharedfix	2016-02-02 14:56:49.000000000 -0500
 +++ libsrtp-1.5.4/Makefile.in	2016-02-12 09:38:18.228208296 -0500
@@ -84,12 +84,14 @@ pkgconfigdir = $(libdir)/pkgconfig
 pkgconfig_DATA = libsrtp.pc
 endif
 -SHAREDLIBVERSION = 1
 +SHAREDLIBMINIVER = 1
 +SHAREDLIBVERSION = $(SHAREDLIBMINIVER).0.0
 ifeq (linux,$(findstring linux,@host@))
 SHAREDLIB_DIR = $(libdir)
 -SHAREDLIB_LDFLAGS = -shared -Wl,-soname,$@
 SHAREDLIBSUFFIXNOVER = so
 SHAREDLIBSUFFIX = $(SHAREDLIBSUFFIXNOVER).$(SHAREDLIBVERSION)
 +SHAREDLIBMINISUFFIX = $(SHAREDLIBSUFFIXNOVER).$(SHAREDLIBMINIVER)
 +SHAREDLIB_LDFLAGS = -shared -Wl,-soname,libsrtp.$(SHAREDLIBMINISUFFIX)
 else ifeq (mingw,$(findstring mingw,@host@))
 SHAREDLIB_DIR = $(bindir)
 SHAREDLIB_LDFLAGS = -shared -Wl,--out-implib,libsrtp.dll.a
@@ -148,6 +150,7 @@ libsrtp.$(SHAREDLIBSUFFIX): $(srtpobj) $
 	$(CC) -shared -o $@ $(SHAREDLIB_LDFLAGS) \
                 $^ $(LDFLAGS) $(LIBS)
 	if [ -n "$(SHAREDLIBVERSION)" ]; then \
 +		ln -sfn $@ libsrtp.$(SHAREDLIBMINISUFFIX); \
 		ln -sfn $@ libsrtp.$(SHAREDLIBSUFFIXNOVER); \
 	fi
@@ -274,6 +277,7 @@ install:
 		$(INSTALL) -d $(DESTDIR)$(SHAREDLIB_DIR); \
 		cp libsrtp.$(SHAREDLIBSUFFIX) $(DESTDIR)$(SHAREDLIB_DIR)/; \
 		ln -sfn libsrtp.$(SHAREDLIBSUFFIX) $(DESTDIR)$(SHAREDLIB_DIR)/libsrtp.$(SHAREDLIBSUFFIXNOVER); \
 +		ln -sfn libsrtp.$(SHAREDLIBSUFFIX) $(DESTDIR)$(SHAREDLIB_DIR)/libsrtp.$(SHAREDLIBMINISUFFIX); \
 	fi
 	if [ "$(pkgconfig_DATA)" != "" ]; then \
 		$(INSTALL) -d $(DESTDIR)$(pkgconfigdir); \
--- a/SOURCES/libsrtp-2.3.0-nss-3.63-fix.patch
+++ b/SOURCES/libsrtp-2.3.0-nss-3.63-fix.patch
@ -1,24 +0,0 @@
 diff -up libsrtp-2.3.0/crypto/include/aes_gcm.h.nssfix libsrtp-2.3.0/crypto/include/aes_gcm.h
 --- libsrtp-2.3.0/crypto/include/aes_gcm.h.nssfix	2021-04-15 13:47:08.667150587 -0400
 +++ libsrtp-2.3.0/crypto/include/aes_gcm.h	2021-04-15 13:47:26.991294515 -0400
@@ -66,6 +66,8 @@ typedef struct {
 #ifdef NSS
 +#define NSS_PKCS11_2_0_COMPAT 1
 +
 #include <nss.h>
 #include <pk11pub.h>
 diff -up libsrtp-2.3.0/crypto/include/aes_icm_ext.h.nssfix libsrtp-2.3.0/crypto/include/aes_icm_ext.h
 --- libsrtp-2.3.0/crypto/include/aes_icm_ext.h.nssfix	2021-04-15 13:47:36.617370124 -0400
 +++ libsrtp-2.3.0/crypto/include/aes_icm_ext.h	2021-04-15 13:59:50.074073286 -0400
@@ -65,6 +65,8 @@ typedef struct {
 #ifdef NSS
 +#define NSS_PKCS11_2_0_COMPAT 1
 +
 #include <nss.h>
 #include <pk11pub.h>
--- a/SOURCES/libsrtp-2.3.0-shared-fix.patch
+++ b/SOURCES/libsrtp-2.3.0-shared-fix.patch
@ -1,36 +0,0 @@
 diff -up libsrtp-2.3.0/Makefile.in.sharedfix libsrtp-2.3.0/Makefile.in
 --- libsrtp-2.3.0/Makefile.in.sharedfix	2020-01-07 09:48:36.004217062 -0500
 +++ libsrtp-2.3.0/Makefile.in	2020-01-07 09:53:08.117725096 -0500
@@ -106,12 +106,14 @@ bindir = @bindir@
 pkgconfigdir = $(libdir)/pkgconfig
 pkgconfig_DATA = libsrtp2.pc
 -SHAREDLIBVERSION = 1
 +SHAREDLIBMINIVER = 1
 +SHAREDLIBVERSION = $(SHAREDLIBMINIVER).0.0
 ifneq (,$(or $(findstring linux,@host@), $(findstring gnu,@host@)))
 SHAREDLIB_DIR = $(libdir)
 -SHAREDLIB_LDFLAGS = -shared -Wl,-soname,$@
 SHAREDLIBSUFFIXNOVER = so
 +SHAREDLIBMINISUFFIX = $(SHAREDLIBSUFFIXNOVER).$(SHAREDLIBMINIVER)
 SHAREDLIBSUFFIX = $(SHAREDLIBSUFFIXNOVER).$(SHAREDLIBVERSION)
 +SHAREDLIB_LDFLAGS = -shared -Wl,-soname,libsrtp2.$(SHAREDLIBMINISUFFIX)
 else ifneq (,$(or $(findstring cygwin,@host@), $(findstring mingw,@host@)))
 SHAREDLIB_DIR = $(bindir)
 SHAREDLIB_LDFLAGS = -shared -Wl,--out-implib,libsrtp2.dll.a
@@ -166,6 +168,7 @@ libsrtp2.$(SHAREDLIBSUFFIX): $(srtpobj)
 	$(CC) -shared -o $@ $(SHAREDLIB_LDFLAGS) \
 				$^ $(LDFLAGS) $(LIBS)
 	if [ -n "$(SHAREDLIBVERSION)" ]; then \
 +		ln -sfn $@ libsrtp2.$(SHAREDLIBMINISUFFIX); \
 		ln -sfn $@ libsrtp2.$(SHAREDLIBSUFFIXNOVER); \
 	fi
@@ -288,6 +291,7 @@ install:
 		cp libsrtp2.$(SHAREDLIBSUFFIXNOVER) $(DESTDIR)$(SHAREDLIB_DIR)/; \
 		if [ -n "$(SHAREDLIBVERSION)" ]; then \
 			ln -sfn libsrtp2.$(SHAREDLIBSUFFIX) $(DESTDIR)$(SHAREDLIB_DIR)/libsrtp2.$(SHAREDLIBSUFFIXNOVER); \
 +			ln -sfn libsrtp2.$(SHAREDLIBSUFFIX) $(DESTDIR)$(SHAREDLIB_DIR)/libsrtp2.$(SHAREDLIBMINISUFFIX); \
 		fi; \
 	fi
 	$(INSTALL) -d $(DESTDIR)$(pkgconfigdir)
--- a/SOURCES/libsrtp-2.3.0-shared-test-fix.patch
+++ b/SOURCES/libsrtp-2.3.0-shared-test-fix.patch
@ -1,13 +0,0 @@
 diff -up libsrtp-2.3.0/Makefile.in.test-shared libsrtp-2.3.0/Makefile.in
 --- libsrtp-2.3.0/Makefile.in.test-shared	2020-10-12 16:00:39.065842309 -0400
 +++ libsrtp-2.3.0/Makefile.in	2020-10-12 16:01:11.244097667 -0400
@@ -196,7 +196,7 @@ ifeq (1, $(HAVE_PCAP))
 testapp += test/rtp_decoder$(EXE)
 endif
 -$(testapp): libsrtp2.a
 +$(testapp): libsrtp2.$(SHAREDLIBSUFFIX)
 test/rtpw$(EXE): test/rtpw.c test/rtp.c test/util.c test/getopt_s.c \
 		crypto/math/datatypes.c
 diff -up libsrtp-2.3.0/Makefile.test-shared libsrtp-2.3.0/Makefile
--- a/SOURCES/libsrtp-2.3.0-test-util.patch
+++ b/SOURCES/libsrtp-2.3.0-test-util.patch
@ -1,12 +0,0 @@
 diff -r -u libsrtp-2.3.0.orig/test/util.c libsrtp-2.3.0/test/util.c
 --- libsrtp-2.3.0.orig/test/util.c	2019-12-23 10:58:25.000000000 +0100
 +++ libsrtp-2.3.0/test/util.c	2020-10-09 11:56:31.455502870 +0200
@@ -49,7 +49,7 @@
 #include <stdint.h>
 /* include space for null terminator */
 -char bit_string[MAX_PRINT_STRING_LEN + 1];
 +static char bit_string[MAX_PRINT_STRING_LEN + 1];
 static inline int hex_char_to_nibble(uint8_t c)
 {
--- a/SOURCES/libsrtp-fix-name-collision-on-MIPS.patch
+++ b/SOURCES/libsrtp-fix-name-collision-on-MIPS.patch
@ -0,0 +1,55 @@
 diff -urp libsrtp-1.5.0/test/srtp_driver.c l/test/srtp_driver.c
 --- libsrtp-1.5.0/test/srtp_driver.c	2014-10-13 16:35:33.000000000 +0200
 +++ libsrtp-1.5.4/test/srtp_driver.c	2015-09-18 06:41:50.740727805 +0200
@@ -341,7 +341,7 @@ main (int argc, char *argv[]) {
   if (do_codec_timing) {
     srtp_policy_t policy;
     int ignore;
 -    double mips = mips_estimate(1000000000, &ignore);
 +    double mips_est = mips_estimate(1000000000, &ignore);
     crypto_policy_set_rtp_default(&policy.rtp);
     crypto_policy_set_rtcp_default(&policy.rtcp);
@@ -353,33 +353,33 @@ main (int argc, char *argv[]) {
     policy.allow_repeat_tx = 0;
     policy.next = NULL;
 -    printf("mips estimate: %e\n", mips);
 +    printf("mips estimate: %e\n", mips_est);
     printf("testing srtp processing time for voice codecs:\n");
     printf("codec\t\tlength (octets)\t\tsrtp instructions/second\n");
     printf("G.711\t\t%d\t\t\t%e\n", 80, 
 -           (double) mips * (80 * 8) / 
 +           (double) mips_est * (80 * 8) / 
 	   srtp_bits_per_second(80, &policy) / .01 );
     printf("G.711\t\t%d\t\t\t%e\n", 160, 
 -           (double) mips * (160 * 8) / 
 +           (double) mips_est * (160 * 8) / 
 	   srtp_bits_per_second(160, &policy) / .02);
     printf("G.726-32\t%d\t\t\t%e\n", 40, 
 -           (double) mips * (40 * 8) / 
 +           (double) mips_est * (40 * 8) / 
 	   srtp_bits_per_second(40, &policy) / .01 );
     printf("G.726-32\t%d\t\t\t%e\n", 80, 
 -           (double) mips * (80 * 8) / 
 +           (double) mips_est * (80 * 8) / 
 	   srtp_bits_per_second(80, &policy) / .02);
     printf("G.729\t\t%d\t\t\t%e\n", 10, 
 -           (double) mips * (10 * 8) / 
 +           (double) mips_est * (10 * 8) / 
 	   srtp_bits_per_second(10, &policy) / .01 );
     printf("G.729\t\t%d\t\t\t%e\n", 20, 
 -           (double) mips * (20 * 8) /
 +           (double) mips_est * (20 * 8) /
 	   srtp_bits_per_second(20, &policy) / .02 );
     printf("Wideband\t%d\t\t\t%e\n", 320, 
 -           (double) mips * (320 * 8) /
 +           (double) mips_est * (320 * 8) /
 	   srtp_bits_per_second(320, &policy) / .01 );
     printf("Wideband\t%d\t\t\t%e\n", 640, 
 -           (double) mips * (640 * 8) /
 +           (double) mips_est * (640 * 8) /
 	   srtp_bits_per_second(640, &policy) / .02 );
   }
--- a/SOURCES/libsrtp-sha1-name-fix.patch
+++ b/SOURCES/libsrtp-sha1-name-fix.patch
@ -0,0 +1,174 @@
 diff -rup libsrtp-1.5.0/crypto/hash/hmac.c libsrtp-1.5.0/crypto/hash/hmac.c
 --- libsrtp-1.5.0/crypto/hash/hmac.c	2014-10-13 10:35:33.000000000 -0400
 +++ libsrtp-1.5.0/crypto/hash/hmac.c	2014-10-31 09:15:20.666474444 -0400
@@ -141,10 +141,10 @@ hmac_init(hmac_ctx_t *state, const uint8
   debug_print(mod_hmac, "ipad: %s", octet_string_hex_string(ipad, 64));
   /* initialize sha1 context */
 -  sha1_init(&state->init_ctx);
 +  crypto_sha1_init(&state->init_ctx);
   /* hash ipad ^ key */
 -  sha1_update(&state->init_ctx, ipad, 64);
 +  crypto_sha1_update(&state->init_ctx, ipad, 64);
   memcpy(&state->ctx, &state->init_ctx, sizeof(sha1_ctx_t)); 
   return err_status_ok;
@@ -165,7 +165,7 @@ hmac_update(hmac_ctx_t *state, const uin
 	      octet_string_hex_string(message, msg_octets));
   /* hash message into sha1 context */
 -  sha1_update(&state->ctx, message, msg_octets);
 +  crypto_sha1_update(&state->ctx, message, msg_octets);
   return err_status_ok;
 }
@@ -183,7 +183,7 @@ hmac_compute(hmac_ctx_t *state, const vo
   /* hash message, copy output into H */
   hmac_update(state, (const uint8_t*)message, msg_octets);
 -  sha1_final(&state->ctx, H);
 +  crypto_sha1_final(&state->ctx, H);
   /*
    * note that we don't need to debug_print() the input, since the
@@ -193,16 +193,16 @@ hmac_compute(hmac_ctx_t *state, const vo
 	      octet_string_hex_string((uint8_t *)H, 20));
   /* re-initialize hash context */
 -  sha1_init(&state->ctx);
 +  crypto_sha1_init(&state->ctx);
   /* hash opad ^ key  */
 -  sha1_update(&state->ctx, (uint8_t *)state->opad, 64);
 +  crypto_sha1_update(&state->ctx, (uint8_t *)state->opad, 64);
   /* hash the result of the inner hash */
 -  sha1_update(&state->ctx, (uint8_t *)H, 20);
 +  crypto_sha1_update(&state->ctx, (uint8_t *)H, 20);
   /* the result is returned in the array hash_value[] */
 -  sha1_final(&state->ctx, hash_value);
 +  crypto_sha1_final(&state->ctx, hash_value);
   /* copy hash_value to *result */
   for (i=0; i < tag_len; i++)    
 diff -rup libsrtp-1.5.0/crypto/hash/sha1.c libsrtp-1.5.0/crypto/hash/sha1.c
 --- libsrtp-1.5.0/crypto/hash/sha1.c	2014-10-13 10:35:33.000000000 -0400
 +++ libsrtp-1.5.0/crypto/hash/sha1.c	2014-10-31 09:15:20.667474449 -0400
@@ -77,12 +77,12 @@ uint32_t SHA_K2 = 0x8F1BBCDC;   /* Kt fo
 uint32_t SHA_K3 = 0xCA62C1D6;   /* Kt for 60 <= t <= 79 */
 void
 -sha1(const uint8_t *msg,  int octets_in_msg, uint32_t hash_value[5]) {
 +crypto_sha1(const uint8_t *msg,  int octets_in_msg, uint32_t hash_value[5]) {
   sha1_ctx_t ctx;
 -  sha1_init(&ctx);
 -  sha1_update(&ctx, msg, octets_in_msg);
 -  sha1_final(&ctx, hash_value);
 +  crypto_sha1_init(&ctx);
 +  crypto_sha1_update(&ctx, msg, octets_in_msg);
 +  crypto_sha1_final(&ctx, hash_value);
 }
@@ -99,7 +99,7 @@ sha1(const uint8_t *msg,  int octets_in_
  */
 void
 -sha1_core(const uint32_t M[16], uint32_t hash_value[5]) {
 +crypto_sha1_core(const uint32_t M[16], uint32_t hash_value[5]) {
   uint32_t H0;
   uint32_t H1;
   uint32_t H2;
@@ -186,7 +186,7 @@ sha1_core(const uint32_t M[16], uint32_t
 }
 void
 -sha1_init(sha1_ctx_t *ctx) {
 +crypto_sha1_init(sha1_ctx_t *ctx) {
   /* initialize state vector */
   ctx->H[0] = 0x67452301;
@@ -204,7 +204,7 @@ sha1_init(sha1_ctx_t *ctx) {
 }
 void
 -sha1_update(sha1_ctx_t *ctx, const uint8_t *msg, int octets_in_msg) {
 +crypto_sha1_update(sha1_ctx_t *ctx, const uint8_t *msg, int octets_in_msg) {
   int i;
   uint8_t *buf = (uint8_t *)ctx->M;
@@ -229,7 +229,7 @@ sha1_update(sha1_ctx_t *ctx, const uint8
       debug_print(mod_sha1, "(update) running sha1_core()", NULL);
 -      sha1_core(ctx->M, ctx->H);
 +      crypto_sha1_core(ctx->M, ctx->H);
     } else {
@@ -252,7 +252,7 @@ sha1_update(sha1_ctx_t *ctx, const uint8
  */
 void
 -sha1_final(sha1_ctx_t *ctx, uint32_t *output) {
 +crypto_sha1_final(sha1_ctx_t *ctx, uint32_t *output) {
   uint32_t A, B, C, D, E, TEMP;
   uint32_t W[80];  
   int i, t;
 diff -rup libsrtp-1.5.0/crypto/include/sha1.h libsrtp-1.5.0/crypto/include/sha1.h
 --- libsrtp-1.5.0/crypto/include/sha1.h	2014-10-13 10:35:33.000000000 -0400
 +++ libsrtp-1.5.0/crypto/include/sha1.h	2014-10-31 09:16:10.367733196 -0400
@@ -103,7 +103,7 @@ typedef struct {
  */
 void
 -sha1(const uint8_t *message,  int octets_in_msg, uint32_t output[5]);
 +crypto_sha1(const uint8_t *message,  int octets_in_msg, uint32_t output[5]);
 /*
  * sha1_init(&ctx) initializes the SHA1 context ctx
@@ -117,13 +117,13 @@ sha1(const uint8_t *message,  int octets
  */
 void
 -sha1_init(sha1_ctx_t *ctx);
 +crypto_sha1_init(sha1_ctx_t *ctx);
 void
 -sha1_update(sha1_ctx_t *ctx, const uint8_t *M, int octets_in_msg);
 +crypto_sha1_update(sha1_ctx_t *ctx, const uint8_t *M, int octets_in_msg);
 void
 -sha1_final(sha1_ctx_t *ctx, uint32_t output[5]);
 +crypto_sha1_final(sha1_ctx_t *ctx, uint32_t output[5]);
 /*
  * The sha1_core function is INTERNAL to SHA-1, but it is declared
@@ -141,7 +141,7 @@ sha1_final(sha1_ctx_t *ctx, uint32_t out
  */
 void
 -sha1_core(const uint32_t M[16], uint32_t hash_value[5]);
 +crypto_sha1_core(const uint32_t M[16], uint32_t hash_value[5]);
 #endif /* else OPENSSL */
 diff -rup libsrtp-1.5.0/crypto/test/sha1_driver.c libsrtp-1.5.0/crypto/test/sha1_driver.c
 --- libsrtp-1.5.0/crypto/test/sha1_driver.c	2014-10-13 10:35:33.000000000 -0400
 +++ libsrtp-1.5.0/crypto/test/sha1_driver.c	2014-10-31 09:15:20.668474454 -0400
@@ -113,9 +113,9 @@ sha1_test_case_validate(const hash_test_
   if (test_case->data_len > MAX_HASH_DATA_LEN)
     return err_status_bad_param;
 -  sha1_init(&ctx);
 -  sha1_update(&ctx, test_case->data, test_case->data_len);
 -  sha1_final(&ctx, hash_value);
 +  crypto_sha1_init(&ctx);
 +  crypto_sha1_update(&ctx, test_case->data, test_case->data_len);
 +  crypto_sha1_final(&ctx, hash_value);
   if (0 == memcmp(test_case->hash, hash_value, 20)) {
 #if VERBOSE
     printf("PASSED: reference value: %s\n", 
--- a/SOURCES/libsrtp-srtp_aes_encrypt.patch
+++ b/SOURCES/libsrtp-srtp_aes_encrypt.patch
@ -0,0 +1,129 @@
 diff -rup a/crypto/cipher/aes.c b/crypto/cipher/aes.c
 --- a/crypto/cipher/aes.c	2014-10-13 10:35:33.000000000 -0400
 +++ b/crypto/cipher/aes.c	2014-10-31 09:25:20.603597823 -0400
@@ -2002,7 +2002,7 @@ aes_inv_final_round(v128_t *state, const
 void
 -aes_encrypt(v128_t *plaintext, const aes_expanded_key_t *exp_key) {
 +srtp_aes_encrypt(v128_t *plaintext, const aes_expanded_key_t *exp_key) {
   /* add in the subkey */
   v128_xor_eq(plaintext, &exp_key->round[0]);
 diff -rup a/crypto/cipher/aes_cbc.c b/crypto/cipher/aes_cbc.c
 --- a/crypto/cipher/aes_cbc.c	2014-10-13 10:35:33.000000000 -0400
 +++ b/crypto/cipher/aes_cbc.c	2014-10-31 09:25:20.604597828 -0400
@@ -192,7 +192,7 @@ aes_cbc_encrypt(aes_cbc_ctx_t *c,
     debug_print(mod_aes_cbc, "inblock:  %s", 
 	      v128_hex_string(&c->state));
 -    aes_encrypt(&c->state, &c->expanded_key);
 +    srtp_aes_encrypt(&c->state, &c->expanded_key);
     debug_print(mod_aes_cbc, "outblock: %s", 
 	      v128_hex_string(&c->state));
 diff -rup a/crypto/cipher/aes_icm.c b/crypto/cipher/aes_icm.c
 --- a/crypto/cipher/aes_icm.c	2014-10-13 10:35:33.000000000 -0400
 +++ b/crypto/cipher/aes_icm.c	2014-10-31 09:25:20.604597828 -0400
@@ -260,7 +260,7 @@ aes_icm_set_octet(aes_icm_ctx_t *c,
   /* fill keystream buffer, if needed */
   if (tail_num) {
     v128_copy(&c->keystream_buffer, &c->counter);
 -    aes_encrypt(&c->keystream_buffer, &c->expanded_key);
 +    srtp_aes_encrypt(&c->keystream_buffer, &c->expanded_key);
     c->bytes_in_buffer = sizeof(v128_t);
     debug_print(mod_aes_icm, "counter:    %s", 
@@ -316,7 +316,7 @@ static inline void
 aes_icm_advance_ismacryp(aes_icm_ctx_t *c, uint8_t forIsmacryp) {
   /* fill buffer with new keystream */
   v128_copy(&c->keystream_buffer, &c->counter);
 -  aes_encrypt(&c->keystream_buffer, &c->expanded_key);
 +  srtp_aes_encrypt(&c->keystream_buffer, &c->expanded_key);
   c->bytes_in_buffer = sizeof(v128_t);
   debug_print(mod_aes_icm, "counter:    %s", 
 diff -rup a/crypto/include/aes.h b/crypto/include/aes.h
 --- a/crypto/include/aes.h	2014-10-13 10:35:33.000000000 -0400
 +++ b/crypto/include/aes.h	2014-10-31 09:25:20.604597828 -0400
@@ -68,7 +68,7 @@ aes_expand_decryption_key(const uint8_t
 			  aes_expanded_key_t *expanded_key);
 void
 -aes_encrypt(v128_t *plaintext, const aes_expanded_key_t *exp_key);
 +srtp_aes_encrypt(v128_t *plaintext, const aes_expanded_key_t *exp_key);
 void
 aes_decrypt(v128_t *plaintext, const aes_expanded_key_t *exp_key);
 diff -rup a/crypto/rng/prng.c b/crypto/rng/prng.c
 --- a/crypto/rng/prng.c	2014-10-13 10:35:33.000000000 -0400
 +++ b/crypto/rng/prng.c	2014-10-31 09:25:20.605597833 -0400
@@ -112,7 +112,7 @@ x917_prng_get_octet_string(uint8_t *dest
     v128_copy(&buffer, &x917_prng.state);
     /* apply aes to buffer */
 -    aes_encrypt(&buffer, &x917_prng.key);
 +    srtp_aes_encrypt(&buffer, &x917_prng.key);
     /* write data to output */
     *dest++ = buffer.v8[0];
@@ -136,7 +136,7 @@ x917_prng_get_octet_string(uint8_t *dest
     buffer.v32[0] ^= t;
     /* encrypt buffer */
 -    aes_encrypt(&buffer, &x917_prng.key);
 +    srtp_aes_encrypt(&buffer, &x917_prng.key);
     /* copy buffer into state */
     v128_copy(&x917_prng.state, &buffer);
@@ -154,7 +154,7 @@ x917_prng_get_octet_string(uint8_t *dest
     v128_copy(&buffer, &x917_prng.state);
     /* apply aes to buffer */
 -    aes_encrypt(&buffer, &x917_prng.key);
 +    srtp_aes_encrypt(&buffer, &x917_prng.key);
     /* write data to output */
     for (i=0; i < tail_len; i++) {
@@ -167,7 +167,7 @@ x917_prng_get_octet_string(uint8_t *dest
     buffer.v32[0] ^= t;
     /* encrypt buffer */
 -    aes_encrypt(&buffer, &x917_prng.key);
 +    srtp_aes_encrypt(&buffer, &x917_prng.key);
     /* copy buffer into state */
     v128_copy(&x917_prng.state, &buffer);
 diff -rup a/crypto/test/aes_calc.c b/crypto/test/aes_calc.c
 --- a/crypto/test/aes_calc.c	2014-10-13 10:35:33.000000000 -0400
 +++ b/crypto/test/aes_calc.c	2014-10-31 09:25:20.605597833 -0400
@@ -109,7 +109,7 @@ main (int argc, char *argv[]) {
     exit(1);
   }
 -  aes_encrypt(&data, &exp_key);
 +  srtp_aes_encrypt(&data, &exp_key);
   /* write ciphertext to output */
   if (verbose) {
 diff -rup a/tables/aes_tables.c b/tables/aes_tables.c
 --- a/tables/aes_tables.c	2014-10-13 10:35:33.000000000 -0400
 +++ b/tables/aes_tables.c	2014-10-31 09:25:20.605597833 -0400
@@ -298,7 +298,7 @@ main(void) {
 #if AES_INVERSE_TEST
   /* 
 -   * test that aes_encrypt and aes_decrypt are actually
 +   * test that srtp_aes_encrypt and aes_decrypt are actually
    * inverses of each other 
    */
@@ -335,7 +335,7 @@ aes_test_inverse(void) {
   v128_copy_octet_string(&x, plaintext);
   aes_expand_encryption_key(k, expanded_key);
   aes_expand_decryption_key(k, decrypt_key);
 -  aes_encrypt(&x, expanded_key);
 +  srtp_aes_encrypt(&x, expanded_key);
   aes_decrypt(&x, decrypt_key);
   /* compare to expected value then report */
--- a/SPECS/libsrtp.spec
+++ b/SPECS/libsrtp.spec
@ -1,23 +1,23 @@
 %global shortname srtp
 Name:		libsrtp
-Version:	2.3.0
+Version:	1.5.4
 Release:	8%{?dist}
 Summary:	An implementation of the Secure Real-time Transport Protocol (SRTP)
 Group:		System Environment/Libraries
 License:	BSD
 URL:		https://github.com/cisco/libsrtp
 Source0:	https://github.com/cisco/libsrtp/archive/v%{version}.tar.gz
-BuildRequires:	gcc, nss-devel, libpcap-devel
+# Universal config.h
-BuildRequires: make
+Source2:	config.h
 # Fix shared lib so ldconfig doesn't complain
-Patch0:		libsrtp-2.3.0-shared-fix.patch
+Patch0:		libsrtp-1.5.4-shared-fix.patch
-# Fix namespace issue in test/util.c
+Patch1:		libsrtp-srtp_aes_encrypt.patch
-Patch1:		libsrtp-2.3.0-test-util.patch
+Patch2:		libsrtp-sha1-name-fix.patch
-# Link test binaries against shared lib
+Patch3:		libsrtp-fix-name-collision-on-MIPS.patch
-Patch2:		libsrtp-2.3.0-shared-test-fix.patch
+Patch4:		0001-Changes-for-OpenSSL-1.1.0-compatibility.patch
-# Fix issue with NSS 3.63 incompatibility
+
-# credit to George Joseph
+BuildRequires:  openssl-devel >= 1.1.0
 Patch3:         libsrtp-2.3.0-nss-3.63-fix.patch
 %description
 This package provides an implementation of the Secure Real-time
@ -26,6 +26,7 @@ a supporting cryptographic kernel.
 %package devel
 Summary:	Development files for %{name}
 Group:		Development/Libraries
 Requires:	%{name}%{?_isa} = %{version}-%{release}
 Requires:	pkgconfig
@ -33,19 +34,13 @@ Requires:	pkgconfig
 The %{name}-devel package contains libraries and header files for
 developing applications that use %{name}.
 %package tools
 Summary:	Tools for testing and decoding SRTP
 Requires:	%{name}%{?_isa} = %{version}-%{release}
 %description tools
 Tools for testing and decoding SRTP
 %prep
 %setup -q -n %{name}-%{version}
 %patch0 -p1 -b .sharedfix
-%patch1 -p1 -b .utilfix
+%patch1 -p1 -b .srtp_aes_encrypt
-%patch2 -p1 -b .test-shared-fix
+%patch2 -p1 -b .sha1-name-fix
-%patch3 -p1 -b .nssfix
+%patch3 -p1 -b .mips-name-fix
 %patch4 -p1 -b .4
 %if 0%{?rhel} > 0
 %ifarch ppc64
@ -55,76 +50,38 @@ sed -i 's/-z noexecstack//' Makefile.in
 %build
 export CFLAGS="%{optflags} -fPIC"
-%configure --enable-nss
+%configure --enable-openssl
-make %{?_smp_mflags} shared_library test
+make %{?_smp_mflags} shared_library
 %install
 make install DESTDIR=%{buildroot}
 find %{buildroot} -name '*.la' -exec rm -f {} ';'
 find %{buildroot} -name '*.a' -exec rm -f {} ';'
-install -D -p -m 0755 test/dtls_srtp_driver %{buildroot}%{_bindir}/dtls_srtp_driver
+# Handle multilib issues with config.h
-install -D -p -m 0755 test/rdbx_driver %{buildroot}%{_bindir}/rdbx_driver
+mv %{buildroot}%{_includedir}/%{shortname}/config.h %{buildroot}%{_includedir}/%{shortname}/config-%{__isa_bits}.h
-install -D -p -m 0755 test/replay_driver %{buildroot}%{_bindir}/replay_driver
+cp -a %{SOURCE2} %{buildroot}%{_includedir}/%{shortname}/config.h
 install -D -p -m 0755 test/roc_driver %{buildroot}%{_bindir}/roc_driver
 install -D -p -m 0755 test/rtp_decoder %{buildroot}%{_bindir}/rtp_decoder
 install -D -p -m 0755 test/rtpw %{buildroot}%{_bindir}/rtpw
 install -D -p -m 0755 test/srtp_driver %{buildroot}%{_bindir}/srtp_driver
 install -D -p -m 0755 test/test_srtp %{buildroot}%{_bindir}/test_srtp
-%ldconfig_scriptlets
+%post -p /sbin/ldconfig
 %postun -p /sbin/ldconfig
 %files
 %license LICENSE
-%doc CHANGES README.md
+%doc CHANGES README TODO VERSION doc/*.txt doc/*.pdf
 %{_libdir}/*.so.*
 %files devel
-%{_includedir}/%{shortname}2/
+%{_includedir}/%{shortname}/
-%{_libdir}/pkgconfig/libsrtp2.pc
+%{_libdir}/pkgconfig/libsrtp.pc
 %{_libdir}/*.so
 %files tools
 %{_bindir}/*
 %changelog
-* Thu Jul 06 2023 Wim Taymans <wtaymans@redhat.com> - 2.3.0-8
+* Wed Jul 26 2023 MSVSphere Packaging Team <packager@msvsphere.ru> - 1.5.4-8
- fix NSS incompatibility, thanks to George Joseph
+- Rebuilt for MSVSphere 8.8
  Resolves: rhbz#2211526
 * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 2.3.0-7
 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
  Related: rhbz#1991688
 * Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 2.3.0-6
 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
 * Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.0-5
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
 * Mon Oct 12 2020 Tom Callaway <spot@fedoraproject.org> - 2.3.0-4
 - add -tools subpackage (thanks to Gerd v. Egidy)
 * Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.0-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
 * Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.0-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
 * Tue Jan  7 2020 Tom Callaway <spot@fedoraproject.org> - 2.3.0-1
 - update to 2.3.0
 * Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.5.4-11
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
 * Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.5.4-10
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
 * Mon Jul 23 2018 Tom Callaway <spot@fedoraproject.org> - 1.5.4-9
 - add BuildRequires: gcc
-* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.5.4-8
+* Mon Sep 03 2018 Wim Taymans <wtaymans@redhat.com> - 1.5.4-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
+- Port to openssl 1.1.0
 - Build against openssl
 - Resolves: rhbz#1618747
 * Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.5.4-7
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
`@ -1 +1 @@`
	`263a45a82cb1acb1a6c7beef64def31949496a02 SOURCES/v2.3.0.tar.gz`	`568030da728a03b1d39d3dc1a5c31c3228fa73d5 SOURCES/v1.5.4.tar.gz`