cisco
diff --git a/‎Makefile.in
+1-1 b/‎Makefile.in
+1-1
diff --git a/‎config_in.h
+18-6 b/‎config_in.h
+18-6
diff --git a/‎configure
+84-9 b/‎configure
+84-9
diff --git a/‎configure.ac
+6-2 b/‎configure.ac
+6-2
@@ -45,7 +45,7 @@ all: test
 runtest: test
 	@echo "running libsrtp2 test applications..."
 	$(FIND_LIBRARIES) crypto/test/cipher_driver$(EXE) -v >/dev/null
-	$(FIND_LIBRARIES) crypto/test/kernel_driver$(EXE) -v >/dev/null
+	$(FIND_LIBRARIES) crypto/test/kernel_driver$(EXE) -v
 	$(FIND_LIBRARIES) test/test_srtp$(EXE) >/dev/null
 	$(FIND_LIBRARIES) test/rdbx_driver$(EXE) -v >/dev/null
 	$(FIND_LIBRARIES) test/srtp_driver$(EXE) -v >/dev/null
 
@@ -3,6 +3,9 @@
 /* Define if building universal (internal helper macro) */
 #undef AC_APPLE_UNIVERSAL_BUILD
 
+/* Define this to use CHACHA20-POLY1305. */
+#undef CHAPOLY
+
 /* Define if building for a CISC machine (e.g. Intel). */
 #undef CPU_CISC
 
@@ -18,6 +21,9 @@
 /* Define to redirect logging to stdout. */
 #undef ERR_REPORTING_STDOUT
 
+/* Define this to use AES-GCM. */
+#undef GCM
+
 /* Define to 1 if you have the <arpa/inet.h> header file. */
 #undef HAVE_ARPA_INET_H
 
@@ -42,6 +48,12 @@
 /* Define to 1 if you have the `dl' library (-ldl). */
 #undef HAVE_LIBDL
 
+/* Define to 1 if you have the `nspr4' library (-lnspr4). */
+#undef HAVE_LIBNSPR4
+
+/* Define to 1 if you have the `nss3' library (-lnss3). */
+#undef HAVE_LIBNSS3
+
 /* Define to 1 if you have the `socket' library (-lsocket). */
 #undef HAVE_LIBSOCKET
 
@@ -57,6 +69,9 @@
 /* Define to 1 if you have the <netinet/in.h> header file. */
 #undef HAVE_NETINET_IN_H
 
+/* Define to 1 if you have the <nss.h> header file. */
+#undef HAVE_NSS_H
+
 /* Define to 1 if you have the `winpcap' library (-lwpcap) */
 #undef HAVE_PCAP
 
@@ -120,6 +135,9 @@
 /* Define to use X86 inlined assembly code */
 #undef HAVE_X86
 
+/* Define this to use NSS crypto. */
+#undef NSS
+
 /* Define this to use OpenSSL crypto. */
 #undef OPENSSL
 
@@ -129,12 +147,6 @@
 /* Define this to use OpenSSL KDF for SRTP. */
 #undef OPENSSL_KDF
 
-/* Define this to use NSS crypto. */
-#undef NSS
-
-/* Define this to use AES-GCM.  Requires OPENSSL or NSS */
-#undef GCM
-
 /* Define to the address where bug reports for this package should be sent. */
 #undef PACKAGE_BUGREPORT
 
 
@@ -682,6 +682,7 @@ infodir
 docdir
 oldincludedir
 includedir
+runstatedir
 localstatedir
 sharedstatedir
 sysconfdir
@@ -768,6 +769,7 @@ datadir='${datarootdir}'
 sysconfdir='${prefix}/etc'
 sharedstatedir='${prefix}/com'
 localstatedir='${prefix}/var'
+runstatedir='${localstatedir}/run'
 includedir='${prefix}/include'
 oldincludedir='/usr/include'
 docdir='${datarootdir}/doc/${PACKAGE_TARNAME}'
@@ -1020,6 +1022,15 @@ do
   | -silent | --silent | --silen | --sile | --sil)
     silent=yes ;;
 
+  -runstatedir | --runstatedir | --runstatedi | --runstated \
+  | --runstate | --runstat | --runsta | --runst | --runs \
+  | --run | --ru | --r)
+    ac_prev=runstatedir ;;
+  -runstatedir=* | --runstatedir=* | --runstatedi=* | --runstated=* \
+  | --runstate=* | --runstat=* | --runsta=* | --runst=* | --runs=* \
+  | --run=* | --ru=* | --r=*)
+    runstatedir=$ac_optarg ;;
+
   -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb)
     ac_prev=sbindir ;;
   -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \
@@ -1157,7 +1168,7 @@ fi
 for ac_var in	exec_prefix prefix bindir sbindir libexecdir datarootdir \
 		datadir sysconfdir sharedstatedir localstatedir includedir \
 		oldincludedir docdir infodir htmldir dvidir pdfdir psdir \
-		libdir localedir mandir
+		libdir localedir mandir runstatedir
 do
   eval ac_val=\$$ac_var
   # Remove trailing slashes.
@@ -1310,6 +1321,7 @@ Fine tuning of the installation directories:
   --sysconfdir=DIR        read-only single-machine data [PREFIX/etc]
   --sharedstatedir=DIR    modifiable architecture-independent data [PREFIX/com]
   --localstatedir=DIR     modifiable single-machine data [PREFIX/var]
+  --runstatedir=DIR       modifiable per-process data [LOCALSTATEDIR/run]
   --libdir=DIR            object code libraries [EPREFIX/lib]
   --includedir=DIR        C header files [PREFIX/include]
   --oldincludedir=DIR     C header files for non-gcc [/usr/include]
@@ -5196,8 +5208,8 @@ fi
    if test "x$PKG_CONFIG" != "x"; then
 
 pkg_failed=no
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for libcrypto >= 1.0.1" >&5
-$as_echo_n "checking for libcrypto >= 1.0.1... " >&6; }
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for crypto" >&5
+$as_echo_n "checking for crypto... " >&6; }
 
 if test -n "$crypto_CFLAGS"; then
     pkg_cv_crypto_CFLAGS="$crypto_CFLAGS"
@@ -5237,7 +5249,7 @@ fi
 
 
 if test $pkg_failed = yes; then
-        { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+   	{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
 $as_echo "no" >&6; }
 
 if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then
@@ -5264,7 +5276,7 @@ Alternatively, you may set the environment variables crypto_CFLAGS
 and crypto_LIBS to avoid the need to call pkg-config.
 See the pkg-config man page for more details." "$LINENO" 5
 elif test $pkg_failed = untried; then
-        { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+     	{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
 $as_echo "no" >&6; }
 	{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
@@ -5568,14 +5580,74 @@ as_fn_error $? "can't find openssl >= 1.0.1 crypto lib
 See \`config.log' for more details" "$LINENO" 5; }
 fi
 
+   { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing EVP_chacha20_poly1305" >&5
+$as_echo_n "checking for library containing EVP_chacha20_poly1305... " >&6; }
+if ${ac_cv_search_EVP_chacha20_poly1305+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_func_search_save_LIBS=$LIBS
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char EVP_chacha20_poly1305 ();
+int
+main ()
+{
+return EVP_chacha20_poly1305 ();
+  ;
+  return 0;
+}
+_ACEOF
+for ac_lib in '' crypto; do
+  if test -z "$ac_lib"; then
+    ac_res="none required"
+  else
+    ac_res=-l$ac_lib
+    LIBS="-l$ac_lib  $ac_func_search_save_LIBS"
+  fi
+  if ac_fn_c_try_link "$LINENO"; then :
+  ac_cv_search_EVP_chacha20_poly1305=$ac_res
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext
+  if ${ac_cv_search_EVP_chacha20_poly1305+:} false; then :
+  break
+fi
+done
+if ${ac_cv_search_EVP_chacha20_poly1305+:} false; then :
+
+else
+  ac_cv_search_EVP_chacha20_poly1305=no
+fi
+rm conftest.$ac_ext
+LIBS=$ac_func_search_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_EVP_chacha20_poly1305" >&5
+$as_echo "$ac_cv_search_EVP_chacha20_poly1305" >&6; }
+ac_res=$ac_cv_search_EVP_chacha20_poly1305
+if test "$ac_res" != no; then :
+  test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
+
+
+$as_echo "#define CHAPOLY 1" >>confdefs.h
+
+	CHAPOLY_OBJ="crypto/cipher/chacha20_poly1305_ossl.o"
+fi
+
 
 
 $as_echo "#define GCM 1" >>confdefs.h
 
 
 $as_echo "#define OPENSSL 1" >>confdefs.h
 
-   AES_ICM_OBJS="crypto/cipher/aes_icm_ossl.o crypto/cipher/aes_gcm_ossl.o"
+   AES_ICM_OBJS="crypto/cipher/aes_icm_ossl.o crypto/cipher/aes_gcm_ossl.o $CHAPOLY_OBJ"
    HMAC_OBJS=crypto/hash/hmac_ossl.o
    USE_EXTERNAL_CRYPTO=1
 
@@ -5796,7 +5868,7 @@ fi
 
 
 if test $pkg_failed = yes; then
-        { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+   	{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
 $as_echo "no" >&6; }
 
 if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then
@@ -5823,7 +5895,7 @@ Alternatively, you may set the environment variables nss_CFLAGS
 and nss_LIBS to avoid the need to call pkg-config.
 See the pkg-config man page for more details." "$LINENO" 5
 elif test $pkg_failed = untried; then
-        { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+     	{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
 $as_echo "no" >&6; }
 	{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
@@ -5968,9 +6040,12 @@ fi
 $as_echo "#define GCM 1" >>confdefs.h
 
 
+$as_echo "#define CHAPOLY 1" >>confdefs.h
+
+
 $as_echo "#define NSS 1" >>confdefs.h
 
-   AES_ICM_OBJS="crypto/cipher/aes_icm_nss.o crypto/cipher/aes_gcm_nss.o"
+   AES_ICM_OBJS="crypto/cipher/aes_icm_nss.o crypto/cipher/aes_gcm_nss.o crypto/cipher/chacha20_poly1305_nss.o"
 
    # TODO(RLB): Use NSS for HMAC
    HMAC_OBJS="crypto/hash/hmac.o crypto/hash/sha1.o"
 
@@ -255,10 +255,13 @@ if test "$enable_openssl" = "yes"; then
      [], [AC_MSG_FAILURE([can't find openssl >= 1.0.1 crypto lib])])
    AC_SEARCH_LIBS([EVP_aes_128_gcm], [crypto],
      [], [AC_MSG_FAILURE([can't find openssl >= 1.0.1 crypto lib])])
+   AC_SEARCH_LIBS([EVP_chacha20_poly1305], [crypto], [
+	AC_DEFINE([CHAPOLY], [1], [Define this to use CHACHA20-POLY1305.])
+	CHAPOLY_OBJ="crypto/cipher/chacha20_poly1305_ossl.o"])
 
    AC_DEFINE([GCM], [1], [Define this to use AES-GCM.])
    AC_DEFINE([OPENSSL], [1], [Define this to use OpenSSL crypto.])
-   AES_ICM_OBJS="crypto/cipher/aes_icm_ossl.o crypto/cipher/aes_gcm_ossl.o"
+   AES_ICM_OBJS="crypto/cipher/aes_icm_ossl.o crypto/cipher/aes_gcm_ossl.o $CHAPOLY_OBJ"
    HMAC_OBJS=crypto/hash/hmac_ossl.o
    AC_SUBST([USE_EXTERNAL_CRYPTO], [1])
 
@@ -343,8 +346,9 @@ elif test "$enable_nss" = "yes"; then
    fi
 
    AC_DEFINE([GCM], [1], [Define this to use AES-GCM.])
+   AC_DEFINE([CHAPOLY], [1], [Define this to use CHACHA20-POLY1305.])
    AC_DEFINE([NSS], [1], [Define this to use NSS crypto.])
-   AES_ICM_OBJS="crypto/cipher/aes_icm_nss.o crypto/cipher/aes_gcm_nss.o"
+   AES_ICM_OBJS="crypto/cipher/aes_icm_nss.o crypto/cipher/aes_gcm_nss.o crypto/cipher/chacha20_poly1305_nss.o"
 
    # TODO(RLB): Use NSS for HMAC
    HMAC_OBJS="crypto/hash/hmac.o crypto/hash/sha1.o"