BN help

ecc client certs
ssh2
2012-05-02 15:11:20 -07:00 · 2012-05-02 10:30:15 -07:00 · 2012-05-01 16:12:12 -07:00 · 2012-04-27 13:49:35 -07:00 · 2012-04-26 16:27:27 -07:00 · 2012-04-26 15:01:00 -07:00
268 changed files with 20527 additions and 9547 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -0,0 +1,71 @@
+*.lo
+*.la
+*.o
+*.deps
+*.libs
+*.cache
+.dirstamp
+*.user
+config*
+*Debug/
+*Release/
+*.ncb
+*.suo
+stamp-h
+libtool.m4
+aclocal.m4
+lt*.m4
+INSTALL
+Makefile.in
+Makefile
+depcomp
+missing
+libtool
+tags
+.tags*
+cyassl.sublime*
+ctaocrypt/benchmark/benchmark
+ctaocrypt/test/testctaocrypt
+examples/client/client
+examples/echoclient/echoclient
+examples/echoserver/echoserver
+examples/server/server
+snifftest
+output
+testsuite/testsuite
+tests/unit
+testsuite/*.der
+testsuite/*.pem
+testsuite/*.raw
+cert.der
+cert.pem
+othercert.der
+othercert.pem
+key.der
+key.pem
+diff
+sslSniffer/sslSnifferTest/tracefile.txt
+*.gz
+*.zip
+*.bak
+*.dummy
+*.xcworkspace
+xcuserdata
+compile
+NTRU_algorithm/
+NTRU/
+build-test/
+build/
+cyassl.xcodeproj/
+cyassl*rc*
+autoscan.log
+TAGS
+.DS_Store
+support/libcyassl.pc
+cyassl/version.h
+cyassl/ctaocrypt/stamp-h1
+swig/_cyassl.so
+swig/cyassl.py
+swig/cyassl.pyc
+swig/cyassl_wrap.c
+stamp-h1
--- a/234
+++ b/234
@@ -1,234 +0,0 @@
-Installation Instructions
-*************************
-
-Copyright (C) 1994, 1995, 1996, 1999, 2000, 2001, 2002, 2004, 2005,
-2006 Free Software Foundation, Inc.
-
-This file is free documentation; the Free Software Foundation gives
-unlimited permission to copy, distribute and modify it.
-
-Basic Installation
-==================
-
-Briefly, the shell commands `./configure; make; make install' should
-configure, build, and install this package.  The following
-more-detailed instructions are generic; see the `README' file for
-instructions specific to this package.
-
-   The `configure' shell script attempts to guess correct values for
-various system-dependent variables used during compilation.  It uses
-those values to create a `Makefile' in each directory of the package.
-It may also create one or more `.h' files containing system-dependent
-definitions.  Finally, it creates a shell script `config.status' that
-you can run in the future to recreate the current configuration, and a
-file `config.log' containing compiler output (useful mainly for
-debugging `configure').
-
-   It can also use an optional file (typically called `config.cache'
-and enabled with `--cache-file=config.cache' or simply `-C') that saves
-the results of its tests to speed up reconfiguring.  Caching is
-disabled by default to prevent problems with accidental use of stale
-cache files.
-
-   If you need to do unusual things to compile the package, please try
-to figure out how `configure' could check whether to do them, and mail
-diffs or instructions to the address given in the `README' so they can
-be considered for the next release.  If you are using the cache, and at
-some point `config.cache' contains results you don't want to keep, you
-may remove or edit it.
-
-   The file `configure.ac' (or `configure.in') is used to create
-`configure' by a program called `autoconf'.  You need `configure.ac' if
-you want to change it or regenerate `configure' using a newer version
-of `autoconf'.
-
-The simplest way to compile this package is:
-
-  1. `cd' to the directory containing the package's source code and type
-     `./configure' to configure the package for your system.
-
-     Running `configure' might take a while.  While running, it prints
-     some messages telling which features it is checking for.
-
-  2. Type `make' to compile the package.
-
-  3. Optionally, type `make check' to run any self-tests that come with
-     the package.
-
-  4. Type `make install' to install the programs and any data files and
-     documentation.
-
-  5. You can remove the program binaries and object files from the
-     source code directory by typing `make clean'.  To also remove the
-     files that `configure' created (so you can compile the package for
-     a different kind of computer), type `make distclean'.  There is
-     also a `make maintainer-clean' target, but that is intended mainly
-     for the package's developers.  If you use it, you may have to get
-     all sorts of other programs in order to regenerate files that came
-     with the distribution.
-
-Compilers and Options
-=====================
-
-Some systems require unusual options for compilation or linking that the
-`configure' script does not know about.  Run `./configure --help' for
-details on some of the pertinent environment variables.
-
-   You can give `configure' initial values for configuration parameters
-by setting variables in the command line or in the environment.  Here
-is an example:
-
-     ./configure CC=c99 CFLAGS=-g LIBS=-lposix
-
-   *Note Defining Variables::, for more details.
-
-Compiling For Multiple Architectures
-====================================
-
-You can compile the package for more than one kind of computer at the
-same time, by placing the object files for each architecture in their
-own directory.  To do this, you can use GNU `make'.  `cd' to the
-directory where you want the object files and executables to go and run
-the `configure' script.  `configure' automatically checks for the
-source code in the directory that `configure' is in and in `..'.
-
-   With a non-GNU `make', it is safer to compile the package for one
-architecture at a time in the source code directory.  After you have
-installed the package for one architecture, use `make distclean' before
-reconfiguring for another architecture.
-
-Installation Names
-==================
-
-By default, `make install' installs the package's commands under
-`/usr/local/bin', include files under `/usr/local/include', etc.  You
-can specify an installation prefix other than `/usr/local' by giving
-`configure' the option `--prefix=PREFIX'.
-
-   You can specify separate installation prefixes for
-architecture-specific files and architecture-independent files.  If you
-pass the option `--exec-prefix=PREFIX' to `configure', the package uses
-PREFIX as the prefix for installing programs and libraries.
-Documentation and other data files still use the regular prefix.
-
-   In addition, if you use an unusual directory layout you can give
-options like `--bindir=DIR' to specify different values for particular
-kinds of files.  Run `configure --help' for a list of the directories
-you can set and what kinds of files go in them.
-
-   If the package supports it, you can cause programs to be installed
-with an extra prefix or suffix on their names by giving `configure' the
-option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'.
-
-Optional Features
-=================
-
-Some packages pay attention to `--enable-FEATURE' options to
-`configure', where FEATURE indicates an optional part of the package.
-They may also pay attention to `--with-PACKAGE' options, where PACKAGE
-is something like `gnu-as' or `x' (for the X Window System).  The
-`README' should mention any `--enable-' and `--with-' options that the
-package recognizes.
-
-   For packages that use the X Window System, `configure' can usually
-find the X include and library files automatically, but if it doesn't,
-you can use the `configure' options `--x-includes=DIR' and
-`--x-libraries=DIR' to specify their locations.
-
-Specifying the System Type
-==========================
-
-There may be some features `configure' cannot figure out automatically,
-but needs to determine by the type of machine the package will run on.
-Usually, assuming the package is built to be run on the _same_
-architectures, `configure' can figure that out, but if it prints a
-message saying it cannot guess the machine type, give it the
-`--build=TYPE' option.  TYPE can either be a short name for the system
-type, such as `sun4', or a canonical name which has the form:
-
-     CPU-COMPANY-SYSTEM
-
-where SYSTEM can have one of these forms:
-
-     OS KERNEL-OS
-
-   See the file `config.sub' for the possible values of each field.  If
-`config.sub' isn't included in this package, then this package doesn't
-need to know the machine type.
-
-   If you are _building_ compiler tools for cross-compiling, you should
-use the option `--target=TYPE' to select the type of system they will
-produce code for.
-
-   If you want to _use_ a cross compiler, that generates code for a
-platform different from the build platform, you should specify the
-"host" platform (i.e., that on which the generated programs will
-eventually be run) with `--host=TYPE'.
-
-Sharing Defaults
-================
-
-If you want to set default values for `configure' scripts to share, you
-can create a site shell script called `config.site' that gives default
-values for variables like `CC', `cache_file', and `prefix'.
-`configure' looks for `PREFIX/share/config.site' if it exists, then
-`PREFIX/etc/config.site' if it exists.  Or, you can set the
-`CONFIG_SITE' environment variable to the location of the site script.
-A warning: not all `configure' scripts look for a site script.
-
-Defining Variables
-==================
-
-Variables not defined in a site shell script can be set in the
-environment passed to `configure'.  However, some packages may run
-configure again during the build, and the customized values of these
-variables may be lost.  In order to avoid this problem, you should set
-them in the `configure' command line, using `VAR=value'.  For example:
-
-     ./configure CC=/usr/local2/bin/gcc
-
-causes the specified `gcc' to be used as the C compiler (unless it is
-overridden in the site shell script).
-
-Unfortunately, this technique does not work for `CONFIG_SHELL' due to
-an Autoconf bug.  Until the bug is fixed you can use this workaround:
-
-     CONFIG_SHELL=/bin/bash /bin/bash ./configure CONFIG_SHELL=/bin/bash
-
-`configure' Invocation
-======================
-
-`configure' recognizes the following options to control how it operates.
-
-`--help'
-`-h'
-     Print a summary of the options to `configure', and exit.
-
-`--version'
-`-V'
-     Print the version of Autoconf used to generate the `configure'
-     script, and exit.
-
-`--cache-file=FILE'
-     Enable the cache: use and save the results of the tests in FILE,
-     traditionally `config.cache'.  FILE defaults to `/dev/null' to
-     disable caching.
-
-`--config-cache'
-`-C'
-     Alias for `--cache-file=config.cache'.
-
-`--quiet'
-`--silent'
-`-q'
-     Do not print messages saying which checks are being made.  To
-     suppress all normal output, redirect it to `/dev/null' (any error
-     messages will still be shown).
-
-`--srcdir=DIR'
-     Look for the package's source code in directory DIR.  Usually
-     `configure' can determine that directory automatically.
-
-`configure' also accepts some other, not widely useful, options.  Run
-`configure --help' for more details.
-
--- a/Makefile.am
+++ b/Makefile.am
@@ -1,30 +1,81 @@
-SUBDIRS = src ctaocrypt examples testsuite sslSniffer
-EXTRA_DIST = certs/*.pem certs/*.der certs/*.txt certs/*.raw \
-    lib/dummy *.sln *.vcproj cyassl-iphone.xcodeproj/project.pbxproj \
-    doc/*.pdf swig/README swig/*.i swig/cyassl_adds.c swig/*.sh swig/runme.* \
-    swig/python_cyassl.vcproj swig/rsasign.py
+# includes append to these:
+SUFFIXES =
+TESTS =
+CLEANFILES =
+DISTCLEANFILES =
+bin_PROGRAMS =
+noinst_HEADERS =
+lib_LTLIBRARIES =
+man_MANS =
+noinst_LTLIBRARIES =
+noinst_PROGRAMS =
+include_HEADERS =
+nobase_include_HEADERS =
+check_PROGRAMS =
+EXTRA_HEADERS =
+BUILT_SOURCES=
+EXTRA_DIST=
+doc_DATA=

-ACLOCAL_AMFLAGS = -I m4
+exampledir = $(docdir)/@PACKAGE@/example
+example_DATA=
+EXTRA_DIST+= $(example_DATA)
+
+certsdir = $(sysconfdir)/ssl/certs
+certs_DATA=
+EXTRA_DIST+= $(certs_DATA)
+
+EXTRA_DIST+= $(doc_DATA)
+
+ACLOCAL_AMFLAGS= -I m4 --install
+
+EXTRA_DIST+= lib/dummy
+
+EXTRA_DIST+= cyassl-ntru.vcproj
+EXTRA_DIST+= cyassl.vcproj
+EXTRA_DIST+= cyassl-iphone.xcodeproj/project.pbxproj
+EXTRA_DIST+= cyassl-ntru.sln
+EXTRA_DIST+= cyassl.sln
+
+include cyassl/include.am
+include certs/include.am
+include doc/include.am
+include swig/include.am
+
+include src/include.am
+include ctaocrypt/benchmark/include.am
+include ctaocrypt/src/include.am
+include ctaocrypt/test/include.am
+include examples/client/include.am
+include examples/server/include.am
+include examples/echoclient/include.am
+include examples/echoserver/include.am
+include testsuite/include.am
+include tests/include.am
+include sslSniffer/sslSnifferTest/include.am
+
+TESTS += $(check_PROGRAMS)
+test: check

 # !!!! first line of rule has to start with a hard (real) tab, not spaces
-basic:
-	cd src; $(MAKE); cd ../testsuite; $(MAKE); cd ../
+egs:
+	$(MAKE) examples/client/client; \
+	$(MAKE) examples/echoclient/echoclient;\
+	$(MAKE) examples/server/server; \
+	$(MAKE) examples/echoserver/echoserver;

-openssl-links:
-	cd lib; ln -s ../src/.libs/libcyassl.a libcrypto.a; \
-    ln -s ../src/.libs/libcyassl.a libssl.a; \
-    ln -s ../src/.libs/libcyassl.a libcyassl.a; cd ../
+ctc:
+	$(MAKE) ctaocrypt/test/testctaocrypt; \
+	$(MAKE) ctaocrypt/benchmark/benchmark; 

-#  !!! test -e with a .name like .libs then a * like *dylib fails so just
-#      look for the .dylib on OS X, and .so otherwise but copy all parts
-install:
-	$(mkinstalldirs) $(DESTDIR)$(includedir) $(DESTDIR)$(libdir); \
-    cp -fpR include/* $(DESTDIR)$(includedir); \
-    cp -fpR ctaocrypt/include/* $(DESTDIR)$(includedir); \
-    cp -fpR src/libcyassl.la $(DESTDIR)$(libdir); \
-    if test -e src/.libs/libcyassl.a; then \
-    cp -fp src/.libs/libcyassl.a $(DESTDIR)$(libdir); fi; \
-    if test -e src/.libs/libcyassl.so; then \
-    cp -fpR src/.libs/libcyassl.so* $(DESTDIR)$(libdir); fi; \
-    if test -e src/.libs/libcyassl.dylib; then \
-    cp -fpR src/.libs/libcyassl.*dylib $(DESTDIR)$(libdir); fi;
+merge-clean:
+	@find ./ | $(GREP) \.gcda | xargs rm -f
+	@find ./ | $(GREP) \.gcno | xargs rm -f
+	@find ./ | $(GREP) \.gz | xargs rm -f
+	@find ./ | $(GREP) \.orig | xargs rm -f
+	@find ./ | $(GREP) \.rej | xargs rm -f
+	@find ./ | $(GREP) \.rpm | xargs rm -f
+	@find ./ | $(GREP) \.THIS | xargs rm -f
+	@find ./ | $(GREP) \.OTHER | xargs rm -f
+	@find ./ | $(GREP) \.BASE | xargs rm -f
+	@find ./ | $(GREP) \~$$ | xargs rm -f
--- a/170
+++ b/170
@@ -1,11 +1,32 @@
-*** Note, Please read ***
+*** Notes, Please read ***

+Note 1)
+CyaSSL now needs all examples and tests to be run from the CyaSSL home
+directory.  This is because it finds certs and keys from ./certs/.  Trying to
+maintain the ability to run each program from its own directory, the testsuite
+directory, the main directory (for make check/test), and for the various
+different project layouts (with or without config) was becoming harder and 
+harder.  Now to run testsuite just do:
+
+./testsuite/testsuite
+
+or 
+
+make test    (when using autoconf)
+
+On *nix or Windows the examples and testsuite will check to see if the current
+directory is the source directory and if so, attempt to change to the CyaSSL
+home directory.  This should work in most setup cases, if not, just follow the
+beginning of the note and specify the full path.
+
+
+Note 2)
 CyaSSL takes a different approach to certificate verification than OpenSSL does.
 The default policy for the client is to verify the server, this means that if
 you don't load CAs to verify the server you'll get a connect error, unable to 
-verify.  It you want to mimic OpenSSL behavior of having SSL_connect succeed
-even if verifying the server fails and reducing security you can do this by
-calling:
+verify (-155).  It you want to mimic OpenSSL behavior of having SSL_connect
+succeed even if verifying the server fails and reducing security you can do
+this by calling:

 SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);

@@ -13,7 +34,146 @@ before calling SSL_new();  Though it's not recommended.

 *** end Note ***

-CyaSSL Release 1.8.0 (12/23/2010)
+CyaSSL Release 2.0.8 (2/24/2012)
+
+Release 2.0.8 CyaSSL has bug fixes and a few new features including:
+- A fix for malicious certificates pointed out by Remi Gacogne (thanks)
+  resulting in NULL pointer use.
+- Respond to renegotiation attempt with no_renegoatation alert
+- Add basic path support for load_verify_locations()
+- Add set Temp EC-DHE key size
+- Extra checks on rsa test when porting into
+
+
+The CyaSSL manual is available at:
+http://www.yassl.com/documentation/CyaSSL-Manual.pdf.  For build instructions 
+and comments about the new features please check the manual.
+
+
+
+************* CyaSSL Release 2.0.6 (1/27/2012)
+
+Release 2.0.6 CyaSSL has bug fixes and a few new features including:
+- Fixes for CA basis constraint check
+- CTX reference counting
+- Initial unit test additions
+- Lean and Mean Windows fix
+- ECC benchmarking
+- SSMTP build support
+- Ability to group handshake messages with set_group_messages(ctx/ssl)
+- CA cache addition callback
+- Export Base64_Encode for general use
+
+The CyaSSL manual is available at:
+http://www.yassl.com/documentation/CyaSSL-Manual.pdf.  For build instructions 
+and comments about the new features please check the manual.
+
+
+
+************* CyaSSL Release 2.0.2 (12/05/2011)
+
+Release 2.0.2 CyaSSL has bug fixes and a few new features including:
+- CTaoCrypt Runtime library detection settings when directly using the crypto
+  library
+- Default certificate generation now uses SHAwRSA and adds SHA256wRSA generation
+- All test certificates now use 2048bit and SHA-1 for better modern browser
+  support
+- Direct AES block access and AES-CTR (counter) mode
+- Microchip pic32 support
+
+The CyaSSL manual is available at:
+http://www.yassl.com/documentation/CyaSSL-Manual.pdf.  For build instructions 
+and comments about the new features please check the manual.
+
+
+
+************* CyaSSL Release 2.0.0rc3 (9/28/2011)
+
+Release 2.0.0rc3 for CyaSSL has bug fixes and a few new features including:
+- updated autoconf support
+- better make install and uninstall  (uses system directories)
+- make test / make check
+- CyaSSL headers now in <cyassl/*.h>
+- CTaocrypt headers now in <cyassl/ctaocrypt/*.h>
+- OpenSSL compatibility headers now in <cyassl/openssl/*.h>
+- examples and tests all run from home diretory so can use certs in ./certs
+        (see note 1)
+
+So previous applications that used the OpenSSL compatibility header
+<openssl/ssl.h> now need to include <cyassl/openssl/ssl.h> instead, no other
+changes are required.
+
+Special Thanks to Brian Aker for his autoconf, install, and header patches.
+
+The CyaSSL manual is available at:
+http://www.yassl.com/documentation/CyaSSL-Manual.pdf.  For build instructions 
+and comments about the new features please check the manual.
+
+************CyaSSL Release 2.0.0rc2 (6/6/2011)
+
+Release 2.0.0rc2 for CyaSSL has bug fixes and a few new features including:
+- bug fixes (Alerts, DTLS with DHE)
+- FreeRTOS support
+- lwIP support
+- Wshadow warnings removed
+- asn public header
+- CTaoCrypt public headers now all have ctc_ prefix (the manual is still being
+        updated to relfect this change)
+- and more.
+
+This is the 2nd and perhaps final release candidate for version 2.
+Please send any comments or questions to support@yassl.com.
+
+The CyaSSL manual is available at:
+http://www.yassl.com/documentation/CyaSSL-Manual.pdf.  For build instructions 
+and comments about the new features please check the manual.
+
+***********CyaSSL Release 2.0.0rc1 (5/2/2011)
+
+Release 2.0.0rc1 for CyaSSL has many new features including:
+- bug fixes
+- SHA-256 cipher suites 
+- Root Certificate Verification (instead of needing all certs in the chain) 
+- PKCS #8 private key encryption (supports PKCS #5 v1-v2 and PKCS #12) 
+- Serial number retrieval for x509 
+- PBKDF2 and PKCS #12 PBKDF 
+- UID parsing for x509 
+- SHA-256 certificate signatures 
+- Client and server can send chains (SSL_CTX_use_certificate_chain_file) 
+- CA loading can now parse multiple certificates per file
+- Dynamic memory runtime hooks
+- Runtime hooks for logging
+- EDH on server side
+- More informative error codes
+- More informative logging messages
+- Version downgrade more robust (use SSL_v23*)
+- Shared build only by default through ./configure
+- Compiler visibility is now used, internal functions not polluting namespace
+- Single Makefile, no recursion, for faster and simpler building
+- Turn on all warnings possible build option, warning fixes
+- and more.
+
+Because of all the new features and the multiple OS, compiler, feature-set
+options that CyaSSL allows, there may be some configuration fixes needed.
+Please send any comments or questions to support@yassl.com.
+
+The CyaSSL manual is available at:
+http://www.yassl.com/documentation/CyaSSL-Manual.pdf.  For build instructions 
+and comments about the new features please check the manual.
+
+****************** CyaSSL Release 1.9.0 (3/2/2011)
+
+Release 1.9.0 for CyaSSL adds bug fixes, improved TLSv1.2 through testing and
+better hash/sig algo ids, --enable-webServer for the yaSSL embedded web server,
+improper AES key setup detection, user cert verify callback improvements, and
+more.
+
+The CyaSSL manual offering is included in the doc/ directory.  For build
+instructions and comments about the new features please check the manual.
+
+Please send any comments or questions to support@yassl.com.
+
+****************** CyaSSL Release 1.8.0 (12/23/2010)

 Release 1.8.0 for CyaSSL adds bug fixes, x509 v3 CA signed certificate
 generation, a C standard library abstraction layer, lower memory use, increased
--- a/autogen.sh
+++ b/autogen.sh
@@ -0,0 +1,6 @@
+#!/bin/sh
+#
+# Create configure and makefile stuff...
+#
+
+autoreconf -ivf -Wall
--- a/certs/ca-cert.pem
+++ b/certs/ca-cert.pem
@@ -2,55 +2,86 @@ Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
-            8a:37:22:65:73:f5:aa:e8
-        Signature Algorithm: md5WithRSAEncryption
-        Issuer: C=US, ST=Montana, L=Bozeman, O=sawtooth, OU=consulting, CN=www.sawtooth-consulting.com/emailAddress=info@yassl.com
+            e9:d0:a7:5f:79:25:f4:3c
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.yassl.com/emailAddress=info@yassl.com
        Validity
-            Not Before: Jun 30 18:47:10 2010 GMT
-            Not After : Mar 26 18:47:10 2013 GMT
-        Subject: C=US, ST=Montana, L=Bozeman, O=sawtooth, OU=consulting, CN=www.sawtooth-consulting.com/emailAddress=info@yassl.com
+            Not Before: Oct 24 18:18:15 2011 GMT
+            Not After : Jul 20 18:18:15 2014 GMT
+        Subject: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.yassl.com/emailAddress=info@yassl.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (512 bit)
-                Modulus (512 bit):
-                    00:97:30:b9:1a:92:ef:25:4f:ca:4c:11:31:95:1a:
-                    e1:c0:10:19:0a:20:b9:37:80:1a:57:38:02:4e:1b:
-                    c5:0f:28:4f:da:e3:c9:16:aa:50:bd:4a:fb:b7:71:
-                    c7:35:cc:63:81:c1:dd:9d:33:f9:38:16:88:32:a0:
-                    aa:56:23:03:a3
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:bf:0c:ca:2d:14:b2:1e:84:42:5b:cd:38:1f:4a:
+                    f2:4d:75:10:f1:b6:35:9f:df:ca:7d:03:98:d3:ac:
+                    de:03:66:ee:2a:f1:d8:b0:7d:6e:07:54:0b:10:98:
+                    21:4d:80:cb:12:20:e7:cc:4f:de:45:7d:c9:72:77:
+                    32:ea:ca:90:bb:69:52:10:03:2f:a8:f3:95:c5:f1:
+                    8b:62:56:1b:ef:67:6f:a4:10:41:95:ad:0a:9b:e3:
+                    a5:c0:b0:d2:70:76:50:30:5b:a8:e8:08:2c:7c:ed:
+                    a7:a2:7a:8d:38:29:1c:ac:c7:ed:f2:7c:95:b0:95:
+                    82:7d:49:5c:38:cd:77:25:ef:bd:80:75:53:94:3c:
+                    3d:ca:63:5b:9f:15:b5:d3:1d:13:2f:19:d1:3c:db:
+                    76:3a:cc:b8:7d:c9:e5:c2:d7:da:40:6f:d8:21:dc:
+                    73:1b:42:2d:53:9c:fe:1a:fc:7d:ab:7a:36:3f:98:
+                    de:84:7c:05:67:ce:6a:14:38:87:a9:f1:8c:b5:68:
+                    cb:68:7f:71:20:2b:f5:a0:63:f5:56:2f:a3:26:d2:
+                    b7:6f:b1:5a:17:d7:38:99:08:fe:93:58:6f:fe:c3:
+                    13:49:08:16:0b:a7:4d:67:00:52:31:67:23:4e:98:
+                    ed:51:45:1d:b9:04:d9:0b:ec:d8:28:b3:4b:bd:ed:
+                    36:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
-                3B:66:FD:A0:40:C6:F4:E2:70:CF:21:1A:0C:4F:67:FE:B7:4B:42:09
+                27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
            X509v3 Authority Key Identifier: 
-                keyid:3B:66:FD:A0:40:C6:F4:E2:70:CF:21:1A:0C:4F:67:FE:B7:4B:42:09
-                DirName:/C=US/ST=Montana/L=Bozeman/O=sawtooth/OU=consulting/CN=www.sawtooth-consulting.com/emailAddress=info@yassl.com
-                serial:8A:37:22:65:73:F5:AA:E8
+                keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
+                DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.yassl.com/emailAddress=info@yassl.com
+                serial:E9:D0:A7:5F:79:25:F4:3C

            X509v3 Basic Constraints: 
                CA:TRUE
-    Signature Algorithm: md5WithRSAEncryption
-        32:65:a2:b1:dc:6d:e0:8d:8b:c8:58:29:8e:b8:18:4b:62:88:
-        13:67:f8:6c:75:46:75:8f:8a:19:a6:a3:d5:3c:fc:57:4e:7a:
-        68:a9:fc:93:dc:ae:29:7d:bb:4e:ec:ea:55:fa:a4:e3:00:61:
-        f4:b0:34:6d:d1:d5:a4:64:24:f8
+    Signature Algorithm: sha1WithRSAEncryption
+        5f:86:14:f4:51:8b:bc:a5:4e:30:da:5e:ac:9a:f8:6c:d9:26:
+        4b:93:f9:e3:1c:89:6f:9e:ee:b3:9d:77:3e:89:20:76:a3:e6:
+        e8:86:15:21:db:e2:33:b2:34:d5:d0:9f:f3:c1:a4:87:92:5c:
+        f9:d1:ff:30:2f:8e:03:bc:b3:3c:0c:32:a3:90:5f:1a:90:1e:
+        af:9d:f3:9e:d7:07:02:a9:7d:27:66:63:2f:af:18:d7:ac:18:
+        98:8c:83:8f:38:f3:0b:ac:36:10:75:fb:ca:76:13:50:5b:02:
+        8f:73:bf:e3:a0:ee:83:52:25:54:ce:26:ce:9c:bd:2f:79:ab:
+        1b:60:b8:92:f1:03:c0:fc:3b:08:d9:c0:ad:d5:72:08:25:80:
+        61:2d:dc:9f:a7:83:62:07:47:e0:07:4c:4b:07:30:04:a9:87:
+        1c:55:7f:07:12:d0:cb:42:5d:cb:cf:66:01:1a:17:ee:f9:0f:
+        60:b7:db:6f:68:e5:4e:41:62:6e:d3:6f:60:4f:4b:27:de:cf:
+        18:07:f1:13:5d:cb:3f:a9:25:44:da:52:5c:c8:04:e1:56:12:
+        f5:2a:90:4e:d1:e2:af:01:b5:23:a1:ec:31:da:7b:63:69:c4:
+        b8:f3:e7:ce:a1:3d:c0:db:6d:f3:b2:d9:46:c8:9f:c3:b8:70:
+        5a:1f:7f:ca
 -----BEGIN CERTIFICATE-----
-MIIDQDCCAuqgAwIBAgIJAIo3ImVz9aroMA0GCSqGSIb3DQEBBAUAMIGeMQswCQYD
+MIIEnjCCA4agAwIBAgIJAOnQp195JfQ8MA0GCSqGSIb3DQEBBQUAMIGQMQswCQYD
 VQQGEwJVUzEQMA4GA1UECBMHTW9udGFuYTEQMA4GA1UEBxMHQm96ZW1hbjERMA8G
-A1UEChMIc2F3dG9vdGgxEzARBgNVBAsTCmNvbnN1bHRpbmcxJDAiBgNVBAMTG3d3
-dy5zYXd0b290aC1jb25zdWx0aW5nLmNvbTEdMBsGCSqGSIb3DQEJARYOaW5mb0B5
-YXNzbC5jb20wHhcNMTAwNjMwMTg0NzEwWhcNMTMwMzI2MTg0NzEwWjCBnjELMAkG
-A1UEBhMCVVMxEDAOBgNVBAgTB01vbnRhbmExEDAOBgNVBAcTB0JvemVtYW4xETAP
-BgNVBAoTCHNhd3Rvb3RoMRMwEQYDVQQLEwpjb25zdWx0aW5nMSQwIgYDVQQDExt3
-d3cuc2F3dG9vdGgtY29uc3VsdGluZy5jb20xHTAbBgkqhkiG9w0BCQEWDmluZm9A
-eWFzc2wuY29tMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJcwuRqS7yVPykwRMZUa
-4cAQGQoguTeAGlc4Ak4bxQ8oT9rjyRaqUL1K+7dxxzXMY4HB3Z0z+TgWiDKgqlYj
-A6MCAwEAAaOCAQcwggEDMB0GA1UdDgQWBBQ7Zv2gQMb04nDPIRoMT2f+t0tCCTCB
-0wYDVR0jBIHLMIHIgBQ7Zv2gQMb04nDPIRoMT2f+t0tCCaGBpKSBoTCBnjELMAkG
-A1UEBhMCVVMxEDAOBgNVBAgTB01vbnRhbmExEDAOBgNVBAcTB0JvemVtYW4xETAP
-BgNVBAoTCHNhd3Rvb3RoMRMwEQYDVQQLEwpjb25zdWx0aW5nMSQwIgYDVQQDExt3
-d3cuc2F3dG9vdGgtY29uc3VsdGluZy5jb20xHTAbBgkqhkiG9w0BCQEWDmluZm9A
-eWFzc2wuY29tggkAijciZXP1qugwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQF
-AANBADJlorHcbeCNi8hYKY64GEtiiBNn+Gx1RnWPihmmo9U8/FdOemip/JPcril9
-u07s6lX6pOMAYfSwNG3R1aRkJPg=
+A1UEChMIU2F3dG9vdGgxEzARBgNVBAsTCkNvbnN1bHRpbmcxFjAUBgNVBAMTDXd3
+dy55YXNzbC5jb20xHTAbBgkqhkiG9w0BCQEWDmluZm9AeWFzc2wuY29tMB4XDTEx
+MTAyNDE4MTgxNVoXDTE0MDcyMDE4MTgxNVowgZAxCzAJBgNVBAYTAlVTMRAwDgYD
+VQQIEwdNb250YW5hMRAwDgYDVQQHEwdCb3plbWFuMREwDwYDVQQKEwhTYXd0b290
+aDETMBEGA1UECxMKQ29uc3VsdGluZzEWMBQGA1UEAxMNd3d3Lnlhc3NsLmNvbTEd
+MBsGCSqGSIb3DQEJARYOaW5mb0B5YXNzbC5jb20wggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQC/DMotFLIehEJbzTgfSvJNdRDxtjWf38p9A5jTrN4DZu4q
+8diwfW4HVAsQmCFNgMsSIOfMT95FfclydzLqypC7aVIQAy+o85XF8YtiVhvvZ2+k
+EEGVrQqb46XAsNJwdlAwW6joCCx87aeieo04KRysx+3yfJWwlYJ9SVw4zXcl772A
+dVOUPD3KY1ufFbXTHRMvGdE823Y6zLh9yeXC19pAb9gh3HMbQi1TnP4a/H2rejY/
+mN6EfAVnzmoUOIep8Yy1aMtof3EgK/WgY/VWL6Mm0rdvsVoX1ziZCP6TWG/+wxNJ
+CBYLp01nAFIxZyNOmO1RRR25BNkL7Ngos0u97TZ5AgMBAAGjgfgwgfUwHQYDVR0O
+BBYEFCeOZxF0wyYdP+0zY7Ok2B0w5ejVMIHFBgNVHSMEgb0wgbqAFCeOZxF0wyYd
+P+0zY7Ok2B0w5ejVoYGWpIGTMIGQMQswCQYDVQQGEwJVUzEQMA4GA1UECBMHTW9u
+dGFuYTEQMA4GA1UEBxMHQm96ZW1hbjERMA8GA1UEChMIU2F3dG9vdGgxEzARBgNV
+BAsTCkNvbnN1bHRpbmcxFjAUBgNVBAMTDXd3dy55YXNzbC5jb20xHTAbBgkqhkiG
+9w0BCQEWDmluZm9AeWFzc2wuY29tggkA6dCnX3kl9DwwDAYDVR0TBAUwAwEB/zAN
+BgkqhkiG9w0BAQUFAAOCAQEAX4YU9FGLvKVOMNperJr4bNkmS5P54xyJb57us513
+PokgdqPm6IYVIdviM7I01dCf88Gkh5Jc+dH/MC+OA7yzPAwyo5BfGpAer53zntcH
+Aql9J2ZjL68Y16wYmIyDjzjzC6w2EHX7ynYTUFsCj3O/46Dug1IlVM4mzpy9L3mr
+G2C4kvEDwPw7CNnArdVyCCWAYS3cn6eDYgdH4AdMSwcwBKmHHFV/BxLQy0Jdy89m
+ARoX7vkPYLfbb2jlTkFibtNvYE9LJ97PGAfxE13LP6klRNpSXMgE4VYS9SqQTtHi
+rwG1I6HsMdp7Y2nEuPPnzqE9wNtt87LZRsifw7hwWh9/yg==
 -----END CERTIFICATE-----
--- a/certs/ca-key.der
+++ b/certs/ca-key.der
--- a/certs/ca-key.pem
+++ b/certs/ca-key.pem
@@ -1,9 +1,27 @@
 -----BEGIN RSA PRIVATE KEY-----
-MIIBOQIBAAJBAJcwuRqS7yVPykwRMZUa4cAQGQoguTeAGlc4Ak4bxQ8oT9rjyRaq
-UL1K+7dxxzXMY4HB3Z0z+TgWiDKgqlYjA6MCAwEAAQJAEQ9TY7c+uuQU/J5YDO4a
-mRR37tegbq3Kyxqrz+p8QuhqLDtVh13GaF7rVU70vyNHm+cgihUyzho/PViAkPBo
-qQIhAMU8/RDhDLgL5BxID4sxKIVBtg+imFSbyKVyg7oQLUcXAiEAxDu94O45Cf4a
-np9R0thumY/QqWpCkycWAB7fFEuaf1UCIEH+bg4/vqm2ENUFp23DPPOZUPlaRe3J
-UhFJh5mx3/RxAiBq++8vfHFYg1Lb/BxOCXVy/zdRxf753ytdcXdJx1Y56QIgVgpN
-FNfYJofQfWaP96sjlc0usrT28uceHx0QmHqolVc=
+MIIEpAIBAAKCAQEAvwzKLRSyHoRCW804H0ryTXUQ8bY1n9/KfQOY06zeA2buKvHY
+sH1uB1QLEJghTYDLEiDnzE/eRX3Jcncy6sqQu2lSEAMvqPOVxfGLYlYb72dvpBBB
+la0Km+OlwLDScHZQMFuo6AgsfO2nonqNOCkcrMft8nyVsJWCfUlcOM13Je+9gHVT
+lDw9ymNbnxW10x0TLxnRPNt2Osy4fcnlwtfaQG/YIdxzG0ItU5z+Gvx9q3o2P5je
+hHwFZ85qFDiHqfGMtWjLaH9xICv1oGP1Vi+jJtK3b7FaF9c4mQj+k1hv/sMTSQgW
+C6dNZwBSMWcjTpjtUUUduQTZC+zYKLNLve02eQIDAQABAoIBAD1uTmAahH+dhXzh
+Swd84NaZKt6d+TY0DncOPgjqT+UGJtT2OPffDQ8cLgai9CponGNy4zXmBJGRtcGx
+pFSs18b7QaDWdW+9C06/sVLoX0kmmFZHx97p6jxgAb8o3DG/SV+TSYd6gVuWS03K
+XDhPt+Gy08ch2jwShwfkG9xD7OjsVGHn9u2mCy7134J/xh9hGZykgznfIYWJb3ev
+hhUyCKJaCyZh+3AMypw4fbwi7uujqBYA+YqAHgCEqEpB+IQDZy8jWy+baybDBzSU
+owM7ctWfcuCtzDSrvcfV9SYwhQ8wIzlS/zzLmSFNiKWr7mK5x+C7R4fBac9z8zC+
+zjkEnOUCgYEA4XZFgFm200nfCu8S1g/wt8sqN7+n+LVN9TE1reSjlKHb8ZattQVk
+hYP8G1spqr74Jj92fq0c8MvXJrQbBY5Whn4IYiHBhtZHeT63XaTGOtexdCD2UJdB
+BFPtPybWb5H6aCbsKtya8efc+3PweUMbIaNZBGNSB8nX5tEbXV6W+lMCgYEA2O1O
+ZGFrkQxhAbUPu0RnUx7cB8Qkfp5shCORDOQSBBZNeJjMlj0gTg9Fmrb4s5MNsqIb
+KfImecjF0nh+XnPy13Bhu0DOYQX+aR6CKeYUuKHnltAjPwWTAPLhTX7tt5Zs9/Dk
+0c8BmE/cdFSqbV5aQTH+/5q2oAXdqRBU+GvQqoMCgYAh0wSKROtQt3xmv4cr5ihO
+6oPi6TXh8hFH/6H1/J8t5TqB/AEDb1OtVCe2Uu7lVtETq+GzD3WQCoS0ocCMDNae
+RrorPrUx7WO7pNUNj3LN0R4mNeu+G3L9mzm0h7cT9eqDRZOYuo/kSsy0TKh/CLpB
+SahJKD1ePcHONwDL+SzdUQKBgQChV58+udavg22DP4/70NyozgMJI7GhG2PKxElW
+NSvRLmVglQVVmRE1/dXfRMeliHJfsoJRqHFFkzbPXB9hUQwFgOivxXu6XiLjPHXD
+hAVVbdY6LYSJkzPLONqqMQXNzmwt3VXTVwvwpTVqsK4xukOWygDHS+MZEkPTQvpv
+6oDA0QKBgQC524kgNCdwYjTqXyViEvOdgb9I7poOwY0Q/2WanS0aipRayMClpYRh
+ntQkue+pncl3C8dwZj26yFTf0jPh9X/5J2G+V0Xdt0UXJPUj5DgOkSfu4yDYFMiU
+R3dAd0UYng3OeT9XMVYJSWe+lFhP9sSr4onj44rABVUsJMBKlwQnmg==
 -----END RSA PRIVATE KEY-----
--- a/certs/client-cert.der
+++ b/certs/client-cert.der
--- a/certs/client-cert.pem
+++ b/certs/client-cert.pem
@@ -2,54 +2,86 @@ Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
-            c5:d7:6c:11:36:f0:35:e1
-        Signature Algorithm: md5WithRSAEncryption
-        Issuer: C=US, ST=Oregon, L=Portland, O=yaSSL, OU=programming, CN=www.yassl.com/emailAddress=info@yassl.com
+            87:4a:75:be:91:66:d8:3d
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, ST=Oregon, L=Portland, O=yaSSL, OU=Programming, CN=www.yassl.com/emailAddress=info@yassl.com
        Validity
-            Not Before: Jun 30 18:39:39 2010 GMT
-            Not After : Mar 26 18:39:40 2013 GMT
-        Subject: C=US, ST=Oregon, L=Portland, O=yaSSL, OU=programming, CN=www.yassl.com/emailAddress=info@yassl.com
+            Not Before: Oct 24 18:21:55 2011 GMT
+            Not After : Jul 20 18:21:55 2014 GMT
+        Subject: C=US, ST=Oregon, L=Portland, O=yaSSL, OU=Programming, CN=www.yassl.com/emailAddress=info@yassl.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (512 bit)
-                Modulus (512 bit):
-                    00:bd:51:4a:14:fd:6a:19:84:0c:33:38:fc:27:32:
-                    9c:97:0b:fc:a4:18:60:69:4e:d9:d8:78:50:0b:e9:
-                    20:5d:d6:1d:70:1c:0c:24:9f:23:82:cc:3a:01:d5:
-                    97:17:b2:73:6c:86:cf:b5:f1:e5:ce:68:0c:d9:a2:
-                    12:39:7c:f2:53
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:c3:03:d1:2b:fe:39:a4:32:45:3b:53:c8:84:2b:
+                    2a:7c:74:9a:bd:aa:2a:52:07:47:d6:a6:36:b2:07:
+                    32:8e:d0:ba:69:7b:c6:c3:44:9e:d4:81:48:fd:2d:
+                    68:a2:8b:67:bb:a1:75:c8:36:2c:4a:d2:1b:f7:8b:
+                    ba:cf:0d:f9:ef:ec:f1:81:1e:7b:9b:03:47:9a:bf:
+                    65:cc:7f:65:24:69:a6:e8:14:89:5b:e4:34:f7:c5:
+                    b0:14:93:f5:67:7b:3a:7a:78:e1:01:56:56:91:a6:
+                    13:42:8d:d2:3c:40:9c:4c:ef:d1:86:df:37:51:1b:
+                    0c:a1:3b:f5:f1:a3:4a:35:e4:e1:ce:96:df:1b:7e:
+                    bf:4e:97:d0:10:e8:a8:08:30:81:af:20:0b:43:14:
+                    c5:74:67:b4:32:82:6f:8d:86:c2:88:40:99:36:83:
+                    ba:1e:40:72:22:17:d7:52:65:24:73:b0:ce:ef:19:
+                    cd:ae:ff:78:6c:7b:c0:12:03:d4:4e:72:0d:50:6d:
+                    3b:a3:3b:a3:99:5e:9d:c8:d9:0c:85:b3:d9:8a:d9:
+                    54:26:db:6d:fa:ac:bb:ff:25:4c:c4:d1:79:f4:71:
+                    d3:86:40:18:13:b0:63:b5:72:4e:30:c4:97:84:86:
+                    2d:56:2f:d7:15:f7:7f:c0:ae:f5:fc:5b:e5:fb:a1:
+                    ba:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
-                5C:F7:29:21:69:7A:09:78:9E:7B:CD:53:42:02:EC:CE:29:0D:11:DF
+                33:D8:45:66:D7:68:87:18:7E:54:0D:70:27:91:C7:26:D7:85:65:C0
            X509v3 Authority Key Identifier: 
-                keyid:5C:F7:29:21:69:7A:09:78:9E:7B:CD:53:42:02:EC:CE:29:0D:11:DF
-                DirName:/C=US/ST=Oregon/L=Portland/O=yaSSL/OU=programming/CN=www.yassl.com/emailAddress=info@yassl.com
-                serial:C5:D7:6C:11:36:F0:35:E1
+                keyid:33:D8:45:66:D7:68:87:18:7E:54:0D:70:27:91:C7:26:D7:85:65:C0
+                DirName:/C=US/ST=Oregon/L=Portland/O=yaSSL/OU=Programming/CN=www.yassl.com/emailAddress=info@yassl.com
+                serial:87:4A:75:BE:91:66:D8:3D

            X509v3 Basic Constraints: 
                CA:TRUE
-    Signature Algorithm: md5WithRSAEncryption
-        b4:a5:f1:71:26:4d:b9:ff:54:f3:09:1f:ac:e1:19:59:e5:ec:
-        57:e3:f1:0b:b2:8f:f3:29:eb:6b:c6:fa:27:33:3e:91:d0:77:
-        43:c9:ce:1e:0f:71:07:a9:f7:26:e0:7e:ff:30:7d:52:0a:e1:
-        80:48:46:bb:99:e9:d9:77:ce:75
+    Signature Algorithm: sha1WithRSAEncryption
+        1c:7c:42:81:29:9e:21:cf:d0:d8:c1:54:6f:cc:ae:14:09:38:
+        ff:68:98:9a:95:53:76:18:7b:e6:30:76:ec:28:0d:75:a7:de:
+        e0:cd:8e:d5:55:23:6a:47:2b:4e:8d:fc:7d:06:a3:d8:0f:ad:
+        5e:d6:04:c9:00:33:fb:77:27:d3:b5:03:b3:7b:21:74:31:0b:
+        4a:af:2d:1a:b3:93:8e:cc:f3:5f:3d:90:3f:cc:e3:55:19:91:
+        7b:78:24:2e:4a:09:bb:18:4e:61:2d:9c:c6:0a:a0:34:91:88:
+        70:6b:3b:48:47:bc:79:94:a2:a0:4d:32:47:54:c2:a3:dc:2e:
+        d2:51:4c:29:39:11:ff:e2:15:5e:58:97:36:f6:e9:06:06:86:
+        0e:8d:9d:95:03:72:b2:8b:19:7c:e9:14:6e:a1:88:73:68:58:
+        6d:71:5e:c2:d5:d3:13:d2:5f:de:ea:03:be:e2:00:40:e5:ce:
+        fd:e6:92:31:57:c3:eb:bb:66:ac:cb:2f:1a:fa:e0:62:a2:47:
+        f4:93:43:2a:4b:6c:5e:0a:2f:f9:e7:e6:4a:63:86:b0:ac:2a:
+        a1:eb:b4:5b:67:cd:32:e4:b6:11:4b:9a:72:66:0d:a2:4a:76:
+        8f:fe:22:bc:83:fd:db:b7:d5:a9:ee:05:c9:b1:71:7e:1b:2b:
+        e1:e3:af:c0
 -----BEGIN CERTIFICATE-----
-MIIDDjCCArigAwIBAgIJAMXXbBE28DXhMA0GCSqGSIb3DQEBBAUAMIGOMQswCQYD
+MIIEmDCCA4CgAwIBAgIJAIdKdb6RZtg9MA0GCSqGSIb3DQEBBQUAMIGOMQswCQYD
 VQQGEwJVUzEPMA0GA1UECBMGT3JlZ29uMREwDwYDVQQHEwhQb3J0bGFuZDEOMAwG
-A1UEChMFeWFTU0wxFDASBgNVBAsTC3Byb2dyYW1taW5nMRYwFAYDVQQDEw13d3cu
-eWFzc2wuY29tMR0wGwYJKoZIhvcNAQkBFg5pbmZvQHlhc3NsLmNvbTAeFw0xMDA2
-MzAxODM5MzlaFw0xMzAzMjYxODM5NDBaMIGOMQswCQYDVQQGEwJVUzEPMA0GA1UE
+A1UEChMFeWFTU0wxFDASBgNVBAsTC1Byb2dyYW1taW5nMRYwFAYDVQQDEw13d3cu
+eWFzc2wuY29tMR0wGwYJKoZIhvcNAQkBFg5pbmZvQHlhc3NsLmNvbTAeFw0xMTEw
+MjQxODIxNTVaFw0xNDA3MjAxODIxNTVaMIGOMQswCQYDVQQGEwJVUzEPMA0GA1UE
 CBMGT3JlZ29uMREwDwYDVQQHEwhQb3J0bGFuZDEOMAwGA1UEChMFeWFTU0wxFDAS
-BgNVBAsTC3Byb2dyYW1taW5nMRYwFAYDVQQDEw13d3cueWFzc2wuY29tMR0wGwYJ
-KoZIhvcNAQkBFg5pbmZvQHlhc3NsLmNvbTBcMA0GCSqGSIb3DQEBAQUAA0sAMEgC
-QQC9UUoU/WoZhAwzOPwnMpyXC/ykGGBpTtnYeFAL6SBd1h1wHAwknyOCzDoB1ZcX
-snNshs+18eXOaAzZohI5fPJTAgMBAAGjgfYwgfMwHQYDVR0OBBYEFFz3KSFpegl4
-nnvNU0IC7M4pDRHfMIHDBgNVHSMEgbswgbiAFFz3KSFpegl4nnvNU0IC7M4pDRHf
-oYGUpIGRMIGOMQswCQYDVQQGEwJVUzEPMA0GA1UECBMGT3JlZ29uMREwDwYDVQQH
-EwhQb3J0bGFuZDEOMAwGA1UEChMFeWFTU0wxFDASBgNVBAsTC3Byb2dyYW1taW5n
-MRYwFAYDVQQDEw13d3cueWFzc2wuY29tMR0wGwYJKoZIhvcNAQkBFg5pbmZvQHlh
-c3NsLmNvbYIJAMXXbBE28DXhMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQAD
-QQC0pfFxJk25/1TzCR+s4RlZ5exX4/ELso/zKetrxvonMz6R0HdDyc4eD3EHqfcm
-4H7/MH1SCuGASEa7menZd851
+BgNVBAsTC1Byb2dyYW1taW5nMRYwFAYDVQQDEw13d3cueWFzc2wuY29tMR0wGwYJ
+KoZIhvcNAQkBFg5pbmZvQHlhc3NsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBAMMD0Sv+OaQyRTtTyIQrKnx0mr2qKlIHR9amNrIHMo7Quml7xsNE
+ntSBSP0taKKLZ7uhdcg2LErSG/eLus8N+e/s8YEee5sDR5q/Zcx/ZSRppugUiVvk
+NPfFsBST9Wd7Onp44QFWVpGmE0KN0jxAnEzv0YbfN1EbDKE79fGjSjXk4c6W3xt+
+v06X0BDoqAgwga8gC0MUxXRntDKCb42GwohAmTaDuh5AciIX11JlJHOwzu8Zza7/
+eGx7wBID1E5yDVBtO6M7o5lencjZDIWz2YrZVCbbbfqsu/8lTMTRefRx04ZAGBOw
+Y7VyTjDEl4SGLVYv1xX3f8Cu9fxb5fuhutMCAwEAAaOB9jCB8zAdBgNVHQ4EFgQU
+M9hFZtdohxh+VA1wJ5HHJteFZcAwgcMGA1UdIwSBuzCBuIAUM9hFZtdohxh+VA1w
+J5HHJteFZcChgZSkgZEwgY4xCzAJBgNVBAYTAlVTMQ8wDQYDVQQIEwZPcmVnb24x
+ETAPBgNVBAcTCFBvcnRsYW5kMQ4wDAYDVQQKEwV5YVNTTDEUMBIGA1UECxMLUHJv
+Z3JhbW1pbmcxFjAUBgNVBAMTDXd3dy55YXNzbC5jb20xHTAbBgkqhkiG9w0BCQEW
+DmluZm9AeWFzc2wuY29tggkAh0p1vpFm2D0wDAYDVR0TBAUwAwEB/zANBgkqhkiG
+9w0BAQUFAAOCAQEAHHxCgSmeIc/Q2MFUb8yuFAk4/2iYmpVTdhh75jB27CgNdafe
+4M2O1VUjakcrTo38fQaj2A+tXtYEyQAz+3cn07UDs3shdDELSq8tGrOTjszzXz2Q
+P8zjVRmRe3gkLkoJuxhOYS2cxgqgNJGIcGs7SEe8eZSioE0yR1TCo9wu0lFMKTkR
+/+IVXliXNvbpBgaGDo2dlQNysosZfOkUbqGIc2hYbXFewtXTE9Jf3uoDvuIAQOXO
+/eaSMVfD67tmrMsvGvrgYqJH9JNDKktsXgov+efmSmOGsKwqoeu0W2fNMuS2EUua
+cmYNokp2j/4ivIP927fVqe4FybFxfhsr4eOvwA==
 -----END CERTIFICATE-----
--- a/certs/client-ecc-cert.pem
+++ b/certs/client-ecc-cert.pem
@@ -0,0 +1,54 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            bf:cc:cb:7a:0a:07:42:82
+        Signature Algorithm: ecdsa-with-SHA1
+        Issuer: C=US, ST=Oregon, L=Salem, O=Client ECC, OU=Fast, CN=www.yassl.com/emailAddress=info@yassl.com
+        Validity
+            Not Before: May  1 23:51:33 2012 GMT
+            Not After : Jan 26 23:51:33 2015 GMT
+        Subject: C=US, ST=Oregon, L=Salem, O=Client ECC, OU=Fast, CN=www.yassl.com/emailAddress=info@yassl.com
+        Subject Public Key Info:
+            Public Key Algorithm: id-ecPublicKey
+            EC Public Key:
+                pub: 
+                    04:55:bf:f4:0f:44:50:9a:3d:ce:9b:b7:f0:c5:4d:
+                    f5:70:7b:d4:ec:24:8e:19:80:ec:5a:4c:a2:24:03:
+                    62:2c:9b:da:ef:a2:35:12:43:84:76:16:c6:56:95:
+                    06:cc:01:a9:bd:f6:75:1a:42:f7:bd:a9:b2:36:22:
+                    5f:c7:5d:7f:b4
+                ASN1 OID: prime256v1
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                EB:D4:4B:59:6B:95:61:3F:51:57:B6:04:4D:89:41:88:44:5C:AB:F2
+            X509v3 Authority Key Identifier: 
+                keyid:EB:D4:4B:59:6B:95:61:3F:51:57:B6:04:4D:89:41:88:44:5C:AB:F2
+                DirName:/C=US/ST=Oregon/L=Salem/O=Client ECC/OU=Fast/CN=www.yassl.com/emailAddress=info@yassl.com
+                serial:BF:CC:CB:7A:0A:07:42:82
+
+            X509v3 Basic Constraints: 
+                CA:TRUE
+    Signature Algorithm: ecdsa-with-SHA1
+        30:44:02:20:26:08:44:95:35:2e:fa:9d:20:01:a6:79:60:ed:
+        35:a7:0a:dd:7a:0e:75:c5:80:d2:0b:9f:6a:90:d6:31:76:75:
+        02:20:2d:87:a2:bb:d5:e2:42:61:35:19:59:40:1d:fd:71:4f:
+        28:65:96:99:e6:85:1b:09:ad:d4:58:71:56:63:0b:c7
+-----BEGIN CERTIFICATE-----
+MIIC+jCCAqKgAwIBAgIJAL/My3oKB0KCMAkGByqGSM49BAEwgYkxCzAJBgNVBAYT
+AlVTMQ8wDQYDVQQIEwZPcmVnb24xDjAMBgNVBAcTBVNhbGVtMRMwEQYDVQQKEwpD
+bGllbnQgRUNDMQ0wCwYDVQQLEwRGYXN0MRYwFAYDVQQDEw13d3cueWFzc2wuY29t
+MR0wGwYJKoZIhvcNAQkBFg5pbmZvQHlhc3NsLmNvbTAeFw0xMjA1MDEyMzUxMzNa
+Fw0xNTAxMjYyMzUxMzNaMIGJMQswCQYDVQQGEwJVUzEPMA0GA1UECBMGT3JlZ29u
+MQ4wDAYDVQQHEwVTYWxlbTETMBEGA1UEChMKQ2xpZW50IEVDQzENMAsGA1UECxME
+RmFzdDEWMBQGA1UEAxMNd3d3Lnlhc3NsLmNvbTEdMBsGCSqGSIb3DQEJARYOaW5m
+b0B5YXNzbC5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARVv/QPRFCaPc6b
+t/DFTfVwe9TsJI4ZgOxaTKIkA2Ism9rvojUSQ4R2FsZWlQbMAam99nUaQve9qbI2
+Il/HXX+0o4HxMIHuMB0GA1UdDgQWBBTr1EtZa5VhP1FXtgRNiUGIRFyr8jCBvgYD
+VR0jBIG2MIGzgBTr1EtZa5VhP1FXtgRNiUGIRFyr8qGBj6SBjDCBiTELMAkGA1UE
+BhMCVVMxDzANBgNVBAgTBk9yZWdvbjEOMAwGA1UEBxMFU2FsZW0xEzARBgNVBAoT
+CkNsaWVudCBFQ0MxDTALBgNVBAsTBEZhc3QxFjAUBgNVBAMTDXd3dy55YXNzbC5j
+b20xHTAbBgkqhkiG9w0BCQEWDmluZm9AeWFzc2wuY29tggkAv8zLegoHQoIwDAYD
+VR0TBAUwAwEB/zAJBgcqhkjOPQQBA0cAMEQCICYIRJU1LvqdIAGmeWDtNacK3XoO
+dcWA0gufapDWMXZ1AiAth6K71eJCYTUZWUAd/XFPKGWWmeaFGwmt1FhxVmMLxw==
+-----END CERTIFICATE-----
--- a/certs/client-key.der
+++ b/certs/client-key.der
--- a/certs/client-key.pem
+++ b/certs/client-key.pem
@@ -1,9 +1,27 @@
 -----BEGIN RSA PRIVATE KEY-----
-MIIBPAIBAAJBAL1RShT9ahmEDDM4/CcynJcL/KQYYGlO2dh4UAvpIF3WHXAcDCSf
-I4LMOgHVlxeyc2yGz7Xx5c5oDNmiEjl88lMCAwEAAQJAVGHWLlLhpqvXsEEXCvWh
-HCYono+K8YVGzhiaPSTU212fCoQryIxsXQKGBjhFdZm96DZWp+Vd/t/u+B4ZeaqY
-+QIhAOBEfbFtdZqk5OmbbRsRVPI7+YYmubgY1TVIPqmxHQ4NAiEA2BrTQkjOb3ul
-A/SZO04fJUZsm7Ng92FWHDJsRancSd8CIQCmGbQqZBK1TamJZ6dAY+7RViAx/p6Q
-vjuzMeXPUrFdRQIhAMkfBhg9bCqjFyt8PBPOm/vz8+ZgZlE0/JAXeV7IPCVfAiEA
-gZwCFm1ghGxmaoB424YC4DHeDeN/g9xwJHT7EuM9Mvc=
+MIIEpAIBAAKCAQEAwwPRK/45pDJFO1PIhCsqfHSavaoqUgdH1qY2sgcyjtC6aXvG
+w0Se1IFI/S1oootnu6F1yDYsStIb94u6zw357+zxgR57mwNHmr9lzH9lJGmm6BSJ
+W+Q098WwFJP1Z3s6enjhAVZWkaYTQo3SPECcTO/Rht83URsMoTv18aNKNeThzpbf
+G36/TpfQEOioCDCBryALQxTFdGe0MoJvjYbCiECZNoO6HkByIhfXUmUkc7DO7xnN
+rv94bHvAEgPUTnINUG07ozujmV6dyNkMhbPZitlUJttt+qy7/yVMxNF59HHThkAY
+E7BjtXJOMMSXhIYtVi/XFfd/wK71/Fvl+6G60wIDAQABAoIBAQCi5thfEHFkCJ4u
+bdFtHoXSCrGMR84sUWqgEp5T3pFMHW3qWXvyd6rZxtmKq9jhFuRjJv+1bBNZuOOl
+yHIXLgyfb+VZP3ZvSbERwlouFikN3reO3EDVou7gHqH0vpfbhmOWFM2YCWAtMHac
+PM3miO5HknkLWgDiXl8RfH35CLcgBokqXf0AqyLh8LO8JKleJg4fAC3+IZpTW23T
+K6uUgmhDNtj2L8Yi/LVBXQ0zYOqkfX7oS1WRVtNcV48flBcvqt7pnqj0z4pMjqDk
+VnOyz0+GxWk88yQgi1yWDPprEjuaZ8HfxpaypdWSDZsJQmgkEEXUUOQXOUjQNYuU
+bRHej8pZAoGBAOokp/lpM+lx3FJ9iCEoL0neunIW6cxHeogNlFeEWBY6gbA/os+m
+bB6wBikAj+d3dqzbysfZXps/JpBSrvw4kAAUu7QPWJTnL2p+HE9BIdQxWR9OihqN
+p1dsItjl9H4yphDLZKVVA4emJwWMw9e2J7JNujDaR49U0z2LhI2UmFilAoGBANU4
+G8OPxZMMRwtvNZLFsI1GyJIYj/WACvfvof6AubUqusoYsF2lB9CTjdicBBzUYo6m
+JoEB/86KKmM0NUCqbYDeiSNqV02ebq2TTlaQC22dc4sMric93k7wqsVseGdslFKc
+N2dsLe+7r9+mkDzER8+Nlp6YqbSfxaZQ3LPw+3QXAoGAXoMJYr26fKK/QnT1fBzS
+ackEDYV+Pj0kEsMYe/Mp818OdmxZdeRBhGmdMvPNIquwNbpKsjzl2Vi2Yk9d3uWe
+CspTsiz3nrNrClt5ZexukU6SIPb8/Bbt03YM4ux/smkTa3gOWkZktF63JaBadTpL
+78c8Pvf9JrggxJkKmnO+wxkCgYEAukSTFKw0GTtfkWCs97TWgQU2UVM96GXcry7c
+YT7Jfbh/h/A7mwOCKTfOck4R1bHBDAegmZFKjX/sec/xObXphexi99p9vGRNIjwO
+8tZR9YfYmcARIF0PKf1b4q7ZHNkhVm38hNBf7RAVHBgh58Q9S9fQnmqVzyLJA3ue
+42AB/C8CgYAR0EvPG2e5nxB1R4ZlrjHCxjCsWQZQ2Q+1cAb38NPIYnyo2m72IT/T
+f1/qiqs/2Spe81HSwjA34y2jdQ0eTSE01VdwXIm/cuxKbmjVzRh0M06MOkWP5pZA
+62P5GYY6Ud2JS7Dz+Z9dKJU4vjWrylznk1M0oUVdEzllQkahn831vw==
 -----END RSA PRIVATE KEY-----
--- a/certs/dh1024.der
+++ b/certs/dh1024.der
--- a/certs/dh2048.der
+++ b/certs/dh2048.der
--- a/certs/dh2048.pem
+++ b/certs/dh2048.pem
@@ -0,0 +1,29 @@
+Diffie-Hellman-Parameters: (2048 bit)
+    prime:
+        00:b0:a1:08:06:9c:08:13:ba:59:06:3c:bc:30:d5:
+        f5:00:c1:4f:44:a7:d6:ef:4a:c6:25:27:1c:e8:d2:
+        96:53:0a:5c:91:dd:a2:c2:94:84:bf:7d:b2:44:9f:
+        9b:d2:c1:8a:c5:be:72:5c:a7:e7:91:e6:d4:9f:73:
+        07:85:5b:66:48:c7:70:fa:b4:ee:02:c9:3d:9a:4a:
+        da:3d:c1:46:3e:19:69:d1:17:46:07:a3:4d:9f:2b:
+        96:17:39:6d:30:8d:2a:f3:94:d3:75:cf:a0:75:e6:
+        f2:92:1f:1a:70:05:aa:04:83:57:30:fb:da:76:93:
+        38:50:e8:27:fd:63:ee:3c:e5:b7:c8:09:ae:6f:50:
+        35:8e:84:ce:4a:00:e9:12:7e:5a:31:d7:33:fc:21:
+        13:76:cc:16:30:db:0c:fc:c5:62:a7:35:b8:ef:b7:
+        b0:ac:c0:36:f6:d9:c9:46:48:f9:40:90:00:2b:1b:
+        aa:6c:e3:1a:c3:0b:03:9e:1b:c2:46:e4:48:4e:22:
+        73:6f:c3:5f:d4:9a:d6:30:07:48:d6:8c:90:ab:d4:
+        f6:f1:e3:48:d3:58:4b:a6:b9:cd:29:bf:68:1f:08:
+        4b:63:86:2f:5c:6b:d6:b6:06:65:f7:a6:dc:00:67:
+        6b:bb:c3:a9:41:83:fb:c7:fa:c8:e2:1e:7e:af:00:
+        3f:93
+    generator: 2 (0x2)
+-----BEGIN DH PARAMETERS-----
+MIIBCAKCAQEAsKEIBpwIE7pZBjy8MNX1AMFPRKfW70rGJScc6NKWUwpckd2iwpSE
+v32yRJ+b0sGKxb5yXKfnkebUn3MHhVtmSMdw+rTuAsk9mkraPcFGPhlp0RdGB6NN
+nyuWFzltMI0q85TTdc+gdebykh8acAWqBINXMPvadpM4UOgn/WPuPOW3yAmub1A1
+joTOSgDpEn5aMdcz/CETdswWMNsM/MVipzW477ewrMA29tnJRkj5QJAAKxuqbOMa
+wwsDnhvCRuRITiJzb8Nf1JrWMAdI1oyQq9T28eNI01hLprnNKb9oHwhLY4YvXGvW
+tgZl96bcAGdru8OpQYP7x/rI4h5+rwA/kwIBAg==
+-----END DH PARAMETERS-----
--- a/certs/dsa-cert.pem
+++ b/certs/dsa-cert.pem
@@ -1,70 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number:
-            ce:df:23:31:64:b4:13:da
-        Signature Algorithm: dsaWithSHA1
-        Issuer: C=US, ST=Oregon, L=Portland, O=yaSSL, OU=testing, CN=www.yassl.com/emailAddress=info@yassl.com
-        Validity
-            Not Before: Jun 30 18:56:38 2010 GMT
-            Not After : Mar 26 18:56:39 2013 GMT
-        Subject: C=US, ST=Oregon, L=Portland, O=yaSSL, OU=testing, CN=www.yassl.com/emailAddress=info@yassl.com
-        Subject Public Key Info:
-            Public Key Algorithm: dsaEncryption
-            DSA Public Key:
-                pub: 
-                    04:84:a0:26:31:72:0c:e8:4f:5d:53:17:62:b1:80:
-                    ca:c0:16:5f:c3:1e:ea:c5:d9:98:38:f9:be:56:53:
-                    47:68:ce:08:22:57:1c:bb:0d:77:91:cf:5b:36:ed:
-                    f3:24:82:90:8a:cd:90:7c:db:77:f9:17:2d:73:73:
-                    ef:bb:b9:82
-                P:   
-                    00:99:29:69:80:c9:3c:98:68:45:a9:82:fe:67:eb:
-                    95:88:c5:b4:0c:d6:26:45:95:19:2c:a0:20:5b:7e:
-                    df:69:e9:dc:c3:0f:f3:61:0a:25:9b:f2:21:01:6a:
-                    cd:aa:8c:37:e7:ca:66:db:56:f4:0f:7d:7a:d1:18:
-                    b9:42:fd:1b:11
-                Q:   
-                    00:ad:25:29:ab:0a:9f:09:1c:c1:ad:03:20:76:7f:
-                    a6:b7:dd:4d:03:09
-                G:   
-                    12:88:99:da:e7:d0:0b:93:9b:e6:ee:3c:21:7f:9c:
-                    b3:b4:8d:a5:8c:e2:37:80:3f:17:d1:81:4f:bd:f0:
-                    71:b6:32:08:54:dd:bf:01:e2:b3:77:06:64:75:8a:
-                    04:d6:79:39:b1:02:03:03:c6:06:74:e5:90:05:0a:
-                    10:46:19:31
-        X509v3 extensions:
-            X509v3 Subject Key Identifier: 
-                BE:F9:8C:5D:D6:1C:B4:EE:81:DD:36:56:0A:21:E4:61:44:73:E9:E2
-            X509v3 Authority Key Identifier: 
-                keyid:BE:F9:8C:5D:D6:1C:B4:EE:81:DD:36:56:0A:21:E4:61:44:73:E9:E2
-                DirName:/C=US/ST=Oregon/L=Portland/O=yaSSL/OU=testing/CN=www.yassl.com/emailAddress=info@yassl.com
-                serial:CE:DF:23:31:64:B4:13:DA
-
-            X509v3 Basic Constraints: 
-                CA:TRUE
-    Signature Algorithm: dsaWithSHA1
-        30:2d:02:14:00:a3:21:20:34:6a:2c:f9:fb:76:d7:20:c9:c0:
-        35:1b:64:9a:c2:83:02:15:00:a4:59:ac:6d:da:85:48:ff:f5:
-        0d:49:72:c8:cd:91:fc:ec:2f:5c:63
-----BEGIN CERTIFICATE-----
-MIIDfjCCAz2gAwIBAgIJAM7fIzFktBPaMAkGByqGSM44BAMwgYoxCzAJBgNVBAYT
-AlVTMQ8wDQYDVQQIEwZPcmVnb24xETAPBgNVBAcTCFBvcnRsYW5kMQ4wDAYDVQQK
-EwV5YVNTTDEQMA4GA1UECxMHdGVzdGluZzEWMBQGA1UEAxMNd3d3Lnlhc3NsLmNv
-bTEdMBsGCSqGSIb3DQEJARYOaW5mb0B5YXNzbC5jb20wHhcNMTAwNjMwMTg1NjM4
-WhcNMTMwMzI2MTg1NjM5WjCBijELMAkGA1UEBhMCVVMxDzANBgNVBAgTBk9yZWdv
-bjERMA8GA1UEBxMIUG9ydGxhbmQxDjAMBgNVBAoTBXlhU1NMMRAwDgYDVQQLEwd0
-ZXN0aW5nMRYwFAYDVQQDEw13d3cueWFzc2wuY29tMR0wGwYJKoZIhvcNAQkBFg5p
-bmZvQHlhc3NsLmNvbTCB8DCBqAYHKoZIzjgEATCBnAJBAJkpaYDJPJhoRamC/mfr
-lYjFtAzWJkWVGSygIFt+32np3MMP82EKJZvyIQFqzaqMN+fKZttW9A99etEYuUL9
-GxECFQCtJSmrCp8JHMGtAyB2f6a33U0DCQJAEoiZ2ufQC5Ob5u48IX+cs7SNpYzi
-N4A/F9GBT73wcbYyCFTdvwHis3cGZHWKBNZ5ObECAwPGBnTlkAUKEEYZMQNDAAJA
-BISgJjFyDOhPXVMXYrGAysAWX8Me6sXZmDj5vlZTR2jOCCJXHLsNd5HPWzbt8ySC
-kIrNkHzbd/kXLXNz77u5gqOB8jCB7zAdBgNVHQ4EFgQUvvmMXdYctO6B3TZWCiHk
-YURz6eIwgb8GA1UdIwSBtzCBtIAUvvmMXdYctO6B3TZWCiHkYURz6eKhgZCkgY0w
-gYoxCzAJBgNVBAYTAlVTMQ8wDQYDVQQIEwZPcmVnb24xETAPBgNVBAcTCFBvcnRs
-YW5kMQ4wDAYDVQQKEwV5YVNTTDEQMA4GA1UECxMHdGVzdGluZzEWMBQGA1UEAxMN
-d3d3Lnlhc3NsLmNvbTEdMBsGCSqGSIb3DQEJARYOaW5mb0B5YXNzbC5jb22CCQDO
-3yMxZLQT2jAMBgNVHRMEBTADAQH/MAkGByqGSM44BAMDMAAwLQIUAKMhIDRqLPn7
-dtcgycA1G2SawoMCFQCkWaxt2oVI//UNSXLIzZH87C9cYw==
-----END CERTIFICATE-----
--- a/certs/dsa2048.der
+++ b/certs/dsa2048.der
--- a/certs/dsa512.der
+++ b/certs/dsa512.der
--- a/certs/dsa512.pem
+++ b/certs/dsa512.pem
@@ -1,8 +0,0 @@
-----BEGIN DSA PRIVATE KEY-----
-MIH3AgEAAkEAmSlpgMk8mGhFqYL+Z+uViMW0DNYmRZUZLKAgW37faencww/zYQol
-m/IhAWrNqow358pm21b0D3160Ri5Qv0bEQIVAK0lKasKnwkcwa0DIHZ/prfdTQMJ
-AkASiJna59ALk5vm7jwhf5yztI2ljOI3gD8X0YFPvfBxtjIIVN2/AeKzdwZkdYoE
-1nk5sQIDA8YGdOWQBQoQRhkxAkAEhKAmMXIM6E9dUxdisYDKwBZfwx7qxdmYOPm+
-VlNHaM4IIlccuw13kc9bNu3zJIKQis2QfNt3+Rctc3Pvu7mCAhQjg+e+aqykxwwc
-E2V27tjDFY02uA==
-----END DSA PRIVATE KEY-----
--- a/certs/ecc-client-key.pem
+++ b/certs/ecc-client-key.pem
@@ -0,0 +1,9 @@
+ASN1 OID: prime256v1
+-----BEGIN EC PARAMETERS-----
+BggqhkjOPQMBBw==
+-----END EC PARAMETERS-----
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIPjPkmu9HijxqKuhI08ydBiIUK1+x+yS+I+XTa9WiWXHoAoGCCqGSM49
+AwEHoUQDQgAEVb/0D0RQmj3Om7fwxU31cHvU7CSOGYDsWkyiJANiLJva76I1EkOE
+dhbGVpUGzAGpvfZ1GkL3vamyNiJfx11/tA==
+-----END EC PRIVATE KEY-----
--- a/certs/ecc-keyPkcs8.pem
+++ b/certs/ecc-keyPkcs8.pem
@@ -0,0 +1,5 @@
+-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgRbZpAnOcbIWhOFty
+6OjHrMQDjVM1BPpsKNw0jeGoCYyhRANCAAS7M6xMJ1BKxkqlBMM83p8223ItzpTq
+K/rLIAk5LBboYQLpr03TApOaMVuXkiF/8M8Y2pERAjSG6CBYMwuANInY
+-----END PRIVATE KEY-----
--- a/certs/include.am
+++ b/certs/include.am
@@ -0,0 +1,38 @@
+# vim:ft=automake
+# All paths should be given relative to the root
+#
+
+certs_DATA+= \
+	     certs/ca-cert.pem \
+	     certs/ca-key.pem \
+	     certs/client-cert.pem \
+	     certs/client-keyEnc.pem \
+	     certs/client-key.pem \
+	     certs/ecc-key.pem \
+	     certs/ecc-keyPkcs8.pem \
+	     certs/ntru-cert.pem \
+	     certs/dh2048.pem \
+	     certs/server-cert.pem \
+	     certs/server-ecc.pem \
+	     certs/server-keyEnc.pem \
+	     certs/server-key.pem \
+	     certs/server-keyPkcs8Enc12.pem \
+	     certs/server-keyPkcs8Enc2.pem \
+	     certs/server-keyPkcs8Enc.pem \
+	     certs/server-keyPkcs8.pem
+
+certs_DATA+= \
+	     certs/ca-key.der \
+	     certs/client-cert.der \
+	     certs/client-key.der \
+	     certs/dh2048.der \
+	     certs/rsa2048.der \
+	     certs/dsa2048.der \
+	     certs/ecc-key.der
+
+EXTRA_DIST+= ${certs_DATA}
+
+doc_DATA+= certs/taoCert.txt
+
+EXTRA_DIST+= certs/ntru-key.raw
+
--- a/certs/ntru-cert.pem
+++ b/certs/ntru-cert.pem
@@ -1,24 +1,28 @@
 -----BEGIN CERTIFICATE-----
-MIIEFTCCA7+gAwIBAgIIAbqUI6ioaAswDQYJKoZIhvcNAQEEBQAwgZ4xCzAJBgNV
+MIIEyTCCA7GgAwIBAgIIASZ+ezr7rN0wDQYJKoZIhvcNAQEFBQAwgZAxCzAJBgNV
 BAYTAlVTMRAwDgYDVQQIEwdNb250YW5hMRAwDgYDVQQHEwdCb3plbWFuMREwDwYD
-VQQKEwhzYXd0b290aDETMBEGA1UECxMKY29uc3VsdGluZzEkMCIGA1UEAxMbd3d3
-LnNhd3Rvb3RoLWNvbnN1bHRpbmcuY29tMR0wGwYJKoZIhvcNAQkBFg5pbmZvQHlh
-c3NsLmNvbTAiGA8yMDEwMTIxNDIwMjQ0MVoYDzIwMTIwNDI3MjEyNDQxWjCBijEL
-MAkGA1UEBhMCVVMxCzAJBgNVBAgTAk9SMREwDwYDVQQHEwhQb3J0bGFuZDEOMAwG
-A1UEChMFeWFTU0wxFDASBgNVBAsTC0RldmVsb3BtZW50MRYwFAYDVQQDEw13d3cu
-eWFzc2wuY29tMR0wGwYJKoZIhvcNAQkBFg5pbmZvQHlhc3NsLmNvbTCCAkswGAYK
-KwYBBAHBcAEBAgYKKwYBBAHBcAECLgOCAi0ABIICKCz+/AE/vwkKbIeZgGF2aIEx
-8Tgb8wSs7pLV97VJhdtoPE6uACTmMGAsKou1ZXZ7Wx/vo+DSEdRF4DMlny3clNoU
-ISPnfubo5oDo8zFzBkI24v7euq885RZGkrqPJLsEPkdWxbsH9hVA9Q6KiL3WkqyJ
-p6F+FseE//rJ8V++prytwhTdBzGWtpY43Wkh6Sqej7Vyh/gQAQuYSFPtWhSb0Xjh
-/tFG17lSPhPrf6xD+YtABxUG2hlWY+4wkHSVyTqkPx1/2frlMctA9J3aktEEJkWu
-bbbHVgBDkQ4E+58iljlzArep+sRs5d//KZil9fFJf1qUXo9mo3BekISGZJ5fUi/r
-4PNyJhYPJfTc0qZwas26VKiMWlAYFlxMNOdTAH9oLYRo85n+FlmkYzkaFuW/1h0u
-SSVJ25XcqWYVZL4W11bAVEut80DIZPsHAOpxaol2Ul+3TtyuYIXaGxVdWYZKVAV3
-meDa8HusJlRbRNGNJR83/lT5haFizcUkWD/QMtlnu+PgX11pUD+mZedVgYhElpfd
-GfFwBUJcStP2iMMynZkQHxvoaNS761BiNiqMJceuvE9a+2fFt9WkAAYaYHoVQNGf
-HMVv6lPeVL0S688Bq6/Y39quJQGlcDDY1jy4nOJgNrAGv/cbSFnoC12lGzHVh6pI
-3s0ekDf/bjMmIP2w3krhTyGm0pZ5D1mEXYWUkEMHVcjGNM9IBlXp1WHTWdNwINCM
-Cos5UHRX4DANBgkqhkiG9w0BAQQFAANBAHvy5p2SJtQlc5defUNYtHaAwrk7Nzcu
-qlaoBL1HCtwMI4W5Q7INKShS238uZJXYxcHQXlvxswf0IFtqT8lIFt0=
+VQQKEwhTYXd0b290aDETMBEGA1UECxMKQ29uc3VsdGluZzEWMBQGA1UEAxMNd3d3
+Lnlhc3NsLmNvbTEdMBsGCSqGSIb3DQEJARYOaW5mb0B5YXNzbC5jb20wIhgPMjAx
+MTEyMDUwMDE2MzdaGA8yMDEzMDQxOTAxMTYzN1owgYoxCzAJBgNVBAYTAlVTMQsw
+CQYDVQQIEwJPUjERMA8GA1UEBxMIUG9ydGxhbmQxDjAMBgNVBAoTBXlhU1NMMRQw
+EgYDVQQLEwtEZXZlbG9wbWVudDEWMBQGA1UEAxMNd3d3Lnlhc3NsLmNvbTEdMBsG
+CSqGSIb3DQEJARYOaW5mb0B5YXNzbC5jb20wggJLMBgGCisGAQQBwXABAQIGCisG
+AQQBwXABAi4DggItAASCAihFDRAy0fOBZth/IRQFJeuEUgrViJfGvKOUuNW6yYmn
+9/YXT2I3/aiBZ/udSehoEFVPNgLs/ZWwNrsIuETH5TPkS1e9Ig4I5G839deKT89M
+Qpq7GiKLwlLY3He/a6O+/UMEFH4ShdhDopsH2+IsWCX0H7Lvp8L8RqURrQNFXvlr
+xRAFiBixEQNry2HyEcVz/9TQSdifE4KGUtneErqsk1/Sms1m1/NqW30H77YerJfs
+QWsOEgasoJnYWS6knJC4XsUbJKqKcHRc6XeODOyf72J3ESvES2C+cqEsShxVP7zG
+hDiHurwfyvIAUL4bZSBtlAqt60iOEsXScXwdbNrj+4iuFAyjX8+JrxGMbDNi3X5l
+L2RLUiEIKUSGUozbDlR3jU2WoHUm76mZwjGe1+vOKpvqh5yrRoyqiDERj8wsGrDO
+MdoheW1xSjQ3p5fQ/UOtagWA5Lh/MqbCIHdMzMLpbOmfhFJA5BXaNg/qThhjpmvf
+csYfwWCWukKKbjfY7cxOVMuUN0VvoYBjOxt5UQhXuPjH/+5s4J7E/IxQrWz6fhcG
+wfvJjWJjedfhP23Jm4zodbwtU6MgPF641DcAwcnBqSi/Ugi7d0YeHMqTJkSnIJZV
+r3v1YLuqiFDzB6bx69DGpCxFMxIpdOPq4a9WpeQQ9H7cBK0HFl4tRPNnQ2XCrKMc
+86gQ35aaM2vPvgj0d/zgC0AG8WFQEG1wYBvLEgfiQsi7auXoScYZA8AwDQYJKoZI
+hvcNAQEFBQADggEBAJ7eyiJIGiyyrhAdaYOit3U3CUkGSatNXTkn8PRO8SwzPWCi
+FQ+4AePYV+/ovtNZiqLwm7mVa3s2CS8LCk2s9/ld22cDJNV+gDkzrelUyTLUi0jr
+zZJwEiaNXIEkYrLGifSzoNUgQBTzDmOSkm2UpIX70GTsXF73FKdqonf1VTnopVKa
+XZDpIG3/TKyh8jCwowMrkxnHS886FhXiHGCBzM1rnp3S+r3b+rTqoKoeuZQnDgJP
+IZwnZL6agtwbUfmZj6/868irlsLtC9M5nKBtj/U/tQIrW52XEhBqChmTXIq0JNL1
++kWLLeu9t0T53Pth3VxMT/ePV0aURQvjINm60o=
 -----END CERTIFICATE-----
--- a/certs/ntru-key.raw
+++ b/certs/ntru-key.raw
--- a/certs/rsa2048.der
+++ b/certs/rsa2048.der
--- a/certs/server-cert.pem
+++ b/certs/server-cert.pem
@@ -1,39 +1,158 @@
 Certificate:
    Data:
        Version: 1 (0x0)
-        Serial Number: 1 (0x1)
-        Signature Algorithm: md5WithRSAEncryption
-        Issuer: C=US, ST=Montana, L=Bozeman, O=sawtooth, OU=consulting, CN=www.sawtooth-consulting.com/emailAddress=info@yassl.com
+        Serial Number: 2 (0x2)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.yassl.com/emailAddress=info@yassl.com
        Validity
-            Not Before: Jun 30 18:52:17 2010 GMT
-            Not After : Mar 26 18:52:17 2013 GMT
-        Subject: C=US, ST=Montana, L=Bozeman, O=yaSSL, OU=support, CN=www.yassl.com/emailAddress=info@yassl.com
+            Not Before: Oct 24 18:27:13 2011 GMT
+            Not After : Jul 20 18:27:13 2014 GMT
+        Subject: C=US, ST=Montana, L=Bozeman, O=yaSSL, OU=Support, CN=www.yassl.com/emailAddress=info@yassl.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (512 bit)
-                Modulus (512 bit):
-                    00:c6:7b:c0:68:81:2f:de:82:3f:f9:ac:c3:86:4a:
-                    66:b7:ec:d4:f1:f6:64:21:ff:f5:a2:34:42:d0:38:
-                    9f:c6:dd:3b:6e:26:65:6a:54:96:dd:d2:7b:eb:36:
-                    a2:ae:7e:2a:9e:7e:56:a5:b6:87:9f:15:c7:18:66:
-                    7e:16:77:e2:a7
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27:
+                    01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6:
+                    f6:1c:88:bc:7c:9f:fb:a8:67:7f:fe:5c:9c:51:75:
+                    f7:8a:ca:07:e7:35:2f:8f:e1:bd:7b:c0:2f:7c:ab:
+                    64:a8:17:fc:ca:5d:7b:ba:e0:21:e5:72:2e:6f:2e:
+                    86:d8:95:73:da:ac:1b:53:b9:5f:3f:d7:19:0d:25:
+                    4f:e1:63:63:51:8b:0b:64:3f:ad:43:b8:a5:1c:5c:
+                    34:b3:ae:00:a0:63:c5:f6:7f:0b:59:68:78:73:a6:
+                    8c:18:a9:02:6d:af:c3:19:01:2e:b8:10:e3:c6:cc:
+                    40:b4:69:a3:46:33:69:87:6e:c4:bb:17:a6:f3:e8:
+                    dd:ad:73:bc:7b:2f:21:b5:fd:66:51:0c:bd:54:b3:
+                    e1:6d:5f:1c:bc:23:73:d1:09:03:89:14:d2:10:b9:
+                    64:c3:2a:d0:a1:96:4a:bc:e1:d4:1a:5b:c7:a0:c0:
+                    c1:63:78:0f:44:37:30:32:96:80:32:23:95:a1:77:
+                    ba:13:d2:97:73:e2:5d:25:c9:6a:0d:c3:39:60:a4:
+                    b4:b0:69:42:42:09:e9:d8:08:bc:33:20:b3:58:22:
+                    a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f:
+                    ad:d7
                Exponent: 65537 (0x10001)
-    Signature Algorithm: md5WithRSAEncryption
-        58:a9:98:e7:16:52:4c:40:e7:e1:47:92:19:1b:3a:8f:97:6c:
-        7b:b7:b0:cb:20:6d:ad:b5:d3:47:58:d8:e4:f2:3e:32:e9:ef:
-        87:77:e5:54:36:f4:8d:50:8d:07:b4:77:45:ea:9d:a4:33:36:
-        9b:0b:e0:74:58:11:c5:01:7b:4d
+    Signature Algorithm: sha1WithRSAEncryption
+        71:4e:d3:62:df:cc:4c:f7:cd:b7:6e:52:0b:6c:6e:e0:bd:c2:
+        2d:07:d7:c0:b0:6e:43:1e:35:bc:30:01:50:f0:ff:99:23:6c:
+        18:1a:41:b6:11:d6:d4:19:61:fd:e4:77:97:1c:39:e1:57:ab:
+        c5:15:63:77:11:36:5e:74:e2:24:0b:1f:41:78:ad:b7:81:e7:
+        b4:40:66:80:f0:4b:91:a0:6d:a8:6e:3d:53:d9:8b:ce:2a:e1:
+        0b:45:65:87:a1:96:ae:ee:3e:88:d5:12:1f:78:17:ae:2c:c5:
+        73:44:d8:dc:f4:af:d8:cc:ae:4c:e1:0c:be:55:a4:99:f7:6e:
+        96:c0:c8:45:87:bf:dc:51:57:ff:9e:73:37:6a:18:9c:c3:f9:
+        22:7a:f4:b0:52:bd:fc:21:30:f8:c5:ff:1e:87:7d:ad:a2:5a:
+        35:f5:22:a8:b4:0a:76:38:e6:76:b0:98:af:1b:ec:8a:0a:43:
+        74:d2:85:34:37:84:07:e1:f6:23:b2:29:de:a6:b6:b7:4c:57:
+        7e:96:06:cb:a9:16:25:29:3a:03:2d:55:7d:a6:8c:a4:f7:9e:
+        81:c9:95:b6:7c:c1:4a:ce:94:66:0c:ca:88:eb:d2:09:f5:5b:
+        19:58:82:df:27:fd:67:95:78:b7:02:06:d5:a7:61:bd:ef:3a:
+        fc:b2:61:cd
 -----BEGIN CERTIFICATE-----
-MIICFDCCAb4CAQEwDQYJKoZIhvcNAQEEBQAwgZ4xCzAJBgNVBAYTAlVTMRAwDgYD
-VQQIEwdNb250YW5hMRAwDgYDVQQHEwdCb3plbWFuMREwDwYDVQQKEwhzYXd0b290
-aDETMBEGA1UECxMKY29uc3VsdGluZzEkMCIGA1UEAxMbd3d3LnNhd3Rvb3RoLWNv
-bnN1bHRpbmcuY29tMR0wGwYJKoZIhvcNAQkBFg5pbmZvQHlhc3NsLmNvbTAeFw0x
-MDA2MzAxODUyMTdaFw0xMzAzMjYxODUyMTdaMIGKMQswCQYDVQQGEwJVUzEQMA4G
-A1UECBMHTW9udGFuYTEQMA4GA1UEBxMHQm96ZW1hbjEOMAwGA1UEChMFeWFTU0wx
-EDAOBgNVBAsTB3N1cHBvcnQxFjAUBgNVBAMTDXd3dy55YXNzbC5jb20xHTAbBgkq
-hkiG9w0BCQEWDmluZm9AeWFzc2wuY29tMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJB
-AMZ7wGiBL96CP/msw4ZKZrfs1PH2ZCH/9aI0QtA4n8bdO24mZWpUlt3Se+s2oq5+
-Kp5+VqW2h58VxxhmfhZ34qcCAwEAATANBgkqhkiG9w0BAQQFAANBAFipmOcWUkxA
-5+FHkhkbOo+XbHu3sMsgba2100dY2OTyPjLp74d35VQ29I1QjQe0d0XqnaQzNpsL
-4HRYEcUBe00=
+MIIDkDCCAngCAQIwDQYJKoZIhvcNAQEFBQAwgZAxCzAJBgNVBAYTAlVTMRAwDgYD
+VQQIEwdNb250YW5hMRAwDgYDVQQHEwdCb3plbWFuMREwDwYDVQQKEwhTYXd0b290
+aDETMBEGA1UECxMKQ29uc3VsdGluZzEWMBQGA1UEAxMNd3d3Lnlhc3NsLmNvbTEd
+MBsGCSqGSIb3DQEJARYOaW5mb0B5YXNzbC5jb20wHhcNMTExMDI0MTgyNzEzWhcN
+MTQwNzIwMTgyNzEzWjCBijELMAkGA1UEBhMCVVMxEDAOBgNVBAgTB01vbnRhbmEx
+EDAOBgNVBAcTB0JvemVtYW4xDjAMBgNVBAoTBXlhU1NMMRAwDgYDVQQLEwdTdXBw
+b3J0MRYwFAYDVQQDEw13d3cueWFzc2wuY29tMR0wGwYJKoZIhvcNAQkBFg5pbmZv
+QHlhc3NsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMCVCOFX
+QfJxbbfSRUEnAWXGRa7yvCQwuJXOL07W9hyIvHyf+6hnf/5cnFF194rKB+c1L4/h
+vXvAL3yrZKgX/Mpde7rgIeVyLm8uhtiVc9qsG1O5Xz/XGQ0lT+FjY1GLC2Q/rUO4
+pRxcNLOuAKBjxfZ/C1loeHOmjBipAm2vwxkBLrgQ48bMQLRpo0YzaYduxLsXpvPo
+3a1zvHsvIbX9ZlEMvVSz4W1fHLwjc9EJA4kU0hC5ZMMq0KGWSrzh1Bpbx6DAwWN4
+D0Q3MDKWgDIjlaF3uhPSl3PiXSXJag3DOWCktLBpQkIJ6dgIvDMgs1gip6rrxOHm
+YYPF0pbf2dBPrdcCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAcU7TYt/MTPfNt25S
+C2xu4L3CLQfXwLBuQx41vDABUPD/mSNsGBpBthHW1Blh/eR3lxw54VerxRVjdxE2
+XnTiJAsfQXitt4HntEBmgPBLkaBtqG49U9mLzirhC0Vlh6GWru4+iNUSH3gXrizF
+c0TY3PSv2MyuTOEMvlWkmfdulsDIRYe/3FFX/55zN2oYnMP5Inr0sFK9/CEw+MX/
+Hod9raJaNfUiqLQKdjjmdrCYrxvsigpDdNKFNDeEB+H2I7Ip3qa2t0xXfpYGy6kW
+JSk6Ay1VfaaMpPeegcmVtnzBSs6UZgzKiOvSCfVbGViC3yf9Z5V4twIG1adhve86
+/LJhzQ==
+-----END CERTIFICATE-----
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            e9:d0:a7:5f:79:25:f4:3c
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.yassl.com/emailAddress=info@yassl.com
+        Validity
+            Not Before: Oct 24 18:18:15 2011 GMT
+            Not After : Jul 20 18:18:15 2014 GMT
+        Subject: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.yassl.com/emailAddress=info@yassl.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:bf:0c:ca:2d:14:b2:1e:84:42:5b:cd:38:1f:4a:
+                    f2:4d:75:10:f1:b6:35:9f:df:ca:7d:03:98:d3:ac:
+                    de:03:66:ee:2a:f1:d8:b0:7d:6e:07:54:0b:10:98:
+                    21:4d:80:cb:12:20:e7:cc:4f:de:45:7d:c9:72:77:
+                    32:ea:ca:90:bb:69:52:10:03:2f:a8:f3:95:c5:f1:
+                    8b:62:56:1b:ef:67:6f:a4:10:41:95:ad:0a:9b:e3:
+                    a5:c0:b0:d2:70:76:50:30:5b:a8:e8:08:2c:7c:ed:
+                    a7:a2:7a:8d:38:29:1c:ac:c7:ed:f2:7c:95:b0:95:
+                    82:7d:49:5c:38:cd:77:25:ef:bd:80:75:53:94:3c:
+                    3d:ca:63:5b:9f:15:b5:d3:1d:13:2f:19:d1:3c:db:
+                    76:3a:cc:b8:7d:c9:e5:c2:d7:da:40:6f:d8:21:dc:
+                    73:1b:42:2d:53:9c:fe:1a:fc:7d:ab:7a:36:3f:98:
+                    de:84:7c:05:67:ce:6a:14:38:87:a9:f1:8c:b5:68:
+                    cb:68:7f:71:20:2b:f5:a0:63:f5:56:2f:a3:26:d2:
+                    b7:6f:b1:5a:17:d7:38:99:08:fe:93:58:6f:fe:c3:
+                    13:49:08:16:0b:a7:4d:67:00:52:31:67:23:4e:98:
+                    ed:51:45:1d:b9:04:d9:0b:ec:d8:28:b3:4b:bd:ed:
+                    36:79
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
+            X509v3 Authority Key Identifier: 
+                keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
+                DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.yassl.com/emailAddress=info@yassl.com
+                serial:E9:D0:A7:5F:79:25:F4:3C
+
+            X509v3 Basic Constraints: 
+                CA:TRUE
+    Signature Algorithm: sha1WithRSAEncryption
+        5f:86:14:f4:51:8b:bc:a5:4e:30:da:5e:ac:9a:f8:6c:d9:26:
+        4b:93:f9:e3:1c:89:6f:9e:ee:b3:9d:77:3e:89:20:76:a3:e6:
+        e8:86:15:21:db:e2:33:b2:34:d5:d0:9f:f3:c1:a4:87:92:5c:
+        f9:d1:ff:30:2f:8e:03:bc:b3:3c:0c:32:a3:90:5f:1a:90:1e:
+        af:9d:f3:9e:d7:07:02:a9:7d:27:66:63:2f:af:18:d7:ac:18:
+        98:8c:83:8f:38:f3:0b:ac:36:10:75:fb:ca:76:13:50:5b:02:
+        8f:73:bf:e3:a0:ee:83:52:25:54:ce:26:ce:9c:bd:2f:79:ab:
+        1b:60:b8:92:f1:03:c0:fc:3b:08:d9:c0:ad:d5:72:08:25:80:
+        61:2d:dc:9f:a7:83:62:07:47:e0:07:4c:4b:07:30:04:a9:87:
+        1c:55:7f:07:12:d0:cb:42:5d:cb:cf:66:01:1a:17:ee:f9:0f:
+        60:b7:db:6f:68:e5:4e:41:62:6e:d3:6f:60:4f:4b:27:de:cf:
+        18:07:f1:13:5d:cb:3f:a9:25:44:da:52:5c:c8:04:e1:56:12:
+        f5:2a:90:4e:d1:e2:af:01:b5:23:a1:ec:31:da:7b:63:69:c4:
+        b8:f3:e7:ce:a1:3d:c0:db:6d:f3:b2:d9:46:c8:9f:c3:b8:70:
+        5a:1f:7f:ca
+-----BEGIN CERTIFICATE-----
+MIIEnjCCA4agAwIBAgIJAOnQp195JfQ8MA0GCSqGSIb3DQEBBQUAMIGQMQswCQYD
+VQQGEwJVUzEQMA4GA1UECBMHTW9udGFuYTEQMA4GA1UEBxMHQm96ZW1hbjERMA8G
+A1UEChMIU2F3dG9vdGgxEzARBgNVBAsTCkNvbnN1bHRpbmcxFjAUBgNVBAMTDXd3
+dy55YXNzbC5jb20xHTAbBgkqhkiG9w0BCQEWDmluZm9AeWFzc2wuY29tMB4XDTEx
+MTAyNDE4MTgxNVoXDTE0MDcyMDE4MTgxNVowgZAxCzAJBgNVBAYTAlVTMRAwDgYD
+VQQIEwdNb250YW5hMRAwDgYDVQQHEwdCb3plbWFuMREwDwYDVQQKEwhTYXd0b290
+aDETMBEGA1UECxMKQ29uc3VsdGluZzEWMBQGA1UEAxMNd3d3Lnlhc3NsLmNvbTEd
+MBsGCSqGSIb3DQEJARYOaW5mb0B5YXNzbC5jb20wggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQC/DMotFLIehEJbzTgfSvJNdRDxtjWf38p9A5jTrN4DZu4q
+8diwfW4HVAsQmCFNgMsSIOfMT95FfclydzLqypC7aVIQAy+o85XF8YtiVhvvZ2+k
+EEGVrQqb46XAsNJwdlAwW6joCCx87aeieo04KRysx+3yfJWwlYJ9SVw4zXcl772A
+dVOUPD3KY1ufFbXTHRMvGdE823Y6zLh9yeXC19pAb9gh3HMbQi1TnP4a/H2rejY/
+mN6EfAVnzmoUOIep8Yy1aMtof3EgK/WgY/VWL6Mm0rdvsVoX1ziZCP6TWG/+wxNJ
+CBYLp01nAFIxZyNOmO1RRR25BNkL7Ngos0u97TZ5AgMBAAGjgfgwgfUwHQYDVR0O
+BBYEFCeOZxF0wyYdP+0zY7Ok2B0w5ejVMIHFBgNVHSMEgb0wgbqAFCeOZxF0wyYd
+P+0zY7Ok2B0w5ejVoYGWpIGTMIGQMQswCQYDVQQGEwJVUzEQMA4GA1UECBMHTW9u
+dGFuYTEQMA4GA1UEBxMHQm96ZW1hbjERMA8GA1UEChMIU2F3dG9vdGgxEzARBgNV
+BAsTCkNvbnN1bHRpbmcxFjAUBgNVBAMTDXd3dy55YXNzbC5jb20xHTAbBgkqhkiG
+9w0BCQEWDmluZm9AeWFzc2wuY29tggkA6dCnX3kl9DwwDAYDVR0TBAUwAwEB/zAN
+BgkqhkiG9w0BAQUFAAOCAQEAX4YU9FGLvKVOMNperJr4bNkmS5P54xyJb57us513
+PokgdqPm6IYVIdviM7I01dCf88Gkh5Jc+dH/MC+OA7yzPAwyo5BfGpAer53zntcH
+Aql9J2ZjL68Y16wYmIyDjzjzC6w2EHX7ynYTUFsCj3O/46Dug1IlVM4mzpy9L3mr
+G2C4kvEDwPw7CNnArdVyCCWAYS3cn6eDYgdH4AdMSwcwBKmHHFV/BxLQy0Jdy89m
+ARoX7vkPYLfbb2jlTkFibtNvYE9LJ97PGAfxE13LP6klRNpSXMgE4VYS9SqQTtHi
+rwG1I6HsMdp7Y2nEuPPnzqE9wNtt87LZRsifw7hwWh9/yg==
 -----END CERTIFICATE-----
--- a/certs/server-key.pem
+++ b/certs/server-key.pem
@@ -1,9 +1,27 @@
 -----BEGIN RSA PRIVATE KEY-----
-MIIBOwIBAAJBAMZ7wGiBL96CP/msw4ZKZrfs1PH2ZCH/9aI0QtA4n8bdO24mZWpU
-lt3Se+s2oq5+Kp5+VqW2h58VxxhmfhZ34qcCAwEAAQJBAJSbGxgjgV+rTZL2Ev58
-viN/IoB25cm/Bn4Heu7DNn2A2kpdGX2cCaf7rEQoIKCiHxvopvxOcd/7nLS/gNli
-dCECIQD/cX/9fvB1Uajw0fmvwNON9+3P9uJSqpig90zL32pwjQIhAMbqee9TBMN4
-TxXbgWqA92PrCXe8WDZ3PwoJqdR6MRUDAiEAny+TDF1z6hiWiGTCDgXDkKBlwgjf
-p5aKgR077XzwLu0CICVpWEGg1ZaF/CnaPP7w/pZ2UDOK4vRrfRnAM4bY7H5NAiBS
-1eXJ/MCZ2uPfpl7XK2BU9P69KdKUk5WHxdRchVvcDg==
+MIIEpQIBAAKCAQEAwJUI4VdB8nFtt9JFQScBZcZFrvK8JDC4lc4vTtb2HIi8fJ/7
+qGd//lycUXX3isoH5zUvj+G9e8AvfKtkqBf8yl17uuAh5XIuby6G2JVz2qwbU7lf
+P9cZDSVP4WNjUYsLZD+tQ7ilHFw0s64AoGPF9n8LWWh4c6aMGKkCba/DGQEuuBDj
+xsxAtGmjRjNph27Euxem8+jdrXO8ey8htf1mUQy9VLPhbV8cvCNz0QkDiRTSELlk
+wyrQoZZKvOHUGlvHoMDBY3gPRDcwMpaAMiOVoXe6E9KXc+JdJclqDcM5YKS0sGlC
+Qgnp2Ai8MyCzWCKnquvE4eZhg8XSlt/Z0E+t1wIDAQABAoIBAQCa0DQPUmIFUAHv
+n+1kbsLE2hryhNeSEEiSxOlq64t1bMZ5OPLJckqGZFSVd8vDmp231B2kAMieTuTd
+x7pnFsF0vKnWlI8rMBr77d8hBSPZSjm9mGtlmrjcxH3upkMVLj2+HSJgKnMw1T7Y
+oqyGQy7E9WReP4l1DxHYUSVOn9iqo85gs+KK2X4b8GTKmlsFC1uqy+XjP24yIgXz
+0PrvdFKB4l90073/MYNFdfpjepcu1rYZxpIm5CgGUFAOeC6peA0Ul7QS2DFAq6EB
+QcIw+AdfFuRhd9Jg8p+N6PS662PeKpeB70xs5lU0USsoNPRTHMRYCj+7r7X3SoVD
+LTzxWFiBAoGBAPIsVHY5I2PJEDK3k62vvhl1loFk5rW4iUJB0W3QHBv4G6xpyzY8
+ZH3c9Bm4w2CxV0hfUk9ZOlV/MsAZQ1A/rs5vF/MOn0DKTq0VO8l56cBZOHNwnAp8
+yTpIMqfYSXUKhcLC/RVz2pkJKmmanwpxv7AEpox6Wm9IWlQ7xrFTF9/nAoGBAMuT
+3ncVXbdcXHzYkKmYLdZpDmOzo9ymzItqpKISjI57SCyySzfcBhh96v52odSh6T8N
+zRtfr1+elltbD6F8r7ObkNtXczrtsCNErkFPHwdCEyNMy/r0FKTV9542fFufqDzB
+hV900jkt/9CE3/uzIHoumxeu5roLrl9TpFLtG8SRAoGBAOyY2rvV/vlSSn0CVUlv
+VW5SL4SjK7OGYrNU0mNS2uOIdqDvixWl0xgUcndex6MEH54ZYrUbG57D8rUy+UzB
+qusMJn3UX0pRXKRFBnBEp1bA1CIUdp7YY1CJkNPiv4GVkjFBhzkaQwsYpVMfORpf
+H0O8h2rfbtMiAP4imHBOGhkpAoGBAIpBVihRnl/Ungs7mKNU8mxW1KrpaTOFJAza
+1AwtxL9PAmk4fNTm3Ezt1xYRwz4A58MmwFEC3rt1nG9WnHrzju/PisUr0toGakTJ
+c/5umYf4W77xfOZltU9s8MnF/xbKixsX4lg9ojerAby/QM5TjI7t7+5ZneBj5nxe
+9Y5L8TvBAoGATUX5QIzFW/QqGoq08hysa+kMVja3TnKW1eWK0uL/8fEYEz2GCbjY
+dqfJHHFSlDBD4PF4dP1hG0wJzOZoKnGtHN9DvFbbpaS+NXCkXs9P/ABVmTo9I89n
+WvUi+LUp0EQR6zUuRr79jhiyX6i/GTKh9dwD5nyaHwx8qbAOITc78bA=
 -----END RSA PRIVATE KEY-----
--- a/certs/server-keyEnc.pem
+++ b/certs/server-keyEnc.pem
@@ -1,12 +1,30 @@
 -----BEGIN RSA PRIVATE KEY-----
 Proc-Type: 4,ENCRYPTED
-DEK-Info: DES-CBC,08132C1FFF5BC8CC
+DEK-Info: DES-CBC,136C7D8A69656668

-gsvuAsGmB8AkR23M25w4E6wuywfBey1Jqh3g71gJcnsUYwynex9dvfAU0lTowOXh
-sb7ld1KNjEMzrht9AC1IC0iE1rLqvRQZOdJ7h3n7aHZQ4a/HjcwAhqJq0ZW45m6Q
-mpoO5fRISjx2VbKFRUz6Xj2x0/do3IjQhpuUDVrTFFe1sEySM6APZ6CVpcnTOyPR
-ADyLDKzOi2E+sj1UXs58pct56FaqTIZPUEflICU3k6q9FPU6gsYANRLfzegclkv4
-JAx6mKVSJuYnjCCppx8WBwGJa1J1GcYRJ3qFfdbUzL4bcXTvoFkJEnDkHsXgDUS6
-xmT0XGT3IMaW8cwQ8KD8m5YYI/L26Mas/w3eA2ekyMR8pYICjXp/YZtcKxxkQSVE
-Uv/+D+20KbNAHIW5Mrxf61cX/CggGEbVP8ZhDY1flh8=
+jvNTyPaztxPIoAzbdmZnD0Zw2+60tMxNc0GMHNmeOyG25aHP/dT+TWiKFpFVkkkY
+uoCIhYUyw7gmpw+CnRJwWd+ans4nrvAjwy5oWJvarvsyUpjqvnPoIlAqd+d4TDKN
+eESzcI76+gHdisAtCrQD+fGqgTZhli5TgDbnpasL/QnY2qDlutvakkVw7gPXe156
+2Phy8WN+efr65J6wt3K/dj7Datl9u4JeHQK81gYyWBVX+EagEjPGDzkFQCj9Z0q7
+8K3iB5GW1JAqJS0IfZPB40AnSTF/n1TL1SN3qfU3l7hTGNrx9o7580bgDEoAR7pI
+F8eZlS15KHtZmh11AnU1KTKZ6kmgnNqeMTGMN6N0ct2wMKW1dV87eTDlF0oiR2ol
+XwtFgKmrIjfpmzkdWjbJmWnGMjD56KdiFZga/ZyKMsPrVoYLgfJEpn36iQspfygx
+HCGNTf0PjIsjEWU0WyQiF86t+c45W3wNFsv/AxVyfMl+su02yrd6u2ecuQDir3Cs
+b2k8IKtQgVe/NIpEWLKuiHG5oedIPPQyDYK5uq+gHxCGeOoKnWlsWFEHZRiza4X5
+tbgTrJB8Sw0ENWrvVGGmQZN4pSImlsMwzQ2qik5CQ00N1b3+56/obn0z75I3bUSb
+tC5g8DRjl6oclAenNgh/MYMT287y5W2dD4npxHcekX4O3J2CDXNfg4vV2j5GRxtg
+LVJdYE2p7bpYePCDHrYng8b9ubBprx0CrEnkIvvtUjzNPf6VDL0+MBKl+XgR2/nz
+iRqTuZnlGGOyM+KYDwXpgwfs/HfvFGksxTAlO/40GkGh+WGPaIoNyCK0SgQKhyb4
+JIkR0vd2/yLg3lWMJrGwh7A0Gm07Z/781oURP3uWd+PaCOgGcd5ipcAjcEyuxNly
+AthipWqmQWUcbf6Z2N9j3OA22Hv2Uzk8HSfi9VOZtL9svdEEZ0NnOekJgnc6stQp
+bXiknlK/T5WdrWxSyCfgUq68Vf6DFfIRAVuFdJ3WHT2wVXHrDfft6D+Ne/XCxPoE
+8zGmkyusaph33UHQ1oNyUbLbwcDCDSmOo8gYoedD3IwxtMA3wJRugomqosItwV8X
+vkgmcy8eSE/+gZUxJEN2gnLcfKFhCkC80J6oFhmoDD6vuUnPHcFdKZgVPw2rzPk5
+Vb1kX+gpORplYmKpq1vz/ujscL4T0TmYLz02hkIS4edpW55ncTTv7JWefpRiTB1J
+RB3td3me4htqR+YIDWJ+emrOmqsCG2WvpAS+MTw2mj1jYk9LL/ZYobTjSCEWmuwT
+yVK6m303irR7HQDauxhslRFgoK21w63viOyj5NKIU1gQtaAANGDxcgORC1XLjjgt
+oNutSQA+7P42vfHSHK4cnTBXl6V32H/GyVpdHQOZqSrqIjgLmUZodSmRPROxosZF
+a46B1O7m/rJFxkiKW4vod+/WqjoE0Hhfrb8rRrkRjzGeCqqSSnQ3vrunVkvF8hlA
+b6FOv4ZBJL4piC1GKH+rscqke9NEiDqXN8C3iYz86jbck/Ha21yUS8T3X7N52sg+
+B3AmOGnLK6BebYeto9vZxQjacChJZSixSxLV+l9/nVQ0+mW42azHdzk0ru59TGAj
 -----END RSA PRIVATE KEY-----
--- a/certs/server-keyPkcs8.pem
+++ b/certs/server-keyPkcs8.pem
@@ -1,10 +1,28 @@
 -----BEGIN PRIVATE KEY-----
-MIIBVQIBADANBgkqhkiG9w0BAQEFAASCAT8wggE7AgEAAkEAxnvAaIEv3oI/+azD
-hkpmt+zU8fZkIf/1ojRC0Difxt07biZlalSW3dJ76zairn4qnn5WpbaHnxXHGGZ+
-FnfipwIDAQABAkEAlJsbGCOBX6tNkvYS/ny+I38igHblyb8Gfgd67sM2fYDaSl0Z
-fZwJp/usRCggoKIfG+im/E5x3/uctL+A2WJ0IQIhAP9xf/1+8HVRqPDR+a/A0433
-7c/24lKqmKD3TMvfanCNAiEAxup571MEw3hPFduBaoD3Y+sJd7xYNnc/Cgmp1Hox
-FQMCIQCfL5MMXXPqGJaIZMIOBcOQoGXCCN+nloqBHTvtfPAu7QIgJWlYQaDVloX8
-Kdo8/vD+lnZQM4ri9Gt9GcAzhtjsfk0CIFLV5cn8wJna49+mXtcrYFT0/r0p0pST
-lYfF1FyFW9wO
+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDAlQjhV0HycW23
+0kVBJwFlxkWu8rwkMLiVzi9O1vYciLx8n/uoZ3/+XJxRdfeKygfnNS+P4b17wC98
+q2SoF/zKXXu64CHlci5vLobYlXParBtTuV8/1xkNJU/hY2NRiwtkP61DuKUcXDSz
+rgCgY8X2fwtZaHhzpowYqQJtr8MZAS64EOPGzEC0aaNGM2mHbsS7F6bz6N2tc7x7
+LyG1/WZRDL1Us+FtXxy8I3PRCQOJFNIQuWTDKtChlkq84dQaW8egwMFjeA9ENzAy
+loAyI5Whd7oT0pdz4l0lyWoNwzlgpLSwaUJCCenYCLwzILNYIqeq68Th5mGDxdKW
+39nQT63XAgMBAAECggEBAJrQNA9SYgVQAe+f7WRuwsTaGvKE15IQSJLE6Wrri3Vs
+xnk48slySoZkVJV3y8OanbfUHaQAyJ5O5N3HumcWwXS8qdaUjyswGvvt3yEFI9lK
+Ob2Ya2WauNzEfe6mQxUuPb4dImAqczDVPtiirIZDLsT1ZF4/iXUPEdhRJU6f2Kqj
+zmCz4orZfhvwZMqaWwULW6rL5eM/bjIiBfPQ+u90UoHiX3TTvf8xg0V1+mN6ly7W
+thnGkibkKAZQUA54Lql4DRSXtBLYMUCroQFBwjD4B18W5GF30mDyn43o9LrrY94q
+l4HvTGzmVTRRKyg09FMcxFgKP7uvtfdKhUMtPPFYWIECgYEA8ixUdjkjY8kQMreT
+ra++GXWWgWTmtbiJQkHRbdAcG/gbrGnLNjxkfdz0GbjDYLFXSF9ST1k6VX8ywBlD
+UD+uzm8X8w6fQMpOrRU7yXnpwFk4c3CcCnzJOkgyp9hJdQqFwsL9FXPamQkqaZqf
+CnG/sASmjHpab0haVDvGsVMX3+cCgYEAy5PedxVdt1xcfNiQqZgt1mkOY7Oj3KbM
+i2qkohKMjntILLJLN9wGGH3q/nah1KHpPw3NG1+vX56WW1sPoXyvs5uQ21dzOu2w
+I0SuQU8fB0ITI0zL+vQUpNX3njZ8W5+oPMGFX3TSOS3/0ITf+7Mgei6bF67muguu
+X1OkUu0bxJECgYEA7Jjau9X++VJKfQJVSW9VblIvhKMrs4Zis1TSY1La44h2oO+L
+FaXTGBRyd17HowQfnhlitRsbnsPytTL5TMGq6wwmfdRfSlFcpEUGcESnVsDUIhR2
+nthjUImQ0+K/gZWSMUGHORpDCxilUx85Gl8fQ7yHat9u0yIA/iKYcE4aGSkCgYEA
+ikFWKFGeX9SeCzuYo1TybFbUqulpM4UkDNrUDC3Ev08CaTh81ObcTO3XFhHDPgDn
+wybAUQLeu3Wcb1acevOO78+KxSvS2gZqRMlz/m6Zh/hbvvF85mW1T2zwycX/FsqL
+GxfiWD2iN6sBvL9AzlOMju3v7lmd4GPmfF71jkvxO8ECgYBNRflAjMVb9CoairTy
+HKxr6QxWNrdOcpbV5YrS4v/x8RgTPYYJuNh2p8kccVKUMEPg8Xh0/WEbTAnM5mgq
+ca0c30O8VtulpL41cKRez0/8AFWZOj0jz2da9SL4tSnQRBHrNS5Gvv2OGLJfqL8Z
+MqH13APmfJofDHypsA4hNzvxsA==
 -----END PRIVATE KEY-----
--- a/certs/server-keyPkcs8Enc.pem
+++ b/certs/server-keyPkcs8Enc.pem
@@ -0,0 +1,29 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIE6TAbBgkqhkiG9w0BBQMwDgQIr3AyvPqfFRQCAggABIIEyPUs6wCboqtKmExH
+zfez3vfHn2cp6s3X563Bz73hYn/8vXtI/q0oDNOpgav60/N7rMy50fno3LmW0/6E
+UN4MwofmBS3lp1ZVY3KmzDy6lz5vcFo4GCCj+X6dacsyBQ4lFOge5BihQ3R9cKt
+dSrd1EFKwGGu3qTDG7ajTZukmYjxuRqpyHqPO5OJO7yXxHOB7B7sSKIyJRCkkucd
+oBC86kQdWraweSYj+Klza6VjKzmNzDBx9Fyhrj9XGXJ3rJLhjgNpelwX+PIMU31i
+/yklI4jm0aMSoAvXgdBXZuOsnsI27GXxy//i7AOgLLWi+Bu4dJSSl5PMtespf83u
+5jSysJymXiNcN6vEautGyjCujdMs5c/FEMbgubAMXymCI9DsAN+5dNMDY8Zrfqdl
+hFKfctcu8BxFa+0tavJ28fOEBuEyJLsQ9OvvS7dn4AV502JRKWObfsw7fi+mMzMu
+oxhYo99MRqic6a9uDmYB3SPeU31eOHiEi0n51D7Gtcn++F+IaDFwSHMirThzakGn
+go3nj0yq62euzVcEuhIfTTAe3F2tqzpzznVFbs1XgrGVREJ6gp5vRgMUUGYIqQir
+p5oW0HVRI4iuoSjdN4/wNAxIP9zakwYx+vWx1VXhDVEJfgNmxDRvEbF+OOz+iJCf
+7A2e8L+kZ/5oC3HO8h7GdHNTUjRRdh8FUM8lGo+HbMYDznMy/bJlIP2bx9hIIha7
+U70i09glS2Z7Ei+VecJbvFzdro0vdYyGO2ef8bWwCc5JMucxDcRklWdUxK6amKJN
+VpXL3TW0VYCfr1rLmZXUfBGk/KXM20/BoM04WLjeR3oiV/2b7SYK7GnJ7kBmAHHx
+gnrwMDO3JvH89CwlHRizVSQl59ViqEMGLmbHThcMqkEOkFphB2xox7/IOVyp6cFn
+mY0ZCrbhdX+L6t5jiyq/4us5bzF7FOBYsJr6n1Rm9b8eeOL693y/6uM3CvTJcTOb
+5RqWiHgTgmefeOeUQ0/dVgvEOIWz2yqBQmHKiB4+0CGGIRwUOXBrTKSLilumsjQe
+qGhJ6yw25VIpdXsMD1WVviczgRTNYjdldIJoHQdvpCEAhQ1RR3rkuIPniTumJFmY
+CnjfNqjtkaZWIN1nOCmcu50tswksWEEFEfkcP1xyzhr3EVCYAoFncLTp5vHBtdmg
+6KBdar40/OFGAcbDGDX1g3XEEi6jHmy0Lyz7M3DwESgaMgwzscsQLr+wMITk1IUN
+yfiXHl1CQjGxhDj8KoAhdDjjPENkSlCSd1vEO+lg1/IFb1dtnL2DJp6BQt9/VLHo
+Fp3pdZ7r95H20+pEhCZp0HXLNo1o8xjJQ5RWUCs1Zc1cauDOAh8lAjps6MBxTa3a
+LOgTW9lgiAQ+S1g2jK4BmqbLvZUF+Z6xupc8uE3E3HhJolmDRYojMNFNmmvODa8M
+CneWmj3T1KvqEToAIq46mStlTfQufSMpaJ73Wds4gmIiGwn5hIuUN6f3kybbt4f2
+4DLZXMcjYweLi9tJtFC+JaO0rS5gtX/k/ys1QSblSU5qfRu1XfwNAcZO1ReKgGYN
+ymI78cSACGIcEvAwin8CdRu3W99NbMqHW9AcCETFlTsC3wNlQxyYSem75sjPaWVF
+sxLy7YxEJ8tDEJZbSQ==
+-----END ENCRYPTED PRIVATE KEY-----
--- a/certs/server-keyPkcs8Enc12.pem
+++ b/certs/server-keyPkcs8Enc12.pem
@@ -0,0 +1,29 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIE5TAcBgoqhkiG9w0BDAEBMA4ECFytdly5R2o9AgIIAASCBMOa6fgAUIR5GokK
+Z81YZMxC3sNqAwjLEkOwmez2za2fq+2mw6T8tB5W75lFpWyXD1MDPa1PpLzyw27c
+d2C8nipCzp37yYLmXr+aS519CBJR80ily/WLcdv+ScsA6pjOEW2p+VDY55jFp2pr
+n94/K2nFQpMxAdjxnqQCF5ewMLqzy3o3s6U3V9zIxy/xlLYi//UWFI8fqtOikqs4
+apWLNqJONRZq95OITKO/Nhz7GyEfjrewJmv4zVToEnSagSwbR4IVFn5Lok8rSpI9
+qwey9wsB1CguVwR0O2NjDVKUGXinfhdr+zMQlCoz+xY/Q1TkH4gEY5wpln4cBvtm
+PL/BnD4wEWHh8vS61wfOQ7wPgY+cdCe75stTrKzc6amVJB+40Qi3Vt4TEPGwcP16
+/qGl0zpYuAgilPtuEBw3GX3LiigpHmSt43D3DiYNGzv+Aran2Ei9iGSGeI2zHz8r
+WFZEnptAwlqeyL7+MZjAOXlu6QG1yix8HvZLmtBHrE2MhuR4KbS3fAUCNQpn8OKu
+zxYzs1ti5F2V4c9yK63gSz3H1ObRNsM2OkpUbSVGqLUN6a8HsI6yYh4we6q0gxKD
+VGdzEz4S1BFEBfXWVSPnRNMR4YD8kiQEPutUZFLiWWZ7WliH5yNfHZUia8dovxFa
+MWmAbSjMKRGvV+LvAGQHYBVfJSQO6VvBfBDtu0H4rLr8urmcPY+hbw1XxGfKSQp1
+iIdvVwjefl8wM9LSRsvqY5l4mu+XDPanQlFbzKBOSyLQts97ys3AR+jkK8Bmv14l
+xmCF8bJzzz5a2wAqbPhWIbk4J4VfcJEXNMzd19w4SxGv9fUXNiZZElUdNE+wtRsQ
+YvACYn9sZ6JUwg9hNTLXuXZY47LuQrrdTDHupoVA9zLvUYMKgO+pjwS8uy1dLQao
+0aztHLZEXuVJvpiRoMtYZl37ZNoLHQJeZUNyNATshAoD1+uSc7aywl8yqdTzXRR2
+g0rkExXEVJ5OPyzbFdOQSC5HoOC7dInIBmkrSFEJMKDkMzwYI+uSoIbn+8i+Gjzy
+Vh3/lftts/BIvr4NAh1ZAq/215jZSdAGo+1VZeuBeybwh3RBdBl8PhDBviTvbxSk
+P+F1T+UcbAz9bgjQJgNvDb9XHNI8rfEhfDPX/Pr4VvxBZNndmRJVQDKi23YD/7yF
+WAwXy418M7DPqp7NYmUHFe7JRm9bHk41EeknLZaZGW5qHwQKA10RoJCgjoOIFTsd
+kD3Qq/0mEuOiuJn5UPE19xtUpvFWamDf3s3zSHM7VJ+gGNrS/WbQ+KmTimj0Wucd
+2vWiNCGbhWwmp3LLKQlB5xDwXJy099SZUUkgcxGmfcT7FOpd3QSLYnwtPz8uLW0N
+76zbiUTYCQ/ASLrwcKFGCKKBz62DlRreK23E/RjqkKKCVFzzg8AzQTa02ml+wQyG
+5EOwEF2yIrhV0p4hY/GDAIe3cdchiy1EQf6xH/IxPF/QsKNp0CfHVPgdFwLzjM2
+oFD3analGblxp9CMiDbiKTOdFPL8XcguufqpWra2jtUbe07HQaeU2NcM2TeB2KsU
+PhgBwgdNxW69K55iHReaZtuLw0GhD+KBrm7gSteVniiYLzLKzxmMycGGtoNwpbGi
+MMJBE+BYZylG
+-----END ENCRYPTED PRIVATE KEY-----
--- a/certs/server-keyPkcs8Enc2.pem
+++ b/certs/server-keyPkcs8Enc2.pem
@@ -0,0 +1,30 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIxaI9IblN3acCAggA
+MBQGCCqGSIb3DQMHBAi7kwdRvCrqMgSCBMjkSOSVfmu42O0q2GzFrJVr3cam9ZKe
+InQsxqtgADdBxMgJJVnr360tUNPQyyvfCH//Duhz+aJIC0MQZkWR3ZSy5pfHX+vr
+C3wd741VOlI44uEdzRktlPc11saMDyKS04/K9aaYIDqspOiobt9WZLQildXl1n8j
+N+7Laj7A/vxJ5GUJ4hdPwQOIeuJXTDDzn+Ld12XXGH+Iw1M5Cx3tBw1TNizSnmXQ
+vf/MsfsWsZbHBppCXZbF27jJA+6Bg7dGT0OZM0pI+ZQvyHr+qjog0hollY9KjwTG
+h+hsM7umWFJdeRMrmkTrX/R9HY/c5I4ExNSp1AtMmFeeU8h2VTJtYcoykUU1q2pF
+KHfjPghwmYromQGR4nPA9sqa9s+VMq9OaqoJDoBwNobdFr7sEtMLT08vTa0+rMX7
+bmjAF44/dVBYpBxXjTQ0pXVeb24Q00Sn6NOI4fTsBnkR+WTtuwz/L0qaGnJlh10y
+sQ3+95cUtZc3SZS67yYUx5auswqT3V4JCmhJcHNi+/jHyrj9D8nVWibQ2TBmgUf+
+0NzvdKb7sraEx7PSgFWDMLoQrd2+cqsJArpY9TbLSLhBDrOVc8v/lXYuK6QI0gMd
+HIwAZARUZMoI3WS6icTLYyLdQPMsFzI6U0arkbrdhjNNd3kVqeFEJ+oF0rkuAcJJ
+K8eUcsby1AIBS/9tuW1gSYubmuXsZX8xbYbJnHUqGOTAVa7jo8eVUTiyUfPXa+0N
+s1tTpZXtOOlqncZ08mPHppshdKF2cpuh0JNjiR6fHvXytGWFGMsKtxdwKs/14UCg
+qoTW0EQU4ONfBxR2PtX8PlNV4bOt704HP8Vc0H9JV2uWpJaLRzY2bBiPgKcrO9Eh
+83zFrPu/0obBQTxnP3mMihxvCndflHQqeJ0V1YYw9n4+XbgBqULXDQs7OetRohnY
+gYyc//NdC2I8mbdabFYvUTWSH6oMA6lqkwTjTTwtn5E8BJkRi1sIq4jNFUekpm2T
+5AwP7xWn//PM+B12CPoIgYtYT6Yhbf8arXuGU28y1Ahhi/hKcpR9HRPQeyaR62vi
+skjjycfn38wcj0WrIVnOceGgPa3EBrkkTaPUHvMQ5G/xzMZ82o3CnmwdnH+lp3eg
+TLcLm8Yp9InkMJNVOrGLxFvmTljl3h9x2JVuE0wtuWt91QVmfCZo0k3Cx46ad7xB
+eK20veTy+PySy2U3W1twGfsXXXRwaQiXXRrgPciK0LcGXZneShZuebk04U31sq4F
+rYaMAzIDDmvwbjh+UpNcl1VdBDGGePxzzOD3HHYPbm240HVMPuS85P2kFjak3PdJ
+GqsRUS1SRp1e451aFGjzggPLXFjAfDMaxrgjSWapRzu78i+xvcvf69979oX0KO9Y
+KMSC14RnmnT1+UdKxX+p9r1AwfH/vJxM34AOSva1uLiSJckRGYGOzuaYsTT9ZAx/
+q3CNALF4qFUMWmJnvQDYmCUnw6lJl3CazbtV5RI2ILQX6ZHR6YAHT5hYY43k+AnZ
+mFW6BGKoX/f4iVqYtjQWiGWAJAf6C9+548O2t9MiVcgQf4Nvj6lFLM00pzFn7jW4
+DsDFUBmmrSF8wfR7SRpOc/ViVZBRleYPLsMu0tmD29fowqqBY0MEkxqSahFAGTgk
+sao=
+-----END ENCRYPTED PRIVATE KEY-----
--- a/certs/taoCert.txt
+++ b/certs/taoCert.txt
@@ -69,11 +69,34 @@ openssl rsa -in 1024rsa.priv -pubout -out 1024rsa.pub
 openssl pkcs8 -nocrypt -topk8 -in server-key.pem -out server-keyPkcs8.pem


+**** To convert to pkcs8 encrypted *******
+
+openssl pkcs8 -topk8 -in server-key.pem -out server-keyPkcs8Enc.pem
+
+passwd: yassl123
+
+to use PKCS#5 v2 instead of v1.5 which is default add
+
+-v2 des3       # file Pkcs8Enc2
+
+to use PKCS#12 instead use -v1 witch a 12 algo like
+
+-v1 PBE-SHA1-RC4-128   # file Pkcs8Enc12 , see man pkcs8 for more info
+
+
 **** To convert from pkcs8 to traditional ****

 openssl pkcs8 -nocrypt -in server-keyPkcs8.pem -out server-key.pem


+*** DH paramters ***
+
+openssl dhparam 2048 > dh2048.param
+
+to add metadata
+
+openssl dhparam -in dh2048.param -text > dh2048.pem
+
 **** ECC ******

 1) make a key
--- a/configure.ac
+++ b/configure.ac
@@ -0,0 +1,638 @@
+# configure.ac
+#
+# Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+#
+# This file is part of CyaSSL.
+#
+#
+
+AC_INIT([cyassl],[2.1.1],[http://www.yassl.com])
+
+AC_CONFIG_AUX_DIR(config)
+
+AC_CANONICAL_TARGET
+
+AM_INIT_AUTOMAKE(-Wall -Werror -Wno-portability foreign tar-ustar subdir-objects)
+
+AC_CANONICAL_HOST
+AC_CANONICAL_BUILD
+
+AC_PREREQ([2.61])
+
+AC_CONFIG_MACRO_DIR(m4)
+
+AC_CONFIG_HEADERS([config.h:config.in])dnl Keep filename to 8.3 for MS-DOS.
+
+
+#shared library versioning
+CYASSL_LIBRARY_VERSION=3:0:0
+#                      | | |
+#               +------+ | +---+
+#               |        |     |
+#              current:revision:age
+#               |        |     |
+#               |        |     +- increment if interfaces have been added
+#               |        |        set to zero if interfaces have been removed
+#                        |        or changed
+#               |        +- increment if source code has changed
+#               |           set to zero if current is incremented
+#               +- increment if interfaces have been added, removed or changed
+AC_SUBST(CYASSL_LIBRARY_VERSION)
+
+# Make sure configure doesn't add to CFLAGS
+CFLAGS="$CFLAGS $C_EXTRA_FLAGS"
+
+LT_INIT([win32-dll])
+LT_LANG([C++])
+LT_LANG([C])
+gl_VISIBILITY
+
+m4_ifdef([AM_SILENT_RULES],[AM_SILENT_RULES([yes])])
+
+AC_CHECK_FUNCS([gethostbyname])
+AC_CHECK_FUNCS([gettimeofday])
+AC_CHECK_FUNCS([inet_ntoa])
+AC_CHECK_FUNCS([memset])
+AC_CHECK_FUNCS([socket])
+AC_CHECK_HEADERS([arpa/inet.h])
+AC_CHECK_HEADERS([fcntl.h])
+AC_CHECK_HEADERS([limits.h])
+AC_CHECK_HEADERS([netdb.h])
+AC_CHECK_HEADERS([netinet/in.h])
+AC_CHECK_HEADERS([stddef.h])
+AC_CHECK_HEADERS([sys/ioctl.h])
+AC_CHECK_HEADERS([sys/socket.h])
+AC_CHECK_HEADERS([sys/time.h])
+AC_CHECK_HEADERS(errno.h)
+AC_CHECK_LIB(network,socket)
+AC_CHECK_SIZEOF(long long, 8)
+AC_CHECK_SIZEOF(long, 4)
+AC_C_BIGENDIAN
+AC_DISABLE_STATIC
+AC_DISABLE_STATIC
+AC_FUNC_MALLOC
+AC_FUNC_MKTIME
+AC_FUNC_REALLOC
+
+AC_PROG_CC
+AC_PROG_CC_C_O
+AC_PROG_CXX
+AC_PROG_INSTALL
+LT_INIT
+AC_TYPE_SIZE_T
+AC_TYPE_UINT8_T
+AM_PROG_AS
+AM_PROG_CC_C_O
+LT_LIB_M
+
+OPTIMIZE_CFLAGS="-Os -fomit-frame-pointer"
+OPTIMIZE_FAST_CFLAGS="-O3 -fomit-frame-pointer"
+OPTIMIZE_HUGE_CFLAGS="-funroll-loops -DTFM_SMALL_SET"
+DEBUG_CFLAGS="-g -DDEBUG -DDEBUG_CYASSL"
+
+
+# DEBUG
+AC_ARG_ENABLE(debug,
+    [  --enable-debug          Enable CyaSSL debugging support (default: disabled)],
+    [ ENABLED_DEBUG=$enableval ],
+    [ ENABLED_DEBUG=no ]
+    )
+if test "$ENABLED_DEBUG" = "yes"
+then
+  # Full debug. Very slow in some cases
+  AM_CFLAGS="$DEBUG_CFLAGS $AM_CFLAGS"
+else
+  # Optimized version. No debug
+  AM_CFLAGS="$AM_CFLAGS -DNDEBUG"
+fi
+
+
+# SMALL BUILD
+AC_ARG_ENABLE(small,
+    [  --enable-small          Enable smallest build (default: disabled)],
+    [ ENABLED_SMALL=$enableval ],
+    [ ENABLED_SMALL=no ]
+    )
+if test "$ENABLED_SMALL" = "yes"
+then
+  # make small no tls build with smallest cipher
+  # if you only want server or client you can define NO_CYASSL_SERVER or
+  # NO_CYASSL_CLIENT but then some of the examples and testsuite won't build
+  # note that TLS needs HMAC
+  AM_CFLAGS="-DNO_TLS -DNO_HMAC -DNO_AES -DNO_DES3 -DNO_SHA256 -DNO_ERROR_STRINGS -DNO_RABBIT -DNO_PSK -DNO_DSA -DNO_DH -DNO_PWDBASED $AM_CFLAGS" 
+fi
+
+
+# SINGLE THREADED
+AC_ARG_ENABLE(singleThreaded,
+    [  --enable-singleThreaded Enable CyaSSL single threaded (default: disabled)],
+    [ ENABLED_SINGLETHREADED=$enableval ],
+    [ ENABLED_SINGLETHREADED=no ]
+    )
+if test "$ENABLED_SINGLETHREADED" = "yes"
+then
+  AM_CFLAGS="-DSINGLE_THREADED $AM_CFLAGS"
+fi
+
+
+# DTLS
+AC_ARG_ENABLE(dtls,
+    [  --enable-dtls           Enable CyaSSL DTLS (default: disabled)],
+    [ ENABLED_DTLS=$enableval ],
+    [ ENABLED_DTLS=no ]
+    )
+if test "$ENABLED_DTLS" = "yes"
+then
+  AM_CFLAGS="-DCYASSL_DTLS $AM_CFLAGS"
+fi
+
+
+# OPENSSL Extra Compatibility
+AC_ARG_ENABLE(opensslExtra,
+    [  --enable-opensslExtra   Enable extra OpenSSL API, size+ (default: disabled)],
+    [ ENABLED_OPENSSLEXTRA=$enableval ],
+    [ ENABLED_OPENSSLEXTRA=no ]
+    )
+if test "$ENABLED_OPENSSLEXTRA" = "yes"
+then
+  AM_CFLAGS="-DOPENSSL_EXTRA $AM_CFLAGS"
+fi
+
+if test "$ENABLED_OPENSSLEXTRA" = "yes" && test "$ENABLED_SMALL" = "yes"
+then
+    AC_MSG_ERROR([cannot enable small and opensslExtra, only one or the other.])
+fi
+
+
+# IPv6 Test Apps
+AC_ARG_ENABLE(ipv6,
+    [  --enable-ipv6           Enable testing of IPV6 (default: disabled)],
+    [ ENABLED_IPV6=$enableval ],
+    [ ENABLED_IPV6=no ]
+    )
+
+if test "$ENABLED_IPV6" = "yes"
+then
+    AM_CFLAGS="$AM_CFLAGS -DTEST_IPV6"
+fi
+
+
+# Fortress build 
+AC_ARG_ENABLE(fortress,
+    [  --enable-fortress       Enable SSL fortress build (default: disabled)],
+    [ ENABLED_FORTRESS=$enableval ],
+    [ ENABLED_FORTRESS=no ]
+    )
+
+if test "$ENABLED_FORTRESS" = "yes"
+then
+    AM_CFLAGS="$AM_CFLAGS -DFORTRESS -DOPENSSL_EXTRA -DCYASSL_DES_ECB -DCYASSL_AES_COUNTER -DCYASSL_AES_DIRECT -DCYASSL_DER_LOAD"
+fi
+
+
+# ssl bump build 
+AC_ARG_ENABLE(bump,
+    [  --enable-bump           Enable SSL Bump build (default: disabled)],
+    [ ENABLED_BUMP=$enableval ],
+    [ ENABLED_BUMP=no ]
+    )
+
+if test "$ENABLED_BUMP" = "yes"
+then
+    AM_CFLAGS="$AM_CFLAGS -DLARGE_STATIC_BUFFERS -DCYASSL_CERT_GEN -DCYASSL_KEY_GEN -DHUGE_SESSION_CACHE -DOPENSSL_EXTRA -DFP_MAX_BITS=8192 -DCYASSL_DER_LOAD -DCYASSL_ALT_NAMES"
+fi
+
+# fastmath
+AC_ARG_ENABLE(fastmath,
+    [  --enable-fastmath       Enable fast math for BigInts (default: disabled)],
+    [ ENABLED_FASTMATH=$enableval ],
+    [ ENABLED_FASTMATH=no ]
+    )
+
+if test "x$ENABLED_FASTMATH" = "xyes"
+then
+    AM_CFLAGS="$AM_CFLAGS -DUSE_FAST_MATH"
+fi
+
+
+# fast HUGE math
+AC_ARG_ENABLE(fasthugemath,
+    [  --enable-fasthugemath   Enable fast math + huge code (default: disabled)],
+    [ ENABLED_FASTHUGEMATH=$enableval ],
+    [ ENABLED_FASTHUGEMATH=no ]
+    )
+
+if test "$ENABLED_BUMP" = "yes"
+then
+    ENABLED_FASTHUGEMATH="yes"
+fi
+
+if test "$ENABLED_FASTHUGEMATH" = "yes"
+then
+    ENABLED_FASTMATH="yes"
+    AM_CFLAGS="$AM_CFLAGS -DUSE_FAST_MATH"
+fi
+
+AM_CONDITIONAL([BUILD_FASTMATH], [test "x$ENABLED_FASTMATH" = "xyes"])
+
+
+# big cache
+AC_ARG_ENABLE(bigcache,
+    [  --enable-bigcache       Enable big session cache (default: disabled)],
+    [ ENABLED_BIGCACHE=$enableval ],
+    [ ENABLED_BIGCACHE=no ]
+    )
+
+if test "$ENABLED_BIGCACHE" = "yes"
+then
+    AM_CFLAGS="$AM_CFLAGS -DBIG_SESSION_CACHE"
+fi
+
+
+# HUGE cache
+AC_ARG_ENABLE(hugecache,
+    [  --enable-hugecache      Enable huge session cache (default: disabled)],
+    [ ENABLED_HUGECACHE=$enableval ],
+    [ ENABLED_HUGECACHE=no ]
+    )
+
+if test "$ENABLED_HUGECACHE" = "yes"
+then
+    AM_CFLAGS="$AM_CFLAGS -DHUGE_SESSION_CACHE"
+fi
+
+
+# SMALL cache
+AC_ARG_ENABLE(smallcache,
+    [  --enable-smallcache     Enable small session cache (default: disabled)],
+    [ ENABLED_SMALLCACHE=$enableval ],
+    [ ENABLED_SMALLCACHE=no ]
+    )
+
+if test "$ENABLED_SMALLCACHE" = "yes"
+then
+    AM_CFLAGS="$AM_CFLAGS -DSMALL_SESSION_CACHE"
+fi
+
+
+# SNIFFER
+AC_ARG_ENABLE(sniffer,
+    [  --enable-sniffer        Enable CyaSSL sniffer support (default: disabled)],
+    [ ENABLED_SNIFFER=$enableval ],
+    [ ENABLED_SNIFFER=no ]
+    )
+
+if test "$ENABLED_SNIFFER" = "yes"
+then
+    AM_CFLAGS="$AM_CFLAGS -DCYASSL_SNIFFER -DOPENSSL_EXTRA"
+fi
+
+AM_CONDITIONAL([BUILD_SNIFFER], [test "x$ENABLED_SNIFFER" = "xyes"])
+
+# AES-NI
+AC_ARG_ENABLE(aesni,
+    [  --enable-aesni          Enable CyaSSL AES-NI support (default: disabled)],
+    [ ENABLED_AESNI=$enableval ],
+    [ ENABLED_AESNI=no ]
+    )
+
+if test "$ENABLED_AESNI" = "yes"
+then
+    AM_CFLAGS="$AM_CFLAGS -DCYASSL_AESNI"
+    if test "$GCC" = "yes"
+    then
+        # GCC needs these flags, icc doesn't
+        AM_CFLAGS="$AM_CFLAGS -maes -msse4"
+    fi
+fi
+
+AM_CONDITIONAL([BUILD_AESNI], [test "x$ENABLED_AESNI" = "xyes"])
+
+
+# RIPEMD
+AC_ARG_ENABLE(ripemd,
+    [  --enable-ripemd         Enable CyaSSL RIPEMD-160 support (default: disabled)],
+    [ ENABLED_RIPEMD=$enableval ],
+    [ ENABLED_RIPEMD=no ]
+    )
+
+if test "$ENABLED_RIPEMD" = "yes"
+then
+    AM_CFLAGS="$AM_CFLAGS -DCYASSL_RIPEMD"
+fi
+
+AM_CONDITIONAL([BUILD_RIPEMD], [test "x$ENABLED_RIPEMD" = "xyes"])
+
+
+# SHA512
+AC_ARG_ENABLE(sha512,
+    [  --enable-sha512         Enable CyaSSL SHA-160 support (default: disabled)],
+    [ ENABLED_SHA512=$enableval ],
+    [ ENABLED_SHA512=no ]
+    )
+
+if test "$ENABLED_SHA512" = "yes"
+then
+    AM_CFLAGS="$AM_CFLAGS -DCYASSL_SHA512"
+fi
+
+AM_CONDITIONAL([BUILD_SHA512], [test "x$ENABLED_SHA512" = "xyes"])
+
+
+# SESSION CERTS
+AC_ARG_ENABLE(sessioncerts,
+    [  --enable-sessioncerts   Enable session cert storing (default: disabled)],
+    [ ENABLED_SESSIONCERTS=$enableval ],
+    [ ENABLED_SESSIONCERTS=no ]
+    )
+
+if test "$ENABLED_SESSIONCERTS" = "yes"
+then
+    AM_CFLAGS="$AM_CFLAGS -DSESSION_CERTS"
+fi
+
+
+# KEY GENERATION
+AC_ARG_ENABLE(keygen,
+    [  --enable-keygen         Enable key generation (default: disabled)],
+    [ ENABLED_KEYGEN=$enableval ],
+    [ ENABLED_KEYGEN=no ]
+    )
+
+if test "$ENABLED_KEYGEN" = "yes"
+then
+    AM_CFLAGS="$AM_CFLAGS -DCYASSL_KEY_GEN"
+fi
+
+
+# CERT GENERATION
+AC_ARG_ENABLE(certgen,
+    [  --enable-certgen        Enable cert generation (default: disabled)],
+    [ ENABLED_CERTGEN=$enableval ],
+    [ ENABLED_CERTGEN=no ]
+    )
+
+if test "$ENABLED_CERTGEN" = "yes"
+then
+    AM_CFLAGS="$AM_CFLAGS -DCYASSL_CERT_GEN"
+fi
+
+
+# HC128 
+AC_ARG_ENABLE(hc128,
+    [  --enable-hc128          Enable HC-128 (default: disabled)],
+    [ ENABLED_HC128=$enableval ],
+    [ ENABLED_HC128=no ]
+    )
+
+if test "$ENABLED_HC128" = "no"
+then
+    AM_CFLAGS="$AM_CFLAGS -DNO_HC128"
+else
+    AM_CFLAGS="$AM_CFLAGS -DHAVE_HC128"
+fi
+
+AM_CONDITIONAL([BUILD_HC128], [test "x$ENABLED_HC128" = "xyes"])
+
+
+# PSK 
+AC_ARG_ENABLE(psk,
+    [  --enable-psk            Enable PSK (default: disabled)],
+    [ ENABLED_PSK=$enableval ],
+    [ ENABLED_PSK=no ]
+    )
+
+if test "$ENABLED_PSK" = "no"
+then
+    AM_CFLAGS="$AM_CFLAGS -DNO_PSK"
+fi
+
+
+# Web Server Build 
+AC_ARG_ENABLE(webServer,
+    [  --enable-webServer      Enable Web Server (default: disabled)],
+    [ ENABLED_WEBSERVER=$enableval ],
+    [ ENABLED_WEBSERVER=no ]
+    )
+
+if test "$ENABLED_WEBSERVER" = "yes"
+then
+    AM_CFLAGS="$AM_CFLAGS -DHAVE_WEBSERVER"
+fi
+
+
+# No Filesystem Build 
+AC_ARG_ENABLE(noFilesystem,
+    [  --enable-noFilesystem   Enable No Filesystem (default: disabled)],
+    [ ENABLED_NOFILESYSTEM=$enableval ],
+    [ ENABLED_NOFILESYSTEM=no ]
+    )
+
+if test "$ENABLED_NOFILESYSTEM" = "yes"
+then
+    AM_CFLAGS="$AM_CFLAGS -DNO_FILESYSTEM"
+fi
+
+
+# No inline Build 
+AC_ARG_ENABLE(noInline,
+    [  --enable-noInline       Enable No inline (default: disabled)],
+    [ ENABLED_NOINLINE=$enableval ],
+    [ ENABLED_NOINLINE=no ]
+    )
+
+if test "$ENABLED_NOINLINE" = "yes"
+then
+    AM_CFLAGS="$AM_CFLAGS -DNO_INLINE"
+fi
+
+AM_CONDITIONAL([BUILD_NOINLINE], [test "x$ENABLED_NOINLINE" = "xyes"])
+
+
+# ECC 
+AC_ARG_ENABLE(ecc,
+    [  --enable-ecc            Enable ECC (default: disabled)],
+    [ ENABLED_ECC=$enableval ],
+    [ ENABLED_ECC=no ]
+    )
+
+if test "$ENABLED_ECC" = "yes"
+then
+    AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC"
+fi
+
+AM_CONDITIONAL([BUILD_ECC], [test "x$ENABLED_ECC" = "xyes"])
+
+
+if test "$ENABLED_ECC" = "yes" && test "$ENABLED_SMALL" = "yes"
+then
+    AC_MSG_ERROR([cannot enable ecc and small, ecc requires TLS which small turns off.]) 
+fi
+
+
+# OCSP
+AC_ARG_ENABLE(ocsp,
+    [  --enable-ocsp           Enable OCSP (default: disabled)],
+    [ ENABLED_OCSP=$enableval ],
+    [ ENABLED_OCSP=no ],
+    )
+
+if test "$ENABLED_OCSP" = "yes"
+then
+    AM_CFLAGS="$AM_CFLAGS -DHAVE_OCSP"
+fi
+
+AM_CONDITIONAL([BUILD_OCSP], [test "x$ENABLED_OCSP" = "xyes"])
+
+
+# NTRU
+ntruHome=`pwd`/NTRU_algorithm
+ntruInclude=$ntruHome/cryptolib
+ntruLib=$ntruHome
+AC_ARG_ENABLE(ntru,
+    [  --enable-ntru           Enable NTRU (default: disabled)],
+    [ ENABLED_NTRU=$enableval ],
+    [ ENABLED_NTRU=no ]
+    )
+
+if test "$ENABLED_NTRU" = "yes"
+then
+    AM_CFLAGS="$AM_CFLAGS -DHAVE_NTRU -I$ntruInclude"
+    AM_LDFLAGS="$AM_LDFLAGS -L$ntruLib"
+    LIBS="$LIBS -lntru_encrypt"
+fi
+
+AM_CONDITIONAL([BUILD_NTRU], [test "x$ENABLED_NTRU" = "xyes"])
+
+if test "$ENABLED_NTRU" = "yes" && test "$ENABLED_SMALL" = "yes"
+then
+    AC_MSG_ERROR([cannot enable ntru and small, ntru requires TLS which small turns off.]) 
+fi
+
+
+# Test certs, use internal cert functions for extra testing 
+AC_ARG_ENABLE(testcert,
+    [  --enable-testcert       Enable Test Cert (default: disabled)],
+    [ ENABLED_TESTCERT=$enableval ],
+    [ ENABLED_TESTCERT=no ]
+    )
+
+if test "$ENABLED_TESTCERT" = "yes"
+then
+    AM_CFLAGS="$AM_CFLAGS -DCYASSL_TEST_CERT"
+fi
+
+
+# LIBZ
+trylibzdir=""
+AC_ARG_WITH(libz,
+    [  --with-libz=PATH        PATH to libz install (default /usr/) ],
+    [
+        AC_MSG_CHECKING([for libz])
+        CPPFLAGS="$CPPFLAGS -DHAVE_LIBZ"
+        LIBS="$LIBS -lz"
+
+        AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <zlib.h>]], [[ deflateInit(0, 8); ]])],[ libz_linked=yes ],[ libz_linked=no ])
+
+        if test "x$libz_linked" == "xno" ; then
+            if test "x$withval" != "xno" ; then
+                trylibzdir=$withval
+            fi
+            if test "x$withval" == "xyes" ; then
+                trylibzdir="/usr"
+            fi
+
+            AM_LDFLAGS="$AM_LDFLAGS -L$trylibzdir/lib"
+            CPPFLAGS="$CPPFLAGS -I$trylibzdir/include"
+
+            AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <zlib.h>]], [[ deflateInit(0, 8); ]])],[ libz_linked=yes ],[ libz_linked=no ])
+
+            if test "x$libz_linked" == "xno" ; then
+                AC_MSG_ERROR([libz isn't found.
+                If it's already installed, specify its path using --with-libz=/dir/])
+            fi
+            AC_MSG_RESULT([yes])
+        else
+            AC_MSG_RESULT([yes])
+        fi
+
+    ]
+)
+
+
+# OPTIMIZE FLAGS
+if test "$GCC" = "yes"
+then
+    AM_CFLAGS="$AM_CFLAGS -Wall -Wno-unused"
+    if test "$ENABLED_DEBUG" = "no"
+    then
+        if test "$ENABLED_FASTMATH" = "yes"
+        then
+            AM_CFLAGS="$AM_CFLAGS $OPTIMIZE_FAST_CFLAGS"
+            if test "$ENABLED_FASTHUGEMATH" = "yes"
+            then
+                AM_CFLAGS="$AM_CFLAGS $OPTIMIZE_HUGE_CFLAGS"
+            fi
+        else
+            AM_CFLAGS="$AM_CFLAGS $OPTIMIZE_CFLAGS"
+        fi
+    fi
+fi
+
+AX_PTHREAD([
+            AC_DEFINE([HAVE_PTHREAD], [1], [Define if you have POSIX threads libraries and header files.])
+            ],
+            [
+             AC_DEFINE([HAVE_PTHREAD], [0], [Define if you have POSIX threads libraries and header files.])
+             ])
+
+LIB_SOCKET_NSL
+
+dnl Various GCC warnings that should never fire for release quality code
+GCCWARNINGS="-Wall -fno-strict-aliasing -W -Wfloat-equal -Wundef        \
+  -Wpointer-arith -Wstrict-prototypes -Wmissing-prototypes                \
+  -Wwrite-strings -Wredundant-decls -Wchar-subscripts -Wcomment           \
+  -Wformat=2 -Wwrite-strings -Wmissing-declarations -Wredundant-decls     \
+  -Wnested-externs -Wbad-function-cast -Wswitch-enum -Winit-self          \
+  -Wmissing-field-initializers -Wdeclaration-after-statement              \
+  -Wold-style-definition -Waddress -Wmissing-noreturn -Wnormalized=id     \
+  -Woverride-init -Wstrict-overflow=1 -Wextra -Warray-bounds              \
+  -Wstack-protector -Wformat -Wformat-security -Wpointer-sign -Wshadow    \
+  -Wswitch-default"
+
+AC_ARG_ENABLE(gcc-lots-o-warnings,
+AS_HELP_STRING(--enable-gcc-lots-o-warnings, Enable lots of gcc warnings (default: disabled)),
+[if test x$enableval = xyes; then
+    AM_CFLAGS="$AM_CFLAGS $GCCWARNINGS"
+fi])
+
+AC_ARG_ENABLE(gcc-hardening,
+AS_HELP_STRING(--enable-gcc-hardening, Enable compiler security checks (default: disabled)),
+[if test x$enableval = xyes; then
+    AM_CFLAGS="$AM_CFLAGS -D_FORTIFY_SOURCE=2 -fstack-protector-all"
+    AM_CFLAGS="$AM_CFLAGS -fwrapv -fPIE -Wstack-protector"
+    AM_CFLAGS="$AM_CFLAGS --param ssp-buffer-size=1"
+    LDFLAGS="$LDFLAGS -pie"
+fi])
+
+dnl Linker hardening options
+dnl Currently these options are ELF specific - you can't use this with MacOSX
+AC_ARG_ENABLE(linker-hardening,
+AS_HELP_STRING(--enable-linker-hardening, Enable linker security fixups (default: disabled)),
+[if test x$enableval = xyes; then
+    LDFLAGS="$LDFLAGS -z relro -z now"
+fi])
+
+CREATE_HEX_VERSION
+AM_CFLAGS="$AM_CFLAGS $CFLAG_VISIBILITY"
+AC_SUBST(AM_CFLAGS)
+AC_SUBST(AM_LDFLAGS)
+
+# FINAL
+AC_CONFIG_FILES([stamp-h], [echo timestamp > stamp-h])
+AC_CONFIG_FILES([Makefile])
+AC_CONFIG_FILES([cyassl/version.h])
+AC_CONFIG_FILES([support/libcyassl.pc])
+
+AC_OUTPUT
+
--- a/configure.in
+++ b/configure.in
@@ -1,432 +0,0 @@
-AC_INIT
-AC_CANONICAL_SYSTEM
-AM_INIT_AUTOMAKE(cyassl,1.8.8)
-AM_CONFIG_HEADER(ctaocrypt/include/config.h)
-
-
-#dnl Include m4
-#sinclude(lib_socket_nsl.m4)
-#sinclude(acx_pthread.m4)
-AC_CONFIG_MACRO_DIR([m4])
-
-
-# make sure configure doesn't add to CFLAGS
-CFLAGS="$CFLAGS $C_EXTRA_FLAGS"    
-
-AC_PROG_CC
-AC_PROG_CC_C_O
-AM_PROG_AS
-AC_PROG_INSTALL
-AC_LIBTOOL_WIN32_DLL
-AC_PROG_LIBTOOL
-
-AC_PREFIX_DEFAULT(/usr/local/cyassl)
-
-AC_C_BIGENDIAN
-
-AC_CHECK_SIZEOF(long, 4)
-AC_CHECK_SIZEOF(long long, 8)
-
-AC_CHECK_LIB(network,socket)
-AC_CHECK_LIBM
-
-AC_CHECK_HEADERS(errno.h)
-
-OPTIMIZE_CFLAGS="-Os -fomit-frame-pointer"
-OPTIMIZE_FAST_CFLAGS="-O3 -fomit-frame-pointer"
-OPTIMIZE_HUGE_CFLAGS="-funroll-loops -DTFM_SMALL_SET"
-DEBUG_CFLAGS="-g -DDEBUG -DDEBUG_CYASSL"
-
-
-# DEBUG
-AC_ARG_ENABLE(debug,
-    [  --enable-debug          Enable CyaSSL debugging support (default: disabled)],
-    [ ENABLED_DEBUG=$enableval ],
-    [ ENABLED_DEBUG=no ]
-    )
-if test "$ENABLED_DEBUG" = "yes"
-then
-  # Full debug. Very slow in some cases
-  CFLAGS="$DEBUG_CFLAGS $CFLAGS"
-else
-  # Optimized version. No debug
-  CFLAGS="$CFLAGS -DNDEBUG"
-fi
-
-
-# SMALL BUILD
-AC_ARG_ENABLE(small,
-    [  --enable-small          Enable smallest build (default: disabled)],
-    [ ENABLED_SMALL=$enableval ],
-    [ ENABLED_SMALL=no ]
-    )
-if test "$ENABLED_SMALL" = "yes"
-then
-  # make small no tls build with smallest cipher
-  # if you only want server or client you can define NO_CYASSL_SERVER or
-  # NO_CYASSL_CLIENT but then some of the examples and testsuite won't build
-  # note that TLS needs HMAC
-  CFLAGS="-DNO_TLS -DNO_HMAC -DNO_AES -DNO_DES3 -DNO_SHA256 -DNO_ERROR_STRINGS -DNO_HC128 -DNO_RABBIT -DNO_PSK -DNO_DSA -DNO_DH $CFLAGS"
-fi
-
-
-# SINGLE THREADED
-AC_ARG_ENABLE(singleThreaded,
-    [  --enable-singleThreaded Enable CyaSSL single threaded (default: disabled)],
-    [ ENABLED_SINGLETHREADED=$enableval ],
-    [ ENABLED_SINGLETHREADED=no ]
-    )
-if test "$ENABLED_SINGLETHREADED" = "yes"
-then
-  CFLAGS="-DSINGLE_THREADED $CFLAGS"
-fi
-
-
-# DTLS
-AC_ARG_ENABLE(dtls,
-    [  --enable-dtls           Enable CyaSSL DTLS (default: disabled)],
-    [ ENABLED_DTLS=$enableval ],
-    [ ENABLED_DTLS=no ]
-    )
-if test "$ENABLED_DTLS" = "yes"
-then
-  CFLAGS="-DCYASSL_DTLS $CFLAGS"
-fi
-
-
-# OPENSSL Extra Compatibility
-AC_ARG_ENABLE(opensslExtra,
-    [  --enable-opensslExtra   Enable extra OpenSSL API, size+ (default: disabled)],
-    [ ENABLED_OPENSSLEXTRA=$enableval ],
-    [ ENABLED_OPENSSLEXTRA=no ]
-    )
-if test "$ENABLED_OPENSSLEXTRA" = "yes"
-then
-  CFLAGS="-DOPENSSL_EXTRA $CFLAGS"
-fi
-
-
-# IPv6 Test Apps
-AC_ARG_ENABLE(ipv6,
-    [  --enable-ipv6           Enable testing of IPV6 (default: disabled)],
-    [ ENABLED_IPV6=$enableval ],
-    [ ENABLED_IPV6=no ]
-    )
-
-if test "$ENABLED_IPV6" = "yes"
-then
-    CFLAGS="$CFLAGS -DTEST_IPV6"
-fi
-
-
-# fastmath
-AC_ARG_ENABLE(fastmath,
-    [  --enable-fastmath       Enable fast math for BigInts(default: disabled)],
-    [ ENABLED_FASTMATH=$enableval ],
-    [ ENABLED_FASTMATH=no ]
-    )
-
-if test "$ENABLED_FASTMATH" = "yes"
-then
-    CFLAGS="$CFLAGS -DUSE_FAST_MATH"
-fi
-
-
-# fast HUGE math
-AC_ARG_ENABLE(fasthugemath,
-    [  --enable-fasthugemath   Enable fast math + huge code for BigInts(def: off)],
-    [ ENABLED_FASTHUGEMATH=$enableval ],
-    [ ENABLED_FASTHUGEMATH=no ]
-    )
-
-if test "$ENABLED_FASTHUGEMATH" = "yes"
-then
-    ENABLED_FASTMATH="yes"
-    CFLAGS="$CFLAGS -DUSE_FAST_MATH"
-fi
-
-AM_CONDITIONAL([BUILD_FASTMATH], [test "x$ENABLED_FASTMATH" = "xyes"])
-
-
-# big cache
-AC_ARG_ENABLE(bigcache,
-    [  --enable-bigcache       Enable big session cache (default: disabled)],
-    [ ENABLED_BIGCACHE=$enableval ],
-    [ ENABLED_BIGCACHE=no ]
-    )
-
-if test "$ENABLED_BIGCACHE" = "yes"
-then
-    CFLAGS="$CFLAGS -DBIG_SESSION_CACHE"
-fi
-
-
-# HUGE cache
-AC_ARG_ENABLE(hugecache,
-    [  --enable-hugecache      Enable huge session cache (default: disabled)],
-    [ ENABLED_HUGECACHE=$enableval ],
-    [ ENABLED_HUGECACHE=no ]
-    )
-
-if test "$ENABLED_HUGECACHE" = "yes"
-then
-    CFLAGS="$CFLAGS -DHUGE_SESSION_CACHE"
-fi
-
-
-# SNIFFER
-AC_ARG_ENABLE(sniffer,
-    [  --enable-sniffer        Enable CyaSSL sniffer support (default: disabled)],
-    [ ENABLED_SNIFFER=$enableval ],
-    [ ENABLED_SNIFFER=no ]
-    )
-
-if test "$ENABLED_SNIFFER" = "yes"
-then
-    CFLAGS="$CFLAGS -DCYASSL_SNIFFER -DOPENSSL_EXTRA"
-fi
-
-AM_CONDITIONAL([BUILD_SNIFFER], [test "x$ENABLED_SNIFFER" = "xyes"])
-
-# AES-NI
-AC_ARG_ENABLE(aesni,
-    [  --enable-aesni          Enable CyaSSL AES-NI support (default: disabled)],
-    [ ENABLED_AESNI=$enableval ],
-    [ ENABLED_AESNI=no ]
-    )
-
-if test "$ENABLED_AESNI" = "yes"
-then
-    CFLAGS="$CFLAGS -DCYASSL_AESNI"
-    if test "$GCC" = "yes"
-    then
-        # GCC needs these flags, icc doesn't
-        CFLAGS="$CFLAGS -maes -msse4"
-    fi
-fi
-
-AM_CONDITIONAL([BUILD_AESNI], [test "x$ENABLED_AESNI" = "xyes"])
-
-
-# RIPEMD
-AC_ARG_ENABLE(ripemd,
-    [  --enable-ripemd         Enable CyaSSL RIPEMD-160 support (default: disabled)],
-    [ ENABLED_RIPEMD=$enableval ],
-    [ ENABLED_RIPEMD=no ]
-    )
-
-if test "$ENABLED_RIPEMD" = "yes"
-then
-    CFLAGS="$CFLAGS -DCYASSL_RIPEMD"
-fi
-
-AM_CONDITIONAL([BUILD_RIPEMD], [test "x$ENABLED_RIPEMD" = "xyes"])
-
-
-# SHA512
-AC_ARG_ENABLE(sha512,
-    [  --enable-sha512         Enable CyaSSL SHA-160 support (default: disabled)],
-    [ ENABLED_SHA512=$enableval ],
-    [ ENABLED_SHA512=no ]
-    )
-
-if test "$ENABLED_SHA512" = "yes"
-then
-    CFLAGS="$CFLAGS -DCYASSL_SHA512"
-fi
-
-AM_CONDITIONAL([BUILD_SHA512], [test "x$ENABLED_SHA512" = "xyes"])
-
-
-# SESSION CERTS
-AC_ARG_ENABLE(sessioncerts,
-    [  --enable-sessioncerts   Enable session cert storing (default: disabled)],
-    [ ENABLED_SESSIONCERTS=$enableval ],
-    [ ENABLED_SESSIONCERTS=no ]
-    )
-
-if test "$ENABLED_SESSIONCERTS" = "yes"
-then
-    CFLAGS="$CFLAGS -DSESSION_CERTS"
-fi
-
-
-# KEY GENERATION
-AC_ARG_ENABLE(keygen,
-    [  --enable-keygen         Enable key generation (default: disabled)],
-    [ ENABLED_KEYGEN=$enableval ],
-    [ ENABLED_KEYGEN=no ]
-    )
-
-if test "$ENABLED_KEYGEN" = "yes"
-then
-    CFLAGS="$CFLAGS -DCYASSL_KEY_GEN"
-fi
-
-
-# CERT GENERATION
-AC_ARG_ENABLE(certgen,
-    [  --enable-certgen        Enable cert generation (default: disabled)],
-    [ ENABLED_CERTGEN=$enableval ],
-    [ ENABLED_CERTGEN=no ]
-    )
-
-if test "$ENABLED_CERTGEN" = "yes"
-then
-    CFLAGS="$CFLAGS -DCYASSL_CERT_GEN"
-fi
-
-
-# HC128
-AC_ARG_ENABLE(hc128,
-    [  --enable-hc128          Enable HC-128 (default: disabled)],
-    [ ENABLED_HC128=$enableval ],
-    [ ENABLED_HC128=no ]
-    )
-
-if test "$ENABLED_HC128" = "no"
-then
-    CFLAGS="$CFLAGS -DNO_HC128"
-fi
-
-AM_CONDITIONAL([BUILD_HC128], [test "x$ENABLED_HC128" = "xyes"])
-
-
-# PSK 
-AC_ARG_ENABLE(psk,
-    [  --enable-psk            Enable PSK (default: disabled)],
-    [ ENABLED_PSK=$enableval ],
-    [ ENABLED_PSK=no ]
-    )
-
-if test "$ENABLED_PSK" = "no"
-then
-    CFLAGS="$CFLAGS -DNO_PSK"
-fi
-
-
-# ECC 
-AC_ARG_ENABLE(ecc,
-    [  --enable-ecc            Enable ECC (default: disabled)],
-    [ ENABLED_ECC=$enableval ],
-    [ ENABLED_ECC=no ]
-    )
-
-if test "$ENABLED_ECC" = "yes"
-then
-    CFLAGS="$CFLAGS -DHAVE_ECC"
-fi
-
-AM_CONDITIONAL([BUILD_ECC], [test "x$ENABLED_ECC" = "xyes"])
-
-
-# NTRU
-ntruHome=`pwd`/NTRU_algorithm
-ntruInclude=$ntruHome/cryptolib
-ntruLib=$ntruHome
-AC_ARG_ENABLE(ntru,
-    [  --enable-ntru           Enable NTRU (default: disabled)],
-    [ ENABLED_NTRU=$enableval ],
-    [ ENABLED_NTRU=no ]
-    )
-
-if test "$ENABLED_NTRU" = "yes"
-then
-    CFLAGS="$CFLAGS -DHAVE_NTRU -I$ntruInclude"
-    LDFLAGS="$LDFLAGS -L$ntruLib"
-    LIBS="$LIBS -lntru_encrypt"
-fi
-
-AM_CONDITIONAL([BUILD_NTRU], [test "x$ENABLED_NTRU" = "xyes"])
-
-
-# LIBZ
-trylibzdir=""
-AC_ARG_WITH(libz,
-    [  --with-libz=PATH        PATH to libz install (default /usr/) ],
-    [
-        AC_MSG_CHECKING([for libz])
-        CPPFLAGS="$CPPFLAGS -DHAVE_LIBZ"
-        LIBS="$LIBS -lz"
-
-        AC_TRY_LINK([#include <zlib.h>], [ deflateInit(NULL, 8); ],
-            [ libz_linked=yes ], [ libz_linked=no ])
-
-        if test "x$libz_linked" == "xno" ; then
-            if test "x$withval" != "xno" ; then
-                trylibzdir=$withval
-            fi
-            if test "x$withval" == "xyes" ; then
-                trylibzdir="/usr"
-            fi
-
-            LDFLAGS="$LDFLAGS -L$trylibzdir/lib"
-            CPPFLAGS="$CPPFLAGS -I$trylibzdir/include"
-
-            AC_TRY_LINK([#include <zlib.h>], [ deflateInit(NULL, 8); ],
-                [ libz_linked=yes ], [ libz_linked=no ])
-
-            if test "x$libz_linked" == "xno" ; then
-                AC_MSG_ERROR([libz isn't found.
-                If it's already installed, specify its path using --with-libz=/dir/])
-            fi
-            AC_MSG_RESULT([yes])
-        else
-            AC_MSG_RESULT([yes])
-        fi
-
-    ]
-)
-
-
-# OPTIMIZE FLAGS
-if test "$GCC" = "yes"
-then
-    CFLAGS="$CFLAGS -Wall -Wno-unused"
-    if test "$ENABLED_DEBUG" = "no"
-    then
-        if test "$ENABLED_FASTMATH" = "yes"
-        then
-            CFLAGS="$CFLAGS $OPTIMIZE_FAST_CFLAGS"
-            if test "$ENABLED_FASTHUGEMATH" = "yes"
-            then
-                CFLAGS="$CFLAGS $OPTIMIZE_HUGE_CFLAGS"
-            fi
-        else
-            CFLAGS="$CFLAGS $OPTIMIZE_CFLAGS"
-        fi
-    fi
-fi
-
-
-
-
-ACX_PTHREAD
-
-LIBS="$PTHREAD_LIBS $LIBM $LIBS"
-CFLAGS="$CFLAGS $PTHREAD_CFLAGS"
-
-LIB_SOCKET_NSL
-
-AC_SUBST(CFLAGS)
-AC_SUBST(LIBS)
-
-
-
-# FINAL
-AC_CONFIG_FILES(Makefile dnl
-        ctaocrypt/Makefile dnl
-        ctaocrypt/src/Makefile dnl
-        ctaocrypt/test/Makefile dnl
-        ctaocrypt/benchmark/Makefile dnl
-        src/Makefile dnl
-        examples/Makefile dnl
-        examples/client/Makefile dnl
-        examples/server/Makefile dnl
-        examples/echoclient/Makefile dnl
-        examples/echoserver/Makefile dnl
-        testsuite/Makefile dnl
-        sslSniffer/Makefile dnl
-        sslSniffer/sslSnifferTest/Makefile)
-AC_OUTPUT
-
--- a/ctaocrypt/Makefile.am
+++ b/ctaocrypt/Makefile.am
@@ -1,3 +0,0 @@
-SUBDIRS = src test benchmark
-EXTRA_DIST = ctaocrypt.sln ctaocrypt.vcproj
-
--- a/ctaocrypt/benchmark/Makefile.am
+++ b/ctaocrypt/benchmark/Makefile.am
@@ -1,7 +0,0 @@
-INCLUDES = -I../include
-bin_PROGRAMS = benchmark
-benchmark_SOURCES = benchmark.c
-benchmark_LDFLAGS      = -L../src
-benchmark_LDADD        = ../../src/libcyassl.la
-benchmark_DEPENDENCIES = ../../src/libcyassl.la
-EXTRA_DIST =  *.der benchmark.sln benchmark.vcproj
--- a/ctaocrypt/benchmark/benchmark.c
+++ b/ctaocrypt/benchmark/benchmark.c
@@ -1,24 +1,48 @@
-/* benchmark.c */
+/* benchmark.c
+ *
+ * Copyright (C) 2006-2012 Sawtooth Consulting Ltd.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
 /* CTaoCrypt benchmark */

+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
 #include <string.h>
 #include <stdio.h>

-#include "des3.h"
-#include "arc4.h"
-#include "hc128.h"
-#include "rabbit.h"
-#include "ctc_aes.h"
-#include "ctc_md5.h"
-#include "ctc_sha.h"
-#include "sha256.h"
-#include "sha512.h"
-#include "ctc_rsa.h"
-#include "asn.h"
-#include "ctc_ripemd.h"
-
-#include "ctc_dh.h"
+#include <cyassl/ctaocrypt/des3.h>
+#include <cyassl/ctaocrypt/arc4.h>
+#include <cyassl/ctaocrypt/hc128.h>
+#include <cyassl/ctaocrypt/rabbit.h>
+#include <cyassl/ctaocrypt/aes.h>
+#include <cyassl/ctaocrypt/md5.h>
+#include <cyassl/ctaocrypt/sha.h>
+#include <cyassl/ctaocrypt/sha256.h>
+#include <cyassl/ctaocrypt/sha512.h>
+#include <cyassl/ctaocrypt/rsa.h>
+#include <cyassl/ctaocrypt/asn.h>
+#include <cyassl/ctaocrypt/ripemd.h>
+#include <cyassl/ctaocrypt/ecc.h>

+#include <cyassl/ctaocrypt/dh.h>

 #ifdef _MSC_VER
    /* 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy */
@@ -40,6 +64,10 @@ void bench_ripemd();
 void bench_rsa();
 void bench_rsaKeyGen();
 void bench_dh();
+#ifdef HAVE_ECC
+void bench_eccKeyGen();
+void bench_eccKeyAgree();
+#endif

 double current_time();

@@ -52,7 +80,7 @@ int main(int argc, char** argv)
    bench_aes(1);
 #endif
    bench_arc4();
-#ifndef NO_HC128
+#ifdef HAVE_HC128
    bench_hc128();
 #endif
 #ifndef NO_RABBIT
@@ -88,6 +116,11 @@ int main(int argc, char** argv)
    bench_rsaKeyGen();
 #endif

+#ifdef HAVE_ECC 
+    bench_eccKeyGen();
+    bench_eccKeyAgree();
+#endif
+
    return 0;
 }

@@ -181,7 +214,7 @@ void bench_arc4()
 }


-#ifndef NO_HC128
+#ifdef HAVE_HC128
 void bench_hc128()
 {
    HC128  enc;
@@ -200,7 +233,7 @@ void bench_hc128()
    printf("HC128    %d megs took %5.3f seconds, %6.2f MB/s\n", megs, total,
                                                             persec);
 }
-#endif /* NO_HC128 */
+#endif /* HAVE_HC128 */


 #ifndef NO_RABBIT
@@ -360,10 +393,11 @@ void bench_rsa()
    double    start, total, each, milliEach;
    
    RsaKey key;
-    FILE*  file = fopen("./rsa1024.der", "rb");
+    FILE*  file = fopen("./certs/rsa2048.der", "rb");

    if (!file) {
-        printf("can't find ./rsa1024.der\n");
+        printf("can't find ./certs/rsa2048.der, "
+               "Please run from CyaSSL home dir\n");
        return;
    }

@@ -381,7 +415,7 @@ void bench_rsa()
    each  = total / times;   /* per second   */
    milliEach = each * 1000; /* milliseconds */

-    printf("RSA 1024 encryption took %6.2f milliseconds, avg over %d" 
+    printf("RSA 2048 encryption took %6.2f milliseconds, avg over %d" 
           " iterations\n", milliEach, times);

    start = current_time();
@@ -393,7 +427,7 @@ void bench_rsa()
    each  = total / times;   /* per second   */
    milliEach = each * 1000; /* milliseconds */

-    printf("RSA 1024 decryption took %6.2f milliseconds, avg over %d" 
+    printf("RSA 2048 decryption took %6.2f milliseconds, avg over %d" 
           " iterations\n", milliEach, times);

    fclose(file);
@@ -409,22 +443,23 @@ void bench_dh()
    size_t bytes;
    word32 idx = 0, pubSz, privSz, pubSz2, privSz2, agreeSz;

-    byte   pub[128];    /* for 1024 bit */
-    byte   priv[128];   /* for 1024 bit */
-    byte   pub2[128];   /* for 1024 bit */
-    byte   priv2[128];  /* for 1024 bit */
-    byte   agree[128];  /* for 1024 bit */
+    byte   pub[256];    /* for 2048 bit */
+    byte   priv[256];   /* for 2048 bit */
+    byte   pub2[256];   /* for 2048 bit */
+    byte   priv2[256];  /* for 2048 bit */
+    byte   agree[256];  /* for 2048 bit */
    
    double start, total, each, milliEach;
    DhKey  key;
-    FILE*  file = fopen("./dh1024.der", "rb");
+    FILE*  file = fopen("./certs/dh2048.der", "rb");

    if (!file) {
-        printf("can't find ./dh1024.der\n");
+        printf("can't find ./certs/dh2048.der, "
+               "Please run from CyaSSL home dir\n");
        return;
    }

-    bytes = fread(tmp, 1, 1024, file);
+    bytes = fread(tmp, 1, sizeof(tmp), file);
    InitDhKey(&key);
    bytes = DhKeyDecode(tmp, &idx, &key, (word32)bytes);

@@ -437,7 +472,7 @@ void bench_dh()
    each  = total / times;   /* per second   */
    milliEach = each * 1000; /* milliseconds */

-    printf("DH  1024 key generation  %6.2f milliseconds, avg over %d" 
+    printf("DH  2048 key generation  %6.2f milliseconds, avg over %d" 
           " iterations\n", milliEach, times);

    DhGenerateKeyPair(&key, &rng, priv2, &privSz2, pub2, &pubSz2);
@@ -450,7 +485,7 @@ void bench_dh()
    each  = total / times;   /* per second   */
    milliEach = each * 1000; /* milliseconds */

-    printf("DH  1024 key agreement   %6.2f milliseconds, avg over %d" 
+    printf("DH  2048 key agreement   %6.2f milliseconds, avg over %d" 
           " iterations\n", milliEach, times);

    fclose(file);
@@ -499,6 +534,82 @@ void bench_rsaKeyGen()
 }
 #endif /* CYASSL_KEY_GEN */

+#ifdef HAVE_ECC 
+void bench_eccKeyGen()
+{
+    ecc_key genKey;
+    double start, total, each, milliEach;
+    int    i;
+    const int genTimes = 5;
+  
+    /* 256 bit */ 
+    start = current_time();
+
+    for(i = 0; i < genTimes; i++) {
+        int ret = ecc_make_key(&rng, 32, &genKey);
+        ecc_free(&genKey);
+    }
+
+    total = current_time() - start;
+    each  = total / genTimes;  /* per second  */
+    milliEach = each * 1000;   /* millisconds */
+    printf("\n");
+    printf("ECC  256 key generation  %6.2f milliseconds, avg over %d" 
+           " iterations\n", milliEach, genTimes);
+}
+
+
+void bench_eccKeyAgree()
+{
+    ecc_key genKey, genKey2;
+    double start, total, each, milliEach;
+    int    i;
+    const int agreeTimes = 5;
+    byte   shared[1024];
+    byte   sig[1024];
+    byte   digest[32];
+    word32 x;
+  
+    ecc_make_key(&rng, 32, &genKey);
+    ecc_make_key(&rng, 32, &genKey2);
+
+    /* 256 bit */ 
+    start = current_time();
+
+    for(i = 0; i < agreeTimes; i++) {
+        x = sizeof(shared);
+        ecc_shared_secret(&genKey, &genKey2, shared, &x);
+    }
+
+    total = current_time() - start;
+    each  = total / agreeTimes;  /* per second  */
+    milliEach = each * 1000;   /* millisconds */
+    printf("EC-DHE   key agreement   %6.2f milliseconds, avg over %d" 
+           " iterations\n", milliEach, agreeTimes);
+
+    /* make dummy digest */
+    for (i = 0; i < sizeof(digest); i++)
+        digest[i] = i;
+
+
+    start = current_time();
+
+    for(i = 0; i < agreeTimes; i++) {
+        x = sizeof(sig);
+        ecc_sign_hash(digest, sizeof(digest), sig, &x, &rng, &genKey);
+    }
+
+    total = current_time() - start;
+    each  = total / agreeTimes;  /* per second  */
+    milliEach = each * 1000;   /* millisconds */
+    printf("EC-DSA   sign time       %6.2f milliseconds, avg over %d" 
+           " iterations\n", milliEach, agreeTimes);
+
+    ecc_free(&genKey2);
+    ecc_free(&genKey);
+}
+#endif /* HAVE_ECC */
+

 #ifdef _WIN32

--- a/ctaocrypt/benchmark/dh1024.der
+++ b/ctaocrypt/benchmark/dh1024.der
--- a/ctaocrypt/benchmark/include.am
+++ b/ctaocrypt/benchmark/include.am
@@ -0,0 +1,9 @@
+# vim:ft=automake
+# All paths should be given relative to the root
+
+noinst_PROGRAMS += ctaocrypt/benchmark/benchmark
+ctaocrypt_benchmark_benchmark_SOURCES      = ctaocrypt/benchmark/benchmark.c
+ctaocrypt_benchmark_benchmark_LDADD        = src/libcyassl.la
+ctaocrypt_benchmark_benchmark_DEPENDENCIES = src/libcyassl.la
+EXTRA_DIST += ctaocrypt/benchmark/benchmark.sln 
+EXTRA_DIST += ctaocrypt/benchmark/benchmark.vcproj
--- a/ctaocrypt/benchmark/rsa1024.der
+++ b/ctaocrypt/benchmark/rsa1024.der
--- a/ctaocrypt/ctaocrypt.vcproj
+++ b/ctaocrypt/ctaocrypt.vcproj
@@ -100,7 +100,7 @@
 			<Tool
 				Name="VCCLCompilerTool"
 				AdditionalIncludeDirectories="include"
-				PreprocessorDefinitions="WIN32;NDEBUG;_LIB;"
+				PreprocessorDefinitions="WIN32;NDEBUG;_LIB;OPENSSL_EXTRA"
 				RuntimeLibrary="2"
 				UsePrecompiledHeader="0"
 				WarningLevel="3"
--- a/ctaocrypt/include/config.h
+++ b/ctaocrypt/include/config.h
@@ -1,86 +0,0 @@
-/* ctaocrypt/include/config.h.  Generated from config.h.in by configure.  */
-/* ctaocrypt/include/config.h.in.  Generated from configure.in by autoheader.  */
-
-/* Define to 1 if you have the <dlfcn.h> header file. */
-#define HAVE_DLFCN_H 1
-
-/* Define to 1 if you have the <errno.h> header file. */
-#define HAVE_ERRNO_H 1
-
-/* Define to 1 if you have the <inttypes.h> header file. */
-#define HAVE_INTTYPES_H 1
-
-/* Define to 1 if you have the `network' library (-lnetwork). */
-/* #undef HAVE_LIBNETWORK */
-
-/* Define to 1 if you have the <memory.h> header file. */
-#define HAVE_MEMORY_H 1
-
-/* Define if you have POSIX threads libraries and header files. */
-#define HAVE_PTHREAD 1
-
-/* Define to 1 if you have the <stdint.h> header file. */
-#define HAVE_STDINT_H 1
-
-/* Define to 1 if you have the <stdlib.h> header file. */
-#define HAVE_STDLIB_H 1
-
-/* Define to 1 if you have the <strings.h> header file. */
-#define HAVE_STRINGS_H 1
-
-/* Define to 1 if you have the <string.h> header file. */
-#define HAVE_STRING_H 1
-
-/* Define to 1 if you have the <sys/stat.h> header file. */
-#define HAVE_SYS_STAT_H 1
-
-/* Define to 1 if you have the <sys/types.h> header file. */
-#define HAVE_SYS_TYPES_H 1
-
-/* Define to 1 if you have the <unistd.h> header file. */
-#define HAVE_UNISTD_H 1
-
-/* Define to the sub-directory in which libtool stores uninstalled libraries.
-   */
-#define LT_OBJDIR ".libs/"
-
-/* Define to 1 if your C compiler doesn't accept -c and -o together. */
-/* #undef NO_MINUS_C_MINUS_O */
-
-/* Name of package */
-#define PACKAGE "cyassl"
-
-/* Define to the address where bug reports for this package should be sent. */
-#define PACKAGE_BUGREPORT ""
-
-/* Define to the full name of this package. */
-#define PACKAGE_NAME ""
-
-/* Define to the full name and version of this package. */
-#define PACKAGE_STRING ""
-
-/* Define to the one symbol short name of this package. */
-#define PACKAGE_TARNAME ""
-
-/* Define to the version of this package. */
-#define PACKAGE_VERSION ""
-
-/* Define to necessary symbol if this constant uses a non-standard name on
-   your system. */
-/* #undef PTHREAD_CREATE_JOINABLE */
-
-/* The size of `long', as computed by sizeof. */
-#define SIZEOF_LONG 8
-
-/* The size of `long long', as computed by sizeof. */
-#define SIZEOF_LONG_LONG 8
-
-/* Define to 1 if you have the ANSI C header files. */
-#define STDC_HEADERS 1
-
-/* Version number of package */
-#define VERSION "1.8.8"
-
-/* Define to 1 if your processor stores words with the most significant byte
-   first (like Motorola and SPARC, unlike Intel and VAX). */
-/* #undef WORDS_BIGENDIAN */
--- a/ctaocrypt/include/config.h.in
+++ b/ctaocrypt/include/config.h.in
@@ -1,85 +0,0 @@
-/* ctaocrypt/include/config.h.in.  Generated from configure.in by autoheader.  */
-
-/* Define to 1 if you have the <dlfcn.h> header file. */
-#undef HAVE_DLFCN_H
-
-/* Define to 1 if you have the <errno.h> header file. */
-#undef HAVE_ERRNO_H
-
-/* Define to 1 if you have the <inttypes.h> header file. */
-#undef HAVE_INTTYPES_H
-
-/* Define to 1 if you have the `network' library (-lnetwork). */
-#undef HAVE_LIBNETWORK
-
-/* Define to 1 if you have the <memory.h> header file. */
-#undef HAVE_MEMORY_H
-
-/* Define if you have POSIX threads libraries and header files. */
-#undef HAVE_PTHREAD
-
-/* Define to 1 if you have the <stdint.h> header file. */
-#undef HAVE_STDINT_H
-
-/* Define to 1 if you have the <stdlib.h> header file. */
-#undef HAVE_STDLIB_H
-
-/* Define to 1 if you have the <strings.h> header file. */
-#undef HAVE_STRINGS_H
-
-/* Define to 1 if you have the <string.h> header file. */
-#undef HAVE_STRING_H
-
-/* Define to 1 if you have the <sys/stat.h> header file. */
-#undef HAVE_SYS_STAT_H
-
-/* Define to 1 if you have the <sys/types.h> header file. */
-#undef HAVE_SYS_TYPES_H
-
-/* Define to 1 if you have the <unistd.h> header file. */
-#undef HAVE_UNISTD_H
-
-/* Define to the sub-directory in which libtool stores uninstalled libraries.
-   */
-#undef LT_OBJDIR
-
-/* Define to 1 if your C compiler doesn't accept -c and -o together. */
-#undef NO_MINUS_C_MINUS_O
-
-/* Name of package */
-#undef PACKAGE
-
-/* Define to the address where bug reports for this package should be sent. */
-#undef PACKAGE_BUGREPORT
-
-/* Define to the full name of this package. */
-#undef PACKAGE_NAME
-
-/* Define to the full name and version of this package. */
-#undef PACKAGE_STRING
-
-/* Define to the one symbol short name of this package. */
-#undef PACKAGE_TARNAME
-
-/* Define to the version of this package. */
-#undef PACKAGE_VERSION
-
-/* Define to necessary symbol if this constant uses a non-standard name on
-   your system. */
-#undef PTHREAD_CREATE_JOINABLE
-
-/* The size of `long', as computed by sizeof. */
-#undef SIZEOF_LONG
-
-/* The size of `long long', as computed by sizeof. */
-#undef SIZEOF_LONG_LONG
-
-/* Define to 1 if you have the ANSI C header files. */
-#undef STDC_HEADERS
-
-/* Version number of package */
-#undef VERSION
-
-/* Define to 1 if your processor stores words with the most significant byte
-   first (like Motorola and SPARC, unlike Intel and VAX). */
-#undef WORDS_BIGENDIAN
--- a/ctaocrypt/include/ctc_rsa.h
+++ b/ctaocrypt/include/ctc_rsa.h
@@ -1,74 +0,0 @@
-/* ctc_rsa.h
- *
- * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
- *
- * This file is part of CyaSSL.
- *
- * CyaSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * CyaSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
- */
-
-
-#ifndef CTAO_CRYPT_RSA_H
-#define CTAO_CRYPT_RSA_H
-
-#include "types.h"
-#include "integer.h"
-#include "random.h"
-
-#ifdef __cplusplus
-    extern "C" {
-#endif
-
-
-enum {
-    RSA_PUBLIC   = 0,
-    RSA_PRIVATE  = 1
-};
-
-/* RSA */
-typedef struct RsaKey {
-    mp_int n, e, d, p, q, dP, dQ, u;
-    int   type;                               /* public or private */
-    void* heap;                               /* for user memory overrides */
-} RsaKey;
-
-
-void InitRsaKey(RsaKey* key, void*);
-void FreeRsaKey(RsaKey* key);
-
-int  RsaPublicEncrypt(const byte* in, word32 inLen, byte* out, word32 outLen,
-                      RsaKey* key, RNG* rng);
-int  RsaPrivateDecryptInline(byte* in, word32 inLen, byte** out, RsaKey* key);
-int  RsaPrivateDecrypt(const byte* in, word32 inLen, byte* out, word32 outLen,
-                       RsaKey* key);
-int  RsaSSL_Sign(const byte* in, word32 inLen, byte* out, word32 outLen,
-                 RsaKey* key, RNG* rng);
-int  RsaSSL_VerifyInline(byte* in, word32 inLen, byte** out, RsaKey* key);
-int  RsaSSL_Verify(const byte* in, word32 inLen, byte* out, word32 outLen,
-                   RsaKey* key);
-
-int  RsaEncryptSize(RsaKey* key);
-
-#ifdef CYASSL_KEY_GEN
-    int MakeRsaKey(RsaKey* key, int size, long e, RNG* rng);
-#endif
-
-
-#ifdef __cplusplus
-    } /* extern "C" */
-#endif
-
-#endif /* CTAO_CRYPT_RSA_H */
-
--- a/ctaocrypt/src/Makefile.am
+++ b/ctaocrypt/src/Makefile.am
@@ -1,2 +0,0 @@
-EXTRA_DIST = ../include/*.h *.c *.i
-
--- a/ctaocrypt/src/aes.c
+++ b/ctaocrypt/src/aes.c
@@ -1,6 +1,6 @@
 /* aes.c
 *
- * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ * Copyright (C) 2006-2012 Sawtooth Consulting Ltd.
 *
 * This file is part of CyaSSL.
 *
@@ -19,13 +19,25 @@
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
 */

+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
 #ifndef NO_AES

-#include "ctc_aes.h"
+#include <cyassl/ctaocrypt/aes.h>
+#include <cyassl/ctaocrypt/error.h>
+#include <cyassl/ctaocrypt/logging.h>
 #ifdef NO_INLINE
-    #include "misc.h"
+    #include <cyassl/ctaocrypt/misc.h>
 #else
-    #include "misc.c"
+    #include <ctaocrypt/src/misc.c>
+#endif
+
+
+#ifdef _MSC_VER
+    /* 4127 warning constant while(1)  */
+    #pragma warning(disable: 4127)
 #endif


@@ -712,10 +724,25 @@ static const word32 Td[5][256] = {

 #ifdef CYASSL_AESNI

-#define cpuid(func,ax,bx,cx,dx)\
+#ifndef _MSC_VER
+
+    #define cpuid(func,ax,bx,cx,dx)\
        __asm__ __volatile__ ("cpuid":\
                       "=a" (ax), "=b" (bx), "=c" (cx), "=d" (dx) : "a" (func));

+#else
+
+    #define cpuid(func,ax,bx,cx,dx)\
+        __asm mov eax, func \
+        __asm cpuid \
+        __asm mov ax, eax \
+        __asm mov bx, ebx \
+        __asm mov cx, ecx \
+        __asm mov dx, edx
+
+#endif /* _MSC_VER */
+
+            
 static int Check_CPU_support_AES()
 {
    unsigned int a,b,c,d;
@@ -754,7 +781,7 @@ int AES_set_encrypt_key (const unsigned char *userKey, const int bits,
                         Aes* aes)
 { 
    if (!userKey || !aes)
-        return -1;
+        return BAD_FUNC_ARG;
    
    if (bits == 128) {
       AES_128_Key_Expansion (userKey,(byte*)aes->key); aes->rounds = 10;
@@ -768,7 +795,7 @@ int AES_set_encrypt_key (const unsigned char *userKey, const int bits,
       AES_256_Key_Expansion (userKey,(byte*)aes->key); aes->rounds = 14;
       return 0;
    }
-    return -1;
+    return BAD_FUNC_ARG;
 }


@@ -781,10 +808,10 @@ int AES_set_decrypt_key (const unsigned char* userKey, const int bits,
    __m128i *Temp_Key_Schedule = (__m128i*)temp_key.key;
    
    if (!userKey || !aes)
-        return -1;
+        return BAD_FUNC_ARG;

-    if (AES_set_encrypt_key(userKey,bits,&temp_key) == -1)
-        return -1;
+    if (AES_set_encrypt_key(userKey,bits,&temp_key) == BAD_FUNC_ARG)
+        return BAD_FUNC_ARG;

    nr = temp_key.rounds;
    aes->rounds = nr;
@@ -820,14 +847,26 @@ int AES_set_decrypt_key (const unsigned char* userKey, const int bits,
 #endif /* CYASSL_AESNI */


+int AesSetIV(Aes* aes, const byte* iv)
+{
+    if (aes == NULL)
+        return BAD_FUNC_ARG;
+
+    if (iv)
+        XMEMCPY(aes->reg, iv, AES_BLOCK_SIZE);
+
+    return 0;
+}
+
+
 int AesSetKey(Aes* aes, const byte* userKey, word32 keylen, const byte* iv,
-               int dir)
+              int dir)
 {
    word32 temp, *rk = aes->key;
    unsigned int i = 0;

    if (!((keylen == 16) || (keylen == 24) || (keylen == 32)))
-        return -1;
+        return BAD_FUNC_ARG;

 #ifdef CYASSL_AESNI
    if (checkAESNI == 0) {
@@ -835,7 +874,8 @@ int AesSetKey(Aes* aes, const byte* userKey, word32 keylen, const byte* iv,
        checkAESNI = 1;
    }
    if (haveAESNI) {
-        XMEMCPY(aes->reg, iv, AES_BLOCK_SIZE);
+        if (iv)
+            XMEMCPY(aes->reg, iv, AES_BLOCK_SIZE);
        if (dir == AES_ENCRYPTION)
            return AES_set_encrypt_key(userKey, keylen * 8, aes);
        else
@@ -920,11 +960,14 @@ int AesSetKey(Aes* aes, const byte* userKey, word32 keylen, const byte* iv,
            rk += 8;
        }
        break;
+
+    default:
+        return BAD_FUNC_ARG;
    }

    if (dir == AES_DECRYPTION)
    {
-        unsigned int i, j;
+        unsigned int j;
        rk = aes->key;

        /* invert the order of the round keys: */
@@ -960,19 +1003,22 @@ int AesSetKey(Aes* aes, const byte* userKey, word32 keylen, const byte* iv,
                Td[3][Te[4][GETBYTE(rk[3], 0)] & 0xff];
        }
    }
-    XMEMCPY(aes->reg, iv, AES_BLOCK_SIZE);

-    return 0;
+    return AesSetIV(aes, iv);
 }


-void AesEncrypt(Aes* aes, const byte* inBlock, byte* outBlock)
+static void AesEncrypt(Aes* aes, const byte* inBlock, byte* outBlock)
 {
    word32 s0, s1, s2, s3;
    word32 t0, t1, t2, t3;
    word32 r = aes->rounds >> 1;

    const word32* rk = aes->key;
+    if (r > 7 || r == 0) {
+        CYASSL_MSG("AesEncrypt encountered improper key, set it up");
+        return;  /* stop instead of segfaulting, set up your keys! */
+    }
    /*
     * map byte array block to cipher state
     * and add initial round key:
@@ -1100,13 +1146,17 @@ void AesEncrypt(Aes* aes, const byte* inBlock, byte* outBlock)
 }


-void AesDecrypt(Aes* aes, const byte* inBlock, byte* outBlock)
+static void AesDecrypt(Aes* aes, const byte* inBlock, byte* outBlock)
 {
    word32 s0, s1, s2, s3;
    word32 t0, t1, t2, t3;
    word32 r = aes->rounds >> 1;

    const word32* rk = aes->key;
+    if (r > 7 || r == 0) {
+        CYASSL_MSG("AesDecrypt encountered improper key, set it up");
+        return;  /* stop instead of segfaulting, set up your keys! */
+    }
    /*
     * map byte array block to cipher state
     * and add initial round key:
@@ -1282,7 +1332,7 @@ void AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
            printf("sz = %d\n", sz);
        #endif

-        /* if input and output same will overwirte input iv */
+        /* if input and output same will overwrite input iv */
        XMEMCPY(aes->tmp, in + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
        AES_CBC_decrypt(in, out, (byte*)aes->reg, sz, (byte*)aes->key,
                        aes->rounds);
@@ -1304,5 +1354,55 @@ void AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
 }


+#ifdef CYASSL_AES_DIRECT
+
+/* Allow direct access to one block encrypt */
+void AesEncryptDirect(Aes* aes, byte* out, const byte* in)
+{
+    return AesEncrypt(aes, in, out);
+}
+
+
+/* Allow direct access to one block decrypt */
+void AesDecryptDirect(Aes* aes, byte* out, const byte* in)
+{
+    return AesDecrypt(aes, in, out);
+}
+
+
+#endif /* CYASSL_AES_DIRECT */
+
+
+#ifdef CYASSL_AES_COUNTER
+
+/* Increment AES counter */
+static INLINE void IncrementAesCounter(byte* inOutCtr)
+{
+    int i;
+
+    /* in network byte order so start at end and work back */
+    for (i = AES_BLOCK_SIZE - 1; i >= 0; i--) {
+        if (++inOutCtr[i])  /* we're done unless we overflow */
+            return;
+    }
+}
+  
+
+void AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
+{
+    word32 blocks = sz / AES_BLOCK_SIZE;
+
+    while (blocks--) {
+        AesEncrypt(aes, (byte*)aes->reg, out);
+        IncrementAesCounter((byte*)aes->reg);
+        xorbuf(out, in, AES_BLOCK_SIZE);
+
+        out += AES_BLOCK_SIZE;
+        in  += AES_BLOCK_SIZE; 
+    }
+}
+
+#endif /* CYASSL_AES_COUNTER */
+
 #endif /* NO_AES */

--- a/ctaocrypt/src/arc4.c
+++ b/ctaocrypt/src/arc4.c
@@ -1,6 +1,6 @@
 /* arc4.c
 *
- * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ * Copyright (C) 2006-2012 Sawtooth Consulting Ltd.
 *
 * This file is part of CyaSSL.
 *
@@ -19,9 +19,11 @@
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
 */

+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif

-#include "arc4.h"
-
+#include <cyassl/ctaocrypt/arc4.h>


 void Arc4SetKey(Arc4* arc4, const byte* key, word32 length)
@@ -33,14 +35,14 @@ void Arc4SetKey(Arc4* arc4, const byte* key, word32 length)
    arc4->y = 0;

    for (i = 0; i < ARC4_STATE_SIZE; i++)
-        arc4->state[i] = i;
+        arc4->state[i] = (byte)i;

    for (i = 0; i < ARC4_STATE_SIZE; i++) {
        word32 a = arc4->state[i];
        stateIndex += key[keyIndex] + a;
        stateIndex &= 0xFF;
        arc4->state[i] = arc4->state[stateIndex];
-        arc4->state[stateIndex] = a;
+        arc4->state[stateIndex] = (byte)a;

        if (++keyIndex >= length)
            keyIndex = 0;
@@ -48,14 +50,14 @@ void Arc4SetKey(Arc4* arc4, const byte* key, word32 length)
 }


-static INLINE word32 MakeByte(word32* x, word32* y, byte* s)
+static INLINE byte MakeByte(word32* x, word32* y, byte* s)
 {
    word32 a = s[*x], b;
    *y = (*y+a) & 0xff;

    b = s[*y];
-    s[*x] = b;
-    s[*y] = a;
+    s[*x] = (byte)b;
+    s[*y] = (byte)a;
    *x = (*x+1) & 0xff;

    return s[(a+b) & 0xff];
@@ -70,7 +72,7 @@ void Arc4Process(Arc4* arc4, byte* out, const byte* in, word32 length)
    while(length--)
        *out++ = *in++ ^ MakeByte(&x, &y, arc4->state);

-    arc4->x = x;
-    arc4->y = y;
+    arc4->x = (byte)x;
+    arc4->y = (byte)y;
 }

--- a/ctaocrypt/src/asm.c
+++ b/ctaocrypt/src/asm.c
@@ -1,6 +1,6 @@
 /* asm.c
 *
- * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ * Copyright (C) 2006-2012 Sawtooth Consulting Ltd.
 *
 * This file is part of CyaSSL.
 *
@@ -19,13 +19,16 @@
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
 */

+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
 /*
 * Based on public domain TomsFastMath 0.10 by Tom St Denis, tomstdenis@iahu.ca,
 * http://math.libtomcrypt.com
 */


-
 /******************************************************************/
 /* fp_montgomery_reduce.c asm or generic */
 #if defined(TFM_X86) && !defined(TFM_SSE2) 
--- a/ctaocrypt/src/asn.c
+++ b/ctaocrypt/src/asn.c
--- a/ctaocrypt/src/coding.c
+++ b/ctaocrypt/src/coding.c
@@ -1,6 +1,6 @@
 /* coding.c
 *
- * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ * Copyright (C) 2006-2012 Sawtooth Consulting Ltd.
 *
 * This file is part of CyaSSL.
 *
@@ -19,8 +19,13 @@
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
 */

+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif

-#include "coding.h"
+#include <cyassl/ctaocrypt/coding.h>
+#include <cyassl/ctaocrypt/error.h>
+#include <cyassl/ctaocrypt/logging.h>


 enum {
@@ -44,14 +49,14 @@ const byte base64Decode[] = { 62, BAD, BAD, BAD, 63,   /* + starts at 0x2B */
                            };


-int Base64Decode(const byte* in, word32 inLen, byte* out, word32* outLen)
+int Base64_Decode(const byte* in, word32 inLen, byte* out, word32* outLen)
 {
    word32 i = 0;
    word32 j = 0;
    word32 plainSz = inLen - ((inLen + (PEM_LINE_SZ - 1)) / PEM_LINE_SZ );

    plainSz = (plainSz * 3 + 3) / 4;
-    if (plainSz > *outLen) return -1;
+    if (plainSz > *outLen) return BAD_FUNC_ARG;

    while (inLen > 3) {
        byte b1, b2, b3;
@@ -99,8 +104,10 @@ int Base64Decode(const byte* in, word32 inLen, byte* out, word32* outLen)
                endLine = in[j++];
                inLen--;
            }
-            if (endLine != '\n')
-                return -1;
+            if (endLine != '\n') {
+                CYASSL_MSG("Bad end of line in Base64 Decode");
+                return ASN_INPUT_E;
+            }
        }
    }
    *outLen = i;
@@ -109,7 +116,7 @@ int Base64Decode(const byte* in, word32 inLen, byte* out, word32* outLen)
 }


-#if defined(OPENSSL_EXTRA) || defined (SESSION_CERTS) || defined(CYASSL_KEY_GEN) || defined(CYASSL_CERT_GEN)
+#if defined(OPENSSL_EXTRA) || defined (SESSION_CERTS) || defined(CYASSL_KEY_GEN) || defined(CYASSL_CERT_GEN) || defined(HAVE_WEBSERVER)

 static
 const byte base64Encode[] = { 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J',
@@ -124,7 +131,7 @@ const byte base64Encode[] = { 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J',


 /* porting assistance from yaSSL by Raphael HUCK */
-int Base64Encode(const byte* in, word32 inLen, byte* out, word32* outLen)
+int Base64_Encode(const byte* in, word32 inLen, byte* out, word32* outLen)
 {
    word32 i = 0,
           j = 0,
@@ -133,7 +140,7 @@ int Base64Encode(const byte* in, word32 inLen, byte* out, word32* outLen)
    word32 outSz = (inLen + 3 - 1) / 3 * 4;
    outSz += (outSz + PEM_LINE_SZ - 1) / PEM_LINE_SZ;  /* new lines */

-    if (outSz > *outLen) return -1;
+    if (outSz > *outLen) return BAD_FUNC_ARG;
    
    while (inLen > 2) {
        byte b1 = in[j++];
@@ -177,7 +184,7 @@ int Base64Encode(const byte* in, word32 inLen, byte* out, word32* outLen)

    out[i++] = '\n';
    if (i != outSz)
-        return -1;
+        return ASN_INPUT_E; 
    *outLen = outSz;

    return 0; 
@@ -190,16 +197,16 @@ const byte hexDecode[] = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9,
                           10, 11, 12, 13, 14, 15 
                         };  /* A starts at 0x41 not 0x3A */

-int Base16Decode(const byte* in, word32 inLen, byte* out, word32* outLen)
+int Base16_Decode(const byte* in, word32 inLen, byte* out, word32* outLen)
 {
    word32 inIdx  = 0;
    word32 outIdx = 0;

    if (inLen % 2)
-        return -1;
+        return BAD_FUNC_ARG;

    if (*outLen < (inLen / 2))
-        return -1;
+        return BAD_FUNC_ARG;

    while (inLen) {
        byte b  = in[inIdx++] - 0x30;  /* 0 starts at 0x30 */
@@ -207,15 +214,15 @@ int Base16Decode(const byte* in, word32 inLen, byte* out, word32* outLen)

        /* sanity checks */
        if (b >=  sizeof(hexDecode)/sizeof(hexDecode[0]))
-            return -1;
+            return ASN_INPUT_E;
        if (b2 >= sizeof(hexDecode)/sizeof(hexDecode[0]))
-            return -1;
+            return ASN_INPUT_E;

        b  = hexDecode[b];
        b2 = hexDecode[b2];

        if (b == BAD || b2 == BAD)
-            return -1;
+            return ASN_INPUT_E;
        
        out[outIdx++] = (b << 4) | b2;
        inLen -= 2;
--- a/ctaocrypt/src/des3.c
+++ b/ctaocrypt/src/des3.c
@@ -1,6 +1,6 @@
 /* des3.c
 *
- * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ * Copyright (C) 2006-2012 Sawtooth Consulting Ltd.
 *
 * This file is part of CyaSSL.
 *
@@ -19,14 +19,18 @@
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
 */

+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif

 #ifndef NO_DES3

-#include "des3.h"
+#include <cyassl/ctaocrypt/des3.h>
+
 #ifdef NO_INLINE
-    #include "misc.h"
+    #include <cyassl/ctaocrypt/misc.h>
 #else
-    #include "misc.c"
+    #include <ctaocrypt/src/misc.c>
 #endif


@@ -323,11 +327,25 @@ static INLINE int Reverse(int dir)
 }


+void Des_SetIV(Des* des, const byte* iv)
+{
+    if (des && iv)
+        XMEMCPY(des->reg, iv, DES_BLOCK_SIZE);
+}
+
+
+void Des3_SetIV(Des3* des, const byte* iv)
+{
+    if (des && iv)
+        XMEMCPY(des->reg, iv, DES_BLOCK_SIZE);
+}
+
+
 void Des_SetKey(Des* des, const byte* key, const byte* iv, int dir)
 {
    DesSetKey(key, dir, des->key);
-    
-    XMEMCPY(des->reg, iv, DES_BLOCK_SIZE);
+
+    Des_SetIV(des, iv);
 }


@@ -336,12 +354,12 @@ void Des3_SetKey(Des3* des, const byte* key, const byte* iv, int dir)
    DesSetKey(key + (dir == DES_ENCRYPTION ? 0 : 16), dir, des->key[0]);
    DesSetKey(key + 8, Reverse(dir), des->key[1]);
    DesSetKey(key + (dir == DES_DECRYPTION ? 0 : 16), dir, des->key[2]);
-    
-    XMEMCPY(des->reg, iv, DES_BLOCK_SIZE);
+
+    Des3_SetIV(des, iv);  
 }


-void DesRawProcessBlock(word32* lIn, word32* rIn, const word32* kptr)
+static void DesRawProcessBlock(word32* lIn, word32* rIn, const word32* kptr)
 {
    word32 l = *lIn, r = *rIn, i;

@@ -489,5 +507,22 @@ void Des3_CbcDecrypt(Des3* des, byte* out, const byte* in, word32 sz)
    }
 }

+#ifdef CYASSL_DES_ECB
+
+/* One block, compatibility only */
+void Des_EcbEncrypt(Des* des, byte* out, const byte* in, word32 sz)
+{
+    word32 blocks = sz / DES_BLOCK_SIZE;
+
+    while (blocks--) {
+        DesProcessBlock(des, in, out);
+
+        out += DES_BLOCK_SIZE;
+        in  += DES_BLOCK_SIZE; 
+    }
+}
+
+#endif /* CYASSL_DES_ECB */
+

 #endif /* NO_DES3 */
--- a/ctaocrypt/src/dh.c
+++ b/ctaocrypt/src/dh.c
@@ -1,6 +1,6 @@
 /* dh.c
 *
- * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ * Copyright (C) 2006-2012 Sawtooth Consulting Ltd.
 *
 * This file is part of CyaSSL.
 *
@@ -19,10 +19,14 @@
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
 */

+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
 #ifndef NO_DH

-#include "ctc_dh.h"
-#include "error.h"
+#include <cyassl/ctaocrypt/dh.h>
+#include <cyassl/ctaocrypt/error.h>

 #ifndef USER_MATH_LIB
    #include <math.h>
@@ -33,7 +37,6 @@
 #endif


-
 #ifndef min

    static INLINE word32 min(word32 a, word32 b)
@@ -44,9 +47,9 @@
 #endif /* min */


-
 void InitDhKey(DhKey* key)
 {
+    (void)key;
 /* TomsFastMath doesn't use memory allocation */
 #ifndef USE_FAST_MATH
    key->p.dp = 0;
@@ -57,6 +60,7 @@ void InitDhKey(DhKey* key)

 void FreeDhKey(DhKey* key)
 {
+    (void)key;
 /* TomsFastMath doesn't use memory allocation */
 #ifndef USE_FAST_MATH
    mp_clear(&key->p);
--- a/ctaocrypt/src/dsa.c
+++ b/ctaocrypt/src/dsa.c
@@ -1,6 +1,6 @@
 /* dsa.c
 *
- * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ * Copyright (C) 2006-2012 Sawtooth Consulting Ltd.
 *
 * This file is part of CyaSSL.
 *
@@ -19,17 +19,21 @@
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
 */

+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
 #ifndef NO_DSA

-#include "ctc_dsa.h"
-#include "ctc_sha.h"
-#include "random.h"
-#include "error.h"
+#include <cyassl/ctaocrypt/dsa.h>
+#include <cyassl/ctaocrypt/sha.h>
+#include <cyassl/ctaocrypt/random.h>
+#include <cyassl/ctaocrypt/error.h>


 enum {
    DSA_HALF_SIZE = 20,   /* r and s size  */
-    DSA_SIG_SIZE  = 40    /* signaure size */
+    DSA_SIG_SIZE  = 40    /* signature size */
 };


@@ -45,7 +49,7 @@ enum {

 void InitDsaKey(DsaKey* key)
 {
-    key->type = -1;  /* haven't decdied yet */
+    key->type = -1;  /* haven't decided yet */

 /* TomsFastMath doesn't use memory allocation */
 #ifndef USE_FAST_MATH
@@ -61,6 +65,7 @@ void InitDsaKey(DsaKey* key)

 void FreeDsaKey(DsaKey* key)
 {
+    (void)key;
 /* TomsFastMath doesn't use memory allocation */
 #ifndef USE_FAST_MATH
    if (key->type == DSA_PRIVATE)
--- a/ctaocrypt/src/ecc.c
+++ b/ctaocrypt/src/ecc.c
@@ -0,0 +1 @@
+/* dummy ecc.c for dist */
--- a/ctaocrypt/src/ecc_fp.c
+++ b/ctaocrypt/src/ecc_fp.c
@@ -0,0 +1 @@
+/* dummy ecc_fp.c for dist */
--- a/ctaocrypt/src/fp_mont_small.i
+++ b/ctaocrypt/src/fp_mont_small.i
@@ -1,3 +1,25 @@
+/* fp_mont_small.i
+ *
+ * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+
 #ifdef TFM_SMALL_MONT_SET
 /* computes x/R == x (mod N) via Montgomery Reduction */
 void fp_montgomery_reduce_small(fp_int *a, fp_int *m, fp_digit mp)
--- a/ctaocrypt/src/fp_mul_comba_12.i
+++ b/ctaocrypt/src/fp_mul_comba_12.i
@@ -1,3 +1,25 @@
+/* fp_mul_comba_12.i
+ *
+ * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+
 #ifdef TFM_MUL12
 void fp_mul_comba12(fp_int *A, fp_int *B, fp_int *C)
 {
--- a/ctaocrypt/src/fp_mul_comba_17.i
+++ b/ctaocrypt/src/fp_mul_comba_17.i
@@ -1,3 +1,25 @@
+/* fp_mul_comba_17.i
+ *
+ * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+
 #ifdef TFM_MUL17
 void fp_mul_comba17(fp_int *A, fp_int *B, fp_int *C)
 {
--- a/ctaocrypt/src/fp_mul_comba_20.i
+++ b/ctaocrypt/src/fp_mul_comba_20.i
@@ -1,3 +1,24 @@
+/* fp_mul_comba_20.i
+ *
+ * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
 #ifdef TFM_MUL20
 void fp_mul_comba20(fp_int *A, fp_int *B, fp_int *C)
 {
--- a/ctaocrypt/src/fp_mul_comba_24.i
+++ b/ctaocrypt/src/fp_mul_comba_24.i
@@ -1,3 +1,25 @@
+/* fp_mul_comba_24.i
+ *
+ * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+
 #ifdef TFM_MUL24
 void fp_mul_comba24(fp_int *A, fp_int *B, fp_int *C)
 {
--- a/ctaocrypt/src/fp_mul_comba_28.i
+++ b/ctaocrypt/src/fp_mul_comba_28.i
@@ -1,3 +1,25 @@
+/* fp_mul_comba_28.i
+ *
+ * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+
 #ifdef TFM_MUL28
 void fp_mul_comba28(fp_int *A, fp_int *B, fp_int *C)
 {
--- a/ctaocrypt/src/fp_mul_comba_3.i
+++ b/ctaocrypt/src/fp_mul_comba_3.i
@@ -1,3 +1,25 @@
+/* fp_mul_comba_3.i
+ *
+ * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+
 #ifdef TFM_MUL3
 void fp_mul_comba3(fp_int *A, fp_int *B, fp_int *C)
 {
--- a/ctaocrypt/src/fp_mul_comba_32.i
+++ b/ctaocrypt/src/fp_mul_comba_32.i
@@ -1,3 +1,25 @@
+/* fp_mul_comba_32.i
+ *
+ * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+
 #ifdef TFM_MUL32
 void fp_mul_comba32(fp_int *A, fp_int *B, fp_int *C)
 {
--- a/ctaocrypt/src/fp_mul_comba_4.i
+++ b/ctaocrypt/src/fp_mul_comba_4.i
@@ -1,3 +1,25 @@
+/* fp_mul_comba_4.i
+ *
+ * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+
 #ifdef TFM_MUL4
 void fp_mul_comba4(fp_int *A, fp_int *B, fp_int *C)
 {
--- a/ctaocrypt/src/fp_mul_comba_48.i
+++ b/ctaocrypt/src/fp_mul_comba_48.i
@@ -1,3 +1,25 @@
+/* fp_mul_comba_48.i
+ *
+ * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+
 #ifdef TFM_MUL48
 void fp_mul_comba48(fp_int *A, fp_int *B, fp_int *C)
 {
--- a/ctaocrypt/src/fp_mul_comba_6.i
+++ b/ctaocrypt/src/fp_mul_comba_6.i
@@ -1,3 +1,25 @@
+/* fp_mul_comba_6.i
+ *
+ * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+
 #ifdef TFM_MUL6
 void fp_mul_comba6(fp_int *A, fp_int *B, fp_int *C)
 {
--- a/ctaocrypt/src/fp_mul_comba_64.i
+++ b/ctaocrypt/src/fp_mul_comba_64.i
@@ -1,3 +1,25 @@
+/* fp_mul_comba_64.i
+ *
+ * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+
 #ifdef TFM_MUL64
 void fp_mul_comba64(fp_int *A, fp_int *B, fp_int *C)
 {
--- a/ctaocrypt/src/fp_mul_comba_7.i
+++ b/ctaocrypt/src/fp_mul_comba_7.i
@@ -1,3 +1,25 @@
+/* fp_mul_comba_7.i
+ *
+ * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+
 #ifdef TFM_MUL7
 void fp_mul_comba7(fp_int *A, fp_int *B, fp_int *C)
 {
--- a/ctaocrypt/src/fp_mul_comba_8.i
+++ b/ctaocrypt/src/fp_mul_comba_8.i
@@ -1,3 +1,25 @@
+/* fp_mul_comba_8.i
+ *
+ * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+
 #ifdef TFM_MUL8
 void fp_mul_comba8(fp_int *A, fp_int *B, fp_int *C)
 {
--- a/ctaocrypt/src/fp_mul_comba_9.i
+++ b/ctaocrypt/src/fp_mul_comba_9.i
@@ -1,3 +1,25 @@
+/* fp_mul_comba_9.i
+ *
+ * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+
 #ifdef TFM_MUL9
 void fp_mul_comba9(fp_int *A, fp_int *B, fp_int *C)
 {
--- a/ctaocrypt/src/fp_mul_comba_small_set.i
+++ b/ctaocrypt/src/fp_mul_comba_small_set.i
@@ -1,3 +1,25 @@
+/* fp_mul_comba_small_set.i
+ *
+ * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+
 #if defined(TFM_SMALL_SET)
 void fp_mul_comba_small(fp_int *A, fp_int *B, fp_int *C)
 {
@@ -1219,6 +1241,9 @@ void fp_mul_comba_small(fp_int *A, fp_int *B, fp_int *C)
      fp_clamp(C);
      COMBA_FINI;
      break;
+
+   default:
+      break;
   }
 }

--- a/ctaocrypt/src/fp_sqr_comba_12.i
+++ b/ctaocrypt/src/fp_sqr_comba_12.i
@@ -1,3 +1,25 @@
+/* fp_sqr_comba_12.i
+ *
+ * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+
 #ifdef TFM_SQR12
 void fp_sqr_comba12(fp_int *A, fp_int *B)
 {
--- a/ctaocrypt/src/fp_sqr_comba_17.i
+++ b/ctaocrypt/src/fp_sqr_comba_17.i
@@ -1,3 +1,25 @@
+/* fp_sqr_comba_17.i
+ *
+ * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+
 #ifdef TFM_SQR17
 void fp_sqr_comba17(fp_int *A, fp_int *B)
 {
--- a/ctaocrypt/src/fp_sqr_comba_20.i
+++ b/ctaocrypt/src/fp_sqr_comba_20.i
@@ -1,3 +1,25 @@
+/* fp_sqr_comba_20.i
+ *
+ * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+
 #ifdef TFM_SQR20
 void fp_sqr_comba20(fp_int *A, fp_int *B)
 {
--- a/ctaocrypt/src/fp_sqr_comba_24.i
+++ b/ctaocrypt/src/fp_sqr_comba_24.i
@@ -1,3 +1,25 @@
+/* fp_sqr_comba_24.i
+ *
+ * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+
 #ifdef TFM_SQR24
 void fp_sqr_comba24(fp_int *A, fp_int *B)
 {
--- a/ctaocrypt/src/fp_sqr_comba_28.i
+++ b/ctaocrypt/src/fp_sqr_comba_28.i
@@ -1,3 +1,25 @@
+/* fp_sqr_comba_28.i
+ *
+ * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+
 #ifdef TFM_SQR28
 void fp_sqr_comba28(fp_int *A, fp_int *B)
 {
--- a/ctaocrypt/src/fp_sqr_comba_3.i
+++ b/ctaocrypt/src/fp_sqr_comba_3.i
@@ -1,3 +1,25 @@
+/* fp_sqr_comba_3.i
+ *
+ * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+
 #ifdef TFM_SQR3
 void fp_sqr_comba3(fp_int *A, fp_int *B)
 {
--- a/ctaocrypt/src/fp_sqr_comba_32.i
+++ b/ctaocrypt/src/fp_sqr_comba_32.i
@@ -1,3 +1,25 @@
+/* fp_sqr_comba_32.i
+ *
+ * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+
 #ifdef TFM_SQR32
 void fp_sqr_comba32(fp_int *A, fp_int *B)
 {
--- a/ctaocrypt/src/fp_sqr_comba_4.i
+++ b/ctaocrypt/src/fp_sqr_comba_4.i
@@ -1,3 +1,25 @@
+/* fp_sqr_comba_4.i
+ *
+ * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+
 #ifdef TFM_SQR4
 void fp_sqr_comba4(fp_int *A, fp_int *B)
 {
--- a/ctaocrypt/src/fp_sqr_comba_48.i
+++ b/ctaocrypt/src/fp_sqr_comba_48.i
@@ -1,3 +1,25 @@
+/* fp_sqr_comba_48.i
+ *
+ * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+
 #ifdef TFM_SQR48
 void fp_sqr_comba48(fp_int *A, fp_int *B)
 {
--- a/ctaocrypt/src/fp_sqr_comba_6.i
+++ b/ctaocrypt/src/fp_sqr_comba_6.i
@@ -1,3 +1,25 @@
+/* fp_sqr_comba_6.i
+ *
+ * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+
 #ifdef TFM_SQR6
 void fp_sqr_comba6(fp_int *A, fp_int *B)
 {
--- a/ctaocrypt/src/fp_sqr_comba_64.i
+++ b/ctaocrypt/src/fp_sqr_comba_64.i
@@ -1,3 +1,25 @@
+/* fp_sqr_comba_64.i
+ *
+ * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+
 #ifdef TFM_SQR64
 void fp_sqr_comba64(fp_int *A, fp_int *B)
 {
--- a/ctaocrypt/src/fp_sqr_comba_7.i
+++ b/ctaocrypt/src/fp_sqr_comba_7.i
@@ -1,3 +1,25 @@
+/* fp_sqr_comba_7.i
+ *
+ * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+
 #ifdef TFM_SQR7
 void fp_sqr_comba7(fp_int *A, fp_int *B)
 {
--- a/ctaocrypt/src/fp_sqr_comba_8.i
+++ b/ctaocrypt/src/fp_sqr_comba_8.i
@@ -1,3 +1,25 @@
+/* fp_sqr_comba_8.i
+ *
+ * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+
 #ifdef TFM_SQR8
 void fp_sqr_comba8(fp_int *A, fp_int *B)
 {
--- a/ctaocrypt/src/fp_sqr_comba_9.i
+++ b/ctaocrypt/src/fp_sqr_comba_9.i
@@ -1,3 +1,25 @@
+/* fp_sqr_comba_9.i
+ *
+ * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+
 #ifdef TFM_SQR9
 void fp_sqr_comba9(fp_int *A, fp_int *B)
 {
--- a/ctaocrypt/src/fp_sqr_comba_small_set.i
+++ b/ctaocrypt/src/fp_sqr_comba_small_set.i
@@ -1,3 +1,25 @@
+/* fp_sqr_comba_small_set.i
+ *
+ * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+
 #if defined(TFM_SMALL_SET)
 void fp_sqr_comba_small(fp_int *A, fp_int *B)
 {
@@ -1509,6 +1531,9 @@ void fp_sqr_comba_small(fp_int *A, fp_int *B)
      memcpy(B->dp, b, 32 * sizeof(fp_digit));
      fp_clamp(B);
      break;
+
+   default:
+      break;
 }
 }

--- a/ctaocrypt/src/hc128.c
+++ b/ctaocrypt/src/hc128.c
@@ -1,6 +1,6 @@
 /* hc128.c
 *
- * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ * Copyright (C) 2006-2012 Sawtooth Consulting Ltd.
 *
 * This file is part of CyaSSL.
 *
@@ -19,11 +19,18 @@
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
 */

+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif

-#ifndef NO_HC128
+#ifdef HAVE_HC128

-#include "hc128.h"
-#include "misc.c"
+#include <cyassl/ctaocrypt/hc128.h>
+#ifdef NO_INLINE
+    #include <cyassl/ctaocrypt/hc128.h>
+#else
+    #include <ctaocrypt/src/misc.c>
+#endif


 #ifdef BIG_ENDIAN_ORDER
@@ -314,4 +321,13 @@ void Hc128_Process(HC128* ctx, byte* output, const byte* input, word32 msglen)
 }


-#endif /* NO_HC128 */
+#else  /* HAVE_HC128 */
+
+
+#ifdef _MSC_VER
+    /* 4206 warning for blank file */
+    #pragma warning(disable: 4206)
+#endif
+
+
+#endif /* HAVE_HC128 */
--- a/ctaocrypt/src/hmac.c
+++ b/ctaocrypt/src/hmac.c
@@ -1,6 +1,6 @@
 /* hmac.c
 *
- * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ * Copyright (C) 2006-2012 Sawtooth Consulting Ltd.
 *
 * This file is part of CyaSSL.
 *
@@ -19,20 +19,23 @@
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
 */

+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif

 #ifndef NO_HMAC

-#include "ctc_hmac.h"
-
+#include <cyassl/ctaocrypt/hmac.h>
+#include <cyassl/ctaocrypt/error.h>


 static int InitHmac(Hmac* hmac, int type)
 {
    hmac->innerHashKeyed = 0;
-    hmac->macType = type;
+    hmac->macType = (byte)type;

    if (!(type == MD5 || type == SHA || type == SHA256))
-        return -1;
+        return BAD_FUNC_ARG;

    if (type == MD5)
        InitMd5(&hmac->hash.md5);
--- a/ctaocrypt/src/include.am
+++ b/ctaocrypt/src/include.am
@@ -0,0 +1,39 @@
+# vim:ft=automake
+# All paths should be given relative to the root
+
+EXTRA_DIST += ctaocrypt/src/misc.c
+EXTRA_DIST += ctaocrypt/src/asm.c 
+
+EXTRA_DIST += \
+              ctaocrypt/src/ecc_fp.c \
+              ctaocrypt/src/fp_mont_small.i \
+              ctaocrypt/src/fp_mul_comba_12.i \
+              ctaocrypt/src/fp_mul_comba_17.i \
+              ctaocrypt/src/fp_mul_comba_20.i \
+              ctaocrypt/src/fp_mul_comba_24.i \
+              ctaocrypt/src/fp_mul_comba_28.i \
+              ctaocrypt/src/fp_mul_comba_32.i \
+              ctaocrypt/src/fp_mul_comba_3.i \
+              ctaocrypt/src/fp_mul_comba_48.i \
+              ctaocrypt/src/fp_mul_comba_4.i \
+              ctaocrypt/src/fp_mul_comba_64.i \
+              ctaocrypt/src/fp_mul_comba_6.i \
+              ctaocrypt/src/fp_mul_comba_7.i \
+              ctaocrypt/src/fp_mul_comba_8.i \
+              ctaocrypt/src/fp_mul_comba_9.i \
+              ctaocrypt/src/fp_mul_comba_small_set.i \
+              ctaocrypt/src/fp_sqr_comba_12.i \
+              ctaocrypt/src/fp_sqr_comba_17.i \
+              ctaocrypt/src/fp_sqr_comba_20.i \
+              ctaocrypt/src/fp_sqr_comba_24.i \
+              ctaocrypt/src/fp_sqr_comba_28.i \
+              ctaocrypt/src/fp_sqr_comba_32.i \
+              ctaocrypt/src/fp_sqr_comba_3.i \
+              ctaocrypt/src/fp_sqr_comba_48.i \
+              ctaocrypt/src/fp_sqr_comba_4.i \
+              ctaocrypt/src/fp_sqr_comba_64.i \
+              ctaocrypt/src/fp_sqr_comba_6.i \
+              ctaocrypt/src/fp_sqr_comba_7.i \
+              ctaocrypt/src/fp_sqr_comba_8.i \
+              ctaocrypt/src/fp_sqr_comba_9.i \
+              ctaocrypt/src/fp_sqr_comba_small_set.i
--- a/ctaocrypt/src/integer.c
+++ b/ctaocrypt/src/integer.c
@@ -1,6 +1,6 @@
 /* integer.c
 *
- * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ * Copyright (C) 2006-2012 Sawtooth Consulting Ltd.
 *
 * This file is part of CyaSSL.
 *
@@ -19,15 +19,30 @@
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
 */

+
 /*
 * Based on public domain LibTomMath 0.38 by Tom St Denis, tomstdenis@iahu.ca,
 * http://math.libtomcrypt.com
 */


+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+/* in case user set USE_FAST_MATH there */
+#include <cyassl/ctaocrypt/settings.h>
+
 #ifndef USE_FAST_MATH

-#include "integer.h"
+#include <cyassl/ctaocrypt/integer.h>
+
+
+/* math settings check */
+word32 CheckRunTimeSettings(void)
+{
+    return CTC_SETTINGS;
+}


 /* handle up to 6 inits */
@@ -1245,7 +1260,7 @@ int mp_div(mp_int * a, mp_int * b, mp_int * c, mp_int * d)
  }
 	
  /* init our temps */
-  if ((res = mp_init_multi(&ta, &tb, &tq, &q, 0, 0) != MP_OKAY)) {
+  if ((res = mp_init_multi(&ta, &tb, &tq, &q, 0, 0)) != MP_OKAY) {
     return res;
  }

@@ -1997,7 +2012,11 @@ mp_montgomery_setup (mp_int * n, mp_digit * rho)
 int fast_mp_montgomery_reduce (mp_int * x, mp_int * n, mp_digit rho)
 {
  int     ix, res, olduse;
+#ifdef CYASSL_SMALL_STACK
+  mp_word* W;    /* uses dynamic memory and slower */
+#else
  mp_word W[MP_WARRAY];
+#endif

  /* get old used count */
  olduse = x->used;
@@ -2009,6 +2028,12 @@ int fast_mp_montgomery_reduce (mp_int * x, mp_int * n, mp_digit rho)
    }
  }

+#ifdef CYASSL_SMALL_STACK
+  W = (mp_word*)XMALLOC(sizeof(mp_word) * MP_WARRAY, 0, DYNAMIC_TYPE_BIGINT);
+  if (W == NULL)    
+    return MP_MEM;
+#endif
+
  /* first we have to get the digits of the input into
   * an array of double precision words W[...]
   */
@@ -2130,6 +2155,10 @@ int fast_mp_montgomery_reduce (mp_int * x, mp_int * n, mp_digit rho)
  x->used = n->used + 1;
  mp_clamp (x);

+#ifdef CYASSL_SMALL_STACK
+  XFREE(W, 0, DYNAMIC_TYPE_BIGINT);
+#endif
+
  /* if A >= m then A = A - m */
  if (mp_cmp_mag (x, n) != MP_LT) {
    return s_mp_sub (x, n, x);
@@ -2717,7 +2746,12 @@ After that loop you do the squares and add them in.
 int fast_s_mp_sqr (mp_int * a, mp_int * b)
 {
  int       olduse, res, pa, ix, iz;
-  mp_digit   W[MP_WARRAY], *tmpx;
+#ifdef CYASSL_SMALL_STACK
+  mp_digit* W;    /* uses dynamic memory and slower */
+#else
+  mp_digit W[MP_WARRAY];
+#endif
+  mp_digit  *tmpx;
  mp_word   W1;

  /* grow the destination as required */
@@ -2728,6 +2762,12 @@ int fast_s_mp_sqr (mp_int * a, mp_int * b)
    }
  }

+#ifdef CYASSL_SMALL_STACK
+  W = (mp_digit*)XMALLOC(sizeof(mp_digit) * MP_WARRAY, 0, DYNAMIC_TYPE_BIGINT);
+  if (W == NULL)    
+    return MP_MEM;
+#endif
+
  /* number of output digits to produce */
  W1 = 0;
  for (ix = 0; ix < pa; ix++) { 
@@ -2794,6 +2834,11 @@ int fast_s_mp_sqr (mp_int * a, mp_int * b)
    }
  }
  mp_clamp (b);
+
+#ifdef CYASSL_SMALL_STACK
+  XFREE(W, 0, DYNAMIC_TYPE_BIGINT);
+#endif
+
  return MP_OKAY;
 }

@@ -2817,7 +2862,11 @@ int fast_s_mp_sqr (mp_int * a, mp_int * b)
 int fast_s_mp_mul_digs (mp_int * a, mp_int * b, mp_int * c, int digs)
 {
  int     olduse, res, pa, ix, iz;
+#ifdef CYASSL_SMALL_STACK
+  mp_digit* W;    /* uses dynamic memory and slower */
+#else
  mp_digit W[MP_WARRAY];
+#endif
  register mp_word  _W;

  /* grow the destination as required */
@@ -2830,6 +2879,12 @@ int fast_s_mp_mul_digs (mp_int * a, mp_int * b, mp_int * c, int digs)
  /* number of output digits to produce */
  pa = MIN(digs, a->used + b->used);

+#ifdef CYASSL_SMALL_STACK
+  W = (mp_digit*)XMALLOC(sizeof(mp_digit) * MP_WARRAY, 0, DYNAMIC_TYPE_BIGINT);
+  if (W == NULL)    
+    return MP_MEM;
+#endif
+
  /* clear the carry */
  _W = 0;
  for (ix = 0; ix < pa; ix++) { 
@@ -2881,6 +2936,11 @@ int fast_s_mp_mul_digs (mp_int * a, mp_int * b, mp_int * c, int digs)
    }
  }
  mp_clamp (c);
+
+#ifdef CYASSL_SMALL_STACK
+  XFREE(W, 0, DYNAMIC_TYPE_BIGINT);
+#endif
+
  return MP_OKAY;
 }

@@ -3523,7 +3583,11 @@ s_mp_mul_high_digs (mp_int * a, mp_int * b, mp_int * c, int digs)
 int fast_s_mp_mul_high_digs (mp_int * a, mp_int * b, mp_int * c, int digs)
 {
  int     olduse, res, pa, ix, iz;
+#ifdef CYASSL_SMALL_STACK
+  mp_digit* W;    /* uses dynamic memory and slower */
+#else
  mp_digit W[MP_WARRAY];
+#endif
  mp_word  _W;

  /* grow the destination as required */
@@ -3534,6 +3598,12 @@ int fast_s_mp_mul_high_digs (mp_int * a, mp_int * b, mp_int * c, int digs)
    }
  }

+#ifdef CYASSL_SMALL_STACK
+  W = (mp_digit*)XMALLOC(sizeof(mp_digit) * MP_WARRAY, 0, DYNAMIC_TYPE_BIGINT);
+  if (W == NULL)    
+    return MP_MEM;
+#endif
+
  /* number of output digits to produce */
  pa = a->used + b->used;
  _W = 0;
@@ -3585,6 +3655,11 @@ int fast_s_mp_mul_high_digs (mp_int * a, mp_int * b, mp_int * c, int digs)
    }
  }
  mp_clamp (c);
+
+#ifdef CYASSL_SMALL_STACK
+  XFREE(W, 0, DYNAMIC_TYPE_BIGINT);
+#endif
+
  return MP_OKAY;
 }

@@ -3610,8 +3685,10 @@ int mp_sqrmod (mp_int * a, mp_int * b, mp_int * c)
  return res;
 }

+#endif

-int mp_sub_d (mp_int* a, mp_digit b, mp_int* c);
+
+#if defined(CYASSL_KEY_GEN) || defined(HAVE_ECC) || !defined(NO_PWDBASED)

 /* single digit addition */
 int mp_add_d (mp_int* a, mp_digit b, mp_int* c)
@@ -3799,7 +3876,7 @@ static int s_is_power_of_two(mp_digit b, int *p)
 }

 /* single digit division (based on routine from MPI) */
-int mp_div_d (mp_int * a, mp_digit b, mp_int * c, mp_digit * d)
+static int mp_div_d (mp_int * a, mp_digit b, mp_int * c, mp_digit * d)
 {
  mp_int  q;
  mp_word w;
@@ -3874,7 +3951,7 @@ int mp_div_d (mp_int * a, mp_digit b, mp_int * c, mp_digit * d)
 }


-int mp_mod_d (mp_int * a, mp_digit b, mp_digit * c)
+static int mp_mod_d (mp_int * a, mp_digit b, mp_digit * c)
 {
  return mp_div_d(a, b, NULL, c);
 }
@@ -3929,7 +4006,7 @@ const mp_digit ltm_prime_tab[] = {
 * Randomly the chance of error is no more than 1/4 and often 
 * very much lower.
 */
-int mp_prime_miller_rabin (mp_int * a, mp_int * b, int *result)
+static int mp_prime_miller_rabin (mp_int * a, mp_int * b, int *result)
 {
  mp_int  n1, y, r;
  int     s, j, err;
@@ -4010,7 +4087,7 @@ LBL_N1:mp_clear (&n1);
 *
 * sets result to 0 if not, 1 if yes
 */
-int mp_prime_is_divisible (mp_int * a, int *result)
+static int mp_prime_is_divisible (mp_int * a, int *result)
 {
  int     err, ix;
  mp_digit res;
--- a/ctaocrypt/src/logging.c
+++ b/ctaocrypt/src/logging.c
@@ -0,0 +1,153 @@
+/* logging.c
+ *
+ * Copyright (C) 2006-2012 Sawtooth Consulting Ltd.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+/* submitted by eof */
+
+#include <cyassl/ctaocrypt/settings.h>
+#include <cyassl/ctaocrypt/logging.h>
+#include <cyassl/ctaocrypt/error.h>
+
+
+#ifdef __cplusplus
+    extern "C" {
+#endif
+    CYASSL_API int  CyaSSL_Debugging_ON(void);
+    CYASSL_API void CyaSSL_Debugging_OFF(void);
+#ifdef __cplusplus
+    } 
+#endif
+
+
+#ifdef DEBUG_CYASSL
+
+/* Set these to default values initially. */
+static CyaSSL_Logging_cb log_function = 0;
+static int loggingEnabled = 0;
+
+#endif /* DEBUG_CYASSL */
+
+
+int CyaSSL_SetLoggingCb(CyaSSL_Logging_cb f)
+{
+#ifdef DEBUG_CYASSL
+    int res = 0;
+
+    if (f)
+        log_function = f;
+    else
+        res = BAD_FUNC_ARG;
+
+    return res;
+#else
+    (void)f;
+    return NOT_COMPILED_IN;
+#endif
+}
+
+
+int CyaSSL_Debugging_ON(void)
+{
+#ifdef DEBUG_CYASSL
+    loggingEnabled = 1;
+    return 0;
+#else
+    return NOT_COMPILED_IN;
+#endif
+}
+
+
+void CyaSSL_Debugging_OFF(void)
+{
+#ifdef DEBUG_CYASSL
+    loggingEnabled = 0;
+#endif
+}
+
+
+#ifdef DEBUG_CYASSL
+
+#include <stdio.h>   /* for default printf stuff */
+
+#ifdef THREADX
+    int dc_log_printf(char*, ...);
+#endif
+
+static void cyassl_log(const int logLevel, const char *const logMessage)
+{
+    if (log_function)
+        log_function(logLevel, logMessage);
+    else {
+        if (loggingEnabled) {
+#ifdef THREADX
+            dc_log_printf("%s\n", logMessage);
+#elif defined(MICRIUM)
+        #if (NET_SECURE_MGR_CFG_EN == DEF_ENABLED)
+            NetSecure_TraceOut((CPU_CHAR *)logMessage);
+        #endif
+#else
+            fprintf(stderr, "%s\n", logMessage);
+#endif
+        }
+    }
+}
+
+
+void CYASSL_MSG(const char* msg)
+{
+    if (loggingEnabled)
+        cyassl_log(INFO_LOG , msg);
+}
+
+
+void CYASSL_ENTER(const char* msg)
+{
+    if (loggingEnabled) {
+        char buffer[80];
+        sprintf(buffer, "CyaSSL Entering %s", msg);
+        cyassl_log(ENTER_LOG , buffer);
+    }
+}
+
+
+void CYASSL_LEAVE(const char* msg, int ret)
+{
+    if (loggingEnabled) {
+        char buffer[80];
+        sprintf(buffer, "CyaSSL Leaving %s, return %d", msg, ret);
+        cyassl_log(LEAVE_LOG , buffer);
+    }
+}
+
+
+void CYASSL_ERROR(int error)
+{
+    if (loggingEnabled) {
+        char buffer[80];
+        sprintf(buffer, "CyaSSL error occured, error = %d", error);
+        cyassl_log(ERROR_LOG , buffer);
+    }
+}
+
+#endif  /* DEBUG_CYASSL */ 
--- a/ctaocrypt/src/md4.c
+++ b/ctaocrypt/src/md4.c
@@ -1,6 +1,6 @@
 /* md4.c
 *
- * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ * Copyright (C) 2006-2012 Sawtooth Consulting Ltd.
 *
 * This file is part of CyaSSL.
 *
@@ -19,18 +19,21 @@
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
 */

+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+

 #ifndef NO_MD4

-#include "ctc_md4.h"
+#include <cyassl/ctaocrypt/md4.h>
 #ifdef NO_INLINE
-    #include "misc.h"
+    #include <cyassl/ctaocrypt/misc.h>
 #else
-    #include "misc.c"
+    #include <ctaocrypt/src/misc.c>
 #endif


-
 #ifndef min

    static INLINE word32 min(word32 a, word32 b)
@@ -189,9 +192,9 @@ void Md4Final(Md4* md4, byte* hash)
    XMEMSET(&local[md4->buffLen], 0, MD4_PAD_SIZE - md4->buffLen);
   
    /* put lengths in bits */
-    md4->loLen = md4->loLen << 3;
    md4->hiLen = (md4->loLen >> (8*sizeof(md4->loLen) - 3)) + 
                 (md4->hiLen << 3);
+    md4->loLen = md4->loLen << 3;

    /* store lengths */
    #ifdef BIG_ENDIAN_ORDER
--- a/ctaocrypt/src/md5.c
+++ b/ctaocrypt/src/md5.c
@@ -1,6 +1,6 @@
 /* md5.c
 *
- * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ * Copyright (C) 2006-2012 Sawtooth Consulting Ltd.
 *
 * This file is part of CyaSSL.
 *
@@ -20,13 +20,17 @@
 */


-#include "ctc_md5.h"
-#ifdef NO_INLINE
-    #include "misc.h"
-#else
-    #include "misc.c"
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
 #endif

+#include <cyassl/ctaocrypt/md5.h>
+
+#ifdef NO_INLINE
+    #include <cyassl/ctaocrypt/misc.h>
+#else
+    #include <ctaocrypt/src/misc.c>
+#endif


 #ifndef min
@@ -199,9 +203,9 @@ void Md5Final(Md5* md5, byte* hash)
    XMEMSET(&local[md5->buffLen], 0, MD5_PAD_SIZE - md5->buffLen);
   
    /* put lengths in bits */
-    md5->loLen = md5->loLen << 3;
    md5->hiLen = (md5->loLen >> (8*sizeof(md5->loLen) - 3)) + 
                 (md5->hiLen << 3);
+    md5->loLen = md5->loLen << 3;

    /* store lengths */
    #ifdef BIG_ENDIAN_ORDER
--- a/ctaocrypt/src/memory.c
+++ b/ctaocrypt/src/memory.c
@@ -0,0 +1,99 @@
+/* memory.c 
+ *
+ * Copyright (C) 2006-2012 Sawtooth Consulting Ltd.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+/* submitted by eof */
+
+
+#include <cyassl/ctaocrypt/settings.h>
+
+#ifdef USE_CYASSL_MEMORY
+
+#include <cyassl/ctaocrypt/memory.h>
+#include <cyassl/ctaocrypt/error.h>
+
+
+/* Set these to default values initially. */
+static CyaSSL_Malloc_cb  malloc_function = 0;
+static CyaSSL_Free_cb    free_function = 0;
+static CyaSSL_Realloc_cb realloc_function = 0;
+
+int CyaSSL_SetAllocators(CyaSSL_Malloc_cb  mf,
+                         CyaSSL_Free_cb    ff,
+                         CyaSSL_Realloc_cb rf)
+{
+    int res = 0;
+
+    if (mf)
+        malloc_function = mf;
+	else
+        res = BAD_FUNC_ARG;
+
+    if (ff)
+        free_function = ff;
+    else
+        res = BAD_FUNC_ARG;
+
+    if (rf)
+        realloc_function = rf;
+    else
+        res = BAD_FUNC_ARG;
+
+    return res;
+}
+
+
+void* CyaSSL_Malloc(size_t size)
+{
+    void* res = 0;
+
+    if (malloc_function)
+        res = malloc_function(size);
+    else
+        res = malloc(size);
+
+    return res;
+}
+
+void CyaSSL_Free(void *ptr)
+{
+    if (free_function)
+        free_function(ptr);
+    else
+        free(ptr);
+}
+
+void* CyaSSL_Realloc(void *ptr, size_t size)
+{
+    void* res = 0;
+
+    if (realloc_function)
+        res = realloc_function(ptr, size);
+    else
+        res = realloc(ptr, size);
+
+    return res;
+}
+
+#endif /* USE_CYASSL_MEMORY */
--- a/ctaocrypt/src/misc.c
+++ b/ctaocrypt/src/misc.c
@@ -1,6 +1,6 @@
 /* misc.c
 *
- * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ * Copyright (C) 2006-2012 Sawtooth Consulting Ltd.
 *
 * This file is part of CyaSSL.
 *
@@ -19,8 +19,11 @@
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
 */

+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif

-#include "misc.h"
+#include <cyassl/ctaocrypt/misc.h>

 /* inlining these functions is a huge speed increase and a small size decrease, 
   because the functions are smaller than function call setup/cleanup, e.g.,
@@ -158,7 +161,7 @@ STATIC INLINE void XorWords(word* r, const word* a, word32 n)

 STATIC INLINE void xorbuf(byte* buf, const byte* mask, word32 count)
 {
-    if (((size_t)buf | (size_t)mask | count) % WORD_SIZE == 0)
+    if (((word)buf | (word)mask | count) % WORD_SIZE == 0)
        XorWords( (word*)buf, (const word*)mask, count / WORD_SIZE);
    else {
        word32 i;
--- a/ctaocrypt/src/pwdbased.c
+++ b/ctaocrypt/src/pwdbased.c
@@ -1,6 +1,6 @@
 /* pwdbased.c
 *
- * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ * Copyright (C) 2006-2012 Sawtooth Consulting Ltd.
 *
 * This file is part of CyaSSL.
 *
@@ -19,10 +19,34 @@
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
 */

+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif

 #ifndef NO_PWDBASED

-#include "pwdbased.h"
+#include <cyassl/ctaocrypt/pwdbased.h>
+#include <cyassl/ctaocrypt/hmac.h>
+#include <cyassl/ctaocrypt/integer.h>
+#include <cyassl/ctaocrypt/error.h>
+#ifdef CYASSL_SHA512
+    #include <cyassl/ctaocrypt/sha512.h>
+#endif
+#ifdef NO_INLINE
+    #include <cyassl/ctaocrypt/misc.h>
+#else
+    #include <ctaocrypt/src/misc.c>
+#endif
+
+
+#ifndef min
+
+    static INLINE word32 min(word32 a, word32 b)
+    {
+        return a > b ? b : a;
+    }
+
+#endif /* min */


 int PBKDF1(byte* output, const byte* passwd, int pLen, const byte* salt,
@@ -35,13 +59,13 @@ int PBKDF1(byte* output, const byte* passwd, int pLen, const byte* salt,
    byte buffer[SHA_DIGEST_SIZE];  /* max size */

    if (hashType != MD5 && hashType != SHA)
-        return -1;
+        return BAD_FUNC_ARG;

    if (kLen > hLen)
-        return -1;
+        return BAD_FUNC_ARG;

    if (iterations < 1)
-        return -1;
+        return BAD_FUNC_ARG;

    if (hashType == MD5) {
        InitMd5(&md5);
@@ -72,5 +96,224 @@ int PBKDF1(byte* output, const byte* passwd, int pLen, const byte* salt,
 }


+int PBKDF2(byte* output, const byte* passwd, int pLen, const byte* salt,
+           int sLen, int iterations, int kLen, int hashType)
+{
+    word32 i = 1;
+    int    hLen;
+    int    j;
+    Hmac   hmac;
+    byte   buffer[INNER_HASH_SIZE];  /* max size */
+
+    if (hashType == MD5) {
+        hLen = MD5_DIGEST_SIZE;
+    }
+    else if (hashType == SHA) {
+        hLen = SHA_DIGEST_SIZE;
+    }
+#ifndef NO_SHA256
+    else if (hashType == SHA256) {
+        hLen = SHA256_DIGEST_SIZE;
+    }
+#endif
+#ifdef CYASSL_SHA512
+    else if (hashType == SHA512) {
+        hLen = SHA512_DIGEST_SIZE;
+    }
+#endif
+    else
+        return BAD_FUNC_ARG;
+
+    HmacSetKey(&hmac, hashType, passwd, pLen);
+
+    while (kLen) {
+        int currentLen;
+        HmacUpdate(&hmac, salt, sLen);
+
+        /* encode i */
+        for (j = 0; j < 4; j++) {
+            byte b = (byte)(i >> ((3-j) * 8));
+            HmacUpdate(&hmac, &b, 1);
+        }
+        HmacFinal(&hmac, buffer);
+
+        currentLen = min(kLen, hLen);
+        XMEMCPY(output, buffer, currentLen);
+
+        for (j = 1; j < iterations; j++) {
+            HmacUpdate(&hmac, buffer, hLen);
+            HmacFinal(&hmac, buffer);
+            xorbuf(output, buffer, currentLen);
+        }
+
+        output += currentLen;
+        kLen   -= currentLen;
+        i++;
+    }
+
+    return 0;
+}
+
+
+int PKCS12_PBKDF(byte* output, const byte* passwd, int passLen,const byte* salt,
+                 int saltLen, int iterations, int kLen, int hashType, int id)
+{
+    /* all in bytes instead of bits */
+    word32 u, v, dLen, pLen, iLen, sLen, totalLen;
+    int    dynamic = 0;
+    int    ret = 0;
+    int    i;
+    byte   *D, *S, *P, *I;
+    byte   staticBuffer[1024];
+    byte*  buffer = staticBuffer;
+#ifdef CYASSL_SHA512
+    byte   Ai[SHA512_DIGEST_SIZE];
+    byte   B[SHA512_BLOCK_SIZE];
+#elif !defined(NO_SHA256)
+    byte   Ai[SHA256_DIGEST_SIZE];
+    byte   B[SHA256_BLOCK_SIZE];
+#else
+    byte   Ai[SHA_DIGEST_SIZE];
+    byte   B[SHA_BLOCK_SIZE];
+#endif
+
+    if (!iterations)
+        iterations = 1;
+
+    if (hashType == MD5) {
+        v = MD5_BLOCK_SIZE;
+        u = MD5_DIGEST_SIZE;
+    }
+    else if (hashType == SHA) {
+        v = SHA_BLOCK_SIZE;
+        u = SHA_DIGEST_SIZE;
+    }
+#ifndef NO_SHA256
+    else if (hashType == SHA256) {
+        v = SHA256_BLOCK_SIZE;
+        u = SHA256_DIGEST_SIZE;
+    }
+#endif
+#ifdef CYASSL_SHA512
+    else if (hashType == SHA512) {
+        v = SHA512_BLOCK_SIZE;
+        u = SHA512_DIGEST_SIZE;
+    }
+#endif
+    else
+        return BAD_FUNC_ARG; 
+
+    dLen = v;
+    sLen =  v * ((saltLen + v - 1) / v);
+    if (passLen)
+        pLen = v * ((passLen + v - 1) / v);
+    else
+        pLen = 0;
+    iLen = sLen + pLen;
+
+    totalLen = dLen + sLen + pLen;
+
+    if (totalLen > sizeof(staticBuffer)) {
+        buffer = (byte*)XMALLOC(totalLen, 0, DYNAMIC_TYPE_KEY);
+        if (buffer == NULL) return MEMORY_E;
+        dynamic = 1;
+    } 
+
+    D = buffer;
+    S = D + dLen;
+    P = S + sLen;
+    I = S;
+
+    XMEMSET(D, id, dLen);
+
+    for (i = 0; i < (int)sLen; i++)
+        S[i] = salt[i % saltLen];
+    for (i = 0; i < (int)pLen; i++)
+        P[i] = passwd[i % passLen];
+
+    while (kLen > 0) {
+        word32 currentLen;
+        mp_int B1;
+
+        if (hashType == MD5) {
+        }
+        else if (hashType == SHA) {
+            Sha sha;
+
+            InitSha(&sha);
+            ShaUpdate(&sha, buffer, totalLen);
+            ShaFinal(&sha, Ai);
+
+            for (i = 1; i < iterations; i++) {
+                ShaUpdate(&sha, Ai, u);
+                ShaFinal(&sha, Ai);
+            }
+        }
+#ifndef NO_SHA256
+        else if (hashType == SHA256) {
+        }
+#endif
+#ifdef CYASSL_SHA512
+        else if (hashType == SHA512) {
+        }
+#endif
+
+        for (i = 0; i < (int)v; i++)
+            B[i] = Ai[i % u];
+
+        mp_init(&B1);
+        if (mp_read_unsigned_bin(&B1, B, v) != MP_OKAY)
+            ret = MP_READ_E;
+        else if (mp_add_d(&B1, (mp_digit)1, &B1) != MP_OKAY) {
+            ret = MP_ADD_E;
+            mp_clear(&B1);
+            break;
+        }
+
+        for (i = 0; i < (int)iLen; i += v) {
+            int    outSz;
+            mp_int i1;
+            mp_int res;
+
+            mp_init(&i1);
+            mp_init(&res);
+
+            if (mp_read_unsigned_bin(&i1, I + i, v) != MP_OKAY)
+                ret = MP_READ_E;
+            else if (mp_add(&i1, &B1, &res) != MP_OKAY)
+                ret = MP_ADD_E;
+            else if ( (outSz = mp_unsigned_bin_size(&res)) < 0)
+                ret = MP_TO_E;
+            else {
+                if (outSz > (int)v) {
+                    /* take off MSB */
+                    byte  tmp[129];
+                    mp_to_unsigned_bin(&res, tmp);
+                    XMEMCPY(I + i, tmp + 1, v);
+                }
+                else if (outSz < (int)v) {
+                    XMEMSET(I + i, 0, v - outSz);
+                    mp_to_unsigned_bin(&res, I + i + v - outSz);
+                }
+                else
+                    mp_to_unsigned_bin(&res, I + i);
+            }
+
+            mp_clear(&i1);
+            mp_clear(&res);
+            if (ret < 0) break;
+        }
+
+        currentLen = min(kLen, (int)u);
+        XMEMCPY(output, Ai, currentLen);
+        output += currentLen;
+        kLen   -= currentLen;
+        mp_clear(&B1);
+    }
+
+    if (dynamic) XFREE(buffer, 0, DYNAMIC_TYPE_KEY);
+    return ret;
+}
+
 #endif /* NO_PWDBASED */

--- a/ctaocrypt/src/rabbit.c
+++ b/ctaocrypt/src/rabbit.c
@@ -1,6 +1,6 @@
 /* rabbit.c
 *
- * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ * Copyright (C) 2006-2012 Sawtooth Consulting Ltd.
 *
 * This file is part of CyaSSL.
 *
@@ -19,11 +19,18 @@
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
 */

+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif

 #ifndef NO_RABBIT

-#include "rabbit.h"
-#include "misc.c"
+#include <cyassl/ctaocrypt/rabbit.h>
+#ifdef NO_INLINE
+    #include <cyassl/ctaocrypt/misc.h>
+#else
+    #include <ctaocrypt/src/misc.c>
+#endif


 #ifdef BIG_ENDIAN_ORDER
--- a/ctaocrypt/src/random.c
+++ b/ctaocrypt/src/random.c
@@ -1,6 +1,6 @@
 /* random.c
 *
- * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ * Copyright (C) 2006-2012 Sawtooth Consulting Ltd.
 *
 * This file is part of CyaSSL.
 *
@@ -19,18 +19,23 @@
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
 */

+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif

 /* on HPUX 11 you may need to install /dev/random see
   http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=KRNG11I

 */

-#include "random.h"
-#include "error.h"
+#include <cyassl/ctaocrypt/random.h>
+#include <cyassl/ctaocrypt/error.h>


 #if defined(USE_WINDOWS_API)
-    #define _WIN32_WINNT 0x0400
+    #ifndef _WIN32_WINNT
+        #define _WIN32_WINNT 0x0400
+    #endif
    #include <windows.h>
    #include <wincrypt.h>
 #else
@@ -150,6 +155,8 @@ int GenerateSeed(OS_Seed* os, byte* output, word32 sz)
 /* may block */
 int GenerateSeed(OS_Seed* os, byte* output, word32 sz)
 {
+    int ret = 0;
+
    os->fd = open("/dev/urandom",O_RDONLY);
    if (os->fd == -1) {
        /* may still have /dev/random */
@@ -160,22 +167,26 @@ int GenerateSeed(OS_Seed* os, byte* output, word32 sz)

    while (sz) {
        int len = read(os->fd, output, sz);
-        if (len == -1) 
-            return READ_RAN_E;
+        if (len == -1) { 
+            ret = READ_RAN_E;
+            break;
+        }

        sz     -= len;
        output += len;

-        if (sz)
+        if (sz) {
 #ifdef BLOCKING
            sleep(0);             /* context switch */
 #else
-            return RAN_BLOCK_E;
+            ret = RAN_BLOCK_E;
+            break;
 #endif
+        }
    }
    close(os->fd);

-    return 0;
+    return ret;
 }

 #endif /* USE_WINDOWS_API */
--- a/Show More
+++ b/Show More