fix small build proper

Updates to autoconf

.gitignore

@@ -0,0 +1,71 @@
+*.lo
+*.la
+*.o
+*.deps
+*.libs
+*.cache
+.dirstamp
+*.user
+config*
+*Debug/
+*Release/
+*.ncb
+*.suo
+stamp-h
+libtool.m4
+aclocal.m4
+lt*.m4
+INSTALL
+Makefile.in
+Makefile
+depcomp
+missing
+libtool
+tags
+.tags*
+cyassl.sublime*
+ctaocrypt/benchmark/benchmark
+ctaocrypt/test/testctaocrypt
+examples/client/client
+examples/echoclient/echoclient
+examples/echoserver/echoserver
+examples/server/server
+snifftest
+output
+testsuite/testsuite
+tests/unit
+testsuite/*.der
+testsuite/*.pem
+testsuite/*.raw
+cert.der
+cert.pem
+othercert.der
+othercert.pem
+key.der
+key.pem
+diff
+sslSniffer/sslSnifferTest/tracefile.txt
+*.gz
+*.zip
+*.bak
+*.dummy
+*.xcworkspace
+xcuserdata
+compile
+NTRU_algorithm/
+NTRU/
+build-test/
+build/
+cyassl.xcodeproj/
+cyassl*rc*
+autoscan.log
+TAGS
+.DS_Store
+support/libcyassl.pc
+cyassl/version.h
+cyassl/ctaocrypt/stamp-h1
+swig/_cyassl.so
+swig/cyassl.py
+swig/cyassl.pyc
+swig/cyassl_wrap.c
+stamp-h1

INSTALL

@@ -1,234 +0,0 @@
-Installation Instructions
-*************************
-
-Copyright (C) 1994, 1995, 1996, 1999, 2000, 2001, 2002, 2004, 2005,
-2006 Free Software Foundation, Inc.
-
-This file is free documentation; the Free Software Foundation gives
-unlimited permission to copy, distribute and modify it.
-
-Basic Installation
-==================
-
-Briefly, the shell commands `./configure; make; make install' should
-configure, build, and install this package.  The following
-more-detailed instructions are generic; see the `README' file for
-instructions specific to this package.
-
-   The `configure' shell script attempts to guess correct values for
-various system-dependent variables used during compilation.  It uses
-those values to create a `Makefile' in each directory of the package.
-It may also create one or more `.h' files containing system-dependent
-definitions.  Finally, it creates a shell script `config.status' that
-you can run in the future to recreate the current configuration, and a
-file `config.log' containing compiler output (useful mainly for
-debugging `configure').
-
-   It can also use an optional file (typically called `config.cache'
-and enabled with `--cache-file=config.cache' or simply `-C') that saves
-the results of its tests to speed up reconfiguring.  Caching is
-disabled by default to prevent problems with accidental use of stale
-cache files.
-
-   If you need to do unusual things to compile the package, please try
-to figure out how `configure' could check whether to do them, and mail
-diffs or instructions to the address given in the `README' so they can
-be considered for the next release.  If you are using the cache, and at
-some point `config.cache' contains results you don't want to keep, you
-may remove or edit it.
-
-   The file `configure.ac' (or `configure.in') is used to create
-`configure' by a program called `autoconf'.  You need `configure.ac' if
-you want to change it or regenerate `configure' using a newer version
-of `autoconf'.
-
-The simplest way to compile this package is:
-
-  1. `cd' to the directory containing the package's source code and type
-     `./configure' to configure the package for your system.
-
-     Running `configure' might take a while.  While running, it prints
-     some messages telling which features it is checking for.
-
-  2. Type `make' to compile the package.
-
-  3. Optionally, type `make check' to run any self-tests that come with
-     the package.
-
-  4. Type `make install' to install the programs and any data files and
-     documentation.
-
-  5. You can remove the program binaries and object files from the
-     source code directory by typing `make clean'.  To also remove the
-     files that `configure' created (so you can compile the package for
-     a different kind of computer), type `make distclean'.  There is
-     also a `make maintainer-clean' target, but that is intended mainly
-     for the package's developers.  If you use it, you may have to get
-     all sorts of other programs in order to regenerate files that came
-     with the distribution.
-
-Compilers and Options
-=====================
-
-Some systems require unusual options for compilation or linking that the
-`configure' script does not know about.  Run `./configure --help' for
-details on some of the pertinent environment variables.
-
-   You can give `configure' initial values for configuration parameters
-by setting variables in the command line or in the environment.  Here
-is an example:
-
-     ./configure CC=c99 CFLAGS=-g LIBS=-lposix
-
-   *Note Defining Variables::, for more details.
-
-Compiling For Multiple Architectures
-====================================
-
-You can compile the package for more than one kind of computer at the
-same time, by placing the object files for each architecture in their
-own directory.  To do this, you can use GNU `make'.  `cd' to the
-directory where you want the object files and executables to go and run
-the `configure' script.  `configure' automatically checks for the
-source code in the directory that `configure' is in and in `..'.
-
-   With a non-GNU `make', it is safer to compile the package for one
-architecture at a time in the source code directory.  After you have
-installed the package for one architecture, use `make distclean' before
-reconfiguring for another architecture.
-
-Installation Names
-==================
-
-By default, `make install' installs the package's commands under
-`/usr/local/bin', include files under `/usr/local/include', etc.  You
-can specify an installation prefix other than `/usr/local' by giving
-`configure' the option `--prefix=PREFIX'.
-
-   You can specify separate installation prefixes for
-architecture-specific files and architecture-independent files.  If you
-pass the option `--exec-prefix=PREFIX' to `configure', the package uses
-PREFIX as the prefix for installing programs and libraries.
-Documentation and other data files still use the regular prefix.
-
-   In addition, if you use an unusual directory layout you can give
-options like `--bindir=DIR' to specify different values for particular
-kinds of files.  Run `configure --help' for a list of the directories
-you can set and what kinds of files go in them.
-
-   If the package supports it, you can cause programs to be installed
-with an extra prefix or suffix on their names by giving `configure' the
-option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'.
-
-Optional Features
-=================
-
-Some packages pay attention to `--enable-FEATURE' options to
-`configure', where FEATURE indicates an optional part of the package.
-They may also pay attention to `--with-PACKAGE' options, where PACKAGE
-is something like `gnu-as' or `x' (for the X Window System).  The
-`README' should mention any `--enable-' and `--with-' options that the
-package recognizes.
-
-   For packages that use the X Window System, `configure' can usually
-find the X include and library files automatically, but if it doesn't,
-you can use the `configure' options `--x-includes=DIR' and
-`--x-libraries=DIR' to specify their locations.
-
-Specifying the System Type
-==========================
-
-There may be some features `configure' cannot figure out automatically,
-but needs to determine by the type of machine the package will run on.
-Usually, assuming the package is built to be run on the _same_
-architectures, `configure' can figure that out, but if it prints a
-message saying it cannot guess the machine type, give it the
-`--build=TYPE' option.  TYPE can either be a short name for the system
-type, such as `sun4', or a canonical name which has the form:
-
-     CPU-COMPANY-SYSTEM
-
-where SYSTEM can have one of these forms:
-
-     OS KERNEL-OS
-
-   See the file `config.sub' for the possible values of each field.  If
-`config.sub' isn't included in this package, then this package doesn't
-need to know the machine type.
-
-   If you are _building_ compiler tools for cross-compiling, you should
-use the option `--target=TYPE' to select the type of system they will
-produce code for.
-
-   If you want to _use_ a cross compiler, that generates code for a
-platform different from the build platform, you should specify the
-"host" platform (i.e., that on which the generated programs will
-eventually be run) with `--host=TYPE'.
-
-Sharing Defaults
-================
-
-If you want to set default values for `configure' scripts to share, you
-can create a site shell script called `config.site' that gives default
-values for variables like `CC', `cache_file', and `prefix'.
-`configure' looks for `PREFIX/share/config.site' if it exists, then
-`PREFIX/etc/config.site' if it exists.  Or, you can set the
-`CONFIG_SITE' environment variable to the location of the site script.
-A warning: not all `configure' scripts look for a site script.
-
-Defining Variables
-==================
-
-Variables not defined in a site shell script can be set in the
-environment passed to `configure'.  However, some packages may run
-configure again during the build, and the customized values of these
-variables may be lost.  In order to avoid this problem, you should set
-them in the `configure' command line, using `VAR=value'.  For example:
-
-     ./configure CC=/usr/local2/bin/gcc
-
-causes the specified `gcc' to be used as the C compiler (unless it is
-overridden in the site shell script).
-
-Unfortunately, this technique does not work for `CONFIG_SHELL' due to
-an Autoconf bug.  Until the bug is fixed you can use this workaround:
-
-     CONFIG_SHELL=/bin/bash /bin/bash ./configure CONFIG_SHELL=/bin/bash
-
-`configure' Invocation
-======================
-
-`configure' recognizes the following options to control how it operates.
-
-`--help'
-`-h'
-     Print a summary of the options to `configure', and exit.
-
-`--version'
-`-V'
-     Print the version of Autoconf used to generate the `configure'
-     script, and exit.
-
-`--cache-file=FILE'
-     Enable the cache: use and save the results of the tests in FILE,
-     traditionally `config.cache'.  FILE defaults to `/dev/null' to
-     disable caching.
-
-`--config-cache'
-`-C'
-     Alias for `--cache-file=config.cache'.
-
-`--quiet'
-`--silent'
-`-q'
-     Do not print messages saying which checks are being made.  To
-     suppress all normal output, redirect it to `/dev/null' (any error
-     messages will still be shown).
-
-`--srcdir=DIR'
-     Look for the package's source code in directory DIR.  Usually
-     `configure' can determine that directory automatically.
-
-`configure' also accepts some other, not widely useful, options.  Run
-`configure --help' for more details.
-

Makefile.am

@@ -1,30 +1,78 @@
-SUBDIRS = src ctaocrypt examples testsuite sslSniffer
-EXTRA_DIST = certs/*.pem certs/*.der certs/*.txt certs/*.raw \
-    lib/dummy *.sln *.vcproj cyassl-iphone.xcodeproj/project.pbxproj \
-    doc/*.pdf swig/README swig/*.i swig/cyassl_adds.c swig/*.sh swig/runme.* \
-    swig/python_cyassl.vcproj swig/rsasign.py
+# includes append to these:
+SUFFIXES =
+TESTS =
+CLEANFILES =
+DISTCLEANFILES =
+bin_PROGRAMS =
+noinst_HEADERS =
+lib_LTLIBRARIES =
+man_MANS =
+noinst_LTLIBRARIES =
+noinst_PROGRAMS =
+include_HEADERS =
+nobase_include_HEADERS =
+check_PROGRAMS =
+EXTRA_HEADERS =
+BUILT_SOURCES=
+EXTRA_DIST=
+doc_DATA=
 
-ACLOCAL_AMFLAGS = -I m4
+exampledir = $(docdir)/@PACKAGE@/example
+example_DATA=
+EXTRA_DIST+= $(example_DATA)
+
+EXTRA_DIST+= $(doc_DATA)
+
+ACLOCAL_AMFLAGS= -I m4 --install
+
+EXTRA_DIST+= lib/dummy
+
+EXTRA_DIST+= cyassl-ntru.vcproj
+EXTRA_DIST+= cyassl.vcproj
+EXTRA_DIST+= cyassl-iphone.xcodeproj/project.pbxproj
+EXTRA_DIST+= cyassl-ntru.sln
+EXTRA_DIST+= cyassl.sln
+
+include cyassl/include.am
+include certs/include.am
+include certs/crl/include.am
+include doc/include.am
+include swig/include.am
+
+include src/include.am
+include ctaocrypt/benchmark/include.am
+include ctaocrypt/src/include.am
+include ctaocrypt/test/include.am
+include examples/client/include.am
+include examples/server/include.am
+include examples/echoclient/include.am
+include examples/echoserver/include.am
+include testsuite/include.am
+include tests/include.am
+include sslSniffer/sslSnifferTest/include.am
+
+TESTS += $(check_PROGRAMS)
+test: check
 
 # !!!! first line of rule has to start with a hard (real) tab, not spaces
-basic:
-	cd src; $(MAKE); cd ../testsuite; $(MAKE); cd ../
+egs:
+	$(MAKE) examples/client/client; \
+	$(MAKE) examples/echoclient/echoclient;\
+	$(MAKE) examples/server/server; \
+	$(MAKE) examples/echoserver/echoserver;
 
-openssl-links:
-	cd lib; ln -s ../src/.libs/libcyassl.a libcrypto.a; \
-    ln -s ../src/.libs/libcyassl.a libssl.a; \
-    ln -s ../src/.libs/libcyassl.a libcyassl.a; cd ../
+ctc:
+	$(MAKE) ctaocrypt/test/testctaocrypt; \
+	$(MAKE) ctaocrypt/benchmark/benchmark; 
 
-#  !!! test -e with a .name like .libs then a * like *dylib fails so just
-#      look for the .dylib on OS X, and .so otherwise but copy all parts
-install:
-	$(mkinstalldirs) $(DESTDIR)$(includedir) $(DESTDIR)$(libdir); \
-    cp -fpR include/* $(DESTDIR)$(includedir); \
-    cp -fpR ctaocrypt/include/* $(DESTDIR)$(includedir); \
-    cp -fpR src/libcyassl.la $(DESTDIR)$(libdir); \
-    if test -e src/.libs/libcyassl.a; then \
-    cp -fp src/.libs/libcyassl.a $(DESTDIR)$(libdir); fi; \
-    if test -e src/.libs/libcyassl.so; then \
-    cp -fpR src/.libs/libcyassl.so* $(DESTDIR)$(libdir); fi; \
-    if test -e src/.libs/libcyassl.dylib; then \
-    cp -fpR src/.libs/libcyassl.*dylib $(DESTDIR)$(libdir); fi;
+merge-clean:
+	@find ./ | $(GREP) \.gcda | xargs rm -f
+	@find ./ | $(GREP) \.gcno | xargs rm -f
+	@find ./ | $(GREP) \.gz | xargs rm -f
+	@find ./ | $(GREP) \.orig | xargs rm -f
+	@find ./ | $(GREP) \.rej | xargs rm -f
+	@find ./ | $(GREP) \.rpm | xargs rm -f
+	@find ./ | $(GREP) \.THIS | xargs rm -f
+	@find ./ | $(GREP) \.OTHER | xargs rm -f
+	@find ./ | $(GREP) \.BASE | xargs rm -f
+	@find ./ | $(GREP) \~$$ | xargs rm -f

README

@@ -1,11 +1,32 @@
-*** Note, Please read ***
+*** Notes, Please read ***
 
+Note 1)
+CyaSSL now needs all examples and tests to be run from the CyaSSL home
+directory.  This is because it finds certs and keys from ./certs/.  Trying to
+maintain the ability to run each program from its own directory, the testsuite
+directory, the main directory (for make check/test), and for the various
+different project layouts (with or without config) was becoming harder and 
+harder.  Now to run testsuite just do:
+
+./testsuite/testsuite
+
+or 
+
+make test    (when using autoconf)
+
+On *nix or Windows the examples and testsuite will check to see if the current
+directory is the source directory and if so, attempt to change to the CyaSSL
+home directory.  This should work in most setup cases, if not, just follow the
+beginning of the note and specify the full path.
+
+
+Note 2)
 CyaSSL takes a different approach to certificate verification than OpenSSL does.
 The default policy for the client is to verify the server, this means that if
 you don't load CAs to verify the server you'll get a connect error, unable to 
-verify.  It you want to mimic OpenSSL behavior of having SSL_connect succeed
-even if verifying the server fails and reducing security you can do this by
-calling:
+verify (-155).  It you want to mimic OpenSSL behavior of having SSL_connect
+succeed even if verifying the server fails and reducing security you can do
+this by calling:
 
 SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
 
@@ -13,7 +34,184 @@ before calling SSL_new();  Though it's not recommended.
 
 *** end Note ***
 
-CyaSSL Release 1.8.0 (12/23/2010)
+CyaSSL Release 2.3.0 (8/10/2012)
+
+Release 2.3.0 CyaSSL has bug fixes and a few new features including:
+- AES-GCM crypto and cipher suites
+- make test cipher suite checks
+- Subject AltName processing
+- Command line support for client/server examples
+- Sniffer SessionTicket support
+- SHA-384 cipher suites
+- Verify cipher suite validity when user overrides
+- CRL dir monitoring
+- DTLS Cookie support, reliability coming soon
+
+The CyaSSL manual is available at:
+http://www.yassl.com/documentation/CyaSSL-Manual.pdf.  For build instructions 
+and comments about the new features please check the manual.
+
+
+
+***************CyaSSL Release 2.2.0 (5/18/2012)
+
+Release 2.2.0 CyaSSL has bug fixes and a few new features including:
+- Initial CRL support (--enable-crl)
+- Initial OCSP support (--enable-ocsp)
+- Add static ECDH suites
+- SHA-384 support
+- ECC client certificate support
+- Add medium session cache size (1055 sessions) 
+- Updated unit tests
+- Protection against mutex reinitialization
+
+
+The CyaSSL manual is available at:
+http://www.yassl.com/documentation/CyaSSL-Manual.pdf.  For build instructions 
+and comments about the new features please check the manual.
+
+
+
+***************CyaSSL Release 2.0.8 (2/24/2012)
+
+Release 2.0.8 CyaSSL has bug fixes and a few new features including:
+- A fix for malicious certificates pointed out by Remi Gacogne (thanks)
+  resulting in NULL pointer use.
+- Respond to renegotiation attempt with no_renegoatation alert
+- Add basic path support for load_verify_locations()
+- Add set Temp EC-DHE key size
+- Extra checks on rsa test when porting into
+
+
+The CyaSSL manual is available at:
+http://www.yassl.com/documentation/CyaSSL-Manual.pdf.  For build instructions 
+and comments about the new features please check the manual.
+
+
+
+************* CyaSSL Release 2.0.6 (1/27/2012)
+
+Release 2.0.6 CyaSSL has bug fixes and a few new features including:
+- Fixes for CA basis constraint check
+- CTX reference counting
+- Initial unit test additions
+- Lean and Mean Windows fix
+- ECC benchmarking
+- SSMTP build support
+- Ability to group handshake messages with set_group_messages(ctx/ssl)
+- CA cache addition callback
+- Export Base64_Encode for general use
+
+The CyaSSL manual is available at:
+http://www.yassl.com/documentation/CyaSSL-Manual.pdf.  For build instructions 
+and comments about the new features please check the manual.
+
+
+
+************* CyaSSL Release 2.0.2 (12/05/2011)
+
+Release 2.0.2 CyaSSL has bug fixes and a few new features including:
+- CTaoCrypt Runtime library detection settings when directly using the crypto
+  library
+- Default certificate generation now uses SHAwRSA and adds SHA256wRSA generation
+- All test certificates now use 2048bit and SHA-1 for better modern browser
+  support
+- Direct AES block access and AES-CTR (counter) mode
+- Microchip pic32 support
+
+The CyaSSL manual is available at:
+http://www.yassl.com/documentation/CyaSSL-Manual.pdf.  For build instructions 
+and comments about the new features please check the manual.
+
+
+
+************* CyaSSL Release 2.0.0rc3 (9/28/2011)
+
+Release 2.0.0rc3 for CyaSSL has bug fixes and a few new features including:
+- updated autoconf support
+- better make install and uninstall  (uses system directories)
+- make test / make check
+- CyaSSL headers now in <cyassl/*.h>
+- CTaocrypt headers now in <cyassl/ctaocrypt/*.h>
+- OpenSSL compatibility headers now in <cyassl/openssl/*.h>
+- examples and tests all run from home diretory so can use certs in ./certs
+        (see note 1)
+
+So previous applications that used the OpenSSL compatibility header
+<openssl/ssl.h> now need to include <cyassl/openssl/ssl.h> instead, no other
+changes are required.
+
+Special Thanks to Brian Aker for his autoconf, install, and header patches.
+
+The CyaSSL manual is available at:
+http://www.yassl.com/documentation/CyaSSL-Manual.pdf.  For build instructions 
+and comments about the new features please check the manual.
+
+************CyaSSL Release 2.0.0rc2 (6/6/2011)
+
+Release 2.0.0rc2 for CyaSSL has bug fixes and a few new features including:
+- bug fixes (Alerts, DTLS with DHE)
+- FreeRTOS support
+- lwIP support
+- Wshadow warnings removed
+- asn public header
+- CTaoCrypt public headers now all have ctc_ prefix (the manual is still being
+        updated to relfect this change)
+- and more.
+
+This is the 2nd and perhaps final release candidate for version 2.
+Please send any comments or questions to support@yassl.com.
+
+The CyaSSL manual is available at:
+http://www.yassl.com/documentation/CyaSSL-Manual.pdf.  For build instructions 
+and comments about the new features please check the manual.
+
+***********CyaSSL Release 2.0.0rc1 (5/2/2011)
+
+Release 2.0.0rc1 for CyaSSL has many new features including:
+- bug fixes
+- SHA-256 cipher suites 
+- Root Certificate Verification (instead of needing all certs in the chain) 
+- PKCS #8 private key encryption (supports PKCS #5 v1-v2 and PKCS #12) 
+- Serial number retrieval for x509 
+- PBKDF2 and PKCS #12 PBKDF 
+- UID parsing for x509 
+- SHA-256 certificate signatures 
+- Client and server can send chains (SSL_CTX_use_certificate_chain_file) 
+- CA loading can now parse multiple certificates per file
+- Dynamic memory runtime hooks
+- Runtime hooks for logging
+- EDH on server side
+- More informative error codes
+- More informative logging messages
+- Version downgrade more robust (use SSL_v23*)
+- Shared build only by default through ./configure
+- Compiler visibility is now used, internal functions not polluting namespace
+- Single Makefile, no recursion, for faster and simpler building
+- Turn on all warnings possible build option, warning fixes
+- and more.
+
+Because of all the new features and the multiple OS, compiler, feature-set
+options that CyaSSL allows, there may be some configuration fixes needed.
+Please send any comments or questions to support@yassl.com.
+
+The CyaSSL manual is available at:
+http://www.yassl.com/documentation/CyaSSL-Manual.pdf.  For build instructions 
+and comments about the new features please check the manual.
+
+****************** CyaSSL Release 1.9.0 (3/2/2011)
+
+Release 1.9.0 for CyaSSL adds bug fixes, improved TLSv1.2 through testing and
+better hash/sig algo ids, --enable-webServer for the yaSSL embedded web server,
+improper AES key setup detection, user cert verify callback improvements, and
+more.
+
+The CyaSSL manual offering is included in the doc/ directory.  For build
+instructions and comments about the new features please check the manual.
+
+Please send any comments or questions to support@yassl.com.
+
+****************** CyaSSL Release 1.8.0 (12/23/2010)
 
 Release 1.8.0 for CyaSSL adds bug fixes, x509 v3 CA signed certificate
 generation, a C standard library abstraction layer, lower memory use, increased

autogen.sh

@@ -0,0 +1,7 @@
+#!/bin/sh
+#
+# Create configure and makefile stuff...
+#
+
+autoreconf -ivf -Wall
+ln -s -f ../../pre-commit.sh .git/hooks/pre-commit

certs/ca-cert.pem

@@ -2,55 +2,86 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
-            8a:37:22:65:73:f5:aa:e8
-        Signature Algorithm: md5WithRSAEncryption
-        Issuer: C=US, ST=Montana, L=Bozeman, O=sawtooth, OU=consulting, CN=www.sawtooth-consulting.com/emailAddress=info@yassl.com
+            e9:d0:a7:5f:79:25:f4:3c
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.yassl.com/emailAddress=info@yassl.com
         Validity
-            Not Before: Jun 30 18:47:10 2010 GMT
-            Not After : Mar 26 18:47:10 2013 GMT
-        Subject: C=US, ST=Montana, L=Bozeman, O=sawtooth, OU=consulting, CN=www.sawtooth-consulting.com/emailAddress=info@yassl.com
+            Not Before: Oct 24 18:18:15 2011 GMT
+            Not After : Jul 20 18:18:15 2014 GMT
+        Subject: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.yassl.com/emailAddress=info@yassl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-            RSA Public Key: (512 bit)
-                Modulus (512 bit):
-                    00:97:30:b9:1a:92:ef:25:4f:ca:4c:11:31:95:1a:
-                    e1:c0:10:19:0a:20:b9:37:80:1a:57:38:02:4e:1b:
-                    c5:0f:28:4f:da:e3:c9:16:aa:50:bd:4a:fb:b7:71:
-                    c7:35:cc:63:81:c1:dd:9d:33:f9:38:16:88:32:a0:
-                    aa:56:23:03:a3
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:bf:0c:ca:2d:14:b2:1e:84:42:5b:cd:38:1f:4a:
+                    f2:4d:75:10:f1:b6:35:9f:df:ca:7d:03:98:d3:ac:
+                    de:03:66:ee:2a:f1:d8:b0:7d:6e:07:54:0b:10:98:
+                    21:4d:80:cb:12:20:e7:cc:4f:de:45:7d:c9:72:77:
+                    32:ea:ca:90:bb:69:52:10:03:2f:a8:f3:95:c5:f1:
+                    8b:62:56:1b:ef:67:6f:a4:10:41:95:ad:0a:9b:e3:
+                    a5:c0:b0:d2:70:76:50:30:5b:a8:e8:08:2c:7c:ed:
+                    a7:a2:7a:8d:38:29:1c:ac:c7:ed:f2:7c:95:b0:95:
+                    82:7d:49:5c:38:cd:77:25:ef:bd:80:75:53:94:3c:
+                    3d:ca:63:5b:9f:15:b5:d3:1d:13:2f:19:d1:3c:db:
+                    76:3a:cc:b8:7d:c9:e5:c2:d7:da:40:6f:d8:21:dc:
+                    73:1b:42:2d:53:9c:fe:1a:fc:7d:ab:7a:36:3f:98:
+                    de:84:7c:05:67:ce:6a:14:38:87:a9:f1:8c:b5:68:
+                    cb:68:7f:71:20:2b:f5:a0:63:f5:56:2f:a3:26:d2:
+                    b7:6f:b1:5a:17:d7:38:99:08:fe:93:58:6f:fe:c3:
+                    13:49:08:16:0b:a7:4d:67:00:52:31:67:23:4e:98:
+                    ed:51:45:1d:b9:04:d9:0b:ec:d8:28:b3:4b:bd:ed:
+                    36:79
                 Exponent: 65537 (0x10001)
         X509v3 extensions:
             X509v3 Subject Key Identifier: 
-                3B:66:FD:A0:40:C6:F4:E2:70:CF:21:1A:0C:4F:67:FE:B7:4B:42:09
+                27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
             X509v3 Authority Key Identifier: 
-                keyid:3B:66:FD:A0:40:C6:F4:E2:70:CF:21:1A:0C:4F:67:FE:B7:4B:42:09
-                DirName:/C=US/ST=Montana/L=Bozeman/O=sawtooth/OU=consulting/CN=www.sawtooth-consulting.com/emailAddress=info@yassl.com
-                serial:8A:37:22:65:73:F5:AA:E8
+                keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
+                DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.yassl.com/emailAddress=info@yassl.com
+                serial:E9:D0:A7:5F:79:25:F4:3C
 
             X509v3 Basic Constraints: 
                 CA:TRUE
-    Signature Algorithm: md5WithRSAEncryption
-        32:65:a2:b1:dc:6d:e0:8d:8b:c8:58:29:8e:b8:18:4b:62:88:
-        13:67:f8:6c:75:46:75:8f:8a:19:a6:a3:d5:3c:fc:57:4e:7a:
-        68:a9:fc:93:dc:ae:29:7d:bb:4e:ec:ea:55:fa:a4:e3:00:61:
-        f4:b0:34:6d:d1:d5:a4:64:24:f8
+    Signature Algorithm: sha1WithRSAEncryption
+        5f:86:14:f4:51:8b:bc:a5:4e:30:da:5e:ac:9a:f8:6c:d9:26:
+        4b:93:f9:e3:1c:89:6f:9e:ee:b3:9d:77:3e:89:20:76:a3:e6:
+        e8:86:15:21:db:e2:33:b2:34:d5:d0:9f:f3:c1:a4:87:92:5c:
+        f9:d1:ff:30:2f:8e:03:bc:b3:3c:0c:32:a3:90:5f:1a:90:1e:
+        af:9d:f3:9e:d7:07:02:a9:7d:27:66:63:2f:af:18:d7:ac:18:
+        98:8c:83:8f:38:f3:0b:ac:36:10:75:fb:ca:76:13:50:5b:02:
+        8f:73:bf:e3:a0:ee:83:52:25:54:ce:26:ce:9c:bd:2f:79:ab:
+        1b:60:b8:92:f1:03:c0:fc:3b:08:d9:c0:ad:d5:72:08:25:80:
+        61:2d:dc:9f:a7:83:62:07:47:e0:07:4c:4b:07:30:04:a9:87:
+        1c:55:7f:07:12:d0:cb:42:5d:cb:cf:66:01:1a:17:ee:f9:0f:
+        60:b7:db:6f:68:e5:4e:41:62:6e:d3:6f:60:4f:4b:27:de:cf:
+        18:07:f1:13:5d:cb:3f:a9:25:44:da:52:5c:c8:04:e1:56:12:
+        f5:2a:90:4e:d1:e2:af:01:b5:23:a1:ec:31:da:7b:63:69:c4:
+        b8:f3:e7:ce:a1:3d:c0:db:6d:f3:b2:d9:46:c8:9f:c3:b8:70:
+        5a:1f:7f:ca
 -----BEGIN CERTIFICATE-----
-MIIDQDCCAuqgAwIBAgIJAIo3ImVz9aroMA0GCSqGSIb3DQEBBAUAMIGeMQswCQYD
+MIIEnjCCA4agAwIBAgIJAOnQp195JfQ8MA0GCSqGSIb3DQEBBQUAMIGQMQswCQYD
 VQQGEwJVUzEQMA4GA1UECBMHTW9udGFuYTEQMA4GA1UEBxMHQm96ZW1hbjERMA8G
-A1UEChMIc2F3dG9vdGgxEzARBgNVBAsTCmNvbnN1bHRpbmcxJDAiBgNVBAMTG3d3
-dy5zYXd0b290aC1jb25zdWx0aW5nLmNvbTEdMBsGCSqGSIb3DQEJARYOaW5mb0B5
-YXNzbC5jb20wHhcNMTAwNjMwMTg0NzEwWhcNMTMwMzI2MTg0NzEwWjCBnjELMAkG
-A1UEBhMCVVMxEDAOBgNVBAgTB01vbnRhbmExEDAOBgNVBAcTB0JvemVtYW4xETAP
-BgNVBAoTCHNhd3Rvb3RoMRMwEQYDVQQLEwpjb25zdWx0aW5nMSQwIgYDVQQDExt3
-d3cuc2F3dG9vdGgtY29uc3VsdGluZy5jb20xHTAbBgkqhkiG9w0BCQEWDmluZm9A
-eWFzc2wuY29tMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJcwuRqS7yVPykwRMZUa
-4cAQGQoguTeAGlc4Ak4bxQ8oT9rjyRaqUL1K+7dxxzXMY4HB3Z0z+TgWiDKgqlYj
-A6MCAwEAAaOCAQcwggEDMB0GA1UdDgQWBBQ7Zv2gQMb04nDPIRoMT2f+t0tCCTCB
-0wYDVR0jBIHLMIHIgBQ7Zv2gQMb04nDPIRoMT2f+t0tCCaGBpKSBoTCBnjELMAkG
-A1UEBhMCVVMxEDAOBgNVBAgTB01vbnRhbmExEDAOBgNVBAcTB0JvemVtYW4xETAP
-BgNVBAoTCHNhd3Rvb3RoMRMwEQYDVQQLEwpjb25zdWx0aW5nMSQwIgYDVQQDExt3
-d3cuc2F3dG9vdGgtY29uc3VsdGluZy5jb20xHTAbBgkqhkiG9w0BCQEWDmluZm9A
-eWFzc2wuY29tggkAijciZXP1qugwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQF
-AANBADJlorHcbeCNi8hYKY64GEtiiBNn+Gx1RnWPihmmo9U8/FdOemip/JPcril9
-u07s6lX6pOMAYfSwNG3R1aRkJPg=
+A1UEChMIU2F3dG9vdGgxEzARBgNVBAsTCkNvbnN1bHRpbmcxFjAUBgNVBAMTDXd3
+dy55YXNzbC5jb20xHTAbBgkqhkiG9w0BCQEWDmluZm9AeWFzc2wuY29tMB4XDTEx
+MTAyNDE4MTgxNVoXDTE0MDcyMDE4MTgxNVowgZAxCzAJBgNVBAYTAlVTMRAwDgYD
+VQQIEwdNb250YW5hMRAwDgYDVQQHEwdCb3plbWFuMREwDwYDVQQKEwhTYXd0b290
+aDETMBEGA1UECxMKQ29uc3VsdGluZzEWMBQGA1UEAxMNd3d3Lnlhc3NsLmNvbTEd
+MBsGCSqGSIb3DQEJARYOaW5mb0B5YXNzbC5jb20wggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQC/DMotFLIehEJbzTgfSvJNdRDxtjWf38p9A5jTrN4DZu4q
+8diwfW4HVAsQmCFNgMsSIOfMT95FfclydzLqypC7aVIQAy+o85XF8YtiVhvvZ2+k
+EEGVrQqb46XAsNJwdlAwW6joCCx87aeieo04KRysx+3yfJWwlYJ9SVw4zXcl772A
+dVOUPD3KY1ufFbXTHRMvGdE823Y6zLh9yeXC19pAb9gh3HMbQi1TnP4a/H2rejY/
+mN6EfAVnzmoUOIep8Yy1aMtof3EgK/WgY/VWL6Mm0rdvsVoX1ziZCP6TWG/+wxNJ
+CBYLp01nAFIxZyNOmO1RRR25BNkL7Ngos0u97TZ5AgMBAAGjgfgwgfUwHQYDVR0O
+BBYEFCeOZxF0wyYdP+0zY7Ok2B0w5ejVMIHFBgNVHSMEgb0wgbqAFCeOZxF0wyYd
+P+0zY7Ok2B0w5ejVoYGWpIGTMIGQMQswCQYDVQQGEwJVUzEQMA4GA1UECBMHTW9u
+dGFuYTEQMA4GA1UEBxMHQm96ZW1hbjERMA8GA1UEChMIU2F3dG9vdGgxEzARBgNV
+BAsTCkNvbnN1bHRpbmcxFjAUBgNVBAMTDXd3dy55YXNzbC5jb20xHTAbBgkqhkiG
+9w0BCQEWDmluZm9AeWFzc2wuY29tggkA6dCnX3kl9DwwDAYDVR0TBAUwAwEB/zAN
+BgkqhkiG9w0BAQUFAAOCAQEAX4YU9FGLvKVOMNperJr4bNkmS5P54xyJb57us513
+PokgdqPm6IYVIdviM7I01dCf88Gkh5Jc+dH/MC+OA7yzPAwyo5BfGpAer53zntcH
+Aql9J2ZjL68Y16wYmIyDjzjzC6w2EHX7ynYTUFsCj3O/46Dug1IlVM4mzpy9L3mr
+G2C4kvEDwPw7CNnArdVyCCWAYS3cn6eDYgdH4AdMSwcwBKmHHFV/BxLQy0Jdy89m
+ARoX7vkPYLfbb2jlTkFibtNvYE9LJ97PGAfxE13LP6klRNpSXMgE4VYS9SqQTtHi
+rwG1I6HsMdp7Y2nEuPPnzqE9wNtt87LZRsifw7hwWh9/yg==
 -----END CERTIFICATE-----

certs/ca-key.pem

@@ -1,9 +1,27 @@
 -----BEGIN RSA PRIVATE KEY-----
-MIIBOQIBAAJBAJcwuRqS7yVPykwRMZUa4cAQGQoguTeAGlc4Ak4bxQ8oT9rjyRaq
-UL1K+7dxxzXMY4HB3Z0z+TgWiDKgqlYjA6MCAwEAAQJAEQ9TY7c+uuQU/J5YDO4a
-mRR37tegbq3Kyxqrz+p8QuhqLDtVh13GaF7rVU70vyNHm+cgihUyzho/PViAkPBo
-qQIhAMU8/RDhDLgL5BxID4sxKIVBtg+imFSbyKVyg7oQLUcXAiEAxDu94O45Cf4a
-np9R0thumY/QqWpCkycWAB7fFEuaf1UCIEH+bg4/vqm2ENUFp23DPPOZUPlaRe3J
-UhFJh5mx3/RxAiBq++8vfHFYg1Lb/BxOCXVy/zdRxf753ytdcXdJx1Y56QIgVgpN
-FNfYJofQfWaP96sjlc0usrT28uceHx0QmHqolVc=
+MIIEpAIBAAKCAQEAvwzKLRSyHoRCW804H0ryTXUQ8bY1n9/KfQOY06zeA2buKvHY
+sH1uB1QLEJghTYDLEiDnzE/eRX3Jcncy6sqQu2lSEAMvqPOVxfGLYlYb72dvpBBB
+la0Km+OlwLDScHZQMFuo6AgsfO2nonqNOCkcrMft8nyVsJWCfUlcOM13Je+9gHVT
+lDw9ymNbnxW10x0TLxnRPNt2Osy4fcnlwtfaQG/YIdxzG0ItU5z+Gvx9q3o2P5je
+hHwFZ85qFDiHqfGMtWjLaH9xICv1oGP1Vi+jJtK3b7FaF9c4mQj+k1hv/sMTSQgW
+C6dNZwBSMWcjTpjtUUUduQTZC+zYKLNLve02eQIDAQABAoIBAD1uTmAahH+dhXzh
+Swd84NaZKt6d+TY0DncOPgjqT+UGJtT2OPffDQ8cLgai9CponGNy4zXmBJGRtcGx
+pFSs18b7QaDWdW+9C06/sVLoX0kmmFZHx97p6jxgAb8o3DG/SV+TSYd6gVuWS03K
+XDhPt+Gy08ch2jwShwfkG9xD7OjsVGHn9u2mCy7134J/xh9hGZykgznfIYWJb3ev
+hhUyCKJaCyZh+3AMypw4fbwi7uujqBYA+YqAHgCEqEpB+IQDZy8jWy+baybDBzSU
+owM7ctWfcuCtzDSrvcfV9SYwhQ8wIzlS/zzLmSFNiKWr7mK5x+C7R4fBac9z8zC+
+zjkEnOUCgYEA4XZFgFm200nfCu8S1g/wt8sqN7+n+LVN9TE1reSjlKHb8ZattQVk
+hYP8G1spqr74Jj92fq0c8MvXJrQbBY5Whn4IYiHBhtZHeT63XaTGOtexdCD2UJdB
+BFPtPybWb5H6aCbsKtya8efc+3PweUMbIaNZBGNSB8nX5tEbXV6W+lMCgYEA2O1O
+ZGFrkQxhAbUPu0RnUx7cB8Qkfp5shCORDOQSBBZNeJjMlj0gTg9Fmrb4s5MNsqIb
+KfImecjF0nh+XnPy13Bhu0DOYQX+aR6CKeYUuKHnltAjPwWTAPLhTX7tt5Zs9/Dk
+0c8BmE/cdFSqbV5aQTH+/5q2oAXdqRBU+GvQqoMCgYAh0wSKROtQt3xmv4cr5ihO
+6oPi6TXh8hFH/6H1/J8t5TqB/AEDb1OtVCe2Uu7lVtETq+GzD3WQCoS0ocCMDNae
+RrorPrUx7WO7pNUNj3LN0R4mNeu+G3L9mzm0h7cT9eqDRZOYuo/kSsy0TKh/CLpB
+SahJKD1ePcHONwDL+SzdUQKBgQChV58+udavg22DP4/70NyozgMJI7GhG2PKxElW
+NSvRLmVglQVVmRE1/dXfRMeliHJfsoJRqHFFkzbPXB9hUQwFgOivxXu6XiLjPHXD
+hAVVbdY6LYSJkzPLONqqMQXNzmwt3VXTVwvwpTVqsK4xukOWygDHS+MZEkPTQvpv
+6oDA0QKBgQC524kgNCdwYjTqXyViEvOdgb9I7poOwY0Q/2WanS0aipRayMClpYRh
+ntQkue+pncl3C8dwZj26yFTf0jPh9X/5J2G+V0Xdt0UXJPUj5DgOkSfu4yDYFMiU
+R3dAd0UYng3OeT9XMVYJSWe+lFhP9sSr4onj44rABVUsJMBKlwQnmg==
 -----END RSA PRIVATE KEY-----

certs/client-cert.pem

@@ -2,54 +2,86 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
-            c5:d7:6c:11:36:f0:35:e1
-        Signature Algorithm: md5WithRSAEncryption
-        Issuer: C=US, ST=Oregon, L=Portland, O=yaSSL, OU=programming, CN=www.yassl.com/emailAddress=info@yassl.com
+            87:4a:75:be:91:66:d8:3d
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, ST=Oregon, L=Portland, O=yaSSL, OU=Programming, CN=www.yassl.com/emailAddress=info@yassl.com
         Validity
-            Not Before: Jun 30 18:39:39 2010 GMT
-            Not After : Mar 26 18:39:40 2013 GMT
-        Subject: C=US, ST=Oregon, L=Portland, O=yaSSL, OU=programming, CN=www.yassl.com/emailAddress=info@yassl.com
+            Not Before: Oct 24 18:21:55 2011 GMT
+            Not After : Jul 20 18:21:55 2014 GMT
+        Subject: C=US, ST=Oregon, L=Portland, O=yaSSL, OU=Programming, CN=www.yassl.com/emailAddress=info@yassl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-            RSA Public Key: (512 bit)
-                Modulus (512 bit):
-                    00:bd:51:4a:14:fd:6a:19:84:0c:33:38:fc:27:32:
-                    9c:97:0b:fc:a4:18:60:69:4e:d9:d8:78:50:0b:e9:
-                    20:5d:d6:1d:70:1c:0c:24:9f:23:82:cc:3a:01:d5:
-                    97:17:b2:73:6c:86:cf:b5:f1:e5:ce:68:0c:d9:a2:
-                    12:39:7c:f2:53
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:c3:03:d1:2b:fe:39:a4:32:45:3b:53:c8:84:2b:
+                    2a:7c:74:9a:bd:aa:2a:52:07:47:d6:a6:36:b2:07:
+                    32:8e:d0:ba:69:7b:c6:c3:44:9e:d4:81:48:fd:2d:
+                    68:a2:8b:67:bb:a1:75:c8:36:2c:4a:d2:1b:f7:8b:
+                    ba:cf:0d:f9:ef:ec:f1:81:1e:7b:9b:03:47:9a:bf:
+                    65:cc:7f:65:24:69:a6:e8:14:89:5b:e4:34:f7:c5:
+                    b0:14:93:f5:67:7b:3a:7a:78:e1:01:56:56:91:a6:
+                    13:42:8d:d2:3c:40:9c:4c:ef:d1:86:df:37:51:1b:
+                    0c:a1:3b:f5:f1:a3:4a:35:e4:e1:ce:96:df:1b:7e:
+                    bf:4e:97:d0:10:e8:a8:08:30:81:af:20:0b:43:14:
+                    c5:74:67:b4:32:82:6f:8d:86:c2:88:40:99:36:83:
+                    ba:1e:40:72:22:17:d7:52:65:24:73:b0:ce:ef:19:
+                    cd:ae:ff:78:6c:7b:c0:12:03:d4:4e:72:0d:50:6d:
+                    3b:a3:3b:a3:99:5e:9d:c8:d9:0c:85:b3:d9:8a:d9:
+                    54:26:db:6d:fa:ac:bb:ff:25:4c:c4:d1:79:f4:71:
+                    d3:86:40:18:13:b0:63:b5:72:4e:30:c4:97:84:86:
+                    2d:56:2f:d7:15:f7:7f:c0:ae:f5:fc:5b:e5:fb:a1:
+                    ba:d3
                 Exponent: 65537 (0x10001)
         X509v3 extensions:
             X509v3 Subject Key Identifier: 
-                5C:F7:29:21:69:7A:09:78:9E:7B:CD:53:42:02:EC:CE:29:0D:11:DF
+                33:D8:45:66:D7:68:87:18:7E:54:0D:70:27:91:C7:26:D7:85:65:C0
             X509v3 Authority Key Identifier: 
-                keyid:5C:F7:29:21:69:7A:09:78:9E:7B:CD:53:42:02:EC:CE:29:0D:11:DF
-                DirName:/C=US/ST=Oregon/L=Portland/O=yaSSL/OU=programming/CN=www.yassl.com/emailAddress=info@yassl.com
-                serial:C5:D7:6C:11:36:F0:35:E1
+                keyid:33:D8:45:66:D7:68:87:18:7E:54:0D:70:27:91:C7:26:D7:85:65:C0
+                DirName:/C=US/ST=Oregon/L=Portland/O=yaSSL/OU=Programming/CN=www.yassl.com/emailAddress=info@yassl.com
+                serial:87:4A:75:BE:91:66:D8:3D
 
             X509v3 Basic Constraints: 
                 CA:TRUE
-    Signature Algorithm: md5WithRSAEncryption
-        b4:a5:f1:71:26:4d:b9:ff:54:f3:09:1f:ac:e1:19:59:e5:ec:
-        57:e3:f1:0b:b2:8f:f3:29:eb:6b:c6:fa:27:33:3e:91:d0:77:
-        43:c9:ce:1e:0f:71:07:a9:f7:26:e0:7e:ff:30:7d:52:0a:e1:
-        80:48:46:bb:99:e9:d9:77:ce:75
+    Signature Algorithm: sha1WithRSAEncryption
+        1c:7c:42:81:29:9e:21:cf:d0:d8:c1:54:6f:cc:ae:14:09:38:
+        ff:68:98:9a:95:53:76:18:7b:e6:30:76:ec:28:0d:75:a7:de:
+        e0:cd:8e:d5:55:23:6a:47:2b:4e:8d:fc:7d:06:a3:d8:0f:ad:
+        5e:d6:04:c9:00:33:fb:77:27:d3:b5:03:b3:7b:21:74:31:0b:
+        4a:af:2d:1a:b3:93:8e:cc:f3:5f:3d:90:3f:cc:e3:55:19:91:
+        7b:78:24:2e:4a:09:bb:18:4e:61:2d:9c:c6:0a:a0:34:91:88:
+        70:6b:3b:48:47:bc:79:94:a2:a0:4d:32:47:54:c2:a3:dc:2e:
+        d2:51:4c:29:39:11:ff:e2:15:5e:58:97:36:f6:e9:06:06:86:
+        0e:8d:9d:95:03:72:b2:8b:19:7c:e9:14:6e:a1:88:73:68:58:
+        6d:71:5e:c2:d5:d3:13:d2:5f:de:ea:03:be:e2:00:40:e5:ce:
+        fd:e6:92:31:57:c3:eb:bb:66:ac:cb:2f:1a:fa:e0:62:a2:47:
+        f4:93:43:2a:4b:6c:5e:0a:2f:f9:e7:e6:4a:63:86:b0:ac:2a:
+        a1:eb:b4:5b:67:cd:32:e4:b6:11:4b:9a:72:66:0d:a2:4a:76:
+        8f:fe:22:bc:83:fd:db:b7:d5:a9:ee:05:c9:b1:71:7e:1b:2b:
+        e1:e3:af:c0
 -----BEGIN CERTIFICATE-----
-MIIDDjCCArigAwIBAgIJAMXXbBE28DXhMA0GCSqGSIb3DQEBBAUAMIGOMQswCQYD
+MIIEmDCCA4CgAwIBAgIJAIdKdb6RZtg9MA0GCSqGSIb3DQEBBQUAMIGOMQswCQYD
 VQQGEwJVUzEPMA0GA1UECBMGT3JlZ29uMREwDwYDVQQHEwhQb3J0bGFuZDEOMAwG
-A1UEChMFeWFTU0wxFDASBgNVBAsTC3Byb2dyYW1taW5nMRYwFAYDVQQDEw13d3cu
-eWFzc2wuY29tMR0wGwYJKoZIhvcNAQkBFg5pbmZvQHlhc3NsLmNvbTAeFw0xMDA2
-MzAxODM5MzlaFw0xMzAzMjYxODM5NDBaMIGOMQswCQYDVQQGEwJVUzEPMA0GA1UE
+A1UEChMFeWFTU0wxFDASBgNVBAsTC1Byb2dyYW1taW5nMRYwFAYDVQQDEw13d3cu
+eWFzc2wuY29tMR0wGwYJKoZIhvcNAQkBFg5pbmZvQHlhc3NsLmNvbTAeFw0xMTEw
+MjQxODIxNTVaFw0xNDA3MjAxODIxNTVaMIGOMQswCQYDVQQGEwJVUzEPMA0GA1UE
 CBMGT3JlZ29uMREwDwYDVQQHEwhQb3J0bGFuZDEOMAwGA1UEChMFeWFTU0wxFDAS
-BgNVBAsTC3Byb2dyYW1taW5nMRYwFAYDVQQDEw13d3cueWFzc2wuY29tMR0wGwYJ
-KoZIhvcNAQkBFg5pbmZvQHlhc3NsLmNvbTBcMA0GCSqGSIb3DQEBAQUAA0sAMEgC
-QQC9UUoU/WoZhAwzOPwnMpyXC/ykGGBpTtnYeFAL6SBd1h1wHAwknyOCzDoB1ZcX
-snNshs+18eXOaAzZohI5fPJTAgMBAAGjgfYwgfMwHQYDVR0OBBYEFFz3KSFpegl4
-nnvNU0IC7M4pDRHfMIHDBgNVHSMEgbswgbiAFFz3KSFpegl4nnvNU0IC7M4pDRHf
-oYGUpIGRMIGOMQswCQYDVQQGEwJVUzEPMA0GA1UECBMGT3JlZ29uMREwDwYDVQQH
-EwhQb3J0bGFuZDEOMAwGA1UEChMFeWFTU0wxFDASBgNVBAsTC3Byb2dyYW1taW5n
-MRYwFAYDVQQDEw13d3cueWFzc2wuY29tMR0wGwYJKoZIhvcNAQkBFg5pbmZvQHlh
-c3NsLmNvbYIJAMXXbBE28DXhMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQAD
-QQC0pfFxJk25/1TzCR+s4RlZ5exX4/ELso/zKetrxvonMz6R0HdDyc4eD3EHqfcm
-4H7/MH1SCuGASEa7menZd851
+BgNVBAsTC1Byb2dyYW1taW5nMRYwFAYDVQQDEw13d3cueWFzc2wuY29tMR0wGwYJ
+KoZIhvcNAQkBFg5pbmZvQHlhc3NsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBAMMD0Sv+OaQyRTtTyIQrKnx0mr2qKlIHR9amNrIHMo7Quml7xsNE
+ntSBSP0taKKLZ7uhdcg2LErSG/eLus8N+e/s8YEee5sDR5q/Zcx/ZSRppugUiVvk
+NPfFsBST9Wd7Onp44QFWVpGmE0KN0jxAnEzv0YbfN1EbDKE79fGjSjXk4c6W3xt+
+v06X0BDoqAgwga8gC0MUxXRntDKCb42GwohAmTaDuh5AciIX11JlJHOwzu8Zza7/
+eGx7wBID1E5yDVBtO6M7o5lencjZDIWz2YrZVCbbbfqsu/8lTMTRefRx04ZAGBOw
+Y7VyTjDEl4SGLVYv1xX3f8Cu9fxb5fuhutMCAwEAAaOB9jCB8zAdBgNVHQ4EFgQU
+M9hFZtdohxh+VA1wJ5HHJteFZcAwgcMGA1UdIwSBuzCBuIAUM9hFZtdohxh+VA1w
+J5HHJteFZcChgZSkgZEwgY4xCzAJBgNVBAYTAlVTMQ8wDQYDVQQIEwZPcmVnb24x
+ETAPBgNVBAcTCFBvcnRsYW5kMQ4wDAYDVQQKEwV5YVNTTDEUMBIGA1UECxMLUHJv
+Z3JhbW1pbmcxFjAUBgNVBAMTDXd3dy55YXNzbC5jb20xHTAbBgkqhkiG9w0BCQEW
+DmluZm9AeWFzc2wuY29tggkAh0p1vpFm2D0wDAYDVR0TBAUwAwEB/zANBgkqhkiG
+9w0BAQUFAAOCAQEAHHxCgSmeIc/Q2MFUb8yuFAk4/2iYmpVTdhh75jB27CgNdafe
+4M2O1VUjakcrTo38fQaj2A+tXtYEyQAz+3cn07UDs3shdDELSq8tGrOTjszzXz2Q
+P8zjVRmRe3gkLkoJuxhOYS2cxgqgNJGIcGs7SEe8eZSioE0yR1TCo9wu0lFMKTkR
+/+IVXliXNvbpBgaGDo2dlQNysosZfOkUbqGIc2hYbXFewtXTE9Jf3uoDvuIAQOXO
+/eaSMVfD67tmrMsvGvrgYqJH9JNDKktsXgov+efmSmOGsKwqoeu0W2fNMuS2EUua
+cmYNokp2j/4ivIP927fVqe4FybFxfhsr4eOvwA==
 -----END CERTIFICATE-----

certs/client-ecc-cert.pem

@@ -0,0 +1,54 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            bf:cc:cb:7a:0a:07:42:82
+        Signature Algorithm: ecdsa-with-SHA1
+        Issuer: C=US, ST=Oregon, L=Salem, O=Client ECC, OU=Fast, CN=www.yassl.com/emailAddress=info@yassl.com
+        Validity
+            Not Before: May  1 23:51:33 2012 GMT
+            Not After : Jan 26 23:51:33 2015 GMT
+        Subject: C=US, ST=Oregon, L=Salem, O=Client ECC, OU=Fast, CN=www.yassl.com/emailAddress=info@yassl.com
+        Subject Public Key Info:
+            Public Key Algorithm: id-ecPublicKey
+            EC Public Key:
+                pub: 
+                    04:55:bf:f4:0f:44:50:9a:3d:ce:9b:b7:f0:c5:4d:
+                    f5:70:7b:d4:ec:24:8e:19:80:ec:5a:4c:a2:24:03:
+                    62:2c:9b:da:ef:a2:35:12:43:84:76:16:c6:56:95:
+                    06:cc:01:a9:bd:f6:75:1a:42:f7:bd:a9:b2:36:22:
+                    5f:c7:5d:7f:b4
+                ASN1 OID: prime256v1
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                EB:D4:4B:59:6B:95:61:3F:51:57:B6:04:4D:89:41:88:44:5C:AB:F2
+            X509v3 Authority Key Identifier: 
+                keyid:EB:D4:4B:59:6B:95:61:3F:51:57:B6:04:4D:89:41:88:44:5C:AB:F2
+                DirName:/C=US/ST=Oregon/L=Salem/O=Client ECC/OU=Fast/CN=www.yassl.com/emailAddress=info@yassl.com
+                serial:BF:CC:CB:7A:0A:07:42:82
+
+            X509v3 Basic Constraints: 
+                CA:TRUE
+    Signature Algorithm: ecdsa-with-SHA1
+        30:44:02:20:26:08:44:95:35:2e:fa:9d:20:01:a6:79:60:ed:
+        35:a7:0a:dd:7a:0e:75:c5:80:d2:0b:9f:6a:90:d6:31:76:75:
+        02:20:2d:87:a2:bb:d5:e2:42:61:35:19:59:40:1d:fd:71:4f:
+        28:65:96:99:e6:85:1b:09:ad:d4:58:71:56:63:0b:c7
+-----BEGIN CERTIFICATE-----
+MIIC+jCCAqKgAwIBAgIJAL/My3oKB0KCMAkGByqGSM49BAEwgYkxCzAJBgNVBAYT
+AlVTMQ8wDQYDVQQIEwZPcmVnb24xDjAMBgNVBAcTBVNhbGVtMRMwEQYDVQQKEwpD
+bGllbnQgRUNDMQ0wCwYDVQQLEwRGYXN0MRYwFAYDVQQDEw13d3cueWFzc2wuY29t
+MR0wGwYJKoZIhvcNAQkBFg5pbmZvQHlhc3NsLmNvbTAeFw0xMjA1MDEyMzUxMzNa
+Fw0xNTAxMjYyMzUxMzNaMIGJMQswCQYDVQQGEwJVUzEPMA0GA1UECBMGT3JlZ29u
+MQ4wDAYDVQQHEwVTYWxlbTETMBEGA1UEChMKQ2xpZW50IEVDQzENMAsGA1UECxME
+RmFzdDEWMBQGA1UEAxMNd3d3Lnlhc3NsLmNvbTEdMBsGCSqGSIb3DQEJARYOaW5m
+b0B5YXNzbC5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARVv/QPRFCaPc6b
+t/DFTfVwe9TsJI4ZgOxaTKIkA2Ism9rvojUSQ4R2FsZWlQbMAam99nUaQve9qbI2
+Il/HXX+0o4HxMIHuMB0GA1UdDgQWBBTr1EtZa5VhP1FXtgRNiUGIRFyr8jCBvgYD
+VR0jBIG2MIGzgBTr1EtZa5VhP1FXtgRNiUGIRFyr8qGBj6SBjDCBiTELMAkGA1UE
+BhMCVVMxDzANBgNVBAgTBk9yZWdvbjEOMAwGA1UEBxMFU2FsZW0xEzARBgNVBAoT
+CkNsaWVudCBFQ0MxDTALBgNVBAsTBEZhc3QxFjAUBgNVBAMTDXd3dy55YXNzbC5j
+b20xHTAbBgkqhkiG9w0BCQEWDmluZm9AeWFzc2wuY29tggkAv8zLegoHQoIwDAYD
+VR0TBAUwAwEB/zAJBgcqhkjOPQQBA0cAMEQCICYIRJU1LvqdIAGmeWDtNacK3XoO
+dcWA0gufapDWMXZ1AiAth6K71eJCYTUZWUAd/XFPKGWWmeaFGwmt1FhxVmMLxw==
+-----END CERTIFICATE-----

certs/client-key.pem

@@ -1,9 +1,27 @@
 -----BEGIN RSA PRIVATE KEY-----
-MIIBPAIBAAJBAL1RShT9ahmEDDM4/CcynJcL/KQYYGlO2dh4UAvpIF3WHXAcDCSf
-I4LMOgHVlxeyc2yGz7Xx5c5oDNmiEjl88lMCAwEAAQJAVGHWLlLhpqvXsEEXCvWh
-HCYono+K8YVGzhiaPSTU212fCoQryIxsXQKGBjhFdZm96DZWp+Vd/t/u+B4ZeaqY
-+QIhAOBEfbFtdZqk5OmbbRsRVPI7+YYmubgY1TVIPqmxHQ4NAiEA2BrTQkjOb3ul
-A/SZO04fJUZsm7Ng92FWHDJsRancSd8CIQCmGbQqZBK1TamJZ6dAY+7RViAx/p6Q
-vjuzMeXPUrFdRQIhAMkfBhg9bCqjFyt8PBPOm/vz8+ZgZlE0/JAXeV7IPCVfAiEA
-gZwCFm1ghGxmaoB424YC4DHeDeN/g9xwJHT7EuM9Mvc=
+MIIEpAIBAAKCAQEAwwPRK/45pDJFO1PIhCsqfHSavaoqUgdH1qY2sgcyjtC6aXvG
+w0Se1IFI/S1oootnu6F1yDYsStIb94u6zw357+zxgR57mwNHmr9lzH9lJGmm6BSJ
+W+Q098WwFJP1Z3s6enjhAVZWkaYTQo3SPECcTO/Rht83URsMoTv18aNKNeThzpbf
+G36/TpfQEOioCDCBryALQxTFdGe0MoJvjYbCiECZNoO6HkByIhfXUmUkc7DO7xnN
+rv94bHvAEgPUTnINUG07ozujmV6dyNkMhbPZitlUJttt+qy7/yVMxNF59HHThkAY
+E7BjtXJOMMSXhIYtVi/XFfd/wK71/Fvl+6G60wIDAQABAoIBAQCi5thfEHFkCJ4u
+bdFtHoXSCrGMR84sUWqgEp5T3pFMHW3qWXvyd6rZxtmKq9jhFuRjJv+1bBNZuOOl
+yHIXLgyfb+VZP3ZvSbERwlouFikN3reO3EDVou7gHqH0vpfbhmOWFM2YCWAtMHac
+PM3miO5HknkLWgDiXl8RfH35CLcgBokqXf0AqyLh8LO8JKleJg4fAC3+IZpTW23T
+K6uUgmhDNtj2L8Yi/LVBXQ0zYOqkfX7oS1WRVtNcV48flBcvqt7pnqj0z4pMjqDk
+VnOyz0+GxWk88yQgi1yWDPprEjuaZ8HfxpaypdWSDZsJQmgkEEXUUOQXOUjQNYuU
+bRHej8pZAoGBAOokp/lpM+lx3FJ9iCEoL0neunIW6cxHeogNlFeEWBY6gbA/os+m
+bB6wBikAj+d3dqzbysfZXps/JpBSrvw4kAAUu7QPWJTnL2p+HE9BIdQxWR9OihqN
+p1dsItjl9H4yphDLZKVVA4emJwWMw9e2J7JNujDaR49U0z2LhI2UmFilAoGBANU4
+G8OPxZMMRwtvNZLFsI1GyJIYj/WACvfvof6AubUqusoYsF2lB9CTjdicBBzUYo6m
+JoEB/86KKmM0NUCqbYDeiSNqV02ebq2TTlaQC22dc4sMric93k7wqsVseGdslFKc
+N2dsLe+7r9+mkDzER8+Nlp6YqbSfxaZQ3LPw+3QXAoGAXoMJYr26fKK/QnT1fBzS
+ackEDYV+Pj0kEsMYe/Mp818OdmxZdeRBhGmdMvPNIquwNbpKsjzl2Vi2Yk9d3uWe
+CspTsiz3nrNrClt5ZexukU6SIPb8/Bbt03YM4ux/smkTa3gOWkZktF63JaBadTpL
+78c8Pvf9JrggxJkKmnO+wxkCgYEAukSTFKw0GTtfkWCs97TWgQU2UVM96GXcry7c
+YT7Jfbh/h/A7mwOCKTfOck4R1bHBDAegmZFKjX/sec/xObXphexi99p9vGRNIjwO
+8tZR9YfYmcARIF0PKf1b4q7ZHNkhVm38hNBf7RAVHBgh58Q9S9fQnmqVzyLJA3ue
+42AB/C8CgYAR0EvPG2e5nxB1R4ZlrjHCxjCsWQZQ2Q+1cAb38NPIYnyo2m72IT/T
+f1/qiqs/2Spe81HSwjA34y2jdQ0eTSE01VdwXIm/cuxKbmjVzRh0M06MOkWP5pZA
+62P5GYY6Ud2JS7Dz+Z9dKJU4vjWrylznk1M0oUVdEzllQkahn831vw==
 -----END RSA PRIVATE KEY-----

certs/crl/cliCrl.pem

@@ -0,0 +1,39 @@
+Certificate Revocation List (CRL):
+        Version 2 (0x1)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: /C=US/ST=Oregon/L=Portland/O=yaSSL/OU=Programming/CN=www.yassl.com/emailAddress=info@yassl.com
+        Last Update: Aug 10 18:01:01 2012 GMT
+        Next Update: Dec  8 18:01:01 2012 GMT
+        CRL extensions:
+            X509v3 CRL Number: 
+                62
+No Revoked Certificates.
+    Signature Algorithm: sha1WithRSAEncryption
+        1e:69:b2:c4:72:a7:b2:c9:e1:b9:ac:06:40:2c:c5:66:9a:07:
+        6c:91:2e:17:09:c7:86:b4:62:2d:0f:1f:a3:a3:1c:93:ce:45:
+        53:d5:57:94:a6:77:af:51:da:86:e4:1e:6f:57:c8:cc:5f:07:
+        8d:a5:db:bd:b3:f7:cf:e2:11:3c:e2:51:79:7e:b3:a9:47:f7:
+        c1:17:12:5b:7c:e5:c3:71:17:d2:ce:59:d4:0d:dc:45:ff:bc:
+        fe:a7:76:7b:92:88:52:0c:a5:e0:79:75:86:50:27:15:2a:01:
+        66:a6:ba:96:d4:9a:14:1d:92:7d:63:72:5f:25:9b:05:72:cb:
+        ed:6d:7c:92:1f:4f:3e:64:cb:5d:80:9e:ad:c8:47:83:88:5b:
+        3d:07:3f:d3:6a:2c:dd:c9:f7:09:bb:05:2f:9a:f4:73:15:f4:
+        61:b1:47:87:9c:bf:c9:61:42:19:14:b8:67:9c:c5:c1:86:f1:
+        e8:63:71:40:6c:2f:b1:c1:0c:1f:f4:c4:80:e2:d0:cb:88:6b:
+        51:1e:e9:b0:06:19:7c:6d:85:cf:05:7f:fe:3d:35:79:9e:f0:
+        5b:f4:06:63:d4:eb:d2:e2:70:29:a9:02:b4:c1:b4:bd:53:f4:
+        8f:b3:df:37:91:44:d5:e8:c4:10:86:76:0e:49:2b:ba:9a:a4:
+        dd:33:0e:7e
+-----BEGIN X509 CRL-----
+MIIB6DCB0QIBATANBgkqhkiG9w0BAQUFADCBjjELMAkGA1UEBhMCVVMxDzANBgNV
+BAgTBk9yZWdvbjERMA8GA1UEBxMIUG9ydGxhbmQxDjAMBgNVBAoTBXlhU1NMMRQw
+EgYDVQQLEwtQcm9ncmFtbWluZzEWMBQGA1UEAxMNd3d3Lnlhc3NsLmNvbTEdMBsG
+CSqGSIb3DQEJARYOaW5mb0B5YXNzbC5jb20XDTEyMDgxMDE4MDEwMVoXDTEyMTIw
+ODE4MDEwMVqgDjAMMAoGA1UdFAQDAgE+MA0GCSqGSIb3DQEBBQUAA4IBAQAeabLE
+cqeyyeG5rAZALMVmmgdskS4XCceGtGItDx+joxyTzkVT1VeUpnevUdqG5B5vV8jM
+XweNpdu9s/fP4hE84lF5frOpR/fBFxJbfOXDcRfSzlnUDdxF/7z+p3Z7kohSDKXg
+eXWGUCcVKgFmprqW1JoUHZJ9Y3JfJZsFcsvtbXySH08+ZMtdgJ6tyEeDiFs9Bz/T
+aizdyfcJuwUvmvRzFfRhsUeHnL/JYUIZFLhnnMXBhvHoY3FAbC+xwQwf9MSA4tDL
+iGtRHumwBhl8bYXPBX/+PTV5nvBb9AZj1OvS4nApqQK0wbS9U/SPs983kUTV6MQQ
+hnYOSSu6mqTdMw5+
+-----END X509 CRL-----

certs/crl/crl.pem

@@ -0,0 +1,39 @@
+Certificate Revocation List (CRL):
+        Version 2 (0x1)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: /C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.yassl.com/emailAddress=info@yassl.com
+        Last Update: Aug 10 18:01:01 2012 GMT
+        Next Update: Dec  8 18:01:01 2012 GMT
+        CRL extensions:
+            X509v3 CRL Number: 
+                60
+No Revoked Certificates.
+    Signature Algorithm: sha1WithRSAEncryption
+        26:1c:06:6a:42:ff:8b:18:71:4e:ef:7c:02:74:43:6f:7b:83:
+        99:2f:e1:4e:74:0f:f9:99:62:a1:90:88:11:1b:d8:59:3b:1e:
+        34:dd:f4:92:81:6f:49:2c:9a:5f:ba:21:6f:11:95:19:6e:da:
+        38:a4:4e:a0:7e:4a:fb:7c:c6:9f:c8:26:2d:9b:cd:e8:30:14:
+        10:38:56:63:89:bf:a7:eb:11:0f:7c:81:60:d7:c3:ab:07:ef:
+        6c:af:81:4d:b9:cd:6e:91:c6:42:13:01:d8:1a:62:cb:52:fd:
+        44:0b:fa:9f:34:de:75:ba:5a:3d:df:d4:b1:7e:a0:b9:3f:f5:
+        ed:a3:e6:ef:ef:20:95:45:3c:75:8c:a8:5c:ae:8c:e9:3c:f1:
+        e6:34:fd:65:bb:9a:f9:5f:8c:96:7c:32:12:50:43:2b:30:94:
+        4e:8a:f0:c3:5e:c9:e2:49:08:83:64:7a:3b:f3:d5:30:f3:78:
+        4b:20:3c:51:d0:da:37:14:f4:c8:f2:ab:41:d2:c3:b9:7a:7f:
+        42:17:42:79:a4:10:67:4e:84:d4:e9:a9:e8:dd:46:5d:b2:f4:
+        e8:3d:1c:24:3c:81:e7:56:bb:43:11:e2:d9:a2:9d:ce:b5:78:
+        ad:19:14:7c:d7:37:e8:bf:f7:30:fc:4d:05:a9:33:6b:12:9f:
+        24:19:39:35
+-----BEGIN X509 CRL-----
+MIIB6jCB0wIBATANBgkqhkiG9w0BAQUFADCBkDELMAkGA1UEBhMCVVMxEDAOBgNV
+BAgTB01vbnRhbmExEDAOBgNVBAcTB0JvemVtYW4xETAPBgNVBAoTCFNhd3Rvb3Ro
+MRMwEQYDVQQLEwpDb25zdWx0aW5nMRYwFAYDVQQDEw13d3cueWFzc2wuY29tMR0w
+GwYJKoZIhvcNAQkBFg5pbmZvQHlhc3NsLmNvbRcNMTIwODEwMTgwMTAxWhcNMTIx
+MjA4MTgwMTAxWqAOMAwwCgYDVR0UBAMCATwwDQYJKoZIhvcNAQEFBQADggEBACYc
+BmpC/4sYcU7vfAJ0Q297g5kv4U50D/mZYqGQiBEb2Fk7HjTd9JKBb0ksml+6IW8R
+lRlu2jikTqB+Svt8xp/IJi2bzegwFBA4VmOJv6frEQ98gWDXw6sH72yvgU25zW6R
+xkITAdgaYstS/UQL+p803nW6Wj3f1LF+oLk/9e2j5u/vIJVFPHWMqFyujOk88eY0
+/WW7mvlfjJZ8MhJQQyswlE6K8MNeyeJJCINkejvz1TDzeEsgPFHQ2jcU9Mjyq0HS
+w7l6f0IXQnmkEGdOhNTpqejdRl2y9Og9HCQ8gedWu0MR4tminc61eK0ZFHzXN+i/
+9zD8TQWpM2sSnyQZOTU=
+-----END X509 CRL-----

certs/crl/crl.revoked

@@ -0,0 +1,41 @@
+Certificate Revocation List (CRL):
+        Version 2 (0x1)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: /C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.yassl.com/emailAddress=info@yassl.com
+        Last Update: Aug 10 18:01:01 2012 GMT
+        Next Update: Dec  8 18:01:01 2012 GMT
+        CRL extensions:
+            X509v3 CRL Number: 
+                61
+Revoked Certificates:
+    Serial Number: 02
+        Revocation Date: Aug 10 18:01:01 2012 GMT
+    Signature Algorithm: sha1WithRSAEncryption
+        5c:eb:53:33:02:74:bb:c1:37:37:81:1a:36:9c:eb:d0:28:87:
+        12:56:1a:d8:ec:ae:8e:ef:42:d0:61:07:f0:f0:b5:e8:2a:16:
+        5e:78:ab:e9:ad:62:f3:6c:c5:fe:7a:b5:c7:0e:8a:e3:0a:2d:
+        63:b5:ec:c4:c1:1f:1e:c3:77:b7:24:10:4b:09:b1:d8:ea:40:
+        4f:74:6a:9a:d7:57:bd:b9:d3:e2:42:81:81:b2:5c:42:d8:d3:
+        21:3f:f2:05:e2:11:8f:ce:60:cc:3b:76:55:e6:5f:6d:71:13:
+        b1:7e:2c:50:d2:29:fe:f2:ad:96:f9:ee:8f:5c:c3:0a:73:e7:
+        78:c5:8f:6e:0d:35:66:64:4a:76:05:93:9f:eb:05:b2:c3:a1:
+        f5:d5:4c:4b:6e:79:f2:8d:51:90:7c:9d:a9:f5:94:7f:93:fe:
+        39:da:c1:fb:8c:94:66:1d:d4:40:a9:48:ee:3b:91:14:83:4e:
+        b4:ea:93:07:f6:be:48:4a:ec:4c:26:61:2d:a2:66:01:c5:d8:
+        d3:18:f6:d0:1b:d2:94:13:c9:94:84:54:e4:44:10:01:66:25:
+        47:ee:b2:19:4a:65:e3:79:42:9e:12:af:a7:4a:a4:66:35:e3:
+        1a:db:2c:80:ff:a4:9c:2e:6e:32:8e:50:5d:ec:7e:de:1a:01:
+        a9:08:fc:a2
+-----BEGIN X509 CRL-----
+MIICADCB6QIBATANBgkqhkiG9w0BAQUFADCBkDELMAkGA1UEBhMCVVMxEDAOBgNV
+BAgTB01vbnRhbmExEDAOBgNVBAcTB0JvemVtYW4xETAPBgNVBAoTCFNhd3Rvb3Ro
+MRMwEQYDVQQLEwpDb25zdWx0aW5nMRYwFAYDVQQDEw13d3cueWFzc2wuY29tMR0w
+GwYJKoZIhvcNAQkBFg5pbmZvQHlhc3NsLmNvbRcNMTIwODEwMTgwMTAxWhcNMTIx
+MjA4MTgwMTAxWjAUMBICAQIXDTEyMDgxMDE4MDEwMVqgDjAMMAoGA1UdFAQDAgE9
+MA0GCSqGSIb3DQEBBQUAA4IBAQBc61MzAnS7wTc3gRo2nOvQKIcSVhrY7K6O70LQ
+YQfw8LXoKhZeeKvprWLzbMX+erXHDorjCi1jtezEwR8ew3e3JBBLCbHY6kBPdGqa
+11e9udPiQoGBslxC2NMhP/IF4hGPzmDMO3ZV5l9tcROxfixQ0in+8q2W+e6PXMMK
+c+d4xY9uDTVmZEp2BZOf6wWyw6H11UxLbnnyjVGQfJ2p9ZR/k/452sH7jJRmHdRA
+qUjuO5EUg0606pMH9r5ISuxMJmEtomYBxdjTGPbQG9KUE8mUhFTkRBABZiVH7rIZ
+SmXjeUKeEq+nSqRmNeMa2yyA/6ScLm4yjlBd7H7eGgGpCPyi
+-----END X509 CRL-----

certs/crl/eccCliCRL.pem

@@ -0,0 +1,24 @@
+Certificate Revocation List (CRL):
+        Version 2 (0x1)
+        Signature Algorithm: ecdsa-with-SHA1
+        Issuer: /C=US/ST=Oregon/L=Salem/O=Client ECC/OU=Fast/CN=www.yassl.com/emailAddress=info@yassl.com
+        Last Update: Aug 10 18:01:01 2012 GMT
+        Next Update: Dec  8 18:01:01 2012 GMT
+        CRL extensions:
+            X509v3 CRL Number: 
+                63
+No Revoked Certificates.
+    Signature Algorithm: ecdsa-with-SHA1
+        30:44:02:20:7f:8d:d7:28:61:96:4c:b7:a8:17:0a:7f:9d:cf:
+        fa:29:e1:1d:cb:30:61:1b:b3:6b:f0:61:68:15:25:76:62:32:
+        02:20:55:ca:fc:37:b4:4c:f9:78:99:b3:c9:d4:1a:e1:fa:f7:
+        8a:4a:94:ce:31:ed:b0:1f:dc:64:d7:2a:59:47:b9:2d
+-----BEGIN X509 CRL-----
+MIIBHzCByAIBATAJBgcqhkjOPQQBMIGJMQswCQYDVQQGEwJVUzEPMA0GA1UECBMG
+T3JlZ29uMQ4wDAYDVQQHEwVTYWxlbTETMBEGA1UEChMKQ2xpZW50IEVDQzENMAsG
+A1UECxMERmFzdDEWMBQGA1UEAxMNd3d3Lnlhc3NsLmNvbTEdMBsGCSqGSIb3DQEJ
+ARYOaW5mb0B5YXNzbC5jb20XDTEyMDgxMDE4MDEwMVoXDTEyMTIwODE4MDEwMVqg
+DjAMMAoGA1UdFAQDAgE/MAkGByqGSM49BAEDRwAwRAIgf43XKGGWTLeoFwp/nc/6
+KeEdyzBhG7Nr8GFoFSV2YjICIFXK/De0TPl4mbPJ1Brh+veKSpTOMe2wH9xk1ypZ
+R7kt
+-----END X509 CRL-----

certs/crl/eccSrvCRL.pem

@@ -0,0 +1,24 @@
+Certificate Revocation List (CRL):
+        Version 2 (0x1)
+        Signature Algorithm: ecdsa-with-SHA1
+        Issuer: /C=US/ST=Washington/L=Seattle/O=Eliptic/OU=ECC/CN=www.yassl.com/emailAddress=info@yassl.com
+        Last Update: Aug 10 18:01:01 2012 GMT
+        Next Update: Dec  8 18:01:01 2012 GMT
+        CRL extensions:
+            X509v3 CRL Number: 
+                64
+No Revoked Certificates.
+    Signature Algorithm: ecdsa-with-SHA1
+        30:44:02:20:59:42:06:a7:73:69:03:08:05:e8:4b:95:ca:cf:
+        f1:30:9e:84:4b:3c:52:c8:10:b9:c8:36:c8:07:64:65:fd:bf:
+        02:20:71:60:a7:35:d6:8c:52:c2:df:06:dc:40:52:c5:ef:4c:
+        8b:ec:96:4b:72:b0:c4:36:3e:c8:9d:62:5e:49:f2:5f
+-----BEGIN X509 CRL-----
+MIIBITCBygIBATAJBgcqhkjOPQQBMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMK
+V2FzaGluZ3RvbjEQMA4GA1UEBxMHU2VhdHRsZTEQMA4GA1UEChMHRWxpcHRpYzEM
+MAoGA1UECxMDRUNDMRYwFAYDVQQDEw13d3cueWFzc2wuY29tMR0wGwYJKoZIhvcN
+AQkBFg5pbmZvQHlhc3NsLmNvbRcNMTIwODEwMTgwMTAxWhcNMTIxMjA4MTgwMTAx
+WqAOMAwwCgYDVR0UBAMCAUAwCQYHKoZIzj0EAQNHADBEAiBZQganc2kDCAXoS5XK
+z/EwnoRLPFLIELnINsgHZGX9vwIgcWCnNdaMUsLfBtxAUsXvTIvslktysMQ2Psid
+Yl5J8l8=
+-----END X509 CRL-----

certs/crl/gencrls.sh

@@ -0,0 +1,57 @@
+#!/bin/bash
+
+# gencrls, crl config already done, see taoCerts.txt for setup
+
+
+
+# caCrl
+openssl ca -gencrl -crldays 120 -out crl.pem -keyfile ~/cyassl/certs/ca-key.pem -cert ~/cyassl/certs/ca-cert.pem
+
+# metadata
+openssl crl -in crl.pem -text > tmp
+mv tmp crl.pem
+# install
+cp crl.pem ~/cyassl/certs/crl/crl.pem
+
+# caCrl server revoked
+openssl ca -revoke ~/cyassl/certs/server-cert.pem -keyfile ~/cyassl/certs/ca-key.pem -cert ~/cyassl/certs/ca-cert.pem
+
+# caCrl server revoked generation
+openssl ca -gencrl -crldays 120 -out crl.revoked -keyfile ~/cyassl/certs/ca-key.pem -cert ~/cyassl/certs/ca-cert.pem
+
+# metadata
+openssl crl -in crl.revoked -text > tmp
+mv tmp crl.revoked
+# install
+cp crl.revoked ~/cyassl/certs/crl/crl.revoked
+
+# remove revoked so next time through the normal CA won't have server revoked
+cp blank.index.txt demoCA/index.txt
+
+# cliCrl
+openssl ca -gencrl -crldays 120 -out cliCrl.pem -keyfile ~/cyassl/certs/client-key.pem -cert ~/cyassl/certs/client-cert.pem
+
+# metadata
+openssl crl -in cliCrl.pem -text > tmp
+mv tmp cliCrl.pem
+# install
+cp cliCrl.pem ~/cyassl/certs/crl/cliCrl.pem
+
+# eccCliCRL
+openssl ca -gencrl -crldays 120 -out eccCliCRL.pem -keyfile ~/cyassl/certs/ecc-client-key.pem -cert ~/cyassl/certs/client-ecc-cert.pem
+
+# metadata
+openssl crl -in eccCliCRL.pem -text > tmp
+mv tmp eccCliCRL.pem
+# install
+cp eccCliCRL.pem ~/cyassl/certs/crl/eccCliCRL.pem
+
+# eccSrvCRL
+openssl ca -gencrl -crldays 120 -out eccSrvCRL.pem -keyfile ~/cyassl/certs/ecc-key.pem -cert ~/cyassl/certs/server-ecc.pem
+
+# metadata
+openssl crl -in eccSrvCRL.pem -text > tmp
+mv tmp eccSrvCRL.pem
+# install
+cp eccSrvCRL.pem ~/cyassl/certs/crl/eccSrvCRL.pem
+

certs/crl/include.am

@@ -0,0 +1,14 @@
+# vim:ft=automake
+# All paths should be given relative to the root
+#
+
+EXTRA_DIST += \
+	     certs/crl/crl.pem \
+	     certs/crl/cliCrl.pem \
+	     certs/crl/eccSrvCRL.pem \
+	     certs/crl/eccCliCRL.pem
+
+EXTRA_DIST += \
+	     certs/crl/crl.revoked
+
+

certs/dh2048.pem

@@ -0,0 +1,29 @@
+Diffie-Hellman-Parameters: (2048 bit)
+    prime:
+        00:b0:a1:08:06:9c:08:13:ba:59:06:3c:bc:30:d5:
+        f5:00:c1:4f:44:a7:d6:ef:4a:c6:25:27:1c:e8:d2:
+        96:53:0a:5c:91:dd:a2:c2:94:84:bf:7d:b2:44:9f:
+        9b:d2:c1:8a:c5:be:72:5c:a7:e7:91:e6:d4:9f:73:
+        07:85:5b:66:48:c7:70:fa:b4:ee:02:c9:3d:9a:4a:
+        da:3d:c1:46:3e:19:69:d1:17:46:07:a3:4d:9f:2b:
+        96:17:39:6d:30:8d:2a:f3:94:d3:75:cf:a0:75:e6:
+        f2:92:1f:1a:70:05:aa:04:83:57:30:fb:da:76:93:
+        38:50:e8:27:fd:63:ee:3c:e5:b7:c8:09:ae:6f:50:
+        35:8e:84:ce:4a:00:e9:12:7e:5a:31:d7:33:fc:21:
+        13:76:cc:16:30:db:0c:fc:c5:62:a7:35:b8:ef:b7:
+        b0:ac:c0:36:f6:d9:c9:46:48:f9:40:90:00:2b:1b:
+        aa:6c:e3:1a:c3:0b:03:9e:1b:c2:46:e4:48:4e:22:
+        73:6f:c3:5f:d4:9a:d6:30:07:48:d6:8c:90:ab:d4:
+        f6:f1:e3:48:d3:58:4b:a6:b9:cd:29:bf:68:1f:08:
+        4b:63:86:2f:5c:6b:d6:b6:06:65:f7:a6:dc:00:67:
+        6b:bb:c3:a9:41:83:fb:c7:fa:c8:e2:1e:7e:af:00:
+        3f:93
+    generator: 2 (0x2)
+-----BEGIN DH PARAMETERS-----
+MIIBCAKCAQEAsKEIBpwIE7pZBjy8MNX1AMFPRKfW70rGJScc6NKWUwpckd2iwpSE
+v32yRJ+b0sGKxb5yXKfnkebUn3MHhVtmSMdw+rTuAsk9mkraPcFGPhlp0RdGB6NN
+nyuWFzltMI0q85TTdc+gdebykh8acAWqBINXMPvadpM4UOgn/WPuPOW3yAmub1A1
+joTOSgDpEn5aMdcz/CETdswWMNsM/MVipzW477ewrMA29tnJRkj5QJAAKxuqbOMa
+wwsDnhvCRuRITiJzb8Nf1JrWMAdI1oyQq9T28eNI01hLprnNKb9oHwhLY4YvXGvW
+tgZl96bcAGdru8OpQYP7x/rI4h5+rwA/kwIBAg==
+-----END DH PARAMETERS-----

certs/dsa-cert.pem

@@ -1,70 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number:
-            ce:df:23:31:64:b4:13:da
-        Signature Algorithm: dsaWithSHA1
-        Issuer: C=US, ST=Oregon, L=Portland, O=yaSSL, OU=testing, CN=www.yassl.com/emailAddress=info@yassl.com
-        Validity
-            Not Before: Jun 30 18:56:38 2010 GMT
-            Not After : Mar 26 18:56:39 2013 GMT
-        Subject: C=US, ST=Oregon, L=Portland, O=yaSSL, OU=testing, CN=www.yassl.com/emailAddress=info@yassl.com
-        Subject Public Key Info:
-            Public Key Algorithm: dsaEncryption
-            DSA Public Key:
-                pub: 
-                    04:84:a0:26:31:72:0c:e8:4f:5d:53:17:62:b1:80:
-                    ca:c0:16:5f:c3:1e:ea:c5:d9:98:38:f9:be:56:53:
-                    47:68:ce:08:22:57:1c:bb:0d:77:91:cf:5b:36:ed:
-                    f3:24:82:90:8a:cd:90:7c:db:77:f9:17:2d:73:73:
-                    ef:bb:b9:82
-                P:   
-                    00:99:29:69:80:c9:3c:98:68:45:a9:82:fe:67:eb:
-                    95:88:c5:b4:0c:d6:26:45:95:19:2c:a0:20:5b:7e:
-                    df:69:e9:dc:c3:0f:f3:61:0a:25:9b:f2:21:01:6a:
-                    cd:aa:8c:37:e7:ca:66:db:56:f4:0f:7d:7a:d1:18:
-                    b9:42:fd:1b:11
-                Q:   
-                    00:ad:25:29:ab:0a:9f:09:1c:c1:ad:03:20:76:7f:
-                    a6:b7:dd:4d:03:09
-                G:   
-                    12:88:99:da:e7:d0:0b:93:9b:e6:ee:3c:21:7f:9c:
-                    b3:b4:8d:a5:8c:e2:37:80:3f:17:d1:81:4f:bd:f0:
-                    71:b6:32:08:54:dd:bf:01:e2:b3:77:06:64:75:8a:
-                    04:d6:79:39:b1:02:03:03:c6:06:74:e5:90:05:0a:
-                    10:46:19:31
-        X509v3 extensions:
-            X509v3 Subject Key Identifier: 
-                BE:F9:8C:5D:D6:1C:B4:EE:81:DD:36:56:0A:21:E4:61:44:73:E9:E2
-            X509v3 Authority Key Identifier: 
-                keyid:BE:F9:8C:5D:D6:1C:B4:EE:81:DD:36:56:0A:21:E4:61:44:73:E9:E2
-                DirName:/C=US/ST=Oregon/L=Portland/O=yaSSL/OU=testing/CN=www.yassl.com/emailAddress=info@yassl.com
-                serial:CE:DF:23:31:64:B4:13:DA
-
-            X509v3 Basic Constraints: 
-                CA:TRUE
-    Signature Algorithm: dsaWithSHA1
-        30:2d:02:14:00:a3:21:20:34:6a:2c:f9:fb:76:d7:20:c9:c0:
-        35:1b:64:9a:c2:83:02:15:00:a4:59:ac:6d:da:85:48:ff:f5:
-        0d:49:72:c8:cd:91:fc:ec:2f:5c:63
------BEGIN CERTIFICATE-----
-MIIDfjCCAz2gAwIBAgIJAM7fIzFktBPaMAkGByqGSM44BAMwgYoxCzAJBgNVBAYT
-AlVTMQ8wDQYDVQQIEwZPcmVnb24xETAPBgNVBAcTCFBvcnRsYW5kMQ4wDAYDVQQK
-EwV5YVNTTDEQMA4GA1UECxMHdGVzdGluZzEWMBQGA1UEAxMNd3d3Lnlhc3NsLmNv
-bTEdMBsGCSqGSIb3DQEJARYOaW5mb0B5YXNzbC5jb20wHhcNMTAwNjMwMTg1NjM4
-WhcNMTMwMzI2MTg1NjM5WjCBijELMAkGA1UEBhMCVVMxDzANBgNVBAgTBk9yZWdv
-bjERMA8GA1UEBxMIUG9ydGxhbmQxDjAMBgNVBAoTBXlhU1NMMRAwDgYDVQQLEwd0
-ZXN0aW5nMRYwFAYDVQQDEw13d3cueWFzc2wuY29tMR0wGwYJKoZIhvcNAQkBFg5p
-bmZvQHlhc3NsLmNvbTCB8DCBqAYHKoZIzjgEATCBnAJBAJkpaYDJPJhoRamC/mfr
-lYjFtAzWJkWVGSygIFt+32np3MMP82EKJZvyIQFqzaqMN+fKZttW9A99etEYuUL9
-GxECFQCtJSmrCp8JHMGtAyB2f6a33U0DCQJAEoiZ2ufQC5Ob5u48IX+cs7SNpYzi
-N4A/F9GBT73wcbYyCFTdvwHis3cGZHWKBNZ5ObECAwPGBnTlkAUKEEYZMQNDAAJA
-BISgJjFyDOhPXVMXYrGAysAWX8Me6sXZmDj5vlZTR2jOCCJXHLsNd5HPWzbt8ySC
-kIrNkHzbd/kXLXNz77u5gqOB8jCB7zAdBgNVHQ4EFgQUvvmMXdYctO6B3TZWCiHk
-YURz6eIwgb8GA1UdIwSBtzCBtIAUvvmMXdYctO6B3TZWCiHkYURz6eKhgZCkgY0w
-gYoxCzAJBgNVBAYTAlVTMQ8wDQYDVQQIEwZPcmVnb24xETAPBgNVBAcTCFBvcnRs
-YW5kMQ4wDAYDVQQKEwV5YVNTTDEQMA4GA1UECxMHdGVzdGluZzEWMBQGA1UEAxMN
-d3d3Lnlhc3NsLmNvbTEdMBsGCSqGSIb3DQEJARYOaW5mb0B5YXNzbC5jb22CCQDO
-3yMxZLQT2jAMBgNVHRMEBTADAQH/MAkGByqGSM44BAMDMAAwLQIUAKMhIDRqLPn7
-dtcgycA1G2SawoMCFQCkWaxt2oVI//UNSXLIzZH87C9cYw==
------END CERTIFICATE-----

certs/dsa512.pem

@@ -1,8 +0,0 @@
------BEGIN DSA PRIVATE KEY-----
-MIH3AgEAAkEAmSlpgMk8mGhFqYL+Z+uViMW0DNYmRZUZLKAgW37faencww/zYQol
-m/IhAWrNqow358pm21b0D3160Ri5Qv0bEQIVAK0lKasKnwkcwa0DIHZ/prfdTQMJ
-AkASiJna59ALk5vm7jwhf5yztI2ljOI3gD8X0YFPvfBxtjIIVN2/AeKzdwZkdYoE
-1nk5sQIDA8YGdOWQBQoQRhkxAkAEhKAmMXIM6E9dUxdisYDKwBZfwx7qxdmYOPm+
-VlNHaM4IIlccuw13kc9bNu3zJIKQis2QfNt3+Rctc3Pvu7mCAhQjg+e+aqykxwwc
-E2V27tjDFY02uA==
------END DSA PRIVATE KEY-----

certs/ecc-client-key.pem

@@ -0,0 +1,9 @@
+ASN1 OID: prime256v1
+-----BEGIN EC PARAMETERS-----
+BggqhkjOPQMBBw==
+-----END EC PARAMETERS-----
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIPjPkmu9HijxqKuhI08ydBiIUK1+x+yS+I+XTa9WiWXHoAoGCCqGSM49
+AwEHoUQDQgAEVb/0D0RQmj3Om7fwxU31cHvU7CSOGYDsWkyiJANiLJva76I1EkOE
+dhbGVpUGzAGpvfZ1GkL3vamyNiJfx11/tA==
+-----END EC PRIVATE KEY-----

certs/ecc-keyPkcs8.pem

@@ -0,0 +1,5 @@
+-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgRbZpAnOcbIWhOFty
+6OjHrMQDjVM1BPpsKNw0jeGoCYyhRANCAAS7M6xMJ1BKxkqlBMM83p8223ItzpTq
+K/rLIAk5LBboYQLpr03TApOaMVuXkiF/8M8Y2pERAjSG6CBYMwuANInY
+-----END PRIVATE KEY-----

certs/include.am

@@ -0,0 +1,40 @@
+# vim:ft=automake
+# All paths should be given relative to the root
+#
+
+EXTRA_DIST += \
+	     certs/ca-cert.pem \
+	     certs/ca-key.pem \
+	     certs/client-cert.pem \
+	     certs/client-keyEnc.pem \
+	     certs/client-key.pem \
+	     certs/ecc-key.pem \
+	     certs/ecc-keyPkcs8.pem \
+	     certs/ecc-client-key.pem \
+	     certs/client-ecc-cert.pem \
+	     certs/ntru-cert.pem \
+	     certs/dh2048.pem \
+	     certs/server-cert.pem \
+	     certs/server-ecc.pem \
+	     certs/server-ecc-rsa.pem \
+	     certs/server-keyEnc.pem \
+	     certs/server-key.pem \
+	     certs/server-keyPkcs8Enc12.pem \
+	     certs/server-keyPkcs8Enc2.pem \
+	     certs/server-keyPkcs8Enc.pem \
+	     certs/server-keyPkcs8.pem
+
+EXTRA_DIST += \
+	     certs/ca-key.der \
+	     certs/client-cert.der \
+	     certs/client-key.der \
+	     certs/dh2048.der \
+	     certs/rsa2048.der \
+	     certs/dsa2048.der \
+	     certs/ecc-key.der
+
+
+doc_DATA+= certs/taoCert.txt
+
+EXTRA_DIST+= certs/ntru-key.raw
+

certs/ntru-cert.pem

@@ -1,24 +1,28 @@
 -----BEGIN CERTIFICATE-----
-MIIEFTCCA7+gAwIBAgIIAbqUI6ioaAswDQYJKoZIhvcNAQEEBQAwgZ4xCzAJBgNV
+MIIEyTCCA7GgAwIBAgIIASZ+ezr7rN0wDQYJKoZIhvcNAQEFBQAwgZAxCzAJBgNV
 BAYTAlVTMRAwDgYDVQQIEwdNb250YW5hMRAwDgYDVQQHEwdCb3plbWFuMREwDwYD
-VQQKEwhzYXd0b290aDETMBEGA1UECxMKY29uc3VsdGluZzEkMCIGA1UEAxMbd3d3
-LnNhd3Rvb3RoLWNvbnN1bHRpbmcuY29tMR0wGwYJKoZIhvcNAQkBFg5pbmZvQHlh
-c3NsLmNvbTAiGA8yMDEwMTIxNDIwMjQ0MVoYDzIwMTIwNDI3MjEyNDQxWjCBijEL
-MAkGA1UEBhMCVVMxCzAJBgNVBAgTAk9SMREwDwYDVQQHEwhQb3J0bGFuZDEOMAwG
-A1UEChMFeWFTU0wxFDASBgNVBAsTC0RldmVsb3BtZW50MRYwFAYDVQQDEw13d3cu
-eWFzc2wuY29tMR0wGwYJKoZIhvcNAQkBFg5pbmZvQHlhc3NsLmNvbTCCAkswGAYK
-KwYBBAHBcAEBAgYKKwYBBAHBcAECLgOCAi0ABIICKCz+/AE/vwkKbIeZgGF2aIEx
-8Tgb8wSs7pLV97VJhdtoPE6uACTmMGAsKou1ZXZ7Wx/vo+DSEdRF4DMlny3clNoU
-ISPnfubo5oDo8zFzBkI24v7euq885RZGkrqPJLsEPkdWxbsH9hVA9Q6KiL3WkqyJ
-p6F+FseE//rJ8V++prytwhTdBzGWtpY43Wkh6Sqej7Vyh/gQAQuYSFPtWhSb0Xjh
-/tFG17lSPhPrf6xD+YtABxUG2hlWY+4wkHSVyTqkPx1/2frlMctA9J3aktEEJkWu
-bbbHVgBDkQ4E+58iljlzArep+sRs5d//KZil9fFJf1qUXo9mo3BekISGZJ5fUi/r
-4PNyJhYPJfTc0qZwas26VKiMWlAYFlxMNOdTAH9oLYRo85n+FlmkYzkaFuW/1h0u
-SSVJ25XcqWYVZL4W11bAVEut80DIZPsHAOpxaol2Ul+3TtyuYIXaGxVdWYZKVAV3
-meDa8HusJlRbRNGNJR83/lT5haFizcUkWD/QMtlnu+PgX11pUD+mZedVgYhElpfd
-GfFwBUJcStP2iMMynZkQHxvoaNS761BiNiqMJceuvE9a+2fFt9WkAAYaYHoVQNGf
-HMVv6lPeVL0S688Bq6/Y39quJQGlcDDY1jy4nOJgNrAGv/cbSFnoC12lGzHVh6pI
-3s0ekDf/bjMmIP2w3krhTyGm0pZ5D1mEXYWUkEMHVcjGNM9IBlXp1WHTWdNwINCM
-Cos5UHRX4DANBgkqhkiG9w0BAQQFAANBAHvy5p2SJtQlc5defUNYtHaAwrk7Nzcu
-qlaoBL1HCtwMI4W5Q7INKShS238uZJXYxcHQXlvxswf0IFtqT8lIFt0=
+VQQKEwhTYXd0b290aDETMBEGA1UECxMKQ29uc3VsdGluZzEWMBQGA1UEAxMNd3d3
+Lnlhc3NsLmNvbTEdMBsGCSqGSIb3DQEJARYOaW5mb0B5YXNzbC5jb20wIhgPMjAx
+MTEyMDUwMDE2MzdaGA8yMDEzMDQxOTAxMTYzN1owgYoxCzAJBgNVBAYTAlVTMQsw
+CQYDVQQIEwJPUjERMA8GA1UEBxMIUG9ydGxhbmQxDjAMBgNVBAoTBXlhU1NMMRQw
+EgYDVQQLEwtEZXZlbG9wbWVudDEWMBQGA1UEAxMNd3d3Lnlhc3NsLmNvbTEdMBsG
+CSqGSIb3DQEJARYOaW5mb0B5YXNzbC5jb20wggJLMBgGCisGAQQBwXABAQIGCisG
+AQQBwXABAi4DggItAASCAihFDRAy0fOBZth/IRQFJeuEUgrViJfGvKOUuNW6yYmn
+9/YXT2I3/aiBZ/udSehoEFVPNgLs/ZWwNrsIuETH5TPkS1e9Ig4I5G839deKT89M
+Qpq7GiKLwlLY3He/a6O+/UMEFH4ShdhDopsH2+IsWCX0H7Lvp8L8RqURrQNFXvlr
+xRAFiBixEQNry2HyEcVz/9TQSdifE4KGUtneErqsk1/Sms1m1/NqW30H77YerJfs
+QWsOEgasoJnYWS6knJC4XsUbJKqKcHRc6XeODOyf72J3ESvES2C+cqEsShxVP7zG
+hDiHurwfyvIAUL4bZSBtlAqt60iOEsXScXwdbNrj+4iuFAyjX8+JrxGMbDNi3X5l
+L2RLUiEIKUSGUozbDlR3jU2WoHUm76mZwjGe1+vOKpvqh5yrRoyqiDERj8wsGrDO
+MdoheW1xSjQ3p5fQ/UOtagWA5Lh/MqbCIHdMzMLpbOmfhFJA5BXaNg/qThhjpmvf
+csYfwWCWukKKbjfY7cxOVMuUN0VvoYBjOxt5UQhXuPjH/+5s4J7E/IxQrWz6fhcG
+wfvJjWJjedfhP23Jm4zodbwtU6MgPF641DcAwcnBqSi/Ugi7d0YeHMqTJkSnIJZV
+r3v1YLuqiFDzB6bx69DGpCxFMxIpdOPq4a9WpeQQ9H7cBK0HFl4tRPNnQ2XCrKMc
+86gQ35aaM2vPvgj0d/zgC0AG8WFQEG1wYBvLEgfiQsi7auXoScYZA8AwDQYJKoZI
+hvcNAQEFBQADggEBAJ7eyiJIGiyyrhAdaYOit3U3CUkGSatNXTkn8PRO8SwzPWCi
+FQ+4AePYV+/ovtNZiqLwm7mVa3s2CS8LCk2s9/ld22cDJNV+gDkzrelUyTLUi0jr
+zZJwEiaNXIEkYrLGifSzoNUgQBTzDmOSkm2UpIX70GTsXF73FKdqonf1VTnopVKa
+XZDpIG3/TKyh8jCwowMrkxnHS886FhXiHGCBzM1rnp3S+r3b+rTqoKoeuZQnDgJP
+IZwnZL6agtwbUfmZj6/868irlsLtC9M5nKBtj/U/tQIrW52XEhBqChmTXIq0JNL1
+++kWLLeu9t0T53Pth3VxMT/ePV0aURQvjINm60o=
 -----END CERTIFICATE-----

certs/server-cert.pem

@@ -1,39 +1,158 @@
 Certificate:
     Data:
         Version: 1 (0x0)
-        Serial Number: 1 (0x1)
-        Signature Algorithm: md5WithRSAEncryption
-        Issuer: C=US, ST=Montana, L=Bozeman, O=sawtooth, OU=consulting, CN=www.sawtooth-consulting.com/emailAddress=info@yassl.com
+        Serial Number: 2 (0x2)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.yassl.com/emailAddress=info@yassl.com
         Validity
-            Not Before: Jun 30 18:52:17 2010 GMT
-            Not After : Mar 26 18:52:17 2013 GMT
-        Subject: C=US, ST=Montana, L=Bozeman, O=yaSSL, OU=support, CN=www.yassl.com/emailAddress=info@yassl.com
+            Not Before: Oct 24 18:27:13 2011 GMT
+            Not After : Jul 20 18:27:13 2014 GMT
+        Subject: C=US, ST=Montana, L=Bozeman, O=yaSSL, OU=Support, CN=www.yassl.com/emailAddress=info@yassl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-            RSA Public Key: (512 bit)
-                Modulus (512 bit):
-                    00:c6:7b:c0:68:81:2f:de:82:3f:f9:ac:c3:86:4a:
-                    66:b7:ec:d4:f1:f6:64:21:ff:f5:a2:34:42:d0:38:
-                    9f:c6:dd:3b:6e:26:65:6a:54:96:dd:d2:7b:eb:36:
-                    a2:ae:7e:2a:9e:7e:56:a5:b6:87:9f:15:c7:18:66:
-                    7e:16:77:e2:a7
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27:
+                    01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6:
+                    f6:1c:88:bc:7c:9f:fb:a8:67:7f:fe:5c:9c:51:75:
+                    f7:8a:ca:07:e7:35:2f:8f:e1:bd:7b:c0:2f:7c:ab:
+                    64:a8:17:fc:ca:5d:7b:ba:e0:21:e5:72:2e:6f:2e:
+                    86:d8:95:73:da:ac:1b:53:b9:5f:3f:d7:19:0d:25:
+                    4f:e1:63:63:51:8b:0b:64:3f:ad:43:b8:a5:1c:5c:
+                    34:b3:ae:00:a0:63:c5:f6:7f:0b:59:68:78:73:a6:
+                    8c:18:a9:02:6d:af:c3:19:01:2e:b8:10:e3:c6:cc:
+                    40:b4:69:a3:46:33:69:87:6e:c4:bb:17:a6:f3:e8:
+                    dd:ad:73:bc:7b:2f:21:b5:fd:66:51:0c:bd:54:b3:
+                    e1:6d:5f:1c:bc:23:73:d1:09:03:89:14:d2:10:b9:
+                    64:c3:2a:d0:a1:96:4a:bc:e1:d4:1a:5b:c7:a0:c0:
+                    c1:63:78:0f:44:37:30:32:96:80:32:23:95:a1:77:
+                    ba:13:d2:97:73:e2:5d:25:c9:6a:0d:c3:39:60:a4:
+                    b4:b0:69:42:42:09:e9:d8:08:bc:33:20:b3:58:22:
+                    a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f:
+                    ad:d7
                 Exponent: 65537 (0x10001)
-    Signature Algorithm: md5WithRSAEncryption
-        58:a9:98:e7:16:52:4c:40:e7:e1:47:92:19:1b:3a:8f:97:6c:
-        7b:b7:b0:cb:20:6d:ad:b5:d3:47:58:d8:e4:f2:3e:32:e9:ef:
-        87:77:e5:54:36:f4:8d:50:8d:07:b4:77:45:ea:9d:a4:33:36:
-        9b:0b:e0:74:58:11:c5:01:7b:4d
+    Signature Algorithm: sha1WithRSAEncryption
+        71:4e:d3:62:df:cc:4c:f7:cd:b7:6e:52:0b:6c:6e:e0:bd:c2:
+        2d:07:d7:c0:b0:6e:43:1e:35:bc:30:01:50:f0:ff:99:23:6c:
+        18:1a:41:b6:11:d6:d4:19:61:fd:e4:77:97:1c:39:e1:57:ab:
+        c5:15:63:77:11:36:5e:74:e2:24:0b:1f:41:78:ad:b7:81:e7:
+        b4:40:66:80:f0:4b:91:a0:6d:a8:6e:3d:53:d9:8b:ce:2a:e1:
+        0b:45:65:87:a1:96:ae:ee:3e:88:d5:12:1f:78:17:ae:2c:c5:
+        73:44:d8:dc:f4:af:d8:cc:ae:4c:e1:0c:be:55:a4:99:f7:6e:
+        96:c0:c8:45:87:bf:dc:51:57:ff:9e:73:37:6a:18:9c:c3:f9:
+        22:7a:f4:b0:52:bd:fc:21:30:f8:c5:ff:1e:87:7d:ad:a2:5a:
+        35:f5:22:a8:b4:0a:76:38:e6:76:b0:98:af:1b:ec:8a:0a:43:
+        74:d2:85:34:37:84:07:e1:f6:23:b2:29:de:a6:b6:b7:4c:57:
+        7e:96:06:cb:a9:16:25:29:3a:03:2d:55:7d:a6:8c:a4:f7:9e:
+        81:c9:95:b6:7c:c1:4a:ce:94:66:0c:ca:88:eb:d2:09:f5:5b:
+        19:58:82:df:27:fd:67:95:78:b7:02:06:d5:a7:61:bd:ef:3a:
+        fc:b2:61:cd
 -----BEGIN CERTIFICATE-----
-MIICFDCCAb4CAQEwDQYJKoZIhvcNAQEEBQAwgZ4xCzAJBgNVBAYTAlVTMRAwDgYD
-VQQIEwdNb250YW5hMRAwDgYDVQQHEwdCb3plbWFuMREwDwYDVQQKEwhzYXd0b290
-aDETMBEGA1UECxMKY29uc3VsdGluZzEkMCIGA1UEAxMbd3d3LnNhd3Rvb3RoLWNv
-bnN1bHRpbmcuY29tMR0wGwYJKoZIhvcNAQkBFg5pbmZvQHlhc3NsLmNvbTAeFw0x
-MDA2MzAxODUyMTdaFw0xMzAzMjYxODUyMTdaMIGKMQswCQYDVQQGEwJVUzEQMA4G
-A1UECBMHTW9udGFuYTEQMA4GA1UEBxMHQm96ZW1hbjEOMAwGA1UEChMFeWFTU0wx
-EDAOBgNVBAsTB3N1cHBvcnQxFjAUBgNVBAMTDXd3dy55YXNzbC5jb20xHTAbBgkq
-hkiG9w0BCQEWDmluZm9AeWFzc2wuY29tMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJB
-AMZ7wGiBL96CP/msw4ZKZrfs1PH2ZCH/9aI0QtA4n8bdO24mZWpUlt3Se+s2oq5+
-Kp5+VqW2h58VxxhmfhZ34qcCAwEAATANBgkqhkiG9w0BAQQFAANBAFipmOcWUkxA
-5+FHkhkbOo+XbHu3sMsgba2100dY2OTyPjLp74d35VQ29I1QjQe0d0XqnaQzNpsL
-4HRYEcUBe00=
+MIIDkDCCAngCAQIwDQYJKoZIhvcNAQEFBQAwgZAxCzAJBgNVBAYTAlVTMRAwDgYD
+VQQIEwdNb250YW5hMRAwDgYDVQQHEwdCb3plbWFuMREwDwYDVQQKEwhTYXd0b290
+aDETMBEGA1UECxMKQ29uc3VsdGluZzEWMBQGA1UEAxMNd3d3Lnlhc3NsLmNvbTEd
+MBsGCSqGSIb3DQEJARYOaW5mb0B5YXNzbC5jb20wHhcNMTExMDI0MTgyNzEzWhcN
+MTQwNzIwMTgyNzEzWjCBijELMAkGA1UEBhMCVVMxEDAOBgNVBAgTB01vbnRhbmEx
+EDAOBgNVBAcTB0JvemVtYW4xDjAMBgNVBAoTBXlhU1NMMRAwDgYDVQQLEwdTdXBw
+b3J0MRYwFAYDVQQDEw13d3cueWFzc2wuY29tMR0wGwYJKoZIhvcNAQkBFg5pbmZv
+QHlhc3NsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMCVCOFX
+QfJxbbfSRUEnAWXGRa7yvCQwuJXOL07W9hyIvHyf+6hnf/5cnFF194rKB+c1L4/h
+vXvAL3yrZKgX/Mpde7rgIeVyLm8uhtiVc9qsG1O5Xz/XGQ0lT+FjY1GLC2Q/rUO4
+pRxcNLOuAKBjxfZ/C1loeHOmjBipAm2vwxkBLrgQ48bMQLRpo0YzaYduxLsXpvPo
+3a1zvHsvIbX9ZlEMvVSz4W1fHLwjc9EJA4kU0hC5ZMMq0KGWSrzh1Bpbx6DAwWN4
+D0Q3MDKWgDIjlaF3uhPSl3PiXSXJag3DOWCktLBpQkIJ6dgIvDMgs1gip6rrxOHm
+YYPF0pbf2dBPrdcCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAcU7TYt/MTPfNt25S
+C2xu4L3CLQfXwLBuQx41vDABUPD/mSNsGBpBthHW1Blh/eR3lxw54VerxRVjdxE2
+XnTiJAsfQXitt4HntEBmgPBLkaBtqG49U9mLzirhC0Vlh6GWru4+iNUSH3gXrizF
+c0TY3PSv2MyuTOEMvlWkmfdulsDIRYe/3FFX/55zN2oYnMP5Inr0sFK9/CEw+MX/
+Hod9raJaNfUiqLQKdjjmdrCYrxvsigpDdNKFNDeEB+H2I7Ip3qa2t0xXfpYGy6kW
+JSk6Ay1VfaaMpPeegcmVtnzBSs6UZgzKiOvSCfVbGViC3yf9Z5V4twIG1adhve86
+/LJhzQ==
+-----END CERTIFICATE-----
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            e9:d0:a7:5f:79:25:f4:3c
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.yassl.com/emailAddress=info@yassl.com
+        Validity
+            Not Before: Oct 24 18:18:15 2011 GMT
+            Not After : Jul 20 18:18:15 2014 GMT
+        Subject: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.yassl.com/emailAddress=info@yassl.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:bf:0c:ca:2d:14:b2:1e:84:42:5b:cd:38:1f:4a:
+                    f2:4d:75:10:f1:b6:35:9f:df:ca:7d:03:98:d3:ac:
+                    de:03:66:ee:2a:f1:d8:b0:7d:6e:07:54:0b:10:98:
+                    21:4d:80:cb:12:20:e7:cc:4f:de:45:7d:c9:72:77:
+                    32:ea:ca:90:bb:69:52:10:03:2f:a8:f3:95:c5:f1:
+                    8b:62:56:1b:ef:67:6f:a4:10:41:95:ad:0a:9b:e3:
+                    a5:c0:b0:d2:70:76:50:30:5b:a8:e8:08:2c:7c:ed:
+                    a7:a2:7a:8d:38:29:1c:ac:c7:ed:f2:7c:95:b0:95:
+                    82:7d:49:5c:38:cd:77:25:ef:bd:80:75:53:94:3c:
+                    3d:ca:63:5b:9f:15:b5:d3:1d:13:2f:19:d1:3c:db:
+                    76:3a:cc:b8:7d:c9:e5:c2:d7:da:40:6f:d8:21:dc:
+                    73:1b:42:2d:53:9c:fe:1a:fc:7d:ab:7a:36:3f:98:
+                    de:84:7c:05:67:ce:6a:14:38:87:a9:f1:8c:b5:68:
+                    cb:68:7f:71:20:2b:f5:a0:63:f5:56:2f:a3:26:d2:
+                    b7:6f:b1:5a:17:d7:38:99:08:fe:93:58:6f:fe:c3:
+                    13:49:08:16:0b:a7:4d:67:00:52:31:67:23:4e:98:
+                    ed:51:45:1d:b9:04:d9:0b:ec:d8:28:b3:4b:bd:ed:
+                    36:79
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
+            X509v3 Authority Key Identifier: 
+                keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
+                DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.yassl.com/emailAddress=info@yassl.com
+                serial:E9:D0:A7:5F:79:25:F4:3C
+
+            X509v3 Basic Constraints: 
+                CA:TRUE
+    Signature Algorithm: sha1WithRSAEncryption
+        5f:86:14:f4:51:8b:bc:a5:4e:30:da:5e:ac:9a:f8:6c:d9:26:
+        4b:93:f9:e3:1c:89:6f:9e:ee:b3:9d:77:3e:89:20:76:a3:e6:
+        e8:86:15:21:db:e2:33:b2:34:d5:d0:9f:f3:c1:a4:87:92:5c:
+        f9:d1:ff:30:2f:8e:03:bc:b3:3c:0c:32:a3:90:5f:1a:90:1e:
+        af:9d:f3:9e:d7:07:02:a9:7d:27:66:63:2f:af:18:d7:ac:18:
+        98:8c:83:8f:38:f3:0b:ac:36:10:75:fb:ca:76:13:50:5b:02:
+        8f:73:bf:e3:a0:ee:83:52:25:54:ce:26:ce:9c:bd:2f:79:ab:
+        1b:60:b8:92:f1:03:c0:fc:3b:08:d9:c0:ad:d5:72:08:25:80:
+        61:2d:dc:9f:a7:83:62:07:47:e0:07:4c:4b:07:30:04:a9:87:
+        1c:55:7f:07:12:d0:cb:42:5d:cb:cf:66:01:1a:17:ee:f9:0f:
+        60:b7:db:6f:68:e5:4e:41:62:6e:d3:6f:60:4f:4b:27:de:cf:
+        18:07:f1:13:5d:cb:3f:a9:25:44:da:52:5c:c8:04:e1:56:12:
+        f5:2a:90:4e:d1:e2:af:01:b5:23:a1:ec:31:da:7b:63:69:c4:
+        b8:f3:e7:ce:a1:3d:c0:db:6d:f3:b2:d9:46:c8:9f:c3:b8:70:
+        5a:1f:7f:ca
+-----BEGIN CERTIFICATE-----
+MIIEnjCCA4agAwIBAgIJAOnQp195JfQ8MA0GCSqGSIb3DQEBBQUAMIGQMQswCQYD
+VQQGEwJVUzEQMA4GA1UECBMHTW9udGFuYTEQMA4GA1UEBxMHQm96ZW1hbjERMA8G
+A1UEChMIU2F3dG9vdGgxEzARBgNVBAsTCkNvbnN1bHRpbmcxFjAUBgNVBAMTDXd3
+dy55YXNzbC5jb20xHTAbBgkqhkiG9w0BCQEWDmluZm9AeWFzc2wuY29tMB4XDTEx
+MTAyNDE4MTgxNVoXDTE0MDcyMDE4MTgxNVowgZAxCzAJBgNVBAYTAlVTMRAwDgYD
+VQQIEwdNb250YW5hMRAwDgYDVQQHEwdCb3plbWFuMREwDwYDVQQKEwhTYXd0b290
+aDETMBEGA1UECxMKQ29uc3VsdGluZzEWMBQGA1UEAxMNd3d3Lnlhc3NsLmNvbTEd
+MBsGCSqGSIb3DQEJARYOaW5mb0B5YXNzbC5jb20wggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQC/DMotFLIehEJbzTgfSvJNdRDxtjWf38p9A5jTrN4DZu4q
+8diwfW4HVAsQmCFNgMsSIOfMT95FfclydzLqypC7aVIQAy+o85XF8YtiVhvvZ2+k
+EEGVrQqb46XAsNJwdlAwW6joCCx87aeieo04KRysx+3yfJWwlYJ9SVw4zXcl772A
+dVOUPD3KY1ufFbXTHRMvGdE823Y6zLh9yeXC19pAb9gh3HMbQi1TnP4a/H2rejY/
+mN6EfAVnzmoUOIep8Yy1aMtof3EgK/WgY/VWL6Mm0rdvsVoX1ziZCP6TWG/+wxNJ
+CBYLp01nAFIxZyNOmO1RRR25BNkL7Ngos0u97TZ5AgMBAAGjgfgwgfUwHQYDVR0O
+BBYEFCeOZxF0wyYdP+0zY7Ok2B0w5ejVMIHFBgNVHSMEgb0wgbqAFCeOZxF0wyYd
+P+0zY7Ok2B0w5ejVoYGWpIGTMIGQMQswCQYDVQQGEwJVUzEQMA4GA1UECBMHTW9u
+dGFuYTEQMA4GA1UEBxMHQm96ZW1hbjERMA8GA1UEChMIU2F3dG9vdGgxEzARBgNV
+BAsTCkNvbnN1bHRpbmcxFjAUBgNVBAMTDXd3dy55YXNzbC5jb20xHTAbBgkqhkiG
+9w0BCQEWDmluZm9AeWFzc2wuY29tggkA6dCnX3kl9DwwDAYDVR0TBAUwAwEB/zAN
+BgkqhkiG9w0BAQUFAAOCAQEAX4YU9FGLvKVOMNperJr4bNkmS5P54xyJb57us513
+PokgdqPm6IYVIdviM7I01dCf88Gkh5Jc+dH/MC+OA7yzPAwyo5BfGpAer53zntcH
+Aql9J2ZjL68Y16wYmIyDjzjzC6w2EHX7ynYTUFsCj3O/46Dug1IlVM4mzpy9L3mr
+G2C4kvEDwPw7CNnArdVyCCWAYS3cn6eDYgdH4AdMSwcwBKmHHFV/BxLQy0Jdy89m
+ARoX7vkPYLfbb2jlTkFibtNvYE9LJ97PGAfxE13LP6klRNpSXMgE4VYS9SqQTtHi
+rwG1I6HsMdp7Y2nEuPPnzqE9wNtt87LZRsifw7hwWh9/yg==
 -----END CERTIFICATE-----

certs/server-ecc-rsa.pem

@@ -0,0 +1,54 @@
+Certificate:
+    Data:
+        Version: 1 (0x0)
+        Serial Number: 9 (0x9)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.yassl.com/emailAddress=info@yassl.com
+        Validity
+            Not Before: Aug  8 21:58:29 2012 GMT
+            Not After : May  5 21:58:29 2015 GMT
+        Subject: C=US, ST=Washington, L=Seattle, O=Elliptic - RSAsig, OU=ECC-RSAsig, CN=www.yassl.com/emailAddress=info@yassl.com
+        Subject Public Key Info:
+            Public Key Algorithm: id-ecPublicKey
+            EC Public Key:
+                pub: 
+                    04:bb:33:ac:4c:27:50:4a:c6:4a:a5:04:c3:3c:de:
+                    9f:36:db:72:2d:ce:94:ea:2b:fa:cb:20:09:39:2c:
+                    16:e8:61:02:e9:af:4d:d3:02:93:9a:31:5b:97:92:
+                    21:7f:f0:cf:18:da:91:11:02:34:86:e8:20:58:33:
+                    0b:80:34:89:d8
+                ASN1 OID: prime256v1
+    Signature Algorithm: sha1WithRSAEncryption
+        a0:1c:de:98:e8:61:c8:fb:0a:0e:af:ea:99:4b:c0:49:e6:66:
+        68:5e:7a:18:b8:0c:e3:0f:16:86:bc:b5:86:79:02:69:1c:b7:
+        e7:ff:53:d9:05:5d:27:39:24:54:67:14:de:ef:8e:c2:a0:11:
+        ca:c8:27:99:b9:d6:e9:71:1f:86:c9:8f:b1:74:a2:9f:93:6a:
+        0c:74:cf:17:77:8c:26:08:6e:a8:ac:69:d4:55:15:a2:95:87:
+        43:7a:ab:72:93:73:40:58:c2:bb:9c:89:f2:73:20:69:df:f1:
+        f3:65:08:9c:00:67:97:a6:71:00:2b:31:84:10:ac:bd:54:ac:
+        fd:b3:eb:12:36:77:f6:0a:e3:9a:96:d2:a6:22:bc:1d:6b:ce:
+        3c:0d:7b:d9:1c:1d:f1:ee:ec:ce:83:c8:98:c9:65:3e:06:31:
+        c3:b2:87:da:09:b4:90:0b:e2:6b:29:0e:d6:ae:53:1d:10:98:
+        e2:dc:f9:63:38:a1:a2:af:46:23:a4:4c:ab:0c:0b:08:be:cd:
+        a4:a6:6d:46:f0:f8:e0:31:99:85:39:10:4a:a0:04:54:3b:21:
+        e1:e9:b4:f3:a5:06:cd:37:ae:2c:ca:5d:ac:90:b5:ab:92:81:
+        aa:bf:2d:3f:8e:ee:4d:12:81:0a:8e:a4:ca:87:93:af:b0:25:
+        7e:e2:07:f7
+-----BEGIN CERTIFICATE-----
+MIIC1zCCAb8CAQkwDQYJKoZIhvcNAQEFBQAwgZAxCzAJBgNVBAYTAlVTMRAwDgYD
+VQQIEwdNb250YW5hMRAwDgYDVQQHEwdCb3plbWFuMREwDwYDVQQKEwhTYXd0b290
+aDETMBEGA1UECxMKQ29uc3VsdGluZzEWMBQGA1UEAxMNd3d3Lnlhc3NsLmNvbTEd
+MBsGCSqGSIb3DQEJARYOaW5mb0B5YXNzbC5jb20wHhcNMTIwODA4MjE1ODI5WhcN
+MTUwNTA1MjE1ODI5WjCBnDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0
+b24xEDAOBgNVBAcTB1NlYXR0bGUxGjAYBgNVBAoTEUVsbGlwdGljIC0gUlNBc2ln
+MRMwEQYDVQQLEwpFQ0MtUlNBc2lnMRYwFAYDVQQDEw13d3cueWFzc2wuY29tMR0w
+GwYJKoZIhvcNAQkBFg5pbmZvQHlhc3NsLmNvbTBZMBMGByqGSM49AgEGCCqGSM49
+AwEHA0IABLszrEwnUErGSqUEwzzenzbbci3OlOor+ssgCTksFuhhAumvTdMCk5ox
+W5eSIX/wzxjakRECNIboIFgzC4A0idgwDQYJKoZIhvcNAQEFBQADggEBAKAc3pjo
+Ycj7Cg6v6plLwEnmZmheehi4DOMPFoa8tYZ5Amkct+f/U9kFXSc5JFRnFN7vjsKg
+EcrIJ5m51ulxH4bJj7F0op+Tagx0zxd3jCYIbqisadRVFaKVh0N6q3KTc0BYwruc
+ifJzIGnf8fNlCJwAZ5emcQArMYQQrL1UrP2z6xI2d/YK45qW0qYivB1rzjwNe9kc
+HfHu7M6DyJjJZT4GMcOyh9oJtJAL4mspDtauUx0QmOLc+WM4oaKvRiOkTKsMCwi+
+zaSmbUbw+OAxmYU5EEqgBFQ7IeHptPOlBs03rizKXayQtauSgaq/LT+O7k0SgQqO
+pMqHk6+wJX7iB/c=
+-----END CERTIFICATE-----

certs/server-key.pem

@@ -1,9 +1,27 @@
 -----BEGIN RSA PRIVATE KEY-----
-MIIBOwIBAAJBAMZ7wGiBL96CP/msw4ZKZrfs1PH2ZCH/9aI0QtA4n8bdO24mZWpU
-lt3Se+s2oq5+Kp5+VqW2h58VxxhmfhZ34qcCAwEAAQJBAJSbGxgjgV+rTZL2Ev58
-viN/IoB25cm/Bn4Heu7DNn2A2kpdGX2cCaf7rEQoIKCiHxvopvxOcd/7nLS/gNli
-dCECIQD/cX/9fvB1Uajw0fmvwNON9+3P9uJSqpig90zL32pwjQIhAMbqee9TBMN4
-TxXbgWqA92PrCXe8WDZ3PwoJqdR6MRUDAiEAny+TDF1z6hiWiGTCDgXDkKBlwgjf
-p5aKgR077XzwLu0CICVpWEGg1ZaF/CnaPP7w/pZ2UDOK4vRrfRnAM4bY7H5NAiBS
-1eXJ/MCZ2uPfpl7XK2BU9P69KdKUk5WHxdRchVvcDg==
+MIIEpQIBAAKCAQEAwJUI4VdB8nFtt9JFQScBZcZFrvK8JDC4lc4vTtb2HIi8fJ/7
+qGd//lycUXX3isoH5zUvj+G9e8AvfKtkqBf8yl17uuAh5XIuby6G2JVz2qwbU7lf
+P9cZDSVP4WNjUYsLZD+tQ7ilHFw0s64AoGPF9n8LWWh4c6aMGKkCba/DGQEuuBDj
+xsxAtGmjRjNph27Euxem8+jdrXO8ey8htf1mUQy9VLPhbV8cvCNz0QkDiRTSELlk
+wyrQoZZKvOHUGlvHoMDBY3gPRDcwMpaAMiOVoXe6E9KXc+JdJclqDcM5YKS0sGlC
+Qgnp2Ai8MyCzWCKnquvE4eZhg8XSlt/Z0E+t1wIDAQABAoIBAQCa0DQPUmIFUAHv
+n+1kbsLE2hryhNeSEEiSxOlq64t1bMZ5OPLJckqGZFSVd8vDmp231B2kAMieTuTd
+x7pnFsF0vKnWlI8rMBr77d8hBSPZSjm9mGtlmrjcxH3upkMVLj2+HSJgKnMw1T7Y
+oqyGQy7E9WReP4l1DxHYUSVOn9iqo85gs+KK2X4b8GTKmlsFC1uqy+XjP24yIgXz
+0PrvdFKB4l90073/MYNFdfpjepcu1rYZxpIm5CgGUFAOeC6peA0Ul7QS2DFAq6EB
+QcIw+AdfFuRhd9Jg8p+N6PS662PeKpeB70xs5lU0USsoNPRTHMRYCj+7r7X3SoVD
+LTzxWFiBAoGBAPIsVHY5I2PJEDK3k62vvhl1loFk5rW4iUJB0W3QHBv4G6xpyzY8
+ZH3c9Bm4w2CxV0hfUk9ZOlV/MsAZQ1A/rs5vF/MOn0DKTq0VO8l56cBZOHNwnAp8
+yTpIMqfYSXUKhcLC/RVz2pkJKmmanwpxv7AEpox6Wm9IWlQ7xrFTF9/nAoGBAMuT
+3ncVXbdcXHzYkKmYLdZpDmOzo9ymzItqpKISjI57SCyySzfcBhh96v52odSh6T8N
+zRtfr1+elltbD6F8r7ObkNtXczrtsCNErkFPHwdCEyNMy/r0FKTV9542fFufqDzB
+hV900jkt/9CE3/uzIHoumxeu5roLrl9TpFLtG8SRAoGBAOyY2rvV/vlSSn0CVUlv
+VW5SL4SjK7OGYrNU0mNS2uOIdqDvixWl0xgUcndex6MEH54ZYrUbG57D8rUy+UzB
+qusMJn3UX0pRXKRFBnBEp1bA1CIUdp7YY1CJkNPiv4GVkjFBhzkaQwsYpVMfORpf
+H0O8h2rfbtMiAP4imHBOGhkpAoGBAIpBVihRnl/Ungs7mKNU8mxW1KrpaTOFJAza
+1AwtxL9PAmk4fNTm3Ezt1xYRwz4A58MmwFEC3rt1nG9WnHrzju/PisUr0toGakTJ
+c/5umYf4W77xfOZltU9s8MnF/xbKixsX4lg9ojerAby/QM5TjI7t7+5ZneBj5nxe
+9Y5L8TvBAoGATUX5QIzFW/QqGoq08hysa+kMVja3TnKW1eWK0uL/8fEYEz2GCbjY
+dqfJHHFSlDBD4PF4dP1hG0wJzOZoKnGtHN9DvFbbpaS+NXCkXs9P/ABVmTo9I89n
+WvUi+LUp0EQR6zUuRr79jhiyX6i/GTKh9dwD5nyaHwx8qbAOITc78bA=
 -----END RSA PRIVATE KEY-----

certs/server-keyEnc.pem

@@ -1,12 +1,30 @@
 -----BEGIN RSA PRIVATE KEY-----
 Proc-Type: 4,ENCRYPTED
-DEK-Info: DES-CBC,08132C1FFF5BC8CC
+DEK-Info: DES-CBC,136C7D8A69656668
 
-gsvuAsGmB8AkR23M25w4E6wuywfBey1Jqh3g71gJcnsUYwynex9dvfAU0lTowOXh
-sb7ld1KNjEMzrht9AC1IC0iE1rLqvRQZOdJ7h3n7aHZQ4a/HjcwAhqJq0ZW45m6Q
-mpoO5fRISjx2VbKFRUz6Xj2x0/do3IjQhpuUDVrTFFe1sEySM6APZ6CVpcnTOyPR
-ADyLDKzOi2E+sj1UXs58pct56FaqTIZPUEflICU3k6q9FPU6gsYANRLfzegclkv4
-JAx6mKVSJuYnjCCppx8WBwGJa1J1GcYRJ3qFfdbUzL4bcXTvoFkJEnDkHsXgDUS6
-xmT0XGT3IMaW8cwQ8KD8m5YYI/L26Mas/w3eA2ekyMR8pYICjXp/YZtcKxxkQSVE
-Uv/+D+20KbNAHIW5Mrxf61cX/CggGEbVP8ZhDY1flh8=
+jvNTyPaztxPIoAzbdmZnD0Zw2+60tMxNc0GMHNmeOyG25aHP/dT+TWiKFpFVkkkY
+uoCIhYUyw7gmpw+CnRJwWd+ans4nrvAjwy5oWJvarvsyUpjqvnPoIlAqd+d4TDKN
+eESzcI76+gHdisAtCrQD+fGqgTZhli5TgDbnpasL/QnY2qDlutvakkVw7gPXe156
+2Phy8WN+efr65J6wt3K/dj7Datl9u4JeHQK81gYyWBVX+EagEjPGDzkFQCj9Z0q7
+8K3iB5GW1JAqJS0IfZPB40AnSTF/n1TL1SN3qfU3l7hTGNrx9o7580bgDEoAR7pI
+F8eZlS15KHtZmh11AnU1KTKZ6kmgnNqeMTGMN6N0ct2wMKW1dV87eTDlF0oiR2ol
+XwtFgKmrIjfpmzkdWjbJmWnGMjD56KdiFZga/ZyKMsPrVoYLgfJEpn36iQspfygx
+HCGNTf0PjIsjEWU0WyQiF86t+c45W3wNFsv/AxVyfMl+su02yrd6u2ecuQDir3Cs
+b2k8IKtQgVe/NIpEWLKuiHG5oedIPPQyDYK5uq+gHxCGeOoKnWlsWFEHZRiza4X5
+tbgTrJB8Sw0ENWrvVGGmQZN4pSImlsMwzQ2qik5CQ00N1b3+56/obn0z75I3bUSb
+tC5g8DRjl6oclAenNgh/MYMT287y5W2dD4npxHcekX4O3J2CDXNfg4vV2j5GRxtg
+LVJdYE2p7bpYePCDHrYng8b9ubBprx0CrEnkIvvtUjzNPf6VDL0+MBKl+XgR2/nz
+iRqTuZnlGGOyM+KYDwXpgwfs/HfvFGksxTAlO/40GkGh+WGPaIoNyCK0SgQKhyb4
+JIkR0vd2/yLg3lWMJrGwh7A0Gm07Z/781oURP3uWd+PaCOgGcd5ipcAjcEyuxNly
+AthipWqmQWUcbf6Z2N9j3OA22Hv2Uzk8HSfi9VOZtL9svdEEZ0NnOekJgnc6stQp
+bXiknlK/T5WdrWxSyCfgUq68Vf6DFfIRAVuFdJ3WHT2wVXHrDfft6D+Ne/XCxPoE
+8zGmkyusaph33UHQ1oNyUbLbwcDCDSmOo8gYoedD3IwxtMA3wJRugomqosItwV8X
+vkgmcy8eSE/+gZUxJEN2gnLcfKFhCkC80J6oFhmoDD6vuUnPHcFdKZgVPw2rzPk5
+Vb1kX+gpORplYmKpq1vz/ujscL4T0TmYLz02hkIS4edpW55ncTTv7JWefpRiTB1J
+RB3td3me4htqR+YIDWJ+emrOmqsCG2WvpAS+MTw2mj1jYk9LL/ZYobTjSCEWmuwT
+yVK6m303irR7HQDauxhslRFgoK21w63viOyj5NKIU1gQtaAANGDxcgORC1XLjjgt
+oNutSQA+7P42vfHSHK4cnTBXl6V32H/GyVpdHQOZqSrqIjgLmUZodSmRPROxosZF
+a46B1O7m/rJFxkiKW4vod+/WqjoE0Hhfrb8rRrkRjzGeCqqSSnQ3vrunVkvF8hlA
+b6FOv4ZBJL4piC1GKH+rscqke9NEiDqXN8C3iYz86jbck/Ha21yUS8T3X7N52sg+
+B3AmOGnLK6BebYeto9vZxQjacChJZSixSxLV+l9/nVQ0+mW42azHdzk0ru59TGAj
 -----END RSA PRIVATE KEY-----

certs/server-keyPkcs8.pem

@@ -1,10 +1,28 @@
 -----BEGIN PRIVATE KEY-----
-MIIBVQIBADANBgkqhkiG9w0BAQEFAASCAT8wggE7AgEAAkEAxnvAaIEv3oI/+azD
-hkpmt+zU8fZkIf/1ojRC0Difxt07biZlalSW3dJ76zairn4qnn5WpbaHnxXHGGZ+
-FnfipwIDAQABAkEAlJsbGCOBX6tNkvYS/ny+I38igHblyb8Gfgd67sM2fYDaSl0Z
-fZwJp/usRCggoKIfG+im/E5x3/uctL+A2WJ0IQIhAP9xf/1+8HVRqPDR+a/A0433
-7c/24lKqmKD3TMvfanCNAiEAxup571MEw3hPFduBaoD3Y+sJd7xYNnc/Cgmp1Hox
-FQMCIQCfL5MMXXPqGJaIZMIOBcOQoGXCCN+nloqBHTvtfPAu7QIgJWlYQaDVloX8
-Kdo8/vD+lnZQM4ri9Gt9GcAzhtjsfk0CIFLV5cn8wJna49+mXtcrYFT0/r0p0pST
-lYfF1FyFW9wO
+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDAlQjhV0HycW23
+0kVBJwFlxkWu8rwkMLiVzi9O1vYciLx8n/uoZ3/+XJxRdfeKygfnNS+P4b17wC98
+q2SoF/zKXXu64CHlci5vLobYlXParBtTuV8/1xkNJU/hY2NRiwtkP61DuKUcXDSz
+rgCgY8X2fwtZaHhzpowYqQJtr8MZAS64EOPGzEC0aaNGM2mHbsS7F6bz6N2tc7x7
+LyG1/WZRDL1Us+FtXxy8I3PRCQOJFNIQuWTDKtChlkq84dQaW8egwMFjeA9ENzAy
+loAyI5Whd7oT0pdz4l0lyWoNwzlgpLSwaUJCCenYCLwzILNYIqeq68Th5mGDxdKW
+39nQT63XAgMBAAECggEBAJrQNA9SYgVQAe+f7WRuwsTaGvKE15IQSJLE6Wrri3Vs
+xnk48slySoZkVJV3y8OanbfUHaQAyJ5O5N3HumcWwXS8qdaUjyswGvvt3yEFI9lK
+Ob2Ya2WauNzEfe6mQxUuPb4dImAqczDVPtiirIZDLsT1ZF4/iXUPEdhRJU6f2Kqj
+zmCz4orZfhvwZMqaWwULW6rL5eM/bjIiBfPQ+u90UoHiX3TTvf8xg0V1+mN6ly7W
+thnGkibkKAZQUA54Lql4DRSXtBLYMUCroQFBwjD4B18W5GF30mDyn43o9LrrY94q
+l4HvTGzmVTRRKyg09FMcxFgKP7uvtfdKhUMtPPFYWIECgYEA8ixUdjkjY8kQMreT
+ra++GXWWgWTmtbiJQkHRbdAcG/gbrGnLNjxkfdz0GbjDYLFXSF9ST1k6VX8ywBlD
+UD+uzm8X8w6fQMpOrRU7yXnpwFk4c3CcCnzJOkgyp9hJdQqFwsL9FXPamQkqaZqf
+CnG/sASmjHpab0haVDvGsVMX3+cCgYEAy5PedxVdt1xcfNiQqZgt1mkOY7Oj3KbM
+i2qkohKMjntILLJLN9wGGH3q/nah1KHpPw3NG1+vX56WW1sPoXyvs5uQ21dzOu2w
+I0SuQU8fB0ITI0zL+vQUpNX3njZ8W5+oPMGFX3TSOS3/0ITf+7Mgei6bF67muguu
+X1OkUu0bxJECgYEA7Jjau9X++VJKfQJVSW9VblIvhKMrs4Zis1TSY1La44h2oO+L
+FaXTGBRyd17HowQfnhlitRsbnsPytTL5TMGq6wwmfdRfSlFcpEUGcESnVsDUIhR2
+nthjUImQ0+K/gZWSMUGHORpDCxilUx85Gl8fQ7yHat9u0yIA/iKYcE4aGSkCgYEA
+ikFWKFGeX9SeCzuYo1TybFbUqulpM4UkDNrUDC3Ev08CaTh81ObcTO3XFhHDPgDn
+wybAUQLeu3Wcb1acevOO78+KxSvS2gZqRMlz/m6Zh/hbvvF85mW1T2zwycX/FsqL
+GxfiWD2iN6sBvL9AzlOMju3v7lmd4GPmfF71jkvxO8ECgYBNRflAjMVb9CoairTy
+HKxr6QxWNrdOcpbV5YrS4v/x8RgTPYYJuNh2p8kccVKUMEPg8Xh0/WEbTAnM5mgq
+ca0c30O8VtulpL41cKRez0/8AFWZOj0jz2da9SL4tSnQRBHrNS5Gvv2OGLJfqL8Z
+MqH13APmfJofDHypsA4hNzvxsA==
 -----END PRIVATE KEY-----

certs/server-keyPkcs8Enc.pem

@@ -0,0 +1,29 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIE6TAbBgkqhkiG9w0BBQMwDgQIr3AyvPqfFRQCAggABIIEyPUs6wCboqtKmExH
+zfez3vfHn2cp6s3X563Bz73hYn/8vXtI/q0oDNOpgav60/N7rMy50fno3LmW0/6E
++UN4MwofmBS3lp1ZVY3KmzDy6lz5vcFo4GCCj+X6dacsyBQ4lFOge5BihQ3R9cKt
+dSrd1EFKwGGu3qTDG7ajTZukmYjxuRqpyHqPO5OJO7yXxHOB7B7sSKIyJRCkkucd
+oBC86kQdWraweSYj+Klza6VjKzmNzDBx9Fyhrj9XGXJ3rJLhjgNpelwX+PIMU31i
+/yklI4jm0aMSoAvXgdBXZuOsnsI27GXxy//i7AOgLLWi+Bu4dJSSl5PMtespf83u
+5jSysJymXiNcN6vEautGyjCujdMs5c/FEMbgubAMXymCI9DsAN+5dNMDY8Zrfqdl
+hFKfctcu8BxFa+0tavJ28fOEBuEyJLsQ9OvvS7dn4AV502JRKWObfsw7fi+mMzMu
+oxhYo99MRqic6a9uDmYB3SPeU31eOHiEi0n51D7Gtcn++F+IaDFwSHMirThzakGn
+go3nj0yq62euzVcEuhIfTTAe3F2tqzpzznVFbs1XgrGVREJ6gp5vRgMUUGYIqQir
+p5oW0HVRI4iuoSjdN4/wNAxIP9zakwYx+vWx1VXhDVEJfgNmxDRvEbF+OOz+iJCf
+7A2e8L+kZ/5oC3HO8h7GdHNTUjRRdh8FUM8lGo+HbMYDznMy/bJlIP2bx9hIIha7
+U70i09glS2Z7Ei+VecJbvFzdro0vdYyGO2ef8bWwCc5JMucxDcRklWdUxK6amKJN
+VpXL3TW0VYCfr1rLmZXUfBGk/KXM20/BoM04WLjeR3oiV/2b7SYK7GnJ7kBmAHHx
+gnrwMDO3JvH89CwlHRizVSQl59ViqEMGLmbHThcMqkEOkFphB2xox7/IOVyp6cFn
+mY0ZCrbhdX+L6t5jiyq/4us5bzF7FOBYsJr6n1Rm9b8eeOL693y/6uM3CvTJcTOb
+5RqWiHgTgmefeOeUQ0/dVgvEOIWz2yqBQmHKiB4+0CGGIRwUOXBrTKSLilumsjQe
+qGhJ6yw25VIpdXsMD1WVviczgRTNYjdldIJoHQdvpCEAhQ1RR3rkuIPniTumJFmY
+CnjfNqjtkaZWIN1nOCmcu50tswksWEEFEfkcP1xyzhr3EVCYAoFncLTp5vHBtdmg
+6KBdar40/OFGAcbDGDX1g3XEEi6jHmy0Lyz7M3DwESgaMgwzscsQLr+wMITk1IUN
+yfiXHl1CQjGxhDj8KoAhdDjjPENkSlCSd1vEO+lg1/IFb1dtnL2DJp6BQt9/VLHo
+Fp3pdZ7r95H20+pEhCZp0HXLNo1o8xjJQ5RWUCs1Zc1cauDOAh8lAjps6MBxTa3a
+LOgTW9lgiAQ+S1g2jK4BmqbLvZUF+Z6xupc8uE3E3HhJolmDRYojMNFNmmvODa8M
+CneWmj3T1KvqEToAIq46mStlTfQufSMpaJ73Wds4gmIiGwn5hIuUN6f3kybbt4f2
+4DLZXMcjYweLi9tJtFC+JaO0rS5gtX/k/ys1QSblSU5qfRu1XfwNAcZO1ReKgGYN
+ymI78cSACGIcEvAwin8CdRu3W99NbMqHW9AcCETFlTsC3wNlQxyYSem75sjPaWVF
+sxLy7YxEJ8tDEJZbSQ==
+-----END ENCRYPTED PRIVATE KEY-----

certs/server-keyPkcs8Enc12.pem

@@ -0,0 +1,29 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIE5TAcBgoqhkiG9w0BDAEBMA4ECFytdly5R2o9AgIIAASCBMOa6fgAUIR5GokK
+Z81YZMxC3sNqAwjLEkOwmez2za2fq+2mw6T8tB5W75lFpWyXD1MDPa1PpLzyw27c
+d2C8nipCzp37yYLmXr+aS519CBJR80ily/WLcdv+ScsA6pjOEW2p+VDY55jFp2pr
+n94/K2nFQpMxAdjxnqQCF5ewMLqzy3o3s6U3V9zIxy/xlLYi//UWFI8fqtOikqs4
+apWLNqJONRZq95OITKO/Nhz7GyEfjrewJmv4zVToEnSagSwbR4IVFn5Lok8rSpI9
+qwey9wsB1CguVwR0O2NjDVKUGXinfhdr+zMQlCoz+xY/Q1TkH4gEY5wpln4cBvtm
+PL/BnD4wEWHh8vS61wfOQ7wPgY+cdCe75stTrKzc6amVJB+40Qi3Vt4TEPGwcP16
+/qGl0zpYuAgilPtuEBw3GX3LiigpHmSt43D3DiYNGzv+Aran2Ei9iGSGeI2zHz8r
+WFZEnptAwlqeyL7+MZjAOXlu6QG1yix8HvZLmtBHrE2MhuR4KbS3fAUCNQpn8OKu
+zxYzs1ti5F2V4c9yK63gSz3H1ObRNsM2OkpUbSVGqLUN6a8HsI6yYh4we6q0gxKD
+VGdzEz4S1BFEBfXWVSPnRNMR4YD8kiQEPutUZFLiWWZ7WliH5yNfHZUia8dovxFa
+MWmAbSjMKRGvV+LvAGQHYBVfJSQO6VvBfBDtu0H4rLr8urmcPY+hbw1XxGfKSQp1
+iIdvVwjefl8wM9LSRsvqY5l4mu+XDPanQlFbzKBOSyLQts97ys3AR+jkK8Bmv14l
+xmCF8bJzzz5a2wAqbPhWIbk4J4VfcJEXNMzd19w4SxGv9fUXNiZZElUdNE+wtRsQ
+YvACYn9sZ6JUwg9hNTLXuXZY47LuQrrdTDHupoVA9zLvUYMKgO+pjwS8uy1dLQao
+0aztHLZEXuVJvpiRoMtYZl37ZNoLHQJeZUNyNATshAoD1+uSc7aywl8yqdTzXRR2
+g0rkExXEVJ5OPyzbFdOQSC5HoOC7dInIBmkrSFEJMKDkMzwYI+uSoIbn+8i+Gjzy
+Vh3/lftts/BIvr4NAh1ZAq/215jZSdAGo+1VZeuBeybwh3RBdBl8PhDBviTvbxSk
+P+F1T+UcbAz9bgjQJgNvDb9XHNI8rfEhfDPX/Pr4VvxBZNndmRJVQDKi23YD/7yF
+WAwXy418M7DPqp7NYmUHFe7JRm9bHk41EeknLZaZGW5qHwQKA10RoJCgjoOIFTsd
+kD3Qq/0mEuOiuJn5UPE19xtUpvFWamDf3s3zSHM7VJ+gGNrS/WbQ+KmTimj0Wucd
+2vWiNCGbhWwmp3LLKQlB5xDwXJy099SZUUkgcxGmfcT7FOpd3QSLYnwtPz8uLW0N
+76zbiUTYCQ/ASLrwcKFGCKKBz62DlRreK23E/RjqkKKCVFzzg8AzQTa02ml+wQyG
++5EOwEF2yIrhV0p4hY/GDAIe3cdchiy1EQf6xH/IxPF/QsKNp0CfHVPgdFwLzjM2
+oFD3analGblxp9CMiDbiKTOdFPL8XcguufqpWra2jtUbe07HQaeU2NcM2TeB2KsU
+PhgBwgdNxW69K55iHReaZtuLw0GhD+KBrm7gSteVniiYLzLKzxmMycGGtoNwpbGi
+MMJBE+BYZylG
+-----END ENCRYPTED PRIVATE KEY-----

certs/server-keyPkcs8Enc2.pem

@@ -0,0 +1,30 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIxaI9IblN3acCAggA
+MBQGCCqGSIb3DQMHBAi7kwdRvCrqMgSCBMjkSOSVfmu42O0q2GzFrJVr3cam9ZKe
+InQsxqtgADdBxMgJJVnr360tUNPQyyvfCH//Duhz+aJIC0MQZkWR3ZSy5pfHX+vr
+C3wd741VOlI44uEdzRktlPc11saMDyKS04/K9aaYIDqspOiobt9WZLQildXl1n8j
+N+7Laj7A/vxJ5GUJ4hdPwQOIeuJXTDDzn+Ld12XXGH+Iw1M5Cx3tBw1TNizSnmXQ
+vf/MsfsWsZbHBppCXZbF27jJA+6Bg7dGT0OZM0pI+ZQvyHr+qjog0hollY9KjwTG
+h+hsM7umWFJdeRMrmkTrX/R9HY/c5I4ExNSp1AtMmFeeU8h2VTJtYcoykUU1q2pF
+KHfjPghwmYromQGR4nPA9sqa9s+VMq9OaqoJDoBwNobdFr7sEtMLT08vTa0+rMX7
+bmjAF44/dVBYpBxXjTQ0pXVeb24Q00Sn6NOI4fTsBnkR+WTtuwz/L0qaGnJlh10y
+sQ3+95cUtZc3SZS67yYUx5auswqT3V4JCmhJcHNi+/jHyrj9D8nVWibQ2TBmgUf+
+0NzvdKb7sraEx7PSgFWDMLoQrd2+cqsJArpY9TbLSLhBDrOVc8v/lXYuK6QI0gMd
+HIwAZARUZMoI3WS6icTLYyLdQPMsFzI6U0arkbrdhjNNd3kVqeFEJ+oF0rkuAcJJ
+K8eUcsby1AIBS/9tuW1gSYubmuXsZX8xbYbJnHUqGOTAVa7jo8eVUTiyUfPXa+0N
+s1tTpZXtOOlqncZ08mPHppshdKF2cpuh0JNjiR6fHvXytGWFGMsKtxdwKs/14UCg
+qoTW0EQU4ONfBxR2PtX8PlNV4bOt704HP8Vc0H9JV2uWpJaLRzY2bBiPgKcrO9Eh
+83zFrPu/0obBQTxnP3mMihxvCndflHQqeJ0V1YYw9n4+XbgBqULXDQs7OetRohnY
+gYyc//NdC2I8mbdabFYvUTWSH6oMA6lqkwTjTTwtn5E8BJkRi1sIq4jNFUekpm2T
+5AwP7xWn//PM+B12CPoIgYtYT6Yhbf8arXuGU28y1Ahhi/hKcpR9HRPQeyaR62vi
+skjjycfn38wcj0WrIVnOceGgPa3EBrkkTaPUHvMQ5G/xzMZ82o3CnmwdnH+lp3eg
+TLcLm8Yp9InkMJNVOrGLxFvmTljl3h9x2JVuE0wtuWt91QVmfCZo0k3Cx46ad7xB
+eK20veTy+PySy2U3W1twGfsXXXRwaQiXXRrgPciK0LcGXZneShZuebk04U31sq4F
+rYaMAzIDDmvwbjh+UpNcl1VdBDGGePxzzOD3HHYPbm240HVMPuS85P2kFjak3PdJ
+GqsRUS1SRp1e451aFGjzggPLXFjAfDMaxrgjSWapRzu78i+xvcvf69979oX0KO9Y
+KMSC14RnmnT1+UdKxX+p9r1AwfH/vJxM34AOSva1uLiSJckRGYGOzuaYsTT9ZAx/
+q3CNALF4qFUMWmJnvQDYmCUnw6lJl3CazbtV5RI2ILQX6ZHR6YAHT5hYY43k+AnZ
+mFW6BGKoX/f4iVqYtjQWiGWAJAf6C9+548O2t9MiVcgQf4Nvj6lFLM00pzFn7jW4
+DsDFUBmmrSF8wfR7SRpOc/ViVZBRleYPLsMu0tmD29fowqqBY0MEkxqSahFAGTgk
+sao=
+-----END ENCRYPTED PRIVATE KEY-----

certs/taoCert.txt

@@ -69,11 +69,34 @@ openssl rsa -in 1024rsa.priv -pubout -out 1024rsa.pub
 openssl pkcs8 -nocrypt -topk8 -in server-key.pem -out server-keyPkcs8.pem
 
 
+**** To convert to pkcs8 encrypted *******
+
+openssl pkcs8 -topk8 -in server-key.pem -out server-keyPkcs8Enc.pem
+
+passwd: yassl123
+
+to use PKCS#5 v2 instead of v1.5 which is default add
+
+-v2 des3       # file Pkcs8Enc2
+
+to use PKCS#12 instead use -v1 witch a 12 algo like
+
+-v1 PBE-SHA1-RC4-128   # file Pkcs8Enc12 , see man pkcs8 for more info
+
+
 **** To convert from pkcs8 to traditional ****
 
 openssl pkcs8 -nocrypt -in server-keyPkcs8.pem -out server-key.pem
 
 
+*** DH paramters ***
+
+openssl dhparam 2048 > dh2048.param
+
+to add metadata
+
+openssl dhparam -in dh2048.param -text > dh2048.pem
+
 **** ECC ******
 
 1) make a key
@@ -84,3 +107,51 @@ openssl pkcs8 -nocrypt -in server-keyPkcs8.pem -out server-key.pem
     make a new key
         openssl ecparam -genkey -text -name secp256r1 -out ecc-key.pem
 
+
+*** CRL ***
+
+1) create a crl
+
+a) openssl ca -gencrl -crldays 120 -out crl.pem -keyfile ./ca-key.pem -cert ./ca-cert.pem
+
+Error No ./CA root/index.txt so:
+
+b) touch ./CA root/index.txt
+
+a) again
+
+Error No ./CA root/crlnumber so:
+
+c) touch ./CA root/crlnumber
+
+a) again
+
+Error unable to load CRL number
+
+d) add '01' to crlnumber file
+
+a) again
+
+2)  view crl file
+
+openssl crl -in crl.pem -text
+
+3) revoke
+
+openssl ca -revoke server-cert.pem -keyfile ./ca-key.pem -cert ./ca-cert.pem
+
+Then regenerate crl with a)
+
+4) verify
+
+openssl verify -CAfile ./ca-cert.pem  ./server-cert.pem
+
+OK
+
+Make file with both ca and crl
+
+cat ca-cert.pem crl.pem > ca-crl.pem
+
+openssl verify -CAfile ./ca-crl.pem -crl_check ./ca-cert.pem
+
+revoked

commit-tests.sh

@@ -0,0 +1,34 @@
+#!/bin/bash
+
+#commit-tests.sh
+
+
+# make sure current config is ok
+echo -e "\n\nTesting current config...\n\n"
+make test;
+RESULT=$?
+[ $RESULT -ne 0 ] && echo -e "\n\nCurrent config make test failed" && exit 1
+
+
+# make sure basic config is ok
+echo -e "\n\nTesting basic config too...\n\n"
+./configure;
+RESULT=$?
+[ $RESULT -ne 0 ] && echo -e "\n\nBasic config ./configure failed" && exit 1
+
+make clean; make -j 8 test;
+RESULT=$?
+[ $RESULT -ne 0 ] && echo -e "\n\nBasic config make test failed" && exit 1
+
+
+# make sure full config is ok
+echo -e "\n\nTesting full config as well...\n\n"
+./configure --enable-opensslExtra --enable-fastmath --enable-dtls --enable-aesgcm --enable-hc128;
+RESULT=$?
+[ $RESULT -ne 0 ] && echo -e "\n\nFull config ./configure failed" && exit 1
+
+make clean; make -j 8 test;
+RESULT=$?
+[ $RESULT -ne 0 ] && echo -e "\n\nFull config make test failed" && exit 1
+
+exit 0

configure.ac

@@ -0,0 +1,736 @@
+# configure.ac
+#
+# Copyright (C) 2006-2012 Sawtooth Consulting Ltd.
+#
+# This file is part of CyaSSL.
+#
+#
+
+AC_INIT([cyassl],[2.3.0],[http://www.yassl.com])
+
+AC_CONFIG_AUX_DIR(config)
+
+AC_CANONICAL_TARGET
+
+AM_INIT_AUTOMAKE(-Wall -Werror -Wno-portability foreign tar-ustar subdir-objects)
+
+AC_CANONICAL_HOST
+AC_CANONICAL_BUILD
+
+AC_PREREQ([2.61])
+
+AC_CONFIG_MACRO_DIR(m4)
+
+AC_CONFIG_HEADERS([config.h:config.in])dnl Keep filename to 8.3 for MS-DOS.
+
+
+#shared library versioning
+CYASSL_LIBRARY_VERSION=3:1:0
+#                      | | |
+#               +------+ | +---+
+#               |        |     |
+#              current:revision:age
+#               |        |     |
+#               |        |     +- increment if interfaces have been added
+#               |        |        set to zero if interfaces have been removed
+#                        |        or changed
+#               |        +- increment if source code has changed
+#               |           set to zero if current is incremented
+#               +- increment if interfaces have been added, removed or changed
+AC_SUBST(CYASSL_LIBRARY_VERSION)
+
+# Make sure configure doesn't add to CFLAGS
+CFLAGS="$CFLAGS $C_EXTRA_FLAGS"
+
+LT_INIT([win32-dll])
+LT_LANG([C++])
+LT_LANG([C])
+gl_VISIBILITY
+
+m4_ifdef([AM_SILENT_RULES],[AM_SILENT_RULES([yes])])
+
+AC_CHECK_FUNCS([gethostbyname])
+AC_CHECK_FUNCS([gettimeofday])
+AC_CHECK_FUNCS([inet_ntoa])
+AC_CHECK_FUNCS([memset])
+AC_CHECK_FUNCS([socket])
+AC_CHECK_HEADERS([arpa/inet.h])
+AC_CHECK_HEADERS([fcntl.h])
+AC_CHECK_HEADERS([limits.h])
+AC_CHECK_HEADERS([netdb.h])
+AC_CHECK_HEADERS([netinet/in.h])
+AC_CHECK_HEADERS([stddef.h])
+AC_CHECK_HEADERS([sys/ioctl.h])
+AC_CHECK_HEADERS([sys/socket.h])
+AC_CHECK_HEADERS([sys/time.h])
+AC_CHECK_HEADERS(errno.h)
+AC_CHECK_LIB(network,socket)
+AC_CHECK_SIZEOF(long long, 8)
+AC_CHECK_SIZEOF(long, 4)
+AC_C_BIGENDIAN
+AC_DISABLE_STATIC
+AC_DISABLE_STATIC
+AC_FUNC_MALLOC
+AC_FUNC_MKTIME
+AC_FUNC_REALLOC
+
+AC_PROG_CC
+AC_PROG_CC_C_O
+AC_PROG_CXX
+AC_PROG_INSTALL
+LT_INIT
+AC_TYPE_SIZE_T
+AC_TYPE_UINT8_T
+AM_PROG_AS
+AM_PROG_CC_C_O
+LT_LIB_M
+
+OPTIMIZE_CFLAGS="-Os -fomit-frame-pointer"
+OPTIMIZE_FAST_CFLAGS="-O3 -fomit-frame-pointer"
+OPTIMIZE_HUGE_CFLAGS="-funroll-loops -DTFM_SMALL_SET"
+DEBUG_CFLAGS="-g -DDEBUG -DDEBUG_CYASSL"
+
+
+# DEBUG
+AC_ARG_ENABLE(debug,
+    [  --enable-debug          Enable CyaSSL debugging support (default: disabled)],
+    [ ENABLED_DEBUG=$enableval ],
+    [ ENABLED_DEBUG=no ]
+    )
+if test "$ENABLED_DEBUG" = "yes"
+then
+  # Full debug. Very slow in some cases
+  AM_CFLAGS="$DEBUG_CFLAGS $AM_CFLAGS"
+else
+  # Optimized version. No debug
+  AM_CFLAGS="$AM_CFLAGS -DNDEBUG"
+fi
+
+
+# SMALL BUILD
+AC_ARG_ENABLE(small,
+    [  --enable-small          Enable smallest build (default: disabled)],
+    [ ENABLED_SMALL=$enableval ],
+    [ ENABLED_SMALL=no ]
+    )
+if test "$ENABLED_SMALL" = "yes"
+then
+  # make small no tls build with smallest cipher
+  # if you only want server or client you can define NO_CYASSL_SERVER or
+  # NO_CYASSL_CLIENT but then some of the examples and testsuite won't build
+  # note that TLS needs HMAC
+  AM_CFLAGS="-DNO_TLS -DNO_HMAC -DNO_AES -DNO_DES3 -DNO_SHA256 -DNO_ERROR_STRINGS -DNO_RABBIT -DNO_PSK -DNO_DSA -DNO_DH -DNO_PWDBASED $AM_CFLAGS" 
+fi
+
+
+# SINGLE THREADED
+AC_ARG_ENABLE(singleThreaded,
+    [  --enable-singleThreaded Enable CyaSSL single threaded (default: disabled)],
+    [ ENABLED_SINGLETHREADED=$enableval ],
+    [ ENABLED_SINGLETHREADED=no ]
+    )
+if test "$ENABLED_SINGLETHREADED" = "yes"
+then
+  AM_CFLAGS="-DSINGLE_THREADED $AM_CFLAGS"
+fi
+
+
+# DTLS
+AC_ARG_ENABLE(dtls,
+    [  --enable-dtls           Enable CyaSSL DTLS (default: disabled)],
+    [ ENABLED_DTLS=$enableval ],
+    [ ENABLED_DTLS=no ]
+    )
+if test "$ENABLED_DTLS" = "yes"
+then
+  AM_CFLAGS="-DCYASSL_DTLS $AM_CFLAGS"
+fi
+
+
+# OPENSSL Extra Compatibility
+AC_ARG_ENABLE(opensslExtra,
+    [  --enable-opensslExtra   Enable extra OpenSSL API, size+ (default: disabled)],
+    [ ENABLED_OPENSSLEXTRA=$enableval ],
+    [ ENABLED_OPENSSLEXTRA=no ]
+    )
+if test "$ENABLED_OPENSSLEXTRA" = "yes"
+then
+  AM_CFLAGS="-DOPENSSL_EXTRA $AM_CFLAGS"
+fi
+
+if test "$ENABLED_OPENSSLEXTRA" = "yes" && test "$ENABLED_SMALL" = "yes"
+then
+    AC_MSG_ERROR([cannot enable small and opensslExtra, only one or the other.])
+fi
+
+
+# IPv6 Test Apps
+AC_ARG_ENABLE(ipv6,
+    [  --enable-ipv6           Enable testing of IPV6 (default: disabled)],
+    [ ENABLED_IPV6=$enableval ],
+    [ ENABLED_IPV6=no ]
+    )
+
+if test "$ENABLED_IPV6" = "yes"
+then
+    AM_CFLAGS="$AM_CFLAGS -DTEST_IPV6"
+fi
+
+
+# Fortress build 
+AC_ARG_ENABLE(fortress,
+    [  --enable-fortress       Enable SSL fortress build (default: disabled)],
+    [ ENABLED_FORTRESS=$enableval ],
+    [ ENABLED_FORTRESS=no ]
+    )
+
+if test "$ENABLED_FORTRESS" = "yes"
+then
+    AM_CFLAGS="$AM_CFLAGS -DFORTRESS -DOPENSSL_EXTRA -DCYASSL_DES_ECB -DCYASSL_AES_COUNTER -DCYASSL_AES_DIRECT -DCYASSL_DER_LOAD -DCYASSL_SHA512 -DCYASSL_SHA384 -DCYASSL_KEY_GEN"
+fi
+
+
+# ssl bump build 
+AC_ARG_ENABLE(bump,
+    [  --enable-bump           Enable SSL Bump build (default: disabled)],
+    [ ENABLED_BUMP=$enableval ],
+    [ ENABLED_BUMP=no ]
+    )
+
+if test "$ENABLED_BUMP" = "yes"
+then
+    AM_CFLAGS="$AM_CFLAGS -DLARGE_STATIC_BUFFERS -DCYASSL_CERT_GEN -DCYASSL_KEY_GEN -DHUGE_SESSION_CACHE -DOPENSSL_EXTRA -DFP_MAX_BITS=8192 -DCYASSL_DER_LOAD -DCYASSL_ALT_NAMES -DCYASSL_TEST_CERT"
+fi
+
+# fastmath
+AC_ARG_ENABLE(fastmath,
+    [  --enable-fastmath       Enable fast math for BigInts (default: disabled)],
+    [ ENABLED_FASTMATH=$enableval ],
+    [ ENABLED_FASTMATH=no ]
+    )
+
+if test "x$ENABLED_FASTMATH" = "xyes"
+then
+    AM_CFLAGS="$AM_CFLAGS -DUSE_FAST_MATH"
+fi
+
+
+# fast HUGE math
+AC_ARG_ENABLE(fasthugemath,
+    [  --enable-fasthugemath   Enable fast math + huge code (default: disabled)],
+    [ ENABLED_FASTHUGEMATH=$enableval ],
+    [ ENABLED_FASTHUGEMATH=no ]
+    )
+
+if test "$ENABLED_BUMP" = "yes"
+then
+    ENABLED_FASTHUGEMATH="yes"
+fi
+
+if test "$ENABLED_FASTHUGEMATH" = "yes"
+then
+    ENABLED_FASTMATH="yes"
+    AM_CFLAGS="$AM_CFLAGS -DUSE_FAST_MATH"
+fi
+
+AM_CONDITIONAL([BUILD_FASTMATH], [test "x$ENABLED_FASTMATH" = "xyes"])
+
+
+# big cache
+AC_ARG_ENABLE(bigcache,
+    [  --enable-bigcache       Enable big session cache (default: disabled)],
+    [ ENABLED_BIGCACHE=$enableval ],
+    [ ENABLED_BIGCACHE=no ]
+    )
+
+if test "$ENABLED_BIGCACHE" = "yes"
+then
+    AM_CFLAGS="$AM_CFLAGS -DBIG_SESSION_CACHE"
+fi
+
+
+# HUGE cache
+AC_ARG_ENABLE(hugecache,
+    [  --enable-hugecache      Enable huge session cache (default: disabled)],
+    [ ENABLED_HUGECACHE=$enableval ],
+    [ ENABLED_HUGECACHE=no ]
+    )
+
+if test "$ENABLED_HUGECACHE" = "yes"
+then
+    AM_CFLAGS="$AM_CFLAGS -DHUGE_SESSION_CACHE"
+fi
+
+
+# SMALL cache
+AC_ARG_ENABLE(smallcache,
+    [  --enable-smallcache     Enable small session cache (default: disabled)],
+    [ ENABLED_SMALLCACHE=$enableval ],
+    [ ENABLED_SMALLCACHE=no ]
+    )
+
+if test "$ENABLED_SMALLCACHE" = "yes"
+then
+    AM_CFLAGS="$AM_CFLAGS -DSMALL_SESSION_CACHE"
+fi
+
+
+# SNIFFER
+AC_ARG_ENABLE(sniffer,
+    [  --enable-sniffer        Enable CyaSSL sniffer support (default: disabled)],
+    [ ENABLED_SNIFFER=$enableval ],
+    [ ENABLED_SNIFFER=no ]
+    )
+
+if test "$ENABLED_SNIFFER" = "yes"
+then
+    AM_CFLAGS="$AM_CFLAGS -DCYASSL_SNIFFER -DOPENSSL_EXTRA"
+fi
+
+AM_CONDITIONAL([BUILD_SNIFFER], [test "x$ENABLED_SNIFFER" = "xyes"])
+
+# AES-GCM
+AC_ARG_ENABLE(aesgcm,
+    [  --enable-aesgcm         Enable CyaSSL AES-GCM support (default: disabled)],
+    [ ENABLED_AESGCM=$enableval ],
+    [ ENABLED_AESGCM=no ]
+    )
+
+if test "$ENABLED_AESGCM" = "word32"
+then
+    AM_CFLAGS="$AM_CFLAGS -DGCM_WORD32"
+    ENABLED_AESGCM=yes
+fi
+
+if test "$ENABLED_AESGCM" = "small"
+then
+    AM_CFLAGS="$AM_CFLAGS -DGCM_SMALL"
+    ENABLED_AESGCM=yes
+fi
+
+if test "$ENABLED_AESGCM" = "table"
+then
+    AM_CFLAGS="$AM_CFLAGS -DGCM_TABLE"
+    ENABLED_AESGCM=yes
+fi
+
+if test "$ENABLED_AESGCM" = "yes"
+then
+    AM_CFLAGS="$AM_CFLAGS -DHAVE_AESGCM -DCYASSL_SHA384 -DCYASSL_SHA512"
+fi
+
+AM_CONDITIONAL([BUILD_AESGCM], [test "x$ENABLED_AESGCM" = "xyes"])
+
+# AES-NI
+AC_ARG_ENABLE(aesni,
+    [  --enable-aesni          Enable CyaSSL AES-NI support (default: disabled)],
+    [ ENABLED_AESNI=$enableval ],
+    [ ENABLED_AESNI=no ]
+    )
+
+if test "$ENABLED_AESNI" = "yes"
+then
+    AM_CFLAGS="$AM_CFLAGS -DCYASSL_AESNI"
+    if test "$GCC" = "yes"
+    then
+        # GCC needs these flags, icc doesn't
+        AM_CFLAGS="$AM_CFLAGS -maes -msse4"
+    fi
+fi
+
+AM_CONDITIONAL([BUILD_AESNI], [test "x$ENABLED_AESNI" = "xyes"])
+
+
+# MD2
+AC_ARG_ENABLE(md2,
+    [  --enable-md2            Enable CyaSSL MD2 support (default: disabled)],
+    [ ENABLED_MD2=$enableval ],
+    [ ENABLED_MD2=no ]
+    )
+
+if test "$ENABLED_BUMP" = "yes"
+then
+    ENABLED_MD2="yes"
+fi
+
+if test "$ENABLED_MD2" = "yes"
+then
+    AM_CFLAGS="$AM_CFLAGS -DCYASSL_MD2"
+fi
+
+AM_CONDITIONAL([BUILD_MD2], [test "x$ENABLED_MD2" = "xyes"])
+
+
+# RIPEMD
+AC_ARG_ENABLE(ripemd,
+    [  --enable-ripemd         Enable CyaSSL RIPEMD-160 support (default: disabled)],
+    [ ENABLED_RIPEMD=$enableval ],
+    [ ENABLED_RIPEMD=no ]
+    )
+
+if test "$ENABLED_RIPEMD" = "yes"
+then
+    AM_CFLAGS="$AM_CFLAGS -DCYASSL_RIPEMD"
+fi
+
+AM_CONDITIONAL([BUILD_RIPEMD], [test "x$ENABLED_RIPEMD" = "xyes"])
+
+
+# SHA512
+AC_ARG_ENABLE(sha512,
+    [  --enable-sha512         Enable CyaSSL SHA-512 support (default: disabled)],
+    [ ENABLED_SHA512=$enableval ],
+    [ ENABLED_SHA512=no ]
+    )
+
+if test "$ENABLED_SHA512" = "yes"
+then
+    AM_CFLAGS="$AM_CFLAGS -DCYASSL_SHA512"
+fi
+
+if test "$ENABLED_FORTRESS" = "yes"
+then
+    ENABLED_SHA512="yes"
+fi
+
+if test "$ENABLED_AESGCM" = "yes"
+then
+    ENABLED_SHA512="yes"
+fi
+
+
+AM_CONDITIONAL([BUILD_SHA512], [test "x$ENABLED_SHA512" = "xyes"])
+
+
+# SESSION CERTS
+AC_ARG_ENABLE(sessioncerts,
+    [  --enable-sessioncerts   Enable session cert storing (default: disabled)],
+    [ ENABLED_SESSIONCERTS=$enableval ],
+    [ ENABLED_SESSIONCERTS=no ]
+    )
+
+if test "$ENABLED_SESSIONCERTS" = "yes"
+then
+    AM_CFLAGS="$AM_CFLAGS -DSESSION_CERTS"
+fi
+
+
+# KEY GENERATION
+AC_ARG_ENABLE(keygen,
+    [  --enable-keygen         Enable key generation (default: disabled)],
+    [ ENABLED_KEYGEN=$enableval ],
+    [ ENABLED_KEYGEN=no ]
+    )
+
+if test "$ENABLED_KEYGEN" = "yes"
+then
+    AM_CFLAGS="$AM_CFLAGS -DCYASSL_KEY_GEN"
+fi
+
+
+# CERT GENERATION
+AC_ARG_ENABLE(certgen,
+    [  --enable-certgen        Enable cert generation (default: disabled)],
+    [ ENABLED_CERTGEN=$enableval ],
+    [ ENABLED_CERTGEN=no ]
+    )
+
+if test "$ENABLED_CERTGEN" = "yes"
+then
+    AM_CFLAGS="$AM_CFLAGS -DCYASSL_CERT_GEN"
+fi
+
+
+# HC128 
+AC_ARG_ENABLE(hc128,
+    [  --enable-hc128          Enable HC-128 (default: disabled)],
+    [ ENABLED_HC128=$enableval ],
+    [ ENABLED_HC128=no ]
+    )
+
+if test "$ENABLED_HC128" = "no"
+then
+    AM_CFLAGS="$AM_CFLAGS -DNO_HC128"
+else
+    AM_CFLAGS="$AM_CFLAGS -DHAVE_HC128"
+fi
+
+AM_CONDITIONAL([BUILD_HC128], [test "x$ENABLED_HC128" = "xyes"])
+
+
+# PSK 
+AC_ARG_ENABLE(psk,
+    [  --enable-psk            Enable PSK (default: disabled)],
+    [ ENABLED_PSK=$enableval ],
+    [ ENABLED_PSK=no ]
+    )
+
+if test "$ENABLED_PSK" = "no"
+then
+    AM_CFLAGS="$AM_CFLAGS -DNO_PSK"
+fi
+
+
+# Web Server Build 
+AC_ARG_ENABLE(webServer,
+    [  --enable-webServer      Enable Web Server (default: disabled)],
+    [ ENABLED_WEBSERVER=$enableval ],
+    [ ENABLED_WEBSERVER=no ]
+    )
+
+if test "$ENABLED_WEBSERVER" = "yes"
+then
+    AM_CFLAGS="$AM_CFLAGS -DHAVE_WEBSERVER"
+fi
+
+
+# No Filesystem Build 
+AC_ARG_ENABLE(noFilesystem,
+    [  --enable-noFilesystem   Enable No Filesystem (default: disabled)],
+    [ ENABLED_NOFILESYSTEM=$enableval ],
+    [ ENABLED_NOFILESYSTEM=no ]
+    )
+
+if test "$ENABLED_NOFILESYSTEM" = "yes"
+then
+    AM_CFLAGS="$AM_CFLAGS -DNO_FILESYSTEM"
+fi
+
+
+# No inline Build 
+AC_ARG_ENABLE(noInline,
+    [  --enable-noInline       Enable No inline (default: disabled)],
+    [ ENABLED_NOINLINE=$enableval ],
+    [ ENABLED_NOINLINE=no ]
+    )
+
+if test "$ENABLED_NOINLINE" = "yes"
+then
+    AM_CFLAGS="$AM_CFLAGS -DNO_INLINE"
+fi
+
+AM_CONDITIONAL([BUILD_NOINLINE], [test "x$ENABLED_NOINLINE" = "xyes"])
+
+
+# ECC 
+AC_ARG_ENABLE(ecc,
+    [  --enable-ecc            Enable ECC (default: disabled)],
+    [ ENABLED_ECC=$enableval ],
+    [ ENABLED_ECC=no ]
+    )
+
+if test "$ENABLED_ECC" = "yes"
+then
+    AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC"
+fi
+
+AM_CONDITIONAL([BUILD_ECC], [test "x$ENABLED_ECC" = "xyes"])
+
+
+if test "$ENABLED_ECC" = "yes" && test "$ENABLED_SMALL" = "yes"
+then
+    AC_MSG_ERROR([cannot enable ecc and small, ecc requires TLS which small turns off.]) 
+fi
+
+
+# OCSP
+AC_ARG_ENABLE(ocsp,
+    [  --enable-ocsp           Enable OCSP (default: disabled)],
+    [ ENABLED_OCSP=$enableval ],
+    [ ENABLED_OCSP=no ],
+    )
+
+if test "$ENABLED_OCSP" = "yes"
+then
+    AM_CFLAGS="$AM_CFLAGS -DHAVE_OCSP"
+fi
+
+AM_CONDITIONAL([BUILD_OCSP], [test "x$ENABLED_OCSP" = "xyes"])
+
+
+# CRL 
+AC_ARG_ENABLE(crl,
+    [  --enable-crl            Enable CRL (default: disabled)],
+    [ ENABLED_CRL=$enableval ],
+    [ ENABLED_CRL=no ],
+    )
+
+if test "$ENABLED_CRL" = "yes"
+then
+    AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL"
+fi
+
+AM_CONDITIONAL([BUILD_CRL], [test "x$ENABLED_CRL" = "xyes"])
+
+
+# CRL Monitor
+AC_ARG_ENABLE(crl-monitor,
+    [  --enable-crl-monitor    Enable CRL Monitor (default: disabled)],
+    [ ENABLED_CRL_MONITOR=$enableval ],
+    [ ENABLED_CRL_MONITOR=no ],
+    )
+
+if test "$ENABLED_CRL_MONITOR" = "yes"
+then
+    AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL_MONITOR"
+fi
+
+AM_CONDITIONAL([BUILD_CRL_MONITOR], [test "x$ENABLED_CRL_MONITOR" = "xyes"])
+
+
+# NTRU
+ntruHome=`pwd`/NTRU_algorithm
+ntruInclude=$ntruHome/cryptolib
+ntruLib=$ntruHome
+AC_ARG_ENABLE(ntru,
+    [  --enable-ntru           Enable NTRU (default: disabled)],
+    [ ENABLED_NTRU=$enableval ],
+    [ ENABLED_NTRU=no ]
+    )
+
+if test "$ENABLED_NTRU" = "yes"
+then
+    AM_CFLAGS="$AM_CFLAGS -DHAVE_NTRU -I$ntruInclude"
+    AM_LDFLAGS="$AM_LDFLAGS -L$ntruLib"
+    LIBS="$LIBS -lntru_encrypt"
+fi
+
+AM_CONDITIONAL([BUILD_NTRU], [test "x$ENABLED_NTRU" = "xyes"])
+
+if test "$ENABLED_NTRU" = "yes" && test "$ENABLED_SMALL" = "yes"
+then
+    AC_MSG_ERROR([cannot enable ntru and small, ntru requires TLS which small turns off.]) 
+fi
+
+
+# Test certs, use internal cert functions for extra testing 
+AC_ARG_ENABLE(testcert,
+    [  --enable-testcert       Enable Test Cert (default: disabled)],
+    [ ENABLED_TESTCERT=$enableval ],
+    [ ENABLED_TESTCERT=no ]
+    )
+
+if test "$ENABLED_TESTCERT" = "yes"
+then
+    AM_CFLAGS="$AM_CFLAGS -DCYASSL_TEST_CERT"
+fi
+
+
+# LIBZ
+trylibzdir=""
+AC_ARG_WITH(libz,
+    [  --with-libz=PATH        PATH to libz install (default /usr/) ],
+    [
+        AC_MSG_CHECKING([for libz])
+        CPPFLAGS="$CPPFLAGS -DHAVE_LIBZ"
+        LIBS="$LIBS -lz"
+
+        AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <zlib.h>]], [[ deflateInit(0, 8); ]])],[ libz_linked=yes ],[ libz_linked=no ])
+
+        if test "x$libz_linked" == "xno" ; then
+            if test "x$withval" != "xno" ; then
+                trylibzdir=$withval
+            fi
+            if test "x$withval" == "xyes" ; then
+                trylibzdir="/usr"
+            fi
+
+            AM_LDFLAGS="$AM_LDFLAGS -L$trylibzdir/lib"
+            CPPFLAGS="$CPPFLAGS -I$trylibzdir/include"
+
+            AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <zlib.h>]], [[ deflateInit(0, 8); ]])],[ libz_linked=yes ],[ libz_linked=no ])
+
+            if test "x$libz_linked" == "xno" ; then
+                AC_MSG_ERROR([libz isn't found.
+                If it's already installed, specify its path using --with-libz=/dir/])
+            fi
+            AC_MSG_RESULT([yes])
+        else
+            AC_MSG_RESULT([yes])
+        fi
+
+    ]
+)
+
+
+# OPTIMIZE FLAGS
+if test "$GCC" = "yes"
+then
+    AM_CFLAGS="$AM_CFLAGS -Wall -Wno-unused"
+    if test "$ENABLED_DEBUG" = "no"
+    then
+        if test "$ENABLED_FASTMATH" = "yes"
+        then
+            AM_CFLAGS="$AM_CFLAGS $OPTIMIZE_FAST_CFLAGS"
+            if test "$ENABLED_FASTHUGEMATH" = "yes"
+            then
+                AM_CFLAGS="$AM_CFLAGS $OPTIMIZE_HUGE_CFLAGS"
+            fi
+        else
+            AM_CFLAGS="$AM_CFLAGS $OPTIMIZE_CFLAGS"
+        fi
+    fi
+fi
+
+AX_PTHREAD([
+            AC_DEFINE([HAVE_PTHREAD], [1], [Define if you have POSIX threads libraries and header files.])
+            ],
+            [
+             AC_DEFINE([HAVE_PTHREAD], [0], [Define if you have POSIX threads libraries and header files.])
+             ])
+
+LIB_SOCKET_NSL
+
+dnl Various GCC warnings that should never fire for release quality code
+GCCWARNINGS="-Wall -fno-strict-aliasing -W -Wfloat-equal -Wundef          \
+  -Wpointer-arith -Wstrict-prototypes -Wmissing-prototypes                \
+  -Wwrite-strings -Wredundant-decls -Wchar-subscripts -Wcomment           \
+  -Wformat=2 -Wwrite-strings -Wmissing-declarations -Wredundant-decls     \
+  -Wnested-externs -Wbad-function-cast -Wswitch-enum -Winit-self          \
+  -Wmissing-field-initializers -Wdeclaration-after-statement              \
+  -Wold-style-definition -Waddress -Wmissing-noreturn -Wnormalized=id     \
+  -Woverride-init -Wstrict-overflow=1 -Wextra -Wstack-protector -Wformat  \
+  -Wformat-security -Wpointer-sign -Wshadow -Wswitch-default"
+
+case "$host_os" in
+  *linux*)
+GCCWARNINGS="$GCCWARNINGS -Warray-bounds"
+  ;;
+esac
+
+AC_ARG_ENABLE(gcc-lots-o-warnings,
+AS_HELP_STRING(--enable-gcc-lots-o-warnings, Enable lots of gcc warnings (default: disabled)),
+[if test x$enableval = xyes; then
+    AM_CFLAGS="$AM_CFLAGS $GCCWARNINGS"
+fi])
+
+AC_ARG_ENABLE(gcc-hardening,
+AS_HELP_STRING(--enable-gcc-hardening, Enable compiler security checks (default: disabled)),
+[if test x$enableval = xyes; then
+    AM_CFLAGS="$AM_CFLAGS -D_FORTIFY_SOURCE=2 -fstack-protector-all"
+    AM_CFLAGS="$AM_CFLAGS -fwrapv -fPIE -Wstack-protector"
+    AM_CFLAGS="$AM_CFLAGS --param ssp-buffer-size=1"
+    LDFLAGS="$LDFLAGS -pie"
+fi])
+
+dnl Linker hardening options
+dnl Currently these options are ELF specific - you can't use this with MacOSX
+AC_ARG_ENABLE(linker-hardening,
+AS_HELP_STRING(--enable-linker-hardening, Enable linker security fixups (default: disabled)),
+[if test x$enableval = xyes; then
+    LDFLAGS="$LDFLAGS -z relro -z now"
+fi])
+
+CREATE_HEX_VERSION
+AM_CFLAGS="$AM_CFLAGS $CFLAG_VISIBILITY"
+AC_SUBST(AM_CFLAGS)
+AC_SUBST(AM_LDFLAGS)
+
+# FINAL
+AC_CONFIG_FILES([stamp-h], [echo timestamp > stamp-h])
+AC_CONFIG_FILES([Makefile])
+AC_CONFIG_FILES([cyassl/version.h])
+AC_CONFIG_FILES([support/libcyassl.pc])
+
+AC_OUTPUT
+

configure.in

@@ -1,432 +0,0 @@
-AC_INIT
-AC_CANONICAL_SYSTEM
-AM_INIT_AUTOMAKE(cyassl,1.8.8)
-AM_CONFIG_HEADER(ctaocrypt/include/config.h)
-
-
-#dnl Include m4
-#sinclude(lib_socket_nsl.m4)
-#sinclude(acx_pthread.m4)
-AC_CONFIG_MACRO_DIR([m4])
-
-
-# make sure configure doesn't add to CFLAGS
-CFLAGS="$CFLAGS $C_EXTRA_FLAGS"    
-
-AC_PROG_CC
-AC_PROG_CC_C_O
-AM_PROG_AS
-AC_PROG_INSTALL
-AC_LIBTOOL_WIN32_DLL
-AC_PROG_LIBTOOL
-
-AC_PREFIX_DEFAULT(/usr/local/cyassl)
-
-AC_C_BIGENDIAN
-
-AC_CHECK_SIZEOF(long, 4)
-AC_CHECK_SIZEOF(long long, 8)
-
-AC_CHECK_LIB(network,socket)
-AC_CHECK_LIBM
-
-AC_CHECK_HEADERS(errno.h)
-
-OPTIMIZE_CFLAGS="-Os -fomit-frame-pointer"
-OPTIMIZE_FAST_CFLAGS="-O3 -fomit-frame-pointer"
-OPTIMIZE_HUGE_CFLAGS="-funroll-loops -DTFM_SMALL_SET"
-DEBUG_CFLAGS="-g -DDEBUG -DDEBUG_CYASSL"
-
-
-# DEBUG
-AC_ARG_ENABLE(debug,
-    [  --enable-debug          Enable CyaSSL debugging support (default: disabled)],
-    [ ENABLED_DEBUG=$enableval ],
-    [ ENABLED_DEBUG=no ]
-    )
-if test "$ENABLED_DEBUG" = "yes"
-then
-  # Full debug. Very slow in some cases
-  CFLAGS="$DEBUG_CFLAGS $CFLAGS"
-else
-  # Optimized version. No debug
-  CFLAGS="$CFLAGS -DNDEBUG"
-fi
-
-
-# SMALL BUILD
-AC_ARG_ENABLE(small,
-    [  --enable-small          Enable smallest build (default: disabled)],
-    [ ENABLED_SMALL=$enableval ],
-    [ ENABLED_SMALL=no ]
-    )
-if test "$ENABLED_SMALL" = "yes"
-then
-  # make small no tls build with smallest cipher
-  # if you only want server or client you can define NO_CYASSL_SERVER or
-  # NO_CYASSL_CLIENT but then some of the examples and testsuite won't build
-  # note that TLS needs HMAC
-  CFLAGS="-DNO_TLS -DNO_HMAC -DNO_AES -DNO_DES3 -DNO_SHA256 -DNO_ERROR_STRINGS -DNO_HC128 -DNO_RABBIT -DNO_PSK -DNO_DSA -DNO_DH $CFLAGS"
-fi
-
-
-# SINGLE THREADED
-AC_ARG_ENABLE(singleThreaded,
-    [  --enable-singleThreaded Enable CyaSSL single threaded (default: disabled)],
-    [ ENABLED_SINGLETHREADED=$enableval ],
-    [ ENABLED_SINGLETHREADED=no ]
-    )
-if test "$ENABLED_SINGLETHREADED" = "yes"
-then
-  CFLAGS="-DSINGLE_THREADED $CFLAGS"
-fi
-
-
-# DTLS
-AC_ARG_ENABLE(dtls,
-    [  --enable-dtls           Enable CyaSSL DTLS (default: disabled)],
-    [ ENABLED_DTLS=$enableval ],
-    [ ENABLED_DTLS=no ]
-    )
-if test "$ENABLED_DTLS" = "yes"
-then
-  CFLAGS="-DCYASSL_DTLS $CFLAGS"
-fi
-
-
-# OPENSSL Extra Compatibility
-AC_ARG_ENABLE(opensslExtra,
-    [  --enable-opensslExtra   Enable extra OpenSSL API, size+ (default: disabled)],
-    [ ENABLED_OPENSSLEXTRA=$enableval ],
-    [ ENABLED_OPENSSLEXTRA=no ]
-    )
-if test "$ENABLED_OPENSSLEXTRA" = "yes"
-then
-  CFLAGS="-DOPENSSL_EXTRA $CFLAGS"
-fi
-
-
-# IPv6 Test Apps
-AC_ARG_ENABLE(ipv6,
-    [  --enable-ipv6           Enable testing of IPV6 (default: disabled)],
-    [ ENABLED_IPV6=$enableval ],
-    [ ENABLED_IPV6=no ]
-    )
-
-if test "$ENABLED_IPV6" = "yes"
-then
-    CFLAGS="$CFLAGS -DTEST_IPV6"
-fi
-
-
-# fastmath
-AC_ARG_ENABLE(fastmath,
-    [  --enable-fastmath       Enable fast math for BigInts(default: disabled)],
-    [ ENABLED_FASTMATH=$enableval ],
-    [ ENABLED_FASTMATH=no ]
-    )
-
-if test "$ENABLED_FASTMATH" = "yes"
-then
-    CFLAGS="$CFLAGS -DUSE_FAST_MATH"
-fi
-
-
-# fast HUGE math
-AC_ARG_ENABLE(fasthugemath,
-    [  --enable-fasthugemath   Enable fast math + huge code for BigInts(def: off)],
-    [ ENABLED_FASTHUGEMATH=$enableval ],
-    [ ENABLED_FASTHUGEMATH=no ]
-    )
-
-if test "$ENABLED_FASTHUGEMATH" = "yes"
-then
-    ENABLED_FASTMATH="yes"
-    CFLAGS="$CFLAGS -DUSE_FAST_MATH"
-fi
-
-AM_CONDITIONAL([BUILD_FASTMATH], [test "x$ENABLED_FASTMATH" = "xyes"])
-
-
-# big cache
-AC_ARG_ENABLE(bigcache,
-    [  --enable-bigcache       Enable big session cache (default: disabled)],
-    [ ENABLED_BIGCACHE=$enableval ],
-    [ ENABLED_BIGCACHE=no ]
-    )
-
-if test "$ENABLED_BIGCACHE" = "yes"
-then
-    CFLAGS="$CFLAGS -DBIG_SESSION_CACHE"
-fi
-
-
-# HUGE cache
-AC_ARG_ENABLE(hugecache,
-    [  --enable-hugecache      Enable huge session cache (default: disabled)],
-    [ ENABLED_HUGECACHE=$enableval ],
-    [ ENABLED_HUGECACHE=no ]
-    )
-
-if test "$ENABLED_HUGECACHE" = "yes"
-then
-    CFLAGS="$CFLAGS -DHUGE_SESSION_CACHE"
-fi
-
-
-# SNIFFER
-AC_ARG_ENABLE(sniffer,
-    [  --enable-sniffer        Enable CyaSSL sniffer support (default: disabled)],
-    [ ENABLED_SNIFFER=$enableval ],
-    [ ENABLED_SNIFFER=no ]
-    )
-
-if test "$ENABLED_SNIFFER" = "yes"
-then
-    CFLAGS="$CFLAGS -DCYASSL_SNIFFER -DOPENSSL_EXTRA"
-fi
-
-AM_CONDITIONAL([BUILD_SNIFFER], [test "x$ENABLED_SNIFFER" = "xyes"])
-
-# AES-NI
-AC_ARG_ENABLE(aesni,
-    [  --enable-aesni          Enable CyaSSL AES-NI support (default: disabled)],
-    [ ENABLED_AESNI=$enableval ],
-    [ ENABLED_AESNI=no ]
-    )
-
-if test "$ENABLED_AESNI" = "yes"
-then
-    CFLAGS="$CFLAGS -DCYASSL_AESNI"
-    if test "$GCC" = "yes"
-    then
-        # GCC needs these flags, icc doesn't
-        CFLAGS="$CFLAGS -maes -msse4"
-    fi
-fi
-
-AM_CONDITIONAL([BUILD_AESNI], [test "x$ENABLED_AESNI" = "xyes"])
-
-
-# RIPEMD
-AC_ARG_ENABLE(ripemd,
-    [  --enable-ripemd         Enable CyaSSL RIPEMD-160 support (default: disabled)],
-    [ ENABLED_RIPEMD=$enableval ],
-    [ ENABLED_RIPEMD=no ]
-    )
-
-if test "$ENABLED_RIPEMD" = "yes"
-then
-    CFLAGS="$CFLAGS -DCYASSL_RIPEMD"
-fi
-
-AM_CONDITIONAL([BUILD_RIPEMD], [test "x$ENABLED_RIPEMD" = "xyes"])
-
-
-# SHA512
-AC_ARG_ENABLE(sha512,
-    [  --enable-sha512         Enable CyaSSL SHA-160 support (default: disabled)],
-    [ ENABLED_SHA512=$enableval ],
-    [ ENABLED_SHA512=no ]
-    )
-
-if test "$ENABLED_SHA512" = "yes"
-then
-    CFLAGS="$CFLAGS -DCYASSL_SHA512"
-fi
-
-AM_CONDITIONAL([BUILD_SHA512], [test "x$ENABLED_SHA512" = "xyes"])
-
-
-# SESSION CERTS
-AC_ARG_ENABLE(sessioncerts,
-    [  --enable-sessioncerts   Enable session cert storing (default: disabled)],
-    [ ENABLED_SESSIONCERTS=$enableval ],
-    [ ENABLED_SESSIONCERTS=no ]
-    )
-
-if test "$ENABLED_SESSIONCERTS" = "yes"
-then
-    CFLAGS="$CFLAGS -DSESSION_CERTS"
-fi
-
-
-# KEY GENERATION
-AC_ARG_ENABLE(keygen,
-    [  --enable-keygen         Enable key generation (default: disabled)],
-    [ ENABLED_KEYGEN=$enableval ],
-    [ ENABLED_KEYGEN=no ]
-    )
-
-if test "$ENABLED_KEYGEN" = "yes"
-then
-    CFLAGS="$CFLAGS -DCYASSL_KEY_GEN"
-fi
-
-
-# CERT GENERATION
-AC_ARG_ENABLE(certgen,
-    [  --enable-certgen        Enable cert generation (default: disabled)],
-    [ ENABLED_CERTGEN=$enableval ],
-    [ ENABLED_CERTGEN=no ]
-    )
-
-if test "$ENABLED_CERTGEN" = "yes"
-then
-    CFLAGS="$CFLAGS -DCYASSL_CERT_GEN"
-fi
-
-
-# HC128
-AC_ARG_ENABLE(hc128,
-    [  --enable-hc128          Enable HC-128 (default: disabled)],
-    [ ENABLED_HC128=$enableval ],
-    [ ENABLED_HC128=no ]
-    )
-
-if test "$ENABLED_HC128" = "no"
-then
-    CFLAGS="$CFLAGS -DNO_HC128"
-fi
-
-AM_CONDITIONAL([BUILD_HC128], [test "x$ENABLED_HC128" = "xyes"])
-
-
-# PSK 
-AC_ARG_ENABLE(psk,
-    [  --enable-psk            Enable PSK (default: disabled)],
-    [ ENABLED_PSK=$enableval ],
-    [ ENABLED_PSK=no ]
-    )
-
-if test "$ENABLED_PSK" = "no"
-then
-    CFLAGS="$CFLAGS -DNO_PSK"
-fi
-
-
-# ECC 
-AC_ARG_ENABLE(ecc,
-    [  --enable-ecc            Enable ECC (default: disabled)],
-    [ ENABLED_ECC=$enableval ],
-    [ ENABLED_ECC=no ]
-    )
-
-if test "$ENABLED_ECC" = "yes"
-then
-    CFLAGS="$CFLAGS -DHAVE_ECC"
-fi
-
-AM_CONDITIONAL([BUILD_ECC], [test "x$ENABLED_ECC" = "xyes"])
-
-
-# NTRU
-ntruHome=`pwd`/NTRU_algorithm
-ntruInclude=$ntruHome/cryptolib
-ntruLib=$ntruHome
-AC_ARG_ENABLE(ntru,
-    [  --enable-ntru           Enable NTRU (default: disabled)],
-    [ ENABLED_NTRU=$enableval ],
-    [ ENABLED_NTRU=no ]
-    )
-
-if test "$ENABLED_NTRU" = "yes"
-then
-    CFLAGS="$CFLAGS -DHAVE_NTRU -I$ntruInclude"
-    LDFLAGS="$LDFLAGS -L$ntruLib"
-    LIBS="$LIBS -lntru_encrypt"
-fi
-
-AM_CONDITIONAL([BUILD_NTRU], [test "x$ENABLED_NTRU" = "xyes"])
-
-
-# LIBZ
-trylibzdir=""
-AC_ARG_WITH(libz,
-    [  --with-libz=PATH        PATH to libz install (default /usr/) ],
-    [
-        AC_MSG_CHECKING([for libz])
-        CPPFLAGS="$CPPFLAGS -DHAVE_LIBZ"
-        LIBS="$LIBS -lz"
-
-        AC_TRY_LINK([#include <zlib.h>], [ deflateInit(NULL, 8); ],
-            [ libz_linked=yes ], [ libz_linked=no ])
-
-        if test "x$libz_linked" == "xno" ; then
-            if test "x$withval" != "xno" ; then
-                trylibzdir=$withval
-            fi
-            if test "x$withval" == "xyes" ; then
-                trylibzdir="/usr"
-            fi
-
-            LDFLAGS="$LDFLAGS -L$trylibzdir/lib"
-            CPPFLAGS="$CPPFLAGS -I$trylibzdir/include"
-
-            AC_TRY_LINK([#include <zlib.h>], [ deflateInit(NULL, 8); ],
-                [ libz_linked=yes ], [ libz_linked=no ])
-
-            if test "x$libz_linked" == "xno" ; then
-                AC_MSG_ERROR([libz isn't found.
-                If it's already installed, specify its path using --with-libz=/dir/])
-            fi
-            AC_MSG_RESULT([yes])
-        else
-            AC_MSG_RESULT([yes])
-        fi
-
-    ]
-)
-
-
-# OPTIMIZE FLAGS
-if test "$GCC" = "yes"
-then
-    CFLAGS="$CFLAGS -Wall -Wno-unused"
-    if test "$ENABLED_DEBUG" = "no"
-    then
-        if test "$ENABLED_FASTMATH" = "yes"
-        then
-            CFLAGS="$CFLAGS $OPTIMIZE_FAST_CFLAGS"
-            if test "$ENABLED_FASTHUGEMATH" = "yes"
-            then
-                CFLAGS="$CFLAGS $OPTIMIZE_HUGE_CFLAGS"
-            fi
-        else
-            CFLAGS="$CFLAGS $OPTIMIZE_CFLAGS"
-        fi
-    fi
-fi
-
-
-
-
-ACX_PTHREAD
-
-LIBS="$PTHREAD_LIBS $LIBM $LIBS"
-CFLAGS="$CFLAGS $PTHREAD_CFLAGS"
-
-LIB_SOCKET_NSL
-
-AC_SUBST(CFLAGS)
-AC_SUBST(LIBS)
-
-
-
-# FINAL
-AC_CONFIG_FILES(Makefile dnl
-        ctaocrypt/Makefile dnl
-        ctaocrypt/src/Makefile dnl
-        ctaocrypt/test/Makefile dnl
-        ctaocrypt/benchmark/Makefile dnl
-        src/Makefile dnl
-        examples/Makefile dnl
-        examples/client/Makefile dnl
-        examples/server/Makefile dnl
-        examples/echoclient/Makefile dnl
-        examples/echoserver/Makefile dnl
-        testsuite/Makefile dnl
-        sslSniffer/Makefile dnl
-        sslSniffer/sslSnifferTest/Makefile)
-AC_OUTPUT
-

ctaocrypt/Makefile.am

@@ -1,3 +0,0 @@
-SUBDIRS = src test benchmark
-EXTRA_DIST = ctaocrypt.sln ctaocrypt.vcproj
-

ctaocrypt/benchmark/Makefile.am

@@ -1,7 +0,0 @@
-INCLUDES = -I../include
-bin_PROGRAMS = benchmark
-benchmark_SOURCES = benchmark.c
-benchmark_LDFLAGS      = -L../src
-benchmark_LDADD        = ../../src/libcyassl.la
-benchmark_DEPENDENCIES = ../../src/libcyassl.la
-EXTRA_DIST =  *.der benchmark.sln benchmark.vcproj

ctaocrypt/benchmark/benchmark.c

@@ -1,24 +1,48 @@
-/* benchmark.c */
+/* benchmark.c
+ *
+ * Copyright (C) 2006-2012 Sawtooth Consulting Ltd.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
 /* CTaoCrypt benchmark */
 
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
 #include <string.h>
 #include <stdio.h>
 
-#include "des3.h"
-#include "arc4.h"
-#include "hc128.h"
-#include "rabbit.h"
-#include "ctc_aes.h"
-#include "ctc_md5.h"
-#include "ctc_sha.h"
-#include "sha256.h"
-#include "sha512.h"
-#include "ctc_rsa.h"
-#include "asn.h"
-#include "ctc_ripemd.h"
-
-#include "ctc_dh.h"
+#include <cyassl/ctaocrypt/des3.h>
+#include <cyassl/ctaocrypt/arc4.h>
+#include <cyassl/ctaocrypt/hc128.h>
+#include <cyassl/ctaocrypt/rabbit.h>
+#include <cyassl/ctaocrypt/aes.h>
+#include <cyassl/ctaocrypt/md5.h>
+#include <cyassl/ctaocrypt/sha.h>
+#include <cyassl/ctaocrypt/sha256.h>
+#include <cyassl/ctaocrypt/sha512.h>
+#include <cyassl/ctaocrypt/rsa.h>
+#include <cyassl/ctaocrypt/asn.h>
+#include <cyassl/ctaocrypt/ripemd.h>
+#include <cyassl/ctaocrypt/ecc.h>
 
+#include <cyassl/ctaocrypt/dh.h>
 
 #ifdef _MSC_VER
     /* 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy */
@@ -30,6 +54,7 @@ void bench_arc4();
 void bench_hc128();
 void bench_rabbit();
 void bench_aes(int);
+void bench_aesgcm();
 
 void bench_md5();
 void bench_sha();
@@ -40,6 +65,10 @@ void bench_ripemd();
 void bench_rsa();
 void bench_rsaKeyGen();
 void bench_dh();
+#ifdef HAVE_ECC
+void bench_eccKeyGen();
+void bench_eccKeyAgree();
+#endif
 
 double current_time();
 
@@ -50,9 +79,12 @@ int main(int argc, char** argv)
 #ifndef NO_AES
     bench_aes(0);
     bench_aes(1);
+#endif
+#ifdef HAVE_AESGCM
+    bench_aesgcm();
 #endif
     bench_arc4();
-#ifndef NO_HC128
+#ifdef HAVE_HC128
     bench_hc128();
 #endif
 #ifndef NO_RABBIT
@@ -88,6 +120,11 @@ int main(int argc, char** argv)
     bench_rsaKeyGen();
 #endif
 
+#ifdef HAVE_ECC 
+    bench_eccKeyGen();
+    bench_eccKeyAgree();
+#endif
+
     return 0;
 }
 
@@ -138,6 +175,34 @@ void bench_aes(int show)
 #endif
 
 
+byte additional[13];
+byte tag[16];
+
+
+#ifdef HAVE_AESGCM
+void bench_aesgcm()
+{
+    Aes    enc;
+    double start, total, persec;
+    int    i;
+
+    AesGcmSetKey(&enc, key, 16, iv);
+    AesGcmSetExpIV(&enc, iv+4);
+    start = current_time();
+
+    for(i = 0; i < megs; i++)
+        AesGcmEncrypt(&enc, cipher, plain, sizeof(plain),
+                        tag, 16, additional, 13);
+
+    total = current_time() - start;
+
+    persec = 1 / total * megs;
+    printf("AES-GCM  %d megs took %5.3f seconds, %6.2f MB/s\n", megs, total,
+                                                                    persec);
+}
+#endif
+
+
 #ifndef NO_DES3
 void bench_des()
 {
@@ -181,7 +246,7 @@ void bench_arc4()
 }
 
 
-#ifndef NO_HC128
+#ifdef HAVE_HC128
 void bench_hc128()
 {
     HC128  enc;
@@ -200,7 +265,7 @@ void bench_hc128()
     printf("HC128    %d megs took %5.3f seconds, %6.2f MB/s\n", megs, total,
                                                              persec);
 }
-#endif /* NO_HC128 */
+#endif /* HAVE_HC128 */
 
 
 #ifndef NO_RABBIT
@@ -360,10 +425,11 @@ void bench_rsa()
     double    start, total, each, milliEach;
     
     RsaKey key;
-    FILE*  file = fopen("./rsa1024.der", "rb");
+    FILE*  file = fopen("./certs/rsa2048.der", "rb");
 
     if (!file) {
-        printf("can't find ./rsa1024.der\n");
+        printf("can't find ./certs/rsa2048.der, "
+               "Please run from CyaSSL home dir\n");
         return;
     }
 
@@ -381,7 +447,7 @@ void bench_rsa()
     each  = total / times;   /* per second   */
     milliEach = each * 1000; /* milliseconds */
 
-    printf("RSA 1024 encryption took %6.2f milliseconds, avg over %d" 
+    printf("RSA 2048 encryption took %6.2f milliseconds, avg over %d" 
            " iterations\n", milliEach, times);
 
     start = current_time();
@@ -393,7 +459,7 @@ void bench_rsa()
     each  = total / times;   /* per second   */
     milliEach = each * 1000; /* milliseconds */
 
-    printf("RSA 1024 decryption took %6.2f milliseconds, avg over %d" 
+    printf("RSA 2048 decryption took %6.2f milliseconds, avg over %d" 
            " iterations\n", milliEach, times);
 
     fclose(file);
@@ -409,22 +475,23 @@ void bench_dh()
     size_t bytes;
     word32 idx = 0, pubSz, privSz, pubSz2, privSz2, agreeSz;
 
-    byte   pub[128];    /* for 1024 bit */
-    byte   priv[128];   /* for 1024 bit */
-    byte   pub2[128];   /* for 1024 bit */
-    byte   priv2[128];  /* for 1024 bit */
-    byte   agree[128];  /* for 1024 bit */
+    byte   pub[256];    /* for 2048 bit */
+    byte   priv[256];   /* for 2048 bit */
+    byte   pub2[256];   /* for 2048 bit */
+    byte   priv2[256];  /* for 2048 bit */
+    byte   agree[256];  /* for 2048 bit */
     
     double start, total, each, milliEach;
     DhKey  key;
-    FILE*  file = fopen("./dh1024.der", "rb");
+    FILE*  file = fopen("./certs/dh2048.der", "rb");
 
     if (!file) {
-        printf("can't find ./dh1024.der\n");
+        printf("can't find ./certs/dh2048.der, "
+               "Please run from CyaSSL home dir\n");
         return;
     }
 
-    bytes = fread(tmp, 1, 1024, file);
+    bytes = fread(tmp, 1, sizeof(tmp), file);
     InitDhKey(&key);
     bytes = DhKeyDecode(tmp, &idx, &key, (word32)bytes);
 
@@ -437,7 +504,7 @@ void bench_dh()
     each  = total / times;   /* per second   */
     milliEach = each * 1000; /* milliseconds */
 
-    printf("DH  1024 key generation  %6.2f milliseconds, avg over %d" 
+    printf("DH  2048 key generation  %6.2f milliseconds, avg over %d" 
            " iterations\n", milliEach, times);
 
     DhGenerateKeyPair(&key, &rng, priv2, &privSz2, pub2, &pubSz2);
@@ -450,7 +517,7 @@ void bench_dh()
     each  = total / times;   /* per second   */
     milliEach = each * 1000; /* milliseconds */
 
-    printf("DH  1024 key agreement   %6.2f milliseconds, avg over %d" 
+    printf("DH  2048 key agreement   %6.2f milliseconds, avg over %d" 
            " iterations\n", milliEach, times);
 
     fclose(file);
@@ -499,6 +566,82 @@ void bench_rsaKeyGen()
 }
 #endif /* CYASSL_KEY_GEN */
 
+#ifdef HAVE_ECC 
+void bench_eccKeyGen()
+{
+    ecc_key genKey;
+    double start, total, each, milliEach;
+    int    i;
+    const int genTimes = 5;
+  
+    /* 256 bit */ 
+    start = current_time();
+
+    for(i = 0; i < genTimes; i++) {
+        int ret = ecc_make_key(&rng, 32, &genKey);
+        ecc_free(&genKey);
+    }
+
+    total = current_time() - start;
+    each  = total / genTimes;  /* per second  */
+    milliEach = each * 1000;   /* millisconds */
+    printf("\n");
+    printf("ECC  256 key generation  %6.2f milliseconds, avg over %d" 
+           " iterations\n", milliEach, genTimes);
+}
+
+
+void bench_eccKeyAgree()
+{
+    ecc_key genKey, genKey2;
+    double start, total, each, milliEach;
+    int    i;
+    const int agreeTimes = 5;
+    byte   shared[1024];
+    byte   sig[1024];
+    byte   digest[32];
+    word32 x;
+  
+    ecc_make_key(&rng, 32, &genKey);
+    ecc_make_key(&rng, 32, &genKey2);
+
+    /* 256 bit */ 
+    start = current_time();
+
+    for(i = 0; i < agreeTimes; i++) {
+        x = sizeof(shared);
+        ecc_shared_secret(&genKey, &genKey2, shared, &x);
+    }
+
+    total = current_time() - start;
+    each  = total / agreeTimes;  /* per second  */
+    milliEach = each * 1000;   /* millisconds */
+    printf("EC-DHE   key agreement   %6.2f milliseconds, avg over %d" 
+           " iterations\n", milliEach, agreeTimes);
+
+    /* make dummy digest */
+    for (i = 0; i < sizeof(digest); i++)
+        digest[i] = i;
+
+
+    start = current_time();
+
+    for(i = 0; i < agreeTimes; i++) {
+        x = sizeof(sig);
+        ecc_sign_hash(digest, sizeof(digest), sig, &x, &rng, &genKey);
+    }
+
+    total = current_time() - start;
+    each  = total / agreeTimes;  /* per second  */
+    milliEach = each * 1000;   /* millisconds */
+    printf("EC-DSA   sign time       %6.2f milliseconds, avg over %d" 
+           " iterations\n", milliEach, agreeTimes);
+
+    ecc_free(&genKey2);
+    ecc_free(&genKey);
+}
+#endif /* HAVE_ECC */
+
 
 #ifdef _WIN32
 

ctaocrypt/benchmark/include.am

@@ -0,0 +1,9 @@
+# vim:ft=automake
+# All paths should be given relative to the root
+
+noinst_PROGRAMS += ctaocrypt/benchmark/benchmark
+ctaocrypt_benchmark_benchmark_SOURCES      = ctaocrypt/benchmark/benchmark.c
+ctaocrypt_benchmark_benchmark_LDADD        = src/libcyassl.la
+ctaocrypt_benchmark_benchmark_DEPENDENCIES = src/libcyassl.la
+EXTRA_DIST += ctaocrypt/benchmark/benchmark.sln 
+EXTRA_DIST += ctaocrypt/benchmark/benchmark.vcproj

ctaocrypt/ctaocrypt.vcproj

@@ -100,7 +100,7 @@
 			<Tool
 				Name="VCCLCompilerTool"
 				AdditionalIncludeDirectories="include"
-				PreprocessorDefinitions="WIN32;NDEBUG;_LIB;"
+				PreprocessorDefinitions="WIN32;NDEBUG;_LIB;OPENSSL_EXTRA"
 				RuntimeLibrary="2"
 				UsePrecompiledHeader="0"
 				WarningLevel="3"

ctaocrypt/include/asn.h

@@ -1,319 +0,0 @@
-/* asn.h
- *
- * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
- *
- * This file is part of CyaSSL.
- *
- * CyaSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * CyaSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
- */
-
-
-#ifndef CTAO_CRYPT_ASN_H
-#define CTAO_CRYPT_ASN_H
-
-#include "types.h"
-#include "ctc_rsa.h"
-#include "ctc_dh.h"
-#include "ctc_dsa.h"
-#include "ctc_sha.h"
-#ifdef HAVE_ECC
-    #include "ctc_ecc.h"
-#endif
-
-#ifdef __cplusplus
-    extern "C" {
-#endif
-
-
-enum {
-    ISSUER  = 0,
-    SUBJECT = 1,
-
-    BEFORE  = 0,
-    AFTER   = 1
-};
-
-/* ASN Tags   */
-enum ASN_Tags {        
-    ASN_INTEGER           = 0x02,
-    ASN_BIT_STRING        = 0x03,
-    ASN_OCTET_STRING      = 0x04,
-    ASN_TAG_NULL          = 0x05,
-    ASN_OBJECT_ID         = 0x06,
-    ASN_SEQUENCE          = 0x10,
-    ASN_SET               = 0x11,
-    ASN_UTC_TIME          = 0x17,
-    ASN_GENERALIZED_TIME  = 0x18,
-    ASN_LONG_LENGTH       = 0x80
-};
-
-
-enum  ASN_Flags{
-    ASN_CONSTRUCTED       = 0x20,
-    ASN_CONTEXT_SPECIFIC  = 0x80
-};
-
-enum DN_Tags {
-    ASN_COMMON_NAME   = 0x03,   /* CN */
-    ASN_SUR_NAME      = 0x04,   /* SN */
-    ASN_COUNTRY_NAME  = 0x06,   /* C  */
-    ASN_LOCALITY_NAME = 0x07,   /* L  */
-    ASN_STATE_NAME    = 0x08,   /* ST */
-    ASN_ORG_NAME      = 0x0a,   /* O  */
-    ASN_ORGUNIT_NAME  = 0x0b    /* OU */
-};
-
-enum Misc_ASN { 
-    ASN_NAME_MAX        = 256,    
-    SHA_SIZE            =  20,
-    RSA_INTS            =   8,     /* RSA ints in private key */
-    MIN_DATE_SIZE       =  13,
-    MAX_DATE_SIZE       =  32,
-    ASN_GEN_TIME_SZ     =  15,     /* 7 numbers * 2 + Zulu tag */
-    MAX_ENCODED_SIG_SZ  = 512,
-    MAX_SIG_SZ          = 256,
-    MAX_ALGO_SZ         =  20,
-    MAX_SEQ_SZ          =   5,     /* enum(seq | con) + length(4) */  
-    MAX_SET_SZ          =   5,     /* enum(set | con) + length(4) */  
-    MAX_VERSION_SZ      =   5,     /* enum + id + version(byte) + (header(2))*/
-    MAX_ENCODED_DIG_SZ  =  25,     /* sha + enum(bit or octet) + legnth(4) */
-    MAX_RSA_INT_SZ      = 517,     /* RSA raw sz 4096 for bits + tag + len(4) */
-    MAX_NTRU_KEY_SZ     = 610,     /* NTRU 112 bit public key */
-    MAX_NTRU_ENC_SZ     = 628,     /* NTRU 112 bit DER public encoding */
-    MAX_RSA_E_SZ        =  16,     /* Max RSA public e size */
-    MAX_PUBLIC_KEY_SZ   = MAX_NTRU_ENC_SZ + MAX_ALGO_SZ + MAX_SEQ_SZ * 2, 
-                                   /* use bigger NTRU size */
-    MAX_LENGTH_SZ       =   4 
-};
-
-
-enum Oid_Types {
-    hashType = 0,
-    sigType  = 1,
-    keyType  = 2
-};
-
-
-enum Sig_Sum  {
-    SHAwDSA   = 517,
-    MD2wRSA   = 646,
-    MD5wRSA   = 648,
-    SHAwRSA   = 649,
-    SHAwECDSA = 520
-};
-
-enum Hash_Sum  {
-    MD2h  = 646,
-    MD5h  = 649,
-    SHAh  =  88
-};
-
-enum Key_Sum {
-    DSAk   = 515,
-    RSAk   = 645,
-    NTRUk  = 364,
-    ECDSAk = 518
-};
-
-enum Ecc_Sum {
-    ECC_256R1 = 526,
-    ECC_384R1 = 210,
-    ECC_521R1 = 211,
-    ECC_160R1 = 184,
-    ECC_192R1 = 520,
-    ECC_224R1 = 209
-};
-
-
-/* Certificate file Type */
-enum CertType {
-    CERT_TYPE       = 0, 
-    PRIVATEKEY_TYPE,
-    CA_TYPE
-};
-
-
-enum VerifyType {
-    NO_VERIFY = 0,
-    VERIFY    = 1
-};
-
-
-typedef struct DecodedCert {
-    byte*   publicKey;
-    word32  pubKeySize;
-    int     pubKeyStored;
-    word32  certBegin;               /* offset to start of cert          */
-    word32  sigIndex;                /* offset to start of signature     */
-    word32  sigLength;               /* length of signature              */
-    word32  signatureOID;            /* sum of algorithm object id       */
-    word32  keyOID;                  /* sum of key algo  object id       */
-    byte    subjectHash[SHA_SIZE];   /* hash of all Names                */
-    byte    issuerHash[SHA_SIZE];    /* hash of all Names                */
-    byte*   signature;               /* not owned, points into raw cert  */
-    char*   subjectCN;               /* CommonName                       */
-    int     subjectCNLen;
-    char    issuer[ASN_NAME_MAX];    /* full name including common name  */
-    char    subject[ASN_NAME_MAX];   /* full name including common name  */
-    int     verify;                  /* Default to yes, but could be off */
-    byte*   source;                  /* byte buffer holder cert, NOT owner */
-    word32  srcIdx;                  /* current offset into buffer       */
-    void*   heap;                    /* for user memory overrides        */
-#ifdef CYASSL_CERT_GEN
-    /* easy access to sujbect info for other sign */
-    char*   subjectSN;
-    int     subjectSNLen;
-    char*   subjectC;
-    int     subjectCLen;
-    char*   subjectL;
-    int     subjectLLen;
-    char*   subjectST;
-    int     subjectSTLen;
-    char*   subjectO;
-    int     subjectOLen;
-    char*   subjectOU;
-    int     subjectOULen;
-    char*   subjectEmail;
-    int     subjectEmailLen;
-#endif /* CYASSL_CERT_GEN */
-} DecodedCert;
-
-
-typedef struct Signer Signer;
-
-/* CA Signers */
-struct Signer {
-    byte*   publicKey;
-    word32  pubKeySize;
-    word32  keyOID;                  /* key type */
-    char*   name;                    /* common name */
-    byte    hash[SHA_DIGEST_SIZE];   /* sha hash of names in certificate */
-    Signer* next;
-};
-
-
-void InitDecodedCert(DecodedCert*, byte*, void*);
-void FreeDecodedCert(DecodedCert*);
-int  ParseCert(DecodedCert*, word32, int type, int verify, Signer* signer);
-int  ParseCertRelative(DecodedCert*, word32, int type, int verify,
-                       Signer* signer);
-
-word32 EncodeSignature(byte* out, const byte* digest, word32 digSz,int hashOID);
-
-Signer* MakeSigner(void*);
-void    FreeSigners(Signer*, void*);
-
-
-int RsaPrivateKeyDecode(const byte* input, word32* inOutIdx, RsaKey*, word32);
-int RsaPublicKeyDecode(const byte* input, word32* inOutIdx, RsaKey*, word32);
-int ToTraditional(byte* buffer, word32 length);
-
-#ifndef NO_DH
-int DhKeyDecode(const byte* input, word32* inOutIdx, DhKey* key, word32);
-int DhSetKey(DhKey* key, const byte* p, word32 pSz, const byte* g, word32 gSz);
-#endif
-
-#ifndef NO_DSA
-int DsaPublicKeyDecode(const byte* input, word32* inOutIdx, DsaKey*, word32);
-int DsaPrivateKeyDecode(const byte* input, word32* inOutIdx, DsaKey*, word32);
-#endif
-
-#ifdef CYASSL_KEY_GEN
-int RsaKeyToDer(RsaKey*, byte* output, word32 inLen);
-#endif
-
-#ifdef HAVE_ECC
-    /* ASN sig helpers */
-    int StoreECC_DSA_Sig(byte* out, word32* outLen, mp_int* r, mp_int* s);
-    int DecodeECC_DSA_Sig(const byte* sig, word32 sigLen, mp_int* r, mp_int* s);
-    /* private key helpers */
-    int EccPrivateKeyDecode(const byte* input,word32* inOutIdx,ecc_key*,word32);
-#endif
-
-#if defined(CYASSL_KEY_GEN) || defined(CYASSL_CERT_GEN)
-int DerToPem(const byte* der, word32 derSz, byte* output, word32 outputSz,
-             int type);
-#endif
-
-#ifdef CYASSL_CERT_GEN
-
-enum cert_enums {
-    SERIAL_SIZE     =  8,
-    NAME_SIZE       = 64,
-    NAME_ENTRIES    =  8,
-    JOINT_LEN       =  2,
-    EMAIL_JOINT_LEN =  9,
-    RSA_KEY         = 10,
-    NTRU_KEY        = 11
-};
-
-
-typedef struct CertName {
-    char country[NAME_SIZE];
-    char state[NAME_SIZE];
-    char locality[NAME_SIZE];
-    char sur[NAME_SIZE];
-    char org[NAME_SIZE];
-    char unit[NAME_SIZE];
-    char commonName[NAME_SIZE];
-    char email[NAME_SIZE];  /* !!!! email has to be last !!!! */
-} CertName;
-
-
-/* for user to fill for certificate generation */
-typedef struct Cert {
-    int      version;                   /* x509 version  */
-    byte     serial[SERIAL_SIZE];       /* serial number */
-    int      sigType;                   /* signature algo type */
-    CertName issuer;                    /* issuer info */
-    int      daysValid;                 /* validity days */
-    int      selfSigned;                /* self signed flag */
-    CertName subject;                   /* subject info */
-    /* internal use only */
-    int      bodySz;                    /* pre sign total size */
-    int      keyType;                   /* public key type of subject */
-} Cert;
-
-
-/* Initialize and Set Certficate defaults:
-   version    = 3 (0x2)
-   serial     = 0 (Will be randomly generated)
-   sigType    = MD5_WITH_RSA
-   issuer     = blank
-   daysValid  = 500
-   selfSigned = 1 (true) use subject as issuer
-   subject    = blank
-   keyType    = RSA_KEY (default)
-*/
-void InitCert(Cert*);
-int  MakeCert(Cert*, byte* derBuffer, word32 derSz, RsaKey*, RNG*);
-int  SignCert(Cert*, byte* derBuffer, word32 derSz, RsaKey*, RNG*);
-int  MakeSelfCert(Cert*, byte* derBuffer, word32 derSz, RsaKey*, RNG*);
-int  SetIssuer(Cert*, const char*);
-#ifdef HAVE_NTRU
-int  MakeNtruCert(Cert*, byte* derBuffer, word32 derSz, const byte* ntruKey,
-                  word16 keySz, RNG*);
-#endif
-
-
-#endif /* CYASSL_CERT_GEN */
-
-
-#ifdef __cplusplus
-    } /* extern "C" */
-#endif
-
-#endif /* CTAO_CRYPT_ASN_H */
-

ctaocrypt/include/config.h

@@ -1,86 +0,0 @@
-/* ctaocrypt/include/config.h.  Generated from config.h.in by configure.  */
-/* ctaocrypt/include/config.h.in.  Generated from configure.in by autoheader.  */
-
-/* Define to 1 if you have the <dlfcn.h> header file. */
-#define HAVE_DLFCN_H 1
-
-/* Define to 1 if you have the <errno.h> header file. */
-#define HAVE_ERRNO_H 1
-
-/* Define to 1 if you have the <inttypes.h> header file. */
-#define HAVE_INTTYPES_H 1
-
-/* Define to 1 if you have the `network' library (-lnetwork). */
-/* #undef HAVE_LIBNETWORK */
-
-/* Define to 1 if you have the <memory.h> header file. */
-#define HAVE_MEMORY_H 1
-
-/* Define if you have POSIX threads libraries and header files. */
-#define HAVE_PTHREAD 1
-
-/* Define to 1 if you have the <stdint.h> header file. */
-#define HAVE_STDINT_H 1
-
-/* Define to 1 if you have the <stdlib.h> header file. */
-#define HAVE_STDLIB_H 1
-
-/* Define to 1 if you have the <strings.h> header file. */
-#define HAVE_STRINGS_H 1
-
-/* Define to 1 if you have the <string.h> header file. */
-#define HAVE_STRING_H 1
-
-/* Define to 1 if you have the <sys/stat.h> header file. */
-#define HAVE_SYS_STAT_H 1
-
-/* Define to 1 if you have the <sys/types.h> header file. */
-#define HAVE_SYS_TYPES_H 1
-
-/* Define to 1 if you have the <unistd.h> header file. */
-#define HAVE_UNISTD_H 1
-
-/* Define to the sub-directory in which libtool stores uninstalled libraries.
-   */
-#define LT_OBJDIR ".libs/"
-
-/* Define to 1 if your C compiler doesn't accept -c and -o together. */
-/* #undef NO_MINUS_C_MINUS_O */
-
-/* Name of package */
-#define PACKAGE "cyassl"
-
-/* Define to the address where bug reports for this package should be sent. */
-#define PACKAGE_BUGREPORT ""
-
-/* Define to the full name of this package. */
-#define PACKAGE_NAME ""
-
-/* Define to the full name and version of this package. */
-#define PACKAGE_STRING ""
-
-/* Define to the one symbol short name of this package. */
-#define PACKAGE_TARNAME ""
-
-/* Define to the version of this package. */
-#define PACKAGE_VERSION ""
-
-/* Define to necessary symbol if this constant uses a non-standard name on
-   your system. */
-/* #undef PTHREAD_CREATE_JOINABLE */
-
-/* The size of `long', as computed by sizeof. */
-#define SIZEOF_LONG 8
-
-/* The size of `long long', as computed by sizeof. */
-#define SIZEOF_LONG_LONG 8
-
-/* Define to 1 if you have the ANSI C header files. */
-#define STDC_HEADERS 1
-
-/* Version number of package */
-#define VERSION "1.8.8"
-
-/* Define to 1 if your processor stores words with the most significant byte
-   first (like Motorola and SPARC, unlike Intel and VAX). */
-/* #undef WORDS_BIGENDIAN */

ctaocrypt/include/config.h.in

@@ -1,85 +0,0 @@
-/* ctaocrypt/include/config.h.in.  Generated from configure.in by autoheader.  */
-
-/* Define to 1 if you have the <dlfcn.h> header file. */
-#undef HAVE_DLFCN_H
-
-/* Define to 1 if you have the <errno.h> header file. */
-#undef HAVE_ERRNO_H
-
-/* Define to 1 if you have the <inttypes.h> header file. */
-#undef HAVE_INTTYPES_H
-
-/* Define to 1 if you have the `network' library (-lnetwork). */
-#undef HAVE_LIBNETWORK
-
-/* Define to 1 if you have the <memory.h> header file. */
-#undef HAVE_MEMORY_H
-
-/* Define if you have POSIX threads libraries and header files. */
-#undef HAVE_PTHREAD
-
-/* Define to 1 if you have the <stdint.h> header file. */
-#undef HAVE_STDINT_H
-
-/* Define to 1 if you have the <stdlib.h> header file. */
-#undef HAVE_STDLIB_H
-
-/* Define to 1 if you have the <strings.h> header file. */
-#undef HAVE_STRINGS_H
-
-/* Define to 1 if you have the <string.h> header file. */
-#undef HAVE_STRING_H
-
-/* Define to 1 if you have the <sys/stat.h> header file. */
-#undef HAVE_SYS_STAT_H
-
-/* Define to 1 if you have the <sys/types.h> header file. */
-#undef HAVE_SYS_TYPES_H
-
-/* Define to 1 if you have the <unistd.h> header file. */
-#undef HAVE_UNISTD_H
-
-/* Define to the sub-directory in which libtool stores uninstalled libraries.
-   */
-#undef LT_OBJDIR
-
-/* Define to 1 if your C compiler doesn't accept -c and -o together. */
-#undef NO_MINUS_C_MINUS_O
-
-/* Name of package */
-#undef PACKAGE
-
-/* Define to the address where bug reports for this package should be sent. */
-#undef PACKAGE_BUGREPORT
-
-/* Define to the full name of this package. */
-#undef PACKAGE_NAME
-
-/* Define to the full name and version of this package. */
-#undef PACKAGE_STRING
-
-/* Define to the one symbol short name of this package. */
-#undef PACKAGE_TARNAME
-
-/* Define to the version of this package. */
-#undef PACKAGE_VERSION
-
-/* Define to necessary symbol if this constant uses a non-standard name on
-   your system. */
-#undef PTHREAD_CREATE_JOINABLE
-
-/* The size of `long', as computed by sizeof. */
-#undef SIZEOF_LONG
-
-/* The size of `long long', as computed by sizeof. */
-#undef SIZEOF_LONG_LONG
-
-/* Define to 1 if you have the ANSI C header files. */
-#undef STDC_HEADERS
-
-/* Version number of package */
-#undef VERSION
-
-/* Define to 1 if your processor stores words with the most significant byte
-   first (like Motorola and SPARC, unlike Intel and VAX). */
-#undef WORDS_BIGENDIAN

ctaocrypt/include/ctc_rsa.h

@@ -1,74 +0,0 @@
-/* ctc_rsa.h
- *
- * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
- *
- * This file is part of CyaSSL.
- *
- * CyaSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * CyaSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
- */
-
-
-#ifndef CTAO_CRYPT_RSA_H
-#define CTAO_CRYPT_RSA_H
-
-#include "types.h"
-#include "integer.h"
-#include "random.h"
-
-#ifdef __cplusplus
-    extern "C" {
-#endif
-
-
-enum {
-    RSA_PUBLIC   = 0,
-    RSA_PRIVATE  = 1
-};
-
-/* RSA */
-typedef struct RsaKey {
-    mp_int n, e, d, p, q, dP, dQ, u;
-    int   type;                               /* public or private */
-    void* heap;                               /* for user memory overrides */
-} RsaKey;
-
-
-void InitRsaKey(RsaKey* key, void*);
-void FreeRsaKey(RsaKey* key);
-
-int  RsaPublicEncrypt(const byte* in, word32 inLen, byte* out, word32 outLen,
-                      RsaKey* key, RNG* rng);
-int  RsaPrivateDecryptInline(byte* in, word32 inLen, byte** out, RsaKey* key);
-int  RsaPrivateDecrypt(const byte* in, word32 inLen, byte* out, word32 outLen,
-                       RsaKey* key);
-int  RsaSSL_Sign(const byte* in, word32 inLen, byte* out, word32 outLen,
-                 RsaKey* key, RNG* rng);
-int  RsaSSL_VerifyInline(byte* in, word32 inLen, byte** out, RsaKey* key);
-int  RsaSSL_Verify(const byte* in, word32 inLen, byte* out, word32 outLen,
-                   RsaKey* key);
-
-int  RsaEncryptSize(RsaKey* key);
-
-#ifdef CYASSL_KEY_GEN
-    int MakeRsaKey(RsaKey* key, int size, long e, RNG* rng);
-#endif
-
-
-#ifdef __cplusplus
-    } /* extern "C" */
-#endif
-
-#endif /* CTAO_CRYPT_RSA_H */
-

ctaocrypt/src/Makefile.am

@@ -1,2 +0,0 @@
-EXTRA_DIST = ../include/*.h *.c *.i
-

ctaocrypt/src/aes.c

@@ -1,6 +1,6 @@
 /* aes.c
  *
- * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ * Copyright (C) 2006-2012 Sawtooth Consulting Ltd.
  *
  * This file is part of CyaSSL.
  *
@@ -19,13 +19,25 @@
  * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
  */
 
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
 #ifndef NO_AES
 
-#include "ctc_aes.h"
+#include <cyassl/ctaocrypt/aes.h>
+#include <cyassl/ctaocrypt/error.h>
+#include <cyassl/ctaocrypt/logging.h>
 #ifdef NO_INLINE
-    #include "misc.h"
+    #include <cyassl/ctaocrypt/misc.h>
 #else
-    #include "misc.c"
+    #include <ctaocrypt/src/misc.c>
+#endif
+
+
+#ifdef _MSC_VER
+    /* 4127 warning constant while(1)  */
+    #pragma warning(disable: 4127)
 #endif
 
 
@@ -712,10 +724,25 @@ static const word32 Td[5][256] = {
 
 #ifdef CYASSL_AESNI
 
-#define cpuid(func,ax,bx,cx,dx)\
+#ifndef _MSC_VER
+
+    #define cpuid(func,ax,bx,cx,dx)\
         __asm__ __volatile__ ("cpuid":\
                        "=a" (ax), "=b" (bx), "=c" (cx), "=d" (dx) : "a" (func));
 
+#else
+
+    #define cpuid(func,ax,bx,cx,dx)\
+        __asm mov eax, func \
+        __asm cpuid \
+        __asm mov ax, eax \
+        __asm mov bx, ebx \
+        __asm mov cx, ecx \
+        __asm mov dx, edx
+
+#endif /* _MSC_VER */
+
+            
 static int Check_CPU_support_AES()
 {
     unsigned int a,b,c,d;
@@ -754,7 +781,7 @@ int AES_set_encrypt_key (const unsigned char *userKey, const int bits,
                          Aes* aes)
 { 
     if (!userKey || !aes)
-        return -1;
+        return BAD_FUNC_ARG;
     
     if (bits == 128) {
        AES_128_Key_Expansion (userKey,(byte*)aes->key); aes->rounds = 10;
@@ -768,7 +795,7 @@ int AES_set_encrypt_key (const unsigned char *userKey, const int bits,
        AES_256_Key_Expansion (userKey,(byte*)aes->key); aes->rounds = 14;
        return 0;
     }
-    return -1;
+    return BAD_FUNC_ARG;
 }
 
 
@@ -781,10 +808,10 @@ int AES_set_decrypt_key (const unsigned char* userKey, const int bits,
     __m128i *Temp_Key_Schedule = (__m128i*)temp_key.key;
     
     if (!userKey || !aes)
-        return -1;
+        return BAD_FUNC_ARG;
 
-    if (AES_set_encrypt_key(userKey,bits,&temp_key) == -1)
-        return -1;
+    if (AES_set_encrypt_key(userKey,bits,&temp_key) == BAD_FUNC_ARG)
+        return BAD_FUNC_ARG;
 
     nr = temp_key.rounds;
     aes->rounds = nr;
@@ -820,14 +847,26 @@ int AES_set_decrypt_key (const unsigned char* userKey, const int bits,
 #endif /* CYASSL_AESNI */
 
 
+int AesSetIV(Aes* aes, const byte* iv)
+{
+    if (aes == NULL)
+        return BAD_FUNC_ARG;
+
+    if (iv)
+        XMEMCPY(aes->reg, iv, AES_BLOCK_SIZE);
+
+    return 0;
+}
+
+
 int AesSetKey(Aes* aes, const byte* userKey, word32 keylen, const byte* iv,
-               int dir)
+              int dir)
 {
     word32 temp, *rk = aes->key;
     unsigned int i = 0;
 
     if (!((keylen == 16) || (keylen == 24) || (keylen == 32)))
-        return -1;
+        return BAD_FUNC_ARG;
 
 #ifdef CYASSL_AESNI
     if (checkAESNI == 0) {
@@ -835,7 +874,8 @@ int AesSetKey(Aes* aes, const byte* userKey, word32 keylen, const byte* iv,
         checkAESNI = 1;
     }
     if (haveAESNI) {
-        XMEMCPY(aes->reg, iv, AES_BLOCK_SIZE);
+        if (iv)
+            XMEMCPY(aes->reg, iv, AES_BLOCK_SIZE);
         if (dir == AES_ENCRYPTION)
             return AES_set_encrypt_key(userKey, keylen * 8, aes);
         else
@@ -920,11 +960,14 @@ int AesSetKey(Aes* aes, const byte* userKey, word32 keylen, const byte* iv,
             rk += 8;
         }
         break;
+
+    default:
+        return BAD_FUNC_ARG;
     }
 
     if (dir == AES_DECRYPTION)
     {
-        unsigned int i, j;
+        unsigned int j;
         rk = aes->key;
 
         /* invert the order of the round keys: */
@@ -960,19 +1003,22 @@ int AesSetKey(Aes* aes, const byte* userKey, word32 keylen, const byte* iv,
                 Td[3][Te[4][GETBYTE(rk[3], 0)] & 0xff];
         }
     }
-    XMEMCPY(aes->reg, iv, AES_BLOCK_SIZE);
 
-    return 0;
+    return AesSetIV(aes, iv);
 }
 
 
-void AesEncrypt(Aes* aes, const byte* inBlock, byte* outBlock)
+static void AesEncrypt(Aes* aes, const byte* inBlock, byte* outBlock)
 {
     word32 s0, s1, s2, s3;
     word32 t0, t1, t2, t3;
     word32 r = aes->rounds >> 1;
 
     const word32* rk = aes->key;
+    if (r > 7 || r == 0) {
+        CYASSL_MSG("AesEncrypt encountered improper key, set it up");
+        return;  /* stop instead of segfaulting, set up your keys! */
+    }
     /*
      * map byte array block to cipher state
      * and add initial round key:
@@ -1100,13 +1146,17 @@ void AesEncrypt(Aes* aes, const byte* inBlock, byte* outBlock)
 }
 
 
-void AesDecrypt(Aes* aes, const byte* inBlock, byte* outBlock)
+static void AesDecrypt(Aes* aes, const byte* inBlock, byte* outBlock)
 {
     word32 s0, s1, s2, s3;
     word32 t0, t1, t2, t3;
     word32 r = aes->rounds >> 1;
 
     const word32* rk = aes->key;
+    if (r > 7 || r == 0) {
+        CYASSL_MSG("AesDecrypt encountered improper key, set it up");
+        return;  /* stop instead of segfaulting, set up your keys! */
+    }
     /*
      * map byte array block to cipher state
      * and add initial round key:
@@ -1282,7 +1332,7 @@ void AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
             printf("sz = %d\n", sz);
         #endif
 
-        /* if input and output same will overwirte input iv */
+        /* if input and output same will overwrite input iv */
         XMEMCPY(aes->tmp, in + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
         AES_CBC_decrypt(in, out, (byte*)aes->reg, sz, (byte*)aes->key,
                         aes->rounds);
@@ -1304,5 +1354,803 @@ void AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
 }
 
 
+#ifdef CYASSL_AES_DIRECT
+
+/* Allow direct access to one block encrypt */
+void AesEncryptDirect(Aes* aes, byte* out, const byte* in)
+{
+    return AesEncrypt(aes, in, out);
+}
+
+
+/* Allow direct access to one block decrypt */
+void AesDecryptDirect(Aes* aes, byte* out, const byte* in)
+{
+    return AesDecrypt(aes, in, out);
+}
+
+
+#endif /* CYASSL_AES_DIRECT */
+
+
+#ifdef CYASSL_AES_COUNTER
+
+/* Increment AES counter */
+static INLINE void IncrementAesCounter(byte* inOutCtr)
+{
+    int i;
+
+    /* in network byte order so start at end and work back */
+    for (i = AES_BLOCK_SIZE - 1; i >= 0; i--) {
+        if (++inOutCtr[i])  /* we're done unless we overflow */
+            return;
+    }
+}
+  
+
+void AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
+{
+    word32 blocks = sz / AES_BLOCK_SIZE;
+
+    while (blocks--) {
+        AesEncrypt(aes, (byte*)aes->reg, out);
+        IncrementAesCounter((byte*)aes->reg);
+        xorbuf(out, in, AES_BLOCK_SIZE);
+
+        out += AES_BLOCK_SIZE;
+        in  += AES_BLOCK_SIZE; 
+    }
+}
+
+#endif /* CYASSL_AES_COUNTER */
+
+
+#ifdef HAVE_AESGCM
+
+/*
+ * The IV for AES GCM, stored in struct Aes's member reg, is comprised of
+ * three parts in order:
+ *   1. The implicit IV. This is generated from the PRF using the shared
+ *      secrets between endpoints. It is 4 bytes long.
+ *   2. The explicit IV. This is set by the user of the AES. It needs to be
+ *      unique for each call to encrypt. The explicit IV is shared with the
+ *      other end of the transaction in the clear.
+ *   3. The counter. Each block of data is encrypted with its own sequence
+ *      number counter.
+ */
+
+enum {
+    IMPLICIT_IV_SZ = 4,
+    EXPLICIT_IV_SZ = 8,
+    CTR_SZ = 4
+};
+
+
+static INLINE void InitGcmCounter(byte* inOutCtr)
+{
+    inOutCtr[AES_BLOCK_SIZE - 4] = 0;
+    inOutCtr[AES_BLOCK_SIZE - 3] = 0;
+    inOutCtr[AES_BLOCK_SIZE - 2] = 0;
+    inOutCtr[AES_BLOCK_SIZE - 1] = 1;
+}
+
+
+static INLINE void IncrementGcmCounter(byte* inOutCtr)
+{
+    int i;
+
+    /* in network byte order so start at end and work back */
+    for (i = AES_BLOCK_SIZE - 1; i >= AES_BLOCK_SIZE - CTR_SZ; i--) {
+        if (++inOutCtr[i])  /* we're done unless we overflow */
+            return;
+    }
+}
+
+
+/*
+ * The explicit IV is set by the caller. A common practice is to treat it as
+ * a sequence number seeded with a random number. The caller manages
+ * incrementing the explicit IV when appropriate.
+ */
+
+void AesGcmSetExpIV(Aes* aes, const byte* iv)
+{
+    XMEMCPY((byte*)aes->reg + IMPLICIT_IV_SZ, iv, EXPLICIT_IV_SZ);
+}
+
+
+void AesGcmGetExpIV(Aes* aes, byte* iv)
+{
+    XMEMCPY(iv, (byte*)aes->reg + IMPLICIT_IV_SZ, EXPLICIT_IV_SZ);
+}
+
+
+void AesGcmIncExpIV(Aes* aes)
+{
+    int i;
+    byte* iv = (byte*)aes->reg + IMPLICIT_IV_SZ;
+
+    for (i = EXPLICIT_IV_SZ - 1; i >= 0; i--) {
+        if (++iv[i])
+            return;
+    }
+}
+
+
+#if defined(GCM_SMALL) || defined(GCM_TABLE)
+
+static INLINE void FlattenSzInBits(byte* buf, word32 sz)
+{
+    /* Multiply the sz by 8 */
+    word32 szHi = (sz >> (8*sizeof(sz) - 3));
+    sz <<= 3;
+
+    /* copy over the words of the sz into the destination buffer */
+    buf[0] = (szHi >> 24) & 0xff;
+    buf[1] = (szHi >> 16) & 0xff;
+    buf[2] = (szHi >>  8) & 0xff;
+    buf[3] = szHi & 0xff;
+    buf[4] = (sz >> 24) & 0xff;
+    buf[5] = (sz >> 16) & 0xff;
+    buf[6] = (sz >>  8) & 0xff;
+    buf[7] = sz & 0xff;
+}
+
+
+static INLINE void RIGHTSHIFTX(byte* x)
+{
+    int i;
+    int carryOut = 0;
+    int carryIn = 0;
+    int borrow = x[15] & 0x01;
+
+    for (i = 0; i < AES_BLOCK_SIZE; i++) {
+        carryOut = x[i] & 0x01;
+        x[i] = (x[i] >> 1) | (carryIn ? 0x80 : 0);
+        carryIn = carryOut;
+    }
+    if (borrow) x[0] ^= 0xE1;
+}
+
+#endif /* defined(GCM_SMALL) || defined(GCM_TABLE) */
+
+
+#ifdef GCM_TABLE
+
+static void GenerateM0(Aes* aes)
+{
+    int i, j;
+    byte (*m)[AES_BLOCK_SIZE] = aes->M0;
+
+    XMEMCPY(m[128], aes->H, AES_BLOCK_SIZE);
+
+    for (i = 64; i > 0; i /= 2) {
+        XMEMCPY(m[i], m[i*2], AES_BLOCK_SIZE);
+        RIGHTSHIFTX(m[i]);
+    }
+
+    for (i = 2; i < 256; i *= 2) {
+        for (j = 1; j < i; j++) {
+            XMEMCPY(m[i+j], m[i], AES_BLOCK_SIZE);
+            xorbuf(m[i+j], m[j], AES_BLOCK_SIZE);
+        }
+    }
+
+    XMEMSET(m[0], 0, AES_BLOCK_SIZE);
+}
+
+#endif /* GCM_TABLE */
+
+
+void AesGcmSetKey(Aes* aes, const byte* key, word32 len,
+                                                    const byte* implicitIV)
+{
+    byte fullIV[AES_BLOCK_SIZE];
+
+    XMEMSET(fullIV, 0, AES_BLOCK_SIZE);
+    XMEMCPY(fullIV, implicitIV, IMPLICIT_IV_SZ);
+    AesSetKey(aes, key, len, fullIV, AES_ENCRYPTION);
+
+    XMEMSET(fullIV, 0, AES_BLOCK_SIZE);
+    AesEncrypt(aes, fullIV, aes->H);
+#ifdef GCM_TABLE
+    GenerateM0(aes);
+#endif /* GCM_TABLE */
+}
+
+
+#if defined(GCM_SMALL)
+
+static void GMULT(byte* X, byte* Y)
+{
+    byte Z[AES_BLOCK_SIZE];
+    byte V[AES_BLOCK_SIZE];
+    int i, j;
+
+    XMEMSET(Z, 0, AES_BLOCK_SIZE);
+    XMEMCPY(V, X, AES_BLOCK_SIZE);
+    for (i = 0; i < AES_BLOCK_SIZE; i++)
+    {
+        byte y = Y[i];
+        for (j = 0; j < 8; j++)
+        {
+            if (y & 0x80) {
+                xorbuf(Z, V, AES_BLOCK_SIZE);
+            }
+
+            RIGHTSHIFTX(V);
+            y = y << 1;
+        }
+    }
+    XMEMCPY(X, Z, AES_BLOCK_SIZE);
+}
+
+
+static void GHASH(Aes* aes, const byte* a, word32 aSz,
+                                const byte* c, word32 cSz, byte* s, word32 sSz)
+{
+    byte x[AES_BLOCK_SIZE];
+    byte scratch[AES_BLOCK_SIZE];
+    word32 blocks, partial;
+    byte* h = aes->H;
+
+    XMEMSET(x, 0, AES_BLOCK_SIZE);
+
+    /* Hash in A, the Additional Authentication Data */
+    if (aSz != 0 && a != NULL) {
+        blocks = aSz / AES_BLOCK_SIZE;
+        partial = aSz % AES_BLOCK_SIZE;
+        while (blocks--) {
+            xorbuf(x, a, AES_BLOCK_SIZE);
+            GMULT(x, h);
+            a += AES_BLOCK_SIZE;
+        }
+        if (partial != 0) {
+            XMEMSET(scratch, 0, AES_BLOCK_SIZE);
+            XMEMCPY(scratch, a, partial);
+            xorbuf(x, scratch, AES_BLOCK_SIZE);
+            GMULT(x, h);
+        }
+    }
+
+    /* Hash in C, the Ciphertext */
+    if (cSz != 0 && c != NULL) {
+        blocks = cSz / AES_BLOCK_SIZE;
+        partial = cSz % AES_BLOCK_SIZE;
+        while (blocks--) {
+            xorbuf(x, c, AES_BLOCK_SIZE);
+            GMULT(x, h);
+            c += AES_BLOCK_SIZE;
+        }
+        if (partial != 0) {
+            XMEMSET(scratch, 0, AES_BLOCK_SIZE);
+            XMEMCPY(scratch, c, partial);
+            xorbuf(x, scratch, AES_BLOCK_SIZE);
+            GMULT(x, h);
+        }
+    }
+
+    /* Hash in the lengths of A and C in bits */
+    FlattenSzInBits(&scratch[0], aSz);
+    FlattenSzInBits(&scratch[8], cSz);
+    xorbuf(x, scratch, AES_BLOCK_SIZE);
+    GMULT(x, h);
+
+    /* Copy the result into s. */
+    XMEMCPY(s, x, sSz);
+}
+
+/* end GCM_SMALL */
+#elif defined(GCM_TABLE)
+
+static const byte R[256][2] = {
+    {0x00, 0x00}, {0x01, 0xc2}, {0x03, 0x84}, {0x02, 0x46},
+    {0x07, 0x08}, {0x06, 0xca}, {0x04, 0x8c}, {0x05, 0x4e},
+    {0x0e, 0x10}, {0x0f, 0xd2}, {0x0d, 0x94}, {0x0c, 0x56},
+    {0x09, 0x18}, {0x08, 0xda}, {0x0a, 0x9c}, {0x0b, 0x5e},
+    {0x1c, 0x20}, {0x1d, 0xe2}, {0x1f, 0xa4}, {0x1e, 0x66},
+    {0x1b, 0x28}, {0x1a, 0xea}, {0x18, 0xac}, {0x19, 0x6e},
+    {0x12, 0x30}, {0x13, 0xf2}, {0x11, 0xb4}, {0x10, 0x76},
+    {0x15, 0x38}, {0x14, 0xfa}, {0x16, 0xbc}, {0x17, 0x7e},
+    {0x38, 0x40}, {0x39, 0x82}, {0x3b, 0xc4}, {0x3a, 0x06},
+    {0x3f, 0x48}, {0x3e, 0x8a}, {0x3c, 0xcc}, {0x3d, 0x0e},
+    {0x36, 0x50}, {0x37, 0x92}, {0x35, 0xd4}, {0x34, 0x16},
+    {0x31, 0x58}, {0x30, 0x9a}, {0x32, 0xdc}, {0x33, 0x1e},
+    {0x24, 0x60}, {0x25, 0xa2}, {0x27, 0xe4}, {0x26, 0x26},
+    {0x23, 0x68}, {0x22, 0xaa}, {0x20, 0xec}, {0x21, 0x2e},
+    {0x2a, 0x70}, {0x2b, 0xb2}, {0x29, 0xf4}, {0x28, 0x36},
+    {0x2d, 0x78}, {0x2c, 0xba}, {0x2e, 0xfc}, {0x2f, 0x3e},
+    {0x70, 0x80}, {0x71, 0x42}, {0x73, 0x04}, {0x72, 0xc6},
+    {0x77, 0x88}, {0x76, 0x4a}, {0x74, 0x0c}, {0x75, 0xce},
+    {0x7e, 0x90}, {0x7f, 0x52}, {0x7d, 0x14}, {0x7c, 0xd6},
+    {0x79, 0x98}, {0x78, 0x5a}, {0x7a, 0x1c}, {0x7b, 0xde},
+    {0x6c, 0xa0}, {0x6d, 0x62}, {0x6f, 0x24}, {0x6e, 0xe6},
+    {0x6b, 0xa8}, {0x6a, 0x6a}, {0x68, 0x2c}, {0x69, 0xee},
+    {0x62, 0xb0}, {0x63, 0x72}, {0x61, 0x34}, {0x60, 0xf6},
+    {0x65, 0xb8}, {0x64, 0x7a}, {0x66, 0x3c}, {0x67, 0xfe},
+    {0x48, 0xc0}, {0x49, 0x02}, {0x4b, 0x44}, {0x4a, 0x86},
+    {0x4f, 0xc8}, {0x4e, 0x0a}, {0x4c, 0x4c}, {0x4d, 0x8e},
+    {0x46, 0xd0}, {0x47, 0x12}, {0x45, 0x54}, {0x44, 0x96},
+    {0x41, 0xd8}, {0x40, 0x1a}, {0x42, 0x5c}, {0x43, 0x9e},
+    {0x54, 0xe0}, {0x55, 0x22}, {0x57, 0x64}, {0x56, 0xa6},
+    {0x53, 0xe8}, {0x52, 0x2a}, {0x50, 0x6c}, {0x51, 0xae},
+    {0x5a, 0xf0}, {0x5b, 0x32}, {0x59, 0x74}, {0x58, 0xb6},
+    {0x5d, 0xf8}, {0x5c, 0x3a}, {0x5e, 0x7c}, {0x5f, 0xbe},
+    {0xe1, 0x00}, {0xe0, 0xc2}, {0xe2, 0x84}, {0xe3, 0x46},
+    {0xe6, 0x08}, {0xe7, 0xca}, {0xe5, 0x8c}, {0xe4, 0x4e},
+    {0xef, 0x10}, {0xee, 0xd2}, {0xec, 0x94}, {0xed, 0x56},
+    {0xe8, 0x18}, {0xe9, 0xda}, {0xeb, 0x9c}, {0xea, 0x5e},
+    {0xfd, 0x20}, {0xfc, 0xe2}, {0xfe, 0xa4}, {0xff, 0x66},
+    {0xfa, 0x28}, {0xfb, 0xea}, {0xf9, 0xac}, {0xf8, 0x6e},
+    {0xf3, 0x30}, {0xf2, 0xf2}, {0xf0, 0xb4}, {0xf1, 0x76},
+    {0xf4, 0x38}, {0xf5, 0xfa}, {0xf7, 0xbc}, {0xf6, 0x7e},
+    {0xd9, 0x40}, {0xd8, 0x82}, {0xda, 0xc4}, {0xdb, 0x06},
+    {0xde, 0x48}, {0xdf, 0x8a}, {0xdd, 0xcc}, {0xdc, 0x0e},
+    {0xd7, 0x50}, {0xd6, 0x92}, {0xd4, 0xd4}, {0xd5, 0x16},
+    {0xd0, 0x58}, {0xd1, 0x9a}, {0xd3, 0xdc}, {0xd2, 0x1e},
+    {0xc5, 0x60}, {0xc4, 0xa2}, {0xc6, 0xe4}, {0xc7, 0x26},
+    {0xc2, 0x68}, {0xc3, 0xaa}, {0xc1, 0xec}, {0xc0, 0x2e},
+    {0xcb, 0x70}, {0xca, 0xb2}, {0xc8, 0xf4}, {0xc9, 0x36},
+    {0xcc, 0x78}, {0xcd, 0xba}, {0xcf, 0xfc}, {0xce, 0x3e},
+    {0x91, 0x80}, {0x90, 0x42}, {0x92, 0x04}, {0x93, 0xc6},
+    {0x96, 0x88}, {0x97, 0x4a}, {0x95, 0x0c}, {0x94, 0xce},
+    {0x9f, 0x90}, {0x9e, 0x52}, {0x9c, 0x14}, {0x9d, 0xd6},
+    {0x98, 0x98}, {0x99, 0x5a}, {0x9b, 0x1c}, {0x9a, 0xde},
+    {0x8d, 0xa0}, {0x8c, 0x62}, {0x8e, 0x24}, {0x8f, 0xe6},
+    {0x8a, 0xa8}, {0x8b, 0x6a}, {0x89, 0x2c}, {0x88, 0xee},
+    {0x83, 0xb0}, {0x82, 0x72}, {0x80, 0x34}, {0x81, 0xf6},
+    {0x84, 0xb8}, {0x85, 0x7a}, {0x87, 0x3c}, {0x86, 0xfe},
+    {0xa9, 0xc0}, {0xa8, 0x02}, {0xaa, 0x44}, {0xab, 0x86},
+    {0xae, 0xc8}, {0xaf, 0x0a}, {0xad, 0x4c}, {0xac, 0x8e},
+    {0xa7, 0xd0}, {0xa6, 0x12}, {0xa4, 0x54}, {0xa5, 0x96},
+    {0xa0, 0xd8}, {0xa1, 0x1a}, {0xa3, 0x5c}, {0xa2, 0x9e},
+    {0xb5, 0xe0}, {0xb4, 0x22}, {0xb6, 0x64}, {0xb7, 0xa6},
+    {0xb2, 0xe8}, {0xb3, 0x2a}, {0xb1, 0x6c}, {0xb0, 0xae},
+    {0xbb, 0xf0}, {0xba, 0x32}, {0xb8, 0x74}, {0xb9, 0xb6},
+    {0xbc, 0xf8}, {0xbd, 0x3a}, {0xbf, 0x7c}, {0xbe, 0xbe} };
+
+
+static void GMULT(byte *x, byte m[256][AES_BLOCK_SIZE])
+{
+    int i, j;
+    byte Z[AES_BLOCK_SIZE];
+    byte a;
+
+    XMEMSET(Z, 0, sizeof(Z));
+
+    for (i = 15; i > 0; i--) {
+        xorbuf(Z, m[x[i]], AES_BLOCK_SIZE);
+        a = Z[15];
+
+        for (j = 15; j > 0; j--) {
+            Z[j] = Z[j-1];
+        }
+
+        Z[0] = R[a][0];
+        Z[1] ^= R[a][1];
+    }
+    xorbuf(Z, m[x[0]], AES_BLOCK_SIZE);
+
+    XMEMCPY(x, Z, AES_BLOCK_SIZE);
+}
+
+
+static void GHASH(Aes* aes, const byte* a, word32 aSz,
+                                const byte* c, word32 cSz, byte* s, word32 sSz)
+{
+    byte x[AES_BLOCK_SIZE];
+    byte scratch[AES_BLOCK_SIZE];
+    word32 blocks, partial;
+
+    XMEMSET(x, 0, AES_BLOCK_SIZE);
+
+    /* Hash in A, the Additional Authentication Data */
+    if (aSz != 0 && a != NULL) {
+        blocks = aSz / AES_BLOCK_SIZE;
+        partial = aSz % AES_BLOCK_SIZE;
+        while (blocks--) {
+            xorbuf(x, a, AES_BLOCK_SIZE);
+            GMULT(x, aes->M0);
+            a += AES_BLOCK_SIZE;
+        }
+        if (partial != 0) {
+            XMEMSET(scratch, 0, AES_BLOCK_SIZE);
+            XMEMCPY(scratch, a, partial);
+            xorbuf(x, scratch, AES_BLOCK_SIZE);
+            GMULT(x, aes->M0);
+        }
+    }
+
+    /* Hash in C, the Ciphertext */
+    if (cSz != 0 && c != NULL) {
+        blocks = cSz / AES_BLOCK_SIZE;
+        partial = cSz % AES_BLOCK_SIZE;
+        while (blocks--) {
+            xorbuf(x, c, AES_BLOCK_SIZE);
+            GMULT(x, aes->M0);
+            c += AES_BLOCK_SIZE;
+        }
+        if (partial != 0) {
+            XMEMSET(scratch, 0, AES_BLOCK_SIZE);
+            XMEMCPY(scratch, c, partial);
+            xorbuf(x, scratch, AES_BLOCK_SIZE);
+            GMULT(x, aes->M0);
+        }
+    }
+
+    /* Hash in the lengths of A and C in bits */
+    FlattenSzInBits(&scratch[0], aSz);
+    FlattenSzInBits(&scratch[8], cSz);
+    xorbuf(x, scratch, AES_BLOCK_SIZE);
+    GMULT(x, aes->M0);
+
+    /* Copy the result into s. */
+    XMEMCPY(s, x, sSz);
+}
+
+/* end GCM_TABLE */
+#elif defined(WORD64_AVAILABLE) && !defined(GCM_WORD32)
+
+static void GMULT(word64* X, word64* Y)
+{
+    word64 Z[2] = {0,0};
+    word64 V[2] = {X[0], X[1]};
+    int i, j;
+
+    for (i = 0; i < 2; i++)
+    {
+        word64 y = Y[i];
+        for (j = 0; j < 64; j++)
+        {
+            if (y & 0x8000000000000000) {
+                Z[0] ^= V[0];
+                Z[1] ^= V[1];
+            }
+
+            if (V[1] & 0x0000000000000001) {
+                V[1] >>= 1;
+                V[1] |= ((V[0] & 0x0000000000000001) ? 0x8000000000000000 : 0);
+                V[0] >>= 1;
+                V[0] ^= 0xE100000000000000;
+            }
+            else {
+                V[1] >>= 1;
+                V[1] |= ((V[0] & 0x0000000000000001) ? 0x8000000000000000 : 0);
+                V[0] >>= 1;
+            }
+            y <<= 1;
+        }
+    }
+    X[0] = Z[0];
+    X[1] = Z[1];
+}
+
+
+static void GHASH(Aes* aes, const byte* a, word32 aSz,
+                                const byte* c, word32 cSz, byte* s, word32 sSz)
+{
+    word64 x[2] = {0,0};
+    word32 blocks, partial;
+    word64 bigH[2];
+
+    XMEMCPY(bigH, aes->H, AES_BLOCK_SIZE);
+    #ifdef LITTLE_ENDIAN_ORDER
+        ByteReverseWords64(bigH, bigH, AES_BLOCK_SIZE); 
+    #endif
+
+    /* Hash in A, the Additional Authentication Data */
+    if (aSz != 0 && a != NULL) {
+        word64 bigA[2];
+        blocks = aSz / AES_BLOCK_SIZE;
+        partial = aSz % AES_BLOCK_SIZE;
+        while (blocks--) {
+            XMEMCPY(bigA, a, AES_BLOCK_SIZE);
+            #ifdef LITTLE_ENDIAN_ORDER
+                ByteReverseWords64(bigA, bigA, AES_BLOCK_SIZE);
+            #endif
+            x[0] ^= bigA[0];
+            x[1] ^= bigA[1];
+            GMULT(x, bigH);
+            a += AES_BLOCK_SIZE;
+        }
+        if (partial != 0) {
+            XMEMSET(bigA, 0, AES_BLOCK_SIZE);
+            XMEMCPY(bigA, a, partial);
+            #ifdef LITTLE_ENDIAN_ORDER
+                ByteReverseWords64(bigA, bigA, AES_BLOCK_SIZE);
+            #endif
+            x[0] ^= bigA[0];
+            x[1] ^= bigA[1];
+            GMULT(x, bigH);
+        }
+    }
+
+    /* Hash in C, the Ciphertext */
+    if (cSz != 0 && c != NULL) {
+        word64 bigC[2];
+        blocks = cSz / AES_BLOCK_SIZE;
+        partial = cSz % AES_BLOCK_SIZE;
+        while (blocks--) {
+            XMEMCPY(bigC, c, AES_BLOCK_SIZE);
+            #ifdef LITTLE_ENDIAN_ORDER
+                ByteReverseWords64(bigC, bigC, AES_BLOCK_SIZE);
+            #endif
+            x[0] ^= bigC[0];
+            x[1] ^= bigC[1];
+            GMULT(x, bigH);
+            c += AES_BLOCK_SIZE;
+        }
+        if (partial != 0) {
+            XMEMSET(bigC, 0, AES_BLOCK_SIZE);
+            XMEMCPY(bigC, c, partial);
+            #ifdef LITTLE_ENDIAN_ORDER
+                ByteReverseWords64(bigC, bigC, AES_BLOCK_SIZE);
+            #endif
+            x[0] ^= bigC[0];
+            x[1] ^= bigC[1];
+            GMULT(x, bigH);
+        }
+    }
+
+    /* Hash in the lengths in bits of A and C */
+    {
+        word64 len[2] = {aSz, cSz};
+
+        /* Lengths are in bytes. Convert to bits. */
+        len[0] *= 8;
+        len[1] *= 8;
+
+        x[0] ^= len[0];
+        x[1] ^= len[1];
+        GMULT(x, bigH);
+    }
+    #ifdef LITTLE_ENDIAN_ORDER
+        ByteReverseWords64(x, x, AES_BLOCK_SIZE);
+    #endif
+    XMEMCPY(s, x, sSz);
+}
+
+/* end defined(WORD64_AVAILABLE) && !defined(GCM_WORD32) */
+#else /* GCM_WORD32 */
+
+static void GMULT(word32* X, word32* Y)
+{
+    word32 Z[4] = {0,0,0,0};
+    word32 V[4] = {X[0], X[1], X[2], X[3]};
+    int i, j;
+
+    for (i = 0; i < 4; i++)
+    {
+        word32 y = Y[i];
+        for (j = 0; j < 32; j++)
+        {
+            if (y & 0x80000000) {
+                Z[0] ^= V[0];
+                Z[1] ^= V[1];
+                Z[2] ^= V[2];
+                Z[3] ^= V[3];
+            }
+
+            if (V[3] & 0x00000001) {
+                V[3] >>= 1;
+                V[3] |= ((V[2] & 0x00000001) ? 0x80000000 : 0);
+                V[2] >>= 1;
+                V[2] |= ((V[1] & 0x00000001) ? 0x80000000 : 0);
+                V[1] >>= 1;
+                V[1] |= ((V[0] & 0x00000001) ? 0x80000000 : 0);
+                V[0] >>= 1;
+                V[0] ^= 0xE1000000;
+            } else {
+                V[3] >>= 1;
+                V[3] |= ((V[2] & 0x00000001) ? 0x80000000 : 0);
+                V[2] >>= 1;
+                V[2] |= ((V[1] & 0x00000001) ? 0x80000000 : 0);
+                V[1] >>= 1;
+                V[1] |= ((V[0] & 0x00000001) ? 0x80000000 : 0);
+                V[0] >>= 1;
+            }
+            y <<= 1;
+        }
+    }
+    X[0] = Z[0];
+    X[1] = Z[1];
+    X[2] = Z[2];
+    X[3] = Z[3];
+}
+
+
+static void GHASH(Aes* aes, const byte* a, word32 aSz,
+                                const byte* c, word32 cSz, byte* s, word32 sSz)
+{
+    word32 x[4] = {0,0,0,0};
+    word32 blocks, partial;
+    word32 bigH[4];
+
+    XMEMCPY(bigH, aes->H, AES_BLOCK_SIZE);
+    #ifdef LITTLE_ENDIAN_ORDER
+        ByteReverseWords(bigH, bigH, AES_BLOCK_SIZE); 
+    #endif
+
+    /* Hash in A, the Additional Authentication Data */
+    if (aSz != 0 && a != NULL) {
+        word32 bigA[4];
+        blocks = aSz / AES_BLOCK_SIZE;
+        partial = aSz % AES_BLOCK_SIZE;
+        while (blocks--) {
+            XMEMCPY(bigA, a, AES_BLOCK_SIZE);
+            #ifdef LITTLE_ENDIAN_ORDER
+                ByteReverseWords(bigA, bigA, AES_BLOCK_SIZE);
+            #endif
+            x[0] ^= bigA[0];
+            x[1] ^= bigA[1];
+            x[2] ^= bigA[2];
+            x[3] ^= bigA[3];
+            GMULT(x, bigH);
+            a += AES_BLOCK_SIZE;
+        }
+        if (partial != 0) {
+            XMEMSET(bigA, 0, AES_BLOCK_SIZE);
+            XMEMCPY(bigA, a, partial);
+            #ifdef LITTLE_ENDIAN_ORDER
+                ByteReverseWords(bigA, bigA, AES_BLOCK_SIZE);
+            #endif
+            x[0] ^= bigA[0];
+            x[1] ^= bigA[1];
+            x[2] ^= bigA[2];
+            x[3] ^= bigA[3];
+            GMULT(x, bigH);
+        }
+    }
+
+    /* Hash in C, the Ciphertext */
+    if (cSz != 0 && c != NULL) {
+        word32 bigC[4];
+        blocks = cSz / AES_BLOCK_SIZE;
+        partial = cSz % AES_BLOCK_SIZE;
+        while (blocks--) {
+            XMEMCPY(bigC, c, AES_BLOCK_SIZE);
+            #ifdef LITTLE_ENDIAN_ORDER
+                ByteReverseWords(bigC, bigC, AES_BLOCK_SIZE);
+            #endif
+            x[0] ^= bigC[0];
+            x[1] ^= bigC[1];
+            x[2] ^= bigC[2];
+            x[3] ^= bigC[3];
+            GMULT(x, bigH);
+            c += AES_BLOCK_SIZE;
+        }
+        if (partial != 0) {
+            XMEMSET(bigC, 0, AES_BLOCK_SIZE);
+            XMEMCPY(bigC, c, partial);
+            #ifdef LITTLE_ENDIAN_ORDER
+                ByteReverseWords(bigC, bigC, AES_BLOCK_SIZE);
+            #endif
+            x[0] ^= bigC[0];
+            x[1] ^= bigC[1];
+            x[2] ^= bigC[2];
+            x[3] ^= bigC[3];
+            GMULT(x, bigH);
+        }
+    }
+
+    /* Hash in the lengths in bits of A and C */
+    {
+        word32 len[4];
+
+        /* Lengths are in bytes. Convert to bits. */
+        len[0] = (aSz >> (8*sizeof(aSz) - 3));
+        len[1] = aSz << 3;
+        len[2] = (cSz >> (8*sizeof(cSz) - 3));
+        len[3] = cSz << 3;
+
+        x[0] ^= len[0];
+        x[1] ^= len[1];
+        x[2] ^= len[2];
+        x[3] ^= len[3];
+        GMULT(x, bigH);
+    }
+    #ifdef LITTLE_ENDIAN_ORDER
+        ByteReverseWords(x, x, AES_BLOCK_SIZE);
+    #endif
+    XMEMCPY(s, x, sSz);
+}
+
+#endif /* end GCM_WORD32 */
+
+
+void AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
+                   byte* authTag, word32 authTagSz,
+                   const byte* authIn, word32 authInSz)
+{
+    word32 blocks = sz / AES_BLOCK_SIZE;
+    word32 partial = sz % AES_BLOCK_SIZE;
+    const byte* p = in;
+    byte* c = out;
+    byte ctr[AES_BLOCK_SIZE];
+    byte scratch[AES_BLOCK_SIZE];
+
+    CYASSL_ENTER("AesGcmEncrypt");
+
+    /* Initialize the counter with the MS 96 bits of IV, and the counter
+     * portion set to "1". */
+    XMEMCPY(ctr, aes->reg, AES_BLOCK_SIZE);
+    InitGcmCounter(ctr);
+
+    while (blocks--) {
+        IncrementGcmCounter(ctr);
+        AesEncrypt(aes, ctr, scratch);
+        xorbuf(scratch, p, AES_BLOCK_SIZE);
+        XMEMCPY(c, scratch, AES_BLOCK_SIZE);
+
+        p += AES_BLOCK_SIZE;
+        c += AES_BLOCK_SIZE;
+    }
+    if (partial != 0) {
+        IncrementGcmCounter(ctr);
+        AesEncrypt(aes, ctr, scratch);
+        xorbuf(scratch, p, partial);
+        XMEMCPY(c, scratch, partial);
+    }
+    GHASH(aes, authIn, authInSz, out, sz, authTag, authTagSz);
+    InitGcmCounter(ctr);
+    AesEncrypt(aes, ctr, scratch);
+    xorbuf(authTag, scratch, authTagSz);
+}
+
+
+int  AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
+                   const byte* authTag, word32 authTagSz,
+                   const byte* authIn, word32 authInSz)
+{
+    word32 blocks = sz / AES_BLOCK_SIZE;
+    word32 partial = sz % AES_BLOCK_SIZE;
+    const byte* c = in;
+    byte* p = out;
+    byte ctr[AES_BLOCK_SIZE];
+    byte scratch[AES_BLOCK_SIZE];
+
+    CYASSL_ENTER("AesGcmDecrypt");
+
+    /* Initialize the counter with the MS 96 bits of IV, and the counter
+     * portion set to "1". */
+    XMEMCPY(ctr, aes->reg, AES_BLOCK_SIZE);
+    InitGcmCounter(ctr);
+
+    /* Calculate the authTag again using the received auth data and the
+     * cipher text. */
+    {
+        byte Tprime[AES_BLOCK_SIZE];
+        byte EKY0[AES_BLOCK_SIZE];
+
+        GHASH(aes, authIn, authInSz, in, sz, Tprime, sizeof(Tprime));
+        AesEncrypt(aes, ctr, EKY0);
+        xorbuf(Tprime, EKY0, sizeof(Tprime));
+        if (XMEMCMP(authTag, Tprime, authTagSz) != 0) {
+            return AES_GCM_AUTH_E;
+        }
+    }
+
+    while (blocks--) {
+        IncrementGcmCounter(ctr);
+        AesEncrypt(aes, ctr, scratch);
+        xorbuf(scratch, c, AES_BLOCK_SIZE);
+        XMEMCPY(p, scratch, AES_BLOCK_SIZE);
+
+        p += AES_BLOCK_SIZE;
+        c += AES_BLOCK_SIZE;
+    }
+    if (partial != 0) {
+        IncrementGcmCounter(ctr);
+        AesEncrypt(aes, ctr, scratch);
+        xorbuf(scratch, c, partial);
+        XMEMCPY(p, scratch, partial);
+    }
+
+    return 0;
+}
+
+#endif /* HAVE_AESGCM */
+
+
 #endif /* NO_AES */
 

ctaocrypt/src/arc4.c

@@ -1,6 +1,6 @@
 /* arc4.c
  *
- * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ * Copyright (C) 2006-2012 Sawtooth Consulting Ltd.
  *
  * This file is part of CyaSSL.
  *
@@ -19,9 +19,11 @@
  * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
  */
 
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
 
-#include "arc4.h"
-
+#include <cyassl/ctaocrypt/arc4.h>
 
 
 void Arc4SetKey(Arc4* arc4, const byte* key, word32 length)
@@ -33,14 +35,14 @@ void Arc4SetKey(Arc4* arc4, const byte* key, word32 length)
     arc4->y = 0;
 
     for (i = 0; i < ARC4_STATE_SIZE; i++)
-        arc4->state[i] = i;
+        arc4->state[i] = (byte)i;
 
     for (i = 0; i < ARC4_STATE_SIZE; i++) {
         word32 a = arc4->state[i];
         stateIndex += key[keyIndex] + a;
         stateIndex &= 0xFF;
         arc4->state[i] = arc4->state[stateIndex];
-        arc4->state[stateIndex] = a;
+        arc4->state[stateIndex] = (byte)a;
 
         if (++keyIndex >= length)
             keyIndex = 0;
@@ -48,14 +50,14 @@ void Arc4SetKey(Arc4* arc4, const byte* key, word32 length)
 }
 
 
-static INLINE word32 MakeByte(word32* x, word32* y, byte* s)
+static INLINE byte MakeByte(word32* x, word32* y, byte* s)
 {
     word32 a = s[*x], b;
     *y = (*y+a) & 0xff;
 
     b = s[*y];
-    s[*x] = b;
-    s[*y] = a;
+    s[*x] = (byte)b;
+    s[*y] = (byte)a;
     *x = (*x+1) & 0xff;
 
     return s[(a+b) & 0xff];
@@ -70,7 +72,7 @@ void Arc4Process(Arc4* arc4, byte* out, const byte* in, word32 length)
     while(length--)
         *out++ = *in++ ^ MakeByte(&x, &y, arc4->state);
 
-    arc4->x = x;
-    arc4->y = y;
+    arc4->x = (byte)x;
+    arc4->y = (byte)y;
 }
 

ctaocrypt/src/asm.c

@@ -1,6 +1,6 @@
 /* asm.c
  *
- * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ * Copyright (C) 2006-2012 Sawtooth Consulting Ltd.
  *
  * This file is part of CyaSSL.
  *
@@ -19,13 +19,16 @@
  * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
  */
 
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
 /*
  * Based on public domain TomsFastMath 0.10 by Tom St Denis, tomstdenis@iahu.ca,
  * http://math.libtomcrypt.com
  */
 
 
-
 /******************************************************************/
 /* fp_montgomery_reduce.c asm or generic */
 #if defined(TFM_X86) && !defined(TFM_SSE2) 

ctaocrypt/src/coding.c

@@ -1,6 +1,6 @@
 /* coding.c
  *
- * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ * Copyright (C) 2006-2012 Sawtooth Consulting Ltd.
  *
  * This file is part of CyaSSL.
  *
@@ -19,8 +19,13 @@
  * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
  */
 
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
 
-#include "coding.h"
+#include <cyassl/ctaocrypt/coding.h>
+#include <cyassl/ctaocrypt/error.h>
+#include <cyassl/ctaocrypt/logging.h>
 
 
 enum {
@@ -44,14 +49,15 @@ const byte base64Decode[] = { 62, BAD, BAD, BAD, 63,   /* + starts at 0x2B */
                             };
 
 
-int Base64Decode(const byte* in, word32 inLen, byte* out, word32* outLen)
+int Base64_Decode(const byte* in, word32 inLen, byte* out, word32* outLen)
 {
     word32 i = 0;
     word32 j = 0;
     word32 plainSz = inLen - ((inLen + (PEM_LINE_SZ - 1)) / PEM_LINE_SZ );
+    const byte maxIdx = (byte)sizeof(base64Decode) + 0x2B - 1;
 
     plainSz = (plainSz * 3 + 3) / 4;
-    if (plainSz > *outLen) return -1;
+    if (plainSz > *outLen) return BAD_FUNC_ARG;
 
     while (inLen > 3) {
         byte b1, b2, b3;
@@ -70,6 +76,16 @@ int Base64Decode(const byte* in, word32 inLen, byte* out, word32* outLen)
         if (e4 == PAD)
             pad4 = 1;
 
+        if (e1 < 0x2B || e2 < 0x2B || e3 < 0x2B || e4 < 0x2B) {
+            CYASSL_MSG("Bad Base64 Decode data, too small");
+            return ASN_INPUT_E;
+        }
+
+        if (e1 > maxIdx || e2 > maxIdx || e3 > maxIdx || e4 > maxIdx) {
+            CYASSL_MSG("Bad Base64 Decode data, too big");
+            return ASN_INPUT_E;
+        }
+
         e1 = base64Decode[e1 - 0x2B];
         e2 = base64Decode[e2 - 0x2B];
         e3 = (e3 == PAD) ? 0 : base64Decode[e3 - 0x2B];
@@ -99,8 +115,10 @@ int Base64Decode(const byte* in, word32 inLen, byte* out, word32* outLen)
                 endLine = in[j++];
                 inLen--;
             }
-            if (endLine != '\n')
-                return -1;
+            if (endLine != '\n') {
+                CYASSL_MSG("Bad end of line in Base64 Decode");
+                return ASN_INPUT_E;
+            }
         }
     }
     *outLen = i;
@@ -109,7 +127,7 @@ int Base64Decode(const byte* in, word32 inLen, byte* out, word32* outLen)
 }
 
 
-#if defined(OPENSSL_EXTRA) || defined (SESSION_CERTS) || defined(CYASSL_KEY_GEN) || defined(CYASSL_CERT_GEN)
+#if defined(OPENSSL_EXTRA) || defined (SESSION_CERTS) || defined(CYASSL_KEY_GEN) || defined(CYASSL_CERT_GEN) || defined(HAVE_WEBSERVER)
 
 static
 const byte base64Encode[] = { 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J',
@@ -124,7 +142,7 @@ const byte base64Encode[] = { 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J',
 
 
 /* porting assistance from yaSSL by Raphael HUCK */
-int Base64Encode(const byte* in, word32 inLen, byte* out, word32* outLen)
+int Base64_Encode(const byte* in, word32 inLen, byte* out, word32* outLen)
 {
     word32 i = 0,
            j = 0,
@@ -133,7 +151,7 @@ int Base64Encode(const byte* in, word32 inLen, byte* out, word32* outLen)
     word32 outSz = (inLen + 3 - 1) / 3 * 4;
     outSz += (outSz + PEM_LINE_SZ - 1) / PEM_LINE_SZ;  /* new lines */
 
-    if (outSz > *outLen) return -1;
+    if (outSz > *outLen) return BAD_FUNC_ARG;
     
     while (inLen > 2) {
         byte b1 = in[j++];
@@ -177,7 +195,7 @@ int Base64Encode(const byte* in, word32 inLen, byte* out, word32* outLen)
 
     out[i++] = '\n';
     if (i != outSz)
-        return -1;
+        return ASN_INPUT_E; 
     *outLen = outSz;
 
     return 0; 
@@ -190,16 +208,34 @@ const byte hexDecode[] = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9,
                            10, 11, 12, 13, 14, 15 
                          };  /* A starts at 0x41 not 0x3A */
 
-int Base16Decode(const byte* in, word32 inLen, byte* out, word32* outLen)
+int Base16_Decode(const byte* in, word32 inLen, byte* out, word32* outLen)
 {
     word32 inIdx  = 0;
     word32 outIdx = 0;
 
+    if (inLen == 1 && *outLen && in) {
+        byte b = in[inIdx++] - 0x30;  /* 0 starts at 0x30 */
+
+        /* sanity check */
+        if (b >=  sizeof(hexDecode)/sizeof(hexDecode[0]))
+            return ASN_INPUT_E;
+
+        b  = hexDecode[b];
+
+        if (b == BAD)
+            return ASN_INPUT_E;
+        
+        out[outIdx++] = b;
+
+        *outLen = outIdx;
+        return 0;
+    }
+
     if (inLen % 2)
-        return -1;
+        return BAD_FUNC_ARG;
 
     if (*outLen < (inLen / 2))
-        return -1;
+        return BAD_FUNC_ARG;
 
     while (inLen) {
         byte b  = in[inIdx++] - 0x30;  /* 0 starts at 0x30 */
@@ -207,15 +243,15 @@ int Base16Decode(const byte* in, word32 inLen, byte* out, word32* outLen)
 
         /* sanity checks */
         if (b >=  sizeof(hexDecode)/sizeof(hexDecode[0]))
-            return -1;
+            return ASN_INPUT_E;
         if (b2 >= sizeof(hexDecode)/sizeof(hexDecode[0]))
-            return -1;
+            return ASN_INPUT_E;
 
         b  = hexDecode[b];
         b2 = hexDecode[b2];
 
         if (b == BAD || b2 == BAD)
-            return -1;
+            return ASN_INPUT_E;
         
         out[outIdx++] = (b << 4) | b2;
         inLen -= 2;

ctaocrypt/src/des3.c

@@ -1,6 +1,6 @@
 /* des3.c
  *
- * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ * Copyright (C) 2006-2012 Sawtooth Consulting Ltd.
  *
  * This file is part of CyaSSL.
  *
@@ -19,14 +19,18 @@
  * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
  */
 
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
 
 #ifndef NO_DES3
 
-#include "des3.h"
+#include <cyassl/ctaocrypt/des3.h>
+
 #ifdef NO_INLINE
-    #include "misc.h"
+    #include <cyassl/ctaocrypt/misc.h>
 #else
-    #include "misc.c"
+    #include <ctaocrypt/src/misc.c>
 #endif
 
 
@@ -323,11 +327,25 @@ static INLINE int Reverse(int dir)
 }
 
 
+void Des_SetIV(Des* des, const byte* iv)
+{
+    if (des && iv)
+        XMEMCPY(des->reg, iv, DES_BLOCK_SIZE);
+}
+
+
+void Des3_SetIV(Des3* des, const byte* iv)
+{
+    if (des && iv)
+        XMEMCPY(des->reg, iv, DES_BLOCK_SIZE);
+}
+
+
 void Des_SetKey(Des* des, const byte* key, const byte* iv, int dir)
 {
     DesSetKey(key, dir, des->key);
-    
-    XMEMCPY(des->reg, iv, DES_BLOCK_SIZE);
+
+    Des_SetIV(des, iv);
 }
 
 
@@ -336,12 +354,12 @@ void Des3_SetKey(Des3* des, const byte* key, const byte* iv, int dir)
     DesSetKey(key + (dir == DES_ENCRYPTION ? 0 : 16), dir, des->key[0]);
     DesSetKey(key + 8, Reverse(dir), des->key[1]);
     DesSetKey(key + (dir == DES_DECRYPTION ? 0 : 16), dir, des->key[2]);
-    
-    XMEMCPY(des->reg, iv, DES_BLOCK_SIZE);
+
+    Des3_SetIV(des, iv);  
 }
 
 
-void DesRawProcessBlock(word32* lIn, word32* rIn, const word32* kptr)
+static void DesRawProcessBlock(word32* lIn, word32* rIn, const word32* kptr)
 {
     word32 l = *lIn, r = *rIn, i;
 
@@ -489,5 +507,22 @@ void Des3_CbcDecrypt(Des3* des, byte* out, const byte* in, word32 sz)
     }
 }
 
+#ifdef CYASSL_DES_ECB
+
+/* One block, compatibility only */
+void Des_EcbEncrypt(Des* des, byte* out, const byte* in, word32 sz)
+{
+    word32 blocks = sz / DES_BLOCK_SIZE;
+
+    while (blocks--) {
+        DesProcessBlock(des, in, out);
+
+        out += DES_BLOCK_SIZE;
+        in  += DES_BLOCK_SIZE; 
+    }
+}
+
+#endif /* CYASSL_DES_ECB */
+
 
 #endif /* NO_DES3 */

ctaocrypt/src/dh.c

@@ -1,6 +1,6 @@
 /* dh.c
  *
- * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ * Copyright (C) 2006-2012 Sawtooth Consulting Ltd.
  *
  * This file is part of CyaSSL.
  *
@@ -19,10 +19,14 @@
  * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
  */
 
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
 #ifndef NO_DH
 
-#include "ctc_dh.h"
-#include "error.h"
+#include <cyassl/ctaocrypt/dh.h>
+#include <cyassl/ctaocrypt/error.h>
 
 #ifndef USER_MATH_LIB
     #include <math.h>
@@ -33,7 +37,6 @@
 #endif
 
 
-
 #ifndef min
 
     static INLINE word32 min(word32 a, word32 b)
@@ -44,9 +47,9 @@
 #endif /* min */
 
 
-
 void InitDhKey(DhKey* key)
 {
+    (void)key;
 /* TomsFastMath doesn't use memory allocation */
 #ifndef USE_FAST_MATH
     key->p.dp = 0;
@@ -57,6 +60,7 @@ void InitDhKey(DhKey* key)
 
 void FreeDhKey(DhKey* key)
 {
+    (void)key;
 /* TomsFastMath doesn't use memory allocation */
 #ifndef USE_FAST_MATH
     mp_clear(&key->p);

ctaocrypt/src/dsa.c

@@ -1,6 +1,6 @@
 /* dsa.c
  *
- * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ * Copyright (C) 2006-2012 Sawtooth Consulting Ltd.
  *
  * This file is part of CyaSSL.
  *
@@ -19,17 +19,21 @@
  * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
  */
 
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
 #ifndef NO_DSA
 
-#include "ctc_dsa.h"
-#include "ctc_sha.h"
-#include "random.h"
-#include "error.h"
+#include <cyassl/ctaocrypt/dsa.h>
+#include <cyassl/ctaocrypt/sha.h>
+#include <cyassl/ctaocrypt/random.h>
+#include <cyassl/ctaocrypt/error.h>
 
 
 enum {
     DSA_HALF_SIZE = 20,   /* r and s size  */
-    DSA_SIG_SIZE  = 40    /* signaure size */
+    DSA_SIG_SIZE  = 40    /* signature size */
 };
 
 
@@ -45,7 +49,7 @@ enum {
 
 void InitDsaKey(DsaKey* key)
 {
-    key->type = -1;  /* haven't decdied yet */
+    key->type = -1;  /* haven't decided yet */
 
 /* TomsFastMath doesn't use memory allocation */
 #ifndef USE_FAST_MATH
@@ -61,6 +65,7 @@ void InitDsaKey(DsaKey* key)
 
 void FreeDsaKey(DsaKey* key)
 {
+    (void)key;
 /* TomsFastMath doesn't use memory allocation */
 #ifndef USE_FAST_MATH
     if (key->type == DSA_PRIVATE)

ctaocrypt/src/ecc.c

@@ -0,0 +1 @@
+/* dummy ecc.c for dist */

ctaocrypt/src/ecc_fp.c

@@ -0,0 +1 @@
+/* dummy ecc_fp.c for dist */

ctaocrypt/src/fp_mont_small.i

@@ -1,3 +1,25 @@
+/* fp_mont_small.i
+ *
+ * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+
 #ifdef TFM_SMALL_MONT_SET
 /* computes x/R == x (mod N) via Montgomery Reduction */
 void fp_montgomery_reduce_small(fp_int *a, fp_int *m, fp_digit mp)

ctaocrypt/src/fp_mul_comba_12.i

@@ -1,3 +1,25 @@
+/* fp_mul_comba_12.i
+ *
+ * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+
 #ifdef TFM_MUL12
 void fp_mul_comba12(fp_int *A, fp_int *B, fp_int *C)
 {

ctaocrypt/src/fp_mul_comba_17.i

@@ -1,3 +1,25 @@
+/* fp_mul_comba_17.i
+ *
+ * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+
 #ifdef TFM_MUL17
 void fp_mul_comba17(fp_int *A, fp_int *B, fp_int *C)
 {

ctaocrypt/src/fp_mul_comba_20.i

@@ -1,3 +1,24 @@
+/* fp_mul_comba_20.i
+ *
+ * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
 #ifdef TFM_MUL20
 void fp_mul_comba20(fp_int *A, fp_int *B, fp_int *C)
 {

ctaocrypt/src/fp_mul_comba_24.i

@@ -1,3 +1,25 @@
+/* fp_mul_comba_24.i
+ *
+ * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+
 #ifdef TFM_MUL24
 void fp_mul_comba24(fp_int *A, fp_int *B, fp_int *C)
 {

ctaocrypt/src/fp_mul_comba_28.i

@@ -1,3 +1,25 @@
+/* fp_mul_comba_28.i
+ *
+ * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+
 #ifdef TFM_MUL28
 void fp_mul_comba28(fp_int *A, fp_int *B, fp_int *C)
 {

ctaocrypt/src/fp_mul_comba_3.i

@@ -1,3 +1,25 @@
+/* fp_mul_comba_3.i
+ *
+ * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+
 #ifdef TFM_MUL3
 void fp_mul_comba3(fp_int *A, fp_int *B, fp_int *C)
 {

ctaocrypt/src/fp_mul_comba_32.i

@@ -1,3 +1,25 @@
+/* fp_mul_comba_32.i
+ *
+ * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+
 #ifdef TFM_MUL32
 void fp_mul_comba32(fp_int *A, fp_int *B, fp_int *C)
 {

ctaocrypt/src/fp_mul_comba_4.i

@@ -1,3 +1,25 @@
+/* fp_mul_comba_4.i
+ *
+ * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+
 #ifdef TFM_MUL4
 void fp_mul_comba4(fp_int *A, fp_int *B, fp_int *C)
 {

ctaocrypt/src/fp_mul_comba_48.i

@@ -1,3 +1,25 @@
+/* fp_mul_comba_48.i
+ *
+ * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+
 #ifdef TFM_MUL48
 void fp_mul_comba48(fp_int *A, fp_int *B, fp_int *C)
 {

ctaocrypt/src/fp_mul_comba_6.i

@@ -1,3 +1,25 @@
+/* fp_mul_comba_6.i
+ *
+ * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+
 #ifdef TFM_MUL6
 void fp_mul_comba6(fp_int *A, fp_int *B, fp_int *C)
 {

ctaocrypt/src/fp_mul_comba_64.i

@@ -1,3 +1,25 @@
+/* fp_mul_comba_64.i
+ *
+ * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+
 #ifdef TFM_MUL64
 void fp_mul_comba64(fp_int *A, fp_int *B, fp_int *C)
 {

ctaocrypt/src/fp_mul_comba_7.i

@@ -1,3 +1,25 @@
+/* fp_mul_comba_7.i
+ *
+ * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+
 #ifdef TFM_MUL7
 void fp_mul_comba7(fp_int *A, fp_int *B, fp_int *C)
 {

ctaocrypt/src/fp_mul_comba_8.i

@@ -1,3 +1,25 @@
+/* fp_mul_comba_8.i
+ *
+ * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+
 #ifdef TFM_MUL8
 void fp_mul_comba8(fp_int *A, fp_int *B, fp_int *C)
 {

ctaocrypt/src/fp_mul_comba_9.i

@@ -1,3 +1,25 @@
+/* fp_mul_comba_9.i
+ *
+ * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+
 #ifdef TFM_MUL9
 void fp_mul_comba9(fp_int *A, fp_int *B, fp_int *C)
 {

ctaocrypt/src/fp_mul_comba_small_set.i

@@ -1,3 +1,25 @@
+/* fp_mul_comba_small_set.i
+ *
+ * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+
 #if defined(TFM_SMALL_SET)
 void fp_mul_comba_small(fp_int *A, fp_int *B, fp_int *C)
 {
@@ -1219,6 +1241,9 @@ void fp_mul_comba_small(fp_int *A, fp_int *B, fp_int *C)
       fp_clamp(C);
       COMBA_FINI;
       break;
+
+   default:
+      break;
    }
 }
 

ctaocrypt/src/fp_sqr_comba_12.i

@@ -1,3 +1,25 @@
+/* fp_sqr_comba_12.i
+ *
+ * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+
 #ifdef TFM_SQR12
 void fp_sqr_comba12(fp_int *A, fp_int *B)
 {

ctaocrypt/src/fp_sqr_comba_17.i

@@ -1,3 +1,25 @@
+/* fp_sqr_comba_17.i
+ *
+ * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+
 #ifdef TFM_SQR17
 void fp_sqr_comba17(fp_int *A, fp_int *B)
 {

ctaocrypt/src/fp_sqr_comba_20.i

@@ -1,3 +1,25 @@
+/* fp_sqr_comba_20.i
+ *
+ * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+
 #ifdef TFM_SQR20
 void fp_sqr_comba20(fp_int *A, fp_int *B)
 {

ctaocrypt/src/fp_sqr_comba_24.i

@@ -1,3 +1,25 @@
+/* fp_sqr_comba_24.i
+ *
+ * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+
 #ifdef TFM_SQR24
 void fp_sqr_comba24(fp_int *A, fp_int *B)
 {

ctaocrypt/src/fp_sqr_comba_28.i

@@ -1,3 +1,25 @@
+/* fp_sqr_comba_28.i
+ *
+ * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+
 #ifdef TFM_SQR28
 void fp_sqr_comba28(fp_int *A, fp_int *B)
 {

ctaocrypt/src/fp_sqr_comba_3.i

@@ -1,3 +1,25 @@
+/* fp_sqr_comba_3.i
+ *
+ * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+
 #ifdef TFM_SQR3
 void fp_sqr_comba3(fp_int *A, fp_int *B)
 {

ctaocrypt/src/fp_sqr_comba_32.i

@@ -1,3 +1,25 @@
+/* fp_sqr_comba_32.i
+ *
+ * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+
 #ifdef TFM_SQR32
 void fp_sqr_comba32(fp_int *A, fp_int *B)
 {

ctaocrypt/src/fp_sqr_comba_4.i

@@ -1,3 +1,25 @@
+/* fp_sqr_comba_4.i
+ *
+ * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+
 #ifdef TFM_SQR4
 void fp_sqr_comba4(fp_int *A, fp_int *B)
 {

ctaocrypt/src/fp_sqr_comba_48.i

@@ -1,3 +1,25 @@
+/* fp_sqr_comba_48.i
+ *
+ * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+
 #ifdef TFM_SQR48
 void fp_sqr_comba48(fp_int *A, fp_int *B)
 {

ctaocrypt/src/fp_sqr_comba_6.i

@@ -1,3 +1,25 @@
+/* fp_sqr_comba_6.i
+ *
+ * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+
 #ifdef TFM_SQR6
 void fp_sqr_comba6(fp_int *A, fp_int *B)
 {

ctaocrypt/src/fp_sqr_comba_64.i

@@ -1,3 +1,25 @@
+/* fp_sqr_comba_64.i
+ *
+ * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+
 #ifdef TFM_SQR64
 void fp_sqr_comba64(fp_int *A, fp_int *B)
 {

ctaocrypt/src/fp_sqr_comba_7.i

@@ -1,3 +1,25 @@
+/* fp_sqr_comba_7.i
+ *
+ * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+
 #ifdef TFM_SQR7
 void fp_sqr_comba7(fp_int *A, fp_int *B)
 {

ctaocrypt/src/fp_sqr_comba_8.i

@@ -1,3 +1,25 @@
+/* fp_sqr_comba_8.i
+ *
+ * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+
 #ifdef TFM_SQR8
 void fp_sqr_comba8(fp_int *A, fp_int *B)
 {

ctaocrypt/src/fp_sqr_comba_9.i

@@ -1,3 +1,25 @@
+/* fp_sqr_comba_9.i
+ *
+ * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+
 #ifdef TFM_SQR9
 void fp_sqr_comba9(fp_int *A, fp_int *B)
 {

ctaocrypt/src/fp_sqr_comba_small_set.i

@@ -1,3 +1,25 @@
+/* fp_sqr_comba_small_set.i
+ *
+ * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+
 #if defined(TFM_SMALL_SET)
 void fp_sqr_comba_small(fp_int *A, fp_int *B)
 {
@@ -1509,6 +1531,9 @@ void fp_sqr_comba_small(fp_int *A, fp_int *B)
       memcpy(B->dp, b, 32 * sizeof(fp_digit));
       fp_clamp(B);
       break;
+
+   default:
+      break;
 }
 }
 

ctaocrypt/src/hc128.c

@@ -1,6 +1,6 @@
 /* hc128.c
  *
- * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ * Copyright (C) 2006-2012 Sawtooth Consulting Ltd.
  *
  * This file is part of CyaSSL.
  *
@@ -19,11 +19,18 @@
  * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
  */
 
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
 
-#ifndef NO_HC128
+#ifdef HAVE_HC128
 
-#include "hc128.h"
-#include "misc.c"
+#include <cyassl/ctaocrypt/hc128.h>
+#ifdef NO_INLINE
+    #include <cyassl/ctaocrypt/hc128.h>
+#else
+    #include <ctaocrypt/src/misc.c>
+#endif
 
 
 #ifdef BIG_ENDIAN_ORDER
@@ -314,4 +321,13 @@ void Hc128_Process(HC128* ctx, byte* output, const byte* input, word32 msglen)
 }
 
 
-#endif /* NO_HC128 */
+#else  /* HAVE_HC128 */
+
+
+#ifdef _MSC_VER
+    /* 4206 warning for blank file */
+    #pragma warning(disable: 4206)
+#endif
+
+
+#endif /* HAVE_HC128 */

ctaocrypt/src/hmac.c

@@ -1,6 +1,6 @@
 /* hmac.c
  *
- * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ * Copyright (C) 2006-2012 Sawtooth Consulting Ltd.
  *
  * This file is part of CyaSSL.
  *
@@ -19,20 +19,23 @@
  * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
  */
 
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
 
 #ifndef NO_HMAC
 
-#include "ctc_hmac.h"
-
+#include <cyassl/ctaocrypt/hmac.h>
+#include <cyassl/ctaocrypt/error.h>
 
 
 static int InitHmac(Hmac* hmac, int type)
 {
     hmac->innerHashKeyed = 0;
-    hmac->macType = type;
+    hmac->macType = (byte)type;
 
-    if (!(type == MD5 || type == SHA || type == SHA256))
-        return -1;
+    if (!(type == MD5 || type == SHA || type == SHA256 || type == SHA384))
+        return BAD_FUNC_ARG;
 
     if (type == MD5)
         InitMd5(&hmac->hash.md5);
@@ -42,6 +45,10 @@ static int InitHmac(Hmac* hmac, int type)
     else if (type == SHA256)
         InitSha256(&hmac->hash.sha256);
 #endif
+#ifdef CYASSL_SHA384
+    else if (type == SHA384)
+        InitSha384(&hmac->hash.sha384);
+#endif
 
     return 0;
 }
@@ -51,34 +58,60 @@ void HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length)
 {
     byte*  ip = (byte*) hmac->ipad;
     byte*  op = (byte*) hmac->opad;
-    word32 i;
+    word32 i, hmac_block_size = MD5_BLOCK_SIZE;
 
     InitHmac(hmac, type);
 
-    if (length <= HMAC_BLOCK_SIZE)
-        XMEMCPY(ip, key, length);
-    else {
-        if (hmac->macType == MD5) {
+    if (hmac->macType == MD5) {
+        if (length <= MD5_BLOCK_SIZE) {
+            XMEMCPY(ip, key, length);
+        }
+        else {
             Md5Update(&hmac->hash.md5, key, length);
             Md5Final(&hmac->hash.md5, ip);
             length = MD5_DIGEST_SIZE;
         }
-        else if (hmac->macType == SHA) {
+    }
+    else if (hmac->macType == SHA) {
+		hmac_block_size = SHA_BLOCK_SIZE;
+        if (length <= SHA_BLOCK_SIZE) {
+            XMEMCPY(ip, key, length);
+        }
+        else {
             ShaUpdate(&hmac->hash.sha, key, length);
             ShaFinal(&hmac->hash.sha, ip);
             length = SHA_DIGEST_SIZE;
         }
+    }
 #ifndef NO_SHA256
-        else if (hmac->macType == SHA256) {
+    else if (hmac->macType == SHA256) {
+		hmac_block_size = SHA256_BLOCK_SIZE;
+        if (length <= SHA256_BLOCK_SIZE) {
+            XMEMCPY(ip, key, length);
+        }
+        else {
             Sha256Update(&hmac->hash.sha256, key, length);
             Sha256Final(&hmac->hash.sha256, ip);
             length = SHA256_DIGEST_SIZE;
         }
-#endif
     }
-    XMEMSET(ip + length, 0, HMAC_BLOCK_SIZE - length);
+#endif
+#ifdef CYASSL_SHA384
+    else if (hmac->macType == SHA384) {
+        hmac_block_size = SHA384_BLOCK_SIZE;
+        if (length <= SHA384_BLOCK_SIZE) {
+            XMEMCPY(ip, key, length);
+        }
+        else {
+            Sha384Update(&hmac->hash.sha384, key, length);
+            Sha384Final(&hmac->hash.sha384, ip);
+            length = SHA384_DIGEST_SIZE;
+        }
+    }
+#endif
+    XMEMSET(ip + length, 0, hmac_block_size - length);
 
-    for(i = 0; i < HMAC_BLOCK_SIZE; i++) {
+    for(i = 0; i < hmac_block_size; i++) {
         op[i] = ip[i] ^ OPAD;
         ip[i] ^= IPAD;
     }
@@ -88,12 +121,16 @@ void HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length)
 static void HmacKeyInnerHash(Hmac* hmac)
 {
     if (hmac->macType == MD5)
-        Md5Update(&hmac->hash.md5, (byte*) hmac->ipad, HMAC_BLOCK_SIZE);
+        Md5Update(&hmac->hash.md5, (byte*) hmac->ipad, MD5_BLOCK_SIZE);
     else if (hmac->macType == SHA)
-        ShaUpdate(&hmac->hash.sha, (byte*) hmac->ipad, HMAC_BLOCK_SIZE);
+        ShaUpdate(&hmac->hash.sha, (byte*) hmac->ipad, SHA_BLOCK_SIZE);
 #ifndef NO_SHA256
     else if (hmac->macType == SHA256)
-        Sha256Update(&hmac->hash.sha256, (byte*) hmac->ipad, HMAC_BLOCK_SIZE);
+        Sha256Update(&hmac->hash.sha256, (byte*) hmac->ipad, SHA256_BLOCK_SIZE);
+#endif
+#ifdef CYASSL_SHA384
+    else if (hmac->macType == SHA384)
+        Sha384Update(&hmac->hash.sha384, (byte*) hmac->ipad, SHA384_BLOCK_SIZE);
 #endif
 
     hmac->innerHashKeyed = 1;
@@ -113,6 +150,10 @@ void HmacUpdate(Hmac* hmac, const byte* msg, word32 length)
     else if (hmac->macType == SHA256)
         Sha256Update(&hmac->hash.sha256, msg, length);
 #endif
+#ifdef CYASSL_SHA384
+    else if (hmac->macType == SHA384)
+        Sha384Update(&hmac->hash.sha384, msg, length);
+#endif
 
 }
 
@@ -125,30 +166,41 @@ void HmacFinal(Hmac* hmac, byte* hash)
     if (hmac->macType == MD5) {
         Md5Final(&hmac->hash.md5, (byte*) hmac->innerHash);
 
-        Md5Update(&hmac->hash.md5, (byte*) hmac->opad, HMAC_BLOCK_SIZE);
+        Md5Update(&hmac->hash.md5, (byte*) hmac->opad, MD5_BLOCK_SIZE);
         Md5Update(&hmac->hash.md5, (byte*) hmac->innerHash, MD5_DIGEST_SIZE);
 
         Md5Final(&hmac->hash.md5, hash);
     }
-    else if (hmac->macType ==SHA) {
+    else if (hmac->macType == SHA) {
         ShaFinal(&hmac->hash.sha, (byte*) hmac->innerHash);
 
-        ShaUpdate(&hmac->hash.sha, (byte*) hmac->opad, HMAC_BLOCK_SIZE);
+        ShaUpdate(&hmac->hash.sha, (byte*) hmac->opad, SHA_BLOCK_SIZE);
         ShaUpdate(&hmac->hash.sha, (byte*) hmac->innerHash, SHA_DIGEST_SIZE);
 
         ShaFinal(&hmac->hash.sha, hash);
     }
 #ifndef NO_SHA256
-    else if (hmac->macType ==SHA256) {
+    else if (hmac->macType == SHA256) {
         Sha256Final(&hmac->hash.sha256, (byte*) hmac->innerHash);
 
-        Sha256Update(&hmac->hash.sha256, (byte*) hmac->opad, HMAC_BLOCK_SIZE);
+        Sha256Update(&hmac->hash.sha256, (byte*) hmac->opad, SHA256_BLOCK_SIZE);
         Sha256Update(&hmac->hash.sha256, (byte*) hmac->innerHash,
                      SHA256_DIGEST_SIZE);
 
         Sha256Final(&hmac->hash.sha256, hash);
     }
 #endif
+#ifdef CYASSL_SHA384
+    else if (hmac->macType == SHA384) {
+        Sha384Final(&hmac->hash.sha384, (byte*) hmac->innerHash);
+
+        Sha384Update(&hmac->hash.sha384, (byte*) hmac->opad, SHA384_BLOCK_SIZE);
+        Sha384Update(&hmac->hash.sha384, (byte*) hmac->innerHash,
+                     SHA384_DIGEST_SIZE);
+
+        Sha384Final(&hmac->hash.sha384, hash);
+    }
+#endif
 
     hmac->innerHashKeyed = 0;
 }