bump dev version

fix typos
Merge branch 'master' of github.com:cyassl/cyassl
2013-04-30 12:56:28 -07:00 · 2013-04-29 20:17:43 -07:00 · 2013-04-29 20:09:24 -07:00 · 2013-04-29 20:08:21 -07:00 · 2013-04-29 17:09:58 -07:00 · 2013-04-29 17:09:15 -07:00
406 changed files with 78864 additions and 18343 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -0,0 +1,83 @@
+*.swp
+*.lo
+*.la
+*.o
+*.deps
+*.libs
+*.cache
+.dirstamp
+*.user
+config*
+*Debug/
+*Release/
+*.ncb
+*.suo
+build-aux/
+rpm/spec
+stamp-h
+cyassl/options.h
+libtool.m4
+aclocal.m4
+aminclude.am
+lt*.m4
+INSTALL
+Makefile.in
+Makefile
+depcomp
+missing
+libtool
+tags
+.tags*
+cyassl-config
+cyassl.sublime*
+ctaocrypt/benchmark/benchmark
+ctaocrypt/test/testctaocrypt
+examples/client/client
+examples/echoclient/echoclient
+examples/echoserver/echoserver
+examples/server/server
+snifftest
+output
+mcapi/test
+testsuite/testsuite
+tests/unit
+testsuite/*.der
+testsuite/*.pem
+testsuite/*.raw
+cert.der
+cert.pem
+othercert.der
+othercert.pem
+key.der
+key.pem
+diff
+sslSniffer/sslSnifferTest/tracefile.txt
+*.gz
+*.zip
+*.bak
+*.dummy
+*.xcworkspace
+xcuserdata
+compile
+NTRU_algorithm/
+NTRU/
+build-test/
+build/
+cyassl.xcodeproj/
+cyassl*rc*
+autoscan.log
+TAGS
+.DS_Store
+support/libcyassl.pc
+cyassl/ctaocrypt/stamp-h1
+swig/_cyassl.so
+swig/cyassl.py
+swig/cyassl.pyc
+swig/cyassl_wrap.c
+stamp-h1
+clang_output_*
+internal.plist
+cov-int
+cyassl.tgz
+*.log
+*.trs
--- a/234
+++ b/234
@@ -1,234 +0,0 @@
-Installation Instructions
-*************************
-
-Copyright (C) 1994, 1995, 1996, 1999, 2000, 2001, 2002, 2004, 2005,
-2006 Free Software Foundation, Inc.
-
-This file is free documentation; the Free Software Foundation gives
-unlimited permission to copy, distribute and modify it.
-
-Basic Installation
-==================
-
-Briefly, the shell commands `./configure; make; make install' should
-configure, build, and install this package.  The following
-more-detailed instructions are generic; see the `README' file for
-instructions specific to this package.
-
-   The `configure' shell script attempts to guess correct values for
-various system-dependent variables used during compilation.  It uses
-those values to create a `Makefile' in each directory of the package.
-It may also create one or more `.h' files containing system-dependent
-definitions.  Finally, it creates a shell script `config.status' that
-you can run in the future to recreate the current configuration, and a
-file `config.log' containing compiler output (useful mainly for
-debugging `configure').
-
-   It can also use an optional file (typically called `config.cache'
-and enabled with `--cache-file=config.cache' or simply `-C') that saves
-the results of its tests to speed up reconfiguring.  Caching is
-disabled by default to prevent problems with accidental use of stale
-cache files.
-
-   If you need to do unusual things to compile the package, please try
-to figure out how `configure' could check whether to do them, and mail
-diffs or instructions to the address given in the `README' so they can
-be considered for the next release.  If you are using the cache, and at
-some point `config.cache' contains results you don't want to keep, you
-may remove or edit it.
-
-   The file `configure.ac' (or `configure.in') is used to create
-`configure' by a program called `autoconf'.  You need `configure.ac' if
-you want to change it or regenerate `configure' using a newer version
-of `autoconf'.
-
-The simplest way to compile this package is:
-
-  1. `cd' to the directory containing the package's source code and type
-     `./configure' to configure the package for your system.
-
-     Running `configure' might take a while.  While running, it prints
-     some messages telling which features it is checking for.
-
-  2. Type `make' to compile the package.
-
-  3. Optionally, type `make check' to run any self-tests that come with
-     the package.
-
-  4. Type `make install' to install the programs and any data files and
-     documentation.
-
-  5. You can remove the program binaries and object files from the
-     source code directory by typing `make clean'.  To also remove the
-     files that `configure' created (so you can compile the package for
-     a different kind of computer), type `make distclean'.  There is
-     also a `make maintainer-clean' target, but that is intended mainly
-     for the package's developers.  If you use it, you may have to get
-     all sorts of other programs in order to regenerate files that came
-     with the distribution.
-
-Compilers and Options
-=====================
-
-Some systems require unusual options for compilation or linking that the
-`configure' script does not know about.  Run `./configure --help' for
-details on some of the pertinent environment variables.
-
-   You can give `configure' initial values for configuration parameters
-by setting variables in the command line or in the environment.  Here
-is an example:
-
-     ./configure CC=c99 CFLAGS=-g LIBS=-lposix
-
-   *Note Defining Variables::, for more details.
-
-Compiling For Multiple Architectures
-====================================
-
-You can compile the package for more than one kind of computer at the
-same time, by placing the object files for each architecture in their
-own directory.  To do this, you can use GNU `make'.  `cd' to the
-directory where you want the object files and executables to go and run
-the `configure' script.  `configure' automatically checks for the
-source code in the directory that `configure' is in and in `..'.
-
-   With a non-GNU `make', it is safer to compile the package for one
-architecture at a time in the source code directory.  After you have
-installed the package for one architecture, use `make distclean' before
-reconfiguring for another architecture.
-
-Installation Names
-==================
-
-By default, `make install' installs the package's commands under
-`/usr/local/bin', include files under `/usr/local/include', etc.  You
-can specify an installation prefix other than `/usr/local' by giving
-`configure' the option `--prefix=PREFIX'.
-
-   You can specify separate installation prefixes for
-architecture-specific files and architecture-independent files.  If you
-pass the option `--exec-prefix=PREFIX' to `configure', the package uses
-PREFIX as the prefix for installing programs and libraries.
-Documentation and other data files still use the regular prefix.
-
-   In addition, if you use an unusual directory layout you can give
-options like `--bindir=DIR' to specify different values for particular
-kinds of files.  Run `configure --help' for a list of the directories
-you can set and what kinds of files go in them.
-
-   If the package supports it, you can cause programs to be installed
-with an extra prefix or suffix on their names by giving `configure' the
-option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'.
-
-Optional Features
-=================
-
-Some packages pay attention to `--enable-FEATURE' options to
-`configure', where FEATURE indicates an optional part of the package.
-They may also pay attention to `--with-PACKAGE' options, where PACKAGE
-is something like `gnu-as' or `x' (for the X Window System).  The
-`README' should mention any `--enable-' and `--with-' options that the
-package recognizes.
-
-   For packages that use the X Window System, `configure' can usually
-find the X include and library files automatically, but if it doesn't,
-you can use the `configure' options `--x-includes=DIR' and
-`--x-libraries=DIR' to specify their locations.
-
-Specifying the System Type
-==========================
-
-There may be some features `configure' cannot figure out automatically,
-but needs to determine by the type of machine the package will run on.
-Usually, assuming the package is built to be run on the _same_
-architectures, `configure' can figure that out, but if it prints a
-message saying it cannot guess the machine type, give it the
-`--build=TYPE' option.  TYPE can either be a short name for the system
-type, such as `sun4', or a canonical name which has the form:
-
-     CPU-COMPANY-SYSTEM
-
-where SYSTEM can have one of these forms:
-
-     OS KERNEL-OS
-
-   See the file `config.sub' for the possible values of each field.  If
-`config.sub' isn't included in this package, then this package doesn't
-need to know the machine type.
-
-   If you are _building_ compiler tools for cross-compiling, you should
-use the option `--target=TYPE' to select the type of system they will
-produce code for.
-
-   If you want to _use_ a cross compiler, that generates code for a
-platform different from the build platform, you should specify the
-"host" platform (i.e., that on which the generated programs will
-eventually be run) with `--host=TYPE'.
-
-Sharing Defaults
-================
-
-If you want to set default values for `configure' scripts to share, you
-can create a site shell script called `config.site' that gives default
-values for variables like `CC', `cache_file', and `prefix'.
-`configure' looks for `PREFIX/share/config.site' if it exists, then
-`PREFIX/etc/config.site' if it exists.  Or, you can set the
-`CONFIG_SITE' environment variable to the location of the site script.
-A warning: not all `configure' scripts look for a site script.
-
-Defining Variables
-==================
-
-Variables not defined in a site shell script can be set in the
-environment passed to `configure'.  However, some packages may run
-configure again during the build, and the customized values of these
-variables may be lost.  In order to avoid this problem, you should set
-them in the `configure' command line, using `VAR=value'.  For example:
-
-     ./configure CC=/usr/local2/bin/gcc
-
-causes the specified `gcc' to be used as the C compiler (unless it is
-overridden in the site shell script).
-
-Unfortunately, this technique does not work for `CONFIG_SHELL' due to
-an Autoconf bug.  Until the bug is fixed you can use this workaround:
-
-     CONFIG_SHELL=/bin/bash /bin/bash ./configure CONFIG_SHELL=/bin/bash
-
-`configure' Invocation
-======================
-
-`configure' recognizes the following options to control how it operates.
-
-`--help'
-`-h'
-     Print a summary of the options to `configure', and exit.
-
-`--version'
-`-V'
-     Print the version of Autoconf used to generate the `configure'
-     script, and exit.
-
-`--cache-file=FILE'
-     Enable the cache: use and save the results of the tests in FILE,
-     traditionally `config.cache'.  FILE defaults to `/dev/null' to
-     disable caching.
-
-`--config-cache'
-`-C'
-     Alias for `--cache-file=config.cache'.
-
-`--quiet'
-`--silent'
-`-q'
-     Do not print messages saying which checks are being made.  To
-     suppress all normal output, redirect it to `/dev/null' (any error
-     messages will still be shown).
-
-`--srcdir=DIR'
-     Look for the package's source code in directory DIR.  Usually
-     `configure' can determine that directory automatically.
-
-`configure' also accepts some other, not widely useful, options.  Run
-`configure --help' for more details.
-
--- a/Makefile.am
+++ b/Makefile.am
@@ -1,30 +1,136 @@
-SUBDIRS = src ctaocrypt examples testsuite sslSniffer
-EXTRA_DIST = certs/*.pem certs/*.der certs/*.txt certs/*.raw \
-    lib/dummy *.sln *.vcproj cyassl-iphone.xcodeproj/project.pbxproj \
-    doc/*.pdf swig/README swig/*.i swig/cyassl_adds.c swig/*.sh swig/runme.* \
-    swig/python_cyassl.vcproj swig/rsasign.py
+# includes append to these:
+SUFFIXES =
+TESTS =
+CLEANFILES =
+DISTCLEANFILES =
+bin_PROGRAMS =
+noinst_HEADERS =
+lib_LTLIBRARIES =
+man_MANS =
+noinst_LTLIBRARIES =
+noinst_PROGRAMS =
+include_HEADERS =
+nobase_include_HEADERS =
+check_PROGRAMS =
+EXTRA_HEADERS =
+BUILT_SOURCES=
+EXTRA_DIST=
+dist_doc_DATA=

-ACLOCAL_AMFLAGS = -I m4
+#includes additional rules from aminclude.am
+@INC_AMINCLUDE@
+DISTCLEANFILES+= aminclude.am
+
+exampledir = $(docdir)/example
+dist_example_DATA=
+
+ACLOCAL_AMFLAGS= -I m4
+
+EXTRA_DIST+= lib/dummy
+
+EXTRA_DIST+= cyassl-ntru.vcproj
+EXTRA_DIST+= cyassl.vcproj
+EXTRA_DIST+= cyassl-iphone.xcodeproj/project.pbxproj
+EXTRA_DIST+= cyassl-ios.xcodeproj/project.pbxproj
+EXTRA_DIST+= cyassl-ntru.sln
+EXTRA_DIST+= cyassl.sln
+EXTRA_DIST+= valgrind-error.sh
+EXTRA_DIST+= gencertbuf.pl
+
+include cyassl/include.am
+include certs/include.am
+include certs/1024/include.am
+include certs/crl/include.am
+include doc/include.am
+include swig/include.am
+
+include src/include.am
+include ctaocrypt/benchmark/include.am
+include ctaocrypt/src/include.am
+include ctaocrypt/test/include.am
+include examples/client/include.am
+include examples/server/include.am
+include examples/echoclient/include.am
+include examples/echoserver/include.am
+include testsuite/include.am
+include tests/include.am
+include sslSniffer/sslSnifferTest/include.am
+include rpm/include.am
+include mqx/ctaocrypt_test/Sources/include.am
+include mqx/cyassl/include.am
+include mqx/cyassl_client/Sources/include.am
+include mqx/util_lib/Sources/include.am
+include mplabx/ctaocrypt_benchmark.X/nbproject/include.am
+include mplabx/ctaocrypt_test.X/nbproject/include.am
+include mplabx/cyassl.X/nbproject/include.am
+include mcapi/include.am
+include mcapi/ctaocrypt_mcapi.X/nbproject/include.am
+include mcapi/ctaocrypt_test.X/nbproject/include.am
+include mcapi/cyassl.X/nbproject/include.am
+include mcapi/zlib.X/nbproject/include.am
+
+if USE_VALGRIND
+TESTS_ENVIRONMENT=./valgrind-error.sh
+endif
+
+TESTS += $(check_PROGRAMS)
+test: check
+
+DISTCLEANFILES+= cyassl-config 
+
+maintainer-clean-local:
+	-rm Makefile.in
+	-rm aclocal.m4
+	-rm build-aux/compile
+	-rm build-aux/config.guess
+	-rm build-aux/config.sub
+	-rm build-aux/depcomp
+	-rm build-aux/install-sh
+	-rm build-aux/ltmain.sh
+	-rm build-aux/missing
+	-rm cyassl-config
+	-rmdir build-aux
+	-rm configure
+	-rm config.log
+	-rm config.status
+	-rm config.in
+	-rm m4/libtool.m4
+	-rm m4/ltoptions.m4
+	-rm m4/ltsugar.m4
+	-rm m4/ltversion.m4
+	-rm m4/lt~obsolete.m4
+	find . -type f -name '*~' -exec rm -f '{}' \;
+	-rm -f @PACKAGE@-*.tar.gz
+	-rm -f @PACKAGE@-*.rpm

 # !!!! first line of rule has to start with a hard (real) tab, not spaces
-basic:
-	cd src; $(MAKE); cd ../testsuite; $(MAKE); cd ../
+egs:
+	$(MAKE) examples/client/client; \
+	$(MAKE) examples/echoclient/echoclient;\
+	$(MAKE) examples/server/server; \
+	$(MAKE) examples/echoserver/echoserver;

-openssl-links:
-	cd lib; ln -s ../src/.libs/libcyassl.a libcrypto.a; \
-    ln -s ../src/.libs/libcyassl.a libssl.a; \
-    ln -s ../src/.libs/libcyassl.a libcyassl.a; cd ../
+ctc:
+	$(MAKE) ctaocrypt/test/testctaocrypt; \
+	$(MAKE) ctaocrypt/benchmark/benchmark; 

-#  !!! test -e with a .name like .libs then a * like *dylib fails so just
-#      look for the .dylib on OS X, and .so otherwise but copy all parts
-install:
-	$(mkinstalldirs) $(DESTDIR)$(includedir) $(DESTDIR)$(libdir); \
-    cp -fpR include/* $(DESTDIR)$(includedir); \
-    cp -fpR ctaocrypt/include/* $(DESTDIR)$(includedir); \
-    cp -fpR src/libcyassl.la $(DESTDIR)$(libdir); \
-    if test -e src/.libs/libcyassl.a; then \
-    cp -fp src/.libs/libcyassl.a $(DESTDIR)$(libdir); fi; \
-    if test -e src/.libs/libcyassl.so; then \
-    cp -fpR src/.libs/libcyassl.so* $(DESTDIR)$(libdir); fi; \
-    if test -e src/.libs/libcyassl.dylib; then \
-    cp -fpR src/.libs/libcyassl.*dylib $(DESTDIR)$(libdir); fi;
+install-exec-local:	install-generic-config
+
+install-generic-config:
+	$(mkinstalldirs) $(DESTDIR)$(bindir)
+	$(INSTALL_SCRIPT) @GENERIC_CONFIG@ $(DESTDIR)$(bindir)
+
+uninstall-local:
+	-rm -f $(DESTDIR)$(bindir)/@GENERIC_CONFIG@
+
+merge-clean:
+	@find ./ | $(GREP) \.gcda | xargs rm -f
+	@find ./ | $(GREP) \.gcno | xargs rm -f
+	@find ./ | $(GREP) \.gz | xargs rm -f
+	@find ./ | $(GREP) \.orig | xargs rm -f
+	@find ./ | $(GREP) \.rej | xargs rm -f
+	@find ./ | $(GREP) \.rpm | xargs rm -f
+	@find ./ | $(GREP) \.THIS | xargs rm -f
+	@find ./ | $(GREP) \.OTHER | xargs rm -f
+	@find ./ | $(GREP) \.BASE | xargs rm -f
+	@find ./ | $(GREP) \~$$ | xargs rm -f
--- a/353
+++ b/353
@@ -1,19 +1,360 @@
-*** Note, Please read ***
+*** Notes, Please read ***

+Note 1)
+CyaSSL now needs all examples and tests to be run from the CyaSSL home
+directory.  This is because it finds certs and keys from ./certs/.  Trying to
+maintain the ability to run each program from its own directory, the testsuite
+directory, the main directory (for make check/test), and for the various
+different project layouts (with or without config) was becoming harder and 
+harder.  Now to run testsuite just do:
+
+./testsuite/testsuite
+
+or 
+
+make check    (when using autoconf)
+
+On *nix or Windows the examples and testsuite will check to see if the current
+directory is the source directory and if so, attempt to change to the CyaSSL
+home directory.  This should work in most setup cases, if not, just follow the
+beginning of the note and specify the full path.
+
+
+Note 2)
 CyaSSL takes a different approach to certificate verification than OpenSSL does.
 The default policy for the client is to verify the server, this means that if
 you don't load CAs to verify the server you'll get a connect error, unable to 
-verify.  It you want to mimic OpenSSL behavior of having SSL_connect succeed
-even if verifying the server fails and reducing security you can do this by
-calling:
+verify (-155).  It you want to mimic OpenSSL behavior of having SSL_connect
+succeed even if verifying the server fails and reducing security you can do
+this by calling:

 SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);

 before calling SSL_new();  Though it's not recommended.

-*** end Note ***
+*** end Notes ***

-CyaSSL Release 1.8.0 (12/23/2010)
+
+CyaSSL Release 2.6.0 (04/15/2013)
+
+Release 2.6.0 CyaSSL has bug fixes and new features including:
+- DTLS 1.2 support including AEAD ciphers
+- SHA-3 finalist Blake2 support, it's fast and uses little resources
+- SHA-384 cipher suites including ECC ones
+- HMAC now supports SHA-512
+- Track memory use for example client/server with -t option
+- Better IPv6 examples with --enable-ipv6, before if ipv6 examples/tests were
+  turned on, localhost only was used.  Now link-local (with scope ids) and ipv6
+  hosts can be used as well.
+- Xcode v4.6 project for iOS v6.1 update
+- settings.h is now checked in all *.c files for true one file setting detection
+- Better alignment at SSL layer for hardware crypto alignment needs
+    * Note, SSL itself isn't friendly to alignment with 5 byte TLS headers and
+      13 bytes DTLS headers, but every effort is now made to align with the
+      CYASSL_GENERAL_ALIGNMENT flag which sets desired alignment requirement
+- NO_64BIT flag to turn off 64bit data type accumulators in public key code
+    * Note, some systems are faster with 32bit accumulators 
+- --enable-stacksize for example client/server stack use
+    * Note, modern desktop Operating Systems may add bytes to each stack frame
+- Updated compression/decompression with direct crypto access
+- All ./configure options are now lowercase only for consistency
+- ./configure builds default to fastmath option
+    * Note, if on ia32 and building in shared mode this may produce a problem
+      with a missing register being available because of PIC, there are at least
+      5 solutions to this:
+      1) --disable-fastmath , don't use fastmath
+      2) --disable-shared, don't build a shared library
+      3) C_EXTRA_FLAGS=-DTFM_NO_ASM , turn off assembly use
+      4) use clang, it just seems to work
+      5) play around with no PIC options to force all registers being open
+- Many new ./configure switches for option enable/disable for example
+    * rsa
+    * dh
+    * dsa
+    * md5
+    * sha 
+    * arc4
+    * null    (allow NULL ciphers)
+    * oldtls  (only use TLS 1.2)
+    * asn     (no certs or public keys allowed)
+- ./configure generates cyassl/options.h which allows a header the user can 
+  include in their app to make sure the same options are set at the app and
+  CyaSSL level.
+- autoconf no longer needs serial-tests which lowers version requirements of
+  automake to 1.11 and autoconf to 2.63
+
+The CyaSSL manual is available at:
+http://www.yassl.com/documentation/CyaSSL-Manual.pdf.  For build instructions 
+and comments about the new features please check the manual.
+
+
+
+************** CyaSSL Release 2.5.0 (02/04/2013)
+
+Release 2.5.0 CyaSSL has bug fixes and new features including:
+- Fix for TLS CBC padding timing attack identified by Nadhem Alfardan and
+  Kenny Paterson: http://www.isg.rhul.ac.uk/tls/
+- Microchip PIC32 (MIPS16, MIPS32) support
+- Microchip MPLAB X example projects for PIC32 Ethernet Starter Kit
+- Updated CTaoCrypt benchmark app for embedded systems
+- 1024-bit test certs/keys and cert/key buffers
+- AES-CCM-8 crypto and cipher suites
+- Camellia crypto and cipher suites
+- Bumped minimum autoconf version to 2.65, automake version to 1.12
+- Addition of OCSP callbacks
+- STM32F2 support with hardware crypto and RNG 
+- Cavium NITROX support
+
+CTaoCrypt now has support for the Microchip PIC32 and has been tested with
+the Microchip PIC32 Ethernet Starter Kit, the XC32 compiler and
+MPLAB X IDE in both MIPS16 and MIPS32 instruction set modes. See the README
+located under the <cyassl_root>/mplabx directory for more details.
+
+To add Cavium NITROX support do:
+
+./configure --with-cavium=/home/user/cavium/software
+
+pointing to your licensed cavium/software directory.  Since Cavium doesn't
+build a library we pull in the cavium_common.o file which gives a libtool 
+warning about the portability of this.  Also, if you're using the github source
+tree you'll need to remove the -Wredundant-decls warning from the generated
+Makefile because the cavium headers don't conform to this warning.  Currently
+CyaSSL supports Cavium RNG, AES, 3DES, RC4, HMAC, and RSA directly at the crypto
+layer.  Support at the SSL level is parital and currently just does AES, 3DES,
+and RC4.  RSA and HMAC are slower until the Cavium calls can be utilized in non
+blocking mode.  The example client turns on cavium support as does the crypto
+test and benchmark.  Please see the HAVE_CAVIUM define.
+
+CyaSSL is able to use the STM32F2 hardware-based cryptography and random number
+generator through the STM32F2 Standard Peripheral Library. For necessary
+defines, see the CYASSL_STM32F2 define in settings.h. Documentation for the
+STM32F2 Standard Peripheral Library can be found in the following document: 
+http://www.st.com/internet/com/TECHNICAL_RESOURCES/TECHNICAL_LITERATURE/USER_MANUAL/DM00023896.pdf
+
+The CyaSSL manual is available at:
+http://www.yassl.com/documentation/CyaSSL-Manual.pdf.  For build instructions 
+and comments about the new features please check the manual.
+
+
+
+*************** CyaSSL Release 2.4.6 (12/20/2012)
+
+Release 2.4.6 CyaSSL has bug fixes and a few new features including:
+- ECC into main version
+- Lean PSK build (reduced code size, RAM usage, and stack usage)
+- FreeBSD CRL monitor support
+- CyaSSL_peek()
+- CyaSSL_send() and CyaSSL_recv() for I/O flag setting
+- CodeWarrior Support
+- MQX Support
+- Freescale Kinetis support including Hardware RNG
+- autoconf builds use jobserver
+- cyassl-config
+- Sniffer memory reductions
+
+Thanks to Brian Aker for the improved autoconf system, make rpm, cyassl-config,
+warning system, and general good ideas for improving CyaSSL!
+
+The Freescale Kinetis K70 RNGA documentation can be found in Chapter 37 of the
+K70 Sub-Family Reference Manual:
+http://cache.freescale.com/files/microcontrollers/doc/ref_manual/K70P256M150SF3RM.pdf
+
+The CyaSSL manual is available at:
+http://www.yassl.com/documentation/CyaSSL-Manual.pdf.  For build instructions 
+and comments about the new features please check the manual.
+
+
+*************** CyaSSL Release 2.4.0 (10/10/2012)
+
+Release 2.4.0 CyaSSL has bug fixes and a few new features including:
+- DTLS reliability
+- Reduced memory usage after handshake
+- Updated build process
+
+The CyaSSL manual is available at:
+http://www.yassl.com/documentation/CyaSSL-Manual.pdf.  For build instructions 
+and comments about the new features please check the manual.
+
+
+
+*************** CyaSSL Release 2.3.0 (8/10/2012)
+
+Release 2.3.0 CyaSSL has bug fixes and a few new features including:
+- AES-GCM crypto and cipher suites
+- make test cipher suite checks
+- Subject AltName processing
+- Command line support for client/server examples
+- Sniffer SessionTicket support
+- SHA-384 cipher suites
+- Verify cipher suite validity when user overrides
+- CRL dir monitoring
+- DTLS Cookie support, reliability coming soon
+
+The CyaSSL manual is available at:
+http://www.yassl.com/documentation/CyaSSL-Manual.pdf.  For build instructions 
+and comments about the new features please check the manual.
+
+
+
+***************CyaSSL Release 2.2.0 (5/18/2012)
+
+Release 2.2.0 CyaSSL has bug fixes and a few new features including:
+- Initial CRL support (--enable-crl)
+- Initial OCSP support (--enable-ocsp)
+- Add static ECDH suites
+- SHA-384 support
+- ECC client certificate support
+- Add medium session cache size (1055 sessions) 
+- Updated unit tests
+- Protection against mutex reinitialization
+
+
+The CyaSSL manual is available at:
+http://www.yassl.com/documentation/CyaSSL-Manual.pdf.  For build instructions 
+and comments about the new features please check the manual.
+
+
+
+***************CyaSSL Release 2.0.8 (2/24/2012)
+
+Release 2.0.8 CyaSSL has bug fixes and a few new features including:
+- A fix for malicious certificates pointed out by Remi Gacogne (thanks)
+  resulting in NULL pointer use.
+- Respond to renegotiation attempt with no_renegoatation alert
+- Add basic path support for load_verify_locations()
+- Add set Temp EC-DHE key size
+- Extra checks on rsa test when porting into
+
+
+The CyaSSL manual is available at:
+http://www.yassl.com/documentation/CyaSSL-Manual.pdf.  For build instructions 
+and comments about the new features please check the manual.
+
+
+
+************* CyaSSL Release 2.0.6 (1/27/2012)
+
+Release 2.0.6 CyaSSL has bug fixes and a few new features including:
+- Fixes for CA basis constraint check
+- CTX reference counting
+- Initial unit test additions
+- Lean and Mean Windows fix
+- ECC benchmarking
+- SSMTP build support
+- Ability to group handshake messages with set_group_messages(ctx/ssl)
+- CA cache addition callback
+- Export Base64_Encode for general use
+
+The CyaSSL manual is available at:
+http://www.yassl.com/documentation/CyaSSL-Manual.pdf.  For build instructions 
+and comments about the new features please check the manual.
+
+
+
+************* CyaSSL Release 2.0.2 (12/05/2011)
+
+Release 2.0.2 CyaSSL has bug fixes and a few new features including:
+- CTaoCrypt Runtime library detection settings when directly using the crypto
+  library
+- Default certificate generation now uses SHAwRSA and adds SHA256wRSA generation
+- All test certificates now use 2048bit and SHA-1 for better modern browser
+  support
+- Direct AES block access and AES-CTR (counter) mode
+- Microchip pic32 support
+
+The CyaSSL manual is available at:
+http://www.yassl.com/documentation/CyaSSL-Manual.pdf.  For build instructions 
+and comments about the new features please check the manual.
+
+
+
+************* CyaSSL Release 2.0.0rc3 (9/28/2011)
+
+Release 2.0.0rc3 for CyaSSL has bug fixes and a few new features including:
+- updated autoconf support
+- better make install and uninstall  (uses system directories)
+- make test / make check
+- CyaSSL headers now in <cyassl/*.h>
+- CTaocrypt headers now in <cyassl/ctaocrypt/*.h>
+- OpenSSL compatibility headers now in <cyassl/openssl/*.h>
+- examples and tests all run from home diretory so can use certs in ./certs
+        (see note 1)
+
+So previous applications that used the OpenSSL compatibility header
+<openssl/ssl.h> now need to include <cyassl/openssl/ssl.h> instead, no other
+changes are required.
+
+Special Thanks to Brian Aker for his autoconf, install, and header patches.
+
+The CyaSSL manual is available at:
+http://www.yassl.com/documentation/CyaSSL-Manual.pdf.  For build instructions 
+and comments about the new features please check the manual.
+
+************CyaSSL Release 2.0.0rc2 (6/6/2011)
+
+Release 2.0.0rc2 for CyaSSL has bug fixes and a few new features including:
+- bug fixes (Alerts, DTLS with DHE)
+- FreeRTOS support
+- lwIP support
+- Wshadow warnings removed
+- asn public header
+- CTaoCrypt public headers now all have ctc_ prefix (the manual is still being
+        updated to relfect this change)
+- and more.
+
+This is the 2nd and perhaps final release candidate for version 2.
+Please send any comments or questions to support@yassl.com.
+
+The CyaSSL manual is available at:
+http://www.yassl.com/documentation/CyaSSL-Manual.pdf.  For build instructions 
+and comments about the new features please check the manual.
+
+***********CyaSSL Release 2.0.0rc1 (5/2/2011)
+
+Release 2.0.0rc1 for CyaSSL has many new features including:
+- bug fixes
+- SHA-256 cipher suites 
+- Root Certificate Verification (instead of needing all certs in the chain) 
+- PKCS #8 private key encryption (supports PKCS #5 v1-v2 and PKCS #12) 
+- Serial number retrieval for x509 
+- PBKDF2 and PKCS #12 PBKDF 
+- UID parsing for x509 
+- SHA-256 certificate signatures 
+- Client and server can send chains (SSL_CTX_use_certificate_chain_file) 
+- CA loading can now parse multiple certificates per file
+- Dynamic memory runtime hooks
+- Runtime hooks for logging
+- EDH on server side
+- More informative error codes
+- More informative logging messages
+- Version downgrade more robust (use SSL_v23*)
+- Shared build only by default through ./configure
+- Compiler visibility is now used, internal functions not polluting namespace
+- Single Makefile, no recursion, for faster and simpler building
+- Turn on all warnings possible build option, warning fixes
+- and more.
+
+Because of all the new features and the multiple OS, compiler, feature-set
+options that CyaSSL allows, there may be some configuration fixes needed.
+Please send any comments or questions to support@yassl.com.
+
+The CyaSSL manual is available at:
+http://www.yassl.com/documentation/CyaSSL-Manual.pdf.  For build instructions 
+and comments about the new features please check the manual.
+
+****************** CyaSSL Release 1.9.0 (3/2/2011)
+
+Release 1.9.0 for CyaSSL adds bug fixes, improved TLSv1.2 through testing and
+better hash/sig algo ids, --enable-webServer for the yaSSL embedded web server,
+improper AES key setup detection, user cert verify callback improvements, and
+more.
+
+The CyaSSL manual offering is included in the doc/ directory.  For build
+instructions and comments about the new features please check the manual.
+
+Please send any comments or questions to support@yassl.com.
+
+****************** CyaSSL Release 1.8.0 (12/23/2010)

 Release 1.8.0 for CyaSSL adds bug fixes, x509 v3 CA signed certificate
 generation, a C standard library abstraction layer, lower memory use, increased
--- a/autogen.sh
+++ b/autogen.sh
@@ -0,0 +1,16 @@
+#!/bin/sh
+#
+# Create configure and makefile stuff...
+#
+
+if test -d .git; then
+  WARNINGS="all,error"
+else
+  WARNINGS="all"
+fi
+
+autoreconf --install --force --verbose
+
+if test -d .git; then
+    ln -s -f ../../pre-commit.sh .git/hooks/pre-commit
+fi
--- a/certs/1024/client-cert.der
+++ b/certs/1024/client-cert.der
--- a/certs/1024/client-cert.pem
+++ b/certs/1024/client-cert.pem
@@ -0,0 +1,59 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 10163970144298616102 (0x8d0dacfec6984526)
+    Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, ST=Oregon, L=Portland, O=yaSSL, OU=Programming, CN=www.yassl.com/emailAddress=info@yassl.com
+        Validity
+            Not Before: Jan 18 21:42:49 2013 GMT
+            Not After : Oct 15 21:42:49 2015 GMT
+        Subject: C=US, ST=Oregon, L=Portland, O=yaSSL, OU=Programming, CN=www.yassl.com/emailAddress=info@yassl.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (1024 bit)
+                Modulus:
+                    00:bc:73:0e:a8:49:f3:74:a2:a9:ef:18:a5:da:55:
+                    99:21:f9:c8:ec:b3:6d:48:e5:35:35:75:77:37:ec:
+                    d1:61:90:5f:3e:d9:e4:d5:df:94:ca:c1:a9:d7:19:
+                    da:86:c9:e8:4d:c4:61:36:82:fe:ab:ad:7e:77:25:
+                    bb:8d:11:a5:bc:62:3a:a8:38:cc:39:a2:04:66:b4:
+                    f7:f7:f3:aa:da:4d:02:0e:bb:5e:8d:69:48:dc:77:
+                    c9:28:0e:22:e9:6b:a4:26:ba:4c:e8:c1:fd:4a:6f:
+                    2b:1f:ef:8a:ae:f6:90:62:e5:64:1e:eb:2b:3c:67:
+                    c8:dc:27:00:f6:91:68:65:a9
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                81:69:0F:F8:DF:DD:CF:34:29:D5:67:75:71:85:C7:75:10:69:59:EC
+            X509v3 Authority Key Identifier: 
+                keyid:81:69:0F:F8:DF:DD:CF:34:29:D5:67:75:71:85:C7:75:10:69:59:EC
+
+            X509v3 Basic Constraints: 
+                CA:TRUE
+    Signature Algorithm: sha1WithRSAEncryption
+         72:66:0f:6a:a1:85:95:06:e6:87:1a:ed:2b:da:ed:84:90:89:
+         a6:31:4d:60:f2:7b:63:0c:dc:9b:44:4c:d6:62:41:24:74:30:
+         70:4e:07:10:05:12:5e:14:b3:dd:cf:58:27:93:cf:aa:4f:85:
+         2c:35:0e:ff:5b:a8:6b:b5:95:32:d5:cc:73:68:5b:1b:c4:f8:
+         89:5e:3d:f8:02:39:32:7d:06:a4:32:e9:b3:ef:62:a0:43:5d:
+         4f:fb:ce:3d:08:33:af:3d:7f:12:cb:8a:5a:c2:63:db:3e:dd:
+         ea:5b:67:10:49:9f:5b:96:1b:4e:5d:bc:4e:9a:7c:1f:ab:56:
+         47:4a
+-----BEGIN CERTIFICATE-----
+MIIC7DCCAlWgAwIBAgIJAI0NrP7GmEUmMA0GCSqGSIb3DQEBBQUAMIGOMQswCQYD
+VQQGEwJVUzEPMA0GA1UECAwGT3JlZ29uMREwDwYDVQQHDAhQb3J0bGFuZDEOMAwG
+A1UECgwFeWFTU0wxFDASBgNVBAsMC1Byb2dyYW1taW5nMRYwFAYDVQQDDA13d3cu
+eWFzc2wuY29tMR0wGwYJKoZIhvcNAQkBFg5pbmZvQHlhc3NsLmNvbTAeFw0xMzAx
+MTgyMTQyNDlaFw0xNTEwMTUyMTQyNDlaMIGOMQswCQYDVQQGEwJVUzEPMA0GA1UE
+CAwGT3JlZ29uMREwDwYDVQQHDAhQb3J0bGFuZDEOMAwGA1UECgwFeWFTU0wxFDAS
+BgNVBAsMC1Byb2dyYW1taW5nMRYwFAYDVQQDDA13d3cueWFzc2wuY29tMR0wGwYJ
+KoZIhvcNAQkBFg5pbmZvQHlhc3NsLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
+gYkCgYEAvHMOqEnzdKKp7xil2lWZIfnI7LNtSOU1NXV3N+zRYZBfPtnk1d+UysGp
+1xnahsnoTcRhNoL+q61+dyW7jRGlvGI6qDjMOaIEZrT39/Oq2k0CDrtejWlI3HfJ
+KA4i6WukJrpM6MH9Sm8rH++KrvaQYuVkHusrPGfI3CcA9pFoZakCAwEAAaNQME4w
+HQYDVR0OBBYEFIFpD/jf3c80KdVndXGFx3UQaVnsMB8GA1UdIwQYMBaAFIFpD/jf
+3c80KdVndXGFx3UQaVnsMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEA
+cmYPaqGFlQbmhxrtK9rthJCJpjFNYPJ7Ywzcm0RM1mJBJHQwcE4HEAUSXhSz3c9Y
+J5PPqk+FLDUO/1uoa7WVMtXMc2hbG8T4iV49+AI5Mn0GpDLps+9ioENdT/vOPQgz
+rz1/EsuKWsJj2z7d6ltnEEmfW5YbTl28Tpp8H6tWR0o=
+-----END CERTIFICATE-----
--- a/certs/1024/client-key.der
+++ b/certs/1024/client-key.der
--- a/certs/1024/client-key.pem
+++ b/certs/1024/client-key.pem
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQC8cw6oSfN0oqnvGKXaVZkh+cjss21I5TU1dXc37NFhkF8+2eTV
+35TKwanXGdqGyehNxGE2gv6rrX53JbuNEaW8YjqoOMw5ogRmtPf386raTQIOu16N
+aUjcd8koDiLpa6Qmukzowf1Kbysf74qu9pBi5WQe6ys8Z8jcJwD2kWhlqQIDAQAB
+AoGAE5fq6Dh4JaJcBM4NQHwx5cRwzZuCO1gJhjtmX9wxkPFP1dsV3d7XO5WTMRgx
+Dl6j1qIacW6BSBxLz9uOeoZhMtz7VcEWbSeSJEWL8bhIsUsdrN7a3Y4vwpH7palu
+Dpq8f1QGO+f58PKeOpW09NyW5bdTgZOOsPZvnK2ZQcHTAECQQD6R9R6fJI8Ve+B
+8EEwLaPPjxzmhycFcA3fmDXW8Ys4LyS10IS2eU9xKZRa8GRqrOdyxu1NWZg+Zzrz
+dCz5YRdpAkEAwMGCDQzrxi/ckvmdghox6en3S/KChxzuFmrRHRiCcPPAti/28/cd
+8YYjyE7rj1aOj/W/8fcrtcw9xlc5DBtUQQJBAJ1+Bd7t9Ley+/wwS1Ud4y8BR5Zp
+Bc0OLiy9g2O2q3y3bcpbZKfOvobfO1PeYdIe66X2N+2sq3jZTOdV+9cRmcECQBiY
+GCnmHic5cCForAovoXLBIYaVOMZYkKBXnLrjp7EVyN72G8JhI3bvsJ0cRL4TQzln
+F8idyvv1RWSLOIIs8oECQDmJ5ZwZVTC6t0iMSBQO9J9+d5dD4bQZNTEjdZw7RK1p
+ElbuAGFkFmbTfHQrFbSi/r8IaxpdP5ASsQWGMSnb2eI=
+-----END RSA PRIVATE KEY-----
--- a/certs/1024/dh1024.der
+++ b/certs/1024/dh1024.der
--- a/certs/1024/dh1024.pem
+++ b/certs/1024/dh1024.pem
@@ -0,0 +1,17 @@
+    PKCS#3 DH Parameters: (1024 bit)
+        prime:
+            00:a4:d2:b8:6e:78:f5:d9:ed:2d:7c:dd:b6:16:86:
+            5a:4b:05:76:90:dd:66:61:b9:6d:52:a7:1c:af:62:
+            c6:69:47:7b:39:f2:fb:94:ec:bc:79:ff:24:5e:ef:
+            79:bb:59:b2:fc:ca:07:d6:f4:e9:34:f7:e8:38:e7:
+            d7:33:44:1d:a3:64:76:1a:84:97:54:74:40:84:1f:
+            15:fe:7c:25:2a:2b:25:fd:9e:c1:89:33:8c:39:25:
+            2b:40:e6:cd:f8:a8:a1:8a:53:c6:47:b2:a0:d7:8f:
+            eb:2e:60:0a:0d:4b:f8:b4:94:8c:63:0a:ad:c7:10:
+            ea:c7:a1:b9:9d:f2:a8:37:73
+        generator: 2 (0x2)
+-----BEGIN DH PARAMETERS-----
+MIGHAoGBAKTSuG549dntLXzdthaGWksFdpDdZmG5bVKnHK9ixmlHezny+5TsvHn/
+JF7vebtZsvzKB9b06TT36Djn1zNEHaNkdhqEl1R0QIQfFf58JSorJf2ewYkzjDkl
+K0DmzfiooYpTxkeyoNeP6y5gCg1L+LSUjGMKrccQ6sehuZ3yqDdzAgEC
+-----END DH PARAMETERS-----
--- a/certs/1024/dsa1024.der
+++ b/certs/1024/dsa1024.der
--- a/certs/1024/dsa1024.pem
+++ b/certs/1024/dsa1024.pem
@@ -0,0 +1,12 @@
+-----BEGIN DSA PRIVATE KEY-----
+MIIBvAIBAAKBgQD3S/m7FZjr3d4eTnGIhfK3uuJK2nZAzWlInoN8EfdlMXj1JS33
+t/hSP77YtsX+GBVbudWShryyF3zYsL6gfPLVc3pYj43lSgCZg0rAnhYJoRA01Rm7
+Y+Pdg3R/EMpzde4xSt2f4AJqne6yS6drKmzHhnfoBBXckrR6KR9Og2OFVQIVANIF
+5HP7wZnF3GikjZInPeJSX4mLAoGBAKohAglDbvuiVBSFCvQofMvM2/UeohipId6I
+iDOMLuuNo/AdyI/2fvjPEvW0oRFvDNTwBq3E/BRFx5QVvBlLru+Tak/MFNhHizlm
+hwLUKAq47gk39ACgBKd5p9I89zRDVo7QfMLYTQ+J7RTBLJxMGZue3FMJn98t8Awn
+VDp3FC3eAoGBAOgffLfAVFGnKC1YfN7UXN3VdoQ8NiDAwyXXOjjhVMj9QGgaIVQm
+ORS/9qOcXtkr98klugAJy38MSiT9FRYVSM0LUkRAe5BjK5AixRgFgFOvgx9U4rCi
+C1qSJOFiKD+3yrmJ1qC3ra4F4cFZQO1KG2ine/vDIIHvS/NpkbDOOrA4AhQlODuh
+GXXfm/VyU0854RzsE4SCGA==
+-----END DSA PRIVATE KEY-----
--- a/certs/1024/include.am
+++ b/certs/1024/include.am
@@ -0,0 +1,17 @@
+# vim:ft=automake
+# All paths should be given relative to the root
+#
+
+EXTRA_DIST += \
+         certs/1024/client-cert.pem \
+         certs/1024/client-key.pem \
+         certs/1024/dh1024.pem \
+         certs/1024/dsa1024.pem
+
+EXTRA_DIST += \
+	     certs/1024/client-cert.der \
+         certs/1024/client-key.der \
+         certs/1024/dh1024.der \
+         certs/1024/dsa1024.der \
+         certs/1024/rsa1024.der
+
--- a/certs/1024/rsa1024.der
+++ b/certs/1024/rsa1024.der
--- a/certs/ca-cert.pem
+++ b/certs/ca-cert.pem
@@ -1,56 +1,87 @@
+-----BEGIN CERTIFICATE-----
+MIIEnjCCA4agAwIBAgIJAOnQp195JfQ8MA0GCSqGSIb3DQEBBQUAMIGQMQswCQYD
+VQQGEwJVUzEQMA4GA1UECBMHTW9udGFuYTEQMA4GA1UEBxMHQm96ZW1hbjERMA8G
+A1UEChMIU2F3dG9vdGgxEzARBgNVBAsTCkNvbnN1bHRpbmcxFjAUBgNVBAMTDXd3
+dy55YXNzbC5jb20xHTAbBgkqhkiG9w0BCQEWDmluZm9AeWFzc2wuY29tMB4XDTEx
+MTAyNDE4MTgxNVoXDTE0MDcyMDE4MTgxNVowgZAxCzAJBgNVBAYTAlVTMRAwDgYD
+VQQIEwdNb250YW5hMRAwDgYDVQQHEwdCb3plbWFuMREwDwYDVQQKEwhTYXd0b290
+aDETMBEGA1UECxMKQ29uc3VsdGluZzEWMBQGA1UEAxMNd3d3Lnlhc3NsLmNvbTEd
+MBsGCSqGSIb3DQEJARYOaW5mb0B5YXNzbC5jb20wggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQC/DMotFLIehEJbzTgfSvJNdRDxtjWf38p9A5jTrN4DZu4q
+8diwfW4HVAsQmCFNgMsSIOfMT95FfclydzLqypC7aVIQAy+o85XF8YtiVhvvZ2+k
+EEGVrQqb46XAsNJwdlAwW6joCCx87aeieo04KRysx+3yfJWwlYJ9SVw4zXcl772A
+dVOUPD3KY1ufFbXTHRMvGdE823Y6zLh9yeXC19pAb9gh3HMbQi1TnP4a/H2rejY/
+mN6EfAVnzmoUOIep8Yy1aMtof3EgK/WgY/VWL6Mm0rdvsVoX1ziZCP6TWG/+wxNJ
+CBYLp01nAFIxZyNOmO1RRR25BNkL7Ngos0u97TZ5AgMBAAGjgfgwgfUwHQYDVR0O
+BBYEFCeOZxF0wyYdP+0zY7Ok2B0w5ejVMIHFBgNVHSMEgb0wgbqAFCeOZxF0wyYd
+P+0zY7Ok2B0w5ejVoYGWpIGTMIGQMQswCQYDVQQGEwJVUzEQMA4GA1UECBMHTW9u
+dGFuYTEQMA4GA1UEBxMHQm96ZW1hbjERMA8GA1UEChMIU2F3dG9vdGgxEzARBgNV
+BAsTCkNvbnN1bHRpbmcxFjAUBgNVBAMTDXd3dy55YXNzbC5jb20xHTAbBgkqhkiG
+9w0BCQEWDmluZm9AeWFzc2wuY29tggkA6dCnX3kl9DwwDAYDVR0TBAUwAwEB/zAN
+BgkqhkiG9w0BAQUFAAOCAQEAX4YU9FGLvKVOMNperJr4bNkmS5P54xyJb57us513
+PokgdqPm6IYVIdviM7I01dCf88Gkh5Jc+dH/MC+OA7yzPAwyo5BfGpAer53zntcH
+Aql9J2ZjL68Y16wYmIyDjzjzC6w2EHX7ynYTUFsCj3O/46Dug1IlVM4mzpy9L3mr
+G2C4kvEDwPw7CNnArdVyCCWAYS3cn6eDYgdH4AdMSwcwBKmHHFV/BxLQy0Jdy89m
+ARoX7vkPYLfbb2jlTkFibtNvYE9LJ97PGAfxE13LP6klRNpSXMgE4VYS9SqQTtHi
+rwG1I6HsMdp7Y2nEuPPnzqE9wNtt87LZRsifw7hwWh9/yg==
+-----END CERTIFICATE-----
 Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
-            8a:37:22:65:73:f5:aa:e8
-        Signature Algorithm: md5WithRSAEncryption
-        Issuer: C=US, ST=Montana, L=Bozeman, O=sawtooth, OU=consulting, CN=www.sawtooth-consulting.com/emailAddress=info@yassl.com
+            e9:d0:a7:5f:79:25:f4:3c
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.yassl.com/emailAddress=info@yassl.com
        Validity
-            Not Before: Jun 30 18:47:10 2010 GMT
-            Not After : Mar 26 18:47:10 2013 GMT
-        Subject: C=US, ST=Montana, L=Bozeman, O=sawtooth, OU=consulting, CN=www.sawtooth-consulting.com/emailAddress=info@yassl.com
+            Not Before: Oct 24 18:18:15 2011 GMT
+            Not After : Jul 20 18:18:15 2014 GMT
+        Subject: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.yassl.com/emailAddress=info@yassl.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (512 bit)
-                Modulus (512 bit):
-                    00:97:30:b9:1a:92:ef:25:4f:ca:4c:11:31:95:1a:
-                    e1:c0:10:19:0a:20:b9:37:80:1a:57:38:02:4e:1b:
-                    c5:0f:28:4f:da:e3:c9:16:aa:50:bd:4a:fb:b7:71:
-                    c7:35:cc:63:81:c1:dd:9d:33:f9:38:16:88:32:a0:
-                    aa:56:23:03:a3
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:bf:0c:ca:2d:14:b2:1e:84:42:5b:cd:38:1f:4a:
+                    f2:4d:75:10:f1:b6:35:9f:df:ca:7d:03:98:d3:ac:
+                    de:03:66:ee:2a:f1:d8:b0:7d:6e:07:54:0b:10:98:
+                    21:4d:80:cb:12:20:e7:cc:4f:de:45:7d:c9:72:77:
+                    32:ea:ca:90:bb:69:52:10:03:2f:a8:f3:95:c5:f1:
+                    8b:62:56:1b:ef:67:6f:a4:10:41:95:ad:0a:9b:e3:
+                    a5:c0:b0:d2:70:76:50:30:5b:a8:e8:08:2c:7c:ed:
+                    a7:a2:7a:8d:38:29:1c:ac:c7:ed:f2:7c:95:b0:95:
+                    82:7d:49:5c:38:cd:77:25:ef:bd:80:75:53:94:3c:
+                    3d:ca:63:5b:9f:15:b5:d3:1d:13:2f:19:d1:3c:db:
+                    76:3a:cc:b8:7d:c9:e5:c2:d7:da:40:6f:d8:21:dc:
+                    73:1b:42:2d:53:9c:fe:1a:fc:7d:ab:7a:36:3f:98:
+                    de:84:7c:05:67:ce:6a:14:38:87:a9:f1:8c:b5:68:
+                    cb:68:7f:71:20:2b:f5:a0:63:f5:56:2f:a3:26:d2:
+                    b7:6f:b1:5a:17:d7:38:99:08:fe:93:58:6f:fe:c3:
+                    13:49:08:16:0b:a7:4d:67:00:52:31:67:23:4e:98:
+                    ed:51:45:1d:b9:04:d9:0b:ec:d8:28:b3:4b:bd:ed:
+                    36:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
-                3B:66:FD:A0:40:C6:F4:E2:70:CF:21:1A:0C:4F:67:FE:B7:4B:42:09
+                27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
            X509v3 Authority Key Identifier: 
-                keyid:3B:66:FD:A0:40:C6:F4:E2:70:CF:21:1A:0C:4F:67:FE:B7:4B:42:09
-                DirName:/C=US/ST=Montana/L=Bozeman/O=sawtooth/OU=consulting/CN=www.sawtooth-consulting.com/emailAddress=info@yassl.com
-                serial:8A:37:22:65:73:F5:AA:E8
+                keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
+                DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.yassl.com/emailAddress=info@yassl.com
+                serial:E9:D0:A7:5F:79:25:F4:3C

            X509v3 Basic Constraints: 
                CA:TRUE
-    Signature Algorithm: md5WithRSAEncryption
-        32:65:a2:b1:dc:6d:e0:8d:8b:c8:58:29:8e:b8:18:4b:62:88:
-        13:67:f8:6c:75:46:75:8f:8a:19:a6:a3:d5:3c:fc:57:4e:7a:
-        68:a9:fc:93:dc:ae:29:7d:bb:4e:ec:ea:55:fa:a4:e3:00:61:
-        f4:b0:34:6d:d1:d5:a4:64:24:f8
-----BEGIN CERTIFICATE-----
-MIIDQDCCAuqgAwIBAgIJAIo3ImVz9aroMA0GCSqGSIb3DQEBBAUAMIGeMQswCQYD
-VQQGEwJVUzEQMA4GA1UECBMHTW9udGFuYTEQMA4GA1UEBxMHQm96ZW1hbjERMA8G
-A1UEChMIc2F3dG9vdGgxEzARBgNVBAsTCmNvbnN1bHRpbmcxJDAiBgNVBAMTG3d3
-dy5zYXd0b290aC1jb25zdWx0aW5nLmNvbTEdMBsGCSqGSIb3DQEJARYOaW5mb0B5
-YXNzbC5jb20wHhcNMTAwNjMwMTg0NzEwWhcNMTMwMzI2MTg0NzEwWjCBnjELMAkG
-A1UEBhMCVVMxEDAOBgNVBAgTB01vbnRhbmExEDAOBgNVBAcTB0JvemVtYW4xETAP
-BgNVBAoTCHNhd3Rvb3RoMRMwEQYDVQQLEwpjb25zdWx0aW5nMSQwIgYDVQQDExt3
-d3cuc2F3dG9vdGgtY29uc3VsdGluZy5jb20xHTAbBgkqhkiG9w0BCQEWDmluZm9A
-eWFzc2wuY29tMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJcwuRqS7yVPykwRMZUa
-4cAQGQoguTeAGlc4Ak4bxQ8oT9rjyRaqUL1K+7dxxzXMY4HB3Z0z+TgWiDKgqlYj
-A6MCAwEAAaOCAQcwggEDMB0GA1UdDgQWBBQ7Zv2gQMb04nDPIRoMT2f+t0tCCTCB
-0wYDVR0jBIHLMIHIgBQ7Zv2gQMb04nDPIRoMT2f+t0tCCaGBpKSBoTCBnjELMAkG
-A1UEBhMCVVMxEDAOBgNVBAgTB01vbnRhbmExEDAOBgNVBAcTB0JvemVtYW4xETAP
-BgNVBAoTCHNhd3Rvb3RoMRMwEQYDVQQLEwpjb25zdWx0aW5nMSQwIgYDVQQDExt3
-d3cuc2F3dG9vdGgtY29uc3VsdGluZy5jb20xHTAbBgkqhkiG9w0BCQEWDmluZm9A
-eWFzc2wuY29tggkAijciZXP1qugwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQF
-AANBADJlorHcbeCNi8hYKY64GEtiiBNn+Gx1RnWPihmmo9U8/FdOemip/JPcril9
-u07s6lX6pOMAYfSwNG3R1aRkJPg=
-----END CERTIFICATE-----
+    Signature Algorithm: sha1WithRSAEncryption
+        5f:86:14:f4:51:8b:bc:a5:4e:30:da:5e:ac:9a:f8:6c:d9:26:
+        4b:93:f9:e3:1c:89:6f:9e:ee:b3:9d:77:3e:89:20:76:a3:e6:
+        e8:86:15:21:db:e2:33:b2:34:d5:d0:9f:f3:c1:a4:87:92:5c:
+        f9:d1:ff:30:2f:8e:03:bc:b3:3c:0c:32:a3:90:5f:1a:90:1e:
+        af:9d:f3:9e:d7:07:02:a9:7d:27:66:63:2f:af:18:d7:ac:18:
+        98:8c:83:8f:38:f3:0b:ac:36:10:75:fb:ca:76:13:50:5b:02:
+        8f:73:bf:e3:a0:ee:83:52:25:54:ce:26:ce:9c:bd:2f:79:ab:
+        1b:60:b8:92:f1:03:c0:fc:3b:08:d9:c0:ad:d5:72:08:25:80:
+        61:2d:dc:9f:a7:83:62:07:47:e0:07:4c:4b:07:30:04:a9:87:
+        1c:55:7f:07:12:d0:cb:42:5d:cb:cf:66:01:1a:17:ee:f9:0f:
+        60:b7:db:6f:68:e5:4e:41:62:6e:d3:6f:60:4f:4b:27:de:cf:
+        18:07:f1:13:5d:cb:3f:a9:25:44:da:52:5c:c8:04:e1:56:12:
+        f5:2a:90:4e:d1:e2:af:01:b5:23:a1:ec:31:da:7b:63:69:c4:
+        b8:f3:e7:ce:a1:3d:c0:db:6d:f3:b2:d9:46:c8:9f:c3:b8:70:
+        5a:1f:7f:ca
--- a/certs/ca-key.der
+++ b/certs/ca-key.der
--- a/certs/ca-key.pem
+++ b/certs/ca-key.pem
@@ -1,9 +1,27 @@
 -----BEGIN RSA PRIVATE KEY-----
-MIIBOQIBAAJBAJcwuRqS7yVPykwRMZUa4cAQGQoguTeAGlc4Ak4bxQ8oT9rjyRaq
-UL1K+7dxxzXMY4HB3Z0z+TgWiDKgqlYjA6MCAwEAAQJAEQ9TY7c+uuQU/J5YDO4a
-mRR37tegbq3Kyxqrz+p8QuhqLDtVh13GaF7rVU70vyNHm+cgihUyzho/PViAkPBo
-qQIhAMU8/RDhDLgL5BxID4sxKIVBtg+imFSbyKVyg7oQLUcXAiEAxDu94O45Cf4a
-np9R0thumY/QqWpCkycWAB7fFEuaf1UCIEH+bg4/vqm2ENUFp23DPPOZUPlaRe3J
-UhFJh5mx3/RxAiBq++8vfHFYg1Lb/BxOCXVy/zdRxf753ytdcXdJx1Y56QIgVgpN
-FNfYJofQfWaP96sjlc0usrT28uceHx0QmHqolVc=
+MIIEpAIBAAKCAQEAvwzKLRSyHoRCW804H0ryTXUQ8bY1n9/KfQOY06zeA2buKvHY
+sH1uB1QLEJghTYDLEiDnzE/eRX3Jcncy6sqQu2lSEAMvqPOVxfGLYlYb72dvpBBB
+la0Km+OlwLDScHZQMFuo6AgsfO2nonqNOCkcrMft8nyVsJWCfUlcOM13Je+9gHVT
+lDw9ymNbnxW10x0TLxnRPNt2Osy4fcnlwtfaQG/YIdxzG0ItU5z+Gvx9q3o2P5je
+hHwFZ85qFDiHqfGMtWjLaH9xICv1oGP1Vi+jJtK3b7FaF9c4mQj+k1hv/sMTSQgW
+C6dNZwBSMWcjTpjtUUUduQTZC+zYKLNLve02eQIDAQABAoIBAD1uTmAahH+dhXzh
+Swd84NaZKt6d+TY0DncOPgjqT+UGJtT2OPffDQ8cLgai9CponGNy4zXmBJGRtcGx
+pFSs18b7QaDWdW+9C06/sVLoX0kmmFZHx97p6jxgAb8o3DG/SV+TSYd6gVuWS03K
+XDhPt+Gy08ch2jwShwfkG9xD7OjsVGHn9u2mCy7134J/xh9hGZykgznfIYWJb3ev
+hhUyCKJaCyZh+3AMypw4fbwi7uujqBYA+YqAHgCEqEpB+IQDZy8jWy+baybDBzSU
+owM7ctWfcuCtzDSrvcfV9SYwhQ8wIzlS/zzLmSFNiKWr7mK5x+C7R4fBac9z8zC+
+zjkEnOUCgYEA4XZFgFm200nfCu8S1g/wt8sqN7+n+LVN9TE1reSjlKHb8ZattQVk
+hYP8G1spqr74Jj92fq0c8MvXJrQbBY5Whn4IYiHBhtZHeT63XaTGOtexdCD2UJdB
+BFPtPybWb5H6aCbsKtya8efc+3PweUMbIaNZBGNSB8nX5tEbXV6W+lMCgYEA2O1O
+ZGFrkQxhAbUPu0RnUx7cB8Qkfp5shCORDOQSBBZNeJjMlj0gTg9Fmrb4s5MNsqIb
+KfImecjF0nh+XnPy13Bhu0DOYQX+aR6CKeYUuKHnltAjPwWTAPLhTX7tt5Zs9/Dk
+0c8BmE/cdFSqbV5aQTH+/5q2oAXdqRBU+GvQqoMCgYAh0wSKROtQt3xmv4cr5ihO
+6oPi6TXh8hFH/6H1/J8t5TqB/AEDb1OtVCe2Uu7lVtETq+GzD3WQCoS0ocCMDNae
+RrorPrUx7WO7pNUNj3LN0R4mNeu+G3L9mzm0h7cT9eqDRZOYuo/kSsy0TKh/CLpB
+SahJKD1ePcHONwDL+SzdUQKBgQChV58+udavg22DP4/70NyozgMJI7GhG2PKxElW
+NSvRLmVglQVVmRE1/dXfRMeliHJfsoJRqHFFkzbPXB9hUQwFgOivxXu6XiLjPHXD
+hAVVbdY6LYSJkzPLONqqMQXNzmwt3VXTVwvwpTVqsK4xukOWygDHS+MZEkPTQvpv
+6oDA0QKBgQC524kgNCdwYjTqXyViEvOdgb9I7poOwY0Q/2WanS0aipRayMClpYRh
+ntQkue+pncl3C8dwZj26yFTf0jPh9X/5J2G+V0Xdt0UXJPUj5DgOkSfu4yDYFMiU
+R3dAd0UYng3OeT9XMVYJSWe+lFhP9sSr4onj44rABVUsJMBKlwQnmg==
 -----END RSA PRIVATE KEY-----
--- a/certs/client-cert.der
+++ b/certs/client-cert.der
--- a/certs/client-cert.pem
+++ b/certs/client-cert.pem
@@ -2,54 +2,86 @@ Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
-            c5:d7:6c:11:36:f0:35:e1
-        Signature Algorithm: md5WithRSAEncryption
-        Issuer: C=US, ST=Oregon, L=Portland, O=yaSSL, OU=programming, CN=www.yassl.com/emailAddress=info@yassl.com
+            87:4a:75:be:91:66:d8:3d
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, ST=Oregon, L=Portland, O=yaSSL, OU=Programming, CN=www.yassl.com/emailAddress=info@yassl.com
        Validity
-            Not Before: Jun 30 18:39:39 2010 GMT
-            Not After : Mar 26 18:39:40 2013 GMT
-        Subject: C=US, ST=Oregon, L=Portland, O=yaSSL, OU=programming, CN=www.yassl.com/emailAddress=info@yassl.com
+            Not Before: Oct 24 18:21:55 2011 GMT
+            Not After : Jul 20 18:21:55 2014 GMT
+        Subject: C=US, ST=Oregon, L=Portland, O=yaSSL, OU=Programming, CN=www.yassl.com/emailAddress=info@yassl.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (512 bit)
-                Modulus (512 bit):
-                    00:bd:51:4a:14:fd:6a:19:84:0c:33:38:fc:27:32:
-                    9c:97:0b:fc:a4:18:60:69:4e:d9:d8:78:50:0b:e9:
-                    20:5d:d6:1d:70:1c:0c:24:9f:23:82:cc:3a:01:d5:
-                    97:17:b2:73:6c:86:cf:b5:f1:e5:ce:68:0c:d9:a2:
-                    12:39:7c:f2:53
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:c3:03:d1:2b:fe:39:a4:32:45:3b:53:c8:84:2b:
+                    2a:7c:74:9a:bd:aa:2a:52:07:47:d6:a6:36:b2:07:
+                    32:8e:d0:ba:69:7b:c6:c3:44:9e:d4:81:48:fd:2d:
+                    68:a2:8b:67:bb:a1:75:c8:36:2c:4a:d2:1b:f7:8b:
+                    ba:cf:0d:f9:ef:ec:f1:81:1e:7b:9b:03:47:9a:bf:
+                    65:cc:7f:65:24:69:a6:e8:14:89:5b:e4:34:f7:c5:
+                    b0:14:93:f5:67:7b:3a:7a:78:e1:01:56:56:91:a6:
+                    13:42:8d:d2:3c:40:9c:4c:ef:d1:86:df:37:51:1b:
+                    0c:a1:3b:f5:f1:a3:4a:35:e4:e1:ce:96:df:1b:7e:
+                    bf:4e:97:d0:10:e8:a8:08:30:81:af:20:0b:43:14:
+                    c5:74:67:b4:32:82:6f:8d:86:c2:88:40:99:36:83:
+                    ba:1e:40:72:22:17:d7:52:65:24:73:b0:ce:ef:19:
+                    cd:ae:ff:78:6c:7b:c0:12:03:d4:4e:72:0d:50:6d:
+                    3b:a3:3b:a3:99:5e:9d:c8:d9:0c:85:b3:d9:8a:d9:
+                    54:26:db:6d:fa:ac:bb:ff:25:4c:c4:d1:79:f4:71:
+                    d3:86:40:18:13:b0:63:b5:72:4e:30:c4:97:84:86:
+                    2d:56:2f:d7:15:f7:7f:c0:ae:f5:fc:5b:e5:fb:a1:
+                    ba:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
-                5C:F7:29:21:69:7A:09:78:9E:7B:CD:53:42:02:EC:CE:29:0D:11:DF
+                33:D8:45:66:D7:68:87:18:7E:54:0D:70:27:91:C7:26:D7:85:65:C0
            X509v3 Authority Key Identifier: 
-                keyid:5C:F7:29:21:69:7A:09:78:9E:7B:CD:53:42:02:EC:CE:29:0D:11:DF
-                DirName:/C=US/ST=Oregon/L=Portland/O=yaSSL/OU=programming/CN=www.yassl.com/emailAddress=info@yassl.com
-                serial:C5:D7:6C:11:36:F0:35:E1
+                keyid:33:D8:45:66:D7:68:87:18:7E:54:0D:70:27:91:C7:26:D7:85:65:C0
+                DirName:/C=US/ST=Oregon/L=Portland/O=yaSSL/OU=Programming/CN=www.yassl.com/emailAddress=info@yassl.com
+                serial:87:4A:75:BE:91:66:D8:3D

            X509v3 Basic Constraints: 
                CA:TRUE
-    Signature Algorithm: md5WithRSAEncryption
-        b4:a5:f1:71:26:4d:b9:ff:54:f3:09:1f:ac:e1:19:59:e5:ec:
-        57:e3:f1:0b:b2:8f:f3:29:eb:6b:c6:fa:27:33:3e:91:d0:77:
-        43:c9:ce:1e:0f:71:07:a9:f7:26:e0:7e:ff:30:7d:52:0a:e1:
-        80:48:46:bb:99:e9:d9:77:ce:75
+    Signature Algorithm: sha1WithRSAEncryption
+        1c:7c:42:81:29:9e:21:cf:d0:d8:c1:54:6f:cc:ae:14:09:38:
+        ff:68:98:9a:95:53:76:18:7b:e6:30:76:ec:28:0d:75:a7:de:
+        e0:cd:8e:d5:55:23:6a:47:2b:4e:8d:fc:7d:06:a3:d8:0f:ad:
+        5e:d6:04:c9:00:33:fb:77:27:d3:b5:03:b3:7b:21:74:31:0b:
+        4a:af:2d:1a:b3:93:8e:cc:f3:5f:3d:90:3f:cc:e3:55:19:91:
+        7b:78:24:2e:4a:09:bb:18:4e:61:2d:9c:c6:0a:a0:34:91:88:
+        70:6b:3b:48:47:bc:79:94:a2:a0:4d:32:47:54:c2:a3:dc:2e:
+        d2:51:4c:29:39:11:ff:e2:15:5e:58:97:36:f6:e9:06:06:86:
+        0e:8d:9d:95:03:72:b2:8b:19:7c:e9:14:6e:a1:88:73:68:58:
+        6d:71:5e:c2:d5:d3:13:d2:5f:de:ea:03:be:e2:00:40:e5:ce:
+        fd:e6:92:31:57:c3:eb:bb:66:ac:cb:2f:1a:fa:e0:62:a2:47:
+        f4:93:43:2a:4b:6c:5e:0a:2f:f9:e7:e6:4a:63:86:b0:ac:2a:
+        a1:eb:b4:5b:67:cd:32:e4:b6:11:4b:9a:72:66:0d:a2:4a:76:
+        8f:fe:22:bc:83:fd:db:b7:d5:a9:ee:05:c9:b1:71:7e:1b:2b:
+        e1:e3:af:c0
 -----BEGIN CERTIFICATE-----
-MIIDDjCCArigAwIBAgIJAMXXbBE28DXhMA0GCSqGSIb3DQEBBAUAMIGOMQswCQYD
+MIIEmDCCA4CgAwIBAgIJAIdKdb6RZtg9MA0GCSqGSIb3DQEBBQUAMIGOMQswCQYD
 VQQGEwJVUzEPMA0GA1UECBMGT3JlZ29uMREwDwYDVQQHEwhQb3J0bGFuZDEOMAwG
-A1UEChMFeWFTU0wxFDASBgNVBAsTC3Byb2dyYW1taW5nMRYwFAYDVQQDEw13d3cu
-eWFzc2wuY29tMR0wGwYJKoZIhvcNAQkBFg5pbmZvQHlhc3NsLmNvbTAeFw0xMDA2
-MzAxODM5MzlaFw0xMzAzMjYxODM5NDBaMIGOMQswCQYDVQQGEwJVUzEPMA0GA1UE
+A1UEChMFeWFTU0wxFDASBgNVBAsTC1Byb2dyYW1taW5nMRYwFAYDVQQDEw13d3cu
+eWFzc2wuY29tMR0wGwYJKoZIhvcNAQkBFg5pbmZvQHlhc3NsLmNvbTAeFw0xMTEw
+MjQxODIxNTVaFw0xNDA3MjAxODIxNTVaMIGOMQswCQYDVQQGEwJVUzEPMA0GA1UE
 CBMGT3JlZ29uMREwDwYDVQQHEwhQb3J0bGFuZDEOMAwGA1UEChMFeWFTU0wxFDAS
-BgNVBAsTC3Byb2dyYW1taW5nMRYwFAYDVQQDEw13d3cueWFzc2wuY29tMR0wGwYJ
-KoZIhvcNAQkBFg5pbmZvQHlhc3NsLmNvbTBcMA0GCSqGSIb3DQEBAQUAA0sAMEgC
-QQC9UUoU/WoZhAwzOPwnMpyXC/ykGGBpTtnYeFAL6SBd1h1wHAwknyOCzDoB1ZcX
-snNshs+18eXOaAzZohI5fPJTAgMBAAGjgfYwgfMwHQYDVR0OBBYEFFz3KSFpegl4
-nnvNU0IC7M4pDRHfMIHDBgNVHSMEgbswgbiAFFz3KSFpegl4nnvNU0IC7M4pDRHf
-oYGUpIGRMIGOMQswCQYDVQQGEwJVUzEPMA0GA1UECBMGT3JlZ29uMREwDwYDVQQH
-EwhQb3J0bGFuZDEOMAwGA1UEChMFeWFTU0wxFDASBgNVBAsTC3Byb2dyYW1taW5n
-MRYwFAYDVQQDEw13d3cueWFzc2wuY29tMR0wGwYJKoZIhvcNAQkBFg5pbmZvQHlh
-c3NsLmNvbYIJAMXXbBE28DXhMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQAD
-QQC0pfFxJk25/1TzCR+s4RlZ5exX4/ELso/zKetrxvonMz6R0HdDyc4eD3EHqfcm
-4H7/MH1SCuGASEa7menZd851
+BgNVBAsTC1Byb2dyYW1taW5nMRYwFAYDVQQDEw13d3cueWFzc2wuY29tMR0wGwYJ
+KoZIhvcNAQkBFg5pbmZvQHlhc3NsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBAMMD0Sv+OaQyRTtTyIQrKnx0mr2qKlIHR9amNrIHMo7Quml7xsNE
+ntSBSP0taKKLZ7uhdcg2LErSG/eLus8N+e/s8YEee5sDR5q/Zcx/ZSRppugUiVvk
+NPfFsBST9Wd7Onp44QFWVpGmE0KN0jxAnEzv0YbfN1EbDKE79fGjSjXk4c6W3xt+
+v06X0BDoqAgwga8gC0MUxXRntDKCb42GwohAmTaDuh5AciIX11JlJHOwzu8Zza7/
+eGx7wBID1E5yDVBtO6M7o5lencjZDIWz2YrZVCbbbfqsu/8lTMTRefRx04ZAGBOw
+Y7VyTjDEl4SGLVYv1xX3f8Cu9fxb5fuhutMCAwEAAaOB9jCB8zAdBgNVHQ4EFgQU
+M9hFZtdohxh+VA1wJ5HHJteFZcAwgcMGA1UdIwSBuzCBuIAUM9hFZtdohxh+VA1w
+J5HHJteFZcChgZSkgZEwgY4xCzAJBgNVBAYTAlVTMQ8wDQYDVQQIEwZPcmVnb24x
+ETAPBgNVBAcTCFBvcnRsYW5kMQ4wDAYDVQQKEwV5YVNTTDEUMBIGA1UECxMLUHJv
+Z3JhbW1pbmcxFjAUBgNVBAMTDXd3dy55YXNzbC5jb20xHTAbBgkqhkiG9w0BCQEW
+DmluZm9AeWFzc2wuY29tggkAh0p1vpFm2D0wDAYDVR0TBAUwAwEB/zANBgkqhkiG
+9w0BAQUFAAOCAQEAHHxCgSmeIc/Q2MFUb8yuFAk4/2iYmpVTdhh75jB27CgNdafe
+4M2O1VUjakcrTo38fQaj2A+tXtYEyQAz+3cn07UDs3shdDELSq8tGrOTjszzXz2Q
+P8zjVRmRe3gkLkoJuxhOYS2cxgqgNJGIcGs7SEe8eZSioE0yR1TCo9wu0lFMKTkR
+/+IVXliXNvbpBgaGDo2dlQNysosZfOkUbqGIc2hYbXFewtXTE9Jf3uoDvuIAQOXO
+/eaSMVfD67tmrMsvGvrgYqJH9JNDKktsXgov+efmSmOGsKwqoeu0W2fNMuS2EUua
+cmYNokp2j/4ivIP927fVqe4FybFxfhsr4eOvwA==
 -----END CERTIFICATE-----
--- a/certs/client-ecc-cert.pem
+++ b/certs/client-ecc-cert.pem
@@ -0,0 +1,54 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            bf:cc:cb:7a:0a:07:42:82
+        Signature Algorithm: ecdsa-with-SHA1
+        Issuer: C=US, ST=Oregon, L=Salem, O=Client ECC, OU=Fast, CN=www.yassl.com/emailAddress=info@yassl.com
+        Validity
+            Not Before: May  1 23:51:33 2012 GMT
+            Not After : Jan 26 23:51:33 2015 GMT
+        Subject: C=US, ST=Oregon, L=Salem, O=Client ECC, OU=Fast, CN=www.yassl.com/emailAddress=info@yassl.com
+        Subject Public Key Info:
+            Public Key Algorithm: id-ecPublicKey
+            EC Public Key:
+                pub: 
+                    04:55:bf:f4:0f:44:50:9a:3d:ce:9b:b7:f0:c5:4d:
+                    f5:70:7b:d4:ec:24:8e:19:80:ec:5a:4c:a2:24:03:
+                    62:2c:9b:da:ef:a2:35:12:43:84:76:16:c6:56:95:
+                    06:cc:01:a9:bd:f6:75:1a:42:f7:bd:a9:b2:36:22:
+                    5f:c7:5d:7f:b4
+                ASN1 OID: prime256v1
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                EB:D4:4B:59:6B:95:61:3F:51:57:B6:04:4D:89:41:88:44:5C:AB:F2
+            X509v3 Authority Key Identifier: 
+                keyid:EB:D4:4B:59:6B:95:61:3F:51:57:B6:04:4D:89:41:88:44:5C:AB:F2
+                DirName:/C=US/ST=Oregon/L=Salem/O=Client ECC/OU=Fast/CN=www.yassl.com/emailAddress=info@yassl.com
+                serial:BF:CC:CB:7A:0A:07:42:82
+
+            X509v3 Basic Constraints: 
+                CA:TRUE
+    Signature Algorithm: ecdsa-with-SHA1
+        30:44:02:20:26:08:44:95:35:2e:fa:9d:20:01:a6:79:60:ed:
+        35:a7:0a:dd:7a:0e:75:c5:80:d2:0b:9f:6a:90:d6:31:76:75:
+        02:20:2d:87:a2:bb:d5:e2:42:61:35:19:59:40:1d:fd:71:4f:
+        28:65:96:99:e6:85:1b:09:ad:d4:58:71:56:63:0b:c7
+-----BEGIN CERTIFICATE-----
+MIIC+jCCAqKgAwIBAgIJAL/My3oKB0KCMAkGByqGSM49BAEwgYkxCzAJBgNVBAYT
+AlVTMQ8wDQYDVQQIEwZPcmVnb24xDjAMBgNVBAcTBVNhbGVtMRMwEQYDVQQKEwpD
+bGllbnQgRUNDMQ0wCwYDVQQLEwRGYXN0MRYwFAYDVQQDEw13d3cueWFzc2wuY29t
+MR0wGwYJKoZIhvcNAQkBFg5pbmZvQHlhc3NsLmNvbTAeFw0xMjA1MDEyMzUxMzNa
+Fw0xNTAxMjYyMzUxMzNaMIGJMQswCQYDVQQGEwJVUzEPMA0GA1UECBMGT3JlZ29u
+MQ4wDAYDVQQHEwVTYWxlbTETMBEGA1UEChMKQ2xpZW50IEVDQzENMAsGA1UECxME
+RmFzdDEWMBQGA1UEAxMNd3d3Lnlhc3NsLmNvbTEdMBsGCSqGSIb3DQEJARYOaW5m
+b0B5YXNzbC5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARVv/QPRFCaPc6b
+t/DFTfVwe9TsJI4ZgOxaTKIkA2Ism9rvojUSQ4R2FsZWlQbMAam99nUaQve9qbI2
+Il/HXX+0o4HxMIHuMB0GA1UdDgQWBBTr1EtZa5VhP1FXtgRNiUGIRFyr8jCBvgYD
+VR0jBIG2MIGzgBTr1EtZa5VhP1FXtgRNiUGIRFyr8qGBj6SBjDCBiTELMAkGA1UE
+BhMCVVMxDzANBgNVBAgTBk9yZWdvbjEOMAwGA1UEBxMFU2FsZW0xEzARBgNVBAoT
+CkNsaWVudCBFQ0MxDTALBgNVBAsTBEZhc3QxFjAUBgNVBAMTDXd3dy55YXNzbC5j
+b20xHTAbBgkqhkiG9w0BCQEWDmluZm9AeWFzc2wuY29tggkAv8zLegoHQoIwDAYD
+VR0TBAUwAwEB/zAJBgcqhkjOPQQBA0cAMEQCICYIRJU1LvqdIAGmeWDtNacK3XoO
+dcWA0gufapDWMXZ1AiAth6K71eJCYTUZWUAd/XFPKGWWmeaFGwmt1FhxVmMLxw==
+-----END CERTIFICATE-----
--- a/certs/client-key.der
+++ b/certs/client-key.der
--- a/certs/client-key.pem
+++ b/certs/client-key.pem
@@ -1,9 +1,27 @@
 -----BEGIN RSA PRIVATE KEY-----
-MIIBPAIBAAJBAL1RShT9ahmEDDM4/CcynJcL/KQYYGlO2dh4UAvpIF3WHXAcDCSf
-I4LMOgHVlxeyc2yGz7Xx5c5oDNmiEjl88lMCAwEAAQJAVGHWLlLhpqvXsEEXCvWh
-HCYono+K8YVGzhiaPSTU212fCoQryIxsXQKGBjhFdZm96DZWp+Vd/t/u+B4ZeaqY
-+QIhAOBEfbFtdZqk5OmbbRsRVPI7+YYmubgY1TVIPqmxHQ4NAiEA2BrTQkjOb3ul
-A/SZO04fJUZsm7Ng92FWHDJsRancSd8CIQCmGbQqZBK1TamJZ6dAY+7RViAx/p6Q
-vjuzMeXPUrFdRQIhAMkfBhg9bCqjFyt8PBPOm/vz8+ZgZlE0/JAXeV7IPCVfAiEA
-gZwCFm1ghGxmaoB424YC4DHeDeN/g9xwJHT7EuM9Mvc=
+MIIEpAIBAAKCAQEAwwPRK/45pDJFO1PIhCsqfHSavaoqUgdH1qY2sgcyjtC6aXvG
+w0Se1IFI/S1oootnu6F1yDYsStIb94u6zw357+zxgR57mwNHmr9lzH9lJGmm6BSJ
+W+Q098WwFJP1Z3s6enjhAVZWkaYTQo3SPECcTO/Rht83URsMoTv18aNKNeThzpbf
+G36/TpfQEOioCDCBryALQxTFdGe0MoJvjYbCiECZNoO6HkByIhfXUmUkc7DO7xnN
+rv94bHvAEgPUTnINUG07ozujmV6dyNkMhbPZitlUJttt+qy7/yVMxNF59HHThkAY
+E7BjtXJOMMSXhIYtVi/XFfd/wK71/Fvl+6G60wIDAQABAoIBAQCi5thfEHFkCJ4u
+bdFtHoXSCrGMR84sUWqgEp5T3pFMHW3qWXvyd6rZxtmKq9jhFuRjJv+1bBNZuOOl
+yHIXLgyfb+VZP3ZvSbERwlouFikN3reO3EDVou7gHqH0vpfbhmOWFM2YCWAtMHac
+PM3miO5HknkLWgDiXl8RfH35CLcgBokqXf0AqyLh8LO8JKleJg4fAC3+IZpTW23T
+K6uUgmhDNtj2L8Yi/LVBXQ0zYOqkfX7oS1WRVtNcV48flBcvqt7pnqj0z4pMjqDk
+VnOyz0+GxWk88yQgi1yWDPprEjuaZ8HfxpaypdWSDZsJQmgkEEXUUOQXOUjQNYuU
+bRHej8pZAoGBAOokp/lpM+lx3FJ9iCEoL0neunIW6cxHeogNlFeEWBY6gbA/os+m
+bB6wBikAj+d3dqzbysfZXps/JpBSrvw4kAAUu7QPWJTnL2p+HE9BIdQxWR9OihqN
+p1dsItjl9H4yphDLZKVVA4emJwWMw9e2J7JNujDaR49U0z2LhI2UmFilAoGBANU4
+G8OPxZMMRwtvNZLFsI1GyJIYj/WACvfvof6AubUqusoYsF2lB9CTjdicBBzUYo6m
+JoEB/86KKmM0NUCqbYDeiSNqV02ebq2TTlaQC22dc4sMric93k7wqsVseGdslFKc
+N2dsLe+7r9+mkDzER8+Nlp6YqbSfxaZQ3LPw+3QXAoGAXoMJYr26fKK/QnT1fBzS
+ackEDYV+Pj0kEsMYe/Mp818OdmxZdeRBhGmdMvPNIquwNbpKsjzl2Vi2Yk9d3uWe
+CspTsiz3nrNrClt5ZexukU6SIPb8/Bbt03YM4ux/smkTa3gOWkZktF63JaBadTpL
+78c8Pvf9JrggxJkKmnO+wxkCgYEAukSTFKw0GTtfkWCs97TWgQU2UVM96GXcry7c
+YT7Jfbh/h/A7mwOCKTfOck4R1bHBDAegmZFKjX/sec/xObXphexi99p9vGRNIjwO
+8tZR9YfYmcARIF0PKf1b4q7ZHNkhVm38hNBf7RAVHBgh58Q9S9fQnmqVzyLJA3ue
+42AB/C8CgYAR0EvPG2e5nxB1R4ZlrjHCxjCsWQZQ2Q+1cAb38NPIYnyo2m72IT/T
+f1/qiqs/2Spe81HSwjA34y2jdQ0eTSE01VdwXIm/cuxKbmjVzRh0M06MOkWP5pZA
+62P5GYY6Ud2JS7Dz+Z9dKJU4vjWrylznk1M0oUVdEzllQkahn831vw==
 -----END RSA PRIVATE KEY-----
--- a/certs/crl/cliCrl.pem
+++ b/certs/crl/cliCrl.pem
@@ -0,0 +1,39 @@
+Certificate Revocation List (CRL):
+        Version 2 (0x1)
+    Signature Algorithm: sha1WithRSAEncryption
+        Issuer: /C=US/ST=Oregon/L=Portland/O=yaSSL/OU=Programming/CN=www.yassl.com/emailAddress=info@yassl.com
+        Last Update: Apr  1 22:54:02 2013 GMT
+        Next Update: Sep 28 22:54:02 2013 GMT
+        CRL extensions:
+            X509v3 CRL Number: 
+                72
+No Revoked Certificates.
+    Signature Algorithm: sha1WithRSAEncryption
+         6c:d4:30:46:66:6d:21:9a:12:d9:25:e8:82:ad:bf:7c:4c:a4:
+         c3:46:cc:72:9d:5c:fe:8a:c6:93:76:95:60:72:a5:c9:7e:49:
+         66:e4:4a:27:0f:4f:4e:81:b8:f1:9f:67:1f:c0:8e:3d:2c:84:
+         2a:b4:a1:34:6d:92:c9:e6:3b:23:64:78:ce:84:55:5d:11:9c:
+         77:70:ec:43:82:04:02:3a:d9:2c:ce:ac:31:22:8b:09:f7:3d:
+         c6:52:6e:6b:8b:5b:15:45:62:fd:40:22:70:b2:78:88:af:47:
+         a2:47:ab:91:0c:08:d1:f4:25:6b:5b:be:34:ab:d6:79:b2:6c:
+         a5:4e:de:a2:db:47:1e:f4:33:af:e0:c9:1c:d9:0a:92:ba:18:
+         58:c0:9a:f3:cc:d4:e3:39:c9:e7:8f:8f:5e:57:17:ae:93:80:
+         0a:c5:6b:43:7a:2b:d4:51:2b:e9:bd:65:79:1b:4e:1a:cd:b8:
+         25:43:d8:d7:5d:e7:54:8d:15:2c:40:5e:a4:49:ec:c5:cb:0c:
+         01:cd:6d:8b:1c:b5:41:b7:76:32:05:c5:5c:ea:da:92:4d:8d:
+         bb:23:ec:d5:d1:45:fc:07:75:52:6f:f6:1b:30:67:ee:5a:fd:
+         e9:35:f1:25:18:3d:46:2b:0e:6b:dc:36:47:f3:7f:57:3d:de:
+         94:72:b4:59
+-----BEGIN X509 CRL-----
+MIIB6DCB0QIBATANBgkqhkiG9w0BAQUFADCBjjELMAkGA1UEBhMCVVMxDzANBgNV
+BAgTBk9yZWdvbjERMA8GA1UEBxMIUG9ydGxhbmQxDjAMBgNVBAoTBXlhU1NMMRQw
+EgYDVQQLEwtQcm9ncmFtbWluZzEWMBQGA1UEAxMNd3d3Lnlhc3NsLmNvbTEdMBsG
+CSqGSIb3DQEJARYOaW5mb0B5YXNzbC5jb20XDTEzMDQwMTIyNTQwMloXDTEzMDky
+ODIyNTQwMlqgDjAMMAoGA1UdFAQDAgFIMA0GCSqGSIb3DQEBBQUAA4IBAQBs1DBG
+Zm0hmhLZJeiCrb98TKTDRsxynVz+isaTdpVgcqXJfklm5EonD09Ogbjxn2cfwI49
+LIQqtKE0bZLJ5jsjZHjOhFVdEZx3cOxDggQCOtkszqwxIosJ9z3GUm5ri1sVRWL9
+QCJwsniIr0eiR6uRDAjR9CVrW740q9Z5smylTt6i20ce9DOv4Mkc2QqSuhhYwJrz
+zNTjOcnnj49eVxeuk4AKxWtDeivUUSvpvWV5G04azbglQ9jXXedUjRUsQF6kSezF
+ywwBzW2LHLVBt3YyBcVc6tqSTY27I+zV0UX8B3VSb/YbMGfuWv3pNfElGD1GKw5r
+3DZH839XPd6UcrRZ
+-----END X509 CRL-----
--- a/certs/crl/crl.pem
+++ b/certs/crl/crl.pem
@@ -0,0 +1,39 @@
+Certificate Revocation List (CRL):
+        Version 2 (0x1)
+    Signature Algorithm: sha1WithRSAEncryption
+        Issuer: /C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.yassl.com/emailAddress=info@yassl.com
+        Last Update: Apr  1 22:54:01 2013 GMT
+        Next Update: Sep 28 22:54:01 2013 GMT
+        CRL extensions:
+            X509v3 CRL Number: 
+                70
+No Revoked Certificates.
+    Signature Algorithm: sha1WithRSAEncryption
+         35:79:f6:c4:d8:b2:6a:0a:83:a9:85:db:c5:4c:53:cb:53:3a:
+         a3:9b:23:86:f2:e6:20:25:4e:f0:e8:1a:83:e9:55:1c:7f:3b:
+         c9:5d:2b:45:a7:47:47:c9:b1:5a:2a:fe:5c:74:5a:7e:54:0f:
+         a0:7c:a5:87:72:bd:1d:15:25:48:b7:0f:20:bf:06:41:3c:c5:
+         e5:d7:c0:52:75:66:79:92:90:87:ed:c0:af:41:a6:5a:81:c4:
+         3a:9d:a8:ec:c4:d5:86:2e:61:78:da:63:8e:be:df:97:c4:0b:
+         9a:f5:14:d2:12:34:3c:ab:06:1c:72:f0:d7:f8:24:43:b0:c2:
+         84:e9:c0:a0:2e:9f:66:f1:7e:22:73:08:85:1b:b7:0d:ad:5d:
+         1f:da:ab:26:f7:50:84:a8:5a:5e:ff:fc:da:6a:19:cf:2d:78:
+         e2:70:bc:17:6e:e2:7e:26:d7:40:89:72:8c:11:7c:54:00:69:
+         31:0b:a6:fa:d6:db:c7:3f:57:ef:76:a9:d3:81:11:b9:88:26:
+         be:14:04:73:97:51:1c:89:b2:c9:a4:4d:a0:28:ec:d2:3a:32:
+         f2:5a:bb:d0:ae:3e:0f:30:00:77:55:e4:78:d8:96:53:cd:45:
+         d8:8e:8c:2a:09:df:e3:09:3a:6f:48:f1:89:2a:a1:b8:73:61:
+         dd:06:11:57
+-----BEGIN X509 CRL-----
+MIIB6jCB0wIBATANBgkqhkiG9w0BAQUFADCBkDELMAkGA1UEBhMCVVMxEDAOBgNV
+BAgTB01vbnRhbmExEDAOBgNVBAcTB0JvemVtYW4xETAPBgNVBAoTCFNhd3Rvb3Ro
+MRMwEQYDVQQLEwpDb25zdWx0aW5nMRYwFAYDVQQDEw13d3cueWFzc2wuY29tMR0w
+GwYJKoZIhvcNAQkBFg5pbmZvQHlhc3NsLmNvbRcNMTMwNDAxMjI1NDAxWhcNMTMw
+OTI4MjI1NDAxWqAOMAwwCgYDVR0UBAMCAUYwDQYJKoZIhvcNAQEFBQADggEBADV5
+9sTYsmoKg6mF28VMU8tTOqObI4by5iAlTvDoGoPpVRx/O8ldK0WnR0fJsVoq/lx0
+Wn5UD6B8pYdyvR0VJUi3DyC/BkE8xeXXwFJ1ZnmSkIftwK9BplqBxDqdqOzE1YYu
+YXjaY46+35fEC5r1FNISNDyrBhxy8Nf4JEOwwoTpwKAun2bxfiJzCIUbtw2tXR/a
+qyb3UISoWl7//NpqGc8teOJwvBdu4n4m10CJcowRfFQAaTELpvrW28c/V+92qdOB
+EbmIJr4UBHOXURyJssmkTaAo7NI6MvJau9CuPg8wAHdV5HjYllPNRdiOjCoJ3+MJ
+Om9I8YkqobhzYd0GEVc=
+-----END X509 CRL-----
--- a/certs/crl/crl.revoked
+++ b/certs/crl/crl.revoked
@@ -0,0 +1,41 @@
+Certificate Revocation List (CRL):
+        Version 2 (0x1)
+    Signature Algorithm: sha1WithRSAEncryption
+        Issuer: /C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.yassl.com/emailAddress=info@yassl.com
+        Last Update: Apr  1 22:54:02 2013 GMT
+        Next Update: Sep 28 22:54:02 2013 GMT
+        CRL extensions:
+            X509v3 CRL Number: 
+                71
+Revoked Certificates:
+    Serial Number: 02
+        Revocation Date: Apr  1 22:54:01 2013 GMT
+    Signature Algorithm: sha1WithRSAEncryption
+         36:40:85:f8:23:c6:ef:0e:eb:ed:50:7b:9d:45:85:d4:fc:92:
+         73:f9:d2:19:55:67:18:fd:e8:0c:95:89:40:6e:9c:92:0c:f0:
+         4f:77:f0:a1:e3:f9:7f:a0:92:b4:ca:3d:e8:0e:49:59:ba:89:
+         d4:f9:78:6a:ec:86:08:1e:2e:12:08:e1:98:45:7c:b1:c1:67:
+         60:38:5f:2b:a4:15:9b:2d:de:79:2e:11:07:0f:7a:c7:33:98:
+         99:17:f6:24:85:1a:a1:06:7e:bf:54:69:e5:0e:2f:f7:c3:e3:
+         c9:87:b0:89:96:d5:4f:14:50:3a:a5:7c:10:fb:7c:ca:f4:b4:
+         06:21:85:80:28:58:56:74:6a:02:fd:83:d7:ea:5b:75:40:87:
+         a2:81:7b:bc:2d:bf:70:fa:d2:53:ef:2c:4d:06:b5:1e:72:df:
+         07:03:ad:f2:04:28:14:8c:15:5d:98:0f:7b:e1:29:d3:08:38:
+         52:19:03:57:31:e2:3f:31:c9:da:78:72:24:01:56:56:70:73:
+         b2:2b:4a:f0:61:70:8d:f0:62:5e:79:92:ee:27:04:2a:d2:45:
+         8f:f8:d7:49:2d:29:59:a3:05:1c:77:20:5a:21:b8:b2:93:9e:
+         45:5e:6a:6d:2c:09:5b:65:7f:ab:9d:3b:f5:51:28:10:83:28:
+         ef:92:c3:5e
+-----BEGIN X509 CRL-----
+MIICADCB6QIBATANBgkqhkiG9w0BAQUFADCBkDELMAkGA1UEBhMCVVMxEDAOBgNV
+BAgTB01vbnRhbmExEDAOBgNVBAcTB0JvemVtYW4xETAPBgNVBAoTCFNhd3Rvb3Ro
+MRMwEQYDVQQLEwpDb25zdWx0aW5nMRYwFAYDVQQDEw13d3cueWFzc2wuY29tMR0w
+GwYJKoZIhvcNAQkBFg5pbmZvQHlhc3NsLmNvbRcNMTMwNDAxMjI1NDAyWhcNMTMw
+OTI4MjI1NDAyWjAUMBICAQIXDTEzMDQwMTIyNTQwMVqgDjAMMAoGA1UdFAQDAgFH
+MA0GCSqGSIb3DQEBBQUAA4IBAQA2QIX4I8bvDuvtUHudRYXU/JJz+dIZVWcY/egM
+lYlAbpySDPBPd/Ch4/l/oJK0yj3oDklZuonU+Xhq7IYIHi4SCOGYRXyxwWdgOF8r
+pBWbLd55LhEHD3rHM5iZF/YkhRqhBn6/VGnlDi/3w+PJh7CJltVPFFA6pXwQ+3zK
+9LQGIYWAKFhWdGoC/YPX6lt1QIeigXu8Lb9w+tJT7yxNBrUect8HA63yBCgUjBVd
+mA974SnTCDhSGQNXMeI/McnaeHIkAVZWcHOyK0rwYXCN8GJeeZLuJwQq0kWP+NdJ
+LSlZowUcdyBaIbiyk55FXmptLAlbZX+rnTv1USgQgyjvksNe
+-----END X509 CRL-----
--- a/certs/crl/eccCliCRL.pem
+++ b/certs/crl/eccCliCRL.pem
@@ -0,0 +1,24 @@
+Certificate Revocation List (CRL):
+        Version 2 (0x1)
+    Signature Algorithm: ecdsa-with-SHA1
+        Issuer: /C=US/ST=Oregon/L=Salem/O=Client ECC/OU=Fast/CN=www.yassl.com/emailAddress=info@yassl.com
+        Last Update: Apr  1 22:54:02 2013 GMT
+        Next Update: Sep 28 22:54:02 2013 GMT
+        CRL extensions:
+            X509v3 CRL Number: 
+                73
+No Revoked Certificates.
+    Signature Algorithm: ecdsa-with-SHA1
+         30:45:02:21:00:91:f5:0b:6b:86:58:8e:64:78:de:9d:42:4e:
+         c7:82:fc:8b:a8:c3:01:19:6e:b3:c7:0d:7f:3a:5f:cd:72:d5:
+         b2:02:20:43:39:cc:aa:b6:95:50:08:29:d8:f4:6d:0e:7b:ca:
+         19:01:3f:13:fc:52:00:19:05:a2:8a:35:f2:62:88:d7:97
+-----BEGIN X509 CRL-----
+MIIBIDCByAIBATAJBgcqhkjOPQQBMIGJMQswCQYDVQQGEwJVUzEPMA0GA1UECBMG
+T3JlZ29uMQ4wDAYDVQQHEwVTYWxlbTETMBEGA1UEChMKQ2xpZW50IEVDQzENMAsG
+A1UECxMERmFzdDEWMBQGA1UEAxMNd3d3Lnlhc3NsLmNvbTEdMBsGCSqGSIb3DQEJ
+ARYOaW5mb0B5YXNzbC5jb20XDTEzMDQwMTIyNTQwMloXDTEzMDkyODIyNTQwMlqg
+DjAMMAoGA1UdFAQDAgFJMAkGByqGSM49BAEDSAAwRQIhAJH1C2uGWI5keN6dQk7H
+gvyLqMMBGW6zxw1/Ol/NctWyAiBDOcyqtpVQCCnY9G0Oe8oZAT8T/FIAGQWiijXy
+YojXlw==
+-----END X509 CRL-----
--- a/certs/crl/eccSrvCRL.pem
+++ b/certs/crl/eccSrvCRL.pem
@@ -0,0 +1,24 @@
+Certificate Revocation List (CRL):
+        Version 2 (0x1)
+    Signature Algorithm: ecdsa-with-SHA1
+        Issuer: /C=US/ST=Washington/L=Seattle/O=Eliptic/OU=ECC/CN=www.yassl.com/emailAddress=info@yassl.com
+        Last Update: Apr  1 22:54:02 2013 GMT
+        Next Update: Sep 28 22:54:02 2013 GMT
+        CRL extensions:
+            X509v3 CRL Number: 
+                74
+No Revoked Certificates.
+    Signature Algorithm: ecdsa-with-SHA1
+         30:45:02:21:00:db:45:5c:5d:af:98:3a:68:20:2e:34:1f:10:
+         94:c3:80:f4:a3:d6:d6:be:e7:31:16:eb:3d:af:e3:1d:60:ca:
+         90:02:20:66:c7:da:e8:ed:84:5a:86:15:7b:db:c3:93:97:78:
+         94:1a:6d:75:75:62:b8:0e:9e:0f:d6:40:63:6a:de:3d:14
+-----BEGIN X509 CRL-----
+MIIBIjCBygIBATAJBgcqhkjOPQQBMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMK
+V2FzaGluZ3RvbjEQMA4GA1UEBxMHU2VhdHRsZTEQMA4GA1UEChMHRWxpcHRpYzEM
+MAoGA1UECxMDRUNDMRYwFAYDVQQDEw13d3cueWFzc2wuY29tMR0wGwYJKoZIhvcN
+AQkBFg5pbmZvQHlhc3NsLmNvbRcNMTMwNDAxMjI1NDAyWhcNMTMwOTI4MjI1NDAy
+WqAOMAwwCgYDVR0UBAMCAUowCQYHKoZIzj0EAQNIADBFAiEA20VcXa+YOmggLjQf
+EJTDgPSj1ta+5zEW6z2v4x1gypACIGbH2ujthFqGFXvbw5OXeJQabXV1YrgOng/W
+QGNq3j0U
+-----END X509 CRL-----
--- a/certs/crl/gencrls.sh
+++ b/certs/crl/gencrls.sh
@@ -0,0 +1,57 @@
+#!/bin/bash
+
+# gencrls, crl config already done, see taoCerts.txt for setup
+
+
+
+# caCrl
+openssl ca -gencrl -crldays 180 -out crl.pem -keyfile ~/cyassl/certs/ca-key.pem -cert ~/cyassl/certs/ca-cert.pem
+
+# metadata
+openssl crl -in crl.pem -text > tmp
+mv tmp crl.pem
+# install
+cp crl.pem ~/cyassl/certs/crl/crl.pem
+
+# caCrl server revoked
+openssl ca -revoke ~/cyassl/certs/server-cert.pem -keyfile ~/cyassl/certs/ca-key.pem -cert ~/cyassl/certs/ca-cert.pem
+
+# caCrl server revoked generation
+openssl ca -gencrl -crldays 180 -out crl.revoked -keyfile ~/cyassl/certs/ca-key.pem -cert ~/cyassl/certs/ca-cert.pem
+
+# metadata
+openssl crl -in crl.revoked -text > tmp
+mv tmp crl.revoked
+# install
+cp crl.revoked ~/cyassl/certs/crl/crl.revoked
+
+# remove revoked so next time through the normal CA won't have server revoked
+cp blank.index.txt demoCA/index.txt
+
+# cliCrl
+openssl ca -gencrl -crldays 180 -out cliCrl.pem -keyfile ~/cyassl/certs/client-key.pem -cert ~/cyassl/certs/client-cert.pem
+
+# metadata
+openssl crl -in cliCrl.pem -text > tmp
+mv tmp cliCrl.pem
+# install
+cp cliCrl.pem ~/cyassl/certs/crl/cliCrl.pem
+
+# eccCliCRL
+openssl ca -gencrl -crldays 180 -out eccCliCRL.pem -keyfile ~/cyassl/certs/ecc-client-key.pem -cert ~/cyassl/certs/client-ecc-cert.pem
+
+# metadata
+openssl crl -in eccCliCRL.pem -text > tmp
+mv tmp eccCliCRL.pem
+# install
+cp eccCliCRL.pem ~/cyassl/certs/crl/eccCliCRL.pem
+
+# eccSrvCRL
+openssl ca -gencrl -crldays 180 -out eccSrvCRL.pem -keyfile ~/cyassl/certs/ecc-key.pem -cert ~/cyassl/certs/server-ecc.pem
+
+# metadata
+openssl crl -in eccSrvCRL.pem -text > tmp
+mv tmp eccSrvCRL.pem
+# install
+cp eccSrvCRL.pem ~/cyassl/certs/crl/eccSrvCRL.pem
+
--- a/certs/crl/include.am
+++ b/certs/crl/include.am
@@ -0,0 +1,14 @@
+# vim:ft=automake
+# All paths should be given relative to the root
+#
+
+EXTRA_DIST += \
+	     certs/crl/crl.pem \
+	     certs/crl/cliCrl.pem \
+	     certs/crl/eccSrvCRL.pem \
+	     certs/crl/eccCliCRL.pem
+
+EXTRA_DIST += \
+	     certs/crl/crl.revoked
+
+
--- a/certs/dh1024.der
+++ b/certs/dh1024.der
--- a/certs/dh2048.der
+++ b/certs/dh2048.der
--- a/certs/dh2048.pem
+++ b/certs/dh2048.pem
@@ -0,0 +1,29 @@
+Diffie-Hellman-Parameters: (2048 bit)
+    prime:
+        00:b0:a1:08:06:9c:08:13:ba:59:06:3c:bc:30:d5:
+        f5:00:c1:4f:44:a7:d6:ef:4a:c6:25:27:1c:e8:d2:
+        96:53:0a:5c:91:dd:a2:c2:94:84:bf:7d:b2:44:9f:
+        9b:d2:c1:8a:c5:be:72:5c:a7:e7:91:e6:d4:9f:73:
+        07:85:5b:66:48:c7:70:fa:b4:ee:02:c9:3d:9a:4a:
+        da:3d:c1:46:3e:19:69:d1:17:46:07:a3:4d:9f:2b:
+        96:17:39:6d:30:8d:2a:f3:94:d3:75:cf:a0:75:e6:
+        f2:92:1f:1a:70:05:aa:04:83:57:30:fb:da:76:93:
+        38:50:e8:27:fd:63:ee:3c:e5:b7:c8:09:ae:6f:50:
+        35:8e:84:ce:4a:00:e9:12:7e:5a:31:d7:33:fc:21:
+        13:76:cc:16:30:db:0c:fc:c5:62:a7:35:b8:ef:b7:
+        b0:ac:c0:36:f6:d9:c9:46:48:f9:40:90:00:2b:1b:
+        aa:6c:e3:1a:c3:0b:03:9e:1b:c2:46:e4:48:4e:22:
+        73:6f:c3:5f:d4:9a:d6:30:07:48:d6:8c:90:ab:d4:
+        f6:f1:e3:48:d3:58:4b:a6:b9:cd:29:bf:68:1f:08:
+        4b:63:86:2f:5c:6b:d6:b6:06:65:f7:a6:dc:00:67:
+        6b:bb:c3:a9:41:83:fb:c7:fa:c8:e2:1e:7e:af:00:
+        3f:93
+    generator: 2 (0x2)
+-----BEGIN DH PARAMETERS-----
+MIIBCAKCAQEAsKEIBpwIE7pZBjy8MNX1AMFPRKfW70rGJScc6NKWUwpckd2iwpSE
+v32yRJ+b0sGKxb5yXKfnkebUn3MHhVtmSMdw+rTuAsk9mkraPcFGPhlp0RdGB6NN
+nyuWFzltMI0q85TTdc+gdebykh8acAWqBINXMPvadpM4UOgn/WPuPOW3yAmub1A1
+joTOSgDpEn5aMdcz/CETdswWMNsM/MVipzW477ewrMA29tnJRkj5QJAAKxuqbOMa
+wwsDnhvCRuRITiJzb8Nf1JrWMAdI1oyQq9T28eNI01hLprnNKb9oHwhLY4YvXGvW
+tgZl96bcAGdru8OpQYP7x/rI4h5+rwA/kwIBAg==
+-----END DH PARAMETERS-----
--- a/certs/dsa-cert.pem
+++ b/certs/dsa-cert.pem
@@ -1,70 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number:
-            ce:df:23:31:64:b4:13:da
-        Signature Algorithm: dsaWithSHA1
-        Issuer: C=US, ST=Oregon, L=Portland, O=yaSSL, OU=testing, CN=www.yassl.com/emailAddress=info@yassl.com
-        Validity
-            Not Before: Jun 30 18:56:38 2010 GMT
-            Not After : Mar 26 18:56:39 2013 GMT
-        Subject: C=US, ST=Oregon, L=Portland, O=yaSSL, OU=testing, CN=www.yassl.com/emailAddress=info@yassl.com
-        Subject Public Key Info:
-            Public Key Algorithm: dsaEncryption
-            DSA Public Key:
-                pub: 
-                    04:84:a0:26:31:72:0c:e8:4f:5d:53:17:62:b1:80:
-                    ca:c0:16:5f:c3:1e:ea:c5:d9:98:38:f9:be:56:53:
-                    47:68:ce:08:22:57:1c:bb:0d:77:91:cf:5b:36:ed:
-                    f3:24:82:90:8a:cd:90:7c:db:77:f9:17:2d:73:73:
-                    ef:bb:b9:82
-                P:   
-                    00:99:29:69:80:c9:3c:98:68:45:a9:82:fe:67:eb:
-                    95:88:c5:b4:0c:d6:26:45:95:19:2c:a0:20:5b:7e:
-                    df:69:e9:dc:c3:0f:f3:61:0a:25:9b:f2:21:01:6a:
-                    cd:aa:8c:37:e7:ca:66:db:56:f4:0f:7d:7a:d1:18:
-                    b9:42:fd:1b:11
-                Q:   
-                    00:ad:25:29:ab:0a:9f:09:1c:c1:ad:03:20:76:7f:
-                    a6:b7:dd:4d:03:09
-                G:   
-                    12:88:99:da:e7:d0:0b:93:9b:e6:ee:3c:21:7f:9c:
-                    b3:b4:8d:a5:8c:e2:37:80:3f:17:d1:81:4f:bd:f0:
-                    71:b6:32:08:54:dd:bf:01:e2:b3:77:06:64:75:8a:
-                    04:d6:79:39:b1:02:03:03:c6:06:74:e5:90:05:0a:
-                    10:46:19:31
-        X509v3 extensions:
-            X509v3 Subject Key Identifier: 
-                BE:F9:8C:5D:D6:1C:B4:EE:81:DD:36:56:0A:21:E4:61:44:73:E9:E2
-            X509v3 Authority Key Identifier: 
-                keyid:BE:F9:8C:5D:D6:1C:B4:EE:81:DD:36:56:0A:21:E4:61:44:73:E9:E2
-                DirName:/C=US/ST=Oregon/L=Portland/O=yaSSL/OU=testing/CN=www.yassl.com/emailAddress=info@yassl.com
-                serial:CE:DF:23:31:64:B4:13:DA
-
-            X509v3 Basic Constraints: 
-                CA:TRUE
-    Signature Algorithm: dsaWithSHA1
-        30:2d:02:14:00:a3:21:20:34:6a:2c:f9:fb:76:d7:20:c9:c0:
-        35:1b:64:9a:c2:83:02:15:00:a4:59:ac:6d:da:85:48:ff:f5:
-        0d:49:72:c8:cd:91:fc:ec:2f:5c:63
-----BEGIN CERTIFICATE-----
-MIIDfjCCAz2gAwIBAgIJAM7fIzFktBPaMAkGByqGSM44BAMwgYoxCzAJBgNVBAYT
-AlVTMQ8wDQYDVQQIEwZPcmVnb24xETAPBgNVBAcTCFBvcnRsYW5kMQ4wDAYDVQQK
-EwV5YVNTTDEQMA4GA1UECxMHdGVzdGluZzEWMBQGA1UEAxMNd3d3Lnlhc3NsLmNv
-bTEdMBsGCSqGSIb3DQEJARYOaW5mb0B5YXNzbC5jb20wHhcNMTAwNjMwMTg1NjM4
-WhcNMTMwMzI2MTg1NjM5WjCBijELMAkGA1UEBhMCVVMxDzANBgNVBAgTBk9yZWdv
-bjERMA8GA1UEBxMIUG9ydGxhbmQxDjAMBgNVBAoTBXlhU1NMMRAwDgYDVQQLEwd0
-ZXN0aW5nMRYwFAYDVQQDEw13d3cueWFzc2wuY29tMR0wGwYJKoZIhvcNAQkBFg5p
-bmZvQHlhc3NsLmNvbTCB8DCBqAYHKoZIzjgEATCBnAJBAJkpaYDJPJhoRamC/mfr
-lYjFtAzWJkWVGSygIFt+32np3MMP82EKJZvyIQFqzaqMN+fKZttW9A99etEYuUL9
-GxECFQCtJSmrCp8JHMGtAyB2f6a33U0DCQJAEoiZ2ufQC5Ob5u48IX+cs7SNpYzi
-N4A/F9GBT73wcbYyCFTdvwHis3cGZHWKBNZ5ObECAwPGBnTlkAUKEEYZMQNDAAJA
-BISgJjFyDOhPXVMXYrGAysAWX8Me6sXZmDj5vlZTR2jOCCJXHLsNd5HPWzbt8ySC
-kIrNkHzbd/kXLXNz77u5gqOB8jCB7zAdBgNVHQ4EFgQUvvmMXdYctO6B3TZWCiHk
-YURz6eIwgb8GA1UdIwSBtzCBtIAUvvmMXdYctO6B3TZWCiHkYURz6eKhgZCkgY0w
-gYoxCzAJBgNVBAYTAlVTMQ8wDQYDVQQIEwZPcmVnb24xETAPBgNVBAcTCFBvcnRs
-YW5kMQ4wDAYDVQQKEwV5YVNTTDEQMA4GA1UECxMHdGVzdGluZzEWMBQGA1UEAxMN
-d3d3Lnlhc3NsLmNvbTEdMBsGCSqGSIb3DQEJARYOaW5mb0B5YXNzbC5jb22CCQDO
-3yMxZLQT2jAMBgNVHRMEBTADAQH/MAkGByqGSM44BAMDMAAwLQIUAKMhIDRqLPn7
-dtcgycA1G2SawoMCFQCkWaxt2oVI//UNSXLIzZH87C9cYw==
-----END CERTIFICATE-----
--- a/certs/dsa2048.der
+++ b/certs/dsa2048.der
--- a/certs/dsa512.der
+++ b/certs/dsa512.der
--- a/certs/dsa512.pem
+++ b/certs/dsa512.pem
@@ -1,8 +0,0 @@
-----BEGIN DSA PRIVATE KEY-----
-MIH3AgEAAkEAmSlpgMk8mGhFqYL+Z+uViMW0DNYmRZUZLKAgW37faencww/zYQol
-m/IhAWrNqow358pm21b0D3160Ri5Qv0bEQIVAK0lKasKnwkcwa0DIHZ/prfdTQMJ
-AkASiJna59ALk5vm7jwhf5yztI2ljOI3gD8X0YFPvfBxtjIIVN2/AeKzdwZkdYoE
-1nk5sQIDA8YGdOWQBQoQRhkxAkAEhKAmMXIM6E9dUxdisYDKwBZfwx7qxdmYOPm+
-VlNHaM4IIlccuw13kc9bNu3zJIKQis2QfNt3+Rctc3Pvu7mCAhQjg+e+aqykxwwc
-E2V27tjDFY02uA==
-----END DSA PRIVATE KEY-----
--- a/certs/ecc-client-key.pem
+++ b/certs/ecc-client-key.pem
@@ -0,0 +1,9 @@
+ASN1 OID: prime256v1
+-----BEGIN EC PARAMETERS-----
+BggqhkjOPQMBBw==
+-----END EC PARAMETERS-----
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIPjPkmu9HijxqKuhI08ydBiIUK1+x+yS+I+XTa9WiWXHoAoGCCqGSM49
+AwEHoUQDQgAEVb/0D0RQmj3Om7fwxU31cHvU7CSOGYDsWkyiJANiLJva76I1EkOE
+dhbGVpUGzAGpvfZ1GkL3vamyNiJfx11/tA==
+-----END EC PRIVATE KEY-----
--- a/certs/ecc-keyPkcs8.pem
+++ b/certs/ecc-keyPkcs8.pem
@@ -0,0 +1,5 @@
+-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgRbZpAnOcbIWhOFty
+6OjHrMQDjVM1BPpsKNw0jeGoCYyhRANCAAS7M6xMJ1BKxkqlBMM83p8223ItzpTq
+K/rLIAk5LBboYQLpr03TApOaMVuXkiF/8M8Y2pERAjSG6CBYMwuANInY
+-----END PRIVATE KEY-----
--- a/certs/include.am
+++ b/certs/include.am
@@ -0,0 +1,40 @@
+# vim:ft=automake
+# All paths should be given relative to the root
+#
+
+EXTRA_DIST += \
+	     certs/ca-cert.pem \
+	     certs/ca-key.pem \
+	     certs/client-cert.pem \
+	     certs/client-keyEnc.pem \
+	     certs/client-key.pem \
+	     certs/ecc-key.pem \
+	     certs/ecc-keyPkcs8.pem \
+	     certs/ecc-client-key.pem \
+	     certs/client-ecc-cert.pem \
+	     certs/ntru-cert.pem \
+	     certs/dh2048.pem \
+	     certs/server-cert.pem \
+	     certs/server-ecc.pem \
+	     certs/server-ecc-rsa.pem \
+	     certs/server-keyEnc.pem \
+	     certs/server-key.pem \
+	     certs/server-keyPkcs8Enc12.pem \
+	     certs/server-keyPkcs8Enc2.pem \
+	     certs/server-keyPkcs8Enc.pem \
+	     certs/server-keyPkcs8.pem
+
+EXTRA_DIST += \
+	     certs/ca-key.der \
+	     certs/client-cert.der \
+	     certs/client-key.der \
+	     certs/dh2048.der \
+	     certs/rsa2048.der \
+	     certs/dsa2048.der \
+	     certs/ecc-key.der
+
+
+dist_doc_DATA+= certs/taoCert.txt
+
+EXTRA_DIST+= certs/ntru-key.raw
+
--- a/certs/ntru-cert.pem
+++ b/certs/ntru-cert.pem
@@ -1,24 +1,28 @@
 -----BEGIN CERTIFICATE-----
-MIIEFTCCA7+gAwIBAgIIAbqUI6ioaAswDQYJKoZIhvcNAQEEBQAwgZ4xCzAJBgNV
+MIIEyTCCA7GgAwIBAgIIASZ+ezr7rN0wDQYJKoZIhvcNAQEFBQAwgZAxCzAJBgNV
 BAYTAlVTMRAwDgYDVQQIEwdNb250YW5hMRAwDgYDVQQHEwdCb3plbWFuMREwDwYD
-VQQKEwhzYXd0b290aDETMBEGA1UECxMKY29uc3VsdGluZzEkMCIGA1UEAxMbd3d3
-LnNhd3Rvb3RoLWNvbnN1bHRpbmcuY29tMR0wGwYJKoZIhvcNAQkBFg5pbmZvQHlh
-c3NsLmNvbTAiGA8yMDEwMTIxNDIwMjQ0MVoYDzIwMTIwNDI3MjEyNDQxWjCBijEL
-MAkGA1UEBhMCVVMxCzAJBgNVBAgTAk9SMREwDwYDVQQHEwhQb3J0bGFuZDEOMAwG
-A1UEChMFeWFTU0wxFDASBgNVBAsTC0RldmVsb3BtZW50MRYwFAYDVQQDEw13d3cu
-eWFzc2wuY29tMR0wGwYJKoZIhvcNAQkBFg5pbmZvQHlhc3NsLmNvbTCCAkswGAYK
-KwYBBAHBcAEBAgYKKwYBBAHBcAECLgOCAi0ABIICKCz+/AE/vwkKbIeZgGF2aIEx
-8Tgb8wSs7pLV97VJhdtoPE6uACTmMGAsKou1ZXZ7Wx/vo+DSEdRF4DMlny3clNoU
-ISPnfubo5oDo8zFzBkI24v7euq885RZGkrqPJLsEPkdWxbsH9hVA9Q6KiL3WkqyJ
-p6F+FseE//rJ8V++prytwhTdBzGWtpY43Wkh6Sqej7Vyh/gQAQuYSFPtWhSb0Xjh
-/tFG17lSPhPrf6xD+YtABxUG2hlWY+4wkHSVyTqkPx1/2frlMctA9J3aktEEJkWu
-bbbHVgBDkQ4E+58iljlzArep+sRs5d//KZil9fFJf1qUXo9mo3BekISGZJ5fUi/r
-4PNyJhYPJfTc0qZwas26VKiMWlAYFlxMNOdTAH9oLYRo85n+FlmkYzkaFuW/1h0u
-SSVJ25XcqWYVZL4W11bAVEut80DIZPsHAOpxaol2Ul+3TtyuYIXaGxVdWYZKVAV3
-meDa8HusJlRbRNGNJR83/lT5haFizcUkWD/QMtlnu+PgX11pUD+mZedVgYhElpfd
-GfFwBUJcStP2iMMynZkQHxvoaNS761BiNiqMJceuvE9a+2fFt9WkAAYaYHoVQNGf
-HMVv6lPeVL0S688Bq6/Y39quJQGlcDDY1jy4nOJgNrAGv/cbSFnoC12lGzHVh6pI
-3s0ekDf/bjMmIP2w3krhTyGm0pZ5D1mEXYWUkEMHVcjGNM9IBlXp1WHTWdNwINCM
-Cos5UHRX4DANBgkqhkiG9w0BAQQFAANBAHvy5p2SJtQlc5defUNYtHaAwrk7Nzcu
-qlaoBL1HCtwMI4W5Q7INKShS238uZJXYxcHQXlvxswf0IFtqT8lIFt0=
+VQQKEwhTYXd0b290aDETMBEGA1UECxMKQ29uc3VsdGluZzEWMBQGA1UEAxMNd3d3
+Lnlhc3NsLmNvbTEdMBsGCSqGSIb3DQEJARYOaW5mb0B5YXNzbC5jb20wIhgPMjAx
+MTEyMDUwMDE2MzdaGA8yMDEzMDQxOTAxMTYzN1owgYoxCzAJBgNVBAYTAlVTMQsw
+CQYDVQQIEwJPUjERMA8GA1UEBxMIUG9ydGxhbmQxDjAMBgNVBAoTBXlhU1NMMRQw
+EgYDVQQLEwtEZXZlbG9wbWVudDEWMBQGA1UEAxMNd3d3Lnlhc3NsLmNvbTEdMBsG
+CSqGSIb3DQEJARYOaW5mb0B5YXNzbC5jb20wggJLMBgGCisGAQQBwXABAQIGCisG
+AQQBwXABAi4DggItAASCAihFDRAy0fOBZth/IRQFJeuEUgrViJfGvKOUuNW6yYmn
+9/YXT2I3/aiBZ/udSehoEFVPNgLs/ZWwNrsIuETH5TPkS1e9Ig4I5G839deKT89M
+Qpq7GiKLwlLY3He/a6O+/UMEFH4ShdhDopsH2+IsWCX0H7Lvp8L8RqURrQNFXvlr
+xRAFiBixEQNry2HyEcVz/9TQSdifE4KGUtneErqsk1/Sms1m1/NqW30H77YerJfs
+QWsOEgasoJnYWS6knJC4XsUbJKqKcHRc6XeODOyf72J3ESvES2C+cqEsShxVP7zG
+hDiHurwfyvIAUL4bZSBtlAqt60iOEsXScXwdbNrj+4iuFAyjX8+JrxGMbDNi3X5l
+L2RLUiEIKUSGUozbDlR3jU2WoHUm76mZwjGe1+vOKpvqh5yrRoyqiDERj8wsGrDO
+MdoheW1xSjQ3p5fQ/UOtagWA5Lh/MqbCIHdMzMLpbOmfhFJA5BXaNg/qThhjpmvf
+csYfwWCWukKKbjfY7cxOVMuUN0VvoYBjOxt5UQhXuPjH/+5s4J7E/IxQrWz6fhcG
+wfvJjWJjedfhP23Jm4zodbwtU6MgPF641DcAwcnBqSi/Ugi7d0YeHMqTJkSnIJZV
+r3v1YLuqiFDzB6bx69DGpCxFMxIpdOPq4a9WpeQQ9H7cBK0HFl4tRPNnQ2XCrKMc
+86gQ35aaM2vPvgj0d/zgC0AG8WFQEG1wYBvLEgfiQsi7auXoScYZA8AwDQYJKoZI
+hvcNAQEFBQADggEBAJ7eyiJIGiyyrhAdaYOit3U3CUkGSatNXTkn8PRO8SwzPWCi
+FQ+4AePYV+/ovtNZiqLwm7mVa3s2CS8LCk2s9/ld22cDJNV+gDkzrelUyTLUi0jr
+zZJwEiaNXIEkYrLGifSzoNUgQBTzDmOSkm2UpIX70GTsXF73FKdqonf1VTnopVKa
+XZDpIG3/TKyh8jCwowMrkxnHS886FhXiHGCBzM1rnp3S+r3b+rTqoKoeuZQnDgJP
+IZwnZL6agtwbUfmZj6/868irlsLtC9M5nKBtj/U/tQIrW52XEhBqChmTXIq0JNL1
++kWLLeu9t0T53Pth3VxMT/ePV0aURQvjINm60o=
 -----END CERTIFICATE-----
--- a/certs/ntru-key.raw
+++ b/certs/ntru-key.raw
--- a/certs/rsa2048.der
+++ b/certs/rsa2048.der
--- a/certs/server-cert.pem
+++ b/certs/server-cert.pem
@@ -1,39 +1,158 @@
 Certificate:
    Data:
        Version: 1 (0x0)
-        Serial Number: 1 (0x1)
-        Signature Algorithm: md5WithRSAEncryption
-        Issuer: C=US, ST=Montana, L=Bozeman, O=sawtooth, OU=consulting, CN=www.sawtooth-consulting.com/emailAddress=info@yassl.com
+        Serial Number: 2 (0x2)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.yassl.com/emailAddress=info@yassl.com
        Validity
-            Not Before: Jun 30 18:52:17 2010 GMT
-            Not After : Mar 26 18:52:17 2013 GMT
-        Subject: C=US, ST=Montana, L=Bozeman, O=yaSSL, OU=support, CN=www.yassl.com/emailAddress=info@yassl.com
+            Not Before: Oct 24 18:27:13 2011 GMT
+            Not After : Jul 20 18:27:13 2014 GMT
+        Subject: C=US, ST=Montana, L=Bozeman, O=yaSSL, OU=Support, CN=www.yassl.com/emailAddress=info@yassl.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (512 bit)
-                Modulus (512 bit):
-                    00:c6:7b:c0:68:81:2f:de:82:3f:f9:ac:c3:86:4a:
-                    66:b7:ec:d4:f1:f6:64:21:ff:f5:a2:34:42:d0:38:
-                    9f:c6:dd:3b:6e:26:65:6a:54:96:dd:d2:7b:eb:36:
-                    a2:ae:7e:2a:9e:7e:56:a5:b6:87:9f:15:c7:18:66:
-                    7e:16:77:e2:a7
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27:
+                    01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6:
+                    f6:1c:88:bc:7c:9f:fb:a8:67:7f:fe:5c:9c:51:75:
+                    f7:8a:ca:07:e7:35:2f:8f:e1:bd:7b:c0:2f:7c:ab:
+                    64:a8:17:fc:ca:5d:7b:ba:e0:21:e5:72:2e:6f:2e:
+                    86:d8:95:73:da:ac:1b:53:b9:5f:3f:d7:19:0d:25:
+                    4f:e1:63:63:51:8b:0b:64:3f:ad:43:b8:a5:1c:5c:
+                    34:b3:ae:00:a0:63:c5:f6:7f:0b:59:68:78:73:a6:
+                    8c:18:a9:02:6d:af:c3:19:01:2e:b8:10:e3:c6:cc:
+                    40:b4:69:a3:46:33:69:87:6e:c4:bb:17:a6:f3:e8:
+                    dd:ad:73:bc:7b:2f:21:b5:fd:66:51:0c:bd:54:b3:
+                    e1:6d:5f:1c:bc:23:73:d1:09:03:89:14:d2:10:b9:
+                    64:c3:2a:d0:a1:96:4a:bc:e1:d4:1a:5b:c7:a0:c0:
+                    c1:63:78:0f:44:37:30:32:96:80:32:23:95:a1:77:
+                    ba:13:d2:97:73:e2:5d:25:c9:6a:0d:c3:39:60:a4:
+                    b4:b0:69:42:42:09:e9:d8:08:bc:33:20:b3:58:22:
+                    a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f:
+                    ad:d7
                Exponent: 65537 (0x10001)
-    Signature Algorithm: md5WithRSAEncryption
-        58:a9:98:e7:16:52:4c:40:e7:e1:47:92:19:1b:3a:8f:97:6c:
-        7b:b7:b0:cb:20:6d:ad:b5:d3:47:58:d8:e4:f2:3e:32:e9:ef:
-        87:77:e5:54:36:f4:8d:50:8d:07:b4:77:45:ea:9d:a4:33:36:
-        9b:0b:e0:74:58:11:c5:01:7b:4d
+    Signature Algorithm: sha1WithRSAEncryption
+        71:4e:d3:62:df:cc:4c:f7:cd:b7:6e:52:0b:6c:6e:e0:bd:c2:
+        2d:07:d7:c0:b0:6e:43:1e:35:bc:30:01:50:f0:ff:99:23:6c:
+        18:1a:41:b6:11:d6:d4:19:61:fd:e4:77:97:1c:39:e1:57:ab:
+        c5:15:63:77:11:36:5e:74:e2:24:0b:1f:41:78:ad:b7:81:e7:
+        b4:40:66:80:f0:4b:91:a0:6d:a8:6e:3d:53:d9:8b:ce:2a:e1:
+        0b:45:65:87:a1:96:ae:ee:3e:88:d5:12:1f:78:17:ae:2c:c5:
+        73:44:d8:dc:f4:af:d8:cc:ae:4c:e1:0c:be:55:a4:99:f7:6e:
+        96:c0:c8:45:87:bf:dc:51:57:ff:9e:73:37:6a:18:9c:c3:f9:
+        22:7a:f4:b0:52:bd:fc:21:30:f8:c5:ff:1e:87:7d:ad:a2:5a:
+        35:f5:22:a8:b4:0a:76:38:e6:76:b0:98:af:1b:ec:8a:0a:43:
+        74:d2:85:34:37:84:07:e1:f6:23:b2:29:de:a6:b6:b7:4c:57:
+        7e:96:06:cb:a9:16:25:29:3a:03:2d:55:7d:a6:8c:a4:f7:9e:
+        81:c9:95:b6:7c:c1:4a:ce:94:66:0c:ca:88:eb:d2:09:f5:5b:
+        19:58:82:df:27:fd:67:95:78:b7:02:06:d5:a7:61:bd:ef:3a:
+        fc:b2:61:cd
 -----BEGIN CERTIFICATE-----
-MIICFDCCAb4CAQEwDQYJKoZIhvcNAQEEBQAwgZ4xCzAJBgNVBAYTAlVTMRAwDgYD
-VQQIEwdNb250YW5hMRAwDgYDVQQHEwdCb3plbWFuMREwDwYDVQQKEwhzYXd0b290
-aDETMBEGA1UECxMKY29uc3VsdGluZzEkMCIGA1UEAxMbd3d3LnNhd3Rvb3RoLWNv
-bnN1bHRpbmcuY29tMR0wGwYJKoZIhvcNAQkBFg5pbmZvQHlhc3NsLmNvbTAeFw0x
-MDA2MzAxODUyMTdaFw0xMzAzMjYxODUyMTdaMIGKMQswCQYDVQQGEwJVUzEQMA4G
-A1UECBMHTW9udGFuYTEQMA4GA1UEBxMHQm96ZW1hbjEOMAwGA1UEChMFeWFTU0wx
-EDAOBgNVBAsTB3N1cHBvcnQxFjAUBgNVBAMTDXd3dy55YXNzbC5jb20xHTAbBgkq
-hkiG9w0BCQEWDmluZm9AeWFzc2wuY29tMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJB
-AMZ7wGiBL96CP/msw4ZKZrfs1PH2ZCH/9aI0QtA4n8bdO24mZWpUlt3Se+s2oq5+
-Kp5+VqW2h58VxxhmfhZ34qcCAwEAATANBgkqhkiG9w0BAQQFAANBAFipmOcWUkxA
-5+FHkhkbOo+XbHu3sMsgba2100dY2OTyPjLp74d35VQ29I1QjQe0d0XqnaQzNpsL
-4HRYEcUBe00=
+MIIDkDCCAngCAQIwDQYJKoZIhvcNAQEFBQAwgZAxCzAJBgNVBAYTAlVTMRAwDgYD
+VQQIEwdNb250YW5hMRAwDgYDVQQHEwdCb3plbWFuMREwDwYDVQQKEwhTYXd0b290
+aDETMBEGA1UECxMKQ29uc3VsdGluZzEWMBQGA1UEAxMNd3d3Lnlhc3NsLmNvbTEd
+MBsGCSqGSIb3DQEJARYOaW5mb0B5YXNzbC5jb20wHhcNMTExMDI0MTgyNzEzWhcN
+MTQwNzIwMTgyNzEzWjCBijELMAkGA1UEBhMCVVMxEDAOBgNVBAgTB01vbnRhbmEx
+EDAOBgNVBAcTB0JvemVtYW4xDjAMBgNVBAoTBXlhU1NMMRAwDgYDVQQLEwdTdXBw
+b3J0MRYwFAYDVQQDEw13d3cueWFzc2wuY29tMR0wGwYJKoZIhvcNAQkBFg5pbmZv
+QHlhc3NsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMCVCOFX
+QfJxbbfSRUEnAWXGRa7yvCQwuJXOL07W9hyIvHyf+6hnf/5cnFF194rKB+c1L4/h
+vXvAL3yrZKgX/Mpde7rgIeVyLm8uhtiVc9qsG1O5Xz/XGQ0lT+FjY1GLC2Q/rUO4
+pRxcNLOuAKBjxfZ/C1loeHOmjBipAm2vwxkBLrgQ48bMQLRpo0YzaYduxLsXpvPo
+3a1zvHsvIbX9ZlEMvVSz4W1fHLwjc9EJA4kU0hC5ZMMq0KGWSrzh1Bpbx6DAwWN4
+D0Q3MDKWgDIjlaF3uhPSl3PiXSXJag3DOWCktLBpQkIJ6dgIvDMgs1gip6rrxOHm
+YYPF0pbf2dBPrdcCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAcU7TYt/MTPfNt25S
+C2xu4L3CLQfXwLBuQx41vDABUPD/mSNsGBpBthHW1Blh/eR3lxw54VerxRVjdxE2
+XnTiJAsfQXitt4HntEBmgPBLkaBtqG49U9mLzirhC0Vlh6GWru4+iNUSH3gXrizF
+c0TY3PSv2MyuTOEMvlWkmfdulsDIRYe/3FFX/55zN2oYnMP5Inr0sFK9/CEw+MX/
+Hod9raJaNfUiqLQKdjjmdrCYrxvsigpDdNKFNDeEB+H2I7Ip3qa2t0xXfpYGy6kW
+JSk6Ay1VfaaMpPeegcmVtnzBSs6UZgzKiOvSCfVbGViC3yf9Z5V4twIG1adhve86
+/LJhzQ==
+-----END CERTIFICATE-----
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            e9:d0:a7:5f:79:25:f4:3c
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.yassl.com/emailAddress=info@yassl.com
+        Validity
+            Not Before: Oct 24 18:18:15 2011 GMT
+            Not After : Jul 20 18:18:15 2014 GMT
+        Subject: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.yassl.com/emailAddress=info@yassl.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:bf:0c:ca:2d:14:b2:1e:84:42:5b:cd:38:1f:4a:
+                    f2:4d:75:10:f1:b6:35:9f:df:ca:7d:03:98:d3:ac:
+                    de:03:66:ee:2a:f1:d8:b0:7d:6e:07:54:0b:10:98:
+                    21:4d:80:cb:12:20:e7:cc:4f:de:45:7d:c9:72:77:
+                    32:ea:ca:90:bb:69:52:10:03:2f:a8:f3:95:c5:f1:
+                    8b:62:56:1b:ef:67:6f:a4:10:41:95:ad:0a:9b:e3:
+                    a5:c0:b0:d2:70:76:50:30:5b:a8:e8:08:2c:7c:ed:
+                    a7:a2:7a:8d:38:29:1c:ac:c7:ed:f2:7c:95:b0:95:
+                    82:7d:49:5c:38:cd:77:25:ef:bd:80:75:53:94:3c:
+                    3d:ca:63:5b:9f:15:b5:d3:1d:13:2f:19:d1:3c:db:
+                    76:3a:cc:b8:7d:c9:e5:c2:d7:da:40:6f:d8:21:dc:
+                    73:1b:42:2d:53:9c:fe:1a:fc:7d:ab:7a:36:3f:98:
+                    de:84:7c:05:67:ce:6a:14:38:87:a9:f1:8c:b5:68:
+                    cb:68:7f:71:20:2b:f5:a0:63:f5:56:2f:a3:26:d2:
+                    b7:6f:b1:5a:17:d7:38:99:08:fe:93:58:6f:fe:c3:
+                    13:49:08:16:0b:a7:4d:67:00:52:31:67:23:4e:98:
+                    ed:51:45:1d:b9:04:d9:0b:ec:d8:28:b3:4b:bd:ed:
+                    36:79
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
+            X509v3 Authority Key Identifier: 
+                keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
+                DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.yassl.com/emailAddress=info@yassl.com
+                serial:E9:D0:A7:5F:79:25:F4:3C
+
+            X509v3 Basic Constraints: 
+                CA:TRUE
+    Signature Algorithm: sha1WithRSAEncryption
+        5f:86:14:f4:51:8b:bc:a5:4e:30:da:5e:ac:9a:f8:6c:d9:26:
+        4b:93:f9:e3:1c:89:6f:9e:ee:b3:9d:77:3e:89:20:76:a3:e6:
+        e8:86:15:21:db:e2:33:b2:34:d5:d0:9f:f3:c1:a4:87:92:5c:
+        f9:d1:ff:30:2f:8e:03:bc:b3:3c:0c:32:a3:90:5f:1a:90:1e:
+        af:9d:f3:9e:d7:07:02:a9:7d:27:66:63:2f:af:18:d7:ac:18:
+        98:8c:83:8f:38:f3:0b:ac:36:10:75:fb:ca:76:13:50:5b:02:
+        8f:73:bf:e3:a0:ee:83:52:25:54:ce:26:ce:9c:bd:2f:79:ab:
+        1b:60:b8:92:f1:03:c0:fc:3b:08:d9:c0:ad:d5:72:08:25:80:
+        61:2d:dc:9f:a7:83:62:07:47:e0:07:4c:4b:07:30:04:a9:87:
+        1c:55:7f:07:12:d0:cb:42:5d:cb:cf:66:01:1a:17:ee:f9:0f:
+        60:b7:db:6f:68:e5:4e:41:62:6e:d3:6f:60:4f:4b:27:de:cf:
+        18:07:f1:13:5d:cb:3f:a9:25:44:da:52:5c:c8:04:e1:56:12:
+        f5:2a:90:4e:d1:e2:af:01:b5:23:a1:ec:31:da:7b:63:69:c4:
+        b8:f3:e7:ce:a1:3d:c0:db:6d:f3:b2:d9:46:c8:9f:c3:b8:70:
+        5a:1f:7f:ca
+-----BEGIN CERTIFICATE-----
+MIIEnjCCA4agAwIBAgIJAOnQp195JfQ8MA0GCSqGSIb3DQEBBQUAMIGQMQswCQYD
+VQQGEwJVUzEQMA4GA1UECBMHTW9udGFuYTEQMA4GA1UEBxMHQm96ZW1hbjERMA8G
+A1UEChMIU2F3dG9vdGgxEzARBgNVBAsTCkNvbnN1bHRpbmcxFjAUBgNVBAMTDXd3
+dy55YXNzbC5jb20xHTAbBgkqhkiG9w0BCQEWDmluZm9AeWFzc2wuY29tMB4XDTEx
+MTAyNDE4MTgxNVoXDTE0MDcyMDE4MTgxNVowgZAxCzAJBgNVBAYTAlVTMRAwDgYD
+VQQIEwdNb250YW5hMRAwDgYDVQQHEwdCb3plbWFuMREwDwYDVQQKEwhTYXd0b290
+aDETMBEGA1UECxMKQ29uc3VsdGluZzEWMBQGA1UEAxMNd3d3Lnlhc3NsLmNvbTEd
+MBsGCSqGSIb3DQEJARYOaW5mb0B5YXNzbC5jb20wggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQC/DMotFLIehEJbzTgfSvJNdRDxtjWf38p9A5jTrN4DZu4q
+8diwfW4HVAsQmCFNgMsSIOfMT95FfclydzLqypC7aVIQAy+o85XF8YtiVhvvZ2+k
+EEGVrQqb46XAsNJwdlAwW6joCCx87aeieo04KRysx+3yfJWwlYJ9SVw4zXcl772A
+dVOUPD3KY1ufFbXTHRMvGdE823Y6zLh9yeXC19pAb9gh3HMbQi1TnP4a/H2rejY/
+mN6EfAVnzmoUOIep8Yy1aMtof3EgK/WgY/VWL6Mm0rdvsVoX1ziZCP6TWG/+wxNJ
+CBYLp01nAFIxZyNOmO1RRR25BNkL7Ngos0u97TZ5AgMBAAGjgfgwgfUwHQYDVR0O
+BBYEFCeOZxF0wyYdP+0zY7Ok2B0w5ejVMIHFBgNVHSMEgb0wgbqAFCeOZxF0wyYd
+P+0zY7Ok2B0w5ejVoYGWpIGTMIGQMQswCQYDVQQGEwJVUzEQMA4GA1UECBMHTW9u
+dGFuYTEQMA4GA1UEBxMHQm96ZW1hbjERMA8GA1UEChMIU2F3dG9vdGgxEzARBgNV
+BAsTCkNvbnN1bHRpbmcxFjAUBgNVBAMTDXd3dy55YXNzbC5jb20xHTAbBgkqhkiG
+9w0BCQEWDmluZm9AeWFzc2wuY29tggkA6dCnX3kl9DwwDAYDVR0TBAUwAwEB/zAN
+BgkqhkiG9w0BAQUFAAOCAQEAX4YU9FGLvKVOMNperJr4bNkmS5P54xyJb57us513
+PokgdqPm6IYVIdviM7I01dCf88Gkh5Jc+dH/MC+OA7yzPAwyo5BfGpAer53zntcH
+Aql9J2ZjL68Y16wYmIyDjzjzC6w2EHX7ynYTUFsCj3O/46Dug1IlVM4mzpy9L3mr
+G2C4kvEDwPw7CNnArdVyCCWAYS3cn6eDYgdH4AdMSwcwBKmHHFV/BxLQy0Jdy89m
+ARoX7vkPYLfbb2jlTkFibtNvYE9LJ97PGAfxE13LP6klRNpSXMgE4VYS9SqQTtHi
+rwG1I6HsMdp7Y2nEuPPnzqE9wNtt87LZRsifw7hwWh9/yg==
 -----END CERTIFICATE-----
--- a/certs/server-ecc-rsa.pem
+++ b/certs/server-ecc-rsa.pem
@@ -0,0 +1,54 @@
+Certificate:
+    Data:
+        Version: 1 (0x0)
+        Serial Number: 9 (0x9)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.yassl.com/emailAddress=info@yassl.com
+        Validity
+            Not Before: Aug  8 21:58:29 2012 GMT
+            Not After : May  5 21:58:29 2015 GMT
+        Subject: C=US, ST=Washington, L=Seattle, O=Elliptic - RSAsig, OU=ECC-RSAsig, CN=www.yassl.com/emailAddress=info@yassl.com
+        Subject Public Key Info:
+            Public Key Algorithm: id-ecPublicKey
+            EC Public Key:
+                pub: 
+                    04:bb:33:ac:4c:27:50:4a:c6:4a:a5:04:c3:3c:de:
+                    9f:36:db:72:2d:ce:94:ea:2b:fa:cb:20:09:39:2c:
+                    16:e8:61:02:e9:af:4d:d3:02:93:9a:31:5b:97:92:
+                    21:7f:f0:cf:18:da:91:11:02:34:86:e8:20:58:33:
+                    0b:80:34:89:d8
+                ASN1 OID: prime256v1
+    Signature Algorithm: sha1WithRSAEncryption
+        a0:1c:de:98:e8:61:c8:fb:0a:0e:af:ea:99:4b:c0:49:e6:66:
+        68:5e:7a:18:b8:0c:e3:0f:16:86:bc:b5:86:79:02:69:1c:b7:
+        e7:ff:53:d9:05:5d:27:39:24:54:67:14:de:ef:8e:c2:a0:11:
+        ca:c8:27:99:b9:d6:e9:71:1f:86:c9:8f:b1:74:a2:9f:93:6a:
+        0c:74:cf:17:77:8c:26:08:6e:a8:ac:69:d4:55:15:a2:95:87:
+        43:7a:ab:72:93:73:40:58:c2:bb:9c:89:f2:73:20:69:df:f1:
+        f3:65:08:9c:00:67:97:a6:71:00:2b:31:84:10:ac:bd:54:ac:
+        fd:b3:eb:12:36:77:f6:0a:e3:9a:96:d2:a6:22:bc:1d:6b:ce:
+        3c:0d:7b:d9:1c:1d:f1:ee:ec:ce:83:c8:98:c9:65:3e:06:31:
+        c3:b2:87:da:09:b4:90:0b:e2:6b:29:0e:d6:ae:53:1d:10:98:
+        e2:dc:f9:63:38:a1:a2:af:46:23:a4:4c:ab:0c:0b:08:be:cd:
+        a4:a6:6d:46:f0:f8:e0:31:99:85:39:10:4a:a0:04:54:3b:21:
+        e1:e9:b4:f3:a5:06:cd:37:ae:2c:ca:5d:ac:90:b5:ab:92:81:
+        aa:bf:2d:3f:8e:ee:4d:12:81:0a:8e:a4:ca:87:93:af:b0:25:
+        7e:e2:07:f7
+-----BEGIN CERTIFICATE-----
+MIIC1zCCAb8CAQkwDQYJKoZIhvcNAQEFBQAwgZAxCzAJBgNVBAYTAlVTMRAwDgYD
+VQQIEwdNb250YW5hMRAwDgYDVQQHEwdCb3plbWFuMREwDwYDVQQKEwhTYXd0b290
+aDETMBEGA1UECxMKQ29uc3VsdGluZzEWMBQGA1UEAxMNd3d3Lnlhc3NsLmNvbTEd
+MBsGCSqGSIb3DQEJARYOaW5mb0B5YXNzbC5jb20wHhcNMTIwODA4MjE1ODI5WhcN
+MTUwNTA1MjE1ODI5WjCBnDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0
+b24xEDAOBgNVBAcTB1NlYXR0bGUxGjAYBgNVBAoTEUVsbGlwdGljIC0gUlNBc2ln
+MRMwEQYDVQQLEwpFQ0MtUlNBc2lnMRYwFAYDVQQDEw13d3cueWFzc2wuY29tMR0w
+GwYJKoZIhvcNAQkBFg5pbmZvQHlhc3NsLmNvbTBZMBMGByqGSM49AgEGCCqGSM49
+AwEHA0IABLszrEwnUErGSqUEwzzenzbbci3OlOor+ssgCTksFuhhAumvTdMCk5ox
+W5eSIX/wzxjakRECNIboIFgzC4A0idgwDQYJKoZIhvcNAQEFBQADggEBAKAc3pjo
+Ycj7Cg6v6plLwEnmZmheehi4DOMPFoa8tYZ5Amkct+f/U9kFXSc5JFRnFN7vjsKg
+EcrIJ5m51ulxH4bJj7F0op+Tagx0zxd3jCYIbqisadRVFaKVh0N6q3KTc0BYwruc
+ifJzIGnf8fNlCJwAZ5emcQArMYQQrL1UrP2z6xI2d/YK45qW0qYivB1rzjwNe9kc
+HfHu7M6DyJjJZT4GMcOyh9oJtJAL4mspDtauUx0QmOLc+WM4oaKvRiOkTKsMCwi+
+zaSmbUbw+OAxmYU5EEqgBFQ7IeHptPOlBs03rizKXayQtauSgaq/LT+O7k0SgQqO
+pMqHk6+wJX7iB/c=
+-----END CERTIFICATE-----
--- a/certs/server-key.pem
+++ b/certs/server-key.pem
@@ -1,9 +1,27 @@
 -----BEGIN RSA PRIVATE KEY-----
-MIIBOwIBAAJBAMZ7wGiBL96CP/msw4ZKZrfs1PH2ZCH/9aI0QtA4n8bdO24mZWpU
-lt3Se+s2oq5+Kp5+VqW2h58VxxhmfhZ34qcCAwEAAQJBAJSbGxgjgV+rTZL2Ev58
-viN/IoB25cm/Bn4Heu7DNn2A2kpdGX2cCaf7rEQoIKCiHxvopvxOcd/7nLS/gNli
-dCECIQD/cX/9fvB1Uajw0fmvwNON9+3P9uJSqpig90zL32pwjQIhAMbqee9TBMN4
-TxXbgWqA92PrCXe8WDZ3PwoJqdR6MRUDAiEAny+TDF1z6hiWiGTCDgXDkKBlwgjf
-p5aKgR077XzwLu0CICVpWEGg1ZaF/CnaPP7w/pZ2UDOK4vRrfRnAM4bY7H5NAiBS
-1eXJ/MCZ2uPfpl7XK2BU9P69KdKUk5WHxdRchVvcDg==
+MIIEpQIBAAKCAQEAwJUI4VdB8nFtt9JFQScBZcZFrvK8JDC4lc4vTtb2HIi8fJ/7
+qGd//lycUXX3isoH5zUvj+G9e8AvfKtkqBf8yl17uuAh5XIuby6G2JVz2qwbU7lf
+P9cZDSVP4WNjUYsLZD+tQ7ilHFw0s64AoGPF9n8LWWh4c6aMGKkCba/DGQEuuBDj
+xsxAtGmjRjNph27Euxem8+jdrXO8ey8htf1mUQy9VLPhbV8cvCNz0QkDiRTSELlk
+wyrQoZZKvOHUGlvHoMDBY3gPRDcwMpaAMiOVoXe6E9KXc+JdJclqDcM5YKS0sGlC
+Qgnp2Ai8MyCzWCKnquvE4eZhg8XSlt/Z0E+t1wIDAQABAoIBAQCa0DQPUmIFUAHv
+n+1kbsLE2hryhNeSEEiSxOlq64t1bMZ5OPLJckqGZFSVd8vDmp231B2kAMieTuTd
+x7pnFsF0vKnWlI8rMBr77d8hBSPZSjm9mGtlmrjcxH3upkMVLj2+HSJgKnMw1T7Y
+oqyGQy7E9WReP4l1DxHYUSVOn9iqo85gs+KK2X4b8GTKmlsFC1uqy+XjP24yIgXz
+0PrvdFKB4l90073/MYNFdfpjepcu1rYZxpIm5CgGUFAOeC6peA0Ul7QS2DFAq6EB
+QcIw+AdfFuRhd9Jg8p+N6PS662PeKpeB70xs5lU0USsoNPRTHMRYCj+7r7X3SoVD
+LTzxWFiBAoGBAPIsVHY5I2PJEDK3k62vvhl1loFk5rW4iUJB0W3QHBv4G6xpyzY8
+ZH3c9Bm4w2CxV0hfUk9ZOlV/MsAZQ1A/rs5vF/MOn0DKTq0VO8l56cBZOHNwnAp8
+yTpIMqfYSXUKhcLC/RVz2pkJKmmanwpxv7AEpox6Wm9IWlQ7xrFTF9/nAoGBAMuT
+3ncVXbdcXHzYkKmYLdZpDmOzo9ymzItqpKISjI57SCyySzfcBhh96v52odSh6T8N
+zRtfr1+elltbD6F8r7ObkNtXczrtsCNErkFPHwdCEyNMy/r0FKTV9542fFufqDzB
+hV900jkt/9CE3/uzIHoumxeu5roLrl9TpFLtG8SRAoGBAOyY2rvV/vlSSn0CVUlv
+VW5SL4SjK7OGYrNU0mNS2uOIdqDvixWl0xgUcndex6MEH54ZYrUbG57D8rUy+UzB
+qusMJn3UX0pRXKRFBnBEp1bA1CIUdp7YY1CJkNPiv4GVkjFBhzkaQwsYpVMfORpf
+H0O8h2rfbtMiAP4imHBOGhkpAoGBAIpBVihRnl/Ungs7mKNU8mxW1KrpaTOFJAza
+1AwtxL9PAmk4fNTm3Ezt1xYRwz4A58MmwFEC3rt1nG9WnHrzju/PisUr0toGakTJ
+c/5umYf4W77xfOZltU9s8MnF/xbKixsX4lg9ojerAby/QM5TjI7t7+5ZneBj5nxe
+9Y5L8TvBAoGATUX5QIzFW/QqGoq08hysa+kMVja3TnKW1eWK0uL/8fEYEz2GCbjY
+dqfJHHFSlDBD4PF4dP1hG0wJzOZoKnGtHN9DvFbbpaS+NXCkXs9P/ABVmTo9I89n
+WvUi+LUp0EQR6zUuRr79jhiyX6i/GTKh9dwD5nyaHwx8qbAOITc78bA=
 -----END RSA PRIVATE KEY-----
--- a/certs/server-keyEnc.pem
+++ b/certs/server-keyEnc.pem
@@ -1,12 +1,30 @@
 -----BEGIN RSA PRIVATE KEY-----
 Proc-Type: 4,ENCRYPTED
-DEK-Info: DES-CBC,08132C1FFF5BC8CC
+DEK-Info: DES-CBC,136C7D8A69656668

-gsvuAsGmB8AkR23M25w4E6wuywfBey1Jqh3g71gJcnsUYwynex9dvfAU0lTowOXh
-sb7ld1KNjEMzrht9AC1IC0iE1rLqvRQZOdJ7h3n7aHZQ4a/HjcwAhqJq0ZW45m6Q
-mpoO5fRISjx2VbKFRUz6Xj2x0/do3IjQhpuUDVrTFFe1sEySM6APZ6CVpcnTOyPR
-ADyLDKzOi2E+sj1UXs58pct56FaqTIZPUEflICU3k6q9FPU6gsYANRLfzegclkv4
-JAx6mKVSJuYnjCCppx8WBwGJa1J1GcYRJ3qFfdbUzL4bcXTvoFkJEnDkHsXgDUS6
-xmT0XGT3IMaW8cwQ8KD8m5YYI/L26Mas/w3eA2ekyMR8pYICjXp/YZtcKxxkQSVE
-Uv/+D+20KbNAHIW5Mrxf61cX/CggGEbVP8ZhDY1flh8=
+jvNTyPaztxPIoAzbdmZnD0Zw2+60tMxNc0GMHNmeOyG25aHP/dT+TWiKFpFVkkkY
+uoCIhYUyw7gmpw+CnRJwWd+ans4nrvAjwy5oWJvarvsyUpjqvnPoIlAqd+d4TDKN
+eESzcI76+gHdisAtCrQD+fGqgTZhli5TgDbnpasL/QnY2qDlutvakkVw7gPXe156
+2Phy8WN+efr65J6wt3K/dj7Datl9u4JeHQK81gYyWBVX+EagEjPGDzkFQCj9Z0q7
+8K3iB5GW1JAqJS0IfZPB40AnSTF/n1TL1SN3qfU3l7hTGNrx9o7580bgDEoAR7pI
+F8eZlS15KHtZmh11AnU1KTKZ6kmgnNqeMTGMN6N0ct2wMKW1dV87eTDlF0oiR2ol
+XwtFgKmrIjfpmzkdWjbJmWnGMjD56KdiFZga/ZyKMsPrVoYLgfJEpn36iQspfygx
+HCGNTf0PjIsjEWU0WyQiF86t+c45W3wNFsv/AxVyfMl+su02yrd6u2ecuQDir3Cs
+b2k8IKtQgVe/NIpEWLKuiHG5oedIPPQyDYK5uq+gHxCGeOoKnWlsWFEHZRiza4X5
+tbgTrJB8Sw0ENWrvVGGmQZN4pSImlsMwzQ2qik5CQ00N1b3+56/obn0z75I3bUSb
+tC5g8DRjl6oclAenNgh/MYMT287y5W2dD4npxHcekX4O3J2CDXNfg4vV2j5GRxtg
+LVJdYE2p7bpYePCDHrYng8b9ubBprx0CrEnkIvvtUjzNPf6VDL0+MBKl+XgR2/nz
+iRqTuZnlGGOyM+KYDwXpgwfs/HfvFGksxTAlO/40GkGh+WGPaIoNyCK0SgQKhyb4
+JIkR0vd2/yLg3lWMJrGwh7A0Gm07Z/781oURP3uWd+PaCOgGcd5ipcAjcEyuxNly
+AthipWqmQWUcbf6Z2N9j3OA22Hv2Uzk8HSfi9VOZtL9svdEEZ0NnOekJgnc6stQp
+bXiknlK/T5WdrWxSyCfgUq68Vf6DFfIRAVuFdJ3WHT2wVXHrDfft6D+Ne/XCxPoE
+8zGmkyusaph33UHQ1oNyUbLbwcDCDSmOo8gYoedD3IwxtMA3wJRugomqosItwV8X
+vkgmcy8eSE/+gZUxJEN2gnLcfKFhCkC80J6oFhmoDD6vuUnPHcFdKZgVPw2rzPk5
+Vb1kX+gpORplYmKpq1vz/ujscL4T0TmYLz02hkIS4edpW55ncTTv7JWefpRiTB1J
+RB3td3me4htqR+YIDWJ+emrOmqsCG2WvpAS+MTw2mj1jYk9LL/ZYobTjSCEWmuwT
+yVK6m303irR7HQDauxhslRFgoK21w63viOyj5NKIU1gQtaAANGDxcgORC1XLjjgt
+oNutSQA+7P42vfHSHK4cnTBXl6V32H/GyVpdHQOZqSrqIjgLmUZodSmRPROxosZF
+a46B1O7m/rJFxkiKW4vod+/WqjoE0Hhfrb8rRrkRjzGeCqqSSnQ3vrunVkvF8hlA
+b6FOv4ZBJL4piC1GKH+rscqke9NEiDqXN8C3iYz86jbck/Ha21yUS8T3X7N52sg+
+B3AmOGnLK6BebYeto9vZxQjacChJZSixSxLV+l9/nVQ0+mW42azHdzk0ru59TGAj
 -----END RSA PRIVATE KEY-----
--- a/certs/server-keyPkcs8.pem
+++ b/certs/server-keyPkcs8.pem
@@ -1,10 +1,28 @@
 -----BEGIN PRIVATE KEY-----
-MIIBVQIBADANBgkqhkiG9w0BAQEFAASCAT8wggE7AgEAAkEAxnvAaIEv3oI/+azD
-hkpmt+zU8fZkIf/1ojRC0Difxt07biZlalSW3dJ76zairn4qnn5WpbaHnxXHGGZ+
-FnfipwIDAQABAkEAlJsbGCOBX6tNkvYS/ny+I38igHblyb8Gfgd67sM2fYDaSl0Z
-fZwJp/usRCggoKIfG+im/E5x3/uctL+A2WJ0IQIhAP9xf/1+8HVRqPDR+a/A0433
-7c/24lKqmKD3TMvfanCNAiEAxup571MEw3hPFduBaoD3Y+sJd7xYNnc/Cgmp1Hox
-FQMCIQCfL5MMXXPqGJaIZMIOBcOQoGXCCN+nloqBHTvtfPAu7QIgJWlYQaDVloX8
-Kdo8/vD+lnZQM4ri9Gt9GcAzhtjsfk0CIFLV5cn8wJna49+mXtcrYFT0/r0p0pST
-lYfF1FyFW9wO
+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDAlQjhV0HycW23
+0kVBJwFlxkWu8rwkMLiVzi9O1vYciLx8n/uoZ3/+XJxRdfeKygfnNS+P4b17wC98
+q2SoF/zKXXu64CHlci5vLobYlXParBtTuV8/1xkNJU/hY2NRiwtkP61DuKUcXDSz
+rgCgY8X2fwtZaHhzpowYqQJtr8MZAS64EOPGzEC0aaNGM2mHbsS7F6bz6N2tc7x7
+LyG1/WZRDL1Us+FtXxy8I3PRCQOJFNIQuWTDKtChlkq84dQaW8egwMFjeA9ENzAy
+loAyI5Whd7oT0pdz4l0lyWoNwzlgpLSwaUJCCenYCLwzILNYIqeq68Th5mGDxdKW
+39nQT63XAgMBAAECggEBAJrQNA9SYgVQAe+f7WRuwsTaGvKE15IQSJLE6Wrri3Vs
+xnk48slySoZkVJV3y8OanbfUHaQAyJ5O5N3HumcWwXS8qdaUjyswGvvt3yEFI9lK
+Ob2Ya2WauNzEfe6mQxUuPb4dImAqczDVPtiirIZDLsT1ZF4/iXUPEdhRJU6f2Kqj
+zmCz4orZfhvwZMqaWwULW6rL5eM/bjIiBfPQ+u90UoHiX3TTvf8xg0V1+mN6ly7W
+thnGkibkKAZQUA54Lql4DRSXtBLYMUCroQFBwjD4B18W5GF30mDyn43o9LrrY94q
+l4HvTGzmVTRRKyg09FMcxFgKP7uvtfdKhUMtPPFYWIECgYEA8ixUdjkjY8kQMreT
+ra++GXWWgWTmtbiJQkHRbdAcG/gbrGnLNjxkfdz0GbjDYLFXSF9ST1k6VX8ywBlD
+UD+uzm8X8w6fQMpOrRU7yXnpwFk4c3CcCnzJOkgyp9hJdQqFwsL9FXPamQkqaZqf
+CnG/sASmjHpab0haVDvGsVMX3+cCgYEAy5PedxVdt1xcfNiQqZgt1mkOY7Oj3KbM
+i2qkohKMjntILLJLN9wGGH3q/nah1KHpPw3NG1+vX56WW1sPoXyvs5uQ21dzOu2w
+I0SuQU8fB0ITI0zL+vQUpNX3njZ8W5+oPMGFX3TSOS3/0ITf+7Mgei6bF67muguu
+X1OkUu0bxJECgYEA7Jjau9X++VJKfQJVSW9VblIvhKMrs4Zis1TSY1La44h2oO+L
+FaXTGBRyd17HowQfnhlitRsbnsPytTL5TMGq6wwmfdRfSlFcpEUGcESnVsDUIhR2
+nthjUImQ0+K/gZWSMUGHORpDCxilUx85Gl8fQ7yHat9u0yIA/iKYcE4aGSkCgYEA
+ikFWKFGeX9SeCzuYo1TybFbUqulpM4UkDNrUDC3Ev08CaTh81ObcTO3XFhHDPgDn
+wybAUQLeu3Wcb1acevOO78+KxSvS2gZqRMlz/m6Zh/hbvvF85mW1T2zwycX/FsqL
+GxfiWD2iN6sBvL9AzlOMju3v7lmd4GPmfF71jkvxO8ECgYBNRflAjMVb9CoairTy
+HKxr6QxWNrdOcpbV5YrS4v/x8RgTPYYJuNh2p8kccVKUMEPg8Xh0/WEbTAnM5mgq
+ca0c30O8VtulpL41cKRez0/8AFWZOj0jz2da9SL4tSnQRBHrNS5Gvv2OGLJfqL8Z
+MqH13APmfJofDHypsA4hNzvxsA==
 -----END PRIVATE KEY-----
--- a/certs/server-keyPkcs8Enc.pem
+++ b/certs/server-keyPkcs8Enc.pem
@@ -0,0 +1,29 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIE6TAbBgkqhkiG9w0BBQMwDgQIr3AyvPqfFRQCAggABIIEyPUs6wCboqtKmExH
+zfez3vfHn2cp6s3X563Bz73hYn/8vXtI/q0oDNOpgav60/N7rMy50fno3LmW0/6E
+UN4MwofmBS3lp1ZVY3KmzDy6lz5vcFo4GCCj+X6dacsyBQ4lFOge5BihQ3R9cKt
+dSrd1EFKwGGu3qTDG7ajTZukmYjxuRqpyHqPO5OJO7yXxHOB7B7sSKIyJRCkkucd
+oBC86kQdWraweSYj+Klza6VjKzmNzDBx9Fyhrj9XGXJ3rJLhjgNpelwX+PIMU31i
+/yklI4jm0aMSoAvXgdBXZuOsnsI27GXxy//i7AOgLLWi+Bu4dJSSl5PMtespf83u
+5jSysJymXiNcN6vEautGyjCujdMs5c/FEMbgubAMXymCI9DsAN+5dNMDY8Zrfqdl
+hFKfctcu8BxFa+0tavJ28fOEBuEyJLsQ9OvvS7dn4AV502JRKWObfsw7fi+mMzMu
+oxhYo99MRqic6a9uDmYB3SPeU31eOHiEi0n51D7Gtcn++F+IaDFwSHMirThzakGn
+go3nj0yq62euzVcEuhIfTTAe3F2tqzpzznVFbs1XgrGVREJ6gp5vRgMUUGYIqQir
+p5oW0HVRI4iuoSjdN4/wNAxIP9zakwYx+vWx1VXhDVEJfgNmxDRvEbF+OOz+iJCf
+7A2e8L+kZ/5oC3HO8h7GdHNTUjRRdh8FUM8lGo+HbMYDznMy/bJlIP2bx9hIIha7
+U70i09glS2Z7Ei+VecJbvFzdro0vdYyGO2ef8bWwCc5JMucxDcRklWdUxK6amKJN
+VpXL3TW0VYCfr1rLmZXUfBGk/KXM20/BoM04WLjeR3oiV/2b7SYK7GnJ7kBmAHHx
+gnrwMDO3JvH89CwlHRizVSQl59ViqEMGLmbHThcMqkEOkFphB2xox7/IOVyp6cFn
+mY0ZCrbhdX+L6t5jiyq/4us5bzF7FOBYsJr6n1Rm9b8eeOL693y/6uM3CvTJcTOb
+5RqWiHgTgmefeOeUQ0/dVgvEOIWz2yqBQmHKiB4+0CGGIRwUOXBrTKSLilumsjQe
+qGhJ6yw25VIpdXsMD1WVviczgRTNYjdldIJoHQdvpCEAhQ1RR3rkuIPniTumJFmY
+CnjfNqjtkaZWIN1nOCmcu50tswksWEEFEfkcP1xyzhr3EVCYAoFncLTp5vHBtdmg
+6KBdar40/OFGAcbDGDX1g3XEEi6jHmy0Lyz7M3DwESgaMgwzscsQLr+wMITk1IUN
+yfiXHl1CQjGxhDj8KoAhdDjjPENkSlCSd1vEO+lg1/IFb1dtnL2DJp6BQt9/VLHo
+Fp3pdZ7r95H20+pEhCZp0HXLNo1o8xjJQ5RWUCs1Zc1cauDOAh8lAjps6MBxTa3a
+LOgTW9lgiAQ+S1g2jK4BmqbLvZUF+Z6xupc8uE3E3HhJolmDRYojMNFNmmvODa8M
+CneWmj3T1KvqEToAIq46mStlTfQufSMpaJ73Wds4gmIiGwn5hIuUN6f3kybbt4f2
+4DLZXMcjYweLi9tJtFC+JaO0rS5gtX/k/ys1QSblSU5qfRu1XfwNAcZO1ReKgGYN
+ymI78cSACGIcEvAwin8CdRu3W99NbMqHW9AcCETFlTsC3wNlQxyYSem75sjPaWVF
+sxLy7YxEJ8tDEJZbSQ==
+-----END ENCRYPTED PRIVATE KEY-----
--- a/certs/server-keyPkcs8Enc12.pem
+++ b/certs/server-keyPkcs8Enc12.pem
@@ -0,0 +1,29 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIE5TAcBgoqhkiG9w0BDAEBMA4ECFytdly5R2o9AgIIAASCBMOa6fgAUIR5GokK
+Z81YZMxC3sNqAwjLEkOwmez2za2fq+2mw6T8tB5W75lFpWyXD1MDPa1PpLzyw27c
+d2C8nipCzp37yYLmXr+aS519CBJR80ily/WLcdv+ScsA6pjOEW2p+VDY55jFp2pr
+n94/K2nFQpMxAdjxnqQCF5ewMLqzy3o3s6U3V9zIxy/xlLYi//UWFI8fqtOikqs4
+apWLNqJONRZq95OITKO/Nhz7GyEfjrewJmv4zVToEnSagSwbR4IVFn5Lok8rSpI9
+qwey9wsB1CguVwR0O2NjDVKUGXinfhdr+zMQlCoz+xY/Q1TkH4gEY5wpln4cBvtm
+PL/BnD4wEWHh8vS61wfOQ7wPgY+cdCe75stTrKzc6amVJB+40Qi3Vt4TEPGwcP16
+/qGl0zpYuAgilPtuEBw3GX3LiigpHmSt43D3DiYNGzv+Aran2Ei9iGSGeI2zHz8r
+WFZEnptAwlqeyL7+MZjAOXlu6QG1yix8HvZLmtBHrE2MhuR4KbS3fAUCNQpn8OKu
+zxYzs1ti5F2V4c9yK63gSz3H1ObRNsM2OkpUbSVGqLUN6a8HsI6yYh4we6q0gxKD
+VGdzEz4S1BFEBfXWVSPnRNMR4YD8kiQEPutUZFLiWWZ7WliH5yNfHZUia8dovxFa
+MWmAbSjMKRGvV+LvAGQHYBVfJSQO6VvBfBDtu0H4rLr8urmcPY+hbw1XxGfKSQp1
+iIdvVwjefl8wM9LSRsvqY5l4mu+XDPanQlFbzKBOSyLQts97ys3AR+jkK8Bmv14l
+xmCF8bJzzz5a2wAqbPhWIbk4J4VfcJEXNMzd19w4SxGv9fUXNiZZElUdNE+wtRsQ
+YvACYn9sZ6JUwg9hNTLXuXZY47LuQrrdTDHupoVA9zLvUYMKgO+pjwS8uy1dLQao
+0aztHLZEXuVJvpiRoMtYZl37ZNoLHQJeZUNyNATshAoD1+uSc7aywl8yqdTzXRR2
+g0rkExXEVJ5OPyzbFdOQSC5HoOC7dInIBmkrSFEJMKDkMzwYI+uSoIbn+8i+Gjzy
+Vh3/lftts/BIvr4NAh1ZAq/215jZSdAGo+1VZeuBeybwh3RBdBl8PhDBviTvbxSk
+P+F1T+UcbAz9bgjQJgNvDb9XHNI8rfEhfDPX/Pr4VvxBZNndmRJVQDKi23YD/7yF
+WAwXy418M7DPqp7NYmUHFe7JRm9bHk41EeknLZaZGW5qHwQKA10RoJCgjoOIFTsd
+kD3Qq/0mEuOiuJn5UPE19xtUpvFWamDf3s3zSHM7VJ+gGNrS/WbQ+KmTimj0Wucd
+2vWiNCGbhWwmp3LLKQlB5xDwXJy099SZUUkgcxGmfcT7FOpd3QSLYnwtPz8uLW0N
+76zbiUTYCQ/ASLrwcKFGCKKBz62DlRreK23E/RjqkKKCVFzzg8AzQTa02ml+wQyG
+5EOwEF2yIrhV0p4hY/GDAIe3cdchiy1EQf6xH/IxPF/QsKNp0CfHVPgdFwLzjM2
+oFD3analGblxp9CMiDbiKTOdFPL8XcguufqpWra2jtUbe07HQaeU2NcM2TeB2KsU
+PhgBwgdNxW69K55iHReaZtuLw0GhD+KBrm7gSteVniiYLzLKzxmMycGGtoNwpbGi
+MMJBE+BYZylG
+-----END ENCRYPTED PRIVATE KEY-----
--- a/certs/server-keyPkcs8Enc2.pem
+++ b/certs/server-keyPkcs8Enc2.pem
@@ -0,0 +1,30 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIxaI9IblN3acCAggA
+MBQGCCqGSIb3DQMHBAi7kwdRvCrqMgSCBMjkSOSVfmu42O0q2GzFrJVr3cam9ZKe
+InQsxqtgADdBxMgJJVnr360tUNPQyyvfCH//Duhz+aJIC0MQZkWR3ZSy5pfHX+vr
+C3wd741VOlI44uEdzRktlPc11saMDyKS04/K9aaYIDqspOiobt9WZLQildXl1n8j
+N+7Laj7A/vxJ5GUJ4hdPwQOIeuJXTDDzn+Ld12XXGH+Iw1M5Cx3tBw1TNizSnmXQ
+vf/MsfsWsZbHBppCXZbF27jJA+6Bg7dGT0OZM0pI+ZQvyHr+qjog0hollY9KjwTG
+h+hsM7umWFJdeRMrmkTrX/R9HY/c5I4ExNSp1AtMmFeeU8h2VTJtYcoykUU1q2pF
+KHfjPghwmYromQGR4nPA9sqa9s+VMq9OaqoJDoBwNobdFr7sEtMLT08vTa0+rMX7
+bmjAF44/dVBYpBxXjTQ0pXVeb24Q00Sn6NOI4fTsBnkR+WTtuwz/L0qaGnJlh10y
+sQ3+95cUtZc3SZS67yYUx5auswqT3V4JCmhJcHNi+/jHyrj9D8nVWibQ2TBmgUf+
+0NzvdKb7sraEx7PSgFWDMLoQrd2+cqsJArpY9TbLSLhBDrOVc8v/lXYuK6QI0gMd
+HIwAZARUZMoI3WS6icTLYyLdQPMsFzI6U0arkbrdhjNNd3kVqeFEJ+oF0rkuAcJJ
+K8eUcsby1AIBS/9tuW1gSYubmuXsZX8xbYbJnHUqGOTAVa7jo8eVUTiyUfPXa+0N
+s1tTpZXtOOlqncZ08mPHppshdKF2cpuh0JNjiR6fHvXytGWFGMsKtxdwKs/14UCg
+qoTW0EQU4ONfBxR2PtX8PlNV4bOt704HP8Vc0H9JV2uWpJaLRzY2bBiPgKcrO9Eh
+83zFrPu/0obBQTxnP3mMihxvCndflHQqeJ0V1YYw9n4+XbgBqULXDQs7OetRohnY
+gYyc//NdC2I8mbdabFYvUTWSH6oMA6lqkwTjTTwtn5E8BJkRi1sIq4jNFUekpm2T
+5AwP7xWn//PM+B12CPoIgYtYT6Yhbf8arXuGU28y1Ahhi/hKcpR9HRPQeyaR62vi
+skjjycfn38wcj0WrIVnOceGgPa3EBrkkTaPUHvMQ5G/xzMZ82o3CnmwdnH+lp3eg
+TLcLm8Yp9InkMJNVOrGLxFvmTljl3h9x2JVuE0wtuWt91QVmfCZo0k3Cx46ad7xB
+eK20veTy+PySy2U3W1twGfsXXXRwaQiXXRrgPciK0LcGXZneShZuebk04U31sq4F
+rYaMAzIDDmvwbjh+UpNcl1VdBDGGePxzzOD3HHYPbm240HVMPuS85P2kFjak3PdJ
+GqsRUS1SRp1e451aFGjzggPLXFjAfDMaxrgjSWapRzu78i+xvcvf69979oX0KO9Y
+KMSC14RnmnT1+UdKxX+p9r1AwfH/vJxM34AOSva1uLiSJckRGYGOzuaYsTT9ZAx/
+q3CNALF4qFUMWmJnvQDYmCUnw6lJl3CazbtV5RI2ILQX6ZHR6YAHT5hYY43k+AnZ
+mFW6BGKoX/f4iVqYtjQWiGWAJAf6C9+548O2t9MiVcgQf4Nvj6lFLM00pzFn7jW4
+DsDFUBmmrSF8wfR7SRpOc/ViVZBRleYPLsMu0tmD29fowqqBY0MEkxqSahFAGTgk
+sao=
+-----END ENCRYPTED PRIVATE KEY-----
--- a/certs/taoCert.txt
+++ b/certs/taoCert.txt
@@ -30,6 +30,22 @@ same as self signed, use ca prefix instead of client
 3) openssl x509 -req -in server-req.pem -days 1000 -md5 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > server-cert.pem


+***** Adding Subject Key ID and Authentication Key ID extensions to a cert *****
+
+Create a config file for OpenSSL with the example contents:
+
+    [skidakid]
+    subjectKeyIdentifier=hash
+    authorityKeyIdentifier=keyid
+
+Add to the openssl command for creating a cert signed by a CA step 3 the
+following options:
+
+    -extfile <file.cnf> -extensions skidakid
+
+anywhere before the redirect. This will add the cert's public key hash as the
+Subject Key Identifier, and the signer's SKID as the Authentication Key ID.
+

 ***** To create a dsa cert ********************

@@ -69,11 +85,34 @@ openssl rsa -in 1024rsa.priv -pubout -out 1024rsa.pub
 openssl pkcs8 -nocrypt -topk8 -in server-key.pem -out server-keyPkcs8.pem


+**** To convert to pkcs8 encrypted *******
+
+openssl pkcs8 -topk8 -in server-key.pem -out server-keyPkcs8Enc.pem
+
+passwd: yassl123
+
+to use PKCS#5 v2 instead of v1.5 which is default add
+
+-v2 des3       # file Pkcs8Enc2
+
+to use PKCS#12 instead use -v1 witch a 12 algo like
+
+-v1 PBE-SHA1-RC4-128   # file Pkcs8Enc12 , see man pkcs8 for more info
+
+
 **** To convert from pkcs8 to traditional ****

 openssl pkcs8 -nocrypt -in server-keyPkcs8.pem -out server-key.pem


+*** DH paramters ***
+
+openssl dhparam 2048 > dh2048.param
+
+to add metadata
+
+openssl dhparam -in dh2048.param -text > dh2048.pem
+
 **** ECC ******

 1) make a key
@@ -84,3 +123,51 @@ openssl pkcs8 -nocrypt -in server-keyPkcs8.pem -out server-key.pem
    make a new key
        openssl ecparam -genkey -text -name secp256r1 -out ecc-key.pem

+
+*** CRL ***
+
+1) create a crl
+
+a) openssl ca -gencrl -crldays 120 -out crl.pem -keyfile ./ca-key.pem -cert ./ca-cert.pem
+
+Error No ./CA root/index.txt so:
+
+b) touch ./CA root/index.txt
+
+a) again
+
+Error No ./CA root/crlnumber so:
+
+c) touch ./CA root/crlnumber
+
+a) again
+
+Error unable to load CRL number
+
+d) add '01' to crlnumber file
+
+a) again
+
+2)  view crl file
+
+openssl crl -in crl.pem -text
+
+3) revoke
+
+openssl ca -revoke server-cert.pem -keyfile ./ca-key.pem -cert ./ca-cert.pem
+
+Then regenerate crl with a)
+
+4) verify
+
+openssl verify -CAfile ./ca-cert.pem  ./server-cert.pem
+
+OK
+
+Make file with both ca and crl
+
+cat ca-cert.pem crl.pem > ca-crl.pem
+
+openssl verify -CAfile ./ca-crl.pem -crl_check ./ca-cert.pem
+
+revoked
--- a/commit-tests.sh
+++ b/commit-tests.sh
@@ -0,0 +1,34 @@
+#!/bin/bash
+
+#commit-tests.sh
+
+
+# make sure current config is ok
+echo -e "\n\nTesting current config...\n\n"
+make clean; make -j 8 test;
+RESULT=$?
+[ $RESULT -ne 0 ] && echo -e "\n\nCurrent config make test failed" && exit 1
+
+
+# make sure basic config is ok
+echo -e "\n\nTesting basic config too...\n\n"
+./configure --disable-fastmath;
+RESULT=$?
+[ $RESULT -ne 0 ] && echo -e "\n\nBasic config ./configure failed" && exit 1
+
+make -j 8 test;
+RESULT=$?
+[ $RESULT -ne 0 ] && echo -e "\n\nBasic config make test failed" && exit 1
+
+
+# make sure full config is ok
+echo -e "\n\nTesting full config as well...\n\n"
+./configure --enable-opensslextra --enable-ecc --enable-dtls --enable-aesgcm --enable-aesccm --enable-hc128 --enable-sniffer --enable-psk --enable-rabbit --enable-camellia --enable-sha512;
+RESULT=$?
+[ $RESULT -ne 0 ] && echo -e "\n\nFull config ./configure failed" && exit 1
+
+make -j 8 test;
+RESULT=$?
+[ $RESULT -ne 0 ] && echo -e "\n\nFull config make test failed" && exit 1
+
+exit 0
--- a/configure.ac
+++ b/configure.ac
--- a/configure.in
+++ b/configure.in
@@ -1,432 +0,0 @@
-AC_INIT
-AC_CANONICAL_SYSTEM
-AM_INIT_AUTOMAKE(cyassl,1.8.8)
-AM_CONFIG_HEADER(ctaocrypt/include/config.h)
-
-
-#dnl Include m4
-#sinclude(lib_socket_nsl.m4)
-#sinclude(acx_pthread.m4)
-AC_CONFIG_MACRO_DIR([m4])
-
-
-# make sure configure doesn't add to CFLAGS
-CFLAGS="$CFLAGS $C_EXTRA_FLAGS"    
-
-AC_PROG_CC
-AC_PROG_CC_C_O
-AM_PROG_AS
-AC_PROG_INSTALL
-AC_LIBTOOL_WIN32_DLL
-AC_PROG_LIBTOOL
-
-AC_PREFIX_DEFAULT(/usr/local/cyassl)
-
-AC_C_BIGENDIAN
-
-AC_CHECK_SIZEOF(long, 4)
-AC_CHECK_SIZEOF(long long, 8)
-
-AC_CHECK_LIB(network,socket)
-AC_CHECK_LIBM
-
-AC_CHECK_HEADERS(errno.h)
-
-OPTIMIZE_CFLAGS="-Os -fomit-frame-pointer"
-OPTIMIZE_FAST_CFLAGS="-O3 -fomit-frame-pointer"
-OPTIMIZE_HUGE_CFLAGS="-funroll-loops -DTFM_SMALL_SET"
-DEBUG_CFLAGS="-g -DDEBUG -DDEBUG_CYASSL"
-
-
-# DEBUG
-AC_ARG_ENABLE(debug,
-    [  --enable-debug          Enable CyaSSL debugging support (default: disabled)],
-    [ ENABLED_DEBUG=$enableval ],
-    [ ENABLED_DEBUG=no ]
-    )
-if test "$ENABLED_DEBUG" = "yes"
-then
-  # Full debug. Very slow in some cases
-  CFLAGS="$DEBUG_CFLAGS $CFLAGS"
-else
-  # Optimized version. No debug
-  CFLAGS="$CFLAGS -DNDEBUG"
-fi
-
-
-# SMALL BUILD
-AC_ARG_ENABLE(small,
-    [  --enable-small          Enable smallest build (default: disabled)],
-    [ ENABLED_SMALL=$enableval ],
-    [ ENABLED_SMALL=no ]
-    )
-if test "$ENABLED_SMALL" = "yes"
-then
-  # make small no tls build with smallest cipher
-  # if you only want server or client you can define NO_CYASSL_SERVER or
-  # NO_CYASSL_CLIENT but then some of the examples and testsuite won't build
-  # note that TLS needs HMAC
-  CFLAGS="-DNO_TLS -DNO_HMAC -DNO_AES -DNO_DES3 -DNO_SHA256 -DNO_ERROR_STRINGS -DNO_HC128 -DNO_RABBIT -DNO_PSK -DNO_DSA -DNO_DH $CFLAGS"
-fi
-
-
-# SINGLE THREADED
-AC_ARG_ENABLE(singleThreaded,
-    [  --enable-singleThreaded Enable CyaSSL single threaded (default: disabled)],
-    [ ENABLED_SINGLETHREADED=$enableval ],
-    [ ENABLED_SINGLETHREADED=no ]
-    )
-if test "$ENABLED_SINGLETHREADED" = "yes"
-then
-  CFLAGS="-DSINGLE_THREADED $CFLAGS"
-fi
-
-
-# DTLS
-AC_ARG_ENABLE(dtls,
-    [  --enable-dtls           Enable CyaSSL DTLS (default: disabled)],
-    [ ENABLED_DTLS=$enableval ],
-    [ ENABLED_DTLS=no ]
-    )
-if test "$ENABLED_DTLS" = "yes"
-then
-  CFLAGS="-DCYASSL_DTLS $CFLAGS"
-fi
-
-
-# OPENSSL Extra Compatibility
-AC_ARG_ENABLE(opensslExtra,
-    [  --enable-opensslExtra   Enable extra OpenSSL API, size+ (default: disabled)],
-    [ ENABLED_OPENSSLEXTRA=$enableval ],
-    [ ENABLED_OPENSSLEXTRA=no ]
-    )
-if test "$ENABLED_OPENSSLEXTRA" = "yes"
-then
-  CFLAGS="-DOPENSSL_EXTRA $CFLAGS"
-fi
-
-
-# IPv6 Test Apps
-AC_ARG_ENABLE(ipv6,
-    [  --enable-ipv6           Enable testing of IPV6 (default: disabled)],
-    [ ENABLED_IPV6=$enableval ],
-    [ ENABLED_IPV6=no ]
-    )
-
-if test "$ENABLED_IPV6" = "yes"
-then
-    CFLAGS="$CFLAGS -DTEST_IPV6"
-fi
-
-
-# fastmath
-AC_ARG_ENABLE(fastmath,
-    [  --enable-fastmath       Enable fast math for BigInts(default: disabled)],
-    [ ENABLED_FASTMATH=$enableval ],
-    [ ENABLED_FASTMATH=no ]
-    )
-
-if test "$ENABLED_FASTMATH" = "yes"
-then
-    CFLAGS="$CFLAGS -DUSE_FAST_MATH"
-fi
-
-
-# fast HUGE math
-AC_ARG_ENABLE(fasthugemath,
-    [  --enable-fasthugemath   Enable fast math + huge code for BigInts(def: off)],
-    [ ENABLED_FASTHUGEMATH=$enableval ],
-    [ ENABLED_FASTHUGEMATH=no ]
-    )
-
-if test "$ENABLED_FASTHUGEMATH" = "yes"
-then
-    ENABLED_FASTMATH="yes"
-    CFLAGS="$CFLAGS -DUSE_FAST_MATH"
-fi
-
-AM_CONDITIONAL([BUILD_FASTMATH], [test "x$ENABLED_FASTMATH" = "xyes"])
-
-
-# big cache
-AC_ARG_ENABLE(bigcache,
-    [  --enable-bigcache       Enable big session cache (default: disabled)],
-    [ ENABLED_BIGCACHE=$enableval ],
-    [ ENABLED_BIGCACHE=no ]
-    )
-
-if test "$ENABLED_BIGCACHE" = "yes"
-then
-    CFLAGS="$CFLAGS -DBIG_SESSION_CACHE"
-fi
-
-
-# HUGE cache
-AC_ARG_ENABLE(hugecache,
-    [  --enable-hugecache      Enable huge session cache (default: disabled)],
-    [ ENABLED_HUGECACHE=$enableval ],
-    [ ENABLED_HUGECACHE=no ]
-    )
-
-if test "$ENABLED_HUGECACHE" = "yes"
-then
-    CFLAGS="$CFLAGS -DHUGE_SESSION_CACHE"
-fi
-
-
-# SNIFFER
-AC_ARG_ENABLE(sniffer,
-    [  --enable-sniffer        Enable CyaSSL sniffer support (default: disabled)],
-    [ ENABLED_SNIFFER=$enableval ],
-    [ ENABLED_SNIFFER=no ]
-    )
-
-if test "$ENABLED_SNIFFER" = "yes"
-then
-    CFLAGS="$CFLAGS -DCYASSL_SNIFFER -DOPENSSL_EXTRA"
-fi
-
-AM_CONDITIONAL([BUILD_SNIFFER], [test "x$ENABLED_SNIFFER" = "xyes"])
-
-# AES-NI
-AC_ARG_ENABLE(aesni,
-    [  --enable-aesni          Enable CyaSSL AES-NI support (default: disabled)],
-    [ ENABLED_AESNI=$enableval ],
-    [ ENABLED_AESNI=no ]
-    )
-
-if test "$ENABLED_AESNI" = "yes"
-then
-    CFLAGS="$CFLAGS -DCYASSL_AESNI"
-    if test "$GCC" = "yes"
-    then
-        # GCC needs these flags, icc doesn't
-        CFLAGS="$CFLAGS -maes -msse4"
-    fi
-fi
-
-AM_CONDITIONAL([BUILD_AESNI], [test "x$ENABLED_AESNI" = "xyes"])
-
-
-# RIPEMD
-AC_ARG_ENABLE(ripemd,
-    [  --enable-ripemd         Enable CyaSSL RIPEMD-160 support (default: disabled)],
-    [ ENABLED_RIPEMD=$enableval ],
-    [ ENABLED_RIPEMD=no ]
-    )
-
-if test "$ENABLED_RIPEMD" = "yes"
-then
-    CFLAGS="$CFLAGS -DCYASSL_RIPEMD"
-fi
-
-AM_CONDITIONAL([BUILD_RIPEMD], [test "x$ENABLED_RIPEMD" = "xyes"])
-
-
-# SHA512
-AC_ARG_ENABLE(sha512,
-    [  --enable-sha512         Enable CyaSSL SHA-160 support (default: disabled)],
-    [ ENABLED_SHA512=$enableval ],
-    [ ENABLED_SHA512=no ]
-    )
-
-if test "$ENABLED_SHA512" = "yes"
-then
-    CFLAGS="$CFLAGS -DCYASSL_SHA512"
-fi
-
-AM_CONDITIONAL([BUILD_SHA512], [test "x$ENABLED_SHA512" = "xyes"])
-
-
-# SESSION CERTS
-AC_ARG_ENABLE(sessioncerts,
-    [  --enable-sessioncerts   Enable session cert storing (default: disabled)],
-    [ ENABLED_SESSIONCERTS=$enableval ],
-    [ ENABLED_SESSIONCERTS=no ]
-    )
-
-if test "$ENABLED_SESSIONCERTS" = "yes"
-then
-    CFLAGS="$CFLAGS -DSESSION_CERTS"
-fi
-
-
-# KEY GENERATION
-AC_ARG_ENABLE(keygen,
-    [  --enable-keygen         Enable key generation (default: disabled)],
-    [ ENABLED_KEYGEN=$enableval ],
-    [ ENABLED_KEYGEN=no ]
-    )
-
-if test "$ENABLED_KEYGEN" = "yes"
-then
-    CFLAGS="$CFLAGS -DCYASSL_KEY_GEN"
-fi
-
-
-# CERT GENERATION
-AC_ARG_ENABLE(certgen,
-    [  --enable-certgen        Enable cert generation (default: disabled)],
-    [ ENABLED_CERTGEN=$enableval ],
-    [ ENABLED_CERTGEN=no ]
-    )
-
-if test "$ENABLED_CERTGEN" = "yes"
-then
-    CFLAGS="$CFLAGS -DCYASSL_CERT_GEN"
-fi
-
-
-# HC128
-AC_ARG_ENABLE(hc128,
-    [  --enable-hc128          Enable HC-128 (default: disabled)],
-    [ ENABLED_HC128=$enableval ],
-    [ ENABLED_HC128=no ]
-    )
-
-if test "$ENABLED_HC128" = "no"
-then
-    CFLAGS="$CFLAGS -DNO_HC128"
-fi
-
-AM_CONDITIONAL([BUILD_HC128], [test "x$ENABLED_HC128" = "xyes"])
-
-
-# PSK 
-AC_ARG_ENABLE(psk,
-    [  --enable-psk            Enable PSK (default: disabled)],
-    [ ENABLED_PSK=$enableval ],
-    [ ENABLED_PSK=no ]
-    )
-
-if test "$ENABLED_PSK" = "no"
-then
-    CFLAGS="$CFLAGS -DNO_PSK"
-fi
-
-
-# ECC 
-AC_ARG_ENABLE(ecc,
-    [  --enable-ecc            Enable ECC (default: disabled)],
-    [ ENABLED_ECC=$enableval ],
-    [ ENABLED_ECC=no ]
-    )
-
-if test "$ENABLED_ECC" = "yes"
-then
-    CFLAGS="$CFLAGS -DHAVE_ECC"
-fi
-
-AM_CONDITIONAL([BUILD_ECC], [test "x$ENABLED_ECC" = "xyes"])
-
-
-# NTRU
-ntruHome=`pwd`/NTRU_algorithm
-ntruInclude=$ntruHome/cryptolib
-ntruLib=$ntruHome
-AC_ARG_ENABLE(ntru,
-    [  --enable-ntru           Enable NTRU (default: disabled)],
-    [ ENABLED_NTRU=$enableval ],
-    [ ENABLED_NTRU=no ]
-    )
-
-if test "$ENABLED_NTRU" = "yes"
-then
-    CFLAGS="$CFLAGS -DHAVE_NTRU -I$ntruInclude"
-    LDFLAGS="$LDFLAGS -L$ntruLib"
-    LIBS="$LIBS -lntru_encrypt"
-fi
-
-AM_CONDITIONAL([BUILD_NTRU], [test "x$ENABLED_NTRU" = "xyes"])
-
-
-# LIBZ
-trylibzdir=""
-AC_ARG_WITH(libz,
-    [  --with-libz=PATH        PATH to libz install (default /usr/) ],
-    [
-        AC_MSG_CHECKING([for libz])
-        CPPFLAGS="$CPPFLAGS -DHAVE_LIBZ"
-        LIBS="$LIBS -lz"
-
-        AC_TRY_LINK([#include <zlib.h>], [ deflateInit(NULL, 8); ],
-            [ libz_linked=yes ], [ libz_linked=no ])
-
-        if test "x$libz_linked" == "xno" ; then
-            if test "x$withval" != "xno" ; then
-                trylibzdir=$withval
-            fi
-            if test "x$withval" == "xyes" ; then
-                trylibzdir="/usr"
-            fi
-
-            LDFLAGS="$LDFLAGS -L$trylibzdir/lib"
-            CPPFLAGS="$CPPFLAGS -I$trylibzdir/include"
-
-            AC_TRY_LINK([#include <zlib.h>], [ deflateInit(NULL, 8); ],
-                [ libz_linked=yes ], [ libz_linked=no ])
-
-            if test "x$libz_linked" == "xno" ; then
-                AC_MSG_ERROR([libz isn't found.
-                If it's already installed, specify its path using --with-libz=/dir/])
-            fi
-            AC_MSG_RESULT([yes])
-        else
-            AC_MSG_RESULT([yes])
-        fi
-
-    ]
-)
-
-
-# OPTIMIZE FLAGS
-if test "$GCC" = "yes"
-then
-    CFLAGS="$CFLAGS -Wall -Wno-unused"
-    if test "$ENABLED_DEBUG" = "no"
-    then
-        if test "$ENABLED_FASTMATH" = "yes"
-        then
-            CFLAGS="$CFLAGS $OPTIMIZE_FAST_CFLAGS"
-            if test "$ENABLED_FASTHUGEMATH" = "yes"
-            then
-                CFLAGS="$CFLAGS $OPTIMIZE_HUGE_CFLAGS"
-            fi
-        else
-            CFLAGS="$CFLAGS $OPTIMIZE_CFLAGS"
-        fi
-    fi
-fi
-
-
-
-
-ACX_PTHREAD
-
-LIBS="$PTHREAD_LIBS $LIBM $LIBS"
-CFLAGS="$CFLAGS $PTHREAD_CFLAGS"
-
-LIB_SOCKET_NSL
-
-AC_SUBST(CFLAGS)
-AC_SUBST(LIBS)
-
-
-
-# FINAL
-AC_CONFIG_FILES(Makefile dnl
-        ctaocrypt/Makefile dnl
-        ctaocrypt/src/Makefile dnl
-        ctaocrypt/test/Makefile dnl
-        ctaocrypt/benchmark/Makefile dnl
-        src/Makefile dnl
-        examples/Makefile dnl
-        examples/client/Makefile dnl
-        examples/server/Makefile dnl
-        examples/echoclient/Makefile dnl
-        examples/echoserver/Makefile dnl
-        testsuite/Makefile dnl
-        sslSniffer/Makefile dnl
-        sslSniffer/sslSnifferTest/Makefile)
-AC_OUTPUT
-
--- a/ctaocrypt/Makefile.am
+++ b/ctaocrypt/Makefile.am
@@ -1,3 +0,0 @@
-SUBDIRS = src test benchmark
-EXTRA_DIST = ctaocrypt.sln ctaocrypt.vcproj
-
--- a/ctaocrypt/benchmark/Makefile.am
+++ b/ctaocrypt/benchmark/Makefile.am
@@ -1,7 +0,0 @@
-INCLUDES = -I../include
-bin_PROGRAMS = benchmark
-benchmark_SOURCES = benchmark.c
-benchmark_LDFLAGS      = -L../src
-benchmark_LDADD        = ../../src/libcyassl.la
-benchmark_DEPENDENCIES = ../../src/libcyassl.la
-EXTRA_DIST =  *.der benchmark.sln benchmark.vcproj
--- a/ctaocrypt/benchmark/benchmark.c
+++ b/ctaocrypt/benchmark/benchmark.c
--- a/ctaocrypt/benchmark/dh1024.der
+++ b/ctaocrypt/benchmark/dh1024.der
--- a/ctaocrypt/benchmark/include.am
+++ b/ctaocrypt/benchmark/include.am
@@ -0,0 +1,10 @@
+# vim:ft=automake
+# All paths should be given relative to the root
+
+noinst_PROGRAMS += ctaocrypt/benchmark/benchmark
+ctaocrypt_benchmark_benchmark_SOURCES      = ctaocrypt/benchmark/benchmark.c
+ctaocrypt_benchmark_benchmark_LDADD        = src/libcyassl.la
+ctaocrypt_benchmark_benchmark_DEPENDENCIES = src/libcyassl.la
+EXTRA_DIST += ctaocrypt/benchmark/benchmark.sln 
+EXTRA_DIST += ctaocrypt/benchmark/benchmark.vcproj
+DISTCLEANFILES+= ctaocrypt/benchmark/.libs/benchmark
--- a/ctaocrypt/benchmark/rsa1024.der
+++ b/ctaocrypt/benchmark/rsa1024.der
--- a/ctaocrypt/ctaocrypt.vcproj
+++ b/ctaocrypt/ctaocrypt.vcproj
@@ -100,7 +100,7 @@
 			<Tool
 				Name="VCCLCompilerTool"
 				AdditionalIncludeDirectories="include"
-				PreprocessorDefinitions="WIN32;NDEBUG;_LIB;"
+				PreprocessorDefinitions="WIN32;NDEBUG;_LIB;OPENSSL_EXTRA"
 				RuntimeLibrary="2"
 				UsePrecompiledHeader="0"
 				WarningLevel="3"
--- a/ctaocrypt/include/asn.h
+++ b/ctaocrypt/include/asn.h
@@ -1,319 +0,0 @@
-/* asn.h
- *
- * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
- *
- * This file is part of CyaSSL.
- *
- * CyaSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * CyaSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
- */
-
-
-#ifndef CTAO_CRYPT_ASN_H
-#define CTAO_CRYPT_ASN_H
-
-#include "types.h"
-#include "ctc_rsa.h"
-#include "ctc_dh.h"
-#include "ctc_dsa.h"
-#include "ctc_sha.h"
-#ifdef HAVE_ECC
-    #include "ctc_ecc.h"
-#endif
-
-#ifdef __cplusplus
-    extern "C" {
-#endif
-
-
-enum {
-    ISSUER  = 0,
-    SUBJECT = 1,
-
-    BEFORE  = 0,
-    AFTER   = 1
-};
-
-/* ASN Tags   */
-enum ASN_Tags {        
-    ASN_INTEGER           = 0x02,
-    ASN_BIT_STRING        = 0x03,
-    ASN_OCTET_STRING      = 0x04,
-    ASN_TAG_NULL          = 0x05,
-    ASN_OBJECT_ID         = 0x06,
-    ASN_SEQUENCE          = 0x10,
-    ASN_SET               = 0x11,
-    ASN_UTC_TIME          = 0x17,
-    ASN_GENERALIZED_TIME  = 0x18,
-    ASN_LONG_LENGTH       = 0x80
-};
-
-
-enum  ASN_Flags{
-    ASN_CONSTRUCTED       = 0x20,
-    ASN_CONTEXT_SPECIFIC  = 0x80
-};
-
-enum DN_Tags {
-    ASN_COMMON_NAME   = 0x03,   /* CN */
-    ASN_SUR_NAME      = 0x04,   /* SN */
-    ASN_COUNTRY_NAME  = 0x06,   /* C  */
-    ASN_LOCALITY_NAME = 0x07,   /* L  */
-    ASN_STATE_NAME    = 0x08,   /* ST */
-    ASN_ORG_NAME      = 0x0a,   /* O  */
-    ASN_ORGUNIT_NAME  = 0x0b    /* OU */
-};
-
-enum Misc_ASN { 
-    ASN_NAME_MAX        = 256,    
-    SHA_SIZE            =  20,
-    RSA_INTS            =   8,     /* RSA ints in private key */
-    MIN_DATE_SIZE       =  13,
-    MAX_DATE_SIZE       =  32,
-    ASN_GEN_TIME_SZ     =  15,     /* 7 numbers * 2 + Zulu tag */
-    MAX_ENCODED_SIG_SZ  = 512,
-    MAX_SIG_SZ          = 256,
-    MAX_ALGO_SZ         =  20,
-    MAX_SEQ_SZ          =   5,     /* enum(seq | con) + length(4) */  
-    MAX_SET_SZ          =   5,     /* enum(set | con) + length(4) */  
-    MAX_VERSION_SZ      =   5,     /* enum + id + version(byte) + (header(2))*/
-    MAX_ENCODED_DIG_SZ  =  25,     /* sha + enum(bit or octet) + legnth(4) */
-    MAX_RSA_INT_SZ      = 517,     /* RSA raw sz 4096 for bits + tag + len(4) */
-    MAX_NTRU_KEY_SZ     = 610,     /* NTRU 112 bit public key */
-    MAX_NTRU_ENC_SZ     = 628,     /* NTRU 112 bit DER public encoding */
-    MAX_RSA_E_SZ        =  16,     /* Max RSA public e size */
-    MAX_PUBLIC_KEY_SZ   = MAX_NTRU_ENC_SZ + MAX_ALGO_SZ + MAX_SEQ_SZ * 2, 
-                                   /* use bigger NTRU size */
-    MAX_LENGTH_SZ       =   4 
-};
-
-
-enum Oid_Types {
-    hashType = 0,
-    sigType  = 1,
-    keyType  = 2
-};
-
-
-enum Sig_Sum  {
-    SHAwDSA   = 517,
-    MD2wRSA   = 646,
-    MD5wRSA   = 648,
-    SHAwRSA   = 649,
-    SHAwECDSA = 520
-};
-
-enum Hash_Sum  {
-    MD2h  = 646,
-    MD5h  = 649,
-    SHAh  =  88
-};
-
-enum Key_Sum {
-    DSAk   = 515,
-    RSAk   = 645,
-    NTRUk  = 364,
-    ECDSAk = 518
-};
-
-enum Ecc_Sum {
-    ECC_256R1 = 526,
-    ECC_384R1 = 210,
-    ECC_521R1 = 211,
-    ECC_160R1 = 184,
-    ECC_192R1 = 520,
-    ECC_224R1 = 209
-};
-
-
-/* Certificate file Type */
-enum CertType {
-    CERT_TYPE       = 0, 
-    PRIVATEKEY_TYPE,
-    CA_TYPE
-};
-
-
-enum VerifyType {
-    NO_VERIFY = 0,
-    VERIFY    = 1
-};
-
-
-typedef struct DecodedCert {
-    byte*   publicKey;
-    word32  pubKeySize;
-    int     pubKeyStored;
-    word32  certBegin;               /* offset to start of cert          */
-    word32  sigIndex;                /* offset to start of signature     */
-    word32  sigLength;               /* length of signature              */
-    word32  signatureOID;            /* sum of algorithm object id       */
-    word32  keyOID;                  /* sum of key algo  object id       */
-    byte    subjectHash[SHA_SIZE];   /* hash of all Names                */
-    byte    issuerHash[SHA_SIZE];    /* hash of all Names                */
-    byte*   signature;               /* not owned, points into raw cert  */
-    char*   subjectCN;               /* CommonName                       */
-    int     subjectCNLen;
-    char    issuer[ASN_NAME_MAX];    /* full name including common name  */
-    char    subject[ASN_NAME_MAX];   /* full name including common name  */
-    int     verify;                  /* Default to yes, but could be off */
-    byte*   source;                  /* byte buffer holder cert, NOT owner */
-    word32  srcIdx;                  /* current offset into buffer       */
-    void*   heap;                    /* for user memory overrides        */
-#ifdef CYASSL_CERT_GEN
-    /* easy access to sujbect info for other sign */
-    char*   subjectSN;
-    int     subjectSNLen;
-    char*   subjectC;
-    int     subjectCLen;
-    char*   subjectL;
-    int     subjectLLen;
-    char*   subjectST;
-    int     subjectSTLen;
-    char*   subjectO;
-    int     subjectOLen;
-    char*   subjectOU;
-    int     subjectOULen;
-    char*   subjectEmail;
-    int     subjectEmailLen;
-#endif /* CYASSL_CERT_GEN */
-} DecodedCert;
-
-
-typedef struct Signer Signer;
-
-/* CA Signers */
-struct Signer {
-    byte*   publicKey;
-    word32  pubKeySize;
-    word32  keyOID;                  /* key type */
-    char*   name;                    /* common name */
-    byte    hash[SHA_DIGEST_SIZE];   /* sha hash of names in certificate */
-    Signer* next;
-};
-
-
-void InitDecodedCert(DecodedCert*, byte*, void*);
-void FreeDecodedCert(DecodedCert*);
-int  ParseCert(DecodedCert*, word32, int type, int verify, Signer* signer);
-int  ParseCertRelative(DecodedCert*, word32, int type, int verify,
-                       Signer* signer);
-
-word32 EncodeSignature(byte* out, const byte* digest, word32 digSz,int hashOID);
-
-Signer* MakeSigner(void*);
-void    FreeSigners(Signer*, void*);
-
-
-int RsaPrivateKeyDecode(const byte* input, word32* inOutIdx, RsaKey*, word32);
-int RsaPublicKeyDecode(const byte* input, word32* inOutIdx, RsaKey*, word32);
-int ToTraditional(byte* buffer, word32 length);
-
-#ifndef NO_DH
-int DhKeyDecode(const byte* input, word32* inOutIdx, DhKey* key, word32);
-int DhSetKey(DhKey* key, const byte* p, word32 pSz, const byte* g, word32 gSz);
-#endif
-
-#ifndef NO_DSA
-int DsaPublicKeyDecode(const byte* input, word32* inOutIdx, DsaKey*, word32);
-int DsaPrivateKeyDecode(const byte* input, word32* inOutIdx, DsaKey*, word32);
-#endif
-
-#ifdef CYASSL_KEY_GEN
-int RsaKeyToDer(RsaKey*, byte* output, word32 inLen);
-#endif
-
-#ifdef HAVE_ECC
-    /* ASN sig helpers */
-    int StoreECC_DSA_Sig(byte* out, word32* outLen, mp_int* r, mp_int* s);
-    int DecodeECC_DSA_Sig(const byte* sig, word32 sigLen, mp_int* r, mp_int* s);
-    /* private key helpers */
-    int EccPrivateKeyDecode(const byte* input,word32* inOutIdx,ecc_key*,word32);
-#endif
-
-#if defined(CYASSL_KEY_GEN) || defined(CYASSL_CERT_GEN)
-int DerToPem(const byte* der, word32 derSz, byte* output, word32 outputSz,
-             int type);
-#endif
-
-#ifdef CYASSL_CERT_GEN
-
-enum cert_enums {
-    SERIAL_SIZE     =  8,
-    NAME_SIZE       = 64,
-    NAME_ENTRIES    =  8,
-    JOINT_LEN       =  2,
-    EMAIL_JOINT_LEN =  9,
-    RSA_KEY         = 10,
-    NTRU_KEY        = 11
-};
-
-
-typedef struct CertName {
-    char country[NAME_SIZE];
-    char state[NAME_SIZE];
-    char locality[NAME_SIZE];
-    char sur[NAME_SIZE];
-    char org[NAME_SIZE];
-    char unit[NAME_SIZE];
-    char commonName[NAME_SIZE];
-    char email[NAME_SIZE];  /* !!!! email has to be last !!!! */
-} CertName;
-
-
-/* for user to fill for certificate generation */
-typedef struct Cert {
-    int      version;                   /* x509 version  */
-    byte     serial[SERIAL_SIZE];       /* serial number */
-    int      sigType;                   /* signature algo type */
-    CertName issuer;                    /* issuer info */
-    int      daysValid;                 /* validity days */
-    int      selfSigned;                /* self signed flag */
-    CertName subject;                   /* subject info */
-    /* internal use only */
-    int      bodySz;                    /* pre sign total size */
-    int      keyType;                   /* public key type of subject */
-} Cert;
-
-
-/* Initialize and Set Certficate defaults:
-   version    = 3 (0x2)
-   serial     = 0 (Will be randomly generated)
-   sigType    = MD5_WITH_RSA
-   issuer     = blank
-   daysValid  = 500
-   selfSigned = 1 (true) use subject as issuer
-   subject    = blank
-   keyType    = RSA_KEY (default)
-*/
-void InitCert(Cert*);
-int  MakeCert(Cert*, byte* derBuffer, word32 derSz, RsaKey*, RNG*);
-int  SignCert(Cert*, byte* derBuffer, word32 derSz, RsaKey*, RNG*);
-int  MakeSelfCert(Cert*, byte* derBuffer, word32 derSz, RsaKey*, RNG*);
-int  SetIssuer(Cert*, const char*);
-#ifdef HAVE_NTRU
-int  MakeNtruCert(Cert*, byte* derBuffer, word32 derSz, const byte* ntruKey,
-                  word16 keySz, RNG*);
-#endif
-
-
-#endif /* CYASSL_CERT_GEN */
-
-
-#ifdef __cplusplus
-    } /* extern "C" */
-#endif
-
-#endif /* CTAO_CRYPT_ASN_H */
-
--- a/ctaocrypt/include/config.h
+++ b/ctaocrypt/include/config.h
@@ -1,86 +0,0 @@
-/* ctaocrypt/include/config.h.  Generated from config.h.in by configure.  */
-/* ctaocrypt/include/config.h.in.  Generated from configure.in by autoheader.  */
-
-/* Define to 1 if you have the <dlfcn.h> header file. */
-#define HAVE_DLFCN_H 1
-
-/* Define to 1 if you have the <errno.h> header file. */
-#define HAVE_ERRNO_H 1
-
-/* Define to 1 if you have the <inttypes.h> header file. */
-#define HAVE_INTTYPES_H 1
-
-/* Define to 1 if you have the `network' library (-lnetwork). */
-/* #undef HAVE_LIBNETWORK */
-
-/* Define to 1 if you have the <memory.h> header file. */
-#define HAVE_MEMORY_H 1
-
-/* Define if you have POSIX threads libraries and header files. */
-#define HAVE_PTHREAD 1
-
-/* Define to 1 if you have the <stdint.h> header file. */
-#define HAVE_STDINT_H 1
-
-/* Define to 1 if you have the <stdlib.h> header file. */
-#define HAVE_STDLIB_H 1
-
-/* Define to 1 if you have the <strings.h> header file. */
-#define HAVE_STRINGS_H 1
-
-/* Define to 1 if you have the <string.h> header file. */
-#define HAVE_STRING_H 1
-
-/* Define to 1 if you have the <sys/stat.h> header file. */
-#define HAVE_SYS_STAT_H 1
-
-/* Define to 1 if you have the <sys/types.h> header file. */
-#define HAVE_SYS_TYPES_H 1
-
-/* Define to 1 if you have the <unistd.h> header file. */
-#define HAVE_UNISTD_H 1
-
-/* Define to the sub-directory in which libtool stores uninstalled libraries.
-   */
-#define LT_OBJDIR ".libs/"
-
-/* Define to 1 if your C compiler doesn't accept -c and -o together. */
-/* #undef NO_MINUS_C_MINUS_O */
-
-/* Name of package */
-#define PACKAGE "cyassl"
-
-/* Define to the address where bug reports for this package should be sent. */
-#define PACKAGE_BUGREPORT ""
-
-/* Define to the full name of this package. */
-#define PACKAGE_NAME ""
-
-/* Define to the full name and version of this package. */
-#define PACKAGE_STRING ""
-
-/* Define to the one symbol short name of this package. */
-#define PACKAGE_TARNAME ""
-
-/* Define to the version of this package. */
-#define PACKAGE_VERSION ""
-
-/* Define to necessary symbol if this constant uses a non-standard name on
-   your system. */
-/* #undef PTHREAD_CREATE_JOINABLE */
-
-/* The size of `long', as computed by sizeof. */
-#define SIZEOF_LONG 8
-
-/* The size of `long long', as computed by sizeof. */
-#define SIZEOF_LONG_LONG 8
-
-/* Define to 1 if you have the ANSI C header files. */
-#define STDC_HEADERS 1
-
-/* Version number of package */
-#define VERSION "1.8.8"
-
-/* Define to 1 if your processor stores words with the most significant byte
-   first (like Motorola and SPARC, unlike Intel and VAX). */
-/* #undef WORDS_BIGENDIAN */
--- a/ctaocrypt/include/config.h.in
+++ b/ctaocrypt/include/config.h.in
@@ -1,85 +0,0 @@
-/* ctaocrypt/include/config.h.in.  Generated from configure.in by autoheader.  */
-
-/* Define to 1 if you have the <dlfcn.h> header file. */
-#undef HAVE_DLFCN_H
-
-/* Define to 1 if you have the <errno.h> header file. */
-#undef HAVE_ERRNO_H
-
-/* Define to 1 if you have the <inttypes.h> header file. */
-#undef HAVE_INTTYPES_H
-
-/* Define to 1 if you have the `network' library (-lnetwork). */
-#undef HAVE_LIBNETWORK
-
-/* Define to 1 if you have the <memory.h> header file. */
-#undef HAVE_MEMORY_H
-
-/* Define if you have POSIX threads libraries and header files. */
-#undef HAVE_PTHREAD
-
-/* Define to 1 if you have the <stdint.h> header file. */
-#undef HAVE_STDINT_H
-
-/* Define to 1 if you have the <stdlib.h> header file. */
-#undef HAVE_STDLIB_H
-
-/* Define to 1 if you have the <strings.h> header file. */
-#undef HAVE_STRINGS_H
-
-/* Define to 1 if you have the <string.h> header file. */
-#undef HAVE_STRING_H
-
-/* Define to 1 if you have the <sys/stat.h> header file. */
-#undef HAVE_SYS_STAT_H
-
-/* Define to 1 if you have the <sys/types.h> header file. */
-#undef HAVE_SYS_TYPES_H
-
-/* Define to 1 if you have the <unistd.h> header file. */
-#undef HAVE_UNISTD_H
-
-/* Define to the sub-directory in which libtool stores uninstalled libraries.
-   */
-#undef LT_OBJDIR
-
-/* Define to 1 if your C compiler doesn't accept -c and -o together. */
-#undef NO_MINUS_C_MINUS_O
-
-/* Name of package */
-#undef PACKAGE
-
-/* Define to the address where bug reports for this package should be sent. */
-#undef PACKAGE_BUGREPORT
-
-/* Define to the full name of this package. */
-#undef PACKAGE_NAME
-
-/* Define to the full name and version of this package. */
-#undef PACKAGE_STRING
-
-/* Define to the one symbol short name of this package. */
-#undef PACKAGE_TARNAME
-
-/* Define to the version of this package. */
-#undef PACKAGE_VERSION
-
-/* Define to necessary symbol if this constant uses a non-standard name on
-   your system. */
-#undef PTHREAD_CREATE_JOINABLE
-
-/* The size of `long', as computed by sizeof. */
-#undef SIZEOF_LONG
-
-/* The size of `long long', as computed by sizeof. */
-#undef SIZEOF_LONG_LONG
-
-/* Define to 1 if you have the ANSI C header files. */
-#undef STDC_HEADERS
-
-/* Version number of package */
-#undef VERSION
-
-/* Define to 1 if your processor stores words with the most significant byte
-   first (like Motorola and SPARC, unlike Intel and VAX). */
-#undef WORDS_BIGENDIAN
--- a/ctaocrypt/include/ctc_aes.h
+++ b/ctaocrypt/include/ctc_aes.h
@@ -1,84 +0,0 @@
-/* ctc_aes.h
- *
- * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
- *
- * This file is part of CyaSSL.
- *
- * CyaSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * CyaSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
- */
-
-#ifndef NO_AES
-
-#ifndef CTAO_CRYPT_AES_H
-#define CTAO_CRYPT_AES_H
-
-
-#include "types.h"
-
-#ifdef CYASSL_AESNI
-
-#include <wmmintrin.h>
-
-#if !defined (ALIGN16)
-    #if defined (__GNUC__)
-        #define ALIGN16 __attribute__ ( (aligned (16)))
-    #elif defined(_MSC_VER)
-        #define ALIGN16 __declspec (align (16))
-    #else
-        #define ALIGN16
-    #endif
-#endif
-
-#endif /* CYASSL_AESNI */
-
-#if !defined (ALIGN16)
-    #define ALIGN16
-#endif
-
-#ifdef __cplusplus
-    extern "C" {
-#endif
-
-
-enum {
-    AES_ENCRYPTION = 0,
-    AES_DECRYPTION = 1,
-    AES_BLOCK_SIZE = 16
-};
-
-
-typedef struct Aes {
-    /* AESNI needs key first, rounds 2nd, not sure why yet */
-    ALIGN16 word32 key[60];
-    word32  rounds;
-
-    ALIGN16 word32 reg[AES_BLOCK_SIZE / sizeof(word32)];      /* for CBC mode */
-    ALIGN16 word32 tmp[AES_BLOCK_SIZE / sizeof(word32)];      /* same         */
-} Aes;
-
-
-int  AesSetKey(Aes* aes, const byte* key, word32 len, const byte* iv, int dir);
-void AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz);
-void AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz);
-
-
-#ifdef __cplusplus
-    } /* extern "C" */
-#endif
-
-
-#endif /* CTAO_CRYPT_AES_H */
-#endif /* NO_AES */
-
--- a/ctaocrypt/include/ctc_hmac.h
+++ b/ctaocrypt/include/ctc_hmac.h
@@ -1,85 +0,0 @@
-/* ctc_hmac.h
- *
- * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
- *
- * This file is part of CyaSSL.
- *
- * CyaSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * CyaSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
- */
-
-#ifndef NO_HMAC
-
-#ifndef CTAO_CRYPT_HMAC_H
-#define CTAO_CRYPT_HMAC_H
-
-#include "ctc_md5.h"
-#include "ctc_sha.h"
-
-#ifndef NO_SHA256
-    #include "sha256.h"
-#endif
-
-#ifdef __cplusplus
-    extern "C" {
-#endif
-
-
-
-enum {
-    IPAD    = 0x36,
-    OPAD    = 0x5C,
-#ifndef NO_SHA256
-    INNER_HASH_SIZE = SHA256_DIGEST_SIZE,
-#else
-    INNER_HASH_SIZE = SHA_DIGEST_SIZE,
-    SHA256          = 2,                     /* hash type unique */
-#endif
-    HMAC_BLOCK_SIZE = MD5_BLOCK_SIZE
-};
-
-
-/* hash union */
-typedef union {
-    Md5 md5;
-    Sha sha;
-    #ifndef NO_SHA256
-        Sha256 sha256;
-    #endif
-} Hash;
-
-/* Hmac digest */
-typedef struct Hmac {
-    Hash    hash;
-    word32  ipad[HMAC_BLOCK_SIZE  / sizeof(word32)];  /* same block size all*/
-    word32  opad[HMAC_BLOCK_SIZE  / sizeof(word32)];
-    word32  innerHash[INNER_HASH_SIZE / sizeof(word32)]; /* max size */
-    byte    macType;                                     /* md5 sha or sha256 */
-    byte    innerHashKeyed;                              /* keyed flag */
-} Hmac;
-
-
-void HmacSetKey(Hmac*, int type, const byte* key, word32 keySz); /* does init */
-void HmacUpdate(Hmac*, const byte*, word32);
-void HmacFinal(Hmac*, byte*);
-
-
-#ifdef __cplusplus
-    } /* extern "C" */
-#endif
-
-#endif /* CTAO_CRYPT_HMAC_H */
-
-#endif /* NO_HMAC */
-
--- a/ctaocrypt/include/ctc_rsa.h
+++ b/ctaocrypt/include/ctc_rsa.h
@@ -1,74 +0,0 @@
-/* ctc_rsa.h
- *
- * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
- *
- * This file is part of CyaSSL.
- *
- * CyaSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * CyaSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
- */
-
-
-#ifndef CTAO_CRYPT_RSA_H
-#define CTAO_CRYPT_RSA_H
-
-#include "types.h"
-#include "integer.h"
-#include "random.h"
-
-#ifdef __cplusplus
-    extern "C" {
-#endif
-
-
-enum {
-    RSA_PUBLIC   = 0,
-    RSA_PRIVATE  = 1
-};
-
-/* RSA */
-typedef struct RsaKey {
-    mp_int n, e, d, p, q, dP, dQ, u;
-    int   type;                               /* public or private */
-    void* heap;                               /* for user memory overrides */
-} RsaKey;
-
-
-void InitRsaKey(RsaKey* key, void*);
-void FreeRsaKey(RsaKey* key);
-
-int  RsaPublicEncrypt(const byte* in, word32 inLen, byte* out, word32 outLen,
-                      RsaKey* key, RNG* rng);
-int  RsaPrivateDecryptInline(byte* in, word32 inLen, byte** out, RsaKey* key);
-int  RsaPrivateDecrypt(const byte* in, word32 inLen, byte* out, word32 outLen,
-                       RsaKey* key);
-int  RsaSSL_Sign(const byte* in, word32 inLen, byte* out, word32 outLen,
-                 RsaKey* key, RNG* rng);
-int  RsaSSL_VerifyInline(byte* in, word32 inLen, byte** out, RsaKey* key);
-int  RsaSSL_Verify(const byte* in, word32 inLen, byte* out, word32 outLen,
-                   RsaKey* key);
-
-int  RsaEncryptSize(RsaKey* key);
-
-#ifdef CYASSL_KEY_GEN
-    int MakeRsaKey(RsaKey* key, int size, long e, RNG* rng);
-#endif
-
-
-#ifdef __cplusplus
-    } /* extern "C" */
-#endif
-
-#endif /* CTAO_CRYPT_RSA_H */
-
--- a/ctaocrypt/include/types.h
+++ b/ctaocrypt/include/types.h
@@ -1,198 +0,0 @@
-/* types.h
- *
- * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
- *
- * This file is part of CyaSSL.
- *
- * CyaSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * CyaSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
- */
-
-
-#ifndef CTAO_CRYPT_TYPES_H
-#define CTAO_CRYPT_TYPES_H
-
-#include "os_settings.h"
-
-#ifdef HAVE_CONFIG_H
-    #include "config.h"
-#endif
-
-#ifdef __cplusplus
-    extern "C" {
-#endif
-
-
-#if defined(WORDS_BIGENDIAN) || (defined(__MWERKS__) && !defined(__INTEL__))
-    #define BIG_ENDIAN_ORDER
-#endif
-
-#ifndef BIG_ENDIAN_ORDER
-    #define LITTLE_ENDIAN_ORDER
-#endif
-
-#ifndef CYASSL_TYPES
-    typedef unsigned char  byte;
-    typedef unsigned short word16;
-    typedef unsigned int   word32;
-#endif
-
-#if defined(_MSC_VER) || defined(__BCPLUSPLUS__)
-    #define WORD64_AVAILABLE
-    #define W64LIT(x) x##ui64
-    typedef unsigned __int64 word64;
-#elif SIZEOF_LONG == 8
-    #define WORD64_AVAILABLE
-    #define W64LIT(x) x##LL
-    typedef unsigned long word64;
-#elif SIZEOF_LONG_LONG == 8 
-    #define WORD64_AVAILABLE
-    #define W64LIT(x) x##LL
-    typedef unsigned long long word64;
-#else
-    #define MP_16BIT  /* for mp_int, mp_word needs to be twice as big as
-                         mp_digit, no 64 bit type so make mp_digit 16 bit */
-#endif
-
-
-/* These platforms have 64-bit CPU registers.  */
-#if (defined(__alpha__) || defined(__ia64__) || defined(_ARCH_PPC64) || \
-     defined(__mips64)  || defined(__x86_64__)) 
-    typedef word64 word;
-#else
-    typedef word32 word;
-    #ifdef WORD64_AVAILABLE
-        #define CTAOCRYPT_SLOW_WORD64
-    #endif
-#endif
-
-
-enum {
-    WORD_SIZE  = sizeof(word),
-    BIT_SIZE   = 8,
-    WORD_BITS  = WORD_SIZE * BIT_SIZE
-};
-
-
-/* use inlining if compiler allows */
-#ifndef INLINE
-#ifndef NO_INLINE
-    #ifdef _MSC_VER
-        #define INLINE __inline
-    #elif defined(__GNUC__)
-        #define INLINE inline
-    #elif defined(THREADX)
-        #define INLINE _Inline
-    #else
-        #define INLINE 
-    #endif
-#else
-    #define INLINE 
-#endif
-#endif
-
-
-/* set up rotate style */
-#if defined(_MSC_VER) || defined(__BCPLUSPLUS__)
-	#define INTEL_INTRINSICS
-	#define FAST_ROTATE
-#elif defined(__MWERKS__) && TARGET_CPU_PPC
-	#define PPC_INTRINSICS
-	#define FAST_ROTATE
-#elif defined(__GNUC__) && defined(__i386__)
-        /* GCC does peephole optimizations which should result in using rotate
-           instructions  */
-	#define FAST_ROTATE
-#endif
-
-
-/* Micrium will use Visual Studio for compilation but not the Win32 API */
-#if defined(_WIN32) && !defined(MICRIUM)
-    #define USE_WINDOWS_API
-#endif
-
-
-/* idea to add global alloc override by Moisés Guimarães  */
-/* default to libc stuff */
-/* XREALLOC is used once in mormal math lib, not in fast math lib */
-/* XFREE on some embeded systems doesn't like free(0) so test  */
-#ifdef XMALLOC_USER
-    /* prototypes for user heap override functions */
-    #include <stddef.h>  /* for size_t */
-    extern void *XMALLOC(size_t n, void* heap, int type);
-    extern void *XREALLOC(void *p, size_t n, void* heap, int type);
-    extern void XFREE(void *p, void* heap, int type);
-#elif !defined(MICRIUM_MALLOC)
-    /* defaults to C runtime if user doesn't override and not Micrium */
-    #include <stdlib.h>
-    #define XMALLOC(s, h, t)     malloc((s))
-    #define XFREE(p, h, t)       {void* xp = (p); if((xp)) free((xp));}
-    #define XREALLOC(p, n, h, t) realloc((p), (n))
-#endif
-
-#ifndef STRING_USER
-    #include <string.h>
-    #define XMEMCPY(d,s,l)    memcpy((d),(s),(l))
-    #define XMEMSET(b,c,l)    memset((b),(c),(l))
-    #define XMEMCMP(s1,s2,n)  memcmp((s1),(s2),(n))
-    #define XMEMMOVE(d,s,l)   memmove((d),(s),(l))
-
-    #define XSTRLEN(s1)       strlen((s1))
-    #define XSTRNCPY(s1,s2,n) strncpy((s1),(s2),(n))
-    /* strstr and strncmp only used by CyaSSL proper, not required for
-       CTaoCrypt only */
-    #define XSTRSTR(s1,s2)    strstr((s1),(s2))
-    #define XSTRNCMP(s1,s2,n) strncmp((s1),(s2),(n))
-#endif
-
-#ifdef HAVE_ECC
-    #ifndef CTYPE_USER
-        #include <ctype.h>
-        #define XTOUPPER(c)     toupper((c))
-    #endif
-#endif
-
-
-/* memory allocation types for user hints */
-enum {
-    DYNAMIC_TYPE_CA         = 1,
-    DYNAMIC_TYPE_CERT       = 2,
-    DYNAMIC_TYPE_KEY        = 3,
-    DYNAMIC_TYPE_FILE       = 4,
-    DYNAMIC_TYPE_ISSUER_CN  = 5,
-    DYNAMIC_TYPE_PUBLIC_KEY = 6,
-    DYNAMIC_TYPE_SIGNER     = 7,
-    DYNAMIC_TYPE_NONE       = 8,
-    DYNAMIC_TYPE_BIGINT     = 9,
-    DYNAMIC_TYPE_RSA        = 10,
-    DYNAMIC_TYPE_METHOD     = 11,
-    DYNAMIC_TYPE_OUT_BUFFER = 12,
-    DYNAMIC_TYPE_IN_BUFFER  = 13,
-    DYNAMIC_TYPE_INFO       = 14,
-    DYNAMIC_TYPE_DH         = 15,
-    DYNAMIC_TYPE_DOMAIN     = 16,
-    DYNAMIC_TYPE_SSL        = 17,
-    DYNAMIC_TYPE_CTX        = 18,
-    DYNAMIC_TYPE_WRITEV     = 19,
-    DYNAMIC_TYPE_OPENSSL    = 20 
-};
-
-
-#ifdef __cplusplus
-    }   /* extern "C" */
-#endif
-
-
-#endif /* CTAO_CRYPT_TYPES_H */
-
--- a/ctaocrypt/src/Makefile.am
+++ b/ctaocrypt/src/Makefile.am
@@ -1,2 +0,0 @@
-EXTRA_DIST = ../include/*.h *.c *.i
-
--- a/ctaocrypt/src/aes.c
+++ b/ctaocrypt/src/aes.c
--- a/ctaocrypt/src/aes_asm.s
+++ b/ctaocrypt/src/aes_asm.s
@@ -1,6 +1,6 @@
 /* aes_asm.s
 *
- * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ * Copyright (C) 2006-2013 wolfSSL Inc.
 *
 * This file is part of CyaSSL.
 *
@@ -25,12 +25,14 @@
 */


-//AES_CBC_encrypt (const unsigned char *in,
-//	unsigned char *out,
-//	unsigned char ivec[16],
-//	unsigned long length,
-//	const unsigned char *KS,
-//	int nr)
+/*
+AES_CBC_encrypt (const unsigned char *in,
+	unsigned char *out,
+	unsigned char ivec[16],
+	unsigned long length,
+	const unsigned char *KS,
+	int nr)
+*/
 .globl AES_CBC_encrypt
 AES_CBC_encrypt:
 # parameter 1: %rdi
@@ -82,12 +84,14 @@ ret



-//AES_CBC_decrypt (const unsigned char *in,
-//  unsigned char *out,
-//  unsigned char ivec[16],
-//  unsigned long length,
-//  const unsigned char *KS,
-// int nr)
+/*
+AES_CBC_decrypt (const unsigned char *in,
+  unsigned char *out,
+  unsigned char ivec[16],
+  unsigned long length,
+  const unsigned char *KS,
+  int nr)
+*/
 .globl AES_CBC_decrypt
 AES_CBC_decrypt:
 # parameter 1: %rdi
@@ -260,8 +264,10 @@ ret



-//void AES_128_Key_Expansion(const unsigned char* userkey,
-//   unsigned char* key_schedule);
+/*
+void AES_128_Key_Expansion(const unsigned char* userkey,
+   unsigned char* key_schedule);
+*/
 .align  16,0x90
 .globl AES_128_Key_Expansion
 AES_128_Key_Expansion:
@@ -319,8 +325,10 @@ pxor %xmm2, %xmm1
 ret


-//void AES_192_Key_Expansion (const unsigned char *userkey,
-//  unsigned char *key)
+/*
+void AES_192_Key_Expansion (const unsigned char *userkey,
+  unsigned char *key)
+*/
 .globl AES_192_Key_Expansion
 AES_192_Key_Expansion:
 # parameter 1: %rdi
@@ -403,8 +411,10 @@ pxor   %xmm2, %xmm3
 ret
 

-//void AES_256_Key_Expansion (const unsigned char *userkey,
-//  unsigned char *key)
+/*
+void AES_256_Key_Expansion (const unsigned char *userkey,
+  unsigned char *key)
+*/
 .globl AES_256_Key_Expansion
 AES_256_Key_Expansion:
 # parameter 1: %rdi
--- a/ctaocrypt/src/arc4.c
+++ b/ctaocrypt/src/arc4.c
@@ -1,6 +1,6 @@
 /* arc4.c
 *
- * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ * Copyright (C) 2006-2013 wolfSSL Inc.
 *
 * This file is part of CyaSSL.
 *
@@ -19,9 +19,22 @@
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
 */

+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif

-#include "arc4.h"
+#include <cyassl/ctaocrypt/settings.h>

+#ifndef NO_RC4
+
+#include <cyassl/ctaocrypt/arc4.h>
+
+
+#ifdef HAVE_CAVIUM
+    static void Arc4CaviumSetKey(Arc4* arc4, const byte* key, word32 length);
+    static void Arc4CaviumProcess(Arc4* arc4, byte* out, const byte* in,
+                                  word32 length);
+#endif


 void Arc4SetKey(Arc4* arc4, const byte* key, word32 length)
@@ -29,18 +42,23 @@ void Arc4SetKey(Arc4* arc4, const byte* key, word32 length)
    word32 i;
    word32 keyIndex = 0, stateIndex = 0;

+#ifdef HAVE_CAVIUM
+    if (arc4->magic == CYASSL_ARC4_CAVIUM_MAGIC)
+        return Arc4CaviumSetKey(arc4, key, length);
+#endif
+
    arc4->x = 1;
    arc4->y = 0;

    for (i = 0; i < ARC4_STATE_SIZE; i++)
-        arc4->state[i] = i;
+        arc4->state[i] = (byte)i;

    for (i = 0; i < ARC4_STATE_SIZE; i++) {
        word32 a = arc4->state[i];
        stateIndex += key[keyIndex] + a;
        stateIndex &= 0xFF;
        arc4->state[i] = arc4->state[stateIndex];
-        arc4->state[stateIndex] = a;
+        arc4->state[stateIndex] = (byte)a;

        if (++keyIndex >= length)
            keyIndex = 0;
@@ -48,14 +66,14 @@ void Arc4SetKey(Arc4* arc4, const byte* key, word32 length)
 }


-static INLINE word32 MakeByte(word32* x, word32* y, byte* s)
+static INLINE byte MakeByte(word32* x, word32* y, byte* s)
 {
    word32 a = s[*x], b;
    *y = (*y+a) & 0xff;

    b = s[*y];
-    s[*x] = b;
-    s[*y] = a;
+    s[*x] = (byte)b;
+    s[*y] = (byte)a;
    *x = (*x+1) & 0xff;

    return s[(a+b) & 0xff];
@@ -64,13 +82,98 @@ static INLINE word32 MakeByte(word32* x, word32* y, byte* s)

 void Arc4Process(Arc4* arc4, byte* out, const byte* in, word32 length)
 {
-    word32 x = arc4->x;
-    word32 y = arc4->y;
+    word32 x;
+    word32 y;
+
+#ifdef HAVE_CAVIUM
+    if (arc4->magic == CYASSL_ARC4_CAVIUM_MAGIC)
+        return Arc4CaviumProcess(arc4, out, in, length);
+#endif
+
+    x = arc4->x;
+    y = arc4->y;

    while(length--)
        *out++ = *in++ ^ MakeByte(&x, &y, arc4->state);

-    arc4->x = x;
-    arc4->y = y;
+    arc4->x = (byte)x;
+    arc4->y = (byte)y;
 }

+
+#ifdef HAVE_CAVIUM
+
+#include <cyassl/ctaocrypt/logging.h>
+#include "cavium_common.h"
+
+/* Initiliaze Arc4 for use with Nitrox device */
+int Arc4InitCavium(Arc4* arc4, int devId)
+{
+    if (arc4 == NULL)
+        return -1;
+
+    if (CspAllocContext(CONTEXT_SSL, &arc4->contextHandle, devId) != 0)
+        return -1;
+
+    arc4->devId = devId;
+    arc4->magic = CYASSL_ARC4_CAVIUM_MAGIC;
+   
+    return 0;
+}
+
+
+/* Free Arc4 from use with Nitrox device */
+void Arc4FreeCavium(Arc4* arc4)
+{
+    if (arc4 == NULL)
+        return;
+
+    if (arc4->magic != CYASSL_ARC4_CAVIUM_MAGIC)
+        return;
+
+    CspFreeContext(CONTEXT_SSL, arc4->contextHandle, arc4->devId);
+    arc4->magic = 0;
+}
+
+
+static void Arc4CaviumSetKey(Arc4* arc4, const byte* key, word32 length)
+{
+    word32 requestId;
+
+    if (CspInitializeRc4(CAVIUM_BLOCKING, arc4->contextHandle, length,
+                         (byte*)key, &requestId, arc4->devId) != 0) {
+        CYASSL_MSG("Bad Cavium Arc4 Init");
+    }
+}
+
+
+static void Arc4CaviumProcess(Arc4* arc4, byte* out, const byte* in,
+                              word32 length)
+{
+    word   offset = 0;
+    word32 requestId;
+
+    while (length > CYASSL_MAX_16BIT) {
+        word16 slen = (word16)CYASSL_MAX_16BIT;
+        if (CspEncryptRc4(CAVIUM_BLOCKING, arc4->contextHandle,CAVIUM_UPDATE,
+                          slen, (byte*)in + offset, out + offset, &requestId,
+                          arc4->devId) != 0) {
+            CYASSL_MSG("Bad Cavium Arc4 Encrypt");
+        }
+        length -= CYASSL_MAX_16BIT;
+        offset += CYASSL_MAX_16BIT;
+    }
+    if (length) {
+        word16 slen = (word16)length;
+        if (CspEncryptRc4(CAVIUM_BLOCKING, arc4->contextHandle,CAVIUM_UPDATE,
+                          slen, (byte*)in + offset, out + offset, &requestId,
+                          arc4->devId) != 0) {
+            CYASSL_MSG("Bad Cavium Arc4 Encrypt");
+        }
+    }
+}
+
+#endif /* HAVE_CAVIUM */
+
+#endif /* NO_ARC4 */
+
--- a/ctaocrypt/src/asm.c
+++ b/ctaocrypt/src/asm.c
@@ -1,6 +1,6 @@
 /* asm.c
 *
- * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ * Copyright (C) 2006-2013 wolfSSL Inc.
 *
 * This file is part of CyaSSL.
 *
@@ -19,13 +19,18 @@
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
 */

+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#include <cyassl/ctaocrypt/settings.h>
+
 /*
 * Based on public domain TomsFastMath 0.10 by Tom St Denis, tomstdenis@iahu.ca,
 * http://math.libtomcrypt.com
 */


-
 /******************************************************************/
 /* fp_montgomery_reduce.c asm or generic */
 #if defined(TFM_X86) && !defined(TFM_SSE2) 
@@ -38,7 +43,7 @@
   mu = c[x] * mp

 #define INNERMUL                                          \
-asm(                                                      \
+__asm__(                                                      \
   "movl %5,%%eax \n\t"                                   \
   "mull %4       \n\t"                                   \
   "addl %1,%%eax \n\t"                                   \
@@ -48,16 +53,16 @@ asm(                                                      \
   "movl %%edx,%1 \n\t"                                   \
 :"=g"(_c[LO]), "=r"(cy)                                   \
 :"0"(_c[LO]), "1"(cy), "g"(mu), "g"(*tmpm++)              \
-: "%eax", "%edx", "%cc")
+: "%eax", "%edx", "cc")

 #define PROPCARRY                           \
-asm(                                        \
+__asm__(                                        \
   "addl   %1,%0    \n\t"                   \
   "setb   %%al     \n\t"                   \
   "movzbl %%al,%1 \n\t"                    \
 :"=g"(_c[LO]), "=r"(cy)                     \
 :"0"(_c[LO]), "1"(cy)                       \
-: "%eax", "%cc")
+: "%eax", "cc")

 /******************************************************************/
 #elif defined(TFM_X86_64)
@@ -70,7 +75,7 @@ asm(                                        \
   mu = c[x] * mp

 #define INNERMUL                                          \
-asm(                                                      \
+__asm__(                                                      \
   "movq %5,%%rax \n\t"                                   \
   "mulq %4       \n\t"                                   \
   "addq %1,%%rax \n\t"                                   \
@@ -80,10 +85,10 @@ asm(                                                      \
   "movq %%rdx,%1 \n\t"                                   \
 :"=g"(_c[LO]), "=r"(cy)                                   \
 :"0"(_c[LO]), "1"(cy), "r"(mu), "r"(*tmpm++)              \
-: "%rax", "%rdx", "%cc")
+: "%rax", "%rdx", "cc")

 #define INNERMUL8 \
- asm(                  \
+ __asm__(                  \
 "movq 0(%5),%%rax    \n\t"  \
 "movq 0(%2),%%r10    \n\t"  \
 "movq 0x8(%5),%%r11  \n\t"  \
@@ -173,17 +178,17 @@ asm(                                                      \
 \
 :"=r"(_c), "=r"(cy)                    \
 : "0"(_c),  "1"(cy), "g"(mu), "r"(tmpm)\
-: "%rax", "%rdx", "%r10", "%r11", "%cc")
+: "%rax", "%rdx", "%r10", "%r11", "cc")


 #define PROPCARRY                           \
-asm(                                        \
+__asm__(                                        \
   "addq   %1,%0    \n\t"                   \
   "setb   %%al     \n\t"                   \
   "movzbq %%al,%1 \n\t"                    \
 :"=g"(_c[LO]), "=r"(cy)                     \
 :"0"(_c[LO]), "1"(cy)                       \
-: "%rax", "%cc")
+: "%rax", "cc")

 /******************************************************************/
 #elif defined(TFM_SSE2)  
@@ -197,13 +202,13 @@ asm(                                        \
 */

 #define MONT_START \
-   asm("movd %0,%%mm2"::"g"(mp))
+   __asm__("movd %0,%%mm2"::"g"(mp))

 #define MONT_FINI \
-   asm("emms")
+   __asm__("emms")

 #define LOOP_START          \
-asm(                        \
+__asm__(                        \
 "movd %0,%%mm1        \n\t" \
 "pxor %%mm3,%%mm3     \n\t" \
 "pmuludq %%mm2,%%mm1  \n\t" \
@@ -211,7 +216,7 @@ asm(                        \

 /* pmuludq on mmx registers does a 32x32->64 multiply. */
 #define INNERMUL               \
-asm(                           \
+__asm__(                           \
   "movd %1,%%mm4        \n\t" \
   "movd %2,%%mm0        \n\t" \
   "paddq %%mm4,%%mm3    \n\t" \
@@ -222,7 +227,7 @@ asm(                           \
 :"=g"(_c[LO]) : "0"(_c[LO]), "g"(*tmpm++) );

 #define INNERMUL8 \
-asm(                           \
+__asm__(                           \
   "movd 0(%1),%%mm4     \n\t" \
   "movd 0(%2),%%mm0     \n\t" \
   "paddq %%mm4,%%mm3    \n\t" \
@@ -292,16 +297,16 @@ asm(                           \
   pointer */

 #define LOOP_END \
-asm( "movd %%mm3,%0  \n" :"=r"(cy))
+__asm__( "movd %%mm3,%0  \n" :"=r"(cy))

 #define PROPCARRY                           \
-asm(                                        \
+__asm__(                                        \
   "addl   %1,%0    \n\t"                   \
   "setb   %%al     \n\t"                   \
   "movzbl %%al,%1 \n\t"                    \
 :"=g"(_c[LO]), "=r"(cy)                     \
 :"0"(_c[LO]), "1"(cy)                       \
-: "%eax", "%cc")
+: "%eax", "cc")

 /******************************************************************/
 #elif defined(TFM_ARM)
@@ -314,23 +319,23 @@ asm(                                        \
   mu = c[x] * mp

 #define INNERMUL                    \
-asm(                                \
+__asm__(                                \
    " LDR    r0,%1            \n\t" \
    " ADDS   r0,r0,%0         \n\t" \
    " MOVCS  %0,#1            \n\t" \
    " MOVCC  %0,#0            \n\t" \
    " UMLAL  r0,%0,%3,%4      \n\t" \
    " STR    r0,%1            \n\t" \
-:"=r"(cy),"=m"(_c[0]):"0"(cy),"r"(mu),"r"(*tmpm++),"1"(_c[0]):"r0","%cc");
+:"=r"(cy),"=m"(_c[0]):"0"(cy),"r"(mu),"r"(*tmpm++),"1"(_c[0]):"r0","cc");

 #define PROPCARRY                  \
-asm(                               \
+__asm__(                               \
    " LDR   r0,%1            \n\t" \
    " ADDS  r0,r0,%0         \n\t" \
    " STR   r0,%1            \n\t" \
    " MOVCS %0,#1            \n\t" \
    " MOVCC %0,#0            \n\t" \
-:"=r"(cy),"=m"(_c[0]):"0"(cy),"1"(_c[0]):"r0","%cc");
+:"=r"(cy),"=m"(_c[0]):"0"(cy),"1"(_c[0]):"r0","cc");

 #elif defined(TFM_PPC32)

@@ -342,7 +347,7 @@ asm(                               \
   mu = c[x] * mp

 #define INNERMUL                     \
-asm(                                 \
+__asm__(                                 \
   " mullw    16,%3,%4       \n\t"   \
   " mulhwu   17,%3,%4       \n\t"   \
   " addc     16,16,%0       \n\t"   \
@@ -351,16 +356,16 @@ asm(                                 \
   " addc     16,16,18       \n\t"   \
   " addze    %0,17          \n\t"   \
   " stw      16,%1          \n\t"   \
-:"=r"(cy),"=m"(_c[0]):"0"(cy),"r"(mu),"r"(tmpm[0]),"1"(_c[0]):"16", "17", "18","%cc"); ++tmpm;
+:"=r"(cy),"=m"(_c[0]):"0"(cy),"r"(mu),"r"(tmpm[0]),"1"(_c[0]):"16", "17", "18","cc"); ++tmpm;

 #define PROPCARRY                    \
-asm(                                 \
+__asm__(                                 \
   " lwz      16,%1         \n\t"    \
   " addc     16,16,%0      \n\t"    \
   " stw      16,%1         \n\t"    \
   " xor      %0,%0,%0      \n\t"    \
   " addze    %0,%0         \n\t"    \
-:"=r"(cy),"=m"(_c[0]):"0"(cy),"1"(_c[0]):"16","%cc");
+:"=r"(cy),"=m"(_c[0]):"0"(cy),"1"(_c[0]):"16","cc");

 #elif defined(TFM_PPC64)

@@ -372,7 +377,7 @@ asm(                                 \
   mu = c[x] * mp

 #define INNERMUL                     \
-asm(                                 \
+__asm__(                                 \
   " mulld    16,%3,%4       \n\t"   \
   " mulhdu   17,%3,%4       \n\t"   \
   " addc     16,16,%0       \n\t"   \
@@ -381,16 +386,16 @@ asm(                                 \
   " addc     16,16,18       \n\t"   \
   " addze    %0,17          \n\t"   \
   " sdx      16,0,%1        \n\t"   \
-:"=r"(cy),"=m"(_c[0]):"0"(cy),"r"(mu),"r"(tmpm[0]),"1"(_c[0]):"16", "17", "18","%cc"); ++tmpm;
+:"=r"(cy),"=m"(_c[0]):"0"(cy),"r"(mu),"r"(tmpm[0]),"1"(_c[0]):"16", "17", "18","cc"); ++tmpm;

 #define PROPCARRY                    \
-asm(                                 \
+__asm__(                                 \
   " ldx      16,0,%1       \n\t"    \
   " addc     16,16,%0      \n\t"    \
   " sdx      16,0,%1       \n\t"    \
   " xor      %0,%0,%0      \n\t"    \
   " addze    %0,%0         \n\t"    \
-:"=r"(cy),"=m"(_c[0]):"0"(cy),"1"(_c[0]):"16","%cc");
+:"=r"(cy),"=m"(_c[0]):"0"(cy),"1"(_c[0]):"16","cc");

 /******************************************************************/

@@ -404,7 +409,7 @@ asm(                                 \
   mu = c[x] * mp

 #define INNERMUL                    \
-asm(                                \
+__asm__(                                \
    " ld.w   r2,%1            \n\t" \
    " add    r2,%0            \n\t" \
    " eor    r3,r3            \n\t" \
@@ -415,13 +420,13 @@ asm(                                \
 :"=r"(cy),"=r"(_c):"0"(cy),"r"(mu),"r"(*tmpm++),"1"(_c):"r2","r3");

 #define PROPCARRY                    \
-asm(                                 \
+__asm__(                                 \
   " ld.w     r2,%1         \n\t"    \
   " add      r2,%0         \n\t"    \
   " st.w     %1,r2         \n\t"    \
   " eor      %0,%0         \n\t"    \
   " acr      %0            \n\t"    \
-:"=r"(cy),"=r"(&_c[0]):"0"(cy),"1"(&_c[0]):"r2","%cc");
+:"=r"(cy),"=r"(&_c[0]):"0"(cy),"1"(&_c[0]):"r2","cc");

 #else

@@ -434,9 +439,10 @@ asm(                                 \

 #define INNERMUL                                      \
   do { fp_word t;                                    \
-   _c[0] = t  = ((fp_word)_c[0] + (fp_word)cy) +      \
+   t  = ((fp_word)_c[0] + (fp_word)cy) +              \
                (((fp_word)mu) * ((fp_word)*tmpm++)); \
-   cy = (t >> DIGIT_BIT);                             \
+   _c[0] = (fp_digit)t;                               \
+   cy = (fp_digit)(t >> DIGIT_BIT);                   \
   } while (0)

 #define PROPCARRY \
@@ -472,16 +478,16 @@ asm(                                 \
 #define COMBA_FINI

 #define SQRADD(i, j)                                      \
-asm(                                            \
+__asm__(                                            \
     "movl  %6,%%eax     \n\t"                            \
     "mull  %%eax        \n\t"                            \
     "addl  %%eax,%0     \n\t"                            \
     "adcl  %%edx,%1     \n\t"                            \
     "adcl  $0,%2        \n\t"                            \
-     :"=r"(c0), "=r"(c1), "=r"(c2): "0"(c0), "1"(c1), "2"(c2), "m"(i) :"%eax","%edx","%cc");
+     :"=r"(c0), "=r"(c1), "=r"(c2): "0"(c0), "1"(c1), "2"(c2), "m"(i) :"%eax","%edx","cc");

 #define SQRADD2(i, j)                                     \
-asm(                                            \
+__asm__(                                            \
     "movl  %6,%%eax     \n\t"                            \
     "mull  %7           \n\t"                            \
     "addl  %%eax,%0     \n\t"                            \
@@ -490,37 +496,37 @@ asm(                                            \
     "addl  %%eax,%0     \n\t"                            \
     "adcl  %%edx,%1     \n\t"                            \
     "adcl  $0,%2        \n\t"                            \
-     :"=r"(c0), "=r"(c1), "=r"(c2): "0"(c0), "1"(c1), "2"(c2), "m"(i), "m"(j)  :"%eax","%edx", "%cc");
+     :"=r"(c0), "=r"(c1), "=r"(c2): "0"(c0), "1"(c1), "2"(c2), "m"(i), "m"(j)  :"%eax","%edx", "cc");

 #define SQRADDSC(i, j)                                    \
-asm(                                                     \
+__asm__(                                                     \
     "movl  %3,%%eax     \n\t"                            \
     "mull  %4           \n\t"                            \
     "movl  %%eax,%0     \n\t"                            \
     "movl  %%edx,%1     \n\t"                            \
     "xorl  %2,%2        \n\t"                            \
-     :"=r"(sc0), "=r"(sc1), "=r"(sc2): "g"(i), "g"(j) :"%eax","%edx","%cc");
+     :"=r"(sc0), "=r"(sc1), "=r"(sc2): "g"(i), "g"(j) :"%eax","%edx","cc");

 /* TAO removed sc0,1,2 as input to remove warning so %6,%7 become %3,%4 */

 #define SQRADDAC(i, j)                                    \
-asm(                                                     \
+__asm__(                                                     \
     "movl  %6,%%eax     \n\t"                            \
     "mull  %7           \n\t"                            \
     "addl  %%eax,%0     \n\t"                            \
     "adcl  %%edx,%1     \n\t"                            \
     "adcl  $0,%2        \n\t"                            \
-     :"=r"(sc0), "=r"(sc1), "=r"(sc2): "0"(sc0), "1"(sc1), "2"(sc2), "g"(i), "g"(j) :"%eax","%edx","%cc");
+     :"=r"(sc0), "=r"(sc1), "=r"(sc2): "0"(sc0), "1"(sc1), "2"(sc2), "g"(i), "g"(j) :"%eax","%edx","cc");

 #define SQRADDDB                                          \
-asm(                                                     \
+__asm__(                                                     \
     "addl %6,%0         \n\t"                            \
     "adcl %7,%1         \n\t"                            \
     "adcl %8,%2         \n\t"                            \
     "addl %6,%0         \n\t"                            \
     "adcl %7,%1         \n\t"                            \
     "adcl %8,%2         \n\t"                            \
-     :"=r"(c0), "=r"(c1), "=r"(c2) : "0"(c0), "1"(c1), "2"(c2), "r"(sc0), "r"(sc1), "r"(sc2) : "%cc");
+     :"=r"(c0), "=r"(c1), "=r"(c2) : "0"(c0), "1"(c1), "2"(c2), "r"(sc0), "r"(sc1), "r"(sc2) : "cc");

 #elif defined(TFM_X86_64)
 /* x86-64 optimized */
@@ -542,16 +548,16 @@ asm(                                                     \
 #define COMBA_FINI

 #define SQRADD(i, j)                                      \
-asm(                                                     \
+__asm__(                                                     \
     "movq  %6,%%rax     \n\t"                            \
     "mulq  %%rax        \n\t"                            \
     "addq  %%rax,%0     \n\t"                            \
     "adcq  %%rdx,%1     \n\t"                            \
     "adcq  $0,%2        \n\t"                            \
-     :"=r"(c0), "=r"(c1), "=r"(c2): "0"(c0), "1"(c1), "2"(c2), "g"(i) :"%rax","%rdx","%cc");
+     :"=r"(c0), "=r"(c1), "=r"(c2): "0"(c0), "1"(c1), "2"(c2), "g"(i) :"%rax","%rdx","cc");

 #define SQRADD2(i, j)                                     \
-asm(                                                     \
+__asm__(                                                     \
     "movq  %6,%%rax     \n\t"                            \
     "mulq  %7           \n\t"                            \
     "addq  %%rax,%0     \n\t"                            \
@@ -560,37 +566,37 @@ asm(                                                     \
     "addq  %%rax,%0     \n\t"                            \
     "adcq  %%rdx,%1     \n\t"                            \
     "adcq  $0,%2        \n\t"                            \
-     :"=r"(c0), "=r"(c1), "=r"(c2): "0"(c0), "1"(c1), "2"(c2), "g"(i), "g"(j)  :"%rax","%rdx","%cc");
+     :"=r"(c0), "=r"(c1), "=r"(c2): "0"(c0), "1"(c1), "2"(c2), "g"(i), "g"(j)  :"%rax","%rdx","cc");

 #define SQRADDSC(i, j)                                    \
-asm(                                                     \
+__asm__(                                                     \
     "movq  %3,%%rax     \n\t"                            \
     "mulq  %4           \n\t"                            \
     "movq  %%rax,%0     \n\t"                            \
     "movq  %%rdx,%1     \n\t"                            \
     "xorq  %2,%2        \n\t"                            \
-     :"=r"(sc0), "=r"(sc1), "=r"(sc2): "g"(i), "g"(j) :"%rax","%rdx","%cc");
+     :"=r"(sc0), "=r"(sc1), "=r"(sc2): "g"(i), "g"(j) :"%rax","%rdx","cc");

 /* TAO removed sc0,1,2 as input to remove warning so %6,%7 become %3,%4 */

 #define SQRADDAC(i, j)                                                         \
-asm(                                                     \
+__asm__(                                                     \
     "movq  %6,%%rax     \n\t"                            \
     "mulq  %7           \n\t"                            \
     "addq  %%rax,%0     \n\t"                            \
     "adcq  %%rdx,%1     \n\t"                            \
     "adcq  $0,%2        \n\t"                            \
-     :"=r"(sc0), "=r"(sc1), "=r"(sc2): "0"(sc0), "1"(sc1), "2"(sc2), "g"(i), "g"(j) :"%rax","%rdx","%cc");
+     :"=r"(sc0), "=r"(sc1), "=r"(sc2): "0"(sc0), "1"(sc1), "2"(sc2), "g"(i), "g"(j) :"%rax","%rdx","cc");

 #define SQRADDDB                                          \
-asm(                                                     \
+__asm__(                                                     \
     "addq %6,%0         \n\t"                            \
     "adcq %7,%1         \n\t"                            \
     "adcq %8,%2         \n\t"                            \
     "addq %6,%0         \n\t"                            \
     "adcq %7,%1         \n\t"                            \
     "adcq %8,%2         \n\t"                            \
-     :"=r"(c0), "=r"(c1), "=r"(c2) : "0"(c0), "1"(c1), "2"(c2), "r"(sc0), "r"(sc1), "r"(sc2) : "%cc");
+     :"=r"(c0), "=r"(c1), "=r"(c2) : "0"(c0), "1"(c1), "2"(c2), "r"(sc0), "r"(sc1), "r"(sc2) : "cc");

 #elif defined(TFM_SSE2)

@@ -610,10 +616,10 @@ asm(                                                     \
   do { c0 = c1; c1 = c2; c2 = 0; } while (0);

 #define COMBA_FINI \
-   asm("emms");
+   __asm__("emms");

 #define SQRADD(i, j)                                      \
-asm(                                            \
+__asm__(                                            \
     "movd  %6,%%mm0     \n\t"                            \
     "pmuludq %%mm0,%%mm0\n\t"                            \
     "movd  %%mm0,%%eax  \n\t"                            \
@@ -622,10 +628,10 @@ asm(                                            \
     "movd  %%mm0,%%eax  \n\t"                            \
     "adcl  %%eax,%1     \n\t"                            \
     "adcl  $0,%2        \n\t"                            \
-     :"=r"(c0), "=r"(c1), "=r"(c2): "0"(c0), "1"(c1), "2"(c2), "m"(i) :"%eax","%cc");
+     :"=r"(c0), "=r"(c1), "=r"(c2): "0"(c0), "1"(c1), "2"(c2), "m"(i) :"%eax","cc");

 #define SQRADD2(i, j)                                     \
-asm(                                            \
+__asm__(                                            \
     "movd  %6,%%mm0     \n\t"                            \
     "movd  %7,%%mm1     \n\t"                            \
     "pmuludq %%mm1,%%mm0\n\t"                            \
@@ -638,10 +644,10 @@ asm(                                            \
     "addl  %%eax,%0     \n\t"                            \
     "adcl  %%edx,%1     \n\t"                            \
     "adcl  $0,%2        \n\t"                            \
-     :"=r"(c0), "=r"(c1), "=r"(c2): "0"(c0), "1"(c1), "2"(c2), "m"(i), "m"(j)  :"%eax","%edx","%cc");
+     :"=r"(c0), "=r"(c1), "=r"(c2): "0"(c0), "1"(c1), "2"(c2), "m"(i), "m"(j)  :"%eax","%edx","cc");

 #define SQRADDSC(i, j)                                                         \
-asm(                                            \
+__asm__(                                            \
     "movd  %3,%%mm0     \n\t"                            \
     "movd  %4,%%mm1     \n\t"                            \
     "pmuludq %%mm1,%%mm0\n\t"                            \
@@ -654,7 +660,7 @@ asm(                                            \
 /* TAO removed sc0,1,2 as input to remove warning so %6,%7 become %3,%4 */

 #define SQRADDAC(i, j)                                                         \
-asm(                                            \
+__asm__(                                            \
     "movd  %6,%%mm0     \n\t"                            \
     "movd  %7,%%mm1     \n\t"                            \
     "pmuludq %%mm1,%%mm0\n\t"                            \
@@ -664,17 +670,17 @@ asm(                                            \
     "addl  %%eax,%0     \n\t"                            \
     "adcl  %%edx,%1     \n\t"                            \
     "adcl  $0,%2        \n\t"                            \
-     :"=r"(sc0), "=r"(sc1), "=r"(sc2): "0"(sc0), "1"(sc1), "2"(sc2), "m"(i), "m"(j)  :"%eax","%edx","%cc");
+     :"=r"(sc0), "=r"(sc1), "=r"(sc2): "0"(sc0), "1"(sc1), "2"(sc2), "m"(i), "m"(j)  :"%eax","%edx","cc");

 #define SQRADDDB                                          \
-asm(                                                     \
+__asm__(                                                     \
     "addl %6,%0         \n\t"                            \
     "adcl %7,%1         \n\t"                            \
     "adcl %8,%2         \n\t"                            \
     "addl %6,%0         \n\t"                            \
     "adcl %7,%1         \n\t"                            \
     "adcl %8,%2         \n\t"                            \
-     :"=r"(c0), "=r"(c1), "=r"(c2) : "0"(c0), "1"(c1), "2"(c2), "r"(sc0), "r"(sc1), "r"(sc2) : "%cc");
+     :"=r"(c0), "=r"(c1), "=r"(c2) : "0"(c0), "1"(c1), "2"(c2), "r"(sc0), "r"(sc1), "r"(sc2) : "cc");

 #elif defined(TFM_ARM)

@@ -698,16 +704,16 @@ asm(                                                     \

 /* multiplies point i and j, updates carry "c1" and digit c2 */
 #define SQRADD(i, j)                                             \
-asm(                                                             \
+__asm__(                                                             \
 "  UMULL  r0,r1,%6,%6              \n\t"                         \
 "  ADDS   %0,%0,r0                 \n\t"                         \
 "  ADCS   %1,%1,r1                 \n\t"                         \
 "  ADC    %2,%2,#0                 \n\t"                         \
-:"=r"(c0), "=r"(c1), "=r"(c2) : "0"(c0), "1"(c1), "2"(c2), "r"(i) : "r0", "r1", "%cc");
+:"=r"(c0), "=r"(c1), "=r"(c2) : "0"(c0), "1"(c1), "2"(c2), "r"(i) : "r0", "r1", "cc");
 	
 /* for squaring some of the terms are doubled... */
 #define SQRADD2(i, j)                                            \
-asm(                                                             \
+__asm__(                                                             \
 "  UMULL  r0,r1,%6,%7              \n\t"                         \
 "  ADDS   %0,%0,r0                 \n\t"                         \
 "  ADCS   %1,%1,r1                 \n\t"                         \
@@ -715,31 +721,31 @@ asm(                                                             \
 "  ADDS   %0,%0,r0                 \n\t"                         \
 "  ADCS   %1,%1,r1                 \n\t"                         \
 "  ADC    %2,%2,#0                 \n\t"                         \
-:"=r"(c0), "=r"(c1), "=r"(c2) : "0"(c0), "1"(c1), "2"(c2), "r"(i), "r"(j) : "r0", "r1", "%cc");
+:"=r"(c0), "=r"(c1), "=r"(c2) : "0"(c0), "1"(c1), "2"(c2), "r"(i), "r"(j) : "r0", "r1", "cc");

 #define SQRADDSC(i, j)                                           \
-asm(                                                             \
+__asm__(                                                             \
 "  UMULL  %0,%1,%6,%7              \n\t"                         \
 "  SUB    %2,%2,%2                 \n\t"                         \
-:"=r"(sc0), "=r"(sc1), "=r"(sc2) : "0"(sc0), "1"(sc1), "2"(sc2), "r"(i), "r"(j) : "%cc");
+:"=r"(sc0), "=r"(sc1), "=r"(sc2) : "0"(sc0), "1"(sc1), "2"(sc2), "r"(i), "r"(j) : "cc");

 #define SQRADDAC(i, j)                                           \
-asm(                                                             \
+__asm__(                                                             \
 "  UMULL  r0,r1,%6,%7              \n\t"                         \
 "  ADDS   %0,%0,r0                 \n\t"                         \
 "  ADCS   %1,%1,r1                 \n\t"                         \
 "  ADC    %2,%2,#0                 \n\t"                         \
-:"=r"(sc0), "=r"(sc1), "=r"(sc2) : "0"(sc0), "1"(sc1), "2"(sc2), "r"(i), "r"(j) : "r0", "r1", "%cc");
+:"=r"(sc0), "=r"(sc1), "=r"(sc2) : "0"(sc0), "1"(sc1), "2"(sc2), "r"(i), "r"(j) : "r0", "r1", "cc");

 #define SQRADDDB                                                 \
-asm(                                                             \
+__asm__(                                                             \
 "  ADDS  %0,%0,%3                     \n\t"                      \
 "  ADCS  %1,%1,%4                     \n\t"                      \
 "  ADC   %2,%2,%5                     \n\t"                      \
 "  ADDS  %0,%0,%3                     \n\t"                      \
 "  ADCS  %1,%1,%4                     \n\t"                      \
 "  ADC   %2,%2,%5                     \n\t"                      \
-:"=r"(c0), "=r"(c1), "=r"(c2) : "r"(sc0), "r"(sc1), "r"(sc2), "0"(c0), "1"(c1), "2"(c2) : "%cc");
+:"=r"(c0), "=r"(c1), "=r"(c2) : "r"(sc0), "r"(sc1), "r"(sc2), "0"(c0), "1"(c1), "2"(c2) : "cc");

 #elif defined(TFM_PPC32)

@@ -763,17 +769,17 @@ asm(                                                             \

 /* multiplies point i and j, updates carry "c1" and digit c2 */
 #define SQRADD(i, j)             \
-asm(                             \
+__asm__(                             \
   " mullw  16,%6,%6       \n\t" \
   " addc   %0,%0,16       \n\t" \
   " mulhwu 16,%6,%6       \n\t" \
   " adde   %1,%1,16       \n\t" \
   " addze  %2,%2          \n\t" \
-:"=r"(c0), "=r"(c1), "=r"(c2):"0"(c0), "1"(c1), "2"(c2), "r"(i):"16","%cc");
+:"=r"(c0), "=r"(c1), "=r"(c2):"0"(c0), "1"(c1), "2"(c2), "r"(i):"16","cc");

 /* for squaring some of the terms are doubled... */
 #define SQRADD2(i, j)            \
-asm(                             \
+__asm__(                             \
   " mullw  16,%6,%7       \n\t" \
   " mulhwu 17,%6,%7       \n\t" \
   " addc   %0,%0,16       \n\t" \
@@ -782,33 +788,33 @@ asm(                             \
   " addc   %0,%0,16       \n\t" \
   " adde   %1,%1,17       \n\t" \
   " addze  %2,%2          \n\t" \
-:"=r"(c0), "=r"(c1), "=r"(c2):"0"(c0), "1"(c1), "2"(c2), "r"(i), "r"(j):"16", "17","%cc");
+:"=r"(c0), "=r"(c1), "=r"(c2):"0"(c0), "1"(c1), "2"(c2), "r"(i), "r"(j):"16", "17","cc");

 #define SQRADDSC(i, j)            \
-asm(                              \
+__asm__(                              \
   " mullw  %0,%6,%7        \n\t" \
   " mulhwu %1,%6,%7        \n\t" \
   " xor    %2,%2,%2        \n\t" \
-:"=r"(sc0), "=r"(sc1), "=r"(sc2):"0"(sc0), "1"(sc1), "2"(sc2), "r"(i),"r"(j) : "%cc");
+:"=r"(sc0), "=r"(sc1), "=r"(sc2):"0"(sc0), "1"(sc1), "2"(sc2), "r"(i),"r"(j) : "cc");

 #define SQRADDAC(i, j)           \
-asm(                             \
+__asm__(                             \
   " mullw  16,%6,%7       \n\t" \
   " addc   %0,%0,16       \n\t" \
   " mulhwu 16,%6,%7       \n\t" \
   " adde   %1,%1,16       \n\t" \
   " addze  %2,%2          \n\t" \
-:"=r"(sc0), "=r"(sc1), "=r"(sc2):"0"(sc0), "1"(sc1), "2"(sc2), "r"(i), "r"(j):"16", "%cc");
+:"=r"(sc0), "=r"(sc1), "=r"(sc2):"0"(sc0), "1"(sc1), "2"(sc2), "r"(i), "r"(j):"16", "cc");

 #define SQRADDDB                  \
-asm(                              \
+__asm__(                              \
   " addc   %0,%0,%3        \n\t" \
   " adde   %1,%1,%4        \n\t" \
   " adde   %2,%2,%5        \n\t" \
   " addc   %0,%0,%3        \n\t" \
   " adde   %1,%1,%4        \n\t" \
   " adde   %2,%2,%5        \n\t" \
-:"=r"(c0), "=r"(c1), "=r"(c2) : "r"(sc0), "r"(sc1), "r"(sc2), "0"(c0), "1"(c1), "2"(c2) : "%cc");
+:"=r"(c0), "=r"(c1), "=r"(c2) : "r"(sc0), "r"(sc1), "r"(sc2), "0"(c0), "1"(c1), "2"(c2) : "cc");

 #elif defined(TFM_PPC64)
 /* PPC64 */
@@ -831,17 +837,17 @@ asm(                              \

 /* multiplies point i and j, updates carry "c1" and digit c2 */
 #define SQRADD(i, j)             \
-asm(                             \
+__asm__(                             \
   " mulld  16,%6,%6       \n\t" \
   " addc   %0,%0,16       \n\t" \
   " mulhdu 16,%6,%6       \n\t" \
   " adde   %1,%1,16       \n\t" \
   " addze  %2,%2          \n\t" \
-:"=r"(c0), "=r"(c1), "=r"(c2):"0"(c0), "1"(c1), "2"(c2), "r"(i):"16","%cc");
+:"=r"(c0), "=r"(c1), "=r"(c2):"0"(c0), "1"(c1), "2"(c2), "r"(i):"16","cc");

 /* for squaring some of the terms are doubled... */
 #define SQRADD2(i, j)            \
-asm(                             \
+__asm__(                             \
   " mulld  16,%6,%7       \n\t" \
   " mulhdu 17,%6,%7       \n\t" \
   " addc   %0,%0,16       \n\t" \
@@ -850,33 +856,33 @@ asm(                             \
   " addc   %0,%0,16       \n\t" \
   " adde   %1,%1,17       \n\t" \
   " addze  %2,%2          \n\t" \
-:"=r"(c0), "=r"(c1), "=r"(c2):"0"(c0), "1"(c1), "2"(c2), "r"(i), "r"(j):"16", "17","%cc");
+:"=r"(c0), "=r"(c1), "=r"(c2):"0"(c0), "1"(c1), "2"(c2), "r"(i), "r"(j):"16", "17","cc");

 #define SQRADDSC(i, j)            \
-asm(                              \
+__asm__(                              \
   " mulld  %0,%6,%7        \n\t" \
   " mulhdu %1,%6,%7        \n\t" \
   " xor    %2,%2,%2        \n\t" \
-:"=r"(sc0), "=r"(sc1), "=r"(sc2):"0"(sc0), "1"(sc1), "2"(sc2), "r"(i),"r"(j) : "%cc");
+:"=r"(sc0), "=r"(sc1), "=r"(sc2):"0"(sc0), "1"(sc1), "2"(sc2), "r"(i),"r"(j) : "cc");

 #define SQRADDAC(i, j)           \
-asm(                             \
+__asm__(                             \
   " mulld  16,%6,%7       \n\t" \
   " addc   %0,%0,16       \n\t" \
   " mulhdu 16,%6,%7       \n\t" \
   " adde   %1,%1,16       \n\t" \
   " addze  %2,%2          \n\t" \
-:"=r"(sc0), "=r"(sc1), "=r"(sc2):"0"(sc0), "1"(sc1), "2"(sc2), "r"(i), "r"(j):"16", "%cc");
+:"=r"(sc0), "=r"(sc1), "=r"(sc2):"0"(sc0), "1"(sc1), "2"(sc2), "r"(i), "r"(j):"16", "cc");

 #define SQRADDDB                  \
-asm(                              \
+__asm__(                              \
   " addc   %0,%0,%3        \n\t" \
   " adde   %1,%1,%4        \n\t" \
   " adde   %2,%2,%5        \n\t" \
   " addc   %0,%0,%3        \n\t" \
   " adde   %1,%1,%4        \n\t" \
   " adde   %2,%2,%5        \n\t" \
-:"=r"(c0), "=r"(c1), "=r"(c2) : "r"(sc0), "r"(sc1), "r"(sc2), "0"(c0), "1"(c1), "2"(c2) : "%cc");
+:"=r"(c0), "=r"(c1), "=r"(c2) : "r"(sc0), "r"(sc1), "r"(sc2), "0"(c0), "1"(c1), "2"(c2) : "cc");


 #elif defined(TFM_AVR32)
@@ -901,7 +907,7 @@ asm(                              \

 /* multiplies point i and j, updates carry "c1" and digit c2 */
 #define SQRADD(i, j)             \
-asm(                             \
+__asm__(                             \
   " mulu.d r2,%6,%6       \n\t" \
   " add    %0,%0,r2       \n\t" \
   " adc    %1,%1,r3       \n\t" \
@@ -910,7 +916,7 @@ asm(                             \

 /* for squaring some of the terms are doubled... */
 #define SQRADD2(i, j)            \
-asm(                             \
+__asm__(                             \
   " mulu.d r2,%6,%7       \n\t" \
   " add    %0,%0,r2       \n\t" \
   " adc    %1,%1,r3       \n\t" \
@@ -921,7 +927,7 @@ asm(                             \
 :"=r"(c0), "=r"(c1), "=r"(c2):"0"(c0), "1"(c1), "2"(c2), "r"(i), "r"(j):"r2", "r3");

 #define SQRADDSC(i, j)            \
-asm(                              \
+__asm__(                              \
   " mulu.d r2,%6,%7        \n\t" \
   " mov    %0,r2           \n\t" \
   " mov    %1,r3           \n\t" \
@@ -929,7 +935,7 @@ asm(                              \
 :"=r"(sc0), "=r"(sc1), "=r"(sc2):"0"(sc0), "1"(sc1), "2"(sc2), "r"(i),"r"(j) : "r2", "r3");

 #define SQRADDAC(i, j)           \
-asm(                             \
+__asm__(                             \
   " mulu.d r2,%6,%7       \n\t" \
   " add    %0,%0,r2       \n\t" \
   " adc    %1,%1,r3       \n\t" \
@@ -937,14 +943,14 @@ asm(                             \
 :"=r"(sc0), "=r"(sc1), "=r"(sc2):"0"(sc0), "1"(sc1), "2"(sc2), "r"(i), "r"(j):"r2", "r3");

 #define SQRADDDB                  \
-asm(                              \
+__asm__(                              \
   " add    %0,%0,%3        \n\t" \
   " adc    %1,%1,%4        \n\t" \
   " adc    %2,%2,%5        \n\t" \
   " add    %0,%0,%3        \n\t" \
   " adc    %1,%1,%4        \n\t" \
   " adc    %2,%2,%5        \n\t" \
-:"=r"(c0), "=r"(c1), "=r"(c2) : "r"(sc0), "r"(sc1), "r"(sc2), "0"(c0), "1"(c1), "2"(c2) : "%cc");
+:"=r"(c0), "=r"(c1), "=r"(c2) : "r"(sc0), "r"(sc1), "r"(sc2), "0"(c0), "1"(c1), "2"(c2) : "cc");


 #else
@@ -972,8 +978,9 @@ asm(                              \
 /* multiplies point i and j, updates carry "c1" and digit c2 */
 #define SQRADD(i, j)                                 \
   do { fp_word t;                                   \
-   t = c0 + ((fp_word)i) * ((fp_word)j);  c0 = t;    \
-   t = c1 + (t >> DIGIT_BIT);             c1 = t; c2 += t >> DIGIT_BIT; \
+   t = c0 + ((fp_word)i) * ((fp_word)j);  c0 = (fp_digit)t;    \
+   t = c1 + (t >> DIGIT_BIT);             c1 = (fp_digit)t;    \
+                                          c2 +=(fp_digit) (t >> DIGIT_BIT); \
   } while (0);
  

@@ -981,10 +988,12 @@ asm(                              \
 #define SQRADD2(i, j)                                                 \
   do { fp_word t;                                                    \
   t  = ((fp_word)i) * ((fp_word)j);                                  \
-   tt = (fp_word)c0 + t;                 c0 = tt;                              \
-   tt = (fp_word)c1 + (tt >> DIGIT_BIT); c1 = tt; c2 += tt >> DIGIT_BIT;       \
-   tt = (fp_word)c0 + t;                 c0 = tt;                              \
-   tt = (fp_word)c1 + (tt >> DIGIT_BIT); c1 = tt; c2 += tt >> DIGIT_BIT;       \
+   tt = (fp_word)c0 + t;                 c0 = (fp_digit)tt;           \
+   tt = (fp_word)c1 + (tt >> DIGIT_BIT); c1 = (fp_digit)tt;           \
+                                         c2 +=(fp_digit)( tt >> DIGIT_BIT);    \
+   tt = (fp_word)c0 + t;                 c0 = (fp_digit)tt;                    \
+   tt = (fp_word)c1 + (tt >> DIGIT_BIT); c1 = (fp_digit)tt;            \
+                                         c2 +=(fp_digit) (tt >> DIGIT_BIT);    \
   } while (0);

 #define SQRADDSC(i, j)                                                         \
@@ -1056,13 +1065,13 @@ asm(                              \

 /* this should multiply i and j  */
 #define MULADD(i, j)                                      \
-asm(                                                      \
+__asm__(                                                      \
     "movl  %6,%%eax     \n\t"                            \
     "mull  %7           \n\t"                            \
     "addl  %%eax,%0     \n\t"                            \
     "adcl  %%edx,%1     \n\t"                            \
     "adcl  $0,%2        \n\t"                            \
-     :"=r"(c0), "=r"(c1), "=r"(c2): "0"(c0), "1"(c1), "2"(c2), "m"(i), "m"(j)  :"%eax","%edx","%cc");
+     :"=r"(c0), "=r"(c1), "=r"(c2): "0"(c0), "1"(c1), "2"(c2), "m"(i), "m"(j)  :"%eax","%edx","cc");

 #elif defined(TFM_X86_64)
 /* x86-64 optimized */
@@ -1091,13 +1100,13 @@ asm(                                                      \

 /* this should multiply i and j  */
 #define MULADD(i, j)                                      \
-asm  (                                                    \
+__asm__  (                                                    \
     "movq  %6,%%rax     \n\t"                            \
     "mulq  %7           \n\t"                            \
     "addq  %%rax,%0     \n\t"                            \
     "adcq  %%rdx,%1     \n\t"                            \
     "adcq  $0,%2        \n\t"                            \
-     :"=r"(c0), "=r"(c1), "=r"(c2): "0"(c0), "1"(c1), "2"(c2), "g"(i), "g"(j)  :"%rax","%rdx","%cc");
+     :"=r"(c0), "=r"(c1), "=r"(c2): "0"(c0), "1"(c1), "2"(c2), "g"(i), "g"(j)  :"%rax","%rdx","cc");

 #elif defined(TFM_SSE2)
 /* use SSE2 optimizations */
@@ -1123,11 +1132,11 @@ asm  (                                                    \

 /* anything you need at the end */
 #define COMBA_FINI \
-   asm("emms");
+   __asm__("emms");

 /* this should multiply i and j  */
 #define MULADD(i, j)                                     \
-asm(                                                     \
+__asm__(                                                     \
    "movd  %6,%%mm0     \n\t"                            \
    "movd  %7,%%mm1     \n\t"                            \
    "pmuludq %%mm1,%%mm0\n\t"                            \
@@ -1137,7 +1146,7 @@ asm(                                                     \
    "movd  %%mm0,%%eax  \n\t"                            \
    "adcl  %%eax,%1     \n\t"                            \
    "adcl  $0,%2        \n\t"                            \
-    :"=r"(c0), "=r"(c1), "=r"(c2): "0"(c0), "1"(c1), "2"(c2), "m"(i), "m"(j)  :"%eax","%cc");
+    :"=r"(c0), "=r"(c1), "=r"(c2): "0"(c0), "1"(c1), "2"(c2), "m"(i), "m"(j)  :"%eax","cc");

 #elif defined(TFM_ARM)
 /* ARM code */
@@ -1159,12 +1168,12 @@ asm(                                                     \
 #define COMBA_FINI

 #define MULADD(i, j)                                          \
-asm(                                                          \
+__asm__(                                                          \
 "  UMULL  r0,r1,%6,%7           \n\t"                         \
 "  ADDS   %0,%0,r0              \n\t"                         \
 "  ADCS   %1,%1,r1              \n\t"                         \
 "  ADC    %2,%2,#0              \n\t"                         \
-:"=r"(c0), "=r"(c1), "=r"(c2) : "0"(c0), "1"(c1), "2"(c2), "r"(i), "r"(j) : "r0", "r1", "%cc");
+:"=r"(c0), "=r"(c1), "=r"(c2) : "0"(c0), "1"(c1), "2"(c2), "r"(i), "r"(j) : "r0", "r1", "cc");

 #elif defined(TFM_PPC32)
 /* For 32-bit PPC */
@@ -1187,7 +1196,7 @@ asm(                                                          \
   
 /* untested: will mulhwu change the flags?  Docs say no */
 #define MULADD(i, j)              \
-asm(                              \
+__asm__(                              \
   " mullw  16,%6,%7       \n\t" \
   " addc   %0,%0,16       \n\t" \
   " mulhwu 16,%6,%7       \n\t" \
@@ -1216,7 +1225,7 @@ asm(                              \
   
 /* untested: will mulhwu change the flags?  Docs say no */
 #define MULADD(i, j)              \
-asm(                              \
+____asm__(                              \
   " mulld  16,%6,%7       \n\t" \
   " addc   %0,%0,16       \n\t" \
   " mulhdu 16,%6,%7       \n\t" \
@@ -1245,7 +1254,7 @@ asm(                              \
 #define COMBA_FINI 
   
 #define MULADD(i, j)             \
-asm(                             \
+____asm__(                             \
   " mulu.d r2,%6,%7        \n\t"\
   " add    %0,r2           \n\t"\
   " adc    %1,%1,r3        \n\t"\
@@ -1271,10 +1280,11 @@ asm(                             \

 #define COMBA_FINI 
   
-#define MULADD(i, j)                                                              \
-   do { fp_word t;                                                                \
-   t = (fp_word)c0 + ((fp_word)i) * ((fp_word)j); c0 = t;                         \
-   t = (fp_word)c1 + (t >> DIGIT_BIT);            c1 = t; c2 += t >> DIGIT_BIT;   \
+#define MULADD(i, j)                                                                                                                                  \
+   do { fp_word t;                                                    \
+   t = (fp_word)c0 + ((fp_word)i) * ((fp_word)j); c0 = (fp_digit)t;   \
+   t = (fp_word)c1 + (t >> DIGIT_BIT);                                \
+   c1 = (fp_digit)t; c2 += (fp_digit)(t >> DIGIT_BIT);                \
   } while (0);

 #endif
--- a/ctaocrypt/src/asn.c
+++ b/ctaocrypt/src/asn.c
--- a/ctaocrypt/src/blake2b.c
+++ b/ctaocrypt/src/blake2b.c
@@ -0,0 +1,467 @@
+/*
+   BLAKE2 reference source code package - reference C implementations
+
+   Written in 2012 by Samuel Neves <sneves@dei.uc.pt>
+
+   To the extent possible under law, the author(s) have dedicated all copyright
+   and related and neighboring rights to this software to the public domain
+   worldwide. This software is distributed without any warranty.
+
+   You should have received a copy of the CC0 Public Domain Dedication along with
+   this software. If not, see <http://creativecommons.org/publicdomain/zero/1.0/>.
+*/
+/* blake2b.c
+ *
+ * Copyright (C) 2006-2013 wolfSSL Inc.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#include <cyassl/ctaocrypt/settings.h>
+
+#ifdef HAVE_BLAKE2
+
+#include <cyassl/ctaocrypt/blake2.h>
+#include <cyassl/ctaocrypt/blake2-impl.h>
+
+
+static const word64 blake2b_IV[8] =
+{
+  0x6a09e667f3bcc908ULL, 0xbb67ae8584caa73bULL,
+  0x3c6ef372fe94f82bULL, 0xa54ff53a5f1d36f1ULL,
+  0x510e527fade682d1ULL, 0x9b05688c2b3e6c1fULL,
+  0x1f83d9abfb41bd6bULL, 0x5be0cd19137e2179ULL
+};
+
+static const byte blake2b_sigma[12][16] =
+{
+  {  0,  1,  2,  3,  4,  5,  6,  7,  8,  9, 10, 11, 12, 13, 14, 15 } ,
+  { 14, 10,  4,  8,  9, 15, 13,  6,  1, 12,  0,  2, 11,  7,  5,  3 } ,
+  { 11,  8, 12,  0,  5,  2, 15, 13, 10, 14,  3,  6,  7,  1,  9,  4 } ,
+  {  7,  9,  3,  1, 13, 12, 11, 14,  2,  6,  5, 10,  4,  0, 15,  8 } ,
+  {  9,  0,  5,  7,  2,  4, 10, 15, 14,  1, 11, 12,  6,  8,  3, 13 } ,
+  {  2, 12,  6, 10,  0, 11,  8,  3,  4, 13,  7,  5, 15, 14,  1,  9 } ,
+  { 12,  5,  1, 15, 14, 13,  4, 10,  0,  7,  6,  3,  9,  2,  8, 11 } ,
+  { 13, 11,  7, 14, 12,  1,  3,  9,  5,  0, 15,  4,  8,  6,  2, 10 } ,
+  {  6, 15, 14,  9, 11,  3,  0,  8, 12,  2, 13,  7,  1,  4, 10,  5 } ,
+  { 10,  2,  8,  4,  7,  6,  1,  5, 15, 11,  9, 14,  3, 12, 13 , 0 } ,
+  {  0,  1,  2,  3,  4,  5,  6,  7,  8,  9, 10, 11, 12, 13, 14, 15 } ,
+  { 14, 10,  4,  8,  9, 15, 13,  6,  1, 12,  0,  2, 11,  7,  5,  3 }
+};
+
+
+static INLINE int blake2b_set_lastnode( blake2b_state *S )
+{
+  S->f[1] = ~0ULL;
+  return 0;
+}
+
+static INLINE int blake2b_clear_lastnode( blake2b_state *S )
+{
+  S->f[1] = 0ULL;
+  return 0;
+}
+
+/* Some helper functions, not necessarily useful */
+static INLINE int blake2b_set_lastblock( blake2b_state *S )
+{
+  if( S->last_node ) blake2b_set_lastnode( S );
+
+  S->f[0] = ~0ULL;
+  return 0;
+}
+
+static INLINE int blake2b_clear_lastblock( blake2b_state *S )
+{
+  if( S->last_node ) blake2b_clear_lastnode( S );
+
+  S->f[0] = 0ULL;
+  return 0;
+}
+
+static INLINE int blake2b_increment_counter( blake2b_state *S, const word64
+                                             inc )
+{
+  S->t[0] += inc;
+  S->t[1] += ( S->t[0] < inc );
+  return 0;
+}
+
+
+
+/* Parameter-related functions */
+static INLINE int blake2b_param_set_digest_length( blake2b_param *P,
+                                                   const byte digest_length )
+{
+  P->digest_length = digest_length;
+  return 0;
+}
+
+static INLINE int blake2b_param_set_fanout( blake2b_param *P, const byte fanout)
+{
+  P->fanout = fanout;
+  return 0;
+}
+
+static INLINE int blake2b_param_set_max_depth( blake2b_param *P,
+                                               const byte depth )
+{
+  P->depth = depth;
+  return 0;
+}
+
+static INLINE int blake2b_param_set_leaf_length( blake2b_param *P,
+                                                 const word32 leaf_length )
+{
+  store32( &P->leaf_length, leaf_length );
+  return 0;
+}
+
+static INLINE int blake2b_param_set_node_offset( blake2b_param *P,
+                                                 const word64 node_offset )
+{
+  store64( &P->node_offset, node_offset );
+  return 0;
+}
+
+static INLINE int blake2b_param_set_node_depth( blake2b_param *P,
+                                                const byte node_depth )
+{
+  P->node_depth = node_depth;
+  return 0;
+}
+
+static INLINE int blake2b_param_set_inner_length( blake2b_param *P,
+                                                  const byte inner_length )
+{
+  P->inner_length = inner_length;
+  return 0;
+}
+
+static INLINE int blake2b_param_set_salt( blake2b_param *P,
+                                          const byte salt[BLAKE2B_SALTBYTES] )
+{
+  XMEMCPY( P->salt, salt, BLAKE2B_SALTBYTES );
+  return 0;
+}
+
+static INLINE int blake2b_param_set_personal( blake2b_param *P,
+                                    const byte personal[BLAKE2B_PERSONALBYTES] )
+{
+  XMEMCPY( P->personal, personal, BLAKE2B_PERSONALBYTES );
+  return 0;
+}
+
+static INLINE int blake2b_init0( blake2b_state *S )
+{
+  int i;
+  XMEMSET( S, 0, sizeof( blake2b_state ) );
+
+  for( i = 0; i < 8; ++i ) S->h[i] = blake2b_IV[i];
+
+  return 0;
+}
+
+/* init xors IV with input parameter block */
+int blake2b_init_param( blake2b_state *S, const blake2b_param *P )
+{
+  word32 i;
+  blake2b_init0( S );
+  byte *p = ( byte * )( P );
+
+  /* IV XOR ParamBlock */
+  for( i = 0; i < 8; ++i )
+    S->h[i] ^= load64( p + sizeof( S->h[i] ) * i );
+
+  return 0;
+}
+
+
+
+int blake2b_init( blake2b_state *S, const byte outlen )
+{
+  blake2b_param P[1];
+
+  if ( ( !outlen ) || ( outlen > BLAKE2B_OUTBYTES ) ) return -1;
+
+  P->digest_length = outlen;
+  P->key_length    = 0;
+  P->fanout        = 1;
+  P->depth         = 1;
+  store32( &P->leaf_length, 0 );
+  store64( &P->node_offset, 0 );
+  P->node_depth    = 0;
+  P->inner_length  = 0;
+  XMEMSET( P->reserved, 0, sizeof( P->reserved ) );
+  XMEMSET( P->salt,     0, sizeof( P->salt ) );
+  XMEMSET( P->personal, 0, sizeof( P->personal ) );
+  return blake2b_init_param( S, P );
+}
+
+
+int blake2b_init_key( blake2b_state *S, const byte outlen, const void *key,
+                      const byte keylen )
+{
+  blake2b_param P[1];
+
+  if ( ( !outlen ) || ( outlen > BLAKE2B_OUTBYTES ) ) return -1;
+
+  if ( !key || !keylen || keylen > BLAKE2B_KEYBYTES ) return -1;
+
+  P->digest_length = outlen;
+  P->key_length    = keylen;
+  P->fanout        = 1;
+  P->depth         = 1;
+  store32( &P->leaf_length, 0 );
+  store64( &P->node_offset, 0 );
+  P->node_depth    = 0;
+  P->inner_length  = 0;
+  XMEMSET( P->reserved, 0, sizeof( P->reserved ) );
+  XMEMSET( P->salt,     0, sizeof( P->salt ) );
+  XMEMSET( P->personal, 0, sizeof( P->personal ) );
+
+  if( blake2b_init_param( S, P ) < 0 ) return -1;
+
+  {
+    byte block[BLAKE2B_BLOCKBYTES];
+    XMEMSET( block, 0, BLAKE2B_BLOCKBYTES );
+    XMEMCPY( block, key, keylen );
+    blake2b_update( S, block, BLAKE2B_BLOCKBYTES );
+    secure_zero_memory( block, BLAKE2B_BLOCKBYTES ); /* Burn the key from */
+                                                     /*stack */
+  }
+  return 0;
+}
+
+static int blake2b_compress( blake2b_state *S,
+                             const byte block[BLAKE2B_BLOCKBYTES] )
+{
+  word64 m[16];
+  word64 v[16];
+  int i;
+
+  for( i = 0; i < 16; ++i )
+    m[i] = load64( block + i * sizeof( m[i] ) );
+
+  for( i = 0; i < 8; ++i )
+    v[i] = S->h[i];
+
+  v[ 8] = blake2b_IV[0];
+  v[ 9] = blake2b_IV[1];
+  v[10] = blake2b_IV[2];
+  v[11] = blake2b_IV[3];
+  v[12] = S->t[0] ^ blake2b_IV[4];
+  v[13] = S->t[1] ^ blake2b_IV[5];
+  v[14] = S->f[0] ^ blake2b_IV[6];
+  v[15] = S->f[1] ^ blake2b_IV[7];
+#define G(r,i,a,b,c,d) \
+  do { \
+    a = a + b + m[blake2b_sigma[r][2*i+0]]; \
+    d = rotr64(d ^ a, 32); \
+    c = c + d; \
+    b = rotr64(b ^ c, 24); \
+    a = a + b + m[blake2b_sigma[r][2*i+1]]; \
+    d = rotr64(d ^ a, 16); \
+    c = c + d; \
+    b = rotr64(b ^ c, 63); \
+  } while(0)
+#define ROUND(r)  \
+  do { \
+    G(r,0,v[ 0],v[ 4],v[ 8],v[12]); \
+    G(r,1,v[ 1],v[ 5],v[ 9],v[13]); \
+    G(r,2,v[ 2],v[ 6],v[10],v[14]); \
+    G(r,3,v[ 3],v[ 7],v[11],v[15]); \
+    G(r,4,v[ 0],v[ 5],v[10],v[15]); \
+    G(r,5,v[ 1],v[ 6],v[11],v[12]); \
+    G(r,6,v[ 2],v[ 7],v[ 8],v[13]); \
+    G(r,7,v[ 3],v[ 4],v[ 9],v[14]); \
+  } while(0)
+  ROUND( 0 );
+  ROUND( 1 );
+  ROUND( 2 );
+  ROUND( 3 );
+  ROUND( 4 );
+  ROUND( 5 );
+  ROUND( 6 );
+  ROUND( 7 );
+  ROUND( 8 );
+  ROUND( 9 );
+  ROUND( 10 );
+  ROUND( 11 );
+
+  for( i = 0; i < 8; ++i )
+    S->h[i] = S->h[i] ^ v[i] ^ v[i + 8];
+
+#undef G
+#undef ROUND
+  return 0;
+}
+
+/* inlen now in bytes */
+int blake2b_update( blake2b_state *S, const byte *in, word64 inlen )
+{
+  while( inlen > 0 )
+  {
+    word64 left = S->buflen;
+    word64 fill = 2 * BLAKE2B_BLOCKBYTES - left;
+
+    if( inlen > fill )
+    {
+      XMEMCPY( S->buf + left, in, (word)fill ); /* Fill buffer */
+      S->buflen += fill;
+      blake2b_increment_counter( S, BLAKE2B_BLOCKBYTES );
+      blake2b_compress( S, S->buf ); /* Compress */
+      XMEMCPY( S->buf, S->buf + BLAKE2B_BLOCKBYTES, BLAKE2B_BLOCKBYTES );
+              /* Shift buffer left */
+      S->buflen -= BLAKE2B_BLOCKBYTES;
+      in += fill;
+      inlen -= fill;
+    }
+    else /* inlen <= fill */
+    {
+      XMEMCPY( S->buf + left, in, (word)inlen );
+      S->buflen += inlen; /* Be lazy, do not compress */
+      in += inlen;
+      inlen -= inlen;
+    }
+  }
+
+  return 0;
+}
+
+/* Is this correct? */
+int blake2b_final( blake2b_state *S, byte *out, byte outlen )
+{
+  byte buffer[BLAKE2B_OUTBYTES];
+  int     i;
+
+  if( S->buflen > BLAKE2B_BLOCKBYTES )
+  {
+    blake2b_increment_counter( S, BLAKE2B_BLOCKBYTES );
+    blake2b_compress( S, S->buf );
+    S->buflen -= BLAKE2B_BLOCKBYTES;
+    XMEMCPY( S->buf, S->buf + BLAKE2B_BLOCKBYTES, (word)S->buflen );
+  }
+
+  blake2b_increment_counter( S, S->buflen );
+  blake2b_set_lastblock( S );
+  XMEMSET( S->buf + S->buflen, 0, (word)(2 * BLAKE2B_BLOCKBYTES - S->buflen) );
+         /* Padding */
+  blake2b_compress( S, S->buf );
+
+  for( i = 0; i < 8; ++i ) /* Output full hash to temp buffer */
+    store64( buffer + sizeof( S->h[i] ) * i, S->h[i] );
+
+  XMEMCPY( out, buffer, outlen );
+  return 0;
+}
+
+/* inlen, at least, should be word64. Others can be size_t. */
+int blake2b( byte *out, const void *in, const void *key, const byte outlen,
+             const word64 inlen, byte keylen )
+{
+  blake2b_state S[1];
+
+  /* Verify parameters */
+  if ( NULL == in ) return -1;
+
+  if ( NULL == out ) return -1;
+
+  if( NULL == key ) keylen = 0;
+
+  if( keylen > 0 )
+  {
+    if( blake2b_init_key( S, outlen, key, keylen ) < 0 ) return -1;
+  }
+  else
+  {
+    if( blake2b_init( S, outlen ) < 0 ) return -1;
+  }
+
+  blake2b_update( S, ( byte * )in, inlen );
+  blake2b_final( S, out, outlen );
+  return 0;
+}
+
+#if defined(BLAKE2B_SELFTEST)
+#include <string.h>
+#include "blake2-kat.h"
+int main( int argc, char **argv )
+{
+  byte key[BLAKE2B_KEYBYTES];
+  byte buf[KAT_LENGTH];
+
+  for( word32 i = 0; i < BLAKE2B_KEYBYTES; ++i )
+    key[i] = ( byte )i;
+
+  for( word32 i = 0; i < KAT_LENGTH; ++i )
+    buf[i] = ( byte )i;
+
+  for( word32 i = 0; i < KAT_LENGTH; ++i )
+  {
+    byte hash[BLAKE2B_OUTBYTES];
+    blake2b( hash, buf, key, BLAKE2B_OUTBYTES, i, BLAKE2B_KEYBYTES );
+
+    if( 0 != memcmp( hash, blake2b_keyed_kat[i], BLAKE2B_OUTBYTES ) )
+    {
+      puts( "error" );
+      return -1;
+    }
+  }
+
+  puts( "ok" );
+  return 0;
+}
+#endif
+
+
+/* CTaoCrypt API */
+
+/* Init Blake2b digest, track size incase final doesn't want to "remember" */
+int InitBlake2b(Blake2b* b2b, word32 digestSz)
+{
+    b2b->digestSz = digestSz;
+
+    return blake2b_init(b2b->S, (byte)digestSz);
+}
+
+
+/* Blake2b Update */
+int Blake2bUpdate(Blake2b* b2b, const byte* data, word32 sz)
+{
+    return blake2b_update(b2b->S, data, sz);
+}
+
+
+/* Blake2b Final, if pass in zero size we use init digestSz */
+int Blake2bFinal(Blake2b* b2b, byte* final, word32 requestSz)
+{
+    word32 sz = requestSz ? requestSz : b2b->digestSz;
+
+    return blake2b_final(b2b->S, final, (byte)sz);
+}
+
+
+/* end CTaoCrypt API */
+
+#endif  /* HAVE_BLAKE2 */
+
--- a/ctaocrypt/src/camellia.c
+++ b/ctaocrypt/src/camellia.c
--- a/ctaocrypt/src/coding.c
+++ b/ctaocrypt/src/coding.c
@@ -1,6 +1,6 @@
 /* coding.c
 *
- * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ * Copyright (C) 2006-2013 wolfSSL Inc.
 *
 * This file is part of CyaSSL.
 *
@@ -19,8 +19,17 @@
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
 */

+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif

-#include "coding.h"
+#include <cyassl/ctaocrypt/settings.h>
+
+#ifndef NO_CODING
+
+#include <cyassl/ctaocrypt/coding.h>
+#include <cyassl/ctaocrypt/error.h>
+#include <cyassl/ctaocrypt/logging.h>


 enum {
@@ -44,14 +53,15 @@ const byte base64Decode[] = { 62, BAD, BAD, BAD, 63,   /* + starts at 0x2B */
                            };


-int Base64Decode(const byte* in, word32 inLen, byte* out, word32* outLen)
+int Base64_Decode(const byte* in, word32 inLen, byte* out, word32* outLen)
 {
    word32 i = 0;
    word32 j = 0;
    word32 plainSz = inLen - ((inLen + (PEM_LINE_SZ - 1)) / PEM_LINE_SZ );
+    const byte maxIdx = (byte)sizeof(base64Decode) + 0x2B - 1;

    plainSz = (plainSz * 3 + 3) / 4;
-    if (plainSz > *outLen) return -1;
+    if (plainSz > *outLen) return BAD_FUNC_ARG;

    while (inLen > 3) {
        byte b1, b2, b3;
@@ -70,6 +80,16 @@ int Base64Decode(const byte* in, word32 inLen, byte* out, word32* outLen)
        if (e4 == PAD)
            pad4 = 1;

+        if (e1 < 0x2B || e2 < 0x2B || e3 < 0x2B || e4 < 0x2B) {
+            CYASSL_MSG("Bad Base64 Decode data, too small");
+            return ASN_INPUT_E;
+        }
+
+        if (e1 > maxIdx || e2 > maxIdx || e3 > maxIdx || e4 > maxIdx) {
+            CYASSL_MSG("Bad Base64 Decode data, too big");
+            return ASN_INPUT_E;
+        }
+
        e1 = base64Decode[e1 - 0x2B];
        e2 = base64Decode[e2 - 0x2B];
        e3 = (e3 == PAD) ? 0 : base64Decode[e3 - 0x2B];
@@ -88,19 +108,23 @@ int Base64Decode(const byte* in, word32 inLen, byte* out, word32* outLen)
            break;
        
        inLen -= 4;
-        if (in[j] == ' ' || in[j] == '\r' || in[j] == '\n') {
+        if (inLen && (in[j] == ' ' || in[j] == '\r' || in[j] == '\n')) {
            byte endLine = in[j++];
            inLen--;
-            while (endLine == ' ') {   /* allow trailing whitespace */
+            while (inLen && endLine == ' ') {   /* allow trailing whitespace */
                endLine = in[j++];
                inLen--;
            }
            if (endLine == '\r') {
-                endLine = in[j++];
-                inLen--;
+                if (inLen) {
+                    endLine = in[j++];
+                    inLen--;
+                }
+            }
+            if (endLine != '\n') {
+                CYASSL_MSG("Bad end of line in Base64 Decode");
+                return ASN_INPUT_E;
            }
-            if (endLine != '\n')
-                return -1;
        }
    }
    *outLen = i;
@@ -109,7 +133,7 @@ int Base64Decode(const byte* in, word32 inLen, byte* out, word32* outLen)
 }


-#if defined(OPENSSL_EXTRA) || defined (SESSION_CERTS) || defined(CYASSL_KEY_GEN) || defined(CYASSL_CERT_GEN)
+#if defined(OPENSSL_EXTRA) || defined (SESSION_CERTS) || defined(CYASSL_KEY_GEN) || defined(CYASSL_CERT_GEN) || defined(HAVE_WEBSERVER)

 static
 const byte base64Encode[] = { 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J',
@@ -124,7 +148,7 @@ const byte base64Encode[] = { 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J',


 /* porting assistance from yaSSL by Raphael HUCK */
-int Base64Encode(const byte* in, word32 inLen, byte* out, word32* outLen)
+int Base64_Encode(const byte* in, word32 inLen, byte* out, word32* outLen)
 {
    word32 i = 0,
           j = 0,
@@ -133,7 +157,7 @@ int Base64Encode(const byte* in, word32 inLen, byte* out, word32* outLen)
    word32 outSz = (inLen + 3 - 1) / 3 * 4;
    outSz += (outSz + PEM_LINE_SZ - 1) / PEM_LINE_SZ;  /* new lines */

-    if (outSz > *outLen) return -1;
+    if (outSz > *outLen) return BAD_FUNC_ARG;
    
    while (inLen > 2) {
        byte b1 = in[j++];
@@ -177,7 +201,7 @@ int Base64Encode(const byte* in, word32 inLen, byte* out, word32* outLen)

    out[i++] = '\n';
    if (i != outSz)
-        return -1;
+        return ASN_INPUT_E; 
    *outLen = outSz;

    return 0; 
@@ -190,16 +214,34 @@ const byte hexDecode[] = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9,
                           10, 11, 12, 13, 14, 15 
                         };  /* A starts at 0x41 not 0x3A */

-int Base16Decode(const byte* in, word32 inLen, byte* out, word32* outLen)
+int Base16_Decode(const byte* in, word32 inLen, byte* out, word32* outLen)
 {
    word32 inIdx  = 0;
    word32 outIdx = 0;

+    if (inLen == 1 && *outLen && in) {
+        byte b = in[inIdx++] - 0x30;  /* 0 starts at 0x30 */
+
+        /* sanity check */
+        if (b >=  sizeof(hexDecode)/sizeof(hexDecode[0]))
+            return ASN_INPUT_E;
+
+        b  = hexDecode[b];
+
+        if (b == BAD)
+            return ASN_INPUT_E;
+        
+        out[outIdx++] = b;
+
+        *outLen = outIdx;
+        return 0;
+    }
+
    if (inLen % 2)
-        return -1;
+        return BAD_FUNC_ARG;

    if (*outLen < (inLen / 2))
-        return -1;
+        return BAD_FUNC_ARG;

    while (inLen) {
        byte b  = in[inIdx++] - 0x30;  /* 0 starts at 0x30 */
@@ -207,15 +249,15 @@ int Base16Decode(const byte* in, word32 inLen, byte* out, word32* outLen)

        /* sanity checks */
        if (b >=  sizeof(hexDecode)/sizeof(hexDecode[0]))
-            return -1;
+            return ASN_INPUT_E;
        if (b2 >= sizeof(hexDecode)/sizeof(hexDecode[0]))
-            return -1;
+            return ASN_INPUT_E;

        b  = hexDecode[b];
        b2 = hexDecode[b2];

        if (b == BAD || b2 == BAD)
-            return -1;
+            return ASN_INPUT_E;
        
        out[outIdx++] = (b << 4) | b2;
        inLen -= 2;
@@ -226,4 +268,5 @@ int Base16Decode(const byte* in, word32 inLen, byte* out, word32* outLen)
 }


-#endif  /* OPENSSL_EXTRA */
+#endif  /* defined(OPENSSL_EXTRA) || defined (SESSION_CERTS) || defined(CYASSL_KEY_GEN) || defined(CYASSL_CERT_GEN) || defined(HAVE_WEBSERVER) */
+#endif /* NO_CODING */
--- a/ctaocrypt/src/compress.c
+++ b/ctaocrypt/src/compress.c
@@ -0,0 +1,169 @@
+/* compress.c
+ *
+ * Copyright (C) 2006-2013 wolfSSL Inc.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#include <cyassl/ctaocrypt/settings.h>
+
+#ifdef HAVE_LIBZ
+
+
+#include <cyassl/ctaocrypt/compress.h>
+#include <cyassl/ctaocrypt/error.h>
+#include <cyassl/ctaocrypt/logging.h>
+#ifdef NO_INLINE
+    #include <cyassl/ctaocrypt/misc.h>
+#else
+    #include <ctaocrypt/src/misc.c>
+#endif
+
+#include <zlib.h>
+
+
+/* alloc user allocs to work with zlib */
+static void* myAlloc(void* opaque, unsigned int item, unsigned int size)
+{
+    (void)opaque;
+    return XMALLOC(item * size, opaque, DYNAMIC_TYPE_LIBZ);
+}
+
+
+static void myFree(void* opaque, void* memory)
+{
+    (void)opaque;
+    XFREE(memory, opaque, DYNAMIC_TYPE_LIBZ);
+}
+
+
+#ifdef HAVE_MCAPI
+    #define DEFLATE_DEFAULT_WINDOWBITS  11
+    #define DEFLATE_DEFAULT_MEMLEVEL     1
+#else
+    #define DEFLATE_DEFAULT_WINDOWBITS 15
+    #define DEFLATE_DEFAULT_MEMLEVEL    8
+#endif
+
+
+int Compress(byte* out, word32 outSz, const byte* in, word32 inSz, word32 flags)
+/*
+ * out - pointer to destination buffer
+ * outSz - size of destination buffer
+ * in - pointer to source buffer to compress
+ * inSz - size of source to compress
+ * flags - flags to control how compress operates 
+ *
+ * return:
+ *    negative - error code
+ *    positive - bytes stored in out buffer
+ * 
+ * Note, the output buffer still needs to be larger than the input buffer.
+ * The right chunk of data won't compress at all, and the lookup table will
+ * add to the size of the output. The libz code says the compressed
+ * buffer should be srcSz + 0.1% + 12.
+ */
+{
+    z_stream stream;
+    int result = 0;
+
+    stream.next_in = (Bytef*)in;
+    stream.avail_in = (uInt)inSz;
+#ifdef MAXSEG_64K
+    /* Check for source > 64K on 16-bit machine: */
+    if ((uLong)stream.avail_in != inSz) return COMPRESS_INIT_E;
+#endif
+    stream.next_out = out;
+    stream.avail_out = (uInt)outSz;
+    if ((uLong)stream.avail_out != outSz) return COMPRESS_INIT_E;
+
+    stream.zalloc = (alloc_func)myAlloc;
+    stream.zfree = (free_func)myFree;
+    stream.opaque = (voidpf)0;
+
+    if (deflateInit2(&stream, Z_DEFAULT_COMPRESSION, Z_DEFLATED,
+                     DEFLATE_DEFAULT_WINDOWBITS, DEFLATE_DEFAULT_MEMLEVEL,
+                     flags ? Z_FIXED : Z_DEFAULT_STRATEGY) != Z_OK)
+        return COMPRESS_INIT_E;
+
+    if (deflate(&stream, Z_FINISH) != Z_STREAM_END) {
+        deflateEnd(&stream);
+        return COMPRESS_E;
+    }
+
+    result = (int)stream.total_out;
+
+    if (deflateEnd(&stream) != Z_OK)
+        result = COMPRESS_E;
+
+    return result;
+}
+
+
+int DeCompress(byte* out, word32 outSz, const byte* in, word32 inSz)
+/*
+ * out - pointer to destination buffer
+ * outSz - size of destination buffer
+ * in - pointer to source buffer to compress
+ * inSz - size of source to compress
+ * flags - flags to control how compress operates 
+ *
+ * return:
+ *    negative - error code
+ *    positive - bytes stored in out buffer
+ */ 
+{
+    z_stream stream;
+    int result = 0;
+
+    stream.next_in = (Bytef*)in;
+    stream.avail_in = (uInt)inSz;
+    /* Check for source > 64K on 16-bit machine: */
+    if ((uLong)stream.avail_in != inSz) return DECOMPRESS_INIT_E;
+
+    stream.next_out = out;
+    stream.avail_out = (uInt)outSz;
+    if ((uLong)stream.avail_out != outSz) return DECOMPRESS_INIT_E;
+
+    stream.zalloc = (alloc_func)myAlloc;
+    stream.zfree = (free_func)myFree;
+    stream.opaque = (voidpf)0;
+
+    if (inflateInit2(&stream, DEFLATE_DEFAULT_WINDOWBITS) != Z_OK)
+        return DECOMPRESS_INIT_E;
+
+    if (inflate(&stream, Z_FINISH) != Z_STREAM_END) {
+        inflateEnd(&stream);
+        return DECOMPRESS_E;
+    }
+    
+    result = (int)stream.total_out;
+
+    if (inflateEnd(&stream) != Z_OK)
+        result = DECOMPRESS_E;
+
+    return result;
+}
+
+
+#endif /* HAVE_LIBZ */
+
--- a/ctaocrypt/src/des3.c
+++ b/ctaocrypt/src/des3.c
@@ -1,6 +1,6 @@
 /* des3.c
 *
- * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ * Copyright (C) 2006-2013 wolfSSL Inc.
 *
 * This file is part of CyaSSL.
 *
@@ -19,17 +19,248 @@
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
 */

+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#include <cyassl/ctaocrypt/settings.h>

 #ifndef NO_DES3

-#include "des3.h"
+#include <cyassl/ctaocrypt/des3.h>
+
 #ifdef NO_INLINE
-    #include "misc.h"
+    #include <cyassl/ctaocrypt/misc.h>
 #else
-    #include "misc.c"
+    #include <ctaocrypt/src/misc.c>
 #endif


+#ifdef HAVE_CAVIUM
+    static void Des3_CaviumSetKey(Des3* des3, const byte* key, const byte* iv);
+    static void Des3_CaviumCbcEncrypt(Des3* des3, byte* out, const byte* in,
+                                      word32 length);
+    static void Des3_CaviumCbcDecrypt(Des3* des3, byte* out, const byte* in,
+                                      word32 length);
+#endif
+
+#ifdef STM32F2_CRYPTO
+    /*
+     * STM32F2 hardware DES/3DES support through the STM32F2 standard
+     * peripheral library. Documentation located in STM32F2xx Standard
+     * Peripheral Library document (See note in README).
+     */
+    #include "stm32f2xx.h"
+
+    void Des_SetKey(Des* des, const byte* key, const byte* iv, int dir)
+    {
+        word32 *dkey = des->key;
+
+        XMEMCPY(dkey, key, 8);
+        ByteReverseWords(dkey, dkey, 8);
+
+        Des_SetIV(des, iv);
+    }
+
+    void Des3_SetKey(Des3* des, const byte* key, const byte* iv, int dir)
+    {
+        word32 *dkey1 = des->key[0];
+        word32 *dkey2 = des->key[1];
+        word32 *dkey3 = des->key[2];
+
+        XMEMCPY(dkey1, key, 8);         /* set key 1 */
+        XMEMCPY(dkey2, key + 8, 8);     /* set key 2 */
+        XMEMCPY(dkey3, key + 16, 8);    /* set key 3 */
+
+        ByteReverseWords(dkey1, dkey1, 8);
+        ByteReverseWords(dkey2, dkey2, 8);
+        ByteReverseWords(dkey3, dkey3, 8);
+
+        Des3_SetIV(des, iv);
+    }
+
+    void DesCrypt(Des* des, byte* out, const byte* in, word32 sz,
+                  int dir, int mode)
+    {
+        word32 *dkey, *iv;
+        CRYP_InitTypeDef DES_CRYP_InitStructure;
+        CRYP_KeyInitTypeDef DES_CRYP_KeyInitStructure;
+        CRYP_IVInitTypeDef DES_CRYP_IVInitStructure;
+
+        dkey = des->key;
+        iv = des->reg;
+
+        /* crypto structure initialization */
+        CRYP_KeyStructInit(&DES_CRYP_KeyInitStructure);
+        CRYP_StructInit(&DES_CRYP_InitStructure);
+        CRYP_IVStructInit(&DES_CRYP_IVInitStructure);
+
+        /* reset registers to their default values */
+        CRYP_DeInit();
+
+        /* set direction, mode, and datatype */
+        if (dir == DES_ENCRYPTION) {
+            DES_CRYP_InitStructure.CRYP_AlgoDir  = CRYP_AlgoDir_Encrypt;
+        } else { /* DES_DECRYPTION */
+            DES_CRYP_InitStructure.CRYP_AlgoDir  = CRYP_AlgoDir_Decrypt;
+        }
+
+        if (mode == DES_CBC) {
+            DES_CRYP_InitStructure.CRYP_AlgoMode = CRYP_AlgoMode_DES_CBC;
+        } else { /* DES_ECB */
+            DES_CRYP_InitStructure.CRYP_AlgoMode = CRYP_AlgoMode_DES_ECB;
+        }
+
+        DES_CRYP_InitStructure.CRYP_DataType = CRYP_DataType_8b;
+        CRYP_Init(&DES_CRYP_InitStructure);
+
+        /* load key into correct registers */
+        DES_CRYP_KeyInitStructure.CRYP_Key1Left  = dkey[0];
+        DES_CRYP_KeyInitStructure.CRYP_Key1Right = dkey[1];
+        CRYP_KeyInit(&DES_CRYP_KeyInitStructure);
+
+        /* set iv */
+        ByteReverseWords(iv, iv, DES_BLOCK_SIZE);
+        DES_CRYP_IVInitStructure.CRYP_IV0Left  = iv[0];
+        DES_CRYP_IVInitStructure.CRYP_IV0Right = iv[1];
+        CRYP_IVInit(&DES_CRYP_IVInitStructure);
+
+        /* enable crypto processor */
+        CRYP_Cmd(ENABLE);
+
+        while (sz > 0)
+        {
+            /* flush IN/OUT FIFOs */
+            CRYP_FIFOFlush();
+
+            /* if input and output same will overwrite input iv */
+            XMEMCPY(des->tmp, in + sz - DES_BLOCK_SIZE, DES_BLOCK_SIZE);
+
+            CRYP_DataIn(*(uint32_t*)&in[0]);
+            CRYP_DataIn(*(uint32_t*)&in[4]);
+
+            /* wait until the complete message has been processed */
+            while(CRYP_GetFlagStatus(CRYP_FLAG_BUSY) != RESET) {}
+
+            *(uint32_t*)&out[0]  = CRYP_DataOut();
+            *(uint32_t*)&out[4]  = CRYP_DataOut();
+
+            /* store iv for next call */
+            XMEMCPY(des->reg, des->tmp, DES_BLOCK_SIZE);
+
+            sz  -= DES_BLOCK_SIZE;
+            in  += DES_BLOCK_SIZE;
+            out += DES_BLOCK_SIZE;
+        }
+
+        /* disable crypto processor */
+        CRYP_Cmd(DISABLE);
+    }
+
+    void Des_CbcEncrypt(Des* des, byte* out, const byte* in, word32 sz)
+    {
+        DesCrypt(des, out, in, sz, DES_ENCRYPTION, DES_CBC);
+    }
+
+    void Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 sz)
+    {
+        DesCrypt(des, out, in, sz, DES_DECRYPTION, DES_CBC);
+    }
+
+    void Des_EcbEncrypt(Des* des, byte* out, const byte* in, word32 sz)
+    {
+        DesCrypt(des, out, in, sz, DES_ENCRYPTION, DES_ECB);
+    }
+
+    void Des3Crypt(Des3* des, byte* out, const byte* in, word32 sz,
+                   int dir)
+    {
+        word32 *dkey1, *dkey2, *dkey3, *iv;
+        CRYP_InitTypeDef DES3_CRYP_InitStructure;
+        CRYP_KeyInitTypeDef DES3_CRYP_KeyInitStructure;
+        CRYP_IVInitTypeDef DES3_CRYP_IVInitStructure;
+
+        dkey1 = des->key[0];
+        dkey2 = des->key[1];
+        dkey3 = des->key[2];
+        iv = des->reg;
+
+        /* crypto structure initialization */
+        CRYP_KeyStructInit(&DES3_CRYP_KeyInitStructure);
+        CRYP_StructInit(&DES3_CRYP_InitStructure);
+        CRYP_IVStructInit(&DES3_CRYP_IVInitStructure);
+
+        /* reset registers to their default values */
+        CRYP_DeInit();
+
+        /* set direction, mode, and datatype */
+        if (dir == DES_ENCRYPTION) {
+            DES3_CRYP_InitStructure.CRYP_AlgoDir  = CRYP_AlgoDir_Encrypt;
+        } else {
+            DES3_CRYP_InitStructure.CRYP_AlgoDir  = CRYP_AlgoDir_Decrypt;
+        }
+
+        DES3_CRYP_InitStructure.CRYP_AlgoMode = CRYP_AlgoMode_TDES_CBC;
+        DES3_CRYP_InitStructure.CRYP_DataType = CRYP_DataType_8b;
+        CRYP_Init(&DES3_CRYP_InitStructure);
+
+        /* load key into correct registers */
+        DES3_CRYP_KeyInitStructure.CRYP_Key1Left  = dkey1[0];
+        DES3_CRYP_KeyInitStructure.CRYP_Key1Right = dkey1[1];
+        DES3_CRYP_KeyInitStructure.CRYP_Key2Left  = dkey2[0];
+        DES3_CRYP_KeyInitStructure.CRYP_Key2Right = dkey2[1];
+        DES3_CRYP_KeyInitStructure.CRYP_Key3Left  = dkey3[0];
+        DES3_CRYP_KeyInitStructure.CRYP_Key3Right = dkey3[1];
+        CRYP_KeyInit(&DES3_CRYP_KeyInitStructure);
+
+        /* set iv */
+        ByteReverseWords(iv, iv, DES_BLOCK_SIZE);
+        DES3_CRYP_IVInitStructure.CRYP_IV0Left  = iv[0];
+        DES3_CRYP_IVInitStructure.CRYP_IV0Right = iv[1];
+        CRYP_IVInit(&DES3_CRYP_IVInitStructure);
+
+        /* enable crypto processor */
+        CRYP_Cmd(ENABLE);
+
+        while (sz > 0)
+        {
+            /* flush IN/OUT FIFOs */
+            CRYP_FIFOFlush();
+
+            CRYP_DataIn(*(uint32_t*)&in[0]);
+            CRYP_DataIn(*(uint32_t*)&in[4]);
+
+            /* wait until the complete message has been processed */
+            while(CRYP_GetFlagStatus(CRYP_FLAG_BUSY) != RESET) {}
+
+            *(uint32_t*)&out[0]  = CRYP_DataOut();
+            *(uint32_t*)&out[4]  = CRYP_DataOut();
+
+            /* store iv for next call */
+            XMEMCPY(des->reg, out + sz - DES_BLOCK_SIZE, DES_BLOCK_SIZE);
+
+            sz  -= DES_BLOCK_SIZE;
+            in  += DES_BLOCK_SIZE;
+            out += DES_BLOCK_SIZE;
+        }
+
+        /* disable crypto processor */
+        CRYP_Cmd(DISABLE);
+
+    }
+
+    void Des3_CbcEncrypt(Des3* des, byte* out, const byte* in, word32 sz)
+    {
+        Des3Crypt(des, out, in, sz, DES_ENCRYPTION);
+    }
+
+    void Des3_CbcDecrypt(Des3* des, byte* out, const byte* in, word32 sz)
+    {
+        Des3Crypt(des, out, in, sz, DES_DECRYPTION);
+    }
+
+#else /* CTaoCrypt software implementation */
+
 /* permuted choice table (key) */
 static const byte pc1[] = {
       57, 49, 41, 33, 25, 17,  9,
@@ -326,22 +557,27 @@ static INLINE int Reverse(int dir)
 void Des_SetKey(Des* des, const byte* key, const byte* iv, int dir)
 {
    DesSetKey(key, dir, des->key);
-    
-    XMEMCPY(des->reg, iv, DES_BLOCK_SIZE);
+
+    Des_SetIV(des, iv);
 }


 void Des3_SetKey(Des3* des, const byte* key, const byte* iv, int dir)
 {
+#ifdef HAVE_CAVIUM
+    if (des->magic == CYASSL_3DES_CAVIUM_MAGIC)
+        return Des3_CaviumSetKey(des, key, iv);
+#endif
+
    DesSetKey(key + (dir == DES_ENCRYPTION ? 0 : 16), dir, des->key[0]);
    DesSetKey(key + 8, Reverse(dir), des->key[1]);
    DesSetKey(key + (dir == DES_DECRYPTION ? 0 : 16), dir, des->key[2]);
-    
-    XMEMCPY(des->reg, iv, DES_BLOCK_SIZE);
+
+    Des3_SetIV(des, iv);  
 }


-void DesRawProcessBlock(word32* lIn, word32* rIn, const word32* kptr)
+static void DesRawProcessBlock(word32* lIn, word32* rIn, const word32* kptr)
 {
    word32 l = *lIn, r = *rIn, i;

@@ -442,7 +678,7 @@ void Des_CbcEncrypt(Des* des, byte* out, const byte* in, word32 sz)
 void Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 sz)
 {
    word32 blocks = sz / DES_BLOCK_SIZE;
-    byte   hold[16];
+    byte   hold[DES_BLOCK_SIZE];

    while (blocks--) {
        XMEMCPY(des->tmp, in, DES_BLOCK_SIZE);
@@ -461,8 +697,14 @@ void Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 sz)

 void Des3_CbcEncrypt(Des3* des, byte* out, const byte* in, word32 sz)
 {
-    word32 blocks = sz / DES_BLOCK_SIZE;
+    word32 blocks;

+#ifdef HAVE_CAVIUM
+    if (des->magic == CYASSL_3DES_CAVIUM_MAGIC)
+        return Des3_CaviumCbcEncrypt(des, out, in, sz);
+#endif
+
+    blocks = sz / DES_BLOCK_SIZE;
    while (blocks--) {
        xorbuf((byte*)des->reg, in, DES_BLOCK_SIZE);
        Des3ProcessBlock(des, (byte*)des->reg, (byte*)des->reg);
@@ -476,8 +718,14 @@ void Des3_CbcEncrypt(Des3* des, byte* out, const byte* in, word32 sz)

 void Des3_CbcDecrypt(Des3* des, byte* out, const byte* in, word32 sz)
 {
-    word32 blocks = sz / DES_BLOCK_SIZE;
+    word32 blocks;

+#ifdef HAVE_CAVIUM
+    if (des->magic == CYASSL_3DES_CAVIUM_MAGIC)
+        return Des3_CaviumCbcDecrypt(des, out, in, sz);
+#endif
+
+    blocks = sz / DES_BLOCK_SIZE;
    while (blocks--) {
        XMEMCPY(des->tmp, in, DES_BLOCK_SIZE);
        Des3ProcessBlock(des, (byte*)des->tmp, out);
@@ -489,5 +737,149 @@ void Des3_CbcDecrypt(Des3* des, byte* out, const byte* in, word32 sz)
    }
 }

+#ifdef CYASSL_DES_ECB
+
+/* One block, compatibility only */
+void Des_EcbEncrypt(Des* des, byte* out, const byte* in, word32 sz)
+{
+    word32 blocks = sz / DES_BLOCK_SIZE;
+
+    while (blocks--) {
+        DesProcessBlock(des, in, out);
+
+        out += DES_BLOCK_SIZE;
+        in  += DES_BLOCK_SIZE; 
+    }
+}
+
+#endif /* CYASSL_DES_ECB */
+
+#endif /* STM32F2_CRYPTO */
+
+void Des_SetIV(Des* des, const byte* iv)
+{
+    if (des && iv)
+        XMEMCPY(des->reg, iv, DES_BLOCK_SIZE);
+}
+
+
+void Des3_SetIV(Des3* des, const byte* iv)
+{
+    if (des && iv)
+        XMEMCPY(des->reg, iv, DES_BLOCK_SIZE);
+}
+
+
+#ifdef HAVE_CAVIUM
+
+#include <cyassl/ctaocrypt/logging.h>
+#include "cavium_common.h"
+
+/* Initiliaze Des3 for use with Nitrox device */
+int Des3_InitCavium(Des3* des3, int devId)
+{
+    if (des3 == NULL)
+        return -1;
+
+    if (CspAllocContext(CONTEXT_SSL, &des3->contextHandle, devId) != 0)
+        return -1;
+
+    des3->devId = devId;
+    des3->magic = CYASSL_3DES_CAVIUM_MAGIC;
+   
+    return 0;
+}
+
+
+/* Free Des3 from use with Nitrox device */
+void Des3_FreeCavium(Des3* des3)
+{
+    if (des3 == NULL)
+        return;
+
+    if (des3->magic != CYASSL_3DES_CAVIUM_MAGIC)
+        return;
+
+    CspFreeContext(CONTEXT_SSL, des3->contextHandle, des3->devId);
+    des3->magic = 0;
+}
+
+
+static void Des3_CaviumSetKey(Des3* des3, const byte* key, const byte* iv)
+{
+    if (des3 == NULL)
+        return;
+
+    /* key[0] holds key, iv in reg */
+    XMEMCPY(des3->key[0], key, DES_BLOCK_SIZE*3);
+
+    Des3_SetIV(des3, iv);
+}
+
+
+static void Des3_CaviumCbcEncrypt(Des3* des3, byte* out, const byte* in,
+                                  word32 length)
+{
+    word   offset = 0;
+    word32 requestId;
+   
+    while (length > CYASSL_MAX_16BIT) {
+        word16 slen = (word16)CYASSL_MAX_16BIT;
+        if (CspEncrypt3Des(CAVIUM_BLOCKING, des3->contextHandle,
+                           CAVIUM_NO_UPDATE, slen, (byte*)in + offset,
+                           out + offset, (byte*)des3->reg, (byte*)des3->key[0],
+                           &requestId, des3->devId) != 0) {
+            CYASSL_MSG("Bad Cavium 3DES Cbc Encrypt");
+        }
+        length -= CYASSL_MAX_16BIT;
+        offset += CYASSL_MAX_16BIT;
+        XMEMCPY(des3->reg, out + offset - DES_BLOCK_SIZE, DES_BLOCK_SIZE);
+    }
+    if (length) {
+        word16 slen = (word16)length;
+
+        if (CspEncrypt3Des(CAVIUM_BLOCKING, des3->contextHandle,
+                           CAVIUM_NO_UPDATE, slen, (byte*)in + offset,
+                           out + offset, (byte*)des3->reg, (byte*)des3->key[0],
+                           &requestId, des3->devId) != 0) {
+            CYASSL_MSG("Bad Cavium 3DES Cbc Encrypt");
+        }
+        XMEMCPY(des3->reg, out+offset+length - DES_BLOCK_SIZE, DES_BLOCK_SIZE);
+    }
+}
+
+static void Des3_CaviumCbcDecrypt(Des3* des3, byte* out, const byte* in,
+                                  word32 length)
+{
+    word32 requestId;
+    word   offset = 0;
+
+    while (length > CYASSL_MAX_16BIT) {
+        word16 slen = (word16)CYASSL_MAX_16BIT;
+        XMEMCPY(des3->tmp, in + offset + slen - DES_BLOCK_SIZE, DES_BLOCK_SIZE);
+        if (CspDecrypt3Des(CAVIUM_BLOCKING, des3->contextHandle,
+                           CAVIUM_NO_UPDATE, slen, (byte*)in+offset, out+offset,
+                           (byte*)des3->reg, (byte*)des3->key[0], &requestId,
+                           des3->devId) != 0) {
+            CYASSL_MSG("Bad Cavium 3Des Decrypt");
+        }
+        length -= CYASSL_MAX_16BIT;
+        offset += CYASSL_MAX_16BIT;
+        XMEMCPY(des3->reg, des3->tmp, DES_BLOCK_SIZE);
+    }
+    if (length) {
+        word16 slen = (word16)length;
+        XMEMCPY(des3->tmp, in + offset + slen - DES_BLOCK_SIZE,DES_BLOCK_SIZE);
+        if (CspDecrypt3Des(CAVIUM_BLOCKING, des3->contextHandle,
+                           CAVIUM_NO_UPDATE, slen, (byte*)in+offset, out+offset,
+                           (byte*)des3->reg, (byte*)des3->key[0], &requestId,
+                           des3->devId) != 0) {
+            CYASSL_MSG("Bad Cavium 3Des Decrypt");
+        }
+        XMEMCPY(des3->reg, des3->tmp, DES_BLOCK_SIZE);
+    }
+}
+
+#endif /* HAVE_CAVIUM */

 #endif /* NO_DES3 */
--- a/ctaocrypt/src/dh.c
+++ b/ctaocrypt/src/dh.c
@@ -1,6 +1,6 @@
 /* dh.c
 *
- * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ * Copyright (C) 2006-2013 wolfSSL Inc.
 *
 * This file is part of CyaSSL.
 *
@@ -19,10 +19,16 @@
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
 */

+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#include <cyassl/ctaocrypt/settings.h>
+
 #ifndef NO_DH

-#include "ctc_dh.h"
-#include "error.h"
+#include <cyassl/ctaocrypt/dh.h>
+#include <cyassl/ctaocrypt/error.h>

 #ifndef USER_MATH_LIB
    #include <math.h>
@@ -33,7 +39,6 @@
 #endif


-
 #ifndef min

    static INLINE word32 min(word32 a, word32 b)
@@ -44,9 +49,9 @@
 #endif /* min */


-
 void InitDhKey(DhKey* key)
 {
+    (void)key;
 /* TomsFastMath doesn't use memory allocation */
 #ifndef USE_FAST_MATH
    key->p.dp = 0;
@@ -57,6 +62,7 @@ void InitDhKey(DhKey* key)

 void FreeDhKey(DhKey* key)
 {
+    (void)key;
 /* TomsFastMath doesn't use memory allocation */
 #ifndef USE_FAST_MATH
    mp_clear(&key->p);
@@ -79,8 +85,8 @@ static word32 DiscreteLogWorkFactor(word32 n)
 static void GeneratePrivate(DhKey* key, RNG* rng, byte* priv, word32* privSz)
 {
    word32 sz = mp_unsigned_bin_size(&key->p);
-    sz = min(sz, 2 * DiscreteLogWorkFactor(sz * BIT_SIZE) / BIT_SIZE + 1);
-
+    sz = min(sz, 2 * DiscreteLogWorkFactor(sz * CYASSL_BIT_SIZE) /
+                                           CYASSL_BIT_SIZE + 1);
    RNG_GenerateBlock(rng, priv, sz);
    priv[0] |= 0x0C;

--- a/ctaocrypt/src/dsa.c
+++ b/ctaocrypt/src/dsa.c
@@ -1,6 +1,6 @@
 /* dsa.c
 *
- * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ * Copyright (C) 2006-2013 wolfSSL Inc.
 *
 * This file is part of CyaSSL.
 *
@@ -19,17 +19,23 @@
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
 */

+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#include <cyassl/ctaocrypt/settings.h>
+
 #ifndef NO_DSA

-#include "ctc_dsa.h"
-#include "ctc_sha.h"
-#include "random.h"
-#include "error.h"
+#include <cyassl/ctaocrypt/dsa.h>
+#include <cyassl/ctaocrypt/sha.h>
+#include <cyassl/ctaocrypt/random.h>
+#include <cyassl/ctaocrypt/error.h>


 enum {
    DSA_HALF_SIZE = 20,   /* r and s size  */
-    DSA_SIG_SIZE  = 40    /* signaure size */
+    DSA_SIG_SIZE  = 40    /* signature size */
 };


@@ -45,7 +51,7 @@ enum {

 void InitDsaKey(DsaKey* key)
 {
-    key->type = -1;  /* haven't decdied yet */
+    key->type = -1;  /* haven't decided yet */

 /* TomsFastMath doesn't use memory allocation */
 #ifndef USE_FAST_MATH
@@ -61,6 +67,7 @@ void InitDsaKey(DsaKey* key)

 void FreeDsaKey(DsaKey* key)
 {
+    (void)key;
 /* TomsFastMath doesn't use memory allocation */
 #ifndef USE_FAST_MATH
    if (key->type == DSA_PRIVATE)
--- a/ctaocrypt/src/ecc.c
+++ b/ctaocrypt/src/ecc.c
--- a/ctaocrypt/src/ecc_fp.c
+++ b/ctaocrypt/src/ecc_fp.c
@@ -0,0 +1 @@
+/* dummy ecc_fp.c for dist */
--- a/ctaocrypt/src/error.c
+++ b/ctaocrypt/src/error.c
@@ -0,0 +1,329 @@
+/* error.c
+ *
+ * Copyright (C) 2006-2013 wolfSSL Inc.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+ 
+#include <cyassl/ctaocrypt/settings.h>
+
+#include <cyassl/ctaocrypt/error.h>
+
+#ifdef _MSC_VER
+    /* 4996 warning to use MS extensions e.g., strcpy_s instead of XSTRNCPY */
+    #pragma warning(disable: 4996)
+#endif
+
+
+void CTaoCryptErrorString(int error, char* buffer)
+{
+    const int max = MAX_ERROR_SZ;   /* shorthand */
+
+#ifdef NO_ERROR_STRINGS
+
+    (void)error;
+    XSTRNCPY(buffer, "no support for error strings built in", max);
+
+#else
+
+    switch (error) {
+
+    case OPEN_RAN_E :        
+        XSTRNCPY(buffer, "opening random device error", max);
+        break;
+
+    case READ_RAN_E :
+        XSTRNCPY(buffer, "reading random device error", max);
+        break;
+
+    case WINCRYPT_E :
+        XSTRNCPY(buffer, "windows crypt init error", max);
+        break;
+
+    case CRYPTGEN_E : 
+        XSTRNCPY(buffer, "windows crypt generation error", max);
+        break;
+
+    case RAN_BLOCK_E : 
+        XSTRNCPY(buffer, "random device read would block error", max);
+        break;
+
+    case MP_INIT_E :
+        XSTRNCPY(buffer, "mp_init error state", max);
+        break;
+
+    case MP_READ_E :
+        XSTRNCPY(buffer, "mp_read error state", max);
+        break;
+
+    case MP_EXPTMOD_E :
+        XSTRNCPY(buffer, "mp_exptmod error state", max);
+        break;
+
+    case MP_TO_E :
+        XSTRNCPY(buffer, "mp_to_xxx error state, can't convert", max);
+        break;
+
+    case MP_SUB_E :
+        XSTRNCPY(buffer, "mp_sub error state, can't subtract", max);
+        break;
+
+    case MP_ADD_E :
+        XSTRNCPY(buffer, "mp_add error state, can't add", max);
+        break;
+
+    case MP_MUL_E :
+        XSTRNCPY(buffer, "mp_mul error state, can't multiply", max);
+        break;
+
+    case MP_MULMOD_E :
+        XSTRNCPY(buffer, "mp_mulmod error state, can't multiply mod", max);
+        break;
+
+    case MP_MOD_E :
+        XSTRNCPY(buffer, "mp_mod error state, can't mod", max);
+        break;
+
+    case MP_INVMOD_E :
+        XSTRNCPY(buffer, "mp_invmod error state, can't inv mod", max);
+        break; 
+        
+    case MP_CMP_E :
+        XSTRNCPY(buffer, "mp_cmp error state", max);
+        break; 
+        
+    case MP_ZERO_E :
+        XSTRNCPY(buffer, "mp zero result, not expected", max);
+        break; 
+        
+    case MEMORY_E :
+        XSTRNCPY(buffer, "out of memory error", max);
+        break;
+
+    case RSA_WRONG_TYPE_E :
+        XSTRNCPY(buffer, "RSA wrong block type for RSA function", max);
+        break; 
+
+    case RSA_BUFFER_E :
+        XSTRNCPY(buffer, "RSA buffer error, output too small or input too big",
+                max);
+        break; 
+
+    case BUFFER_E :
+        XSTRNCPY(buffer, "Buffer error, output too small or input too big",max);
+        break; 
+
+    case ALGO_ID_E :
+        XSTRNCPY(buffer, "Setting Cert AlogID error", max);
+        break; 
+
+    case PUBLIC_KEY_E :
+        XSTRNCPY(buffer, "Setting Cert Public Key error", max);
+        break; 
+
+    case DATE_E :
+        XSTRNCPY(buffer, "Setting Cert Date validity error", max);
+        break; 
+
+    case SUBJECT_E :
+        XSTRNCPY(buffer, "Setting Cert Subject name error", max);
+        break; 
+
+    case ISSUER_E :
+        XSTRNCPY(buffer, "Setting Cert Issuer name error", max);
+        break; 
+
+    case CA_TRUE_E :
+        XSTRNCPY(buffer, "Setting basic constraint CA true error", max);
+        break; 
+
+    case EXTENSIONS_E :
+        XSTRNCPY(buffer, "Setting extensions error", max);
+        break; 
+
+    case ASN_PARSE_E :
+        XSTRNCPY(buffer, "ASN parsing error, invalid input", max);
+        break;
+
+    case ASN_VERSION_E :
+        XSTRNCPY(buffer, "ASN version error, invalid number", max);
+        break;
+
+    case ASN_GETINT_E :
+        XSTRNCPY(buffer, "ASN get big int error, invalid data", max);
+        break;
+
+    case ASN_RSA_KEY_E :
+        XSTRNCPY(buffer, "ASN key init error, invalid input", max);
+        break;
+
+    case ASN_OBJECT_ID_E :
+        XSTRNCPY(buffer, "ASN object id error, invalid id", max);
+        break;
+
+    case ASN_TAG_NULL_E :
+        XSTRNCPY(buffer, "ASN tag error, not null", max);
+        break;
+
+    case ASN_EXPECT_0_E :
+        XSTRNCPY(buffer, "ASN expect error, not zero", max);
+        break;
+
+    case ASN_BITSTR_E :
+        XSTRNCPY(buffer, "ASN bit string error, wrong id", max);
+        break;
+
+    case ASN_UNKNOWN_OID_E :
+        XSTRNCPY(buffer, "ASN oid error, unknown sum id", max);
+        break;
+
+    case ASN_DATE_SZ_E :
+        XSTRNCPY(buffer, "ASN date error, bad size", max);
+        break;
+
+    case ASN_BEFORE_DATE_E :
+        XSTRNCPY(buffer, "ASN date error, current date before", max);
+        break;
+
+    case ASN_AFTER_DATE_E :
+        XSTRNCPY(buffer, "ASN date error, current date after", max);
+        break;
+
+    case ASN_SIG_OID_E :
+        XSTRNCPY(buffer, "ASN signature error, mismatched oid", max);
+        break;
+
+    case ASN_TIME_E :
+        XSTRNCPY(buffer, "ASN time error, unkown time type", max);
+        break;
+
+    case ASN_INPUT_E :
+        XSTRNCPY(buffer, "ASN input error, not enough data", max);
+        break;
+
+    case ASN_SIG_CONFIRM_E :
+        XSTRNCPY(buffer, "ASN sig error, confirm failure", max);
+        break;
+
+    case ASN_SIG_HASH_E :
+        XSTRNCPY(buffer, "ASN sig error, unsupported hash type", max);
+        break;
+
+    case ASN_SIG_KEY_E :
+        XSTRNCPY(buffer, "ASN sig error, unsupported key type", max);
+        break;
+
+    case ASN_DH_KEY_E :
+        XSTRNCPY(buffer, "ASN key init error, invalid input", max);
+        break;
+
+    case ASN_NTRU_KEY_E :
+        XSTRNCPY(buffer, "ASN NTRU key decode error, invalid input", max);
+        break;
+
+    case ECC_BAD_ARG_E :
+        XSTRNCPY(buffer, "ECC input argument wrong type, invalid input", max);
+        break;
+
+    case ASN_ECC_KEY_E :
+        XSTRNCPY(buffer, "ECC ASN1 bad key data, invalid input", max);
+        break;
+
+    case ECC_CURVE_OID_E :
+        XSTRNCPY(buffer, "ECC curve sum OID unsupported, invalid input", max);
+        break;
+
+    case BAD_FUNC_ARG :
+        XSTRNCPY(buffer, "Bad function argument", max);
+        break;
+
+    case NOT_COMPILED_IN :
+        XSTRNCPY(buffer, "Feature not compiled in", max);
+        break;
+
+    case UNICODE_SIZE_E :
+        XSTRNCPY(buffer, "Unicode password too big", max);
+        break;
+
+    case NO_PASSWORD :
+        XSTRNCPY(buffer, "No password provided by user", max);
+        break;
+
+    case ALT_NAME_E :
+        XSTRNCPY(buffer, "Alt Name problem, too big", max);
+        break;
+
+    case AES_GCM_AUTH_E:
+        XSTRNCPY(buffer, "AES-GCM Authentication check fail", max);
+        break;
+
+    case AES_CCM_AUTH_E:
+        XSTRNCPY(buffer, "AES-CCM Authentication check fail", max);
+        break;
+
+    case CAVIUM_INIT_E:
+        XSTRNCPY(buffer, "Cavium Init type error", max);
+        break;
+
+    case COMPRESS_INIT_E:
+        XSTRNCPY(buffer, "Compress Init error", max);
+        break;
+
+    case COMPRESS_E:
+        XSTRNCPY(buffer, "Compress error", max);
+        break;
+
+    case DECOMPRESS_INIT_E:
+        XSTRNCPY(buffer, "DeCompress Init error", max);
+        break;
+
+    case DECOMPRESS_E:
+        XSTRNCPY(buffer, "DeCompress error", max);
+        break;
+
+    case BAD_ALIGN_E:
+        XSTRNCPY(buffer, "Bad alignment error, no alloc help", max);
+        break;
+
+    case ASN_NO_SIGNER_E :
+        XSTRNCPY(buffer, "ASN no signer error to confirm failure", max);
+        break;
+
+    case ASN_CRL_CONFIRM_E :
+        XSTRNCPY(buffer, "ASN CRL sig error, confirm failure", max);
+        break;
+
+    case ASN_CRL_NO_SIGNER_E :
+        XSTRNCPY(buffer, "ASN CRL no signer error to confirm failure", max);
+        break;
+
+    case ASN_OCSP_CONFIRM_E :
+        XSTRNCPY(buffer, "ASN OCSP sig error, confirm failure", max);
+        break;
+
+    default:
+        XSTRNCPY(buffer, "unknown error number", max);
+
+    }
+
+#endif /* NO_ERROR_STRINGS */
+
+}
--- a/ctaocrypt/src/fp_mont_small.i
+++ b/ctaocrypt/src/fp_mont_small.i
@@ -1,3 +1,25 @@
+/* fp_mont_small.i
+ *
+ * Copyright (C) 2006-2013 wolfSSL Inc.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+
 #ifdef TFM_SMALL_MONT_SET
 /* computes x/R == x (mod N) via Montgomery Reduction */
 void fp_montgomery_reduce_small(fp_int *a, fp_int *m, fp_digit mp)
--- a/ctaocrypt/src/fp_mul_comba_12.i
+++ b/ctaocrypt/src/fp_mul_comba_12.i
@@ -1,3 +1,25 @@
+/* fp_mul_comba_12.i
+ *
+ * Copyright (C) 2006-2013 wolfSSL Inc.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+
 #ifdef TFM_MUL12
 void fp_mul_comba12(fp_int *A, fp_int *B, fp_int *C)
 {
--- a/ctaocrypt/src/fp_mul_comba_17.i
+++ b/ctaocrypt/src/fp_mul_comba_17.i
@@ -1,3 +1,25 @@
+/* fp_mul_comba_17.i
+ *
+ * Copyright (C) 2006-2013 wolfSSL Inc.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+
 #ifdef TFM_MUL17
 void fp_mul_comba17(fp_int *A, fp_int *B, fp_int *C)
 {
--- a/ctaocrypt/src/fp_mul_comba_20.i
+++ b/ctaocrypt/src/fp_mul_comba_20.i
@@ -1,3 +1,24 @@
+/* fp_mul_comba_20.i
+ *
+ * Copyright (C) 2006-2013 wolfSSL Inc.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
 #ifdef TFM_MUL20
 void fp_mul_comba20(fp_int *A, fp_int *B, fp_int *C)
 {
--- a/ctaocrypt/src/fp_mul_comba_24.i
+++ b/ctaocrypt/src/fp_mul_comba_24.i
@@ -1,3 +1,25 @@
+/* fp_mul_comba_24.i
+ *
+ * Copyright (C) 2006-2013 wolfSSL Inc.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+
 #ifdef TFM_MUL24
 void fp_mul_comba24(fp_int *A, fp_int *B, fp_int *C)
 {
--- a/ctaocrypt/src/fp_mul_comba_28.i
+++ b/ctaocrypt/src/fp_mul_comba_28.i
@@ -1,3 +1,25 @@
+/* fp_mul_comba_28.i
+ *
+ * Copyright (C) 2006-2013 wolfSSL Inc.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+
 #ifdef TFM_MUL28
 void fp_mul_comba28(fp_int *A, fp_int *B, fp_int *C)
 {
--- a/ctaocrypt/src/fp_mul_comba_3.i
+++ b/ctaocrypt/src/fp_mul_comba_3.i
@@ -1,3 +1,25 @@
+/* fp_mul_comba_3.i
+ *
+ * Copyright (C) 2006-2013 wolfSSL Inc.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+
 #ifdef TFM_MUL3
 void fp_mul_comba3(fp_int *A, fp_int *B, fp_int *C)
 {
--- a/ctaocrypt/src/fp_mul_comba_32.i
+++ b/ctaocrypt/src/fp_mul_comba_32.i
@@ -1,3 +1,25 @@
+/* fp_mul_comba_32.i
+ *
+ * Copyright (C) 2006-2013 wolfSSL Inc.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+
 #ifdef TFM_MUL32
 void fp_mul_comba32(fp_int *A, fp_int *B, fp_int *C)
 {
--- a/ctaocrypt/src/fp_mul_comba_4.i
+++ b/ctaocrypt/src/fp_mul_comba_4.i
@@ -1,3 +1,25 @@
+/* fp_mul_comba_4.i
+ *
+ * Copyright (C) 2006-2013 wolfSSL Inc.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+
 #ifdef TFM_MUL4
 void fp_mul_comba4(fp_int *A, fp_int *B, fp_int *C)
 {
--- a/ctaocrypt/src/fp_mul_comba_48.i
+++ b/ctaocrypt/src/fp_mul_comba_48.i
@@ -1,3 +1,25 @@
+/* fp_mul_comba_48.i
+ *
+ * Copyright (C) 2006-2013 wolfSSL Inc.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+
 #ifdef TFM_MUL48
 void fp_mul_comba48(fp_int *A, fp_int *B, fp_int *C)
 {
--- a/ctaocrypt/src/fp_mul_comba_6.i
+++ b/ctaocrypt/src/fp_mul_comba_6.i
@@ -1,3 +1,25 @@
+/* fp_mul_comba_6.i
+ *
+ * Copyright (C) 2006-2013 wolfSSL Inc.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+
 #ifdef TFM_MUL6
 void fp_mul_comba6(fp_int *A, fp_int *B, fp_int *C)
 {
--- a/ctaocrypt/src/fp_mul_comba_64.i
+++ b/ctaocrypt/src/fp_mul_comba_64.i
@@ -1,3 +1,25 @@
+/* fp_mul_comba_64.i
+ *
+ * Copyright (C) 2006-2013 wolfSSL Inc.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+
 #ifdef TFM_MUL64
 void fp_mul_comba64(fp_int *A, fp_int *B, fp_int *C)
 {
--- a/ctaocrypt/src/fp_mul_comba_7.i
+++ b/ctaocrypt/src/fp_mul_comba_7.i
@@ -1,3 +1,25 @@
+/* fp_mul_comba_7.i
+ *
+ * Copyright (C) 2006-2013 wolfSSL Inc.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+
 #ifdef TFM_MUL7
 void fp_mul_comba7(fp_int *A, fp_int *B, fp_int *C)
 {
--- a/ctaocrypt/src/fp_mul_comba_8.i
+++ b/ctaocrypt/src/fp_mul_comba_8.i
@@ -1,3 +1,25 @@
+/* fp_mul_comba_8.i
+ *
+ * Copyright (C) 2006-2013 wolfSSL Inc.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+
 #ifdef TFM_MUL8
 void fp_mul_comba8(fp_int *A, fp_int *B, fp_int *C)
 {
--- a/ctaocrypt/src/fp_mul_comba_9.i
+++ b/ctaocrypt/src/fp_mul_comba_9.i
@@ -1,3 +1,25 @@
+/* fp_mul_comba_9.i
+ *
+ * Copyright (C) 2006-2013 wolfSSL Inc.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+
 #ifdef TFM_MUL9
 void fp_mul_comba9(fp_int *A, fp_int *B, fp_int *C)
 {
--- a/Show More
+++ b/Show More