bump dev version

allow ecc.c to read settings
minor warnings fixes
2012-11-14 17:57:27 -08:00 · 2012-11-14 17:55:20 -08:00 · 2012-11-13 18:32:13 -08:00 · 2012-11-12 14:25:59 -07:00 · 2012-11-07 17:10:34 -08:00 · 2012-11-06 14:33:56 -08:00
146 changed files with 27083 additions and 3289 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,4 @@
+*.swp
 *.lo
 *.la
 *.o
@@ -11,9 +12,12 @@ config*
 *Release/
 *.ncb
 *.suo
+build-aux/
+rpm/spec
 stamp-h
 libtool.m4
 aclocal.m4
+aminclude.am
 lt*.m4
 INSTALL
 Makefile.in
@@ -23,6 +27,7 @@ missing
 libtool
 tags
 .tags*
+cyassl-config
 cyassl.sublime*
 ctaocrypt/benchmark/benchmark
 ctaocrypt/test/testctaocrypt
@@ -62,10 +67,11 @@ autoscan.log
 TAGS
 .DS_Store
 support/libcyassl.pc
-cyassl/version.h
 cyassl/ctaocrypt/stamp-h1
 swig/_cyassl.so
 swig/cyassl.py
 swig/cyassl.pyc
 swig/cyassl_wrap.c
 stamp-h1
+clang_output_*
+internal.plist
--- a/Makefile.am
+++ b/Makefile.am
@@ -15,15 +15,16 @@ check_PROGRAMS =
 EXTRA_HEADERS =
 BUILT_SOURCES=
 EXTRA_DIST=
-doc_DATA=
+dist_doc_DATA=

-exampledir = $(docdir)/@PACKAGE@/example
-example_DATA=
-EXTRA_DIST+= $(example_DATA)
+#includes additional rules from aminclude.am
+@INC_AMINCLUDE@
+DISTCLEANFILES+= aminclude.am

-EXTRA_DIST+= $(doc_DATA)
+exampledir = $(docdir)/example
+dist_example_DATA=

-ACLOCAL_AMFLAGS= -I m4 --install
+ACLOCAL_AMFLAGS= -I m4

 EXTRA_DIST+= lib/dummy

@@ -50,10 +51,36 @@ include examples/echoserver/include.am
 include testsuite/include.am
 include tests/include.am
 include sslSniffer/sslSnifferTest/include.am
+include rpm/include.am

 TESTS += $(check_PROGRAMS)
 test: check

+maintainer-clean-local:
+	-rm Makefile.in
+	-rm aclocal.m4
+	-rm build-aux/compile
+	-rm build-aux/config.guess
+	-rm build-aux/config.sub
+	-rm build-aux/depcomp
+	-rm build-aux/install-sh
+	-rm build-aux/ltmain.sh
+	-rm build-aux/missing
+	-rm cyassl-config
+	-rmdir build-aux
+	-rm configure
+	-rm config.log
+	-rm config.status
+	-rm config.in
+	-rm m4/libtool.m4
+	-rm m4/ltoptions.m4
+	-rm m4/ltsugar.m4
+	-rm m4/ltversion.m4
+	-rm m4/lt~obsolete.m4
+	find . -type f -name '*~' -exec rm -f '{}' \;
+	-rm -f @PACKAGE@-*.tar.gz
+	-rm -f @PACKAGE@-*.rpm
+
 # !!!! first line of rule has to start with a hard (real) tab, not spaces
 egs:
 	$(MAKE) examples/client/client; \
@@ -65,6 +92,12 @@ ctc:
 	$(MAKE) ctaocrypt/test/testctaocrypt; \
 	$(MAKE) ctaocrypt/benchmark/benchmark; 

+install-exec-local:	install-generic-config
+
+install-generic-config:
+	$(mkinstalldirs) $(DESTDIR)$(bindir)
+	$(INSTALL_SCRIPT) @GENERIC_CONFIG@ $(DESTDIR)$(bindir)
+
 merge-clean:
 	@find ./ | $(GREP) \.gcda | xargs rm -f
 	@find ./ | $(GREP) \.gcno | xargs rm -f
--- a/40
+++ b/40
@@ -32,9 +32,47 @@ SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);

 before calling SSL_new();  Though it's not recommended.

+
+Note 3)
+The Freescale Kinetis K70 RNGA documentation can be found in Chapter 37 of the
+K70 Sub-Family Reference Manual:
+http://cache.freescale.com/files/microcontrollers/doc/ref_manual/K70P256M150SF3RM.pdf
+
 *** end Note ***

-CyaSSL Release 2.2.0 (5/18/2012)
+CyaSSL Release 2.4.0 (10/10/2012)
+
+Release 2.4.0 CyaSSL has bug fixes and a few new features including:
+- DTLS reliability
+- Reduced memory usage after handshake
+- Updated build process
+
+The CyaSSL manual is available at:
+http://www.yassl.com/documentation/CyaSSL-Manual.pdf.  For build instructions 
+and comments about the new features please check the manual.
+
+
+
+*************** CyaSSL Release 2.3.0 (8/10/2012)
+
+Release 2.3.0 CyaSSL has bug fixes and a few new features including:
+- AES-GCM crypto and cipher suites
+- make test cipher suite checks
+- Subject AltName processing
+- Command line support for client/server examples
+- Sniffer SessionTicket support
+- SHA-384 cipher suites
+- Verify cipher suite validity when user overrides
+- CRL dir monitoring
+- DTLS Cookie support, reliability coming soon
+
+The CyaSSL manual is available at:
+http://www.yassl.com/documentation/CyaSSL-Manual.pdf.  For build instructions 
+and comments about the new features please check the manual.
+
+
+
+***************CyaSSL Release 2.2.0 (5/18/2012)

 Release 2.2.0 CyaSSL has bug fixes and a few new features including:
 - Initial CRL support (--enable-crl)
--- a/autogen.sh
+++ b/autogen.sh
@@ -3,4 +3,11 @@
 # Create configure and makefile stuff...
 #

-autoreconf -ivf -Wall
+if test -d .git; then
+  WARNINGS="all,error"
+else
+  WARNINGS="all"
+fi
+
+autoreconf --install --force --verbose
+ln -s -f ../../pre-commit.sh .git/hooks/pre-commit
--- a/certs/ca-cert.pem
+++ b/certs/ca-cert.pem
@@ -1,3 +1,30 @@
+-----BEGIN CERTIFICATE-----
+MIIEnjCCA4agAwIBAgIJAOnQp195JfQ8MA0GCSqGSIb3DQEBBQUAMIGQMQswCQYD
+VQQGEwJVUzEQMA4GA1UECBMHTW9udGFuYTEQMA4GA1UEBxMHQm96ZW1hbjERMA8G
+A1UEChMIU2F3dG9vdGgxEzARBgNVBAsTCkNvbnN1bHRpbmcxFjAUBgNVBAMTDXd3
+dy55YXNzbC5jb20xHTAbBgkqhkiG9w0BCQEWDmluZm9AeWFzc2wuY29tMB4XDTEx
+MTAyNDE4MTgxNVoXDTE0MDcyMDE4MTgxNVowgZAxCzAJBgNVBAYTAlVTMRAwDgYD
+VQQIEwdNb250YW5hMRAwDgYDVQQHEwdCb3plbWFuMREwDwYDVQQKEwhTYXd0b290
+aDETMBEGA1UECxMKQ29uc3VsdGluZzEWMBQGA1UEAxMNd3d3Lnlhc3NsLmNvbTEd
+MBsGCSqGSIb3DQEJARYOaW5mb0B5YXNzbC5jb20wggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQC/DMotFLIehEJbzTgfSvJNdRDxtjWf38p9A5jTrN4DZu4q
+8diwfW4HVAsQmCFNgMsSIOfMT95FfclydzLqypC7aVIQAy+o85XF8YtiVhvvZ2+k
+EEGVrQqb46XAsNJwdlAwW6joCCx87aeieo04KRysx+3yfJWwlYJ9SVw4zXcl772A
+dVOUPD3KY1ufFbXTHRMvGdE823Y6zLh9yeXC19pAb9gh3HMbQi1TnP4a/H2rejY/
+mN6EfAVnzmoUOIep8Yy1aMtof3EgK/WgY/VWL6Mm0rdvsVoX1ziZCP6TWG/+wxNJ
+CBYLp01nAFIxZyNOmO1RRR25BNkL7Ngos0u97TZ5AgMBAAGjgfgwgfUwHQYDVR0O
+BBYEFCeOZxF0wyYdP+0zY7Ok2B0w5ejVMIHFBgNVHSMEgb0wgbqAFCeOZxF0wyYd
+P+0zY7Ok2B0w5ejVoYGWpIGTMIGQMQswCQYDVQQGEwJVUzEQMA4GA1UECBMHTW9u
+dGFuYTEQMA4GA1UEBxMHQm96ZW1hbjERMA8GA1UEChMIU2F3dG9vdGgxEzARBgNV
+BAsTCkNvbnN1bHRpbmcxFjAUBgNVBAMTDXd3dy55YXNzbC5jb20xHTAbBgkqhkiG
+9w0BCQEWDmluZm9AeWFzc2wuY29tggkA6dCnX3kl9DwwDAYDVR0TBAUwAwEB/zAN
+BgkqhkiG9w0BAQUFAAOCAQEAX4YU9FGLvKVOMNperJr4bNkmS5P54xyJb57us513
+PokgdqPm6IYVIdviM7I01dCf88Gkh5Jc+dH/MC+OA7yzPAwyo5BfGpAer53zntcH
+Aql9J2ZjL68Y16wYmIyDjzjzC6w2EHX7ynYTUFsCj3O/46Dug1IlVM4mzpy9L3mr
+G2C4kvEDwPw7CNnArdVyCCWAYS3cn6eDYgdH4AdMSwcwBKmHHFV/BxLQy0Jdy89m
+ARoX7vkPYLfbb2jlTkFibtNvYE9LJ97PGAfxE13LP6klRNpSXMgE4VYS9SqQTtHi
+rwG1I6HsMdp7Y2nEuPPnzqE9wNtt87LZRsifw7hwWh9/yg==
+-----END CERTIFICATE-----
 Certificate:
    Data:
        Version: 3 (0x2)
@@ -58,30 +85,3 @@ Certificate:
        f5:2a:90:4e:d1:e2:af:01:b5:23:a1:ec:31:da:7b:63:69:c4:
        b8:f3:e7:ce:a1:3d:c0:db:6d:f3:b2:d9:46:c8:9f:c3:b8:70:
        5a:1f:7f:ca
-----BEGIN CERTIFICATE-----
-MIIEnjCCA4agAwIBAgIJAOnQp195JfQ8MA0GCSqGSIb3DQEBBQUAMIGQMQswCQYD
-VQQGEwJVUzEQMA4GA1UECBMHTW9udGFuYTEQMA4GA1UEBxMHQm96ZW1hbjERMA8G
-A1UEChMIU2F3dG9vdGgxEzARBgNVBAsTCkNvbnN1bHRpbmcxFjAUBgNVBAMTDXd3
-dy55YXNzbC5jb20xHTAbBgkqhkiG9w0BCQEWDmluZm9AeWFzc2wuY29tMB4XDTEx
-MTAyNDE4MTgxNVoXDTE0MDcyMDE4MTgxNVowgZAxCzAJBgNVBAYTAlVTMRAwDgYD
-VQQIEwdNb250YW5hMRAwDgYDVQQHEwdCb3plbWFuMREwDwYDVQQKEwhTYXd0b290
-aDETMBEGA1UECxMKQ29uc3VsdGluZzEWMBQGA1UEAxMNd3d3Lnlhc3NsLmNvbTEd
-MBsGCSqGSIb3DQEJARYOaW5mb0B5YXNzbC5jb20wggEiMA0GCSqGSIb3DQEBAQUA
-A4IBDwAwggEKAoIBAQC/DMotFLIehEJbzTgfSvJNdRDxtjWf38p9A5jTrN4DZu4q
-8diwfW4HVAsQmCFNgMsSIOfMT95FfclydzLqypC7aVIQAy+o85XF8YtiVhvvZ2+k
-EEGVrQqb46XAsNJwdlAwW6joCCx87aeieo04KRysx+3yfJWwlYJ9SVw4zXcl772A
-dVOUPD3KY1ufFbXTHRMvGdE823Y6zLh9yeXC19pAb9gh3HMbQi1TnP4a/H2rejY/
-mN6EfAVnzmoUOIep8Yy1aMtof3EgK/WgY/VWL6Mm0rdvsVoX1ziZCP6TWG/+wxNJ
-CBYLp01nAFIxZyNOmO1RRR25BNkL7Ngos0u97TZ5AgMBAAGjgfgwgfUwHQYDVR0O
-BBYEFCeOZxF0wyYdP+0zY7Ok2B0w5ejVMIHFBgNVHSMEgb0wgbqAFCeOZxF0wyYd
-P+0zY7Ok2B0w5ejVoYGWpIGTMIGQMQswCQYDVQQGEwJVUzEQMA4GA1UECBMHTW9u
-dGFuYTEQMA4GA1UEBxMHQm96ZW1hbjERMA8GA1UEChMIU2F3dG9vdGgxEzARBgNV
-BAsTCkNvbnN1bHRpbmcxFjAUBgNVBAMTDXd3dy55YXNzbC5jb20xHTAbBgkqhkiG
-9w0BCQEWDmluZm9AeWFzc2wuY29tggkA6dCnX3kl9DwwDAYDVR0TBAUwAwEB/zAN
-BgkqhkiG9w0BAQUFAAOCAQEAX4YU9FGLvKVOMNperJr4bNkmS5P54xyJb57us513
-PokgdqPm6IYVIdviM7I01dCf88Gkh5Jc+dH/MC+OA7yzPAwyo5BfGpAer53zntcH
-Aql9J2ZjL68Y16wYmIyDjzjzC6w2EHX7ynYTUFsCj3O/46Dug1IlVM4mzpy9L3mr
-G2C4kvEDwPw7CNnArdVyCCWAYS3cn6eDYgdH4AdMSwcwBKmHHFV/BxLQy0Jdy89m
-ARoX7vkPYLfbb2jlTkFibtNvYE9LJ97PGAfxE13LP6klRNpSXMgE4VYS9SqQTtHi
-rwG1I6HsMdp7Y2nEuPPnzqE9wNtt87LZRsifw7hwWh9/yg==
-----END CERTIFICATE-----
--- a/certs/crl/cliCrl.pem
+++ b/certs/crl/cliCrl.pem
@@ -2,38 +2,38 @@ Certificate Revocation List (CRL):
        Version 2 (0x1)
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: /C=US/ST=Oregon/L=Portland/O=yaSSL/OU=Programming/CN=www.yassl.com/emailAddress=info@yassl.com
-        Last Update: May 18 17:37:23 2012 GMT
-        Next Update: Jun 17 17:37:23 2012 GMT
+        Last Update: Aug 10 18:01:01 2012 GMT
+        Next Update: Dec  8 18:01:01 2012 GMT
        CRL extensions:
            X509v3 CRL Number: 
-                1
+                62
 No Revoked Certificates.
    Signature Algorithm: sha1WithRSAEncryption
-        6b:d7:b2:9e:21:8a:04:e7:43:68:46:a7:36:eb:4e:6e:23:91:
-        f9:e9:1f:f1:7f:48:79:64:cd:ea:86:1c:36:63:f8:aa:8c:b3:
-        62:34:bb:18:28:5a:42:f7:8a:64:3e:7f:36:05:49:a2:29:38:
-        71:e8:54:da:87:05:53:55:c3:0b:ae:10:0a:f0:5d:f0:6e:5c:
-        26:8b:55:4f:8f:d2:08:41:42:21:8d:b7:f1:6d:22:d1:a0:04:
-        9e:67:cb:43:51:55:e6:00:41:d0:cd:82:e8:03:42:29:88:49:
-        e1:f4:8d:1e:e5:ad:18:8b:3a:60:aa:dc:47:33:9d:ce:79:41:
-        0c:81:a9:cc:a7:a4:d9:07:3a:eb:df:41:34:ca:a6:b9:93:47:
-        72:1d:c4:71:71:69:4b:4b:74:e4:2c:ff:91:f3:47:77:de:da:
-        05:ab:de:05:57:6a:89:d6:f8:b2:f7:69:9b:a6:c6:e9:cd:c3:
-        60:4a:79:66:62:3b:a1:f2:e2:44:9b:f2:31:44:94:46:f0:96:
-        ab:b5:04:97:6b:09:82:64:8b:68:b0:73:46:ae:25:fa:33:ca:
-        f4:ce:cb:35:7e:e2:23:a1:df:5f:70:40:b5:1d:cd:dd:b0:ff:
-        20:6a:23:a1:ed:95:11:16:69:a0:ca:7e:90:c3:ed:be:5e:56:
-        0a:da:04:e3
+        1e:69:b2:c4:72:a7:b2:c9:e1:b9:ac:06:40:2c:c5:66:9a:07:
+        6c:91:2e:17:09:c7:86:b4:62:2d:0f:1f:a3:a3:1c:93:ce:45:
+        53:d5:57:94:a6:77:af:51:da:86:e4:1e:6f:57:c8:cc:5f:07:
+        8d:a5:db:bd:b3:f7:cf:e2:11:3c:e2:51:79:7e:b3:a9:47:f7:
+        c1:17:12:5b:7c:e5:c3:71:17:d2:ce:59:d4:0d:dc:45:ff:bc:
+        fe:a7:76:7b:92:88:52:0c:a5:e0:79:75:86:50:27:15:2a:01:
+        66:a6:ba:96:d4:9a:14:1d:92:7d:63:72:5f:25:9b:05:72:cb:
+        ed:6d:7c:92:1f:4f:3e:64:cb:5d:80:9e:ad:c8:47:83:88:5b:
+        3d:07:3f:d3:6a:2c:dd:c9:f7:09:bb:05:2f:9a:f4:73:15:f4:
+        61:b1:47:87:9c:bf:c9:61:42:19:14:b8:67:9c:c5:c1:86:f1:
+        e8:63:71:40:6c:2f:b1:c1:0c:1f:f4:c4:80:e2:d0:cb:88:6b:
+        51:1e:e9:b0:06:19:7c:6d:85:cf:05:7f:fe:3d:35:79:9e:f0:
+        5b:f4:06:63:d4:eb:d2:e2:70:29:a9:02:b4:c1:b4:bd:53:f4:
+        8f:b3:df:37:91:44:d5:e8:c4:10:86:76:0e:49:2b:ba:9a:a4:
+        dd:33:0e:7e
 -----BEGIN X509 CRL-----
 MIIB6DCB0QIBATANBgkqhkiG9w0BAQUFADCBjjELMAkGA1UEBhMCVVMxDzANBgNV
 BAgTBk9yZWdvbjERMA8GA1UEBxMIUG9ydGxhbmQxDjAMBgNVBAoTBXlhU1NMMRQw
 EgYDVQQLEwtQcm9ncmFtbWluZzEWMBQGA1UEAxMNd3d3Lnlhc3NsLmNvbTEdMBsG
-CSqGSIb3DQEJARYOaW5mb0B5YXNzbC5jb20XDTEyMDUxODE3MzcyM1oXDTEyMDYx
-NzE3MzcyM1qgDjAMMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUAA4IBAQBr17Ke
-IYoE50NoRqc2605uI5H56R/xf0h5ZM3qhhw2Y/iqjLNiNLsYKFpC94pkPn82BUmi
-KThx6FTahwVTVcMLrhAK8F3wblwmi1VPj9IIQUIhjbfxbSLRoASeZ8tDUVXmAEHQ
-zYLoA0IpiEnh9I0e5a0YizpgqtxHM53OeUEMganMp6TZBzrr30E0yqa5k0dyHcRx
-cWlLS3TkLP+R80d33toFq94FV2qJ1viy92mbpsbpzcNgSnlmYjuh8uJEm/IxRJRG
-8JartQSXawmCZItosHNGriX6M8r0zss1fuIjod9fcEC1Hc3dsP8gaiOh7ZURFmmg
-yn6Qw+2+XlYK2gTj
+CSqGSIb3DQEJARYOaW5mb0B5YXNzbC5jb20XDTEyMDgxMDE4MDEwMVoXDTEyMTIw
+ODE4MDEwMVqgDjAMMAoGA1UdFAQDAgE+MA0GCSqGSIb3DQEBBQUAA4IBAQAeabLE
+cqeyyeG5rAZALMVmmgdskS4XCceGtGItDx+joxyTzkVT1VeUpnevUdqG5B5vV8jM
+XweNpdu9s/fP4hE84lF5frOpR/fBFxJbfOXDcRfSzlnUDdxF/7z+p3Z7kohSDKXg
+eXWGUCcVKgFmprqW1JoUHZJ9Y3JfJZsFcsvtbXySH08+ZMtdgJ6tyEeDiFs9Bz/T
+aizdyfcJuwUvmvRzFfRhsUeHnL/JYUIZFLhnnMXBhvHoY3FAbC+xwQwf9MSA4tDL
+iGtRHumwBhl8bYXPBX/+PTV5nvBb9AZj1OvS4nApqQK0wbS9U/SPs983kUTV6MQQ
+hnYOSSu6mqTdMw5+
 -----END X509 CRL-----
--- a/certs/crl/crl.pem
+++ b/certs/crl/crl.pem
@@ -2,38 +2,38 @@ Certificate Revocation List (CRL):
        Version 2 (0x1)
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: /C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.yassl.com/emailAddress=info@yassl.com
-        Last Update: May 18 23:22:13 2012 GMT
-        Next Update: Jun 17 23:22:13 2012 GMT
+        Last Update: Aug 10 18:01:01 2012 GMT
+        Next Update: Dec  8 18:01:01 2012 GMT
        CRL extensions:
            X509v3 CRL Number: 
-                5
+                60
 No Revoked Certificates.
    Signature Algorithm: sha1WithRSAEncryption
-        aa:c2:16:c6:7c:cf:4e:ee:f4:44:af:cf:66:ce:b9:af:89:1b:
-        83:e4:0b:cf:67:68:95:32:9f:ee:80:60:1e:93:82:4c:c6:d3:
-        93:90:c7:cd:7c:31:90:d0:f3:4f:4a:db:d2:ad:99:d5:38:fb:
-        ba:a6:3d:52:79:ce:6c:15:e5:dc:c0:57:43:f8:56:13:39:b9:
-        c1:af:e3:a3:fb:79:18:82:e7:b6:99:5a:4f:5f:88:b8:9e:5c:
-        54:ef:87:06:a7:bb:c7:64:08:b0:9a:32:f7:12:88:b7:f2:af:
-        35:5c:10:89:43:52:36:4e:90:55:25:c7:0e:5d:13:45:73:b5:
-        22:79:9f:62:b7:15:a6:2f:9a:02:a6:95:fc:a5:1d:bb:e3:c1:
-        fc:6a:49:db:21:fb:d5:19:68:9c:bc:08:af:bf:4f:58:87:bc:
-        34:fb:46:7a:60:e4:5c:8f:cf:da:a9:23:ab:f5:e1:e8:18:41:
-        fb:d0:5d:2d:b1:8c:80:1b:67:0f:eb:77:7d:53:39:9b:f4:e7:
-        a9:49:ff:94:39:8f:e4:5e:4b:a9:46:62:b6:17:28:1d:8f:30:
-        1c:19:5e:99:d3:4f:56:0d:5a:73:03:52:45:f4:5f:0d:af:e1:
-        dd:e1:f3:6f:6b:d9:94:48:4d:7e:6e:9d:f2:98:57:2c:03:56:
-        cb:5a:b5:3a
+        26:1c:06:6a:42:ff:8b:18:71:4e:ef:7c:02:74:43:6f:7b:83:
+        99:2f:e1:4e:74:0f:f9:99:62:a1:90:88:11:1b:d8:59:3b:1e:
+        34:dd:f4:92:81:6f:49:2c:9a:5f:ba:21:6f:11:95:19:6e:da:
+        38:a4:4e:a0:7e:4a:fb:7c:c6:9f:c8:26:2d:9b:cd:e8:30:14:
+        10:38:56:63:89:bf:a7:eb:11:0f:7c:81:60:d7:c3:ab:07:ef:
+        6c:af:81:4d:b9:cd:6e:91:c6:42:13:01:d8:1a:62:cb:52:fd:
+        44:0b:fa:9f:34:de:75:ba:5a:3d:df:d4:b1:7e:a0:b9:3f:f5:
+        ed:a3:e6:ef:ef:20:95:45:3c:75:8c:a8:5c:ae:8c:e9:3c:f1:
+        e6:34:fd:65:bb:9a:f9:5f:8c:96:7c:32:12:50:43:2b:30:94:
+        4e:8a:f0:c3:5e:c9:e2:49:08:83:64:7a:3b:f3:d5:30:f3:78:
+        4b:20:3c:51:d0:da:37:14:f4:c8:f2:ab:41:d2:c3:b9:7a:7f:
+        42:17:42:79:a4:10:67:4e:84:d4:e9:a9:e8:dd:46:5d:b2:f4:
+        e8:3d:1c:24:3c:81:e7:56:bb:43:11:e2:d9:a2:9d:ce:b5:78:
+        ad:19:14:7c:d7:37:e8:bf:f7:30:fc:4d:05:a9:33:6b:12:9f:
+        24:19:39:35
 -----BEGIN X509 CRL-----
 MIIB6jCB0wIBATANBgkqhkiG9w0BAQUFADCBkDELMAkGA1UEBhMCVVMxEDAOBgNV
 BAgTB01vbnRhbmExEDAOBgNVBAcTB0JvemVtYW4xETAPBgNVBAoTCFNhd3Rvb3Ro
 MRMwEQYDVQQLEwpDb25zdWx0aW5nMRYwFAYDVQQDEw13d3cueWFzc2wuY29tMR0w
-GwYJKoZIhvcNAQkBFg5pbmZvQHlhc3NsLmNvbRcNMTIwNTE4MjMyMjEzWhcNMTIw
-NjE3MjMyMjEzWqAOMAwwCgYDVR0UBAMCAQUwDQYJKoZIhvcNAQEFBQADggEBAKrC
-FsZ8z07u9ESvz2bOua+JG4PkC89naJUyn+6AYB6TgkzG05OQx818MZDQ809K29Kt
-mdU4+7qmPVJ5zmwV5dzAV0P4VhM5ucGv46P7eRiC57aZWk9fiLieXFTvhwanu8dk
-CLCaMvcSiLfyrzVcEIlDUjZOkFUlxw5dE0VztSJ5n2K3FaYvmgKmlfylHbvjwfxq
-Sdsh+9UZaJy8CK+/T1iHvDT7Rnpg5FyPz9qpI6v14egYQfvQXS2xjIAbZw/rd31T
-OZv056lJ/5Q5j+ReS6lGYrYXKB2PMBwZXpnTT1YNWnMDUkX0Xw2v4d3h829r2ZRI
-TX5unfKYVywDVstatTo=
+GwYJKoZIhvcNAQkBFg5pbmZvQHlhc3NsLmNvbRcNMTIwODEwMTgwMTAxWhcNMTIx
+MjA4MTgwMTAxWqAOMAwwCgYDVR0UBAMCATwwDQYJKoZIhvcNAQEFBQADggEBACYc
+BmpC/4sYcU7vfAJ0Q297g5kv4U50D/mZYqGQiBEb2Fk7HjTd9JKBb0ksml+6IW8R
+lRlu2jikTqB+Svt8xp/IJi2bzegwFBA4VmOJv6frEQ98gWDXw6sH72yvgU25zW6R
+xkITAdgaYstS/UQL+p803nW6Wj3f1LF+oLk/9e2j5u/vIJVFPHWMqFyujOk88eY0
+/WW7mvlfjJZ8MhJQQyswlE6K8MNeyeJJCINkejvz1TDzeEsgPFHQ2jcU9Mjyq0HS
+w7l6f0IXQnmkEGdOhNTpqejdRl2y9Og9HCQ8gedWu0MR4tminc61eK0ZFHzXN+i/
+9zD8TQWpM2sSnyQZOTU=
 -----END X509 CRL-----
--- a/certs/crl/crl.revoked
+++ b/certs/crl/crl.revoked
@@ -2,40 +2,40 @@ Certificate Revocation List (CRL):
        Version 2 (0x1)
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: /C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.yassl.com/emailAddress=info@yassl.com
-        Last Update: May 15 23:51:25 2012 GMT
-        Next Update: Jun 14 23:51:25 2012 GMT
+        Last Update: Aug 10 18:01:01 2012 GMT
+        Next Update: Dec  8 18:01:01 2012 GMT
        CRL extensions:
            X509v3 CRL Number: 
-                4
+                61
 Revoked Certificates:
    Serial Number: 02
-        Revocation Date: May  4 17:06:05 2012 GMT
+        Revocation Date: Aug 10 18:01:01 2012 GMT
    Signature Algorithm: sha1WithRSAEncryption
-        aa:e4:44:9b:6b:c9:0b:d3:6f:ba:09:3d:90:93:ae:96:86:73:
-        f6:90:28:ba:93:3b:95:0c:91:c9:10:53:f1:15:fd:43:9a:ba:
-        4e:dc:8e:e8:10:4d:d8:8b:be:a8:a2:12:4c:19:c1:13:9f:3c:
-        fe:54:60:32:b7:45:77:17:2a:40:f2:16:52:9e:68:fe:be:03:
-        99:9c:b1:d3:4b:be:87:5b:f4:12:3c:9e:3d:59:c8:b9:a2:2c:
-        78:94:9c:cd:b0:17:d0:b3:bd:86:99:2b:1d:38:b5:03:d8:d1:
-        0d:8f:1a:8c:97:ff:87:01:4f:91:22:30:c2:a5:10:bb:e3:fb:
-        31:b7:44:8a:5a:82:e1:e5:30:69:84:d1:4b:c2:d3:07:bf:21:
-        d5:33:2d:ad:4b:e4:6f:83:c1:66:16:74:31:7d:f9:d6:1e:10:
-        66:fd:7d:ad:66:3c:32:cc:a3:98:75:63:16:5c:df:e1:37:3d:
-        e9:08:d2:7b:05:dd:4c:31:92:53:0c:f1:ea:8e:be:31:d1:eb:
-        ac:37:a8:cd:c4:30:c5:91:cc:38:a3:55:4a:51:01:39:cf:7d:
-        50:57:d2:f2:47:4a:1d:7f:3a:32:16:89:e8:5a:1b:f8:64:33:
-        48:e5:b8:ef:ba:2e:f3:52:7e:ba:28:0e:9b:f7:07:b8:b6:38:
-        f9:d0:dd:78
+        5c:eb:53:33:02:74:bb:c1:37:37:81:1a:36:9c:eb:d0:28:87:
+        12:56:1a:d8:ec:ae:8e:ef:42:d0:61:07:f0:f0:b5:e8:2a:16:
+        5e:78:ab:e9:ad:62:f3:6c:c5:fe:7a:b5:c7:0e:8a:e3:0a:2d:
+        63:b5:ec:c4:c1:1f:1e:c3:77:b7:24:10:4b:09:b1:d8:ea:40:
+        4f:74:6a:9a:d7:57:bd:b9:d3:e2:42:81:81:b2:5c:42:d8:d3:
+        21:3f:f2:05:e2:11:8f:ce:60:cc:3b:76:55:e6:5f:6d:71:13:
+        b1:7e:2c:50:d2:29:fe:f2:ad:96:f9:ee:8f:5c:c3:0a:73:e7:
+        78:c5:8f:6e:0d:35:66:64:4a:76:05:93:9f:eb:05:b2:c3:a1:
+        f5:d5:4c:4b:6e:79:f2:8d:51:90:7c:9d:a9:f5:94:7f:93:fe:
+        39:da:c1:fb:8c:94:66:1d:d4:40:a9:48:ee:3b:91:14:83:4e:
+        b4:ea:93:07:f6:be:48:4a:ec:4c:26:61:2d:a2:66:01:c5:d8:
+        d3:18:f6:d0:1b:d2:94:13:c9:94:84:54:e4:44:10:01:66:25:
+        47:ee:b2:19:4a:65:e3:79:42:9e:12:af:a7:4a:a4:66:35:e3:
+        1a:db:2c:80:ff:a4:9c:2e:6e:32:8e:50:5d:ec:7e:de:1a:01:
+        a9:08:fc:a2
 -----BEGIN X509 CRL-----
 MIICADCB6QIBATANBgkqhkiG9w0BAQUFADCBkDELMAkGA1UEBhMCVVMxEDAOBgNV
 BAgTB01vbnRhbmExEDAOBgNVBAcTB0JvemVtYW4xETAPBgNVBAoTCFNhd3Rvb3Ro
 MRMwEQYDVQQLEwpDb25zdWx0aW5nMRYwFAYDVQQDEw13d3cueWFzc2wuY29tMR0w
-GwYJKoZIhvcNAQkBFg5pbmZvQHlhc3NsLmNvbRcNMTIwNTE1MjM1MTI1WhcNMTIw
-NjE0MjM1MTI1WjAUMBICAQIXDTEyMDUwNDE3MDYwNVqgDjAMMAoGA1UdFAQDAgEE
-MA0GCSqGSIb3DQEBBQUAA4IBAQCq5ESba8kL02+6CT2Qk66WhnP2kCi6kzuVDJHJ
-EFPxFf1DmrpO3I7oEE3Yi76oohJMGcETnzz+VGAyt0V3FypA8hZSnmj+vgOZnLHT
-S76HW/QSPJ49Wci5oix4lJzNsBfQs72GmSsdOLUD2NENjxqMl/+HAU+RIjDCpRC7
-4/sxt0SKWoLh5TBphNFLwtMHvyHVMy2tS+Rvg8FmFnQxffnWHhBm/X2tZjwyzKOY
-dWMWXN/hNz3pCNJ7Bd1MMZJTDPHqjr4x0eusN6jNxDDFkcw4o1VKUQE5z31QV9Ly
-R0odfzoyFonoWhv4ZDNI5bjvui7zUn66KA6b9we4tjj50N14
+GwYJKoZIhvcNAQkBFg5pbmZvQHlhc3NsLmNvbRcNMTIwODEwMTgwMTAxWhcNMTIx
+MjA4MTgwMTAxWjAUMBICAQIXDTEyMDgxMDE4MDEwMVqgDjAMMAoGA1UdFAQDAgE9
+MA0GCSqGSIb3DQEBBQUAA4IBAQBc61MzAnS7wTc3gRo2nOvQKIcSVhrY7K6O70LQ
+YQfw8LXoKhZeeKvprWLzbMX+erXHDorjCi1jtezEwR8ew3e3JBBLCbHY6kBPdGqa
+11e9udPiQoGBslxC2NMhP/IF4hGPzmDMO3ZV5l9tcROxfixQ0in+8q2W+e6PXMMK
+c+d4xY9uDTVmZEp2BZOf6wWyw6H11UxLbnnyjVGQfJ2p9ZR/k/452sH7jJRmHdRA
+qUjuO5EUg0606pMH9r5ISuxMJmEtomYBxdjTGPbQG9KUE8mUhFTkRBABZiVH7rIZ
+SmXjeUKeEq+nSqRmNeMa2yyA/6ScLm4yjlBd7H7eGgGpCPyi
 -----END X509 CRL-----
--- a/certs/crl/eccCliCRL.pem
+++ b/certs/crl/eccCliCRL.pem
@@ -2,23 +2,23 @@ Certificate Revocation List (CRL):
        Version 2 (0x1)
        Signature Algorithm: ecdsa-with-SHA1
        Issuer: /C=US/ST=Oregon/L=Salem/O=Client ECC/OU=Fast/CN=www.yassl.com/emailAddress=info@yassl.com
-        Last Update: May 25 20:21:43 2012 GMT
-        Next Update: Jun 24 20:21:43 2012 GMT
+        Last Update: Aug 10 18:01:01 2012 GMT
+        Next Update: Dec  8 18:01:01 2012 GMT
        CRL extensions:
            X509v3 CRL Number: 
-                1
+                63
 No Revoked Certificates.
    Signature Algorithm: ecdsa-with-SHA1
-        30:45:02:21:00:c8:82:17:00:62:02:ae:73:f8:80:57:3d:19:
-        df:f3:36:5a:4c:12:89:d5:d6:b4:aa:29:b6:c8:7d:f2:1d:2f:
-        55:02:20:18:f4:ad:18:1a:c5:df:39:81:ad:0d:3e:45:14:3d:
-        07:44:31:21:bd:ed:13:32:7b:32:03:41:a1:0f:fd:1a:67
+        30:44:02:20:7f:8d:d7:28:61:96:4c:b7:a8:17:0a:7f:9d:cf:
+        fa:29:e1:1d:cb:30:61:1b:b3:6b:f0:61:68:15:25:76:62:32:
+        02:20:55:ca:fc:37:b4:4c:f9:78:99:b3:c9:d4:1a:e1:fa:f7:
+        8a:4a:94:ce:31:ed:b0:1f:dc:64:d7:2a:59:47:b9:2d
 -----BEGIN X509 CRL-----
-MIIBIDCByAIBATAJBgcqhkjOPQQBMIGJMQswCQYDVQQGEwJVUzEPMA0GA1UECBMG
+MIIBHzCByAIBATAJBgcqhkjOPQQBMIGJMQswCQYDVQQGEwJVUzEPMA0GA1UECBMG
 T3JlZ29uMQ4wDAYDVQQHEwVTYWxlbTETMBEGA1UEChMKQ2xpZW50IEVDQzENMAsG
 A1UECxMERmFzdDEWMBQGA1UEAxMNd3d3Lnlhc3NsLmNvbTEdMBsGCSqGSIb3DQEJ
-ARYOaW5mb0B5YXNzbC5jb20XDTEyMDUyNTIwMjE0M1oXDTEyMDYyNDIwMjE0M1qg
-DjAMMAoGA1UdFAQDAgEBMAkGByqGSM49BAEDSAAwRQIhAMiCFwBiAq5z+IBXPRnf
-8zZaTBKJ1da0qim2yH3yHS9VAiAY9K0YGsXfOYGtDT5FFD0HRDEhve0TMnsyA0Gh
-D/0aZw==
+ARYOaW5mb0B5YXNzbC5jb20XDTEyMDgxMDE4MDEwMVoXDTEyMTIwODE4MDEwMVqg
+DjAMMAoGA1UdFAQDAgE/MAkGByqGSM49BAEDRwAwRAIgf43XKGGWTLeoFwp/nc/6
+KeEdyzBhG7Nr8GFoFSV2YjICIFXK/De0TPl4mbPJ1Brh+veKSpTOMe2wH9xk1ypZ
+R7kt
 -----END X509 CRL-----
--- a/certs/crl/eccSrvCRL.pem
+++ b/certs/crl/eccSrvCRL.pem
@@ -2,23 +2,23 @@ Certificate Revocation List (CRL):
        Version 2 (0x1)
        Signature Algorithm: ecdsa-with-SHA1
        Issuer: /C=US/ST=Washington/L=Seattle/O=Eliptic/OU=ECC/CN=www.yassl.com/emailAddress=info@yassl.com
-        Last Update: May 25 20:15:31 2012 GMT
-        Next Update: Jun 24 20:15:31 2012 GMT
+        Last Update: Aug 10 18:01:01 2012 GMT
+        Next Update: Dec  8 18:01:01 2012 GMT
        CRL extensions:
            X509v3 CRL Number: 
-                1
+                64
 No Revoked Certificates.
    Signature Algorithm: ecdsa-with-SHA1
-        30:46:02:21:00:d3:e3:d6:58:f7:92:c6:93:e3:c2:b9:81:dd:
-        b2:3f:e8:c9:4d:61:b1:ed:25:d2:1d:49:da:bd:15:ab:c7:21:
-        9f:02:21:00:e6:8f:20:2a:10:e7:85:26:6b:31:6e:c4:c2:08:
-        b5:c3:fa:d0:fa:ca:34:8c:2a:85:6c:18:94:84:18:46:96:a7
+        30:44:02:20:59:42:06:a7:73:69:03:08:05:e8:4b:95:ca:cf:
+        f1:30:9e:84:4b:3c:52:c8:10:b9:c8:36:c8:07:64:65:fd:bf:
+        02:20:71:60:a7:35:d6:8c:52:c2:df:06:dc:40:52:c5:ef:4c:
+        8b:ec:96:4b:72:b0:c4:36:3e:c8:9d:62:5e:49:f2:5f
 -----BEGIN X509 CRL-----
-MIIBIzCBygIBATAJBgcqhkjOPQQBMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMK
+MIIBITCBygIBATAJBgcqhkjOPQQBMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMK
 V2FzaGluZ3RvbjEQMA4GA1UEBxMHU2VhdHRsZTEQMA4GA1UEChMHRWxpcHRpYzEM
 MAoGA1UECxMDRUNDMRYwFAYDVQQDEw13d3cueWFzc2wuY29tMR0wGwYJKoZIhvcN
-AQkBFg5pbmZvQHlhc3NsLmNvbRcNMTIwNTI1MjAxNTMxWhcNMTIwNjI0MjAxNTMx
-WqAOMAwwCgYDVR0UBAMCAQEwCQYHKoZIzj0EAQNJADBGAiEA0+PWWPeSxpPjwrmB
-3bI/6MlNYbHtJdIdSdq9FavHIZ8CIQDmjyAqEOeFJmsxbsTCCLXD+tD6yjSMKoVs
-GJSEGEaWpw==
+AQkBFg5pbmZvQHlhc3NsLmNvbRcNMTIwODEwMTgwMTAxWhcNMTIxMjA4MTgwMTAx
+WqAOMAwwCgYDVR0UBAMCAUAwCQYHKoZIzj0EAQNHADBEAiBZQganc2kDCAXoS5XK
+z/EwnoRLPFLIELnINsgHZGX9vwIgcWCnNdaMUsLfBtxAUsXvTIvslktysMQ2Psid
+Yl5J8l8=
 -----END X509 CRL-----
--- a/certs/crl/gencrls.sh
+++ b/certs/crl/gencrls.sh
@@ -0,0 +1,57 @@
+#!/bin/bash
+
+# gencrls, crl config already done, see taoCerts.txt for setup
+
+
+
+# caCrl
+openssl ca -gencrl -crldays 120 -out crl.pem -keyfile ~/cyassl/certs/ca-key.pem -cert ~/cyassl/certs/ca-cert.pem
+
+# metadata
+openssl crl -in crl.pem -text > tmp
+mv tmp crl.pem
+# install
+cp crl.pem ~/cyassl/certs/crl/crl.pem
+
+# caCrl server revoked
+openssl ca -revoke ~/cyassl/certs/server-cert.pem -keyfile ~/cyassl/certs/ca-key.pem -cert ~/cyassl/certs/ca-cert.pem
+
+# caCrl server revoked generation
+openssl ca -gencrl -crldays 120 -out crl.revoked -keyfile ~/cyassl/certs/ca-key.pem -cert ~/cyassl/certs/ca-cert.pem
+
+# metadata
+openssl crl -in crl.revoked -text > tmp
+mv tmp crl.revoked
+# install
+cp crl.revoked ~/cyassl/certs/crl/crl.revoked
+
+# remove revoked so next time through the normal CA won't have server revoked
+cp blank.index.txt demoCA/index.txt
+
+# cliCrl
+openssl ca -gencrl -crldays 120 -out cliCrl.pem -keyfile ~/cyassl/certs/client-key.pem -cert ~/cyassl/certs/client-cert.pem
+
+# metadata
+openssl crl -in cliCrl.pem -text > tmp
+mv tmp cliCrl.pem
+# install
+cp cliCrl.pem ~/cyassl/certs/crl/cliCrl.pem
+
+# eccCliCRL
+openssl ca -gencrl -crldays 120 -out eccCliCRL.pem -keyfile ~/cyassl/certs/ecc-client-key.pem -cert ~/cyassl/certs/client-ecc-cert.pem
+
+# metadata
+openssl crl -in eccCliCRL.pem -text > tmp
+mv tmp eccCliCRL.pem
+# install
+cp eccCliCRL.pem ~/cyassl/certs/crl/eccCliCRL.pem
+
+# eccSrvCRL
+openssl ca -gencrl -crldays 120 -out eccSrvCRL.pem -keyfile ~/cyassl/certs/ecc-key.pem -cert ~/cyassl/certs/server-ecc.pem
+
+# metadata
+openssl crl -in eccSrvCRL.pem -text > tmp
+mv tmp eccSrvCRL.pem
+# install
+cp eccSrvCRL.pem ~/cyassl/certs/crl/eccSrvCRL.pem
+
--- a/certs/include.am
+++ b/certs/include.am
@@ -16,6 +16,7 @@ EXTRA_DIST += \
 	     certs/dh2048.pem \
 	     certs/server-cert.pem \
 	     certs/server-ecc.pem \
+	     certs/server-ecc-rsa.pem \
 	     certs/server-keyEnc.pem \
 	     certs/server-key.pem \
 	     certs/server-keyPkcs8Enc12.pem \
@@ -33,7 +34,7 @@ EXTRA_DIST += \
 	     certs/ecc-key.der


-doc_DATA+= certs/taoCert.txt
+dist_doc_DATA+= certs/taoCert.txt

 EXTRA_DIST+= certs/ntru-key.raw

--- a/certs/server-ecc-rsa.pem
+++ b/certs/server-ecc-rsa.pem
@@ -0,0 +1,54 @@
+Certificate:
+    Data:
+        Version: 1 (0x0)
+        Serial Number: 9 (0x9)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.yassl.com/emailAddress=info@yassl.com
+        Validity
+            Not Before: Aug  8 21:58:29 2012 GMT
+            Not After : May  5 21:58:29 2015 GMT
+        Subject: C=US, ST=Washington, L=Seattle, O=Elliptic - RSAsig, OU=ECC-RSAsig, CN=www.yassl.com/emailAddress=info@yassl.com
+        Subject Public Key Info:
+            Public Key Algorithm: id-ecPublicKey
+            EC Public Key:
+                pub: 
+                    04:bb:33:ac:4c:27:50:4a:c6:4a:a5:04:c3:3c:de:
+                    9f:36:db:72:2d:ce:94:ea:2b:fa:cb:20:09:39:2c:
+                    16:e8:61:02:e9:af:4d:d3:02:93:9a:31:5b:97:92:
+                    21:7f:f0:cf:18:da:91:11:02:34:86:e8:20:58:33:
+                    0b:80:34:89:d8
+                ASN1 OID: prime256v1
+    Signature Algorithm: sha1WithRSAEncryption
+        a0:1c:de:98:e8:61:c8:fb:0a:0e:af:ea:99:4b:c0:49:e6:66:
+        68:5e:7a:18:b8:0c:e3:0f:16:86:bc:b5:86:79:02:69:1c:b7:
+        e7:ff:53:d9:05:5d:27:39:24:54:67:14:de:ef:8e:c2:a0:11:
+        ca:c8:27:99:b9:d6:e9:71:1f:86:c9:8f:b1:74:a2:9f:93:6a:
+        0c:74:cf:17:77:8c:26:08:6e:a8:ac:69:d4:55:15:a2:95:87:
+        43:7a:ab:72:93:73:40:58:c2:bb:9c:89:f2:73:20:69:df:f1:
+        f3:65:08:9c:00:67:97:a6:71:00:2b:31:84:10:ac:bd:54:ac:
+        fd:b3:eb:12:36:77:f6:0a:e3:9a:96:d2:a6:22:bc:1d:6b:ce:
+        3c:0d:7b:d9:1c:1d:f1:ee:ec:ce:83:c8:98:c9:65:3e:06:31:
+        c3:b2:87:da:09:b4:90:0b:e2:6b:29:0e:d6:ae:53:1d:10:98:
+        e2:dc:f9:63:38:a1:a2:af:46:23:a4:4c:ab:0c:0b:08:be:cd:
+        a4:a6:6d:46:f0:f8:e0:31:99:85:39:10:4a:a0:04:54:3b:21:
+        e1:e9:b4:f3:a5:06:cd:37:ae:2c:ca:5d:ac:90:b5:ab:92:81:
+        aa:bf:2d:3f:8e:ee:4d:12:81:0a:8e:a4:ca:87:93:af:b0:25:
+        7e:e2:07:f7
+-----BEGIN CERTIFICATE-----
+MIIC1zCCAb8CAQkwDQYJKoZIhvcNAQEFBQAwgZAxCzAJBgNVBAYTAlVTMRAwDgYD
+VQQIEwdNb250YW5hMRAwDgYDVQQHEwdCb3plbWFuMREwDwYDVQQKEwhTYXd0b290
+aDETMBEGA1UECxMKQ29uc3VsdGluZzEWMBQGA1UEAxMNd3d3Lnlhc3NsLmNvbTEd
+MBsGCSqGSIb3DQEJARYOaW5mb0B5YXNzbC5jb20wHhcNMTIwODA4MjE1ODI5WhcN
+MTUwNTA1MjE1ODI5WjCBnDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0
+b24xEDAOBgNVBAcTB1NlYXR0bGUxGjAYBgNVBAoTEUVsbGlwdGljIC0gUlNBc2ln
+MRMwEQYDVQQLEwpFQ0MtUlNBc2lnMRYwFAYDVQQDEw13d3cueWFzc2wuY29tMR0w
+GwYJKoZIhvcNAQkBFg5pbmZvQHlhc3NsLmNvbTBZMBMGByqGSM49AgEGCCqGSM49
+AwEHA0IABLszrEwnUErGSqUEwzzenzbbci3OlOor+ssgCTksFuhhAumvTdMCk5ox
+W5eSIX/wzxjakRECNIboIFgzC4A0idgwDQYJKoZIhvcNAQEFBQADggEBAKAc3pjo
+Ycj7Cg6v6plLwEnmZmheehi4DOMPFoa8tYZ5Amkct+f/U9kFXSc5JFRnFN7vjsKg
+EcrIJ5m51ulxH4bJj7F0op+Tagx0zxd3jCYIbqisadRVFaKVh0N6q3KTc0BYwruc
+ifJzIGnf8fNlCJwAZ5emcQArMYQQrL1UrP2z6xI2d/YK45qW0qYivB1rzjwNe9kc
+HfHu7M6DyJjJZT4GMcOyh9oJtJAL4mspDtauUx0QmOLc+WM4oaKvRiOkTKsMCwi+
+zaSmbUbw+OAxmYU5EEqgBFQ7IeHptPOlBs03rizKXayQtauSgaq/LT+O7k0SgQqO
+pMqHk6+wJX7iB/c=
+-----END CERTIFICATE-----
--- a/certs/taoCert.txt
+++ b/certs/taoCert.txt
@@ -112,7 +112,7 @@ openssl dhparam -in dh2048.param -text > dh2048.pem

 1) create a crl

-a) openssl ca -gencrl -out crl.pem -keyfile ./ca-key.pem -cert ./ca-cert.pem
+a) openssl ca -gencrl -crldays 120 -out crl.pem -keyfile ./ca-key.pem -cert ./ca-cert.pem

 Error No ./CA root/index.txt so:

--- a/commit-tests.sh
+++ b/commit-tests.sh
@@ -0,0 +1,34 @@
+#!/bin/bash
+
+#commit-tests.sh
+
+
+# make sure current config is ok
+echo -e "\n\nTesting current config...\n\n"
+make clean; make -j 8 test;
+RESULT=$?
+[ $RESULT -ne 0 ] && echo -e "\n\nCurrent config make test failed" && exit 1
+
+
+# make sure basic config is ok
+echo -e "\n\nTesting basic config too...\n\n"
+./configure;
+RESULT=$?
+[ $RESULT -ne 0 ] && echo -e "\n\nBasic config ./configure failed" && exit 1
+
+make clean; make -j 8 test;
+RESULT=$?
+[ $RESULT -ne 0 ] && echo -e "\n\nBasic config make test failed" && exit 1
+
+
+# make sure full config is ok
+echo -e "\n\nTesting full config as well...\n\n"
+./configure --enable-opensslExtra --enable-fastmath --enable-dtls --enable-aesgcm --enable-hc128 --enable-sniffer --enable-psk --enable-rabbit;
+RESULT=$?
+[ $RESULT -ne 0 ] && echo -e "\n\nFull config ./configure failed" && exit 1
+
+make clean; make -j 8 test;
+RESULT=$?
+[ $RESULT -ne 0 ] && echo -e "\n\nFull config make test failed" && exit 1
+
+exit 0
--- a/configure.ac
+++ b/configure.ac
@@ -1,31 +1,32 @@
 # configure.ac
 #
-# Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+# Copyright (C) 2006-2012 Sawtooth Consulting Ltd.
 #
 # This file is part of CyaSSL.
 #
 #

-AC_INIT([cyassl],[2.2.2],[http://www.yassl.com])
+AC_INIT([cyassl],[2.4.2],[http://www.yassl.com])

-AC_CONFIG_AUX_DIR(config)
+AC_CONFIG_AUX_DIR([build-aux])
+AC_CONFIG_MACRO_DIR([m4])

 AC_CANONICAL_TARGET
+AC_USE_SYSTEM_EXTENSIONS

-AM_INIT_AUTOMAKE(-Wall -Werror -Wno-portability foreign tar-ustar subdir-objects)
+AM_INIT_AUTOMAKE([-Wall -Werror -Wno-portability foreign tar-ustar subdir-objects])

 AC_CANONICAL_HOST
 AC_CANONICAL_BUILD

 AC_PREREQ([2.61])

-AC_CONFIG_MACRO_DIR(m4)

 AC_CONFIG_HEADERS([config.h:config.in])dnl Keep filename to 8.3 for MS-DOS.


 #shared library versioning
-CYASSL_LIBRARY_VERSION=3:1:0
+CYASSL_LIBRARY_VERSION=3:3:0
 #                      | | |
 #               +------+ | +---+
 #               |        |     |
@@ -39,16 +40,23 @@ CYASSL_LIBRARY_VERSION=3:1:0
 #               +- increment if interfaces have been added, removed or changed
 AC_SUBST(CYASSL_LIBRARY_VERSION)

-# Make sure configure doesn't add to CFLAGS
-CFLAGS="$CFLAGS $C_EXTRA_FLAGS"
+# capture user C_EXTRA_FLAGS from ./configure line, CFLAGS may hold -g -O2 even
+# if user doesn't override, no way to tell
+USER_C_EXTRA_FLAGS="$C_EXTRA_FLAGS"

 LT_INIT([win32-dll])
 LT_LANG([C++])
 LT_LANG([C])
 gl_VISIBILITY
+AS_IF([ test -n "$CFLAG_VISIBILITY" ], [
+       AM_CPPFLAGS="$AM_CPPFLAGS $CFLAG_VISIBILITY"
+       CPPFLAGS="$CPPFLAGS $CFLAG_VISIBILITY"
+       ])

 m4_ifdef([AM_SILENT_RULES],[AM_SILENT_RULES([yes])])

+AX_CXX_COMPILER_VERSION
+
 AC_CHECK_FUNCS([gethostbyname])
 AC_CHECK_FUNCS([gettimeofday])
 AC_CHECK_FUNCS([inet_ntoa])
@@ -63,16 +71,15 @@ AC_CHECK_HEADERS([stddef.h])
 AC_CHECK_HEADERS([sys/ioctl.h])
 AC_CHECK_HEADERS([sys/socket.h])
 AC_CHECK_HEADERS([sys/time.h])
-AC_CHECK_HEADERS(errno.h)
+AC_CHECK_HEADERS([errno.h])
 AC_CHECK_LIB(network,socket)
 AC_CHECK_SIZEOF(long long, 8)
 AC_CHECK_SIZEOF(long, 4)
 AC_C_BIGENDIAN
 AC_DISABLE_STATIC
-AC_DISABLE_STATIC
-AC_FUNC_MALLOC
-AC_FUNC_MKTIME
-AC_FUNC_REALLOC
+# mktime check takes forever on some systems, if time supported it would be
+# highly unusual for mktime to be missing
+#AC_FUNC_MKTIME 

 AC_PROG_CC
 AC_PROG_CC_C_O
@@ -92,19 +99,10 @@ DEBUG_CFLAGS="-g -DDEBUG -DDEBUG_CYASSL"


 # DEBUG
-AC_ARG_ENABLE(debug,
-    [  --enable-debug          Enable CyaSSL debugging support (default: disabled)],
-    [ ENABLED_DEBUG=$enableval ],
-    [ ENABLED_DEBUG=no ]
-    )
-if test "$ENABLED_DEBUG" = "yes"
-then
-  # Full debug. Very slow in some cases
-  AM_CFLAGS="$DEBUG_CFLAGS $AM_CFLAGS"
-else
-  # Optimized version. No debug
-  AM_CFLAGS="$AM_CFLAGS -DNDEBUG"
-fi
+AX_DEBUG
+AS_IF([test "$ax_enable_debug" = "yes"],
+      [AM_CFLAGS="$DEBUG_CFLAGS $AM_CFLAGS"],
+      [AM_CFLAGS="$AM_CFLAGS -DNDEBUG"])


 # SMALL BUILD
@@ -127,12 +125,18 @@ fi
 AC_ARG_ENABLE(singleThreaded,
    [  --enable-singleThreaded Enable CyaSSL single threaded (default: disabled)],
    [ ENABLED_SINGLETHREADED=$enableval ],
-    [ ENABLED_SINGLETHREADED=no ]
-    )
-if test "$ENABLED_SINGLETHREADED" = "yes"
-then
-  AM_CFLAGS="-DSINGLE_THREADED $AM_CFLAGS"
-fi
+    [ ENABLED_SINGLETHREADED=no ])
+
+AS_IF([ test "x$ENABLED_SINGLETHREADED" = "xno" ],[
+       AX_PTHREAD([
+                   AC_DEFINE([HAVE_PTHREAD], [1], [Define if you have POSIX threads libraries and header files.])
+                   AM_CFLAGS="-D_POSIX_THREADS $AM_CFLAGS"
+                   ],[
+                      ENABLED_SINGLETHREADED=yes
+                      ])
+       ])
+
+AS_IF([ test "x$ENABLED_SINGLETHREADED" = "xyes" ],[ AM_CFLAGS="-DSINGLE_THREADED $AM_CFLAGS" ])


 # DTLS
@@ -202,6 +206,24 @@ then
    AM_CFLAGS="$AM_CFLAGS -DLARGE_STATIC_BUFFERS -DCYASSL_CERT_GEN -DCYASSL_KEY_GEN -DHUGE_SESSION_CACHE -DOPENSSL_EXTRA -DFP_MAX_BITS=8192 -DCYASSL_DER_LOAD -DCYASSL_ALT_NAMES -DCYASSL_TEST_CERT"
 fi

+ENABLED_SLOWMATH="yes"
+
+# lean psk build 
+AC_ARG_ENABLE(leanpsk,
+    [  --enable-leanpsk        Enable Lean PSK build (default: disabled)],
+    [ ENABLED_LEANPSK=$enableval ],
+    [ ENABLED_LEANPSK=no ]
+    )
+
+if test "$ENABLED_LEANPSK" = "yes"
+then
+    AM_CFLAGS="$AM_CFLAGS -DCYASSL_LEANPSK -DHAVE_NULL_CIPHER -DNO_AES -DNO_FILESYSTEM -DNO_RSA -DNO_DSA -DNO_DH -DNO_CERTS -DNO_PWDBASED -DNO_DES3 -DNO_MD4 -DNO_ERROR_STRINGS"
+    ENABLED_SLOWMATH="no"
+fi
+
+AM_CONDITIONAL([BUILD_LEANPSK], [test "x$ENABLED_LEANPSK" = "xyes"])
+
+
 # fastmath
 AC_ARG_ENABLE(fastmath,
    [  --enable-fastmath       Enable fast math for BigInts (default: disabled)],
@@ -212,6 +234,7 @@ AC_ARG_ENABLE(fastmath,
 if test "x$ENABLED_FASTMATH" = "xyes"
 then
    AM_CFLAGS="$AM_CFLAGS -DUSE_FAST_MATH"
+    ENABLED_SLOWMATH="no"
 fi


@@ -231,10 +254,11 @@ if test "$ENABLED_FASTHUGEMATH" = "yes"
 then
    ENABLED_FASTMATH="yes"
    AM_CFLAGS="$AM_CFLAGS -DUSE_FAST_MATH"
+    ENABLED_SLOWMATH="no"
 fi

 AM_CONDITIONAL([BUILD_FASTMATH], [test "x$ENABLED_FASTMATH" = "xyes"])
-
+AM_CONDITIONAL([BUILD_SLOWMATH], [test "x$ENABLED_SLOWMATH" = "xyes"])

 # big cache
 AC_ARG_ENABLE(bigcache,
@@ -276,18 +300,49 @@ fi


 # SNIFFER
-AC_ARG_ENABLE(sniffer,
-    [  --enable-sniffer        Enable CyaSSL sniffer support (default: disabled)],
-    [ ENABLED_SNIFFER=$enableval ],
-    [ ENABLED_SNIFFER=no ]
+AC_ARG_ENABLE([sniffer],
+              [AS_HELP_STRING([--enable-sniffer],[ Enable CyaSSL sniffer support (default: disabled) ])],[
+               AS_IF([ test "x$enableval" = "xyes" ],[ AC_CHECK_HEADERS([pcap/pcap.h],[ 
+                      ENABLED_SNIFFER=yes 
+                      AM_CFLAGS="$AM_CFLAGS -DCYASSL_SNIFFER -DOPENSSL_EXTRA"
+                      ],[ ENABLED_SNIFFER=no ]) ])
+               ],[
+                  ENABLED_SNIFFER=no
+                  ])
+
+AM_CONDITIONAL([BUILD_SNIFFER], [ test "x$ENABLED_SNIFFER" = "xyes" ])
+
+# AES-GCM
+AC_ARG_ENABLE(aesgcm,
+    [  --enable-aesgcm         Enable CyaSSL AES-GCM support (default: disabled)],
+    [ ENABLED_AESGCM=$enableval ],
+    [ ENABLED_AESGCM=no ]
    )

-if test "$ENABLED_SNIFFER" = "yes"
+if test "$ENABLED_AESGCM" = "word32"
 then
-    AM_CFLAGS="$AM_CFLAGS -DCYASSL_SNIFFER -DOPENSSL_EXTRA"
+    AM_CFLAGS="$AM_CFLAGS -DGCM_WORD32"
+    ENABLED_AESGCM=yes
 fi

-AM_CONDITIONAL([BUILD_SNIFFER], [test "x$ENABLED_SNIFFER" = "xyes"])
+if test "$ENABLED_AESGCM" = "small"
+then
+    AM_CFLAGS="$AM_CFLAGS -DGCM_SMALL"
+    ENABLED_AESGCM=yes
+fi
+
+if test "$ENABLED_AESGCM" = "table"
+then
+    AM_CFLAGS="$AM_CFLAGS -DGCM_TABLE"
+    ENABLED_AESGCM=yes
+fi
+
+if test "$ENABLED_AESGCM" = "yes"
+then
+    AM_CFLAGS="$AM_CFLAGS -DHAVE_AESGCM -DCYASSL_SHA384 -DCYASSL_SHA512"
+fi
+
+AM_CONDITIONAL([BUILD_AESGCM], [test "x$ENABLED_AESGCM" = "xyes"])

 # AES-NI
 AC_ARG_ENABLE(aesni,
@@ -309,6 +364,26 @@ fi
 AM_CONDITIONAL([BUILD_AESNI], [test "x$ENABLED_AESNI" = "xyes"])


+# MD2
+AC_ARG_ENABLE(md2,
+    [  --enable-md2            Enable CyaSSL MD2 support (default: disabled)],
+    [ ENABLED_MD2=$enableval ],
+    [ ENABLED_MD2=no ]
+    )
+
+if test "$ENABLED_BUMP" = "yes"
+then
+    ENABLED_MD2="yes"
+fi
+
+if test "$ENABLED_MD2" = "yes"
+then
+    AM_CFLAGS="$AM_CFLAGS -DCYASSL_MD2"
+fi
+
+AM_CONDITIONAL([BUILD_MD2], [test "x$ENABLED_MD2" = "xyes"])
+
+
 # RIPEMD
 AC_ARG_ENABLE(ripemd,
    [  --enable-ripemd         Enable CyaSSL RIPEMD-160 support (default: disabled)],
@@ -341,6 +416,11 @@ then
    ENABLED_SHA512="yes"
 fi

+if test "$ENABLED_AESGCM" = "yes"
+then
+    ENABLED_SHA512="yes"
+fi
+

 AM_CONDITIONAL([BUILD_SHA512], [test "x$ENABLED_SHA512" = "xyes"])

@@ -401,6 +481,23 @@ fi
 AM_CONDITIONAL([BUILD_HC128], [test "x$ENABLED_HC128" = "xyes"])


+# RABBIT
+AC_ARG_ENABLE(rabbit,
+    [  --enable-rabbit         Enable RABBIT (default: disabled)],
+    [ ENABLED_RABBIT=$enableval ],
+    [ ENABLED_RABBIT=no ]
+    )
+
+if test "$ENABLED_RABBIT" = "no"
+then
+    AM_CFLAGS="$AM_CFLAGS -DNO_RABBIT"
+else
+    AM_CFLAGS="$AM_CFLAGS -DHAVE_RABBIT"
+fi
+
+AM_CONDITIONAL([BUILD_RABBIT], [test "x$ENABLED_RABBIT" = "xyes"])
+
+
 # PSK 
 AC_ARG_ENABLE(psk,
    [  --enable-psk            Enable PSK (default: disabled)],
@@ -408,7 +505,7 @@ AC_ARG_ENABLE(psk,
    [ ENABLED_PSK=no ]
    )

-if test "$ENABLED_PSK" = "no"
+if test "$ENABLED_PSK" = "no" && test "$ENABLED_LEANPSK" = "no"
 then
    AM_CFLAGS="$AM_CFLAGS -DNO_PSK"
 fi
@@ -500,12 +597,27 @@ AC_ARG_ENABLE(crl,

 if test "$ENABLED_CRL" = "yes"
 then
-    AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL -DHAVE_CRL_MONITOR"
+    AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL"
 fi

 AM_CONDITIONAL([BUILD_CRL], [test "x$ENABLED_CRL" = "xyes"])


+# CRL Monitor
+AC_ARG_ENABLE(crl-monitor,
+    [  --enable-crl-monitor    Enable CRL Monitor (default: disabled)],
+    [ ENABLED_CRL_MONITOR=$enableval ],
+    [ ENABLED_CRL_MONITOR=no ],
+    )
+
+if test "$ENABLED_CRL_MONITOR" = "yes"
+then
+    AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL_MONITOR"
+fi
+
+AM_CONDITIONAL([BUILD_CRL_MONITOR], [test "x$ENABLED_CRL_MONITOR" = "xyes"])
+
+
 # NTRU
 ntruHome=`pwd`/NTRU_algorithm
 ntruInclude=$ntruHome/cryptolib
@@ -585,7 +697,7 @@ AC_ARG_WITH(libz,
 if test "$GCC" = "yes"
 then
    AM_CFLAGS="$AM_CFLAGS -Wall -Wno-unused"
-    if test "$ENABLED_DEBUG" = "no"
+    if test "$ax_enable_debug" = "no"
    then
        if test "$ENABLED_FASTMATH" = "yes"
        then
@@ -600,33 +712,8 @@ then
    fi
 fi

-AX_PTHREAD([
-            AC_DEFINE([HAVE_PTHREAD], [1], [Define if you have POSIX threads libraries and header files.])
-            ],
-            [
-             AC_DEFINE([HAVE_PTHREAD], [0], [Define if you have POSIX threads libraries and header files.])
-             ])
-
 LIB_SOCKET_NSL

-dnl Various GCC warnings that should never fire for release quality code
-GCCWARNINGS="-Wall -fno-strict-aliasing -W -Wfloat-equal -Wundef        \
-  -Wpointer-arith -Wstrict-prototypes -Wmissing-prototypes                \
-  -Wwrite-strings -Wredundant-decls -Wchar-subscripts -Wcomment           \
-  -Wformat=2 -Wwrite-strings -Wmissing-declarations -Wredundant-decls     \
-  -Wnested-externs -Wbad-function-cast -Wswitch-enum -Winit-self          \
-  -Wmissing-field-initializers -Wdeclaration-after-statement              \
-  -Wold-style-definition -Waddress -Wmissing-noreturn -Wnormalized=id     \
-  -Woverride-init -Wstrict-overflow=1 -Wextra -Warray-bounds              \
-  -Wstack-protector -Wformat -Wformat-security -Wpointer-sign -Wshadow    \
-  -Wswitch-default"
-
-AC_ARG_ENABLE(gcc-lots-o-warnings,
-AS_HELP_STRING(--enable-gcc-lots-o-warnings, Enable lots of gcc warnings (default: disabled)),
-[if test x$enableval = xyes; then
-    AM_CFLAGS="$AM_CFLAGS $GCCWARNINGS"
-fi])
-
 AC_ARG_ENABLE(gcc-hardening,
 AS_HELP_STRING(--enable-gcc-hardening, Enable compiler security checks (default: disabled)),
 [if test x$enableval = xyes; then
@@ -636,24 +723,65 @@ AS_HELP_STRING(--enable-gcc-hardening, Enable compiler security checks (default:
    LDFLAGS="$LDFLAGS -pie"
 fi])

-dnl Linker hardening options
-dnl Currently these options are ELF specific - you can't use this with MacOSX
-AC_ARG_ENABLE(linker-hardening,
-AS_HELP_STRING(--enable-linker-hardening, Enable linker security fixups (default: disabled)),
-[if test x$enableval = xyes; then
-    LDFLAGS="$LDFLAGS -z relro -z now"
-fi])
+AX_HARDEN_CC_COMPILER_FLAGS
+
+# add user C_EXTRA_FLAGS back
+CFLAGS="$CFLAGS $USER_C_EXTRA_FLAGS"

 CREATE_HEX_VERSION
-AM_CFLAGS="$AM_CFLAGS $CFLAG_VISIBILITY"
-AC_SUBST(AM_CFLAGS)
-AC_SUBST(AM_LDFLAGS)
+AC_SUBST([AM_CPPFLAGS])
+AC_SUBST([AM_CFLAGS])
+AC_SUBST([AM_LDFLAGS])

 # FINAL
 AC_CONFIG_FILES([stamp-h], [echo timestamp > stamp-h])
 AC_CONFIG_FILES([Makefile])
 AC_CONFIG_FILES([cyassl/version.h])
 AC_CONFIG_FILES([support/libcyassl.pc])
+AC_CONFIG_FILES([rpm/spec])
+
+AX_CREATE_GENERIC_CONFIG
+AX_AM_JOBSERVER([yes])

 AC_OUTPUT

+echo "---"
+echo "Configuration summary for $PACKAGE_NAME version $VERSION"
+echo ""
+echo "   * Installation prefix:       $prefix"
+echo "   * System type:               $host_vendor-$host_os"
+echo "   * Host CPU:                  $host_cpu"
+echo "   * C Compiler:                $CC_VERSION"
+echo "   * C Flags:                   $CFLAGS"
+echo "   * C++ Compiler:              $CXX_VERSION"
+echo "   * C++ Flags:                 $CXXFLAGS"
+echo "   * CPP Flags:                 $CPPFLAGS"
+echo "   * LIB Flags:                 $LIB"
+echo "   * Debug enabled:             $ax_enable_debug"
+echo "   * Warnings as failure:       $ac_cv_warnings_as_errors"
+echo "   * make -j:                   $enable_jobserver"
+echo "   * VCS checkout:              $ac_cv_vcs_checkout"
+echo 
+echo "   Features "
+echo "   * Enable smallest build:     $ENABLED_SMALL"
+echo "   * Single threaded:           $ENABLED_SINGLETHREADED"
+echo "   * DTLS:                      $ENABLED_DTLS"
+echo "   * Enable extra OpenSSL API:  $ENABLED_OPENSSLEXTRA"
+echo "   * fastmath:                  $ENABLED_FASTMATH"
+echo "   * sniffer:                   $ENABLED_SNIFFER"
+echo "   * AES-NI:                    $ENABLED_AESNI"
+echo "   * AES-GCM:                   $ENABLED_AESGCM"
+echo "   * RIPEMD:                    $ENABLED_RIPEMD"
+echo "   * SHA-512:                   $ENABLED_SHA512"
+echo "   * keygen:                    $ENABLED_KEYGEN"
+echo "   * certgen:                   $ENABLED_CERTGEN"
+echo "   * HC-128:                    $ENABLED_HC128"
+echo "   * RABBIT:                    $ENABLED_RABBIT"
+echo "   * PSK:                       $ENABLED_PSK"
+echo "   * LEANPSK:                   $ENABLED_LEANPSK"
+echo "   * ECC:                       $ENABLED_ECC"
+echo "   * OCSP:                      $ENABLED_OCSP"
+echo "   * CRL:                       $ENABLED_CRL"
+echo "   * NTRU:                      $ENABLED_NTRU"
+echo ""
+echo "---"
--- a/ctaocrypt/benchmark/benchmark.c
+++ b/ctaocrypt/benchmark/benchmark.c
@@ -49,35 +49,41 @@
    #pragma warning(disable: 4996)
 #endif

-void bench_des();
-void bench_arc4();
-void bench_hc128();
-void bench_rabbit();
+void bench_des(void);
+void bench_arc4(void);
+void bench_hc128(void);
+void bench_rabbit(void);
 void bench_aes(int);
+void bench_aesgcm(void);

-void bench_md5();
-void bench_sha();
-void bench_sha256();
-void bench_sha512();
-void bench_ripemd();
+void bench_md5(void);
+void bench_sha(void);
+void bench_sha256(void);
+void bench_sha512(void);
+void bench_ripemd(void);

-void bench_rsa();
-void bench_rsaKeyGen();
-void bench_dh();
+void bench_rsa(void);
+void bench_rsaKeyGen(void);
+void bench_dh(void);
 #ifdef HAVE_ECC
-void bench_eccKeyGen();
-void bench_eccKeyAgree();
+void bench_eccKeyGen(void);
+void bench_eccKeyAgree(void);
 #endif

-double current_time();
+double current_time(void);



 int main(int argc, char** argv)
 {
+  (void)argc;
+  (void)argv;
 #ifndef NO_AES
    bench_aes(0);
    bench_aes(1);
+#endif
+#ifdef HAVE_AESGCM
+    bench_aesgcm();
 #endif
    bench_arc4();
 #ifdef HAVE_HC128
@@ -105,14 +111,16 @@ int main(int argc, char** argv)
 #endif

    printf("\n");
-    
+
+#ifndef NO_RSA
    bench_rsa();
+#endif

 #ifndef NO_DH
    bench_dh();
 #endif

-#ifdef CYASSL_KEY_GEN
+#if defined(CYASSL_KEY_GEN) && !defined(NO_RSA)
    bench_rsaKeyGen();
 #endif

@@ -171,8 +179,36 @@ void bench_aes(int show)
 #endif


+byte additional[13];
+byte tag[16];
+
+
+#ifdef HAVE_AESGCM
+void bench_aesgcm(void)
+{
+    Aes    enc;
+    double start, total, persec;
+    int    i;
+
+    AesGcmSetKey(&enc, key, 16, iv);
+    AesGcmSetExpIV(&enc, iv+4);
+    start = current_time();
+
+    for(i = 0; i < megs; i++)
+        AesGcmEncrypt(&enc, cipher, plain, sizeof(plain),
+                        tag, 16, additional, 13);
+
+    total = current_time() - start;
+
+    persec = 1 / total * megs;
+    printf("AES-GCM  %d megs took %5.3f seconds, %6.2f MB/s\n", megs, total,
+                                                                    persec);
+}
+#endif
+
+
 #ifndef NO_DES3
-void bench_des()
+void bench_des(void)
 {
    Des3   enc;
    double start, total, persec;
@@ -194,7 +230,7 @@ void bench_des()
 #endif


-void bench_arc4()
+void bench_arc4(void)
 {
    Arc4   enc;
    double start, total, persec;
@@ -215,7 +251,7 @@ void bench_arc4()


 #ifdef HAVE_HC128
-void bench_hc128()
+void bench_hc128(void)
 {
    HC128  enc;
    double start, total, persec;
@@ -237,7 +273,7 @@ void bench_hc128()


 #ifndef NO_RABBIT
-void bench_rabbit()
+void bench_rabbit(void)
 {
    Rabbit  enc;
    double start, total, persec;
@@ -258,7 +294,7 @@ void bench_rabbit()
 #endif /* NO_RABBIT */


-void bench_md5()
+void bench_md5(void)
 {
    Md5    hash;
    byte   digest[MD5_DIGEST_SIZE];
@@ -281,7 +317,7 @@ void bench_md5()
 }


-void bench_sha()
+void bench_sha(void)
 {
    Sha    hash;
    byte   digest[SHA_DIGEST_SIZE];
@@ -305,7 +341,7 @@ void bench_sha()


 #ifndef NO_SHA256
-void bench_sha256()
+void bench_sha256(void)
 {
    Sha256 hash;
    byte   digest[SHA256_DIGEST_SIZE];
@@ -329,7 +365,7 @@ void bench_sha256()
 #endif

 #ifdef CYASSL_SHA512
-void bench_sha512()
+void bench_sha512(void)
 {
    Sha512 hash;
    byte   digest[SHA512_DIGEST_SIZE];
@@ -353,7 +389,7 @@ void bench_sha512()
 #endif

 #ifdef CYASSL_RIPEMD
-void bench_ripemd()
+void bench_ripemd(void)
 {
    RipeMd hash;
    byte   digest[RIPEMD_DIGEST_SIZE];
@@ -377,22 +413,26 @@ void bench_ripemd()
 #endif


+#if !defined(NO_RSA) || !defined(NO_DH) \
+                                || defined(CYASSL_KEYGEN) || defined(HAVE_ECC)
 RNG rng;
+#endif

-void bench_rsa()
+#ifndef NO_RSA
+void bench_rsa(void)
 {
    int    i;
-    byte   tmp[4096];
+    byte   tmp[3072];
    size_t bytes;
    word32 idx = 0;

    byte      message[] = "Everyone gets Friday off.";
-    byte      cipher[512];  /* for up to 4096 bit */
+    byte      enc[512];  /* for up to 4096 bit */
    byte*     output;
    const int len = (int)strlen((char*)message);
    double    start, total, each, milliEach;
    
-    RsaKey key;
+    RsaKey rsaKey;
    FILE*  file = fopen("./certs/rsa2048.der", "rb");

    if (!file) {
@@ -403,13 +443,13 @@ void bench_rsa()

    InitRng(&rng);
    bytes = fread(tmp, 1, sizeof(tmp), file);
-    InitRsaKey(&key, 0);
-    bytes = RsaPrivateKeyDecode(tmp, &idx, &key, (word32)bytes);
+    InitRsaKey(&rsaKey, 0);
+    bytes = RsaPrivateKeyDecode(tmp, &idx, &rsaKey, (word32)bytes);
    
    start = current_time();

    for (i = 0; i < times; i++)
-        bytes = RsaPublicEncrypt(message,len,cipher,sizeof(cipher), &key, &rng);
+        bytes = RsaPublicEncrypt(message,len,enc,sizeof(enc), &rsaKey, &rng);

    total = current_time() - start;
    each  = total / times;   /* per second   */
@@ -421,7 +461,7 @@ void bench_rsa()
    start = current_time();

    for (i = 0; i < times; i++)
-        RsaPrivateDecryptInline(cipher, (word32)bytes, &output, &key);
+        RsaPrivateDecryptInline(enc, (word32)bytes, &output, &rsaKey);

    total = current_time() - start;
    each  = total / times;   /* per second   */
@@ -431,12 +471,13 @@ void bench_rsa()
           " iterations\n", milliEach, times);

    fclose(file);
-    FreeRsaKey(&key);
+    FreeRsaKey(&rsaKey);
 }
+#endif


 #ifndef NO_DH
-void bench_dh()
+void bench_dh(void)
 {
    int    i;
    byte   tmp[1024];
@@ -450,7 +491,7 @@ void bench_dh()
    byte   agree[256];  /* for 2048 bit */
    
    double start, total, each, milliEach;
-    DhKey  key;
+    DhKey  dhKey;
    FILE*  file = fopen("./certs/dh2048.der", "rb");

    if (!file) {
@@ -460,13 +501,13 @@ void bench_dh()
    }

    bytes = fread(tmp, 1, sizeof(tmp), file);
-    InitDhKey(&key);
-    bytes = DhKeyDecode(tmp, &idx, &key, (word32)bytes);
+    InitDhKey(&dhKey);
+    bytes = DhKeyDecode(tmp, &idx, &dhKey, (word32)bytes);

    start = current_time();

    for (i = 0; i < times; i++)
-        DhGenerateKeyPair(&key, &rng, priv, &privSz, pub, &pubSz);
+        DhGenerateKeyPair(&dhKey, &rng, priv, &privSz, pub, &pubSz);

    total = current_time() - start;
    each  = total / times;   /* per second   */
@@ -475,11 +516,11 @@ void bench_dh()
    printf("DH  2048 key generation  %6.2f milliseconds, avg over %d" 
           " iterations\n", milliEach, times);

-    DhGenerateKeyPair(&key, &rng, priv2, &privSz2, pub2, &pubSz2);
+    DhGenerateKeyPair(&dhKey, &rng, priv2, &privSz2, pub2, &pubSz2);
    start = current_time();

    for (i = 0; i < times; i++)
-        DhAgree(&key, agree, &agreeSz, priv, privSz, pub2, pubSz2);
+        DhAgree(&dhKey, agree, &agreeSz, priv, privSz, pub2, pubSz2);

    total = current_time() - start;
    each  = total / times;   /* per second   */
@@ -489,12 +530,12 @@ void bench_dh()
           " iterations\n", milliEach, times);

    fclose(file);
-    FreeDhKey(&key);
+    FreeDhKey(&dhKey);
 }
 #endif

-#ifdef CYASSL_KEY_GEN
-void bench_rsaKeyGen()
+#if defined(CYASSL_KEY_GEN) && !defined(NO_RSA)
+void bench_rsaKeyGen(void)
 {
    RsaKey genKey;
    double start, total, each, milliEach;
@@ -535,7 +576,7 @@ void bench_rsaKeyGen()
 #endif /* CYASSL_KEY_GEN */

 #ifdef HAVE_ECC 
-void bench_eccKeyGen()
+void bench_eccKeyGen(void)
 {
    ecc_key genKey;
    double start, total, each, milliEach;
@@ -546,7 +587,7 @@ void bench_eccKeyGen()
    start = current_time();

    for(i = 0; i < genTimes; i++) {
-        int ret = ecc_make_key(&rng, 32, &genKey);
+        ecc_make_key(&rng, 32, &genKey);
        ecc_free(&genKey);
    }

@@ -559,7 +600,7 @@ void bench_eccKeyGen()
 }


-void bench_eccKeyAgree()
+void bench_eccKeyAgree(void)
 {
    ecc_key genKey, genKey2;
    double start, total, each, milliEach;
@@ -588,7 +629,7 @@ void bench_eccKeyAgree()
           " iterations\n", milliEach, agreeTimes);

    /* make dummy digest */
-    for (i = 0; i < sizeof(digest); i++)
+    for (i = 0; i < (int)sizeof(digest); i++)
        digest[i] = i;


@@ -637,7 +678,7 @@ void bench_eccKeyAgree()

    #include <sys/time.h>

-    double current_time()
+    double current_time(void)
    {
        struct timeval tv;
        gettimeofday(&tv, 0);
--- a/ctaocrypt/src/aes.c
+++ b/ctaocrypt/src/aes.c
@@ -743,7 +743,7 @@ static const word32 Td[5][256] = {
 #endif /* _MSC_VER */

            
-static int Check_CPU_support_AES()
+static int Check_CPU_support_AES(void)
 {
    unsigned int a,b,c,d;
    cpuid(1,a,b,c,d);
@@ -777,8 +777,8 @@ void AES_256_Key_Expansion(const unsigned char* userkey,
                           unsigned char* key_schedule);


-int AES_set_encrypt_key (const unsigned char *userKey, const int bits,
-                         Aes* aes)
+static int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
+                               Aes* aes)
 { 
    if (!userKey || !aes)
        return BAD_FUNC_ARG;
@@ -799,8 +799,8 @@ int AES_set_encrypt_key (const unsigned char *userKey, const int bits,
 }


-int AES_set_decrypt_key (const unsigned char* userKey, const int bits,
-                         Aes* aes)
+static int AES_set_decrypt_key(const unsigned char* userKey, const int bits,
+                               Aes* aes)
 {
    int nr;
    Aes temp_key;
@@ -859,30 +859,15 @@ int AesSetIV(Aes* aes, const byte* iv)
 }


-int AesSetKey(Aes* aes, const byte* userKey, word32 keylen, const byte* iv,
-              int dir)
+static int AesSetKeyLocal(Aes* aes, const byte* userKey, word32 keylen,
+            const byte* iv, int dir)
 {
    word32 temp, *rk = aes->key;
    unsigned int i = 0;

-    if (!((keylen == 16) || (keylen == 24) || (keylen == 32)))
-        return BAD_FUNC_ARG;
-
-#ifdef CYASSL_AESNI
-    if (checkAESNI == 0) {
-        haveAESNI  = Check_CPU_support_AES();
-        checkAESNI = 1;
-    }
-    if (haveAESNI) {
-        if (iv)
-            XMEMCPY(aes->reg, iv, AES_BLOCK_SIZE);
-        if (dir == AES_ENCRYPTION)
-            return AES_set_encrypt_key(userKey, keylen * 8, aes);
-        else
-            return AES_set_decrypt_key(userKey, keylen * 8, aes);
-    }
-#endif /* CYASSL_AESNI */
-
+    #ifdef CYASSL_AESNI
+        aes->use_aesni = 0;
+    #endif /* CYASSL_AESNI */
    aes->rounds = keylen/4 + 6;

    XMEMCPY(rk, userKey, keylen);
@@ -1008,6 +993,33 @@ int AesSetKey(Aes* aes, const byte* userKey, word32 keylen, const byte* iv,
 }


+int AesSetKey(Aes* aes, const byte* userKey, word32 keylen, const byte* iv,
+              int dir)
+{
+
+    if (!((keylen == 16) || (keylen == 24) || (keylen == 32)))
+        return BAD_FUNC_ARG;
+
+#ifdef CYASSL_AESNI
+    if (checkAESNI == 0) {
+        haveAESNI  = Check_CPU_support_AES();
+        checkAESNI = 1;
+    }
+    if (haveAESNI) {
+        aes->use_aesni = 1;
+        if (iv)
+            XMEMCPY(aes->reg, iv, AES_BLOCK_SIZE);
+        if (dir == AES_ENCRYPTION)
+            return AES_set_encrypt_key(userKey, keylen * 8, aes);
+        else
+            return AES_set_decrypt_key(userKey, keylen * 8, aes);
+    }
+#endif /* CYASSL_AESNI */
+
+    return AesSetKeyLocal(aes, userKey, keylen, iv, dir);
+}
+
+
 static void AesEncrypt(Aes* aes, const byte* inBlock, byte* outBlock)
 {
    word32 s0, s1, s2, s3;
@@ -1019,6 +1031,13 @@ static void AesEncrypt(Aes* aes, const byte* inBlock, byte* outBlock)
        CYASSL_MSG("AesEncrypt encountered improper key, set it up");
        return;  /* stop instead of segfaulting, set up your keys! */
    }
+#ifdef CYASSL_AESNI
+    if (aes->use_aesni) {
+        CYASSL_MSG("AesEncrypt encountered aesni keysetup, don't use direct");
+        return;  /* just stop now */
+    } 
+#endif
+
    /*
     * map byte array block to cipher state
     * and add initial round key:
@@ -1157,6 +1176,13 @@ static void AesDecrypt(Aes* aes, const byte* inBlock, byte* outBlock)
        CYASSL_MSG("AesDecrypt encountered improper key, set it up");
        return;  /* stop instead of segfaulting, set up your keys! */
    }
+#ifdef CYASSL_AESNI
+    if (aes->use_aesni) {
+        CYASSL_MSG("AesEncrypt encountered aesni keysetup, don't use direct");
+        return;  /* just stop now */
+    } 
+#endif
+
    /*
     * map byte array block to cipher state
     * and add initial round key:
@@ -1373,6 +1399,18 @@ void AesDecryptDirect(Aes* aes, byte* out, const byte* in)
 #endif /* CYASSL_AES_DIRECT */


+#if defined(CYASSL_AES_DIRECT) || defined(CYASSL_AES_COUNTER)
+
+/* AES-CTR and AES-DIRECT need to use this for key setup, no aesni yet */
+int AesSetKeyDirect(Aes* aes, const byte* userKey, word32 keylen,
+                    const byte* iv, int dir)
+{
+    return AesSetKeyLocal(aes, userKey, keylen, iv, dir);
+}
+
+#endif /* CYASSL_AES_DIRECT || CYASSL_AES_COUNTER */
+
+
 #ifdef CYASSL_AES_COUNTER

 /* Increment AES counter */
@@ -1404,5 +1442,756 @@ void AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)

 #endif /* CYASSL_AES_COUNTER */

+
+#ifdef HAVE_AESGCM
+
+/*
+ * The IV for AES GCM, stored in struct Aes's member reg, is comprised of
+ * three parts in order:
+ *   1. The implicit IV. This is generated from the PRF using the shared
+ *      secrets between endpoints. It is 4 bytes long.
+ *   2. The explicit IV. This is set by the user of the AES. It needs to be
+ *      unique for each call to encrypt. The explicit IV is shared with the
+ *      other end of the transaction in the clear.
+ *   3. The counter. Each block of data is encrypted with its own sequence
+ *      number counter.
+ */
+
+enum {
+    IMPLICIT_IV_SZ = 4,
+    EXPLICIT_IV_SZ = 8,
+    CTR_SZ = 4
+};
+
+
+static INLINE void InitGcmCounter(byte* inOutCtr)
+{
+    inOutCtr[AES_BLOCK_SIZE - 4] = 0;
+    inOutCtr[AES_BLOCK_SIZE - 3] = 0;
+    inOutCtr[AES_BLOCK_SIZE - 2] = 0;
+    inOutCtr[AES_BLOCK_SIZE - 1] = 1;
+}
+
+
+static INLINE void IncrementGcmCounter(byte* inOutCtr)
+{
+    int i;
+
+    /* in network byte order so start at end and work back */
+    for (i = AES_BLOCK_SIZE - 1; i >= AES_BLOCK_SIZE - CTR_SZ; i--) {
+        if (++inOutCtr[i])  /* we're done unless we overflow */
+            return;
+    }
+}
+
+
+/*
+ * The explicit IV is set by the caller. A common practice is to treat it as
+ * a sequence number seeded with a random number. The caller manages
+ * incrementing the explicit IV when appropriate.
+ */
+
+void AesGcmSetExpIV(Aes* aes, const byte* iv)
+{
+    XMEMCPY((byte*)aes->reg + IMPLICIT_IV_SZ, iv, EXPLICIT_IV_SZ);
+}
+
+
+void AesGcmGetExpIV(Aes* aes, byte* iv)
+{
+    XMEMCPY(iv, (byte*)aes->reg + IMPLICIT_IV_SZ, EXPLICIT_IV_SZ);
+}
+
+
+void AesGcmIncExpIV(Aes* aes)
+{
+    int i;
+    byte* iv = (byte*)aes->reg + IMPLICIT_IV_SZ;
+
+    for (i = EXPLICIT_IV_SZ - 1; i >= 0; i--) {
+        if (++iv[i])
+            return;
+    }
+}
+
+
+#if defined(GCM_SMALL) || defined(GCM_TABLE)
+
+static INLINE void FlattenSzInBits(byte* buf, word32 sz)
+{
+    /* Multiply the sz by 8 */
+    word32 szHi = (sz >> (8*sizeof(sz) - 3));
+    sz <<= 3;
+
+    /* copy over the words of the sz into the destination buffer */
+    buf[0] = (szHi >> 24) & 0xff;
+    buf[1] = (szHi >> 16) & 0xff;
+    buf[2] = (szHi >>  8) & 0xff;
+    buf[3] = szHi & 0xff;
+    buf[4] = (sz >> 24) & 0xff;
+    buf[5] = (sz >> 16) & 0xff;
+    buf[6] = (sz >>  8) & 0xff;
+    buf[7] = sz & 0xff;
+}
+
+
+static INLINE void RIGHTSHIFTX(byte* x)
+{
+    int i;
+    int carryOut = 0;
+    int carryIn = 0;
+    int borrow = x[15] & 0x01;
+
+    for (i = 0; i < AES_BLOCK_SIZE; i++) {
+        carryOut = x[i] & 0x01;
+        x[i] = (x[i] >> 1) | (carryIn ? 0x80 : 0);
+        carryIn = carryOut;
+    }
+    if (borrow) x[0] ^= 0xE1;
+}
+
+#endif /* defined(GCM_SMALL) || defined(GCM_TABLE) */
+
+
+#ifdef GCM_TABLE
+
+static void GenerateM0(Aes* aes)
+{
+    int i, j;
+    byte (*m)[AES_BLOCK_SIZE] = aes->M0;
+
+    XMEMCPY(m[128], aes->H, AES_BLOCK_SIZE);
+
+    for (i = 64; i > 0; i /= 2) {
+        XMEMCPY(m[i], m[i*2], AES_BLOCK_SIZE);
+        RIGHTSHIFTX(m[i]);
+    }
+
+    for (i = 2; i < 256; i *= 2) {
+        for (j = 1; j < i; j++) {
+            XMEMCPY(m[i+j], m[i], AES_BLOCK_SIZE);
+            xorbuf(m[i+j], m[j], AES_BLOCK_SIZE);
+        }
+    }
+
+    XMEMSET(m[0], 0, AES_BLOCK_SIZE);
+}
+
+#endif /* GCM_TABLE */
+
+
+void AesGcmSetKey(Aes* aes, const byte* key, word32 len,
+                                                    const byte* implicitIV)
+{
+    byte fullIV[AES_BLOCK_SIZE];
+
+    if (!((len == 16) || (len == 24) || (len == 32)))
+        return;
+
+    XMEMSET(fullIV, 0, AES_BLOCK_SIZE);
+    XMEMCPY(fullIV, implicitIV, IMPLICIT_IV_SZ);
+    AesSetKeyLocal(aes, key, len, fullIV, AES_ENCRYPTION);
+
+    XMEMSET(fullIV, 0, AES_BLOCK_SIZE);
+    AesEncrypt(aes, fullIV, aes->H);
+#ifdef GCM_TABLE
+    GenerateM0(aes);
+#endif /* GCM_TABLE */
+}
+
+
+#if defined(GCM_SMALL)
+
+static void GMULT(byte* X, byte* Y)
+{
+    byte Z[AES_BLOCK_SIZE];
+    byte V[AES_BLOCK_SIZE];
+    int i, j;
+
+    XMEMSET(Z, 0, AES_BLOCK_SIZE);
+    XMEMCPY(V, X, AES_BLOCK_SIZE);
+    for (i = 0; i < AES_BLOCK_SIZE; i++)
+    {
+        byte y = Y[i];
+        for (j = 0; j < 8; j++)
+        {
+            if (y & 0x80) {
+                xorbuf(Z, V, AES_BLOCK_SIZE);
+            }
+
+            RIGHTSHIFTX(V);
+            y = y << 1;
+        }
+    }
+    XMEMCPY(X, Z, AES_BLOCK_SIZE);
+}
+
+
+static void GHASH(Aes* aes, const byte* a, word32 aSz,
+                                const byte* c, word32 cSz, byte* s, word32 sSz)
+{
+    byte x[AES_BLOCK_SIZE];
+    byte scratch[AES_BLOCK_SIZE];
+    word32 blocks, partial;
+    byte* h = aes->H;
+
+    XMEMSET(x, 0, AES_BLOCK_SIZE);
+
+    /* Hash in A, the Additional Authentication Data */
+    if (aSz != 0 && a != NULL) {
+        blocks = aSz / AES_BLOCK_SIZE;
+        partial = aSz % AES_BLOCK_SIZE;
+        while (blocks--) {
+            xorbuf(x, a, AES_BLOCK_SIZE);
+            GMULT(x, h);
+            a += AES_BLOCK_SIZE;
+        }
+        if (partial != 0) {
+            XMEMSET(scratch, 0, AES_BLOCK_SIZE);
+            XMEMCPY(scratch, a, partial);
+            xorbuf(x, scratch, AES_BLOCK_SIZE);
+            GMULT(x, h);
+        }
+    }
+
+    /* Hash in C, the Ciphertext */
+    if (cSz != 0 && c != NULL) {
+        blocks = cSz / AES_BLOCK_SIZE;
+        partial = cSz % AES_BLOCK_SIZE;
+        while (blocks--) {
+            xorbuf(x, c, AES_BLOCK_SIZE);
+            GMULT(x, h);
+            c += AES_BLOCK_SIZE;
+        }
+        if (partial != 0) {
+            XMEMSET(scratch, 0, AES_BLOCK_SIZE);
+            XMEMCPY(scratch, c, partial);
+            xorbuf(x, scratch, AES_BLOCK_SIZE);
+            GMULT(x, h);
+        }
+    }
+
+    /* Hash in the lengths of A and C in bits */
+    FlattenSzInBits(&scratch[0], aSz);
+    FlattenSzInBits(&scratch[8], cSz);
+    xorbuf(x, scratch, AES_BLOCK_SIZE);
+    GMULT(x, h);
+
+    /* Copy the result into s. */
+    XMEMCPY(s, x, sSz);
+}
+
+/* end GCM_SMALL */
+#elif defined(GCM_TABLE)
+
+static const byte R[256][2] = {
+    {0x00, 0x00}, {0x01, 0xc2}, {0x03, 0x84}, {0x02, 0x46},
+    {0x07, 0x08}, {0x06, 0xca}, {0x04, 0x8c}, {0x05, 0x4e},
+    {0x0e, 0x10}, {0x0f, 0xd2}, {0x0d, 0x94}, {0x0c, 0x56},
+    {0x09, 0x18}, {0x08, 0xda}, {0x0a, 0x9c}, {0x0b, 0x5e},
+    {0x1c, 0x20}, {0x1d, 0xe2}, {0x1f, 0xa4}, {0x1e, 0x66},
+    {0x1b, 0x28}, {0x1a, 0xea}, {0x18, 0xac}, {0x19, 0x6e},
+    {0x12, 0x30}, {0x13, 0xf2}, {0x11, 0xb4}, {0x10, 0x76},
+    {0x15, 0x38}, {0x14, 0xfa}, {0x16, 0xbc}, {0x17, 0x7e},
+    {0x38, 0x40}, {0x39, 0x82}, {0x3b, 0xc4}, {0x3a, 0x06},
+    {0x3f, 0x48}, {0x3e, 0x8a}, {0x3c, 0xcc}, {0x3d, 0x0e},
+    {0x36, 0x50}, {0x37, 0x92}, {0x35, 0xd4}, {0x34, 0x16},
+    {0x31, 0x58}, {0x30, 0x9a}, {0x32, 0xdc}, {0x33, 0x1e},
+    {0x24, 0x60}, {0x25, 0xa2}, {0x27, 0xe4}, {0x26, 0x26},
+    {0x23, 0x68}, {0x22, 0xaa}, {0x20, 0xec}, {0x21, 0x2e},
+    {0x2a, 0x70}, {0x2b, 0xb2}, {0x29, 0xf4}, {0x28, 0x36},
+    {0x2d, 0x78}, {0x2c, 0xba}, {0x2e, 0xfc}, {0x2f, 0x3e},
+    {0x70, 0x80}, {0x71, 0x42}, {0x73, 0x04}, {0x72, 0xc6},
+    {0x77, 0x88}, {0x76, 0x4a}, {0x74, 0x0c}, {0x75, 0xce},
+    {0x7e, 0x90}, {0x7f, 0x52}, {0x7d, 0x14}, {0x7c, 0xd6},
+    {0x79, 0x98}, {0x78, 0x5a}, {0x7a, 0x1c}, {0x7b, 0xde},
+    {0x6c, 0xa0}, {0x6d, 0x62}, {0x6f, 0x24}, {0x6e, 0xe6},
+    {0x6b, 0xa8}, {0x6a, 0x6a}, {0x68, 0x2c}, {0x69, 0xee},
+    {0x62, 0xb0}, {0x63, 0x72}, {0x61, 0x34}, {0x60, 0xf6},
+    {0x65, 0xb8}, {0x64, 0x7a}, {0x66, 0x3c}, {0x67, 0xfe},
+    {0x48, 0xc0}, {0x49, 0x02}, {0x4b, 0x44}, {0x4a, 0x86},
+    {0x4f, 0xc8}, {0x4e, 0x0a}, {0x4c, 0x4c}, {0x4d, 0x8e},
+    {0x46, 0xd0}, {0x47, 0x12}, {0x45, 0x54}, {0x44, 0x96},
+    {0x41, 0xd8}, {0x40, 0x1a}, {0x42, 0x5c}, {0x43, 0x9e},
+    {0x54, 0xe0}, {0x55, 0x22}, {0x57, 0x64}, {0x56, 0xa6},
+    {0x53, 0xe8}, {0x52, 0x2a}, {0x50, 0x6c}, {0x51, 0xae},
+    {0x5a, 0xf0}, {0x5b, 0x32}, {0x59, 0x74}, {0x58, 0xb6},
+    {0x5d, 0xf8}, {0x5c, 0x3a}, {0x5e, 0x7c}, {0x5f, 0xbe},
+    {0xe1, 0x00}, {0xe0, 0xc2}, {0xe2, 0x84}, {0xe3, 0x46},
+    {0xe6, 0x08}, {0xe7, 0xca}, {0xe5, 0x8c}, {0xe4, 0x4e},
+    {0xef, 0x10}, {0xee, 0xd2}, {0xec, 0x94}, {0xed, 0x56},
+    {0xe8, 0x18}, {0xe9, 0xda}, {0xeb, 0x9c}, {0xea, 0x5e},
+    {0xfd, 0x20}, {0xfc, 0xe2}, {0xfe, 0xa4}, {0xff, 0x66},
+    {0xfa, 0x28}, {0xfb, 0xea}, {0xf9, 0xac}, {0xf8, 0x6e},
+    {0xf3, 0x30}, {0xf2, 0xf2}, {0xf0, 0xb4}, {0xf1, 0x76},
+    {0xf4, 0x38}, {0xf5, 0xfa}, {0xf7, 0xbc}, {0xf6, 0x7e},
+    {0xd9, 0x40}, {0xd8, 0x82}, {0xda, 0xc4}, {0xdb, 0x06},
+    {0xde, 0x48}, {0xdf, 0x8a}, {0xdd, 0xcc}, {0xdc, 0x0e},
+    {0xd7, 0x50}, {0xd6, 0x92}, {0xd4, 0xd4}, {0xd5, 0x16},
+    {0xd0, 0x58}, {0xd1, 0x9a}, {0xd3, 0xdc}, {0xd2, 0x1e},
+    {0xc5, 0x60}, {0xc4, 0xa2}, {0xc6, 0xe4}, {0xc7, 0x26},
+    {0xc2, 0x68}, {0xc3, 0xaa}, {0xc1, 0xec}, {0xc0, 0x2e},
+    {0xcb, 0x70}, {0xca, 0xb2}, {0xc8, 0xf4}, {0xc9, 0x36},
+    {0xcc, 0x78}, {0xcd, 0xba}, {0xcf, 0xfc}, {0xce, 0x3e},
+    {0x91, 0x80}, {0x90, 0x42}, {0x92, 0x04}, {0x93, 0xc6},
+    {0x96, 0x88}, {0x97, 0x4a}, {0x95, 0x0c}, {0x94, 0xce},
+    {0x9f, 0x90}, {0x9e, 0x52}, {0x9c, 0x14}, {0x9d, 0xd6},
+    {0x98, 0x98}, {0x99, 0x5a}, {0x9b, 0x1c}, {0x9a, 0xde},
+    {0x8d, 0xa0}, {0x8c, 0x62}, {0x8e, 0x24}, {0x8f, 0xe6},
+    {0x8a, 0xa8}, {0x8b, 0x6a}, {0x89, 0x2c}, {0x88, 0xee},
+    {0x83, 0xb0}, {0x82, 0x72}, {0x80, 0x34}, {0x81, 0xf6},
+    {0x84, 0xb8}, {0x85, 0x7a}, {0x87, 0x3c}, {0x86, 0xfe},
+    {0xa9, 0xc0}, {0xa8, 0x02}, {0xaa, 0x44}, {0xab, 0x86},
+    {0xae, 0xc8}, {0xaf, 0x0a}, {0xad, 0x4c}, {0xac, 0x8e},
+    {0xa7, 0xd0}, {0xa6, 0x12}, {0xa4, 0x54}, {0xa5, 0x96},
+    {0xa0, 0xd8}, {0xa1, 0x1a}, {0xa3, 0x5c}, {0xa2, 0x9e},
+    {0xb5, 0xe0}, {0xb4, 0x22}, {0xb6, 0x64}, {0xb7, 0xa6},
+    {0xb2, 0xe8}, {0xb3, 0x2a}, {0xb1, 0x6c}, {0xb0, 0xae},
+    {0xbb, 0xf0}, {0xba, 0x32}, {0xb8, 0x74}, {0xb9, 0xb6},
+    {0xbc, 0xf8}, {0xbd, 0x3a}, {0xbf, 0x7c}, {0xbe, 0xbe} };
+
+
+static void GMULT(byte *x, byte m[256][AES_BLOCK_SIZE])
+{
+    int i, j;
+    byte Z[AES_BLOCK_SIZE];
+    byte a;
+
+    XMEMSET(Z, 0, sizeof(Z));
+
+    for (i = 15; i > 0; i--) {
+        xorbuf(Z, m[x[i]], AES_BLOCK_SIZE);
+        a = Z[15];
+
+        for (j = 15; j > 0; j--) {
+            Z[j] = Z[j-1];
+        }
+
+        Z[0] = R[a][0];
+        Z[1] ^= R[a][1];
+    }
+    xorbuf(Z, m[x[0]], AES_BLOCK_SIZE);
+
+    XMEMCPY(x, Z, AES_BLOCK_SIZE);
+}
+
+
+static void GHASH(Aes* aes, const byte* a, word32 aSz,
+                                const byte* c, word32 cSz, byte* s, word32 sSz)
+{
+    byte x[AES_BLOCK_SIZE];
+    byte scratch[AES_BLOCK_SIZE];
+    word32 blocks, partial;
+
+    XMEMSET(x, 0, AES_BLOCK_SIZE);
+
+    /* Hash in A, the Additional Authentication Data */
+    if (aSz != 0 && a != NULL) {
+        blocks = aSz / AES_BLOCK_SIZE;
+        partial = aSz % AES_BLOCK_SIZE;
+        while (blocks--) {
+            xorbuf(x, a, AES_BLOCK_SIZE);
+            GMULT(x, aes->M0);
+            a += AES_BLOCK_SIZE;
+        }
+        if (partial != 0) {
+            XMEMSET(scratch, 0, AES_BLOCK_SIZE);
+            XMEMCPY(scratch, a, partial);
+            xorbuf(x, scratch, AES_BLOCK_SIZE);
+            GMULT(x, aes->M0);
+        }
+    }
+
+    /* Hash in C, the Ciphertext */
+    if (cSz != 0 && c != NULL) {
+        blocks = cSz / AES_BLOCK_SIZE;
+        partial = cSz % AES_BLOCK_SIZE;
+        while (blocks--) {
+            xorbuf(x, c, AES_BLOCK_SIZE);
+            GMULT(x, aes->M0);
+            c += AES_BLOCK_SIZE;
+        }
+        if (partial != 0) {
+            XMEMSET(scratch, 0, AES_BLOCK_SIZE);
+            XMEMCPY(scratch, c, partial);
+            xorbuf(x, scratch, AES_BLOCK_SIZE);
+            GMULT(x, aes->M0);
+        }
+    }
+
+    /* Hash in the lengths of A and C in bits */
+    FlattenSzInBits(&scratch[0], aSz);
+    FlattenSzInBits(&scratch[8], cSz);
+    xorbuf(x, scratch, AES_BLOCK_SIZE);
+    GMULT(x, aes->M0);
+
+    /* Copy the result into s. */
+    XMEMCPY(s, x, sSz);
+}
+
+/* end GCM_TABLE */
+#elif defined(WORD64_AVAILABLE) && !defined(GCM_WORD32)
+
+static void GMULT(word64* X, word64* Y)
+{
+    word64 Z[2] = {0,0};
+    word64 V[2] = {X[0], X[1]};
+    int i, j;
+
+    for (i = 0; i < 2; i++)
+    {
+        word64 y = Y[i];
+        for (j = 0; j < 64; j++)
+        {
+            if (y & 0x8000000000000000) {
+                Z[0] ^= V[0];
+                Z[1] ^= V[1];
+            }
+
+            if (V[1] & 0x0000000000000001) {
+                V[1] >>= 1;
+                V[1] |= ((V[0] & 0x0000000000000001) ? 0x8000000000000000 : 0);
+                V[0] >>= 1;
+                V[0] ^= 0xE100000000000000;
+            }
+            else {
+                V[1] >>= 1;
+                V[1] |= ((V[0] & 0x0000000000000001) ? 0x8000000000000000 : 0);
+                V[0] >>= 1;
+            }
+            y <<= 1;
+        }
+    }
+    X[0] = Z[0];
+    X[1] = Z[1];
+}
+
+
+static void GHASH(Aes* aes, const byte* a, word32 aSz,
+                                const byte* c, word32 cSz, byte* s, word32 sSz)
+{
+    word64 x[2] = {0,0};
+    word32 blocks, partial;
+    word64 bigH[2];
+
+    XMEMCPY(bigH, aes->H, AES_BLOCK_SIZE);
+    #ifdef LITTLE_ENDIAN_ORDER
+        ByteReverseWords64(bigH, bigH, AES_BLOCK_SIZE); 
+    #endif
+
+    /* Hash in A, the Additional Authentication Data */
+    if (aSz != 0 && a != NULL) {
+        word64 bigA[2];
+        blocks = aSz / AES_BLOCK_SIZE;
+        partial = aSz % AES_BLOCK_SIZE;
+        while (blocks--) {
+            XMEMCPY(bigA, a, AES_BLOCK_SIZE);
+            #ifdef LITTLE_ENDIAN_ORDER
+                ByteReverseWords64(bigA, bigA, AES_BLOCK_SIZE);
+            #endif
+            x[0] ^= bigA[0];
+            x[1] ^= bigA[1];
+            GMULT(x, bigH);
+            a += AES_BLOCK_SIZE;
+        }
+        if (partial != 0) {
+            XMEMSET(bigA, 0, AES_BLOCK_SIZE);
+            XMEMCPY(bigA, a, partial);
+            #ifdef LITTLE_ENDIAN_ORDER
+                ByteReverseWords64(bigA, bigA, AES_BLOCK_SIZE);
+            #endif
+            x[0] ^= bigA[0];
+            x[1] ^= bigA[1];
+            GMULT(x, bigH);
+        }
+    }
+
+    /* Hash in C, the Ciphertext */
+    if (cSz != 0 && c != NULL) {
+        word64 bigC[2];
+        blocks = cSz / AES_BLOCK_SIZE;
+        partial = cSz % AES_BLOCK_SIZE;
+        while (blocks--) {
+            XMEMCPY(bigC, c, AES_BLOCK_SIZE);
+            #ifdef LITTLE_ENDIAN_ORDER
+                ByteReverseWords64(bigC, bigC, AES_BLOCK_SIZE);
+            #endif
+            x[0] ^= bigC[0];
+            x[1] ^= bigC[1];
+            GMULT(x, bigH);
+            c += AES_BLOCK_SIZE;
+        }
+        if (partial != 0) {
+            XMEMSET(bigC, 0, AES_BLOCK_SIZE);
+            XMEMCPY(bigC, c, partial);
+            #ifdef LITTLE_ENDIAN_ORDER
+                ByteReverseWords64(bigC, bigC, AES_BLOCK_SIZE);
+            #endif
+            x[0] ^= bigC[0];
+            x[1] ^= bigC[1];
+            GMULT(x, bigH);
+        }
+    }
+
+    /* Hash in the lengths in bits of A and C */
+    {
+        word64 len[2] = {aSz, cSz};
+
+        /* Lengths are in bytes. Convert to bits. */
+        len[0] *= 8;
+        len[1] *= 8;
+
+        x[0] ^= len[0];
+        x[1] ^= len[1];
+        GMULT(x, bigH);
+    }
+    #ifdef LITTLE_ENDIAN_ORDER
+        ByteReverseWords64(x, x, AES_BLOCK_SIZE);
+    #endif
+    XMEMCPY(s, x, sSz);
+}
+
+/* end defined(WORD64_AVAILABLE) && !defined(GCM_WORD32) */
+#else /* GCM_WORD32 */
+
+static void GMULT(word32* X, word32* Y)
+{
+    word32 Z[4] = {0,0,0,0};
+    word32 V[4] = {X[0], X[1], X[2], X[3]};
+    int i, j;
+
+    for (i = 0; i < 4; i++)
+    {
+        word32 y = Y[i];
+        for (j = 0; j < 32; j++)
+        {
+            if (y & 0x80000000) {
+                Z[0] ^= V[0];
+                Z[1] ^= V[1];
+                Z[2] ^= V[2];
+                Z[3] ^= V[3];
+            }
+
+            if (V[3] & 0x00000001) {
+                V[3] >>= 1;
+                V[3] |= ((V[2] & 0x00000001) ? 0x80000000 : 0);
+                V[2] >>= 1;
+                V[2] |= ((V[1] & 0x00000001) ? 0x80000000 : 0);
+                V[1] >>= 1;
+                V[1] |= ((V[0] & 0x00000001) ? 0x80000000 : 0);
+                V[0] >>= 1;
+                V[0] ^= 0xE1000000;
+            } else {
+                V[3] >>= 1;
+                V[3] |= ((V[2] & 0x00000001) ? 0x80000000 : 0);
+                V[2] >>= 1;
+                V[2] |= ((V[1] & 0x00000001) ? 0x80000000 : 0);
+                V[1] >>= 1;
+                V[1] |= ((V[0] & 0x00000001) ? 0x80000000 : 0);
+                V[0] >>= 1;
+            }
+            y <<= 1;
+        }
+    }
+    X[0] = Z[0];
+    X[1] = Z[1];
+    X[2] = Z[2];
+    X[3] = Z[3];
+}
+
+
+static void GHASH(Aes* aes, const byte* a, word32 aSz,
+                                const byte* c, word32 cSz, byte* s, word32 sSz)
+{
+    word32 x[4] = {0,0,0,0};
+    word32 blocks, partial;
+    word32 bigH[4];
+
+    XMEMCPY(bigH, aes->H, AES_BLOCK_SIZE);
+    #ifdef LITTLE_ENDIAN_ORDER
+        ByteReverseWords(bigH, bigH, AES_BLOCK_SIZE); 
+    #endif
+
+    /* Hash in A, the Additional Authentication Data */
+    if (aSz != 0 && a != NULL) {
+        word32 bigA[4];
+        blocks = aSz / AES_BLOCK_SIZE;
+        partial = aSz % AES_BLOCK_SIZE;
+        while (blocks--) {
+            XMEMCPY(bigA, a, AES_BLOCK_SIZE);
+            #ifdef LITTLE_ENDIAN_ORDER
+                ByteReverseWords(bigA, bigA, AES_BLOCK_SIZE);
+            #endif
+            x[0] ^= bigA[0];
+            x[1] ^= bigA[1];
+            x[2] ^= bigA[2];
+            x[3] ^= bigA[3];
+            GMULT(x, bigH);
+            a += AES_BLOCK_SIZE;
+        }
+        if (partial != 0) {
+            XMEMSET(bigA, 0, AES_BLOCK_SIZE);
+            XMEMCPY(bigA, a, partial);
+            #ifdef LITTLE_ENDIAN_ORDER
+                ByteReverseWords(bigA, bigA, AES_BLOCK_SIZE);
+            #endif
+            x[0] ^= bigA[0];
+            x[1] ^= bigA[1];
+            x[2] ^= bigA[2];
+            x[3] ^= bigA[3];
+            GMULT(x, bigH);
+        }
+    }
+
+    /* Hash in C, the Ciphertext */
+    if (cSz != 0 && c != NULL) {
+        word32 bigC[4];
+        blocks = cSz / AES_BLOCK_SIZE;
+        partial = cSz % AES_BLOCK_SIZE;
+        while (blocks--) {
+            XMEMCPY(bigC, c, AES_BLOCK_SIZE);
+            #ifdef LITTLE_ENDIAN_ORDER
+                ByteReverseWords(bigC, bigC, AES_BLOCK_SIZE);
+            #endif
+            x[0] ^= bigC[0];
+            x[1] ^= bigC[1];
+            x[2] ^= bigC[2];
+            x[3] ^= bigC[3];
+            GMULT(x, bigH);
+            c += AES_BLOCK_SIZE;
+        }
+        if (partial != 0) {
+            XMEMSET(bigC, 0, AES_BLOCK_SIZE);
+            XMEMCPY(bigC, c, partial);
+            #ifdef LITTLE_ENDIAN_ORDER
+                ByteReverseWords(bigC, bigC, AES_BLOCK_SIZE);
+            #endif
+            x[0] ^= bigC[0];
+            x[1] ^= bigC[1];
+            x[2] ^= bigC[2];
+            x[3] ^= bigC[3];
+            GMULT(x, bigH);
+        }
+    }
+
+    /* Hash in the lengths in bits of A and C */
+    {
+        word32 len[4];
+
+        /* Lengths are in bytes. Convert to bits. */
+        len[0] = (aSz >> (8*sizeof(aSz) - 3));
+        len[1] = aSz << 3;
+        len[2] = (cSz >> (8*sizeof(cSz) - 3));
+        len[3] = cSz << 3;
+
+        x[0] ^= len[0];
+        x[1] ^= len[1];
+        x[2] ^= len[2];
+        x[3] ^= len[3];
+        GMULT(x, bigH);
+    }
+    #ifdef LITTLE_ENDIAN_ORDER
+        ByteReverseWords(x, x, AES_BLOCK_SIZE);
+    #endif
+    XMEMCPY(s, x, sSz);
+}
+
+#endif /* end GCM_WORD32 */
+
+
+void AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
+                   byte* authTag, word32 authTagSz,
+                   const byte* authIn, word32 authInSz)
+{
+    word32 blocks = sz / AES_BLOCK_SIZE;
+    word32 partial = sz % AES_BLOCK_SIZE;
+    const byte* p = in;
+    byte* c = out;
+    byte ctr[AES_BLOCK_SIZE];
+    byte scratch[AES_BLOCK_SIZE];
+
+    CYASSL_ENTER("AesGcmEncrypt");
+
+    /* Initialize the counter with the MS 96 bits of IV, and the counter
+     * portion set to "1". */
+    XMEMCPY(ctr, aes->reg, AES_BLOCK_SIZE);
+    InitGcmCounter(ctr);
+
+    while (blocks--) {
+        IncrementGcmCounter(ctr);
+        AesEncrypt(aes, ctr, scratch);
+        xorbuf(scratch, p, AES_BLOCK_SIZE);
+        XMEMCPY(c, scratch, AES_BLOCK_SIZE);
+
+        p += AES_BLOCK_SIZE;
+        c += AES_BLOCK_SIZE;
+    }
+    if (partial != 0) {
+        IncrementGcmCounter(ctr);
+        AesEncrypt(aes, ctr, scratch);
+        xorbuf(scratch, p, partial);
+        XMEMCPY(c, scratch, partial);
+    }
+    GHASH(aes, authIn, authInSz, out, sz, authTag, authTagSz);
+    InitGcmCounter(ctr);
+    AesEncrypt(aes, ctr, scratch);
+    xorbuf(authTag, scratch, authTagSz);
+}
+
+
+int  AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
+                   const byte* authTag, word32 authTagSz,
+                   const byte* authIn, word32 authInSz)
+{
+    word32 blocks = sz / AES_BLOCK_SIZE;
+    word32 partial = sz % AES_BLOCK_SIZE;
+    const byte* c = in;
+    byte* p = out;
+    byte ctr[AES_BLOCK_SIZE];
+    byte scratch[AES_BLOCK_SIZE];
+
+    CYASSL_ENTER("AesGcmDecrypt");
+
+    /* Initialize the counter with the MS 96 bits of IV, and the counter
+     * portion set to "1". */
+    XMEMCPY(ctr, aes->reg, AES_BLOCK_SIZE);
+    InitGcmCounter(ctr);
+
+    /* Calculate the authTag again using the received auth data and the
+     * cipher text. */
+    {
+        byte Tprime[AES_BLOCK_SIZE];
+        byte EKY0[AES_BLOCK_SIZE];
+
+        GHASH(aes, authIn, authInSz, in, sz, Tprime, sizeof(Tprime));
+        AesEncrypt(aes, ctr, EKY0);
+        xorbuf(Tprime, EKY0, sizeof(Tprime));
+        if (XMEMCMP(authTag, Tprime, authTagSz) != 0) {
+            return AES_GCM_AUTH_E;
+        }
+    }
+
+    while (blocks--) {
+        IncrementGcmCounter(ctr);
+        AesEncrypt(aes, ctr, scratch);
+        xorbuf(scratch, c, AES_BLOCK_SIZE);
+        XMEMCPY(p, scratch, AES_BLOCK_SIZE);
+
+        p += AES_BLOCK_SIZE;
+        c += AES_BLOCK_SIZE;
+    }
+    if (partial != 0) {
+        IncrementGcmCounter(ctr);
+        AesEncrypt(aes, ctr, scratch);
+        xorbuf(scratch, c, partial);
+        XMEMCPY(p, scratch, partial);
+    }
+
+    return 0;
+}
+
+#endif /* HAVE_AESGCM */
+
+
 #endif /* NO_AES */

--- a/ctaocrypt/src/asm.c
+++ b/ctaocrypt/src/asm.c
@@ -41,7 +41,7 @@
   mu = c[x] * mp

 #define INNERMUL                                          \
-asm(                                                      \
+__asm__(                                                      \
   "movl %5,%%eax \n\t"                                   \
   "mull %4       \n\t"                                   \
   "addl %1,%%eax \n\t"                                   \
@@ -54,7 +54,7 @@ asm(                                                      \
 : "%eax", "%edx", "%cc")

 #define PROPCARRY                           \
-asm(                                        \
+__asm__(                                        \
   "addl   %1,%0    \n\t"                   \
   "setb   %%al     \n\t"                   \
   "movzbl %%al,%1 \n\t"                    \
@@ -73,7 +73,7 @@ asm(                                        \
   mu = c[x] * mp

 #define INNERMUL                                          \
-asm(                                                      \
+__asm__(                                                      \
   "movq %5,%%rax \n\t"                                   \
   "mulq %4       \n\t"                                   \
   "addq %1,%%rax \n\t"                                   \
@@ -86,7 +86,7 @@ asm(                                                      \
 : "%rax", "%rdx", "%cc")

 #define INNERMUL8 \
- asm(                  \
+ __asm__(                  \
 "movq 0(%5),%%rax    \n\t"  \
 "movq 0(%2),%%r10    \n\t"  \
 "movq 0x8(%5),%%r11  \n\t"  \
@@ -180,7 +180,7 @@ asm(                                                      \


 #define PROPCARRY                           \
-asm(                                        \
+__asm__(                                        \
   "addq   %1,%0    \n\t"                   \
   "setb   %%al     \n\t"                   \
   "movzbq %%al,%1 \n\t"                    \
@@ -200,13 +200,13 @@ asm(                                        \
 */

 #define MONT_START \
-   asm("movd %0,%%mm2"::"g"(mp))
+   __asm__("movd %0,%%mm2"::"g"(mp))

 #define MONT_FINI \
-   asm("emms")
+   __asm__("emms")

 #define LOOP_START          \
-asm(                        \
+__asm__(                        \
 "movd %0,%%mm1        \n\t" \
 "pxor %%mm3,%%mm3     \n\t" \
 "pmuludq %%mm2,%%mm1  \n\t" \
@@ -214,7 +214,7 @@ asm(                        \

 /* pmuludq on mmx registers does a 32x32->64 multiply. */
 #define INNERMUL               \
-asm(                           \
+__asm__(                           \
   "movd %1,%%mm4        \n\t" \
   "movd %2,%%mm0        \n\t" \
   "paddq %%mm4,%%mm3    \n\t" \
@@ -225,7 +225,7 @@ asm(                           \
 :"=g"(_c[LO]) : "0"(_c[LO]), "g"(*tmpm++) );

 #define INNERMUL8 \
-asm(                           \
+__asm__(                           \
   "movd 0(%1),%%mm4     \n\t" \
   "movd 0(%2),%%mm0     \n\t" \
   "paddq %%mm4,%%mm3    \n\t" \
@@ -295,10 +295,10 @@ asm(                           \
   pointer */

 #define LOOP_END \
-asm( "movd %%mm3,%0  \n" :"=r"(cy))
+__asm__( "movd %%mm3,%0  \n" :"=r"(cy))

 #define PROPCARRY                           \
-asm(                                        \
+__asm__(                                        \
   "addl   %1,%0    \n\t"                   \
   "setb   %%al     \n\t"                   \
   "movzbl %%al,%1 \n\t"                    \
@@ -317,7 +317,7 @@ asm(                                        \
   mu = c[x] * mp

 #define INNERMUL                    \
-asm(                                \
+__asm__(                                \
    " LDR    r0,%1            \n\t" \
    " ADDS   r0,r0,%0         \n\t" \
    " MOVCS  %0,#1            \n\t" \
@@ -327,7 +327,7 @@ asm(                                \
 :"=r"(cy),"=m"(_c[0]):"0"(cy),"r"(mu),"r"(*tmpm++),"1"(_c[0]):"r0","%cc");

 #define PROPCARRY                  \
-asm(                               \
+__asm__(                               \
    " LDR   r0,%1            \n\t" \
    " ADDS  r0,r0,%0         \n\t" \
    " STR   r0,%1            \n\t" \
@@ -345,7 +345,7 @@ asm(                               \
   mu = c[x] * mp

 #define INNERMUL                     \
-asm(                                 \
+__asm__(                                 \
   " mullw    16,%3,%4       \n\t"   \
   " mulhwu   17,%3,%4       \n\t"   \
   " addc     16,16,%0       \n\t"   \
@@ -357,7 +357,7 @@ asm(                                 \
 :"=r"(cy),"=m"(_c[0]):"0"(cy),"r"(mu),"r"(tmpm[0]),"1"(_c[0]):"16", "17", "18","%cc"); ++tmpm;

 #define PROPCARRY                    \
-asm(                                 \
+__asm__(                                 \
   " lwz      16,%1         \n\t"    \
   " addc     16,16,%0      \n\t"    \
   " stw      16,%1         \n\t"    \
@@ -375,7 +375,7 @@ asm(                                 \
   mu = c[x] * mp

 #define INNERMUL                     \
-asm(                                 \
+__asm__(                                 \
   " mulld    16,%3,%4       \n\t"   \
   " mulhdu   17,%3,%4       \n\t"   \
   " addc     16,16,%0       \n\t"   \
@@ -387,7 +387,7 @@ asm(                                 \
 :"=r"(cy),"=m"(_c[0]):"0"(cy),"r"(mu),"r"(tmpm[0]),"1"(_c[0]):"16", "17", "18","%cc"); ++tmpm;

 #define PROPCARRY                    \
-asm(                                 \
+__asm__(                                 \
   " ldx      16,0,%1       \n\t"    \
   " addc     16,16,%0      \n\t"    \
   " sdx      16,0,%1       \n\t"    \
@@ -407,7 +407,7 @@ asm(                                 \
   mu = c[x] * mp

 #define INNERMUL                    \
-asm(                                \
+__asm__(                                \
    " ld.w   r2,%1            \n\t" \
    " add    r2,%0            \n\t" \
    " eor    r3,r3            \n\t" \
@@ -418,7 +418,7 @@ asm(                                \
 :"=r"(cy),"=r"(_c):"0"(cy),"r"(mu),"r"(*tmpm++),"1"(_c):"r2","r3");

 #define PROPCARRY                    \
-asm(                                 \
+__asm__(                                 \
   " ld.w     r2,%1         \n\t"    \
   " add      r2,%0         \n\t"    \
   " st.w     %1,r2         \n\t"    \
@@ -475,7 +475,7 @@ asm(                                 \
 #define COMBA_FINI

 #define SQRADD(i, j)                                      \
-asm(                                            \
+__asm__(                                            \
     "movl  %6,%%eax     \n\t"                            \
     "mull  %%eax        \n\t"                            \
     "addl  %%eax,%0     \n\t"                            \
@@ -484,7 +484,7 @@ asm(                                            \
     :"=r"(c0), "=r"(c1), "=r"(c2): "0"(c0), "1"(c1), "2"(c2), "m"(i) :"%eax","%edx","%cc");

 #define SQRADD2(i, j)                                     \
-asm(                                            \
+__asm__(                                            \
     "movl  %6,%%eax     \n\t"                            \
     "mull  %7           \n\t"                            \
     "addl  %%eax,%0     \n\t"                            \
@@ -496,7 +496,7 @@ asm(                                            \
     :"=r"(c0), "=r"(c1), "=r"(c2): "0"(c0), "1"(c1), "2"(c2), "m"(i), "m"(j)  :"%eax","%edx", "%cc");

 #define SQRADDSC(i, j)                                    \
-asm(                                                     \
+__asm__(                                                     \
     "movl  %3,%%eax     \n\t"                            \
     "mull  %4           \n\t"                            \
     "movl  %%eax,%0     \n\t"                            \
@@ -507,7 +507,7 @@ asm(                                                     \
 /* TAO removed sc0,1,2 as input to remove warning so %6,%7 become %3,%4 */

 #define SQRADDAC(i, j)                                    \
-asm(                                                     \
+__asm__(                                                     \
     "movl  %6,%%eax     \n\t"                            \
     "mull  %7           \n\t"                            \
     "addl  %%eax,%0     \n\t"                            \
@@ -516,7 +516,7 @@ asm(                                                     \
     :"=r"(sc0), "=r"(sc1), "=r"(sc2): "0"(sc0), "1"(sc1), "2"(sc2), "g"(i), "g"(j) :"%eax","%edx","%cc");

 #define SQRADDDB                                          \
-asm(                                                     \
+__asm__(                                                     \
     "addl %6,%0         \n\t"                            \
     "adcl %7,%1         \n\t"                            \
     "adcl %8,%2         \n\t"                            \
@@ -545,7 +545,7 @@ asm(                                                     \
 #define COMBA_FINI

 #define SQRADD(i, j)                                      \
-asm(                                                     \
+__asm__(                                                     \
     "movq  %6,%%rax     \n\t"                            \
     "mulq  %%rax        \n\t"                            \
     "addq  %%rax,%0     \n\t"                            \
@@ -554,7 +554,7 @@ asm(                                                     \
     :"=r"(c0), "=r"(c1), "=r"(c2): "0"(c0), "1"(c1), "2"(c2), "g"(i) :"%rax","%rdx","%cc");

 #define SQRADD2(i, j)                                     \
-asm(                                                     \
+__asm__(                                                     \
     "movq  %6,%%rax     \n\t"                            \
     "mulq  %7           \n\t"                            \
     "addq  %%rax,%0     \n\t"                            \
@@ -566,7 +566,7 @@ asm(                                                     \
     :"=r"(c0), "=r"(c1), "=r"(c2): "0"(c0), "1"(c1), "2"(c2), "g"(i), "g"(j)  :"%rax","%rdx","%cc");

 #define SQRADDSC(i, j)                                    \
-asm(                                                     \
+__asm__(                                                     \
     "movq  %3,%%rax     \n\t"                            \
     "mulq  %4           \n\t"                            \
     "movq  %%rax,%0     \n\t"                            \
@@ -577,7 +577,7 @@ asm(                                                     \
 /* TAO removed sc0,1,2 as input to remove warning so %6,%7 become %3,%4 */

 #define SQRADDAC(i, j)                                                         \
-asm(                                                     \
+__asm__(                                                     \
     "movq  %6,%%rax     \n\t"                            \
     "mulq  %7           \n\t"                            \
     "addq  %%rax,%0     \n\t"                            \
@@ -586,7 +586,7 @@ asm(                                                     \
     :"=r"(sc0), "=r"(sc1), "=r"(sc2): "0"(sc0), "1"(sc1), "2"(sc2), "g"(i), "g"(j) :"%rax","%rdx","%cc");

 #define SQRADDDB                                          \
-asm(                                                     \
+__asm__(                                                     \
     "addq %6,%0         \n\t"                            \
     "adcq %7,%1         \n\t"                            \
     "adcq %8,%2         \n\t"                            \
@@ -613,10 +613,10 @@ asm(                                                     \
   do { c0 = c1; c1 = c2; c2 = 0; } while (0);

 #define COMBA_FINI \
-   asm("emms");
+   __asm__("emms");

 #define SQRADD(i, j)                                      \
-asm(                                            \
+__asm__(                                            \
     "movd  %6,%%mm0     \n\t"                            \
     "pmuludq %%mm0,%%mm0\n\t"                            \
     "movd  %%mm0,%%eax  \n\t"                            \
@@ -628,7 +628,7 @@ asm(                                            \
     :"=r"(c0), "=r"(c1), "=r"(c2): "0"(c0), "1"(c1), "2"(c2), "m"(i) :"%eax","%cc");

 #define SQRADD2(i, j)                                     \
-asm(                                            \
+__asm__(                                            \
     "movd  %6,%%mm0     \n\t"                            \
     "movd  %7,%%mm1     \n\t"                            \
     "pmuludq %%mm1,%%mm0\n\t"                            \
@@ -644,7 +644,7 @@ asm(                                            \
     :"=r"(c0), "=r"(c1), "=r"(c2): "0"(c0), "1"(c1), "2"(c2), "m"(i), "m"(j)  :"%eax","%edx","%cc");

 #define SQRADDSC(i, j)                                                         \
-asm(                                            \
+__asm__(                                            \
     "movd  %3,%%mm0     \n\t"                            \
     "movd  %4,%%mm1     \n\t"                            \
     "pmuludq %%mm1,%%mm0\n\t"                            \
@@ -657,7 +657,7 @@ asm(                                            \
 /* TAO removed sc0,1,2 as input to remove warning so %6,%7 become %3,%4 */

 #define SQRADDAC(i, j)                                                         \
-asm(                                            \
+__asm__(                                            \
     "movd  %6,%%mm0     \n\t"                            \
     "movd  %7,%%mm1     \n\t"                            \
     "pmuludq %%mm1,%%mm0\n\t"                            \
@@ -670,7 +670,7 @@ asm(                                            \
     :"=r"(sc0), "=r"(sc1), "=r"(sc2): "0"(sc0), "1"(sc1), "2"(sc2), "m"(i), "m"(j)  :"%eax","%edx","%cc");

 #define SQRADDDB                                          \
-asm(                                                     \
+__asm__(                                                     \
     "addl %6,%0         \n\t"                            \
     "adcl %7,%1         \n\t"                            \
     "adcl %8,%2         \n\t"                            \
@@ -701,7 +701,7 @@ asm(                                                     \

 /* multiplies point i and j, updates carry "c1" and digit c2 */
 #define SQRADD(i, j)                                             \
-asm(                                                             \
+__asm__(                                                             \
 "  UMULL  r0,r1,%6,%6              \n\t"                         \
 "  ADDS   %0,%0,r0                 \n\t"                         \
 "  ADCS   %1,%1,r1                 \n\t"                         \
@@ -710,7 +710,7 @@ asm(                                                             \
 	
 /* for squaring some of the terms are doubled... */
 #define SQRADD2(i, j)                                            \
-asm(                                                             \
+__asm__(                                                             \
 "  UMULL  r0,r1,%6,%7              \n\t"                         \
 "  ADDS   %0,%0,r0                 \n\t"                         \
 "  ADCS   %1,%1,r1                 \n\t"                         \
@@ -721,13 +721,13 @@ asm(                                                             \
 :"=r"(c0), "=r"(c1), "=r"(c2) : "0"(c0), "1"(c1), "2"(c2), "r"(i), "r"(j) : "r0", "r1", "%cc");

 #define SQRADDSC(i, j)                                           \
-asm(                                                             \
+__asm__(                                                             \
 "  UMULL  %0,%1,%6,%7              \n\t"                         \
 "  SUB    %2,%2,%2                 \n\t"                         \
 :"=r"(sc0), "=r"(sc1), "=r"(sc2) : "0"(sc0), "1"(sc1), "2"(sc2), "r"(i), "r"(j) : "%cc");

 #define SQRADDAC(i, j)                                           \
-asm(                                                             \
+__asm__(                                                             \
 "  UMULL  r0,r1,%6,%7              \n\t"                         \
 "  ADDS   %0,%0,r0                 \n\t"                         \
 "  ADCS   %1,%1,r1                 \n\t"                         \
@@ -735,7 +735,7 @@ asm(                                                             \
 :"=r"(sc0), "=r"(sc1), "=r"(sc2) : "0"(sc0), "1"(sc1), "2"(sc2), "r"(i), "r"(j) : "r0", "r1", "%cc");

 #define SQRADDDB                                                 \
-asm(                                                             \
+__asm__(                                                             \
 "  ADDS  %0,%0,%3                     \n\t"                      \
 "  ADCS  %1,%1,%4                     \n\t"                      \
 "  ADC   %2,%2,%5                     \n\t"                      \
@@ -766,7 +766,7 @@ asm(                                                             \

 /* multiplies point i and j, updates carry "c1" and digit c2 */
 #define SQRADD(i, j)             \
-asm(                             \
+__asm__(                             \
   " mullw  16,%6,%6       \n\t" \
   " addc   %0,%0,16       \n\t" \
   " mulhwu 16,%6,%6       \n\t" \
@@ -776,7 +776,7 @@ asm(                             \

 /* for squaring some of the terms are doubled... */
 #define SQRADD2(i, j)            \
-asm(                             \
+__asm__(                             \
   " mullw  16,%6,%7       \n\t" \
   " mulhwu 17,%6,%7       \n\t" \
   " addc   %0,%0,16       \n\t" \
@@ -788,14 +788,14 @@ asm(                             \
 :"=r"(c0), "=r"(c1), "=r"(c2):"0"(c0), "1"(c1), "2"(c2), "r"(i), "r"(j):"16", "17","%cc");

 #define SQRADDSC(i, j)            \
-asm(                              \
+__asm__(                              \
   " mullw  %0,%6,%7        \n\t" \
   " mulhwu %1,%6,%7        \n\t" \
   " xor    %2,%2,%2        \n\t" \
 :"=r"(sc0), "=r"(sc1), "=r"(sc2):"0"(sc0), "1"(sc1), "2"(sc2), "r"(i),"r"(j) : "%cc");

 #define SQRADDAC(i, j)           \
-asm(                             \
+__asm__(                             \
   " mullw  16,%6,%7       \n\t" \
   " addc   %0,%0,16       \n\t" \
   " mulhwu 16,%6,%7       \n\t" \
@@ -804,7 +804,7 @@ asm(                             \
 :"=r"(sc0), "=r"(sc1), "=r"(sc2):"0"(sc0), "1"(sc1), "2"(sc2), "r"(i), "r"(j):"16", "%cc");

 #define SQRADDDB                  \
-asm(                              \
+__asm__(                              \
   " addc   %0,%0,%3        \n\t" \
   " adde   %1,%1,%4        \n\t" \
   " adde   %2,%2,%5        \n\t" \
@@ -834,7 +834,7 @@ asm(                              \

 /* multiplies point i and j, updates carry "c1" and digit c2 */
 #define SQRADD(i, j)             \
-asm(                             \
+__asm__(                             \
   " mulld  16,%6,%6       \n\t" \
   " addc   %0,%0,16       \n\t" \
   " mulhdu 16,%6,%6       \n\t" \
@@ -844,7 +844,7 @@ asm(                             \

 /* for squaring some of the terms are doubled... */
 #define SQRADD2(i, j)            \
-asm(                             \
+__asm__(                             \
   " mulld  16,%6,%7       \n\t" \
   " mulhdu 17,%6,%7       \n\t" \
   " addc   %0,%0,16       \n\t" \
@@ -856,14 +856,14 @@ asm(                             \
 :"=r"(c0), "=r"(c1), "=r"(c2):"0"(c0), "1"(c1), "2"(c2), "r"(i), "r"(j):"16", "17","%cc");

 #define SQRADDSC(i, j)            \
-asm(                              \
+__asm__(                              \
   " mulld  %0,%6,%7        \n\t" \
   " mulhdu %1,%6,%7        \n\t" \
   " xor    %2,%2,%2        \n\t" \
 :"=r"(sc0), "=r"(sc1), "=r"(sc2):"0"(sc0), "1"(sc1), "2"(sc2), "r"(i),"r"(j) : "%cc");

 #define SQRADDAC(i, j)           \
-asm(                             \
+__asm__(                             \
   " mulld  16,%6,%7       \n\t" \
   " addc   %0,%0,16       \n\t" \
   " mulhdu 16,%6,%7       \n\t" \
@@ -872,7 +872,7 @@ asm(                             \
 :"=r"(sc0), "=r"(sc1), "=r"(sc2):"0"(sc0), "1"(sc1), "2"(sc2), "r"(i), "r"(j):"16", "%cc");

 #define SQRADDDB                  \
-asm(                              \
+__asm__(                              \
   " addc   %0,%0,%3        \n\t" \
   " adde   %1,%1,%4        \n\t" \
   " adde   %2,%2,%5        \n\t" \
@@ -904,7 +904,7 @@ asm(                              \

 /* multiplies point i and j, updates carry "c1" and digit c2 */
 #define SQRADD(i, j)             \
-asm(                             \
+__asm__(                             \
   " mulu.d r2,%6,%6       \n\t" \
   " add    %0,%0,r2       \n\t" \
   " adc    %1,%1,r3       \n\t" \
@@ -913,7 +913,7 @@ asm(                             \

 /* for squaring some of the terms are doubled... */
 #define SQRADD2(i, j)            \
-asm(                             \
+__asm__(                             \
   " mulu.d r2,%6,%7       \n\t" \
   " add    %0,%0,r2       \n\t" \
   " adc    %1,%1,r3       \n\t" \
@@ -924,7 +924,7 @@ asm(                             \
 :"=r"(c0), "=r"(c1), "=r"(c2):"0"(c0), "1"(c1), "2"(c2), "r"(i), "r"(j):"r2", "r3");

 #define SQRADDSC(i, j)            \
-asm(                              \
+__asm__(                              \
   " mulu.d r2,%6,%7        \n\t" \
   " mov    %0,r2           \n\t" \
   " mov    %1,r3           \n\t" \
@@ -932,7 +932,7 @@ asm(                              \
 :"=r"(sc0), "=r"(sc1), "=r"(sc2):"0"(sc0), "1"(sc1), "2"(sc2), "r"(i),"r"(j) : "r2", "r3");

 #define SQRADDAC(i, j)           \
-asm(                             \
+__asm__(                             \
   " mulu.d r2,%6,%7       \n\t" \
   " add    %0,%0,r2       \n\t" \
   " adc    %1,%1,r3       \n\t" \
@@ -940,7 +940,7 @@ asm(                             \
 :"=r"(sc0), "=r"(sc1), "=r"(sc2):"0"(sc0), "1"(sc1), "2"(sc2), "r"(i), "r"(j):"r2", "r3");

 #define SQRADDDB                  \
-asm(                              \
+__asm__(                              \
   " add    %0,%0,%3        \n\t" \
   " adc    %1,%1,%4        \n\t" \
   " adc    %2,%2,%5        \n\t" \
@@ -1059,7 +1059,7 @@ asm(                              \

 /* this should multiply i and j  */
 #define MULADD(i, j)                                      \
-asm(                                                      \
+__asm__(                                                      \
     "movl  %6,%%eax     \n\t"                            \
     "mull  %7           \n\t"                            \
     "addl  %%eax,%0     \n\t"                            \
@@ -1094,7 +1094,7 @@ asm(                                                      \

 /* this should multiply i and j  */
 #define MULADD(i, j)                                      \
-asm  (                                                    \
+__asm__  (                                                    \
     "movq  %6,%%rax     \n\t"                            \
     "mulq  %7           \n\t"                            \
     "addq  %%rax,%0     \n\t"                            \
@@ -1126,11 +1126,11 @@ asm  (                                                    \

 /* anything you need at the end */
 #define COMBA_FINI \
-   asm("emms");
+   __asm__("emms");

 /* this should multiply i and j  */
 #define MULADD(i, j)                                     \
-asm(                                                     \
+__asm__(                                                     \
    "movd  %6,%%mm0     \n\t"                            \
    "movd  %7,%%mm1     \n\t"                            \
    "pmuludq %%mm1,%%mm0\n\t"                            \
@@ -1162,7 +1162,7 @@ asm(                                                     \
 #define COMBA_FINI

 #define MULADD(i, j)                                          \
-asm(                                                          \
+__asm__(                                                          \
 "  UMULL  r0,r1,%6,%7           \n\t"                         \
 "  ADDS   %0,%0,r0              \n\t"                         \
 "  ADCS   %1,%1,r1              \n\t"                         \
@@ -1190,7 +1190,7 @@ asm(                                                          \
   
 /* untested: will mulhwu change the flags?  Docs say no */
 #define MULADD(i, j)              \
-asm(                              \
+__asm__(                              \
   " mullw  16,%6,%7       \n\t" \
   " addc   %0,%0,16       \n\t" \
   " mulhwu 16,%6,%7       \n\t" \
@@ -1219,7 +1219,7 @@ asm(                              \
   
 /* untested: will mulhwu change the flags?  Docs say no */
 #define MULADD(i, j)              \
-asm(                              \
+____asm__(                              \
   " mulld  16,%6,%7       \n\t" \
   " addc   %0,%0,16       \n\t" \
   " mulhdu 16,%6,%7       \n\t" \
@@ -1248,7 +1248,7 @@ asm(                              \
 #define COMBA_FINI 
   
 #define MULADD(i, j)             \
-asm(                             \
+____asm__(                             \
   " mulu.d r2,%6,%7        \n\t"\
   " add    %0,r2           \n\t"\
   " adc    %1,%1,r3        \n\t"\
--- a/ctaocrypt/src/asn.c
+++ b/ctaocrypt/src/asn.c
--- a/ctaocrypt/src/coding.c
+++ b/ctaocrypt/src/coding.c
@@ -54,6 +54,7 @@ int Base64_Decode(const byte* in, word32 inLen, byte* out, word32* outLen)
    word32 i = 0;
    word32 j = 0;
    word32 plainSz = inLen - ((inLen + (PEM_LINE_SZ - 1)) / PEM_LINE_SZ );
+    const byte maxIdx = (byte)sizeof(base64Decode) + 0x2B - 1;

    plainSz = (plainSz * 3 + 3) / 4;
    if (plainSz > *outLen) return BAD_FUNC_ARG;
@@ -75,6 +76,16 @@ int Base64_Decode(const byte* in, word32 inLen, byte* out, word32* outLen)
        if (e4 == PAD)
            pad4 = 1;

+        if (e1 < 0x2B || e2 < 0x2B || e3 < 0x2B || e4 < 0x2B) {
+            CYASSL_MSG("Bad Base64 Decode data, too small");
+            return ASN_INPUT_E;
+        }
+
+        if (e1 > maxIdx || e2 > maxIdx || e3 > maxIdx || e4 > maxIdx) {
+            CYASSL_MSG("Bad Base64 Decode data, too big");
+            return ASN_INPUT_E;
+        }
+
        e1 = base64Decode[e1 - 0x2B];
        e2 = base64Decode[e2 - 0x2B];
        e3 = (e3 == PAD) ? 0 : base64Decode[e3 - 0x2B];
@@ -251,4 +262,4 @@ int Base16_Decode(const byte* in, word32 inLen, byte* out, word32* outLen)
 }


-#endif  /* OPENSSL_EXTRA */
+#endif  /* defined(OPENSSL_EXTRA) || defined (SESSION_CERTS) || defined(CYASSL_KEY_GEN) || defined(CYASSL_CERT_GEN) || defined(HAVE_WEBSERVER) */
--- a/ctaocrypt/src/ecc.c
+++ b/ctaocrypt/src/ecc.c
--- a/ctaocrypt/src/error.c
+++ b/ctaocrypt/src/error.c
@@ -0,0 +1,283 @@
+/* error.c
+ *
+ * Copyright (C) 2006-2012 Sawtooth Consulting Ltd.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+ 
+#include <cyassl/ctaocrypt/error.h>
+
+#ifdef _MSC_VER
+    /* 4996 warning to use MS extensions e.g., strcpy_s instead of XSTRNCPY */
+    #pragma warning(disable: 4996)
+#endif
+
+
+void CTaoCryptErrorString(int error, char* buffer)
+{
+    const int max = MAX_ERROR_SZ;   /* shorthand */
+
+#ifdef NO_ERROR_STRINGS
+
+    (void)error;
+    XSTRNCPY(buffer, "no support for error strings built in", max);
+
+#else
+
+    switch (error) {
+
+    case OPEN_RAN_E :        
+        XSTRNCPY(buffer, "opening random device error", max);
+        break;
+
+    case READ_RAN_E :
+        XSTRNCPY(buffer, "reading random device error", max);
+        break;
+
+    case WINCRYPT_E :
+        XSTRNCPY(buffer, "windows crypt init error", max);
+        break;
+
+    case CRYPTGEN_E : 
+        XSTRNCPY(buffer, "windows crypt generation error", max);
+        break;
+
+    case RAN_BLOCK_E : 
+        XSTRNCPY(buffer, "random device read would block error", max);
+        break;
+
+    case MP_INIT_E :
+        XSTRNCPY(buffer, "mp_init error state", max);
+        break;
+
+    case MP_READ_E :
+        XSTRNCPY(buffer, "mp_read error state", max);
+        break;
+
+    case MP_EXPTMOD_E :
+        XSTRNCPY(buffer, "mp_exptmod error state", max);
+        break;
+
+    case MP_TO_E :
+        XSTRNCPY(buffer, "mp_to_xxx error state, can't convert", max);
+        break;
+
+    case MP_SUB_E :
+        XSTRNCPY(buffer, "mp_sub error state, can't subtract", max);
+        break;
+
+    case MP_ADD_E :
+        XSTRNCPY(buffer, "mp_add error state, can't add", max);
+        break;
+
+    case MP_MUL_E :
+        XSTRNCPY(buffer, "mp_mul error state, can't multiply", max);
+        break;
+
+    case MP_MULMOD_E :
+        XSTRNCPY(buffer, "mp_mulmod error state, can't multiply mod", max);
+        break;
+
+    case MP_MOD_E :
+        XSTRNCPY(buffer, "mp_mod error state, can't mod", max);
+        break;
+
+    case MP_INVMOD_E :
+        XSTRNCPY(buffer, "mp_invmod error state, can't inv mod", max);
+        break; 
+        
+    case MP_CMP_E :
+        XSTRNCPY(buffer, "mp_cmp error state", max);
+        break; 
+        
+    case MP_ZERO_E :
+        XSTRNCPY(buffer, "mp zero result, not expected", max);
+        break; 
+        
+    case MEMORY_E :
+        XSTRNCPY(buffer, "out of memory error", max);
+        break;
+
+    case RSA_WRONG_TYPE_E :
+        XSTRNCPY(buffer, "RSA wrong block type for RSA function", max);
+        break; 
+
+    case RSA_BUFFER_E :
+        XSTRNCPY(buffer, "RSA buffer error, output too small or input too big",
+                max);
+        break; 
+
+    case BUFFER_E :
+        XSTRNCPY(buffer, "Buffer error, output too small or input too big",max);
+        break; 
+
+    case ALGO_ID_E :
+        XSTRNCPY(buffer, "Setting Cert AlogID error", max);
+        break; 
+
+    case PUBLIC_KEY_E :
+        XSTRNCPY(buffer, "Setting Cert Public Key error", max);
+        break; 
+
+    case DATE_E :
+        XSTRNCPY(buffer, "Setting Cert Date validity error", max);
+        break; 
+
+    case SUBJECT_E :
+        XSTRNCPY(buffer, "Setting Cert Subject name error", max);
+        break; 
+
+    case ISSUER_E :
+        XSTRNCPY(buffer, "Setting Cert Issuer name error", max);
+        break; 
+
+    case CA_TRUE_E :
+        XSTRNCPY(buffer, "Setting basic constraint CA true error", max);
+        break; 
+
+    case EXTENSIONS_E :
+        XSTRNCPY(buffer, "Setting extensions error", max);
+        break; 
+
+    case ASN_PARSE_E :
+        XSTRNCPY(buffer, "ASN parsing error, invalid input", max);
+        break;
+
+    case ASN_VERSION_E :
+        XSTRNCPY(buffer, "ASN version error, invalid number", max);
+        break;
+
+    case ASN_GETINT_E :
+        XSTRNCPY(buffer, "ASN get big int error, invalid data", max);
+        break;
+
+    case ASN_RSA_KEY_E :
+        XSTRNCPY(buffer, "ASN key init error, invalid input", max);
+        break;
+
+    case ASN_OBJECT_ID_E :
+        XSTRNCPY(buffer, "ASN object id error, invalid id", max);
+        break;
+
+    case ASN_TAG_NULL_E :
+        XSTRNCPY(buffer, "ASN tag error, not null", max);
+        break;
+
+    case ASN_EXPECT_0_E :
+        XSTRNCPY(buffer, "ASN expect error, not zero", max);
+        break;
+
+    case ASN_BITSTR_E :
+        XSTRNCPY(buffer, "ASN bit string error, wrong id", max);
+        break;
+
+    case ASN_UNKNOWN_OID_E :
+        XSTRNCPY(buffer, "ASN oid error, unknown sum id", max);
+        break;
+
+    case ASN_DATE_SZ_E :
+        XSTRNCPY(buffer, "ASN date error, bad size", max);
+        break;
+
+    case ASN_BEFORE_DATE_E :
+        XSTRNCPY(buffer, "ASN date error, current date before", max);
+        break;
+
+    case ASN_AFTER_DATE_E :
+        XSTRNCPY(buffer, "ASN date error, current date after", max);
+        break;
+
+    case ASN_SIG_OID_E :
+        XSTRNCPY(buffer, "ASN signature error, mismatched oid", max);
+        break;
+
+    case ASN_TIME_E :
+        XSTRNCPY(buffer, "ASN time error, unkown time type", max);
+        break;
+
+    case ASN_INPUT_E :
+        XSTRNCPY(buffer, "ASN input error, not enough data", max);
+        break;
+
+    case ASN_SIG_CONFIRM_E :
+        XSTRNCPY(buffer, "ASN sig error, confirm failure", max);
+        break;
+
+    case ASN_SIG_HASH_E :
+        XSTRNCPY(buffer, "ASN sig error, unsupported hash type", max);
+        break;
+
+    case ASN_SIG_KEY_E :
+        XSTRNCPY(buffer, "ASN sig error, unsupported key type", max);
+        break;
+
+    case ASN_DH_KEY_E :
+        XSTRNCPY(buffer, "ASN key init error, invalid input", max);
+        break;
+
+    case ASN_NTRU_KEY_E :
+        XSTRNCPY(buffer, "ASN NTRU key decode error, invalid input", max);
+        break;
+
+    case ECC_BAD_ARG_E :
+        XSTRNCPY(buffer, "ECC input argument wrong type, invalid input", max);
+        break;
+
+    case ASN_ECC_KEY_E :
+        XSTRNCPY(buffer, "ECC ASN1 bad key data, invalid input", max);
+        break;
+
+    case ECC_CURVE_OID_E :
+        XSTRNCPY(buffer, "ECC curve sum OID unsupported, invalid input", max);
+        break;
+
+    case BAD_FUNC_ARG :
+        XSTRNCPY(buffer, "Bad function argument", max);
+        break;
+
+    case NOT_COMPILED_IN :
+        XSTRNCPY(buffer, "Feature not compiled in", max);
+        break;
+
+    case UNICODE_SIZE_E :
+        XSTRNCPY(buffer, "Unicode password too big", max);
+        break;
+
+    case NO_PASSWORD :
+        XSTRNCPY(buffer, "No password provided by user", max);
+        break;
+
+    case ALT_NAME_E :
+        XSTRNCPY(buffer, "Alt Name problem, too big", max);
+        break;
+
+    case AES_GCM_AUTH_E:
+        XSTRNCPY(buffer, "AES-GCM Authentication check fail", max);
+        break;
+
+    default:
+        XSTRNCPY(buffer, "unknown error number", max);
+
+    }
+
+#endif /* NO_ERROR_STRINGS */
+
+}
--- a/ctaocrypt/src/hmac.c
+++ b/ctaocrypt/src/hmac.c
@@ -34,7 +34,7 @@ static int InitHmac(Hmac* hmac, int type)
    hmac->innerHashKeyed = 0;
    hmac->macType = (byte)type;

-    if (!(type == MD5 || type == SHA || type == SHA256))
+    if (!(type == MD5 || type == SHA || type == SHA256 || type == SHA384))
        return BAD_FUNC_ARG;

    if (type == MD5)
@@ -45,6 +45,10 @@ static int InitHmac(Hmac* hmac, int type)
    else if (type == SHA256)
        InitSha256(&hmac->hash.sha256);
 #endif
+#ifdef CYASSL_SHA384
+    else if (type == SHA384)
+        InitSha384(&hmac->hash.sha384);
+#endif

    return 0;
 }
@@ -54,34 +58,60 @@ void HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length)
 {
    byte*  ip = (byte*) hmac->ipad;
    byte*  op = (byte*) hmac->opad;
-    word32 i;
+    word32 i, hmac_block_size = MD5_BLOCK_SIZE;

    InitHmac(hmac, type);

-    if (length <= HMAC_BLOCK_SIZE)
-        XMEMCPY(ip, key, length);
-    else {
-        if (hmac->macType == MD5) {
+    if (hmac->macType == MD5) {
+        if (length <= MD5_BLOCK_SIZE) {
+            XMEMCPY(ip, key, length);
+        }
+        else {
            Md5Update(&hmac->hash.md5, key, length);
            Md5Final(&hmac->hash.md5, ip);
            length = MD5_DIGEST_SIZE;
        }
-        else if (hmac->macType == SHA) {
+    }
+    else if (hmac->macType == SHA) {
+		hmac_block_size = SHA_BLOCK_SIZE;
+        if (length <= SHA_BLOCK_SIZE) {
+            XMEMCPY(ip, key, length);
+        }
+        else {
            ShaUpdate(&hmac->hash.sha, key, length);
            ShaFinal(&hmac->hash.sha, ip);
            length = SHA_DIGEST_SIZE;
        }
+    }
 #ifndef NO_SHA256
-        else if (hmac->macType == SHA256) {
+    else if (hmac->macType == SHA256) {
+		hmac_block_size = SHA256_BLOCK_SIZE;
+        if (length <= SHA256_BLOCK_SIZE) {
+            XMEMCPY(ip, key, length);
+        }
+        else {
            Sha256Update(&hmac->hash.sha256, key, length);
            Sha256Final(&hmac->hash.sha256, ip);
            length = SHA256_DIGEST_SIZE;
        }
-#endif
    }
-    XMEMSET(ip + length, 0, HMAC_BLOCK_SIZE - length);
+#endif
+#ifdef CYASSL_SHA384
+    else if (hmac->macType == SHA384) {
+        hmac_block_size = SHA384_BLOCK_SIZE;
+        if (length <= SHA384_BLOCK_SIZE) {
+            XMEMCPY(ip, key, length);
+        }
+        else {
+            Sha384Update(&hmac->hash.sha384, key, length);
+            Sha384Final(&hmac->hash.sha384, ip);
+            length = SHA384_DIGEST_SIZE;
+        }
+    }
+#endif
+    XMEMSET(ip + length, 0, hmac_block_size - length);

-    for(i = 0; i < HMAC_BLOCK_SIZE; i++) {
+    for(i = 0; i < hmac_block_size; i++) {
        op[i] = ip[i] ^ OPAD;
        ip[i] ^= IPAD;
    }
@@ -91,12 +121,16 @@ void HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length)
 static void HmacKeyInnerHash(Hmac* hmac)
 {
    if (hmac->macType == MD5)
-        Md5Update(&hmac->hash.md5, (byte*) hmac->ipad, HMAC_BLOCK_SIZE);
+        Md5Update(&hmac->hash.md5, (byte*) hmac->ipad, MD5_BLOCK_SIZE);
    else if (hmac->macType == SHA)
-        ShaUpdate(&hmac->hash.sha, (byte*) hmac->ipad, HMAC_BLOCK_SIZE);
+        ShaUpdate(&hmac->hash.sha, (byte*) hmac->ipad, SHA_BLOCK_SIZE);
 #ifndef NO_SHA256
    else if (hmac->macType == SHA256)
-        Sha256Update(&hmac->hash.sha256, (byte*) hmac->ipad, HMAC_BLOCK_SIZE);
+        Sha256Update(&hmac->hash.sha256, (byte*) hmac->ipad, SHA256_BLOCK_SIZE);
+#endif
+#ifdef CYASSL_SHA384
+    else if (hmac->macType == SHA384)
+        Sha384Update(&hmac->hash.sha384, (byte*) hmac->ipad, SHA384_BLOCK_SIZE);
 #endif

    hmac->innerHashKeyed = 1;
@@ -116,6 +150,10 @@ void HmacUpdate(Hmac* hmac, const byte* msg, word32 length)
    else if (hmac->macType == SHA256)
        Sha256Update(&hmac->hash.sha256, msg, length);
 #endif
+#ifdef CYASSL_SHA384
+    else if (hmac->macType == SHA384)
+        Sha384Update(&hmac->hash.sha384, msg, length);
+#endif

 }

@@ -128,30 +166,41 @@ void HmacFinal(Hmac* hmac, byte* hash)
    if (hmac->macType == MD5) {
        Md5Final(&hmac->hash.md5, (byte*) hmac->innerHash);

-        Md5Update(&hmac->hash.md5, (byte*) hmac->opad, HMAC_BLOCK_SIZE);
+        Md5Update(&hmac->hash.md5, (byte*) hmac->opad, MD5_BLOCK_SIZE);
        Md5Update(&hmac->hash.md5, (byte*) hmac->innerHash, MD5_DIGEST_SIZE);

        Md5Final(&hmac->hash.md5, hash);
    }
-    else if (hmac->macType ==SHA) {
+    else if (hmac->macType == SHA) {
        ShaFinal(&hmac->hash.sha, (byte*) hmac->innerHash);

-        ShaUpdate(&hmac->hash.sha, (byte*) hmac->opad, HMAC_BLOCK_SIZE);
+        ShaUpdate(&hmac->hash.sha, (byte*) hmac->opad, SHA_BLOCK_SIZE);
        ShaUpdate(&hmac->hash.sha, (byte*) hmac->innerHash, SHA_DIGEST_SIZE);

        ShaFinal(&hmac->hash.sha, hash);
    }
 #ifndef NO_SHA256
-    else if (hmac->macType ==SHA256) {
+    else if (hmac->macType == SHA256) {
        Sha256Final(&hmac->hash.sha256, (byte*) hmac->innerHash);

-        Sha256Update(&hmac->hash.sha256, (byte*) hmac->opad, HMAC_BLOCK_SIZE);
+        Sha256Update(&hmac->hash.sha256, (byte*) hmac->opad, SHA256_BLOCK_SIZE);
        Sha256Update(&hmac->hash.sha256, (byte*) hmac->innerHash,
                     SHA256_DIGEST_SIZE);

        Sha256Final(&hmac->hash.sha256, hash);
    }
 #endif
+#ifdef CYASSL_SHA384
+    else if (hmac->macType == SHA384) {
+        Sha384Final(&hmac->hash.sha384, (byte*) hmac->innerHash);
+
+        Sha384Update(&hmac->hash.sha384, (byte*) hmac->opad, SHA384_BLOCK_SIZE);
+        Sha384Update(&hmac->hash.sha384, (byte*) hmac->innerHash,
+                     SHA384_DIGEST_SIZE);
+
+        Sha384Final(&hmac->hash.sha384, hash);
+    }
+#endif

    hmac->innerHashKeyed = 0;
 }
--- a/ctaocrypt/src/integer.c
+++ b/ctaocrypt/src/integer.c
@@ -37,6 +37,11 @@

 #include <cyassl/ctaocrypt/integer.h>

+#ifndef NO_CYASSL_SMALL_STACK
+    #ifndef CYASSL_SMALL_STACK
+        #define CYASSL_SMALL_STACK
+    #endif
+#endif

 /* math settings check */
 word32 CheckRunTimeSettings(void)
@@ -116,6 +121,9 @@ mp_clear (mp_int * a)
 {
  int i;

+  if (a == NULL)
+      return;
+
  /* only do anything if a hasn't been freed previously */
  if (a->dp != NULL) {
    /* first zero the digits */
@@ -1857,7 +1865,7 @@ int mp_exptmod_fast (mp_int * G, mp_int * X, mp_int * P, mp_int * Y,
    }

    /* grab the next msb from the exponent */
-    y     = (mp_digit)(buf >> (DIGIT_BIT - 1)) & 1;
+    y     = (int)(buf >> (DIGIT_BIT - 1)) & 1;
    buf <<= (mp_digit)1;

    /* if the bit is zero and mode == 0 then we ignore it
@@ -2762,6 +2770,9 @@ int fast_s_mp_sqr (mp_int * a, mp_int * b)
    }
  }

+  if (pa > MP_WARRAY)
+    return MP_RANGE;  /* TAO range check */
+
 #ifdef CYASSL_SMALL_STACK
  W = (mp_digit*)XMALLOC(sizeof(mp_digit) * MP_WARRAY, 0, DYNAMIC_TYPE_BIGINT);
  if (W == NULL)    
@@ -2878,6 +2889,8 @@ int fast_s_mp_mul_digs (mp_int * a, mp_int * b, mp_int * c, int digs)

  /* number of output digits to produce */
  pa = MIN(digs, a->used + b->used);
+  if (pa > MP_WARRAY)
+    return MP_RANGE;  /* TAO range check */

 #ifdef CYASSL_SMALL_STACK
  W = (mp_digit*)XMALLOC(sizeof(mp_digit) * MP_WARRAY, 0, DYNAMIC_TYPE_BIGINT);
@@ -3260,7 +3273,7 @@ int s_mp_exptmod (mp_int * G, mp_int * X, mp_int * P, mp_int * Y, int redmode)
    }

    /* grab the next msb from the exponent */
-    y     = (buf >> (mp_digit)(DIGIT_BIT - 1)) & 1;
+    y     = (int)(buf >> (mp_digit)(DIGIT_BIT - 1)) & 1;
    buf <<= (mp_digit)1;

    /* if the bit is zero and mode == 0 then we ignore it
@@ -3598,6 +3611,9 @@ int fast_s_mp_mul_high_digs (mp_int * a, mp_int * b, mp_int * c, int digs)
    }
  }

+  if (pa > MP_WARRAY)
+    return MP_RANGE;  /* TAO range check */
+  
 #ifdef CYASSL_SMALL_STACK
  W = (mp_digit*)XMALLOC(sizeof(mp_digit) * MP_WARRAY, 0, DYNAMIC_TYPE_BIGINT);
  if (W == NULL)    
--- a/ctaocrypt/src/logging.c
+++ b/ctaocrypt/src/logging.c
@@ -88,7 +88,11 @@ void CyaSSL_Debugging_OFF(void)

 #ifdef DEBUG_CYASSL

-#include <stdio.h>   /* for default printf stuff */
+#ifdef FREESCALE_MQX
+    #include <fio.h>
+#else
+    #include <stdio.h>   /* for default printf stuff */
+#endif

 #ifdef THREADX
    int dc_log_printf(char*, ...);
--- a/ctaocrypt/src/md2.c
+++ b/ctaocrypt/src/md2.c
@@ -0,0 +1,129 @@
+/* md2.c
+ *
+ * Copyright (C) 2006-2012 Sawtooth Consulting Ltd.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#ifdef CYASSL_MD2
+
+#include <cyassl/ctaocrypt/md2.h>
+#ifdef NO_INLINE
+    #include <cyassl/ctaocrypt/misc.h>
+#else
+    #include <ctaocrypt/src/misc.c>
+#endif
+
+
+void InitMd2(Md2* md2)
+{
+    XMEMSET(md2->X, 0, MD2_X_SIZE);
+    XMEMSET(md2->C, 0, MD2_BLOCK_SIZE);
+    XMEMSET(md2->buffer, 0, MD2_BLOCK_SIZE);
+    md2->count = 0;
+}
+
+
+void Md2Update(Md2* md2, const byte* data, word32 len)
+{
+    static const byte S[256] = 
+    {
+        41, 46, 67, 201, 162, 216, 124, 1, 61, 54, 84, 161, 236, 240, 6,
+        19, 98, 167, 5, 243, 192, 199, 115, 140, 152, 147, 43, 217, 188,
+        76, 130, 202, 30, 155, 87, 60, 253, 212, 224, 22, 103, 66, 111, 24,
+        138, 23, 229, 18, 190, 78, 196, 214, 218, 158, 222, 73, 160, 251,
+        245, 142, 187, 47, 238, 122, 169, 104, 121, 145, 21, 178, 7, 63,
+        148, 194, 16, 137, 11, 34, 95, 33, 128, 127, 93, 154, 90, 144, 50,
+        39, 53, 62, 204, 231, 191, 247, 151, 3, 255, 25, 48, 179, 72, 165,
+        181, 209, 215, 94, 146, 42, 172, 86, 170, 198, 79, 184, 56, 210,
+        150, 164, 125, 182, 118, 252, 107, 226, 156, 116, 4, 241, 69, 157,
+        112, 89, 100, 113, 135, 32, 134, 91, 207, 101, 230, 45, 168, 2, 27,
+        96, 37, 173, 174, 176, 185, 246, 28, 70, 97, 105, 52, 64, 126, 15,
+        85, 71, 163, 35, 221, 81, 175, 58, 195, 92, 249, 206, 186, 197,
+        234, 38, 44, 83, 13, 110, 133, 40, 132, 9, 211, 223, 205, 244, 65,
+        129, 77, 82, 106, 220, 55, 200, 108, 193, 171, 250, 36, 225, 123,
+        8, 12, 189, 177, 74, 120, 136, 149, 139, 227, 99, 232, 109, 233,
+        203, 213, 254, 59, 0, 29, 57, 242, 239, 183, 14, 102, 88, 208, 228,
+        166, 119, 114, 248, 235, 117, 75, 10, 49, 68, 80, 180, 143, 237,
+        31, 26, 219, 153, 141, 51, 159, 17, 131, 20
+    };
+
+    while (len) {
+        word32 L = (MD2_PAD_SIZE - md2->count) < len ?
+                   (MD2_PAD_SIZE - md2->count) : len;
+        XMEMCPY(md2->buffer + md2->count, data, L);
+        md2->count += L;
+        data += L;
+        len  -= L;
+
+        if (md2->count == MD2_PAD_SIZE) {
+            int  i;
+            byte t;
+
+            md2->count = 0;
+            XMEMCPY(md2->X + MD2_PAD_SIZE, md2->buffer, MD2_PAD_SIZE);
+            t = md2->C[15];
+
+            for(i = 0; i < MD2_PAD_SIZE; i++) {
+                md2->X[32 + i] = md2->X[MD2_PAD_SIZE + i] ^ md2->X[i];
+                t = md2->C[i] ^= S[md2->buffer[i] ^ t];
+            }
+
+            t=0;
+            for(i = 0; i < 18; i++) {
+                int j;
+                for(j = 0; j < MD2_X_SIZE; j += 8) {
+                    t = md2->X[j+0] ^= S[t];
+                    t = md2->X[j+1] ^= S[t];
+                    t = md2->X[j+2] ^= S[t];
+                    t = md2->X[j+3] ^= S[t];
+                    t = md2->X[j+4] ^= S[t];
+                    t = md2->X[j+5] ^= S[t];
+                    t = md2->X[j+6] ^= S[t];
+                    t = md2->X[j+7] ^= S[t];
+                }
+                t = (t + i) & 0xFF;
+            }
+        }
+    }
+}
+
+
+void Md2Final(Md2* md2, byte* hash)
+{
+    byte   padding[MD2_BLOCK_SIZE];
+    word32 padLen = MD2_PAD_SIZE - md2->count;
+    word32 i;
+
+    for (i = 0; i < padLen; i++)
+        padding[i] = (byte)padLen;
+
+    Md2Update(md2, padding, padLen);
+    Md2Update(md2, md2->C, MD2_BLOCK_SIZE);
+
+    XMEMCPY(hash, md2->X, MD2_DIGEST_SIZE);
+
+    InitMd2(md2);
+}
+
+
+#endif /* CYASSL_MD2 */
--- a/ctaocrypt/src/misc.c
+++ b/ctaocrypt/src/misc.c
@@ -91,7 +91,7 @@ STATIC INLINE word32 ByteReverseWord32(word32 value)
 STATIC INLINE void ByteReverseWords(word32* out, const word32* in,
                                    word32 byteCount)
 {
-    word32 count = byteCount/sizeof(word32), i;
+    word32 count = byteCount/(word32)sizeof(word32), i;

    for (i = 0; i < count; i++)
        out[i] = ByteReverseWord32(in[i]);
@@ -132,7 +132,7 @@ STATIC INLINE word64 ByteReverseWord64(word64 value)
 STATIC INLINE void ByteReverseWords64(word64* out, const word64* in,
                                      word32 byteCount)
 {
-    word32 count = byteCount/sizeof(word64), i;
+    word32 count = byteCount/(word32)sizeof(word64), i;

    for (i = 0; i < count; i++)
        out[i] = ByteReverseWord64(in[i]);
--- a/ctaocrypt/src/pwdbased.c
+++ b/ctaocrypt/src/pwdbased.c
@@ -54,7 +54,7 @@ int PBKDF1(byte* output, const byte* passwd, int pLen, const byte* salt,
 {
    Md5  md5;
    Sha  sha;
-    int  hLen = (hashType == MD5) ? MD5_DIGEST_SIZE : SHA_DIGEST_SIZE;
+    int  hLen = (hashType == MD5) ? (int)MD5_DIGEST_SIZE : (int)SHA_DIGEST_SIZE;
    int  i;
    byte buffer[SHA_DIGEST_SIZE];  /* max size */

@@ -236,6 +236,16 @@ int PKCS12_PBKDF(byte* output, const byte* passwd, int passLen,const byte* salt,
        mp_int B1;

        if (hashType == MD5) {
+            Md5 md5;
+
+            InitMd5(&md5);
+            Md5Update(&md5, buffer, totalLen);
+            Md5Final(&md5, Ai);
+
+            for (i = 1; i < iterations; i++) {
+                Md5Update(&md5, Ai, u);
+                Md5Final(&md5, Ai);
+            }
        }
        else if (hashType == SHA) {
            Sha sha;
@@ -251,21 +261,44 @@ int PKCS12_PBKDF(byte* output, const byte* passwd, int passLen,const byte* salt,
        }
 #ifndef NO_SHA256
        else if (hashType == SHA256) {
+            Sha256 sha256;
+
+            InitSha256(&sha256);
+            Sha256Update(&sha256, buffer, totalLen);
+            Sha256Final(&sha256, Ai);
+
+            for (i = 1; i < iterations; i++) {
+                Sha256Update(&sha256, Ai, u);
+                Sha256Final(&sha256, Ai);
+            }
        }
 #endif
 #ifdef CYASSL_SHA512
        else if (hashType == SHA512) {
+            Sha512 sha512;
+
+            InitSha512(&sha512);
+            Sha512Update(&sha512, buffer, totalLen);
+            Sha512Final(&sha512, Ai);
+
+            for (i = 1; i < iterations; i++) {
+                Sha512Update(&sha512, Ai, u);
+                Sha512Final(&sha512, Ai);
+            }
        }
 #endif

        for (i = 0; i < (int)v; i++)
            B[i] = Ai[i % u];

-        mp_init(&B1);
-        if (mp_read_unsigned_bin(&B1, B, v) != MP_OKAY)
+        if (mp_init(&B1) != MP_OKAY)
+            ret = MP_INIT_E;
+        else if (mp_read_unsigned_bin(&B1, B, v) != MP_OKAY)
            ret = MP_READ_E;
-        else if (mp_add_d(&B1, (mp_digit)1, &B1) != MP_OKAY) {
+        else if (mp_add_d(&B1, (mp_digit)1, &B1) != MP_OKAY)
            ret = MP_ADD_E;
+
+        if (ret != 0) {
            mp_clear(&B1);
            break;
        }
@@ -275,9 +308,10 @@ int PKCS12_PBKDF(byte* output, const byte* passwd, int passLen,const byte* salt,
            mp_int i1;
            mp_int res;

-            mp_init(&i1);
-            mp_init(&res);
-
+            if (mp_init_multi(&i1, &res, NULL, NULL, NULL, NULL) != MP_OKAY) {
+                ret = MP_INIT_E;
+                break;
+            }
            if (mp_read_unsigned_bin(&i1, I + i, v) != MP_OKAY)
                ret = MP_READ_E;
            else if (mp_add(&i1, &B1, &res) != MP_OKAY)
--- a/ctaocrypt/src/rabbit.c
+++ b/ctaocrypt/src/rabbit.c
@@ -39,7 +39,7 @@
    #define LITTLE32(x) (x)
 #endif

-#define U32V(x) (word32)(x)
+#define U32V(x) ((word32)(x) & 0xFFFFFFFFU)


 /* Square a 32-bit unsigned integer to obtain the 64-bit result and return */
@@ -210,7 +210,7 @@ void RabbitProcess(Rabbit* ctx, byte* output, const byte* input, word32 msglen)
                   U32V(ctx->workCtx.x[1]<<16));

        /* Increment pointers and decrement length */
-        input += 16;
+        input  += 16;
        output += 16;
        msglen -= 16;
    }
@@ -219,25 +219,25 @@ void RabbitProcess(Rabbit* ctx, byte* output, const byte* input, word32 msglen)
    if (msglen) {

        word32 i;
-        word32 tmp[4];
-        byte*  buffer = (byte*)tmp;
+        byte   buffer[16];

        /* Iterate the system */
        RABBIT_next_state(&(ctx->workCtx));

        /* Generate 16 bytes of pseudo-random data */
-        tmp[0] = LITTLE32(ctx->workCtx.x[0] ^
+        *(word32*)(buffer+ 0) = LITTLE32(ctx->workCtx.x[0] ^
                  (ctx->workCtx.x[5]>>16) ^ U32V(ctx->workCtx.x[3]<<16));
-        tmp[1] = LITTLE32(ctx->workCtx.x[2] ^ 
+        *(word32*)(buffer+ 4) = LITTLE32(ctx->workCtx.x[2] ^ 
                  (ctx->workCtx.x[7]>>16) ^ U32V(ctx->workCtx.x[5]<<16));
-        tmp[2] = LITTLE32(ctx->workCtx.x[4] ^ 
+        *(word32*)(buffer+ 8) = LITTLE32(ctx->workCtx.x[4] ^ 
                  (ctx->workCtx.x[1]>>16) ^ U32V(ctx->workCtx.x[7]<<16));
-        tmp[3] = LITTLE32(ctx->workCtx.x[6] ^ 
+        *(word32*)(buffer+12) = LITTLE32(ctx->workCtx.x[6] ^ 
                  (ctx->workCtx.x[3]>>16) ^ U32V(ctx->workCtx.x[1]<<16));

        /* Encrypt/decrypt the data */
        for (i=0; i<msglen; i++)
-            output[i] = input[i] ^ buffer[i];
+            output[i] = input[i] ^ buffer[i];  /* scan-build thinks buffer[i] */
+                                               /* is garbage, it is not! */ 
    }
 }

--- a/ctaocrypt/src/random.c
+++ b/ctaocrypt/src/random.c
@@ -41,7 +41,9 @@
 #else
    #ifndef NO_DEV_RANDOM
        #include <fcntl.h>
-        #include <unistd.h>
+        #ifndef EBSNET
+            #include <unistd.h>
+        #endif
    #else
        /* include headers that may be needed to get good seed */
    #endif
@@ -101,7 +103,7 @@ int GenerateSeed(OS_Seed* os, byte* output, word32 sz)
 }


-#elif defined(THREADX)
+#elif defined(THREADX) || defined(EBSNET)

 #include "rtprand.h"   /* rtp_rand () */
 #include "rtptime.h"   /* rtp_get_system_msec() */
@@ -144,6 +146,67 @@ int GenerateSeed(OS_Seed* os, byte* output, word32 sz)
    return 0;
 }

+#elif defined(CYASSL_SAFERTOS)
+
+#warning "write a real random seed!!!!, just for testing now"
+
+int GenerateSeed(OS_Seed* os, byte* output, word32 sz)
+{
+    int i;
+    for (i = 0; i < sz; i++ )
+        output[i] = i;
+
+    return 0;
+}
+
+#elif defined(FREESCALE_MQX)
+
+    #ifdef FREESCALE_K70_RNGA
+        /*
+         * Generates a RNG seed using the Random Number Generator Accelerator
+         * on the Kinetis K70. Documentation located in Chapter 37 of
+         * K70 Sub-Family Reference Manual (see Note 3 in the README for link).
+         */
+        int GenerateSeed(OS_Seed* os, byte* output, word32 sz)
+        {
+            int i;
+
+            /* turn on RNGA module */
+            SIM_SCGC3 |= SIM_SCGC3_RNGA_MASK;
+
+            /* set SLP bit to 0 - "RNGA is not in sleep mode" */
+            RNG_CR &= ~RNG_CR_SLP_MASK;
+
+            /* set HA bit to 1 - "security violations masked" */
+            RNG_CR |= RNG_CR_HA_MASK;
+
+            /* set GO bit to 1 - "output register loaded with data" */
+            RNG_CR |= RNG_CR_GO_MASK;
+
+            for (i = 0; i < sz; i++) {
+
+                /* wait for RNG FIFO to be full */
+                while((RNG_SR & RNG_SR_OREG_LVL(0xF)) == 0) {}
+
+                /* get value */
+                output[i] = RNG_OR;
+            }
+
+            return 0;
+        }
+	#else
+        #warning "write a real random seed!!!!, just for testing now"
+
+        int GenerateSeed(OS_Seed* os, byte* output, word32 sz)
+        {
+            int i;
+            for (i = 0; i < sz; i++ )
+                output[i] = i;
+
+            return 0;
+        }
+	#endif /* FREESCALE_K70_RNGA */
+
 #elif defined(NO_DEV_RANDOM)

 #error "you need to write an os specific GenerateSeed() here"
@@ -166,7 +229,7 @@ int GenerateSeed(OS_Seed* os, byte* output, word32 sz)
    }

    while (sz) {
-        int len = read(os->fd, output, sz);
+        int len = (int)read(os->fd, output, sz);
        if (len == -1) { 
            ret = READ_RAN_E;
            break;
--- a/ctaocrypt/src/rsa.c
+++ b/ctaocrypt/src/rsa.c
@@ -24,13 +24,19 @@
    #include <config.h>
 #endif

+#ifndef NO_RSA
+
 #include <cyassl/ctaocrypt/rsa.h>
 #include <cyassl/ctaocrypt/random.h>
 #include <cyassl/ctaocrypt/error.h>
 #include <cyassl/ctaocrypt/logging.h>

 #ifdef SHOW_GEN
-    #include <stdio.h>
+    #ifdef FREESCALE_MQX
+        #include <fio.h>
+    #else
+        #include <stdio.h>
+    #endif
 #endif


@@ -496,7 +502,7 @@ int MakeRsaKey(RsaKey* key, int size, long e, RNG* rng)
        err = mp_init_multi(&key->n, &key->e, &key->d, &key->p, &key->q, NULL);

    if (err == MP_OKAY)
-        err = mp_init_multi(&key->dP, &key->dP, &key->u, NULL, NULL, NULL);
+        err = mp_init_multi(&key->dP, &key->dQ, &key->u, NULL, NULL, NULL);

    if (err == MP_OKAY)
        err = mp_sub_d(&p, 1, &tmp2);  /* tmp2 = p-1 */
@@ -553,5 +559,6 @@ int MakeRsaKey(RsaKey* key, int size, long e, RNG* rng)
 }


-#endif /* CYASLS_KEY_GEN */
+#endif /* CYASSL_KEY_GEN */

+#endif /* NO_RSA */
--- a/ctaocrypt/src/sha256.c
+++ b/ctaocrypt/src/sha256.c
@@ -81,7 +81,7 @@ static const word32 K[64] = {
 #define Ch(x,y,z)       (z ^ (x & (y ^ z)))
 #define Maj(x,y,z)      (((x | y) & z) | (x & y))
 #define S(x, n)         rotrFixed(x, n)
-#define R(x, n)         (((x)&0xFFFFFFFFL)>>(n))
+#define R(x, n)         (((x)&0xFFFFFFFFU)>>(n))
 #define Sigma0(x)       (S(x, 2) ^ S(x, 13) ^ S(x, 22))
 #define Sigma1(x)       (S(x, 6) ^ S(x, 11) ^ S(x, 25))
 #define Gamma0(x)       (S(x, 7) ^ S(x, 18) ^ R(x, 3))
--- a/ctaocrypt/src/tfm.c
+++ b/ctaocrypt/src/tfm.c
@@ -1005,7 +1005,7 @@ static int _fp_exptmod(fp_int * G, fp_int * X, fp_int * P, fp_int * Y)
    }

    /* grab the next msb from the exponent */
-    y     = (fp_digit)(buf >> (DIGIT_BIT - 1)) & 1;
+    y     = (int)(buf >> (DIGIT_BIT - 1)) & 1;
    buf <<= (fp_digit)1;

    /* do ops */
@@ -1107,7 +1107,7 @@ static int _fp_exptmod(fp_int * G, fp_int * X, fp_int * P, fp_int * Y)
    }

    /* grab the next msb from the exponent */
-    y     = (fp_digit)(buf >> (DIGIT_BIT - 1)) & 1;
+    y     = (int)(buf >> (DIGIT_BIT - 1)) & 1;
    buf <<= (fp_digit)1;

    /* if the bit is zero and mode == 0 then we ignore it
@@ -1548,7 +1548,7 @@ void fp_montgomery_calc_normalization(fp_int *a, fp_int *b)
 /* computes x/R == x (mod N) via Montgomery Reduction */
 void fp_montgomery_reduce(fp_int *a, fp_int *m, fp_digit mp)
 {
-   fp_digit c[FP_SIZE], *_c, *tmpm, mu;
+   fp_digit c[FP_SIZE], *_c, *tmpm, mu = 0;
   int      oldused, x, y, pa;

   /* bail if too large */
--- a/ctaocrypt/test/include.am
+++ b/ctaocrypt/test/include.am
@@ -5,5 +5,6 @@ noinst_PROGRAMS+= ctaocrypt/test/testctaocrypt
 ctaocrypt_test_testctaocrypt_SOURCES      = ctaocrypt/test/test.c
 ctaocrypt_test_testctaocrypt_LDADD        = src/libcyassl.la
 ctaocrypt_test_testctaocrypt_DEPENDENCIES = src/libcyassl.la
+noinst_HEADERS += ctaocrypt/test/test.h
 EXTRA_DIST += ctaocrypt/test/test.sln
 EXTRA_DIST += ctaocrypt/test/test.vcproj
--- a/ctaocrypt/test/test.c
+++ b/ctaocrypt/test/test.c
@@ -23,15 +23,12 @@
    #include <config.h>
 #endif

-#include <string.h>
-#include <stdio.h>
-#include <stdlib.h>
-
 #ifdef CYASSL_TEST_CERT
    #include <cyassl/ctaocrypt/asn.h>
 #else
    #include <cyassl/ctaocrypt/asn_public.h>
 #endif
+#include <cyassl/ctaocrypt/md2.h>
 #include <cyassl/ctaocrypt/md5.h>
 #include <cyassl/ctaocrypt/md4.h>
 #include <cyassl/ctaocrypt/sha.h>
@@ -70,6 +67,15 @@
    #include "crypto_ntru.h"
 #endif

+#include <string.h>
+#ifdef FREESCALE_MQX
+    #include <mqx.h>
+    #include <fio.h>
+#else
+    #include <stdio.h>
+#endif
+#include <stdlib.h>
+

 #ifdef THREADX
    /* since just testing, use THREADX log printf instead */
@@ -78,47 +84,56 @@
        #define printf dc_log_printf
 #endif

+#include "ctaocrypt/test/test.h"
+

 typedef struct testVector {
-    char*  input;
-    char*  output; 
+    const char*  input;
+    const char*  output; 
    size_t inLen;
    size_t outLen;
 } testVector;

-int  md5_test();
-int  md4_test();
-int  sha_test();
-int  sha256_test();
-int  sha512_test();
-int  sha384_test();
-int  hmac_test();
-int  arc4_test();
-int  hc128_test();
-int  rabbit_test();
-int  des_test();
-int  des3_test();
-int  aes_test();
-int  rsa_test();
-int  dh_test();
-int  dsa_test();
-int  random_test();
-int  pwdbased_test();
-int  ripemd_test();
-int  openssl_test();   /* test mini api */
+int  md2_test(void);
+int  md5_test(void);
+int  md4_test(void);
+int  sha_test(void);
+int  sha256_test(void);
+int  sha512_test(void);
+int  sha384_test(void);
+int  hmac_test(void);
+int  arc4_test(void);
+int  hc128_test(void);
+int  rabbit_test(void);
+int  des_test(void);
+int  des3_test(void);
+int  aes_test(void);
+int  aesgcm_test(void);
+int  rsa_test(void);
+int  dh_test(void);
+int  dsa_test(void);
+int  random_test(void);
+int  pwdbased_test(void);
+int  ripemd_test(void);
+int  openssl_test(void);   /* test mini api */
+int pbkdf1_test(void);
+int pkcs12_test(void);
+int pbkdf2_test(void);
 #ifdef HAVE_ECC
-    int  ecc_test();
+    int  ecc_test(void);
 #endif

 int PemToDer(const char* inName, const char* outName);


-void err_sys(const char* msg, int es)
+static void err_sys(const char* msg, int es)
 {
    printf("%s error = %d\n", msg, es);
 #ifndef THREADX
-    exit(es);
+    if (msg)
+        exit(es);
 #endif
+    return;
 }

 /* func_args from test.h, so don't have to pull in other junk */
@@ -135,18 +150,29 @@ void ctaocrypt_test(void* args)

    ((func_args*)args)->return_code = -1; /* error state */

+#if !defined(CYASSL_LEANPSK)
    if (CheckCtcSettings() != 1)
        err_sys("Build vs runtime math mismatch\n", -1234);

 #ifdef USE_FAST_MATH
    if (CheckFastMathSettings() != 1)
        err_sys("Build vs runtime fastmath FP_MAX_BITS mismatch\n", -1235);
-#endif
-    
+#endif /* USE_FAST_MATH */
+#endif /* !CYASSL_LEANPSK */
+
+#ifdef NO_MD5
    if ( (ret = md5_test()) ) 
        err_sys("MD5      test failed!\n", ret);
    else
        printf( "MD5      test passed!\n");
+#endif
+
+#ifdef CYASSL_MD2
+    if ( (ret = md2_test()) ) 
+        err_sys("MD2      test failed!\n", ret);
+    else
+        printf( "MD2      test passed!\n");
+#endif

 #ifndef NO_MD4
    if ( (ret = md4_test()) ) 
@@ -233,6 +259,13 @@ void ctaocrypt_test(void* args)
        err_sys("AES      test failed!\n", ret);
    else
        printf( "AES      test passed!\n");
+
+#ifdef HAVE_AESGCM
+    if ( (ret = aesgcm_test()) )
+        err_sys("AES-GCM  test failed!\n", ret);
+    else
+        printf( "AES-GCM  test passed!\n");
+#endif
 #endif

    if ( (ret = random_test()) )
@@ -240,10 +273,12 @@ void ctaocrypt_test(void* args)
    else
        printf( "RANDOM   test passed!\n");

+#ifndef NO_RSA
    if ( (ret = rsa_test()) ) 
        err_sys("RSA      test failed!\n", ret);
    else
        printf( "RSA      test passed!\n");
+#endif

 #ifndef NO_DH
    if ( (ret = dh_test()) ) 
@@ -301,7 +336,84 @@ void ctaocrypt_test(void* args)
 #endif /* NO_MAIN_DRIVER */


-int md5_test()
+#ifdef CYASSL_MD2
+int md2_test()
+{
+    Md2  md2;
+    byte hash[MD2_DIGEST_SIZE];
+
+    testVector a, b, c, d, e, f, g;
+    testVector test_md2[7];
+    int times = sizeof(test_md2) / sizeof(testVector), i;
+
+    a.input  = "";
+    a.output = "\x83\x50\xe5\xa3\xe2\x4c\x15\x3d\xf2\x27\x5c\x9f\x80\x69"
+               "\x27\x73";
+    a.inLen  = strlen(a.input);
+    a.outLen = strlen(a.output);
+
+    b.input  = "a";
+    b.output = "\x32\xec\x01\xec\x4a\x6d\xac\x72\xc0\xab\x96\xfb\x34\xc0"
+               "\xb5\xd1";
+    b.inLen  = strlen(b.input);
+    b.outLen = strlen(b.output);
+
+    c.input  = "abc";
+    c.output = "\xda\x85\x3b\x0d\x3f\x88\xd9\x9b\x30\x28\x3a\x69\xe6\xde"
+               "\xd6\xbb";
+    c.inLen  = strlen(c.input);
+    c.outLen = strlen(c.output);
+
+    d.input  = "message digest";
+    d.output = "\xab\x4f\x49\x6b\xfb\x2a\x53\x0b\x21\x9f\xf3\x30\x31\xfe"
+               "\x06\xb0";
+    d.inLen  = strlen(d.input);
+    d.outLen = strlen(d.output);
+
+    e.input  = "abcdefghijklmnopqrstuvwxyz";
+    e.output = "\x4e\x8d\xdf\xf3\x65\x02\x92\xab\x5a\x41\x08\xc3\xaa\x47"
+               "\x94\x0b";
+    e.inLen  = strlen(e.input);
+    e.outLen = strlen(e.output);
+
+    f.input  = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz012345"
+               "6789";
+    f.output = "\xda\x33\xde\xf2\xa4\x2d\xf1\x39\x75\x35\x28\x46\xc3\x03"
+               "\x38\xcd";
+    f.inLen  = strlen(f.input);
+    f.outLen = strlen(f.output);
+
+    g.input  = "1234567890123456789012345678901234567890123456789012345678"
+               "9012345678901234567890";
+    g.output = "\xd5\x97\x6f\x79\xd8\x3d\x3a\x0d\xc9\x80\x6c\x3c\x66\xf3"
+               "\xef\xd8";
+    g.inLen  = strlen(g.input);
+    g.outLen = strlen(g.output);
+
+    test_md2[0] = a;
+    test_md2[1] = b;
+    test_md2[2] = c;
+    test_md2[3] = d;
+    test_md2[4] = e;
+    test_md2[5] = f;
+    test_md2[6] = g;
+
+    InitMd2(&md2);
+
+    for (i = 0; i < times; ++i) {
+        Md2Update(&md2, (byte*)test_md2[i].input, (word32)test_md2[i].inLen);
+        Md2Final(&md2, hash);
+
+        if (memcmp(hash, test_md2[i].output, MD2_DIGEST_SIZE) != 0)
+            return -155 - i;
+    }
+
+    return 0;
+}
+#endif 
+
+
+int md5_test(void)
 {
    Md5  md5;
    byte hash[MD5_DIGEST_SIZE];
@@ -364,7 +476,7 @@ int md5_test()

 #ifndef NO_MD4

-int md4_test()
+int md4_test(void)
 {
    Md4  md4;
    byte hash[MD4_DIGEST_SIZE];
@@ -440,7 +552,7 @@ int md4_test()

 #endif /* NO_MD4 */

-int sha_test()
+int sha_test(void)
 {
    Sha  sha;
    byte hash[SHA_DIGEST_SIZE];
@@ -496,7 +608,7 @@ int sha_test()


 #ifdef CYASSL_RIPEMD
-int ripemd_test()
+int ripemd_test(void)
 {
    RipeMd  ripemd;
    byte hash[RIPEMD_DIGEST_SIZE];
@@ -552,7 +664,7 @@ int ripemd_test()


 #ifndef NO_SHA256
-int sha256_test()
+int sha256_test(void)
 {
    Sha256 sha;
    byte   hash[SHA256_DIGEST_SIZE];
@@ -594,7 +706,7 @@ int sha256_test()


 #ifdef CYASSL_SHA512
-int sha512_test()
+int sha512_test(void)
 {
    Sha512 sha;
    byte   hash[SHA512_DIGEST_SIZE];
@@ -641,7 +753,7 @@ int sha512_test()


 #ifdef CYASSL_SHA384
-int sha384_test()
+int sha384_test(void)
 {
    Sha384 sha;
    byte   hash[SHA384_DIGEST_SIZE];
@@ -686,7 +798,7 @@ int sha384_test()


 #ifndef NO_HMAC
-int hmac_test()
+int hmac_test(void)
 {
    Hmac hmac;
    byte hash[MD5_DIGEST_SIZE];
@@ -743,7 +855,7 @@ int hmac_test()
 #endif


-int arc4_test()
+int arc4_test(void)
 {
    byte cipher[16];
    byte plain[16];
@@ -808,7 +920,7 @@ int arc4_test()
 }


-int hc128_test()
+int hc128_test(void)
 {
 #ifdef HAVE_HC128
    byte cipher[16];
@@ -885,26 +997,30 @@ int hc128_test()


 #ifndef NO_RABBIT
-int rabbit_test()
+int rabbit_test(void)
 {
    byte cipher[16];
    byte plain[16];

-    const char* keys[] = 
+    const char* keys[] =   /* align with 3 extra bytes cause null is added */
    {           
-        "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
-        "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
+        "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+            "\x00\x00\x00",
+        "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+            "\x00\x00\x00",
        "\xAC\xC3\x51\xDC\xF1\x62\xFC\x3B\xFE\x36\x3D\x2E\x29\x13\x28\x91"
+            "\x00\x00\x00"
    };

-    const char* ivs[] =
+    const char* ivs[] = /* align with 3 extra bytes casue null is added */
    {
-        "\x00\x00\x00\x00\x00\x00\x00\x00",
-        "\x59\x7E\x26\xC1\x75\xF5\x73\xC3",
+        "\x00\x00\x00\x00\x00\x00\x00\x00"
+            "\x00\x00\x00",
+        "\x59\x7E\x26\xC1\x75\xF5\x73\xC3"
+            "\x00\x00\x00",
        0
    };

-
    testVector a, b, c;
    testVector test_rabbit[3];

@@ -953,7 +1069,7 @@ int rabbit_test()


 #ifndef NO_DES3
-int des_test()
+int des_test(void)
 {
    const byte vector[] = { /* "now is the time for all " w/o trailing 0 */
        0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
@@ -1002,7 +1118,7 @@ int des_test()


 #ifndef NO_DES3
-int des3_test()
+int des3_test(void)
 {
    const byte vector[] = { /* "Now is the time for all " w/o trailing 0 */
        0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
@@ -1055,7 +1171,7 @@ int des3_test()


 #ifndef NO_AES
-int aes_test()
+int aes_test(void)
 {
    Aes enc;
    Aes dec;
@@ -1129,9 +1245,9 @@ int aes_test()
            0x79,0x21,0x70,0xa0,0xf3,0x00,0x9c,0xee
        };

-        AesSetKey(&enc, ctrKey, AES_BLOCK_SIZE, ctrIv, AES_ENCRYPTION);
+        AesSetKeyDirect(&enc, ctrKey, AES_BLOCK_SIZE, ctrIv, AES_ENCRYPTION);
        /* Ctr only uses encrypt, even on key setup */
-        AesSetKey(&dec, ctrKey, AES_BLOCK_SIZE, ctrIv, AES_ENCRYPTION);
+        AesSetKeyDirect(&dec, ctrKey, AES_BLOCK_SIZE, ctrIv, AES_ENCRYPTION);

        AesCtrEncrypt(&enc, cipher, ctrPlain, AES_BLOCK_SIZE*4);
        AesCtrEncrypt(&dec, plain, cipher, AES_BLOCK_SIZE*4);
@@ -1146,10 +1262,103 @@ int aes_test()

    return 0;
 }
+
+#ifdef HAVE_AESGCM
+int aesgcm_test(void)
+{
+    Aes enc;
+
+    /*
+     * This is Test Case 16 from the document Galois/
+     * Counter Mode of Operation (GCM) by McGrew and
+     * Viega.
+     */
+    const byte k[] =
+    {
+        0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
+        0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
+        0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
+        0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
+    };
+
+    const byte iv[] =
+    {
+        0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
+        0xde, 0xca, 0xf8, 0x88, 0x00, 0x00, 0x00, 0x00
+    };
+    
+    const byte p[] =
+    {
+        0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
+        0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
+        0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
+        0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
+        0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
+        0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
+        0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
+        0xba, 0x63, 0x7b, 0x39
+    };
+    
+    const byte a[] =
+    {
+        0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
+        0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
+        0xab, 0xad, 0xda, 0xd2
+    };
+    
+    const byte c[] =
+    {
+        0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07,
+        0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d,
+        0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
+        0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa,
+        0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d,
+        0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
+        0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a,
+        0xbc, 0xc9, 0xf6, 0x62
+    };
+
+    const byte t[] =
+    {
+        0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68,
+        0xcd, 0xdf, 0x88, 0x53, 0xbb, 0x2d, 0x55, 0x1b
+    };
+
+    byte t2[16];
+    byte p2[60];
+    byte c2[60];
+
+    int result;
+
+    memset(t2, 0, 16);
+    memset(c2, 0, 60);
+    memset(p2, 0, 60);
+
+    AesGcmSetKey(&enc, k, sizeof(k), iv);
+    AesGcmSetExpIV(&enc, iv + /*AES_GCM_IMP_IV_SZ*/ 4);
+    /* AES-GCM encrypt and decrypt both use AES encrypt internally */
+    AesGcmEncrypt(&enc, c2, p, sizeof(c2), t2, sizeof(t2), a, sizeof(a));
+    if (memcmp(c, c2, sizeof(c2)))
+        return -68;
+    if (memcmp(t, t2, sizeof(t2)))
+        return -69;
+
+    result = AesGcmDecrypt(&enc,
+                        p2, c2, sizeof(p2), t2, sizeof(t2), a, sizeof(a));
+    if (result != 0)
+        return -70;
+    if (memcmp(p, p2, sizeof(p2)))
+        return -71;
+
+    return 0;
+}
+#endif /* HAVE_AESGCM */
+
+
 #endif /* NO_AES */


-int random_test()
+int random_test(void)
 {
    RNG  rng;
    byte block[32];
@@ -1162,17 +1371,11 @@ int random_test()
 }


-static const char* clientKey  = "./certs/client-key.der";
-static const char* clientCert = "./certs/client-cert.der";
-#ifdef CYASSL_CERT_GEN
-    static const char* caKeyFile  = "./certs/ca-key.der";
-    static const char* caCertFile = "./certs/ca-cert.pem";
-#endif
-
-
 #ifdef HAVE_NTRU

-static byte GetEntropy(ENTROPY_CMD cmd, byte* out)
+byte GetEntropy(ENTROPY_CMD cmd, byte* out);
+
+byte GetEntropy(ENTROPY_CMD cmd, byte* out)
 {
    static RNG rng;

@@ -1202,10 +1405,30 @@ static byte GetEntropy(ENTROPY_CMD cmd, byte* out)

 #endif /* HAVE_NTRU */

-int rsa_test()
+#ifndef NO_RSA
+
+#ifdef FREESCALE_MQX
+    static const char* clientKey  = "a:\certs\\client-key.der";
+    static const char* clientCert = "a:\certs\\client-cert.der";
+    #ifdef CYASSL_CERT_GEN
+        static const char* caKeyFile  = "a:\certs\\ca-key.der";
+        static const char* caCertFile = "a:\certs\\ca-cert.pem";
+    #endif
+    #else
+    static const char* clientKey  = "./certs/client-key.der";
+    static const char* clientCert = "./certs/client-cert.der";
+    #ifdef CYASSL_CERT_GEN
+        static const char* caKeyFile  = "./certs/ca-key.der";
+        static const char* caCertFile = "./certs/ca-cert.pem";
+    #endif
+#endif
+
+#define FOURK_BUF 4096
+
+int rsa_test(void)
 {
-    byte   tmp[2048], tmp2[2048];
-    size_t bytes, bytes2;
+    byte*   tmp;
+    size_t bytes;
    RsaKey key;
    RNG    rng;
    word32 idx = 0;
@@ -1214,17 +1437,22 @@ int rsa_test()
    word32 inLen = (word32)strlen((char*)in);
    byte   out[256];
    byte   plain[256];
+    FILE*  file, * file2;
 #ifdef CYASSL_TEST_CERT
    DecodedCert cert;
 #endif

-    FILE*  file = fopen(clientKey, "rb"), * file2;
+    tmp = (byte*)malloc(FOURK_BUF);
+    if (tmp == NULL)
+        return -40;
+
+    file = fopen(clientKey, "rb");

    if (!file)
        err_sys("can't open ./certs/client-key.der, "
                "Please run from CyaSSL home dir", -40);

-    bytes = fread(tmp, 1, sizeof(tmp), file);
+    bytes = fread(tmp, 1, FOURK_BUF, file);
  
    InitRsaKey(&key, 0);  
    ret = RsaPrivateKeyDecode(tmp, &idx, &key, (word32)bytes);
@@ -1254,10 +1482,10 @@ int rsa_test()
    if (!file2)
        return -49;

-    bytes2 = fread(tmp2, 1, sizeof(tmp2), file2);
+    bytes = fread(tmp, 1, FOURK_BUF, file2);

 #ifdef CYASSL_TEST_CERT
-    InitDecodedCert(&cert, (byte*)&tmp2, (word32)bytes2, 0);
+    InitDecodedCert(&cert, tmp, (word32)bytes, 0);

    ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, 0);
    if (ret != 0) return -491;
@@ -1270,10 +1498,10 @@ int rsa_test()

 #ifdef CYASSL_KEY_GEN
    {
-        byte   der[4096];
-        byte   pem[4096];
-        word32 derSz = 0;
-        word32 pemSz = 0;
+        byte*  der;
+        byte*  pem;
+        int    derSz = 0;
+        int    pemSz = 0;
        RsaKey derIn;
        RsaKey genKey;
        FILE* keyFile;
@@ -1284,24 +1512,31 @@ int rsa_test()
        if (ret != 0)
            return -301;

-        derSz = RsaKeyToDer(&genKey, der, sizeof(der));
+        der = (byte*)malloc(FOURK_BUF);
+        if (der == NULL)
+            return -307;
+        pem = (byte*)malloc(FOURK_BUF);
+        if (pem == NULL)
+            return -308;
+
+        derSz = RsaKeyToDer(&genKey, der, FOURK_BUF);
        if (derSz < 0)
            return -302;

        keyFile = fopen("./key.der", "wb");
        if (!keyFile)
            return -303;
-        ret = fwrite(der, derSz, 1, keyFile);
+        ret = (int)fwrite(der, derSz, 1, keyFile);
        fclose(keyFile);

-        pemSz = DerToPem(der, derSz, pem, sizeof(pem), PRIVATEKEY_TYPE);
+        pemSz = DerToPem(der, derSz, pem, FOURK_BUF, PRIVATEKEY_TYPE);
        if (pemSz < 0)
            return -304;

        pemFile = fopen("./key.pem", "wb");
        if (!pemFile) 
            return -305;
-        ret = fwrite(pem, pemSz, 1, pemFile);
+        ret = (int)fwrite(pem, pemSz, 1, pemFile);
        fclose(pemFile);

        InitRsaKey(&derIn, 0);
@@ -1312,6 +1547,8 @@ int rsa_test()

        FreeRsaKey(&derIn);
        FreeRsaKey(&genKey);
+        free(pem);
+        free(der);
    }
 #endif /* CYASSL_KEY_GEN */

@@ -1320,8 +1557,8 @@ int rsa_test()
    /* self signed */
    {
        Cert        myCert;
-        byte        derCert[4096];
-        byte        pem[4096];
+        byte*       derCert;
+        byte*       pem;
        FILE*       derFile;
        FILE*       pemFile;
        int         certSz;
@@ -1330,6 +1567,13 @@ int rsa_test()
        DecodedCert decode;
 #endif

+        derCert = (byte*)malloc(FOURK_BUF);
+        if (derCert == NULL)
+            return -309;
+        pem = (byte*)malloc(FOURK_BUF);
+        if (pem == NULL)
+            return -310;
+
        InitCert(&myCert);

        strncpy(myCert.subject.country, "US", CTC_NAME_SIZE);
@@ -1342,7 +1586,7 @@ int rsa_test()
        myCert.isCA    = 1;
        myCert.sigType = CTC_SHA256wRSA;

-        certSz = MakeSelfCert(&myCert, derCert, sizeof(derCert), &key, &rng); 
+        certSz = MakeSelfCert(&myCert, derCert, FOURK_BUF, &key, &rng); 
        if (certSz < 0)
            return -401;

@@ -1356,47 +1600,54 @@ int rsa_test()
        derFile = fopen("./cert.der", "wb");
        if (!derFile)
            return -403;
-        ret = fwrite(derCert, certSz, 1, derFile);
+        ret = (int)fwrite(derCert, certSz, 1, derFile);
        fclose(derFile);

-        pemSz = DerToPem(derCert, certSz, pem, sizeof(pem), CERT_TYPE);
+        pemSz = DerToPem(derCert, certSz, pem, FOURK_BUF, CERT_TYPE);
        if (pemSz < 0)
            return -404;

        pemFile = fopen("./cert.pem", "wb");
        if (!pemFile)
            return -405;
-        ret = fwrite(pem, pemSz, 1, pemFile);
+        ret = (int)fwrite(pem, pemSz, 1, pemFile);
        fclose(pemFile);
-
-
+        free(pem);
+        free(derCert);
    }
    /* CA style */
    {
        RsaKey      caKey;
        Cert        myCert;
-        byte        derCert[4096];
-        byte        pem[4096];
+        byte*       derCert;
+        byte*       pem;
        FILE*       derFile;
        FILE*       pemFile;
        int         certSz;
        int         pemSz;
-        byte        tmp[2048];
-        size_t      bytes;
-        word32      idx = 0;
+        size_t      bytes3;
+        word32      idx3 = 0;
 #ifdef CYASSL_TEST_CERT
        DecodedCert decode;
 #endif

-        FILE*  file = fopen(caKeyFile, "rb");
+        derCert = (byte*)malloc(FOURK_BUF);
+        if (derCert == NULL)
+            return -311;
+        pem = (byte*)malloc(FOURK_BUF);
+        if (pem == NULL)
+            return -312;

-        if (!file)
+        FILE* file3 = fopen(caKeyFile, "rb");
+
+        if (!file3)
            return -412;

-        bytes = fread(tmp, 1, sizeof(tmp), file);
+        bytes3 = fread(tmp, 1, FOURK_BUF, file3);
+        fclose(file3);
  
        InitRsaKey(&caKey, 0);  
-        ret = RsaPrivateKeyDecode(tmp, &idx, &caKey, (word32)bytes);
+        ret = RsaPrivateKeyDecode(tmp, &idx3, &caKey, (word32)bytes3);
        if (ret != 0) return -413;

        InitCert(&myCert);
@@ -1413,11 +1664,11 @@ int rsa_test()
        if (ret < 0)
            return -405;

-        certSz = MakeCert(&myCert, derCert, sizeof(derCert), &key, &rng); 
+        certSz = MakeCert(&myCert, derCert, FOURK_BUF, &key, &rng); 
        if (certSz < 0)
            return -407;

-        certSz = SignCert(&myCert, derCert, sizeof(derCert), &caKey, &rng);
+        certSz = SignCert(&myCert, derCert, FOURK_BUF, &caKey, &rng);
        if (certSz < 0)
            return -408;

@@ -1433,37 +1684,45 @@ int rsa_test()
        derFile = fopen("./othercert.der", "wb");
        if (!derFile)
            return -410;
-        ret = fwrite(derCert, certSz, 1, derFile);
+        ret = (int)fwrite(derCert, certSz, 1, derFile);
        fclose(derFile);

-        pemSz = DerToPem(derCert, certSz, pem, sizeof(pem), CERT_TYPE);
+        pemSz = DerToPem(derCert, certSz, pem, FOURK_BUF, CERT_TYPE);
        if (pemSz < 0)
            return -411;

        pemFile = fopen("./othercert.pem", "wb");
        if (!pemFile)
            return -412;
-        ret = fwrite(pem, pemSz, 1, pemFile);
+        ret = (int)fwrite(pem, pemSz, 1, pemFile);
        fclose(pemFile);
+        free(pem);
+        free(derCert);
+        FreeRsaKey(&caKey);
    }
 #ifdef HAVE_NTRU
    {
        RsaKey      caKey;
        Cert        myCert;
-        byte        derCert[4096];
-        byte        pem[4096];
+        byte*       derCert;
+        byte*       pem;
        FILE*       derFile;
        FILE*       pemFile;
        FILE*       caFile;
        FILE*       ntruPrivFile;
        int         certSz;
        int         pemSz;
-        byte        tmp[2048];
        size_t      bytes;
        word32      idx = 0;
 #ifdef CYASSL_TEST_CERT
        DecodedCert decode;
 #endif
+        derCert = (byte*)malloc(FOURK_BUF);
+        if (derCert == NULL)
+            return -311;
+        pem = (byte*)malloc(FOURK_BUF);
+        if (pem == NULL)
+            return -312;

        byte   public_key[557];          /* sized for EES401EP2 */
        word16 public_key_len;           /* no. of octets in public key */
@@ -1495,7 +1754,7 @@ int rsa_test()
        if (!caFile)
            return -453;

-        bytes = fread(tmp, 1, sizeof(tmp), caFile);
+        bytes = fread(tmp, 1, FOURK_BUF, caFile);
        fclose(caFile);
  
        InitRsaKey(&caKey, 0);  
@@ -1516,12 +1775,12 @@ int rsa_test()
        if (ret < 0)
            return -455;

-        certSz = MakeNtruCert(&myCert, derCert, sizeof(derCert), public_key,
+        certSz = MakeNtruCert(&myCert, derCert, FOURK_BUF, public_key,
                              public_key_len, &rng); 
        if (certSz < 0)
            return -456;

-        certSz = SignCert(&myCert, derCert, sizeof(derCert), &caKey, &rng);
+        certSz = SignCert(&myCert, derCert, FOURK_BUF, &caKey, &rng);
        if (certSz < 0)
            return -457;

@@ -1539,7 +1798,7 @@ int rsa_test()
        ret = fwrite(derCert, certSz, 1, derFile);
        fclose(derFile);

-        pemSz = DerToPem(derCert, certSz, pem, sizeof(pem), CERT_TYPE);
+        pemSz = DerToPem(derCert, certSz, pem, FOURK_BUF, CERT_TYPE);
        if (pemSz < 0)
            return -460;

@@ -1554,21 +1813,31 @@ int rsa_test()
            return -462;
        ret = fwrite(private_key, private_key_len, 1, ntruPrivFile);
        fclose(ntruPrivFile);
+        free(pem);
+        free(derCert);
+        FreeRsaKey(&caKey);
    }
 #endif /* HAVE_NTRU */
 #endif /* CYASSL_CERT_GEN */

    FreeRsaKey(&key);
+    free(tmp);

    return 0;
 }

+#endif

-static const char* dhKey = "./certs/dh2048.der";

 #ifndef NO_DH

-int dh_test()
+#ifdef FREESCALE_MQX
+    static const char* dhKey = "a:\certs\\dh2048.der";
+#else
+    static const char* dhKey = "./certs/dh2048.der";
+#endif
+
+int dh_test(void)
 {
    int    ret;
    word32 bytes;
@@ -1628,11 +1897,15 @@ int dh_test()
 #endif /* NO_DH */


-static const char* dsaKey = "./certs/dsa2048.der";
-
 #ifndef NO_DSA

-int dsa_test()
+#ifdef FREESCALE_MQX
+    static const char* dsaKey = "a:\certs\\dsa2048.der";
+#else
+    static const char* dsaKey = "./certs/dsa2048.der";
+#endif
+
+int dsa_test(void)
 {
    int    ret, answer;
    word32 bytes;
@@ -1679,7 +1952,7 @@ int dsa_test()

 #ifdef OPENSSL_EXTRA

-int openssl_test()
+int openssl_test(void)
 {
    EVP_MD_CTX md_ctx;
    testVector a, b, c, d, e, f;
@@ -1901,7 +2174,7 @@ int openssl_test()

 #ifndef NO_PWDBASED

-int pkcs12_test()
+int pkcs12_test(void)
 {
    const byte passwd[] = { 0x00, 0x73, 0x00, 0x6d, 0x00, 0x65, 0x00, 0x67,
                            0x00, 0x00 }; 
@@ -1943,7 +2216,7 @@ int pkcs12_test()
 }


-int pbkdf2_test()
+int pbkdf2_test(void)
 {
    char passwd[] = "password";
    const byte salt[] = { 0x78, 0x57, 0x8E, 0x5a, 0x5d, 0x63, 0xcb, 0x06 };
@@ -1957,8 +2230,8 @@ int pbkdf2_test()

    };

-    PBKDF2(derived, (byte*)passwd, strlen(passwd), salt, 8, iterations, kLen,
-           SHA);
+    PBKDF2(derived, (byte*)passwd, (int)strlen(passwd), salt, 8, iterations,
+           kLen, SHA);

    if (memcmp(derived, verify, sizeof(verify)) != 0)
        return -102;
@@ -1967,7 +2240,7 @@ int pbkdf2_test()
 }


-int pbkdf1_test()
+int pbkdf1_test(void)
 {
    char passwd[] = "password";
    const byte salt[] = { 0x78, 0x57, 0x8E, 0x5a, 0x5d, 0x63, 0xcb, 0x06 };
@@ -1980,8 +2253,8 @@ int pbkdf1_test()
        0x4A, 0x3D, 0x2A, 0x20
    };

-    PBKDF1(derived, (byte*)passwd, strlen(passwd), salt, 8, iterations, kLen,
-           SHA);
+    PBKDF1(derived, (byte*)passwd, (int)strlen(passwd), salt, 8, iterations,
+           kLen, SHA);

    if (memcmp(derived, verify, sizeof(verify)) != 0)
        return -101;
@@ -1990,7 +2263,7 @@ int pbkdf1_test()
 }


-int pwdbased_test()
+int pwdbased_test(void)
 {
   int ret =  pbkdf1_test();
   ret += pbkdf2_test();
@@ -2003,7 +2276,7 @@ int pwdbased_test()

 #ifdef HAVE_ECC

-int ecc_test()
+int ecc_test(void)
 {
    RNG     rng;
    byte    sharedA[1024];
@@ -2064,7 +2337,7 @@ int ecc_test()
        return -1010;

    /* test DSA sign hash */
-    for (i = 0; i < sizeof(digest); i++)
+    for (i = 0; i < (int)sizeof(digest); i++)
        digest[i] = i;

    x = sizeof(sig);
--- a/ctaocrypt/test/test.h
+++ b/ctaocrypt/test/test.h
@@ -0,0 +1,33 @@
+/* ctaocrypt/test/test.h
+ *
+ * Copyright (C) 2006-2012 Sawtooth Consulting Ltd.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+#pragma once
+
+#ifdef __cplusplus
+    extern "C" {
+#endif
+
+void ctaocrypt_test(void* args);
+
+#ifdef __cplusplus
+    }  /* extern "C" */
+#endif
+
--- a/cyassl-ntru.vcproj
+++ b/cyassl-ntru.vcproj
@@ -182,6 +182,10 @@
 				RelativePath=".\ctaocrypt\src\dsa.c"
 				>
 			</File>
+			<File
+				RelativePath=".\ctaocrypt\src\error.c"
+				>
+			</File>
 			<File
 				RelativePath=".\ctaocrypt\src\hc128.c"
 				>
--- a/cyassl.vcproj
+++ b/cyassl.vcproj
@@ -178,6 +178,10 @@
 				RelativePath=".\ctaocrypt\src\dsa.c"
 				>
 			</File>
+			<File
+				RelativePath=".\ctaocrypt\src\error.c"
+				>
+			</File>
 			<File
 				RelativePath=".\ctaocrypt\src\hc128.c"
 				>
--- a/cyassl/ctaocrypt/aes.h
+++ b/cyassl/ctaocrypt/aes.h
@@ -68,6 +68,17 @@ typedef struct Aes {

    ALIGN16 word32 reg[AES_BLOCK_SIZE / sizeof(word32)];      /* for CBC mode */
    ALIGN16 word32 tmp[AES_BLOCK_SIZE / sizeof(word32)];      /* same         */
+
+#ifdef HAVE_AESGCM
+    ALIGN16 byte H[AES_BLOCK_SIZE];
+#ifdef GCM_TABLE
+    /* key-based fast multiplication table. */
+    ALIGN16 byte M0[256][AES_BLOCK_SIZE];
+#endif /* GCM_TABLE */
+#endif /* HAVE_AESGCM */
+#ifdef CYASSL_AESNI
+    byte use_aesni;
+#endif /* CYASSL_AESNI */
 } Aes;


@@ -79,6 +90,21 @@ CYASSL_API void AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz);
 CYASSL_API void AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz);
 CYASSL_API void AesEncryptDirect(Aes* aes, byte* out, const byte* in);
 CYASSL_API void AesDecryptDirect(Aes* aes, byte* out, const byte* in);
+CYASSL_API int  AesSetKeyDirect(Aes* aes, const byte* key, word32 len,
+                                const byte* iv, int dir);
+#ifdef HAVE_AESGCM
+CYASSL_API void AesGcmSetKey(Aes* aes, const byte* key, word32 len,
+                              const byte* implicitIV);
+CYASSL_API void AesGcmSetExpIV(Aes* aes, const byte* iv);
+CYASSL_API void AesGcmGetExpIV(Aes* aes, byte* iv);
+CYASSL_API void AesGcmIncExpIV(Aes* aes);
+CYASSL_API void AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
+                              byte* authTag, word32 authTagSz,
+                              const byte* authIn, word32 authInSz);
+CYASSL_API int  AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
+                              const byte* authTag, word32 authTagSz,
+                              const byte* authIn, word32 authInSz);
+#endif /* HAVE_AESGCM */


 #ifdef __cplusplus
--- a/cyassl/ctaocrypt/asn.h
+++ b/cyassl/ctaocrypt/asn.h
@@ -19,6 +19,7 @@
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
 */

+#ifndef NO_ASN

 #ifndef CTAO_CRYPT_ASN_H
 #define CTAO_CRYPT_ASN_H
@@ -61,6 +62,7 @@ enum ASN_Tags {
    ASN_SEQUENCE          = 0x10,
    ASN_SET               = 0x11,
    ASN_UTC_TIME          = 0x17,
+    ASN_DNS_TYPE          = 0x02,
    ASN_GENERALIZED_TIME  = 0x18,
    CRL_EXTENSIONS        = 0xa0,
    ASN_EXTENSIONS        = 0xa3,
@@ -140,6 +142,7 @@ enum Misc_ASN {
 #endif
    MAX_OCSP_EXT_SZ     = 58,      /* Max OCSP Extension length */
    MAX_OCSP_NONCE_SZ   = 18,      /* OCSP Nonce size           */
+    EIGHTK_BUF          = 8192,    /* Tmp buffer size           */
    MAX_PUBLIC_KEY_SZ   = MAX_NTRU_ENC_SZ + MAX_ALGO_SZ + MAX_SEQ_SZ * 2
                                   /* use bigger NTRU size */
 };
@@ -200,6 +203,13 @@ enum VerifyType {
 };


+typedef struct DNS_entry   DNS_entry;
+
+struct DNS_entry {
+    DNS_entry* next;   /* next on DNS list */
+    char*      name;   /* actual DNS name */
+};
+
 typedef struct DecodedCert DecodedCert;
 typedef struct Signer      Signer;

@@ -213,6 +223,7 @@ struct DecodedCert {
    word32  sigLength;               /* length of signature              */
    word32  signatureOID;            /* sum of algorithm object id       */
    word32  keyOID;                  /* sum of key algo  object id       */
+    DNS_entry* altNames;             /* alt names list of dns entries    */
    byte    subjectHash[SHA_SIZE];   /* hash of all Names                */
    byte    issuerHash[SHA_SIZE];    /* hash of all Names                */
 #ifdef HAVE_OCSP
@@ -221,6 +232,7 @@ struct DecodedCert {
    byte*   signature;               /* not owned, points into raw cert  */
    char*   subjectCN;               /* CommonName                       */
    int     subjectCNLen;
+    int     subjectCNStored;         /* have we saved a copy we own      */
    char    issuer[ASN_NAME_MAX];    /* full name including common name  */
    char    subject[ASN_NAME_MAX];   /* full name including common name  */
    int     verify;                  /* Default to yes, but could be off */
@@ -280,6 +292,7 @@ struct Signer {
    #define CYASSL_TEST_API CYASSL_LOCAL
 #endif

+CYASSL_TEST_API void FreeAltNames(DNS_entry*, void*);
 CYASSL_TEST_API void InitDecodedCert(DecodedCert*, byte*, word32, void*);
 CYASSL_TEST_API void FreeDecodedCert(DecodedCert*);
 CYASSL_TEST_API int  ParseCert(DecodedCert*, int type, int verify, void* cm);
@@ -324,6 +337,10 @@ enum cert_enums {
 #endif /* CYASSL_CERT_GEN */


+
+/* for pointer use */
+typedef struct CertStatus CertStatus;
+
 #ifdef HAVE_OCSP

 enum Ocsp_Response_Status {
@@ -349,64 +366,75 @@ enum Ocsp_Sums {
 };


-#define STATUS_LIST_SIZE 5
-
-
 typedef struct OcspRequest  OcspRequest;
 typedef struct OcspResponse OcspResponse;


+struct CertStatus {
+    CertStatus* next;
+
+    byte serial[EXTERNAL_SERIAL_SIZE];
+    int serialSz;
+
+    int status;
+
+    byte thisDate[MAX_DATE_SIZE];
+    byte nextDate[MAX_DATE_SIZE];
+    byte thisDateFormat;
+    byte nextDateFormat;
+};
+
+
 struct OcspResponse {
    int     responseStatus;  /* return code from Responder */

-    word32  respBegin;       /* index to beginning of OCSP Response */
-    word32  respLength;      /* length of the OCSP Response */
+    byte*   response;        /* Pointer to beginning of OCSP Response */
+    word32  responseSz;      /* length of the OCSP Response */

-    int     version;         /* Response version number */
+    byte    producedDate[MAX_DATE_SIZE];
+							 /* Date at which this response was signed */
+    byte    producedDateFormat; /* format of the producedDate */
+    byte*   issuerHash;
+    byte*   issuerKeyHash;

-    byte*   thisUpdate;      /* Time at which this status was set      */
-    byte*   nextUpdate;      /* Time for next update                   */
-    byte*   producedAt;      /* Time at which this response was signed */
+    byte*   cert;
+    word32  certSz;

-    word32  sigIndex;        /* Index into source for start of sig */
-    word32  sigLength;       /* Length in octets for the sig */
+    byte*   sig;             /* Pointer to sig in source */
+    word32  sigSz;           /* Length in octets for the sig */
    word32  sigOID;          /* OID for hash used for sig */

-    int     certStatusCount; /* Count of certificate statuses, Note
-                              * 1:1 correspondence between certStatus
-                              * and certSerialNumber */
-    byte    certSN[STATUS_LIST_SIZE][EXTERNAL_SERIAL_SIZE];
-    int     certSNsz[STATUS_LIST_SIZE];
-                             /* Certificate serial number array. */
-    word32  certStatus[STATUS_LIST_SIZE];
-                             /* Certificate status array */
+    CertStatus* status;      /* certificate status to fill out */

-    byte*   nonce;
-    int     nonceSz;
+    byte*   nonce;           /* pointer to nonce inside ASN.1 response */
+    int     nonceSz;         /* length of the nonce string */

    byte*   source;          /* pointer to source buffer, not owned */
    word32  maxIdx;          /* max offset based on init size */
-    void*   heap;            /* for user memory overrides */
 };


 struct OcspRequest {
-    byte*   nonce;
+    DecodedCert* cert;
+
+    byte    nonce[MAX_OCSP_NONCE_SZ];
    int     nonceSz;

-    byte*   dest;
-    word32  destSz;
-    void*   heap;
+    byte*   issuerHash;      /* pointer to issuerHash in source cert */
+    byte*   issuerKeyHash;   /* pointer to issuerKeyHash in source cert */
+    byte*   serial;          /* pointer to serial number in source cert */
+    int     serialSz;        /* length of the serial number */
+
+    byte*   dest;            /* pointer to the destination ASN.1 buffer */
+    word32  destSz;          /* length of the destination buffer */
 };


-CYASSL_LOCAL void InitOcspResponse(OcspResponse*, byte*, word32, void*);
-CYASSL_LOCAL void FreeOcspResponse(OcspResponse*);
+CYASSL_LOCAL void InitOcspResponse(OcspResponse*, CertStatus*, byte*, word32);
 CYASSL_LOCAL int  OcspResponseDecode(OcspResponse*);

-CYASSL_LOCAL void InitOcspRequest(OcspRequest*, byte*, word32, void*);
-CYASSL_LOCAL void FreeOcspRequest(OcspRequest*);
-CYASSL_LOCAL int  EncodeOcspRequest(DecodedCert*, byte*, word32);
+CYASSL_LOCAL void InitOcspRequest(OcspRequest*, DecodedCert*, byte*, word32);
+CYASSL_LOCAL int  EncodeOcspRequest(OcspRequest*);

 CYASSL_LOCAL int  CompareOcspReqResp(OcspRequest*, OcspResponse*);

@@ -444,7 +472,7 @@ struct DecodedCRL {
 };

 CYASSL_LOCAL void InitDecodedCRL(DecodedCRL*);
-CYASSL_LOCAL int  ParseCRL(DecodedCRL*, const byte* buff, long sz, void* cm);
+CYASSL_LOCAL int  ParseCRL(DecodedCRL*, const byte* buff, word32 sz, void* cm);
 CYASSL_LOCAL void FreeDecodedCRL(DecodedCRL*);


@@ -457,3 +485,4 @@ CYASSL_LOCAL void FreeDecodedCRL(DecodedCRL*);

 #endif /* CTAO_CRYPT_ASN_H */

+#endif /* !NO_ASN */
--- a/cyassl/ctaocrypt/des3.h
+++ b/cyassl/ctaocrypt/des3.h
@@ -40,7 +40,7 @@ enum {
    DES_KS_SIZE     = 32,

    DES_ENCRYPTION  = 0,
-    DES_DECRYPTION  = 1,
+    DES_DECRYPTION  = 1
 };


--- a/cyassl/ctaocrypt/error.h
+++ b/cyassl/ctaocrypt/error.h
@@ -98,6 +98,8 @@ enum {
    NO_PASSWORD        = -176,  /* no password provided by user */
    ALT_NAME_E         = -177,  /* alt name size problem, too big */

+    AES_GCM_AUTH_E     = -180,  /* AES-GCM Authentication check failure */
+
    MIN_CODE_E         = -200   /* errors -101 - -199 */
 };

--- a/cyassl/ctaocrypt/hmac.h
+++ b/cyassl/ctaocrypt/hmac.h
@@ -32,6 +32,10 @@
    #include <cyassl/ctaocrypt/sha256.h>
 #endif

+#ifdef CYASSL_SHA384
+    #include <cyassl/ctaocrypt/sha512.h>
+#endif
+
 #ifdef __cplusplus
    extern "C" {
 #endif
@@ -40,13 +44,19 @@
 enum {
    IPAD    = 0x36,
    OPAD    = 0x5C,
-#ifndef NO_SHA256
+#if defined(CYASSL_SHA384)
+    INNER_HASH_SIZE = SHA384_DIGEST_SIZE,
+    HMAC_BLOCK_SIZE = SHA384_BLOCK_SIZE
+#elif !defined(NO_SHA256)
    INNER_HASH_SIZE = SHA256_DIGEST_SIZE,
+    HMAC_BLOCK_SIZE = SHA256_BLOCK_SIZE,
+    SHA384          = 5
 #else
    INNER_HASH_SIZE = SHA_DIGEST_SIZE,
+    HMAC_BLOCK_SIZE = SHA_BLOCK_SIZE,
    SHA256          = 2,                     /* hash type unique */
+    SHA384          = 5
 #endif
-    HMAC_BLOCK_SIZE = MD5_BLOCK_SIZE
 };


@@ -57,6 +67,9 @@ typedef union {
    #ifndef NO_SHA256
        Sha256 sha256;
    #endif
+    #ifdef CYASSL_SHA384
+        Sha384 sha384;
+    #endif
 } Hash;

 /* Hmac digest */
--- a/cyassl/ctaocrypt/include.am
+++ b/cyassl/ctaocrypt/include.am
@@ -15,6 +15,7 @@ nobase_include_HEADERS+= \
                         cyassl/ctaocrypt/hc128.h \
                         cyassl/ctaocrypt/hmac.h \
                         cyassl/ctaocrypt/integer.h \
+                         cyassl/ctaocrypt/md2.h \
                         cyassl/ctaocrypt/md4.h \
                         cyassl/ctaocrypt/md5.h \
                         cyassl/ctaocrypt/misc.h \
--- a/cyassl/ctaocrypt/md2.h
+++ b/cyassl/ctaocrypt/md2.h
@@ -0,0 +1,64 @@
+/* md2.h
+ *
+ * Copyright (C) 2006-2012 Sawtooth Consulting Ltd.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+
+#ifdef CYASSL_MD2
+
+#ifndef CTAO_CRYPT_MD2_H
+#define CTAO_CRYPT_MD2_H
+
+#include <cyassl/ctaocrypt/types.h>
+
+#ifdef __cplusplus
+    extern "C" {
+#endif
+
+
+/* in bytes */
+enum {
+    MD2             =  6,    /* hash type unique */
+    MD2_BLOCK_SIZE  = 16,
+    MD2_DIGEST_SIZE = 16,
+    MD2_PAD_SIZE    = 16,
+    MD2_X_SIZE      = 48
+};
+
+
+/* Md2 digest */
+typedef struct Md2 {
+    word32  count;   /* bytes % PAD_SIZE  */
+    byte    X[MD2_X_SIZE];
+    byte    C[MD2_BLOCK_SIZE];
+    byte    buffer[MD2_BLOCK_SIZE];
+} Md2;
+
+
+CYASSL_API void InitMd2(Md2*);
+CYASSL_API void Md2Update(Md2*, const byte*, word32);
+CYASSL_API void Md2Final(Md2*, byte*);
+
+
+#ifdef __cplusplus
+    } /* extern "C" */
+#endif
+
+#endif /* CTAO_CRYPT_MD2_H */
+#endif /* CYASSL_MD2 */
--- a/cyassl/ctaocrypt/misc.h
+++ b/cyassl/ctaocrypt/misc.h
@@ -49,6 +49,19 @@ CYASSL_LOCAL
 void XorWords(word*, const word*, word32);
 CYASSL_LOCAL
 void xorbuf(byte*, const byte*, word32);
+
+#ifdef WORD64_AVAILABLE
+CYASSL_LOCAL
+word64 rotlFixed64(word64, word64);
+CYASSL_LOCAL
+word64 rotrFixed64(word64, word64);
+
+CYASSL_LOCAL
+word64 ByteReverseWord64(word64);
+CYASSL_LOCAL
+void   ByteReverseWords64(word64*, const word64*, word32);
+#endif /* WORD64_AVAILABLE */
+
 #endif /* NO_INLINE */


--- a/cyassl/ctaocrypt/rsa.h
+++ b/cyassl/ctaocrypt/rsa.h
@@ -19,6 +19,7 @@
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
 */

+#ifndef NO_RSA

 #ifndef CTAO_CRYPT_RSA_H
 #define CTAO_CRYPT_RSA_H
@@ -79,3 +80,4 @@ CYASSL_API int RsaPublicKeyDecode(const byte* input, word32* inOutIdx, RsaKey*,

 #endif /* CTAO_CRYPT_RSA_H */

+#endif /* NO_RSA */
--- a/cyassl/ctaocrypt/settings.h
+++ b/cyassl/ctaocrypt/settings.h
@@ -48,12 +48,24 @@
 /* Uncomment next line if using FreeRTOS */
 /* #define FREERTOS */

+/* Uncomment next line if using FreeRTOS Windows Simulator */
+/* #define FREERTOS_WINSIM */
+
+/* Uncomment next line if using RTIP */
+/* #define EBSNET */
+
 /* Uncomment next line if using lwip */
 /* #define CYASSL_LWIP */

 /* Uncomment next line if building CyaSSL for a game console */
 /* #define CYASSL_GAME_BUILD */

+/* Uncomment next line if building CyaSSL for LSR */
+/* #define CYASSL_LSR */
+
+/* Uncomment next line if building CyaSSL for Freescale MQX/RTCS/MFS */
+/* #define FREESCALE_MQX */
+

 #include <cyassl/ctaocrypt/visibility.h>

@@ -82,15 +94,57 @@
    #define NO_HC128
 #endif /* MBED */

-#ifdef FREERTOS 
-    #define SINGLE_THREADED
+#ifdef FREERTOS_WINSIM
+    #define FREERTOS
+    #define USE_WINDOWS_API
+#endif
+
+#ifdef FREERTOS
    #define NO_WRITEV
    #define NO_SHA512
    #define NO_DH
    #define NO_DSA
    #define NO_HC128
+
+    #ifndef SINGLE_THREADED
+        #include "FreeRTOS.h"
+        #include "semphr.h"
+    #endif
 #endif

+#ifdef EBSNET
+    #include "rtip.h"
+
+    /* #define DEBUG_CYASSL */
+    #define NO_CYASSL_DIR  /* tbd */
+
+    #if (POLLOS)
+        #define SINGLE_THREADED
+    #endif
+
+    #if (RTPLATFORM)
+        #if (!RTP_LITTLE_ENDIAN)
+            #define BIG_ENDIAN_ORDER
+        #endif
+    #else
+        #if (!KS_LITTLE_ENDIAN)
+            #define BIG_ENDIAN_ORDER
+        #endif
+    #endif
+
+    #if (WINMSP3)
+        #undef SIZEOF_LONG
+        #define SIZEOF_LONG_LONG 8
+    #else
+        #sslpro: settings.h - please implement SIZEOF_LONG and SIZEOF_LONG_LONG
+    #endif
+
+    #define XMALLOC(s, h, type) ((void *)rtp_malloc((s), SSL_PRO_MALLOC))
+    #define XFREE(p, h, type) (rtp_free(p))
+    #define XREALLOC(p, n, h, t) realloc((p), (n))
+
+#endif /* EBSNET */
+
 #ifdef CYASSL_GAME_BUILD
    #define SIZEOF_LONG_LONG 8
    #if defined(__PPU) || defined(__XENON)
@@ -98,6 +152,71 @@
    #endif
 #endif

+#ifdef CYASSL_LSR
+    #define HAVE_WEBSERVER
+    #define SIZEOF_LONG_LONG 8
+    #define CYASSL_LOW_MEMORY
+    #define NO_WRITEV
+    #define NO_SHA512
+    #define NO_DH
+    #define NO_DSA
+    #define NO_HC128
+    #define NO_DEV_RANDOM
+    #define NO_CYASSL_DIR
+    #define NO_RABBIT
+    #ifndef NO_FILESYSTEM
+        #define LSR_FS
+        #include "inc/hw_types.h"
+        #include "fs.h"
+    #endif
+    #define CYASSL_LWIP
+    #include <errno.h>  /* for tcp errno */
+    #define CYASSL_SAFERTOS
+    #if defined(__IAR_SYSTEMS_ICC__)
+        /* enum uses enum */
+        #pragma diag_suppress=Pa089
+    #endif
+#endif
+
+#ifdef CYASSL_SAFERTOS
+    #ifndef SINGLE_THREADED
+        #include "SafeRTOS/semphr.h"
+    #endif
+
+    #include "SafeRTOS/heap.h"
+    #define XMALLOC(s, h, type)  pvPortMalloc((s))
+    #define XFREE(p, h, type)    vPortFree((p)) 
+    #define XREALLOC(p, n, h, t) pvPortRealloc((p), (n))
+#endif
+
+#ifdef CYASSL_LOW_MEMORY
+    #define RSA_LOW_MEM
+    #define CYASSL_SMALL_STACK
+    #define TFM_TIMING_RESISTANT
+#endif
+
+#ifdef FREESCALE_MQX
+    #define SIZEOF_LONG_LONG 8
+    #define NO_WRITEV
+    #define NO_DEV_RANDOM
+    #define NO_RABBIT
+    #define NO_CYASSL_DIR
+    #define USE_FAST_MATH
+    #define TFM_TIMING_RESISTANT
+    #define FREESCALE_K70_RNGA
+    #ifndef NO_FILESYSTEM
+        #include "mfs.h"
+        #include "fio.h"
+    #endif
+    #ifndef SINGLE_THREADED
+        #include "mutex.h"
+    #endif
+
+    #define XMALLOC(s, h, type) (void *)_mem_alloc_system((s))
+    #define XFREE(p, h, type)   _mem_free(p)
+    /* Note: MQX has no realloc, using fastmath above */
+#endif
+
 #ifdef MICRIUM

    #include "stdlib.h"
--- a/cyassl/ctaocrypt/tfm.h
+++ b/cyassl/ctaocrypt/tfm.h
@@ -357,7 +357,7 @@ typedef struct {
 void fp_set(fp_int *a, fp_digit b);

 /* copy from a to b */
-#define fp_copy(a, b)  (void)(((a) != (b)) ? (XMEMCPY((b), (a), sizeof(fp_int))) : (void)0)
+#define fp_copy(a, b)  (void)(((a) != (b)) ? ((void)XMEMCPY((b), (a), sizeof(fp_int))) : (void)0)
 #define fp_init_copy(a, b) fp_copy(b, a)

 /* clamp digits */
--- a/cyassl/ctaocrypt/types.h
+++ b/cyassl/ctaocrypt/types.h
@@ -30,7 +30,7 @@
 #endif


-#if defined(WORDS_BIGENDIAN) || (defined(__MWERKS__) && !defined(__INTEL__))
+#if defined(WORDS_BIGENDIAN)
    #define BIG_ENDIAN_ORDER
 #endif

@@ -54,7 +54,7 @@
                || defined(__mips64)  || defined(__x86_64__)) 
            /* long should be 64bit */
            #define SIZEOF_LONG 8
-        #elif (defined__i386__) 
+        #elif defined(__i386__) 
            /* long long should be 64bit */
            #define SIZEOF_LONG_LONG 8
        #endif
@@ -66,11 +66,11 @@
    #define WORD64_AVAILABLE
    #define W64LIT(x) x##ui64
    typedef unsigned __int64 word64;
-#elif SIZEOF_LONG == 8
+#elif defined(SIZEOF_LONG) && SIZEOF_LONG == 8
    #define WORD64_AVAILABLE
    #define W64LIT(x) x##LL
    typedef unsigned long word64;
-#elif SIZEOF_LONG_LONG == 8 
+#elif defined(SIZEOF_LONG_LONG) && SIZEOF_LONG_LONG == 8 
    #define WORD64_AVAILABLE
    #define W64LIT(x) x##LL
    typedef unsigned long long word64;
@@ -82,7 +82,7 @@

 /* These platforms have 64-bit CPU registers.  */
 #if (defined(__alpha__) || defined(__ia64__) || defined(_ARCH_PPC64) || \
-     defined(__mips64)  || defined(__x86_64__)) 
+     defined(__mips64)  || defined(__x86_64__) || defined(_M_X64)) 
    typedef word64 word;
 #else
    typedef word32 word;
@@ -108,6 +108,8 @@ enum {
        #define INLINE inline
    #elif defined(THREADX)
        #define INLINE _Inline
+    #elif defined(__IAR_SYSTEMS_ICC__)
+        #define INLINE inline
    #else
        #define INLINE 
    #endif
@@ -132,7 +134,8 @@ enum {


 /* Micrium will use Visual Studio for compilation but not the Win32 API */
-#if defined(_WIN32) && !defined(MICRIUM)
+#if defined(_WIN32) && !defined(MICRIUM) && !defined(FREERTOS) \
+        && !defined(EBSNET)
    #define USE_WINDOWS_API
 #endif

@@ -147,16 +150,19 @@ enum {
    extern void *XMALLOC(size_t n, void* heap, int type);
    extern void *XREALLOC(void *p, size_t n, void* heap, int type);
    extern void XFREE(void *p, void* heap, int type);
-#elif !defined(MICRIUM_MALLOC)
+#elif !defined(MICRIUM_MALLOC) && !defined(EBSNET) \
+        && !defined(CYASSL_SAFERTOS) && !defined(FREESCALE_MQX)
    /* default C runtime, can install different routines at runtime */
    #include <cyassl/ctaocrypt/memory.h>
-    #define XMALLOC(s, h, t)     CyaSSL_Malloc((s))
+    #define XMALLOC(s, h, t)     ((void)h, (void)t, CyaSSL_Malloc((s)))
    #define XFREE(p, h, t)       {void* xp = (p); if((xp)) CyaSSL_Free((xp));}
    #define XREALLOC(p, n, h, t) CyaSSL_Realloc((p), (n))
 #endif

 #ifndef STRING_USER
    #include <string.h>
+    char* mystrnstr(const char* s1, const char* s2, unsigned int n);
+
    #define XMEMCPY(d,s,l)    memcpy((d),(s),(l))
    #define XMEMSET(b,c,l)    memset((b),(c),(l))
    #define XMEMCMP(s1,s2,n)  memcmp((s1),(s2),(n))
@@ -167,6 +173,7 @@ enum {
    /* strstr, strncmp, and strncat only used by CyaSSL proper, not required for
       CTaoCrypt only */
    #define XSTRSTR(s1,s2)    strstr((s1),(s2))
+    #define XSTRNSTR(s1,s2,n) mystrnstr((s1),(s2),(n))
    #define XSTRNCMP(s1,s2,n) strncmp((s1),(s2),(n))
    #define XSTRNCAT(s1,s2,n) strncat((s1),(s2),(n))
 #endif
@@ -206,9 +213,17 @@ enum {
    DYNAMIC_TYPE_REVOKED    = 23,
    DYNAMIC_TYPE_CRL_ENTRY  = 24,
    DYNAMIC_TYPE_CERT_MANAGER = 25,
-    DYNAMIC_TYPE_CRL_MONITOR = 26,
-    DYNAMIC_TYPE_OCSP_STATUS = 27,
-    DYNAMIC_TYPE_OCSP_ENTRY = 28
+    DYNAMIC_TYPE_CRL_MONITOR  = 26,
+    DYNAMIC_TYPE_OCSP_STATUS  = 27,
+    DYNAMIC_TYPE_OCSP_ENTRY   = 28,
+    DYNAMIC_TYPE_ALTNAME      = 29,
+    DYNAMIC_TYPE_SUITES       = 30,
+    DYNAMIC_TYPE_CIPHER       = 31,
+    DYNAMIC_TYPE_RNG          = 32,
+    DYNAMIC_TYPE_ARRAYS       = 33,
+    DYNAMIC_TYPE_DTLS_POOL    = 34,
+    DYNAMIC_TYPE_SOCKADDR     = 35,
+    DYNAMIC_TYPE_LIBZ         = 36
 };

 /* stack protection */
--- a/cyassl/error.h
+++ b/cyassl/error.h
@@ -100,11 +100,18 @@ enum CyaSSL_ErrorCodes {
    OCSP_NEED_URL          = -265,            /* OCSP need an URL for lookup */
    OCSP_CERT_UNKNOWN      = -266,            /* OCSP responder doesn't know */
    OCSP_LOOKUP_FAIL       = -267,            /* OCSP lookup not successful */
+    MAX_CHAIN_ERROR        = -268,            /* max chain depth exceeded */
+    COOKIE_ERROR           = -269,            /* dtls cookie error */
+    SEQUENCE_ERROR         = -270,            /* dtls sequence error */
+    SUITES_ERROR           = -271,            /* suites pointer error */
+    SSL_NO_PEM_HEADER      = -272,            /* no PEM header found */
+    OUT_OF_ORDER_E         = -273,            /* out of order message */
+    BAD_KEA_TYPE_E         = -274,            /* bad KEA type found */
    /* add strings to SetErrorString !!!!! */

    /* begin negotiation parameter errors */
-    UNSUPPORTED_SUITE      = -270,            /* unsupported cipher suite */
-    MATCH_SUITE_ERROR      = -271             /* can't match cipher suite */
+    UNSUPPORTED_SUITE      = -290,            /* unsupported cipher suite */
+    MATCH_SUITE_ERROR      = -291             /* can't match cipher suite */
    /* end negotiation parameter errors only 10 for now */
    /* add strings to SetErrorString !!!!! */
 };
--- a/cyassl/internal.h
+++ b/cyassl/internal.h
@@ -24,9 +24,9 @@
 #define CYASSL_INT_H


+#include <cyassl/ctaocrypt/types.h>
 #include <cyassl/ssl.h>
 #include <cyassl/crl.h>
-#include <cyassl/ctaocrypt/types.h>
 #include <cyassl/ctaocrypt/random.h>
 #include <cyassl/ctaocrypt/des3.h>
 #include <cyassl/ctaocrypt/hc128.h>
@@ -44,6 +44,9 @@
 #ifdef HAVE_OCSP
    #include <cyassl/ocsp.h>
 #endif
+#ifdef CYASSL_SHA512
+    #include <cyassl/ctaocrypt/sha512.h>
+#endif

 #ifdef CYASSL_CALLBACKS
    #include <cyassl/openssl/cyassl_callbacks.h>
@@ -66,6 +69,12 @@
    #endif
 #elif defined(MICRIUM)
    /* do nothing, just don't pick Unix */
+#elif defined(FREERTOS) || defined(CYASSL_SAFERTOS)
+    /* do nothing */
+#elif defined(EBSNET)
+    /* do nothing */
+#elif defined(FREESCALE_MQX)
+    /* do nothing */
 #else
    #ifndef SINGLE_THREADED
        #define CYASSL_PTHREADS
@@ -117,7 +126,7 @@ void c32to24(word32 in, word24 out);

   When adding cipher suites, add name to cipher_names, idx to cipher_name_idx
 */
-#ifndef NO_RC4
+#if !defined(NO_RSA) && !defined(NO_RC4)
    #define BUILD_SSL_RSA_WITH_RC4_128_SHA
    #define BUILD_SSL_RSA_WITH_RC4_128_MD5
    #if !defined(NO_TLS) && defined(HAVE_NTRU)
@@ -125,20 +134,16 @@ void c32to24(word32 in, word24 out);
    #endif
 #endif

-#ifndef NO_DES3
+#if !defined(NO_RSA) && !defined(NO_DES3)
    #define BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA
    #if !defined(NO_TLS) && defined(HAVE_NTRU)
        #define BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA
    #endif
 #endif

-#if !defined(NO_AES) && !defined(NO_TLS)
+#if !defined(NO_RSA) && !defined(NO_AES) && !defined(NO_TLS)
    #define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA
    #define BUILD_TLS_RSA_WITH_AES_256_CBC_SHA
-    #if !defined (NO_PSK)
-        #define BUILD_TLS_PSK_WITH_AES_128_CBC_SHA
-        #define BUILD_TLS_PSK_WITH_AES_256_CBC_SHA
-    #endif
    #if defined(HAVE_NTRU)
        #define BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA
        #define BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA
@@ -147,23 +152,47 @@ void c32to24(word32 in, word24 out);
        #define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256
        #define BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256
    #endif
+    #if defined (HAVE_AESGCM)
+        #define BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256
+        #define BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384
+    #endif
 #endif

-#if !defined(NO_HC128) && !defined(NO_TLS)
+#if !defined(NO_PSK) && !defined(NO_AES) && !defined(NO_TLS)
+    #define BUILD_TLS_PSK_WITH_AES_128_CBC_SHA
+    #define BUILD_TLS_PSK_WITH_AES_256_CBC_SHA
+#endif
+
+#if !defined(NO_TLS) && defined(HAVE_NULL_CIPHER)
+    #if !defined(NO_RSA)
+        #define BUILD_TLS_RSA_WITH_NULL_SHA
+        #define BUILD_TLS_RSA_WITH_NULL_SHA256
+    #endif
+    #if !defined(NO_PSK)
+        #define BUILD_TLS_PSK_WITH_NULL_SHA
+    #endif
+#endif
+
+#if !defined(NO_HC128) && !defined(NO_RSA) && !defined(NO_TLS)
    #define BUILD_TLS_RSA_WITH_HC_128_CBC_MD5
    #define BUILD_TLS_RSA_WITH_HC_128_CBC_SHA
 #endif

-#if !defined(NO_RABBIT) && !defined(NO_TLS)
+#if !defined(NO_RABBIT) && !defined(NO_TLS) && !defined(NO_RSA)
    #define BUILD_TLS_RSA_WITH_RABBIT_CBC_SHA
 #endif

-#if !defined(NO_DH) && !defined(NO_AES) && !defined(NO_TLS) && defined(OPENSSL_EXTRA)
+#if !defined(NO_DH) && !defined(NO_AES) && !defined(NO_TLS) && \
+    !defined(NO_RSA) && defined(OPENSSL_EXTRA)
    #define BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
    #define BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
    #if !defined (NO_SHA256)
        #define BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
        #define BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
+        #if defined (HAVE_AESGCM)
+            #define BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
+            #define BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
+        #endif
    #endif
 #endif

@@ -178,6 +207,18 @@ void c32to24(word32 in, word24 out);
        #define BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
        #define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
        #define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
+
+        #if defined (HAVE_AESGCM)
+            #define BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+            #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+            #define BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
+            #define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
+
+            #define BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+            #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
+            #define BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
+            #define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
+        #endif
    #endif
    #if !defined(NO_RC4)
        #define BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA
@@ -210,6 +251,10 @@ void c32to24(word32 in, word24 out);
    #define BUILD_AES
 #endif

+#if defined(BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256)
+    #define BUILD_AESGCM
+#endif
+
 #if defined(BUILD_TLS_RSA_WITH_HC_128_CBC_SHA) || \
    defined(BUILD_TLS_RSA_WITH_HC_128_CBC_MD5)
    #define BUILD_HC128
@@ -234,8 +279,10 @@ enum {
    TLS_DHE_RSA_WITH_AES_128_CBC_SHA  = 0x33,
    TLS_RSA_WITH_AES_256_CBC_SHA      = 0x35,
    TLS_RSA_WITH_AES_128_CBC_SHA      = 0x2F,
+    TLS_RSA_WITH_NULL_SHA             = 0x02,
    TLS_PSK_WITH_AES_256_CBC_SHA      = 0x8d,
    TLS_PSK_WITH_AES_128_CBC_SHA      = 0x8c,
+    TLS_PSK_WITH_NULL_SHA             = 0x2c,
    SSL_RSA_WITH_RC4_128_SHA          = 0x05,
    SSL_RSA_WITH_RC4_128_MD5          = 0x04,
    SSL_RSA_WITH_3DES_EDE_CBC_SHA     = 0x0A,
@@ -275,7 +322,24 @@ enum {
    TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 = 0x6b,
    TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 = 0x67,
    TLS_RSA_WITH_AES_256_CBC_SHA256     = 0x3d,
-    TLS_RSA_WITH_AES_128_CBC_SHA256     = 0x3c
+    TLS_RSA_WITH_AES_128_CBC_SHA256     = 0x3c,
+    TLS_RSA_WITH_NULL_SHA256            = 0x3b,
+
+    /* AES-GCM */
+    TLS_RSA_WITH_AES_128_GCM_SHA256          = 0x9c,
+    TLS_RSA_WITH_AES_256_GCM_SHA384          = 0x9d,
+    TLS_DHE_RSA_WITH_AES_128_GCM_SHA256      = 0x9e,
+    TLS_DHE_RSA_WITH_AES_256_GCM_SHA384      = 0x9f,
+
+    /* ECC AES-GCM, first byte is 0xC0 (ECC_BYTE) */
+    TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256  = 0x2b,
+    TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384  = 0x2c,
+    TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256   = 0x2d,
+    TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384   = 0x2e,
+    TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256    = 0x2f,
+    TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384    = 0x30,
+    TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256     = 0x31,
+    TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384     = 0x32
 };


@@ -295,14 +359,18 @@ enum Misc {
    TLSv1_MINOR     = 1,        /* TLSv1   minor version number */
    TLSv1_1_MINOR   = 2,        /* TLSv1_1 minor version number */
    TLSv1_2_MINOR   = 3,        /* TLSv1_2 minor version number */
+    INVALID_BYTE    = 0xff,     /* Used to initialize cipher specs values */
    NO_COMPRESSION  =  0,
    ZLIB_COMPRESSION = 221,     /* CyaSSL zlib compression */
+    HELLO_EXT_SIG_ALGO = 13,    /* ID for the sig_algo hello extension */
    SECRET_LEN      = 48,       /* pre RSA and all master */
    ENCRYPT_LEN     = 512,      /* allow 4096 bit static buffer */
    SIZEOF_SENDER   =  4,       /* clnt or srvr           */
    FINISHED_SZ     = MD5_DIGEST_SIZE + SHA_DIGEST_SIZE,
    MAX_RECORD_SIZE = 16384,    /* 2^14, max size by standard */
-    MAX_MSG_EXTRA   = 68,       /* max added to msg, mac + pad */
+    MAX_MSG_EXTRA   = 70,       /* max added to msg, mac + pad  from */
+                                /* RECORD_HEADER_SZ + BLOCK_SZ (pad) + SHA_256
+                                   digest sz + BLOC_SZ (iv) + pad byte (1) */
    MAX_COMP_EXTRA  = 1024,     /* max compression extra */
    MAX_MTU         = 1500,     /* max expected MTU */
    MAX_UDP_SIZE    = MAX_MTU - 100,   /* don't exceed MTU w/ 100 byte header */
@@ -326,6 +394,7 @@ enum Misc {
    SEED_LEN     = RAN_LEN * 2, /* tls prf seed length    */
    ID_LEN       = 32,         /* session id length       */
    MAX_COOKIE_LEN = 32,       /* max dtls cookie size    */
+    COOKIE_SZ    = 20,         /* use a 20 byte cookie    */
    SUITE_LEN    =  2,         /* cipher suite sz length  */
    ENUM_LEN     =  1,         /* always a byte           */
    COMP_LEN     =  1,         /* compression length      */
@@ -336,11 +405,18 @@ enum Misc {
    CERT_HEADER_SZ      = 3,   /* always 3 bytes          */
    REQ_HEADER_SZ       = 2,   /* cert request header sz  */
    HINT_LEN_SZ         = 2,   /* length of hint size field */
+    HELLO_EXT_SZ        = 14,  /* total length of the lazy hello extensions */
+    HELLO_EXT_LEN       = 12,  /* length of the lazy hello extensions */
+    HELLO_EXT_SIGALGO_SZ  = 8, /* length of signature algo extension  */
+    HELLO_EXT_SIGALGO_LEN = 6, /* number of items in the signature algo list */

    DTLS_HANDSHAKE_HEADER_SZ = 12, /* normal + seq(2) + offset(3) + length(3) */
    DTLS_RECORD_HEADER_SZ    = 13, /* normal + epoch(2) + seq_num(6) */
    DTLS_HANDSHAKE_EXTRA     = 8,  /* diff from normal */
    DTLS_RECORD_EXTRA        = 8,  /* diff from normal */
+    DTLS_HANDSHAKE_SEQ_SZ    = 2,  /* handshake header sequence number */
+    DTLS_HANDSHAKE_FRAG_SZ   = 3,  /* fragment offset and length are 24 bit */
+    DTLS_POOL_SZ             = 5,  /* buffers to hold in the retry pool */

    FINISHED_LABEL_SZ   = 15,  /* TLS finished label size */
    TLS_FINISHED_SZ     = 12,  /* TLS has a shorter size  */
@@ -359,8 +435,19 @@ enum Misc {
    AES_256_KEY_SIZE    = 32,  /* for 256 bit             */
    AES_192_KEY_SIZE    = 24,  /* for 192 bit             */
    AES_IV_SIZE         = 16,  /* always block size       */
+    AES_GCM_IMP_IV_SZ   = 4,   /* Implicit part of IV     */
+    AES_GCM_EXP_IV_SZ   = 8,   /* Explicit part of IV     */
+    AES_GCM_CTR_IV_SZ   = 4,   /* Counter part of IV      */
    AES_128_KEY_SIZE    = 16,  /* for 128 bit             */

+    AEAD_SEQ_OFFSET     = 4,        /* Auth Data: Sequence number */
+    AEAD_TYPE_OFFSET    = 8,        /* Auth Data: Type            */
+    AEAD_VMAJ_OFFSET    = 9,        /* Auth Data: Major Version   */
+    AEAD_VMIN_OFFSET    = 10,       /* Auth Data: Minor Version   */
+    AEAD_LEN_OFFSET     = 11,       /* Auth Data: Length          */
+    AEAD_AUTH_TAG_SZ    = 16,       /* Size of the authentication tag   */
+    AEAD_AUTH_DATA_SZ   = 13,       /* Size of the data to authenticate */
+
    HC_128_KEY_SIZE     = 16,  /* 128 bits                */
    HC_128_IV_SIZE      = 16,  /* also 128 bits           */

@@ -377,16 +464,15 @@ enum Misc {
    CLIENT_HELLO_FIRST =  35,  /* Protocol + RAN_LEN + sizeof(id_len) */
    MAX_SUITE_NAME     =  48,  /* maximum length of cipher suite string */
    DEFAULT_TIMEOUT    = 500,  /* default resumption timeout in seconds */
+    DTLS_DEFAULT_TIMEOUT = 1,  /* default timeout for DTLS receive      */

    MAX_PSK_ID_LEN     = 128,  /* max psk identity/hint supported */
    MAX_PSK_KEY_LEN    =  64,  /* max psk key supported */

 #ifdef FORTRESS
    MAX_EX_DATA        =   3,  /* allow for three items of ex_data */
-    MAX_CHAIN_DEPTH    =   9,  /* max cert chain peer depth, FORTRESS option */
-#else
-    MAX_CHAIN_DEPTH    =   4,  /* max cert chain peer depth */
 #endif
+
    MAX_X509_SIZE      = 2048, /* max static x509 buffer size */
    CERT_MIN_SIZE      =  256, /* min PEM cert size with header/footer */
    MAX_FILENAME_SZ    =  256, /* max file name length */
@@ -406,6 +492,20 @@ enum Misc {
 };


+/* max cert chain peer depth */
+#ifndef MAX_CHAIN_DEPTH
+    #define MAX_CHAIN_DEPTH 9
+#endif
+
+
+/* don't use extra 3/4k stack space unless need to */
+#ifdef HAVE_NTRU
+    #define MAX_ENCRYPT_SZ MAX_NTRU_ENCRYPT_SZ
+#else
+    #define MAX_ENCRYPT_SZ ENCRYPT_LEN
+#endif
+
+
 /* states */
 enum states {
    NULL_STATE = 0,
@@ -475,9 +575,6 @@ struct CYASSL_BIO {
 struct CYASSL_METHOD {
    ProtocolVersion version;
    byte            side;         /* connection side, server or client */
-    byte            verifyPeer;   /* request or send certificate       */
-    byte            verifyNone;   /* whether to verify certificate     */
-    byte            failNoCert;   /* fail if no certificate            */
    byte            downgrade;    /* whether to downgrade version, default no */
 };

@@ -511,15 +608,15 @@ enum {
    #define COMP_EXTRA 0
 #endif

-/* only the sniffer needs space in the buffer for an extra MTU record */
+/* only the sniffer needs space in the buffer for extra MTU record(s) */
 #ifdef CYASSL_SNIFFER
-    #define MTU_EXTRA MAX_MTU
+    #define MTU_EXTRA MAX_MTU * 3 
 #else
    #define MTU_EXTRA 0
 #endif

-/* give user option to use 16K static buffers, sniffer needs them too */
-#if defined(LARGE_STATIC_BUFFERS) || defined(CYASSL_SNIFFER)
+/* give user option to use 16K static buffers */
+#if defined(LARGE_STATIC_BUFFERS)
    #define RECORD_SIZE MAX_RECORD_SIZE
 #else
    #ifdef CYASSL_DTLS
@@ -548,8 +645,13 @@ enum {
       The length (in bytes) of the following TLSPlaintext.fragment.
       The length should not exceed 2^14.
 */
-#define STATIC_BUFFER_LEN RECORD_HEADER_SZ + RECORD_SIZE + COMP_EXTRA + \
-        MTU_EXTRA + MAX_MSG_EXTRA
+#if defined(LARGE_STATIC_BUFFERS) || defined(CYASSL_DTLS)
+    #define STATIC_BUFFER_LEN RECORD_HEADER_SZ + RECORD_SIZE + COMP_EXTRA + \
+             MTU_EXTRA + MAX_MSG_EXTRA
+#else
+    /* zero length arrays may not be supported */
+    #define STATIC_BUFFER_LEN 1
+#endif

 typedef struct {
    word32 length;       /* total buffer length used */
@@ -569,7 +671,8 @@ typedef struct Suites {


 CYASSL_LOCAL
-void InitSuites(Suites*, ProtocolVersion, byte, byte, byte, byte, byte, int);
+void InitSuites(Suites*, ProtocolVersion,
+                                     byte, byte, byte, byte, byte, byte, int);
 CYASSL_LOCAL
 int  SetCipherList(Suites*, const char* list);

@@ -584,12 +687,18 @@ int  SetCipherList(Suites*, const char* list);
 #ifndef CYASSL_USER_IO
    /* default IO callbacks */
    CYASSL_LOCAL
-    int EmbedReceive(char *buf, int sz, void *ctx);
+    int EmbedReceive(CYASSL *ssl, char *buf, int sz, void *ctx);
    CYASSL_LOCAL 
-    int EmbedSend(char *buf, int sz, void *ctx);
+    int EmbedSend(CYASSL *ssl, char *buf, int sz, void *ctx);
 #endif

 #ifdef CYASSL_DTLS
+    CYASSL_LOCAL
+    int EmbedReceiveFrom(CYASSL *ssl, char *buf, int sz, void *ctx);
+    CYASSL_LOCAL 
+    int EmbedSendTo(CYASSL *ssl, char *buf, int sz, void *ctx);
+    CYASSL_LOCAL
+    int EmbedGenerateCookie(byte *buf, int sz, void *ctx);
    CYASSL_LOCAL
    int IsUDP(void*);
 #endif
@@ -604,7 +713,15 @@ struct CYASSL_CIPHER {
 #ifdef SINGLE_THREADED
    typedef int CyaSSL_Mutex;
 #else /* MULTI_THREADED */
-    #ifdef USE_WINDOWS_API 
+    /* FREERTOS comes first to enable use of FreeRTOS Windows simulator only */
+    #ifdef FREERTOS
+        typedef xSemaphoreHandle CyaSSL_Mutex;
+    #elif defined(CYASSL_SAFERTOS)
+        typedef struct CyaSSL_Mutex {
+            signed char mutexBuffer[portQUEUE_OVERHEAD_BYTES];
+            xSemaphoreHandle mutex;
+        } CyaSSL_Mutex;
+    #elif defined(USE_WINDOWS_API)
        typedef CRITICAL_SECTION CyaSSL_Mutex;
    #elif defined(CYASSL_PTHREADS)
        typedef pthread_mutex_t CyaSSL_Mutex;
@@ -612,6 +729,10 @@ struct CYASSL_CIPHER {
        typedef TX_MUTEX CyaSSL_Mutex;
    #elif defined(MICRIUM)
        typedef OS_MUTEX CyaSSL_Mutex;
+    #elif defined(EBSNET)
+        typedef RTP_MUTEX CyaSSL_Mutex;
+    #elif defined(FREESCALE_MQX)
+        typedef MUTEX_STRUCT CyaSSL_Mutex;
    #else
        #error Need a mutex type in multithreaded mode
    #endif /* USE_WINDOWS_API */
@@ -624,6 +745,28 @@ CYASSL_LOCAL int UnLockMutex(CyaSSL_Mutex*);



+typedef struct OCSP_Entry OCSP_Entry;
+
+struct OCSP_Entry {
+    OCSP_Entry* next;                       /* next entry             */
+    byte    issuerHash[SHA_DIGEST_SIZE];    /* issuer hash            */ 
+    byte    issuerKeyHash[SHA_DIGEST_SIZE]; /* issuer public key hash */
+    CertStatus* status;                     /* OCSP response list     */
+    int         totalStatus;                /* number on list         */
+};
+
+
+/* CyaSSL OCSP controller */
+struct CYASSL_OCSP {
+    byte enabled;
+    byte useOverrideUrl;
+    char overrideName[80];
+    char overridePath[80];
+    int  overridePort;
+    OCSP_Entry* ocspList;
+};
+
+
 typedef struct CRL_Entry CRL_Entry;

 /* Complete CRL */
@@ -674,11 +817,24 @@ struct CYASSL_CERT_MANAGER {
 };


+/* CyaSSL Sock Addr */
+struct CYASSL_SOCKADDR {
+    unsigned int sz; /* sockaddr size */
+    void*        sa; /* pointer to the sockaddr_in or sockaddr_in6 */
+};
+
+typedef struct CYASSL_DTLS_CTX {
+    CYASSL_SOCKADDR peer;
+    int fd;
+} CYASSL_DTLS_CTX;
+
+
 /* CyaSSL context type */
 struct CYASSL_CTX {
    CYASSL_METHOD* method;
    CyaSSL_Mutex   countMutex;    /* reference count mutex */
    int         refCount;         /* reference count */
+#ifndef NO_CERTS
    buffer      certificate;
    buffer      certChain;
                 /* chain after self, in DER, with leading size for each cert */
@@ -686,6 +842,7 @@ struct CYASSL_CTX {
    buffer      serverDH_P;
    buffer      serverDH_G;
    CYASSL_CERT_MANAGER* cm;      /* our cert manager, ctx owns SSL will use */
+#endif
    Suites      suites;
    void*       heap;             /* for user memory overrides */
    byte        verifyPeer;
@@ -694,9 +851,10 @@ struct CYASSL_CTX {
    byte        sessionCacheOff;
    byte        sessionCacheFlushOff;
    byte        sendVerify;       /* for client side */
+    byte        haveRSA;          /* RSA available */
    byte        haveDH;           /* server DH parms set by user */
    byte        haveNTRU;         /* server private NTRU  key loaded */
-    byte        haveECDSA;        /* server cert signed w/ ECDSA loaded */
+    byte        haveECDSAsig;     /* server cert signed w/ ECDSA */
    byte        haveStaticECC;    /* static server ECC private key */
    byte        partialWrite;     /* only one msg per write call */
    byte        quietShutdown;    /* don't send close notify */
@@ -736,15 +894,17 @@ int DeriveTlsKeys(CYASSL* ssl);
 CYASSL_LOCAL
 int ProcessOldClientHello(CYASSL* ssl, const byte* input, word32* inOutIdx,
                          word32 inSz, word16 sz);
-CYASSL_LOCAL
-int AddCA(CYASSL_CERT_MANAGER* ctx, buffer der, int type, int verify);
-CYASSL_LOCAL
-int AlreadySigner(CYASSL_CERT_MANAGER* cm, byte* hash);
+#ifndef NO_CERTS
+    CYASSL_LOCAL
+    int AddCA(CYASSL_CERT_MANAGER* ctx, buffer der, int type, int verify);
+    CYASSL_LOCAL
+    int AlreadySigner(CYASSL_CERT_MANAGER* cm, byte* hash);
+#endif

 /* All cipher suite related info */
 typedef struct CipherSpecs {
    byte bulk_cipher_algorithm;
-    byte cipher_type;               /* block or stream */
+    byte cipher_type;               /* block, stream, or aead */
    byte mac_algorithm;
    byte kea;                       /* key exchange algo */
    byte sig_algo;
@@ -757,10 +917,12 @@ typedef struct CipherSpecs {
 } CipherSpecs;


+void InitCipherSpecs(CipherSpecs* cs);
+

 /* Supported Ciphers from page 43  */
 enum BulkCipherAlgorithm { 
-    cipher_null = 0,
+    cipher_null,
    rc4,
    rc2,
    des,
@@ -768,6 +930,7 @@ enum BulkCipherAlgorithm {
    des40,
    idea,
    aes,
+    aes_gcm,
    hc128,                  /* CyaSSL extensions */
    rabbit
 };
@@ -775,7 +938,7 @@ enum BulkCipherAlgorithm {

 /* Supported Message Authentication Codes from page 43 */
 enum MACAlgorithm { 
-    no_mac = 10,
+    no_mac,
    md5_mac,
    sha_mac,
    sha224_mac,
@@ -788,7 +951,7 @@ enum MACAlgorithm {

 /* Supported Key Exchange Protocols */
 enum KeyExchangeAlgorithm { 
-    no_kea = 20,
+    no_kea,
    rsa_kea, 
    diffie_hellman_kea, 
    fortezza_kea,
@@ -801,7 +964,7 @@ enum KeyExchangeAlgorithm {

 /* Supported Authentication Schemes */
 enum SignatureAlgorithm {
-    anonymous_sa_algo = 30,
+    anonymous_sa_algo,
    rsa_sa_algo,
    dsa_sa_algo,
    ecc_dsa_sa_algo
@@ -838,7 +1001,7 @@ enum ClientCertificateType {
 };


-enum CipherType { stream, block };
+enum CipherType { stream, block, aead };


 /* keys and secrets */
@@ -856,36 +1019,46 @@ typedef struct Keys {
 #ifdef CYASSL_DTLS
    word32 dtls_sequence_number;
    word32 dtls_peer_sequence_number;
+    word32 dtls_expected_peer_sequence_number;
    word16 dtls_handshake_number;
+    word16 dtls_peer_handshake_number;
+    word16 dtls_expected_peer_handshake_number;
    word16 dtls_epoch;
    word16 dtls_peer_epoch;
+    word16 dtls_expected_peer_epoch;
 #endif

    word32 encryptSz;             /* last size of encrypted data   */
    byte   encryptionOn;          /* true after change cipher spec */
+    byte   decryptedCur;          /* only decrypt current record once */
 } Keys;


 /* cipher for now */
-typedef union {
+typedef struct Ciphers {
 #ifdef BUILD_ARC4
-    Arc4   arc4;
+    Arc4*   arc4;
 #endif
 #ifdef BUILD_DES3
-    Des3   des3;
+    Des3*   des3;
 #endif
 #ifdef BUILD_AES
-    Aes    aes;
+    Aes*    aes;
 #endif
 #ifdef HAVE_HC128
-    HC128  hc128;
+    HC128*  hc128;
 #endif
 #ifdef BUILD_RABBIT
-    Rabbit rabbit;
+    Rabbit* rabbit;
 #endif
+    byte    setup;       /* have we set it up flag for detection */
 } Ciphers;


+CYASSL_LOCAL void InitCiphers(CYASSL* ssl);
+CYASSL_LOCAL void FreeCiphers(CYASSL* ssl);
+
+
 /* hashes type */
 typedef struct Hashes {
    byte md5[MD5_DIGEST_SIZE];
@@ -965,15 +1138,17 @@ enum AcceptState {


 typedef struct Buffers {
+#ifndef NO_CERTS
    buffer          certificate;            /* CYASSL_CTX owns, unless we own */
    buffer          key;                    /* CYASSL_CTX owns, unless we own */
    buffer          certChain;              /* CYASSL_CTX owns */
                 /* chain after self, in DER, with leading size for each cert */
-    buffer          domainName;             /* for client check */
    buffer          serverDH_P;             /* CYASSL_CTX owns, unless we own */
    buffer          serverDH_G;             /* CYASSL_CTX owns, unless we own */
    buffer          serverDH_Pub;
    buffer          serverDH_Priv;
+#endif
+    buffer          domainName;             /* for client check */
    bufferStatic    inputBuffer;
    bufferStatic    outputBuffer;
    buffer          clearOutputBuffer;
@@ -984,6 +1159,12 @@ typedef struct Buffers {
    byte            weOwnCert;             /* SSL own cert flag */
    byte            weOwnKey;              /* SSL own key  flag */
    byte            weOwnDH;               /* SSL own dh (p,g)  flag */
+#ifdef CYASSL_DTLS
+    buffer          dtlsHandshake;         /* DTLS handshake defragment buf */
+    word32          dtlsUsed;              /* DTLS bytes used in buffer */
+    byte            dtlsType;              /* DTLS handshake frag type */
+    CYASSL_DTLS_CTX dtlsCtx;               /* DTLS connection context */
+#endif
 } Buffers;


@@ -1013,9 +1194,10 @@ typedef struct Options {
    byte            connectState;       /* nonblocking resume */
    byte            acceptState;        /* nonblocking resume */
    byte            usingCompression;   /* are we using compression */
+    byte            haveRSA;            /* RSA available */
    byte            haveDH;             /* server DH parms set by user */
    byte            haveNTRU;           /* server NTRU  private key loaded */
-    byte            haveECDSA;          /* server ECDSA signed cert */
+    byte            haveECDSAsig;       /* server ECDSA signed cert */
    byte            haveStaticECC;      /* static server ECC private key */
    byte            havePeerCert;       /* do we have peer's cert */
    byte            usingPSK_cipher;    /* whether we're using psk as cipher */
@@ -1025,6 +1207,9 @@ typedef struct Options {
    byte            quietShutdown;      /* don't send close notify */
    byte            certOnly;           /* stop once we get cert */
    byte            groupMessages;      /* group handshake messages */
+    byte            usingNonblock;      /* set when using nonblocking socket */
+    byte            saveArrays;         /* save array Memory for user get keys
+                                           or psk */
 #ifndef NO_PSK
    byte            havePSK;            /* psk key set by user */
    psk_client_callback client_psk_cb;
@@ -1041,6 +1226,7 @@ typedef struct Arrays {
    byte            masterSecret[SECRET_LEN];
 #ifdef CYASSL_DTLS
    byte            cookie[MAX_COOKIE_LEN];
+    byte            cookieSz;
 #endif
 #ifndef NO_PSK
    char            client_identity[MAX_PSK_ID_LEN];
@@ -1065,6 +1251,8 @@ struct CYASSL_X509 {
    byte             serial[EXTERNAL_SERIAL_SIZE];
    char             subjectCN[ASN_NAME_MAX];        /* common name short cut */
    buffer           derCert;                        /* may need  */
+    DNS_entry*       altNames;                       /* alt names list */
+    DNS_entry*       altNamesNext;                   /* hint for retrieval */
 };


@@ -1086,38 +1274,51 @@ typedef struct DtlsRecordLayerHeader {
 } DtlsRecordLayerHeader;


+typedef struct DtlsPool {
+    buffer          buf[DTLS_POOL_SZ];
+    int             used;
+} DtlsPool;
+
+
 /* CyaSSL ssl type */
 struct CYASSL {
    CYASSL_CTX*     ctx;
    int             error;
    ProtocolVersion version;            /* negotiated version */
    ProtocolVersion chVersion;          /* client hello version */
-    Suites          suites;
+    Suites*         suites;             /* only need during handshake */
    Ciphers         encrypt;
    Ciphers         decrypt;
    CipherSpecs     specs;
    Keys            keys;
    int             rfd;                /* read  file descriptor */
    int             wfd;                /* write file descriptor */
+    int             rflags;             /* user read  flags */
+    int             wflags;             /* user write flags */
    CYASSL_BIO*     biord;              /* socket bio read  to free/close */
    CYASSL_BIO*     biowr;              /* socket bio write to free/close */
    void*           IOCB_ReadCtx;
    void*           IOCB_WriteCtx;
-    RNG             rng;
+    RNG*            rng;
    Md5             hashMd5;            /* md5 hash of handshake msgs */
    Sha             hashSha;            /* sha hash of handshake msgs */
 #ifndef NO_SHA256
    Sha256          hashSha256;         /* sha256 hash of handshake msgs */
+#endif
+#ifdef CYASSL_SHA384
+    Sha384          hashSha384;         /* sha384 hash of handshake msgs */
 #endif
    Hashes          verifyHashes;
    Hashes          certHashes;         /* for cert verify */
    Buffers         buffers;
    Options         options;
-    Arrays          arrays;
+    Arrays*         arrays;
    CYASSL_SESSION  session;
    VerifyCallback  verifyCallback;      /* cert verification callback */
-    RsaKey          peerRsaKey;
+#ifndef NO_RSA
+    RsaKey*         peerRsaKey;
    byte            peerRsaKeyPresent;
+#endif
 #ifdef HAVE_NTRU
    word16          peerNtruKeyLen;
    byte            peerNtruKey[MAX_NTRU_PUB_KEY_SZ];
@@ -1145,6 +1346,10 @@ struct CYASSL {
    z_stream        d_stream;           /* decompression stream */
    byte            didStreamInit;      /* for stream init and end */
 #endif
+#ifdef CYASSL_DTLS
+    int             dtls_timeout;
+    DtlsPool*       dtls_pool;
+#endif
 #ifdef CYASSL_CALLBACKS
    HandShakeInfo   handShakeInfo;      /* info saved during handshake */
    TimeoutInfo     timeoutInfo;        /* info saved during handshake */
@@ -1169,7 +1374,7 @@ CYASSL_API void SSL_ResourceFree(CYASSL*);   /* Micrium uses */

 enum {
    IV_SZ   = 32,          /* max iv sz */
-    NAME_SZ = 80,          /* max one line */
+    NAME_SZ = 80          /* max one line */
 };


@@ -1182,13 +1387,16 @@ typedef struct EncryptedInfo {
    CYASSL_CTX* ctx;              /* CTX owner */
 } EncryptedInfo;

-CYASSL_LOCAL int PemToDer(const unsigned char* buff, long sz, int type,
-                          buffer* der, void* heap, EncryptedInfo* info,
-                          int* eccKey);

-CYASSL_LOCAL int ProcessFile(CYASSL_CTX* ctx, const char* fname, int format,
-                             int type, CYASSL* ssl, int userChain,
-                            CYASSL_CRL* crl);
+#ifndef NO_CERTS
+    CYASSL_LOCAL int PemToDer(const unsigned char* buff, long sz, int type,
+                              buffer* der, void* heap, EncryptedInfo* info,
+                              int* eccKey);
+
+    CYASSL_LOCAL int ProcessFile(CYASSL_CTX* ctx, const char* fname, int format,
+                                 int type, CYASSL* ssl, int userChain,
+                                CYASSL_CRL* crl);
+#endif


 #ifdef CYASSL_CALLBACKS
@@ -1245,6 +1453,7 @@ enum HandShakeType {
    client_hello        = 1, 
    server_hello        = 2,
    hello_verify_request = 3,       /* DTLS addition */
+    session_ticket      =  4,
    certificate         = 11, 
    server_key_exchange = 12,
    certificate_request = 13, 
@@ -1282,7 +1491,8 @@ enum IOerrors {
    IO_ERR_WANT_WRITE = -2,     /* need to call write again */
    IO_ERR_CONN_RST   = -3,     /* connection reset */
    IO_ERR_ISR        = -4,     /* interrupt */
-    IO_ERR_CONN_CLOSE = -5      /* connection closed or epipe */
+    IO_ERR_CONN_CLOSE = -5,     /* connection closed or epipe */
+    IO_ERR_TIMEOUT    = -6      /* socket timeout */
 };


@@ -1321,12 +1531,18 @@ CYASSL_LOCAL int  StoreKeys(CYASSL* ssl, const byte* keyData);
 CYASSL_LOCAL int IsTLS(const CYASSL* ssl);
 CYASSL_LOCAL int IsAtLeastTLSv1_2(const CYASSL* ssl);

+CYASSL_LOCAL void FreeHandshakeResources(CYASSL* ssl);
 CYASSL_LOCAL void ShrinkInputBuffer(CYASSL* ssl, int forcedFree);
 CYASSL_LOCAL void ShrinkOutputBuffer(CYASSL* ssl);
-CYASSL_LOCAL int SendHelloVerifyRequest(CYASSL* ssl);
-CYASSL_LOCAL Signer* GetCA(void* cm, byte* hash);
+#ifndef NO_CERTS
+    CYASSL_LOCAL Signer* GetCA(void* cm, byte* hash);
+#endif
 CYASSL_LOCAL void BuildTlsFinished(CYASSL* ssl, Hashes* hashes,
                                   const byte* sender);
+CYASSL_LOCAL void FreeArrays(CYASSL* ssl, int keep);
+CYASSL_LOCAL  int CheckAvalaibleSize(CYASSL *ssl, int size);
+CYASSL_LOCAL  int GrowInputBuffer(CYASSL* ssl, int size, int usedLength);
+
 #ifndef NO_TLS
    CYASSL_LOCAL int  MakeTlsMasterSecret(CYASSL*);
    CYASSL_LOCAL void TLS_hmac(CYASSL* ssl, byte* digest, const byte* buffer,
@@ -1347,6 +1563,13 @@ CYASSL_LOCAL void BuildTlsFinished(CYASSL* ssl, Hashes* hashes,
    #endif
 #endif /* NO_CYASSL_SERVER */

+#ifdef CYASSL_DTLS
+    CYASSL_LOCAL int  DtlsPoolInit(CYASSL*);
+    CYASSL_LOCAL int  DtlsPoolSave(CYASSL*, const byte*, int);
+    CYASSL_LOCAL int  DtlsPoolTimeout(CYASSL*);
+    CYASSL_LOCAL int  DtlsPoolSend(CYASSL*);
+    CYASSL_LOCAL void DtlsPoolReset(CYASSL*);
+#endif /* CYASSL_DTLS */

 #ifndef NO_TLS
    
--- a/cyassl/ocsp.h
+++ b/cyassl/ocsp.h
@@ -26,38 +26,18 @@
 #define CYASSL_OCSP_H


+#include <cyassl/ssl.h>
 #include <cyassl/ctaocrypt/asn.h>

-
 #ifdef __cplusplus
    extern "C" {
 #endif

 typedef struct CYASSL_OCSP CYASSL_OCSP;
-typedef struct CertStatus CertStatus;
-
-struct CertStatus {
-    byte issuerHash[SHA_SIZE];
-    byte issuerKeyHash[SHA_SIZE];
-    byte serial[EXTERNAL_SERIAL_SIZE];
-    int serialSz;
-    int status;
-};
-
-struct CYASSL_OCSP {
-    byte enabled;
-    byte useOverrideUrl;
-    char overrideName[80];
-    char overridePath[80];
-    int  overridePort;
-    int statusLen;
-    CertStatus status[1];
-};
-
-

 CYASSL_LOCAL int  CyaSSL_OCSP_Init(CYASSL_OCSP*);
 CYASSL_LOCAL void CyaSSL_OCSP_Cleanup(CYASSL_OCSP*);
+
 CYASSL_LOCAL int  CyaSSL_OCSP_set_override_url(CYASSL_OCSP*, const char*);
 CYASSL_LOCAL int  CyaSSL_OCSP_Lookup_Cert(CYASSL_OCSP*, DecodedCert*);

--- a/cyassl/sniffer_error.h
+++ b/cyassl/sniffer_error.h
@@ -90,9 +90,17 @@
 #define OUT_OF_ORDER_STR 57
 #define OVERLAP_DUPLICATE_STR 58
 #define OVERLAP_REASSEMBLY_BEGIN_STR 59
-
 #define OVERLAP_REASSEMBLY_END_STR 60
+
 #define MISSED_CLIENT_HELLO_STR 61
+#define GOT_HELLO_REQUEST_STR 62
+#define GOT_SESSION_TICKET_STR 63
+#define BAD_INPUT_STR 64
+#define BAD_DECRYPT_TYPE 65
+#define BAD_FINISHED_MSG 66
+#define BAD_COMPRESSION_STR 67
+#define BAD_DERIVE_STR 68
+#define ACK_MISSED_STR 69

 /* !!!! also add to msgTable in sniffer.c and .rc file !!!! */

--- a/cyassl/sniffer_error.rc
+++ b/cyassl/sniffer_error.rc
@@ -74,5 +74,14 @@ STRINGTABLE
    60, "Received an Overlap Reassembly End Duplicate Packet"
    
    61, "Missed the Client Hello Entirely"
+    62, "Got Hello Request msg"
+    63, "Got Session Ticket msg"
+    64, "Bad Input"
+    65, "Bad Decrypt Type"
+
+    66, "Bad Finished Message Processing"
+    67, "Bad Compression Type"
+    68, "Bad DeriveKeys Error"
+    69, "Saw ACK for Missing Packet Error"
 }

--- a/cyassl/ssl.h
+++ b/cyassl/ssl.h
@@ -32,7 +32,11 @@


 #ifndef NO_FILESYSTEM
-    #include <stdio.h>   /* ERR_printf */
+    #ifdef FREESCALE_MQX
+        #include <fio.h>
+    #else
+        #include <stdio.h>   /* ERR_printf */
+    #endif
 #endif

 #ifdef YASSL_PREFIX
@@ -66,6 +70,7 @@ typedef struct CYASSL_X509_NAME  CYASSL_X509_NAME;
 typedef struct CYASSL_X509_CHAIN CYASSL_X509_CHAIN;

 typedef struct CYASSL_CERT_MANAGER CYASSL_CERT_MANAGER;
+typedef struct CYASSL_SOCKADDR     CYASSL_SOCKADDR;

 /* redeclare guard */
 #define CYASSL_TYPES_DEFINED
@@ -146,7 +151,7 @@ CYASSL_API CYASSL_METHOD *CyaTLSv1_2_client_method(void);
    CYASSL_API CYASSL_METHOD *CyaDTLSv1_server_method(void);
 #endif

-#ifndef NO_FILESYSTEM
+#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)

 CYASSL_API int CyaSSL_CTX_use_certificate_file(CYASSL_CTX*, const char*, int);
 CYASSL_API int CyaSSL_CTX_use_PrivateKey_file(CYASSL_CTX*, const char*, int);
@@ -173,12 +178,14 @@ CYASSL_API int CyaSSL_use_RSAPrivateKey_file(CYASSL*, const char*, int);

 CYASSL_API int CyaSSL_PemCertToDer(const char*, unsigned char*, int);

-#endif /* NO_FILESYSTEM */
+#endif /* !NO_FILESYSTEM && !NO_CERTS */

 CYASSL_API CYASSL_CTX* CyaSSL_CTX_new(CYASSL_METHOD*);
 CYASSL_API CYASSL* CyaSSL_new(CYASSL_CTX*);
 CYASSL_API int  CyaSSL_set_fd (CYASSL*, int);
 CYASSL_API int  CyaSSL_get_fd(const CYASSL*);
+CYASSL_API void CyaSSL_set_using_nonblock(CYASSL*, int);
+CYASSL_API int  CyaSSL_get_using_nonblock(CYASSL*);
 CYASSL_API int  CyaSSL_connect(CYASSL*);     /* please see note at top of README
                                             if you get an error from connect */
 CYASSL_API int  CyaSSL_write(CYASSL*, const void*, int);
@@ -187,6 +194,8 @@ CYASSL_API int  CyaSSL_accept(CYASSL*);
 CYASSL_API void CyaSSL_CTX_free(CYASSL_CTX*);
 CYASSL_API void CyaSSL_free(CYASSL*);
 CYASSL_API int  CyaSSL_shutdown(CYASSL*);
+CYASSL_API int  CyaSSL_send(CYASSL*, const void*, int sz, int flags);
+CYASSL_API int  CyaSSL_recv(CYASSL*, void*, int sz, int flags);

 CYASSL_API void CyaSSL_CTX_set_quiet_shutdown(CYASSL_CTX*, int);
 CYASSL_API void CyaSSL_set_quiet_shutdown(CYASSL*, int);
@@ -215,6 +224,14 @@ CYASSL_API long CyaSSL_CTX_set_session_cache_mode(CYASSL_CTX*, long);
 CYASSL_API int  CyaSSL_CTX_set_cipher_list(CYASSL_CTX*, const char*);
 CYASSL_API int  CyaSSL_set_cipher_list(CYASSL*, const char*);

+/* Nonblocking DTLS helper functions */
+CYASSL_API int  CyaSSL_dtls_get_current_timeout(CYASSL* ssl);
+CYASSL_API int  CyaSSL_dtls_got_timeout(CYASSL* ssl);
+CYASSL_API int  CyaSSL_dtls(CYASSL* ssl);
+
+CYASSL_API int  CyaSSL_dtls_set_peer(CYASSL*, void*, unsigned int);
+CYASSL_API int  CyaSSL_dtls_get_peer(CYASSL*, void*, unsigned int*);
+
 CYASSL_API int   CyaSSL_ERR_GET_REASON(int err);
 CYASSL_API char* CyaSSL_ERR_error_string(unsigned long,char*);
 CYASSL_API void  CyaSSL_ERR_error_string_n(unsigned long e, char* buf,
@@ -601,8 +618,9 @@ CYASSL_API int  CyaSSL_RAND_status(void);
 CYASSL_API int  CyaSSL_RAND_bytes(unsigned char* buf, int num);
 CYASSL_API CYASSL_METHOD *CyaSSLv23_server_method(void);
 CYASSL_API long CyaSSL_CTX_set_options(CYASSL_CTX*, long);
-CYASSL_API int  CyaSSL_CTX_check_private_key(CYASSL_CTX*);
-
+#ifndef NO_CERTS
+  CYASSL_API int  CyaSSL_CTX_check_private_key(CYASSL_CTX*);
+#endif /* !NO_CERTS */

 CYASSL_API void CyaSSL_ERR_free_strings(void);
 CYASSL_API void CyaSSL_ERR_remove_state(unsigned long);
@@ -640,8 +658,8 @@ CYASSL_API void  CyaSSL_CTX_sess_set_remove_cb(CYASSL_CTX*,
                                       void (*f)(CYASSL_CTX*, CYASSL_SESSION*));

 CYASSL_API int          CyaSSL_i2d_SSL_SESSION(CYASSL_SESSION*,unsigned char**);
-CYASSL_API CYASSL_SESSION* CyaSSL_d2i_SSL_SESSION(CYASSL_SESSION**,const unsigned char**,
-                                        long);
+CYASSL_API CYASSL_SESSION* CyaSSL_d2i_SSL_SESSION(CYASSL_SESSION**,
+                                                   const unsigned char**, long);

 CYASSL_API long CyaSSL_SESSION_get_timeout(const CYASSL_SESSION*);
 CYASSL_API long CyaSSL_SESSION_get_time(const CYASSL_SESSION*);
@@ -692,9 +710,13 @@ CYASSL_API const unsigned char* CyaSSL_X509_get_der(CYASSL_X509*, int*);

 CYASSL_API int CyaSSL_cmp_peer_cert_to_file(CYASSL*, const char*);

+CYASSL_API char* CyaSSL_X509_get_next_altname(CYASSL_X509*);
+
 /* connect enough to get peer cert */
 CYASSL_API int  CyaSSL_connect_cert(CYASSL* ssl);

+/* XXX This should be #ifndef NO_DH */
+#ifndef NO_CERTS
 /* server Diffie-Hellman parameters */
 CYASSL_API int  CyaSSL_SetTmpDH(CYASSL*, const unsigned char* p, int pSz,
                                const unsigned char* g, int gSz);
@@ -715,8 +737,10 @@ CYASSL_API int  CyaSSL_CTX_SetTmpEC_DHE_Sz(CYASSL_CTX*, unsigned short);
    CYASSL_API int  CyaSSL_CTX_SetTmpDH_file(CYASSL_CTX*, const char* f,
                                             int format);
 #endif
+#endif

 /* keyblock size in bytes or -1 */
+/* need to call CyaSSL_KeepArrays before handshake to save keys */
 CYASSL_API int CyaSSL_get_keyblock_size(CYASSL*);
 CYASSL_API int CyaSSL_get_keys(CYASSL*,unsigned char** ms, unsigned int* msLen,
                                       unsigned char** sr, unsigned int* srLen,
@@ -737,75 +761,100 @@ CYASSL_API int CyaSSL_get_keys(CYASSL*,unsigned char** ms, unsigned int* msLen,
 #endif


-/* SSL_CTX versions */
-CYASSL_API int CyaSSL_CTX_load_verify_buffer(CYASSL_CTX*, const unsigned char*,
-                                             long, int);
-CYASSL_API int CyaSSL_CTX_use_certificate_buffer(CYASSL_CTX*,
+#ifndef NO_CERTS
+    /* SSL_CTX versions */
+    CYASSL_API int CyaSSL_CTX_load_verify_buffer(CYASSL_CTX*, 
                                               const unsigned char*, long, int);
-CYASSL_API int CyaSSL_CTX_use_PrivateKey_buffer(CYASSL_CTX*,
+    CYASSL_API int CyaSSL_CTX_use_certificate_buffer(CYASSL_CTX*,
                                               const unsigned char*, long, int);
-CYASSL_API int CyaSSL_CTX_use_certificate_chain_buffer(CYASSL_CTX*, 
+    CYASSL_API int CyaSSL_CTX_use_PrivateKey_buffer(CYASSL_CTX*,
+                                               const unsigned char*, long, int);
+    CYASSL_API int CyaSSL_CTX_use_certificate_chain_buffer(CYASSL_CTX*, 
                                                    const unsigned char*, long);
-CYASSL_API int CyaSSL_CTX_set_group_messages(CYASSL_CTX*);

-/* SSL versions */
-CYASSL_API int CyaSSL_use_certificate_buffer(CYASSL*, const unsigned char*,
-                                             long, int);
-CYASSL_API int CyaSSL_use_PrivateKey_buffer(CYASSL*, const unsigned char*, long,
-                                            int);
-CYASSL_API int CyaSSL_use_certificate_chain_buffer(CYASSL*, 
-                                                    const unsigned char*, long);
+    /* SSL versions */
+    CYASSL_API int CyaSSL_use_certificate_buffer(CYASSL*, const unsigned char*,
+                                               long, int);
+    CYASSL_API int CyaSSL_use_PrivateKey_buffer(CYASSL*, const unsigned char*,
+                                               long, int);
+    CYASSL_API int CyaSSL_use_certificate_chain_buffer(CYASSL*, 
+                                               const unsigned char*, long);
+#endif
+
+CYASSL_API int CyaSSL_CTX_set_group_messages(CYASSL_CTX*);
 CYASSL_API int CyaSSL_set_group_messages(CYASSL*);

 /* I/O callbacks */
-typedef int (*CallbackIORecv)(char *buf, int sz, void *ctx);
-typedef int (*CallbackIOSend)(char *buf, int sz, void *ctx);
+typedef int (*CallbackIORecv)(CYASSL *ssl, char *buf, int sz, void *ctx);
+typedef int (*CallbackIOSend)(CYASSL *ssl, char *buf, int sz, void *ctx);

 CYASSL_API void CyaSSL_SetIORecv(CYASSL_CTX*, CallbackIORecv);
 CYASSL_API void CyaSSL_SetIOSend(CYASSL_CTX*, CallbackIOSend);

-CYASSL_API void CyaSSL_SetIOReadCtx(CYASSL* ssl, void *ctx);
+CYASSL_API void CyaSSL_SetIOReadCtx( CYASSL* ssl, void *ctx);
 CYASSL_API void CyaSSL_SetIOWriteCtx(CYASSL* ssl, void *ctx);

+CYASSL_API void CyaSSL_SetIOReadFlags( CYASSL* ssl, int flags);
+CYASSL_API void CyaSSL_SetIOWriteFlags(CYASSL* ssl, int flags);
+
 /* CA cache callbacks */
 enum {
+    CYASSL_SSLV3    = 0,
+    CYASSL_TLSV1    = 1,
+    CYASSL_TLSV1_1  = 2,
+    CYASSL_TLSV1_2  = 3,
    CYASSL_USER_CA  = 1,          /* user added as trusted */
    CYASSL_CHAIN_CA = 2           /* added to cache from trusted chain */
 };

+CYASSL_API int CyaSSL_GetObjectSize(void);  /* object size based on build */
+CYASSL_API int CyaSSL_SetVersion(CYASSL* ssl, int version);
 CYASSL_API int CyaSSL_KeyPemToDer(const unsigned char*, int sz, unsigned char*,
                                  int, const char*);

 typedef void (*CallbackCACache)(unsigned char* der, int sz, int type);
 typedef void (*CbMissingCRL)(const char* url);

-CYASSL_API void CyaSSL_CTX_SetCACb(CYASSL_CTX*, CallbackCACache);

+#ifndef NO_CERTS
+	CYASSL_API void CyaSSL_CTX_SetCACb(CYASSL_CTX*, CallbackCACache);

-CYASSL_API CYASSL_CERT_MANAGER* CyaSSL_CertManagerNew(void);
-CYASSL_API void                 CyaSSL_CertManagerFree(CYASSL_CERT_MANAGER*);
+    CYASSL_API CYASSL_CERT_MANAGER* CyaSSL_CertManagerNew(void);
+    CYASSL_API void CyaSSL_CertManagerFree(CYASSL_CERT_MANAGER*);

-CYASSL_API int CyaSSL_CertManagerLoadCA(CYASSL_CERT_MANAGER*, const char* f,
-                                        const char* d);
-CYASSL_API int CyaSSL_CertManagerVerify(CYASSL_CERT_MANAGER*, const char* f,
-                                        int format);
-CYASSL_API int CyaSSL_CertManagerCheckCRL(CYASSL_CERT_MANAGER*, unsigned char*,
-                                          int sz);
-CYASSL_API int CyaSSL_CertManagerEnableCRL(CYASSL_CERT_MANAGER*, int options);
-CYASSL_API int CyaSSL_CertManagerDisableCRL(CYASSL_CERT_MANAGER*);
-CYASSL_API int CyaSSL_CertManagerLoadCRL(CYASSL_CERT_MANAGER*, const char*, int,
-                                         int);
-CYASSL_API int CyaSSL_CertManagerSetCRL_Cb(CYASSL_CERT_MANAGER*, CbMissingCRL);
+    CYASSL_API int CyaSSL_CertManagerLoadCA(CYASSL_CERT_MANAGER*, const char* f,
+                                                                 const char* d);
+    CYASSL_API int CyaSSL_CertManagerVerify(CYASSL_CERT_MANAGER*, const char* f,
+                                                                    int format);
+    CYASSL_API int CyaSSL_CertManagerVerifyBuffer(CYASSL_CERT_MANAGER* cm,
+                                 const unsigned char* buff, int sz, int format);
+    CYASSL_API int CyaSSL_CertManagerCheckCRL(CYASSL_CERT_MANAGER*,
+                                                        unsigned char*, int sz);
+    CYASSL_API int CyaSSL_CertManagerEnableCRL(CYASSL_CERT_MANAGER*,
+                                                                   int options);
+    CYASSL_API int CyaSSL_CertManagerDisableCRL(CYASSL_CERT_MANAGER*);
+    CYASSL_API int CyaSSL_CertManagerLoadCRL(CYASSL_CERT_MANAGER*, const char*,
+                                                                      int, int);
+    CYASSL_API int CyaSSL_CertManagerSetCRL_Cb(CYASSL_CERT_MANAGER*,
+                                                                  CbMissingCRL);

-CYASSL_API int CyaSSL_EnableCRL(CYASSL* ssl, int options);
-CYASSL_API int CyaSSL_DisableCRL(CYASSL* ssl);
-CYASSL_API int CyaSSL_LoadCRL(CYASSL*, const char*, int, int);
-CYASSL_API int CyaSSL_SetCRL_Cb(CYASSL*, CbMissingCRL);
+    CYASSL_API int CyaSSL_EnableCRL(CYASSL* ssl, int options);
+    CYASSL_API int CyaSSL_DisableCRL(CYASSL* ssl);
+    CYASSL_API int CyaSSL_LoadCRL(CYASSL*, const char*, int, int);
+    CYASSL_API int CyaSSL_SetCRL_Cb(CYASSL*, CbMissingCRL);
+
+    CYASSL_API int CyaSSL_CTX_EnableCRL(CYASSL_CTX* ctx, int options);
+    CYASSL_API int CyaSSL_CTX_DisableCRL(CYASSL_CTX* ctx);
+    CYASSL_API int CyaSSL_CTX_LoadCRL(CYASSL_CTX*, const char*, int, int);
+    CYASSL_API int CyaSSL_CTX_SetCRL_Cb(CYASSL_CTX*, CbMissingCRL);
+#endif /* !NO_CERTS */
+
+/* end of handshake frees temporary arrays, if user needs for get_keys or
+   psk hints, call KeepArrays before handshake and then FreeArrays when done
+   if don't want to wait for object free */
+CYASSL_API void CyaSSL_KeepArrays(CYASSL*);
+CYASSL_API void CyaSSL_FreeArrays(CYASSL*);

-CYASSL_API int CyaSSL_CTX_EnableCRL(CYASSL_CTX* ctx, int options);
-CYASSL_API int CyaSSL_CTX_DisableCRL(CYASSL_CTX* ctx);
-CYASSL_API int CyaSSL_CTX_LoadCRL(CYASSL_CTX*, const char*, int, int);
-CYASSL_API int CyaSSL_CTX_SetCRL_Cb(CYASSL_CTX*, CbMissingCRL);

 #define CYASSL_CRL_MONITOR   0x01   /* monitor this dir flag */
 #define CYASSL_CRL_START_MON 0x02   /* start monitoring flag */
--- a/cyassl/test.h
+++ b/cyassl/test.h
@@ -7,6 +7,7 @@
 #include <stdlib.h>
 #include <assert.h>
 #include <ctype.h>
+#include <cyassl/ssl.h>
 #include <cyassl/ctaocrypt/types.h>

 #ifdef USE_WINDOWS_API 
@@ -16,7 +17,7 @@
 	    #include <ws2tcpip.h>
        #include <wspiapi.h>
    #endif
-    #define SOCKET_T int
+    #define SOCKET_T unsigned int
 #else
    #include <string.h>
    #include <unistd.h>
@@ -29,13 +30,14 @@
    #include <sys/types.h>
    #include <sys/socket.h>
    #include <pthread.h>
-    #ifdef NON_BLOCKING
-        #include <fcntl.h>
-    #endif
+    #include <fcntl.h>
    #ifdef TEST_IPV6
        #include <netdb.h>
    #endif
-    #define SOCKET_T unsigned int
+    #define SOCKET_T int
+    #ifndef SO_NOSIGPIPE
+        #include <signal.h>  /* ignore SIGPIPE */
+    #endif
 #endif /* USE_WINDOWS_API */

 #ifdef _MSC_VER
@@ -44,6 +46,7 @@
    #pragma warning(disable:4244 4996)
 #endif

+
 #if defined(__MACH__) || defined(USE_WINDOWS_API)
    #ifndef _SOCKLEN_T
        typedef int socklen_t;
@@ -96,20 +99,23 @@
 #endif
   

+#define SERVER_DEFAULT_VERSION 3
+#define CLIENT_DEFAULT_VERSION 3
+
 /* all certs relative to CyaSSL home directory now */
-static const char* caCert   = "./certs/ca-cert.pem";
-static const char* eccCert  = "./certs/server-ecc.pem";
-static const char* eccKey   = "./certs/ecc-key.pem";
-static const char* svrCert  = "./certs/server-cert.pem";
-static const char* svrKey   = "./certs/server-key.pem";
-static const char* cliCert  = "./certs/client-cert.pem";
-static const char* cliKey   = "./certs/client-key.pem";
-static const char* ntruCert = "./certs/ntru-cert.pem";
-static const char* ntruKey  = "./certs/ntru-key.raw";
-static const char* dhParam  = "./certs/dh2048.pem";
-static const char* cliEccKey  = "./certs/ecc-client-key.pem";
-static const char* cliEccCert = "./certs/client-ecc-cert.pem";
-static const char* crlPemDir  = "./certs/crl";
+#define caCert     "./certs/ca-cert.pem"
+#define eccCert    "./certs/server-ecc.pem"
+#define eccKey     "./certs/ecc-key.pem"
+#define svrCert    "./certs/server-cert.pem"
+#define svrKey     "./certs/server-key.pem"
+#define cliCert    "./certs/client-cert.pem"
+#define cliKey     "./certs/client-key.pem"
+#define ntruCert   "./certs/ntru-cert.pem"
+#define ntruKey    "./certs/ntru-key.raw"
+#define dhParam    "./certs/dh2048.pem"
+#define cliEccKey  "./certs/ecc-client-key.pem"
+#define cliEccCert "./certs/client-ecc-cert.pem"
+#define crlPemDir  "./certs/crl"

 typedef struct tcp_ready {
    int ready;              /* predicate */
@@ -131,6 +137,7 @@ typedef struct func_args {
    tcp_ready* signal;
 } func_args;

+void wait_tcp_ready(func_args*);

 typedef THREAD_RETURN CYASSL_THREAD THREAD_FUNC(void*);

@@ -145,14 +152,86 @@ static const word16      yasslPort = 11111;
 static INLINE void err_sys(const char* msg)
 {
    printf("yassl error: %s\n", msg);
-    exit(EXIT_FAILURE);
+    if (msg)
+        exit(EXIT_FAILURE);
+}
+
+
+#define MY_EX_USAGE 2
+
+extern int   myoptind;
+extern char* myoptarg;
+
+static INLINE int mygetopt(int argc, char** argv, const char* optstring)
+{
+    static char* next = NULL;
+
+    char  c;
+    char* cp;
+
+    if (myoptind == 0)
+        next = NULL;   /* we're starting new/over */
+
+    if (next == NULL || *next == '\0') {
+        if (myoptind == 0)
+            myoptind++;
+
+        if (myoptind >= argc || argv[myoptind][0] != '-' ||
+                                argv[myoptind][1] == '\0') {
+            myoptarg = NULL;
+            if (myoptind < argc)
+                myoptarg = argv[myoptind];
+
+            return -1;
+        }
+
+        if (strcmp(argv[myoptind], "--") == 0) {
+            myoptind++;
+            myoptarg = NULL;
+
+            if (myoptind < argc)
+                myoptarg = argv[myoptind];
+
+            return -1;
+        }
+
+        next = argv[myoptind];
+        next++;                  /* skip - */
+        myoptind++;
+    }
+
+    c  = *next++;
+    /* The C++ strchr can return a different value */
+    cp = (char*)strchr(optstring, c);
+
+    if (cp == NULL || c == ':') 
+        return '?';
+
+    cp++;
+
+    if (*cp == ':') {
+        if (*next != '\0') {
+            myoptarg = next;
+            next     = NULL;
+        }
+        else if (myoptind < argc) {
+            myoptarg = argv[myoptind];
+            myoptind++;
+        }
+        else 
+            return '?';
+    }
+
+    return c;
 }


 #ifdef OPENSSL_EXTRA

-static int PasswordCallBack(char* passwd, int sz, int rw, void* userdata)
+static INLINE int PasswordCallBack(char* passwd, int sz, int rw, void* userdata)
 {
+    (void)rw;
+    (void)userdata;
    strncpy(passwd, "yassl123", sz);
    return 8;
 }
@@ -167,6 +246,7 @@ static INLINE void showPeer(CYASSL* ssl)
    CYASSL_CIPHER* cipher;
    CYASSL_X509*   peer = CyaSSL_get_peer_certificate(ssl);
    if (peer) {
+        char* altName;
        char* issuer  = CyaSSL_X509_NAME_oneline(
                                       CyaSSL_X509_get_issuer_name(peer), 0, 0);
        char* subject = CyaSSL_X509_NAME_oneline(
@@ -177,6 +257,10 @@ static INLINE void showPeer(CYASSL* ssl)
        
        printf("peer's cert info:\n issuer : %s\n subject: %s\n", issuer,
                                                                  subject);
+
+        while ( (altName = CyaSSL_X509_get_next_altname(peer)) )
+            printf(" altname = %s\n", altName);
+
        ret = CyaSSL_X509_get_serial_number(peer, serial, &sz);
        if (ret == 0) {
            int  i;
@@ -204,8 +288,8 @@ static INLINE void showPeer(CYASSL* ssl)

 #if defined(SESSION_CERTS) && defined(SHOW_CERTS)
    {
-        X509_CHAIN* chain = CyaSSL_get_peer_chain(ssl);
-        int         count = CyaSSL_get_chain_count(chain);
+        CYASSL_X509_CHAIN* chain = CyaSSL_get_peer_chain(ssl);
+        int                count = CyaSSL_get_chain_count(chain);
        int i;

        for (i = 0; i < count; i++) {
@@ -218,12 +302,12 @@ static INLINE void showPeer(CYASSL* ssl)
        }
    }
 #endif
-
+  (void)ssl;
 }


-static INLINE void tcp_socket(SOCKET_T* sockfd, SOCKADDR_IN_T* addr,
-                              const char* peer, word16 port)
+static INLINE void build_addr(SOCKADDR_IN_T* addr,
+                                const char* peer, word16 port)
 {
 #ifndef TEST_IPV6
    const char* host = peer;
@@ -244,11 +328,6 @@ static INLINE void tcp_socket(SOCKET_T* sockfd, SOCKADDR_IN_T* addr,
    }
 #endif

-#ifdef CYASSL_DTLS
-    *sockfd = socket(AF_INET_V, SOCK_DGRAM, 0);
-#else
-    *sockfd = socket(AF_INET_V, SOCK_STREAM, 0);
-#endif
    memset(addr, 0, sizeof(SOCKADDR_IN_T));

 #ifndef TEST_IPV6
@@ -263,6 +342,15 @@ static INLINE void tcp_socket(SOCKET_T* sockfd, SOCKADDR_IN_T* addr,
    addr->sin6_port = htons(port);
    addr->sin6_addr = in6addr_loopback;
 #endif
+}
+
+
+static INLINE void tcp_socket(SOCKET_T* sockfd, int udp)
+{
+    if (udp)
+        *sockfd = socket(AF_INET_V, SOCK_DGRAM, 0);
+    else
+        *sockfd = socket(AF_INET_V, SOCK_STREAM, 0);

 #ifndef USE_WINDOWS_API 
 #ifdef SO_NOSIGPIPE
@@ -273,9 +361,12 @@ static INLINE void tcp_socket(SOCKET_T* sockfd, SOCKADDR_IN_T* addr,
        if (res < 0)
            err_sys("setsockopt SO_NOSIGPIPE failed\n");
    }
-#endif
+#else  /* no S_NOSIGPIPE */
+    signal(SIGPIPE, SIG_IGN);
+#endif /* S_NOSIGPIPE */

-#if defined(TCP_NODELAY) && !defined(CYASSL_DTLS)
+#if defined(TCP_NODELAY)
+    if (!udp)
    {
        int       on = 1;
        socklen_t len = sizeof(on);
@@ -288,27 +379,70 @@ static INLINE void tcp_socket(SOCKET_T* sockfd, SOCKADDR_IN_T* addr,
 }


-static INLINE void tcp_connect(SOCKET_T* sockfd, const char* ip, word16 port)
+static INLINE void tcp_connect(SOCKET_T* sockfd, const char* ip, word16 port,
+                               int udp)
 {
    SOCKADDR_IN_T addr;
-    tcp_socket(sockfd, &addr, ip, port);
+    build_addr(&addr, ip, port);
+    tcp_socket(sockfd, udp);

-    if (connect(*sockfd, (const struct sockaddr*)&addr, sizeof(addr)) != 0)
+    if (!udp) {
+        if (connect(*sockfd, (const struct sockaddr*)&addr, sizeof(addr)) != 0)
+            err_sys("tcp connect failed");
+    }
+}
+
+
+static INLINE void udp_connect(SOCKET_T* sockfd, void* addr, int addrSz)
+{
+    if (connect(*sockfd, (const struct sockaddr*)addr, addrSz) != 0)
        err_sys("tcp connect failed");
 }


-static INLINE void tcp_listen(SOCKET_T* sockfd)
+enum {
+    TEST_SELECT_FAIL,
+    TEST_TIMEOUT,
+    TEST_RECV_READY,
+    TEST_ERROR_READY
+};
+
+static INLINE int tcp_select(SOCKET_T socketfd, unsigned int to_sec)
+{
+    fd_set recvfds, errfds;
+    SOCKET_T nfds = socketfd + 1;
+    struct timeval timeout = {to_sec, 0};
+    int result;
+
+    FD_ZERO(&recvfds);
+    FD_SET(socketfd, &recvfds);
+    FD_ZERO(&errfds);
+    FD_SET(socketfd, &errfds);
+
+    result = select(nfds, &recvfds, NULL, &errfds, &timeout);
+
+    if (result == 0)
+        return TEST_TIMEOUT;
+    else if (result > 0) {
+        if (FD_ISSET(socketfd, &recvfds))
+            return TEST_RECV_READY;
+        else if(FD_ISSET(socketfd, &errfds))
+            return TEST_ERROR_READY;
+    }
+
+    return TEST_SELECT_FAIL;
+}
+
+
+static INLINE void tcp_listen(SOCKET_T* sockfd, int port, int useAnyAddr,
+                              int udp)
 {
    SOCKADDR_IN_T addr;

    /* don't use INADDR_ANY by default, firewall may block, make user switch
       on */
-#ifdef USE_ANY_ADDR
-    tcp_socket(sockfd, &addr, INADDR_ANY, yasslPort);
-#else
-    tcp_socket(sockfd, &addr, yasslIP, yasslPort);
-#endif
+    build_addr(&addr, (useAnyAddr ? INADDR_ANY : yasslIP), port);
+    tcp_socket(sockfd, udp);

 #ifndef USE_WINDOWS_API 
    {
@@ -320,10 +454,10 @@ static INLINE void tcp_listen(SOCKET_T* sockfd)

    if (bind(*sockfd, (const struct sockaddr*)&addr, sizeof(addr)) != 0)
        err_sys("tcp bind failed");
-#ifndef CYASSL_DTLS
-    if (listen(*sockfd, 5) != 0)
-        err_sys("tcp listen failed");
-#endif
+    if (!udp) {
+        if (listen(*sockfd, 5) != 0)
+            err_sys("tcp listen failed");
+    }
 }


@@ -334,8 +468,8 @@ static INLINE int udp_read_connect(SOCKET_T sockfd)
    int           n;
    socklen_t     len = sizeof(cliaddr);

-    n = recvfrom(sockfd, (char*)b, sizeof(b), MSG_PEEK,
-                (struct sockaddr*)&cliaddr, &len);
+    n = (int)recvfrom(sockfd, (char*)b, sizeof(b), MSG_PEEK,
+                      (struct sockaddr*)&cliaddr, &len);
    if (n > 0) {
        if (connect(sockfd, (const struct sockaddr*)&cliaddr,
                    sizeof(cliaddr)) != 0)
@@ -351,7 +485,9 @@ static INLINE void udp_accept(SOCKET_T* sockfd, int* clientfd, func_args* args)
 {
    SOCKADDR_IN_T addr;

-    tcp_socket(sockfd, &addr, yasslIP, yasslPort);
+    (void)args;
+    build_addr(&addr, yasslIP, yasslPort);
+    tcp_socket(sockfd, 1);


 #ifndef USE_WINDOWS_API 
@@ -379,17 +515,18 @@ static INLINE void udp_accept(SOCKET_T* sockfd, int* clientfd, func_args* args)
    *clientfd = udp_read_connect(*sockfd);
 }

-static INLINE void tcp_accept(SOCKET_T* sockfd, int* clientfd, func_args* args)
+static INLINE void tcp_accept(SOCKET_T* sockfd, int* clientfd, func_args* args,
+                              int port, int useAnyAddr, int udp)
 {
    SOCKADDR_IN_T client;
    socklen_t client_len = sizeof(client);

-    #ifdef CYASSL_DTLS
+    if (udp) {
        udp_accept(sockfd, clientfd, args);
        return;
-    #endif
+    }

-    tcp_listen(sockfd);
+    tcp_listen(sockfd, port, useAnyAddr, udp);

 #if defined(_POSIX_THREADS) && defined(NO_MAIN_DRIVER)
    /* signal ready to tcp_accept */
@@ -411,15 +548,13 @@ static INLINE void tcp_accept(SOCKET_T* sockfd, int* clientfd, func_args* args)

 static INLINE void tcp_set_nonblocking(SOCKET_T* sockfd)
 {
-#ifdef NON_BLOCKING
    #ifdef USE_WINDOWS_API 
        unsigned long blocking = 1;
        int ret = ioctlsocket(*sockfd, FIONBIO, &blocking);
    #else
        int flags = fcntl(*sockfd, F_GETFL, 0);
-        int ret = fcntl(*sockfd, F_SETFL, flags | O_NONBLOCK);
+        fcntl(*sockfd, F_SETFL, flags | O_NONBLOCK);
    #endif
-#endif
 }


@@ -429,6 +564,10 @@ static INLINE unsigned int my_psk_client_cb(CYASSL* ssl, const char* hint,
        char* identity, unsigned int id_max_len, unsigned char* key,
        unsigned int key_max_len)
 {
+    (void)ssl;
+    (void)hint;
+    (void)key_max_len;
+
    /* identity is OpenSSL testing default for openssl s_client, keep same */
    strncpy(identity, "Client_identity", id_max_len);

@@ -447,6 +586,9 @@ static INLINE unsigned int my_psk_client_cb(CYASSL* ssl, const char* hint,
 static INLINE unsigned int my_psk_server_cb(CYASSL* ssl, const char* identity,
        unsigned char* key, unsigned int key_max_len)
 {
+    (void)ssl;
+    (void)key_max_len;
+
    /* identity is OpenSSL testing default for openssl s_client, keep same */
    if (strncmp(identity, "Client_identity", 15) != 0)
        return 0;
@@ -490,7 +632,7 @@ static INLINE unsigned int my_psk_server_cb(CYASSL* ssl, const char* identity,

    #include <sys/time.h>

-    static INLINE double current_time()
+    static INLINE double current_time(void)
    {
        struct timeval tv;
        gettimeofday(&tv, 0);
@@ -501,7 +643,7 @@ static INLINE unsigned int my_psk_server_cb(CYASSL* ssl, const char* identity,
 #endif /* USE_WINDOWS_API */


-#ifdef NO_FILESYSTEM
+#if defined(NO_FILESYSTEM) && !defined(NO_CERTS)

    enum {
        CYASSL_CA   = 1,
@@ -545,14 +687,18 @@ static INLINE unsigned int my_psk_server_cb(CYASSL* ssl, const char* identity,

 #ifdef VERIFY_CALLBACK

-static int myVerify(int preverify, CYASSL_X509_STORE_CTX* store)
+static INLINE int myVerify(int preverify, CYASSL_X509_STORE_CTX* store)
 {
    char buffer[80];

+#ifdef OPENSSL_EXTRA
+    CYASSL_X509* peer;
+#endif
+
    printf("In verification callback, error = %d, %s\n", store->error,
                                 CyaSSL_ERR_error_string(store->error, buffer));
 #ifdef OPENSSL_EXTRA
-    CYASSL_X509* peer = store->current_cert;
+    peer = store->current_cert;
    if (peer) {
        char* issuer  = CyaSSL_X509_NAME_oneline(
                                       CyaSSL_X509_get_issuer_name(peer), 0, 0);
@@ -577,7 +723,7 @@ static int myVerify(int preverify, CYASSL_X509_STORE_CTX* store)

 #ifdef HAVE_CRL

-static void CRL_CallBack(const char* url)
+static INLINE void CRL_CallBack(const char* url)
 {
    printf("CRL callback url = %s\n", url);
 }
@@ -585,8 +731,11 @@ static void CRL_CallBack(const char* url)
 #endif


+#ifndef NO_CERTS
+
 static INLINE void CaCb(unsigned char* der, int sz, int type)
 {
+    (void)der;
    printf("Got CA cache add callback, derSz = %d, type = %d\n", sz, type);
 }

@@ -645,6 +794,8 @@ static INLINE void SetDHCtx(CYASSL_CTX* ctx)
    CyaSSL_CTX_SetTmpDH(ctx, p, sizeof(p), g, sizeof(g));
 }

+#endif /* !NO_CERTS */
+
 #ifdef USE_WINDOWS_API 

 /* do back x number of directories */
--- a/cyassl/version.h
+++ b/cyassl/version.h
@@ -0,0 +1,35 @@
+/* cyassl_version.h.in
+ *
+ * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+
+#pragma once
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define LIBCYASSL_VERSION_STRING "2.4.2"
+#define LIBCYASSL_VERSION_HEX 0x02004002
+
+#ifdef __cplusplus
+}
+#endif
+
--- a/doc/include.am
+++ b/doc/include.am
@@ -2,4 +2,4 @@
 # included from Top Level Makefile.am
 # All paths should be given relative to the root

-doc_DATA+= doc/README.txt
+dist_doc_DATA+= doc/README.txt
--- a/examples/client/client.c
+++ b/examples/client/client.c
@@ -26,9 +26,7 @@
 #include <cyassl/ssl.h>
 #include <cyassl/test.h>

-/*
-#define TEST_RESUME 
-*/
+#include "examples/client/client.h"


 #ifdef CYASSL_CALLBACKS
@@ -37,37 +35,75 @@
    Timeval timeout;
 #endif

-#if defined(NON_BLOCKING) || defined(CYASSL_CALLBACKS)
-    void NonBlockingSSL_Connect(CyaSSL* ssl)
-    {
+static void NonBlockingSSL_Connect(CYASSL* ssl)
+{
 #ifndef CYASSL_CALLBACKS
-        int ret = CyaSSL_connect(ssl);
+    int ret = CyaSSL_connect(ssl);
 #else
-        int ret = CyaSSL_connect_ex(ssl, handShakeCB, timeoutCB, timeout);
+    int ret = CyaSSL_connect_ex(ssl, handShakeCB, timeoutCB, timeout);
 #endif
-        int error = CyaSSL_get_error(ssl, 0);
-        while (ret != SSL_SUCCESS && (error == SSL_ERROR_WANT_READ ||
-                                      error == SSL_ERROR_WANT_WRITE)) {
-            if (error == SSL_ERROR_WANT_READ)
-                printf("... client would read block\n");
-            else
-                printf("... client would write block\n");
-            #ifdef USE_WINDOWS_API 
-                Sleep(100);
-            #else
-                sleep(1);
-            #endif
+    int error = CyaSSL_get_error(ssl, 0);
+    SOCKET_T sockfd = (SOCKET_T)CyaSSL_get_fd(ssl);
+    int select_ret;
+
+    while (ret != SSL_SUCCESS && (error == SSL_ERROR_WANT_READ ||
+                                  error == SSL_ERROR_WANT_WRITE)) {
+        if (error == SSL_ERROR_WANT_READ)
+            printf("... client would read block\n");
+        else
+            printf("... client would write block\n");
+
+        if (CyaSSL_dtls(ssl))
+            select_ret = tcp_select(sockfd,
+                                    CyaSSL_dtls_get_current_timeout(ssl));
+        else
+            select_ret = tcp_select(sockfd, 1);
+
+        if ((select_ret == TEST_RECV_READY) ||
+                                        (select_ret == TEST_ERROR_READY)) {
            #ifndef CYASSL_CALLBACKS
-                ret = CyaSSL_connect(ssl);
+                    ret = CyaSSL_connect(ssl);
            #else
-                ret = CyaSSL_connect_ex(ssl, handShakeCB, timeoutCB, timeout);
+                ret = CyaSSL_connect_ex(ssl,handShakeCB,timeoutCB,timeout);
            #endif
            error = CyaSSL_get_error(ssl, 0);
        }
-        if (ret != SSL_SUCCESS)
-            err_sys("SSL_connect failed");
+        else if (select_ret == TEST_TIMEOUT &&
+                    (!CyaSSL_dtls(ssl) ||
+                    (CyaSSL_dtls_got_timeout(ssl) >= 0))) {
+            error = SSL_ERROR_WANT_READ;
+        }
+        else {
+            error = SSL_FATAL_ERROR;
+        }
    }
-#endif
+    if (ret != SSL_SUCCESS)
+        err_sys("SSL_connect failed");
+}
+
+
+static void Usage(void)
+{
+    printf("client "    LIBCYASSL_VERSION_STRING
+           " NOTE: All files relative to CyaSSL home dir\n");
+    printf("-?          Help, print this usage\n");
+    printf("-h <host>   Host to connect to, default %s\n", yasslIP);
+    printf("-p <num>    Port to connect on, default %d\n", yasslPort);
+    printf("-v <num>    SSL version [0-3], SSLv3(0) - TLS1.2(3)), default %d\n",
+                                 CLIENT_DEFAULT_VERSION);
+    printf("-l <str>    Cipher list\n");
+    printf("-c <file>   Certificate file,           default %s\n", cliCert);
+    printf("-k <file>   Key file,                   default %s\n", cliKey);
+    printf("-A <file>   Certificate Authority file, default %s\n", caCert);
+    printf("-b <num>    Benchmark <num> connections and print stats\n");
+    printf("-s          Use pre Shared keys\n");
+    printf("-d          Disable peer checks\n");
+    printf("-g          Send server HTTP GET\n");
+    printf("-u          Use UDP DTLS\n");
+    printf("-m          Match domain name in cert\n");
+    printf("-N          Use Non-blocking sockets\n");
+    printf("-r          Resume session\n");
+}


 void client_test(void* args)
@@ -78,112 +114,235 @@ void client_test(void* args)
    CYASSL_CTX*     ctx     = 0;
    CYASSL*         ssl     = 0;
    
-#ifdef TEST_RESUME
    CYASSL*         sslResume = 0;
    CYASSL_SESSION* session = 0;
    char         resumeMsg[] = "resuming cyassl!";
    int          resumeSz    = sizeof(resumeMsg);
-#endif

    char msg[64] = "hello cyassl!";
    char reply[1024];
    int  input;
-    int  msgSz = strlen(msg);
+    int  msgSz = (int)strlen(msg);
+
+    int   port   = yasslPort;
+    char* host   = (char*)yasslIP;
+    char* domain = (char*)"www.yassl.com";
+
+    int    ch;
+    int    version = CLIENT_DEFAULT_VERSION;
+    int    usePsk   = 0;
+    int    sendGET  = 0;
+    int    benchmark = 0;
+    int    doDTLS    = 0;
+    int    matchName = 0;
+    int    doPeerCheck = 1;
+    int    nonBlocking = 0;
+    int    resumeSession = 0;
+    char*  cipherList = NULL;
+    char*  verifyCert = (char*)caCert;
+    char*  ourCert    = (char*)cliCert;
+    char*  ourKey     = (char*)cliKey;

    int     argc = ((func_args*)args)->argc;
    char**  argv = ((func_args*)args)->argv;

    ((func_args*)args)->return_code = -1; /* error state */

-#if defined(CYASSL_DTLS)
-    method  = CyaDTLSv1_client_method();
-#elif  !defined(NO_TLS)
-    method  = CyaSSLv23_client_method();
-#else
-    method  = CyaSSLv3_client_method();
-#endif
-    ctx     = CyaSSL_CTX_new(method);
+    while ((ch = mygetopt(argc, argv, "?gdusmNrh:p:v:l:A:c:k:b:")) != -1) {
+        switch (ch) {
+            case '?' :
+                Usage();
+                exit(EXIT_SUCCESS);

-#ifndef NO_PSK
-    CyaSSL_CTX_set_psk_client_callback(ctx, my_psk_client_cb);
+            case 'g' :
+                sendGET = 1;
+                break;
+
+            case 'd' :
+                doPeerCheck = 0;
+                break;
+
+            case 'u' :
+                doDTLS  = 1;
+                version = -1;  /* DTLS flag */
+                break;
+
+            case 's' :
+                usePsk = 1;
+                break;
+
+            case 'm' :
+                matchName = 1;
+                break;
+
+            case 'h' :
+                host   = myoptarg;
+                domain = myoptarg;
+                break;
+
+            case 'p' :
+                port = atoi(myoptarg);
+                break;
+
+            case 'v' :
+                version = atoi(myoptarg);
+                if (version < 0 || version > 3) {
+                    Usage();
+                    exit(MY_EX_USAGE);
+                }
+                if (doDTLS)
+                    version = -1;   /* DTLS flag */
+                break;
+
+            case 'l' :
+                cipherList = myoptarg;
+                break;
+
+            case 'A' :
+                verifyCert = myoptarg;
+                break;
+
+            case 'c' :
+                ourCert = myoptarg;
+                break;
+
+            case 'k' :
+                ourKey = myoptarg;
+                break;
+
+            case 'b' :
+                benchmark = atoi(myoptarg);
+                if (benchmark < 0 || benchmark > 1000000) {
+                    Usage();
+                    exit(MY_EX_USAGE);
+                }
+                break;
+
+            case 'N' :
+                nonBlocking = 1;
+                break;
+
+            case 'r' :
+                resumeSession = 1;
+                break;
+
+            default:
+                Usage();
+                exit(MY_EX_USAGE);
+        }
+    }
+
+    argc -= myoptind;
+    argv += myoptind;
+    myoptind = 0;      /* reset for test cases */
+
+    switch (version) {
+        case 0:
+            method = CyaSSLv3_client_method();
+            break;
+
+        case 1:
+            method = CyaTLSv1_client_method();
+            break;
+
+        case 2:
+            method = CyaTLSv1_1_client_method();
+            break;
+
+        case 3:
+            method = CyaTLSv1_2_client_method();
+            break;
+
+#ifdef CYASSL_DTLS
+        case -1:
+            method = CyaDTLSv1_client_method();
+            break;
 #endif

+        default:
+            err_sys("Bad SSL version");
+    }
+
+    if (method == NULL)
+        err_sys("unable to get method");
+
+    ctx = CyaSSL_CTX_new(method);
+    if (ctx == NULL)
+        err_sys("unable to get ctx");
+
+    if (cipherList)
+        if (CyaSSL_CTX_set_cipher_list(ctx, cipherList) != SSL_SUCCESS)
+            err_sys("can't set cipher list");
+
+#ifdef CYASSL_LEANPSK
+    usePsk = 1;
+#endif
+
+    if (usePsk) {
+#ifndef NO_PSK
+        CyaSSL_CTX_set_psk_client_callback(ctx, my_psk_client_cb);
+        CyaSSL_CTX_use_psk_identity_hint(ctx, "cyassl_client");
+        if (cipherList == NULL) {
+            const char *defaultCipherList;
+            #ifdef HAVE_NULL_CIPHER
+                defaultCipherList = "PSK-NULL-SHA";
+            #else
+                defaultCipherList = "PSK-AES256-CBC-SHA";
+            #endif
+            if (CyaSSL_CTX_set_cipher_list(ctx,defaultCipherList) !=SSL_SUCCESS)
+                err_sys("can't set cipher list");
+        }
+#endif
+    }
+
 #ifdef OPENSSL_EXTRA
    CyaSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
 #endif

 #if defined(CYASSL_SNIFFER) && !defined(HAVE_NTRU) && !defined(HAVE_ECC)
-    /* don't use EDH, can't sniff tmp keys */
-    CyaSSL_CTX_set_cipher_list(ctx, "AES256-SHA");
+    if (cipherList == NULL) {
+        /* don't use EDH, can't sniff tmp keys */
+        if (CyaSSL_CTX_set_cipher_list(ctx, "AES256-SHA") != SSL_SUCCESS) {
+            err_sys("can't set cipher list");
+        }
+    }
 #endif

 #ifdef USER_CA_CB
    CyaSSL_CTX_SetCACb(ctx, CaCb);
 #endif

-#ifndef NO_FILESYSTEM
-    if (CyaSSL_CTX_load_verify_locations(ctx, caCert, 0) != SSL_SUCCESS)
-        err_sys("can't load ca file, Please run from CyaSSL home dir");
-    #ifdef HAVE_ECC
-        if (CyaSSL_CTX_load_verify_locations(ctx, eccCert, 0) != SSL_SUCCESS)
-            err_sys("can't load ca file, Please run from CyaSSL home dir");
-    #endif
-#else
-    load_buffer(ctx, caCert, CYASSL_CA);
-#endif
-
 #ifdef VERIFY_CALLBACK
    CyaSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, myVerify);
 #endif
+#ifndef NO_FILESYSTEM   
+    if (!usePsk){
+        if (CyaSSL_CTX_use_certificate_file(ctx, ourCert, SSL_FILETYPE_PEM)
+                                     != SSL_SUCCESS)
+            err_sys("can't load client cert file, check file and run from"
+                    " CyaSSL home dir");

+        if (CyaSSL_CTX_use_PrivateKey_file(ctx, ourKey, SSL_FILETYPE_PEM)
+                                         != SSL_SUCCESS)
+            err_sys("can't load client cert file, check file and run from"
+                    " CyaSSL home dir");    

-    if (argc == 3) {
-        /*  ./client server securePort  */
-        CyaSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);  /* TODO: add ca cert */
-                    /* this is just to allow easy testing of other servers */
-        tcp_connect(&sockfd, argv[1], (short)atoi(argv[2]));
+        if (CyaSSL_CTX_load_verify_locations(ctx, verifyCert, 0) != SSL_SUCCESS)
+                err_sys("can't load ca file, Please run from CyaSSL home dir");
    }
-    else if (argc == 1) {
-        /* ./client          // plain mode */
-        /* for client cert authentication if server requests */
-#ifndef NO_FILESYSTEM
-    #ifdef HAVE_ECC
-        if (CyaSSL_CTX_use_certificate_file(ctx, cliEccCert, SSL_FILETYPE_PEM)
-                != SSL_SUCCESS)
-            err_sys("can't load ecc client cert file, "
-                    "Please run from CyaSSL home dir");
-
-        if (CyaSSL_CTX_use_PrivateKey_file(ctx, cliEccKey, SSL_FILETYPE_PEM)
-                != SSL_SUCCESS)
-            err_sys("can't load ecc client key file, "
-                    "Please run from CyaSSL home dir");
-    #else
-        if (CyaSSL_CTX_use_certificate_file(ctx, cliCert, SSL_FILETYPE_PEM)
-                != SSL_SUCCESS)
-            err_sys("can't load client cert file, "
-                    "Please run from CyaSSL home dir");
-
-        if (CyaSSL_CTX_use_PrivateKey_file(ctx, cliKey, SSL_FILETYPE_PEM)
-                != SSL_SUCCESS)
-            err_sys("can't load client key file, "
-                    "Please run from CyaSSL home dir");
-    #endif /* HAVE_ECC */
-#else
-        load_buffer(ctx, cliCert, CYASSL_CERT);
-        load_buffer(ctx, cliKey, CYASSL_KEY);
 #endif
+    if (!usePsk && doPeerCheck == 0)
+        CyaSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);

-        tcp_connect(&sockfd, yasslIP, yasslPort);
-    }
-    else if (argc == 2) {
+    if (benchmark) {
        /* time passed in number of connects give average */
-        int times = atoi(argv[1]);
+        int times = benchmark;
        int i = 0;

        double start = current_time(), avg;

        for (i = 0; i < times; i++) {
-            tcp_connect(&sockfd, yasslIP, yasslPort);
+            tcp_connect(&sockfd, host, port, doDTLS);
            ssl = CyaSSL_new(ctx);
            CyaSSL_set_fd(ssl, sockfd);
            if (CyaSSL_connect(ssl) != SSL_SUCCESS)
@@ -195,45 +354,61 @@ void client_test(void* args)
        }
        avg = current_time() - start;
        avg /= times;
-        avg *= 1000;    /* milliseconds */  
-        printf("SSL_connect avg took:%6.3f milliseconds\n", avg);
+        avg *= 1000;   /* milliseconds */
+        printf("CyaSSL_connect avg took: %8.3f milliseconds\n", avg);

        CyaSSL_CTX_free(ctx);
        ((func_args*)args)->return_code = 0;
-        return;
+
+        exit(EXIT_SUCCESS);
    }
-    else
-        err_sys("usage: ./client server securePort");

    ssl = CyaSSL_new(ctx);
+    if (ssl == NULL)
+        err_sys("unable to get SSL object");
+    if (doDTLS) {
+        SOCKADDR_IN_T addr;
+        build_addr(&addr, host, port);
+        CyaSSL_dtls_set_peer(ssl, &addr, sizeof(addr));
+        tcp_socket(&sockfd, 1);
+    }
+    else {
+        tcp_connect(&sockfd, host, port, 0);
+    }
    CyaSSL_set_fd(ssl, sockfd);
 #ifdef HAVE_CRL
-    CyaSSL_EnableCRL(ssl, CYASSL_CRL_CHECKALL);
-    CyaSSL_LoadCRL(ssl, crlPemDir, SSL_FILETYPE_PEM, 0);
-    CyaSSL_SetCRL_Cb(ssl, CRL_CallBack);
+    if (CyaSSL_EnableCRL(ssl, CYASSL_CRL_CHECKALL) != SSL_SUCCESS)
+        err_sys("can't enable crl check");
+    if (CyaSSL_LoadCRL(ssl, crlPemDir, SSL_FILETYPE_PEM, 0) != SSL_SUCCESS)
+        err_sys("can't load crl, check crlfile and date validity");
+    if (CyaSSL_SetCRL_Cb(ssl, CRL_CallBack) != SSL_SUCCESS)
+        err_sys("can't set crl callback");
 #endif
-    if (argc != 3)
-        CyaSSL_check_domain_name(ssl, "www.yassl.com");
-#ifdef NON_BLOCKING
-    tcp_set_nonblocking(&sockfd);
-    NonBlockingSSL_Connect(ssl);
+    if (matchName && doPeerCheck)
+        CyaSSL_check_domain_name(ssl, domain);
+#ifndef CYASSL_CALLBACKS
+    if (nonBlocking) {
+        CyaSSL_set_using_nonblock(ssl, 1);
+        tcp_set_nonblocking(&sockfd);
+        NonBlockingSSL_Connect(ssl);
+    }
+    else if (CyaSSL_connect(ssl) != SSL_SUCCESS) {
+        /* see note at top of README */
+        int  err = CyaSSL_get_error(ssl, 0);
+        char buffer[80];
+        printf("err = %d, %s\n", err,
+                                CyaSSL_ERR_error_string(err, buffer));
+        err_sys("SSL_connect failed");
+        /* if you're getting an error here  */
+    }
 #else
-    #ifndef CYASSL_CALLBACKS
-        if (CyaSSL_connect(ssl) != SSL_SUCCESS) {/* see note at top of README */
-            int  err = CyaSSL_get_error(ssl, 0);
-            char buffer[80];
-            printf("err = %d, %s\n", err, CyaSSL_ERR_error_string(err, buffer));
-            err_sys("SSL_connect failed");/* if you're getting an error here  */
-        }
-    #else
-        timeout.tv_sec  = 2;
-        timeout.tv_usec = 0;
-        NonBlockingSSL_Connect(ssl);  /* will keep retrying on timeout */
-    #endif
+    timeout.tv_sec  = 2;
+    timeout.tv_usec = 0;
+    NonBlockingSSL_Connect(ssl);  /* will keep retrying on timeout */
 #endif
    showPeer(ssl);
-    
-    if (argc == 3) {
+
+    if (sendGET) {
        printf("SSL connect ok, sending GET...\n");
        msgSz = 28;
        strncpy(msg, "GET /index.html HTTP/1.0\r\n\r\n", msgSz);
@@ -246,7 +421,7 @@ void client_test(void* args)
        reply[input] = 0;
        printf("Server response: %s\n", reply);

-        if (argc == 3) {  /* get html */
+        if (sendGET) {  /* get html */
            while (1) {
                input = CyaSSL_read(ssl, reply, sizeof(reply));
                if (input > 0) {
@@ -258,63 +433,88 @@ void client_test(void* args)
            }
        }
    }
-  
-#ifdef TEST_RESUME
-    #ifdef CYASSL_DTLS
-        strncpy(msg, "break", 6);
-        msgSz = (int)strlen(msg);
-        /* try to send session close */
-        CyaSSL_write(ssl, msg, msgSz);
-    #endif
-    session   = CyaSSL_get_session(ssl);
-    sslResume = CyaSSL_new(ctx);
-#endif

-    CyaSSL_shutdown(ssl);
+    if (resumeSession) {
+        if (doDTLS) {
+            strncpy(msg, "break", 6);
+            msgSz = (int)strlen(msg);
+            /* try to send session close */
+            CyaSSL_write(ssl, msg, msgSz);
+        }
+        session   = CyaSSL_get_session(ssl);
+        sslResume = CyaSSL_new(ctx);
+    }
+
+    if (doDTLS == 0)            /* don't send alert after "break" command */
+        CyaSSL_shutdown(ssl);  /* echoserver will interpret as new conn */
    CyaSSL_free(ssl);
    CloseSocket(sockfd);

-#ifdef TEST_RESUME
-    #ifdef CYASSL_DTLS
-        #ifdef USE_WINDOWS_API 
-            Sleep(500);
-        #else
-            sleep(1);
-        #endif
-    #endif
-    if (argc == 3)
-        tcp_connect(&sockfd, argv[1], (short)atoi(argv[2]));
-    else
-        tcp_connect(&sockfd, yasslIP, yasslPort);
-    CyaSSL_set_fd(sslResume, sockfd);
-    CyaSSL_set_session(sslResume, session);
-   
-    showPeer(sslResume); 
-    if (CyaSSL_connect(sslResume) != SSL_SUCCESS) err_sys("SSL resume failed");
+    if (resumeSession) {
+        if (doDTLS) {
+            SOCKADDR_IN_T addr;
+            #ifdef USE_WINDOWS_API 
+                Sleep(500);
+            #else
+                sleep(1);
+            #endif
+            build_addr(&addr, host, port);
+            CyaSSL_dtls_set_peer(sslResume, &addr, sizeof(addr));
+            tcp_socket(&sockfd, 1);
+        }
+        else {
+            tcp_connect(&sockfd, host, port, 0);
+        }
+        CyaSSL_set_fd(sslResume, sockfd);
+        CyaSSL_set_session(sslResume, session);
+       
+        showPeer(sslResume);
+#ifndef CYASSL_CALLBACKS
+        if (nonBlocking) {
+            CyaSSL_set_using_nonblock(sslResume, 1);
+            tcp_set_nonblocking(&sockfd);
+            NonBlockingSSL_Connect(sslResume);
+        }
+        else if (CyaSSL_connect(sslResume) != SSL_SUCCESS)
+            err_sys("SSL resume failed");
+#else
+        timeout.tv_sec  = 2;
+        timeout.tv_usec = 0;
+        NonBlockingSSL_Connect(ssl);  /* will keep retrying on timeout */
+#endif

 #ifdef OPENSSL_EXTRA
-    if (CyaSSL_session_reused(sslResume))
-        printf("reused session id\n");
-    else
-        printf("didn't reuse session id!!!\n");
+        if (CyaSSL_session_reused(sslResume))
+            printf("reused session id\n");
+        else
+            printf("didn't reuse session id!!!\n");
 #endif
-  
-    if (CyaSSL_write(sslResume, resumeMsg, resumeSz) != resumeSz)
-        err_sys("SSL_write failed");
+      
+        if (CyaSSL_write(sslResume, resumeMsg, resumeSz) != resumeSz)
+            err_sys("SSL_write failed");

-    input = CyaSSL_read(sslResume, reply, sizeof(reply));
-    if (input > 0) {
-        reply[input] = 0;
-        printf("Server resume response: %s\n", reply);
+        if (nonBlocking) {
+            /* give server a chance to bounce a message back to client */
+            #ifdef USE_WINDOWS_API
+                Sleep(500);
+            #else
+                sleep(1);
+            #endif
+        }
+
+        input = CyaSSL_read(sslResume, reply, sizeof(reply));
+        if (input > 0) {
+            reply[input] = 0;
+            printf("Server resume response: %s\n", reply);
+        }
+
+        /* try to send session break */
+        CyaSSL_write(sslResume, msg, msgSz); 
+
+        CyaSSL_shutdown(sslResume);
+        CyaSSL_free(sslResume);
    }

-    /* try to send session break */
-    CyaSSL_write(sslResume, msg, msgSz); 
-
-    CyaSSL_shutdown(sslResume);
-    CyaSSL_free(sslResume);
-#endif /* TEST_RESUME */
-
    CyaSSL_CTX_free(ctx);
    CloseSocket(sockfd);

@@ -347,6 +547,9 @@ void client_test(void* args)
        return args.return_code;
    }

+    int myoptind = 0;
+    char* myoptarg = NULL;
+
 #endif /* NO_MAIN_DRIVER */


--- a/examples/client/client.h
+++ b/examples/client/client.h
@@ -0,0 +1,25 @@
+/* client.h
+ *
+ * Copyright (C) 2006-2012 Sawtooth Consulting Ltd.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+#pragma once
+
+void client_test(void* args);
+
--- a/examples/client/include.am
+++ b/examples/client/include.am
@@ -2,6 +2,7 @@
 # All paths should be given relative to the root

 noinst_PROGRAMS += examples/client/client
+noinst_HEADERS += examples/client/client.h
 examples_client_client_SOURCES      = examples/client/client.c
 examples_client_client_LDADD        = src/libcyassl.la
 examples_client_client_DEPENDENCIES = src/libcyassl.la
@@ -9,4 +10,4 @@ EXTRA_DIST += examples/client/client.sln
 EXTRA_DIST += examples/client/client-ntru.vcproj
 EXTRA_DIST += examples/client/client.vcproj

-example_DATA+= examples/client/client.c
+dist_example_DATA+= examples/client/client.c
--- a/examples/echoclient/echoclient.c
+++ b/examples/echoclient/echoclient.c
@@ -26,6 +26,7 @@
 #include <cyassl/openssl/ssl.h>
 #include <cyassl/test.h>

+#include "examples/echoclient/echoclient.h"

 void echoclient_test(void* args)
 {
@@ -37,13 +38,15 @@ void echoclient_test(void* args)
    int inCreated  = 0;
    int outCreated = 0;

-    char send[1024];
+    char msg[1024];
    char reply[1024];

    SSL_METHOD* method = 0;
    SSL_CTX*    ctx    = 0;
    SSL*        ssl    = 0;

+    int doDTLS = 0;
+    int doLeanPSK = 0;
    int sendSz;
    int argc    = 0;
    char** argv = 0;
@@ -64,12 +67,18 @@ void echoclient_test(void* args)
    if (!fin)  err_sys("can't open input file");
    if (!fout) err_sys("can't open output file");

-    tcp_connect(&sockfd, yasslIP, yasslPort);
+#ifdef CYASSL_DTLS
+    doDTLS  = 1;
+#endif
+
+#ifdef CYASSL_LEANPSK 
+    doLeanPSK = 1;
+#endif

 #if defined(CYASSL_DTLS)
    method  = DTLSv1_client_method();
 #elif  !defined(NO_TLS)
-    method = TLSv1_client_method();
+    method = CyaSSLv23_client_method();
 #else
    method = SSLv3_client_method();
 #endif
@@ -82,20 +91,37 @@ void echoclient_test(void* args)
        if (SSL_CTX_load_verify_locations(ctx, eccCert, 0) != SSL_SUCCESS)
            err_sys("can't load ca file, Please run from CyaSSL home dir");
    #endif
-#else
-    load_buffer(ctx, caCert, CYASSL_CA);
+#elif !defined(NO_CERTS)
+    if (!doLeanPSK)
+        load_buffer(ctx, caCert, CYASSL_CA);
 #endif

 #if defined(CYASSL_SNIFFER) && !defined(HAVE_NTRU) && !defined(HAVE_ECC)
    /* don't use EDH, can't sniff tmp keys */
    SSL_CTX_set_cipher_list(ctx, "AES256-SHA");
 #endif
+    if (doLeanPSK) {
+#ifdef CYASSL_LEANPSK
+        CyaSSL_CTX_set_psk_client_callback(ctx, my_psk_client_cb);
+        SSL_CTX_set_cipher_list(ctx, "PSK-NULL-SHA");
+#endif
+    }

 #ifdef OPENSSL_EXTRA
    SSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
 #endif
    ssl = SSL_new(ctx);

+    if (doDTLS) {
+        SOCKADDR_IN_T addr;
+        build_addr(&addr, yasslIP, yasslPort);
+        CyaSSL_dtls_set_peer(ssl, &addr, sizeof(addr));
+        tcp_socket(&sockfd, 1);
+    }
+    else {
+        tcp_connect(&sockfd, yasslIP, yasslPort, 0);
+    }
+
    SSL_set_fd(ssl, sockfd);
 #if defined(USE_WINDOWS_API) && defined(CYASSL_DTLS) && defined(NO_MAIN_DRIVER)
    /* let echoserver bind first, TODO: add Windows signal like pthreads does */
@@ -103,19 +129,19 @@ void echoclient_test(void* args)
 #endif
    if (SSL_connect(ssl) != SSL_SUCCESS) err_sys("SSL_connect failed");

-    while (fgets(send, sizeof(send), fin)) {
+    while (fgets(msg, sizeof(msg), fin)) {

-        sendSz = (int)strlen(send) + 1;
+        sendSz = (int)strlen(msg);

-        if (SSL_write(ssl, send, sendSz) != sendSz)
+        if (SSL_write(ssl, msg, sendSz) != sendSz)
            err_sys("SSL_write failed");

-        if (strncmp(send, "quit", 4) == 0) {
+        if (strncmp(msg, "quit", 4) == 0) {
            fputs("sending server shutdown command: quit!\n", fout);
            break;
        }

-        if (strncmp(send, "break", 4) == 0) {
+        if (strncmp(msg, "break", 5) == 0) {
            fputs("sending server session close: break!\n", fout);
            break;
        }
@@ -123,6 +149,7 @@ void echoclient_test(void* args)
        while (sendSz) {
            int got;
            if ( (got = SSL_read(ssl, reply, sizeof(reply))) > 0) {
+                reply[got] = 0;
                fputs(reply, fout);
                sendSz -= got;
            }
@@ -132,10 +159,10 @@ void echoclient_test(void* args)
    }

 #ifdef CYASSL_DTLS
-    strncpy(send, "break", 6);
-    sendSz = (int)strlen(send);
+    strncpy(msg, "break", 6);
+    sendSz = (int)strlen(msg);
    /* try to tell server done */
-    SSL_write(ssl, send, sendSz);
+    SSL_write(ssl, msg, sendSz);
 #else
    SSL_shutdown(ssl);
 #endif
@@ -165,6 +192,9 @@ void echoclient_test(void* args)
        args.argv = argv;

        CyaSSL_Init();
+#ifdef DEBUG_CYASSL
+        CyaSSL_Debugging_ON();
+#endif
        if (CurrentDir("echoclient") || CurrentDir("build"))
            ChangeDirBack(2);
        echoclient_test(&args);
@@ -173,6 +203,9 @@ void echoclient_test(void* args)
        return args.return_code;
    }

+    int myoptind = 0;
+    char* myoptarg = NULL;
+
 #endif /* NO_MAIN_DRIVER */


--- a/examples/echoclient/echoclient.h
+++ b/examples/echoclient/echoclient.h
@@ -0,0 +1,23 @@
+/* echoclient.h
+ *
+ * Copyright (C) 2006-2012 Sawtooth Consulting Ltd.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+#pragma once
+void echoclient_test(void* args);
--- a/examples/echoclient/include.am
+++ b/examples/echoclient/include.am
@@ -4,6 +4,7 @@


 noinst_PROGRAMS += examples/echoclient/echoclient
+noinst_HEADERS += examples/echoclient/echoclient.h
 examples_echoclient_echoclient_SOURCES      = examples/echoclient/echoclient.c
 examples_echoclient_echoclient_LDADD        = src/libcyassl.la
 examples_echoclient_echoclient_DEPENDENCIES = src/libcyassl.la
@@ -11,4 +12,4 @@ EXTRA_DIST += examples/echoclient/echoclient.sln
 EXTRA_DIST += examples/echoclient/echoclient-ntru.vcproj
 EXTRA_DIST += examples/echoclient/echoclient.vcproj

-example_DATA+= examples/echoclient/echoclient.c
+dist_example_DATA+= examples/echoclient/echoclient.c
--- a/examples/echoserver/echoserver.c
+++ b/examples/echoserver/echoserver.c
@@ -30,6 +30,8 @@
    #define ECHO_OUT
 #endif

+#include "examples/echoserver/echoserver.h"
+

 #ifdef SESSION_STATS
    CYASSL_API void PrintSessionStats(void);
@@ -47,6 +49,7 @@ static void SignalReady(void* args)
    pthread_cond_signal(&ready->cond);
    pthread_mutex_unlock(&ready->mutex);
 #endif
+    (void)args;
 }


@@ -56,8 +59,11 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
    CYASSL_METHOD* method = 0;
    CYASSL_CTX*    ctx    = 0;

+    int    doDTLS = 0;
+    int    doLeanPSK = 0;
    int    outCreated = 0;
-    int    shutdown = 0;
+    int    shutDown = 0;
+    int    useAnyAddr = 0;
    int    argc = ((func_args*)args)->argc;
    char** argv = ((func_args*)args)->argv;

@@ -69,10 +75,21 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
    }
    if (!fout) err_sys("can't open output file");
 #endif
+    (void)outCreated;
+    (void)argc;
+    (void)argv;

    ((func_args*)args)->return_code = -1; /* error state */

-    tcp_listen(&sockfd);
+#ifdef CYASSL_DTLS
+    doDTLS  = 1;
+#endif
+
+#ifdef CYASSL_LEANPSK
+    doLeanPSK = 1;
+#endif
+
+    tcp_listen(&sockfd, yasslPort, useAnyAddr, doDTLS);

 #if defined(CYASSL_DTLS)
    method  = CyaDTLSv1_server_method();
@@ -100,7 +117,7 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
                != SSL_SUCCESS)
            err_sys("can't load ntru key file, "
                    "Please run from CyaSSL home dir");
-    #elif HAVE_ECC
+    #elif defined(HAVE_ECC)
        /* ecc */
        if (CyaSSL_CTX_use_certificate_file(ctx, eccCert, SSL_FILETYPE_PEM)
                != SSL_SUCCESS)
@@ -123,14 +140,28 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
            err_sys("can't load server key file, "
                    "Please run from CyaSSL home dir");
    #endif
-#else
-    load_buffer(ctx, svrCert, CYASSL_CERT);
-    load_buffer(ctx, svrKey,  CYASSL_KEY);
+#elif !defined(NO_CERTS)
+    if (!doLeanPSK) {
+        load_buffer(ctx, svrCert, CYASSL_CERT);
+        load_buffer(ctx, svrKey,  CYASSL_KEY);
+    }
 #endif

+#if defined(CYASSL_SNIFFER) && !defined(HAVE_NTRU) && !defined(HAVE_ECC)
+    /* don't use EDH, can't sniff tmp keys */
+    CyaSSL_CTX_set_cipher_list(ctx, "AES256-SHA");
+#endif
+
+    if (doLeanPSK) {
+#ifdef CYASSL_LEANPSK
+        CyaSSL_CTX_set_psk_server_callback(ctx, my_psk_server_cb);
+        CyaSSL_CTX_set_cipher_list(ctx, "PSK-NULL-SHA");
+#endif
+    }
+
    SignalReady(args);

-    while (!shutdown) {
+    while (!shutDown) {
        CYASSL* ssl = 0;
        char    command[1024];
        int     echoSz = 0;
@@ -153,7 +184,7 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
        CyaSSL_set_fd(ssl, clientfd);
        #if !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA)
            CyaSSL_SetTmpDH_file(ssl, dhParam, SSL_FILETYPE_PEM);
-        #else
+        #elif !defined(NO_CERTS)
            SetDH(ssl);  /* will repick suites with DHE, higher than PSK */
        #endif
        if (CyaSSL_accept(ssl) != SSL_SUCCESS) {
@@ -182,7 +213,7 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
           
            if ( strncmp(command, "quit", 4) == 0) {
                printf("client sent quit command: shutting down!\n");
-                shutdown = 1;
+                shutDown = 1;
                break;
            }
            if ( strncmp(command, "break", 5) == 0) {
@@ -206,11 +237,11 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
                echoSz = sizeof(type) - 1;

                strncpy(&command[echoSz], header, sizeof(header));
-                echoSz += sizeof(header) - 1;
+                echoSz += (int)sizeof(header) - 1;
                strncpy(&command[echoSz], body, sizeof(body));
-                echoSz += sizeof(body) - 1;
+                echoSz += (int)sizeof(body) - 1;
                strncpy(&command[echoSz], footer, sizeof(footer));
-                echoSz += sizeof(footer);
+                echoSz += (int)sizeof(footer);

                if (CyaSSL_write(ssl, command, echoSz) != echoSz)
                    err_sys("SSL_write failed");
@@ -231,7 +262,7 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
        CyaSSL_free(ssl);
        CloseSocket(clientfd);
 #ifdef CYASSL_DTLS
-        tcp_listen(&sockfd);
+        tcp_listen(&sockfd, yasslPort, useAnyAddr, doDTLS);
        SignalReady(args);
 #endif
    }
@@ -273,6 +304,9 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
        return args.return_code;
    }

+    int myoptind = 0;
+    char* myoptarg = NULL;
+
 #endif /* NO_MAIN_DRIVER */


--- a/examples/echoserver/echoserver.h
+++ b/examples/echoserver/echoserver.h
@@ -0,0 +1,24 @@
+/* echoserver.h
+ *
+ * Copyright (C) 2006-2012 Sawtooth Consulting Ltd.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+#pragma once
+
+THREAD_RETURN CYASSL_THREAD echoserver_test(void* args);
--- a/examples/echoserver/include.am
+++ b/examples/echoserver/include.am
@@ -4,6 +4,7 @@


 noinst_PROGRAMS += examples/echoserver/echoserver
+noinst_HEADERS += examples/echoserver/echoserver.h
 examples_echoserver_echoserver_SOURCES      = examples/echoserver/echoserver.c
 examples_echoserver_echoserver_LDADD        = src/libcyassl.la
 examples_echoserver_echoserver_DEPENDENCIES = src/libcyassl.la
@@ -11,4 +12,4 @@ EXTRA_DIST += examples/echoserver/echoserver.sln
 EXTRA_DIST += examples/echoserver/echoserver-ntru.vcproj
 EXTRA_DIST += examples/echoserver/echoserver.vcproj

-example_DATA+= examples/echoserver/echoserver.c
+dist_example_DATA+= examples/echoserver/echoserver.c
--- a/examples/server/include.am
+++ b/examples/server/include.am
@@ -4,6 +4,7 @@


 noinst_PROGRAMS += examples/server/server
+noinst_HEADERS += examples/server/server.h
 examples_server_server_SOURCES      = examples/server/server.c
 examples_server_server_LDADD        = src/libcyassl.la
 examples_server_server_DEPENDENCIES = src/libcyassl.la
@@ -11,4 +12,4 @@ EXTRA_DIST += examples/server/server.sln
 EXTRA_DIST += examples/server/server-ntru.vcproj
 EXTRA_DIST += examples/server/server.vcproj

-example_DATA+= examples/server/server.c
+dist_example_DATA+= examples/server/server.c
--- a/examples/server/server.c
+++ b/examples/server/server.c
@@ -26,6 +26,8 @@
 #include <cyassl/openssl/ssl.h>
 #include <cyassl/test.h>

+#include "examples/server/server.h"
+

 #ifdef CYASSL_CALLBACKS
    int srvHandShakeCB(HandShakeInfo*);
@@ -33,34 +35,72 @@
    Timeval srvTo;
 #endif

-#if defined(NON_BLOCKING) || defined(CYASSL_CALLBACKS)
-    void NonBlockingSSL_Accept(SSL* ssl)
-    {
-    #ifndef CYASSL_CALLBACKS
-        int ret = SSL_accept(ssl);
-    #else
-        int ret = CyaSSL_accept_ex(ssl, srvHandShakeCB, srvTimeoutCB, srvTo);
-    #endif
-        int error = SSL_get_error(ssl, 0);
-        while (ret != SSL_SUCCESS && (error == SSL_ERROR_WANT_READ ||
-                                      error == SSL_ERROR_WANT_WRITE)) {
-            printf("... server would block\n");
-            #ifdef USE_WINDOWS_API 
-                Sleep(1000);
-            #else
-                sleep(1);
-            #endif
+static void NonBlockingSSL_Accept(SSL* ssl)
+{
+#ifndef CYASSL_CALLBACKS
+    int ret = SSL_accept(ssl);
+#else
+    int ret = CyaSSL_accept_ex(ssl, srvHandShakeCB, srvTimeoutCB, srvTo);
+#endif
+    int error = SSL_get_error(ssl, 0);
+    SOCKET_T sockfd = (SOCKET_T)CyaSSL_get_fd(ssl);
+    int select_ret;
+
+    while (ret != SSL_SUCCESS && (error == SSL_ERROR_WANT_READ ||
+                                  error == SSL_ERROR_WANT_WRITE)) {
+        if (error == SSL_ERROR_WANT_READ)
+            printf("... server would read block\n");
+        else
+            printf("... server would write block\n");
+
+        if (CyaSSL_dtls(ssl))
+            select_ret = tcp_select(sockfd,
+                                    CyaSSL_dtls_get_current_timeout(ssl));
+        else
+            select_ret = tcp_select(sockfd, 1);
+
+        if ((select_ret == TEST_RECV_READY) ||
+                                        (select_ret == TEST_ERROR_READY)) {
            #ifndef CYASSL_CALLBACKS
                ret = SSL_accept(ssl);
            #else
-                ret = CyaSSL_accept_ex(ssl, srvHandShakeCB, srvTimeoutCB,srvTo);
+                ret = CyaSSL_accept_ex(ssl,
+                                    srvHandShakeCB, srvTimeoutCB, srvTo);
            #endif
            error = SSL_get_error(ssl, 0);
        }
-        if (ret != SSL_SUCCESS)
-            err_sys("SSL_accept failed");
+        else if (select_ret == TEST_TIMEOUT &&
+                    (!CyaSSL_dtls(ssl) ||
+                    (CyaSSL_dtls_got_timeout(ssl) >= 0))) {
+            error = SSL_ERROR_WANT_READ;
+        }
+        else {
+            error = SSL_FATAL_ERROR;
+        }
    }
-#endif
+    if (ret != SSL_SUCCESS)
+        err_sys("SSL_accept failed");
+}
+
+
+static void Usage(void)
+{
+    printf("server "    LIBCYASSL_VERSION_STRING
+           " NOTE: All files relative to CyaSSL home dir\n");
+    printf("-?          Help, print this usage\n");
+    printf("-p <num>    Port to listen on, default %d\n", yasslPort);
+    printf("-v <num>    SSL version [0-3], SSLv3(0) - TLS1.2(3)), default %d\n",
+                                 SERVER_DEFAULT_VERSION);
+    printf("-l <str>    Cipher list\n");
+    printf("-c <file>   Certificate file,           default %s\n", svrCert);
+    printf("-k <file>   Key file,                   default %s\n", svrKey);
+    printf("-A <file>   Certificate Authority file, default %s\n", cliCert);
+    printf("-d          Disable client cert check\n");
+    printf("-b          Bind to any interface instead of localhost only\n");
+    printf("-s          Use pre Shared keys\n");
+    printf("-u          Use UDP DTLS\n");
+    printf("-N          Use Non-blocking sockets\n");
+}


 THREAD_RETURN CYASSL_THREAD server_test(void* args)
@@ -72,115 +112,242 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
    SSL_CTX*    ctx    = 0;
    SSL*        ssl    = 0;

-    char msg[] = "I hear you fa shizzle!";
-    char input[1024];
-    int  idx;
-   
-    ((func_args*)args)->return_code = -1; /* error state */
-#if defined(CYASSL_DTLS)
-    method  = DTLSv1_server_method();
-#elif  !defined(NO_TLS)
-    method = SSLv23_server_method();
-#else
-    method = SSLv3_server_method();
-#endif
-    ctx    = SSL_CTX_new(method);
+    char   msg[] = "I hear you fa shizzle!";
+    char   input[1024];
+    int    idx;
+    int    ch;
+    int    version = SERVER_DEFAULT_VERSION;
+    int    doCliCertCheck = 1;
+    int    useAnyAddr = 0;
+    int    port = yasslPort;
+    int    usePsk = 0;
+    int    doDTLS = 0;
+    int    useNtruKey = 0;
+    int    nonBlocking = 0;
+    char*  cipherList = NULL;
+    char*  verifyCert = (char*)cliCert;
+    char*  ourCert    = (char*)svrCert;
+    char*  ourKey     = (char*)svrKey;
+    int    argc = ((func_args*)args)->argc;
+    char** argv = ((func_args*)args)->argv;

+    ((func_args*)args)->return_code = -1; /* error state */
+
+    while ((ch = mygetopt(argc, argv, "?dbsnNup:v:l:A:c:k:")) != -1) {
+        switch (ch) {
+            case '?' :
+                Usage();
+                exit(EXIT_SUCCESS);
+
+            case 'd' :
+                doCliCertCheck = 0;
+                break;
+
+            case 'b' :
+                useAnyAddr = 1;
+                break;
+
+            case 's' :
+                usePsk = 1;
+                break;
+
+            case 'n' :
+                useNtruKey = 1;
+                break;
+
+            case 'u' :
+                doDTLS  = 1;
+                version = -1;  /* DTLS flag */
+                break;
+
+            case 'p' :
+                port = atoi(myoptarg);
+                break;
+
+            case 'v' :
+                version = atoi(myoptarg);
+                if (version < 0 || version > 3) {
+                    Usage();
+                    exit(MY_EX_USAGE);
+                }
+                if (doDTLS)
+                    version = -1;  /* stay with DTLS */
+                break;
+
+            case 'l' :
+                cipherList = myoptarg;
+                break;
+
+            case 'A' :
+                verifyCert = myoptarg;
+                break;
+
+            case 'c' :
+                ourCert = myoptarg;
+                break;
+
+            case 'k' :
+                ourKey = myoptarg;
+                break;
+
+            case 'N':
+                nonBlocking = 1;
+                break;
+
+            default:
+                Usage();
+                exit(MY_EX_USAGE);
+        }
+    }
+
+    argc -= myoptind;
+    argv += myoptind;
+    myoptind = 0;      /* reset for test cases */
+
+    switch (version) {
+        case 0:
+            method = SSLv3_server_method();
+            break;
+
+        case 1:
+            method = TLSv1_server_method();
+            break;
+
+        case 2:
+            method = TLSv1_1_server_method();
+            break;
+
+        case 3:
+            method = TLSv1_2_server_method();
+            break;
+
+#ifdef CYASSL_DTLS
+        case -1:
+            method = DTLSv1_server_method();
+            break;
+#endif
+
+        default:
+            err_sys("Bad SSL version");
+    }
+
+    if (method == NULL)
+        err_sys("unable to get method");
+
+    ctx = SSL_CTX_new(method);
+    if (ctx == NULL)
+        err_sys("unable to get ctx");
+
+    if (cipherList)
+        if (SSL_CTX_set_cipher_list(ctx, cipherList) != SSL_SUCCESS)
+            err_sys("can't set cipher list");
+
+#ifdef CYASSL_LEANPSK
+    usePsk = 1;
+#endif
+
+#ifndef NO_FILESYSTEM
+    if (!usePsk) {
+        if (SSL_CTX_use_certificate_file(ctx, ourCert, SSL_FILETYPE_PEM)
+                                         != SSL_SUCCESS)
+            err_sys("can't load server cert file, check file and run from"
+                    " CyaSSL home dir");
+    }
+#endif
+
+#ifdef HAVE_NTRU
+    if (useNtruKey) {
+        if (CyaSSL_CTX_use_NTRUPrivateKey_file(ctx, ourKey)
+                                               != SSL_SUCCESS)
+            err_sys("can't load ntru key file, "
+                    "Please run from CyaSSL home dir");
+    }
+#endif
+
+#ifndef NO_FILESYSTEM
+    if (!useNtruKey && !usePsk) {
+        if (SSL_CTX_use_PrivateKey_file(ctx, ourKey, SSL_FILETYPE_PEM)
+                                         != SSL_SUCCESS)
+            err_sys("can't load server cert file, check file and run from"
+                " CyaSSL home dir");
+    }
+#endif
+
+    if (usePsk) {
 #ifndef NO_PSK
-    /* do PSK */
-    SSL_CTX_set_psk_server_callback(ctx, my_psk_server_cb);
-    SSL_CTX_use_psk_identity_hint(ctx, "cyassl server");
-    SSL_CTX_set_cipher_list(ctx, "PSK-AES256-CBC-SHA");
-#else
-    /* not using PSK, verify peer with certs */
-    SSL_CTX_set_verify(ctx,SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,0);
+        SSL_CTX_set_psk_server_callback(ctx, my_psk_server_cb);
+        SSL_CTX_use_psk_identity_hint(ctx, "cyassl server");
+        if (cipherList == NULL) {
+            const char *defaultCipherList;
+            #ifdef HAVE_NULL_CIPHER
+                defaultCipherList = "PSK-NULL-SHA";
+            #else
+                defaultCipherList = "PSK-AES256-CBC-SHA";
+            #endif
+            if (SSL_CTX_set_cipher_list(ctx, defaultCipherList) != SSL_SUCCESS)
+                err_sys("can't set cipher list");
+        }
+#endif
+    }
+
+#ifndef NO_FILESYSTEM
+    /* if not using PSK, verify peer with certs */
+    if (doCliCertCheck && usePsk == 0) {
+        SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER |
+                                SSL_VERIFY_FAIL_IF_NO_PEER_CERT,0);
+        if (SSL_CTX_load_verify_locations(ctx, verifyCert, 0) != SSL_SUCCESS)
+            err_sys("can't load ca file, Please run from CyaSSL home dir");
+    }
 #endif

 #ifdef OPENSSL_EXTRA
    SSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
 #endif

-#ifndef NO_FILESYSTEM
-    /* for client auth */
-    if (SSL_CTX_load_verify_locations(ctx, cliCert, 0) != SSL_SUCCESS)
-        err_sys("can't load ca file, Please run from CyaSSL home dir");
-
-    #ifdef HAVE_ECC
-        if (SSL_CTX_use_certificate_file(ctx, eccCert, SSL_FILETYPE_PEM)
-                != SSL_SUCCESS)
-            err_sys("can't load server ecc cert file, "
-                    "Please run from CyaSSL home dir");
-
-        if (SSL_CTX_use_PrivateKey_file(ctx, eccKey, SSL_FILETYPE_PEM)
-                != SSL_SUCCESS)
-            err_sys("can't load server ecc key file, "
-                    "Please run from CyaSSL home dir");
-        /* for client auth */
-        if (SSL_CTX_load_verify_locations(ctx, cliEccCert, 0) != SSL_SUCCESS)
-            err_sys("can't load ecc ca file, Please run from CyaSSL home dir");
-
-    #elif HAVE_NTRU
-        if (SSL_CTX_use_certificate_file(ctx, ntruCert, SSL_FILETYPE_PEM)
-                != SSL_SUCCESS)
-            err_sys("can't load ntru cert file, "
-                    "Please run from CyaSSL home dir");
-
-        if (CyaSSL_CTX_use_NTRUPrivateKey_file(ctx, ntruKey)
-                != SSL_SUCCESS)
-            err_sys("can't load ntru key file, "
-                    "Please run from CyaSSL home dir");
-    #else  /* normal */
-        if (SSL_CTX_use_certificate_file(ctx, svrCert, SSL_FILETYPE_PEM)
-                != SSL_SUCCESS)
-            err_sys("can't load server cert chain file, "
-                    "Please run from CyaSSL home dir");
-
-        if (SSL_CTX_use_PrivateKey_file(ctx, svrKey, SSL_FILETYPE_PEM)
-                != SSL_SUCCESS)
-            err_sys("can't load server key file, "
-                    "Please run from CyaSSL home dir");
-    #endif /* NTRU */
-#else
-    load_buffer(ctx, cliCert, CYASSL_CA);
-    load_buffer(ctx, svrCert, CYASSL_CERT);
-    load_buffer(ctx, svrKey,  CYASSL_KEY);
-#endif /* NO_FILESYSTEM */
+#if defined(CYASSL_SNIFFER) && !defined(HAVE_NTRU) && !defined(HAVE_ECC)
+    /* don't use EDH, can't sniff tmp keys */
+    if (cipherList == NULL) {
+        if (SSL_CTX_set_cipher_list(ctx, "AES256-SHA") != SSL_SUCCESS)
+            err_sys("can't set cipher list");
+    }
+#endif

    ssl = SSL_new(ctx);
+    if (ssl == NULL)
+        err_sys("unable to get SSL");
+
 #ifdef HAVE_CRL
    CyaSSL_EnableCRL(ssl, 0);
    CyaSSL_LoadCRL(ssl, crlPemDir, SSL_FILETYPE_PEM, CYASSL_CRL_MONITOR |
                                                     CYASSL_CRL_START_MON);
    CyaSSL_SetCRL_Cb(ssl, CRL_CallBack);
 #endif
-    tcp_accept(&sockfd, &clientfd, (func_args*)args);
-#ifndef CYASSL_DTLS
-    CloseSocket(sockfd);
-#endif
+    tcp_accept(&sockfd, &clientfd, (func_args*)args, port, useAnyAddr, doDTLS);
+    if (!doDTLS) 
+        CloseSocket(sockfd);

    SSL_set_fd(ssl, clientfd);
-#ifdef NO_PSK
-    #if !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA)
-        CyaSSL_SetTmpDH_file(ssl, dhParam, SSL_FILETYPE_PEM);
-    #else
-        SetDH(ssl);  /* will repick suites with DHE, higher priority than PSK */
-    #endif
-#endif
+    if (usePsk == 0) {
+        #if !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA)
+            CyaSSL_SetTmpDH_file(ssl, dhParam, SSL_FILETYPE_PEM);
+        #elif !defined(NO_CERTS)
+            SetDH(ssl);  /* repick suites with DHE, higher priority than PSK */
+        #endif
+    }

-#ifdef NON_BLOCKING
-    tcp_set_nonblocking(&clientfd);
-    NonBlockingSSL_Accept(ssl);
-#else
-    #ifndef CYASSL_CALLBACKS
-        if (SSL_accept(ssl) != SSL_SUCCESS) {
-            int err = SSL_get_error(ssl, 0);
-            char buffer[80];
-            printf("error = %d, %s\n", err, ERR_error_string(err, buffer));
-            err_sys("SSL_accept failed");
-        }
-    #else
+#ifndef CYASSL_CALLBACKS
+    if (nonBlocking) {
+        CyaSSL_set_using_nonblock(ssl, 1);
+        tcp_set_nonblocking(&clientfd);
        NonBlockingSSL_Accept(ssl);
-    #endif
+    } else if (SSL_accept(ssl) != SSL_SUCCESS) {
+        int err = SSL_get_error(ssl, 0);
+        char buffer[80];
+        printf("error = %d, %s\n", err, ERR_error_string(err, buffer));
+        err_sys("SSL_accept failed");
+    }
+#else
+    NonBlockingSSL_Accept(ssl);
 #endif
    showPeer(ssl);

@@ -228,6 +395,9 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
        return args.return_code;
    }

+    int myoptind = 0;
+    char* myoptarg = NULL;
+
 #endif /* NO_MAIN_DRIVER */


--- a/examples/server/server.h
+++ b/examples/server/server.h
@@ -0,0 +1,24 @@
+/* server.c
+ *
+ * Copyright (C) 2006-2012 Sawtooth Consulting Ltd.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+#pragma once
+
+THREAD_RETURN CYASSL_THREAD server_test(void* args);
--- a/m4/ax_add_am_macro.m4
+++ b/m4/ax_add_am_macro.m4
@@ -0,0 +1,29 @@
+# ===========================================================================
+#      http://www.gnu.org/software/autoconf-archive/ax_add_am_macro.html
+# ===========================================================================
+#
+# SYNOPSIS
+#
+#   AX_ADD_AM_MACRO([RULE])
+#
+# DESCRIPTION
+#
+#   Adds the specified rule to $AMINCLUDE. This macro will only work
+#   properly with implementations of Make which allow include statements.
+#   See also AX_ADD_AM_MACRO_STATIC.
+#
+# LICENSE
+#
+#   Copyright (c) 2009 Tom Howard <tomhoward@users.sf.net>
+#
+#   Copying and distribution of this file, with or without modification, are
+#   permitted in any medium without royalty provided the copyright notice
+#   and this notice are preserved. This file is offered as-is, without any
+#   warranty.
+
+#serial 9
+
+AC_DEFUN([AX_ADD_AM_MACRO],[
+  AC_REQUIRE([AX_AM_MACROS])
+  AX_APPEND_TO_FILE([$AMINCLUDE],[$1])
+])
--- a/m4/ax_am_jobserver.m4
+++ b/m4/ax_am_jobserver.m4
@@ -0,0 +1,55 @@
+# ===========================================================================
+#      http://www.gnu.org/software/autoconf-archive/ax_am_jobserver.html
+# ===========================================================================
+#
+# SYNOPSIS
+#
+#   AX_AM_JOBSERVER([default_value])
+#
+# DESCRIPTION
+#
+#   Enables the use of make's jobserver for the purpose of parallel building
+#   by passing the -j option to make.
+#
+#   The option --enable-jobserver is added to configure which can accept a
+#   yes, no, or an integer. The integer is the number of separate jobs to
+#   allow. If 'yes' is given, then the is assumed to be one more than the
+#   number of CPUs (determined through AX_COUNT_CPUS). If the value of no is
+#   given, then the jobserver is disabled. The default value is given by the
+#   first argument of the macro, or 'yes' if the argument is omitted.
+#
+#   This macro makes use of AX_AM_MACROS, so you must add the following line
+#
+#     @INC_AMINCLUDE@
+#
+#   to your Makefile.am files.
+#
+# LICENSE
+#
+#   Copyright (c) 2008 Michael Paul Bailey <jinxidoru@byu.net>
+#
+#   Copying and distribution of this file, with or without modification, are
+#   permitted in any medium without royalty provided the copyright notice
+#   and this notice are preserved. This file is offered as-is, without any
+#   warranty.
+
+#serial 7
+
+AC_DEFUN([AX_AM_JOBSERVER], [
+    AC_REQUIRE([AX_COUNT_CPUS])
+    AC_REQUIRE([AX_AM_MACROS])
+    AC_ARG_ENABLE( jobserver,
+    [  --enable-jobserver@<:@=no/yes/@%:@@:>@ default=m4_ifval([$1],[$1],[yes])
+                        Enable up to @%:@ make jobs
+                        yes: enable one more than CPU count
+    ],, [enable_jobserver=m4_ifval([$1],[$1],[yes])])
+    if test "x$enable_jobserver" = "xyes"; then
+        enable_jobserver=$CPU_COUNT
+        ((enable_jobserver++))
+    fi
+    m4_pattern_allow(AM_MAKEFLAGS)
+    if test "x$enable_jobserver" != "xno"; then
+        AC_MSG_NOTICE([added jobserver support to make for $enable_jobserver jobs])
+        AX_ADD_AM_MACRO( AM_MAKEFLAGS += -j$enable_jobserver )
+    fi
+])
--- a/m4/ax_am_macros.m4
+++ b/m4/ax_am_macros.m4
@@ -0,0 +1,44 @@
+# ===========================================================================
+#       http://www.gnu.org/software/autoconf-archive/ax_am_macros.html
+# ===========================================================================
+#
+# SYNOPSIS
+#
+#   AX_AM_MACROS
+#
+# DESCRIPTION
+#
+#   Adds support for macros that create Make rules. You must manually add
+#   the following line
+#
+#     @INC_AMINCLUDE@
+#
+#   to your Makefile.in (or Makefile.am if you use Automake) files.
+#
+# LICENSE
+#
+#   Copyright (c) 2009 Tom Howard <tomhoward@users.sf.net>
+#
+#   Copying and distribution of this file, with or without modification, are
+#   permitted in any medium without royalty provided the copyright notice
+#   and this notice are preserved. This file is offered as-is, without any
+#   warranty.
+
+#serial 9
+
+AC_DEFUN([AX_AM_MACROS],
+[
+AC_MSG_NOTICE([adding automake macro support])
+AMINCLUDE="aminclude.am"
+AC_SUBST(AMINCLUDE)
+AC_MSG_NOTICE([creating $AMINCLUDE])
+AMINCLUDE_TIME=`date`
+AX_PRINT_TO_FILE([$AMINCLUDE],[[
+# generated automatically by configure from AX_AUTOMAKE_MACROS
+# on $AMINCLUDE_TIME
+
+]])
+
+INC_AMINCLUDE="include \$(top_builddir)/$AMINCLUDE"
+AC_SUBST(INC_AMINCLUDE)
+])
--- a/m4/ax_append_compile_flags.m4
+++ b/m4/ax_append_compile_flags.m4
@@ -0,0 +1,65 @@
+# ===========================================================================
+#  http://www.gnu.org/software/autoconf-archive/ax_append_compile_flags.html
+# ===========================================================================
+#
+# SYNOPSIS
+#
+#   AX_APPEND_COMPILE_FLAGS([FLAG1 FLAG2 ...], [FLAGS-VARIABLE], [EXTRA-FLAGS])
+#
+# DESCRIPTION
+#
+#   For every FLAG1, FLAG2 it is checked whether the compiler works with the
+#   flag.  If it does, the flag is added FLAGS-VARIABLE
+#
+#   If FLAGS-VARIABLE is not specified, the current language's flags (e.g.
+#   CFLAGS) is used.  During the check the flag is always added to the
+#   current language's flags.
+#
+#   If EXTRA-FLAGS is defined, it is added to the current language's default
+#   flags (e.g. CFLAGS) when the check is done.  The check is thus made with
+#   the flags: "CFLAGS EXTRA-FLAGS FLAG".  This can for example be used to
+#   force the compiler to issue an error when a bad flag is given.
+#
+#   NOTE: This macro depends on the AX_APPEND_FLAG and
+#   AX_CHECK_COMPILE_FLAG. Please keep this macro in sync with
+#   AX_APPEND_LINK_FLAGS.
+#
+# LICENSE
+#
+#   Copyright (c) 2011 Maarten Bosmans <mkbosmans@gmail.com>
+#
+#   This program is free software: you can redistribute it and/or modify it
+#   under the terms of the GNU General Public License as published by the
+#   Free Software Foundation, either version 3 of the License, or (at your
+#   option) any later version.
+#
+#   This program is distributed in the hope that it will be useful, but
+#   WITHOUT ANY WARRANTY; without even the implied warranty of
+#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
+#   Public License for more details.
+#
+#   You should have received a copy of the GNU General Public License along
+#   with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+#   As a special exception, the respective Autoconf Macro's copyright owner
+#   gives unlimited permission to copy, distribute and modify the configure
+#   scripts that are the output of Autoconf when processing the Macro. You
+#   need not follow the terms of the GNU General Public License when using
+#   or distributing such scripts, even though portions of the text of the
+#   Macro appear in them. The GNU General Public License (GPL) does govern
+#   all other use of the material that constitutes the Autoconf Macro.
+#
+#   This special exception to the GPL applies to versions of the Autoconf
+#   Macro released by the Autoconf Archive. When you make and distribute a
+#   modified version of the Autoconf Macro, you may extend this special
+#   exception to the GPL to apply to your modified version as well.
+
+#serial 3
+
+AC_DEFUN([AX_APPEND_COMPILE_FLAGS],
+[AC_REQUIRE([AX_CHECK_COMPILE_FLAG])
+AC_REQUIRE([AX_APPEND_FLAG])
+for flag in $1; do
+  AX_CHECK_COMPILE_FLAG([$flag], [AX_APPEND_FLAG([$flag], [$2])], [], [$3])
+done
+])dnl AX_APPEND_COMPILE_FLAGS
--- a/m4/ax_append_flag.m4
+++ b/m4/ax_append_flag.m4
@@ -0,0 +1,69 @@
+# ===========================================================================
+#      http://www.gnu.org/software/autoconf-archive/ax_append_flag.html
+# ===========================================================================
+#
+# SYNOPSIS
+#
+#   AX_APPEND_FLAG(FLAG, [FLAGS-VARIABLE])
+#
+# DESCRIPTION
+#
+#   FLAG is appended to the FLAGS-VARIABLE shell variable, with a space
+#   added in between.
+#
+#   If FLAGS-VARIABLE is not specified, the current language's flags (e.g.
+#   CFLAGS) is used.  FLAGS-VARIABLE is not changed if it already contains
+#   FLAG.  If FLAGS-VARIABLE is unset in the shell, it is set to exactly
+#   FLAG.
+#
+#   NOTE: Implementation based on AX_CFLAGS_GCC_OPTION.
+#
+# LICENSE
+#
+#   Copyright (c) 2008 Guido U. Draheim <guidod@gmx.de>
+#   Copyright (c) 2011 Maarten Bosmans <mkbosmans@gmail.com>
+#
+#   This program is free software: you can redistribute it and/or modify it
+#   under the terms of the GNU General Public License as published by the
+#   Free Software Foundation, either version 3 of the License, or (at your
+#   option) any later version.
+#
+#   This program is distributed in the hope that it will be useful, but
+#   WITHOUT ANY WARRANTY; without even the implied warranty of
+#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
+#   Public License for more details.
+#
+#   You should have received a copy of the GNU General Public License along
+#   with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+#   As a special exception, the respective Autoconf Macro's copyright owner
+#   gives unlimited permission to copy, distribute and modify the configure
+#   scripts that are the output of Autoconf when processing the Macro. You
+#   need not follow the terms of the GNU General Public License when using
+#   or distributing such scripts, even though portions of the text of the
+#   Macro appear in them. The GNU General Public License (GPL) does govern
+#   all other use of the material that constitutes the Autoconf Macro.
+#
+#   This special exception to the GPL applies to versions of the Autoconf
+#   Macro released by the Autoconf Archive. When you make and distribute a
+#   modified version of the Autoconf Macro, you may extend this special
+#   exception to the GPL to apply to your modified version as well.
+
+#serial 2
+
+AC_DEFUN([AX_APPEND_FLAG],
+[AC_PREREQ(2.59)dnl for _AC_LANG_PREFIX
+AS_VAR_PUSHDEF([FLAGS], [m4_default($2,_AC_LANG_PREFIX[FLAGS])])dnl
+AS_VAR_SET_IF(FLAGS,
+  [case " AS_VAR_GET(FLAGS) " in
+    *" $1 "*)
+      AC_RUN_LOG([: FLAGS already contains $1])
+      ;;
+    *)
+      AC_RUN_LOG([: FLAGS="$FLAGS $1"])
+      AS_VAR_SET(FLAGS, ["AS_VAR_GET(FLAGS) $1"])
+      ;;
+   esac],
+  [AS_VAR_SET(FLAGS,["$1"])])
+AS_VAR_POPDEF([FLAGS])dnl
+])dnl AX_APPEND_FLAG
--- a/m4/ax_append_link_flags.m4
+++ b/m4/ax_append_link_flags.m4
@@ -0,0 +1,63 @@
+# ===========================================================================
+#   http://www.gnu.org/software/autoconf-archive/ax_append_link_flags.html
+# ===========================================================================
+#
+# SYNOPSIS
+#
+#   AX_APPEND_LINK_FLAGS([FLAG1 FLAG2 ...], [FLAGS-VARIABLE], [EXTRA-FLAGS])
+#
+# DESCRIPTION
+#
+#   For every FLAG1, FLAG2 it is checked whether the linker works with the
+#   flag.  If it does, the flag is added FLAGS-VARIABLE
+#
+#   If FLAGS-VARIABLE is not specified, the linker's flags (LDFLAGS) is
+#   used. During the check the flag is always added to the linker's flags.
+#
+#   If EXTRA-FLAGS is defined, it is added to the linker's default flags
+#   when the check is done.  The check is thus made with the flags: "LDFLAGS
+#   EXTRA-FLAGS FLAG".  This can for example be used to force the linker to
+#   issue an error when a bad flag is given.
+#
+#   NOTE: This macro depends on the AX_APPEND_FLAG and AX_CHECK_LINK_FLAG.
+#   Please keep this macro in sync with AX_APPEND_COMPILE_FLAGS.
+#
+# LICENSE
+#
+#   Copyright (c) 2011 Maarten Bosmans <mkbosmans@gmail.com>
+#
+#   This program is free software: you can redistribute it and/or modify it
+#   under the terms of the GNU General Public License as published by the
+#   Free Software Foundation, either version 3 of the License, or (at your
+#   option) any later version.
+#
+#   This program is distributed in the hope that it will be useful, but
+#   WITHOUT ANY WARRANTY; without even the implied warranty of
+#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
+#   Public License for more details.
+#
+#   You should have received a copy of the GNU General Public License along
+#   with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+#   As a special exception, the respective Autoconf Macro's copyright owner
+#   gives unlimited permission to copy, distribute and modify the configure
+#   scripts that are the output of Autoconf when processing the Macro. You
+#   need not follow the terms of the GNU General Public License when using
+#   or distributing such scripts, even though portions of the text of the
+#   Macro appear in them. The GNU General Public License (GPL) does govern
+#   all other use of the material that constitutes the Autoconf Macro.
+#
+#   This special exception to the GPL applies to versions of the Autoconf
+#   Macro released by the Autoconf Archive. When you make and distribute a
+#   modified version of the Autoconf Macro, you may extend this special
+#   exception to the GPL to apply to your modified version as well.
+
+#serial 3
+
+AC_DEFUN([AX_APPEND_LINK_FLAGS],
+[AC_REQUIRE([AX_CHECK_LINK_FLAG])
+AC_REQUIRE([AX_APPEND_FLAG])
+for flag in $1; do
+  AX_CHECK_LINK_FLAG([$flag], [AX_APPEND_FLAG([$flag], [m4_default([$2], [LDFLAGS])])], [], [$3])
+done
+])dnl AX_APPEND_LINK_FLAGS
--- a/m4/ax_append_to_file.m4
+++ b/m4/ax_append_to_file.m4
@@ -0,0 +1,27 @@
+# ===========================================================================
+#     http://www.gnu.org/software/autoconf-archive/ax_append_to_file.html
+# ===========================================================================
+#
+# SYNOPSIS
+#
+#   AX_APPEND_TO_FILE([FILE],[DATA])
+#
+# DESCRIPTION
+#
+#   Appends the specified data to the specified file.
+#
+# LICENSE
+#
+#   Copyright (c) 2008 Tom Howard <tomhoward@users.sf.net>
+#
+#   Copying and distribution of this file, with or without modification, are
+#   permitted in any medium without royalty provided the copyright notice
+#   and this notice are preserved. This file is offered as-is, without any
+#   warranty.
+
+#serial 7
+
+AC_DEFUN([AX_APPEND_TO_FILE],[
+AC_REQUIRE([AX_FILE_ESCAPES])
+printf "$2" >> "$1"
+])
--- a/m4/ax_check_compile_flag.m4
+++ b/m4/ax_check_compile_flag.m4
@@ -0,0 +1,72 @@
+# ===========================================================================
+#   http://www.gnu.org/software/autoconf-archive/ax_check_compile_flag.html
+# ===========================================================================
+#
+# SYNOPSIS
+#
+#   AX_CHECK_COMPILE_FLAG(FLAG, [ACTION-SUCCESS], [ACTION-FAILURE], [EXTRA-FLAGS])
+#
+# DESCRIPTION
+#
+#   Check whether the given FLAG works with the current language's compiler
+#   or gives an error.  (Warnings, however, are ignored)
+#
+#   ACTION-SUCCESS/ACTION-FAILURE are shell commands to execute on
+#   success/failure.
+#
+#   If EXTRA-FLAGS is defined, it is added to the current language's default
+#   flags (e.g. CFLAGS) when the check is done.  The check is thus made with
+#   the flags: "CFLAGS EXTRA-FLAGS FLAG".  This can for example be used to
+#   force the compiler to issue an error when a bad flag is given.
+#
+#   NOTE: Implementation based on AX_CFLAGS_GCC_OPTION. Please keep this
+#   macro in sync with AX_CHECK_{PREPROC,LINK}_FLAG.
+#
+# LICENSE
+#
+#   Copyright (c) 2008 Guido U. Draheim <guidod@gmx.de>
+#   Copyright (c) 2011 Maarten Bosmans <mkbosmans@gmail.com>
+#
+#   This program is free software: you can redistribute it and/or modify it
+#   under the terms of the GNU General Public License as published by the
+#   Free Software Foundation, either version 3 of the License, or (at your
+#   option) any later version.
+#
+#   This program is distributed in the hope that it will be useful, but
+#   WITHOUT ANY WARRANTY; without even the implied warranty of
+#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
+#   Public License for more details.
+#
+#   You should have received a copy of the GNU General Public License along
+#   with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+#   As a special exception, the respective Autoconf Macro's copyright owner
+#   gives unlimited permission to copy, distribute and modify the configure
+#   scripts that are the output of Autoconf when processing the Macro. You
+#   need not follow the terms of the GNU General Public License when using
+#   or distributing such scripts, even though portions of the text of the
+#   Macro appear in them. The GNU General Public License (GPL) does govern
+#   all other use of the material that constitutes the Autoconf Macro.
+#
+#   This special exception to the GPL applies to versions of the Autoconf
+#   Macro released by the Autoconf Archive. When you make and distribute a
+#   modified version of the Autoconf Macro, you may extend this special
+#   exception to the GPL to apply to your modified version as well.
+
+#serial 2
+
+AC_DEFUN([AX_CHECK_COMPILE_FLAG],
+[AC_PREREQ(2.59)dnl for _AC_LANG_PREFIX
+AS_VAR_PUSHDEF([CACHEVAR],[ax_cv_check_[]_AC_LANG_ABBREV[]flags_$4_$1])dnl
+AC_CACHE_CHECK([whether _AC_LANG compiler accepts $1], CACHEVAR, [
+  ax_check_save_flags=$[]_AC_LANG_PREFIX[]FLAGS
+  _AC_LANG_PREFIX[]FLAGS="$[]_AC_LANG_PREFIX[]FLAGS $4 $1"
+  AC_COMPILE_IFELSE([AC_LANG_PROGRAM()],
+    [AS_VAR_SET(CACHEVAR,[yes])],
+    [AS_VAR_SET(CACHEVAR,[no])])
+  _AC_LANG_PREFIX[]FLAGS=$ax_check_save_flags])
+AS_IF([test x"AS_VAR_GET(CACHEVAR)" = xyes],
+  [m4_default([$2], :)],
+  [m4_default([$3], :)])
+AS_VAR_POPDEF([CACHEVAR])dnl
+])dnl AX_CHECK_COMPILE_FLAGS
--- a/m4/ax_check_link_flag.m4
+++ b/m4/ax_check_link_flag.m4
@@ -0,0 +1,71 @@
+# ===========================================================================
+#    http://www.gnu.org/software/autoconf-archive/ax_check_link_flag.html
+# ===========================================================================
+#
+# SYNOPSIS
+#
+#   AX_CHECK_LINK_FLAG(FLAG, [ACTION-SUCCESS], [ACTION-FAILURE], [EXTRA-FLAGS])
+#
+# DESCRIPTION
+#
+#   Check whether the given FLAG works with the linker or gives an error.
+#   (Warnings, however, are ignored)
+#
+#   ACTION-SUCCESS/ACTION-FAILURE are shell commands to execute on
+#   success/failure.
+#
+#   If EXTRA-FLAGS is defined, it is added to the linker's default flags
+#   when the check is done.  The check is thus made with the flags: "LDFLAGS
+#   EXTRA-FLAGS FLAG".  This can for example be used to force the linker to
+#   issue an error when a bad flag is given.
+#
+#   NOTE: Implementation based on AX_CFLAGS_GCC_OPTION. Please keep this
+#   macro in sync with AX_CHECK_{PREPROC,COMPILE}_FLAG.
+#
+# LICENSE
+#
+#   Copyright (c) 2008 Guido U. Draheim <guidod@gmx.de>
+#   Copyright (c) 2011 Maarten Bosmans <mkbosmans@gmail.com>
+#
+#   This program is free software: you can redistribute it and/or modify it
+#   under the terms of the GNU General Public License as published by the
+#   Free Software Foundation, either version 3 of the License, or (at your
+#   option) any later version.
+#
+#   This program is distributed in the hope that it will be useful, but
+#   WITHOUT ANY WARRANTY; without even the implied warranty of
+#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
+#   Public License for more details.
+#
+#   You should have received a copy of the GNU General Public License along
+#   with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+#   As a special exception, the respective Autoconf Macro's copyright owner
+#   gives unlimited permission to copy, distribute and modify the configure
+#   scripts that are the output of Autoconf when processing the Macro. You
+#   need not follow the terms of the GNU General Public License when using
+#   or distributing such scripts, even though portions of the text of the
+#   Macro appear in them. The GNU General Public License (GPL) does govern
+#   all other use of the material that constitutes the Autoconf Macro.
+#
+#   This special exception to the GPL applies to versions of the Autoconf
+#   Macro released by the Autoconf Archive. When you make and distribute a
+#   modified version of the Autoconf Macro, you may extend this special
+#   exception to the GPL to apply to your modified version as well.
+
+#serial 2
+
+AC_DEFUN([AX_CHECK_LINK_FLAG],
+[AS_VAR_PUSHDEF([CACHEVAR],[ax_cv_check_ldflags_$4_$1])dnl
+AC_CACHE_CHECK([whether the linker accepts $1], CACHEVAR, [
+  ax_check_save_flags=$LDFLAGS
+  LDFLAGS="$LDFLAGS $4 $1"
+  AC_LINK_IFELSE([AC_LANG_PROGRAM()],
+    [AS_VAR_SET(CACHEVAR,[yes])],
+    [AS_VAR_SET(CACHEVAR,[no])])
+  LDFLAGS=$ax_check_save_flags])
+AS_IF([test x"AS_VAR_GET(CACHEVAR)" = xyes],
+  [m4_default([$2], :)],
+  [m4_default([$3], :)])
+AS_VAR_POPDEF([CACHEVAR])dnl
+])dnl AX_CHECK_LINK_FLAGS
--- a/m4/ax_compiler_version.m4
+++ b/m4/ax_compiler_version.m4
@@ -0,0 +1,36 @@
+AC_DEFUN([AX_C_COMPILER_VERSION],[
+
+    dnl Print version of C compiler
+    AC_MSG_CHECKING("C Compiler version--$GCC")
+    AS_IF([test "$GCC" = "yes"],[
+      CC_VERSION=`$CC --version | sed 1q` ],[
+      test "$SUNCC" = "yes"],[
+      CC_VERSION=`$CC -V 2>&1 | sed 1q` ],[
+      test "$CLANG" = "yes"],[
+      CC_VERSION=`$CC --version 2>&1 | sed 1q` ],[
+      CC_VERSION=""
+      ])
+    AC_MSG_RESULT("$CC_VERSION")
+    AC_SUBST(CC_VERSION)
+    ])
+
+
+AC_DEFUN([AX_CXX_COMPILER_VERSION], [
+
+    dnl Check C version while at it
+    AC_REQUIRE([AX_C_COMPILER_VERSION])
+
+    dnl Print version of CXX compiler
+    AC_MSG_CHECKING("C++ Compiler version")
+    AS_IF([test "$GCC" = "yes"],[
+      CXX_VERSION=`$CXX --version | sed 1q` ],[
+      test "$SUNCC" = "yes"],[
+      CXX_VERSION=`$CXX -V 2>&1 | sed 1q` ],[
+      test "$CLANG" = "yes"],[
+      CXX_VERSION=`$CXX --version 2>&1 | sed 1q` ],[
+      CXX_VERSION=""
+      ])
+    AC_MSG_RESULT("$CXX_VERSION")
+    AC_SUBST(CXX_VERSION)
+  ])
+
--- a/m4/ax_count_cpus.m4
+++ b/m4/ax_count_cpus.m4
@@ -0,0 +1,57 @@
+# ===========================================================================
+#       http://www.gnu.org/software/autoconf-archive/ax_count_cpus.html
+# ===========================================================================
+#
+# SYNOPSIS
+#
+#   AX_COUNT_CPUS
+#
+# DESCRIPTION
+#
+#   Attempt to count the number of processors present on the machine. If the
+#   detection fails, then a value of 1 is assumed.
+#
+#   The value is placed in the CPU_COUNT variable.
+#
+# LICENSE
+#
+#   Copyright (c) 2012 Brian Aker <brian@tangent.org>
+#   Copyright (c) 2008 Michael Paul Bailey <jinxidoru@byu.net>
+#   Copyright (c) 2008 Christophe Tournayre <turn3r@users.sourceforge.net>
+#
+#   Copying and distribution of this file, with or without modification, are
+#   permitted in any medium without royalty provided the copyright notice
+#   and this notice are preserved. This file is offered as-is, without any
+#   warranty.
+
+#serial 10
+
+  AC_DEFUN([AX_COUNT_CPUS],[
+      AC_REQUIRE([AC_CANONICAL_HOST])
+      AC_REQUIRE([AC_PROG_EGREP])
+      AC_MSG_CHECKING([the number of available CPUs])
+      CPU_COUNT="0"
+
+      AS_CASE([$host_os],[
+        *darwin*],[
+        AS_IF([test -x /usr/sbin/sysctl],[
+          sysctl_a=`/usr/sbin/sysctl -a 2>/dev/null| grep -c hw.cpu`
+          AS_IF([test sysctl_a],[
+            CPU_COUNT=`/usr/sbin/sysctl -n hw.ncpu`
+            ])
+          ])],[
+        *linux*],[
+        AS_IF([test "x$CPU_COUNT" = "x0" -a -e /proc/cpuinfo],[
+          AS_IF([test "x$CPU_COUNT" = "x0" -a -e /proc/cpuinfo],[
+            CPU_COUNT=`$EGREP -c '^processor' /proc/cpuinfo`
+            ])
+          ])
+        ])
+
+      AS_IF([test "x$CPU_COUNT" = "x0"],[
+        CPU_COUNT="1"
+        AC_MSG_RESULT( [unable to detect (assuming 1)] )
+        ],[
+        AC_MSG_RESULT( $CPU_COUNT )
+        ])
+      ])
--- a/m4/ax_create_generic_config.m4
+++ b/m4/ax_create_generic_config.m4
@@ -0,0 +1,195 @@
+# ============================================================================
+#  http://www.gnu.org/software/autoconf-archive/ax_create_generic_config.html
+# ============================================================================
+#
+# SYNOPSIS
+#
+#   AX_CREATE_GENERIC_CONFIG [(PACKAGEnlibs [, VERSION])]
+#
+# DESCRIPTION
+#
+#   Creates a generic PACKAGE-config file that has all the things that you
+#   want, hmm, well, atleast it has --cflags, --version, --libs. Ahhm, did
+#   you see ax_path_generic in the autoconf-archive? ;-)
+#
+#   this macros saves you all the typing for a pkg-config.in script, you
+#   don't even need to distribute one along. Place this macro in your
+#   configure.ac, et voila, you got one that you want to install.
+#
+#   oh, btw, if the first arg looks like "mylib -lwhat' then it will go to
+#   be added to the --libs, and mylib is extracted.
+#
+#   the defaults: $1 = $PACKAGE $LIBS $2 = $VERSION there is also an
+#   AC_SUBST(GENERIC_CONFIG) that will be set to the name of the file that
+#   we did output in this macro. Use as:
+#
+#    install-exec-local:    install-generic-config
+#
+#    install-generic-config:
+#       $(mkinstalldirs) $(DESTDIR)$(bindir)
+#       $(INSTALL_SCRIPT) @GENERIC_CONFIG@ $(DESTDIR)$(bindir)
+#
+# LICENSE
+#
+#   Copyright (c) 2008 Guido U. Draheim <guidod@gmx.de>
+#
+#   This program is free software; you can redistribute it and/or modify it
+#   under the terms of the GNU General Public License as published by the
+#   Free Software Foundation; either version 3 of the License, or (at your
+#   option) any later version.
+#
+#   This program is distributed in the hope that it will be useful, but
+#   WITHOUT ANY WARRANTY; without even the implied warranty of
+#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
+#   Public License for more details.
+#
+#   You should have received a copy of the GNU General Public License along
+#   with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+#   As a special exception, the respective Autoconf Macro's copyright owner
+#   gives unlimited permission to copy, distribute and modify the configure
+#   scripts that are the output of Autoconf when processing the Macro. You
+#   need not follow the terms of the GNU General Public License when using
+#   or distributing such scripts, even though portions of the text of the
+#   Macro appear in them. The GNU General Public License (GPL) does govern
+#   all other use of the material that constitutes the Autoconf Macro.
+#
+#   This special exception to the GPL applies to versions of the Autoconf
+#   Macro released by the Autoconf Archive. When you make and distribute a
+#   modified version of the Autoconf Macro, you may extend this special
+#   exception to the GPL to apply to your modified version as well.
+
+#serial 6
+
+AU_ALIAS([AC_CREATE_GENERIC_CONFIG], [AX_CREATE_GENERIC_CONFIG])
+AC_DEFUN([AX_CREATE_GENERIC_CONFIG],[# create a generic PACKAGE-config file
+L=`echo ifelse($1, , $PACKAGE $LIBS, $1)`
+P=`echo $L | sed -e 's/ -.*//'`
+P=`echo $P`
+V=`echo ifelse($2, , $VERSION, $2)`
+F=`echo $P-config`
+L=`echo -l$L | sed -e 's/^-llib/-l/'`
+AC_MSG_RESULT(creating $F - generic $V for $L)
+test "x$prefix" = xNONE && prefix="$ac_default_prefix"
+test "x$exec_prefix" = xNONE && exec_prefix='${prefix}'
+echo '#! /bin/sh' >$F
+echo ' ' >>$F
+echo 'package="'$P'"' >>$F
+echo 'version="'$V'"' >>$F
+echo 'libs="'$L'"' >>$F
+echo ' ' >>$F
+# in the order of occurence a standard automake Makefile
+echo 'prefix="'$prefix'"' >>$F
+echo 'exec_prefix="'$exec_prefix'"' >>$F
+echo 'bindir="'$bindir'"' >>$F
+echo 'sbindir="'$sbindir'"' >>$F
+echo 'libexecdir="'$libexecdir'"' >>$F
+echo 'datadir="'$datadir'"' >>$F
+echo 'sysconfdir="'$sysconfdir'"' >>$F
+echo 'sharedstatedir="'$sharedstatedir'"' >>$F
+echo 'localstatedir="'$localstatedir'"' >>$F
+echo 'libdir="'$libdir'"' >>$F
+echo 'infodir="'$infodir'"' >>$F
+echo 'mandir="'$mandir'"' >>$F
+echo 'includedir="'$includedir'"' >>$F
+echo 'target="'$target'"' >>$F
+echo 'host="'$host'"' >>$F
+echo 'build="'$build'"' >>$F
+echo ' ' >>$F
+echo 'if test "'"\$""#"'" -eq 0; then' >>$F
+echo '   cat <<EOF' >>$F
+echo 'Usage: $package-config [OPTIONS]' >>$F
+echo 'Options:' >>$F
+echo '  --prefix[=DIR]) : \$prefix' >>$F
+echo '  --package) : \$package' >>$F
+echo '  --version) : \$version' >>$F
+echo '  --cflags) : -I\$includedir' >>$F
+echo '  --libs) : -L\$libdir -l\$package' >>$F
+echo '  --help) print all the options (not just these)' >>$F
+echo 'EOF' >>$F
+echo 'fi' >>$F
+echo ' ' >>$F
+echo 'o=""' >>$F
+echo 'h=""' >>$F
+echo 'for i in "[$]@"; do' >>$F
+echo '  case $i in' >>$F
+echo '  --prefix=*) prefix=`echo $i | sed -e "s/--prefix=//"` ;;' >>$F
+echo '  --prefix)    o="$o $prefix" ;;' >>$F
+echo '  --package)   o="$o $package" ;;' >>$F
+echo '  --version)   o="$o $version" ;;' >>$F
+echo '  --cflags) if test "_$includedir" != "_/usr/include"' >>$F
+echo '          then o="$o -I$includedir" ; fi' >>$F
+echo '  ;;' >>$F
+echo '  --libs)      o="$o -L$libdir $libs" ;;' >>$F
+echo '  --exec_prefix|--eprefix) o="$o $exec_prefix" ;;' >>$F
+echo '  --bindir)                o="$o $bindir" ;;' >>$F
+echo '  --sbindir)               o="$o $sbindir" ;;' >>$F
+echo '  --libexecdir)            o="$o $libexecdir" ;;' >>$F
+echo '  --datadir)               o="$o $datadir" ;;' >>$F
+echo '  --datainc)               o="$o -I$datadir" ;;' >>$F
+echo '  --datalib)               o="$o -L$datadir" ;;' >>$F
+echo '  --sysconfdir)            o="$o $sysconfdir" ;;' >>$F
+echo '  --sharedstatedir)        o="$o $sharedstatedir" ;;' >>$F
+echo '  --localstatedir)         o="$o $localstatedir" ;;' >>$F
+echo '  --libdir)                o="$o $libdir" ;;' >>$F
+echo '  --libadd)                o="$o -L$libdir" ;;' >>$F
+echo '  --infodir)               o="$o $infodir" ;;' >>$F
+echo '  --mandir)                o="$o $mandir" ;;' >>$F
+echo '  --target)                o="$o $target" ;;' >>$F
+echo '  --host)                  o="$o $host" ;;' >>$F
+echo '  --build)                 o="$o $build" ;;' >>$F
+echo '  --data)                  o="$o -I$datadir/$package" ;;' >>$F
+echo '  --pkgdatadir)            o="$o $datadir/$package" ;;' >>$F
+echo '  --pkgdatainc)            o="$o -I$datadir/$package" ;;' >>$F
+echo '  --pkgdatalib)            o="$o -L$datadir/$package" ;;' >>$F
+echo '  --pkglibdir)             o="$o $libdir/$package" ;;' >>$F
+echo '  --pkglibinc)             o="$o -I$libinc/$package" ;;' >>$F
+echo '  --pkglibadd)             o="$o -L$libadd/$package" ;;' >>$F
+echo '  --pkgincludedir)         o="$o $includedir/$package" ;;' >>$F
+echo '  --help) h="1" ;;' >>$F
+echo '  -?//*|-?/*//*|-?./*//*|//*|/*//*|./*//*) ' >>$F
+echo '       v=`echo $i | sed -e s://:\$:g`' >>$F
+echo '       v=`eval "echo $v"` ' >>$F
+echo '       o="$o $v" ;; ' >>$F
+echo '  esac' >>$F
+echo 'done' >>$F
+echo ' ' >>$F
+echo 'o=`eval "echo $o"`' >>$F
+echo 'o=`eval "echo $o"`' >>$F
+echo 'eval "echo $o"' >>$F
+echo ' ' >>$F
+echo 'if test ! -z "$h" ; then ' >>$F
+echo 'cat <<EOF' >>$F
+echo '  --prefix=xxx)      (what is that for anyway?)' >>$F
+echo '  --prefix)         \$prefix        $prefix' >>$F
+echo '  --package)        \$package       $package' >>$F
+echo '  --version)        \$version       $version' >>$F
+echo '  --cflags)         -I\$includedir    unless it is /usr/include' >>$F
+echo '  --libs)           -L\$libdir -l\$PACKAGE \$LIBS' >>$F
+echo '  --exec_prefix) or... ' >>$F
+echo '  --eprefix)        \$exec_prefix   $exec_prefix' >>$F
+echo '  --bindir)         \$bindir        $bindir' >>$F
+echo '  --sbindir)        \$sbindir       $sbindir' >>$F
+echo '  --libexecdir)     \$libexecdir    $libexecdir' >>$F
+echo '  --datadir)        \$datadir       $datadir' >>$F
+echo '  --sysconfdir)     \$sysconfdir    $sysconfdir' >>$F
+echo '  --sharedstatedir) \$sharedstatedir$sharedstatedir' >>$F
+echo '  --localstatedir)  \$localstatedir $localstatedir' >>$F
+echo '  --libdir)         \$libdir        $libdir' >>$F
+echo '  --infodir)        \$infodir       $infodir' >>$F
+echo '  --mandir)         \$mandir        $mandir' >>$F
+echo '  --target)         \$target        $target' >>$F
+echo '  --host)           \$host          $host' >>$F
+echo '  --build)          \$build         $build' >>$F
+echo '  --data)           -I\$datadir/\$package' >>$F
+echo '  --pkgdatadir)     \$datadir/\$package' >>$F
+echo '  --pkglibdir)      \$libdir/\$package' >>$F
+echo '  --pkgincludedir)  \$includedir/\$package' >>$F
+echo '  --help)           generated by ax_create_generic_config.m4' >>$F
+echo '  -I//varname and other inc-targets like --pkgdatainc supported' >>$F
+echo '  -L//varname and other lib-targets, e.g. --pkgdatalib or --libadd' >>$F
+echo 'EOF' >>$F
+echo 'fi' >>$F
+GENERIC_CONFIG="$F"
+AC_SUBST(GENERIC_CONFIG)
+])
--- a/m4/ax_debug.m4
+++ b/m4/ax_debug.m4
@@ -0,0 +1,61 @@
+# ===========================================================================
+#      https://github.com/BrianAker/ddm4/
+# ===========================================================================
+#
+# SYNOPSIS
+#
+#   AX_DEBUG()
+#
+# DESCRIPTION
+#
+#   --enable-debug
+#
+# LICENSE
+#
+#  Copyright (C) 2012 Brian Aker
+#  All rights reserved.
+#  
+#  Redistribution and use in source and binary forms, with or without
+#  modification, are permitted provided that the following conditions are
+#  met:
+#  
+#      * Redistributions of source code must retain the above copyright
+#  notice, this list of conditions and the following disclaimer.
+#  
+#      * Redistributions in binary form must reproduce the above
+#  copyright notice, this list of conditions and the following disclaimer
+#  in the documentation and/or other materials provided with the
+#  distribution.
+#  
+#      * The names of its contributors may not be used to endorse or
+#  promote products derived from this software without specific prior
+#  written permission.
+#  
+#  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+#  "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+#  LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+#  A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+#  OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+#  SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+#  LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+#  DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+#  THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+#  (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+#  OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+#serial 2
+
+AC_DEFUN([AX_DEBUG],[
+    AC_ARG_ENABLE([debug],
+      [AS_HELP_STRING([--enable-debug],
+        [Add debug code/turns off optimizations (yes|no) @<:@default=no@:>@])],[
+      ax_enable_debug=yes
+      AC_DEFINE(DEBUG, [ 1 ], [Define to 1 to enable debugging code.])
+      ],[
+      ax_enable_debug=no
+      AC_DEFINE(DEBUG, [ 0 ], [Define to 1 to enable debugging code.])
+      ])
+
+    AC_MSG_CHECKING([for debug])
+    AC_MSG_RESULT([$ax_enable_debug])
+    ])
--- a/m4/ax_file_escapes.m4
+++ b/m4/ax_file_escapes.m4
@@ -0,0 +1,30 @@
+# ===========================================================================
+#      http://www.gnu.org/software/autoconf-archive/ax_file_escapes.html
+# ===========================================================================
+#
+# SYNOPSIS
+#
+#   AX_FILE_ESCAPES
+#
+# DESCRIPTION
+#
+#   Writes the specified data to the specified file.
+#
+# LICENSE
+#
+#   Copyright (c) 2008 Tom Howard <tomhoward@users.sf.net>
+#
+#   Copying and distribution of this file, with or without modification, are
+#   permitted in any medium without royalty provided the copyright notice
+#   and this notice are preserved. This file is offered as-is, without any
+#   warranty.
+
+#serial 7
+
+AC_DEFUN([AX_FILE_ESCAPES],[
+AX_DOLLAR="\$"
+AX_SRB="\\135"
+AX_SLB="\\133"
+AX_BS="\\\\"
+AX_DQ="\""
+])
--- a/m4/ax_harden_compiler_flags.m4
+++ b/m4/ax_harden_compiler_flags.m4
@@ -0,0 +1,236 @@
+# ===========================================================================
+#      https://github.com/BrianAker/ddm4/
+# ===========================================================================
+#
+# SYNOPSIS
+#
+#   AX_HARDEN_COMPILER_FLAGS()
+#   AX_HARDEN_LINKER_FLAGS()
+#   AX_HARDEN_CC_COMPILER_FLAGS()
+#   AX_HARDEN_CXX_COMPILER_FLAGS()
+#
+# DESCRIPTION
+#
+#   Any compiler flag that "hardens" or tests code. C99 is assumed.
+#
+#   NOTE: Implementation based on AX_APPEND_FLAG.
+#
+# LICENSE
+#
+#  Copyright (C) 2012 Brian Aker
+#  All rights reserved.
+#  
+#  Redistribution and use in source and binary forms, with or without
+#  modification, are permitted provided that the following conditions are
+#  met:
+#  
+#      * Redistributions of source code must retain the above copyright
+#  notice, this list of conditions and the following disclaimer.
+#  
+#      * Redistributions in binary form must reproduce the above
+#  copyright notice, this list of conditions and the following disclaimer
+#  in the documentation and/or other materials provided with the
+#  distribution.
+#  
+#      * The names of its contributors may not be used to endorse or
+#  promote products derived from this software without specific prior
+#  written permission.
+#  
+#  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+#  "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+#  LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+#  A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+#  OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+#  SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+#  LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+#  DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+#  THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+#  (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+#  OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+# The Following flags are not checked for
+# -Wdeclaration-after-statement is counter to C99
+# AX_APPEND_COMPILE_FLAGS([-std=c++11]) -- Not ready yet
+# AX_APPEND_COMPILE_FLAGS([-pedantic]) -- ?
+# AX_APPEND_COMPILE_FLAGS([-Wstack-protector]) -- Issues on 32bit compile
+# AX_APPEND_COMPILE_FLAGS([-fstack-protector-all]) -- Issues on 32bit compile
+# AX_APPEND_COMPILE_FLAGS([-Wlong-long]) -- Don't turn on for compatibility issues memcached_stat_st
+# AX_APPEND_COMPILE_FLAGS([-Wold-style-definition],,[$ax_append_compile_cflags_extra])
+# AX_APPEND_COMPILE_FLAGS([-std=c99],,[$ax_append_compile_cflags_extra])
+# AX_APPEND_COMPILE_FLAGS([-Wlogical-op],,[$ax_append_compile_cflags_extra])
+# AX_APPEND_COMPILE_FLAGS([-fstack-check],,[$ax_append_compile_cflags_extra]) -- problems with fastmath stack size checks
+
+#serial 4
+
+  AC_DEFUN([AX_HARDEN_LINKER_FLAGS], [
+      AC_REQUIRE([AX_CHECK_LINK_FLAG])
+      AC_REQUIRE([AX_VCS_CHECKOUT])
+      AC_REQUIRE([AX_DEBUG])
+      AC_REQUIRE([AX_CXX_COMPILER_VERSION])
+
+      dnl If we are inside of VCS we append -Werror, otherwise we just use it to test other flags
+      AX_HARDEN_LIB=
+      ax_append_compile_link_flags_extra=
+      AS_IF([test "x$ac_cv_vcs_checkout" = "xyes"],[
+        AX_CHECK_LINK_FLAG([-Werror],[
+          AX_HARDEN_LIB="-Werror $AX_HARDEN_LIB"
+          ])
+        ],[
+        AX_CHECK_LINK_FLAG([-Werror],[
+          ax_append_compile_link_flags_extra='-Werror'
+          ])
+        ])
+
+      AX_CHECK_LINK_FLAG([-z relro -z now],[
+        AX_HARDEN_LIB="-z relro -z now $AX_HARDEN_LIB"
+        ],,[$ax_append_compile_link_flags_extra])
+
+      AX_CHECK_LINK_FLAG([-pie],[
+          AX_HARDEN_LIB="-pie $AX_HARDEN_LIB"
+          ],,[$ax_append_compile_link_flags_extra])
+
+      LIB="$LIB $AX_HARDEN_LIB"
+      ])
+
+  AC_DEFUN([AX_HARDEN_CC_COMPILER_FLAGS], [
+      AC_REQUIRE([AX_APPEND_COMPILE_FLAGS])
+      AC_REQUIRE([AX_HARDEN_LINKER_FLAGS])
+
+      AC_LANG_PUSH([C])
+
+      CFLAGS=
+      ac_cv_warnings_as_errors=no
+      ax_append_compile_cflags_extra=
+      AS_IF([test "$ac_cv_vcs_checkout" = "yes"],[
+        AX_APPEND_COMPILE_FLAGS([-Werror])
+        ac_cv_warnings_as_errors=yes
+        ],[
+        AX_APPEND_COMPILE_FLAGS([-Werror],[ax_append_compile_cflags_extra])
+        ])
+
+      AS_IF([test "$ax_enable_debug" = "yes"], [
+        AX_APPEND_COMPILE_FLAGS([-g])
+        AX_APPEND_COMPILE_FLAGS([-ggdb],,[$ax_append_compile_cflags_extra])
+        AX_APPEND_COMPILE_FLAGS([-O0],,[$ax_append_compile_cflags_extra])
+        ],[])
+
+      AX_APPEND_COMPILE_FLAGS([-Wno-pragmas],,[$ax_append_compile_cflags_extra])
+
+      AX_APPEND_COMPILE_FLAGS([-Wall],,[$ax_append_compile_cflags_extra])
+      AX_APPEND_COMPILE_FLAGS([-Wno-strict-aliasing],,,[$ax_append_compile_cflags_extra])
+      AX_APPEND_COMPILE_FLAGS([-Wextra],,[$ax_append_compile_cflags_extra])
+      AX_APPEND_COMPILE_FLAGS([-Wunknown-pragmas],,[$ax_append_compile_cflags_extra])
+      AX_APPEND_COMPILE_FLAGS([-Wthis-test-should-fail],,[$ax_append_compile_cflags_extra])
+      dnl Anything below this comment please keep sorted.
+      AX_APPEND_COMPILE_FLAGS([--param=ssp-buffer-size=1],,[$ax_append_compile_cflags_extra])
+      AX_APPEND_COMPILE_FLAGS([-Waddress],,[$ax_append_compile_cflags_extra])
+      AX_APPEND_COMPILE_FLAGS([-Warray-bounds],,[$ax_append_compile_cflags_extra])
+      AX_APPEND_COMPILE_FLAGS([-Wbad-function-cast],,[$ax_append_compile_cflags_extra])
+      dnl Not in use -Wc++-compat
+      AX_APPEND_COMPILE_FLAGS([-Wchar-subscripts],,[$ax_append_compile_cflags_extra])
+      AX_APPEND_COMPILE_FLAGS([-Wcomment],,[$ax_append_compile_cflags_extra])
+      AX_APPEND_COMPILE_FLAGS([-Wfloat-equal],,[$ax_append_compile_cflags_extra])
+      AX_APPEND_COMPILE_FLAGS([-Wformat-security],,[$ax_append_compile_cflags_extra])
+      AX_APPEND_COMPILE_FLAGS([-Wformat=2],,[$ax_append_compile_cflags_extra])
+      AX_APPEND_COMPILE_FLAGS([-Wmaybe-uninitialized],,[$ax_append_compile_cflags_extra])
+      AX_APPEND_COMPILE_FLAGS([-Wmissing-field-initializers],,[$ax_append_compile_cflags_extra])
+      AX_APPEND_COMPILE_FLAGS([-Wmissing-noreturn],,[$ax_append_compile_cflags_extra])
+      AX_APPEND_COMPILE_FLAGS([-Wmissing-prototypes],,[$ax_append_compile_cflags_extra])
+      AX_APPEND_COMPILE_FLAGS([-Wnested-externs],,[$ax_append_compile_cflags_extra])
+      AX_APPEND_COMPILE_FLAGS([-Wnormalized=id],,[$ax_append_compile_cflags_extra])
+      AX_APPEND_COMPILE_FLAGS([-Woverride-init],,[$ax_append_compile_cflags_extra])
+      AX_APPEND_COMPILE_FLAGS([-Wpointer-arith],,[$ax_append_compile_cflags_extra])
+      AX_APPEND_COMPILE_FLAGS([-Wpointer-sign],,[$ax_append_compile_cflags_extra])
+      AX_APPEND_COMPILE_FLAGS([-Wredundant-decls],,[$ax_append_compile_cflags_extra])
+      AX_APPEND_COMPILE_FLAGS([-Wshadow],,[$ax_append_compile_cflags_extra])
+      AX_APPEND_COMPILE_FLAGS([-Wshorten-64-to-32],,[$ax_append_compile_cflags_extra])
+      AX_APPEND_COMPILE_FLAGS([-Wsign-compare],,[$ax_append_compile_cflags_extra])
+      AX_APPEND_COMPILE_FLAGS([-Wstrict-overflow=1],,[$ax_append_compile_cflags_extra])
+      AX_APPEND_COMPILE_FLAGS([-Wstrict-prototypes],,[$ax_append_compile_cflags_extra])
+      AX_APPEND_COMPILE_FLAGS([-Wswitch-enum],,[$ax_append_compile_cflags_extra])
+      AX_APPEND_COMPILE_FLAGS([-Wundef],,[$ax_append_compile_cflags_extra])
+      AX_APPEND_COMPILE_FLAGS([-Wunused],,[$ax_append_compile_cflags_extra])
+      AX_APPEND_COMPILE_FLAGS([-Wunused-result],,[$ax_append_compile_cflags_extra])
+      AX_APPEND_COMPILE_FLAGS([-Wunused-variable],,[$ax_append_compile_cflags_extra])
+      AX_APPEND_COMPILE_FLAGS([-Wwrite-strings],,[$ax_append_compile_cflags_extra])
+      AX_APPEND_COMPILE_FLAGS([-floop-parallelize-all],,[$ax_append_compile_cflags_extra])
+      AX_APPEND_COMPILE_FLAGS([-fwrapv],,[$ax_append_compile_cflags_extra])
+      AC_LANG_POP
+      ])
+
+  AC_DEFUN([AX_HARDEN_CXX_COMPILER_FLAGS], [
+      AC_REQUIRE([AX_HARDEN_CC_COMPILER_FLAGS])
+      AC_LANG_PUSH([C++])
+
+      ax_append_compile_cxxflags_extra=
+      AS_IF([test "$ac_cv_warnings_as_errors" = "yes"],[
+        AX_APPEND_COMPILE_FLAGS([-Werror])
+        ],[
+        AX_APPEND_COMPILE_FLAGS([-Werror],[ax_append_compile_cxxflags_extra])
+        ])
+
+      AS_IF([test "$ax_enable_debug" = "yes" ], [
+        AX_APPEND_COMPILE_FLAGS([-g],,[$ax_append_compile_cxxflags_extra])
+        AX_APPEND_COMPILE_FLAGS([-O0],,[$ax_append_compile_cxxflags_extra])
+        AX_APPEND_COMPILE_FLAGS([-ggdb],,[$ax_append_compile_cxxflags_extra])
+        ],[
+        AX_APPEND_COMPILE_FLAGS([-D_FORTIFY_SOURCE=2],,[$ax_append_compile_cxxflags_extra])
+        ])
+
+      AS_IF([test "$ac_cv_vcs_checkout" = "yes" ], [
+        AX_APPEND_COMPILE_FLAGS([-Werror],,[$ax_append_compile_cxxflags_extra])
+        ],[
+        AX_APPEND_COMPILE_FLAGS([-Wno-pragmas],,[$ax_append_compile_cxxflags_extra])
+        ])
+
+      AX_APPEND_COMPILE_FLAGS([-Wall],,[$ax_append_compile_cxxflags_extra])
+      AX_APPEND_COMPILE_FLAGS([-Wno-strict-aliasing],,,[$ax_append_compile_cxxflags_extra])
+      AX_APPEND_COMPILE_FLAGS([-Wextra],,[$ax_append_compile_cxxflags_extra])
+      AX_APPEND_COMPILE_FLAGS([-Wunknown-pragmas],,[$ax_append_compile_cxxflags_extra])
+      AX_APPEND_COMPILE_FLAGS([-Wthis-test-should-fail],,[$ax_append_compile_cxxflags_extra])
+      dnl Anything below this comment please keep sorted.
+      AX_APPEND_COMPILE_FLAGS([--param=ssp-buffer-size=1],,[$ax_append_compile_cxxflags_extra])
+      AX_APPEND_COMPILE_FLAGS([-Waddress],,[$ax_append_compile_cxxflags_extra])
+      AX_APPEND_COMPILE_FLAGS([-Warray-bounds],,[$ax_append_compile_cxxflags_extra])
+      AX_APPEND_COMPILE_FLAGS([-Wchar-subscripts],,[$ax_append_compile_cxxflags_extra])
+      AX_APPEND_COMPILE_FLAGS([-Wcomment],,[$ax_append_compile_cxxflags_extra])
+      AX_APPEND_COMPILE_FLAGS([-Wctor-dtor-privacy],,[$ax_append_compile_cxxflags_extra])
+      AX_APPEND_COMPILE_FLAGS([-Wfloat-equal],,[$ax_append_compile_cxxflags_extra])
+      AX_APPEND_COMPILE_FLAGS([-Wformat=2],,[$ax_append_compile_cxxflags_extra])
+      AX_APPEND_COMPILE_FLAGS([-Wmaybe-uninitialized],,[$ax_append_compile_cxxflags_extra])
+      AX_APPEND_COMPILE_FLAGS([-Wmissing-field-initializers],,[$ax_append_compile_cxxflags_extra])
+      AX_APPEND_COMPILE_FLAGS([-Wmissing-noreturn],,[$ax_append_compile_cxxflags_extra])
+      AX_APPEND_COMPILE_FLAGS([-Wnon-virtual-dtor],,[$ax_append_compile_cxxflags_extra])
+      AX_APPEND_COMPILE_FLAGS([-Wnormalized=id],,[$ax_append_compile_cxxflags_extra])
+      AX_APPEND_COMPILE_FLAGS([-Woverloaded-virtual],,[$ax_append_compile_cxxflags_extra])
+      AX_APPEND_COMPILE_FLAGS([-Wpointer-arith],,[$ax_append_compile_cxxflags_extra])
+      AX_APPEND_COMPILE_FLAGS([-Wredundant-decls],,[$ax_append_compile_cxxflags_extra])
+      AX_APPEND_COMPILE_FLAGS([-Wshadow],,[$ax_append_compile_cxxflags_extra])
+      AX_APPEND_COMPILE_FLAGS([-Wshorten-64-to-32],,[$ax_append_compile_cxxflags_extra])
+      AX_APPEND_COMPILE_FLAGS([-Wsign-compare],,[$ax_append_compile_cxxflags_extra])
+      AX_APPEND_COMPILE_FLAGS([-Wstrict-overflow=1],,[$ax_append_compile_cxxflags_extra])
+      AX_APPEND_COMPILE_FLAGS([-Wswitch-enum],,[$ax_append_compile_cxxflags_extra])
+      AX_APPEND_COMPILE_FLAGS([-Wundef],,[$ax_append_compile_cxxflags_extra])
+      AX_APPEND_COMPILE_FLAGS([-Wc++11-compat],,[$ax_append_compile_cxxflags_extra])
+      AX_APPEND_COMPILE_FLAGS([-Wunused],,[$ax_append_compile_cxxflags_extra])
+      AX_APPEND_COMPILE_FLAGS([-Wunused-result],,[$ax_append_compile_cxxflags_extra])
+      AX_APPEND_COMPILE_FLAGS([-Wunused-variable],,[$ax_append_compile_cxxflags_extra])
+      AX_APPEND_COMPILE_FLAGS([-Wwrite-strings],,[$ax_append_compile_cxxflags_extra])
+      AX_APPEND_COMPILE_FLAGS([-Wformat-security],,[$ax_append_compile_cxxflags_extra])
+      AX_APPEND_COMPILE_FLAGS([-floop-parallelize-all],,[$ax_append_compile_cxxflags_extra])
+      AX_APPEND_COMPILE_FLAGS([-fwrapv],,[$ax_append_compile_cxxflags_extra])
+      AC_LANG_POP
+  ])
+
+  AC_DEFUN([AX_HARDEN_COMPILER_FLAGS], [
+      AC_REQUIRE([AX_HARDEN_CXX_COMPILER_FLAGS])
+      ])
+
+  AC_DEFUN([AX_CC_OTHER_FLAGS], [
+      AC_REQUIRE([AX_APPEND_COMPILE_FLAGS])
+      AC_REQUIRE([AX_HARDEN_CC_COMPILER_FLAGS])
+
+      AC_LANG_PUSH([C])
+      AX_APPEND_COMPILE_FLAGS([-pipe],,[$ax_append_compile_cflags_extra])
+      AC_LANG_POP
+      ])
--- a/m4/ax_print_to_file.m4
+++ b/m4/ax_print_to_file.m4
@@ -0,0 +1,27 @@
+# ===========================================================================
+#     http://www.gnu.org/software/autoconf-archive/ax_print_to_file.html
+# ===========================================================================
+#
+# SYNOPSIS
+#
+#   AX_PRINT_TO_FILE([FILE],[DATA])
+#
+# DESCRIPTION
+#
+#   Writes the specified data to the specified file.
+#
+# LICENSE
+#
+#   Copyright (c) 2008 Tom Howard <tomhoward@users.sf.net>
+#
+#   Copying and distribution of this file, with or without modification, are
+#   permitted in any medium without royalty provided the copyright notice
+#   and this notice are preserved. This file is offered as-is, without any
+#   warranty.
+
+#serial 7
+
+AC_DEFUN([AX_PRINT_TO_FILE],[
+AC_REQUIRE([AX_FILE_ESCAPES])
+printf "$2" > "$1"
+])
--- a/m4/ax_pthread.m4
+++ b/m4/ax_pthread.m4
@@ -82,7 +82,7 @@
 #   modified version of the Autoconf Macro, you may extend this special
 #   exception to the GPL to apply to your modified version as well.

-#serial 16
+#serial 19

 AU_ALIAS([ACX_PTHREAD], [AX_PTHREAD])
 AC_DEFUN([AX_PTHREAD], [
@@ -145,8 +145,8 @@ ax_pthread_flags="pthreads none -Kthread -kthread lthread -pthread -pthreads -mt
 # --thread-safe: KAI C++
 # pthread-config: use pthread-config program (for GNU Pth library)

-case "${host_cpu}-${host_os}" in
-        *solaris*)
+case ${host_os} in
+        solaris*)

        # On Solaris (at least, for some versions), libc contains stubbed
        # (non-functional) versions of the pthreads routines, so link-based
@@ -159,8 +159,12 @@ case "${host_cpu}-${host_os}" in
        ax_pthread_flags="-pthreads pthread -mt -pthread $ax_pthread_flags"
        ;;

-        *-darwin*)
-        ax_pthread_flags="-pthread $ax_pthread_flags"
+        darwin12*)
+        ax_pthread_flags="$ax_pthread_flags"
+        ;;
+
+        darwin*)
+        ax_pthread_flags="-pthreads $ax_pthread_flags"
        ;;
 esac

@@ -254,9 +258,16 @@ if test "x$ax_pthread_ok" = xyes; then

        AC_MSG_CHECKING([if more special flags are required for pthreads])
        flag=no
-        case "${host_cpu}-${host_os}" in
-            *-aix* | *-freebsd* | *-darwin*) flag="-D_THREAD_SAFE";;
-            *solaris* | *-osf* | *-hpux*) flag="-D_REENTRANT";;
+        case ${host_os} in
+            aix* | freebsd* | darwin*) flag="-D_THREAD_SAFE";;
+            osf* | hpux*) flag="-D_REENTRANT";;
+            solaris*)
+            if test "$GCC" = "yes"; then
+                flag="-D_REENTRANT"
+            else
+                flag="-mt -D_REENTRANT"
+            fi
+            ;;
        esac
        AC_MSG_RESULT(${flag})
        if test "x$flag" != xno; then
--- a/m4/ax_vcs_checkout.m4
+++ b/m4/ax_vcs_checkout.m4
@@ -0,0 +1,59 @@
+# ===========================================================================
+#      http://
+# ===========================================================================
+#
+# SYNOPSIS
+#
+#   AX_VCS_CHECKOUT
+#
+# DESCRIPTION
+#
+#   Discover whether or not we are operating with a tree which
+#   has been checked out of a version control system.
+#
+#
+# LICENSE
+#
+#  Copyright (C) 2012 Brian Aker
+#  All rights reserved.
+#  
+#  Redistribution and use in source and binary forms, with or without
+#  modification, are permitted provided that the following conditions are
+#  met:
+#  
+#      * Redistributions of source code must retain the above copyright
+#  notice, this list of conditions and the following disclaimer.
+#  
+#      * Redistributions in binary form must reproduce the above
+#  copyright notice, this list of conditions and the following disclaimer
+#  in the documentation and/or other materials provided with the
+#  distribution.
+#  
+#      * The names of its contributors may not be used to endorse or
+#  promote products derived from this software without specific prior
+#  written permission.
+#  
+#  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+#  "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+#  LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+#  A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+#  OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+#  SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+#  LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+#  DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+#  THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+#  (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+#  OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+#serial 1
+ 
+AC_DEFUN([AX_VCS_CHECKOUT],[
+    AC_CACHE_CHECK([for vcs checkout], [ac_cv_vcs_checkout], [
+      AS_IF([test -d ".bzr"],[ac_cv_vcs_checkout=yes])
+      AS_IF([test -d ".svn"],[ac_cv_vcs_checkout=yes])
+      AS_IF([test -d ".hg"], [ac_cv_vcs_checkout=yes])
+      AS_IF([test -d ".git"],[ac_cv_vcs_checkout=yes])
+      ])
+
+    AS_IF([test "$ac_cv_vcs_checkout" = yes], [])
+    ])
--- a/m4/visibility.m4
+++ b/m4/visibility.m4
@@ -1,5 +1,5 @@
-# visibility.m4 serial 3 (gettext-0.18)
-dnl Copyright (C) 2005, 2008-2010 Free Software Foundation, Inc.
+# visibility.m4 serial 4 (gettext-0.18.2)
+dnl Copyright (C) 2005, 2008, 2010-2011 Free Software Foundation, Inc.
 dnl This file is free software; the Free Software Foundation
 dnl gives unlimited permission to copy and/or distribute it,
 dnl with or without modifications, as long as this notice is preserved.
@@ -33,7 +33,8 @@ AC_DEFUN([gl_VISIBILITY],
    AC_CACHE_VAL([gl_cv_cc_vis_werror], [
      gl_save_CFLAGS="$CFLAGS"
      CFLAGS="$CFLAGS -Werror"
-      AC_TRY_COMPILE([], [],
+      AC_COMPILE_IFELSE(
+        [AC_LANG_PROGRAM([[]], [[]])],
        [gl_cv_cc_vis_werror=yes],
        [gl_cv_cc_vis_werror=no])
      CFLAGS="$gl_save_CFLAGS"])
@@ -51,13 +52,15 @@ AC_DEFUN([gl_VISIBILITY],
      if test $gl_cv_cc_vis_werror = yes; then
        CFLAGS="$CFLAGS -Werror"
      fi
-      AC_TRY_COMPILE(
-        [extern __attribute__((__visibility__("hidden"))) int hiddenvar;
-         extern __attribute__((__visibility__("default"))) int exportedvar;
-         extern __attribute__((__visibility__("hidden"))) int hiddenfunc (void);
-         extern __attribute__((__visibility__("default"))) int exportedfunc (void);
-         void dummyfunc (void) {}],
-        [],
+      AC_COMPILE_IFELSE(
+        [AC_LANG_PROGRAM(
+           [[extern __attribute__((__visibility__("hidden"))) int hiddenvar;
+             extern __attribute__((__visibility__("default"))) int exportedvar;
+             extern __attribute__((__visibility__("hidden"))) int hiddenfunc (void);
+             extern __attribute__((__visibility__("default"))) int exportedfunc (void);
+             void dummyfunc (void) {}
+           ]],
+           [[]])],
        [gl_cv_cc_visibility=yes],
        [gl_cv_cc_visibility=no])
      CFLAGS="$gl_save_CFLAGS"])
--- a/mqx/ctaocrypt_test/.cproject
+++ b/mqx/ctaocrypt_test/.cproject
--- a/mqx/ctaocrypt_test/.project
+++ b/mqx/ctaocrypt_test/.project
@@ -0,0 +1,98 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<projectDescription>
+	<name>ctaocrypt_test</name>
+	<comment></comment>
+	<projects>
+		<project location="file:/C:/ports/TWR-K70F120M/workspace_yassl/cyassl">
+cyassl		</project>
+		<project location="file:/C:/ports/TWR-K70F120M/workspace_yassl/util_lib">
+util_lib		</project>
+	</projects>
+	<buildSpec>
+		<buildCommand>
+			<name>org.eclipse.cdt.managedbuilder.core.genmakebuilder</name>
+			<triggers>clean,full,incremental,</triggers>
+			<arguments>
+				<dictionary>
+					<key>?name?</key>
+					<value></value>
+				</dictionary>
+				<dictionary>
+					<key>org.eclipse.cdt.make.core.append_environment</key>
+					<value>true</value>
+				</dictionary>
+				<dictionary>
+					<key>org.eclipse.cdt.make.core.buildArguments</key>
+					<value>-j6</value>
+				</dictionary>
+				<dictionary>
+					<key>org.eclipse.cdt.make.core.buildCommand</key>
+					<value>${system:ECLIPSE_HOME}/../gnu/bin/mingw32-make</value>
+				</dictionary>
+				<dictionary>
+					<key>org.eclipse.cdt.make.core.buildLocation</key>
+					<value>${ProjDirPath}/twrk70f120m_Int_Flash_SramData_Debug</value>
+				</dictionary>
+				<dictionary>
+					<key>org.eclipse.cdt.make.core.contents</key>
+					<value>org.eclipse.cdt.make.core.activeConfigSettings</value>
+				</dictionary>
+				<dictionary>
+					<key>org.eclipse.cdt.make.core.enableAutoBuild</key>
+					<value>false</value>
+				</dictionary>
+				<dictionary>
+					<key>org.eclipse.cdt.make.core.enableCleanBuild</key>
+					<value>true</value>
+				</dictionary>
+				<dictionary>
+					<key>org.eclipse.cdt.make.core.enableFullBuild</key>
+					<value>true</value>
+				</dictionary>
+				<dictionary>
+					<key>org.eclipse.cdt.make.core.stopOnError</key>
+					<value>true</value>
+				</dictionary>
+				<dictionary>
+					<key>org.eclipse.cdt.make.core.useDefaultBuildCmd</key>
+					<value>true</value>
+				</dictionary>
+			</arguments>
+		</buildCommand>
+		<buildCommand>
+			<name>org.eclipse.cdt.managedbuilder.core.ScannerConfigBuilder</name>
+			<triggers>full,incremental,</triggers>
+			<arguments>
+			</arguments>
+		</buildCommand>
+	</buildSpec>
+	<natures>
+		<nature>org.eclipse.cdt.core.cnature</nature>
+		<nature>org.eclipse.cdt.managedbuilder.core.managedBuildNature</nature>
+		<nature>org.eclipse.cdt.managedbuilder.core.ScannerConfigNature</nature>
+	</natures>
+	<linkedResources>
+		<link>
+			<name>Sources/ctaocrypt-test</name>
+			<type>2</type>
+			<locationURI>PARENT-2-PROJECT_LOC/ctaocrypt/test</locationURI>
+		</link>
+	</linkedResources>
+	<filteredResources>
+		<filter>
+			<id>1351803045734</id>
+			<name>Sources/ctaocrypt-test</name>
+			<type>5</type>
+			<matcher>
+				<id>org.eclipse.ui.ide.multiFilter</id>
+				<arguments>1.0-name-matches-false-true-(.*?)\.(c)$</arguments>
+			</matcher>
+		</filter>
+	</filteredResources>
+	<variableList>
+		<variable>
+			<name>MQX_ROOT_DIR</name>
+			<value>file:/C:/Freescale/Freescale%20MQX%203.8</value>
+		</variable>
+	</variableList>
+</projectDescription>
--- a/mqx/ctaocrypt_test/ReferencedRSESystems.xml
+++ b/mqx/ctaocrypt_test/ReferencedRSESystems.xml
@@ -0,0 +1,144 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- This file stores a copy of all RSE Systems referenced by the project 
+so the systems can be automatically recreated when the project is imported in a new workspace. 
+This file is automatically generated and updated by the Eclipse IDE.-->
+<APSC_Memento>
+<host>
+<properties>
+<property key="hidden.applicator.com.freescale.debugger.applicator.launchconfiguration.lc.ctaocrypt_test_twrk70f120m_Int_Flash_SramData_Debug_PnE U-MultiLink.proj.ctaocrypt_test" value="com.freescale.debugger.applicator.launchconfiguration.lc.ctaocrypt_test_twrk70f120m_Int_Flash_SramData_Debug_PnE U-MultiLink.proj.ctaocrypt_test"/>
+<property key="host.address" value=""/>
+<property key="host.defaultEncoding" value=""/>
+<property key="host.defaultUser" value="Administrator"/>
+<property key="host.description" value=""/>
+<property key="host.name" value="ctcTest_twrk70f120m_Int_Flash_SramData_Debug_PnE U-MultiLink"/>
+<property key="host.promptable" value="false"/>
+<property key="host.type" value="com.freescale.cdt.debug.cw.core.ui.rse.systemtype.bareboard.hardware"/>
+<property key="propertySet.[OptionalPropertySet].enableConnectorServicesPropertyPage" value="false"/>
+<property key="propertySet.[OptionalPropertySet].enableGenericHostPropertyPage" value="false"/>
+<property key="propertySet.[com.pemicro.mcu.debug.connections.pne.arm].com.freescale.cdt.debug.cw.CW_SHADOWED_PREF.Embedded Initialization.simulator" value=""/>
+<property key="propertySet.[com.pemicro.mcu.debug.connections.pne.arm].com.freescale.cdt.debug.cw.core.settings.GdiConnection.Common.PhysicalConnectionAttributeBase" value="com.pemicro.mcu.debug.connections.pne.arm."/>
+<property key="propertySet.[com.pemicro.mcu.debug.connections.pne.arm].com.pemicro.mcu.debug.connections.pne.arm.CommandLineArgs" value="arm_icd"/>
+<property key="propertySet.[com.pemicro.mcu.debug.connections.pne.arm].com.pemicro.mcu.debug.connections.pne.arm.Library" value="arm_pne_gdi"/>
+<property key="propertySet.[com.pemicro.mcu.debug.connections.pne.arm].com.pemicro.mcu.debug.connections.pne.arm.PEDEBUG_CURRENTDEVICE" value="K70FN1M0"/>
+<property key="propertySet.[com.pemicro.mcu.debug.connections.pne.arm].com.pemicro.mcu.debug.connections.pne.arm.STARTUP_PORT" value="21"/>
+<property key="propertySet.[com.pemicro.mcu.debug.connections.pne.arm].com.pemicro.mcu.debug.connections.pne.arm.STARTUP_interface_selection" value="1"/>
+<property key="propertySet.[cw.dbg.conn].rseSystemId" value="com.freescale.cdt.debug.cw.core.ui.rse.systemtype.bareboard.hardware.system.121019100235-0600.2"/>
+<property key="propertySet.[cw.dbg.ct.bareboard.gdi].logData" value="false"/>
+<property key="propertySet.[cw.dbg.ct.targetConnLost].RetryConnectionOn" value="false"/>
+<property key="propertySet.[cw.dbg.ct.targetConnLost].RetryTimeout" value="20"/>
+<property key="propertySet.[cw.dbg.ct.targetConnLost].RetryWithTimeoutOn" value="false"/>
+<property key="propertySet.[cw.dbg.ct.targetConnLost].TerminateConnectionOn" value="false"/>
+<property key="propertySet.[cw.dbg.ct.targetConnLost].retryPromptUserActionOn" value="true"/>
+<property key="propertySet.[cw.dbg.ct].Connection Type" value="com.pemicro.mcu.debug.connections.pne.arm"/>
+<property key="propertySet.[cw.ide.settingscache].hidden.HostID" value="com.freescale.cdt.debug.cw.core.ui.rse.systemtype.bareboard.hardware.121019100235-0600.2"/>
+<property key="propertySet.[cw.ide.settingscache].hidden.TimeStamp" value="1350662559109"/>
+</properties>
+</host>
+<host>
+<properties>
+<property key="host.address" value=""/>
+<property key="host.defaultEncoding" value=""/>
+<property key="host.defaultUser" value="Administrator"/>
+<property key="host.description" value=""/>
+<property key="host.name" value="ctcTest_twrk70f120m_Int_Flash_SramData_Debug_PnE U-MultiLink Target"/>
+<property key="host.promptable" value="false"/>
+<property key="host.type" value="com.freescale.cdt.debug.cw.core.ui.rse.systemtype.bareboard.hardware.system"/>
+<property key="propertySet.[OptionalPropertySet].enableConnectorServicesPropertyPage" value="false"/>
+<property key="propertySet.[OptionalPropertySet].enableGenericHostPropertyPage" value="false"/>
+<property key="propertySet.[cw.dbg.ct.bareboard].enableHSSTIOModelConfig" value="false"/>
+<property key="propertySet.[cw.dbg.ct.bareboard].enableNetworkIOModelConfig" value="false"/>
+<property key="propertySet.[cw.dbg.ct.bareboard].enableSerialIOModelConfig" value="false"/>
+<property key="propertySet.[cw.dbg.ct.bareboard].enableStopTransferIOModelConfig" value="true"/>
+<property key="propertySet.[cw.dbg.ct.bareboard].ethernetController" value="UEC1"/>
+<property key="propertySet.[cw.dbg.ct.bareboard].executeReset" value="true"/>
+<property key="propertySet.[cw.dbg.ct.bareboard].initPath" value="${MQX_ROOT_DIR}/lib/twrk70f120m.cw10/bsp/dbg/init_kinetis.tcl"/>
+<property key="propertySet.[cw.dbg.ct.bareboard].memConfigPath" value="${MQX_ROOT_DIR}/lib/twrk70f120m.cw10/bsp/dbg/twrk70f120m.mem"/>
+<property key="propertySet.[cw.dbg.ct.bareboard].networkDebuggerAddress" value="127.0.0.1"/>
+<property key="propertySet.[cw.dbg.ct.bareboard].networkGateway" value="127.0.0.1"/>
+<property key="propertySet.[cw.dbg.ct.bareboard].networkMACAddress" value="**-**-**-**-**-**"/>
+<property key="propertySet.[cw.dbg.ct.bareboard].networkNetMask" value="255.255.255.255"/>
+<property key="propertySet.[cw.dbg.ct.bareboard].networkTargetAddress" value="127.0.0.1"/>
+<property key="propertySet.[cw.dbg.ct.bareboard].networkUDPPort" value="1234"/>
+<property key="propertySet.[cw.dbg.ct.bareboard].noIOModelConfig" value="false"/>
+<property key="propertySet.[cw.dbg.ct.bareboard].runOutOfReset" value="false"/>
+<property key="propertySet.[cw.dbg.ct.bareboard].targetIsPalladium" value="false"/>
+<property key="propertySet.[cw.dbg.ct.bareboard].useInitFile" value="true"/>
+<property key="propertySet.[cw.dbg.ct.bareboard].useMemoryConfigFile" value="true"/>
+<property key="propertySet.[cw.dbg.ct.bareboard].useNetworkGateway" value="false"/>
+<property key="propertySet.[cw.dbg.ct.bareboard].useNetworkMACAddress" value="false"/>
+<property key="propertySet.[cw.dbg.ct.bareboard].useNetworkUDPPort" value="false"/>
+<property key="propertySet.[cw.dbg.main].systemType" value="com.freescale.cw.system.kinetis.K70F.K70FN1M0"/>
+<property key="propertySet.[cw.ide.settingscache].hidden.HostID" value="com.freescale.cdt.debug.cw.core.ui.rse.systemtype.bareboard.hardware.system.121019100235-0600.2"/>
+<property key="propertySet.[cw.ide.settingscache].hidden.TimeStamp" value="1350662559109"/>
+</properties>
+</host>
+<host>
+<properties>
+<property key="hidden.applicator.com.freescale.debugger.applicator.launchconfiguration.lc.ctaocrypt_test_twrk70f120m_Int_Flash_SramData_Release_PnE U-MultiLink.proj.ctaocrypt_test" value="com.freescale.debugger.applicator.launchconfiguration.lc.ctaocrypt_test_twrk70f120m_Int_Flash_SramData_Release_PnE U-MultiLink.proj.ctaocrypt_test"/>
+<property key="host.address" value=""/>
+<property key="host.defaultEncoding" value=""/>
+<property key="host.defaultUser" value="Administrator"/>
+<property key="host.description" value=""/>
+<property key="host.name" value="ctcTest_twrk70f120m_Int_Flash_SramData_Release_PnE U-MultiLink"/>
+<property key="host.promptable" value="false"/>
+<property key="host.type" value="com.freescale.cdt.debug.cw.core.ui.rse.systemtype.bareboard.hardware"/>
+<property key="propertySet.[OptionalPropertySet].enableConnectorServicesPropertyPage" value="false"/>
+<property key="propertySet.[OptionalPropertySet].enableGenericHostPropertyPage" value="false"/>
+<property key="propertySet.[com.pemicro.mcu.debug.connections.pne.arm].com.freescale.cdt.debug.cw.CW_SHADOWED_PREF.Embedded Initialization.simulator" value=""/>
+<property key="propertySet.[com.pemicro.mcu.debug.connections.pne.arm].com.freescale.cdt.debug.cw.core.settings.GdiConnection.Common.PhysicalConnectionAttributeBase" value="com.pemicro.mcu.debug.connections.pne.arm."/>
+<property key="propertySet.[com.pemicro.mcu.debug.connections.pne.arm].com.pemicro.mcu.debug.connections.pne.arm.CommandLineArgs" value="arm_icd"/>
+<property key="propertySet.[com.pemicro.mcu.debug.connections.pne.arm].com.pemicro.mcu.debug.connections.pne.arm.Library" value="arm_pne_gdi"/>
+<property key="propertySet.[com.pemicro.mcu.debug.connections.pne.arm].com.pemicro.mcu.debug.connections.pne.arm.PEDEBUG_CURRENTDEVICE" value="K70FN1M0"/>
+<property key="propertySet.[com.pemicro.mcu.debug.connections.pne.arm].com.pemicro.mcu.debug.connections.pne.arm.STARTUP_PORT" value="21"/>
+<property key="propertySet.[com.pemicro.mcu.debug.connections.pne.arm].com.pemicro.mcu.debug.connections.pne.arm.STARTUP_interface_selection" value="1"/>
+<property key="propertySet.[cw.dbg.conn].rseSystemId" value="com.freescale.cdt.debug.cw.core.ui.rse.systemtype.bareboard.hardware.system.121019100235-0600.4"/>
+<property key="propertySet.[cw.dbg.ct.bareboard.gdi].logData" value="false"/>
+<property key="propertySet.[cw.dbg.ct.targetConnLost].RetryConnectionOn" value="false"/>
+<property key="propertySet.[cw.dbg.ct.targetConnLost].RetryTimeout" value="20"/>
+<property key="propertySet.[cw.dbg.ct.targetConnLost].RetryWithTimeoutOn" value="false"/>
+<property key="propertySet.[cw.dbg.ct.targetConnLost].TerminateConnectionOn" value="false"/>
+<property key="propertySet.[cw.dbg.ct.targetConnLost].retryPromptUserActionOn" value="true"/>
+<property key="propertySet.[cw.dbg.ct].Connection Type" value="com.pemicro.mcu.debug.connections.pne.arm"/>
+<property key="propertySet.[cw.ide.settingscache].hidden.HostID" value="com.freescale.cdt.debug.cw.core.ui.rse.systemtype.bareboard.hardware.121019100235-0600.4"/>
+<property key="propertySet.[cw.ide.settingscache].hidden.TimeStamp" value="1350662559109"/>
+</properties>
+</host>
+<host>
+<properties>
+<property key="host.address" value=""/>
+<property key="host.defaultEncoding" value=""/>
+<property key="host.defaultUser" value="Administrator"/>
+<property key="host.description" value=""/>
+<property key="host.name" value="ctcTest_twrk70f120m_Int_Flash_SramData_Release_PnE U-MultiLink Target"/>
+<property key="host.promptable" value="false"/>
+<property key="host.type" value="com.freescale.cdt.debug.cw.core.ui.rse.systemtype.bareboard.hardware.system"/>
+<property key="propertySet.[OptionalPropertySet].enableConnectorServicesPropertyPage" value="false"/>
+<property key="propertySet.[OptionalPropertySet].enableGenericHostPropertyPage" value="false"/>
+<property key="propertySet.[cw.dbg.ct.bareboard].enableHSSTIOModelConfig" value="false"/>
+<property key="propertySet.[cw.dbg.ct.bareboard].enableNetworkIOModelConfig" value="false"/>
+<property key="propertySet.[cw.dbg.ct.bareboard].enableSerialIOModelConfig" value="false"/>
+<property key="propertySet.[cw.dbg.ct.bareboard].enableStopTransferIOModelConfig" value="true"/>
+<property key="propertySet.[cw.dbg.ct.bareboard].ethernetController" value="UEC1"/>
+<property key="propertySet.[cw.dbg.ct.bareboard].executeReset" value="true"/>
+<property key="propertySet.[cw.dbg.ct.bareboard].initPath" value="${MQX_ROOT_DIR}/lib/twrk70f120m.cw10/bsp/dbg/init_kinetis.tcl"/>
+<property key="propertySet.[cw.dbg.ct.bareboard].memConfigPath" value="${MQX_ROOT_DIR}/lib/twrk70f120m.cw10/bsp/dbg/twrk70f120m.mem"/>
+<property key="propertySet.[cw.dbg.ct.bareboard].networkDebuggerAddress" value="127.0.0.1"/>
+<property key="propertySet.[cw.dbg.ct.bareboard].networkGateway" value="127.0.0.1"/>
+<property key="propertySet.[cw.dbg.ct.bareboard].networkMACAddress" value="**-**-**-**-**-**"/>
+<property key="propertySet.[cw.dbg.ct.bareboard].networkNetMask" value="255.255.255.255"/>
+<property key="propertySet.[cw.dbg.ct.bareboard].networkTargetAddress" value="127.0.0.1"/>
+<property key="propertySet.[cw.dbg.ct.bareboard].networkUDPPort" value="1234"/>
+<property key="propertySet.[cw.dbg.ct.bareboard].noIOModelConfig" value="false"/>
+<property key="propertySet.[cw.dbg.ct.bareboard].runOutOfReset" value="false"/>
+<property key="propertySet.[cw.dbg.ct.bareboard].targetIsPalladium" value="false"/>
+<property key="propertySet.[cw.dbg.ct.bareboard].useInitFile" value="true"/>
+<property key="propertySet.[cw.dbg.ct.bareboard].useMemoryConfigFile" value="true"/>
+<property key="propertySet.[cw.dbg.ct.bareboard].useNetworkGateway" value="false"/>
+<property key="propertySet.[cw.dbg.ct.bareboard].useNetworkMACAddress" value="false"/>
+<property key="propertySet.[cw.dbg.ct.bareboard].useNetworkUDPPort" value="false"/>
+<property key="propertySet.[cw.dbg.main].systemType" value="com.freescale.cw.system.kinetis.K70F.K70FN1M0"/>
+<property key="propertySet.[cw.ide.settingscache].hidden.HostID" value="com.freescale.cdt.debug.cw.core.ui.rse.systemtype.bareboard.hardware.system.121019100235-0600.4"/>
+<property key="propertySet.[cw.ide.settingscache].hidden.TimeStamp" value="1350662559109"/>
+</properties>
+</host>
+</APSC_Memento>
--- a/mqx/ctaocrypt_test/Sources/main.c
+++ b/mqx/ctaocrypt_test/Sources/main.c
@@ -0,0 +1,103 @@
+/* main.c */
+
+#include "main.h"
+
+/* SD card open/close utility functions */
+#include "util.h"
+
+#if !BSPCFG_ENABLE_IO_SUBSYSTEM
+#error This application requires BSPCFG_ENABLE_IO_SUBSYSTEM defined \
+    non-zero in user_config.h. Please recompile BSP with this option.
+#endif
+
+#ifndef BSP_DEFAULT_IO_CHANNEL_DEFINED
+#error This application requires BSP_DEFAULT_IO_CHANNEL to be not NULL. \
+    Please set corresponding BSPCFG_ENABLE_TTYx to non-zero in \
+    user_config.h and recompile BSP with this option.
+#endif
+
+
+TASK_TEMPLATE_STRUCT MQX_template_list[] = 
+{ 
+/*  Task number, Entry point, Stack, Pri, String, Auto? */
+   {MAIN_TASK,   Main_task,   20000,  9,   "main", MQX_AUTO_START_TASK},
+   {0,           0,           0,     0,   0,      0,                 }
+};
+
+/*TASK*-----------------------------------------------------
+* 
+* Task Name    : Main_task
+* Comments     :
+*    This task opens the SD card device and runs the 
+*    CTaoCrypt test functions located in test.c.
+*
+*END*-----------------------------------------------------*/
+
+#if defined BSP_SDCARD_ESDHC_CHANNEL
+    #if ! BSPCFG_ENABLE_ESDHC
+        #error This application requires BSPCFG_ENABLE_ESDHC defined \
+            non-zero in user_config.h. Please recompile libraries with \
+            this option.
+    #endif
+
+#elif defined BSP_SDCARD_SDHC_CHANNEL
+    #if ! BSPCFG_ENABLE_SDHC
+        #error This application requires BSPCFG_ENABLE_SDHC defined \
+            non-zero in user_config.h. Please recompile libraries with \
+            this option.
+    #endif
+#endif
+
+#if defined (BSP_SDCARD_SPI_CHANNEL)
+    #define SDCARD_COM_CHANNEL BSP_SDCARD_SPI_CHANNEL
+#elif defined (BSP_SDCARD_ESDHC_CHANNEL)
+    #define SDCARD_COM_CHANNEL BSP_SDCARD_ESDHC_CHANNEL
+#elif defined (BSP_SDCARD_SDHC_CHANNEL)
+    #define SDCARD_COM_CHANNEL BSP_SDCARD_SDHC_CHANNEL
+#else
+    #error "SDCARD low level communication device not defined!"
+#endif
+
+/* func_args from test.h */
+typedef struct func_args {
+    int    argc;
+    char** argv;
+    int    return_code;
+} func_args;
+
+void Main_task(uint_32 initial_data)
+{	
+	int          ret = 0;
+	func_args    args;
+	_mqx_int     error_code, bytes;
+	_mqx_uint	 sz;
+	char         filesystem_name[] = "a:";
+	char         partman_name[] = "pm:";
+	MQX_FILE_PTR com_handle, sdcard_handle, filesystem_handle, partman_handle;
+	MQX_FILE_PTR cert_file = NULL;
+    const char*  fileName = "a:\certs\\client-key.der";
+		
+	ret = sdcard_open(&com_handle, &sdcard_handle, &partman_handle, 
+					  &filesystem_handle, partman_name, filesystem_name);
+	
+	if (ret != 0) {
+		printf("error: sdcard_open(), ret = %d\n", ret);
+		_mqx_exit(1);
+	}
+	printf("SD card installed to %s\n", filesystem_name);
+	
+	ctaocrypt_test(&args);
+	
+	ret = sdcard_close(&sdcard_handle, &partman_handle, 
+					   &filesystem_handle, partman_name, filesystem_name);
+	
+	if (ret != 0) {
+		printf("error: sdcard_close(), ret = %d\n", ret);
+		_mqx_exit(1);
+	}
+	printf("SD card uninstalled.\n");
+	
+   _mqx_exit(0);
+}
+
+/* EOF */
--- a/mqx/ctaocrypt_test/Sources/main.h
+++ b/mqx/ctaocrypt_test/Sources/main.h
@@ -0,0 +1,21 @@
+/* main.h */
+
+#ifndef __main_h_
+#define __main_h_
+
+#include <mqx.h>
+#include <bsp.h>
+
+#include <mfs.h>
+#include <fio.h>
+#include <sdcard.h>
+#include <sdcard_spi.h>
+#include <spi.h>
+#include <part_mgr.h>
+
+#define MAIN_TASK 1
+
+extern void Main_task(uint_32);
+
+#endif /* __main_h_ */
+
--- a/mqx/ctaocrypt_test/ctaocrypt_test_twrk70f120m_Int_Flash_SramData_Debug_PnE
+++ b/mqx/ctaocrypt_test/ctaocrypt_test_twrk70f120m_Int_Flash_SramData_Debug_PnE
@@ -0,0 +1,162 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<launchConfiguration type="com.freescale.cdt.launch.cw.download">
+<stringAttribute key="com.freescale.cdt.debug.cw.CW_SHADOWED_PREF.ARM Debugger.processor" value="K70FN1M0"/>
+<booleanAttribute key="com.freescale.cdt.debug.cw.CW_SHADOWED_PREF.ARM Exceptions.busFaultErr" value="true"/>
+<booleanAttribute key="com.freescale.cdt.debug.cw.CW_SHADOWED_PREF.ARM Exceptions.checkUsageFaultErr" value="true"/>
+<booleanAttribute key="com.freescale.cdt.debug.cw.CW_SHADOWED_PREF.ARM Exceptions.hardFaultErr" value="true"/>
+<booleanAttribute key="com.freescale.cdt.debug.cw.CW_SHADOWED_PREF.ARM Exceptions.intErr" value="true"/>
+<booleanAttribute key="com.freescale.cdt.debug.cw.CW_SHADOWED_PREF.ARM Exceptions.memManageErr" value="true"/>
+<booleanAttribute key="com.freescale.cdt.debug.cw.CW_SHADOWED_PREF.ARM Exceptions.noCoprocessorErr" value="true"/>
+<booleanAttribute key="com.freescale.cdt.debug.cw.CW_SHADOWED_PREF.ARM Exceptions.stateUsageFaultErr" value="true"/>
+<booleanAttribute key="com.freescale.cdt.debug.cw.CW_SHADOWED_PREF.ARM Interrupt.disable_interrupts_during_stepping" value="true"/>
+<booleanAttribute key="com.freescale.cdt.debug.cw.CW_SHADOWED_PREF.ARM Interrupt.interrupt_enabled" value="false"/>
+<intAttribute key="com.freescale.cdt.debug.cw.CW_SHADOWED_PREF.ARM Interrupt.interrupt_mask" value="0"/>
+<stringAttribute key="com.freescale.cdt.debug.cw.CW_SHADOWED_PREF.Debugger PIC Settings Panel.altLoadAddr" value="0"/>
+<booleanAttribute key="com.freescale.cdt.debug.cw.CW_SHADOWED_PREF.Debugger PIC Settings Panel.enableAltLoadAddr" value="false"/>
+<booleanAttribute key="com.freescale.cdt.debug.cw.CW_SHADOWED_PREF.Embedded Download.IDconstant" value="true"/>
+<booleanAttribute key="com.freescale.cdt.debug.cw.CW_SHADOWED_PREF.Embedded Download.IDexecutable" value="true"/>
+<booleanAttribute key="com.freescale.cdt.debug.cw.CW_SHADOWED_PREF.Embedded Download.IDinitialized" value="true"/>
+<booleanAttribute key="com.freescale.cdt.debug.cw.CW_SHADOWED_PREF.Embedded Download.IDuninitialized" value="true"/>
+<booleanAttribute key="com.freescale.cdt.debug.cw.CW_SHADOWED_PREF.Embedded Download.IVconstant" value="true"/>
+<booleanAttribute key="com.freescale.cdt.debug.cw.CW_SHADOWED_PREF.Embedded Download.IVexecutable" value="true"/>
+<booleanAttribute key="com.freescale.cdt.debug.cw.CW_SHADOWED_PREF.Embedded Download.IVinitialized" value="true"/>
+<booleanAttribute key="com.freescale.cdt.debug.cw.CW_SHADOWED_PREF.Embedded Download.IVuninitialized" value="true"/>
+<booleanAttribute key="com.freescale.cdt.debug.cw.CW_SHADOWED_PREF.Embedded Download.SDconstant" value="true"/>
+<booleanAttribute key="com.freescale.cdt.debug.cw.CW_SHADOWED_PREF.Embedded Download.SDexecutable" value="true"/>
+<booleanAttribute key="com.freescale.cdt.debug.cw.CW_SHADOWED_PREF.Embedded Download.SDinitialized" value="true"/>
+<booleanAttribute key="com.freescale.cdt.debug.cw.CW_SHADOWED_PREF.Embedded Download.SDuninitialized" value="true"/>
+<booleanAttribute key="com.freescale.cdt.debug.cw.CW_SHADOWED_PREF.Embedded Download.SVconstant" value="true"/>
+<booleanAttribute key="com.freescale.cdt.debug.cw.CW_SHADOWED_PREF.Embedded Download.SVexecutable" value="true"/>
+<booleanAttribute key="com.freescale.cdt.debug.cw.CW_SHADOWED_PREF.Embedded Download.SVinitialized" value="true"/>
+<booleanAttribute key="com.freescale.cdt.debug.cw.CW_SHADOWED_PREF.Embedded Download.SVuninitialized" value="true"/>
+<intAttribute key="com.freescale.cdt.debug.cw.CW_SHADOWED_PREF.Embedded Initialization.coreIndex" value="0"/>
+<booleanAttribute key="com.freescale.cdt.debug.cw.CW_SHADOWED_PREF.Embedded Initialization.homogeneousMulticore" value="false"/>
+<stringAttribute key="com.freescale.cdt.debug.cw.CW_SHADOWED_PREF.Embedded Initialization.initPath" value="${MQX_ROOT_DIR}/lib/twrk70f120m.cw10/bsp/dbg/init_kinetis.tcl"/>
+<stringAttribute key="com.freescale.cdt.debug.cw.CW_SHADOWED_PREF.Embedded Initialization.memConfigPath" value="${MQX_ROOT_DIR}/lib/twrk70f120m.cw10/bsp/dbg/twrk70f120m.mem"/>
+<stringAttribute key="com.freescale.cdt.debug.cw.CW_SHADOWED_PREF.Embedded Initialization.simulator" value=""/>
+<booleanAttribute key="com.freescale.cdt.debug.cw.CW_SHADOWED_PREF.Embedded Initialization.smp" value="false"/>
+<stringAttribute key="com.freescale.cdt.debug.cw.CW_SHADOWED_PREF.Embedded Initialization.systemType" value="com.freescale.cw.system.kinetis.K70F.K70FN1M0"/>
+<booleanAttribute key="com.freescale.cdt.debug.cw.CW_SHADOWED_PREF.Embedded Initialization.useDefaultConfigFile" value="false"/>
+<booleanAttribute key="com.freescale.cdt.debug.cw.CW_SHADOWED_PREF.Embedded Initialization.useInitFile" value="true"/>
+<booleanAttribute key="com.freescale.cdt.debug.cw.CW_SHADOWED_PREF.Embedded Initialization.useMemoryConfigFile" value="true"/>
+<listAttribute key="com.freescale.cdt.debug.cw.CoreNameList">
+<listEntry value="K70FN1M0#0"/>
+</listAttribute>
+<listAttribute key="com.freescale.cdt.debug.cw.Debug"/>
+<booleanAttribute key="com.freescale.cdt.debug.cw.DebuggerTab.StopAtProgramEntryPoint" value="false"/>
+<booleanAttribute key="com.freescale.cdt.debug.cw.DebuggerTab.StopAtStartUp" value="true"/>
+<booleanAttribute key="com.freescale.cdt.debug.cw.DebuggerTab.StopAtUserSpecified" value="true"/>
+<booleanAttribute key="com.freescale.cdt.debug.cw.Embedded Download.ExecuteTasks" value="false"/>
+<booleanAttribute key="com.freescale.cdt.debug.cw.Embedded Download.StandardDownload" value="true"/>
+<listAttribute key="com.freescale.cdt.debug.cw.Embedded Download.TaskInitialLaunches"/>
+<listAttribute key="com.freescale.cdt.debug.cw.Embedded Download.TaskNames"/>
+<listAttribute key="com.freescale.cdt.debug.cw.Embedded Download.TaskSuccessiveRuns"/>
+<listAttribute key="com.freescale.cdt.debug.cw.Embedded Download.TaskTypes"/>
+<listAttribute key="com.freescale.cdt.debug.cw.ExecutablePath"/>
+<booleanAttribute key="com.freescale.cdt.debug.cw.PN_StopAtProgramEntryPoint" value="false"/>
+<booleanAttribute key="com.freescale.cdt.debug.cw.PN_StopAtStartUp" value="true"/>
+<booleanAttribute key="com.freescale.cdt.debug.cw.PN_StopAtUserSpecified" value="true"/>
+<stringAttribute key="com.freescale.cdt.debug.cw.RefreshPolicy.RefreshPeriod" value="2.0"/>
+<listAttribute key="com.freescale.cdt.debug.cw.RemoteDownload"/>
+<listAttribute key="com.freescale.cdt.debug.cw.RemotePath"/>
+<listAttribute key="com.freescale.cdt.debug.cw.SMPCores"/>
+<booleanAttribute key="com.freescale.cdt.debug.cw.SYNC_WITH_ENCL_PROJ" value="true"/>
+<booleanAttribute key="com.freescale.cdt.debug.cw.Symbolics.CacheSymbolicsBetweenRuns" value="false"/>
+<booleanAttribute key="com.freescale.cdt.debug.cw.Symbolics.UseExecutableCopy" value="false"/>
+<stringAttribute key="com.freescale.cdt.debug.cw.UDPPort" value="1234"/>
+<booleanAttribute key="com.freescale.cdt.debug.cw.core.settings.ConnectionCommonData.TargetConnectionLost.RetryConnectionOn" value="false"/>
+<intAttribute key="com.freescale.cdt.debug.cw.core.settings.ConnectionCommonData.TargetConnectionLost.RetryTimeout" value="20"/>
+<booleanAttribute key="com.freescale.cdt.debug.cw.core.settings.ConnectionCommonData.TargetConnectionLost.RetryWithTimeoutOn" value="false"/>
+<booleanAttribute key="com.freescale.cdt.debug.cw.core.settings.ConnectionCommonData.TargetConnectionLost.TerminateConnectionOn" value="false"/>
+<booleanAttribute key="com.freescale.cdt.debug.cw.core.settings.ConnectionCommonData.TargetConnectionLost.promptUserActionOn" value="true"/>
+<stringAttribute key="com.freescale.cdt.debug.cw.core.settings.DebuggerCommonData.Connection Protocol Plugin Name" value="ARM GDI"/>
+<stringAttribute key="com.freescale.cdt.debug.cw.core.settings.DebuggerCommonData.Connection Type" value="com.pemicro.mcu.debug.connections.pne.arm"/>
+<stringAttribute key="com.freescale.cdt.debug.cw.core.settings.DebuggerCommonData.Processor Attr Name" value="com.freescale.cdt.debug.cw.CW_SHADOWED_PREF.ARM Debugger.processor"/>
+<stringAttribute key="com.freescale.cdt.debug.cw.core.settings.GdiConnection.Common.PhysicalConnectionAttributeBase" value="com.pemicro.mcu.debug.connections.pne.arm."/>
+<booleanAttribute key="com.freescale.cdt.debug.cw.core.settings.GdiConnection.Common.logData" value="false"/>
+<stringAttribute key="com.freescale.cdt.debug.cw.core.settings.rseSystemId" value="com.freescale.cdt.debug.cw.core.ui.rse.systemtype.bareboard.hardware.121019100235-0600.2"/>
+<stringAttribute key="com.freescale.cdt.debug.cw.core.settings.wizardSystemNameHint" value="PnE U-MultiLink"/>
+<stringAttribute key="com.freescale.cdt.debug.cw.debuggerAddress" value="127.0.0.1"/>
+<booleanAttribute key="com.freescale.cdt.debug.cw.disableIO" value="false"/>
+<stringAttribute key="com.freescale.cdt.debug.cw.ethCtrl" value="UEC1"/>
+<booleanAttribute key="com.freescale.cdt.debug.cw.executePerCoresReset" value="false"/>
+<booleanAttribute key="com.freescale.cdt.debug.cw.executePerprocessorReset" value="false"/>
+<booleanAttribute key="com.freescale.cdt.debug.cw.executeReset" value="true"/>
+<stringAttribute key="com.freescale.cdt.debug.cw.gateway" value="127.0.0.1"/>
+<listAttribute key="com.freescale.cdt.debug.cw.initPathList">
+<listEntry value="${MQX_ROOT_DIR}/lib/twrk70f120m.cw10/bsp/dbg/init_kinetis.tcl"/>
+</listAttribute>
+<stringAttribute key="com.freescale.cdt.debug.cw.macAddress" value="**-**-**-**-**-**"/>
+<listAttribute key="com.freescale.cdt.debug.cw.memConfigPathList">
+<listEntry value="${MQX_ROOT_DIR}/lib/twrk70f120m.cw10/bsp/dbg/twrk70f120m.mem"/>
+</listAttribute>
+<stringAttribute key="com.freescale.cdt.debug.cw.netMask" value="255.255.255.255"/>
+<stringAttribute key="com.freescale.cdt.debug.cw.osawareness.osContributorID" value="com.freescale.os.mqx.cortexm"/>
+<stringAttribute key="com.freescale.cdt.debug.cw.osawareness.rtospluginname" value="MQX RTOS CORTEXM"/>
+<stringAttribute key="com.freescale.cdt.debug.cw.osawareness.targetos" value="MQX OS for Cortex"/>
+<listAttribute key="com.freescale.cdt.debug.cw.perCoreResetList"/>
+<listAttribute key="com.freescale.cdt.debug.cw.perProcessorResetList"/>
+<stringAttribute key="com.freescale.cdt.debug.cw.processor" value="Generic"/>
+<listAttribute key="com.freescale.cdt.debug.cw.runOutOfResetList">
+<listEntry value="false"/>
+</listAttribute>
+<stringAttribute key="com.freescale.cdt.debug.cw.targetAddress" value="127.0.0.1"/>
+<booleanAttribute key="com.freescale.cdt.debug.cw.useGateway" value="false"/>
+<booleanAttribute key="com.freescale.cdt.debug.cw.useHSSTIO" value="false"/>
+<listAttribute key="com.freescale.cdt.debug.cw.useInitPathList">
+<listEntry value="true"/>
+</listAttribute>
+<booleanAttribute key="com.freescale.cdt.debug.cw.useMacAddress" value="false"/>
+<listAttribute key="com.freescale.cdt.debug.cw.useMemConfigPathList">
+<listEntry value="true"/>
+</listAttribute>
+<booleanAttribute key="com.freescale.cdt.debug.cw.useNetworkTransferIO" value="false"/>
+<booleanAttribute key="com.freescale.cdt.debug.cw.useSerialTransferIO" value="false"/>
+<booleanAttribute key="com.freescale.cdt.debug.cw.useStopTransferIO" value="true"/>
+<booleanAttribute key="com.freescale.cdt.debug.cw.useUDPPort" value="false"/>
+<listAttribute key="com.freescale.panel.list">
+<listEntry value="Debugger Common Settings"/>
+<listEntry value="ARM Exceptions"/>
+<listEntry value="ARM Interrupt"/>
+<listEntry value="Embedded Download"/>
+<listEntry value="Debugger PIC Settings Panel"/>
+<listEntry value="Other Executables"/>
+<listEntry value="Symbolics"/>
+<listEntry value="osawareness"/>
+</listAttribute>
+<booleanAttribute key="com.freescale.sa.mcu.launch.ENABLE_ANALYSIS" value="false"/>
+<stringAttribute key="com.pemicro.mcu.debug.connections.pne.arm.CommandLineArgs" value="arm_icd"/>
+<stringAttribute key="com.pemicro.mcu.debug.connections.pne.arm.Library" value="arm_pne_gdi"/>
+<stringAttribute key="com.pemicro.mcu.debug.connections.pne.arm.PEDEBUG_CURRENTDEVICE" value="K70FN1M0"/>
+<stringAttribute key="com.pemicro.mcu.debug.connections.pne.arm.STARTUP_PORT" value="21"/>
+<stringAttribute key="com.pemicro.mcu.debug.connections.pne.arm.STARTUP_interface_selection" value="1"/>
+<booleanAttribute key="forceShellDownload" value="false"/>
+<intAttribute key="org.eclipse.cdt.launch.ATTR_BUILD_BEFORE_LAUNCH_ATTR" value="2"/>
+<stringAttribute key="org.eclipse.cdt.launch.DEBUGGER_ID" value="com.freescale.cdt.debug.cw.arm.ArmDebugger"/>
+<stringAttribute key="org.eclipse.cdt.launch.DEBUGGER_REGISTER_GROUPS" value=""/>
+<stringAttribute key="org.eclipse.cdt.launch.DEBUGGER_START_MODE" value="run"/>
+<booleanAttribute key="org.eclipse.cdt.launch.DEBUGGER_STOP_AT_MAIN" value="true"/>
+<stringAttribute key="org.eclipse.cdt.launch.DEBUGGER_STOP_AT_MAIN_SYMBOL" value="main"/>
+<booleanAttribute key="org.eclipse.cdt.launch.ENABLE_REGISTER_BOOKKEEPING" value="false"/>
+<booleanAttribute key="org.eclipse.cdt.launch.ENABLE_RESTORE_WATCHPOINTS" value="true"/>
+<booleanAttribute key="org.eclipse.cdt.launch.ENABLE_VARIABLE_BOOKKEEPING" value="false"/>
+<stringAttribute key="org.eclipse.cdt.launch.FORMAT" value="&lt;?xml version=&quot;1.0&quot; encoding=&quot;UTF-8&quot; standalone=&quot;no&quot;?&gt;&lt;contentList/&gt;"/>
+<stringAttribute key="org.eclipse.cdt.launch.GLOBAL_VARIABLES" value="&lt;?xml version=&quot;1.0&quot; encoding=&quot;UTF-8&quot; standalone=&quot;no&quot;?&gt;&#13;&#10;&lt;globalVariableList/&gt;&#13;&#10;"/>
+<stringAttribute key="org.eclipse.cdt.launch.MEMORY_BLOCKS" value="&lt;?xml version=&quot;1.0&quot; encoding=&quot;UTF-8&quot; standalone=&quot;no&quot;?&gt;&#13;&#10;&lt;memoryBlockExpressionList/&gt;&#13;&#10;"/>
+<stringAttribute key="org.eclipse.cdt.launch.PROGRAM_NAME" value="twrk70f120m_Int_Flash_SramData_Debug/ctaocrypt_test.afx"/>
+<stringAttribute key="org.eclipse.cdt.launch.PROJECT_ATTR" value="ctaocrypt_test"/>
+<stringAttribute key="org.eclipse.cdt.launch.PROJECT_BUILD_CONFIG_ID_ATTR" value="com.freescale.arm.cdt.toolchain.config.arm.release.1231645846"/>
+<intAttribute key="org.eclipse.cdt.launch.SET_REGULAR_BREAKPOINT_TYPE_AS" value="0"/>
+<booleanAttribute key="org.eclipse.cdt.launch.USE_SET_REGULAR_BREAKPOINT_TYPE_AS" value="false"/>
+<listAttribute key="org.eclipse.debug.core.MAPPED_RESOURCE_PATHS">
+<listEntry value="/ctaocrypt_test"/>
+</listAttribute>
+<listAttribute key="org.eclipse.debug.core.MAPPED_RESOURCE_TYPES">
+<listEntry value="4"/>
+</listAttribute>
+<booleanAttribute key="org.eclipse.debug.ui.ATTR_REDIRECT_TO_SERVER_SOCKET" value="false"/>
+<booleanAttribute key="org.eclipse.debug.ui.ATTR_REDIRECT_TO_SOCKET" value="false"/>
+<stringAttribute key="org.eclipse.debug.ui.ATTR_REDIRECT_TO_SOCKET_HOST" value=""/>
+<stringAttribute key="org.eclipse.debug.ui.ATTR_REDIRECT_TO_SOCKET_PORT" value=""/>
+<stringAttribute key="process_factory_id" value="com.freescale.cdt.debug.cw.core.ProcessFactoryID"/>
+</launchConfiguration>
--- a/mqx/ctaocrypt_test/ctaocrypt_test_twrk70f120m_Int_Flash_SramData_Release_PnE
+++ b/mqx/ctaocrypt_test/ctaocrypt_test_twrk70f120m_Int_Flash_SramData_Release_PnE
@@ -0,0 +1,158 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<launchConfiguration type="com.freescale.cdt.launch.cw.download">
+<stringAttribute key="com.freescale.cdt.debug.cw.CW_SHADOWED_PREF.ARM Debugger.processor" value="K70FN1M0"/>
+<booleanAttribute key="com.freescale.cdt.debug.cw.CW_SHADOWED_PREF.ARM Exceptions.busFaultErr" value="true"/>
+<booleanAttribute key="com.freescale.cdt.debug.cw.CW_SHADOWED_PREF.ARM Exceptions.checkUsageFaultErr" value="true"/>
+<booleanAttribute key="com.freescale.cdt.debug.cw.CW_SHADOWED_PREF.ARM Exceptions.hardFaultErr" value="true"/>
+<booleanAttribute key="com.freescale.cdt.debug.cw.CW_SHADOWED_PREF.ARM Exceptions.intErr" value="true"/>
+<booleanAttribute key="com.freescale.cdt.debug.cw.CW_SHADOWED_PREF.ARM Exceptions.memManageErr" value="true"/>
+<booleanAttribute key="com.freescale.cdt.debug.cw.CW_SHADOWED_PREF.ARM Exceptions.noCoprocessorErr" value="true"/>
+<booleanAttribute key="com.freescale.cdt.debug.cw.CW_SHADOWED_PREF.ARM Exceptions.stateUsageFaultErr" value="true"/>
+<booleanAttribute key="com.freescale.cdt.debug.cw.CW_SHADOWED_PREF.ARM Interrupt.disable_interrupts_during_stepping" value="true"/>
+<booleanAttribute key="com.freescale.cdt.debug.cw.CW_SHADOWED_PREF.ARM Interrupt.interrupt_enabled" value="false"/>
+<intAttribute key="com.freescale.cdt.debug.cw.CW_SHADOWED_PREF.ARM Interrupt.interrupt_mask" value="0"/>
+<stringAttribute key="com.freescale.cdt.debug.cw.CW_SHADOWED_PREF.Debugger PIC Settings Panel.altLoadAddr" value="0"/>
+<booleanAttribute key="com.freescale.cdt.debug.cw.CW_SHADOWED_PREF.Debugger PIC Settings Panel.enableAltLoadAddr" value="false"/>
+<booleanAttribute key="com.freescale.cdt.debug.cw.CW_SHADOWED_PREF.Embedded Download.IDconstant" value="true"/>
+<booleanAttribute key="com.freescale.cdt.debug.cw.CW_SHADOWED_PREF.Embedded Download.IDexecutable" value="true"/>
+<booleanAttribute key="com.freescale.cdt.debug.cw.CW_SHADOWED_PREF.Embedded Download.IDinitialized" value="true"/>
+<booleanAttribute key="com.freescale.cdt.debug.cw.CW_SHADOWED_PREF.Embedded Download.IDuninitialized" value="true"/>
+<booleanAttribute key="com.freescale.cdt.debug.cw.CW_SHADOWED_PREF.Embedded Download.IVconstant" value="true"/>
+<booleanAttribute key="com.freescale.cdt.debug.cw.CW_SHADOWED_PREF.Embedded Download.IVexecutable" value="true"/>
+<booleanAttribute key="com.freescale.cdt.debug.cw.CW_SHADOWED_PREF.Embedded Download.IVinitialized" value="true"/>
+<booleanAttribute key="com.freescale.cdt.debug.cw.CW_SHADOWED_PREF.Embedded Download.IVuninitialized" value="true"/>
+<booleanAttribute key="com.freescale.cdt.debug.cw.CW_SHADOWED_PREF.Embedded Download.SDconstant" value="true"/>
+<booleanAttribute key="com.freescale.cdt.debug.cw.CW_SHADOWED_PREF.Embedded Download.SDexecutable" value="true"/>
+<booleanAttribute key="com.freescale.cdt.debug.cw.CW_SHADOWED_PREF.Embedded Download.SDinitialized" value="true"/>
+<booleanAttribute key="com.freescale.cdt.debug.cw.CW_SHADOWED_PREF.Embedded Download.SDuninitialized" value="true"/>
+<booleanAttribute key="com.freescale.cdt.debug.cw.CW_SHADOWED_PREF.Embedded Download.SVconstant" value="true"/>
+<booleanAttribute key="com.freescale.cdt.debug.cw.CW_SHADOWED_PREF.Embedded Download.SVexecutable" value="true"/>
+<booleanAttribute key="com.freescale.cdt.debug.cw.CW_SHADOWED_PREF.Embedded Download.SVinitialized" value="true"/>
+<booleanAttribute key="com.freescale.cdt.debug.cw.CW_SHADOWED_PREF.Embedded Download.SVuninitialized" value="true"/>
+<intAttribute key="com.freescale.cdt.debug.cw.CW_SHADOWED_PREF.Embedded Initialization.coreIndex" value="0"/>
+<booleanAttribute key="com.freescale.cdt.debug.cw.CW_SHADOWED_PREF.Embedded Initialization.homogeneousMulticore" value="false"/>
+<stringAttribute key="com.freescale.cdt.debug.cw.CW_SHADOWED_PREF.Embedded Initialization.initPath" value="${MQX_ROOT_DIR}/lib/twrk70f120m.cw10/bsp/dbg/init_kinetis.tcl"/>
+<stringAttribute key="com.freescale.cdt.debug.cw.CW_SHADOWED_PREF.Embedded Initialization.memConfigPath" value="${MQX_ROOT_DIR}/lib/twrk70f120m.cw10/bsp/dbg/twrk70f120m.mem"/>
+<stringAttribute key="com.freescale.cdt.debug.cw.CW_SHADOWED_PREF.Embedded Initialization.simulator" value=""/>
+<booleanAttribute key="com.freescale.cdt.debug.cw.CW_SHADOWED_PREF.Embedded Initialization.smp" value="false"/>
+<stringAttribute key="com.freescale.cdt.debug.cw.CW_SHADOWED_PREF.Embedded Initialization.systemType" value="com.freescale.cw.system.kinetis.K70F.K70FN1M0"/>
+<booleanAttribute key="com.freescale.cdt.debug.cw.CW_SHADOWED_PREF.Embedded Initialization.useDefaultConfigFile" value="false"/>
+<booleanAttribute key="com.freescale.cdt.debug.cw.CW_SHADOWED_PREF.Embedded Initialization.useInitFile" value="true"/>
+<booleanAttribute key="com.freescale.cdt.debug.cw.CW_SHADOWED_PREF.Embedded Initialization.useMemoryConfigFile" value="true"/>
+<listAttribute key="com.freescale.cdt.debug.cw.CoreNameList">
+<listEntry value="K70FN1M0#0"/>
+</listAttribute>
+<listAttribute key="com.freescale.cdt.debug.cw.Debug"/>
+<booleanAttribute key="com.freescale.cdt.debug.cw.DebuggerTab.StopAtProgramEntryPoint" value="false"/>
+<booleanAttribute key="com.freescale.cdt.debug.cw.DebuggerTab.StopAtStartUp" value="true"/>
+<booleanAttribute key="com.freescale.cdt.debug.cw.DebuggerTab.StopAtUserSpecified" value="true"/>
+<booleanAttribute key="com.freescale.cdt.debug.cw.Embedded Download.ExecuteTasks" value="false"/>
+<booleanAttribute key="com.freescale.cdt.debug.cw.Embedded Download.StandardDownload" value="true"/>
+<listAttribute key="com.freescale.cdt.debug.cw.Embedded Download.TaskInitialLaunches"/>
+<listAttribute key="com.freescale.cdt.debug.cw.Embedded Download.TaskNames"/>
+<listAttribute key="com.freescale.cdt.debug.cw.Embedded Download.TaskSuccessiveRuns"/>
+<listAttribute key="com.freescale.cdt.debug.cw.Embedded Download.TaskTypes"/>
+<listAttribute key="com.freescale.cdt.debug.cw.ExecutablePath"/>
+<booleanAttribute key="com.freescale.cdt.debug.cw.PN_StopAtProgramEntryPoint" value="false"/>
+<booleanAttribute key="com.freescale.cdt.debug.cw.PN_StopAtStartUp" value="true"/>
+<booleanAttribute key="com.freescale.cdt.debug.cw.PN_StopAtUserSpecified" value="true"/>
+<stringAttribute key="com.freescale.cdt.debug.cw.RefreshPolicy.RefreshPeriod" value="2.0"/>
+<listAttribute key="com.freescale.cdt.debug.cw.RemoteDownload"/>
+<listAttribute key="com.freescale.cdt.debug.cw.RemotePath"/>
+<listAttribute key="com.freescale.cdt.debug.cw.SMPCores"/>
+<booleanAttribute key="com.freescale.cdt.debug.cw.SYNC_WITH_ENCL_PROJ" value="true"/>
+<booleanAttribute key="com.freescale.cdt.debug.cw.Symbolics.CacheSymbolicsBetweenRuns" value="false"/>
+<booleanAttribute key="com.freescale.cdt.debug.cw.Symbolics.UseExecutableCopy" value="false"/>
+<stringAttribute key="com.freescale.cdt.debug.cw.UDPPort" value="1234"/>
+<booleanAttribute key="com.freescale.cdt.debug.cw.core.settings.ConnectionCommonData.TargetConnectionLost.RetryConnectionOn" value="false"/>
+<intAttribute key="com.freescale.cdt.debug.cw.core.settings.ConnectionCommonData.TargetConnectionLost.RetryTimeout" value="20"/>
+<booleanAttribute key="com.freescale.cdt.debug.cw.core.settings.ConnectionCommonData.TargetConnectionLost.RetryWithTimeoutOn" value="false"/>
+<booleanAttribute key="com.freescale.cdt.debug.cw.core.settings.ConnectionCommonData.TargetConnectionLost.TerminateConnectionOn" value="false"/>
+<booleanAttribute key="com.freescale.cdt.debug.cw.core.settings.ConnectionCommonData.TargetConnectionLost.promptUserActionOn" value="true"/>
+<stringAttribute key="com.freescale.cdt.debug.cw.core.settings.DebuggerCommonData.Connection Protocol Plugin Name" value="ARM GDI"/>
+<stringAttribute key="com.freescale.cdt.debug.cw.core.settings.DebuggerCommonData.Connection Type" value="com.pemicro.mcu.debug.connections.pne.arm"/>
+<stringAttribute key="com.freescale.cdt.debug.cw.core.settings.DebuggerCommonData.Processor Attr Name" value="com.freescale.cdt.debug.cw.CW_SHADOWED_PREF.ARM Debugger.processor"/>
+<stringAttribute key="com.freescale.cdt.debug.cw.core.settings.GdiConnection.Common.PhysicalConnectionAttributeBase" value="com.pemicro.mcu.debug.connections.pne.arm."/>
+<booleanAttribute key="com.freescale.cdt.debug.cw.core.settings.GdiConnection.Common.logData" value="false"/>
+<stringAttribute key="com.freescale.cdt.debug.cw.core.settings.rseSystemId" value="com.freescale.cdt.debug.cw.core.ui.rse.systemtype.bareboard.hardware.121019100235-0600.4"/>
+<stringAttribute key="com.freescale.cdt.debug.cw.core.settings.wizardSystemNameHint" value="PnE U-MultiLink"/>
+<stringAttribute key="com.freescale.cdt.debug.cw.debuggerAddress" value="127.0.0.1"/>
+<booleanAttribute key="com.freescale.cdt.debug.cw.disableIO" value="false"/>
+<stringAttribute key="com.freescale.cdt.debug.cw.ethCtrl" value="UEC1"/>
+<booleanAttribute key="com.freescale.cdt.debug.cw.executePerCoresReset" value="false"/>
+<booleanAttribute key="com.freescale.cdt.debug.cw.executePerprocessorReset" value="false"/>
+<booleanAttribute key="com.freescale.cdt.debug.cw.executeReset" value="true"/>
+<stringAttribute key="com.freescale.cdt.debug.cw.gateway" value="127.0.0.1"/>
+<listAttribute key="com.freescale.cdt.debug.cw.initPathList">
+<listEntry value="${MQX_ROOT_DIR}/lib/twrk70f120m.cw10/bsp/dbg/init_kinetis.tcl"/>
+</listAttribute>
+<stringAttribute key="com.freescale.cdt.debug.cw.macAddress" value="**-**-**-**-**-**"/>
+<listAttribute key="com.freescale.cdt.debug.cw.memConfigPathList">
+<listEntry value="${MQX_ROOT_DIR}/lib/twrk70f120m.cw10/bsp/dbg/twrk70f120m.mem"/>
+</listAttribute>
+<stringAttribute key="com.freescale.cdt.debug.cw.netMask" value="255.255.255.255"/>
+<stringAttribute key="com.freescale.cdt.debug.cw.osawareness.osContributorID" value="com.freescale.os.mqx.cortexm"/>
+<stringAttribute key="com.freescale.cdt.debug.cw.osawareness.rtospluginname" value="MQX RTOS CORTEXM"/>
+<stringAttribute key="com.freescale.cdt.debug.cw.osawareness.targetos" value="MQX OS for Cortex"/>
+<listAttribute key="com.freescale.cdt.debug.cw.perCoreResetList"/>
+<listAttribute key="com.freescale.cdt.debug.cw.perProcessorResetList"/>
+<stringAttribute key="com.freescale.cdt.debug.cw.processor" value="Generic"/>
+<listAttribute key="com.freescale.cdt.debug.cw.runOutOfResetList">
+<listEntry value="false"/>
+</listAttribute>
+<stringAttribute key="com.freescale.cdt.debug.cw.targetAddress" value="127.0.0.1"/>
+<booleanAttribute key="com.freescale.cdt.debug.cw.useGateway" value="false"/>
+<booleanAttribute key="com.freescale.cdt.debug.cw.useHSSTIO" value="false"/>
+<listAttribute key="com.freescale.cdt.debug.cw.useInitPathList">
+<listEntry value="true"/>
+</listAttribute>
+<booleanAttribute key="com.freescale.cdt.debug.cw.useMacAddress" value="false"/>
+<listAttribute key="com.freescale.cdt.debug.cw.useMemConfigPathList">
+<listEntry value="true"/>
+</listAttribute>
+<booleanAttribute key="com.freescale.cdt.debug.cw.useNetworkTransferIO" value="false"/>
+<booleanAttribute key="com.freescale.cdt.debug.cw.useSerialTransferIO" value="false"/>
+<booleanAttribute key="com.freescale.cdt.debug.cw.useStopTransferIO" value="true"/>
+<booleanAttribute key="com.freescale.cdt.debug.cw.useUDPPort" value="false"/>
+<listAttribute key="com.freescale.panel.list">
+<listEntry value="Debugger Common Settings"/>
+<listEntry value="ARM Exceptions"/>
+<listEntry value="ARM Interrupt"/>
+<listEntry value="Embedded Download"/>
+<listEntry value="Debugger PIC Settings Panel"/>
+<listEntry value="Other Executables"/>
+<listEntry value="Symbolics"/>
+<listEntry value="osawareness"/>
+</listAttribute>
+<booleanAttribute key="com.freescale.sa.mcu.launch.ENABLE_ANALYSIS" value="false"/>
+<stringAttribute key="com.pemicro.mcu.debug.connections.pne.arm.CommandLineArgs" value="arm_icd"/>
+<stringAttribute key="com.pemicro.mcu.debug.connections.pne.arm.Library" value="arm_pne_gdi"/>
+<stringAttribute key="com.pemicro.mcu.debug.connections.pne.arm.PEDEBUG_CURRENTDEVICE" value="K70FN1M0"/>
+<stringAttribute key="com.pemicro.mcu.debug.connections.pne.arm.STARTUP_PORT" value="21"/>
+<stringAttribute key="com.pemicro.mcu.debug.connections.pne.arm.STARTUP_interface_selection" value="1"/>
+<booleanAttribute key="forceShellDownload" value="false"/>
+<intAttribute key="org.eclipse.cdt.launch.ATTR_BUILD_BEFORE_LAUNCH_ATTR" value="2"/>
+<stringAttribute key="org.eclipse.cdt.launch.DEBUGGER_ID" value="com.freescale.cdt.debug.cw.arm.ArmDebugger"/>
+<stringAttribute key="org.eclipse.cdt.launch.DEBUGGER_REGISTER_GROUPS" value=""/>
+<stringAttribute key="org.eclipse.cdt.launch.DEBUGGER_START_MODE" value="run"/>
+<booleanAttribute key="org.eclipse.cdt.launch.DEBUGGER_STOP_AT_MAIN" value="true"/>
+<stringAttribute key="org.eclipse.cdt.launch.DEBUGGER_STOP_AT_MAIN_SYMBOL" value="main"/>
+<booleanAttribute key="org.eclipse.cdt.launch.ENABLE_REGISTER_BOOKKEEPING" value="false"/>
+<booleanAttribute key="org.eclipse.cdt.launch.ENABLE_RESTORE_WATCHPOINTS" value="true"/>
+<booleanAttribute key="org.eclipse.cdt.launch.ENABLE_VARIABLE_BOOKKEEPING" value="false"/>
+<stringAttribute key="org.eclipse.cdt.launch.PROGRAM_NAME" value="twrk70f120m_Int_Flash_SramData_Release/ctaocrypt_test.afx"/>
+<stringAttribute key="org.eclipse.cdt.launch.PROJECT_ATTR" value="ctaocrypt_test"/>
+<stringAttribute key="org.eclipse.cdt.launch.PROJECT_BUILD_CONFIG_ID_ATTR" value="com.freescale.arm.cdt.toolchain.config.arm.release.2063327712"/>
+<intAttribute key="org.eclipse.cdt.launch.SET_REGULAR_BREAKPOINT_TYPE_AS" value="0"/>
+<booleanAttribute key="org.eclipse.cdt.launch.USE_SET_REGULAR_BREAKPOINT_TYPE_AS" value="false"/>
+<listAttribute key="org.eclipse.debug.core.MAPPED_RESOURCE_PATHS">
+<listEntry value="/ctaocrypt_test"/>
+</listAttribute>
+<listAttribute key="org.eclipse.debug.core.MAPPED_RESOURCE_TYPES">
+<listEntry value="4"/>
+</listAttribute>
+<booleanAttribute key="org.eclipse.debug.ui.ATTR_REDIRECT_TO_SERVER_SOCKET" value="false"/>
+<booleanAttribute key="org.eclipse.debug.ui.ATTR_REDIRECT_TO_SOCKET" value="false"/>
+<stringAttribute key="org.eclipse.debug.ui.ATTR_REDIRECT_TO_SOCKET_HOST" value=""/>
+<stringAttribute key="org.eclipse.debug.ui.ATTR_REDIRECT_TO_SOCKET_PORT" value=""/>
+</launchConfiguration>
--- a/mqx/cyassl/.cproject
+++ b/mqx/cyassl/.cproject
--- a/mqx/cyassl/.project
+++ b/mqx/cyassl/.project
@@ -0,0 +1,103 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<projectDescription>
+	<name>cyassl</name>
+	<comment></comment>
+	<projects>
+	</projects>
+	<buildSpec>
+		<buildCommand>
+			<name>org.eclipse.cdt.managedbuilder.core.genmakebuilder</name>
+			<triggers>clean,full,incremental,</triggers>
+			<arguments>
+				<dictionary>
+					<key>?name?</key>
+					<value></value>
+				</dictionary>
+				<dictionary>
+					<key>org.eclipse.cdt.make.core.append_environment</key>
+					<value>true</value>
+				</dictionary>
+				<dictionary>
+					<key>org.eclipse.cdt.make.core.buildArguments</key>
+					<value>-j6</value>
+				</dictionary>
+				<dictionary>
+					<key>org.eclipse.cdt.make.core.buildCommand</key>
+					<value>${system:ECLIPSE_HOME}/../gnu/bin/mingw32-make</value>
+				</dictionary>
+				<dictionary>
+					<key>org.eclipse.cdt.make.core.buildLocation</key>
+					<value>${ProjDirPath}/twrk70f120m_Int_Flash_SramData_Debug</value>
+				</dictionary>
+				<dictionary>
+					<key>org.eclipse.cdt.make.core.contents</key>
+					<value>org.eclipse.cdt.make.core.activeConfigSettings</value>
+				</dictionary>
+				<dictionary>
+					<key>org.eclipse.cdt.make.core.enableAutoBuild</key>
+					<value>false</value>
+				</dictionary>
+				<dictionary>
+					<key>org.eclipse.cdt.make.core.enableCleanBuild</key>
+					<value>true</value>
+				</dictionary>
+				<dictionary>
+					<key>org.eclipse.cdt.make.core.enableFullBuild</key>
+					<value>true</value>
+				</dictionary>
+				<dictionary>
+					<key>org.eclipse.cdt.make.core.stopOnError</key>
+					<value>true</value>
+				</dictionary>
+				<dictionary>
+					<key>org.eclipse.cdt.make.core.useDefaultBuildCmd</key>
+					<value>true</value>
+				</dictionary>
+			</arguments>
+		</buildCommand>
+		<buildCommand>
+			<name>org.eclipse.cdt.managedbuilder.core.ScannerConfigBuilder</name>
+			<triggers>full,incremental,</triggers>
+			<arguments>
+			</arguments>
+		</buildCommand>
+	</buildSpec>
+	<natures>
+		<nature>org.eclipse.cdt.core.cnature</nature>
+		<nature>org.eclipse.cdt.managedbuilder.core.managedBuildNature</nature>
+		<nature>org.eclipse.cdt.managedbuilder.core.ScannerConfigNature</nature>
+	</natures>
+	<linkedResources>
+		<link>
+			<name>Sources/ctaocrypt_src</name>
+			<type>2</type>
+			<locationURI>PARENT-2-PROJECT_LOC/ctaocrypt/src</locationURI>
+		</link>
+		<link>
+			<name>Sources/cyassl_src</name>
+			<type>2</type>
+			<locationURI>PARENT-2-PROJECT_LOC/src</locationURI>
+		</link>
+	</linkedResources>
+	<filteredResources>
+		<filter>
+			<id>1351802255000</id>
+			<name>Sources/ctaocrypt_src</name>
+			<type>6</type>
+			<matcher>
+				<id>org.eclipse.ui.ide.multiFilter</id>
+				<arguments>1.0-name-matches-false-false-aes_asm.s</arguments>
+			</matcher>
+		</filter>
+	</filteredResources>
+	<variableList>
+		<variable>
+			<name>CYASSL_SOURCES</name>
+			<value>PARENT-2-PROJECT_LOC</value>
+		</variable>
+		<variable>
+			<name>MQX_ROOT_DIR</name>
+			<value>file:/C:/Freescale/Freescale%20MQX%203.8</value>
+		</variable>
+	</variableList>
+</projectDescription>
--- a/Show More
+++ b/Show More