Merge branch 'master' of https://github.com/wolfSSL/wolfssl

2015-08-13 10:20:47 +02:00
parent 281ba1c4c5
commit 838a873cf1
98 changed files with 3195 additions and 794 deletions
--- a/IDE/IAR-EWARM/Projects/lib/wolfSSL-Lib.ewp
+++ b/IDE/IAR-EWARM/Projects/lib/wolfSSL-Lib.ewp
@@ -1956,9 +1956,15 @@
    <file>
      <name>$PROJ_DIR$\..\..\..\..\wolfcrypt\src\error.c</name>
    </file>
    <file>
      <name>$PROJ_DIR$\..\..\..\..\wolfcrypt\src\fe_low_mem.c</name>
    </file>
    <file>
      <name>$PROJ_DIR$\..\..\..\..\wolfcrypt\src\fe_operations.c</name>
    </file>
    <file>
      <name>$PROJ_DIR$\..\..\..\..\wolfcrypt\src\ge_low_mem.c</name>
    </file>
    <file>
      <name>$PROJ_DIR$\..\..\..\..\wolfcrypt\src\ge_operations.c</name>
    </file>
@@ -2022,9 +2028,15 @@
    <file>
      <name>$PROJ_DIR$\..\..\..\..\wolfcrypt\src\sha512.c</name>
    </file>
    <file>
      <name>$PROJ_DIR$\..\..\..\..\wolfcrypt\src\srp.c</name>
    </file>
    <file>
      <name>$PROJ_DIR$\..\..\..\..\wolfcrypt\src\tfm.c</name>
    </file>
    <file>
      <name>$PROJ_DIR$\..\..\..\..\wolfcrypt\src\wc_encrypt.c</name>
    </file>
    <file>
      <name>$PROJ_DIR$\..\..\..\..\wolfcrypt\src\wc_port.c</name>
    </file>
--- a/IDE/MDK5-ARM/Projects/CryptBenchmark/benchmark.c
+++ b/IDE/MDK5-ARM/Projects/CryptBenchmark/benchmark.c
@@ -797,7 +797,7 @@ void bench_blake2(void)
 #if !defined(NO_RSA) || !defined(NO_DH) \
                                || defined(CYASSL_KEYGEN) || defined(HAVE_ECC)
-static RNG rng;
+static WC_RNG rng;
 #endif
 #ifndef NO_RSA
--- a/IDE/MDK5-ARM/Projects/CryptTest/test.c
+++ b/IDE/MDK5-ARM/Projects/CryptTest/test.c
@@ -2667,7 +2667,7 @@ int random_test(void)
 int random_test(void)
 {
-    RNG  rng;
+    WC_RNG rng;
    byte block[32];
    int ret;
@@ -2693,7 +2693,7 @@ byte GetEntropy(ENTROPY_CMD cmd, byte* out);
 byte GetEntropy(ENTROPY_CMD cmd, byte* out)
 {
-    static RNG rng;
+    static WC_RNG rng;
    if (cmd == INIT)
        return (InitRng(&rng) == 0) ? 1 : 0;
@@ -2768,7 +2768,7 @@ int rsa_test(void)
    byte*   tmp;
    size_t bytes;
    RsaKey key;
-    RNG    rng;
+    WC_RNG rng;
    word32 idx = 0;
    int    ret;
    byte   in[] = "Everyone gets Friday off.";
@@ -3652,7 +3652,7 @@ int dh_test(void)
    byte   agree2[256];
    DhKey  key;
    DhKey  key2;
-    RNG    rng;
+    WC_RNG rng;
 #ifdef USE_CERT_BUFFERS_1024
@@ -3725,7 +3725,7 @@ int dsa_test(void)
    word32 idx = 0;
    byte   tmp[1024];
    DsaKey key;
-    RNG    rng;
+    WC_RNG rng;
    Sha    sha;
    byte   hash[SHA_DIGEST_SIZE];
    byte   signature[40];
@@ -4200,7 +4200,7 @@ int hkdf_test(void)
 int ecc_test(void)
 {
-    RNG     rng;
+    WC_RNG  rng;
    byte    sharedA[1024];
    byte    sharedB[1024];
    byte    sig[1024];
@@ -4300,7 +4300,7 @@ int ecc_test(void)
 int ecc_encrypt_test(void)
 {
-    RNG     rng;
+    WC_RNG  rng;
    int     ret;
    ecc_key userA, userB;
    byte    msg[48];
@@ -4669,7 +4669,7 @@ int pkcs7signed_test(void)
    char data[] = "Hello World";
    word32 dataSz, outSz, certDerSz, keyDerSz;
    PKCS7 msg;
-    RNG rng;
+    WC_RNG rng;
    byte transIdOid[] =
               { 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01,
--- a/IDE/MDK5-ARM/Projects/CyaSSL-Full/benchmark.c
+++ b/IDE/MDK5-ARM/Projects/CyaSSL-Full/benchmark.c
@@ -772,7 +772,7 @@ void bench_blake2(void)
 #if !defined(NO_RSA) || !defined(NO_DH) \
                                || defined(CYASSL_KEYGEN) || defined(HAVE_ECC)
-static RNG rng;
+static WC_RNG rng;
 #endif
 #ifndef NO_RSA
--- a/IDE/MDK5-ARM/Projects/CyaSSL-Full/test.c
+++ b/IDE/MDK5-ARM/Projects/CyaSSL-Full/test.c
@@ -2583,7 +2583,7 @@ int camellia_test(void)
 int random_test(void)
 {
-    RNG  rng;
+    WC_RNG rng;
    byte block[32];
    int ret;
@@ -2607,7 +2607,7 @@ byte GetEntropy(ENTROPY_CMD cmd, byte* out);
 byte GetEntropy(ENTROPY_CMD cmd, byte* out)
 {
-    static RNG rng;
+    static WC_RNG rng;
    if (cmd == INIT)
        return (InitRng(&rng) == 0) ? 1 : 0;
@@ -2682,7 +2682,7 @@ int rsa_test(void)
    byte*   tmp;
    size_t bytes;
    RsaKey key;
-    RNG    rng;
+    WC_RNG rng;
    word32 idx = 0;
    int    ret;
    byte   in[] = "Everyone gets Friday off.";
@@ -3558,7 +3558,7 @@ int dh_test(void)
    byte   agree2[256];
    DhKey  key;
    DhKey  key2;
-    RNG    rng;
+    WC_RNG rng;
 #ifdef USE_CERT_BUFFERS_1024
@@ -3631,7 +3631,7 @@ int dsa_test(void)
    word32 idx = 0;
    byte   tmp[1024];
    DsaKey key;
-    RNG    rng;
+    WC_RNG rng;
    Sha    sha;
    byte   hash[SHA_DIGEST_SIZE];
    byte   signature[40];
@@ -4098,7 +4098,7 @@ int hkdf_test(void)
 int ecc_test(void)
 {
-    RNG     rng;
+    WC_RNG  rng;
    byte    sharedA[1024];
    byte    sharedB[1024];
    byte    sig[1024];
@@ -4198,7 +4198,7 @@ int ecc_test(void)
 int ecc_encrypt_test(void)
 {
-    RNG     rng;
+    WC_RNG  rng;
    int     ret;
    ecc_key userA, userB;
    byte    msg[48];
@@ -4563,8 +4563,8 @@ int pkcs7signed_test(void)
    byte* out;
    char data[] = "Hello World";
    word32 dataSz, outSz, certDerSz, keyDerSz;
-    PKCS7 msg;
+    PKCS7  msg;
-    RNG rng;
+    WC_RNG rng;
    byte transIdOid[] =
               { 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01,
--- a/IDE/MYSQL/CMakeLists_wolfCrypt.txt
+++ b/IDE/MYSQL/CMakeLists_wolfCrypt.txt
@@ -29,14 +29,15 @@ SET(WOLFCRYPT_SOURCES		src/aes.c src/arc4.c src/asn.c src/blake2b.c
        src/integer.c src/logging.c src/md2.c src/md4.c src/md5.c src/memory.c
        src/misc.c src/pkcs7.c src/poly1305.c src/pwdbased.c src/rabbit.c
        src/random.c src/ripemd.c src/rsa.c src/sha.c src/sha256.c src/sha512.c
-        src/tfm.c src/wc_port.c
+        src/tfm.c src/wc_port.c src/wc_encrypt.c src/hash.c
        ../wolfssl/wolfcrypt/aes.h ../wolfssl/wolfcrypt/arc4.h ../wolfssl/wolfcrypt/asn.h ../wolfssl/wolfcrypt/blake2.h
        ../wolfssl/wolfcrypt/camellia.h ../wolfssl/wolfcrypt/chacha.h ../wolfssl/wolfcrypt/coding.h ../wolfssl/wolfcrypt/compress.h ../wolfssl/wolfcrypt/des3.h
        ../wolfssl/wolfcrypt/dh.h ../wolfssl/wolfcrypt/dsa.h ../wolfssl/wolfcrypt/ecc.h ../wolfssl/wolfcrypt/error-crypt.h ../wolfssl/wolfcrypt/hc128.h ../wolfssl/wolfcrypt/hmac.h
        ../wolfssl/wolfcrypt/integer.h ../wolfssl/wolfcrypt/logging.h ../wolfssl/wolfcrypt/md2.h ../wolfssl/wolfcrypt/md4.h ../wolfssl/wolfcrypt/md5.h ../wolfssl/wolfcrypt/memory.h
        ../wolfssl/wolfcrypt/misc.h ../wolfssl/wolfcrypt/pkcs7.h ../wolfssl/wolfcrypt/poly1305.h ../wolfssl/wolfcrypt/pwdbased.h ../wolfssl/wolfcrypt/rabbit.h
        ../wolfssl/wolfcrypt/random.h ../wolfssl/wolfcrypt/ripemd.h ../wolfssl/wolfcrypt/rsa.h ../wolfssl/wolfcrypt/sha.h ../wolfssl/wolfcrypt/sha256.h ../wolfssl/wolfcrypt/sha512.h
-        ../wolfssl/wolfcrypt/tfm.h ../wolfssl/wolfcrypt/wc_port.h
+        ../wolfssl/wolfcrypt/tfm.h ../wolfssl/wolfcrypt/wc_port.h ../wolfssl/wolfcrypt/wc_encrypt.h
        ../wolfssl/wolfcrypt/hash.h
   )
 ADD_CONVENIENCE_LIBRARY(wolfcrypt ${WOLFCRYPT_SOURCES})
--- a/IDE/iOS/wolfssl-FIPS.xcodeproj/project.pbxproj
+++ b/IDE/iOS/wolfssl-FIPS.xcodeproj/project.pbxproj
@@ -165,6 +165,8 @@
 		521648271A8AC2990062516A /* sha512.c in Sources */ = {isa = PBXBuildFile; fileRef = 5216481A1A8AC2990062516A /* sha512.c */; };
 		521648281A8AC2990062516A /* wolfcrypt_first.c in Sources */ = {isa = PBXBuildFile; fileRef = 5216481B1A8AC2990062516A /* wolfcrypt_first.c */; };
 		521648291A8AC2990062516A /* wolfcrypt_last.c in Sources */ = {isa = PBXBuildFile; fileRef = 5216481C1A8AC2990062516A /* wolfcrypt_last.c */; };
 		522DBE111B7929C80031F454 /* wc_encrypt.c in Sources */ = {isa = PBXBuildFile; fileRef = 522DBE101B7929C80031F454 /* wc_encrypt.c */; };
 		522DBE131B792A190031F454 /* wc_encrypt.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 522DBE121B7929E70031F454 /* wc_encrypt.h */; };
 		525BE5BA1B38853E0054BBCD /* hash.c in Sources */ = {isa = PBXBuildFile; fileRef = 525BE5B91B38853E0054BBCD /* hash.c */; };
 		525BE5BC1B3885750054BBCD /* hash.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 525BE5BB1B3885580054BBCD /* hash.h */; };
 /* End PBXBuildFile section */
@@ -176,6 +178,7 @@
 			dstPath = include/wolfssl/wolfcrypt;
 			dstSubfolderSpec = 7;
 			files = (
 				522DBE131B792A190031F454 /* wc_encrypt.h in CopyFiles */,
 				525BE5BC1B3885750054BBCD /* hash.h in CopyFiles */,
 				521646CD1A8A7FF30062516A /* aes.h in CopyFiles */,
 				521646CE1A8A7FF30062516A /* arc4.h in CopyFiles */,
@@ -473,6 +476,8 @@
 		5216481A1A8AC2990062516A /* sha512.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = sha512.c; path = ../../ctaocrypt/src/sha512.c; sourceTree = "<group>"; };
 		5216481B1A8AC2990062516A /* wolfcrypt_first.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = wolfcrypt_first.c; path = ../../ctaocrypt/src/wolfcrypt_first.c; sourceTree = "<group>"; };
 		5216481C1A8AC2990062516A /* wolfcrypt_last.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = wolfcrypt_last.c; path = ../../ctaocrypt/src/wolfcrypt_last.c; sourceTree = "<group>"; };
 		522DBE101B7929C80031F454 /* wc_encrypt.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = wc_encrypt.c; path = ../../wolfcrypt/src/wc_encrypt.c; sourceTree = SOURCE_ROOT; };
 		522DBE121B7929E70031F454 /* wc_encrypt.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = wc_encrypt.h; path = ../../wolfssl/wolfcrypt/wc_encrypt.h; sourceTree = "<group>"; };
 		525BE5B91B38853E0054BBCD /* hash.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = hash.c; path = ../../wolfcrypt/src/hash.c; sourceTree = "<group>"; };
 		525BE5BB1B3885580054BBCD /* hash.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = hash.h; path = ../../wolfssl/wolfcrypt/hash.h; sourceTree = "<group>"; };
 		52B1344D16F3C9E800C07B32 /* libwolfssl.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = libwolfssl.a; sourceTree = BUILT_PRODUCTS_DIR; };
@@ -613,6 +618,7 @@
 				521646861A8993770062516A /* tfm.h */,
 				521646871A8993770062516A /* types.h */,
 				521646881A8993770062516A /* visibility.h */,
 				522DBE121B7929E70031F454 /* wc_encrypt.h */,
 				521646891A8993770062516A /* wc_port.h */,
 			);
 			name = wolfCrypt;
@@ -680,6 +686,7 @@
 				5216462E1A8992CC0062516A /* sha256.c */,
 				5216462F1A8992CC0062516A /* sha512.c */,
 				521646301A8992CC0062516A /* tfm.c */,
 				522DBE101B7929C80031F454 /* wc_encrypt.c */,
 				521646311A8992CC0062516A /* wc_port.c */,
 			);
 			name = wolfCrypt;
@@ -828,6 +835,7 @@
 				521646351A8992CC0062516A /* blake2b.c in Sources */,
 				5216464C1A8992CC0062516A /* ripemd.c in Sources */,
 				521646451A8992CC0062516A /* memory.c in Sources */,
 				522DBE111B7929C80031F454 /* wc_encrypt.c in Sources */,
 				5216463C1A8992CC0062516A /* ecc.c in Sources */,
 				5216464F1A8992CC0062516A /* sha256.c in Sources */,
 				521646371A8992CC0062516A /* chacha.c in Sources */,
--- a/IDE/iOS/wolfssl.xcodeproj/project.pbxproj
+++ b/IDE/iOS/wolfssl.xcodeproj/project.pbxproj
@@ -153,6 +153,8 @@
 		5216472A1A8A80100062516A /* types.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 521646BE1A8993F50062516A /* types.h */; };
 		5216472B1A8A80100062516A /* visibility.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 521646BF1A8993F50062516A /* visibility.h */; };
 		5216472C1A8A80100062516A /* wc_port.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 521646C01A8993F50062516A /* wc_port.h */; };
 		522DBE0D1B7926FB0031F454 /* wc_encrypt.c in Sources */ = {isa = PBXBuildFile; fileRef = 522DBE0C1B7926FB0031F454 /* wc_encrypt.c */; };
 		522DBE0F1B7927A50031F454 /* wc_encrypt.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 522DBE0E1B7927290031F454 /* wc_encrypt.h */; };
 		525BE5341B3869110054BBCD /* hash.c in Sources */ = {isa = PBXBuildFile; fileRef = 525BE5331B3869110054BBCD /* hash.c */; };
 		525BE5361B3869780054BBCD /* hash.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 525BE5351B3869430054BBCD /* hash.h */; };
 /* End PBXBuildFile section */
@@ -164,6 +166,7 @@
 			dstPath = include/wolfssl/wolfcrypt;
 			dstSubfolderSpec = 7;
 			files = (
 				522DBE0F1B7927A50031F454 /* wc_encrypt.h in CopyFiles */,
 				525BE5361B3869780054BBCD /* hash.h in CopyFiles */,
 				521646CD1A8A7FF30062516A /* aes.h in CopyFiles */,
 				521646CE1A8A7FF30062516A /* arc4.h in CopyFiles */,
@@ -449,6 +452,8 @@
 		521646BE1A8993F50062516A /* types.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = types.h; path = ../../cyassl/ctaocrypt/types.h; sourceTree = "<group>"; };
 		521646BF1A8993F50062516A /* visibility.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = visibility.h; path = ../../cyassl/ctaocrypt/visibility.h; sourceTree = "<group>"; };
 		521646C01A8993F50062516A /* wc_port.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = wc_port.h; path = ../../cyassl/ctaocrypt/wc_port.h; sourceTree = "<group>"; };
 		522DBE0C1B7926FB0031F454 /* wc_encrypt.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = wc_encrypt.c; path = ../../wolfcrypt/src/wc_encrypt.c; sourceTree = SOURCE_ROOT; };
 		522DBE0E1B7927290031F454 /* wc_encrypt.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = wc_encrypt.h; path = ../../wolfssl/wolfcrypt/wc_encrypt.h; sourceTree = "<group>"; };
 		525BE5331B3869110054BBCD /* hash.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = hash.c; path = ../../wolfcrypt/src/hash.c; sourceTree = "<group>"; };
 		525BE5351B3869430054BBCD /* hash.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = hash.h; path = ../../wolfssl/wolfcrypt/hash.h; sourceTree = "<group>"; };
 		52B1344D16F3C9E800C07B32 /* libwolfssl.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = libwolfssl.a; sourceTree = BUILT_PRODUCTS_DIR; };
@@ -589,6 +594,7 @@
 				521646861A8993770062516A /* tfm.h */,
 				521646871A8993770062516A /* types.h */,
 				521646881A8993770062516A /* visibility.h */,
 				522DBE0E1B7927290031F454 /* wc_encrypt.h */,
 				521646891A8993770062516A /* wc_port.h */,
 			);
 			name = wolfCrypt;
@@ -655,6 +661,7 @@
 				5216462E1A8992CC0062516A /* sha256.c */,
 				5216462F1A8992CC0062516A /* sha512.c */,
 				521646301A8992CC0062516A /* tfm.c */,
 				522DBE0C1B7926FB0031F454 /* wc_encrypt.c */,
 				521646311A8992CC0062516A /* wc_port.c */,
 			);
 			name = wolfCrypt;
@@ -764,6 +771,7 @@
 				5216460F1A89928E0062516A /* ssl.c in Sources */,
 				5216464D1A8992CC0062516A /* rsa.c in Sources */,
 				5216464B1A8992CC0062516A /* random.c in Sources */,
 				522DBE0D1B7926FB0031F454 /* wc_encrypt.c in Sources */,
 				521646101A89928E0062516A /* tls.c in Sources */,
 				5216460D1A89928E0062516A /* ocsp.c in Sources */,
 				521646431A8992CC0062516A /* md4.c in Sources */,
--- a/autogen.sh
+++ b/autogen.sh
@@ -9,17 +9,7 @@ if test -d .git; then
    mkdir .git/hooks
  fi
  ln -s -f ../../pre-commit.sh .git/hooks/pre-commit
-fi
+  ln -s -f ../../pre-push.sh .git/hooks/pre-push
 # Set HAVE_FIPS_SOURCE to 1 in your .profile if you have access to the FIPS
 # repository. (Hint: If you don't work for us, you don't. This will fail.)
 if test -n "$HAVE_FIPS_SOURCE" -a ! -d ./fips; then
  git clone git@github.com:wolfSSL/fips.git
  SAVEDIR=`pwd`
  cd ./ctaocrypt/src
  ln -sf ../../fips/fips.c
  ln -sf ../../fips/fips_test.c
  cd $SAVEDIR
 fi
 # If this is a source checkout then call autoreconf with error as well
--- a/commit-tests.sh
+++ b/commit-tests.sh
@@ -31,12 +31,4 @@ make -j 8 test;
 RESULT=$?
 [ $RESULT -ne 0 ] && echo -e "\n\nFull config make test failed" && exit 1
 if [ -n "$HAVE_FIPS_SOURCE" ];
 then
    echo -e "\n\nTesting with FIPS release code...\n\n"
    ./fips-check.sh
    RESULT=$?
    [ $RESULT -ne 0 ] && echo -e "\n\nFIPS build test failed" && exit 1
 fi
 exit 0
--- a/configure.ac
+++ b/configure.ac
@@ -6,7 +6,7 @@
 #
 #
-AC_INIT([wolfssl],[3.6.2],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[http://www.wolfssl.com])
+AC_INIT([wolfssl],[3.6.3],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[http://www.wolfssl.com])
 AC_CONFIG_AUX_DIR([build-aux])
@@ -85,7 +85,7 @@ AC_CHECK_TYPES(__uint128_t)
 AC_C_BIGENDIAN
 # mktime check takes forever on some systems, if time supported it would be
 # highly unusual for mktime to be missing
-#AC_FUNC_MKTIME 
+#AC_FUNC_MKTIME
 AC_PROG_CC
 AC_PROG_CC_C_O
@@ -199,7 +199,7 @@ fi
 AM_CONDITIONAL([BUILD_IPV6], [test "x$ENABLED_IPV6" = "xyes"])
-# Fortress build 
+# Fortress build
 AC_ARG_ENABLE([fortress],
    [  --enable-fortress       Enable SSL fortress build (default: disabled)],
    [ ENABLED_FORTRESS=$enableval ],
@@ -217,7 +217,7 @@ then
 fi
-# ssl bump build 
+# ssl bump build
 AC_ARG_ENABLE([bump],
    [  --enable-bump           Enable SSL Bump build (default: disabled)],
    [ ENABLED_BUMP=$enableval ],
@@ -231,7 +231,7 @@ fi
 ENABLED_SLOWMATH="yes"
-# lean psk build 
+# lean psk build
 AC_ARG_ENABLE([leanpsk],
    [  --enable-leanpsk        Enable Lean PSK build (default: disabled)],
    [ ENABLED_LEANPSK=$enableval ],
@@ -287,7 +287,7 @@ then
 fi
-# Persistent session cache 
+# Persistent session cache
 AC_ARG_ENABLE([savesession],
    [  --enable-savesession    Enable persistent session cache (default: disabled)],
    [ ENABLED_SAVESESSION=$enableval ],
@@ -300,7 +300,7 @@ then
 fi
-# Persistent cert cache 
+# Persistent cert cache
 AC_ARG_ENABLE([savecert],
    [  --enable-savecert       Enable persistent cert cache (default: disabled)],
    [ ENABLED_SAVECERT=$enableval ],
@@ -313,7 +313,7 @@ then
 fi
-# Atomic User Record Layer  
+# Atomic User Record Layer
 AC_ARG_ENABLE([atomicuser],
    [  --enable-atomicuser     Enable Atomic User Record Layer (default: disabled)],
    [ ENABLED_ATOMICUSER=$enableval ],
@@ -326,7 +326,7 @@ then
 fi
-# Public Key Callbacks  
+# Public Key Callbacks
 AC_ARG_ENABLE([pkcallbacks],
    [  --enable-pkcallbacks    Enable Public Key Callbacks (default: disabled)],
    [ ENABLED_PKCALLBACKS=$enableval ],
@@ -491,7 +491,7 @@ fi
 AM_CONDITIONAL([BUILD_MD2], [test "x$ENABLED_MD2" = "xyes"])
-# NULL CIPHER 
+# NULL CIPHER
 AC_ARG_ENABLE([nullcipher],
    [  --enable-nullcipher     Enable wolfSSL NULL cipher support (default: disabled)],
    [ ENABLED_NULL_CIPHER=$enableval ],
@@ -650,7 +650,7 @@ then
 fi
-# HKDF 
+# HKDF
 AC_ARG_ENABLE([hkdf],
    [  --enable-hkdf           Enable HKDF (HMAC-KDF) support (default: disabled)],
    [ ENABLED_HKDF=$enableval ],
@@ -802,7 +802,7 @@ if test "$ENABLED_FPECC" = "yes"
 then
    if test "$ENABLED_ECC" = "no"
    then
-        AC_MSG_ERROR([cannot enable fpecc without enabling ecc.]) 
+        AC_MSG_ERROR([cannot enable fpecc without enabling ecc.])
    fi
    AM_CFLAGS="$AM_CFLAGS -DFP_ECC"
 fi
@@ -819,17 +819,17 @@ if test "$ENABLED_ECC_ENCRYPT" = "yes"
 then
    if test "$ENABLED_ECC" = "no"
    then
-        AC_MSG_ERROR([cannot enable eccencrypt without enabling ecc.]) 
+        AC_MSG_ERROR([cannot enable eccencrypt without enabling ecc.])
    fi
    if test "$ENABLED_HKDF" = "no"
    then
-        AC_MSG_ERROR([cannot enable eccencrypt without enabling hkdf.]) 
+        AC_MSG_ERROR([cannot enable eccencrypt without enabling hkdf.])
    fi
    AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC_ENCRYPT"
 fi
-# PSK 
+# PSK
 AC_ARG_ENABLE([psk],
    [  --enable-psk            Enable PSK (default: disabled)],
    [ ENABLED_PSK=$enableval ],
@@ -867,7 +867,7 @@ else
 fi
-# OLD TLS 
+# OLD TLS
 AC_ARG_ENABLE([oldtls],
    [  --enable-oldtls         Enable old TLS versions < 1.2 (default: enabled)],
    [ ENABLED_OLD_TLS=$enableval ],
@@ -887,7 +887,20 @@ else
 fi
-# STACK SIZE info for examples 
+# SSLv3
 AC_ARG_ENABLE([sslv3],
    [  --enable-sslv3         Enable SSL version 3.0 (default: disabled)],
    [ ENABLED_SSLV3=$enableval ],
    [ ENABLED_SSLV3=no]
    )
 if test "$ENABLED_SSLV3" = "yes"
 then
    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALLOW_SSLV3"
 fi
 # STACK SIZE info for examples
 AC_ARG_ENABLE([stacksize],
    [  --enable-stacksize      Enable stack size info on examples (default: disabled)],
    [ ENABLED_STACKSIZE=$enableval ],
@@ -902,7 +915,7 @@ then
 fi
-# MEMORY 
+# MEMORY
 AC_ARG_ENABLE([memory],
    [  --enable-memory         Enable memory callbacks (default: enabled)],
    [ ENABLED_MEMORY=$enableval ],
@@ -924,7 +937,7 @@ fi
 AM_CONDITIONAL([BUILD_MEMORY], [test "x$ENABLED_MEMORY" = "xyes"])
-# RSA 
+# RSA
 AC_ARG_ENABLE([rsa],
    [  --enable-rsa            Enable RSA (default: enabled)],
    [ ENABLED_RSA=$enableval ],
@@ -1129,7 +1142,7 @@ fi
 AM_CONDITIONAL([BUILD_DES3], [test "x$ENABLED_DES3" = "xyes"])
-# ARC4 
+# ARC4
 AC_ARG_ENABLE([arc4],
    [  --enable-arc4           Enable ARC4 (default: disabled)],
    [ ENABLED_ARC4=$enableval ],
@@ -1156,7 +1169,7 @@ fi
 AM_CONDITIONAL([BUILD_RC4], [test "x$ENABLED_ARC4" = "xyes"])
-# MD5 
+# MD5
 AC_ARG_ENABLE([md5],
    [  --enable-md5            Enable MD5 (default: enabled)],
    [ ENABLED_MD5=$enableval ],
@@ -1178,7 +1191,7 @@ fi
 AM_CONDITIONAL([BUILD_MD5], [test "x$ENABLED_MD5" = "xyes"])
-# SHA 
+# SHA
 AC_ARG_ENABLE([sha],
    [  --enable-sha            Enable SHA (default: enabled)],
    [ ENABLED_SHA=$enableval ],
@@ -1200,7 +1213,7 @@ fi
 AM_CONDITIONAL([BUILD_SHA], [test "x$ENABLED_SHA" = "xyes"])
-# Web Server Build 
+# Web Server Build
 AC_ARG_ENABLE([webserver],
    [  --enable-webserver      Enable Web Server (default: disabled)],
    [ ENABLED_WEBSERVER=$enableval ],
@@ -1214,7 +1227,7 @@ fi
-# HC128 
+# HC128
 AC_ARG_ENABLE([hc128],
    [  --enable-hc128          Enable HC-128 (default: disabled)],
    [ ENABLED_HC128=$enableval ],
@@ -1360,7 +1373,7 @@ else
 fi
-# Filesystem Build 
+# Filesystem Build
 AC_ARG_ENABLE([filesystem],
    [  --enable-filesystem     Enable Filesystem support (default: enabled)],
    [ ENABLED_FILESYSTEM=$enableval ],
@@ -1380,7 +1393,7 @@ else
 fi
-# inline Build 
+# inline Build
 AC_ARG_ENABLE([inline],
    [  --enable-inline         Enable inline functions (default: enabled)],
    [ ENABLED_INLINE=$enableval ],
@@ -1502,7 +1515,7 @@ AM_CONDITIONAL([BUILD_NTRU], [test "x$ENABLED_NTRU" = "xyes"])
 if test "$ENABLED_NTRU" = "yes" && test "$ENABLED_SMALL" = "yes"
 then
-    AC_MSG_ERROR([cannot enable ntru and small, ntru requires TLS which small turns off.]) 
+    AC_MSG_ERROR([cannot enable ntru and small, ntru requires TLS which small turns off.])
 fi
 # SNI
@@ -1658,6 +1671,22 @@ then
 fi
 # Secure Remote Password
 AC_ARG_ENABLE([srp],
    [  --enable-srp            Enable Secure Remote Password (default: disabled)],
    [ ENABLED_SRP=$enableval ],
    [ ENABLED_SRP=no ]
    )
 if test "x$ENABLED_SRP" = "xyes"
 then
    AM_CFLAGS="$AM_CFLAGS -DWOLFCRYPT_HAVE_SRP"
 fi
 AM_CONDITIONAL([BUILD_SRP], [test "x$ENABLED_SRP" = "xyes"])
 # Small Stack
 AC_ARG_ENABLE([smallstack],
    [  --enable-smallstack     Enable Small Stack Usage (default: disabled)],
@@ -1694,7 +1723,7 @@ fi
 AM_CONDITIONAL([USE_VALGRIND], [test "x$ENABLED_VALGRIND" = "xyes"])
-# Test certs, use internal cert functions for extra testing 
+# Test certs, use internal cert functions for extra testing
 AC_ARG_ENABLE([testcert],
    [  --enable-testcert       Enable Test Cert (default: disabled)],
    [ ENABLED_TESTCERT=$enableval ],
@@ -1725,7 +1754,7 @@ then
 fi
-# Certificate Service Support 
+# Certificate Service Support
 AC_ARG_ENABLE([certservice],
    [  --enable-certservice    Enable cert service (default: disabled)],
    [ ENABLED_CERT_SERVICE=$enableval ],
@@ -1967,7 +1996,7 @@ AC_ARG_WITH([libz],
 AM_CONDITIONAL([BUILD_LIBZ], [test "x$ENABLED_LIBZ" = "xyes"])
-# cavium 
+# cavium
 trycaviumdir=""
 AC_ARG_WITH([cavium],
    [  --with-cavium=PATH      PATH to cavium/software dir ],
@@ -2112,6 +2141,10 @@ AS_IF([test "x$ENABLED_MAXSTRENGTH" = "xyes" && \
      [AM_CFLAGS="$AM_CFLAGS -DNO_OLD_TLS"
       ENABLED_OLD_TLS=no])
 AS_IF([test "x$ENABLED_MAXSTRENGTH" = "xyes" && \
       test "x$ENABLED_SSLV3" = "xyes"],
      [AC_MSG_ERROR([Cannot use Max Strength and SSLv3 at the same time.])])
 # OPTIMIZE FLAGS
 if test "$GCC" = "yes"
@@ -2138,6 +2171,12 @@ then
    AM_CFLAGS="$AM_CFLAGS -wd10006"
 fi
 # Expose HAVE___UINT128_T to options flags"
 if test "$ac_cv_type___uint128_t" = "yes"
 then
    AM_CFLAGS="$AM_CFLAGS -DHAVE___UINT128_T"
 fi
 LIB_SOCKET_NSL
 AX_HARDEN_CC_COMPILER_FLAGS
@@ -2187,7 +2226,7 @@ touch ctaocrypt/src/fips.c
 touch ctaocrypt/src/fips_test.c
 echo
-# generate user options header 
+# generate user options header
 echo "---"
 echo "Generating user options header..."
@@ -2197,7 +2236,7 @@ OPTION_FILE="wolfssl/options.h"
 #fi
 rm -f $OPTION_FILE
-echo "/* wolfssl options.h" > $OPTION_FILE 
+echo "/* wolfssl options.h" > $OPTION_FILE
 echo " * generated from configure options" >> $OPTION_FILE
 echo " *" >> $OPTION_FILE
 echo " * Copyright (C) 2006-2015 wolfSSL Inc." >> $OPTION_FILE
@@ -2206,13 +2245,13 @@ echo " * This file is part of wolfSSL. (formerly known as CyaSSL)" >> $OPTION_FI
 echo " *" >> $OPTION_FILE
 echo " */" >> $OPTION_FILE
-echo "" >> $OPTION_FILE 
+echo "" >> $OPTION_FILE
-echo "#pragma once" >> $OPTION_FILE 
+echo "#pragma once" >> $OPTION_FILE
-echo "" >> $OPTION_FILE 
+echo "" >> $OPTION_FILE
-echo "#ifdef __cplusplus" >> $OPTION_FILE 
+echo "#ifdef __cplusplus" >> $OPTION_FILE
-echo "extern \"C\" {" >> $OPTION_FILE 
+echo "extern \"C\" {" >> $OPTION_FILE
-echo "#endif" >> $OPTION_FILE 
+echo "#endif" >> $OPTION_FILE
-echo "" >> $OPTION_FILE 
+echo "" >> $OPTION_FILE
 for option in $OPTION_FLAGS; do
    defonly=`echo $option | sed 's/-D//'`
@@ -2248,11 +2287,11 @@ for option in $OPTION_FLAGS; do
    fi
 done
-echo "" >> $OPTION_FILE 
+echo "" >> $OPTION_FILE
-echo "#ifdef __cplusplus" >> $OPTION_FILE 
+echo "#ifdef __cplusplus" >> $OPTION_FILE
-echo "}" >> $OPTION_FILE 
+echo "}" >> $OPTION_FILE
-echo "#endif" >> $OPTION_FILE 
+echo "#endif" >> $OPTION_FILE
-echo "" >> $OPTION_FILE 
+echo "" >> $OPTION_FILE
 echo
 #backwards compatability for those who have included options or version
@@ -2283,7 +2322,7 @@ echo "   * Debug enabled:             $ax_enable_debug"
 echo "   * Warnings as failure:       $ac_cv_warnings_as_errors"
 echo "   * make -j:                   $enable_jobserver"
 echo "   * VCS checkout:              $ac_cv_vcs_checkout"
-echo 
+echo
 echo "   Features "
 echo "   * Single threaded:           $ENABLED_SINGLETHREADED"
 echo "   * Filesystem:                $ENABLED_FILESYSTEM"
@@ -2337,6 +2376,7 @@ echo "   * STUNNEL:                   $ENABLED_STUNNEL"
 echo "   * ERROR_STRINGS:             $ENABLED_ERROR_STRINGS"
 echo "   * DTLS:                      $ENABLED_DTLS"
 echo "   * Old TLS Versions:          $ENABLED_OLD_TLS"
 echo "   * SSL version 3.0:           $ENABLED_SSLV3"
 echo "   * OCSP:                      $ENABLED_OCSP"
 echo "   * CRL:                       $ENABLED_CRL"
 echo "   * CRL-MONITOR:               $ENABLED_CRL_MONITOR"
@@ -2355,10 +2395,10 @@ echo "   * Session Ticket:            $ENABLED_SESSION_TICKET"
 echo "   * All TLS Extensions:        $ENABLED_TLSX"
 echo "   * PKCS#7                     $ENABLED_PKCS7"
 echo "   * wolfSCEP                   $ENABLED_WOLFSCEP"
 echo "   * Secure Remote Password     $ENABLED_SRP"
 echo "   * Small Stack:               $ENABLED_SMALL_STACK"
 echo "   * valgrind unit tests:       $ENABLED_VALGRIND"
 echo "   * LIBZ:                      $ENABLED_LIBZ"
 echo "   * Examples:                  $ENABLED_EXAMPLES"
 echo ""
 echo "---"
--- a/examples/client/client.c
+++ b/examples/client/client.c
@@ -525,16 +525,17 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
 #ifdef USE_WOLFSSL_MEMORY
    if (trackMemory)
-        InitMemoryTracker(); 
+        InitMemoryTracker();
 #endif
    switch (version) {
 #ifndef NO_OLD_TLS
    #ifdef WOLFSSL_ALLOW_SSLV3
        case 0:
            method = wolfSSLv3_client_method();
            break;
-                
+    #endif
-                
+
    #ifndef NO_TLS
        case 1:
            method = wolfTLSv1_client_method();
@@ -544,9 +545,9 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
            method = wolfTLSv1_1_client_method();
            break;
    #endif /* NO_TLS */
-                
+
 #endif  /* NO_OLD_TLS */
-                
+
 #ifndef NO_TLS
        case 3:
            method = wolfTLSv1_2_client_method();
--- a/examples/echoclient/echoclient.c
+++ b/examples/echoclient/echoclient.c
@@ -111,8 +111,10 @@ void echoclient_test(void* args)
    method  = DTLSv1_2_client_method();
 #elif  !defined(NO_TLS)
    method = CyaSSLv23_client_method();
-#else
+#elif defined(WOLFSSL_ALLOW_SSLV3)
    method = SSLv3_client_method();
 #else
    #error "no valid client method type"
 #endif
    ctx    = SSL_CTX_new(method);
--- a/examples/echoserver/echoserver.c
+++ b/examples/echoserver/echoserver.c
@@ -132,8 +132,10 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
    method  = CyaDTLSv1_2_server_method();
 #elif  !defined(NO_TLS)
    method = CyaSSLv23_server_method();
-#else
+#elif defined(WOLFSSL_ALLOW_SSLV3)
    method = CyaSSLv3_server_method();
 #else
    #error "no valid server method built in"
 #endif
    ctx    = CyaSSL_CTX_new(method);
    /* CyaSSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF); */
--- a/examples/server/server.c
+++ b/examples/server/server.c
@@ -158,6 +158,9 @@ static void Usage(void)
 #ifdef HAVE_ANON
    printf("-a          Anonymous server\n");
 #endif
 #ifndef NO_PSK
    printf("-I          Do not send PSK identity hint\n");
 #endif
 }
 THREAD_RETURN CYASSL_THREAD server_test(void* args)
@@ -199,6 +202,10 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
    int    argc = ((func_args*)args)->argc;
    char** argv = ((func_args*)args)->argv;
 #ifndef NO_PSK
    int sendPskIdentityHint = 1;
 #endif
 #ifdef HAVE_SNI
    char*  sniHostName = NULL;
 #endif
@@ -230,7 +237,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
    fdOpenSession(Task_self());
 #endif
-    while ((ch = mygetopt(argc, argv, "?dbstnNufrRawPp:v:l:A:c:k:Z:S:oO:D:"))
+    while ((ch = mygetopt(argc, argv, "?dbstnNufrRawPIp:v:l:A:c:k:Z:S:oO:D:"))
                         != -1) {
        switch (ch) {
            case '?' :
@@ -363,6 +370,11 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
                    useAnon = 1;
                #endif
                break;
            case 'I':
                #ifndef NO_PSK
                    sendPskIdentityHint = 0;
                #endif
                break;
            default:
                Usage();
@@ -390,14 +402,16 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
 #ifdef USE_CYASSL_MEMORY
    if (trackMemory)
-        InitMemoryTracker(); 
+        InitMemoryTracker();
 #endif
    switch (version) {
 #ifndef NO_OLD_TLS
    #ifdef WOLFSSL_ALLOW_SSLV3
        case 0:
            method = SSLv3_server_method();
            break;
    #endif
    #ifndef NO_TLS
        case 1:
@@ -500,7 +514,10 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
    if (usePsk) {
 #ifndef NO_PSK
        SSL_CTX_set_psk_server_callback(ctx, my_psk_server_cb);
-        SSL_CTX_use_psk_identity_hint(ctx, "cyassl server");
+
        if (sendPskIdentityHint == 1)
            SSL_CTX_use_psk_identity_hint(ctx, "cyassl server");
        if (cipherList == NULL) {
            const char *defaultCipherList;
            #if defined(HAVE_AESGCM) && !defined(NO_DH)
--- a/fips-check.sh
+++ b/fips-check.sh
@@ -79,13 +79,13 @@ linux)
 esac
 git clone . $TEST_DIR
-[ $? -ne 0 ] && echo -e "\n\nCouldn't duplicate current working directory.\n\n" && exit 1
+[ $? -ne 0 ] && echo "\n\nCouldn't duplicate current working directory.\n\n" && exit 1
 pushd $TEST_DIR
 # make a clone of the last FIPS release tag
 git clone -b $CTAO_VERSION $CTAO_REPO old-tree
-[ $? -ne 0 ] && echo -e "\n\nCouldn't checkout the FIPS release.\n\n" && exit 1
+[ $? -ne 0 ] && echo "\n\nCouldn't checkout the FIPS release.\n\n" && exit 1
 for MOD in ${WC_MODS[@]}
 do
@@ -102,7 +102,7 @@ cp old-tree/$WC_INC_PATH/random.h $WC_INC_PATH
 # clone the FIPS repository
 git clone -b $FIPS_VERSION $FIPS_REPO fips
-[ $? -ne 0 ] && echo -e "\n\nCouldn't checkout the FIPS repository.\n\n" && exit 1
+[ $? -ne 0 ] && echo "\n\nCouldn't checkout the FIPS repository.\n\n" && exit 1
 for SRC in ${FIPS_SRCS[@]}
 do
@@ -113,7 +113,7 @@ done
 ./autogen.sh
 ./configure --enable-fips
 make
-[ $? -ne 0 ] && echo -e "\n\nMake failed. Debris left for analysis." && exit 1
+[ $? -ne 0 ] && echo "\n\nMake failed. Debris left for analysis." && exit 1
 NEWHASH=`./wolfcrypt/test/testwolfcrypt | sed -n 's/hash = \(.*\)/\1/p'`
 if [ -n "$NEWHASH" ]; then
@@ -122,7 +122,7 @@ if [ -n "$NEWHASH" ]; then
 fi
 make test
-[ $? -ne 0 ] && echo -e "\n\nTest failed. Debris left for analysis." && exit 1
+[ $? -ne 0 ] && echo "\n\nTest failed. Debris left for analysis." && exit 1
 # Clean up
 popd
--- a/mcapi/crypto.c
+++ b/mcapi/crypto.c
@@ -285,13 +285,13 @@ int CRYPT_HUFFMAN_DeCompress(unsigned char* out, unsigned int outSz,
 /* RNG Initialize, < 0 on error */
 int CRYPT_RNG_Initialize(CRYPT_RNG_CTX* rng)
 {
-    typedef char rng_test[sizeof(CRYPT_RNG_CTX) >= sizeof(RNG) ? 1 : -1];
+    typedef char rng_test[sizeof(CRYPT_RNG_CTX) >= sizeof(WC_RNG) ? 1 : -1];
    (void)sizeof(rng_test);
    if (rng == NULL)
        return BAD_FUNC_ARG;
-    return InitRng((RNG*)rng);
+    return InitRng((WC_RNG*)rng);
 }
@@ -301,7 +301,7 @@ int CRYPT_RNG_Get(CRYPT_RNG_CTX* rng, unsigned char* b)
    if (rng == NULL || b == NULL)
        return BAD_FUNC_ARG;
-    return RNG_GenerateByte((RNG*)rng, (byte*)b);
+    return RNG_GenerateByte((WC_RNG*)rng, (byte*)b);
 }
@@ -312,7 +312,7 @@ int CRYPT_RNG_BlockGenerate(CRYPT_RNG_CTX* rng, unsigned char* b,
    if (rng == NULL || b == NULL)
        return BAD_FUNC_ARG;
-    return RNG_GenerateBlock((RNG*)rng, b, sz);
+    return RNG_GenerateBlock((WC_RNG*)rng, b, sz);
 }
@@ -512,7 +512,7 @@ int CRYPT_RSA_PublicEncrypt(CRYPT_RSA_CTX* rsa, unsigned char* out,
        return BAD_FUNC_ARG;
    return RsaPublicEncrypt(in, inSz, out, outSz, (RsaKey*)rsa->holder,
-                            (RNG*)rng);
+                            (WC_RNG*)rng);
 }
@@ -614,7 +614,7 @@ int CRYPT_ECC_DHE_KeyMake(CRYPT_ECC_CTX* ecc, CRYPT_RNG_CTX* rng, int keySz)
    if (ecc == NULL || rng == NULL)
        return BAD_FUNC_ARG;
-    return wc_ecc_make_key((RNG*)rng, keySz, (ecc_key*)ecc->holder);
+    return wc_ecc_make_key((WC_RNG*)rng, keySz, (ecc_key*)ecc->holder);
 }
@@ -649,7 +649,7 @@ int CRYPT_ECC_DSA_HashSign(CRYPT_ECC_CTX* ecc, CRYPT_RNG_CTX* rng,
                                                                in == NULL)
        return BAD_FUNC_ARG;
-    ret = wc_ecc_sign_hash(in, inSz, sig, &inOut, (RNG*)rng,
+    ret = wc_ecc_sign_hash(in, inSz, sig, &inOut, (WC_RNG*)rng,
                       (ecc_key*)ecc->holder);
    *usedSz = inOut;
--- a/mcapi/mcapi_test.c
+++ b/mcapi/mcapi_test.c
@@ -69,7 +69,7 @@ static byte ourData[OUR_DATA_SIZE];
 static byte* key = NULL;
 static byte* iv  = NULL;
 static CRYPT_RNG_CTX mcRng;
-static RNG           defRng;
+static WC_RNG        defRng;
 static int check_md5(void);
 static int check_sha(void);
--- a/mplabx/README
+++ b/mplabx/README
@@ -25,13 +25,13 @@ Included Project Files
    <wolfssl_root>/mplabx/wolfssl.X/dist/default/production/wolfssl.X.a
 2. wolfCrypt Test App (wolfcrypt_test.X)
-    
+
    This project tests the wolfCrypt cryptography modules. It is generally
    a good idea to run this first on an embedded system after compiling
    wolfSSL in order to verify all underlying crypto is working correctly.
 3. wolfCrypt Benchmark App (wolfcrypt_benchmark.X)
-    
+
    This project builds the wolfCrypt benchmark application.
    For the benchmark timer, adjust CLOCK value under
    "#elif defined MICROCHIP_PIC32" in wolfcrypt/benchmark/benchmark.c
@@ -40,7 +40,7 @@ PIC32MX/PIC32MZ
 ---------------
 The projects are set for PIC32MX by default. For PIC32MZ, change project
-properties->Devices and add "CYASSL_MICROCHIP_PIC32M" to 
+properties->Devices and add "WOLFSSL_MICROCHIP_PIC32MZ" to
 XC32-gcc->Preprocessing and messages-> Preprocessor macros.
--- a/mplabx/wolfssl.X/nbproject/configurations.xml
+++ b/mplabx/wolfssl.X/nbproject/configurations.xml
@@ -50,6 +50,15 @@
        <itemPath>../../wolfcrypt/src/tfm.c</itemPath>
        <itemPath>../../wolfcrypt/src/wc_port.c</itemPath>
        <itemPath>../../wolfcrypt/src/port/pic32/pic32mz-hash.c</itemPath>
        <itemPath>../../wolfcrypt/src/hash.c</itemPath>
        <itemPath>../../wolfcrypt/src/chacha20_poly1305.c</itemPath>
        <itemPath>../../wolfcrypt/src/curve25519.c</itemPath>
        <itemPath>../../wolfcrypt/src/ed25519.c</itemPath>
        <itemPath>../../wolfcrypt/src/fe_low_mem.c</itemPath>
        <itemPath>../../wolfcrypt/src/fe_operations.c</itemPath>
        <itemPath>../../wolfcrypt/src/ge_low_mem.c</itemPath>
        <itemPath>../../wolfcrypt/src/ge_operations.c</itemPath>
        <itemPath>../../wolfcrypt/src/wc_encrypt.c</itemPath>
      </logicalFolder>
      <logicalFolder name="f1" displayName="wolfssl" projectFiles="true">
        <itemPath>../../src/crl.c</itemPath>
@@ -85,7 +94,7 @@
        <targetPluginBoard></targetPluginBoard>
        <platformTool>PKOBSKDEPlatformTool</platformTool>
        <languageToolchain>XC32</languageToolchain>
-        <languageToolchainVersion></languageToolchainVersion>
+        <languageToolchainVersion>1.33</languageToolchainVersion>
        <platform>4</platform>
      </toolsSet>
      <compileType>
--- a/pre-push.sh
+++ b/pre-push.sh
@@ -0,0 +1,19 @@
 #!/bin/sh
 #
 #
 # Our "pre-push" hook.
 RESULT=0
 if [ -d ./fips ];
 then
    echo "\n\nTesting with FIPS release code...\n\n"
    ./fips-check.sh
    RESULT=$?
    [ $RESULT -ne 0 ] && echo -e "\n\nFIPS build test failed" && exit 1
 fi
 [ $RESULT -ne 0 ] && echo "\nOops, your push failed\n" && exit 1
 echo "\nPush tests passed!\n"
 exit 0
--- a/scripts/resume.test
+++ b/scripts/resume.test
@@ -6,6 +6,7 @@
 resume_port=11112
 no_pid=-1
 server_pid=$no_pid
 counter=0
 remove_ready_file() {
@@ -41,9 +42,10 @@ remove_ready_file
 ./examples/server/server -r -R -p $resume_port &
 server_pid=$!
-while [ ! -s /tmp/wolfssl_server_ready ]; do
+while [ ! -s /tmp/wolfssl_server_ready -a "$counter" -lt 20 ]; do
    echo -e "waiting for server_ready file..."
    sleep 0.1
    counter=$((counter+ 1))
 done
 ./examples/client/client -r -p $resume_port
--- a/src/include.am
+++ b/src/include.am
@@ -74,6 +74,7 @@ endif
 src_libwolfssl_la_SOURCES += \
               wolfcrypt/src/logging.c \
               wolfcrypt/src/wc_encrypt.c \
               wolfcrypt/src/wc_port.c \
               wolfcrypt/src/error.c
@@ -200,6 +201,10 @@ if BUILD_PKCS7
 src_libwolfssl_la_SOURCES += wolfcrypt/src/pkcs7.c
 endif
 if BUILD_SRP
 src_libwolfssl_la_SOURCES += wolfcrypt/src/srp.c
 endif
 # ssl files
 src_libwolfssl_la_SOURCES += \
               src/internal.c \
@@ -219,4 +224,3 @@ endif
 if BUILD_SNIFFER
 src_libwolfssl_la_SOURCES += src/sniffer.c
 endif
--- a/src/internal.c
+++ b/src/internal.c
@@ -46,7 +46,11 @@
 #if defined(DEBUG_WOLFSSL) || defined(SHOW_SECRETS) || defined(CHACHA_AEAD_TEST)
    #ifdef FREESCALE_MQX
-        #include <fio.h>
+        #if MQX_USE_IO_OLD
            #include <fio.h>
        #else
            #include <nio.h>
        #endif
    #else
        #include <stdio.h>
    #endif
@@ -244,7 +248,7 @@ static int QSH_FreeAll(WOLFSSL* ssl)
 #ifdef HAVE_NTRU
-static RNG* rng;
+static WC_RNG* rng;
 static wolfSSL_Mutex* rngMutex;
 static word32 GetEntropy(unsigned char* out, word32 num_bytes)
@@ -252,7 +256,7 @@ static word32 GetEntropy(unsigned char* out, word32 num_bytes)
    int ret = 0;
    if (rng == NULL) {
-        if ((rng = XMALLOC(sizeof(RNG), 0, DYNAMIC_TYPE_TLSX)) == NULL)
+        if ((rng = XMALLOC(sizeof(WC_RNG), 0, DYNAMIC_TYPE_TLSX)) == NULL)
            return DRBG_OUT_OF_MEMORY;
        wc_InitRng(rng);
    }
@@ -1765,7 +1769,7 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx)
 #endif /* NO_PSK */
    /* RNG */
-    ssl->rng = (RNG*)XMALLOC(sizeof(RNG), ssl->heap, DYNAMIC_TYPE_RNG);
+    ssl->rng = (WC_RNG*)XMALLOC(sizeof(WC_RNG), ssl->heap, DYNAMIC_TYPE_RNG);
    if (ssl->rng == NULL) {
        WOLFSSL_MSG("RNG Memory error");
        return MEMORY_E;
@@ -2367,7 +2371,7 @@ DtlsMsg* DtlsMsgInsert(DtlsMsg* head, DtlsMsg* item)
 #endif /* WOLFSSL_DTLS */
-#ifndef NO_OLD_TLS
+#if defined(WOLFSSL_ALLOW_SSLV3) && !defined(NO_OLD_TLS)
 ProtocolVersion MakeSSLv3(void)
 {
@@ -2378,7 +2382,7 @@ ProtocolVersion MakeSSLv3(void)
    return pv;
 }
-#endif /* NO_OLD_TLS */
+#endif /* WOLFSSL_ALLOW_SSLV3 && !NO_OLD_TLS */
 #ifdef WOLFSSL_DTLS
@@ -4780,9 +4784,17 @@ static int SanityCheckMsgReceived(WOLFSSL* ssl, byte type)
                }
            }
            if (ssl->msgsReceived.got_server_key_exchange == 0) {
                int pskNoServerHint = 0;  /* not required in this case */
                #ifndef NO_PSK
                    if (ssl->specs.kea == psk_kea &&
                                               ssl->arrays->server_hint[0] == 0)
                        pskNoServerHint = 1;
                #endif
                if (ssl->specs.static_ecdh == 1 ||
                    ssl->specs.kea == rsa_kea ||
-                    ssl->specs.kea == ntru_kea) {
+                    ssl->specs.kea == ntru_kea ||
                    pskNoServerHint) {
                    WOLFSSL_MSG("No KeyExchange required");
                } else {
                    WOLFSSL_MSG("No ServerKeyExchange before ServerDone");
@@ -6674,6 +6686,22 @@ int ProcessReply(WOLFSSL* ssl)
                        }
                    #endif
                    /* Check for duplicate CCS message in DTLS mode.
                     * DTLS allows for duplicate messages, and it should be
                     * skipped. */
                    if (ssl->options.dtls &&
                        ssl->msgsReceived.got_change_cipher) {
                        WOLFSSL_MSG("Duplicate ChangeCipher msg");
                        if (ssl->curSize != 1) {
                            WOLFSSL_MSG("Malicious or corrupted"
                                        " duplicate ChangeCipher msg");
                            return LENGTH_ERROR;
                        }
                        ssl->buffers.inputBuffer.idx++;
                        break;
                    }
                    ret = SanityCheckMsgReceived(ssl, change_cipher_hs);
                    if (ret != 0)
                        return ret;
@@ -14041,15 +14069,18 @@ int DoSessionTicket(WOLFSSL* ssl,
        #endif
            if (TLSX_SupportExtensions(ssl)) {
                int ret = 0;
                /* auto populate extensions supported unless user defined */
                if ((ret = TLSX_PopulateExtensions(ssl, 1)) != 0)
                    return ret;
 #else
            if (IsAtLeastTLSv1_2(ssl)) {
 #endif
                /* Process the hello extension. Skip unsupported. */
                word16 totalExtSz;
 #ifdef HAVE_TLS_EXTENSIONS
                /* auto populate extensions supported unless user defined */
                if ((ret = TLSX_PopulateExtensions(ssl, 1)) != 0)
                    return ret;
 #endif
                if ((i - begin) + OPAQUE16_LEN > helloSz)
                    return BUFFER_ERROR;
--- a/src/io.c
+++ b/src/io.c
@@ -527,6 +527,8 @@ int EmbedGenerateCookie(WOLFSSL* ssl, byte *buf, int sz, void *ctx)
 #ifdef HAVE_OCSP
 #include <stdlib.h>   /* atoi() */
 static int Word16ToString(char* d, word16 number)
 {
--- a/src/keys.c
+++ b/src/keys.c
@@ -31,7 +31,11 @@
 #include <wolfssl/error-ssl.h>
 #if defined(SHOW_SECRETS) || defined(CHACHA_AEAD_TEST)
    #ifdef FREESCALE_MQX
-        #include <fio.h>
+        #if MQX_USE_IO_OLD
            #include <fio.h>
        #else
            #include <nio.h>
        #endif
    #else
        #include <stdio.h>
    #endif
--- a/src/sniffer.c
+++ b/src/sniffer.c
@@ -239,7 +239,8 @@ static const char* const msgTable[] =
    "Decrypt Keys Not Set Up",
    "Late Key Load Error",
    "Got Certificate Status msg",
-    "RSA Key Missing Error"
+    "RSA Key Missing Error",
    "Secure Renegotiation Not Supported"
 };
@@ -1117,7 +1118,7 @@ static int SetNamedPrivateKey(const char* name, const char* address, int port,
        sniffer->server = serverIp;
        sniffer->port = port;
-        sniffer->ctx = SSL_CTX_new(SSLv3_client_method());
+        sniffer->ctx = SSL_CTX_new(TLSv1_client_method());
        if (!sniffer->ctx) {
            SetError(MEMORY_STR, error, NULL, 0);
 #ifdef HAVE_SNI
@@ -1322,7 +1323,6 @@ static int ProcessClientKeyExchange(const byte* input, int* sslBytes,
            wc_FreeRsaKey(&key);
            return -1;
        }
        ret = 0;  /* not in error state */
        session->sslServer->arrays->preMasterSz = SECRET_LEN;
        /* store for client side as well */
@@ -1816,6 +1816,14 @@ static int DoHandShake(const byte* input, int* sslBytes,
        SetError(HANDSHAKE_INPUT_STR, error, session, FATAL_ERROR_STATE);
        return -1;
    }
    /* A session's arrays are released when the handshake is completed. */
    if (session->sslServer->arrays == NULL &&
        session->sslClient->arrays == NULL) {
        SetError(NO_SECURE_RENEGOTIATION, error, session, FATAL_ERROR_STATE);
        return -1;
    }
    switch (type) {
        case hello_verify_request:
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -36,6 +36,8 @@
 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || \
                              defined(WOLFSSL_KEY_GEN)
    #include <wolfssl/openssl/evp.h>
    /* openssl headers end, wolfssl internal headers next */
    #include <wolfssl/wolfcrypt/wc_encrypt.h>
 #endif
 #ifdef OPENSSL_EXTRA
@@ -1763,7 +1765,7 @@ int wolfSSL_set_group_messages(WOLFSSL* ssl)
 static int SetMinVersionHelper(byte* minVersion, int version)
 {
    switch (version) {
-#ifndef NO_OLD_TLS
+#if defined(WOLFSSL_ALLOW_SSLV3) && !defined(NO_OLD_TLS)
        case WOLFSSL_SSLV3:
            *minVersion = SSLv3_MINOR;
            break;
@@ -1834,7 +1836,7 @@ int wolfSSL_SetVersion(WOLFSSL* ssl, int version)
    }
    switch (version) {
-#ifndef NO_OLD_TLS
+#if defined(WOLFSSL_ALLOW_SSLV3) && !defined(NO_OLD_TLS)
        case WOLFSSL_SSLV3:
            ssl->version = MakeSSLv3();
            break;
@@ -3024,16 +3026,16 @@ static int ProcessChainBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
 static INLINE WOLFSSL_METHOD* cm_pick_method(void)
 {
    #ifndef NO_WOLFSSL_CLIENT
-        #ifdef NO_OLD_TLS
+        #if defined(WOLFSSL_ALLOW_SSLV3) && !defined(NO_OLD_TLS)
            return wolfTLSv1_2_client_method();
        #else
            return wolfSSLv3_client_method();
        #else
            return wolfTLSv1_2_client_method();
        #endif
    #elif !defined(NO_WOLFSSL_SERVER)
-        #ifdef NO_OLD_TLS
+        #if defined(WOLFSSL_ALLOW_SSLV3) && !defined(NO_OLD_TLS)
            return wolfTLSv1_2_server_method();
        #else
            return wolfSSLv3_server_method();
        #else
            return wolfTLSv1_2_server_method();
        #endif
    #else
        return NULL;
@@ -5333,7 +5335,7 @@ int wolfSSL_dtls_got_timeout(WOLFSSL* ssl)
 /* client only parts */
 #ifndef NO_WOLFSSL_CLIENT
-    #ifndef NO_OLD_TLS
+    #if defined(WOLFSSL_ALLOW_SSLV3) && !defined(NO_OLD_TLS)
    WOLFSSL_METHOD* wolfSSLv3_client_method(void)
    {
        WOLFSSL_METHOD* method =
@@ -5621,7 +5623,7 @@ int wolfSSL_dtls_got_timeout(WOLFSSL* ssl)
 /* server only parts */
 #ifndef NO_WOLFSSL_SERVER
-    #ifndef NO_OLD_TLS
+    #if defined(WOLFSSL_ALLOW_SSLV3) && !defined(NO_OLD_TLS)
    WOLFSSL_METHOD* wolfSSLv3_server_method(void)
    {
        WOLFSSL_METHOD* method =
@@ -10918,7 +10920,7 @@ int wolfSSL_cmp_peer_cert_to_file(WOLFSSL* ssl, const char *fname)
 #endif
-static RNG globalRNG;
+static WC_RNG globalRNG;
 static int initGlobalRNG = 0;
 /* SSL_SUCCESS on ok */
@@ -10945,19 +10947,19 @@ int wolfSSL_RAND_seed(const void* seed, int len)
 /* SSL_SUCCESS on ok */
 int wolfSSL_RAND_bytes(unsigned char* buf, int num)
 {
-    int    ret = 0;
+    int     ret = 0;
-    int    initTmpRng = 0;
+    int     initTmpRng = 0;
-    RNG*   rng = NULL;
+    WC_RNG* rng = NULL;
 #ifdef WOLFSSL_SMALL_STACK
-    RNG*   tmpRNG = NULL;
+    WC_RNG* tmpRNG = NULL;
 #else
-    RNG    tmpRNG[1];
+    WC_RNG  tmpRNG[1];
 #endif
    WOLFSSL_ENTER("wolfSSL_RAND_bytes");
 #ifdef WOLFSSL_SMALL_STACK
-    tmpRNG = (RNG*)XMALLOC(sizeof(RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
    if (tmpRNG == NULL)
        return ret;
 #endif
@@ -11283,12 +11285,12 @@ int wolfSSL_BN_rand(WOLFSSL_BIGNUM* bn, int bits, int top, int bottom)
    int           ret    = 0;
    int           len    = bits / 8;
    int           initTmpRng = 0;
-    RNG*          rng    = NULL;
+    WC_RNG*       rng    = NULL;
 #ifdef WOLFSSL_SMALL_STACK
-    RNG*          tmpRNG = NULL;
+    WC_RNG*       tmpRNG = NULL;
    byte*         buff   = NULL;
 #else
-    RNG           tmpRNG[1];
+    WC_RNG        tmpRNG[1];
    byte          buff[1024];
 #endif
@@ -11301,7 +11303,7 @@ int wolfSSL_BN_rand(WOLFSSL_BIGNUM* bn, int bits, int top, int bottom)
 #ifdef WOLFSSL_SMALL_STACK
    buff   = (byte*)XMALLOC(1024,        NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    tmpRNG = (RNG*) XMALLOC(sizeof(RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    tmpRNG = (WC_RNG*) XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
    if (buff == NULL || tmpRNG == NULL) {
        XFREE(buff,   NULL, DYNAMIC_TYPE_TMP_BUFFER);
        XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -11924,23 +11926,23 @@ int wolfSSL_DH_generate_key(WOLFSSL_DH* dh)
    word32         pubSz  = 768;
    word32         privSz = 768;
    int            initTmpRng = 0;
-    RNG*           rng    = NULL;
+    WC_RNG*        rng    = NULL;
 #ifdef WOLFSSL_SMALL_STACK
    unsigned char* pub    = NULL;
    unsigned char* priv   = NULL;
-    RNG*           tmpRNG = NULL;
+    WC_RNG*        tmpRNG = NULL;
 #else
    unsigned char  pub [768];
    unsigned char  priv[768];
-    RNG            tmpRNG[1];
+    WC_RNG         tmpRNG[1];
 #endif
    WOLFSSL_MSG("wolfSSL_DH_generate_key");
 #ifdef WOLFSSL_SMALL_STACK
-    tmpRNG = (RNG*)XMALLOC(sizeof(RNG),      NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    pub    = (unsigned char*)XMALLOC(pubSz,  NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    pub    = (unsigned char*)XMALLOC(pubSz,   NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    priv   = (unsigned char*)XMALLOC(privSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    priv   = (unsigned char*)XMALLOC(privSz,  NULL, DYNAMIC_TYPE_TMP_BUFFER);
    if (tmpRNG == NULL || pub == NULL || priv == NULL) {
        XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -12515,11 +12517,12 @@ int wolfSSL_RSA_generate_key_ex(WOLFSSL_RSA* rsa, int bits, WOLFSSL_BIGNUM* bn,
    (void)cb;
    (void)bn;
    (void)bits;
    WOLFSSL_ENTER("wolfSSL_RSA_generate_key_ex");
-    if (rsa == NULL || rsa->internal == NULL ||
+    if (rsa == NULL || rsa->internal == NULL) {
-        bits < RSA_MIN_SIZE || bits > RSA_MAX_SIZE) {
+        /* bit size checked during make key call */
        WOLFSSL_MSG("bad arguments");
        return SSL_FAILURE;
    }
@@ -12527,13 +12530,13 @@ int wolfSSL_RSA_generate_key_ex(WOLFSSL_RSA* rsa, int bits, WOLFSSL_BIGNUM* bn,
 #ifdef WOLFSSL_KEY_GEN
    {
    #ifdef WOLFSSL_SMALL_STACK
-        RNG* rng = NULL;
+        WC_RNG* rng = NULL;
    #else
-        RNG  rng[1];
+        WC_RNG  rng[1];
    #endif
    #ifdef WOLFSSL_SMALL_STACK
-        rng = (RNG*)XMALLOC(sizeof(RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        rng = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
        if (rng == NULL)
            return SSL_FAILURE;
    #endif
@@ -12648,15 +12651,15 @@ int wolfSSL_DSA_generate_key(WOLFSSL_DSA* dsa)
 #ifdef WOLFSSL_KEY_GEN
    {
        int initTmpRng = 0;
-        RNG *rng = NULL;
+        WC_RNG *rng = NULL;
 #ifdef WOLFSSL_SMALL_STACK
-        RNG *tmpRNG = NULL;
+        WC_RNG *tmpRNG = NULL;
 #else
-        RNG tmpRNG[1];
+        WC_RNG tmpRNG[1];
 #endif
 #ifdef WOLFSSL_SMALL_STACK
-        tmpRNG = (RNG*)XMALLOC(sizeof(RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
        if (tmpRNG == NULL)
            return SSL_FATAL_ERROR;
 #endif
@@ -12721,15 +12724,15 @@ int wolfSSL_DSA_generate_parameters_ex(WOLFSSL_DSA* dsa, int bits,
 #ifdef WOLFSSL_KEY_GEN
    {
        int initTmpRng = 0;
-        RNG *rng = NULL;
+        WC_RNG *rng = NULL;
 #ifdef WOLFSSL_SMALL_STACK
-        RNG *tmpRNG = NULL;
+        WC_RNG *tmpRNG = NULL;
 #else
-        RNG tmpRNG[1];
+        WC_RNG tmpRNG[1];
 #endif
 #ifdef WOLFSSL_SMALL_STACK
-        tmpRNG = (RNG*)XMALLOC(sizeof(RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
        if (tmpRNG == NULL)
            return SSL_FATAL_ERROR;
 #endif
@@ -12773,13 +12776,13 @@ int wolfSSL_DSA_generate_parameters_ex(WOLFSSL_DSA* dsa, int bits,
 int wolfSSL_DSA_do_sign(const unsigned char* d, unsigned char* sigRet,
                       WOLFSSL_DSA* dsa)
 {
-    int    ret = SSL_FATAL_ERROR;
+    int     ret = SSL_FATAL_ERROR;
-    int    initTmpRng = 0;
+    int     initTmpRng = 0;
-    RNG*   rng = NULL;
+    WC_RNG* rng = NULL;
 #ifdef WOLFSSL_SMALL_STACK
-    RNG*   tmpRNG = NULL;
+    WC_RNG* tmpRNG = NULL;
 #else
-    RNG    tmpRNG[1];
+    WC_RNG  tmpRNG[1];
 #endif
    WOLFSSL_ENTER("wolfSSL_DSA_do_sign");
@@ -12800,7 +12803,7 @@ int wolfSSL_DSA_do_sign(const unsigned char* d, unsigned char* sigRet,
    }
 #ifdef WOLFSSL_SMALL_STACK
-    tmpRNG = (RNG*)XMALLOC(sizeof(RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
    if (tmpRNG == NULL)
        return SSL_FATAL_ERROR;
 #endif
@@ -12872,17 +12875,17 @@ int wolfSSL_RSA_sign(int type, const unsigned char* m,
                           unsigned int mLen, unsigned char* sigRet,
                           unsigned int* sigLen, WOLFSSL_RSA* rsa)
 {
-    word32 outLen;
+    word32  outLen;
-    word32 signSz;
+    word32  signSz;
-    int    initTmpRng = 0;
+    int     initTmpRng = 0;
-    RNG*   rng        = NULL;
+    WC_RNG* rng        = NULL;
-    int    ret        = 0;
+    int     ret        = 0;
 #ifdef WOLFSSL_SMALL_STACK
-    RNG*   tmpRNG     = NULL;
+    WC_RNG* tmpRNG     = NULL;
-    byte*  encodedSig = NULL;
+    byte*   encodedSig = NULL;
 #else
-    RNG    tmpRNG[1];
+    WC_RNG  tmpRNG[1];
-    byte   encodedSig[MAX_ENCODED_SIG_SZ];
+    byte    encodedSig[MAX_ENCODED_SIG_SZ];
 #endif
    WOLFSSL_MSG("wolfSSL_RSA_sign");
@@ -12910,7 +12913,7 @@ int wolfSSL_RSA_sign(int type, const unsigned char* m,
    outLen = (word32)wolfSSL_BN_num_bytes(rsa->n);
 #ifdef WOLFSSL_SMALL_STACK
-    tmpRNG = (RNG*)XMALLOC(sizeof(RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
    if (tmpRNG == NULL)
        return 0;
@@ -14021,12 +14024,12 @@ int wolfSSL_EC_KEY_set_group(WOLFSSL_EC_KEY *key, WOLFSSL_EC_GROUP *group)
 int wolfSSL_EC_KEY_generate_key(WOLFSSL_EC_KEY *key)
 {
-    int    initTmpRng = 0;
+    int     initTmpRng = 0;
-    RNG*   rng = NULL;
+    WC_RNG* rng = NULL;
 #ifdef WOLFSSL_SMALL_STACK
-    RNG*   tmpRNG = NULL;
+    WC_RNG* tmpRNG = NULL;
 #else
-    RNG    tmpRNG[1];
+    WC_RNG  tmpRNG[1];
 #endif
    WOLFSSL_ENTER("wolfSSL_EC_KEY_generate_key");
@@ -14038,7 +14041,7 @@ int wolfSSL_EC_KEY_generate_key(WOLFSSL_EC_KEY *key)
    }
 #ifdef WOLFSSL_SMALL_STACK
-    tmpRNG = (RNG*)XMALLOC(sizeof(RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
    if (tmpRNG == NULL)
        return 0;
 #endif
@@ -14656,12 +14659,12 @@ WOLFSSL_ECDSA_SIG *wolfSSL_ECDSA_do_sign(const unsigned char *d, int dlen,
                                         WOLFSSL_EC_KEY *key)
 {
    WOLFSSL_ECDSA_SIG *sig = NULL;
-    int    initTmpRng = 0;
+    int     initTmpRng = 0;
-    RNG*   rng = NULL;
+    WC_RNG* rng = NULL;
 #ifdef WOLFSSL_SMALL_STACK
-    RNG*   tmpRNG = NULL;
+    WC_RNG* tmpRNG = NULL;
 #else
-    RNG    tmpRNG[1];
+    WC_RNG  tmpRNG[1];
 #endif
    WOLFSSL_ENTER("wolfSSL_ECDSA_do_sign");
@@ -14683,7 +14686,7 @@ WOLFSSL_ECDSA_SIG *wolfSSL_ECDSA_do_sign(const unsigned char *d, int dlen,
    }
 #ifdef WOLFSSL_SMALL_STACK
-    tmpRNG = (RNG*)XMALLOC(sizeof(RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
    if (tmpRNG == NULL)
        return NULL;
 #endif
@@ -15484,7 +15487,7 @@ int  wolfSSL_get_chain_cert_pem(WOLFSSL_X509_CHAIN* chain, int idx,
    word32 szNeeded = 0;
    WOLFSSL_ENTER("wolfSSL_get_chain_cert_pem");
-    if (!chain || !outLen)
+    if (!chain || !outLen || idx < 0 || idx >= wolfSSL_get_chain_count(chain))
        return BAD_FUNC_ARG;
    /* Null output buffer return size needed in outLen */
@@ -16344,11 +16347,11 @@ int wolfSSL_EC25519_generate_key(unsigned char *priv, unsigned int *privSz,
 #else /* WOLFSSL_KEY_GEN */
    int ret = SSL_FAILURE;
    int initTmpRng = 0;
-    RNG *rng = NULL;
+    WC_RNG *rng = NULL;
 #ifdef WOLFSSL_SMALL_STACK
-    RNG *tmpRNG = NULL;
+    WC_RNG *tmpRNG = NULL;
 #else
-    RNG tmpRNG[1];
+    WC_RNG tmpRNG[1];
 #endif
    WOLFSSL_ENTER("wolfSSL_EC25519_generate_key");
@@ -16360,7 +16363,7 @@ int wolfSSL_EC25519_generate_key(unsigned char *priv, unsigned int *privSz,
    }
 #ifdef WOLFSSL_SMALL_STACK
-    tmpRNG = (RNG*)XMALLOC(sizeof(RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
    if (tmpRNG == NULL)
        return SSL_FAILURE;
 #endif
@@ -16482,11 +16485,11 @@ int wolfSSL_ED25519_generate_key(unsigned char *priv, unsigned int *privSz,
 #else /* WOLFSSL_KEY_GEN */
    int ret = SSL_FAILURE;
    int initTmpRng = 0;
-    RNG *rng = NULL;
+    WC_RNG *rng = NULL;
 #ifdef WOLFSSL_SMALL_STACK
-    RNG *tmpRNG = NULL;
+    WC_RNG *tmpRNG = NULL;
 #else
-    RNG tmpRNG[1];
+    WC_RNG tmpRNG[1];
 #endif
    WOLFSSL_ENTER("wolfSSL_ED25519_generate_key");
@@ -16498,7 +16501,7 @@ int wolfSSL_ED25519_generate_key(unsigned char *priv, unsigned int *privSz,
    }
 #ifdef WOLFSSL_SMALL_STACK
-    tmpRNG = (RNG*)XMALLOC(sizeof(RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
    if (tmpRNG == NULL)
        return SSL_FATAL_ERROR;
 #endif
--- a/src/tls.c
+++ b/src/tls.c
@@ -310,7 +310,7 @@ static int PRF(byte* digest, word32 digLen, const byte* secret, word32 secLen,
        /* If a cipher suite wants an algorithm better than sha256, it
         * should use better. */
-        if (hash_type < sha256_mac)
+        if (hash_type < sha256_mac || hash_type == blake2b_mac)
            hash_type = sha256_mac;
        ret = p_hash(digest, digLen, secret, secLen, labelSeed,
                     labLen + seedLen, hash_type);
@@ -350,7 +350,7 @@ int BuildTlsFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
    if (IsAtLeastTLSv1_2(ssl)) {
 #ifndef NO_SHA256
-        if (ssl->specs.mac_algorithm <= sha256_mac) {
+        if (ssl->specs.mac_algorithm <= sha256_mac || ssl->specs.mac_algorithm == blake2b_mac) {
            int ret = wc_Sha256GetHash(&ssl->hsHashes->hashSha256,handshake_hash);
            if (ret != 0)
@@ -2058,7 +2058,7 @@ int TLSX_UseSessionTicket(TLSX** extensions, SessionTicket* ticket)
 #ifdef HAVE_QSH
-static RNG* rng;
+static WC_RNG* rng;
 static wolfSSL_Mutex* rngMutex;
 static void TLSX_QSH_FreeAll(QSHScheme* list)
@@ -2841,7 +2841,7 @@ static word32 GetEntropy(unsigned char* out, word32 num_bytes)
    int ret = 0;
    if (rng == NULL) {
-        if ((rng = XMALLOC(sizeof(RNG), 0, DYNAMIC_TYPE_TLSX)) == NULL)
+        if ((rng = XMALLOC(sizeof(WC_RNG), 0, DYNAMIC_TYPE_TLSX)) == NULL)
            return DRBG_OUT_OF_MEMORY;
        wc_InitRng(rng);
    }
--- a/support/wolfssl.pc
+++ b/support/wolfssl.pc
@@ -5,6 +5,6 @@ includedir=${prefix}/include
 Name: wolfssl
 Description: wolfssl C library.
-Version: 3.6.2
+Version: 3.6.3
 Libs: -L${libdir} -lwolfssl
 Cflags: -I${includedir}
--- a/swig/wolfssl.i
+++ b/swig/wolfssl.i
@@ -27,7 +27,7 @@
    /* defn adds */
    char* wolfSSL_error_string(int err);
    int   wolfSSL_swig_connect(WOLFSSL*, const char* server, int port);
-    RNG*  GetRng(void);
+    WC_RNG* GetRng(void);
    RsaKey* GetRsaPrivateKey(const char* file);
    void    FillSignStr(unsigned char*, const char*, int);
 %}
@@ -44,11 +44,11 @@ int             wolfSSL_Init(void);
 char*           wolfSSL_error_string(int);
 int             wolfSSL_swig_connect(WOLFSSL*, const char* server, int port);
-int         wc_RsaSSL_Sign(const unsigned char* in, int inLen, unsigned char* out, int outLen, RsaKey* key, RNG* rng);
+int         wc_RsaSSL_Sign(const unsigned char* in, int inLen, unsigned char* out, int outLen, RsaKey* key, WC_RNG* rng);
 int         wc_RsaSSL_Verify(const unsigned char* in, int inLen, unsigned char* out, int outLen, RsaKey* key);
-RNG* GetRng(void);
+WC_RNG* GetRng(void);
 RsaKey* GetRsaPrivateKey(const char* file);
 void    FillSignStr(unsigned char*, const char*, int);
--- a/swig/wolfssl_adds.c
+++ b/swig/wolfssl_adds.c
@@ -182,9 +182,9 @@ char* wolfSSL_error_string(int err)
 }
-RNG* GetRng(void)
+WC_RNG* GetRng(void)
 {
-    RNG* rng = (RNG*)malloc(sizeof(RNG));
+    WC_RNG* rng = (WC_RNG*)malloc(sizeof(WC_RNG));
    if (rng)
        if (wc_InitRng(rng) != 0) {
--- a/tests/CONF_FILES_README.md
+++ b/tests/CONF_FILES_README.md
@@ -0,0 +1,4 @@
 suites.c is a dynamicically written program where new test cases can be written
 and added to as needed. When creating a new configure file for a test be sure
 to use the exact formatting as the existing configure files. Reference test.conf
 for an example.
--- a/tests/README
+++ b/tests/README
@@ -0,0 +1 @@
 Before creating any new configure files (.conf) read the CONF_FILES_README.md
--- a/tests/api.c
+++ b/tests/api.c
@@ -101,8 +101,10 @@ static void test_wolfSSL_Method_Allocators(void)
            TEST_METHOD_ALLOCATOR(a, AssertNull)
 #ifndef NO_OLD_TLS
-    TEST_VALID_METHOD_ALLOCATOR(wolfSSLv3_server_method);
+    #ifdef WOLFSSL_ALLOW_SSLV3
-    TEST_VALID_METHOD_ALLOCATOR(wolfSSLv3_client_method);
+        TEST_VALID_METHOD_ALLOCATOR(wolfSSLv3_server_method);
        TEST_VALID_METHOD_ALLOCATOR(wolfSSLv3_client_method);
    #endif
    TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_server_method);
    TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_client_method);
    TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_1_server_method);
--- a/tests/include.am
+++ b/tests/include.am
@@ -11,6 +11,7 @@ tests_unit_test_SOURCES = \
                  tests/api.c \
                  tests/suites.c \
                  tests/hash.c \
                  tests/srp.c \
                  examples/client/client.c \
                  examples/server/server.c
 tests_unit_test_CFLAGS       = -DNO_MAIN_DRIVER $(AM_CFLAGS)
@@ -19,5 +20,7 @@ tests_unit_test_DEPENDENCIES = src/libwolfssl.la
 endif
 EXTRA_DIST += tests/unit.h
 EXTRA_DIST += tests/test.conf \
              tests/test-qsh.conf \
              tests/test-psk-no-id.conf \
              tests/test-dtls.conf
 DISTCLEANFILES+= tests/.libs/unit.test
--- a/tests/srp.c
+++ b/tests/srp.c
@@ -0,0 +1,696 @@
 /* srp.c SRP unit tests
 *
 * Copyright (C) 2006-2015 wolfSSL Inc.
 *
 * This file is part of wolfSSL. (formerly known as CyaSSL)
 *
 * wolfSSL is free software; you can redistribute it and/or modify
 * it under the terms of the GNU Geteral Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * wolfSSL is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Geteral Public License for more details.
 *
 * You should have received a copy of the GNU Geteral Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
 */
 #ifdef HAVE_CONFIG_H
    #include <config.h>
 #endif
 #include <wolfssl/wolfcrypt/settings.h>
 #include <tests/unit.h>
 #include <wolfssl/wolfcrypt/sha512.h>
 #include <wolfssl/wolfcrypt/srp.h>
 #ifdef WOLFCRYPT_HAVE_SRP
 static byte username[] = "user";
 static word32 usernameSz = 4;
 static byte password[] = "password";
 static word32 passwordSz = 8;
 static byte N[] = {
    0xD4, 0xC7, 0xF8, 0xA2, 0xB3, 0x2C, 0x11, 0xB8, 0xFB, 0xA9, 0x58, 0x1E,
    0xC4, 0xBA, 0x4F, 0x1B, 0x04, 0x21, 0x56, 0x42, 0xEF, 0x73, 0x55, 0xE3,
    0x7C, 0x0F, 0xC0, 0x44, 0x3E, 0xF7, 0x56, 0xEA, 0x2C, 0x6B, 0x8E, 0xEB,
    0x75, 0x5A, 0x1C, 0x72, 0x30, 0x27, 0x66, 0x3C, 0xAA, 0x26, 0x5E, 0xF7,
    0x85, 0xB8, 0xFF, 0x6A, 0x9B, 0x35, 0x22, 0x7A, 0x52, 0xD8, 0x66, 0x33,
    0xDB, 0xDF, 0xCA, 0x43
 };
 static byte g[] = {
    0x02
 };
 static byte salt[] = {
    0x80, 0x66, 0x61, 0x5B, 0x7D, 0x33, 0xA2, 0x2E, 0x79, 0x18
 };
 static byte verifier[] = {
    0x24, 0x5F, 0xA5, 0x1B, 0x2A, 0x28, 0xF8, 0xFF, 0xE2, 0xA0, 0xF8, 0x61,
    0x7B, 0x0F, 0x3C, 0x05, 0xD6, 0x4A, 0x55, 0xDF, 0x74, 0x31, 0x54, 0x47,
    0xA1, 0xFA, 0x9D, 0x25, 0x7B, 0x02, 0x88, 0x0A, 0xE8, 0x5A, 0xBA, 0x8B,
    0xA2, 0xD3, 0x8A, 0x62, 0x46, 0x8C, 0xEC, 0x52, 0xBE, 0xDE, 0xFC, 0x75,
    0xF5, 0xDB, 0x9C, 0x8C, 0x9B, 0x34, 0x7A, 0xE7, 0x4A, 0x5F, 0xBB, 0x96,
    0x38, 0x19, 0xAB, 0x24
 };
 static byte a[] = {
    0x37, 0x95, 0xF2, 0xA6, 0xF1, 0x6F, 0x0D, 0x58, 0xBF, 0xED, 0x44, 0x87,
    0xE0, 0xB6, 0xCC, 0x1C, 0xA0, 0x50, 0xC6, 0x61, 0xBB, 0x36, 0xE0, 0x9A,
    0xF3, 0xF7, 0x1E, 0x7A, 0x61, 0x86, 0x5A, 0xF5
 };
 static byte A[] = {
    0x8D, 0x28, 0xC5, 0x6A, 0x46, 0x5C, 0x82, 0xDB, 0xC7, 0xF6, 0x8B, 0x62,
    0x1A, 0xAD, 0xA1, 0x76, 0x1B, 0x55, 0xFF, 0xAB, 0x10, 0x2F, 0xFF, 0x4A,
    0xAA, 0x46, 0xAD, 0x33, 0x64, 0xDE, 0x28, 0x2E, 0x82, 0x7A, 0xBE, 0xEA,
    0x32, 0xFC, 0xD6, 0x14, 0x01, 0x71, 0xE6, 0xC8, 0xC9, 0x53, 0x69, 0x55,
    0xE1, 0xF8, 0x3D, 0xDD, 0xC7, 0xD5, 0x21, 0xCE, 0xFF, 0x17, 0xFC, 0x23,
    0xBF, 0xCF, 0x2D, 0xB0
 };
 static byte b[] = {
    0x2B, 0xDD, 0x30, 0x30, 0x53, 0xAF, 0xD8, 0x3A, 0xE7, 0xE0, 0x17, 0x82,
    0x39, 0x44, 0x2C, 0xDB, 0x30, 0x88, 0x0F, 0xC8, 0x88, 0xC2, 0xB2, 0xC1,
    0x78, 0x43, 0x2F, 0xD5, 0x60, 0xD4, 0xDA, 0x43
 };
 static byte B[] = {
    0xB5, 0x80, 0x36, 0x7F, 0x50, 0x89, 0xC1, 0x04, 0x42, 0x98, 0xD7, 0x6A,
    0x37, 0x8E, 0xF1, 0x81, 0x52, 0xC5, 0x7A, 0xA1, 0xD5, 0xB7, 0x66, 0x84,
    0xA1, 0x3E, 0x32, 0x82, 0x2B, 0x3A, 0xB5, 0xD7, 0x3D, 0x50, 0xF1, 0x58,
    0xBD, 0x89, 0x75, 0xC7, 0x51, 0xCF, 0x6C, 0x03, 0xD4, 0xCA, 0xD5, 0x6E,
    0x97, 0x4D, 0xA3, 0x1E, 0x19, 0x0B, 0xF0, 0xAA, 0x7D, 0x14, 0x90, 0x80,
    0x0E, 0xC7, 0x92, 0xAD
 };
 static byte key[] = {
    0x66, 0x00, 0x9D, 0x58, 0xB3, 0xD2, 0x0D, 0x4B, 0x69, 0x7F, 0xCF, 0x48,
    0xFF, 0x8F, 0x15, 0x81, 0x4C, 0x4B, 0xFE, 0x9D, 0x85, 0x77, 0x88, 0x60,
    0x1D, 0x1E, 0x51, 0xCF, 0x75, 0xCC, 0x58, 0x00, 0xE7, 0x8D, 0x22, 0x87,
    0x13, 0x6C, 0x88, 0x55
 };
 static byte client_proof[] = {
    0x0D, 0x49, 0xE1, 0x9C, 0x3A, 0x88, 0x43, 0x15, 0x45, 0xA8, 0xAC, 0xAB,
    0xEA, 0x15, 0x1A, 0xEE, 0xF9, 0x38, 0x4D, 0x21
 };
 static byte server_proof[] = {
    0xBD, 0xB1, 0x20, 0x70, 0x46, 0xC9, 0xD6, 0xCC, 0xE2, 0x1D, 0x75, 0xA2,
    0xD0, 0xAF, 0xC5, 0xBC, 0xAE, 0x12, 0xFC, 0x75
 };
 static void test_SrpInit(void)
 {
    Srp srp;
    /* invalid params */
    AssertIntEQ(BAD_FUNC_ARG, wc_SrpInit(NULL, SRP_TYPE_SHA, SRP_CLIENT_SIDE));
    AssertIntEQ(BAD_FUNC_ARG, wc_SrpInit(&srp, 255,          SRP_CLIENT_SIDE));
    AssertIntEQ(BAD_FUNC_ARG, wc_SrpInit(&srp, SRP_TYPE_SHA, 255            ));
    /* success */
    AssertIntEQ(0, wc_SrpInit(&srp, SRP_TYPE_SHA, SRP_CLIENT_SIDE));
    wc_SrpTerm(&srp);
 }
 static void test_SrpSetUsername(void)
 {
    Srp srp;
    AssertIntEQ(0, wc_SrpInit(&srp, SRP_TYPE_SHA, SRP_CLIENT_SIDE));
    /* invalid params */
    AssertIntEQ(BAD_FUNC_ARG, wc_SrpSetUsername(NULL, username, usernameSz));
    AssertIntEQ(BAD_FUNC_ARG, wc_SrpSetUsername(&srp, NULL, usernameSz));
    /* success */
    AssertIntEQ(0, wc_SrpSetUsername(&srp, username, usernameSz));
    AssertIntEQ((int) usernameSz, srp.userSz);
    AssertIntEQ(0, XMEMCMP(srp.user, username, usernameSz));
    wc_SrpTerm(&srp);
 }
 static void test_SrpSetParams(void)
 {
    Srp srp;
    AssertIntEQ(0, wc_SrpInit(&srp, SRP_TYPE_SHA, SRP_CLIENT_SIDE));
    /* invalid call order */
    AssertIntEQ(SRP_CALL_ORDER_E, wc_SrpSetParams(&srp, N,    sizeof(N),
                                                        g,    sizeof(g),
                                                        salt, sizeof(salt)));
    /* fix call order */
    AssertIntEQ(0, wc_SrpSetUsername(&srp, username, usernameSz));
    /* invalid params */
    AssertIntEQ(BAD_FUNC_ARG, wc_SrpSetParams(NULL, N,    sizeof(N),
                                                    g,    sizeof(g),
                                                    salt, sizeof(salt)));
    AssertIntEQ(BAD_FUNC_ARG, wc_SrpSetParams(&srp, NULL, sizeof(N),
                                                    g,    sizeof(g),
                                                    salt, sizeof(salt)));
    AssertIntEQ(BAD_FUNC_ARG, wc_SrpSetParams(&srp, N,    sizeof(N),
                                                    NULL, sizeof(g),
                                                    salt, sizeof(salt)));
    AssertIntEQ(BAD_FUNC_ARG, wc_SrpSetParams(&srp, N,    sizeof(N),
                                                    g,    sizeof(g),
                                                    NULL, sizeof(salt)));
    /* success */
    AssertIntEQ(0, wc_SrpSetParams(&srp, N,    sizeof(N),
                                         g,    sizeof(g),
                                         salt, sizeof(salt)));
    AssertIntEQ(sizeof(salt), srp.saltSz);
    AssertIntEQ(0, XMEMCMP(srp.salt, salt, srp.saltSz));
    wc_SrpTerm(&srp);
 }
 static void test_SrpSetPassword(void)
 {
    Srp srp;
    byte v[64];
    word32 vSz = 0;
    AssertIntEQ(0, wc_SrpInit(&srp, SRP_TYPE_SHA, SRP_CLIENT_SIDE));
    AssertIntEQ(0, wc_SrpSetUsername(&srp, username, usernameSz));
    /* invalid call order */
    AssertIntEQ(SRP_CALL_ORDER_E,
                wc_SrpSetPassword(&srp, password, passwordSz));
    AssertIntEQ(SRP_CALL_ORDER_E,
                wc_SrpGetVerifier(&srp, v, &vSz));
    /* fix call order */
    AssertIntEQ(0, wc_SrpSetParams(&srp, N,    sizeof(N),
                                         g,    sizeof(g),
                                         salt, sizeof(salt)));
    /* invalid params */
    AssertIntEQ(BAD_FUNC_ARG, wc_SrpSetPassword(NULL, password, passwordSz));
    AssertIntEQ(BAD_FUNC_ARG, wc_SrpSetPassword(&srp, NULL,     passwordSz));
    /* success */
    AssertIntEQ(0, wc_SrpSetPassword(&srp, password, passwordSz));
    /* invalid params */
    AssertIntEQ(BAD_FUNC_ARG, wc_SrpGetVerifier(NULL, v,    &vSz));
    AssertIntEQ(BAD_FUNC_ARG, wc_SrpGetVerifier(&srp, NULL, &vSz));
    AssertIntEQ(BUFFER_E,     wc_SrpGetVerifier(&srp, v,    &vSz));
    /* success */
    vSz = sizeof(v);
    AssertIntEQ(0, wc_SrpGetVerifier(&srp, v, &vSz));
    AssertIntEQ(vSz, sizeof(verifier));
    AssertIntEQ(0, XMEMCMP(verifier, v, vSz));
    /* invalid params - client side srp */
    AssertIntEQ(BAD_FUNC_ARG, wc_SrpSetVerifier(&srp, v, vSz));
    wc_SrpTerm(&srp);
    AssertIntEQ(0, wc_SrpInit(&srp, SRP_TYPE_SHA, SRP_SERVER_SIDE));
    /* invalid params */
    AssertIntEQ(BAD_FUNC_ARG, wc_SrpSetVerifier(NULL, v,    vSz));
    AssertIntEQ(BAD_FUNC_ARG, wc_SrpSetVerifier(&srp, NULL, vSz));
    /* success */
    AssertIntEQ(0, wc_SrpSetVerifier(&srp, v, vSz));
    wc_SrpTerm(&srp);
 }
 static void test_SrpGetPublic(void)
 {
    Srp srp;
    byte public[64];
    word32 publicSz = 0;
    AssertIntEQ(0, wc_SrpInit(&srp, SRP_TYPE_SHA, SRP_CLIENT_SIDE));
    AssertIntEQ(0, wc_SrpSetUsername(&srp, username, usernameSz));
    AssertIntEQ(0, wc_SrpSetParams(&srp, N,    sizeof(N),
                                         g,    sizeof(g),
                                         salt, sizeof(salt)));
    /* invalid call order */
    AssertIntEQ(SRP_CALL_ORDER_E, wc_SrpGetPublic(&srp, public, &publicSz));
    /* fix call order */
    AssertIntEQ(0, wc_SrpSetPassword(&srp, password, passwordSz));
    /* invalid params */
    AssertIntEQ(BAD_FUNC_ARG, wc_SrpGetPublic(NULL, public, &publicSz));
    AssertIntEQ(BAD_FUNC_ARG, wc_SrpGetPublic(&srp, NULL,   &publicSz));
    AssertIntEQ(BAD_FUNC_ARG, wc_SrpGetPublic(&srp, public, NULL));
    AssertIntEQ(BUFFER_E,     wc_SrpGetPublic(&srp, public, &publicSz));
    /* success */
    publicSz = sizeof(public);
    AssertIntEQ(0, wc_SrpSetPrivate(&srp, a, sizeof(a)));
    AssertIntEQ(0, wc_SrpGetPublic(&srp, public, &publicSz));
    AssertIntEQ(publicSz, sizeof(A));
    AssertIntEQ(0, XMEMCMP(public, A, publicSz));
    wc_SrpTerm(&srp);
    AssertIntEQ(0, wc_SrpInit(&srp, SRP_TYPE_SHA, SRP_SERVER_SIDE));
    AssertIntEQ(0, wc_SrpSetUsername(&srp, username, usernameSz));
    AssertIntEQ(0, wc_SrpSetParams(&srp, N,    sizeof(N),
                                         g,    sizeof(g),
                                         salt, sizeof(salt)));
    /* invalid call order */
    AssertIntEQ(SRP_CALL_ORDER_E, wc_SrpGetPublic(&srp, public, &publicSz));
    /* fix call order */
    AssertIntEQ(0, wc_SrpSetVerifier(&srp, verifier, sizeof(verifier)));
    /* success */
    AssertIntEQ(0, wc_SrpSetPrivate(&srp, b, sizeof(b)));
    AssertIntEQ(0, wc_SrpGetPublic(&srp, public, &publicSz));
    AssertIntEQ(publicSz, sizeof(B));
    AssertIntEQ(0, XMEMCMP(public, B, publicSz));
    wc_SrpTerm(&srp);
 }
 static void test_SrpComputeKey(void)
 {
    Srp cli, srv;
    byte clientPubKey[64];
    byte serverPubKey[64];
    word32 clientPubKeySz = 64;
    word32 serverPubKeySz = 64;
    AssertIntEQ(0, wc_SrpInit(&cli, SRP_TYPE_SHA, SRP_CLIENT_SIDE));
    AssertIntEQ(0, wc_SrpInit(&srv, SRP_TYPE_SHA, SRP_SERVER_SIDE));
    /* invalid call order */
    AssertIntEQ(SRP_CALL_ORDER_E, wc_SrpComputeKey(&cli,
                                                   clientPubKey, clientPubKeySz,
                                                   serverPubKey, serverPubKeySz));
    /* fix call order */
    AssertIntEQ(0, wc_SrpSetUsername(&cli, username, usernameSz));
    AssertIntEQ(0, wc_SrpSetUsername(&srv, username, usernameSz));
    AssertIntEQ(0, wc_SrpSetParams(&cli, N,    sizeof(N),
                                         g,    sizeof(g),
                                         salt, sizeof(salt)));
    AssertIntEQ(0, wc_SrpSetParams(&srv, N,    sizeof(N),
                                         g,    sizeof(g),
                                         salt, sizeof(salt)));
    AssertIntEQ(0, wc_SrpSetPassword(&cli, password, passwordSz));
    AssertIntEQ(0, wc_SrpSetVerifier(&srv, verifier, sizeof(verifier)));
    AssertIntEQ(0, wc_SrpSetPrivate(&cli, a, sizeof(a)));
    AssertIntEQ(0, wc_SrpGetPublic(&cli, clientPubKey, &clientPubKeySz));
    AssertIntEQ(0, XMEMCMP(clientPubKey, A, clientPubKeySz));
    AssertIntEQ(0, wc_SrpSetPrivate(&srv, b, sizeof(b)));
    AssertIntEQ(0, wc_SrpGetPublic(&srv, serverPubKey, &serverPubKeySz));
    AssertIntEQ(0, XMEMCMP(serverPubKey, B, serverPubKeySz));
    /* invalid params */
    AssertIntEQ(BAD_FUNC_ARG, wc_SrpComputeKey(NULL,
                                               clientPubKey, clientPubKeySz,
                                               serverPubKey, serverPubKeySz));
    AssertIntEQ(BAD_FUNC_ARG, wc_SrpComputeKey(&cli,
                                               NULL,         clientPubKeySz,
                                               serverPubKey, serverPubKeySz));
    AssertIntEQ(BAD_FUNC_ARG, wc_SrpComputeKey(&cli,
                                               clientPubKey, 0,
                                               serverPubKey, serverPubKeySz));
    AssertIntEQ(BAD_FUNC_ARG, wc_SrpComputeKey(&cli,
                                               clientPubKey, clientPubKeySz,
                                               NULL,         serverPubKeySz));
    AssertIntEQ(BAD_FUNC_ARG, wc_SrpComputeKey(&cli,
                                               clientPubKey, clientPubKeySz,
                                               serverPubKey, 0));
    /* success */
    AssertIntEQ(0, wc_SrpComputeKey(&cli, clientPubKey, clientPubKeySz,
                                          serverPubKey, serverPubKeySz));
    AssertIntEQ(0, wc_SrpComputeKey(&srv, clientPubKey, clientPubKeySz,
                                          serverPubKey, serverPubKeySz));
    AssertIntEQ(0, XMEMCMP(cli.key, key, sizeof(key)));
    AssertIntEQ(0, XMEMCMP(srv.key, key, sizeof(key)));
    wc_SrpTerm(&cli);
    wc_SrpTerm(&srv);
 }
 static void test_SrpGetProofAndVerify(void)
 {
    Srp cli, srv;
    byte clientPubKey[64];
    byte serverPubKey[64];
    word32 clientPubKeySz = 64;
    word32 serverPubKeySz = 64;
    byte clientProof[SRP_MAX_DIGEST_SIZE];
    byte serverProof[SRP_MAX_DIGEST_SIZE];
    word32 clientProofSz = SRP_MAX_DIGEST_SIZE;
    word32 serverProofSz = SRP_MAX_DIGEST_SIZE;
    AssertIntEQ(0, wc_SrpInit(&cli, SRP_TYPE_SHA, SRP_CLIENT_SIDE));
    AssertIntEQ(0, wc_SrpInit(&srv, SRP_TYPE_SHA, SRP_SERVER_SIDE));
    AssertIntEQ(0, wc_SrpSetUsername(&cli, username, usernameSz));
    AssertIntEQ(0, wc_SrpSetUsername(&srv, username, usernameSz));
    AssertIntEQ(0, wc_SrpSetParams(&cli, N,    sizeof(N),
                                         g,    sizeof(g),
                                         salt, sizeof(salt)));
    AssertIntEQ(0, wc_SrpSetParams(&srv, N,    sizeof(N),
                                         g,    sizeof(g),
                                         salt, sizeof(salt)));
    AssertIntEQ(0, wc_SrpSetPassword(&cli, password, passwordSz));
    AssertIntEQ(0, wc_SrpSetVerifier(&srv, verifier, sizeof(verifier)));
    AssertIntEQ(0, wc_SrpSetPrivate(&cli, a, sizeof(a)));
    AssertIntEQ(0, wc_SrpGetPublic(&cli, clientPubKey, &clientPubKeySz));
    AssertIntEQ(0, XMEMCMP(clientPubKey, A, clientPubKeySz));
    AssertIntEQ(0, wc_SrpSetPrivate(&srv, b, sizeof(b)));
    AssertIntEQ(0, wc_SrpGetPublic(&srv, serverPubKey, &serverPubKeySz));
    AssertIntEQ(0, XMEMCMP(serverPubKey, B, serverPubKeySz));
    AssertIntEQ(0, wc_SrpComputeKey(&cli, clientPubKey, clientPubKeySz,
                                          serverPubKey, serverPubKeySz));
    AssertIntEQ(0, XMEMCMP(cli.key, key, sizeof(key)));
    AssertIntEQ(0, wc_SrpComputeKey(&srv, clientPubKey, clientPubKeySz,
                                          serverPubKey, serverPubKeySz));
    AssertIntEQ(0, XMEMCMP(srv.key, key, sizeof(key)));
    /* invalid params */
    serverProofSz = 0;
    AssertIntEQ(BAD_FUNC_ARG, wc_SrpGetProof(NULL, clientProof,&clientProofSz));
    AssertIntEQ(BAD_FUNC_ARG, wc_SrpGetProof(&cli, NULL,       &clientProofSz));
    AssertIntEQ(BAD_FUNC_ARG, wc_SrpGetProof(&cli, clientProof,NULL));
    AssertIntEQ(BUFFER_E,     wc_SrpGetProof(&srv, serverProof,&serverProofSz));
    AssertIntEQ(BAD_FUNC_ARG,
                wc_SrpVerifyPeersProof(NULL, clientProof, clientProofSz));
    AssertIntEQ(BAD_FUNC_ARG,
                wc_SrpVerifyPeersProof(&cli, NULL,        clientProofSz));
    AssertIntEQ(BUFFER_E,
                wc_SrpVerifyPeersProof(&srv, serverProof, serverProofSz));
    serverProofSz = SRP_MAX_DIGEST_SIZE;
    /* success */
    AssertIntEQ(0, wc_SrpGetProof(&cli, clientProof, &clientProofSz));
    AssertIntEQ(0, XMEMCMP(clientProof, client_proof, sizeof(client_proof)));
    AssertIntEQ(0, wc_SrpVerifyPeersProof(&srv, clientProof, clientProofSz));
    AssertIntEQ(0, wc_SrpGetProof(&srv, serverProof, &serverProofSz));
    AssertIntEQ(0, XMEMCMP(serverProof, server_proof, sizeof(server_proof)));
    AssertIntEQ(0, wc_SrpVerifyPeersProof(&cli, serverProof, serverProofSz));
    wc_SrpTerm(&cli);
    wc_SrpTerm(&srv);
 }
 static int sha512_key_gen(Srp* srp, byte* secret, word32 size)
 {
    Sha512 hash;
    int r;
    srp->key = (byte*)XMALLOC(SHA512_DIGEST_SIZE, NULL, DYNAMIC_TYPE_SRP);
    if (srp->key == NULL)
        return MEMORY_E;
    srp->keySz = SHA512_DIGEST_SIZE;
    r = wc_InitSha512(&hash);
    if (!r) r = wc_Sha512Update(&hash, secret, size);
    if (!r) r = wc_Sha512Final(&hash, srp->key);
    XMEMSET(&hash, 0, sizeof(Sha512));
    return r;
 }
 static void test_SrpKeyGenFunc_cb(void)
 {
    Srp cli, srv;
    byte clientPubKey[1024];
    byte serverPubKey[1024];
    word32 clientPubKeySz = 1024;
    word32 serverPubKeySz = 1024;
    byte clientProof[SRP_MAX_DIGEST_SIZE];
    byte serverProof[SRP_MAX_DIGEST_SIZE];
    word32 clientProofSz = SRP_MAX_DIGEST_SIZE;
    word32 serverProofSz = SRP_MAX_DIGEST_SIZE;
    byte username_[] = "alice";
    word32 usernameSz_ = 5;
    byte password_[] = "password123";
    word32 passwordSz_ = 11;
    byte N_[] = {
        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2,
        0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
        0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6,
        0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
        0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D,
        0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
        0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9,
        0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
        0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11,
        0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D,
        0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36,
        0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
        0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56,
        0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D,
        0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, 0xF1, 0x74, 0x6C, 0x08,
        0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,
        0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2,
        0xEC, 0x07, 0xA2, 0x8F, 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9,
        0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, 0x39, 0x95, 0x49, 0x7C,
        0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,
        0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, 0xAD, 0x33, 0x17, 0x0D,
        0x04, 0x50, 0x7A, 0x33, 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64,
        0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, 0x8A, 0xEA, 0x71, 0x57,
        0x5D, 0x06, 0x0C, 0x7D, 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7,
        0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, 0x1E, 0x8C, 0x94, 0xE0,
        0x4A, 0x25, 0x61, 0x9D, 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B,
        0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64, 0xD8, 0x76, 0x02, 0x73,
        0x3E, 0xC8, 0x6A, 0x64, 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C,
        0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, 0x77, 0x09, 0x88, 0xC0,
        0xBA, 0xD9, 0x46, 0xE2, 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31,
        0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E, 0x4B, 0x82, 0xD1, 0x20,
        0xA9, 0x3A, 0xD2, 0xCA, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
    };
    byte g_[] = {
        0x05
    };
    byte salt_[] = {
        0xBE, 0xB2, 0x53, 0x79, 0xD1, 0xA8, 0x58, 0x1E, 0xB5, 0xA7, 0x27, 0x67,
        0x3A, 0x24, 0x41, 0xEE
    };
    byte verifier_[] = {
        0x9B, 0x5E, 0x06, 0x17, 0x01, 0xEA, 0x7A, 0xEB, 0x39, 0xCF, 0x6E, 0x35,
        0x19, 0x65, 0x5A, 0x85, 0x3C, 0xF9, 0x4C, 0x75, 0xCA, 0xF2, 0x55, 0x5E,
        0xF1, 0xFA, 0xF7, 0x59, 0xBB, 0x79, 0xCB, 0x47, 0x70, 0x14, 0xE0, 0x4A,
        0x88, 0xD6, 0x8F, 0xFC, 0x05, 0x32, 0x38, 0x91, 0xD4, 0xC2, 0x05, 0xB8,
        0xDE, 0x81, 0xC2, 0xF2, 0x03, 0xD8, 0xFA, 0xD1, 0xB2, 0x4D, 0x2C, 0x10,
        0x97, 0x37, 0xF1, 0xBE, 0xBB, 0xD7, 0x1F, 0x91, 0x24, 0x47, 0xC4, 0xA0,
        0x3C, 0x26, 0xB9, 0xFA, 0xD8, 0xED, 0xB3, 0xE7, 0x80, 0x77, 0x8E, 0x30,
        0x25, 0x29, 0xED, 0x1E, 0xE1, 0x38, 0xCC, 0xFC, 0x36, 0xD4, 0xBA, 0x31,
        0x3C, 0xC4, 0x8B, 0x14, 0xEA, 0x8C, 0x22, 0xA0, 0x18, 0x6B, 0x22, 0x2E,
        0x65, 0x5F, 0x2D, 0xF5, 0x60, 0x3F, 0xD7, 0x5D, 0xF7, 0x6B, 0x3B, 0x08,
        0xFF, 0x89, 0x50, 0x06, 0x9A, 0xDD, 0x03, 0xA7, 0x54, 0xEE, 0x4A, 0xE8,
        0x85, 0x87, 0xCC, 0xE1, 0xBF, 0xDE, 0x36, 0x79, 0x4D, 0xBA, 0xE4, 0x59,
        0x2B, 0x7B, 0x90, 0x4F, 0x44, 0x2B, 0x04, 0x1C, 0xB1, 0x7A, 0xEB, 0xAD,
        0x1E, 0x3A, 0xEB, 0xE3, 0xCB, 0xE9, 0x9D, 0xE6, 0x5F, 0x4B, 0xB1, 0xFA,
        0x00, 0xB0, 0xE7, 0xAF, 0x06, 0x86, 0x3D, 0xB5, 0x3B, 0x02, 0x25, 0x4E,
        0xC6, 0x6E, 0x78, 0x1E, 0x3B, 0x62, 0xA8, 0x21, 0x2C, 0x86, 0xBE, 0xB0,
        0xD5, 0x0B, 0x5B, 0xA6, 0xD0, 0xB4, 0x78, 0xD8, 0xC4, 0xE9, 0xBB, 0xCE,
        0xC2, 0x17, 0x65, 0x32, 0x6F, 0xBD, 0x14, 0x05, 0x8D, 0x2B, 0xBD, 0xE2,
        0xC3, 0x30, 0x45, 0xF0, 0x38, 0x73, 0xE5, 0x39, 0x48, 0xD7, 0x8B, 0x79,
        0x4F, 0x07, 0x90, 0xE4, 0x8C, 0x36, 0xAE, 0xD6, 0xE8, 0x80, 0xF5, 0x57,
        0x42, 0x7B, 0x2F, 0xC0, 0x6D, 0xB5, 0xE1, 0xE2, 0xE1, 0xD7, 0xE6, 0x61,
        0xAC, 0x48, 0x2D, 0x18, 0xE5, 0x28, 0xD7, 0x29, 0x5E, 0xF7, 0x43, 0x72,
        0x95, 0xFF, 0x1A, 0x72, 0xD4, 0x02, 0x77, 0x17, 0x13, 0xF1, 0x68, 0x76,
        0xDD, 0x05, 0x0A, 0xE5, 0xB7, 0xAD, 0x53, 0xCC, 0xB9, 0x08, 0x55, 0xC9,
        0x39, 0x56, 0x64, 0x83, 0x58, 0xAD, 0xFD, 0x96, 0x64, 0x22, 0xF5, 0x24,
        0x98, 0x73, 0x2D, 0x68, 0xD1, 0xD7, 0xFB, 0xEF, 0x10, 0xD7, 0x80, 0x34,
        0xAB, 0x8D, 0xCB, 0x6F, 0x0F, 0xCF, 0x88, 0x5C, 0xC2, 0xB2, 0xEA, 0x2C,
        0x3E, 0x6A, 0xC8, 0x66, 0x09, 0xEA, 0x05, 0x8A, 0x9D, 0xA8, 0xCC, 0x63,
        0x53, 0x1D, 0xC9, 0x15, 0x41, 0x4D, 0xF5, 0x68, 0xB0, 0x94, 0x82, 0xDD,
        0xAC, 0x19, 0x54, 0xDE, 0xC7, 0xEB, 0x71, 0x4F, 0x6F, 0xF7, 0xD4, 0x4C,
        0xD5, 0xB8, 0x6F, 0x6B, 0xD1, 0x15, 0x81, 0x09, 0x30, 0x63, 0x7C, 0x01,
        0xD0, 0xF6, 0x01, 0x3B, 0xC9, 0x74, 0x0F, 0xA2, 0xC6, 0x33, 0xBA, 0x89
    };
    byte a_[] = {
        0x60, 0x97, 0x55, 0x27, 0x03, 0x5C, 0xF2, 0xAD, 0x19, 0x89, 0x80, 0x6F,
        0x04, 0x07, 0x21, 0x0B, 0xC8, 0x1E, 0xDC, 0x04, 0xE2, 0x76, 0x2A, 0x56,
        0xAF, 0xD5, 0x29, 0xDD, 0xDA, 0x2D, 0x43, 0x93
    };
    byte A_[] = {
        0xFA, 0xB6, 0xF5, 0xD2, 0x61, 0x5D, 0x1E, 0x32, 0x35, 0x12, 0xE7, 0x99,
        0x1C, 0xC3, 0x74, 0x43, 0xF4, 0x87, 0xDA, 0x60, 0x4C, 0xA8, 0xC9, 0x23,
        0x0F, 0xCB, 0x04, 0xE5, 0x41, 0xDC, 0xE6, 0x28, 0x0B, 0x27, 0xCA, 0x46,
        0x80, 0xB0, 0x37, 0x4F, 0x17, 0x9D, 0xC3, 0xBD, 0xC7, 0x55, 0x3F, 0xE6,
        0x24, 0x59, 0x79, 0x8C, 0x70, 0x1A, 0xD8, 0x64, 0xA9, 0x13, 0x90, 0xA2,
        0x8C, 0x93, 0xB6, 0x44, 0xAD, 0xBF, 0x9C, 0x00, 0x74, 0x5B, 0x94, 0x2B,
        0x79, 0xF9, 0x01, 0x2A, 0x21, 0xB9, 0xB7, 0x87, 0x82, 0x31, 0x9D, 0x83,
        0xA1, 0xF8, 0x36, 0x28, 0x66, 0xFB, 0xD6, 0xF4, 0x6B, 0xFC, 0x0D, 0xDB,
        0x2E, 0x1A, 0xB6, 0xE4, 0xB4, 0x5A, 0x99, 0x06, 0xB8, 0x2E, 0x37, 0xF0,
        0x5D, 0x6F, 0x97, 0xF6, 0xA3, 0xEB, 0x6E, 0x18, 0x20, 0x79, 0x75, 0x9C,
        0x4F, 0x68, 0x47, 0x83, 0x7B, 0x62, 0x32, 0x1A, 0xC1, 0xB4, 0xFA, 0x68,
        0x64, 0x1F, 0xCB, 0x4B, 0xB9, 0x8D, 0xD6, 0x97, 0xA0, 0xC7, 0x36, 0x41,
        0x38, 0x5F, 0x4B, 0xAB, 0x25, 0xB7, 0x93, 0x58, 0x4C, 0xC3, 0x9F, 0xC8,
        0xD4, 0x8D, 0x4B, 0xD8, 0x67, 0xA9, 0xA3, 0xC1, 0x0F, 0x8E, 0xA1, 0x21,
        0x70, 0x26, 0x8E, 0x34, 0xFE, 0x3B, 0xBE, 0x6F, 0xF8, 0x99, 0x98, 0xD6,
        0x0D, 0xA2, 0xF3, 0xE4, 0x28, 0x3C, 0xBE, 0xC1, 0x39, 0x3D, 0x52, 0xAF,
        0x72, 0x4A, 0x57, 0x23, 0x0C, 0x60, 0x4E, 0x9F, 0xBC, 0xE5, 0x83, 0xD7,
        0x61, 0x3E, 0x6B, 0xFF, 0xD6, 0x75, 0x96, 0xAD, 0x12, 0x1A, 0x87, 0x07,
        0xEE, 0xC4, 0x69, 0x44, 0x95, 0x70, 0x33, 0x68, 0x6A, 0x15, 0x5F, 0x64,
        0x4D, 0x5C, 0x58, 0x63, 0xB4, 0x8F, 0x61, 0xBD, 0xBF, 0x19, 0xA5, 0x3E,
        0xAB, 0x6D, 0xAD, 0x0A, 0x18, 0x6B, 0x8C, 0x15, 0x2E, 0x5F, 0x5D, 0x8C,
        0xAD, 0x4B, 0x0E, 0xF8, 0xAA, 0x4E, 0xA5, 0x00, 0x88, 0x34, 0xC3, 0xCD,
        0x34, 0x2E, 0x5E, 0x0F, 0x16, 0x7A, 0xD0, 0x45, 0x92, 0xCD, 0x8B, 0xD2,
        0x79, 0x63, 0x93, 0x98, 0xEF, 0x9E, 0x11, 0x4D, 0xFA, 0xAA, 0xB9, 0x19,
        0xE1, 0x4E, 0x85, 0x09, 0x89, 0x22, 0x4D, 0xDD, 0x98, 0x57, 0x6D, 0x79,
        0x38, 0x5D, 0x22, 0x10, 0x90, 0x2E, 0x9F, 0x9B, 0x1F, 0x2D, 0x86, 0xCF,
        0xA4, 0x7E, 0xE2, 0x44, 0x63, 0x54, 0x65, 0xF7, 0x10, 0x58, 0x42, 0x1A,
        0x01, 0x84, 0xBE, 0x51, 0xDD, 0x10, 0xCC, 0x9D, 0x07, 0x9E, 0x6F, 0x16,
        0x04, 0xE7, 0xAA, 0x9B, 0x7C, 0xF7, 0x88, 0x3C, 0x7D, 0x4C, 0xE1, 0x2B,
        0x06, 0xEB, 0xE1, 0x60, 0x81, 0xE2, 0x3F, 0x27, 0xA2, 0x31, 0xD1, 0x84,
        0x32, 0xD7, 0xD1, 0xBB, 0x55, 0xC2, 0x8A, 0xE2, 0x1F, 0xFC, 0xF0, 0x05,
        0xF5, 0x75, 0x28, 0xD1, 0x5A, 0x88, 0x88, 0x1B, 0xB3, 0xBB, 0xB7, 0xFE
    };
    byte b_[] = {
        0xE4, 0x87, 0xCB, 0x59, 0xD3, 0x1A, 0xC5, 0x50, 0x47, 0x1E, 0x81, 0xF0,
        0x0F, 0x69, 0x28, 0xE0, 0x1D, 0xDA, 0x08, 0xE9, 0x74, 0xA0, 0x04, 0xF4,
        0x9E, 0x61, 0xF5, 0xD1, 0x05, 0x28, 0x4D, 0x20
    };
    byte B_[] = {
        0x40, 0xF5, 0x70, 0x88, 0xA4, 0x82, 0xD4, 0xC7, 0x73, 0x33, 0x84, 0xFE,
        0x0D, 0x30, 0x1F, 0xDD, 0xCA, 0x90, 0x80, 0xAD, 0x7D, 0x4F, 0x6F, 0xDF,
        0x09, 0xA0, 0x10, 0x06, 0xC3, 0xCB, 0x6D, 0x56, 0x2E, 0x41, 0x63, 0x9A,
        0xE8, 0xFA, 0x21, 0xDE, 0x3B, 0x5D, 0xBA, 0x75, 0x85, 0xB2, 0x75, 0x58,
        0x9B, 0xDB, 0x27, 0x98, 0x63, 0xC5, 0x62, 0x80, 0x7B, 0x2B, 0x99, 0x08,
        0x3C, 0xD1, 0x42, 0x9C, 0xDB, 0xE8, 0x9E, 0x25, 0xBF, 0xBD, 0x7E, 0x3C,
        0xAD, 0x31, 0x73, 0xB2, 0xE3, 0xC5, 0xA0, 0xB1, 0x74, 0xDA, 0x6D, 0x53,
        0x91, 0xE6, 0xA0, 0x6E, 0x46, 0x5F, 0x03, 0x7A, 0x40, 0x06, 0x25, 0x48,
        0x39, 0xA5, 0x6B, 0xF7, 0x6D, 0xA8, 0x4B, 0x1C, 0x94, 0xE0, 0xAE, 0x20,
        0x85, 0x76, 0x15, 0x6F, 0xE5, 0xC1, 0x40, 0xA4, 0xBA, 0x4F, 0xFC, 0x9E,
        0x38, 0xC3, 0xB0, 0x7B, 0x88, 0x84, 0x5F, 0xC6, 0xF7, 0xDD, 0xDA, 0x93,
        0x38, 0x1F, 0xE0, 0xCA, 0x60, 0x84, 0xC4, 0xCD, 0x2D, 0x33, 0x6E, 0x54,
        0x51, 0xC4, 0x64, 0xCC, 0xB6, 0xEC, 0x65, 0xE7, 0xD1, 0x6E, 0x54, 0x8A,
        0x27, 0x3E, 0x82, 0x62, 0x84, 0xAF, 0x25, 0x59, 0xB6, 0x26, 0x42, 0x74,
        0x21, 0x59, 0x60, 0xFF, 0xF4, 0x7B, 0xDD, 0x63, 0xD3, 0xAF, 0xF0, 0x64,
        0xD6, 0x13, 0x7A, 0xF7, 0x69, 0x66, 0x1C, 0x9D, 0x4F, 0xEE, 0x47, 0x38,
        0x26, 0x03, 0xC8, 0x8E, 0xAA, 0x09, 0x80, 0x58, 0x1D, 0x07, 0x75, 0x84,
        0x61, 0xB7, 0x77, 0xE4, 0x35, 0x6D, 0xDA, 0x58, 0x35, 0x19, 0x8B, 0x51,
        0xFE, 0xEA, 0x30, 0x8D, 0x70, 0xF7, 0x54, 0x50, 0xB7, 0x16, 0x75, 0xC0,
        0x8C, 0x7D, 0x83, 0x02, 0xFD, 0x75, 0x39, 0xDD, 0x1F, 0xF2, 0xA1, 0x1C,
        0xB4, 0x25, 0x8A, 0xA7, 0x0D, 0x23, 0x44, 0x36, 0xAA, 0x42, 0xB6, 0xA0,
        0x61, 0x5F, 0x3F, 0x91, 0x5D, 0x55, 0xCC, 0x3B, 0x96, 0x6B, 0x27, 0x16,
        0xB3, 0x6E, 0x4D, 0x1A, 0x06, 0xCE, 0x5E, 0x5D, 0x2E, 0xA3, 0xBE, 0xE5,
        0xA1, 0x27, 0x0E, 0x87, 0x51, 0xDA, 0x45, 0xB6, 0x0B, 0x99, 0x7B, 0x0F,
        0xFD, 0xB0, 0xF9, 0x96, 0x2F, 0xEE, 0x4F, 0x03, 0xBE, 0xE7, 0x80, 0xBA,
        0x0A, 0x84, 0x5B, 0x1D, 0x92, 0x71, 0x42, 0x17, 0x83, 0xAE, 0x66, 0x01,
        0xA6, 0x1E, 0xA2, 0xE3, 0x42, 0xE4, 0xF2, 0xE8, 0xBC, 0x93, 0x5A, 0x40,
        0x9E, 0xAD, 0x19, 0xF2, 0x21, 0xBD, 0x1B, 0x74, 0xE2, 0x96, 0x4D, 0xD1,
        0x9F, 0xC8, 0x45, 0xF6, 0x0E, 0xFC, 0x09, 0x33, 0x8B, 0x60, 0xB6, 0xB2,
        0x56, 0xD8, 0xCA, 0xC8, 0x89, 0xCC, 0xA3, 0x06, 0xCC, 0x37, 0x0A, 0x0B,
        0x18, 0xC8, 0xB8, 0x86, 0xE9, 0x5D, 0xA0, 0xAF, 0x52, 0x35, 0xFE, 0xF4,
        0x39, 0x30, 0x20, 0xD2, 0xB7, 0xF3, 0x05, 0x69, 0x04, 0x75, 0x90, 0x42
    };
    byte key_[] = {
        0x5C, 0xBC, 0x21, 0x9D, 0xB0, 0x52, 0x13, 0x8E, 0xE1, 0x14, 0x8C, 0x71,
        0xCD, 0x44, 0x98, 0x96, 0x3D, 0x68, 0x25, 0x49, 0xCE, 0x91, 0xCA, 0x24,
        0xF0, 0x98, 0x46, 0x8F, 0x06, 0x01, 0x5B, 0xEB, 0x6A, 0xF2, 0x45, 0xC2,
        0x09, 0x3F, 0x98, 0xC3, 0x65, 0x1B, 0xCA, 0x83, 0xAB, 0x8C, 0xAB, 0x2B,
        0x58, 0x0B, 0xBF, 0x02, 0x18, 0x4F, 0xEF, 0xDF, 0x26, 0x14, 0x2F, 0x73,
        0xDF, 0x95, 0xAC, 0x50
    };
    AssertIntEQ(0, wc_SrpInit(&cli, SRP_TYPE_SHA512, SRP_CLIENT_SIDE));
    AssertIntEQ(0, wc_SrpInit(&srv, SRP_TYPE_SHA512, SRP_SERVER_SIDE));
    AssertIntEQ(0, wc_SrpSetUsername(&cli, username_, usernameSz_));
    AssertIntEQ(0, wc_SrpSetUsername(&srv, username_, usernameSz_));
    AssertIntEQ(0, wc_SrpSetParams(&cli, N_,    sizeof(N_),
                                         g_,    sizeof(g_),
                                         salt_, sizeof(salt_)));
    AssertIntEQ(0, wc_SrpSetParams(&srv, N_,    sizeof(N_),
                                         g_,    sizeof(g_),
                                         salt_, sizeof(salt_)));
    AssertIntEQ(0, wc_SrpSetPassword(&cli, password_, passwordSz_));
    AssertIntEQ(0, wc_SrpSetVerifier(&srv, verifier_, sizeof(verifier_)));
    AssertIntEQ(0, wc_SrpSetPrivate(&cli, a_, sizeof(a_)));
    AssertIntEQ(0, wc_SrpGetPublic(&cli, clientPubKey, &clientPubKeySz));
    AssertIntEQ(0, XMEMCMP(clientPubKey, A_, clientPubKeySz));
    AssertIntEQ(0, wc_SrpSetPrivate(&srv, b_, sizeof(b_)));
    AssertIntEQ(0, wc_SrpGetPublic(&srv, serverPubKey, &serverPubKeySz));
    AssertIntEQ(0, XMEMCMP(serverPubKey, B_, serverPubKeySz));
    cli.keyGenFunc_cb = sha512_key_gen;
    AssertIntEQ(0, wc_SrpComputeKey(&cli, clientPubKey, clientPubKeySz,
                                          serverPubKey, serverPubKeySz));
    AssertIntEQ(0, XMEMCMP(cli.key, key_, sizeof(key_)));
    srv.keyGenFunc_cb = sha512_key_gen;
    AssertIntEQ(0, wc_SrpComputeKey(&srv, clientPubKey, clientPubKeySz,
                                          serverPubKey, serverPubKeySz));
    AssertIntEQ(0, XMEMCMP(srv.key, key_, sizeof(key_)));
    AssertIntEQ(0, wc_SrpGetProof(&cli, clientProof, &clientProofSz));
    AssertIntEQ(0, wc_SrpVerifyPeersProof(&srv, clientProof, clientProofSz));
    AssertIntEQ(0, wc_SrpGetProof(&srv, serverProof, &serverProofSz));
    AssertIntEQ(0, wc_SrpVerifyPeersProof(&cli, serverProof, serverProofSz));
    wc_SrpTerm(&cli);
    wc_SrpTerm(&srv);
 }
 #endif
 void SrpTest(void)
 {
 #ifdef WOLFCRYPT_HAVE_SRP
    test_SrpInit();
    test_SrpSetUsername();
    test_SrpSetParams();
    test_SrpSetPassword();
    test_SrpGetPublic();
    test_SrpComputeKey();
    test_SrpGetProofAndVerify();
    test_SrpKeyGenFunc_cb();
 #endif
 }
--- a/tests/suites.c
+++ b/tests/suites.c
@@ -36,7 +36,7 @@
 #define MAX_COMMAND_SZ 240
 #define MAX_SUITE_SZ 80 
 #define NOT_BUILT_IN -123
-#ifdef NO_OLD_TLS
+#if defined(NO_OLD_TLS) || !defined(WOLFSSL_ALLOW_SSLV3)
    #define VERSION_TOO_OLD -124
 #endif
@@ -52,6 +52,28 @@ static char flagSep[] = " ";
 static char svrPort[] = "0";
 #ifndef WOLFSSL_ALLOW_SSLV3
 /* if the protocol version is sslv3 return 1, else 0 */
 static int IsSslVersion(const char* line)
 {
    const char* find = "-v ";
    char* begin = strstr(line, find);
    if (begin) {
        int version = -1;
        begin += 3;
        version = atoi(begin);
        if (version == 0)
            return 1;
    }
    return 0;
 }
 #endif /* !WOLFSSL_ALLOW_SSLV3 */
 #ifdef NO_OLD_TLS
 /* if the protocol version is less than tls 1.2 return 1, else 0 */
 static int IsOldTlsVersion(const char* line)
@@ -71,7 +93,7 @@ static int IsOldTlsVersion(const char* line)
    }
    return 0;
-} 
+}
 #endif /* NO_OLD_TLS */
@@ -168,6 +190,15 @@ static int execute_test_case(int svr_argc, char** svr_argv,
        return NOT_BUILT_IN;
    }
 #ifndef WOLFSSL_ALLOW_SSLV3
    if (IsSslVersion(commandLine) == 1) {
        #ifdef DEBUG_SUITE_TESTS
            printf("protocol version on line %s is too old\n", commandLine);
        #endif
        return VERSION_TOO_OLD;
    }
 #endif
 #ifdef NO_OLD_TLS
    if (IsOldTlsVersion(commandLine) == 1) {
        #ifdef DEBUG_SUITE_TESTS
@@ -476,6 +507,17 @@ int SuiteTest(void)
    }
 #endif
 #ifndef NO_PSK
    /* add psk extra suites */
    strcpy(argv0[1], "tests/test-psk-no-id.conf");
    printf("starting psk no identity extra cipher suite tests\n");
    test_harness(&args);
    if (args.return_code != 0) {
        printf("error from script %d\n", args.return_code);
        exit(EXIT_FAILURE);
    }
 #endif
    printf(" End Cipher Suite Tests\n");
    wolfSSL_CTX_free(cipherSuiteCtx);
--- a/tests/test-psk-no-id.conf
+++ b/tests/test-psk-no-id.conf
@@ -0,0 +1,154 @@
 # No Hint server TLSv1 PSK-AES128
 -s
 -I
 -v 1
 -l PSK-AES128-CBC-SHA
 # No Hint client TLSv1 PSK-AES128
 -s
 -v 1
 -l PSK-AES128-CBC-SHA
 # No Hint server TLSv1 PSK-AES256
 -s
 -I
 -v 1
 -l PSK-AES256-CBC-SHA
 # No Hint client TLSv1 PSK-AES256
 -s
 -v 1
 -l PSK-AES256-CBC-SHA
 # No Hint server TLSv1.1 PSK-AES128
 -s
 -I
 -v 2
 -l PSK-AES128-CBC-SHA
 # No Hint client TLSv1.1 PSK-AES128
 -s
 -v 2
 -l PSK-AES128-CBC-SHA
 # No Hint server TLSv1.1 PSK-AES256
 -s
 -I
 -v 2
 -l PSK-AES256-CBC-SHA
 # No Hint client TLSv1.1 PSK-AES256
 -s
 -v 2
 -l PSK-AES256-CBC-SHA
 # No Hint server TLSv1.2 PSK-AES128
 -s
 -I
 -v 3
 -l PSK-AES128-CBC-SHA
 # No Hint client TLSv1.2 PSK-AES128
 -s
 -v 3
 -l PSK-AES128-CBC-SHA
 # No Hint server TLSv1.2 PSK-AES256
 -s
 -I
 -v 3
 -l PSK-AES256-CBC-SHA
 # No Hint client TLSv1.2 PSK-AES256
 -s
 -v 3
 -l PSK-AES256-CBC-SHA
 # No Hint server TLSv1.0 PSK-AES128-SHA256
 -s
 -I
 -v 1
 -l PSK-AES128-CBC-SHA256
 # No Hint client TLSv1.0 PSK-AES128-SHA256
 -s
 -v 1
 -l PSK-AES128-CBC-SHA256
 # No Hint server TLSv1.1 PSK-AES128-SHA256
 -s
 -I
 -v 2
 -l PSK-AES128-CBC-SHA256
 # No Hint client TLSv1.1 PSK-AES128-SHA256
 -s
 -v 2
 -l PSK-AES128-CBC-SHA256
 # No Hint server TLSv1.2 PSK-AES128-SHA256
 -s
 -I
 -v 3
 -l PSK-AES128-CBC-SHA256
 # No Hint client TLSv1.2 PSK-AES128-SHA256
 -s
 -v 3
 -l PSK-AES128-CBC-SHA256
 # No Hint server TLSv1.0 PSK-AES256-SHA384
 -s
 -I
 -v 1
 -l PSK-AES256-CBC-SHA384
 # No Hint client TLSv1.0 PSK-AES256-SHA384
 -s
 -v 1
 -l PSK-AES256-CBC-SHA384
 # No Hint server TLSv1.1 PSK-AES256-SHA384
 -s
 -I
 -v 2
 -l PSK-AES256-CBC-SHA384
 # No Hint client TLSv1.1 PSK-AES256-SHA384
 -s
 -v 2
 -l PSK-AES256-CBC-SHA384
 # No Hint server TLSv1.2 PSK-AES256-SHA384
 -s
 -I
 -v 3
 -l PSK-AES256-CBC-SHA384
 # No Hint client TLSv1.2 PSK-AES256-SHA384
 -s
 -v 3
 -l PSK-AES256-CBC-SHA384
 # server TLSv1.2 PSK-AES128-GCM-SHA256
 -s
 -I
 -v 3
 -l PSK-AES128-GCM-SHA256
 # client TLSv1.2 PSK-AES128-GCM-SHA256
 -s
 -v 3
 -l PSK-AES128-GCM-SHA256
 # server TLSv1.2 PSK-AES256-GCM-SHA384
 -s
 -I
 -v 3
 -l PSK-AES256-GCM-SHA384
 # client TLSv1.2 PSK-AES256-GCM-SHA384
 -s
 -v 3
 -l PSK-AES256-GCM-SHA384
--- a/tests/unit.c
+++ b/tests/unit.c
@@ -77,6 +77,8 @@ int unit_test(int argc, char** argv)
    }
 #endif
    SrpTest();
 #ifdef HAVE_CAVIUM
        CspShutdown(CAVIUM_DEV_ID);
 #endif
@@ -92,7 +94,7 @@ void wait_tcp_ready(func_args* args)
    (void)args;
 #elif defined(_POSIX_THREADS) && !defined(__MINGW32__)
    pthread_mutex_lock(&args->signal->mutex);
-    
+
    if (!args->signal->ready)
        pthread_cond_wait(&args->signal->cond, &args->signal->mutex);
    args->signal->ready = 0; /* reset */
@@ -176,4 +178,3 @@ void FreeTcpReady(tcp_ready* ready)
    (void)ready;
 #endif
 }
--- a/tests/unit.h
+++ b/tests/unit.h
@@ -27,8 +27,8 @@
 #define Fail(description, result) do {                                         \
    printf("\nERROR - %s line %d failed with:", __FILE__, __LINE__);           \
-    printf("\n\n    test:   "); printf description;                            \
+    printf("\n    expected: "); printf description;                            \
-    printf("\n\n    result: "); printf result;                                 \
+    printf("\n    result:   "); printf result; printf("\n\n");                 \
    abort();                                                                   \
 } while(0)
@@ -76,9 +76,9 @@
 void ApiTest(void);
-int SuiteTest(void);
+int  SuiteTest(void);
-int HashTest(void);
+int  HashTest(void);
 void SrpTest(void);
 #endif /* CyaSSL_UNIT_H */
--- a/wolfcrypt/benchmark/benchmark.c
+++ b/wolfcrypt/benchmark/benchmark.c
@@ -32,7 +32,11 @@
 #ifdef FREESCALE_MQX
    #include <mqx.h>
-    #include <fio.h>
+    #if MQX_USE_IO_OLD
        #include <fio.h>
    #else
        #include <nio.h>
    #endif
 #else
    #include <stdio.h>
 #endif
@@ -194,7 +198,7 @@ static int OpenNitroxDevice(int dma_mode,int dev_id)
 #if !defined(NO_RSA) || !defined(NO_DH) \
                                || defined(WOLFSSL_KEYGEN) || defined(HAVE_ECC)
    #define HAVE_LOCAL_RNG
-    static RNG rng;
+    static WC_RNG rng;
 #endif
 /* use kB instead of mB for embedded benchmarking */
--- a/wolfcrypt/src/aes.c
+++ b/wolfcrypt/src/aes.c
@@ -55,19 +55,6 @@ int wc_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
 }
 int wc_AesCbcEncryptWithKey(byte* out, const byte* in, word32 inSz,
                            const byte* key, word32 keySz, const byte* iv)
 {
    return AesCbcDecryptWithKey(out, in, inSz, key, keySz, iv);
 }
 int wc_AesCbcDecryptWithKey(byte* out, const byte* in, word32 inSz,
                                 const byte* key, word32 keySz, const byte* iv)
 {
    return AesCbcDecryptWithKey(out, in, inSz, key, keySz, iv);
 }
 /* AES-CTR */
 #ifdef WOLFSSL_AES_COUNTER
 void wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
@@ -1727,59 +1714,6 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
 }
 int wc_AesCbcDecryptWithKey(byte* out, const byte* in, word32 inSz,
                                  const byte* key, word32 keySz, const byte* iv)
 {
    int  ret = 0;
 #ifdef WOLFSSL_SMALL_STACK
    Aes* aes = NULL;
 #else
    Aes  aes[1];
 #endif
 #ifdef WOLFSSL_SMALL_STACK
    aes = (Aes*)XMALLOC(sizeof(Aes), NULL, DYNAMIC_TYPE_TMP_BUFFER);
    if (aes == NULL)
        return MEMORY_E;
 #endif
    ret = wc_AesSetKey(aes, key, keySz, iv, AES_DECRYPTION);
    if (ret == 0)
        ret = wc_AesCbcDecrypt(aes, out, in, inSz); 
 #ifdef WOLFSSL_SMALL_STACK
    XFREE(aes, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
    return ret;
 }
 int wc_AesCbcEncryptWithKey(byte* out, const byte* in, word32 inSz,
                            const byte* key, word32 keySz, const byte* iv)
 {
    int  ret = 0;
 #ifdef WOLFSSL_SMALL_STACK
    Aes* aes = NULL;
 #else
    Aes  aes[1];
 #endif
 #ifdef WOLFSSL_SMALL_STACK
    aes = (Aes*)XMALLOC(sizeof(Aes), NULL, DYNAMIC_TYPE_TMP_BUFFER);
    if (aes == NULL)
        return MEMORY_E;
 #endif
    ret = wc_AesSetKey(aes, key, keySz, iv, AES_ENCRYPTION);
    if (ret == 0)
        ret = wc_AesCbcEncrypt(aes, out, in, inSz);
 #ifdef WOLFSSL_SMALL_STACK
    XFREE(aes, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
    return ret;
 }
 /* AES-DIRECT */
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -42,6 +42,7 @@
 #include <wolfssl/wolfcrypt/logging.h>
 #include <wolfssl/wolfcrypt/random.h>
 #include <wolfssl/wolfcrypt/hash.h>
 #ifndef NO_RC4
@@ -66,7 +67,11 @@
 #ifdef WOLFSSL_DEBUG_ENCODING
    #ifdef FREESCALE_MQX
-        #include <fio.h>
+        #if MQX_USE_IO_OLD
            #include <fio.h>
        #else
            #include <nio.h>
        #endif
    #else
        #include <stdio.h>
    #endif
@@ -904,6 +909,9 @@ static int DecryptKey(const char* password, int passwordSz, byte* salt,
    byte key[MAX_KEY_SIZE];
 #endif
    (void)input;
    (void)length;
    switch (id) {
        case PBE_MD5_DES:
            typeH = MD5;
@@ -1484,11 +1492,13 @@ int wc_DsaKeyToDer(DsaKey* key, byte* output, word32 inLen)
        sizes[i] = SetLength(rawLen, tmps[i] + 1) + 1 + lbit; /* tag & lbit */
        if (sizes[i] <= MAX_SEQ_SZ) {
            int err;
            /* leading zero */
            if (lbit)
                tmps[i][sizes[i]-1] = 0x00;
-            int err = mp_to_unsigned_bin(keyInt, tmps[i] + sizes[i]);
+            err = mp_to_unsigned_bin(keyInt, tmps[i] + sizes[i]);
            if (err == MP_OKAY) {
                sizes[i] += (rawLen-lbit); /* lbit included in rawLen */
                intTotalLen += sizes[i];
@@ -4913,11 +4923,13 @@ int wc_RsaKeyToDer(RsaKey* key, byte* output, word32 inLen)
        sizes[i] = SetLength(rawLen, tmps[i] + 1) + 1 + lbit; /* tag & lbit */
        if (sizes[i] <= MAX_SEQ_SZ) {
            int err;
            /* leading zero */
            if (lbit)
                tmps[i][sizes[i]-1] = 0x00;
-            int err = mp_to_unsigned_bin(keyInt, tmps[i] + sizes[i]);
+            err = mp_to_unsigned_bin(keyInt, tmps[i] + sizes[i]);
            if (err == MP_OKAY) {
                sizes[i] += (rawLen-lbit); /* lbit included in rawLen */
                intTotalLen += sizes[i];
@@ -5755,7 +5767,7 @@ static int SetName(byte* output, CertName* name)
 /* encode info from cert into DER encoded format */
 static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey,
-                      RNG* rng, const byte* ntruKey, word16 ntruSz)
+                      WC_RNG* rng, const byte* ntruKey, word16 ntruSz)
 {
    int ret;
@@ -5927,7 +5939,7 @@ static int WriteCertBody(DerCert* der, byte* buffer)
 /* Make RSA signature from buffer (sz), write to sig (sigSz) */
 static int MakeSignature(const byte* buffer, int sz, byte* sig, int sigSz,
-                         RsaKey* rsaKey, ecc_key* eccKey, RNG* rng,
+                         RsaKey* rsaKey, ecc_key* eccKey, WC_RNG* rng,
                         int sigAlgoType)
 {
    int encSigSz, digestSz, typeH = 0, ret = 0;
@@ -6052,7 +6064,7 @@ static int AddSignature(byte* buffer, int bodySz, const byte* sig, int sigSz,
 /* Make an x509 Certificate v3 any key type from cert input, write to buffer */
 static int MakeAnyCert(Cert* cert, byte* derBuffer, word32 derSz,
-                       RsaKey* rsaKey, ecc_key* eccKey, RNG* rng,
+                       RsaKey* rsaKey, ecc_key* eccKey, WC_RNG* rng,
                       const byte* ntruKey, word16 ntruSz)
 {
    int ret;
@@ -6089,7 +6101,7 @@ static int MakeAnyCert(Cert* cert, byte* derBuffer, word32 derSz,
 /* Make an x509 Certificate v3 RSA or ECC from cert input, write to buffer */
 int wc_MakeCert(Cert* cert, byte* derBuffer, word32 derSz, RsaKey* rsaKey,
-             ecc_key* eccKey, RNG* rng)
+             ecc_key* eccKey, WC_RNG* rng)
 {
    return MakeAnyCert(cert, derBuffer, derSz, rsaKey, eccKey, rng, NULL, 0);
 }
@@ -6098,7 +6110,7 @@ int wc_MakeCert(Cert* cert, byte* derBuffer, word32 derSz, RsaKey* rsaKey,
 #ifdef HAVE_NTRU
 int wc_MakeNtruCert(Cert* cert, byte* derBuffer, word32 derSz,
-                  const byte* ntruKey, word16 keySz, RNG* rng)
+                  const byte* ntruKey, word16 keySz, WC_RNG* rng)
 {
    return MakeAnyCert(cert, derBuffer, derSz, NULL, NULL, rng, ntruKey, keySz);
 }
@@ -6314,7 +6326,7 @@ int wc_MakeCertReq(Cert* cert, byte* derBuffer, word32 derSz,
 int wc_SignCert(int requestSz, int sType, byte* buffer, word32 buffSz,
-             RsaKey* rsaKey, ecc_key* eccKey, RNG* rng)
+             RsaKey* rsaKey, ecc_key* eccKey, WC_RNG* rng)
 {
    int sigSz;
 #ifdef WOLFSSL_SMALL_STACK
@@ -6351,7 +6363,7 @@ int wc_SignCert(int requestSz, int sType, byte* buffer, word32 buffSz,
 int wc_MakeSelfCert(Cert* cert, byte* buffer, word32 buffSz,
-                    RsaKey* key, RNG* rng)
+                    RsaKey* key, WC_RNG* rng)
 {
    int ret = wc_MakeCert(cert, buffer, buffSz, key, NULL, rng);
@@ -7583,7 +7595,7 @@ int EncodeOcspRequest(OcspRequest* req)
    extSz = 0;
    if (req->useNonce) {
-        RNG rng;
+        WC_RNG rng;
        if (wc_InitRng(&rng) != 0) {
            WOLFSSL_MSG("\tCannot initialize RNG. Skipping the OSCP Nonce.");
        } else {
--- a/wolfcrypt/src/coding.c
+++ b/wolfcrypt/src/coding.c
@@ -225,7 +225,7 @@ static int CEscape(int escaped, byte e, byte* out, word32* i, word32 max,
    }
    *i = idx;
-    return getSzOnly ? LENGTH_ONLY_E : 0;
+    return 0;
 }
@@ -319,6 +319,8 @@ static int DoBase64_Encode(const byte* in, word32 inLen, byte* out,
        return ASN_INPUT_E;
    *outLen = i;
    if(ret == 0)
        return getSzOnly ? LENGTH_ONLY_E : 0;
    return ret;
 }
--- a/wolfcrypt/src/curve25519.c
+++ b/wolfcrypt/src/curve25519.c
@@ -46,7 +46,7 @@ const curve25519_set_type curve25519_sets[] = {
 };
-int wc_curve25519_make_key(RNG* rng, int keysize, curve25519_key* key)
+int wc_curve25519_make_key(WC_RNG* rng, int keysize, curve25519_key* key)
 {
    unsigned char basepoint[CURVE25519_KEYSIZE] = {9};
    int  ret;
--- a/wolfcrypt/src/des3.c
+++ b/wolfcrypt/src/des3.c
@@ -91,37 +91,12 @@ void wc_Des_SetIV(Des* des, const byte* iv)
 }
 int wc_Des_CbcEncryptWithKey(byte* out, const byte* in, word32 sz,
                                                const byte* key, const byte* iv)
 {
    return Des_CbcEncryptWithKey(out, in, sz, key, iv);
 }
 int wc_Des_CbcDecryptWithKey(byte* out, const byte* in, word32 sz,
                             const byte* key, const byte* iv)
 {
    return Des_CbcDecryptWithKey(out, in, sz, key, iv);
 }
 int wc_Des3_SetIV(Des3* des, const byte* iv)
 {
    return Des3_SetIV_fips(des, iv);
 }
 int wc_Des3_CbcEncryptWithKey(byte* out, const byte* in, word32 sz,
                              const byte* key, const byte* iv)
 {
    return Des3_CbcEncryptWithKey(out, in, sz, key, iv);
 }
 int wc_Des3_CbcDecryptWithKey(byte* out, const byte* in, word32 sz,
                              const byte* key, const byte* iv)
 {
    return Des3_CbcDecryptWithKey(out, in, sz, key, iv);
 }
 #ifdef HAVE_CAVIUM
 /* Initiliaze Des3 for use with Nitrox device */
@@ -1501,61 +1476,6 @@ void wc_Des_SetIV(Des* des, const byte* iv)
 }
 int wc_Des_CbcEncryptWithKey(byte* out, const byte* in, word32 sz,
                             const byte* key, const byte* iv)
 {
    int ret  = 0;
 #ifdef WOLFSSL_SMALL_STACK
    Des* des = NULL;
 #else
    Des  des[1];
 #endif
 #ifdef WOLFSSL_SMALL_STACK
    des = (Des*)XMALLOC(sizeof(Des), NULL, DYNAMIC_TYPE_TMP_BUFFER);
    if (des == NULL)
        return MEMORY_E;
 #endif
    ret = wc_Des_SetKey(des, key, iv, DES_ENCRYPTION);
    if (ret == 0)
        ret = wc_Des_CbcEncrypt(des, out, in, sz);
 #ifdef WOLFSSL_SMALL_STACK
    XFREE(des, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
    return ret;
 }
 int wc_Des_CbcDecryptWithKey(byte* out, const byte* in, word32 sz,
                             const byte* key, const byte* iv)
 {
    int ret  = 0;
 #ifdef WOLFSSL_SMALL_STACK
    Des* des = NULL;
 #else
    Des  des[1];
 #endif
 #ifdef WOLFSSL_SMALL_STACK
    des = (Des*)XMALLOC(sizeof(Des), NULL, DYNAMIC_TYPE_TMP_BUFFER);
    if (des == NULL)
        return MEMORY_E;
 #endif
    ret = wc_Des_SetKey(des, key, iv, DES_DECRYPTION);
    if (ret == 0)
        ret = wc_Des_CbcDecrypt(des, out, in, sz);
 #ifdef WOLFSSL_SMALL_STACK
    XFREE(des, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
    return ret;
 }
 int wc_Des3_SetIV(Des3* des, const byte* iv)
 {
    if (des && iv)
@@ -1567,61 +1487,6 @@ int wc_Des3_SetIV(Des3* des, const byte* iv)
 }
 int wc_Des3_CbcEncryptWithKey(byte* out, const byte* in, word32 sz,
                              const byte* key, const byte* iv)
 {
    int ret    = 0;
 #ifdef WOLFSSL_SMALL_STACK
    Des3* des3 = NULL;
 #else
    Des3  des3[1];
 #endif
 #ifdef WOLFSSL_SMALL_STACK
    des3 = (Des3*)XMALLOC(sizeof(Des3), NULL, DYNAMIC_TYPE_TMP_BUFFER);
    if (des3 == NULL)
        return MEMORY_E;
 #endif
    ret = wc_Des3_SetKey(des3, key, iv, DES_ENCRYPTION);
    if (ret == 0)
        ret = wc_Des3_CbcEncrypt(des3, out, in, sz);
 #ifdef WOLFSSL_SMALL_STACK
    XFREE(des3, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
    return ret;
 }
 int wc_Des3_CbcDecryptWithKey(byte* out, const byte* in, word32 sz,
                              const byte* key, const byte* iv)
 {
    int ret    = 0;
 #ifdef WOLFSSL_SMALL_STACK
    Des3* des3 = NULL;
 #else
    Des3  des3[1];
 #endif
 #ifdef WOLFSSL_SMALL_STACK
    des3 = (Des3*)XMALLOC(sizeof(Des3), NULL, DYNAMIC_TYPE_TMP_BUFFER);
    if (des3 == NULL)
        return MEMORY_E;
 #endif
    ret = wc_Des3_SetKey(des3, key, iv, DES_DECRYPTION);
    if (ret == 0)
        ret = wc_Des3_CbcDecrypt(des3, out, in, sz);
 #ifdef WOLFSSL_SMALL_STACK
    XFREE(des3, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
    return ret;
 }
 #ifdef HAVE_CAVIUM
 #include "cavium_common.h"
--- a/wolfcrypt/src/dh.c
+++ b/wolfcrypt/src/dh.c
@@ -83,7 +83,7 @@ static word32 DiscreteLogWorkFactor(word32 n)
 }
-static int GeneratePrivate(DhKey* key, RNG* rng, byte* priv, word32* privSz)
+static int GeneratePrivate(DhKey* key, WC_RNG* rng, byte* priv, word32* privSz)
 {
    int ret;
    word32 sz = mp_unsigned_bin_size(&key->p);
@@ -132,7 +132,7 @@ static int GeneratePublic(DhKey* key, const byte* priv, word32 privSz,
 }
-int wc_DhGenerateKeyPair(DhKey* key, RNG* rng, byte* priv, word32* privSz,
+int wc_DhGenerateKeyPair(DhKey* key, WC_RNG* rng, byte* priv, word32* privSz,
                      byte* pub, word32* pubSz)
 {
    int ret = GeneratePrivate(key, rng, priv, privSz);
--- a/wolfcrypt/src/dsa.c
+++ b/wolfcrypt/src/dsa.c
@@ -18,7 +18,6 @@
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
 */
 #include <stdio.h>
 #ifdef HAVE_CONFIG_H
    #include <config.h>
@@ -85,7 +84,7 @@ void wc_FreeDsaKey(DsaKey* key)
 #ifdef WOLFSSL_KEY_GEN
-int wc_MakeDsaKey(RNG *rng, DsaKey *dsa)
+int wc_MakeDsaKey(WC_RNG *rng, DsaKey *dsa)
 {
    unsigned char *buf;
    int qsize, err;
@@ -146,7 +145,7 @@ int wc_MakeDsaKey(RNG *rng, DsaKey *dsa)
 }
 /* modulus_size in bits */
-int wc_MakeDsaParameters(RNG *rng, int modulus_size, DsaKey *dsa)
+int wc_MakeDsaParameters(WC_RNG *rng, int modulus_size, DsaKey *dsa)
 {
    mp_int  tmp, tmp2;
    int     err, msize, qsize,
@@ -341,7 +340,7 @@ int wc_MakeDsaParameters(RNG *rng, int modulus_size, DsaKey *dsa)
 #endif /* WOLFSSL_KEY_GEN */
-int wc_DsaSign(const byte* digest, byte* out, DsaKey* key, RNG* rng)
+int wc_DsaSign(const byte* digest, byte* out, DsaKey* key, WC_RNG* rng)
 {
    mp_int k, kInv, r, s, H;
    int    ret, sz;
--- a/wolfcrypt/src/ecc.c
+++ b/wolfcrypt/src/ecc.c
@@ -1652,7 +1652,7 @@ int wc_ecc_point_is_at_infinity(ecc_point* p)
 }
-static int wc_ecc_make_key_ex(RNG* rng, ecc_key* key, const ecc_set_type* dp)
+static int wc_ecc_make_key_ex(WC_RNG* rng, ecc_key* key, const ecc_set_type* dp)
 {
   int            err;
   ecc_point*     base;
@@ -1775,7 +1775,7 @@ static int wc_ecc_make_key_ex(RNG* rng, ecc_key* key, const ecc_set_type* dp)
 return       MP_OKAY if successful,
 upon error all allocated memory will be freed
 */
-int wc_ecc_make_key(RNG* rng, int keysize, ecc_key* key)
+int wc_ecc_make_key(WC_RNG* rng, int keysize, ecc_key* key)
 {
    int x, err;
@@ -1835,7 +1835,7 @@ int wc_ecc_init(ecc_key* key)
 return    MP_OKAY if successful
 */
 int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen,
-                     RNG* rng, ecc_key* key)
+                     WC_RNG* rng, ecc_key* key)
 {
    mp_int    r;
    mp_int    s;
@@ -1870,7 +1870,7 @@ int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen,
  s            [out] The destination for s component of the signature
  return    MP_OKAY if successful
 */
-int wc_ecc_sign_hash_ex(const byte* in, word32 inlen, RNG* rng,
+int wc_ecc_sign_hash_ex(const byte* in, word32 inlen, WC_RNG* rng,
                     ecc_key* key, mp_int *r, mp_int *s)
 {
   mp_int        e;
@@ -4331,7 +4331,9 @@ static int accel_fp_mul2add(int idx1, int idx2,
   if ((err = mp_to_unsigned_bin(&tka, kb[0])) != MP_OKAY) {
      mp_clear(&tka);
      mp_clear(&tkb);
 #ifdef WOLFSSL_SMALL_STACK
      XFREE(kb[0], NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
      return err;
   }
@@ -4832,7 +4834,7 @@ int wc_ecc_ctx_set_peer_salt(ecEncCtx* ctx, const byte* salt)
 }
-static int ecc_ctx_set_salt(ecEncCtx* ctx, int flags, RNG* rng)
+static int ecc_ctx_set_salt(ecEncCtx* ctx, int flags, WC_RNG* rng)
 {
    byte* saltBuffer = NULL;
@@ -4864,7 +4866,7 @@ static void ecc_ctx_init(ecEncCtx* ctx, int flags)
 /* allow ecc context reset so user doesn't have to init/free for resue */
-int wc_ecc_ctx_reset(ecEncCtx* ctx, RNG* rng)
+int wc_ecc_ctx_reset(ecEncCtx* ctx, WC_RNG* rng)
 {
    if (ctx == NULL || rng == NULL)
        return BAD_FUNC_ARG;
@@ -4875,7 +4877,7 @@ int wc_ecc_ctx_reset(ecEncCtx* ctx, RNG* rng)
 /* alloc/init and set defaults, return new Context  */
-ecEncCtx* wc_ecc_ctx_new(int flags, RNG* rng)
+ecEncCtx* wc_ecc_ctx_new(int flags, WC_RNG* rng)
 {
    int       ret = 0;
    ecEncCtx* ctx = (ecEncCtx*)XMALLOC(sizeof(ecEncCtx), 0, DYNAMIC_TYPE_ECC);
--- a/wolfcrypt/src/ed25519.c
+++ b/wolfcrypt/src/ed25519.c
@@ -32,6 +32,7 @@
 #include <wolfssl/wolfcrypt/ed25519.h>
 #include <wolfssl/wolfcrypt/error-crypt.h>
 #include <wolfssl/wolfcrypt/hash.h>
 #ifdef NO_INLINE
    #include <wolfssl/wolfcrypt/misc.h>
 #else
@@ -41,7 +42,7 @@
 /* generate an ed25519 key pair.
 * returns 0 on success
 */
-int wc_ed25519_make_key(RNG* rng, int keySz, ed25519_key* key)
+int wc_ed25519_make_key(WC_RNG* rng, int keySz, ed25519_key* key)
 {
    byte  az[ED25519_PRV_KEY_SIZE];
    int   ret;
@@ -111,6 +112,8 @@ int wc_ed25519_sign_msg(const byte* in, word32 inlen, byte* out,
    /* step 1: create nonce to use where nonce is r in
       r = H(h_b, ... ,h_2b-1,M) */
    ret = wc_Sha512Hash(key->k, ED25519_KEY_SIZE, az);
    if (ret != 0)
        return ret;
    /* apply clamp */
    az[0]  &= 248;
@@ -129,7 +132,7 @@ int wc_ed25519_sign_msg(const byte* in, word32 inlen, byte* out,
    ret = wc_Sha512Final(&sha, nonce);
    if (ret != 0)
        return ret;
-    
+
    sc_reduce(nonce);
    /* step 2: computing R = rB where rB is the scalar multiplication of
@@ -377,6 +380,7 @@ int wc_ed25519_export_private_only(ed25519_key* key, byte* out, word32* outLen)
    return 0;
 }
 /*
 export private key, including public part
 outLen should contain the size of out buffer when input. outLen is than set
--- a/wolfcrypt/src/error.c
+++ b/wolfcrypt/src/error.c
@@ -328,6 +328,15 @@ const char* wc_GetErrorString(int error)
    case ECC_PRIV_KEY_E:
        return " ECC private key is not valid error";
    case SRP_CALL_ORDER_E:
        return "SRP function called in the wrong order error";
    case SRP_VERIFY_E:
        return "SRP proof verification error";
    case SRP_BAD_KEY_E:
        return "SRP bad key values error";
    default:
        return "unknown error number";
--- a/wolfcrypt/src/hash.c
+++ b/wolfcrypt/src/hash.c
@@ -24,6 +24,8 @@
 #endif
 #include <wolfssl/wolfcrypt/settings.h>
 #include <wolfssl/wolfcrypt/logging.h>
 #include <wolfssl/wolfcrypt/error-crypt.h>
 #if !defined(WOLFSSL_TI_HASH)
@@ -55,8 +57,40 @@ int wc_ShaGetHash(Sha* sha, byte* hash)
 WOLFSSL_API void wc_ShaRestorePos(Sha* s1, Sha* s2) {
    *s1 = *s2 ;
 }
 int wc_ShaHash(const byte* data, word32 len, byte* hash)
 {
    int ret = 0;
 #ifdef WOLFSSL_SMALL_STACK
    Sha* sha;
 #else
    Sha sha[1];
 #endif
 #ifdef WOLFSSL_SMALL_STACK
    sha = (Sha*)XMALLOC(sizeof(Sha), NULL, DYNAMIC_TYPE_TMP_BUFFER);
    if (sha == NULL)
        return MEMORY_E;
 #endif
    if ((ret = wc_InitSha(sha)) != 0) {
        WOLFSSL_MSG("wc_InitSha failed");
    }
    else {
        wc_ShaUpdate(sha, data, len);
        wc_ShaFinal(sha, hash);
    }
 #ifdef WOLFSSL_SMALL_STACK
    XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
    return ret;
 }
 #endif /* !defined(NO_SHA) */
 #if !defined(NO_SHA256)
 int wc_Sha256GetHash(Sha256* sha256, byte* hash)
 {
@@ -70,7 +104,109 @@ int wc_Sha256GetHash(Sha256* sha256, byte* hash)
 WOLFSSL_API void wc_Sha256RestorePos(Sha256* s1, Sha256* s2) {
    *s1 = *s2 ;
 }
 int wc_Sha256Hash(const byte* data, word32 len, byte* hash)
 {
    int ret = 0;
 #ifdef WOLFSSL_SMALL_STACK
    Sha256* sha256;
 #else
    Sha256 sha256[1];
 #endif
 #ifdef WOLFSSL_SMALL_STACK
    sha256 = (Sha256*)XMALLOC(sizeof(Sha256), NULL, DYNAMIC_TYPE_TMP_BUFFER);
    if (sha256 == NULL)
        return MEMORY_E;
 #endif
    if ((ret = wc_InitSha256(sha256)) != 0) {
        WOLFSSL_MSG("InitSha256 failed");
    }
    else if ((ret = wc_Sha256Update(sha256, data, len)) != 0) {
        WOLFSSL_MSG("Sha256Update failed");
    }
    else if ((ret = wc_Sha256Final(sha256, hash)) != 0) {
        WOLFSSL_MSG("Sha256Final failed");
    }
 #ifdef WOLFSSL_SMALL_STACK
    XFREE(sha256, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
    return ret;
 }
 #endif /* !defined(NO_SHA256) */
 #if defined(WOLFSSL_SHA512)
 int wc_Sha512Hash(const byte* data, word32 len, byte* hash)
 {
    int ret = 0;
 #ifdef WOLFSSL_SMALL_STACK
    Sha512* sha512;
 #else
    Sha512 sha512[1];
 #endif
 #ifdef WOLFSSL_SMALL_STACK
    sha512 = (Sha512*)XMALLOC(sizeof(Sha512), NULL, DYNAMIC_TYPE_TMP_BUFFER);
    if (sha512 == NULL)
        return MEMORY_E;
 #endif
    if ((ret = wc_InitSha512(sha512)) != 0) {
        WOLFSSL_MSG("InitSha512 failed");
    }
    else if ((ret = wc_Sha512Update(sha512, data, len)) != 0) {
        WOLFSSL_MSG("Sha512Update failed");
    }
    else if ((ret = wc_Sha512Final(sha512, hash)) != 0) {
        WOLFSSL_MSG("Sha512Final failed");
    }
 #ifdef WOLFSSL_SMALL_STACK
    XFREE(sha512, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
    return ret;
 }
 #if defined(WOLFSSL_SHA384)
 int wc_Sha384Hash(const byte* data, word32 len, byte* hash)
 {
    int ret = 0;
 #ifdef WOLFSSL_SMALL_STACK
    Sha384* sha384;
 #else
    Sha384 sha384[1];
 #endif
 #ifdef WOLFSSL_SMALL_STACK
    sha384 = (Sha384*)XMALLOC(sizeof(Sha384), NULL, DYNAMIC_TYPE_TMP_BUFFER);
    if (sha384 == NULL)
        return MEMORY_E;
 #endif
    if ((ret = wc_InitSha384(sha384)) != 0) {
        WOLFSSL_MSG("InitSha384 failed");
    }
    else if ((ret = wc_Sha384Update(sha384, data, len)) != 0) {
        WOLFSSL_MSG("Sha384Update failed");
    }
    else if ((ret = wc_Sha384Final(sha384, hash)) != 0) {
        WOLFSSL_MSG("Sha384Final failed");
    }
 #ifdef WOLFSSL_SMALL_STACK
    XFREE(sha384, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
    return ret;
 }
 #endif /* defined(WOLFSSL_SHA384) */
 #endif /* defined(WOLFSSL_SHA512) */
 #endif /* !defined(WOLFSSL_TI_HASH) */
--- a/wolfcrypt/src/hmac.c
+++ b/wolfcrypt/src/hmac.c
@@ -134,31 +134,31 @@ static int InitHmac(Hmac* hmac, int type)
            ret = wc_InitSha(&hmac->hash.sha);
        break;
        #endif
-        
+
        #ifndef NO_SHA256
        case SHA256:
            ret = wc_InitSha256(&hmac->hash.sha256);
        break;
        #endif
-        
+
        #ifdef WOLFSSL_SHA384
        case SHA384:
            ret = wc_InitSha384(&hmac->hash.sha384);
        break;
        #endif
-        
+
        #ifdef WOLFSSL_SHA512
        case SHA512:
            ret = wc_InitSha512(&hmac->hash.sha512);
        break;
        #endif
-        
+
-        #ifdef HAVE_BLAKE2 
+        #ifdef HAVE_BLAKE2
        case BLAKE2B_ID:
            ret = wc_InitBlake2b(&hmac->hash.blake2b, BLAKE2B_256);
        break;
        #endif
-        
+
        default:
            return BAD_FUNC_ARG;
    }
@@ -287,7 +287,7 @@ int wc_HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length)
        break;
        #endif
-        #ifdef HAVE_BLAKE2 
+        #ifdef HAVE_BLAKE2
        case BLAKE2B_ID:
        {
            hmac_block_size = BLAKE2B_BLOCKBYTES;
@@ -367,7 +367,7 @@ static int HmacKeyInnerHash(Hmac* hmac)
        break;
        #endif
-        #ifdef HAVE_BLAKE2 
+        #ifdef HAVE_BLAKE2
        case BLAKE2B_ID:
            ret = wc_Blake2bUpdate(&hmac->hash.blake2b,
                                         (byte*) hmac->ipad,BLAKE2B_BLOCKBYTES);
@@ -438,7 +438,7 @@ int wc_HmacUpdate(Hmac* hmac, const byte* msg, word32 length)
        break;
        #endif
-        #ifdef HAVE_BLAKE2 
+        #ifdef HAVE_BLAKE2
        case BLAKE2B_ID:
            ret = wc_Blake2bUpdate(&hmac->hash.blake2b, msg, length);
            if (ret != 0)
@@ -570,7 +570,7 @@ int wc_HmacFinal(Hmac* hmac, byte* hash)
        break;
        #endif
-        #ifdef HAVE_BLAKE2 
+        #ifdef HAVE_BLAKE2
        case BLAKE2B_ID:
        {
            ret = wc_Blake2bFinal(&hmac->hash.blake2b, (byte*) hmac->innerHash,
@@ -622,7 +622,7 @@ int wc_HmacInitCavium(Hmac* hmac, int devId)
    hmac->devId   = devId;
    hmac->magic   = WOLFSSL_HMAC_CAVIUM_MAGIC;
    hmac->data    = NULL;        /* buffered input data */
-   
+
    hmac->innerHashKeyed = 0;
    return 0;
@@ -650,7 +650,7 @@ static void HmacCaviumFinal(Hmac* hmac, byte* hash)
                (byte*)hmac->ipad, hmac->dataLen, hmac->data, hash, &requestId,
                hmac->devId) != 0) {
        WOLFSSL_MSG("Cavium Hmac failed");
-    } 
+    }
    hmac->innerHashKeyed = 0;  /* tell update to start over if used again */
 }
@@ -685,7 +685,7 @@ static void HmacCaviumUpdate(Hmac* hmac, const byte* msg, word32 length)
    if (hmac->dataLen)
        XMEMCPY(tmp, hmac->data,  hmac->dataLen);
    XMEMCPY(tmp + hmac->dataLen, msg, add);
-        
+
    hmac->dataLen += add;
    XFREE(hmac->data, NULL, DYNAMIC_TYPE_CAVIUM_TMP);
    hmac->data = tmp;
@@ -751,31 +751,31 @@ static INLINE int GetHashSizeByType(int type)
            return SHA_DIGEST_SIZE;
        break;
        #endif
-        
+
        #ifndef NO_SHA256
        case SHA256:
            return SHA256_DIGEST_SIZE;
        break;
        #endif
-        
+
        #ifdef WOLFSSL_SHA384
        case SHA384:
            return SHA384_DIGEST_SIZE;
        break;
        #endif
-        
+
        #ifdef WOLFSSL_SHA512
        case SHA512:
            return SHA512_DIGEST_SIZE;
        break;
        #endif
-        
+
-        #ifdef HAVE_BLAKE2 
+        #ifdef HAVE_BLAKE2
        case BLAKE2B_ID:
            return BLAKE2B_OUTBYTES;
        break;
        #endif
-        
+
        default:
            return BAD_FUNC_ARG;
        break;
@@ -824,7 +824,7 @@ int wc_HKDF(int type, const byte* inKey, word32 inKeySz,
        localSalt = tmp;
        saltSz    = hashSz;
    }
-    
+
    do {
    ret = wc_HmacSetKey(&myHmac, type, localSalt, saltSz);
    if (ret != 0)
@@ -876,4 +876,3 @@ int wc_HKDF(int type, const byte* inKey, word32 inKeySz,
 #endif /* HAVE_FIPS */
 #endif /* NO_HMAC */
--- a/wolfcrypt/src/integer.c
+++ b/wolfcrypt/src/integer.c
@@ -47,7 +47,11 @@
 #ifdef SHOW_GEN
    #ifdef FREESCALE_MQX
-        #include <fio.h>
+        #if MQX_USE_IO_OLD
            #include <fio.h>
        #else
            #include <nio.h>
        #endif
    #else
        #include <stdio.h>
    #endif
@@ -4284,7 +4288,7 @@ static int mp_prime_is_divisible (mp_int * a, int *result)
 static const int USE_BBS = 1;
-int mp_rand_prime(mp_int* N, int len, RNG* rng, void* heap)
+int mp_rand_prime(mp_int* N, int len, WC_RNG* rng, void* heap)
 {
    int   err, res, type;
    byte* buf;
@@ -4535,12 +4539,14 @@ LBL_U:mp_clear (&v);
 #endif /* WOLFSSL_KEY_GEN */
-#ifdef HAVE_ECC
+#if defined(HAVE_ECC) || defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY)
 /* chars used in radix conversions */
 const char *mp_s_rmap = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ\
                         abcdefghijklmnopqrstuvwxyz+/";
 #endif
 #ifdef HAVE_ECC
 /* read a string [ASCII] in a given radix */
 int mp_read_radix (mp_int * a, const char *str, int radix)
 {
--- a/wolfcrypt/src/logging.c
+++ b/wolfcrypt/src/logging.c
@@ -90,7 +90,11 @@ void wolfSSL_Debugging_OFF(void)
 #ifdef DEBUG_WOLFSSL
 #ifdef FREESCALE_MQX
-    #include <fio.h>
+    #if MQX_USE_IO_OLD
        #include <fio.h>
    #else
        #include <nio.h>
    #endif
 #else
    #include <stdio.h>   /* for default printf stuff */
 #endif
--- a/wolfcrypt/src/pkcs7.c
+++ b/wolfcrypt/src/pkcs7.c
@@ -945,7 +945,7 @@ int wc_PKCS7_VerifySignedData(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz)
 /* create ASN.1 fomatted RecipientInfo structure, returns sequence size */
 WOLFSSL_LOCAL int wc_CreateRecipientInfo(const byte* cert, word32 certSz,
                                     int keyEncAlgo, int blockKeySz,
-                                     RNG* rng, byte* contentKeyPlain,
+                                     WC_RNG* rng, byte* contentKeyPlain,
                                     byte* contentKeyEnc,
                                     int* keyEncSz, byte* out, word32 outSz)
 {
@@ -1178,7 +1178,7 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz)
    byte envDataSeq[MAX_SEQ_SZ];
    byte ver[MAX_VERSION_SZ];
-    RNG rng;
+    WC_RNG rng;
    int contentKeyEncSz, blockKeySz;
    byte contentKeyPlain[MAX_CONTENT_KEY_LEN];
 #ifdef WOLFSSL_SMALL_STACK
--- a/wolfcrypt/src/random.c
+++ b/wolfcrypt/src/random.c
@@ -39,33 +39,33 @@ int wc_GenerateSeed(OS_Seed* os, byte* seed, word32 sz)
 }
 #ifdef HAVE_CAVIUM
-    int  wc_InitRngCavium(RNG* rng, int i)
+    int  wc_InitRngCavium(WC_RNG* rng, int i)
    {
        return InitRngCavium(rng, i);
    }
 #endif
-int  wc_InitRng(RNG* rng)
+int  wc_InitRng(WC_RNG* rng)
 {
    return InitRng_fips(rng);
 }
-int  wc_RNG_GenerateBlock(RNG* rng, byte* b, word32 sz)
+int  wc_RNG_GenerateBlock(WC_RNG* rng, byte* b, word32 sz)
 {
    return RNG_GenerateBlock_fips(rng, b, sz);
 }
-int  wc_RNG_GenerateByte(RNG* rng, byte* b)
+int  wc_RNG_GenerateByte(WC_RNG* rng, byte* b)
 {
    return RNG_GenerateByte(rng, b);
 }
 #if defined(HAVE_HASHDRBG) || defined(NO_RC4)
-    int wc_FreeRng(RNG* rng)
+    int wc_FreeRng(WC_RNG* rng)
    {
        return FreeRng_fips(rng);
    }
@@ -434,7 +434,7 @@ static int Hash_DRBG_Uninstantiate(DRBG* drbg)
 /* Get seed and key cipher */
-int wc_InitRng(RNG* rng)
+int wc_InitRng(WC_RNG* rng)
 {
    int ret = BAD_FUNC_ARG;
@@ -487,7 +487,7 @@ int wc_InitRng(RNG* rng)
 /* place a generated block in output */
-int wc_RNG_GenerateBlock(RNG* rng, byte* output, word32 sz)
+int wc_RNG_GenerateBlock(WC_RNG* rng, byte* output, word32 sz)
 {
    int ret;
@@ -536,13 +536,13 @@ int wc_RNG_GenerateBlock(RNG* rng, byte* output, word32 sz)
 }
-int wc_RNG_GenerateByte(RNG* rng, byte* b)
+int wc_RNG_GenerateByte(WC_RNG* rng, byte* b)
 {
    return wc_RNG_GenerateBlock(rng, b, 1);
 }
-int wc_FreeRng(RNG* rng)
+int wc_FreeRng(WC_RNG* rng)
 {
    int ret = BAD_FUNC_ARG;
@@ -687,7 +687,7 @@ static int wc_RNG_HealthTestLocal(int reseed)
 #else /* HAVE_HASHDRBG || NO_RC4 */
 /* Get seed and key cipher */
-int wc_InitRng(RNG* rng)
+int wc_InitRng(WC_RNG* rng)
 {
    int  ret;
 #ifdef WOLFSSL_SMALL_STACK
@@ -736,11 +736,11 @@ int wc_InitRng(RNG* rng)
 }
 #ifdef HAVE_CAVIUM
-    static void CaviumRNG_GenerateBlock(RNG* rng, byte* output, word32 sz);
+    static void CaviumRNG_GenerateBlock(WC_RNG* rng, byte* output, word32 sz);
 #endif
 /* place a generated block in output */
-int wc_RNG_GenerateBlock(RNG* rng, byte* output, word32 sz)
+int wc_RNG_GenerateBlock(WC_RNG* rng, byte* output, word32 sz)
 {
 #ifdef HAVE_INTEL_RDGEN
    if(IS_INTEL_RDRAND)
@@ -757,13 +757,13 @@ int wc_RNG_GenerateBlock(RNG* rng, byte* output, word32 sz)
 }
-int wc_RNG_GenerateByte(RNG* rng, byte* b)
+int wc_RNG_GenerateByte(WC_RNG* rng, byte* b)
 {
    return wc_RNG_GenerateBlock(rng, b, 1);
 }
-int wc_FreeRng(RNG* rng)
+int wc_FreeRng(WC_RNG* rng)
 {
    (void)rng;
    return 0;
@@ -776,7 +776,7 @@ int wc_FreeRng(RNG* rng)
 #include "cavium_common.h"
 /* Initiliaze RNG for use with Nitrox device */
-int wc_InitRngCavium(RNG* rng, int devId)
+int wc_InitRngCavium(WC_RNG* rng, int devId)
 {
    if (rng == NULL)
        return -1;
@@ -788,7 +788,7 @@ int wc_InitRngCavium(RNG* rng, int devId)
 }
-static void CaviumRNG_GenerateBlock(RNG* rng, byte* output, word32 sz)
+static void CaviumRNG_GenerateBlock(WC_RNG* rng, byte* output, word32 sz)
 {
    wolfssl_word offset = 0;
    word32      requestId;
@@ -1017,18 +1017,6 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
    return 0;
 }
 #elif defined(MBED)
 /* write a real one !!!, just for testing board */
 int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
 {
    int i;
    for (i = 0; i < sz; i++ )
        output[i] = i;
    return 0;
 }
 #elif defined(MICROCHIP_PIC32)
 #ifdef MICROCHIP_MPLAB_HARMONY
@@ -1225,7 +1213,7 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
        return 0;
    }
-#elif defined(WOLFSSL_LPC43xx) || defined(WOLFSSL_STM32F2xx)
+#elif defined(WOLFSSL_LPC43xx) || defined(WOLFSSL_STM32F2xx) || defined(MBED)
    #warning "write a real random seed!!!!, just for testing now"
--- a/wolfcrypt/src/rsa.c
+++ b/wolfcrypt/src/rsa.c
@@ -43,7 +43,7 @@ int  wc_FreeRsaKey(RsaKey* key)
 int  wc_RsaPublicEncrypt(const byte* in, word32 inLen, byte* out,
-                                 word32 outLen, RsaKey* key, RNG* rng)
+                                 word32 outLen, RsaKey* key, WC_RNG* rng)
 {
    return RsaPublicEncrypt_fips(in, inLen, out, outLen, key, rng);
 }
@@ -64,7 +64,7 @@ int  wc_RsaPrivateDecrypt(const byte* in, word32 inLen, byte* out,
 int  wc_RsaSSL_Sign(const byte* in, word32 inLen, byte* out,
-                            word32 outLen, RsaKey* key, RNG* rng)
+                            word32 outLen, RsaKey* key, WC_RNG* rng)
 {
    return RsaSSL_Sign_fips(in, inLen, out, outLen, key, rng);
 }
@@ -96,7 +96,7 @@ int wc_RsaFlattenPublicKey(RsaKey* key, byte* a, word32* aSz, byte* b,
    return RsaFlattenPublicKey(key, a, aSz, b, bSz);
 }
 #ifdef WOLFSSL_KEY_GEN
-    int wc_MakeRsaKey(RsaKey* key, int size, long e, RNG* rng)
+    int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng)
    {
        return MakeRsaKey(key, size, e, rng);
    }
@@ -144,6 +144,22 @@ int wc_RsaFlattenPublicKey(RsaKey* key, byte* a, word32* aSz, byte* b,
                                    word32 outLen, RsaKey* key);
 #endif
 enum {
    RSA_PUBLIC_ENCRYPT  = 0,
    RSA_PUBLIC_DECRYPT  = 1,
    RSA_PRIVATE_ENCRYPT = 2,
    RSA_PRIVATE_DECRYPT = 3,
    RSA_BLOCK_TYPE_1 = 1,
    RSA_BLOCK_TYPE_2 = 2,
    RSA_MIN_SIZE = 512,
    RSA_MAX_SIZE = 4096,
    RSA_MIN_PAD_SZ   = 11      /* seperator + 0 + pad value + 8 pads */
 };
 int wc_InitRsaKey(RsaKey* key, void* heap)
 {
 #ifdef HAVE_CAVIUM
@@ -203,7 +219,7 @@ int wc_FreeRsaKey(RsaKey* key)
 }
 static int wc_RsaPad(const byte* input, word32 inputLen, byte* pkcsBlock,
-                   word32 pkcsBlockLen, byte padValue, RNG* rng)
+                   word32 pkcsBlockLen, byte padValue, WC_RNG* rng)
 {
    if (inputLen == 0)
        return 0;
@@ -375,7 +391,7 @@ done:
 int wc_RsaPublicEncrypt(const byte* in, word32 inLen, byte* out, word32 outLen,
-                     RsaKey* key, RNG* rng)
+                     RsaKey* key, WC_RNG* rng)
 {
    int sz, ret;
@@ -521,7 +537,7 @@ int wc_RsaSSL_Verify(const byte* in, word32 inLen, byte* out, word32 outLen,
 /* for Rsa Sign */
 int wc_RsaSSL_Sign(const byte* in, word32 inLen, byte* out, word32 outLen,
-                      RsaKey* key, RNG* rng)
+                      RsaKey* key, WC_RNG* rng)
 {
    int sz, ret;
@@ -588,7 +604,7 @@ int wc_RsaFlattenPublicKey(RsaKey* key, byte* e, word32* eSz, byte* n,
 #ifdef WOLFSSL_KEY_GEN
 /* Make an RSA key for size bits, with e specified, 65537 is a good e */
-int wc_MakeRsaKey(RsaKey* key, int size, long e, RNG* rng)
+int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng)
 {
    mp_int p, q, tmp1, tmp2, tmp3;
    int    err;
--- a/wolfcrypt/src/sha.c
+++ b/wolfcrypt/src/sha.c
@@ -57,11 +57,6 @@
 	    return ShaFinal_fips(sha,out);
    }
    int wc_ShaHash(const byte* data, word32 sz, byte* out)
    {
        return ShaHash(data, sz, out);
    }
 #else /* else build without fips */
 #if defined(WOLFSSL_TI_HASH)
@@ -421,36 +416,6 @@ int wc_ShaFinal(Sha* sha, byte* hash)
 #endif /* STM32F2_HASH */
 int wc_ShaHash(const byte* data, word32 len, byte* hash)
 {
    int ret = 0;
 #ifdef WOLFSSL_SMALL_STACK
    Sha* sha;
 #else
    Sha sha[1];
 #endif
 #ifdef WOLFSSL_SMALL_STACK
    sha = (Sha*)XMALLOC(sizeof(Sha), NULL, DYNAMIC_TYPE_TMP_BUFFER);
    if (sha == NULL)
        return MEMORY_E;
 #endif
    if ((ret = wc_InitSha(sha)) != 0) {
        WOLFSSL_MSG("wc_InitSha failed");
    }
    else {
        wc_ShaUpdate(sha, data, len);
        wc_ShaFinal(sha, hash);
    }
 #ifdef WOLFSSL_SMALL_STACK
    XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
    return ret;
 }
 #endif /* HAVE_FIPS */
 #endif /* WOLFSSL_TI_HASH */
--- a/wolfcrypt/src/sha256.c
+++ b/wolfcrypt/src/sha256.c
@@ -49,11 +49,6 @@ int wc_Sha256Final(Sha256* sha, byte* out)
 }
 int wc_Sha256Hash(const byte* data, word32 len, byte* out)
 {
    return Sha256Hash(data, len, out);
 }
 #else /* else build without fips */
 #if !defined(NO_SHA256) && defined(WOLFSSL_TI_HASH)
@@ -545,37 +540,6 @@ int wc_Sha256Final(Sha256* sha256, byte* hash)
 int wc_Sha256Hash(const byte* data, word32 len, byte* hash)
 {
    int ret = 0;
 #ifdef WOLFSSL_SMALL_STACK
    Sha256* sha256;
 #else
    Sha256 sha256[1];
 #endif
 #ifdef WOLFSSL_SMALL_STACK
    sha256 = (Sha256*)XMALLOC(sizeof(Sha256), NULL, DYNAMIC_TYPE_TMP_BUFFER);
    if (sha256 == NULL)
        return MEMORY_E;
 #endif
    if ((ret = wc_InitSha256(sha256)) != 0) {
        WOLFSSL_MSG("InitSha256 failed");
    }
    else if ((ret = wc_Sha256Update(sha256, data, len)) != 0) {
        WOLFSSL_MSG("Sha256Update failed");
    }
    else if ((ret = wc_Sha256Final(sha256, hash)) != 0) {
        WOLFSSL_MSG("Sha256Final failed");
    }
 #ifdef WOLFSSL_SMALL_STACK
    XFREE(sha256, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
    return ret;
 }
 #if defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)
--- a/wolfcrypt/src/sha512.c
+++ b/wolfcrypt/src/sha512.c
@@ -47,11 +47,6 @@ int wc_Sha512Final(Sha512* sha, byte* out)
 }
 int wc_Sha512Hash(const byte* data, word32 len, byte* out)
 {
    return Sha512Hash(data, len, out);
 }
 #if defined(WOLFSSL_SHA384) || defined(HAVE_AESGCM)
 int wc_InitSha384(Sha384* sha)
@@ -72,10 +67,6 @@ int wc_Sha384Final(Sha384* sha, byte* out)
 }
 int wc_Sha384Hash(const byte* data, word32 len, byte* out)
 {
    return Sha384Hash(data, len, out);
 }
 #endif /* WOLFSSL_SHA384 */
 #else /* else build without using fips */
 #include <wolfssl/wolfcrypt/logging.h>
@@ -609,37 +600,6 @@ int wc_Sha512Final(Sha512* sha512, byte* hash)
 }
 int wc_Sha512Hash(const byte* data, word32 len, byte* hash)
 {
    int ret = 0;
 #ifdef WOLFSSL_SMALL_STACK
    Sha512* sha512;
 #else
    Sha512 sha512[1];
 #endif
 #ifdef WOLFSSL_SMALL_STACK
    sha512 = (Sha512*)XMALLOC(sizeof(Sha512), NULL, DYNAMIC_TYPE_TMP_BUFFER);
    if (sha512 == NULL)
        return MEMORY_E;
 #endif
    if ((ret = wc_InitSha512(sha512)) != 0) {
        WOLFSSL_MSG("InitSha512 failed");
    }
    else if ((ret = wc_Sha512Update(sha512, data, len)) != 0) {
        WOLFSSL_MSG("Sha512Update failed");
    }
    else if ((ret = wc_Sha512Final(sha512, hash)) != 0) {
        WOLFSSL_MSG("Sha512Final failed");
    }
 #ifdef WOLFSSL_SMALL_STACK
    XFREE(sha512, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
    return ret;
 }
 #if defined(HAVE_INTEL_AVX1)
@@ -1563,37 +1523,6 @@ int wc_Sha384Final(Sha384* sha384, byte* hash)
 }
 int wc_Sha384Hash(const byte* data, word32 len, byte* hash)
 {
    int ret = 0;
 #ifdef WOLFSSL_SMALL_STACK
    Sha384* sha384;
 #else
    Sha384 sha384[1];
 #endif
 #ifdef WOLFSSL_SMALL_STACK
    sha384 = (Sha384*)XMALLOC(sizeof(Sha384), NULL, DYNAMIC_TYPE_TMP_BUFFER);
    if (sha384 == NULL)
        return MEMORY_E;
 #endif
    if ((ret = wc_InitSha384(sha384)) != 0) {
        WOLFSSL_MSG("InitSha384 failed");
    }
    else if ((ret = wc_Sha384Update(sha384, data, len)) != 0) {
        WOLFSSL_MSG("Sha384Update failed");
    }
    else if ((ret = wc_Sha384Final(sha384, hash)) != 0) {
        WOLFSSL_MSG("Sha384Final failed");
    }
 #ifdef WOLFSSL_SMALL_STACK
    XFREE(sha384, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
    return ret;
 }
 #if defined(HAVE_INTEL_AVX1)
--- a/wolfcrypt/src/srp.c
+++ b/wolfcrypt/src/srp.c
@@ -0,0 +1,677 @@
 /* srp.c
 *
 * Copyright (C) 2006-2015 wolfSSL Inc.
 *
 * This file is part of wolfSSL. (formerly known as CyaSSL)
 *
 * wolfSSL is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * wolfSSL is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
 */
 #ifdef HAVE_CONFIG_H
    #include <config.h>
 #endif
 #include <wolfssl/wolfcrypt/settings.h>
 #ifdef WOLFCRYPT_HAVE_SRP
 #include <wolfssl/wolfcrypt/srp.h>
 #include <wolfssl/wolfcrypt/random.h>
 #include <wolfssl/wolfcrypt/error-crypt.h>
 #ifdef NO_INLINE
    #include <wolfssl/wolfcrypt/misc.h>
 #else
    #include <wolfcrypt/src/misc.c>
 #endif
 /** Computes the session key using the Mask Generation Function 1. */
 static int wc_SrpSetKey(Srp* srp, byte* secret, word32 size);
 static int SrpHashInit(SrpHash* hash, SrpType type)
 {
    hash->type = type;
    switch (type) {
    #ifndef NO_SHA
        case SRP_TYPE_SHA:
            return wc_InitSha(&hash->data.sha);
    #endif
    #ifndef NO_SHA256
        case SRP_TYPE_SHA256:
            return wc_InitSha256(&hash->data.sha256);
    #endif
    #ifdef WOLFSSL_SHA384
        case SRP_TYPE_SHA384:
            return wc_InitSha384(&hash->data.sha384);
    #endif
    #ifdef WOLFSSL_SHA512
        case SRP_TYPE_SHA512:
            return wc_InitSha512(&hash->data.sha512);
    #endif
        default:
            return BAD_FUNC_ARG;
    }
 }
 static int SrpHashUpdate(SrpHash* hash, const byte* data, word32 size)
 {
    switch (hash->type) {
    #ifndef NO_SHA
        case SRP_TYPE_SHA:
            return wc_ShaUpdate(&hash->data.sha, data, size);
    #endif
    #ifndef NO_SHA256
        case SRP_TYPE_SHA256:
            return wc_Sha256Update(&hash->data.sha256, data, size);
    #endif
    #ifdef WOLFSSL_SHA384
        case SRP_TYPE_SHA384:
            return wc_Sha384Update(&hash->data.sha384, data, size);
    #endif
    #ifdef WOLFSSL_SHA512
        case SRP_TYPE_SHA512:
            return wc_Sha512Update(&hash->data.sha512, data, size);
    #endif
        default:
            return BAD_FUNC_ARG;
    }
 }
 static int SrpHashFinal(SrpHash* hash, byte* digest)
 {
    switch (hash->type) {
    #ifndef NO_SHA
        case SRP_TYPE_SHA:
            return wc_ShaFinal(&hash->data.sha, digest);
    #endif
    #ifndef NO_SHA256
        case SRP_TYPE_SHA256:
            return wc_Sha256Final(&hash->data.sha256, digest);
    #endif
    #ifdef WOLFSSL_SHA384
        case SRP_TYPE_SHA384:
            return wc_Sha384Final(&hash->data.sha384, digest);
    #endif
    #ifdef WOLFSSL_SHA512
        case SRP_TYPE_SHA512:
            return wc_Sha512Final(&hash->data.sha512, digest);
    #endif
        default:
            return BAD_FUNC_ARG;
    }
 }
 static word32 SrpHashSize(SrpType type)
 {
    switch (type) {
    #ifndef NO_SHA
        case SRP_TYPE_SHA:
            return SHA_DIGEST_SIZE;
    #endif
    #ifndef NO_SHA256
        case SRP_TYPE_SHA256:
            return SHA256_DIGEST_SIZE;
    #endif
    #ifdef WOLFSSL_SHA384
        case SRP_TYPE_SHA384:
            return SHA384_DIGEST_SIZE;
    #endif
    #ifdef WOLFSSL_SHA512
        case SRP_TYPE_SHA512:
            return SHA512_DIGEST_SIZE;
    #endif
        default:
            return 0;
    }
 }
 int wc_SrpInit(Srp* srp, SrpType type, SrpSide side)
 {
    int r;
    /* validating params */
    if (!srp)
        return BAD_FUNC_ARG;
    if (side != SRP_CLIENT_SIDE && side != SRP_SERVER_SIDE)
        return BAD_FUNC_ARG;
    if (type != SRP_TYPE_SHA    && type != SRP_TYPE_SHA256 &&
        type != SRP_TYPE_SHA384 && type != SRP_TYPE_SHA512)
        return BAD_FUNC_ARG;
    /* initializing variables */
    XMEMSET(srp, 0, sizeof(Srp));
    if ((r = SrpHashInit(&srp->client_proof, type)) != 0)
        return r;
    if ((r = SrpHashInit(&srp->server_proof, type)) != 0)
        return r;
    if ((r = mp_init_multi(&srp->N,    &srp->g, &srp->auth,
                           &srp->priv, 0, 0)) != 0)
        return r;
    srp->side = side;    srp->type   = type;
    srp->salt = NULL;    srp->saltSz = 0;
    srp->user = NULL;    srp->userSz = 0;
    srp->key  = NULL;    srp->keySz  = 0;
    srp->keyGenFunc_cb = wc_SrpSetKey;
    return 0;
 }
 void wc_SrpTerm(Srp* srp)
 {
    if (srp) {
        mp_clear(&srp->N);    mp_clear(&srp->g);
        mp_clear(&srp->auth); mp_clear(&srp->priv);
        ForceZero(srp->salt, srp->saltSz);
        XFREE(srp->salt, NULL, DYNAMIC_TYPE_SRP);
        ForceZero(srp->user, srp->userSz);
        XFREE(srp->user, NULL, DYNAMIC_TYPE_SRP);
        ForceZero(srp->key, srp->keySz);
        XFREE(srp->key, NULL, DYNAMIC_TYPE_SRP);
        ForceZero(srp, sizeof(Srp));
    }
 }
 int wc_SrpSetUsername(Srp* srp, const byte* username, word32 size)
 {
    if (!srp || !username)
        return BAD_FUNC_ARG;
    srp->user = (byte*)XMALLOC(size, NULL, DYNAMIC_TYPE_SRP);
    if (srp->user == NULL)
        return MEMORY_E;
    srp->userSz = size;
    XMEMCPY(srp->user, username, srp->userSz);
    return 0;
 }
 int wc_SrpSetParams(Srp* srp, const byte* N,    word32 nSz,
                              const byte* g,    word32 gSz,
                              const byte* salt, word32 saltSz)
 {
    SrpHash hash;
    byte digest1[SRP_MAX_DIGEST_SIZE];
    byte digest2[SRP_MAX_DIGEST_SIZE];
    byte pad = 0;
    int i, j, r;
    if (!srp || !N || !g || !salt || nSz < gSz)
        return BAD_FUNC_ARG;
    if (!srp->user)
        return SRP_CALL_ORDER_E;
    /* Set N */
    if (mp_read_unsigned_bin(&srp->N, N, nSz) != MP_OKAY)
        return MP_READ_E;
    if (mp_count_bits(&srp->N) < SRP_DEFAULT_MIN_BITS)
        return BAD_FUNC_ARG;
    /* Set g */
    if (mp_read_unsigned_bin(&srp->g, g, gSz) != MP_OKAY)
        return MP_READ_E;
    if (mp_cmp(&srp->N, &srp->g) != MP_GT)
        return BAD_FUNC_ARG;
    /* Set salt */
    if (srp->salt) {
        ForceZero(srp->salt, srp->saltSz);
        XFREE(srp->salt, NULL, DYNAMIC_TYPE_SRP);
    }
    srp->salt = (byte*)XMALLOC(saltSz, NULL, DYNAMIC_TYPE_SRP);
    if (srp->salt == NULL)
        return MEMORY_E;
    XMEMCPY(srp->salt, salt, saltSz);
    srp->saltSz = saltSz;
    /* Set k = H(N, g) */
            r = SrpHashInit(&hash, srp->type);
    if (!r) r = SrpHashUpdate(&hash, (byte*) N, nSz);
    for (i = 0; (word32)i < nSz - gSz; i++)
        SrpHashUpdate(&hash, &pad, 1);
    if (!r) r = SrpHashUpdate(&hash, (byte*) g, gSz);
    if (!r) r = SrpHashFinal(&hash, srp->k);
    /* update client proof */
    /* digest1 = H(N) */
    if (!r) r = SrpHashInit(&hash, srp->type);
    if (!r) r = SrpHashUpdate(&hash, (byte*) N, nSz);
    if (!r) r = SrpHashFinal(&hash, digest1);
    /* digest2 = H(g) */
    if (!r) r = SrpHashInit(&hash, srp->type);
    if (!r) r = SrpHashUpdate(&hash, (byte*) g, gSz);
    if (!r) r = SrpHashFinal(&hash, digest2);
    /* digest1 = H(N) ^ H(g) */
    if (r == 0) {
        for (i = 0, j = SrpHashSize(srp->type); i < j; i++)
            digest1[i] ^= digest2[i];
    }
    /* digest2 = H(user) */
    if (!r) r = SrpHashInit(&hash, srp->type);
    if (!r) r = SrpHashUpdate(&hash, srp->user, srp->userSz);
    if (!r) r = SrpHashFinal(&hash, digest2);
    /* client proof = H( H(N) ^ H(g) | H(user) | salt) */
    if (!r) r = SrpHashUpdate(&srp->client_proof, digest1, j);
    if (!r) r = SrpHashUpdate(&srp->client_proof, digest2, j);
    if (!r) r = SrpHashUpdate(&srp->client_proof, salt, saltSz);
    return r;
 }
 int wc_SrpSetPassword(Srp* srp, const byte* password, word32 size)
 {
    SrpHash hash;
    byte digest[SRP_MAX_DIGEST_SIZE];
    word32 digestSz;
    int r;
    if (!srp || !password || srp->side != SRP_CLIENT_SIDE)
        return BAD_FUNC_ARG;
    if (!srp->salt)
        return SRP_CALL_ORDER_E;
    digestSz = SrpHashSize(srp->type);
    /* digest = H(username | ':' | password) */
            r = SrpHashInit(&hash, srp->type);
    if (!r) r = SrpHashUpdate(&hash, srp->user, srp->userSz);
    if (!r) r = SrpHashUpdate(&hash, (const byte*) ":", 1);
    if (!r) r = SrpHashUpdate(&hash, password, size);
    if (!r) r = SrpHashFinal(&hash, digest);
    /* digest = H(salt | H(username | ':' | password)) */
    if (!r) r = SrpHashInit(&hash, srp->type);
    if (!r) r = SrpHashUpdate(&hash, srp->salt, srp->saltSz);
    if (!r) r = SrpHashUpdate(&hash, digest, digestSz);
    if (!r) r = SrpHashFinal(&hash, digest);
    /* Set x (private key) */
    if (!r) r = mp_read_unsigned_bin(&srp->auth, digest, digestSz);
    ForceZero(digest, SRP_MAX_DIGEST_SIZE);
    return r;
 }
 int wc_SrpGetVerifier(Srp* srp, byte* verifier, word32* size)
 {
    mp_int v;
    int r;
    if (!srp || !verifier || !size || srp->side != SRP_CLIENT_SIDE)
        return BAD_FUNC_ARG;
    if (mp_iszero(&srp->auth))
        return SRP_CALL_ORDER_E;
    r = mp_init(&v);
    if (r != MP_OKAY)
        return MP_INIT_E;
    /* v = g ^ x % N */
    if (!r) r = mp_exptmod(&srp->g, &srp->auth, &srp->N, &v);
    if (!r) r = *size < (word32)mp_unsigned_bin_size(&v) ? BUFFER_E : MP_OKAY;
    if (!r) r = mp_to_unsigned_bin(&v, verifier);
    if (!r) *size = mp_unsigned_bin_size(&v);
    mp_clear(&v);
    return r;
 }
 int wc_SrpSetVerifier(Srp* srp, const byte* verifier, word32 size)
 {
    if (!srp || !verifier || srp->side != SRP_SERVER_SIDE)
        return BAD_FUNC_ARG;
    return mp_read_unsigned_bin(&srp->auth, verifier, size);
 }
 int wc_SrpSetPrivate(Srp* srp, const byte* private, word32 size)
 {
    mp_int p;
    int r;
    if (!srp || !private || !size)
        return BAD_FUNC_ARG;
    if (mp_iszero(&srp->auth))
        return SRP_CALL_ORDER_E;
    r = mp_init(&p);
    if (r != MP_OKAY)
        return MP_INIT_E;
    if (!r) r = mp_read_unsigned_bin(&p, private, size);
    if (!r) r = mp_mod(&p, &srp->N, &srp->priv);
    if (!r) r = mp_iszero(&srp->priv) ? SRP_BAD_KEY_E : 0;
    mp_clear(&p);
    return r;
 }
 /** Generates random data using wolfcrypt RNG. */
 static int wc_SrpGenPrivate(Srp* srp, byte* private, word32 size)
 {
    WC_RNG rng;
    int r = wc_InitRng(&rng);
    if (!r) r = wc_RNG_GenerateBlock(&rng, private, size);
    if (!r) r = wc_SrpSetPrivate(srp, private, size);
    if (!r) wc_FreeRng(&rng);
    return r;
 }
 int wc_SrpGetPublic(Srp* srp, byte* public, word32* size)
 {
    mp_int pubkey;
    word32 modulusSz;
    int r;
    if (!srp || !public || !size)
        return BAD_FUNC_ARG;
    if (mp_iszero(&srp->auth))
        return SRP_CALL_ORDER_E;
    modulusSz = mp_unsigned_bin_size(&srp->N);
    if (*size < modulusSz)
        return BUFFER_E;
    r = mp_init(&pubkey);
    if (r != MP_OKAY)
        return MP_INIT_E;
    /* priv = random() */
    if (mp_iszero(&srp->priv))
        r = wc_SrpGenPrivate(srp, public, modulusSz);
    /* client side: A = g ^ a % N */
    if (srp->side == SRP_CLIENT_SIDE) {
        if (!r) r = mp_exptmod(&srp->g, &srp->priv, &srp->N, &pubkey);
    /* server side: B = (k * v + (g ^ b % N)) % N */
    } else {
        mp_int i, j;
        if (mp_init_multi(&i, &j, 0, 0, 0, 0) == MP_OKAY) {
            if (!r) r = mp_read_unsigned_bin(&i, srp->k,SrpHashSize(srp->type));
            if (!r) r = mp_iszero(&i) ? SRP_BAD_KEY_E : 0;
            if (!r) r = mp_exptmod(&srp->g, &srp->priv, &srp->N, &pubkey);
            if (!r) r = mp_mulmod(&i, &srp->auth, &srp->N, &j);
            if (!r) r = mp_add(&j, &pubkey, &i);
            if (!r) r = mp_mod(&i, &srp->N, &pubkey);
            mp_clear(&i); mp_clear(&j);
        }
    }
    /* extract public key to buffer */
    XMEMSET(public, 0, modulusSz);
    if (!r) r = mp_to_unsigned_bin(&pubkey, public);
    if (!r) *size = mp_unsigned_bin_size(&pubkey);
    mp_clear(&pubkey);
    return r;
 }
 static int wc_SrpSetKey(Srp* srp, byte* secret, word32 size)
 {
    SrpHash hash;
    byte digest[SRP_MAX_DIGEST_SIZE];
    word32 i, j, digestSz = SrpHashSize(srp->type);
    byte counter[4];
    int r = BAD_FUNC_ARG;
    srp->key = (byte*)XMALLOC(2 * digestSz, NULL, DYNAMIC_TYPE_SRP);
    if (srp->key == NULL)
        return MEMORY_E;
    srp->keySz = 2 * digestSz;
    for (i = j = 0; j < srp->keySz; i++) {
        counter[0] = (i >> 24) & 0xFF;
        counter[1] = (i >> 16) & 0xFF;
        counter[2] = (i >>  8) & 0xFF;
        counter[3] =  i        & 0xFF;
        r = SrpHashInit(&hash, srp->type);
        if (!r) r = SrpHashUpdate(&hash, secret, size);
        if (!r) r = SrpHashUpdate(&hash, counter, 4);
        if(j + digestSz > srp->keySz) {
            if (!r) r = SrpHashFinal(&hash, digest);
            XMEMCPY(srp->key + j, digest, srp->keySz - j);
            j = srp->keySz;
        }
        else {
            if (!r) r = SrpHashFinal(&hash, srp->key + j);
            j += digestSz;
        }
    }
    ForceZero(digest, sizeof(digest));
    ForceZero(&hash, sizeof(SrpHash));
    return r;
 }
 int wc_SrpComputeKey(Srp* srp, byte* clientPubKey, word32 clientPubKeySz,
                               byte* serverPubKey, word32 serverPubKeySz)
 {
    SrpHash hash;
    byte *secret;
    byte digest[SRP_MAX_DIGEST_SIZE];
    word32 i, secretSz, digestSz;
    mp_int u, s, temp1, temp2;
    byte pad = 0;
    int r;
    /* validating params */
    if (!srp || !clientPubKey || clientPubKeySz == 0
             || !serverPubKey || serverPubKeySz == 0)
        return BAD_FUNC_ARG;
    if (mp_iszero(&srp->priv))
        return SRP_CALL_ORDER_E;
    /* initializing variables */
    if ((r = SrpHashInit(&hash, srp->type)) != 0)
        return r;
    digestSz = SrpHashSize(srp->type);
    secretSz = mp_unsigned_bin_size(&srp->N);
    if ((secret = (byte*)XMALLOC(secretSz, NULL, DYNAMIC_TYPE_SRP)) == NULL)
        return MEMORY_E;
    if ((r = mp_init_multi(&u, &s, &temp1, &temp2, 0, 0)) != MP_OKAY) {
        XFREE(secret, NULL, DYNAMIC_TYPE_SRP);
        return r;
    }
    /* building u (random scrambling parameeter) */
    /* H(A) */
    for (i = 0; !r && i < secretSz - clientPubKeySz; i++)
        r = SrpHashUpdate(&hash, &pad, 1);
    if (!r) r = SrpHashUpdate(&hash, clientPubKey, clientPubKeySz);
    /* H(A | B) */
    for (i = 0; !r && i < secretSz - serverPubKeySz; i++)
        r = SrpHashUpdate(&hash, &pad, 1);
    if (!r) r = SrpHashUpdate(&hash, serverPubKey, serverPubKeySz);
    /* set u */
    if (!r) r = SrpHashFinal(&hash, digest);
    if (!r) r = mp_read_unsigned_bin(&u, digest, SrpHashSize(srp->type));
    /* building s (secret) */
    if (!r && srp->side == SRP_CLIENT_SIDE) {
        /* temp1 = B - k * v; rejects k == 0, B == 0 and B >= N. */
        r = mp_read_unsigned_bin(&temp1, srp->k, digestSz);
        if (!r) r = mp_iszero(&temp1) ? SRP_BAD_KEY_E : 0;
        if (!r) r = mp_exptmod(&srp->g, &srp->auth, &srp->N, &temp2);
        if (!r) r = mp_mulmod(&temp1, &temp2, &srp->N, &s);
        if (!r) r = mp_read_unsigned_bin(&temp2, serverPubKey, serverPubKeySz);
        if (!r) r = mp_iszero(&temp2) ? SRP_BAD_KEY_E : 0;
        if (!r) r = mp_cmp(&temp2, &srp->N) != MP_LT ? SRP_BAD_KEY_E : 0;
        if (!r) r = mp_sub(&temp2, &s, &temp1);
        /* temp2 = a + u * x */
        if (!r) r = mp_mulmod(&u, &srp->auth, &srp->N, &s);
        if (!r) r = mp_add(&srp->priv, &s, &temp2);
        /* secret = temp1 ^ temp2 % N */
        if (!r) r = mp_exptmod(&temp1, &temp2, &srp->N, &s);
    } else if (!r && srp->side == SRP_SERVER_SIDE) {
        /* temp1 = v ^ u % N */
        r = mp_exptmod(&srp->auth, &u, &srp->N, &temp1);
        /* temp2 = A * temp1 % N; rejects A == 0, A >= N */
        if (!r) r = mp_read_unsigned_bin(&s, clientPubKey, clientPubKeySz);
        if (!r) r = mp_iszero(&s) ? SRP_BAD_KEY_E : 0;
        if (!r) r = mp_cmp(&s, &srp->N) != MP_LT ? SRP_BAD_KEY_E : 0;
        if (!r) r = mp_mulmod(&s, &temp1, &srp->N, &temp2);
        /* rejects A * v ^ u % N >= 1, A * v ^ u % N == -1 % N */
        if (!r) r = mp_read_unsigned_bin(&temp1, (const byte*)"\001", 1);
        if (!r) r = mp_cmp(&temp2, &temp1) != MP_GT ? SRP_BAD_KEY_E : 0;
        if (!r) r = mp_sub(&srp->N, &temp1, &s);
        if (!r) r = mp_cmp(&temp2, &s) == MP_EQ ? SRP_BAD_KEY_E : 0;
        /* secret = temp2 * b % N */
        if (!r) r = mp_exptmod(&temp2, &srp->priv, &srp->N, &s);
    }
    /* building session key from secret */
    if (!r) r = mp_to_unsigned_bin(&s, secret);
    if (!r) r = srp->keyGenFunc_cb(srp, secret, mp_unsigned_bin_size(&s));
    /* updating client proof = H( H(N) ^ H(g) | H(user) | salt | A | B | K) */
    if (!r) r = SrpHashUpdate(&srp->client_proof, clientPubKey, clientPubKeySz);
    if (!r) r = SrpHashUpdate(&srp->client_proof, serverPubKey, serverPubKeySz);
    if (!r) r = SrpHashUpdate(&srp->client_proof, srp->key,     srp->keySz);
    /* updating server proof = H(A) */
    if (!r) r = SrpHashUpdate(&srp->server_proof, clientPubKey, clientPubKeySz);
    XFREE(secret, NULL, DYNAMIC_TYPE_SRP);
    mp_clear(&u); mp_clear(&s); mp_clear(&temp1); mp_clear(&temp2);
    return r;
 }
 int wc_SrpGetProof(Srp* srp, byte* proof, word32* size)
 {
    int r;
    if (!srp || !proof || !size)
        return BAD_FUNC_ARG;
    if (*size < SrpHashSize(srp->type))
        return BUFFER_E;
    if ((r = SrpHashFinal(srp->side == SRP_CLIENT_SIDE
                          ? &srp->client_proof
                          : &srp->server_proof, proof)) != 0)
        return r;
    *size = SrpHashSize(srp->type);
    if (srp->side == SRP_CLIENT_SIDE) {
        /* server proof = H( A | client proof | K) */
        if (!r) r = SrpHashUpdate(&srp->server_proof, proof, *size);
        if (!r) r = SrpHashUpdate(&srp->server_proof, srp->key, srp->keySz);
    }
    return r;
 }
 int wc_SrpVerifyPeersProof(Srp* srp, byte* proof, word32 size)
 {
    byte digest[SRP_MAX_DIGEST_SIZE];
    int r;
    if (!srp || !proof)
        return BAD_FUNC_ARG;
    if (size != SrpHashSize(srp->type))
        return BUFFER_E;
    r = SrpHashFinal(srp->side == SRP_CLIENT_SIDE ? &srp->server_proof
                                                  : &srp->client_proof, digest);
    if (srp->side == SRP_SERVER_SIDE) {
        /* server proof = H( A | client proof | K) */
        if (!r) r = SrpHashUpdate(&srp->server_proof, proof, size);
        if (!r) r = SrpHashUpdate(&srp->server_proof, srp->key, srp->keySz);
    }
    if (!r && XMEMCMP(proof, digest, size) != 0)
        r = SRP_VERIFY_E;
    return r;
 }
 #endif /* WOLFCRYPT_HAVE_SRP */
--- a/wolfcrypt/src/tfm.c
+++ b/wolfcrypt/src/tfm.c
@@ -2264,6 +2264,7 @@ static const int lnz[16] = {
   4, 0, 1, 0, 2, 0, 1, 0, 3, 0, 1, 0, 2, 0, 1, 0
 };
 #ifdef WOLFSSL_KEY_GEN
 /* swap the elements of two integers, for cases where you can't simply swap the
 * mp_int pointers around
 */
@@ -2275,6 +2276,7 @@ static void fp_exch (fp_int * a, fp_int * b)
    *a = *b;
    *b = t;
 }
 #endif
 /* Counts the number of lsbs which are zero before the first zero bit */
 int fp_cnt_lsb(fp_int *a)
@@ -2410,7 +2412,7 @@ int mp_mod_d(fp_int *a, fp_digit b, fp_digit *c)
 void fp_gcd(fp_int *a, fp_int *b, fp_int *c);
 void fp_lcm(fp_int *a, fp_int *b, fp_int *c);
 int  fp_isprime(fp_int *a);
-int  fp_randprime(fp_int* N, int len, RNG* rng, void* heap);
+int  fp_randprime(fp_int* N, int len, WC_RNG* rng, void* heap);
 int mp_gcd(fp_int *a, fp_int *b, fp_int *c)
 {
@@ -2433,7 +2435,7 @@ int mp_prime_is_prime(mp_int* a, int t, int* result)
    return MP_OKAY;
 }
-int mp_rand_prime(mp_int* N, int len, RNG* rng, void* heap)
+int mp_rand_prime(mp_int* N, int len, WC_RNG* rng, void* heap)
 {
    int err;
@@ -2587,7 +2589,7 @@ int fp_isprime(fp_int *a)
   return FP_YES;
 }
-int fp_randprime(fp_int* N, int len, RNG* rng, void* heap)
+int fp_randprime(fp_int* N, int len, WC_RNG* rng, void* heap)
 {
    static const int USE_BBS = 1;
    int   err, type;
@@ -2724,12 +2726,14 @@ int mp_add_d(fp_int *a, fp_digit b, fp_int *c)
 #endif  /* HAVE_ECC || !NO_PWDBASED */
-#ifdef HAVE_ECC
+#if defined(HAVE_ECC) || defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY)
 /* chars used in radix conversions */
 static const char *fp_s_rmap = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ\
                                abcdefghijklmnopqrstuvwxyz+/";
 #endif
 #ifdef HAVE_ECC
 static int fp_read_radix(fp_int *a, const char *str, int radix)
 {
  int     y, neg;
@@ -2842,6 +2846,7 @@ int mp_cnt_lsb(fp_int* a)
 #endif /* HAVE_COMP_KEY */
 #endif /* HAVE_ECC */
 #if defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY)
@@ -2953,7 +2958,5 @@ int mp_toradix (mp_int *a, char *str, int radix)
 #endif /* defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) */
 #endif /* HAVE_ECC */
 #endif /* USE_FAST_MATH */
--- a/wolfcrypt/src/wc_encrypt.c
+++ b/wolfcrypt/src/wc_encrypt.c
@@ -0,0 +1,201 @@
 /* wc_encrypt.c
 *
 * Copyright (C) 2006-2015 wolfSSL Inc.
 *
 * This file is part of wolfSSL. (formerly known as CyaSSL)
 *
 * wolfSSL is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * wolfSSL is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
 */
 #ifdef HAVE_CONFIG_H
    #include <config.h>
 #endif
 #include <wolfssl/wolfcrypt/settings.h>
 #include <wolfssl/wolfcrypt/aes.h>
 #include <wolfssl/wolfcrypt/des3.h>
 #include <wolfssl/wolfcrypt/wc_encrypt.h>
 #include <wolfssl/wolfcrypt/error-crypt.h>
 #ifndef NO_AES
 int wc_AesCbcDecryptWithKey(byte* out, const byte* in, word32 inSz,
                                  const byte* key, word32 keySz, const byte* iv)
 {
    int  ret = 0;
 #ifdef WOLFSSL_SMALL_STACK
    Aes* aes = NULL;
 #else
    Aes  aes[1];
 #endif
 #ifdef WOLFSSL_SMALL_STACK
    aes = (Aes*)XMALLOC(sizeof(Aes), NULL, DYNAMIC_TYPE_TMP_BUFFER);
    if (aes == NULL)
        return MEMORY_E;
 #endif
    ret = wc_AesSetKey(aes, key, keySz, iv, AES_DECRYPTION);
    if (ret == 0)
        ret = wc_AesCbcDecrypt(aes, out, in, inSz);
 #ifdef WOLFSSL_SMALL_STACK
    XFREE(aes, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
    return ret;
 }
 int wc_AesCbcEncryptWithKey(byte* out, const byte* in, word32 inSz,
                            const byte* key, word32 keySz, const byte* iv)
 {
    int  ret = 0;
 #ifdef WOLFSSL_SMALL_STACK
    Aes* aes = NULL;
 #else
    Aes  aes[1];
 #endif
 #ifdef WOLFSSL_SMALL_STACK
    aes = (Aes*)XMALLOC(sizeof(Aes), NULL, DYNAMIC_TYPE_TMP_BUFFER);
    if (aes == NULL)
        return MEMORY_E;
 #endif
    ret = wc_AesSetKey(aes, key, keySz, iv, AES_ENCRYPTION);
    if (ret == 0)
        ret = wc_AesCbcEncrypt(aes, out, in, inSz);
 #ifdef WOLFSSL_SMALL_STACK
    XFREE(aes, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
    return ret;
 }
 #endif /* !NO_AES */
 #ifndef NO_DES3
 int wc_Des_CbcEncryptWithKey(byte* out, const byte* in, word32 sz,
                             const byte* key, const byte* iv)
 {
    int ret  = 0;
 #ifdef WOLFSSL_SMALL_STACK
    Des* des = NULL;
 #else
    Des  des[1];
 #endif
 #ifdef WOLFSSL_SMALL_STACK
    des = (Des*)XMALLOC(sizeof(Des), NULL, DYNAMIC_TYPE_TMP_BUFFER);
    if (des == NULL)
        return MEMORY_E;
 #endif
    ret = wc_Des_SetKey(des, key, iv, DES_ENCRYPTION);
    if (ret == 0)
        ret = wc_Des_CbcEncrypt(des, out, in, sz);
 #ifdef WOLFSSL_SMALL_STACK
    XFREE(des, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
    return ret;
 }
 int wc_Des_CbcDecryptWithKey(byte* out, const byte* in, word32 sz,
                             const byte* key, const byte* iv)
 {
    int ret  = 0;
 #ifdef WOLFSSL_SMALL_STACK
    Des* des = NULL;
 #else
    Des  des[1];
 #endif
 #ifdef WOLFSSL_SMALL_STACK
    des = (Des*)XMALLOC(sizeof(Des), NULL, DYNAMIC_TYPE_TMP_BUFFER);
    if (des == NULL)
        return MEMORY_E;
 #endif
    ret = wc_Des_SetKey(des, key, iv, DES_DECRYPTION);
    if (ret == 0)
        ret = wc_Des_CbcDecrypt(des, out, in, sz);
 #ifdef WOLFSSL_SMALL_STACK
    XFREE(des, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
    return ret;
 }
 int wc_Des3_CbcEncryptWithKey(byte* out, const byte* in, word32 sz,
                              const byte* key, const byte* iv)
 {
    int ret    = 0;
 #ifdef WOLFSSL_SMALL_STACK
    Des3* des3 = NULL;
 #else
    Des3  des3[1];
 #endif
 #ifdef WOLFSSL_SMALL_STACK
    des3 = (Des3*)XMALLOC(sizeof(Des3), NULL, DYNAMIC_TYPE_TMP_BUFFER);
    if (des3 == NULL)
        return MEMORY_E;
 #endif
    ret = wc_Des3_SetKey(des3, key, iv, DES_ENCRYPTION);
    if (ret == 0)
        ret = wc_Des3_CbcEncrypt(des3, out, in, sz);
 #ifdef WOLFSSL_SMALL_STACK
    XFREE(des3, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
    return ret;
 }
 int wc_Des3_CbcDecryptWithKey(byte* out, const byte* in, word32 sz,
                              const byte* key, const byte* iv)
 {
    int ret    = 0;
 #ifdef WOLFSSL_SMALL_STACK
    Des3* des3 = NULL;
 #else
    Des3  des3[1];
 #endif
 #ifdef WOLFSSL_SMALL_STACK
    des3 = (Des3*)XMALLOC(sizeof(Des3), NULL, DYNAMIC_TYPE_TMP_BUFFER);
    if (des3 == NULL)
        return MEMORY_E;
 #endif
    ret = wc_Des3_SetKey(des3, key, iv, DES_DECRYPTION);
    if (ret == 0)
        ret = wc_Des3_CbcDecrypt(des3, out, in, sz);
 #ifdef WOLFSSL_SMALL_STACK
    XFREE(des3, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
    return ret;
 }
 #endif /* !NO_DES3 */
--- a/wolfcrypt/test/test.c
+++ b/wolfcrypt/test/test.c
@@ -53,6 +53,7 @@
 #include <wolfssl/wolfcrypt/hmac.h>
 #include <wolfssl/wolfcrypt/dh.h>
 #include <wolfssl/wolfcrypt/dsa.h>
 #include <wolfssl/wolfcrypt/srp.h>
 #include <wolfssl/wolfcrypt/hc128.h>
 #include <wolfssl/wolfcrypt/rabbit.h>
 #include <wolfssl/wolfcrypt/chacha.h>
@@ -125,8 +126,12 @@
 #ifdef FREESCALE_MQX
    #include <mqx.h>
    #include <fio.h>
    #include <stdlib.h>
    #if MQX_USE_IO_OLD
        #include <fio.h>
    #else
        #include <nio.h>
    #endif
 #else
    #include <stdio.h>
 #endif
@@ -179,6 +184,7 @@ int  camellia_test(void);
 int  rsa_test(void);
 int  dh_test(void);
 int  dsa_test(void);
 int  srp_test(void);
 int  random_test(void);
 int  pwdbased_test(void);
 int  ripemd_test(void);
@@ -500,6 +506,13 @@ int wolfcrypt_test(void* args)
        printf( "DSA      test passed!\n");
 #endif
 #ifdef WOLFCRYPT_HAVE_SRP
    if ( (ret = srp_test()) != 0)
        return err_sys("SRP      test failed!\n", ret);
    else
        printf( "SRP      test passed!\n");
 #endif
 #ifndef NO_PWDBASED
    if ( (ret = pwdbased_test()) != 0)
        return err_sys("PWDBASED test failed!\n", ret);
@@ -3244,7 +3257,7 @@ int random_test(void)
 int random_test(void)
 {
-    RNG  rng;
+    WC_RNG rng;
    byte block[32];
    int ret;
@@ -3272,7 +3285,7 @@ byte GetEntropy(ENTROPY_CMD cmd, byte* out);
 byte GetEntropy(ENTROPY_CMD cmd, byte* out)
 {
-    static RNG rng;
+    static WC_RNG rng;
    if (cmd == INIT)
        return (wc_InitRng(&rng) == 0) ? 1 : 0;
@@ -3344,7 +3357,7 @@ int rsa_test(void)
    byte*   tmp;
    size_t bytes;
    RsaKey key;
-    RNG    rng;
+    WC_RNG rng;
    word32 idx = 0;
    int    ret;
    byte   in[] = "Everyone gets Friday off.";
@@ -3478,19 +3491,25 @@ int rsa_test(void)
        FILE*  pemFile;
        ret = wc_InitRsaKey(&genKey, 0);
-        if (ret != 0)
+        if (ret != 0) {
            free(tmp);
            return -300;
        }
        ret = wc_MakeRsaKey(&genKey, 1024, 65537, &rng);
-        if (ret != 0)
+        if (ret != 0) {
            free(tmp);
            return -301;
        }
        der = (byte*)malloc(FOURK_BUF);
        if (der == NULL) {
            free(tmp);
            wc_FreeRsaKey(&genKey);
            return -307;
        }
        pem = (byte*)malloc(FOURK_BUF);
        if (pem == NULL) {
            free(tmp);
            free(der);
            wc_FreeRsaKey(&genKey);
            return -308;
@@ -3500,6 +3519,7 @@ int rsa_test(void)
        if (derSz < 0) {
            free(der);
            free(pem);
            free(tmp);
            return -302;
        }
@@ -3511,6 +3531,7 @@ int rsa_test(void)
        if (!keyFile) {
            free(der);
            free(pem);
            free(tmp);
            wc_FreeRsaKey(&genKey);
            return -303;
        }
@@ -3519,6 +3540,7 @@ int rsa_test(void)
        if (ret != derSz) {
            free(der);
            free(pem);
            free(tmp);
            wc_FreeRsaKey(&genKey);
            return -313;
        }
@@ -3527,6 +3549,7 @@ int rsa_test(void)
        if (pemSz < 0) {
            free(der);
            free(pem);
            free(tmp);
            wc_FreeRsaKey(&genKey);
            return -304;
        }
@@ -3539,6 +3562,7 @@ int rsa_test(void)
        if (!pemFile) {
            free(der);
            free(pem);
            free(tmp);
            wc_FreeRsaKey(&genKey);
            return -305;
        }
@@ -3547,6 +3571,7 @@ int rsa_test(void)
        if (ret != pemSz) {
            free(der);
            free(pem);
            free(tmp);
            wc_FreeRsaKey(&genKey);
            return -314;
        }
@@ -3555,6 +3580,7 @@ int rsa_test(void)
        if (ret != 0) {
            free(der);
            free(pem);
            free(tmp);
            wc_FreeRsaKey(&genKey);
            return -3060;
        }
@@ -3563,6 +3589,7 @@ int rsa_test(void)
        if (ret != 0) {
            free(der);
            free(pem);
            free(tmp);
            wc_FreeRsaKey(&derIn);
            wc_FreeRsaKey(&genKey);
            return -306;
@@ -3590,10 +3617,13 @@ int rsa_test(void)
 #endif
        derCert = (byte*)malloc(FOURK_BUF);
-        if (derCert == NULL)
+        if (derCert == NULL) {
            free(tmp);
            return -309;
        }
        pem = (byte*)malloc(FOURK_BUF);
        if (pem == NULL) {
            free(tmp);
            free(derCert);
            return -310;
        }
@@ -3614,6 +3644,7 @@ int rsa_test(void)
        if (certSz < 0) {
            free(derCert);
            free(pem);
            free(tmp);
            return -401;
        }
@@ -3623,6 +3654,7 @@ int rsa_test(void)
        if (ret != 0) {
            free(derCert);
            free(pem);
            free(tmp);
            return -402;
        }
        FreeDecodedCert(&decode);
@@ -3636,6 +3668,7 @@ int rsa_test(void)
        if (!derFile) {
            free(derCert);
            free(pem);
            free(tmp);
            return -403;
        }
        ret = (int)fwrite(derCert, 1, certSz, derFile);
@@ -3643,6 +3676,7 @@ int rsa_test(void)
        if (ret != certSz) {
            free(derCert);
            free(pem);
            free(tmp);
            return -414;
        }
@@ -3650,6 +3684,7 @@ int rsa_test(void)
        if (pemSz < 0) {
            free(derCert);
            free(pem);
            free(tmp);
            return -404;
        }
@@ -3661,6 +3696,7 @@ int rsa_test(void)
        if (!pemFile) {
            free(derCert);
            free(pem);
            free(tmp);
            return -405;
        }
        ret = (int)fwrite(pem, 1, pemSz, pemFile);
@@ -3668,6 +3704,7 @@ int rsa_test(void)
        if (ret != pemSz) {
            free(derCert);
            free(pem);
            free(tmp);
            return -406;
        }
        free(pem);
@@ -3691,11 +3728,14 @@ int rsa_test(void)
 #endif
        derCert = (byte*)malloc(FOURK_BUF);
-        if (derCert == NULL)
+        if (derCert == NULL) {
            free(tmp);
            return -311;
        }
        pem = (byte*)malloc(FOURK_BUF);
        if (pem == NULL) {
            free(derCert);
            free(tmp);
            return -312;
        }
@@ -3704,6 +3744,7 @@ int rsa_test(void)
        if (!file3) {
            free(derCert);
            free(pem);
            free(tmp);
            return -412;
        }
@@ -3714,18 +3755,24 @@ int rsa_test(void)
        if (ret != 0) {
            free(derCert);
            free(pem);
            free(tmp);
            return -411;
        }
        ret = wc_RsaPrivateKeyDecode(tmp, &idx3, &caKey, (word32)bytes3);
        if (ret != 0) {
            free(derCert);
            free(pem);
            free(tmp);
            wc_FreeRsaKey(&caKey);
            return -413;
        }
        wc_InitCert(&myCert);
 #ifdef NO_SHA
        myCert.sigType = CTC_SHA256wRSA;
 #endif
        strncpy(myCert.subject.country, "US", CTC_NAME_SIZE);
        strncpy(myCert.subject.state, "OR", CTC_NAME_SIZE);
        strncpy(myCert.subject.locality, "Portland", CTC_NAME_SIZE);
@@ -3738,6 +3785,7 @@ int rsa_test(void)
        if (ret < 0) {
            free(derCert);
            free(pem);
            free(tmp);
            wc_FreeRsaKey(&caKey);
            return -405;
        }
@@ -3746,6 +3794,7 @@ int rsa_test(void)
        if (certSz < 0) {
            free(derCert);
            free(pem);
            free(tmp);
            wc_FreeRsaKey(&caKey);
            return -407;
        }
@@ -3755,6 +3804,7 @@ int rsa_test(void)
        if (certSz < 0) {
            free(derCert);
            free(pem);
            free(tmp);
            wc_FreeRsaKey(&caKey);
            return -408;
        }
@@ -3766,6 +3816,7 @@ int rsa_test(void)
        if (ret != 0) {
            free(derCert);
            free(pem);
            free(tmp);
            wc_FreeRsaKey(&caKey);
            return -409;
        }
@@ -3780,6 +3831,7 @@ int rsa_test(void)
        if (!derFile) {
            free(derCert);
            free(pem);
            free(tmp);
            wc_FreeRsaKey(&caKey);
            return -410;
        }
@@ -3788,6 +3840,7 @@ int rsa_test(void)
        if (ret != certSz) {
            free(derCert);
            free(pem);
            free(tmp);
            wc_FreeRsaKey(&caKey);
            return -416;
        }
@@ -3796,6 +3849,7 @@ int rsa_test(void)
        if (pemSz < 0) {
            free(derCert);
            free(pem);
            free(tmp);
            wc_FreeRsaKey(&caKey);
            return -411;
        }
@@ -3808,6 +3862,7 @@ int rsa_test(void)
        if (!pemFile) {
            free(derCert);
            free(pem);
            free(tmp);
            wc_FreeRsaKey(&caKey);
            return -412;
        }
@@ -3815,6 +3870,7 @@ int rsa_test(void)
        if (ret != pemSz) {
            free(derCert);
            free(pem);
            free(tmp);
            wc_FreeRsaKey(&caKey);
            return -415;
        }
@@ -3842,11 +3898,14 @@ int rsa_test(void)
 #endif
        derCert = (byte*)malloc(FOURK_BUF);
-        if (derCert == NULL)
+        if (derCert == NULL) {
            free(tmp);
            return -5311;
        }
        pem = (byte*)malloc(FOURK_BUF);
        if (pem == NULL) {
            free(derCert);
            free(tmp);
            return -5312;
        }
@@ -3855,6 +3914,7 @@ int rsa_test(void)
        if (!file3) {
            free(derCert);
            free(pem);
            free(tmp);
            return -5412;
        }
@@ -3866,6 +3926,7 @@ int rsa_test(void)
        if (ret != 0) {
            free(derCert);
            free(pem);
            free(tmp);
            return -5413;
        }
@@ -3885,6 +3946,7 @@ int rsa_test(void)
            free(pem);
            free(derCert);
            wc_ecc_free(&caKey);
            free(tmp);
            return -5405;
        }
@@ -3893,6 +3955,7 @@ int rsa_test(void)
            free(pem);
            free(derCert);
            wc_ecc_free(&caKey);
            free(tmp);
            return -5407;
        }
@@ -3902,6 +3965,7 @@ int rsa_test(void)
            free(pem);
            free(derCert);
            wc_ecc_free(&caKey);
            free(tmp);
            return -5408;
        }
@@ -3909,6 +3973,7 @@ int rsa_test(void)
        InitDecodedCert(&decode, derCert, certSz, 0);
        ret = ParseCert(&decode, CERT_TYPE, NO_VERIFY, 0);
        if (ret != 0) {
            free(tmp);
            free(pem);
            free(derCert);
            wc_ecc_free(&caKey);
@@ -3926,6 +3991,7 @@ int rsa_test(void)
            free(pem);
            free(derCert);
            wc_ecc_free(&caKey);
            free(tmp);
            return -5410;
        }
        ret = (int)fwrite(derCert, 1, certSz, derFile);
@@ -3934,6 +4000,7 @@ int rsa_test(void)
            free(pem);
            free(derCert);
            wc_ecc_free(&caKey);
            free(tmp);
            return -5414;
        }
@@ -3942,6 +4009,7 @@ int rsa_test(void)
            free(pem);
            free(derCert);
            wc_ecc_free(&caKey);
            free(tmp);
            return -5411;
        }
@@ -3954,6 +4022,7 @@ int rsa_test(void)
            free(pem);
            free(derCert);
            wc_ecc_free(&caKey);
            free(tmp);
            return -5412;
        }
        ret = (int)fwrite(pem, 1, pemSz, pemFile);
@@ -3961,6 +4030,7 @@ int rsa_test(void)
            free(pem);
            free(derCert);
            wc_ecc_free(&caKey);
            free(tmp);
            return -5415;
        }
        fclose(pemFile);
@@ -3986,11 +4056,14 @@ int rsa_test(void)
        DecodedCert decode;
 #endif
        derCert = (byte*)malloc(FOURK_BUF);
-        if (derCert == NULL)
+        if (derCert == NULL) {
            free(tmp);
            return -311;
        }
        pem = (byte*)malloc(FOURK_BUF);
        if (pem == NULL) {
            free(derCert);
            free(tmp);
            return -312;
        }
@@ -4007,6 +4080,7 @@ int rsa_test(void)
        if (rc != DRBG_OK) {
            free(derCert);
            free(pem);
            free(tmp);
            return -448;
        }
@@ -4016,6 +4090,7 @@ int rsa_test(void)
        if (rc != NTRU_OK) {
            free(derCert);
            free(pem);
            free(tmp);
            return -449;
        }
@@ -4025,6 +4100,7 @@ int rsa_test(void)
        if (rc != NTRU_OK) {
            free(derCert);
            free(pem);
            free(tmp);
            return -450;
        }
@@ -4033,6 +4109,7 @@ int rsa_test(void)
        if (rc != NTRU_OK) {
            free(derCert);
            free(pem);
            free(tmp);
            return -451;
        }
@@ -4041,6 +4118,7 @@ int rsa_test(void)
        if (!caFile) {
            free(derCert);
            free(pem);
            free(tmp);
            return -452;
        }
@@ -4051,12 +4129,14 @@ int rsa_test(void)
        if (ret != 0) {
            free(derCert);
            free(pem);
            free(tmp);
            return -453;
        }
        ret = wc_RsaPrivateKeyDecode(tmp, &idx3, &caKey, (word32)bytes);
        if (ret != 0) {
            free(derCert);
            free(pem);
            free(tmp);
            return -454;
        }
@@ -4075,6 +4155,7 @@ int rsa_test(void)
            free(derCert);
            free(pem);
            wc_FreeRsaKey(&caKey);
            free(tmp);
            return -455;
        }
@@ -4084,6 +4165,7 @@ int rsa_test(void)
            free(derCert);
            free(pem);
            wc_FreeRsaKey(&caKey);
            free(tmp);
            return -456;
        }
@@ -4093,6 +4175,7 @@ int rsa_test(void)
        if (certSz < 0) {
            free(derCert);
            free(pem);
            free(tmp);
            return -457;
        }
@@ -4103,6 +4186,7 @@ int rsa_test(void)
        if (ret != 0) {
            free(derCert);
            free(pem);
            free(tmp);
            return -458;
        }
        FreeDecodedCert(&decode);
@@ -4111,6 +4195,7 @@ int rsa_test(void)
        if (!derFile) {
            free(derCert);
            free(pem);
            free(tmp);
            return -459;
        }
        ret = (int)fwrite(derCert, 1, certSz, derFile);
@@ -4118,6 +4203,7 @@ int rsa_test(void)
        if (ret != certSz) {
            free(derCert);
            free(pem);
            free(tmp);
            return -473;
        }
@@ -4125,6 +4211,7 @@ int rsa_test(void)
        if (pemSz < 0) {
            free(derCert);
            free(pem);
            free(tmp);
            return -460;
        }
@@ -4132,6 +4219,7 @@ int rsa_test(void)
        if (!pemFile) {
            free(derCert);
            free(pem);
            free(tmp);
            return -461;
        }
        ret = (int)fwrite(pem, 1, pemSz, pemFile);
@@ -4139,6 +4227,7 @@ int rsa_test(void)
        if (ret != pemSz) {
            free(derCert);
            free(pem);
            free(tmp);
            return -474;
        }
@@ -4146,6 +4235,7 @@ int rsa_test(void)
        if (!ntruPrivFile) {
            free(derCert);
            free(pem);
            free(tmp);
            return -462;
        }
        ret = (int)fwrite(private_key, 1, private_key_len, ntruPrivFile);
@@ -4153,6 +4243,7 @@ int rsa_test(void)
        if (ret != private_key_len) {
            free(pem);
            free(derCert);
            free(tmp);
            return -475;
        }
        free(pem);
@@ -4169,11 +4260,14 @@ int rsa_test(void)
        FILE*       reqFile;
        der = (byte*)malloc(FOURK_BUF);
-        if (der == NULL)
+        if (der == NULL) {
            free(tmp);
            return -463;
        }
        pem = (byte*)malloc(FOURK_BUF);
        if (pem == NULL) {
            free(der);
            free(tmp);
            return -464;
        }
@@ -4195,6 +4289,7 @@ int rsa_test(void)
        if (derSz < 0) {
            free(pem);
            free(der);
            free(tmp);
            return -465;
        }
@@ -4203,6 +4298,7 @@ int rsa_test(void)
        if (derSz < 0) {
            free(pem);
            free(der);
            free(tmp);
            return -466;
        }
@@ -4210,6 +4306,7 @@ int rsa_test(void)
        if (pemSz < 0) {
            free(pem);
            free(der);
            free(tmp);
            return -467;
        }
@@ -4221,6 +4318,7 @@ int rsa_test(void)
        if (!reqFile) {
            free(pem);
            free(der);
            free(tmp);
            return -468;
        }
@@ -4229,6 +4327,7 @@ int rsa_test(void)
        if (ret != derSz) {
            free(pem);
            free(der);
            free(tmp);
            return -471;
        }
@@ -4240,6 +4339,7 @@ int rsa_test(void)
        if (!reqFile) {
            free(pem);
            free(der);
            free(tmp);
            return -469;
        }
        ret = (int)fwrite(pem, 1, pemSz, reqFile);
@@ -4247,6 +4347,7 @@ int rsa_test(void)
        if (ret != pemSz) {
            free(pem);
            free(der);
            free(tmp);
            return -470;
        }
@@ -4295,7 +4396,7 @@ int dh_test(void)
    byte   agree2[256];
    DhKey  key;
    DhKey  key2;
-    RNG    rng;
+    WC_RNG rng;
 #ifdef USE_CERT_BUFFERS_1024
    XMEMCPY(tmp, dh_key_der_1024, sizeof_dh_key_der_1024);
@@ -4384,7 +4485,7 @@ int dsa_test(void)
    word32 idx = 0;
    byte   tmp[1024];
    DsaKey key;
-    RNG    rng;
+    WC_RNG rng;
    Sha    sha;
    byte   hash[SHA_DIGEST_SIZE];
    byte   signature[40];
@@ -4537,6 +4638,101 @@ int dsa_test(void)
 #endif /* NO_DSA */
 #ifdef WOLFCRYPT_HAVE_SRP
 int srp_test(void)
 {
    Srp cli, srv;
    int r;
    byte clientPubKey[80]; /* A */
    byte serverPubKey[80]; /* B */
    word32 clientPubKeySz = 80;
    word32 serverPubKeySz = 80;
    byte clientProof[SRP_MAX_DIGEST_SIZE]; /* M1 */
    byte serverProof[SRP_MAX_DIGEST_SIZE]; /* M2 */
    word32 clientProofSz = SRP_MAX_DIGEST_SIZE;
    word32 serverProofSz = SRP_MAX_DIGEST_SIZE;
    byte username[] = "user";
    word32 usernameSz = 4;
    byte password[] = "password";
    word32 passwordSz = 8;
    byte N[] = {
        0xC9, 0x4D, 0x67, 0xEB, 0x5B, 0x1A, 0x23, 0x46, 0xE8, 0xAB, 0x42, 0x2F,
        0xC6, 0xA0, 0xED, 0xAE, 0xDA, 0x8C, 0x7F, 0x89, 0x4C, 0x9E, 0xEE, 0xC4,
        0x2F, 0x9E, 0xD2, 0x50, 0xFD, 0x7F, 0x00, 0x46, 0xE5, 0xAF, 0x2C, 0xF7,
        0x3D, 0x6B, 0x2F, 0xA2, 0x6B, 0xB0, 0x80, 0x33, 0xDA, 0x4D, 0xE3, 0x22,
        0xE1, 0x44, 0xE7, 0xA8, 0xE9, 0xB1, 0x2A, 0x0E, 0x46, 0x37, 0xF6, 0x37,
        0x1F, 0x34, 0xA2, 0x07, 0x1C, 0x4B, 0x38, 0x36, 0xCB, 0xEE, 0xAB, 0x15,
        0x03, 0x44, 0x60, 0xFA, 0xA7, 0xAD, 0xF4, 0x83
    };
    byte g[] = {
        0x02
    };
    byte salt[] = {
        0xB2, 0xE5, 0x8E, 0xCC, 0xD0, 0xCF, 0x9D, 0x10, 0x3A, 0x56
    };
    byte verifier[] = {
        0x7C, 0xAB, 0x17, 0xFE, 0x54, 0x3E, 0x8C, 0x13, 0xF2, 0x3D, 0x21, 0xE7,
        0xD2, 0xAF, 0xAF, 0xDB, 0xA1, 0x52, 0x69, 0x9D, 0x49, 0x01, 0x79, 0x91,
        0xCF, 0xD1, 0x3F, 0xE5, 0x28, 0x72, 0xCA, 0xBE, 0x13, 0xD1, 0xC2, 0xDA,
        0x65, 0x34, 0x55, 0x8F, 0x34, 0x0E, 0x05, 0xB8, 0xB4, 0x0F, 0x7F, 0x6B,
        0xBB, 0xB0, 0x6B, 0x50, 0xD8, 0xB1, 0xCC, 0xB7, 0x81, 0xFE, 0xD4, 0x42,
        0xF5, 0x11, 0xBC, 0x8A, 0x28, 0xEB, 0x50, 0xB3, 0x46, 0x08, 0xBA, 0x24,
        0xA2, 0xFB, 0x7F, 0x2E, 0x0A, 0xA5, 0x33, 0xCC
    };
    /* client knows username and password.   */
    /* server knows N, g, salt and verifier. */
            r = wc_SrpInit(&cli, SRP_TYPE_SHA, SRP_CLIENT_SIDE);
    if (!r) r = wc_SrpSetUsername(&cli, username, usernameSz);
    /* client sends username to server */
    if (!r) r = wc_SrpInit(&srv, SRP_TYPE_SHA, SRP_SERVER_SIDE);
    if (!r) r = wc_SrpSetUsername(&srv, username, usernameSz);
    if (!r) r = wc_SrpSetParams(&srv, N,    sizeof(N),
                                      g,    sizeof(g),
                                      salt, sizeof(salt));
    if (!r) r = wc_SrpSetVerifier(&srv, verifier, sizeof(verifier));
    if (!r) r = wc_SrpGetPublic(&srv, serverPubKey, &serverPubKeySz);
    /* server sends N, g, salt and B to client */
    if (!r) r = wc_SrpSetParams(&cli, N,    sizeof(N),
                                      g,    sizeof(g),
                                      salt, sizeof(salt));
    if (!r) r = wc_SrpSetPassword(&cli, password, passwordSz);
    if (!r) r = wc_SrpGetPublic(&cli, clientPubKey, &clientPubKeySz);
    if (!r) r = wc_SrpComputeKey(&cli, clientPubKey, clientPubKeySz,
                                       serverPubKey, serverPubKeySz);
    if (!r) r = wc_SrpGetProof(&cli, clientProof, &clientProofSz);
    /* client sends A and M1 to server */
    if (!r) r = wc_SrpComputeKey(&srv, clientPubKey, clientPubKeySz,
                                       serverPubKey, serverPubKeySz);
    if (!r) r = wc_SrpVerifyPeersProof(&srv, clientProof, clientProofSz);
    if (!r) r = wc_SrpGetProof(&srv, serverProof, &serverProofSz);
    /* server sends M2 to client */
    if (!r) r = wc_SrpVerifyPeersProof(&cli, serverProof, serverProofSz);
    wc_SrpTerm(&cli);
    wc_SrpTerm(&srv);
    return r;
 }
 #endif /* WOLFCRYPT_HAVE_SRP */
 #ifdef OPENSSL_EXTRA
@@ -5000,7 +5196,7 @@ typedef struct rawEccVector {
 int ecc_test(void)
 {
-    RNG     rng;
+    WC_RNG  rng;
    byte    sharedA[1024];
    byte    sharedB[1024];
    byte    sig[1024];
@@ -5256,7 +5452,7 @@ int ecc_test(void)
 int ecc_encrypt_test(void)
 {
-    RNG     rng;
+    WC_RNG  rng;
    int     ret;
    ecc_key userA, userB;
    byte    msg[48];
@@ -5391,7 +5587,7 @@ int ecc_encrypt_test(void)
 int curve25519_test(void)
 {
-    RNG     rng;
+    WC_RNG  rng;
    byte    sharedA[32];
    byte    sharedB[32];
    byte    exportBuf[32];
@@ -5554,7 +5750,7 @@ int curve25519_test(void)
 #ifdef HAVE_ED25519
 int ed25519_test(void)
 {
-    RNG    rng;
+    WC_RNG rng;
    byte   out[ED25519_SIG_SIZE];
    byte   exportPKey[ED25519_KEY_SIZE];
    byte   exportSKey[ED25519_KEY_SIZE];
@@ -6204,8 +6400,8 @@ int pkcs7signed_test(void)
    byte* out;
    char data[] = "Hello World";
    word32 dataSz, outSz, certDerSz, keyDerSz;
-    PKCS7 msg;
+    PKCS7  msg;
-    RNG rng;
+    WC_RNG rng;
    byte transIdOid[] =
               { 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01,
--- a/wolfssl.vcproj
+++ b/wolfssl.vcproj
@@ -291,6 +291,10 @@
 				RelativePath=".\src\tls.c"
 				>
 			</File>
 			<File
 				RelativePath="wolfcrypt\src\wc_encrypt.c"
 				>
 			</File>
 		</Filter>
 		<Filter
 			Name="Header Files"
--- a/wolfssl.vcxproj
+++ b/wolfssl.vcxproj
@@ -308,6 +308,7 @@
    <ClCompile Include="wolfcrypt\src\sha.c" />
    <ClCompile Include="wolfcrypt\src\sha256.c" />
    <ClCompile Include="wolfcrypt\src\sha512.c" />
 	<ClCompile Include="wolfcrypt\src\wc_encrypt.c" />
    <ClCompile Include="src\ssl.c" />
    <ClCompile Include="src\tls.c" />
  </ItemGroup>
--- a/wolfssl/internal.h
+++ b/wolfssl/internal.h
@@ -331,7 +331,9 @@ typedef byte word24[3];
    #endif
    #if !defined(NO_HC128) && !defined(NO_RSA) && !defined(NO_TLS)
-        #define BUILD_TLS_RSA_WITH_HC_128_MD5
+        #ifndef NO_MD5
            #define BUILD_TLS_RSA_WITH_HC_128_MD5
        #endif
        #if !defined(NO_SHA)
            #define BUILD_TLS_RSA_WITH_HC_128_SHA
        #endif
@@ -366,13 +368,17 @@ typedef byte word24[3];
    #if !defined(NO_DH) && !defined(NO_PSK) && !defined(NO_TLS)
        #ifndef NO_SHA256
-            #define BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
+            #ifndef NO_AES
                #define BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
            #endif
            #ifdef HAVE_NULL_CIPHER
                #define BUILD_TLS_DHE_PSK_WITH_NULL_SHA256
            #endif
        #endif
        #ifdef WOLFSSL_SHA384
-            #define BUILD_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
+            #ifndef NO_AES
                #define BUILD_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
            #endif
            #ifdef HAVE_NULL_CIPHER
                #define BUILD_TLS_DHE_PSK_WITH_NULL_SHA384
            #endif
@@ -385,46 +391,66 @@ typedef byte word24[3];
                #if !defined(NO_RSA)
                    #define BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
                    #define BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
-                    #define BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
+                    #if defined(WOLFSSL_STATIC_DH)
-                    #define BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
+                        #define BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
                        #define BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
                    #endif
                #endif
                #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
                #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
-                #define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
+                #if defined(WOLFSSL_STATIC_DH)
-                #define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
+                    #define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
                    #define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
                #endif
            #endif /* NO_SHA */
            #ifndef NO_SHA256
                #if !defined(NO_RSA)
                    #define BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
-                    #define BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
+                    #if defined(WOLFSSL_STATIC_DH)
                        #define BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
                    #endif
                #endif
                #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
-                #define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
+                #if defined(WOLFSSL_STATIC_DH)
                    #define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
                #endif
            #endif
            #ifdef WOLFSSL_SHA384
                #if !defined(NO_RSA)
                    #define BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
-                    #define BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
+                    #if defined(WOLFSSL_STATIC_DH)
                        #define BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
                    #endif
                #endif
                #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
-                #define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
+                #if defined(WOLFSSL_STATIC_DH)
                    #define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
                #endif
            #endif
            #if defined (HAVE_AESGCM)
                #if !defined(NO_RSA)
-                    #define BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
+                    #if defined(WOLFSSL_STATIC_DH)
                        #define BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
                    #endif
                    #if defined(WOLFSSL_SHA384)
-                        #define BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
+                        #if defined(WOLFSSL_STATIC_DH)
                            #define BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
                        #endif
                    #endif
                #endif
-                #define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
+                #if defined(WOLFSSL_STATIC_DH)
                    #define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
                #endif
                #if defined(WOLFSSL_SHA384)
-                    #define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
+                    #if defined(WOLFSSL_STATIC_DH)
                        #define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
                    #endif
                #endif
            #endif
        #endif /* NO_AES */
@@ -432,22 +458,30 @@ typedef byte word24[3];
            #if !defined(NO_SHA)
                #if !defined(NO_RSA)
                    #define BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA
-                    #define BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA
+                    #if defined(WOLFSSL_STATIC_DH)
                        #define BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA
                    #endif
                #endif
                #define BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
-                #define BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
+                #if defined(WOLFSSL_STATIC_DH)
                    #define BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
                #endif
            #endif
        #endif
        #if !defined(NO_DES3)
            #ifndef NO_SHA
                #if !defined(NO_RSA)
                    #define BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
-                    #define BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
+                    #if defined(WOLFSSL_STATIC_DH)
                        #define BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
                    #endif
                #endif
                #define BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
-                #define BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
+                #if defined(WOLFSSL_STATIC_DH)
                    #define BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
                #endif
            #endif /* NO_SHA */
        #endif
    #endif
@@ -2215,7 +2249,7 @@ struct WOLFSSL {
    HS_Hashes*      hsHashes;
    void*           IOCB_ReadCtx;
    void*           IOCB_WriteCtx;
-    RNG*            rng;
+    WC_RNG*         rng;
    void*           verifyCbCtx;        /* cert verify callback user ctx*/
    VerifyCallback  verifyCallback;     /* cert verification callback */
    void*           heap;               /* for user overrides */
--- a/wolfssl/sniffer_error.h
+++ b/wolfssl/sniffer_error.h
@@ -107,6 +107,7 @@
 #define CLIENT_HELLO_LATE_KEY_STR 72
 #define GOT_CERT_STATUS_STR 73
 #define RSA_KEY_MISSING_STR 74
 #define NO_SECURE_RENEGOTIATION 75
 /* !!!! also add to msgTable in sniffer.c and .rc file !!!! */
--- a/wolfssl/sniffer_error.rc
+++ b/wolfssl/sniffer_error.rc
@@ -89,5 +89,6 @@ STRINGTABLE
    72, "Late Key Load Error"
    73, "Got Certificate Status msg"
    74, "RSA Key Missing Error"
    75, "Secure Renegotiation Not Supported"
 }
--- a/wolfssl/ssl.h
+++ b/wolfssl/ssl.h
@@ -32,7 +32,11 @@
 #ifndef NO_FILESYSTEM
    #ifdef FREESCALE_MQX
-        #include <fio.h>
+        #if MQX_USE_IO_OLD
            #include <fio.h>
        #else
            #include <nio.h>
        #endif
    #else
        #include <stdio.h>   /* ERR_printf */
    #endif
--- a/wolfssl/test.h
+++ b/wolfssl/test.h
@@ -1520,6 +1520,8 @@ static INLINE int myDecryptVerifyCb(WOLFSSL* ssl,
    /* decrypt */
    ret = wc_AesCbcDecrypt(&decCtx->aes, decOut, decIn, decSz);
    if (ret != 0)
        return ret;
    if (wolfSSL_GetCipherType(ssl) == WOLFSSL_AEAD_TYPE) {
        *padSz = wolfSSL_GetAeadMacSize(ssl);
@@ -1606,7 +1608,7 @@ static INLINE void FreeAtomicUser(WOLFSSL* ssl)
 static INLINE int myEccSign(WOLFSSL* ssl, const byte* in, word32 inSz,
        byte* out, word32* outSz, const byte* key, word32 keySz, void* ctx)
 {
-    RNG     rng;
+    WC_RNG  rng;
    int     ret;
    word32  idx = 0;
    ecc_key myKey;
@@ -1657,7 +1659,7 @@ static INLINE int myEccVerify(WOLFSSL* ssl, const byte* sig, word32 sigSz,
 static INLINE int myRsaSign(WOLFSSL* ssl, const byte* in, word32 inSz,
        byte* out, word32* outSz, const byte* key, word32 keySz, void* ctx)
 {
-    RNG     rng;
+    WC_RNG  rng;
    int     ret;
    word32  idx = 0;
    RsaKey  myKey;
@@ -1715,7 +1717,7 @@ static INLINE int myRsaEnc(WOLFSSL* ssl, const byte* in, word32 inSz,
    int     ret;
    word32  idx = 0;
    RsaKey  myKey;
-    RNG     rng;
+    WC_RNG  rng;
    (void)ssl;
    (void)ctx;
@@ -1820,8 +1822,8 @@ static INLINE const char* mymktemp(char *tempfn, int len, int num)
    int x, size;
    static const char alphanum[] = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ"
                                   "abcdefghijklmnopqrstuvwxyz";
-    RNG rng;
+    WC_RNG rng;
-    byte out;
+    byte   out;
    if (tempfn == NULL || len < 1 || num < 1 || len <= num) {
        printf("Bad input\n");
@@ -1862,7 +1864,7 @@ static INLINE const char* mymktemp(char *tempfn, int len, int num)
    } key_ctx;
    static key_ctx myKey_ctx;
-    static RNG rng;
+    static WC_RNG rng;
    static INLINE int TicketInit(void)
    {
--- a/wolfssl/version.h
+++ b/wolfssl/version.h
@@ -26,8 +26,8 @@
 extern "C" {
 #endif
-#define LIBWOLFSSL_VERSION_STRING "3.6.2"
+#define LIBWOLFSSL_VERSION_STRING "3.6.3"
-#define LIBWOLFSSL_VERSION_HEX 0x03006002
+#define LIBWOLFSSL_VERSION_HEX 0x03006003
 #ifdef __cplusplus
 }
--- a/wolfssl/wolfcrypt/aes.h
+++ b/wolfssl/wolfcrypt/aes.h
@@ -133,12 +133,6 @@ WOLFSSL_API int  wc_AesCbcEncrypt(Aes* aes, byte* out,
                                  const byte* in, word32 sz);
 WOLFSSL_API int  wc_AesCbcDecrypt(Aes* aes, byte* out,
                                  const byte* in, word32 sz);
 WOLFSSL_API int  wc_AesCbcEncryptWithKey(byte* out, const byte* in, word32 inSz,
                                          const byte* key, word32 keySz,
                                          const byte* iv);
 WOLFSSL_API int  wc_AesCbcDecryptWithKey(byte* out, const byte* in, word32 inSz,
                                         const byte* key, word32 keySz,
                                         const byte* iv);
 /* AES-CTR */
 #ifdef WOLFSSL_AES_COUNTER
--- a/wolfssl/wolfcrypt/asn_public.h
+++ b/wolfssl/wolfcrypt/asn_public.h
@@ -149,15 +149,15 @@ typedef struct Cert {
 */
 WOLFSSL_API void wc_InitCert(Cert*);
 WOLFSSL_API int  wc_MakeCert(Cert*, byte* derBuffer, word32 derSz, RsaKey*,
-                         ecc_key*, RNG*);
+                         ecc_key*, WC_RNG*);
 #ifdef WOLFSSL_CERT_REQ
    WOLFSSL_API int  wc_MakeCertReq(Cert*, byte* derBuffer, word32 derSz,
                                    RsaKey*, ecc_key*);
 #endif
 WOLFSSL_API int  wc_SignCert(int requestSz, int sigType, byte* derBuffer,
-                         word32 derSz, RsaKey*, ecc_key*, RNG*);
+                         word32 derSz, RsaKey*, ecc_key*, WC_RNG*);
 WOLFSSL_API int  wc_MakeSelfCert(Cert*, byte* derBuffer, word32 derSz, RsaKey*,
-                             RNG*);
+                             WC_RNG*);
 WOLFSSL_API int  wc_SetIssuer(Cert*, const char*);
 WOLFSSL_API int  wc_SetSubject(Cert*, const char*);
 #ifdef WOLFSSL_ALT_NAMES
@@ -170,7 +170,8 @@ WOLFSSL_API int  wc_SetDatesBuffer(Cert*, const byte*, int);
    #ifdef HAVE_NTRU
        WOLFSSL_API int  wc_MakeNtruCert(Cert*, byte* derBuffer, word32 derSz,
-                                     const byte* ntruKey, word16 keySz, RNG*);
+                                     const byte* ntruKey, word16 keySz,
                                     WC_RNG*);
    #endif
 #endif /* WOLFSSL_CERT_GEN */
--- a/wolfssl/wolfcrypt/curve25519.h
+++ b/wolfssl/wolfcrypt/curve25519.h
@@ -65,7 +65,7 @@ enum {
 };
 WOLFSSL_API
-int wc_curve25519_make_key(RNG* rng, int keysize, curve25519_key* key);
+int wc_curve25519_make_key(WC_RNG* rng, int keysize, curve25519_key* key);
 WOLFSSL_API
 int wc_curve25519_shared_secret(curve25519_key* private_key,
--- a/wolfssl/wolfcrypt/des3.h
+++ b/wolfssl/wolfcrypt/des3.h
@@ -92,12 +92,6 @@ WOLFSSL_API int  wc_Des_CbcDecrypt(Des* des, byte* out,
                                   const byte* in, word32 sz);
 WOLFSSL_API int  wc_Des_EcbEncrypt(Des* des, byte* out,
                                   const byte* in, word32 sz);
 WOLFSSL_API int  wc_Des_CbcDecryptWithKey(byte* out,
                                          const byte* in, word32 sz,
                                          const byte* key, const byte* iv);
 WOLFSSL_API int  wc_Des_CbcEncryptWithKey(byte* out,
                                          const byte* in, word32 sz,
                                          const byte* key, const byte* iv);
 WOLFSSL_API int  wc_Des3_SetKey(Des3* des, const byte* key,
                                const byte* iv,int dir);
@@ -106,12 +100,6 @@ WOLFSSL_API int  wc_Des3_CbcEncrypt(Des3* des, byte* out,
                                    const byte* in,word32 sz);
 WOLFSSL_API int  wc_Des3_CbcDecrypt(Des3* des, byte* out,
                                    const byte* in,word32 sz);
 WOLFSSL_API int  wc_Des3_CbcEncryptWithKey(byte* out,
                                           const byte* in, word32 sz,
                                           const byte* key, const byte* iv);
 WOLFSSL_API int  wc_Des3_CbcDecryptWithKey(byte* out,
                                           const byte* in, word32 sz,
                                           const byte* key, const byte* iv);
 #ifdef HAVE_CAVIUM
    WOLFSSL_API int  wc_Des3_InitCavium(Des3*, int);
--- a/wolfssl/wolfcrypt/dh.h
+++ b/wolfssl/wolfcrypt/dh.h
@@ -43,7 +43,7 @@ typedef struct DhKey {
 WOLFSSL_API void wc_InitDhKey(DhKey* key);
 WOLFSSL_API void wc_FreeDhKey(DhKey* key);
-WOLFSSL_API int wc_DhGenerateKeyPair(DhKey* key, RNG* rng, byte* priv,
+WOLFSSL_API int wc_DhGenerateKeyPair(DhKey* key, WC_RNG* rng, byte* priv,
                                 word32* privSz, byte* pub, word32* pubSz);
 WOLFSSL_API int wc_DhAgree(DhKey* key, byte* agree, word32* agreeSz,
                       const byte* priv, word32 privSz, const byte* otherPub,
--- a/wolfssl/wolfcrypt/dsa.h
+++ b/wolfssl/wolfcrypt/dsa.h
@@ -57,7 +57,7 @@ typedef struct DsaKey {
 WOLFSSL_API void wc_InitDsaKey(DsaKey* key);
 WOLFSSL_API void wc_FreeDsaKey(DsaKey* key);
 WOLFSSL_API int wc_DsaSign(const byte* digest, byte* out,
-                           DsaKey* key, RNG* rng);
+                           DsaKey* key, WC_RNG* rng);
 WOLFSSL_API int wc_DsaVerify(const byte* digest, const byte* sig,
                             DsaKey* key, int* answer);
 WOLFSSL_API int wc_DsaPublicKeyDecode(const byte* input, word32* inOutIdx,
@@ -67,8 +67,8 @@ WOLFSSL_API int wc_DsaPrivateKeyDecode(const byte* input, word32* inOutIdx,
 WOLFSSL_API int wc_DsaKeyToDer(DsaKey* key, byte* output, word32 inLen);
 #ifdef WOLFSSL_KEY_GEN
-WOLFSSL_API int wc_MakeDsaKey(RNG *rng, DsaKey *dsa);
+WOLFSSL_API int wc_MakeDsaKey(WC_RNG *rng, DsaKey *dsa);
-WOLFSSL_API int wc_MakeDsaParameters(RNG *rng, int modulus_size, DsaKey *dsa);
+WOLFSSL_API int wc_MakeDsaParameters(WC_RNG *rng, int modulus_size, DsaKey *dsa);
 #endif
 #ifdef __cplusplus
--- a/wolfssl/wolfcrypt/ecc.h
+++ b/wolfssl/wolfcrypt/ecc.h
@@ -134,7 +134,7 @@ extern const ecc_set_type ecc_sets[];
 WOLFSSL_API
-int wc_ecc_make_key(RNG* rng, int keysize, ecc_key* key);
+int wc_ecc_make_key(WC_RNG* rng, int keysize, ecc_key* key);
 WOLFSSL_API
 int wc_ecc_check_key(ecc_key* key);
 WOLFSSL_API
@@ -145,9 +145,9 @@ int wc_ecc_shared_secret_ssh(ecc_key* private_key, ecc_point* point,
                             byte* out, word32 *outlen);
 WOLFSSL_API
 int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen,
-                     RNG* rng, ecc_key* key);
+                     WC_RNG* rng, ecc_key* key);
 WOLFSSL_API
-int wc_ecc_sign_hash_ex(const byte* in, word32 inlen, RNG* rng,
+int wc_ecc_sign_hash_ex(const byte* in, word32 inlen, WC_RNG* rng,
                        ecc_key* key, mp_int *r, mp_int *s);
 WOLFSSL_API
 int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash,
@@ -248,11 +248,11 @@ enum ecFlags {
 typedef struct ecEncCtx ecEncCtx;
 WOLFSSL_API
-ecEncCtx* wc_ecc_ctx_new(int flags, RNG* rng);
+ecEncCtx* wc_ecc_ctx_new(int flags, WC_RNG* rng);
 WOLFSSL_API
 void wc_ecc_ctx_free(ecEncCtx*);
 WOLFSSL_API
-int wc_ecc_ctx_reset(ecEncCtx*, RNG*);  /* reset for use again w/o alloc/free */
+int wc_ecc_ctx_reset(ecEncCtx*, WC_RNG*);  /* reset for use again w/o alloc/free */
 WOLFSSL_API
 const byte* wc_ecc_ctx_get_own_salt(ecEncCtx*);
--- a/wolfssl/wolfcrypt/ed25519.h
+++ b/wolfssl/wolfcrypt/ed25519.h
@@ -61,7 +61,7 @@ typedef struct {
 WOLFSSL_API
-int wc_ed25519_make_key(RNG* rng, int keysize, ed25519_key* key);
+int wc_ed25519_make_key(WC_RNG* rng, int keysize, ed25519_key* key);
 WOLFSSL_API
 int wc_ed25519_sign_msg(const byte* in, word32 inlen, byte* out,
                        word32 *outlen, ed25519_key* key);
--- a/wolfssl/wolfcrypt/error-crypt.h
+++ b/wolfssl/wolfcrypt/error-crypt.h
@@ -151,6 +151,10 @@ enum {
    ECC_INF_E           = -215,  /* ECC point infinity error */
    ECC_PRIV_KEY_E      = -216,  /* ECC private key not valid error */
    SRP_CALL_ORDER_E    = -217,  /* SRP function called in the wrong order. */
    SRP_VERIFY_E        = -218,  /* SRP proof verification failed. */
    SRP_BAD_KEY_E       = -219,  /* SRP bad ephemeral values. */
    MIN_CODE_E          = -300   /* errors -101 - -299 */
 };
@@ -163,5 +167,3 @@ WOLFSSL_API const char* wc_GetErrorString(int error);
    } /* extern "C" */
 #endif
 #endif /* WOLF_CRYPT_ERROR_H */
--- a/wolfssl/wolfcrypt/hash.h
+++ b/wolfssl/wolfcrypt/hash.h
@@ -22,20 +22,35 @@
 #ifndef WOLF_CRYPT_HASH_H
 #define WOLF_CRYPT_HASH_H
 #include <wolfssl/wolfcrypt/types.h>
 #ifndef NO_MD5
 #include <wolfssl/wolfcrypt/md5.h>
 WOLFSSL_API void wc_Md5GetHash(Md5*, byte*);
 WOLFSSL_API void wc_Md5RestorePos(Md5*, Md5*) ;
 #endif
 #ifndef NO_SHA
 #include <wolfssl/wolfcrypt/sha.h>
 WOLFSSL_API int wc_ShaGetHash(Sha*, byte*);
 WOLFSSL_API void wc_ShaRestorePos(Sha*, Sha*) ;
 WOLFSSL_API int wc_ShaHash(const byte*, word32, byte*);
 #endif
 #ifndef NO_SHA256
 #include <wolfssl/wolfcrypt/sha256.h>
 WOLFSSL_API int wc_Sha256GetHash(Sha256*, byte*);
 WOLFSSL_API void wc_Sha256RestorePos(Sha256*, Sha256*) ;
 WOLFSSL_API int wc_Sha256Hash(const byte*, word32, byte*);
 #endif
-#endif
+#ifdef WOLFSSL_SHA512
 #include <wolfssl/wolfcrypt/sha512.h>
 WOLFSSL_API int wc_Sha512Hash(const byte*, word32, byte*);
    #if defined(WOLFSSL_SHA384)
        WOLFSSL_API int wc_Sha384Hash(const byte*, word32, byte*);
    #endif /* defined(WOLFSSL_SHA384) */
 #endif /* WOLFSSL_SHA512 */
 #endif /* WOLF_CRYPT_HASH_H */
--- a/wolfssl/wolfcrypt/include.am
+++ b/wolfssl/wolfcrypt/include.am
@@ -29,6 +29,7 @@ nobase_include_HEADERS+= \
                         wolfssl/wolfcrypt/md5.h \
                         wolfssl/wolfcrypt/misc.h \
                         wolfssl/wolfcrypt/pkcs7.h \
                         wolfssl/wolfcrypt/wc_encrypt.h \
                         wolfssl/wolfcrypt/wc_port.h \
                         wolfssl/wolfcrypt/pwdbased.h \
                         wolfssl/wolfcrypt/rabbit.h \
@@ -45,6 +46,7 @@ nobase_include_HEADERS+= \
                         wolfssl/wolfcrypt/blake2-int.h \
                         wolfssl/wolfcrypt/blake2-impl.h \
                         wolfssl/wolfcrypt/tfm.h \
                         wolfssl/wolfcrypt/srp.h \
                         wolfssl/wolfcrypt/types.h \
                         wolfssl/wolfcrypt/visibility.h \
                         wolfssl/wolfcrypt/logging.h \
@@ -56,4 +58,3 @@ noinst_HEADERS+= \
                         wolfssl/wolfcrypt/port/pic32/pic32mz-crypt.h \
                         wolfssl/wolfcrypt/port/ti/ti-hash.h \
                         wolfssl/wolfcrypt/port/ti/ti-ccm.h
--- a/wolfssl/wolfcrypt/integer.h
+++ b/wolfssl/wolfcrypt/integer.h
@@ -307,7 +307,7 @@ int mp_radix_size (mp_int * a, int radix, int *size);
 #if defined(HAVE_ECC) || defined(WOLFSSL_KEY_GEN)
    int mp_sqrmod(mp_int* a, mp_int* b, mp_int* c);
 #endif
-#ifdef HAVE_ECC
+#if defined(HAVE_ECC) || defined(WOLFSSL_KEY_GEN)
    int mp_read_radix(mp_int* a, const char* str, int radix);
 #endif
@@ -315,7 +315,7 @@ int mp_radix_size (mp_int * a, int radix, int *size);
    int mp_prime_is_prime (mp_int * a, int t, int *result);
    int mp_gcd (mp_int * a, mp_int * b, mp_int * c);
    int mp_lcm (mp_int * a, mp_int * b, mp_int * c);
-    int mp_rand_prime(mp_int* N, int len, RNG* rng, void* heap);
+    int mp_rand_prime(mp_int* N, int len, WC_RNG* rng, void* heap);
 #endif
 int mp_cnt_lsb(mp_int *a);
--- a/wolfssl/wolfcrypt/pkcs7.h
+++ b/wolfssl/wolfcrypt/pkcs7.h
@@ -73,7 +73,7 @@ typedef struct PKCS7 {
    word32 contentSz;             /* content size                         */
    int contentOID;               /* PKCS#7 content type OID sum          */
-    RNG* rng;
+    WC_RNG* rng;
    int hashOID;
    int encryptOID;               /* key encryption algorithm OID         */
@@ -100,7 +100,7 @@ WOLFSSL_LOCAL int wc_GetContentType(const byte* input, word32* inOutIdx,
                                word32* oid, word32 maxIdx);
 WOLFSSL_LOCAL int wc_CreateRecipientInfo(const byte* cert, word32 certSz,
                                     int keyEncAlgo, int blockKeySz,
-                                     RNG* rng, byte* contentKeyPlain,
+                                     WC_RNG* rng, byte* contentKeyPlain,
                                     byte* contentKeyEnc,
                                     int* keyEncSz, byte* out, word32 outSz);
--- a/wolfssl/wolfcrypt/pwdbased.h
+++ b/wolfssl/wolfcrypt/pwdbased.h
@@ -51,9 +51,9 @@ WOLFSSL_API int wc_PKCS12_PBKDF(byte* output, const byte* passwd, int pLen,
                            int kLen, int typeH, int purpose);
 /* helper functions */
-WOLFSSL_LOCAL int GetDigestSize(int hashType);
+WOLFSSL_LOCAL int GetDigestSize(int typeH);
-WOLFSSL_LOCAL int GetPKCS12HashSizes(int hashType, word32* v, word32* u);
+WOLFSSL_LOCAL int GetPKCS12HashSizes(int typeH, word32* v, word32* u);
-WOLFSSL_LOCAL int DoPKCS12Hash(int hashType, byte* buffer, word32 totalLen,
+WOLFSSL_LOCAL int DoPKCS12Hash(int typeH, byte* buffer, word32 totalLen,
                               byte* Ai, word32 u, int iterations);
--- a/wolfssl/wolfcrypt/random.h
+++ b/wolfssl/wolfcrypt/random.h
@@ -84,11 +84,11 @@ struct DRBG; /* Private DRBG state */
 /* Hash-based Deterministic Random Bit Generator */
-typedef struct RNG {
+typedef struct WC_RNG {
    struct DRBG* drbg;
    OS_Seed seed;
    byte status;
-} RNG;
+} WC_RNG;
 #else /* HAVE_HASHDRBG || NO_RC4 */
@@ -99,36 +99,42 @@ typedef struct RNG {
 /* secure Random Number Generator */
-typedef struct RNG {
+typedef struct WC_RNG {
    OS_Seed seed;
    Arc4    cipher;
 #ifdef HAVE_CAVIUM
    int    devId;           /* nitrox device id */
    word32 magic;           /* using cavium magic */
 #endif
-} RNG;
+} WC_RNG;
 #endif /* HAVE_HASH_DRBG || NO_RC4 */
 #endif /* HAVE_FIPS */
 /* NO_OLD_RNGNAME removes RNG struct name to prevent possible type conflicts,
 * can't be used with CTaoCrypt FIPS */
 #if !defined(NO_OLD_RNGNAME) && !defined(HAVE_FIPS)
    #define RNG WC_RNG
 #endif
 WOLFSSL_LOCAL
 int wc_GenerateSeed(OS_Seed* os, byte* seed, word32 sz);
 #if defined(HAVE_HASHDRBG) || defined(NO_RC4)
 #ifdef HAVE_CAVIUM
-    WOLFSSL_API int  wc_InitRngCavium(RNG*, int);
+    WOLFSSL_API int  wc_InitRngCavium(WC_RNG*, int);
 #endif
 #endif /* HAVE_HASH_DRBG || NO_RC4 */
-WOLFSSL_API int  wc_InitRng(RNG*);
+WOLFSSL_API int  wc_InitRng(WC_RNG*);
-WOLFSSL_API int  wc_RNG_GenerateBlock(RNG*, byte*, word32 sz);
+WOLFSSL_API int  wc_RNG_GenerateBlock(WC_RNG*, byte*, word32 sz);
-WOLFSSL_API int  wc_RNG_GenerateByte(RNG*, byte*);
+WOLFSSL_API int  wc_RNG_GenerateByte(WC_RNG*, byte*);
-WOLFSSL_API int  wc_FreeRng(RNG*);
+WOLFSSL_API int  wc_FreeRng(WC_RNG*);
 #if defined(HAVE_HASHDRBG) || defined(NO_RC4)
--- a/wolfssl/wolfcrypt/rsa.h
+++ b/wolfssl/wolfcrypt/rsa.h
@@ -47,19 +47,6 @@
 enum {
    RSA_PUBLIC   = 0,
    RSA_PRIVATE  = 1,
    RSA_PUBLIC_ENCRYPT  = 0,
    RSA_PUBLIC_DECRYPT  = 1,
    RSA_PRIVATE_ENCRYPT = 2,
    RSA_PRIVATE_DECRYPT = 3,
    RSA_BLOCK_TYPE_1 = 1,
    RSA_BLOCK_TYPE_2 = 2,
    RSA_MIN_SIZE = 512,
    RSA_MAX_SIZE = 4096,
    RSA_MIN_PAD_SZ   = 11      /* seperator + 0 + pad value + 8 pads */
 };
@@ -90,13 +77,13 @@ WOLFSSL_API int  wc_InitRsaKey(RsaKey* key, void*);
 WOLFSSL_API int  wc_FreeRsaKey(RsaKey* key);
 WOLFSSL_API int  wc_RsaPublicEncrypt(const byte* in, word32 inLen, byte* out,
-                                 word32 outLen, RsaKey* key, RNG* rng);
+                                 word32 outLen, RsaKey* key, WC_RNG* rng);
 WOLFSSL_API int  wc_RsaPrivateDecryptInline(byte* in, word32 inLen, byte** out,
                                        RsaKey* key);
 WOLFSSL_API int  wc_RsaPrivateDecrypt(const byte* in, word32 inLen, byte* out,
                                  word32 outLen, RsaKey* key);
 WOLFSSL_API int  wc_RsaSSL_Sign(const byte* in, word32 inLen, byte* out,
-                            word32 outLen, RsaKey* key, RNG* rng);
+                            word32 outLen, RsaKey* key, WC_RNG* rng);
 WOLFSSL_API int  wc_RsaSSL_VerifyInline(byte* in, word32 inLen, byte** out,
                                    RsaKey* key);
 WOLFSSL_API int  wc_RsaSSL_Verify(const byte* in, word32 inLen, byte* out,
@@ -118,7 +105,7 @@ WOLFSSL_API int  wc_RsaFlattenPublicKey(RsaKey*, byte*, word32*, byte*,
                                                                       word32*);
 #ifdef WOLFSSL_KEY_GEN
-    WOLFSSL_API int wc_MakeRsaKey(RsaKey* key, int size, long e, RNG* rng);
+    WOLFSSL_API int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng);
 #endif
 #ifdef HAVE_CAVIUM
--- a/wolfssl/wolfcrypt/settings.h
+++ b/wolfssl/wolfcrypt/settings.h
@@ -111,6 +111,9 @@
 /* Uncomment next line if building for VxWorks */
 /* #define WOLFSSL_VXWORKS */
 /* Uncomment next line to enable deprecated less secure static DH suites */
 /* #define WOLFSSL_STATIC_DH */
 #include <wolfssl/wolfcrypt/visibility.h>
 #ifdef WOLFSSL_USER_SETTINGS
@@ -118,6 +121,12 @@
 #endif
 /* make sure old RNG name is used with CTaoCrypt FIPS */
 #ifdef HAVE_FIPS
    #define WC_RNG RNG
 #endif
 #ifdef IPHONE
    #define SIZEOF_LONG_LONG 8
 #endif
@@ -178,6 +187,7 @@
    #define USE_FAST_MATH
    #define TFM_TIMING_RESISTANT
    #define NEED_AES_TABLES
    #define WOLFSSL_HAVE_MIN
 #endif
 #ifdef WOLFSSL_MICROCHIP_PIC32MZ
@@ -307,6 +317,10 @@
 #ifdef FREERTOS
    #include "FreeRTOS.h"
    /* FreeRTOS pvPortRealloc() only in AVR32_UC3 port */
    #define XMALLOC(s, h, type)  pvPortMalloc((s))
    #define XFREE(p, h, type)    vPortFree((p))
    #ifndef NO_WRITEV
        #define NO_WRITEV
    #endif
@@ -328,7 +342,6 @@
    #endif
    #ifndef SINGLE_THREADED
        #include "FreeRTOS.h"
        #include "semphr.h"
    #endif
 #endif
@@ -454,7 +467,11 @@
    #include "mqx.h"
    #ifndef NO_FILESYSTEM
        #include "mfs.h"
-        #include "fio.h"
+        #if MQX_USE_IO_OLD
            #include "fio.h"
        #else
            #include "nio.h"
        #endif
    #endif
    #ifndef SINGLE_THREADED
        #include "mutex.h"
--- a/wolfssl/wolfcrypt/sha.h
+++ b/wolfssl/wolfcrypt/sha.h
@@ -76,7 +76,6 @@ typedef struct Sha {
 WOLFSSL_API int wc_InitSha(Sha*);
 WOLFSSL_API int wc_ShaUpdate(Sha*, const byte*, word32);
 WOLFSSL_API int wc_ShaFinal(Sha*, byte*);
 WOLFSSL_API int wc_ShaHash(const byte*, word32, byte*);
 #ifdef __cplusplus
    } /* extern "C" */
--- a/wolfssl/wolfcrypt/sha256.h
+++ b/wolfssl/wolfcrypt/sha256.h
@@ -74,7 +74,6 @@ typedef struct Sha256 {
 WOLFSSL_API int wc_InitSha256(Sha256*);
 WOLFSSL_API int wc_Sha256Update(Sha256*, const byte*, word32);
 WOLFSSL_API int wc_Sha256Final(Sha256*, byte*);
 WOLFSSL_API int wc_Sha256Hash(const byte*, word32, byte*);
 #ifdef __cplusplus
    } /* extern "C" */
--- a/wolfssl/wolfcrypt/sha512.h
+++ b/wolfssl/wolfcrypt/sha512.h
@@ -64,7 +64,6 @@ typedef struct Sha512 {
 WOLFSSL_API int wc_InitSha512(Sha512*);
 WOLFSSL_API int wc_Sha512Update(Sha512*, const byte*, word32);
 WOLFSSL_API int wc_Sha512Final(Sha512*, byte*);
 WOLFSSL_API int wc_Sha512Hash(const byte*, word32, byte*);
 #if defined(WOLFSSL_SHA384)
@@ -91,7 +90,6 @@ typedef struct Sha384 {
 WOLFSSL_API int wc_InitSha384(Sha384*);
 WOLFSSL_API int wc_Sha384Update(Sha384*, const byte*, word32);
 WOLFSSL_API int wc_Sha384Final(Sha384*, byte*);
 WOLFSSL_API int wc_Sha384Hash(const byte*, word32, byte*);
 #endif /* WOLFSSL_SHA384 */
--- a/wolfssl/wolfcrypt/srp.h
+++ b/wolfssl/wolfcrypt/srp.h
@@ -0,0 +1,308 @@
 /* srp.h
 *
 * Copyright (C) 2006-2015 wolfSSL Inc.
 *
 * This file is part of wolfSSL. (formerly known as CyaSSL)
 *
 * wolfSSL is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * wolfSSL is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
 */
 #ifdef WOLFCRYPT_HAVE_SRP
 #ifndef WOLFCRYPT_SRP_H
 #define WOLFCRYPT_SRP_H
 #include <wolfssl/wolfcrypt/types.h>
 #include <wolfssl/wolfcrypt/sha.h>
 #include <wolfssl/wolfcrypt/sha256.h>
 #include <wolfssl/wolfcrypt/sha512.h>
 #include <wolfssl/wolfcrypt/integer.h>
 #ifdef __cplusplus
    extern "C" {
 #endif
 /* Select the largest available hash for the buffer size. */
 #if defined(WOLFSSL_SHA512)
    #define SRP_MAX_DIGEST_SIZE SHA512_DIGEST_SIZE
 #elif defined(WOLFSSL_SHA384)
    #define SRP_MAX_DIGEST_SIZE SHA384_DIGEST_SIZE
 #elif !defined(NO_SHA256)
    #define SRP_MAX_DIGEST_SIZE SHA256_DIGEST_SIZE
 #elif !defined(NO_SHA)
    #define SRP_MAX_DIGEST_SIZE SHA_DIGEST_SIZE
 #else
    #error "You have to have some kind of SHA hash if you want to use SRP."
 #endif
 /* Set the minimum number of bits acceptable in an SRP modulus */
 #define SRP_DEFAULT_MIN_BITS 512
 /**
 * SRP side, client or server.
 */
 typedef enum {
    SRP_CLIENT_SIDE  = 0,
    SRP_SERVER_SIDE  = 1,
 } SrpSide;
 /**
 * SRP hash type, SHA[1|256|384|512].
 */
 typedef enum {
    #ifndef NO_SHA
        SRP_TYPE_SHA    = 1,
    #endif
    #ifndef NO_SHA256
        SRP_TYPE_SHA256 = 2,
    #endif
    #ifdef WOLFSSL_SHA384
        SRP_TYPE_SHA384 = 3,
    #endif
    #ifdef WOLFSSL_SHA512
        SRP_TYPE_SHA512 = 4,
    #endif
 } SrpType;
 /**
 * SRP hash struct.
 */
 typedef struct {
    byte type;
    union {
        #ifndef NO_SHA
            Sha sha;
        #endif
        #ifndef NO_SHA256
            Sha256 sha256;
        #endif
        #ifdef WOLFSSL_SHA384
            Sha384 sha384;
        #endif
        #ifdef WOLFSSL_SHA512
            Sha512 sha512;
        #endif
    } data;
 } SrpHash;
 typedef struct Srp {
    SrpSide side;                   /**< Client or Server, @see SrpSide.      */
    SrpType type;                   /**< Hash type, @see SrpType.             */
    byte*   user;                   /**< Username, login.                     */
    word32  userSz;                 /**< Username length.                     */
    byte*   salt;                   /**< Small salt.                          */
    word32  saltSz;                 /**< Salt length.                         */
    mp_int  N;                      /**< Modulus. N = 2q+1, [q, N] are primes.*/
    mp_int  g;                      /**< Generator. A generator modulo N.     */
    byte    k[SRP_MAX_DIGEST_SIZE]; /**< Multiplier parameeter. k = H(N, g)   */
    mp_int  auth;                   /**< Client: x = H(salt + H(user:pswd))   */
                                    /**< Server: v = g ^ x % N                */
    mp_int  priv;                   /**< Private ephemeral value.             */
    SrpHash client_proof;           /**< Client proof. Sent to the Server.    */
    SrpHash server_proof;           /**< Server proof. Sent to the Client.    */
    byte*   key;                    /**< Session key.                         */
    word32  keySz;                  /**< Session key length.                  */
    int (*keyGenFunc_cb) (struct Srp* srp, byte* secret, word32 size);
        /**< Function responsible for generating the session key.             */
        /**< It MUST use XMALLOC with type DYNAMIC_TYPE_SRP to allocate the   */
        /**< key buffer for this structure and set keySz to the buffer size.  */
        /**< The default function used by this implementation is a modified   */
        /**< version of t_mgf1 that uses the proper hash function according   */
        /**< to srp->type.                                                    */
 } Srp;
 /**
 * Initializes the Srp struct for usage.
 *
 * @param[out] srp   the Srp structure to be initialized.
 * @param[in]  type  the hash type to be used.
 * @param[in]  side  the side of the communication.
 *
 * @return 0 on success, {@literal <} 0 on error. @see error-crypt.h
 */
 WOLFSSL_API int wc_SrpInit(Srp* srp, SrpType type, SrpSide side);
 /**
 * Releases the Srp struct resources after usage.
 *
 * @param[in,out] srp    the Srp structure to be terminated.
 */
 WOLFSSL_API void wc_SrpTerm(Srp* srp);
 /**
 * Sets the username.
 *
 * This function MUST be called after wc_SrpInit.
 *
 * @param[in,out] srp       the Srp structure.
 * @param[in]     username  the buffer containing the username.
 * @param[in]     size      the username size in bytes
 *
 * @return 0 on success, {@literal <} 0 on error. @see error-crypt.h
 */
 WOLFSSL_API int wc_SrpSetUsername(Srp* srp, const byte* username, word32 size);
 /**
 * Sets the srp parameeters based on the username.
 *
 * This function MUST be called after wc_SrpSetUsername.
 *
 * @param[in,out] srp       the Srp structure.
 * @param[in]     N         the Modulus. N = 2q+1, [q, N] are primes.
 * @param[in]     nSz       the N size in bytes.
 * @param[in]     g         the Generator modulo N.
 * @param[in]     gSz       the g size in bytes
 * @param[in]     salt      a small random salt. Specific for each username.
 * @param[in]     saltSz    the salt size in bytes
 *
 * @return 0 on success, {@literal <} 0 on error. @see error-crypt.h
 */
 WOLFSSL_API int wc_SrpSetParams(Srp* srp, const byte* N,    word32 nSz,
                                          const byte* g,    word32 gSz,
                                          const byte* salt, word32 saltSz);
 /**
 * Sets the password.
 *
 * Setting the password does not persists the clear password data in the
 * srp structure. The client calculates x = H(salt + H(user:pswd)) and stores
 * it in the auth field.
 *
 * This function MUST be called after wc_SrpSetParams and is CLIENT SIDE ONLY.
 *
 * @param[in,out] srp       the Srp structure.
 * @param[in]     password  the buffer containing the password.
 * @param[in]     size      the password size in bytes.
 *
 * @return 0 on success, {@literal <} 0 on error. @see error-crypt.h
 */
 WOLFSSL_API int wc_SrpSetPassword(Srp* srp, const byte* password, word32 size);
 /**
 * Sets the password.
 *
 * This function MUST be called after wc_SrpSetParams and is SERVER SIDE ONLY.
 *
 * @param[in,out] srp       the Srp structure.
 * @param[in]     verifier  the buffer containing the verifier.
 * @param[in]     size      the verifier size in bytes.
 *
 * @return 0 on success, {@literal <} 0 on error. @see error-crypt.h
 */
 WOLFSSL_API int wc_SrpSetVerifier(Srp* srp, const byte* verifier, word32 size);
 /**
 * Gets the verifier.
 *
 * The client calculates the verifier with v = g ^ x % N.
 * This function MAY be called after wc_SrpSetPassword and is SERVER SIDE ONLY.
 *
 * @param[in,out] srp       the Srp structure.
 * @param[out]    verifier  the buffer to write the verifier.
 * @param[in,out] size      the buffer size in bytes. Will be updated with the
 *                          verifier size.
 *
 * @return 0 on success, {@literal <} 0 on error. @see error-crypt.h
 */
 WOLFSSL_API int wc_SrpGetVerifier(Srp* srp, byte* verifier, word32* size);
 /**
 * Sets the private ephemeral value.
 *
 * The private ephemeral value is known as:
 *   a at the client side. a = random()
 *   b at the server side. b = random()
 * This function is handy for unit test cases or if the developer wants to use
 * an external random source to set the ephemeral value.
 * This function MAY be called before wc_SrpGetPublic.
 *
 * @param[in,out] srp       the Srp structure.
 * @param[in]     private   the ephemeral value.
 * @param[in]     size      the private size in bytes.
 *
 * @return 0 on success, {@literal <} 0 on error. @see error-crypt.h
 */
 WOLFSSL_API int wc_SrpSetPrivate(Srp* srp, const byte* private, word32 size);
 /**
 * Gets the public ephemeral value.
 *
 * The public ephemeral value is known as:
 *   A at the client side. A = g ^ a % N
 *   B at the server side. B = (k * v + (g ˆ b % N)) % N
 * This function MUST be called after wc_SrpSetPassword or wc_SrpSetVerifier.
 *
 * @param[in,out] srp       the Srp structure.
 * @param[out]    public    the buffer to write the public ephemeral value.
 * @param[in,out] size      the the buffer size in bytes. Will be updated with
 *                          the ephemeral value size.
 *
 * @return 0 on success, {@literal <} 0 on error. @see error-crypt.h
 */
 WOLFSSL_API int wc_SrpGetPublic(Srp* srp, byte* public, word32* size);
 /**
 * Computes the session key.
 *
 * This function is handy for unit test cases or if the developer wants to use
 * an external random source to set the ephemeral value.
 * This function MUST be called after wc_SrpSetPassword or wc_SrpSetVerifier.
 *
 * @param[in,out] srp       the Srp structure.
 * @param[out]    public    the buffer to write the public ephemeral value.
 * @param[in,out] size      the the buffer size in bytes. Will be updated with
                            the ephemeral value size.
 *
 * @return 0 on success, {@literal <} 0 on error. @see error-crypt.h
 */
 WOLFSSL_API int wc_SrpComputeKey(Srp* srp,
                                 byte* clientPubKey, word32 clientPubKeySz,
                                 byte* serverPubKey, word32 serverPubKeySz);
 /**
 * Gets the proof.
 *
 * This function MUST be called after wc_SrpComputeKey.
 *
 * @param[in,out] srp   the Srp structure.
 * @param[out]    proof the buffer to write the proof.
 * @param[in,out] size  the buffer size in bytes. Will be updated with the
 *                          proof size.
 *
 * @return 0 on success, {@literal <} 0 on error. @see error-crypt.h
 */
 WOLFSSL_API int wc_SrpGetProof(Srp* srp, byte* proof, word32* size);
 /**
 * Verifies the peers proof.
 *
 * This function MUST be called before wc_SrpGetSessionKey.
 *
 * @param[in,out] srp   the Srp structure.
 * @param[in]     proof the peers proof.
 * @param[in]     size  the proof size in bytes.
 *
 * @return 0 on success, {@literal <} 0 on error. @see error-crypt.h
 */
 WOLFSSL_API int wc_SrpVerifyPeersProof(Srp* srp, byte* proof, word32 size);
 #ifdef __cplusplus
   } /* extern "C" */
 #endif
 #endif /* WOLFCRYPT_SRP_H */
 #endif /* WOLFCRYPT_HAVE_SRP */
--- a/wolfssl/wolfcrypt/tfm.h
+++ b/wolfssl/wolfcrypt/tfm.h
@@ -718,7 +718,7 @@ int mp_radix_size (mp_int * a, int radix, int *size);
 int  mp_gcd(fp_int *a, fp_int *b, fp_int *c);
 int  mp_lcm(fp_int *a, fp_int *b, fp_int *c);
 int  mp_prime_is_prime(mp_int* a, int t, int* result);
-int  mp_rand_prime(mp_int* N, int len, RNG* rng, void* heap);
+int  mp_rand_prime(mp_int* N, int len, WC_RNG* rng, void* heap);
 int  mp_exch(mp_int *a, mp_int *b);
 #endif /* WOLFSSL_KEY_GEN */
--- a/wolfssl/wolfcrypt/types.h
+++ b/wolfssl/wolfcrypt/types.h
@@ -143,6 +143,9 @@
 	#ifdef HAVE_THREAD_LS
 	    #if defined(_MSC_VER)
 	        #define THREAD_LS_T __declspec(thread)
 	    /* Thread local storage only in FreeRTOS v8.2.1 and higher */
 	    #elif defined(FREERTOS)
 	        #define THREAD_LS_T
 	    #else
 	        #define THREAD_LS_T __thread
 	    #endif
@@ -176,7 +179,7 @@
 	    #define XREALLOC(p, n, h, t) realloc((p), (n))
 	#elif !defined(MICRIUM_MALLOC) && !defined(EBSNET) \
 	        && !defined(WOLFSSL_SAFERTOS) && !defined(FREESCALE_MQX) \
-	        && !defined(WOLFSSL_LEANPSK)
+	        && !defined(WOLFSSL_LEANPSK) && !defined(FREERTOS)
 	    /* default C runtime, can install different routines at runtime via cbs */
 	    #include <wolfssl/wolfcrypt/memory.h>
 	    #define XMALLOC(s, h, t)     ((void)h, (void)t, wolfSSL_Malloc((s)))
@@ -212,7 +215,7 @@
 	#ifndef CTYPE_USER
 	    #include <ctype.h>
-	    #if defined(HAVE_ECC) || defined(HAVE_OCSP)
+	    #if defined(HAVE_ECC) || defined(HAVE_OCSP) || defined(WOLFSSL_KEY_GEN)
 	        #define XTOUPPER(c)     toupper((c))
 	        #define XISALPHA(c)     isalpha((c))
 	    #endif
@@ -268,7 +271,8 @@
 	    DYNAMIC_TYPE_TLSX         = 43,
 	    DYNAMIC_TYPE_OCSP         = 44,
 	    DYNAMIC_TYPE_SIGNATURE    = 45,
-	    DYNAMIC_TYPE_HASHES       = 46
+	    DYNAMIC_TYPE_HASHES       = 46,
 		DYNAMIC_TYPE_SRP          = 47,
 	};
 	/* max error buffer string size */
--- a/wolfssl/wolfcrypt/wc_encrypt.h
+++ b/wolfssl/wolfcrypt/wc_encrypt.h
@@ -0,0 +1,62 @@
 /* wc_encrypt.h
 *
 * Copyright (C) 2006-2015 wolfSSL Inc.
 *
 * This file is part of wolfSSL. (formerly known as CyaSSL)
 *
 * wolfSSL is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * wolfSSL is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
 */
 #ifndef WOLF_CRYPT_ENCRYPT_H
 #define WOLF_CRYPT_ENCRYPT_H
 #include <wolfssl/wolfcrypt/types.h>
 #ifdef __cplusplus
    extern "C" {
 #endif
 #ifndef NO_AES
 WOLFSSL_API int  wc_AesCbcEncryptWithKey(byte* out, const byte* in, word32 inSz,
                                         const byte* key, word32 keySz,
                                         const byte* iv);
 WOLFSSL_API int  wc_AesCbcDecryptWithKey(byte* out, const byte* in, word32 inSz,
                                         const byte* key, word32 keySz,
                                         const byte* iv);
 #endif /* !NO_AES */
 #ifndef NO_DES3
 WOLFSSL_API int  wc_Des_CbcDecryptWithKey(byte* out,
                                          const byte* in, word32 sz,
                                          const byte* key, const byte* iv);
 WOLFSSL_API int  wc_Des_CbcEncryptWithKey(byte* out,
                                          const byte* in, word32 sz,
                                          const byte* key, const byte* iv);
 WOLFSSL_API int  wc_Des3_CbcEncryptWithKey(byte* out,
                                           const byte* in, word32 sz,
                                           const byte* key, const byte* iv);
 WOLFSSL_API int  wc_Des3_CbcDecryptWithKey(byte* out,
                                           const byte* in, word32 sz,
                                           const byte* key, const byte* iv);
 #endif /* !NO_DES3 */
 #ifdef __cplusplus
    }  /* extern "C" */
 #endif
 #endif /* WOLF_CRYPT_ENCRYPT_H */
		`@@ -0,0 +1 @@`
							`Before creating any new configure files (.conf) read the CONF_FILES_README.md`