From f1ed3cefc4d349aa31067c1e4a41033ea32b5f48 Mon Sep 17 00:00:00 2001
From: toddouska <todd@yassl.com>
Date: Mon, 20 Aug 2012 16:38:43 -0700
Subject: [PATCH 1/6] SafeRTOS memory macros

---
 cyassl/ctaocrypt/settings.h | 5 +++++
 cyassl/ctaocrypt/types.h    | 2 +-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/cyassl/ctaocrypt/settings.h b/cyassl/ctaocrypt/settings.h
index 678d03294..7b92f6224 100644
--- a/cyassl/ctaocrypt/settings.h
+++ b/cyassl/ctaocrypt/settings.h
@@ -170,6 +170,11 @@
     #ifndef SINGLE_THREADED
         #include "SafeRTOS/semphr.h"
     #endif
+
+    #include "SafeRTOS/heap.h"
+    #define XMALLOC(s, h, type)  pvPortMalloc((s))
+    #define XFREE(p, h, type)    vPortFree((p)) 
+    #define XREALLOC(p, n, h, t) pvPortRealloc((p), (n))
 #endif
 
 #ifdef MICRIUM
diff --git a/cyassl/ctaocrypt/types.h b/cyassl/ctaocrypt/types.h
index 210c8bcb8..0c9bff635 100644
--- a/cyassl/ctaocrypt/types.h
+++ b/cyassl/ctaocrypt/types.h
@@ -148,7 +148,7 @@ enum {
     extern void *XMALLOC(size_t n, void* heap, int type);
     extern void *XREALLOC(void *p, size_t n, void* heap, int type);
     extern void XFREE(void *p, void* heap, int type);
-#elif !defined(MICRIUM_MALLOC) && !defined(EBSNET)
+#elif !defined(MICRIUM_MALLOC) && !defined(EBSNET) && !defined(CYASSL_SAFERTOS)
     /* default C runtime, can install different routines at runtime */
     #include <cyassl/ctaocrypt/memory.h>
     #define XMALLOC(s, h, t)     CyaSSL_Malloc((s))

From e2ae36f149bdde75c59c1392469e9b1e64daf52c Mon Sep 17 00:00:00 2001
From: toddouska <todd@yassl.com>
Date: Mon, 20 Aug 2012 16:40:41 -0700
Subject: [PATCH 2/6] add multi job support to first precommit make test

---
 commit-tests.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/commit-tests.sh b/commit-tests.sh
index a1879f707..c9aff4d51 100755
--- a/commit-tests.sh
+++ b/commit-tests.sh
@@ -5,7 +5,7 @@
 
 # make sure current config is ok
 echo -e "\n\nTesting current config...\n\n"
-make test;
+make -j 8 test;
 RESULT=$?
 [ $RESULT -ne 0 ] && echo -e "\n\nCurrent config make test failed" && exit 1
 

From 7a12fb3e6b51152141737094c3918b5a65181665 Mon Sep 17 00:00:00 2001
From: toddouska <todd@yassl.com>
Date: Mon, 20 Aug 2012 16:58:11 -0700
Subject: [PATCH 3/6] IAR inlining and enum warning off

---
 cyassl/ctaocrypt/settings.h | 4 ++++
 cyassl/ctaocrypt/types.h    | 2 ++
 2 files changed, 6 insertions(+)

diff --git a/cyassl/ctaocrypt/settings.h b/cyassl/ctaocrypt/settings.h
index 7b92f6224..8fcb58b67 100644
--- a/cyassl/ctaocrypt/settings.h
+++ b/cyassl/ctaocrypt/settings.h
@@ -164,6 +164,10 @@
     #endif
     #define CYASSL_LWIP
     #define CYASSL_SAFERTOS
+    #if defined(__IAR_SYSTEMS_ICC__)
+        /* enum uses enum */
+        #pragma diag_suppress=Pa089
+    #endif
 #endif
 
 #ifdef CYASSL_SAFERTOS
diff --git a/cyassl/ctaocrypt/types.h b/cyassl/ctaocrypt/types.h
index 0c9bff635..0704b0b5c 100644
--- a/cyassl/ctaocrypt/types.h
+++ b/cyassl/ctaocrypt/types.h
@@ -108,6 +108,8 @@ enum {
         #define INLINE inline
     #elif defined(THREADX)
         #define INLINE _Inline
+    #elif defined(__IAR_SYSTEMS_ICC__)
+        #define INLINE inline
     #else
         #define INLINE 
     #endif

From 501c6a67e7de2b505fb961e647dc16596340618c Mon Sep 17 00:00:00 2001
From: John Safranek <jasaf@mac.com>
Date: Mon, 20 Aug 2012 17:02:25 -0700
Subject: [PATCH 4/6] client to use non-blocking sockets in resume test if
 enabled

---
 examples/client/client.c | 27 ++++++++++++++++++++++++---
 1 file changed, 24 insertions(+), 3 deletions(-)

diff --git a/examples/client/client.c b/examples/client/client.c
index ef3472448..84aab662e 100644
--- a/examples/client/client.c
+++ b/examples/client/client.c
@@ -354,7 +354,7 @@ void client_test(void* args)
     #endif
 #endif
     showPeer(ssl);
-    
+
     if (sendGET) {
         printf("SSL connect ok, sending GET...\n");
         msgSz = 28;
@@ -409,8 +409,20 @@ void client_test(void* args)
     CyaSSL_set_fd(sslResume, sockfd);
     CyaSSL_set_session(sslResume, session);
    
-    showPeer(sslResume); 
-    if (CyaSSL_connect(sslResume) != SSL_SUCCESS) err_sys("SSL resume failed");
+    showPeer(sslResume);
+#ifdef NON_BLOCKING
+    tcp_set_nonblocking(&sockfd);
+    NonBlockingSSL_Connect(sslResume);
+#else
+    #ifndef CYASSL_CALLBACKS
+        if (CyaSSL_connect(sslResume) != SSL_SUCCESS)
+            err_sys("SSL resume failed");
+    #else
+        timeout.tv_sec  = 2;
+        timeout.tv_usec = 0;
+        NonBlockingSSL_Connect(ssl);  /* will keep retrying on timeout */
+    #endif
+#endif
 
 #ifdef OPENSSL_EXTRA
     if (CyaSSL_session_reused(sslResume))
@@ -422,6 +434,15 @@ void client_test(void* args)
     if (CyaSSL_write(sslResume, resumeMsg, resumeSz) != resumeSz)
         err_sys("SSL_write failed");
 
+#ifdef NON_BLOCKING
+    /* need to give server a chance to bounce a message back to client */
+    #ifdef USE_WINDOWS_API
+        Sleep(500);
+    #else
+        sleep(1);
+    #endif
+#endif
+
     input = CyaSSL_read(sslResume, reply, sizeof(reply));
     if (input > 0) {
         reply[input] = 0;

From 87762e9012a1d4914b66936f842b905059707b9e Mon Sep 17 00:00:00 2001
From: toddouska <todd@yassl.com>
Date: Wed, 22 Aug 2012 11:07:40 -0700
Subject: [PATCH 5/6] SafeRTOS client test fixes

---
 ctaocrypt/src/random.c      | 13 +++++++++++++
 cyassl/ctaocrypt/settings.h |  9 +++++++++
 src/ssl.c                   |  8 ++++----
 3 files changed, 26 insertions(+), 4 deletions(-)

diff --git a/ctaocrypt/src/random.c b/ctaocrypt/src/random.c
index 33a282b02..aabc19926 100644
--- a/ctaocrypt/src/random.c
+++ b/ctaocrypt/src/random.c
@@ -146,6 +146,19 @@ int GenerateSeed(OS_Seed* os, byte* output, word32 sz)
     return 0;
 }
 
+#elif defined(CYASSL_SAFERTOS)
+
+#warning "write a real random seed!!!!, just for testing now"
+
+int GenerateSeed(OS_Seed* os, byte* output, word32 sz)
+{
+    int i;
+    for (i = 0; i < sz; i++ )
+        output[i] = i;
+
+    return 0;
+}
+
 #elif defined(NO_DEV_RANDOM)
 
 #error "you need to write an os specific GenerateSeed() here"
diff --git a/cyassl/ctaocrypt/settings.h b/cyassl/ctaocrypt/settings.h
index 8fcb58b67..ad93345a8 100644
--- a/cyassl/ctaocrypt/settings.h
+++ b/cyassl/ctaocrypt/settings.h
@@ -150,6 +150,8 @@
 #endif
 
 #ifdef CYASSL_LSR
+    #define SIZEOF_LONG_LONG 8
+    #define CYASSL_LOW_MEMORY
     #define NO_WRITEV
     #define NO_SHA512
     #define NO_DH
@@ -160,6 +162,7 @@
     #define NO_RABBIT
     #ifndef NO_FILESYSTEM
         #define LSR_FS
+        #include "inc/hw_types.h"
         #include "fs.h"
     #endif
     #define CYASSL_LWIP
@@ -181,6 +184,12 @@
     #define XREALLOC(p, n, h, t) pvPortRealloc((p), (n))
 #endif
 
+#ifdef CYASSL_LOW_MEMORY
+    #define RSA_LOW_MEM
+    #define CYASSL_SMALL_STACK
+    #define TFM_TIMING_RESISTANT
+#endif
+
 #ifdef MICRIUM
 
     #include "stdlib.h"
diff --git a/src/ssl.c b/src/ssl.c
index 875dccae6..c5fde9818 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -1217,11 +1217,11 @@ static int ProcessChainBuffer(CYASSL_CTX* ctx, const unsigned char* buff,
 #elif defined(LSR_FS)
     #include <fs.h>
     #define XFILE                   struct fs_file*
-    #define XFOPEN(NAME, MODE)      fs_open(NAME);
-    #define XFSEEK
+    #define XFOPEN(NAME, MODE)      fs_open((char*)NAME);
+    #define XFSEEK(F, O, W)         (void)F
     #define XFTELL(F)               (F)->len
-    #define XREWIND
-    #define XFREAD(BUF, SZ, AMT, F) fs_read(F, BUF, SZ*AMT)
+    #define XREWIND(F)              (void)F
+    #define XFREAD(BUF, SZ, AMT, F) fs_read(F, (char*)BUF, SZ*AMT)
     #define XFCLOSE                 fs_close
     #define XSEEK_END               0
     #define XBADFILE                NULL

From 31d036178e3c39c03ceb2bb3d6c3628ec420ecc2 Mon Sep 17 00:00:00 2001
From: John Safranek <jasaf@mac.com>
Date: Wed, 22 Aug 2012 14:06:08 -0700
Subject: [PATCH 6/6] fix DTLS cookies and session resumption

---
 src/ssl.c | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/src/ssl.c b/src/ssl.c
index 875dccae6..f4c40ec06 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -2254,7 +2254,10 @@ int CyaSSL_set_cipher_list(CYASSL* ssl, const char* list)
             neededState = ssl->options.resuming ? SERVER_FINISHED_COMPLETE :
                                           SERVER_HELLODONE_COMPLETE;
             #ifdef CYASSL_DTLS
-                if (ssl->options.dtls && !ssl->options.resuming)
+                /* In DTLS, when resuming, we can go straight to FINISHED,
+                 * or do a cookie exchange and then skip to FINISHED, assume
+                 * we need the cookie exchange first. */
+                if (ssl->options.dtls)
                     neededState = SERVER_HELLOVERIFYREQUEST_COMPLETE;
             #endif
             /* get response */
@@ -2281,7 +2284,7 @@ int CyaSSL_set_cipher_list(CYASSL* ssl, const char* list)
                 return SSL_SUCCESS;
 
             #ifdef CYASSL_DTLS
-                if (ssl->options.dtls && !ssl->options.resuming) {
+                if (ssl->options.dtls) {
                     /* re-init hashes, exclude first hello and verify request */
                     InitMd5(&ssl->hashMd5);
                     InitSha(&ssl->hashSha);
@@ -2501,7 +2504,7 @@ int CyaSSL_set_cipher_list(CYASSL* ssl, const char* list)
 
         case ACCEPT_CLIENT_HELLO_DONE :
             #ifdef CYASSL_DTLS
-                if (ssl->options.dtls && !ssl->options.resuming)
+                if (ssl->options.dtls)
                     if ( (ssl->error = SendHelloVerifyRequest(ssl)) != 0) {
                         CYASSL_ERROR(ssl->error);
                         return SSL_FATAL_ERROR;
@@ -2512,7 +2515,7 @@ int CyaSSL_set_cipher_list(CYASSL* ssl, const char* list)
 
         case HELLO_VERIFY_SENT:
             #ifdef CYASSL_DTLS
-                if (ssl->options.dtls && !ssl->options.resuming) {
+                if (ssl->options.dtls) {
                     ssl->options.clientState = NULL_STATE;  /* get again */
                     /* re-init hashes, exclude first hello and verify request */
                     InitMd5(&ssl->hashMd5);