From 6e1436294082bd7412839b5d6796c105298be006 Mon Sep 17 00:00:00 2001
From: Jay Satiro <raysatiro@yahoo.com>
Date: Mon, 23 Mar 2015 02:12:01 -0400
Subject: [PATCH 001/350] build: Add DLL configurations to wolfssl64.sln and
 all vcxproj files

- Remove extern from declspec in WOLFSSL_API macro.

- Add a property file to *.vcxproj so that $(DefaultPlatformToolset) is
available.

- Remove the specified platform toolset (VS 2012) in *.vcxproj.

This change allows the projects to use $(DefaultPlatformToolset) so that
they will be built using the default platform toolset for whatever
version of Visual Studio 2010+ that loads them.

- Add DLL Release and DLL Debug configurations to *.vcxproj except for
sslSniffer.vcxproj.

The sniffer uses internal library components that aren't exposed in the
wolfSSL DLL so it can only be built by linking to CyaSSL's static lib.

- Change intermediate output directory of obj files to
<current-dir-setting>\obj\.

The purpose of this change is to separate the output files from the
intermediate files because sometimes they can end up in the same dir.
---
 examples/client/client.vcxproj               | 160 +++++++++++++++++-
 examples/client/client.vcxproj.props         |  44 +++++
 examples/echoclient/echoclient.vcxproj       | 160 +++++++++++++++++-
 examples/echoclient/echoclient.vcxproj.props |  44 +++++
 examples/echoserver/echoserver.vcxproj       | 160 +++++++++++++++++-
 examples/echoserver/echoserver.vcxproj.props |  44 +++++
 examples/server/server.vcxproj               | 160 +++++++++++++++++-
 examples/server/server.vcxproj.props         |  44 +++++
 sslSniffer/sslSniffer.vcxproj                |  15 +-
 sslSniffer/sslSniffer.vcxproj.props          |  44 +++++
 testsuite/testsuite.vcxproj                  | 160 +++++++++++++++++-
 testsuite/testsuite.vcxproj.props            |  44 +++++
 wolfssl.vcxproj                              | 167 +++++++++++++++++--
 wolfssl.vcxproj.props                        |  44 +++++
 wolfssl/wolfcrypt/visibility.h               |   4 +-
 wolfssl64.sln                                |  58 ++++++-
 16 files changed, 1300 insertions(+), 52 deletions(-)
 create mode 100644 examples/client/client.vcxproj.props
 create mode 100644 examples/echoclient/echoclient.vcxproj.props
 create mode 100644 examples/echoserver/echoserver.vcxproj.props
 create mode 100644 examples/server/server.vcxproj.props
 create mode 100644 sslSniffer/sslSniffer.vcxproj.props
 create mode 100644 testsuite/testsuite.vcxproj.props
 create mode 100644 wolfssl.vcxproj.props

diff --git a/examples/client/client.vcxproj b/examples/client/client.vcxproj
index 4442c56fd..eed2b0f81 100644
--- a/examples/client/client.vcxproj
+++ b/examples/client/client.vcxproj
@@ -9,6 +9,22 @@
       <Configuration>Debug</Configuration>
       <Platform>x64</Platform>
     </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Debug|Win32">
+      <Configuration>DLL Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Debug|x64">
+      <Configuration>DLL Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Release|Win32">
+      <Configuration>DLL Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Release|x64">
+      <Configuration>DLL Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
     <ProjectConfiguration Include="Release|Win32">
       <Configuration>Release</Configuration>
       <Platform>Win32</Platform>
@@ -24,26 +40,41 @@
     <Keyword>Win32Proj</Keyword>
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <Import Project="client.vcxproj.props" />
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
-    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
     <CharacterSet>Unicode</CharacterSet>
     <WholeProgramOptimization>true</WholeProgramOptimization>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
-    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
     <CharacterSet>Unicode</CharacterSet>
     <WholeProgramOptimization>true</WholeProgramOptimization>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
-    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
-    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
@@ -52,34 +83,70 @@
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
   <PropertyGroup Label="UserMacros" />
   <PropertyGroup>
     <_ProjectFileVersion>11.0.61030.0</_ProjectFileVersion>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
     <OutDir>$(SolutionDir)$(Configuration)\</OutDir>
-    <IntDir>$(Configuration)\</IntDir>
+    <IntDir>$(Configuration)\obj\</IntDir>
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'">
+    <OutDir>$(SolutionDir)$(Configuration)\</OutDir>
+    <IntDir>$(Configuration)\obj\</IntDir>
     <LinkIncremental>true</LinkIncremental>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
     <LinkIncremental>true</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>
+    <IntDir>$(Platform)\$(Configuration)\obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">
+    <LinkIncremental>true</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>
+    <IntDir>$(Platform)\$(Configuration)\obj\</IntDir>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
     <OutDir>$(SolutionDir)$(Configuration)\</OutDir>
-    <IntDir>$(Configuration)\</IntDir>
+    <IntDir>$(Configuration)\obj\</IntDir>
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'">
+    <OutDir>$(SolutionDir)$(Configuration)\</OutDir>
+    <IntDir>$(Configuration)\obj\</IntDir>
     <LinkIncremental>false</LinkIncremental>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
     <LinkIncremental>false</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>
+    <IntDir>$(Platform)\$(Configuration)\obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">
+    <LinkIncremental>false</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>
+    <IntDir>$(Platform)\$(Configuration)\obj\</IntDir>
   </PropertyGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
     <ClCompile>
@@ -101,6 +168,26 @@
       <ImageHasSafeExceptionHandlers>false</ImageHasSafeExceptionHandlers>
     </Link>
   </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;OPENSSL_EXTRA;NO_PSK;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MinimalRebuild>true</MinimalRebuild>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>EditAndContinue</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <TargetMachine>MachineX86</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
     <ClCompile>
       <Optimization>Disabled</Optimization>
@@ -119,6 +206,24 @@
       <SubSystem>Console</SubSystem>
     </Link>
   </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;OPENSSL_EXTRA;NO_PSK;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+    </Link>
+  </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
     <ClCompile>
       <Optimization>MaxSpeed</Optimization>
@@ -141,6 +246,28 @@
       <ImageHasSafeExceptionHandlers>false</ImageHasSafeExceptionHandlers>
     </Link>
   </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <AdditionalIncludeDirectories>../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;OPENSSL_EXTRA;NO_PSK;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <TargetMachine>MachineX86</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
     <ClCompile>
       <Optimization>MaxSpeed</Optimization>
@@ -162,6 +289,27 @@
       <EnableCOMDATFolding>true</EnableCOMDATFolding>
     </Link>
   </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <AdditionalIncludeDirectories>../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;OPENSSL_EXTRA;NO_PSK;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+    </Link>
+  </ItemDefinitionGroup>
   <ItemGroup>
     <ClCompile Include="client.c" />
   </ItemGroup>
diff --git a/examples/client/client.vcxproj.props b/examples/client/client.vcxproj.props
new file mode 100644
index 000000000..97cb4c2ec
--- /dev/null
+++ b/examples/client/client.vcxproj.props
@@ -0,0 +1,44 @@
+<!--
+****************************************************************************************************
+Property file for specifying PlatformToolset.
+
+WARNING:  DO NOT MODIFY this file unless you are knowledgeable about MSBuild and have
+          created a backup copy.  Incorrect changes to this file will make it
+          impossible to load or build your projects from the command-line or the IDE.
+
+This file should be included immediately after Microsoft.Cpp.Default.props in every vcxproj.
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <Import Project="project-name.vcxproj.props" />
+
+Copyright (C) 2014 Jay Satiro <raysatiro@yahoo.com>. All rights reserved. https://github.com/jay
+****************************************************************************************************
+-->
+
+<Project xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <PropertyGroup>
+<!--
+VS2010 specific: 'DefaultPlatformToolset' isn't an inherited MS property so it must be defined here.
+-->
+    <DefaultPlatformToolset Condition="'$(DefaultPlatformToolset)' == '' and '$(VisualStudioVersion)' == '10.0'">v100</DefaultPlatformToolset>
+<!--
+In Visual Studio what is referred to in the documentation as the default platform toolset is
+whatever is in the inherited MS property 'PlatformToolset' and _not_ 'DefaultPlatformToolset'. That
+means in Visual Studio 2010, 2012 and 2013 the default platform toolset is v100 (VS2010 compiler).
+
+http://msdn.microsoft.com/en-us/library/8x480de8(v=vs.110).aspx
+http://msdn.microsoft.com/en-us/library/8x480de8(v=vs.120).aspx
+
+The default platform toolset for my projects should be the toolset included with whatever version of
+Visual Studio is being used. That can be found in 'DefaultPlatformToolset', eg:
+
+Visual Studio 2010 $(DefaultPlatformToolset): v100
+Visual Studio 2012 $(DefaultPlatformToolset): v110
+Visual Studio 2013 $(DefaultPlatformToolset): v120
+
+This way the projects will be built properly using the appropriate toolset no matter which version
+of Visual Studio (>= 2010) the project files are opened in (eg Visual Studio 2012 should compile
+project using its 2012 compiler) and without any project upgrade notices.
+-->
+    <PlatformToolset>$(DefaultPlatformToolset)</PlatformToolset>
+  </PropertyGroup>
+</Project>
diff --git a/examples/echoclient/echoclient.vcxproj b/examples/echoclient/echoclient.vcxproj
index 342bb9ca5..5ca5d43ad 100644
--- a/examples/echoclient/echoclient.vcxproj
+++ b/examples/echoclient/echoclient.vcxproj
@@ -9,6 +9,22 @@
       <Configuration>Debug</Configuration>
       <Platform>x64</Platform>
     </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Debug|Win32">
+      <Configuration>DLL Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Debug|x64">
+      <Configuration>DLL Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Release|Win32">
+      <Configuration>DLL Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Release|x64">
+      <Configuration>DLL Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
     <ProjectConfiguration Include="Release|Win32">
       <Configuration>Release</Configuration>
       <Platform>Win32</Platform>
@@ -24,26 +40,41 @@
     <Keyword>Win32Proj</Keyword>
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <Import Project="echoclient.vcxproj.props" />
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
-    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
     <CharacterSet>Unicode</CharacterSet>
     <WholeProgramOptimization>true</WholeProgramOptimization>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
-    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
     <CharacterSet>Unicode</CharacterSet>
     <WholeProgramOptimization>true</WholeProgramOptimization>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
-    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
-    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
@@ -52,34 +83,70 @@
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
   <PropertyGroup Label="UserMacros" />
   <PropertyGroup>
     <_ProjectFileVersion>11.0.61030.0</_ProjectFileVersion>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
     <OutDir>$(SolutionDir)$(Configuration)\</OutDir>
-    <IntDir>$(Configuration)\</IntDir>
+    <IntDir>$(Configuration)\obj\</IntDir>
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'">
+    <OutDir>$(SolutionDir)$(Configuration)\</OutDir>
+    <IntDir>$(Configuration)\obj\</IntDir>
     <LinkIncremental>true</LinkIncremental>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
     <LinkIncremental>true</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>
+    <IntDir>$(Platform)\$(Configuration)\obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">
+    <LinkIncremental>true</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>
+    <IntDir>$(Platform)\$(Configuration)\obj\</IntDir>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
     <OutDir>$(SolutionDir)$(Configuration)\</OutDir>
-    <IntDir>$(Configuration)\</IntDir>
+    <IntDir>$(Configuration)\obj\</IntDir>
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'">
+    <OutDir>$(SolutionDir)$(Configuration)\</OutDir>
+    <IntDir>$(Configuration)\obj\</IntDir>
     <LinkIncremental>false</LinkIncremental>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
     <LinkIncremental>false</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>
+    <IntDir>$(Platform)\$(Configuration)\obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">
+    <LinkIncremental>false</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>
+    <IntDir>$(Platform)\$(Configuration)\obj\</IntDir>
   </PropertyGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
     <ClCompile>
@@ -102,6 +169,26 @@
 
     </Link>
   </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;OPENSSL_EXTRA;NO_PSK;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MinimalRebuild>true</MinimalRebuild>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>EditAndContinue</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <TargetMachine>MachineX86</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
     <ClCompile>
       <Optimization>Disabled</Optimization>
@@ -120,6 +207,24 @@
       <SubSystem>Console</SubSystem>
     </Link>
   </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;OPENSSL_EXTRA;NO_PSK;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+    </Link>
+  </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
     <ClCompile>
       <Optimization>MaxSpeed</Optimization>
@@ -143,6 +248,28 @@
 
     </Link>
   </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <AdditionalIncludeDirectories>../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;OPENSSL_EXTRA;NO_PSK;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <TargetMachine>MachineX86</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
     <ClCompile>
       <Optimization>MaxSpeed</Optimization>
@@ -164,6 +291,27 @@
       <EnableCOMDATFolding>true</EnableCOMDATFolding>
     </Link>
   </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <AdditionalIncludeDirectories>../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;OPENSSL_EXTRA;NO_PSK;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+    </Link>
+  </ItemDefinitionGroup>
   <ItemGroup>
     <ClCompile Include="echoclient.c" />
   </ItemGroup>
diff --git a/examples/echoclient/echoclient.vcxproj.props b/examples/echoclient/echoclient.vcxproj.props
new file mode 100644
index 000000000..97cb4c2ec
--- /dev/null
+++ b/examples/echoclient/echoclient.vcxproj.props
@@ -0,0 +1,44 @@
+<!--
+****************************************************************************************************
+Property file for specifying PlatformToolset.
+
+WARNING:  DO NOT MODIFY this file unless you are knowledgeable about MSBuild and have
+          created a backup copy.  Incorrect changes to this file will make it
+          impossible to load or build your projects from the command-line or the IDE.
+
+This file should be included immediately after Microsoft.Cpp.Default.props in every vcxproj.
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <Import Project="project-name.vcxproj.props" />
+
+Copyright (C) 2014 Jay Satiro <raysatiro@yahoo.com>. All rights reserved. https://github.com/jay
+****************************************************************************************************
+-->
+
+<Project xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <PropertyGroup>
+<!--
+VS2010 specific: 'DefaultPlatformToolset' isn't an inherited MS property so it must be defined here.
+-->
+    <DefaultPlatformToolset Condition="'$(DefaultPlatformToolset)' == '' and '$(VisualStudioVersion)' == '10.0'">v100</DefaultPlatformToolset>
+<!--
+In Visual Studio what is referred to in the documentation as the default platform toolset is
+whatever is in the inherited MS property 'PlatformToolset' and _not_ 'DefaultPlatformToolset'. That
+means in Visual Studio 2010, 2012 and 2013 the default platform toolset is v100 (VS2010 compiler).
+
+http://msdn.microsoft.com/en-us/library/8x480de8(v=vs.110).aspx
+http://msdn.microsoft.com/en-us/library/8x480de8(v=vs.120).aspx
+
+The default platform toolset for my projects should be the toolset included with whatever version of
+Visual Studio is being used. That can be found in 'DefaultPlatformToolset', eg:
+
+Visual Studio 2010 $(DefaultPlatformToolset): v100
+Visual Studio 2012 $(DefaultPlatformToolset): v110
+Visual Studio 2013 $(DefaultPlatformToolset): v120
+
+This way the projects will be built properly using the appropriate toolset no matter which version
+of Visual Studio (>= 2010) the project files are opened in (eg Visual Studio 2012 should compile
+project using its 2012 compiler) and without any project upgrade notices.
+-->
+    <PlatformToolset>$(DefaultPlatformToolset)</PlatformToolset>
+  </PropertyGroup>
+</Project>
diff --git a/examples/echoserver/echoserver.vcxproj b/examples/echoserver/echoserver.vcxproj
index a9c210cbd..09381a8f6 100644
--- a/examples/echoserver/echoserver.vcxproj
+++ b/examples/echoserver/echoserver.vcxproj
@@ -9,6 +9,22 @@
       <Configuration>Debug</Configuration>
       <Platform>x64</Platform>
     </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Debug|Win32">
+      <Configuration>DLL Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Debug|x64">
+      <Configuration>DLL Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Release|Win32">
+      <Configuration>DLL Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Release|x64">
+      <Configuration>DLL Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
     <ProjectConfiguration Include="Release|Win32">
       <Configuration>Release</Configuration>
       <Platform>Win32</Platform>
@@ -24,26 +40,41 @@
     <Keyword>Win32Proj</Keyword>
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <Import Project="echoserver.vcxproj.props" />
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
-    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
     <CharacterSet>Unicode</CharacterSet>
     <WholeProgramOptimization>true</WholeProgramOptimization>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
-    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
     <CharacterSet>Unicode</CharacterSet>
     <WholeProgramOptimization>true</WholeProgramOptimization>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
-    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
-    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
@@ -52,34 +83,70 @@
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
   <PropertyGroup Label="UserMacros" />
   <PropertyGroup>
     <_ProjectFileVersion>11.0.61030.0</_ProjectFileVersion>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
     <OutDir>$(SolutionDir)$(Configuration)\</OutDir>
-    <IntDir>$(Configuration)\</IntDir>
+    <IntDir>$(Configuration)\obj\</IntDir>
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'">
+    <OutDir>$(SolutionDir)$(Configuration)\</OutDir>
+    <IntDir>$(Configuration)\obj\</IntDir>
     <LinkIncremental>true</LinkIncremental>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
     <LinkIncremental>true</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>
+    <IntDir>$(Platform)\$(Configuration)\obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">
+    <LinkIncremental>true</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>
+    <IntDir>$(Platform)\$(Configuration)\obj\</IntDir>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
     <OutDir>$(SolutionDir)$(Configuration)\</OutDir>
-    <IntDir>$(Configuration)\</IntDir>
+    <IntDir>$(Configuration)\obj\</IntDir>
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'">
+    <OutDir>$(SolutionDir)$(Configuration)\</OutDir>
+    <IntDir>$(Configuration)\obj\</IntDir>
     <LinkIncremental>false</LinkIncremental>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
     <LinkIncremental>false</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>
+    <IntDir>$(Platform)\$(Configuration)\obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">
+    <LinkIncremental>false</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>
+    <IntDir>$(Platform)\$(Configuration)\obj\</IntDir>
   </PropertyGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
     <ClCompile>
@@ -102,6 +169,26 @@
 
     </Link>
   </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>USE_ANY_ADDR;OPENSSL_EXTRA;NO_PSK;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MinimalRebuild>true</MinimalRebuild>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>EditAndContinue</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <TargetMachine>MachineX86</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
     <ClCompile>
       <Optimization>Disabled</Optimization>
@@ -120,6 +207,24 @@
       <SubSystem>Console</SubSystem>
     </Link>
   </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>USE_ANY_ADDR;OPENSSL_EXTRA;NO_PSK;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+    </Link>
+  </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
     <ClCompile>
       <Optimization>MaxSpeed</Optimization>
@@ -142,6 +247,28 @@
       <ImageHasSafeExceptionHandlers>false</ImageHasSafeExceptionHandlers>
     </Link>
   </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <AdditionalIncludeDirectories>../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>USE_ANY_ADDR;OPENSSL_EXTRA;NO_PSK;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <TargetMachine>MachineX86</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
     <ClCompile>
       <Optimization>MaxSpeed</Optimization>
@@ -163,6 +290,27 @@
       <EnableCOMDATFolding>true</EnableCOMDATFolding>
     </Link>
   </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <AdditionalIncludeDirectories>../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>USE_ANY_ADDR;OPENSSL_EXTRA;NO_PSK;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+    </Link>
+  </ItemDefinitionGroup>
   <ItemGroup>
     <ClCompile Include="echoserver.c" />
   </ItemGroup>
diff --git a/examples/echoserver/echoserver.vcxproj.props b/examples/echoserver/echoserver.vcxproj.props
new file mode 100644
index 000000000..97cb4c2ec
--- /dev/null
+++ b/examples/echoserver/echoserver.vcxproj.props
@@ -0,0 +1,44 @@
+<!--
+****************************************************************************************************
+Property file for specifying PlatformToolset.
+
+WARNING:  DO NOT MODIFY this file unless you are knowledgeable about MSBuild and have
+          created a backup copy.  Incorrect changes to this file will make it
+          impossible to load or build your projects from the command-line or the IDE.
+
+This file should be included immediately after Microsoft.Cpp.Default.props in every vcxproj.
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <Import Project="project-name.vcxproj.props" />
+
+Copyright (C) 2014 Jay Satiro <raysatiro@yahoo.com>. All rights reserved. https://github.com/jay
+****************************************************************************************************
+-->
+
+<Project xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <PropertyGroup>
+<!--
+VS2010 specific: 'DefaultPlatformToolset' isn't an inherited MS property so it must be defined here.
+-->
+    <DefaultPlatformToolset Condition="'$(DefaultPlatformToolset)' == '' and '$(VisualStudioVersion)' == '10.0'">v100</DefaultPlatformToolset>
+<!--
+In Visual Studio what is referred to in the documentation as the default platform toolset is
+whatever is in the inherited MS property 'PlatformToolset' and _not_ 'DefaultPlatformToolset'. That
+means in Visual Studio 2010, 2012 and 2013 the default platform toolset is v100 (VS2010 compiler).
+
+http://msdn.microsoft.com/en-us/library/8x480de8(v=vs.110).aspx
+http://msdn.microsoft.com/en-us/library/8x480de8(v=vs.120).aspx
+
+The default platform toolset for my projects should be the toolset included with whatever version of
+Visual Studio is being used. That can be found in 'DefaultPlatformToolset', eg:
+
+Visual Studio 2010 $(DefaultPlatformToolset): v100
+Visual Studio 2012 $(DefaultPlatformToolset): v110
+Visual Studio 2013 $(DefaultPlatformToolset): v120
+
+This way the projects will be built properly using the appropriate toolset no matter which version
+of Visual Studio (>= 2010) the project files are opened in (eg Visual Studio 2012 should compile
+project using its 2012 compiler) and without any project upgrade notices.
+-->
+    <PlatformToolset>$(DefaultPlatformToolset)</PlatformToolset>
+  </PropertyGroup>
+</Project>
diff --git a/examples/server/server.vcxproj b/examples/server/server.vcxproj
index dc31fd672..6581aece5 100644
--- a/examples/server/server.vcxproj
+++ b/examples/server/server.vcxproj
@@ -9,6 +9,22 @@
       <Configuration>Debug</Configuration>
       <Platform>x64</Platform>
     </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Debug|Win32">
+      <Configuration>DLL Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Debug|x64">
+      <Configuration>DLL Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Release|Win32">
+      <Configuration>DLL Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Release|x64">
+      <Configuration>DLL Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
     <ProjectConfiguration Include="Release|Win32">
       <Configuration>Release</Configuration>
       <Platform>Win32</Platform>
@@ -24,26 +40,41 @@
     <Keyword>Win32Proj</Keyword>
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <Import Project="server.vcxproj.props" />
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
-    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
     <CharacterSet>Unicode</CharacterSet>
     <WholeProgramOptimization>true</WholeProgramOptimization>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
-    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
     <CharacterSet>Unicode</CharacterSet>
     <WholeProgramOptimization>true</WholeProgramOptimization>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
-    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
-    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
@@ -52,34 +83,70 @@
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
   <PropertyGroup Label="UserMacros" />
   <PropertyGroup>
     <_ProjectFileVersion>11.0.61030.0</_ProjectFileVersion>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
     <OutDir>$(SolutionDir)$(Configuration)\</OutDir>
-    <IntDir>$(Configuration)\</IntDir>
+    <IntDir>$(Configuration)\obj\</IntDir>
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'">
+    <OutDir>$(SolutionDir)$(Configuration)\</OutDir>
+    <IntDir>$(Configuration)\obj\</IntDir>
     <LinkIncremental>true</LinkIncremental>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
     <LinkIncremental>true</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>
+    <IntDir>$(Platform)\$(Configuration)\obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">
+    <LinkIncremental>true</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>
+    <IntDir>$(Platform)\$(Configuration)\obj\</IntDir>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
     <OutDir>$(SolutionDir)$(Configuration)\</OutDir>
-    <IntDir>$(Configuration)\</IntDir>
+    <IntDir>$(Configuration)\obj\</IntDir>
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'">
+    <OutDir>$(SolutionDir)$(Configuration)\</OutDir>
+    <IntDir>$(Configuration)\obj\</IntDir>
     <LinkIncremental>false</LinkIncremental>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
     <LinkIncremental>false</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>
+    <IntDir>$(Platform)\$(Configuration)\obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">
+    <LinkIncremental>false</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>
+    <IntDir>$(Platform)\$(Configuration)\obj\</IntDir>
   </PropertyGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
     <ClCompile>
@@ -102,6 +169,26 @@
 
     </Link>
   </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;OPENSSL_EXTRA;NO_PSK;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MinimalRebuild>true</MinimalRebuild>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>EditAndContinue</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <TargetMachine>MachineX86</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
     <ClCompile>
       <Optimization>Disabled</Optimization>
@@ -120,6 +207,24 @@
       <SubSystem>Console</SubSystem>
     </Link>
   </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;OPENSSL_EXTRA;NO_PSK;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+    </Link>
+  </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
     <ClCompile>
       <Optimization>MaxSpeed</Optimization>
@@ -143,6 +248,28 @@
 
     </Link>
   </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <AdditionalIncludeDirectories>../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;OPENSSL_EXTRA;NO_PSK;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <TargetMachine>MachineX86</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
     <ClCompile>
       <Optimization>MaxSpeed</Optimization>
@@ -164,6 +291,27 @@
       <EnableCOMDATFolding>true</EnableCOMDATFolding>
     </Link>
   </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <AdditionalIncludeDirectories>../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;OPENSSL_EXTRA;NO_PSK;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+    </Link>
+  </ItemDefinitionGroup>
   <ItemGroup>
     <ClCompile Include="server.c" />
   </ItemGroup>
diff --git a/examples/server/server.vcxproj.props b/examples/server/server.vcxproj.props
new file mode 100644
index 000000000..97cb4c2ec
--- /dev/null
+++ b/examples/server/server.vcxproj.props
@@ -0,0 +1,44 @@
+<!--
+****************************************************************************************************
+Property file for specifying PlatformToolset.
+
+WARNING:  DO NOT MODIFY this file unless you are knowledgeable about MSBuild and have
+          created a backup copy.  Incorrect changes to this file will make it
+          impossible to load or build your projects from the command-line or the IDE.
+
+This file should be included immediately after Microsoft.Cpp.Default.props in every vcxproj.
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <Import Project="project-name.vcxproj.props" />
+
+Copyright (C) 2014 Jay Satiro <raysatiro@yahoo.com>. All rights reserved. https://github.com/jay
+****************************************************************************************************
+-->
+
+<Project xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <PropertyGroup>
+<!--
+VS2010 specific: 'DefaultPlatformToolset' isn't an inherited MS property so it must be defined here.
+-->
+    <DefaultPlatformToolset Condition="'$(DefaultPlatformToolset)' == '' and '$(VisualStudioVersion)' == '10.0'">v100</DefaultPlatformToolset>
+<!--
+In Visual Studio what is referred to in the documentation as the default platform toolset is
+whatever is in the inherited MS property 'PlatformToolset' and _not_ 'DefaultPlatformToolset'. That
+means in Visual Studio 2010, 2012 and 2013 the default platform toolset is v100 (VS2010 compiler).
+
+http://msdn.microsoft.com/en-us/library/8x480de8(v=vs.110).aspx
+http://msdn.microsoft.com/en-us/library/8x480de8(v=vs.120).aspx
+
+The default platform toolset for my projects should be the toolset included with whatever version of
+Visual Studio is being used. That can be found in 'DefaultPlatformToolset', eg:
+
+Visual Studio 2010 $(DefaultPlatformToolset): v100
+Visual Studio 2012 $(DefaultPlatformToolset): v110
+Visual Studio 2013 $(DefaultPlatformToolset): v120
+
+This way the projects will be built properly using the appropriate toolset no matter which version
+of Visual Studio (>= 2010) the project files are opened in (eg Visual Studio 2012 should compile
+project using its 2012 compiler) and without any project upgrade notices.
+-->
+    <PlatformToolset>$(DefaultPlatformToolset)</PlatformToolset>
+  </PropertyGroup>
+</Project>
diff --git a/sslSniffer/sslSniffer.vcxproj b/sslSniffer/sslSniffer.vcxproj
index 7419737c1..f00bf8e4b 100644
--- a/sslSniffer/sslSniffer.vcxproj
+++ b/sslSniffer/sslSniffer.vcxproj
@@ -24,26 +24,23 @@
     <Keyword>Win32Proj</Keyword>
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <Import Project="sslSniffer.vcxproj.props" />
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
     <ConfigurationType>DynamicLibrary</ConfigurationType>
-    <PlatformToolset>v110</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
     <WholeProgramOptimization>true</WholeProgramOptimization>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
     <ConfigurationType>DynamicLibrary</ConfigurationType>
-    <PlatformToolset>v110</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
     <WholeProgramOptimization>true</WholeProgramOptimization>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
     <ConfigurationType>DynamicLibrary</ConfigurationType>
-    <PlatformToolset>v110</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
     <ConfigurationType>DynamicLibrary</ConfigurationType>
-    <PlatformToolset>v110</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
@@ -67,19 +64,23 @@
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
     <OutDir>$(SolutionDir)$(Configuration)\</OutDir>
-    <IntDir>$(Configuration)\</IntDir>
+    <IntDir>$(Configuration)\obj\</IntDir>
     <LinkIncremental>true</LinkIncremental>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
     <LinkIncremental>true</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>
+    <IntDir>$(Platform)\$(Configuration)\obj\</IntDir>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
     <OutDir>$(SolutionDir)$(Configuration)\</OutDir>
-    <IntDir>$(Configuration)\</IntDir>
+    <IntDir>$(Configuration)\obj\</IntDir>
     <LinkIncremental>false</LinkIncremental>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
     <LinkIncremental>false</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>
+    <IntDir>$(Platform)\$(Configuration)\obj\</IntDir>
   </PropertyGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
     <ClCompile>
@@ -166,7 +167,7 @@
     <ClCompile Include="..\src\sniffer.c" />
   </ItemGroup>
   <ItemGroup>
-    <ClInclude Include="..\include\sniffer.h" />
+    <ClInclude Include="..\wolfssl\sniffer.h" />
   </ItemGroup>
   <ItemGroup>
     <ResourceCompile Include="..\wolfssl\sniffer_error.rc" />
diff --git a/sslSniffer/sslSniffer.vcxproj.props b/sslSniffer/sslSniffer.vcxproj.props
new file mode 100644
index 000000000..97cb4c2ec
--- /dev/null
+++ b/sslSniffer/sslSniffer.vcxproj.props
@@ -0,0 +1,44 @@
+<!--
+****************************************************************************************************
+Property file for specifying PlatformToolset.
+
+WARNING:  DO NOT MODIFY this file unless you are knowledgeable about MSBuild and have
+          created a backup copy.  Incorrect changes to this file will make it
+          impossible to load or build your projects from the command-line or the IDE.
+
+This file should be included immediately after Microsoft.Cpp.Default.props in every vcxproj.
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <Import Project="project-name.vcxproj.props" />
+
+Copyright (C) 2014 Jay Satiro <raysatiro@yahoo.com>. All rights reserved. https://github.com/jay
+****************************************************************************************************
+-->
+
+<Project xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <PropertyGroup>
+<!--
+VS2010 specific: 'DefaultPlatformToolset' isn't an inherited MS property so it must be defined here.
+-->
+    <DefaultPlatformToolset Condition="'$(DefaultPlatformToolset)' == '' and '$(VisualStudioVersion)' == '10.0'">v100</DefaultPlatformToolset>
+<!--
+In Visual Studio what is referred to in the documentation as the default platform toolset is
+whatever is in the inherited MS property 'PlatformToolset' and _not_ 'DefaultPlatformToolset'. That
+means in Visual Studio 2010, 2012 and 2013 the default platform toolset is v100 (VS2010 compiler).
+
+http://msdn.microsoft.com/en-us/library/8x480de8(v=vs.110).aspx
+http://msdn.microsoft.com/en-us/library/8x480de8(v=vs.120).aspx
+
+The default platform toolset for my projects should be the toolset included with whatever version of
+Visual Studio is being used. That can be found in 'DefaultPlatformToolset', eg:
+
+Visual Studio 2010 $(DefaultPlatformToolset): v100
+Visual Studio 2012 $(DefaultPlatformToolset): v110
+Visual Studio 2013 $(DefaultPlatformToolset): v120
+
+This way the projects will be built properly using the appropriate toolset no matter which version
+of Visual Studio (>= 2010) the project files are opened in (eg Visual Studio 2012 should compile
+project using its 2012 compiler) and without any project upgrade notices.
+-->
+    <PlatformToolset>$(DefaultPlatformToolset)</PlatformToolset>
+  </PropertyGroup>
+</Project>
diff --git a/testsuite/testsuite.vcxproj b/testsuite/testsuite.vcxproj
index f7d5f16b5..a8c748918 100644
--- a/testsuite/testsuite.vcxproj
+++ b/testsuite/testsuite.vcxproj
@@ -9,6 +9,22 @@
       <Configuration>Debug</Configuration>
       <Platform>x64</Platform>
     </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Debug|Win32">
+      <Configuration>DLL Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Debug|x64">
+      <Configuration>DLL Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Release|Win32">
+      <Configuration>DLL Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Release|x64">
+      <Configuration>DLL Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
     <ProjectConfiguration Include="Release|Win32">
       <Configuration>Release</Configuration>
       <Platform>Win32</Platform>
@@ -24,26 +40,41 @@
     <Keyword>Win32Proj</Keyword>
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <Import Project="testsuite.vcxproj.props" />
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
-    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
     <CharacterSet>Unicode</CharacterSet>
     <WholeProgramOptimization>true</WholeProgramOptimization>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
-    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
     <CharacterSet>Unicode</CharacterSet>
     <WholeProgramOptimization>true</WholeProgramOptimization>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
-    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
-    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
@@ -52,34 +83,70 @@
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
   <PropertyGroup Label="UserMacros" />
   <PropertyGroup>
     <_ProjectFileVersion>11.0.61030.0</_ProjectFileVersion>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
     <OutDir>$(SolutionDir)$(Configuration)\</OutDir>
-    <IntDir>$(Configuration)\</IntDir>
+    <IntDir>$(Configuration)\obj\</IntDir>
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'">
+    <OutDir>$(SolutionDir)$(Configuration)\</OutDir>
+    <IntDir>$(Configuration)\obj\</IntDir>
     <LinkIncremental>true</LinkIncremental>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
     <LinkIncremental>true</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>
+    <IntDir>$(Platform)\$(Configuration)\obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">
+    <LinkIncremental>true</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>
+    <IntDir>$(Platform)\$(Configuration)\obj\</IntDir>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
     <OutDir>$(SolutionDir)$(Configuration)\</OutDir>
-    <IntDir>$(Configuration)\</IntDir>
+    <IntDir>$(Configuration)\obj\</IntDir>
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'">
+    <OutDir>$(SolutionDir)$(Configuration)\</OutDir>
+    <IntDir>$(Configuration)\obj\</IntDir>
     <LinkIncremental>false</LinkIncremental>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
     <LinkIncremental>false</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>
+    <IntDir>$(Platform)\$(Configuration)\obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">
+    <LinkIncremental>false</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>
+    <IntDir>$(Platform)\$(Configuration)\obj\</IntDir>
   </PropertyGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
     <ClCompile>
@@ -101,6 +168,26 @@
     <ImageHasSafeExceptionHandlers>false</ImageHasSafeExceptionHandlers>
     </Link>
   </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>NO_MAIN_DRIVER;WOLFSSL_RIPEMD;WOLFSSL_SHA512;OPENSSL_EXTRA;NO_PSK;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MinimalRebuild>true</MinimalRebuild>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>EditAndContinue</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <TargetMachine>MachineX86</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
     <ClCompile>
       <Optimization>Disabled</Optimization>
@@ -119,6 +206,24 @@
       <SubSystem>Console</SubSystem>
     </Link>
   </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>NO_MAIN_DRIVER;WOLFSSL_RIPEMD;WOLFSSL_SHA512;OPENSSL_EXTRA;NO_PSK;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+    </Link>
+  </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
     <ClCompile>
       <Optimization>MaxSpeed</Optimization>
@@ -141,6 +246,28 @@
       <ImageHasSafeExceptionHandlers>false</ImageHasSafeExceptionHandlers>
     </Link>
   </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <AdditionalIncludeDirectories>../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>NO_MAIN_DRIVER;WOLFSSL_RIPEMD;WOLFSSL_SHA512;OPENSSL_EXTRA;NO_PSK;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <TargetMachine>MachineX86</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
     <ClCompile>
       <Optimization>MaxSpeed</Optimization>
@@ -162,6 +289,27 @@
       <EnableCOMDATFolding>true</EnableCOMDATFolding>
     </Link>
   </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <AdditionalIncludeDirectories>../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>NO_MAIN_DRIVER;WOLFSSL_RIPEMD;WOLFSSL_SHA512;OPENSSL_EXTRA;NO_PSK;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+    </Link>
+  </ItemDefinitionGroup>
   <ItemGroup>
     <ClCompile Include="..\examples\client\client.c" />
     <ClCompile Include="..\examples\echoclient\echoclient.c" />
diff --git a/testsuite/testsuite.vcxproj.props b/testsuite/testsuite.vcxproj.props
new file mode 100644
index 000000000..97cb4c2ec
--- /dev/null
+++ b/testsuite/testsuite.vcxproj.props
@@ -0,0 +1,44 @@
+<!--
+****************************************************************************************************
+Property file for specifying PlatformToolset.
+
+WARNING:  DO NOT MODIFY this file unless you are knowledgeable about MSBuild and have
+          created a backup copy.  Incorrect changes to this file will make it
+          impossible to load or build your projects from the command-line or the IDE.
+
+This file should be included immediately after Microsoft.Cpp.Default.props in every vcxproj.
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <Import Project="project-name.vcxproj.props" />
+
+Copyright (C) 2014 Jay Satiro <raysatiro@yahoo.com>. All rights reserved. https://github.com/jay
+****************************************************************************************************
+-->
+
+<Project xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <PropertyGroup>
+<!--
+VS2010 specific: 'DefaultPlatformToolset' isn't an inherited MS property so it must be defined here.
+-->
+    <DefaultPlatformToolset Condition="'$(DefaultPlatformToolset)' == '' and '$(VisualStudioVersion)' == '10.0'">v100</DefaultPlatformToolset>
+<!--
+In Visual Studio what is referred to in the documentation as the default platform toolset is
+whatever is in the inherited MS property 'PlatformToolset' and _not_ 'DefaultPlatformToolset'. That
+means in Visual Studio 2010, 2012 and 2013 the default platform toolset is v100 (VS2010 compiler).
+
+http://msdn.microsoft.com/en-us/library/8x480de8(v=vs.110).aspx
+http://msdn.microsoft.com/en-us/library/8x480de8(v=vs.120).aspx
+
+The default platform toolset for my projects should be the toolset included with whatever version of
+Visual Studio is being used. That can be found in 'DefaultPlatformToolset', eg:
+
+Visual Studio 2010 $(DefaultPlatformToolset): v100
+Visual Studio 2012 $(DefaultPlatformToolset): v110
+Visual Studio 2013 $(DefaultPlatformToolset): v120
+
+This way the projects will be built properly using the appropriate toolset no matter which version
+of Visual Studio (>= 2010) the project files are opened in (eg Visual Studio 2012 should compile
+project using its 2012 compiler) and without any project upgrade notices.
+-->
+    <PlatformToolset>$(DefaultPlatformToolset)</PlatformToolset>
+  </PropertyGroup>
+</Project>
diff --git a/wolfssl.vcxproj b/wolfssl.vcxproj
index cf057198a..c4b6840a3 100644
--- a/wolfssl.vcxproj
+++ b/wolfssl.vcxproj
@@ -9,6 +9,22 @@
       <Configuration>Debug</Configuration>
       <Platform>x64</Platform>
     </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Debug|Win32">
+      <Configuration>DLL Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Debug|x64">
+      <Configuration>DLL Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Release|Win32">
+      <Configuration>DLL Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Release|x64">
+      <Configuration>DLL Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
     <ProjectConfiguration Include="Release|Win32">
       <Configuration>Release</Configuration>
       <Platform>Win32</Platform>
@@ -24,26 +40,41 @@
     <Keyword>Win32Proj</Keyword>
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <Import Project="wolfssl.vcxproj.props" />
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
     <ConfigurationType>StaticLibrary</ConfigurationType>
-    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
     <CharacterSet>Unicode</CharacterSet>
     <WholeProgramOptimization>true</WholeProgramOptimization>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
     <ConfigurationType>StaticLibrary</ConfigurationType>
-    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
     <CharacterSet>Unicode</CharacterSet>
     <WholeProgramOptimization>true</WholeProgramOptimization>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
     <ConfigurationType>StaticLibrary</ConfigurationType>
-    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
     <ConfigurationType>StaticLibrary</ConfigurationType>
-    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
@@ -52,29 +83,60 @@
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
   <PropertyGroup Label="UserMacros" />
-  <PropertyGroup>
-    <_ProjectFileVersion>11.0.61030.0</_ProjectFileVersion>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <OutDir>$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>
+    <IntDir>$(Platform)\$(Configuration)\obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <OutDir>$(SolutionDir)$(Configuration)\</OutDir>
+    <IntDir>$(Configuration)\obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <OutDir>$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>
+    <IntDir>$(Platform)\$(Configuration)\obj\</IntDir>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
     <OutDir>$(SolutionDir)$(Configuration)\</OutDir>
-    <IntDir>$(Configuration)\</IntDir>
+    <IntDir>$(Configuration)\obj\</IntDir>
   </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" />
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">
+    <OutDir>$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>
+    <IntDir>$(Platform)\$(Configuration)\obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'">
     <OutDir>$(SolutionDir)$(Configuration)\</OutDir>
-    <IntDir>$(Configuration)\</IntDir>
+    <IntDir>$(Configuration)\obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">
+    <OutDir>$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>
+    <IntDir>$(Platform)\$(Configuration)\obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'">
+    <OutDir>$(SolutionDir)$(Configuration)\</OutDir>
+    <IntDir>$(Configuration)\obj\</IntDir>
   </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" />
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
     <ClCompile>
       <Optimization>Disabled</Optimization>
@@ -89,6 +151,26 @@
       <DisableSpecificWarnings>4206;4214;4706;%(DisableSpecificWarnings)</DisableSpecificWarnings>
     </ClCompile>
   </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>./;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>OPENSSL_EXTRA;WOLFSSL_RIPEMD;WOLFSSL_SHA512;NO_PSK;BUILDING_WOLFSSL;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MinimalRebuild>true</MinimalRebuild>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level4</WarningLevel>
+      <DebugInformationFormat>EditAndContinue</DebugInformationFormat>
+      <DisableSpecificWarnings>4206;4214;4706;%(DisableSpecificWarnings)</DisableSpecificWarnings>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OptimizeReferences>false</OptimizeReferences>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
     <ClCompile>
       <Optimization>Disabled</Optimization>
@@ -103,6 +185,25 @@
       <DisableSpecificWarnings>4206;4214;4706;%(DisableSpecificWarnings)</DisableSpecificWarnings>
     </ClCompile>
   </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>./;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>OPENSSL_EXTRA;WOLFSSL_RIPEMD;WOLFSSL_SHA512;NO_PSK;BUILDING_WOLFSSL;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level4</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+      <DisableSpecificWarnings>4206;4214;4706;%(DisableSpecificWarnings)</DisableSpecificWarnings>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OptimizeReferences>false</OptimizeReferences>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
     <ClCompile>
       <Optimization>MaxSpeed</Optimization>
@@ -116,6 +217,24 @@
       <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
     </ClCompile>
   </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <AdditionalIncludeDirectories>./;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>OPENSSL_EXTRA;WOLFSSL_RIPEMD;WOLFSSL_SHA512;NO_PSK;BUILDING_WOLFSSL;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
     <ClCompile>
       <Optimization>MaxSpeed</Optimization>
@@ -130,6 +249,24 @@
       <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
     </ClCompile>
   </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <AdditionalIncludeDirectories>./;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>OPENSSL_EXTRA;WOLFSSL_RIPEMD;WOLFSSL_SHA512;NO_PSK;BUILDING_WOLFSSL;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
   <ItemGroup>
     <ClCompile Include="wolfcrypt\src\aes.c" />
     <ClCompile Include="wolfcrypt\src\arc4.c" />
@@ -169,14 +306,20 @@
   <ItemGroup>
     <CustomBuild Include="wolfcrypt\src\aes_asm.asm">
       <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">false</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">false</ExcludedFromBuild>
       <Command Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity)</Command>
+      <Command Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
       <Outputs Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">$(OutDir)%(Filename).obj</Outputs>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">$(IntDir)%(Filename).obj</Outputs>
       <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">false</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">false</ExcludedFromBuild>
       <Command Condition="'$(Configuration)|$(Platform)'=='Release|x64'">ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity)</Command>
+      <Command Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
       <Outputs Condition="'$(Configuration)|$(Platform)'=='Release|x64'">$(OutDir)%(Filename).obj</Outputs>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">$(IntDir)%(Filename).obj</Outputs>
     </CustomBuild>
   </ItemGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
   <ImportGroup Label="ExtensionTargets">
   </ImportGroup>
-</Project>
+</Project>
\ No newline at end of file
diff --git a/wolfssl.vcxproj.props b/wolfssl.vcxproj.props
new file mode 100644
index 000000000..97cb4c2ec
--- /dev/null
+++ b/wolfssl.vcxproj.props
@@ -0,0 +1,44 @@
+<!--
+****************************************************************************************************
+Property file for specifying PlatformToolset.
+
+WARNING:  DO NOT MODIFY this file unless you are knowledgeable about MSBuild and have
+          created a backup copy.  Incorrect changes to this file will make it
+          impossible to load or build your projects from the command-line or the IDE.
+
+This file should be included immediately after Microsoft.Cpp.Default.props in every vcxproj.
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <Import Project="project-name.vcxproj.props" />
+
+Copyright (C) 2014 Jay Satiro <raysatiro@yahoo.com>. All rights reserved. https://github.com/jay
+****************************************************************************************************
+-->
+
+<Project xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <PropertyGroup>
+<!--
+VS2010 specific: 'DefaultPlatformToolset' isn't an inherited MS property so it must be defined here.
+-->
+    <DefaultPlatformToolset Condition="'$(DefaultPlatformToolset)' == '' and '$(VisualStudioVersion)' == '10.0'">v100</DefaultPlatformToolset>
+<!--
+In Visual Studio what is referred to in the documentation as the default platform toolset is
+whatever is in the inherited MS property 'PlatformToolset' and _not_ 'DefaultPlatformToolset'. That
+means in Visual Studio 2010, 2012 and 2013 the default platform toolset is v100 (VS2010 compiler).
+
+http://msdn.microsoft.com/en-us/library/8x480de8(v=vs.110).aspx
+http://msdn.microsoft.com/en-us/library/8x480de8(v=vs.120).aspx
+
+The default platform toolset for my projects should be the toolset included with whatever version of
+Visual Studio is being used. That can be found in 'DefaultPlatformToolset', eg:
+
+Visual Studio 2010 $(DefaultPlatformToolset): v100
+Visual Studio 2012 $(DefaultPlatformToolset): v110
+Visual Studio 2013 $(DefaultPlatformToolset): v120
+
+This way the projects will be built properly using the appropriate toolset no matter which version
+of Visual Studio (>= 2010) the project files are opened in (eg Visual Studio 2012 should compile
+project using its 2012 compiler) and without any project upgrade notices.
+-->
+    <PlatformToolset>$(DefaultPlatformToolset)</PlatformToolset>
+  </PropertyGroup>
+</Project>
diff --git a/wolfssl/wolfcrypt/visibility.h b/wolfssl/wolfcrypt/visibility.h
index 05fd4754b..6e41d238f 100644
--- a/wolfssl/wolfcrypt/visibility.h
+++ b/wolfssl/wolfcrypt/visibility.h
@@ -47,7 +47,7 @@
         #define WOLFSSL_LOCAL __hidden
     #elif defined(_MSC_VER)
         #ifdef WOLFSSL_DLL
-            #define WOLFSSL_API extern __declspec(dllexport)
+            #define WOLFSSL_API __declspec(dllexport)
         #else
             #define WOLFSSL_API
         #endif
@@ -59,7 +59,7 @@
 #else /* BUILDING_WOLFSSL */
     #if defined(_MSC_VER)
         #ifdef WOLFSSL_DLL
-            #define WOLFSSL_API extern __declspec(dllimport)
+            #define WOLFSSL_API __declspec(dllimport)
         #else
             #define WOLFSSL_API
         #endif
diff --git a/wolfssl64.sln b/wolfssl64.sln
index 223ad75da..5e17787dc 100644
--- a/wolfssl64.sln
+++ b/wolfssl64.sln
@@ -1,6 +1,6 @@
 
 Microsoft Visual Studio Solution File, Format Version 12.00
-# Visual Studio Express 2012 for Windows Desktop
+# Visual Studio 2010
 Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "wolfssl", "wolfssl.vcxproj", "{73973223-5EE8-41CA-8E88-1D60E89A237B}"
 EndProject
 Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "testsuite", "testsuite\testsuite.vcxproj", "{611E8971-46E0-4D0A-B5A1-632C3B00CB80}"
@@ -19,6 +19,10 @@ Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Win32 = Debug|Win32
 		Debug|x64 = Debug|x64
+		DLL Debug|Win32 = DLL Debug|Win32
+		DLL Debug|x64 = DLL Debug|x64
+		DLL Release|Win32 = DLL Release|Win32
+		DLL Release|x64 = DLL Release|x64
 		Release|Win32 = Release|Win32
 		Release|x64 = Release|x64
 	EndGlobalSection
@@ -27,6 +31,14 @@ Global
 		{73973223-5EE8-41CA-8E88-1D60E89A237B}.Debug|Win32.Build.0 = Debug|Win32
 		{73973223-5EE8-41CA-8E88-1D60E89A237B}.Debug|x64.ActiveCfg = Debug|x64
 		{73973223-5EE8-41CA-8E88-1D60E89A237B}.Debug|x64.Build.0 = Debug|x64
+		{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Debug|Win32.ActiveCfg = DLL Debug|Win32
+		{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Debug|Win32.Build.0 = DLL Debug|Win32
+		{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Debug|x64.ActiveCfg = DLL Debug|x64
+		{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Debug|x64.Build.0 = DLL Debug|x64
+		{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Release|Win32.ActiveCfg = DLL Release|Win32
+		{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Release|Win32.Build.0 = DLL Release|Win32
+		{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Release|x64.ActiveCfg = DLL Release|x64
+		{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Release|x64.Build.0 = DLL Release|x64
 		{73973223-5EE8-41CA-8E88-1D60E89A237B}.Release|Win32.ActiveCfg = Release|Win32
 		{73973223-5EE8-41CA-8E88-1D60E89A237B}.Release|Win32.Build.0 = Release|Win32
 		{73973223-5EE8-41CA-8E88-1D60E89A237B}.Release|x64.ActiveCfg = Release|x64
@@ -35,6 +47,14 @@ Global
 		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Debug|Win32.Build.0 = Debug|Win32
 		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Debug|x64.ActiveCfg = Debug|x64
 		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Debug|x64.Build.0 = Debug|x64
+		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Debug|Win32.ActiveCfg = DLL Debug|Win32
+		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Debug|Win32.Build.0 = DLL Debug|Win32
+		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Debug|x64.ActiveCfg = DLL Debug|x64
+		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Debug|x64.Build.0 = DLL Debug|x64
+		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Release|Win32.ActiveCfg = DLL Release|Win32
+		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Release|Win32.Build.0 = DLL Release|Win32
+		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Release|x64.ActiveCfg = DLL Release|x64
+		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Release|x64.Build.0 = DLL Release|x64
 		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Release|Win32.ActiveCfg = Release|Win32
 		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Release|Win32.Build.0 = Release|Win32
 		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Release|x64.ActiveCfg = Release|x64
@@ -43,6 +63,10 @@ Global
 		{34FAE5A6-2B0F-4B55-86FE-0C43E4810F4D}.Debug|Win32.Build.0 = Debug|Win32
 		{34FAE5A6-2B0F-4B55-86FE-0C43E4810F4D}.Debug|x64.ActiveCfg = Debug|x64
 		{34FAE5A6-2B0F-4B55-86FE-0C43E4810F4D}.Debug|x64.Build.0 = Debug|x64
+		{34FAE5A6-2B0F-4B55-86FE-0C43E4810F4D}.DLL Debug|Win32.ActiveCfg = Debug|Win32
+		{34FAE5A6-2B0F-4B55-86FE-0C43E4810F4D}.DLL Debug|x64.ActiveCfg = Debug|x64
+		{34FAE5A6-2B0F-4B55-86FE-0C43E4810F4D}.DLL Release|Win32.ActiveCfg = Release|Win32
+		{34FAE5A6-2B0F-4B55-86FE-0C43E4810F4D}.DLL Release|x64.ActiveCfg = Release|x64
 		{34FAE5A6-2B0F-4B55-86FE-0C43E4810F4D}.Release|Win32.ActiveCfg = Release|Win32
 		{34FAE5A6-2B0F-4B55-86FE-0C43E4810F4D}.Release|Win32.Build.0 = Release|Win32
 		{34FAE5A6-2B0F-4B55-86FE-0C43E4810F4D}.Release|x64.ActiveCfg = Release|x64
@@ -51,6 +75,14 @@ Global
 		{07D97C48-E08F-4E34-9F67-3064039FF2CB}.Debug|Win32.Build.0 = Debug|Win32
 		{07D97C48-E08F-4E34-9F67-3064039FF2CB}.Debug|x64.ActiveCfg = Debug|x64
 		{07D97C48-E08F-4E34-9F67-3064039FF2CB}.Debug|x64.Build.0 = Debug|x64
+		{07D97C48-E08F-4E34-9F67-3064039FF2CB}.DLL Debug|Win32.ActiveCfg = DLL Debug|Win32
+		{07D97C48-E08F-4E34-9F67-3064039FF2CB}.DLL Debug|Win32.Build.0 = DLL Debug|Win32
+		{07D97C48-E08F-4E34-9F67-3064039FF2CB}.DLL Debug|x64.ActiveCfg = DLL Debug|x64
+		{07D97C48-E08F-4E34-9F67-3064039FF2CB}.DLL Debug|x64.Build.0 = DLL Debug|x64
+		{07D97C48-E08F-4E34-9F67-3064039FF2CB}.DLL Release|Win32.ActiveCfg = DLL Release|Win32
+		{07D97C48-E08F-4E34-9F67-3064039FF2CB}.DLL Release|Win32.Build.0 = DLL Release|Win32
+		{07D97C48-E08F-4E34-9F67-3064039FF2CB}.DLL Release|x64.ActiveCfg = DLL Release|x64
+		{07D97C48-E08F-4E34-9F67-3064039FF2CB}.DLL Release|x64.Build.0 = DLL Release|x64
 		{07D97C48-E08F-4E34-9F67-3064039FF2CB}.Release|Win32.ActiveCfg = Release|Win32
 		{07D97C48-E08F-4E34-9F67-3064039FF2CB}.Release|Win32.Build.0 = Release|Win32
 		{07D97C48-E08F-4E34-9F67-3064039FF2CB}.Release|x64.ActiveCfg = Release|x64
@@ -59,6 +91,14 @@ Global
 		{8362A816-C5DC-4E22-B5C5-9E6806387073}.Debug|Win32.Build.0 = Debug|Win32
 		{8362A816-C5DC-4E22-B5C5-9E6806387073}.Debug|x64.ActiveCfg = Debug|x64
 		{8362A816-C5DC-4E22-B5C5-9E6806387073}.Debug|x64.Build.0 = Debug|x64
+		{8362A816-C5DC-4E22-B5C5-9E6806387073}.DLL Debug|Win32.ActiveCfg = DLL Debug|Win32
+		{8362A816-C5DC-4E22-B5C5-9E6806387073}.DLL Debug|Win32.Build.0 = DLL Debug|Win32
+		{8362A816-C5DC-4E22-B5C5-9E6806387073}.DLL Debug|x64.ActiveCfg = DLL Debug|x64
+		{8362A816-C5DC-4E22-B5C5-9E6806387073}.DLL Debug|x64.Build.0 = DLL Debug|x64
+		{8362A816-C5DC-4E22-B5C5-9E6806387073}.DLL Release|Win32.ActiveCfg = DLL Release|Win32
+		{8362A816-C5DC-4E22-B5C5-9E6806387073}.DLL Release|Win32.Build.0 = DLL Release|Win32
+		{8362A816-C5DC-4E22-B5C5-9E6806387073}.DLL Release|x64.ActiveCfg = DLL Release|x64
+		{8362A816-C5DC-4E22-B5C5-9E6806387073}.DLL Release|x64.Build.0 = DLL Release|x64
 		{8362A816-C5DC-4E22-B5C5-9E6806387073}.Release|Win32.ActiveCfg = Release|Win32
 		{8362A816-C5DC-4E22-B5C5-9E6806387073}.Release|Win32.Build.0 = Release|Win32
 		{8362A816-C5DC-4E22-B5C5-9E6806387073}.Release|x64.ActiveCfg = Release|x64
@@ -67,6 +107,14 @@ Global
 		{3ADE9549-582D-4D8E-9826-B172197A7959}.Debug|Win32.Build.0 = Debug|Win32
 		{3ADE9549-582D-4D8E-9826-B172197A7959}.Debug|x64.ActiveCfg = Debug|x64
 		{3ADE9549-582D-4D8E-9826-B172197A7959}.Debug|x64.Build.0 = Debug|x64
+		{3ADE9549-582D-4D8E-9826-B172197A7959}.DLL Debug|Win32.ActiveCfg = DLL Debug|Win32
+		{3ADE9549-582D-4D8E-9826-B172197A7959}.DLL Debug|Win32.Build.0 = DLL Debug|Win32
+		{3ADE9549-582D-4D8E-9826-B172197A7959}.DLL Debug|x64.ActiveCfg = DLL Debug|x64
+		{3ADE9549-582D-4D8E-9826-B172197A7959}.DLL Debug|x64.Build.0 = DLL Debug|x64
+		{3ADE9549-582D-4D8E-9826-B172197A7959}.DLL Release|Win32.ActiveCfg = DLL Release|Win32
+		{3ADE9549-582D-4D8E-9826-B172197A7959}.DLL Release|Win32.Build.0 = DLL Release|Win32
+		{3ADE9549-582D-4D8E-9826-B172197A7959}.DLL Release|x64.ActiveCfg = DLL Release|x64
+		{3ADE9549-582D-4D8E-9826-B172197A7959}.DLL Release|x64.Build.0 = DLL Release|x64
 		{3ADE9549-582D-4D8E-9826-B172197A7959}.Release|Win32.ActiveCfg = Release|Win32
 		{3ADE9549-582D-4D8E-9826-B172197A7959}.Release|Win32.Build.0 = Release|Win32
 		{3ADE9549-582D-4D8E-9826-B172197A7959}.Release|x64.ActiveCfg = Release|x64
@@ -75,6 +123,14 @@ Global
 		{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.Debug|Win32.Build.0 = Debug|Win32
 		{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.Debug|x64.ActiveCfg = Debug|x64
 		{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.Debug|x64.Build.0 = Debug|x64
+		{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.DLL Debug|Win32.ActiveCfg = DLL Debug|Win32
+		{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.DLL Debug|Win32.Build.0 = DLL Debug|Win32
+		{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.DLL Debug|x64.ActiveCfg = DLL Debug|x64
+		{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.DLL Debug|x64.Build.0 = DLL Debug|x64
+		{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.DLL Release|Win32.ActiveCfg = DLL Release|Win32
+		{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.DLL Release|Win32.Build.0 = DLL Release|Win32
+		{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.DLL Release|x64.ActiveCfg = DLL Release|x64
+		{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.DLL Release|x64.Build.0 = DLL Release|x64
 		{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.Release|Win32.ActiveCfg = Release|Win32
 		{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.Release|Win32.Build.0 = Release|Win32
 		{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.Release|x64.ActiveCfg = Release|x64

From b8b13ad9e9d7d0e5c55635e85e0d4bb4db38a660 Mon Sep 17 00:00:00 2001
From: Jay Satiro <raysatiro@yahoo.com>
Date: Wed, 1 Apr 2015 02:05:15 -0400
Subject: [PATCH 002/350] build: Revert using MSBuild property files to
 auto-detect platform toolset

Prior to this change I had added a .props file for each .vcxproj to
use MSBuild's $(DefaultPlatformToolset) as the the default for
$(PlatformToolset). Typically that configuration allows for the
appropriate toolset to be used no matter which version of VS2010+
the wolfssl64.sln and project files are opened in. Problem is when an
MSBuild was used from the command line to build the solution it got the
$(DefaultPlatformToolset) from a property file based on the solution
header (currently "Format Version 12.00" which maps to Visual Studio
2012) instead. Another side effect was it set the VisualStudioVersion
to 11.0 (n - 1; n in this case 12.0) which was incorrect.

To remedy the above this change reverts back to the old PlatformToolset
method where the v110 toolset (Visual Studio 2012) is specified in every
configuration in every vcxproj. The user will have to specify explicitly
a different toolset to override it (either via command line or the GUI)
if they are not using VS2012.

VS2010 example:
msbuild -p:Configuration="Debug" wolfssl64.sln -p:PlatformToolset=v100
---
 examples/client/client.vcxproj               |  9 +++-
 examples/client/client.vcxproj.props         | 44 --------------------
 examples/echoclient/echoclient.vcxproj       |  9 +++-
 examples/echoclient/echoclient.vcxproj.props | 44 --------------------
 examples/echoserver/echoserver.vcxproj       |  9 +++-
 examples/echoserver/echoserver.vcxproj.props | 44 --------------------
 examples/server/server.vcxproj               |  9 +++-
 examples/server/server.vcxproj.props         | 44 --------------------
 sslSniffer/sslSniffer.vcxproj                |  5 ++-
 sslSniffer/sslSniffer.vcxproj.props          | 44 --------------------
 testsuite/testsuite.vcxproj                  |  9 +++-
 testsuite/testsuite.vcxproj.props            | 44 --------------------
 wolfssl.vcxproj                              |  9 +++-
 wolfssl.vcxproj.props                        | 44 --------------------
 14 files changed, 52 insertions(+), 315 deletions(-)
 delete mode 100644 examples/client/client.vcxproj.props
 delete mode 100644 examples/echoclient/echoclient.vcxproj.props
 delete mode 100644 examples/echoserver/echoserver.vcxproj.props
 delete mode 100644 examples/server/server.vcxproj.props
 delete mode 100644 sslSniffer/sslSniffer.vcxproj.props
 delete mode 100644 testsuite/testsuite.vcxproj.props
 delete mode 100644 wolfssl.vcxproj.props

diff --git a/examples/client/client.vcxproj b/examples/client/client.vcxproj
index eed2b0f81..dec191d7a 100644
--- a/examples/client/client.vcxproj
+++ b/examples/client/client.vcxproj
@@ -40,41 +40,48 @@
     <Keyword>Win32Proj</Keyword>
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
-  <Import Project="client.vcxproj.props" />
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
     <WholeProgramOptimization>true</WholeProgramOptimization>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
     <WholeProgramOptimization>true</WholeProgramOptimization>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
     <WholeProgramOptimization>true</WholeProgramOptimization>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
     <WholeProgramOptimization>true</WholeProgramOptimization>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
diff --git a/examples/client/client.vcxproj.props b/examples/client/client.vcxproj.props
deleted file mode 100644
index 97cb4c2ec..000000000
--- a/examples/client/client.vcxproj.props
+++ /dev/null
@@ -1,44 +0,0 @@
-<!--
-****************************************************************************************************
-Property file for specifying PlatformToolset.
-
-WARNING:  DO NOT MODIFY this file unless you are knowledgeable about MSBuild and have
-          created a backup copy.  Incorrect changes to this file will make it
-          impossible to load or build your projects from the command-line or the IDE.
-
-This file should be included immediately after Microsoft.Cpp.Default.props in every vcxproj.
-  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
-  <Import Project="project-name.vcxproj.props" />
-
-Copyright (C) 2014 Jay Satiro <raysatiro@yahoo.com>. All rights reserved. https://github.com/jay
-****************************************************************************************************
--->
-
-<Project xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
-  <PropertyGroup>
-<!--
-VS2010 specific: 'DefaultPlatformToolset' isn't an inherited MS property so it must be defined here.
--->
-    <DefaultPlatformToolset Condition="'$(DefaultPlatformToolset)' == '' and '$(VisualStudioVersion)' == '10.0'">v100</DefaultPlatformToolset>
-<!--
-In Visual Studio what is referred to in the documentation as the default platform toolset is
-whatever is in the inherited MS property 'PlatformToolset' and _not_ 'DefaultPlatformToolset'. That
-means in Visual Studio 2010, 2012 and 2013 the default platform toolset is v100 (VS2010 compiler).
-
-http://msdn.microsoft.com/en-us/library/8x480de8(v=vs.110).aspx
-http://msdn.microsoft.com/en-us/library/8x480de8(v=vs.120).aspx
-
-The default platform toolset for my projects should be the toolset included with whatever version of
-Visual Studio is being used. That can be found in 'DefaultPlatformToolset', eg:
-
-Visual Studio 2010 $(DefaultPlatformToolset): v100
-Visual Studio 2012 $(DefaultPlatformToolset): v110
-Visual Studio 2013 $(DefaultPlatformToolset): v120
-
-This way the projects will be built properly using the appropriate toolset no matter which version
-of Visual Studio (>= 2010) the project files are opened in (eg Visual Studio 2012 should compile
-project using its 2012 compiler) and without any project upgrade notices.
--->
-    <PlatformToolset>$(DefaultPlatformToolset)</PlatformToolset>
-  </PropertyGroup>
-</Project>
diff --git a/examples/echoclient/echoclient.vcxproj b/examples/echoclient/echoclient.vcxproj
index 5ca5d43ad..a3a60545a 100644
--- a/examples/echoclient/echoclient.vcxproj
+++ b/examples/echoclient/echoclient.vcxproj
@@ -40,41 +40,48 @@
     <Keyword>Win32Proj</Keyword>
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
-  <Import Project="echoclient.vcxproj.props" />
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
     <WholeProgramOptimization>true</WholeProgramOptimization>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
     <WholeProgramOptimization>true</WholeProgramOptimization>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
     <WholeProgramOptimization>true</WholeProgramOptimization>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
     <WholeProgramOptimization>true</WholeProgramOptimization>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
diff --git a/examples/echoclient/echoclient.vcxproj.props b/examples/echoclient/echoclient.vcxproj.props
deleted file mode 100644
index 97cb4c2ec..000000000
--- a/examples/echoclient/echoclient.vcxproj.props
+++ /dev/null
@@ -1,44 +0,0 @@
-<!--
-****************************************************************************************************
-Property file for specifying PlatformToolset.
-
-WARNING:  DO NOT MODIFY this file unless you are knowledgeable about MSBuild and have
-          created a backup copy.  Incorrect changes to this file will make it
-          impossible to load or build your projects from the command-line or the IDE.
-
-This file should be included immediately after Microsoft.Cpp.Default.props in every vcxproj.
-  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
-  <Import Project="project-name.vcxproj.props" />
-
-Copyright (C) 2014 Jay Satiro <raysatiro@yahoo.com>. All rights reserved. https://github.com/jay
-****************************************************************************************************
--->
-
-<Project xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
-  <PropertyGroup>
-<!--
-VS2010 specific: 'DefaultPlatformToolset' isn't an inherited MS property so it must be defined here.
--->
-    <DefaultPlatformToolset Condition="'$(DefaultPlatformToolset)' == '' and '$(VisualStudioVersion)' == '10.0'">v100</DefaultPlatformToolset>
-<!--
-In Visual Studio what is referred to in the documentation as the default platform toolset is
-whatever is in the inherited MS property 'PlatformToolset' and _not_ 'DefaultPlatformToolset'. That
-means in Visual Studio 2010, 2012 and 2013 the default platform toolset is v100 (VS2010 compiler).
-
-http://msdn.microsoft.com/en-us/library/8x480de8(v=vs.110).aspx
-http://msdn.microsoft.com/en-us/library/8x480de8(v=vs.120).aspx
-
-The default platform toolset for my projects should be the toolset included with whatever version of
-Visual Studio is being used. That can be found in 'DefaultPlatformToolset', eg:
-
-Visual Studio 2010 $(DefaultPlatformToolset): v100
-Visual Studio 2012 $(DefaultPlatformToolset): v110
-Visual Studio 2013 $(DefaultPlatformToolset): v120
-
-This way the projects will be built properly using the appropriate toolset no matter which version
-of Visual Studio (>= 2010) the project files are opened in (eg Visual Studio 2012 should compile
-project using its 2012 compiler) and without any project upgrade notices.
--->
-    <PlatformToolset>$(DefaultPlatformToolset)</PlatformToolset>
-  </PropertyGroup>
-</Project>
diff --git a/examples/echoserver/echoserver.vcxproj b/examples/echoserver/echoserver.vcxproj
index 09381a8f6..096ba75c6 100644
--- a/examples/echoserver/echoserver.vcxproj
+++ b/examples/echoserver/echoserver.vcxproj
@@ -40,41 +40,48 @@
     <Keyword>Win32Proj</Keyword>
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
-  <Import Project="echoserver.vcxproj.props" />
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
     <WholeProgramOptimization>true</WholeProgramOptimization>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
     <WholeProgramOptimization>true</WholeProgramOptimization>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
     <WholeProgramOptimization>true</WholeProgramOptimization>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
     <WholeProgramOptimization>true</WholeProgramOptimization>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
diff --git a/examples/echoserver/echoserver.vcxproj.props b/examples/echoserver/echoserver.vcxproj.props
deleted file mode 100644
index 97cb4c2ec..000000000
--- a/examples/echoserver/echoserver.vcxproj.props
+++ /dev/null
@@ -1,44 +0,0 @@
-<!--
-****************************************************************************************************
-Property file for specifying PlatformToolset.
-
-WARNING:  DO NOT MODIFY this file unless you are knowledgeable about MSBuild and have
-          created a backup copy.  Incorrect changes to this file will make it
-          impossible to load or build your projects from the command-line or the IDE.
-
-This file should be included immediately after Microsoft.Cpp.Default.props in every vcxproj.
-  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
-  <Import Project="project-name.vcxproj.props" />
-
-Copyright (C) 2014 Jay Satiro <raysatiro@yahoo.com>. All rights reserved. https://github.com/jay
-****************************************************************************************************
--->
-
-<Project xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
-  <PropertyGroup>
-<!--
-VS2010 specific: 'DefaultPlatformToolset' isn't an inherited MS property so it must be defined here.
--->
-    <DefaultPlatformToolset Condition="'$(DefaultPlatformToolset)' == '' and '$(VisualStudioVersion)' == '10.0'">v100</DefaultPlatformToolset>
-<!--
-In Visual Studio what is referred to in the documentation as the default platform toolset is
-whatever is in the inherited MS property 'PlatformToolset' and _not_ 'DefaultPlatformToolset'. That
-means in Visual Studio 2010, 2012 and 2013 the default platform toolset is v100 (VS2010 compiler).
-
-http://msdn.microsoft.com/en-us/library/8x480de8(v=vs.110).aspx
-http://msdn.microsoft.com/en-us/library/8x480de8(v=vs.120).aspx
-
-The default platform toolset for my projects should be the toolset included with whatever version of
-Visual Studio is being used. That can be found in 'DefaultPlatformToolset', eg:
-
-Visual Studio 2010 $(DefaultPlatformToolset): v100
-Visual Studio 2012 $(DefaultPlatformToolset): v110
-Visual Studio 2013 $(DefaultPlatformToolset): v120
-
-This way the projects will be built properly using the appropriate toolset no matter which version
-of Visual Studio (>= 2010) the project files are opened in (eg Visual Studio 2012 should compile
-project using its 2012 compiler) and without any project upgrade notices.
--->
-    <PlatformToolset>$(DefaultPlatformToolset)</PlatformToolset>
-  </PropertyGroup>
-</Project>
diff --git a/examples/server/server.vcxproj b/examples/server/server.vcxproj
index 6581aece5..f6b53fc57 100644
--- a/examples/server/server.vcxproj
+++ b/examples/server/server.vcxproj
@@ -40,41 +40,48 @@
     <Keyword>Win32Proj</Keyword>
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
-  <Import Project="server.vcxproj.props" />
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
     <WholeProgramOptimization>true</WholeProgramOptimization>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
     <WholeProgramOptimization>true</WholeProgramOptimization>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
     <WholeProgramOptimization>true</WholeProgramOptimization>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
     <WholeProgramOptimization>true</WholeProgramOptimization>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
diff --git a/examples/server/server.vcxproj.props b/examples/server/server.vcxproj.props
deleted file mode 100644
index 97cb4c2ec..000000000
--- a/examples/server/server.vcxproj.props
+++ /dev/null
@@ -1,44 +0,0 @@
-<!--
-****************************************************************************************************
-Property file for specifying PlatformToolset.
-
-WARNING:  DO NOT MODIFY this file unless you are knowledgeable about MSBuild and have
-          created a backup copy.  Incorrect changes to this file will make it
-          impossible to load or build your projects from the command-line or the IDE.
-
-This file should be included immediately after Microsoft.Cpp.Default.props in every vcxproj.
-  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
-  <Import Project="project-name.vcxproj.props" />
-
-Copyright (C) 2014 Jay Satiro <raysatiro@yahoo.com>. All rights reserved. https://github.com/jay
-****************************************************************************************************
--->
-
-<Project xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
-  <PropertyGroup>
-<!--
-VS2010 specific: 'DefaultPlatformToolset' isn't an inherited MS property so it must be defined here.
--->
-    <DefaultPlatformToolset Condition="'$(DefaultPlatformToolset)' == '' and '$(VisualStudioVersion)' == '10.0'">v100</DefaultPlatformToolset>
-<!--
-In Visual Studio what is referred to in the documentation as the default platform toolset is
-whatever is in the inherited MS property 'PlatformToolset' and _not_ 'DefaultPlatformToolset'. That
-means in Visual Studio 2010, 2012 and 2013 the default platform toolset is v100 (VS2010 compiler).
-
-http://msdn.microsoft.com/en-us/library/8x480de8(v=vs.110).aspx
-http://msdn.microsoft.com/en-us/library/8x480de8(v=vs.120).aspx
-
-The default platform toolset for my projects should be the toolset included with whatever version of
-Visual Studio is being used. That can be found in 'DefaultPlatformToolset', eg:
-
-Visual Studio 2010 $(DefaultPlatformToolset): v100
-Visual Studio 2012 $(DefaultPlatformToolset): v110
-Visual Studio 2013 $(DefaultPlatformToolset): v120
-
-This way the projects will be built properly using the appropriate toolset no matter which version
-of Visual Studio (>= 2010) the project files are opened in (eg Visual Studio 2012 should compile
-project using its 2012 compiler) and without any project upgrade notices.
--->
-    <PlatformToolset>$(DefaultPlatformToolset)</PlatformToolset>
-  </PropertyGroup>
-</Project>
diff --git a/sslSniffer/sslSniffer.vcxproj b/sslSniffer/sslSniffer.vcxproj
index f00bf8e4b..56404e997 100644
--- a/sslSniffer/sslSniffer.vcxproj
+++ b/sslSniffer/sslSniffer.vcxproj
@@ -24,23 +24,26 @@
     <Keyword>Win32Proj</Keyword>
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
-  <Import Project="sslSniffer.vcxproj.props" />
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
     <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
     <WholeProgramOptimization>true</WholeProgramOptimization>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
     <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
     <WholeProgramOptimization>true</WholeProgramOptimization>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
     <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
     <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
diff --git a/sslSniffer/sslSniffer.vcxproj.props b/sslSniffer/sslSniffer.vcxproj.props
deleted file mode 100644
index 97cb4c2ec..000000000
--- a/sslSniffer/sslSniffer.vcxproj.props
+++ /dev/null
@@ -1,44 +0,0 @@
-<!--
-****************************************************************************************************
-Property file for specifying PlatformToolset.
-
-WARNING:  DO NOT MODIFY this file unless you are knowledgeable about MSBuild and have
-          created a backup copy.  Incorrect changes to this file will make it
-          impossible to load or build your projects from the command-line or the IDE.
-
-This file should be included immediately after Microsoft.Cpp.Default.props in every vcxproj.
-  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
-  <Import Project="project-name.vcxproj.props" />
-
-Copyright (C) 2014 Jay Satiro <raysatiro@yahoo.com>. All rights reserved. https://github.com/jay
-****************************************************************************************************
--->
-
-<Project xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
-  <PropertyGroup>
-<!--
-VS2010 specific: 'DefaultPlatformToolset' isn't an inherited MS property so it must be defined here.
--->
-    <DefaultPlatformToolset Condition="'$(DefaultPlatformToolset)' == '' and '$(VisualStudioVersion)' == '10.0'">v100</DefaultPlatformToolset>
-<!--
-In Visual Studio what is referred to in the documentation as the default platform toolset is
-whatever is in the inherited MS property 'PlatformToolset' and _not_ 'DefaultPlatformToolset'. That
-means in Visual Studio 2010, 2012 and 2013 the default platform toolset is v100 (VS2010 compiler).
-
-http://msdn.microsoft.com/en-us/library/8x480de8(v=vs.110).aspx
-http://msdn.microsoft.com/en-us/library/8x480de8(v=vs.120).aspx
-
-The default platform toolset for my projects should be the toolset included with whatever version of
-Visual Studio is being used. That can be found in 'DefaultPlatformToolset', eg:
-
-Visual Studio 2010 $(DefaultPlatformToolset): v100
-Visual Studio 2012 $(DefaultPlatformToolset): v110
-Visual Studio 2013 $(DefaultPlatformToolset): v120
-
-This way the projects will be built properly using the appropriate toolset no matter which version
-of Visual Studio (>= 2010) the project files are opened in (eg Visual Studio 2012 should compile
-project using its 2012 compiler) and without any project upgrade notices.
--->
-    <PlatformToolset>$(DefaultPlatformToolset)</PlatformToolset>
-  </PropertyGroup>
-</Project>
diff --git a/testsuite/testsuite.vcxproj b/testsuite/testsuite.vcxproj
index a8c748918..484a87584 100644
--- a/testsuite/testsuite.vcxproj
+++ b/testsuite/testsuite.vcxproj
@@ -40,41 +40,48 @@
     <Keyword>Win32Proj</Keyword>
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
-  <Import Project="testsuite.vcxproj.props" />
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
     <WholeProgramOptimization>true</WholeProgramOptimization>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
     <WholeProgramOptimization>true</WholeProgramOptimization>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
     <WholeProgramOptimization>true</WholeProgramOptimization>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
     <WholeProgramOptimization>true</WholeProgramOptimization>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
diff --git a/testsuite/testsuite.vcxproj.props b/testsuite/testsuite.vcxproj.props
deleted file mode 100644
index 97cb4c2ec..000000000
--- a/testsuite/testsuite.vcxproj.props
+++ /dev/null
@@ -1,44 +0,0 @@
-<!--
-****************************************************************************************************
-Property file for specifying PlatformToolset.
-
-WARNING:  DO NOT MODIFY this file unless you are knowledgeable about MSBuild and have
-          created a backup copy.  Incorrect changes to this file will make it
-          impossible to load or build your projects from the command-line or the IDE.
-
-This file should be included immediately after Microsoft.Cpp.Default.props in every vcxproj.
-  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
-  <Import Project="project-name.vcxproj.props" />
-
-Copyright (C) 2014 Jay Satiro <raysatiro@yahoo.com>. All rights reserved. https://github.com/jay
-****************************************************************************************************
--->
-
-<Project xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
-  <PropertyGroup>
-<!--
-VS2010 specific: 'DefaultPlatformToolset' isn't an inherited MS property so it must be defined here.
--->
-    <DefaultPlatformToolset Condition="'$(DefaultPlatformToolset)' == '' and '$(VisualStudioVersion)' == '10.0'">v100</DefaultPlatformToolset>
-<!--
-In Visual Studio what is referred to in the documentation as the default platform toolset is
-whatever is in the inherited MS property 'PlatformToolset' and _not_ 'DefaultPlatformToolset'. That
-means in Visual Studio 2010, 2012 and 2013 the default platform toolset is v100 (VS2010 compiler).
-
-http://msdn.microsoft.com/en-us/library/8x480de8(v=vs.110).aspx
-http://msdn.microsoft.com/en-us/library/8x480de8(v=vs.120).aspx
-
-The default platform toolset for my projects should be the toolset included with whatever version of
-Visual Studio is being used. That can be found in 'DefaultPlatformToolset', eg:
-
-Visual Studio 2010 $(DefaultPlatformToolset): v100
-Visual Studio 2012 $(DefaultPlatformToolset): v110
-Visual Studio 2013 $(DefaultPlatformToolset): v120
-
-This way the projects will be built properly using the appropriate toolset no matter which version
-of Visual Studio (>= 2010) the project files are opened in (eg Visual Studio 2012 should compile
-project using its 2012 compiler) and without any project upgrade notices.
--->
-    <PlatformToolset>$(DefaultPlatformToolset)</PlatformToolset>
-  </PropertyGroup>
-</Project>
diff --git a/wolfssl.vcxproj b/wolfssl.vcxproj
index c4b6840a3..8a95297e1 100644
--- a/wolfssl.vcxproj
+++ b/wolfssl.vcxproj
@@ -40,41 +40,48 @@
     <Keyword>Win32Proj</Keyword>
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
-  <Import Project="wolfssl.vcxproj.props" />
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
     <ConfigurationType>StaticLibrary</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
     <WholeProgramOptimization>true</WholeProgramOptimization>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'" Label="Configuration">
     <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
     <WholeProgramOptimization>true</WholeProgramOptimization>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
     <ConfigurationType>StaticLibrary</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
     <WholeProgramOptimization>true</WholeProgramOptimization>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'" Label="Configuration">
     <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
     <WholeProgramOptimization>true</WholeProgramOptimization>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
     <ConfigurationType>StaticLibrary</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'" Label="Configuration">
     <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
     <ConfigurationType>StaticLibrary</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'" Label="Configuration">
     <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
diff --git a/wolfssl.vcxproj.props b/wolfssl.vcxproj.props
deleted file mode 100644
index 97cb4c2ec..000000000
--- a/wolfssl.vcxproj.props
+++ /dev/null
@@ -1,44 +0,0 @@
-<!--
-****************************************************************************************************
-Property file for specifying PlatformToolset.
-
-WARNING:  DO NOT MODIFY this file unless you are knowledgeable about MSBuild and have
-          created a backup copy.  Incorrect changes to this file will make it
-          impossible to load or build your projects from the command-line or the IDE.
-
-This file should be included immediately after Microsoft.Cpp.Default.props in every vcxproj.
-  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
-  <Import Project="project-name.vcxproj.props" />
-
-Copyright (C) 2014 Jay Satiro <raysatiro@yahoo.com>. All rights reserved. https://github.com/jay
-****************************************************************************************************
--->
-
-<Project xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
-  <PropertyGroup>
-<!--
-VS2010 specific: 'DefaultPlatformToolset' isn't an inherited MS property so it must be defined here.
--->
-    <DefaultPlatformToolset Condition="'$(DefaultPlatformToolset)' == '' and '$(VisualStudioVersion)' == '10.0'">v100</DefaultPlatformToolset>
-<!--
-In Visual Studio what is referred to in the documentation as the default platform toolset is
-whatever is in the inherited MS property 'PlatformToolset' and _not_ 'DefaultPlatformToolset'. That
-means in Visual Studio 2010, 2012 and 2013 the default platform toolset is v100 (VS2010 compiler).
-
-http://msdn.microsoft.com/en-us/library/8x480de8(v=vs.110).aspx
-http://msdn.microsoft.com/en-us/library/8x480de8(v=vs.120).aspx
-
-The default platform toolset for my projects should be the toolset included with whatever version of
-Visual Studio is being used. That can be found in 'DefaultPlatformToolset', eg:
-
-Visual Studio 2010 $(DefaultPlatformToolset): v100
-Visual Studio 2012 $(DefaultPlatformToolset): v110
-Visual Studio 2013 $(DefaultPlatformToolset): v120
-
-This way the projects will be built properly using the appropriate toolset no matter which version
-of Visual Studio (>= 2010) the project files are opened in (eg Visual Studio 2012 should compile
-project using its 2012 compiler) and without any project upgrade notices.
--->
-    <PlatformToolset>$(DefaultPlatformToolset)</PlatformToolset>
-  </PropertyGroup>
-</Project>

From 3aeedcf092e3cc0de2a728c5b9415652cb540d24 Mon Sep 17 00:00:00 2001
From: Takashi Kojo <kojo@wolfsssl.com>
Date: Wed, 1 Apr 2015 16:19:29 +0900
Subject: [PATCH 003/350] fixed --enable-debug issue on Intel MULX, asm.c

---
 wolfcrypt/src/asm.c | 66 ++++++++++++++++++++++++---------------------
 1 file changed, 36 insertions(+), 30 deletions(-)

diff --git a/wolfcrypt/src/asm.c b/wolfcrypt/src/asm.c
index fef35cd1c..a5ee7d1ba 100755
--- a/wolfcrypt/src/asm.c
+++ b/wolfcrypt/src/asm.c
@@ -1232,54 +1232,60 @@ __asm__(                                                      \
 /* anything you need at the end */
 #define COMBA_FINI
 
-#define MULADD_MULX(b0, c0, c1)\
-    __asm__  volatile (                                           \
+#define MULADD_MULX(b0, c0, c1, rdx)\
+    __asm__  volatile (                                   \
+         "movq   %3, %%rdx\n\t"                           \
          "mulx  %2,%%r9, %%r8 \n\t"                       \
          "adoxq  %%r9,%0     \n\t"                        \
          "adcxq  %%r8,%1     \n\t"                        \
-         :"+r"(c0),"+r"(c1):"r"(b0):"%r8","%r9","%r10","%rdx"\
+         :"+r"(c0),"+r"(c1):"r"(b0), "r"(rdx):"%r8","%r9","%r10","%rdx"\
     )
 
 
 #define MULADD_MULX_ADD_CARRY(c0, c1)\
     __asm__ volatile(\
     "mov $0, %%r10\n\t"\
-    "movq %1, %%r8\n\t"                           \
+    "movq %1, %%r8\n\t"\
     "adox %%r10, %0\n\t"\
     "adcx %%r10, %1\n\t"\
     :"+r"(c0),"+r"(c1)::"%r8","%r9","%r10","%rdx") ;
 
 #define MULADD_SET_A(a0)\
-    __asm__ volatile("add $0, %%r8\n\t"                     \
-             "movq  %0,%%rdx\n\t"::"r"(a0):"%r8","%r9","%r10","%rdx") ;          \
+    __asm__ volatile("add $0, %%r8\n\t"                   \
+             "movq  %0,%%rdx\n\t"                         \
+             ::"r"(a0):"%r8","%r9","%r10","%rdx") ;
 
 #define MULADD_BODY(a,b,c)\
-        cp = &(c->dp[iz]) ;\
-        c0 = cp[0] ; c1 = cp[1];\
-        MULADD_SET_A(a->dp[ix]) ;\
-        MULADD_MULX(b0, c0, c1) ;\
-        cp[0]=c0; c0=cp[2]; cp++ ;\
-        MULADD_MULX(b1, c1, c0) ;\
-        cp[0]=c1; c1=cp[2]; cp++ ; \
-        MULADD_MULX(b2, c0, c1) ;\
-        cp[0]=c0; c0=cp[2]; cp++ ; \
-        MULADD_MULX(b3, c1, c0) ;\
-        cp[0]=c1; c1=cp[2]; cp++ ; \
-        MULADD_MULX_ADD_CARRY(c0, c1) ;\
-        cp[0]=c0; cp[1]=c1;
+    {   word64 rdx = a->dp[ix] ;      \
+        cp = &(c->dp[iz]) ;           \
+        c0 = cp[0] ; c1 = cp[1];      \
+        MULADD_SET_A(rdx) ;           \
+        MULADD_MULX(b0, c0, c1, rdx) ;\
+        cp[0]=c0; c0=cp[2];           \
+        MULADD_MULX(b1, c1, c0, rdx) ;\
+        cp[1]=c1; c1=cp[3];           \
+        MULADD_MULX(b2, c0, c1, rdx) ;\
+        cp[2]=c0; c0=cp[4];           \
+        MULADD_MULX(b3, c1, c0, rdx) ;\
+        cp[3]=c1; c1=cp[5];           \
+        MULADD_MULX_ADD_CARRY(c0, c1);\
+        cp[4]=c0; cp[5]=c1;           \
+    }
 
 #define TFM_INTEL_MUL_COMBA(a, b, c)\
-  for(ix=0; ix<pa; ix++)c->dp[ix]=0 ;\
-  for(iy=0; (iy<b->used); iy+=4) {\
-    fp_digit *bp ;\
-    bp = &(b->dp[iy+0]) ; \
-    fp_digit b0 = bp[0] , b1= bp[1], b2= bp[2], b3= bp[3];\
-    ix=0, iz=iy;\
-    while(ix<a->used) {\
-        fp_digit c0, c1; \
-        fp_digit *cp ;\
-        MULADD_BODY(a,b,c);  ix++ ; iz++ ; \
-    }\
+  for(ix=0; ix<pa; ix++)c->dp[ix]=0 ; \
+  for(iy=0; (iy<b->used); iy+=4) {    \
+    fp_digit *bp ;                    \
+    bp = &(b->dp[iy+0]) ;             \
+    fp_digit b0 = bp[0] , b1= bp[1],  \
+             b2= bp[2], b3= bp[3];    \
+    ix=0, iz=iy;                      \
+    while(ix<a->used) {               \
+        fp_digit c0, c1;              \
+        fp_digit *cp ;                \
+        MULADD_BODY(a,b,c);           \
+        ix++ ; iz++ ;                 \
+    }                                 \
 };
 
 #elif defined(TFM_X86_64)

From 50e829ea7941f275d7c8f4e2c82aade6c17470b7 Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Wed, 1 Apr 2015 15:36:55 -0700
Subject: [PATCH 004/350] when keeping peer cert, alt names were getting lost
 for the peer name check

---
 src/internal.c          | 6 +++---
 wolfcrypt/src/asn.c     | 5 ++++-
 wolfssl/wolfcrypt/asn.h | 1 +
 3 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/src/internal.c b/src/internal.c
index 89dc78db4..49e078c49 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -3817,9 +3817,9 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
         x509->derCert.length = dCert->maxIdx;
     }
 
-    x509->altNames     = dCert->altNames;
-    dCert->altNames    = NULL;     /* takes ownership */
-    x509->altNamesNext = x509->altNames;  /* index hint */
+    x509->altNames       = dCert->altNames;
+    dCert->weOwnAltNames = 0;
+    x509->altNamesNext   = x509->altNames;  /* index hint */
 
     x509->isCa = dCert->isCA;
 #ifdef OPENSSL_EXTRA
diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
index 6c61fbf2a..231ad0ce1 100644
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -1425,6 +1425,7 @@ void InitDecodedCert(DecodedCert* cert, byte* source, word32 inSz, void* heap)
     cert->subjectCNLen    = 0;
     cert->subjectCNEnc    = CTC_UTF8;
     cert->subjectCNStored = 0;
+    cert->weOwnAltNames   = 0;
     cert->altNames        = NULL;
 #ifndef IGNORE_NAME_CONSTRAINTS
     cert->altEmailNames   = NULL;
@@ -1563,7 +1564,7 @@ void FreeDecodedCert(DecodedCert* cert)
         XFREE(cert->subjectCN, cert->heap, DYNAMIC_TYPE_SUBJECT_CN);
     if (cert->pubKeyStored == 1)
         XFREE(cert->publicKey, cert->heap, DYNAMIC_TYPE_PUBLIC_KEY);
-    if (cert->altNames)
+    if (cert->weOwnAltNames && cert->altNames)
         FreeAltNames(cert->altNames, cert->heap);
 #ifndef IGNORE_NAME_CONSTRAINTS
     if (cert->altEmailNames)
@@ -3416,6 +3417,8 @@ static int DecodeAltNames(byte* input, int sz, DecodedCert* cert)
         return ASN_PARSE_E;
     }
 
+    cert->weOwnAltNames = 1;
+
     while (length > 0) {
         byte       b = input[idx++];
 
diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h
index bcea930ab..7511cdfc4 100644
--- a/wolfssl/wolfcrypt/asn.h
+++ b/wolfssl/wolfcrypt/asn.h
@@ -387,6 +387,7 @@ struct DecodedCert {
     byte    extNameConstraintSet;
 #endif /* IGNORE_NAME_CONSTRAINTS */
     byte    isCA;                    /* CA basic constraint true         */
+    byte    weOwnAltNames;           /* altNames haven't been given to copy */
     byte    extKeyUsageSet;
     word16  extKeyUsage;             /* Key usage bitfield               */
     byte    extExtKeyUsageSet;       /* Extended Key Usage               */

From ad29c262d4321a0dcc392cf1d741ff6fb7b1b9e5 Mon Sep 17 00:00:00 2001
From: Vikram Adiga <vikram.adiga@ti.com>
Date: Wed, 1 Apr 2015 16:21:48 -0700
Subject: [PATCH 005/350] use Seconds APIs instead of MYTIME APIs for TI-RTOS

---
 src/internal.c               | 2 +-
 wolfcrypt/src/asn.c          | 2 +-
 wolfssl/wolfcrypt/settings.h | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/internal.c b/src/internal.c
index 49e078c49..176c98b3f 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -2349,7 +2349,7 @@ ProtocolVersion MakeDTLSv1_2(void)
 
     word32 LowResTimer(void)
     {
-        return (word32) MYTIME_gettime();
+        return (word32) Seconds_get();
     }
 
 #elif defined(USER_TICKS)
diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
index 231ad0ce1..399753ab3 100644
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -363,7 +363,7 @@ time_t XTIME(time_t * timer)
 {
     time_t sec = 0;
 
-    sec = (time_t) MYTIME_gettime();
+    sec = (time_t) Seconds_get();
 
     if (timer != NULL)
         *timer = sec;
diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h
index 9ffe61acd..23924ca2c 100644
--- a/wolfssl/wolfcrypt/settings.h
+++ b/wolfssl/wolfcrypt/settings.h
@@ -340,7 +340,7 @@
         #pragma diag_suppress=11
     #endif
 
-    #include <ti/ndk/nettools/mytime/mytime.h>
+    #include <ti/sysbios/hal/Seconds.h>
 #endif
 
 #ifdef EBSNET

From 4a5912c7544aa1bae8544dc414d3e6b6541390c6 Mon Sep 17 00:00:00 2001
From: Vikram Adiga <vikram.adiga@ti.com>
Date: Wed, 1 Apr 2015 16:43:05 -0700
Subject: [PATCH 006/350] fix tirtos build for wolfssl name change

---
 tirtos/packages/ti/net/wolfssl/package.bld          |  2 +-
 tirtos/packages/ti/net/wolfssl/package.xdc          |  3 +--
 tirtos/packages/ti/net/wolfssl/package.xs           |  2 +-
 .../wolfcrypt/benchmark/TM4C1294NC.icf              |  0
 .../wolfcrypt/benchmark/benchmark.cfg               |  0
 .../{ => EK_TM4C1294XL}/wolfcrypt/benchmark/main.c  |  4 ++--
 .../wolfcrypt/benchmark/package.bld                 | 10 +++++-----
 .../EK_TM4C1294XL/wolfcrypt/benchmark/package.xdc   |  6 ++++++
 .../wolfcrypt/test/TM4C1294NC.icf                   |  0
 .../tests/{ => EK_TM4C1294XL}/wolfcrypt/test/main.c |  3 +--
 .../{ => EK_TM4C1294XL}/wolfcrypt/test/package.bld  | 10 +++++-----
 .../tests/EK_TM4C1294XL/wolfcrypt/test/package.xdc  |  6 ++++++
 .../{ => EK_TM4C1294XL}/wolfcrypt/test/test.cfg     |  0
 .../wolfssl/tests/wolfcrypt/benchmark/package.xdc   |  6 ------
 .../ti/net/wolfssl/tests/wolfcrypt/test/package.xdc |  6 ------
 tirtos/wolfssl.bld                                  | 13 ++++++++-----
 16 files changed, 36 insertions(+), 35 deletions(-)
 rename tirtos/packages/ti/net/wolfssl/tests/{ => EK_TM4C1294XL}/wolfcrypt/benchmark/TM4C1294NC.icf (100%)
 rename tirtos/packages/ti/net/wolfssl/tests/{ => EK_TM4C1294XL}/wolfcrypt/benchmark/benchmark.cfg (100%)
 rename tirtos/packages/ti/net/wolfssl/tests/{ => EK_TM4C1294XL}/wolfcrypt/benchmark/main.c (97%)
 rename tirtos/packages/ti/net/wolfssl/tests/{ => EK_TM4C1294XL}/wolfcrypt/benchmark/package.bld (93%)
 create mode 100644 tirtos/packages/ti/net/wolfssl/tests/EK_TM4C1294XL/wolfcrypt/benchmark/package.xdc
 rename tirtos/packages/ti/net/wolfssl/tests/{ => EK_TM4C1294XL}/wolfcrypt/test/TM4C1294NC.icf (100%)
 rename tirtos/packages/ti/net/wolfssl/tests/{ => EK_TM4C1294XL}/wolfcrypt/test/main.c (95%)
 rename tirtos/packages/ti/net/wolfssl/tests/{ => EK_TM4C1294XL}/wolfcrypt/test/package.bld (92%)
 create mode 100644 tirtos/packages/ti/net/wolfssl/tests/EK_TM4C1294XL/wolfcrypt/test/package.xdc
 rename tirtos/packages/ti/net/wolfssl/tests/{ => EK_TM4C1294XL}/wolfcrypt/test/test.cfg (100%)
 delete mode 100644 tirtos/packages/ti/net/wolfssl/tests/wolfcrypt/benchmark/package.xdc
 delete mode 100644 tirtos/packages/ti/net/wolfssl/tests/wolfcrypt/test/package.xdc

diff --git a/tirtos/packages/ti/net/wolfssl/package.bld b/tirtos/packages/ti/net/wolfssl/package.bld
index 95d0811ac..002cb08dc 100644
--- a/tirtos/packages/ti/net/wolfssl/package.bld
+++ b/tirtos/packages/ti/net/wolfssl/package.bld
@@ -50,7 +50,7 @@ var wolfSSLObjList = [
 
 for each (var targ in Build.targets) {
     var libOptions = {incs: wolfsslPathInclude};
-    var lib = Pkg.addLibrary("lib/" + Pkg.name, targ, libOptions);
+    var lib = Pkg.addLibrary("lib/wolfssl", targ, libOptions);
     lib.addObjects(wolfSSLObjList);
 }
 
diff --git a/tirtos/packages/ti/net/wolfssl/package.xdc b/tirtos/packages/ti/net/wolfssl/package.xdc
index f0c4b9f83..5fe467d45 100644
--- a/tirtos/packages/ti/net/wolfssl/package.xdc
+++ b/tirtos/packages/ti/net/wolfssl/package.xdc
@@ -1,7 +1,6 @@
 /*!
  *  ======== ti.net.wolfssl ========
  *  wolfSSL library for TI-RTOS
- *
  */
-package ti.net.wolfssl {
+package ti.net.wolfssl [1, 0, 0] {
 }
diff --git a/tirtos/packages/ti/net/wolfssl/package.xs b/tirtos/packages/ti/net/wolfssl/package.xs
index 9ecf38e5b..7f5215d36 100644
--- a/tirtos/packages/ti/net/wolfssl/package.xs
+++ b/tirtos/packages/ti/net/wolfssl/package.xs
@@ -8,5 +8,5 @@
  */
 function getLibs(prog) 
 {
-    return ("lib/" + this.$name + ".a" + prog.build.target.suffix);
+    return ("lib/wolfssl.a" + prog.build.target.suffix);
 }
diff --git a/tirtos/packages/ti/net/wolfssl/tests/wolfcrypt/benchmark/TM4C1294NC.icf b/tirtos/packages/ti/net/wolfssl/tests/EK_TM4C1294XL/wolfcrypt/benchmark/TM4C1294NC.icf
similarity index 100%
rename from tirtos/packages/ti/net/wolfssl/tests/wolfcrypt/benchmark/TM4C1294NC.icf
rename to tirtos/packages/ti/net/wolfssl/tests/EK_TM4C1294XL/wolfcrypt/benchmark/TM4C1294NC.icf
diff --git a/tirtos/packages/ti/net/wolfssl/tests/wolfcrypt/benchmark/benchmark.cfg b/tirtos/packages/ti/net/wolfssl/tests/EK_TM4C1294XL/wolfcrypt/benchmark/benchmark.cfg
similarity index 100%
rename from tirtos/packages/ti/net/wolfssl/tests/wolfcrypt/benchmark/benchmark.cfg
rename to tirtos/packages/ti/net/wolfssl/tests/EK_TM4C1294XL/wolfcrypt/benchmark/benchmark.cfg
diff --git a/tirtos/packages/ti/net/wolfssl/tests/wolfcrypt/benchmark/main.c b/tirtos/packages/ti/net/wolfssl/tests/EK_TM4C1294XL/wolfcrypt/benchmark/main.c
similarity index 97%
rename from tirtos/packages/ti/net/wolfssl/tests/wolfcrypt/benchmark/main.c
rename to tirtos/packages/ti/net/wolfssl/tests/EK_TM4C1294XL/wolfcrypt/benchmark/main.c
index 15ee1fb98..eddd432f7 100644
--- a/tirtos/packages/ti/net/wolfssl/tests/wolfcrypt/benchmark/main.c
+++ b/tirtos/packages/ti/net/wolfssl/tests/EK_TM4C1294XL/wolfcrypt/benchmark/main.c
@@ -1,6 +1,6 @@
 /*
  *  ======== main.c ========
- *  Entry point for Benchmark application 
+ *  Entry point for Benchmark application
  */
 /* BIOS Header files */
 #include <ti/sysbios/BIOS.h>
@@ -27,7 +27,7 @@ void runBenchmarks(UArg arg0, UArg arg1)
 {
     void *args = NULL;
     msTimer_init();
-    
+
     System_printf("Running benchmarks...\n");
     System_flush();
     benchmark_test(args);
diff --git a/tirtos/packages/ti/net/wolfssl/tests/wolfcrypt/benchmark/package.bld b/tirtos/packages/ti/net/wolfssl/tests/EK_TM4C1294XL/wolfcrypt/benchmark/package.bld
similarity index 93%
rename from tirtos/packages/ti/net/wolfssl/tests/wolfcrypt/benchmark/package.bld
rename to tirtos/packages/ti/net/wolfssl/tests/EK_TM4C1294XL/wolfcrypt/benchmark/package.bld
index cff396855..453fee738 100644
--- a/tirtos/packages/ti/net/wolfssl/tests/wolfcrypt/benchmark/package.bld
+++ b/tirtos/packages/ti/net/wolfssl/tests/EK_TM4C1294XL/wolfcrypt/benchmark/package.bld
@@ -10,7 +10,7 @@ if ((typeof(TivaWareDir) == undefined) || (TivaWareDir == "")) {
 var Build = xdc.useModule('xdc.bld.BuildEnvironment');
 var Pkg = xdc.useModule('xdc.bld.PackageContents');
 
-/* make command to search for the srcs */ 
+/* make command to search for the srcs */
 Pkg.makePrologue = "vpath %.c $(subst ;,  ,$(XPKGPATH))";
 
 var srcs = [
@@ -37,16 +37,16 @@ for each (var targ in Build.targets) {
         targ.$orig.lnkOpts.suffix = suffix.replace(/PrintfSmall/, "PrintfFull");
     }
     else if (targ.$name.match(/^gnu/)) {
-        targ.$orig.lnkOpts.suffix += " -L" + TivaWareDir + "/driverlib/gcc " 
+        targ.$orig.lnkOpts.suffix += " -L" + TivaWareDir + "/driverlib/gcc "
                 + " -Wl,--start-group -ldriver -Wl,--end-group ";
         targ.$orig.bspLib = "rdimon";
     }
- 
-    var exeOptions = { incs: wolfsslPathInclude 
+
+    var exeOptions = { incs: wolfsslPathInclude
             + " -DNO_MAIN_DRIVER -D_INCLUDE_NIMU_CODE -DBENCH_EMBEDDED "
             + " -DTIVAWARE -DPART_TM4C1294NCPDT",
             lopts: lnkOpts
-    };   
+    };
 
     var exe = Pkg.addExecutable("benchmark", targ, platform, exeOptions);
     exe.addObjects(srcs);
diff --git a/tirtos/packages/ti/net/wolfssl/tests/EK_TM4C1294XL/wolfcrypt/benchmark/package.xdc b/tirtos/packages/ti/net/wolfssl/tests/EK_TM4C1294XL/wolfcrypt/benchmark/package.xdc
new file mode 100644
index 000000000..6a93cc333
--- /dev/null
+++ b/tirtos/packages/ti/net/wolfssl/tests/EK_TM4C1294XL/wolfcrypt/benchmark/package.xdc
@@ -0,0 +1,6 @@
+/*
+ *  ======== ti.net.wolfssl.tests.EK_TM4C1294XL.wolfcrypt.benchmark ========
+ *  wc_ Benchmark Application
+ */
+package ti.net.wolfssl.tests.EK_TM4C1294XL.wolfcrypt.benchmark [1, 0, 0] {
+}
diff --git a/tirtos/packages/ti/net/wolfssl/tests/wolfcrypt/test/TM4C1294NC.icf b/tirtos/packages/ti/net/wolfssl/tests/EK_TM4C1294XL/wolfcrypt/test/TM4C1294NC.icf
similarity index 100%
rename from tirtos/packages/ti/net/wolfssl/tests/wolfcrypt/test/TM4C1294NC.icf
rename to tirtos/packages/ti/net/wolfssl/tests/EK_TM4C1294XL/wolfcrypt/test/TM4C1294NC.icf
diff --git a/tirtos/packages/ti/net/wolfssl/tests/wolfcrypt/test/main.c b/tirtos/packages/ti/net/wolfssl/tests/EK_TM4C1294XL/wolfcrypt/test/main.c
similarity index 95%
rename from tirtos/packages/ti/net/wolfssl/tests/wolfcrypt/test/main.c
rename to tirtos/packages/ti/net/wolfssl/tests/EK_TM4C1294XL/wolfcrypt/test/main.c
index 41378767a..88023e4e1 100644
--- a/tirtos/packages/ti/net/wolfssl/tests/wolfcrypt/test/main.c
+++ b/tirtos/packages/ti/net/wolfssl/tests/EK_TM4C1294XL/wolfcrypt/test/main.c
@@ -1,6 +1,6 @@
 /*
  *  ======== main.c ========
- *  Entry point to wolfcrypt Test Application   
+ *  Entry point to wolfcrypt Test Application
  */
 
 /* XDCtools Header files */
@@ -53,4 +53,3 @@ int main(int argc, char** argv)
 
     BIOS_start();
 }
-
diff --git a/tirtos/packages/ti/net/wolfssl/tests/wolfcrypt/test/package.bld b/tirtos/packages/ti/net/wolfssl/tests/EK_TM4C1294XL/wolfcrypt/test/package.bld
similarity index 92%
rename from tirtos/packages/ti/net/wolfssl/tests/wolfcrypt/test/package.bld
rename to tirtos/packages/ti/net/wolfssl/tests/EK_TM4C1294XL/wolfcrypt/test/package.bld
index a76add170..adfca1c9c 100644
--- a/tirtos/packages/ti/net/wolfssl/tests/wolfcrypt/test/package.bld
+++ b/tirtos/packages/ti/net/wolfssl/tests/EK_TM4C1294XL/wolfcrypt/test/package.bld
@@ -10,7 +10,7 @@ if ((typeof(TivaWareDir) == undefined) || (TivaWareDir == "")) {
 var Build = xdc.useModule('xdc.bld.BuildEnvironment');
 var Pkg = xdc.useModule('xdc.bld.PackageContents');
 
-/* make command to search for the srcs */ 
+/* make command to search for the srcs */
 Pkg.makePrologue = "vpath %.c $(subst ;,  ,$(XPKGPATH))";
 
 var srcs = [
@@ -33,16 +33,16 @@ for each (var targ in Build.targets) {
         platform = "ti.platforms.tiva:TM4C1294NCPDT";
     }
     else if (targ.$name.match(/^gnu/)) {
-        targ.$orig.lnkOpts.suffix += " -L" + TivaWareDir + "/driverlib/gcc " 
+        targ.$orig.lnkOpts.suffix += " -L" + TivaWareDir + "/driverlib/gcc "
                 + " -Wl,--start-group -ldriver -Wl,--end-group ";
         targ.$orig.bspLib = "rdimon";
     }
- 
-    var exeOptions = { incs: wolfsslPathInclude 
+
+    var exeOptions = { incs: wolfsslPathInclude
             + " -DNO_MAIN_DRIVER -D_INCLUDE_NIMU_CODE -DBENCH_EMBEDDED "
             + " -DTIVAWARE -DPART_TM4C1294NCPDT",
             lopts: lnkOpts,
-    };   
+    };
 
     var exe = Pkg.addExecutable("test", targ, platform, exeOptions);
     exe.addObjects(srcs);
diff --git a/tirtos/packages/ti/net/wolfssl/tests/EK_TM4C1294XL/wolfcrypt/test/package.xdc b/tirtos/packages/ti/net/wolfssl/tests/EK_TM4C1294XL/wolfcrypt/test/package.xdc
new file mode 100644
index 000000000..0b85d5786
--- /dev/null
+++ b/tirtos/packages/ti/net/wolfssl/tests/EK_TM4C1294XL/wolfcrypt/test/package.xdc
@@ -0,0 +1,6 @@
+/*
+ *  ======== ti.net.wolfssl.tests.EK_TM4C1294XL.wolfcrypt.test ========
+ *  wolfcrypt Test Application
+ */
+package ti.net.wolfssl.tests.EK_TM4C1294XL.wolfcrypt.test [1, 0, 0] {
+}
diff --git a/tirtos/packages/ti/net/wolfssl/tests/wolfcrypt/test/test.cfg b/tirtos/packages/ti/net/wolfssl/tests/EK_TM4C1294XL/wolfcrypt/test/test.cfg
similarity index 100%
rename from tirtos/packages/ti/net/wolfssl/tests/wolfcrypt/test/test.cfg
rename to tirtos/packages/ti/net/wolfssl/tests/EK_TM4C1294XL/wolfcrypt/test/test.cfg
diff --git a/tirtos/packages/ti/net/wolfssl/tests/wolfcrypt/benchmark/package.xdc b/tirtos/packages/ti/net/wolfssl/tests/wolfcrypt/benchmark/package.xdc
deleted file mode 100644
index c027f3203..000000000
--- a/tirtos/packages/ti/net/wolfssl/tests/wolfcrypt/benchmark/package.xdc
+++ /dev/null
@@ -1,6 +0,0 @@
-/*
- *  ======== ti.net.wolfssl.tests.wolfcrypt.benchmark ========
- *  wc_ Benchmark Application
- */
-package ti.net.wolfssl.tests.wolfcrypt.benchmark {
-}
diff --git a/tirtos/packages/ti/net/wolfssl/tests/wolfcrypt/test/package.xdc b/tirtos/packages/ti/net/wolfssl/tests/wolfcrypt/test/package.xdc
deleted file mode 100644
index 8b5cc1db6..000000000
--- a/tirtos/packages/ti/net/wolfssl/tests/wolfcrypt/test/package.xdc
+++ /dev/null
@@ -1,6 +0,0 @@
-/*
- *  ======== ti.net.wolfssl.tests.wolfcrypt.test ========
- *  wolfcrypt Test Application
- */
-package ti.net.wolfssl.tests.wolfcrypt.test {
-}
diff --git a/tirtos/wolfssl.bld b/tirtos/wolfssl.bld
index 5702b8340..696208ba0 100644
--- a/tirtos/wolfssl.bld
+++ b/tirtos/wolfssl.bld
@@ -32,21 +32,24 @@
  */
 
 var armOpts = " -ms ";
-var gnuOpts = "";
+var gnuOpts = " -D_POSIX_SOURCE ";
 var iarOpts = "";
 
 /* Uncomment the following lines to build libraries for debug mode: */
 // Pkg.attrs.profile = "debug";
 // armOpts += " -g -o0 ";
-// gnuOpts += " -g ";
+// gnuOpts += " -g -D_POSIX_SOURCE ";
 // iarOpts += " --debug ";
 
 var ccOpts = {
-    "ti.targets.arm.elf.M4F"        : armOpts,
+    "ti.targets.arm.elf.M4"        : armOpts,
+    "ti.targets.arm.elf.M4F"       : armOpts,
 
-    "gnu.targets.arm.M4F"           : gnuOpts,
+    "gnu.targets.arm.M4"           : gnuOpts,
+    "gnu.targets.arm.M4F"          : gnuOpts,
 
-    "iar.targets.arm.M4F"           : iarOpts,
+    "iar.targets.arm.M4"           : iarOpts,
+    "iar.targets.arm.M4F"          : iarOpts,
 };
 
 /* initialize local vars with those set in xdcpaths.mak (via XDCARGS) */

From 327a5c6dc2f1fdc9fe7ecf2c1ac0374600abb3e2 Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Wed, 1 Apr 2015 19:38:03 -0700
Subject: [PATCH 007/350] added compile time check for Max Strength that all
 the requirements aren't disabled

---
 wolfssl/internal.h | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/wolfssl/internal.h b/wolfssl/internal.h
index 9dbf02c6c..55af1d1b9 100644
--- a/wolfssl/internal.h
+++ b/wolfssl/internal.h
@@ -188,6 +188,19 @@ typedef byte word24[3];
    need to be switched off. Allowed suites use (EC)DHE, AES-GCM|CCM, or
    CHACHA-POLY.
 */
+
+/* Check that if WOLFSSL_MAX_STRENGTH is set that all the required options are
+ * not turned off. */
+#if defined(WOLFSSL_MAX_STRENGTH) && \
+    ((!defined(HAVE_ECC) && (defined(NO_DH) || defined(NO_RSA))) || \
+     (!defined(HAVE_AESGCM) && !defined(HAVE_AESCCM) && \
+      (!defined(HAVE_POLY1305) || !defined(HAVE_CHACHA))) || \
+     (defined(NO_SHA256) && !defined(WOLFSSL_SHA384)) || \
+     !defined(NO_OLD_TLS))
+
+    #error "You are trying to build max strength with requirements disabled."
+#endif
+
 #ifndef WOLFSSL_MAX_STRENGTH
 
     #if !defined(NO_RSA) && !defined(NO_RC4)

From b9aa7621e716267f310aec0010c5240270b75cce Mon Sep 17 00:00:00 2001
From: Takashi Kojo <kojo@wolfsssl.com>
Date: Thu, 2 Apr 2015 15:42:38 +0900
Subject: [PATCH 008/350] Intel MULX run time check in tfm.c

---
 wolfcrypt/src/asm.c |  53 ++++----------
 wolfcrypt/src/tfm.c | 173 +++++++++++++++++++++++++++++++++++++++++---
 2 files changed, 180 insertions(+), 46 deletions(-)

diff --git a/wolfcrypt/src/asm.c b/wolfcrypt/src/asm.c
index a5ee7d1ba..9dbf9a15a 100755
--- a/wolfcrypt/src/asm.c
+++ b/wolfcrypt/src/asm.c
@@ -87,7 +87,7 @@ __asm__(                                                      \
 :"0"(_c[LO]), "1"(cy), "r"(mu), "r"(*tmpm++)              \
 : "%rax", "%rdx", "cc")
 
-#ifdef HAVE_INTEL_MULX
+#if defined(HAVE_INTEL_MULX)
 #define MULX_INIT(a0, c0, cy)\
     __asm__ volatile(                                     \
              "xorq  %%r10, %%r10\n\t"                     \
@@ -1208,7 +1208,8 @@ __asm__(                                                      \
      "adcl  $0,%2        \n\t"                            \
      :"=r"(c0), "=r"(c1), "=r"(c2): "0"(c0), "1"(c1), "2"(c2), "m"(i), "m"(j)  :"%eax","%edx","cc");
 
-#elif defined(HAVE_INTEL_MULX)
+#elif defined(TFM_X86_64)
+/* x86-64 optimized */
 
 /* anything you need at the start */
 #define COMBA_START
@@ -1232,6 +1233,18 @@ __asm__(                                                      \
 /* anything you need at the end */
 #define COMBA_FINI
 
+/* this should multiply i and j  */
+#define MULADD(i, j)                                      \
+__asm__  (                                                    \
+     "movq  %6,%%rax     \n\t"                            \
+     "mulq  %7           \n\t"                            \
+     "addq  %%rax,%0     \n\t"                            \
+     "adcq  %%rdx,%1     \n\t"                            \
+     "adcq  $0,%2        \n\t"                            \
+     :"=r"(c0), "=r"(c1), "=r"(c2): "0"(c0), "1"(c1), "2"(c2), "g"(i), "g"(j)  :"%rax","%rdx","cc");
+
+
+#if defined(HAVE_INTEL_MULX)
 #define MULADD_MULX(b0, c0, c1, rdx)\
     __asm__  volatile (                                   \
          "movq   %3, %%rdx\n\t"                           \
@@ -1287,41 +1300,7 @@ __asm__(                                                      \
         ix++ ; iz++ ;                 \
     }                                 \
 };
-
-#elif defined(TFM_X86_64)
-/* x86-64 optimized */
-
-/* anything you need at the start */
-#define COMBA_START
-
-/* clear the chaining variables */
-#define COMBA_CLEAR \
-   c0 = c1 = c2 = 0;
-
-/* forward the carry to the next digit */
-#define COMBA_FORWARD \
-   do { c0 = c1; c1 = c2; c2 = 0; } while (0);
-
-/* store the first sum */
-#define COMBA_STORE(x) \
-   x = c0;
-
-/* store the second sum [carry] */
-#define COMBA_STORE2(x) \
-   x = c1;
-
-/* anything you need at the end */
-#define COMBA_FINI
-
-/* this should multiply i and j  */
-#define MULADD(i, j)                                      \
-__asm__  (                                                    \
-     "movq  %6,%%rax     \n\t"                            \
-     "mulq  %7           \n\t"                            \
-     "addq  %%rax,%0     \n\t"                            \
-     "adcq  %%rdx,%1     \n\t"                            \
-     "adcq  $0,%2        \n\t"                            \
-     :"=r"(c0), "=r"(c1), "=r"(c2): "0"(c0), "1"(c1), "2"(c2), "g"(i), "g"(j)  :"%rax","%rdx","cc");
+#endif
 
 #elif defined(TFM_SSE2)
 /* use SSE2 optimizations */
diff --git a/wolfcrypt/src/tfm.c b/wolfcrypt/src/tfm.c
index e479f8c4d..132898962 100755
--- a/wolfcrypt/src/tfm.c
+++ b/wolfcrypt/src/tfm.c
@@ -402,7 +402,74 @@ void fp_mul_2d(fp_int *a, int b, fp_int *c)
 
 /* generic PxQ multiplier */
 #if defined(HAVE_INTEL_MULX)
-void fp_mul_comba(fp_int *A, fp_int *B, fp_int *C)
+
+/* Each platform needs to query info type 1 from cpuid to see if aesni is
+ * supported. Also, let's setup a macro for proper linkage w/o ABI conflicts
+ */
+
+#ifndef _MSC_VER
+    #define cpuid(reg, leaf, sub)\
+            __asm__ __volatile__ ("cpuid":\
+             "=a" (reg[0]), "=b" (reg[1]), "=c" (reg[2]), "=d" (reg[3]) :\
+             "a" (leaf), "c"(sub));
+
+    #define XASM_LINK(f) asm(f)
+#else
+
+    #include <intrin.h>
+    #define cpuid(a,b) __cpuid((int*)a,b)
+
+    #define XASM_LINK(f)
+
+#endif /* _MSC_VER */
+
+#define EAX 0
+#define EBX 1
+#define ECX 2 
+#define EDX 3
+    
+#define CPUID_AVX1   0x1
+#define CPUID_AVX2   0x2
+#define CPUID_RDRAND 0x4
+#define CPUID_RDSEED 0x8
+
+#define IS_INTEL_AVX1       (cpuid_flags&CPUID_AVX1)
+#define IS_INTEL_AVX2       (cpuid_flags&CPUID_AVX2)
+#define IS_INTEL_RDRAND     (cpuid_flags&CPUID_RDRAND)
+#define IS_INTEL_RDSEED     (cpuid_flags&CPUID_RDSEED)
+#define SET_FLAGS         if(cpuid_check==0)set_cpuid_flags()
+
+static word32 cpuid_check = 0 ;
+static word32 cpuid_flags = 0 ;
+
+static word32 cpuid_flag(word32 leaf, word32 sub, word32 num, word32 bit) {
+    int got_intel_cpu=0;
+    unsigned int reg[5]; 
+    
+    reg[4] = '\0' ;
+    cpuid(reg, 0, 0);  
+    if(memcmp((char *)&(reg[EBX]), "Genu", 4) == 0 &&  
+                memcmp((char *)&(reg[EDX]), "ineI", 4) == 0 &&  
+                memcmp((char *)&(reg[ECX]), "ntel", 4) == 0) {  
+        got_intel_cpu = 1;  
+    }    
+    if (got_intel_cpu) {
+        cpuid(reg, leaf, sub);
+        return((reg[num]>>bit)&0x1) ;
+    }
+    return 0 ;
+}
+
+INLINE static int set_cpuid_flags(void) {  
+    if(cpuid_check == 0) {
+        if(cpuid_flag(7, 0, EBX, 5)){  cpuid_flags |= CPUID_AVX2 ; }
+		cpuid_check = 1 ;
+		return 0 ;
+    }
+    return 1 ;
+}
+
+INLINE static void fp_mul_comba_mulx(fp_int *A, fp_int *B, fp_int *C)
 
 {     
    int       ix, iy, iz, pa;
@@ -430,13 +497,22 @@ void fp_mul_comba(fp_int *A, fp_int *B, fp_int *C)
   fp_copy(dst, C);  
 }
 
-#else
+#endif
+
 void fp_mul_comba(fp_int *A, fp_int *B, fp_int *C)
 {
    int       ix, iy, iz, tx, ty, pa;
    fp_digit  c0, c1, c2, *tmpx, *tmpy;
    fp_int    tmp, *dst;
 
+   #if defined(HAVE_INTEL_MULX)
+   SET_FLAGS ;
+   if(IS_INTEL_AVX2) {
+       fp_mul_comba_mulx(A, B, C) ;
+       return ;
+   }
+   #endif
+
    COMBA_START;
    COMBA_CLEAR;
    
@@ -485,7 +561,6 @@ void fp_mul_comba(fp_int *A, fp_int *B, fp_int *C)
   fp_clamp(dst);
   fp_copy(dst, C);
 }
-#endif
 
 /* a/b => cb + d == a */
 int fp_div(fp_int *a, fp_int *b, fp_int *c, fp_int *d)
@@ -1567,10 +1642,9 @@ static inline void innermul8_mulx(fp_digit *c_mulx, fp_digit *cy_mulx, fp_digit
     c_mulx[0]=_c0; c_mulx[1]=_c1; c_mulx[2]=_c2; c_mulx[3]=_c3; c_mulx[4]=_c4; c_mulx[5]=_c5; c_mulx[6]=_c6; c_mulx[7]=_c7; 
     *cy_mulx = cy ;
 }
-#endif
 
 /* computes x/R == x (mod N) via Montgomery Reduction */
-void fp_montgomery_reduce(fp_int *a, fp_int *m, fp_digit mp)
+static void fp_montgomery_reduce_mulx(fp_int *a, fp_int *m, fp_digit mp)
 {
    fp_digit c[FP_SIZE], *_c, *tmpm, mu = 0;
    int      oldused, x, y, pa;
@@ -1589,6 +1663,91 @@ void fp_montgomery_reduce(fp_int *a, fp_int *m, fp_digit mp)
 #endif
 
 
+   /* now zero the buff */
+   XMEMSET(c, 0, sizeof c);
+   pa = m->used;
+
+   /* copy the input */
+   oldused = a->used;
+   for (x = 0; x < oldused; x++) {
+       c[x] = a->dp[x];
+   }
+   MONT_START;
+
+   for (x = 0; x < pa; x++) {
+       fp_digit cy = 0;
+       /* get Mu for this round */
+       LOOP_START;
+       _c   = c + x;
+       tmpm = m->dp;
+       y = 0;
+        for (; y < (pa & ~7); y += 8) {
+              innermul8_mulx(_c, &cy, tmpm, mu) ;
+              _c   += 8;
+              tmpm += 8;
+           }
+       for (; y < pa; y++) {
+          INNERMUL;
+          ++_c;
+       }
+       LOOP_END;
+       while (cy) {
+           PROPCARRY;
+           ++_c;
+       }
+  }         
+
+  /* now copy out */
+  _c   = c + pa;
+  tmpm = a->dp;
+  for (x = 0; x < pa+1; x++) {
+     *tmpm++ = *_c++;
+  }
+
+  for (; x < oldused; x++)   {
+     *tmpm++ = 0;
+  }
+
+  MONT_FINI;
+
+  a->used = pa+1;
+  fp_clamp(a);
+  
+  /* if A >= m then A = A - m */
+  if (fp_cmp_mag (a, m) != FP_LT) {
+    s_fp_sub (a, m, a);
+  }
+}
+#endif
+
+/* computes x/R == x (mod N) via Montgomery Reduction */
+void fp_montgomery_reduce(fp_int *a, fp_int *m, fp_digit mp)
+{
+   fp_digit c[FP_SIZE], *_c, *tmpm, mu = 0;
+   int      oldused, x, y, pa;
+   
+   #ifdef HAVE_INTEL_MULX
+   SET_FLAGS ;
+   if(IS_INTEL_AVX2) {
+       fp_montgomery_reduce_mulx(a, m, mp) ;
+       return ;
+   }
+   #endif
+   
+   /* bail if too large */
+   if (m->used > (FP_SIZE/2)) {
+      (void)mu;                     /* shut up compiler */
+      return;
+   }
+
+#ifdef TFM_SMALL_MONT_SET
+   if (m->used <= 16) {
+      fp_montgomery_reduce_small(a, m, mp);
+      return;
+   }
+#endif
+
+
    /* now zero the buff */
    XMEMSET(c, 0, sizeof c);
    pa = m->used;
@@ -1609,11 +1768,7 @@ void fp_montgomery_reduce(fp_int *a, fp_int *m, fp_digit mp)
        y = 0;
        #if (defined(TFM_SSE2) || defined(TFM_X86_64))
         for (; y < (pa & ~7); y += 8) {
-              #ifdef HAVE_INTEL_MULX
-              innermul8_mulx(_c, &cy, tmpm, mu) ;
-              #else
               INNERMUL8 ;
-              #endif
               _c   += 8;
               tmpm += 8;
            }

From e1beca3e6018039f423ee3c78539e30ac25238a6 Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Thu, 2 Apr 2015 08:14:48 -0700
Subject: [PATCH 009/350] fix with ecc w/o dh functions

---
 wolfssl/ssl.h | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h
index afee66e47..62ef01a09 100644
--- a/wolfssl/ssl.h
+++ b/wolfssl/ssl.h
@@ -882,7 +882,6 @@ WOLFSSL_API int  wolfSSL_SetTmpDH(WOLFSSL*, const unsigned char* p, int pSz,
                                 const unsigned char* g, int gSz);
 WOLFSSL_API int  wolfSSL_SetTmpDH_buffer(WOLFSSL*, const unsigned char* b, long sz,
                                        int format);
-WOLFSSL_API int  wolfSSL_SetTmpEC_DHE_Sz(WOLFSSL*, unsigned short);
 #ifndef NO_FILESYSTEM
     WOLFSSL_API int  wolfSSL_SetTmpDH_file(WOLFSSL*, const char* f, int format);
 #endif
@@ -900,6 +899,9 @@ WOLFSSL_API int  wolfSSL_CTX_SetTmpEC_DHE_Sz(WOLFSSL_CTX*, unsigned short);
 #endif
 #endif /* NO_DH */
 
+WOLFSSL_API int  wolfSSL_SetTmpEC_DHE_Sz(WOLFSSL*, unsigned short);
+WOLFSSL_API int  wolfSSL_CTX_SetTmpEC_DHE_Sz(WOLFSSL_CTX*, unsigned short);
+
 /* keyblock size in bytes or -1 */
 /* need to call wolfSSL_KeepArrays before handshake to save keys */
 WOLFSSL_API int wolfSSL_get_keyblock_size(WOLFSSL*);

From a54c916c8f6150cad2c177451550ecba9688a325 Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Thu, 2 Apr 2015 09:40:22 -0700
Subject: [PATCH 010/350] fix chacha on bigendian, touchups

---
 wolfcrypt/src/chacha.c       | 29 +++++++++++++++--------------
 wolfssl/wolfcrypt/settings.h |  6 +++---
 2 files changed, 18 insertions(+), 17 deletions(-)

diff --git a/wolfcrypt/src/chacha.c b/wolfcrypt/src/chacha.c
index 25e42a1d4..ab148597d 100644
--- a/wolfcrypt/src/chacha.c
+++ b/wolfcrypt/src/chacha.c
@@ -78,10 +78,6 @@
 int wc_Chacha_SetIV(ChaCha* ctx, const byte* inIv, word32 counter)
 {
     word32 temp[3];       /* used for alignment of memory */
-    XMEMSET(temp, 0, 12);
-
-    if (ctx == NULL)
-        return BAD_FUNC_ARG;
 
 #ifdef CHACHA_AEAD_TEST
     word32 i;
@@ -92,12 +88,15 @@ int wc_Chacha_SetIV(ChaCha* ctx, const byte* inIv, word32 counter)
     printf("\n\n");
 #endif
 
+    if (ctx == NULL)
+        return BAD_FUNC_ARG;
+
     XMEMCPY(temp, inIv, 12);
 
-    ctx->X[12] = counter; /* block counter */
-    ctx->X[13] = temp[0]; /* fixed variable from nonce */
-    ctx->X[14] = temp[1]; /* counter from nonce */
-    ctx->X[15] = temp[2]; /* counter from nonce */
+    ctx->X[12] = LITTLE32(counter); /* block counter */
+    ctx->X[13] = LITTLE32(temp[0]); /* fixed variable from nonce */
+    ctx->X[14] = LITTLE32(temp[1]); /* counter from nonce */
+    ctx->X[15] = LITTLE32(temp[2]); /* counter from nonce */
 
     return 0;
 }
@@ -115,14 +114,20 @@ int wc_Chacha_SetKey(ChaCha* ctx, const byte* key, word32 keySz)
     const word32* constants;
     const byte*   k;
 
+#ifdef XSTREAM_ALIGN
+    word32 alignKey[8];
+#endif
+
     if (ctx == NULL)
         return BAD_FUNC_ARG;
 
+    if (keySz != 16 && keySz != 32)
+        return BAD_FUNC_ARG;
+
 #ifdef XSTREAM_ALIGN
-    word32 alignKey[keySz / 4];
     if ((wolfssl_word)key % 4) {
         WOLFSSL_MSG("wc_ChachaSetKey unaligned key");
-        XMEMCPY(alignKey, key, sizeof(alignKey));
+        XMEMCPY(alignKey, key, keySz);
         k = (byte*)alignKey;
     }
     else {
@@ -152,10 +157,6 @@ int wc_Chacha_SetKey(ChaCha* ctx, const byte* key, word32 keySz)
         constants = sigma;
     }
     else {
-        /* key size of 128 */
-        if (keySz != 16)
-            return BAD_FUNC_ARG;
-
         constants = tau;
     }
     ctx->X[ 8] = U8TO32_LITTLE(k +  0);
diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h
index 23924ca2c..4a773844a 100644
--- a/wolfssl/wolfcrypt/settings.h
+++ b/wolfssl/wolfcrypt/settings.h
@@ -703,11 +703,11 @@
 
 
 /* stream ciphers except arc4 need 32bit alignment, intel ok without */
-#ifndef XSTREAM_ALIGNMENT
+#ifndef XSTREAM_ALIGN
     #if defined(__x86_64__) || defined(__ia64__) || defined(__i386__)
-        #define NO_XSTREAM_ALIGNMENT
+        #define NO_XSTREAM_ALIGN
     #else
-        #define XSTREAM_ALIGNMENT
+        #define XSTREAM_ALIGN
     #endif
 #endif
 

From ee4b063b42908771e4ddc95c173f38da467e6950 Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Thu, 2 Apr 2015 10:01:09 -0700
Subject: [PATCH 011/350] remove double define

---
 wolfssl/ssl.h | 1 -
 1 file changed, 1 deletion(-)

diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h
index 62ef01a09..a5e0a64d8 100644
--- a/wolfssl/ssl.h
+++ b/wolfssl/ssl.h
@@ -891,7 +891,6 @@ WOLFSSL_API int  wolfSSL_CTX_SetTmpDH(WOLFSSL_CTX*, const unsigned char* p,
                                     int pSz, const unsigned char* g, int gSz);
 WOLFSSL_API int  wolfSSL_CTX_SetTmpDH_buffer(WOLFSSL_CTX*, const unsigned char* b,
                                            long sz, int format);
-WOLFSSL_API int  wolfSSL_CTX_SetTmpEC_DHE_Sz(WOLFSSL_CTX*, unsigned short);
 
 #ifndef NO_FILESYSTEM
     WOLFSSL_API int  wolfSSL_CTX_SetTmpDH_file(WOLFSSL_CTX*, const char* f,

From d2c816f32202e6a3e494dc9905ae525b330595b5 Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Thu, 2 Apr 2015 10:52:58 -0700
Subject: [PATCH 012/350] fix github issue #63, intelasm checkin broke MMCAU
 sha256

---
 wolfcrypt/src/sha256.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/wolfcrypt/src/sha256.c b/wolfcrypt/src/sha256.c
index fd853633c..9993dcc88 100755
--- a/wolfcrypt/src/sha256.c
+++ b/wolfcrypt/src/sha256.c
@@ -446,9 +446,9 @@ int wc_Sha256Update(Sha256* sha256, const byte* data, word32 len)
         if (sha256->buffLen == SHA256_BLOCK_SIZE) {
             int ret;
 
-            #if defined(LITTLE_ENDIAN_ORDER)
+            #if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU)
                 #if defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)
-                if(!IS_INTEL_AVX1 && !IS_INTEL_AVX2) 
+                if(!IS_INTEL_AVX1 && !IS_INTEL_AVX2)
                 #endif
                 ByteReverseWords(sha256->buffer, sha256->buffer,
                                  SHA256_BLOCK_SIZE);
@@ -481,7 +481,7 @@ int wc_Sha256Final(Sha256* sha256, byte* hash)
         XMEMSET(&local[sha256->buffLen], 0, SHA256_BLOCK_SIZE - sha256->buffLen);
         sha256->buffLen += SHA256_BLOCK_SIZE - sha256->buffLen;
 
-        #if defined(LITTLE_ENDIAN_ORDER) 
+        #if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU)
             #if defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)
             if(!IS_INTEL_AVX1 && !IS_INTEL_AVX2)
             #endif
@@ -502,7 +502,7 @@ int wc_Sha256Final(Sha256* sha256, byte* hash)
     sha256->loLen = sha256->loLen << 3;
 
     /* store lengths */
-    #if defined(LITTLE_ENDIAN_ORDER)
+    #if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU)
         #if defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)
         if(!IS_INTEL_AVX1 && !IS_INTEL_AVX2)
         #endif
@@ -512,7 +512,7 @@ int wc_Sha256Final(Sha256* sha256, byte* hash)
     XMEMCPY(&local[SHA256_PAD_SIZE], &sha256->hiLen, sizeof(word32));
     XMEMCPY(&local[SHA256_PAD_SIZE + sizeof(word32)], &sha256->loLen,
             sizeof(word32));
-            
+
     #if defined(FREESCALE_MMCAU) || defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)
         /* Kinetis requires only these bytes reversed */
         #if defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)

From 9437a3a303683c63b94864c867453eff17db27ae Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Thu, 2 Apr 2015 11:26:55 -0700
Subject: [PATCH 013/350] fix tirtos distcheck

---
 tirtos/include.am | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/tirtos/include.am b/tirtos/include.am
index 46bdd4323..03f87e4bf 100644
--- a/tirtos/include.am
+++ b/tirtos/include.am
@@ -9,14 +9,14 @@ EXTRA_DIST += \
          tirtos/packages/ti/net/wolfssl/package.bld \
          tirtos/packages/ti/net/wolfssl/package.xdc \
          tirtos/packages/ti/net/wolfssl/package.xs \
-         tirtos/packages/ti/net/wolfssl/tests/wolfcrypt/test/package.bld \
-         tirtos/packages/ti/net/wolfssl/tests/wolfcrypt/test/package.xdc \
-         tirtos/packages/ti/net/wolfssl/tests/wolfcrypt/test/test.cfg \
-         tirtos/packages/ti/net/wolfssl/tests/wolfcrypt/test/TM4C1294NC.icf \
-         tirtos/packages/ti/net/wolfssl/tests/wolfcrypt/test/main.c \
-         tirtos/packages/ti/net/wolfssl/tests/wolfcrypt/benchmark/package.bld \
-         tirtos/packages/ti/net/wolfssl/tests/wolfcrypt/benchmark/package.xdc \
-         tirtos/packages/ti/net/wolfssl/tests/wolfcrypt/benchmark/benchmark.cfg \
-        tirtos/packages/ti/net/wolfssl/tests/wolfcrypt/benchmark/TM4C1294NC.icf \
-         tirtos/packages/ti/net/wolfssl/tests/wolfcrypt/benchmark/main.c
+         tirtos/packages/ti/net/wolfssl/tests/EK_TM4C1294XL/wolfcrypt/test/package.bld \
+         tirtos/packages/ti/net/wolfssl/tests/EK_TM4C1294XL/wolfcrypt/test/package.xdc \
+         tirtos/packages/ti/net/wolfssl/tests/EK_TM4C1294XL/wolfcrypt/test/test.cfg \
+         tirtos/packages/ti/net/wolfssl/tests/EK_TM4C1294XL/wolfcrypt/test/TM4C1294NC.icf \
+         tirtos/packages/ti/net/wolfssl/tests/EK_TM4C1294XL/wolfcrypt/test/main.c \
+         tirtos/packages/ti/net/wolfssl/tests/EK_TM4C1294XL/wolfcrypt/benchmark/package.bld \
+         tirtos/packages/ti/net/wolfssl/tests/EK_TM4C1294XL/wolfcrypt/benchmark/package.xdc \
+         tirtos/packages/ti/net/wolfssl/tests/EK_TM4C1294XL/wolfcrypt/benchmark/benchmark.cfg \
+        tirtos/packages/ti/net/wolfssl/tests/EK_TM4C1294XL/wolfcrypt/benchmark/TM4C1294NC.icf \
+         tirtos/packages/ti/net/wolfssl/tests/EK_TM4C1294XL/wolfcrypt/benchmark/main.c
 

From 7552764fbb3d324bfac0481bc8c530f239277016 Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Thu, 2 Apr 2015 11:34:17 -0700
Subject: [PATCH 014/350] turn off chacha on big endian

---
 configure.ac           | 8 +++++++-
 support/wolfssl.pc     | 2 +-
 wolfcrypt/src/chacha.c | 1 +
 wolfssl/version.h      | 4 ++--
 4 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/configure.ac b/configure.ac
index 36d1794df..566492b74 100644
--- a/configure.ac
+++ b/configure.ac
@@ -6,7 +6,7 @@
 #
 #
 
-AC_INIT([wolfssl],[3.4.6],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[http://www.wolfssl.com])
+AC_INIT([wolfssl],[3.4.7],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[http://www.wolfssl.com])
 
 AC_CONFIG_AUX_DIR([build-aux])
 
@@ -1201,6 +1201,12 @@ AC_ARG_ENABLE([chacha],
     [ ENABLED_CHACHA=yes ]
     )
 
+# not ready for big endian yet
+if test "x$ac_cv_c_bigendian" = "xyes"
+then
+    ENABLED_CHACHA=no
+fi
+
 # lean psk does't need chacha
 if test "$ENABLED_LEANPSK" = "yes"
 then
diff --git a/support/wolfssl.pc b/support/wolfssl.pc
index 7b18d95e5..1265e7ce0 100644
--- a/support/wolfssl.pc
+++ b/support/wolfssl.pc
@@ -5,6 +5,6 @@ includedir=${prefix}/include
 
 Name: wolfssl
 Description: wolfssl C library.
-Version: 3.4.6
+Version: 3.4.7
 Libs: -L${libdir} -lwolfssl
 Cflags: -I${includedir}
diff --git a/wolfcrypt/src/chacha.c b/wolfcrypt/src/chacha.c
index ab148597d..fb8ace64c 100644
--- a/wolfcrypt/src/chacha.c
+++ b/wolfcrypt/src/chacha.c
@@ -48,6 +48,7 @@
 
 #ifdef BIG_ENDIAN_ORDER
     #define LITTLE32(x) ByteReverseWord32(x)
+    #error "CHACHA Not ready for Big Endian yet"
 #else
     #define LITTLE32(x) (x)
 #endif
diff --git a/wolfssl/version.h b/wolfssl/version.h
index ed8aadbf7..54e92ffc0 100644
--- a/wolfssl/version.h
+++ b/wolfssl/version.h
@@ -26,8 +26,8 @@
 extern "C" {
 #endif
 
-#define LIBWOLFSSL_VERSION_STRING "3.4.6"
-#define LIBWOLFSSL_VERSION_HEX 0x03004006
+#define LIBWOLFSSL_VERSION_STRING "3.4.7"
+#define LIBWOLFSSL_VERSION_HEX 0x03004007
 
 #ifdef __cplusplus
 }

From b1316796f9b0759b6899d0be19f9506c0d3e620b Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Thu, 2 Apr 2015 11:54:16 -0700
Subject: [PATCH 015/350] allow CTX set tmp dh w/o asn and certs too

---
 src/ssl.c | 64 ++++++++++++++++++++++++++++---------------------------
 1 file changed, 33 insertions(+), 31 deletions(-)

diff --git a/src/ssl.c b/src/ssl.c
index ff137967a..5902555c5 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -475,6 +475,39 @@ int wolfSSL_SetTmpDH(WOLFSSL* ssl, const unsigned char* p, int pSz,
     WOLFSSL_LEAVE("wolfSSL_SetTmpDH", 0);
     return SSL_SUCCESS;
 }
+
+/* server ctx Diffie-Hellman parameters, SSL_SUCCESS on ok */
+int wolfSSL_CTX_SetTmpDH(WOLFSSL_CTX* ctx, const unsigned char* p, int pSz,
+                         const unsigned char* g, int gSz)
+{
+    WOLFSSL_ENTER("wolfSSL_CTX_SetTmpDH");
+    if (ctx == NULL || p == NULL || g == NULL) return BAD_FUNC_ARG;
+
+    XFREE(ctx->serverDH_P.buffer, ctx->heap, DYNAMIC_TYPE_DH);
+    XFREE(ctx->serverDH_G.buffer, ctx->heap, DYNAMIC_TYPE_DH);
+
+    ctx->serverDH_P.buffer = (byte*)XMALLOC(pSz, ctx->heap,DYNAMIC_TYPE_DH);
+    if (ctx->serverDH_P.buffer == NULL)
+       return MEMORY_E;
+
+    ctx->serverDH_G.buffer = (byte*)XMALLOC(gSz, ctx->heap,DYNAMIC_TYPE_DH);
+    if (ctx->serverDH_G.buffer == NULL) {
+        XFREE(ctx->serverDH_P.buffer, ctx->heap, DYNAMIC_TYPE_DH);
+        return MEMORY_E;
+    }
+
+    ctx->serverDH_P.length = pSz;
+    ctx->serverDH_G.length = gSz;
+
+    XMEMCPY(ctx->serverDH_P.buffer, p, pSz);
+    XMEMCPY(ctx->serverDH_G.buffer, g, gSz);
+
+    ctx->haveDH = 1;
+
+    WOLFSSL_LEAVE("wolfSSL_CTX_SetTmpDH", 0);
+    return SSL_SUCCESS;
+}
+
 #endif /* !NO_DH */
 
 
@@ -3822,37 +3855,6 @@ int wolfSSL_CTX_SetTmpDH_file(WOLFSSL_CTX* ctx, const char* fname, int format)
 }
 
 
-    /* server ctx Diffie-Hellman parameters, SSL_SUCCESS on ok */
-    int wolfSSL_CTX_SetTmpDH(WOLFSSL_CTX* ctx, const unsigned char* p, int pSz,
-                            const unsigned char* g, int gSz)
-    {
-        WOLFSSL_ENTER("wolfSSL_CTX_SetTmpDH");
-        if (ctx == NULL || p == NULL || g == NULL) return BAD_FUNC_ARG;
-
-        XFREE(ctx->serverDH_P.buffer, ctx->heap, DYNAMIC_TYPE_DH);
-        XFREE(ctx->serverDH_G.buffer, ctx->heap, DYNAMIC_TYPE_DH);
-
-        ctx->serverDH_P.buffer = (byte*)XMALLOC(pSz, ctx->heap,DYNAMIC_TYPE_DH);
-        if (ctx->serverDH_P.buffer == NULL)
-            return MEMORY_E;
-
-        ctx->serverDH_G.buffer = (byte*)XMALLOC(gSz, ctx->heap,DYNAMIC_TYPE_DH);
-        if (ctx->serverDH_G.buffer == NULL) {
-            XFREE(ctx->serverDH_P.buffer, ctx->heap, DYNAMIC_TYPE_DH);
-            return MEMORY_E;
-        }
-
-        ctx->serverDH_P.length = pSz;
-        ctx->serverDH_G.length = gSz;
-
-        XMEMCPY(ctx->serverDH_P.buffer, p, pSz);
-        XMEMCPY(ctx->serverDH_G.buffer, g, gSz);
-
-        ctx->haveDH = 1;
-
-        WOLFSSL_LEAVE("wolfSSL_CTX_SetTmpDH", 0);
-        return SSL_SUCCESS;
-    }
 #endif /* NO_DH */
 
 

From 523775fcd61c632f4528fea344159d5af96c84e0 Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Fri, 3 Apr 2015 09:54:15 -0700
Subject: [PATCH 016/350] updated the iOS readme

---
 IDE/iOS/README.md | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/IDE/iOS/README.md b/IDE/iOS/README.md
index 0c20d3fa7..e9e781b49 100644
--- a/IDE/iOS/README.md
+++ b/IDE/iOS/README.md
@@ -66,7 +66,6 @@ for "Preprocessor Macros" and add the following under both `Release` and
 * `HAVE_AESGCM`
 * `WOLFSSL_SHA512`
 * `WOLFSSL_SHA384`
-* `NO_PWDBASED` -- for now, can drop later
 
 
 # Using the FIPS library
@@ -80,3 +79,8 @@ libraries like this, so static builds are required. This creates a problem.
 Every time the application is changed, the FIPS checksum will change, because
 the FIPS library's position in the executable may change.
 
+You need to add something to your application that will output the verifyCore
+value to be used. The verifyCore in fips_test.c will need to be updated with this
+value, the library rebuilt, and relinked into your application. The application
+should not be changed during this process or the verifyCore check will fail again.
+

From 10f853ae4d4e5f94b7bb1388ac32a7c7370c476a Mon Sep 17 00:00:00 2001
From: Jacob Barthelmeh <jacob@wolfssl.com>
Date: Fri, 3 Apr 2015 12:19:40 -0600
Subject: [PATCH 017/350] adjustment to chacha for big endian

---
 configure.ac           | 6 ------
 wolfcrypt/src/chacha.c | 9 ++++-----
 2 files changed, 4 insertions(+), 11 deletions(-)

diff --git a/configure.ac b/configure.ac
index 566492b74..45a687368 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1201,12 +1201,6 @@ AC_ARG_ENABLE([chacha],
     [ ENABLED_CHACHA=yes ]
     )
 
-# not ready for big endian yet
-if test "x$ac_cv_c_bigendian" = "xyes"
-then
-    ENABLED_CHACHA=no
-fi
-
 # lean psk does't need chacha
 if test "$ENABLED_LEANPSK" = "yes"
 then
diff --git a/wolfcrypt/src/chacha.c b/wolfcrypt/src/chacha.c
index fb8ace64c..4e95bdbd0 100644
--- a/wolfcrypt/src/chacha.c
+++ b/wolfcrypt/src/chacha.c
@@ -48,7 +48,6 @@
 
 #ifdef BIG_ENDIAN_ORDER
     #define LITTLE32(x) ByteReverseWord32(x)
-    #error "CHACHA Not ready for Big Endian yet"
 #else
     #define LITTLE32(x) (x)
 #endif
@@ -164,10 +163,10 @@ int wc_Chacha_SetKey(ChaCha* ctx, const byte* key, word32 keySz)
     ctx->X[ 9] = U8TO32_LITTLE(k +  4);
     ctx->X[10] = U8TO32_LITTLE(k +  8);
     ctx->X[11] = U8TO32_LITTLE(k + 12);
-    ctx->X[ 0] = U8TO32_LITTLE(constants + 0);
-    ctx->X[ 1] = U8TO32_LITTLE(constants + 1);
-    ctx->X[ 2] = U8TO32_LITTLE(constants + 2);
-    ctx->X[ 3] = U8TO32_LITTLE(constants + 3);
+    ctx->X[ 0] = constants[0];
+    ctx->X[ 1] = constants[1];
+    ctx->X[ 2] = constants[2];
+    ctx->X[ 3] = constants[3];
 
     return 0;
 }

From e39abffc5eda18707584a519908509d790d75a68 Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Fri, 3 Apr 2015 12:11:29 -0700
Subject: [PATCH 018/350] add GNU ld bug error and solution

---
 README    | 3 +++
 README.md | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/README b/README
index 380575265..d9e982f38 100644
--- a/README
+++ b/README
@@ -34,6 +34,9 @@ before calling wolfSSL_new();  Though it's not recommended.
 
 *** end Notes ***
 
+- GNU Binutils 2.24 ld has problems with some debug builds, to fix an ld error
+  add -fdebug-types-section to C_EXTRA_FLAGS
+
 wolfSSL (Formerly CyaSSL) Release 3.4.6 (03/30/2015)
 
 Release 3.4.6 of wolfSSL has bug fixes and new features including:
diff --git a/README.md b/README.md
index 65be1b0f2..59c77e37c 100644
--- a/README.md
+++ b/README.md
@@ -35,6 +35,9 @@ wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
 before calling wolfSSL_new();  Though it's not recommended.
 ```
 
+- GNU Binutils 2.24 ld has problems with some debug builds, to fix an ld error
+  add -fdebug-types-section to C_EXTRA_FLAGS
+
 #wolfSSL (Formerly CyaSSL) Release 3.4.6 (03/30/2015)
 
 ##Release 3.4.6 of wolfSSL has bug fixes and new features including:

From 44a3011328dc0c5f742eb426338dba3c0e280472 Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Fri, 3 Apr 2015 13:25:51 -0700
Subject: [PATCH 019/350] fix STREAM_ALIGN consistency

---
 wolfssl/wolfcrypt/settings.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h
index 4a773844a..23c19486d 100644
--- a/wolfssl/wolfcrypt/settings.h
+++ b/wolfssl/wolfcrypt/settings.h
@@ -723,7 +723,7 @@
 #ifndef WOLFSSL_GENERAL_ALIGNMENT
     #ifdef WOLFSSL_AESNI
         #define WOLFSSL_GENERAL_ALIGNMENT 16
-    #elif defined(XSTREAM_ALIGNMENT)
+    #elif defined(XSTREAM_ALIGN)
         #define WOLFSSL_GENERAL_ALIGNMENT  4
     #elif defined(FREESCALE_MMCAU)
         #define WOLFSSL_GENERAL_ALIGNMENT  WOLFSSL_MMCAU_ALIGNMENT

From a7d004e47ddcca633dad272468dc579bc864ec9c Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Sat, 4 Apr 2015 09:49:34 -0700
Subject: [PATCH 020/350] add sha512 sig_algo processing for
 server_key_exchange and cert_verify messages

---
 src/internal.c     | 203 +++++++++++++++++++++++++++++++++++++++++++++
 src/ssl.c          |  19 +++++
 wolfssl/internal.h |   6 ++
 3 files changed, 228 insertions(+)

diff --git a/src/internal.c b/src/internal.c
index 176c98b3f..4f644fd2f 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -588,6 +588,10 @@ static void InitSuitesHashSigAlgo(Suites* suites, int haveECDSAsig,
     int idx = 0;
 
     if (haveECDSAsig) {
+        #ifdef WOLFSSL_SHA512
+            suites->hashSigAlgo[idx++] = sha512_mac;
+            suites->hashSigAlgo[idx++] = ecc_dsa_sa_algo;
+        #endif
         #ifdef WOLFSSL_SHA384
             suites->hashSigAlgo[idx++] = sha384_mac;
             suites->hashSigAlgo[idx++] = ecc_dsa_sa_algo;
@@ -603,6 +607,10 @@ static void InitSuitesHashSigAlgo(Suites* suites, int haveECDSAsig,
     }
 
     if (haveRSAsig) {
+        #ifdef WOLFSSL_SHA512
+            suites->hashSigAlgo[idx++] = sha512_mac;
+            suites->hashSigAlgo[idx++] = rsa_sa_algo;
+        #endif
         #ifdef WOLFSSL_SHA384
             suites->hashSigAlgo[idx++] = sha384_mac;
             suites->hashSigAlgo[idx++] = rsa_sa_algo;
@@ -1622,6 +1630,12 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx)
         return ret;
     }
 #endif
+#ifdef WOLFSSL_SHA512
+    ret = wc_InitSha512(&ssl->hsHashes->hashSha512);
+    if (ret != 0) {
+        return ret;
+    }
+#endif
 
     /* increment CTX reference count */
     if (LockMutex(&ctx->countMutex) != 0) {
@@ -2427,6 +2441,11 @@ static int HashOutput(WOLFSSL* ssl, const byte* output, int sz, int ivSz)
         ret = wc_Sha384Update(&ssl->hsHashes->hashSha384, adj, sz);
         if (ret != 0)
             return ret;
+#endif
+#ifdef WOLFSSL_SHA512
+        ret = wc_Sha512Update(&ssl->hsHashes->hashSha512, adj, sz);
+        if (ret != 0)
+            return ret;
 #endif
     }
 
@@ -2468,6 +2487,11 @@ static int HashInput(WOLFSSL* ssl, const byte* input, int sz)
         ret = wc_Sha384Update(&ssl->hsHashes->hashSha384, adj, sz);
         if (ret != 0)
             return ret;
+#endif
+#ifdef WOLFSSL_SHA512
+        ret = wc_Sha512Update(&ssl->hsHashes->hashSha512, adj, sz);
+        if (ret != 0)
+            return ret;
 #endif
     }
 
@@ -3018,6 +3042,7 @@ static void BuildSHA(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
 #endif
 
 
+/* Finished doesn't support SHA512, not SHA512 cipher suites yet */
 static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
 {
     int ret = 0;
@@ -6881,6 +6906,9 @@ static int BuildCertHashes(WOLFSSL* ssl, Hashes* hashes)
     #ifdef WOLFSSL_SHA384
         Sha384 sha384 = ssl->hsHashes->hashSha384;
     #endif
+    #ifdef WOLFSSL_SHA512
+        Sha512 sha512 = ssl->hsHashes->hashSha512;
+    #endif
 
     if (ssl->options.tls) {
 #if ! defined( NO_OLD_TLS )
@@ -6900,6 +6928,11 @@ static int BuildCertHashes(WOLFSSL* ssl, Hashes* hashes)
                 if (ret != 0)
                     return ret;
             #endif
+            #ifdef WOLFSSL_SHA512
+                ret = wc_Sha512Final(&ssl->hsHashes->hashSha512,hashes->sha512);
+                if (ret != 0)
+                    return ret;
+            #endif
         }
     }
 #if ! defined( NO_OLD_TLS )
@@ -6919,6 +6952,9 @@ static int BuildCertHashes(WOLFSSL* ssl, Hashes* hashes)
         #ifdef WOLFSSL_SHA384
             ssl->hsHashes->hashSha384 = sha384;
         #endif
+        #ifdef WOLFSSL_SHA512
+            ssl->hsHashes->hashSha512 = sha512;
+        #endif
     }
 
     return 0;
@@ -8881,6 +8917,12 @@ static void PickHashSigAlgo(WOLFSSL* ssl,
                 break;
             }
             #endif
+            #ifdef WOLFSSL_SHA512
+            else if (hashSigAlgo[i] == sha512_mac) {
+                ssl->suites->hashAlgo = sha512_mac;
+                break;
+            }
+            #endif
         }
     }
 }
@@ -9907,6 +9949,15 @@ static void PickHashSigAlgo(WOLFSSL* ssl,
         byte    hash384[SHA384_DIGEST_SIZE];
 #endif
 #endif
+#ifdef WOLFSSL_SHA512
+#ifdef WOLFSSL_SMALL_STACK
+        Sha512* sha512  = NULL;
+        byte*   hash512 = NULL;
+#else
+        Sha512  sha512[1];
+        byte    hash512[SHA512_DIGEST_SIZE];
+#endif
+#endif
 #ifdef WOLFSSL_SMALL_STACK
         byte*   hash          = NULL;
         byte*   messageVerify = NULL;
@@ -10026,6 +10077,24 @@ static void PickHashSigAlgo(WOLFSSL* ssl,
             goto done;
 #endif
 
+#ifdef WOLFSSL_SHA512
+    #ifdef WOLFSSL_SMALL_STACK
+        sha512 = (Sha512*)XMALLOC(sizeof(Sha512), NULL,
+                                                       DYNAMIC_TYPE_TMP_BUFFER);
+        hash512 = (byte*)XMALLOC(SHA512_DIGEST_SIZE, NULL,
+                                                       DYNAMIC_TYPE_TMP_BUFFER);
+        if (sha512 == NULL || hash512 == NULL)
+            ERROR_OUT(MEMORY_E, done);
+    #endif
+        if (!(ret = wc_InitSha512(sha512))
+        &&  !(ret = wc_Sha512Update(sha512, ssl->arrays->clientRandom, RAN_LEN))
+        &&  !(ret = wc_Sha512Update(sha512, ssl->arrays->serverRandom, RAN_LEN))
+        &&  !(ret = wc_Sha512Update(sha512, messageVerify, verifySz)))
+              ret = wc_Sha512Final(sha512, hash512);
+        if (ret != 0)
+            goto done;
+#endif
+
 #ifndef NO_RSA
         /* rsa */
         if (sigAlgo == rsa_sa_algo)
@@ -10094,6 +10163,13 @@ static void PickHashSigAlgo(WOLFSSL* ssl,
                         digestSz = SHA384_DIGEST_SIZE;
                     #endif
                 }
+                else if (hashAlgo == sha512_mac) {
+                    #ifdef WOLFSSL_SHA512
+                        digest   = hash512;
+                        typeH    = SHA512h;
+                        digestSz = SHA512_DIGEST_SIZE;
+                    #endif
+                }
 
             #ifdef WOLFSSL_SMALL_STACK
                 encodedSig = (byte*)XMALLOC(MAX_ENCODED_SIG_SZ, NULL,
@@ -10159,6 +10235,12 @@ static void PickHashSigAlgo(WOLFSSL* ssl,
                         digestSz = SHA384_DIGEST_SIZE;
                     #endif
                 }
+                else if (hashAlgo == sha512_mac) {
+                    #ifdef WOLFSSL_SHA512
+                        digest   = hash512;
+                        digestSz = SHA512_DIGEST_SIZE;
+                    #endif
+                }
             }
             if (doUserEcc) {
             #ifdef HAVE_PK_CALLBACKS
@@ -10198,6 +10280,10 @@ static void PickHashSigAlgo(WOLFSSL* ssl,
     #ifdef WOLFSSL_SHA384
         XFREE(sha384,        NULL, DYNAMIC_TYPE_TMP_BUFFER);
         XFREE(hash384,       NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    #endif
+    #ifdef WOLFSSL_SHA512
+        XFREE(sha512,        NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        XFREE(hash512,       NULL, DYNAMIC_TYPE_TMP_BUFFER);
     #endif
         XFREE(hash,          NULL, DYNAMIC_TYPE_TMP_BUFFER);
         XFREE(messageVerify, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -10887,6 +10973,12 @@ static void PickHashSigAlgo(WOLFSSL* ssl,
                             digestSz = SHA384_DIGEST_SIZE;
                         #endif
                     }
+                    else if (ssl->suites->hashAlgo == sha512_mac) {
+                        #ifdef WOLFSSL_SHA512
+                            digest = ssl->hsHashes->certHashes.sha512;
+                            digestSz = SHA512_DIGEST_SIZE;
+                        #endif
+                    }
                 }
 
                 if (doUserEcc) {
@@ -10955,6 +11047,14 @@ static void PickHashSigAlgo(WOLFSSL* ssl,
                             didSet   = 1;
                         #endif
                     }
+                    else if (ssl->suites->hashAlgo == sha512_mac) {
+                        #ifdef WOLFSSL_SHA512
+                            digest   = ssl->hsHashes->certHashes.sha512;
+                            typeH    = SHA512h;
+                            digestSz = SHA512_DIGEST_SIZE;
+                            didSet   = 1;
+                        #endif
+                    }
 
                     if (didSet == 0) {
                         /* defaults */
@@ -11685,6 +11785,15 @@ int DoSessionTicket(WOLFSSL* ssl,
                 byte    hash384[SHA384_DIGEST_SIZE];
             #endif
         #endif
+        #ifdef WOLFSSL_SHA512
+            #ifdef WOLFSSL_SMALL_STACK
+                Sha512* sha512  = NULL;
+                byte*   hash512 = NULL;
+            #else
+                Sha512  sha512[1];
+                byte    hash512[SHA512_DIGEST_SIZE];
+            #endif
+        #endif
 
             #ifdef WOLFSSL_SMALL_STACK
                 hash = (byte*)XMALLOC(FINISHED_SZ, NULL,
@@ -11765,6 +11874,28 @@ int DoSessionTicket(WOLFSSL* ssl,
                     goto done_a2;
         #endif
 
+        #ifdef WOLFSSL_SHA512
+            #ifdef WOLFSSL_SMALL_STACK
+                sha512 = (Sha512*)XMALLOC(sizeof(Sha512), NULL,
+                                                       DYNAMIC_TYPE_TMP_BUFFER);
+                hash512 = (byte*)XMALLOC(SHA512_DIGEST_SIZE, NULL,
+                                                       DYNAMIC_TYPE_TMP_BUFFER);
+                if (sha512 == NULL || hash512 == NULL)
+                    ERROR_OUT(MEMORY_E, done_a2);
+            #endif
+
+                if (!(ret = wc_InitSha512(sha512))
+                &&  !(ret = wc_Sha512Update(sha512, ssl->arrays->clientRandom,
+                                                                       RAN_LEN))
+                &&  !(ret = wc_Sha512Update(sha512, ssl->arrays->serverRandom,
+                                                                       RAN_LEN))
+                &&  !(ret = wc_Sha512Update(sha512, output + preSigIdx, preSigSz)))
+                    ret = wc_Sha512Final(sha512, hash512);
+
+                if (ret != 0)
+                    goto done_a2;
+        #endif
+
             #ifndef NO_RSA
                 if (ssl->suites->sigAlgo == rsa_sa_algo) {
                     byte*  signBuffer = hash;
@@ -11807,6 +11938,13 @@ int DoSessionTicket(WOLFSSL* ssl,
                             digestSz = SHA384_DIGEST_SIZE;
                         #endif
                         }
+                        else if (ssl->suites->hashAlgo == sha512_mac) {
+                        #ifdef WOLFSSL_SHA512
+                            digest   = hash512;
+                            typeH    = SHA512h;
+                            digestSz = SHA512_DIGEST_SIZE;
+                        #endif
+                        }
 
                         signSz = wc_EncodeSignature(encodedSig, digest, digestSz,
                                                  typeH);
@@ -11877,6 +12015,12 @@ int DoSessionTicket(WOLFSSL* ssl,
                             digestSz = SHA384_DIGEST_SIZE;
                         #endif
                         }
+                        else if (ssl->suites->hashAlgo == sha512_mac) {
+                        #ifdef WOLFSSL_SHA512
+                            digest   = hash512;
+                            digestSz = SHA512_DIGEST_SIZE;
+                        #endif
+                        }
                     }
 
                     if (doUserEcc) {
@@ -11923,6 +12067,10 @@ int DoSessionTicket(WOLFSSL* ssl,
                 XFREE(sha384,  NULL, DYNAMIC_TYPE_TMP_BUFFER);
                 XFREE(hash384, NULL, DYNAMIC_TYPE_TMP_BUFFER);
             #endif
+            #ifdef WOLFSSL_SHA512
+                XFREE(sha512,  NULL, DYNAMIC_TYPE_TMP_BUFFER);
+                XFREE(hash512, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+            #endif
         #endif
 
                 if (ret < 0)
@@ -12126,6 +12274,15 @@ int DoSessionTicket(WOLFSSL* ssl,
                 byte    hash384[SHA384_DIGEST_SIZE];
             #endif
         #endif
+        #ifdef WOLFSSL_SHA512
+            #ifdef WOLFSSL_SMALL_STACK
+                Sha512* sha512  = NULL;
+                byte*   hash512 = NULL;
+            #else
+                Sha512  sha512[1];
+                byte    hash512[SHA512_DIGEST_SIZE];
+            #endif
+        #endif
 
             /* Add hash/signature algo ID */
             if (IsAtLeastTLSv1_2(ssl)) {
@@ -12220,6 +12377,28 @@ int DoSessionTicket(WOLFSSL* ssl,
                     goto done_b;
         #endif
 
+        #ifdef WOLFSSL_SHA512
+            #ifdef WOLFSSL_SMALL_STACK
+                sha512 = (Sha512*)XMALLOC(sizeof(Sha512), NULL,
+                                                       DYNAMIC_TYPE_TMP_BUFFER);
+                hash512 = (byte*)XMALLOC(SHA512_DIGEST_SIZE, NULL,
+                                                       DYNAMIC_TYPE_TMP_BUFFER);
+                if (sha512 == NULL || hash512 == NULL)
+                    ERROR_OUT(MEMORY_E, done_b);
+            #endif
+
+                if (!(ret = wc_InitSha512(sha512))
+                &&  !(ret = wc_Sha512Update(sha512, ssl->arrays->clientRandom,
+                                                                       RAN_LEN))
+                &&  !(ret = wc_Sha512Update(sha512, ssl->arrays->serverRandom,
+                                                                       RAN_LEN))
+                &&  !(ret = wc_Sha512Update(sha512, output + preSigIdx, preSigSz)))
+                    ret = wc_Sha512Final(sha512, hash512);
+
+                if (ret != 0)
+                    goto done_b;
+        #endif
+
             #ifndef NO_RSA
                 if (ssl->suites->sigAlgo == rsa_sa_algo) {
                     byte*  signBuffer = hash;
@@ -12262,6 +12441,13 @@ int DoSessionTicket(WOLFSSL* ssl,
                             digestSz = SHA384_DIGEST_SIZE;
                         #endif
                         }
+                        else if (ssl->suites->hashAlgo == sha512_mac) {
+                        #ifdef WOLFSSL_SHA512
+                            digest   = hash512;
+                            typeH    = SHA512h;
+                            digestSz = SHA512_DIGEST_SIZE;
+                        #endif
+                        }
 
                         signSz = wc_EncodeSignature(encodedSig, digest, digestSz,
                                                  typeH);
@@ -12304,6 +12490,10 @@ int DoSessionTicket(WOLFSSL* ssl,
                 XFREE(sha384,  NULL, DYNAMIC_TYPE_TMP_BUFFER);
                 XFREE(hash384, NULL, DYNAMIC_TYPE_TMP_BUFFER);
             #endif
+            #ifdef WOLFSSL_SHA512
+                XFREE(sha512,  NULL, DYNAMIC_TYPE_TMP_BUFFER);
+                XFREE(hash512, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+            #endif
         #endif
 
                 if (ret < 0) return ret;
@@ -13045,6 +13235,13 @@ int DoSessionTicket(WOLFSSL* ssl,
                         digestSz = SHA384_DIGEST_SIZE;
                     #endif
                 }
+                else if (hashAlgo == sha512_mac) {
+                    #ifdef WOLFSSL_SHA512
+                        digest = ssl->hsHashes->certHashes.sha512;
+                        typeH    = SHA512h;
+                        digestSz = SHA512_DIGEST_SIZE;
+                    #endif
+                }
 
                 sigSz = wc_EncodeSignature(encodedSig, digest, digestSz, typeH);
 
@@ -13097,6 +13294,12 @@ int DoSessionTicket(WOLFSSL* ssl,
                         digestSz = SHA384_DIGEST_SIZE;
                     #endif
                 }
+                else if (hashAlgo == sha512_mac) {
+                    #ifdef WOLFSSL_SHA512
+                        digest = ssl->hsHashes->certHashes.sha512;
+                        digestSz = SHA512_DIGEST_SIZE;
+                    #endif
+                }
             }
 
             if (doUserEcc) {
diff --git a/src/ssl.c b/src/ssl.c
index 5902555c5..d907f443a 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -849,6 +849,11 @@ int wolfSSL_Rehandshake(WOLFSSL* ssl)
     if (ret !=0)
         return ret;
 #endif
+#ifdef WOLFSSL_SHA512
+    ret = wc_InitSha512(&ssl->hsHashes->hashSha512);
+    if (ret !=0)
+        return ret;
+#endif
 
     ret = wolfSSL_negotiate(ssl);
     return ret;
@@ -5167,6 +5172,13 @@ int wolfSSL_dtls_got_timeout(WOLFSSL* ssl)
                                 return SSL_FATAL_ERROR;
                             }
                         #endif
+                        #ifdef WOLFSSL_SHA512
+                            if ( (ssl->error = wc_InitSha512(
+                                            &ssl->hsHashes->hashSha512)) != 0) {
+                                WOLFSSL_ERROR(ssl->error);
+                                return SSL_FATAL_ERROR;
+                            }
+                        #endif
                     }
                     if ( (ssl->error = SendClientHello(ssl)) != 0) {
                         WOLFSSL_ERROR(ssl->error);
@@ -5446,6 +5458,13 @@ int wolfSSL_dtls_got_timeout(WOLFSSL* ssl)
                                return SSL_FATAL_ERROR;
                             }
                         #endif
+                        #ifdef WOLFSSL_SHA512
+                            if ( (ssl->error = wc_InitSha512(
+                                            &ssl->hsHashes->hashSha512)) != 0) {
+                               WOLFSSL_ERROR(ssl->error);
+                               return SSL_FATAL_ERROR;
+                            }
+                        #endif
                     }
 
                     while (ssl->options.clientState < CLIENT_HELLO_COMPLETE)
diff --git a/wolfssl/internal.h b/wolfssl/internal.h
index 55af1d1b9..3ead47d88 100644
--- a/wolfssl/internal.h
+++ b/wolfssl/internal.h
@@ -1714,6 +1714,9 @@ typedef struct Hashes {
     #ifdef WOLFSSL_SHA384
         byte sha384[SHA384_DIGEST_SIZE];
     #endif
+    #ifdef WOLFSSL_SHA512
+        byte sha512[SHA512_DIGEST_SIZE];
+    #endif
 } Hashes;
 
 
@@ -2090,6 +2093,9 @@ typedef struct HS_Hashes {
 #ifdef WOLFSSL_SHA384
     Sha384          hashSha384;         /* sha384 hash of handshake msgs */
 #endif
+#ifdef WOLFSSL_SHA512
+    Sha512          hashSha512;         /* sha512 hash of handshake msgs */
+#endif
 } HS_Hashes;
 
 

From d67a031132b87fc01f0808f161eda0e3101dbba7 Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Sun, 5 Apr 2015 09:13:11 -0700
Subject: [PATCH 021/350] fix scr gcm mode

---
 src/keys.c | 24 +++++++++++++++++++++++-
 1 file changed, 23 insertions(+), 1 deletion(-)

diff --git a/src/keys.c b/src/keys.c
index d83619681..b06debb28 100644
--- a/src/keys.c
+++ b/src/keys.c
@@ -2407,11 +2407,33 @@ int SetKeysSide(WOLFSSL* ssl, enum encrypt_side side)
                     /* Initialize the AES-GCM/CCM explicit IV to a zero. */
                     XMEMCPY(ssl->keys.aead_exp_IV, keys->aead_exp_IV,
                             AEAD_EXP_IV_SZ);
+
+                    /* Initialize encrypt implicit IV by encrypt side */
+                    if (ssl->options.side == WOLFSSL_CLIENT_END) {
+                        XMEMCPY(ssl->keys.aead_enc_imp_IV,
+                                keys->client_write_IV, AEAD_IMP_IV_SZ);
+                    } else {
+                        XMEMCPY(ssl->keys.aead_enc_imp_IV,
+                                keys->server_write_IV, AEAD_IMP_IV_SZ);
+                    }
                 }
             #endif
         }
-        if (wc_decrypt)
+        if (wc_decrypt) {
             ssl->keys.peer_sequence_number = keys->peer_sequence_number;
+            #ifdef HAVE_AEAD
+                if (ssl->specs.cipher_type == aead) {
+                    /* Initialize decrypt implicit IV by decrypt side */
+                    if (ssl->options.side == WOLFSSL_SERVER_END) {
+                        XMEMCPY(ssl->keys.aead_dec_imp_IV,
+                                keys->client_write_IV, AEAD_IMP_IV_SZ);
+                    } else {
+                        XMEMCPY(ssl->keys.aead_dec_imp_IV,
+                                keys->server_write_IV, AEAD_IMP_IV_SZ);
+                    }
+                }
+            #endif
+        }
         ssl->secure_renegotiation->cache_status++;
     }
 #endif /* HAVE_SECURE_RENEGOTIATION */

From d8a6d9cffc52d77776cf8529f1af08939bdd8120 Mon Sep 17 00:00:00 2001
From: Takashi Kojo <kojo@wolfsssl.com>
Date: Mon, 6 Apr 2015 10:34:07 +0900
Subject: [PATCH 022/350] runtime cpuflag for Intel MULX, cleaned in tfm.c

---
 wolfcrypt/src/asm.c | 78 ++++++++++++++++++++++++++++++++++++++++
 wolfcrypt/src/tfm.c | 87 +++------------------------------------------
 2 files changed, 82 insertions(+), 83 deletions(-)

diff --git a/wolfcrypt/src/asm.c b/wolfcrypt/src/asm.c
index 9dbf9a15a..016225df1 100755
--- a/wolfcrypt/src/asm.c
+++ b/wolfcrypt/src/asm.c
@@ -33,6 +33,84 @@
 
 /******************************************************************/
 /* fp_montgomery_reduce.c asm or generic */
+
+
+/* Each platform needs to query info type 1 from cpuid to see if aesni is
+ * supported. Also, let's setup a macro for proper linkage w/o ABI conflicts
+ */
+
+#if defined(HAVE_INTEL_MULX)
+#ifndef _MSC_VER
+    #define cpuid(reg, leaf, sub)\
+            __asm__ __volatile__ ("cpuid":\
+             "=a" (reg[0]), "=b" (reg[1]), "=c" (reg[2]), "=d" (reg[3]) :\
+             "a" (leaf), "c"(sub));
+
+    #define XASM_LINK(f) asm(f)
+#else
+
+    #include <intrin.h>
+    #define cpuid(a,b) __cpuid((int*)a,b)
+
+    #define XASM_LINK(f)
+
+#endif /* _MSC_VER */
+
+#define EAX 0
+#define EBX 1
+#define ECX 2 
+#define EDX 3
+    
+#define CPUID_AVX1   0x1
+#define CPUID_AVX2   0x2
+#define CPUID_RDRAND 0x4
+#define CPUID_RDSEED 0x8
+
+#define IS_INTEL_AVX1       (cpuid_flags&CPUID_AVX1)
+#define IS_INTEL_AVX2       (cpuid_flags&CPUID_AVX2)
+#define IS_INTEL_RDRAND     (cpuid_flags&CPUID_RDRAND)
+#define IS_INTEL_RDSEED     (cpuid_flags&CPUID_RDSEED)
+#define SET_FLAGS         
+
+static word32 cpuid_check = 0 ;
+static word32 cpuid_flags = 0 ;
+
+static word32 cpuid_flag(word32 leaf, word32 sub, word32 num, word32 bit) {
+    int got_intel_cpu=0;
+    unsigned int reg[5]; 
+    
+    reg[4] = '\0' ;
+    cpuid(reg, 0, 0);  
+    if(memcmp((char *)&(reg[EBX]), "Genu", 4) == 0 &&  
+                memcmp((char *)&(reg[EDX]), "ineI", 4) == 0 &&  
+                memcmp((char *)&(reg[ECX]), "ntel", 4) == 0) {  
+        got_intel_cpu = 1;  
+    }    
+    if (got_intel_cpu) {
+        cpuid(reg, leaf, sub);
+        return((reg[num]>>bit)&0x1) ;
+    }
+    return 0 ;
+}
+
+INLINE static int set_cpuid_flags(void) {  
+    if(cpuid_check == 0) {
+        if(cpuid_flag(7, 0, EBX, 5)){  cpuid_flags |= CPUID_AVX2 ; }
+		cpuid_check = 1 ;
+		return 0 ;
+    }
+    return 1 ;
+}
+
+#define RETURN return
+#define IF_HAVE_INTEL_MULX(func, ret)    \
+   if(cpuid_check==0)set_cpuid_flags() ; \
+   if(IS_INTEL_AVX2){  func;  ret ;  }
+
+#else
+    #define IF_HAVE_INTEL_MULX(func, ret)
+#endif
+
 #if defined(TFM_X86) && !defined(TFM_SSE2) 
 /* x86-32 code */
 
diff --git a/wolfcrypt/src/tfm.c b/wolfcrypt/src/tfm.c
index 132898962..994fcc9ae 100755
--- a/wolfcrypt/src/tfm.c
+++ b/wolfcrypt/src/tfm.c
@@ -403,72 +403,6 @@ void fp_mul_2d(fp_int *a, int b, fp_int *c)
 /* generic PxQ multiplier */
 #if defined(HAVE_INTEL_MULX)
 
-/* Each platform needs to query info type 1 from cpuid to see if aesni is
- * supported. Also, let's setup a macro for proper linkage w/o ABI conflicts
- */
-
-#ifndef _MSC_VER
-    #define cpuid(reg, leaf, sub)\
-            __asm__ __volatile__ ("cpuid":\
-             "=a" (reg[0]), "=b" (reg[1]), "=c" (reg[2]), "=d" (reg[3]) :\
-             "a" (leaf), "c"(sub));
-
-    #define XASM_LINK(f) asm(f)
-#else
-
-    #include <intrin.h>
-    #define cpuid(a,b) __cpuid((int*)a,b)
-
-    #define XASM_LINK(f)
-
-#endif /* _MSC_VER */
-
-#define EAX 0
-#define EBX 1
-#define ECX 2 
-#define EDX 3
-    
-#define CPUID_AVX1   0x1
-#define CPUID_AVX2   0x2
-#define CPUID_RDRAND 0x4
-#define CPUID_RDSEED 0x8
-
-#define IS_INTEL_AVX1       (cpuid_flags&CPUID_AVX1)
-#define IS_INTEL_AVX2       (cpuid_flags&CPUID_AVX2)
-#define IS_INTEL_RDRAND     (cpuid_flags&CPUID_RDRAND)
-#define IS_INTEL_RDSEED     (cpuid_flags&CPUID_RDSEED)
-#define SET_FLAGS         if(cpuid_check==0)set_cpuid_flags()
-
-static word32 cpuid_check = 0 ;
-static word32 cpuid_flags = 0 ;
-
-static word32 cpuid_flag(word32 leaf, word32 sub, word32 num, word32 bit) {
-    int got_intel_cpu=0;
-    unsigned int reg[5]; 
-    
-    reg[4] = '\0' ;
-    cpuid(reg, 0, 0);  
-    if(memcmp((char *)&(reg[EBX]), "Genu", 4) == 0 &&  
-                memcmp((char *)&(reg[EDX]), "ineI", 4) == 0 &&  
-                memcmp((char *)&(reg[ECX]), "ntel", 4) == 0) {  
-        got_intel_cpu = 1;  
-    }    
-    if (got_intel_cpu) {
-        cpuid(reg, leaf, sub);
-        return((reg[num]>>bit)&0x1) ;
-    }
-    return 0 ;
-}
-
-INLINE static int set_cpuid_flags(void) {  
-    if(cpuid_check == 0) {
-        if(cpuid_flag(7, 0, EBX, 5)){  cpuid_flags |= CPUID_AVX2 ; }
-		cpuid_check = 1 ;
-		return 0 ;
-    }
-    return 1 ;
-}
-
 INLINE static void fp_mul_comba_mulx(fp_int *A, fp_int *B, fp_int *C)
 
 {     
@@ -496,7 +430,6 @@ INLINE static void fp_mul_comba_mulx(fp_int *A, fp_int *B, fp_int *C)
   fp_clamp(dst);
   fp_copy(dst, C);  
 }
-
 #endif
 
 void fp_mul_comba(fp_int *A, fp_int *B, fp_int *C)
@@ -505,13 +438,7 @@ void fp_mul_comba(fp_int *A, fp_int *B, fp_int *C)
    fp_digit  c0, c1, c2, *tmpx, *tmpy;
    fp_int    tmp, *dst;
 
-   #if defined(HAVE_INTEL_MULX)
-   SET_FLAGS ;
-   if(IS_INTEL_AVX2) {
-       fp_mul_comba_mulx(A, B, C) ;
-       return ;
-   }
-   #endif
+   IF_HAVE_INTEL_MULX(fp_mul_comba_mulx(A, B, C), return) ;
 
    COMBA_START;
    COMBA_CLEAR;
@@ -1725,15 +1652,9 @@ void fp_montgomery_reduce(fp_int *a, fp_int *m, fp_digit mp)
 {
    fp_digit c[FP_SIZE], *_c, *tmpm, mu = 0;
    int      oldused, x, y, pa;
-   
-   #ifdef HAVE_INTEL_MULX
-   SET_FLAGS ;
-   if(IS_INTEL_AVX2) {
-       fp_montgomery_reduce_mulx(a, m, mp) ;
-       return ;
-   }
-   #endif
-   
+
+   IF_HAVE_INTEL_MULX(fp_montgomery_reduce_mulx(a, m, mp), return) ;
+
    /* bail if too large */
    if (m->used > (FP_SIZE/2)) {
       (void)mu;                     /* shut up compiler */

From 0519085c69c12b706588a88b34a1c78cdd49fdab Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Mon, 6 Apr 2015 11:40:51 -0700
Subject: [PATCH 023/350] add SOCKET_PEER_CLOSED_E vs general SOCKET_E for case
 where peer closes underlying transport w/o close notify

---
 src/internal.c      | 8 ++++++++
 wolfssl/error-ssl.h | 1 +
 2 files changed, 9 insertions(+)

diff --git a/src/internal.c b/src/internal.c
index 4f644fd2f..39e3beb90 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -7589,6 +7589,8 @@ startScr:
             if (ssl->error == SOCKET_ERROR_E) {
                 if (ssl->options.connReset || ssl->options.isClosed) {
                     WOLFSSL_MSG("Peer reset or closed, connection done");
+                    ssl->error = SOCKET_PEER_CLOSED_E;
+                    WOLFSSL_ERROR(ssl->error);
                     return 0;     /* peer reset or closed */
                 }
             }
@@ -8002,6 +8004,12 @@ const char* wolfSSL_ERR_reason_error_string(unsigned long e)
     case DUPLICATE_MSG_E:
         return "Duplicate HandShake message Error";
 
+    case SNI_UNSUPPORTED:
+        return "Protocol version does not support SNI Error";
+
+    case SOCKET_PEER_CLOSED_E:
+        return "Peer closed underlying transport Error";
+
     default :
         return "unknown error number";
     }
diff --git a/wolfssl/error-ssl.h b/wolfssl/error-ssl.h
index 732240382..0df2edb6e 100644
--- a/wolfssl/error-ssl.h
+++ b/wolfssl/error-ssl.h
@@ -127,6 +127,7 @@ enum wolfSSL_ErrorCodes {
     SANITY_MSG_E            = -394,        /* Sanity check on msg order error */
     DUPLICATE_MSG_E         = -395,        /* Duplicate message error */
     SNI_UNSUPPORTED         = -396,        /* SSL 3.0 does not support SNI */
+    SOCKET_PEER_CLOSED_E    = -397,        /* Underlying transport closed */
 
     /* add strings to SetErrorString !!!!! */
 

From aef879dc206ac5c0a171c6dfe43614b3ad963859 Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Mon, 6 Apr 2015 15:06:56 -0700
Subject: [PATCH 024/350] Updated iOS FIPS project, bump version

---
 IDE/iOS/README.md                              |  3 +++
 IDE/iOS/wolfssl-FIPS.xcodeproj/project.pbxproj |  2 ++
 README                                         | 15 ++++++++++++++-
 README.md                                      | 13 +++++++++++++
 configure.ac                                   |  2 +-
 support/wolfssl.pc                             |  2 +-
 wolfssl/version.h                              |  4 ++--
 7 files changed, 36 insertions(+), 5 deletions(-)

diff --git a/IDE/iOS/README.md b/IDE/iOS/README.md
index e9e781b49..a81152fb0 100644
--- a/IDE/iOS/README.md
+++ b/IDE/iOS/README.md
@@ -67,6 +67,9 @@ for "Preprocessor Macros" and add the following under both `Release` and
 * `WOLFSSL_SHA512`
 * `WOLFSSL_SHA384`
 
+The approved FIPS source files are from the CyaSSL project v3.4.8.fips. The FIPS
+and FIPS-TEST files are from our FIPS project v3.4.8.fips. For the wolfCAVP test
+the wolfSSL version used is v3.4.8.
 
 # Using the FIPS library
 
diff --git a/IDE/iOS/wolfssl-FIPS.xcodeproj/project.pbxproj b/IDE/iOS/wolfssl-FIPS.xcodeproj/project.pbxproj
index 001bdf155..be5f32085 100644
--- a/IDE/iOS/wolfssl-FIPS.xcodeproj/project.pbxproj
+++ b/IDE/iOS/wolfssl-FIPS.xcodeproj/project.pbxproj
@@ -917,6 +917,7 @@
 					$SRCROOT,
 					$PROJECT_DIR/../..,
 				);
+				IPHONEOS_DEPLOYMENT_TARGET = 8.1;
 				OTHER_CFLAGS = "";
 				OTHER_LDFLAGS = "";
 				PRODUCT_NAME = wolfssl;
@@ -947,6 +948,7 @@
 					$SRCROOT,
 					$PROJECT_DIR/../..,
 				);
+				IPHONEOS_DEPLOYMENT_TARGET = 8.1;
 				OTHER_CFLAGS = "";
 				OTHER_LDFLAGS = "";
 				PRODUCT_NAME = wolfssl;
diff --git a/README b/README
index d9e982f38..f5c77acc5 100644
--- a/README
+++ b/README
@@ -37,7 +37,20 @@ before calling wolfSSL_new();  Though it's not recommended.
 - GNU Binutils 2.24 ld has problems with some debug builds, to fix an ld error
   add -fdebug-types-section to C_EXTRA_FLAGS
 
-wolfSSL (Formerly CyaSSL) Release 3.4.6 (03/30/2015)
+wolfSSL (Formerly CyaSSL) Release 3.4.8 (04/06/2015)
+
+Release 3.4.8 of wolfSSL has bug fixes and new features including:
+
+- FIPS version submitted for iOS.
+- Max Strength build that only allows TLSv1.2, AEAD ciphers, and PFS.
+- Improvements to usage of time code.
+- Improvements to VS solution files.
+
+See INSTALL file for build instructions.
+More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html
+
+
+ *****************wolfSSL (Formerly CyaSSL) Release 3.4.6 (03/30/2015)
 
 Release 3.4.6 of wolfSSL has bug fixes and new features including:
 
diff --git a/README.md b/README.md
index 59c77e37c..a490ac2ff 100644
--- a/README.md
+++ b/README.md
@@ -38,6 +38,19 @@ before calling wolfSSL_new();  Though it's not recommended.
 - GNU Binutils 2.24 ld has problems with some debug builds, to fix an ld error
   add -fdebug-types-section to C_EXTRA_FLAGS
 
+#wolfSSL (Formerly CyaSSL) Release 3.4.8 (04/06/2015)
+
+##Release 3.4.8 of wolfSSL has bug fixes and new features including:
+
+- FIPS version submitted for iOS.
+- Max Strength build that only allows TLSv1.2, AEAD ciphers, and PFS.
+- Improvements to usage of time code.
+- Improvements to VS solution files.
+
+See INSTALL file for build instructions.
+More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html
+
+
 #wolfSSL (Formerly CyaSSL) Release 3.4.6 (03/30/2015)
 
 ##Release 3.4.6 of wolfSSL has bug fixes and new features including:
diff --git a/configure.ac b/configure.ac
index 45a687368..cdad2c153 100644
--- a/configure.ac
+++ b/configure.ac
@@ -6,7 +6,7 @@
 #
 #
 
-AC_INIT([wolfssl],[3.4.7],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[http://www.wolfssl.com])
+AC_INIT([wolfssl],[3.4.8],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[http://www.wolfssl.com])
 
 AC_CONFIG_AUX_DIR([build-aux])
 
diff --git a/support/wolfssl.pc b/support/wolfssl.pc
index 1265e7ce0..c07ae3ea2 100644
--- a/support/wolfssl.pc
+++ b/support/wolfssl.pc
@@ -5,6 +5,6 @@ includedir=${prefix}/include
 
 Name: wolfssl
 Description: wolfssl C library.
-Version: 3.4.7
+Version: 3.4.8
 Libs: -L${libdir} -lwolfssl
 Cflags: -I${includedir}
diff --git a/wolfssl/version.h b/wolfssl/version.h
index 54e92ffc0..c76e07613 100644
--- a/wolfssl/version.h
+++ b/wolfssl/version.h
@@ -26,8 +26,8 @@
 extern "C" {
 #endif
 
-#define LIBWOLFSSL_VERSION_STRING "3.4.7"
-#define LIBWOLFSSL_VERSION_HEX 0x03004007
+#define LIBWOLFSSL_VERSION_STRING "3.4.8"
+#define LIBWOLFSSL_VERSION_HEX 0x03004008
 
 #ifdef __cplusplus
 }

From e17d452f9b70fc6718c03c0362dffc1cd96725f4 Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Mon, 6 Apr 2015 16:12:50 -0700
Subject: [PATCH 025/350] Updated Xcode projects for missing headers

---
 IDE/iOS/README.md                              | 11 ++++-------
 IDE/iOS/wolfssl-FIPS.xcodeproj/project.pbxproj |  2 +-
 IDE/iOS/wolfssl.xcodeproj/project.pbxproj      |  2 +-
 3 files changed, 6 insertions(+), 9 deletions(-)

diff --git a/IDE/iOS/README.md b/IDE/iOS/README.md
index a81152fb0..519520e56 100644
--- a/IDE/iOS/README.md
+++ b/IDE/iOS/README.md
@@ -28,13 +28,10 @@ order.
 
 # Building libwolfssl.a
 
-## Debug build
-
-## Release build
-
-A release build requires an Apple Developer account, as far as I can tell. I
-have not tried this yet.
+There are several options of builds. You can make a simulator build, or a
+device build. Both are debug builds.
 
+You can make an archive for a device, as well. That is a release build.
 
 # Installing libwolfssl.a
 
@@ -68,7 +65,7 @@ for "Preprocessor Macros" and add the following under both `Release` and
 * `WOLFSSL_SHA384`
 
 The approved FIPS source files are from the CyaSSL project v3.4.8.fips. The FIPS
-and FIPS-TEST files are from our FIPS project v3.4.8.fips. For the wolfCAVP test
+and FIPS-TEST files are from our FIPS project v3.4.8. For the wolfCAVP test
 the wolfSSL version used is v3.4.8.
 
 # Using the FIPS library
diff --git a/IDE/iOS/wolfssl-FIPS.xcodeproj/project.pbxproj b/IDE/iOS/wolfssl-FIPS.xcodeproj/project.pbxproj
index be5f32085..1f14345f9 100644
--- a/IDE/iOS/wolfssl-FIPS.xcodeproj/project.pbxproj
+++ b/IDE/iOS/wolfssl-FIPS.xcodeproj/project.pbxproj
@@ -295,7 +295,7 @@
 			isa = PBXCopyFilesBuildPhase;
 			buildActionMask = 2147483647;
 			dstPath = include/wolfssl;
-			dstSubfolderSpec = 16;
+			dstSubfolderSpec = 7;
 			files = (
 				521646C41A8A7FE10062516A /* callbacks.h in CopyFiles */,
 				521646C51A8A7FE10062516A /* certs_test.h in CopyFiles */,
diff --git a/IDE/iOS/wolfssl.xcodeproj/project.pbxproj b/IDE/iOS/wolfssl.xcodeproj/project.pbxproj
index 14fd4e4d6..0de405b73 100644
--- a/IDE/iOS/wolfssl.xcodeproj/project.pbxproj
+++ b/IDE/iOS/wolfssl.xcodeproj/project.pbxproj
@@ -283,7 +283,7 @@
 			isa = PBXCopyFilesBuildPhase;
 			buildActionMask = 2147483647;
 			dstPath = include/wolfssl;
-			dstSubfolderSpec = 16;
+			dstSubfolderSpec = 7;
 			files = (
 				521646C41A8A7FE10062516A /* callbacks.h in CopyFiles */,
 				521646C51A8A7FE10062516A /* certs_test.h in CopyFiles */,

From 015b68e6fb797b0ee728bb6dc5cba67fecf80e27 Mon Sep 17 00:00:00 2001
From: Takashi Kojo <kojo@wolfsssl.com>
Date: Tue, 7 Apr 2015 10:21:26 +0900
Subject: [PATCH 026/350] cpuflag BMI2 for Intel MULX

---
 IDE/iOS/README.md                             |  12 +-
 .../wolfssl-FIPS.xcodeproj/project.pbxproj    |   4 +-
 IDE/iOS/wolfssl.xcodeproj/project.pbxproj     |   2 +-
 README                                        |  15 +-
 README.md                                     |  13 ++
 configure.ac                                  |   2 +-
 examples/client/client.vcxproj                | 159 ++++++++++++++++-
 examples/echoclient/echoclient.vcxproj        | 159 ++++++++++++++++-
 examples/echoserver/echoserver.vcxproj        | 159 ++++++++++++++++-
 examples/server/server.vcxproj                | 159 ++++++++++++++++-
 src/internal.c                                |   8 +
 sslSniffer/sslSniffer.vcxproj                 |  10 +-
 support/wolfssl.pc                            |   2 +-
 testsuite/testsuite.vcxproj                   | 159 ++++++++++++++++-
 wolfcrypt/src/asm.c                           |   6 +-
 wolfssl.vcxproj                               | 166 +++++++++++++++++-
 wolfssl/error-ssl.h                           |   1 +
 wolfssl/version.h                             |   4 +-
 wolfssl/wolfcrypt/visibility.h                |   4 +-
 wolfssl64.sln                                 |  58 +++++-
 20 files changed, 1063 insertions(+), 39 deletions(-)

diff --git a/IDE/iOS/README.md b/IDE/iOS/README.md
index e9e781b49..519520e56 100644
--- a/IDE/iOS/README.md
+++ b/IDE/iOS/README.md
@@ -28,13 +28,10 @@ order.
 
 # Building libwolfssl.a
 
-## Debug build
-
-## Release build
-
-A release build requires an Apple Developer account, as far as I can tell. I
-have not tried this yet.
+There are several options of builds. You can make a simulator build, or a
+device build. Both are debug builds.
 
+You can make an archive for a device, as well. That is a release build.
 
 # Installing libwolfssl.a
 
@@ -67,6 +64,9 @@ for "Preprocessor Macros" and add the following under both `Release` and
 * `WOLFSSL_SHA512`
 * `WOLFSSL_SHA384`
 
+The approved FIPS source files are from the CyaSSL project v3.4.8.fips. The FIPS
+and FIPS-TEST files are from our FIPS project v3.4.8. For the wolfCAVP test
+the wolfSSL version used is v3.4.8.
 
 # Using the FIPS library
 
diff --git a/IDE/iOS/wolfssl-FIPS.xcodeproj/project.pbxproj b/IDE/iOS/wolfssl-FIPS.xcodeproj/project.pbxproj
index 001bdf155..1f14345f9 100644
--- a/IDE/iOS/wolfssl-FIPS.xcodeproj/project.pbxproj
+++ b/IDE/iOS/wolfssl-FIPS.xcodeproj/project.pbxproj
@@ -295,7 +295,7 @@
 			isa = PBXCopyFilesBuildPhase;
 			buildActionMask = 2147483647;
 			dstPath = include/wolfssl;
-			dstSubfolderSpec = 16;
+			dstSubfolderSpec = 7;
 			files = (
 				521646C41A8A7FE10062516A /* callbacks.h in CopyFiles */,
 				521646C51A8A7FE10062516A /* certs_test.h in CopyFiles */,
@@ -917,6 +917,7 @@
 					$SRCROOT,
 					$PROJECT_DIR/../..,
 				);
+				IPHONEOS_DEPLOYMENT_TARGET = 8.1;
 				OTHER_CFLAGS = "";
 				OTHER_LDFLAGS = "";
 				PRODUCT_NAME = wolfssl;
@@ -947,6 +948,7 @@
 					$SRCROOT,
 					$PROJECT_DIR/../..,
 				);
+				IPHONEOS_DEPLOYMENT_TARGET = 8.1;
 				OTHER_CFLAGS = "";
 				OTHER_LDFLAGS = "";
 				PRODUCT_NAME = wolfssl;
diff --git a/IDE/iOS/wolfssl.xcodeproj/project.pbxproj b/IDE/iOS/wolfssl.xcodeproj/project.pbxproj
index 14fd4e4d6..0de405b73 100644
--- a/IDE/iOS/wolfssl.xcodeproj/project.pbxproj
+++ b/IDE/iOS/wolfssl.xcodeproj/project.pbxproj
@@ -283,7 +283,7 @@
 			isa = PBXCopyFilesBuildPhase;
 			buildActionMask = 2147483647;
 			dstPath = include/wolfssl;
-			dstSubfolderSpec = 16;
+			dstSubfolderSpec = 7;
 			files = (
 				521646C41A8A7FE10062516A /* callbacks.h in CopyFiles */,
 				521646C51A8A7FE10062516A /* certs_test.h in CopyFiles */,
diff --git a/README b/README
index d9e982f38..f5c77acc5 100644
--- a/README
+++ b/README
@@ -37,7 +37,20 @@ before calling wolfSSL_new();  Though it's not recommended.
 - GNU Binutils 2.24 ld has problems with some debug builds, to fix an ld error
   add -fdebug-types-section to C_EXTRA_FLAGS
 
-wolfSSL (Formerly CyaSSL) Release 3.4.6 (03/30/2015)
+wolfSSL (Formerly CyaSSL) Release 3.4.8 (04/06/2015)
+
+Release 3.4.8 of wolfSSL has bug fixes and new features including:
+
+- FIPS version submitted for iOS.
+- Max Strength build that only allows TLSv1.2, AEAD ciphers, and PFS.
+- Improvements to usage of time code.
+- Improvements to VS solution files.
+
+See INSTALL file for build instructions.
+More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html
+
+
+ *****************wolfSSL (Formerly CyaSSL) Release 3.4.6 (03/30/2015)
 
 Release 3.4.6 of wolfSSL has bug fixes and new features including:
 
diff --git a/README.md b/README.md
index 59c77e37c..a490ac2ff 100644
--- a/README.md
+++ b/README.md
@@ -38,6 +38,19 @@ before calling wolfSSL_new();  Though it's not recommended.
 - GNU Binutils 2.24 ld has problems with some debug builds, to fix an ld error
   add -fdebug-types-section to C_EXTRA_FLAGS
 
+#wolfSSL (Formerly CyaSSL) Release 3.4.8 (04/06/2015)
+
+##Release 3.4.8 of wolfSSL has bug fixes and new features including:
+
+- FIPS version submitted for iOS.
+- Max Strength build that only allows TLSv1.2, AEAD ciphers, and PFS.
+- Improvements to usage of time code.
+- Improvements to VS solution files.
+
+See INSTALL file for build instructions.
+More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html
+
+
 #wolfSSL (Formerly CyaSSL) Release 3.4.6 (03/30/2015)
 
 ##Release 3.4.6 of wolfSSL has bug fixes and new features including:
diff --git a/configure.ac b/configure.ac
index 45a687368..cdad2c153 100644
--- a/configure.ac
+++ b/configure.ac
@@ -6,7 +6,7 @@
 #
 #
 
-AC_INIT([wolfssl],[3.4.7],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[http://www.wolfssl.com])
+AC_INIT([wolfssl],[3.4.8],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[http://www.wolfssl.com])
 
 AC_CONFIG_AUX_DIR([build-aux])
 
diff --git a/examples/client/client.vcxproj b/examples/client/client.vcxproj
index 4442c56fd..dec191d7a 100644
--- a/examples/client/client.vcxproj
+++ b/examples/client/client.vcxproj
@@ -9,6 +9,22 @@
       <Configuration>Debug</Configuration>
       <Platform>x64</Platform>
     </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Debug|Win32">
+      <Configuration>DLL Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Debug|x64">
+      <Configuration>DLL Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Release|Win32">
+      <Configuration>DLL Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Release|x64">
+      <Configuration>DLL Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
     <ProjectConfiguration Include="Release|Win32">
       <Configuration>Release</Configuration>
       <Platform>Win32</Platform>
@@ -30,56 +46,114 @@
     <CharacterSet>Unicode</CharacterSet>
     <WholeProgramOptimization>true</WholeProgramOptimization>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
     <PlatformToolset>v110</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
     <WholeProgramOptimization>true</WholeProgramOptimization>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
     <PlatformToolset>v110</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
     <PlatformToolset>v110</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
   <ImportGroup Label="ExtensionSettings">
   </ImportGroup>
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
   <PropertyGroup Label="UserMacros" />
   <PropertyGroup>
     <_ProjectFileVersion>11.0.61030.0</_ProjectFileVersion>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
     <OutDir>$(SolutionDir)$(Configuration)\</OutDir>
-    <IntDir>$(Configuration)\</IntDir>
+    <IntDir>$(Configuration)\obj\</IntDir>
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'">
+    <OutDir>$(SolutionDir)$(Configuration)\</OutDir>
+    <IntDir>$(Configuration)\obj\</IntDir>
     <LinkIncremental>true</LinkIncremental>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
     <LinkIncremental>true</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>
+    <IntDir>$(Platform)\$(Configuration)\obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">
+    <LinkIncremental>true</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>
+    <IntDir>$(Platform)\$(Configuration)\obj\</IntDir>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
     <OutDir>$(SolutionDir)$(Configuration)\</OutDir>
-    <IntDir>$(Configuration)\</IntDir>
+    <IntDir>$(Configuration)\obj\</IntDir>
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'">
+    <OutDir>$(SolutionDir)$(Configuration)\</OutDir>
+    <IntDir>$(Configuration)\obj\</IntDir>
     <LinkIncremental>false</LinkIncremental>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
     <LinkIncremental>false</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>
+    <IntDir>$(Platform)\$(Configuration)\obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">
+    <LinkIncremental>false</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>
+    <IntDir>$(Platform)\$(Configuration)\obj\</IntDir>
   </PropertyGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
     <ClCompile>
@@ -101,6 +175,26 @@
       <ImageHasSafeExceptionHandlers>false</ImageHasSafeExceptionHandlers>
     </Link>
   </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;OPENSSL_EXTRA;NO_PSK;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MinimalRebuild>true</MinimalRebuild>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>EditAndContinue</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <TargetMachine>MachineX86</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
     <ClCompile>
       <Optimization>Disabled</Optimization>
@@ -119,6 +213,24 @@
       <SubSystem>Console</SubSystem>
     </Link>
   </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;OPENSSL_EXTRA;NO_PSK;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+    </Link>
+  </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
     <ClCompile>
       <Optimization>MaxSpeed</Optimization>
@@ -141,6 +253,28 @@
       <ImageHasSafeExceptionHandlers>false</ImageHasSafeExceptionHandlers>
     </Link>
   </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <AdditionalIncludeDirectories>../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;OPENSSL_EXTRA;NO_PSK;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <TargetMachine>MachineX86</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
     <ClCompile>
       <Optimization>MaxSpeed</Optimization>
@@ -162,6 +296,27 @@
       <EnableCOMDATFolding>true</EnableCOMDATFolding>
     </Link>
   </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <AdditionalIncludeDirectories>../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;OPENSSL_EXTRA;NO_PSK;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+    </Link>
+  </ItemDefinitionGroup>
   <ItemGroup>
     <ClCompile Include="client.c" />
   </ItemGroup>
diff --git a/examples/echoclient/echoclient.vcxproj b/examples/echoclient/echoclient.vcxproj
index 342bb9ca5..a3a60545a 100644
--- a/examples/echoclient/echoclient.vcxproj
+++ b/examples/echoclient/echoclient.vcxproj
@@ -9,6 +9,22 @@
       <Configuration>Debug</Configuration>
       <Platform>x64</Platform>
     </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Debug|Win32">
+      <Configuration>DLL Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Debug|x64">
+      <Configuration>DLL Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Release|Win32">
+      <Configuration>DLL Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Release|x64">
+      <Configuration>DLL Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
     <ProjectConfiguration Include="Release|Win32">
       <Configuration>Release</Configuration>
       <Platform>Win32</Platform>
@@ -30,56 +46,114 @@
     <CharacterSet>Unicode</CharacterSet>
     <WholeProgramOptimization>true</WholeProgramOptimization>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
     <PlatformToolset>v110</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
     <WholeProgramOptimization>true</WholeProgramOptimization>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
     <PlatformToolset>v110</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
     <PlatformToolset>v110</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
   <ImportGroup Label="ExtensionSettings">
   </ImportGroup>
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
   <PropertyGroup Label="UserMacros" />
   <PropertyGroup>
     <_ProjectFileVersion>11.0.61030.0</_ProjectFileVersion>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
     <OutDir>$(SolutionDir)$(Configuration)\</OutDir>
-    <IntDir>$(Configuration)\</IntDir>
+    <IntDir>$(Configuration)\obj\</IntDir>
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'">
+    <OutDir>$(SolutionDir)$(Configuration)\</OutDir>
+    <IntDir>$(Configuration)\obj\</IntDir>
     <LinkIncremental>true</LinkIncremental>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
     <LinkIncremental>true</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>
+    <IntDir>$(Platform)\$(Configuration)\obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">
+    <LinkIncremental>true</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>
+    <IntDir>$(Platform)\$(Configuration)\obj\</IntDir>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
     <OutDir>$(SolutionDir)$(Configuration)\</OutDir>
-    <IntDir>$(Configuration)\</IntDir>
+    <IntDir>$(Configuration)\obj\</IntDir>
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'">
+    <OutDir>$(SolutionDir)$(Configuration)\</OutDir>
+    <IntDir>$(Configuration)\obj\</IntDir>
     <LinkIncremental>false</LinkIncremental>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
     <LinkIncremental>false</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>
+    <IntDir>$(Platform)\$(Configuration)\obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">
+    <LinkIncremental>false</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>
+    <IntDir>$(Platform)\$(Configuration)\obj\</IntDir>
   </PropertyGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
     <ClCompile>
@@ -102,6 +176,26 @@
 
     </Link>
   </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;OPENSSL_EXTRA;NO_PSK;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MinimalRebuild>true</MinimalRebuild>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>EditAndContinue</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <TargetMachine>MachineX86</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
     <ClCompile>
       <Optimization>Disabled</Optimization>
@@ -120,6 +214,24 @@
       <SubSystem>Console</SubSystem>
     </Link>
   </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;OPENSSL_EXTRA;NO_PSK;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+    </Link>
+  </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
     <ClCompile>
       <Optimization>MaxSpeed</Optimization>
@@ -143,6 +255,28 @@
 
     </Link>
   </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <AdditionalIncludeDirectories>../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;OPENSSL_EXTRA;NO_PSK;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <TargetMachine>MachineX86</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
     <ClCompile>
       <Optimization>MaxSpeed</Optimization>
@@ -164,6 +298,27 @@
       <EnableCOMDATFolding>true</EnableCOMDATFolding>
     </Link>
   </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <AdditionalIncludeDirectories>../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;OPENSSL_EXTRA;NO_PSK;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+    </Link>
+  </ItemDefinitionGroup>
   <ItemGroup>
     <ClCompile Include="echoclient.c" />
   </ItemGroup>
diff --git a/examples/echoserver/echoserver.vcxproj b/examples/echoserver/echoserver.vcxproj
index a9c210cbd..096ba75c6 100644
--- a/examples/echoserver/echoserver.vcxproj
+++ b/examples/echoserver/echoserver.vcxproj
@@ -9,6 +9,22 @@
       <Configuration>Debug</Configuration>
       <Platform>x64</Platform>
     </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Debug|Win32">
+      <Configuration>DLL Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Debug|x64">
+      <Configuration>DLL Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Release|Win32">
+      <Configuration>DLL Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Release|x64">
+      <Configuration>DLL Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
     <ProjectConfiguration Include="Release|Win32">
       <Configuration>Release</Configuration>
       <Platform>Win32</Platform>
@@ -30,56 +46,114 @@
     <CharacterSet>Unicode</CharacterSet>
     <WholeProgramOptimization>true</WholeProgramOptimization>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
     <PlatformToolset>v110</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
     <WholeProgramOptimization>true</WholeProgramOptimization>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
     <PlatformToolset>v110</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
     <PlatformToolset>v110</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
   <ImportGroup Label="ExtensionSettings">
   </ImportGroup>
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
   <PropertyGroup Label="UserMacros" />
   <PropertyGroup>
     <_ProjectFileVersion>11.0.61030.0</_ProjectFileVersion>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
     <OutDir>$(SolutionDir)$(Configuration)\</OutDir>
-    <IntDir>$(Configuration)\</IntDir>
+    <IntDir>$(Configuration)\obj\</IntDir>
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'">
+    <OutDir>$(SolutionDir)$(Configuration)\</OutDir>
+    <IntDir>$(Configuration)\obj\</IntDir>
     <LinkIncremental>true</LinkIncremental>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
     <LinkIncremental>true</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>
+    <IntDir>$(Platform)\$(Configuration)\obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">
+    <LinkIncremental>true</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>
+    <IntDir>$(Platform)\$(Configuration)\obj\</IntDir>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
     <OutDir>$(SolutionDir)$(Configuration)\</OutDir>
-    <IntDir>$(Configuration)\</IntDir>
+    <IntDir>$(Configuration)\obj\</IntDir>
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'">
+    <OutDir>$(SolutionDir)$(Configuration)\</OutDir>
+    <IntDir>$(Configuration)\obj\</IntDir>
     <LinkIncremental>false</LinkIncremental>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
     <LinkIncremental>false</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>
+    <IntDir>$(Platform)\$(Configuration)\obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">
+    <LinkIncremental>false</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>
+    <IntDir>$(Platform)\$(Configuration)\obj\</IntDir>
   </PropertyGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
     <ClCompile>
@@ -102,6 +176,26 @@
 
     </Link>
   </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>USE_ANY_ADDR;OPENSSL_EXTRA;NO_PSK;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MinimalRebuild>true</MinimalRebuild>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>EditAndContinue</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <TargetMachine>MachineX86</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
     <ClCompile>
       <Optimization>Disabled</Optimization>
@@ -120,6 +214,24 @@
       <SubSystem>Console</SubSystem>
     </Link>
   </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>USE_ANY_ADDR;OPENSSL_EXTRA;NO_PSK;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+    </Link>
+  </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
     <ClCompile>
       <Optimization>MaxSpeed</Optimization>
@@ -142,6 +254,28 @@
       <ImageHasSafeExceptionHandlers>false</ImageHasSafeExceptionHandlers>
     </Link>
   </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <AdditionalIncludeDirectories>../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>USE_ANY_ADDR;OPENSSL_EXTRA;NO_PSK;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <TargetMachine>MachineX86</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
     <ClCompile>
       <Optimization>MaxSpeed</Optimization>
@@ -163,6 +297,27 @@
       <EnableCOMDATFolding>true</EnableCOMDATFolding>
     </Link>
   </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <AdditionalIncludeDirectories>../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>USE_ANY_ADDR;OPENSSL_EXTRA;NO_PSK;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+    </Link>
+  </ItemDefinitionGroup>
   <ItemGroup>
     <ClCompile Include="echoserver.c" />
   </ItemGroup>
diff --git a/examples/server/server.vcxproj b/examples/server/server.vcxproj
index dc31fd672..f6b53fc57 100644
--- a/examples/server/server.vcxproj
+++ b/examples/server/server.vcxproj
@@ -9,6 +9,22 @@
       <Configuration>Debug</Configuration>
       <Platform>x64</Platform>
     </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Debug|Win32">
+      <Configuration>DLL Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Debug|x64">
+      <Configuration>DLL Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Release|Win32">
+      <Configuration>DLL Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Release|x64">
+      <Configuration>DLL Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
     <ProjectConfiguration Include="Release|Win32">
       <Configuration>Release</Configuration>
       <Platform>Win32</Platform>
@@ -30,56 +46,114 @@
     <CharacterSet>Unicode</CharacterSet>
     <WholeProgramOptimization>true</WholeProgramOptimization>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
     <PlatformToolset>v110</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
     <WholeProgramOptimization>true</WholeProgramOptimization>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
     <PlatformToolset>v110</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
     <PlatformToolset>v110</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
   <ImportGroup Label="ExtensionSettings">
   </ImportGroup>
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
   <PropertyGroup Label="UserMacros" />
   <PropertyGroup>
     <_ProjectFileVersion>11.0.61030.0</_ProjectFileVersion>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
     <OutDir>$(SolutionDir)$(Configuration)\</OutDir>
-    <IntDir>$(Configuration)\</IntDir>
+    <IntDir>$(Configuration)\obj\</IntDir>
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'">
+    <OutDir>$(SolutionDir)$(Configuration)\</OutDir>
+    <IntDir>$(Configuration)\obj\</IntDir>
     <LinkIncremental>true</LinkIncremental>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
     <LinkIncremental>true</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>
+    <IntDir>$(Platform)\$(Configuration)\obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">
+    <LinkIncremental>true</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>
+    <IntDir>$(Platform)\$(Configuration)\obj\</IntDir>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
     <OutDir>$(SolutionDir)$(Configuration)\</OutDir>
-    <IntDir>$(Configuration)\</IntDir>
+    <IntDir>$(Configuration)\obj\</IntDir>
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'">
+    <OutDir>$(SolutionDir)$(Configuration)\</OutDir>
+    <IntDir>$(Configuration)\obj\</IntDir>
     <LinkIncremental>false</LinkIncremental>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
     <LinkIncremental>false</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>
+    <IntDir>$(Platform)\$(Configuration)\obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">
+    <LinkIncremental>false</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>
+    <IntDir>$(Platform)\$(Configuration)\obj\</IntDir>
   </PropertyGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
     <ClCompile>
@@ -102,6 +176,26 @@
 
     </Link>
   </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;OPENSSL_EXTRA;NO_PSK;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MinimalRebuild>true</MinimalRebuild>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>EditAndContinue</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <TargetMachine>MachineX86</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
     <ClCompile>
       <Optimization>Disabled</Optimization>
@@ -120,6 +214,24 @@
       <SubSystem>Console</SubSystem>
     </Link>
   </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;OPENSSL_EXTRA;NO_PSK;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+    </Link>
+  </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
     <ClCompile>
       <Optimization>MaxSpeed</Optimization>
@@ -143,6 +255,28 @@
 
     </Link>
   </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <AdditionalIncludeDirectories>../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;OPENSSL_EXTRA;NO_PSK;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <TargetMachine>MachineX86</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
     <ClCompile>
       <Optimization>MaxSpeed</Optimization>
@@ -164,6 +298,27 @@
       <EnableCOMDATFolding>true</EnableCOMDATFolding>
     </Link>
   </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <AdditionalIncludeDirectories>../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;OPENSSL_EXTRA;NO_PSK;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+    </Link>
+  </ItemDefinitionGroup>
   <ItemGroup>
     <ClCompile Include="server.c" />
   </ItemGroup>
diff --git a/src/internal.c b/src/internal.c
index 4f644fd2f..39e3beb90 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -7589,6 +7589,8 @@ startScr:
             if (ssl->error == SOCKET_ERROR_E) {
                 if (ssl->options.connReset || ssl->options.isClosed) {
                     WOLFSSL_MSG("Peer reset or closed, connection done");
+                    ssl->error = SOCKET_PEER_CLOSED_E;
+                    WOLFSSL_ERROR(ssl->error);
                     return 0;     /* peer reset or closed */
                 }
             }
@@ -8002,6 +8004,12 @@ const char* wolfSSL_ERR_reason_error_string(unsigned long e)
     case DUPLICATE_MSG_E:
         return "Duplicate HandShake message Error";
 
+    case SNI_UNSUPPORTED:
+        return "Protocol version does not support SNI Error";
+
+    case SOCKET_PEER_CLOSED_E:
+        return "Peer closed underlying transport Error";
+
     default :
         return "unknown error number";
     }
diff --git a/sslSniffer/sslSniffer.vcxproj b/sslSniffer/sslSniffer.vcxproj
index 7419737c1..56404e997 100644
--- a/sslSniffer/sslSniffer.vcxproj
+++ b/sslSniffer/sslSniffer.vcxproj
@@ -67,19 +67,23 @@
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
     <OutDir>$(SolutionDir)$(Configuration)\</OutDir>
-    <IntDir>$(Configuration)\</IntDir>
+    <IntDir>$(Configuration)\obj\</IntDir>
     <LinkIncremental>true</LinkIncremental>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
     <LinkIncremental>true</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>
+    <IntDir>$(Platform)\$(Configuration)\obj\</IntDir>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
     <OutDir>$(SolutionDir)$(Configuration)\</OutDir>
-    <IntDir>$(Configuration)\</IntDir>
+    <IntDir>$(Configuration)\obj\</IntDir>
     <LinkIncremental>false</LinkIncremental>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
     <LinkIncremental>false</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>
+    <IntDir>$(Platform)\$(Configuration)\obj\</IntDir>
   </PropertyGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
     <ClCompile>
@@ -166,7 +170,7 @@
     <ClCompile Include="..\src\sniffer.c" />
   </ItemGroup>
   <ItemGroup>
-    <ClInclude Include="..\include\sniffer.h" />
+    <ClInclude Include="..\wolfssl\sniffer.h" />
   </ItemGroup>
   <ItemGroup>
     <ResourceCompile Include="..\wolfssl\sniffer_error.rc" />
diff --git a/support/wolfssl.pc b/support/wolfssl.pc
index 1265e7ce0..c07ae3ea2 100644
--- a/support/wolfssl.pc
+++ b/support/wolfssl.pc
@@ -5,6 +5,6 @@ includedir=${prefix}/include
 
 Name: wolfssl
 Description: wolfssl C library.
-Version: 3.4.7
+Version: 3.4.8
 Libs: -L${libdir} -lwolfssl
 Cflags: -I${includedir}
diff --git a/testsuite/testsuite.vcxproj b/testsuite/testsuite.vcxproj
index f7d5f16b5..484a87584 100644
--- a/testsuite/testsuite.vcxproj
+++ b/testsuite/testsuite.vcxproj
@@ -9,6 +9,22 @@
       <Configuration>Debug</Configuration>
       <Platform>x64</Platform>
     </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Debug|Win32">
+      <Configuration>DLL Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Debug|x64">
+      <Configuration>DLL Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Release|Win32">
+      <Configuration>DLL Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Release|x64">
+      <Configuration>DLL Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
     <ProjectConfiguration Include="Release|Win32">
       <Configuration>Release</Configuration>
       <Platform>Win32</Platform>
@@ -30,56 +46,114 @@
     <CharacterSet>Unicode</CharacterSet>
     <WholeProgramOptimization>true</WholeProgramOptimization>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
     <PlatformToolset>v110</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
     <WholeProgramOptimization>true</WholeProgramOptimization>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
     <PlatformToolset>v110</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
     <PlatformToolset>v110</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
   <ImportGroup Label="ExtensionSettings">
   </ImportGroup>
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
   <PropertyGroup Label="UserMacros" />
   <PropertyGroup>
     <_ProjectFileVersion>11.0.61030.0</_ProjectFileVersion>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
     <OutDir>$(SolutionDir)$(Configuration)\</OutDir>
-    <IntDir>$(Configuration)\</IntDir>
+    <IntDir>$(Configuration)\obj\</IntDir>
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'">
+    <OutDir>$(SolutionDir)$(Configuration)\</OutDir>
+    <IntDir>$(Configuration)\obj\</IntDir>
     <LinkIncremental>true</LinkIncremental>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
     <LinkIncremental>true</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>
+    <IntDir>$(Platform)\$(Configuration)\obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">
+    <LinkIncremental>true</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>
+    <IntDir>$(Platform)\$(Configuration)\obj\</IntDir>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
     <OutDir>$(SolutionDir)$(Configuration)\</OutDir>
-    <IntDir>$(Configuration)\</IntDir>
+    <IntDir>$(Configuration)\obj\</IntDir>
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'">
+    <OutDir>$(SolutionDir)$(Configuration)\</OutDir>
+    <IntDir>$(Configuration)\obj\</IntDir>
     <LinkIncremental>false</LinkIncremental>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
     <LinkIncremental>false</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>
+    <IntDir>$(Platform)\$(Configuration)\obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">
+    <LinkIncremental>false</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>
+    <IntDir>$(Platform)\$(Configuration)\obj\</IntDir>
   </PropertyGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
     <ClCompile>
@@ -101,6 +175,26 @@
     <ImageHasSafeExceptionHandlers>false</ImageHasSafeExceptionHandlers>
     </Link>
   </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>NO_MAIN_DRIVER;WOLFSSL_RIPEMD;WOLFSSL_SHA512;OPENSSL_EXTRA;NO_PSK;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MinimalRebuild>true</MinimalRebuild>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>EditAndContinue</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <TargetMachine>MachineX86</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
     <ClCompile>
       <Optimization>Disabled</Optimization>
@@ -119,6 +213,24 @@
       <SubSystem>Console</SubSystem>
     </Link>
   </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>NO_MAIN_DRIVER;WOLFSSL_RIPEMD;WOLFSSL_SHA512;OPENSSL_EXTRA;NO_PSK;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+    </Link>
+  </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
     <ClCompile>
       <Optimization>MaxSpeed</Optimization>
@@ -141,6 +253,28 @@
       <ImageHasSafeExceptionHandlers>false</ImageHasSafeExceptionHandlers>
     </Link>
   </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <AdditionalIncludeDirectories>../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>NO_MAIN_DRIVER;WOLFSSL_RIPEMD;WOLFSSL_SHA512;OPENSSL_EXTRA;NO_PSK;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <TargetMachine>MachineX86</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
     <ClCompile>
       <Optimization>MaxSpeed</Optimization>
@@ -162,6 +296,27 @@
       <EnableCOMDATFolding>true</EnableCOMDATFolding>
     </Link>
   </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <AdditionalIncludeDirectories>../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>NO_MAIN_DRIVER;WOLFSSL_RIPEMD;WOLFSSL_SHA512;OPENSSL_EXTRA;NO_PSK;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+    </Link>
+  </ItemDefinitionGroup>
   <ItemGroup>
     <ClCompile Include="..\examples\client\client.c" />
     <ClCompile Include="..\examples\echoclient\echoclient.c" />
diff --git a/wolfcrypt/src/asm.c b/wolfcrypt/src/asm.c
index 016225df1..08dc21d16 100755
--- a/wolfcrypt/src/asm.c
+++ b/wolfcrypt/src/asm.c
@@ -65,9 +65,11 @@
 #define CPUID_AVX2   0x2
 #define CPUID_RDRAND 0x4
 #define CPUID_RDSEED 0x8
+#define CPUID_BMI2   0x10
 
 #define IS_INTEL_AVX1       (cpuid_flags&CPUID_AVX1)
 #define IS_INTEL_AVX2       (cpuid_flags&CPUID_AVX2)
+#define IS_INTEL_BMI2       (cpuid_flags&CPUID_BMI2)
 #define IS_INTEL_RDRAND     (cpuid_flags&CPUID_RDRAND)
 #define IS_INTEL_RDSEED     (cpuid_flags&CPUID_RDSEED)
 #define SET_FLAGS         
@@ -95,7 +97,7 @@ static word32 cpuid_flag(word32 leaf, word32 sub, word32 num, word32 bit) {
 
 INLINE static int set_cpuid_flags(void) {  
     if(cpuid_check == 0) {
-        if(cpuid_flag(7, 0, EBX, 5)){  cpuid_flags |= CPUID_AVX2 ; }
+        if(cpuid_flag(7, 0, EBX, 8)){  cpuid_flags |= CPUID_BMI2 ; }
 		cpuid_check = 1 ;
 		return 0 ;
     }
@@ -105,7 +107,7 @@ INLINE static int set_cpuid_flags(void) {
 #define RETURN return
 #define IF_HAVE_INTEL_MULX(func, ret)    \
    if(cpuid_check==0)set_cpuid_flags() ; \
-   if(IS_INTEL_AVX2){  func;  ret ;  }
+   if(IS_INTEL_BMI2){  func;  ret ;  }
 
 #else
     #define IF_HAVE_INTEL_MULX(func, ret)
diff --git a/wolfssl.vcxproj b/wolfssl.vcxproj
index cf057198a..8a95297e1 100644
--- a/wolfssl.vcxproj
+++ b/wolfssl.vcxproj
@@ -9,6 +9,22 @@
       <Configuration>Debug</Configuration>
       <Platform>x64</Platform>
     </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Debug|Win32">
+      <Configuration>DLL Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Debug|x64">
+      <Configuration>DLL Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Release|Win32">
+      <Configuration>DLL Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Release|x64">
+      <Configuration>DLL Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
     <ProjectConfiguration Include="Release|Win32">
       <Configuration>Release</Configuration>
       <Platform>Win32</Platform>
@@ -30,51 +46,104 @@
     <CharacterSet>Unicode</CharacterSet>
     <WholeProgramOptimization>true</WholeProgramOptimization>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
     <ConfigurationType>StaticLibrary</ConfigurationType>
     <PlatformToolset>v110</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
     <WholeProgramOptimization>true</WholeProgramOptimization>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
     <ConfigurationType>StaticLibrary</ConfigurationType>
     <PlatformToolset>v110</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
     <ConfigurationType>StaticLibrary</ConfigurationType>
     <PlatformToolset>v110</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
   <ImportGroup Label="ExtensionSettings">
   </ImportGroup>
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
   <PropertyGroup Label="UserMacros" />
-  <PropertyGroup>
-    <_ProjectFileVersion>11.0.61030.0</_ProjectFileVersion>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <OutDir>$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>
+    <IntDir>$(Platform)\$(Configuration)\obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <OutDir>$(SolutionDir)$(Configuration)\</OutDir>
+    <IntDir>$(Configuration)\obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <OutDir>$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>
+    <IntDir>$(Platform)\$(Configuration)\obj\</IntDir>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
     <OutDir>$(SolutionDir)$(Configuration)\</OutDir>
-    <IntDir>$(Configuration)\</IntDir>
+    <IntDir>$(Configuration)\obj\</IntDir>
   </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" />
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">
+    <OutDir>$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>
+    <IntDir>$(Platform)\$(Configuration)\obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'">
     <OutDir>$(SolutionDir)$(Configuration)\</OutDir>
-    <IntDir>$(Configuration)\</IntDir>
+    <IntDir>$(Configuration)\obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">
+    <OutDir>$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>
+    <IntDir>$(Platform)\$(Configuration)\obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'">
+    <OutDir>$(SolutionDir)$(Configuration)\</OutDir>
+    <IntDir>$(Configuration)\obj\</IntDir>
   </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" />
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
     <ClCompile>
       <Optimization>Disabled</Optimization>
@@ -89,6 +158,26 @@
       <DisableSpecificWarnings>4206;4214;4706;%(DisableSpecificWarnings)</DisableSpecificWarnings>
     </ClCompile>
   </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>./;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>OPENSSL_EXTRA;WOLFSSL_RIPEMD;WOLFSSL_SHA512;NO_PSK;BUILDING_WOLFSSL;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MinimalRebuild>true</MinimalRebuild>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level4</WarningLevel>
+      <DebugInformationFormat>EditAndContinue</DebugInformationFormat>
+      <DisableSpecificWarnings>4206;4214;4706;%(DisableSpecificWarnings)</DisableSpecificWarnings>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OptimizeReferences>false</OptimizeReferences>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
     <ClCompile>
       <Optimization>Disabled</Optimization>
@@ -103,6 +192,25 @@
       <DisableSpecificWarnings>4206;4214;4706;%(DisableSpecificWarnings)</DisableSpecificWarnings>
     </ClCompile>
   </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>./;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>OPENSSL_EXTRA;WOLFSSL_RIPEMD;WOLFSSL_SHA512;NO_PSK;BUILDING_WOLFSSL;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level4</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+      <DisableSpecificWarnings>4206;4214;4706;%(DisableSpecificWarnings)</DisableSpecificWarnings>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OptimizeReferences>false</OptimizeReferences>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
     <ClCompile>
       <Optimization>MaxSpeed</Optimization>
@@ -116,6 +224,24 @@
       <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
     </ClCompile>
   </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <AdditionalIncludeDirectories>./;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>OPENSSL_EXTRA;WOLFSSL_RIPEMD;WOLFSSL_SHA512;NO_PSK;BUILDING_WOLFSSL;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
     <ClCompile>
       <Optimization>MaxSpeed</Optimization>
@@ -130,6 +256,24 @@
       <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
     </ClCompile>
   </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <AdditionalIncludeDirectories>./;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>OPENSSL_EXTRA;WOLFSSL_RIPEMD;WOLFSSL_SHA512;NO_PSK;BUILDING_WOLFSSL;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
   <ItemGroup>
     <ClCompile Include="wolfcrypt\src\aes.c" />
     <ClCompile Include="wolfcrypt\src\arc4.c" />
@@ -169,14 +313,20 @@
   <ItemGroup>
     <CustomBuild Include="wolfcrypt\src\aes_asm.asm">
       <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">false</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">false</ExcludedFromBuild>
       <Command Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity)</Command>
+      <Command Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
       <Outputs Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">$(OutDir)%(Filename).obj</Outputs>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">$(IntDir)%(Filename).obj</Outputs>
       <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">false</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">false</ExcludedFromBuild>
       <Command Condition="'$(Configuration)|$(Platform)'=='Release|x64'">ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity)</Command>
+      <Command Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
       <Outputs Condition="'$(Configuration)|$(Platform)'=='Release|x64'">$(OutDir)%(Filename).obj</Outputs>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">$(IntDir)%(Filename).obj</Outputs>
     </CustomBuild>
   </ItemGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
   <ImportGroup Label="ExtensionTargets">
   </ImportGroup>
-</Project>
+</Project>
\ No newline at end of file
diff --git a/wolfssl/error-ssl.h b/wolfssl/error-ssl.h
index 732240382..0df2edb6e 100644
--- a/wolfssl/error-ssl.h
+++ b/wolfssl/error-ssl.h
@@ -127,6 +127,7 @@ enum wolfSSL_ErrorCodes {
     SANITY_MSG_E            = -394,        /* Sanity check on msg order error */
     DUPLICATE_MSG_E         = -395,        /* Duplicate message error */
     SNI_UNSUPPORTED         = -396,        /* SSL 3.0 does not support SNI */
+    SOCKET_PEER_CLOSED_E    = -397,        /* Underlying transport closed */
 
     /* add strings to SetErrorString !!!!! */
 
diff --git a/wolfssl/version.h b/wolfssl/version.h
index 54e92ffc0..c76e07613 100644
--- a/wolfssl/version.h
+++ b/wolfssl/version.h
@@ -26,8 +26,8 @@
 extern "C" {
 #endif
 
-#define LIBWOLFSSL_VERSION_STRING "3.4.7"
-#define LIBWOLFSSL_VERSION_HEX 0x03004007
+#define LIBWOLFSSL_VERSION_STRING "3.4.8"
+#define LIBWOLFSSL_VERSION_HEX 0x03004008
 
 #ifdef __cplusplus
 }
diff --git a/wolfssl/wolfcrypt/visibility.h b/wolfssl/wolfcrypt/visibility.h
index 05fd4754b..6e41d238f 100644
--- a/wolfssl/wolfcrypt/visibility.h
+++ b/wolfssl/wolfcrypt/visibility.h
@@ -47,7 +47,7 @@
         #define WOLFSSL_LOCAL __hidden
     #elif defined(_MSC_VER)
         #ifdef WOLFSSL_DLL
-            #define WOLFSSL_API extern __declspec(dllexport)
+            #define WOLFSSL_API __declspec(dllexport)
         #else
             #define WOLFSSL_API
         #endif
@@ -59,7 +59,7 @@
 #else /* BUILDING_WOLFSSL */
     #if defined(_MSC_VER)
         #ifdef WOLFSSL_DLL
-            #define WOLFSSL_API extern __declspec(dllimport)
+            #define WOLFSSL_API __declspec(dllimport)
         #else
             #define WOLFSSL_API
         #endif
diff --git a/wolfssl64.sln b/wolfssl64.sln
index 223ad75da..5e17787dc 100644
--- a/wolfssl64.sln
+++ b/wolfssl64.sln
@@ -1,6 +1,6 @@
 
 Microsoft Visual Studio Solution File, Format Version 12.00
-# Visual Studio Express 2012 for Windows Desktop
+# Visual Studio 2010
 Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "wolfssl", "wolfssl.vcxproj", "{73973223-5EE8-41CA-8E88-1D60E89A237B}"
 EndProject
 Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "testsuite", "testsuite\testsuite.vcxproj", "{611E8971-46E0-4D0A-B5A1-632C3B00CB80}"
@@ -19,6 +19,10 @@ Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Win32 = Debug|Win32
 		Debug|x64 = Debug|x64
+		DLL Debug|Win32 = DLL Debug|Win32
+		DLL Debug|x64 = DLL Debug|x64
+		DLL Release|Win32 = DLL Release|Win32
+		DLL Release|x64 = DLL Release|x64
 		Release|Win32 = Release|Win32
 		Release|x64 = Release|x64
 	EndGlobalSection
@@ -27,6 +31,14 @@ Global
 		{73973223-5EE8-41CA-8E88-1D60E89A237B}.Debug|Win32.Build.0 = Debug|Win32
 		{73973223-5EE8-41CA-8E88-1D60E89A237B}.Debug|x64.ActiveCfg = Debug|x64
 		{73973223-5EE8-41CA-8E88-1D60E89A237B}.Debug|x64.Build.0 = Debug|x64
+		{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Debug|Win32.ActiveCfg = DLL Debug|Win32
+		{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Debug|Win32.Build.0 = DLL Debug|Win32
+		{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Debug|x64.ActiveCfg = DLL Debug|x64
+		{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Debug|x64.Build.0 = DLL Debug|x64
+		{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Release|Win32.ActiveCfg = DLL Release|Win32
+		{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Release|Win32.Build.0 = DLL Release|Win32
+		{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Release|x64.ActiveCfg = DLL Release|x64
+		{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Release|x64.Build.0 = DLL Release|x64
 		{73973223-5EE8-41CA-8E88-1D60E89A237B}.Release|Win32.ActiveCfg = Release|Win32
 		{73973223-5EE8-41CA-8E88-1D60E89A237B}.Release|Win32.Build.0 = Release|Win32
 		{73973223-5EE8-41CA-8E88-1D60E89A237B}.Release|x64.ActiveCfg = Release|x64
@@ -35,6 +47,14 @@ Global
 		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Debug|Win32.Build.0 = Debug|Win32
 		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Debug|x64.ActiveCfg = Debug|x64
 		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Debug|x64.Build.0 = Debug|x64
+		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Debug|Win32.ActiveCfg = DLL Debug|Win32
+		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Debug|Win32.Build.0 = DLL Debug|Win32
+		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Debug|x64.ActiveCfg = DLL Debug|x64
+		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Debug|x64.Build.0 = DLL Debug|x64
+		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Release|Win32.ActiveCfg = DLL Release|Win32
+		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Release|Win32.Build.0 = DLL Release|Win32
+		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Release|x64.ActiveCfg = DLL Release|x64
+		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Release|x64.Build.0 = DLL Release|x64
 		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Release|Win32.ActiveCfg = Release|Win32
 		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Release|Win32.Build.0 = Release|Win32
 		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Release|x64.ActiveCfg = Release|x64
@@ -43,6 +63,10 @@ Global
 		{34FAE5A6-2B0F-4B55-86FE-0C43E4810F4D}.Debug|Win32.Build.0 = Debug|Win32
 		{34FAE5A6-2B0F-4B55-86FE-0C43E4810F4D}.Debug|x64.ActiveCfg = Debug|x64
 		{34FAE5A6-2B0F-4B55-86FE-0C43E4810F4D}.Debug|x64.Build.0 = Debug|x64
+		{34FAE5A6-2B0F-4B55-86FE-0C43E4810F4D}.DLL Debug|Win32.ActiveCfg = Debug|Win32
+		{34FAE5A6-2B0F-4B55-86FE-0C43E4810F4D}.DLL Debug|x64.ActiveCfg = Debug|x64
+		{34FAE5A6-2B0F-4B55-86FE-0C43E4810F4D}.DLL Release|Win32.ActiveCfg = Release|Win32
+		{34FAE5A6-2B0F-4B55-86FE-0C43E4810F4D}.DLL Release|x64.ActiveCfg = Release|x64
 		{34FAE5A6-2B0F-4B55-86FE-0C43E4810F4D}.Release|Win32.ActiveCfg = Release|Win32
 		{34FAE5A6-2B0F-4B55-86FE-0C43E4810F4D}.Release|Win32.Build.0 = Release|Win32
 		{34FAE5A6-2B0F-4B55-86FE-0C43E4810F4D}.Release|x64.ActiveCfg = Release|x64
@@ -51,6 +75,14 @@ Global
 		{07D97C48-E08F-4E34-9F67-3064039FF2CB}.Debug|Win32.Build.0 = Debug|Win32
 		{07D97C48-E08F-4E34-9F67-3064039FF2CB}.Debug|x64.ActiveCfg = Debug|x64
 		{07D97C48-E08F-4E34-9F67-3064039FF2CB}.Debug|x64.Build.0 = Debug|x64
+		{07D97C48-E08F-4E34-9F67-3064039FF2CB}.DLL Debug|Win32.ActiveCfg = DLL Debug|Win32
+		{07D97C48-E08F-4E34-9F67-3064039FF2CB}.DLL Debug|Win32.Build.0 = DLL Debug|Win32
+		{07D97C48-E08F-4E34-9F67-3064039FF2CB}.DLL Debug|x64.ActiveCfg = DLL Debug|x64
+		{07D97C48-E08F-4E34-9F67-3064039FF2CB}.DLL Debug|x64.Build.0 = DLL Debug|x64
+		{07D97C48-E08F-4E34-9F67-3064039FF2CB}.DLL Release|Win32.ActiveCfg = DLL Release|Win32
+		{07D97C48-E08F-4E34-9F67-3064039FF2CB}.DLL Release|Win32.Build.0 = DLL Release|Win32
+		{07D97C48-E08F-4E34-9F67-3064039FF2CB}.DLL Release|x64.ActiveCfg = DLL Release|x64
+		{07D97C48-E08F-4E34-9F67-3064039FF2CB}.DLL Release|x64.Build.0 = DLL Release|x64
 		{07D97C48-E08F-4E34-9F67-3064039FF2CB}.Release|Win32.ActiveCfg = Release|Win32
 		{07D97C48-E08F-4E34-9F67-3064039FF2CB}.Release|Win32.Build.0 = Release|Win32
 		{07D97C48-E08F-4E34-9F67-3064039FF2CB}.Release|x64.ActiveCfg = Release|x64
@@ -59,6 +91,14 @@ Global
 		{8362A816-C5DC-4E22-B5C5-9E6806387073}.Debug|Win32.Build.0 = Debug|Win32
 		{8362A816-C5DC-4E22-B5C5-9E6806387073}.Debug|x64.ActiveCfg = Debug|x64
 		{8362A816-C5DC-4E22-B5C5-9E6806387073}.Debug|x64.Build.0 = Debug|x64
+		{8362A816-C5DC-4E22-B5C5-9E6806387073}.DLL Debug|Win32.ActiveCfg = DLL Debug|Win32
+		{8362A816-C5DC-4E22-B5C5-9E6806387073}.DLL Debug|Win32.Build.0 = DLL Debug|Win32
+		{8362A816-C5DC-4E22-B5C5-9E6806387073}.DLL Debug|x64.ActiveCfg = DLL Debug|x64
+		{8362A816-C5DC-4E22-B5C5-9E6806387073}.DLL Debug|x64.Build.0 = DLL Debug|x64
+		{8362A816-C5DC-4E22-B5C5-9E6806387073}.DLL Release|Win32.ActiveCfg = DLL Release|Win32
+		{8362A816-C5DC-4E22-B5C5-9E6806387073}.DLL Release|Win32.Build.0 = DLL Release|Win32
+		{8362A816-C5DC-4E22-B5C5-9E6806387073}.DLL Release|x64.ActiveCfg = DLL Release|x64
+		{8362A816-C5DC-4E22-B5C5-9E6806387073}.DLL Release|x64.Build.0 = DLL Release|x64
 		{8362A816-C5DC-4E22-B5C5-9E6806387073}.Release|Win32.ActiveCfg = Release|Win32
 		{8362A816-C5DC-4E22-B5C5-9E6806387073}.Release|Win32.Build.0 = Release|Win32
 		{8362A816-C5DC-4E22-B5C5-9E6806387073}.Release|x64.ActiveCfg = Release|x64
@@ -67,6 +107,14 @@ Global
 		{3ADE9549-582D-4D8E-9826-B172197A7959}.Debug|Win32.Build.0 = Debug|Win32
 		{3ADE9549-582D-4D8E-9826-B172197A7959}.Debug|x64.ActiveCfg = Debug|x64
 		{3ADE9549-582D-4D8E-9826-B172197A7959}.Debug|x64.Build.0 = Debug|x64
+		{3ADE9549-582D-4D8E-9826-B172197A7959}.DLL Debug|Win32.ActiveCfg = DLL Debug|Win32
+		{3ADE9549-582D-4D8E-9826-B172197A7959}.DLL Debug|Win32.Build.0 = DLL Debug|Win32
+		{3ADE9549-582D-4D8E-9826-B172197A7959}.DLL Debug|x64.ActiveCfg = DLL Debug|x64
+		{3ADE9549-582D-4D8E-9826-B172197A7959}.DLL Debug|x64.Build.0 = DLL Debug|x64
+		{3ADE9549-582D-4D8E-9826-B172197A7959}.DLL Release|Win32.ActiveCfg = DLL Release|Win32
+		{3ADE9549-582D-4D8E-9826-B172197A7959}.DLL Release|Win32.Build.0 = DLL Release|Win32
+		{3ADE9549-582D-4D8E-9826-B172197A7959}.DLL Release|x64.ActiveCfg = DLL Release|x64
+		{3ADE9549-582D-4D8E-9826-B172197A7959}.DLL Release|x64.Build.0 = DLL Release|x64
 		{3ADE9549-582D-4D8E-9826-B172197A7959}.Release|Win32.ActiveCfg = Release|Win32
 		{3ADE9549-582D-4D8E-9826-B172197A7959}.Release|Win32.Build.0 = Release|Win32
 		{3ADE9549-582D-4D8E-9826-B172197A7959}.Release|x64.ActiveCfg = Release|x64
@@ -75,6 +123,14 @@ Global
 		{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.Debug|Win32.Build.0 = Debug|Win32
 		{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.Debug|x64.ActiveCfg = Debug|x64
 		{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.Debug|x64.Build.0 = Debug|x64
+		{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.DLL Debug|Win32.ActiveCfg = DLL Debug|Win32
+		{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.DLL Debug|Win32.Build.0 = DLL Debug|Win32
+		{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.DLL Debug|x64.ActiveCfg = DLL Debug|x64
+		{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.DLL Debug|x64.Build.0 = DLL Debug|x64
+		{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.DLL Release|Win32.ActiveCfg = DLL Release|Win32
+		{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.DLL Release|Win32.Build.0 = DLL Release|Win32
+		{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.DLL Release|x64.ActiveCfg = DLL Release|x64
+		{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.DLL Release|x64.Build.0 = DLL Release|x64
 		{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.Release|Win32.ActiveCfg = Release|Win32
 		{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.Release|Win32.Build.0 = Release|Win32
 		{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.Release|x64.ActiveCfg = Release|x64

From 875ad2dc8ef33eb13090e46a82b37609945e66df Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Tue, 7 Apr 2015 13:41:29 -0700
Subject: [PATCH 027/350] forced iphone os deployment version to 8.1 in FIPS
 project

---
 IDE/iOS/wolfssl-FIPS.xcodeproj/project.pbxproj | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/IDE/iOS/wolfssl-FIPS.xcodeproj/project.pbxproj b/IDE/iOS/wolfssl-FIPS.xcodeproj/project.pbxproj
index 1f14345f9..d903641b8 100644
--- a/IDE/iOS/wolfssl-FIPS.xcodeproj/project.pbxproj
+++ b/IDE/iOS/wolfssl-FIPS.xcodeproj/project.pbxproj
@@ -865,7 +865,7 @@
 				GCC_WARN_ABOUT_RETURN_TYPE = YES;
 				GCC_WARN_UNINITIALIZED_AUTOS = YES;
 				GCC_WARN_UNUSED_VARIABLE = YES;
-				IPHONEOS_DEPLOYMENT_TARGET = 6.1;
+				IPHONEOS_DEPLOYMENT_TARGET = 8.1;
 				ONLY_ACTIVE_ARCH = YES;
 				SDKROOT = iphoneos;
 				USER_HEADER_SEARCH_PATHS = "wolfssl/wolfcrypt wolfssl include";
@@ -888,7 +888,7 @@
 				GCC_WARN_ABOUT_RETURN_TYPE = YES;
 				GCC_WARN_UNINITIALIZED_AUTOS = YES;
 				GCC_WARN_UNUSED_VARIABLE = YES;
-				IPHONEOS_DEPLOYMENT_TARGET = 6.1;
+				IPHONEOS_DEPLOYMENT_TARGET = 8.1;
 				SDKROOT = iphoneos;
 				USER_HEADER_SEARCH_PATHS = "wolfssl/wolfcrypt wolfssl include";
 				VALIDATE_PRODUCT = NO;

From cf95bc23bb7db590bdc9accbb0444d8b4dd0f37a Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Tue, 7 Apr 2015 14:57:40 -0700
Subject: [PATCH 028/350] on process server_key_exchange only do hash(es)
 required

---
 src/internal.c      | 194 ++++++++++++++++++++++++++++++++------------
 wolfcrypt/src/asn.c |   5 +-
 2 files changed, 143 insertions(+), 56 deletions(-)

diff --git a/src/internal.c b/src/internal.c
index 39e3beb90..ab13a56a5 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -9977,6 +9977,20 @@ static void PickHashSigAlgo(WOLFSSL* ssl,
         byte    sigAlgo  = ssl->specs.sig_algo;
         word16  verifySz = (word16) (*inOutIdx - begin);
 
+#ifndef NO_OLD_TLS
+        byte doMd5 = 0;
+        byte doSha = 0;
+#endif
+#ifndef NO_SHA256
+        byte doSha256 = 0;
+#endif
+#ifdef WOLFSSL_SHA384
+        byte doSha384 = 0;
+#endif
+#ifdef WOLFSSL_SHA512
+        byte doSha512 = 0;
+#endif
+
         (void)hash;
         (void)sigAlgo;
         (void)hashAlgo;
@@ -9995,11 +10009,60 @@ static void PickHashSigAlgo(WOLFSSL* ssl,
         XMEMCPY(messageVerify, input + begin, verifySz);
 
         if (IsAtLeastTLSv1_2(ssl)) {
+            byte setHash = 0;
             if ((*inOutIdx - begin) + ENUM_LEN + ENUM_LEN > size)
                 ERROR_OUT(BUFFER_ERROR, done);
 
             hashAlgo = input[(*inOutIdx)++];
             sigAlgo  = input[(*inOutIdx)++];
+
+            switch (hashAlgo) {
+                case sha512_mac:
+                    #ifdef WOLFSSL_SHA512
+                        doSha512 = 1;
+                        setHash  = 1;
+                    #endif
+                    break;
+
+                case sha384_mac:
+                    #ifdef WOLFSSL_SHA384
+                        doSha384 = 1;
+                        setHash  = 1;
+                    #endif
+                    break;
+
+                case sha256_mac:
+                    #ifndef NO_SHA256
+                        doSha256 = 1;
+                        setHash  = 1;
+                    #endif
+                    break;
+
+                case sha_mac:
+                    #ifndef NO_OLD_TLS
+                        doSha = 1;
+                        setHash  = 1;
+                    #endif
+                    break;
+
+                default:
+                    ERROR_OUT(ALGO_ID_E, done);
+            }
+
+            if (setHash == 0) {
+                ERROR_OUT(ALGO_ID_E, done);
+            }
+
+        } else {
+            /* only using sha and md5 for rsa */
+            #ifndef NO_OLD_TLS
+                doSha = 1;
+                if (sigAlgo == rsa_sa_algo) {
+                    doMd5 = 1;
+                }
+            #else
+                ERROR_OUT(ALGO_ID_E, done);
+            #endif
         }
 
         /* signature */
@@ -10024,83 +10087,104 @@ static void PickHashSigAlgo(WOLFSSL* ssl,
 #ifndef NO_OLD_TLS
         /* md5 */
     #ifdef WOLFSSL_SMALL_STACK
-        md5 = (Md5*)XMALLOC(sizeof(Md5), NULL, DYNAMIC_TYPE_TMP_BUFFER);
-        if (md5 == NULL)
-            ERROR_OUT(MEMORY_E, done);
+        if (doMd5) {
+            md5 = (Md5*)XMALLOC(sizeof(Md5), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+            if (md5 == NULL)
+                ERROR_OUT(MEMORY_E, done);
+        }
     #endif
-        wc_InitMd5(md5);
-        wc_Md5Update(md5, ssl->arrays->clientRandom, RAN_LEN);
-        wc_Md5Update(md5, ssl->arrays->serverRandom, RAN_LEN);
-        wc_Md5Update(md5, messageVerify, verifySz);
-        wc_Md5Final(md5, hash);
-
+        if (doMd5) {
+            wc_InitMd5(md5);
+            wc_Md5Update(md5, ssl->arrays->clientRandom, RAN_LEN);
+            wc_Md5Update(md5, ssl->arrays->serverRandom, RAN_LEN);
+            wc_Md5Update(md5, messageVerify, verifySz);
+            wc_Md5Final(md5, hash);
+        }
         /* sha */
     #ifdef WOLFSSL_SMALL_STACK
-        sha = (Sha*)XMALLOC(sizeof(Sha), NULL, DYNAMIC_TYPE_TMP_BUFFER);
-        if (sha == NULL)
-            ERROR_OUT(MEMORY_E, done);
+        if (doSha) {
+            sha = (Sha*)XMALLOC(sizeof(Sha), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+            if (sha == NULL)
+                ERROR_OUT(MEMORY_E, done);
+        }
     #endif
-        ret = wc_InitSha(sha);
-        if (ret != 0)
-            goto done;
-        wc_ShaUpdate(sha, ssl->arrays->clientRandom, RAN_LEN);
-        wc_ShaUpdate(sha, ssl->arrays->serverRandom, RAN_LEN);
-        wc_ShaUpdate(sha, messageVerify, verifySz);
-        wc_ShaFinal(sha, hash + MD5_DIGEST_SIZE);
+        if (doSha) {
+            ret = wc_InitSha(sha);
+            if (ret != 0) goto done;
+            wc_ShaUpdate(sha, ssl->arrays->clientRandom, RAN_LEN);
+            wc_ShaUpdate(sha, ssl->arrays->serverRandom, RAN_LEN);
+            wc_ShaUpdate(sha, messageVerify, verifySz);
+            wc_ShaFinal(sha, hash + MD5_DIGEST_SIZE);
+        }
 #endif
 
 #ifndef NO_SHA256
     #ifdef WOLFSSL_SMALL_STACK
-        sha256 = (Sha256*)XMALLOC(sizeof(Sha256), NULL,
+        if (doSha256) {
+            sha256 = (Sha256*)XMALLOC(sizeof(Sha256), NULL,
                                                        DYNAMIC_TYPE_TMP_BUFFER);
-        hash256 = (byte*)XMALLOC(SHA256_DIGEST_SIZE, NULL,
+            hash256 = (byte*)XMALLOC(SHA256_DIGEST_SIZE, NULL,
                                                        DYNAMIC_TYPE_TMP_BUFFER);
-        if (sha256 == NULL || hash256 == NULL)
-            ERROR_OUT(MEMORY_E, done);
+            if (sha256 == NULL || hash256 == NULL)
+                ERROR_OUT(MEMORY_E, done);
+        }
     #endif
-        if (!(ret = wc_InitSha256(sha256))
-        &&  !(ret = wc_Sha256Update(sha256, ssl->arrays->clientRandom, RAN_LEN))
-        &&  !(ret = wc_Sha256Update(sha256, ssl->arrays->serverRandom, RAN_LEN))
-        &&  !(ret = wc_Sha256Update(sha256, messageVerify, verifySz)))
-              ret = wc_Sha256Final(sha256, hash256);
-        if (ret != 0)
-            goto done;
+        if (doSha256) {
+            if (!(ret = wc_InitSha256(sha256))
+            &&  !(ret = wc_Sha256Update(sha256, ssl->arrays->clientRandom,
+                                        RAN_LEN))
+            &&  !(ret = wc_Sha256Update(sha256, ssl->arrays->serverRandom,
+                                        RAN_LEN))
+            &&  !(ret = wc_Sha256Update(sha256, messageVerify, verifySz)))
+                  ret = wc_Sha256Final(sha256, hash256);
+            if (ret != 0) goto done;
+        }
 #endif
 
 #ifdef WOLFSSL_SHA384
     #ifdef WOLFSSL_SMALL_STACK
-        sha384 = (Sha384*)XMALLOC(sizeof(Sha384), NULL,
+        if (doSha384) {
+            sha384 = (Sha384*)XMALLOC(sizeof(Sha384), NULL,
                                                        DYNAMIC_TYPE_TMP_BUFFER);
-        hash384 = (byte*)XMALLOC(SHA384_DIGEST_SIZE, NULL,
+            hash384 = (byte*)XMALLOC(SHA384_DIGEST_SIZE, NULL,
                                                        DYNAMIC_TYPE_TMP_BUFFER);
-        if (sha384 == NULL || hash384 == NULL)
-            ERROR_OUT(MEMORY_E, done);
+            if (sha384 == NULL || hash384 == NULL)
+                ERROR_OUT(MEMORY_E, done);
+        }
     #endif
-        if (!(ret = wc_InitSha384(sha384))
-        &&  !(ret = wc_Sha384Update(sha384, ssl->arrays->clientRandom, RAN_LEN))
-        &&  !(ret = wc_Sha384Update(sha384, ssl->arrays->serverRandom, RAN_LEN))
-        &&  !(ret = wc_Sha384Update(sha384, messageVerify, verifySz)))
-              ret = wc_Sha384Final(sha384, hash384);
-        if (ret != 0)
-            goto done;
+        if (doSha384) {
+            if (!(ret = wc_InitSha384(sha384))
+            &&  !(ret = wc_Sha384Update(sha384, ssl->arrays->clientRandom,
+                                        RAN_LEN))
+            &&  !(ret = wc_Sha384Update(sha384, ssl->arrays->serverRandom,
+                                        RAN_LEN))
+            &&  !(ret = wc_Sha384Update(sha384, messageVerify, verifySz)))
+                  ret = wc_Sha384Final(sha384, hash384);
+            if (ret != 0) goto done;
+        }
 #endif
 
 #ifdef WOLFSSL_SHA512
     #ifdef WOLFSSL_SMALL_STACK
-        sha512 = (Sha512*)XMALLOC(sizeof(Sha512), NULL,
+        if (doSha512) {
+            sha512 = (Sha512*)XMALLOC(sizeof(Sha512), NULL,
                                                        DYNAMIC_TYPE_TMP_BUFFER);
-        hash512 = (byte*)XMALLOC(SHA512_DIGEST_SIZE, NULL,
+            hash512 = (byte*)XMALLOC(SHA512_DIGEST_SIZE, NULL,
                                                        DYNAMIC_TYPE_TMP_BUFFER);
-        if (sha512 == NULL || hash512 == NULL)
-            ERROR_OUT(MEMORY_E, done);
+            if (sha512 == NULL || hash512 == NULL)
+                ERROR_OUT(MEMORY_E, done);
+        }
     #endif
-        if (!(ret = wc_InitSha512(sha512))
-        &&  !(ret = wc_Sha512Update(sha512, ssl->arrays->clientRandom, RAN_LEN))
-        &&  !(ret = wc_Sha512Update(sha512, ssl->arrays->serverRandom, RAN_LEN))
-        &&  !(ret = wc_Sha512Update(sha512, messageVerify, verifySz)))
-              ret = wc_Sha512Final(sha512, hash512);
-        if (ret != 0)
-            goto done;
+        if (doSha512) {
+            if (!(ret = wc_InitSha512(sha512))
+            &&  !(ret = wc_Sha512Update(sha512, ssl->arrays->clientRandom,
+                                        RAN_LEN))
+            &&  !(ret = wc_Sha512Update(sha512, ssl->arrays->serverRandom,
+                                        RAN_LEN))
+            &&  !(ret = wc_Sha512Update(sha512, messageVerify, verifySz)))
+                  ret = wc_Sha512Final(sha512, hash512);
+            if (ret != 0) goto done;
+        }
 #endif
 
 #ifndef NO_RSA
@@ -10186,8 +10270,10 @@ static void PickHashSigAlgo(WOLFSSL* ssl,
                     ERROR_OUT(MEMORY_E, done);
             #endif
 
-                encSigSz = wc_EncodeSignature(encodedSig, digest, digestSz, typeH);
-
+                if (digest == NULL)
+                    ERROR_OUT(ALGO_ID_E, done);
+                encSigSz = wc_EncodeSignature(encodedSig, digest, digestSz,
+                                              typeH);
                 if (encSigSz != verifiedSz || !out || XMEMCMP(out, encodedSig,
                                         min(encSigSz, MAX_ENCODED_SIG_SZ)) != 0)
                     ret = VERIFY_SIGN_ERROR;
diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
index 399753ab3..634623bee 100644
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -2931,12 +2931,13 @@ WOLFSSL_LOCAL word32 SetAlgoID(int algoOID, byte* output, int type, int curveSz)
 }
 
 
-word32 wc_EncodeSignature(byte* out, const byte* digest, word32 digSz, int hashOID)
+word32 wc_EncodeSignature(byte* out, const byte* digest, word32 digSz,
+                          int hashOID)
 {
     byte digArray[MAX_ENCODED_DIG_SZ];
     byte algoArray[MAX_ALGO_SZ];
     byte seqArray[MAX_SEQ_SZ];
-    word32 encDigSz, algoSz, seqSz; 
+    word32 encDigSz, algoSz, seqSz;
 
     encDigSz = SetDigest(digest, digSz, digArray);
     algoSz   = SetAlgoID(hashOID, algoArray, hashType, 0);

From ea585e9b1989643259dc9b738015e07a361913a0 Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Tue, 7 Apr 2015 16:00:12 -0700
Subject: [PATCH 029/350] Updated iOS readme. Turned off unused wolfCrypt
 options in iOS FIPS build.

---
 IDE/iOS/README.md                             | 19 ++++++++++++-------
 .../wolfssl-FIPS.xcodeproj/project.pbxproj    |  8 ++++++++
 2 files changed, 20 insertions(+), 7 deletions(-)

diff --git a/IDE/iOS/README.md b/IDE/iOS/README.md
index 519520e56..f4525176c 100644
--- a/IDE/iOS/README.md
+++ b/IDE/iOS/README.md
@@ -63,10 +63,15 @@ for "Preprocessor Macros" and add the following under both `Release` and
 * `HAVE_AESGCM`
 * `WOLFSSL_SHA512`
 * `WOLFSSL_SHA384`
+* `NO_MD4`
+* `NO_HC128`
+* `NO_RABBIT`
+* `NO_DSA`
+* `NO_PWDBASED`
 
-The approved FIPS source files are from the CyaSSL project v3.4.8.fips. The FIPS
-and FIPS-TEST files are from our FIPS project v3.4.8. For the wolfCAVP test
-the wolfSSL version used is v3.4.8.
+The approved FIPS source files are from the CyaSSL project tag v3.4.8.fips. The
+files fips.c and fips_test.c, and the wolfCAVP test app are from the FIPS
+project tag v3.4.8a. The wolfSSL/wolfCrypt files are from tag v3.4.8.
 
 # Using the FIPS library
 
@@ -80,7 +85,7 @@ Every time the application is changed, the FIPS checksum will change, because
 the FIPS library's position in the executable may change.
 
 You need to add something to your application that will output the verifyCore
-value to be used. The verifyCore in fips_test.c will need to be updated with this
-value, the library rebuilt, and relinked into your application. The application
-should not be changed during this process or the verifyCore check will fail again.
-
+value to be used. The verifyCore in fips_test.c will need to be updated with
+this value, the library rebuilt, and relinked into your application. The
+application should not be changed during this process or the verifyCore check
+will fail again.
diff --git a/IDE/iOS/wolfssl-FIPS.xcodeproj/project.pbxproj b/IDE/iOS/wolfssl-FIPS.xcodeproj/project.pbxproj
index d903641b8..06011aecd 100644
--- a/IDE/iOS/wolfssl-FIPS.xcodeproj/project.pbxproj
+++ b/IDE/iOS/wolfssl-FIPS.xcodeproj/project.pbxproj
@@ -911,6 +911,10 @@
 					HAVE_AESGCM,
 					WOLFSSL_SHA512,
 					WOLFSSL_SHA384,
+					NO_MD4,
+					NO_HC128,
+					NO_RABBIT,
+					NO_DSA,
 					NO_PWDBASED,
 				);
 				HEADER_SEARCH_PATHS = (
@@ -942,6 +946,10 @@
 					HAVE_AESGCM,
 					WOLFSSL_SHA512,
 					WOLFSSL_SHA384,
+					NO_MD4,
+					NO_HC128,
+					NO_RABBIT,
+					NO_DSA,
 					NO_PWDBASED,
 				);
 				HEADER_SEARCH_PATHS = (

From 6728a18d7c6dc97c0872f4393c538a6ee7b9c5c2 Mon Sep 17 00:00:00 2001
From: Takashi Kojo <kojo@wolfsssl.com>
Date: Wed, 8 Apr 2015 10:14:45 +0900
Subject: [PATCH 030/350] cpuflag ADX for Intel MULX in asm.c, BMI2 in
 sha256/512.c

---
 wolfcrypt/src/asm.c    | 7 +++++--
 wolfcrypt/src/sha256.c | 5 ++++-
 wolfcrypt/src/sha512.c | 7 +++++--
 3 files changed, 14 insertions(+), 5 deletions(-)

diff --git a/wolfcrypt/src/asm.c b/wolfcrypt/src/asm.c
index 08dc21d16..9f8458588 100755
--- a/wolfcrypt/src/asm.c
+++ b/wolfcrypt/src/asm.c
@@ -65,11 +65,13 @@
 #define CPUID_AVX2   0x2
 #define CPUID_RDRAND 0x4
 #define CPUID_RDSEED 0x8
-#define CPUID_BMI2   0x10
+#define CPUID_BMI2   0x10   /* MULX, RORX */
+#define CPUID_ADX    0x20   /* ADCX, ADOX */
 
 #define IS_INTEL_AVX1       (cpuid_flags&CPUID_AVX1)
 #define IS_INTEL_AVX2       (cpuid_flags&CPUID_AVX2)
 #define IS_INTEL_BMI2       (cpuid_flags&CPUID_BMI2)
+#define IS_INTEL_ADX        (cpuid_flags&CPUID_ADX)
 #define IS_INTEL_RDRAND     (cpuid_flags&CPUID_RDRAND)
 #define IS_INTEL_RDSEED     (cpuid_flags&CPUID_RDSEED)
 #define SET_FLAGS         
@@ -98,6 +100,7 @@ static word32 cpuid_flag(word32 leaf, word32 sub, word32 num, word32 bit) {
 INLINE static int set_cpuid_flags(void) {  
     if(cpuid_check == 0) {
         if(cpuid_flag(7, 0, EBX, 8)){  cpuid_flags |= CPUID_BMI2 ; }
+        if(cpuid_flag(7, 0, EBX,19)){  cpuid_flags |= CPUID_ADX  ; }
 		cpuid_check = 1 ;
 		return 0 ;
     }
@@ -107,7 +110,7 @@ INLINE static int set_cpuid_flags(void) {
 #define RETURN return
 #define IF_HAVE_INTEL_MULX(func, ret)    \
    if(cpuid_check==0)set_cpuid_flags() ; \
-   if(IS_INTEL_BMI2){  func;  ret ;  }
+   if(IS_INTEL_BMI2 && IS_INTEL_ADX){  func;  ret ;  }
 
 #else
     #define IF_HAVE_INTEL_MULX(func, ret)
diff --git a/wolfcrypt/src/sha256.c b/wolfcrypt/src/sha256.c
index 9993dcc88..6ab516347 100755
--- a/wolfcrypt/src/sha256.c
+++ b/wolfcrypt/src/sha256.c
@@ -176,9 +176,11 @@ int InitSha256(Sha256* sha256) {
 #define CPUID_AVX2   0x2
 #define CPUID_RDRAND 0x4
 #define CPUID_RDSEED 0x8
+#define CPUID_BMI2   0x10   /* MULX, RORX */
 
 #define IS_INTEL_AVX1       (cpuid_flags&CPUID_AVX1)
 #define IS_INTEL_AVX2       (cpuid_flags&CPUID_AVX2)
+#define IS_INTEL_BMI2       (cpuid_flags&CPUID_BMI2)
 #define IS_INTEL_RDRAND     (cpuid_flags&CPUID_RDRAND)
 #define IS_INTEL_RDSEED     (cpuid_flags&CPUID_RDSEED)
 
@@ -207,6 +209,7 @@ static int set_cpuid_flags(void) {
     if(cpuid_check==0) {
         if(cpuid_flag(1, 0, ECX, 28)){ cpuid_flags |= CPUID_AVX1 ;}
         if(cpuid_flag(7, 0, EBX, 5)){  cpuid_flags |= CPUID_AVX2 ; }
+        if(cpuid_flag(7, 0, EBX, 8)) { cpuid_flags |= CPUID_BMI2 ; }
         if(cpuid_flag(1, 0, ECX, 30)){ cpuid_flags |= CPUID_RDRAND ;  } 
         if(cpuid_flag(7, 0, EBX, 18)){ cpuid_flags |= CPUID_RDSEED ;  }
         cpuid_check = 1 ;
@@ -235,7 +238,7 @@ static void set_Transform(void) {
      if(set_cpuid_flags())return ;
 
 #if defined(HAVE_INTEL_AVX2)
-     if(IS_INTEL_AVX2){ 
+     if(IS_INTEL_AVX2 && IS_INTEL_BMI2){ 
          Transform_p = Transform_AVX1_RORX; return ; 
          Transform_p = Transform_AVX2      ; 
                   /* for avoiding warning,"not used" */
diff --git a/wolfcrypt/src/sha512.c b/wolfcrypt/src/sha512.c
index f77c8a2cf..62457f891 100755
--- a/wolfcrypt/src/sha512.c
+++ b/wolfcrypt/src/sha512.c
@@ -208,9 +208,11 @@ int InitSha512(Sha512* sha512) {
 #define CPUID_AVX2   0x2
 #define CPUID_RDRAND 0x4
 #define CPUID_RDSEED 0x8
+#define CPUID_BMI2   0x10   /* MULX, RORX */
 
 #define IS_INTEL_AVX1       (cpuid_flags&CPUID_AVX1)
 #define IS_INTEL_AVX2       (cpuid_flags&CPUID_AVX2)
+#define IS_INTEL_BMI2       (cpuid_flags&CPUID_BMI2)
 #define IS_INTEL_RDRAND     (cpuid_flags&CPUID_RDRAND)
 #define IS_INTEL_RDSEED     (cpuid_flags&CPUID_RDSEED)
 
@@ -242,6 +244,7 @@ static int set_cpuid_flags(int sha) {
     if((cpuid_check & sha) ==0) {
         if(cpuid_flag(1, 0, ECX, 28)){ cpuid_flags |= CPUID_AVX1 ;}
         if(cpuid_flag(7, 0, EBX, 5)){  cpuid_flags |= CPUID_AVX2 ; }
+        if(cpuid_flag(7, 0, EBX, 8)) { cpuid_flags |= CPUID_BMI2 ; }
         if(cpuid_flag(1, 0, ECX, 30)){ cpuid_flags |= CPUID_RDRAND ;  } 
         if(cpuid_flag(7, 0, EBX, 18)){ cpuid_flags |= CPUID_RDSEED ;  }
 		cpuid_check |= sha ;
@@ -276,7 +279,7 @@ static void set_Transform(void) {
      if(set_cpuid_flags(CHECK_SHA512)) return ;
 
 #if defined(HAVE_INTEL_AVX2)
-     if(IS_INTEL_AVX2){ 
+     if(IS_INTEL_AVX2 && IS_INTEL_BMI2){ 
          Transform_p = Transform_AVX1_RORX; return ; 
          Transform_p = Transform_AVX2      ; 
                   /* for avoiding warning,"not used" */
@@ -1352,7 +1355,7 @@ static void set_Transform384(void) {
      Transform384_p = ((IS_INTEL_AVX1) ? Transform384_AVX1 : _Transform384) ;
 #elif defined(HAVE_INTEL_AVX2)
      #if defined(HAVE_INTEL_AVX1) && defined(HAVE_INTEL_RORX)
-     if(IS_INTEL_AVX2) { Transform384_p = Transform384_AVX1_RORX ; return ; }
+     if(IS_INTEL_AVX2 && IS_INTEL_BMI2) { Transform384_p = Transform384_AVX1_RORX ; return ; }
      #endif
      if(IS_INTEL_AVX2) { Transform384_p = Transform384_AVX2 ; return ; }
      #if defined(HAVE_INTEL_AVX1)

From 079c9908a39797dc5e484d651dbe7beff5ae2ecf Mon Sep 17 00:00:00 2001
From: Takashi Kojo <kojo@wolfsssl.com>
Date: Wed, 8 Apr 2015 11:09:57 +0900
Subject: [PATCH 031/350] Merged with 3.4.8

---
 .../wolfssl-FIPS.xcodeproj/project.pbxproj    |  12 +-
 src/internal.c                                | 194 +++++++++++++-----
 wolfcrypt/src/asn.c                           |   5 +-
 3 files changed, 153 insertions(+), 58 deletions(-)

diff --git a/IDE/iOS/wolfssl-FIPS.xcodeproj/project.pbxproj b/IDE/iOS/wolfssl-FIPS.xcodeproj/project.pbxproj
index 1f14345f9..06011aecd 100644
--- a/IDE/iOS/wolfssl-FIPS.xcodeproj/project.pbxproj
+++ b/IDE/iOS/wolfssl-FIPS.xcodeproj/project.pbxproj
@@ -865,7 +865,7 @@
 				GCC_WARN_ABOUT_RETURN_TYPE = YES;
 				GCC_WARN_UNINITIALIZED_AUTOS = YES;
 				GCC_WARN_UNUSED_VARIABLE = YES;
-				IPHONEOS_DEPLOYMENT_TARGET = 6.1;
+				IPHONEOS_DEPLOYMENT_TARGET = 8.1;
 				ONLY_ACTIVE_ARCH = YES;
 				SDKROOT = iphoneos;
 				USER_HEADER_SEARCH_PATHS = "wolfssl/wolfcrypt wolfssl include";
@@ -888,7 +888,7 @@
 				GCC_WARN_ABOUT_RETURN_TYPE = YES;
 				GCC_WARN_UNINITIALIZED_AUTOS = YES;
 				GCC_WARN_UNUSED_VARIABLE = YES;
-				IPHONEOS_DEPLOYMENT_TARGET = 6.1;
+				IPHONEOS_DEPLOYMENT_TARGET = 8.1;
 				SDKROOT = iphoneos;
 				USER_HEADER_SEARCH_PATHS = "wolfssl/wolfcrypt wolfssl include";
 				VALIDATE_PRODUCT = NO;
@@ -911,6 +911,10 @@
 					HAVE_AESGCM,
 					WOLFSSL_SHA512,
 					WOLFSSL_SHA384,
+					NO_MD4,
+					NO_HC128,
+					NO_RABBIT,
+					NO_DSA,
 					NO_PWDBASED,
 				);
 				HEADER_SEARCH_PATHS = (
@@ -942,6 +946,10 @@
 					HAVE_AESGCM,
 					WOLFSSL_SHA512,
 					WOLFSSL_SHA384,
+					NO_MD4,
+					NO_HC128,
+					NO_RABBIT,
+					NO_DSA,
 					NO_PWDBASED,
 				);
 				HEADER_SEARCH_PATHS = (
diff --git a/src/internal.c b/src/internal.c
index 39e3beb90..ab13a56a5 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -9977,6 +9977,20 @@ static void PickHashSigAlgo(WOLFSSL* ssl,
         byte    sigAlgo  = ssl->specs.sig_algo;
         word16  verifySz = (word16) (*inOutIdx - begin);
 
+#ifndef NO_OLD_TLS
+        byte doMd5 = 0;
+        byte doSha = 0;
+#endif
+#ifndef NO_SHA256
+        byte doSha256 = 0;
+#endif
+#ifdef WOLFSSL_SHA384
+        byte doSha384 = 0;
+#endif
+#ifdef WOLFSSL_SHA512
+        byte doSha512 = 0;
+#endif
+
         (void)hash;
         (void)sigAlgo;
         (void)hashAlgo;
@@ -9995,11 +10009,60 @@ static void PickHashSigAlgo(WOLFSSL* ssl,
         XMEMCPY(messageVerify, input + begin, verifySz);
 
         if (IsAtLeastTLSv1_2(ssl)) {
+            byte setHash = 0;
             if ((*inOutIdx - begin) + ENUM_LEN + ENUM_LEN > size)
                 ERROR_OUT(BUFFER_ERROR, done);
 
             hashAlgo = input[(*inOutIdx)++];
             sigAlgo  = input[(*inOutIdx)++];
+
+            switch (hashAlgo) {
+                case sha512_mac:
+                    #ifdef WOLFSSL_SHA512
+                        doSha512 = 1;
+                        setHash  = 1;
+                    #endif
+                    break;
+
+                case sha384_mac:
+                    #ifdef WOLFSSL_SHA384
+                        doSha384 = 1;
+                        setHash  = 1;
+                    #endif
+                    break;
+
+                case sha256_mac:
+                    #ifndef NO_SHA256
+                        doSha256 = 1;
+                        setHash  = 1;
+                    #endif
+                    break;
+
+                case sha_mac:
+                    #ifndef NO_OLD_TLS
+                        doSha = 1;
+                        setHash  = 1;
+                    #endif
+                    break;
+
+                default:
+                    ERROR_OUT(ALGO_ID_E, done);
+            }
+
+            if (setHash == 0) {
+                ERROR_OUT(ALGO_ID_E, done);
+            }
+
+        } else {
+            /* only using sha and md5 for rsa */
+            #ifndef NO_OLD_TLS
+                doSha = 1;
+                if (sigAlgo == rsa_sa_algo) {
+                    doMd5 = 1;
+                }
+            #else
+                ERROR_OUT(ALGO_ID_E, done);
+            #endif
         }
 
         /* signature */
@@ -10024,83 +10087,104 @@ static void PickHashSigAlgo(WOLFSSL* ssl,
 #ifndef NO_OLD_TLS
         /* md5 */
     #ifdef WOLFSSL_SMALL_STACK
-        md5 = (Md5*)XMALLOC(sizeof(Md5), NULL, DYNAMIC_TYPE_TMP_BUFFER);
-        if (md5 == NULL)
-            ERROR_OUT(MEMORY_E, done);
+        if (doMd5) {
+            md5 = (Md5*)XMALLOC(sizeof(Md5), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+            if (md5 == NULL)
+                ERROR_OUT(MEMORY_E, done);
+        }
     #endif
-        wc_InitMd5(md5);
-        wc_Md5Update(md5, ssl->arrays->clientRandom, RAN_LEN);
-        wc_Md5Update(md5, ssl->arrays->serverRandom, RAN_LEN);
-        wc_Md5Update(md5, messageVerify, verifySz);
-        wc_Md5Final(md5, hash);
-
+        if (doMd5) {
+            wc_InitMd5(md5);
+            wc_Md5Update(md5, ssl->arrays->clientRandom, RAN_LEN);
+            wc_Md5Update(md5, ssl->arrays->serverRandom, RAN_LEN);
+            wc_Md5Update(md5, messageVerify, verifySz);
+            wc_Md5Final(md5, hash);
+        }
         /* sha */
     #ifdef WOLFSSL_SMALL_STACK
-        sha = (Sha*)XMALLOC(sizeof(Sha), NULL, DYNAMIC_TYPE_TMP_BUFFER);
-        if (sha == NULL)
-            ERROR_OUT(MEMORY_E, done);
+        if (doSha) {
+            sha = (Sha*)XMALLOC(sizeof(Sha), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+            if (sha == NULL)
+                ERROR_OUT(MEMORY_E, done);
+        }
     #endif
-        ret = wc_InitSha(sha);
-        if (ret != 0)
-            goto done;
-        wc_ShaUpdate(sha, ssl->arrays->clientRandom, RAN_LEN);
-        wc_ShaUpdate(sha, ssl->arrays->serverRandom, RAN_LEN);
-        wc_ShaUpdate(sha, messageVerify, verifySz);
-        wc_ShaFinal(sha, hash + MD5_DIGEST_SIZE);
+        if (doSha) {
+            ret = wc_InitSha(sha);
+            if (ret != 0) goto done;
+            wc_ShaUpdate(sha, ssl->arrays->clientRandom, RAN_LEN);
+            wc_ShaUpdate(sha, ssl->arrays->serverRandom, RAN_LEN);
+            wc_ShaUpdate(sha, messageVerify, verifySz);
+            wc_ShaFinal(sha, hash + MD5_DIGEST_SIZE);
+        }
 #endif
 
 #ifndef NO_SHA256
     #ifdef WOLFSSL_SMALL_STACK
-        sha256 = (Sha256*)XMALLOC(sizeof(Sha256), NULL,
+        if (doSha256) {
+            sha256 = (Sha256*)XMALLOC(sizeof(Sha256), NULL,
                                                        DYNAMIC_TYPE_TMP_BUFFER);
-        hash256 = (byte*)XMALLOC(SHA256_DIGEST_SIZE, NULL,
+            hash256 = (byte*)XMALLOC(SHA256_DIGEST_SIZE, NULL,
                                                        DYNAMIC_TYPE_TMP_BUFFER);
-        if (sha256 == NULL || hash256 == NULL)
-            ERROR_OUT(MEMORY_E, done);
+            if (sha256 == NULL || hash256 == NULL)
+                ERROR_OUT(MEMORY_E, done);
+        }
     #endif
-        if (!(ret = wc_InitSha256(sha256))
-        &&  !(ret = wc_Sha256Update(sha256, ssl->arrays->clientRandom, RAN_LEN))
-        &&  !(ret = wc_Sha256Update(sha256, ssl->arrays->serverRandom, RAN_LEN))
-        &&  !(ret = wc_Sha256Update(sha256, messageVerify, verifySz)))
-              ret = wc_Sha256Final(sha256, hash256);
-        if (ret != 0)
-            goto done;
+        if (doSha256) {
+            if (!(ret = wc_InitSha256(sha256))
+            &&  !(ret = wc_Sha256Update(sha256, ssl->arrays->clientRandom,
+                                        RAN_LEN))
+            &&  !(ret = wc_Sha256Update(sha256, ssl->arrays->serverRandom,
+                                        RAN_LEN))
+            &&  !(ret = wc_Sha256Update(sha256, messageVerify, verifySz)))
+                  ret = wc_Sha256Final(sha256, hash256);
+            if (ret != 0) goto done;
+        }
 #endif
 
 #ifdef WOLFSSL_SHA384
     #ifdef WOLFSSL_SMALL_STACK
-        sha384 = (Sha384*)XMALLOC(sizeof(Sha384), NULL,
+        if (doSha384) {
+            sha384 = (Sha384*)XMALLOC(sizeof(Sha384), NULL,
                                                        DYNAMIC_TYPE_TMP_BUFFER);
-        hash384 = (byte*)XMALLOC(SHA384_DIGEST_SIZE, NULL,
+            hash384 = (byte*)XMALLOC(SHA384_DIGEST_SIZE, NULL,
                                                        DYNAMIC_TYPE_TMP_BUFFER);
-        if (sha384 == NULL || hash384 == NULL)
-            ERROR_OUT(MEMORY_E, done);
+            if (sha384 == NULL || hash384 == NULL)
+                ERROR_OUT(MEMORY_E, done);
+        }
     #endif
-        if (!(ret = wc_InitSha384(sha384))
-        &&  !(ret = wc_Sha384Update(sha384, ssl->arrays->clientRandom, RAN_LEN))
-        &&  !(ret = wc_Sha384Update(sha384, ssl->arrays->serverRandom, RAN_LEN))
-        &&  !(ret = wc_Sha384Update(sha384, messageVerify, verifySz)))
-              ret = wc_Sha384Final(sha384, hash384);
-        if (ret != 0)
-            goto done;
+        if (doSha384) {
+            if (!(ret = wc_InitSha384(sha384))
+            &&  !(ret = wc_Sha384Update(sha384, ssl->arrays->clientRandom,
+                                        RAN_LEN))
+            &&  !(ret = wc_Sha384Update(sha384, ssl->arrays->serverRandom,
+                                        RAN_LEN))
+            &&  !(ret = wc_Sha384Update(sha384, messageVerify, verifySz)))
+                  ret = wc_Sha384Final(sha384, hash384);
+            if (ret != 0) goto done;
+        }
 #endif
 
 #ifdef WOLFSSL_SHA512
     #ifdef WOLFSSL_SMALL_STACK
-        sha512 = (Sha512*)XMALLOC(sizeof(Sha512), NULL,
+        if (doSha512) {
+            sha512 = (Sha512*)XMALLOC(sizeof(Sha512), NULL,
                                                        DYNAMIC_TYPE_TMP_BUFFER);
-        hash512 = (byte*)XMALLOC(SHA512_DIGEST_SIZE, NULL,
+            hash512 = (byte*)XMALLOC(SHA512_DIGEST_SIZE, NULL,
                                                        DYNAMIC_TYPE_TMP_BUFFER);
-        if (sha512 == NULL || hash512 == NULL)
-            ERROR_OUT(MEMORY_E, done);
+            if (sha512 == NULL || hash512 == NULL)
+                ERROR_OUT(MEMORY_E, done);
+        }
     #endif
-        if (!(ret = wc_InitSha512(sha512))
-        &&  !(ret = wc_Sha512Update(sha512, ssl->arrays->clientRandom, RAN_LEN))
-        &&  !(ret = wc_Sha512Update(sha512, ssl->arrays->serverRandom, RAN_LEN))
-        &&  !(ret = wc_Sha512Update(sha512, messageVerify, verifySz)))
-              ret = wc_Sha512Final(sha512, hash512);
-        if (ret != 0)
-            goto done;
+        if (doSha512) {
+            if (!(ret = wc_InitSha512(sha512))
+            &&  !(ret = wc_Sha512Update(sha512, ssl->arrays->clientRandom,
+                                        RAN_LEN))
+            &&  !(ret = wc_Sha512Update(sha512, ssl->arrays->serverRandom,
+                                        RAN_LEN))
+            &&  !(ret = wc_Sha512Update(sha512, messageVerify, verifySz)))
+                  ret = wc_Sha512Final(sha512, hash512);
+            if (ret != 0) goto done;
+        }
 #endif
 
 #ifndef NO_RSA
@@ -10186,8 +10270,10 @@ static void PickHashSigAlgo(WOLFSSL* ssl,
                     ERROR_OUT(MEMORY_E, done);
             #endif
 
-                encSigSz = wc_EncodeSignature(encodedSig, digest, digestSz, typeH);
-
+                if (digest == NULL)
+                    ERROR_OUT(ALGO_ID_E, done);
+                encSigSz = wc_EncodeSignature(encodedSig, digest, digestSz,
+                                              typeH);
                 if (encSigSz != verifiedSz || !out || XMEMCMP(out, encodedSig,
                                         min(encSigSz, MAX_ENCODED_SIG_SZ)) != 0)
                     ret = VERIFY_SIGN_ERROR;
diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
index 399753ab3..634623bee 100644
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -2931,12 +2931,13 @@ WOLFSSL_LOCAL word32 SetAlgoID(int algoOID, byte* output, int type, int curveSz)
 }
 
 
-word32 wc_EncodeSignature(byte* out, const byte* digest, word32 digSz, int hashOID)
+word32 wc_EncodeSignature(byte* out, const byte* digest, word32 digSz,
+                          int hashOID)
 {
     byte digArray[MAX_ENCODED_DIG_SZ];
     byte algoArray[MAX_ALGO_SZ];
     byte seqArray[MAX_SEQ_SZ];
-    word32 encDigSz, algoSz, seqSz; 
+    word32 encDigSz, algoSz, seqSz;
 
     encDigSz = SetDigest(digest, digSz, digArray);
     algoSz   = SetAlgoID(hashOID, algoArray, hashType, 0);

From 3ff5e5402550aee9c4faae2d158ba2bdb9bfef80 Mon Sep 17 00:00:00 2001
From: Takashi Kojo <kojo@wolfsssl.com>
Date: Wed, 8 Apr 2015 13:46:27 +0900
Subject: [PATCH 032/350] rollback files

---
 IDE/iOS/README.md                             |  12 +-
 .../wolfssl-FIPS.xcodeproj/project.pbxproj    |   4 +-
 IDE/iOS/wolfssl.xcodeproj/project.pbxproj     |   2 +-
 README                                        |  15 +-
 README.md                                     |  13 --
 configure.ac                                  |   2 +-
 examples/client/client.vcxproj                | 159 +----------------
 examples/echoclient/echoclient.vcxproj        | 159 +----------------
 examples/echoserver/echoserver.vcxproj        | 159 +----------------
 examples/server/server.vcxproj                | 159 +----------------
 src/internal.c                                |   8 -
 sslSniffer/sslSniffer.vcxproj                 |  10 +-
 support/wolfssl.pc                            |   2 +-
 testsuite/testsuite.vcxproj                   | 159 +----------------
 wolfssl.vcxproj                               | 166 +-----------------
 wolfssl/error-ssl.h                           |   1 -
 wolfssl/version.h                             |   4 +-
 wolfssl/wolfcrypt/visibility.h                |   4 +-
 wolfssl64.sln                                 |  58 +-----
 19 files changed, 37 insertions(+), 1059 deletions(-)

diff --git a/IDE/iOS/README.md b/IDE/iOS/README.md
index 519520e56..e9e781b49 100644
--- a/IDE/iOS/README.md
+++ b/IDE/iOS/README.md
@@ -28,10 +28,13 @@ order.
 
 # Building libwolfssl.a
 
-There are several options of builds. You can make a simulator build, or a
-device build. Both are debug builds.
+## Debug build
+
+## Release build
+
+A release build requires an Apple Developer account, as far as I can tell. I
+have not tried this yet.
 
-You can make an archive for a device, as well. That is a release build.
 
 # Installing libwolfssl.a
 
@@ -64,9 +67,6 @@ for "Preprocessor Macros" and add the following under both `Release` and
 * `WOLFSSL_SHA512`
 * `WOLFSSL_SHA384`
 
-The approved FIPS source files are from the CyaSSL project v3.4.8.fips. The FIPS
-and FIPS-TEST files are from our FIPS project v3.4.8. For the wolfCAVP test
-the wolfSSL version used is v3.4.8.
 
 # Using the FIPS library
 
diff --git a/IDE/iOS/wolfssl-FIPS.xcodeproj/project.pbxproj b/IDE/iOS/wolfssl-FIPS.xcodeproj/project.pbxproj
index 1f14345f9..001bdf155 100644
--- a/IDE/iOS/wolfssl-FIPS.xcodeproj/project.pbxproj
+++ b/IDE/iOS/wolfssl-FIPS.xcodeproj/project.pbxproj
@@ -295,7 +295,7 @@
 			isa = PBXCopyFilesBuildPhase;
 			buildActionMask = 2147483647;
 			dstPath = include/wolfssl;
-			dstSubfolderSpec = 7;
+			dstSubfolderSpec = 16;
 			files = (
 				521646C41A8A7FE10062516A /* callbacks.h in CopyFiles */,
 				521646C51A8A7FE10062516A /* certs_test.h in CopyFiles */,
@@ -917,7 +917,6 @@
 					$SRCROOT,
 					$PROJECT_DIR/../..,
 				);
-				IPHONEOS_DEPLOYMENT_TARGET = 8.1;
 				OTHER_CFLAGS = "";
 				OTHER_LDFLAGS = "";
 				PRODUCT_NAME = wolfssl;
@@ -948,7 +947,6 @@
 					$SRCROOT,
 					$PROJECT_DIR/../..,
 				);
-				IPHONEOS_DEPLOYMENT_TARGET = 8.1;
 				OTHER_CFLAGS = "";
 				OTHER_LDFLAGS = "";
 				PRODUCT_NAME = wolfssl;
diff --git a/IDE/iOS/wolfssl.xcodeproj/project.pbxproj b/IDE/iOS/wolfssl.xcodeproj/project.pbxproj
index 0de405b73..14fd4e4d6 100644
--- a/IDE/iOS/wolfssl.xcodeproj/project.pbxproj
+++ b/IDE/iOS/wolfssl.xcodeproj/project.pbxproj
@@ -283,7 +283,7 @@
 			isa = PBXCopyFilesBuildPhase;
 			buildActionMask = 2147483647;
 			dstPath = include/wolfssl;
-			dstSubfolderSpec = 7;
+			dstSubfolderSpec = 16;
 			files = (
 				521646C41A8A7FE10062516A /* callbacks.h in CopyFiles */,
 				521646C51A8A7FE10062516A /* certs_test.h in CopyFiles */,
diff --git a/README b/README
index f5c77acc5..d9e982f38 100644
--- a/README
+++ b/README
@@ -37,20 +37,7 @@ before calling wolfSSL_new();  Though it's not recommended.
 - GNU Binutils 2.24 ld has problems with some debug builds, to fix an ld error
   add -fdebug-types-section to C_EXTRA_FLAGS
 
-wolfSSL (Formerly CyaSSL) Release 3.4.8 (04/06/2015)
-
-Release 3.4.8 of wolfSSL has bug fixes and new features including:
-
-- FIPS version submitted for iOS.
-- Max Strength build that only allows TLSv1.2, AEAD ciphers, and PFS.
-- Improvements to usage of time code.
-- Improvements to VS solution files.
-
-See INSTALL file for build instructions.
-More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html
-
-
- *****************wolfSSL (Formerly CyaSSL) Release 3.4.6 (03/30/2015)
+wolfSSL (Formerly CyaSSL) Release 3.4.6 (03/30/2015)
 
 Release 3.4.6 of wolfSSL has bug fixes and new features including:
 
diff --git a/README.md b/README.md
index a490ac2ff..59c77e37c 100644
--- a/README.md
+++ b/README.md
@@ -38,19 +38,6 @@ before calling wolfSSL_new();  Though it's not recommended.
 - GNU Binutils 2.24 ld has problems with some debug builds, to fix an ld error
   add -fdebug-types-section to C_EXTRA_FLAGS
 
-#wolfSSL (Formerly CyaSSL) Release 3.4.8 (04/06/2015)
-
-##Release 3.4.8 of wolfSSL has bug fixes and new features including:
-
-- FIPS version submitted for iOS.
-- Max Strength build that only allows TLSv1.2, AEAD ciphers, and PFS.
-- Improvements to usage of time code.
-- Improvements to VS solution files.
-
-See INSTALL file for build instructions.
-More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html
-
-
 #wolfSSL (Formerly CyaSSL) Release 3.4.6 (03/30/2015)
 
 ##Release 3.4.6 of wolfSSL has bug fixes and new features including:
diff --git a/configure.ac b/configure.ac
index cdad2c153..45a687368 100644
--- a/configure.ac
+++ b/configure.ac
@@ -6,7 +6,7 @@
 #
 #
 
-AC_INIT([wolfssl],[3.4.8],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[http://www.wolfssl.com])
+AC_INIT([wolfssl],[3.4.7],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[http://www.wolfssl.com])
 
 AC_CONFIG_AUX_DIR([build-aux])
 
diff --git a/examples/client/client.vcxproj b/examples/client/client.vcxproj
index dec191d7a..4442c56fd 100644
--- a/examples/client/client.vcxproj
+++ b/examples/client/client.vcxproj
@@ -9,22 +9,6 @@
       <Configuration>Debug</Configuration>
       <Platform>x64</Platform>
     </ProjectConfiguration>
-    <ProjectConfiguration Include="DLL Debug|Win32">
-      <Configuration>DLL Debug</Configuration>
-      <Platform>Win32</Platform>
-    </ProjectConfiguration>
-    <ProjectConfiguration Include="DLL Debug|x64">
-      <Configuration>DLL Debug</Configuration>
-      <Platform>x64</Platform>
-    </ProjectConfiguration>
-    <ProjectConfiguration Include="DLL Release|Win32">
-      <Configuration>DLL Release</Configuration>
-      <Platform>Win32</Platform>
-    </ProjectConfiguration>
-    <ProjectConfiguration Include="DLL Release|x64">
-      <Configuration>DLL Release</Configuration>
-      <Platform>x64</Platform>
-    </ProjectConfiguration>
     <ProjectConfiguration Include="Release|Win32">
       <Configuration>Release</Configuration>
       <Platform>Win32</Platform>
@@ -46,114 +30,56 @@
     <CharacterSet>Unicode</CharacterSet>
     <WholeProgramOptimization>true</WholeProgramOptimization>
   </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'" Label="Configuration">
-    <ConfigurationType>Application</ConfigurationType>
-    <PlatformToolset>v110</PlatformToolset>
-    <CharacterSet>Unicode</CharacterSet>
-    <WholeProgramOptimization>true</WholeProgramOptimization>
-  </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
     <PlatformToolset>v110</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
     <WholeProgramOptimization>true</WholeProgramOptimization>
   </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'" Label="Configuration">
-    <ConfigurationType>Application</ConfigurationType>
-    <PlatformToolset>v110</PlatformToolset>
-    <CharacterSet>Unicode</CharacterSet>
-    <WholeProgramOptimization>true</WholeProgramOptimization>
-  </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
     <PlatformToolset>v110</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'" Label="Configuration">
-    <ConfigurationType>Application</ConfigurationType>
-    <PlatformToolset>v110</PlatformToolset>
-    <CharacterSet>Unicode</CharacterSet>
-  </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
     <PlatformToolset>v110</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'" Label="Configuration">
-    <ConfigurationType>Application</ConfigurationType>
-    <PlatformToolset>v110</PlatformToolset>
-    <CharacterSet>Unicode</CharacterSet>
-  </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
   <ImportGroup Label="ExtensionSettings">
   </ImportGroup>
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
-  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'" Label="PropertySheets">
-    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
-  </ImportGroup>
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
-  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'" Label="PropertySheets">
-    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
-  </ImportGroup>
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
-  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'" Label="PropertySheets">
-    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
-  </ImportGroup>
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
-  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'" Label="PropertySheets">
-    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
-  </ImportGroup>
   <PropertyGroup Label="UserMacros" />
   <PropertyGroup>
     <_ProjectFileVersion>11.0.61030.0</_ProjectFileVersion>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
     <OutDir>$(SolutionDir)$(Configuration)\</OutDir>
-    <IntDir>$(Configuration)\obj\</IntDir>
-    <LinkIncremental>true</LinkIncremental>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'">
-    <OutDir>$(SolutionDir)$(Configuration)\</OutDir>
-    <IntDir>$(Configuration)\obj\</IntDir>
+    <IntDir>$(Configuration)\</IntDir>
     <LinkIncremental>true</LinkIncremental>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
     <LinkIncremental>true</LinkIncremental>
-    <OutDir>$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>
-    <IntDir>$(Platform)\$(Configuration)\obj\</IntDir>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">
-    <LinkIncremental>true</LinkIncremental>
-    <OutDir>$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>
-    <IntDir>$(Platform)\$(Configuration)\obj\</IntDir>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
     <OutDir>$(SolutionDir)$(Configuration)\</OutDir>
-    <IntDir>$(Configuration)\obj\</IntDir>
-    <LinkIncremental>false</LinkIncremental>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'">
-    <OutDir>$(SolutionDir)$(Configuration)\</OutDir>
-    <IntDir>$(Configuration)\obj\</IntDir>
+    <IntDir>$(Configuration)\</IntDir>
     <LinkIncremental>false</LinkIncremental>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
     <LinkIncremental>false</LinkIncremental>
-    <OutDir>$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>
-    <IntDir>$(Platform)\$(Configuration)\obj\</IntDir>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">
-    <LinkIncremental>false</LinkIncremental>
-    <OutDir>$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>
-    <IntDir>$(Platform)\$(Configuration)\obj\</IntDir>
   </PropertyGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
     <ClCompile>
@@ -175,26 +101,6 @@
       <ImageHasSafeExceptionHandlers>false</ImageHasSafeExceptionHandlers>
     </Link>
   </ItemDefinitionGroup>
-  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'">
-    <ClCompile>
-      <Optimization>Disabled</Optimization>
-      <AdditionalIncludeDirectories>../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;OPENSSL_EXTRA;NO_PSK;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
-      <MinimalRebuild>true</MinimalRebuild>
-      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
-      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
-      <PrecompiledHeader>
-      </PrecompiledHeader>
-      <WarningLevel>Level3</WarningLevel>
-      <DebugInformationFormat>EditAndContinue</DebugInformationFormat>
-    </ClCompile>
-    <Link>
-      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
-      <GenerateDebugInformation>true</GenerateDebugInformation>
-      <SubSystem>Console</SubSystem>
-      <TargetMachine>MachineX86</TargetMachine>
-    </Link>
-  </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
     <ClCompile>
       <Optimization>Disabled</Optimization>
@@ -213,24 +119,6 @@
       <SubSystem>Console</SubSystem>
     </Link>
   </ItemDefinitionGroup>
-  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">
-    <ClCompile>
-      <Optimization>Disabled</Optimization>
-      <AdditionalIncludeDirectories>../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;OPENSSL_EXTRA;NO_PSK;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
-      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
-      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
-      <PrecompiledHeader>
-      </PrecompiledHeader>
-      <WarningLevel>Level3</WarningLevel>
-      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
-    </ClCompile>
-    <Link>
-      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
-      <GenerateDebugInformation>true</GenerateDebugInformation>
-      <SubSystem>Console</SubSystem>
-    </Link>
-  </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
     <ClCompile>
       <Optimization>MaxSpeed</Optimization>
@@ -253,28 +141,6 @@
       <ImageHasSafeExceptionHandlers>false</ImageHasSafeExceptionHandlers>
     </Link>
   </ItemDefinitionGroup>
-  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'">
-    <ClCompile>
-      <Optimization>MaxSpeed</Optimization>
-      <IntrinsicFunctions>true</IntrinsicFunctions>
-      <AdditionalIncludeDirectories>../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;OPENSSL_EXTRA;NO_PSK;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
-      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
-      <FunctionLevelLinking>true</FunctionLevelLinking>
-      <PrecompiledHeader>
-      </PrecompiledHeader>
-      <WarningLevel>Level3</WarningLevel>
-      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
-    </ClCompile>
-    <Link>
-      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
-      <GenerateDebugInformation>true</GenerateDebugInformation>
-      <SubSystem>Console</SubSystem>
-      <OptimizeReferences>true</OptimizeReferences>
-      <EnableCOMDATFolding>true</EnableCOMDATFolding>
-      <TargetMachine>MachineX86</TargetMachine>
-    </Link>
-  </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
     <ClCompile>
       <Optimization>MaxSpeed</Optimization>
@@ -296,27 +162,6 @@
       <EnableCOMDATFolding>true</EnableCOMDATFolding>
     </Link>
   </ItemDefinitionGroup>
-  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">
-    <ClCompile>
-      <Optimization>MaxSpeed</Optimization>
-      <IntrinsicFunctions>true</IntrinsicFunctions>
-      <AdditionalIncludeDirectories>../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;OPENSSL_EXTRA;NO_PSK;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
-      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
-      <FunctionLevelLinking>true</FunctionLevelLinking>
-      <PrecompiledHeader>
-      </PrecompiledHeader>
-      <WarningLevel>Level3</WarningLevel>
-      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
-    </ClCompile>
-    <Link>
-      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
-      <GenerateDebugInformation>true</GenerateDebugInformation>
-      <SubSystem>Console</SubSystem>
-      <OptimizeReferences>true</OptimizeReferences>
-      <EnableCOMDATFolding>true</EnableCOMDATFolding>
-    </Link>
-  </ItemDefinitionGroup>
   <ItemGroup>
     <ClCompile Include="client.c" />
   </ItemGroup>
diff --git a/examples/echoclient/echoclient.vcxproj b/examples/echoclient/echoclient.vcxproj
index a3a60545a..342bb9ca5 100644
--- a/examples/echoclient/echoclient.vcxproj
+++ b/examples/echoclient/echoclient.vcxproj
@@ -9,22 +9,6 @@
       <Configuration>Debug</Configuration>
       <Platform>x64</Platform>
     </ProjectConfiguration>
-    <ProjectConfiguration Include="DLL Debug|Win32">
-      <Configuration>DLL Debug</Configuration>
-      <Platform>Win32</Platform>
-    </ProjectConfiguration>
-    <ProjectConfiguration Include="DLL Debug|x64">
-      <Configuration>DLL Debug</Configuration>
-      <Platform>x64</Platform>
-    </ProjectConfiguration>
-    <ProjectConfiguration Include="DLL Release|Win32">
-      <Configuration>DLL Release</Configuration>
-      <Platform>Win32</Platform>
-    </ProjectConfiguration>
-    <ProjectConfiguration Include="DLL Release|x64">
-      <Configuration>DLL Release</Configuration>
-      <Platform>x64</Platform>
-    </ProjectConfiguration>
     <ProjectConfiguration Include="Release|Win32">
       <Configuration>Release</Configuration>
       <Platform>Win32</Platform>
@@ -46,114 +30,56 @@
     <CharacterSet>Unicode</CharacterSet>
     <WholeProgramOptimization>true</WholeProgramOptimization>
   </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'" Label="Configuration">
-    <ConfigurationType>Application</ConfigurationType>
-    <PlatformToolset>v110</PlatformToolset>
-    <CharacterSet>Unicode</CharacterSet>
-    <WholeProgramOptimization>true</WholeProgramOptimization>
-  </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
     <PlatformToolset>v110</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
     <WholeProgramOptimization>true</WholeProgramOptimization>
   </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'" Label="Configuration">
-    <ConfigurationType>Application</ConfigurationType>
-    <PlatformToolset>v110</PlatformToolset>
-    <CharacterSet>Unicode</CharacterSet>
-    <WholeProgramOptimization>true</WholeProgramOptimization>
-  </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
     <PlatformToolset>v110</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'" Label="Configuration">
-    <ConfigurationType>Application</ConfigurationType>
-    <PlatformToolset>v110</PlatformToolset>
-    <CharacterSet>Unicode</CharacterSet>
-  </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
     <PlatformToolset>v110</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'" Label="Configuration">
-    <ConfigurationType>Application</ConfigurationType>
-    <PlatformToolset>v110</PlatformToolset>
-    <CharacterSet>Unicode</CharacterSet>
-  </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
   <ImportGroup Label="ExtensionSettings">
   </ImportGroup>
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
-  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'" Label="PropertySheets">
-    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
-  </ImportGroup>
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
-  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'" Label="PropertySheets">
-    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
-  </ImportGroup>
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
-  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'" Label="PropertySheets">
-    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
-  </ImportGroup>
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
-  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'" Label="PropertySheets">
-    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
-  </ImportGroup>
   <PropertyGroup Label="UserMacros" />
   <PropertyGroup>
     <_ProjectFileVersion>11.0.61030.0</_ProjectFileVersion>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
     <OutDir>$(SolutionDir)$(Configuration)\</OutDir>
-    <IntDir>$(Configuration)\obj\</IntDir>
-    <LinkIncremental>true</LinkIncremental>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'">
-    <OutDir>$(SolutionDir)$(Configuration)\</OutDir>
-    <IntDir>$(Configuration)\obj\</IntDir>
+    <IntDir>$(Configuration)\</IntDir>
     <LinkIncremental>true</LinkIncremental>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
     <LinkIncremental>true</LinkIncremental>
-    <OutDir>$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>
-    <IntDir>$(Platform)\$(Configuration)\obj\</IntDir>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">
-    <LinkIncremental>true</LinkIncremental>
-    <OutDir>$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>
-    <IntDir>$(Platform)\$(Configuration)\obj\</IntDir>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
     <OutDir>$(SolutionDir)$(Configuration)\</OutDir>
-    <IntDir>$(Configuration)\obj\</IntDir>
-    <LinkIncremental>false</LinkIncremental>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'">
-    <OutDir>$(SolutionDir)$(Configuration)\</OutDir>
-    <IntDir>$(Configuration)\obj\</IntDir>
+    <IntDir>$(Configuration)\</IntDir>
     <LinkIncremental>false</LinkIncremental>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
     <LinkIncremental>false</LinkIncremental>
-    <OutDir>$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>
-    <IntDir>$(Platform)\$(Configuration)\obj\</IntDir>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">
-    <LinkIncremental>false</LinkIncremental>
-    <OutDir>$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>
-    <IntDir>$(Platform)\$(Configuration)\obj\</IntDir>
   </PropertyGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
     <ClCompile>
@@ -176,26 +102,6 @@
 
     </Link>
   </ItemDefinitionGroup>
-  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'">
-    <ClCompile>
-      <Optimization>Disabled</Optimization>
-      <AdditionalIncludeDirectories>../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;OPENSSL_EXTRA;NO_PSK;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
-      <MinimalRebuild>true</MinimalRebuild>
-      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
-      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
-      <PrecompiledHeader>
-      </PrecompiledHeader>
-      <WarningLevel>Level3</WarningLevel>
-      <DebugInformationFormat>EditAndContinue</DebugInformationFormat>
-    </ClCompile>
-    <Link>
-      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
-      <GenerateDebugInformation>true</GenerateDebugInformation>
-      <SubSystem>Console</SubSystem>
-      <TargetMachine>MachineX86</TargetMachine>
-    </Link>
-  </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
     <ClCompile>
       <Optimization>Disabled</Optimization>
@@ -214,24 +120,6 @@
       <SubSystem>Console</SubSystem>
     </Link>
   </ItemDefinitionGroup>
-  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">
-    <ClCompile>
-      <Optimization>Disabled</Optimization>
-      <AdditionalIncludeDirectories>../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;OPENSSL_EXTRA;NO_PSK;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
-      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
-      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
-      <PrecompiledHeader>
-      </PrecompiledHeader>
-      <WarningLevel>Level3</WarningLevel>
-      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
-    </ClCompile>
-    <Link>
-      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
-      <GenerateDebugInformation>true</GenerateDebugInformation>
-      <SubSystem>Console</SubSystem>
-    </Link>
-  </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
     <ClCompile>
       <Optimization>MaxSpeed</Optimization>
@@ -255,28 +143,6 @@
 
     </Link>
   </ItemDefinitionGroup>
-  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'">
-    <ClCompile>
-      <Optimization>MaxSpeed</Optimization>
-      <IntrinsicFunctions>true</IntrinsicFunctions>
-      <AdditionalIncludeDirectories>../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;OPENSSL_EXTRA;NO_PSK;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
-      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
-      <FunctionLevelLinking>true</FunctionLevelLinking>
-      <PrecompiledHeader>
-      </PrecompiledHeader>
-      <WarningLevel>Level3</WarningLevel>
-      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
-    </ClCompile>
-    <Link>
-      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
-      <GenerateDebugInformation>true</GenerateDebugInformation>
-      <SubSystem>Console</SubSystem>
-      <OptimizeReferences>true</OptimizeReferences>
-      <EnableCOMDATFolding>true</EnableCOMDATFolding>
-      <TargetMachine>MachineX86</TargetMachine>
-    </Link>
-  </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
     <ClCompile>
       <Optimization>MaxSpeed</Optimization>
@@ -298,27 +164,6 @@
       <EnableCOMDATFolding>true</EnableCOMDATFolding>
     </Link>
   </ItemDefinitionGroup>
-  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">
-    <ClCompile>
-      <Optimization>MaxSpeed</Optimization>
-      <IntrinsicFunctions>true</IntrinsicFunctions>
-      <AdditionalIncludeDirectories>../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;OPENSSL_EXTRA;NO_PSK;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
-      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
-      <FunctionLevelLinking>true</FunctionLevelLinking>
-      <PrecompiledHeader>
-      </PrecompiledHeader>
-      <WarningLevel>Level3</WarningLevel>
-      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
-    </ClCompile>
-    <Link>
-      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
-      <GenerateDebugInformation>true</GenerateDebugInformation>
-      <SubSystem>Console</SubSystem>
-      <OptimizeReferences>true</OptimizeReferences>
-      <EnableCOMDATFolding>true</EnableCOMDATFolding>
-    </Link>
-  </ItemDefinitionGroup>
   <ItemGroup>
     <ClCompile Include="echoclient.c" />
   </ItemGroup>
diff --git a/examples/echoserver/echoserver.vcxproj b/examples/echoserver/echoserver.vcxproj
index 096ba75c6..a9c210cbd 100644
--- a/examples/echoserver/echoserver.vcxproj
+++ b/examples/echoserver/echoserver.vcxproj
@@ -9,22 +9,6 @@
       <Configuration>Debug</Configuration>
       <Platform>x64</Platform>
     </ProjectConfiguration>
-    <ProjectConfiguration Include="DLL Debug|Win32">
-      <Configuration>DLL Debug</Configuration>
-      <Platform>Win32</Platform>
-    </ProjectConfiguration>
-    <ProjectConfiguration Include="DLL Debug|x64">
-      <Configuration>DLL Debug</Configuration>
-      <Platform>x64</Platform>
-    </ProjectConfiguration>
-    <ProjectConfiguration Include="DLL Release|Win32">
-      <Configuration>DLL Release</Configuration>
-      <Platform>Win32</Platform>
-    </ProjectConfiguration>
-    <ProjectConfiguration Include="DLL Release|x64">
-      <Configuration>DLL Release</Configuration>
-      <Platform>x64</Platform>
-    </ProjectConfiguration>
     <ProjectConfiguration Include="Release|Win32">
       <Configuration>Release</Configuration>
       <Platform>Win32</Platform>
@@ -46,114 +30,56 @@
     <CharacterSet>Unicode</CharacterSet>
     <WholeProgramOptimization>true</WholeProgramOptimization>
   </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'" Label="Configuration">
-    <ConfigurationType>Application</ConfigurationType>
-    <PlatformToolset>v110</PlatformToolset>
-    <CharacterSet>Unicode</CharacterSet>
-    <WholeProgramOptimization>true</WholeProgramOptimization>
-  </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
     <PlatformToolset>v110</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
     <WholeProgramOptimization>true</WholeProgramOptimization>
   </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'" Label="Configuration">
-    <ConfigurationType>Application</ConfigurationType>
-    <PlatformToolset>v110</PlatformToolset>
-    <CharacterSet>Unicode</CharacterSet>
-    <WholeProgramOptimization>true</WholeProgramOptimization>
-  </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
     <PlatformToolset>v110</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'" Label="Configuration">
-    <ConfigurationType>Application</ConfigurationType>
-    <PlatformToolset>v110</PlatformToolset>
-    <CharacterSet>Unicode</CharacterSet>
-  </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
     <PlatformToolset>v110</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'" Label="Configuration">
-    <ConfigurationType>Application</ConfigurationType>
-    <PlatformToolset>v110</PlatformToolset>
-    <CharacterSet>Unicode</CharacterSet>
-  </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
   <ImportGroup Label="ExtensionSettings">
   </ImportGroup>
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
-  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'" Label="PropertySheets">
-    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
-  </ImportGroup>
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
-  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'" Label="PropertySheets">
-    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
-  </ImportGroup>
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
-  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'" Label="PropertySheets">
-    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
-  </ImportGroup>
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
-  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'" Label="PropertySheets">
-    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
-  </ImportGroup>
   <PropertyGroup Label="UserMacros" />
   <PropertyGroup>
     <_ProjectFileVersion>11.0.61030.0</_ProjectFileVersion>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
     <OutDir>$(SolutionDir)$(Configuration)\</OutDir>
-    <IntDir>$(Configuration)\obj\</IntDir>
-    <LinkIncremental>true</LinkIncremental>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'">
-    <OutDir>$(SolutionDir)$(Configuration)\</OutDir>
-    <IntDir>$(Configuration)\obj\</IntDir>
+    <IntDir>$(Configuration)\</IntDir>
     <LinkIncremental>true</LinkIncremental>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
     <LinkIncremental>true</LinkIncremental>
-    <OutDir>$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>
-    <IntDir>$(Platform)\$(Configuration)\obj\</IntDir>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">
-    <LinkIncremental>true</LinkIncremental>
-    <OutDir>$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>
-    <IntDir>$(Platform)\$(Configuration)\obj\</IntDir>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
     <OutDir>$(SolutionDir)$(Configuration)\</OutDir>
-    <IntDir>$(Configuration)\obj\</IntDir>
-    <LinkIncremental>false</LinkIncremental>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'">
-    <OutDir>$(SolutionDir)$(Configuration)\</OutDir>
-    <IntDir>$(Configuration)\obj\</IntDir>
+    <IntDir>$(Configuration)\</IntDir>
     <LinkIncremental>false</LinkIncremental>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
     <LinkIncremental>false</LinkIncremental>
-    <OutDir>$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>
-    <IntDir>$(Platform)\$(Configuration)\obj\</IntDir>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">
-    <LinkIncremental>false</LinkIncremental>
-    <OutDir>$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>
-    <IntDir>$(Platform)\$(Configuration)\obj\</IntDir>
   </PropertyGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
     <ClCompile>
@@ -176,26 +102,6 @@
 
     </Link>
   </ItemDefinitionGroup>
-  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'">
-    <ClCompile>
-      <Optimization>Disabled</Optimization>
-      <AdditionalIncludeDirectories>../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>USE_ANY_ADDR;OPENSSL_EXTRA;NO_PSK;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
-      <MinimalRebuild>true</MinimalRebuild>
-      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
-      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
-      <PrecompiledHeader>
-      </PrecompiledHeader>
-      <WarningLevel>Level3</WarningLevel>
-      <DebugInformationFormat>EditAndContinue</DebugInformationFormat>
-    </ClCompile>
-    <Link>
-      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
-      <GenerateDebugInformation>true</GenerateDebugInformation>
-      <SubSystem>Console</SubSystem>
-      <TargetMachine>MachineX86</TargetMachine>
-    </Link>
-  </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
     <ClCompile>
       <Optimization>Disabled</Optimization>
@@ -214,24 +120,6 @@
       <SubSystem>Console</SubSystem>
     </Link>
   </ItemDefinitionGroup>
-  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">
-    <ClCompile>
-      <Optimization>Disabled</Optimization>
-      <AdditionalIncludeDirectories>../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>USE_ANY_ADDR;OPENSSL_EXTRA;NO_PSK;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
-      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
-      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
-      <PrecompiledHeader>
-      </PrecompiledHeader>
-      <WarningLevel>Level3</WarningLevel>
-      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
-    </ClCompile>
-    <Link>
-      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
-      <GenerateDebugInformation>true</GenerateDebugInformation>
-      <SubSystem>Console</SubSystem>
-    </Link>
-  </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
     <ClCompile>
       <Optimization>MaxSpeed</Optimization>
@@ -254,28 +142,6 @@
       <ImageHasSafeExceptionHandlers>false</ImageHasSafeExceptionHandlers>
     </Link>
   </ItemDefinitionGroup>
-  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'">
-    <ClCompile>
-      <Optimization>MaxSpeed</Optimization>
-      <IntrinsicFunctions>true</IntrinsicFunctions>
-      <AdditionalIncludeDirectories>../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>USE_ANY_ADDR;OPENSSL_EXTRA;NO_PSK;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
-      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
-      <FunctionLevelLinking>true</FunctionLevelLinking>
-      <PrecompiledHeader>
-      </PrecompiledHeader>
-      <WarningLevel>Level3</WarningLevel>
-      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
-    </ClCompile>
-    <Link>
-      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
-      <GenerateDebugInformation>true</GenerateDebugInformation>
-      <SubSystem>Console</SubSystem>
-      <OptimizeReferences>true</OptimizeReferences>
-      <EnableCOMDATFolding>true</EnableCOMDATFolding>
-      <TargetMachine>MachineX86</TargetMachine>
-    </Link>
-  </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
     <ClCompile>
       <Optimization>MaxSpeed</Optimization>
@@ -297,27 +163,6 @@
       <EnableCOMDATFolding>true</EnableCOMDATFolding>
     </Link>
   </ItemDefinitionGroup>
-  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">
-    <ClCompile>
-      <Optimization>MaxSpeed</Optimization>
-      <IntrinsicFunctions>true</IntrinsicFunctions>
-      <AdditionalIncludeDirectories>../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>USE_ANY_ADDR;OPENSSL_EXTRA;NO_PSK;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
-      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
-      <FunctionLevelLinking>true</FunctionLevelLinking>
-      <PrecompiledHeader>
-      </PrecompiledHeader>
-      <WarningLevel>Level3</WarningLevel>
-      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
-    </ClCompile>
-    <Link>
-      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
-      <GenerateDebugInformation>true</GenerateDebugInformation>
-      <SubSystem>Console</SubSystem>
-      <OptimizeReferences>true</OptimizeReferences>
-      <EnableCOMDATFolding>true</EnableCOMDATFolding>
-    </Link>
-  </ItemDefinitionGroup>
   <ItemGroup>
     <ClCompile Include="echoserver.c" />
   </ItemGroup>
diff --git a/examples/server/server.vcxproj b/examples/server/server.vcxproj
index f6b53fc57..dc31fd672 100644
--- a/examples/server/server.vcxproj
+++ b/examples/server/server.vcxproj
@@ -9,22 +9,6 @@
       <Configuration>Debug</Configuration>
       <Platform>x64</Platform>
     </ProjectConfiguration>
-    <ProjectConfiguration Include="DLL Debug|Win32">
-      <Configuration>DLL Debug</Configuration>
-      <Platform>Win32</Platform>
-    </ProjectConfiguration>
-    <ProjectConfiguration Include="DLL Debug|x64">
-      <Configuration>DLL Debug</Configuration>
-      <Platform>x64</Platform>
-    </ProjectConfiguration>
-    <ProjectConfiguration Include="DLL Release|Win32">
-      <Configuration>DLL Release</Configuration>
-      <Platform>Win32</Platform>
-    </ProjectConfiguration>
-    <ProjectConfiguration Include="DLL Release|x64">
-      <Configuration>DLL Release</Configuration>
-      <Platform>x64</Platform>
-    </ProjectConfiguration>
     <ProjectConfiguration Include="Release|Win32">
       <Configuration>Release</Configuration>
       <Platform>Win32</Platform>
@@ -46,114 +30,56 @@
     <CharacterSet>Unicode</CharacterSet>
     <WholeProgramOptimization>true</WholeProgramOptimization>
   </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'" Label="Configuration">
-    <ConfigurationType>Application</ConfigurationType>
-    <PlatformToolset>v110</PlatformToolset>
-    <CharacterSet>Unicode</CharacterSet>
-    <WholeProgramOptimization>true</WholeProgramOptimization>
-  </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
     <PlatformToolset>v110</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
     <WholeProgramOptimization>true</WholeProgramOptimization>
   </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'" Label="Configuration">
-    <ConfigurationType>Application</ConfigurationType>
-    <PlatformToolset>v110</PlatformToolset>
-    <CharacterSet>Unicode</CharacterSet>
-    <WholeProgramOptimization>true</WholeProgramOptimization>
-  </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
     <PlatformToolset>v110</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'" Label="Configuration">
-    <ConfigurationType>Application</ConfigurationType>
-    <PlatformToolset>v110</PlatformToolset>
-    <CharacterSet>Unicode</CharacterSet>
-  </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
     <PlatformToolset>v110</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'" Label="Configuration">
-    <ConfigurationType>Application</ConfigurationType>
-    <PlatformToolset>v110</PlatformToolset>
-    <CharacterSet>Unicode</CharacterSet>
-  </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
   <ImportGroup Label="ExtensionSettings">
   </ImportGroup>
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
-  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'" Label="PropertySheets">
-    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
-  </ImportGroup>
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
-  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'" Label="PropertySheets">
-    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
-  </ImportGroup>
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
-  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'" Label="PropertySheets">
-    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
-  </ImportGroup>
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
-  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'" Label="PropertySheets">
-    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
-  </ImportGroup>
   <PropertyGroup Label="UserMacros" />
   <PropertyGroup>
     <_ProjectFileVersion>11.0.61030.0</_ProjectFileVersion>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
     <OutDir>$(SolutionDir)$(Configuration)\</OutDir>
-    <IntDir>$(Configuration)\obj\</IntDir>
-    <LinkIncremental>true</LinkIncremental>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'">
-    <OutDir>$(SolutionDir)$(Configuration)\</OutDir>
-    <IntDir>$(Configuration)\obj\</IntDir>
+    <IntDir>$(Configuration)\</IntDir>
     <LinkIncremental>true</LinkIncremental>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
     <LinkIncremental>true</LinkIncremental>
-    <OutDir>$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>
-    <IntDir>$(Platform)\$(Configuration)\obj\</IntDir>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">
-    <LinkIncremental>true</LinkIncremental>
-    <OutDir>$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>
-    <IntDir>$(Platform)\$(Configuration)\obj\</IntDir>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
     <OutDir>$(SolutionDir)$(Configuration)\</OutDir>
-    <IntDir>$(Configuration)\obj\</IntDir>
-    <LinkIncremental>false</LinkIncremental>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'">
-    <OutDir>$(SolutionDir)$(Configuration)\</OutDir>
-    <IntDir>$(Configuration)\obj\</IntDir>
+    <IntDir>$(Configuration)\</IntDir>
     <LinkIncremental>false</LinkIncremental>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
     <LinkIncremental>false</LinkIncremental>
-    <OutDir>$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>
-    <IntDir>$(Platform)\$(Configuration)\obj\</IntDir>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">
-    <LinkIncremental>false</LinkIncremental>
-    <OutDir>$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>
-    <IntDir>$(Platform)\$(Configuration)\obj\</IntDir>
   </PropertyGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
     <ClCompile>
@@ -176,26 +102,6 @@
 
     </Link>
   </ItemDefinitionGroup>
-  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'">
-    <ClCompile>
-      <Optimization>Disabled</Optimization>
-      <AdditionalIncludeDirectories>../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;OPENSSL_EXTRA;NO_PSK;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
-      <MinimalRebuild>true</MinimalRebuild>
-      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
-      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
-      <PrecompiledHeader>
-      </PrecompiledHeader>
-      <WarningLevel>Level3</WarningLevel>
-      <DebugInformationFormat>EditAndContinue</DebugInformationFormat>
-    </ClCompile>
-    <Link>
-      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
-      <GenerateDebugInformation>true</GenerateDebugInformation>
-      <SubSystem>Console</SubSystem>
-      <TargetMachine>MachineX86</TargetMachine>
-    </Link>
-  </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
     <ClCompile>
       <Optimization>Disabled</Optimization>
@@ -214,24 +120,6 @@
       <SubSystem>Console</SubSystem>
     </Link>
   </ItemDefinitionGroup>
-  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">
-    <ClCompile>
-      <Optimization>Disabled</Optimization>
-      <AdditionalIncludeDirectories>../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;OPENSSL_EXTRA;NO_PSK;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
-      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
-      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
-      <PrecompiledHeader>
-      </PrecompiledHeader>
-      <WarningLevel>Level3</WarningLevel>
-      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
-    </ClCompile>
-    <Link>
-      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
-      <GenerateDebugInformation>true</GenerateDebugInformation>
-      <SubSystem>Console</SubSystem>
-    </Link>
-  </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
     <ClCompile>
       <Optimization>MaxSpeed</Optimization>
@@ -255,28 +143,6 @@
 
     </Link>
   </ItemDefinitionGroup>
-  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'">
-    <ClCompile>
-      <Optimization>MaxSpeed</Optimization>
-      <IntrinsicFunctions>true</IntrinsicFunctions>
-      <AdditionalIncludeDirectories>../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;OPENSSL_EXTRA;NO_PSK;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
-      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
-      <FunctionLevelLinking>true</FunctionLevelLinking>
-      <PrecompiledHeader>
-      </PrecompiledHeader>
-      <WarningLevel>Level3</WarningLevel>
-      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
-    </ClCompile>
-    <Link>
-      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
-      <GenerateDebugInformation>true</GenerateDebugInformation>
-      <SubSystem>Console</SubSystem>
-      <OptimizeReferences>true</OptimizeReferences>
-      <EnableCOMDATFolding>true</EnableCOMDATFolding>
-      <TargetMachine>MachineX86</TargetMachine>
-    </Link>
-  </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
     <ClCompile>
       <Optimization>MaxSpeed</Optimization>
@@ -298,27 +164,6 @@
       <EnableCOMDATFolding>true</EnableCOMDATFolding>
     </Link>
   </ItemDefinitionGroup>
-  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">
-    <ClCompile>
-      <Optimization>MaxSpeed</Optimization>
-      <IntrinsicFunctions>true</IntrinsicFunctions>
-      <AdditionalIncludeDirectories>../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;OPENSSL_EXTRA;NO_PSK;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
-      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
-      <FunctionLevelLinking>true</FunctionLevelLinking>
-      <PrecompiledHeader>
-      </PrecompiledHeader>
-      <WarningLevel>Level3</WarningLevel>
-      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
-    </ClCompile>
-    <Link>
-      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
-      <GenerateDebugInformation>true</GenerateDebugInformation>
-      <SubSystem>Console</SubSystem>
-      <OptimizeReferences>true</OptimizeReferences>
-      <EnableCOMDATFolding>true</EnableCOMDATFolding>
-    </Link>
-  </ItemDefinitionGroup>
   <ItemGroup>
     <ClCompile Include="server.c" />
   </ItemGroup>
diff --git a/src/internal.c b/src/internal.c
index 39e3beb90..4f644fd2f 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -7589,8 +7589,6 @@ startScr:
             if (ssl->error == SOCKET_ERROR_E) {
                 if (ssl->options.connReset || ssl->options.isClosed) {
                     WOLFSSL_MSG("Peer reset or closed, connection done");
-                    ssl->error = SOCKET_PEER_CLOSED_E;
-                    WOLFSSL_ERROR(ssl->error);
                     return 0;     /* peer reset or closed */
                 }
             }
@@ -8004,12 +8002,6 @@ const char* wolfSSL_ERR_reason_error_string(unsigned long e)
     case DUPLICATE_MSG_E:
         return "Duplicate HandShake message Error";
 
-    case SNI_UNSUPPORTED:
-        return "Protocol version does not support SNI Error";
-
-    case SOCKET_PEER_CLOSED_E:
-        return "Peer closed underlying transport Error";
-
     default :
         return "unknown error number";
     }
diff --git a/sslSniffer/sslSniffer.vcxproj b/sslSniffer/sslSniffer.vcxproj
index 56404e997..7419737c1 100644
--- a/sslSniffer/sslSniffer.vcxproj
+++ b/sslSniffer/sslSniffer.vcxproj
@@ -67,23 +67,19 @@
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
     <OutDir>$(SolutionDir)$(Configuration)\</OutDir>
-    <IntDir>$(Configuration)\obj\</IntDir>
+    <IntDir>$(Configuration)\</IntDir>
     <LinkIncremental>true</LinkIncremental>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
     <LinkIncremental>true</LinkIncremental>
-    <OutDir>$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>
-    <IntDir>$(Platform)\$(Configuration)\obj\</IntDir>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
     <OutDir>$(SolutionDir)$(Configuration)\</OutDir>
-    <IntDir>$(Configuration)\obj\</IntDir>
+    <IntDir>$(Configuration)\</IntDir>
     <LinkIncremental>false</LinkIncremental>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
     <LinkIncremental>false</LinkIncremental>
-    <OutDir>$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>
-    <IntDir>$(Platform)\$(Configuration)\obj\</IntDir>
   </PropertyGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
     <ClCompile>
@@ -170,7 +166,7 @@
     <ClCompile Include="..\src\sniffer.c" />
   </ItemGroup>
   <ItemGroup>
-    <ClInclude Include="..\wolfssl\sniffer.h" />
+    <ClInclude Include="..\include\sniffer.h" />
   </ItemGroup>
   <ItemGroup>
     <ResourceCompile Include="..\wolfssl\sniffer_error.rc" />
diff --git a/support/wolfssl.pc b/support/wolfssl.pc
index c07ae3ea2..1265e7ce0 100644
--- a/support/wolfssl.pc
+++ b/support/wolfssl.pc
@@ -5,6 +5,6 @@ includedir=${prefix}/include
 
 Name: wolfssl
 Description: wolfssl C library.
-Version: 3.4.8
+Version: 3.4.7
 Libs: -L${libdir} -lwolfssl
 Cflags: -I${includedir}
diff --git a/testsuite/testsuite.vcxproj b/testsuite/testsuite.vcxproj
index 484a87584..f7d5f16b5 100644
--- a/testsuite/testsuite.vcxproj
+++ b/testsuite/testsuite.vcxproj
@@ -9,22 +9,6 @@
       <Configuration>Debug</Configuration>
       <Platform>x64</Platform>
     </ProjectConfiguration>
-    <ProjectConfiguration Include="DLL Debug|Win32">
-      <Configuration>DLL Debug</Configuration>
-      <Platform>Win32</Platform>
-    </ProjectConfiguration>
-    <ProjectConfiguration Include="DLL Debug|x64">
-      <Configuration>DLL Debug</Configuration>
-      <Platform>x64</Platform>
-    </ProjectConfiguration>
-    <ProjectConfiguration Include="DLL Release|Win32">
-      <Configuration>DLL Release</Configuration>
-      <Platform>Win32</Platform>
-    </ProjectConfiguration>
-    <ProjectConfiguration Include="DLL Release|x64">
-      <Configuration>DLL Release</Configuration>
-      <Platform>x64</Platform>
-    </ProjectConfiguration>
     <ProjectConfiguration Include="Release|Win32">
       <Configuration>Release</Configuration>
       <Platform>Win32</Platform>
@@ -46,114 +30,56 @@
     <CharacterSet>Unicode</CharacterSet>
     <WholeProgramOptimization>true</WholeProgramOptimization>
   </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'" Label="Configuration">
-    <ConfigurationType>Application</ConfigurationType>
-    <PlatformToolset>v110</PlatformToolset>
-    <CharacterSet>Unicode</CharacterSet>
-    <WholeProgramOptimization>true</WholeProgramOptimization>
-  </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
     <PlatformToolset>v110</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
     <WholeProgramOptimization>true</WholeProgramOptimization>
   </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'" Label="Configuration">
-    <ConfigurationType>Application</ConfigurationType>
-    <PlatformToolset>v110</PlatformToolset>
-    <CharacterSet>Unicode</CharacterSet>
-    <WholeProgramOptimization>true</WholeProgramOptimization>
-  </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
     <PlatformToolset>v110</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'" Label="Configuration">
-    <ConfigurationType>Application</ConfigurationType>
-    <PlatformToolset>v110</PlatformToolset>
-    <CharacterSet>Unicode</CharacterSet>
-  </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
     <PlatformToolset>v110</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'" Label="Configuration">
-    <ConfigurationType>Application</ConfigurationType>
-    <PlatformToolset>v110</PlatformToolset>
-    <CharacterSet>Unicode</CharacterSet>
-  </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
   <ImportGroup Label="ExtensionSettings">
   </ImportGroup>
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
-  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'" Label="PropertySheets">
-    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
-  </ImportGroup>
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
-  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'" Label="PropertySheets">
-    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
-  </ImportGroup>
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
-  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'" Label="PropertySheets">
-    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
-  </ImportGroup>
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
-  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'" Label="PropertySheets">
-    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
-  </ImportGroup>
   <PropertyGroup Label="UserMacros" />
   <PropertyGroup>
     <_ProjectFileVersion>11.0.61030.0</_ProjectFileVersion>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
     <OutDir>$(SolutionDir)$(Configuration)\</OutDir>
-    <IntDir>$(Configuration)\obj\</IntDir>
-    <LinkIncremental>true</LinkIncremental>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'">
-    <OutDir>$(SolutionDir)$(Configuration)\</OutDir>
-    <IntDir>$(Configuration)\obj\</IntDir>
+    <IntDir>$(Configuration)\</IntDir>
     <LinkIncremental>true</LinkIncremental>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
     <LinkIncremental>true</LinkIncremental>
-    <OutDir>$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>
-    <IntDir>$(Platform)\$(Configuration)\obj\</IntDir>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">
-    <LinkIncremental>true</LinkIncremental>
-    <OutDir>$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>
-    <IntDir>$(Platform)\$(Configuration)\obj\</IntDir>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
     <OutDir>$(SolutionDir)$(Configuration)\</OutDir>
-    <IntDir>$(Configuration)\obj\</IntDir>
-    <LinkIncremental>false</LinkIncremental>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'">
-    <OutDir>$(SolutionDir)$(Configuration)\</OutDir>
-    <IntDir>$(Configuration)\obj\</IntDir>
+    <IntDir>$(Configuration)\</IntDir>
     <LinkIncremental>false</LinkIncremental>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
     <LinkIncremental>false</LinkIncremental>
-    <OutDir>$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>
-    <IntDir>$(Platform)\$(Configuration)\obj\</IntDir>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">
-    <LinkIncremental>false</LinkIncremental>
-    <OutDir>$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>
-    <IntDir>$(Platform)\$(Configuration)\obj\</IntDir>
   </PropertyGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
     <ClCompile>
@@ -175,26 +101,6 @@
     <ImageHasSafeExceptionHandlers>false</ImageHasSafeExceptionHandlers>
     </Link>
   </ItemDefinitionGroup>
-  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'">
-    <ClCompile>
-      <Optimization>Disabled</Optimization>
-      <AdditionalIncludeDirectories>../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>NO_MAIN_DRIVER;WOLFSSL_RIPEMD;WOLFSSL_SHA512;OPENSSL_EXTRA;NO_PSK;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
-      <MinimalRebuild>true</MinimalRebuild>
-      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
-      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
-      <PrecompiledHeader>
-      </PrecompiledHeader>
-      <WarningLevel>Level3</WarningLevel>
-      <DebugInformationFormat>EditAndContinue</DebugInformationFormat>
-    </ClCompile>
-    <Link>
-      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
-      <GenerateDebugInformation>true</GenerateDebugInformation>
-      <SubSystem>Console</SubSystem>
-      <TargetMachine>MachineX86</TargetMachine>
-    </Link>
-  </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
     <ClCompile>
       <Optimization>Disabled</Optimization>
@@ -213,24 +119,6 @@
       <SubSystem>Console</SubSystem>
     </Link>
   </ItemDefinitionGroup>
-  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">
-    <ClCompile>
-      <Optimization>Disabled</Optimization>
-      <AdditionalIncludeDirectories>../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>NO_MAIN_DRIVER;WOLFSSL_RIPEMD;WOLFSSL_SHA512;OPENSSL_EXTRA;NO_PSK;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
-      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
-      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
-      <PrecompiledHeader>
-      </PrecompiledHeader>
-      <WarningLevel>Level3</WarningLevel>
-      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
-    </ClCompile>
-    <Link>
-      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
-      <GenerateDebugInformation>true</GenerateDebugInformation>
-      <SubSystem>Console</SubSystem>
-    </Link>
-  </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
     <ClCompile>
       <Optimization>MaxSpeed</Optimization>
@@ -253,28 +141,6 @@
       <ImageHasSafeExceptionHandlers>false</ImageHasSafeExceptionHandlers>
     </Link>
   </ItemDefinitionGroup>
-  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'">
-    <ClCompile>
-      <Optimization>MaxSpeed</Optimization>
-      <IntrinsicFunctions>true</IntrinsicFunctions>
-      <AdditionalIncludeDirectories>../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>NO_MAIN_DRIVER;WOLFSSL_RIPEMD;WOLFSSL_SHA512;OPENSSL_EXTRA;NO_PSK;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
-      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
-      <FunctionLevelLinking>true</FunctionLevelLinking>
-      <PrecompiledHeader>
-      </PrecompiledHeader>
-      <WarningLevel>Level3</WarningLevel>
-      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
-    </ClCompile>
-    <Link>
-      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
-      <GenerateDebugInformation>true</GenerateDebugInformation>
-      <SubSystem>Console</SubSystem>
-      <OptimizeReferences>true</OptimizeReferences>
-      <EnableCOMDATFolding>true</EnableCOMDATFolding>
-      <TargetMachine>MachineX86</TargetMachine>
-    </Link>
-  </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
     <ClCompile>
       <Optimization>MaxSpeed</Optimization>
@@ -296,27 +162,6 @@
       <EnableCOMDATFolding>true</EnableCOMDATFolding>
     </Link>
   </ItemDefinitionGroup>
-  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">
-    <ClCompile>
-      <Optimization>MaxSpeed</Optimization>
-      <IntrinsicFunctions>true</IntrinsicFunctions>
-      <AdditionalIncludeDirectories>../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>NO_MAIN_DRIVER;WOLFSSL_RIPEMD;WOLFSSL_SHA512;OPENSSL_EXTRA;NO_PSK;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
-      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
-      <FunctionLevelLinking>true</FunctionLevelLinking>
-      <PrecompiledHeader>
-      </PrecompiledHeader>
-      <WarningLevel>Level3</WarningLevel>
-      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
-    </ClCompile>
-    <Link>
-      <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
-      <GenerateDebugInformation>true</GenerateDebugInformation>
-      <SubSystem>Console</SubSystem>
-      <OptimizeReferences>true</OptimizeReferences>
-      <EnableCOMDATFolding>true</EnableCOMDATFolding>
-    </Link>
-  </ItemDefinitionGroup>
   <ItemGroup>
     <ClCompile Include="..\examples\client\client.c" />
     <ClCompile Include="..\examples\echoclient\echoclient.c" />
diff --git a/wolfssl.vcxproj b/wolfssl.vcxproj
index 8a95297e1..cf057198a 100644
--- a/wolfssl.vcxproj
+++ b/wolfssl.vcxproj
@@ -9,22 +9,6 @@
       <Configuration>Debug</Configuration>
       <Platform>x64</Platform>
     </ProjectConfiguration>
-    <ProjectConfiguration Include="DLL Debug|Win32">
-      <Configuration>DLL Debug</Configuration>
-      <Platform>Win32</Platform>
-    </ProjectConfiguration>
-    <ProjectConfiguration Include="DLL Debug|x64">
-      <Configuration>DLL Debug</Configuration>
-      <Platform>x64</Platform>
-    </ProjectConfiguration>
-    <ProjectConfiguration Include="DLL Release|Win32">
-      <Configuration>DLL Release</Configuration>
-      <Platform>Win32</Platform>
-    </ProjectConfiguration>
-    <ProjectConfiguration Include="DLL Release|x64">
-      <Configuration>DLL Release</Configuration>
-      <Platform>x64</Platform>
-    </ProjectConfiguration>
     <ProjectConfiguration Include="Release|Win32">
       <Configuration>Release</Configuration>
       <Platform>Win32</Platform>
@@ -46,104 +30,51 @@
     <CharacterSet>Unicode</CharacterSet>
     <WholeProgramOptimization>true</WholeProgramOptimization>
   </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'" Label="Configuration">
-    <ConfigurationType>DynamicLibrary</ConfigurationType>
-    <PlatformToolset>v110</PlatformToolset>
-    <CharacterSet>Unicode</CharacterSet>
-    <WholeProgramOptimization>true</WholeProgramOptimization>
-  </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
     <ConfigurationType>StaticLibrary</ConfigurationType>
     <PlatformToolset>v110</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
     <WholeProgramOptimization>true</WholeProgramOptimization>
   </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'" Label="Configuration">
-    <ConfigurationType>DynamicLibrary</ConfigurationType>
-    <PlatformToolset>v110</PlatformToolset>
-    <CharacterSet>Unicode</CharacterSet>
-    <WholeProgramOptimization>true</WholeProgramOptimization>
-  </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
     <ConfigurationType>StaticLibrary</ConfigurationType>
     <PlatformToolset>v110</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'" Label="Configuration">
-    <ConfigurationType>DynamicLibrary</ConfigurationType>
-    <PlatformToolset>v110</PlatformToolset>
-    <CharacterSet>Unicode</CharacterSet>
-  </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
     <ConfigurationType>StaticLibrary</ConfigurationType>
     <PlatformToolset>v110</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'" Label="Configuration">
-    <ConfigurationType>DynamicLibrary</ConfigurationType>
-    <PlatformToolset>v110</PlatformToolset>
-    <CharacterSet>Unicode</CharacterSet>
-  </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
   <ImportGroup Label="ExtensionSettings">
   </ImportGroup>
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
-  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'" Label="PropertySheets">
-    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
-  </ImportGroup>
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
-  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'" Label="PropertySheets">
-    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
-  </ImportGroup>
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
-  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'" Label="PropertySheets">
-    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
-  </ImportGroup>
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
-  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'" Label="PropertySheets">
-    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
-  </ImportGroup>
   <PropertyGroup Label="UserMacros" />
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
-    <OutDir>$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>
-    <IntDir>$(Platform)\$(Configuration)\obj\</IntDir>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
-    <OutDir>$(SolutionDir)$(Configuration)\</OutDir>
-    <IntDir>$(Configuration)\obj\</IntDir>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
-    <OutDir>$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>
-    <IntDir>$(Platform)\$(Configuration)\obj\</IntDir>
+  <PropertyGroup>
+    <_ProjectFileVersion>11.0.61030.0</_ProjectFileVersion>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
     <OutDir>$(SolutionDir)$(Configuration)\</OutDir>
-    <IntDir>$(Configuration)\obj\</IntDir>
+    <IntDir>$(Configuration)\</IntDir>
   </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">
-    <OutDir>$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>
-    <IntDir>$(Platform)\$(Configuration)\obj\</IntDir>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'">
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
     <OutDir>$(SolutionDir)$(Configuration)\</OutDir>
-    <IntDir>$(Configuration)\obj\</IntDir>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">
-    <OutDir>$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>
-    <IntDir>$(Platform)\$(Configuration)\obj\</IntDir>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'">
-    <OutDir>$(SolutionDir)$(Configuration)\</OutDir>
-    <IntDir>$(Configuration)\obj\</IntDir>
+    <IntDir>$(Configuration)\</IntDir>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" />
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
     <ClCompile>
       <Optimization>Disabled</Optimization>
@@ -158,26 +89,6 @@
       <DisableSpecificWarnings>4206;4214;4706;%(DisableSpecificWarnings)</DisableSpecificWarnings>
     </ClCompile>
   </ItemDefinitionGroup>
-  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'">
-    <ClCompile>
-      <Optimization>Disabled</Optimization>
-      <AdditionalIncludeDirectories>./;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>OPENSSL_EXTRA;WOLFSSL_RIPEMD;WOLFSSL_SHA512;NO_PSK;BUILDING_WOLFSSL;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
-      <MinimalRebuild>true</MinimalRebuild>
-      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
-      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
-      <PrecompiledHeader>
-      </PrecompiledHeader>
-      <WarningLevel>Level4</WarningLevel>
-      <DebugInformationFormat>EditAndContinue</DebugInformationFormat>
-      <DisableSpecificWarnings>4206;4214;4706;%(DisableSpecificWarnings)</DisableSpecificWarnings>
-    </ClCompile>
-    <Link>
-      <AdditionalDependencies>ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
-      <OptimizeReferences>false</OptimizeReferences>
-      <GenerateDebugInformation>true</GenerateDebugInformation>
-    </Link>
-  </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
     <ClCompile>
       <Optimization>Disabled</Optimization>
@@ -192,25 +103,6 @@
       <DisableSpecificWarnings>4206;4214;4706;%(DisableSpecificWarnings)</DisableSpecificWarnings>
     </ClCompile>
   </ItemDefinitionGroup>
-  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">
-    <ClCompile>
-      <Optimization>Disabled</Optimization>
-      <AdditionalIncludeDirectories>./;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>OPENSSL_EXTRA;WOLFSSL_RIPEMD;WOLFSSL_SHA512;NO_PSK;BUILDING_WOLFSSL;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
-      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
-      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
-      <PrecompiledHeader>
-      </PrecompiledHeader>
-      <WarningLevel>Level4</WarningLevel>
-      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
-      <DisableSpecificWarnings>4206;4214;4706;%(DisableSpecificWarnings)</DisableSpecificWarnings>
-    </ClCompile>
-    <Link>
-      <AdditionalDependencies>ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
-      <OptimizeReferences>false</OptimizeReferences>
-      <GenerateDebugInformation>true</GenerateDebugInformation>
-    </Link>
-  </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
     <ClCompile>
       <Optimization>MaxSpeed</Optimization>
@@ -224,24 +116,6 @@
       <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
     </ClCompile>
   </ItemDefinitionGroup>
-  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'">
-    <ClCompile>
-      <Optimization>MaxSpeed</Optimization>
-      <IntrinsicFunctions>true</IntrinsicFunctions>
-      <AdditionalIncludeDirectories>./;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>OPENSSL_EXTRA;WOLFSSL_RIPEMD;WOLFSSL_SHA512;NO_PSK;BUILDING_WOLFSSL;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
-      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
-      <FunctionLevelLinking>true</FunctionLevelLinking>
-      <PrecompiledHeader>
-      </PrecompiledHeader>
-      <WarningLevel>Level3</WarningLevel>
-      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
-    </ClCompile>
-    <Link>
-      <AdditionalDependencies>ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
-      <GenerateDebugInformation>true</GenerateDebugInformation>
-    </Link>
-  </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
     <ClCompile>
       <Optimization>MaxSpeed</Optimization>
@@ -256,24 +130,6 @@
       <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
     </ClCompile>
   </ItemDefinitionGroup>
-  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">
-    <ClCompile>
-      <Optimization>MaxSpeed</Optimization>
-      <IntrinsicFunctions>true</IntrinsicFunctions>
-      <AdditionalIncludeDirectories>./;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>OPENSSL_EXTRA;WOLFSSL_RIPEMD;WOLFSSL_SHA512;NO_PSK;BUILDING_WOLFSSL;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
-      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
-      <FunctionLevelLinking>true</FunctionLevelLinking>
-      <PrecompiledHeader>
-      </PrecompiledHeader>
-      <WarningLevel>Level3</WarningLevel>
-      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
-    </ClCompile>
-    <Link>
-      <AdditionalDependencies>ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
-      <GenerateDebugInformation>true</GenerateDebugInformation>
-    </Link>
-  </ItemDefinitionGroup>
   <ItemGroup>
     <ClCompile Include="wolfcrypt\src\aes.c" />
     <ClCompile Include="wolfcrypt\src\arc4.c" />
@@ -313,20 +169,14 @@
   <ItemGroup>
     <CustomBuild Include="wolfcrypt\src\aes_asm.asm">
       <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">false</ExcludedFromBuild>
-      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">false</ExcludedFromBuild>
       <Command Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity)</Command>
-      <Command Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
       <Outputs Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">$(OutDir)%(Filename).obj</Outputs>
-      <Outputs Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">$(IntDir)%(Filename).obj</Outputs>
       <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">false</ExcludedFromBuild>
-      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">false</ExcludedFromBuild>
       <Command Condition="'$(Configuration)|$(Platform)'=='Release|x64'">ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity)</Command>
-      <Command Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
       <Outputs Condition="'$(Configuration)|$(Platform)'=='Release|x64'">$(OutDir)%(Filename).obj</Outputs>
-      <Outputs Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">$(IntDir)%(Filename).obj</Outputs>
     </CustomBuild>
   </ItemGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
   <ImportGroup Label="ExtensionTargets">
   </ImportGroup>
-</Project>
\ No newline at end of file
+</Project>
diff --git a/wolfssl/error-ssl.h b/wolfssl/error-ssl.h
index 0df2edb6e..732240382 100644
--- a/wolfssl/error-ssl.h
+++ b/wolfssl/error-ssl.h
@@ -127,7 +127,6 @@ enum wolfSSL_ErrorCodes {
     SANITY_MSG_E            = -394,        /* Sanity check on msg order error */
     DUPLICATE_MSG_E         = -395,        /* Duplicate message error */
     SNI_UNSUPPORTED         = -396,        /* SSL 3.0 does not support SNI */
-    SOCKET_PEER_CLOSED_E    = -397,        /* Underlying transport closed */
 
     /* add strings to SetErrorString !!!!! */
 
diff --git a/wolfssl/version.h b/wolfssl/version.h
index c76e07613..54e92ffc0 100644
--- a/wolfssl/version.h
+++ b/wolfssl/version.h
@@ -26,8 +26,8 @@
 extern "C" {
 #endif
 
-#define LIBWOLFSSL_VERSION_STRING "3.4.8"
-#define LIBWOLFSSL_VERSION_HEX 0x03004008
+#define LIBWOLFSSL_VERSION_STRING "3.4.7"
+#define LIBWOLFSSL_VERSION_HEX 0x03004007
 
 #ifdef __cplusplus
 }
diff --git a/wolfssl/wolfcrypt/visibility.h b/wolfssl/wolfcrypt/visibility.h
index 6e41d238f..05fd4754b 100644
--- a/wolfssl/wolfcrypt/visibility.h
+++ b/wolfssl/wolfcrypt/visibility.h
@@ -47,7 +47,7 @@
         #define WOLFSSL_LOCAL __hidden
     #elif defined(_MSC_VER)
         #ifdef WOLFSSL_DLL
-            #define WOLFSSL_API __declspec(dllexport)
+            #define WOLFSSL_API extern __declspec(dllexport)
         #else
             #define WOLFSSL_API
         #endif
@@ -59,7 +59,7 @@
 #else /* BUILDING_WOLFSSL */
     #if defined(_MSC_VER)
         #ifdef WOLFSSL_DLL
-            #define WOLFSSL_API __declspec(dllimport)
+            #define WOLFSSL_API extern __declspec(dllimport)
         #else
             #define WOLFSSL_API
         #endif
diff --git a/wolfssl64.sln b/wolfssl64.sln
index 5e17787dc..223ad75da 100644
--- a/wolfssl64.sln
+++ b/wolfssl64.sln
@@ -1,6 +1,6 @@
 
 Microsoft Visual Studio Solution File, Format Version 12.00
-# Visual Studio 2010
+# Visual Studio Express 2012 for Windows Desktop
 Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "wolfssl", "wolfssl.vcxproj", "{73973223-5EE8-41CA-8E88-1D60E89A237B}"
 EndProject
 Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "testsuite", "testsuite\testsuite.vcxproj", "{611E8971-46E0-4D0A-B5A1-632C3B00CB80}"
@@ -19,10 +19,6 @@ Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Win32 = Debug|Win32
 		Debug|x64 = Debug|x64
-		DLL Debug|Win32 = DLL Debug|Win32
-		DLL Debug|x64 = DLL Debug|x64
-		DLL Release|Win32 = DLL Release|Win32
-		DLL Release|x64 = DLL Release|x64
 		Release|Win32 = Release|Win32
 		Release|x64 = Release|x64
 	EndGlobalSection
@@ -31,14 +27,6 @@ Global
 		{73973223-5EE8-41CA-8E88-1D60E89A237B}.Debug|Win32.Build.0 = Debug|Win32
 		{73973223-5EE8-41CA-8E88-1D60E89A237B}.Debug|x64.ActiveCfg = Debug|x64
 		{73973223-5EE8-41CA-8E88-1D60E89A237B}.Debug|x64.Build.0 = Debug|x64
-		{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Debug|Win32.ActiveCfg = DLL Debug|Win32
-		{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Debug|Win32.Build.0 = DLL Debug|Win32
-		{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Debug|x64.ActiveCfg = DLL Debug|x64
-		{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Debug|x64.Build.0 = DLL Debug|x64
-		{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Release|Win32.ActiveCfg = DLL Release|Win32
-		{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Release|Win32.Build.0 = DLL Release|Win32
-		{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Release|x64.ActiveCfg = DLL Release|x64
-		{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Release|x64.Build.0 = DLL Release|x64
 		{73973223-5EE8-41CA-8E88-1D60E89A237B}.Release|Win32.ActiveCfg = Release|Win32
 		{73973223-5EE8-41CA-8E88-1D60E89A237B}.Release|Win32.Build.0 = Release|Win32
 		{73973223-5EE8-41CA-8E88-1D60E89A237B}.Release|x64.ActiveCfg = Release|x64
@@ -47,14 +35,6 @@ Global
 		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Debug|Win32.Build.0 = Debug|Win32
 		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Debug|x64.ActiveCfg = Debug|x64
 		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Debug|x64.Build.0 = Debug|x64
-		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Debug|Win32.ActiveCfg = DLL Debug|Win32
-		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Debug|Win32.Build.0 = DLL Debug|Win32
-		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Debug|x64.ActiveCfg = DLL Debug|x64
-		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Debug|x64.Build.0 = DLL Debug|x64
-		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Release|Win32.ActiveCfg = DLL Release|Win32
-		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Release|Win32.Build.0 = DLL Release|Win32
-		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Release|x64.ActiveCfg = DLL Release|x64
-		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.DLL Release|x64.Build.0 = DLL Release|x64
 		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Release|Win32.ActiveCfg = Release|Win32
 		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Release|Win32.Build.0 = Release|Win32
 		{611E8971-46E0-4D0A-B5A1-632C3B00CB80}.Release|x64.ActiveCfg = Release|x64
@@ -63,10 +43,6 @@ Global
 		{34FAE5A6-2B0F-4B55-86FE-0C43E4810F4D}.Debug|Win32.Build.0 = Debug|Win32
 		{34FAE5A6-2B0F-4B55-86FE-0C43E4810F4D}.Debug|x64.ActiveCfg = Debug|x64
 		{34FAE5A6-2B0F-4B55-86FE-0C43E4810F4D}.Debug|x64.Build.0 = Debug|x64
-		{34FAE5A6-2B0F-4B55-86FE-0C43E4810F4D}.DLL Debug|Win32.ActiveCfg = Debug|Win32
-		{34FAE5A6-2B0F-4B55-86FE-0C43E4810F4D}.DLL Debug|x64.ActiveCfg = Debug|x64
-		{34FAE5A6-2B0F-4B55-86FE-0C43E4810F4D}.DLL Release|Win32.ActiveCfg = Release|Win32
-		{34FAE5A6-2B0F-4B55-86FE-0C43E4810F4D}.DLL Release|x64.ActiveCfg = Release|x64
 		{34FAE5A6-2B0F-4B55-86FE-0C43E4810F4D}.Release|Win32.ActiveCfg = Release|Win32
 		{34FAE5A6-2B0F-4B55-86FE-0C43E4810F4D}.Release|Win32.Build.0 = Release|Win32
 		{34FAE5A6-2B0F-4B55-86FE-0C43E4810F4D}.Release|x64.ActiveCfg = Release|x64
@@ -75,14 +51,6 @@ Global
 		{07D97C48-E08F-4E34-9F67-3064039FF2CB}.Debug|Win32.Build.0 = Debug|Win32
 		{07D97C48-E08F-4E34-9F67-3064039FF2CB}.Debug|x64.ActiveCfg = Debug|x64
 		{07D97C48-E08F-4E34-9F67-3064039FF2CB}.Debug|x64.Build.0 = Debug|x64
-		{07D97C48-E08F-4E34-9F67-3064039FF2CB}.DLL Debug|Win32.ActiveCfg = DLL Debug|Win32
-		{07D97C48-E08F-4E34-9F67-3064039FF2CB}.DLL Debug|Win32.Build.0 = DLL Debug|Win32
-		{07D97C48-E08F-4E34-9F67-3064039FF2CB}.DLL Debug|x64.ActiveCfg = DLL Debug|x64
-		{07D97C48-E08F-4E34-9F67-3064039FF2CB}.DLL Debug|x64.Build.0 = DLL Debug|x64
-		{07D97C48-E08F-4E34-9F67-3064039FF2CB}.DLL Release|Win32.ActiveCfg = DLL Release|Win32
-		{07D97C48-E08F-4E34-9F67-3064039FF2CB}.DLL Release|Win32.Build.0 = DLL Release|Win32
-		{07D97C48-E08F-4E34-9F67-3064039FF2CB}.DLL Release|x64.ActiveCfg = DLL Release|x64
-		{07D97C48-E08F-4E34-9F67-3064039FF2CB}.DLL Release|x64.Build.0 = DLL Release|x64
 		{07D97C48-E08F-4E34-9F67-3064039FF2CB}.Release|Win32.ActiveCfg = Release|Win32
 		{07D97C48-E08F-4E34-9F67-3064039FF2CB}.Release|Win32.Build.0 = Release|Win32
 		{07D97C48-E08F-4E34-9F67-3064039FF2CB}.Release|x64.ActiveCfg = Release|x64
@@ -91,14 +59,6 @@ Global
 		{8362A816-C5DC-4E22-B5C5-9E6806387073}.Debug|Win32.Build.0 = Debug|Win32
 		{8362A816-C5DC-4E22-B5C5-9E6806387073}.Debug|x64.ActiveCfg = Debug|x64
 		{8362A816-C5DC-4E22-B5C5-9E6806387073}.Debug|x64.Build.0 = Debug|x64
-		{8362A816-C5DC-4E22-B5C5-9E6806387073}.DLL Debug|Win32.ActiveCfg = DLL Debug|Win32
-		{8362A816-C5DC-4E22-B5C5-9E6806387073}.DLL Debug|Win32.Build.0 = DLL Debug|Win32
-		{8362A816-C5DC-4E22-B5C5-9E6806387073}.DLL Debug|x64.ActiveCfg = DLL Debug|x64
-		{8362A816-C5DC-4E22-B5C5-9E6806387073}.DLL Debug|x64.Build.0 = DLL Debug|x64
-		{8362A816-C5DC-4E22-B5C5-9E6806387073}.DLL Release|Win32.ActiveCfg = DLL Release|Win32
-		{8362A816-C5DC-4E22-B5C5-9E6806387073}.DLL Release|Win32.Build.0 = DLL Release|Win32
-		{8362A816-C5DC-4E22-B5C5-9E6806387073}.DLL Release|x64.ActiveCfg = DLL Release|x64
-		{8362A816-C5DC-4E22-B5C5-9E6806387073}.DLL Release|x64.Build.0 = DLL Release|x64
 		{8362A816-C5DC-4E22-B5C5-9E6806387073}.Release|Win32.ActiveCfg = Release|Win32
 		{8362A816-C5DC-4E22-B5C5-9E6806387073}.Release|Win32.Build.0 = Release|Win32
 		{8362A816-C5DC-4E22-B5C5-9E6806387073}.Release|x64.ActiveCfg = Release|x64
@@ -107,14 +67,6 @@ Global
 		{3ADE9549-582D-4D8E-9826-B172197A7959}.Debug|Win32.Build.0 = Debug|Win32
 		{3ADE9549-582D-4D8E-9826-B172197A7959}.Debug|x64.ActiveCfg = Debug|x64
 		{3ADE9549-582D-4D8E-9826-B172197A7959}.Debug|x64.Build.0 = Debug|x64
-		{3ADE9549-582D-4D8E-9826-B172197A7959}.DLL Debug|Win32.ActiveCfg = DLL Debug|Win32
-		{3ADE9549-582D-4D8E-9826-B172197A7959}.DLL Debug|Win32.Build.0 = DLL Debug|Win32
-		{3ADE9549-582D-4D8E-9826-B172197A7959}.DLL Debug|x64.ActiveCfg = DLL Debug|x64
-		{3ADE9549-582D-4D8E-9826-B172197A7959}.DLL Debug|x64.Build.0 = DLL Debug|x64
-		{3ADE9549-582D-4D8E-9826-B172197A7959}.DLL Release|Win32.ActiveCfg = DLL Release|Win32
-		{3ADE9549-582D-4D8E-9826-B172197A7959}.DLL Release|Win32.Build.0 = DLL Release|Win32
-		{3ADE9549-582D-4D8E-9826-B172197A7959}.DLL Release|x64.ActiveCfg = DLL Release|x64
-		{3ADE9549-582D-4D8E-9826-B172197A7959}.DLL Release|x64.Build.0 = DLL Release|x64
 		{3ADE9549-582D-4D8E-9826-B172197A7959}.Release|Win32.ActiveCfg = Release|Win32
 		{3ADE9549-582D-4D8E-9826-B172197A7959}.Release|Win32.Build.0 = Release|Win32
 		{3ADE9549-582D-4D8E-9826-B172197A7959}.Release|x64.ActiveCfg = Release|x64
@@ -123,14 +75,6 @@ Global
 		{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.Debug|Win32.Build.0 = Debug|Win32
 		{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.Debug|x64.ActiveCfg = Debug|x64
 		{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.Debug|x64.Build.0 = Debug|x64
-		{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.DLL Debug|Win32.ActiveCfg = DLL Debug|Win32
-		{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.DLL Debug|Win32.Build.0 = DLL Debug|Win32
-		{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.DLL Debug|x64.ActiveCfg = DLL Debug|x64
-		{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.DLL Debug|x64.Build.0 = DLL Debug|x64
-		{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.DLL Release|Win32.ActiveCfg = DLL Release|Win32
-		{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.DLL Release|Win32.Build.0 = DLL Release|Win32
-		{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.DLL Release|x64.ActiveCfg = DLL Release|x64
-		{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.DLL Release|x64.Build.0 = DLL Release|x64
 		{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.Release|Win32.ActiveCfg = Release|Win32
 		{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.Release|Win32.Build.0 = Release|Win32
 		{E9FB0BA5-BA46-4A59-A953-39C18CD1DCB1}.Release|x64.ActiveCfg = Release|x64

From b59d922d51b6926188b5a342485ef3eed3ef432a Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Wed, 8 Apr 2015 11:22:22 -0700
Subject: [PATCH 033/350] on send echde server_key_exchange only do hash(es)
 required

---
 src/internal.c | 231 +++++++++++++++++++++++++++++++++++--------------
 1 file changed, 165 insertions(+), 66 deletions(-)

diff --git a/src/internal.c b/src/internal.c
index ab13a56a5..a4ac9ddda 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -11704,6 +11704,20 @@ int DoSessionTicket(WOLFSSL* ssl,
         #endif
             word32   expSz = MAX_EXPORT_ECC_SZ;
 
+        #ifndef NO_OLD_TLS
+            byte doMd5 = 0;
+            byte doSha = 0;
+        #endif
+        #ifndef NO_SHA256
+            byte doSha256 = 0;
+        #endif
+        #ifdef WOLFSSL_SHA384
+            byte doSha384 = 0;
+        #endif
+        #ifdef WOLFSSL_SHA512
+            byte doSha512 = 0;
+        #endif
+
             if (ssl->specs.static_ecdh) {
                 WOLFSSL_MSG("Using Static ECDH, not sending ServerKeyExchagne");
                 return 0;
@@ -11832,8 +11846,66 @@ int DoSessionTicket(WOLFSSL* ssl,
             XMEMCPY(output + idx, exportBuf, expSz);
             idx += expSz;
             if (IsAtLeastTLSv1_2(ssl)) {
+                byte setHash = 0;
+
                 output[idx++] = ssl->suites->hashAlgo;
                 output[idx++] = ssl->suites->sigAlgo;
+
+                switch (ssl->suites->hashAlgo) {
+                    case sha512_mac:
+                        #ifdef WOLFSSL_SHA512
+                            doSha512 = 1;
+                            setHash  = 1;
+                        #endif
+                        break;
+
+                    case sha384_mac:
+                        #ifdef WOLFSSL_SHA384
+                            doSha384 = 1;
+                            setHash  = 1;
+                        #endif
+                        break;
+
+                    case sha256_mac:
+                        #ifndef NO_SHA256
+                            doSha256 = 1;
+                            setHash  = 1;
+                        #endif
+                        break;
+
+                    case sha_mac:
+                        #ifndef NO_OLD_TLS
+                            doSha = 1;
+                            setHash  = 1;
+                        #endif
+                        break;
+
+                    default:
+                        WOLFSSL_MSG("Bad hash sig algo");
+                        break;
+                }
+
+                if (setHash == 0) {
+                    #ifndef NO_RSA
+                        wc_FreeRsaKey(&rsaKey);
+                    #endif
+                    wc_ecc_free(&dsaKey);
+                    ERROR_OUT(ALGO_ID_E, done_a);
+                }
+            } else {
+                /* only using sha and md5 for rsa */
+                #ifndef NO_OLD_TLS
+                    doSha = 1;
+                    if (ssl->suites->sigAlgo == rsa_sa_algo) {
+                        doMd5 = 1;
+                    }
+                #else
+                    #ifndef NO_RSA
+                        wc_FreeRsaKey(&rsaKey);
+                    #endif
+                    wc_ecc_free(&dsaKey);
+                    ERROR_OUT(ALGO_ID_E, done_a);
+                #endif
             }
 
             /* Signtaure length will be written later, when we're sure what it
@@ -11899,95 +11971,115 @@ int DoSessionTicket(WOLFSSL* ssl,
         #ifndef NO_OLD_TLS
                 /* md5 */
             #ifdef WOLFSSL_SMALL_STACK
-                md5 = (Md5*)XMALLOC(sizeof(Md5), NULL, DYNAMIC_TYPE_TMP_BUFFER);
-                if (md5 == NULL)
-                    ERROR_OUT(MEMORY_E, done_a2);
+                if (doMd5) {
+                    md5 = (Md5*)XMALLOC(sizeof(Md5), NULL,
+                                        DYNAMIC_TYPE_TMP_BUFFER);
+                    if (md5 == NULL)
+                        ERROR_OUT(MEMORY_E, done_a2);
+                }
             #endif
-                wc_InitMd5(md5);
-                wc_Md5Update(md5, ssl->arrays->clientRandom, RAN_LEN);
-                wc_Md5Update(md5, ssl->arrays->serverRandom, RAN_LEN);
-                wc_Md5Update(md5, output + preSigIdx, preSigSz);
-                wc_Md5Final(md5, hash);
-
+                if (doMd5) {
+                    wc_InitMd5(md5);
+                    wc_Md5Update(md5, ssl->arrays->clientRandom, RAN_LEN);
+                    wc_Md5Update(md5, ssl->arrays->serverRandom, RAN_LEN);
+                    wc_Md5Update(md5, output + preSigIdx, preSigSz);
+                    wc_Md5Final(md5, hash);
+                }
                 /* sha */
             #ifdef WOLFSSL_SMALL_STACK
-                sha = (Sha*)XMALLOC(sizeof(Sha), NULL, DYNAMIC_TYPE_TMP_BUFFER);
-                if (sha == NULL)
-                    ERROR_OUT(MEMORY_E, done_a2);
+                if (doSha) {
+                    sha = (Sha*)XMALLOC(sizeof(Sha), NULL,
+                                        DYNAMIC_TYPE_TMP_BUFFER);
+                    if (sha == NULL)
+                        ERROR_OUT(MEMORY_E, done_a2);
+                }
             #endif
-                ret = wc_InitSha(sha);
-                if (ret != 0)
-                    goto done_a2;
-                wc_ShaUpdate(sha, ssl->arrays->clientRandom, RAN_LEN);
-                wc_ShaUpdate(sha, ssl->arrays->serverRandom, RAN_LEN);
-                wc_ShaUpdate(sha, output + preSigIdx, preSigSz);
-                wc_ShaFinal(sha, &hash[MD5_DIGEST_SIZE]);
+                if (doSha) {
+                    ret = wc_InitSha(sha);
+                    if (ret != 0) goto done_a2;
+                    wc_ShaUpdate(sha, ssl->arrays->clientRandom, RAN_LEN);
+                    wc_ShaUpdate(sha, ssl->arrays->serverRandom, RAN_LEN);
+                    wc_ShaUpdate(sha, output + preSigIdx, preSigSz);
+                    wc_ShaFinal(sha, &hash[MD5_DIGEST_SIZE]);
+                }
         #endif
 
         #ifndef NO_SHA256
             #ifdef WOLFSSL_SMALL_STACK
-                sha256 = (Sha256*)XMALLOC(sizeof(Sha256), NULL,
-                                                       DYNAMIC_TYPE_TMP_BUFFER);
-                hash256 = (byte*)XMALLOC(SHA256_DIGEST_SIZE, NULL,
-                                                       DYNAMIC_TYPE_TMP_BUFFER);
-                if (sha256 == NULL || hash256 == NULL)
-                    ERROR_OUT(MEMORY_E, done_a2);
+                if (doSha256) {
+                    sha256 = (Sha256*)XMALLOC(sizeof(Sha256), NULL,
+                                              DYNAMIC_TYPE_TMP_BUFFER);
+                    hash256 = (byte*)XMALLOC(SHA256_DIGEST_SIZE, NULL,
+                                             DYNAMIC_TYPE_TMP_BUFFER);
+                    if (sha256 == NULL || hash256 == NULL)
+                        ERROR_OUT(MEMORY_E, done_a2);
+                }
             #endif
 
-                if (!(ret = wc_InitSha256(sha256))
-                &&  !(ret = wc_Sha256Update(sha256, ssl->arrays->clientRandom,
-                                                                       RAN_LEN))
-                &&  !(ret = wc_Sha256Update(sha256, ssl->arrays->serverRandom,
-                                                                       RAN_LEN))
-                &&  !(ret = wc_Sha256Update(sha256, output + preSigIdx, preSigSz)))
-                    ret = wc_Sha256Final(sha256, hash256);
+                if (doSha256) {
+                    if (!(ret = wc_InitSha256(sha256))
+                    &&  !(ret = wc_Sha256Update(sha256,
+                                            ssl->arrays->clientRandom, RAN_LEN))
+                    &&  !(ret = wc_Sha256Update(sha256,
+                                            ssl->arrays->serverRandom, RAN_LEN))
+                    &&  !(ret = wc_Sha256Update(sha256,
+                                            output + preSigIdx, preSigSz)))
+                        ret = wc_Sha256Final(sha256, hash256);
 
-                if (ret != 0)
-                    goto done_a2;
+                    if (ret != 0) goto done_a2;
+                }
         #endif
 
         #ifdef WOLFSSL_SHA384
             #ifdef WOLFSSL_SMALL_STACK
-                sha384 = (Sha384*)XMALLOC(sizeof(Sha384), NULL,
-                                                       DYNAMIC_TYPE_TMP_BUFFER);
-                hash384 = (byte*)XMALLOC(SHA384_DIGEST_SIZE, NULL,
-                                                       DYNAMIC_TYPE_TMP_BUFFER);
-                if (sha384 == NULL || hash384 == NULL)
-                    ERROR_OUT(MEMORY_E, done_a2);
+                if (doSha384) {
+                    sha384 = (Sha384*)XMALLOC(sizeof(Sha384), NULL,
+                                              DYNAMIC_TYPE_TMP_BUFFER);
+                    hash384 = (byte*)XMALLOC(SHA384_DIGEST_SIZE, NULL,
+                                             DYNAMIC_TYPE_TMP_BUFFER);
+                    if (sha384 == NULL || hash384 == NULL)
+                        ERROR_OUT(MEMORY_E, done_a2);
+                }
             #endif
 
-                if (!(ret = wc_InitSha384(sha384))
-                &&  !(ret = wc_Sha384Update(sha384, ssl->arrays->clientRandom,
-                                                                       RAN_LEN))
-                &&  !(ret = wc_Sha384Update(sha384, ssl->arrays->serverRandom,
-                                                                       RAN_LEN))
-                &&  !(ret = wc_Sha384Update(sha384, output + preSigIdx, preSigSz)))
-                    ret = wc_Sha384Final(sha384, hash384);
+                if (doSha384) {
+                    if (!(ret = wc_InitSha384(sha384))
+                    &&  !(ret = wc_Sha384Update(sha384,
+                                            ssl->arrays->clientRandom, RAN_LEN))
+                    &&  !(ret = wc_Sha384Update(sha384,
+                                            ssl->arrays->serverRandom, RAN_LEN))
+                    &&  !(ret = wc_Sha384Update(sha384,
+                                            output + preSigIdx, preSigSz)))
+                        ret = wc_Sha384Final(sha384, hash384);
 
-                if (ret != 0)
-                    goto done_a2;
+                    if (ret != 0) goto done_a2;
+                }
         #endif
 
         #ifdef WOLFSSL_SHA512
             #ifdef WOLFSSL_SMALL_STACK
-                sha512 = (Sha512*)XMALLOC(sizeof(Sha512), NULL,
-                                                       DYNAMIC_TYPE_TMP_BUFFER);
-                hash512 = (byte*)XMALLOC(SHA512_DIGEST_SIZE, NULL,
-                                                       DYNAMIC_TYPE_TMP_BUFFER);
-                if (sha512 == NULL || hash512 == NULL)
-                    ERROR_OUT(MEMORY_E, done_a2);
+                if (doSha512) {
+                    sha512 = (Sha512*)XMALLOC(sizeof(Sha512), NULL,
+                                              DYNAMIC_TYPE_TMP_BUFFER);
+                    hash512 = (byte*)XMALLOC(SHA512_DIGEST_SIZE, NULL,
+                                             DYNAMIC_TYPE_TMP_BUFFER);
+                    if (sha512 == NULL || hash512 == NULL)
+                        ERROR_OUT(MEMORY_E, done_a2);
+                }
             #endif
 
-                if (!(ret = wc_InitSha512(sha512))
-                &&  !(ret = wc_Sha512Update(sha512, ssl->arrays->clientRandom,
-                                                                       RAN_LEN))
-                &&  !(ret = wc_Sha512Update(sha512, ssl->arrays->serverRandom,
-                                                                       RAN_LEN))
-                &&  !(ret = wc_Sha512Update(sha512, output + preSigIdx, preSigSz)))
-                    ret = wc_Sha512Final(sha512, hash512);
+                if (doSha512) {
+                    if (!(ret = wc_InitSha512(sha512))
+                    &&  !(ret = wc_Sha512Update(sha512,
+                                            ssl->arrays->clientRandom, RAN_LEN))
+                    &&  !(ret = wc_Sha512Update(sha512,
+                                            ssl->arrays->serverRandom, RAN_LEN))
+                    &&  !(ret = wc_Sha512Update(sha512,
+                                            output + preSigIdx, preSigSz)))
+                        ret = wc_Sha512Final(sha512, hash512);
 
-                if (ret != 0)
-                    goto done_a2;
+                    if (ret != 0) goto done_a2;
+                }
         #endif
 
             #ifndef NO_RSA
@@ -12040,8 +12132,15 @@ int DoSessionTicket(WOLFSSL* ssl,
                         #endif
                         }
 
-                        signSz = wc_EncodeSignature(encodedSig, digest, digestSz,
-                                                 typeH);
+                        if (digest == NULL) {
+                            #ifndef NO_RSA
+                                wc_FreeRsaKey(&rsaKey);
+                            #endif
+                            wc_ecc_free(&dsaKey);
+                            ERROR_OUT(ALGO_ID_E, done_a2);
+                        }
+                        signSz = wc_EncodeSignature(encodedSig, digest,
+                                                    digestSz, typeH);
                         signBuffer = encodedSig;
                     }
                     /* write sig size here */

From 86f2b9a98f2f07eef47594f257cf65889f0c956a Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Wed, 8 Apr 2015 13:29:25 -0700
Subject: [PATCH 034/350] turn off DTLSv1 functions for disable old tls

---
 examples/client/client.c         |  2 ++
 examples/echoclient/echoclient.c |  2 +-
 examples/echoserver/echoserver.c |  2 +-
 examples/server/server.c         |  2 ++
 src/ssl.c                        | 14 ++++++++++----
 tests/api.c                      |  6 ++++--
 6 files changed, 20 insertions(+), 8 deletions(-)

diff --git a/examples/client/client.c b/examples/client/client.c
index d7a5e82e9..cee776f57 100644
--- a/examples/client/client.c
+++ b/examples/client/client.c
@@ -495,9 +495,11 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
 #endif
 
 #ifdef WOLFSSL_DTLS
+        #ifndef NO_OLD_TLS
         case -1:
             method = wolfDTLSv1_client_method();
             break;
+        #endif
 
         case -2:
             method = wolfDTLSv1_2_client_method();
diff --git a/examples/echoclient/echoclient.c b/examples/echoclient/echoclient.c
index ff754b7e8..594d146cf 100644
--- a/examples/echoclient/echoclient.c
+++ b/examples/echoclient/echoclient.c
@@ -108,7 +108,7 @@ void echoclient_test(void* args)
 #endif
 
 #if defined(CYASSL_DTLS)
-    method  = DTLSv1_client_method();
+    method  = DTLSv1_2_client_method();
 #elif  !defined(NO_TLS)
     method = CyaSSLv23_client_method();
 #else
diff --git a/examples/echoserver/echoserver.c b/examples/echoserver/echoserver.c
index 49b3933d2..a8b1600dc 100644
--- a/examples/echoserver/echoserver.c
+++ b/examples/echoserver/echoserver.c
@@ -134,7 +134,7 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
     tcp_listen(&sockfd, &port, useAnyAddr, doDTLS);
 
 #if defined(CYASSL_DTLS)
-    method  = CyaDTLSv1_server_method();
+    method  = CyaDTLSv1_2_server_method();
 #elif  !defined(NO_TLS)
     method = CyaSSLv23_server_method();
 #else
diff --git a/examples/server/server.c b/examples/server/server.c
index df248dd6e..17ad6ed48 100644
--- a/examples/server/server.c
+++ b/examples/server/server.c
@@ -379,9 +379,11 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
 #endif
                 
 #ifdef CYASSL_DTLS
+    #ifndef NO_OLD_TLS
         case -1:
             method = DTLSv1_server_method();
             break;
+    #endif
 
         case -2:
             method = DTLSv1_2_server_method();
diff --git a/src/ssl.c b/src/ssl.c
index d907f443a..f6903707c 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -5037,6 +5037,8 @@ int wolfSSL_dtls_got_timeout(WOLFSSL* ssl)
     #endif
 
     #ifdef WOLFSSL_DTLS
+
+        #ifndef NO_OLD_TLS
         WOLFSSL_METHOD* wolfDTLSv1_client_method(void)
         {
             WOLFSSL_METHOD* method =
@@ -5047,6 +5049,7 @@ int wolfSSL_dtls_got_timeout(WOLFSSL* ssl)
                 InitSSL_Method(method, MakeDTLSv1());
             return method;
         }
+        #endif  /* NO_OLD_TLS */
 
         WOLFSSL_METHOD* wolfDTLSv1_2_client_method(void)
         {
@@ -5315,11 +5318,13 @@ int wolfSSL_dtls_got_timeout(WOLFSSL* ssl)
 
 
     #ifdef WOLFSSL_DTLS
+
+        #ifndef NO_OLD_TLS
         WOLFSSL_METHOD* wolfDTLSv1_server_method(void)
         {
             WOLFSSL_METHOD* method =
-                              (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), 0,
-                                                       DYNAMIC_TYPE_METHOD);
+                              (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD),
+                                                        0, DYNAMIC_TYPE_METHOD);
             WOLFSSL_ENTER("DTLSv1_server_method");
             if (method) {
                 InitSSL_Method(method, MakeDTLSv1());
@@ -5327,12 +5332,13 @@ int wolfSSL_dtls_got_timeout(WOLFSSL* ssl)
             }
             return method;
         }
+        #endif /* NO_OLD_TLS */
 
         WOLFSSL_METHOD* wolfDTLSv1_2_server_method(void)
         {
             WOLFSSL_METHOD* method =
-                              (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), 0,
-                                                       DYNAMIC_TYPE_METHOD);
+                              (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD),
+                                                        0, DYNAMIC_TYPE_METHOD);
             WOLFSSL_ENTER("DTLSv1_2_server_method");
             if (method) {
                 InitSSL_Method(method, MakeDTLSv1_2());
diff --git a/tests/api.c b/tests/api.c
index 6ccd80b7d..216a9addf 100644
--- a/tests/api.c
+++ b/tests/api.c
@@ -113,8 +113,10 @@ static void test_wolfSSL_Method_Allocators(void)
     TEST_VALID_METHOD_ALLOCATOR(wolfSSLv23_client_method);
 
 #ifdef WOLFSSL_DTLS
-    TEST_VALID_METHOD_ALLOCATOR(wolfDTLSv1_server_method);
-    TEST_VALID_METHOD_ALLOCATOR(wolfDTLSv1_client_method);
+    #ifndef NO_OLD_TLS
+        TEST_VALID_METHOD_ALLOCATOR(wolfDTLSv1_server_method);
+        TEST_VALID_METHOD_ALLOCATOR(wolfDTLSv1_client_method);
+    #endif
     TEST_VALID_METHOD_ALLOCATOR(wolfDTLSv1_2_server_method);
     TEST_VALID_METHOD_ALLOCATOR(wolfDTLSv1_2_client_method);
 #endif

From edd6b91b56a4a9dbab8b7932b3bd1b7101f8e14c Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Thu, 9 Apr 2015 09:58:16 -0700
Subject: [PATCH 035/350] on send dhe server_key_exchange only do hash(es)
 required

---
 src/internal.c | 229 ++++++++++++++++++++++++++++++++++---------------
 1 file changed, 160 insertions(+), 69 deletions(-)

diff --git a/src/internal.c b/src/internal.c
index a4ac9ddda..bf89d54a2 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -12477,10 +12477,76 @@ int DoSessionTicket(WOLFSSL* ssl,
             #endif
         #endif
 
+        #ifndef NO_OLD_TLS
+            byte doMd5 = 0;
+            byte doSha = 0;
+        #endif
+        #ifndef NO_SHA256
+            byte doSha256 = 0;
+        #endif
+        #ifdef WOLFSSL_SHA384
+            byte doSha384 = 0;
+        #endif
+        #ifdef WOLFSSL_SHA512
+            byte doSha512 = 0;
+        #endif
+
             /* Add hash/signature algo ID */
             if (IsAtLeastTLSv1_2(ssl)) {
+                byte setHash = 0;
+
                 output[idx++] = ssl->suites->hashAlgo;
                 output[idx++] = ssl->suites->sigAlgo;
+
+                switch (ssl->suites->hashAlgo) {
+                    case sha512_mac:
+                        #ifdef WOLFSSL_SHA512
+                            doSha512 = 1;
+                            setHash  = 1;
+                        #endif
+                        break;
+
+                    case sha384_mac:
+                        #ifdef WOLFSSL_SHA384
+                            doSha384 = 1;
+                            setHash  = 1;
+                        #endif
+                        break;
+
+                    case sha256_mac:
+                        #ifndef NO_SHA256
+                            doSha256 = 1;
+                            setHash  = 1;
+                        #endif
+                        break;
+
+                    case sha_mac:
+                        #ifndef NO_OLD_TLS
+                            doSha = 1;
+                            setHash  = 1;
+                        #endif
+                        break;
+
+                    default:
+                        WOLFSSL_MSG("Bad hash sig algo");
+                        break;
+                }
+
+                if (setHash == 0) {
+                    wc_FreeRsaKey(&rsaKey);
+                    return ALGO_ID_E;
+                }
+            } else {
+                /* only using sha and md5 for rsa */
+                #ifndef NO_OLD_TLS
+                    doSha = 1;
+                    if (ssl->suites->sigAlgo == rsa_sa_algo) {
+                        doMd5 = 1;
+                    }
+                #else
+                    wc_FreeRsaKey(&rsaKey);
+                    return ALGO_ID_E;
+                #endif
             }
 
             /* signature size */
@@ -12500,96 +12566,117 @@ int DoSessionTicket(WOLFSSL* ssl,
         #ifndef NO_OLD_TLS
                 /* md5 */
             #ifdef WOLFSSL_SMALL_STACK
-                md5 = (Md5*)XMALLOC(sizeof(Md5), NULL, DYNAMIC_TYPE_TMP_BUFFER);
-                if (md5 == NULL)
-                    ERROR_OUT(MEMORY_E, done_b);
+                if (doMd5) {
+                    md5 = (Md5*)XMALLOC(sizeof(Md5), NULL,
+                                        DYNAMIC_TYPE_TMP_BUFFER);
+                    if (md5 == NULL)
+                        ERROR_OUT(MEMORY_E, done_b);
+                }
             #endif
-                wc_InitMd5(md5);
-                wc_Md5Update(md5, ssl->arrays->clientRandom, RAN_LEN);
-                wc_Md5Update(md5, ssl->arrays->serverRandom, RAN_LEN);
-                wc_Md5Update(md5, output + preSigIdx, preSigSz);
-                wc_Md5Final(md5, hash);
+                if (doMd5) {
+                    wc_InitMd5(md5);
+                    wc_Md5Update(md5, ssl->arrays->clientRandom, RAN_LEN);
+                    wc_Md5Update(md5, ssl->arrays->serverRandom, RAN_LEN);
+                    wc_Md5Update(md5, output + preSigIdx, preSigSz);
+                    wc_Md5Final(md5, hash);
+                }
 
                 /* sha */
             #ifdef WOLFSSL_SMALL_STACK
-                sha = (Sha*)XMALLOC(sizeof(Sha), NULL, DYNAMIC_TYPE_TMP_BUFFER);
-                if (sha == NULL)
-                    ERROR_OUT(MEMORY_E, done_b);
+                if (doSha) {
+                    sha = (Sha*)XMALLOC(sizeof(Sha), NULL,
+                                        DYNAMIC_TYPE_TMP_BUFFER);
+                    if (sha == NULL)
+                        ERROR_OUT(MEMORY_E, done_b);
+                }
             #endif
 
-                if ((ret = wc_InitSha(sha)) != 0)
-                    goto done_b;
-
-                wc_ShaUpdate(sha, ssl->arrays->clientRandom, RAN_LEN);
-                wc_ShaUpdate(sha, ssl->arrays->serverRandom, RAN_LEN);
-                wc_ShaUpdate(sha, output + preSigIdx, preSigSz);
-                wc_ShaFinal(sha, &hash[MD5_DIGEST_SIZE]);
+                if (doSha) {
+                    if ((ret = wc_InitSha(sha)) != 0)
+                        goto done_b;
+                    wc_ShaUpdate(sha, ssl->arrays->clientRandom, RAN_LEN);
+                    wc_ShaUpdate(sha, ssl->arrays->serverRandom, RAN_LEN);
+                    wc_ShaUpdate(sha, output + preSigIdx, preSigSz);
+                    wc_ShaFinal(sha, &hash[MD5_DIGEST_SIZE]);
+                }
         #endif
 
         #ifndef NO_SHA256
             #ifdef WOLFSSL_SMALL_STACK
-                sha256 = (Sha256*)XMALLOC(sizeof(Sha256), NULL,
-                                                       DYNAMIC_TYPE_TMP_BUFFER);
-                hash256 = (byte*)XMALLOC(SHA256_DIGEST_SIZE, NULL,
-                                                       DYNAMIC_TYPE_TMP_BUFFER);
-                if (sha256 == NULL || hash256 == NULL)
-                    ERROR_OUT(MEMORY_E, done_b);
+                if (doSha256) {
+                    sha256 = (Sha256*)XMALLOC(sizeof(Sha256), NULL,
+                                              DYNAMIC_TYPE_TMP_BUFFER);
+                    hash256 = (byte*)XMALLOC(SHA256_DIGEST_SIZE, NULL,
+                                             DYNAMIC_TYPE_TMP_BUFFER);
+                    if (sha256 == NULL || hash256 == NULL)
+                        ERROR_OUT(MEMORY_E, done_b);
+                }
             #endif
 
-                if (!(ret = wc_InitSha256(sha256))
-                &&  !(ret = wc_Sha256Update(sha256, ssl->arrays->clientRandom,
-                                                                       RAN_LEN))
-                &&  !(ret = wc_Sha256Update(sha256, ssl->arrays->serverRandom,
-                                                                       RAN_LEN))
-                &&  !(ret = wc_Sha256Update(sha256, output + preSigIdx, preSigSz)))
-                    ret = wc_Sha256Final(sha256, hash256);
+                if (doSha256) {
+                    if (!(ret = wc_InitSha256(sha256))
+                    &&  !(ret = wc_Sha256Update(sha256,
+                                            ssl->arrays->clientRandom, RAN_LEN))
+                    &&  !(ret = wc_Sha256Update(sha256,
+                                            ssl->arrays->serverRandom, RAN_LEN))
+                    &&  !(ret = wc_Sha256Update(sha256,
+                                            output + preSigIdx, preSigSz)))
+                        ret = wc_Sha256Final(sha256, hash256);
 
-                if (ret != 0)
-                    goto done_b;
+                    if (ret != 0) goto done_b;
+                }
             #endif
 
         #ifdef WOLFSSL_SHA384
             #ifdef WOLFSSL_SMALL_STACK
-                sha384 = (Sha384*)XMALLOC(sizeof(Sha384), NULL,
-                                                       DYNAMIC_TYPE_TMP_BUFFER);
-                hash384 = (byte*)XMALLOC(SHA384_DIGEST_SIZE, NULL,
-                                                       DYNAMIC_TYPE_TMP_BUFFER);
-                if (sha384 == NULL || hash384 == NULL)
-                    ERROR_OUT(MEMORY_E, done_b);
+                if (doSha384) {
+                    sha384 = (Sha384*)XMALLOC(sizeof(Sha384), NULL,
+                                              DYNAMIC_TYPE_TMP_BUFFER);
+                    hash384 = (byte*)XMALLOC(SHA384_DIGEST_SIZE, NULL,
+                                             DYNAMIC_TYPE_TMP_BUFFER);
+                    if (sha384 == NULL || hash384 == NULL)
+                        ERROR_OUT(MEMORY_E, done_b);
+                }
             #endif
 
-                if (!(ret = wc_InitSha384(sha384))
-                &&  !(ret = wc_Sha384Update(sha384, ssl->arrays->clientRandom,
-                                                                       RAN_LEN))
-                &&  !(ret = wc_Sha384Update(sha384, ssl->arrays->serverRandom,
-                                                                       RAN_LEN))
-                &&  !(ret = wc_Sha384Update(sha384, output + preSigIdx, preSigSz)))
-                    ret = wc_Sha384Final(sha384, hash384);
+                if (doSha384) {
+                    if (!(ret = wc_InitSha384(sha384))
+                    &&  !(ret = wc_Sha384Update(sha384,
+                                            ssl->arrays->clientRandom, RAN_LEN))
+                    &&  !(ret = wc_Sha384Update(sha384,
+                                            ssl->arrays->serverRandom, RAN_LEN))
+                    &&  !(ret = wc_Sha384Update(sha384,
+                                            output + preSigIdx, preSigSz)))
+                        ret = wc_Sha384Final(sha384, hash384);
 
-                if (ret != 0)
-                    goto done_b;
+                    if (ret != 0) goto done_b;
+                }
         #endif
 
         #ifdef WOLFSSL_SHA512
             #ifdef WOLFSSL_SMALL_STACK
-                sha512 = (Sha512*)XMALLOC(sizeof(Sha512), NULL,
-                                                       DYNAMIC_TYPE_TMP_BUFFER);
-                hash512 = (byte*)XMALLOC(SHA512_DIGEST_SIZE, NULL,
-                                                       DYNAMIC_TYPE_TMP_BUFFER);
-                if (sha512 == NULL || hash512 == NULL)
-                    ERROR_OUT(MEMORY_E, done_b);
+                if (doSha512) {
+                    sha512 = (Sha512*)XMALLOC(sizeof(Sha512), NULL,
+                                              DYNAMIC_TYPE_TMP_BUFFER);
+                    hash512 = (byte*)XMALLOC(SHA512_DIGEST_SIZE, NULL,
+                                             DYNAMIC_TYPE_TMP_BUFFER);
+                    if (sha512 == NULL || hash512 == NULL)
+                        ERROR_OUT(MEMORY_E, done_b);
+                }
             #endif
 
-                if (!(ret = wc_InitSha512(sha512))
-                &&  !(ret = wc_Sha512Update(sha512, ssl->arrays->clientRandom,
-                                                                       RAN_LEN))
-                &&  !(ret = wc_Sha512Update(sha512, ssl->arrays->serverRandom,
-                                                                       RAN_LEN))
-                &&  !(ret = wc_Sha512Update(sha512, output + preSigIdx, preSigSz)))
-                    ret = wc_Sha512Final(sha512, hash512);
+                if (doSha512) {
+                    if (!(ret = wc_InitSha512(sha512))
+                    &&  !(ret = wc_Sha512Update(sha512,
+                                            ssl->arrays->clientRandom, RAN_LEN))
+                    &&  !(ret = wc_Sha512Update(sha512,
+                                            ssl->arrays->serverRandom, RAN_LEN))
+                    &&  !(ret = wc_Sha512Update(sha512,
+                                            output + preSigIdx, preSigSz)))
+                        ret = wc_Sha512Final(sha512, hash512);
 
-                if (ret != 0)
-                    goto done_b;
+                    if (ret != 0) goto done_b;
+                }
         #endif
 
             #ifndef NO_RSA
@@ -12642,11 +12729,15 @@ int DoSessionTicket(WOLFSSL* ssl,
                         #endif
                         }
 
-                        signSz = wc_EncodeSignature(encodedSig, digest, digestSz,
-                                                 typeH);
-                        signBuffer = encodedSig;
+                        if (digest == NULL) {
+                            ret = ALGO_ID_E;
+                        } else {
+                            signSz = wc_EncodeSignature(encodedSig, digest,
+                                                        digestSz, typeH);
+                            signBuffer = encodedSig;
+                        }
                     }
-                    if (doUserRsa) {
+                    if (doUserRsa && ret == 0) {
                     #ifdef HAVE_PK_CALLBACKS
                         word32 ioLen = sigSz;
                         ret = ssl->ctx->RsaSignCb(ssl, signBuffer, signSz,
@@ -12655,10 +12746,10 @@ int DoSessionTicket(WOLFSSL* ssl,
                                                   ssl->buffers.key.length,
                                                   ssl->RsaSignCtx);
                     #endif
-                    }
-                    else
+                    } else if (ret == 0) {
                         ret = wc_RsaSSL_Sign(signBuffer, signSz, output + idx,
                                           sigSz, &rsaKey, ssl->rng);
+                    }
 
                     wc_FreeRsaKey(&rsaKey);
 

From c1adae2fe42e7eb563d259d8c69a8cb202e64d86 Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Fri, 10 Apr 2015 08:06:59 -0700
Subject: [PATCH 036/350] moved FOURK_BUF constant to top of file

---
 wolfcrypt/test/test.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c
index 02518c06b..ab617ca47 100644
--- a/wolfcrypt/test/test.c
+++ b/wolfcrypt/test/test.c
@@ -210,6 +210,9 @@ int pbkdf2_test(void);
 #endif
 
 
+/* General big buffer size for many tests. */ 
+#define FOURK_BUF 4096
+
 
 static int err_sys(const char* msg, int es)
 
@@ -3303,9 +3306,6 @@ byte GetEntropy(ENTROPY_CMD cmd, byte* out)
 #endif
 
 
-
-#define FOURK_BUF 4096
-
 int rsa_test(void)
 {
     byte*   tmp;

From d40fbd58f42e472c0e114de8b21a2f230c4cd5ab Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Fri, 10 Apr 2015 10:37:25 -0700
Subject: [PATCH 037/350] fix pkcs7 warning

---
 wolfcrypt/src/pkcs7.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c
index babb7b9dd..84f5e3885 100644
--- a/wolfcrypt/src/pkcs7.c
+++ b/wolfcrypt/src/pkcs7.c
@@ -1016,7 +1016,7 @@ WOLFSSL_LOCAL int wc_CreateRecipientInfo(const byte* cert, word32 certSz,
     issuerSz    = decoded->issuerRawLen;
     issuerSeqSz = SetSequence(issuerSz, issuerSeq);
 
-    if (decoded->serial == NULL || decoded->serialSz == 0) {
+    if (decoded->serialSz == 0) {
         WOLFSSL_MSG("DecodedCert missing serial number");
         FreeDecodedCert(decoded);
 #ifdef WOLFSSL_SMALL_STACK

From ecfcc533c8bb391db374a9ab5204ec97cdcf9afe Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Fri, 10 Apr 2015 10:38:31 -0700
Subject: [PATCH 038/350] add library version getters

---
 src/ssl.c     | 15 +++++++++++++++
 wolfssl/ssl.h |  5 +++++
 2 files changed, 20 insertions(+)

diff --git a/src/ssl.c b/src/ssl.c
index f6903707c..d91092294 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -9139,6 +9139,21 @@ const char* wolfSSL_get_version(WOLFSSL* ssl)
     return "unknown";
 }
 
+
+/* current library version */
+const char* wolfSSL_lib_version(void)
+{
+    return LIBWOLFSSL_VERSION_STRING;
+}
+
+
+/* current library version in hex */
+word32 wolfSSL_lib_version_hex(void)
+{
+    return LIBWOLFSSL_VERSION_HEX;
+}
+
+
 int wolfSSL_get_current_cipher_suite(WOLFSSL* ssl)
 {
     WOLFSSL_ENTER("SSL_get_current_cipher_suite");
diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h
index a5e0a64d8..8c8adf280 100644
--- a/wolfssl/ssl.h
+++ b/wolfssl/ssl.h
@@ -813,6 +813,11 @@ WOLFSSL_API int wolfSSL_Init(void);
 /* call when done to cleanup/free session cache mutex / resources  */
 WOLFSSL_API int wolfSSL_Cleanup(void);
 
+/* which library version do we have */
+WOLFSSL_API const char* wolfSSL_lib_version(void);
+/* which library version do we have in hex */
+WOLFSSL_API unsigned int wolfSSL_lib_version_hex(void);
+
 /* turn logging on, only if compiled in */
 WOLFSSL_API int  wolfSSL_Debugging_ON(void);
 /* turn logging off */

From 7d213011c13af4918742d4714c0158c39d675b52 Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Sat, 11 Apr 2015 08:47:13 -0700
Subject: [PATCH 039/350] fix fips make dist for misc.c

---
 cyassl/ctaocrypt/include.am | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/cyassl/ctaocrypt/include.am b/cyassl/ctaocrypt/include.am
index 23d393db8..c30b26fa7 100644
--- a/cyassl/ctaocrypt/include.am
+++ b/cyassl/ctaocrypt/include.am
@@ -1,6 +1,8 @@
 # vim:ft=automake
 # All paths should be given relative to the root
 
+EXTRA_DIST+= ctaocrypt/src/misc.c
+
 nobase_include_HEADERS+= \
                          cyassl/ctaocrypt/aes.h \
                          cyassl/ctaocrypt/arc4.h \

From 7e9a5fb8ee9ab4df2acfb3efbfb3dc7db7752ded Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Sun, 12 Apr 2015 11:01:16 -0700
Subject: [PATCH 040/350] remove poly/chacha from fips build

---
 configure.ac | 100 +++++++++++++++++++++++++++++----------------------
 1 file changed, 58 insertions(+), 42 deletions(-)

diff --git a/configure.ac b/configure.ac
index cdad2c153..d6e803416 100644
--- a/configure.ac
+++ b/configure.ac
@@ -437,27 +437,6 @@ fi
 AM_CONDITIONAL([BUILD_AESNI], [test "x$ENABLED_AESNI" = "xyes"])
 
 
-# POLY1305
-AC_ARG_ENABLE([poly1305],
-    [AS_HELP_STRING([--enable-poly1305],[Enable wolfSSL POLY1305 support (default: enabled)])],
-    [ ENABLED_POLY1305=$enableval ],
-    [ ENABLED_POLY1305=yes ]
-    )
-
-# lean psk does't need poly1305
-if test "$ENABLED_LEANPSK" = "yes"
-then
-    ENABLED_POLY1305=no
-fi
-
-if test "$ENABLED_POLY1305" = "yes"
-then
-    AM_CFLAGS="$AM_CFLAGS -DHAVE_POLY1305 -DHAVE_ONE_TIME_AUTH"
-fi
-
-AM_CONDITIONAL([BUILD_POLY1305], [test "x$ENABLED_POLY1305" = "xyes"])
-
-
 # Camellia
 AC_ARG_ENABLE([camellia],
     [  --enable-camellia       Enable wolfSSL Camellia support (default: disabled)],
@@ -1194,27 +1173,6 @@ fi
 AM_CONDITIONAL([BUILD_RABBIT], [test "x$ENABLED_RABBIT" = "xyes"])
 
 
-# CHACHA
-AC_ARG_ENABLE([chacha],
-    [  --enable-chacha         Enable CHACHA (default: enabled)],
-    [ ENABLED_CHACHA=$enableval ],
-    [ ENABLED_CHACHA=yes ]
-    )
-
-# lean psk does't need chacha
-if test "$ENABLED_LEANPSK" = "yes"
-then
-    ENABLED_CHACHA=no
-fi
-
-if test "$ENABLED_CHACHA" = "yes"
-then
-    AM_CFLAGS="$AM_CFLAGS -DHAVE_CHACHA"
-fi
-
-AM_CONDITIONAL([BUILD_CHACHA], [test "x$ENABLED_CHACHA" = "xyes"])
-
-
 # FIPS
 AC_ARG_ENABLE([fips],
     [AS_HELP_STRING([--enable-fips],[Enable FIPS 140-2, Will NOT work w/o FIPS license (default: disabled)])],
@@ -1249,6 +1207,64 @@ fi
 AM_CONDITIONAL([BUILD_FIPS], [test "x$ENABLED_FIPS" = "xyes"])
 
 
+# set POLY1305 default
+POLY1305_DEFAULT=yes
+
+if test "x$ENABLED_FIPS" = "xyes"
+then
+POLY1305_DEFAULT=no
+fi
+
+# POLY1305
+AC_ARG_ENABLE([poly1305],
+    [AS_HELP_STRING([--enable-poly1305],[Enable wolfSSL POLY1305 support (default: enabled)])],
+    [ ENABLED_POLY1305=$enableval ],
+    [ ENABLED_POLY1305=$POLY1305_DEFAULT]
+    )
+
+# lean psk does't need poly1305
+if test "$ENABLED_LEANPSK" = "yes"
+then
+    ENABLED_POLY1305=no
+fi
+
+if test "$ENABLED_POLY1305" = "yes"
+then
+    AM_CFLAGS="$AM_CFLAGS -DHAVE_POLY1305 -DHAVE_ONE_TIME_AUTH"
+fi
+
+AM_CONDITIONAL([BUILD_POLY1305], [test "x$ENABLED_POLY1305" = "xyes"])
+
+
+# set CHACHA default
+CHACHA_DEFAULT=yes
+
+if test "x$ENABLED_FIPS" = "xyes"
+then
+CHACHA_DEFAULT=no
+fi
+
+# CHACHA
+AC_ARG_ENABLE([chacha],
+    [  --enable-chacha         Enable CHACHA (default: enabled)],
+    [ ENABLED_CHACHA=$enableval ],
+    [ ENABLED_CHACHA=$CHACHA_DEFAULT]
+    )
+
+# lean psk does't need chacha
+if test "$ENABLED_LEANPSK" = "yes"
+then
+    ENABLED_CHACHA=no
+fi
+
+if test "$ENABLED_CHACHA" = "yes"
+then
+    AM_CFLAGS="$AM_CFLAGS -DHAVE_CHACHA"
+fi
+
+AM_CONDITIONAL([BUILD_CHACHA], [test "x$ENABLED_CHACHA" = "xyes"])
+
+
 # Hash DRBG
 AC_ARG_ENABLE([hashdrbg],
     [  --enable-hashdrbg       Enable Hash DRBG support (default: enabled)],

From ceeb3d007e65c9eca2e0725b927f44cddb5ccf07 Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Mon, 13 Apr 2015 12:01:21 -0700
Subject: [PATCH 041/350] fix github issue #65, don't output (N)DEBUG to
 options.h

---
 configure.ac | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/configure.ac b/configure.ac
index d6e803416..2a5c63911 100644
--- a/configure.ac
+++ b/configure.ac
@@ -2000,6 +2000,12 @@ for option in $OPTION_FLAGS; do
     if test "$defonly" != "$option"
     then
         noequalsign=`echo $defonly | sed 's/=/ /'`
+        if test "$noequalsign" = "NDEBUG" || test "$noequalsign" = "DEBUG"
+        then
+            echo "not outputing (N)DEBUG to $OPTION_FILE"
+            continue
+        fi
+
         echo "#undef  $noequalsign" >> $OPTION_FILE 
         echo "#define $noequalsign" >> $OPTION_FILE 
         echo "" >> $OPTION_FILE 

From 1f8701540d854f70975c32091fab1372dcacaf58 Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Tue, 14 Apr 2015 12:35:24 -0700
Subject: [PATCH 042/350] change SESSION_STATS to PRINT_SESSION_STATS, will add
 WOLFSSL_SESSION_STATS

---
 cyassl/ssl.h                     | 1 +
 examples/echoserver/echoserver.c | 8 ++------
 src/ssl.c                        | 4 ++--
 wolfssl/ssl.h                    | 2 ++
 4 files changed, 7 insertions(+), 8 deletions(-)

diff --git a/cyassl/ssl.h b/cyassl/ssl.h
index 2fced9224..eadf29681 100644
--- a/cyassl/ssl.h
+++ b/cyassl/ssl.h
@@ -615,6 +615,7 @@
 #define CyaSSL_connect_cert       wolfSSL_connect_cert
 #define CyaSSL_flush_sessions     wolfSSL_flush_sessions
 #define CyaSSL_get_using_nonblock wolfSSL_get_using_nonblock
+#define CyaSSL_PrintSessionStats  wolfSSL_PrintSessionStats
 
 /* DTLS Specific */
 #define CyaSSL_dtls                     wolfSSL_dtls
diff --git a/examples/echoserver/echoserver.c b/examples/echoserver/echoserver.c
index a8b1600dc..c71ee3400 100644
--- a/examples/echoserver/echoserver.c
+++ b/examples/echoserver/echoserver.c
@@ -54,10 +54,6 @@
 #include "examples/echoserver/echoserver.h"
 
 
-#ifdef SESSION_STATS
-    CYASSL_API void PrintSessionStats(void);
-#endif
-
 #define SVR_COMMAND_SIZE 256
 
 static void SignalReady(void* args, word16 port)
@@ -275,9 +271,9 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
                 printf("client sent break command: closing session!\n");
                 break;
             }
-#ifdef SESSION_STATS
+#ifdef PRINT_SESSION_STATS
             if ( strncmp(command, "printstats", 10) == 0) {
-                PrintSessionStats();
+                CyaSSL_PrintSessionStats();
                 break;
             }
 #endif
diff --git a/src/ssl.c b/src/ssl.c
index d91092294..04a130a57 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -5979,10 +5979,10 @@ WOLFSSL_X509_CHAIN* wolfSSL_SESSION_get_peer_chain(WOLFSSL_SESSION* session)
 #endif /* SESSION_INDEX && SESSION_CERTS */
 
 
-    #ifdef SESSION_STATS
+    #ifdef PRINT_SESSION_STATS
 
     WOLFSSL_API
-    void PrintSessionStats(void)
+    void wolfSSL_PrintSessionStats(void)
     {
         word32 totalSessionsSeen = 0;
         word32 totalSessionsNow = 0;
diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h
index 8c8adf280..dafa4b16b 100644
--- a/wolfssl/ssl.h
+++ b/wolfssl/ssl.h
@@ -1375,6 +1375,8 @@ WOLFSSL_API int wolfSSL_set_SessionTicket_cb(WOLFSSL*,
 #define WOLFSSL_CRL_MONITOR   0x01   /* monitor this dir flag */
 #define WOLFSSL_CRL_START_MON 0x02   /* start monitoring flag */
 
+WOLFSSL_API
+void wolfSSL_PrintSessionStats(void);
 
 /* External facing KDF */
 WOLFSSL_API

From 3a6f08b04a73b36f56d7bcae96a33c38eb701553 Mon Sep 17 00:00:00 2001
From: kaleb-himes <kaleb@wolfssl.com>
Date: Tue, 14 Apr 2015 13:48:57 -0600
Subject: [PATCH 043/350] update old CYASSL comment

---
 wolfssl/certs_test.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/wolfssl/certs_test.h b/wolfssl/certs_test.h
index c7ac60370..f6c9d17ab 100644
--- a/wolfssl/certs_test.h
+++ b/wolfssl/certs_test.h
@@ -1215,5 +1215,5 @@ static const unsigned char dh_g[] =
 };
 
 
-#endif /* CYASSL_CERTS_TEST_H */
+#endif /* WOLFSSL_CERTS_TEST_H */
 

From 05b8e1274dda430640ac12be4238730528867801 Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Wed, 15 Apr 2015 13:17:33 -0700
Subject: [PATCH 044/350] add WOLFSSL_SESSION_STATS and optionally
 WOLFSSL_PEAK_SESSIONS which will slow down servers under load

---
 src/ssl.c     | 148 ++++++++++++++++++++++++++++++++++++++++++++------
 wolfssl/ssl.h |   8 ++-
 2 files changed, 137 insertions(+), 19 deletions(-)

diff --git a/src/ssl.c b/src/ssl.c
index 04a130a57..d6cdaff33 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -2003,6 +2003,10 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, buffer der, int type, int verify)
 
     static SessionRow SessionCache[SESSION_ROWS];
 
+    #if defined(WOLFSSL_SESSION_STATS) && defined(WOLFSSL_PEAK_SESSIONS)
+        static word32 PeakSessions;
+    #endif
+
     static wolfSSL_Mutex session_mutex;   /* SessionCache mutex */
 
     #ifndef NO_CLIENT_CACHE
@@ -5833,6 +5837,11 @@ int SetSession(WOLFSSL* ssl, WOLFSSL_SESSION* session)
 }
 
 
+#ifdef WOLFSSL_SESSION_STATS
+static int get_locked_session_stats(word32* active, word32* total,
+                                    word32* peak);
+#endif
+
 int AddSession(WOLFSSL* ssl)
 {
     word32 row, idx;
@@ -5916,6 +5925,20 @@ int AddSession(WOLFSSL* ssl)
         SessionCache[row].Sessions[idx].idLen = 0;
 #endif /* NO_CLIENT_CACHE */
 
+#if defined(WOLFSSL_SESSION_STATS) && defined(WOLFSSL_PEAK_SESSIONS)
+    if (error == 0) {
+        word32 active = 0;
+
+        error = get_locked_session_stats(&active, NULL, NULL);
+        if (error == SSL_SUCCESS) {
+            error = 0;  /* back to this function ok */
+
+            if (active > PeakSessions)
+                PeakSessions = active;
+        }
+    }
+#endif /* defined(WOLFSSL_SESSION_STATS) && defined(WOLFSSL_PEAK_SESSIONS) */
+
     if (UnLockMutex(&session_mutex) != 0)
         return BAD_MUTEX_E;
 
@@ -5979,33 +6002,124 @@ WOLFSSL_X509_CHAIN* wolfSSL_SESSION_get_peer_chain(WOLFSSL_SESSION* session)
 #endif /* SESSION_INDEX && SESSION_CERTS */
 
 
+#ifdef WOLFSSL_SESSION_STATS
+
+/* requires session_mutex lock held, SSL_SUCCESS on ok */
+static int get_locked_session_stats(word32* active, word32* total, word32* peak){
+    int result = SSL_SUCCESS;
+    int i;
+    int count;
+    int idx;
+    word32 now   = 0;
+    word32 seen  = 0;
+    word32 ticks = LowResTimer();
+
+    (void)peak;
+
+    WOLFSSL_ENTER("get_locked_session_stats");
+
+    for (i = 0; i < SESSION_ROWS; i++) {
+        seen += SessionCache[i].totalCount;
+
+        if (active == NULL)
+            continue;  /* no need to calculate what we can't set */
+
+        count = min((word32)SessionCache[i].totalCount, SESSIONS_PER_ROW);
+        idx   = SessionCache[i].nextIdx - 1;
+        if (idx < 0)
+            idx = SESSIONS_PER_ROW - 1; /* if back to front previous was end */
+
+        for(; count > 0; --count, idx = idx ? idx - 1 : SESSIONS_PER_ROW - 1) {
+            if (idx >= SESSIONS_PER_ROW || idx < 0) {  /* sanity check */
+                WOLFSSL_MSG("Bad idx");
+                break;
+            }
+
+            /* if not expried then good */
+            if (ticks < (SessionCache[i].Sessions[idx].bornOn +
+                         SessionCache[i].Sessions[idx].timeout) ) {
+                now++;
+            }
+        }
+    }
+
+    if (active)
+        *active = now;
+
+    if (total)
+        *total = seen;
+
+#ifdef WOLFSSL_PEAK_SESSIONS
+    if (peak)
+        *peak = PeakSessions;
+#endif
+
+    WOLFSSL_LEAVE("get_locked_session_stats", result);
+
+    return result;
+}
+
+
+/* return SSL_SUCCESS on ok */
+int wolfSSL_get_session_stats(word32* active, word32* total, word32* peak,
+                              word32* maxSessions)
+{
+    int result = SSL_SUCCESS;
+
+    WOLFSSL_ENTER("wolfSSL_get_session_stats");
+
+    if (maxSessions) {
+        *maxSessions = SESSIONS_PER_ROW * SESSION_ROWS;
+
+        if (active == NULL && total == NULL && peak == NULL)
+            return result;  /* we're done */
+    }
+
+    /* user must provide at least one query value */
+    if (active == NULL && total == NULL && peak == NULL)
+        return BAD_FUNC_ARG;
+
+    if (LockMutex(&session_mutex) != 0) {
+        return BAD_MUTEX_E;
+    }
+
+    result = get_locked_session_stats(active, total, peak);
+
+    if (UnLockMutex(&session_mutex) != 0)
+        result = BAD_MUTEX_E;
+
+    WOLFSSL_LEAVE("wolfSSL_get_session_stats", result);
+
+    return result;
+}
+
+#endif /* WOLFSSL_SESSION_STATS */
+
+
     #ifdef PRINT_SESSION_STATS
 
-    WOLFSSL_API
-    void wolfSSL_PrintSessionStats(void)
+    /* SSL_SUCCESS on ok */
+    int wolfSSL_PrintSessionStats(void)
     {
         word32 totalSessionsSeen = 0;
         word32 totalSessionsNow = 0;
-        word32 rowNow;
+        word32 peak = 0;
+        word32 maxSessions = 0;
         int    i;
+        int    ret;
         double E;               /* expected freq */
         double chiSquare = 0;
 
-        for (i = 0; i < SESSION_ROWS; i++) {
-            totalSessionsSeen += SessionCache[i].totalCount;
-
-            if (SessionCache[i].totalCount >= SESSIONS_PER_ROW)
-                rowNow = SESSIONS_PER_ROW;
-            else if (SessionCache[i].nextIdx == 0)
-                rowNow = 0;
-            else
-                rowNow = SessionCache[i].nextIdx;
-
-            totalSessionsNow += rowNow;
-        }
-
+        ret = wolfSSL_get_session_stats(&totalSessionsNow, &totalSessionsSeen,
+                                        &peak, &maxSessions);
+        if (ret != SSL_SUCCESS)
+            return ret;
         printf("Total Sessions Seen = %d\n", totalSessionsSeen);
         printf("Total Sessions Now  = %d\n", totalSessionsNow);
+#ifdef WOLFSSL_PEAK_SESSIONS
+        printf("Peak  Sessions      = %d\n", peak);
+#endif
+        printf("Max   Sessions      = %d\n", maxSessions);
 
         E = (double)totalSessionsSeen / SESSION_ROWS;
 
@@ -6029,6 +6143,8 @@ WOLFSSL_X509_CHAIN* wolfSSL_SESSION_get_peer_chain(WOLFSSL_SESSION* session)
         else if (SESSION_ROWS == 2861)
             printf(".05 p value  = 2985.5, chi-square should be less\n");
         printf("\n");
+
+        return ret;
     }
 
     #endif /* SESSION_STATS */
diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h
index dafa4b16b..2f72c4c65 100644
--- a/wolfssl/ssl.h
+++ b/wolfssl/ssl.h
@@ -1375,9 +1375,11 @@ WOLFSSL_API int wolfSSL_set_SessionTicket_cb(WOLFSSL*,
 #define WOLFSSL_CRL_MONITOR   0x01   /* monitor this dir flag */
 #define WOLFSSL_CRL_START_MON 0x02   /* start monitoring flag */
 
-WOLFSSL_API
-void wolfSSL_PrintSessionStats(void);
-
+WOLFSSL_API int wolfSSL_PrintSessionStats(void);
+WOLFSSL_API int wolfSSL_get_session_stats(unsigned int* active,
+                                          unsigned int* total,
+                                          unsigned int* peak,
+                                          unsigned int* maxSessions);
 /* External facing KDF */
 WOLFSSL_API
 int wolfSSL_MakeTlsMasterSecret(unsigned char* ms, unsigned int msLen,

From 281decae4681e6f3952efa27476d9a0cdc7a244e Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Thu, 16 Apr 2015 10:36:51 -0700
Subject: [PATCH 045/350] fix github issue #65, don't undef with arg to
 options.h

---
 configure.ac | 3 ++-
 src/ssl.c    | 5 +++--
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/configure.ac b/configure.ac
index 2a5c63911..36ebe60ea 100644
--- a/configure.ac
+++ b/configure.ac
@@ -2006,7 +2006,8 @@ for option in $OPTION_FLAGS; do
             continue
         fi
 
-        echo "#undef  $noequalsign" >> $OPTION_FILE 
+        noarg=`echo $defonly | sed 's/=.*//'`
+        echo "#undef  $noarg" >> $OPTION_FILE 
         echo "#define $noequalsign" >> $OPTION_FILE 
         echo "" >> $OPTION_FILE 
     else
diff --git a/src/ssl.c b/src/ssl.c
index d6cdaff33..ee0d473f0 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -6005,7 +6005,8 @@ WOLFSSL_X509_CHAIN* wolfSSL_SESSION_get_peer_chain(WOLFSSL_SESSION* session)
 #ifdef WOLFSSL_SESSION_STATS
 
 /* requires session_mutex lock held, SSL_SUCCESS on ok */
-static int get_locked_session_stats(word32* active, word32* total, word32* peak){
+static int get_locked_session_stats(word32* active, word32* total, word32* peak)
+{
     int result = SSL_SUCCESS;
     int i;
     int count;
@@ -6029,7 +6030,7 @@ static int get_locked_session_stats(word32* active, word32* total, word32* peak)
         if (idx < 0)
             idx = SESSIONS_PER_ROW - 1; /* if back to front previous was end */
 
-        for(; count > 0; --count, idx = idx ? idx - 1 : SESSIONS_PER_ROW - 1) {
+        for (; count > 0; --count, idx = idx ? idx - 1 : SESSIONS_PER_ROW - 1) {
             if (idx >= SESSIONS_PER_ROW || idx < 0) {  /* sanity check */
                 WOLFSSL_MSG("Bad idx");
                 break;

From 7536cec0d6941ae3c2feb0319b5aae38c7538f77 Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Fri, 17 Apr 2015 09:23:43 -0700
Subject: [PATCH 046/350] fix github issue #65, ignore sys options

---
 configure.ac | 20 +++++++++++++++++---
 1 file changed, 17 insertions(+), 3 deletions(-)

diff --git a/configure.ac b/configure.ac
index 36ebe60ea..148fbc3db 100644
--- a/configure.ac
+++ b/configure.ac
@@ -2006,10 +2006,24 @@ for option in $OPTION_FLAGS; do
             continue
         fi
 
+        # allow user to igonore system options
+        ignoresys=no
+        if [[[ $noequalsign == _* ]]] ;
+        then
+            ignoresys=yes
+            echo "#ifndef WOLFSSL_OPTIONS_IGNORE_SYS" >> $OPTION_FILE
+        fi
+
         noarg=`echo $defonly | sed 's/=.*//'`
-        echo "#undef  $noarg" >> $OPTION_FILE 
-        echo "#define $noequalsign" >> $OPTION_FILE 
-        echo "" >> $OPTION_FILE 
+        echo "#undef  $noarg" >> $OPTION_FILE
+        echo "#define $noequalsign" >> $OPTION_FILE
+
+        if test "$ignoresys" = "yes"
+        then
+            echo "#endif" >> $OPTION_FILE
+        fi
+
+        echo "" >> $OPTION_FILE
     else
         echo "option w/o begin -D is $option, not saving to $OPTION_FILE"
     fi

From 99a9d221bc8af8794a4a3216742bb368f770d7b7 Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Fri, 17 Apr 2015 13:42:08 -0700
Subject: [PATCH 047/350] in sniffer, free handshake resources in the right
 order

---
 src/sniffer.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/sniffer.c b/src/sniffer.c
index 58dfa4b0b..50f044498 100644
--- a/src/sniffer.c
+++ b/src/sniffer.c
@@ -1780,7 +1780,12 @@ static int ProcessFinished(const byte* input, int size, int* sslBytes,
          }
     }
 
-    FreeHandshakeResources(ssl);
+    /* If receiving a finished message from one side, free the resources
+     * from the other side's tracker. */
+    if (session->flags.side == WOLFSSL_SERVER_END)
+        FreeHandshakeResources(session->sslClient);
+    else
+        FreeHandshakeResources(session->sslServer);
 
     return ret;
 }

From 1e9647023c2db49dfcbf30f7c3fcc40c031bcebf Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Sat, 18 Apr 2015 08:35:47 -0700
Subject: [PATCH 048/350] add snifftest script check to make check

---
 .gitignore                            |   1 +
 Makefile.am                           |   7 +++++++
 scripts/include.am                    |   9 +++++++++
 scripts/sniffer-testsuite.test        |  13 +++++++++++++
 scripts/testsuite.pcap                | Bin 0 -> 52480 bytes
 sslSniffer/sslSnifferTest/snifftest.c |   7 +++++--
 6 files changed, 35 insertions(+), 2 deletions(-)
 create mode 100644 scripts/include.am
 create mode 100755 scripts/sniffer-testsuite.test
 create mode 100644 scripts/testsuite.pcap

diff --git a/.gitignore b/.gitignore
index e712a00ef..dfedec021 100644
--- a/.gitignore
+++ b/.gitignore
@@ -78,6 +78,7 @@ pkcs7signedData.der
 pkcs7envelopedData.der
 diff
 sslSniffer/sslSnifferTest/tracefile.txt
+tracefile.txt
 *.gz
 *.zip
 *.bak
diff --git a/Makefile.am b/Makefile.am
index 2cbb27616..a47f19bf4 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -16,6 +16,8 @@ EXTRA_HEADERS =
 BUILT_SOURCES=
 EXTRA_DIST=
 dist_doc_DATA=
+dist_noinst_SCRIPTS =
+check_SCRIPTS =
 
 #includes additional rules from aminclude.am
 @INC_AMINCLUDE@
@@ -94,6 +96,7 @@ include mcapi/wolfcrypt_test.X/nbproject/include.am
 include mcapi/wolfssl.X/nbproject/include.am
 include mcapi/zlib.X/nbproject/include.am
 include tirtos/include.am
+include scripts/include.am
 
 if USE_VALGRIND
 TESTS_ENVIRONMENT=./valgrind-error.sh
@@ -101,6 +104,10 @@ endif
 
 TEST_EXTENSIONS=.test
 TESTS += $(check_PROGRAMS)
+
+check_SCRIPTS+= $(dist_noinst_SCRIPTS)
+TESTS += $(check_SCRIPTS)
+
 test: check
 tests/unit.log: testsuite/testsuite.log
 
diff --git a/scripts/include.am b/scripts/include.am
new file mode 100644
index 000000000..971954376
--- /dev/null
+++ b/scripts/include.am
@@ -0,0 +1,9 @@
+# vim:ft=automake
+# included from Top Level Makefile.am
+# All paths should be given relative to the root
+
+
+if BUILD_SNIFFTEST
+dist_noinst_SCRIPTS+= scripts/sniffer-testsuite.test
+endif
+EXTRA_DIST +=  scripts/testsuite.pcap
diff --git a/scripts/sniffer-testsuite.test b/scripts/sniffer-testsuite.test
new file mode 100755
index 000000000..5dbaf86bc
--- /dev/null
+++ b/scripts/sniffer-testsuite.test
@@ -0,0 +1,13 @@
+#!/bin/bash
+
+#sniffer-testsuite.test
+
+echo -e "\nStaring snifftest on testsuite.pcap...\n"
+./sslSniffer/sslSnifferTest/snifftest ./scripts/testsuite.pcap ./certs/server-key.pem 127.0.0.1 11111
+
+RESULT=$?
+[ $RESULT -ne 0 ] && echo -e "\nsnifftest failed\n" && exit 1
+
+echo -e "\nSuccess!\n"
+
+exit 0
diff --git a/scripts/testsuite.pcap b/scripts/testsuite.pcap
new file mode 100644
index 0000000000000000000000000000000000000000..a39ad39163e491b079e34a54e95df88ef78e817d
GIT binary patch
literal 52480
zcmca|c+)~A1{MYcfUsxx)`v*@u`;+YFn}==0|SFA1A{}8wF83#8v{c<0|O%n|Ng9<
zUcA+ME=d0drvLx{nJ_RgvDn{WWM*b%WaQxD&hbzN$+0joFo4W-$6{tyBC46%>Ayce
z3@ZFkyw!T%1|jTbg3N`P>F>wNV8Oru#!z>fu<D_j33cbZhe3rO8w3om|I=V#fVmH3
z7RYU3Sj@RCf@%)bZ685y!(~o^KPy8S0|OXC-BYw*5Y-$M_edCC|Cfg99x-NS21`Z;
z22*BcOWnT3X-AZfZs26KlsEpDYjX5%!v05#=DA;ZyRG|UUkL*P6N4=y0|OTWF9RC`
z3kxF?Bgi+6{+OZiZy~BHkbHBeLBQ}Twou6mU}b1$U;tyNZ<<Ay;W0<T@an&EOy77h
zF)+9>Gy86o?&go)YO*o>rcHa?-tC<~7^i+o@DGjO&Q`#2@uHr>nkBLeJf^xg%nDE2
z!kFeVBiYsMi&c-fn~Th&^tgGUZVa~Igj5^A%J7nf0gNHeVtM-YI5uY$ITUZTzSAIK
zc$MiEhO=1Ka5J#1U|?Cwz_Q4oiDjNa6LZ@FW+p}^CPqdBUN%mxHjlRNyo`*jtPBQ?
zQw+HcIN6v(S=fY`LW2zj4ER7C4jy*j{JfIHyhNA?I}f{4epPC2VxFO(0Y69$7Y|2p
zVtGk^eo2O*uz?^*h?|GYIX|zsG^ZppFWpeWKnx_v%)?(^UanW3pOaQxoTHbVpKB;@
zAPaW}C!?4^W?ovp1Cjy*IdNV?69aQYLql^T14EN2ab81n0}}%?DA%BI0_o0%dX0;R
z9b{8*un){@+&t{Tr3D4~MJ1FtxrtE;IdB<S8JL?G`56qF7`d357#SH3OyzhO?)a%N
zcl#w*M|H;3W3KBy?NKq<G4-6j-?eWt9eZl#|6Y+^|1V}vVCna+Q|!-8_4^<0tv;Y%
zvpQvk_@7g;)w>=jJ}uJA*K4~mwfNQ=>ENC5_SYqORsA0(CkJ+Or`WG`-mz3B#$@w4
zh6Tw-ztwX`W>gd}>ycQ=l)L`0B%|IAfyc+rIBdyW>}H(Vo_A!o__EJ0?yfD~Q?0MK
z^>11r&)$&D4|C&X_9z!$<Yev?xg@YN<*?R;h10zDJiH<meSE=zgUJ>AF6IVC(;AGF
zr!FktC46am@uOJPlUclnEfbb(*^uev#QE|D#~x#a%@In=SG_*+@L6K>(M!|r-@M?z
z_Bs<YBLm~&#y<v)KMiErm_udxSj1RFHVYb^oHV25(a9edtn-+iPRaB2*%&mQ1j#G2
zG#)f)+}9wY-j^;|a#&5){;hHH<|Q{|4W7QZy0CH9lE&$SH2F4hGR$&xKf6#QsmFi^
z<P~8SRs&{6#{b9(gcY1X7#VDP3Rt6)y!Yp9^GIYAkd0&A6*@&{U1a|BhS;38H?v-g
zy1G0G`%!wT%hl-1@rS=Y&5)UR+5QFJN$Fn?D`%$j@n(0uk<y7gV#3mES$=lw%Y^8r
z{U+z$9`m=~664#o<qH>!(1Ngo4~@+ihO~RUY&^u@pMN>X$H&Mgd%hJ*e|hZMJGR=N
zPTsdkh`sTrt*FNKLW_6LeKqHQ2hK!4G}~-zq_OxtkHWQ$0hZU&S9Z7TnPl=>Qu&2I
z|Es+cJ(JaKN=o}8Sbk}hxYYjfwY(o9zN_M4Y*xYLnnewb&m;pU9(D<Qv%6zu@WbmX
zdo;c%$~XmbZV}2|a7~r7^_UjV`sESNg1SNFdP@K+gEs>M7()s^2KU2ru@!t}pjrxC
z@cpyKDEJuoco`VD7#SfI2BdQC3Bar}3b0pPcOC{6IW!0uUcpvnfXs1ZU|;}Ys1t3a
zvava_oCQ`k|1-pNA`2e_#9@=MIBWw8s)5iN_0GefGEfb_9-G6aVKHZ67A|wjSsDZk
z*I_efE*5hpTj4Z^7neEKfvgN)Ss1_=5>PB3r+eWsN5XI&(=&KLseoE8V$94eJGdEG
zwlJ`4WMElm(8RLJpow`Bq!Qy~*p|G$KQ<|R0a|t<t2Dr@6+{e#K-CsE4|hOOetJ=2
zZZ7pIGh<5=<jM@p9jwkKRG}SazNr1ra*2_vb?}K6ZLOM;S$kJ$1+lwdTV}S2-Kg)v
zuFUFVhh64fY4rH3o3W@nefPrB6J|PIm!!XU?>f)>^ZlETjdInqncZjYPd!tgs*<_v
zg-B=g6O->pH;7FBnqF;HRq>E9ENtR3VW-|pHV$)q-d}9HZyqSkv(WnM$HiWzPad9|
zc3-+~zu)u=0xwo@7&NX|;C2={T9UrSs42g<?NEoqOta=)at=jG;@5*xRf;#9doOu*
z-T#W5>H|W|SNw{219GhwTQ8m&H}}L%p4QDbyKaW4-Ol~BX7_(ppCcD5zZ70>bC3|;
zki50X&)~@PmNwlm{p+IN>kq8^`X~D7?}fWAW3SMRZ@8vi&uEvZ3*jwLpLksDdTZ(d
z^a>4|8VV{j+9%;Aq&!EkLTeS6a5VOwYR{+eYF!Z-)}MvR4jUdHJg6tERki(^N<{l>
z=HI;QAAGrRVo#u%fPdu~|FqimGf!8a%b0S^Y?V`9Pet^m)>9WBt}wjVc=PAM#q&&@
z-*Z*g+BGNs5sA5YcMsq7!0m;3j&<ESQL|2$duM%R`_Hsq?pd<`9+#W;Ve>fWIR6Y)
zG;(X=Y+G4fA~P>aYd>@4#M7TN>raX{b?yv4TgN_OWo+3)$vEDK9g$ag?<=p)PA-$2
zH|PF_aL=3zZPO3u*!+4Bc1Zg1LMN$+q}I75lFc0JBPaZrxi|f?*DJo0rxLq(yPVEU
zc&T?Nq_{qAeeWZq)2<5FBz>dH4bSlF9;gFVXz_uVwT{DD)It!_Q7Pvw-s&*3LBJ5X
za0eBFDj;(<1+p?YGctfNq%dW)&vQpL2U1Bm%zPMB&f6eixbD9(N@1!Z#>~vfCcwbR
z#K@rcEnLd}Qgqxz5w+gF&pSm`7G?#+ojQ<s&im54-zCpeIT%Wc8Ncp%d-WL4(KlP?
zD7=09y?dF5k;&c9D!C81O`dG|yk)|_3fBqKN@Rb!&VQEa^FY&5Z2FDHsZOWb(ml2p
zKRmA?C|h@wTS)oD#?Nm9mcLOtJ?&MYxy?`Kw?YO}?JM8u9$;(NW83C4eTtlZn&kVp
z3zi!^FBNG0xqgE*cm7Y&#^1LCPu-ld{c8YETv7k=Z|{1F4*LG>)p>YF<!VZ_)z+vd
zi>_FfOxx9R-SX?Vo<&VR*51yv<SIC)<`N*jhxPGog^!p2&-mf>HCOD-7V~%7GNzBx
zR6Rtjm&wncZZ55=vKkbm2eCxW3_sK$MMRC`k_G|8<w*4<JZiQ?vNE_bGJr8OY8;(E
zqM8GV8pkE@s4;~{jT(232RLdt_!$^kSQr@@=I-W|`KWtZbbdyDk_^w<^?xV**mUM(
zi39tUy^lXW%r1FwDpcv+Z$9gVoGTm7teAD0i<LV$-O(tze&YN8FC6XIytmm*zdCQC
zw2xN5X2Ofg#>I!v1aG}qFREMV@-{eak?!|h{hP1ZtFJu#O56F)QM<X4wSAMW<s9D2
zH7n`rfrZDF_b7#%tqy!C@A;jRZJo^;@$=$QFN)Gi61Qjv&b=~mq4A{6!RcyKmIQkF
zJDE>%6Io_aHevVNG?#_Tjys-~Rar6R%VqVYLMyd-W?vTIoe+4-*F1|oFyWcIvi3Xe
zqR!AwpY)U_Mk$}v(A->lXtux2BB{#l`SN}D@7<jtD|PFk{4y_4<m`%MWw2vl0Aom?
zGFTO<VGC5Jjj%xdr-vG-BFxMTjNsvd(~+3Du;?eMX^5zH+SnjqI1eeRK~baza@7Sa
z<}CBXY0h?B=3I_sW$0yK0Ar}{I@cPbngdBPPTS$Wt3~x4Xb>f!d3i|Nq}b0#5AH~p
zV6iRa^j>_>Z++eUeO&(?%Sz+i>l^}(Ex+g{JH@ACr;%)|M!lJ&|FJi|XLTZWE2mjc
z59ACF=QPOm554oJLz!{L+IRdQPu{}f$s;(6EN7ku0mIqY0?RZCGYUh{q7V`2&O8kg
zhO^P4Pz@1<u2GmlcHswVkU>ooF5U_?4K>Krz(F?cppLrLt7LJ>`g0fRoqoNTrF=dv
z{m;v{lI?=^OVvJS%8T}>)EjrFy-)GhunuWoeUIa!u5^~-p^cMSllrVL-CPy*eR(S@
z&!f39hkWG==PUsQS!fhy`a0i@>NrSzI`cdXDi=m;GQ-nXG!}CV(T1at%*kjFFkFo-
z=zF4A8EP3Az!;joDi5OdQBcg0FkJmF7bShEi8C`ZI4DIr+8sahdG0)Jz2)6mhc_OM
z<4oFmY?H;0!_jPyELm8ls>ZYNv)4rmoNKsI;Cp7v>h)fkJ~IS<W}Vf(<)Q2s4+@+)
zSUi=;jv6@7n9C^M>Kxc0U^o+-r}kh;0ej}-F-O91=0CI)0P<9TX?w20POdlcdP(2^
z6&6n`b4p*Lcj3ud*9leMBo<iK^}T#oyyW%AoniaJ%N74w8X1_YU8tI5b&6YY_ce_M
z>!JewpLf3OpS-P6c9~ullg5+xAWxpe65?zBV0GMHuqQ!|Lkn?HP>9<qPpDn{^!@_d
zVgsf1b)O2$S-ag%rmF-zF)p+Ey=U@+kXMOjQ=eJ>dZYICiQU5D3BNRF>A0M5du#Y*
zYT;MsRZ1YoT*ngPsynbbrh*CV7(whIeg}&=`+uXF15HMO4};40HV7E5#1?apv6#c;
zip!h|rUn7SW!TJlfyJEbH8{;-#%0c1EaqesqM8Fqk@&;sBNlTcSCDSbS1jg4ZN+L1
zGdR9*<d7d&%n|BAH3t!26*$A^Hx_fE50P#TM>J+J#9fES90|i^=*18?Q^bAAO9~TQ
zT2m|C_w}@%Man&)X<7C~92LI`O#Us{c6zd$S6!b=iD&Pp!fXEbJ{$_!eN@)#xALm(
zw+wY#w7<z+0c8rIXv{L2cNSL1OnVqq!Q3E-Ju&M?voh!~Fn}?%Y}NQJhH4Hp@i2oX
zhXPm_82-sXhI-7f=-ru2oZeY6m=jjs$58eD{-T|}Dy?Dz$X*;1R%#$Q*yPelEM`ir
zK{Zo5{r8v0za>gmrB!UiF<}L+zhGvbkHHM*;`OLzLfyIX@o$Mzw23CLS)lm3kHsA8
zsi@{a-Bt>68!mG`#b8cYshmYM2gN<86INjNfEo_a39F!!Zc7e2+4E$5Y?}En>QcI>
z<NJsiT08pIhn-+-n%AVxz`(>{iaBA$5{nrsNnNO}K=RFdv<WM)D?p*57K=Gy^<WVm
zb5JL&z~+E_1D&wSewwhNLC4~HRfzF-(dUBe?VEpX@z2z{C;lfQ-yr?}A%)IcCE=HE
zh22v=s@pUzAfR+d?6%v-^A<as$-T4jt+w%JFa=Lo*<<mZ_dZl-K?C{y<KGfT&<0n*
z&H{PQB^GnyYxO!*bD+U=WK~+ld$fr!usNVH!_kQ^Z1Z)P<3mu9(TT6oi7%?o+m23r
zEh25=D=?N7Jfnm>t7PJht>BXd)pp>54{25jR`4;vXO$wcl*r4`*Ns4$3-2HQmIYPA
z$ODgH13@Kn92RrB?NA+tDA{G}&;~H!<|xNu4q)#8i^m)Z!}Ul5nCjd)9-#g^Yyh+4
z*tvbvCw~<+xc~hALKgG4dQTXNrq+ejt^D!e<dU`v{VV*VgKQ@+_A&bWXyOg?tgaVt
z`P2n{&$z7j)~TyXi~G8~CG)e+*KVa+58eE!_qHZ~sScBIopSS@W$2X6O6v-C&9(Z@
z5_CrCZ)8FmPeIZB=iL)C;(A>#R)+rke7Ko|UnSovM2}zi#DC^Z;<NXyYN<aPxn}j(
z^{lfd9pAfQy<<hv*QKl%_;mI^)Ubc~FF+)J?FNQxe_0;Sy|P3sB5d9L?PBr4m!2m#
zcu5`1dbeFv@brmq6Mdb6?^s!12`|gLFTRd>o5`u@B6Yi`2aOUmF05<_Dc$k#d#G-a
z^j)ph|EsP(y#<OI*Eq~Jg^>elkU}a;*}7F}mA@JU49_BUt3W}j4l>6h4s)PJ8@+o5
zPAZkZ9{-lDYmhKpk2FvNG6!j(CIE}8e$B(>sw##C0mC!cTooCI*?AB|Yw17|UKIn}
zRfrxn$W`i~mX5<eS+1Y+EebbWUh>gr=E@oE@iAY8iiD@VT0Wm;@>1SM)5@%;PQP`*
z_(#~^24RWyjGtC*d04n+QiZ|BTg<N8uJwTDrBkqYD$WC^r(7EZ3{PS6)P+>cpe{#i
z93!Hv%C$kl@Dx%|YjWp!s3XS2UZ-LPkvv)uK}~B}l?F8p5kz3qz(F*vWVQN%n3Ii0
zS^fvs9$?M8*rRZjcaL^mu54Ufy4jqi`blvX6&6~bB)n6bzxYV6t<!g~l$>&QXI$pd
z%lEhVegLJSPpO!xvGxUO5JBV1_3>}n7PK)ikYhAK=KR27&XH=I=A3L0FkFKa)Npgu
z(l7&u`y3u~Bn;Oebw0u7fQE}4vY*w|x6S9$iJrr**`ey<99(rsM$<HY(!P4h1tt!C
z59a8doFp?LZ?~|i(xHE?rH>bFjdAzgWfNOhb=%_GPlE`MrySET1ILRK)iKbRI=L#X
zs;fc3@B}tbg<|oP-A+8_NEn{L>Zvc>^L(#Odmp%~VRmA|0glYmwHY%^!^6I&Py4}t
zfG6Es^ZDn6qG4~Q&Gsvtf2Ke2=hMi0Y6~@Xyt`o8QN<vgp8@hz8WvB<yhe2lG{(Cg
z|CZxx5HMVY%~NyISQ&B|7{D0Xqt28-8=XfnN5XK`zgYNaB|N4K&VJmbwJY<vRZ05y
zbL*}qFSojTh)bDut(Df@6E6S0&AiB;k!EeF{ycrT)9FV?3qQO7d13<=Ph|I@dIAzN
za(t`Os`fVs7#_psiOX0#QP_*e90|i?SUs`3^3z2Rk(kf6c2yrX-Mf-J^Tp1&@+Plt
z@7Vs>V^8q4$qJ7T?LQQp^5A*$oI|U1-kkw?;tdv0oN7n492$cAAODtfZV)hBfz1<q
z>6m%uY8oDMBn($zO<q>@k$qcM2%p%wh=0DVLg|dtTYhS#YcSmOTa#7DvTPpT;u&?3
z*QB}m&c<(1klk?k@7znPZp}=LcpkoFy}RBmXIYS^#L_YIjQ2ZK$3SDoc~x39Xg$jj
zY@X7`;;GkP@R%cEcm%7byxET&S)lH}bz0f>y{~mVZ6)Tt-OV3(!rs>G!1Agi^#&hY
z^Pc^ak`HY;pd8T~oLge`{(r*3@Qz^jIV+ZKyyBh?@{}1CPvvu?ItCI`)hv&H%XOd)
zVS>{-$ebW7o{~bF4nZ*ob!ZK24!CsV7f|AAzNecyWoyHowX^a{7aZ1(|KKSh+tEK$
z{`{RQ;@h3r<tGG8_Trqj<jIxboaT?|;d^!1I9k0k0=qO9pW*~LCIyS9WU#0Gj#X*Z
zo(%$qhp@#|I~Gq}z??Dq0ty(gITD74u*TG$S;Ah88}iTg#~rynXUg0sW|R3oOP{-Z
zCE(>{6}Gs?j9xO|B5k&^-Mh8f>{<FE_m$En3ER)SI&n96Ht%fioyV*|o?3v#Q^Hsq
ztks^6f6JY15HMVV%~OZcF-x~|Xzd|rOhL?%FkFJQVEE~5#C~$ci6dV)6Luu*aC)~!
z<*XTJ0pCFh*9SpIV<%jGsytb8PyYFWGfh9O?{?oZ1$p8s7EkQK9O(vy=-E|i)u7h<
z0c@W5jl~m<XoHW?ya+Kz!telAPaN3$vZMK&;g6#>&Z{onVKaSXths(k&tF!{`)5wi
z&FJ}8(A|-}dJVhMm(m8A^1G3iAWw*7U={?0*RkfAy2roeLDL6|uzA8f12ZP1V(^$F
zVYmpZCv-lZeV6{|LP5jXtzoU+Q*X%0-QCi^`>5XMnerc9_LoggQ`nw+;*75A4n`@(
ztS_z8L7wo!;)&Z=P%Vdqpghy6wCc?b0*3psc_IpnCj!xyF`}3wVYnZwCmv?2O*!;x
zV#?(u-wM_IORTw8DhWEg*<JeV?TZcV_s(p7$$sG70ZtVu9p|&__Haj7fIN|d#S>Qc
zsGfkP<;{<O%bPa{7%s%-iH;1+$=ocoW-y955{3(rrt;vWSAfW}=N}mqcm3bC=#pmt
zvWHuxR-D+B?U62Et(DOoyd>r3LM@MJLA$j*cusxZ+0mG^NFlN>U-8-U`N3iyACBe*
z-EhAf?f&!c)es4_8#6fGzZL;`asn1ls_CP85*othtI}#X8UzgYVDsc$ES{X~gvT5S
z!#!9%Da%nQx>Q@+MSO8luSieS)Ng9@r(OyS*v4$EaA}5s2J_d_za~d7pV?KE{bl9y
zz4^DA`k&wWZTe<z++K(JYlcD-ce743x|S$Eh1X6swIPlt2jt1MSUg#cR%AnBpoZh|
zZ}}dyl?>n*0GV?fOL9!cnx~-VNEpt;njAOz>*Rg7{r!wt;XTpq&Cjahh4x+f^fg6l
z(YpgCKaObW7GyCn`tNJqaKVmcp1@s0@TBWaES~sy5o-wdtV*k~Z4fZrjV-4BVe!P`
zGCbx;81BaE38|t)_UWH8@}8d4KCr#fZui0z)|!49lY@QdOB&u!S}R%?J3YvI*6zcT
zW31H{O?w1hAtscGS-Pp6N3|Rp6Sj|k%O7kIFr16c6NZ_r4Cr(I`q6mIkuaQ#wer08
zdClu^IpHIMqOaTP&op{&KK}cX-2TAJ#hn&rl@E1xX%(A3)9bg))-Igx^~vLtdH?5S
zdpQ2<Uw6=v+5T=~>rqg$aKYlKrADZZf##uutI}$k8Uze?VDnTE7Egs?&iQ`<1q|36
z3Bw&&JyjsACROgbKV@!i?nc|+W&FEmN+kxqdhhn<U`%mv`e&^K`I4<Mzg``k(JL7B
zP&cxH<%{j_9`=L5_5wSX^vk!u0(mMKi>Hp5pn3`#Q%#S5E3h>P7|z1xsrpRJdT2XZ
zmjlHd3By@flUw88ea1W8`ESiNzhKtIU>4fX^Xrgv)0cG{U-j01aW~$a_U5uF>y7T<
zYgJRWy}M)D2=YWb7EiFMqj~}oGYV|0(rQ3Un6_i{#A+;_P(o|SqL?FLxE-q}L|nEP
zOBO8K_B!pd?FZ%Bpck62RN}IJH^twOp1tc`damD8ZOO-P*`(jizG#`cmE#A<6GyOk
zBCQ<N6VMRc{`j|oHQJIAE$$o-@L0orEXgYdZH^Je9Mn}CU~|B&Xv+yJi-MMa{`<sq
z--2nKwsrxY#)-xTPiDx-UgPYWz+a-7@JM0aF7pi{4ab$+vy)F$bMyat7+twDFu3Z=
ziUaN7MQSgwc&Z$&a)pMd^{TX*KMewgTajW0<QOeb;4o!j76h~WQ3D6X90|j%NO=Zq
z4%kz#>P~Dh`SaF5>{ZNN@z%7Xq5qTGmZ{3Oz1}uQ+EMUOxIld9g1^oWV|<@oKJQm~
za;>%Z^yQ2JwQuguKYL-tmA@N7j^WJ0EZr;{Q5^#f;XjXmD>O6+7*5CLDOD_<>POq~
zhhmO|;dHE?@{kkaaBNa)(q77VVdhUpW8U=!$0WK|%{1hDzg~CM_s};C{Y_hsuTIYI
zynft@<5i~c!fz9n2tJUSaX!JY-!8KU<S8>Oo;ruNObZ&q4Xe^>9UBA;H(~RXFBVUo
zJb@ZGDCS5QZo=xRnO5hI3p{Glc-T9UXF1oBDQCl9Wp7d9wYuZ<J=-8VEaU9PGc4sS
zniq1+4KJLzvw`OVpE&=8b(Uh^c10)^ZrW%F@>Dz)Pc5B<>KI4}*E&A_t#GtKz;FsS
zPi1FemTnFB%#kphf>bcTlb^xWlSPZY!W!S+ui4_tx|YkgS*)ULPSbApO+Om<S?lL}
zJ!aB$uyWbkb?Tw*x#K6bltG>-!r}>QtSthCqpQ+t%Nhg>H)8Wd4Hi#q=Rpk&Xv{#&
zkucnd)e~zhUBqN9^AyjmQY|yS>-$phs@@&n8+;D4pXmh@Udo@s^C3X)|B20^Q=>bj
z^+np(f;`cT#S^R0wh=>PqU`Z+g<lN<hLf>*Vgi=rH5V<JqL?FLI2mj5iY;#Fv$8Dr
zcwgk0s`-AE?B`t%B&+9LOuTuyQo;A!lbV_{=|%D@R(;Q~{m|KQ{F}k^l?9nEtv)T_
zE(^V7X{v1l^3*gep4#SvHAH`{N~_(CHje~O79evLV)0b^Mm*+#CMytQ-e7aUrQ2uC
z_62-pL4JES%2l=Bi`Mg9$D3EpGtX^R%D<zHWy|Xl_g={Ty(&?$)<!2mcc$U%$AQXj
z8;T1HwroD<D|#SiH^?!|v3SZ5eG@r&=A?G_<KK$*4FZM}vBlIjES~a1Uq6a$j)dVv
ztT9z2b8vrGc+;zuSLA|Ed);-p(D~})C#hpf`HCEB5-kUQaJq)}XjIL+m|wQZe%h{3
z`8R*O<s%l}ifHh-yzN1cfG@~Xd$4$_3hTI=qW!A0I?x0T@&G(IghA#U$Koj|w7`Mn
zA*ea11MpyTz%ey{^+(Nb!Pa-<l7C%NKl&>3e|Ua?vE{`TH|*RpZ!JGsXS~+-&x|LG
zs-51_pXA=D@yNeQH{Ll-AcV*L(w61VOy7VUa}JBA^8cYG8%SQLV|e^q5i~o|hb^XV
zV<{M>qis+`F-O9%4{O1&UuVIxvzJv;*u#IPmMVOVPI|ND{BpO)tBpR*zCYRNx&2b1
zcCD)&209Bpg}ve=zuyCS;vp7Ki1DF%0ve(%tJ3OB(Uu2;Llk7rYb>7FD1*lw(DGo!
zfIHY6P|O&pJY3Vge7R@8eXjVu?KARbvAkWvdD3FTjqQ65UNBu%JfG{B$ioGKkJP8d
z-~PyYL3JI-@=sViA&NF>1r0&d$G;VKHV7E@VvC9YSdy15*0Jh3h&d95y;$>1al`FB
z6BiT}FSxGoC;G{g_00)ee(jZX5>}7t{Cefsi@rM9VErlAWNb59`-O`N5{sA)t8SN?
zy@@lOVe`keZhtR>JjIrc+05A!i8Vxbu1c$`LR%>d4pERfg4vjDxA)C>%#ko$iPcjU
zJC<EiXJ}v3JNtJAUv{_<>yw-N%O#TU9CeJYQ@z=yK6yH`k-y;!Q=6L0vNzP;6h1dD
zaM<zJ^-XNZ&!tm4?Iwd9BZ0+Jjf+to1C6Pw$G;W-H3%4XV~Z(OES~!O9FI8?hTT{_
zwddgP;G5UCeR$5M*1Yrfk$B@r`ft|DpNZ~2`pSR$?uB)#cGZt9R|`IRSAO(Z+n$V&
zD8*Gt6Ed!xSo7qV?B7o=6F{EQ!Q!cVd8m$o=AnP9(&|9-J;-a3;W1@~#Zzm(<1q(y
z03K`(C=WSsoO=+n;gsi=qwlZp_`7h&id3J7Oy~YvzqMNy9iF!D;o4wko$yHgDjknk
zJN%W*Q$FAD5;0$0e)4aS%*JcF7npB?JY|c;Q-NrmF=$NffBahsH2>3qEvCG(G23n#
z==)N@^-vwe90|h?tfku}_3jwuZ)%Zjm2(^{j;`7~*@Lr;MRVFkQ9piV_DMI6a_;9>
z)mWV^JlW)6rOR{K29PHLuy|qu)|gRpUX@n&r9r@ODK<|;WAVgmd2BHQHAlj5DOOLc
z@wuhDs6Jw<l)k5<<>mJhyYrMznn?J&&SzS5u~*WsrXZv6h2in8eYKA*=ij~62ksgq
zV(~=67F5fjG4bW`Z>5R`0mF7|o+!x193ef7He8Hij)Y-5(%>OHc?AT16zSXb?U{tH
znifO7W4m(rhT9X;wel4ol*rxWK9YGs<$Y&>NP<b<66Qb2y@#ux%O89G;ZlRs`nl<^
z1h&a+mfz%99JKwb)Olvkv(}>TUVj3`R2dde-ZDq^BqR?hRjf*@2hH~&56FWZ2QsG-
zizg?c4XB`)0~(M=?C1cS1Ij}Ia`_3<&YxTLxcK9Fwd))Eqbua}Cx4W8|C!sYD3BZ<
zbil8&!OVQYdPA<D82_waRUhTn<a%oO@H{(tyyn~L#It>?%ntD>7wy$-KW?gP_;^J%
z$Z_phJo(H3)sv7IsP}yQTj^|rfME-^n4E&elL~0vdK7ac3|p|qWW(e8qPt5=o(fI$
z+{9G)p-tl5Uelt=if1paR_Ln)x72v&i9Y1pc`sT$wz;Zj%I#A@_y33ZNad$pc`$4G
zb6&}UDn)(QEeC|M+?n~eDAulX19@^b7Ej*kK=mXv2F|WZtDn~(U^pL}CzoRJWDe%`
z7f_Oim?L30AFC&O#HGarY#&>*FkF5o-Dr5syZyn$8c*x?+YhIn44Cl7_}tOn3&HGs
zN9DOb%=&cIxT`YngZ@49eeSoDZdJ3GaP!<(n4jf#^Y8;bR}b!zG~FE_Pp-k@$-^9|
zo`lB0yvM(ll^O&L8?kwECl*iMlEq_=gkd9APgY)TYU2I<Z@#+?cXQm6x?USa!>$Qc
z)=MW(Tzl=y&C5#`uI>t#p1kJx|3`Ie|76dNy~KA(Wu@`V{FXm=vy~TYZQ-1;_=dPX
z`{9pORyD^28+U;`c?gRqrO<|vAu*|}v?{IsGukjRI4^<BIfccO{0mS$iDC|D7#Ulh
z{IJ{oFxw-snqrr&YZR{<gt0w6W7TT#(kCy=ea3@>4>-g;Wn(|G`THMg$qbc~&wuHB
zY?)<~OB18ZrF)AnZ&=UC-#hipqg6Q#hI6JZiT+>o8|1i)SUl+^iRw6LOn!d+Te-YJ
zz_1=$Oy0v%MT8%~V~&JjJ=QAXk~@FqlWTS!fBznRX#7gd?Rx!l=Ffil59ThIcPUJ2
zlHi=j+s^RFzqFsn*P5R3Wkx8-6Hl;sVv-7~<<Jl=UzOINfwsRA9#ikIcwz?TiC$ko
z0Rc7#w7(KtD}HM7`}Y9~``P{^c7AEM;mp6iT`;6{idgpTX=}duowyvf$}c)A_tKw(
zZLX((#3b^9=VZTP@kA$DHyjcZ4H}PsE3at~Fs#KE6HGan4c=6=iDeXXBn)e@whgzK
z#a~IeW1Yh1c5ces1=GJNALJ@pWD)qvWR=dRwqO5GoLOICEOTd;{;Jn|J)$ONnmK-J
z)N9jwe&7dls>&j+#oz&cjvUNZ{6wsyKFVuWr8VSY8CC|5zzSpWl;s|*F$^&Wb68mm
zRIfR>oDr({e!urZ%)Vl_{Aq_DEL$SjG+`D?x6McO_cpq-R-_5e4*1!zqU3IGLRgE?
zw6Z@UJX5q5Nld*oQHJN%BF>qh<R*>9Q?Hm&9Rm&F+{eF_LC4EfV~Z&@ES?fT8>~bz
zN5ZfgYfSY&-xn8sOZL>2nDYwBA}?}heBHgkN72qg$8K83tLg<^k1o0AX9hnJN>SS=
za!6V5`s&p-dLO(VdOV5Qv?c%9nRbw;bg+1;`w^<Apn2%ys<ehpxQ3O@uz2bK)*iJo
z#2j41%5{E<{mYlwE_70iHp@~;Q8`!GsnhgEeOb*Wan*u|>c-t%uFDO7pR<+TAo`&2
zQr*>A7u4r|UoCo6%V3T41AA+5J!Ol<Q-1lVo`Qz(rpLck%o+p?E3w6tR}N;|@ex{8
zfMSk>VI|gjYK7NdRj!Dq<~y|KOYbm~%(FQdA2Z>eo9X-;DHZis^)4CgxGIxezBJ04
zdrG_U=B3eQv-ra+ex;mb%6IJzzY}r1*M50SX6T8B>c1@RzGV>C2E|+;7EeAxE5ac$
zr((7$t&ttqFmp5(PwHT;r=aG5hMBR|Q}O|FX<SWgO-{|MMb@)UoKHCBC3j<Ag!Z{<
zKYluz9RDc3Po#VI*V&cv3s>CE=~a=+o3v4*_1Cpq%t9xH&;Ad(bMw)=g3Sh7cUSgL
z`>x&8=?L;<G8Rwfgkp=yM)t?QRk|Al49l>^WL^$te@rJ3k2w;CWmxN}>6?tx7v5Sk
z(e>|iyS<fa9Mdg?m7j#%4gVVY?aQo*e>orfJmq^A+9Nd6S!~)>%a}}%CrYt+qB{ZA
za%fC-uS#pQ!8HtBkHr(!Xq{6Ob3nt;*y^cIb(?oc_+;MPIQ@R>qP%t6U+?8gUsgCN
z{g!a;D>n8&O*fCl9<_eQ{#bqL`hpjI!B;_^XvN|Q`PHbNfaHZno5#OZ4m1cDmST&E
zNmxAbL<f&K5{9K%V`5U^5{`sc&TC6fx8^KbzcgD&$Y2W>=RFbA@2ui3j8A1R<Z7k1
zZT_~<Bs+gc$nP_qAWzK1;)y9(#~M@)tV(Mv#5K&k7>g%*v95D~ngbeU#ugJl=kp5p
z#Vr2P)hx2yxLjn-&y@_x9UQlcrd$8EdNpU$Y^Q2=_Sf!{JD#juroGF|C<)|=l~_E%
zB7rpo3m^Yh`Pv|0Sd1+uwqYr<6MXTQBVkyKwH`XpsPdumRZ(hi*GI>K1qv3OS5zY3
z8{L!Aini@~Uud~WaJ{Er^DE8;mGe&4<Oj)WJ6=6;<&jRmq|AOdr;T&Y{Q`OF02WWp
zK7;BQXxjd|Dy?x_gMeW_HcuVH;;D^Tw}+}g%#kqc$LcA*{h<LHJ$`<z?=P)-E*Ny*
z)lns2p6-075UxU#+~1obwit4*-s04Ia^BkeiTa#|8ON8OdMKpcs?(l2r9MRBqdv$}
zXR&x{&TLdqLG#SE$G=sr8Uzdrv3cqimLmEl+JFv<ITD72SnHvMZ)BGx)uimIFcIq%
zcF*axa_IT-aRWnP5tGBQ%~Q^AJmL9iTZzQ2vx}FVJD#Ls@;;jDq}dAZy9e*i;&hvN
zLu1LSxX&{)wwx<AefPNeS9Nd&$deDTcv9miswW{ar)sq-t%<uqz_16KCtqXn<Sn#)
zRw(9381`WG<Vz{<BY_2SM=LdoEEhEe9Wg)j=U&#kGUmB#4Lj<7Pdf9&XpifDhi+B3
zfb{I&&pRI{_no|WZ0X-;@7q_$Zdt~!uyyjhjw`D+To%mbk~{ju9b9mH!s5wy(x{$<
z#6T1G<KL?N4FZOF*gW|kOY;22fX5sO!#u3Xb9us{<)L3R6b{_}p1Nqy(dR2Oo-Vo;
zXPIO3^ZvZWht6zOTu|-blRri6Y46XK?RS^m%J{vslAqz<(K(MptJ0SK2QOV?&Bbh`
zFTy-^;S0z^tJ0bR8Uzfxuz89<7qjcpUX1D~Xw3D4&5<zd!s@BHQtSyV^CFm<L|=y+
z-JGAcAv&fe@9!<~Hwm(=@}6(xr2BOCo}9}#A>jB0`9_xRh80^g7Hd`pUTtV96P~X$
z72JIn$Kt8=XnVP!F%|Imx9XJ!0mB?@o>I=mY%%0ppn3|$90|i5to76~CrOT<{7R?p
zvd;HS*c7rwq4oWode^T@T*6qG4!tjV^!B+$oLzl?e)jV33wIq-0C&%|uy`W60o8J7
zh+bKh*3{Y{V2E`X+60RyR=&hz4z6M7!hc^al(m;zoXE{S_)Vp5o2u4%mG_%eZPnBT
zVh*p^aPsBv6~emZg2(hbU8HVA|Gx+-7_6~)LIrzTZ+-k*jk7_(Fbi8uxMN9P=kB3;
z0vZz#b0iG2uqH3AU%L!HUD{Q)_tf=<^%n%Tv9&L5FS_~U8f)*<7kl)k`l-h3HC1|?
zy>nWxzDSru)cqsrdducL((`3bGy2;vV)_&0DL*WpdWAKut8uPMYdX~+VAzJuQxRA^
zrF|3CQ;-;jnj>M@hSgKE1XL^b)IZcawBYCb1>XBt%vWWJnszWSD5tz<bC0Vm&!vyM
zf)@5PN4xC)EO$Dr?P=D0leYi1_tc+9+z7uQ`syLbQ}I|lWqupgG0+e`_4v1%UxR>Q
z1~yOS=3@4jCfndKN5U`zYZ3m~`Q(w<Nh|WE>1-_98QGpK_Vd4&^Lh5&GvAxaet9kT
zdAs?CQ_hd~mf4*&owvp-s<C>x<!kTg4Sy0=ycYZXv|Do7R^<a18CRWOUm)K1E3SYS
z<jE2&o=ikr8UPJ(zg20?@(lup&DcCyhsBc&D^Wd(VvdAiGgeQo_{8`lu(p`{@YXB(
z4X<Wx7h!FPc<XJj-2afb|FWw+zZ_3z|IUo-vDtJu!u8u;rbhvtar4R*ov+<l9(nnY
zMAfq7n7nrz&peKM<M!jnrFmM9K%Q*H;z>VkRL4PLvRVG|Z?(k@0*0yBJUIzV^1O$3
zZaRuN5{9W*lc$1kUD>hQye(55nzsMoTz~4z%x?#;xXgB$x^>m*88TY;6+fyTj55w;
zj_H`6d}QsjhL<-oCq^#%Hg)binJ{bdc>y3#&A{TR#qp?~f`<6wRcXyBxQ3k<WARk`
zLp<hyhMlpkcxmhUC(_YeyM49FDt=$K*p8bK^$pWME)Gt%Z@<|(`ONFQcbQf%(*tK2
zEL-0GbJd5|*Ups@Vqb6hhCci9l0)d?9+0P2V)4`|tfgaf%H!W^FB$|4ld;9rHY`Q_
z?Kh~Ng2oiY90|i@q<Tu5JI4b&L}s9nswDRPu|M;KeW_QU#fPoAS26L$_FcPTEGEwX
zSh#L=ht&n88+<BT+V!}mh)&4r-~xGK4;D{+L|ZxljhPp#(waesayB4&0%SROEaL<g
zPxu6&dIH593Bv|7PiTY2`3$%x>GM9&crmLe<Z(~MPs5dWtrfK#-h16&)OqMzUu4*k
z&eRRtCA%DV-j|37sCwuF9xXbD#S@WOTi4AqAOBXDZ4fX_!sdzFSUj=kKB_06F#$10
z!Y~P|CtS4jXQ_U=t9N_)KF$QWJ)h^kdM(?wr!wr<p0zgZ>n9&Pb!N%sJ9lp!y(^Qb
zo5o$M35tn_SUj;j0@ZRz2&&7jN^3sXAYfRB%@eP&cp?#PKp({%3Bx+9o>=?G{bk_W
z*^<mJV(o=_eROv5?tLIDvGUW--#hAOaA~H+HoKqv5i;Y%=KPAD{X7}VL7w=8#S;-%
zQ9S_-!E=v)s|Pg*7$#uz1VbJx1L&?15Qgr9o%svvNkz>Nb0iEC{`JE5!Ge<|C^;qE
zJ#hRH-{+ZE{&uN;{;s9v*L(78WWM{183{*Le*CWb`#^Bshuwt}qr6LJ$#fb-Z`;+s
zVVj$e@>J!5zj4f)*43q1oz*D3$D6abf>+Yl>YYz=&g690)6*|rf3V?3z=KVF3qYP`
z%foDiFBC%cG&ID6R;9HVHwYLa4=aNm3o=Iti>D7|;xPv_tc=am*MBk3tarL{$@qum
zf+*2Ihcz9$@=raM3!i*}r8&iP>m@%$!^WD%V@rbMCuR0E?ufeXk?ClaahCJa>&-^d
zHy(8)o>>#VLo-Z0g2P|c<g~7eRJQ1S*7g|}ZvQP-_1*D(A;_^(SUi1YH>zVHG2LSP
z__sP}@q8?{m{!B$=^nHNSSaR57{+3a>7PGi*YV~>S1<j_H;?a<&k66(#*5dp*)LE$
z?CO=zZa=->_?>7^E5FSDwsmKd1r`^~t~G!8+bdv|p0j#$d4CeCLyyY(y_Z|LeHr&;
z&par9@}R|U$?M<J4_?hxU(w?BIveC^T`Zpdk2ZY@jp^;H(pqLT2pCpi^RxvPPhUn`
z(tu))gkc3%Pb)9IxM)xOx{|=nC+>W>8MXHukCodWq2F&d6ikV;x!u4VwsHZd;ftIr
z!kHPTn40$_bu<2qFlo8)`C&tp9NQ|k{8wc!RvqJfWmG4b)3Eb0xATGhQLB>*uE>U*
zShe{L`y+Xfr|q$L`aaqe4m5^lJpQdA(;#3Nh0W7Gd6@mN#BW$r48$A>!zio;Q&Q%e
zY~izKUVnD@8c}8W$mhMueYq+l+2<+ucz&-j5A=zg93yS@$AqgwOY`Y#;is!Wo(RI?
z39BinmP0~ZLuOT43up-g@-Q?!kH%o}#8!OfpbkTW%>flm25F4N0iQLN-PqRk_Sl^J
zt_Ez={k=XvOcr15^L+J#-~U#Ge|pq&l9l)Umz8_9PD}m*A0L{6#S^bYQ9S{TiL;M?
zYXmk37)D@=iGn=LR=y?rVV2;vO)U^}Bn%^v8o+Q*1Oyz+xM})3?}#`5+>{wEyDPko
zNIcqfy5e@)iVwkm!y=|FnO?NYeV^uo8{FIFtYwPVZev{7KSklpv+HTgH$F|!3T@I|
z*-%_}=J}keJy{=TTb%^OR5=z;n%_e8Bs8W1SEaRrmM9<(j)ENrGN%!XCv6q+m;)Ld
zMa+tT%>l(!fSKz)ZqIv3KYf?xb8QcM@_uF6^zRCxi&aCC%!(9DwPOTVcfa{GheL12
zAw6l+sI9Zg)=!m)U$1>N?v2dN7xSa<ZhyYc+_ItPWXK(>`8MGP*Ml6_fyI-{m!dij
z5|gb;kAG_{YY;FD#TJuOu_VXY+whnpVHk=vPX!%+HsNx^<fR`T|2pNq;?m39<ht{l
zAD^C}5HfG)ft~J8AE!mtn!ZrT>$tkb$Z{taxHO!N#S{NZQ7wnY)Us7+t>Fy<hDF#s
zu?&kR<d)+xN5ZfOt0yL9bsT<}J4?z)+B9nQ@0=fRQyK$&9L1+dbT9N#yCRbLD#Sga
z>bZPq(8)uA#+xU60ma06ES{K;b=PKV_~YLiw;KcuL$G<`9hT&lse$SVXpBP4kuVIw
zny2cFrB7es^xAr26DQMDUwMwIo|S6bDr}n5?p^!c^x=_N$BVCOvjW&uuhf3n6Z1EE
z%^6X_Q-P)aVy)qScHG(Zj_2j)8Ixa!$d)C2k!j+))*uS<<PR*Kyn(h{2O3kiSEaRr
zmMG+7^CVk7X2IbSjOs}gb0iG&v3m0My*(^HjZXHQn_9@a{<cDFv3eWNmh|fP&02e`
z_D$LUw!&n25MLHw3d5DJhr&+HG2f|W%{%>e(HY-w!ZB4<0q*ZU3Oto94HCDDy!b63
zr~<s0gf}0v8CLoX)p5`mSo8R|ra^;%VIVe7YGLtYA=>$4DCS5Q24eN3*Jrmh{+`uO
zrta3vyYsAQX8UWWdD-5K@%$yVF-I%;S0r>ux6hsF-oJkS!^1bHsLYa^6O;ermq43E
z+q#1qC*tMo`cAGr&voJiBS-7|uk{sipqMnl;>o92M|?F6R;9Huq79CMOEr)=_E<bQ
z4{aebBqpKefCfjgm5x$7Gj<ss@Qu!x)7d;JZpY_2i#Da$MF-~`o}iWEu+l`PRQBeT
zbgf@?dEB;YF`ga|HqOyhf5bWOlZpa|N$jhh1c3#j-z5*;=6Ni?d!<BW;e3$e+_8Al
z5$ig^Hpa)lH9>=?e%N9%JRh^gF&FFkNl<en4E?YcEH8ozr34p$3}!qRbMx2=+yC4(
zuaatADnh>*i~XN$nAOQ|_~VsmP;x|PuJ8)Uiyu=#o`}cdiC0yq$q^dDt*g@7KuZ|1
zv3VjJizjZD;4w$SFdM5UqPrSDzI7{<O}Mby#ryWGd&QxG&U>bwDU*M8(p0lQx}~1!
zq_oqqb5%NTzMYR*sdO9Ui6ShX_;d=@a!6iiGkg47b610ap)WR1Ow4CxSj)fw#?b!U
zN*=U^Gm1G9hQ9yiV)o|>p7F&kU)!^GZ`;+TuzM2U_P>wg@o1fY-0tU|qh5D!O7~q*
zOj0oO{2H)MY@LLcZ0)<Z{a%N6ub%$8D8oqK$13#E1+FPkPRGl>>s`!ab19l5@Y2X-
zO=Q}umm6*zOOso?x4Et6Q(&)iP^07Vl^hy-7as-%!YnL-F#R2BAV6bs*Q&I()eQoM
z>DU5cC6+*7z-NwxVLH}8_;Jo-tF5Q=KDFmFn)|Bmx9n+rv)Zm-nc>5SDXiJPDhDM}
z{g{_6aQSGHGCgYwyRbx8ZJoiA7R%0(lPO<b|6_bmFk3fCZE8x<M-_oUBgLCVywiPu
zOscVZn7mytI77Jmn~Iu{_#dmB8n(j44_9)W6$b^vdMtt9hqfI98iT7J|JKrP5HR$_
z76^y16g-~}qXs65ITD7RSWDLq-J-NuR;8UBpL&1x3PcAkQe=7Tmvil+`uvzGvAZ9;
z)vP9LoV_H#LUp<Fo$%^g(O2v%Ym67>I3HG0-@9+q^t#KN+q=7Yc?*B}?Vah$v1BpG
zlP9rwQWx$1F-S~n>90y_2krMt!RE=USUl;Cbq@^G90|h|te(uAIO~Y>8FmTt+t*h-
zSC#p-d9urws~k0F_pEBEy0mY)ds<)aDaYquIMipq5)52>(QH}p6eA|qDJR$cR9UVh
z%H^tjS)wrJp^odVGBy7T@pET`Jb4F;C%Y@L#Xvj5<KJ4K{a<d_JoyGo!88-C`3H$f
zs5ugbZdePZNzv*3lLN$ZuH~mj&z{8gj75vzVzOG~@2Ofm1rACp-Phb)K5x=$xkKy@
zNgI>3KHUX*;tLi}$e|r21dXYdRcY;@{a?s~ukd>C9~Mt=zd{WR6mu{KUm@d`f(P}d
zRUJBik1w=AEP003O1{Mo#|-M7`dJTlaK2}?`!Ba5Ftx6={n9dS!B3N=G{9ph+y$5|
z7HzEkuy)hOzqLU7zg)4!ghT=6^zB}>MgcS?Am&IIx+0DBg98K9)p5|&khFVWYrv4o
zY|>ZdlJs=G{*pW;;eB@*&(1AWpZd6pjsLss7Tq|;C$n<6LTzrWoD$<&uvE-1awdz|
zNB=o{Oh7RskHu5x(FS9oA-Z!_T03a}S0Xk~X=3q|+99kl12IR!FcGV#3?*V>uQq)9
z+@9+4a)tg0K0z0oZ=H3kEOu6v+(~)va)s|Mmwoxx(}wm3?j@Yyerc*>%3sthQFFMn
z;hE5)$)2SkPZ?nG)UTPSj)8`7)#Kk<p#5LY*gR!hfY~DXjdlPVia8R7&RFwI`sOq%
zgX7nVzAe?Rw7np-uwCKYqR6xVS@R}Ldc>)1u-__2C^$EJ=bv*<FLz5EC<ZTob;05Z
z8MI0m8Z-Y^rM0hb5HO6#<_Ui+p2!zK4Ga`>Bn;!RdLm3LbKlNiB@aWDxUw6$CHfyu
z?0IAC{pN;gp)$+V$O`wByvsjb$#L0zXWoC6Piecr{k1SGp13jr)pBSEu7CVn8#LJJ
zh|Lqp1(;nK2CRE8+acyi7&>Atq7Ox><krvddvIaOb;&!9ZYm|8x|V)?aVbc7);YnA
z$p@4UtLV3_%uSbd(UCblsV-cTw>o(9f(Y4b^Oat)7B-cildRb1bh1QcsV4W_ILUh_
zoj}Pg3yUWgp&eiY31MyHRcRfd^ZsJ6d9nnHCx4+WO-C_D!Y~G_CpE&Rc7FBO_#4!+
zqNUTU?e`I%^<4XQ{5`Ut|G^x&RZIGA-?#SuG54ZXNaDvcudbaun!_&Fs`J0j=}T{=
zNwUeZ8`VPjmx6a5kO<&%T`6so2A)5w#^T9c>DXejgXQsWZP59DcGx`GQGnUDT!^+*
z9g-rT=13UYVQp4<OgMI|Q=2QrZl)UhA}*e^5Rtj-m}5$!*0#TQadJD&b}~t%#&n1B
z%X`)<>o)WrnRxfo_fuU4<$PN^o6Ki8Y>4%WJ$C4IVEN5k@y~xWm~(au-2As=?S#F1
zg5CXO3~$@bp0R%7#Hiy@HxlX$cJ~>WfESqcV+n**v_&e=80uJ+)=}9YU>J!l5N2Ts
zgyS<%0~5s@3ByRNfl&U}SG45y!x`VE$~@na_cKCE`S_(P@!!(qB)>*a$$D15`S9x0
z%&NM;&)bS5)txn>uH9QZ$*6vs$+CU*Gcy)FDb&e-DN*$G{Hj{@ZLG@9%QOWiZ)aw`
zHBo#+<-%z*>Wzv{ZnXAXnw8M|dTtM2kL0uypya*~OCYeJ-30=T!OF+Kwf{B<7+PZs
zgbi2<rth4nfq-I;grPOog6TSY{)3pbIhLu-DG}@U+Qn=4c!k&hkvJFNY0O-fkv+lM
zV`*#gn;bu};#Xxd(Wk+c`F1Rx_=EL)Chfng(mK{P2pEQA^Ta_cp7@Wo-v~8F!Y~}G
zCrnTI?CDtKoOI##^$pFBp767so6~+^Z^isb?!xT{9RANeA#XqR%7S&_ey@^Nl|R@5
zUQl)dizhNou!i8e$G>%q8Uze2v3cTZ0p|Q22imqsXiPxNkubExI>9kRIJcvlea`X+
zOP1Lh<y0u_toZogL*3?6bNfGE%MG0B{L5-$^@-pF_c!x*DszRsW%yMQBcgrjsMOrg
z5!NNFf?j)Wr<HpwZCbCse@goO3F>vL|J^!sP|k1m^wTe6^o){^fRf)GES@&_gX(EW
z-qA5ymDUNmvJC4G;BzdVeu%al7sVXV5FobsJA<D;?qA#c>|b7BY>V5zJk^_ZZ6Da1
zwk+Q1QC(ZR(x{u0DU{(vZ3th-jPk4%FK+vC>g@DOGk<rXAxyeKK{08<79Zy40oSy4
zybDvB#9?r^&_3i*n?0Y=p@wAzJKs%VbO(9*9TrdT#yZ#CDg5}i&h!QWLo;kK{ToYi
z)j~Ul84}Y_b0iGSuqIa#ZI9jepZyoj*?mPhV+H%&oVTB@$A0Ng*}`ga!j&(r=ncEe
z!Rf_^t}RW8*dy{IehtVIEQOd2=&hTv#@zH(X`LPo0)|1@Ji$|l*(?i3yXP4ia}aYR
z41=(Gg7bIO^2MC4JAzi(%{OVkX4)ZrxvAl{cwgQo{=8e>rrJ9yZXPsmKc;a^d~Q9<
zv`OHDdW5ie;+G++C!itd@%XpSnFawv6KtN4FT`xol>WzKj)bAfKWsyK@rmWnIkwz*
z_NvFn`{fze8UKI!1syYB_TzYQT5!kwtX=H2-p@9@Tx@H6=%|l>=e+EK=>8Wh@w4v*
z9nG_7y?I9N#WU$AH=+WI-)?>U!~PoAc2G>IVezCt+ID(q2%lM%);YI9z%T%tCk?Q8
z(jBeyieiq0VE|T7Zd)mNtI5(R+JbkNrK`%@FBwhyIeuIC@LrfV(@9KLacb9--Lo3C
z&)=I8_w`(=@rl@Cy_UuE)8DARn*PSr{_-a^-<g8Ri-IOZS{SG({d{!s0?3nQSUjnO
zb|5J<Cg(o>t*h7|U}%KRlg?O@Bd;9Rn1q-kVQ7RkIer#)edfsja^mU(M>l_#bqrK9
zE8v>GGx71tZ5!I0KZvYw6jWj?O8FQ5DM|i#k#G(h$P->zJi&=Jj1CE5UBy*totGK}
z46zQr24nHW$IGamKru%G$KY$B<BvZVC6+E+W7n!G_@H%~-J*{|U;L(?y;d0J{@m34
z>%I4S4}MOXx_I-$>E|Xd-pmg2L<|;Bd_tQ<gvP|B$G>&M8Uzdtu*F11A!a=`lMB@o
zDCS5Q8epx*R=g~Z*g9R~!Q0t3ljZG?#5^n5{-0fK-Uq#qrJco(E5%l?`}cbBwR_?#
ztC+7#9A*jB=wCBq#zyCgpwr!P-42$APu*}3{Q7Zcpju~T6_ZS5|DqeJYoD&jZ+R~F
zsN@WL7kJ@x9u`k$>Y_Rp8scHA(z-xL(t2a_bR`x~*Pspcp_n6K=#ACW*-a`%>(6el
zmavR8ce)#MUc2R2<L!LEnoZ#sw(q_%C5T5oR{qn41tvVrbGNPBbt$CSQ=l#=hKFSv
zgP7R-r`gLqPFz>KS1i9Y%i!$|zdsRPC1=@uj*9-15;<TTYBSGhE-0oOuz30$*4BTQ
z`QzWZpu@Cuv3a@=OTqHp3pMZ{F%30G!cZ4$!E&<PV8@=T-)dKNZS%CB@BAU8chg<#
zONSop+uz2bs`ex2fbF8*z&FbnZ+SAyE#VD&tzIkQ`fA}D6EWxBGYa45tJ=CXE1E9~
z5ZY_~vvY3gF>t{$6^kdIqaFJUjgj4}(z-xL)Ouj^<UA~%)I=L_LNQ0e&;!YnI@~!P
z;L)ytIoqfI<R}Q6w~_N{YwflRB@auN6`3VYacmZQ_(E%C%K3;Vg<hq*+>b4>dK3`7
ztBf<}c*;*M4xMAq7k?-UH01mKUjNF@FAG$k)M}U9|F66kyvc4U7Ec<W6&TPM=z08G
zPoP1-Pz%YEAjj!|Qp9E~1<wjqtT72ON5W7Gsq_S!0~!r8NP2SX#NRWyju-#WR50qD
zRQ6*3jTD(<=GF(LRw~cCxLda1<5AZp-}FP@cI+}Qw$aZ5S-u;KCz!DI!}J7JrFDUh
zutgqR1zQd>=P(veY(;AnKw=7N4(i}4*c`AYc<y>nh<X2H=Ib=h4f>P*3&?Go{wDfd
za=JWcm`=gN^3YfFHe9H)-eFwO=w}*t^*s~F@{?FR@fB_J0yHKLKK`xe+8|)4fh{Jk
zV<|{>N@0x&h&d958b}2R+!F~CrN8P&e~8d&E$*AevY@iwHp@Vvc$e}L-@byDj8or&
zwM0t~@Tj^p^hI)9yeg+KcezK*f#j9KlOFBPo-#!<+~A~1;TqdZe4D!N|Eu4z)aqHC
z{UYrRmfd0bm;U~bzIy<?jsG4NPnV-LpP(V`x+<+(twF#Ld590}SWw`-z~bqzXouya
zm;)N(L-Yc`=73@@A^7~C+c#aEt{m8G>mAS&X0q$*{+TZnH_u8e`hAdrUn4?I?cv;z
z)sF>|zC^OB3Yx?%Z<dr@&=jsyed^-hz2`E`Qon7e{r=W;al5UC(A5gNsS|A<J!a3l
zd?mE%bw*?Z_hyh|-(&Ig1+1&@y44>4)?3veV5o{MrvDaVj=_YXEw+KA7^pcChN?)z
z4{%Qx6kp|8^zxKsUCyyPpSy+pVz!mtGrn~CbOd)pX+7_r16<Q91efK`f6jC=y8B`9
zOvQBuMs*Jy#V6j>)$`PA*|xCc;(D34(|-PTHD4uoUt-<fKNTq_ijKEw)m~@vKT&HV
z`?<dVxR&Bcugu(g=?7v>j_ZK}fu#tu7r};B^h0B8)vC1a*$o1Q4%h-gpa?S%ny{AA
zdJuCY3>~lr!eUmAJtwbSiE?QFsAlhCn!$Qs_skkgjT5%!VhevB3EGep9wN3XK~-$K
zn)u=yCQnqtErJELDwheQtS@-?e8%zW#%;cg7Y-C`Xt|PFSF^Lo=Y96G1nC1a7O(7{
zZzFS5P{K|wA#Hz>>bJ7Z|F0{&x&$7B5yuh;vzKGbtKG97|JDa>u28}j2&zSxa}kzU
z$5o-`NEj+14co(0f`e-4Ey2|eK0#mCo&JAcB7mVP>pkCLzddq{HV+Q)p5~lzk8j-x
z?%gN;a~us?Ys8c@!E?5IhQtBA*mB<bUd1P;9)n_52aBh2Fz;{w0`kzRwC)ED0*1EO
zJY|Z-Qx;EA0|$~q^yR_kNEq5;^;B|+!nRgcmT59;EZT}bEZ{IY-FWph&zE!so!U*t
zT2@actbHdE+rslGxX<h2o0sno?<kmL#BXsjQDEx+y?Tc|y+NL`!Q!bzv;_gsy!PPn
zZ+*~a3VCdv^2Fk)-T2IrFqFsYsl0Cn>Q_D#PW7vFd$056KF=rLwd`3AhPsmahi0ul
zTpqJv|HEQYi7iGpI&6281$<L3e1G(=vv7-#Z~8io=+bjOAWsEg@l>cg)(}ovmDZz*
zHUtPxHXw5%v3QCd?Vwj^OhL>64FMu{h=9!jmA(!JI}+FZ+?{9t@WcA}oaa{}YyR#J
z+4rgb3iIX+z7Nd?dlWZc`*9}g_5W{&GXuCxxwY@C=H`r_-rJV-`}xafU9sT9!4j}|
zsyYMJQ;?YIQGNVde`SM!p)9tT$}7Sgp7?{-AV)Dr!cZ1#i>52-_rXc4ul;TCSNP()
zyzZUNRJLR9S9SI@PpS;~(zEXFY5|AZt@>&=)-rIhemCC(o^UC};)xurGo<<}SEcnt
zH3%45Ve>>i7EiqXiW(Tun1PrhVQ7Wb6G4-9E}9WIL&(4N+4o}{{5{W;+rHlm@7%NZ
zx}VeC@Mf;Ovezb-_I~$v`+t5SH#Zi1f>|pTPne($8$d%a>hW*=dkq4HGT1yZxd^jA
zxF2l`8j3j*hB8=NG^<wkzB_Mglu*p*RZ_Y4sokEFkN$5<jni*9V|K3T;f`-cDVqgW
zMYlY#x*xn~@j-o&^#R@=52*fXdU|)pj8&6^7j74PzKhrP9PhbQKG!!d`}WG2Sxu{n
zH0)AYzO<T6$zT~MFU-Q?Y3m1AL;T*Vv>wp;j>toN;Jg4bX9*ThzsEWvpbs$zG{lFk
zMbjly5&hsraQW%aYh7;qy4=;O^gxj5o58DWzon|D_AQ>UPL%6Rev*7k@azVjRY#Up
z9@VPn_LCNP$ajEwk=vTJBJVS8wM!GvOL8(KYklp$qv7;zBCE*1ZN6DAi-K4=yWWBv
zyBdq9711hlXbkOt{M!I@{-Xr8nBG~0Ihy9piyC++=13SypmmjWKm|!aL6z9TPsR1W
z79OeT|G$0mmee&H10R3?^l{ba8?Sp!SKeK}s<XNDpugJhyy_&yCEr>7cPUQf7ntCo
zE4B0Jts9Abi#V8X@ViAV&$e4JY1w^aJCG+2VDaSl0#wIA@{)n`s<d7av>`)y%$~;L
zN%>!R%t0M81e*i)WMtBjIWm3c&kH-IEPgao>dT)uQVF}=i|5Sy{`kzlu<IRdj(%Z+
zm0JS&TQBsxKM9qujTc(q={!07%)_%=oh8dAUz@gf*F6OXCgt67yAJ6zf!9c1#Nx@-
zSXb}$iah>p0NQLJhAk%VVJUc~W3A_)=13TdVJ&z%W^g^>`;;y8k+mq*q18@r+JVXY
z{1>o>_)qAYm42jT0#DH1q{mO*x_`fLS1Rd)^8-*!J;mY)XS4|wXiUvmmDUS79};;;
z5FElFbKYa|#2>U}$|&Zb4he$I0mYQTuLTpHPb*FN*ONclIC0s&yVKVhFSY)3(dvT6
z0jH(y4T|$zUtPcX&TWFja%s0Y=D*58mVd+IiHBHEQR?-4{M!Juc|rtROfVN?)??CW
zSBFCK6x19ELlLYo(doKNAnZZ#!Z?4q>RLsvw#hNEr9Vzv6uNaESo`<Ca8pao*>J9i
zE6si7*QY1<YgmIk!C8#i%CAG)W(f_!v#Zj2>(GV-!667TM;MDI?x1b8MllC8B#1aU
z25b&ECQ=SbR7yTv5H{)YoJA{H%%>jSJpHM#XZ$RML)$Hq9||#=7c=C|VsG0n@;hrA
zpS4ml$Z}~cp5R2gvIH7}b&r1=g6{tk!WI*1#h9)1S=&)FK8iUKhC*1|e*Ra5LvOD6
zxl3U6DqW+JcCJ8&Ke7ss`c?T&??tD3G}RuGo&E3p|JVb+mc<nazfnkhXXx|iz_-5e
z-z)kp#WXZ}L7vjZ;;9t0%QGP%YRI%It@m()fT12XPnluy)TT|So<cE4!cY&Zr}FL>
zY}>q0@bv?8m+6Zdqi1t?JU+L*DyDU6s(r!3{Vxubo(<fwS3b)%sP@34OA8;mf7hR4
ze5s;0Ip=~9Yo7hz10YY?V)2v~))q(a;m5xX-5Uf91+aO_3yY`Nv7XirHAliw0IR1y
zGa4uClw0y=`Inv>_w7=J7hQE;taS8w)RUv{zUN8G=bVbkoXo#l@@VU}HCHqOZ$~$o
zoE6>pU-qexPiMZa{XFoA(ScYzb)yMu2)nOJ>jT{fri0B>(O5iX7Kg_i2}2#Mo;nb9
zSD?sim(IJFJEZR{J?P~5cR~G9DMbxt4-?KHmtX8NjpUE1Jbb}(C~Z@2LgcEzs<z&(
zCZUg~dE0cpTdz7Bd<{@C7EgJg9qt9m3w<1qe;a}ZSNX7cDj$od1h9@fLd}sd<iqMI
zwI46~L{2j2&sur(CAVMdj(N6S6FD6Wg$^w_w{Gv@H``kyHMbx6Vt7_Eqx{W+X-SPs
z{P(?FsOi|YyWOaq_q!AL;*2sZp4x1RHH3RsrS<vZ8ceOn;;Cq~WDLzy5OY9-so45c
z2R)Y_iITaey1dnCwXR*cXntx@W~+2?Z|3i!-7K$uRz(XmL_IE0`1z>bdG@oS8+Vt)
z$7B>8nLW4v_qM7vykEgbOtoS0luZ<>r=T(A`}nuv#RdUG9&9l+8A}l!gmx_uia8R7
zJXq_YxLf}&v2L80d*!%s;p%O(HYn@x+9Va8{HPXnX>nM>>Z*|W+vYBIoEy`z&du=c
zm00jCyR)!(!pH^H6VMR7xGJp=bRQVj!PUiBJkk0Qk2#>hRc!STfA)`k@7{S$@Q!}p
zqwb;7vFVB`-;%rk4xXHJ^Xg0X);UX9^M8r&(s;Y@{knS(6E8mpm2RuBc%ldED(=3f
z$G?q0_kVF=i-~PmlGnnMsGfkv1jHN(LoTd&=4M{+-UO@VR$N;0e{&7?X1*@*ty*ri
z^SWhc9slI%dH-2Tl#OgRZ2j18+HCn^>(1N1h1+`=jQ{n-D9if1Ico>r$Gs1Wr?{}z
zLq=??()x}!2pFni^VD%Ho;r**&p^$QFjT|pDSekE87mB)DThAc{m$*m$NfvR_&PV&
zflXWG0uL(pCOl2Q@m%k+pW8Ga&Bl3kzw1IKi+tVikiTlfp(pDmO*!iUzNhjm7EhUA
zJ%6$9_~YM3-VFkV9N0W{yBM=Sv=}XLpfLq8N5YT;Yk$Z)%I1Bf+uWyrUfy7+czbL2
zv@?y<zxGP2=QjP`zhYOzr%zq6?^BLndS)&8_?5N|r{RVr^NfD&@e1zempdk%`1)3Y
zo#s*f*IGPjkHx3|jrtY|N{$b)cv9RMH5ozjl#%zUw0_VQWfg3me2vAE%2-$9LCujc
zRKe=We@8Ogk4acMJ<)iq^G|?<J1FyMsjPKNj=tKL^YLFb8;W0idVZmE%7ab2euZ=I
zRcn~}reOi+qh;oe4`07>d2{Y;{}&gYtL66Fe({GWeA#lo0OZL}SUh<EZIKEj2Kr?l
z|2A6CAYjOb&6EGJc(S@5HLy_3kuYS#>d8Ng)e<{TI;cFIS7BHre$epZ7K3NaT@NM}
z?}=aApu!uwUXDB5@zR}@yX3CEV|;pqb$fg9@|OGaA5ThJYQ{Y4;!^ELPAm~G4y=2z
zJ1Ew#%D5loNwyNqR=RWxs^g$BxnNaVe_?}wp&~X<3Y1_b*A%R6K_iGc5{8OcJ=vnB
zca-)14*vf+t<C4p?EARqJ&)5ZhmZ$<q}e_f9^8=hRE%MIq0oN8;H7u2U0T}`wUjx{
zTE1jUT+gn8r5Oi)n*N!!XnW4vGud0M-ma-V`@RU|NeL{TJkx;cNoWidKK^Y4I{%Rw
zn<rIDF#A*5ckq}aVaSZN9#j9e+jp;<(a(GDG<4&R<hN#Z_&fYax?iJrMBvwI;SW!&
zR5u>J)V3$Az)8JrV^<FNvQBL*p16v({R0|PUst8|gSIeZ9fmf+;)yB)R8OFo0~&_L
zR*yv#&p7T=5L~_YRDn`X)<j*dHM3{LzI7>2`uBc%-NW?{R@il)c8@=HZ0f|npO-y0
z120Rm#^Q;i*h6sH<KM<w4FZOY*kZz?1hYT23+pPleuy~|hKyK?{3++=hsB(ml2;Zn
zt*wJILbtU#&cY*BdPm=xz<ECw=N-)Y_<`w$#HthDMEAKd`+bqN-We)9FZ9j_w}Ww~
z7XSJ64wSt7v3SZIZAk<qM2)pprS-qYHS8RL#Zy1Du*D429MG^cwzl7k6Q^8e8{28l
z;1o*}apKeY_M_5QU+2i|M+MK<>^T`}Wbmg)>|Bn2@#ZU9UY)73!R)>ht1rwKl(v}e
z^4#&#-8_(|;<0$@`!rO?K=aJ&$G?s98w3pgV~eRAES~DZdO}S<#2g8O|5#(nantoD
zq7K@7mum%V*4(RaWz<xDGSBq%gZ}TO{*M>`72AKXWxqL_Uu_q=`=@AE`!y$)eot2^
zHt$IJGXJURyY1lB0wq{HWsi1sJv65BSEWq=ZCRGa=BZjNp1SUa8aOECNEk|E^^|MX
zZDyICGJ&qtFz>*XxoI!l_#dRK6|-`zxpS4{kM%vv8z=86*YLzSFP)w4%E_Rp$ZGkQ
zd4cLdn@>8o>~;r&$L(6Mc*^@Us$(EAHNoKVZ{sZu0tSDvd1@k-f}x@Sk2w+sf3cQs
zrWFd3Y69Q>IO?eUn)ZRCXUmOSQ;yy<cz3L$O>k1wUp|-54_?P^eX%GpV71@|6VV`0
za+{9D6CJgvmP12y%c`^qsSN^#lGr@45Q`_4*5ffp!cY>cCmI>kf_HqhPV@5Rd)zwX
z(Q)SG`)+IwXpCQeGMTY->4uZ_{fl;&dF_=dR^L+jyv*V($P>%4cp?IAco!NIsgHjf
zzibdN_>IjITd*Xr9IU4?O@NpqVelJk@=80K6{Wn~^<exL1N|+_em;GXpcbR<mpEDL
zw~vQFiK~I^f{%)>mz&Gxv~RFjG|Bow+kU<|hZfotix$MH-(j^{2lCWzES?I-y3XGC
z<*Kv^pd}09*gSOvi>I>rvBnI<90@~lte$%2eQ}%Orw5;=-no`Fk)^a_$u)fq)AZJ3
z!Y|yP@Gd_dI-i^UXK^N*Z$g)rN7Y(=i*I5AUUEDIcVd_{ehG>5J_C8`EEZ24xQpr-
zXiTko{M$sYLBQZAHc#EelH7{e@t7lF@Dpot>py&1xw~Wc45z=&H~aZmXVme?F@AdT
zHTGw}m1fIHy_I>%51Bm+u1wwBDx21$C<)H^53qQm9qS0IiQcNT3HKWW3`Mbd;w2VO
zT<S#i1SIc4&5<w^#p;P$HcsE}SpAGU#VZqQU%P8<DSv04_|emA545|j=J6~%ey!Zj
zyy%qO?e*#^$$$2pJqC)24_G|$Vn3?o(3rUY__s-NgMh(zY@Yao#S<J@=Z_{p%#kqo
zj@1)lONH0}Wi4E}=A=!Q{vz#g-Lv(IZWC7jw==b2iCS@vH^`#Z+S28~?QnL*O+Qp`
zyasuKxfHV%eNYJ16VMP$UX?ZxG(UuOz@DcRvw^ww1s-#74cPBEr><Kp)w53Gm~Mfn
z&%aeaEtu`3m)bSy`vmiN-{(D~cT7E_WYW{v87|kmw3j=^f;=IN#S@%p1MQHQm?-l2
zx5<nK0fTSYVnVSLvu*a}5~?Rq%#kqohBc$F(9d3EaKyg<NynC!3$H`Pl8xu`w90pX
z{QP}oV*RNCgZYLYYftJ6UkqHO_;F&|swJo2+k9V8d1d+UqwlT1bj^?jc}fF|r+U3n
z9RrP-8LQGJMm7i-VjaLY!s4ktAMluiYXINd^<n+jXMrd37DoNKt9$Y954re*tv+8D
zTL><EeYol7wNgI&t(hqb(p%gg?0<2l)1iz1NH*jD@ElE(d#X>TtTh99$^wh0&MTuj
z1{%VVkAIuoZ4fZ{f-R<8u_U)yl6cIKF!+Ks&%EiGK7)%%amEz?S=S?i#8;ec`}9)x
ziBHum(K9cjrtC?0)15wHTX<O0S|6Fr3#pS&fjr@Z#S?3>-qC7ucU9WNK3oI#Vc0x@
z^;}@6IiLZ1Z2g&+p7|LE|2ip5zty^QS8(bJ0re~%SCxE${g>Igrb=J?s;2(&f1_#Q
zuk&RM8?QXSvJ&KpSS+51Lpx{{8WVkwf13(52pD|A7899RJn?)N)|h~pBVq6fYfK2S
zzx6EUx+5L8S%dTGJoUT)-qi*ly<e!=ee8TLos_`de?Q}Q+N>Rucm-3|m@IAF3-Uw(
zHcwz}&6*0WN}C9p55hViUya2RU$D+rK+ORS$YYC%JMIgoyZmpRd+p(Z)16-)3Tqs?
z7G2_0Br{38<wb#vpy=w;Es6^q-x^=8FS7AtYyclK-Gs#xhtUq$fyTt)$G=V88w3nK
zAjO0(ca8^mHFF;pPsF~(8WRw6Bn&<v#RS+K@N{EkO!XC>c{6Ok9Qea{kL43Xfrena
zx5pPniJu!cPAobxWx}6?|3{gpf9tO6>-)c<V;(3breg6#EY@=@Ox;(dP5jXyV91N+
z30;sm^RReg0oJw_)Eo&zUNleWf;|y-a$f5V6_3k1PTXB{pkvDKsY?VIldrng-M*6e
zkoRhYSZ;cwgn-ADhg+|0s=Oky2)uWHDHc!sM7uHs8WTSr|2C~@5HNU;%@bR&c;crY
z)|h~pBVq6!-4mkB%nSyJH9syq^`FyZ^YX8b_s(YJ{lB;Rb<euN_1;q^f-}H~Pf3#f
z$+XW|s;N0XZo7Ucf%hox!r}?#FjUJS^@eH9s<cVE4FZPT*gSCrizgnI<1t6VkQ=Kf
zO0EiP_5S&FOz^>E#=yDtGyHQIp2tk*R|)vI*rsLH8X<Av<UMOj9=ItU)BZopJQ95G
z$!RQ}IF9w+tVz0$f17S>5HNU)%@b#_n6m+U0kIJr7=qXX<02MwtkLcRg9a*IbFN}B
zXE)Y$4Pbw5!sV|USj<U48xDY^RQ%@L#$pa1T5kgCuT9|a!I4-#V=+e+ts#!$9zpCm
z=NA@p)Pk@kI*@zxa3$X0GFAo`1_m&Oo+9PYk9NrP@2}eFtCRNjFfcGMY+(BT|DOp1
z0~3q=4Mt{WRz^k+F76x;U633L69WUNXv)H3=0~*Fp?3Q3uQRhR?O2_(w|9dOb~8cd
z!ptlv!)$(^s6+KH)SbOEvoC?pb-9i$otI!S=Mm;0Hpp!|L2hdhFvMz3MHwqY83O|t
zL&L3T0s4F=B-|kGkubdeFAaYB7N`!<6=P;*uw-OlFlA<*TD48-cfrAZ3#4b4eUG>7
z{J*x~qekilfxCv&t}kTN{?EX`#9+$Ez`(`8%fQCK!otYJ2ny+XEWRm4JO33L(jecQ
zZV)iMiY-)Tm$5RmGcbTL)Hlt~&`yU#F-OAi>c4VK-*_=GFt{-@PrbTSzGKR|q}z54
zs>kd?B2MV6zV4mA?XFzT!L1%SpEfD@7xLz1d$ma2Jrm>B^)$ELVgHk*E7JtTIHI@y
zdhMORjlmS0kQQO_o*&xTh|owsJu~|<Xl=w5Y~EW_#>()Lg#nBq-eY+hChWlAz{bE(
z&%nS4!VvFW=2)Gy_jH4V;Z>$v7~W%9!_C05f`Mfz1Ir?VCYE^yP0Vczn3))vm>3xi
zc-c6$+C196^D;8BvN9MnPBG**;ACSCWnmL$3Jo?CFyI4mIC$87^Ycm)^Aceq>^$sF
z`Bka8iFt;C2K*p3Ts$1XiRC5v`6U^K!UlpMA#NTn=ls0l(wvgaymUhe12K>wGY@}x
zdAVMBeok6(agJVcey*Xsfh^n^oQz@unR#jX4oC_N<ivRmO$^Kp4GqnW3=B=8#CZ+P
z4NMHopj?B-38Xt4>NPGNc92cM!9Fmrar3YTmlhP{7nM-r<R(TX<iKTQWngY%<YzEw
zV&r0KVq|1EFqPwBxZ|h7-0hcK9n~3AkGZb<v`58Y$JBHBe%HRqbnK~_|9eGx{lAzw
zfu-NOPO(2X)$f0}xB7s7&FYjD;(t!XR_}VC__RnbU$5=P)Z$xfq=R?H+h3RDRrP<E
zoE+HAonpV%dB;+j7?aKG7#1WS{Z`K%nNd-^tVd!cQ||i1l8kyg1Rftd<FF-jv72#b
zd)|@V;>$k2xVyG^Pqn_{*1u_iJbObnKg^An*`r*1k(0So<dVS7l*3vV7Ebfp^YDsP
z^zj7;4klOdyO<joO=~bxp1QDnm++<O#gAfDPiFBRwoF*EWkaTu6X(kt9D9rvHb*Ee
zU-kOP!)J-jM=wpgfAfO>+Urcrj0}v68~+$I{xpzfV-A(&V-aH!*(_*ua?*^JM<;(=
zu+C$4IwjB7XJgQK5+tw8(s<CIabJUodSAL=$ze5F`?to)o0r^>HF)~s>cYlZOB$yS
z(&XF3$uP^&{p>=Kq#gqvkXM9RSPhsN8UG_E5LR#kVPvrFDPWCG^4_1b%_EUfKsJtb
zSLhU-b&>hg8)9?X-pqO}>gw_&>__RTE?1*3#~=RsG(%?MW&0O=C#8Qqtelz7$D7^t
zMoK60hzU!tW%=2yFB77h_M4o0d(7W{ON?*VmM>f^LJPtUJ~TF87}D<XvhfgqfBxkl
zA0H#1?D<wK{pGQ1@7QX8I(gqFA@;_fwxSx_3oYI~_tl*L9XJ#H&}_4<k;dZpJPOw~
z23TH8U)kNVXOhWlN#z#;{jc^)^h{Q_DJkuXVELt0;!^v^*YbXd_^yhFu~`L|YZf&$
zK9dZbc-STI&F+qs!4I#m?9uq5DB~2!xkV^<!8KLR)?->c>z7A73+e{d4;#u@85|iH
zz!*~SG1xL=9vt>{X7+VR{QxT04KWHn1{OXBNY%a#ONo4DD{4uKD3Py&s^Rt6O5|Nw
z%wa-5%mh+>o}QU~{ZNB|Ay#uL%2^ql85zJB;z36HYV@Ui$mU2GuK#b0;Xy_=0R~1U
zMuyTvcbAR~36Jxie@_W|JL^`5ewOK~+i!YTFyyee?%Bw4=XeK0<+NPag-jXO(oRp7
zSroB%Us{&RC7qJXs~@&3bv|z`AjYikdg4^=hxVnxOA;Dpi)#3C$Gv{Gd(H<=&66LG
zHz}UtnYW^7VcnBIuf$$h?c$EL`p<A>Lzu^h<&3ksBBh=)SY-F!FAyv2<d}7M)w-6m
z*Uy!PCLa0v_xbE76UX_B?@jJr8q#UMKyTmmX1O26b)~cB#4qP@@UV5tn)%`RltT;S
z3m>RSh{~USFBI2uM(0wz)XfObl>Nb+KHJ5o-?~_$HtCmm^POak_k#A!Cwo@x@ZjZg
zKl7yI%XzVVaqAa>E8T{2%$AldTBQrAEUzD0owV;-gMi^#Y*9R=oRz_jfdPymQNv)R
zvIbjH*>?>b#S(_=|LLJdjR-R{10%SlGYgBWMA249A-U>KgMi@~Y_3{bjyZBEhPL$v
zl7RQ!fx8MZ0Sj-pIryB?@%_{!dB@_{)C#kc$In0gYEbca&Zgs!XC>Nvv9qu}x5X*&
zZ&Agywy&>OzCYHtx%%Nkr+X`lbtasy`1<jZFn9uXH5O0(#~f1zWzR#allFrSw>X8(
zQ!@3KL49i*YEUBrXTM^DgyAWqpw<U9v=KqAT#uOmzMv0}fb-OT#hKaHPc#S^u0wJa
z$TWRW;iFZL8PrSmVs+ICu<t;wLIgF~98eS4L09}hk=vu&?0GupS|0h99PIoo+TO~f
zz2WWo?gc&ScHwe9u10S+u4+@e+ctHl+Iun04nZwrpL2EDFIXiH7HIDWImQHwr}EKP
z`oKMPgSSDza1Az3dDdeN-zTB(=|nb1!f*{zXCLe-anOjxERKKLo8Ie{Tb#0aAM%+!
z>%zA~6IXK1+1rz!-0+Xdt3FT1OIP}9Xic`o6<3L%B=EHnL0CMo3iEFFuQRi6@UBkU
zAJ!mXcoLf@La=yZ*DTbSfn<XHVIZ>_uy_JI?DFf{Vx_Xfez*0rW?owN<Z7zII{kTv
zSK62AvfVab$;^|wvhnh7N#;^^|5t2RZtm9sFV>92;t3hd1z|8xfNn27j?ELvSUj;3
zYo7%i7~KsLhR4xk0_=&}@~9`Tm;RjYnXT=<Wty#>l(22$>Z=~|#V>6i`mt$8Xr);n
zmS4{?FG|3DNqg-M@X2H;SUm9xYxi$|H#h_Zu_vc2Eau$7+)WD#45!se`@0(ivBzj(
tJu8C_0|OXC3tNo?dRSw$8`M<~U}0eRCj+U|tFY*ui@tFIlB7}e0sw7p+Vubc

literal 0
HcmV?d00001

diff --git a/sslSniffer/sslSnifferTest/snifftest.c b/sslSniffer/sslSnifferTest/snifftest.c
index 724b1d895..8ffe24d5a 100755
--- a/sslSniffer/sslSnifferTest/snifftest.c
+++ b/sslSniffer/sslSnifferTest/snifftest.c
@@ -123,6 +123,7 @@ static char* iptos(unsigned int addr)
 int main(int argc, char** argv)
 {
     int          ret = 0;
+    int          hadBadPacket = 0;
 	int		     inum;
 	int		     port;
     int          saveFile = 0;
@@ -303,8 +304,10 @@ int main(int argc, char** argv)
                 continue;
 
             ret = ssl_DecodePacket(packet, header.caplen, data, err);
-            if (ret < 0)
+            if (ret < 0) {
                 printf("ssl_Decode ret = %d, %s\n", ret, err);
+                hadBadPacket = 1;
+            }
             if (ret > 0) {
                 data[ret] = 0;
 				printf("SSL App Data(%d:%d):%s\n", packetNumber, ret, data);
@@ -315,7 +318,7 @@ int main(int argc, char** argv)
     }
     FreeAll();
 
-    return EXIT_SUCCESS;
+    return hadBadPacket ? EXIT_FAILURE : EXIT_SUCCESS;
 }
 
 #endif /* full build */

From 96bb6e8cd742c104ad6bbee67ec6b75fdfba53bf Mon Sep 17 00:00:00 2001
From: Daniele Lacamera <daniele.lacamera@tass.be>
Date: Thu, 23 Apr 2015 12:35:05 +0200
Subject: [PATCH 049/350] Improved support for PicoTCP on embedded devices

---
 src/io.c                     | 2 +-
 wolfssl/ssl.h                | 2 +-
 wolfssl/wolfcrypt/settings.h | 5 ++++-
 3 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/src/io.c b/src/io.c
index c5fdcd815..195056665 100644
--- a/src/io.c
+++ b/src/io.c
@@ -83,7 +83,7 @@
         #endif
         #include <fcntl.h>
         #if !(defined(DEVKITPRO) || defined(HAVE_RTP_SYS) || defined(EBSNET)) \
-            || defined(WOLFSSL_PICOTCP)
+            && !(defined(WOLFSSL_PICOTCP))
             #include <sys/socket.h>
             #include <arpa/inet.h>
             #include <netinet/in.h>
diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h
index 2f72c4c65..1652fa2c5 100644
--- a/wolfssl/ssl.h
+++ b/wolfssl/ssl.h
@@ -923,7 +923,7 @@ WOLFSSL_API int wolfSSL_make_eap_keys(WOLFSSL*, void* key, unsigned int len,
         #ifdef __PPU
             #include <sys/types.h>
             #include <sys/socket.h>
-        #elif !defined(WOLFSSL_MDK_ARM) && !defined(WOLFSSL_IAR_ARM)
+        #elif !defined(WOLFSSL_MDK_ARM) && !defined(WOLFSSL_IAR_ARM) && !defined(WOLFSSL_PICOTCP)
             #include <sys/uio.h>
         #endif
         /* allow writev style writing */
diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h
index 23c19486d..a3b6a6551 100644
--- a/wolfssl/wolfcrypt/settings.h
+++ b/wolfssl/wolfcrypt/settings.h
@@ -244,10 +244,13 @@
 #endif
 
 #ifdef WOLFSSL_PICOTCP
-    #define errno pico_err
+    #ifndef errno
+        #define errno pico_err
+    #endif
     #include "pico_defines.h"
     #include "pico_stack.h"
     #include "pico_constants.h"
+    #include "pico_protocol.h"
     #define CUSTOM_RAND_GENERATE pico_rand
 #endif
 

From d927aa43345f363d7f07e07308eed2c1f4d6b7bb Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Tue, 28 Apr 2015 12:21:54 -0700
Subject: [PATCH 050/350] add resume test to example server and script test

---
 examples/client/client.c | 10 ++----
 examples/server/server.c | 66 ++++++++++++++++++++++++++++++++--------
 scripts/include.am       |  6 ++++
 scripts/resume.test      | 63 ++++++++++++++++++++++++++++++++++++++
 wolfssl/test.h           |  6 +++-
 5 files changed, 130 insertions(+), 21 deletions(-)
 create mode 100755 scripts/resume.test

diff --git a/examples/client/client.c b/examples/client/client.c
index cee776f57..f2081ddc7 100644
--- a/examples/client/client.c
+++ b/examples/client/client.c
@@ -813,12 +813,6 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
 
 #ifndef NO_SESSION_CACHE
     if (resumeSession) {
-        if (doDTLS) {
-            strncpy(msg, "break", 6);
-            msgSz = (int)strlen(msg);
-            /* try to send session close */
-            wolfSSL_write(ssl, msg, msgSz);
-        }
         session   = wolfSSL_get_session(ssl);
         sslResume = wolfSSL_new(ctx);
     }
@@ -950,7 +944,9 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
 #if defined(DEBUG_WOLFSSL) && !defined(WOLFSSL_MDK_SHELL) && !defined(STACK_TRAP)
         wolfSSL_Debugging_ON();
 #endif
-        if (CurrentDir("client"))
+        if (CurrentDir("_build"))
+            ChangeDirBack(1);
+        else if (CurrentDir("client"))
             ChangeDirBack(2);
         else if (CurrentDir("Debug") || CurrentDir("Release"))
             ChangeDirBack(3);
diff --git a/examples/server/server.c b/examples/server/server.c
index 17ad6ed48..50fb5a389 100644
--- a/examples/server/server.c
+++ b/examples/server/server.c
@@ -60,6 +60,7 @@
     Timeval srvTo;
 #endif
 
+
 static void NonBlockingSSL_Accept(SSL* ssl)
 {
 #ifndef CYASSL_CALLBACKS
@@ -132,7 +133,8 @@ static void Usage(void)
     printf("-u          Use UDP DTLS,"
            " add -v 2 for DTLSv1 (default), -v 3 for DTLSv1.2\n");
     printf("-f          Fewer packets/group messages\n");
-    printf("-r          Create server ready file, for external monitor\n");
+    printf("-R          Create server ready file, for external monitor\n");
+    printf("-r          Allow one client Resumption\n");
     printf("-N          Use Non-blocking sockets\n");
     printf("-S <str>    Use Host Name Indication\n");
     printf("-w          Wait for bidirectional shutdown\n");
@@ -175,7 +177,8 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
     int    fewerPackets = 0;
     int    pkCallbacks  = 0;
     int    serverReadyFile = 0;
-    int    wc_shutdown        = 0;
+    int    wc_shutdown     = 0;
+    int    resume = 0;            /* do resume, and resume count */
     int    ret;
     char*  cipherList = NULL;
     const char* verifyCert = cliCert;
@@ -213,7 +216,8 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
     fdOpenSession(Task_self());
 #endif
 
-    while ((ch = mygetopt(argc, argv, "?dbstnNufrawPp:v:l:A:c:k:S:oO:")) != -1) {
+    while ((ch = mygetopt(argc, argv, "?dbstnNufrRawPp:v:l:A:c:k:S:oO:"))
+                         != -1) {
         switch (ch) {
             case '?' :
                 Usage();
@@ -249,10 +253,16 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
                 fewerPackets = 1;
                 break;
 
-            case 'r' :
+            case 'R' :
                 serverReadyFile = 1;
                 break;
 
+            case 'r' :
+                #ifndef NO_SESSION_CACHE
+                    resume = 1;
+                #endif
+                break;
+
             case 'P' :
             #ifdef HAVE_PK_CALLBACKS 
                 pkCallbacks = 1;
@@ -502,6 +512,24 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
             err_sys("UseSNI failed");
 #endif
 
+while (1) {  /* allow resume option */
+    if (resume > 1) {  /* already did listen, just do accept */
+        if (doDTLS == 0) {
+            SOCKADDR_IN_T client;
+            socklen_t client_len = sizeof(client);
+            clientfd = accept(sockfd, (struct sockaddr*)&client,
+                             (ACCEPT_THIRD_T)&client_len);
+        } else {
+            tcp_listen(&sockfd, &port, useAnyAddr, doDTLS);
+            clientfd = udp_read_connect(sockfd);
+        }
+        #ifdef USE_WINDOWS_API
+            if (clientfd == INVALID_SOCKET) err_sys("tcp accept failed");
+        #else
+            if (clientfd == -1) err_sys("tcp accept failed");
+        #endif
+    }
+
     ssl = SSL_new(ctx);
     if (ssl == NULL)
         err_sys("unable to get SSL");
@@ -528,10 +556,10 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
         SetupPkCallbacks(ctx, ssl);
 #endif
 
-    tcp_accept(&sockfd, &clientfd, (func_args*)args, port, useAnyAddr, doDTLS,
-               serverReadyFile);
-    if (!doDTLS) 
-        CloseSocket(sockfd);
+    if (resume < 2) {  /* do listen and accept */
+        tcp_accept(&sockfd, &clientfd, (func_args*)args, port, useAnyAddr,
+                   doDTLS, serverReadyFile);
+    }
 
     SSL_set_fd(ssl, clientfd);
     if (usePsk == 0 || useAnon == 1 || cipherList != NULL || needDH == 1) {
@@ -579,13 +607,23 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
         Task_yield();
     #endif
 
-    ret = SSL_shutdown(ssl);
-    if (wc_shutdown && ret == SSL_SHUTDOWN_NOT_DONE)
-        SSL_shutdown(ssl);    /* bidirectional shutdown */
+    if (doDTLS == 0) {
+        ret = SSL_shutdown(ssl);
+        if (wc_shutdown && ret == SSL_SHUTDOWN_NOT_DONE)
+            SSL_shutdown(ssl);    /* bidirectional shutdown */
+    }
     SSL_free(ssl);
+    if (resume == 1) {
+        CloseSocket(clientfd);
+        resume++;           /* only do one resume for testing */
+        continue;
+    }
+    break;  /* out of while loop, done with normal and resume option */
+}
     SSL_CTX_free(ctx);
-    
+
     CloseSocket(clientfd);
+    CloseSocket(sockfd);
     ((func_args*)args)->return_code = 0;
 
 
@@ -631,7 +669,9 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
 #if defined(DEBUG_CYASSL) && !defined(CYASSL_MDK_SHELL)
         CyaSSL_Debugging_ON();
 #endif
-        if (CurrentDir("server"))
+        if (CurrentDir("_build"))
+            ChangeDirBack(1);
+        else if (CurrentDir("server"))
             ChangeDirBack(2);
         else if (CurrentDir("Debug") || CurrentDir("Release"))
             ChangeDirBack(3);
diff --git a/scripts/include.am b/scripts/include.am
index 971954376..2a98f97e0 100644
--- a/scripts/include.am
+++ b/scripts/include.am
@@ -3,7 +3,13 @@
 # All paths should be given relative to the root
 
 
+
 if BUILD_SNIFFTEST
 dist_noinst_SCRIPTS+= scripts/sniffer-testsuite.test
 endif
+
+if BUILD_EXAMPLES
+dist_noinst_SCRIPTS+= scripts/resume.test
+endif
+
 EXTRA_DIST +=  scripts/testsuite.pcap
diff --git a/scripts/resume.test b/scripts/resume.test
new file mode 100755
index 000000000..19817234b
--- /dev/null
+++ b/scripts/resume.test
@@ -0,0 +1,63 @@
+#!/bin/bash
+
+#reusme.test
+
+# need a unique resume port since may run the same time as testsuite
+resume_port=11112
+no_pid=-1
+server_pid=$no_pid
+
+do_cleanup() {
+    echo "in cleanup"
+
+    if  [[ $server_pid != $no_pid ]]
+    then
+        echo "killing server"
+        kill -9 $server_pid
+    fi
+}
+
+do_trap() {
+    echo "got trap"
+    do_cleanup
+    exit -1
+}
+
+trap do_trap INT TERM
+
+echo -e "\nStarting example server for resume test...\n"
+
+if test -e /tmp/wolfssl_server_ready; then
+    echo -e "removing exisitng server_ready file"
+    rm /tmp/wolfssl_server_ready
+fi
+./examples/server/server -r -R -p $resume_port &
+server_pid=$!
+
+while [ ! -s /tmp/wolfssl_server_ready ]; do
+    echo -e "waiting for server_ready file..."
+    sleep 0.1
+done
+
+./examples/client/client -r -p $resume_port
+client_result=$?
+
+if [[ $client_result != 0 ]] ;
+then
+    echo -e "client failed!"
+    do_cleanup
+    exit 1
+fi
+
+wait $server_pid
+server_result=$?
+
+if [[ $server_result != 0 ]] ;
+then
+    echo -e "client failed!"
+    exit 1
+fi
+
+echo -e "\nSuccess!\n"
+
+exit 0
diff --git a/wolfssl/test.h b/wolfssl/test.h
index 104b3f73d..837924258 100644
--- a/wolfssl/test.h
+++ b/wolfssl/test.h
@@ -728,7 +728,11 @@ static INLINE void tcp_accept(SOCKET_T* sockfd, SOCKET_T* clientfd,
 
     if (ready_file) {
 #ifndef NO_FILESYSTEM
-        FILE* srf = fopen("./server_ready", "w+");
+    #ifndef USE_WINDOWS_API
+        FILE* srf = fopen("/tmp/wolfssl_server_ready", "w");
+    #else
+        FILE* srf = fopen("wolfssl_server_ready", "w");
+    #endif
 
         if (srf) {
             fputs("ready", srf);

From 47ba1368c26bc9e0de875c04a0a8c9c3236c0d0a Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Tue, 28 Apr 2015 14:15:31 -0700
Subject: [PATCH 051/350] add wolfssl website ca, go daddy class2 CA

---
 certs/include.am             |  4 +-
 certs/wolfssl-website-ca.pem | 83 ++++++++++++++++++++++++++++++++++++
 2 files changed, 85 insertions(+), 2 deletions(-)
 create mode 100644 certs/wolfssl-website-ca.pem

diff --git a/certs/include.am b/certs/include.am
index 42a936435..b5192043e 100644
--- a/certs/include.am
+++ b/certs/include.am
@@ -24,8 +24,8 @@ EXTRA_DIST += \
 	     certs/server-keyPkcs8Enc12.pem \
 	     certs/server-keyPkcs8Enc2.pem \
 	     certs/server-keyPkcs8Enc.pem \
-	     certs/server-keyPkcs8.pem
-
+	     certs/server-keyPkcs8.pem \
+         certs/wolfssl-website-ca.pem
 EXTRA_DIST += \
 	     certs/ca-key.der \
 	     certs/ca-cert.der \
diff --git a/certs/wolfssl-website-ca.pem b/certs/wolfssl-website-ca.pem
new file mode 100644
index 000000000..704a29fb3
--- /dev/null
+++ b/certs/wolfssl-website-ca.pem
@@ -0,0 +1,83 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 0 (0x0)
+    Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
+        Validity
+            Not Before: Jun 29 17:06:20 2004 GMT
+            Not After : Jun 29 17:06:20 2034 GMT
+        Subject: C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:de:9d:d7:ea:57:18:49:a1:5b:eb:d7:5f:48:86:
+                    ea:be:dd:ff:e4:ef:67:1c:f4:65:68:b3:57:71:a0:
+                    5e:77:bb:ed:9b:49:e9:70:80:3d:56:18:63:08:6f:
+                    da:f2:cc:d0:3f:7f:02:54:22:54:10:d8:b2:81:d4:
+                    c0:75:3d:4b:7f:c7:77:c3:3e:78:ab:1a:03:b5:20:
+                    6b:2f:6a:2b:b1:c5:88:7e:c4:bb:1e:b0:c1:d8:45:
+                    27:6f:aa:37:58:f7:87:26:d7:d8:2d:f6:a9:17:b7:
+                    1f:72:36:4e:a6:17:3f:65:98:92:db:2a:6e:5d:a2:
+                    fe:88:e0:0b:de:7f:e5:8d:15:e1:eb:cb:3a:d5:e2:
+                    12:a2:13:2d:d8:8e:af:5f:12:3d:a0:08:05:08:b6:
+                    5c:a5:65:38:04:45:99:1e:a3:60:60:74:c5:41:a5:
+                    72:62:1b:62:c5:1f:6f:5f:1a:42:be:02:51:65:a8:
+                    ae:23:18:6a:fc:78:03:a9:4d:7f:80:c3:fa:ab:5a:
+                    fc:a1:40:a4:ca:19:16:fe:b2:c8:ef:5e:73:0d:ee:
+                    77:bd:9a:f6:79:98:bc:b1:07:67:a2:15:0d:dd:a0:
+                    58:c6:44:7b:0a:3e:62:28:5f:ba:41:07:53:58:cf:
+                    11:7e:38:74:c5:f8:ff:b5:69:90:8f:84:74:ea:97:
+                    1b:af
+                Exponent: 3 (0x3)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                D2:C4:B0:D2:91:D4:4C:11:71:B3:61:CB:3D:A1:FE:DD:A8:6A:D4:E3
+            X509v3 Authority Key Identifier: 
+                keyid:D2:C4:B0:D2:91:D4:4C:11:71:B3:61:CB:3D:A1:FE:DD:A8:6A:D4:E3
+                DirName:/C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
+                serial:00
+
+            X509v3 Basic Constraints: 
+                CA:TRUE
+    Signature Algorithm: sha1WithRSAEncryption
+         32:4b:f3:b2:ca:3e:91:fc:12:c6:a1:07:8c:8e:77:a0:33:06:
+         14:5c:90:1e:18:f7:08:a6:3d:0a:19:f9:87:80:11:6e:69:e4:
+         96:17:30:ff:34:91:63:72:38:ee:cc:1c:01:a3:1d:94:28:a4:
+         31:f6:7a:c4:54:d7:f6:e5:31:58:03:a2:cc:ce:62:db:94:45:
+         73:b5:bf:45:c9:24:b5:d5:82:02:ad:23:79:69:8d:b8:b6:4d:
+         ce:cf:4c:ca:33:23:e8:1c:88:aa:9d:8b:41:6e:16:c9:20:e5:
+         89:9e:cd:3b:da:70:f7:7e:99:26:20:14:54:25:ab:6e:73:85:
+         e6:9b:21:9d:0a:6c:82:0e:a8:f8:c2:0c:fa:10:1e:6c:96:ef:
+         87:0d:c4:0f:61:8b:ad:ee:83:2b:95:f8:8e:92:84:72:39:eb:
+         20:ea:83:ed:83:cd:97:6e:08:bc:eb:4e:26:b6:73:2b:e4:d3:
+         f6:4c:fe:26:71:e2:61:11:74:4a:ff:57:1a:87:0f:75:48:2e:
+         cf:51:69:17:a0:02:12:61:95:d5:d1:40:b2:10:4c:ee:c4:ac:
+         10:43:a6:a5:9e:0a:d5:95:62:9a:0d:cf:88:82:c5:32:0c:e4:
+         2b:9f:45:e6:0d:9f:28:9c:b1:b9:2a:5a:57:ad:37:0f:af:1d:
+         7f:db:bd:9f
+-----BEGIN CERTIFICATE-----
+MIIEADCCAuigAwIBAgIBADANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEh
+MB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBE
+YWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA0MDYyOTE3
+MDYyMFoXDTM0MDYyOTE3MDYyMFowYzELMAkGA1UEBhMCVVMxITAfBgNVBAoTGFRo
+ZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28gRGFkZHkgQ2xhc3Mg
+MiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASAwDQYJKoZIhvcNAQEBBQADggEN
+ADCCAQgCggEBAN6d1+pXGEmhW+vXX0iG6r7d/+TvZxz0ZWizV3GgXne77ZtJ6XCA
+PVYYYwhv2vLM0D9/AlQiVBDYsoHUwHU9S3/Hd8M+eKsaA7Ugay9qK7HFiH7Eux6w
+wdhFJ2+qN1j3hybX2C32qRe3H3I2TqYXP2WYktsqbl2i/ojgC95/5Y0V4evLOtXi
+EqITLdiOr18SPaAIBQi2XKVlOARFmR6jYGB0xUGlcmIbYsUfb18aQr4CUWWoriMY
+avx4A6lNf4DD+qta/KFApMoZFv6yyO9ecw3ud72a9nmYvLEHZ6IVDd2gWMZEewo+
+YihfukEHU1jPEX44dMX4/7VpkI+EdOqXG68CAQOjgcAwgb0wHQYDVR0OBBYEFNLE
+sNKR1EwRcbNhyz2h/t2oatTjMIGNBgNVHSMEgYUwgYKAFNLEsNKR1EwRcbNhyz2h
+/t2oatTjoWekZTBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYVGhlIEdvIERhZGR5
+IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmlj
+YXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD
+ggEBADJL87LKPpH8EsahB4yOd6AzBhRckB4Y9wimPQoZ+YeAEW5p5JYXMP80kWNy
+OO7MHAGjHZQopDH2esRU1/blMVgDoszOYtuURXO1v0XJJLXVggKtI3lpjbi2Tc7P
+TMozI+gciKqdi0FuFskg5YmezTvacPd+mSYgFFQlq25zheabIZ0KbIIOqPjCDPoQ
+HmyW74cNxA9hi63ugyuV+I6ShHI56yDqg+2DzZduCLzrTia2cyvk0/ZM/iZx4mER
+dEr/VxqHD3VILs9RaRegAhJhldXRQLIQTO7ErBBDpqWeCtWVYpoNz4iCxTIM5Cuf
+ReYNnyicsbkqWletNw+vHX/bvZ8=
+-----END CERTIFICATE-----

From c04de5ba82604b0115b441dec38bde4ed79befec Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Tue, 28 Apr 2015 18:04:11 -0700
Subject: [PATCH 052/350] add resume to example client benchmarking

---
 examples/client/client.c | 41 ++++++++++++++++++++++++++--------------
 1 file changed, 27 insertions(+), 14 deletions(-)

diff --git a/examples/client/client.c b/examples/client/client.c
index f2081ddc7..92aa658d9 100644
--- a/examples/client/client.c
+++ b/examples/client/client.c
@@ -653,26 +653,39 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
     if (benchmark) {
         /* time passed in number of connects give average */
         int times = benchmark;
+        int loops = resumeSession ? 2 : 1;
         int i = 0;
+        WOLFSSL_SESSION* benchSession = NULL;
 
-        double start = current_time(), avg;
+        while (loops--) {
+            int benchResume = resumeSession && loops == 0;
+            double start = current_time(), avg;
 
-        for (i = 0; i < times; i++) {
-            tcp_connect(&sockfd, host, port, doDTLS);
+            for (i = 0; i < times; i++) {
+                tcp_connect(&sockfd, host, port, doDTLS);
 
-            ssl = wolfSSL_new(ctx);
-            wolfSSL_set_fd(ssl, sockfd);
-            if (wolfSSL_connect(ssl) != SSL_SUCCESS)
-                err_sys("SSL_connect failed");
+                ssl = wolfSSL_new(ctx);
+                if (benchResume)
+                    wolfSSL_set_session(ssl, benchSession);
+                wolfSSL_set_fd(ssl, sockfd);
+                if (wolfSSL_connect(ssl) != SSL_SUCCESS)
+                    err_sys("SSL_connect failed");
 
-            wolfSSL_shutdown(ssl);
-            wolfSSL_free(ssl);
-            CloseSocket(sockfd);
+                wolfSSL_shutdown(ssl);
+                if (i == (times-1) && resumeSession) {
+                    benchSession = wolfSSL_get_session(ssl);
+                }
+                wolfSSL_free(ssl);
+                CloseSocket(sockfd);
+            }
+            avg = current_time() - start;
+            avg /= times;
+            avg *= 1000;   /* milliseconds */
+            if (benchResume)
+                printf("wolfSSL_resume  avg took: %8.3f milliseconds\n", avg);
+            else
+                printf("wolfSSL_connect avg took: %8.3f milliseconds\n", avg);
         }
-        avg = current_time() - start;
-        avg /= times;
-        avg *= 1000;   /* milliseconds */
-        printf("wolfSSL_connect avg took: %8.3f milliseconds\n", avg);
 
         wolfSSL_CTX_free(ctx);
         ((func_args*)args)->return_code = 0;

From ada5ff876a7e9ecee27941491f8eb9247669edda Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Wed, 29 Apr 2015 17:06:57 -0700
Subject: [PATCH 053/350] allow example client to do resume with scr

---
 examples/client/client.c | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/examples/client/client.c b/examples/client/client.c
index 92aa658d9..cc49afe85 100644
--- a/examples/client/client.c
+++ b/examples/client/client.c
@@ -774,13 +774,6 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
             printf("not doing secure renegotiation on example with"
                    " nonblocking yet");
         } else {
-            #ifndef NO_SESSION_CACHE
-                if (resumeSession) {
-                    session = wolfSSL_get_session(ssl);
-                    wolfSSL_set_session(ssl, session);
-                    resumeSession = 0;  /* only resume once */
-                }
-            #endif
             if (wolfSSL_Rehandshake(ssl) != SSL_SUCCESS) {
                 int  err = wolfSSL_get_error(ssl, 0);
                 char buffer[WOLFSSL_MAX_ERROR_SZ];
@@ -862,6 +855,12 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
             tcp_connect(&sockfd, host, port, 0);
         }
         wolfSSL_set_fd(sslResume, sockfd);
+#ifdef HAVE_SECURE_RENEGOTIATION
+        if (scr) {
+            if (wolfSSL_UseSecureRenegotiation(sslResume) != SSL_SUCCESS)
+                err_sys("can't enable secure renegotiation");
+        }
+#endif
         wolfSSL_set_session(sslResume, session);
 #ifdef HAVE_SESSION_TICKET
         wolfSSL_set_SessionTicket_cb(sslResume, sessionTicketCB,

From 162214924fd484dff6af36cdc90607c09ef30dca Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Thu, 30 Apr 2015 09:22:25 -0700
Subject: [PATCH 054/350] simplify build verify hashes to one spot

---
 src/internal.c | 27 ++++++---------------------
 1 file changed, 6 insertions(+), 21 deletions(-)

diff --git a/src/internal.c b/src/internal.c
index bf89d54a2..a398bf412 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -6631,16 +6631,9 @@ int ProcessReply(WOLFSSL* ssl)
                             if ( (ret = InitStreams(ssl)) != 0)
                                 return ret;
                     #endif
-                    if (ssl->options.resuming &&
-                                      ssl->options.side == WOLFSSL_CLIENT_END) {
-                        ret = BuildFinished(ssl, &ssl->hsHashes->verifyHashes,
-                                            server);
-                    }
-                    else if (!ssl->options.resuming &&
-                                      ssl->options.side == WOLFSSL_SERVER_END) {
-                        ret = BuildFinished(ssl, &ssl->hsHashes->verifyHashes,
-                                            client);
-                    }
+                    ret = BuildFinished(ssl, &ssl->hsHashes->verifyHashes,
+                                       ssl->options.side == WOLFSSL_CLIENT_END ?
+                                       server : client);
                     if (ret != 0)
                         return ret;
                     break;
@@ -7146,7 +7139,7 @@ int SendFinished(WOLFSSL* ssl)
     /* make finished hashes */
     hashes = (Hashes*)&input[headerSz];
     ret = BuildFinished(ssl, hashes,
-                      ssl->options.side == WOLFSSL_CLIENT_END ? client : server);
+                     ssl->options.side == WOLFSSL_CLIENT_END ? client : server);
     if (ret != 0) return ret;
 
 #ifdef HAVE_SECURE_RENEGOTIATION
@@ -7176,11 +7169,7 @@ int SendFinished(WOLFSSL* ssl)
 #ifndef NO_SESSION_CACHE
         AddSession(ssl);    /* just try */
 #endif
-        if (ssl->options.side == WOLFSSL_CLIENT_END) {
-            ret = BuildFinished(ssl, &ssl->hsHashes->verifyHashes, server);
-            if (ret != 0) return ret;
-        }
-        else {
+        if (ssl->options.side == WOLFSSL_SERVER_END) {
             ssl->options.handShakeState = HANDSHAKE_DONE;
             ssl->options.handShakeDone  = 1;
             #ifdef WOLFSSL_DTLS
@@ -7206,10 +7195,6 @@ int SendFinished(WOLFSSL* ssl)
                 }
             #endif
         }
-        else {
-            ret = BuildFinished(ssl, &ssl->hsHashes->verifyHashes, client);
-            if (ret != 0) return ret;
-        }
     }
     #ifdef WOLFSSL_DTLS
         if (ssl->options.dtls) {
@@ -11327,7 +11312,7 @@ int DoSessionTicket(WOLFSSL* ssl,
 
     ssl->expect_session_ticket = 0;
 
-    return BuildFinished(ssl, &ssl->hsHashes->verifyHashes, server);
+    return 0;
 }
 #endif /* HAVE_SESSION_TICKET */
 

From 1771fea17d443d6492aa57cb63fe11891d9bc578 Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Thu, 30 Apr 2015 16:50:02 -0700
Subject: [PATCH 055/350] fix ecc_make_key cleanup on rng failure

---
 wolfcrypt/src/ecc.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c
index d98479060..a4c8adc5a 100644
--- a/wolfcrypt/src/ecc.c
+++ b/wolfcrypt/src/ecc.c
@@ -1554,6 +1554,7 @@ int wc_ecc_make_key_ex(RNG* rng, ecc_key* key, const ecc_set_type* dp)
    byte           buf[ECC_MAXSIZE];
 #endif
    int            keysize;
+   int            po_init = 0;  /* prime order Init flag for clear */
 
    if (key == NULL || rng == NULL || dp == NULL)
        return ECC_BAD_ARG_E;
@@ -1592,6 +1593,8 @@ int wc_ecc_make_key_ex(RNG* rng, ecc_key* key, const ecc_set_type* dp)
 #endif
        if (err != MP_OKAY)
            err = MEMORY_E;
+       else
+           po_init = 1;
    }
 
    if (err == MP_OKAY) {
@@ -1634,8 +1637,10 @@ int wc_ecc_make_key_ex(RNG* rng, ecc_key* key, const ecc_set_type* dp)
        mp_clear(&key->k);
    }
    ecc_del_point(base);
-   mp_clear(&prime);
-   mp_clear(&order);
+   if (po_init) {
+       mp_clear(&prime);
+       mp_clear(&order);
+   }
 
    ForceZero(buf, ECC_MAXSIZE);
 #ifdef WOLFSSL_SMALL_STACK

From 114fc18c33e7f2a5f29852874f0344c36a5d0b96 Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Thu, 30 Apr 2015 17:10:33 -0700
Subject: [PATCH 056/350] add alignment to benchmark key/iv

---
 wolfcrypt/benchmark/benchmark.c |  4 ++--
 wolfssl/wolfcrypt/settings.h    | 12 ++++++++++++
 2 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/wolfcrypt/benchmark/benchmark.c b/wolfcrypt/benchmark/benchmark.c
index 5295e2470..66c905f9b 100644
--- a/wolfcrypt/benchmark/benchmark.c
+++ b/wolfcrypt/benchmark/benchmark.c
@@ -208,14 +208,14 @@ static int OpenNitroxDevice(int dma_mode,int dev_id)
 #endif
 
 
-static const byte key[] =
+static const XGEN_ALIGN byte key[] =
 {
     0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
     0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10,
     0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67
 };
 
-static const byte iv[] =
+static const XGEN_ALIGN byte iv[] =
 {
     0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef,
     0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h
index 23c19486d..8148c40a2 100644
--- a/wolfssl/wolfcrypt/settings.h
+++ b/wolfssl/wolfcrypt/settings.h
@@ -732,6 +732,18 @@
     #endif
 #endif
 
+#if defined(WOLFSSL_GENERAL_ALIGNMENT) && (WOLFSSL_GENERAL_ALIGNMENT > 0)
+    #if defined(_MSC_VER)
+        #define XGEN_ALIGN __declspec(align(WOLFSSL_GENERAL_ALIGNMENT))
+    #elif defined(__GNUC__)
+        #define XGEN_ALIGN __attribute__((aligned(WOLFSSL_GENERAL_ALIGNMENT)))
+    #else
+        #define XGEN_ALIGN
+    #endif
+#else
+    #define XGEN_ALIGN
+#endif
+
 #ifdef HAVE_CRL
     /* not widely supported yet */
     #undef NO_SKID

From 46eca67336b1fb2e147926fa43c13ea07c112726 Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Thu, 30 Apr 2015 17:14:04 -0700
Subject: [PATCH 057/350] make certs_test buffers static in case multiple files
 need

---
 wolfssl/certs_test.h | 52 ++++++++++++++++++++++----------------------
 1 file changed, 26 insertions(+), 26 deletions(-)

diff --git a/wolfssl/certs_test.h b/wolfssl/certs_test.h
index f6c9d17ab..44f441a3f 100644
--- a/wolfssl/certs_test.h
+++ b/wolfssl/certs_test.h
@@ -6,7 +6,7 @@
 #ifdef USE_CERT_BUFFERS_1024
 
 /* ./certs/1024/client-key.der, 1024-bit */
-const unsigned char client_key_der_1024[] =
+static const unsigned char client_key_der_1024[] =
 {
 	0x30, 0x82, 0x02, 0x5C, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 
 	0x00, 0xBC, 0x73, 0x0E, 0xA8, 0x49, 0xF3, 0x74, 0xA2, 0xA9, 
@@ -70,10 +70,10 @@ const unsigned char client_key_der_1024[] =
 	0xA2, 0xFE, 0xBF, 0x08, 0x6B, 0x1A, 0x5D, 0x3F, 0x90, 0x12, 
 	0xB1, 0x05, 0x86, 0x31, 0x29, 0xDB, 0xD9, 0xE2
 };
-const int sizeof_client_key_der_1024 = sizeof(client_key_der_1024);
+static const int sizeof_client_key_der_1024 = sizeof(client_key_der_1024);
 
 /* ./certs/1024/client-cert.der, 1024-bit */
-const unsigned char client_cert_der_1024[] =
+static const unsigned char client_cert_der_1024[] =
 {
 	0x30, 0x82, 0x03, 0xA5, 0x30, 0x82, 0x03, 0x0E, 0xA0, 0x03, 
 	0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xE8, 0xFF, 0xC9, 0x07, 
@@ -170,10 +170,10 @@ const unsigned char client_cert_der_1024[] =
 	0xB9, 0x24, 0xF6, 0x0A, 0x18, 0x20, 0x44, 0xCB, 0x78, 0x2E, 
 	0x77, 0x3F, 0xBF, 0x22, 0xEF, 0xBC, 0xB4
 };
-const int sizeof_client_cert_der_1024 = sizeof(client_cert_der_1024);
+static const int sizeof_client_cert_der_1024 = sizeof(client_cert_der_1024);
 
 /* ./certs/1024/dh1024.der, 1024-bit */
-const unsigned char dh_key_der_1024[] =
+static const unsigned char dh_key_der_1024[] =
 {
 	0x30, 0x81, 0x87, 0x02, 0x81, 0x81, 0x00, 0xA4, 0xD2, 0xB8, 
 	0x6E, 0x78, 0xF5, 0xD9, 0xED, 0x2D, 0x7C, 0xDD, 0xB6, 0x16, 
@@ -190,10 +190,10 @@ const unsigned char dh_key_der_1024[] =
 	0x8C, 0x63, 0x0A, 0xAD, 0xC7, 0x10, 0xEA, 0xC7, 0xA1, 0xB9, 
 	0x9D, 0xF2, 0xA8, 0x37, 0x73, 0x02, 0x01, 0x02
 };
-const int sizeof_dh_key_der_1024 = sizeof(dh_key_der_1024);
+static const int sizeof_dh_key_der_1024 = sizeof(dh_key_der_1024);
 
 /* ./certs/1024/dsa1024.der, 1024-bit */
-const unsigned char dsa_key_der_1024[] =
+static const unsigned char dsa_key_der_1024[] =
 {
 	0x30, 0x82, 0x01, 0xBC, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 
 	0x00, 0xF7, 0x4B, 0xF9, 0xBB, 0x15, 0x98, 0xEB, 0xDD, 0xDE, 
@@ -241,10 +241,10 @@ const unsigned char dsa_key_der_1024[] =
 	0x3B, 0xA1, 0x19, 0x75, 0xDF, 0x9B, 0xF5, 0x72, 0x53, 0x4F, 
 	0x39, 0xE1, 0x1C, 0xEC, 0x13, 0x84, 0x82, 0x18
 };
-const int sizeof_dsa_key_der_1024 = sizeof(dsa_key_der_1024);
+static const int sizeof_dsa_key_der_1024 = sizeof(dsa_key_der_1024);
 
 /* ./certs/1024/rsa1024.der, 1024-bit */
-const unsigned char rsa_key_der_1024[] =
+static const unsigned char rsa_key_der_1024[] =
 {
 	0x30, 0x82, 0x02, 0x5D, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 
 	0x00, 0xBE, 0x70, 0x70, 0xB8, 0x04, 0x18, 0xE5, 0x28, 0xFE, 
@@ -308,12 +308,12 @@ const unsigned char rsa_key_der_1024[] =
 	0xB9, 0x9E, 0xD5, 0x5B, 0x2E, 0x87, 0x1C, 0x58, 0xD0, 0x37, 
 	0x89, 0x96, 0xEC, 0x48, 0x54, 0xF5, 0x9F, 0x0F, 0xB3
 };
-const int sizeof_rsa_key_der_1024 = sizeof(rsa_key_der_1024);
+static const int sizeof_rsa_key_der_1024 = sizeof(rsa_key_der_1024);
 
 #elif defined(USE_CERT_BUFFERS_2048)
 
 /* ./certs/client-key.der, 2048-bit */
-const unsigned char client_key_der_2048[] =
+static const unsigned char client_key_der_2048[] =
 {
 	0x30, 0x82, 0x04, 0xA4, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 
 	0x01, 0x00, 0xC3, 0x03, 0xD1, 0x2B, 0xFE, 0x39, 0xA4, 0x32, 
@@ -436,10 +436,10 @@ const unsigned char client_key_der_2048[] =
 	0x45, 0x5D, 0x13, 0x39, 0x65, 0x42, 0x46, 0xA1, 0x9F, 0xCD, 
 	0xF5, 0xBF
 };
-const int sizeof_client_key_der_2048 = sizeof(client_key_der_2048);
+static const int sizeof_client_key_der_2048 = sizeof(client_key_der_2048);
 
 /* ./certs/client-cert.der, 2048-bit */
-const unsigned char client_cert_der_2048[] =
+static const unsigned char client_cert_der_2048[] =
 {
 	0x30, 0x82, 0x04, 0xAA, 0x30, 0x82, 0x03, 0x92, 0xA0, 0x03, 
 	0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xCD, 0x6C, 0xD6, 0x7E, 
@@ -562,10 +562,10 @@ const unsigned char client_cert_der_2048[] =
 	0x55, 0xF4, 0xCF, 0xA9, 0x21, 0xB7, 0x3E, 0x42, 0xE1, 0xD8, 
 	0x11, 0x57, 0xE5, 0x40, 0xF1, 0x66, 0x95, 0xDF
 };
-const int sizeof_client_cert_der_2048 = sizeof(client_cert_der_2048);
+static const int sizeof_client_cert_der_2048 = sizeof(client_cert_der_2048);
 
 /* ./certs/dh2048.der, 2048-bit */
-const unsigned char dh_key_der_2048[] =
+static const unsigned char dh_key_der_2048[] =
 {
 	0x30, 0x82, 0x01, 0x08, 0x02, 0x82, 0x01, 0x01, 0x00, 0xB0, 
 	0xA1, 0x08, 0x06, 0x9C, 0x08, 0x13, 0xBA, 0x59, 0x06, 0x3C, 
@@ -595,10 +595,10 @@ const unsigned char dh_key_der_2048[] =
 	0xC3, 0xA9, 0x41, 0x83, 0xFB, 0xC7, 0xFA, 0xC8, 0xE2, 0x1E, 
 	0x7E, 0xAF, 0x00, 0x3F, 0x93, 0x02, 0x01, 0x02
 };
-const int sizeof_dh_key_der_2048 = sizeof(dh_key_der_2048);
+static const int sizeof_dh_key_der_2048 = sizeof(dh_key_der_2048);
 
 /* ./certs/dsa2048.der, 2048-bit */
-const unsigned char dsa_key_der_2048[] =
+static const unsigned char dsa_key_der_2048[] =
 {
 	0x30, 0x82, 0x03, 0x3F, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 
 	0x01, 0x00, 0xCC, 0x8E, 0xC9, 0xA0, 0xD5, 0x9A, 0x27, 0x1C, 
@@ -685,10 +685,10 @@ const unsigned char dsa_key_der_2048[] =
 	0x3E, 0x75, 0x13, 0x13, 0x06, 0x8F, 0x94, 0xD3, 0xE6, 0xE9, 
 	0x00, 0xCB, 0x62, 0x6D, 0x9A
 };
-const int sizeof_dsa_key_der_2048 = sizeof(dsa_key_der_2048);
+static const int sizeof_dsa_key_der_2048 = sizeof(dsa_key_der_2048);
 
 /* ./certs/rsa2048.der, 2048-bit */
-const unsigned char rsa_key_der_2048[] =
+static const unsigned char rsa_key_der_2048[] =
 {
 	0x30, 0x82, 0x04, 0xA3, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 
 	0x01, 0x00, 0xE9, 0x8A, 0x5D, 0x15, 0xA4, 0xD4, 0x34, 0xB9, 
@@ -811,10 +811,10 @@ const unsigned char rsa_key_der_2048[] =
 	0x83, 0x0B, 0xD4, 0x74, 0x80, 0xB6, 0x7D, 0x62, 0x45, 0xBF, 
 	0x56
 };
-const int sizeof_rsa_key_der_2048 = sizeof(rsa_key_der_2048);
+static const int sizeof_rsa_key_der_2048 = sizeof(rsa_key_der_2048);
 
 /* ./certs/ca-cert.der, 2048-bit */
-const unsigned char ca_cert_der_2048[] =
+static const unsigned char ca_cert_der_2048[] =
 {
 	0x30, 0x82, 0x04, 0xAA, 0x30, 0x82, 0x03, 0x92, 0xA0, 0x03, 
 	0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xFA, 0x7D, 0x38, 0x9A, 
@@ -937,10 +937,10 @@ const unsigned char ca_cert_der_2048[] =
 	0xFC, 0x1D, 0x28, 0xF5, 0x59, 0xFD, 0xDE, 0xBD, 0x3D, 0x73, 
 	0xDD, 0xB4, 0x9F, 0x2E, 0x77, 0xC0, 0x75, 0x41
 };
-const int sizeof_ca_cert_der_2048 = sizeof(ca_cert_der_2048);
+static const int sizeof_ca_cert_der_2048 = sizeof(ca_cert_der_2048);
 
 /* ./certs/server-key.der, 2048-bit */
-const unsigned char server_key_der_2048[] =
+static const unsigned char server_key_der_2048[] =
 {
 	0x30, 0x82, 0x04, 0xA5, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 
 	0x01, 0x00, 0xC0, 0x95, 0x08, 0xE1, 0x57, 0x41, 0xF2, 0x71, 
@@ -1063,10 +1063,10 @@ const unsigned char server_key_der_2048[] =
 	0x7C, 0x9A, 0x1F, 0x0C, 0x7C, 0xA9, 0xB0, 0x0E, 0x21, 0x37, 
 	0x3B, 0xF1, 0xB0
 };
-const int sizeof_server_key_der_2048 = sizeof(server_key_der_2048);
+static const int sizeof_server_key_der_2048 = sizeof(server_key_der_2048);
 
 /* ./certs/server-cert.der, 2048-bit */
-const unsigned char server_cert_der_2048[] =
+static const unsigned char server_cert_der_2048[] =
 {
 	0x30, 0x82, 0x04, 0x9E, 0x30, 0x82, 0x03, 0x86, 0xA0, 0x03, 
 	0x02, 0x01, 0x02, 0x02, 0x01, 0x01, 0x30, 0x0D, 0x06, 0x09, 
@@ -1188,7 +1188,7 @@ const unsigned char server_cert_der_2048[] =
 	0xD2, 0x49, 0x17, 0x43, 0x5D, 0x2F, 0x64, 0x01, 0x3B, 0x6A, 
 	0x09, 0x44, 0xA6, 0xE2, 0x1E, 0x04
 };
-const int sizeof_server_cert_der_2048 = sizeof(server_cert_der_2048);
+static const int sizeof_server_cert_der_2048 = sizeof(server_cert_der_2048);
 
 #endif /* USE_CERT_BUFFERS_1024 */
 

From 6db33051d3054ca96a2a44f886de4581c87e2b3f Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Fri, 1 May 2015 14:44:43 -0700
Subject: [PATCH 058/350] better detection of invalid ecc keys

---
 wolfcrypt/src/ecc.c             | 77 +++++++++++++++++++++++++++++++++
 wolfcrypt/src/error.c           |  3 ++
 wolfcrypt/src/integer.c         |  6 ++-
 wolfcrypt/src/tfm.c             |  5 ++-
 wolfssl/wolfcrypt/error-crypt.h |  1 +
 wolfssl/wolfcrypt/tfm.h         |  2 +-
 6 files changed, 91 insertions(+), 3 deletions(-)

diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c
index a4c8adc5a..82b74bf5f 100644
--- a/wolfcrypt/src/ecc.c
+++ b/wolfcrypt/src/ecc.c
@@ -1734,9 +1734,14 @@ int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen,
 
    /* make up a key and export the public copy */
    if (err == MP_OKAY) {
+       int loop_check = 0;
        ecc_key pubkey;
        wc_ecc_init(&pubkey);
        for (;;) {
+           if (++loop_check > 64) {
+                err = RNG_FAILURE_E;
+                break;
+           }
            err = wc_ecc_make_key_ex(rng, &pubkey, key->dp);
            if (err != MP_OKAY) break;
 
@@ -2311,6 +2316,72 @@ int wc_ecc_export_x963_ex(ecc_key* key, byte* out, word32* outLen, int compresse
 }
 
 
+/* is pubkey point on curve ? */
+static int ecc_is_point(ecc_key* key)
+{
+   mp_int prime, b, t1, t2;
+   int err;
+
+   if ((err = mp_init_multi(&prime, &b, &t1, &t2, NULL, NULL)) != MP_OKAY) {
+      return err;
+   }
+
+   /* load prime and b */
+   err = mp_read_radix(&prime, key->dp->prime, 16);
+   if (err == MP_OKAY)
+       err = mp_read_radix(&b, key->dp->Bf, 16);
+
+   /* compute y^2 */
+   if (err == MP_OKAY)
+       err = mp_sqr(key->pubkey.y, &t1);
+
+   /* compute x^3 */
+   if (err == MP_OKAY)
+       err = mp_sqr(key->pubkey.x, &t2);
+   if (err == MP_OKAY)
+       err = mp_mod(&t2, &prime, &t2);
+   if (err == MP_OKAY)
+       err = mp_mul(key->pubkey.x, &t2, &t2);
+
+   /* compute y^2 - x^3 */
+   if (err == MP_OKAY)
+       err = mp_sub(&t1, &t2, &t1);
+
+   /* compute y^2 - x^3 + 3x */
+   if (err == MP_OKAY)
+       err = mp_add(&t1, key->pubkey.x, &t1);
+   if (err == MP_OKAY)
+       err = mp_add(&t1, key->pubkey.x, &t1);
+   if (err == MP_OKAY)
+       err = mp_add(&t1, key->pubkey.x, &t1);
+   if (err == MP_OKAY)
+       err = mp_mod(&t1, &prime, &t1);
+
+   while (err == MP_OKAY && mp_cmp_d(&t1, 0) == MP_LT) {
+      err = mp_add(&t1, &prime, &t1);
+   }
+   while (err == MP_OKAY && mp_cmp(&t1, &prime) != MP_LT) {
+      err = mp_sub(&t1, &prime, &t1);
+   }
+
+   /* compare to b */
+   if (err == MP_OKAY) {
+       if (mp_cmp(&t1, &b) != MP_EQ) {
+          err = MP_VAL;
+       } else {
+          err = MP_OKAY;
+       }
+   }
+
+   mp_clear(&prime);
+   mp_clear(&b);
+   mp_clear(&t1);
+   mp_clear(&t2);
+
+   return err;
+}
+
+
 /* import public ECC key in ANSI X9.63 format */
 int wc_ecc_import_x963(const byte* in, word32 inLen, ecc_key* key)
 {
@@ -2445,6 +2516,12 @@ int wc_ecc_import_x963(const byte* in, word32 inLen, ecc_key* key)
    if (err == MP_OKAY)
        mp_set(key->pubkey.z, 1);
 
+   if (err == MP_OKAY) {
+       err = ecc_is_point(key);
+       if (err != MP_OKAY)
+           err = IS_POINT_E;
+   }
+
    if (err != MP_OKAY) {
        mp_clear(key->pubkey.x);
        mp_clear(key->pubkey.y);
diff --git a/wolfcrypt/src/error.c b/wolfcrypt/src/error.c
index 48da1ba40..dc2917e0d 100644
--- a/wolfcrypt/src/error.c
+++ b/wolfcrypt/src/error.c
@@ -319,6 +319,9 @@ const char* wc_GetErrorString(int error)
     case MAC_CMP_FAILED_E:
         return "MAC comparison failed";
 
+    case IS_POINT_E:
+        return "ECC is point on curve failed";
+
     default:
         return "unknown error number";
 
diff --git a/wolfcrypt/src/integer.c b/wolfcrypt/src/integer.c
index b68ec7ea7..eaf538283 100644
--- a/wolfcrypt/src/integer.c
+++ b/wolfcrypt/src/integer.c
@@ -866,7 +866,7 @@ int mp_invmod (mp_int * a, mp_int * b, mp_int * c)
 int fast_mp_invmod (mp_int * a, mp_int * b, mp_int * c)
 {
   mp_int  x, y, u, v, B, D;
-  int     res, neg;
+  int     res, neg, loop_check = 0;
 
   /* 2. [modified] b must be odd   */
   if (mp_iseven (b) == 1) {
@@ -958,6 +958,10 @@ top:
 
   /* if not zero goto step 4 */
   if (mp_iszero (&u) == 0) {
+    if (++loop_check > 1024) {
+        res = MP_VAL;
+        goto LBL_ERR;
+    }
     goto top;
   }
 
diff --git a/wolfcrypt/src/tfm.c b/wolfcrypt/src/tfm.c
index 994fcc9ae..526891772 100755
--- a/wolfcrypt/src/tfm.c
+++ b/wolfcrypt/src/tfm.c
@@ -863,11 +863,12 @@ top:
   return FP_OKAY;
 }
 
+
 /* c = 1/a (mod b) for odd b only */
 int fp_invmod(fp_int *a, fp_int *b, fp_int *c)
 {
   fp_int  x, y, u, v, B, D;
-  int     neg;
+  int     neg, loop_check = 0;
 
   /* 2. [modified] b must be odd   */
   if (fp_iseven (b) == FP_YES) {
@@ -931,6 +932,8 @@ top:
 
   /* if not zero goto step 4 */
   if (fp_iszero (&u) == FP_NO) {
+    if (++loop_check > 1024) /* bad input */
+      return FP_VAL;
     goto top;
   }
 
diff --git a/wolfssl/wolfcrypt/error-crypt.h b/wolfssl/wolfcrypt/error-crypt.h
index e172e6aec..65eb9eed8 100644
--- a/wolfssl/wolfcrypt/error-crypt.h
+++ b/wolfssl/wolfcrypt/error-crypt.h
@@ -147,6 +147,7 @@ enum {
     THREAD_STORE_SET_E  = -212,  /* Thread local storage key set failure */
 
     MAC_CMP_FAILED_E    = -213,  /* MAC comparison failed */
+    IS_POINT_E          = -214,  /* ECC is point on curve failed */
 
     MIN_CODE_E          = -300   /* errors -101 - -299 */
 };
diff --git a/wolfssl/wolfcrypt/tfm.h b/wolfssl/wolfcrypt/tfm.h
index a928a2ac6..6c8969307 100644
--- a/wolfssl/wolfcrypt/tfm.h
+++ b/wolfssl/wolfcrypt/tfm.h
@@ -366,7 +366,7 @@ typedef struct {
 
 /* zero/even/odd ? */
 #define fp_iszero(a) (((a)->used == 0) ? FP_YES : FP_NO)
-#define fp_iseven(a) (((a)->used >= 0 && (((a)->dp[0] & 1) == 0)) ? FP_YES : FP_NO)
+#define fp_iseven(a) (((a)->used > 0 && (((a)->dp[0] & 1) == 0)) ? FP_YES : FP_NO)
 #define fp_isodd(a)  (((a)->used > 0  && (((a)->dp[0] & 1) == 1)) ? FP_YES : FP_NO)
 
 /* set to a small digit */

From 1571ced095efdc13b0f23c050f1c28b83353e898 Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Sun, 3 May 2015 10:19:02 -0700
Subject: [PATCH 059/350] update python example to TLSv1.2 against example
 server

---
 swig/README    |  6 +++---
 swig/runme.py  | 11 +++++++----
 swig/wolfssl.i |  2 +-
 3 files changed, 11 insertions(+), 8 deletions(-)

diff --git a/swig/README b/swig/README
index bd4f7f7cf..d71cdb2b5 100644
--- a/swig/README
+++ b/swig/README
@@ -16,14 +16,14 @@ Please send questions to support@wolfssl.com
     sudo make install
 
 
-2) start the example echoserver from the root directory
-    ./examples/echoserver/echoserver
+2) start the example server from the root directory
+    ./examples/server/server -d
 
 3) run ./PythonBuild.sh from this directory it will
     a) build the swig wrapper file
     b) compile the swig wrapper and wolfssl wrapper files
     c) place them into a wolfssl shared library for python
-    d) run runme.py which will connect to the wolfSSL echo server, write a
+    d) run runme.py which will connect to the wolfSSL server, write a
        string, then read the result and output it
 
 
diff --git a/swig/runme.py b/swig/runme.py
index cb2ddf11f..90fc43159 100644
--- a/swig/runme.py
+++ b/swig/runme.py
@@ -3,13 +3,13 @@
 import wolfssl
 
 print ""
-print "Trying to connect to the echo server..."
+print "Trying to connect to the example server -d..."
 
 wolfssl.wolfSSL_Init()
 #wolfssl.wolfSSL_Debugging_ON()
-ctx = wolfssl.wolfSSL_CTX_new(wolfssl.wolfTLSv1_client_method())
+ctx = wolfssl.wolfSSL_CTX_new(wolfssl.wolfTLSv1_2_client_method())
 if ctx == None:
-    print "Couldn't get SSL CTX for TLSv1"
+    print "Couldn't get SSL CTX for TLSv1.2"
     exit(-1)
 
 ret = wolfssl.wolfSSL_CTX_load_verify_locations(ctx, "../certs/ca-cert.pem", None)
@@ -24,7 +24,10 @@ ret = wolfssl.wolfSSL_swig_connect(ssl, "localhost", 11111)
 if ret != wolfssl.SSL_SUCCESS:
     print "Couldn't do SSL connect"
     err    = wolfssl.wolfSSL_get_error(ssl, 0)
-    print "error string = ", wolfssl.wolfSSL_error_string(err)
+    if ret == -2:
+        print "tcp error, is example server running?"
+    else:
+        print "error string = ", wolfssl.wolfSSL_error_string(err)
     exit(-1)
 
 print "...Connected"
diff --git a/swig/wolfssl.i b/swig/wolfssl.i
index 45dc693d3..a03e79cbc 100644
--- a/swig/wolfssl.i
+++ b/swig/wolfssl.i
@@ -33,7 +33,7 @@
 %}
 
 
-WOLFSSL_METHOD* wolfTLSv1_client_method(void);
+WOLFSSL_METHOD* wolfTLSv1_2_client_method(void);
 WOLFSSL_CTX*    wolfSSL_CTX_new(WOLFSSL_METHOD*);
 int             wolfSSL_CTX_load_verify_locations(WOLFSSL_CTX*, const char*, const char*);
 WOLFSSL*        wolfSSL_new(WOLFSSL_CTX*);

From 20851c62f995f0ec4d308bfd8c00138d4f5b8716 Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Tue, 5 May 2015 14:45:43 -0700
Subject: [PATCH 060/350] modify Encrypt and Decrypt switch statements for
 single return

---
 src/internal.c | 55 ++++++++++++++++++++++++++++++--------------------
 1 file changed, 33 insertions(+), 22 deletions(-)

diff --git a/src/internal.c b/src/internal.c
index a398bf412..974718427 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -5472,6 +5472,8 @@ static int ChachaAEADDecrypt(WOLFSSL* ssl, byte* plain, const byte* input,
 
 static INLINE int Encrypt(WOLFSSL* ssl, byte* out, const byte* input, word16 sz)
 {
+    int ret = 0;
+
     (void)out;
     (void)input;
     (void)sz;
@@ -5495,18 +5497,19 @@ static INLINE int Encrypt(WOLFSSL* ssl, byte* out, const byte* input, word16 sz)
 
         #ifdef BUILD_DES3
             case wolfssl_triple_des:
-                return wc_Des3_CbcEncrypt(ssl->encrypt.des3, out, input, sz);
+                ret = wc_Des3_CbcEncrypt(ssl->encrypt.des3, out, input, sz);
+                break;
         #endif
 
         #ifdef BUILD_AES
             case wolfssl_aes:
-                return wc_AesCbcEncrypt(ssl->encrypt.aes, out, input, sz);
+                ret = wc_AesCbcEncrypt(ssl->encrypt.aes, out, input, sz);
+                break;
         #endif
 
         #ifdef BUILD_AESGCM
             case wolfssl_aes_gcm:
                 {
-                    int  gcmRet;
                     byte additional[AEAD_AUTH_DATA_SZ];
                     byte nonce[AEAD_NONCE_SZ];
                     const byte* additionalSrc = input - 5;
@@ -5535,17 +5538,16 @@ static INLINE int Encrypt(WOLFSSL* ssl, byte* out, const byte* input, word16 sz)
                                  ssl->keys.aead_enc_imp_IV, AEAD_IMP_IV_SZ);
                     XMEMCPY(nonce + AEAD_IMP_IV_SZ,
                                      ssl->keys.aead_exp_IV, AEAD_EXP_IV_SZ);
-                    gcmRet = wc_AesGcmEncrypt(ssl->encrypt.aes,
+                    ret = wc_AesGcmEncrypt(ssl->encrypt.aes,
                                  out + AEAD_EXP_IV_SZ, input + AEAD_EXP_IV_SZ,
                                  sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size,
                                  nonce, AEAD_NONCE_SZ,
                                  out + sz - ssl->specs.aead_mac_size,
                                  ssl->specs.aead_mac_size,
                                  additional, AEAD_AUTH_DATA_SZ);
-                    if (gcmRet == 0)
+                    if (ret == 0)
                         AeadIncrementExpIV(ssl);
                     ForceZero(nonce, AEAD_NONCE_SZ);
-                    return gcmRet;
                 }
                 break;
         #endif
@@ -5602,17 +5604,20 @@ static INLINE int Encrypt(WOLFSSL* ssl, byte* out, const byte* input, word16 sz)
 
         #ifdef HAVE_HC128
             case wolfssl_hc128:
-                return wc_Hc128_Process(ssl->encrypt.hc128, out, input, sz);
+                ret = wc_Hc128_Process(ssl->encrypt.hc128, out, input, sz);
+                break;
         #endif
 
         #ifdef BUILD_RABBIT
             case wolfssl_rabbit:
-                return wc_RabbitProcess(ssl->encrypt.rabbit, out, input, sz);
+                ret = wc_RabbitProcess(ssl->encrypt.rabbit, out, input, sz);
+                break;
         #endif
 
         #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
             case wolfssl_chacha:
-                return ChachaAEADEncrypt(ssl, out, input, sz);
+                ret = ChachaAEADEncrypt(ssl, out, input, sz);
+                break;
         #endif
 
         #ifdef HAVE_NULL_CIPHER
@@ -5625,10 +5630,10 @@ static INLINE int Encrypt(WOLFSSL* ssl, byte* out, const byte* input, word16 sz)
 
             default:
                 WOLFSSL_MSG("wolfSSL Encrypt programming error");
-                return ENCRYPT_ERROR;
+                ret = ENCRYPT_ERROR;
     }
 
-    return 0;
+    return ret;
 }
 
 
@@ -5636,6 +5641,8 @@ static INLINE int Encrypt(WOLFSSL* ssl, byte* out, const byte* input, word16 sz)
 static INLINE int Decrypt(WOLFSSL* ssl, byte* plain, const byte* input,
                            word16 sz)
 {
+    int ret = 0;
+
     (void)plain;
     (void)input;
     (void)sz;
@@ -5654,12 +5661,14 @@ static INLINE int Decrypt(WOLFSSL* ssl, byte* plain, const byte* input,
 
         #ifdef BUILD_DES3
             case wolfssl_triple_des:
-                return wc_Des3_CbcDecrypt(ssl->decrypt.des3, plain, input, sz);
+                ret = wc_Des3_CbcDecrypt(ssl->decrypt.des3, plain, input, sz);
+                break;
         #endif
 
         #ifdef BUILD_AES
             case wolfssl_aes:
-                return wc_AesCbcDecrypt(ssl->decrypt.aes, plain, input, sz);
+                ret = wc_AesCbcDecrypt(ssl->decrypt.aes, plain, input, sz);
+                break;
         #endif
 
         #ifdef BUILD_AESGCM
@@ -5695,8 +5704,7 @@ static INLINE int Decrypt(WOLFSSL* ssl, byte* plain, const byte* input,
                             ssl->specs.aead_mac_size,
                             additional, AEAD_AUTH_DATA_SZ) < 0) {
                     SendAlert(ssl, alert_fatal, bad_record_mac);
-                    ForceZero(nonce, AEAD_NONCE_SZ);
-                    return VERIFY_MAC_ERROR;
+                    ret = VERIFY_MAC_ERROR;
                 }
                 ForceZero(nonce, AEAD_NONCE_SZ);
             }
@@ -5736,8 +5744,7 @@ static INLINE int Decrypt(WOLFSSL* ssl, byte* plain, const byte* input,
                             ssl->specs.aead_mac_size,
                             additional, AEAD_AUTH_DATA_SZ) < 0) {
                     SendAlert(ssl, alert_fatal, bad_record_mac);
-                    ForceZero(nonce, AEAD_NONCE_SZ);
-                    return VERIFY_MAC_ERROR;
+                    ret = VERIFY_MAC_ERROR;
                 }
                 ForceZero(nonce, AEAD_NONCE_SZ);
             }
@@ -5752,17 +5759,20 @@ static INLINE int Decrypt(WOLFSSL* ssl, byte* plain, const byte* input,
 
         #ifdef HAVE_HC128
             case wolfssl_hc128:
-                return wc_Hc128_Process(ssl->decrypt.hc128, plain, input, sz);
+                ret = wc_Hc128_Process(ssl->decrypt.hc128, plain, input, sz);
+                break;
         #endif
 
         #ifdef BUILD_RABBIT
             case wolfssl_rabbit:
-                return wc_RabbitProcess(ssl->decrypt.rabbit, plain, input, sz);
+                ret = wc_RabbitProcess(ssl->decrypt.rabbit, plain, input, sz);
+                break;
         #endif
 
         #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
             case wolfssl_chacha:
-                return ChachaAEADDecrypt(ssl, plain, input, sz);
+                ret = ChachaAEADDecrypt(ssl, plain, input, sz);
+                break;
         #endif
 
         #ifdef HAVE_NULL_CIPHER
@@ -5775,9 +5785,10 @@ static INLINE int Decrypt(WOLFSSL* ssl, byte* plain, const byte* input,
 
             default:
                 WOLFSSL_MSG("wolfSSL Decrypt programming error");
-                return DECRYPT_ERROR;
+                ret = DECRYPT_ERROR;
     }
-    return 0;
+
+    return ret;
 }
 
 

From fc24885f175c6597574accddb2f696aba6677387 Mon Sep 17 00:00:00 2001
From: kaleb-himes <kaleb@wolfssl.com>
Date: Wed, 6 May 2015 11:57:32 -0600
Subject: [PATCH 061/350] updated subject matter for server-ecc.pem

---
 certs/renewcerts.sh  |  2 +-
 certs/server-ecc.pem | 15 ++++++++-------
 2 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/certs/renewcerts.sh b/certs/renewcerts.sh
index 33fcfcb2e..5bcce22a9 100755
--- a/certs/renewcerts.sh
+++ b/certs/renewcerts.sh
@@ -132,7 +132,7 @@ function run_renewcerts(){
     echo "Updating server-ecc.pem"
     echo ""
     #pipe the following arguments to openssl req...
-    echo -e "US\nMontana\nBozeman\nwolfSSL\nProgramming\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key ecc-key.pem -nodes -out server-ecc.csr
+    echo -e "US\nOregon\nPortland\nEliptic\nECC\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key ecc-key.pem -nodes -out server-ecc.csr
 
 
     openssl x509 -req -in server-ecc.csr -days 1000 -extfile wolfssl.cnf -extensions wolfssl_opts -signkey ecc-key.pem -out server-ecc.pem
diff --git a/certs/server-ecc.pem b/certs/server-ecc.pem
index 26beb0be9..ff509a0fa 100644
--- a/certs/server-ecc.pem
+++ b/certs/server-ecc.pem
@@ -1,8 +1,9 @@
 Certificate:
     Data:
         Version: 3 (0x2)
-        Serial Number: 9356926451288716285 (0x81da7b08468533fd)
-    Signature Algorithm: ecdsa-with-SHA1
+        Serial Number:
+            81:da:7b:08:46:85:33:fd
+        Signature Algorithm: ecdsa-with-SHA1
         Issuer: C=US, ST=Montana, L=Bozeman, O=wolfSSL, OU=Programming, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
         Validity
             Not Before: Feb  5 06:33:30 2015 GMT
@@ -10,7 +11,7 @@ Certificate:
         Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL, OU=Programming, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: id-ecPublicKey
-                Public-Key: (256 bit)
+            EC Public Key:
                 pub: 
                     04:bb:33:ac:4c:27:50:4a:c6:4a:a5:04:c3:3c:de:
                     9f:36:db:72:2d:ce:94:ea:2b:fa:cb:20:09:39:2c:
@@ -29,10 +30,10 @@ Certificate:
             X509v3 Basic Constraints: 
                 CA:TRUE
     Signature Algorithm: ecdsa-with-SHA1
-         30:45:02:21:00:a0:70:22:57:ad:97:06:b5:9b:fa:5a:1c:b2:
-         77:ed:54:09:7d:9a:5c:ca:02:56:d7:32:1d:41:e6:d5:5a:09:
-         29:02:20:4e:95:75:27:3d:3c:93:ba:97:3f:f4:2d:35:3e:c8:
-         57:75:e1:81:3d:5e:09:bf:86:a2:8b:ef:0b:d1:77:4f:b5
+        30:45:02:21:00:a0:70:22:57:ad:97:06:b5:9b:fa:5a:1c:b2:
+        77:ed:54:09:7d:9a:5c:ca:02:56:d7:32:1d:41:e6:d5:5a:09:
+        29:02:20:4e:95:75:27:3d:3c:93:ba:97:3f:f4:2d:35:3e:c8:
+        57:75:e1:81:3d:5e:09:bf:86:a2:8b:ef:0b:d1:77:4f:b5
 -----BEGIN CERTIFICATE-----
 MIIDHDCCAsOgAwIBAgIJAIHaewhGhTP9MAkGByqGSM49BAEwgZQxCzAJBgNVBAYT
 AlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRAwDgYDVQQK

From 08b6e66ea84f9684903f7a616722d548952852c0 Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Thu, 7 May 2015 10:02:43 -0700
Subject: [PATCH 062/350] add external site script test to make check

---
 examples/client/client.c | 27 +++++++++++++++++++--------
 scripts/external.test    | 20 ++++++++++++++++++++
 scripts/include.am       |  1 +
 3 files changed, 40 insertions(+), 8 deletions(-)
 create mode 100755 scripts/external.test

diff --git a/examples/client/client.c b/examples/client/client.c
index cc49afe85..afdbc2d86 100644
--- a/examples/client/client.c
+++ b/examples/client/client.c
@@ -173,6 +173,9 @@ static void Usage(void)
 #ifdef HAVE_ANON
     printf("-a          Anonymous client\n");
 #endif
+#ifdef HAVE_CRL
+    printf("-C          Disable CRL\n");
+#endif
 }
 
 THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
@@ -208,7 +211,8 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
     int    doPeerCheck = 1;
     int    nonBlocking = 0;
     int    resumeSession = 0;
-    int    wc_shutdown      = 0;
+    int    wc_shutdown   = 0;
+    int    disableCRL    = 0;
     int    ret;
     int    scr           = 0;    /* allow secure renegotiation */
     int    forceScr      = 0;    /* force client initiaed scr */
@@ -262,11 +266,12 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
     (void)verifyCert;
     (void)useClientCert;
     (void)overrideDateErrors;
+    (void)disableCRL;
 
     StackTrap();
 
     while ((ch = mygetopt(argc, argv,
-                          "?gdDusmNrwRitfxUPh:p:v:l:A:c:k:b:zS:L:ToO:a")) != -1) {
+                          "?gdDusmNrwRitfxUPCh:p:v:l:A:c:k:b:zS:L:ToO:a")) != -1) {
         switch (ch) {
             case '?' :
                 Usage();
@@ -284,6 +289,10 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
                 overrideDateErrors = 1;
                 break;
 
+            case 'C' :
+                disableCRL = 1;
+                break;
+
             case 'u' :
                 doDTLS  = 1;
                 break;
@@ -723,12 +732,14 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
 
     wolfSSL_set_fd(ssl, sockfd);
 #ifdef HAVE_CRL
-    if (wolfSSL_EnableCRL(ssl, WOLFSSL_CRL_CHECKALL) != SSL_SUCCESS)
-        err_sys("can't enable crl check");
-    if (wolfSSL_LoadCRL(ssl, crlPemDir, SSL_FILETYPE_PEM, 0) != SSL_SUCCESS)
-        err_sys("can't load crl, check crlfile and date validity");
-    if (wolfSSL_SetCRL_Cb(ssl, CRL_CallBack) != SSL_SUCCESS)
-        err_sys("can't set crl callback");
+    if (disableCRL == 0) {
+        if (wolfSSL_EnableCRL(ssl, WOLFSSL_CRL_CHECKALL) != SSL_SUCCESS)
+            err_sys("can't enable crl check");
+        if (wolfSSL_LoadCRL(ssl, crlPemDir, SSL_FILETYPE_PEM, 0) != SSL_SUCCESS)
+            err_sys("can't load crl, check crlfile and date validity");
+        if (wolfSSL_SetCRL_Cb(ssl, CRL_CallBack) != SSL_SUCCESS)
+            err_sys("can't set crl callback");
+    }
 #endif
 #ifdef HAVE_SECURE_RENEGOTIATION
     if (scr) {
diff --git a/scripts/external.test b/scripts/external.test
new file mode 100755
index 000000000..9b2668d80
--- /dev/null
+++ b/scripts/external.test
@@ -0,0 +1,20 @@
+#!/bin/bash
+
+# external.test
+
+server=www.wolfssl.com
+ca=./certs/wolfssl-website-ca.pem
+
+[ ! -x ./examples/client/client ] && echo -e "\n\nClient doesn't exist" && exit 1
+
+# is our desired server there?
+ping -c 2 -i 0.2 $server
+RESULT=$?
+[ $RESULT -ne 0 ] && echo -e "\n\nCouldn't find $server, skipping" && exit 0
+
+# client test against the server
+./examples/client/client -C -h $server -p 443 -g -A $ca
+RESULT=$?
+[ $RESULT -ne 0 ] && echo -e "\n\nClient connection failed" && exit 1
+
+exit 0
diff --git a/scripts/include.am b/scripts/include.am
index 2a98f97e0..091f3d7a4 100644
--- a/scripts/include.am
+++ b/scripts/include.am
@@ -10,6 +10,7 @@ endif
 
 if BUILD_EXAMPLES
 dist_noinst_SCRIPTS+= scripts/resume.test
+dist_noinst_SCRIPTS+= scripts/external.test
 endif
 
 EXTRA_DIST +=  scripts/testsuite.pcap

From 7a90f60a9ce20d9f82486f2af55239246b4d1f46 Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Thu, 7 May 2015 10:33:23 -0700
Subject: [PATCH 063/350] add rsafunction mp_exptmod_e debug message

---
 wolfcrypt/src/rsa.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c
index c9562b1ad..1a5021783 100644
--- a/wolfcrypt/src/rsa.c
+++ b/wolfcrypt/src/rsa.c
@@ -388,9 +388,12 @@ static int wc_RsaFunction(const byte* in, word32 inLen, byte* out,
     /* convert */
     if (mp_to_unsigned_bin(&tmp, out) != MP_OKAY)
         ERROR_OUT(MP_TO_E);
-   
-done: 
+
+done:
     mp_clear(&tmp);
+    if (ret == MP_EXPTMOD_E) {
+        WOLFSSL_MSG("RSA_FUNCTION MP_EXPTMOD_E: memory/config problem");
+    }
     return ret;
 }
 

From 173b1147b50e876ae458ac288f4ab8281c8dc205 Mon Sep 17 00:00:00 2001
From: kaleb-himes <kaleb@wolfssl.com>
Date: Thu, 7 May 2015 12:21:50 -0600
Subject: [PATCH 064/350] updated certs

---
 certs/1024/client-cert.der | Bin 937 -> 969 bytes
 certs/1024/client-cert.pem |  75 +++----
 certs/ca-cert.der          | Bin 1198 -> 1198 bytes
 certs/ca-cert.pem          |  60 +++---
 certs/client-cert.der      | Bin 1198 -> 1230 bytes
 certs/client-cert.pem      |  99 ++++-----
 certs/client-ecc-cert.der  | Bin 800 -> 780 bytes
 certs/client-ecc-cert.pem  |  60 +++---
 certs/crl/cliCrl.pem       |  62 +++---
 certs/crl/crl.pem          |  56 ++---
 certs/crl/crl.revoked      |  58 +++---
 certs/crl/eccCliCRL.pem    |  32 +--
 certs/crl/eccSrvCRL.pem    |  32 +--
 certs/renewcerts.sh        |  10 +-
 certs/server-cert.der      | Bin 1186 -> 1186 bytes
 certs/server-cert.pem      | 120 +++++------
 certs/server-ecc-comp.pem  |  59 +++---
 certs/server-ecc-rsa.pem   |  60 +++---
 certs/server-ecc.pem       |  63 +++---
 gencertbuf.pl              |  31 ++-
 wolfssl/certs_test.h       | 411 +++++++++++++++++++------------------
 21 files changed, 659 insertions(+), 629 deletions(-)

diff --git a/certs/1024/client-cert.der b/certs/1024/client-cert.der
index d7bf4ed87bd135f346bc1fba664e3cf9b2cdcc6c..c2bd6df8fe58e67cfaf20cb20bce0bd93a31726b 100644
GIT binary patch
delta 480
zcmZ3<ev)0wpo#gYK@+py0%j&gCMHgX$JZD9D!Z@s%Yc`SQ>)FR?K>|cBR4C9LF2rM
z4~+~(4TRa4Ls__Zc*^s0(t?A1;tdUqObjIr#6iN`JOTkl`RPT8xw)Bn>AE1P$ySUu
z6Zf;pm>QTHS{NA`7)FWn8d?|_8XH2n6c~Juy@`?Cpox)rvMiIL_GLEaP+4V`#?uCk
zCmKW=Gx>kqzkA+9^J;o&Ve9cyfy~G^3mca#X<SHwh1T^=NCCtHvQU_X)qt6i@jqH{
zF*i0c$Zo${^Kj#h1L?6_FLyi-&@4>uKcgmZ%o*xDd-XBtJ;xcRO8rWG@ORGZd@g>G
zH(T}Z$QaxWntnxwlfl>`{`3m5e!=ZKE~GsS(fDk?KP$h?Ln|&!clkM)4=i`Z_p((e
p=3d)4yVP*f!GBkJucYfUORM*;{%>G?xL*0m>gb6NrPH3h1pvb+qj>-T

delta 447
zcmX@fzLH(bpow{@K@&6I0%j&gCMHgX7ynPP@A&Q!WWdYDsnzDu_MMlJk(HIfpmECN
zdL|=v0RuiZ=1>+c9`^G5oV4IzA43rXA&>|+4|hOOetJ=2Zf<5?`eZ*w8znh$UPDs@
zBLh<dGh<_8gD7!cLvuqz14Ag6bR+NaH~ukb{AnP|#vCfk$0EiuIgv?}&!F)nh_B4j
zc+jA6-{b@)3HDh_8mE(PymfsOlK*)?h6=N=8Za|5{znT9=Eg>bf_=YjG-HEzP1|$2
zu4$#t`*+qKUVLG!2nY<7cAtGGO5mAg%dCaE%x5->y);srZp;7Xq`x4C;bIwi^UDk@
zPG?S<h*&-R^mCuy{uFmRx2c><t$n<7tCjg|LKv@v{tEt(nwQ~y=5cfUzj-H~e|vbM
YWA{##Z(I@zE~hK>%I)_nz2CD106V3SIRF3v

diff --git a/certs/1024/client-cert.pem b/certs/1024/client-cert.pem
index fc5f15a4a..2f13e8e25 100644
--- a/certs/1024/client-cert.pem
+++ b/certs/1024/client-cert.pem
@@ -1,13 +1,13 @@
 Certificate:
     Data:
         Version: 3 (0x2)
-        Serial Number: 16789358970865666130 (0xe8ffc907b8f74852)
-    Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=US, ST=Montana, L=Bozeman, O=wolfSSL, OU=Programming, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+        Serial Number: 16417767964199037690 (0xe3d7a0fa76df2afa)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=US, ST=Montana, L=Bozeman, O=wolfSSL_1024, OU=Programming-1024, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
         Validity
-            Not Before: Feb  5 06:33:30 2015 GMT
-            Not After : Nov  1 06:33:30 2017 GMT
-        Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL, OU=Programming, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+            Not Before: May  7 18:21:01 2015 GMT
+            Not After : Jan 31 18:21:01 2018 GMT
+        Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL_1024, OU=Programming-1024, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
                 Public-Key: (1024 bit)
@@ -27,39 +27,40 @@ Certificate:
                 81:69:0F:F8:DF:DD:CF:34:29:D5:67:75:71:85:C7:75:10:69:59:EC
             X509v3 Authority Key Identifier: 
                 keyid:81:69:0F:F8:DF:DD:CF:34:29:D5:67:75:71:85:C7:75:10:69:59:EC
-                DirName:/C=US/ST=Montana/L=Bozeman/O=wolfSSL/OU=Programming/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:E8:FF:C9:07:B8:F7:48:52
+                DirName:/C=US/ST=Montana/L=Bozeman/O=wolfSSL_1024/OU=Programming-1024/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+                serial:E3:D7:A0:FA:76:DF:2A:FA
 
             X509v3 Basic Constraints: 
                 CA:TRUE
-    Signature Algorithm: sha1WithRSAEncryption
-         70:be:fb:3c:29:5d:53:ba:96:bc:cb:7e:82:a9:2c:ef:ee:3b:
-         f0:e8:f4:01:78:50:51:55:1b:47:9b:dc:5a:10:e6:39:84:9a:
-         a1:2d:03:cc:b3:16:e9:32:26:97:3d:0f:ec:c9:4f:11:08:31:
-         a3:1c:1f:37:d3:00:04:42:cc:c9:34:14:3a:e1:f2:f9:be:2e:
-         bf:64:47:3e:46:95:09:a5:3b:4c:4a:7b:23:0e:3c:54:01:d4:
-         55:fa:53:f0:65:6e:68:4b:cc:e3:83:5f:fe:9e:c8:e7:f6:e1:
-         c8:88:bb:b9:24:f6:0a:18:20:44:cb:78:2e:77:3f:bf:22:ef:
-         bc:b4
+    Signature Algorithm: sha256WithRSAEncryption
+         1d:b7:d5:7c:e1:b1:d8:c0:67:5d:b5:d3:88:e7:50:29:71:63:
+         8f:cc:26:1f:33:09:55:43:9b:ab:c6:1b:bc:c7:01:95:1a:fa:
+         65:e0:fd:9c:eb:6f:0a:0f:14:ec:b5:2f:dc:1c:30:dd:52:97:
+         d4:1c:09:00:33:38:5f:cb:a8:16:8f:11:b7:b8:d0:66:e1:54:
+         28:f3:3f:bf:6a:6f:76:48:2a:5e:56:a7:ce:1c:f0:04:dd:17:
+         bd:06:78:21:6d:d6:b1:9b:75:31:92:c1:fe:d4:8d:d4:67:2f:
+         03:1b:27:8d:ab:ff:30:3b:c3:7f:23:e4:ab:5b:91:e1:1b:66:
+         e6:ed
 -----BEGIN CERTIFICATE-----
-MIIDpTCCAw6gAwIBAgIJAOj/yQe490hSMA0GCSqGSIb3DQEBBQUAMIGUMQswCQYD
-VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEQMA4G
-A1UECgwHd29sZlNTTDEUMBIGA1UECwwLUHJvZ3JhbW1pbmcxGDAWBgNVBAMMD3d3
-dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAe
-Fw0xNTAyMDUwNjMzMzBaFw0xNzExMDEwNjMzMzBaMIGUMQswCQYDVQQGEwJVUzEQ
-MA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEQMA4GA1UECgwHd29s
-ZlNTTDEUMBIGA1UECwwLUHJvZ3JhbW1pbmcxGDAWBgNVBAMMD3d3dy53b2xmc3Ns
-LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCBnzANBgkqhkiG
-9w0BAQEFAAOBjQAwgYkCgYEAvHMOqEnzdKKp7xil2lWZIfnI7LNtSOU1NXV3N+zR
-YZBfPtnk1d+UysGp1xnahsnoTcRhNoL+q61+dyW7jRGlvGI6qDjMOaIEZrT39/Oq
-2k0CDrtejWlI3HfJKA4i6WukJrpM6MH9Sm8rH++KrvaQYuVkHusrPGfI3CcA9pFo
-ZakCAwEAAaOB/DCB+TAdBgNVHQ4EFgQUgWkP+N/dzzQp1Wd1cYXHdRBpWewwgckG
-A1UdIwSBwTCBvoAUgWkP+N/dzzQp1Wd1cYXHdRBpWeyhgZqkgZcwgZQxCzAJBgNV
-BAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRAwDgYD
-VQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtQcm9ncmFtbWluZzEYMBYGA1UEAwwPd3d3
-LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkA
-6P/JB7j3SFIwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQBwvvs8KV1T
-upa8y36CqSzv7jvw6PQBeFBRVRtHm9xaEOY5hJqhLQPMsxbpMiaXPQ/syU8RCDGj
-HB830wAEQszJNBQ64fL5vi6/ZEc+RpUJpTtMSnsjDjxUAdRV+lPwZW5oS8zjg1/+
-nsjn9uHIiLu5JPYKGCBEy3gudz+/Iu+8tA==
+MIIDxTCCAy6gAwIBAgIJAOPXoPp23yr6MA0GCSqGSIb3DQEBCwUAMIGeMQswCQYD
+VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEVMBMG
+A1UECgwMd29sZlNTTF8xMDI0MRkwFwYDVQQLDBBQcm9ncmFtbWluZy0xMDI0MRgw
+FgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29s
+ZnNzbC5jb20wHhcNMTUwNTA3MTgyMTAxWhcNMTgwMTMxMTgyMTAxWjCBnjELMAkG
+A1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFTAT
+BgNVBAoMDHdvbGZTU0xfMTAyNDEZMBcGA1UECwwQUHJvZ3JhbW1pbmctMTAyNDEY
+MBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv
+bGZzc2wuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8cw6oSfN0oqnv
+GKXaVZkh+cjss21I5TU1dXc37NFhkF8+2eTV35TKwanXGdqGyehNxGE2gv6rrX53
+JbuNEaW8YjqoOMw5ogRmtPf386raTQIOu16NaUjcd8koDiLpa6Qmukzowf1Kbysf
+74qu9pBi5WQe6ys8Z8jcJwD2kWhlqQIDAQABo4IBBzCCAQMwHQYDVR0OBBYEFIFp
+D/jf3c80KdVndXGFx3UQaVnsMIHTBgNVHSMEgcswgciAFIFpD/jf3c80KdVndXGF
+x3UQaVnsoYGkpIGhMIGeMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQ
+MA4GA1UEBwwHQm96ZW1hbjEVMBMGA1UECgwMd29sZlNTTF8xMDI0MRkwFwYDVQQL
+DBBQcm9ncmFtbWluZy0xMDI0MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAd
+BgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CCQDj16D6dt8q+jAMBgNVHRME
+BTADAQH/MA0GCSqGSIb3DQEBCwUAA4GBAB231XzhsdjAZ12104jnUClxY4/MJh8z
+CVVDm6vGG7zHAZUa+mXg/ZzrbwoPFOy1L9wcMN1Sl9QcCQAzOF/LqBaPEbe40Gbh
+VCjzP79qb3ZIKl5Wp84c8ATdF70GeCFt1rGbdTGSwf7UjdRnLwMbJ42r/zA7w38j
+5KtbkeEbZubt
 -----END CERTIFICATE-----
diff --git a/certs/ca-cert.der b/certs/ca-cert.der
index 1626809849dbb69dc4ba4d8094a7d52d666da523..d0eab7a3ce08847c4bc6c9160c266eaa3289778b 100644
GIT binary patch
delta 359
zcmZ3-xsFrapowLbK@;<&1<Xv0OiY{%Hyf-DU;1*(+<=#jQ>)FR?K>|cBR4C<#CtO)
z?q`!QH83}{FfueSj1uQHv@kF<HiU3D-d)bb0n<9Uhgqtgo0WmNiII_^YQ2l~s{CN5
zO~$L7<HHOt@0`XxD>TYdi`(ys-p8qFC)>=LdXsB>7rpb?#e96i_2tJ(5<KD!7yXR0
zJKXf}slH=lv!-h0#bAa^o3~sB){e517V4~+tMgd7z4Ae5-ozCFx7_p(DFoPQyH6L{
zP|LE*HSj{-!>C2x^(}LJ&$hDs)G%zCyytkN=S1cg_p_dat<5?u&uji9ZtwH?SKrLF
zkx-reQ9q#ewc+WH$x3s>|9oyykUGZRK1pq!s6?bO+nwJVww1+xJg9#{KWWZ^YxiEK
zmVb^}cDO@*TIrTAA!q;VD(X%9z+UYAa`L1J_mXZdwqBE`60h#Hc}l^5E(7uBbw>TE
H+e;$=v1^;I

delta 359
zcmZ3-xsFrapowLbK@;<&1<Xv0OiY{%ziKUJ75^5JG~i|9)N1o+`_9YA$jZtv@!pJy
z``ILn3``BojE#*AqQrR(%?%9=3?bZ&cb7A9z_d>8VV0_AWo2M)Vq|2{VdA;B$!+0{
zNPdpYwU>hQ-i21|-CcO;`u2a-{9SvpRR3Pdm0iv7XzsNcih@fVAMkoFv8dPMxz=#U
z;QDz<X=nZCn`f5H*}|B)@$l^VUY+_07N=_#R!p{tS#ipZS6O%F;`3ad7O&aa!q0kz
znzC@18JsH3^q$qiQGZgoV&#X1b6u*t4cYkwpLtE~3BKQY)5G<2)cbpr4t4O|`fr%+
z7Ze=-d4-kJkB7Wm2U^y@QQW+I#)cEw<t*>NvMmj?R><EU+R$_UO2xZHHy;O?%o4Y4
z7w}b9w3u!BU1E*NUWs)}9vSJ!E^+kPv#MkJJXeuPFJHX-BdhT>^6$O9T(-q`x6Ico
IKTzrj0NB`=kpKVy

diff --git a/certs/ca-cert.pem b/certs/ca-cert.pem
index d98a51a5b..6eacbebd0 100644
--- a/certs/ca-cert.pem
+++ b/certs/ca-cert.pem
@@ -1,12 +1,12 @@
 Certificate:
     Data:
         Version: 3 (0x2)
-        Serial Number: 18049645117592769049 (0xfa7d389a73fb1219)
-    Signature Algorithm: sha1WithRSAEncryption
+        Serial Number: 15672591315981621815 (0xd9803ac3d2f4da37)
+    Signature Algorithm: sha256WithRSAEncryption
         Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
         Validity
-            Not Before: Feb  5 06:33:30 2015 GMT
-            Not After : Nov  1 06:33:30 2017 GMT
+            Not Before: May  7 18:21:01 2015 GMT
+            Not After : Jan 31 18:21:01 2018 GMT
         Subject: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
@@ -37,32 +37,32 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:FA:7D:38:9A:73:FB:12:19
+                serial:D9:80:3A:C3:D2:F4:DA:37
 
             X509v3 Basic Constraints: 
                 CA:TRUE
-    Signature Algorithm: sha1WithRSAEncryption
-         2c:02:0c:de:b2:46:a1:d8:59:0f:08:69:ad:d2:52:2e:ee:55:
-         78:bd:bb:71:d2:d7:b7:fe:7b:0f:8a:bc:6a:25:fd:d4:6d:1d:
-         ab:00:e2:9d:d6:98:21:11:a4:41:e0:0d:4b:a4:38:7f:2e:0c:
-         d6:80:dc:30:d7:cf:19:1b:43:2f:e7:b3:99:74:9c:b4:01:69:
-         b1:c3:9b:9f:4a:89:2f:60:38:cb:7c:a1:78:93:38:5c:a8:ca:
-         46:0d:23:2d:99:a3:cf:0a:49:38:eb:07:06:57:cd:4a:55:35:
-         04:08:36:30:ca:75:69:4b:9a:84:08:c9:23:78:a9:f0:80:ce:
-         8a:25:bb:31:07:0e:11:e6:4a:95:8c:53:df:85:d9:48:45:cb:
-         5a:ef:de:92:c2:88:0e:da:ff:31:6b:4e:52:53:5f:f3:a8:3a:
-         42:f8:e1:0d:0a:c0:84:af:ec:21:b3:a7:98:b0:c8:6b:77:04:
-         ef:f5:06:a5:51:3b:20:6f:bf:55:80:8c:cf:d4:78:ee:a2:d9:
-         e3:52:34:9a:17:3d:87:10:4d:23:21:38:9b:35:f7:18:ac:34:
-         bd:18:ae:a4:e2:32:2f:5d:a4:41:4c:bc:aa:88:b7:9e:45:14:
-         92:e9:e8:ee:fc:1d:28:f5:59:fd:de:bd:3d:73:dd:b4:9f:2e:
-         77:c0:75:41
+    Signature Algorithm: sha256WithRSAEncryption
+         7a:af:44:3b:aa:6f:53:42:b2:33:aa:43:5f:56:30:d3:b9:96:
+         0b:9a:55:5a:39:2a:0b:4e:e4:2e:f1:95:66:c9:86:36:82:8d:
+         63:7c:4d:a2:ee:48:ba:03:c7:90:d7:a7:c6:74:60:48:5f:31:
+         a2:f9:5e:3e:c3:82:e1:e5:2f:41:81:83:29:25:79:d1:53:00:
+         69:3c:ed:0a:30:3b:41:1d:92:a1:2c:a8:9d:2c:e3:23:87:79:
+         e0:55:6e:91:a8:50:da:46:2f:c2:20:50:3e:2b:47:97:14:b0:
+         7d:04:ba:45:51:d0:6e:e1:5a:a2:4b:84:9c:4d:cd:85:04:f9:
+         28:31:82:93:bc:c7:59:49:91:03:e8:df:6a:e4:56:ad:6a:cb:
+         1f:0d:37:e4:5e:bd:e7:9f:d5:ec:9d:3c:18:25:9b:f1:2f:50:
+         7d:eb:31:cb:f1:63:22:9d:57:fc:f3:84:20:1a:c6:07:87:92:
+         26:9e:15:18:59:33:06:dc:fb:b0:b6:76:5d:f1:c1:2f:c8:2f:
+         62:9c:c0:d6:de:eb:65:77:f3:5c:a6:c3:88:27:96:75:b4:f4:
+         54:cd:ff:2d:21:2e:96:f0:07:73:4b:e9:93:92:90:de:62:d9:
+         a3:3b:ac:6e:24:5f:27:4a:b3:94:70:ff:30:17:e7:7e:32:8f:
+         65:b7:75:58
 -----BEGIN CERTIFICATE-----
-MIIEqjCCA5KgAwIBAgIJAPp9OJpz+xIZMA0GCSqGSIb3DQEBBQUAMIGUMQswCQYD
+MIIEqjCCA5KgAwIBAgIJANmAOsPS9No3MA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD
 VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G
 A1UECgwIU2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3
 dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAe
-Fw0xNTAyMDUwNjMzMzBaFw0xNzExMDEwNjMzMzBaMIGUMQswCQYDVQQGEwJVUzEQ
+Fw0xNTA1MDcxODIxMDFaFw0xODAxMzExODIxMDFaMIGUMQswCQYDVQQGEwJVUzEQ
 MA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3
 dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3Ns
 LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZI
@@ -76,11 +76,11 @@ XDjNdyXvvYB1U5Q8PcpjW58VtdMdEy8Z0TzbdjrMuH3J5cLX2kBv2CHccxtCLVOc
 J45nEXTDJh0/7TNjs6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYD
 VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290
 aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t
-MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkA+n04mnP7EhkwDAYD
-VR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEALAIM3rJGodhZDwhprdJSLu5V
-eL27cdLXt/57D4q8aiX91G0dqwDindaYIRGkQeANS6Q4fy4M1oDcMNfPGRtDL+ez
-mXSctAFpscObn0qJL2A4y3yheJM4XKjKRg0jLZmjzwpJOOsHBlfNSlU1BAg2MMp1
-aUuahAjJI3ip8IDOiiW7MQcOEeZKlYxT34XZSEXLWu/eksKIDtr/MWtOUlNf86g6
-QvjhDQrAhK/sIbOnmLDIa3cE7/UGpVE7IG+/VYCMz9R47qLZ41I0mhc9hxBNIyE4
-mzX3GKw0vRiupOIyL12kQUy8qoi3nkUUkuno7vwdKPVZ/d69PXPdtJ8ud8B1QQ==
+MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkA2YA6w9L02jcwDAYD
+VR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAeq9EO6pvU0KyM6pDX1Yw07mW
+C5pVWjkqC07kLvGVZsmGNoKNY3xNou5IugPHkNenxnRgSF8xovlePsOC4eUvQYGD
+KSV50VMAaTztCjA7QR2SoSyonSzjI4d54FVukahQ2kYvwiBQPitHlxSwfQS6RVHQ
+buFaokuEnE3NhQT5KDGCk7zHWUmRA+jfauRWrWrLHw035F6955/V7J08GCWb8S9Q
+fesxy/FjIp1X/POEIBrGB4eSJp4VGFkzBtz7sLZ2XfHBL8gvYpzA1t7rZXfzXKbD
+iCeWdbT0VM3/LSEulvAHc0vpk5KQ3mLZozusbiRfJ0qzlHD/MBfnfjKPZbd1WA==
 -----END CERTIFICATE-----
diff --git a/certs/client-cert.der b/certs/client-cert.der
index ea1f65e4012c856d88d69fc032b32a99c4b8f09b..9a7e0bf9bf6b9edb2118975ff81afcc53f5ebdee 100644
GIT binary patch
delta 571
zcmZ3-d5%-dpo!&_K@;<)1<Xv0OiY{%tJF6iU0IaJYrxCKsnzDu_MMlJk(-slpmE;B
zhen2?2EuI2p)6cHJmvX0X~Drh@kRzF7KV}r;vive9)W<O{Pd#4+}zB(bX}0tWGhCS
ziTl}PObyHpEsP8e45P$(4J`}|jSZn(at+>W#hAp%-o(gm(8S0*c_EV`&t*2|P+4V`
z#?uCkCnld`l3-u5q;Vm+#!t3lwB~L?1jpnaW~q8^RtDxKMn;CfY0G8QVr3>AGnzk5
z^pouK$#d3}hE4seP_WuHi*v*0Ps}TB-_hSA-(I!&O8-^Q>2)?CYc@XqV9EQBbC&Wq
zqh*efdlO#ly~kjdZ}-wMe`WIVRadJ&Ke6<f_buVrv9_y4ZOUiAW+ewN`SB+(>uf?v
z-{Q7JMw5!~n)TB+FE`o7b#H5773VU$YfTZI>2r=|B<*6mX1V*c)qw}e^2d4R2(`WW
zZkd%h`GT>?u~6%6=NqDXoZmaUaNA6_T<j-$kvqO+hV0q-E8SmPhZ$@un{?14e$Uhm
z0aBqS{F2<;LsEEVPyFS)S<_?RGojayU5*7kaX8jIReE`<dS<ac*NFwb_4{7UPTy1w
E0JG=RqW}N^

delta 545
zcmX@dxsFrIpowLbK@;<&1<Xv0OiY{%XLGLA9ee-zwgE32r&gOs+jm|@Mpjk^gT^Tn
zUmK|l81S(%hq7?-u$SlOqy-227>XDOfke1@xC4sv(~A;wb2IbOC;KtlD9MTQ8k!my
z8JHTF85<iLM2Yhnnj0D#7(%(EnYh`HF^Q42@sB~{&&k`F6nRgwF^9@3voszwXx!H@
z`5==h=fcKWOB$z>X6j@=Mr-aSgr_I3VV0_AWo2M)Vq|2fb4)EhD-osdyZT?0jd^mD
ztzOq6rjvW$on8L@h_$=1w18v1dg=eN%4Hm)3_siMPuz57=C6M{Ur!Ew$#|js!HvAl
zHy5k1sXlz!UGp#Yx@FX%?~lIS%PM1%s1v(z;WB5>B#T9->Q?ML!{PHGa+Rv-&daN0
z1Z3`TU#(C4Gw0*fkLTR~hApr;=zA*U41>O1X`i@*h$rLjrN4u?_V4CYyt2$VLgStB
zoqs>dj(q9cot`m0`dF26>)our9wt`VcaLnh%-NlsXBZpZyVpki)=8@cmh$(y&dAjk
zsal8q@7}#WYI%yzj|E3Q6@-5{Z{bmsvncCP=$G>=6}Q_taXq{t82;4ZW7^dF02;{H
ANB{r;

diff --git a/certs/client-cert.pem b/certs/client-cert.pem
index 37bc42fcb..569cdddac 100644
--- a/certs/client-cert.pem
+++ b/certs/client-cert.pem
@@ -1,13 +1,13 @@
 Certificate:
     Data:
         Version: 3 (0x2)
-        Serial Number: 14802441915251815387 (0xcd6cd67ec6eff3db)
-    Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=US, ST=Montana, L=Bozeman, O=wolfSSL, OU=Programming, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+        Serial Number: 12260966172072242701 (0xaa27b3c5a9726e0d)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=US, ST=Montana, L=Bozeman, O=wolfSSL_2048, OU=Programming-2048, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
         Validity
-            Not Before: Feb  5 06:33:30 2015 GMT
-            Not After : Nov  1 06:33:30 2017 GMT
-        Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL, OU=Programming, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+            Not Before: May  7 18:21:01 2015 GMT
+            Not After : Jan 31 18:21:01 2018 GMT
+        Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL_2048, OU=Programming-2048, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
                 Public-Key: (2048 bit)
@@ -36,51 +36,52 @@ Certificate:
                 33:D8:45:66:D7:68:87:18:7E:54:0D:70:27:91:C7:26:D7:85:65:C0
             X509v3 Authority Key Identifier: 
                 keyid:33:D8:45:66:D7:68:87:18:7E:54:0D:70:27:91:C7:26:D7:85:65:C0
-                DirName:/C=US/ST=Montana/L=Bozeman/O=wolfSSL/OU=Programming/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:CD:6C:D6:7E:C6:EF:F3:DB
+                DirName:/C=US/ST=Montana/L=Bozeman/O=wolfSSL_2048/OU=Programming-2048/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+                serial:AA:27:B3:C5:A9:72:6E:0D
 
             X509v3 Basic Constraints: 
                 CA:TRUE
-    Signature Algorithm: sha1WithRSAEncryption
-         7e:41:65:73:cd:18:5a:2f:4d:ab:fe:5a:3c:37:63:82:3d:2e:
-         8a:a2:02:c9:bd:ee:cd:a7:f7:c4:3b:47:33:1b:10:41:7f:27:
-         75:ff:76:79:a6:08:15:00:f9:86:df:91:b2:cc:99:fa:fe:b9:
-         eb:93:55:e9:01:d0:77:e0:d8:6e:b3:d9:a3:26:06:25:e1:e9:
-         8b:7c:fe:5d:d7:39:5a:c2:f7:e2:f6:de:6a:76:02:18:7e:16:
-         d0:d0:d3:09:8c:92:38:a2:ca:7e:a8:b9:cc:08:4c:f0:59:aa:
-         25:35:b9:d3:aa:1c:10:1c:dc:0b:d5:61:fc:9c:f1:95:f1:ce:
-         47:fd:56:a0:3c:c1:4d:ca:54:cc:00:2f:3e:75:8e:17:40:14:
-         49:01:bb:a5:fb:52:0a:bf:bb:09:21:d4:a6:33:58:28:ee:33:
-         dc:fe:f8:76:c4:f4:8e:bb:67:68:97:5b:c6:7a:23:85:dd:6a:
-         8e:8c:02:05:1d:ee:e2:3d:b4:9c:bb:63:6e:31:5d:5b:8d:bd:
-         3c:17:da:c9:3a:a0:39:1f:de:8a:cc:1e:7d:72:25:3b:56:ff:
-         8b:bb:af:5a:a7:64:2c:f8:a0:c4:f2:70:57:f0:cf:38:48:7c:
-         6c:a2:6a:e2:55:f4:cf:a9:21:b7:3e:42:e1:d8:11:57:e5:40:
-         f1:66:95:df
+    Signature Algorithm: sha256WithRSAEncryption
+         51:96:a7:1c:26:5d:1c:90:c6:32:9f:96:15:f2:1d:e7:93:9c:
+         ac:75:56:95:fd:20:70:ab:45:6a:09:b0:f3:f2:03:a8:db:dc:
+         2f:bc:1f:87:7a:a3:d4:8f:d5:49:97:7e:3c:54:ac:b1:e3:f0:
+         39:0d:fe:09:9a:23:f6:32:a6:41:59:bd:60:e8:bd:de:00:36:
+         6f:3e:e9:41:6f:a9:63:c7:aa:d5:7b:f3:e4:39:48:9e:f6:60:
+         c6:c6:86:d5:72:86:23:cd:f5:6a:63:53:a4:f8:fc:51:6a:cd:
+         60:74:8e:a3:86:61:01:34:78:f7:29:97:b3:a7:34:b6:0a:de:
+         b5:71:7a:09:a6:3e:d6:82:58:89:67:9c:c5:68:62:ba:06:d6:
+         39:bb:cb:3a:c0:e0:63:1f:c7:0c:9c:12:86:ec:f7:39:6a:61:
+         93:d0:33:14:c6:55:3b:b6:cf:80:5b:8c:43:ef:43:44:0b:3c:
+         93:39:a3:4e:15:d1:0b:5f:84:98:1d:cd:9f:a9:47:eb:3b:56:
+         30:b6:76:92:c1:48:5f:bc:95:b0:50:1a:55:c8:4e:62:47:87:
+         54:64:0c:9b:91:fa:43:b3:29:48:be:e6:12:eb:e3:44:c6:52:
+         e4:40:c6:83:95:1b:a7:65:27:69:73:2f:c8:a0:4d:7f:be:ea:
+         9b:67:b2:7b
 -----BEGIN CERTIFICATE-----
-MIIEqjCCA5KgAwIBAgIJAM1s1n7G7/PbMA0GCSqGSIb3DQEBBQUAMIGUMQswCQYD
-VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEQMA4G
-A1UECgwHd29sZlNTTDEUMBIGA1UECwwLUHJvZ3JhbW1pbmcxGDAWBgNVBAMMD3d3
-dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAe
-Fw0xNTAyMDUwNjMzMzBaFw0xNzExMDEwNjMzMzBaMIGUMQswCQYDVQQGEwJVUzEQ
-MA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEQMA4GA1UECgwHd29s
-ZlNTTDEUMBIGA1UECwwLUHJvZ3JhbW1pbmcxGDAWBgNVBAMMD3d3dy53b2xmc3Ns
-LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZI
-hvcNAQEBBQADggEPADCCAQoCggEBAMMD0Sv+OaQyRTtTyIQrKnx0mr2qKlIHR9am
-NrIHMo7Quml7xsNEntSBSP0taKKLZ7uhdcg2LErSG/eLus8N+e/s8YEee5sDR5q/
-Zcx/ZSRppugUiVvkNPfFsBST9Wd7Onp44QFWVpGmE0KN0jxAnEzv0YbfN1EbDKE7
-9fGjSjXk4c6W3xt+v06X0BDoqAgwga8gC0MUxXRntDKCb42GwohAmTaDuh5AciIX
-11JlJHOwzu8Zza7/eGx7wBID1E5yDVBtO6M7o5lencjZDIWz2YrZVCbbbfqsu/8l
-TMTRefRx04ZAGBOwY7VyTjDEl4SGLVYv1xX3f8Cu9fxb5fuhutMCAwEAAaOB/DCB
-+TAdBgNVHQ4EFgQUM9hFZtdohxh+VA1wJ5HHJteFZcAwgckGA1UdIwSBwTCBvoAU
-M9hFZtdohxh+VA1wJ5HHJteFZcChgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYD
-VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRAwDgYDVQQKDAd3b2xmU1NM
-MRQwEgYDVQQLDAtQcm9ncmFtbWluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t
-MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkAzWzWfsbv89swDAYD
-VR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAfkFlc80YWi9Nq/5aPDdjgj0u
-iqICyb3uzaf3xDtHMxsQQX8ndf92eaYIFQD5ht+RssyZ+v6565NV6QHQd+DYbrPZ
-oyYGJeHpi3z+Xdc5WsL34vbeanYCGH4W0NDTCYySOKLKfqi5zAhM8FmqJTW506oc
-EBzcC9Vh/JzxlfHOR/1WoDzBTcpUzAAvPnWOF0AUSQG7pftSCr+7CSHUpjNYKO4z
-3P74dsT0jrtnaJdbxnojhd1qjowCBR3u4j20nLtjbjFdW429PBfayTqgOR/eiswe
-fXIlO1b/i7uvWqdkLPigxPJwV/DPOEh8bKJq4lX0z6khtz5C4dgRV+VA8WaV3w==
+MIIEyjCCA7KgAwIBAgIJAKons8Wpcm4NMA0GCSqGSIb3DQEBCwUAMIGeMQswCQYD
+VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEVMBMG
+A1UECgwMd29sZlNTTF8yMDQ4MRkwFwYDVQQLDBBQcm9ncmFtbWluZy0yMDQ4MRgw
+FgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29s
+ZnNzbC5jb20wHhcNMTUwNTA3MTgyMTAxWhcNMTgwMTMxMTgyMTAxWjCBnjELMAkG
+A1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFTAT
+BgNVBAoMDHdvbGZTU0xfMjA0ODEZMBcGA1UECwwQUHJvZ3JhbW1pbmctMjA0ODEY
+MBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv
+bGZzc2wuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwwPRK/45
+pDJFO1PIhCsqfHSavaoqUgdH1qY2sgcyjtC6aXvGw0Se1IFI/S1oootnu6F1yDYs
+StIb94u6zw357+zxgR57mwNHmr9lzH9lJGmm6BSJW+Q098WwFJP1Z3s6enjhAVZW
+kaYTQo3SPECcTO/Rht83URsMoTv18aNKNeThzpbfG36/TpfQEOioCDCBryALQxTF
+dGe0MoJvjYbCiECZNoO6HkByIhfXUmUkc7DO7xnNrv94bHvAEgPUTnINUG07ozuj
+mV6dyNkMhbPZitlUJttt+qy7/yVMxNF59HHThkAYE7BjtXJOMMSXhIYtVi/XFfd/
+wK71/Fvl+6G60wIDAQABo4IBBzCCAQMwHQYDVR0OBBYEFDPYRWbXaIcYflQNcCeR
+xybXhWXAMIHTBgNVHSMEgcswgciAFDPYRWbXaIcYflQNcCeRxybXhWXAoYGkpIGh
+MIGeMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96
+ZW1hbjEVMBMGA1UECgwMd29sZlNTTF8yMDQ4MRkwFwYDVQQLDBBQcm9ncmFtbWlu
+Zy0yMDQ4MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEW
+EGluZm9Ad29sZnNzbC5jb22CCQCqJ7PFqXJuDTAMBgNVHRMEBTADAQH/MA0GCSqG
+SIb3DQEBCwUAA4IBAQBRlqccJl0ckMYyn5YV8h3nk5ysdVaV/SBwq0VqCbDz8gOo
+29wvvB+HeqPUj9VJl348VKyx4/A5Df4JmiP2MqZBWb1g6L3eADZvPulBb6ljx6rV
+e/PkOUie9mDGxobVcoYjzfVqY1Ok+PxRas1gdI6jhmEBNHj3KZezpzS2Ct61cXoJ
+pj7WgliJZ5zFaGK6BtY5u8s6wOBjH8cMnBKG7Pc5amGT0DMUxlU7ts+AW4xD70NE
+CzyTOaNOFdELX4SYHc2fqUfrO1YwtnaSwUhfvJWwUBpVyE5iR4dUZAybkfpDsylI
+vuYS6+NExlLkQMaDlRunZSdpcy/IoE1/vuqbZ7J7
 -----END CERTIFICATE-----
diff --git a/certs/client-ecc-cert.der b/certs/client-ecc-cert.der
index d5231ba29ffb7c4a010269d9b45bb3d927610010..fa9a2483963e2c798bf6ac0a46e6168afb87b66e 100644
GIT binary patch
literal 780
zcmXqLV&*VtVp_j|nTe5!iId@euT|j#rOA8-Tx=X#Z64=rS(up&8hZ`74LI4DLs{5_
znL>jN`3-nM91b2f|Dx3N{5(TG10Ik7I}dAcVoqwVp|F7<h|k5t<(!k5npdLW>g;UD
zYrqW><mO><ODrxilrRtjahZAe%gf94%JXy5ii>mflJj#7<qc%nIJMe5+P?ELax#hu
zWag#iJ0K}AkQ3)MG&L|aFgLU?GBhxZ66ZCvFfcSWgmMR+dm{~m+1SCM$;1c^R%S+a
zW+w)g(EVTdT>@s=o}0b>!%^R_1=UyHsPsuTyovHzq{5t}GyB&2MW#Z|EoEZI!ltsF
zVO+WQTd9=O_q{7OnJL8|kFDRbxbdq&<0k`IHs(-SJ{B<+k=IweBeSO_+6RVjWAW{D
z>~M)${mG#55J+B`rE!-*<MsxuY8Ez5UeY*Wu!UR`Qi24fFj-+1Rs&{6#{bC4li8iY
zz=cVnq<UT5oD-Q-ySUfZpES3%so(zo^R3yhE-WwOT2e0beFc+3;neod?JK%>|C--&
aN4xNj*U_ldO@EA!oHO%Zeaylvrvm^*E92S#

literal 800
zcmXqLVwN#zVmiElnTe5!iId^+r4_%wEncBzz{$q0)#h=|mW9!vaf%_g0Vf-CC<~h~
zQ)sZEfB_$f!@<Muo1a&bn3o6>Vdr6Y%CAbzP0WLdaPhF0=jWsa2m2U`7zlxMar1Bo
z6y>KECFbU4=A|1-7>I#HnR)oj%ggmZYKx0=^pf*)4do4F**LY@JlekVGIBDC31sG_
z<vSoLFpv}HH8eFaGB7nTGd4Chh!W>DG&eLfFobdktFt2wgrPyp#K^`04r69Uc4j9A
zmeBoQ_+0{K*`Axd{lih;uLadt-l+6RHoS@QS){_8q%-^0`$eWg&MjqP$HJzvonc(L
z_gkry)AzkAH<>BLACIlyvbgb&LE}#YSvKZSSw0pq7LnIiyd$%xCfWyvZ)5T8bnI}6
zS^deN@gzuInWgcdLF2v#tZEiE&RWtqeUJuV6H+4O0eMB3h1GzWk?}uLl4bT_FmPp3
z2!8)b#M$I*!`>ICs&#LD>*-MT^|^Um%vRp1^whT3Uptr-8Lk(966xcVYuJ0xS@7=i
X*udr94|z58EgYk*9^P}YYS9M(M;PwG

diff --git a/certs/client-ecc-cert.pem b/certs/client-ecc-cert.pem
index cca49cfd7..20905154c 100644
--- a/certs/client-ecc-cert.pem
+++ b/certs/client-ecc-cert.pem
@@ -1,13 +1,13 @@
 Certificate:
     Data:
         Version: 3 (0x2)
-        Serial Number: 16416369391847057450 (0xe3d2a8fbf6a3a82a)
-    Signature Algorithm: ecdsa-with-SHA1
-        Issuer: C=US, ST=Montana, L=Bozeman, O=wolfSSL, OU=Programming, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+        Serial Number: 16108595702940209934 (0xdf8d3a71e022930e)
+    Signature Algorithm: ecdsa-with-SHA256
+        Issuer: C=US, ST=Oregon, L=Salem, O=Client ECC, OU=Fast, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
         Validity
-            Not Before: Feb  5 06:33:30 2015 GMT
-            Not After : Nov  1 06:33:30 2017 GMT
-        Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL, OU=Programming, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+            Not Before: May  7 18:21:01 2015 GMT
+            Not After : Jan 31 18:21:01 2018 GMT
+        Subject: C=US, ST=Oregon, L=Salem, O=Client ECC, OU=Fast, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: id-ecPublicKey
                 Public-Key: (256 bit)
@@ -23,32 +23,32 @@ Certificate:
                 EB:D4:4B:59:6B:95:61:3F:51:57:B6:04:4D:89:41:88:44:5C:AB:F2
             X509v3 Authority Key Identifier: 
                 keyid:EB:D4:4B:59:6B:95:61:3F:51:57:B6:04:4D:89:41:88:44:5C:AB:F2
-                DirName:/C=US/ST=Montana/L=Bozeman/O=wolfSSL/OU=Programming/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:E3:D2:A8:FB:F6:A3:A8:2A
+                DirName:/C=US/ST=Oregon/L=Salem/O=Client ECC/OU=Fast/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+                serial:DF:8D:3A:71:E0:22:93:0E
 
             X509v3 Basic Constraints: 
                 CA:TRUE
-    Signature Algorithm: ecdsa-with-SHA1
-         30:45:02:20:53:ef:f2:14:43:34:cd:80:bd:e8:ca:7b:2d:da:
-         f6:8c:88:23:4d:4c:d9:c7:16:3d:1f:42:75:ca:b6:eb:f5:88:
-         02:21:00:d7:73:f2:14:8e:09:1e:80:bd:c1:43:11:dd:a7:5d:
-         51:a7:4b:e1:0d:28:2f:38:41:5b:3a:e1:de:44:3a:84:2f
+    Signature Algorithm: ecdsa-with-SHA256
+         30:44:02:20:74:7b:ae:7e:9c:c8:69:95:8a:0b:ad:7f:c9:37:
+         3d:3c:7f:b7:ef:f3:da:9b:ea:d0:a7:76:0a:a4:77:12:f7:a8:
+         02:20:71:95:87:89:b7:a8:8b:bb:fa:9f:84:dc:2b:71:dc:4a:
+         c5:5a:65:b2:fc:33:c4:ce:36:4f:ab:c6:38:36:6c:88
 -----BEGIN CERTIFICATE-----
-MIIDHDCCAsOgAwIBAgIJAOPSqPv2o6gqMAkGByqGSM49BAEwgZQxCzAJBgNVBAYT
-AlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRAwDgYDVQQK
-DAd3b2xmU1NMMRQwEgYDVQQLDAtQcm9ncmFtbWluZzEYMBYGA1UEAwwPd3d3Lndv
-bGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE1
-MDIwNTA2MzMzMFoXDTE3MTEwMTA2MzMzMFowgZQxCzAJBgNVBAYTAlVTMRAwDgYD
-VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRAwDgYDVQQKDAd3b2xmU1NM
-MRQwEgYDVQQLDAtQcm9ncmFtbWluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t
-MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMFkwEwYHKoZIzj0CAQYI
-KoZIzj0DAQcDQgAEVb/0D0RQmj3Om7fwxU31cHvU7CSOGYDsWkyiJANiLJva76I1
-EkOEdhbGVpUGzAGpvfZ1GkL3vamyNiJfx11/tKOB/DCB+TAdBgNVHQ4EFgQU69RL
-WWuVYT9RV7YETYlBiERcq/IwgckGA1UdIwSBwTCBvoAU69RLWWuVYT9RV7YETYlB
-iERcq/KhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAw
-DgYDVQQHDAdCb3plbWFuMRAwDgYDVQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtQcm9n
-cmFtbWluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkB
-FhBpbmZvQHdvbGZzc2wuY29tggkA49Ko+/ajqCowDAYDVR0TBAUwAwEB/zAJBgcq
-hkjOPQQBA0gAMEUCIFPv8hRDNM2AvejKey3a9oyII01M2ccWPR9Cdcq26/WIAiEA
-13PyFI4JHoC9wUMR3addUadL4Q0oLzhBWzrh3kQ6hC8=
+MIIDCDCCAq+gAwIBAgIJAN+NOnHgIpMOMAoGCCqGSM49BAMCMIGNMQswCQYDVQQG
+EwJVUzEPMA0GA1UECAwGT3JlZ29uMQ4wDAYDVQQHDAVTYWxlbTETMBEGA1UECgwK
+Q2xpZW50IEVDQzENMAsGA1UECwwERmFzdDEYMBYGA1UEAwwPd3d3LndvbGZzc2wu
+Y29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE1MDUwNzE4
+MjEwMVoXDTE4MDEzMTE4MjEwMVowgY0xCzAJBgNVBAYTAlVTMQ8wDQYDVQQIDAZP
+cmVnb24xDjAMBgNVBAcMBVNhbGVtMRMwEQYDVQQKDApDbGllbnQgRUNDMQ0wCwYD
+VQQLDARGYXN0MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0B
+CQEWEGluZm9Ad29sZnNzbC5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARV
+v/QPRFCaPc6bt/DFTfVwe9TsJI4ZgOxaTKIkA2Ism9rvojUSQ4R2FsZWlQbMAam9
+9nUaQve9qbI2Il/HXX+0o4H1MIHyMB0GA1UdDgQWBBTr1EtZa5VhP1FXtgRNiUGI
+RFyr8jCBwgYDVR0jBIG6MIG3gBTr1EtZa5VhP1FXtgRNiUGIRFyr8qGBk6SBkDCB
+jTELMAkGA1UEBhMCVVMxDzANBgNVBAgMBk9yZWdvbjEOMAwGA1UEBwwFU2FsZW0x
+EzARBgNVBAoMCkNsaWVudCBFQ0MxDTALBgNVBAsMBEZhc3QxGDAWBgNVBAMMD3d3
+dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIJ
+AN+NOnHgIpMOMAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgdHuufpzI
+aZWKC61/yTc9PH+37/Pam+rQp3YKpHcS96gCIHGVh4m3qIu7+p+E3Ctx3ErFWmWy
+/DPEzjZPq8Y4NmyI
 -----END CERTIFICATE-----
diff --git a/certs/crl/cliCrl.pem b/certs/crl/cliCrl.pem
index 91d67ca73..da4e61795 100644
--- a/certs/crl/cliCrl.pem
+++ b/certs/crl/cliCrl.pem
@@ -1,39 +1,39 @@
 Certificate Revocation List (CRL):
         Version 2 (0x1)
-    Signature Algorithm: sha1WithRSAEncryption
-        Issuer: /C=US/ST=Montana/L=Bozeman/O=wolfSSL/OU=Programming/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-        Last Update: Feb  5 06:33:30 2015 GMT
-        Next Update: Nov  1 06:33:30 2017 GMT
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: /C=US/ST=Montana/L=Bozeman/O=wolfSSL_2048/OU=Programming-2048/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+        Last Update: May  7 18:21:01 2015 GMT
+        Next Update: Jan 31 18:21:01 2018 GMT
         CRL extensions:
             X509v3 CRL Number: 
                 3
 No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-         26:e3:36:93:9d:42:98:41:89:d5:9d:d7:e9:9f:e9:36:f7:93:
-         f9:c8:52:ab:d7:9d:a7:61:e6:81:63:d3:6f:d1:40:de:aa:ee:
-         71:13:da:32:a8:2f:a2:f4:54:7e:27:1e:19:11:03:82:91:f6:
-         73:e8:82:6c:89:b3:d4:41:39:84:dd:71:2d:45:a5:b9:1f:7e:
-         3d:82:1f:f6:a9:1a:7f:98:2d:1b:86:62:1c:46:20:9c:4b:e3:
-         79:ef:d9:65:50:47:51:ad:40:89:1c:2b:a9:1e:5d:57:04:ec:
-         4d:82:2a:bd:e1:10:fd:26:f2:48:5d:b5:95:ab:d1:65:a2:3a:
-         12:60:2c:d0:4e:2f:08:83:1d:8e:c2:c1:05:5e:6c:fb:b5:7b:
-         5b:6c:f2:14:4d:2e:fd:a4:e8:3d:9f:15:bf:b0:d4:00:31:49:
-         3e:ce:1d:1f:f7:7e:66:09:c5:a5:d4:13:a1:a1:2b:2d:b2:fa:
-         62:16:11:8f:5c:eb:ec:6f:5a:ad:55:bb:bd:65:75:0c:ea:5c:
-         a5:3c:8c:8a:61:ae:94:68:11:53:d8:36:f1:96:aa:7e:b9:b3:
-         90:b2:5b:50:d1:18:55:59:5a:89:7e:2e:3d:47:0f:67:08:f3:
-         be:14:72:24:6f:a9:ef:4b:a1:0a:bb:89:7b:14:11:8d:1a:f2:
-         91:46:8f:b5
+    Signature Algorithm: sha256WithRSAEncryption
+         a2:15:f0:cf:70:85:49:b9:5b:c1:af:2b:22:14:9d:ee:11:8d:
+         93:2d:58:17:d8:f6:b6:1a:1a:25:a2:27:c9:6b:4f:b3:31:c7:
+         2c:52:c4:53:59:19:ef:cf:91:ee:b5:19:28:37:49:9e:b6:e0:
+         41:62:4c:9f:f1:34:bf:88:aa:ae:24:38:8d:29:0a:64:08:a8:
+         68:f4:b5:28:73:d6:94:b9:0a:3f:7c:c1:22:72:be:14:ba:c9:
+         1b:9d:26:af:78:c2:cf:5f:ff:1e:cc:25:c0:63:f1:9b:97:85:
+         5c:c0:4d:14:ed:f9:ad:cb:02:7d:05:c7:5c:c1:7c:89:72:35:
+         49:70:a8:b1:ae:91:96:77:9a:c6:cb:38:27:88:3f:f4:c8:ba:
+         c9:08:7f:dd:a6:41:82:62:65:a0:f2:0c:36:5a:d9:15:57:5e:
+         66:c3:a2:ff:5e:4d:7c:bc:4b:7c:30:84:44:e3:06:34:a8:42:
+         3b:d9:6a:04:4a:0b:e5:59:66:63:b9:7a:80:48:68:31:1c:aa:
+         98:bc:09:0e:a7:83:5f:a7:00:f1:fb:78:bc:08:86:73:ef:53:
+         25:b8:1b:5e:7c:77:a8:12:7b:52:7f:1e:63:bc:db:60:99:46:
+         ab:e1:2e:48:d1:28:40:68:1e:9e:a0:2f:14:04:66:b3:b1:b1:
+         3b:d0:46:64
 -----BEGIN X509 CRL-----
-MIIB7jCB1wIBATANBgkqhkiG9w0BAQUFADCBlDELMAkGA1UEBhMCVVMxEDAOBgNV
-BAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xEDAOBgNVBAoMB3dvbGZTU0wx
-FDASBgNVBAsMC1Byb2dyYW1taW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20x
-HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTE1MDIwNTA2MzMzMFoX
-DTE3MTEwMTA2MzMzMFqgDjAMMAoGA1UdFAQDAgEDMA0GCSqGSIb3DQEBBQUAA4IB
-AQAm4zaTnUKYQYnVndfpn+k295P5yFKr152nYeaBY9Nv0UDequ5xE9oyqC+i9FR+
-Jx4ZEQOCkfZz6IJsibPUQTmE3XEtRaW5H349gh/2qRp/mC0bhmIcRiCcS+N579ll
-UEdRrUCJHCupHl1XBOxNgiq94RD9JvJIXbWVq9FlojoSYCzQTi8Igx2OwsEFXmz7
-tXtbbPIUTS79pOg9nxW/sNQAMUk+zh0f935mCcWl1BOhoSstsvpiFhGPXOvsb1qt
-Vbu9ZXUM6lylPIyKYa6UaBFT2Dbxlqp+ubOQsltQ0RhVWVqJfi49Rw9nCPO+FHIk
-b6nvS6EKu4l7FBGNGvKRRo+1
+MIIB+DCB4QIBATANBgkqhkiG9w0BAQsFADCBnjELMAkGA1UEBhMCVVMxEDAOBgNV
+BAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFTATBgNVBAoMDHdvbGZTU0xf
+MjA0ODEZMBcGA1UECwwQUHJvZ3JhbW1pbmctMjA0ODEYMBYGA1UEAwwPd3d3Lndv
+bGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0xNTA1
+MDcxODIxMDFaFw0xODAxMzExODIxMDFaoA4wDDAKBgNVHRQEAwIBAzANBgkqhkiG
+9w0BAQsFAAOCAQEAohXwz3CFSblbwa8rIhSd7hGNky1YF9j2thoaJaInyWtPszHH
+LFLEU1kZ78+R7rUZKDdJnrbgQWJMn/E0v4iqriQ4jSkKZAioaPS1KHPWlLkKP3zB
+InK+FLrJG50mr3jCz1//HswlwGPxm5eFXMBNFO35rcsCfQXHXMF8iXI1SXCosa6R
+lneaxss4J4g/9Mi6yQh/3aZBgmJloPIMNlrZFVdeZsOi/15NfLxLfDCEROMGNKhC
+O9lqBEoL5VlmY7l6gEhoMRyqmLwJDqeDX6cA8ft4vAiGc+9TJbgbXnx3qBJ7Un8e
+Y7zbYJlGq+EuSNEoQGgenqAvFARms7GxO9BGZA==
 -----END X509 CRL-----
diff --git a/certs/crl/crl.pem b/certs/crl/crl.pem
index 9924f6609..28311c760 100644
--- a/certs/crl/crl.pem
+++ b/certs/crl/crl.pem
@@ -1,39 +1,39 @@
 Certificate Revocation List (CRL):
         Version 2 (0x1)
-    Signature Algorithm: sha1WithRSAEncryption
+    Signature Algorithm: sha256WithRSAEncryption
         Issuer: /C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-        Last Update: Feb  5 06:33:30 2015 GMT
-        Next Update: Nov  1 06:33:30 2017 GMT
+        Last Update: May  7 18:21:01 2015 GMT
+        Next Update: Jan 31 18:21:01 2018 GMT
         CRL extensions:
             X509v3 CRL Number: 
                 1
 No Revoked Certificates.
-    Signature Algorithm: sha1WithRSAEncryption
-         1e:a6:74:ca:6e:14:eb:4f:e7:94:fb:0f:36:4c:55:39:e1:29:
-         af:33:f1:83:fa:8c:64:ef:4d:8a:f4:90:a1:dd:8d:c4:c7:13:
-         35:7e:a9:1c:ea:29:ef:5e:89:4a:38:b1:22:b4:c3:13:8a:41:
-         ed:a1:16:08:2f:17:69:b2:88:ca:21:c6:20:a3:d2:e1:33:b9:
-         68:4a:11:7f:50:58:53:18:7b:90:86:dc:2d:9a:36:5b:d2:0d:
-         28:dc:8e:8f:82:a1:6d:c9:e2:e4:a3:bb:f4:8d:12:c3:15:72:
-         d9:bd:74:98:4b:82:00:ed:96:9c:85:b1:36:45:28:48:e7:c2:
-         d0:9e:31:27:51:8b:ae:96:f3:bf:3f:4d:6c:31:6c:4b:7d:a2:
-         63:47:d7:29:80:c0:17:1d:3e:48:3e:62:ad:a0:dc:50:e7:07:
-         f1:85:b4:b4:f9:85:77:d4:60:50:9a:7c:89:8b:c2:02:1f:ec:
-         6a:ea:83:46:7d:66:c1:6d:aa:bc:a2:f9:6b:8e:74:2a:9d:96:
-         16:3a:a3:66:d6:11:7e:83:2a:99:90:9c:54:a7:d6:b4:79:57:
-         87:60:bc:6c:12:09:58:4e:89:1f:0a:82:52:67:aa:5e:f8:10:
-         0f:37:d0:75:19:10:b5:5a:36:9d:89:ce:8d:ba:c2:b7:13:b0:
-         df:43:32:97
+    Signature Algorithm: sha256WithRSAEncryption
+         96:e2:b9:11:e0:e5:25:be:ab:69:e5:fa:8a:5c:7f:fc:6f:1d:
+         8f:4a:54:70:f8:2e:87:fa:b0:f6:fd:3f:8f:9c:75:8a:eb:62:
+         cc:dd:2c:0a:8c:31:9e:30:3f:22:9b:91:50:6b:43:fd:32:8a:
+         79:ea:0b:6b:68:6c:82:9c:79:da:20:95:83:25:5e:09:fc:57:
+         2d:19:f9:bc:5a:67:95:98:65:dc:2d:91:13:2a:81:c2:6d:ff:
+         12:48:6f:a4:ce:8a:b2:d3:19:b8:c2:86:e0:ba:91:3f:bb:ec:
+         c6:79:83:50:95:19:95:28:eb:ef:ff:bb:16:8f:3c:7d:4c:d1:
+         3e:c3:82:22:8f:c5:e8:0e:b3:64:8f:5d:53:32:d5:98:64:9c:
+         36:c4:6a:cf:68:21:4f:a8:4e:90:37:76:dc:05:70:66:2d:bc:
+         a0:d8:19:5c:96:90:d6:b9:09:56:46:07:be:3c:ae:08:bb:26:
+         26:21:2c:d1:48:01:88:28:bc:21:a4:97:b7:3b:f0:7e:67:73:
+         84:cf:21:43:e7:dd:53:9d:6a:59:c3:e5:98:c9:69:71:c3:e3:
+         70:28:ba:f9:69:0a:af:78:e5:83:02:13:7e:08:70:8c:f3:8b:
+         5d:96:b0:78:b9:d9:99:c5:1e:b7:45:dc:28:32:1a:d0:50:4b:
+         f4:41:92:19
 -----BEGIN X509 CRL-----
-MIIB7jCB1wIBATANBgkqhkiG9w0BAQUFADCBlDELMAkGA1UEBhMCVVMxEDAOBgNV
+MIIB7jCB1wIBATANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMxEDAOBgNV
 BAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNhd3Rvb3Ro
 MRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20x
-HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTE1MDIwNTA2MzMzMFoX
-DTE3MTEwMTA2MzMzMFqgDjAMMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUAA4IB
-AQAepnTKbhTrT+eU+w82TFU54SmvM/GD+oxk702K9JCh3Y3ExxM1fqkc6invXolK
-OLEitMMTikHtoRYILxdpsojKIcYgo9LhM7loShF/UFhTGHuQhtwtmjZb0g0o3I6P
-gqFtyeLko7v0jRLDFXLZvXSYS4IA7ZachbE2RShI58LQnjEnUYuulvO/P01sMWxL
-faJjR9cpgMAXHT5IPmKtoNxQ5wfxhbS0+YV31GBQmnyJi8ICH+xq6oNGfWbBbaq8
-ovlrjnQqnZYWOqNm1hF+gyqZkJxUp9a0eVeHYLxsEglYTokfCoJSZ6pe+BAPN9B1
-GRC1Wjadic6NusK3E7DfQzKX
+HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTE1MDUwNzE4MjEwMVoX
+DTE4MDEzMTE4MjEwMVqgDjAMMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBCwUAA4IB
+AQCW4rkR4OUlvqtp5fqKXH/8bx2PSlRw+C6H+rD2/T+PnHWK62LM3SwKjDGeMD8i
+m5FQa0P9Mop56gtraGyCnHnaIJWDJV4J/FctGfm8WmeVmGXcLZETKoHCbf8SSG+k
+zoqy0xm4wobgupE/u+zGeYNQlRmVKOvv/7sWjzx9TNE+w4Iij8XoDrNkj11TMtWY
+ZJw2xGrPaCFPqE6QN3bcBXBmLbyg2BlclpDWuQlWRge+PK4IuyYmISzRSAGIKLwh
+pJe3O/B+Z3OEzyFD591TnWpZw+WYyWlxw+NwKLr5aQqveOWDAhN+CHCM84tdlrB4
+udmZxR63RdwoMhrQUEv0QZIZ
 -----END X509 CRL-----
diff --git a/certs/crl/crl.revoked b/certs/crl/crl.revoked
index a6d3dedb8..60152d880 100644
--- a/certs/crl/crl.revoked
+++ b/certs/crl/crl.revoked
@@ -1,41 +1,41 @@
 Certificate Revocation List (CRL):
         Version 2 (0x1)
-    Signature Algorithm: sha1WithRSAEncryption
+    Signature Algorithm: sha256WithRSAEncryption
         Issuer: /C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-        Last Update: Feb  5 06:33:30 2015 GMT
-        Next Update: Nov  1 06:33:30 2017 GMT
+        Last Update: May  7 18:21:01 2015 GMT
+        Next Update: Jan 31 18:21:01 2018 GMT
         CRL extensions:
             X509v3 CRL Number: 
                 2
 Revoked Certificates:
     Serial Number: 01
-        Revocation Date: Feb  5 06:33:30 2015 GMT
-    Signature Algorithm: sha1WithRSAEncryption
-         ae:3b:8e:88:bb:a6:9b:93:1a:41:91:73:b9:97:1c:f8:f4:a0:
-         a6:1c:58:24:52:15:d9:b5:14:35:8d:b6:e9:be:1c:01:e0:24:
-         ff:ec:2c:71:cc:a4:78:60:a6:eb:e2:5d:41:67:e1:21:d4:e8:
-         a8:f5:26:c6:69:25:38:c7:87:3f:6a:78:b5:16:14:d2:3f:17:
-         f1:aa:8d:41:5b:ba:8e:f5:49:e9:e9:d8:93:6f:0a:d2:fe:f6:
-         7e:20:f4:76:8c:db:54:ef:42:16:91:75:27:2a:2d:0b:5e:aa:
-         f7:97:6c:6a:7d:37:e5:c8:31:aa:6b:bf:77:45:2a:01:67:91:
-         73:e0:7a:d8:b4:a1:e6:08:e0:2c:4a:8d:a6:b3:eb:c6:24:2a:
-         1f:d2:e2:1b:03:d4:0a:19:07:c0:dc:e3:c3:13:a7:48:66:fc:
-         da:09:ea:40:29:11:9e:e1:48:46:46:2f:05:87:d2:cb:ac:8d:
-         a5:43:1a:ef:2d:56:de:da:1e:34:9a:09:13:79:f7:95:ec:5b:
-         aa:28:ad:1e:b1:0e:e7:71:d9:12:45:a3:2c:df:17:52:37:34:
-         5d:0b:c0:d5:df:2c:40:d6:e4:4f:a7:07:bd:a4:9c:f9:a7:f8:
-         bb:1e:bb:93:57:fc:20:57:0c:cc:99:5a:75:8c:83:3f:ba:97:
-         96:1c:0e:67
+        Revocation Date: May  7 18:21:01 2015 GMT
+    Signature Algorithm: sha256WithRSAEncryption
+         b7:34:2b:1c:09:6b:a2:9c:12:4f:fd:ef:69:4c:a4:1d:f2:39:
+         52:29:98:78:b2:86:ea:54:9b:29:e5:c2:88:0e:2f:f9:d2:5b:
+         9d:49:37:68:26:6c:45:61:d4:9d:05:ef:2d:ca:78:0a:d0:28:
+         c1:25:f2:f7:6a:ad:df:1d:eb:8a:66:64:4d:0c:02:91:fb:ff:
+         70:b4:36:b6:e4:79:17:d5:18:6a:72:17:e1:8b:31:49:04:98:
+         96:88:42:ea:8c:fe:91:40:5a:c5:ad:3b:da:9a:47:43:d6:e9:
+         f6:59:75:49:91:a9:e4:8b:c8:03:60:6b:36:69:87:71:f1:5b:
+         92:00:51:bb:fe:d5:4f:0d:0e:f2:56:38:e3:b6:cb:76:11:7b:
+         17:ad:a5:da:37:87:f2:49:af:73:42:56:ed:6c:a1:8d:46:5c:
+         dd:00:a7:8f:1f:5a:dd:d7:87:89:43:30:32:fe:e2:d4:b1:29:
+         12:11:ef:22:0d:8f:7f:c5:33:3b:a9:a7:52:0c:25:b8:0c:e6:
+         8a:8b:68:8f:55:84:65:04:c7:44:48:36:02:4d:4e:43:09:1d:
+         1f:3b:f9:4a:0e:ff:59:42:ca:be:0e:a7:79:89:19:31:73:5a:
+         45:6c:70:56:4d:1b:8a:59:c4:6d:ca:bc:f7:41:c4:f6:f0:fd:
+         9c:7e:f1:7e
 -----BEGIN X509 CRL-----
-MIICBDCB7QIBATANBgkqhkiG9w0BAQUFADCBlDELMAkGA1UEBhMCVVMxEDAOBgNV
+MIICBDCB7QIBATANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMxEDAOBgNV
 BAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNhd3Rvb3Ro
 MRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20x
-HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTE1MDIwNTA2MzMzMFoX
-DTE3MTEwMTA2MzMzMFowFDASAgEBFw0xNTAyMDUwNjMzMzBaoA4wDDAKBgNVHRQE
-AwIBAjANBgkqhkiG9w0BAQUFAAOCAQEArjuOiLumm5MaQZFzuZcc+PSgphxYJFIV
-2bUUNY226b4cAeAk/+wsccykeGCm6+JdQWfhIdToqPUmxmklOMeHP2p4tRYU0j8X
-8aqNQVu6jvVJ6enYk28K0v72fiD0dozbVO9CFpF1JyotC16q95dsan035cgxqmu/
-d0UqAWeRc+B62LSh5gjgLEqNprPrxiQqH9LiGwPUChkHwNzjwxOnSGb82gnqQCkR
-nuFIRkYvBYfSy6yNpUMa7y1W3toeNJoJE3n3lexbqiitHrEO53HZEkWjLN8XUjc0
-XQvA1d8sQNbkT6cHvaSc+af4ux67k1f8IFcMzJladYyDP7qXlhwOZw==
+HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTE1MDUwNzE4MjEwMVoX
+DTE4MDEzMTE4MjEwMVowFDASAgEBFw0xNTA1MDcxODIxMDFaoA4wDDAKBgNVHRQE
+AwIBAjANBgkqhkiG9w0BAQsFAAOCAQEAtzQrHAlropwST/3vaUykHfI5UimYeLKG
+6lSbKeXCiA4v+dJbnUk3aCZsRWHUnQXvLcp4CtAowSXy92qt3x3rimZkTQwCkfv/
+cLQ2tuR5F9UYanIX4YsxSQSYlohC6oz+kUBaxa072ppHQ9bp9ll1SZGp5IvIA2Br
+NmmHcfFbkgBRu/7VTw0O8lY447bLdhF7F62l2jeH8kmvc0JW7WyhjUZc3QCnjx9a
+3deHiUMwMv7i1LEpEhHvIg2Pf8UzO6mnUgwluAzmiotoj1WEZQTHREg2Ak1OQwkd
+Hzv5Sg7/WULKvg6neYkZMXNaRWxwVk0bilnEbcq890HE9vD9nH7xfg==
 -----END X509 CRL-----
diff --git a/certs/crl/eccCliCRL.pem b/certs/crl/eccCliCRL.pem
index 5f8c3ef08..2e00a3729 100644
--- a/certs/crl/eccCliCRL.pem
+++ b/certs/crl/eccCliCRL.pem
@@ -1,24 +1,24 @@
 Certificate Revocation List (CRL):
         Version 2 (0x1)
-    Signature Algorithm: ecdsa-with-SHA1
-        Issuer: /C=US/ST=Montana/L=Bozeman/O=wolfSSL/OU=Programming/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-        Last Update: Feb  5 06:33:30 2015 GMT
-        Next Update: Nov  1 06:33:30 2017 GMT
+    Signature Algorithm: ecdsa-with-SHA256
+        Issuer: /C=US/ST=Oregon/L=Salem/O=Client ECC/OU=Fast/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+        Last Update: May  7 18:21:01 2015 GMT
+        Next Update: Jan 31 18:21:01 2018 GMT
         CRL extensions:
             X509v3 CRL Number: 
                 4
 No Revoked Certificates.
-    Signature Algorithm: ecdsa-with-SHA1
-         30:45:02:20:4d:27:ef:a6:92:28:ad:20:13:b2:ad:67:78:bc:
-         04:b2:e6:35:0e:a5:33:64:14:a6:09:6d:06:4c:35:6c:96:a5:
-         02:21:00:c5:d1:ab:c2:d2:2d:be:26:24:9f:c4:66:67:ca:00:
-         68:3c:33:31:52:77:ee:36:d9:82:90:e5:2c:8d:e7:b0:e1
+    Signature Algorithm: ecdsa-with-SHA256
+         30:44:02:20:62:9b:53:ee:21:52:bc:61:e8:ec:7b:f8:28:35:
+         43:98:b8:57:9c:c7:73:cc:a0:45:e8:b9:96:2e:1c:c6:62:ff:
+         02:20:2b:64:b8:3a:30:2c:15:7f:cf:57:99:60:9d:51:82:82:
+         ef:b6:13:cc:86:93:a2:19:41:12:a0:ec:7e:1e:07:09
 -----BEGIN X509 CRL-----
-MIIBKzCB0wIBATAJBgcqhkjOPQQBMIGUMQswCQYDVQQGEwJVUzEQMA4GA1UECAwH
-TW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEQMA4GA1UECgwHd29sZlNTTDEUMBIG
-A1UECwwLUHJvZ3JhbW1pbmcxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0G
-CSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbRcNMTUwMjA1MDYzMzMwWhcNMTcx
-MTAxMDYzMzMwWqAOMAwwCgYDVR0UBAMCAQQwCQYHKoZIzj0EAQNIADBFAiBNJ++m
-kiitIBOyrWd4vASy5jUOpTNkFKYJbQZMNWyWpQIhAMXRq8LSLb4mJJ/EZmfKAGg8
-MzFSd+422YKQ5SyN57Dh
+MIIBJTCBzQIBATAKBggqhkjOPQQDAjCBjTELMAkGA1UEBhMCVVMxDzANBgNVBAgM
+Bk9yZWdvbjEOMAwGA1UEBwwFU2FsZW0xEzARBgNVBAoMCkNsaWVudCBFQ0MxDTAL
+BgNVBAsMBEZhc3QxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3
+DQEJARYQaW5mb0B3b2xmc3NsLmNvbRcNMTUwNTA3MTgyMTAxWhcNMTgwMTMxMTgy
+MTAxWqAOMAwwCgYDVR0UBAMCAQQwCgYIKoZIzj0EAwIDRwAwRAIgYptT7iFSvGHo
+7Hv4KDVDmLhXnMdzzKBF6LmWLhzGYv8CICtkuDowLBV/z1eZYJ1RgoLvthPMhpOi
+GUESoOx+HgcJ
 -----END X509 CRL-----
diff --git a/certs/crl/eccSrvCRL.pem b/certs/crl/eccSrvCRL.pem
index f573d35a3..0746599f3 100644
--- a/certs/crl/eccSrvCRL.pem
+++ b/certs/crl/eccSrvCRL.pem
@@ -1,24 +1,24 @@
 Certificate Revocation List (CRL):
         Version 2 (0x1)
-    Signature Algorithm: ecdsa-with-SHA1
-        Issuer: /C=US/ST=Montana/L=Bozeman/O=wolfSSL/OU=Programming/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-        Last Update: Feb  5 06:33:30 2015 GMT
-        Next Update: Nov  1 06:33:30 2017 GMT
+    Signature Algorithm: ecdsa-with-SHA256
+        Issuer: /C=US/ST=Washington/L=Seattle/O=Eliptic/OU=ECC/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+        Last Update: May  7 18:21:01 2015 GMT
+        Next Update: Jan 31 18:21:01 2018 GMT
         CRL extensions:
             X509v3 CRL Number: 
                 5
 No Revoked Certificates.
-    Signature Algorithm: ecdsa-with-SHA1
-         30:44:02:20:01:00:6d:c3:b8:f8:2c:bb:84:4e:76:22:4e:af:
-         51:d5:b3:21:6f:0f:d1:df:a7:6a:ee:7d:6d:f2:9c:23:ef:7f:
-         02:20:13:79:14:7f:e3:c2:49:55:83:66:61:25:83:35:3a:a4:
-         05:92:26:be:6d:81:29:3a:54:63:60:f0:82:2d:36:e7
+    Signature Algorithm: ecdsa-with-SHA256
+         30:45:02:20:0d:fe:b7:79:fb:66:6c:cb:36:0a:1a:f3:6d:73:
+         ea:68:ab:fc:46:7e:49:bd:15:2a:9f:a1:17:50:56:82:cf:1f:
+         02:21:00:ff:13:85:80:29:a4:60:54:10:93:fb:20:13:b8:9c:
+         25:48:53:5e:4b:33:ef:5c:aa:9e:98:74:e0:c8:c3:ef:df
 -----BEGIN X509 CRL-----
-MIIBKjCB0wIBATAJBgcqhkjOPQQBMIGUMQswCQYDVQQGEwJVUzEQMA4GA1UECAwH
-TW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEQMA4GA1UECgwHd29sZlNTTDEUMBIG
-A1UECwwLUHJvZ3JhbW1pbmcxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0G
-CSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbRcNMTUwMjA1MDYzMzMwWhcNMTcx
-MTAxMDYzMzMwWqAOMAwwCgYDVR0UBAMCAQUwCQYHKoZIzj0EAQNHADBEAiABAG3D
-uPgsu4ROdiJOr1HVsyFvD9Hfp2rufW3ynCPvfwIgE3kUf+PCSVWDZmElgzU6pAWS
-Jr5tgSk6VGNg8IItNuc=
+MIIBKDCBzwIBATAKBggqhkjOPQQDAjCBjzELMAkGA1UEBhMCVVMxEzARBgNVBAgM
+Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB0VsaXB0aWMx
+DDAKBgNVBAsMA0VDQzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZI
+hvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0xNTA1MDcxODIxMDFaFw0xODAxMzEx
+ODIxMDFaoA4wDDAKBgNVHRQEAwIBBTAKBggqhkjOPQQDAgNIADBFAiAN/rd5+2Zs
+yzYKGvNtc+poq/xGfkm9FSqfoRdQVoLPHwIhAP8ThYAppGBUEJP7IBO4nCVIU15L
+M+9cqp6YdODIw+/f
 -----END X509 CRL-----
diff --git a/certs/renewcerts.sh b/certs/renewcerts.sh
index 5bcce22a9..a048b631d 100755
--- a/certs/renewcerts.sh
+++ b/certs/renewcerts.sh
@@ -46,7 +46,7 @@ function run_renewcerts(){
     echo "Updating 2048-bit client-cert.pem"
     echo ""
     #pipe the following arguments to openssl req...
-    echo -e "US\nMontana\nBozeman\nwolfSSL\nProgramming\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key client-key.pem -nodes -out client-cert.csr
+    echo -e "US\nMontana\nBozeman\nwolfSSL_2048\nProgramming-2048\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key client-key.pem -nodes -out client-cert.csr
 
 
     openssl x509 -req -in client-cert.csr -days 1000 -extfile wolfssl.cnf -extensions wolfssl_opts -signkey client-key.pem -out client-cert.pem
@@ -60,7 +60,7 @@ function run_renewcerts(){
     echo "Updating 1024-bit client-cert.pem"
     echo ""
     #pipe the following arguments to openssl req...
-    echo -e "US\nMontana\nBozeman\nwolfSSL\nProgramming\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key \1024/client-key.pem -nodes -out \1024/client-cert.csr
+    echo -e "US\nMontana\nBozeman\nwolfSSL_1024\nProgramming-1024\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key \1024/client-key.pem -nodes -out \1024/client-cert.csr
 
 
     openssl x509 -req -in \1024/client-cert.csr -days 1000 -extfile wolfssl.cnf -extensions wolfssl_opts -signkey \1024/client-key.pem -out \1024/client-cert.pem
@@ -117,7 +117,7 @@ function run_renewcerts(){
     echo "Updating client-ecc-cert.pem"
     echo ""
     #pipe the following arguments to openssl req...
-    echo -e "US\nMontana\nBozeman\nwolfSSL\nProgramming\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key ecc-client-key.pem -nodes -out client-ecc-cert.csr
+    echo -e "US\nOregon\nSalem\nClient ECC\nFast\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key ecc-client-key.pem -nodes -out client-ecc-cert.csr
 
 
     openssl x509 -req -in client-ecc-cert.csr -days 1000 -extfile wolfssl.cnf -extensions wolfssl_opts -signkey ecc-client-key.pem -out client-ecc-cert.pem
@@ -132,7 +132,7 @@ function run_renewcerts(){
     echo "Updating server-ecc.pem"
     echo ""
     #pipe the following arguments to openssl req...
-    echo -e "US\nOregon\nPortland\nEliptic\nECC\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key ecc-key.pem -nodes -out server-ecc.csr
+    echo -e "US\nWashington\nSeattle\nEliptic\nECC\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key ecc-key.pem -nodes -out server-ecc.csr
 
 
     openssl x509 -req -in server-ecc.csr -days 1000 -extfile wolfssl.cnf -extensions wolfssl_opts -signkey ecc-key.pem -out server-ecc.pem
@@ -146,7 +146,7 @@ function run_renewcerts(){
     echo "Updating server-ecc-comp.pem"
     echo ""
     #pipe the following arguments to openssl req...
-    echo -e "US\nMontana\nBozeman\nwolfSSL\nProgramming\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key ecc-key-comp.pem -nodes -out server-ecc-comp.csr
+    echo -e "US\nMontana\nBozeman\nElliptic - comp\nServer ECC-comp\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key ecc-key-comp.pem -nodes -out server-ecc-comp.csr
 
 
     openssl x509 -req -in server-ecc-comp.csr -days 1000 -extfile wolfssl.cnf -extensions wolfssl_opts -signkey ecc-key-comp.pem -out server-ecc-comp.pem
diff --git a/certs/server-cert.der b/certs/server-cert.der
index 6d18c29b87099f0674ba555d4fd26e281989d72b..0c936a241e174dc782f39758850bd3e80c0e7e1e 100644
GIT binary patch
delta 329
zcmZ3)xrlRu3?uhM*#$DD2IhtqMurB4QR2LY76yjKhET3S<Ali%nT$4bGv+dJ+-$Hq
zeCf+A^T`d&QuW-d49rc8j11`qbXGdMKNl1!Uw7ulgKXudiODZk@G2fX;XYme>gTrK
zIp<V=)>NFZQp)%wCU@zQy$VbFr|k!ml6M{bweFHaqtqpyb!yqt+5(p!&hksinSR@B
zMgI@h<o&yNJGk53PCiL_e0}c@-Kz%=AGsZxac6Or!_Jl8SiF?Z*Uu=Ed9wI_rR22m
zWcK`TM&)7wvmcvCTzS3k@3#EM$G^4iUt_d(M)*GANiG6QKd*a~cFSeultTLp`U;Wl
zPof;&U3$WEPIby1{(lw^9D__^b|1cdFuv??ET2)P_FTrd0n+~ED_7nqG&rrNQ^2sg
k!uz`DP4OQoo4#A!ddS_)_0Vr47qgqlsVR?L%CAQP0KT`FApigX

delta 329
zcmZ3)xrlRu3?u7A*#$C22BrpP#>U15QR2LY=7xp_hET3S<Ali%nT$4bGv+dJ{HnE>
zRs35>a&iN+R6Q#z19KB2BZD8G&b`&UU(Q>d%70?ktyAlkx7&-dy{lE~=-bfoXUCRI
z%l)T3Q%e~qw05uO_;_xO-dY2bhKTZadv?z*IW%YD*2#}P8aMCYuH%W|*PD3Zckq{t
z>t-sgZ>}jv_tjaKWi3oNpt)3U_e-X|dzNOOw*9;Ga#~ASgj*G7z2VlK&bv*8<&6}l
z9N~B_wp#Pn{@#lQD;K<9cI(%N0LA>5=F8fXyJ|8@RvTN&zq)u%r+({eufRFGwjNS=
z8h@ogV`T%!>t4HezYE=`Y3UxX<Xir8mrCXDrTRx-PuwICpL<Z^M#fa3GZ{ZGvbAmW
j*bv3Al|?VWe2@Ou@JpWJ&awJjDU8-xoG!~A$*}+c<KvS?

diff --git a/certs/server-cert.pem b/certs/server-cert.pem
index 2f0e93d4d..95df724e7 100644
--- a/certs/server-cert.pem
+++ b/certs/server-cert.pem
@@ -2,11 +2,11 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number: 1 (0x1)
-    Signature Algorithm: sha1WithRSAEncryption
+    Signature Algorithm: sha256WithRSAEncryption
         Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
         Validity
-            Not Before: Feb  5 06:33:30 2015 GMT
-            Not After : Nov  1 06:33:30 2017 GMT
+            Not Before: May  7 18:21:01 2015 GMT
+            Not After : Jan 31 18:21:01 2018 GMT
         Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL, OU=Support, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
@@ -37,32 +37,32 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:FA:7D:38:9A:73:FB:12:19
+                serial:D9:80:3A:C3:D2:F4:DA:37
 
             X509v3 Basic Constraints: 
                 CA:TRUE
-    Signature Algorithm: sha1WithRSAEncryption
-         4e:0e:2c:de:ab:bb:e9:9e:ab:65:0f:c8:9a:da:ca:ae:a7:87:
-         3f:15:06:ee:7d:22:88:8e:b0:88:fc:b8:b4:69:39:bf:ca:49:
-         65:75:01:90:85:8b:af:08:f1:ce:ac:2e:ad:30:34:80:58:77:
-         ee:bc:bb:9b:74:c2:9c:91:b5:93:e2:f1:33:83:b8:0b:7e:0c:
-         58:0f:2e:91:d0:fb:53:f4:68:d7:36:24:85:ec:d6:23:5b:8e:
-         7e:3b:76:6a:a1:60:c0:29:a5:2e:bb:e9:02:bd:bc:a5:6b:cb:
-         3d:fd:a5:d3:66:84:76:58:46:7a:09:31:b5:b9:43:bb:35:13:
-         1f:32:21:94:c4:08:e7:16:ab:29:da:bf:8d:d1:30:a9:a0:ef:
-         a6:da:fa:f0:50:21:6f:e9:37:a6:87:63:8a:7c:68:74:ab:33:
-         39:1f:ea:d1:ce:2c:7f:b5:eb:4a:51:9c:ba:b5:c2:20:e5:5f:
-         d4:70:28:a9:80:08:eb:8d:3e:ee:fb:71:47:96:2a:2d:c7:79:
-         0e:a7:f9:ba:24:79:fb:a5:2f:c5:eb:91:b2:18:5f:6d:c1:18:
-         d8:68:95:12:cc:68:f9:d1:06:86:b1:48:b0:5a:00:b5:04:2e:
-         50:37:bc:2f:f5:57:d2:49:17:43:5d:2f:64:01:3b:6a:09:44:
-         a6:e2:1e:04
+    Signature Algorithm: sha256WithRSAEncryption
+         67:c0:2c:a9:43:47:e7:11:14:77:ae:cc:d8:e0:6b:23:82:91:
+         63:e8:a8:0d:21:c5:c8:47:97:2f:d5:f3:86:fb:6c:ce:25:f9:
+         7c:78:c8:3a:22:68:f2:16:1e:d2:d2:3f:24:04:87:f2:b7:c1:
+         62:63:ba:c5:fa:ae:d2:20:81:1a:d2:0c:ae:26:6b:1b:2b:10:
+         d3:e1:9a:4e:64:6c:97:db:36:a8:8f:f8:05:63:bf:ba:0d:88:
+         0b:87:46:c9:e4:64:e3:d7:bd:b8:2d:d5:c1:c3:c4:db:55:68:
+         dc:a3:7a:40:b9:a9:f6:04:4a:22:cf:98:76:1c:e4:a3:ff:79:
+         19:96:57:63:07:6f:f6:32:77:16:50:9b:e3:34:18:d4:eb:be:
+         fd:b6:6f:e3:c7:f6:85:bf:ac:32:ad:98:57:be:13:92:44:10:
+         a5:f3:ae:e2:66:da:44:a9:94:71:3f:d0:2f:20:59:87:e4:5a:
+         40:ee:d2:e4:0c:ce:25:94:dc:0f:fe:38:e0:41:52:34:5c:bb:
+         c3:db:c1:5f:76:c3:5d:0e:32:69:2b:9d:01:ed:50:1b:4f:77:
+         a9:a9:d8:71:30:cb:2e:2c:70:00:ab:78:4b:d7:15:d9:17:f8:
+         64:b2:f7:3a:da:e1:0b:8b:0a:e1:4e:b1:03:46:14:ca:94:e3:
+         44:77:d7:59
 -----BEGIN CERTIFICATE-----
-MIIEnjCCA4agAwIBAgIBATANBgkqhkiG9w0BAQUFADCBlDELMAkGA1UEBhMCVVMx
+MIIEnjCCA4agAwIBAgIBATANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx
 EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh
 d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz
-bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUwMjA1
-MDYzMzMwWhcNMTcxMTAxMDYzMzMwWjCBkDELMAkGA1UEBhMCVVMxEDAOBgNVBAgM
+bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUwNTA3
+MTgyMTAxWhcNMTgwMTMxMTgyMTAxWjCBkDELMAkGA1UEBhMCVVMxEDAOBgNVBAgM
 B01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xEDAOBgNVBAoMB3dvbGZTU0wxEDAO
 BgNVBAsMB1N1cHBvcnQxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqG
 SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
@@ -76,23 +76,23 @@ sxEyyZKYhOLJ+NA7bgNCyh8OjjwwgckGA1UdIwSBwTCBvoAUJ45nEXTDJh0/7TNj
 s6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5h
 MRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290aDETMBEGA1UECwwK
 Q29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcN
-AQkBFhBpbmZvQHdvbGZzc2wuY29tggkA+n04mnP7EhkwDAYDVR0TBAUwAwEB/zAN
-BgkqhkiG9w0BAQUFAAOCAQEATg4s3qu76Z6rZQ/ImtrKrqeHPxUG7n0iiI6wiPy4
-tGk5v8pJZXUBkIWLrwjxzqwurTA0gFh37ry7m3TCnJG1k+LxM4O4C34MWA8ukdD7
-U/Ro1zYkhezWI1uOfjt2aqFgwCmlLrvpAr28pWvLPf2l02aEdlhGegkxtblDuzUT
-HzIhlMQI5xarKdq/jdEwqaDvptr68FAhb+k3podjinxodKszOR/q0c4sf7XrSlGc
-urXCIOVf1HAoqYAI640+7vtxR5YqLcd5Dqf5uiR5+6UvxeuRshhfbcEY2GiVEsxo
-+dEGhrFIsFoAtQQuUDe8L/VX0kkXQ10vZAE7aglEpuIeBA==
+AQkBFhBpbmZvQHdvbGZzc2wuY29tggkA2YA6w9L02jcwDAYDVR0TBAUwAwEB/zAN
+BgkqhkiG9w0BAQsFAAOCAQEAZ8AsqUNH5xEUd67M2OBrI4KRY+ioDSHFyEeXL9Xz
+hvtsziX5fHjIOiJo8hYe0tI/JASH8rfBYmO6xfqu0iCBGtIMriZrGysQ0+GaTmRs
+l9s2qI/4BWO/ug2IC4dGyeRk49e9uC3VwcPE21Vo3KN6QLmp9gRKIs+Ydhzko/95
+GZZXYwdv9jJ3FlCb4zQY1Ou+/bZv48f2hb+sMq2YV74TkkQQpfOu4mbaRKmUcT/Q
+LyBZh+RaQO7S5AzOJZTcD/444EFSNFy7w9vBX3bDXQ4yaSudAe1QG093qanYcTDL
+LixwAKt4S9cV2Rf4ZLL3OtrhC4sK4U6xA0YUypTjRHfXWQ==
 -----END CERTIFICATE-----
 Certificate:
     Data:
         Version: 3 (0x2)
-        Serial Number: 18049645117592769049 (0xfa7d389a73fb1219)
-    Signature Algorithm: sha1WithRSAEncryption
+        Serial Number: 15672591315981621815 (0xd9803ac3d2f4da37)
+    Signature Algorithm: sha256WithRSAEncryption
         Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
         Validity
-            Not Before: Feb  5 06:33:30 2015 GMT
-            Not After : Nov  1 06:33:30 2017 GMT
+            Not Before: May  7 18:21:01 2015 GMT
+            Not After : Jan 31 18:21:01 2018 GMT
         Subject: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
@@ -123,32 +123,32 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:FA:7D:38:9A:73:FB:12:19
+                serial:D9:80:3A:C3:D2:F4:DA:37
 
             X509v3 Basic Constraints: 
                 CA:TRUE
-    Signature Algorithm: sha1WithRSAEncryption
-         2c:02:0c:de:b2:46:a1:d8:59:0f:08:69:ad:d2:52:2e:ee:55:
-         78:bd:bb:71:d2:d7:b7:fe:7b:0f:8a:bc:6a:25:fd:d4:6d:1d:
-         ab:00:e2:9d:d6:98:21:11:a4:41:e0:0d:4b:a4:38:7f:2e:0c:
-         d6:80:dc:30:d7:cf:19:1b:43:2f:e7:b3:99:74:9c:b4:01:69:
-         b1:c3:9b:9f:4a:89:2f:60:38:cb:7c:a1:78:93:38:5c:a8:ca:
-         46:0d:23:2d:99:a3:cf:0a:49:38:eb:07:06:57:cd:4a:55:35:
-         04:08:36:30:ca:75:69:4b:9a:84:08:c9:23:78:a9:f0:80:ce:
-         8a:25:bb:31:07:0e:11:e6:4a:95:8c:53:df:85:d9:48:45:cb:
-         5a:ef:de:92:c2:88:0e:da:ff:31:6b:4e:52:53:5f:f3:a8:3a:
-         42:f8:e1:0d:0a:c0:84:af:ec:21:b3:a7:98:b0:c8:6b:77:04:
-         ef:f5:06:a5:51:3b:20:6f:bf:55:80:8c:cf:d4:78:ee:a2:d9:
-         e3:52:34:9a:17:3d:87:10:4d:23:21:38:9b:35:f7:18:ac:34:
-         bd:18:ae:a4:e2:32:2f:5d:a4:41:4c:bc:aa:88:b7:9e:45:14:
-         92:e9:e8:ee:fc:1d:28:f5:59:fd:de:bd:3d:73:dd:b4:9f:2e:
-         77:c0:75:41
+    Signature Algorithm: sha256WithRSAEncryption
+         7a:af:44:3b:aa:6f:53:42:b2:33:aa:43:5f:56:30:d3:b9:96:
+         0b:9a:55:5a:39:2a:0b:4e:e4:2e:f1:95:66:c9:86:36:82:8d:
+         63:7c:4d:a2:ee:48:ba:03:c7:90:d7:a7:c6:74:60:48:5f:31:
+         a2:f9:5e:3e:c3:82:e1:e5:2f:41:81:83:29:25:79:d1:53:00:
+         69:3c:ed:0a:30:3b:41:1d:92:a1:2c:a8:9d:2c:e3:23:87:79:
+         e0:55:6e:91:a8:50:da:46:2f:c2:20:50:3e:2b:47:97:14:b0:
+         7d:04:ba:45:51:d0:6e:e1:5a:a2:4b:84:9c:4d:cd:85:04:f9:
+         28:31:82:93:bc:c7:59:49:91:03:e8:df:6a:e4:56:ad:6a:cb:
+         1f:0d:37:e4:5e:bd:e7:9f:d5:ec:9d:3c:18:25:9b:f1:2f:50:
+         7d:eb:31:cb:f1:63:22:9d:57:fc:f3:84:20:1a:c6:07:87:92:
+         26:9e:15:18:59:33:06:dc:fb:b0:b6:76:5d:f1:c1:2f:c8:2f:
+         62:9c:c0:d6:de:eb:65:77:f3:5c:a6:c3:88:27:96:75:b4:f4:
+         54:cd:ff:2d:21:2e:96:f0:07:73:4b:e9:93:92:90:de:62:d9:
+         a3:3b:ac:6e:24:5f:27:4a:b3:94:70:ff:30:17:e7:7e:32:8f:
+         65:b7:75:58
 -----BEGIN CERTIFICATE-----
-MIIEqjCCA5KgAwIBAgIJAPp9OJpz+xIZMA0GCSqGSIb3DQEBBQUAMIGUMQswCQYD
+MIIEqjCCA5KgAwIBAgIJANmAOsPS9No3MA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD
 VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G
 A1UECgwIU2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3
 dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAe
-Fw0xNTAyMDUwNjMzMzBaFw0xNzExMDEwNjMzMzBaMIGUMQswCQYDVQQGEwJVUzEQ
+Fw0xNTA1MDcxODIxMDFaFw0xODAxMzExODIxMDFaMIGUMQswCQYDVQQGEwJVUzEQ
 MA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3
 dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3Ns
 LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZI
@@ -162,11 +162,11 @@ XDjNdyXvvYB1U5Q8PcpjW58VtdMdEy8Z0TzbdjrMuH3J5cLX2kBv2CHccxtCLVOc
 J45nEXTDJh0/7TNjs6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYD
 VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290
 aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t
-MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkA+n04mnP7EhkwDAYD
-VR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEALAIM3rJGodhZDwhprdJSLu5V
-eL27cdLXt/57D4q8aiX91G0dqwDindaYIRGkQeANS6Q4fy4M1oDcMNfPGRtDL+ez
-mXSctAFpscObn0qJL2A4y3yheJM4XKjKRg0jLZmjzwpJOOsHBlfNSlU1BAg2MMp1
-aUuahAjJI3ip8IDOiiW7MQcOEeZKlYxT34XZSEXLWu/eksKIDtr/MWtOUlNf86g6
-QvjhDQrAhK/sIbOnmLDIa3cE7/UGpVE7IG+/VYCMz9R47qLZ41I0mhc9hxBNIyE4
-mzX3GKw0vRiupOIyL12kQUy8qoi3nkUUkuno7vwdKPVZ/d69PXPdtJ8ud8B1QQ==
+MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkA2YA6w9L02jcwDAYD
+VR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAeq9EO6pvU0KyM6pDX1Yw07mW
+C5pVWjkqC07kLvGVZsmGNoKNY3xNou5IugPHkNenxnRgSF8xovlePsOC4eUvQYGD
+KSV50VMAaTztCjA7QR2SoSyonSzjI4d54FVukahQ2kYvwiBQPitHlxSwfQS6RVHQ
+buFaokuEnE3NhQT5KDGCk7zHWUmRA+jfauRWrWrLHw035F6955/V7J08GCWb8S9Q
+fesxy/FjIp1X/POEIBrGB4eSJp4VGFkzBtz7sLZ2XfHBL8gvYpzA1t7rZXfzXKbD
+iCeWdbT0VM3/LSEulvAHc0vpk5KQ3mLZozusbiRfJ0qzlHD/MBfnfjKPZbd1WA==
 -----END CERTIFICATE-----
diff --git a/certs/server-ecc-comp.pem b/certs/server-ecc-comp.pem
index a00126466..50b74f85b 100644
--- a/certs/server-ecc-comp.pem
+++ b/certs/server-ecc-comp.pem
@@ -1,13 +1,13 @@
 Certificate:
     Data:
         Version: 3 (0x2)
-        Serial Number: 16258826233447050485 (0xe1a2f450fd69ecf5)
-    Signature Algorithm: ecdsa-with-SHA1
-        Issuer: C=US, ST=Montana, L=Bozeman, O=wolfSSL, OU=Programming, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+        Serial Number: 17764616133298603308 (0xf6889840946fc52c)
+    Signature Algorithm: ecdsa-with-SHA256
+        Issuer: C=US, ST=Montana, L=Bozeman, O=Elliptic - comp, OU=Server ECC-comp, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
         Validity
-            Not Before: Feb  5 06:33:30 2015 GMT
-            Not After : Nov  1 06:33:30 2017 GMT
-        Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL, OU=Programming, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+            Not Before: May  7 18:21:01 2015 GMT
+            Not After : Jan 31 18:21:01 2018 GMT
+        Subject: C=US, ST=Montana, L=Bozeman, O=Elliptic - comp, OU=Server ECC-comp, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: id-ecPublicKey
                 Public-Key: (256 bit)
@@ -21,31 +21,32 @@ Certificate:
                 8C:38:3A:6B:B8:24:B7:DF:6E:F4:59:AC:56:4E:AA:E2:58:A6:5A:18
             X509v3 Authority Key Identifier: 
                 keyid:8C:38:3A:6B:B8:24:B7:DF:6E:F4:59:AC:56:4E:AA:E2:58:A6:5A:18
-                DirName:/C=US/ST=Montana/L=Bozeman/O=wolfSSL/OU=Programming/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:E1:A2:F4:50:FD:69:EC:F5
+                DirName:/C=US/ST=Montana/L=Bozeman/O=Elliptic - comp/OU=Server ECC-comp/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+                serial:F6:88:98:40:94:6F:C5:2C
 
             X509v3 Basic Constraints: 
                 CA:TRUE
-    Signature Algorithm: ecdsa-with-SHA1
-         30:44:02:20:72:05:71:ab:5b:4b:64:03:ff:77:0e:f7:a7:8b:
-         70:85:52:5a:45:a7:85:90:3d:54:a4:49:23:98:23:2c:f6:db:
-         02:20:76:f5:ad:98:20:b7:00:e2:b9:a2:97:5e:cd:18:16:90:
-         a7:cc:e5:eb:34:60:83:01:49:0a:0e:e7:62:ef:85:ca
+    Signature Algorithm: ecdsa-with-SHA256
+         30:46:02:21:00:9c:f8:3e:f6:5e:cd:da:b1:08:fe:e2:bd:78:
+         14:b5:33:b3:29:69:d0:a0:de:19:05:ec:c3:46:29:01:8c:4c:
+         56:02:21:00:e2:e7:ea:37:c1:08:f6:15:73:0c:92:4f:25:63:
+         f6:53:96:31:4c:9f:1d:1a:1f:c0:a0:a3:48:bd:71:ce:13:11
 -----BEGIN CERTIFICATE-----
-MIIC+zCCAqOgAwIBAgIJAOGi9FD9aez1MAkGByqGSM49BAEwgZQxCzAJBgNVBAYT
-AlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRAwDgYDVQQK
-DAd3b2xmU1NMMRQwEgYDVQQLDAtQcm9ncmFtbWluZzEYMBYGA1UEAwwPd3d3Lndv
-bGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE1
-MDIwNTA2MzMzMFoXDTE3MTEwMTA2MzMzMFowgZQxCzAJBgNVBAYTAlVTMRAwDgYD
-VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRAwDgYDVQQKDAd3b2xmU1NM
-MRQwEgYDVQQLDAtQcm9ncmFtbWluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t
-MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMDkwEwYHKoZIzj0CAQYI
-KoZIzj0DAQcDIgACuzOsTCdQSsZKpQTDPN6fNttyLc6U6iv6yyAJOSwW6GGjgfww
-gfkwHQYDVR0OBBYEFIw4Omu4JLffbvRZrFZOquJYploYMIHJBgNVHSMEgcEwgb6A
-FIw4Omu4JLffbvRZrFZOquJYploYoYGapIGXMIGUMQswCQYDVQQGEwJVUzEQMA4G
-A1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEQMA4GA1UECgwHd29sZlNT
-TDEUMBIGA1UECwwLUHJvZ3JhbW1pbmcxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNv
-bTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIJAOGi9FD9aez1MAwG
-A1UdEwQFMAMBAf8wCQYHKoZIzj0EAQNHADBEAiByBXGrW0tkA/93Dveni3CFUlpF
-p4WQPVSkSSOYIyz22wIgdvWtmCC3AOK5opdezRgWkKfM5es0YIMBSQoO52Lvhco=
+MIIDJTCCAsqgAwIBAgIJAPaImECUb8UsMAoGCCqGSM49BAMCMIGgMQswCQYDVQQG
+EwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEYMBYGA1UE
+CgwPRWxsaXB0aWMgLSBjb21wMRgwFgYDVQQLDA9TZXJ2ZXIgRUNDLWNvbXAxGDAW
+BgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xm
+c3NsLmNvbTAeFw0xNTA1MDcxODIxMDFaFw0xODAxMzExODIxMDFaMIGgMQswCQYD
+VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEYMBYG
+A1UECgwPRWxsaXB0aWMgLSBjb21wMRgwFgYDVQQLDA9TZXJ2ZXIgRUNDLWNvbXAx
+GDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3
+b2xmc3NsLmNvbTA5MBMGByqGSM49AgEGCCqGSM49AwEHAyIAArszrEwnUErGSqUE
+wzzenzbbci3OlOor+ssgCTksFuhho4IBCTCCAQUwHQYDVR0OBBYEFIw4Omu4JLff
+bvRZrFZOquJYploYMIHVBgNVHSMEgc0wgcqAFIw4Omu4JLffbvRZrFZOquJYploY
+oYGmpIGjMIGgMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UE
+BwwHQm96ZW1hbjEYMBYGA1UECgwPRWxsaXB0aWMgLSBjb21wMRgwFgYDVQQLDA9T
+ZXJ2ZXIgRUNDLWNvbXAxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqG
+SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIJAPaImECUb8UsMAwGA1UdEwQFMAMB
+Af8wCgYIKoZIzj0EAwIDSQAwRgIhAJz4PvZezdqxCP7ivXgUtTOzKWnQoN4ZBezD
+RikBjExWAiEA4ufqN8EI9hVzDJJPJWP2U5YxTJ8dGh/AoKNIvXHOExE=
 -----END CERTIFICATE-----
diff --git a/certs/server-ecc-rsa.pem b/certs/server-ecc-rsa.pem
index c34962130..4c90d1dd4 100644
--- a/certs/server-ecc-rsa.pem
+++ b/certs/server-ecc-rsa.pem
@@ -2,11 +2,11 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number: 1 (0x1)
-    Signature Algorithm: sha1WithRSAEncryption
+    Signature Algorithm: sha256WithRSAEncryption
         Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
         Validity
-            Not Before: Feb  5 06:33:30 2015 GMT
-            Not After : Nov  1 06:33:30 2017 GMT
+            Not Before: May  7 18:21:01 2015 GMT
+            Not After : Jan 31 18:21:01 2018 GMT
         Subject: C=US, ST=Montana, L=Bozeman, O=Elliptic - RSAsig, OU=ECC-RSAsig, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: id-ecPublicKey
@@ -24,32 +24,32 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:FA:7D:38:9A:73:FB:12:19
+                serial:D9:80:3A:C3:D2:F4:DA:37
 
             X509v3 Basic Constraints: 
                 CA:TRUE
-    Signature Algorithm: sha1WithRSAEncryption
-         18:f4:db:2f:82:5d:c3:07:31:1f:e6:af:4e:ea:dd:00:37:8c:
-         79:2f:33:37:0c:c9:fc:78:ad:77:31:24:32:09:0b:e6:43:d5:
-         94:c1:b3:d9:a7:09:14:4e:fa:5f:19:52:97:eb:b2:4c:7d:c0:
-         08:d1:2e:ea:74:11:ee:a8:e7:bc:82:a4:18:b1:44:e8:5e:a8:
-         1f:b9:10:d2:74:09:a7:2d:fc:42:88:3e:ff:79:ef:93:4f:7e:
-         5e:d8:5c:2e:07:13:4a:1b:fc:fd:31:70:e3:ab:b5:8a:6e:bb:
-         cf:03:e3:60:3e:89:7f:40:09:a4:41:ad:57:58:5a:15:0f:a9:
-         ae:d0:58:06:de:44:6b:fd:fb:d1:52:42:9b:29:3c:2a:98:f6:
-         e9:bc:c1:a5:05:38:a0:42:aa:63:b0:de:97:22:ab:99:0e:30:
-         4d:d0:bc:34:5d:dc:81:ff:0b:e9:33:3e:91:ad:d9:96:90:76:
-         65:37:35:fb:b5:85:01:b2:b6:70:fe:a8:6e:00:cb:4b:d6:83:
-         42:6c:96:88:28:d4:26:e9:09:82:d6:d3:67:65:2d:c2:8e:c7:
-         dc:d5:3b:39:7b:d2:f5:9b:85:25:a6:f2:16:d1:05:31:27:fb:
-         6b:20:c4:ae:b9:85:46:bb:e3:06:89:96:c8:95:bd:34:5d:dc:
-         b1:16:bc:77
+    Signature Algorithm: sha256WithRSAEncryption
+         ac:2b:a9:d9:15:3b:9a:42:fb:86:2b:c1:f2:18:7c:a6:ca:27:
+         0b:48:81:64:20:3b:d3:4f:ee:95:d4:c5:fd:5f:c7:d6:ab:a1:
+         41:85:cc:e1:16:e1:fd:ce:8a:af:95:27:f2:f0:7a:3d:59:5d:
+         3a:5d:03:99:cb:4c:5c:19:35:9c:b2:6e:7e:2b:10:e2:7f:ef:
+         14:35:79:ca:67:eb:51:a9:e9:bb:5f:52:af:9d:79:80:b5:31:
+         5c:f0:20:ca:c7:e9:9b:29:82:c4:a4:74:0a:2a:76:ea:ad:59:
+         a2:f9:a2:cf:53:40:11:ac:1a:de:fc:ab:28:96:9f:cf:ff:b9:
+         74:31:95:c4:6d:d2:76:c1:93:97:75:a6:9f:69:a3:7d:92:75:
+         b8:27:a2:bd:4d:4b:54:11:b4:8a:43:f2:fc:10:a5:82:fb:51:
+         45:57:86:00:85:71:91:21:37:5c:9f:f3:68:06:ae:9e:86:46:
+         8d:4b:e3:d0:42:a4:cf:c1:5d:95:bc:1a:92:f8:44:1e:a0:1b:
+         c8:98:41:af:8e:94:41:60:69:b1:7c:8e:70:ce:88:42:44:3a:
+         2d:3f:de:6e:3a:aa:d1:64:be:03:68:60:b6:ac:e5:44:c1:bb:
+         f1:c9:40:90:c2:c9:8f:ec:32:9d:e0:b4:4b:1a:e7:da:99:94:
+         fe:e2:b6:2a
 -----BEGIN CERTIFICATE-----
-MIID4DCCAsigAwIBAgIBATANBgkqhkiG9w0BAQUFADCBlDELMAkGA1UEBhMCVVMx
+MIID4DCCAsigAwIBAgIBATANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx
 EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh
 d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz
-bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUwMjA1
-MDYzMzMwWhcNMTcxMTAxMDYzMzMwWjCBnTELMAkGA1UEBhMCVVMxEDAOBgNVBAgM
+bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUwNTA3
+MTgyMTAxWhcNMTgwMTMxMTgyMTAxWjCBnTELMAkGA1UEBhMCVVMxEDAOBgNVBAgM
 B01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xGjAYBgNVBAoMEUVsbGlwdGljIC0g
 UlNBc2lnMRMwEQYDVQQLDApFQ0MtUlNBc2lnMRgwFgYDVQQDDA93d3cud29sZnNz
 bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wWTATBgcqhkjO
@@ -59,11 +59,11 @@ BBRdXSbvrH42+Zt2FStKJQIj77KJMDCByQYDVR0jBIHBMIG+gBQnjmcRdMMmHT/t
 M2OzpNgdMOXo1aGBmqSBlzCBlDELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRh
 bmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNhd3Rvb3RoMRMwEQYDVQQL
 DApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG
-9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CCQD6fTiac/sSGTAMBgNVHRMEBTADAQH/
-MA0GCSqGSIb3DQEBBQUAA4IBAQAY9Nsvgl3DBzEf5q9O6t0AN4x5LzM3DMn8eK13
-MSQyCQvmQ9WUwbPZpwkUTvpfGVKX67JMfcAI0S7qdBHuqOe8gqQYsUToXqgfuRDS
-dAmnLfxCiD7/ee+TT35e2FwuBxNKG/z9MXDjq7WKbrvPA+NgPol/QAmkQa1XWFoV
-D6mu0FgG3kRr/fvRUkKbKTwqmPbpvMGlBTigQqpjsN6XIquZDjBN0Lw0XdyB/wvp
-Mz6RrdmWkHZlNzX7tYUBsrZw/qhuAMtL1oNCbJaIKNQm6QmC1tNnZS3Cjsfc1Ts5
-e9L1m4UlpvIW0QUxJ/trIMSuuYVGu+MGiZbIlb00XdyxFrx3
+9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CCQDZgDrD0vTaNzAMBgNVHRMEBTADAQH/
+MA0GCSqGSIb3DQEBCwUAA4IBAQCsK6nZFTuaQvuGK8HyGHymyicLSIFkIDvTT+6V
+1MX9X8fWq6FBhczhFuH9zoqvlSfy8Ho9WV06XQOZy0xcGTWcsm5+KxDif+8UNXnK
+Z+tRqem7X1KvnXmAtTFc8CDKx+mbKYLEpHQKKnbqrVmi+aLPU0ARrBre/Ksolp/P
+/7l0MZXEbdJ2wZOXdaafaaN9knW4J6K9TUtUEbSKQ/L8EKWC+1FFV4YAhXGRITdc
+n/NoBq6ehkaNS+PQQqTPwV2VvBqS+EQeoBvImEGvjpRBYGmxfI5wzohCRDotP95u
+OqrRZL4DaGC2rOVEwbvxyUCQwsmP7DKd4LRLGufamZT+4rYq
 -----END CERTIFICATE-----
diff --git a/certs/server-ecc.pem b/certs/server-ecc.pem
index ff509a0fa..1957e0eab 100644
--- a/certs/server-ecc.pem
+++ b/certs/server-ecc.pem
@@ -1,17 +1,16 @@
 Certificate:
     Data:
         Version: 3 (0x2)
-        Serial Number:
-            81:da:7b:08:46:85:33:fd
-        Signature Algorithm: ecdsa-with-SHA1
-        Issuer: C=US, ST=Montana, L=Bozeman, O=wolfSSL, OU=Programming, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+        Serial Number: 12841786837162396166 (0xb2373116f65a0a06)
+    Signature Algorithm: ecdsa-with-SHA256
+        Issuer: C=US, ST=Washington, L=Seattle, O=Eliptic, OU=ECC, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
         Validity
-            Not Before: Feb  5 06:33:30 2015 GMT
-            Not After : Nov  1 06:33:30 2017 GMT
-        Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL, OU=Programming, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+            Not Before: May  7 18:21:01 2015 GMT
+            Not After : Jan 31 18:21:01 2018 GMT
+        Subject: C=US, ST=Washington, L=Seattle, O=Eliptic, OU=ECC, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: id-ecPublicKey
-            EC Public Key:
+                Public-Key: (256 bit)
                 pub: 
                     04:bb:33:ac:4c:27:50:4a:c6:4a:a5:04:c3:3c:de:
                     9f:36:db:72:2d:ce:94:ea:2b:fa:cb:20:09:39:2c:
@@ -24,32 +23,32 @@ Certificate:
                 5D:5D:26:EF:AC:7E:36:F9:9B:76:15:2B:4A:25:02:23:EF:B2:89:30
             X509v3 Authority Key Identifier: 
                 keyid:5D:5D:26:EF:AC:7E:36:F9:9B:76:15:2B:4A:25:02:23:EF:B2:89:30
-                DirName:/C=US/ST=Montana/L=Bozeman/O=wolfSSL/OU=Programming/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:81:DA:7B:08:46:85:33:FD
+                DirName:/C=US/ST=Washington/L=Seattle/O=Eliptic/OU=ECC/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+                serial:B2:37:31:16:F6:5A:0A:06
 
             X509v3 Basic Constraints: 
                 CA:TRUE
-    Signature Algorithm: ecdsa-with-SHA1
-        30:45:02:21:00:a0:70:22:57:ad:97:06:b5:9b:fa:5a:1c:b2:
-        77:ed:54:09:7d:9a:5c:ca:02:56:d7:32:1d:41:e6:d5:5a:09:
-        29:02:20:4e:95:75:27:3d:3c:93:ba:97:3f:f4:2d:35:3e:c8:
-        57:75:e1:81:3d:5e:09:bf:86:a2:8b:ef:0b:d1:77:4f:b5
+    Signature Algorithm: ecdsa-with-SHA256
+         30:45:02:20:35:25:33:ea:7c:3b:e2:2e:ed:e4:2e:9a:91:f1:
+         c3:86:ff:a7:27:35:a9:f6:29:d6:f8:d5:9a:0b:35:f1:21:c7:
+         02:21:00:bc:79:f7:fd:66:d4:d3:46:61:e4:19:e5:f7:74:03:
+         83:27:f8:26:c0:86:15:a9:e2:10:e3:ad:6b:b9:1c:1d:eb
 -----BEGIN CERTIFICATE-----
-MIIDHDCCAsOgAwIBAgIJAIHaewhGhTP9MAkGByqGSM49BAEwgZQxCzAJBgNVBAYT
-AlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRAwDgYDVQQK
-DAd3b2xmU1NMMRQwEgYDVQQLDAtQcm9ncmFtbWluZzEYMBYGA1UEAwwPd3d3Lndv
-bGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE1
-MDIwNTA2MzMzMFoXDTE3MTEwMTA2MzMzMFowgZQxCzAJBgNVBAYTAlVTMRAwDgYD
-VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRAwDgYDVQQKDAd3b2xmU1NM
-MRQwEgYDVQQLDAtQcm9ncmFtbWluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t
-MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMFkwEwYHKoZIzj0CAQYI
-KoZIzj0DAQcDQgAEuzOsTCdQSsZKpQTDPN6fNttyLc6U6iv6yyAJOSwW6GEC6a9N
-0wKTmjFbl5Ihf/DPGNqREQI0huggWDMLgDSJ2KOB/DCB+TAdBgNVHQ4EFgQUXV0m
-76x+NvmbdhUrSiUCI++yiTAwgckGA1UdIwSBwTCBvoAUXV0m76x+NvmbdhUrSiUC
-I++yiTChgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAw
-DgYDVQQHDAdCb3plbWFuMRAwDgYDVQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtQcm9n
-cmFtbWluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkB
-FhBpbmZvQHdvbGZzc2wuY29tggkAgdp7CEaFM/0wDAYDVR0TBAUwAwEB/zAJBgcq
-hkjOPQQBA0gAMEUCIQCgcCJXrZcGtZv6Whyyd+1UCX2aXMoCVtcyHUHm1VoJKQIg
-TpV1Jz08k7qXP/QtNT7IV3XhgT1eCb+GoovvC9F3T7U=
+MIIDDzCCArWgAwIBAgIJALI3MRb2WgoGMAoGCCqGSM49BAMCMIGPMQswCQYDVQQG
+EwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEQMA4G
+A1UECgwHRWxpcHRpYzEMMAoGA1UECwwDRUNDMRgwFgYDVQQDDA93d3cud29sZnNz
+bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUwNTA3
+MTgyMTAxWhcNMTgwMTMxMTgyMTAxWjCBjzELMAkGA1UEBhMCVVMxEzARBgNVBAgM
+Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB0VsaXB0aWMx
+DDAKBgNVBAsMA0VDQzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZI
+hvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD
+QgAEuzOsTCdQSsZKpQTDPN6fNttyLc6U6iv6yyAJOSwW6GEC6a9N0wKTmjFbl5Ih
+f/DPGNqREQI0huggWDMLgDSJ2KOB9zCB9DAdBgNVHQ4EFgQUXV0m76x+NvmbdhUr
+SiUCI++yiTAwgcQGA1UdIwSBvDCBuYAUXV0m76x+NvmbdhUrSiUCI++yiTChgZWk
+gZIwgY8xCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQH
+DAdTZWF0dGxlMRAwDgYDVQQKDAdFbGlwdGljMQwwCgYDVQQLDANFQ0MxGDAWBgNV
+BAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3Ns
+LmNvbYIJALI3MRb2WgoGMAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIg
+NSUz6nw74i7t5C6akfHDhv+nJzWp9inW+NWaCzXxIccCIQC8eff9ZtTTRmHkGeX3
+dAODJ/gmwIYVqeIQ461ruRwd6w==
 -----END CERTIFICATE-----
diff --git a/gencertbuf.pl b/gencertbuf.pl
index 257b17b0b..d3d116695 100755
--- a/gencertbuf.pl
+++ b/gencertbuf.pl
@@ -60,11 +60,11 @@ for (my $i = 0; $i < $num_1024; $i++) {
     my $sname = $fileList_1024[$i][1];
 
     print OUT_FILE "/* $fname, 1024-bit */\n";
-    print OUT_FILE "const unsigned char $sname\[] =\n";
+    print OUT_FILE "static const unsigned char $sname\[] =\n";
     print OUT_FILE "{\n";
     file_to_hex($fname);
     print OUT_FILE "};\n";
-    print OUT_FILE "const int sizeof_$sname = sizeof($sname);\n\n";
+    print OUT_FILE "static const int sizeof_$sname = sizeof($sname);\n\n";
 }
 
 # convert and print 2048-bit certs/keys
@@ -75,15 +75,36 @@ for (my $i = 0; $i < $num_2048; $i++) {
     my $sname = $fileList_2048[$i][1];
 
     print OUT_FILE "/* $fname, 2048-bit */\n";
-    print OUT_FILE "const unsigned char $sname\[] =\n";
+    print OUT_FILE "static const unsigned char $sname\[] =\n";
     print OUT_FILE "{\n";
     file_to_hex($fname);
     print OUT_FILE "};\n";
-    print OUT_FILE "const int sizeof_$sname = sizeof($sname);\n\n";
+    print OUT_FILE "static const int sizeof_$sname = sizeof($sname);\n\n";
 }
 
 print OUT_FILE "#endif /* USE_CERT_BUFFERS_1024 */\n\n";
-print OUT_FILE "#endif /* CYASSL_CERTS_TEST_H */\n\n";
+print OUT_FILE "/* dh1024 p */
+static const unsigned char dh_p[] =
+{
+    0xE6, 0x96, 0x9D, 0x3D, 0x49, 0x5B, 0xE3, 0x2C, 0x7C, 0xF1, 0x80, 0xC3,
+    0xBD, 0xD4, 0x79, 0x8E, 0x91, 0xB7, 0x81, 0x82, 0x51, 0xBB, 0x05, 0x5E,
+    0x2A, 0x20, 0x64, 0x90, 0x4A, 0x79, 0xA7, 0x70, 0xFA, 0x15, 0xA2, 0x59,
+    0xCB, 0xD5, 0x23, 0xA6, 0xA6, 0xEF, 0x09, 0xC4, 0x30, 0x48, 0xD5, 0xA2,
+    0x2F, 0x97, 0x1F, 0x3C, 0x20, 0x12, 0x9B, 0x48, 0x00, 0x0E, 0x6E, 0xDD,
+    0x06, 0x1C, 0xBC, 0x05, 0x3E, 0x37, 0x1D, 0x79, 0x4E, 0x53, 0x27, 0xDF,
+    0x61, 0x1E, 0xBB, 0xBE, 0x1B, 0xAC, 0x9B, 0x5C, 0x60, 0x44, 0xCF, 0x02,
+    0x3D, 0x76, 0xE0, 0x5E, 0xEA, 0x9B, 0xAD, 0x99, 0x1B, 0x13, 0xA6, 0x3C,
+    0x97, 0x4E, 0x9E, 0xF1, 0x83, 0x9E, 0xB5, 0xDB, 0x12, 0x51, 0x36, 0xF7,
+    0x26, 0x2E, 0x56, 0xA8, 0x87, 0x15, 0x38, 0xDF, 0xD8, 0x23, 0xC6, 0x50,
+    0x50, 0x85, 0xE2, 0x1F, 0x0D, 0xD5, 0xC8, 0x6B,
+};
+
+/* dh1024 g */
+static const unsigned char dh_g[] =
+{
+  0x02,
+};\n\n\n";
+print OUT_FILE "#endif /* WOLFSSL_CERTS_TEST_H */\n\n";
 
 # close certs_test.h file
 close OUT_FILE or die $!;
diff --git a/wolfssl/certs_test.h b/wolfssl/certs_test.h
index 44f441a3f..3ce491551 100644
--- a/wolfssl/certs_test.h
+++ b/wolfssl/certs_test.h
@@ -75,38 +75,40 @@ static const int sizeof_client_key_der_1024 = sizeof(client_key_der_1024);
 /* ./certs/1024/client-cert.der, 1024-bit */
 static const unsigned char client_cert_der_1024[] =
 {
-	0x30, 0x82, 0x03, 0xA5, 0x30, 0x82, 0x03, 0x0E, 0xA0, 0x03, 
-	0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xE8, 0xFF, 0xC9, 0x07, 
-	0xB8, 0xF7, 0x48, 0x52, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 
-	0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 
-	0x81, 0x94, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 
+	0x30, 0x82, 0x03, 0xC5, 0x30, 0x82, 0x03, 0x2E, 0xA0, 0x03, 
+	0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xE3, 0xD7, 0xA0, 0xFA, 
+	0x76, 0xDF, 0x2A, 0xFA, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 
+	0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x30, 
+	0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 
 	0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 
 	0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 
 	0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 
 	0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 
-	0x6E, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x0A, 
-	0x0C, 0x07, 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x31, 
-	0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x0B, 
-	0x50, 0x72, 0x6F, 0x67, 0x72, 0x61, 0x6D, 0x6D, 0x69, 0x6E, 
-	0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 
+	0x6E, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0A, 
+	0x0C, 0x0C, 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x5F, 
+	0x31, 0x30, 0x32, 0x34, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 
+	0x55, 0x04, 0x0B, 0x0C, 0x10, 0x50, 0x72, 0x6F, 0x67, 0x72, 
+	0x61, 0x6D, 0x6D, 0x69, 0x6E, 0x67, 0x2D, 0x31, 0x30, 0x32, 
+	0x34, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 
 	0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 
 	0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 
 	0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 
 	0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 
 	0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 
-	0x30, 0x1E, 0x17, 0x0D, 0x31, 0x35, 0x30, 0x32, 0x30, 0x35, 
-	0x30, 0x36, 0x33, 0x33, 0x33, 0x30, 0x5A, 0x17, 0x0D, 0x31, 
-	0x37, 0x31, 0x31, 0x30, 0x31, 0x30, 0x36, 0x33, 0x33, 0x33, 
-	0x30, 0x5A, 0x30, 0x81, 0x94, 0x31, 0x0B, 0x30, 0x09, 0x06, 
+	0x30, 0x1E, 0x17, 0x0D, 0x31, 0x35, 0x30, 0x35, 0x30, 0x37, 
+	0x31, 0x38, 0x32, 0x31, 0x30, 0x31, 0x5A, 0x17, 0x0D, 0x31, 
+	0x38, 0x30, 0x31, 0x33, 0x31, 0x31, 0x38, 0x32, 0x31, 0x30, 
+	0x31, 0x5A, 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09, 0x06, 
 	0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 
 	0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 
 	0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 
 	0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 
-	0x65, 0x6D, 0x61, 0x6E, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 
-	0x55, 0x04, 0x0A, 0x0C, 0x07, 0x77, 0x6F, 0x6C, 0x66, 0x53, 
-	0x53, 0x4C, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 
-	0x0B, 0x0C, 0x0B, 0x50, 0x72, 0x6F, 0x67, 0x72, 0x61, 0x6D, 
-	0x6D, 0x69, 0x6E, 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 
+	0x65, 0x6D, 0x61, 0x6E, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 
+	0x55, 0x04, 0x0A, 0x0C, 0x0C, 0x77, 0x6F, 0x6C, 0x66, 0x53, 
+	0x53, 0x4C, 0x5F, 0x31, 0x30, 0x32, 0x34, 0x31, 0x19, 0x30, 
+	0x17, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x10, 0x50, 0x72, 
+	0x6F, 0x67, 0x72, 0x61, 0x6D, 0x6D, 0x69, 0x6E, 0x67, 0x2D, 
+	0x31, 0x30, 0x32, 0x34, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 
 	0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 
 	0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 
 	0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 
@@ -128,47 +130,48 @@ static const unsigned char client_cert_der_1024[] =
 	0x4C, 0xE8, 0xC1, 0xFD, 0x4A, 0x6F, 0x2B, 0x1F, 0xEF, 0x8A, 
 	0xAE, 0xF6, 0x90, 0x62, 0xE5, 0x64, 0x1E, 0xEB, 0x2B, 0x3C, 
 	0x67, 0xC8, 0xDC, 0x27, 0x00, 0xF6, 0x91, 0x68, 0x65, 0xA9, 
-	0x02, 0x03, 0x01, 0x00, 0x01, 0xA3, 0x81, 0xFC, 0x30, 0x81, 
-	0xF9, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, 
-	0x04, 0x14, 0x81, 0x69, 0x0F, 0xF8, 0xDF, 0xDD, 0xCF, 0x34, 
-	0x29, 0xD5, 0x67, 0x75, 0x71, 0x85, 0xC7, 0x75, 0x10, 0x69, 
-	0x59, 0xEC, 0x30, 0x81, 0xC9, 0x06, 0x03, 0x55, 0x1D, 0x23, 
-	0x04, 0x81, 0xC1, 0x30, 0x81, 0xBE, 0x80, 0x14, 0x81, 0x69, 
-	0x0F, 0xF8, 0xDF, 0xDD, 0xCF, 0x34, 0x29, 0xD5, 0x67, 0x75, 
-	0x71, 0x85, 0xC7, 0x75, 0x10, 0x69, 0x59, 0xEC, 0xA1, 0x81, 
-	0x9A, 0xA4, 0x81, 0x97, 0x30, 0x81, 0x94, 0x31, 0x0B, 0x30, 
-	0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 
-	0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 
-	0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 
-	0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, 
-	0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x10, 0x30, 0x0E, 
-	0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x07, 0x77, 0x6F, 0x6C, 
-	0x66, 0x53, 0x53, 0x4C, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 
-	0x55, 0x04, 0x0B, 0x0C, 0x0B, 0x50, 0x72, 0x6F, 0x67, 0x72, 
-	0x61, 0x6D, 0x6D, 0x69, 0x6E, 0x67, 0x31, 0x18, 0x30, 0x16, 
-	0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 
-	0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 
-	0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 
-	0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 
-	0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 
-	0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x09, 0x00, 0xE8, 0xFF, 
-	0xC9, 0x07, 0xB8, 0xF7, 0x48, 0x52, 0x30, 0x0C, 0x06, 0x03, 
-	0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 
-	0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 
-	0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x81, 0x81, 0x00, 0x70, 
-	0xBE, 0xFB, 0x3C, 0x29, 0x5D, 0x53, 0xBA, 0x96, 0xBC, 0xCB, 
-	0x7E, 0x82, 0xA9, 0x2C, 0xEF, 0xEE, 0x3B, 0xF0, 0xE8, 0xF4, 
-	0x01, 0x78, 0x50, 0x51, 0x55, 0x1B, 0x47, 0x9B, 0xDC, 0x5A, 
-	0x10, 0xE6, 0x39, 0x84, 0x9A, 0xA1, 0x2D, 0x03, 0xCC, 0xB3, 
-	0x16, 0xE9, 0x32, 0x26, 0x97, 0x3D, 0x0F, 0xEC, 0xC9, 0x4F, 
-	0x11, 0x08, 0x31, 0xA3, 0x1C, 0x1F, 0x37, 0xD3, 0x00, 0x04, 
-	0x42, 0xCC, 0xC9, 0x34, 0x14, 0x3A, 0xE1, 0xF2, 0xF9, 0xBE, 
-	0x2E, 0xBF, 0x64, 0x47, 0x3E, 0x46, 0x95, 0x09, 0xA5, 0x3B, 
-	0x4C, 0x4A, 0x7B, 0x23, 0x0E, 0x3C, 0x54, 0x01, 0xD4, 0x55, 
-	0xFA, 0x53, 0xF0, 0x65, 0x6E, 0x68, 0x4B, 0xCC, 0xE3, 0x83, 
-	0x5F, 0xFE, 0x9E, 0xC8, 0xE7, 0xF6, 0xE1, 0xC8, 0x88, 0xBB, 
-	0xB9, 0x24, 0xF6, 0x0A, 0x18, 0x20, 0x44, 0xCB, 0x78, 0x2E, 
-	0x77, 0x3F, 0xBF, 0x22, 0xEF, 0xBC, 0xB4
+	0x02, 0x03, 0x01, 0x00, 0x01, 0xA3, 0x82, 0x01, 0x07, 0x30, 
+	0x82, 0x01, 0x03, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 
+	0x04, 0x16, 0x04, 0x14, 0x81, 0x69, 0x0F, 0xF8, 0xDF, 0xDD, 
+	0xCF, 0x34, 0x29, 0xD5, 0x67, 0x75, 0x71, 0x85, 0xC7, 0x75, 
+	0x10, 0x69, 0x59, 0xEC, 0x30, 0x81, 0xD3, 0x06, 0x03, 0x55, 
+	0x1D, 0x23, 0x04, 0x81, 0xCB, 0x30, 0x81, 0xC8, 0x80, 0x14, 
+	0x81, 0x69, 0x0F, 0xF8, 0xDF, 0xDD, 0xCF, 0x34, 0x29, 0xD5, 
+	0x67, 0x75, 0x71, 0x85, 0xC7, 0x75, 0x10, 0x69, 0x59, 0xEC, 
+	0xA1, 0x81, 0xA4, 0xA4, 0x81, 0xA1, 0x30, 0x81, 0x9E, 0x31, 
+	0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 
+	0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 
+	0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 
+	0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 
+	0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x15, 
+	0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0C, 0x77, 
+	0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x5F, 0x31, 0x30, 0x32, 
+	0x34, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x0B, 
+	0x0C, 0x10, 0x50, 0x72, 0x6F, 0x67, 0x72, 0x61, 0x6D, 0x6D, 
+	0x69, 0x6E, 0x67, 0x2D, 0x31, 0x30, 0x32, 0x34, 0x31, 0x18, 
+	0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 
+	0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 
+	0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 
+	0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 
+	0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 
+	0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x09, 0x00, 
+	0xE3, 0xD7, 0xA0, 0xFA, 0x76, 0xDF, 0x2A, 0xFA, 0x30, 0x0C, 
+	0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 
+	0x01, 0xFF, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 
+	0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x03, 0x81, 0x81, 
+	0x00, 0x1D, 0xB7, 0xD5, 0x7C, 0xE1, 0xB1, 0xD8, 0xC0, 0x67, 
+	0x5D, 0xB5, 0xD3, 0x88, 0xE7, 0x50, 0x29, 0x71, 0x63, 0x8F, 
+	0xCC, 0x26, 0x1F, 0x33, 0x09, 0x55, 0x43, 0x9B, 0xAB, 0xC6, 
+	0x1B, 0xBC, 0xC7, 0x01, 0x95, 0x1A, 0xFA, 0x65, 0xE0, 0xFD, 
+	0x9C, 0xEB, 0x6F, 0x0A, 0x0F, 0x14, 0xEC, 0xB5, 0x2F, 0xDC, 
+	0x1C, 0x30, 0xDD, 0x52, 0x97, 0xD4, 0x1C, 0x09, 0x00, 0x33, 
+	0x38, 0x5F, 0xCB, 0xA8, 0x16, 0x8F, 0x11, 0xB7, 0xB8, 0xD0, 
+	0x66, 0xE1, 0x54, 0x28, 0xF3, 0x3F, 0xBF, 0x6A, 0x6F, 0x76, 
+	0x48, 0x2A, 0x5E, 0x56, 0xA7, 0xCE, 0x1C, 0xF0, 0x04, 0xDD, 
+	0x17, 0xBD, 0x06, 0x78, 0x21, 0x6D, 0xD6, 0xB1, 0x9B, 0x75, 
+	0x31, 0x92, 0xC1, 0xFE, 0xD4, 0x8D, 0xD4, 0x67, 0x2F, 0x03, 
+	0x1B, 0x27, 0x8D, 0xAB, 0xFF, 0x30, 0x3B, 0xC3, 0x7F, 0x23, 
+	0xE4, 0xAB, 0x5B, 0x91, 0xE1, 0x1B, 0x66, 0xE6, 0xED
 };
 static const int sizeof_client_cert_der_1024 = sizeof(client_cert_der_1024);
 
@@ -441,38 +444,40 @@ static const int sizeof_client_key_der_2048 = sizeof(client_key_der_2048);
 /* ./certs/client-cert.der, 2048-bit */
 static const unsigned char client_cert_der_2048[] =
 {
-	0x30, 0x82, 0x04, 0xAA, 0x30, 0x82, 0x03, 0x92, 0xA0, 0x03, 
-	0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xCD, 0x6C, 0xD6, 0x7E, 
-	0xC6, 0xEF, 0xF3, 0xDB, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 
-	0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 
-	0x81, 0x94, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 
+	0x30, 0x82, 0x04, 0xCA, 0x30, 0x82, 0x03, 0xB2, 0xA0, 0x03, 
+	0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xAA, 0x27, 0xB3, 0xC5, 
+	0xA9, 0x72, 0x6E, 0x0D, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 
+	0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x30, 
+	0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 
 	0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 
 	0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 
 	0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 
 	0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 
-	0x6E, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x0A, 
-	0x0C, 0x07, 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x31, 
-	0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x0B, 
-	0x50, 0x72, 0x6F, 0x67, 0x72, 0x61, 0x6D, 0x6D, 0x69, 0x6E, 
-	0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 
+	0x6E, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0A, 
+	0x0C, 0x0C, 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x5F, 
+	0x32, 0x30, 0x34, 0x38, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 
+	0x55, 0x04, 0x0B, 0x0C, 0x10, 0x50, 0x72, 0x6F, 0x67, 0x72, 
+	0x61, 0x6D, 0x6D, 0x69, 0x6E, 0x67, 0x2D, 0x32, 0x30, 0x34, 
+	0x38, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 
 	0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 
 	0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 
 	0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 
 	0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 
 	0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 
-	0x30, 0x1E, 0x17, 0x0D, 0x31, 0x35, 0x30, 0x32, 0x30, 0x35, 
-	0x30, 0x36, 0x33, 0x33, 0x33, 0x30, 0x5A, 0x17, 0x0D, 0x31, 
-	0x37, 0x31, 0x31, 0x30, 0x31, 0x30, 0x36, 0x33, 0x33, 0x33, 
-	0x30, 0x5A, 0x30, 0x81, 0x94, 0x31, 0x0B, 0x30, 0x09, 0x06, 
+	0x30, 0x1E, 0x17, 0x0D, 0x31, 0x35, 0x30, 0x35, 0x30, 0x37, 
+	0x31, 0x38, 0x32, 0x31, 0x30, 0x31, 0x5A, 0x17, 0x0D, 0x31, 
+	0x38, 0x30, 0x31, 0x33, 0x31, 0x31, 0x38, 0x32, 0x31, 0x30, 
+	0x31, 0x5A, 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09, 0x06, 
 	0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 
 	0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 
 	0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 
 	0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 
-	0x65, 0x6D, 0x61, 0x6E, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 
-	0x55, 0x04, 0x0A, 0x0C, 0x07, 0x77, 0x6F, 0x6C, 0x66, 0x53, 
-	0x53, 0x4C, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 
-	0x0B, 0x0C, 0x0B, 0x50, 0x72, 0x6F, 0x67, 0x72, 0x61, 0x6D, 
-	0x6D, 0x69, 0x6E, 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 
+	0x65, 0x6D, 0x61, 0x6E, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 
+	0x55, 0x04, 0x0A, 0x0C, 0x0C, 0x77, 0x6F, 0x6C, 0x66, 0x53, 
+	0x53, 0x4C, 0x5F, 0x32, 0x30, 0x34, 0x38, 0x31, 0x19, 0x30, 
+	0x17, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x10, 0x50, 0x72, 
+	0x6F, 0x67, 0x72, 0x61, 0x6D, 0x6D, 0x69, 0x6E, 0x67, 0x2D, 
+	0x32, 0x30, 0x34, 0x38, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 
 	0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 
 	0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 
 	0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 
@@ -507,60 +512,62 @@ static const unsigned char client_cert_der_2048[] =
 	0xD3, 0x86, 0x40, 0x18, 0x13, 0xB0, 0x63, 0xB5, 0x72, 0x4E, 
 	0x30, 0xC4, 0x97, 0x84, 0x86, 0x2D, 0x56, 0x2F, 0xD7, 0x15, 
 	0xF7, 0x7F, 0xC0, 0xAE, 0xF5, 0xFC, 0x5B, 0xE5, 0xFB, 0xA1, 
-	0xBA, 0xD3, 0x02, 0x03, 0x01, 0x00, 0x01, 0xA3, 0x81, 0xFC, 
-	0x30, 0x81, 0xF9, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 
-	0x04, 0x16, 0x04, 0x14, 0x33, 0xD8, 0x45, 0x66, 0xD7, 0x68, 
-	0x87, 0x18, 0x7E, 0x54, 0x0D, 0x70, 0x27, 0x91, 0xC7, 0x26, 
-	0xD7, 0x85, 0x65, 0xC0, 0x30, 0x81, 0xC9, 0x06, 0x03, 0x55, 
-	0x1D, 0x23, 0x04, 0x81, 0xC1, 0x30, 0x81, 0xBE, 0x80, 0x14, 
-	0x33, 0xD8, 0x45, 0x66, 0xD7, 0x68, 0x87, 0x18, 0x7E, 0x54, 
-	0x0D, 0x70, 0x27, 0x91, 0xC7, 0x26, 0xD7, 0x85, 0x65, 0xC0, 
-	0xA1, 0x81, 0x9A, 0xA4, 0x81, 0x97, 0x30, 0x81, 0x94, 0x31, 
-	0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 
-	0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 
-	0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 
-	0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 
-	0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x10, 
-	0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x07, 0x77, 
-	0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x31, 0x14, 0x30, 0x12, 
-	0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x0B, 0x50, 0x72, 0x6F, 
-	0x67, 0x72, 0x61, 0x6D, 0x6D, 0x69, 0x6E, 0x67, 0x31, 0x18, 
-	0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 
-	0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 
-	0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 
-	0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 
-	0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 
-	0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x09, 0x00, 
-	0xCD, 0x6C, 0xD6, 0x7E, 0xC6, 0xEF, 0xF3, 0xDB, 0x30, 0x0C, 
-	0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 
-	0x01, 0xFF, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 
-	0xF7, 0x0D, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x82, 0x01, 
-	0x01, 0x00, 0x7E, 0x41, 0x65, 0x73, 0xCD, 0x18, 0x5A, 0x2F, 
-	0x4D, 0xAB, 0xFE, 0x5A, 0x3C, 0x37, 0x63, 0x82, 0x3D, 0x2E, 
-	0x8A, 0xA2, 0x02, 0xC9, 0xBD, 0xEE, 0xCD, 0xA7, 0xF7, 0xC4, 
-	0x3B, 0x47, 0x33, 0x1B, 0x10, 0x41, 0x7F, 0x27, 0x75, 0xFF, 
-	0x76, 0x79, 0xA6, 0x08, 0x15, 0x00, 0xF9, 0x86, 0xDF, 0x91, 
-	0xB2, 0xCC, 0x99, 0xFA, 0xFE, 0xB9, 0xEB, 0x93, 0x55, 0xE9, 
-	0x01, 0xD0, 0x77, 0xE0, 0xD8, 0x6E, 0xB3, 0xD9, 0xA3, 0x26, 
-	0x06, 0x25, 0xE1, 0xE9, 0x8B, 0x7C, 0xFE, 0x5D, 0xD7, 0x39, 
-	0x5A, 0xC2, 0xF7, 0xE2, 0xF6, 0xDE, 0x6A, 0x76, 0x02, 0x18, 
-	0x7E, 0x16, 0xD0, 0xD0, 0xD3, 0x09, 0x8C, 0x92, 0x38, 0xA2, 
-	0xCA, 0x7E, 0xA8, 0xB9, 0xCC, 0x08, 0x4C, 0xF0, 0x59, 0xAA, 
-	0x25, 0x35, 0xB9, 0xD3, 0xAA, 0x1C, 0x10, 0x1C, 0xDC, 0x0B, 
-	0xD5, 0x61, 0xFC, 0x9C, 0xF1, 0x95, 0xF1, 0xCE, 0x47, 0xFD, 
-	0x56, 0xA0, 0x3C, 0xC1, 0x4D, 0xCA, 0x54, 0xCC, 0x00, 0x2F, 
-	0x3E, 0x75, 0x8E, 0x17, 0x40, 0x14, 0x49, 0x01, 0xBB, 0xA5, 
-	0xFB, 0x52, 0x0A, 0xBF, 0xBB, 0x09, 0x21, 0xD4, 0xA6, 0x33, 
-	0x58, 0x28, 0xEE, 0x33, 0xDC, 0xFE, 0xF8, 0x76, 0xC4, 0xF4, 
-	0x8E, 0xBB, 0x67, 0x68, 0x97, 0x5B, 0xC6, 0x7A, 0x23, 0x85, 
-	0xDD, 0x6A, 0x8E, 0x8C, 0x02, 0x05, 0x1D, 0xEE, 0xE2, 0x3D, 
-	0xB4, 0x9C, 0xBB, 0x63, 0x6E, 0x31, 0x5D, 0x5B, 0x8D, 0xBD, 
-	0x3C, 0x17, 0xDA, 0xC9, 0x3A, 0xA0, 0x39, 0x1F, 0xDE, 0x8A, 
-	0xCC, 0x1E, 0x7D, 0x72, 0x25, 0x3B, 0x56, 0xFF, 0x8B, 0xBB, 
-	0xAF, 0x5A, 0xA7, 0x64, 0x2C, 0xF8, 0xA0, 0xC4, 0xF2, 0x70, 
-	0x57, 0xF0, 0xCF, 0x38, 0x48, 0x7C, 0x6C, 0xA2, 0x6A, 0xE2, 
-	0x55, 0xF4, 0xCF, 0xA9, 0x21, 0xB7, 0x3E, 0x42, 0xE1, 0xD8, 
-	0x11, 0x57, 0xE5, 0x40, 0xF1, 0x66, 0x95, 0xDF
+	0xBA, 0xD3, 0x02, 0x03, 0x01, 0x00, 0x01, 0xA3, 0x82, 0x01, 
+	0x07, 0x30, 0x82, 0x01, 0x03, 0x30, 0x1D, 0x06, 0x03, 0x55, 
+	0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0x33, 0xD8, 0x45, 0x66, 
+	0xD7, 0x68, 0x87, 0x18, 0x7E, 0x54, 0x0D, 0x70, 0x27, 0x91, 
+	0xC7, 0x26, 0xD7, 0x85, 0x65, 0xC0, 0x30, 0x81, 0xD3, 0x06, 
+	0x03, 0x55, 0x1D, 0x23, 0x04, 0x81, 0xCB, 0x30, 0x81, 0xC8, 
+	0x80, 0x14, 0x33, 0xD8, 0x45, 0x66, 0xD7, 0x68, 0x87, 0x18, 
+	0x7E, 0x54, 0x0D, 0x70, 0x27, 0x91, 0xC7, 0x26, 0xD7, 0x85, 
+	0x65, 0xC0, 0xA1, 0x81, 0xA4, 0xA4, 0x81, 0xA1, 0x30, 0x81, 
+	0x9E, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 
+	0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 
+	0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 
+	0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 
+	0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 
+	0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 
+	0x0C, 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x5F, 0x32, 
+	0x30, 0x34, 0x38, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 
+	0x04, 0x0B, 0x0C, 0x10, 0x50, 0x72, 0x6F, 0x67, 0x72, 0x61, 
+	0x6D, 0x6D, 0x69, 0x6E, 0x67, 0x2D, 0x32, 0x30, 0x34, 0x38, 
+	0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 
+	0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 
+	0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 
+	0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 
+	0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 
+	0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 
+	0x09, 0x00, 0xAA, 0x27, 0xB3, 0xC5, 0xA9, 0x72, 0x6E, 0x0D, 
+	0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 
+	0x03, 0x01, 0x01, 0xFF, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 
+	0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x03, 
+	0x82, 0x01, 0x01, 0x00, 0x51, 0x96, 0xA7, 0x1C, 0x26, 0x5D, 
+	0x1C, 0x90, 0xC6, 0x32, 0x9F, 0x96, 0x15, 0xF2, 0x1D, 0xE7, 
+	0x93, 0x9C, 0xAC, 0x75, 0x56, 0x95, 0xFD, 0x20, 0x70, 0xAB, 
+	0x45, 0x6A, 0x09, 0xB0, 0xF3, 0xF2, 0x03, 0xA8, 0xDB, 0xDC, 
+	0x2F, 0xBC, 0x1F, 0x87, 0x7A, 0xA3, 0xD4, 0x8F, 0xD5, 0x49, 
+	0x97, 0x7E, 0x3C, 0x54, 0xAC, 0xB1, 0xE3, 0xF0, 0x39, 0x0D, 
+	0xFE, 0x09, 0x9A, 0x23, 0xF6, 0x32, 0xA6, 0x41, 0x59, 0xBD, 
+	0x60, 0xE8, 0xBD, 0xDE, 0x00, 0x36, 0x6F, 0x3E, 0xE9, 0x41, 
+	0x6F, 0xA9, 0x63, 0xC7, 0xAA, 0xD5, 0x7B, 0xF3, 0xE4, 0x39, 
+	0x48, 0x9E, 0xF6, 0x60, 0xC6, 0xC6, 0x86, 0xD5, 0x72, 0x86, 
+	0x23, 0xCD, 0xF5, 0x6A, 0x63, 0x53, 0xA4, 0xF8, 0xFC, 0x51, 
+	0x6A, 0xCD, 0x60, 0x74, 0x8E, 0xA3, 0x86, 0x61, 0x01, 0x34, 
+	0x78, 0xF7, 0x29, 0x97, 0xB3, 0xA7, 0x34, 0xB6, 0x0A, 0xDE, 
+	0xB5, 0x71, 0x7A, 0x09, 0xA6, 0x3E, 0xD6, 0x82, 0x58, 0x89, 
+	0x67, 0x9C, 0xC5, 0x68, 0x62, 0xBA, 0x06, 0xD6, 0x39, 0xBB, 
+	0xCB, 0x3A, 0xC0, 0xE0, 0x63, 0x1F, 0xC7, 0x0C, 0x9C, 0x12, 
+	0x86, 0xEC, 0xF7, 0x39, 0x6A, 0x61, 0x93, 0xD0, 0x33, 0x14, 
+	0xC6, 0x55, 0x3B, 0xB6, 0xCF, 0x80, 0x5B, 0x8C, 0x43, 0xEF, 
+	0x43, 0x44, 0x0B, 0x3C, 0x93, 0x39, 0xA3, 0x4E, 0x15, 0xD1, 
+	0x0B, 0x5F, 0x84, 0x98, 0x1D, 0xCD, 0x9F, 0xA9, 0x47, 0xEB, 
+	0x3B, 0x56, 0x30, 0xB6, 0x76, 0x92, 0xC1, 0x48, 0x5F, 0xBC, 
+	0x95, 0xB0, 0x50, 0x1A, 0x55, 0xC8, 0x4E, 0x62, 0x47, 0x87, 
+	0x54, 0x64, 0x0C, 0x9B, 0x91, 0xFA, 0x43, 0xB3, 0x29, 0x48, 
+	0xBE, 0xE6, 0x12, 0xEB, 0xE3, 0x44, 0xC6, 0x52, 0xE4, 0x40, 
+	0xC6, 0x83, 0x95, 0x1B, 0xA7, 0x65, 0x27, 0x69, 0x73, 0x2F, 
+	0xC8, 0xA0, 0x4D, 0x7F, 0xBE, 0xEA, 0x9B, 0x67, 0xB2, 0x7B
+
 };
 static const int sizeof_client_cert_der_2048 = sizeof(client_cert_der_2048);
 
@@ -817,9 +824,9 @@ static const int sizeof_rsa_key_der_2048 = sizeof(rsa_key_der_2048);
 static const unsigned char ca_cert_der_2048[] =
 {
 	0x30, 0x82, 0x04, 0xAA, 0x30, 0x82, 0x03, 0x92, 0xA0, 0x03, 
-	0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xFA, 0x7D, 0x38, 0x9A, 
-	0x73, 0xFB, 0x12, 0x19, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 
-	0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 
+	0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xD9, 0x80, 0x3A, 0xC3, 
+	0xD2, 0xF4, 0xDA, 0x37, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 
+	0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x30, 
 	0x81, 0x94, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 
 	0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 
 	0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 
@@ -835,10 +842,10 @@ static const unsigned char ca_cert_der_2048[] =
 	0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 
 	0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 
 	0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 
-	0x30, 0x1E, 0x17, 0x0D, 0x31, 0x35, 0x30, 0x32, 0x30, 0x35, 
-	0x30, 0x36, 0x33, 0x33, 0x33, 0x30, 0x5A, 0x17, 0x0D, 0x31, 
-	0x37, 0x31, 0x31, 0x30, 0x31, 0x30, 0x36, 0x33, 0x33, 0x33, 
-	0x30, 0x5A, 0x30, 0x81, 0x94, 0x31, 0x0B, 0x30, 0x09, 0x06, 
+	0x30, 0x1E, 0x17, 0x0D, 0x31, 0x35, 0x30, 0x35, 0x30, 0x37, 
+	0x31, 0x38, 0x32, 0x31, 0x30, 0x31, 0x5A, 0x17, 0x0D, 0x31, 
+	0x38, 0x30, 0x31, 0x33, 0x31, 0x31, 0x38, 0x32, 0x31, 0x30, 
+	0x31, 0x5A, 0x30, 0x81, 0x94, 0x31, 0x0B, 0x30, 0x09, 0x06, 
 	0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 
 	0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 
 	0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 
@@ -906,36 +913,36 @@ static const unsigned char ca_cert_der_2048[] =
 	0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 
 	0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 
 	0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x09, 0x00, 
-	0xFA, 0x7D, 0x38, 0x9A, 0x73, 0xFB, 0x12, 0x19, 0x30, 0x0C, 
+	0xD9, 0x80, 0x3A, 0xC3, 0xD2, 0xF4, 0xDA, 0x37, 0x30, 0x0C, 
 	0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 
 	0x01, 0xFF, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 
-	0xF7, 0x0D, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x82, 0x01, 
-	0x01, 0x00, 0x2C, 0x02, 0x0C, 0xDE, 0xB2, 0x46, 0xA1, 0xD8, 
-	0x59, 0x0F, 0x08, 0x69, 0xAD, 0xD2, 0x52, 0x2E, 0xEE, 0x55, 
-	0x78, 0xBD, 0xBB, 0x71, 0xD2, 0xD7, 0xB7, 0xFE, 0x7B, 0x0F, 
-	0x8A, 0xBC, 0x6A, 0x25, 0xFD, 0xD4, 0x6D, 0x1D, 0xAB, 0x00, 
-	0xE2, 0x9D, 0xD6, 0x98, 0x21, 0x11, 0xA4, 0x41, 0xE0, 0x0D, 
-	0x4B, 0xA4, 0x38, 0x7F, 0x2E, 0x0C, 0xD6, 0x80, 0xDC, 0x30, 
-	0xD7, 0xCF, 0x19, 0x1B, 0x43, 0x2F, 0xE7, 0xB3, 0x99, 0x74, 
-	0x9C, 0xB4, 0x01, 0x69, 0xB1, 0xC3, 0x9B, 0x9F, 0x4A, 0x89, 
-	0x2F, 0x60, 0x38, 0xCB, 0x7C, 0xA1, 0x78, 0x93, 0x38, 0x5C, 
-	0xA8, 0xCA, 0x46, 0x0D, 0x23, 0x2D, 0x99, 0xA3, 0xCF, 0x0A, 
-	0x49, 0x38, 0xEB, 0x07, 0x06, 0x57, 0xCD, 0x4A, 0x55, 0x35, 
-	0x04, 0x08, 0x36, 0x30, 0xCA, 0x75, 0x69, 0x4B, 0x9A, 0x84, 
-	0x08, 0xC9, 0x23, 0x78, 0xA9, 0xF0, 0x80, 0xCE, 0x8A, 0x25, 
-	0xBB, 0x31, 0x07, 0x0E, 0x11, 0xE6, 0x4A, 0x95, 0x8C, 0x53, 
-	0xDF, 0x85, 0xD9, 0x48, 0x45, 0xCB, 0x5A, 0xEF, 0xDE, 0x92, 
-	0xC2, 0x88, 0x0E, 0xDA, 0xFF, 0x31, 0x6B, 0x4E, 0x52, 0x53, 
-	0x5F, 0xF3, 0xA8, 0x3A, 0x42, 0xF8, 0xE1, 0x0D, 0x0A, 0xC0, 
-	0x84, 0xAF, 0xEC, 0x21, 0xB3, 0xA7, 0x98, 0xB0, 0xC8, 0x6B, 
-	0x77, 0x04, 0xEF, 0xF5, 0x06, 0xA5, 0x51, 0x3B, 0x20, 0x6F, 
-	0xBF, 0x55, 0x80, 0x8C, 0xCF, 0xD4, 0x78, 0xEE, 0xA2, 0xD9, 
-	0xE3, 0x52, 0x34, 0x9A, 0x17, 0x3D, 0x87, 0x10, 0x4D, 0x23, 
-	0x21, 0x38, 0x9B, 0x35, 0xF7, 0x18, 0xAC, 0x34, 0xBD, 0x18, 
-	0xAE, 0xA4, 0xE2, 0x32, 0x2F, 0x5D, 0xA4, 0x41, 0x4C, 0xBC, 
-	0xAA, 0x88, 0xB7, 0x9E, 0x45, 0x14, 0x92, 0xE9, 0xE8, 0xEE, 
-	0xFC, 0x1D, 0x28, 0xF5, 0x59, 0xFD, 0xDE, 0xBD, 0x3D, 0x73, 
-	0xDD, 0xB4, 0x9F, 0x2E, 0x77, 0xC0, 0x75, 0x41
+	0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x03, 0x82, 0x01, 
+	0x01, 0x00, 0x7A, 0xAF, 0x44, 0x3B, 0xAA, 0x6F, 0x53, 0x42, 
+	0xB2, 0x33, 0xAA, 0x43, 0x5F, 0x56, 0x30, 0xD3, 0xB9, 0x96, 
+	0x0B, 0x9A, 0x55, 0x5A, 0x39, 0x2A, 0x0B, 0x4E, 0xE4, 0x2E, 
+	0xF1, 0x95, 0x66, 0xC9, 0x86, 0x36, 0x82, 0x8D, 0x63, 0x7C, 
+	0x4D, 0xA2, 0xEE, 0x48, 0xBA, 0x03, 0xC7, 0x90, 0xD7, 0xA7, 
+	0xC6, 0x74, 0x60, 0x48, 0x5F, 0x31, 0xA2, 0xF9, 0x5E, 0x3E, 
+	0xC3, 0x82, 0xE1, 0xE5, 0x2F, 0x41, 0x81, 0x83, 0x29, 0x25, 
+	0x79, 0xD1, 0x53, 0x00, 0x69, 0x3C, 0xED, 0x0A, 0x30, 0x3B, 
+	0x41, 0x1D, 0x92, 0xA1, 0x2C, 0xA8, 0x9D, 0x2C, 0xE3, 0x23, 
+	0x87, 0x79, 0xE0, 0x55, 0x6E, 0x91, 0xA8, 0x50, 0xDA, 0x46, 
+	0x2F, 0xC2, 0x20, 0x50, 0x3E, 0x2B, 0x47, 0x97, 0x14, 0xB0, 
+	0x7D, 0x04, 0xBA, 0x45, 0x51, 0xD0, 0x6E, 0xE1, 0x5A, 0xA2, 
+	0x4B, 0x84, 0x9C, 0x4D, 0xCD, 0x85, 0x04, 0xF9, 0x28, 0x31, 
+	0x82, 0x93, 0xBC, 0xC7, 0x59, 0x49, 0x91, 0x03, 0xE8, 0xDF, 
+	0x6A, 0xE4, 0x56, 0xAD, 0x6A, 0xCB, 0x1F, 0x0D, 0x37, 0xE4, 
+	0x5E, 0xBD, 0xE7, 0x9F, 0xD5, 0xEC, 0x9D, 0x3C, 0x18, 0x25, 
+	0x9B, 0xF1, 0x2F, 0x50, 0x7D, 0xEB, 0x31, 0xCB, 0xF1, 0x63, 
+	0x22, 0x9D, 0x57, 0xFC, 0xF3, 0x84, 0x20, 0x1A, 0xC6, 0x07, 
+	0x87, 0x92, 0x26, 0x9E, 0x15, 0x18, 0x59, 0x33, 0x06, 0xDC, 
+	0xFB, 0xB0, 0xB6, 0x76, 0x5D, 0xF1, 0xC1, 0x2F, 0xC8, 0x2F, 
+	0x62, 0x9C, 0xC0, 0xD6, 0xDE, 0xEB, 0x65, 0x77, 0xF3, 0x5C, 
+	0xA6, 0xC3, 0x88, 0x27, 0x96, 0x75, 0xB4, 0xF4, 0x54, 0xCD, 
+	0xFF, 0x2D, 0x21, 0x2E, 0x96, 0xF0, 0x07, 0x73, 0x4B, 0xE9, 
+	0x93, 0x92, 0x90, 0xDE, 0x62, 0xD9, 0xA3, 0x3B, 0xAC, 0x6E, 
+	0x24, 0x5F, 0x27, 0x4A, 0xB3, 0x94, 0x70, 0xFF, 0x30, 0x17, 
+	0xE7, 0x7E, 0x32, 0x8F, 0x65, 0xB7, 0x75, 0x58
 };
 static const int sizeof_ca_cert_der_2048 = sizeof(ca_cert_der_2048);
 
@@ -1070,7 +1077,7 @@ static const unsigned char server_cert_der_2048[] =
 {
 	0x30, 0x82, 0x04, 0x9E, 0x30, 0x82, 0x03, 0x86, 0xA0, 0x03, 
 	0x02, 0x01, 0x02, 0x02, 0x01, 0x01, 0x30, 0x0D, 0x06, 0x09, 
-	0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x05, 0x05, 
+	0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 
 	0x00, 0x30, 0x81, 0x94, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 
 	0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 
 	0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 
@@ -1086,10 +1093,10 @@ static const unsigned char server_cert_der_2048[] =
 	0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 
 	0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 
 	0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 
-	0x6F, 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x35, 0x30, 0x32, 
-	0x30, 0x35, 0x30, 0x36, 0x33, 0x33, 0x33, 0x30, 0x5A, 0x17, 
-	0x0D, 0x31, 0x37, 0x31, 0x31, 0x30, 0x31, 0x30, 0x36, 0x33, 
-	0x33, 0x33, 0x30, 0x5A, 0x30, 0x81, 0x90, 0x31, 0x0B, 0x30, 
+	0x6F, 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x35, 0x30, 0x35, 
+	0x30, 0x37, 0x31, 0x38, 0x32, 0x31, 0x30, 0x31, 0x5A, 0x17, 
+	0x0D, 0x31, 0x38, 0x30, 0x31, 0x33, 0x31, 0x31, 0x38, 0x32, 
+	0x31, 0x30, 0x31, 0x5A, 0x30, 0x81, 0x90, 0x31, 0x0B, 0x30, 
 	0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 
 	0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 
 	0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 
@@ -1156,37 +1163,37 @@ static const unsigned char server_cert_der_2048[] =
 	0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 
 	0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 
 	0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 
-	0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x09, 0x00, 0xFA, 0x7D, 
-	0x38, 0x9A, 0x73, 0xFB, 0x12, 0x19, 0x30, 0x0C, 0x06, 0x03, 
+	0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x09, 0x00, 0xD9, 0x80, 
+	0x3A, 0xC3, 0xD2, 0xF4, 0xDA, 0x37, 0x30, 0x0C, 0x06, 0x03, 
 	0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 
 	0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 
-	0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 
-	0x4E, 0x0E, 0x2C, 0xDE, 0xAB, 0xBB, 0xE9, 0x9E, 0xAB, 0x65, 
-	0x0F, 0xC8, 0x9A, 0xDA, 0xCA, 0xAE, 0xA7, 0x87, 0x3F, 0x15, 
-	0x06, 0xEE, 0x7D, 0x22, 0x88, 0x8E, 0xB0, 0x88, 0xFC, 0xB8, 
-	0xB4, 0x69, 0x39, 0xBF, 0xCA, 0x49, 0x65, 0x75, 0x01, 0x90, 
-	0x85, 0x8B, 0xAF, 0x08, 0xF1, 0xCE, 0xAC, 0x2E, 0xAD, 0x30, 
-	0x34, 0x80, 0x58, 0x77, 0xEE, 0xBC, 0xBB, 0x9B, 0x74, 0xC2, 
-	0x9C, 0x91, 0xB5, 0x93, 0xE2, 0xF1, 0x33, 0x83, 0xB8, 0x0B, 
-	0x7E, 0x0C, 0x58, 0x0F, 0x2E, 0x91, 0xD0, 0xFB, 0x53, 0xF4, 
-	0x68, 0xD7, 0x36, 0x24, 0x85, 0xEC, 0xD6, 0x23, 0x5B, 0x8E, 
-	0x7E, 0x3B, 0x76, 0x6A, 0xA1, 0x60, 0xC0, 0x29, 0xA5, 0x2E, 
-	0xBB, 0xE9, 0x02, 0xBD, 0xBC, 0xA5, 0x6B, 0xCB, 0x3D, 0xFD, 
-	0xA5, 0xD3, 0x66, 0x84, 0x76, 0x58, 0x46, 0x7A, 0x09, 0x31, 
-	0xB5, 0xB9, 0x43, 0xBB, 0x35, 0x13, 0x1F, 0x32, 0x21, 0x94, 
-	0xC4, 0x08, 0xE7, 0x16, 0xAB, 0x29, 0xDA, 0xBF, 0x8D, 0xD1, 
-	0x30, 0xA9, 0xA0, 0xEF, 0xA6, 0xDA, 0xFA, 0xF0, 0x50, 0x21, 
-	0x6F, 0xE9, 0x37, 0xA6, 0x87, 0x63, 0x8A, 0x7C, 0x68, 0x74, 
-	0xAB, 0x33, 0x39, 0x1F, 0xEA, 0xD1, 0xCE, 0x2C, 0x7F, 0xB5, 
-	0xEB, 0x4A, 0x51, 0x9C, 0xBA, 0xB5, 0xC2, 0x20, 0xE5, 0x5F, 
-	0xD4, 0x70, 0x28, 0xA9, 0x80, 0x08, 0xEB, 0x8D, 0x3E, 0xEE, 
-	0xFB, 0x71, 0x47, 0x96, 0x2A, 0x2D, 0xC7, 0x79, 0x0E, 0xA7, 
-	0xF9, 0xBA, 0x24, 0x79, 0xFB, 0xA5, 0x2F, 0xC5, 0xEB, 0x91, 
-	0xB2, 0x18, 0x5F, 0x6D, 0xC1, 0x18, 0xD8, 0x68, 0x95, 0x12, 
-	0xCC, 0x68, 0xF9, 0xD1, 0x06, 0x86, 0xB1, 0x48, 0xB0, 0x5A, 
-	0x00, 0xB5, 0x04, 0x2E, 0x50, 0x37, 0xBC, 0x2F, 0xF5, 0x57, 
-	0xD2, 0x49, 0x17, 0x43, 0x5D, 0x2F, 0x64, 0x01, 0x3B, 0x6A, 
-	0x09, 0x44, 0xA6, 0xE2, 0x1E, 0x04
+	0x01, 0x01, 0x0B, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 
+	0x67, 0xC0, 0x2C, 0xA9, 0x43, 0x47, 0xE7, 0x11, 0x14, 0x77, 
+	0xAE, 0xCC, 0xD8, 0xE0, 0x6B, 0x23, 0x82, 0x91, 0x63, 0xE8, 
+	0xA8, 0x0D, 0x21, 0xC5, 0xC8, 0x47, 0x97, 0x2F, 0xD5, 0xF3, 
+	0x86, 0xFB, 0x6C, 0xCE, 0x25, 0xF9, 0x7C, 0x78, 0xC8, 0x3A, 
+	0x22, 0x68, 0xF2, 0x16, 0x1E, 0xD2, 0xD2, 0x3F, 0x24, 0x04, 
+	0x87, 0xF2, 0xB7, 0xC1, 0x62, 0x63, 0xBA, 0xC5, 0xFA, 0xAE, 
+	0xD2, 0x20, 0x81, 0x1A, 0xD2, 0x0C, 0xAE, 0x26, 0x6B, 0x1B, 
+	0x2B, 0x10, 0xD3, 0xE1, 0x9A, 0x4E, 0x64, 0x6C, 0x97, 0xDB, 
+	0x36, 0xA8, 0x8F, 0xF8, 0x05, 0x63, 0xBF, 0xBA, 0x0D, 0x88, 
+	0x0B, 0x87, 0x46, 0xC9, 0xE4, 0x64, 0xE3, 0xD7, 0xBD, 0xB8, 
+	0x2D, 0xD5, 0xC1, 0xC3, 0xC4, 0xDB, 0x55, 0x68, 0xDC, 0xA3, 
+	0x7A, 0x40, 0xB9, 0xA9, 0xF6, 0x04, 0x4A, 0x22, 0xCF, 0x98, 
+	0x76, 0x1C, 0xE4, 0xA3, 0xFF, 0x79, 0x19, 0x96, 0x57, 0x63, 
+	0x07, 0x6F, 0xF6, 0x32, 0x77, 0x16, 0x50, 0x9B, 0xE3, 0x34, 
+	0x18, 0xD4, 0xEB, 0xBE, 0xFD, 0xB6, 0x6F, 0xE3, 0xC7, 0xF6, 
+	0x85, 0xBF, 0xAC, 0x32, 0xAD, 0x98, 0x57, 0xBE, 0x13, 0x92, 
+	0x44, 0x10, 0xA5, 0xF3, 0xAE, 0xE2, 0x66, 0xDA, 0x44, 0xA9, 
+	0x94, 0x71, 0x3F, 0xD0, 0x2F, 0x20, 0x59, 0x87, 0xE4, 0x5A, 
+	0x40, 0xEE, 0xD2, 0xE4, 0x0C, 0xCE, 0x25, 0x94, 0xDC, 0x0F, 
+	0xFE, 0x38, 0xE0, 0x41, 0x52, 0x34, 0x5C, 0xBB, 0xC3, 0xDB, 
+	0xC1, 0x5F, 0x76, 0xC3, 0x5D, 0x0E, 0x32, 0x69, 0x2B, 0x9D, 
+	0x01, 0xED, 0x50, 0x1B, 0x4F, 0x77, 0xA9, 0xA9, 0xD8, 0x71, 
+	0x30, 0xCB, 0x2E, 0x2C, 0x70, 0x00, 0xAB, 0x78, 0x4B, 0xD7, 
+	0x15, 0xD9, 0x17, 0xF8, 0x64, 0xB2, 0xF7, 0x3A, 0xDA, 0xE1, 
+	0x0B, 0x8B, 0x0A, 0xE1, 0x4E, 0xB1, 0x03, 0x46, 0x14, 0xCA, 
+	0x94, 0xE3, 0x44, 0x77, 0xD7, 0x59
 };
 static const int sizeof_server_cert_der_2048 = sizeof(server_cert_der_2048);
 

From c52b7160e9811195de68c4788776873cb2682de5 Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Thu, 7 May 2015 12:15:58 -0700
Subject: [PATCH 065/350] fix ipv6 external test case

---
 configure.ac       | 2 ++
 scripts/include.am | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/configure.ac b/configure.ac
index 148fbc3db..e707f8657 100644
--- a/configure.ac
+++ b/configure.ac
@@ -184,6 +184,8 @@ then
     AM_CFLAGS="$AM_CFLAGS -DTEST_IPV6"
 fi
 
+AM_CONDITIONAL([BUILD_IPV6], [test "x$ENABLED_IPV6" = "xyes"])
+
 
 # Fortress build 
 AC_ARG_ENABLE([fortress],
diff --git a/scripts/include.am b/scripts/include.am
index 091f3d7a4..0591e2813 100644
--- a/scripts/include.am
+++ b/scripts/include.am
@@ -10,7 +10,9 @@ endif
 
 if BUILD_EXAMPLES
 dist_noinst_SCRIPTS+= scripts/resume.test
+if !BUILD_IPV6
 dist_noinst_SCRIPTS+= scripts/external.test
 endif
+endif
 
 EXTRA_DIST +=  scripts/testsuite.pcap

From 4fe04c6bed74ff312a31e5c7faf1e5036d055652 Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Thu, 7 May 2015 12:50:27 -0700
Subject: [PATCH 066/350] detect build cases where external script test case
 doesn't make sense

---
 examples/client/client.c | 30 +++++++++++++++++++++++++++++-
 scripts/external.test    |  2 +-
 2 files changed, 30 insertions(+), 2 deletions(-)

diff --git a/examples/client/client.c b/examples/client/client.c
index afdbc2d86..ee5dae9ca 100644
--- a/examples/client/client.c
+++ b/examples/client/client.c
@@ -148,6 +148,7 @@ static void Usage(void)
 #endif
     printf("-f          Fewer packets/group messages\n");
     printf("-x          Disable client cert/key loading\n");
+    printf("-X          Driven by eXternal test case\n");
 #ifdef SHOW_SIZES
     printf("-z          Print structure sizes\n");
 #endif
@@ -213,6 +214,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
     int    resumeSession = 0;
     int    wc_shutdown   = 0;
     int    disableCRL    = 0;
+    int    externalTest  = 0;
     int    ret;
     int    scr           = 0;    /* allow secure renegotiation */
     int    forceScr      = 0;    /* force client initiaed scr */
@@ -271,7 +273,8 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
     StackTrap();
 
     while ((ch = mygetopt(argc, argv,
-                          "?gdDusmNrwRitfxUPCh:p:v:l:A:c:k:b:zS:L:ToO:a")) != -1) {
+                          "?gdDusmNrwRitfxXUPCh:p:v:l:A:c:k:b:zS:L:ToO:a"))
+                                                                        != -1) {
         switch (ch) {
             case '?' :
                 Usage();
@@ -315,6 +318,10 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
                 useClientCert = 0;
                 break;
 
+            case 'X' :
+                externalTest = 1;
+                break;
+
             case 'f' :
                 fewerPackets = 1;
                 break;
@@ -457,6 +464,27 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
 
     myoptind = 0;      /* reset for test cases */
 
+    if (externalTest) {
+        /* detect build cases that wouldn't allow test against wolfssl.com */
+        int done = 0;
+        (void)done;
+
+        #ifdef NO_RSA
+            done = 1;
+        #endif
+
+        #ifndef NO_PSK
+            done = 1;
+        #endif
+
+        if (done) {
+            printf("external test can't be run in this mode");
+
+            ((func_args*)args)->return_code = 0;
+            exit(EXIT_SUCCESS);
+        }
+    }
+
     /* sort out DTLS versus TLS versions */
     if (version == CLIENT_INVALID_VERSION) {
         if (doDTLS)
diff --git a/scripts/external.test b/scripts/external.test
index 9b2668d80..1d6cb7e12 100755
--- a/scripts/external.test
+++ b/scripts/external.test
@@ -13,7 +13,7 @@ RESULT=$?
 [ $RESULT -ne 0 ] && echo -e "\n\nCouldn't find $server, skipping" && exit 0
 
 # client test against the server
-./examples/client/client -C -h $server -p 443 -g -A $ca
+./examples/client/client -X -C -h $server -p 443 -g -A $ca
 RESULT=$?
 [ $RESULT -ne 0 ] && echo -e "\n\nClient connection failed" && exit 1
 

From 8f8fb3834aff9d7f8b0fbed54a5acae2be2300cd Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Thu, 7 May 2015 14:24:58 -0700
Subject: [PATCH 067/350] reduce benchmark stack use, reduce max variable sizes

---
 wolfcrypt/benchmark/benchmark.c | 69 +++++++++++++--------------------
 1 file changed, 28 insertions(+), 41 deletions(-)

diff --git a/wolfcrypt/benchmark/benchmark.c b/wolfcrypt/benchmark/benchmark.c
index 66c905f9b..9c27980e7 100644
--- a/wolfcrypt/benchmark/benchmark.c
+++ b/wolfcrypt/benchmark/benchmark.c
@@ -93,6 +93,11 @@
     #define SHOW_INTEL_CYCLES
 #endif
 
+/* let's use buffers, we have them */
+#if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048)
+    #define USE_CERT_BUFFERS_2048
+#endif
+
 #if defined(USE_CERT_BUFFERS_1024) || defined(USE_CERT_BUFFERS_2048) \
                                    || !defined(NO_DH)
     /* include test cert and key buffers for use with NO_FILESYSTEM */
@@ -1127,38 +1132,30 @@ void bench_rsa(void)
 {
     int    i;
     int    ret;
-    byte   tmp[3072];
     size_t bytes;
     word32 idx = 0;
+    const byte* tmp;
 
     byte      message[] = "Everyone gets Friday off.";
-    byte      enc[512];  /* for up to 4096 bit */
+    byte      enc[256];  /* for up to 2048 bit */
     const int len = (int)strlen((char*)message);
     double    start, total, each, milliEach;
-    
+
     RsaKey rsaKey;
     int    rsaKeySz = 2048; /* used in printf */
 
 #ifdef USE_CERT_BUFFERS_1024
-    XMEMCPY(tmp, rsa_key_der_1024, sizeof_rsa_key_der_1024);
+    tmp = rsa_key_der_1024;
     bytes = sizeof_rsa_key_der_1024;
     rsaKeySz = 1024;
 #elif defined(USE_CERT_BUFFERS_2048)
-    XMEMCPY(tmp, rsa_key_der_2048, sizeof_rsa_key_der_2048);
+    tmp = rsa_key_der_2048;
     bytes = sizeof_rsa_key_der_2048;
 #else
-    FILE*  file = fopen(certRSAname, "rb");
-
-    if (!file) {
-        printf("can't find %s, Please run from wolfSSL home dir\n", certRSAname);
-        return;
-    }
-    
-    bytes = fread(tmp, 1, sizeof(tmp), file);
-    fclose(file);
+    #error "need a cert buffer size"
 #endif /* USE_CERT_BUFFERS */
 
-		
+
 #ifdef HAVE_CAVIUM
     if (wc_RsaInitCavium(&rsaKey, CAVIUM_DEV_ID) != 0)
         printf("RSA init cavium failed\n");
@@ -1169,7 +1166,7 @@ void bench_rsa(void)
         return;
     }
     ret = wc_RsaPrivateKeyDecode(tmp, &idx, &rsaKey, (word32)bytes);
-    
+
     start = current_time(1);
 
     for (i = 0; i < ntimes; i++)
@@ -1190,7 +1187,7 @@ void bench_rsa(void)
     start = current_time(1);
 
     for (i = 0; i < ntimes; i++) {
-         byte  out[512];  /* for up to 4096 bit */
+         byte  out[256];  /* for up to 2048 bit */
          wc_RsaPrivateDecrypt(enc, (word32)ret, out, sizeof(out), &rsaKey);
     }
 
@@ -1229,16 +1226,16 @@ void bench_rsa(void)
 void bench_dh(void)
 {
     int    i ;
-    byte   tmp[1024];
     size_t bytes;
     word32 idx = 0, pubSz, privSz = 0, pubSz2, privSz2, agreeSz;
+    const byte* tmp;
 
     byte   pub[256];    /* for 2048 bit */
-    byte   priv[256];   /* for 2048 bit */
     byte   pub2[256];   /* for 2048 bit */
-    byte   priv2[256];  /* for 2048 bit */
     byte   agree[256];  /* for 2048 bit */
-    
+    byte   priv[32];    /* for 2048 bit */
+    byte   priv2[32];   /* for 2048 bit */
+
     double start, total, each, milliEach;
     DhKey  dhKey;
     int    dhKeySz = 2048; /* used in printf */
@@ -1246,26 +1243,19 @@ void bench_dh(void)
     (void)idx;
     (void)tmp;
 
-	
+
 #ifdef USE_CERT_BUFFERS_1024
-    XMEMCPY(tmp, dh_key_der_1024, sizeof_dh_key_der_1024);
+    tmp = dh_key_der_1024;
     bytes = sizeof_dh_key_der_1024;
     dhKeySz = 1024;
 #elif defined(USE_CERT_BUFFERS_2048)
-    XMEMCPY(tmp, dh_key_der_2048, sizeof_dh_key_der_2048);
+    tmp = dh_key_der_2048;
     bytes = sizeof_dh_key_der_2048;
 #elif defined(NO_ASN)
     dhKeySz = 1024;
     /* do nothing, but don't use default FILE */
 #else
-    FILE*  file = fopen(certDHname, "rb");
-
-    if (!file) {
-        printf("can't find %s,  Please run from wolfSSL home dir\n", certDHname);
-        return;
-    }
-
-    bytes = fread(tmp, 1, sizeof(tmp), file);
+    #error "need to define a cert buffer size"
 #endif /* USE_CERT_BUFFERS */
 
 		
@@ -1274,9 +1264,6 @@ void bench_dh(void)
     bytes = wc_DhSetKey(&dhKey, dh_p, sizeof(dh_p), dh_g, sizeof(dh_g));
 #else
     bytes = wc_DhKeyDecode(tmp, &idx, &dhKey, (word32)bytes);
-    #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048)
-        fclose(file);
-    #endif
 #endif
     if (bytes != 0) {
         printf("dhekydecode failed, can't benchmark\n");
@@ -1576,11 +1563,11 @@ void bench_eccKeyAgree(void)
     ecc_key genKey, genKey2;
     double start, total, each, milliEach;
     int    i, ret;
-    byte   shared[1024];
-    byte   sig[1024];
+    byte   shared[32];
+    byte   sig[64+16];  /* der encoding too */
     byte   digest[32];
     word32 x = 0;
- 
+
     wc_ecc_init(&genKey);
     wc_ecc_init(&genKey2);
 
@@ -1595,7 +1582,7 @@ void bench_eccKeyAgree(void)
         return;
     }
 
-    /* 256 bit */ 
+    /* 256 bit */
     start = current_time(1);
 
     for(i = 0; i < agreeTimes; i++) {
@@ -1603,7 +1590,7 @@ void bench_eccKeyAgree(void)
         ret = wc_ecc_shared_secret(&genKey, &genKey2, shared, &x);
         if (ret != 0) {
             printf("ecc_shared_secret failed\n");
-            return; 
+            return;
         }
     }
 
@@ -1686,7 +1673,7 @@ void bench_curve25519KeyAgree(void)
     curve25519_key genKey, genKey2;
     double start, total, each, milliEach;
     int    i, ret;
-    byte   shared[1024];
+    byte   shared[32];
     word32 x = 0;
 
     wc_curve25519_init(&genKey);

From d4982bb9884ade03cece09f3fc5b221de39b2454 Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Thu, 7 May 2015 15:10:33 -0700
Subject: [PATCH 068/350] add dsa verify input check, not used at TLS or
 default

---
 wolfcrypt/src/dsa.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/wolfcrypt/src/dsa.c b/wolfcrypt/src/dsa.c
index ac0d3b75b..4de4d8196 100644
--- a/wolfcrypt/src/dsa.c
+++ b/wolfcrypt/src/dsa.c
@@ -174,7 +174,12 @@ int wc_DsaVerify(const byte* digest, const byte* sig, DsaKey* key, int* answer)
         ret = MP_READ_E;
 
     /* sanity checks */
-
+    if (ret == 0) {
+        if (mp_iszero(&r) == MP_YES || mp_iszero(&s) == MP_YES ||
+                mp_cmp(&r, &key->q) != MP_LT || mp_cmp(&s, &key->q) != MP_LT) {
+            ret = MP_ZERO_E;
+        }
+    }
 
     /* put H into u1 from sha digest */
     if (ret == 0 && mp_read_unsigned_bin(&u1,digest,SHA_DIGEST_SIZE) != MP_OKAY)

From d2c53c32295e7f6836d59a80ca39cf54432cfafc Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Thu, 7 May 2015 15:25:20 -0700
Subject: [PATCH 069/350] reduce wolfcrypt test stack use, curve25519

---
 wolfcrypt/test/test.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c
index ab617ca47..4bf7427b5 100644
--- a/wolfcrypt/test/test.c
+++ b/wolfcrypt/test/test.c
@@ -5241,10 +5241,10 @@ int ecc_encrypt_test(void)
 int curve25519_test(void)
 {
     RNG     rng;
-    byte    sharedA[1024];
-    byte    sharedB[1024];
+    byte    sharedA[32];
+    byte    sharedB[32];
+    byte    exportBuf[32];
     word32  x, y;
-    byte    exportBuf[1024];
     curve25519_key userA, userB, pubKey;
 
     /* test vectors from

From dde4b294627eb10847ce8619dacb510011c109de Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Sat, 9 May 2015 11:04:47 -0700
Subject: [PATCH 070/350] add handshake done callback with ability to end
 connection

---
 examples/server/server.c | 20 ++++++++++++++++++++
 src/ssl.c                | 39 +++++++++++++++++++++++++++++++++++++++
 wolfssl/internal.h       |  4 ++++
 wolfssl/ssl.h            |  6 ++++++
 4 files changed, 69 insertions(+)

diff --git a/examples/server/server.c b/examples/server/server.c
index 50fb5a389..3c8ac1e65 100644
--- a/examples/server/server.c
+++ b/examples/server/server.c
@@ -60,6 +60,10 @@
     Timeval srvTo;
 #endif
 
+#ifndef NO_HANDSHAKE_DONE_CB
+    int myHsDoneCb(WOLFSSL* ssl, void* user_ctx);
+#endif
+
 
 static void NonBlockingSSL_Accept(SSL* ssl)
 {
@@ -534,6 +538,9 @@ while (1) {  /* allow resume option */
     if (ssl == NULL)
         err_sys("unable to get SSL");
 
+#ifndef NO_HANDSHAKE_DONE_CB
+    wolfSSL_SetHsDoneCb(ssl, myHsDoneCb, NULL);
+#endif
 #ifdef HAVE_CRL
     CyaSSL_EnableCRL(ssl, 0);
     CyaSSL_LoadCRL(ssl, crlPemDir, SSL_FILETYPE_PEM, CYASSL_CRL_MONITOR |
@@ -712,3 +719,16 @@ while (1) {  /* allow resume option */
 
 #endif
 
+#ifndef NO_HANDSHAKE_DONE_CB
+    int myHsDoneCb(WOLFSSL* ssl, void* user_ctx)
+    {
+        (void)user_ctx;
+        (void)ssl;
+
+        /* printf("Notified HandShake done\n"); */
+
+        /* return negative number to end TLS connection now */
+        return 0;
+    }
+#endif
+
diff --git a/src/ssl.c b/src/ssl.c
index ee0d473f0..1c027ac34 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -5289,6 +5289,16 @@ int wolfSSL_dtls_got_timeout(WOLFSSL* ssl)
             WOLFSSL_MSG("connect state: SECOND_REPLY_DONE");
 
         case SECOND_REPLY_DONE:
+#ifndef NO_HANDSHAKE_DONE_CB
+            if (ssl->hsDoneCb) {
+                int cbret = ssl->hsDoneCb(ssl, ssl->hsDoneCtx);
+                if (cbret < 0) {
+                    ssl->error = cbret;
+                    WOLFSSL_MSG("HandShake Done Cb don't continue error");
+                    return SSL_FATAL_ERROR;
+                }
+            }
+#endif /* NO_HANDSHAKE_DONE_CB */
             FreeHandshakeResources(ssl);
             WOLFSSL_LEAVE("SSL_connect()", SSL_SUCCESS);
             return SSL_SUCCESS;
@@ -5576,6 +5586,16 @@ int wolfSSL_dtls_got_timeout(WOLFSSL* ssl)
             WOLFSSL_MSG("accept state ACCEPT_THIRD_REPLY_DONE");
 
         case ACCEPT_THIRD_REPLY_DONE :
+#ifndef NO_HANDSHAKE_DONE_CB
+            if (ssl->hsDoneCb) {
+                int cbret = ssl->hsDoneCb(ssl, ssl->hsDoneCtx);
+                if (cbret < 0) {
+                    ssl->error = cbret;
+                    WOLFSSL_MSG("HandShake Done Cb don't continue error");
+                    return SSL_FATAL_ERROR;
+                }
+            }
+#endif /* NO_HANDSHAKE_DONE_CB */
             FreeHandshakeResources(ssl);
             WOLFSSL_LEAVE("SSL_accept()", SSL_SUCCESS);
             return SSL_SUCCESS;
@@ -5589,6 +5609,25 @@ int wolfSSL_dtls_got_timeout(WOLFSSL* ssl)
 #endif /* NO_WOLFSSL_SERVER */
 
 
+#ifndef NO_HANDSHAKE_DONE_CB
+
+int wolfSSL_SetHsDoneCb(WOLFSSL* ssl, HandShakeDoneCb cb, void* user_ctx)
+{
+    WOLFSSL_ENTER("wolfSSL_SetHsDoneCb");
+
+    if (ssl == NULL)
+        return BAD_FUNC_ARG;
+
+    ssl->hsDoneCb  = cb;
+    ssl->hsDoneCtx = user_ctx;
+
+
+    return SSL_SUCCESS;
+}
+
+#endif /* NO_HANDSHAKE_DONE_CB */
+
+
 int wolfSSL_Cleanup(void)
 {
     int ret = SSL_SUCCESS;
diff --git a/wolfssl/internal.h b/wolfssl/internal.h
index 3ead47d88..d95c2f97d 100644
--- a/wolfssl/internal.h
+++ b/wolfssl/internal.h
@@ -2111,6 +2111,10 @@ struct WOLFSSL {
     void*           verifyCbCtx;        /* cert verify callback user ctx*/
     VerifyCallback  verifyCallback;     /* cert verification callback */
     void*           heap;               /* for user overrides */
+#ifndef NO_HANDSHAKE_DONE_CB
+    HandShakeDoneCb hsDoneCb;          /*  notify user handshake done */
+    void*           hsDoneCtx;         /*  user handshake cb context  */
+#endif
     WOLFSSL_CIPHER  cipher;
     hmacfp          hmac;
     Ciphers         encrypt;
diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h
index 2f72c4c65..9b9884989 100644
--- a/wolfssl/ssl.h
+++ b/wolfssl/ssl.h
@@ -1375,6 +1375,12 @@ WOLFSSL_API int wolfSSL_set_SessionTicket_cb(WOLFSSL*,
 #define WOLFSSL_CRL_MONITOR   0x01   /* monitor this dir flag */
 #define WOLFSSL_CRL_START_MON 0x02   /* start monitoring flag */
 
+
+/* notify user the hanshake is done */
+typedef int (*HandShakeDoneCb)(WOLFSSL*, void*);
+WOLFSSL_API int wolfSSL_SetHsDoneCb(WOLFSSL*, HandShakeDoneCb, void*);
+
+
 WOLFSSL_API int wolfSSL_PrintSessionStats(void);
 WOLFSSL_API int wolfSSL_get_session_stats(unsigned int* active,
                                           unsigned int* total,

From 513b43baaeb619131b86ffde67a3fbd4f56432c3 Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Mon, 11 May 2015 12:03:53 -0700
Subject: [PATCH 071/350] update CUSTOM_RAND_GENERATE to not include dev random
 files

---
 wolfcrypt/src/random.c | 20 +++++++++++---------
 1 file changed, 11 insertions(+), 9 deletions(-)

diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c
index 85f96d3c4..22b49cbf8 100755
--- a/wolfcrypt/src/random.c
+++ b/wolfcrypt/src/random.c
@@ -100,8 +100,8 @@ int  wc_RNG_GenerateByte(RNG* rng, byte* b)
     #include <windows.h>
     #include <wincrypt.h>
 #else
-    #if !defined(NO_DEV_RANDOM) && !defined(WOLFSSL_MDK_ARM) \
-                                && !defined(WOLFSSL_IAR_ARM)
+    #if !defined(NO_DEV_RANDOM) && !defined(CUSTOM_RAND_GENERATE) && \
+                          !defined(WOLFSSL_MDK_ARM) && !defined(WOLFSSL_IAR_ARM)
             #include <fcntl.h>
         #ifndef EBSNET
             #include <unistd.h>
@@ -1164,15 +1164,17 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
     * word32 rand_gen(void);
     * #define CUSTOM_RAND_GENERATE  rand_gen  */
 
-   int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
-   {
-     int i;
+    int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
+    {
+        word32 i;
 
-     for (i = 0; i < sz; i++ )
-         output[i] = CUSTOM_RAND_GENERATE();
+        (void)os;
 
-     return 0;
-   }
+        for (i = 0; i < sz; i++ )
+            output[i] = CUSTOM_RAND_GENERATE();
+
+        return 0;
+    }
 
 #elif defined(NO_DEV_RANDOM)
 

From 0b1ea204b7ad1b2f76e229ac099beca69ee8d17c Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Tue, 12 May 2015 11:59:07 -0700
Subject: [PATCH 072/350] cleaned up Windows build warnings

---
 wolfcrypt/src/random.c | 4 ++--
 wolfcrypt/test/test.c  | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c
index 22b49cbf8..d1786e5b1 100755
--- a/wolfcrypt/src/random.c
+++ b/wolfcrypt/src/random.c
@@ -338,13 +338,13 @@ static INLINE void array_add(byte* d, word32 dLen, const byte* s, word32 sLen)
         for (sIdx = sLen - 1, dIdx = dLen - 1; sIdx >= 0; dIdx--, sIdx--)
         {
             carry += d[dIdx] + s[sIdx];
-            d[dIdx] = carry;
+            d[dIdx] = (byte)carry;
             carry >>= 8;
         }
 
         for (; carry != 0 && dIdx >= 0; dIdx--) {
             carry += d[dIdx];
-            d[dIdx] = carry;
+            d[dIdx] = (byte)carry;
             carry >>= 8;
         }
     }
diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c
index 4bf7427b5..2879c01e4 100644
--- a/wolfcrypt/test/test.c
+++ b/wolfcrypt/test/test.c
@@ -4484,7 +4484,7 @@ int openssl_test(void)
     EVP_MD_CTX_init(&md_ctx);
     EVP_DigestInit(&md_ctx, EVP_sha384());
 
-    EVP_DigestUpdate(&md_ctx, e.input, e.inLen);
+    EVP_DigestUpdate(&md_ctx, e.input, (unsigned long)e.inLen);
     EVP_DigestFinal(&md_ctx, hash, 0);
 
     if (memcmp(hash, e.output, SHA384_DIGEST_SIZE) != 0)

From 69b4b37e864955b7871200a639523364e6edfa7b Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Tue, 12 May 2015 16:16:44 -0700
Subject: [PATCH 073/350] modify ossl-extra HMAC testcase to use longer
 password

---
 wolfcrypt/test/test.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c
index 2879c01e4..8dac3b8ea 100644
--- a/wolfcrypt/test/test.c
+++ b/wolfcrypt/test/test.c
@@ -4522,12 +4522,13 @@ int openssl_test(void)
         return -73;
 
     c.input  = "what do ya want for nothing?";
-    c.output = "\x75\x0c\x78\x3e\x6a\xb0\xb5\x03\xea\xa8\x6e\x31\x0a\x5d\xb7"
-               "\x38";
+    c.output = "\x55\x78\xe8\x48\x4b\xcc\x93\x80\x93\xec\x53\xaf\x22\xd6\x14"
+               "\x76";
     c.inLen  = strlen(c.input);
     c.outLen = MD5_DIGEST_SIZE;
 
-    HMAC(EVP_md5(), "Jefe", 4, (byte*)c.input, (int)c.inLen, hash, 0);
+    HMAC(EVP_md5(),
+                 "JefeJefeJefeJefe", 16, (byte*)c.input, (int)c.inLen, hash, 0);
 
     if (memcmp(hash, c.output, MD5_DIGEST_SIZE) != 0)
         return -74;

From b6e540b0051b7f14dd8cf95c5f11a1499fe68c78 Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Tue, 12 May 2015 16:36:38 -0700
Subject: [PATCH 074/350] new VS solution and project files for FIPS build

---
 IDE/WIN/test.vcxproj         | 159 +++++++++++++++
 IDE/WIN/wolfssl-fips.sln     |  56 ++++++
 IDE/WIN/wolfssl-fips.vcxproj | 373 +++++++++++++++++++++++++++++++++++
 3 files changed, 588 insertions(+)
 create mode 100644 IDE/WIN/test.vcxproj
 create mode 100644 IDE/WIN/wolfssl-fips.sln
 create mode 100644 IDE/WIN/wolfssl-fips.vcxproj

diff --git a/IDE/WIN/test.vcxproj b/IDE/WIN/test.vcxproj
new file mode 100644
index 000000000..1d3915df0
--- /dev/null
+++ b/IDE/WIN/test.vcxproj
@@ -0,0 +1,159 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|x64">
+      <Configuration>Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|x64">
+      <Configuration>Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup>
+    <_ProjectFileVersion>11.0.61030.0</_ProjectFileVersion>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <OutDir>Debug\</OutDir>
+    <IntDir>Debug\</IntDir>
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <OutDir>Release\</OutDir>
+    <IntDir>Release\</IntDir>
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>..\..\wolfssl;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MinimalRebuild>true</MinimalRebuild>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader />
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>EditAndContinue</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <TargetMachine>MachineX86</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;WOLFSSL_SHA384;WOLFSSL_SHA512;USE_CERT_BUFFERS_2048;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <AdditionalDependencies>Ws2_32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <ForceSymbolReferences>fipsWrapper</ForceSymbolReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <AdditionalIncludeDirectories>..\..\wolfssl;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <PrecompiledHeader />
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <TargetMachine>MachineX86</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <ClCompile>
+      <AdditionalIncludeDirectories>..\..\wolfssl;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\wolfcrypt\test\test.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="wolfssl-fips.vcxproj">
+      <Project>{73973223-5ee8-41ca-8e88-1d60e89a237b}</Project>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/IDE/WIN/wolfssl-fips.sln b/IDE/WIN/wolfssl-fips.sln
new file mode 100644
index 000000000..365d6eb8c
--- /dev/null
+++ b/IDE/WIN/wolfssl-fips.sln
@@ -0,0 +1,56 @@
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio Express 2012 for Windows Desktop
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "wolfssl-fips", "wolfssl-fips.vcxproj", "{73973223-5EE8-41CA-8E88-1D60E89A237B}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "test", "test.vcxproj", "{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}"
+	ProjectSection(ProjectDependencies) = postProject
+		{73973223-5EE8-41CA-8E88-1D60E89A237B} = {73973223-5EE8-41CA-8E88-1D60E89A237B}
+	EndProjectSection
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|Win32 = Debug|Win32
+		Debug|x64 = Debug|x64
+		DLL Debug|Win32 = DLL Debug|Win32
+		DLL Debug|x64 = DLL Debug|x64
+		DLL Release|Win32 = DLL Release|Win32
+		DLL Release|x64 = DLL Release|x64
+		Release|Win32 = Release|Win32
+		Release|x64 = Release|x64
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{73973223-5EE8-41CA-8E88-1D60E89A237B}.Debug|Win32.ActiveCfg = Debug|Win32
+		{73973223-5EE8-41CA-8E88-1D60E89A237B}.Debug|Win32.Build.0 = Debug|Win32
+		{73973223-5EE8-41CA-8E88-1D60E89A237B}.Debug|x64.ActiveCfg = Debug|x64
+		{73973223-5EE8-41CA-8E88-1D60E89A237B}.Debug|x64.Build.0 = Debug|x64
+		{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Debug|Win32.ActiveCfg = DLL Debug|Win32
+		{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Debug|Win32.Build.0 = DLL Debug|Win32
+		{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Debug|x64.ActiveCfg = DLL Debug|x64
+		{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Debug|x64.Build.0 = DLL Debug|x64
+		{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Release|Win32.ActiveCfg = DLL Release|Win32
+		{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Release|Win32.Build.0 = DLL Release|Win32
+		{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Release|x64.ActiveCfg = DLL Release|x64
+		{73973223-5EE8-41CA-8E88-1D60E89A237B}.DLL Release|x64.Build.0 = DLL Release|x64
+		{73973223-5EE8-41CA-8E88-1D60E89A237B}.Release|Win32.ActiveCfg = Release|Win32
+		{73973223-5EE8-41CA-8E88-1D60E89A237B}.Release|Win32.Build.0 = Release|Win32
+		{73973223-5EE8-41CA-8E88-1D60E89A237B}.Release|x64.ActiveCfg = Release|x64
+		{73973223-5EE8-41CA-8E88-1D60E89A237B}.Release|x64.Build.0 = Release|x64
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Debug|Win32.ActiveCfg = Debug|Win32
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Debug|Win32.Build.0 = Debug|Win32
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Debug|x64.ActiveCfg = Debug|x64
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Debug|x64.Build.0 = Debug|x64
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Debug|Win32.ActiveCfg = Debug|Win32
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Debug|Win32.Build.0 = Debug|Win32
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Debug|x64.ActiveCfg = Debug|Win32
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Release|Win32.ActiveCfg = Release|Win32
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Release|Win32.Build.0 = Release|Win32
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Release|x64.ActiveCfg = Release|Win32
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Release|Win32.ActiveCfg = Release|Win32
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Release|Win32.Build.0 = Release|Win32
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Release|x64.ActiveCfg = Release|Win32
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+EndGlobal
diff --git a/IDE/WIN/wolfssl-fips.vcxproj b/IDE/WIN/wolfssl-fips.vcxproj
new file mode 100644
index 000000000..d7e59ab8d
--- /dev/null
+++ b/IDE/WIN/wolfssl-fips.vcxproj
@@ -0,0 +1,373 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|x64">
+      <Configuration>Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Debug|Win32">
+      <Configuration>DLL Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Debug|x64">
+      <Configuration>DLL Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Release|Win32">
+      <Configuration>DLL Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Release|x64">
+      <Configuration>DLL Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|x64">
+      <Configuration>Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{73973223-5EE8-41CA-8E88-1D60E89A237B}</ProjectGuid>
+    <RootNamespace>wolfssl-fips</RootNamespace>
+    <Keyword>Win32Proj</Keyword>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <OutDir>$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>
+    <IntDir>$(Platform)\$(Configuration)\obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <OutDir>$(SolutionDir)$(Configuration)\</OutDir>
+    <IntDir>$(Configuration)\obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <OutDir>$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>
+    <IntDir>$(Platform)\$(Configuration)\obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <OutDir>$(SolutionDir)$(Configuration)\</OutDir>
+    <IntDir>$(Configuration)\obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">
+    <OutDir>$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>
+    <IntDir>$(Platform)\$(Configuration)\obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'">
+    <OutDir>$(SolutionDir)$(Configuration)\</OutDir>
+    <IntDir>$(Configuration)\obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">
+    <OutDir>$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>
+    <IntDir>$(Platform)\$(Configuration)\obj\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'">
+    <OutDir>$(SolutionDir)$(Configuration)\</OutDir>
+    <IntDir>$(Configuration)\obj\</IntDir>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>./;../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MinimalRebuild>true</MinimalRebuild>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader />
+      <WarningLevel>Level4</WarningLevel>
+      <DebugInformationFormat>EditAndContinue</DebugInformationFormat>
+      <DisableSpecificWarnings>4206;4214;4706;%(DisableSpecificWarnings)</DisableSpecificWarnings>
+    </ClCompile>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>./;../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>OPENSSL_EXTRA;WOLFSSL_RIPEMD;WOLFSSL_SHA512;NO_PSK;BUILDING_WOLFSSL;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MinimalRebuild>true</MinimalRebuild>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level4</WarningLevel>
+      <DebugInformationFormat>EditAndContinue</DebugInformationFormat>
+      <DisableSpecificWarnings>4206;4214;4706;%(DisableSpecificWarnings)</DisableSpecificWarnings>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OptimizeReferences>false</OptimizeReferences>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>./;../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level4</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+      <DisableSpecificWarnings>4206;4214;4706;%(DisableSpecificWarnings)</DisableSpecificWarnings>
+    </ClCompile>
+    <Lib>
+      <ForceSymbolReferences>
+      </ForceSymbolReferences>
+    </Lib>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>./;../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>OPENSSL_EXTRA;WOLFSSL_RIPEMD;WOLFSSL_SHA512;NO_PSK;BUILDING_WOLFSSL;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level4</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+      <DisableSpecificWarnings>4206;4214;4706;%(DisableSpecificWarnings)</DisableSpecificWarnings>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OptimizeReferences>false</OptimizeReferences>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <AdditionalIncludeDirectories>./;../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>OPENSSL_EXTRA;WOLFSSL_RIPEMD;WOLFSSL_SHA512;NO_PSK;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader />
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <AdditionalIncludeDirectories>./;../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>OPENSSL_EXTRA;WOLFSSL_RIPEMD;WOLFSSL_SHA512;NO_PSK;BUILDING_WOLFSSL;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <AdditionalIncludeDirectories>./;../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>OPENSSL_EXTRA;WOLFSSL_RIPEMD;WOLFSSL_SHA512;NO_PSK;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">
+    <ClCompile>
+      <Optimization>MaxSpeed</Optimization>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <AdditionalIncludeDirectories>./;../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>OPENSSL_EXTRA;WOLFSSL_SHA512;NO_PSK;BUILDING_WOLFSSL;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\ctaocrypt\src\fips_wrapper.cpp" />
+    <ClCompile Include="..\..\ctaocrypt\src\wolfcrypt_first.c">
+      <ObjectFileName Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">$(IntDir)ctaocrypt\</ObjectFileName>
+    </ClCompile>
+    <ClCompile Include="..\..\ctaocrypt\src\hmac.c">
+      <ObjectFileName Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">$(IntDir)ctaocrypt\</ObjectFileName>
+    </ClCompile>
+    <ClCompile Include="..\..\ctaocrypt\src\random.c">
+      <ObjectFileName Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">$(IntDir)ctaocrypt\</ObjectFileName>
+    </ClCompile>
+    <ClCompile Include="..\..\ctaocrypt\src\sha256.c">
+      <ObjectFileName Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">$(IntDir)ctaocrypt\</ObjectFileName>
+    </ClCompile>
+    <ClCompile Include="..\..\ctaocrypt\src\rsa.c">
+      <ObjectFileName Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">$(IntDir)ctaocrypt\</ObjectFileName>
+    </ClCompile>
+    <ClCompile Include="..\..\ctaocrypt\src\aes.c">
+      <ObjectFileName Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">$(IntDir)ctaocrypt\</ObjectFileName>
+    </ClCompile>
+    <ClCompile Include="..\..\ctaocrypt\src\des3.c">
+      <ObjectFileName Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">$(IntDir)ctaocrypt\</ObjectFileName>
+    </ClCompile>
+    <ClCompile Include="..\..\ctaocrypt\src\sha.c">
+      <ObjectFileName Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">$(IntDir)ctaocrypt\</ObjectFileName>
+    </ClCompile>
+    <ClCompile Include="..\..\ctaocrypt\src\sha512.c">
+      <ObjectFileName Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">$(IntDir)ctaocrypt\</ObjectFileName>
+    </ClCompile>
+    <ClCompile Include="..\..\ctaocrypt\src\fips.c">
+      <ObjectFileName Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">$(IntDir)ctaocrypt\</ObjectFileName>
+    </ClCompile>
+    <ClCompile Include="..\..\ctaocrypt\src\fips_test.c">
+      <ObjectFileName Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">$(IntDir)ctaocrypt\</ObjectFileName>
+    </ClCompile>
+    <ClCompile Include="..\..\ctaocrypt\src\wolfcrypt_last.c">
+      <ObjectFileName Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">$(IntDir)ctaocrypt\</ObjectFileName>
+    </ClCompile>
+    <ClCompile Include="..\..\wolfcrypt\src\aes.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\arc4.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\asn.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\blake2b.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\camellia.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\coding.c" />
+    <ClCompile Include="..\..\src\crl.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\des3.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\dh.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\dsa.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\ecc.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\error.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\hc128.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\hmac.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\integer.c" />
+    <ClCompile Include="..\..\src\internal.c" />
+    <ClCompile Include="..\..\src\io.c" />
+    <ClCompile Include="..\..\src\keys.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\logging.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\md4.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\md5.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\memory.c" />
+    <ClCompile Include="..\..\src\ocsp.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\wc_port.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\pwdbased.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\rabbit.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\random.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\ripemd.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\rsa.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\sha.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\sha256.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\sha512.c" />
+    <ClCompile Include="..\..\src\ssl.c" />
+    <ClCompile Include="..\..\src\tls.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <CustomBuild Include="..\..\wolfcrypt\src\aes_asm.asm">
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">false</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">false</ExcludedFromBuild>
+      <Command Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity)</Command>
+      <Command Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">$(OutDir)%(Filename).obj</Outputs>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">$(IntDir)%(Filename).obj</Outputs>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">false</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">false</ExcludedFromBuild>
+      <Command Condition="'$(Configuration)|$(Platform)'=='Release|x64'">ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity)</Command>
+      <Command Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='Release|x64'">$(OutDir)%(Filename).obj</Outputs>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">$(IntDir)%(Filename).obj</Outputs>
+    </CustomBuild>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file

From 48034b56c58ff5c96f48d415fb815a5bea3cc3ae Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Wed, 13 May 2015 13:10:03 -0700
Subject: [PATCH 075/350] update the VS solution and project files for FIPS
 build

---
 IDE/WIN/test.vcxproj         |  54 ++++++---------
 IDE/WIN/wolfssl-fips.sln     |  12 ++--
 IDE/WIN/wolfssl-fips.vcxproj | 125 +++++++++--------------------------
 3 files changed, 60 insertions(+), 131 deletions(-)

diff --git a/IDE/WIN/test.vcxproj b/IDE/WIN/test.vcxproj
index 1d3915df0..22aaeecc9 100644
--- a/IDE/WIN/test.vcxproj
+++ b/IDE/WIN/test.vcxproj
@@ -58,63 +58,50 @@
   <PropertyGroup>
     <_ProjectFileVersion>11.0.61030.0</_ProjectFileVersion>
   </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
-    <OutDir>Debug\</OutDir>
-    <IntDir>Debug\</IntDir>
-    <LinkIncremental>true</LinkIncremental>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
-    <LinkIncremental>true</LinkIncremental>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
-    <OutDir>Release\</OutDir>
-    <IntDir>Release\</IntDir>
-    <LinkIncremental>true</LinkIncremental>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
-    <LinkIncremental>true</LinkIncremental>
+  <PropertyGroup>
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\obj\</IntDir>
+    <LinkIncremental>false</LinkIncremental>
   </PropertyGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
     <ClCompile>
       <Optimization>Disabled</Optimization>
-      <AdditionalIncludeDirectories>..\..\wolfssl;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
-      <MinimalRebuild>true</MinimalRebuild>
+      <AdditionalIncludeDirectories>..\..\;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;USE_CERT_BUFFERS_2048;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
       <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
       <PrecompiledHeader />
       <WarningLevel>Level3</WarningLevel>
-      <DebugInformationFormat>EditAndContinue</DebugInformationFormat>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
     </ClCompile>
     <Link>
       <GenerateDebugInformation>true</GenerateDebugInformation>
       <SubSystem>Console</SubSystem>
       <TargetMachine>MachineX86</TargetMachine>
+      <AdditionalDependencies>ws2_32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies)</AdditionalDependencies>
     </Link>
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
     <ClCompile>
       <Optimization>Disabled</Optimization>
-      <AdditionalIncludeDirectories>../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;WOLFSSL_SHA384;WOLFSSL_SHA512;USE_CERT_BUFFERS_2048;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <AdditionalIncludeDirectories>..\..\;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;USE_CERT_BUFFERS_2048;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
       <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
-      <PrecompiledHeader>
-      </PrecompiledHeader>
+      <PrecompiledHeader />
       <WarningLevel>Level3</WarningLevel>
       <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
     </ClCompile>
     <Link>
       <GenerateDebugInformation>true</GenerateDebugInformation>
       <SubSystem>Console</SubSystem>
-      <AdditionalDependencies>Ws2_32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies)</AdditionalDependencies>
-      <ForceSymbolReferences>fipsWrapper</ForceSymbolReferences>
+      <AdditionalDependencies>ws2_32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies)</AdditionalDependencies>
     </Link>
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
     <ClCompile>
-      <AdditionalIncludeDirectories>..\..\wolfssl;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <AdditionalIncludeDirectories>..\..\;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;USE_CERT_BUFFERS_2048;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
       <PrecompiledHeader />
       <WarningLevel>Level3</WarningLevel>
@@ -123,26 +110,29 @@
     <Link>
       <GenerateDebugInformation>true</GenerateDebugInformation>
       <SubSystem>Console</SubSystem>
+      <AdditionalDependencies>ws2_32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies)</AdditionalDependencies>
       <OptimizeReferences>true</OptimizeReferences>
       <EnableCOMDATFolding>true</EnableCOMDATFolding>
       <TargetMachine>MachineX86</TargetMachine>
+      <LinkTimeCodeGeneration>UseLinkTimeCodeGeneration</LinkTimeCodeGeneration>
     </Link>
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
     <ClCompile>
-      <AdditionalIncludeDirectories>..\..\wolfssl;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <AdditionalIncludeDirectories>..\..\;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;USE_CERT_BUFFERS_2048;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
-      <PrecompiledHeader>
-      </PrecompiledHeader>
+      <PrecompiledHeader />
       <WarningLevel>Level3</WarningLevel>
       <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
     </ClCompile>
     <Link>
       <GenerateDebugInformation>true</GenerateDebugInformation>
       <SubSystem>Console</SubSystem>
+      <AdditionalDependencies>ws2_32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies)</AdditionalDependencies>
       <OptimizeReferences>true</OptimizeReferences>
       <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <LinkTimeCodeGeneration>UseLinkTimeCodeGeneration</LinkTimeCodeGeneration>
     </Link>
   </ItemDefinitionGroup>
   <ItemGroup>
@@ -156,4 +146,4 @@
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
   <ImportGroup Label="ExtensionTargets">
   </ImportGroup>
-</Project>
\ No newline at end of file
+</Project>
diff --git a/IDE/WIN/wolfssl-fips.sln b/IDE/WIN/wolfssl-fips.sln
index 365d6eb8c..b8578fdea 100644
--- a/IDE/WIN/wolfssl-fips.sln
+++ b/IDE/WIN/wolfssl-fips.sln
@@ -40,15 +40,17 @@ Global
 		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Debug|Win32.Build.0 = Debug|Win32
 		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Debug|x64.ActiveCfg = Debug|x64
 		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Debug|x64.Build.0 = Debug|x64
-		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Debug|Win32.ActiveCfg = Debug|Win32
-		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Debug|Win32.Build.0 = Debug|Win32
-		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Debug|x64.ActiveCfg = Debug|Win32
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Debug|Win32.ActiveCfg = Release|x64
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Debug|x64.ActiveCfg = Debug|x64
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Debug|x64.Build.0 = Debug|x64
 		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Release|Win32.ActiveCfg = Release|Win32
 		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Release|Win32.Build.0 = Release|Win32
-		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Release|x64.ActiveCfg = Release|Win32
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Release|x64.ActiveCfg = Release|x64
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Release|x64.Build.0 = Release|x64
 		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Release|Win32.ActiveCfg = Release|Win32
 		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Release|Win32.Build.0 = Release|Win32
-		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Release|x64.ActiveCfg = Release|Win32
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Release|x64.ActiveCfg = Release|x64
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Release|x64.Build.0 = Release|x64
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
diff --git a/IDE/WIN/wolfssl-fips.vcxproj b/IDE/WIN/wolfssl-fips.vcxproj
index d7e59ab8d..94341ec5f 100644
--- a/IDE/WIN/wolfssl-fips.vcxproj
+++ b/IDE/WIN/wolfssl-fips.vcxproj
@@ -112,49 +112,19 @@
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
   <PropertyGroup Label="UserMacros" />
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
-    <OutDir>$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>
-    <IntDir>$(Platform)\$(Configuration)\obj\</IntDir>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
-    <OutDir>$(SolutionDir)$(Configuration)\</OutDir>
-    <IntDir>$(Configuration)\obj\</IntDir>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
-    <OutDir>$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>
-    <IntDir>$(Platform)\$(Configuration)\obj\</IntDir>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
-    <OutDir>$(SolutionDir)$(Configuration)\</OutDir>
-    <IntDir>$(Configuration)\obj\</IntDir>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">
-    <OutDir>$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>
-    <IntDir>$(Platform)\$(Configuration)\obj\</IntDir>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'">
-    <OutDir>$(SolutionDir)$(Configuration)\</OutDir>
-    <IntDir>$(Configuration)\obj\</IntDir>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">
-    <OutDir>$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>
-    <IntDir>$(Platform)\$(Configuration)\obj\</IntDir>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'">
-    <OutDir>$(SolutionDir)$(Configuration)\</OutDir>
-    <IntDir>$(Configuration)\obj\</IntDir>
+  <PropertyGroup>
+    <OutDir>$(SolutionDir)$(Configuration)\$(Platform)\</OutDir>
+    <IntDir>$(Configuration)\$(Platform)\obj\</IntDir>
   </PropertyGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
     <ClCompile>
       <Optimization>Disabled</Optimization>
       <AdditionalIncludeDirectories>./;../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;%(PreprocessorDefinitions)</PreprocessorDefinitions>
-      <MinimalRebuild>true</MinimalRebuild>
+      <PreprocessorDefinitions>OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
       <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
-      <PrecompiledHeader />
       <WarningLevel>Level4</WarningLevel>
-      <DebugInformationFormat>EditAndContinue</DebugInformationFormat>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
       <DisableSpecificWarnings>4206;4214;4706;%(DisableSpecificWarnings)</DisableSpecificWarnings>
     </ClCompile>
   </ItemDefinitionGroup>
@@ -162,39 +132,26 @@
     <ClCompile>
       <Optimization>Disabled</Optimization>
       <AdditionalIncludeDirectories>./;../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>OPENSSL_EXTRA;WOLFSSL_RIPEMD;WOLFSSL_SHA512;NO_PSK;BUILDING_WOLFSSL;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>OPENSSL_EXTRA;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;BUILDING_WOLFSSL;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <MinimalRebuild>true</MinimalRebuild>
       <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
       <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
-      <PrecompiledHeader>
-      </PrecompiledHeader>
       <WarningLevel>Level4</WarningLevel>
-      <DebugInformationFormat>EditAndContinue</DebugInformationFormat>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
       <DisableSpecificWarnings>4206;4214;4706;%(DisableSpecificWarnings)</DisableSpecificWarnings>
     </ClCompile>
-    <Link>
-      <AdditionalDependencies>ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
-      <OptimizeReferences>false</OptimizeReferences>
-      <GenerateDebugInformation>true</GenerateDebugInformation>
-    </Link>
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
     <ClCompile>
       <Optimization>Disabled</Optimization>
       <AdditionalIncludeDirectories>./;../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
       <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
-      <PrecompiledHeader>
-      </PrecompiledHeader>
       <WarningLevel>Level4</WarningLevel>
       <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
       <DisableSpecificWarnings>4206;4214;4706;%(DisableSpecificWarnings)</DisableSpecificWarnings>
     </ClCompile>
-    <Lib>
-      <ForceSymbolReferences>
-      </ForceSymbolReferences>
-    </Lib>
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">
     <ClCompile>
@@ -203,27 +160,19 @@
       <PreprocessorDefinitions>OPENSSL_EXTRA;WOLFSSL_RIPEMD;WOLFSSL_SHA512;NO_PSK;BUILDING_WOLFSSL;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
       <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
-      <PrecompiledHeader>
-      </PrecompiledHeader>
       <WarningLevel>Level4</WarningLevel>
       <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
       <DisableSpecificWarnings>4206;4214;4706;%(DisableSpecificWarnings)</DisableSpecificWarnings>
     </ClCompile>
-    <Link>
-      <AdditionalDependencies>ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
-      <OptimizeReferences>false</OptimizeReferences>
-      <GenerateDebugInformation>true</GenerateDebugInformation>
-    </Link>
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
     <ClCompile>
       <Optimization>MaxSpeed</Optimization>
       <IntrinsicFunctions>true</IntrinsicFunctions>
       <AdditionalIncludeDirectories>./;../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>OPENSSL_EXTRA;WOLFSSL_RIPEMD;WOLFSSL_SHA512;NO_PSK;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
       <FunctionLevelLinking>true</FunctionLevelLinking>
-      <PrecompiledHeader />
       <WarningLevel>Level3</WarningLevel>
       <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
     </ClCompile>
@@ -233,29 +182,21 @@
       <Optimization>MaxSpeed</Optimization>
       <IntrinsicFunctions>true</IntrinsicFunctions>
       <AdditionalIncludeDirectories>./;../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>OPENSSL_EXTRA;WOLFSSL_RIPEMD;WOLFSSL_SHA512;NO_PSK;BUILDING_WOLFSSL;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;BUILDING_WOLFSSL;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
       <FunctionLevelLinking>true</FunctionLevelLinking>
-      <PrecompiledHeader>
-      </PrecompiledHeader>
       <WarningLevel>Level3</WarningLevel>
       <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
     </ClCompile>
-    <Link>
-      <AdditionalDependencies>ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
-      <GenerateDebugInformation>true</GenerateDebugInformation>
-    </Link>
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
     <ClCompile>
       <Optimization>MaxSpeed</Optimization>
       <IntrinsicFunctions>true</IntrinsicFunctions>
       <AdditionalIncludeDirectories>./;../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>OPENSSL_EXTRA;WOLFSSL_RIPEMD;WOLFSSL_SHA512;NO_PSK;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
       <FunctionLevelLinking>true</FunctionLevelLinking>
-      <PrecompiledHeader>
-      </PrecompiledHeader>
       <WarningLevel>Level3</WarningLevel>
       <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
     </ClCompile>
@@ -268,53 +209,49 @@
       <PreprocessorDefinitions>OPENSSL_EXTRA;WOLFSSL_SHA512;NO_PSK;BUILDING_WOLFSSL;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
       <FunctionLevelLinking>true</FunctionLevelLinking>
-      <PrecompiledHeader>
-      </PrecompiledHeader>
       <WarningLevel>Level3</WarningLevel>
       <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
     </ClCompile>
-    <Link>
-      <AdditionalDependencies>ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
-      <GenerateDebugInformation>true</GenerateDebugInformation>
-    </Link>
   </ItemDefinitionGroup>
   <ItemGroup>
-    <ClCompile Include="..\..\ctaocrypt\src\fips_wrapper.cpp" />
+    <ClCompile Include="..\..\ctaocrypt\src\fips_wrapper.cpp">
+      <ObjectFileName>$(IntDir)ctaocrypt\</ObjectFileName>
+    </ClCompile>
     <ClCompile Include="..\..\ctaocrypt\src\wolfcrypt_first.c">
-      <ObjectFileName Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">$(IntDir)ctaocrypt\</ObjectFileName>
+      <ObjectFileName>$(IntDir)ctaocrypt\</ObjectFileName>
     </ClCompile>
     <ClCompile Include="..\..\ctaocrypt\src\hmac.c">
-      <ObjectFileName Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">$(IntDir)ctaocrypt\</ObjectFileName>
+      <ObjectFileName>$(IntDir)ctaocrypt\</ObjectFileName>
     </ClCompile>
     <ClCompile Include="..\..\ctaocrypt\src\random.c">
-      <ObjectFileName Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">$(IntDir)ctaocrypt\</ObjectFileName>
+      <ObjectFileName>$(IntDir)ctaocrypt\</ObjectFileName>
     </ClCompile>
     <ClCompile Include="..\..\ctaocrypt\src\sha256.c">
-      <ObjectFileName Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">$(IntDir)ctaocrypt\</ObjectFileName>
+      <ObjectFileName>$(IntDir)ctaocrypt\</ObjectFileName>
     </ClCompile>
     <ClCompile Include="..\..\ctaocrypt\src\rsa.c">
-      <ObjectFileName Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">$(IntDir)ctaocrypt\</ObjectFileName>
+      <ObjectFileName>$(IntDir)ctaocrypt\</ObjectFileName>
     </ClCompile>
     <ClCompile Include="..\..\ctaocrypt\src\aes.c">
-      <ObjectFileName Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">$(IntDir)ctaocrypt\</ObjectFileName>
+      <ObjectFileName>$(IntDir)ctaocrypt\</ObjectFileName>
     </ClCompile>
     <ClCompile Include="..\..\ctaocrypt\src\des3.c">
-      <ObjectFileName Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">$(IntDir)ctaocrypt\</ObjectFileName>
+      <ObjectFileName>$(IntDir)ctaocrypt\</ObjectFileName>
     </ClCompile>
     <ClCompile Include="..\..\ctaocrypt\src\sha.c">
-      <ObjectFileName Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">$(IntDir)ctaocrypt\</ObjectFileName>
+      <ObjectFileName>$(IntDir)ctaocrypt\</ObjectFileName>
     </ClCompile>
     <ClCompile Include="..\..\ctaocrypt\src\sha512.c">
-      <ObjectFileName Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">$(IntDir)ctaocrypt\</ObjectFileName>
+      <ObjectFileName>$(IntDir)ctaocrypt\</ObjectFileName>
     </ClCompile>
     <ClCompile Include="..\..\ctaocrypt\src\fips.c">
-      <ObjectFileName Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">$(IntDir)ctaocrypt\</ObjectFileName>
+      <ObjectFileName>$(IntDir)ctaocrypt\</ObjectFileName>
     </ClCompile>
     <ClCompile Include="..\..\ctaocrypt\src\fips_test.c">
-      <ObjectFileName Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">$(IntDir)ctaocrypt\</ObjectFileName>
+      <ObjectFileName>$(IntDir)ctaocrypt\</ObjectFileName>
     </ClCompile>
     <ClCompile Include="..\..\ctaocrypt\src\wolfcrypt_last.c">
-      <ObjectFileName Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">$(IntDir)ctaocrypt\</ObjectFileName>
+      <ObjectFileName>$(IntDir)ctaocrypt\</ObjectFileName>
     </ClCompile>
     <ClCompile Include="..\..\wolfcrypt\src\aes.c" />
     <ClCompile Include="..\..\wolfcrypt\src\arc4.c" />
@@ -355,19 +292,19 @@
     <CustomBuild Include="..\..\wolfcrypt\src\aes_asm.asm">
       <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">false</ExcludedFromBuild>
       <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">false</ExcludedFromBuild>
-      <Command Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity)</Command>
+      <Command Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
       <Command Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
-      <Outputs Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">$(OutDir)%(Filename).obj</Outputs>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">$(IntDir)%(Filename).obj</Outputs>
       <Outputs Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">$(IntDir)%(Filename).obj</Outputs>
       <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">false</ExcludedFromBuild>
       <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">false</ExcludedFromBuild>
-      <Command Condition="'$(Configuration)|$(Platform)'=='Release|x64'">ml64.exe /c /Zi /Fo"$(OutDir)%(Filename).obj" %(Identity)</Command>
+      <Command Condition="'$(Configuration)|$(Platform)'=='Release|x64'">ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
       <Command Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">ml64.exe /c /Zi /Fo"$(IntDir)%(Filename).obj" %(Identity)</Command>
-      <Outputs Condition="'$(Configuration)|$(Platform)'=='Release|x64'">$(OutDir)%(Filename).obj</Outputs>
+      <Outputs Condition="'$(Configuration)|$(Platform)'=='Release|x64'">$(IntDir)%(Filename).obj</Outputs>
       <Outputs Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">$(IntDir)%(Filename).obj</Outputs>
     </CustomBuild>
   </ItemGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
   <ImportGroup Label="ExtensionTargets">
   </ImportGroup>
-</Project>
\ No newline at end of file
+</Project>

From 4e482a348edbc90b8f35d08dadc6b6accd91bc6f Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Wed, 13 May 2015 14:53:11 -0700
Subject: [PATCH 076/350] wrapped the min() inline functions with better
 preprocessor checks

---
 src/internal.c           |  5 +++--
 src/sniffer.c            |  5 +++--
 src/ssl.c                | 14 +++++++++-----
 src/tls.c                |  5 +++--
 wolfcrypt/src/asn.c      |  5 +++--
 wolfcrypt/src/dh.c       |  5 +++--
 wolfcrypt/src/dsa.c      |  5 +++--
 wolfcrypt/src/hmac.c     |  5 +++--
 wolfcrypt/src/md4.c      |  5 +++--
 wolfcrypt/src/md5.c      |  5 +++--
 wolfcrypt/src/pkcs7.c    |  7 +++++--
 wolfcrypt/src/pwdbased.c |  5 +++--
 wolfcrypt/src/ripemd.c   |  6 +++---
 wolfcrypt/src/sha.c      | 13 +++++++------
 wolfcrypt/src/sha256.c   |  5 +++--
 wolfcrypt/src/sha512.c   |  5 +++--
 16 files changed, 60 insertions(+), 40 deletions(-)

diff --git a/src/internal.c b/src/internal.c
index 974718427..13e8dd35f 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -135,14 +135,15 @@ static int BuildCertHashes(WOLFSSL* ssl, Hashes* hashes);
 static void PickHashSigAlgo(WOLFSSL* ssl,
                                 const byte* hashSigAlgo, word32 hashSigAlgoSz);
 
-#ifndef min
+#ifndef WOLFSSL_HAVE_MIN
+#define WOLFSSL_HAVE_MIN
 
     static INLINE word32 min(word32 a, word32 b)
     {
         return a > b ? b : a;
     }
 
-#endif /* min */
+#endif /* WOLFSSL_HAVE_MIN */
 
 
 int IsTLS(const WOLFSSL* ssl)
diff --git a/src/sniffer.c b/src/sniffer.c
index 50f044498..b961f7bd7 100644
--- a/src/sniffer.c
+++ b/src/sniffer.c
@@ -52,14 +52,15 @@
 #endif
 
 
-#ifndef min
+#ifndef WOLFSSL_HAVE_MIN
+#define WOLFSSL_HAVE_MIN
 
 static INLINE word32 min(word32 a, word32 b)
 {
     return a > b ? b : a;
 }
 
-#endif
+#endif /* WOLFSSL_HAVE_MIN */
 
 #ifndef WOLFSSL_SNIFFER_TIMEOUT
     #define WOLFSSL_SNIFFER_TIMEOUT 900
diff --git a/src/ssl.c b/src/ssl.c
index 1c027ac34..b68664b7f 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -77,23 +77,27 @@
     #define FALSE 0
 #endif
 
-#ifndef min
+#ifndef WOLFSSL_HAVE_MIN
+#define WOLFSSL_HAVE_MIN
 
     static INLINE word32 min(word32 a, word32 b)
     {
         return a > b ? b : a;
     }
 
-#endif /* min */
+#endif /* WOLFSSSL_HAVE_MIN */
+
+#ifndef WOLFSSL_HAVE_MAX
+#define WOLFSSL_HAVE_MAX
 
-#ifndef max
 #ifdef WOLFSSL_DTLS
     static INLINE word32 max(word32 a, word32 b)
     {
         return a > b ? a : b;
     }
-#endif
-#endif /* min */
+#endif /* WOLFSSL_DTLS */
+
+#endif /* WOLFSSL_HAVE_MAX */
 
 
 #ifndef WOLFSSL_LEANPSK
diff --git a/src/tls.c b/src/tls.c
index b475b7c78..523b80697 100644
--- a/src/tls.c
+++ b/src/tls.c
@@ -41,14 +41,15 @@
 #ifndef NO_TLS
 
 
-#ifndef min
+#ifndef WOLFSSL_HAVE_MIN
+#define WOLFSSL_HAVE_MIN
 
     static INLINE word32 min(word32 a, word32 b)
     {
         return a > b ? b : a;
     }
 
-#endif /* min */
+#endif /* WOLFSSL_HAVE_MIN */
 
 
 #ifdef WOLFSSL_SHA384
diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
index 634623bee..018e84fa2 100644
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -4773,14 +4773,15 @@ int wc_RsaKeyToDer(RsaKey* key, byte* output, word32 inLen)
 #if defined(WOLFSSL_CERT_GEN) && !defined(NO_RSA)
 
 
-#ifndef min
+#ifndef WOLFSSL_HAVE_MIN
+#define WOLFSSL_HAVE_MIN
 
     static INLINE word32 min(word32 a, word32 b)
     {
         return a > b ? b : a;
     }
 
-#endif /* min */
+#endif /* WOLFSSL_HAVE_MIN */
 
 
 /* Initialize and Set Certficate defaults:
diff --git a/wolfcrypt/src/dh.c b/wolfcrypt/src/dh.c
index 8bbaeab20..bc4ce11d3 100644
--- a/wolfcrypt/src/dh.c
+++ b/wolfcrypt/src/dh.c
@@ -39,14 +39,15 @@
 #endif
 
 
-#ifndef min
+#ifndef WOLFSSL_HAVE_MIN
+#define WOLFSSL_HAVE_MIN
 
     static INLINE word32 min(word32 a, word32 b)
     {
         return a > b ? b : a;
     }
 
-#endif /* min */
+#endif /* WOLFSSL_HAVE_MIN */
 
 
 void wc_InitDhKey(DhKey* key)
diff --git a/wolfcrypt/src/dsa.c b/wolfcrypt/src/dsa.c
index 4de4d8196..f2124b197 100644
--- a/wolfcrypt/src/dsa.c
+++ b/wolfcrypt/src/dsa.c
@@ -39,14 +39,15 @@ enum {
 };
 
 
-#ifndef min
+#ifndef WOLFSSL_HAVE_MIN
+#define WOLFSSL_HAVE_MIN
 
     static INLINE word32 min(word32 a, word32 b)
     {
         return a > b ? b : a;
     }
 
-#endif /* min */
+#endif /* WOLFSSL_HAVE_MIN */
 
 
 void wc_InitDsaKey(DsaKey* key)
diff --git a/wolfcrypt/src/hmac.c b/wolfcrypt/src/hmac.c
index 8c7e8de2b..242adfa55 100644
--- a/wolfcrypt/src/hmac.c
+++ b/wolfcrypt/src/hmac.c
@@ -722,14 +722,15 @@ int wolfSSL_GetHmacMaxSize(void)
 
 #ifdef HAVE_HKDF
 
-#ifndef min
+#ifndef WOLFSSL_HAVE_MIN
+#define WOLFSSL_HAVE_MIN
 
     static INLINE word32 min(word32 a, word32 b)
     {
         return a > b ? b : a;
     }
 
-#endif /* min */
+#endif /* WOLFSSL_HAVE_MIN */
 
 
 static INLINE int GetHashSizeByType(int type)
diff --git a/wolfcrypt/src/md4.c b/wolfcrypt/src/md4.c
index 720627fbf..c428610ef 100644
--- a/wolfcrypt/src/md4.c
+++ b/wolfcrypt/src/md4.c
@@ -35,14 +35,15 @@
 #endif
 
 
-#ifndef min
+#ifndef WOLFSSL_HAVE_MIN
+#define WOLFSSL_HAVE_MIN
 
     static INLINE word32 min(word32 a, word32 b)
     {
         return a > b ? b : a;
     }
 
-#endif /* min */
+#endif /* WOLFSSL_HAVE_MIN */
 
 
 void wc_InitMd4(Md4* md4)
diff --git a/wolfcrypt/src/md5.c b/wolfcrypt/src/md5.c
index b7affcf0c..d2583bd9b 100644
--- a/wolfcrypt/src/md5.c
+++ b/wolfcrypt/src/md5.c
@@ -166,14 +166,15 @@
 
 #else /* CTaoCrypt software implementation */
 
-#ifndef min
+#ifndef WOLFSSL_HAVE_MIN
+#define WOLFSSL_HAVE_MIN
 
     static INLINE word32 min(word32 a, word32 b)
     {
         return a > b ? b : a;
     }
 
-#endif /* min */
+#endif /* WOLFSSL_HAVE_MIN */
 
 
 void wc_InitMd5(Md5* md5)
diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c
index 84f5e3885..1e46ee608 100644
--- a/wolfcrypt/src/pkcs7.c
+++ b/wolfcrypt/src/pkcs7.c
@@ -36,12 +36,15 @@
     #include <wolfcrypt/src/misc.c>
 #endif
 
-#ifndef min
+#ifndef WOLFSSL_HAVE_MIN
+#define WOLFSSL_HAVE_MIN
+
     static INLINE word32 min(word32 a, word32 b)
     {
         return a > b ? b : a;
     }
-#endif
+
+#endif /* WOLFSSL_HAVE_MIN */
 
 
 /* placed ASN.1 contentType OID into *output, return idx on success,
diff --git a/wolfcrypt/src/pwdbased.c b/wolfcrypt/src/pwdbased.c
index b222774e4..745493982 100644
--- a/wolfcrypt/src/pwdbased.c
+++ b/wolfcrypt/src/pwdbased.c
@@ -57,14 +57,15 @@
     #include <wolfcrypt/src/misc.c>
 #endif
 
-#ifndef min
+#ifndef WOLFSSL_HAVE_MIN
+#define WOLFSSL_HAVE_MIN
 
     static INLINE word32 min(word32 a, word32 b)
     {
         return a > b ? b : a;
     }
 
-#endif /* min */
+#endif /* WOLFSSL_HAVE_MIN */
 
 
 /* PBKDF1 needs at least SHA available */
diff --git a/wolfcrypt/src/ripemd.c b/wolfcrypt/src/ripemd.c
index ff536a0a6..639a42d07 100644
--- a/wolfcrypt/src/ripemd.c
+++ b/wolfcrypt/src/ripemd.c
@@ -36,15 +36,15 @@
 #endif
 
 
-#ifndef min
+#ifndef WOLFSSL_HAVE_MIN
+#define WOLFSSL_HAVE_MIN
 
     static INLINE word32 min(word32 a, word32 b)
     {
         return a > b ? b : a;
     }
 
-#endif /* min */
-
+#endif /* WOLFSSL_HAVE_MIN */
 
 void wc_InitRipeMd(RipeMd* ripemd)
 {
diff --git a/wolfcrypt/src/sha.c b/wolfcrypt/src/sha.c
index 792494b86..0109b8363 100644
--- a/wolfcrypt/src/sha.c
+++ b/wolfcrypt/src/sha.c
@@ -198,14 +198,15 @@ int wc_ShaFinal(Sha* sha, byte* hash)
 
 #else /* wc_ software implementation */
 
-#ifndef min
+#ifndef WOLFSSL_HAVE_MIN
+#define WOLFSSL_HAVE_MIN
 
-static INLINE word32 min(word32 a, word32 b)
-{
-    return a > b ? b : a;
-}
+    static INLINE word32 min(word32 a, word32 b)
+    {
+        return a > b ? b : a;
+    }
 
-#endif /* min */
+#endif /* WOLFSSL_HAVE_MIN */
 
 
 int wc_InitSha(Sha* sha)
diff --git a/wolfcrypt/src/sha256.c b/wolfcrypt/src/sha256.c
index 6ab516347..2821166b4 100755
--- a/wolfcrypt/src/sha256.c
+++ b/wolfcrypt/src/sha256.c
@@ -289,14 +289,15 @@ static void set_Transform(void) {
     #include "cau_api.h"
 #endif
 
-#ifndef min
+#ifndef WOLFSSL_HAVE_MIN
+#define WOLFSSL_HAVE_MIN
 
     static INLINE word32 min(word32 a, word32 b)
     {
         return a > b ? b : a;
     }
 
-#endif /* min */
+#endif /* WOLFSSL_HAVE_MIN */
 
 
 int wc_InitSha256(Sha256* sha256)
diff --git a/wolfcrypt/src/sha512.c b/wolfcrypt/src/sha512.c
index 62457f891..8e52da909 100755
--- a/wolfcrypt/src/sha512.c
+++ b/wolfcrypt/src/sha512.c
@@ -88,14 +88,15 @@ int wc_Sha384Hash(const byte* data, word32 len, byte* out)
 #endif
 
 
-#ifndef min
+#ifndef WOLFSSL_HAVE_MIN
+#define WOLFSSL_HAVE_MIN
 
     static INLINE word32 min(word32 a, word32 b)
     {
         return a > b ? b : a;
     }
 
-#endif /* min */
+#endif /* WOLFSSL_HAVE_MIN */
 
 #if defined(USE_INTEL_SPEEDUP)
   #define HAVE_INTEL_AVX1

From dcd660229348d44f41c1d7e4715f81cc2a22f26d Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Wed, 13 May 2015 15:10:05 -0700
Subject: [PATCH 077/350] misc.c can now only be included once

---
 wolfcrypt/src/misc.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/wolfcrypt/src/misc.c b/wolfcrypt/src/misc.c
index 58483ab6c..8a79a4c29 100644
--- a/wolfcrypt/src/misc.c
+++ b/wolfcrypt/src/misc.c
@@ -25,6 +25,9 @@
 
 #include <wolfssl/wolfcrypt/settings.h>
 
+#ifndef WOLF_CRYPT_MISC_C
+#define WOLF_CRYPT_MISC_C
+
 #include <wolfssl/wolfcrypt/misc.h>
 
 /* inlining these functions is a huge speed increase and a small size decrease, 
@@ -194,3 +197,5 @@ STATIC INLINE int ConstantCompare(const byte* a, const byte* b, int length)
 }
 
 #undef STATIC
+
+#endif /* WOLF_CRYPT_MISC_C */

From 660e0b868bfd38341f4fa2a2125e135690b3c93b Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Thu, 14 May 2015 11:40:23 -0700
Subject: [PATCH 078/350] added check for window's api's min macro

---
 wolfssl/wolfcrypt/wc_port.h | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/wolfssl/wolfcrypt/wc_port.h b/wolfssl/wolfcrypt/wc_port.h
index f5ad02544..c13f394f6 100644
--- a/wolfssl/wolfcrypt/wc_port.h
+++ b/wolfssl/wolfcrypt/wc_port.h
@@ -193,6 +193,12 @@ WOLFSSL_LOCAL int UnLockMutex(wolfSSL_Mutex*);
 #endif /* NO_FILESYSTEM */
 
 
+/* Windows API defines its own min() macro. */
+#if defined(USE_WINDOWS_API) && defined(min)
+    #define WOLFSSL_HAVE_MIN
+#endif
+
+
 #ifdef __cplusplus
     }  /* extern "C" */
 #endif

From f6d12bfc375d3c61eaba922f5f99601628a05617 Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Fri, 15 May 2015 12:51:44 -0700
Subject: [PATCH 079/350] initial server side session ticket support

---
 examples/server/server.c |  97 +++++++++++++++++
 src/internal.c           | 224 +++++++++++++++++++++++++++++++++++++--
 src/ssl.c                |  37 +++++++
 src/tls.c                |  41 +++++--
 wolfssl/error-ssl.h      |   3 +
 wolfssl/internal.h       |  18 +++-
 wolfssl/ssl.h            |  22 +++-
 7 files changed, 421 insertions(+), 21 deletions(-)

diff --git a/examples/server/server.c b/examples/server/server.c
index 3c8ac1e65..bf4b435b2 100644
--- a/examples/server/server.c
+++ b/examples/server/server.c
@@ -64,6 +64,15 @@
     int myHsDoneCb(WOLFSSL* ssl, void* user_ctx);
 #endif
 
+#if defined(HAVE_SESSION_TICKET) && defined(HAVE_CHACHA) && \
+                                    defined(HAVE_POLY1305)
+    #include <wolfssl/wolfcrypt/chacha20_poly1305.h>
+    static int TicketInit(void);
+    static int myTicketEncCb(WOLFSSL* ssl, byte key_name[16], byte iv[16],
+                      byte mac[32], int enc, byte* ticket, int inLen,
+                      int* outLen);
+#endif
+
 
 static void NonBlockingSSL_Accept(SSL* ssl)
 {
@@ -415,6 +424,13 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
     if (ctx == NULL)
         err_sys("unable to get ctx");
 
+#if defined(HAVE_SESSION_TICKET) && defined(HAVE_CHACHA) && \
+                                    defined(HAVE_POLY1305)
+    if (TicketInit() != 0)
+        err_sys("unable to setup Session Ticket Key context");
+    wolfSSL_CTX_set_TicketEncCb(ctx, myTicketEncCb);
+#endif
+
     if (cipherList)
         if (SSL_CTX_set_cipher_list(ctx, cipherList) != SSL_SUCCESS)
             err_sys("server can't set cipher list 1");
@@ -732,3 +748,84 @@ while (1) {  /* allow resume option */
     }
 #endif
 
+
+#if defined(HAVE_SESSION_TICKET) && defined(HAVE_CHACHA) && \
+                                    defined(HAVE_POLY1305)
+    typedef struct key_ctx {
+        byte name[WOLFSSL_TICKET_NAME_SZ];     /* name for this context */
+        byte key[16];                          /* cipher key */
+    } key_ctx;
+
+    static key_ctx myKey_ctx;
+    static RNG rng;
+
+    static int TicketInit(void)
+    {
+        int ret = wc_InitRng(&rng);
+        if (ret != 0) return ret;
+
+        ret = wc_RNG_GenerateBlock(&rng, myKey_ctx.key, sizeof(myKey_ctx.key));
+        if (ret != 0) return ret;
+
+        ret = wc_RNG_GenerateBlock(&rng, myKey_ctx.name,sizeof(myKey_ctx.name));
+        if (ret != 0) return ret;
+
+        return 0;
+    }
+
+    static int myTicketEncCb(WOLFSSL* ssl,
+                             byte key_name[WOLFSSL_TICKET_NAME_SZ],
+                             byte iv[WOLFSSL_TICKET_IV_SZ],
+                             byte mac[WOLFSSL_TICKET_MAC_SZ],
+                             int enc, byte* ticket, int inLen, int* outLen)
+    {
+        (void)ssl;
+
+        int ret;
+        word16 sLen = htons(inLen);
+        byte aad[WOLFSSL_TICKET_NAME_SZ + WOLFSSL_TICKET_IV_SZ + 2];
+        int  aadSz = WOLFSSL_TICKET_NAME_SZ + WOLFSSL_TICKET_IV_SZ + 2;
+        byte* tmp = aad;
+
+        if (enc) {
+            XMEMCPY(key_name, myKey_ctx.name, WOLFSSL_TICKET_NAME_SZ);
+
+            ret = wc_RNG_GenerateBlock(&rng, iv, WOLFSSL_TICKET_IV_SZ);
+            if (ret != 0) return ret;
+
+            /* build aad from key name, iv, and length */
+            XMEMCPY(tmp, key_name, WOLFSSL_TICKET_NAME_SZ);
+            tmp += WOLFSSL_TICKET_NAME_SZ;
+            XMEMCPY(tmp, iv, WOLFSSL_TICKET_IV_SZ);
+            tmp += WOLFSSL_TICKET_IV_SZ;
+            XMEMCPY(tmp, &sLen, 2);
+
+            ret = wc_ChaCha20Poly1305_Encrypt(myKey_ctx.key, iv,
+                                              aad, aadSz,
+                                              ticket, inLen,
+                                              ticket,
+                                              mac);
+            if (ret != 0) return ret;
+            *outLen = inLen;  /* no padding in this mode */
+        } else {
+            /* decrypt */
+            /* build aad from key name, iv, and length */
+            XMEMCPY(tmp, key_name, WOLFSSL_TICKET_NAME_SZ);
+            tmp += WOLFSSL_TICKET_NAME_SZ;
+            XMEMCPY(tmp, iv, WOLFSSL_TICKET_IV_SZ);
+            tmp += WOLFSSL_TICKET_IV_SZ;
+            XMEMCPY(tmp, &sLen, 2);
+
+            ret = wc_ChaCha20Poly1305_Decrypt(myKey_ctx.key, iv,
+                                              aad, aadSz,
+                                              ticket, inLen,
+                                              mac,
+                                              ticket);
+            if (ret != 0) return ret;
+            *outLen = inLen;  /* no padding in this mode */
+        }
+
+        return 0;
+    }
+
+#endif
diff --git a/src/internal.c b/src/internal.c
index 13e8dd35f..37ba1246d 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -417,6 +417,10 @@ int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method)
     }
 #endif
 
+#if defined(HAVE_SESSION_TICKET) && !defined(NO_WOLFSSL_SERVER)
+    ctx->ticketHint = SESSION_TICKET_HINT_DEFAULT;
+#endif
+
     return 0;
 }
 
@@ -4909,6 +4913,10 @@ static int DoHandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx,
         if (ssl->keys.encryptionOn) {
             *inOutIdx += ssl->keys.padSz;
         }
+        if (ssl->options.resuming) {
+            WOLFSSL_MSG("Not resuming as thought");
+            ssl->options.resuming = 0;
+        }
         break;
 
     case finished:
@@ -8007,6 +8015,12 @@ const char* wolfSSL_ERR_reason_error_string(unsigned long e)
     case SOCKET_PEER_CLOSED_E:
         return "Peer closed underlying transport Error";
 
+    case BAD_TICKET_KEY_CB_SZ:
+        return "Bad user session ticket key callback Size Error";
+
+    case BAD_TICKET_MSG_SZ:
+        return "Bad session ticket message Size Error";
+
     default :
         return "unknown error number";
     }
@@ -11339,6 +11353,7 @@ int DoSessionTicket(WOLFSSL* ssl,
         word32             length, idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
         int                sendSz;
         int                ret;
+        byte               sessIdSz = ID_LEN;
 
         length = VERSION_SZ + RAN_LEN
                + ID_LEN + ENUM_LEN
@@ -11347,6 +11362,14 @@ int DoSessionTicket(WOLFSSL* ssl,
 
 #ifdef HAVE_TLS_EXTENSIONS
         length += TLSX_GetResponseSize(ssl);
+
+    #ifdef HAVE_SESSION_TICKET
+        if (ssl->options.useTicket && ssl->arrays->sessionIDSz == 0) {
+            /* no session id */
+            length  -= ID_LEN;
+            sessIdSz = 0;
+        }
+    #endif /* HAVE_SESSION_TICKET */
 #endif
 
         /* check for avalaible size */
@@ -11392,17 +11415,19 @@ int DoSessionTicket(WOLFSSL* ssl,
         }
 #endif
             /* then session id */
-        output[idx++] = ID_LEN;
+        output[idx++] = sessIdSz;
+        if (sessIdSz) {
 
-        if (!ssl->options.resuming) {
-            ret = wc_RNG_GenerateBlock(ssl->rng, ssl->arrays->sessionID, ID_LEN);
-            if (ret != 0)
-                return ret;
+            if (!ssl->options.resuming) {
+                ret = wc_RNG_GenerateBlock(ssl->rng, ssl->arrays->sessionID,
+                                           sessIdSz);
+                if (ret != 0) return ret;
+            }
+
+            XMEMCPY(output + idx, ssl->arrays->sessionID, sessIdSz);
+            idx += sessIdSz;
         }
 
-        XMEMCPY(output + idx, ssl->arrays->sessionID, ID_LEN);
-        idx += ID_LEN;
-
             /* then cipher suite */
         output[idx++] = ssl->options.cipherSuite0;
         output[idx++] = ssl->options.cipherSuite;
@@ -13069,6 +13094,7 @@ int DoSessionTicket(WOLFSSL* ssl,
         /* session id */
         if (sessionSz) {
             XMEMCPY(ssl->arrays->sessionID, input + idx, sessionSz);
+            ssl->arrays->sessionIDSz = (byte)sessionSz;
             idx += sessionSz;
             ssl->options.resuming = 1;
         }
@@ -13090,7 +13116,14 @@ int DoSessionTicket(WOLFSSL* ssl,
         /* DoClientHello uses same resume code */
         if (ssl->options.resuming) {  /* let's try */
             int ret = -1;
-            WOLFSSL_SESSION* session = GetSession(ssl,ssl->arrays->masterSecret);
+            WOLFSSL_SESSION* session = GetSession(ssl,
+                                                  ssl->arrays->masterSecret);
+            #ifdef HAVE_SESSION_TICKET
+                if (ssl->options.useTicket == 1) {
+                    session = &ssl->session;
+                }
+            #endif
+
             if (!session) {
                 WOLFSSL_MSG("Session lookup for resume failed");
                 ssl->options.resuming = 0;
@@ -13217,6 +13250,7 @@ int DoSessionTicket(WOLFSSL* ssl,
                 return BUFFER_ERROR;
 
             XMEMCPY(ssl->arrays->sessionID, input + i, ID_LEN);
+            ssl->arrays->sessionIDSz = ID_LEN;
             i += ID_LEN;
             ssl->options.resuming = 1; /* client wants to resume */
             WOLFSSL_MSG("Client wants to resume session");
@@ -13379,7 +13413,13 @@ int DoSessionTicket(WOLFSSL* ssl,
         if (ssl->options.resuming && (!ssl->options.dtls ||
                ssl->options.acceptState == HELLO_VERIFY_SENT)) { /* let's try */
             int ret = -1;
-            WOLFSSL_SESSION* session = GetSession(ssl,ssl->arrays->masterSecret);
+            WOLFSSL_SESSION* session = GetSession(ssl,
+                                                  ssl->arrays->masterSecret);
+            #ifdef HAVE_SESSION_TICKET
+                if (ssl->options.useTicket == 1) {
+                    session = &ssl->session;
+                }
+            #endif
 
             if (!session) {
                 WOLFSSL_MSG("Session lookup for resume failed");
@@ -13655,6 +13695,170 @@ int DoSessionTicket(WOLFSSL* ssl,
         return SendBuffered(ssl);
     }
 
+
+#ifdef HAVE_SESSION_TICKET
+
+#define WOLFSSL_TICKET_FIXED_SZ (WOLFSSL_TICKET_NAME_SZ + \
+                WOLFSSL_TICKET_IV_SZ + WOLFSSL_TICKET_MAC_SZ + LENGTH_SZ)
+#define WOLFSSL_TICKET_ENC_SZ (SESSION_TICKET_LEN - WOLFSSL_TICKET_FIXED_SZ)
+
+    /* our ticket format */
+    typedef struct InternalTicket {
+        ProtocolVersion pv;                    /* version when ticket created */
+        byte            suite[SUITE_LEN];      /* cipher suite when created */
+        byte            msecret[SECRET_LEN];   /* master secret */
+        word32          timestamp;             /* born on */
+    } InternalTicket;
+
+    /* fit within SESSION_TICKET_LEN */
+    typedef struct ExternalTicket {
+        byte key_name[WOLFSSL_TICKET_NAME_SZ];  /* key context name */
+        byte iv[WOLFSSL_TICKET_IV_SZ];          /* this ticket's iv */
+        byte enc_len[LENGTH_SZ];                /* encrypted length */
+        byte enc_ticket[WOLFSSL_TICKET_ENC_SZ]; /* encrypted internal ticket */
+        byte mac[WOLFSSL_TICKET_MAC_SZ];        /* total mac */
+        /* !! if add to structure, add to TICKET_FIXED_SZ !! */
+    } ExternalTicket;
+
+    /* create a new session ticket, 0 on success */
+    static int CreateTicket(WOLFSSL* ssl)
+    {
+        InternalTicket  it;
+        ExternalTicket* et = (ExternalTicket*)ssl->session.ticket;
+        int encLen;
+        int ret;
+
+        /* build internal */
+        it.pv.major = ssl->version.major;
+        it.pv.minor = ssl->version.minor;
+
+        it.suite[0] = ssl->options.cipherSuite0;
+        it.suite[1] = ssl->options.cipherSuite;
+
+        XMEMCPY(it.msecret, ssl->arrays->masterSecret, SECRET_LEN);
+        c32toa(LowResTimer(), (byte*)&it.timestamp);
+
+        /* build external */
+        XMEMCPY(et->enc_ticket, &it, sizeof(InternalTicket));
+
+        /* encrypt */
+        encLen = WOLFSSL_TICKET_ENC_SZ;  /* max size user can use */
+        ret = ssl->ctx->ticketEncCb(ssl, et->key_name, et->iv, et->mac, 1,
+                                    et->enc_ticket, sizeof(InternalTicket),
+                                    &encLen);
+        if (ret == 0) {
+            if (encLen < (int)sizeof(InternalTicket) ||
+                encLen > WOLFSSL_TICKET_ENC_SZ) {
+                WOLFSSL_MSG("Bad user ticket encrypt size");
+                return BAD_TICKET_KEY_CB_SZ;
+            }
+            c16toa(encLen, et->enc_len);
+            ssl->session.ticketLen = (word16)(encLen + WOLFSSL_TICKET_FIXED_SZ);
+            if (encLen < WOLFSSL_TICKET_ENC_SZ) {
+                /* move mac up since whole enc buffer not used */
+                XMEMMOVE(et->enc_ticket +encLen, et->mac,WOLFSSL_TICKET_MAC_SZ);
+            }
+        }
+
+        return ret;
+    }
+
+
+    /* Parse ticket sent by client */
+    int DoClientTicket(WOLFSSL* ssl, const byte* input, word32 len)
+    {
+        ExternalTicket* et;
+        InternalTicket* it;
+        int             ret;
+        int             outLen;
+        word16          inLen;
+
+        if (len > SESSION_TICKET_LEN ||
+             len < (word32)(sizeof(InternalTicket) + WOLFSSL_TICKET_FIXED_SZ)) {
+            return BAD_TICKET_MSG_SZ;
+        }
+
+        et = (ExternalTicket*)input;
+        it = (InternalTicket*)et->enc_ticket;
+
+        /* decrypt */
+        ato16(et->enc_len, &inLen);
+        if (inLen > (word16)(len - WOLFSSL_TICKET_FIXED_SZ)) {
+            return BAD_TICKET_MSG_SZ;
+        }
+        outLen = inLen;   /* may be reduced by user padding */
+        ret = ssl->ctx->ticketEncCb(ssl, et->key_name, et->iv,
+                                    et->enc_ticket + inLen, 0,
+                                    et->enc_ticket, inLen, &outLen);
+        if (ret != 0) return ret;
+        if (outLen > inLen || outLen < (int)sizeof(InternalTicket)) {
+            WOLFSSL_MSG("Bad user ticket decrypt len");
+            return BAD_TICKET_KEY_CB_SZ;
+        }
+
+        /* get master secret */
+        XMEMCPY(ssl->arrays->masterSecret, it->msecret, SECRET_LEN);
+
+        return ret;
+    }
+
+
+    /* send Session Ticket */
+    int SendTicket(WOLFSSL* ssl)
+    {
+        byte*              output;
+        int                ret;
+        int                sendSz;
+        word32             length = SESSION_HINT_SZ + LENGTH_SZ;
+        word32             idx    = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
+
+    #ifdef WOLFSSL_DTLS
+        if (ssl->options.dtls) {
+            length += DTLS_RECORD_EXTRA;
+            idx    += DTLS_RECORD_EXTRA;
+        }
+    #endif
+
+        if (ssl->options.createTicket) {
+            ret = CreateTicket(ssl);
+            if (ret != 0) return ret;
+        }
+
+        length += ssl->session.ticketLen;
+        sendSz = length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ;
+
+        /* check for available size */
+        if ((ret = CheckAvailableSize(ssl, sendSz)) != 0)
+            return ret;
+
+        /* get ouput buffer */
+        output = ssl->buffers.outputBuffer.buffer +
+                 ssl->buffers.outputBuffer.length;
+
+        AddHeaders(output, length, session_ticket, ssl);
+
+        /* hint */
+        c32toa(ssl->ctx->ticketHint, output + idx);
+        idx += SESSION_HINT_SZ;
+
+        /* length */
+        c16toa(ssl->session.ticketLen, output + idx);
+        idx += LENGTH_SZ;
+
+        /* ticket */
+        XMEMCPY(output + idx, ssl->session.ticket, ssl->session.ticketLen);
+        /* idx += ssl->session.ticketLen; */
+
+        ret = HashOutput(ssl, output, sendSz, 0);
+        if (ret != 0) return ret;
+        ssl->buffers.outputBuffer.length += sendSz;
+
+        return SendBuffered(ssl);
+    }
+
+#endif /* HAVE_SESSION_TICKET */
+
+
 #ifdef WOLFSSL_DTLS
     int SendHelloVerifyRequest(WOLFSSL* ssl)
     {
diff --git a/src/ssl.c b/src/ssl.c
index b68664b7f..9136d0faa 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -865,6 +865,21 @@ int wolfSSL_Rehandshake(WOLFSSL* ssl)
 
 #endif /* HAVE_SECURE_RENEGOTIATION */
 
+/* Session Ticket */
+#if !defined(NO_WOLFSSL_SERVER) && defined(HAVE_SESSION_TICKET)
+/* SSL_SUCCESS on ok */
+int wolfSSL_CTX_set_TicketEncCb(WOLFSSL_CTX* ctx, SessionTicketEncCb cb)
+{
+    if (ctx == NULL)
+        return BAD_FUNC_ARG;
+
+    ctx->ticketEncCb = cb;
+
+    return SSL_SUCCESS;
+}
+
+#endif /* !defined(NO_WOLFSSL_CLIENT) && defined(HAVE_SESSION_TICKET) */
+
 /* Session Ticket */
 #if !defined(NO_WOLFSSL_CLIENT) && defined(HAVE_SESSION_TICKET)
 int wolfSSL_UseSessionTicket(WOLFSSL* ssl)
@@ -5562,6 +5577,18 @@ int wolfSSL_dtls_got_timeout(WOLFSSL* ssl)
             WOLFSSL_MSG("accept state  ACCEPT_SECOND_REPLY_DONE");
 
         case ACCEPT_SECOND_REPLY_DONE :
+#ifdef HAVE_SESSION_TICKET
+            if (ssl->options.createTicket) {
+                if ( (ssl->error = SendTicket(ssl)) != 0) {
+                    WOLFSSL_ERROR(ssl->error);
+                    return SSL_FATAL_ERROR;
+                }
+            }
+#endif /* HAVE_SESSION_TICKET */
+            ssl->options.acceptState = TICKET_SENT;
+            WOLFSSL_MSG("accept state  TICKET_SENT");
+
+        case TICKET_SENT:
             if ( (ssl->error = SendChangeCipher(ssl)) != 0) {
                 WOLFSSL_ERROR(ssl->error);
                 return SSL_FATAL_ERROR;
@@ -5808,6 +5835,11 @@ WOLFSSL_SESSION* GetSession(WOLFSSL* ssl, byte* masterSecret)
     if (ssl->options.haveSessionId == 0)
         return NULL;
 
+#ifdef HAVE_SESSION_TICKET
+    if (ssl->options.side == WOLFSSL_SERVER_END && ssl->options.useTicket == 1)
+        return NULL;
+#endif
+
     if (ssl->arrays)
         id = ssl->arrays->sessionID;
     else
@@ -5896,6 +5928,11 @@ int AddSession(WOLFSSL* ssl)
     if (ssl->options.haveSessionId == 0)
         return 0;
 
+#ifdef HAVE_SESSION_TICKET
+    if (ssl->options.side == WOLFSSL_SERVER_END && ssl->options.useTicket == 1)
+        return 0;
+#endif
+
     row = HashSession(ssl->arrays->sessionID, ID_LEN, &error) % SESSION_ROWS;
     if (error != 0) {
         WOLFSSL_MSG("Hash session failed");
diff --git a/src/tls.c b/src/tls.c
index 523b80697..edf64ed18 100644
--- a/src/tls.c
+++ b/src/tls.c
@@ -1800,14 +1800,15 @@ static void TLSX_SessionTicket_ValidateRequest(WOLFSSL* ssl)
 
 static word16 TLSX_SessionTicket_GetSize(SessionTicket* ticket, int isRequest)
 {
-    return isRequest && ticket ? ticket->size : 0;
+    (void)isRequest;
+    return ticket ? ticket->size : 0;
 }
 
 static word16 TLSX_SessionTicket_Write(SessionTicket* ticket, byte* output,
                                                                   int isRequest)
 {
     int offset = 0; /* empty ticket */
-    
+
     if (isRequest && ticket) {
         XMEMCPY(output + offset, ticket->data, ticket->size);
         offset += ticket->size;
@@ -1820,18 +1821,44 @@ static word16 TLSX_SessionTicket_Write(SessionTicket* ticket, byte* output,
 static int TLSX_SessionTicket_Parse(WOLFSSL* ssl, byte* input, word16 length,
                                                                  byte isRequest)
 {
+    int ret = 0;
+
     if (!isRequest) {
+        /* client side */
         if (length != 0)
             return BUFFER_ERROR;
-        
+
         ssl->expect_session_ticket = 1;
     }
+#ifndef NO_WOLFSSL_SERVER
     else {
-        /* TODO server side */
-        (void)input;        
-    }
+        /* server side */
+        if (ssl->ctx->ticketEncCb == NULL) {
+            WOLFSSL_MSG("Client sent session ticket, server has no callback");
+            return 0;
+        }
 
-    return 0;
+        if (length == 0) {
+            /* blank ticket */
+            ret = TLSX_UseSessionTicket(&ssl->extensions, NULL);
+            if (ret == SSL_SUCCESS) {
+                ret = 0;
+                TLSX_SetResponse(ssl, SESSION_TICKET);  /* send blank ticket */
+                ssl->options.createTicket    = 1;  /* will send ticket msg */
+                ssl->options.useTicket       = 1;
+            }
+        } else {
+            /* got actual ticket from client */
+            ret = DoClientTicket(ssl, input, length);
+            if (ret == 0) {    /* use ticket to resume */
+                ssl->options.useTicket = 1;
+                ssl->options.resuming = 1;
+            }
+        }
+    }
+#endif /* NO_WOLFSSL_SERVER */
+
+    return ret;
 }
 
 WOLFSSL_LOCAL SessionTicket* TLSX_SessionTicket_Create(word32 lifetime,
diff --git a/wolfssl/error-ssl.h b/wolfssl/error-ssl.h
index 0df2edb6e..abeb5bdd9 100644
--- a/wolfssl/error-ssl.h
+++ b/wolfssl/error-ssl.h
@@ -129,6 +129,9 @@ enum wolfSSL_ErrorCodes {
     SNI_UNSUPPORTED         = -396,        /* SSL 3.0 does not support SNI */
     SOCKET_PEER_CLOSED_E    = -397,        /* Underlying transport closed */
 
+    BAD_TICKET_KEY_CB_SZ    = -398,        /* Bad session ticket key cb size */
+    BAD_TICKET_MSG_SZ       = -399,        /* Bad session ticket msg size    */
+
     /* add strings to SetErrorString !!!!! */
 
     /* begin negotiation parameter errors */
diff --git a/wolfssl/internal.h b/wolfssl/internal.h
index d95c2f97d..edba235dc 100644
--- a/wolfssl/internal.h
+++ b/wolfssl/internal.h
@@ -764,6 +764,7 @@ enum Misc {
     VERIFY_HEADER  =  2,       /* always use 2 bytes      */
     EXT_ID_SZ      =  2,       /* always use 2 bytes      */
     MAX_DH_SIZE    = 513,      /* 4096 bit plus possible leading 0 */
+    SESSION_HINT_SZ = 4,       /* session timeout hint */
 
     MAX_SUITE_SZ = 200,        /* 100 suites for now! */
     RAN_LEN      = 32,         /* random length           */
@@ -910,6 +911,10 @@ enum Misc {
     #define SESSION_TICKET_LEN 256
 #endif
 
+#ifndef SESSION_TICKET_HINT_DEFAULT
+    #define SESSION_TICKET_HINT_DEFAULT 300
+#endif
+
 
 /* don't use extra 3/4k stack space unless need to */
 #ifdef HAVE_NTRU
@@ -1535,6 +1540,10 @@ struct WOLFSSL_CTX {
 #endif
 #ifdef HAVE_TLS_EXTENSIONS
     TLSX* extensions;                  /* RFC 6066 TLS Extensions data */
+    #if defined(HAVE_SESSION_TICKET) && !defined(NO_WOLFSSL_SEVER)
+        SessionTicketEncCb ticketEncCb;   /* enc/dec session ticket Cb */
+        int                ticketHint;    /* ticket hint in seconds */
+    #endif
 #endif
 #ifdef ATOMIC_USER
     CallbackMacEncrypt    MacEncryptCb;    /* Atomic User Mac/Encrypt Cb */
@@ -1797,6 +1806,7 @@ enum AcceptState {
     CERT_REQ_SENT,
     SERVER_HELLO_DONE,
     ACCEPT_SECOND_REPLY_DONE,
+    TICKET_SENT,
     CHANGE_CIPHER_SENT,
     ACCEPT_FINISHED_DONE,
     ACCEPT_THIRD_REPLY_DONE
@@ -1889,7 +1899,11 @@ typedef struct Options {
 #endif
 #ifdef HAVE_ANON
     word16            haveAnon:1;       /* User wants to allow Anon suites */
-#endif /* HAVE_ANON */
+#endif
+#ifdef HAVE_SESSION_TICKET
+    word16            createTicket:1;     /* Server to create new Ticket */
+    word16            useTicket:1;        /* Use Ticket not session cache */
+#endif
 
     /* need full byte values for this section */
     byte            processReply;           /* nonblocking resume */
@@ -2353,6 +2367,8 @@ static const byte tls_server[FINISHED_LABEL_SZ + 1] = "server finished";
 
 /* internal functions */
 WOLFSSL_LOCAL int SendChangeCipher(WOLFSSL*);
+WOLFSSL_LOCAL int SendTicket(WOLFSSL*);
+WOLFSSL_LOCAL int DoClientTicket(WOLFSSL*, const byte*, word32);
 WOLFSSL_LOCAL int SendData(WOLFSSL*, const void*, int);
 WOLFSSL_LOCAL int SendCertificate(WOLFSSL*);
 WOLFSSL_LOCAL int SendCertificateRequest(WOLFSSL*);
diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h
index 9b9884989..3c235f22c 100644
--- a/wolfssl/ssl.h
+++ b/wolfssl/ssl.h
@@ -1359,8 +1359,8 @@ WOLFSSL_API int wolfSSL_Rehandshake(WOLFSSL* ssl);
 
 /* Session Ticket */
 #ifdef HAVE_SESSION_TICKET
-#ifndef NO_WOLFSSL_CLIENT
 
+#ifndef NO_WOLFSSL_CLIENT
 WOLFSSL_API int wolfSSL_UseSessionTicket(WOLFSSL* ssl);
 WOLFSSL_API int wolfSSL_CTX_UseSessionTicket(WOLFSSL_CTX* ctx);
 WOLFSSL_API int wolfSSL_get_SessionTicket(WOLFSSL*, unsigned char*, unsigned int*);
@@ -1368,9 +1368,25 @@ WOLFSSL_API int wolfSSL_set_SessionTicket(WOLFSSL*, unsigned char*, unsigned int
 typedef int (*CallbackSessionTicket)(WOLFSSL*, const unsigned char*, int, void*);
 WOLFSSL_API int wolfSSL_set_SessionTicket_cb(WOLFSSL*,
                                                   CallbackSessionTicket, void*);
+#endif /* NO_WOLFSSL_CLIENT */
 
-#endif
-#endif
+#ifndef NO_WOLFSSL_SERVER
+
+#define WOLFSSL_TICKET_NAME_SZ 16
+#define WOLFSSL_TICKET_IV_SZ   16
+#define WOLFSSL_TICKET_MAC_SZ  32
+
+typedef int (*SessionTicketEncCb)(WOLFSSL*,
+                                 unsigned char key_name[WOLFSSL_TICKET_NAME_SZ],
+                                 unsigned char iv[WOLFSSL_TICKET_IV_SZ],
+                                 unsigned char mac[WOLFSSL_TICKET_MAC_SZ],
+                                 int enc, unsigned char*, int, int*);
+WOLFSSL_API int wolfSSL_CTX_set_TicketEncCb(WOLFSSL_CTX* ctx,
+                                            SessionTicketEncCb);
+
+#endif /* NO_WOLFSSL_SERVER */
+
+#endif /* HAVE_SESSION_TICKET */
 
 #define WOLFSSL_CRL_MONITOR   0x01   /* monitor this dir flag */
 #define WOLFSSL_CRL_START_MON 0x02   /* start monitoring flag */

From 221238192564bbf009facab5701a94ce51094db0 Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Fri, 15 May 2015 14:58:16 -0700
Subject: [PATCH 080/350] add session ticket key returns for reject and use but
 create

---
 examples/server/server.c |  8 ++++----
 src/internal.c           | 12 +++++++-----
 src/tls.c                | 25 +++++++++++++++++++++----
 wolfssl/ssl.h            |  7 +++++++
 4 files changed, 39 insertions(+), 13 deletions(-)

diff --git a/examples/server/server.c b/examples/server/server.c
index bf4b435b2..0b660a56e 100644
--- a/examples/server/server.c
+++ b/examples/server/server.c
@@ -791,7 +791,7 @@ while (1) {  /* allow resume option */
             XMEMCPY(key_name, myKey_ctx.name, WOLFSSL_TICKET_NAME_SZ);
 
             ret = wc_RNG_GenerateBlock(&rng, iv, WOLFSSL_TICKET_IV_SZ);
-            if (ret != 0) return ret;
+            if (ret != 0) return WOLFSSL_TICKET_RET_REJECT;
 
             /* build aad from key name, iv, and length */
             XMEMCPY(tmp, key_name, WOLFSSL_TICKET_NAME_SZ);
@@ -805,7 +805,7 @@ while (1) {  /* allow resume option */
                                               ticket, inLen,
                                               ticket,
                                               mac);
-            if (ret != 0) return ret;
+            if (ret != 0) return WOLFSSL_TICKET_RET_REJECT;
             *outLen = inLen;  /* no padding in this mode */
         } else {
             /* decrypt */
@@ -821,11 +821,11 @@ while (1) {  /* allow resume option */
                                               ticket, inLen,
                                               mac,
                                               ticket);
-            if (ret != 0) return ret;
+            if (ret != 0) return WOLFSSL_TICKET_RET_REJECT;
             *outLen = inLen;  /* no padding in this mode */
         }
 
-        return 0;
+        return WOLFSSL_TICKET_RET_OK;
     }
 
 #endif
diff --git a/src/internal.c b/src/internal.c
index 37ba1246d..c1aaf2884 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -9337,8 +9337,9 @@ static void PickHashSigAlgo(WOLFSSL* ssl,
 #endif
 
 #ifdef HAVE_SESSION_TICKET
-        ret = ret ||
-              (!ssl->expect_session_ticket && ssl->session.ticketLen > 0);
+        /* server may send blank ticket which may not be expected to indicate
+         * exisiting one ok but will also be sending a new one */
+        ret = ret || (ssl->session.ticketLen > 0);
 #endif
 
         ret = ret ||
@@ -13746,7 +13747,7 @@ int DoSessionTicket(WOLFSSL* ssl,
         ret = ssl->ctx->ticketEncCb(ssl, et->key_name, et->iv, et->mac, 1,
                                     et->enc_ticket, sizeof(InternalTicket),
                                     &encLen);
-        if (ret == 0) {
+        if (ret == WOLFSSL_TICKET_RET_OK) {
             if (encLen < (int)sizeof(InternalTicket) ||
                 encLen > WOLFSSL_TICKET_ENC_SZ) {
                 WOLFSSL_MSG("Bad user ticket encrypt size");
@@ -13790,14 +13791,15 @@ int DoSessionTicket(WOLFSSL* ssl,
         ret = ssl->ctx->ticketEncCb(ssl, et->key_name, et->iv,
                                     et->enc_ticket + inLen, 0,
                                     et->enc_ticket, inLen, &outLen);
-        if (ret != 0) return ret;
+        if (ret == WOLFSSL_TICKET_RET_FATAL || ret < 0) return ret;
         if (outLen > inLen || outLen < (int)sizeof(InternalTicket)) {
             WOLFSSL_MSG("Bad user ticket decrypt len");
             return BAD_TICKET_KEY_CB_SZ;
         }
 
         /* get master secret */
-        XMEMCPY(ssl->arrays->masterSecret, it->msecret, SECRET_LEN);
+        if (ret == WOLFSSL_TICKET_RET_OK || ret == WOLFSSL_TICKET_RET_CREATE)
+            XMEMCPY(ssl->arrays->masterSecret, it->msecret, SECRET_LEN);
 
         return ret;
     }
diff --git a/src/tls.c b/src/tls.c
index edf64ed18..c2a368652 100644
--- a/src/tls.c
+++ b/src/tls.c
@@ -1844,15 +1844,32 @@ static int TLSX_SessionTicket_Parse(WOLFSSL* ssl, byte* input, word16 length,
             if (ret == SSL_SUCCESS) {
                 ret = 0;
                 TLSX_SetResponse(ssl, SESSION_TICKET);  /* send blank ticket */
-                ssl->options.createTicket    = 1;  /* will send ticket msg */
-                ssl->options.useTicket       = 1;
+                ssl->options.createTicket = 1;  /* will send ticket msg */
+                ssl->options.useTicket    = 1;
             }
         } else {
             /* got actual ticket from client */
             ret = DoClientTicket(ssl, input, length);
-            if (ret == 0) {    /* use ticket to resume */
+            if (ret == WOLFSSL_TICKET_RET_OK) {    /* use ticket to resume */
+                WOLFSSL_MSG("Using exisitng client ticket");
                 ssl->options.useTicket = 1;
-                ssl->options.resuming = 1;
+                ssl->options.resuming  = 1;
+            } else if (ret == WOLFSSL_TICKET_RET_CREATE) {
+                WOLFSSL_MSG("Using existing client ticket, creating new one");
+                ret = TLSX_UseSessionTicket(&ssl->extensions, NULL);
+                if (ret == SSL_SUCCESS) {
+                    ret = 0;
+                    TLSX_SetResponse(ssl, SESSION_TICKET);
+                                                    /* send blank ticket */
+                    ssl->options.createTicket = 1;  /* will send ticket msg */
+                    ssl->options.useTicket    = 1;
+                    ssl->options.resuming     = 1;
+                }
+            } else if (ret == WOLFSSL_TICKET_RET_REJECT) {
+                WOLFSSL_MSG("Process client ticket rejected, not using");
+                ret = 0;  /* not fatal */
+            } else if (ret == WOLFSSL_TICKET_RET_FATAL || ret < 0) {
+                WOLFSSL_MSG("Process client ticket fatal error, not using");
             }
         }
     }
diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h
index 3c235f22c..67ffde075 100644
--- a/wolfssl/ssl.h
+++ b/wolfssl/ssl.h
@@ -1376,6 +1376,13 @@ WOLFSSL_API int wolfSSL_set_SessionTicket_cb(WOLFSSL*,
 #define WOLFSSL_TICKET_IV_SZ   16
 #define WOLFSSL_TICKET_MAC_SZ  32
 
+enum TicketEncRet {
+    WOLFSSL_TICKET_RET_FATAL  = -1,  /* fatal error, don't use ticket */
+    WOLFSSL_TICKET_RET_OK     =  0,  /* ok, use ticket */
+    WOLFSSL_TICKET_RET_REJECT,       /* don't use ticket, but not fatal */
+    WOLFSSL_TICKET_RET_CREATE        /* existing ticket ok and create new one */
+};
+
 typedef int (*SessionTicketEncCb)(WOLFSSL*,
                                  unsigned char key_name[WOLFSSL_TICKET_NAME_SZ],
                                  unsigned char iv[WOLFSSL_TICKET_IV_SZ],

From 74cc2274fad5b1c0f544ae96eaa6207226b4fdf8 Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Fri, 15 May 2015 15:30:29 -0700
Subject: [PATCH 081/350] add tiket key cleanup to help valgrind

---
 examples/server/server.c | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/examples/server/server.c b/examples/server/server.c
index 0b660a56e..7d9af8d99 100644
--- a/examples/server/server.c
+++ b/examples/server/server.c
@@ -67,8 +67,9 @@
 #if defined(HAVE_SESSION_TICKET) && defined(HAVE_CHACHA) && \
                                     defined(HAVE_POLY1305)
     #include <wolfssl/wolfcrypt/chacha20_poly1305.h>
-    static int TicketInit(void);
-    static int myTicketEncCb(WOLFSSL* ssl, byte key_name[16], byte iv[16],
+    static int  TicketInit(void);
+    static void TicketCleanup(void);
+    static int  myTicketEncCb(WOLFSSL* ssl, byte key_name[16], byte iv[16],
                       byte mac[32], int enc, byte* ticket, int inLen,
                       int* outLen);
 #endif
@@ -664,6 +665,11 @@ while (1) {  /* allow resume option */
     fdCloseSession(Task_self());
 #endif
 
+#if defined(HAVE_SESSION_TICKET) && defined(HAVE_CHACHA) && \
+                                    defined(HAVE_POLY1305)
+    TicketCleanup();
+#endif
+
 #ifndef CYASSL_TIRTOS
     return 0;
 #endif
@@ -773,6 +779,11 @@ while (1) {  /* allow resume option */
         return 0;
     }
 
+    static void TicketCleanup(void)
+    {
+        wc_FreeRng(&rng);
+    }
+
     static int myTicketEncCb(WOLFSSL* ssl,
                              byte key_name[WOLFSSL_TICKET_NAME_SZ],
                              byte iv[WOLFSSL_TICKET_IV_SZ],

From cedd41432c9f72f8e1ba73807b00d995a2a723c1 Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Fri, 15 May 2015 16:10:38 -0700
Subject: [PATCH 082/350] fix windows session ticket warnings

---
 src/internal.c | 2 +-
 src/ssl.c      | 2 +-
 src/tls.c      | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/internal.c b/src/internal.c
index c1aaf2884..4e534dce0 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -13753,7 +13753,7 @@ int DoSessionTicket(WOLFSSL* ssl,
                 WOLFSSL_MSG("Bad user ticket encrypt size");
                 return BAD_TICKET_KEY_CB_SZ;
             }
-            c16toa(encLen, et->enc_len);
+            c16toa((word16)encLen, et->enc_len);
             ssl->session.ticketLen = (word16)(encLen + WOLFSSL_TICKET_FIXED_SZ);
             if (encLen < WOLFSSL_TICKET_ENC_SZ) {
                 /* move mac up since whole enc buffer not used */
diff --git a/src/ssl.c b/src/ssl.c
index 9136d0faa..d6c76fe05 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -920,7 +920,7 @@ WOLFSSL_API int wolfSSL_set_SessionTicket(WOLFSSL* ssl, byte* buf, word32 bufSz)
 
     if (bufSz > 0)
         XMEMCPY(ssl->session.ticket, buf, bufSz);
-    ssl->session.ticketLen = bufSz;
+    ssl->session.ticketLen = (word16)bufSz;
 
     return SSL_SUCCESS;
 }
diff --git a/src/tls.c b/src/tls.c
index c2a368652..ca94c5b71 100644
--- a/src/tls.c
+++ b/src/tls.c
@@ -1807,7 +1807,7 @@ static word16 TLSX_SessionTicket_GetSize(SessionTicket* ticket, int isRequest)
 static word16 TLSX_SessionTicket_Write(SessionTicket* ticket, byte* output,
                                                                   int isRequest)
 {
-    int offset = 0; /* empty ticket */
+    word16 offset = 0; /* empty ticket */
 
     if (isRequest && ticket) {
         XMEMCPY(output + offset, ticket->data, ticket->size);

From 8ff17b66f3d899751c9e89e415c07527299bfd39 Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Mon, 18 May 2015 09:13:34 -0700
Subject: [PATCH 083/350] add session tickets to echoserver example too

---
 examples/echoserver/echoserver.c | 15 ++++-
 examples/server/server.c         | 94 --------------------------------
 wolfssl/test.h                   | 92 ++++++++++++++++++++++++++++++-
 3 files changed, 103 insertions(+), 98 deletions(-)

diff --git a/examples/echoserver/echoserver.c b/examples/echoserver/echoserver.c
index c71ee3400..6b5c575e6 100644
--- a/examples/echoserver/echoserver.c
+++ b/examples/echoserver/echoserver.c
@@ -53,7 +53,6 @@
 
 #include "examples/echoserver/echoserver.h"
 
-
 #define SVR_COMMAND_SIZE 256
 
 static void SignalReady(void* args, word16 port)
@@ -143,6 +142,13 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
     CyaSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
 #endif
 
+#if defined(HAVE_SESSION_TICKET) && defined(HAVE_CHACHA) && \
+                                    defined(HAVE_POLY1305)
+    if (TicketInit() != 0)
+        err_sys("unable to setup Session Ticket Key context");
+    wolfSSL_CTX_set_TicketEncCb(ctx, myTicketEncCb);
+#endif
+
 #ifndef NO_FILESYSTEM
     if (doPSK == 0) {
     #ifdef HAVE_NTRU
@@ -337,6 +343,11 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
     fdCloseSession(Task_self());
 #endif
 
+#if defined(HAVE_SESSION_TICKET) && defined(HAVE_CHACHA) && \
+                                    defined(HAVE_POLY1305)
+    TicketCleanup();
+#endif
+
 #ifndef CYASSL_TIRTOS
     return 0;
 #endif
@@ -382,5 +393,3 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
 #endif /* NO_MAIN_DRIVER */
 
 
-
-
diff --git a/examples/server/server.c b/examples/server/server.c
index 7d9af8d99..5ebfb7d38 100644
--- a/examples/server/server.c
+++ b/examples/server/server.c
@@ -64,15 +64,6 @@
     int myHsDoneCb(WOLFSSL* ssl, void* user_ctx);
 #endif
 
-#if defined(HAVE_SESSION_TICKET) && defined(HAVE_CHACHA) && \
-                                    defined(HAVE_POLY1305)
-    #include <wolfssl/wolfcrypt/chacha20_poly1305.h>
-    static int  TicketInit(void);
-    static void TicketCleanup(void);
-    static int  myTicketEncCb(WOLFSSL* ssl, byte key_name[16], byte iv[16],
-                      byte mac[32], int enc, byte* ticket, int inLen,
-                      int* outLen);
-#endif
 
 
 static void NonBlockingSSL_Accept(SSL* ssl)
@@ -755,88 +746,3 @@ while (1) {  /* allow resume option */
 #endif
 
 
-#if defined(HAVE_SESSION_TICKET) && defined(HAVE_CHACHA) && \
-                                    defined(HAVE_POLY1305)
-    typedef struct key_ctx {
-        byte name[WOLFSSL_TICKET_NAME_SZ];     /* name for this context */
-        byte key[16];                          /* cipher key */
-    } key_ctx;
-
-    static key_ctx myKey_ctx;
-    static RNG rng;
-
-    static int TicketInit(void)
-    {
-        int ret = wc_InitRng(&rng);
-        if (ret != 0) return ret;
-
-        ret = wc_RNG_GenerateBlock(&rng, myKey_ctx.key, sizeof(myKey_ctx.key));
-        if (ret != 0) return ret;
-
-        ret = wc_RNG_GenerateBlock(&rng, myKey_ctx.name,sizeof(myKey_ctx.name));
-        if (ret != 0) return ret;
-
-        return 0;
-    }
-
-    static void TicketCleanup(void)
-    {
-        wc_FreeRng(&rng);
-    }
-
-    static int myTicketEncCb(WOLFSSL* ssl,
-                             byte key_name[WOLFSSL_TICKET_NAME_SZ],
-                             byte iv[WOLFSSL_TICKET_IV_SZ],
-                             byte mac[WOLFSSL_TICKET_MAC_SZ],
-                             int enc, byte* ticket, int inLen, int* outLen)
-    {
-        (void)ssl;
-
-        int ret;
-        word16 sLen = htons(inLen);
-        byte aad[WOLFSSL_TICKET_NAME_SZ + WOLFSSL_TICKET_IV_SZ + 2];
-        int  aadSz = WOLFSSL_TICKET_NAME_SZ + WOLFSSL_TICKET_IV_SZ + 2;
-        byte* tmp = aad;
-
-        if (enc) {
-            XMEMCPY(key_name, myKey_ctx.name, WOLFSSL_TICKET_NAME_SZ);
-
-            ret = wc_RNG_GenerateBlock(&rng, iv, WOLFSSL_TICKET_IV_SZ);
-            if (ret != 0) return WOLFSSL_TICKET_RET_REJECT;
-
-            /* build aad from key name, iv, and length */
-            XMEMCPY(tmp, key_name, WOLFSSL_TICKET_NAME_SZ);
-            tmp += WOLFSSL_TICKET_NAME_SZ;
-            XMEMCPY(tmp, iv, WOLFSSL_TICKET_IV_SZ);
-            tmp += WOLFSSL_TICKET_IV_SZ;
-            XMEMCPY(tmp, &sLen, 2);
-
-            ret = wc_ChaCha20Poly1305_Encrypt(myKey_ctx.key, iv,
-                                              aad, aadSz,
-                                              ticket, inLen,
-                                              ticket,
-                                              mac);
-            if (ret != 0) return WOLFSSL_TICKET_RET_REJECT;
-            *outLen = inLen;  /* no padding in this mode */
-        } else {
-            /* decrypt */
-            /* build aad from key name, iv, and length */
-            XMEMCPY(tmp, key_name, WOLFSSL_TICKET_NAME_SZ);
-            tmp += WOLFSSL_TICKET_NAME_SZ;
-            XMEMCPY(tmp, iv, WOLFSSL_TICKET_IV_SZ);
-            tmp += WOLFSSL_TICKET_IV_SZ;
-            XMEMCPY(tmp, &sLen, 2);
-
-            ret = wc_ChaCha20Poly1305_Decrypt(myKey_ctx.key, iv,
-                                              aad, aadSz,
-                                              ticket, inLen,
-                                              mac,
-                                              ticket);
-            if (ret != 0) return WOLFSSL_TICKET_RET_REJECT;
-            *outLen = inLen;  /* no padding in this mode */
-        }
-
-        return WOLFSSL_TICKET_RET_OK;
-    }
-
-#endif
diff --git a/wolfssl/test.h b/wolfssl/test.h
index 837924258..9879735e8 100644
--- a/wolfssl/test.h
+++ b/wolfssl/test.h
@@ -1835,5 +1835,95 @@ static INLINE const char* mymktemp(char *tempfn, int len, int num)
     return tempfn;
 }
 
-#endif /* wolfSSL_TEST_H */
 
+
+#if defined(HAVE_SESSION_TICKET) && defined(HAVE_CHACHA) && \
+                                    defined(HAVE_POLY1305)
+
+    #include <wolfssl/wolfcrypt/chacha20_poly1305.h>
+
+    typedef struct key_ctx {
+        byte name[WOLFSSL_TICKET_NAME_SZ];     /* name for this context */
+        byte key[16];                          /* cipher key */
+    } key_ctx;
+
+    static key_ctx myKey_ctx;
+    static RNG rng;
+
+    static INLINE int TicketInit(void)
+    {
+        int ret = wc_InitRng(&rng);
+        if (ret != 0) return ret;
+
+        ret = wc_RNG_GenerateBlock(&rng, myKey_ctx.key, sizeof(myKey_ctx.key));
+        if (ret != 0) return ret;
+
+        ret = wc_RNG_GenerateBlock(&rng, myKey_ctx.name,sizeof(myKey_ctx.name));
+        if (ret != 0) return ret;
+
+        return 0;
+    }
+
+    static INLINE void TicketCleanup(void)
+    {
+        wc_FreeRng(&rng);
+    }
+
+    static INLINE int myTicketEncCb(WOLFSSL* ssl,
+                             byte key_name[WOLFSSL_TICKET_NAME_SZ],
+                             byte iv[WOLFSSL_TICKET_IV_SZ],
+                             byte mac[WOLFSSL_TICKET_MAC_SZ],
+                             int enc, byte* ticket, int inLen, int* outLen)
+    {
+        (void)ssl;
+
+        int ret;
+        word16 sLen = htons(inLen);
+        byte aad[WOLFSSL_TICKET_NAME_SZ + WOLFSSL_TICKET_IV_SZ + 2];
+        int  aadSz = WOLFSSL_TICKET_NAME_SZ + WOLFSSL_TICKET_IV_SZ + 2;
+        byte* tmp = aad;
+
+        if (enc) {
+            XMEMCPY(key_name, myKey_ctx.name, WOLFSSL_TICKET_NAME_SZ);
+
+            ret = wc_RNG_GenerateBlock(&rng, iv, WOLFSSL_TICKET_IV_SZ);
+            if (ret != 0) return WOLFSSL_TICKET_RET_REJECT;
+
+            /* build aad from key name, iv, and length */
+            XMEMCPY(tmp, key_name, WOLFSSL_TICKET_NAME_SZ);
+            tmp += WOLFSSL_TICKET_NAME_SZ;
+            XMEMCPY(tmp, iv, WOLFSSL_TICKET_IV_SZ);
+            tmp += WOLFSSL_TICKET_IV_SZ;
+            XMEMCPY(tmp, &sLen, 2);
+
+            ret = wc_ChaCha20Poly1305_Encrypt(myKey_ctx.key, iv,
+                                              aad, aadSz,
+                                              ticket, inLen,
+                                              ticket,
+                                              mac);
+            if (ret != 0) return WOLFSSL_TICKET_RET_REJECT;
+            *outLen = inLen;  /* no padding in this mode */
+        } else {
+            /* decrypt */
+            /* build aad from key name, iv, and length */
+            XMEMCPY(tmp, key_name, WOLFSSL_TICKET_NAME_SZ);
+            tmp += WOLFSSL_TICKET_NAME_SZ;
+            XMEMCPY(tmp, iv, WOLFSSL_TICKET_IV_SZ);
+            tmp += WOLFSSL_TICKET_IV_SZ;
+            XMEMCPY(tmp, &sLen, 2);
+
+            ret = wc_ChaCha20Poly1305_Decrypt(myKey_ctx.key, iv,
+                                              aad, aadSz,
+                                              ticket, inLen,
+                                              mac,
+                                              ticket);
+            if (ret != 0) return WOLFSSL_TICKET_RET_REJECT;
+            *outLen = inLen;  /* no padding in this mode */
+        }
+
+        return WOLFSSL_TICKET_RET_OK;
+    }
+
+#endif  /* HAVE_SESSION_TICKET && CHACHA20 && POLY1305 */
+
+#endif /* wolfSSL_TEST_H */

From e730aa571cc3e703e486f525e34cd85f1a53feec Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Mon, 18 May 2015 09:29:25 -0700
Subject: [PATCH 084/350] add sanity checks to user session ticket encrypt
 callback

---
 src/internal.c      | 36 +++++++++++++++++++++++++++++++++++-
 wolfssl/error-ssl.h |  1 +
 2 files changed, 36 insertions(+), 1 deletion(-)

diff --git a/src/internal.c b/src/internal.c
index 4e534dce0..aa69f8310 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -8021,6 +8021,9 @@ const char* wolfSSL_ERR_reason_error_string(unsigned long e)
     case BAD_TICKET_MSG_SZ:
         return "Bad session ticket message Size Error";
 
+    case BAD_TICKET_ENCRYPT:
+        return "Bad user ticket callback encrypt Error";
+
     default :
         return "unknown error number";
     }
@@ -13728,6 +13731,7 @@ int DoSessionTicket(WOLFSSL* ssl,
         ExternalTicket* et = (ExternalTicket*)ssl->session.ticket;
         int encLen;
         int ret;
+        byte zeros[WOLFSSL_TICKET_MAC_SZ];   /* biggest cmp size */
 
         /* build internal */
         it.pv.major = ssl->version.major;
@@ -13753,6 +13757,36 @@ int DoSessionTicket(WOLFSSL* ssl,
                 WOLFSSL_MSG("Bad user ticket encrypt size");
                 return BAD_TICKET_KEY_CB_SZ;
             }
+
+            /* sanity checks on encrypt callback */
+
+            /* internal ticket can't be the same if encrypted */
+            if (XMEMCMP(et->enc_ticket, &it, sizeof(InternalTicket)) == 0) {
+                WOLFSSL_MSG("User ticket encrypt didn't encrypt");
+                return BAD_TICKET_ENCRYPT;
+            }
+
+            XMEMSET(zeros, 0, sizeof(zeros));
+
+            /* name */
+            if (XMEMCMP(et->key_name, zeros, WOLFSSL_TICKET_NAME_SZ) == 0) {
+                WOLFSSL_MSG("User ticket encrypt didn't set name");
+                return BAD_TICKET_ENCRYPT;
+            }
+
+            /* iv */
+            if (XMEMCMP(et->iv, zeros, WOLFSSL_TICKET_IV_SZ) == 0) {
+                WOLFSSL_MSG("User ticket encrypt didn't set iv");
+                return BAD_TICKET_ENCRYPT;
+            }
+
+            /* mac */
+            if (XMEMCMP(et->mac, zeros, WOLFSSL_TICKET_MAC_SZ) == 0) {
+                WOLFSSL_MSG("User ticket encrypt didn't set mac");
+                return BAD_TICKET_ENCRYPT;
+            }
+
+            /* set size */
             c16toa((word16)encLen, et->enc_len);
             ssl->session.ticketLen = (word16)(encLen + WOLFSSL_TICKET_FIXED_SZ);
             if (encLen < WOLFSSL_TICKET_ENC_SZ) {
@@ -13765,7 +13799,7 @@ int DoSessionTicket(WOLFSSL* ssl,
     }
 
 
-    /* Parse ticket sent by client */
+    /* Parse ticket sent by client, returns callback return value */
     int DoClientTicket(WOLFSSL* ssl, const byte* input, word32 len)
     {
         ExternalTicket* et;
diff --git a/wolfssl/error-ssl.h b/wolfssl/error-ssl.h
index abeb5bdd9..d9dc80dc0 100644
--- a/wolfssl/error-ssl.h
+++ b/wolfssl/error-ssl.h
@@ -131,6 +131,7 @@ enum wolfSSL_ErrorCodes {
 
     BAD_TICKET_KEY_CB_SZ    = -398,        /* Bad session ticket key cb size */
     BAD_TICKET_MSG_SZ       = -399,        /* Bad session ticket msg size    */
+    BAD_TICKET_ENCRYPT      = -400,        /* Bad user ticket encrypt        */
 
     /* add strings to SetErrorString !!!!! */
 

From 8b52330877a25f2b16a3c53dc5e64cfdb3cd5918 Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Mon, 18 May 2015 09:48:15 -0700
Subject: [PATCH 085/350] add key name compare for session ticket callback
 example

---
 wolfssl/test.h | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/wolfssl/test.h b/wolfssl/test.h
index 9879735e8..31d90f12b 100644
--- a/wolfssl/test.h
+++ b/wolfssl/test.h
@@ -1905,6 +1905,13 @@ static INLINE const char* mymktemp(char *tempfn, int len, int num)
             *outLen = inLen;  /* no padding in this mode */
         } else {
             /* decrypt */
+
+            /* see if we know this key */
+            if (XMEMCMP(key_name, myKey_ctx.name, WOLFSSL_TICKET_NAME_SZ) != 0){
+                printf("client presented unknown ticket key name ");
+                return WOLFSSL_TICKET_RET_FATAL;
+            }
+
             /* build aad from key name, iv, and length */
             XMEMCPY(tmp, key_name, WOLFSSL_TICKET_NAME_SZ);
             tmp += WOLFSSL_TICKET_NAME_SZ;

From bbec7011d4590b25c5ce458e5aa0e64f54471b2c Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Mon, 18 May 2015 13:15:13 -0700
Subject: [PATCH 086/350] add session ticket hint interval setter

---
 src/ssl.c     | 11 +++++++++++
 wolfssl/ssl.h |  1 +
 2 files changed, 12 insertions(+)

diff --git a/src/ssl.c b/src/ssl.c
index d6c76fe05..df41ecb0a 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -878,6 +878,17 @@ int wolfSSL_CTX_set_TicketEncCb(WOLFSSL_CTX* ctx, SessionTicketEncCb cb)
     return SSL_SUCCESS;
 }
 
+/* set hint interval, SSL_SUCCESS on ok */
+int wolfSSL_CTX_set_TicketHint(WOLFSSL_CTX* ctx, int hint)
+{
+    if (ctx == NULL)
+        return BAD_FUNC_ARG;
+
+    ctx->ticketHint = hint;
+
+    return SSL_SUCCESS;
+}
+
 #endif /* !defined(NO_WOLFSSL_CLIENT) && defined(HAVE_SESSION_TICKET) */
 
 /* Session Ticket */
diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h
index 67ffde075..aaa100db8 100644
--- a/wolfssl/ssl.h
+++ b/wolfssl/ssl.h
@@ -1390,6 +1390,7 @@ typedef int (*SessionTicketEncCb)(WOLFSSL*,
                                  int enc, unsigned char*, int, int*);
 WOLFSSL_API int wolfSSL_CTX_set_TicketEncCb(WOLFSSL_CTX* ctx,
                                             SessionTicketEncCb);
+WOLFSSL_API int wolfSSL_CTX_set_TicketHint(WOLFSSL_CTX* ctx, int);
 
 #endif /* NO_WOLFSSL_SERVER */
 

From 9a10210a2a4f06c46a905dd9270619c0f21287ae Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Tue, 19 May 2015 09:52:30 -0700
Subject: [PATCH 087/350] replaced always-true comparison in PrintSessionStats
 with preprocessor checks

---
 src/ssl.c | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/src/ssl.c b/src/ssl.c
index df41ecb0a..258b91db6 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -6224,16 +6224,17 @@ int wolfSSL_get_session_stats(word32* active, word32* total, word32* peak,
         }
         printf("  chi-square = %5.1f, d.f. = %d\n", chiSquare,
                                                      SESSION_ROWS - 1);
-        if (SESSION_ROWS == 11)
+        #if (SESSION_ROWS == 11)
             printf(" .05 p value =  18.3, chi-square should be less\n");
-        else if (SESSION_ROWS == 211)
+        #elif (SESSION_ROWS == 211)
             printf(".05 p value  = 244.8, chi-square should be less\n");
-        else if (SESSION_ROWS == 5981)
+        #elif (SESSION_ROWS == 5981)
             printf(".05 p value  = 6161.0, chi-square should be less\n");
-        else if (SESSION_ROWS == 3)
+        #elif (SESSION_ROWS == 3)
             printf(".05 p value  =   6.0, chi-square should be less\n");
-        else if (SESSION_ROWS == 2861)
+        #elif (SESSION_ROWS == 2861)
             printf(".05 p value  = 2985.5, chi-square should be less\n");
+        #endif
         printf("\n");
 
         return ret;

From 50a80bbcd25cb272c74680f381d26c4f2c03de67 Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Tue, 19 May 2015 14:37:03 -0700
Subject: [PATCH 088/350] update Windows FIPS preprocessor flags in project
 file

---
 IDE/WIN/wolfssl-fips.vcxproj | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/IDE/WIN/wolfssl-fips.vcxproj b/IDE/WIN/wolfssl-fips.vcxproj
index 94341ec5f..4e67a2250 100644
--- a/IDE/WIN/wolfssl-fips.vcxproj
+++ b/IDE/WIN/wolfssl-fips.vcxproj
@@ -120,7 +120,7 @@
     <ClCompile>
       <Optimization>Disabled</Optimization>
       <AdditionalIncludeDirectories>./;../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>OPENSSL_EXTRA;HAVE_THREAD_LS;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
       <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
       <WarningLevel>Level4</WarningLevel>
@@ -132,7 +132,7 @@
     <ClCompile>
       <Optimization>Disabled</Optimization>
       <AdditionalIncludeDirectories>./;../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>OPENSSL_EXTRA;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;BUILDING_WOLFSSL;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>OPENSSL_EXTRA;HAVE_THREAD_LS;BUILDING_WOLFSSL;WOLFSSL_DLL;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <MinimalRebuild>true</MinimalRebuild>
       <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
       <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
@@ -145,7 +145,7 @@
     <ClCompile>
       <Optimization>Disabled</Optimization>
       <AdditionalIncludeDirectories>./;../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>OPENSSL_EXTRA;HAVE_THREAD_LS;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
       <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
       <WarningLevel>Level4</WarningLevel>
@@ -157,20 +157,23 @@
     <ClCompile>
       <Optimization>Disabled</Optimization>
       <AdditionalIncludeDirectories>./;../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>OPENSSL_EXTRA;WOLFSSL_RIPEMD;WOLFSSL_SHA512;NO_PSK;BUILDING_WOLFSSL;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>OPENSSL_EXTRA;HAVE_THREAD_LS;BUILDING_WOLFSSL;WOLFSSL_DLL;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
       <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
       <WarningLevel>Level4</WarningLevel>
       <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
       <DisableSpecificWarnings>4206;4214;4706;%(DisableSpecificWarnings)</DisableSpecificWarnings>
     </ClCompile>
+    <Link>
+      <AdditionalDependencies>ws2_32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+    </Link>
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
     <ClCompile>
       <Optimization>MaxSpeed</Optimization>
       <IntrinsicFunctions>true</IntrinsicFunctions>
       <AdditionalIncludeDirectories>./;../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>OPENSSL_EXTRA;HAVE_THREAD_LS;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
       <FunctionLevelLinking>true</FunctionLevelLinking>
       <WarningLevel>Level3</WarningLevel>
@@ -182,7 +185,7 @@
       <Optimization>MaxSpeed</Optimization>
       <IntrinsicFunctions>true</IntrinsicFunctions>
       <AdditionalIncludeDirectories>./;../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;BUILDING_WOLFSSL;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>OPENSSL_EXTRA;HAVE_THREAD_LS;BUILDING_WOLFSSL;WOLFSSL_DLL;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
       <FunctionLevelLinking>true</FunctionLevelLinking>
       <WarningLevel>Level3</WarningLevel>
@@ -194,7 +197,7 @@
       <Optimization>MaxSpeed</Optimization>
       <IntrinsicFunctions>true</IntrinsicFunctions>
       <AdditionalIncludeDirectories>./;../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>OPENSSL_EXTRA;HAVE_THREAD_LS;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
       <FunctionLevelLinking>true</FunctionLevelLinking>
       <WarningLevel>Level3</WarningLevel>
@@ -206,7 +209,7 @@
       <Optimization>MaxSpeed</Optimization>
       <IntrinsicFunctions>true</IntrinsicFunctions>
       <AdditionalIncludeDirectories>./;../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>OPENSSL_EXTRA;WOLFSSL_SHA512;NO_PSK;BUILDING_WOLFSSL;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>OPENSSL_EXTRA;HAVE_THREAD_LS;BUILDING_WOLFSSL;WOLFSSL_DLL;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
       <FunctionLevelLinking>true</FunctionLevelLinking>
       <WarningLevel>Level3</WarningLevel>
@@ -214,9 +217,6 @@
     </ClCompile>
   </ItemDefinitionGroup>
   <ItemGroup>
-    <ClCompile Include="..\..\ctaocrypt\src\fips_wrapper.cpp">
-      <ObjectFileName>$(IntDir)ctaocrypt\</ObjectFileName>
-    </ClCompile>
     <ClCompile Include="..\..\ctaocrypt\src\wolfcrypt_first.c">
       <ObjectFileName>$(IntDir)ctaocrypt\</ObjectFileName>
     </ClCompile>
@@ -307,4 +307,4 @@
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
   <ImportGroup Label="ExtensionTargets">
   </ImportGroup>
-</Project>
+</Project>
\ No newline at end of file

From 1a315fd89e97a413e30e9d4f4ed92508f317df99 Mon Sep 17 00:00:00 2001
From: Takashi Kojo <kojo@wolfssl.com>
Date: Thu, 21 May 2015 13:31:02 +0900
Subject: [PATCH 089/350] Initial TI crypt/hash

---
 wolfcrypt/src/port/ti/ti-aes.c  | 548 ++++++++++++++++++++++++++++++++
 wolfcrypt/src/port/ti/ti-ccm.c  |  81 +++++
 wolfcrypt/src/port/ti/ti-des3.c | 181 +++++++++++
 wolfcrypt/src/port/ti/ti-hash.c | 231 ++++++++++++++
 4 files changed, 1041 insertions(+)
 create mode 100644 wolfcrypt/src/port/ti/ti-aes.c
 create mode 100644 wolfcrypt/src/port/ti/ti-ccm.c
 create mode 100644 wolfcrypt/src/port/ti/ti-des3.c
 create mode 100644 wolfcrypt/src/port/ti/ti-hash.c

diff --git a/wolfcrypt/src/port/ti/ti-aes.c b/wolfcrypt/src/port/ti/ti-aes.c
new file mode 100644
index 000000000..11a0680b6
--- /dev/null
+++ b/wolfcrypt/src/port/ti/ti-aes.c
@@ -0,0 +1,548 @@
+/* port/ti/ti-aes.c
+ *
+ * Copyright (C) 2006-2015 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL. (formerly known as CyaSSL)
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+ 
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#include <wolfssl/wolfcrypt/settings.h>
+
+#ifndef NO_AES
+
+
+#if defined(WOLFSSL_TI_CRYPT)
+#include <stdbool.h>
+#include <stdint.h>
+
+#include <wolfssl/wolfcrypt/aes.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
+#include <wolfssl/wolfcrypt/port/ti/ti-ccm.h>
+
+#include "inc/hw_aes.h"
+#include "inc/hw_memmap.h"
+#include "inc/hw_ints.h"
+#include "driverlib/aes.h"
+#include "driverlib/sysctl.h"
+#include "driverlib/rom_map.h"
+#include "driverlib/rom.h"
+
+static int  AesSetIV(Aes* aes, const byte* iv)
+{
+    if (aes == NULL)
+        return BAD_FUNC_ARG;
+
+    if (iv)
+        XMEMCPY(aes->reg, iv, AES_BLOCK_SIZE);
+    else
+        XMEMSET(aes->reg,  0, AES_BLOCK_SIZE);
+
+    return 0;
+}
+
+WOLFSSL_API int  wc_AesSetKey(Aes* aes, const byte* key, word32 len, const byte* iv,
+                          int dir)
+{
+    if(!wolfSSL_TI_CCMInit())return 1 ;
+    if ((aes == NULL) || (key == NULL) || (iv == NULL))
+        return BAD_FUNC_ARG;
+    if(!((dir == AES_ENCRYPTION) || (dir == AES_DECRYPTION)))
+        return BAD_FUNC_ARG;
+    
+    switch(len) {
+    case 16: aes->keylen = AES_CFG_KEY_SIZE_128BIT ; break ;
+    case 24: aes->keylen = AES_CFG_KEY_SIZE_192BIT ; break ;
+    case 32: aes->keylen = AES_CFG_KEY_SIZE_256BIT ; break ;
+    default: return BAD_FUNC_ARG;      
+    }
+    
+    XMEMCPY(aes->key, key, len) ;
+    #ifdef WOLFSSL_AES_COUNTER
+    aes->left = 0;
+    #endif /* WOLFSSL_AES_COUNTER */
+    return AesSetIV(aes, iv);
+}
+
+#define AES_CFG_MODE_CTR_NOCTR AES_CFG_MODE_CTR+100
+#define IS_ALIGN16(p) (((unsigned int)(p)&0xf) == 0)
+
+static int  AesAlign16(Aes* aes, byte* out, const byte* in, word32 sz, word32 dir, word32 mode)
+{   
+    wolfSSL_TI_lockCCM() ;
+    ROM_AESReset(AES_BASE);
+    ROM_AESConfigSet(AES_BASE, (aes->keylen | dir | 
+                     (mode==AES_CFG_MODE_CTR_NOCTR ? AES_CFG_MODE_CTR : mode)));
+    AESIVSet(AES_BASE, aes->reg);
+    ROM_AESKey1Set(AES_BASE, aes->key, aes->keylen);
+    if((dir == AES_CFG_DIR_DECRYPT)&& (mode == AES_CFG_MODE_CBC))
+        /* if input and output same will overwrite input iv */
+        XMEMCPY(aes->tmp, in + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
+    ROM_AESDataProcess(AES_BASE, (uint32_t *)in, (uint32_t *)out, sz);
+    wolfSSL_TI_unlockCCM() ;
+    
+    /* store iv for next call */
+    if(mode == AES_CFG_MODE_CBC){
+        if(dir == AES_CFG_DIR_ENCRYPT)
+            XMEMCPY(aes->reg, out + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
+        else
+            XMEMCPY(aes->reg, aes->tmp, AES_BLOCK_SIZE);
+    }
+
+    if(mode == AES_CFG_MODE_CTR) {
+        do {  
+            int i ;
+            for (i = AES_BLOCK_SIZE - 1; i >= 0; i--) {
+                 if (++((byte *)aes->reg)[i])
+                     break ;
+            }
+            sz -= AES_BLOCK_SIZE ;
+        } while((int)sz > 0) ;
+    }
+
+    return 0 ;
+}
+
+static int  AesProcess(Aes* aes, byte* out, const byte* in, word32 sz, word32 dir, word32 mode)
+{   
+    const byte * in_p ; byte * out_p ; 
+    word32 size ;
+    #define TI_BUFFSIZE 1024
+    byte buff[TI_BUFFSIZE] ;
+    
+    if ((aes == NULL) || (in == NULL) || (out == NULL))
+        return BAD_FUNC_ARG;
+    if(sz % AES_BLOCK_SIZE)
+        return BAD_FUNC_ARG;
+
+    while(sz > 0) {
+        size = sz ; in_p = in ; out_p = out ;
+        if(!IS_ALIGN16(in)){
+            size = sz>TI_BUFFSIZE ? TI_BUFFSIZE : sz ;
+            XMEMCPY(buff, in, size) ; 
+            in_p = (const byte *)buff ;
+        }
+        if(!IS_ALIGN16(out)){
+            size = sz>TI_BUFFSIZE ? TI_BUFFSIZE : sz ;
+            out_p = buff ;
+        }
+   
+        AesAlign16(aes, out_p, in_p, size, dir, mode) ;
+ 
+        if(!IS_ALIGN16(out)){
+            XMEMCPY(out, buff, size) ;
+        }
+        sz -= size ; in += size ; out += size ;
+    }
+
+    return 0 ;
+}
+
+WOLFSSL_API int  wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
+{   
+    return AesProcess(aes, out, in, sz, AES_CFG_DIR_ENCRYPT, AES_CFG_MODE_CBC) ;
+}
+
+WOLFSSL_API int  wc_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
+{   
+    return AesProcess(aes, out, in, sz, AES_CFG_DIR_DECRYPT, AES_CFG_MODE_CBC) ;
+}
+
+#ifdef WOLFSSL_AES_COUNTER
+WOLFSSL_API void wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
+{ 
+            char out_block[AES_BLOCK_SIZE] ;
+            int odd ;
+            int even ;
+            char *tmp ; /* (char *)aes->tmp, for short */
+
+            tmp = (char *)aes->tmp ;
+            if(aes->left) {
+                if((aes->left + sz) >= AES_BLOCK_SIZE){
+                    odd = AES_BLOCK_SIZE - aes->left ;
+                } else {
+                    odd = sz ;
+                }
+                XMEMCPY(tmp+aes->left, in, odd) ;
+                if((odd+aes->left) == AES_BLOCK_SIZE){
+                    AesProcess(aes, (byte *)out_block, (byte const *)tmp, AES_BLOCK_SIZE, 
+                             AES_CFG_DIR_ENCRYPT, AES_CFG_MODE_CTR) ;
+                    XMEMCPY(out, out_block+aes->left, odd) ;
+                    aes->left = 0 ;
+                    XMEMSET(tmp, 0x0, AES_BLOCK_SIZE) ;
+                }
+                in += odd ;
+                out+= odd ;
+                sz -= odd ;
+            }
+            odd = sz % AES_BLOCK_SIZE ;  /* if there is tail flagment */
+            if(sz / AES_BLOCK_SIZE) {
+                even = (sz/AES_BLOCK_SIZE)*AES_BLOCK_SIZE ;
+                AesProcess(aes, out, in, even, AES_CFG_DIR_ENCRYPT, AES_CFG_MODE_CTR);
+                out += even ;
+                in  += even ;
+            }
+            if(odd) {
+                XMEMSET(tmp+aes->left, 0x0, AES_BLOCK_SIZE - aes->left) ;
+                XMEMCPY(tmp+aes->left, in, odd) ;
+                AesProcess(aes, (byte *)out_block, (byte const *)tmp, AES_BLOCK_SIZE, 
+                           AES_CFG_DIR_ENCRYPT, 
+                           AES_CFG_MODE_CTR_NOCTR /* Counter mode without counting IV */
+                           );
+                XMEMCPY(out, out_block+aes->left,odd) ;
+                aes->left += odd ;
+            }
+}
+#endif
+
+/* AES-DIRECT */
+#if defined(WOLFSSL_AES_DIRECT)
+WOLFSSL_API void wc_AesEncryptDirect(Aes* aes, byte* out, const byte* in)
+{
+    AesProcess(aes, out, in, AES_BLOCK_SIZE, AES_CFG_DIR_ENCRYPT, AES_CFG_MODE_CBC) ;
+}
+WOLFSSL_API void wc_AesDecryptDirect(Aes* aes, byte* out, const byte* in)
+{
+    AesProcess(aes, out, in, AES_BLOCK_SIZE, AES_CFG_DIR_DECRYPT, AES_CFG_MODE_CBC) ;
+}
+WOLFSSL_API int wc_AesSetKeyDirect(Aes* aes, const byte* key, word32 len,
+                                     const byte* iv, int dir)
+{
+     return(wc_AesSetKey(aes, key, len, iv, dir)) ;
+}
+#endif
+
+
+#if defined(HAVE_AESGCM) || defined(HAVE_AESCCM)
+
+static int  AesAuthSetKey(Aes* aes, const byte* key, word32 keySz)
+{
+    byte nonce[AES_BLOCK_SIZE];
+
+    if ((aes == NULL) || (key == NULL))
+        return BAD_FUNC_ARG ;
+    if (!((keySz == 16) || (keySz == 24) || (keySz == 32)))
+        return BAD_FUNC_ARG ;
+
+    XMEMSET(nonce, 0, sizeof(nonce));
+    return wc_AesSetKey(aes, key, keySz, nonce, AES_ENCRYPTION);
+}
+
+
+static int AesAuthArgCheck(Aes* aes, byte* out, const byte* in, word32 inSz,
+                              const byte* nonce, word32 nonceSz,
+                              const byte* authTag, word32 authTagSz,
+                              const byte* authIn, word32 authInSz, word32 *M,  word32 *L)
+{
+    if((aes == NULL)||(nonce == NULL)||(authTag== NULL)||(authIn == NULL))
+        return BAD_FUNC_ARG;
+    if((inSz != 0) && ((out == NULL)||(in == NULL)))
+        return BAD_FUNC_ARG;
+    
+    switch(authTagSz){
+    case  4:
+        *M = AES_CFG_CCM_M_4; break ;
+    case 6:
+        *M = AES_CFG_CCM_M_6; break ;
+    case 8:
+        *M = AES_CFG_CCM_M_8; break ;
+    case 10:
+        *M = AES_CFG_CCM_M_10; break ;
+    case 12:
+        *M = AES_CFG_CCM_M_12; break ;
+    case 14:
+        *M = AES_CFG_CCM_M_14; break ;
+    case 16:
+        *M = AES_CFG_CCM_M_16; break ;
+    default:
+        return 1 ;
+    }
+
+    switch(nonceSz){
+    case 7:
+        *L = AES_CFG_CCM_L_8; break ;
+    case 8:
+        *L = AES_CFG_CCM_L_7; break ;
+    case 9:
+        *L = AES_CFG_CCM_L_6; break ;
+    case  10:
+        *L = AES_CFG_CCM_L_5; break ;
+    case 11:
+        *L = AES_CFG_CCM_L_4; break ;
+    case 12:
+        *L = AES_CFG_CCM_L_3; break ;
+    case 13:
+        *L = AES_CFG_CCM_L_2; break ;
+    case 14:
+        *L = AES_CFG_CCM_L_1; break ;
+    default:
+        return 1;
+    }
+    return 0 ;
+}
+
+static void AesAuthSetIv(Aes *aes, const byte *nonce, word32 len, word32 L, int mode) {
+
+  if(mode == AES_CFG_MODE_CCM){
+    XMEMSET(aes->reg, 0, 16) ;
+    switch(L){
+    case AES_CFG_CCM_L_8: 
+      aes->reg[0] = 0x7; break ;
+    case AES_CFG_CCM_L_7: 
+      aes->reg[0] = 0x6; break ;
+    case AES_CFG_CCM_L_6: 
+      aes->reg[0] = 0x5; break ;
+    case AES_CFG_CCM_L_5: 
+      aes->reg[0] = 0x4; break ;
+    case AES_CFG_CCM_L_4: 
+      aes->reg[0] = 0x3; break ;
+    case AES_CFG_CCM_L_3: 
+      aes->reg[0] = 0x2; break ;
+    case AES_CFG_CCM_L_2: 
+      aes->reg[0] = 0x1; break ;
+    case AES_CFG_CCM_L_1: 
+      aes->reg[0] = 0x0; break ;
+    }
+    XMEMCPY(((byte *)aes->reg)+1, nonce, len) ; 
+  } else {
+    byte *b = (byte *)aes->reg ;
+    XMEMSET(aes->reg, 0, AES_BLOCK_SIZE);
+    XMEMCPY(aes->reg, nonce, len);
+    b[AES_BLOCK_SIZE-4] = 0 ;
+    b[AES_BLOCK_SIZE-3] = 0 ;
+    b[AES_BLOCK_SIZE-2] = 0 ;
+    b[AES_BLOCK_SIZE-1] = 1 ;
+  }
+}
+
+#define RoundUp16(n) ((n+15)&0xfffffff0)
+#define FREE_ALL \
+    if(in_save)    XFREE(in_save, NULL, DYNAMIC_TYPE_TMP_BUFFER);\
+    if(out_save)   XFREE(out_save, NULL, DYNAMIC_TYPE_TMP_BUFFER);\
+    if(authIn_save)XFREE(authIn_save, NULL, DYNAMIC_TYPE_TMP_BUFFER);\
+    if(nonce_save) XFREE(nonce_save, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+
+static int AesAuthEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
+                              const byte* nonce, word32 nonceSz,
+                              byte* authTag, word32 authTagSz,
+                              const byte* authIn, word32 authInSz, int mode)
+{ 
+    word32 M, L ;
+    byte *in_a,     *in_save ;
+    byte *out_a,    *out_save ;
+    byte *authIn_a, *authIn_save ;
+    byte *nonce_a,    *nonce_save ;
+    word32 tmpTag[4] ;
+    int ret ;
+
+    if(AesAuthArgCheck(aes, out, in, inSz, nonce, nonceSz, authTag, authTagSz, authIn, authInSz, &M, &L)
+       == BAD_FUNC_ARG)return BAD_FUNC_ARG ;
+    
+    /* 16 byte padding */
+    in_save = NULL ; out_save = NULL ; authIn_save = NULL ; nonce_save = NULL ;
+    if((inSz%16)==0){
+        in_save = NULL ; in_a = (byte *)in ;
+        out_save = NULL ; out_a = out ;
+    } else {
+      if((in_save = XMALLOC(RoundUp16(inSz), NULL, DYNAMIC_TYPE_TMP_BUFFER)) == NULL){ 
+          FREE_ALL; return MEMORY_E ; }
+      in_a = in_save ; XMEMSET(in_a, 0, RoundUp16(inSz)) ; XMEMCPY(in_a, in, inSz) ;
+      
+      if((out_save = XMALLOC(RoundUp16(inSz), NULL, DYNAMIC_TYPE_TMP_BUFFER)) == NULL){ 
+          FREE_ALL; return MEMORY_E ; } 
+      out_a = out_save ; 
+    }
+    
+    if((authInSz%16)==0){
+        authIn_save = NULL ; authIn_a = (byte *)authIn ;
+    } else {
+      if((authIn_save = XMALLOC(RoundUp16(authInSz), NULL, DYNAMIC_TYPE_TMP_BUFFER)) == NULL){ 
+          FREE_ALL; return MEMORY_E ; }
+      authIn_a = authIn_save ; XMEMSET(authIn_a, 0, RoundUp16(authInSz)) ; XMEMCPY(authIn_a, authIn, authInSz) ;
+    }
+
+    if((nonceSz%16)==0){
+        nonce_save = NULL ; nonce_a = (byte *)nonce ;
+    } else {
+      if((nonce_save = XMALLOC(RoundUp16(nonceSz), NULL, DYNAMIC_TYPE_TMP_BUFFER)) == NULL){ 
+          FREE_ALL; return MEMORY_E; }
+      nonce_a = nonce_save ; XMEMSET(nonce_a, 0, RoundUp16(nonceSz)) ; XMEMCPY(nonce_a, nonce, nonceSz) ;
+    }
+
+    /* do aes-ccm */
+    AesAuthSetIv(aes, nonce, nonceSz, L, mode) ;
+    ROM_AESReset(AES_BASE);
+    ROM_AESConfigSet(AES_BASE, (aes->keylen | AES_CFG_DIR_ENCRYPT |
+                                AES_CFG_CTR_WIDTH_128 |
+                                mode | ((mode== AES_CFG_MODE_CCM) ? (L | M) : 0 ))) ;
+    ROM_AESIVSet(AES_BASE, aes->reg);
+    ROM_AESKey1Set(AES_BASE, aes->key, aes->keylen);
+    ret = ROM_AESDataProcessAuth(AES_BASE, (unsigned int*)in_a, (unsigned int *)out_a, inSz,
+                           (unsigned int*)authIn_a, authInSz, (unsigned int *)tmpTag);
+    if(ret == false){
+        XMEMSET(out, 0, inSz) ;
+        XMEMSET(authTag, 0, authTagSz) ;
+    } else {
+        XMEMCPY(out, out_a, inSz) ;
+        XMEMCPY(authTag, tmpTag, authTagSz) ;
+    }
+
+    FREE_ALL; 
+    return 0 ;
+}
+
+static int AesAuthDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
+                              const byte* nonce, word32 nonceSz,
+                              const byte* authTag, word32 authTagSz,
+                              const byte* authIn, word32 authInSz, int mode)
+{ 
+    word32 M, L ;
+    byte *in_a,     *in_save ;
+    byte *out_a,    *out_save ;
+    byte *authIn_a, *authIn_save ;
+    byte *nonce_a,    *nonce_save ;
+    word32 tmpTag[4] ;
+    bool ret ;
+
+    if(AesAuthArgCheck(aes, out, in, inSz, nonce, nonceSz, authTag, authTagSz, authIn, authInSz, &M, &L)
+       == BAD_FUNC_ARG)return  BAD_FUNC_ARG ;
+    
+    /* 16 byte padding */
+    in_save = NULL ; out_save = NULL ; authIn_save = NULL ; nonce_save = NULL ;
+    if((inSz%16)==0){
+        in_save = NULL ; in_a = (byte *)in ;
+        out_save = NULL ; out_a = out ;
+    } else {
+      if((in_save = XMALLOC(RoundUp16(inSz), NULL, DYNAMIC_TYPE_TMP_BUFFER)) == NULL){ 
+          FREE_ALL; return MEMORY_E;}
+      in_a = in_save ; XMEMSET(in_a, 0, RoundUp16(inSz)) ; XMEMCPY(in_a, in, inSz) ;
+      
+      if((out_save = XMALLOC(RoundUp16(inSz), NULL, DYNAMIC_TYPE_TMP_BUFFER)) == NULL){ 
+          FREE_ALL; return MEMORY_E;}
+      out_a = out_save ; 
+    }
+    
+    if((authInSz%16)==0){
+        authIn_save = NULL ; authIn_a = (byte *)authIn ;
+    } else {
+      if((authIn_save = XMALLOC(RoundUp16(authInSz), NULL, DYNAMIC_TYPE_TMP_BUFFER)) == NULL){ 
+          FREE_ALL; return MEMORY_E; }
+      authIn_a = authIn_save ; XMEMSET(authIn_a, 0, RoundUp16(authInSz)) ; XMEMCPY(authIn_a, authIn, authInSz) ;
+    }
+
+    if((nonceSz%16)==0){
+        nonce_save = NULL ; nonce_a = (byte *)nonce ;
+    } else {
+      if((nonce_save = XMALLOC(RoundUp16(nonceSz), NULL, DYNAMIC_TYPE_TMP_BUFFER)) == NULL){ 
+          FREE_ALL; return MEMORY_E; }
+      nonce_a = nonce_save ; XMEMSET(nonce_a, 0, RoundUp16(nonceSz)) ; XMEMCPY(nonce_a, nonce, nonceSz) ;
+    }
+
+    /* do aes-ccm */
+    AesAuthSetIv(aes, nonce, nonceSz, L, mode) ;
+    ROM_AESReset(AES_BASE);
+    ROM_AESConfigSet(AES_BASE, (aes->keylen | AES_CFG_DIR_DECRYPT |
+                                AES_CFG_CTR_WIDTH_128 |
+                                  mode | ((mode== AES_CFG_MODE_CCM) ? (L | M) : 0 ))) ;
+    ROM_AESIVSet(AES_BASE, aes->reg);
+    ROM_AESKey1Set(AES_BASE, aes->key, aes->keylen);
+    ret = ROM_AESDataProcessAuth(AES_BASE, (unsigned int*)in_a, (unsigned int *)out_a, inSz,
+                           (unsigned int*)authIn_a, authInSz, (unsigned int *)tmpTag);
+    if((ret == false) || (XMEMCMP(authTag, tmpTag, authTagSz) != 0)){
+        XMEMSET(out, 0, inSz) ;
+        ret = false ;
+    } else {
+        XMEMCPY(out, out_a, inSz) ;  
+    }
+
+    FREE_ALL ;
+    return ret==true ? 0 : 1 ;
+}
+#endif
+
+
+#ifdef HAVE_AESGCM
+WOLFSSL_API int  wc_AesGcmSetKey(Aes* aes, const byte* key, word32 len)
+{
+    return AesAuthSetKey(aes, key, len) ;
+}
+
+WOLFSSL_API int  wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
+                              const byte* iv, word32 ivSz,
+                              byte* authTag, word32 authTagSz,
+                              const byte* authIn, word32 authInSz)
+{
+    return AesAuthEncrypt(aes, out, in, sz, iv, ivSz, authTag, authTagSz,
+                              authIn, authInSz, AES_CFG_MODE_GCM_HY0CALC) ;
+}
+WOLFSSL_API int  wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
+                              const byte* iv, word32 ivSz,
+                              const byte* authTag, word32 authTagSz,
+                              const byte* authIn, word32 authInSz)
+{ 
+    return AesAuthDecrypt(aes, out, in, sz, iv, ivSz, authTag, authTagSz,
+                              authIn, authInSz, AES_CFG_MODE_GCM_HY0CALC) ;
+}
+
+WOLFSSL_API int wc_GmacSetKey(Gmac* gmac, const byte* key, word32 len)
+{
+      return AesAuthSetKey(&gmac->aes, key, len) ;
+}
+
+WOLFSSL_API int wc_GmacUpdate(Gmac* gmac, const byte* iv, word32 ivSz,
+                              const byte* authIn, word32 authInSz,
+                              byte* authTag, word32 authTagSz)
+{
+    return AesAuthEncrypt(&gmac->aes, NULL, NULL, 0, iv, ivSz, authTag, authTagSz,
+                              authIn, authInSz, AES_CFG_MODE_GCM_HY0CALC) ;
+}
+
+#endif /* HAVE_AESGCM */
+
+#ifdef HAVE_AESCCM
+WOLFSSL_API void wc_AesCcmSetKey(Aes* aes, const byte* key, word32 keySz)
+{
+    AesAuthSetKey(aes, key, keySz) ;
+}
+
+WOLFSSL_API void wc_AesCcmEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
+                              const byte* nonce, word32 nonceSz,
+                              byte* authTag, word32 authTagSz,
+                              const byte* authIn, word32 authInSz)
+{ 
+    AesAuthEncrypt(aes, out, in, inSz, nonce, nonceSz, authTag, authTagSz,
+                              authIn, authInSz, AES_CFG_MODE_CCM) ;
+}
+
+WOLFSSL_API int wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
+                              const byte* nonce, word32 nonceSz,
+                              const byte* authTag, word32 authTagSz,
+                              const byte* authIn, word32 authInSz)
+{ 
+    return AesAuthDecrypt(aes, out, in, inSz, nonce, nonceSz, authTag, authTagSz,
+                              authIn, authInSz, AES_CFG_MODE_CCM) ;
+}
+#endif /* HAVE_AESCCM */
+
+#endif /* WOLFSSL_TI_CRYPT */
+
+#endif /* NO_AES */
+
+
+
diff --git a/wolfcrypt/src/port/ti/ti-ccm.c b/wolfcrypt/src/port/ti/ti-ccm.c
new file mode 100644
index 000000000..801cc9bb5
--- /dev/null
+++ b/wolfcrypt/src/port/ti/ti-ccm.c
@@ -0,0 +1,81 @@
+/* port/ti/ti_ccm.c
+ *
+ * Copyright (C) 2006-2015 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL. (formerly known as CyaSSL)
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#include <wolfssl/wolfcrypt/settings.h>
+
+#if defined(WOLFSSL_TI_CRYPT) ||  defined(WOLFSSL_TI_HASH)
+
+
+#include <stdbool.h>
+#include <stdint.h>
+
+#include "driverlib/sysctl.h"
+#include "driverlib/rom_map.h"
+#include "driverlib/rom.h"
+
+#ifndef SINGLE_THREADED
+    static wolfSSL_Mutex TI_CCM_Mutex ;
+#endif
+
+#define TIMEOUT  500000
+#define WAIT(stat) { volatile int i ; for(i=0; i<TIMEOUT; i++)if(stat)break ; if(i==TIMEOUT)return(false) ; }
+
+static bool ccm_init = false ;
+bool wolfSSL_TI_CCMInit(void)
+{
+    if(ccm_init)return true ;
+    ccm_init = true ;
+
+    SysCtlClockFreqSet((SYSCTL_XTAL_25MHZ |
+                                       SYSCTL_OSC_MAIN |
+                                       SYSCTL_USE_PLL |
+                                       SYSCTL_CFG_VCO_480), 120000000);
+   
+    if(!ROM_SysCtlPeripheralPresent(SYSCTL_PERIPH_CCM0))
+        return false ;
+        
+         ROM_SysCtlPeripheralEnable(SYSCTL_PERIPH_CCM0);
+    WAIT(ROM_SysCtlPeripheralReady(SYSCTL_PERIPH_CCM0)) ;
+         ROM_SysCtlPeripheralReset(SYSCTL_PERIPH_CCM0);
+    WAIT(ROM_SysCtlPeripheralReady(SYSCTL_PERIPH_CCM0)) ;
+    
+#ifndef SINGLE_THREADED
+    InitMutex(&TI_CCM_Mutex) ;
+#endif
+
+    return true ;
+}
+
+#ifndef SINGLE_THREADED
+void wolfSSL_TI_lockCCM() {
+    LockMutex(&TI_CCM_Mutex) ;
+}
+
+void wolfSSL_TI_unlockCCM() {
+    UnLockMutex(&TI_CCM_Mutex) ;
+}
+#endif
+
+#endif
diff --git a/wolfcrypt/src/port/ti/ti-des3.c b/wolfcrypt/src/port/ti/ti-des3.c
new file mode 100644
index 000000000..d51c48e1a
--- /dev/null
+++ b/wolfcrypt/src/port/ti/ti-des3.c
@@ -0,0 +1,181 @@
+/* port/ti/ti-des.c
+ *
+ * Copyright (C) 2006-2015 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL. (formerly known as CyaSSL)
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#include <wolfssl/wolfcrypt/settings.h>
+
+#ifndef NO_DES
+
+#if defined(WOLFSSL_TI_CRYPT)
+#include <stdbool.h>
+#include <stdint.h>
+
+#include <wolfssl/wolfcrypt/des3.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
+#include <wolfssl/wolfcrypt/port/ti/ti-ccm.h>
+
+#include "inc/hw_des.h"
+#include "inc/hw_memmap.h"
+#include "inc/hw_ints.h"
+#include "driverlib/des.h"
+#include "driverlib/sysctl.h"
+#include "driverlib/rom_map.h"
+#include "driverlib/rom.h"
+
+static int  DesSetIV(Des* des, const byte* iv, int tri)
+{
+    if (des == NULL)
+        return BAD_FUNC_ARG;
+
+    if (iv)
+        XMEMCPY(des->reg, iv, tri == DES_CFG_TRIPLE ? DES3_IVLEN : DES_IVLEN);
+    else
+        XMEMSET(des->reg,  0, tri == DES_CFG_TRIPLE ? DES3_IVLEN : DES_IVLEN);
+
+    return 0;
+}
+
+static int  DesSetKey(Des* des, const byte* key, const byte* iv,int dir, int tri)
+{
+    if(!wolfSSL_TI_CCMInit())return 1 ;
+    if ((des == NULL) || (key == NULL) || (iv == NULL))
+        return BAD_FUNC_ARG;
+    if(!((dir == DES_ENCRYPTION) || (dir == DES_DECRYPTION)))
+        return BAD_FUNC_ARG;
+    
+    XMEMCPY(des->key, key, tri == DES_CFG_SINGLE ? DES_KEYLEN : DES3_KEYLEN) ;
+    return DesSetIV(des, iv, tri);
+}
+
+static int  DesCbcAlign16(Des* des, byte* out, const byte* in, word32 sz, word32 dir, word32 tri)
+{   
+
+    wolfSSL_TI_lockCCM() ;
+    ROM_DESReset(DES_BASE);
+    ROM_DESConfigSet(DES_BASE, (dir | DES_CFG_MODE_CBC | tri));
+    DESIVSet(DES_BASE, des->reg);
+    ROM_DESKeySet(DES_BASE, des->key);
+    if(dir == DES_CFG_DIR_DECRYPT)
+        /* if input and output same will overwrite input iv */
+        XMEMCPY(des->tmp, in + sz - DES_BLOCK_SIZE, DES_BLOCK_SIZE);
+    ROM_DESDataProcess(DES_BASE, (uint32_t *)in, (uint32_t *)out, sz);
+    wolfSSL_TI_unlockCCM() ;
+    
+    /* store iv for next call */
+    if(dir == DES_CFG_DIR_ENCRYPT)
+        XMEMCPY(des->reg, out + sz - DES_BLOCK_SIZE, DES_BLOCK_SIZE);
+    else
+        XMEMCPY(des->reg, des->tmp, DES_BLOCK_SIZE);
+    
+    return 0 ;
+}
+
+#define IS_ALIGN16(p) (((unsigned int)(p)&0xf) == 0)
+
+static int  DesCbc(Des* des, byte* out, const byte* in, word32 sz, word32 dir, word32 tri)
+{   
+    const byte * in_p ; byte * out_p ; 
+    word32 size ;
+    #define TI_BUFFSIZE 1024
+    byte buff[TI_BUFFSIZE] ;
+    if ((des == NULL) || (in == NULL) || (out == NULL))
+        return BAD_FUNC_ARG;
+    if(sz % DES_BLOCK_SIZE)
+        return BAD_FUNC_ARG;
+    
+    while(sz > 0) {
+        size = sz ; in_p = in ; out_p = out ;
+        if(!IS_ALIGN16(in)){
+            size = sz>TI_BUFFSIZE ? TI_BUFFSIZE : sz ;
+            XMEMCPY(buff, in, size) ; 
+            in_p = (const byte *)buff ;
+        }
+        if(!IS_ALIGN16(out)){
+            size = sz>TI_BUFFSIZE ? TI_BUFFSIZE : sz ;
+            out_p = (byte *)buff ;
+        }
+    
+        DesCbcAlign16(des, out_p, in_p, size, dir, tri) ;
+        
+        if(!IS_ALIGN16(out)){
+            XMEMCPY(out, buff, size) ;
+        }
+        sz -= size ; in += size ; out += size ;
+    }
+    return 0 ;
+}
+
+WOLFSSL_API int  wc_Des_SetKey(Des* des, const byte* key, const byte* iv,int dir)
+{
+    return DesSetKey(des, key, iv, dir, DES_CFG_SINGLE) ;
+}
+
+WOLFSSL_API void  wc_Des_SetIV(Des* des, const byte* iv)
+{
+    DesSetIV(des, iv, DES_CFG_SINGLE) ;
+}
+
+WOLFSSL_API int  wc_Des3_SetKey(Des3* des, const byte* key, const byte* iv,int dir)
+{
+    return DesSetKey((Des *)des, key, iv, dir, DES_CFG_TRIPLE) ;
+}
+
+WOLFSSL_API int  wc_Des3_SetIV(Des3* des, const byte* iv)
+{
+    return DesSetIV((Des *)des, iv, DES_CFG_TRIPLE) ;
+}
+
+
+WOLFSSL_API int  wc_Des_CbcEncrypt(Des* des, byte* out, const byte* in, word32 sz)
+{   
+    return DesCbc(des, out, in, sz, DES_CFG_DIR_ENCRYPT, DES_CFG_SINGLE) ;
+}
+
+WOLFSSL_API int  wc_Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 sz)
+{   
+    return DesCbc(des, out, in, sz, DES_CFG_DIR_DECRYPT, DES_CFG_SINGLE) ;
+}
+
+WOLFSSL_API int  wc_Des_CbcDecryptWithKey(byte* out, const byte* in, word32 sz,
+                                          const byte* key, const byte* iv)
+{ return 0 ;}
+
+WOLFSSL_API int  wc_Des3_CbcEncrypt(Des3* des, byte* out, const byte* in, word32 sz)
+{   
+    return DesCbc((Des *)des, out, in, sz, DES_CFG_DIR_ENCRYPT, DES_CFG_TRIPLE) ;
+}
+
+WOLFSSL_API int  wc_Des3_CbcDecrypt(Des3* des, byte* out, const byte* in, word32 sz)
+{   
+    return DesCbc((Des *)des, out, in, sz, DES_CFG_DIR_DECRYPT, DES_CFG_TRIPLE) ;
+}
+
+WOLFSSL_API int  wc_Des3_CbcDecryptWithKey(byte* out, const byte* in, word32 sz,
+                                               const byte* key, const byte* iv)
+{ return 0 ; }
+
+
+#endif /* WOLFSSL_TI_CRYPT */
+
+#endif /* NO_DES */
diff --git a/wolfcrypt/src/port/ti/ti-hash.c b/wolfcrypt/src/port/ti/ti-hash.c
new file mode 100644
index 000000000..223874b20
--- /dev/null
+++ b/wolfcrypt/src/port/ti/ti-hash.c
@@ -0,0 +1,231 @@
+/* port/ti/ti-hash.h
+ *
+ * Copyright (C) 2006-2015 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL. (formerly known as CyaSSL)
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+
+#ifndef WOLFSSL_TI_HASH_H
+#define WOLFSSL_TI_HASH_H
+
+#include <wolfssl/wolfcrypt/types.h>
+
+#if defined(WOLFSSL_TI_HASH)
+
+#ifdef __cplusplus
+    extern "C" {
+#endif
+
+#include <stdbool.h>
+#include <stdint.h>
+
+#include <wolfssl/wolfcrypt/error-crypt.h>
+#include <wolfssl/wolfcrypt/md5.h>      
+#include <wolfssl/wolfcrypt/sha.h>      
+#include <wolfssl/wolfcrypt/sha256.h>      
+#include <wolfssl/wolfcrypt/port/ti/ti-hash.h>
+#include <wolfssl/wolfcrypt/port/ti/ti-ccm.h>
+#include <wolfssl/wolfcrypt/logging.h>
+      
+#include "inc/hw_memmap.h"
+#include "inc/hw_shamd5.h"
+#include "inc/hw_ints.h"
+#include "driverlib/shamd5.h"
+#include "driverlib/sysctl.h"
+#include "driverlib/rom_map.h"
+#include "driverlib/rom.h"
+
+static int hashInit(wolfssl_TI_Hash *hash) {
+    hash->used = 0 ;
+    hash->msg  = 0 ;
+    hash->len  = 0 ;
+    return 0 ;
+}
+
+static int hashUpdate(wolfssl_TI_Hash *hash, const byte* data, word32 len)
+{
+    void *p ;
+    if((hash== NULL) || (data == NULL))return BAD_FUNC_ARG;
+    if(hash->len < hash->used+len) {
+        if(hash->msg == NULL) {
+            p = XMALLOC(hash->used+len, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        } else {
+            p = XREALLOC(hash->msg, hash->used+len, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        }
+        if(p == 0)return 1 ;
+        hash->msg = p ;     
+        hash->len = hash->used+len ;
+    } 
+    XMEMCPY(hash->msg+hash->used, data, len) ;
+    hash->used += len ;
+    return 0 ;
+}
+
+static int hashFinal(wolfssl_TI_Hash *hash, byte* result, word32 algo, word32 hsize)
+{
+    uint32_t h[16] ;
+    wolfSSL_TI_lockCCM() ;
+    ROM_SHAMD5Reset(SHAMD5_BASE);
+    ROM_SHAMD5ConfigSet(SHAMD5_BASE, algo);
+    ROM_SHAMD5DataProcess(SHAMD5_BASE, 
+                   (uint32_t *)hash->msg, hash->used, h);
+    XMEMCPY(result, h, hsize) ;
+    wolfSSL_TI_unlockCCM() ;
+    XFREE(hash->msg, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    hashInit(hash) ;
+    return 0 ;
+}
+
+static int hashHash(const byte* data, word32 len, byte* hash, word32 algo, word32 hsize)
+{
+    int ret = 0;
+#ifdef WOLFSSL_SMALL_STACK
+    wolfssl_TI_Hash* hash_desc;
+#else
+    wolfssl_TI_Hash  hash_desc[1];
+#endif
+
+#ifdef WOLFSSL_SMALL_STACK
+    hash_desc = (wolfssl_TI_Hash*)XMALLOC(sizeof(wolfssl_TI_Hash), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    if (hash_desc == NULL)
+        return MEMORY_E;
+#endif
+
+    if ((ret = hashInit(hash_desc)) != 0) {
+        WOLFSSL_MSG("Hash Init failed");
+    }
+    else {
+        hashUpdate(hash_desc, data, len);
+        hashFinal(hash_desc, hash, algo, hsize);
+    }
+
+#ifdef WOLFSSL_SMALL_STACK
+    XFREE(hash, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+
+    return ret;
+}
+
+#if !defined(NO_MD5)
+
+void wc_InitMd5(Md5* md5)
+{
+    if (md5 == NULL)
+        return ;
+    if(!wolfSSL_TI_CCMInit())return  ;
+    hashInit((wolfssl_TI_Hash *)md5) ;
+}
+
+void wc_Md5Update(Md5* md5, const byte* data, word32 len)
+{
+    hashUpdate((wolfssl_TI_Hash *)md5, data, len) ;
+}
+
+void wc_Md5Final(Md5* md5, byte* hash)
+{
+   hashFinal((wolfssl_TI_Hash *)md5, hash, SHAMD5_ALGO_MD5, MD5_DIGEST_SIZE) ;
+}
+
+WOLFSSL_API int wc_Md5Hash(const byte*data, word32 len, byte*hash)
+{ 
+    return hashHash(data, len, hash, SHAMD5_ALGO_MD5, MD5_DIGEST_SIZE) ;
+}
+
+#endif /* NO_MD5 */
+
+#if !defined(NO_SHA)
+
+WOLFSSL_API int wc_InitSha(Sha* sha)
+{
+    if (sha == NULL)
+        return 1 ;
+    if(!wolfSSL_TI_CCMInit())return 1 ;
+    return hashInit((wolfssl_TI_Hash *)sha) ;
+}
+
+WOLFSSL_API int wc_ShaUpdate(Sha* sha, const byte* data, word32 len)
+{
+    return hashUpdate((wolfssl_TI_Hash *)sha, data, len) ;
+}
+
+WOLFSSL_API int wc_ShaFinal(Sha* sha, byte* hash)
+{
+   return hashFinal((wolfssl_TI_Hash *)sha, hash, SHAMD5_ALGO_SHA1, SHA_DIGEST_SIZE) ;
+}
+WOLFSSL_API int wc_ShaHash(const byte*data, word32 len, byte*hash)
+{ 
+    return hashHash(data, len, hash, SHAMD5_ALGO_SHA1, SHA_DIGEST_SIZE) ;
+}
+
+#endif /* NO_SHA */
+
+#if defined(HAVE_SHA224)
+WOLFSSL_API int wc_InitSha224(Sha224* sha224)
+{
+    if (sha224 == NULL)
+        return 1 ;
+    if(!wolfSSL_TI_CCMInit())return 1 ;
+    return hashInit((wolfssl_TI_Hash *)sha224) ;
+}
+
+WOLFSSL_API int wc_Sha224Update(Sha224* sha224, const byte* data, word32 len)
+{
+    return hashUpdate((wolfssl_TI_Hash *)sha224, data, len) ;
+}
+
+WOLFSSL_API int wc_Sha224Final(Sha224* sha224, byte* hash)
+{
+   return hashFinal((wolfssl_TI_Hash *)sha224, hash, SHAMD5_ALGO_SHA224, SHA224_DIGEST_SIZE) ;
+}
+
+WOLFSSL_API int wc_Sha224Hash(const byte* data, word32 len, byte*hash)
+{ 
+    return hashHash(data, len, hash, SHAMD5_ALGO_SHA224, SHA224_DIGEST_SIZE) ;
+}
+
+#endif /* HAVE_SHA224 */
+
+#if !defined(NO_SHA256)
+WOLFSSL_API int wc_InitSha256(Sha256* sha256)
+{
+    if (sha256 == NULL)
+        return 1 ;
+    if(!wolfSSL_TI_CCMInit())return 1 ;
+    return hashInit((wolfssl_TI_Hash *)sha256) ;
+}
+
+WOLFSSL_API int wc_Sha256Update(Sha256* sha256, const byte* data, word32 len)
+{
+    return hashUpdate((wolfssl_TI_Hash *)sha256, data, len) ;
+}
+
+WOLFSSL_API int wc_Sha256Final(Sha256* sha256, byte* hash)
+{
+   return hashFinal((wolfssl_TI_Hash *)sha256, hash, SHAMD5_ALGO_SHA256, SHA256_DIGEST_SIZE) ;
+}
+
+WOLFSSL_API int wc_Sha256Hash(const byte* data, word32 len, byte*hash)
+{ 
+    return hashHash(data, len, hash, SHAMD5_ALGO_SHA256, SHA256_DIGEST_SIZE) ;
+}
+
+#endif /* NO_SHA256 */
+
+#endif  /* WOLFSSL_TI_HASH */
+
+#endif /* WOLFSSL_TI_HASH_H */

From b5654092ecce93997d464cde0a62abc961e926fb Mon Sep 17 00:00:00 2001
From: Takashi Kojo <kojo@wolfssl.com>
Date: Thu, 21 May 2015 13:42:02 +0900
Subject: [PATCH 090/350] Added Md5GetHash for BuildCertHashes

---
 src/include.am                  |    2 +
 src/internal.c                  |    6 +-
 wolfcrypt/src/md5.c             |  818 +++----
 wolfcrypt/src/port/ti/ti-hash.c |   99 +-
 wolfcrypt/src/sha.c             |  925 ++++----
 wolfcrypt/src/sha256.c          | 3540 ++++++++++++++++---------------
 wolfssl/wolfcrypt/md5.h         |  181 +-
 wolfssl/wolfcrypt/sha.h         |  168 +-
 wolfssl/wolfcrypt/sha256.h      |  166 +-
 9 files changed, 3045 insertions(+), 2860 deletions(-)
 mode change 100755 => 100644 wolfcrypt/src/sha256.c

diff --git a/src/include.am b/src/include.am
index a89d7d472..1dcf24a2b 100644
--- a/src/include.am
+++ b/src/include.am
@@ -191,6 +191,8 @@ if BUILD_PKCS7
 src_libwolfssl_la_SOURCES += wolfcrypt/src/pkcs7.c
 endif
 
+src_libwolfssl_la_SOURCES += wolfcrypt/src/port/ti/ti-hash.c
+
 # ssl files
 src_libwolfssl_la_SOURCES += \
                src/internal.c \
diff --git a/src/internal.c b/src/internal.c
index aa69f8310..48f226201 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -6925,14 +6925,14 @@ static int BuildCertHashes(WOLFSSL* ssl, Hashes* hashes)
 
     if (ssl->options.tls) {
 #if ! defined( NO_OLD_TLS )
-        wc_Md5Final(&ssl->hsHashes->hashMd5, hashes->md5);
-        wc_ShaFinal(&ssl->hsHashes->hashSha, hashes->sha);
+        wc_Md5GetHash(&ssl->hsHashes->hashMd5, hashes->md5);
+        wc_ShaGetHash(&ssl->hsHashes->hashSha, hashes->sha);
 #endif
         if (IsAtLeastTLSv1_2(ssl)) {
             int ret;
 
             #ifndef NO_SHA256
-                ret = wc_Sha256Final(&ssl->hsHashes->hashSha256,hashes->sha256);
+                ret = wc_Sha256GetHash(&ssl->hsHashes->hashSha256,hashes->sha256);
                 if (ret != 0)
                     return ret;
             #endif
diff --git a/wolfcrypt/src/md5.c b/wolfcrypt/src/md5.c
index d2583bd9b..a3e76eda8 100644
--- a/wolfcrypt/src/md5.c
+++ b/wolfcrypt/src/md5.c
@@ -1,392 +1,426 @@
-/* md5.c
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
-
-#if !defined(NO_MD5)
-
-#ifdef WOLFSSL_PIC32MZ_HASH
-#define wc_InitMd5   wc_InitMd5_sw
-#define wc_Md5Update wc_Md5Update_sw
-#define wc_Md5Final  wc_Md5Final_sw
-#endif
-
-#include <wolfssl/wolfcrypt/md5.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
-
-#ifdef NO_INLINE
-    #include <wolfssl/wolfcrypt/misc.h>
-#else
-    #include <wolfcrypt/src/misc.c>
-#endif
-
-#ifdef FREESCALE_MMCAU
-    #include "cau_api.h"
-    #define XTRANSFORM(S,B)  cau_md5_hash_n((B), 1, (unsigned char*)(S)->digest)
-#else
-    #define XTRANSFORM(S,B)  Transform((S))
-#endif
-
-
-#ifdef STM32F2_HASH
-    /*
-     * STM32F2 hardware MD5 support through the STM32F2 standard peripheral
-     * library. Documentation located in STM32F2xx Standard Peripheral Library
-     * document (See note in README).
-     */
-    #include "stm32f2xx.h"
-
-    void wc_InitMd5(Md5* md5)
-    {
-        /* STM32F2 struct notes:
-         * md5->buffer  = first 4 bytes used to hold partial block if needed 
-         * md5->buffLen = num bytes currently stored in md5->buffer
-         * md5->loLen   = num bytes that have been written to STM32 FIFO
-         */
-        XMEMSET(md5->buffer, 0, MD5_REG_SIZE);
-			
-        md5->buffLen = 0;
-        md5->loLen = 0;
-
-        /* initialize HASH peripheral */
-        HASH_DeInit();
-
-        /* configure algo used, algo mode, datatype */
-        HASH->CR &= ~ (HASH_CR_ALGO | HASH_CR_DATATYPE | HASH_CR_MODE);
-        HASH->CR |= (HASH_AlgoSelection_MD5 | HASH_AlgoMode_HASH 
-                 | HASH_DataType_8b);
-
-        /* reset HASH processor */
-        HASH->CR |= HASH_CR_INIT;
-    }
-
-    void wc_Md5Update(Md5* md5, const byte* data, word32 len)
-    {
-        word32 i = 0;
-        word32 fill = 0;
-        word32 diff = 0;
-
-        /* if saved partial block is available */
-        if (md5->buffLen > 0) {
-            fill = 4 - md5->buffLen;
-
-            /* if enough data to fill, fill and push to FIFO */
-            if (fill <= len) {
-                XMEMCPY((byte*)md5->buffer + md5->buffLen, data, fill);
-                HASH_DataIn(*(uint32_t*)md5->buffer);
-
-                data += fill;
-                len -= fill;
-                md5->loLen += 4;
-                md5->buffLen = 0;
-            } else {
-                /* append partial to existing stored block */
-                XMEMCPY((byte*)md5->buffer + md5->buffLen, data, len);
-                md5->buffLen += len;
-                return;
-            }
-        }
-
-        /* write input block in the IN FIFO */
-        for (i = 0; i < len; i += 4)
-        {
-            diff = len - i;
-            if (diff < 4) {
-                /* store incomplete last block, not yet in FIFO */
-                XMEMSET(md5->buffer, 0, MD5_REG_SIZE);
-                XMEMCPY((byte*)md5->buffer, data, diff);
-                md5->buffLen = diff;
-            } else {
-                HASH_DataIn(*(uint32_t*)data);
-                data+=4;
-            }
-        }
-
-        /* keep track of total data length thus far */
-        md5->loLen += (len - md5->buffLen);
-    }
-
-    void wc_Md5Final(Md5* md5, byte* hash)
-    {
-        __IO uint16_t nbvalidbitsdata = 0;
-
-        /* finish reading any trailing bytes into FIFO */
-        if (md5->buffLen > 0) {
-            HASH_DataIn(*(uint32_t*)md5->buffer);
-            md5->loLen += md5->buffLen;
-        }
-
-        /* calculate number of valid bits in last word of input data */
-        nbvalidbitsdata = 8 * (md5->loLen % MD5_REG_SIZE);
-
-        /* configure number of valid bits in last word of the data */
-        HASH_SetLastWordValidBitsNbr(nbvalidbitsdata);
-
-        /* start HASH processor */
-        HASH_StartDigest();
-
-        /* wait until Busy flag == RESET */
-        while (HASH_GetFlagStatus(HASH_FLAG_BUSY) != RESET) {}
-        
-        /* read message digest */
-        md5->digest[0] = HASH->HR[0];
-        md5->digest[1] = HASH->HR[1];
-        md5->digest[2] = HASH->HR[2];
-        md5->digest[3] = HASH->HR[3];
-
-        ByteReverseWords(md5->digest, md5->digest, MD5_DIGEST_SIZE);
-
-        XMEMCPY(hash, md5->digest, MD5_DIGEST_SIZE);
-
-        wc_InitMd5(md5);  /* reset state */
-    }
-
-#else /* CTaoCrypt software implementation */
-
-#ifndef WOLFSSL_HAVE_MIN
-#define WOLFSSL_HAVE_MIN
-
-    static INLINE word32 min(word32 a, word32 b)
-    {
-        return a > b ? b : a;
-    }
-
-#endif /* WOLFSSL_HAVE_MIN */
-
-
-void wc_InitMd5(Md5* md5)
-{
-    md5->digest[0] = 0x67452301L;
-    md5->digest[1] = 0xefcdab89L;
-    md5->digest[2] = 0x98badcfeL;
-    md5->digest[3] = 0x10325476L;
-
-    md5->buffLen = 0;
-    md5->loLen   = 0;
-    md5->hiLen   = 0;
-}
-
-#ifndef FREESCALE_MMCAU
-
-static void Transform(Md5* md5)
-{
-#define F1(x, y, z) (z ^ (x & (y ^ z)))
-#define F2(x, y, z) F1(z, x, y)
-#define F3(x, y, z) (x ^ y ^ z)
-#define F4(x, y, z) (y ^ (x | ~z))
-
-#define MD5STEP(f, w, x, y, z, data, s) \
-    w = rotlFixed(w + f(x, y, z) + data, s) + x
-
-    /* Copy context->state[] to working vars  */
-    word32 a = md5->digest[0];
-    word32 b = md5->digest[1];
-    word32 c = md5->digest[2];
-    word32 d = md5->digest[3];
-
-    MD5STEP(F1, a, b, c, d, md5->buffer[0]  + 0xd76aa478,  7);
-    MD5STEP(F1, d, a, b, c, md5->buffer[1]  + 0xe8c7b756, 12);
-    MD5STEP(F1, c, d, a, b, md5->buffer[2]  + 0x242070db, 17);
-    MD5STEP(F1, b, c, d, a, md5->buffer[3]  + 0xc1bdceee, 22);
-    MD5STEP(F1, a, b, c, d, md5->buffer[4]  + 0xf57c0faf,  7);
-    MD5STEP(F1, d, a, b, c, md5->buffer[5]  + 0x4787c62a, 12);
-    MD5STEP(F1, c, d, a, b, md5->buffer[6]  + 0xa8304613, 17);
-    MD5STEP(F1, b, c, d, a, md5->buffer[7]  + 0xfd469501, 22);
-    MD5STEP(F1, a, b, c, d, md5->buffer[8]  + 0x698098d8,  7);
-    MD5STEP(F1, d, a, b, c, md5->buffer[9]  + 0x8b44f7af, 12);
-    MD5STEP(F1, c, d, a, b, md5->buffer[10] + 0xffff5bb1, 17);
-    MD5STEP(F1, b, c, d, a, md5->buffer[11] + 0x895cd7be, 22);
-    MD5STEP(F1, a, b, c, d, md5->buffer[12] + 0x6b901122,  7);
-    MD5STEP(F1, d, a, b, c, md5->buffer[13] + 0xfd987193, 12);
-    MD5STEP(F1, c, d, a, b, md5->buffer[14] + 0xa679438e, 17);
-    MD5STEP(F1, b, c, d, a, md5->buffer[15] + 0x49b40821, 22);
-
-    MD5STEP(F2, a, b, c, d, md5->buffer[1]  + 0xf61e2562,  5);
-    MD5STEP(F2, d, a, b, c, md5->buffer[6]  + 0xc040b340,  9);
-    MD5STEP(F2, c, d, a, b, md5->buffer[11] + 0x265e5a51, 14);
-    MD5STEP(F2, b, c, d, a, md5->buffer[0]  + 0xe9b6c7aa, 20);
-    MD5STEP(F2, a, b, c, d, md5->buffer[5]  + 0xd62f105d,  5);
-    MD5STEP(F2, d, a, b, c, md5->buffer[10] + 0x02441453,  9);
-    MD5STEP(F2, c, d, a, b, md5->buffer[15] + 0xd8a1e681, 14);
-    MD5STEP(F2, b, c, d, a, md5->buffer[4]  + 0xe7d3fbc8, 20);
-    MD5STEP(F2, a, b, c, d, md5->buffer[9]  + 0x21e1cde6,  5);
-    MD5STEP(F2, d, a, b, c, md5->buffer[14] + 0xc33707d6,  9);
-    MD5STEP(F2, c, d, a, b, md5->buffer[3]  + 0xf4d50d87, 14);
-    MD5STEP(F2, b, c, d, a, md5->buffer[8]  + 0x455a14ed, 20);
-    MD5STEP(F2, a, b, c, d, md5->buffer[13] + 0xa9e3e905,  5);
-    MD5STEP(F2, d, a, b, c, md5->buffer[2]  + 0xfcefa3f8,  9);
-    MD5STEP(F2, c, d, a, b, md5->buffer[7]  + 0x676f02d9, 14);
-    MD5STEP(F2, b, c, d, a, md5->buffer[12] + 0x8d2a4c8a, 20);
-
-    MD5STEP(F3, a, b, c, d, md5->buffer[5]  + 0xfffa3942,  4);
-    MD5STEP(F3, d, a, b, c, md5->buffer[8]  + 0x8771f681, 11);
-    MD5STEP(F3, c, d, a, b, md5->buffer[11] + 0x6d9d6122, 16);
-    MD5STEP(F3, b, c, d, a, md5->buffer[14] + 0xfde5380c, 23);
-    MD5STEP(F3, a, b, c, d, md5->buffer[1]  + 0xa4beea44,  4);
-    MD5STEP(F3, d, a, b, c, md5->buffer[4]  + 0x4bdecfa9, 11);
-    MD5STEP(F3, c, d, a, b, md5->buffer[7]  + 0xf6bb4b60, 16);
-    MD5STEP(F3, b, c, d, a, md5->buffer[10] + 0xbebfbc70, 23);
-    MD5STEP(F3, a, b, c, d, md5->buffer[13] + 0x289b7ec6,  4);
-    MD5STEP(F3, d, a, b, c, md5->buffer[0]  + 0xeaa127fa, 11);
-    MD5STEP(F3, c, d, a, b, md5->buffer[3]  + 0xd4ef3085, 16);
-    MD5STEP(F3, b, c, d, a, md5->buffer[6]  + 0x04881d05, 23);
-    MD5STEP(F3, a, b, c, d, md5->buffer[9]  + 0xd9d4d039,  4);
-    MD5STEP(F3, d, a, b, c, md5->buffer[12] + 0xe6db99e5, 11);
-    MD5STEP(F3, c, d, a, b, md5->buffer[15] + 0x1fa27cf8, 16);
-    MD5STEP(F3, b, c, d, a, md5->buffer[2]  + 0xc4ac5665, 23);
-
-    MD5STEP(F4, a, b, c, d, md5->buffer[0]  + 0xf4292244,  6);
-    MD5STEP(F4, d, a, b, c, md5->buffer[7]  + 0x432aff97, 10);
-    MD5STEP(F4, c, d, a, b, md5->buffer[14] + 0xab9423a7, 15);
-    MD5STEP(F4, b, c, d, a, md5->buffer[5]  + 0xfc93a039, 21);
-    MD5STEP(F4, a, b, c, d, md5->buffer[12] + 0x655b59c3,  6);
-    MD5STEP(F4, d, a, b, c, md5->buffer[3]  + 0x8f0ccc92, 10);
-    MD5STEP(F4, c, d, a, b, md5->buffer[10] + 0xffeff47d, 15);
-    MD5STEP(F4, b, c, d, a, md5->buffer[1]  + 0x85845dd1, 21);
-    MD5STEP(F4, a, b, c, d, md5->buffer[8]  + 0x6fa87e4f,  6);
-    MD5STEP(F4, d, a, b, c, md5->buffer[15] + 0xfe2ce6e0, 10);
-    MD5STEP(F4, c, d, a, b, md5->buffer[6]  + 0xa3014314, 15);
-    MD5STEP(F4, b, c, d, a, md5->buffer[13] + 0x4e0811a1, 21);
-    MD5STEP(F4, a, b, c, d, md5->buffer[4]  + 0xf7537e82,  6);
-    MD5STEP(F4, d, a, b, c, md5->buffer[11] + 0xbd3af235, 10);
-    MD5STEP(F4, c, d, a, b, md5->buffer[2]  + 0x2ad7d2bb, 15);
-    MD5STEP(F4, b, c, d, a, md5->buffer[9]  + 0xeb86d391, 21);
-    
-    /* Add the working vars back into digest state[]  */
-    md5->digest[0] += a;
-    md5->digest[1] += b;
-    md5->digest[2] += c;
-    md5->digest[3] += d;
-}
-
-#endif /* FREESCALE_MMCAU */
-
-
-static INLINE void AddLength(Md5* md5, word32 len)
-{
-    word32 tmp = md5->loLen;
-    if ( (md5->loLen += len) < tmp)
-        md5->hiLen++;                       /* carry low to high */
-}
-
-
-void wc_Md5Update(Md5* md5, const byte* data, word32 len)
-{
-    /* do block size increments */
-    byte* local = (byte*)md5->buffer;
-
-    while (len) {
-        word32 add = min(len, MD5_BLOCK_SIZE - md5->buffLen);
-        XMEMCPY(&local[md5->buffLen], data, add);
-
-        md5->buffLen += add;
-        data         += add;
-        len          -= add;
-
-        if (md5->buffLen == MD5_BLOCK_SIZE) {
-            #if defined(BIG_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU)
-                ByteReverseWords(md5->buffer, md5->buffer, MD5_BLOCK_SIZE);
-            #endif
-            XTRANSFORM(md5, local);
-            AddLength(md5, MD5_BLOCK_SIZE);
-            md5->buffLen = 0;
-        }
-    }
-}
-
-
-void wc_Md5Final(Md5* md5, byte* hash)
-{
-    byte* local = (byte*)md5->buffer;
-
-    AddLength(md5, md5->buffLen);  /* before adding pads */
-
-    local[md5->buffLen++] = 0x80;  /* add 1 */
-
-    /* pad with zeros */
-    if (md5->buffLen > MD5_PAD_SIZE) {
-        XMEMSET(&local[md5->buffLen], 0, MD5_BLOCK_SIZE - md5->buffLen);
-        md5->buffLen += MD5_BLOCK_SIZE - md5->buffLen;
-
-        #if defined(BIG_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU)
-            ByteReverseWords(md5->buffer, md5->buffer, MD5_BLOCK_SIZE);
-        #endif
-        XTRANSFORM(md5, local);
-        md5->buffLen = 0;
-    }
-    XMEMSET(&local[md5->buffLen], 0, MD5_PAD_SIZE - md5->buffLen);
-   
-    /* put lengths in bits */
-    md5->hiLen = (md5->loLen >> (8*sizeof(md5->loLen) - 3)) + 
-                 (md5->hiLen << 3);
-    md5->loLen = md5->loLen << 3;
-
-    /* store lengths */
-    #if defined(BIG_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU)
-        ByteReverseWords(md5->buffer, md5->buffer, MD5_BLOCK_SIZE);
-    #endif
-    /* ! length ordering dependent on digest endian type ! */
-    XMEMCPY(&local[MD5_PAD_SIZE], &md5->loLen, sizeof(word32));
-    XMEMCPY(&local[MD5_PAD_SIZE + sizeof(word32)], &md5->hiLen, sizeof(word32));
-
-    XTRANSFORM(md5, local);
-    #ifdef BIG_ENDIAN_ORDER
-        ByteReverseWords(md5->digest, md5->digest, MD5_DIGEST_SIZE);
-    #endif
-    XMEMCPY(hash, md5->digest, MD5_DIGEST_SIZE);
-
-    wc_InitMd5(md5);  /* reset state */
-}
-
-#endif /* STM32F2_HASH */
-
-
-int wc_Md5Hash(const byte* data, word32 len, byte* hash)
-{
-#ifdef WOLFSSL_SMALL_STACK
-    Md5* md5;
-#else
-    Md5 md5[1];
-#endif
-
-#ifdef WOLFSSL_SMALL_STACK
-    md5 = (Md5*)XMALLOC(sizeof(Md5), NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    if (md5 == NULL)
-        return MEMORY_E;
-#endif
-
-    wc_InitMd5(md5);
-    wc_Md5Update(md5, data, len);
-    wc_Md5Final(md5, hash);
-
-#ifdef WOLFSSL_SMALL_STACK
-    XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-
-    return 0;
-}
-
-#endif /* NO_MD5 */
+/* md5.c
+ *
+ * Copyright (C) 2006-2015 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL. (formerly known as CyaSSL)
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#include <wolfssl/wolfcrypt/settings.h>
+
+#if !defined(NO_MD5) && !defined(WOLFSSL_TI_HASH)
+
+#ifdef WOLFSSL_PIC32MZ_HASH
+#define wc_InitMd5   wc_InitMd5_sw
+#define wc_Md5Update wc_Md5Update_sw
+#define wc_Md5Final  wc_Md5Final_sw
+#endif
+
+#include <wolfssl/wolfcrypt/md5.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
+
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #include <wolfcrypt/src/misc.c>
+#endif
+
+#ifdef FREESCALE_MMCAU
+    #include "cau_api.h"
+    #define XTRANSFORM(S,B)  cau_md5_hash_n((B), 1, (unsigned char*)(S)->digest)
+#else
+    #define XTRANSFORM(S,B)  Transform((S))
+#endif
+
+
+#ifdef STM32F2_HASH
+    /*
+     * STM32F2 hardware MD5 support through the STM32F2 standard peripheral
+     * library. Documentation located in STM32F2xx Standard Peripheral Library
+     * document (See note in README).
+     */
+    #include "stm32f2xx.h"
+
+    void wc_InitMd5(Md5* md5)
+    {
+        /* STM32F2 struct notes:
+         * md5->buffer  = first 4 bytes used to hold partial block if needed 
+         * md5->buffLen = num bytes currently stored in md5->buffer
+         * md5->loLen   = num bytes that have been written to STM32 FIFO
+         */
+        XMEMSET(md5->buffer, 0, MD5_REG_SIZE);
+			
+        md5->buffLen = 0;
+        md5->loLen = 0;
+
+        /* initialize HASH peripheral */
+        HASH_DeInit();
+
+        /* configure algo used, algo mode, datatype */
+        HASH->CR &= ~ (HASH_CR_ALGO | HASH_CR_DATATYPE | HASH_CR_MODE);
+        HASH->CR |= (HASH_AlgoSelection_MD5 | HASH_AlgoMode_HASH 
+                 | HASH_DataType_8b);
+
+        /* reset HASH processor */
+        HASH->CR |= HASH_CR_INIT;
+    }
+
+    void wc_Md5Update(Md5* md5, const byte* data, word32 len)
+    {
+        word32 i = 0;
+        word32 fill = 0;
+        word32 diff = 0;
+
+        /* if saved partial block is available */
+        if (md5->buffLen > 0) {
+            fill = 4 - md5->buffLen;
+
+            /* if enough data to fill, fill and push to FIFO */
+            if (fill <= len) {
+                XMEMCPY((byte*)md5->buffer + md5->buffLen, data, fill);
+                HASH_DataIn(*(uint32_t*)md5->buffer);
+
+                data += fill;
+                len -= fill;
+                md5->loLen += 4;
+                md5->buffLen = 0;
+            } else {
+                /* append partial to existing stored block */
+                XMEMCPY((byte*)md5->buffer + md5->buffLen, data, len);
+                md5->buffLen += len;
+                return;
+            }
+        }
+
+        /* write input block in the IN FIFO */
+        for (i = 0; i < len; i += 4)
+        {
+            diff = len - i;
+            if (diff < 4) {
+                /* store incomplete last block, not yet in FIFO */
+                XMEMSET(md5->buffer, 0, MD5_REG_SIZE);
+                XMEMCPY((byte*)md5->buffer, data, diff);
+                md5->buffLen = diff;
+            } else {
+                HASH_DataIn(*(uint32_t*)data);
+                data+=4;
+            }
+        }
+
+        /* keep track of total data length thus far */
+        md5->loLen += (len - md5->buffLen);
+    }
+
+    void wc_Md5Final(Md5* md5, byte* hash)
+    {
+        __IO uint16_t nbvalidbitsdata = 0;
+
+        /* finish reading any trailing bytes into FIFO */
+        if (md5->buffLen > 0) {
+            HASH_DataIn(*(uint32_t*)md5->buffer);
+            md5->loLen += md5->buffLen;
+        }
+
+        /* calculate number of valid bits in last word of input data */
+        nbvalidbitsdata = 8 * (md5->loLen % MD5_REG_SIZE);
+
+        /* configure number of valid bits in last word of the data */
+        HASH_SetLastWordValidBitsNbr(nbvalidbitsdata);
+
+        /* start HASH processor */
+        HASH_StartDigest();
+
+        /* wait until Busy flag == RESET */
+        while (HASH_GetFlagStatus(HASH_FLAG_BUSY) != RESET) {}
+        
+        /* read message digest */
+        md5->digest[0] = HASH->HR[0];
+        md5->digest[1] = HASH->HR[1];
+        md5->digest[2] = HASH->HR[2];
+        md5->digest[3] = HASH->HR[3];
+
+        ByteReverseWords(md5->digest, md5->digest, MD5_DIGEST_SIZE);
+
+        XMEMCPY(hash, md5->digest, MD5_DIGEST_SIZE);
+
+        wc_InitMd5(md5);  /* reset state */
+    }
+
+#elif defined(WOLFSSL_IT_HASH)
+
+    /* defined in port/ti_md5.c */
+
+#else /* CTaoCrypt software implementation */
+
+#ifndef WOLFSSL_HAVE_MIN
+#define WOLFSSL_HAVE_MIN
+
+    static INLINE word32 min(word32 a, word32 b)
+    {
+        return a > b ? b : a;
+    }
+
+#endif /* WOLFSSL_HAVE_MIN */
+
+#ifdef TI_HASH_TEST
+void wc_InitMd5_ti(Md5* md5) ;
+void wc_Md5Update_ti(Md5* md5, const byte* data, word32 len) ;
+void wc_Md5Final_ti(Md5* md5, byte* hash) ;
+#endif
+
+void wc_InitMd5(Md5* md5)
+{
+    md5->digest[0] = 0x67452301L;
+    md5->digest[1] = 0xefcdab89L;
+    md5->digest[2] = 0x98badcfeL;
+    md5->digest[3] = 0x10325476L;
+
+    md5->buffLen = 0;
+    md5->loLen   = 0;
+    md5->hiLen   = 0;
+
+#ifdef TI_HASH_TEST
+    wc_InitMd5_ti(md5) ;
+#endif
+}
+
+#ifndef FREESCALE_MMCAU
+
+static void Transform(Md5* md5)
+{
+#define F1(x, y, z) (z ^ (x & (y ^ z)))
+#define F2(x, y, z) F1(z, x, y)
+#define F3(x, y, z) (x ^ y ^ z)
+#define F4(x, y, z) (y ^ (x | ~z))
+
+#define MD5STEP(f, w, x, y, z, data, s) \
+    w = rotlFixed(w + f(x, y, z) + data, s) + x
+
+    /* Copy context->state[] to working vars  */
+    word32 a = md5->digest[0];
+    word32 b = md5->digest[1];
+    word32 c = md5->digest[2];
+    word32 d = md5->digest[3];
+
+    MD5STEP(F1, a, b, c, d, md5->buffer[0]  + 0xd76aa478,  7);
+    MD5STEP(F1, d, a, b, c, md5->buffer[1]  + 0xe8c7b756, 12);
+    MD5STEP(F1, c, d, a, b, md5->buffer[2]  + 0x242070db, 17);
+    MD5STEP(F1, b, c, d, a, md5->buffer[3]  + 0xc1bdceee, 22);
+    MD5STEP(F1, a, b, c, d, md5->buffer[4]  + 0xf57c0faf,  7);
+    MD5STEP(F1, d, a, b, c, md5->buffer[5]  + 0x4787c62a, 12);
+    MD5STEP(F1, c, d, a, b, md5->buffer[6]  + 0xa8304613, 17);
+    MD5STEP(F1, b, c, d, a, md5->buffer[7]  + 0xfd469501, 22);
+    MD5STEP(F1, a, b, c, d, md5->buffer[8]  + 0x698098d8,  7);
+    MD5STEP(F1, d, a, b, c, md5->buffer[9]  + 0x8b44f7af, 12);
+    MD5STEP(F1, c, d, a, b, md5->buffer[10] + 0xffff5bb1, 17);
+    MD5STEP(F1, b, c, d, a, md5->buffer[11] + 0x895cd7be, 22);
+    MD5STEP(F1, a, b, c, d, md5->buffer[12] + 0x6b901122,  7);
+    MD5STEP(F1, d, a, b, c, md5->buffer[13] + 0xfd987193, 12);
+    MD5STEP(F1, c, d, a, b, md5->buffer[14] + 0xa679438e, 17);
+    MD5STEP(F1, b, c, d, a, md5->buffer[15] + 0x49b40821, 22);
+
+    MD5STEP(F2, a, b, c, d, md5->buffer[1]  + 0xf61e2562,  5);
+    MD5STEP(F2, d, a, b, c, md5->buffer[6]  + 0xc040b340,  9);
+    MD5STEP(F2, c, d, a, b, md5->buffer[11] + 0x265e5a51, 14);
+    MD5STEP(F2, b, c, d, a, md5->buffer[0]  + 0xe9b6c7aa, 20);
+    MD5STEP(F2, a, b, c, d, md5->buffer[5]  + 0xd62f105d,  5);
+    MD5STEP(F2, d, a, b, c, md5->buffer[10] + 0x02441453,  9);
+    MD5STEP(F2, c, d, a, b, md5->buffer[15] + 0xd8a1e681, 14);
+    MD5STEP(F2, b, c, d, a, md5->buffer[4]  + 0xe7d3fbc8, 20);
+    MD5STEP(F2, a, b, c, d, md5->buffer[9]  + 0x21e1cde6,  5);
+    MD5STEP(F2, d, a, b, c, md5->buffer[14] + 0xc33707d6,  9);
+    MD5STEP(F2, c, d, a, b, md5->buffer[3]  + 0xf4d50d87, 14);
+    MD5STEP(F2, b, c, d, a, md5->buffer[8]  + 0x455a14ed, 20);
+    MD5STEP(F2, a, b, c, d, md5->buffer[13] + 0xa9e3e905,  5);
+    MD5STEP(F2, d, a, b, c, md5->buffer[2]  + 0xfcefa3f8,  9);
+    MD5STEP(F2, c, d, a, b, md5->buffer[7]  + 0x676f02d9, 14);
+    MD5STEP(F2, b, c, d, a, md5->buffer[12] + 0x8d2a4c8a, 20);
+
+    MD5STEP(F3, a, b, c, d, md5->buffer[5]  + 0xfffa3942,  4);
+    MD5STEP(F3, d, a, b, c, md5->buffer[8]  + 0x8771f681, 11);
+    MD5STEP(F3, c, d, a, b, md5->buffer[11] + 0x6d9d6122, 16);
+    MD5STEP(F3, b, c, d, a, md5->buffer[14] + 0xfde5380c, 23);
+    MD5STEP(F3, a, b, c, d, md5->buffer[1]  + 0xa4beea44,  4);
+    MD5STEP(F3, d, a, b, c, md5->buffer[4]  + 0x4bdecfa9, 11);
+    MD5STEP(F3, c, d, a, b, md5->buffer[7]  + 0xf6bb4b60, 16);
+    MD5STEP(F3, b, c, d, a, md5->buffer[10] + 0xbebfbc70, 23);
+    MD5STEP(F3, a, b, c, d, md5->buffer[13] + 0x289b7ec6,  4);
+    MD5STEP(F3, d, a, b, c, md5->buffer[0]  + 0xeaa127fa, 11);
+    MD5STEP(F3, c, d, a, b, md5->buffer[3]  + 0xd4ef3085, 16);
+    MD5STEP(F3, b, c, d, a, md5->buffer[6]  + 0x04881d05, 23);
+    MD5STEP(F3, a, b, c, d, md5->buffer[9]  + 0xd9d4d039,  4);
+    MD5STEP(F3, d, a, b, c, md5->buffer[12] + 0xe6db99e5, 11);
+    MD5STEP(F3, c, d, a, b, md5->buffer[15] + 0x1fa27cf8, 16);
+    MD5STEP(F3, b, c, d, a, md5->buffer[2]  + 0xc4ac5665, 23);
+
+    MD5STEP(F4, a, b, c, d, md5->buffer[0]  + 0xf4292244,  6);
+    MD5STEP(F4, d, a, b, c, md5->buffer[7]  + 0x432aff97, 10);
+    MD5STEP(F4, c, d, a, b, md5->buffer[14] + 0xab9423a7, 15);
+    MD5STEP(F4, b, c, d, a, md5->buffer[5]  + 0xfc93a039, 21);
+    MD5STEP(F4, a, b, c, d, md5->buffer[12] + 0x655b59c3,  6);
+    MD5STEP(F4, d, a, b, c, md5->buffer[3]  + 0x8f0ccc92, 10);
+    MD5STEP(F4, c, d, a, b, md5->buffer[10] + 0xffeff47d, 15);
+    MD5STEP(F4, b, c, d, a, md5->buffer[1]  + 0x85845dd1, 21);
+    MD5STEP(F4, a, b, c, d, md5->buffer[8]  + 0x6fa87e4f,  6);
+    MD5STEP(F4, d, a, b, c, md5->buffer[15] + 0xfe2ce6e0, 10);
+    MD5STEP(F4, c, d, a, b, md5->buffer[6]  + 0xa3014314, 15);
+    MD5STEP(F4, b, c, d, a, md5->buffer[13] + 0x4e0811a1, 21);
+    MD5STEP(F4, a, b, c, d, md5->buffer[4]  + 0xf7537e82,  6);
+    MD5STEP(F4, d, a, b, c, md5->buffer[11] + 0xbd3af235, 10);
+    MD5STEP(F4, c, d, a, b, md5->buffer[2]  + 0x2ad7d2bb, 15);
+    MD5STEP(F4, b, c, d, a, md5->buffer[9]  + 0xeb86d391, 21);
+    
+    /* Add the working vars back into digest state[]  */
+    md5->digest[0] += a;
+    md5->digest[1] += b;
+    md5->digest[2] += c;
+    md5->digest[3] += d;
+}
+
+#endif /* FREESCALE_MMCAU */
+
+
+static INLINE void AddLength(Md5* md5, word32 len)
+{
+    word32 tmp = md5->loLen;
+    if ( (md5->loLen += len) < tmp)
+        md5->hiLen++;                       /* carry low to high */
+}
+
+
+void wc_Md5Update(Md5* md5, const byte* data, word32 len)
+{
+    /* do block size increments */
+    byte* local = (byte*)md5->buffer;
+
+    while (len) {
+        word32 add = min(len, MD5_BLOCK_SIZE - md5->buffLen);
+        XMEMCPY(&local[md5->buffLen], data, add);
+
+        md5->buffLen += add;
+        data         += add;
+        len          -= add;
+
+        if (md5->buffLen == MD5_BLOCK_SIZE) {
+            #if defined(BIG_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU)
+                ByteReverseWords(md5->buffer, md5->buffer, MD5_BLOCK_SIZE);
+            #endif
+            XTRANSFORM(md5, local);
+            AddLength(md5, MD5_BLOCK_SIZE);
+            md5->buffLen = 0;
+        }
+    }
+#ifdef TI_HASH_TEST
+    wc_Md5Update_ti(md5, data, len) ;
+#endif
+
+}
+
+
+void wc_Md5Final(Md5* md5, byte* hash)
+{
+    byte* local = (byte*)md5->buffer;
+
+    AddLength(md5, md5->buffLen);  /* before adding pads */
+
+    local[md5->buffLen++] = 0x80;  /* add 1 */
+
+    /* pad with zeros */
+    if (md5->buffLen > MD5_PAD_SIZE) {
+        XMEMSET(&local[md5->buffLen], 0, MD5_BLOCK_SIZE - md5->buffLen);
+        md5->buffLen += MD5_BLOCK_SIZE - md5->buffLen;
+
+        #if defined(BIG_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU)
+            ByteReverseWords(md5->buffer, md5->buffer, MD5_BLOCK_SIZE);
+        #endif
+        XTRANSFORM(md5, local);
+        md5->buffLen = 0;
+    }
+    XMEMSET(&local[md5->buffLen], 0, MD5_PAD_SIZE - md5->buffLen);
+   
+    /* put lengths in bits */
+    md5->hiLen = (md5->loLen >> (8*sizeof(md5->loLen) - 3)) + 
+                 (md5->hiLen << 3);
+    md5->loLen = md5->loLen << 3;
+
+    /* store lengths */
+    #if defined(BIG_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU)
+        ByteReverseWords(md5->buffer, md5->buffer, MD5_BLOCK_SIZE);
+    #endif
+    /* ! length ordering dependent on digest endian type ! */
+    XMEMCPY(&local[MD5_PAD_SIZE], &md5->loLen, sizeof(word32));
+    XMEMCPY(&local[MD5_PAD_SIZE + sizeof(word32)], &md5->hiLen, sizeof(word32));
+
+    XTRANSFORM(md5, local);
+    #ifdef BIG_ENDIAN_ORDER
+        ByteReverseWords(md5->digest, md5->digest, MD5_DIGEST_SIZE);
+    #endif
+    XMEMCPY(hash, md5->digest, MD5_DIGEST_SIZE);
+
+    wc_InitMd5(md5);  /* reset state */
+
+#ifdef TI_HASH_TEST
+    wc_Md5Final_ti(md5, hash) ;
+#endif
+}
+
+#endif /* STM32F2_HASH */
+
+
+int wc_Md5Hash(const byte* data, word32 len, byte* hash)
+{
+#ifdef WOLFSSL_SMALL_STACK
+    Md5* md5;
+#else
+    Md5 md5[1];
+#endif
+
+#ifdef WOLFSSL_SMALL_STACK
+    md5 = (Md5*)XMALLOC(sizeof(Md5), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    if (md5 == NULL)
+        return MEMORY_E;
+#endif
+
+    wc_InitMd5(md5);
+    wc_Md5Update(md5, data, len);
+    wc_Md5Final(md5, hash);
+
+#ifdef WOLFSSL_SMALL_STACK
+    XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+
+    return 0;
+}
+
+#if defined(WOLFSSL_TI_HASH)||defined(TI_HASH_TEST)
+#include "wolfssl/wolfcrypt/port/ti/ti-hash.h"
+#endif
+void wc_Md5GetHash(Md5* md5, byte* hash)
+{
+#if defined(WOLFSSL_TI_HASH) || defined(TI_HASH_TEST)
+    wc_Md5GetHash_ti(md5, hash) ;
+#else
+    Md5 save = *md5 ;
+    wc_Md5Final(md5, hash) ;
+    *md5 = save ;
+#endif
+}
+#endif /* NO_MD5 */
diff --git a/wolfcrypt/src/port/ti/ti-hash.c b/wolfcrypt/src/port/ti/ti-hash.c
index 223874b20..7647dcdb4 100644
--- a/wolfcrypt/src/port/ti/ti-hash.c
+++ b/wolfcrypt/src/port/ti/ti-hash.c
@@ -1,4 +1,4 @@
-/* port/ti/ti-hash.h
+/* port/ti/ti-hash.c
  *
  * Copyright (C) 2006-2015 wolfSSL Inc.
  *
@@ -20,12 +20,9 @@
  */
 
 
-#ifndef WOLFSSL_TI_HASH_H
-#define WOLFSSL_TI_HASH_H
-
 #include <wolfssl/wolfcrypt/types.h>
 
-#if defined(WOLFSSL_TI_HASH)
+#if defined(WOLFSSL_TI_HASH)||defined(TI_HASH_TEST)
 
 #ifdef __cplusplus
     extern "C" {
@@ -41,7 +38,8 @@
 #include <wolfssl/wolfcrypt/port/ti/ti-hash.h>
 #include <wolfssl/wolfcrypt/port/ti/ti-ccm.h>
 #include <wolfssl/wolfcrypt/logging.h>
-      
+
+#if !defined(TI_HASH_TEST)
 #include "inc/hw_memmap.h"
 #include "inc/hw_shamd5.h"
 #include "inc/hw_ints.h"
@@ -49,6 +47,7 @@
 #include "driverlib/sysctl.h"
 #include "driverlib/rom_map.h"
 #include "driverlib/rom.h"
+#endif
 
 static int hashInit(wolfssl_TI_Hash *hash) {
     hash->used = 0 ;
@@ -60,6 +59,7 @@ static int hashInit(wolfssl_TI_Hash *hash) {
 static int hashUpdate(wolfssl_TI_Hash *hash, const byte* data, word32 len)
 {
     void *p ;
+
     if((hash== NULL) || (data == NULL))return BAD_FUNC_ARG;
     if(hash->len < hash->used+len) {
         if(hash->msg == NULL) {
@@ -77,8 +77,10 @@ static int hashUpdate(wolfssl_TI_Hash *hash, const byte* data, word32 len)
 }
 
 static int hashFinal(wolfssl_TI_Hash *hash, byte* result, word32 algo, word32 hsize)
-{
+{   
+    #if !defined(TI_HASH_TEST)
     uint32_t h[16] ;
+
     wolfSSL_TI_lockCCM() ;
     ROM_SHAMD5Reset(SHAMD5_BASE);
     ROM_SHAMD5ConfigSet(SHAMD5_BASE, algo);
@@ -86,11 +88,38 @@ static int hashFinal(wolfssl_TI_Hash *hash, byte* result, word32 algo, word32 hs
                    (uint32_t *)hash->msg, hash->used, h);
     XMEMCPY(result, h, hsize) ;
     wolfSSL_TI_unlockCCM() ;
+    #else
+    (void) result ;
+    (void) algo ;
+    (void) hsize ;
+    #endif
     XFREE(hash->msg, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     hashInit(hash) ;
     return 0 ;
 }
 
+static int hashGetHash(wolfssl_TI_Hash *hash, byte* result, word32 algo, word32 hsize)
+{   
+    #if !defined(TI_HASH_TEST)
+    uint32_t h[16] ;
+
+    wolfSSL_TI_lockCCM() ;
+    ROM_SHAMD5Reset(SHAMD5_BASE);
+    ROM_SHAMD5ConfigSet(SHAMD5_BASE, algo);
+    ROM_SHAMD5DataProcess(SHAMD5_BASE, 
+                   (uint32_t *)hash->msg, hash->used, h);
+    XMEMCPY(result, h, hsize) ;
+    wolfSSL_TI_unlockCCM() ;
+    #else
+    (void) hash ;
+    (void) result ;
+    (void) algo ;
+    (void) hsize ;
+    #endif
+    return 0 ;
+}
+
+#ifndef TI_HASH_TEST
 static int hashHash(const byte* data, word32 len, byte* hash, word32 algo, word32 hsize)
 {
     int ret = 0;
@@ -120,34 +149,80 @@ static int hashHash(const byte* data, word32 len, byte* hash, word32 algo, word3
 
     return ret;
 }
+#endif
 
 #if !defined(NO_MD5)
 
+#ifdef TI_HASH_TEST
+#define SHAMD5_ALGO_MD5 1
+void wc_InitMd5_ti(Md5* md5) ;
+void wc_Md5Update_ti(Md5* md5, const byte* data, word32 len);
+void wc_Md5Final_ti(Md5* md5, byte* hash);
+bool wolfSSL_TI_CCMInit(void) ;
+bool wolfSSL_TI_CCMInit(void) { return true ; }
+#endif 
+
+#ifdef TI_HASH_TEST
+void wc_InitMd5_ti(Md5* md5)
+#else
 void wc_InitMd5(Md5* md5)
+#endif
 {
     if (md5 == NULL)
         return ;
     if(!wolfSSL_TI_CCMInit())return  ;
+    #ifdef TI_HASH_TEST
+    hashInit(&(md5->ti)) ;
+    #else
     hashInit((wolfssl_TI_Hash *)md5) ;
+    #endif
 }
 
+#ifdef TI_HASH_TEST
+void wc_Md5Update_ti(Md5* md5, const byte* data, word32 len)
+#else
 void wc_Md5Update(Md5* md5, const byte* data, word32 len)
+#endif
 {
+    #ifdef TI_HASH_TEST
+    hashUpdate(&(md5->ti), data, len) ;
+    #else
     hashUpdate((wolfssl_TI_Hash *)md5, data, len) ;
+    #endif
 }
 
+#ifdef TI_HASH_TEST
+void wc_Md5Final_ti(Md5* md5, byte* hash)
+#else
 void wc_Md5Final(Md5* md5, byte* hash)
+#endif
 {
-   hashFinal((wolfssl_TI_Hash *)md5, hash, SHAMD5_ALGO_MD5, MD5_DIGEST_SIZE) ;
+    #ifdef TI_HASH_TEST
+    hashFinal(&(md5->ti), hash, SHAMD5_ALGO_MD5, MD5_DIGEST_SIZE) ;
+    #else
+    hashFinal((wolfssl_TI_Hash *)md5, hash, SHAMD5_ALGO_MD5, MD5_DIGEST_SIZE) ;
+    #endif
 }
 
+
+void wc_Md5GetHash_ti(Md5* md5, byte* hash)
+{
+    hashGetHash(&(md5->ti), hash, SHAMD5_ALGO_MD5, MD5_DIGEST_SIZE) ;
+    #ifdef TI_HASH_TEST
+    wc_Md5Final(md5, hash) ;
+    #endif
+}
+
+#ifndef TI_HASH_TEST
 WOLFSSL_API int wc_Md5Hash(const byte*data, word32 len, byte*hash)
 { 
     return hashHash(data, len, hash, SHAMD5_ALGO_MD5, MD5_DIGEST_SIZE) ;
 }
+#endif
 
 #endif /* NO_MD5 */
 
+#ifndef TI_HASH_TEST
 #if !defined(NO_SHA)
 
 WOLFSSL_API int wc_InitSha(Sha* sha)
@@ -223,9 +298,7 @@ WOLFSSL_API int wc_Sha256Hash(const byte* data, word32 len, byte*hash)
 { 
     return hashHash(data, len, hash, SHAMD5_ALGO_SHA256, SHA256_DIGEST_SIZE) ;
 }
+#endif
+#endif /* TI_HASH_TEST */
 
-#endif /* NO_SHA256 */
-
-#endif  /* WOLFSSL_TI_HASH */
-
-#endif /* WOLFSSL_TI_HASH_H */
+#endif
diff --git a/wolfcrypt/src/sha.c b/wolfcrypt/src/sha.c
index 0109b8363..2a91116a2 100644
--- a/wolfcrypt/src/sha.c
+++ b/wolfcrypt/src/sha.c
@@ -1,452 +1,473 @@
-/* sha.c
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
-
-#if !defined(NO_SHA)
-
-#include <wolfssl/wolfcrypt/sha.h>
-#include <wolfssl/wolfcrypt/logging.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
-
-#ifdef NO_INLINE
-    #include <wolfssl/wolfcrypt/misc.h>
-#else
-    #include <wolfcrypt/src/misc.c>
-#endif
-
-/* fips wrapper calls, user can call direct */
-#ifdef HAVE_FIPS
-	int wc_InitSha(Sha* sha)
-	{
-	    return InitSha_fips(sha);
-	}
-
-
-	int wc_ShaUpdate(Sha* sha, const byte* data, word32 len)
-	{
-	    return ShaUpdate_fips(sha, data, len);
-	}
-
-
-	int wc_ShaFinal(Sha* sha, byte* out)
-	{
-	    return ShaFinal_fips(sha,out);
-    }
-
-    int wc_ShaHash(const byte* data, word32 sz, byte* out)
-    {
-        return ShaHash(data, sz, out);
-    }
-
-#else /* else build without fips */
-
-#ifdef WOLFSSL_PIC32MZ_HASH
-#define wc_InitSha   wc_InitSha_sw
-#define wc_ShaUpdate wc_ShaUpdate_sw
-#define wc_ShaFinal  wc_ShaFinal_sw
-#endif
-
-
-#ifdef FREESCALE_MMCAU
-    #include "cau_api.h"
-    #define XTRANSFORM(S,B)  cau_sha1_hash_n((B), 1, ((S))->digest)
-#else
-    #define XTRANSFORM(S,B)  Transform((S))
-#endif
-
-#ifdef STM32F2_HASH
-/*
- * STM32F2 hardware SHA1 support through the STM32F2 standard peripheral
- * library. Documentation located in STM32F2xx Standard Peripheral Library
- * document (See note in README).
- */
-#include "stm32f2xx.h"
-#include "stm32f2xx_hash.h"
-
-int wc_InitSha(Sha* sha)
-{
-    /* STM32F2 struct notes:
-     * sha->buffer  = first 4 bytes used to hold partial block if needed
-     * sha->buffLen = num bytes currently stored in sha->buffer
-     * sha->loLen   = num bytes that have been written to STM32 FIFO
-     */
-    XMEMSET(sha->buffer, 0, SHA_REG_SIZE);
-    sha->buffLen = 0;
-    sha->loLen = 0;
-
-    /* initialize HASH peripheral */
-    HASH_DeInit();
-
-    /* configure algo used, algo mode, datatype */
-    HASH->CR &= ~ (HASH_CR_ALGO | HASH_CR_DATATYPE | HASH_CR_MODE);
-    HASH->CR |= (HASH_AlgoSelection_SHA1 | HASH_AlgoMode_HASH
-                 | HASH_DataType_8b);
-
-    /* reset HASH processor */
-    HASH->CR |= HASH_CR_INIT;
-
-    return 0;
-}
-
-int wc_ShaUpdate(Sha* sha, const byte* data, word32 len)
-{
-    word32 i = 0;
-    word32 fill = 0;
-    word32 diff = 0;
-
-    /* if saved partial block is available */
-    if (sha->buffLen) {
-        fill = 4 - sha->buffLen;
-
-        /* if enough data to fill, fill and push to FIFO */
-        if (fill <= len) {
-            XMEMCPY((byte*)sha->buffer + sha->buffLen, data, fill);
-            HASH_DataIn(*(uint32_t*)sha->buffer);
-
-            data += fill;
-            len -= fill;
-            sha->loLen += 4;
-            sha->buffLen = 0;
-        } else {
-            /* append partial to existing stored block */
-            XMEMCPY((byte*)sha->buffer + sha->buffLen, data, len);
-            sha->buffLen += len;
-            return;
-        }
-    }
-
-    /* write input block in the IN FIFO */
-    for(i = 0; i < len; i += 4)
-    {
-        diff = len - i;
-        if ( diff < 4) {
-            /* store incomplete last block, not yet in FIFO */
-            XMEMSET(sha->buffer, 0, SHA_REG_SIZE);
-            XMEMCPY((byte*)sha->buffer, data, diff);
-            sha->buffLen = diff;
-        } else {
-            HASH_DataIn(*(uint32_t*)data);
-            data+=4;
-        }
-    }
-
-    /* keep track of total data length thus far */
-    sha->loLen += (len - sha->buffLen);
-
-    return 0;
-}
-
-int wc_ShaFinal(Sha* sha, byte* hash)
-{
-    __IO uint16_t nbvalidbitsdata = 0;
-
-    /* finish reading any trailing bytes into FIFO */
-    if (sha->buffLen) {
-        HASH_DataIn(*(uint32_t*)sha->buffer);
-        sha->loLen += sha->buffLen;
-    }
-
-    /* calculate number of valid bits in last word of input data */
-    nbvalidbitsdata = 8 * (sha->loLen % SHA_REG_SIZE);
-
-    /* configure number of valid bits in last word of the data */
-    HASH_SetLastWordValidBitsNbr(nbvalidbitsdata);
-
-    /* start HASH processor */
-    HASH_StartDigest();
-
-    /* wait until Busy flag == RESET */
-    while (HASH_GetFlagStatus(HASH_FLAG_BUSY) != RESET) {}
-
-    /* read message digest */
-    sha->digest[0] = HASH->HR[0];
-    sha->digest[1] = HASH->HR[1];
-    sha->digest[2] = HASH->HR[2];
-    sha->digest[3] = HASH->HR[3];
-    sha->digest[4] = HASH->HR[4];
-
-    ByteReverseWords(sha->digest, sha->digest, SHA_DIGEST_SIZE);
-
-    XMEMCPY(hash, sha->digest, SHA_DIGEST_SIZE);
-
-    return wc_InitSha(sha);  /* reset state */
-}
-
-#else /* wc_ software implementation */
-
-#ifndef WOLFSSL_HAVE_MIN
-#define WOLFSSL_HAVE_MIN
-
-    static INLINE word32 min(word32 a, word32 b)
-    {
-        return a > b ? b : a;
-    }
-
-#endif /* WOLFSSL_HAVE_MIN */
-
-
-int wc_InitSha(Sha* sha)
-{
-#ifdef FREESCALE_MMCAU
-    cau_sha1_initialize_output(sha->digest);
-#else
-    sha->digest[0] = 0x67452301L;
-    sha->digest[1] = 0xEFCDAB89L;
-    sha->digest[2] = 0x98BADCFEL;
-    sha->digest[3] = 0x10325476L;
-    sha->digest[4] = 0xC3D2E1F0L;
-#endif
-
-    sha->buffLen = 0;
-    sha->loLen   = 0;
-    sha->hiLen   = 0;
-
-    return 0;
-}
-
-#ifndef FREESCALE_MMCAU
-
-#define blk0(i) (W[i] = sha->buffer[i])
-#define blk1(i) (W[(i)&15] = \
-rotlFixed(W[((i)+13)&15]^W[((i)+8)&15]^W[((i)+2)&15]^W[(i)&15],1))
-
-#define f1(x,y,z) ((z)^((x) &((y)^(z))))
-#define f2(x,y,z) ((x)^(y)^(z))
-#define f3(x,y,z) (((x)&(y))|((z)&((x)|(y))))
-#define f4(x,y,z) ((x)^(y)^(z))
-
-/* (R0+R1), R2, R3, R4 are the different operations used in SHA1 */
-#define R0(v,w,x,y,z,i) (z)+= f1((w),(x),(y)) + blk0((i)) + 0x5A827999+ \
-rotlFixed((v),5); (w) = rotlFixed((w),30);
-#define R1(v,w,x,y,z,i) (z)+= f1((w),(x),(y)) + blk1((i)) + 0x5A827999+ \
-rotlFixed((v),5); (w) = rotlFixed((w),30);
-#define R2(v,w,x,y,z,i) (z)+= f2((w),(x),(y)) + blk1((i)) + 0x6ED9EBA1+ \
-rotlFixed((v),5); (w) = rotlFixed((w),30);
-#define R3(v,w,x,y,z,i) (z)+= f3((w),(x),(y)) + blk1((i)) + 0x8F1BBCDC+ \
-rotlFixed((v),5); (w) = rotlFixed((w),30);
-#define R4(v,w,x,y,z,i) (z)+= f4((w),(x),(y)) + blk1((i)) + 0xCA62C1D6+ \
-rotlFixed((v),5); (w) = rotlFixed((w),30);
-
-static void Transform(Sha* sha)
-{
-    word32 W[SHA_BLOCK_SIZE / sizeof(word32)];
-
-    /* Copy context->state[] to working vars */
-    word32 a = sha->digest[0];
-    word32 b = sha->digest[1];
-    word32 c = sha->digest[2];
-    word32 d = sha->digest[3];
-    word32 e = sha->digest[4];
-
-#ifdef USE_SLOW_SHA
-    word32 t, i;
-
-    for (i = 0; i < 16; i++) {
-        R0(a, b, c, d, e, i);
-        t = e; e = d; d = c; c = b; b = a; a = t;
-    }
-
-    for (; i < 20; i++) {
-        R1(a, b, c, d, e, i);
-        t = e; e = d; d = c; c = b; b = a; a = t;
-    }
-
-    for (; i < 40; i++) {
-        R2(a, b, c, d, e, i);
-        t = e; e = d; d = c; c = b; b = a; a = t;
-    }
-
-    for (; i < 60; i++) {
-        R3(a, b, c, d, e, i);
-        t = e; e = d; d = c; c = b; b = a; a = t;
-    }
-
-    for (; i < 80; i++) {
-        R4(a, b, c, d, e, i);
-        t = e; e = d; d = c; c = b; b = a; a = t;
-    }
-#else
-    /* nearly 1 K bigger in code size but 25% faster  */
-    /* 4 rounds of 20 operations each. Loop unrolled. */
-    R0(a,b,c,d,e, 0); R0(e,a,b,c,d, 1); R0(d,e,a,b,c, 2); R0(c,d,e,a,b, 3);
-    R0(b,c,d,e,a, 4); R0(a,b,c,d,e, 5); R0(e,a,b,c,d, 6); R0(d,e,a,b,c, 7);
-    R0(c,d,e,a,b, 8); R0(b,c,d,e,a, 9); R0(a,b,c,d,e,10); R0(e,a,b,c,d,11);
-    R0(d,e,a,b,c,12); R0(c,d,e,a,b,13); R0(b,c,d,e,a,14); R0(a,b,c,d,e,15);
-
-    R1(e,a,b,c,d,16); R1(d,e,a,b,c,17); R1(c,d,e,a,b,18); R1(b,c,d,e,a,19);
-
-    R2(a,b,c,d,e,20); R2(e,a,b,c,d,21); R2(d,e,a,b,c,22); R2(c,d,e,a,b,23);
-    R2(b,c,d,e,a,24); R2(a,b,c,d,e,25); R2(e,a,b,c,d,26); R2(d,e,a,b,c,27);
-    R2(c,d,e,a,b,28); R2(b,c,d,e,a,29); R2(a,b,c,d,e,30); R2(e,a,b,c,d,31);
-    R2(d,e,a,b,c,32); R2(c,d,e,a,b,33); R2(b,c,d,e,a,34); R2(a,b,c,d,e,35);
-    R2(e,a,b,c,d,36); R2(d,e,a,b,c,37); R2(c,d,e,a,b,38); R2(b,c,d,e,a,39);
-
-    R3(a,b,c,d,e,40); R3(e,a,b,c,d,41); R3(d,e,a,b,c,42); R3(c,d,e,a,b,43);
-    R3(b,c,d,e,a,44); R3(a,b,c,d,e,45); R3(e,a,b,c,d,46); R3(d,e,a,b,c,47);
-    R3(c,d,e,a,b,48); R3(b,c,d,e,a,49); R3(a,b,c,d,e,50); R3(e,a,b,c,d,51);
-    R3(d,e,a,b,c,52); R3(c,d,e,a,b,53); R3(b,c,d,e,a,54); R3(a,b,c,d,e,55);
-    R3(e,a,b,c,d,56); R3(d,e,a,b,c,57); R3(c,d,e,a,b,58); R3(b,c,d,e,a,59);
-
-    R4(a,b,c,d,e,60); R4(e,a,b,c,d,61); R4(d,e,a,b,c,62); R4(c,d,e,a,b,63);
-    R4(b,c,d,e,a,64); R4(a,b,c,d,e,65); R4(e,a,b,c,d,66); R4(d,e,a,b,c,67);
-    R4(c,d,e,a,b,68); R4(b,c,d,e,a,69); R4(a,b,c,d,e,70); R4(e,a,b,c,d,71);
-    R4(d,e,a,b,c,72); R4(c,d,e,a,b,73); R4(b,c,d,e,a,74); R4(a,b,c,d,e,75);
-    R4(e,a,b,c,d,76); R4(d,e,a,b,c,77); R4(c,d,e,a,b,78); R4(b,c,d,e,a,79);
-#endif
-
-    /* Add the working vars back into digest state[] */
-    sha->digest[0] += a;
-    sha->digest[1] += b;
-    sha->digest[2] += c;
-    sha->digest[3] += d;
-    sha->digest[4] += e;
-}
-
-#endif /* FREESCALE_MMCAU */
-
-
-static INLINE void AddLength(Sha* sha, word32 len)
-{
-    word32 tmp = sha->loLen;
-    if ( (sha->loLen += len) < tmp)
-        sha->hiLen++;                       /* carry low to high */
-}
-
-
-int wc_ShaUpdate(Sha* sha, const byte* data, word32 len)
-{
-    /* do block size increments */
-    byte* local = (byte*)sha->buffer;
-
-    while (len) {
-        word32 add = min(len, SHA_BLOCK_SIZE - sha->buffLen);
-        XMEMCPY(&local[sha->buffLen], data, add);
-
-        sha->buffLen += add;
-        data         += add;
-        len          -= add;
-
-        if (sha->buffLen == SHA_BLOCK_SIZE) {
-#if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU)
-            ByteReverseWords(sha->buffer, sha->buffer, SHA_BLOCK_SIZE);
-#endif
-            XTRANSFORM(sha, local);
-            AddLength(sha, SHA_BLOCK_SIZE);
-            sha->buffLen = 0;
-        }
-    }
-
-    return 0;
-}
-
-
-int wc_ShaFinal(Sha* sha, byte* hash)
-{
-    byte* local = (byte*)sha->buffer;
-
-    AddLength(sha, sha->buffLen);  /* before adding pads */
-
-    local[sha->buffLen++] = 0x80;  /* add 1 */
-
-    /* pad with zeros */
-    if (sha->buffLen > SHA_PAD_SIZE) {
-        XMEMSET(&local[sha->buffLen], 0, SHA_BLOCK_SIZE - sha->buffLen);
-        sha->buffLen += SHA_BLOCK_SIZE - sha->buffLen;
-
-#if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU)
-        ByteReverseWords(sha->buffer, sha->buffer, SHA_BLOCK_SIZE);
-#endif
-        XTRANSFORM(sha, local);
-        sha->buffLen = 0;
-    }
-    XMEMSET(&local[sha->buffLen], 0, SHA_PAD_SIZE - sha->buffLen);
-
-    /* put lengths in bits */
-    sha->hiLen = (sha->loLen >> (8*sizeof(sha->loLen) - 3)) +
-    (sha->hiLen << 3);
-    sha->loLen = sha->loLen << 3;
-
-    /* store lengths */
-#if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU)
-    ByteReverseWords(sha->buffer, sha->buffer, SHA_BLOCK_SIZE);
-#endif
-    /* ! length ordering dependent on digest endian type ! */
-    XMEMCPY(&local[SHA_PAD_SIZE], &sha->hiLen, sizeof(word32));
-    XMEMCPY(&local[SHA_PAD_SIZE + sizeof(word32)], &sha->loLen, sizeof(word32));
-
-#ifdef FREESCALE_MMCAU
-    /* Kinetis requires only these bytes reversed */
-    ByteReverseWords(&sha->buffer[SHA_PAD_SIZE/sizeof(word32)],
-                     &sha->buffer[SHA_PAD_SIZE/sizeof(word32)],
-                     2 * sizeof(word32));
-#endif
-
-    XTRANSFORM(sha, local);
-#ifdef LITTLE_ENDIAN_ORDER
-    ByteReverseWords(sha->digest, sha->digest, SHA_DIGEST_SIZE);
-#endif
-    XMEMCPY(hash, sha->digest, SHA_DIGEST_SIZE);
-
-    return wc_InitSha(sha);  /* reset state */
-}
-
-#endif /* STM32F2_HASH */
-
-
-int wc_ShaHash(const byte* data, word32 len, byte* hash)
-{
-    int ret = 0;
-#ifdef WOLFSSL_SMALL_STACK
-    Sha* sha;
-#else
-    Sha sha[1];
-#endif
-
-#ifdef WOLFSSL_SMALL_STACK
-    sha = (Sha*)XMALLOC(sizeof(Sha), NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    if (sha == NULL)
-        return MEMORY_E;
-#endif
-
-    if ((ret = wc_InitSha(sha)) != 0) {
-        WOLFSSL_MSG("wc_InitSha failed");
-    }
-    else {
-        wc_ShaUpdate(sha, data, len);
-        wc_ShaFinal(sha, hash);
-    }
-
-#ifdef WOLFSSL_SMALL_STACK
-    XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-
-    return ret;
-
-}
-#endif /* HAVE_FIPS */
-#endif /* NO_SHA */
-
+/* sha.c
+ *
+ * Copyright (C) 2006-2015 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL. (formerly known as CyaSSL)
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#include <wolfssl/wolfcrypt/settings.h>
+
+#if !defined(NO_SHA) && !defined(WOLFSSL_TI_HASH)
+
+#include <wolfssl/wolfcrypt/sha.h>
+#include <wolfssl/wolfcrypt/logging.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
+
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #include <wolfcrypt/src/misc.c>
+#endif
+
+/* fips wrapper calls, user can call direct */
+#ifdef HAVE_FIPS
+	int wc_InitSha(Sha* sha)
+	{
+	    return InitSha_fips(sha);
+	}
+
+
+	int wc_ShaUpdate(Sha* sha, const byte* data, word32 len)
+	{
+	    return ShaUpdate_fips(sha, data, len);
+	}
+
+
+	int wc_ShaFinal(Sha* sha, byte* out)
+	{
+	    return ShaFinal_fips(sha,out);
+    }
+
+    int wc_ShaHash(const byte* data, word32 sz, byte* out)
+    {
+        return ShaHash(data, sz, out);
+    }
+
+#else /* else build without fips */
+
+#ifdef WOLFSSL_PIC32MZ_HASH
+#define wc_InitSha   wc_InitSha_sw
+#define wc_ShaUpdate wc_ShaUpdate_sw
+#define wc_ShaFinal  wc_ShaFinal_sw
+#endif
+
+
+#ifdef FREESCALE_MMCAU
+    #include "cau_api.h"
+    #define XTRANSFORM(S,B)  cau_sha1_hash_n((B), 1, ((S))->digest)
+#else
+    #define XTRANSFORM(S,B)  Transform((S))
+#endif
+
+#ifdef STM32F2_HASH
+/*
+ * STM32F2 hardware SHA1 support through the STM32F2 standard peripheral
+ * library. Documentation located in STM32F2xx Standard Peripheral Library
+ * document (See note in README).
+ */
+#include "stm32f2xx.h"
+#include "stm32f2xx_hash.h"
+
+int wc_InitSha(Sha* sha)
+{
+    /* STM32F2 struct notes:
+     * sha->buffer  = first 4 bytes used to hold partial block if needed
+     * sha->buffLen = num bytes currently stored in sha->buffer
+     * sha->loLen   = num bytes that have been written to STM32 FIFO
+     */
+    XMEMSET(sha->buffer, 0, SHA_REG_SIZE);
+    sha->buffLen = 0;
+    sha->loLen = 0;
+
+    /* initialize HASH peripheral */
+    HASH_DeInit();
+
+    /* configure algo used, algo mode, datatype */
+    HASH->CR &= ~ (HASH_CR_ALGO | HASH_CR_DATATYPE | HASH_CR_MODE);
+    HASH->CR |= (HASH_AlgoSelection_SHA1 | HASH_AlgoMode_HASH
+                 | HASH_DataType_8b);
+
+    /* reset HASH processor */
+    HASH->CR |= HASH_CR_INIT;
+
+    return 0;
+}
+
+int wc_ShaUpdate(Sha* sha, const byte* data, word32 len)
+{
+    word32 i = 0;
+    word32 fill = 0;
+    word32 diff = 0;
+
+    /* if saved partial block is available */
+    if (sha->buffLen) {
+        fill = 4 - sha->buffLen;
+
+        /* if enough data to fill, fill and push to FIFO */
+        if (fill <= len) {
+            XMEMCPY((byte*)sha->buffer + sha->buffLen, data, fill);
+            HASH_DataIn(*(uint32_t*)sha->buffer);
+
+            data += fill;
+            len -= fill;
+            sha->loLen += 4;
+            sha->buffLen = 0;
+        } else {
+            /* append partial to existing stored block */
+            XMEMCPY((byte*)sha->buffer + sha->buffLen, data, len);
+            sha->buffLen += len;
+            return;
+        }
+    }
+
+    /* write input block in the IN FIFO */
+    for(i = 0; i < len; i += 4)
+    {
+        diff = len - i;
+        if ( diff < 4) {
+            /* store incomplete last block, not yet in FIFO */
+            XMEMSET(sha->buffer, 0, SHA_REG_SIZE);
+            XMEMCPY((byte*)sha->buffer, data, diff);
+            sha->buffLen = diff;
+        } else {
+            HASH_DataIn(*(uint32_t*)data);
+            data+=4;
+        }
+    }
+
+    /* keep track of total data length thus far */
+    sha->loLen += (len - sha->buffLen);
+
+    return 0;
+}
+
+int wc_ShaFinal(Sha* sha, byte* hash)
+{
+    __IO uint16_t nbvalidbitsdata = 0;
+
+    /* finish reading any trailing bytes into FIFO */
+    if (sha->buffLen) {
+        HASH_DataIn(*(uint32_t*)sha->buffer);
+        sha->loLen += sha->buffLen;
+    }
+
+    /* calculate number of valid bits in last word of input data */
+    nbvalidbitsdata = 8 * (sha->loLen % SHA_REG_SIZE);
+
+    /* configure number of valid bits in last word of the data */
+    HASH_SetLastWordValidBitsNbr(nbvalidbitsdata);
+
+    /* start HASH processor */
+    HASH_StartDigest();
+
+    /* wait until Busy flag == RESET */
+    while (HASH_GetFlagStatus(HASH_FLAG_BUSY) != RESET) {}
+
+    /* read message digest */
+    sha->digest[0] = HASH->HR[0];
+    sha->digest[1] = HASH->HR[1];
+    sha->digest[2] = HASH->HR[2];
+    sha->digest[3] = HASH->HR[3];
+    sha->digest[4] = HASH->HR[4];
+
+    ByteReverseWords(sha->digest, sha->digest, SHA_DIGEST_SIZE);
+
+    XMEMCPY(hash, sha->digest, SHA_DIGEST_SIZE);
+
+    return wc_InitSha(sha);  /* reset state */
+}
+
+#elif defined(WOLFSSL_TI_HASH)
+ 
+    /* defined in port/ti/ti_sha.c */
+
+#else /* wc_ software implementation */
+
+#ifndef WOLFSSL_HAVE_MIN
+#define WOLFSSL_HAVE_MIN
+
+    static INLINE word32 min(word32 a, word32 b)
+    {
+        return a > b ? b : a;
+    }
+
+#endif /* WOLFSSL_HAVE_MIN */
+
+
+int wc_InitSha(Sha* sha)
+{
+#ifdef FREESCALE_MMCAU
+    cau_sha1_initialize_output(sha->digest);
+#else
+    sha->digest[0] = 0x67452301L;
+    sha->digest[1] = 0xEFCDAB89L;
+    sha->digest[2] = 0x98BADCFEL;
+    sha->digest[3] = 0x10325476L;
+    sha->digest[4] = 0xC3D2E1F0L;
+#endif
+
+    sha->buffLen = 0;
+    sha->loLen   = 0;
+    sha->hiLen   = 0;
+
+    return 0;
+}
+
+#ifndef FREESCALE_MMCAU
+
+#define blk0(i) (W[i] = sha->buffer[i])
+#define blk1(i) (W[(i)&15] = \
+rotlFixed(W[((i)+13)&15]^W[((i)+8)&15]^W[((i)+2)&15]^W[(i)&15],1))
+
+#define f1(x,y,z) ((z)^((x) &((y)^(z))))
+#define f2(x,y,z) ((x)^(y)^(z))
+#define f3(x,y,z) (((x)&(y))|((z)&((x)|(y))))
+#define f4(x,y,z) ((x)^(y)^(z))
+
+/* (R0+R1), R2, R3, R4 are the different operations used in SHA1 */
+#define R0(v,w,x,y,z,i) (z)+= f1((w),(x),(y)) + blk0((i)) + 0x5A827999+ \
+rotlFixed((v),5); (w) = rotlFixed((w),30);
+#define R1(v,w,x,y,z,i) (z)+= f1((w),(x),(y)) + blk1((i)) + 0x5A827999+ \
+rotlFixed((v),5); (w) = rotlFixed((w),30);
+#define R2(v,w,x,y,z,i) (z)+= f2((w),(x),(y)) + blk1((i)) + 0x6ED9EBA1+ \
+rotlFixed((v),5); (w) = rotlFixed((w),30);
+#define R3(v,w,x,y,z,i) (z)+= f3((w),(x),(y)) + blk1((i)) + 0x8F1BBCDC+ \
+rotlFixed((v),5); (w) = rotlFixed((w),30);
+#define R4(v,w,x,y,z,i) (z)+= f4((w),(x),(y)) + blk1((i)) + 0xCA62C1D6+ \
+rotlFixed((v),5); (w) = rotlFixed((w),30);
+
+static void Transform(Sha* sha)
+{
+    word32 W[SHA_BLOCK_SIZE / sizeof(word32)];
+
+    /* Copy context->state[] to working vars */
+    word32 a = sha->digest[0];
+    word32 b = sha->digest[1];
+    word32 c = sha->digest[2];
+    word32 d = sha->digest[3];
+    word32 e = sha->digest[4];
+
+#ifdef USE_SLOW_SHA
+    word32 t, i;
+
+    for (i = 0; i < 16; i++) {
+        R0(a, b, c, d, e, i);
+        t = e; e = d; d = c; c = b; b = a; a = t;
+    }
+
+    for (; i < 20; i++) {
+        R1(a, b, c, d, e, i);
+        t = e; e = d; d = c; c = b; b = a; a = t;
+    }
+
+    for (; i < 40; i++) {
+        R2(a, b, c, d, e, i);
+        t = e; e = d; d = c; c = b; b = a; a = t;
+    }
+
+    for (; i < 60; i++) {
+        R3(a, b, c, d, e, i);
+        t = e; e = d; d = c; c = b; b = a; a = t;
+    }
+
+    for (; i < 80; i++) {
+        R4(a, b, c, d, e, i);
+        t = e; e = d; d = c; c = b; b = a; a = t;
+    }
+#else
+    /* nearly 1 K bigger in code size but 25% faster  */
+    /* 4 rounds of 20 operations each. Loop unrolled. */
+    R0(a,b,c,d,e, 0); R0(e,a,b,c,d, 1); R0(d,e,a,b,c, 2); R0(c,d,e,a,b, 3);
+    R0(b,c,d,e,a, 4); R0(a,b,c,d,e, 5); R0(e,a,b,c,d, 6); R0(d,e,a,b,c, 7);
+    R0(c,d,e,a,b, 8); R0(b,c,d,e,a, 9); R0(a,b,c,d,e,10); R0(e,a,b,c,d,11);
+    R0(d,e,a,b,c,12); R0(c,d,e,a,b,13); R0(b,c,d,e,a,14); R0(a,b,c,d,e,15);
+
+    R1(e,a,b,c,d,16); R1(d,e,a,b,c,17); R1(c,d,e,a,b,18); R1(b,c,d,e,a,19);
+
+    R2(a,b,c,d,e,20); R2(e,a,b,c,d,21); R2(d,e,a,b,c,22); R2(c,d,e,a,b,23);
+    R2(b,c,d,e,a,24); R2(a,b,c,d,e,25); R2(e,a,b,c,d,26); R2(d,e,a,b,c,27);
+    R2(c,d,e,a,b,28); R2(b,c,d,e,a,29); R2(a,b,c,d,e,30); R2(e,a,b,c,d,31);
+    R2(d,e,a,b,c,32); R2(c,d,e,a,b,33); R2(b,c,d,e,a,34); R2(a,b,c,d,e,35);
+    R2(e,a,b,c,d,36); R2(d,e,a,b,c,37); R2(c,d,e,a,b,38); R2(b,c,d,e,a,39);
+
+    R3(a,b,c,d,e,40); R3(e,a,b,c,d,41); R3(d,e,a,b,c,42); R3(c,d,e,a,b,43);
+    R3(b,c,d,e,a,44); R3(a,b,c,d,e,45); R3(e,a,b,c,d,46); R3(d,e,a,b,c,47);
+    R3(c,d,e,a,b,48); R3(b,c,d,e,a,49); R3(a,b,c,d,e,50); R3(e,a,b,c,d,51);
+    R3(d,e,a,b,c,52); R3(c,d,e,a,b,53); R3(b,c,d,e,a,54); R3(a,b,c,d,e,55);
+    R3(e,a,b,c,d,56); R3(d,e,a,b,c,57); R3(c,d,e,a,b,58); R3(b,c,d,e,a,59);
+
+    R4(a,b,c,d,e,60); R4(e,a,b,c,d,61); R4(d,e,a,b,c,62); R4(c,d,e,a,b,63);
+    R4(b,c,d,e,a,64); R4(a,b,c,d,e,65); R4(e,a,b,c,d,66); R4(d,e,a,b,c,67);
+    R4(c,d,e,a,b,68); R4(b,c,d,e,a,69); R4(a,b,c,d,e,70); R4(e,a,b,c,d,71);
+    R4(d,e,a,b,c,72); R4(c,d,e,a,b,73); R4(b,c,d,e,a,74); R4(a,b,c,d,e,75);
+    R4(e,a,b,c,d,76); R4(d,e,a,b,c,77); R4(c,d,e,a,b,78); R4(b,c,d,e,a,79);
+#endif
+
+    /* Add the working vars back into digest state[] */
+    sha->digest[0] += a;
+    sha->digest[1] += b;
+    sha->digest[2] += c;
+    sha->digest[3] += d;
+    sha->digest[4] += e;
+}
+
+#endif /* FREESCALE_MMCAU */
+
+
+static INLINE void AddLength(Sha* sha, word32 len)
+{
+    word32 tmp = sha->loLen;
+    if ( (sha->loLen += len) < tmp)
+        sha->hiLen++;                       /* carry low to high */
+}
+
+
+int wc_ShaUpdate(Sha* sha, const byte* data, word32 len)
+{
+    /* do block size increments */
+    byte* local = (byte*)sha->buffer;
+
+    while (len) {
+        word32 add = min(len, SHA_BLOCK_SIZE - sha->buffLen);
+        XMEMCPY(&local[sha->buffLen], data, add);
+
+        sha->buffLen += add;
+        data         += add;
+        len          -= add;
+
+        if (sha->buffLen == SHA_BLOCK_SIZE) {
+#if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU)
+            ByteReverseWords(sha->buffer, sha->buffer, SHA_BLOCK_SIZE);
+#endif
+            XTRANSFORM(sha, local);
+            AddLength(sha, SHA_BLOCK_SIZE);
+            sha->buffLen = 0;
+        }
+    }
+
+    return 0;
+}
+
+
+int wc_ShaFinal(Sha* sha, byte* hash)
+{
+    byte* local = (byte*)sha->buffer;
+
+    AddLength(sha, sha->buffLen);  /* before adding pads */
+
+    local[sha->buffLen++] = 0x80;  /* add 1 */
+
+    /* pad with zeros */
+    if (sha->buffLen > SHA_PAD_SIZE) {
+        XMEMSET(&local[sha->buffLen], 0, SHA_BLOCK_SIZE - sha->buffLen);
+        sha->buffLen += SHA_BLOCK_SIZE - sha->buffLen;
+
+#if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU)
+        ByteReverseWords(sha->buffer, sha->buffer, SHA_BLOCK_SIZE);
+#endif
+        XTRANSFORM(sha, local);
+        sha->buffLen = 0;
+    }
+    XMEMSET(&local[sha->buffLen], 0, SHA_PAD_SIZE - sha->buffLen);
+
+    /* put lengths in bits */
+    sha->hiLen = (sha->loLen >> (8*sizeof(sha->loLen) - 3)) +
+    (sha->hiLen << 3);
+    sha->loLen = sha->loLen << 3;
+
+    /* store lengths */
+#if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU)
+    ByteReverseWords(sha->buffer, sha->buffer, SHA_BLOCK_SIZE);
+#endif
+    /* ! length ordering dependent on digest endian type ! */
+    XMEMCPY(&local[SHA_PAD_SIZE], &sha->hiLen, sizeof(word32));
+    XMEMCPY(&local[SHA_PAD_SIZE + sizeof(word32)], &sha->loLen, sizeof(word32));
+
+#ifdef FREESCALE_MMCAU
+    /* Kinetis requires only these bytes reversed */
+    ByteReverseWords(&sha->buffer[SHA_PAD_SIZE/sizeof(word32)],
+                     &sha->buffer[SHA_PAD_SIZE/sizeof(word32)],
+                     2 * sizeof(word32));
+#endif
+
+    XTRANSFORM(sha, local);
+#ifdef LITTLE_ENDIAN_ORDER
+    ByteReverseWords(sha->digest, sha->digest, SHA_DIGEST_SIZE);
+#endif
+    XMEMCPY(hash, sha->digest, SHA_DIGEST_SIZE);
+
+    return wc_InitSha(sha);  /* reset state */
+}
+
+#endif /* STM32F2_HASH */
+
+
+int wc_ShaHash(const byte* data, word32 len, byte* hash)
+{
+    int ret = 0;
+#ifdef WOLFSSL_SMALL_STACK
+    Sha* sha;
+#else
+    Sha sha[1];
+#endif
+
+#ifdef WOLFSSL_SMALL_STACK
+    sha = (Sha*)XMALLOC(sizeof(Sha), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    if (sha == NULL)
+        return MEMORY_E;
+#endif
+
+    if ((ret = wc_InitSha(sha)) != 0) {
+        WOLFSSL_MSG("wc_InitSha failed");
+    }
+    else {
+        wc_ShaUpdate(sha, data, len);
+        wc_ShaFinal(sha, hash);
+    }
+
+#ifdef WOLFSSL_SMALL_STACK
+    XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+
+    return ret;
+
+}
+
+#ifdef WOLFSSL_TI_HASH
+#include "wolfssl/wolfcrypt/port/ti/ti-hash.h"
+#endif
+int wc_ShaGetHash(Sha* sha, byte* hash)
+{
+#if defined(WOLFSS_TI_HASH)
+    wc_ShaGetHash_TI(sha, hash) ;
+#else
+    int ret ;
+    Sha save = *sha ;
+    ret = wc_ShaFinal(sha, hash) ;
+    *sha = save ;
+    return ret ;
+#endif
+}
+
+#endif /* HAVE_FIPS */
+#endif /* NO_SHA */
+
diff --git a/wolfcrypt/src/sha256.c b/wolfcrypt/src/sha256.c
old mode 100755
new mode 100644
index 2821166b4..ec4eb918b
--- a/wolfcrypt/src/sha256.c
+++ b/wolfcrypt/src/sha256.c
@@ -1,1759 +1,1781 @@
-/* sha256.c
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-/* code submitted by raphael.huck@efixo.com */
-
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
-#include <wolfssl/wolfcrypt/sha256.h>
-
-#if !defined(NO_SHA256)
-#ifdef HAVE_FIPS
-
-int wc_InitSha256(Sha256* sha)
-{
-    return InitSha256_fips(sha);
-}
-
-
-int wc_Sha256Update(Sha256* sha, const byte* data, word32 len)
-{
-    return Sha256Update_fips(sha, data, len);
-}
-
-
-int wc_Sha256Final(Sha256* sha, byte* out)
-{
-    return Sha256Final_fips(sha, out);
-}
-
-
-int wc_Sha256Hash(const byte* data, word32 len, byte* out)
-{
-    return Sha256Hash(data, len, out);
-}
-
-#else /* else build without fips */
-
-#if !defined (ALIGN32)
-    #if defined (__GNUC__)
-        #define ALIGN32 __attribute__ ( (aligned (32)))
-    #elif defined(_MSC_VER)
-        /* disable align warning, we want alignment ! */
-        #pragma warning(disable: 4324)
-        #define ALIGN32 __declspec (align (32))
-    #else
-        #define ALIGN32
-    #endif
-#endif
-
-#ifdef WOLFSSL_PIC32MZ_HASH
-#define wc_InitSha256   wc_InitSha256_sw
-#define wc_Sha256Update wc_Sha256Update_sw
-#define wc_Sha256Final  wc_Sha256Final_sw
-#endif
-
-#ifdef HAVE_FIPS
-    /* set NO_WRAPPERS before headers, use direct internal f()s not wrappers */
-    #define FIPS_NO_WRAPPERS
-#endif
-
-#if defined(USE_INTEL_SPEEDUP)
-#define HAVE_INTEL_AVX1
-#define HAVE_INTEL_AVX2
-
-#if defined(DEBUG_XMM)
-#include "stdio.h"
-#endif
-
-#endif
-
-#if defined(HAVE_INTEL_AVX2)
-#define HAVE_INTEL_RORX
-#endif
- 
-
-/*****
-Intel AVX1/AVX2 Macro Control Structure
-
-#define HAVE_INTEL_AVX1
-#define HAVE_INTEL_AVX2
-
-#define HAVE_INTEL_RORX
-
-
-int InitSha256(Sha256* sha256) { 
-     Save/Recover XMM, YMM
-     ...
-}
-
-#if defined(HAVE_INTEL_AVX1)|| defined(HAVE_INTEL_AVX2)
-  Transform() ; Function prototype 
-#else
-  Transform() {   }
-  int Sha256Final() { 
-     Save/Recover XMM, YMM
-     ...
-  }
-#endif
-
-#if defined(HAVE_INTEL_AVX1)|| defined(HAVE_INTEL_AVX2)
-    #if defined(HAVE_INTEL_RORX
-         #define RND with rorx instuction
-    #else
-        #define RND
-    #endif
-#endif
-
-#if defined(HAVE_INTEL_AVX1)
-   
-   #define XMM Instructions/inline asm
-   
-   int Transform() {
-       Stitched Message Sched/Round
-    } 
-   
-#elif defined(HAVE_INTEL_AVX2)
-  
-  #define YMM Instructions/inline asm
-  
-  int Transform() {
-      More granural Stitched Message Sched/Round
-  }
-  
-*/
-
-
-#if defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)
-
-/* Each platform needs to query info type 1 from cpuid to see if aesni is
- * supported. Also, let's setup a macro for proper linkage w/o ABI conflicts
- */
-
-#ifndef _MSC_VER
-    #define cpuid(reg, leaf, sub)\
-            __asm__ __volatile__ ("cpuid":\
-             "=a" (reg[0]), "=b" (reg[1]), "=c" (reg[2]), "=d" (reg[3]) :\
-             "a" (leaf), "c"(sub));
-
-    #define XASM_LINK(f) asm(f)
-#else
-
-    #include <intrin.h>
-    #define cpuid(a,b) __cpuid((int*)a,b)
-
-    #define XASM_LINK(f)
-
-#endif /* _MSC_VER */
-
-#define EAX 0
-#define EBX 1
-#define ECX 2 
-#define EDX 3
-    
-#define CPUID_AVX1   0x1
-#define CPUID_AVX2   0x2
-#define CPUID_RDRAND 0x4
-#define CPUID_RDSEED 0x8
-#define CPUID_BMI2   0x10   /* MULX, RORX */
-
-#define IS_INTEL_AVX1       (cpuid_flags&CPUID_AVX1)
-#define IS_INTEL_AVX2       (cpuid_flags&CPUID_AVX2)
-#define IS_INTEL_BMI2       (cpuid_flags&CPUID_BMI2)
-#define IS_INTEL_RDRAND     (cpuid_flags&CPUID_RDRAND)
-#define IS_INTEL_RDSEED     (cpuid_flags&CPUID_RDSEED)
-
-static word32 cpuid_check = 0 ;
-static word32 cpuid_flags = 0 ;
-
-static word32 cpuid_flag(word32 leaf, word32 sub, word32 num, word32 bit) {
-    int got_intel_cpu=0;
-    unsigned int reg[5]; 
-    
-    reg[4] = '\0' ;
-    cpuid(reg, 0, 0);  
-    if(memcmp((char *)&(reg[EBX]), "Genu", 4) == 0 &&  
-                memcmp((char *)&(reg[EDX]), "ineI", 4) == 0 &&  
-                memcmp((char *)&(reg[ECX]), "ntel", 4) == 0) {  
-        got_intel_cpu = 1;  
-    }    
-    if (got_intel_cpu) {
-        cpuid(reg, leaf, sub);
-        return((reg[num]>>bit)&0x1) ;
-    }
-    return 0 ;
-}
-
-static int set_cpuid_flags(void) {  
-    if(cpuid_check==0) {
-        if(cpuid_flag(1, 0, ECX, 28)){ cpuid_flags |= CPUID_AVX1 ;}
-        if(cpuid_flag(7, 0, EBX, 5)){  cpuid_flags |= CPUID_AVX2 ; }
-        if(cpuid_flag(7, 0, EBX, 8)) { cpuid_flags |= CPUID_BMI2 ; }
-        if(cpuid_flag(1, 0, ECX, 30)){ cpuid_flags |= CPUID_RDRAND ;  } 
-        if(cpuid_flag(7, 0, EBX, 18)){ cpuid_flags |= CPUID_RDSEED ;  }
-        cpuid_check = 1 ;
-        return 0 ;
-    }
-    return 1 ;
-}
-
-
-/* #if defined(HAVE_INTEL_AVX1/2) at the tail of sha512 */
-static int Transform(Sha256* sha256);
-
-#if defined(HAVE_INTEL_AVX1)
-static int Transform_AVX1(Sha256 *sha256) ;
-#endif
-#if defined(HAVE_INTEL_AVX2)
-static int Transform_AVX2(Sha256 *sha256) ; 
-static int Transform_AVX1_RORX(Sha256 *sha256) ; 
-#endif
-
-static int (*Transform_p)(Sha256* sha256) /* = _Transform */;
-
-#define XTRANSFORM(sha256, B)  (*Transform_p)(sha256)
-
-static void set_Transform(void) {
-     if(set_cpuid_flags())return ;
-
-#if defined(HAVE_INTEL_AVX2)
-     if(IS_INTEL_AVX2 && IS_INTEL_BMI2){ 
-         Transform_p = Transform_AVX1_RORX; return ; 
-         Transform_p = Transform_AVX2      ; 
-                  /* for avoiding warning,"not used" */
-     }
-#endif
-#if defined(HAVE_INTEL_AVX1)
-     Transform_p = ((IS_INTEL_AVX1) ? Transform_AVX1 : Transform) ; return ;
-#endif
-     Transform_p = Transform ; return ;
-}
-
-#else
-   #if defined(FREESCALE_MMCAU)
-      #define XTRANSFORM(sha256, B) Transform(sha256, B)
-   #else
-      #define XTRANSFORM(sha256, B) Transform(sha256)
-   #endif
-#endif
-
-/* Dummy for saving MM_REGs on behalf of Transform */
-#if defined(HAVE_INTEL_AVX2)&& !defined(HAVE_INTEL_AVX1)
-#define  SAVE_XMM_YMM   __asm__ volatile("or %%r8d, %%r8d":::\
-  "%ymm4","%ymm5","%ymm6","%ymm7","%ymm8","%ymm9","%ymm10","%ymm11","%ymm12","%ymm13","%ymm14","%ymm15")
-#elif defined(HAVE_INTEL_AVX1)
-#define  SAVE_XMM_YMM   __asm__ volatile("or %%r8d, %%r8d":::\
-    "xmm0","xmm1","xmm2","xmm3","xmm4","xmm5","xmm6","xmm7","xmm8","xmm9","xmm10",\
-    "xmm11","xmm12","xmm13","xmm14","xmm15")
-#else
-#define  SAVE_XMM_YMM
-#endif
-
-#ifdef WOLFSSL_PIC32MZ_HASH
-#define InitSha256   InitSha256_sw
-#define Sha256Update Sha256Update_sw
-#define Sha256Final  Sha256Final_sw
-#endif
-
-#include <wolfssl/wolfcrypt/logging.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
-
-#ifdef NO_INLINE
-    #include <wolfssl/wolfcrypt/misc.h>
-#else
-    #include <wolfcrypt/src/misc.c>
-#endif
-
-#ifdef FREESCALE_MMCAU
-    #include "cau_api.h"
-#endif
-
-#ifndef WOLFSSL_HAVE_MIN
-#define WOLFSSL_HAVE_MIN
-
-    static INLINE word32 min(word32 a, word32 b)
-    {
-        return a > b ? b : a;
-    }
-
-#endif /* WOLFSSL_HAVE_MIN */
-
-
-int wc_InitSha256(Sha256* sha256)
-{
-    #ifdef FREESCALE_MMCAU
-        cau_sha256_initialize_output(sha256->digest);
-    #else
-        sha256->digest[0] = 0x6A09E667L;
-        sha256->digest[1] = 0xBB67AE85L;
-        sha256->digest[2] = 0x3C6EF372L;
-        sha256->digest[3] = 0xA54FF53AL;
-        sha256->digest[4] = 0x510E527FL;
-        sha256->digest[5] = 0x9B05688CL;
-        sha256->digest[6] = 0x1F83D9ABL;
-        sha256->digest[7] = 0x5BE0CD19L;
-    #endif
-
-    sha256->buffLen = 0;
-    sha256->loLen   = 0;
-    sha256->hiLen   = 0;
-    
-#if defined(HAVE_INTEL_AVX1)|| defined(HAVE_INTEL_AVX2)
-    set_Transform() ; /* choose best Transform function under this runtime environment */
-#endif
-
-    return 0;
-}
-
-
-#if !defined(FREESCALE_MMCAU)
-static const ALIGN32 word32 K[64] = {
-    0x428A2F98L, 0x71374491L, 0xB5C0FBCFL, 0xE9B5DBA5L, 0x3956C25BL,
-    0x59F111F1L, 0x923F82A4L, 0xAB1C5ED5L, 0xD807AA98L, 0x12835B01L,
-    0x243185BEL, 0x550C7DC3L, 0x72BE5D74L, 0x80DEB1FEL, 0x9BDC06A7L,
-    0xC19BF174L, 0xE49B69C1L, 0xEFBE4786L, 0x0FC19DC6L, 0x240CA1CCL,
-    0x2DE92C6FL, 0x4A7484AAL, 0x5CB0A9DCL, 0x76F988DAL, 0x983E5152L,
-    0xA831C66DL, 0xB00327C8L, 0xBF597FC7L, 0xC6E00BF3L, 0xD5A79147L,
-    0x06CA6351L, 0x14292967L, 0x27B70A85L, 0x2E1B2138L, 0x4D2C6DFCL,
-    0x53380D13L, 0x650A7354L, 0x766A0ABBL, 0x81C2C92EL, 0x92722C85L,
-    0xA2BFE8A1L, 0xA81A664BL, 0xC24B8B70L, 0xC76C51A3L, 0xD192E819L,
-    0xD6990624L, 0xF40E3585L, 0x106AA070L, 0x19A4C116L, 0x1E376C08L,
-    0x2748774CL, 0x34B0BCB5L, 0x391C0CB3L, 0x4ED8AA4AL, 0x5B9CCA4FL,
-    0x682E6FF3L, 0x748F82EEL, 0x78A5636FL, 0x84C87814L, 0x8CC70208L,
-    0x90BEFFFAL, 0xA4506CEBL, 0xBEF9A3F7L, 0xC67178F2L
-};
-
-#endif
-
-#if defined(FREESCALE_MMCAU)
-
-static int Transform(Sha256* sha256, byte* buf)
-{
-    cau_sha256_hash_n(buf, 1, sha256->digest);
-
-    return 0;
-}
-
-#endif /* FREESCALE_MMCAU */
-
-#define Ch(x,y,z)       ((z) ^ ((x) & ((y) ^ (z))))
-#define Maj(x,y,z)      ((((x) | (y)) & (z)) | ((x) & (y)))
-#define R(x, n)         (((x)&0xFFFFFFFFU)>>(n))
-
-#define S(x, n)         rotrFixed(x, n)
-#define Sigma0(x)       (S(x, 2) ^ S(x, 13) ^ S(x, 22))
-#define Sigma1(x)       (S(x, 6) ^ S(x, 11) ^ S(x, 25))
-#define Gamma0(x)       (S(x, 7) ^ S(x, 18) ^ R(x, 3))
-#define Gamma1(x)       (S(x, 17) ^ S(x, 19) ^ R(x, 10))
-
-#define RND(a,b,c,d,e,f,g,h,i) \
-     t0 = (h) + Sigma1((e)) + Ch((e), (f), (g)) + K[(i)] + W[(i)]; \
-     t1 = Sigma0((a)) + Maj((a), (b), (c)); \
-     (d) += t0; \
-     (h)  = t0 + t1;
-
-#if !defined(FREESCALE_MMCAU)
-static int Transform(Sha256* sha256)
-{
-    word32 S[8], t0, t1;
-    int i;
-
-#ifdef WOLFSSL_SMALL_STACK
-    word32* W;
-
-    W = (word32*) XMALLOC(sizeof(word32) * 64, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    if (W == NULL)
-        return MEMORY_E;
-#else
-    word32 W[64];
-#endif
-
-    /* Copy context->state[] to working vars */
-    for (i = 0; i < 8; i++)
-        S[i] = sha256->digest[i];
-
-    for (i = 0; i < 16; i++)
-        W[i] = sha256->buffer[i];
-
-    for (i = 16; i < 64; i++)
-        W[i] = Gamma1(W[i-2]) + W[i-7] + Gamma0(W[i-15]) + W[i-16];
-
-    for (i = 0; i < 64; i += 8) {
-        RND(S[0],S[1],S[2],S[3],S[4],S[5],S[6],S[7],i+0);
-        RND(S[7],S[0],S[1],S[2],S[3],S[4],S[5],S[6],i+1);
-        RND(S[6],S[7],S[0],S[1],S[2],S[3],S[4],S[5],i+2);
-        RND(S[5],S[6],S[7],S[0],S[1],S[2],S[3],S[4],i+3);
-        RND(S[4],S[5],S[6],S[7],S[0],S[1],S[2],S[3],i+4);
-        RND(S[3],S[4],S[5],S[6],S[7],S[0],S[1],S[2],i+5);
-        RND(S[2],S[3],S[4],S[5],S[6],S[7],S[0],S[1],i+6);
-        RND(S[1],S[2],S[3],S[4],S[5],S[6],S[7],S[0],i+7);
-    }
-
-    /* Add the working vars back into digest state[] */
-    for (i = 0; i < 8; i++) {
-        sha256->digest[i] += S[i];
-    }
-
-#ifdef WOLFSSL_SMALL_STACK
-    XFREE(W, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-
-    return 0;
-}
-
-#endif /* #if !defined(FREESCALE_MMCAU) */
-
-static INLINE void AddLength(Sha256* sha256, word32 len)
-{
-    word32 tmp = sha256->loLen;
-    if ( (sha256->loLen += len) < tmp)
-        sha256->hiLen++;                       /* carry low to high */
-}
-
-int wc_Sha256Update(Sha256* sha256, const byte* data, word32 len)
-{
-
-    /* do block size increments */
-    byte* local = (byte*)sha256->buffer;
-
-    SAVE_XMM_YMM ; /* for Intel AVX */
-
-    while (len) {
-        word32 add = min(len, SHA256_BLOCK_SIZE - sha256->buffLen);
-        XMEMCPY(&local[sha256->buffLen], data, add);
-
-        sha256->buffLen += add;
-        data            += add;
-        len             -= add;
-
-        if (sha256->buffLen == SHA256_BLOCK_SIZE) {
-            int ret;
-
-            #if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU)
-                #if defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)
-                if(!IS_INTEL_AVX1 && !IS_INTEL_AVX2)
-                #endif
-                ByteReverseWords(sha256->buffer, sha256->buffer,
-                                 SHA256_BLOCK_SIZE);
-            #endif
-            ret = XTRANSFORM(sha256, local);
-            if (ret != 0)
-                return ret;
-
-            AddLength(sha256, SHA256_BLOCK_SIZE);
-            sha256->buffLen = 0;
-        }
-    }
-
-    return 0;
-}
-
-int wc_Sha256Final(Sha256* sha256, byte* hash)
-{
-    byte* local = (byte*)sha256->buffer;
-    int ret;
-    
-    SAVE_XMM_YMM ; /* for Intel AVX */
-
-    AddLength(sha256, sha256->buffLen);  /* before adding pads */
-
-    local[sha256->buffLen++] = 0x80;     /* add 1 */
-
-    /* pad with zeros */
-    if (sha256->buffLen > SHA256_PAD_SIZE) {
-        XMEMSET(&local[sha256->buffLen], 0, SHA256_BLOCK_SIZE - sha256->buffLen);
-        sha256->buffLen += SHA256_BLOCK_SIZE - sha256->buffLen;
-
-        #if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU)
-            #if defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)
-            if(!IS_INTEL_AVX1 && !IS_INTEL_AVX2)
-            #endif
-            ByteReverseWords(sha256->buffer, sha256->buffer, SHA256_BLOCK_SIZE);
-        #endif
-
-        ret = XTRANSFORM(sha256, local);
-        if (ret != 0)
-            return ret;
-
-        sha256->buffLen = 0;
-    }
-    XMEMSET(&local[sha256->buffLen], 0, SHA256_PAD_SIZE - sha256->buffLen);
-
-    /* put lengths in bits */
-    sha256->hiLen = (sha256->loLen >> (8*sizeof(sha256->loLen) - 3)) +
-                 (sha256->hiLen << 3);
-    sha256->loLen = sha256->loLen << 3;
-
-    /* store lengths */
-    #if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU)
-        #if defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)
-        if(!IS_INTEL_AVX1 && !IS_INTEL_AVX2)
-        #endif
-            ByteReverseWords(sha256->buffer, sha256->buffer, SHA256_BLOCK_SIZE);
-    #endif
-    /* ! length ordering dependent on digest endian type ! */
-    XMEMCPY(&local[SHA256_PAD_SIZE], &sha256->hiLen, sizeof(word32));
-    XMEMCPY(&local[SHA256_PAD_SIZE + sizeof(word32)], &sha256->loLen,
-            sizeof(word32));
-
-    #if defined(FREESCALE_MMCAU) || defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)
-        /* Kinetis requires only these bytes reversed */
-        #if defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)
-        if(IS_INTEL_AVX1 || IS_INTEL_AVX2)
-        #endif
-        ByteReverseWords(&sha256->buffer[SHA256_PAD_SIZE/sizeof(word32)],
-                         &sha256->buffer[SHA256_PAD_SIZE/sizeof(word32)],
-                         2 * sizeof(word32));
-    #endif
-
-    ret = XTRANSFORM(sha256, local);
-    if (ret != 0)
-        return ret;
-
-    #if defined(LITTLE_ENDIAN_ORDER)
-        ByteReverseWords(sha256->digest, sha256->digest, SHA256_DIGEST_SIZE);
-    #endif
-    XMEMCPY(hash, sha256->digest, SHA256_DIGEST_SIZE);
-
-    return wc_InitSha256(sha256);  /* reset state */
-}
-
-
-
-int wc_Sha256Hash(const byte* data, word32 len, byte* hash)
-{
-    int ret = 0;
-#ifdef WOLFSSL_SMALL_STACK
-    Sha256* sha256;
-#else
-    Sha256 sha256[1];
-#endif
-
-#ifdef WOLFSSL_SMALL_STACK
-    sha256 = (Sha256*)XMALLOC(sizeof(Sha256), NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    if (sha256 == NULL)
-        return MEMORY_E;
-#endif
-
-    if ((ret = wc_InitSha256(sha256)) != 0) {
-        WOLFSSL_MSG("InitSha256 failed");
-    }
-    else if ((ret = wc_Sha256Update(sha256, data, len)) != 0) {
-        WOLFSSL_MSG("Sha256Update failed");
-    }
-    else if ((ret = wc_Sha256Final(sha256, hash)) != 0) {
-        WOLFSSL_MSG("Sha256Final failed");
-    }
-
-#ifdef WOLFSSL_SMALL_STACK
-    XFREE(sha256, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-
-    return ret;
-}
-
-#if defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)
-
-#define _DigestToReg(S_0, S_1, S_2, S_3, S_4, S_5, S_6, S_7 )\
-    { word32 d ;\
-    d = sha256->digest[0]; __asm__ volatile("movl %0, %"#S_0::"r"(d):SSE_REGs) ;\
-    d = sha256->digest[1]; __asm__ volatile("movl %0, %"#S_1::"r"(d):SSE_REGs) ;\
-    d = sha256->digest[2]; __asm__ volatile("movl %0, %"#S_2::"r"(d):SSE_REGs) ;\
-    d = sha256->digest[3]; __asm__ volatile("movl %0, %"#S_3::"r"(d):SSE_REGs) ;\
-    d = sha256->digest[4]; __asm__ volatile("movl %0, %"#S_4::"r"(d):SSE_REGs) ;\
-    d = sha256->digest[5]; __asm__ volatile("movl %0, %"#S_5::"r"(d):SSE_REGs) ;\
-    d = sha256->digest[6]; __asm__ volatile("movl %0, %"#S_6::"r"(d):SSE_REGs) ;\
-    d = sha256->digest[7]; __asm__ volatile("movl %0, %"#S_7::"r"(d):SSE_REGs) ;\
-}
-
-#define _RegToDigest(S_0, S_1, S_2, S_3, S_4, S_5, S_6, S_7 )\
-    { word32 d ; \
-    __asm__ volatile("movl %"#S_0", %0":"=r"(d)::SSE_REGs) ; sha256->digest[0] += d;\
-    __asm__ volatile("movl %"#S_1", %0":"=r"(d)::SSE_REGs) ; sha256->digest[1] += d;\
-    __asm__ volatile("movl %"#S_2", %0":"=r"(d)::SSE_REGs) ; sha256->digest[2] += d;\
-    __asm__ volatile("movl %"#S_3", %0":"=r"(d)::SSE_REGs) ; sha256->digest[3] += d;\
-    __asm__ volatile("movl %"#S_4", %0":"=r"(d)::SSE_REGs) ; sha256->digest[4] += d;\
-    __asm__ volatile("movl %"#S_5", %0":"=r"(d)::SSE_REGs) ; sha256->digest[5] += d;\
-    __asm__ volatile("movl %"#S_6", %0":"=r"(d)::SSE_REGs) ; sha256->digest[6] += d;\
-    __asm__ volatile("movl %"#S_7", %0":"=r"(d)::SSE_REGs) ; sha256->digest[7] += d;\
-}
-
-
-#define DigestToReg(S_0, S_1, S_2, S_3, S_4, S_5, S_6, S_7 )\
-    _DigestToReg(S_0, S_1, S_2, S_3, S_4, S_5, S_6, S_7 )
-
-#define RegToDigest(S_0, S_1, S_2, S_3, S_4, S_5, S_6, S_7 )\
-    _RegToDigest(S_0, S_1, S_2, S_3, S_4, S_5, S_6, S_7 )
-
-
-
-
-#define S_0 %r15d 
-#define S_1 %r10d
-#define S_2 %r11d       
-#define S_3 %r12d
-#define S_4 %r13d
-#define S_5 %r14d
-#define S_6 %ebx
-#define S_7 %r9d
-
-#define SSE_REGs "%edi", "%ecx", "%esi", "%edx", "%ebx","%r8","%r9","%r10","%r11","%r12","%r13","%r14","%r15"
-
-#if defined(HAVE_INTEL_RORX)
-#define RND_STEP_RORX_1(a,b,c,d,e,f,g,h,i)\
-__asm__ volatile("rorx  $6, %"#e", %%edx\n\t":::"%edx",SSE_REGs);  /* edx = e>>6 */\
-
-#define RND_STEP_RORX_2(a,b,c,d,e,f,g,h,i)\
-__asm__ volatile("rorx  $11, %"#e",%%edi\n\t":::"%edi",SSE_REGs); /* edi = e>>11  */\
-__asm__ volatile("xorl  %%edx, %%edi\n\t":::"%edx","%edi",SSE_REGs); /* edi = (e>>11) ^ (e>>6)  */\
-__asm__ volatile("rorx  $25, %"#e", %%edx\n\t":::"%edx",SSE_REGs);   /* edx = e>>25             */\
-
-#define RND_STEP_RORX_3(a,b,c,d,e,f,g,h,i)\
-__asm__ volatile("movl  %"#f", %%esi\n\t":::"%esi",SSE_REGs);  /* esi = f   */\
-__asm__ volatile("xorl  %"#g", %%esi\n\t":::"%esi",SSE_REGs);  /* esi = f ^ g  */\
-__asm__ volatile("xorl  %%edi, %%edx\n\t":::"%edi","%edx",SSE_REGs);  /* edx = Sigma1(e)  */\
-__asm__ volatile("andl  %"#e", %%esi\n\t":::"%esi",SSE_REGs);  /* esi = (f ^ g) & e       */\
-__asm__ volatile("xorl  %"#g", %%esi\n\t":::"%esi",SSE_REGs);  /* esi = Ch(e,f,g)         */\
-
-#define RND_STEP_RORX_4(a,b,c,d,e,f,g,h,i)\
-/*__asm__ volatile("movl    %0, %%edx\n\t"::"m"(w_k):"%edx");*/\
-__asm__ volatile("addl  %0, %"#h"\n\t"::"r"(W_K[i]):SSE_REGs);    /* h += w_k  */\
-__asm__ volatile("addl  %%edx, %"#h"\n\t":::"%edx",SSE_REGs);     /* h = h + w_k + Sigma1(e) */\
-__asm__ volatile("rorx  $2, %"#a", %%r8d\n\t":::"%r8",SSE_REGs);  /* r8d = a>>2   */\
-__asm__ volatile("rorx  $13, %"#a", %%edi\n\t":::"%edi",SSE_REGs);/* edi = a>>13  */\
-
-#define RND_STEP_RORX_5(a,b,c,d,e,f,g,h,i)\
-__asm__ volatile("rorx  $22, %"#a", %%edx\n\t":::"%edx",SSE_REGs); /* edx = a>>22 */\
-__asm__ volatile("xorl  %%r8d, %%edi\n\t":::"%edi","%r8",SSE_REGs);/* edi = (a>>2) ^ (a>>13)  */\
-__asm__ volatile("xorl  %%edi, %%edx\n\t":::"%edi","%edx",SSE_REGs);  /* edx = Sigma0(a)      */\
- 
-#define RND_STEP_RORX_6(a,b,c,d,e,f,g,h,i)\
-__asm__ volatile("movl  %"#b", %%edi\n\t":::"%edi",SSE_REGs);  /* edi = b          */\
-__asm__ volatile("orl   %"#a", %%edi\n\t":::"%edi",SSE_REGs);  /* edi = a | b      */\
-__asm__ volatile("andl  %"#c", %%edi\n\t":::"%edi",SSE_REGs);  /* edi = (a | b) & c*/\
-__asm__ volatile("movl  %"#b", %%r8d\n\t":::"%r8",SSE_REGs);  /* r8d = b           */\
-
-#define RND_STEP_RORX_7(a,b,c,d,e,f,g,h,i)\
-__asm__ volatile("addl  %%esi, %"#h"\n\t":::"%esi",SSE_REGs);  /* h += Ch(e,f,g)   */\
-__asm__ volatile("andl  %"#a", %%r8d\n\t":::"%r8",SSE_REGs);  /* r8d = b & a       */\
-__asm__ volatile("orl   %%edi, %%r8d\n\t":::"%edi","%r8",SSE_REGs); /* r8d = Maj(a,b,c) */\
-
-#define RND_STEP_RORX_8(a,b,c,d,e,f,g,h,i)\
-__asm__ volatile("addl  "#h", "#d"\n\t");  /* d += h + w_k + Sigma1(e) + Ch(e,f,g) */\
-__asm__ volatile("addl  %"#h", %%r8d\n\t":::"%r8",SSE_REGs); \
-__asm__ volatile("addl  %%edx, %%r8d\n\t":::"%edx","%r8",SSE_REGs); \
-__asm__ volatile("movl  %r8d, "#h"\n\t");   
-
-#endif
-
-#define RND_STEP_1(a,b,c,d,e,f,g,h,i)\
-__asm__ volatile("movl  %"#e", %%edx\n\t":::"%edx",SSE_REGs);\
-__asm__ volatile("roll  $26, %%edx\n\t":::"%edx",SSE_REGs);  /* edx = e>>6     */\
-__asm__ volatile("movl  %"#e", %%edi\n\t":::"%edi",SSE_REGs);\
-
-#define RND_STEP_2(a,b,c,d,e,f,g,h,i)\
-__asm__ volatile("roll  $21, %%edi\n\t":::"%edi",SSE_REGs);         /* edi = e>>11 */\
-__asm__ volatile("xorl  %%edx, %%edi\n\t":::"%edx","%edi",SSE_REGs); /* edi = (e>>11) ^ (e>>6)  */\
-__asm__ volatile("movl  %"#e", %%edx\n\t":::"%edx",SSE_REGs);   /* edx = e      */\
-__asm__ volatile("roll  $7, %%edx\n\t":::"%edx",SSE_REGs);      /* edx = e>>25  */\
-
-#define RND_STEP_3(a,b,c,d,e,f,g,h,i)\
-__asm__ volatile("movl  %"#f", %%esi\n\t":::"%esi",SSE_REGs);  /* esi = f       */\
-__asm__ volatile("xorl  %"#g", %%esi\n\t":::"%esi",SSE_REGs);  /* esi = f ^ g   */\
-__asm__ volatile("xorl  %%edi, %%edx\n\t":::"%edi","%edx",SSE_REGs); /* edx = Sigma1(e) */\
-__asm__ volatile("andl  %"#e", %%esi\n\t":::"%esi",SSE_REGs);  /* esi = (f ^ g) & e  */\
-__asm__ volatile("xorl  %"#g", %%esi\n\t":::"%esi",SSE_REGs);  /* esi = Ch(e,f,g)    */\
-
-#define RND_STEP_4(a,b,c,d,e,f,g,h,i)\
-__asm__ volatile("addl  %0, %"#h"\n\t"::"r"(W_K[i]):SSE_REGs); /* h += w_k  */\
-__asm__ volatile("addl  %%edx, %"#h"\n\t":::"%edx",SSE_REGs); /* h = h + w_k + Sigma1(e) */\
-__asm__ volatile("movl  %"#a", %%r8d\n\t":::"%r8",SSE_REGs);  /* r8d = a    */\
-__asm__ volatile("roll  $30, %%r8d\n\t":::"%r8",SSE_REGs);    /* r8d = a>>2 */\
-__asm__ volatile("movl  %"#a", %%edi\n\t":::"%edi",SSE_REGs);  /* edi = a   */\
-__asm__ volatile("roll  $19, %%edi\n\t":::"%edi",SSE_REGs);    /* edi = a>>13 */\
-__asm__ volatile("movl  %"#a", %%edx\n\t":::"%edx",SSE_REGs);  /* edx = a     */\
-
-#define RND_STEP_5(a,b,c,d,e,f,g,h,i)\
-__asm__ volatile("roll  $10, %%edx\n\t":::"%edx",SSE_REGs);    /* edx = a>>22 */\
-__asm__ volatile("xorl  %%r8d, %%edi\n\t":::"%edi","%r8",SSE_REGs); /* edi = (a>>2) ^ (a>>13)  */\
-__asm__ volatile("xorl  %%edi, %%edx\n\t":::"%edi","%edx",SSE_REGs);/* edx = Sigma0(a)         */\
-
-#define RND_STEP_6(a,b,c,d,e,f,g,h,i)\
-__asm__ volatile("movl  %"#b", %%edi\n\t":::"%edi",SSE_REGs);  /* edi = b      */\
-__asm__ volatile("orl   %"#a", %%edi\n\t":::"%edi",SSE_REGs);  /* edi = a | b  */\
-__asm__ volatile("andl  %"#c", %%edi\n\t":::"%edi",SSE_REGs);  /* edi = (a | b) & c */\
-__asm__ volatile("movl  %"#b", %%r8d\n\t":::"%r8",SSE_REGs);  /* r8d = b       */\
-
-#define RND_STEP_7(a,b,c,d,e,f,g,h,i)\
-__asm__ volatile("addl  %%esi, %"#h"\n\t":::"%esi",SSE_REGs);  /* h += Ch(e,f,g)        */\
-__asm__ volatile("andl  %"#a", %%r8d\n\t":::"%r8",SSE_REGs);  /* r8d = b & a            */\
-__asm__ volatile("orl   %%edi, %%r8d\n\t":::"%edi","%r8",SSE_REGs); /* r8d = Maj(a,b,c) */\
-
-#define RND_STEP_8(a,b,c,d,e,f,g,h,i)\
-__asm__ volatile("addl  "#h", "#d"\n\t");  /* d += h + w_k + Sigma1(e) + Ch(e,f,g) */\
-__asm__ volatile("addl  %"#h", %%r8d\n\t":::"%r8",SSE_REGs); \
-                 /* r8b = h + w_k + Sigma1(e) + Ch(e,f,g) + Maj(a,b,c) */\
-__asm__ volatile("addl  %%edx, %%r8d\n\t":::"%edx","%r8",SSE_REGs);\
-                 /* r8b = h + w_k + Sigma1(e) Sigma0(a) + Ch(e,f,g) + Maj(a,b,c)     */\
-__asm__ volatile("movl  %%r8d, %"#h"\n\t":::"%r8", SSE_REGs); \
-                 /* h = h + w_k + Sigma1(e) + Sigma0(a) + Ch(e,f,g) + Maj(a,b,c) */ \
-
-#define RND_X(a,b,c,d,e,f,g,h,i) \
-       RND_STEP_1(a,b,c,d,e,f,g,h,i); \
-       RND_STEP_2(a,b,c,d,e,f,g,h,i); \
-       RND_STEP_3(a,b,c,d,e,f,g,h,i); \
-       RND_STEP_4(a,b,c,d,e,f,g,h,i); \
-       RND_STEP_5(a,b,c,d,e,f,g,h,i); \
-       RND_STEP_6(a,b,c,d,e,f,g,h,i); \
-       RND_STEP_7(a,b,c,d,e,f,g,h,i); \
-       RND_STEP_8(a,b,c,d,e,f,g,h,i); 
-
-#define RND_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_X(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i);
-#define RND_7(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_X(S_7,S_0,S_1,S_2,S_3,S_4,S_5,S_6,_i);
-#define RND_6(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_X(S_6,S_7,S_0,S_1,S_2,S_3,S_4,S_5,_i);
-#define RND_5(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_X(S_5,S_6,S_7,S_0,S_1,S_2,S_3,S_4,_i);
-#define RND_4(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_X(S_4,S_5,S_6,S_7,S_0,S_1,S_2,S_3,_i);
-#define RND_3(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_X(S_3,S_4,S_5,S_6,S_7,S_0,S_1,S_2,_i);
-#define RND_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_X(S_2,S_3,S_4,S_5,S_6,S_7,S_0,S_1,_i);
-#define RND_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_X(S_1,S_2,S_3,S_4,S_5,S_6,S_7,S_0,_i);
-
-
-#define RND_1_3(a,b,c,d,e,f,g,h,i) {\
-       RND_STEP_1(a,b,c,d,e,f,g,h,i); \
-       RND_STEP_2(a,b,c,d,e,f,g,h,i); \
-       RND_STEP_3(a,b,c,d,e,f,g,h,i); \
-}
-
-#define RND_4_6(a,b,c,d,e,f,g,h,i) {\
-       RND_STEP_4(a,b,c,d,e,f,g,h,i); \
-       RND_STEP_5(a,b,c,d,e,f,g,h,i); \
-       RND_STEP_6(a,b,c,d,e,f,g,h,i); \
-}
-
-#define RND_7_8(a,b,c,d,e,f,g,h,i) {\
-       RND_STEP_7(a,b,c,d,e,f,g,h,i); \
-       RND_STEP_8(a,b,c,d,e,f,g,h,i); \
-}
-
-#define RND_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_X(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i);
-#define RND_7(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_X(S_7,S_0,S_1,S_2,S_3,S_4,S_5,S_6,_i);
-#define RND_6(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_X(S_6,S_7,S_0,S_1,S_2,S_3,S_4,S_5,_i);
-#define RND_5(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_X(S_5,S_6,S_7,S_0,S_1,S_2,S_3,S_4,_i);
-#define RND_4(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_X(S_4,S_5,S_6,S_7,S_0,S_1,S_2,S_3,_i);
-#define RND_3(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_X(S_3,S_4,S_5,S_6,S_7,S_0,S_1,S_2,_i);
-#define RND_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_X(S_2,S_3,S_4,S_5,S_6,S_7,S_0,S_1,_i);
-#define RND_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_X(S_1,S_2,S_3,S_4,S_5,S_6,S_7,S_0,_i);
-
-
-#define RND_0_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_1_3(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i);
-#define RND_7_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_1_3(S_7,S_0,S_1,S_2,S_3,S_4,S_5,S_6,_i);
-#define RND_6_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_1_3(S_6,S_7,S_0,S_1,S_2,S_3,S_4,S_5,_i);
-#define RND_5_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_1_3(S_5,S_6,S_7,S_0,S_1,S_2,S_3,S_4,_i);
-#define RND_4_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_1_3(S_4,S_5,S_6,S_7,S_0,S_1,S_2,S_3,_i);
-#define RND_3_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_1_3(S_3,S_4,S_5,S_6,S_7,S_0,S_1,S_2,_i);
-#define RND_2_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_1_3(S_2,S_3,S_4,S_5,S_6,S_7,S_0,S_1,_i);
-#define RND_1_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_1_3(S_1,S_2,S_3,S_4,S_5,S_6,S_7,S_0,_i);
-
-#define RND_0_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_4_6(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i);
-#define RND_7_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_4_6(S_7,S_0,S_1,S_2,S_3,S_4,S_5,S_6,_i);
-#define RND_6_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_4_6(S_6,S_7,S_0,S_1,S_2,S_3,S_4,S_5,_i);
-#define RND_5_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_4_6(S_5,S_6,S_7,S_0,S_1,S_2,S_3,S_4,_i);
-#define RND_4_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_4_6(S_4,S_5,S_6,S_7,S_0,S_1,S_2,S_3,_i);
-#define RND_3_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_4_6(S_3,S_4,S_5,S_6,S_7,S_0,S_1,S_2,_i);
-#define RND_2_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_4_6(S_2,S_3,S_4,S_5,S_6,S_7,S_0,S_1,_i);
-#define RND_1_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_4_6(S_1,S_2,S_3,S_4,S_5,S_6,S_7,S_0,_i);
-
-#define RND_0_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_7_8(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i);
-#define RND_7_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_7_8(S_7,S_0,S_1,S_2,S_3,S_4,S_5,S_6,_i);
-#define RND_6_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_7_8(S_6,S_7,S_0,S_1,S_2,S_3,S_4,S_5,_i);
-#define RND_5_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_7_8(S_5,S_6,S_7,S_0,S_1,S_2,S_3,S_4,_i);
-#define RND_4_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_7_8(S_4,S_5,S_6,S_7,S_0,S_1,S_2,S_3,_i);
-#define RND_3_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_7_8(S_3,S_4,S_5,S_6,S_7,S_0,S_1,S_2,_i);
-#define RND_2_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_7_8(S_2,S_3,S_4,S_5,S_6,S_7,S_0,S_1,_i);
-#define RND_1_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_7_8(S_1,S_2,S_3,S_4,S_5,S_6,S_7,S_0,_i);
-
-#define FOR(cnt, init, max, inc, loop)  \
-    __asm__ volatile("movl $"#init", %0\n\t"#loop":"::"m"(cnt):) 
-#define END(cnt, init, max, inc, loop)  \
-    __asm__ volatile("addl $"#inc", %0\n\tcmpl $"#max", %0\n\tjle "#loop"\n\t":"=m"(cnt)::) ;
-
-#endif  /* defined(HAVE_INTEL_AVX1) ||  defined(HAVE_INTEL_AVX2) */
-
-#if defined(HAVE_INTEL_AVX1) /* inline Assember for Intel AVX1 instructions */
-
-#define VPALIGNR(op1,op2,op3,op4) __asm__ volatile("vpalignr $"#op4", %"#op3", %"#op2", %"#op1:::XMM_REGs) 
-#define VPADDD(op1,op2,op3)       __asm__ volatile("vpaddd %"#op3", %"#op2", %"#op1:::XMM_REGs)
-#define VPSRLD(op1,op2,op3)       __asm__ volatile("vpsrld $"#op3", %"#op2", %"#op1:::XMM_REGs)
-#define VPSRLQ(op1,op2,op3)       __asm__ volatile("vpsrlq $"#op3", %"#op2", %"#op1:::XMM_REGs)
-#define VPSLLD(op1,op2,op3)       __asm__ volatile("vpslld $"#op3", %"#op2", %"#op1:::XMM_REGs)
-#define VPOR(op1,op2,op3)         __asm__ volatile("vpor   %"#op3", %"#op2", %"#op1:::XMM_REGs)
-#define VPXOR(op1,op2,op3)        __asm__ volatile("vpxor  %"#op3", %"#op2", %"#op1:::XMM_REGs)
-#define VPSHUFD(op1,op2,op3)      __asm__ volatile("vpshufd $"#op3", %"#op2", %"#op1:::XMM_REGs)
-#define VPSHUFB(op1,op2,op3)      __asm__ volatile("vpshufb %"#op3", %"#op2", %"#op1:::XMM_REGs)
-
-#define MessageSched(X0, X1, X2, X3, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5, XFER, SHUF_00BA, SHUF_DC00,\
-     a,b,c,d,e,f,g,h,_i)\
-            RND_STEP_1(a,b,c,d,e,f,g,h,_i);\
-    VPALIGNR (XTMP0, X3, X2, 4) ;\
-            RND_STEP_2(a,b,c,d,e,f,g,h,_i);\
-    VPADDD   (XTMP0, XTMP0, X0) ;\
-            RND_STEP_3(a,b,c,d,e,f,g,h,_i);\
-    VPALIGNR (XTMP1, X1, X0, 4) ;   /* XTMP1 = W[-15] */\
-            RND_STEP_4(a,b,c,d,e,f,g,h,_i);\
-    VPSRLD   (XTMP2, XTMP1, 7) ;\
-            RND_STEP_5(a,b,c,d,e,f,g,h,_i);\
-    VPSLLD   (XTMP3, XTMP1, 25) ; /* VPSLLD   (XTMP3, XTMP1, (32-7)) */\
-            RND_STEP_6(a,b,c,d,e,f,g,h,_i);\
-    VPOR     (XTMP3, XTMP3, XTMP2)  ;  /* XTMP1 = W[-15] MY_ROR 7 */\
-            RND_STEP_7(a,b,c,d,e,f,g,h,_i);\
-    VPSRLD   (XTMP2, XTMP1,18) ;\
-            RND_STEP_8(a,b,c,d,e,f,g,h,_i);\
-\
-            RND_STEP_1(h,a,b,c,d,e,f,g,_i+1);\
-    VPSRLD   (XTMP4, XTMP1, 3)      ;  /* XTMP4 = W[-15] >> 3 */\
-            RND_STEP_2(h,a,b,c,d,e,f,g,_i+1);\
-    VPSLLD   (XTMP1, XTMP1, 14) ; /* VPSLLD   (XTMP1, XTMP1, (32-18)) */\
-            RND_STEP_3(h,a,b,c,d,e,f,g,_i+1);\
-    VPXOR    (XTMP3, XTMP3, XTMP1)  ;\
-            RND_STEP_4(h,a,b,c,d,e,f,g,_i+1);\
-    VPXOR    (XTMP3, XTMP3, XTMP2)  ;  /* XTMP1 = W[-15] MY_ROR 7 ^ W[-15] MY_ROR 18 */\
-            RND_STEP_5(h,a,b,c,d,e,f,g,_i+1);\
-    VPXOR    (XTMP1, XTMP3, XTMP4)  ;  /* XTMP1 = s0 */\
-            RND_STEP_6(h,a,b,c,d,e,f,g,_i+1);\
-    VPSHUFD(XTMP2, X3, 0b11111010)  ;  /* XTMP2 = W[-2] {BBAA}*/\
-            RND_STEP_7(h,a,b,c,d,e,f,g,_i+1);\
-    VPADDD   (XTMP0, XTMP0, XTMP1)  ;  /* XTMP0 = W[-16] + W[-7] + s0 */\
-            RND_STEP_8(h,a,b,c,d,e,f,g,_i+1);\
-\
-            RND_STEP_1(g,h,a,b,c,d,e,f,_i+2);\
-    VPSRLD   (XTMP4, XTMP2, 10) ;      /* XTMP4 = W[-2] >> 10 {BBAA} */\
-            RND_STEP_2(g,h,a,b,c,d,e,f,_i+2);\
-    VPSRLQ   (XTMP3, XTMP2, 19) ;      /* XTMP3 = W[-2] MY_ROR 19 {xBxA} */\
-            RND_STEP_3(g,h,a,b,c,d,e,f,_i+2);\
-    VPSRLQ   (XTMP2, XTMP2, 17) ;      /* XTMP2 = W[-2] MY_ROR 17 {xBxA} */\
-            RND_STEP_4(g,h,a,b,c,d,e,f,_i+2);\
-    VPXOR    (XTMP2, XTMP2, XTMP3) ;\
-            RND_STEP_5(g,h,a,b,c,d,e,f,_i+2);\
-    VPXOR    (XTMP4, XTMP4, XTMP2) ;   /* XTMP4 = s1 {xBxA} */\
-            RND_STEP_6(g,h,a,b,c,d,e,f,_i+2);\
-    VPSHUFB  (XTMP4, XTMP4, SHUF_00BA)  ;  /* XTMP4 = s1 {00BA} */\
-            RND_STEP_7(g,h,a,b,c,d,e,f,_i+2);\
-    VPADDD   (XTMP0, XTMP0, XTMP4)  ;  /* XTMP0 = {..., ..., W[1], W[0]} */\
-            RND_STEP_8(g,h,a,b,c,d,e,f,_i+2);\
-\
-            RND_STEP_1(f,g,h,a,b,c,d,e,_i+3);\
-    VPSHUFD  (XTMP2, XTMP0, 0b01010000) ; /* XTMP2 = W[-2] {DDCC} */\
-            RND_STEP_2(f,g,h,a,b,c,d,e,_i+3);\
-    VPSRLD   (XTMP5, XTMP2, 10);       /* XTMP5 = W[-2] >> 10 {DDCC} */\
-            RND_STEP_3(f,g,h,a,b,c,d,e,_i+3);\
-    VPSRLQ   (XTMP3, XTMP2, 19);       /* XTMP3 = W[-2] MY_ROR 19 {xDxC} */\
-            RND_STEP_4(f,g,h,a,b,c,d,e,_i+3);\
-    VPSRLQ   (XTMP2, XTMP2, 17) ;      /* XTMP2 = W[-2] MY_ROR 17 {xDxC} */\
-            RND_STEP_5(f,g,h,a,b,c,d,e,_i+3);\
-    VPXOR    (XTMP2, XTMP2, XTMP3) ;\
-            RND_STEP_6(f,g,h,a,b,c,d,e,_i+3);\
-    VPXOR    (XTMP5, XTMP5, XTMP2) ;   /* XTMP5 = s1 {xDxC} */\
-            RND_STEP_7(f,g,h,a,b,c,d,e,_i+3);\
-    VPSHUFB  (XTMP5, XTMP5, SHUF_DC00) ; /* XTMP5 = s1 {DC00} */\
-            RND_STEP_8(f,g,h,a,b,c,d,e,_i+3);\
-    VPADDD   (X0, XTMP5, XTMP0) ;      /* X0 = {W[3], W[2], W[1], W[0]} */\
-
-#if defined(HAVE_INTEL_RORX)
-
-#define MessageSched_RORX(X0, X1, X2, X3, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5, \
-                          XFER, SHUF_00BA, SHUF_DC00,a,b,c,d,e,f,g,h,_i)\
-            RND_STEP_RORX_1(a,b,c,d,e,f,g,h,_i);\
-    VPALIGNR (XTMP0, X3, X2, 4) ;\
-            RND_STEP_RORX_2(a,b,c,d,e,f,g,h,_i);\
-    VPADDD   (XTMP0, XTMP0, X0) ;\
-            RND_STEP_RORX_3(a,b,c,d,e,f,g,h,_i);\
-    VPALIGNR (XTMP1, X1, X0, 4) ;   /* XTMP1 = W[-15] */\
-            RND_STEP_RORX_4(a,b,c,d,e,f,g,h,_i);\
-    VPSRLD   (XTMP2, XTMP1, 7) ;\
-            RND_STEP_RORX_5(a,b,c,d,e,f,g,h,_i);\
-    VPSLLD   (XTMP3, XTMP1, 25) ; /* VPSLLD   (XTMP3, XTMP1, (32-7)) */\
-            RND_STEP_RORX_6(a,b,c,d,e,f,g,h,_i);\
-    VPOR     (XTMP3, XTMP3, XTMP2)  ;  /* XTMP1 = W[-15] MY_ROR 7 */\
-            RND_STEP_RORX_7(a,b,c,d,e,f,g,h,_i);\
-    VPSRLD   (XTMP2, XTMP1,18) ;\
-            RND_STEP_RORX_8(a,b,c,d,e,f,g,h,_i);\
-\
-            RND_STEP_RORX_1(h,a,b,c,d,e,f,g,_i+1);\
-    VPSRLD   (XTMP4, XTMP1, 3)      ;  /* XTMP4 = W[-15] >> 3 */\
-            RND_STEP_RORX_2(h,a,b,c,d,e,f,g,_i+1);\
-    VPSLLD   (XTMP1, XTMP1, 14) ; /* VPSLLD   (XTMP1, XTMP1, (32-18)) */\
-            RND_STEP_RORX_3(h,a,b,c,d,e,f,g,_i+1);\
-    VPXOR    (XTMP3, XTMP3, XTMP1)  ;\
-            RND_STEP_RORX_4(h,a,b,c,d,e,f,g,_i+1);\
-    VPXOR    (XTMP3, XTMP3, XTMP2)  ;  /* XTMP1 = W[-15] MY_ROR 7 ^ W[-15] MY_ROR 18 */\
-            RND_STEP_RORX_5(h,a,b,c,d,e,f,g,_i+1);\
-    VPXOR    (XTMP1, XTMP3, XTMP4)  ;  /* XTMP1 = s0 */\
-            RND_STEP_RORX_6(h,a,b,c,d,e,f,g,_i+1);\
-    VPSHUFD(XTMP2, X3, 0b11111010)  ;  /* XTMP2 = W[-2] {BBAA}*/\
-            RND_STEP_RORX_7(h,a,b,c,d,e,f,g,_i+1);\
-    VPADDD   (XTMP0, XTMP0, XTMP1)  ;  /* XTMP0 = W[-16] + W[-7] + s0 */\
-            RND_STEP_RORX_8(h,a,b,c,d,e,f,g,_i+1);\
-\
-            RND_STEP_RORX_1(g,h,a,b,c,d,e,f,_i+2);\
-    VPSRLD   (XTMP4, XTMP2, 10) ;      /* XTMP4 = W[-2] >> 10 {BBAA} */\
-            RND_STEP_RORX_2(g,h,a,b,c,d,e,f,_i+2);\
-    VPSRLQ   (XTMP3, XTMP2, 19) ;      /* XTMP3 = W[-2] MY_ROR 19 {xBxA} */\
-            RND_STEP_RORX_3(g,h,a,b,c,d,e,f,_i+2);\
-    VPSRLQ   (XTMP2, XTMP2, 17) ;      /* XTMP2 = W[-2] MY_ROR 17 {xBxA} */\
-            RND_STEP_RORX_4(g,h,a,b,c,d,e,f,_i+2);\
-    VPXOR    (XTMP2, XTMP2, XTMP3) ;\
-            RND_STEP_RORX_5(g,h,a,b,c,d,e,f,_i+2);\
-    VPXOR    (XTMP4, XTMP4, XTMP2) ;   /* XTMP4 = s1 {xBxA} */\
-            RND_STEP_RORX_6(g,h,a,b,c,d,e,f,_i+2);\
-    VPSHUFB  (XTMP4, XTMP4, SHUF_00BA)  ;  /* XTMP4 = s1 {00BA} */\
-            RND_STEP_RORX_7(g,h,a,b,c,d,e,f,_i+2);\
-    VPADDD   (XTMP0, XTMP0, XTMP4)  ;  /* XTMP0 = {..., ..., W[1], W[0]} */\
-            RND_STEP_RORX_8(g,h,a,b,c,d,e,f,_i+2);\
-\
-            RND_STEP_RORX_1(f,g,h,a,b,c,d,e,_i+3);\
-    VPSHUFD  (XTMP2, XTMP0, 0b01010000) ; /* XTMP2 = W[-2] {DDCC} */\
-            RND_STEP_RORX_2(f,g,h,a,b,c,d,e,_i+3);\
-    VPSRLD   (XTMP5, XTMP2, 10);       /* XTMP5 = W[-2] >> 10 {DDCC} */\
-            RND_STEP_RORX_3(f,g,h,a,b,c,d,e,_i+3);\
-    VPSRLQ   (XTMP3, XTMP2, 19);       /* XTMP3 = W[-2] MY_ROR 19 {xDxC} */\
-            RND_STEP_RORX_4(f,g,h,a,b,c,d,e,_i+3);\
-    VPSRLQ   (XTMP2, XTMP2, 17) ;      /* XTMP2 = W[-2] MY_ROR 17 {xDxC} */\
-            RND_STEP_RORX_5(f,g,h,a,b,c,d,e,_i+3);\
-    VPXOR    (XTMP2, XTMP2, XTMP3) ;\
-            RND_STEP_RORX_6(f,g,h,a,b,c,d,e,_i+3);\
-    VPXOR    (XTMP5, XTMP5, XTMP2) ;   /* XTMP5 = s1 {xDxC} */\
-            RND_STEP_RORX_7(f,g,h,a,b,c,d,e,_i+3);\
-    VPSHUFB  (XTMP5, XTMP5, SHUF_DC00) ; /* XTMP5 = s1 {DC00} */\
-            RND_STEP_RORX_8(f,g,h,a,b,c,d,e,_i+3);\
-    VPADDD   (X0, XTMP5, XTMP0) ;      /* X0 = {W[3], W[2], W[1], W[0]} */\
-
-#endif
-
-
-#define W_K_from_buff\
-         __asm__ volatile("vmovdqu %0, %%xmm4\n\t"\
-                          "vpshufb %%xmm13, %%xmm4, %%xmm4\n\t"\
-                          :: "m"(sha256->buffer[0]):"%xmm4") ;\
-         __asm__ volatile("vmovdqu %0, %%xmm5\n\t"\
-                          "vpshufb %%xmm13, %%xmm5, %%xmm5\n\t"\
-                          ::"m"(sha256->buffer[4]):"%xmm5") ;\
-         __asm__ volatile("vmovdqu %0, %%xmm6\n\t"\
-                          "vpshufb %%xmm13, %%xmm6, %%xmm6\n\t"\
-                          ::"m"(sha256->buffer[8]):"%xmm6") ;\
-         __asm__ volatile("vmovdqu %0, %%xmm7\n\t"\
-                          "vpshufb %%xmm13, %%xmm7, %%xmm7\n\t"\
-                          ::"m"(sha256->buffer[12]):"%xmm7") ;\
-
-#define _SET_W_K_XFER(reg, i)\
-    __asm__ volatile("vpaddd %0, %"#reg", %%xmm9"::"m"(K[i]):XMM_REGs) ;\
-    __asm__ volatile("vmovdqa %%xmm9, %0":"=m"(W_K[i])::XMM_REGs) ;
-
-#define SET_W_K_XFER(reg, i) _SET_W_K_XFER(reg, i)
-
-static const ALIGN32 word64 mSHUF_00BA[] = { 0x0b0a090803020100, 0xFFFFFFFFFFFFFFFF } ; /* shuffle xBxA -> 00BA */
-static const ALIGN32 word64 mSHUF_DC00[] = { 0xFFFFFFFFFFFFFFFF, 0x0b0a090803020100 } ; /* shuffle xDxC -> DC00 */
-static const ALIGN32 word64 mBYTE_FLIP_MASK[] =  { 0x0405060700010203, 0x0c0d0e0f08090a0b } ;
-
-
-#define _Init_Masks(mask1, mask2, mask3)\
-__asm__ volatile("vmovdqu %0, %"#mask1 ::"m"(mBYTE_FLIP_MASK[0])) ;\
-__asm__ volatile("vmovdqu %0, %"#mask2 ::"m"(mSHUF_00BA[0])) ;\
-__asm__ volatile("vmovdqu %0, %"#mask3 ::"m"(mSHUF_DC00[0])) ;
-
-#define Init_Masks(BYTE_FLIP_MASK, SHUF_00BA, SHUF_DC00)\
-    _Init_Masks(BYTE_FLIP_MASK, SHUF_00BA, SHUF_DC00)
-
-#define X0 %xmm4
-#define X1 %xmm5
-#define X2 %xmm6
-#define X3 %xmm7
-#define X_ X0
-
-#define XTMP0 %xmm0
-#define XTMP1 %xmm1
-#define XTMP2 %xmm2
-#define XTMP3 %xmm3
-#define XTMP4 %xmm8
-#define XTMP5 %xmm9
-#define XFER  %xmm10
-
-#define SHUF_00BA   %xmm11 /* shuffle xBxA -> 00BA */
-#define SHUF_DC00   %xmm12 /* shuffle xDxC -> DC00 */
-#define BYTE_FLIP_MASK  %xmm13
-
-#define XMM_REGs   /* Registers are saved in Sha256Update/Finel */
-                   /*"xmm4","xmm5","xmm6","xmm7","xmm8","xmm9","xmm10","xmm11","xmm12","xmm13" */
-
-static int Transform_AVX1(Sha256* sha256)
-{
-
-    word32 W_K[64] ;  /* temp for W+K */
-
-    #if defined(DEBUG_XMM)
-    int i, j ;
-    word32 xmm[29][4*15] ;
-    #endif
-
-    Init_Masks(BYTE_FLIP_MASK, SHUF_00BA, SHUF_DC00) ;
-    W_K_from_buff ; /* X0, X1, X2, X3 = W[0..15] ; */
-
-    DigestToReg(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7) ;
-  
-    SET_W_K_XFER(X0, 0) ;
-    MessageSched(X0, X1, X2, X3, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5, XFER, 
-            SHUF_00BA, SHUF_DC00, S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,0) ;
-    SET_W_K_XFER(X1, 4) ;
-    MessageSched(X1, X2, X3, X0, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5, XFER,
-            SHUF_00BA, SHUF_DC00, S_4,S_5,S_6,S_7,S_0,S_1,S_2,S_3,4) ;
-    SET_W_K_XFER(X2, 8) ;
-    MessageSched(X2, X3, X0, X1, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5, XFER, 
-            SHUF_00BA, SHUF_DC00, S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,8) ;
-    SET_W_K_XFER(X3, 12) ;
-    MessageSched(X3, X0, X1, X2, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5, XFER, 
-            SHUF_00BA, SHUF_DC00, S_4,S_5,S_6,S_7,S_0,S_1,S_2,S_3,12) ;
-    SET_W_K_XFER(X0, 16) ;
-    MessageSched(X0, X1, X2, X3, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5, XFER, 
-            SHUF_00BA, SHUF_DC00, S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,16) ;
-    SET_W_K_XFER(X1, 20) ;
-    MessageSched(X1, X2, X3, X0, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5, XFER, 
-            SHUF_00BA, SHUF_DC00, S_4,S_5,S_6,S_7,S_0,S_1,S_2,S_3,20) ;
-    SET_W_K_XFER(X2, 24) ;
-    MessageSched(X2, X3, X0, X1, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5, XFER, 
-            SHUF_00BA, SHUF_DC00, S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,24) ;
-    SET_W_K_XFER(X3, 28) ;
-    MessageSched(X3, X0, X1, X2, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5, XFER, 
-            SHUF_00BA, SHUF_DC00, S_4,S_5,S_6,S_7,S_0,S_1,S_2,S_3,28) ;
-    SET_W_K_XFER(X0, 32) ;
-    MessageSched(X0, X1, X2, X3, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5, XFER, 
-            SHUF_00BA, SHUF_DC00, S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,32) ;
-    SET_W_K_XFER(X1, 36) ;
-    MessageSched(X1, X2, X3, X0, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5, XFER, 
-            SHUF_00BA, SHUF_DC00, S_4,S_5,S_6,S_7,S_0,S_1,S_2,S_3,36) ;
-    SET_W_K_XFER(X2, 40) ;
-    MessageSched(X2, X3, X0, X1, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5, XFER, 
-            SHUF_00BA, SHUF_DC00, S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,40) ;
-    SET_W_K_XFER(X3, 44) ;
-    MessageSched(X3, X0, X1, X2, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5, XFER, 
-            SHUF_00BA, SHUF_DC00, S_4,S_5,S_6,S_7,S_0,S_1,S_2,S_3,44) ;
-
-    SET_W_K_XFER(X0, 48) ;
-    SET_W_K_XFER(X1, 52) ;
-    SET_W_K_XFER(X2, 56) ;
-    SET_W_K_XFER(X3, 60) ;
-    
-    RND_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,48) ;
-    RND_7(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,49) ;
-    RND_6(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,50) ;
-    RND_5(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,51) ;
-
-    RND_4(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,52) ;
-    RND_3(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,53) ;
-    RND_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,54) ;
-    RND_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,55) ;
-
-    RND_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,56) ;     
-    RND_7(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,57) ;
-    RND_6(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,58) ;
-    RND_5(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,59) ;
-
-    RND_4(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,60) ;
-    RND_3(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,61) ;
-    RND_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,62) ;
-    RND_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,63) ;
-        
-    RegToDigest(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7) ;  
-        
-    #if defined(DEBUG_XMM)
-    for(i=0; i<29; i++) {
-        for(j=0; j<4*14; j+=4)
-            printf("xmm%d[%d]=%08x,%08x,%08x,%08x\n", j/4, i, 
-                   xmm[i][j],xmm[i][j+1],xmm[i][j+2],xmm[i][j+3]) ;
-        printf("\n") ;
-    }
-        
-    for(i=0; i<64; i++)printf("W_K[%d]%08x\n", i, W_K[i]) ;
-    #endif
-
-    return 0;
-}
-
-#if defined(HAVE_INTEL_RORX)
-static int Transform_AVX1_RORX(Sha256* sha256)
-{
-
-    word32 W_K[64] ;  /* temp for W+K */
-
-    #if defined(DEBUG_XMM)
-    int i, j ;
-    word32 xmm[29][4*15] ;
-    #endif
-
-    Init_Masks(BYTE_FLIP_MASK, SHUF_00BA, SHUF_DC00) ;
-    W_K_from_buff ; /* X0, X1, X2, X3 = W[0..15] ; */
-
-    DigestToReg(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7) ;
-    SET_W_K_XFER(X0, 0) ;
-    MessageSched_RORX(X0, X1, X2, X3, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5, 
-            XFER, SHUF_00BA, SHUF_DC00, S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,0) ;
-    SET_W_K_XFER(X1, 4) ;
-    MessageSched_RORX(X1, X2, X3, X0, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5, 
-            XFER, SHUF_00BA, SHUF_DC00, S_4,S_5,S_6,S_7,S_0,S_1,S_2,S_3,4) ;
-    SET_W_K_XFER(X2, 8) ;
-    MessageSched_RORX(X2, X3, X0, X1, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5, 
-            XFER, SHUF_00BA, SHUF_DC00, S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,8) ;
-    SET_W_K_XFER(X3, 12) ;
-    MessageSched_RORX(X3, X0, X1, X2, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5, 
-            XFER, SHUF_00BA, SHUF_DC00, S_4,S_5,S_6,S_7,S_0,S_1,S_2,S_3,12) ;
-    SET_W_K_XFER(X0, 16) ;
-    MessageSched_RORX(X0, X1, X2, X3, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5, 
-            XFER, SHUF_00BA, SHUF_DC00, S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,16) ;
-    SET_W_K_XFER(X1, 20) ;
-    MessageSched_RORX(X1, X2, X3, X0, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5, 
-            XFER, SHUF_00BA, SHUF_DC00, S_4,S_5,S_6,S_7,S_0,S_1,S_2,S_3,20) ;
-    SET_W_K_XFER(X2, 24) ;
-    MessageSched_RORX(X2, X3, X0, X1, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5, 
-            XFER, SHUF_00BA, SHUF_DC00, S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,24) ;
-    SET_W_K_XFER(X3, 28) ;
-    MessageSched_RORX(X3, X0, X1, X2, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5, 
-            XFER, SHUF_00BA, SHUF_DC00, S_4,S_5,S_6,S_7,S_0,S_1,S_2,S_3,28) ;
-    SET_W_K_XFER(X0, 32) ;
-    MessageSched_RORX(X0, X1, X2, X3, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5, 
-            XFER, SHUF_00BA, SHUF_DC00, S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,32) ;
-    SET_W_K_XFER(X1, 36) ;
-    MessageSched_RORX(X1, X2, X3, X0, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5, 
-            XFER, SHUF_00BA, SHUF_DC00, S_4,S_5,S_6,S_7,S_0,S_1,S_2,S_3,36) ;
-    SET_W_K_XFER(X2, 40) ;
-    MessageSched_RORX(X2, X3, X0, X1, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5,
-            XFER, SHUF_00BA, SHUF_DC00, S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,40) ;
-    SET_W_K_XFER(X3, 44) ;
-    MessageSched_RORX(X3, X0, X1, X2, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5,
-            XFER, SHUF_00BA, SHUF_DC00, S_4,S_5,S_6,S_7,S_0,S_1,S_2,S_3,44) ;
-
-    SET_W_K_XFER(X0, 48) ;
-    SET_W_K_XFER(X1, 52) ;
-    SET_W_K_XFER(X2, 56) ;
-    SET_W_K_XFER(X3, 60) ;
-    
-    RND_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,48) ;
-    RND_7(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,49) ;
-    RND_6(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,50) ;
-    RND_5(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,51) ;
-
-    RND_4(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,52) ;
-    RND_3(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,53) ;
-    RND_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,54) ;
-    RND_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,55) ;
-
-    RND_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,56) ;     
-    RND_7(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,57) ;
-    RND_6(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,58) ;
-    RND_5(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,59) ;
-
-    RND_4(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,60) ;
-    RND_3(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,61) ;
-    RND_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,62) ;
-    RND_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,63) ;
-        
-    RegToDigest(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7) ;  
-        
-    #if defined(DEBUG_XMM)
-    for(i=0; i<29; i++) {
-        for(j=0; j<4*14; j+=4)
-            printf("xmm%d[%d]=%08x,%08x,%08x,%08x\n", j/4, i, 
-                    xmm[i][j],xmm[i][j+1],xmm[i][j+2],xmm[i][j+3]) ;
-        printf("\n") ;
-    }
-        
-    for(i=0; i<64; i++)printf("W_K[%d]%08x\n", i, W_K[i]) ;
-    #endif
-
-    return 0;
-}
-#endif  /* HAVE_INTEL_RORX */
-
-#endif  /* HAVE_INTEL_AVX1 */
-
-
-#if defined(HAVE_INTEL_AVX2)
-
-#define _MOVE_to_REG(ymm, mem)       __asm__ volatile("vmovdqu %0, %%"#ymm" ":: "m"(mem):YMM_REGs) ;
-#define _MOVE_to_MEM(mem, ymm)       __asm__ volatile("vmovdqu %%"#ymm", %0" : "=m"(mem)::YMM_REGs) ;
-#define _BYTE_SWAP(ymm, map)              __asm__ volatile("vpshufb %0, %%"#ymm", %%"#ymm"\n\t"\
-                                                       :: "m"(map):YMM_REGs) ;
-#define _MOVE_128(ymm0, ymm1, ymm2, map)   __asm__ volatile("vperm2i128  $"#map", %%"\
-                                  #ymm2", %%"#ymm1", %%"#ymm0" ":::YMM_REGs) ;
-#define _MOVE_BYTE(ymm0, ymm1, map)  __asm__ volatile("vpshufb %0, %%"#ymm1", %%"\
-                                  #ymm0"\n\t":: "m"(map):YMM_REGs) ;
-#define _S_TEMP(dest, src, bits, temp)    __asm__ volatile("vpsrld  $"#bits", %%"\
-         #src", %%"#dest"\n\tvpslld  $32-"#bits", %%"#src", %%"#temp"\n\tvpor %%"\
-         #temp",%%"#dest", %%"#dest" ":::YMM_REGs) ;
-#define _AVX2_R(dest, src, bits)          __asm__ volatile("vpsrld  $"#bits", %%"\
-                                  #src", %%"#dest" ":::YMM_REGs) ;
-#define _XOR(dest, src1, src2)       __asm__ volatile("vpxor   %%"#src1", %%"\
-         #src2", %%"#dest" ":::YMM_REGs) ;
-#define _OR(dest, src1, src2)       __asm__ volatile("vpor    %%"#src1", %%"\
-         #src2", %%"#dest" ":::YMM_REGs) ;
-#define _ADD(dest, src1, src2)       __asm__ volatile("vpaddd   %%"#src1", %%"\
-         #src2", %%"#dest" ":::YMM_REGs) ;
-#define _ADD_MEM(dest, src1, mem)    __asm__ volatile("vpaddd   %0, %%"#src1", %%"\
-         #dest" "::"m"(mem):YMM_REGs) ;
-#define _BLEND(map, dest, src1, src2)    __asm__ volatile("vpblendd    $"#map", %%"\
-         #src1",   %%"#src2", %%"#dest" ":::YMM_REGs) ;
-
-#define    _EXTRACT_XMM_0(xmm, mem)  __asm__ volatile("vpextrd $0, %%"#xmm", %0 ":"=r"(mem)::YMM_REGs) ;
-#define    _EXTRACT_XMM_1(xmm, mem)  __asm__ volatile("vpextrd $1, %%"#xmm", %0 ":"=r"(mem)::YMM_REGs) ;
-#define    _EXTRACT_XMM_2(xmm, mem)  __asm__ volatile("vpextrd $2, %%"#xmm", %0 ":"=r"(mem)::YMM_REGs) ;
-#define    _EXTRACT_XMM_3(xmm, mem)  __asm__ volatile("vpextrd $3, %%"#xmm", %0 ":"=r"(mem)::YMM_REGs) ;
-#define    _EXTRACT_XMM_4(ymm, xmm, mem)\
-      __asm__ volatile("vperm2i128 $0x1, %%"#ymm", %%"#ymm", %%"#ymm" ":::YMM_REGs) ;\
-      __asm__ volatile("vpextrd $0, %%"#xmm", %0 ":"=r"(mem)::YMM_REGs) ;
-#define    _EXTRACT_XMM_5(xmm, mem)  __asm__ volatile("vpextrd $1, %%"#xmm", %0 ":"=r"(mem)::YMM_REGs) ;
-#define    _EXTRACT_XMM_6(xmm, mem)  __asm__ volatile("vpextrd $2, %%"#xmm", %0 ":"=r"(mem)::YMM_REGs) ;
-#define    _EXTRACT_XMM_7(xmm, mem)  __asm__ volatile("vpextrd $3, %%"#xmm", %0 ":"=r"(mem)::YMM_REGs) ;
-
-#define    _SWAP_YMM_HL(ymm)   __asm__ volatile("vperm2i128 $0x1, %%"#ymm", %%"#ymm", %%"#ymm" ":::YMM_REGs) ;
-#define     SWAP_YMM_HL(ymm)   _SWAP_YMM_HL(ymm) 
-
-#define MOVE_to_REG(ymm, mem)      _MOVE_to_REG(ymm, mem)
-#define MOVE_to_MEM(mem, ymm)      _MOVE_to_MEM(mem, ymm)
-#define BYTE_SWAP(ymm, map)        _BYTE_SWAP(ymm, map)
-#define MOVE_128(ymm0, ymm1, ymm2, map) _MOVE_128(ymm0, ymm1, ymm2, map) 
-#define MOVE_BYTE(ymm0, ymm1, map) _MOVE_BYTE(ymm0, ymm1, map)
-#define XOR(dest, src1, src2)      _XOR(dest, src1, src2)
-#define OR(dest, src1, src2)       _OR(dest, src1, src2)
-#define ADD(dest, src1, src2)      _ADD(dest, src1, src2)
-#define ADD_MEM(dest, src1, mem)  _ADD_MEM(dest, src1, mem)
-#define BLEND(map, dest, src1, src2) _BLEND(map, dest, src1, src2)
-
-#define S_TMP(dest, src, bits, temp) _S_TEMP(dest, src, bits, temp); 
-#define AVX2_S(dest, src, bits)      S_TMP(dest, src, bits, S_TEMP)
-#define AVX2_R(dest, src, bits)      _AVX2_R(dest, src, bits)
-
-#define GAMMA0(dest, src)      AVX2_S(dest, src, 7);  AVX2_S(G_TEMP, src, 18); \
-    XOR(dest, G_TEMP, dest) ; AVX2_R(G_TEMP, src, 3);  XOR(dest, G_TEMP, dest) ;
-#define GAMMA0_1(dest, src)    AVX2_S(dest, src, 7);  AVX2_S(G_TEMP, src, 18); 
-#define GAMMA0_2(dest, src)    XOR(dest, G_TEMP, dest) ; AVX2_R(G_TEMP, src, 3);  \
-    XOR(dest, G_TEMP, dest) ;
-
-#define GAMMA1(dest, src)      AVX2_S(dest, src, 17); AVX2_S(G_TEMP, src, 19); \
-    XOR(dest, G_TEMP, dest) ; AVX2_R(G_TEMP, src, 10); XOR(dest, G_TEMP, dest) ;
-#define GAMMA1_1(dest, src)    AVX2_S(dest, src, 17); AVX2_S(G_TEMP, src, 19); 
-#define GAMMA1_2(dest, src)    XOR(dest, G_TEMP, dest) ; AVX2_R(G_TEMP, src, 10); \
-    XOR(dest, G_TEMP, dest) ;
-
-#define    FEEDBACK1_to_W_I_2    MOVE_BYTE(YMM_TEMP0, W_I, mMAP1toW_I_2[0]) ; \
-    BLEND(0x0c, W_I_2, YMM_TEMP0, W_I_2) ;
-#define    FEEDBACK2_to_W_I_2    MOVE_128(YMM_TEMP0, W_I, W_I, 0x08) ;  \
-    MOVE_BYTE(YMM_TEMP0, YMM_TEMP0, mMAP2toW_I_2[0]) ; BLEND(0x30, W_I_2, YMM_TEMP0, W_I_2) ; 
-#define    FEEDBACK3_to_W_I_2    MOVE_BYTE(YMM_TEMP0, W_I, mMAP3toW_I_2[0]) ; \
-    BLEND(0xc0, W_I_2, YMM_TEMP0, W_I_2) ; 
-
-#define    FEEDBACK_to_W_I_7     MOVE_128(YMM_TEMP0, W_I, W_I, 0x08) ;\
-    MOVE_BYTE(YMM_TEMP0, YMM_TEMP0, mMAPtoW_I_7[0]) ; BLEND(0x80, W_I_7, YMM_TEMP0, W_I_7) ;
-
-#undef voitle
-
-#define W_I_16  ymm8
-#define W_I_15  ymm9
-#define W_I_7  ymm10
-#define W_I_2  ymm11
-#define W_I    ymm12
-#define G_TEMP     ymm13
-#define S_TEMP     ymm14
-#define YMM_TEMP0  ymm15
-#define YMM_TEMP0x xmm15
-#define W_I_TEMP   ymm7
-#define W_K_TEMP   ymm15
-#define W_K_TEMPx  xmm15
-
-#define YMM_REGs /* Registers are saved in Sha256Update/Finel */
- /* "%ymm7","%ymm8","%ymm9","%ymm10","%ymm11","%ymm12","%ymm13","%ymm14","%ymm15"*/
-
-
-#define MOVE_15_to_16(w_i_16, w_i_15, w_i_7)\
-    __asm__ volatile("vperm2i128  $0x01, %%"#w_i_15", %%"#w_i_15", %%"#w_i_15" ":::YMM_REGs) ;\
-    __asm__ volatile("vpblendd    $0x08, %%"#w_i_15", %%"#w_i_7", %%"#w_i_16" ":::YMM_REGs) ;\
-    __asm__ volatile("vperm2i128 $0x01,  %%"#w_i_7",  %%"#w_i_7", %%"#w_i_15" ":::YMM_REGs) ;\
-    __asm__ volatile("vpblendd    $0x80, %%"#w_i_15", %%"#w_i_16", %%"#w_i_16" ":::YMM_REGs) ;\
-    __asm__ volatile("vpshufd    $0x93,  %%"#w_i_16", %%"#w_i_16" ":::YMM_REGs) ;\
-
-#define MOVE_7_to_15(w_i_15, w_i_7)\
-    __asm__ volatile("vmovdqu                 %%"#w_i_7",  %%"#w_i_15" ":::YMM_REGs) ;\
-
-#define MOVE_I_to_7(w_i_7, w_i)\
-    __asm__ volatile("vperm2i128 $0x01,       %%"#w_i",   %%"#w_i",   %%"#w_i_7" ":::YMM_REGs) ;\
-    __asm__ volatile("vpblendd    $0x01,       %%"#w_i_7",   %%"#w_i", %%"#w_i_7" ":::YMM_REGs) ;\
-    __asm__ volatile("vpshufd    $0x39, %%"#w_i_7", %%"#w_i_7" ":::YMM_REGs) ;\
-
-#define MOVE_I_to_2(w_i_2, w_i)\
-    __asm__ volatile("vperm2i128 $0x01,       %%"#w_i", %%"#w_i", %%"#w_i_2" ":::YMM_REGs) ;\
-    __asm__ volatile("vpshufd    $0x0e, %%"#w_i_2", %%"#w_i_2" ":::YMM_REGs) ;\
-
-#define ROTATE_W(w_i_16, w_i_15, w_i_7, w_i_2, w_i)\
-    MOVE_15_to_16(w_i_16, w_i_15, w_i_7) ; \
-    MOVE_7_to_15(w_i_15, w_i_7) ; \
-    MOVE_I_to_7(w_i_7, w_i) ; \
-    MOVE_I_to_2(w_i_2, w_i) ;\
-
-#define _RegToDigest(S_0, S_1, S_2, S_3, S_4, S_5, S_6, S_7 )\
-    { word32 d ;\
-    __asm__ volatile("movl %"#S_0", %0":"=r"(d)::SSE_REGs) ;\
-    sha256->digest[0] += d;\
-    __asm__ volatile("movl %"#S_1", %0":"=r"(d)::SSE_REGs) ;\
-    sha256->digest[1] += d;\
-    __asm__ volatile("movl %"#S_2", %0":"=r"(d)::SSE_REGs) ;\
-    sha256->digest[2] += d;\
-    __asm__ volatile("movl %"#S_3", %0":"=r"(d)::SSE_REGs) ;\
-    sha256->digest[3] += d;\
-    __asm__ volatile("movl %"#S_4", %0":"=r"(d)::SSE_REGs) ;\
-    sha256->digest[4] += d;\
-    __asm__ volatile("movl %"#S_5", %0":"=r"(d)::SSE_REGs) ;\
-    sha256->digest[5] += d;\
-    __asm__ volatile("movl %"#S_6", %0":"=r"(d)::SSE_REGs) ;\
-    sha256->digest[6] += d;\
-    __asm__ volatile("movl %"#S_7", %0":"=r"(d)::SSE_REGs) ;\
-    sha256->digest[7] += d;\
-}
-
-#define _DumpS(S_0, S_1, S_2, S_3, S_4, S_5, S_6, S_7 )\
-  { word32 d[8] ;\
-    __asm__ volatile("movl %"#S_0", %0":"=r"(d[0])::SSE_REGs) ;\
-    __asm__ volatile("movl %"#S_1", %0":"=r"(d[1])::SSE_REGs) ;\
-    __asm__ volatile("movl %"#S_2", %0":"=r"(d[2])::SSE_REGs) ;\
-    __asm__ volatile("movl %"#S_3", %0":"=r"(d[3])::SSE_REGs) ;\
-    __asm__ volatile("movl %"#S_4", %0":"=r"(d[4])::SSE_REGs) ;\
-    __asm__ volatile("movl %"#S_5", %0":"=r"(d[5])::SSE_REGs) ;\
-    __asm__ volatile("movl %"#S_6", %0":"=r"(d[6])::SSE_REGs) ;\
-    __asm__ volatile("movl %"#S_7", %0":"=r"(d[7])::SSE_REGs) ;\
-        printf("S[0..7]=%08x,%08x,%08x,%08x,%08x,%08x,%08x,%08x\n", d[0],d[1],d[2],d[3],d[4],d[5],d[6],d[7]);\
-    __asm__ volatile("movl %0, %"#S_0::"r"(d[0]):SSE_REGs) ;\
-    __asm__ volatile("movl %0, %"#S_1::"r"(d[1]):SSE_REGs) ;\
-    __asm__ volatile("movl %0, %"#S_2::"r"(d[2]):SSE_REGs) ;\
-    __asm__ volatile("movl %0, %"#S_3::"r"(d[3]):SSE_REGs) ;\
-    __asm__ volatile("movl %0, %"#S_4::"r"(d[4]):SSE_REGs) ;\
-    __asm__ volatile("movl %0, %"#S_5::"r"(d[5]):SSE_REGs) ;\
-    __asm__ volatile("movl %0, %"#S_6::"r"(d[6]):SSE_REGs) ;\
-    __asm__ volatile("movl %0, %"#S_7::"r"(d[7]):SSE_REGs) ;\
-}
-
-
-#define DigestToReg(S_0, S_1, S_2, S_3, S_4, S_5, S_6, S_7 )\
-    _DigestToReg(S_0, S_1, S_2, S_3, S_4, S_5, S_6, S_7 )
-
-#define RegToDigest(S_0, S_1, S_2, S_3, S_4, S_5, S_6, S_7 )\
-    _RegToDigest(S_0, S_1, S_2, S_3, S_4, S_5, S_6, S_7 )
-
-#define DumS(S_0, S_1, S_2, S_3, S_4, S_5, S_6, S_7 )\
-    _DumpS(S_0, S_1, S_2, S_3, S_4, S_5, S_6, S_7 )
-
-        
-    /* Byte swap Masks to ensure that rest of the words are filled with zero's. */
-    static const unsigned long mBYTE_FLIP_MASK_16[] =  
-        { 0x0405060700010203, 0x0c0d0e0f08090a0b, 0x0405060700010203, 0x0c0d0e0f08090a0b } ;
-    static const unsigned long mBYTE_FLIP_MASK_15[] =  
-        { 0x0405060700010203, 0x0c0d0e0f08090a0b, 0x0405060700010203, 0x0c0d0e0f08090a0b } ;
-    static const unsigned long mBYTE_FLIP_MASK_7 [] =  
-        { 0x0405060700010203, 0x0c0d0e0f08090a0b, 0x0405060700010203, 0x8080808008090a0b } ;
-    static const unsigned long mBYTE_FLIP_MASK_2 [] =  
-        { 0x0405060700010203, 0x8080808080808080, 0x8080808080808080, 0x8080808080808080 } ;
-
-    static const unsigned long mMAPtoW_I_7[] =  
-        { 0x8080808080808080, 0x8080808080808080, 0x8080808080808080, 0x0302010080808080 } ;
-    static const unsigned long mMAP1toW_I_2[] = 
-        { 0x8080808080808080, 0x0706050403020100, 0x8080808080808080, 0x8080808080808080 } ;
-    static const unsigned long mMAP2toW_I_2[] = 
-        { 0x8080808080808080, 0x8080808080808080, 0x0f0e0d0c0b0a0908, 0x8080808080808080 } ;
-    static const unsigned long mMAP3toW_I_2[] = 
-        { 0x8080808080808080, 0x8080808080808080, 0x8080808080808080, 0x0706050403020100 } ;
- 
-static int Transform_AVX2(Sha256* sha256)
-{
-
-    #ifdef WOLFSSL_SMALL_STACK
-        word32* W_K;
-        W_K = (word32*) XMALLOC(sizeof(word32) * 64, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-        if (W_K == NULL)
-            return MEMORY_E;
-    #else
-        word32 W_K[64]  ;
-    #endif
-
-    MOVE_to_REG(W_I_16, sha256->buffer[0]);     BYTE_SWAP(W_I_16, mBYTE_FLIP_MASK_16[0]) ;
-    MOVE_to_REG(W_I_15, sha256->buffer[1]);     BYTE_SWAP(W_I_15, mBYTE_FLIP_MASK_15[0]) ;
-    MOVE_to_REG(W_I,    sha256->buffer[8]) ;    BYTE_SWAP(W_I,    mBYTE_FLIP_MASK_16[0]) ;
-    MOVE_to_REG(W_I_7,  sha256->buffer[16-7]) ; BYTE_SWAP(W_I_7,  mBYTE_FLIP_MASK_7[0])  ;
-    MOVE_to_REG(W_I_2,  sha256->buffer[16-2]) ; BYTE_SWAP(W_I_2,  mBYTE_FLIP_MASK_2[0])  ;
-
-    DigestToReg(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7) ;
-
-    ADD_MEM(W_K_TEMP, W_I_16, K[0]) ;
-    MOVE_to_MEM(W_K[0], W_K_TEMP) ; 
-
-    RND_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,0) ;
-    RND_7(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,1) ;
-    RND_6(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,2) ;
-    RND_5(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,3) ;  
-    RND_4(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,4) ;
-    RND_3(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,5) ;
-    RND_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,6) ;
-    RND_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,7) ;
-
-    ADD_MEM(YMM_TEMP0, W_I, K[8]) ;
-    MOVE_to_MEM(W_K[8], YMM_TEMP0) ; 
-
-        /* W[i] = Gamma1(W[i-2]) + W[i-7] + Gamma0(W[i-15] + W[i-16]) */
-                RND_0_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,8) ;
-        GAMMA0_1(W_I_TEMP, W_I_15) ;
-                RND_0_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,8) ;
-        GAMMA0_2(W_I_TEMP, W_I_15) ;
-                RND_0_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,8) ;
-        ADD(W_I_TEMP, W_I_16, W_I_TEMP) ;/* for saving W_I before adding incomplete W_I_7 */
-                RND_7_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,9) ;
-        ADD(W_I, W_I_7, W_I_TEMP);
-                RND_7_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,9) ;
-        GAMMA1_1(YMM_TEMP0, W_I_2) ; 
-                RND_7_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,9) ;
-        GAMMA1_2(YMM_TEMP0, W_I_2) ; 
-                RND_6_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,10) ;
-        ADD(W_I, W_I, YMM_TEMP0) ;/* now W[16..17] are completed */
-                RND_6_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,10) ;
-        FEEDBACK1_to_W_I_2 ;
-                RND_6_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,10) ;
-        FEEDBACK_to_W_I_7 ; 
-                RND_5_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,11) ;
-        ADD(W_I_TEMP, W_I_7, W_I_TEMP);
-                RND_5_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,11) ;
-        GAMMA1_1(YMM_TEMP0, W_I_2) ; 
-                RND_5_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,11) ;
-        GAMMA1_2(YMM_TEMP0, W_I_2) ; 
-                RND_4_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,12) ;
-        ADD(W_I, W_I_TEMP, YMM_TEMP0) ;/* now W[16..19] are completed */
-                RND_4_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,12) ;
-        FEEDBACK2_to_W_I_2 ;
-                RND_4_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,12) ;
-        GAMMA1_1(YMM_TEMP0, W_I_2) ;
-                RND_3_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,13) ;
-        GAMMA1_2(YMM_TEMP0, W_I_2) ; 
-                RND_3_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,13) ;
-        ADD(W_I, W_I_TEMP, YMM_TEMP0) ; /* now W[16..21] are completed */
-                RND_3_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,13) ;
-        FEEDBACK3_to_W_I_2 ;
-                RND_2_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,14) ;
-        GAMMA1(YMM_TEMP0, W_I_2) ;
-                RND_2_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,14) ;
-                RND_2_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,14) ;
-        ADD(W_I, W_I_TEMP, YMM_TEMP0) ; /* now W[16..23] are completed */
-                RND_1_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,15) ;
-
-        MOVE_to_REG(YMM_TEMP0, K[16]) ;    
-                RND_1_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,15) ;
-        ROTATE_W(W_I_16, W_I_15, W_I_7, W_I_2, W_I) ;
-                RND_1_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,15) ;
-        ADD(YMM_TEMP0, YMM_TEMP0, W_I) ;
-        MOVE_to_MEM(W_K[16], YMM_TEMP0) ;
-
-        /* W[i] = Gamma1(W[i-2]) + W[i-7] + Gamma0(W[i-15] + W[i-16]) */
-                RND_0_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,16) ;
-        GAMMA0_1(W_I_TEMP, W_I_15) ;
-                RND_0_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,16) ;
-        GAMMA0_2(W_I_TEMP, W_I_15) ;
-                RND_0_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,16) ;
-        ADD(W_I_TEMP, W_I_16, W_I_TEMP) ;/* for saving W_I before adding incomplete W_I_7 */
-                RND_7_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,17) ;
-        ADD(W_I, W_I_7, W_I_TEMP);
-                RND_7_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,17) ;
-        GAMMA1_1(YMM_TEMP0, W_I_2) ; 
-                RND_7_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,17) ;
-        GAMMA1_2(YMM_TEMP0, W_I_2) ; 
-                RND_6_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,18) ;
-        ADD(W_I, W_I, YMM_TEMP0) ;/* now W[16..17] are completed */
-                RND_6_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,18) ;
-        FEEDBACK1_to_W_I_2 ;
-                RND_6_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,18) ;
-        FEEDBACK_to_W_I_7 ; 
-                RND_5_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,19) ;
-        ADD(W_I_TEMP, W_I_7, W_I_TEMP);
-                RND_5_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,19) ;
-        GAMMA1(YMM_TEMP0, W_I_2) ; 
-                RND_5_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,19) ;
-        GAMMA1_2(YMM_TEMP0, W_I_2) ; 
-                RND_4_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,20) ;
-        ADD(W_I, W_I_TEMP, YMM_TEMP0) ;/* now W[16..19] are completed */
-                RND_4_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,20) ;
-        FEEDBACK2_to_W_I_2 ;
-                RND_4_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,20) ;
-        GAMMA1_1(YMM_TEMP0, W_I_2) ;
-                RND_3_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,21) ;
-        GAMMA1_2(YMM_TEMP0, W_I_2) ; 
-                RND_3_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,21) ;
-        ADD(W_I, W_I_TEMP, YMM_TEMP0) ; /* now W[16..21] are completed */
-                RND_3_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,21) ;
-        FEEDBACK3_to_W_I_2 ;
-                RND_2_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,22) ;
-        GAMMA1_1(YMM_TEMP0, W_I_2) ;
-                RND_2_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,22) ;
-        GAMMA1_2(YMM_TEMP0, W_I_2) ; 
-                RND_2_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,22) ;
-        ADD(W_I, W_I_TEMP, YMM_TEMP0) ; /* now W[16..23] are completed */
-                RND_1_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,23) ;
-
-        MOVE_to_REG(YMM_TEMP0, K[24]) ;    
-                RND_1_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,23) ;
-        ROTATE_W(W_I_16, W_I_15, W_I_7, W_I_2, W_I) ;
-                RND_1_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,23) ;
-        ADD(YMM_TEMP0, YMM_TEMP0, W_I) ;
-        MOVE_to_MEM(W_K[24], YMM_TEMP0) ;
-
-                /* W[i] = Gamma1(W[i-2]) + W[i-7] + Gamma0(W[i-15] + W[i-16]) */
-                RND_0_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,24) ;
-        GAMMA0_1(W_I_TEMP, W_I_15) ;
-                RND_0_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,24) ;
-        GAMMA0_2(W_I_TEMP, W_I_15) ;
-                RND_0_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,24) ;
-        ADD(W_I_TEMP, W_I_16, W_I_TEMP) ;/* for saving W_I before adding incomplete W_I_7 */
-                RND_7_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,25) ;
-        ADD(W_I, W_I_7, W_I_TEMP);
-                RND_7_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,25) ;
-        GAMMA1_1(YMM_TEMP0, W_I_2) ; 
-                RND_7_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,25) ;
-        GAMMA1_2(YMM_TEMP0, W_I_2) ; 
-                RND_6_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,26) ;
-        ADD(W_I, W_I, YMM_TEMP0) ;/* now W[16..17] are completed */
-                RND_6_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,26) ;
-        FEEDBACK1_to_W_I_2 ;
-                RND_6_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,26) ;
-        FEEDBACK_to_W_I_7 ; 
-                RND_5_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,27) ;
-        ADD(W_I_TEMP, W_I_7, W_I_TEMP);
-                RND_5_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,27) ;
-        GAMMA1_1(YMM_TEMP0, W_I_2) ; 
-                RND_5_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,27) ;
-        GAMMA1_2(YMM_TEMP0, W_I_2) ; 
-                RND_4_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,28) ;
-        ADD(W_I, W_I_TEMP, YMM_TEMP0) ;/* now W[16..19] are completed */
-                RND_4_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,28) ;
-        FEEDBACK2_to_W_I_2 ;
-                RND_4_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,28) ;
-        GAMMA1_1(YMM_TEMP0, W_I_2) ;
-                RND_3_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,29) ;
-        GAMMA1_2(YMM_TEMP0, W_I_2) ; 
-                RND_3_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,29) ;
-        ADD(W_I, W_I_TEMP, YMM_TEMP0) ; /* now W[16..21] are completed */
-                RND_3_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,29) ;
-        FEEDBACK3_to_W_I_2 ;
-                RND_2_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,30) ;
-        GAMMA1(YMM_TEMP0, W_I_2) ;
-                RND_2_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,30) ;
-                RND_2_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,30) ;
-        ADD(W_I, W_I_TEMP, YMM_TEMP0) ; /* now W[16..23] are completed */
-                RND_1_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,31) ;
-
-        MOVE_to_REG(YMM_TEMP0, K[32]) ;    
-                RND_1_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,31) ;
-        ROTATE_W(W_I_16, W_I_15, W_I_7, W_I_2, W_I) ;
-                RND_1_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,31) ;
-        ADD(YMM_TEMP0, YMM_TEMP0, W_I) ;
-        MOVE_to_MEM(W_K[32], YMM_TEMP0) ;
-
-        
-                /* W[i] = Gamma1(W[i-2]) + W[i-7] + Gamma0(W[i-15] + W[i-16]) */
-                RND_0_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,32) ;
-        GAMMA0_1(W_I_TEMP, W_I_15) ;
-                RND_0_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,32) ;
-        GAMMA0_2(W_I_TEMP, W_I_15) ;
-                RND_0_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,32) ;
-        ADD(W_I_TEMP, W_I_16, W_I_TEMP) ;/* for saving W_I before adding incomplete W_I_7 */
-                RND_7_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,33) ;
-        ADD(W_I, W_I_7, W_I_TEMP);
-                RND_7_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,33) ;
-        GAMMA1_1(YMM_TEMP0, W_I_2) ;
-                RND_7_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,33) ;
-        GAMMA1_2(YMM_TEMP0, W_I_2) ; 
-                RND_6_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,34) ;
-        ADD(W_I, W_I, YMM_TEMP0) ;/* now W[16..17] are completed */
-                RND_6_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,34) ;
-        FEEDBACK1_to_W_I_2 ;
-                RND_6_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,34) ;
-        FEEDBACK_to_W_I_7 ; 
-                RND_5_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,35) ;
-        ADD(W_I_TEMP, W_I_7, W_I_TEMP);
-                RND_5_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,35) ;
-        GAMMA1_1(YMM_TEMP0, W_I_2) ;
-                RND_5_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,35) ;
-        GAMMA1_2(YMM_TEMP0, W_I_2) ;
-                RND_4_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,36) ;
-        ADD(W_I, W_I_TEMP, YMM_TEMP0) ;/* now W[16..19] are completed */
-                RND_4_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,36) ;
-        FEEDBACK2_to_W_I_2 ;
-                RND_4_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,36) ;
-        GAMMA1_1(YMM_TEMP0, W_I_2) ;
-                RND_3_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,37) ;
-        GAMMA1_2(YMM_TEMP0, W_I_2) ;
-                RND_3_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,37) ;
-        ADD(W_I, W_I_TEMP, YMM_TEMP0) ; /* now W[16..21] are completed */
-                RND_3_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,37) ;
-        FEEDBACK3_to_W_I_2 ;
-                RND_2_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,38) ;
-        GAMMA1_1(YMM_TEMP0, W_I_2) ;
-                RND_2_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,38) ;
-        GAMMA1_2(YMM_TEMP0, W_I_2) ;
-                RND_2_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,38) ;
-        ADD(W_I, W_I_TEMP, YMM_TEMP0) ; /* now W[16..23] are completed */
-                RND_1_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,39) ;
-
-        MOVE_to_REG(YMM_TEMP0, K[40]) ;    
-                RND_1_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,39) ;
-        ROTATE_W(W_I_16, W_I_15, W_I_7, W_I_2, W_I) ;
-                RND_1_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,39) ;
-        ADD(YMM_TEMP0, YMM_TEMP0, W_I) ;
-        MOVE_to_MEM(W_K[40], YMM_TEMP0) ;
-
-                /* W[i] = Gamma1(W[i-2]) + W[i-7] + Gamma0(W[i-15] + W[i-16]) */
-                RND_0_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,40) ;
-        GAMMA0_1(W_I_TEMP, W_I_15) ;
-                RND_0_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,40) ;
-        GAMMA0_2(W_I_TEMP, W_I_15) ;
-                RND_0_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,40) ;
-        ADD(W_I_TEMP, W_I_16, W_I_TEMP) ;/* for saving W_I before adding incomplete W_I_7 */
-                RND_7_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,41) ;
-        ADD(W_I, W_I_7, W_I_TEMP);
-                RND_7_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,41) ;
-        GAMMA1_1(YMM_TEMP0, W_I_2) ;
-                RND_7_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,41) ;
-        GAMMA1_2(YMM_TEMP0, W_I_2) ;
-                RND_6_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,42) ;
-        ADD(W_I, W_I, YMM_TEMP0) ;/* now W[16..17] are completed */
-                RND_6_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,42) ;
-        FEEDBACK1_to_W_I_2 ;
-                RND_6_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,42) ;
-        FEEDBACK_to_W_I_7 ; 
-                RND_5_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,43) ;
-        ADD(W_I_TEMP, W_I_7, W_I_TEMP);
-                RND_5_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,43) ;
-        GAMMA1_1(YMM_TEMP0, W_I_2) ; 
-                RND_5_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,43) ;
-        GAMMA1_2(YMM_TEMP0, W_I_2) ;
-                RND_4_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,44) ;
-        ADD(W_I, W_I_TEMP, YMM_TEMP0) ;/* now W[16..19] are completed */
-                RND_4_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,44) ;
-        FEEDBACK2_to_W_I_2 ;
-                RND_4_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,44) ;
-        GAMMA1_1(YMM_TEMP0, W_I_2) ;
-                RND_3_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,45) ;
-        GAMMA1_2(YMM_TEMP0, W_I_2) ;
-                RND_3_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,45) ;
-        ADD(W_I, W_I_TEMP, YMM_TEMP0) ; /* now W[16..21] are completed */
-                RND_3_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,45) ;
-        FEEDBACK3_to_W_I_2 ;
-                RND_2_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,46) ;
-        GAMMA1_1(YMM_TEMP0, W_I_2) ;
-                RND_2_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,46) ;
-        GAMMA1_2(YMM_TEMP0, W_I_2) ;
-                RND_2_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,46) ;
-        ADD(W_I, W_I_TEMP, YMM_TEMP0) ; /* now W[16..23] are completed */
-                RND_1_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,47) ;
-
-        MOVE_to_REG(YMM_TEMP0, K[48]) ;    
-                RND_1_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,47) ;
-        ROTATE_W(W_I_16, W_I_15, W_I_7, W_I_2, W_I) ;
-                RND_1_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,47) ;
-        ADD(YMM_TEMP0, YMM_TEMP0, W_I) ;
-        MOVE_to_MEM(W_K[48], YMM_TEMP0) ;
-        
-                /* W[i] = Gamma1(W[i-2]) + W[i-7] + Gamma0(W[i-15] + W[i-16]) */
-                RND_0_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,48) ;
-        GAMMA0_1(W_I_TEMP, W_I_15) ;
-                RND_0_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,48) ;
-        GAMMA0_2(W_I_TEMP, W_I_15) ;
-                RND_0_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,48) ;
-        ADD(W_I_TEMP, W_I_16, W_I_TEMP) ;/* for saving W_I before adding incomplete W_I_7 */
-                RND_7_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,49) ;
-        ADD(W_I, W_I_7, W_I_TEMP);
-                RND_7_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,49) ;
-        GAMMA1_1(YMM_TEMP0, W_I_2) ; 
-                RND_7_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,49) ;
-        GAMMA1_2(YMM_TEMP0, W_I_2) ;
-                RND_6_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,50) ;
-        ADD(W_I, W_I, YMM_TEMP0) ;/* now W[16..17] are completed */
-                RND_6_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,50) ;
-        FEEDBACK1_to_W_I_2 ;
-                RND_6_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,50) ;
-        FEEDBACK_to_W_I_7 ; 
-                RND_5_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,51) ;
-        ADD(W_I_TEMP, W_I_7, W_I_TEMP);
-                RND_5_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,51) ;
-        GAMMA1_1(YMM_TEMP0, W_I_2) ;
-                RND_5_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,51) ;
-        GAMMA1_2(YMM_TEMP0, W_I_2) ;
-                RND_4_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,52) ;
-        ADD(W_I, W_I_TEMP, YMM_TEMP0) ;/* now W[16..19] are completed */
-                RND_4_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,52) ;
-        FEEDBACK2_to_W_I_2 ;
-                RND_4_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,52) ;
-        GAMMA1_1(YMM_TEMP0, W_I_2) ;
-                RND_3_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,53) ;
-        GAMMA1_2(YMM_TEMP0, W_I_2) ;
-                RND_3_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,53) ;
-        ADD(W_I, W_I_TEMP, YMM_TEMP0) ; /* now W[16..21] are completed */
-                RND_3_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,53) ;
-        FEEDBACK3_to_W_I_2 ;
-                RND_2_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,54) ;
-        GAMMA1_1(YMM_TEMP0, W_I_2) ;
-                RND_2_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,54) ;
-        GAMMA1_2(YMM_TEMP0, W_I_2) ;
-                RND_2_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,54) ;
-        ADD(W_I, W_I_TEMP, YMM_TEMP0) ; /* now W[16..23] are completed */
-                RND_1_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,55) ;
-
-        MOVE_to_REG(YMM_TEMP0, K[56]) ;    
-                RND_1_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,55) ;
-        ROTATE_W(W_I_16, W_I_15, W_I_7, W_I_2, W_I) ;
-                RND_1_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,55) ;
-        ADD(YMM_TEMP0, YMM_TEMP0, W_I) ;
-        MOVE_to_MEM(W_K[56], YMM_TEMP0) ;        
-        
-        RND_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,56) ;
-        RND_7(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,57) ;
-        RND_6(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,58) ;
-        RND_5(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,59) ;
-
-        RND_4(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,60) ;
-        RND_3(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,61) ;
-        RND_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,62) ;
-        RND_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,63) ;
-
-    RegToDigest(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7) ;  
-
-    #ifdef WOLFSSL_SMALL_STACK
-        XFREE(W, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    #endif
-    
-    return 0;
-}
-
-#endif   /* HAVE_INTEL_AVX2 */
-#endif   /* HAVE_FIPS */
-
-#endif /* NO_SHA256 */
-
+/* sha256.c
+ *
+ * Copyright (C) 2006-2015 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL. (formerly known as CyaSSL)
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+/* code submitted by raphael.huck@efixo.com */
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/sha256.h>
+
+#if !defined(NO_SHA256)
+#ifdef HAVE_FIPS
+
+int wc_InitSha256(Sha256* sha)
+{
+    return InitSha256_fips(sha);
+}
+
+
+int wc_Sha256Update(Sha256* sha, const byte* data, word32 len)
+{
+    return Sha256Update_fips(sha, data, len);
+}
+
+
+int wc_Sha256Final(Sha256* sha, byte* out)
+{
+    return Sha256Final_fips(sha, out);
+}
+
+
+int wc_Sha256Hash(const byte* data, word32 len, byte* out)
+{
+    return Sha256Hash(data, len, out);
+}
+
+#else /* else build without fips */
+
+#if !defined(NO_SHA256) && !defined(WOLFSSL_TI_HASH)
+    /* defined in port/ti/ti_sha256.c */
+
+#if !defined (ALIGN32)
+    #if defined (__GNUC__)
+        #define ALIGN32 __attribute__ ( (aligned (32)))
+    #elif defined(_MSC_VER)
+        /* disable align warning, we want alignment ! */
+        #pragma warning(disable: 4324)
+        #define ALIGN32 __declspec (align (32))
+    #else
+        #define ALIGN32
+    #endif
+#endif
+
+#ifdef WOLFSSL_PIC32MZ_HASH
+#define wc_InitSha256   wc_InitSha256_sw
+#define wc_Sha256Update wc_Sha256Update_sw
+#define wc_Sha256Final  wc_Sha256Final_sw
+#endif
+
+#ifdef HAVE_FIPS
+    /* set NO_WRAPPERS before headers, use direct internal f()s not wrappers */
+    #define FIPS_NO_WRAPPERS
+#endif
+
+#if defined(USE_INTEL_SPEEDUP)
+#define HAVE_INTEL_AVX1
+#define HAVE_INTEL_AVX2
+
+#if defined(DEBUG_XMM)
+#include "stdio.h"
+#endif
+
+#endif
+
+#if defined(HAVE_INTEL_AVX2)
+#define HAVE_INTEL_RORX
+#endif
+ 
+
+/*****
+Intel AVX1/AVX2 Macro Control Structure
+
+#define HAVE_INTEL_AVX1
+#define HAVE_INTEL_AVX2
+
+#define HAVE_INTEL_RORX
+
+
+int InitSha256(Sha256* sha256) { 
+     Save/Recover XMM, YMM
+     ...
+}
+
+#if defined(HAVE_INTEL_AVX1)|| defined(HAVE_INTEL_AVX2)
+  Transform() ; Function prototype 
+#else
+  Transform() {   }
+  int Sha256Final() { 
+     Save/Recover XMM, YMM
+     ...
+  }
+#endif
+
+#if defined(HAVE_INTEL_AVX1)|| defined(HAVE_INTEL_AVX2)
+    #if defined(HAVE_INTEL_RORX
+         #define RND with rorx instuction
+    #else
+        #define RND
+    #endif
+#endif
+
+#if defined(HAVE_INTEL_AVX1)
+   
+   #define XMM Instructions/inline asm
+   
+   int Transform() {
+       Stitched Message Sched/Round
+    } 
+   
+#elif defined(HAVE_INTEL_AVX2)
+  
+  #define YMM Instructions/inline asm
+  
+  int Transform() {
+      More granural Stitched Message Sched/Round
+  }
+  
+*/
+
+
+#if defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)
+
+/* Each platform needs to query info type 1 from cpuid to see if aesni is
+ * supported. Also, let's setup a macro for proper linkage w/o ABI conflicts
+ */
+
+#ifndef _MSC_VER
+    #define cpuid(reg, leaf, sub)\
+            __asm__ __volatile__ ("cpuid":\
+             "=a" (reg[0]), "=b" (reg[1]), "=c" (reg[2]), "=d" (reg[3]) :\
+             "a" (leaf), "c"(sub));
+
+    #define XASM_LINK(f) asm(f)
+#else
+
+    #include <intrin.h>
+    #define cpuid(a,b) __cpuid((int*)a,b)
+
+    #define XASM_LINK(f)
+
+#endif /* _MSC_VER */
+
+#define EAX 0
+#define EBX 1
+#define ECX 2 
+#define EDX 3
+    
+#define CPUID_AVX1   0x1
+#define CPUID_AVX2   0x2
+#define CPUID_RDRAND 0x4
+#define CPUID_RDSEED 0x8
+#define CPUID_BMI2   0x10   /* MULX, RORX */
+
+#define IS_INTEL_AVX1       (cpuid_flags&CPUID_AVX1)
+#define IS_INTEL_AVX2       (cpuid_flags&CPUID_AVX2)
+#define IS_INTEL_BMI2       (cpuid_flags&CPUID_BMI2)
+#define IS_INTEL_RDRAND     (cpuid_flags&CPUID_RDRAND)
+#define IS_INTEL_RDSEED     (cpuid_flags&CPUID_RDSEED)
+
+static word32 cpuid_check = 0 ;
+static word32 cpuid_flags = 0 ;
+
+static word32 cpuid_flag(word32 leaf, word32 sub, word32 num, word32 bit) {
+    int got_intel_cpu=0;
+    unsigned int reg[5]; 
+    
+    reg[4] = '\0' ;
+    cpuid(reg, 0, 0);  
+    if(memcmp((char *)&(reg[EBX]), "Genu", 4) == 0 &&  
+                memcmp((char *)&(reg[EDX]), "ineI", 4) == 0 &&  
+                memcmp((char *)&(reg[ECX]), "ntel", 4) == 0) {  
+        got_intel_cpu = 1;  
+    }    
+    if (got_intel_cpu) {
+        cpuid(reg, leaf, sub);
+        return((reg[num]>>bit)&0x1) ;
+    }
+    return 0 ;
+}
+
+static int set_cpuid_flags(void) {  
+    if(cpuid_check==0) {
+        if(cpuid_flag(1, 0, ECX, 28)){ cpuid_flags |= CPUID_AVX1 ;}
+        if(cpuid_flag(7, 0, EBX, 5)){  cpuid_flags |= CPUID_AVX2 ; }
+        if(cpuid_flag(7, 0, EBX, 8)) { cpuid_flags |= CPUID_BMI2 ; }
+        if(cpuid_flag(1, 0, ECX, 30)){ cpuid_flags |= CPUID_RDRAND ;  } 
+        if(cpuid_flag(7, 0, EBX, 18)){ cpuid_flags |= CPUID_RDSEED ;  }
+        cpuid_check = 1 ;
+        return 0 ;
+    }
+    return 1 ;
+}
+
+
+/* #if defined(HAVE_INTEL_AVX1/2) at the tail of sha512 */
+static int Transform(Sha256* sha256);
+
+#if defined(HAVE_INTEL_AVX1)
+static int Transform_AVX1(Sha256 *sha256) ;
+#endif
+#if defined(HAVE_INTEL_AVX2)
+static int Transform_AVX2(Sha256 *sha256) ; 
+static int Transform_AVX1_RORX(Sha256 *sha256) ; 
+#endif
+
+static int (*Transform_p)(Sha256* sha256) /* = _Transform */;
+
+#define XTRANSFORM(sha256, B)  (*Transform_p)(sha256)
+
+static void set_Transform(void) {
+     if(set_cpuid_flags())return ;
+
+#if defined(HAVE_INTEL_AVX2)
+     if(IS_INTEL_AVX2 && IS_INTEL_BMI2){ 
+         Transform_p = Transform_AVX1_RORX; return ; 
+         Transform_p = Transform_AVX2      ; 
+                  /* for avoiding warning,"not used" */
+     }
+#endif
+#if defined(HAVE_INTEL_AVX1)
+     Transform_p = ((IS_INTEL_AVX1) ? Transform_AVX1 : Transform) ; return ;
+#endif
+     Transform_p = Transform ; return ;
+}
+
+#else
+   #if defined(FREESCALE_MMCAU)
+      #define XTRANSFORM(sha256, B) Transform(sha256, B)
+   #else
+      #define XTRANSFORM(sha256, B) Transform(sha256)
+   #endif
+#endif
+
+/* Dummy for saving MM_REGs on behalf of Transform */
+#if defined(HAVE_INTEL_AVX2)&& !defined(HAVE_INTEL_AVX1)
+#define  SAVE_XMM_YMM   __asm__ volatile("or %%r8d, %%r8d":::\
+  "%ymm4","%ymm5","%ymm6","%ymm7","%ymm8","%ymm9","%ymm10","%ymm11","%ymm12","%ymm13","%ymm14","%ymm15")
+#elif defined(HAVE_INTEL_AVX1)
+#define  SAVE_XMM_YMM   __asm__ volatile("or %%r8d, %%r8d":::\
+    "xmm0","xmm1","xmm2","xmm3","xmm4","xmm5","xmm6","xmm7","xmm8","xmm9","xmm10",\
+    "xmm11","xmm12","xmm13","xmm14","xmm15")
+#else
+#define  SAVE_XMM_YMM
+#endif
+
+#ifdef WOLFSSL_PIC32MZ_HASH
+#define InitSha256   InitSha256_sw
+#define Sha256Update Sha256Update_sw
+#define Sha256Final  Sha256Final_sw
+#endif
+
+#include <wolfssl/wolfcrypt/logging.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
+
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #include <wolfcrypt/src/misc.c>
+#endif
+
+#ifdef FREESCALE_MMCAU
+    #include "cau_api.h"
+#endif
+
+#ifndef WOLFSSL_HAVE_MIN
+#define WOLFSSL_HAVE_MIN
+
+    static INLINE word32 min(word32 a, word32 b)
+    {
+        return a > b ? b : a;
+    }
+
+#endif /* WOLFSSL_HAVE_MIN */
+
+
+int wc_InitSha256(Sha256* sha256)
+{
+    #ifdef FREESCALE_MMCAU
+        cau_sha256_initialize_output(sha256->digest);
+    #else
+        sha256->digest[0] = 0x6A09E667L;
+        sha256->digest[1] = 0xBB67AE85L;
+        sha256->digest[2] = 0x3C6EF372L;
+        sha256->digest[3] = 0xA54FF53AL;
+        sha256->digest[4] = 0x510E527FL;
+        sha256->digest[5] = 0x9B05688CL;
+        sha256->digest[6] = 0x1F83D9ABL;
+        sha256->digest[7] = 0x5BE0CD19L;
+    #endif
+
+    sha256->buffLen = 0;
+    sha256->loLen   = 0;
+    sha256->hiLen   = 0;
+    
+#if defined(HAVE_INTEL_AVX1)|| defined(HAVE_INTEL_AVX2)
+    set_Transform() ; /* choose best Transform function under this runtime environment */
+#endif
+
+    return 0;
+}
+
+
+#if !defined(FREESCALE_MMCAU)
+static const ALIGN32 word32 K[64] = {
+    0x428A2F98L, 0x71374491L, 0xB5C0FBCFL, 0xE9B5DBA5L, 0x3956C25BL,
+    0x59F111F1L, 0x923F82A4L, 0xAB1C5ED5L, 0xD807AA98L, 0x12835B01L,
+    0x243185BEL, 0x550C7DC3L, 0x72BE5D74L, 0x80DEB1FEL, 0x9BDC06A7L,
+    0xC19BF174L, 0xE49B69C1L, 0xEFBE4786L, 0x0FC19DC6L, 0x240CA1CCL,
+    0x2DE92C6FL, 0x4A7484AAL, 0x5CB0A9DCL, 0x76F988DAL, 0x983E5152L,
+    0xA831C66DL, 0xB00327C8L, 0xBF597FC7L, 0xC6E00BF3L, 0xD5A79147L,
+    0x06CA6351L, 0x14292967L, 0x27B70A85L, 0x2E1B2138L, 0x4D2C6DFCL,
+    0x53380D13L, 0x650A7354L, 0x766A0ABBL, 0x81C2C92EL, 0x92722C85L,
+    0xA2BFE8A1L, 0xA81A664BL, 0xC24B8B70L, 0xC76C51A3L, 0xD192E819L,
+    0xD6990624L, 0xF40E3585L, 0x106AA070L, 0x19A4C116L, 0x1E376C08L,
+    0x2748774CL, 0x34B0BCB5L, 0x391C0CB3L, 0x4ED8AA4AL, 0x5B9CCA4FL,
+    0x682E6FF3L, 0x748F82EEL, 0x78A5636FL, 0x84C87814L, 0x8CC70208L,
+    0x90BEFFFAL, 0xA4506CEBL, 0xBEF9A3F7L, 0xC67178F2L
+};
+
+#endif
+
+#if defined(FREESCALE_MMCAU)
+
+static int Transform(Sha256* sha256, byte* buf)
+{
+    cau_sha256_hash_n(buf, 1, sha256->digest);
+
+    return 0;
+}
+
+#endif /* FREESCALE_MMCAU */
+
+#define Ch(x,y,z)       ((z) ^ ((x) & ((y) ^ (z))))
+#define Maj(x,y,z)      ((((x) | (y)) & (z)) | ((x) & (y)))
+#define R(x, n)         (((x)&0xFFFFFFFFU)>>(n))
+
+#define S(x, n)         rotrFixed(x, n)
+#define Sigma0(x)       (S(x, 2) ^ S(x, 13) ^ S(x, 22))
+#define Sigma1(x)       (S(x, 6) ^ S(x, 11) ^ S(x, 25))
+#define Gamma0(x)       (S(x, 7) ^ S(x, 18) ^ R(x, 3))
+#define Gamma1(x)       (S(x, 17) ^ S(x, 19) ^ R(x, 10))
+
+#define RND(a,b,c,d,e,f,g,h,i) \
+     t0 = (h) + Sigma1((e)) + Ch((e), (f), (g)) + K[(i)] + W[(i)]; \
+     t1 = Sigma0((a)) + Maj((a), (b), (c)); \
+     (d) += t0; \
+     (h)  = t0 + t1;
+
+#if !defined(FREESCALE_MMCAU)
+static int Transform(Sha256* sha256)
+{
+    word32 S[8], t0, t1;
+    int i;
+
+#ifdef WOLFSSL_SMALL_STACK
+    word32* W;
+
+    W = (word32*) XMALLOC(sizeof(word32) * 64, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    if (W == NULL)
+        return MEMORY_E;
+#else
+    word32 W[64];
+#endif
+
+    /* Copy context->state[] to working vars */
+    for (i = 0; i < 8; i++)
+        S[i] = sha256->digest[i];
+
+    for (i = 0; i < 16; i++)
+        W[i] = sha256->buffer[i];
+
+    for (i = 16; i < 64; i++)
+        W[i] = Gamma1(W[i-2]) + W[i-7] + Gamma0(W[i-15]) + W[i-16];
+
+    for (i = 0; i < 64; i += 8) {
+        RND(S[0],S[1],S[2],S[3],S[4],S[5],S[6],S[7],i+0);
+        RND(S[7],S[0],S[1],S[2],S[3],S[4],S[5],S[6],i+1);
+        RND(S[6],S[7],S[0],S[1],S[2],S[3],S[4],S[5],i+2);
+        RND(S[5],S[6],S[7],S[0],S[1],S[2],S[3],S[4],i+3);
+        RND(S[4],S[5],S[6],S[7],S[0],S[1],S[2],S[3],i+4);
+        RND(S[3],S[4],S[5],S[6],S[7],S[0],S[1],S[2],i+5);
+        RND(S[2],S[3],S[4],S[5],S[6],S[7],S[0],S[1],i+6);
+        RND(S[1],S[2],S[3],S[4],S[5],S[6],S[7],S[0],i+7);
+    }
+
+    /* Add the working vars back into digest state[] */
+    for (i = 0; i < 8; i++) {
+        sha256->digest[i] += S[i];
+    }
+
+#ifdef WOLFSSL_SMALL_STACK
+    XFREE(W, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+
+    return 0;
+}
+
+#endif /* #if !defined(FREESCALE_MMCAU) */
+
+static INLINE void AddLength(Sha256* sha256, word32 len)
+{
+    word32 tmp = sha256->loLen;
+    if ( (sha256->loLen += len) < tmp)
+        sha256->hiLen++;                       /* carry low to high */
+}
+
+int wc_Sha256Update(Sha256* sha256, const byte* data, word32 len)
+{
+
+    /* do block size increments */
+    byte* local = (byte*)sha256->buffer;
+
+    SAVE_XMM_YMM ; /* for Intel AVX */
+
+    while (len) {
+        word32 add = min(len, SHA256_BLOCK_SIZE - sha256->buffLen);
+        XMEMCPY(&local[sha256->buffLen], data, add);
+
+        sha256->buffLen += add;
+        data            += add;
+        len             -= add;
+
+        if (sha256->buffLen == SHA256_BLOCK_SIZE) {
+            int ret;
+
+            #if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU)
+                #if defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)
+                if(!IS_INTEL_AVX1 && !IS_INTEL_AVX2)
+                #endif
+                ByteReverseWords(sha256->buffer, sha256->buffer,
+                                 SHA256_BLOCK_SIZE);
+            #endif
+            ret = XTRANSFORM(sha256, local);
+            if (ret != 0)
+                return ret;
+
+            AddLength(sha256, SHA256_BLOCK_SIZE);
+            sha256->buffLen = 0;
+        }
+    }
+
+    return 0;
+}
+
+int wc_Sha256Final(Sha256* sha256, byte* hash)
+{
+    byte* local = (byte*)sha256->buffer;
+    int ret;
+    
+    SAVE_XMM_YMM ; /* for Intel AVX */
+
+    AddLength(sha256, sha256->buffLen);  /* before adding pads */
+
+    local[sha256->buffLen++] = 0x80;     /* add 1 */
+
+    /* pad with zeros */
+    if (sha256->buffLen > SHA256_PAD_SIZE) {
+        XMEMSET(&local[sha256->buffLen], 0, SHA256_BLOCK_SIZE - sha256->buffLen);
+        sha256->buffLen += SHA256_BLOCK_SIZE - sha256->buffLen;
+
+        #if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU)
+            #if defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)
+            if(!IS_INTEL_AVX1 && !IS_INTEL_AVX2)
+            #endif
+            ByteReverseWords(sha256->buffer, sha256->buffer, SHA256_BLOCK_SIZE);
+        #endif
+
+        ret = XTRANSFORM(sha256, local);
+        if (ret != 0)
+            return ret;
+
+        sha256->buffLen = 0;
+    }
+    XMEMSET(&local[sha256->buffLen], 0, SHA256_PAD_SIZE - sha256->buffLen);
+
+    /* put lengths in bits */
+    sha256->hiLen = (sha256->loLen >> (8*sizeof(sha256->loLen) - 3)) +
+                 (sha256->hiLen << 3);
+    sha256->loLen = sha256->loLen << 3;
+
+    /* store lengths */
+    #if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU)
+        #if defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)
+        if(!IS_INTEL_AVX1 && !IS_INTEL_AVX2)
+        #endif
+            ByteReverseWords(sha256->buffer, sha256->buffer, SHA256_BLOCK_SIZE);
+    #endif
+    /* ! length ordering dependent on digest endian type ! */
+    XMEMCPY(&local[SHA256_PAD_SIZE], &sha256->hiLen, sizeof(word32));
+    XMEMCPY(&local[SHA256_PAD_SIZE + sizeof(word32)], &sha256->loLen,
+            sizeof(word32));
+
+    #if defined(FREESCALE_MMCAU) || defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)
+        /* Kinetis requires only these bytes reversed */
+        #if defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)
+        if(IS_INTEL_AVX1 || IS_INTEL_AVX2)
+        #endif
+        ByteReverseWords(&sha256->buffer[SHA256_PAD_SIZE/sizeof(word32)],
+                         &sha256->buffer[SHA256_PAD_SIZE/sizeof(word32)],
+                         2 * sizeof(word32));
+    #endif
+
+    ret = XTRANSFORM(sha256, local);
+    if (ret != 0)
+        return ret;
+
+    #if defined(LITTLE_ENDIAN_ORDER)
+        ByteReverseWords(sha256->digest, sha256->digest, SHA256_DIGEST_SIZE);
+    #endif
+    XMEMCPY(hash, sha256->digest, SHA256_DIGEST_SIZE);
+
+    return wc_InitSha256(sha256);  /* reset state */
+}
+
+
+
+int wc_Sha256Hash(const byte* data, word32 len, byte* hash)
+{
+    int ret = 0;
+#ifdef WOLFSSL_SMALL_STACK
+    Sha256* sha256;
+#else
+    Sha256 sha256[1];
+#endif
+
+#ifdef WOLFSSL_SMALL_STACK
+    sha256 = (Sha256*)XMALLOC(sizeof(Sha256), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    if (sha256 == NULL)
+        return MEMORY_E;
+#endif
+
+    if ((ret = wc_InitSha256(sha256)) != 0) {
+        WOLFSSL_MSG("InitSha256 failed");
+    }
+    else if ((ret = wc_Sha256Update(sha256, data, len)) != 0) {
+        WOLFSSL_MSG("Sha256Update failed");
+    }
+    else if ((ret = wc_Sha256Final(sha256, hash)) != 0) {
+        WOLFSSL_MSG("Sha256Final failed");
+    }
+
+#ifdef WOLFSSL_SMALL_STACK
+    XFREE(sha256, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+
+    return ret;
+}
+
+#ifdef WOLFSSL_TI_HASH
+#include "wolfssl/wolfcrypt/port/ti/ti-hash.h"
+#endif
+int wc_Sha256GetHash(Sha256* sha256, byte* hash)
+{
+#if defined(WOLFSS_TI_HASH)
+    return wc_Sha256GetHash_TI(sha256, hash) ;
+#else
+    int ret ;
+    Sha256 save = *sha256 ;
+    ret = wc_Sha256Final(sha256, hash) ;
+    *sha256 = save ;
+    return ret ;
+#endif
+}
+
+#if defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)
+
+#define _DigestToReg(S_0, S_1, S_2, S_3, S_4, S_5, S_6, S_7 )\
+    { word32 d ;\
+    d = sha256->digest[0]; __asm__ volatile("movl %0, %"#S_0::"r"(d):SSE_REGs) ;\
+    d = sha256->digest[1]; __asm__ volatile("movl %0, %"#S_1::"r"(d):SSE_REGs) ;\
+    d = sha256->digest[2]; __asm__ volatile("movl %0, %"#S_2::"r"(d):SSE_REGs) ;\
+    d = sha256->digest[3]; __asm__ volatile("movl %0, %"#S_3::"r"(d):SSE_REGs) ;\
+    d = sha256->digest[4]; __asm__ volatile("movl %0, %"#S_4::"r"(d):SSE_REGs) ;\
+    d = sha256->digest[5]; __asm__ volatile("movl %0, %"#S_5::"r"(d):SSE_REGs) ;\
+    d = sha256->digest[6]; __asm__ volatile("movl %0, %"#S_6::"r"(d):SSE_REGs) ;\
+    d = sha256->digest[7]; __asm__ volatile("movl %0, %"#S_7::"r"(d):SSE_REGs) ;\
+}
+
+#define _RegToDigest(S_0, S_1, S_2, S_3, S_4, S_5, S_6, S_7 )\
+    { word32 d ; \
+    __asm__ volatile("movl %"#S_0", %0":"=r"(d)::SSE_REGs) ; sha256->digest[0] += d;\
+    __asm__ volatile("movl %"#S_1", %0":"=r"(d)::SSE_REGs) ; sha256->digest[1] += d;\
+    __asm__ volatile("movl %"#S_2", %0":"=r"(d)::SSE_REGs) ; sha256->digest[2] += d;\
+    __asm__ volatile("movl %"#S_3", %0":"=r"(d)::SSE_REGs) ; sha256->digest[3] += d;\
+    __asm__ volatile("movl %"#S_4", %0":"=r"(d)::SSE_REGs) ; sha256->digest[4] += d;\
+    __asm__ volatile("movl %"#S_5", %0":"=r"(d)::SSE_REGs) ; sha256->digest[5] += d;\
+    __asm__ volatile("movl %"#S_6", %0":"=r"(d)::SSE_REGs) ; sha256->digest[6] += d;\
+    __asm__ volatile("movl %"#S_7", %0":"=r"(d)::SSE_REGs) ; sha256->digest[7] += d;\
+}
+
+
+#define DigestToReg(S_0, S_1, S_2, S_3, S_4, S_5, S_6, S_7 )\
+    _DigestToReg(S_0, S_1, S_2, S_3, S_4, S_5, S_6, S_7 )
+
+#define RegToDigest(S_0, S_1, S_2, S_3, S_4, S_5, S_6, S_7 )\
+    _RegToDigest(S_0, S_1, S_2, S_3, S_4, S_5, S_6, S_7 )
+
+
+
+
+#define S_0 %r15d 
+#define S_1 %r10d
+#define S_2 %r11d       
+#define S_3 %r12d
+#define S_4 %r13d
+#define S_5 %r14d
+#define S_6 %ebx
+#define S_7 %r9d
+
+#define SSE_REGs "%edi", "%ecx", "%esi", "%edx", "%ebx","%r8","%r9","%r10","%r11","%r12","%r13","%r14","%r15"
+
+#if defined(HAVE_INTEL_RORX)
+#define RND_STEP_RORX_1(a,b,c,d,e,f,g,h,i)\
+__asm__ volatile("rorx  $6, %"#e", %%edx\n\t":::"%edx",SSE_REGs);  /* edx = e>>6 */\
+
+#define RND_STEP_RORX_2(a,b,c,d,e,f,g,h,i)\
+__asm__ volatile("rorx  $11, %"#e",%%edi\n\t":::"%edi",SSE_REGs); /* edi = e>>11  */\
+__asm__ volatile("xorl  %%edx, %%edi\n\t":::"%edx","%edi",SSE_REGs); /* edi = (e>>11) ^ (e>>6)  */\
+__asm__ volatile("rorx  $25, %"#e", %%edx\n\t":::"%edx",SSE_REGs);   /* edx = e>>25             */\
+
+#define RND_STEP_RORX_3(a,b,c,d,e,f,g,h,i)\
+__asm__ volatile("movl  %"#f", %%esi\n\t":::"%esi",SSE_REGs);  /* esi = f   */\
+__asm__ volatile("xorl  %"#g", %%esi\n\t":::"%esi",SSE_REGs);  /* esi = f ^ g  */\
+__asm__ volatile("xorl  %%edi, %%edx\n\t":::"%edi","%edx",SSE_REGs);  /* edx = Sigma1(e)  */\
+__asm__ volatile("andl  %"#e", %%esi\n\t":::"%esi",SSE_REGs);  /* esi = (f ^ g) & e       */\
+__asm__ volatile("xorl  %"#g", %%esi\n\t":::"%esi",SSE_REGs);  /* esi = Ch(e,f,g)         */\
+
+#define RND_STEP_RORX_4(a,b,c,d,e,f,g,h,i)\
+/*__asm__ volatile("movl    %0, %%edx\n\t"::"m"(w_k):"%edx");*/\
+__asm__ volatile("addl  %0, %"#h"\n\t"::"r"(W_K[i]):SSE_REGs);    /* h += w_k  */\
+__asm__ volatile("addl  %%edx, %"#h"\n\t":::"%edx",SSE_REGs);     /* h = h + w_k + Sigma1(e) */\
+__asm__ volatile("rorx  $2, %"#a", %%r8d\n\t":::"%r8",SSE_REGs);  /* r8d = a>>2   */\
+__asm__ volatile("rorx  $13, %"#a", %%edi\n\t":::"%edi",SSE_REGs);/* edi = a>>13  */\
+
+#define RND_STEP_RORX_5(a,b,c,d,e,f,g,h,i)\
+__asm__ volatile("rorx  $22, %"#a", %%edx\n\t":::"%edx",SSE_REGs); /* edx = a>>22 */\
+__asm__ volatile("xorl  %%r8d, %%edi\n\t":::"%edi","%r8",SSE_REGs);/* edi = (a>>2) ^ (a>>13)  */\
+__asm__ volatile("xorl  %%edi, %%edx\n\t":::"%edi","%edx",SSE_REGs);  /* edx = Sigma0(a)      */\
+ 
+#define RND_STEP_RORX_6(a,b,c,d,e,f,g,h,i)\
+__asm__ volatile("movl  %"#b", %%edi\n\t":::"%edi",SSE_REGs);  /* edi = b          */\
+__asm__ volatile("orl   %"#a", %%edi\n\t":::"%edi",SSE_REGs);  /* edi = a | b      */\
+__asm__ volatile("andl  %"#c", %%edi\n\t":::"%edi",SSE_REGs);  /* edi = (a | b) & c*/\
+__asm__ volatile("movl  %"#b", %%r8d\n\t":::"%r8",SSE_REGs);  /* r8d = b           */\
+
+#define RND_STEP_RORX_7(a,b,c,d,e,f,g,h,i)\
+__asm__ volatile("addl  %%esi, %"#h"\n\t":::"%esi",SSE_REGs);  /* h += Ch(e,f,g)   */\
+__asm__ volatile("andl  %"#a", %%r8d\n\t":::"%r8",SSE_REGs);  /* r8d = b & a       */\
+__asm__ volatile("orl   %%edi, %%r8d\n\t":::"%edi","%r8",SSE_REGs); /* r8d = Maj(a,b,c) */\
+
+#define RND_STEP_RORX_8(a,b,c,d,e,f,g,h,i)\
+__asm__ volatile("addl  "#h", "#d"\n\t");  /* d += h + w_k + Sigma1(e) + Ch(e,f,g) */\
+__asm__ volatile("addl  %"#h", %%r8d\n\t":::"%r8",SSE_REGs); \
+__asm__ volatile("addl  %%edx, %%r8d\n\t":::"%edx","%r8",SSE_REGs); \
+__asm__ volatile("movl  %r8d, "#h"\n\t");   
+
+#endif
+
+#define RND_STEP_1(a,b,c,d,e,f,g,h,i)\
+__asm__ volatile("movl  %"#e", %%edx\n\t":::"%edx",SSE_REGs);\
+__asm__ volatile("roll  $26, %%edx\n\t":::"%edx",SSE_REGs);  /* edx = e>>6     */\
+__asm__ volatile("movl  %"#e", %%edi\n\t":::"%edi",SSE_REGs);\
+
+#define RND_STEP_2(a,b,c,d,e,f,g,h,i)\
+__asm__ volatile("roll  $21, %%edi\n\t":::"%edi",SSE_REGs);         /* edi = e>>11 */\
+__asm__ volatile("xorl  %%edx, %%edi\n\t":::"%edx","%edi",SSE_REGs); /* edi = (e>>11) ^ (e>>6)  */\
+__asm__ volatile("movl  %"#e", %%edx\n\t":::"%edx",SSE_REGs);   /* edx = e      */\
+__asm__ volatile("roll  $7, %%edx\n\t":::"%edx",SSE_REGs);      /* edx = e>>25  */\
+
+#define RND_STEP_3(a,b,c,d,e,f,g,h,i)\
+__asm__ volatile("movl  %"#f", %%esi\n\t":::"%esi",SSE_REGs);  /* esi = f       */\
+__asm__ volatile("xorl  %"#g", %%esi\n\t":::"%esi",SSE_REGs);  /* esi = f ^ g   */\
+__asm__ volatile("xorl  %%edi, %%edx\n\t":::"%edi","%edx",SSE_REGs); /* edx = Sigma1(e) */\
+__asm__ volatile("andl  %"#e", %%esi\n\t":::"%esi",SSE_REGs);  /* esi = (f ^ g) & e  */\
+__asm__ volatile("xorl  %"#g", %%esi\n\t":::"%esi",SSE_REGs);  /* esi = Ch(e,f,g)    */\
+
+#define RND_STEP_4(a,b,c,d,e,f,g,h,i)\
+__asm__ volatile("addl  %0, %"#h"\n\t"::"r"(W_K[i]):SSE_REGs); /* h += w_k  */\
+__asm__ volatile("addl  %%edx, %"#h"\n\t":::"%edx",SSE_REGs); /* h = h + w_k + Sigma1(e) */\
+__asm__ volatile("movl  %"#a", %%r8d\n\t":::"%r8",SSE_REGs);  /* r8d = a    */\
+__asm__ volatile("roll  $30, %%r8d\n\t":::"%r8",SSE_REGs);    /* r8d = a>>2 */\
+__asm__ volatile("movl  %"#a", %%edi\n\t":::"%edi",SSE_REGs);  /* edi = a   */\
+__asm__ volatile("roll  $19, %%edi\n\t":::"%edi",SSE_REGs);    /* edi = a>>13 */\
+__asm__ volatile("movl  %"#a", %%edx\n\t":::"%edx",SSE_REGs);  /* edx = a     */\
+
+#define RND_STEP_5(a,b,c,d,e,f,g,h,i)\
+__asm__ volatile("roll  $10, %%edx\n\t":::"%edx",SSE_REGs);    /* edx = a>>22 */\
+__asm__ volatile("xorl  %%r8d, %%edi\n\t":::"%edi","%r8",SSE_REGs); /* edi = (a>>2) ^ (a>>13)  */\
+__asm__ volatile("xorl  %%edi, %%edx\n\t":::"%edi","%edx",SSE_REGs);/* edx = Sigma0(a)         */\
+
+#define RND_STEP_6(a,b,c,d,e,f,g,h,i)\
+__asm__ volatile("movl  %"#b", %%edi\n\t":::"%edi",SSE_REGs);  /* edi = b      */\
+__asm__ volatile("orl   %"#a", %%edi\n\t":::"%edi",SSE_REGs);  /* edi = a | b  */\
+__asm__ volatile("andl  %"#c", %%edi\n\t":::"%edi",SSE_REGs);  /* edi = (a | b) & c */\
+__asm__ volatile("movl  %"#b", %%r8d\n\t":::"%r8",SSE_REGs);  /* r8d = b       */\
+
+#define RND_STEP_7(a,b,c,d,e,f,g,h,i)\
+__asm__ volatile("addl  %%esi, %"#h"\n\t":::"%esi",SSE_REGs);  /* h += Ch(e,f,g)        */\
+__asm__ volatile("andl  %"#a", %%r8d\n\t":::"%r8",SSE_REGs);  /* r8d = b & a            */\
+__asm__ volatile("orl   %%edi, %%r8d\n\t":::"%edi","%r8",SSE_REGs); /* r8d = Maj(a,b,c) */\
+
+#define RND_STEP_8(a,b,c,d,e,f,g,h,i)\
+__asm__ volatile("addl  "#h", "#d"\n\t");  /* d += h + w_k + Sigma1(e) + Ch(e,f,g) */\
+__asm__ volatile("addl  %"#h", %%r8d\n\t":::"%r8",SSE_REGs); \
+                 /* r8b = h + w_k + Sigma1(e) + Ch(e,f,g) + Maj(a,b,c) */\
+__asm__ volatile("addl  %%edx, %%r8d\n\t":::"%edx","%r8",SSE_REGs);\
+                 /* r8b = h + w_k + Sigma1(e) Sigma0(a) + Ch(e,f,g) + Maj(a,b,c)     */\
+__asm__ volatile("movl  %%r8d, %"#h"\n\t":::"%r8", SSE_REGs); \
+                 /* h = h + w_k + Sigma1(e) + Sigma0(a) + Ch(e,f,g) + Maj(a,b,c) */ \
+
+#define RND_X(a,b,c,d,e,f,g,h,i) \
+       RND_STEP_1(a,b,c,d,e,f,g,h,i); \
+       RND_STEP_2(a,b,c,d,e,f,g,h,i); \
+       RND_STEP_3(a,b,c,d,e,f,g,h,i); \
+       RND_STEP_4(a,b,c,d,e,f,g,h,i); \
+       RND_STEP_5(a,b,c,d,e,f,g,h,i); \
+       RND_STEP_6(a,b,c,d,e,f,g,h,i); \
+       RND_STEP_7(a,b,c,d,e,f,g,h,i); \
+       RND_STEP_8(a,b,c,d,e,f,g,h,i); 
+
+#define RND_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_X(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i);
+#define RND_7(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_X(S_7,S_0,S_1,S_2,S_3,S_4,S_5,S_6,_i);
+#define RND_6(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_X(S_6,S_7,S_0,S_1,S_2,S_3,S_4,S_5,_i);
+#define RND_5(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_X(S_5,S_6,S_7,S_0,S_1,S_2,S_3,S_4,_i);
+#define RND_4(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_X(S_4,S_5,S_6,S_7,S_0,S_1,S_2,S_3,_i);
+#define RND_3(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_X(S_3,S_4,S_5,S_6,S_7,S_0,S_1,S_2,_i);
+#define RND_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_X(S_2,S_3,S_4,S_5,S_6,S_7,S_0,S_1,_i);
+#define RND_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_X(S_1,S_2,S_3,S_4,S_5,S_6,S_7,S_0,_i);
+
+
+#define RND_1_3(a,b,c,d,e,f,g,h,i) {\
+       RND_STEP_1(a,b,c,d,e,f,g,h,i); \
+       RND_STEP_2(a,b,c,d,e,f,g,h,i); \
+       RND_STEP_3(a,b,c,d,e,f,g,h,i); \
+}
+
+#define RND_4_6(a,b,c,d,e,f,g,h,i) {\
+       RND_STEP_4(a,b,c,d,e,f,g,h,i); \
+       RND_STEP_5(a,b,c,d,e,f,g,h,i); \
+       RND_STEP_6(a,b,c,d,e,f,g,h,i); \
+}
+
+#define RND_7_8(a,b,c,d,e,f,g,h,i) {\
+       RND_STEP_7(a,b,c,d,e,f,g,h,i); \
+       RND_STEP_8(a,b,c,d,e,f,g,h,i); \
+}
+
+#define RND_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_X(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i);
+#define RND_7(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_X(S_7,S_0,S_1,S_2,S_3,S_4,S_5,S_6,_i);
+#define RND_6(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_X(S_6,S_7,S_0,S_1,S_2,S_3,S_4,S_5,_i);
+#define RND_5(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_X(S_5,S_6,S_7,S_0,S_1,S_2,S_3,S_4,_i);
+#define RND_4(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_X(S_4,S_5,S_6,S_7,S_0,S_1,S_2,S_3,_i);
+#define RND_3(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_X(S_3,S_4,S_5,S_6,S_7,S_0,S_1,S_2,_i);
+#define RND_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_X(S_2,S_3,S_4,S_5,S_6,S_7,S_0,S_1,_i);
+#define RND_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_X(S_1,S_2,S_3,S_4,S_5,S_6,S_7,S_0,_i);
+
+
+#define RND_0_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_1_3(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i);
+#define RND_7_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_1_3(S_7,S_0,S_1,S_2,S_3,S_4,S_5,S_6,_i);
+#define RND_6_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_1_3(S_6,S_7,S_0,S_1,S_2,S_3,S_4,S_5,_i);
+#define RND_5_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_1_3(S_5,S_6,S_7,S_0,S_1,S_2,S_3,S_4,_i);
+#define RND_4_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_1_3(S_4,S_5,S_6,S_7,S_0,S_1,S_2,S_3,_i);
+#define RND_3_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_1_3(S_3,S_4,S_5,S_6,S_7,S_0,S_1,S_2,_i);
+#define RND_2_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_1_3(S_2,S_3,S_4,S_5,S_6,S_7,S_0,S_1,_i);
+#define RND_1_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_1_3(S_1,S_2,S_3,S_4,S_5,S_6,S_7,S_0,_i);
+
+#define RND_0_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_4_6(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i);
+#define RND_7_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_4_6(S_7,S_0,S_1,S_2,S_3,S_4,S_5,S_6,_i);
+#define RND_6_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_4_6(S_6,S_7,S_0,S_1,S_2,S_3,S_4,S_5,_i);
+#define RND_5_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_4_6(S_5,S_6,S_7,S_0,S_1,S_2,S_3,S_4,_i);
+#define RND_4_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_4_6(S_4,S_5,S_6,S_7,S_0,S_1,S_2,S_3,_i);
+#define RND_3_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_4_6(S_3,S_4,S_5,S_6,S_7,S_0,S_1,S_2,_i);
+#define RND_2_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_4_6(S_2,S_3,S_4,S_5,S_6,S_7,S_0,S_1,_i);
+#define RND_1_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_4_6(S_1,S_2,S_3,S_4,S_5,S_6,S_7,S_0,_i);
+
+#define RND_0_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_7_8(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i);
+#define RND_7_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_7_8(S_7,S_0,S_1,S_2,S_3,S_4,S_5,S_6,_i);
+#define RND_6_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_7_8(S_6,S_7,S_0,S_1,S_2,S_3,S_4,S_5,_i);
+#define RND_5_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_7_8(S_5,S_6,S_7,S_0,S_1,S_2,S_3,S_4,_i);
+#define RND_4_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_7_8(S_4,S_5,S_6,S_7,S_0,S_1,S_2,S_3,_i);
+#define RND_3_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_7_8(S_3,S_4,S_5,S_6,S_7,S_0,S_1,S_2,_i);
+#define RND_2_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_7_8(S_2,S_3,S_4,S_5,S_6,S_7,S_0,S_1,_i);
+#define RND_1_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_7_8(S_1,S_2,S_3,S_4,S_5,S_6,S_7,S_0,_i);
+
+#define FOR(cnt, init, max, inc, loop)  \
+    __asm__ volatile("movl $"#init", %0\n\t"#loop":"::"m"(cnt):) 
+#define END(cnt, init, max, inc, loop)  \
+    __asm__ volatile("addl $"#inc", %0\n\tcmpl $"#max", %0\n\tjle "#loop"\n\t":"=m"(cnt)::) ;
+
+#endif  /* defined(HAVE_INTEL_AVX1) ||  defined(HAVE_INTEL_AVX2) */
+
+#if defined(HAVE_INTEL_AVX1) /* inline Assember for Intel AVX1 instructions */
+
+#define VPALIGNR(op1,op2,op3,op4) __asm__ volatile("vpalignr $"#op4", %"#op3", %"#op2", %"#op1:::XMM_REGs) 
+#define VPADDD(op1,op2,op3)       __asm__ volatile("vpaddd %"#op3", %"#op2", %"#op1:::XMM_REGs)
+#define VPSRLD(op1,op2,op3)       __asm__ volatile("vpsrld $"#op3", %"#op2", %"#op1:::XMM_REGs)
+#define VPSRLQ(op1,op2,op3)       __asm__ volatile("vpsrlq $"#op3", %"#op2", %"#op1:::XMM_REGs)
+#define VPSLLD(op1,op2,op3)       __asm__ volatile("vpslld $"#op3", %"#op2", %"#op1:::XMM_REGs)
+#define VPOR(op1,op2,op3)         __asm__ volatile("vpor   %"#op3", %"#op2", %"#op1:::XMM_REGs)
+#define VPXOR(op1,op2,op3)        __asm__ volatile("vpxor  %"#op3", %"#op2", %"#op1:::XMM_REGs)
+#define VPSHUFD(op1,op2,op3)      __asm__ volatile("vpshufd $"#op3", %"#op2", %"#op1:::XMM_REGs)
+#define VPSHUFB(op1,op2,op3)      __asm__ volatile("vpshufb %"#op3", %"#op2", %"#op1:::XMM_REGs)
+
+#define MessageSched(X0, X1, X2, X3, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5, XFER, SHUF_00BA, SHUF_DC00,\
+     a,b,c,d,e,f,g,h,_i)\
+            RND_STEP_1(a,b,c,d,e,f,g,h,_i);\
+    VPALIGNR (XTMP0, X3, X2, 4) ;\
+            RND_STEP_2(a,b,c,d,e,f,g,h,_i);\
+    VPADDD   (XTMP0, XTMP0, X0) ;\
+            RND_STEP_3(a,b,c,d,e,f,g,h,_i);\
+    VPALIGNR (XTMP1, X1, X0, 4) ;   /* XTMP1 = W[-15] */\
+            RND_STEP_4(a,b,c,d,e,f,g,h,_i);\
+    VPSRLD   (XTMP2, XTMP1, 7) ;\
+            RND_STEP_5(a,b,c,d,e,f,g,h,_i);\
+    VPSLLD   (XTMP3, XTMP1, 25) ; /* VPSLLD   (XTMP3, XTMP1, (32-7)) */\
+            RND_STEP_6(a,b,c,d,e,f,g,h,_i);\
+    VPOR     (XTMP3, XTMP3, XTMP2)  ;  /* XTMP1 = W[-15] MY_ROR 7 */\
+            RND_STEP_7(a,b,c,d,e,f,g,h,_i);\
+    VPSRLD   (XTMP2, XTMP1,18) ;\
+            RND_STEP_8(a,b,c,d,e,f,g,h,_i);\
+\
+            RND_STEP_1(h,a,b,c,d,e,f,g,_i+1);\
+    VPSRLD   (XTMP4, XTMP1, 3)      ;  /* XTMP4 = W[-15] >> 3 */\
+            RND_STEP_2(h,a,b,c,d,e,f,g,_i+1);\
+    VPSLLD   (XTMP1, XTMP1, 14) ; /* VPSLLD   (XTMP1, XTMP1, (32-18)) */\
+            RND_STEP_3(h,a,b,c,d,e,f,g,_i+1);\
+    VPXOR    (XTMP3, XTMP3, XTMP1)  ;\
+            RND_STEP_4(h,a,b,c,d,e,f,g,_i+1);\
+    VPXOR    (XTMP3, XTMP3, XTMP2)  ;  /* XTMP1 = W[-15] MY_ROR 7 ^ W[-15] MY_ROR 18 */\
+            RND_STEP_5(h,a,b,c,d,e,f,g,_i+1);\
+    VPXOR    (XTMP1, XTMP3, XTMP4)  ;  /* XTMP1 = s0 */\
+            RND_STEP_6(h,a,b,c,d,e,f,g,_i+1);\
+    VPSHUFD(XTMP2, X3, 0b11111010)  ;  /* XTMP2 = W[-2] {BBAA}*/\
+            RND_STEP_7(h,a,b,c,d,e,f,g,_i+1);\
+    VPADDD   (XTMP0, XTMP0, XTMP1)  ;  /* XTMP0 = W[-16] + W[-7] + s0 */\
+            RND_STEP_8(h,a,b,c,d,e,f,g,_i+1);\
+\
+            RND_STEP_1(g,h,a,b,c,d,e,f,_i+2);\
+    VPSRLD   (XTMP4, XTMP2, 10) ;      /* XTMP4 = W[-2] >> 10 {BBAA} */\
+            RND_STEP_2(g,h,a,b,c,d,e,f,_i+2);\
+    VPSRLQ   (XTMP3, XTMP2, 19) ;      /* XTMP3 = W[-2] MY_ROR 19 {xBxA} */\
+            RND_STEP_3(g,h,a,b,c,d,e,f,_i+2);\
+    VPSRLQ   (XTMP2, XTMP2, 17) ;      /* XTMP2 = W[-2] MY_ROR 17 {xBxA} */\
+            RND_STEP_4(g,h,a,b,c,d,e,f,_i+2);\
+    VPXOR    (XTMP2, XTMP2, XTMP3) ;\
+            RND_STEP_5(g,h,a,b,c,d,e,f,_i+2);\
+    VPXOR    (XTMP4, XTMP4, XTMP2) ;   /* XTMP4 = s1 {xBxA} */\
+            RND_STEP_6(g,h,a,b,c,d,e,f,_i+2);\
+    VPSHUFB  (XTMP4, XTMP4, SHUF_00BA)  ;  /* XTMP4 = s1 {00BA} */\
+            RND_STEP_7(g,h,a,b,c,d,e,f,_i+2);\
+    VPADDD   (XTMP0, XTMP0, XTMP4)  ;  /* XTMP0 = {..., ..., W[1], W[0]} */\
+            RND_STEP_8(g,h,a,b,c,d,e,f,_i+2);\
+\
+            RND_STEP_1(f,g,h,a,b,c,d,e,_i+3);\
+    VPSHUFD  (XTMP2, XTMP0, 0b01010000) ; /* XTMP2 = W[-2] {DDCC} */\
+            RND_STEP_2(f,g,h,a,b,c,d,e,_i+3);\
+    VPSRLD   (XTMP5, XTMP2, 10);       /* XTMP5 = W[-2] >> 10 {DDCC} */\
+            RND_STEP_3(f,g,h,a,b,c,d,e,_i+3);\
+    VPSRLQ   (XTMP3, XTMP2, 19);       /* XTMP3 = W[-2] MY_ROR 19 {xDxC} */\
+            RND_STEP_4(f,g,h,a,b,c,d,e,_i+3);\
+    VPSRLQ   (XTMP2, XTMP2, 17) ;      /* XTMP2 = W[-2] MY_ROR 17 {xDxC} */\
+            RND_STEP_5(f,g,h,a,b,c,d,e,_i+3);\
+    VPXOR    (XTMP2, XTMP2, XTMP3) ;\
+            RND_STEP_6(f,g,h,a,b,c,d,e,_i+3);\
+    VPXOR    (XTMP5, XTMP5, XTMP2) ;   /* XTMP5 = s1 {xDxC} */\
+            RND_STEP_7(f,g,h,a,b,c,d,e,_i+3);\
+    VPSHUFB  (XTMP5, XTMP5, SHUF_DC00) ; /* XTMP5 = s1 {DC00} */\
+            RND_STEP_8(f,g,h,a,b,c,d,e,_i+3);\
+    VPADDD   (X0, XTMP5, XTMP0) ;      /* X0 = {W[3], W[2], W[1], W[0]} */\
+
+#if defined(HAVE_INTEL_RORX)
+
+#define MessageSched_RORX(X0, X1, X2, X3, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5, \
+                          XFER, SHUF_00BA, SHUF_DC00,a,b,c,d,e,f,g,h,_i)\
+            RND_STEP_RORX_1(a,b,c,d,e,f,g,h,_i);\
+    VPALIGNR (XTMP0, X3, X2, 4) ;\
+            RND_STEP_RORX_2(a,b,c,d,e,f,g,h,_i);\
+    VPADDD   (XTMP0, XTMP0, X0) ;\
+            RND_STEP_RORX_3(a,b,c,d,e,f,g,h,_i);\
+    VPALIGNR (XTMP1, X1, X0, 4) ;   /* XTMP1 = W[-15] */\
+            RND_STEP_RORX_4(a,b,c,d,e,f,g,h,_i);\
+    VPSRLD   (XTMP2, XTMP1, 7) ;\
+            RND_STEP_RORX_5(a,b,c,d,e,f,g,h,_i);\
+    VPSLLD   (XTMP3, XTMP1, 25) ; /* VPSLLD   (XTMP3, XTMP1, (32-7)) */\
+            RND_STEP_RORX_6(a,b,c,d,e,f,g,h,_i);\
+    VPOR     (XTMP3, XTMP3, XTMP2)  ;  /* XTMP1 = W[-15] MY_ROR 7 */\
+            RND_STEP_RORX_7(a,b,c,d,e,f,g,h,_i);\
+    VPSRLD   (XTMP2, XTMP1,18) ;\
+            RND_STEP_RORX_8(a,b,c,d,e,f,g,h,_i);\
+\
+            RND_STEP_RORX_1(h,a,b,c,d,e,f,g,_i+1);\
+    VPSRLD   (XTMP4, XTMP1, 3)      ;  /* XTMP4 = W[-15] >> 3 */\
+            RND_STEP_RORX_2(h,a,b,c,d,e,f,g,_i+1);\
+    VPSLLD   (XTMP1, XTMP1, 14) ; /* VPSLLD   (XTMP1, XTMP1, (32-18)) */\
+            RND_STEP_RORX_3(h,a,b,c,d,e,f,g,_i+1);\
+    VPXOR    (XTMP3, XTMP3, XTMP1)  ;\
+            RND_STEP_RORX_4(h,a,b,c,d,e,f,g,_i+1);\
+    VPXOR    (XTMP3, XTMP3, XTMP2)  ;  /* XTMP1 = W[-15] MY_ROR 7 ^ W[-15] MY_ROR 18 */\
+            RND_STEP_RORX_5(h,a,b,c,d,e,f,g,_i+1);\
+    VPXOR    (XTMP1, XTMP3, XTMP4)  ;  /* XTMP1 = s0 */\
+            RND_STEP_RORX_6(h,a,b,c,d,e,f,g,_i+1);\
+    VPSHUFD(XTMP2, X3, 0b11111010)  ;  /* XTMP2 = W[-2] {BBAA}*/\
+            RND_STEP_RORX_7(h,a,b,c,d,e,f,g,_i+1);\
+    VPADDD   (XTMP0, XTMP0, XTMP1)  ;  /* XTMP0 = W[-16] + W[-7] + s0 */\
+            RND_STEP_RORX_8(h,a,b,c,d,e,f,g,_i+1);\
+\
+            RND_STEP_RORX_1(g,h,a,b,c,d,e,f,_i+2);\
+    VPSRLD   (XTMP4, XTMP2, 10) ;      /* XTMP4 = W[-2] >> 10 {BBAA} */\
+            RND_STEP_RORX_2(g,h,a,b,c,d,e,f,_i+2);\
+    VPSRLQ   (XTMP3, XTMP2, 19) ;      /* XTMP3 = W[-2] MY_ROR 19 {xBxA} */\
+            RND_STEP_RORX_3(g,h,a,b,c,d,e,f,_i+2);\
+    VPSRLQ   (XTMP2, XTMP2, 17) ;      /* XTMP2 = W[-2] MY_ROR 17 {xBxA} */\
+            RND_STEP_RORX_4(g,h,a,b,c,d,e,f,_i+2);\
+    VPXOR    (XTMP2, XTMP2, XTMP3) ;\
+            RND_STEP_RORX_5(g,h,a,b,c,d,e,f,_i+2);\
+    VPXOR    (XTMP4, XTMP4, XTMP2) ;   /* XTMP4 = s1 {xBxA} */\
+            RND_STEP_RORX_6(g,h,a,b,c,d,e,f,_i+2);\
+    VPSHUFB  (XTMP4, XTMP4, SHUF_00BA)  ;  /* XTMP4 = s1 {00BA} */\
+            RND_STEP_RORX_7(g,h,a,b,c,d,e,f,_i+2);\
+    VPADDD   (XTMP0, XTMP0, XTMP4)  ;  /* XTMP0 = {..., ..., W[1], W[0]} */\
+            RND_STEP_RORX_8(g,h,a,b,c,d,e,f,_i+2);\
+\
+            RND_STEP_RORX_1(f,g,h,a,b,c,d,e,_i+3);\
+    VPSHUFD  (XTMP2, XTMP0, 0b01010000) ; /* XTMP2 = W[-2] {DDCC} */\
+            RND_STEP_RORX_2(f,g,h,a,b,c,d,e,_i+3);\
+    VPSRLD   (XTMP5, XTMP2, 10);       /* XTMP5 = W[-2] >> 10 {DDCC} */\
+            RND_STEP_RORX_3(f,g,h,a,b,c,d,e,_i+3);\
+    VPSRLQ   (XTMP3, XTMP2, 19);       /* XTMP3 = W[-2] MY_ROR 19 {xDxC} */\
+            RND_STEP_RORX_4(f,g,h,a,b,c,d,e,_i+3);\
+    VPSRLQ   (XTMP2, XTMP2, 17) ;      /* XTMP2 = W[-2] MY_ROR 17 {xDxC} */\
+            RND_STEP_RORX_5(f,g,h,a,b,c,d,e,_i+3);\
+    VPXOR    (XTMP2, XTMP2, XTMP3) ;\
+            RND_STEP_RORX_6(f,g,h,a,b,c,d,e,_i+3);\
+    VPXOR    (XTMP5, XTMP5, XTMP2) ;   /* XTMP5 = s1 {xDxC} */\
+            RND_STEP_RORX_7(f,g,h,a,b,c,d,e,_i+3);\
+    VPSHUFB  (XTMP5, XTMP5, SHUF_DC00) ; /* XTMP5 = s1 {DC00} */\
+            RND_STEP_RORX_8(f,g,h,a,b,c,d,e,_i+3);\
+    VPADDD   (X0, XTMP5, XTMP0) ;      /* X0 = {W[3], W[2], W[1], W[0]} */\
+
+#endif
+
+
+#define W_K_from_buff\
+         __asm__ volatile("vmovdqu %0, %%xmm4\n\t"\
+                          "vpshufb %%xmm13, %%xmm4, %%xmm4\n\t"\
+                          :: "m"(sha256->buffer[0]):"%xmm4") ;\
+         __asm__ volatile("vmovdqu %0, %%xmm5\n\t"\
+                          "vpshufb %%xmm13, %%xmm5, %%xmm5\n\t"\
+                          ::"m"(sha256->buffer[4]):"%xmm5") ;\
+         __asm__ volatile("vmovdqu %0, %%xmm6\n\t"\
+                          "vpshufb %%xmm13, %%xmm6, %%xmm6\n\t"\
+                          ::"m"(sha256->buffer[8]):"%xmm6") ;\
+         __asm__ volatile("vmovdqu %0, %%xmm7\n\t"\
+                          "vpshufb %%xmm13, %%xmm7, %%xmm7\n\t"\
+                          ::"m"(sha256->buffer[12]):"%xmm7") ;\
+
+#define _SET_W_K_XFER(reg, i)\
+    __asm__ volatile("vpaddd %0, %"#reg", %%xmm9"::"m"(K[i]):XMM_REGs) ;\
+    __asm__ volatile("vmovdqa %%xmm9, %0":"=m"(W_K[i])::XMM_REGs) ;
+
+#define SET_W_K_XFER(reg, i) _SET_W_K_XFER(reg, i)
+
+static const ALIGN32 word64 mSHUF_00BA[] = { 0x0b0a090803020100, 0xFFFFFFFFFFFFFFFF } ; /* shuffle xBxA -> 00BA */
+static const ALIGN32 word64 mSHUF_DC00[] = { 0xFFFFFFFFFFFFFFFF, 0x0b0a090803020100 } ; /* shuffle xDxC -> DC00 */
+static const ALIGN32 word64 mBYTE_FLIP_MASK[] =  { 0x0405060700010203, 0x0c0d0e0f08090a0b } ;
+
+
+#define _Init_Masks(mask1, mask2, mask3)\
+__asm__ volatile("vmovdqu %0, %"#mask1 ::"m"(mBYTE_FLIP_MASK[0])) ;\
+__asm__ volatile("vmovdqu %0, %"#mask2 ::"m"(mSHUF_00BA[0])) ;\
+__asm__ volatile("vmovdqu %0, %"#mask3 ::"m"(mSHUF_DC00[0])) ;
+
+#define Init_Masks(BYTE_FLIP_MASK, SHUF_00BA, SHUF_DC00)\
+    _Init_Masks(BYTE_FLIP_MASK, SHUF_00BA, SHUF_DC00)
+
+#define X0 %xmm4
+#define X1 %xmm5
+#define X2 %xmm6
+#define X3 %xmm7
+#define X_ X0
+
+#define XTMP0 %xmm0
+#define XTMP1 %xmm1
+#define XTMP2 %xmm2
+#define XTMP3 %xmm3
+#define XTMP4 %xmm8
+#define XTMP5 %xmm9
+#define XFER  %xmm10
+
+#define SHUF_00BA   %xmm11 /* shuffle xBxA -> 00BA */
+#define SHUF_DC00   %xmm12 /* shuffle xDxC -> DC00 */
+#define BYTE_FLIP_MASK  %xmm13
+
+#define XMM_REGs   /* Registers are saved in Sha256Update/Finel */
+                   /*"xmm4","xmm5","xmm6","xmm7","xmm8","xmm9","xmm10","xmm11","xmm12","xmm13" */
+
+static int Transform_AVX1(Sha256* sha256)
+{
+
+    word32 W_K[64] ;  /* temp for W+K */
+
+    #if defined(DEBUG_XMM)
+    int i, j ;
+    word32 xmm[29][4*15] ;
+    #endif
+
+    Init_Masks(BYTE_FLIP_MASK, SHUF_00BA, SHUF_DC00) ;
+    W_K_from_buff ; /* X0, X1, X2, X3 = W[0..15] ; */
+
+    DigestToReg(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7) ;
+  
+    SET_W_K_XFER(X0, 0) ;
+    MessageSched(X0, X1, X2, X3, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5, XFER, 
+            SHUF_00BA, SHUF_DC00, S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,0) ;
+    SET_W_K_XFER(X1, 4) ;
+    MessageSched(X1, X2, X3, X0, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5, XFER,
+            SHUF_00BA, SHUF_DC00, S_4,S_5,S_6,S_7,S_0,S_1,S_2,S_3,4) ;
+    SET_W_K_XFER(X2, 8) ;
+    MessageSched(X2, X3, X0, X1, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5, XFER, 
+            SHUF_00BA, SHUF_DC00, S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,8) ;
+    SET_W_K_XFER(X3, 12) ;
+    MessageSched(X3, X0, X1, X2, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5, XFER, 
+            SHUF_00BA, SHUF_DC00, S_4,S_5,S_6,S_7,S_0,S_1,S_2,S_3,12) ;
+    SET_W_K_XFER(X0, 16) ;
+    MessageSched(X0, X1, X2, X3, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5, XFER, 
+            SHUF_00BA, SHUF_DC00, S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,16) ;
+    SET_W_K_XFER(X1, 20) ;
+    MessageSched(X1, X2, X3, X0, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5, XFER, 
+            SHUF_00BA, SHUF_DC00, S_4,S_5,S_6,S_7,S_0,S_1,S_2,S_3,20) ;
+    SET_W_K_XFER(X2, 24) ;
+    MessageSched(X2, X3, X0, X1, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5, XFER, 
+            SHUF_00BA, SHUF_DC00, S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,24) ;
+    SET_W_K_XFER(X3, 28) ;
+    MessageSched(X3, X0, X1, X2, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5, XFER, 
+            SHUF_00BA, SHUF_DC00, S_4,S_5,S_6,S_7,S_0,S_1,S_2,S_3,28) ;
+    SET_W_K_XFER(X0, 32) ;
+    MessageSched(X0, X1, X2, X3, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5, XFER, 
+            SHUF_00BA, SHUF_DC00, S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,32) ;
+    SET_W_K_XFER(X1, 36) ;
+    MessageSched(X1, X2, X3, X0, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5, XFER, 
+            SHUF_00BA, SHUF_DC00, S_4,S_5,S_6,S_7,S_0,S_1,S_2,S_3,36) ;
+    SET_W_K_XFER(X2, 40) ;
+    MessageSched(X2, X3, X0, X1, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5, XFER, 
+            SHUF_00BA, SHUF_DC00, S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,40) ;
+    SET_W_K_XFER(X3, 44) ;
+    MessageSched(X3, X0, X1, X2, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5, XFER, 
+            SHUF_00BA, SHUF_DC00, S_4,S_5,S_6,S_7,S_0,S_1,S_2,S_3,44) ;
+
+    SET_W_K_XFER(X0, 48) ;
+    SET_W_K_XFER(X1, 52) ;
+    SET_W_K_XFER(X2, 56) ;
+    SET_W_K_XFER(X3, 60) ;
+    
+    RND_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,48) ;
+    RND_7(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,49) ;
+    RND_6(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,50) ;
+    RND_5(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,51) ;
+
+    RND_4(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,52) ;
+    RND_3(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,53) ;
+    RND_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,54) ;
+    RND_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,55) ;
+
+    RND_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,56) ;     
+    RND_7(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,57) ;
+    RND_6(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,58) ;
+    RND_5(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,59) ;
+
+    RND_4(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,60) ;
+    RND_3(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,61) ;
+    RND_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,62) ;
+    RND_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,63) ;
+        
+    RegToDigest(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7) ;  
+        
+    #if defined(DEBUG_XMM)
+    for(i=0; i<29; i++) {
+        for(j=0; j<4*14; j+=4)
+            printf("xmm%d[%d]=%08x,%08x,%08x,%08x\n", j/4, i, 
+                   xmm[i][j],xmm[i][j+1],xmm[i][j+2],xmm[i][j+3]) ;
+        printf("\n") ;
+    }
+        
+    for(i=0; i<64; i++)printf("W_K[%d]%08x\n", i, W_K[i]) ;
+    #endif
+
+    return 0;
+}
+
+#if defined(HAVE_INTEL_RORX)
+static int Transform_AVX1_RORX(Sha256* sha256)
+{
+
+    word32 W_K[64] ;  /* temp for W+K */
+
+    #if defined(DEBUG_XMM)
+    int i, j ;
+    word32 xmm[29][4*15] ;
+    #endif
+
+    Init_Masks(BYTE_FLIP_MASK, SHUF_00BA, SHUF_DC00) ;
+    W_K_from_buff ; /* X0, X1, X2, X3 = W[0..15] ; */
+
+    DigestToReg(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7) ;
+    SET_W_K_XFER(X0, 0) ;
+    MessageSched_RORX(X0, X1, X2, X3, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5, 
+            XFER, SHUF_00BA, SHUF_DC00, S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,0) ;
+    SET_W_K_XFER(X1, 4) ;
+    MessageSched_RORX(X1, X2, X3, X0, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5, 
+            XFER, SHUF_00BA, SHUF_DC00, S_4,S_5,S_6,S_7,S_0,S_1,S_2,S_3,4) ;
+    SET_W_K_XFER(X2, 8) ;
+    MessageSched_RORX(X2, X3, X0, X1, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5, 
+            XFER, SHUF_00BA, SHUF_DC00, S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,8) ;
+    SET_W_K_XFER(X3, 12) ;
+    MessageSched_RORX(X3, X0, X1, X2, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5, 
+            XFER, SHUF_00BA, SHUF_DC00, S_4,S_5,S_6,S_7,S_0,S_1,S_2,S_3,12) ;
+    SET_W_K_XFER(X0, 16) ;
+    MessageSched_RORX(X0, X1, X2, X3, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5, 
+            XFER, SHUF_00BA, SHUF_DC00, S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,16) ;
+    SET_W_K_XFER(X1, 20) ;
+    MessageSched_RORX(X1, X2, X3, X0, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5, 
+            XFER, SHUF_00BA, SHUF_DC00, S_4,S_5,S_6,S_7,S_0,S_1,S_2,S_3,20) ;
+    SET_W_K_XFER(X2, 24) ;
+    MessageSched_RORX(X2, X3, X0, X1, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5, 
+            XFER, SHUF_00BA, SHUF_DC00, S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,24) ;
+    SET_W_K_XFER(X3, 28) ;
+    MessageSched_RORX(X3, X0, X1, X2, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5, 
+            XFER, SHUF_00BA, SHUF_DC00, S_4,S_5,S_6,S_7,S_0,S_1,S_2,S_3,28) ;
+    SET_W_K_XFER(X0, 32) ;
+    MessageSched_RORX(X0, X1, X2, X3, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5, 
+            XFER, SHUF_00BA, SHUF_DC00, S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,32) ;
+    SET_W_K_XFER(X1, 36) ;
+    MessageSched_RORX(X1, X2, X3, X0, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5, 
+            XFER, SHUF_00BA, SHUF_DC00, S_4,S_5,S_6,S_7,S_0,S_1,S_2,S_3,36) ;
+    SET_W_K_XFER(X2, 40) ;
+    MessageSched_RORX(X2, X3, X0, X1, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5,
+            XFER, SHUF_00BA, SHUF_DC00, S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,40) ;
+    SET_W_K_XFER(X3, 44) ;
+    MessageSched_RORX(X3, X0, X1, X2, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5,
+            XFER, SHUF_00BA, SHUF_DC00, S_4,S_5,S_6,S_7,S_0,S_1,S_2,S_3,44) ;
+
+    SET_W_K_XFER(X0, 48) ;
+    SET_W_K_XFER(X1, 52) ;
+    SET_W_K_XFER(X2, 56) ;
+    SET_W_K_XFER(X3, 60) ;
+    
+    RND_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,48) ;
+    RND_7(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,49) ;
+    RND_6(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,50) ;
+    RND_5(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,51) ;
+
+    RND_4(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,52) ;
+    RND_3(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,53) ;
+    RND_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,54) ;
+    RND_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,55) ;
+
+    RND_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,56) ;     
+    RND_7(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,57) ;
+    RND_6(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,58) ;
+    RND_5(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,59) ;
+
+    RND_4(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,60) ;
+    RND_3(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,61) ;
+    RND_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,62) ;
+    RND_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,63) ;
+        
+    RegToDigest(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7) ;  
+        
+    #if defined(DEBUG_XMM)
+    for(i=0; i<29; i++) {
+        for(j=0; j<4*14; j+=4)
+            printf("xmm%d[%d]=%08x,%08x,%08x,%08x\n", j/4, i, 
+                    xmm[i][j],xmm[i][j+1],xmm[i][j+2],xmm[i][j+3]) ;
+        printf("\n") ;
+    }
+        
+    for(i=0; i<64; i++)printf("W_K[%d]%08x\n", i, W_K[i]) ;
+    #endif
+
+    return 0;
+}
+#endif  /* HAVE_INTEL_RORX */
+
+#endif  /* HAVE_INTEL_AVX1 */
+
+
+#if defined(HAVE_INTEL_AVX2)
+
+#define _MOVE_to_REG(ymm, mem)       __asm__ volatile("vmovdqu %0, %%"#ymm" ":: "m"(mem):YMM_REGs) ;
+#define _MOVE_to_MEM(mem, ymm)       __asm__ volatile("vmovdqu %%"#ymm", %0" : "=m"(mem)::YMM_REGs) ;
+#define _BYTE_SWAP(ymm, map)              __asm__ volatile("vpshufb %0, %%"#ymm", %%"#ymm"\n\t"\
+                                                       :: "m"(map):YMM_REGs) ;
+#define _MOVE_128(ymm0, ymm1, ymm2, map)   __asm__ volatile("vperm2i128  $"#map", %%"\
+                                  #ymm2", %%"#ymm1", %%"#ymm0" ":::YMM_REGs) ;
+#define _MOVE_BYTE(ymm0, ymm1, map)  __asm__ volatile("vpshufb %0, %%"#ymm1", %%"\
+                                  #ymm0"\n\t":: "m"(map):YMM_REGs) ;
+#define _S_TEMP(dest, src, bits, temp)    __asm__ volatile("vpsrld  $"#bits", %%"\
+         #src", %%"#dest"\n\tvpslld  $32-"#bits", %%"#src", %%"#temp"\n\tvpor %%"\
+         #temp",%%"#dest", %%"#dest" ":::YMM_REGs) ;
+#define _AVX2_R(dest, src, bits)          __asm__ volatile("vpsrld  $"#bits", %%"\
+                                  #src", %%"#dest" ":::YMM_REGs) ;
+#define _XOR(dest, src1, src2)       __asm__ volatile("vpxor   %%"#src1", %%"\
+         #src2", %%"#dest" ":::YMM_REGs) ;
+#define _OR(dest, src1, src2)       __asm__ volatile("vpor    %%"#src1", %%"\
+         #src2", %%"#dest" ":::YMM_REGs) ;
+#define _ADD(dest, src1, src2)       __asm__ volatile("vpaddd   %%"#src1", %%"\
+         #src2", %%"#dest" ":::YMM_REGs) ;
+#define _ADD_MEM(dest, src1, mem)    __asm__ volatile("vpaddd   %0, %%"#src1", %%"\
+         #dest" "::"m"(mem):YMM_REGs) ;
+#define _BLEND(map, dest, src1, src2)    __asm__ volatile("vpblendd    $"#map", %%"\
+         #src1",   %%"#src2", %%"#dest" ":::YMM_REGs) ;
+
+#define    _EXTRACT_XMM_0(xmm, mem)  __asm__ volatile("vpextrd $0, %%"#xmm", %0 ":"=r"(mem)::YMM_REGs) ;
+#define    _EXTRACT_XMM_1(xmm, mem)  __asm__ volatile("vpextrd $1, %%"#xmm", %0 ":"=r"(mem)::YMM_REGs) ;
+#define    _EXTRACT_XMM_2(xmm, mem)  __asm__ volatile("vpextrd $2, %%"#xmm", %0 ":"=r"(mem)::YMM_REGs) ;
+#define    _EXTRACT_XMM_3(xmm, mem)  __asm__ volatile("vpextrd $3, %%"#xmm", %0 ":"=r"(mem)::YMM_REGs) ;
+#define    _EXTRACT_XMM_4(ymm, xmm, mem)\
+      __asm__ volatile("vperm2i128 $0x1, %%"#ymm", %%"#ymm", %%"#ymm" ":::YMM_REGs) ;\
+      __asm__ volatile("vpextrd $0, %%"#xmm", %0 ":"=r"(mem)::YMM_REGs) ;
+#define    _EXTRACT_XMM_5(xmm, mem)  __asm__ volatile("vpextrd $1, %%"#xmm", %0 ":"=r"(mem)::YMM_REGs) ;
+#define    _EXTRACT_XMM_6(xmm, mem)  __asm__ volatile("vpextrd $2, %%"#xmm", %0 ":"=r"(mem)::YMM_REGs) ;
+#define    _EXTRACT_XMM_7(xmm, mem)  __asm__ volatile("vpextrd $3, %%"#xmm", %0 ":"=r"(mem)::YMM_REGs) ;
+
+#define    _SWAP_YMM_HL(ymm)   __asm__ volatile("vperm2i128 $0x1, %%"#ymm", %%"#ymm", %%"#ymm" ":::YMM_REGs) ;
+#define     SWAP_YMM_HL(ymm)   _SWAP_YMM_HL(ymm) 
+
+#define MOVE_to_REG(ymm, mem)      _MOVE_to_REG(ymm, mem)
+#define MOVE_to_MEM(mem, ymm)      _MOVE_to_MEM(mem, ymm)
+#define BYTE_SWAP(ymm, map)        _BYTE_SWAP(ymm, map)
+#define MOVE_128(ymm0, ymm1, ymm2, map) _MOVE_128(ymm0, ymm1, ymm2, map) 
+#define MOVE_BYTE(ymm0, ymm1, map) _MOVE_BYTE(ymm0, ymm1, map)
+#define XOR(dest, src1, src2)      _XOR(dest, src1, src2)
+#define OR(dest, src1, src2)       _OR(dest, src1, src2)
+#define ADD(dest, src1, src2)      _ADD(dest, src1, src2)
+#define ADD_MEM(dest, src1, mem)  _ADD_MEM(dest, src1, mem)
+#define BLEND(map, dest, src1, src2) _BLEND(map, dest, src1, src2)
+
+#define S_TMP(dest, src, bits, temp) _S_TEMP(dest, src, bits, temp); 
+#define AVX2_S(dest, src, bits)      S_TMP(dest, src, bits, S_TEMP)
+#define AVX2_R(dest, src, bits)      _AVX2_R(dest, src, bits)
+
+#define GAMMA0(dest, src)      AVX2_S(dest, src, 7);  AVX2_S(G_TEMP, src, 18); \
+    XOR(dest, G_TEMP, dest) ; AVX2_R(G_TEMP, src, 3);  XOR(dest, G_TEMP, dest) ;
+#define GAMMA0_1(dest, src)    AVX2_S(dest, src, 7);  AVX2_S(G_TEMP, src, 18); 
+#define GAMMA0_2(dest, src)    XOR(dest, G_TEMP, dest) ; AVX2_R(G_TEMP, src, 3);  \
+    XOR(dest, G_TEMP, dest) ;
+
+#define GAMMA1(dest, src)      AVX2_S(dest, src, 17); AVX2_S(G_TEMP, src, 19); \
+    XOR(dest, G_TEMP, dest) ; AVX2_R(G_TEMP, src, 10); XOR(dest, G_TEMP, dest) ;
+#define GAMMA1_1(dest, src)    AVX2_S(dest, src, 17); AVX2_S(G_TEMP, src, 19); 
+#define GAMMA1_2(dest, src)    XOR(dest, G_TEMP, dest) ; AVX2_R(G_TEMP, src, 10); \
+    XOR(dest, G_TEMP, dest) ;
+
+#define    FEEDBACK1_to_W_I_2    MOVE_BYTE(YMM_TEMP0, W_I, mMAP1toW_I_2[0]) ; \
+    BLEND(0x0c, W_I_2, YMM_TEMP0, W_I_2) ;
+#define    FEEDBACK2_to_W_I_2    MOVE_128(YMM_TEMP0, W_I, W_I, 0x08) ;  \
+    MOVE_BYTE(YMM_TEMP0, YMM_TEMP0, mMAP2toW_I_2[0]) ; BLEND(0x30, W_I_2, YMM_TEMP0, W_I_2) ; 
+#define    FEEDBACK3_to_W_I_2    MOVE_BYTE(YMM_TEMP0, W_I, mMAP3toW_I_2[0]) ; \
+    BLEND(0xc0, W_I_2, YMM_TEMP0, W_I_2) ; 
+
+#define    FEEDBACK_to_W_I_7     MOVE_128(YMM_TEMP0, W_I, W_I, 0x08) ;\
+    MOVE_BYTE(YMM_TEMP0, YMM_TEMP0, mMAPtoW_I_7[0]) ; BLEND(0x80, W_I_7, YMM_TEMP0, W_I_7) ;
+
+#undef voitle
+
+#define W_I_16  ymm8
+#define W_I_15  ymm9
+#define W_I_7  ymm10
+#define W_I_2  ymm11
+#define W_I    ymm12
+#define G_TEMP     ymm13
+#define S_TEMP     ymm14
+#define YMM_TEMP0  ymm15
+#define YMM_TEMP0x xmm15
+#define W_I_TEMP   ymm7
+#define W_K_TEMP   ymm15
+#define W_K_TEMPx  xmm15
+
+#define YMM_REGs /* Registers are saved in Sha256Update/Finel */
+ /* "%ymm7","%ymm8","%ymm9","%ymm10","%ymm11","%ymm12","%ymm13","%ymm14","%ymm15"*/
+
+
+#define MOVE_15_to_16(w_i_16, w_i_15, w_i_7)\
+    __asm__ volatile("vperm2i128  $0x01, %%"#w_i_15", %%"#w_i_15", %%"#w_i_15" ":::YMM_REGs) ;\
+    __asm__ volatile("vpblendd    $0x08, %%"#w_i_15", %%"#w_i_7", %%"#w_i_16" ":::YMM_REGs) ;\
+    __asm__ volatile("vperm2i128 $0x01,  %%"#w_i_7",  %%"#w_i_7", %%"#w_i_15" ":::YMM_REGs) ;\
+    __asm__ volatile("vpblendd    $0x80, %%"#w_i_15", %%"#w_i_16", %%"#w_i_16" ":::YMM_REGs) ;\
+    __asm__ volatile("vpshufd    $0x93,  %%"#w_i_16", %%"#w_i_16" ":::YMM_REGs) ;\
+
+#define MOVE_7_to_15(w_i_15, w_i_7)\
+    __asm__ volatile("vmovdqu                 %%"#w_i_7",  %%"#w_i_15" ":::YMM_REGs) ;\
+
+#define MOVE_I_to_7(w_i_7, w_i)\
+    __asm__ volatile("vperm2i128 $0x01,       %%"#w_i",   %%"#w_i",   %%"#w_i_7" ":::YMM_REGs) ;\
+    __asm__ volatile("vpblendd    $0x01,       %%"#w_i_7",   %%"#w_i", %%"#w_i_7" ":::YMM_REGs) ;\
+    __asm__ volatile("vpshufd    $0x39, %%"#w_i_7", %%"#w_i_7" ":::YMM_REGs) ;\
+
+#define MOVE_I_to_2(w_i_2, w_i)\
+    __asm__ volatile("vperm2i128 $0x01,       %%"#w_i", %%"#w_i", %%"#w_i_2" ":::YMM_REGs) ;\
+    __asm__ volatile("vpshufd    $0x0e, %%"#w_i_2", %%"#w_i_2" ":::YMM_REGs) ;\
+
+#define ROTATE_W(w_i_16, w_i_15, w_i_7, w_i_2, w_i)\
+    MOVE_15_to_16(w_i_16, w_i_15, w_i_7) ; \
+    MOVE_7_to_15(w_i_15, w_i_7) ; \
+    MOVE_I_to_7(w_i_7, w_i) ; \
+    MOVE_I_to_2(w_i_2, w_i) ;\
+
+#define _RegToDigest(S_0, S_1, S_2, S_3, S_4, S_5, S_6, S_7 )\
+    { word32 d ;\
+    __asm__ volatile("movl %"#S_0", %0":"=r"(d)::SSE_REGs) ;\
+    sha256->digest[0] += d;\
+    __asm__ volatile("movl %"#S_1", %0":"=r"(d)::SSE_REGs) ;\
+    sha256->digest[1] += d;\
+    __asm__ volatile("movl %"#S_2", %0":"=r"(d)::SSE_REGs) ;\
+    sha256->digest[2] += d;\
+    __asm__ volatile("movl %"#S_3", %0":"=r"(d)::SSE_REGs) ;\
+    sha256->digest[3] += d;\
+    __asm__ volatile("movl %"#S_4", %0":"=r"(d)::SSE_REGs) ;\
+    sha256->digest[4] += d;\
+    __asm__ volatile("movl %"#S_5", %0":"=r"(d)::SSE_REGs) ;\
+    sha256->digest[5] += d;\
+    __asm__ volatile("movl %"#S_6", %0":"=r"(d)::SSE_REGs) ;\
+    sha256->digest[6] += d;\
+    __asm__ volatile("movl %"#S_7", %0":"=r"(d)::SSE_REGs) ;\
+    sha256->digest[7] += d;\
+}
+
+#define _DumpS(S_0, S_1, S_2, S_3, S_4, S_5, S_6, S_7 )\
+  { word32 d[8] ;\
+    __asm__ volatile("movl %"#S_0", %0":"=r"(d[0])::SSE_REGs) ;\
+    __asm__ volatile("movl %"#S_1", %0":"=r"(d[1])::SSE_REGs) ;\
+    __asm__ volatile("movl %"#S_2", %0":"=r"(d[2])::SSE_REGs) ;\
+    __asm__ volatile("movl %"#S_3", %0":"=r"(d[3])::SSE_REGs) ;\
+    __asm__ volatile("movl %"#S_4", %0":"=r"(d[4])::SSE_REGs) ;\
+    __asm__ volatile("movl %"#S_5", %0":"=r"(d[5])::SSE_REGs) ;\
+    __asm__ volatile("movl %"#S_6", %0":"=r"(d[6])::SSE_REGs) ;\
+    __asm__ volatile("movl %"#S_7", %0":"=r"(d[7])::SSE_REGs) ;\
+        printf("S[0..7]=%08x,%08x,%08x,%08x,%08x,%08x,%08x,%08x\n", d[0],d[1],d[2],d[3],d[4],d[5],d[6],d[7]);\
+    __asm__ volatile("movl %0, %"#S_0::"r"(d[0]):SSE_REGs) ;\
+    __asm__ volatile("movl %0, %"#S_1::"r"(d[1]):SSE_REGs) ;\
+    __asm__ volatile("movl %0, %"#S_2::"r"(d[2]):SSE_REGs) ;\
+    __asm__ volatile("movl %0, %"#S_3::"r"(d[3]):SSE_REGs) ;\
+    __asm__ volatile("movl %0, %"#S_4::"r"(d[4]):SSE_REGs) ;\
+    __asm__ volatile("movl %0, %"#S_5::"r"(d[5]):SSE_REGs) ;\
+    __asm__ volatile("movl %0, %"#S_6::"r"(d[6]):SSE_REGs) ;\
+    __asm__ volatile("movl %0, %"#S_7::"r"(d[7]):SSE_REGs) ;\
+}
+
+
+#define DigestToReg(S_0, S_1, S_2, S_3, S_4, S_5, S_6, S_7 )\
+    _DigestToReg(S_0, S_1, S_2, S_3, S_4, S_5, S_6, S_7 )
+
+#define RegToDigest(S_0, S_1, S_2, S_3, S_4, S_5, S_6, S_7 )\
+    _RegToDigest(S_0, S_1, S_2, S_3, S_4, S_5, S_6, S_7 )
+
+#define DumS(S_0, S_1, S_2, S_3, S_4, S_5, S_6, S_7 )\
+    _DumpS(S_0, S_1, S_2, S_3, S_4, S_5, S_6, S_7 )
+
+        
+    /* Byte swap Masks to ensure that rest of the words are filled with zero's. */
+    static const unsigned long mBYTE_FLIP_MASK_16[] =  
+        { 0x0405060700010203, 0x0c0d0e0f08090a0b, 0x0405060700010203, 0x0c0d0e0f08090a0b } ;
+    static const unsigned long mBYTE_FLIP_MASK_15[] =  
+        { 0x0405060700010203, 0x0c0d0e0f08090a0b, 0x0405060700010203, 0x0c0d0e0f08090a0b } ;
+    static const unsigned long mBYTE_FLIP_MASK_7 [] =  
+        { 0x0405060700010203, 0x0c0d0e0f08090a0b, 0x0405060700010203, 0x8080808008090a0b } ;
+    static const unsigned long mBYTE_FLIP_MASK_2 [] =  
+        { 0x0405060700010203, 0x8080808080808080, 0x8080808080808080, 0x8080808080808080 } ;
+
+    static const unsigned long mMAPtoW_I_7[] =  
+        { 0x8080808080808080, 0x8080808080808080, 0x8080808080808080, 0x0302010080808080 } ;
+    static const unsigned long mMAP1toW_I_2[] = 
+        { 0x8080808080808080, 0x0706050403020100, 0x8080808080808080, 0x8080808080808080 } ;
+    static const unsigned long mMAP2toW_I_2[] = 
+        { 0x8080808080808080, 0x8080808080808080, 0x0f0e0d0c0b0a0908, 0x8080808080808080 } ;
+    static const unsigned long mMAP3toW_I_2[] = 
+        { 0x8080808080808080, 0x8080808080808080, 0x8080808080808080, 0x0706050403020100 } ;
+ 
+static int Transform_AVX2(Sha256* sha256)
+{
+
+    #ifdef WOLFSSL_SMALL_STACK
+        word32* W_K;
+        W_K = (word32*) XMALLOC(sizeof(word32) * 64, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        if (W_K == NULL)
+            return MEMORY_E;
+    #else
+        word32 W_K[64]  ;
+    #endif
+
+    MOVE_to_REG(W_I_16, sha256->buffer[0]);     BYTE_SWAP(W_I_16, mBYTE_FLIP_MASK_16[0]) ;
+    MOVE_to_REG(W_I_15, sha256->buffer[1]);     BYTE_SWAP(W_I_15, mBYTE_FLIP_MASK_15[0]) ;
+    MOVE_to_REG(W_I,    sha256->buffer[8]) ;    BYTE_SWAP(W_I,    mBYTE_FLIP_MASK_16[0]) ;
+    MOVE_to_REG(W_I_7,  sha256->buffer[16-7]) ; BYTE_SWAP(W_I_7,  mBYTE_FLIP_MASK_7[0])  ;
+    MOVE_to_REG(W_I_2,  sha256->buffer[16-2]) ; BYTE_SWAP(W_I_2,  mBYTE_FLIP_MASK_2[0])  ;
+
+    DigestToReg(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7) ;
+
+    ADD_MEM(W_K_TEMP, W_I_16, K[0]) ;
+    MOVE_to_MEM(W_K[0], W_K_TEMP) ; 
+
+    RND_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,0) ;
+    RND_7(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,1) ;
+    RND_6(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,2) ;
+    RND_5(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,3) ;  
+    RND_4(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,4) ;
+    RND_3(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,5) ;
+    RND_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,6) ;
+    RND_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,7) ;
+
+    ADD_MEM(YMM_TEMP0, W_I, K[8]) ;
+    MOVE_to_MEM(W_K[8], YMM_TEMP0) ; 
+
+        /* W[i] = Gamma1(W[i-2]) + W[i-7] + Gamma0(W[i-15] + W[i-16]) */
+                RND_0_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,8) ;
+        GAMMA0_1(W_I_TEMP, W_I_15) ;
+                RND_0_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,8) ;
+        GAMMA0_2(W_I_TEMP, W_I_15) ;
+                RND_0_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,8) ;
+        ADD(W_I_TEMP, W_I_16, W_I_TEMP) ;/* for saving W_I before adding incomplete W_I_7 */
+                RND_7_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,9) ;
+        ADD(W_I, W_I_7, W_I_TEMP);
+                RND_7_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,9) ;
+        GAMMA1_1(YMM_TEMP0, W_I_2) ; 
+                RND_7_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,9) ;
+        GAMMA1_2(YMM_TEMP0, W_I_2) ; 
+                RND_6_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,10) ;
+        ADD(W_I, W_I, YMM_TEMP0) ;/* now W[16..17] are completed */
+                RND_6_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,10) ;
+        FEEDBACK1_to_W_I_2 ;
+                RND_6_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,10) ;
+        FEEDBACK_to_W_I_7 ; 
+                RND_5_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,11) ;
+        ADD(W_I_TEMP, W_I_7, W_I_TEMP);
+                RND_5_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,11) ;
+        GAMMA1_1(YMM_TEMP0, W_I_2) ; 
+                RND_5_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,11) ;
+        GAMMA1_2(YMM_TEMP0, W_I_2) ; 
+                RND_4_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,12) ;
+        ADD(W_I, W_I_TEMP, YMM_TEMP0) ;/* now W[16..19] are completed */
+                RND_4_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,12) ;
+        FEEDBACK2_to_W_I_2 ;
+                RND_4_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,12) ;
+        GAMMA1_1(YMM_TEMP0, W_I_2) ;
+                RND_3_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,13) ;
+        GAMMA1_2(YMM_TEMP0, W_I_2) ; 
+                RND_3_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,13) ;
+        ADD(W_I, W_I_TEMP, YMM_TEMP0) ; /* now W[16..21] are completed */
+                RND_3_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,13) ;
+        FEEDBACK3_to_W_I_2 ;
+                RND_2_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,14) ;
+        GAMMA1(YMM_TEMP0, W_I_2) ;
+                RND_2_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,14) ;
+                RND_2_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,14) ;
+        ADD(W_I, W_I_TEMP, YMM_TEMP0) ; /* now W[16..23] are completed */
+                RND_1_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,15) ;
+
+        MOVE_to_REG(YMM_TEMP0, K[16]) ;    
+                RND_1_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,15) ;
+        ROTATE_W(W_I_16, W_I_15, W_I_7, W_I_2, W_I) ;
+                RND_1_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,15) ;
+        ADD(YMM_TEMP0, YMM_TEMP0, W_I) ;
+        MOVE_to_MEM(W_K[16], YMM_TEMP0) ;
+
+        /* W[i] = Gamma1(W[i-2]) + W[i-7] + Gamma0(W[i-15] + W[i-16]) */
+                RND_0_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,16) ;
+        GAMMA0_1(W_I_TEMP, W_I_15) ;
+                RND_0_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,16) ;
+        GAMMA0_2(W_I_TEMP, W_I_15) ;
+                RND_0_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,16) ;
+        ADD(W_I_TEMP, W_I_16, W_I_TEMP) ;/* for saving W_I before adding incomplete W_I_7 */
+                RND_7_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,17) ;
+        ADD(W_I, W_I_7, W_I_TEMP);
+                RND_7_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,17) ;
+        GAMMA1_1(YMM_TEMP0, W_I_2) ; 
+                RND_7_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,17) ;
+        GAMMA1_2(YMM_TEMP0, W_I_2) ; 
+                RND_6_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,18) ;
+        ADD(W_I, W_I, YMM_TEMP0) ;/* now W[16..17] are completed */
+                RND_6_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,18) ;
+        FEEDBACK1_to_W_I_2 ;
+                RND_6_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,18) ;
+        FEEDBACK_to_W_I_7 ; 
+                RND_5_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,19) ;
+        ADD(W_I_TEMP, W_I_7, W_I_TEMP);
+                RND_5_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,19) ;
+        GAMMA1(YMM_TEMP0, W_I_2) ; 
+                RND_5_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,19) ;
+        GAMMA1_2(YMM_TEMP0, W_I_2) ; 
+                RND_4_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,20) ;
+        ADD(W_I, W_I_TEMP, YMM_TEMP0) ;/* now W[16..19] are completed */
+                RND_4_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,20) ;
+        FEEDBACK2_to_W_I_2 ;
+                RND_4_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,20) ;
+        GAMMA1_1(YMM_TEMP0, W_I_2) ;
+                RND_3_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,21) ;
+        GAMMA1_2(YMM_TEMP0, W_I_2) ; 
+                RND_3_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,21) ;
+        ADD(W_I, W_I_TEMP, YMM_TEMP0) ; /* now W[16..21] are completed */
+                RND_3_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,21) ;
+        FEEDBACK3_to_W_I_2 ;
+                RND_2_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,22) ;
+        GAMMA1_1(YMM_TEMP0, W_I_2) ;
+                RND_2_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,22) ;
+        GAMMA1_2(YMM_TEMP0, W_I_2) ; 
+                RND_2_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,22) ;
+        ADD(W_I, W_I_TEMP, YMM_TEMP0) ; /* now W[16..23] are completed */
+                RND_1_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,23) ;
+
+        MOVE_to_REG(YMM_TEMP0, K[24]) ;    
+                RND_1_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,23) ;
+        ROTATE_W(W_I_16, W_I_15, W_I_7, W_I_2, W_I) ;
+                RND_1_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,23) ;
+        ADD(YMM_TEMP0, YMM_TEMP0, W_I) ;
+        MOVE_to_MEM(W_K[24], YMM_TEMP0) ;
+
+                /* W[i] = Gamma1(W[i-2]) + W[i-7] + Gamma0(W[i-15] + W[i-16]) */
+                RND_0_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,24) ;
+        GAMMA0_1(W_I_TEMP, W_I_15) ;
+                RND_0_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,24) ;
+        GAMMA0_2(W_I_TEMP, W_I_15) ;
+                RND_0_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,24) ;
+        ADD(W_I_TEMP, W_I_16, W_I_TEMP) ;/* for saving W_I before adding incomplete W_I_7 */
+                RND_7_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,25) ;
+        ADD(W_I, W_I_7, W_I_TEMP);
+                RND_7_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,25) ;
+        GAMMA1_1(YMM_TEMP0, W_I_2) ; 
+                RND_7_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,25) ;
+        GAMMA1_2(YMM_TEMP0, W_I_2) ; 
+                RND_6_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,26) ;
+        ADD(W_I, W_I, YMM_TEMP0) ;/* now W[16..17] are completed */
+                RND_6_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,26) ;
+        FEEDBACK1_to_W_I_2 ;
+                RND_6_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,26) ;
+        FEEDBACK_to_W_I_7 ; 
+                RND_5_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,27) ;
+        ADD(W_I_TEMP, W_I_7, W_I_TEMP);
+                RND_5_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,27) ;
+        GAMMA1_1(YMM_TEMP0, W_I_2) ; 
+                RND_5_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,27) ;
+        GAMMA1_2(YMM_TEMP0, W_I_2) ; 
+                RND_4_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,28) ;
+        ADD(W_I, W_I_TEMP, YMM_TEMP0) ;/* now W[16..19] are completed */
+                RND_4_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,28) ;
+        FEEDBACK2_to_W_I_2 ;
+                RND_4_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,28) ;
+        GAMMA1_1(YMM_TEMP0, W_I_2) ;
+                RND_3_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,29) ;
+        GAMMA1_2(YMM_TEMP0, W_I_2) ; 
+                RND_3_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,29) ;
+        ADD(W_I, W_I_TEMP, YMM_TEMP0) ; /* now W[16..21] are completed */
+                RND_3_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,29) ;
+        FEEDBACK3_to_W_I_2 ;
+                RND_2_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,30) ;
+        GAMMA1(YMM_TEMP0, W_I_2) ;
+                RND_2_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,30) ;
+                RND_2_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,30) ;
+        ADD(W_I, W_I_TEMP, YMM_TEMP0) ; /* now W[16..23] are completed */
+                RND_1_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,31) ;
+
+        MOVE_to_REG(YMM_TEMP0, K[32]) ;    
+                RND_1_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,31) ;
+        ROTATE_W(W_I_16, W_I_15, W_I_7, W_I_2, W_I) ;
+                RND_1_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,31) ;
+        ADD(YMM_TEMP0, YMM_TEMP0, W_I) ;
+        MOVE_to_MEM(W_K[32], YMM_TEMP0) ;
+
+        
+                /* W[i] = Gamma1(W[i-2]) + W[i-7] + Gamma0(W[i-15] + W[i-16]) */
+                RND_0_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,32) ;
+        GAMMA0_1(W_I_TEMP, W_I_15) ;
+                RND_0_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,32) ;
+        GAMMA0_2(W_I_TEMP, W_I_15) ;
+                RND_0_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,32) ;
+        ADD(W_I_TEMP, W_I_16, W_I_TEMP) ;/* for saving W_I before adding incomplete W_I_7 */
+                RND_7_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,33) ;
+        ADD(W_I, W_I_7, W_I_TEMP);
+                RND_7_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,33) ;
+        GAMMA1_1(YMM_TEMP0, W_I_2) ;
+                RND_7_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,33) ;
+        GAMMA1_2(YMM_TEMP0, W_I_2) ; 
+                RND_6_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,34) ;
+        ADD(W_I, W_I, YMM_TEMP0) ;/* now W[16..17] are completed */
+                RND_6_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,34) ;
+        FEEDBACK1_to_W_I_2 ;
+                RND_6_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,34) ;
+        FEEDBACK_to_W_I_7 ; 
+                RND_5_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,35) ;
+        ADD(W_I_TEMP, W_I_7, W_I_TEMP);
+                RND_5_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,35) ;
+        GAMMA1_1(YMM_TEMP0, W_I_2) ;
+                RND_5_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,35) ;
+        GAMMA1_2(YMM_TEMP0, W_I_2) ;
+                RND_4_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,36) ;
+        ADD(W_I, W_I_TEMP, YMM_TEMP0) ;/* now W[16..19] are completed */
+                RND_4_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,36) ;
+        FEEDBACK2_to_W_I_2 ;
+                RND_4_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,36) ;
+        GAMMA1_1(YMM_TEMP0, W_I_2) ;
+                RND_3_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,37) ;
+        GAMMA1_2(YMM_TEMP0, W_I_2) ;
+                RND_3_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,37) ;
+        ADD(W_I, W_I_TEMP, YMM_TEMP0) ; /* now W[16..21] are completed */
+                RND_3_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,37) ;
+        FEEDBACK3_to_W_I_2 ;
+                RND_2_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,38) ;
+        GAMMA1_1(YMM_TEMP0, W_I_2) ;
+                RND_2_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,38) ;
+        GAMMA1_2(YMM_TEMP0, W_I_2) ;
+                RND_2_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,38) ;
+        ADD(W_I, W_I_TEMP, YMM_TEMP0) ; /* now W[16..23] are completed */
+                RND_1_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,39) ;
+
+        MOVE_to_REG(YMM_TEMP0, K[40]) ;    
+                RND_1_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,39) ;
+        ROTATE_W(W_I_16, W_I_15, W_I_7, W_I_2, W_I) ;
+                RND_1_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,39) ;
+        ADD(YMM_TEMP0, YMM_TEMP0, W_I) ;
+        MOVE_to_MEM(W_K[40], YMM_TEMP0) ;
+
+                /* W[i] = Gamma1(W[i-2]) + W[i-7] + Gamma0(W[i-15] + W[i-16]) */
+                RND_0_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,40) ;
+        GAMMA0_1(W_I_TEMP, W_I_15) ;
+                RND_0_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,40) ;
+        GAMMA0_2(W_I_TEMP, W_I_15) ;
+                RND_0_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,40) ;
+        ADD(W_I_TEMP, W_I_16, W_I_TEMP) ;/* for saving W_I before adding incomplete W_I_7 */
+                RND_7_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,41) ;
+        ADD(W_I, W_I_7, W_I_TEMP);
+                RND_7_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,41) ;
+        GAMMA1_1(YMM_TEMP0, W_I_2) ;
+                RND_7_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,41) ;
+        GAMMA1_2(YMM_TEMP0, W_I_2) ;
+                RND_6_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,42) ;
+        ADD(W_I, W_I, YMM_TEMP0) ;/* now W[16..17] are completed */
+                RND_6_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,42) ;
+        FEEDBACK1_to_W_I_2 ;
+                RND_6_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,42) ;
+        FEEDBACK_to_W_I_7 ; 
+                RND_5_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,43) ;
+        ADD(W_I_TEMP, W_I_7, W_I_TEMP);
+                RND_5_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,43) ;
+        GAMMA1_1(YMM_TEMP0, W_I_2) ; 
+                RND_5_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,43) ;
+        GAMMA1_2(YMM_TEMP0, W_I_2) ;
+                RND_4_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,44) ;
+        ADD(W_I, W_I_TEMP, YMM_TEMP0) ;/* now W[16..19] are completed */
+                RND_4_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,44) ;
+        FEEDBACK2_to_W_I_2 ;
+                RND_4_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,44) ;
+        GAMMA1_1(YMM_TEMP0, W_I_2) ;
+                RND_3_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,45) ;
+        GAMMA1_2(YMM_TEMP0, W_I_2) ;
+                RND_3_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,45) ;
+        ADD(W_I, W_I_TEMP, YMM_TEMP0) ; /* now W[16..21] are completed */
+                RND_3_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,45) ;
+        FEEDBACK3_to_W_I_2 ;
+                RND_2_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,46) ;
+        GAMMA1_1(YMM_TEMP0, W_I_2) ;
+                RND_2_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,46) ;
+        GAMMA1_2(YMM_TEMP0, W_I_2) ;
+                RND_2_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,46) ;
+        ADD(W_I, W_I_TEMP, YMM_TEMP0) ; /* now W[16..23] are completed */
+                RND_1_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,47) ;
+
+        MOVE_to_REG(YMM_TEMP0, K[48]) ;    
+                RND_1_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,47) ;
+        ROTATE_W(W_I_16, W_I_15, W_I_7, W_I_2, W_I) ;
+                RND_1_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,47) ;
+        ADD(YMM_TEMP0, YMM_TEMP0, W_I) ;
+        MOVE_to_MEM(W_K[48], YMM_TEMP0) ;
+        
+                /* W[i] = Gamma1(W[i-2]) + W[i-7] + Gamma0(W[i-15] + W[i-16]) */
+                RND_0_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,48) ;
+        GAMMA0_1(W_I_TEMP, W_I_15) ;
+                RND_0_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,48) ;
+        GAMMA0_2(W_I_TEMP, W_I_15) ;
+                RND_0_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,48) ;
+        ADD(W_I_TEMP, W_I_16, W_I_TEMP) ;/* for saving W_I before adding incomplete W_I_7 */
+                RND_7_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,49) ;
+        ADD(W_I, W_I_7, W_I_TEMP);
+                RND_7_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,49) ;
+        GAMMA1_1(YMM_TEMP0, W_I_2) ; 
+                RND_7_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,49) ;
+        GAMMA1_2(YMM_TEMP0, W_I_2) ;
+                RND_6_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,50) ;
+        ADD(W_I, W_I, YMM_TEMP0) ;/* now W[16..17] are completed */
+                RND_6_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,50) ;
+        FEEDBACK1_to_W_I_2 ;
+                RND_6_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,50) ;
+        FEEDBACK_to_W_I_7 ; 
+                RND_5_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,51) ;
+        ADD(W_I_TEMP, W_I_7, W_I_TEMP);
+                RND_5_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,51) ;
+        GAMMA1_1(YMM_TEMP0, W_I_2) ;
+                RND_5_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,51) ;
+        GAMMA1_2(YMM_TEMP0, W_I_2) ;
+                RND_4_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,52) ;
+        ADD(W_I, W_I_TEMP, YMM_TEMP0) ;/* now W[16..19] are completed */
+                RND_4_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,52) ;
+        FEEDBACK2_to_W_I_2 ;
+                RND_4_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,52) ;
+        GAMMA1_1(YMM_TEMP0, W_I_2) ;
+                RND_3_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,53) ;
+        GAMMA1_2(YMM_TEMP0, W_I_2) ;
+                RND_3_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,53) ;
+        ADD(W_I, W_I_TEMP, YMM_TEMP0) ; /* now W[16..21] are completed */
+                RND_3_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,53) ;
+        FEEDBACK3_to_W_I_2 ;
+                RND_2_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,54) ;
+        GAMMA1_1(YMM_TEMP0, W_I_2) ;
+                RND_2_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,54) ;
+        GAMMA1_2(YMM_TEMP0, W_I_2) ;
+                RND_2_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,54) ;
+        ADD(W_I, W_I_TEMP, YMM_TEMP0) ; /* now W[16..23] are completed */
+                RND_1_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,55) ;
+
+        MOVE_to_REG(YMM_TEMP0, K[56]) ;    
+                RND_1_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,55) ;
+        ROTATE_W(W_I_16, W_I_15, W_I_7, W_I_2, W_I) ;
+                RND_1_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,55) ;
+        ADD(YMM_TEMP0, YMM_TEMP0, W_I) ;
+        MOVE_to_MEM(W_K[56], YMM_TEMP0) ;        
+        
+        RND_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,56) ;
+        RND_7(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,57) ;
+        RND_6(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,58) ;
+        RND_5(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,59) ;
+
+        RND_4(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,60) ;
+        RND_3(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,61) ;
+        RND_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,62) ;
+        RND_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,63) ;
+
+    RegToDigest(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7) ;  
+
+    #ifdef WOLFSSL_SMALL_STACK
+        XFREE(W, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    #endif
+    
+    return 0;
+}
+
+#endif   /* HAVE_INTEL_AVX2 */
+
+#endif   /* WOLFSSL_TI_HAHS */
+
+#endif   /* HAVE_FIPS */
+
+#endif /* NO_SHA256 */
+
diff --git a/wolfssl/wolfcrypt/md5.h b/wolfssl/wolfcrypt/md5.h
index ba8d89400..94e4466f7 100644
--- a/wolfssl/wolfcrypt/md5.h
+++ b/wolfssl/wolfcrypt/md5.h
@@ -1,81 +1,100 @@
-/* md5.h
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-#ifndef WOLF_CRYPT_MD5_H
-#define WOLF_CRYPT_MD5_H
-
-#include <wolfssl/wolfcrypt/types.h>
-
-#ifndef NO_MD5
-
-#ifdef HAVE_FIPS
-    #define wc_InitMd5   InitMd5
-    #define wc_Md5Update Md5Update
-    #define wc_Md5Final  Md5Final
-    #define wc_Md5Hash   Md5Hash
-#endif
-
-#ifdef __cplusplus
-    extern "C" {
-#endif
-
-
-/* in bytes */
-enum {
-#ifdef STM32F2_HASH
-    MD5_REG_SIZE    =  4,      /* STM32 register size, bytes */
-#endif
-    MD5             =  0,      /* hash type unique */
-    MD5_BLOCK_SIZE  = 64,
-    MD5_DIGEST_SIZE = 16,
-    MD5_PAD_SIZE    = 56
-};
-
-#if defined(WOLFSSL_PIC32MZ_HASH)
-#include "port/pic32/pic32mz-crypt.h"
-#endif
-
-/* MD5 digest */
-typedef struct Md5 {
-    word32  buffLen;   /* in bytes          */
-    word32  loLen;     /* length in bytes   */
-    word32  hiLen;     /* length in bytes   */
-    word32  buffer[MD5_BLOCK_SIZE  / sizeof(word32)];
-    #if !defined(WOLFSSL_PIC32MZ_HASH)
-    word32  digest[MD5_DIGEST_SIZE / sizeof(word32)];
-    #else
-    word32  digest[PIC32_HASH_SIZE / sizeof(word32)];
-    pic32mz_desc desc ; /* Crypt Engine descripter */
-    #endif
-} Md5;
-
-WOLFSSL_API void wc_InitMd5(Md5*);
-WOLFSSL_API void wc_Md5Update(Md5*, const byte*, word32);
-WOLFSSL_API void wc_Md5Final(Md5*, byte*);
-WOLFSSL_API int  wc_Md5Hash(const byte*, word32, byte*);
-
-
-#ifdef __cplusplus
-    } /* extern "C" */
-#endif
-
-#endif /* NO_MD5 */
-#endif /* WOLF_CRYPT_MD5_H */
+/* md5.h
+ *
+ * Copyright (C) 2006-2015 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL. (formerly known as CyaSSL)
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+#ifndef WOLF_CRYPT_MD5_H
+#define WOLF_CRYPT_MD5_H
+
+#include <wolfssl/wolfcrypt/types.h>
+
+#ifndef NO_MD5
+
+#ifdef HAVE_FIPS
+    #define wc_InitMd5   InitMd5
+    #define wc_Md5Update Md5Update
+    #define wc_Md5Final  Md5Final
+    #define wc_Md5Hash   Md5Hash
+#endif
+
+#ifdef __cplusplus
+    extern "C" {
+#endif
+
+/* in bytes */
+enum {
+#ifdef STM32F2_HASH
+    MD5_REG_SIZE    =  4,      /* STM32 register size, bytes */
+#endif
+    MD5             =  0,      /* hash type unique */
+    MD5_BLOCK_SIZE  = 64,
+    MD5_DIGEST_SIZE = 16,
+    MD5_PAD_SIZE    = 56
+};
+
+#if defined(WOLFSSL_PIC32MZ_HASH)
+#include "port/pic32/pic32mz-crypt.h"
+#endif
+
+#ifdef TI_HASH_TEST
+#include "wolfssl/wolfcrypt/port/ti/ti-hash.h"
+#endif
+
+
+#ifndef WOLFSSL_TI_HASH
+
+/* MD5 digest */
+typedef struct Md5 {
+    word32  buffLen;   /* in bytes          */
+    word32  loLen;     /* length in bytes   */
+    word32  hiLen;     /* length in bytes   */
+    word32  buffer[MD5_BLOCK_SIZE  / sizeof(word32)];
+    #if !defined(WOLFSSL_PIC32MZ_HASH)
+    word32  digest[MD5_DIGEST_SIZE / sizeof(word32)];
+    #else
+    word32  digest[PIC32_HASH_SIZE / sizeof(word32)];
+    pic32mz_desc desc ; /* Crypt Engine descripter */
+    #endif
+
+#ifdef TI_HASH_TEST
+    wolfssl_TI_Hash ti ;
+#endif
+
+} Md5;
+
+#if defined(TI_HASH_TEST)
+void wc_Md5GetHash_ti(Md5* md5, byte* hash) ;
+#endif
+
+#else /* WOLFSSL_TI_HASH */
+    #include "wolfssl/wolfcrypt/port/ti/ti-hash.h"
+#endif
+
+WOLFSSL_API void wc_InitMd5(Md5*);
+WOLFSSL_API void wc_Md5Update(Md5*, const byte*, word32);
+WOLFSSL_API void wc_Md5Final(Md5*, byte*);
+WOLFSSL_API int  wc_Md5Hash(const byte*, word32, byte*);
+WOLFSSL_API void wc_Md5GetHash(Md5*, byte*);
+
+#ifdef __cplusplus
+    } /* extern "C" */
+#endif
+
+#endif /* NO_MD5 */
+#endif /* WOLF_CRYPT_MD5_H */
diff --git a/wolfssl/wolfcrypt/sha.h b/wolfssl/wolfcrypt/sha.h
index 9fdabed39..46dce03d0 100644
--- a/wolfssl/wolfcrypt/sha.h
+++ b/wolfssl/wolfcrypt/sha.h
@@ -1,80 +1,88 @@
-/* sha.h
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-#ifndef WOLF_CRYPT_SHA_H
-#define WOLF_CRYPT_SHA_H
-
-#include <wolfssl/wolfcrypt/types.h>
-
-#ifndef NO_SHA
-
-#ifdef HAVE_FIPS
-/* for fips @wc_fips */
-#include <cyassl/ctaocrypt/sha.h>
-#endif
-
-#ifdef __cplusplus
-    extern "C" {
-#endif
-
-#ifndef HAVE_FIPS /* avoid redefining structs */
-/* in bytes */
-enum {
-#ifdef STM32F2_HASH
-    SHA_REG_SIZE     =  4,    /* STM32 register size, bytes */
-#endif
-    SHA              =  1,    /* hash type unique */
-    SHA_BLOCK_SIZE   = 64,
-    SHA_DIGEST_SIZE  = 20,
-    SHA_PAD_SIZE     = 56
-};
-
-#ifdef WOLFSSL_PIC32MZ_HASH
-#include "port/pic32/pic32mz-crypt.h"
-#endif
-
-/* Sha digest */
-typedef struct Sha {
-    word32  buffLen;   /* in bytes          */
-    word32  loLen;     /* length in bytes   */
-    word32  hiLen;     /* length in bytes   */
-    word32  buffer[SHA_BLOCK_SIZE  / sizeof(word32)];
-    #ifndef WOLFSSL_PIC32MZ_HASH
-        word32  digest[SHA_DIGEST_SIZE / sizeof(word32)];
-    #else
-        word32  digest[PIC32_HASH_SIZE / sizeof(word32)];
-        pic32mz_desc desc; /* Crypt Engine descripter */
-    #endif
-} Sha;
-#endif /* HAVE_FIPS */
-
-WOLFSSL_API int wc_InitSha(Sha*);
-WOLFSSL_API int wc_ShaUpdate(Sha*, const byte*, word32);
-WOLFSSL_API int wc_ShaFinal(Sha*, byte*);
-WOLFSSL_API int wc_ShaHash(const byte*, word32, byte*);
-
-#ifdef __cplusplus
-    } /* extern "C" */
-#endif
-
-#endif /* NO_SHA */
-#endif /* WOLF_CRYPT_SHA_H */
-
+/* sha.h
+ *
+ * Copyright (C) 2006-2015 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL. (formerly known as CyaSSL)
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+#ifndef WOLF_CRYPT_SHA_H
+#define WOLF_CRYPT_SHA_H
+
+#include <wolfssl/wolfcrypt/types.h>
+
+#ifndef NO_SHA
+
+#ifdef HAVE_FIPS
+/* for fips @wc_fips */
+#include <cyassl/ctaocrypt/sha.h>
+#endif
+
+#ifdef __cplusplus
+    extern "C" {
+#endif
+
+#ifndef HAVE_FIPS /* avoid redefining structs */
+/* in bytes */
+enum {
+#ifdef STM32F2_HASH
+    SHA_REG_SIZE     =  4,    /* STM32 register size, bytes */
+#endif
+    SHA              =  1,    /* hash type unique */
+    SHA_BLOCK_SIZE   = 64,
+    SHA_DIGEST_SIZE  = 20,
+    SHA_PAD_SIZE     = 56
+};
+
+#ifdef WOLFSSL_PIC32MZ_HASH
+#include "port/pic32/pic32mz-crypt.h"
+#endif
+
+#ifndef WOLFSSL_TI_HASH
+      
+/* Sha digest */
+typedef struct Sha {
+    word32  buffLen;   /* in bytes          */
+    word32  loLen;     /* length in bytes   */
+    word32  hiLen;     /* length in bytes   */
+    word32  buffer[SHA_BLOCK_SIZE  / sizeof(word32)];
+    #ifndef WOLFSSL_PIC32MZ_HASH
+        word32  digest[SHA_DIGEST_SIZE / sizeof(word32)];
+    #else
+        word32  digest[PIC32_HASH_SIZE / sizeof(word32)];
+        pic32mz_desc desc; /* Crypt Engine descripter */
+    #endif
+} Sha;
+
+#else /* WOLFSSL_TI_HASH */
+    #include "wolfssl/wolfcrypt/port/ti/ti-hash.h"
+#endif
+
+#endif /* HAVE_FIPS */
+
+WOLFSSL_API int wc_InitSha(Sha*);
+WOLFSSL_API int wc_ShaUpdate(Sha*, const byte*, word32);
+WOLFSSL_API int wc_ShaFinal(Sha*, byte*);
+WOLFSSL_API int wc_ShaHash(const byte*, word32, byte*);
+WOLFSSL_API int wc_ShaGetHash(Sha*, byte*);
+
+#ifdef __cplusplus
+    } /* extern "C" */
+#endif
+
+#endif /* NO_SHA */
+#endif /* WOLF_CRYPT_SHA_H */
+
diff --git a/wolfssl/wolfcrypt/sha256.h b/wolfssl/wolfcrypt/sha256.h
index 5dbe2d74b..86616e320 100644
--- a/wolfssl/wolfcrypt/sha256.h
+++ b/wolfssl/wolfcrypt/sha256.h
@@ -1,80 +1,86 @@
-/* sha256.h
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-/* code submitted by raphael.huck@efixo.com */
-
-#ifndef WOLF_CRYPT_SHA256_H
-#define WOLF_CRYPT_SHA256_H
-
-#include <wolfssl/wolfcrypt/types.h>
-
-#ifndef NO_SHA256
-
-#ifdef HAVE_FIPS
-    /* for fips @wc_fips */
-    #include <cyassl/ctaocrypt/sha256.h>
-#endif
-
-
-#ifdef __cplusplus
-    extern "C" {
-#endif
-
-#ifndef HAVE_FIPS /* avoid redefinition of structs */
-#ifdef WOLFSSL_PIC32MZ_HASH
-    #include "port/pic32/pic32mz-crypt.h"
-#endif
-
-/* in bytes */
-enum {
-    SHA256              =  2,   /* hash type unique */
-    SHA256_BLOCK_SIZE   = 64,
-    SHA256_DIGEST_SIZE  = 32,
-    SHA256_PAD_SIZE     = 56
-};
-
-
-/* Sha256 digest */
-typedef struct Sha256 {
-    word32  buffLen;   /* in bytes          */
-    word32  loLen;     /* length in bytes   */
-    word32  hiLen;     /* length in bytes   */
-    word32  digest[SHA256_DIGEST_SIZE / sizeof(word32)];
-    word32  buffer[SHA256_BLOCK_SIZE  / sizeof(word32)];
-    #ifdef WOLFSSL_PIC32MZ_HASH
-        pic32mz_desc desc ; /* Crypt Engine descripter */
-    #endif
-} Sha256;
-
-#endif /* HAVE_FIPS */
-
-WOLFSSL_API int wc_InitSha256(Sha256*);
-WOLFSSL_API int wc_Sha256Update(Sha256*, const byte*, word32);
-WOLFSSL_API int wc_Sha256Final(Sha256*, byte*);
-WOLFSSL_API int wc_Sha256Hash(const byte*, word32, byte*);
-
-#ifdef __cplusplus
-    } /* extern "C" */
-#endif
-
-#endif /* NO_SHA256 */
-#endif /* WOLF_CRYPT_SHA256_H */
-
+/* sha256.h
+ *
+ * Copyright (C) 2006-2015 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL. (formerly known as CyaSSL)
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+/* code submitted by raphael.huck@efixo.com */
+
+#ifndef WOLF_CRYPT_SHA256_H
+#define WOLF_CRYPT_SHA256_H
+
+#include <wolfssl/wolfcrypt/types.h>
+
+#ifndef NO_SHA256
+
+#ifdef HAVE_FIPS
+    /* for fips @wc_fips */
+    #include <cyassl/ctaocrypt/sha256.h>
+#endif
+
+
+#ifdef __cplusplus
+    extern "C" {
+#endif
+
+#ifndef HAVE_FIPS /* avoid redefinition of structs */
+#ifdef WOLFSSL_PIC32MZ_HASH
+    #include "port/pic32/pic32mz-crypt.h"
+#endif
+
+/* in bytes */
+enum {
+    SHA256              =  2,   /* hash type unique */
+    SHA256_BLOCK_SIZE   = 64,
+    SHA256_DIGEST_SIZE  = 32,
+    SHA256_PAD_SIZE     = 56
+};
+
+#ifndef WOLFSSL_TI_HASH
+
+/* Sha256 digest */
+typedef struct Sha256 {
+    word32  buffLen;   /* in bytes          */
+    word32  loLen;     /* length in bytes   */
+    word32  hiLen;     /* length in bytes   */
+    word32  digest[SHA256_DIGEST_SIZE / sizeof(word32)];
+    word32  buffer[SHA256_BLOCK_SIZE  / sizeof(word32)];
+    #ifdef WOLFSSL_PIC32MZ_HASH
+        pic32mz_desc desc ; /* Crypt Engine descripter */
+    #endif
+} Sha256;
+
+#else /* WOLFSSL_TI_HASH */
+    #include "wolfssl/wolfcrypt/port/ti/ti-hash.h"
+#endif
+
+#endif /* HAVE_FIPS */
+
+WOLFSSL_API int wc_InitSha256(Sha256*);
+WOLFSSL_API int wc_Sha256Update(Sha256*, const byte*, word32);
+WOLFSSL_API int wc_Sha256Final(Sha256*, byte*);
+WOLFSSL_API int wc_Sha256Hash(const byte*, word32, byte*);
+WOLFSSL_API int wc_Sha256GetHash(Sha256*, byte*);
+
+#ifdef __cplusplus
+    } /* extern "C" */
+#endif
+
+#endif /* NO_SHA256 */
+#endif /* WOLF_CRYPT_SHA256_H */
+

From 527013ec1edae29e5cdf1169a9ced00c0e7a6559 Mon Sep 17 00:00:00 2001
From: Takashi Kojo <kojo@wolfssl.com>
Date: Thu, 21 May 2015 14:16:09 +0900
Subject: [PATCH 091/350] corrected NL code

---
 wolfcrypt/src/md5.c            |  852 ++++----
 wolfcrypt/src/port/ti/ti-aes.c | 1096 +++++-----
 wolfcrypt/src/sha.c            |  946 ++++-----
 wolfcrypt/src/sha256.c         | 3562 ++++++++++++++++----------------
 wolfssl/wolfcrypt/md5.h        |  200 +-
 wolfssl/wolfcrypt/sha.h        |  176 +-
 wolfssl/wolfcrypt/sha256.h     |  172 +-
 7 files changed, 3502 insertions(+), 3502 deletions(-)

diff --git a/wolfcrypt/src/md5.c b/wolfcrypt/src/md5.c
index a3e76eda8..6c2e45d9f 100644
--- a/wolfcrypt/src/md5.c
+++ b/wolfcrypt/src/md5.c
@@ -1,426 +1,426 @@
-/* md5.c
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
-
-#if !defined(NO_MD5) && !defined(WOLFSSL_TI_HASH)
-
-#ifdef WOLFSSL_PIC32MZ_HASH
-#define wc_InitMd5   wc_InitMd5_sw
-#define wc_Md5Update wc_Md5Update_sw
-#define wc_Md5Final  wc_Md5Final_sw
-#endif
-
-#include <wolfssl/wolfcrypt/md5.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
-
-#ifdef NO_INLINE
-    #include <wolfssl/wolfcrypt/misc.h>
-#else
-    #include <wolfcrypt/src/misc.c>
-#endif
-
-#ifdef FREESCALE_MMCAU
-    #include "cau_api.h"
-    #define XTRANSFORM(S,B)  cau_md5_hash_n((B), 1, (unsigned char*)(S)->digest)
-#else
-    #define XTRANSFORM(S,B)  Transform((S))
-#endif
-
-
-#ifdef STM32F2_HASH
-    /*
-     * STM32F2 hardware MD5 support through the STM32F2 standard peripheral
-     * library. Documentation located in STM32F2xx Standard Peripheral Library
-     * document (See note in README).
-     */
-    #include "stm32f2xx.h"
-
-    void wc_InitMd5(Md5* md5)
-    {
-        /* STM32F2 struct notes:
-         * md5->buffer  = first 4 bytes used to hold partial block if needed 
-         * md5->buffLen = num bytes currently stored in md5->buffer
-         * md5->loLen   = num bytes that have been written to STM32 FIFO
-         */
-        XMEMSET(md5->buffer, 0, MD5_REG_SIZE);
-			
-        md5->buffLen = 0;
-        md5->loLen = 0;
-
-        /* initialize HASH peripheral */
-        HASH_DeInit();
-
-        /* configure algo used, algo mode, datatype */
-        HASH->CR &= ~ (HASH_CR_ALGO | HASH_CR_DATATYPE | HASH_CR_MODE);
-        HASH->CR |= (HASH_AlgoSelection_MD5 | HASH_AlgoMode_HASH 
-                 | HASH_DataType_8b);
-
-        /* reset HASH processor */
-        HASH->CR |= HASH_CR_INIT;
-    }
-
-    void wc_Md5Update(Md5* md5, const byte* data, word32 len)
-    {
-        word32 i = 0;
-        word32 fill = 0;
-        word32 diff = 0;
-
-        /* if saved partial block is available */
-        if (md5->buffLen > 0) {
-            fill = 4 - md5->buffLen;
-
-            /* if enough data to fill, fill and push to FIFO */
-            if (fill <= len) {
-                XMEMCPY((byte*)md5->buffer + md5->buffLen, data, fill);
-                HASH_DataIn(*(uint32_t*)md5->buffer);
-
-                data += fill;
-                len -= fill;
-                md5->loLen += 4;
-                md5->buffLen = 0;
-            } else {
-                /* append partial to existing stored block */
-                XMEMCPY((byte*)md5->buffer + md5->buffLen, data, len);
-                md5->buffLen += len;
-                return;
-            }
-        }
-
-        /* write input block in the IN FIFO */
-        for (i = 0; i < len; i += 4)
-        {
-            diff = len - i;
-            if (diff < 4) {
-                /* store incomplete last block, not yet in FIFO */
-                XMEMSET(md5->buffer, 0, MD5_REG_SIZE);
-                XMEMCPY((byte*)md5->buffer, data, diff);
-                md5->buffLen = diff;
-            } else {
-                HASH_DataIn(*(uint32_t*)data);
-                data+=4;
-            }
-        }
-
-        /* keep track of total data length thus far */
-        md5->loLen += (len - md5->buffLen);
-    }
-
-    void wc_Md5Final(Md5* md5, byte* hash)
-    {
-        __IO uint16_t nbvalidbitsdata = 0;
-
-        /* finish reading any trailing bytes into FIFO */
-        if (md5->buffLen > 0) {
-            HASH_DataIn(*(uint32_t*)md5->buffer);
-            md5->loLen += md5->buffLen;
-        }
-
-        /* calculate number of valid bits in last word of input data */
-        nbvalidbitsdata = 8 * (md5->loLen % MD5_REG_SIZE);
-
-        /* configure number of valid bits in last word of the data */
-        HASH_SetLastWordValidBitsNbr(nbvalidbitsdata);
-
-        /* start HASH processor */
-        HASH_StartDigest();
-
-        /* wait until Busy flag == RESET */
-        while (HASH_GetFlagStatus(HASH_FLAG_BUSY) != RESET) {}
-        
-        /* read message digest */
-        md5->digest[0] = HASH->HR[0];
-        md5->digest[1] = HASH->HR[1];
-        md5->digest[2] = HASH->HR[2];
-        md5->digest[3] = HASH->HR[3];
-
-        ByteReverseWords(md5->digest, md5->digest, MD5_DIGEST_SIZE);
-
-        XMEMCPY(hash, md5->digest, MD5_DIGEST_SIZE);
-
-        wc_InitMd5(md5);  /* reset state */
-    }
-
-#elif defined(WOLFSSL_IT_HASH)
-
-    /* defined in port/ti_md5.c */
-
-#else /* CTaoCrypt software implementation */
-
-#ifndef WOLFSSL_HAVE_MIN
-#define WOLFSSL_HAVE_MIN
-
-    static INLINE word32 min(word32 a, word32 b)
-    {
-        return a > b ? b : a;
-    }
-
-#endif /* WOLFSSL_HAVE_MIN */
-
-#ifdef TI_HASH_TEST
-void wc_InitMd5_ti(Md5* md5) ;
-void wc_Md5Update_ti(Md5* md5, const byte* data, word32 len) ;
-void wc_Md5Final_ti(Md5* md5, byte* hash) ;
-#endif
-
-void wc_InitMd5(Md5* md5)
-{
-    md5->digest[0] = 0x67452301L;
-    md5->digest[1] = 0xefcdab89L;
-    md5->digest[2] = 0x98badcfeL;
-    md5->digest[3] = 0x10325476L;
-
-    md5->buffLen = 0;
-    md5->loLen   = 0;
-    md5->hiLen   = 0;
-
-#ifdef TI_HASH_TEST
-    wc_InitMd5_ti(md5) ;
-#endif
-}
-
-#ifndef FREESCALE_MMCAU
-
-static void Transform(Md5* md5)
-{
-#define F1(x, y, z) (z ^ (x & (y ^ z)))
-#define F2(x, y, z) F1(z, x, y)
-#define F3(x, y, z) (x ^ y ^ z)
-#define F4(x, y, z) (y ^ (x | ~z))
-
-#define MD5STEP(f, w, x, y, z, data, s) \
-    w = rotlFixed(w + f(x, y, z) + data, s) + x
-
-    /* Copy context->state[] to working vars  */
-    word32 a = md5->digest[0];
-    word32 b = md5->digest[1];
-    word32 c = md5->digest[2];
-    word32 d = md5->digest[3];
-
-    MD5STEP(F1, a, b, c, d, md5->buffer[0]  + 0xd76aa478,  7);
-    MD5STEP(F1, d, a, b, c, md5->buffer[1]  + 0xe8c7b756, 12);
-    MD5STEP(F1, c, d, a, b, md5->buffer[2]  + 0x242070db, 17);
-    MD5STEP(F1, b, c, d, a, md5->buffer[3]  + 0xc1bdceee, 22);
-    MD5STEP(F1, a, b, c, d, md5->buffer[4]  + 0xf57c0faf,  7);
-    MD5STEP(F1, d, a, b, c, md5->buffer[5]  + 0x4787c62a, 12);
-    MD5STEP(F1, c, d, a, b, md5->buffer[6]  + 0xa8304613, 17);
-    MD5STEP(F1, b, c, d, a, md5->buffer[7]  + 0xfd469501, 22);
-    MD5STEP(F1, a, b, c, d, md5->buffer[8]  + 0x698098d8,  7);
-    MD5STEP(F1, d, a, b, c, md5->buffer[9]  + 0x8b44f7af, 12);
-    MD5STEP(F1, c, d, a, b, md5->buffer[10] + 0xffff5bb1, 17);
-    MD5STEP(F1, b, c, d, a, md5->buffer[11] + 0x895cd7be, 22);
-    MD5STEP(F1, a, b, c, d, md5->buffer[12] + 0x6b901122,  7);
-    MD5STEP(F1, d, a, b, c, md5->buffer[13] + 0xfd987193, 12);
-    MD5STEP(F1, c, d, a, b, md5->buffer[14] + 0xa679438e, 17);
-    MD5STEP(F1, b, c, d, a, md5->buffer[15] + 0x49b40821, 22);
-
-    MD5STEP(F2, a, b, c, d, md5->buffer[1]  + 0xf61e2562,  5);
-    MD5STEP(F2, d, a, b, c, md5->buffer[6]  + 0xc040b340,  9);
-    MD5STEP(F2, c, d, a, b, md5->buffer[11] + 0x265e5a51, 14);
-    MD5STEP(F2, b, c, d, a, md5->buffer[0]  + 0xe9b6c7aa, 20);
-    MD5STEP(F2, a, b, c, d, md5->buffer[5]  + 0xd62f105d,  5);
-    MD5STEP(F2, d, a, b, c, md5->buffer[10] + 0x02441453,  9);
-    MD5STEP(F2, c, d, a, b, md5->buffer[15] + 0xd8a1e681, 14);
-    MD5STEP(F2, b, c, d, a, md5->buffer[4]  + 0xe7d3fbc8, 20);
-    MD5STEP(F2, a, b, c, d, md5->buffer[9]  + 0x21e1cde6,  5);
-    MD5STEP(F2, d, a, b, c, md5->buffer[14] + 0xc33707d6,  9);
-    MD5STEP(F2, c, d, a, b, md5->buffer[3]  + 0xf4d50d87, 14);
-    MD5STEP(F2, b, c, d, a, md5->buffer[8]  + 0x455a14ed, 20);
-    MD5STEP(F2, a, b, c, d, md5->buffer[13] + 0xa9e3e905,  5);
-    MD5STEP(F2, d, a, b, c, md5->buffer[2]  + 0xfcefa3f8,  9);
-    MD5STEP(F2, c, d, a, b, md5->buffer[7]  + 0x676f02d9, 14);
-    MD5STEP(F2, b, c, d, a, md5->buffer[12] + 0x8d2a4c8a, 20);
-
-    MD5STEP(F3, a, b, c, d, md5->buffer[5]  + 0xfffa3942,  4);
-    MD5STEP(F3, d, a, b, c, md5->buffer[8]  + 0x8771f681, 11);
-    MD5STEP(F3, c, d, a, b, md5->buffer[11] + 0x6d9d6122, 16);
-    MD5STEP(F3, b, c, d, a, md5->buffer[14] + 0xfde5380c, 23);
-    MD5STEP(F3, a, b, c, d, md5->buffer[1]  + 0xa4beea44,  4);
-    MD5STEP(F3, d, a, b, c, md5->buffer[4]  + 0x4bdecfa9, 11);
-    MD5STEP(F3, c, d, a, b, md5->buffer[7]  + 0xf6bb4b60, 16);
-    MD5STEP(F3, b, c, d, a, md5->buffer[10] + 0xbebfbc70, 23);
-    MD5STEP(F3, a, b, c, d, md5->buffer[13] + 0x289b7ec6,  4);
-    MD5STEP(F3, d, a, b, c, md5->buffer[0]  + 0xeaa127fa, 11);
-    MD5STEP(F3, c, d, a, b, md5->buffer[3]  + 0xd4ef3085, 16);
-    MD5STEP(F3, b, c, d, a, md5->buffer[6]  + 0x04881d05, 23);
-    MD5STEP(F3, a, b, c, d, md5->buffer[9]  + 0xd9d4d039,  4);
-    MD5STEP(F3, d, a, b, c, md5->buffer[12] + 0xe6db99e5, 11);
-    MD5STEP(F3, c, d, a, b, md5->buffer[15] + 0x1fa27cf8, 16);
-    MD5STEP(F3, b, c, d, a, md5->buffer[2]  + 0xc4ac5665, 23);
-
-    MD5STEP(F4, a, b, c, d, md5->buffer[0]  + 0xf4292244,  6);
-    MD5STEP(F4, d, a, b, c, md5->buffer[7]  + 0x432aff97, 10);
-    MD5STEP(F4, c, d, a, b, md5->buffer[14] + 0xab9423a7, 15);
-    MD5STEP(F4, b, c, d, a, md5->buffer[5]  + 0xfc93a039, 21);
-    MD5STEP(F4, a, b, c, d, md5->buffer[12] + 0x655b59c3,  6);
-    MD5STEP(F4, d, a, b, c, md5->buffer[3]  + 0x8f0ccc92, 10);
-    MD5STEP(F4, c, d, a, b, md5->buffer[10] + 0xffeff47d, 15);
-    MD5STEP(F4, b, c, d, a, md5->buffer[1]  + 0x85845dd1, 21);
-    MD5STEP(F4, a, b, c, d, md5->buffer[8]  + 0x6fa87e4f,  6);
-    MD5STEP(F4, d, a, b, c, md5->buffer[15] + 0xfe2ce6e0, 10);
-    MD5STEP(F4, c, d, a, b, md5->buffer[6]  + 0xa3014314, 15);
-    MD5STEP(F4, b, c, d, a, md5->buffer[13] + 0x4e0811a1, 21);
-    MD5STEP(F4, a, b, c, d, md5->buffer[4]  + 0xf7537e82,  6);
-    MD5STEP(F4, d, a, b, c, md5->buffer[11] + 0xbd3af235, 10);
-    MD5STEP(F4, c, d, a, b, md5->buffer[2]  + 0x2ad7d2bb, 15);
-    MD5STEP(F4, b, c, d, a, md5->buffer[9]  + 0xeb86d391, 21);
-    
-    /* Add the working vars back into digest state[]  */
-    md5->digest[0] += a;
-    md5->digest[1] += b;
-    md5->digest[2] += c;
-    md5->digest[3] += d;
-}
-
-#endif /* FREESCALE_MMCAU */
-
-
-static INLINE void AddLength(Md5* md5, word32 len)
-{
-    word32 tmp = md5->loLen;
-    if ( (md5->loLen += len) < tmp)
-        md5->hiLen++;                       /* carry low to high */
-}
-
-
-void wc_Md5Update(Md5* md5, const byte* data, word32 len)
-{
-    /* do block size increments */
-    byte* local = (byte*)md5->buffer;
-
-    while (len) {
-        word32 add = min(len, MD5_BLOCK_SIZE - md5->buffLen);
-        XMEMCPY(&local[md5->buffLen], data, add);
-
-        md5->buffLen += add;
-        data         += add;
-        len          -= add;
-
-        if (md5->buffLen == MD5_BLOCK_SIZE) {
-            #if defined(BIG_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU)
-                ByteReverseWords(md5->buffer, md5->buffer, MD5_BLOCK_SIZE);
-            #endif
-            XTRANSFORM(md5, local);
-            AddLength(md5, MD5_BLOCK_SIZE);
-            md5->buffLen = 0;
-        }
-    }
-#ifdef TI_HASH_TEST
-    wc_Md5Update_ti(md5, data, len) ;
-#endif
-
-}
-
-
-void wc_Md5Final(Md5* md5, byte* hash)
-{
-    byte* local = (byte*)md5->buffer;
-
-    AddLength(md5, md5->buffLen);  /* before adding pads */
-
-    local[md5->buffLen++] = 0x80;  /* add 1 */
-
-    /* pad with zeros */
-    if (md5->buffLen > MD5_PAD_SIZE) {
-        XMEMSET(&local[md5->buffLen], 0, MD5_BLOCK_SIZE - md5->buffLen);
-        md5->buffLen += MD5_BLOCK_SIZE - md5->buffLen;
-
-        #if defined(BIG_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU)
-            ByteReverseWords(md5->buffer, md5->buffer, MD5_BLOCK_SIZE);
-        #endif
-        XTRANSFORM(md5, local);
-        md5->buffLen = 0;
-    }
-    XMEMSET(&local[md5->buffLen], 0, MD5_PAD_SIZE - md5->buffLen);
-   
-    /* put lengths in bits */
-    md5->hiLen = (md5->loLen >> (8*sizeof(md5->loLen) - 3)) + 
-                 (md5->hiLen << 3);
-    md5->loLen = md5->loLen << 3;
-
-    /* store lengths */
-    #if defined(BIG_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU)
-        ByteReverseWords(md5->buffer, md5->buffer, MD5_BLOCK_SIZE);
-    #endif
-    /* ! length ordering dependent on digest endian type ! */
-    XMEMCPY(&local[MD5_PAD_SIZE], &md5->loLen, sizeof(word32));
-    XMEMCPY(&local[MD5_PAD_SIZE + sizeof(word32)], &md5->hiLen, sizeof(word32));
-
-    XTRANSFORM(md5, local);
-    #ifdef BIG_ENDIAN_ORDER
-        ByteReverseWords(md5->digest, md5->digest, MD5_DIGEST_SIZE);
-    #endif
-    XMEMCPY(hash, md5->digest, MD5_DIGEST_SIZE);
-
-    wc_InitMd5(md5);  /* reset state */
-
-#ifdef TI_HASH_TEST
-    wc_Md5Final_ti(md5, hash) ;
-#endif
-}
-
-#endif /* STM32F2_HASH */
-
-
-int wc_Md5Hash(const byte* data, word32 len, byte* hash)
-{
-#ifdef WOLFSSL_SMALL_STACK
-    Md5* md5;
-#else
-    Md5 md5[1];
-#endif
-
-#ifdef WOLFSSL_SMALL_STACK
-    md5 = (Md5*)XMALLOC(sizeof(Md5), NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    if (md5 == NULL)
-        return MEMORY_E;
-#endif
-
-    wc_InitMd5(md5);
-    wc_Md5Update(md5, data, len);
-    wc_Md5Final(md5, hash);
-
-#ifdef WOLFSSL_SMALL_STACK
-    XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-
-    return 0;
-}
-
-#if defined(WOLFSSL_TI_HASH)||defined(TI_HASH_TEST)
-#include "wolfssl/wolfcrypt/port/ti/ti-hash.h"
-#endif
-void wc_Md5GetHash(Md5* md5, byte* hash)
-{
-#if defined(WOLFSSL_TI_HASH) || defined(TI_HASH_TEST)
-    wc_Md5GetHash_ti(md5, hash) ;
-#else
-    Md5 save = *md5 ;
-    wc_Md5Final(md5, hash) ;
-    *md5 = save ;
-#endif
-}
-#endif /* NO_MD5 */
+/* md5.c
+ *
+ * Copyright (C) 2006-2015 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL. (formerly known as CyaSSL)
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#include <wolfssl/wolfcrypt/settings.h>
+
+#if !defined(NO_MD5) && !defined(WOLFSSL_TI_HASH)
+
+#ifdef WOLFSSL_PIC32MZ_HASH
+#define wc_InitMd5   wc_InitMd5_sw
+#define wc_Md5Update wc_Md5Update_sw
+#define wc_Md5Final  wc_Md5Final_sw
+#endif
+
+#include <wolfssl/wolfcrypt/md5.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
+
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #include <wolfcrypt/src/misc.c>
+#endif
+
+#ifdef FREESCALE_MMCAU
+    #include "cau_api.h"
+    #define XTRANSFORM(S,B)  cau_md5_hash_n((B), 1, (unsigned char*)(S)->digest)
+#else
+    #define XTRANSFORM(S,B)  Transform((S))
+#endif
+
+
+#ifdef STM32F2_HASH
+    /*
+     * STM32F2 hardware MD5 support through the STM32F2 standard peripheral
+     * library. Documentation located in STM32F2xx Standard Peripheral Library
+     * document (See note in README).
+     */
+    #include "stm32f2xx.h"
+
+    void wc_InitMd5(Md5* md5)
+    {
+        /* STM32F2 struct notes:
+         * md5->buffer  = first 4 bytes used to hold partial block if needed 
+         * md5->buffLen = num bytes currently stored in md5->buffer
+         * md5->loLen   = num bytes that have been written to STM32 FIFO
+         */
+        XMEMSET(md5->buffer, 0, MD5_REG_SIZE);
+			
+        md5->buffLen = 0;
+        md5->loLen = 0;
+
+        /* initialize HASH peripheral */
+        HASH_DeInit();
+
+        /* configure algo used, algo mode, datatype */
+        HASH->CR &= ~ (HASH_CR_ALGO | HASH_CR_DATATYPE | HASH_CR_MODE);
+        HASH->CR |= (HASH_AlgoSelection_MD5 | HASH_AlgoMode_HASH 
+                 | HASH_DataType_8b);
+
+        /* reset HASH processor */
+        HASH->CR |= HASH_CR_INIT;
+    }
+
+    void wc_Md5Update(Md5* md5, const byte* data, word32 len)
+    {
+        word32 i = 0;
+        word32 fill = 0;
+        word32 diff = 0;
+
+        /* if saved partial block is available */
+        if (md5->buffLen > 0) {
+            fill = 4 - md5->buffLen;
+
+            /* if enough data to fill, fill and push to FIFO */
+            if (fill <= len) {
+                XMEMCPY((byte*)md5->buffer + md5->buffLen, data, fill);
+                HASH_DataIn(*(uint32_t*)md5->buffer);
+
+                data += fill;
+                len -= fill;
+                md5->loLen += 4;
+                md5->buffLen = 0;
+            } else {
+                /* append partial to existing stored block */
+                XMEMCPY((byte*)md5->buffer + md5->buffLen, data, len);
+                md5->buffLen += len;
+                return;
+            }
+        }
+
+        /* write input block in the IN FIFO */
+        for (i = 0; i < len; i += 4)
+        {
+            diff = len - i;
+            if (diff < 4) {
+                /* store incomplete last block, not yet in FIFO */
+                XMEMSET(md5->buffer, 0, MD5_REG_SIZE);
+                XMEMCPY((byte*)md5->buffer, data, diff);
+                md5->buffLen = diff;
+            } else {
+                HASH_DataIn(*(uint32_t*)data);
+                data+=4;
+            }
+        }
+
+        /* keep track of total data length thus far */
+        md5->loLen += (len - md5->buffLen);
+    }
+
+    void wc_Md5Final(Md5* md5, byte* hash)
+    {
+        __IO uint16_t nbvalidbitsdata = 0;
+
+        /* finish reading any trailing bytes into FIFO */
+        if (md5->buffLen > 0) {
+            HASH_DataIn(*(uint32_t*)md5->buffer);
+            md5->loLen += md5->buffLen;
+        }
+
+        /* calculate number of valid bits in last word of input data */
+        nbvalidbitsdata = 8 * (md5->loLen % MD5_REG_SIZE);
+
+        /* configure number of valid bits in last word of the data */
+        HASH_SetLastWordValidBitsNbr(nbvalidbitsdata);
+
+        /* start HASH processor */
+        HASH_StartDigest();
+
+        /* wait until Busy flag == RESET */
+        while (HASH_GetFlagStatus(HASH_FLAG_BUSY) != RESET) {}
+        
+        /* read message digest */
+        md5->digest[0] = HASH->HR[0];
+        md5->digest[1] = HASH->HR[1];
+        md5->digest[2] = HASH->HR[2];
+        md5->digest[3] = HASH->HR[3];
+
+        ByteReverseWords(md5->digest, md5->digest, MD5_DIGEST_SIZE);
+
+        XMEMCPY(hash, md5->digest, MD5_DIGEST_SIZE);
+
+        wc_InitMd5(md5);  /* reset state */
+    }
+
+#elif defined(WOLFSSL_IT_HASH)
+
+    /* defined in port/ti_md5.c */
+
+#else /* CTaoCrypt software implementation */
+
+#ifndef WOLFSSL_HAVE_MIN
+#define WOLFSSL_HAVE_MIN
+
+    static INLINE word32 min(word32 a, word32 b)
+    {
+        return a > b ? b : a;
+    }
+
+#endif /* WOLFSSL_HAVE_MIN */
+
+#ifdef TI_HASH_TEST
+void wc_InitMd5_ti(Md5* md5) ;
+void wc_Md5Update_ti(Md5* md5, const byte* data, word32 len) ;
+void wc_Md5Final_ti(Md5* md5, byte* hash) ;
+#endif
+
+void wc_InitMd5(Md5* md5)
+{
+    md5->digest[0] = 0x67452301L;
+    md5->digest[1] = 0xefcdab89L;
+    md5->digest[2] = 0x98badcfeL;
+    md5->digest[3] = 0x10325476L;
+
+    md5->buffLen = 0;
+    md5->loLen   = 0;
+    md5->hiLen   = 0;
+
+#ifdef TI_HASH_TEST
+    wc_InitMd5_ti(md5) ;
+#endif
+}
+
+#ifndef FREESCALE_MMCAU
+
+static void Transform(Md5* md5)
+{
+#define F1(x, y, z) (z ^ (x & (y ^ z)))
+#define F2(x, y, z) F1(z, x, y)
+#define F3(x, y, z) (x ^ y ^ z)
+#define F4(x, y, z) (y ^ (x | ~z))
+
+#define MD5STEP(f, w, x, y, z, data, s) \
+    w = rotlFixed(w + f(x, y, z) + data, s) + x
+
+    /* Copy context->state[] to working vars  */
+    word32 a = md5->digest[0];
+    word32 b = md5->digest[1];
+    word32 c = md5->digest[2];
+    word32 d = md5->digest[3];
+
+    MD5STEP(F1, a, b, c, d, md5->buffer[0]  + 0xd76aa478,  7);
+    MD5STEP(F1, d, a, b, c, md5->buffer[1]  + 0xe8c7b756, 12);
+    MD5STEP(F1, c, d, a, b, md5->buffer[2]  + 0x242070db, 17);
+    MD5STEP(F1, b, c, d, a, md5->buffer[3]  + 0xc1bdceee, 22);
+    MD5STEP(F1, a, b, c, d, md5->buffer[4]  + 0xf57c0faf,  7);
+    MD5STEP(F1, d, a, b, c, md5->buffer[5]  + 0x4787c62a, 12);
+    MD5STEP(F1, c, d, a, b, md5->buffer[6]  + 0xa8304613, 17);
+    MD5STEP(F1, b, c, d, a, md5->buffer[7]  + 0xfd469501, 22);
+    MD5STEP(F1, a, b, c, d, md5->buffer[8]  + 0x698098d8,  7);
+    MD5STEP(F1, d, a, b, c, md5->buffer[9]  + 0x8b44f7af, 12);
+    MD5STEP(F1, c, d, a, b, md5->buffer[10] + 0xffff5bb1, 17);
+    MD5STEP(F1, b, c, d, a, md5->buffer[11] + 0x895cd7be, 22);
+    MD5STEP(F1, a, b, c, d, md5->buffer[12] + 0x6b901122,  7);
+    MD5STEP(F1, d, a, b, c, md5->buffer[13] + 0xfd987193, 12);
+    MD5STEP(F1, c, d, a, b, md5->buffer[14] + 0xa679438e, 17);
+    MD5STEP(F1, b, c, d, a, md5->buffer[15] + 0x49b40821, 22);
+
+    MD5STEP(F2, a, b, c, d, md5->buffer[1]  + 0xf61e2562,  5);
+    MD5STEP(F2, d, a, b, c, md5->buffer[6]  + 0xc040b340,  9);
+    MD5STEP(F2, c, d, a, b, md5->buffer[11] + 0x265e5a51, 14);
+    MD5STEP(F2, b, c, d, a, md5->buffer[0]  + 0xe9b6c7aa, 20);
+    MD5STEP(F2, a, b, c, d, md5->buffer[5]  + 0xd62f105d,  5);
+    MD5STEP(F2, d, a, b, c, md5->buffer[10] + 0x02441453,  9);
+    MD5STEP(F2, c, d, a, b, md5->buffer[15] + 0xd8a1e681, 14);
+    MD5STEP(F2, b, c, d, a, md5->buffer[4]  + 0xe7d3fbc8, 20);
+    MD5STEP(F2, a, b, c, d, md5->buffer[9]  + 0x21e1cde6,  5);
+    MD5STEP(F2, d, a, b, c, md5->buffer[14] + 0xc33707d6,  9);
+    MD5STEP(F2, c, d, a, b, md5->buffer[3]  + 0xf4d50d87, 14);
+    MD5STEP(F2, b, c, d, a, md5->buffer[8]  + 0x455a14ed, 20);
+    MD5STEP(F2, a, b, c, d, md5->buffer[13] + 0xa9e3e905,  5);
+    MD5STEP(F2, d, a, b, c, md5->buffer[2]  + 0xfcefa3f8,  9);
+    MD5STEP(F2, c, d, a, b, md5->buffer[7]  + 0x676f02d9, 14);
+    MD5STEP(F2, b, c, d, a, md5->buffer[12] + 0x8d2a4c8a, 20);
+
+    MD5STEP(F3, a, b, c, d, md5->buffer[5]  + 0xfffa3942,  4);
+    MD5STEP(F3, d, a, b, c, md5->buffer[8]  + 0x8771f681, 11);
+    MD5STEP(F3, c, d, a, b, md5->buffer[11] + 0x6d9d6122, 16);
+    MD5STEP(F3, b, c, d, a, md5->buffer[14] + 0xfde5380c, 23);
+    MD5STEP(F3, a, b, c, d, md5->buffer[1]  + 0xa4beea44,  4);
+    MD5STEP(F3, d, a, b, c, md5->buffer[4]  + 0x4bdecfa9, 11);
+    MD5STEP(F3, c, d, a, b, md5->buffer[7]  + 0xf6bb4b60, 16);
+    MD5STEP(F3, b, c, d, a, md5->buffer[10] + 0xbebfbc70, 23);
+    MD5STEP(F3, a, b, c, d, md5->buffer[13] + 0x289b7ec6,  4);
+    MD5STEP(F3, d, a, b, c, md5->buffer[0]  + 0xeaa127fa, 11);
+    MD5STEP(F3, c, d, a, b, md5->buffer[3]  + 0xd4ef3085, 16);
+    MD5STEP(F3, b, c, d, a, md5->buffer[6]  + 0x04881d05, 23);
+    MD5STEP(F3, a, b, c, d, md5->buffer[9]  + 0xd9d4d039,  4);
+    MD5STEP(F3, d, a, b, c, md5->buffer[12] + 0xe6db99e5, 11);
+    MD5STEP(F3, c, d, a, b, md5->buffer[15] + 0x1fa27cf8, 16);
+    MD5STEP(F3, b, c, d, a, md5->buffer[2]  + 0xc4ac5665, 23);
+
+    MD5STEP(F4, a, b, c, d, md5->buffer[0]  + 0xf4292244,  6);
+    MD5STEP(F4, d, a, b, c, md5->buffer[7]  + 0x432aff97, 10);
+    MD5STEP(F4, c, d, a, b, md5->buffer[14] + 0xab9423a7, 15);
+    MD5STEP(F4, b, c, d, a, md5->buffer[5]  + 0xfc93a039, 21);
+    MD5STEP(F4, a, b, c, d, md5->buffer[12] + 0x655b59c3,  6);
+    MD5STEP(F4, d, a, b, c, md5->buffer[3]  + 0x8f0ccc92, 10);
+    MD5STEP(F4, c, d, a, b, md5->buffer[10] + 0xffeff47d, 15);
+    MD5STEP(F4, b, c, d, a, md5->buffer[1]  + 0x85845dd1, 21);
+    MD5STEP(F4, a, b, c, d, md5->buffer[8]  + 0x6fa87e4f,  6);
+    MD5STEP(F4, d, a, b, c, md5->buffer[15] + 0xfe2ce6e0, 10);
+    MD5STEP(F4, c, d, a, b, md5->buffer[6]  + 0xa3014314, 15);
+    MD5STEP(F4, b, c, d, a, md5->buffer[13] + 0x4e0811a1, 21);
+    MD5STEP(F4, a, b, c, d, md5->buffer[4]  + 0xf7537e82,  6);
+    MD5STEP(F4, d, a, b, c, md5->buffer[11] + 0xbd3af235, 10);
+    MD5STEP(F4, c, d, a, b, md5->buffer[2]  + 0x2ad7d2bb, 15);
+    MD5STEP(F4, b, c, d, a, md5->buffer[9]  + 0xeb86d391, 21);
+    
+    /* Add the working vars back into digest state[]  */
+    md5->digest[0] += a;
+    md5->digest[1] += b;
+    md5->digest[2] += c;
+    md5->digest[3] += d;
+}
+
+#endif /* FREESCALE_MMCAU */
+
+
+static INLINE void AddLength(Md5* md5, word32 len)
+{
+    word32 tmp = md5->loLen;
+    if ( (md5->loLen += len) < tmp)
+        md5->hiLen++;                       /* carry low to high */
+}
+
+
+void wc_Md5Update(Md5* md5, const byte* data, word32 len)
+{
+    /* do block size increments */
+    byte* local = (byte*)md5->buffer;
+
+    while (len) {
+        word32 add = min(len, MD5_BLOCK_SIZE - md5->buffLen);
+        XMEMCPY(&local[md5->buffLen], data, add);
+
+        md5->buffLen += add;
+        data         += add;
+        len          -= add;
+
+        if (md5->buffLen == MD5_BLOCK_SIZE) {
+            #if defined(BIG_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU)
+                ByteReverseWords(md5->buffer, md5->buffer, MD5_BLOCK_SIZE);
+            #endif
+            XTRANSFORM(md5, local);
+            AddLength(md5, MD5_BLOCK_SIZE);
+            md5->buffLen = 0;
+        }
+    }
+#ifdef TI_HASH_TEST
+    wc_Md5Update_ti(md5, data, len) ;
+#endif
+
+}
+
+
+void wc_Md5Final(Md5* md5, byte* hash)
+{
+    byte* local = (byte*)md5->buffer;
+
+    AddLength(md5, md5->buffLen);  /* before adding pads */
+
+    local[md5->buffLen++] = 0x80;  /* add 1 */
+
+    /* pad with zeros */
+    if (md5->buffLen > MD5_PAD_SIZE) {
+        XMEMSET(&local[md5->buffLen], 0, MD5_BLOCK_SIZE - md5->buffLen);
+        md5->buffLen += MD5_BLOCK_SIZE - md5->buffLen;
+
+        #if defined(BIG_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU)
+            ByteReverseWords(md5->buffer, md5->buffer, MD5_BLOCK_SIZE);
+        #endif
+        XTRANSFORM(md5, local);
+        md5->buffLen = 0;
+    }
+    XMEMSET(&local[md5->buffLen], 0, MD5_PAD_SIZE - md5->buffLen);
+   
+    /* put lengths in bits */
+    md5->hiLen = (md5->loLen >> (8*sizeof(md5->loLen) - 3)) + 
+                 (md5->hiLen << 3);
+    md5->loLen = md5->loLen << 3;
+
+    /* store lengths */
+    #if defined(BIG_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU)
+        ByteReverseWords(md5->buffer, md5->buffer, MD5_BLOCK_SIZE);
+    #endif
+    /* ! length ordering dependent on digest endian type ! */
+    XMEMCPY(&local[MD5_PAD_SIZE], &md5->loLen, sizeof(word32));
+    XMEMCPY(&local[MD5_PAD_SIZE + sizeof(word32)], &md5->hiLen, sizeof(word32));
+
+    XTRANSFORM(md5, local);
+    #ifdef BIG_ENDIAN_ORDER
+        ByteReverseWords(md5->digest, md5->digest, MD5_DIGEST_SIZE);
+    #endif
+    XMEMCPY(hash, md5->digest, MD5_DIGEST_SIZE);
+
+    wc_InitMd5(md5);  /* reset state */
+
+#ifdef TI_HASH_TEST
+    wc_Md5Final_ti(md5, hash) ;
+#endif
+}
+
+#endif /* STM32F2_HASH */
+
+
+int wc_Md5Hash(const byte* data, word32 len, byte* hash)
+{
+#ifdef WOLFSSL_SMALL_STACK
+    Md5* md5;
+#else
+    Md5 md5[1];
+#endif
+
+#ifdef WOLFSSL_SMALL_STACK
+    md5 = (Md5*)XMALLOC(sizeof(Md5), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    if (md5 == NULL)
+        return MEMORY_E;
+#endif
+
+    wc_InitMd5(md5);
+    wc_Md5Update(md5, data, len);
+    wc_Md5Final(md5, hash);
+
+#ifdef WOLFSSL_SMALL_STACK
+    XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+
+    return 0;
+}
+
+#if defined(WOLFSSL_TI_HASH)||defined(TI_HASH_TEST)
+#include "wolfssl/wolfcrypt/port/ti/ti-hash.h"
+#endif
+void wc_Md5GetHash(Md5* md5, byte* hash)
+{
+#if defined(WOLFSSL_TI_HASH) || defined(TI_HASH_TEST)
+    wc_Md5GetHash_ti(md5, hash) ;
+#else
+    Md5 save = *md5 ;
+    wc_Md5Final(md5, hash) ;
+    *md5 = save ;
+#endif
+}
+#endif /* NO_MD5 */
diff --git a/wolfcrypt/src/port/ti/ti-aes.c b/wolfcrypt/src/port/ti/ti-aes.c
index 11a0680b6..8ca83385c 100644
--- a/wolfcrypt/src/port/ti/ti-aes.c
+++ b/wolfcrypt/src/port/ti/ti-aes.c
@@ -1,548 +1,548 @@
-/* port/ti/ti-aes.c
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
- 
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
-
-#ifndef NO_AES
-
-
-#if defined(WOLFSSL_TI_CRYPT)
-#include <stdbool.h>
-#include <stdint.h>
-
-#include <wolfssl/wolfcrypt/aes.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
-#include <wolfssl/wolfcrypt/port/ti/ti-ccm.h>
-
-#include "inc/hw_aes.h"
-#include "inc/hw_memmap.h"
-#include "inc/hw_ints.h"
-#include "driverlib/aes.h"
-#include "driverlib/sysctl.h"
-#include "driverlib/rom_map.h"
-#include "driverlib/rom.h"
-
-static int  AesSetIV(Aes* aes, const byte* iv)
-{
-    if (aes == NULL)
-        return BAD_FUNC_ARG;
-
-    if (iv)
-        XMEMCPY(aes->reg, iv, AES_BLOCK_SIZE);
-    else
-        XMEMSET(aes->reg,  0, AES_BLOCK_SIZE);
-
-    return 0;
-}
-
-WOLFSSL_API int  wc_AesSetKey(Aes* aes, const byte* key, word32 len, const byte* iv,
-                          int dir)
-{
-    if(!wolfSSL_TI_CCMInit())return 1 ;
-    if ((aes == NULL) || (key == NULL) || (iv == NULL))
-        return BAD_FUNC_ARG;
-    if(!((dir == AES_ENCRYPTION) || (dir == AES_DECRYPTION)))
-        return BAD_FUNC_ARG;
-    
-    switch(len) {
-    case 16: aes->keylen = AES_CFG_KEY_SIZE_128BIT ; break ;
-    case 24: aes->keylen = AES_CFG_KEY_SIZE_192BIT ; break ;
-    case 32: aes->keylen = AES_CFG_KEY_SIZE_256BIT ; break ;
-    default: return BAD_FUNC_ARG;      
-    }
-    
-    XMEMCPY(aes->key, key, len) ;
-    #ifdef WOLFSSL_AES_COUNTER
-    aes->left = 0;
-    #endif /* WOLFSSL_AES_COUNTER */
-    return AesSetIV(aes, iv);
-}
-
-#define AES_CFG_MODE_CTR_NOCTR AES_CFG_MODE_CTR+100
-#define IS_ALIGN16(p) (((unsigned int)(p)&0xf) == 0)
-
-static int  AesAlign16(Aes* aes, byte* out, const byte* in, word32 sz, word32 dir, word32 mode)
-{   
-    wolfSSL_TI_lockCCM() ;
-    ROM_AESReset(AES_BASE);
-    ROM_AESConfigSet(AES_BASE, (aes->keylen | dir | 
-                     (mode==AES_CFG_MODE_CTR_NOCTR ? AES_CFG_MODE_CTR : mode)));
-    AESIVSet(AES_BASE, aes->reg);
-    ROM_AESKey1Set(AES_BASE, aes->key, aes->keylen);
-    if((dir == AES_CFG_DIR_DECRYPT)&& (mode == AES_CFG_MODE_CBC))
-        /* if input and output same will overwrite input iv */
-        XMEMCPY(aes->tmp, in + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
-    ROM_AESDataProcess(AES_BASE, (uint32_t *)in, (uint32_t *)out, sz);
-    wolfSSL_TI_unlockCCM() ;
-    
-    /* store iv for next call */
-    if(mode == AES_CFG_MODE_CBC){
-        if(dir == AES_CFG_DIR_ENCRYPT)
-            XMEMCPY(aes->reg, out + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
-        else
-            XMEMCPY(aes->reg, aes->tmp, AES_BLOCK_SIZE);
-    }
-
-    if(mode == AES_CFG_MODE_CTR) {
-        do {  
-            int i ;
-            for (i = AES_BLOCK_SIZE - 1; i >= 0; i--) {
-                 if (++((byte *)aes->reg)[i])
-                     break ;
-            }
-            sz -= AES_BLOCK_SIZE ;
-        } while((int)sz > 0) ;
-    }
-
-    return 0 ;
-}
-
-static int  AesProcess(Aes* aes, byte* out, const byte* in, word32 sz, word32 dir, word32 mode)
-{   
-    const byte * in_p ; byte * out_p ; 
-    word32 size ;
-    #define TI_BUFFSIZE 1024
-    byte buff[TI_BUFFSIZE] ;
-    
-    if ((aes == NULL) || (in == NULL) || (out == NULL))
-        return BAD_FUNC_ARG;
-    if(sz % AES_BLOCK_SIZE)
-        return BAD_FUNC_ARG;
-
-    while(sz > 0) {
-        size = sz ; in_p = in ; out_p = out ;
-        if(!IS_ALIGN16(in)){
-            size = sz>TI_BUFFSIZE ? TI_BUFFSIZE : sz ;
-            XMEMCPY(buff, in, size) ; 
-            in_p = (const byte *)buff ;
-        }
-        if(!IS_ALIGN16(out)){
-            size = sz>TI_BUFFSIZE ? TI_BUFFSIZE : sz ;
-            out_p = buff ;
-        }
-   
-        AesAlign16(aes, out_p, in_p, size, dir, mode) ;
- 
-        if(!IS_ALIGN16(out)){
-            XMEMCPY(out, buff, size) ;
-        }
-        sz -= size ; in += size ; out += size ;
-    }
-
-    return 0 ;
-}
-
-WOLFSSL_API int  wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
-{   
-    return AesProcess(aes, out, in, sz, AES_CFG_DIR_ENCRYPT, AES_CFG_MODE_CBC) ;
-}
-
-WOLFSSL_API int  wc_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
-{   
-    return AesProcess(aes, out, in, sz, AES_CFG_DIR_DECRYPT, AES_CFG_MODE_CBC) ;
-}
-
-#ifdef WOLFSSL_AES_COUNTER
-WOLFSSL_API void wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
-{ 
-            char out_block[AES_BLOCK_SIZE] ;
-            int odd ;
-            int even ;
-            char *tmp ; /* (char *)aes->tmp, for short */
-
-            tmp = (char *)aes->tmp ;
-            if(aes->left) {
-                if((aes->left + sz) >= AES_BLOCK_SIZE){
-                    odd = AES_BLOCK_SIZE - aes->left ;
-                } else {
-                    odd = sz ;
-                }
-                XMEMCPY(tmp+aes->left, in, odd) ;
-                if((odd+aes->left) == AES_BLOCK_SIZE){
-                    AesProcess(aes, (byte *)out_block, (byte const *)tmp, AES_BLOCK_SIZE, 
-                             AES_CFG_DIR_ENCRYPT, AES_CFG_MODE_CTR) ;
-                    XMEMCPY(out, out_block+aes->left, odd) ;
-                    aes->left = 0 ;
-                    XMEMSET(tmp, 0x0, AES_BLOCK_SIZE) ;
-                }
-                in += odd ;
-                out+= odd ;
-                sz -= odd ;
-            }
-            odd = sz % AES_BLOCK_SIZE ;  /* if there is tail flagment */
-            if(sz / AES_BLOCK_SIZE) {
-                even = (sz/AES_BLOCK_SIZE)*AES_BLOCK_SIZE ;
-                AesProcess(aes, out, in, even, AES_CFG_DIR_ENCRYPT, AES_CFG_MODE_CTR);
-                out += even ;
-                in  += even ;
-            }
-            if(odd) {
-                XMEMSET(tmp+aes->left, 0x0, AES_BLOCK_SIZE - aes->left) ;
-                XMEMCPY(tmp+aes->left, in, odd) ;
-                AesProcess(aes, (byte *)out_block, (byte const *)tmp, AES_BLOCK_SIZE, 
-                           AES_CFG_DIR_ENCRYPT, 
-                           AES_CFG_MODE_CTR_NOCTR /* Counter mode without counting IV */
-                           );
-                XMEMCPY(out, out_block+aes->left,odd) ;
-                aes->left += odd ;
-            }
-}
-#endif
-
-/* AES-DIRECT */
-#if defined(WOLFSSL_AES_DIRECT)
-WOLFSSL_API void wc_AesEncryptDirect(Aes* aes, byte* out, const byte* in)
-{
-    AesProcess(aes, out, in, AES_BLOCK_SIZE, AES_CFG_DIR_ENCRYPT, AES_CFG_MODE_CBC) ;
-}
-WOLFSSL_API void wc_AesDecryptDirect(Aes* aes, byte* out, const byte* in)
-{
-    AesProcess(aes, out, in, AES_BLOCK_SIZE, AES_CFG_DIR_DECRYPT, AES_CFG_MODE_CBC) ;
-}
-WOLFSSL_API int wc_AesSetKeyDirect(Aes* aes, const byte* key, word32 len,
-                                     const byte* iv, int dir)
-{
-     return(wc_AesSetKey(aes, key, len, iv, dir)) ;
-}
-#endif
-
-
-#if defined(HAVE_AESGCM) || defined(HAVE_AESCCM)
-
-static int  AesAuthSetKey(Aes* aes, const byte* key, word32 keySz)
-{
-    byte nonce[AES_BLOCK_SIZE];
-
-    if ((aes == NULL) || (key == NULL))
-        return BAD_FUNC_ARG ;
-    if (!((keySz == 16) || (keySz == 24) || (keySz == 32)))
-        return BAD_FUNC_ARG ;
-
-    XMEMSET(nonce, 0, sizeof(nonce));
-    return wc_AesSetKey(aes, key, keySz, nonce, AES_ENCRYPTION);
-}
-
-
-static int AesAuthArgCheck(Aes* aes, byte* out, const byte* in, word32 inSz,
-                              const byte* nonce, word32 nonceSz,
-                              const byte* authTag, word32 authTagSz,
-                              const byte* authIn, word32 authInSz, word32 *M,  word32 *L)
-{
-    if((aes == NULL)||(nonce == NULL)||(authTag== NULL)||(authIn == NULL))
-        return BAD_FUNC_ARG;
-    if((inSz != 0) && ((out == NULL)||(in == NULL)))
-        return BAD_FUNC_ARG;
-    
-    switch(authTagSz){
-    case  4:
-        *M = AES_CFG_CCM_M_4; break ;
-    case 6:
-        *M = AES_CFG_CCM_M_6; break ;
-    case 8:
-        *M = AES_CFG_CCM_M_8; break ;
-    case 10:
-        *M = AES_CFG_CCM_M_10; break ;
-    case 12:
-        *M = AES_CFG_CCM_M_12; break ;
-    case 14:
-        *M = AES_CFG_CCM_M_14; break ;
-    case 16:
-        *M = AES_CFG_CCM_M_16; break ;
-    default:
-        return 1 ;
-    }
-
-    switch(nonceSz){
-    case 7:
-        *L = AES_CFG_CCM_L_8; break ;
-    case 8:
-        *L = AES_CFG_CCM_L_7; break ;
-    case 9:
-        *L = AES_CFG_CCM_L_6; break ;
-    case  10:
-        *L = AES_CFG_CCM_L_5; break ;
-    case 11:
-        *L = AES_CFG_CCM_L_4; break ;
-    case 12:
-        *L = AES_CFG_CCM_L_3; break ;
-    case 13:
-        *L = AES_CFG_CCM_L_2; break ;
-    case 14:
-        *L = AES_CFG_CCM_L_1; break ;
-    default:
-        return 1;
-    }
-    return 0 ;
-}
-
-static void AesAuthSetIv(Aes *aes, const byte *nonce, word32 len, word32 L, int mode) {
-
-  if(mode == AES_CFG_MODE_CCM){
-    XMEMSET(aes->reg, 0, 16) ;
-    switch(L){
-    case AES_CFG_CCM_L_8: 
-      aes->reg[0] = 0x7; break ;
-    case AES_CFG_CCM_L_7: 
-      aes->reg[0] = 0x6; break ;
-    case AES_CFG_CCM_L_6: 
-      aes->reg[0] = 0x5; break ;
-    case AES_CFG_CCM_L_5: 
-      aes->reg[0] = 0x4; break ;
-    case AES_CFG_CCM_L_4: 
-      aes->reg[0] = 0x3; break ;
-    case AES_CFG_CCM_L_3: 
-      aes->reg[0] = 0x2; break ;
-    case AES_CFG_CCM_L_2: 
-      aes->reg[0] = 0x1; break ;
-    case AES_CFG_CCM_L_1: 
-      aes->reg[0] = 0x0; break ;
-    }
-    XMEMCPY(((byte *)aes->reg)+1, nonce, len) ; 
-  } else {
-    byte *b = (byte *)aes->reg ;
-    XMEMSET(aes->reg, 0, AES_BLOCK_SIZE);
-    XMEMCPY(aes->reg, nonce, len);
-    b[AES_BLOCK_SIZE-4] = 0 ;
-    b[AES_BLOCK_SIZE-3] = 0 ;
-    b[AES_BLOCK_SIZE-2] = 0 ;
-    b[AES_BLOCK_SIZE-1] = 1 ;
-  }
-}
-
-#define RoundUp16(n) ((n+15)&0xfffffff0)
-#define FREE_ALL \
-    if(in_save)    XFREE(in_save, NULL, DYNAMIC_TYPE_TMP_BUFFER);\
-    if(out_save)   XFREE(out_save, NULL, DYNAMIC_TYPE_TMP_BUFFER);\
-    if(authIn_save)XFREE(authIn_save, NULL, DYNAMIC_TYPE_TMP_BUFFER);\
-    if(nonce_save) XFREE(nonce_save, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-
-static int AesAuthEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
-                              const byte* nonce, word32 nonceSz,
-                              byte* authTag, word32 authTagSz,
-                              const byte* authIn, word32 authInSz, int mode)
-{ 
-    word32 M, L ;
-    byte *in_a,     *in_save ;
-    byte *out_a,    *out_save ;
-    byte *authIn_a, *authIn_save ;
-    byte *nonce_a,    *nonce_save ;
-    word32 tmpTag[4] ;
-    int ret ;
-
-    if(AesAuthArgCheck(aes, out, in, inSz, nonce, nonceSz, authTag, authTagSz, authIn, authInSz, &M, &L)
-       == BAD_FUNC_ARG)return BAD_FUNC_ARG ;
-    
-    /* 16 byte padding */
-    in_save = NULL ; out_save = NULL ; authIn_save = NULL ; nonce_save = NULL ;
-    if((inSz%16)==0){
-        in_save = NULL ; in_a = (byte *)in ;
-        out_save = NULL ; out_a = out ;
-    } else {
-      if((in_save = XMALLOC(RoundUp16(inSz), NULL, DYNAMIC_TYPE_TMP_BUFFER)) == NULL){ 
-          FREE_ALL; return MEMORY_E ; }
-      in_a = in_save ; XMEMSET(in_a, 0, RoundUp16(inSz)) ; XMEMCPY(in_a, in, inSz) ;
-      
-      if((out_save = XMALLOC(RoundUp16(inSz), NULL, DYNAMIC_TYPE_TMP_BUFFER)) == NULL){ 
-          FREE_ALL; return MEMORY_E ; } 
-      out_a = out_save ; 
-    }
-    
-    if((authInSz%16)==0){
-        authIn_save = NULL ; authIn_a = (byte *)authIn ;
-    } else {
-      if((authIn_save = XMALLOC(RoundUp16(authInSz), NULL, DYNAMIC_TYPE_TMP_BUFFER)) == NULL){ 
-          FREE_ALL; return MEMORY_E ; }
-      authIn_a = authIn_save ; XMEMSET(authIn_a, 0, RoundUp16(authInSz)) ; XMEMCPY(authIn_a, authIn, authInSz) ;
-    }
-
-    if((nonceSz%16)==0){
-        nonce_save = NULL ; nonce_a = (byte *)nonce ;
-    } else {
-      if((nonce_save = XMALLOC(RoundUp16(nonceSz), NULL, DYNAMIC_TYPE_TMP_BUFFER)) == NULL){ 
-          FREE_ALL; return MEMORY_E; }
-      nonce_a = nonce_save ; XMEMSET(nonce_a, 0, RoundUp16(nonceSz)) ; XMEMCPY(nonce_a, nonce, nonceSz) ;
-    }
-
-    /* do aes-ccm */
-    AesAuthSetIv(aes, nonce, nonceSz, L, mode) ;
-    ROM_AESReset(AES_BASE);
-    ROM_AESConfigSet(AES_BASE, (aes->keylen | AES_CFG_DIR_ENCRYPT |
-                                AES_CFG_CTR_WIDTH_128 |
-                                mode | ((mode== AES_CFG_MODE_CCM) ? (L | M) : 0 ))) ;
-    ROM_AESIVSet(AES_BASE, aes->reg);
-    ROM_AESKey1Set(AES_BASE, aes->key, aes->keylen);
-    ret = ROM_AESDataProcessAuth(AES_BASE, (unsigned int*)in_a, (unsigned int *)out_a, inSz,
-                           (unsigned int*)authIn_a, authInSz, (unsigned int *)tmpTag);
-    if(ret == false){
-        XMEMSET(out, 0, inSz) ;
-        XMEMSET(authTag, 0, authTagSz) ;
-    } else {
-        XMEMCPY(out, out_a, inSz) ;
-        XMEMCPY(authTag, tmpTag, authTagSz) ;
-    }
-
-    FREE_ALL; 
-    return 0 ;
-}
-
-static int AesAuthDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
-                              const byte* nonce, word32 nonceSz,
-                              const byte* authTag, word32 authTagSz,
-                              const byte* authIn, word32 authInSz, int mode)
-{ 
-    word32 M, L ;
-    byte *in_a,     *in_save ;
-    byte *out_a,    *out_save ;
-    byte *authIn_a, *authIn_save ;
-    byte *nonce_a,    *nonce_save ;
-    word32 tmpTag[4] ;
-    bool ret ;
-
-    if(AesAuthArgCheck(aes, out, in, inSz, nonce, nonceSz, authTag, authTagSz, authIn, authInSz, &M, &L)
-       == BAD_FUNC_ARG)return  BAD_FUNC_ARG ;
-    
-    /* 16 byte padding */
-    in_save = NULL ; out_save = NULL ; authIn_save = NULL ; nonce_save = NULL ;
-    if((inSz%16)==0){
-        in_save = NULL ; in_a = (byte *)in ;
-        out_save = NULL ; out_a = out ;
-    } else {
-      if((in_save = XMALLOC(RoundUp16(inSz), NULL, DYNAMIC_TYPE_TMP_BUFFER)) == NULL){ 
-          FREE_ALL; return MEMORY_E;}
-      in_a = in_save ; XMEMSET(in_a, 0, RoundUp16(inSz)) ; XMEMCPY(in_a, in, inSz) ;
-      
-      if((out_save = XMALLOC(RoundUp16(inSz), NULL, DYNAMIC_TYPE_TMP_BUFFER)) == NULL){ 
-          FREE_ALL; return MEMORY_E;}
-      out_a = out_save ; 
-    }
-    
-    if((authInSz%16)==0){
-        authIn_save = NULL ; authIn_a = (byte *)authIn ;
-    } else {
-      if((authIn_save = XMALLOC(RoundUp16(authInSz), NULL, DYNAMIC_TYPE_TMP_BUFFER)) == NULL){ 
-          FREE_ALL; return MEMORY_E; }
-      authIn_a = authIn_save ; XMEMSET(authIn_a, 0, RoundUp16(authInSz)) ; XMEMCPY(authIn_a, authIn, authInSz) ;
-    }
-
-    if((nonceSz%16)==0){
-        nonce_save = NULL ; nonce_a = (byte *)nonce ;
-    } else {
-      if((nonce_save = XMALLOC(RoundUp16(nonceSz), NULL, DYNAMIC_TYPE_TMP_BUFFER)) == NULL){ 
-          FREE_ALL; return MEMORY_E; }
-      nonce_a = nonce_save ; XMEMSET(nonce_a, 0, RoundUp16(nonceSz)) ; XMEMCPY(nonce_a, nonce, nonceSz) ;
-    }
-
-    /* do aes-ccm */
-    AesAuthSetIv(aes, nonce, nonceSz, L, mode) ;
-    ROM_AESReset(AES_BASE);
-    ROM_AESConfigSet(AES_BASE, (aes->keylen | AES_CFG_DIR_DECRYPT |
-                                AES_CFG_CTR_WIDTH_128 |
-                                  mode | ((mode== AES_CFG_MODE_CCM) ? (L | M) : 0 ))) ;
-    ROM_AESIVSet(AES_BASE, aes->reg);
-    ROM_AESKey1Set(AES_BASE, aes->key, aes->keylen);
-    ret = ROM_AESDataProcessAuth(AES_BASE, (unsigned int*)in_a, (unsigned int *)out_a, inSz,
-                           (unsigned int*)authIn_a, authInSz, (unsigned int *)tmpTag);
-    if((ret == false) || (XMEMCMP(authTag, tmpTag, authTagSz) != 0)){
-        XMEMSET(out, 0, inSz) ;
-        ret = false ;
-    } else {
-        XMEMCPY(out, out_a, inSz) ;  
-    }
-
-    FREE_ALL ;
-    return ret==true ? 0 : 1 ;
-}
-#endif
-
-
-#ifdef HAVE_AESGCM
-WOLFSSL_API int  wc_AesGcmSetKey(Aes* aes, const byte* key, word32 len)
-{
-    return AesAuthSetKey(aes, key, len) ;
-}
-
-WOLFSSL_API int  wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
-                              const byte* iv, word32 ivSz,
-                              byte* authTag, word32 authTagSz,
-                              const byte* authIn, word32 authInSz)
-{
-    return AesAuthEncrypt(aes, out, in, sz, iv, ivSz, authTag, authTagSz,
-                              authIn, authInSz, AES_CFG_MODE_GCM_HY0CALC) ;
-}
-WOLFSSL_API int  wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
-                              const byte* iv, word32 ivSz,
-                              const byte* authTag, word32 authTagSz,
-                              const byte* authIn, word32 authInSz)
-{ 
-    return AesAuthDecrypt(aes, out, in, sz, iv, ivSz, authTag, authTagSz,
-                              authIn, authInSz, AES_CFG_MODE_GCM_HY0CALC) ;
-}
-
-WOLFSSL_API int wc_GmacSetKey(Gmac* gmac, const byte* key, word32 len)
-{
-      return AesAuthSetKey(&gmac->aes, key, len) ;
-}
-
-WOLFSSL_API int wc_GmacUpdate(Gmac* gmac, const byte* iv, word32 ivSz,
-                              const byte* authIn, word32 authInSz,
-                              byte* authTag, word32 authTagSz)
-{
-    return AesAuthEncrypt(&gmac->aes, NULL, NULL, 0, iv, ivSz, authTag, authTagSz,
-                              authIn, authInSz, AES_CFG_MODE_GCM_HY0CALC) ;
-}
-
-#endif /* HAVE_AESGCM */
-
-#ifdef HAVE_AESCCM
-WOLFSSL_API void wc_AesCcmSetKey(Aes* aes, const byte* key, word32 keySz)
-{
-    AesAuthSetKey(aes, key, keySz) ;
-}
-
-WOLFSSL_API void wc_AesCcmEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
-                              const byte* nonce, word32 nonceSz,
-                              byte* authTag, word32 authTagSz,
-                              const byte* authIn, word32 authInSz)
-{ 
-    AesAuthEncrypt(aes, out, in, inSz, nonce, nonceSz, authTag, authTagSz,
-                              authIn, authInSz, AES_CFG_MODE_CCM) ;
-}
-
-WOLFSSL_API int wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
-                              const byte* nonce, word32 nonceSz,
-                              const byte* authTag, word32 authTagSz,
-                              const byte* authIn, word32 authInSz)
-{ 
-    return AesAuthDecrypt(aes, out, in, inSz, nonce, nonceSz, authTag, authTagSz,
-                              authIn, authInSz, AES_CFG_MODE_CCM) ;
-}
-#endif /* HAVE_AESCCM */
-
-#endif /* WOLFSSL_TI_CRYPT */
-
-#endif /* NO_AES */
-
-
-
+/* port/ti/ti-aes.c
+ *
+ * Copyright (C) 2006-2015 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL. (formerly known as CyaSSL)
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+ 
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#include <wolfssl/wolfcrypt/settings.h>
+
+#ifndef NO_AES
+
+
+#if defined(WOLFSSL_TI_CRYPT)
+#include <stdbool.h>
+#include <stdint.h>
+
+#include <wolfssl/wolfcrypt/aes.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
+#include <wolfssl/wolfcrypt/port/ti/ti-ccm.h>
+
+#include "inc/hw_aes.h"
+#include "inc/hw_memmap.h"
+#include "inc/hw_ints.h"
+#include "driverlib/aes.h"
+#include "driverlib/sysctl.h"
+#include "driverlib/rom_map.h"
+#include "driverlib/rom.h"
+
+static int  AesSetIV(Aes* aes, const byte* iv)
+{
+    if (aes == NULL)
+        return BAD_FUNC_ARG;
+
+    if (iv)
+        XMEMCPY(aes->reg, iv, AES_BLOCK_SIZE);
+    else
+        XMEMSET(aes->reg,  0, AES_BLOCK_SIZE);
+
+    return 0;
+}
+
+WOLFSSL_API int  wc_AesSetKey(Aes* aes, const byte* key, word32 len, const byte* iv,
+                          int dir)
+{
+    if(!wolfSSL_TI_CCMInit())return 1 ;
+    if ((aes == NULL) || (key == NULL) || (iv == NULL))
+        return BAD_FUNC_ARG;
+    if(!((dir == AES_ENCRYPTION) || (dir == AES_DECRYPTION)))
+        return BAD_FUNC_ARG;
+    
+    switch(len) {
+    case 16: aes->keylen = AES_CFG_KEY_SIZE_128BIT ; break ;
+    case 24: aes->keylen = AES_CFG_KEY_SIZE_192BIT ; break ;
+    case 32: aes->keylen = AES_CFG_KEY_SIZE_256BIT ; break ;
+    default: return BAD_FUNC_ARG;      
+    }
+    
+    XMEMCPY(aes->key, key, len) ;
+    #ifdef WOLFSSL_AES_COUNTER
+    aes->left = 0;
+    #endif /* WOLFSSL_AES_COUNTER */
+    return AesSetIV(aes, iv);
+}
+
+#define AES_CFG_MODE_CTR_NOCTR AES_CFG_MODE_CTR+100
+#define IS_ALIGN16(p) (((unsigned int)(p)&0xf) == 0)
+
+static int  AesAlign16(Aes* aes, byte* out, const byte* in, word32 sz, word32 dir, word32 mode)
+{   
+    wolfSSL_TI_lockCCM() ;
+    ROM_AESReset(AES_BASE);
+    ROM_AESConfigSet(AES_BASE, (aes->keylen | dir | 
+                     (mode==AES_CFG_MODE_CTR_NOCTR ? AES_CFG_MODE_CTR : mode)));
+    AESIVSet(AES_BASE, aes->reg);
+    ROM_AESKey1Set(AES_BASE, aes->key, aes->keylen);
+    if((dir == AES_CFG_DIR_DECRYPT)&& (mode == AES_CFG_MODE_CBC))
+        /* if input and output same will overwrite input iv */
+        XMEMCPY(aes->tmp, in + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
+    ROM_AESDataProcess(AES_BASE, (uint32_t *)in, (uint32_t *)out, sz);
+    wolfSSL_TI_unlockCCM() ;
+    
+    /* store iv for next call */
+    if(mode == AES_CFG_MODE_CBC){
+        if(dir == AES_CFG_DIR_ENCRYPT)
+            XMEMCPY(aes->reg, out + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
+        else
+            XMEMCPY(aes->reg, aes->tmp, AES_BLOCK_SIZE);
+    }
+
+    if(mode == AES_CFG_MODE_CTR) {
+        do {  
+            int i ;
+            for (i = AES_BLOCK_SIZE - 1; i >= 0; i--) {
+                 if (++((byte *)aes->reg)[i])
+                     break ;
+            }
+            sz -= AES_BLOCK_SIZE ;
+        } while((int)sz > 0) ;
+    }
+
+    return 0 ;
+}
+
+static int  AesProcess(Aes* aes, byte* out, const byte* in, word32 sz, word32 dir, word32 mode)
+{   
+    const byte * in_p ; byte * out_p ; 
+    word32 size ;
+    #define TI_BUFFSIZE 1024
+    byte buff[TI_BUFFSIZE] ;
+    
+    if ((aes == NULL) || (in == NULL) || (out == NULL))
+        return BAD_FUNC_ARG;
+    if(sz % AES_BLOCK_SIZE)
+        return BAD_FUNC_ARG;
+
+    while(sz > 0) {
+        size = sz ; in_p = in ; out_p = out ;
+        if(!IS_ALIGN16(in)){
+            size = sz>TI_BUFFSIZE ? TI_BUFFSIZE : sz ;
+            XMEMCPY(buff, in, size) ; 
+            in_p = (const byte *)buff ;
+        }
+        if(!IS_ALIGN16(out)){
+            size = sz>TI_BUFFSIZE ? TI_BUFFSIZE : sz ;
+            out_p = buff ;
+        }
+   
+        AesAlign16(aes, out_p, in_p, size, dir, mode) ;
+ 
+        if(!IS_ALIGN16(out)){
+            XMEMCPY(out, buff, size) ;
+        }
+        sz -= size ; in += size ; out += size ;
+    }
+
+    return 0 ;
+}
+
+WOLFSSL_API int  wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
+{   
+    return AesProcess(aes, out, in, sz, AES_CFG_DIR_ENCRYPT, AES_CFG_MODE_CBC) ;
+}
+
+WOLFSSL_API int  wc_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
+{   
+    return AesProcess(aes, out, in, sz, AES_CFG_DIR_DECRYPT, AES_CFG_MODE_CBC) ;
+}
+
+#ifdef WOLFSSL_AES_COUNTER
+WOLFSSL_API void wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
+{ 
+            char out_block[AES_BLOCK_SIZE] ;
+            int odd ;
+            int even ;
+            char *tmp ; /* (char *)aes->tmp, for short */
+
+            tmp = (char *)aes->tmp ;
+            if(aes->left) {
+                if((aes->left + sz) >= AES_BLOCK_SIZE){
+                    odd = AES_BLOCK_SIZE - aes->left ;
+                } else {
+                    odd = sz ;
+                }
+                XMEMCPY(tmp+aes->left, in, odd) ;
+                if((odd+aes->left) == AES_BLOCK_SIZE){
+                    AesProcess(aes, (byte *)out_block, (byte const *)tmp, AES_BLOCK_SIZE, 
+                             AES_CFG_DIR_ENCRYPT, AES_CFG_MODE_CTR) ;
+                    XMEMCPY(out, out_block+aes->left, odd) ;
+                    aes->left = 0 ;
+                    XMEMSET(tmp, 0x0, AES_BLOCK_SIZE) ;
+                }
+                in += odd ;
+                out+= odd ;
+                sz -= odd ;
+            }
+            odd = sz % AES_BLOCK_SIZE ;  /* if there is tail flagment */
+            if(sz / AES_BLOCK_SIZE) {
+                even = (sz/AES_BLOCK_SIZE)*AES_BLOCK_SIZE ;
+                AesProcess(aes, out, in, even, AES_CFG_DIR_ENCRYPT, AES_CFG_MODE_CTR);
+                out += even ;
+                in  += even ;
+            }
+            if(odd) {
+                XMEMSET(tmp+aes->left, 0x0, AES_BLOCK_SIZE - aes->left) ;
+                XMEMCPY(tmp+aes->left, in, odd) ;
+                AesProcess(aes, (byte *)out_block, (byte const *)tmp, AES_BLOCK_SIZE, 
+                           AES_CFG_DIR_ENCRYPT, 
+                           AES_CFG_MODE_CTR_NOCTR /* Counter mode without counting IV */
+                           );
+                XMEMCPY(out, out_block+aes->left,odd) ;
+                aes->left += odd ;
+            }
+}
+#endif
+
+/* AES-DIRECT */
+#if defined(WOLFSSL_AES_DIRECT)
+WOLFSSL_API void wc_AesEncryptDirect(Aes* aes, byte* out, const byte* in)
+{
+    AesProcess(aes, out, in, AES_BLOCK_SIZE, AES_CFG_DIR_ENCRYPT, AES_CFG_MODE_CBC) ;
+}
+WOLFSSL_API void wc_AesDecryptDirect(Aes* aes, byte* out, const byte* in)
+{
+    AesProcess(aes, out, in, AES_BLOCK_SIZE, AES_CFG_DIR_DECRYPT, AES_CFG_MODE_CBC) ;
+}
+WOLFSSL_API int wc_AesSetKeyDirect(Aes* aes, const byte* key, word32 len,
+                                     const byte* iv, int dir)
+{
+     return(wc_AesSetKey(aes, key, len, iv, dir)) ;
+}
+#endif
+
+
+#if defined(HAVE_AESGCM) || defined(HAVE_AESCCM)
+
+static int  AesAuthSetKey(Aes* aes, const byte* key, word32 keySz)
+{
+    byte nonce[AES_BLOCK_SIZE];
+
+    if ((aes == NULL) || (key == NULL))
+        return BAD_FUNC_ARG ;
+    if (!((keySz == 16) || (keySz == 24) || (keySz == 32)))
+        return BAD_FUNC_ARG ;
+
+    XMEMSET(nonce, 0, sizeof(nonce));
+    return wc_AesSetKey(aes, key, keySz, nonce, AES_ENCRYPTION);
+}
+
+
+static int AesAuthArgCheck(Aes* aes, byte* out, const byte* in, word32 inSz,
+                              const byte* nonce, word32 nonceSz,
+                              const byte* authTag, word32 authTagSz,
+                              const byte* authIn, word32 authInSz, word32 *M,  word32 *L)
+{
+    if((aes == NULL)||(nonce == NULL)||(authTag== NULL)||(authIn == NULL))
+        return BAD_FUNC_ARG;
+    if((inSz != 0) && ((out == NULL)||(in == NULL)))
+        return BAD_FUNC_ARG;
+    
+    switch(authTagSz){
+    case  4:
+        *M = AES_CFG_CCM_M_4; break ;
+    case 6:
+        *M = AES_CFG_CCM_M_6; break ;
+    case 8:
+        *M = AES_CFG_CCM_M_8; break ;
+    case 10:
+        *M = AES_CFG_CCM_M_10; break ;
+    case 12:
+        *M = AES_CFG_CCM_M_12; break ;
+    case 14:
+        *M = AES_CFG_CCM_M_14; break ;
+    case 16:
+        *M = AES_CFG_CCM_M_16; break ;
+    default:
+        return 1 ;
+    }
+
+    switch(nonceSz){
+    case 7:
+        *L = AES_CFG_CCM_L_8; break ;
+    case 8:
+        *L = AES_CFG_CCM_L_7; break ;
+    case 9:
+        *L = AES_CFG_CCM_L_6; break ;
+    case  10:
+        *L = AES_CFG_CCM_L_5; break ;
+    case 11:
+        *L = AES_CFG_CCM_L_4; break ;
+    case 12:
+        *L = AES_CFG_CCM_L_3; break ;
+    case 13:
+        *L = AES_CFG_CCM_L_2; break ;
+    case 14:
+        *L = AES_CFG_CCM_L_1; break ;
+    default:
+        return 1;
+    }
+    return 0 ;
+}
+
+static void AesAuthSetIv(Aes *aes, const byte *nonce, word32 len, word32 L, int mode) {
+
+  if(mode == AES_CFG_MODE_CCM){
+    XMEMSET(aes->reg, 0, 16) ;
+    switch(L){
+    case AES_CFG_CCM_L_8: 
+      aes->reg[0] = 0x7; break ;
+    case AES_CFG_CCM_L_7: 
+      aes->reg[0] = 0x6; break ;
+    case AES_CFG_CCM_L_6: 
+      aes->reg[0] = 0x5; break ;
+    case AES_CFG_CCM_L_5: 
+      aes->reg[0] = 0x4; break ;
+    case AES_CFG_CCM_L_4: 
+      aes->reg[0] = 0x3; break ;
+    case AES_CFG_CCM_L_3: 
+      aes->reg[0] = 0x2; break ;
+    case AES_CFG_CCM_L_2: 
+      aes->reg[0] = 0x1; break ;
+    case AES_CFG_CCM_L_1: 
+      aes->reg[0] = 0x0; break ;
+    }
+    XMEMCPY(((byte *)aes->reg)+1, nonce, len) ; 
+  } else {
+    byte *b = (byte *)aes->reg ;
+    XMEMSET(aes->reg, 0, AES_BLOCK_SIZE);
+    XMEMCPY(aes->reg, nonce, len);
+    b[AES_BLOCK_SIZE-4] = 0 ;
+    b[AES_BLOCK_SIZE-3] = 0 ;
+    b[AES_BLOCK_SIZE-2] = 0 ;
+    b[AES_BLOCK_SIZE-1] = 1 ;
+  }
+}
+
+#define RoundUp16(n) ((n+15)&0xfffffff0)
+#define FREE_ALL \
+    if(in_save)    XFREE(in_save, NULL, DYNAMIC_TYPE_TMP_BUFFER);\
+    if(out_save)   XFREE(out_save, NULL, DYNAMIC_TYPE_TMP_BUFFER);\
+    if(authIn_save)XFREE(authIn_save, NULL, DYNAMIC_TYPE_TMP_BUFFER);\
+    if(nonce_save) XFREE(nonce_save, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+
+static int AesAuthEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
+                              const byte* nonce, word32 nonceSz,
+                              byte* authTag, word32 authTagSz,
+                              const byte* authIn, word32 authInSz, int mode)
+{ 
+    word32 M, L ;
+    byte *in_a,     *in_save ;
+    byte *out_a,    *out_save ;
+    byte *authIn_a, *authIn_save ;
+    byte *nonce_a,    *nonce_save ;
+    word32 tmpTag[4] ;
+    int ret ;
+
+    if(AesAuthArgCheck(aes, out, in, inSz, nonce, nonceSz, authTag, authTagSz, authIn, authInSz, &M, &L)
+       == BAD_FUNC_ARG)return BAD_FUNC_ARG ;
+    
+    /* 16 byte padding */
+    in_save = NULL ; out_save = NULL ; authIn_save = NULL ; nonce_save = NULL ;
+    if((inSz%16)==0){
+        in_save = NULL ; in_a = (byte *)in ;
+        out_save = NULL ; out_a = out ;
+    } else {
+      if((in_save = XMALLOC(RoundUp16(inSz), NULL, DYNAMIC_TYPE_TMP_BUFFER)) == NULL){ 
+          FREE_ALL; return MEMORY_E ; }
+      in_a = in_save ; XMEMSET(in_a, 0, RoundUp16(inSz)) ; XMEMCPY(in_a, in, inSz) ;
+      
+      if((out_save = XMALLOC(RoundUp16(inSz), NULL, DYNAMIC_TYPE_TMP_BUFFER)) == NULL){ 
+          FREE_ALL; return MEMORY_E ; } 
+      out_a = out_save ; 
+    }
+    
+    if((authInSz%16)==0){
+        authIn_save = NULL ; authIn_a = (byte *)authIn ;
+    } else {
+      if((authIn_save = XMALLOC(RoundUp16(authInSz), NULL, DYNAMIC_TYPE_TMP_BUFFER)) == NULL){ 
+          FREE_ALL; return MEMORY_E ; }
+      authIn_a = authIn_save ; XMEMSET(authIn_a, 0, RoundUp16(authInSz)) ; XMEMCPY(authIn_a, authIn, authInSz) ;
+    }
+
+    if((nonceSz%16)==0){
+        nonce_save = NULL ; nonce_a = (byte *)nonce ;
+    } else {
+      if((nonce_save = XMALLOC(RoundUp16(nonceSz), NULL, DYNAMIC_TYPE_TMP_BUFFER)) == NULL){ 
+          FREE_ALL; return MEMORY_E; }
+      nonce_a = nonce_save ; XMEMSET(nonce_a, 0, RoundUp16(nonceSz)) ; XMEMCPY(nonce_a, nonce, nonceSz) ;
+    }
+
+    /* do aes-ccm */
+    AesAuthSetIv(aes, nonce, nonceSz, L, mode) ;
+    ROM_AESReset(AES_BASE);
+    ROM_AESConfigSet(AES_BASE, (aes->keylen | AES_CFG_DIR_ENCRYPT |
+                                AES_CFG_CTR_WIDTH_128 |
+                                mode | ((mode== AES_CFG_MODE_CCM) ? (L | M) : 0 ))) ;
+    ROM_AESIVSet(AES_BASE, aes->reg);
+    ROM_AESKey1Set(AES_BASE, aes->key, aes->keylen);
+    ret = ROM_AESDataProcessAuth(AES_BASE, (unsigned int*)in_a, (unsigned int *)out_a, inSz,
+                           (unsigned int*)authIn_a, authInSz, (unsigned int *)tmpTag);
+    if(ret == false){
+        XMEMSET(out, 0, inSz) ;
+        XMEMSET(authTag, 0, authTagSz) ;
+    } else {
+        XMEMCPY(out, out_a, inSz) ;
+        XMEMCPY(authTag, tmpTag, authTagSz) ;
+    }
+
+    FREE_ALL; 
+    return 0 ;
+}
+
+static int AesAuthDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
+                              const byte* nonce, word32 nonceSz,
+                              const byte* authTag, word32 authTagSz,
+                              const byte* authIn, word32 authInSz, int mode)
+{ 
+    word32 M, L ;
+    byte *in_a,     *in_save ;
+    byte *out_a,    *out_save ;
+    byte *authIn_a, *authIn_save ;
+    byte *nonce_a,    *nonce_save ;
+    word32 tmpTag[4] ;
+    bool ret ;
+
+    if(AesAuthArgCheck(aes, out, in, inSz, nonce, nonceSz, authTag, authTagSz, authIn, authInSz, &M, &L)
+       == BAD_FUNC_ARG)return  BAD_FUNC_ARG ;
+    
+    /* 16 byte padding */
+    in_save = NULL ; out_save = NULL ; authIn_save = NULL ; nonce_save = NULL ;
+    if((inSz%16)==0){
+        in_save = NULL ; in_a = (byte *)in ;
+        out_save = NULL ; out_a = out ;
+    } else {
+      if((in_save = XMALLOC(RoundUp16(inSz), NULL, DYNAMIC_TYPE_TMP_BUFFER)) == NULL){ 
+          FREE_ALL; return MEMORY_E;}
+      in_a = in_save ; XMEMSET(in_a, 0, RoundUp16(inSz)) ; XMEMCPY(in_a, in, inSz) ;
+      
+      if((out_save = XMALLOC(RoundUp16(inSz), NULL, DYNAMIC_TYPE_TMP_BUFFER)) == NULL){ 
+          FREE_ALL; return MEMORY_E;}
+      out_a = out_save ; 
+    }
+    
+    if((authInSz%16)==0){
+        authIn_save = NULL ; authIn_a = (byte *)authIn ;
+    } else {
+      if((authIn_save = XMALLOC(RoundUp16(authInSz), NULL, DYNAMIC_TYPE_TMP_BUFFER)) == NULL){ 
+          FREE_ALL; return MEMORY_E; }
+      authIn_a = authIn_save ; XMEMSET(authIn_a, 0, RoundUp16(authInSz)) ; XMEMCPY(authIn_a, authIn, authInSz) ;
+    }
+
+    if((nonceSz%16)==0){
+        nonce_save = NULL ; nonce_a = (byte *)nonce ;
+    } else {
+      if((nonce_save = XMALLOC(RoundUp16(nonceSz), NULL, DYNAMIC_TYPE_TMP_BUFFER)) == NULL){ 
+          FREE_ALL; return MEMORY_E; }
+      nonce_a = nonce_save ; XMEMSET(nonce_a, 0, RoundUp16(nonceSz)) ; XMEMCPY(nonce_a, nonce, nonceSz) ;
+    }
+
+    /* do aes-ccm */
+    AesAuthSetIv(aes, nonce, nonceSz, L, mode) ;
+    ROM_AESReset(AES_BASE);
+    ROM_AESConfigSet(AES_BASE, (aes->keylen | AES_CFG_DIR_DECRYPT |
+                                AES_CFG_CTR_WIDTH_128 |
+                                  mode | ((mode== AES_CFG_MODE_CCM) ? (L | M) : 0 ))) ;
+    ROM_AESIVSet(AES_BASE, aes->reg);
+    ROM_AESKey1Set(AES_BASE, aes->key, aes->keylen);
+    ret = ROM_AESDataProcessAuth(AES_BASE, (unsigned int*)in_a, (unsigned int *)out_a, inSz,
+                           (unsigned int*)authIn_a, authInSz, (unsigned int *)tmpTag);
+    if((ret == false) || (XMEMCMP(authTag, tmpTag, authTagSz) != 0)){
+        XMEMSET(out, 0, inSz) ;
+        ret = false ;
+    } else {
+        XMEMCPY(out, out_a, inSz) ;  
+    }
+
+    FREE_ALL ;
+    return ret==true ? 0 : 1 ;
+}
+#endif
+
+
+#ifdef HAVE_AESGCM
+WOLFSSL_API int  wc_AesGcmSetKey(Aes* aes, const byte* key, word32 len)
+{
+    return AesAuthSetKey(aes, key, len) ;
+}
+
+WOLFSSL_API int  wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
+                              const byte* iv, word32 ivSz,
+                              byte* authTag, word32 authTagSz,
+                              const byte* authIn, word32 authInSz)
+{
+    return AesAuthEncrypt(aes, out, in, sz, iv, ivSz, authTag, authTagSz,
+                              authIn, authInSz, AES_CFG_MODE_GCM_HY0CALC) ;
+}
+WOLFSSL_API int  wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
+                              const byte* iv, word32 ivSz,
+                              const byte* authTag, word32 authTagSz,
+                              const byte* authIn, word32 authInSz)
+{ 
+    return AesAuthDecrypt(aes, out, in, sz, iv, ivSz, authTag, authTagSz,
+                              authIn, authInSz, AES_CFG_MODE_GCM_HY0CALC) ;
+}
+
+WOLFSSL_API int wc_GmacSetKey(Gmac* gmac, const byte* key, word32 len)
+{
+      return AesAuthSetKey(&gmac->aes, key, len) ;
+}
+
+WOLFSSL_API int wc_GmacUpdate(Gmac* gmac, const byte* iv, word32 ivSz,
+                              const byte* authIn, word32 authInSz,
+                              byte* authTag, word32 authTagSz)
+{
+    return AesAuthEncrypt(&gmac->aes, NULL, NULL, 0, iv, ivSz, authTag, authTagSz,
+                              authIn, authInSz, AES_CFG_MODE_GCM_HY0CALC) ;
+}
+
+#endif /* HAVE_AESGCM */
+
+#ifdef HAVE_AESCCM
+WOLFSSL_API void wc_AesCcmSetKey(Aes* aes, const byte* key, word32 keySz)
+{
+    AesAuthSetKey(aes, key, keySz) ;
+}
+
+WOLFSSL_API void wc_AesCcmEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
+                              const byte* nonce, word32 nonceSz,
+                              byte* authTag, word32 authTagSz,
+                              const byte* authIn, word32 authInSz)
+{ 
+    AesAuthEncrypt(aes, out, in, inSz, nonce, nonceSz, authTag, authTagSz,
+                              authIn, authInSz, AES_CFG_MODE_CCM) ;
+}
+
+WOLFSSL_API int wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
+                              const byte* nonce, word32 nonceSz,
+                              const byte* authTag, word32 authTagSz,
+                              const byte* authIn, word32 authInSz)
+{ 
+    return AesAuthDecrypt(aes, out, in, inSz, nonce, nonceSz, authTag, authTagSz,
+                              authIn, authInSz, AES_CFG_MODE_CCM) ;
+}
+#endif /* HAVE_AESCCM */
+
+#endif /* WOLFSSL_TI_CRYPT */
+
+#endif /* NO_AES */
+
+
+
diff --git a/wolfcrypt/src/sha.c b/wolfcrypt/src/sha.c
index 2a91116a2..be2106cbd 100644
--- a/wolfcrypt/src/sha.c
+++ b/wolfcrypt/src/sha.c
@@ -1,473 +1,473 @@
-/* sha.c
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
-
-#if !defined(NO_SHA) && !defined(WOLFSSL_TI_HASH)
-
-#include <wolfssl/wolfcrypt/sha.h>
-#include <wolfssl/wolfcrypt/logging.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
-
-#ifdef NO_INLINE
-    #include <wolfssl/wolfcrypt/misc.h>
-#else
-    #include <wolfcrypt/src/misc.c>
-#endif
-
-/* fips wrapper calls, user can call direct */
-#ifdef HAVE_FIPS
-	int wc_InitSha(Sha* sha)
-	{
-	    return InitSha_fips(sha);
-	}
-
-
-	int wc_ShaUpdate(Sha* sha, const byte* data, word32 len)
-	{
-	    return ShaUpdate_fips(sha, data, len);
-	}
-
-
-	int wc_ShaFinal(Sha* sha, byte* out)
-	{
-	    return ShaFinal_fips(sha,out);
-    }
-
-    int wc_ShaHash(const byte* data, word32 sz, byte* out)
-    {
-        return ShaHash(data, sz, out);
-    }
-
-#else /* else build without fips */
-
-#ifdef WOLFSSL_PIC32MZ_HASH
-#define wc_InitSha   wc_InitSha_sw
-#define wc_ShaUpdate wc_ShaUpdate_sw
-#define wc_ShaFinal  wc_ShaFinal_sw
-#endif
-
-
-#ifdef FREESCALE_MMCAU
-    #include "cau_api.h"
-    #define XTRANSFORM(S,B)  cau_sha1_hash_n((B), 1, ((S))->digest)
-#else
-    #define XTRANSFORM(S,B)  Transform((S))
-#endif
-
-#ifdef STM32F2_HASH
-/*
- * STM32F2 hardware SHA1 support through the STM32F2 standard peripheral
- * library. Documentation located in STM32F2xx Standard Peripheral Library
- * document (See note in README).
- */
-#include "stm32f2xx.h"
-#include "stm32f2xx_hash.h"
-
-int wc_InitSha(Sha* sha)
-{
-    /* STM32F2 struct notes:
-     * sha->buffer  = first 4 bytes used to hold partial block if needed
-     * sha->buffLen = num bytes currently stored in sha->buffer
-     * sha->loLen   = num bytes that have been written to STM32 FIFO
-     */
-    XMEMSET(sha->buffer, 0, SHA_REG_SIZE);
-    sha->buffLen = 0;
-    sha->loLen = 0;
-
-    /* initialize HASH peripheral */
-    HASH_DeInit();
-
-    /* configure algo used, algo mode, datatype */
-    HASH->CR &= ~ (HASH_CR_ALGO | HASH_CR_DATATYPE | HASH_CR_MODE);
-    HASH->CR |= (HASH_AlgoSelection_SHA1 | HASH_AlgoMode_HASH
-                 | HASH_DataType_8b);
-
-    /* reset HASH processor */
-    HASH->CR |= HASH_CR_INIT;
-
-    return 0;
-}
-
-int wc_ShaUpdate(Sha* sha, const byte* data, word32 len)
-{
-    word32 i = 0;
-    word32 fill = 0;
-    word32 diff = 0;
-
-    /* if saved partial block is available */
-    if (sha->buffLen) {
-        fill = 4 - sha->buffLen;
-
-        /* if enough data to fill, fill and push to FIFO */
-        if (fill <= len) {
-            XMEMCPY((byte*)sha->buffer + sha->buffLen, data, fill);
-            HASH_DataIn(*(uint32_t*)sha->buffer);
-
-            data += fill;
-            len -= fill;
-            sha->loLen += 4;
-            sha->buffLen = 0;
-        } else {
-            /* append partial to existing stored block */
-            XMEMCPY((byte*)sha->buffer + sha->buffLen, data, len);
-            sha->buffLen += len;
-            return;
-        }
-    }
-
-    /* write input block in the IN FIFO */
-    for(i = 0; i < len; i += 4)
-    {
-        diff = len - i;
-        if ( diff < 4) {
-            /* store incomplete last block, not yet in FIFO */
-            XMEMSET(sha->buffer, 0, SHA_REG_SIZE);
-            XMEMCPY((byte*)sha->buffer, data, diff);
-            sha->buffLen = diff;
-        } else {
-            HASH_DataIn(*(uint32_t*)data);
-            data+=4;
-        }
-    }
-
-    /* keep track of total data length thus far */
-    sha->loLen += (len - sha->buffLen);
-
-    return 0;
-}
-
-int wc_ShaFinal(Sha* sha, byte* hash)
-{
-    __IO uint16_t nbvalidbitsdata = 0;
-
-    /* finish reading any trailing bytes into FIFO */
-    if (sha->buffLen) {
-        HASH_DataIn(*(uint32_t*)sha->buffer);
-        sha->loLen += sha->buffLen;
-    }
-
-    /* calculate number of valid bits in last word of input data */
-    nbvalidbitsdata = 8 * (sha->loLen % SHA_REG_SIZE);
-
-    /* configure number of valid bits in last word of the data */
-    HASH_SetLastWordValidBitsNbr(nbvalidbitsdata);
-
-    /* start HASH processor */
-    HASH_StartDigest();
-
-    /* wait until Busy flag == RESET */
-    while (HASH_GetFlagStatus(HASH_FLAG_BUSY) != RESET) {}
-
-    /* read message digest */
-    sha->digest[0] = HASH->HR[0];
-    sha->digest[1] = HASH->HR[1];
-    sha->digest[2] = HASH->HR[2];
-    sha->digest[3] = HASH->HR[3];
-    sha->digest[4] = HASH->HR[4];
-
-    ByteReverseWords(sha->digest, sha->digest, SHA_DIGEST_SIZE);
-
-    XMEMCPY(hash, sha->digest, SHA_DIGEST_SIZE);
-
-    return wc_InitSha(sha);  /* reset state */
-}
-
-#elif defined(WOLFSSL_TI_HASH)
- 
-    /* defined in port/ti/ti_sha.c */
-
-#else /* wc_ software implementation */
-
-#ifndef WOLFSSL_HAVE_MIN
-#define WOLFSSL_HAVE_MIN
-
-    static INLINE word32 min(word32 a, word32 b)
-    {
-        return a > b ? b : a;
-    }
-
-#endif /* WOLFSSL_HAVE_MIN */
-
-
-int wc_InitSha(Sha* sha)
-{
-#ifdef FREESCALE_MMCAU
-    cau_sha1_initialize_output(sha->digest);
-#else
-    sha->digest[0] = 0x67452301L;
-    sha->digest[1] = 0xEFCDAB89L;
-    sha->digest[2] = 0x98BADCFEL;
-    sha->digest[3] = 0x10325476L;
-    sha->digest[4] = 0xC3D2E1F0L;
-#endif
-
-    sha->buffLen = 0;
-    sha->loLen   = 0;
-    sha->hiLen   = 0;
-
-    return 0;
-}
-
-#ifndef FREESCALE_MMCAU
-
-#define blk0(i) (W[i] = sha->buffer[i])
-#define blk1(i) (W[(i)&15] = \
-rotlFixed(W[((i)+13)&15]^W[((i)+8)&15]^W[((i)+2)&15]^W[(i)&15],1))
-
-#define f1(x,y,z) ((z)^((x) &((y)^(z))))
-#define f2(x,y,z) ((x)^(y)^(z))
-#define f3(x,y,z) (((x)&(y))|((z)&((x)|(y))))
-#define f4(x,y,z) ((x)^(y)^(z))
-
-/* (R0+R1), R2, R3, R4 are the different operations used in SHA1 */
-#define R0(v,w,x,y,z,i) (z)+= f1((w),(x),(y)) + blk0((i)) + 0x5A827999+ \
-rotlFixed((v),5); (w) = rotlFixed((w),30);
-#define R1(v,w,x,y,z,i) (z)+= f1((w),(x),(y)) + blk1((i)) + 0x5A827999+ \
-rotlFixed((v),5); (w) = rotlFixed((w),30);
-#define R2(v,w,x,y,z,i) (z)+= f2((w),(x),(y)) + blk1((i)) + 0x6ED9EBA1+ \
-rotlFixed((v),5); (w) = rotlFixed((w),30);
-#define R3(v,w,x,y,z,i) (z)+= f3((w),(x),(y)) + blk1((i)) + 0x8F1BBCDC+ \
-rotlFixed((v),5); (w) = rotlFixed((w),30);
-#define R4(v,w,x,y,z,i) (z)+= f4((w),(x),(y)) + blk1((i)) + 0xCA62C1D6+ \
-rotlFixed((v),5); (w) = rotlFixed((w),30);
-
-static void Transform(Sha* sha)
-{
-    word32 W[SHA_BLOCK_SIZE / sizeof(word32)];
-
-    /* Copy context->state[] to working vars */
-    word32 a = sha->digest[0];
-    word32 b = sha->digest[1];
-    word32 c = sha->digest[2];
-    word32 d = sha->digest[3];
-    word32 e = sha->digest[4];
-
-#ifdef USE_SLOW_SHA
-    word32 t, i;
-
-    for (i = 0; i < 16; i++) {
-        R0(a, b, c, d, e, i);
-        t = e; e = d; d = c; c = b; b = a; a = t;
-    }
-
-    for (; i < 20; i++) {
-        R1(a, b, c, d, e, i);
-        t = e; e = d; d = c; c = b; b = a; a = t;
-    }
-
-    for (; i < 40; i++) {
-        R2(a, b, c, d, e, i);
-        t = e; e = d; d = c; c = b; b = a; a = t;
-    }
-
-    for (; i < 60; i++) {
-        R3(a, b, c, d, e, i);
-        t = e; e = d; d = c; c = b; b = a; a = t;
-    }
-
-    for (; i < 80; i++) {
-        R4(a, b, c, d, e, i);
-        t = e; e = d; d = c; c = b; b = a; a = t;
-    }
-#else
-    /* nearly 1 K bigger in code size but 25% faster  */
-    /* 4 rounds of 20 operations each. Loop unrolled. */
-    R0(a,b,c,d,e, 0); R0(e,a,b,c,d, 1); R0(d,e,a,b,c, 2); R0(c,d,e,a,b, 3);
-    R0(b,c,d,e,a, 4); R0(a,b,c,d,e, 5); R0(e,a,b,c,d, 6); R0(d,e,a,b,c, 7);
-    R0(c,d,e,a,b, 8); R0(b,c,d,e,a, 9); R0(a,b,c,d,e,10); R0(e,a,b,c,d,11);
-    R0(d,e,a,b,c,12); R0(c,d,e,a,b,13); R0(b,c,d,e,a,14); R0(a,b,c,d,e,15);
-
-    R1(e,a,b,c,d,16); R1(d,e,a,b,c,17); R1(c,d,e,a,b,18); R1(b,c,d,e,a,19);
-
-    R2(a,b,c,d,e,20); R2(e,a,b,c,d,21); R2(d,e,a,b,c,22); R2(c,d,e,a,b,23);
-    R2(b,c,d,e,a,24); R2(a,b,c,d,e,25); R2(e,a,b,c,d,26); R2(d,e,a,b,c,27);
-    R2(c,d,e,a,b,28); R2(b,c,d,e,a,29); R2(a,b,c,d,e,30); R2(e,a,b,c,d,31);
-    R2(d,e,a,b,c,32); R2(c,d,e,a,b,33); R2(b,c,d,e,a,34); R2(a,b,c,d,e,35);
-    R2(e,a,b,c,d,36); R2(d,e,a,b,c,37); R2(c,d,e,a,b,38); R2(b,c,d,e,a,39);
-
-    R3(a,b,c,d,e,40); R3(e,a,b,c,d,41); R3(d,e,a,b,c,42); R3(c,d,e,a,b,43);
-    R3(b,c,d,e,a,44); R3(a,b,c,d,e,45); R3(e,a,b,c,d,46); R3(d,e,a,b,c,47);
-    R3(c,d,e,a,b,48); R3(b,c,d,e,a,49); R3(a,b,c,d,e,50); R3(e,a,b,c,d,51);
-    R3(d,e,a,b,c,52); R3(c,d,e,a,b,53); R3(b,c,d,e,a,54); R3(a,b,c,d,e,55);
-    R3(e,a,b,c,d,56); R3(d,e,a,b,c,57); R3(c,d,e,a,b,58); R3(b,c,d,e,a,59);
-
-    R4(a,b,c,d,e,60); R4(e,a,b,c,d,61); R4(d,e,a,b,c,62); R4(c,d,e,a,b,63);
-    R4(b,c,d,e,a,64); R4(a,b,c,d,e,65); R4(e,a,b,c,d,66); R4(d,e,a,b,c,67);
-    R4(c,d,e,a,b,68); R4(b,c,d,e,a,69); R4(a,b,c,d,e,70); R4(e,a,b,c,d,71);
-    R4(d,e,a,b,c,72); R4(c,d,e,a,b,73); R4(b,c,d,e,a,74); R4(a,b,c,d,e,75);
-    R4(e,a,b,c,d,76); R4(d,e,a,b,c,77); R4(c,d,e,a,b,78); R4(b,c,d,e,a,79);
-#endif
-
-    /* Add the working vars back into digest state[] */
-    sha->digest[0] += a;
-    sha->digest[1] += b;
-    sha->digest[2] += c;
-    sha->digest[3] += d;
-    sha->digest[4] += e;
-}
-
-#endif /* FREESCALE_MMCAU */
-
-
-static INLINE void AddLength(Sha* sha, word32 len)
-{
-    word32 tmp = sha->loLen;
-    if ( (sha->loLen += len) < tmp)
-        sha->hiLen++;                       /* carry low to high */
-}
-
-
-int wc_ShaUpdate(Sha* sha, const byte* data, word32 len)
-{
-    /* do block size increments */
-    byte* local = (byte*)sha->buffer;
-
-    while (len) {
-        word32 add = min(len, SHA_BLOCK_SIZE - sha->buffLen);
-        XMEMCPY(&local[sha->buffLen], data, add);
-
-        sha->buffLen += add;
-        data         += add;
-        len          -= add;
-
-        if (sha->buffLen == SHA_BLOCK_SIZE) {
-#if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU)
-            ByteReverseWords(sha->buffer, sha->buffer, SHA_BLOCK_SIZE);
-#endif
-            XTRANSFORM(sha, local);
-            AddLength(sha, SHA_BLOCK_SIZE);
-            sha->buffLen = 0;
-        }
-    }
-
-    return 0;
-}
-
-
-int wc_ShaFinal(Sha* sha, byte* hash)
-{
-    byte* local = (byte*)sha->buffer;
-
-    AddLength(sha, sha->buffLen);  /* before adding pads */
-
-    local[sha->buffLen++] = 0x80;  /* add 1 */
-
-    /* pad with zeros */
-    if (sha->buffLen > SHA_PAD_SIZE) {
-        XMEMSET(&local[sha->buffLen], 0, SHA_BLOCK_SIZE - sha->buffLen);
-        sha->buffLen += SHA_BLOCK_SIZE - sha->buffLen;
-
-#if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU)
-        ByteReverseWords(sha->buffer, sha->buffer, SHA_BLOCK_SIZE);
-#endif
-        XTRANSFORM(sha, local);
-        sha->buffLen = 0;
-    }
-    XMEMSET(&local[sha->buffLen], 0, SHA_PAD_SIZE - sha->buffLen);
-
-    /* put lengths in bits */
-    sha->hiLen = (sha->loLen >> (8*sizeof(sha->loLen) - 3)) +
-    (sha->hiLen << 3);
-    sha->loLen = sha->loLen << 3;
-
-    /* store lengths */
-#if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU)
-    ByteReverseWords(sha->buffer, sha->buffer, SHA_BLOCK_SIZE);
-#endif
-    /* ! length ordering dependent on digest endian type ! */
-    XMEMCPY(&local[SHA_PAD_SIZE], &sha->hiLen, sizeof(word32));
-    XMEMCPY(&local[SHA_PAD_SIZE + sizeof(word32)], &sha->loLen, sizeof(word32));
-
-#ifdef FREESCALE_MMCAU
-    /* Kinetis requires only these bytes reversed */
-    ByteReverseWords(&sha->buffer[SHA_PAD_SIZE/sizeof(word32)],
-                     &sha->buffer[SHA_PAD_SIZE/sizeof(word32)],
-                     2 * sizeof(word32));
-#endif
-
-    XTRANSFORM(sha, local);
-#ifdef LITTLE_ENDIAN_ORDER
-    ByteReverseWords(sha->digest, sha->digest, SHA_DIGEST_SIZE);
-#endif
-    XMEMCPY(hash, sha->digest, SHA_DIGEST_SIZE);
-
-    return wc_InitSha(sha);  /* reset state */
-}
-
-#endif /* STM32F2_HASH */
-
-
-int wc_ShaHash(const byte* data, word32 len, byte* hash)
-{
-    int ret = 0;
-#ifdef WOLFSSL_SMALL_STACK
-    Sha* sha;
-#else
-    Sha sha[1];
-#endif
-
-#ifdef WOLFSSL_SMALL_STACK
-    sha = (Sha*)XMALLOC(sizeof(Sha), NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    if (sha == NULL)
-        return MEMORY_E;
-#endif
-
-    if ((ret = wc_InitSha(sha)) != 0) {
-        WOLFSSL_MSG("wc_InitSha failed");
-    }
-    else {
-        wc_ShaUpdate(sha, data, len);
-        wc_ShaFinal(sha, hash);
-    }
-
-#ifdef WOLFSSL_SMALL_STACK
-    XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-
-    return ret;
-
-}
-
-#ifdef WOLFSSL_TI_HASH
-#include "wolfssl/wolfcrypt/port/ti/ti-hash.h"
-#endif
-int wc_ShaGetHash(Sha* sha, byte* hash)
-{
-#if defined(WOLFSS_TI_HASH)
-    wc_ShaGetHash_TI(sha, hash) ;
-#else
-    int ret ;
-    Sha save = *sha ;
-    ret = wc_ShaFinal(sha, hash) ;
-    *sha = save ;
-    return ret ;
-#endif
-}
-
-#endif /* HAVE_FIPS */
-#endif /* NO_SHA */
-
+/* sha.c
+ *
+ * Copyright (C) 2006-2015 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL. (formerly known as CyaSSL)
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#include <wolfssl/wolfcrypt/settings.h>
+
+#if !defined(NO_SHA) && !defined(WOLFSSL_TI_HASH)
+
+#include <wolfssl/wolfcrypt/sha.h>
+#include <wolfssl/wolfcrypt/logging.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
+
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #include <wolfcrypt/src/misc.c>
+#endif
+
+/* fips wrapper calls, user can call direct */
+#ifdef HAVE_FIPS
+	int wc_InitSha(Sha* sha)
+	{
+	    return InitSha_fips(sha);
+	}
+
+
+	int wc_ShaUpdate(Sha* sha, const byte* data, word32 len)
+	{
+	    return ShaUpdate_fips(sha, data, len);
+	}
+
+
+	int wc_ShaFinal(Sha* sha, byte* out)
+	{
+	    return ShaFinal_fips(sha,out);
+    }
+
+    int wc_ShaHash(const byte* data, word32 sz, byte* out)
+    {
+        return ShaHash(data, sz, out);
+    }
+
+#else /* else build without fips */
+
+#ifdef WOLFSSL_PIC32MZ_HASH
+#define wc_InitSha   wc_InitSha_sw
+#define wc_ShaUpdate wc_ShaUpdate_sw
+#define wc_ShaFinal  wc_ShaFinal_sw
+#endif
+
+
+#ifdef FREESCALE_MMCAU
+    #include "cau_api.h"
+    #define XTRANSFORM(S,B)  cau_sha1_hash_n((B), 1, ((S))->digest)
+#else
+    #define XTRANSFORM(S,B)  Transform((S))
+#endif
+
+#ifdef STM32F2_HASH
+/*
+ * STM32F2 hardware SHA1 support through the STM32F2 standard peripheral
+ * library. Documentation located in STM32F2xx Standard Peripheral Library
+ * document (See note in README).
+ */
+#include "stm32f2xx.h"
+#include "stm32f2xx_hash.h"
+
+int wc_InitSha(Sha* sha)
+{
+    /* STM32F2 struct notes:
+     * sha->buffer  = first 4 bytes used to hold partial block if needed
+     * sha->buffLen = num bytes currently stored in sha->buffer
+     * sha->loLen   = num bytes that have been written to STM32 FIFO
+     */
+    XMEMSET(sha->buffer, 0, SHA_REG_SIZE);
+    sha->buffLen = 0;
+    sha->loLen = 0;
+
+    /* initialize HASH peripheral */
+    HASH_DeInit();
+
+    /* configure algo used, algo mode, datatype */
+    HASH->CR &= ~ (HASH_CR_ALGO | HASH_CR_DATATYPE | HASH_CR_MODE);
+    HASH->CR |= (HASH_AlgoSelection_SHA1 | HASH_AlgoMode_HASH
+                 | HASH_DataType_8b);
+
+    /* reset HASH processor */
+    HASH->CR |= HASH_CR_INIT;
+
+    return 0;
+}
+
+int wc_ShaUpdate(Sha* sha, const byte* data, word32 len)
+{
+    word32 i = 0;
+    word32 fill = 0;
+    word32 diff = 0;
+
+    /* if saved partial block is available */
+    if (sha->buffLen) {
+        fill = 4 - sha->buffLen;
+
+        /* if enough data to fill, fill and push to FIFO */
+        if (fill <= len) {
+            XMEMCPY((byte*)sha->buffer + sha->buffLen, data, fill);
+            HASH_DataIn(*(uint32_t*)sha->buffer);
+
+            data += fill;
+            len -= fill;
+            sha->loLen += 4;
+            sha->buffLen = 0;
+        } else {
+            /* append partial to existing stored block */
+            XMEMCPY((byte*)sha->buffer + sha->buffLen, data, len);
+            sha->buffLen += len;
+            return;
+        }
+    }
+
+    /* write input block in the IN FIFO */
+    for(i = 0; i < len; i += 4)
+    {
+        diff = len - i;
+        if ( diff < 4) {
+            /* store incomplete last block, not yet in FIFO */
+            XMEMSET(sha->buffer, 0, SHA_REG_SIZE);
+            XMEMCPY((byte*)sha->buffer, data, diff);
+            sha->buffLen = diff;
+        } else {
+            HASH_DataIn(*(uint32_t*)data);
+            data+=4;
+        }
+    }
+
+    /* keep track of total data length thus far */
+    sha->loLen += (len - sha->buffLen);
+
+    return 0;
+}
+
+int wc_ShaFinal(Sha* sha, byte* hash)
+{
+    __IO uint16_t nbvalidbitsdata = 0;
+
+    /* finish reading any trailing bytes into FIFO */
+    if (sha->buffLen) {
+        HASH_DataIn(*(uint32_t*)sha->buffer);
+        sha->loLen += sha->buffLen;
+    }
+
+    /* calculate number of valid bits in last word of input data */
+    nbvalidbitsdata = 8 * (sha->loLen % SHA_REG_SIZE);
+
+    /* configure number of valid bits in last word of the data */
+    HASH_SetLastWordValidBitsNbr(nbvalidbitsdata);
+
+    /* start HASH processor */
+    HASH_StartDigest();
+
+    /* wait until Busy flag == RESET */
+    while (HASH_GetFlagStatus(HASH_FLAG_BUSY) != RESET) {}
+
+    /* read message digest */
+    sha->digest[0] = HASH->HR[0];
+    sha->digest[1] = HASH->HR[1];
+    sha->digest[2] = HASH->HR[2];
+    sha->digest[3] = HASH->HR[3];
+    sha->digest[4] = HASH->HR[4];
+
+    ByteReverseWords(sha->digest, sha->digest, SHA_DIGEST_SIZE);
+
+    XMEMCPY(hash, sha->digest, SHA_DIGEST_SIZE);
+
+    return wc_InitSha(sha);  /* reset state */
+}
+
+#elif defined(WOLFSSL_TI_HASH)
+ 
+    /* defined in port/ti/ti_sha.c */
+
+#else /* wc_ software implementation */
+
+#ifndef WOLFSSL_HAVE_MIN
+#define WOLFSSL_HAVE_MIN
+
+    static INLINE word32 min(word32 a, word32 b)
+    {
+        return a > b ? b : a;
+    }
+
+#endif /* WOLFSSL_HAVE_MIN */
+
+
+int wc_InitSha(Sha* sha)
+{
+#ifdef FREESCALE_MMCAU
+    cau_sha1_initialize_output(sha->digest);
+#else
+    sha->digest[0] = 0x67452301L;
+    sha->digest[1] = 0xEFCDAB89L;
+    sha->digest[2] = 0x98BADCFEL;
+    sha->digest[3] = 0x10325476L;
+    sha->digest[4] = 0xC3D2E1F0L;
+#endif
+
+    sha->buffLen = 0;
+    sha->loLen   = 0;
+    sha->hiLen   = 0;
+
+    return 0;
+}
+
+#ifndef FREESCALE_MMCAU
+
+#define blk0(i) (W[i] = sha->buffer[i])
+#define blk1(i) (W[(i)&15] = \
+rotlFixed(W[((i)+13)&15]^W[((i)+8)&15]^W[((i)+2)&15]^W[(i)&15],1))
+
+#define f1(x,y,z) ((z)^((x) &((y)^(z))))
+#define f2(x,y,z) ((x)^(y)^(z))
+#define f3(x,y,z) (((x)&(y))|((z)&((x)|(y))))
+#define f4(x,y,z) ((x)^(y)^(z))
+
+/* (R0+R1), R2, R3, R4 are the different operations used in SHA1 */
+#define R0(v,w,x,y,z,i) (z)+= f1((w),(x),(y)) + blk0((i)) + 0x5A827999+ \
+rotlFixed((v),5); (w) = rotlFixed((w),30);
+#define R1(v,w,x,y,z,i) (z)+= f1((w),(x),(y)) + blk1((i)) + 0x5A827999+ \
+rotlFixed((v),5); (w) = rotlFixed((w),30);
+#define R2(v,w,x,y,z,i) (z)+= f2((w),(x),(y)) + blk1((i)) + 0x6ED9EBA1+ \
+rotlFixed((v),5); (w) = rotlFixed((w),30);
+#define R3(v,w,x,y,z,i) (z)+= f3((w),(x),(y)) + blk1((i)) + 0x8F1BBCDC+ \
+rotlFixed((v),5); (w) = rotlFixed((w),30);
+#define R4(v,w,x,y,z,i) (z)+= f4((w),(x),(y)) + blk1((i)) + 0xCA62C1D6+ \
+rotlFixed((v),5); (w) = rotlFixed((w),30);
+
+static void Transform(Sha* sha)
+{
+    word32 W[SHA_BLOCK_SIZE / sizeof(word32)];
+
+    /* Copy context->state[] to working vars */
+    word32 a = sha->digest[0];
+    word32 b = sha->digest[1];
+    word32 c = sha->digest[2];
+    word32 d = sha->digest[3];
+    word32 e = sha->digest[4];
+
+#ifdef USE_SLOW_SHA
+    word32 t, i;
+
+    for (i = 0; i < 16; i++) {
+        R0(a, b, c, d, e, i);
+        t = e; e = d; d = c; c = b; b = a; a = t;
+    }
+
+    for (; i < 20; i++) {
+        R1(a, b, c, d, e, i);
+        t = e; e = d; d = c; c = b; b = a; a = t;
+    }
+
+    for (; i < 40; i++) {
+        R2(a, b, c, d, e, i);
+        t = e; e = d; d = c; c = b; b = a; a = t;
+    }
+
+    for (; i < 60; i++) {
+        R3(a, b, c, d, e, i);
+        t = e; e = d; d = c; c = b; b = a; a = t;
+    }
+
+    for (; i < 80; i++) {
+        R4(a, b, c, d, e, i);
+        t = e; e = d; d = c; c = b; b = a; a = t;
+    }
+#else
+    /* nearly 1 K bigger in code size but 25% faster  */
+    /* 4 rounds of 20 operations each. Loop unrolled. */
+    R0(a,b,c,d,e, 0); R0(e,a,b,c,d, 1); R0(d,e,a,b,c, 2); R0(c,d,e,a,b, 3);
+    R0(b,c,d,e,a, 4); R0(a,b,c,d,e, 5); R0(e,a,b,c,d, 6); R0(d,e,a,b,c, 7);
+    R0(c,d,e,a,b, 8); R0(b,c,d,e,a, 9); R0(a,b,c,d,e,10); R0(e,a,b,c,d,11);
+    R0(d,e,a,b,c,12); R0(c,d,e,a,b,13); R0(b,c,d,e,a,14); R0(a,b,c,d,e,15);
+
+    R1(e,a,b,c,d,16); R1(d,e,a,b,c,17); R1(c,d,e,a,b,18); R1(b,c,d,e,a,19);
+
+    R2(a,b,c,d,e,20); R2(e,a,b,c,d,21); R2(d,e,a,b,c,22); R2(c,d,e,a,b,23);
+    R2(b,c,d,e,a,24); R2(a,b,c,d,e,25); R2(e,a,b,c,d,26); R2(d,e,a,b,c,27);
+    R2(c,d,e,a,b,28); R2(b,c,d,e,a,29); R2(a,b,c,d,e,30); R2(e,a,b,c,d,31);
+    R2(d,e,a,b,c,32); R2(c,d,e,a,b,33); R2(b,c,d,e,a,34); R2(a,b,c,d,e,35);
+    R2(e,a,b,c,d,36); R2(d,e,a,b,c,37); R2(c,d,e,a,b,38); R2(b,c,d,e,a,39);
+
+    R3(a,b,c,d,e,40); R3(e,a,b,c,d,41); R3(d,e,a,b,c,42); R3(c,d,e,a,b,43);
+    R3(b,c,d,e,a,44); R3(a,b,c,d,e,45); R3(e,a,b,c,d,46); R3(d,e,a,b,c,47);
+    R3(c,d,e,a,b,48); R3(b,c,d,e,a,49); R3(a,b,c,d,e,50); R3(e,a,b,c,d,51);
+    R3(d,e,a,b,c,52); R3(c,d,e,a,b,53); R3(b,c,d,e,a,54); R3(a,b,c,d,e,55);
+    R3(e,a,b,c,d,56); R3(d,e,a,b,c,57); R3(c,d,e,a,b,58); R3(b,c,d,e,a,59);
+
+    R4(a,b,c,d,e,60); R4(e,a,b,c,d,61); R4(d,e,a,b,c,62); R4(c,d,e,a,b,63);
+    R4(b,c,d,e,a,64); R4(a,b,c,d,e,65); R4(e,a,b,c,d,66); R4(d,e,a,b,c,67);
+    R4(c,d,e,a,b,68); R4(b,c,d,e,a,69); R4(a,b,c,d,e,70); R4(e,a,b,c,d,71);
+    R4(d,e,a,b,c,72); R4(c,d,e,a,b,73); R4(b,c,d,e,a,74); R4(a,b,c,d,e,75);
+    R4(e,a,b,c,d,76); R4(d,e,a,b,c,77); R4(c,d,e,a,b,78); R4(b,c,d,e,a,79);
+#endif
+
+    /* Add the working vars back into digest state[] */
+    sha->digest[0] += a;
+    sha->digest[1] += b;
+    sha->digest[2] += c;
+    sha->digest[3] += d;
+    sha->digest[4] += e;
+}
+
+#endif /* FREESCALE_MMCAU */
+
+
+static INLINE void AddLength(Sha* sha, word32 len)
+{
+    word32 tmp = sha->loLen;
+    if ( (sha->loLen += len) < tmp)
+        sha->hiLen++;                       /* carry low to high */
+}
+
+
+int wc_ShaUpdate(Sha* sha, const byte* data, word32 len)
+{
+    /* do block size increments */
+    byte* local = (byte*)sha->buffer;
+
+    while (len) {
+        word32 add = min(len, SHA_BLOCK_SIZE - sha->buffLen);
+        XMEMCPY(&local[sha->buffLen], data, add);
+
+        sha->buffLen += add;
+        data         += add;
+        len          -= add;
+
+        if (sha->buffLen == SHA_BLOCK_SIZE) {
+#if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU)
+            ByteReverseWords(sha->buffer, sha->buffer, SHA_BLOCK_SIZE);
+#endif
+            XTRANSFORM(sha, local);
+            AddLength(sha, SHA_BLOCK_SIZE);
+            sha->buffLen = 0;
+        }
+    }
+
+    return 0;
+}
+
+
+int wc_ShaFinal(Sha* sha, byte* hash)
+{
+    byte* local = (byte*)sha->buffer;
+
+    AddLength(sha, sha->buffLen);  /* before adding pads */
+
+    local[sha->buffLen++] = 0x80;  /* add 1 */
+
+    /* pad with zeros */
+    if (sha->buffLen > SHA_PAD_SIZE) {
+        XMEMSET(&local[sha->buffLen], 0, SHA_BLOCK_SIZE - sha->buffLen);
+        sha->buffLen += SHA_BLOCK_SIZE - sha->buffLen;
+
+#if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU)
+        ByteReverseWords(sha->buffer, sha->buffer, SHA_BLOCK_SIZE);
+#endif
+        XTRANSFORM(sha, local);
+        sha->buffLen = 0;
+    }
+    XMEMSET(&local[sha->buffLen], 0, SHA_PAD_SIZE - sha->buffLen);
+
+    /* put lengths in bits */
+    sha->hiLen = (sha->loLen >> (8*sizeof(sha->loLen) - 3)) +
+    (sha->hiLen << 3);
+    sha->loLen = sha->loLen << 3;
+
+    /* store lengths */
+#if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU)
+    ByteReverseWords(sha->buffer, sha->buffer, SHA_BLOCK_SIZE);
+#endif
+    /* ! length ordering dependent on digest endian type ! */
+    XMEMCPY(&local[SHA_PAD_SIZE], &sha->hiLen, sizeof(word32));
+    XMEMCPY(&local[SHA_PAD_SIZE + sizeof(word32)], &sha->loLen, sizeof(word32));
+
+#ifdef FREESCALE_MMCAU
+    /* Kinetis requires only these bytes reversed */
+    ByteReverseWords(&sha->buffer[SHA_PAD_SIZE/sizeof(word32)],
+                     &sha->buffer[SHA_PAD_SIZE/sizeof(word32)],
+                     2 * sizeof(word32));
+#endif
+
+    XTRANSFORM(sha, local);
+#ifdef LITTLE_ENDIAN_ORDER
+    ByteReverseWords(sha->digest, sha->digest, SHA_DIGEST_SIZE);
+#endif
+    XMEMCPY(hash, sha->digest, SHA_DIGEST_SIZE);
+
+    return wc_InitSha(sha);  /* reset state */
+}
+
+#endif /* STM32F2_HASH */
+
+
+int wc_ShaHash(const byte* data, word32 len, byte* hash)
+{
+    int ret = 0;
+#ifdef WOLFSSL_SMALL_STACK
+    Sha* sha;
+#else
+    Sha sha[1];
+#endif
+
+#ifdef WOLFSSL_SMALL_STACK
+    sha = (Sha*)XMALLOC(sizeof(Sha), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    if (sha == NULL)
+        return MEMORY_E;
+#endif
+
+    if ((ret = wc_InitSha(sha)) != 0) {
+        WOLFSSL_MSG("wc_InitSha failed");
+    }
+    else {
+        wc_ShaUpdate(sha, data, len);
+        wc_ShaFinal(sha, hash);
+    }
+
+#ifdef WOLFSSL_SMALL_STACK
+    XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+
+    return ret;
+
+}
+
+#ifdef WOLFSSL_TI_HASH
+#include "wolfssl/wolfcrypt/port/ti/ti-hash.h"
+#endif
+int wc_ShaGetHash(Sha* sha, byte* hash)
+{
+#if defined(WOLFSS_TI_HASH)
+    wc_ShaGetHash_TI(sha, hash) ;
+#else
+    int ret ;
+    Sha save = *sha ;
+    ret = wc_ShaFinal(sha, hash) ;
+    *sha = save ;
+    return ret ;
+#endif
+}
+
+#endif /* HAVE_FIPS */
+#endif /* NO_SHA */
+
diff --git a/wolfcrypt/src/sha256.c b/wolfcrypt/src/sha256.c
index ec4eb918b..90f99a35b 100644
--- a/wolfcrypt/src/sha256.c
+++ b/wolfcrypt/src/sha256.c
@@ -1,1781 +1,1781 @@
-/* sha256.c
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-/* code submitted by raphael.huck@efixo.com */
-
-#ifdef HAVE_CONFIG_H
-    #include <config.h>
-#endif
-
-#include <wolfssl/wolfcrypt/settings.h>
-#include <wolfssl/wolfcrypt/sha256.h>
-
-#if !defined(NO_SHA256)
-#ifdef HAVE_FIPS
-
-int wc_InitSha256(Sha256* sha)
-{
-    return InitSha256_fips(sha);
-}
-
-
-int wc_Sha256Update(Sha256* sha, const byte* data, word32 len)
-{
-    return Sha256Update_fips(sha, data, len);
-}
-
-
-int wc_Sha256Final(Sha256* sha, byte* out)
-{
-    return Sha256Final_fips(sha, out);
-}
-
-
-int wc_Sha256Hash(const byte* data, word32 len, byte* out)
-{
-    return Sha256Hash(data, len, out);
-}
-
-#else /* else build without fips */
-
-#if !defined(NO_SHA256) && !defined(WOLFSSL_TI_HASH)
-    /* defined in port/ti/ti_sha256.c */
-
-#if !defined (ALIGN32)
-    #if defined (__GNUC__)
-        #define ALIGN32 __attribute__ ( (aligned (32)))
-    #elif defined(_MSC_VER)
-        /* disable align warning, we want alignment ! */
-        #pragma warning(disable: 4324)
-        #define ALIGN32 __declspec (align (32))
-    #else
-        #define ALIGN32
-    #endif
-#endif
-
-#ifdef WOLFSSL_PIC32MZ_HASH
-#define wc_InitSha256   wc_InitSha256_sw
-#define wc_Sha256Update wc_Sha256Update_sw
-#define wc_Sha256Final  wc_Sha256Final_sw
-#endif
-
-#ifdef HAVE_FIPS
-    /* set NO_WRAPPERS before headers, use direct internal f()s not wrappers */
-    #define FIPS_NO_WRAPPERS
-#endif
-
-#if defined(USE_INTEL_SPEEDUP)
-#define HAVE_INTEL_AVX1
-#define HAVE_INTEL_AVX2
-
-#if defined(DEBUG_XMM)
-#include "stdio.h"
-#endif
-
-#endif
-
-#if defined(HAVE_INTEL_AVX2)
-#define HAVE_INTEL_RORX
-#endif
- 
-
-/*****
-Intel AVX1/AVX2 Macro Control Structure
-
-#define HAVE_INTEL_AVX1
-#define HAVE_INTEL_AVX2
-
-#define HAVE_INTEL_RORX
-
-
-int InitSha256(Sha256* sha256) { 
-     Save/Recover XMM, YMM
-     ...
-}
-
-#if defined(HAVE_INTEL_AVX1)|| defined(HAVE_INTEL_AVX2)
-  Transform() ; Function prototype 
-#else
-  Transform() {   }
-  int Sha256Final() { 
-     Save/Recover XMM, YMM
-     ...
-  }
-#endif
-
-#if defined(HAVE_INTEL_AVX1)|| defined(HAVE_INTEL_AVX2)
-    #if defined(HAVE_INTEL_RORX
-         #define RND with rorx instuction
-    #else
-        #define RND
-    #endif
-#endif
-
-#if defined(HAVE_INTEL_AVX1)
-   
-   #define XMM Instructions/inline asm
-   
-   int Transform() {
-       Stitched Message Sched/Round
-    } 
-   
-#elif defined(HAVE_INTEL_AVX2)
-  
-  #define YMM Instructions/inline asm
-  
-  int Transform() {
-      More granural Stitched Message Sched/Round
-  }
-  
-*/
-
-
-#if defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)
-
-/* Each platform needs to query info type 1 from cpuid to see if aesni is
- * supported. Also, let's setup a macro for proper linkage w/o ABI conflicts
- */
-
-#ifndef _MSC_VER
-    #define cpuid(reg, leaf, sub)\
-            __asm__ __volatile__ ("cpuid":\
-             "=a" (reg[0]), "=b" (reg[1]), "=c" (reg[2]), "=d" (reg[3]) :\
-             "a" (leaf), "c"(sub));
-
-    #define XASM_LINK(f) asm(f)
-#else
-
-    #include <intrin.h>
-    #define cpuid(a,b) __cpuid((int*)a,b)
-
-    #define XASM_LINK(f)
-
-#endif /* _MSC_VER */
-
-#define EAX 0
-#define EBX 1
-#define ECX 2 
-#define EDX 3
-    
-#define CPUID_AVX1   0x1
-#define CPUID_AVX2   0x2
-#define CPUID_RDRAND 0x4
-#define CPUID_RDSEED 0x8
-#define CPUID_BMI2   0x10   /* MULX, RORX */
-
-#define IS_INTEL_AVX1       (cpuid_flags&CPUID_AVX1)
-#define IS_INTEL_AVX2       (cpuid_flags&CPUID_AVX2)
-#define IS_INTEL_BMI2       (cpuid_flags&CPUID_BMI2)
-#define IS_INTEL_RDRAND     (cpuid_flags&CPUID_RDRAND)
-#define IS_INTEL_RDSEED     (cpuid_flags&CPUID_RDSEED)
-
-static word32 cpuid_check = 0 ;
-static word32 cpuid_flags = 0 ;
-
-static word32 cpuid_flag(word32 leaf, word32 sub, word32 num, word32 bit) {
-    int got_intel_cpu=0;
-    unsigned int reg[5]; 
-    
-    reg[4] = '\0' ;
-    cpuid(reg, 0, 0);  
-    if(memcmp((char *)&(reg[EBX]), "Genu", 4) == 0 &&  
-                memcmp((char *)&(reg[EDX]), "ineI", 4) == 0 &&  
-                memcmp((char *)&(reg[ECX]), "ntel", 4) == 0) {  
-        got_intel_cpu = 1;  
-    }    
-    if (got_intel_cpu) {
-        cpuid(reg, leaf, sub);
-        return((reg[num]>>bit)&0x1) ;
-    }
-    return 0 ;
-}
-
-static int set_cpuid_flags(void) {  
-    if(cpuid_check==0) {
-        if(cpuid_flag(1, 0, ECX, 28)){ cpuid_flags |= CPUID_AVX1 ;}
-        if(cpuid_flag(7, 0, EBX, 5)){  cpuid_flags |= CPUID_AVX2 ; }
-        if(cpuid_flag(7, 0, EBX, 8)) { cpuid_flags |= CPUID_BMI2 ; }
-        if(cpuid_flag(1, 0, ECX, 30)){ cpuid_flags |= CPUID_RDRAND ;  } 
-        if(cpuid_flag(7, 0, EBX, 18)){ cpuid_flags |= CPUID_RDSEED ;  }
-        cpuid_check = 1 ;
-        return 0 ;
-    }
-    return 1 ;
-}
-
-
-/* #if defined(HAVE_INTEL_AVX1/2) at the tail of sha512 */
-static int Transform(Sha256* sha256);
-
-#if defined(HAVE_INTEL_AVX1)
-static int Transform_AVX1(Sha256 *sha256) ;
-#endif
-#if defined(HAVE_INTEL_AVX2)
-static int Transform_AVX2(Sha256 *sha256) ; 
-static int Transform_AVX1_RORX(Sha256 *sha256) ; 
-#endif
-
-static int (*Transform_p)(Sha256* sha256) /* = _Transform */;
-
-#define XTRANSFORM(sha256, B)  (*Transform_p)(sha256)
-
-static void set_Transform(void) {
-     if(set_cpuid_flags())return ;
-
-#if defined(HAVE_INTEL_AVX2)
-     if(IS_INTEL_AVX2 && IS_INTEL_BMI2){ 
-         Transform_p = Transform_AVX1_RORX; return ; 
-         Transform_p = Transform_AVX2      ; 
-                  /* for avoiding warning,"not used" */
-     }
-#endif
-#if defined(HAVE_INTEL_AVX1)
-     Transform_p = ((IS_INTEL_AVX1) ? Transform_AVX1 : Transform) ; return ;
-#endif
-     Transform_p = Transform ; return ;
-}
-
-#else
-   #if defined(FREESCALE_MMCAU)
-      #define XTRANSFORM(sha256, B) Transform(sha256, B)
-   #else
-      #define XTRANSFORM(sha256, B) Transform(sha256)
-   #endif
-#endif
-
-/* Dummy for saving MM_REGs on behalf of Transform */
-#if defined(HAVE_INTEL_AVX2)&& !defined(HAVE_INTEL_AVX1)
-#define  SAVE_XMM_YMM   __asm__ volatile("or %%r8d, %%r8d":::\
-  "%ymm4","%ymm5","%ymm6","%ymm7","%ymm8","%ymm9","%ymm10","%ymm11","%ymm12","%ymm13","%ymm14","%ymm15")
-#elif defined(HAVE_INTEL_AVX1)
-#define  SAVE_XMM_YMM   __asm__ volatile("or %%r8d, %%r8d":::\
-    "xmm0","xmm1","xmm2","xmm3","xmm4","xmm5","xmm6","xmm7","xmm8","xmm9","xmm10",\
-    "xmm11","xmm12","xmm13","xmm14","xmm15")
-#else
-#define  SAVE_XMM_YMM
-#endif
-
-#ifdef WOLFSSL_PIC32MZ_HASH
-#define InitSha256   InitSha256_sw
-#define Sha256Update Sha256Update_sw
-#define Sha256Final  Sha256Final_sw
-#endif
-
-#include <wolfssl/wolfcrypt/logging.h>
-#include <wolfssl/wolfcrypt/error-crypt.h>
-
-#ifdef NO_INLINE
-    #include <wolfssl/wolfcrypt/misc.h>
-#else
-    #include <wolfcrypt/src/misc.c>
-#endif
-
-#ifdef FREESCALE_MMCAU
-    #include "cau_api.h"
-#endif
-
-#ifndef WOLFSSL_HAVE_MIN
-#define WOLFSSL_HAVE_MIN
-
-    static INLINE word32 min(word32 a, word32 b)
-    {
-        return a > b ? b : a;
-    }
-
-#endif /* WOLFSSL_HAVE_MIN */
-
-
-int wc_InitSha256(Sha256* sha256)
-{
-    #ifdef FREESCALE_MMCAU
-        cau_sha256_initialize_output(sha256->digest);
-    #else
-        sha256->digest[0] = 0x6A09E667L;
-        sha256->digest[1] = 0xBB67AE85L;
-        sha256->digest[2] = 0x3C6EF372L;
-        sha256->digest[3] = 0xA54FF53AL;
-        sha256->digest[4] = 0x510E527FL;
-        sha256->digest[5] = 0x9B05688CL;
-        sha256->digest[6] = 0x1F83D9ABL;
-        sha256->digest[7] = 0x5BE0CD19L;
-    #endif
-
-    sha256->buffLen = 0;
-    sha256->loLen   = 0;
-    sha256->hiLen   = 0;
-    
-#if defined(HAVE_INTEL_AVX1)|| defined(HAVE_INTEL_AVX2)
-    set_Transform() ; /* choose best Transform function under this runtime environment */
-#endif
-
-    return 0;
-}
-
-
-#if !defined(FREESCALE_MMCAU)
-static const ALIGN32 word32 K[64] = {
-    0x428A2F98L, 0x71374491L, 0xB5C0FBCFL, 0xE9B5DBA5L, 0x3956C25BL,
-    0x59F111F1L, 0x923F82A4L, 0xAB1C5ED5L, 0xD807AA98L, 0x12835B01L,
-    0x243185BEL, 0x550C7DC3L, 0x72BE5D74L, 0x80DEB1FEL, 0x9BDC06A7L,
-    0xC19BF174L, 0xE49B69C1L, 0xEFBE4786L, 0x0FC19DC6L, 0x240CA1CCL,
-    0x2DE92C6FL, 0x4A7484AAL, 0x5CB0A9DCL, 0x76F988DAL, 0x983E5152L,
-    0xA831C66DL, 0xB00327C8L, 0xBF597FC7L, 0xC6E00BF3L, 0xD5A79147L,
-    0x06CA6351L, 0x14292967L, 0x27B70A85L, 0x2E1B2138L, 0x4D2C6DFCL,
-    0x53380D13L, 0x650A7354L, 0x766A0ABBL, 0x81C2C92EL, 0x92722C85L,
-    0xA2BFE8A1L, 0xA81A664BL, 0xC24B8B70L, 0xC76C51A3L, 0xD192E819L,
-    0xD6990624L, 0xF40E3585L, 0x106AA070L, 0x19A4C116L, 0x1E376C08L,
-    0x2748774CL, 0x34B0BCB5L, 0x391C0CB3L, 0x4ED8AA4AL, 0x5B9CCA4FL,
-    0x682E6FF3L, 0x748F82EEL, 0x78A5636FL, 0x84C87814L, 0x8CC70208L,
-    0x90BEFFFAL, 0xA4506CEBL, 0xBEF9A3F7L, 0xC67178F2L
-};
-
-#endif
-
-#if defined(FREESCALE_MMCAU)
-
-static int Transform(Sha256* sha256, byte* buf)
-{
-    cau_sha256_hash_n(buf, 1, sha256->digest);
-
-    return 0;
-}
-
-#endif /* FREESCALE_MMCAU */
-
-#define Ch(x,y,z)       ((z) ^ ((x) & ((y) ^ (z))))
-#define Maj(x,y,z)      ((((x) | (y)) & (z)) | ((x) & (y)))
-#define R(x, n)         (((x)&0xFFFFFFFFU)>>(n))
-
-#define S(x, n)         rotrFixed(x, n)
-#define Sigma0(x)       (S(x, 2) ^ S(x, 13) ^ S(x, 22))
-#define Sigma1(x)       (S(x, 6) ^ S(x, 11) ^ S(x, 25))
-#define Gamma0(x)       (S(x, 7) ^ S(x, 18) ^ R(x, 3))
-#define Gamma1(x)       (S(x, 17) ^ S(x, 19) ^ R(x, 10))
-
-#define RND(a,b,c,d,e,f,g,h,i) \
-     t0 = (h) + Sigma1((e)) + Ch((e), (f), (g)) + K[(i)] + W[(i)]; \
-     t1 = Sigma0((a)) + Maj((a), (b), (c)); \
-     (d) += t0; \
-     (h)  = t0 + t1;
-
-#if !defined(FREESCALE_MMCAU)
-static int Transform(Sha256* sha256)
-{
-    word32 S[8], t0, t1;
-    int i;
-
-#ifdef WOLFSSL_SMALL_STACK
-    word32* W;
-
-    W = (word32*) XMALLOC(sizeof(word32) * 64, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    if (W == NULL)
-        return MEMORY_E;
-#else
-    word32 W[64];
-#endif
-
-    /* Copy context->state[] to working vars */
-    for (i = 0; i < 8; i++)
-        S[i] = sha256->digest[i];
-
-    for (i = 0; i < 16; i++)
-        W[i] = sha256->buffer[i];
-
-    for (i = 16; i < 64; i++)
-        W[i] = Gamma1(W[i-2]) + W[i-7] + Gamma0(W[i-15]) + W[i-16];
-
-    for (i = 0; i < 64; i += 8) {
-        RND(S[0],S[1],S[2],S[3],S[4],S[5],S[6],S[7],i+0);
-        RND(S[7],S[0],S[1],S[2],S[3],S[4],S[5],S[6],i+1);
-        RND(S[6],S[7],S[0],S[1],S[2],S[3],S[4],S[5],i+2);
-        RND(S[5],S[6],S[7],S[0],S[1],S[2],S[3],S[4],i+3);
-        RND(S[4],S[5],S[6],S[7],S[0],S[1],S[2],S[3],i+4);
-        RND(S[3],S[4],S[5],S[6],S[7],S[0],S[1],S[2],i+5);
-        RND(S[2],S[3],S[4],S[5],S[6],S[7],S[0],S[1],i+6);
-        RND(S[1],S[2],S[3],S[4],S[5],S[6],S[7],S[0],i+7);
-    }
-
-    /* Add the working vars back into digest state[] */
-    for (i = 0; i < 8; i++) {
-        sha256->digest[i] += S[i];
-    }
-
-#ifdef WOLFSSL_SMALL_STACK
-    XFREE(W, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-
-    return 0;
-}
-
-#endif /* #if !defined(FREESCALE_MMCAU) */
-
-static INLINE void AddLength(Sha256* sha256, word32 len)
-{
-    word32 tmp = sha256->loLen;
-    if ( (sha256->loLen += len) < tmp)
-        sha256->hiLen++;                       /* carry low to high */
-}
-
-int wc_Sha256Update(Sha256* sha256, const byte* data, word32 len)
-{
-
-    /* do block size increments */
-    byte* local = (byte*)sha256->buffer;
-
-    SAVE_XMM_YMM ; /* for Intel AVX */
-
-    while (len) {
-        word32 add = min(len, SHA256_BLOCK_SIZE - sha256->buffLen);
-        XMEMCPY(&local[sha256->buffLen], data, add);
-
-        sha256->buffLen += add;
-        data            += add;
-        len             -= add;
-
-        if (sha256->buffLen == SHA256_BLOCK_SIZE) {
-            int ret;
-
-            #if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU)
-                #if defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)
-                if(!IS_INTEL_AVX1 && !IS_INTEL_AVX2)
-                #endif
-                ByteReverseWords(sha256->buffer, sha256->buffer,
-                                 SHA256_BLOCK_SIZE);
-            #endif
-            ret = XTRANSFORM(sha256, local);
-            if (ret != 0)
-                return ret;
-
-            AddLength(sha256, SHA256_BLOCK_SIZE);
-            sha256->buffLen = 0;
-        }
-    }
-
-    return 0;
-}
-
-int wc_Sha256Final(Sha256* sha256, byte* hash)
-{
-    byte* local = (byte*)sha256->buffer;
-    int ret;
-    
-    SAVE_XMM_YMM ; /* for Intel AVX */
-
-    AddLength(sha256, sha256->buffLen);  /* before adding pads */
-
-    local[sha256->buffLen++] = 0x80;     /* add 1 */
-
-    /* pad with zeros */
-    if (sha256->buffLen > SHA256_PAD_SIZE) {
-        XMEMSET(&local[sha256->buffLen], 0, SHA256_BLOCK_SIZE - sha256->buffLen);
-        sha256->buffLen += SHA256_BLOCK_SIZE - sha256->buffLen;
-
-        #if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU)
-            #if defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)
-            if(!IS_INTEL_AVX1 && !IS_INTEL_AVX2)
-            #endif
-            ByteReverseWords(sha256->buffer, sha256->buffer, SHA256_BLOCK_SIZE);
-        #endif
-
-        ret = XTRANSFORM(sha256, local);
-        if (ret != 0)
-            return ret;
-
-        sha256->buffLen = 0;
-    }
-    XMEMSET(&local[sha256->buffLen], 0, SHA256_PAD_SIZE - sha256->buffLen);
-
-    /* put lengths in bits */
-    sha256->hiLen = (sha256->loLen >> (8*sizeof(sha256->loLen) - 3)) +
-                 (sha256->hiLen << 3);
-    sha256->loLen = sha256->loLen << 3;
-
-    /* store lengths */
-    #if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU)
-        #if defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)
-        if(!IS_INTEL_AVX1 && !IS_INTEL_AVX2)
-        #endif
-            ByteReverseWords(sha256->buffer, sha256->buffer, SHA256_BLOCK_SIZE);
-    #endif
-    /* ! length ordering dependent on digest endian type ! */
-    XMEMCPY(&local[SHA256_PAD_SIZE], &sha256->hiLen, sizeof(word32));
-    XMEMCPY(&local[SHA256_PAD_SIZE + sizeof(word32)], &sha256->loLen,
-            sizeof(word32));
-
-    #if defined(FREESCALE_MMCAU) || defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)
-        /* Kinetis requires only these bytes reversed */
-        #if defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)
-        if(IS_INTEL_AVX1 || IS_INTEL_AVX2)
-        #endif
-        ByteReverseWords(&sha256->buffer[SHA256_PAD_SIZE/sizeof(word32)],
-                         &sha256->buffer[SHA256_PAD_SIZE/sizeof(word32)],
-                         2 * sizeof(word32));
-    #endif
-
-    ret = XTRANSFORM(sha256, local);
-    if (ret != 0)
-        return ret;
-
-    #if defined(LITTLE_ENDIAN_ORDER)
-        ByteReverseWords(sha256->digest, sha256->digest, SHA256_DIGEST_SIZE);
-    #endif
-    XMEMCPY(hash, sha256->digest, SHA256_DIGEST_SIZE);
-
-    return wc_InitSha256(sha256);  /* reset state */
-}
-
-
-
-int wc_Sha256Hash(const byte* data, word32 len, byte* hash)
-{
-    int ret = 0;
-#ifdef WOLFSSL_SMALL_STACK
-    Sha256* sha256;
-#else
-    Sha256 sha256[1];
-#endif
-
-#ifdef WOLFSSL_SMALL_STACK
-    sha256 = (Sha256*)XMALLOC(sizeof(Sha256), NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    if (sha256 == NULL)
-        return MEMORY_E;
-#endif
-
-    if ((ret = wc_InitSha256(sha256)) != 0) {
-        WOLFSSL_MSG("InitSha256 failed");
-    }
-    else if ((ret = wc_Sha256Update(sha256, data, len)) != 0) {
-        WOLFSSL_MSG("Sha256Update failed");
-    }
-    else if ((ret = wc_Sha256Final(sha256, hash)) != 0) {
-        WOLFSSL_MSG("Sha256Final failed");
-    }
-
-#ifdef WOLFSSL_SMALL_STACK
-    XFREE(sha256, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-
-    return ret;
-}
-
-#ifdef WOLFSSL_TI_HASH
-#include "wolfssl/wolfcrypt/port/ti/ti-hash.h"
-#endif
-int wc_Sha256GetHash(Sha256* sha256, byte* hash)
-{
-#if defined(WOLFSS_TI_HASH)
-    return wc_Sha256GetHash_TI(sha256, hash) ;
-#else
-    int ret ;
-    Sha256 save = *sha256 ;
-    ret = wc_Sha256Final(sha256, hash) ;
-    *sha256 = save ;
-    return ret ;
-#endif
-}
-
-#if defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)
-
-#define _DigestToReg(S_0, S_1, S_2, S_3, S_4, S_5, S_6, S_7 )\
-    { word32 d ;\
-    d = sha256->digest[0]; __asm__ volatile("movl %0, %"#S_0::"r"(d):SSE_REGs) ;\
-    d = sha256->digest[1]; __asm__ volatile("movl %0, %"#S_1::"r"(d):SSE_REGs) ;\
-    d = sha256->digest[2]; __asm__ volatile("movl %0, %"#S_2::"r"(d):SSE_REGs) ;\
-    d = sha256->digest[3]; __asm__ volatile("movl %0, %"#S_3::"r"(d):SSE_REGs) ;\
-    d = sha256->digest[4]; __asm__ volatile("movl %0, %"#S_4::"r"(d):SSE_REGs) ;\
-    d = sha256->digest[5]; __asm__ volatile("movl %0, %"#S_5::"r"(d):SSE_REGs) ;\
-    d = sha256->digest[6]; __asm__ volatile("movl %0, %"#S_6::"r"(d):SSE_REGs) ;\
-    d = sha256->digest[7]; __asm__ volatile("movl %0, %"#S_7::"r"(d):SSE_REGs) ;\
-}
-
-#define _RegToDigest(S_0, S_1, S_2, S_3, S_4, S_5, S_6, S_7 )\
-    { word32 d ; \
-    __asm__ volatile("movl %"#S_0", %0":"=r"(d)::SSE_REGs) ; sha256->digest[0] += d;\
-    __asm__ volatile("movl %"#S_1", %0":"=r"(d)::SSE_REGs) ; sha256->digest[1] += d;\
-    __asm__ volatile("movl %"#S_2", %0":"=r"(d)::SSE_REGs) ; sha256->digest[2] += d;\
-    __asm__ volatile("movl %"#S_3", %0":"=r"(d)::SSE_REGs) ; sha256->digest[3] += d;\
-    __asm__ volatile("movl %"#S_4", %0":"=r"(d)::SSE_REGs) ; sha256->digest[4] += d;\
-    __asm__ volatile("movl %"#S_5", %0":"=r"(d)::SSE_REGs) ; sha256->digest[5] += d;\
-    __asm__ volatile("movl %"#S_6", %0":"=r"(d)::SSE_REGs) ; sha256->digest[6] += d;\
-    __asm__ volatile("movl %"#S_7", %0":"=r"(d)::SSE_REGs) ; sha256->digest[7] += d;\
-}
-
-
-#define DigestToReg(S_0, S_1, S_2, S_3, S_4, S_5, S_6, S_7 )\
-    _DigestToReg(S_0, S_1, S_2, S_3, S_4, S_5, S_6, S_7 )
-
-#define RegToDigest(S_0, S_1, S_2, S_3, S_4, S_5, S_6, S_7 )\
-    _RegToDigest(S_0, S_1, S_2, S_3, S_4, S_5, S_6, S_7 )
-
-
-
-
-#define S_0 %r15d 
-#define S_1 %r10d
-#define S_2 %r11d       
-#define S_3 %r12d
-#define S_4 %r13d
-#define S_5 %r14d
-#define S_6 %ebx
-#define S_7 %r9d
-
-#define SSE_REGs "%edi", "%ecx", "%esi", "%edx", "%ebx","%r8","%r9","%r10","%r11","%r12","%r13","%r14","%r15"
-
-#if defined(HAVE_INTEL_RORX)
-#define RND_STEP_RORX_1(a,b,c,d,e,f,g,h,i)\
-__asm__ volatile("rorx  $6, %"#e", %%edx\n\t":::"%edx",SSE_REGs);  /* edx = e>>6 */\
-
-#define RND_STEP_RORX_2(a,b,c,d,e,f,g,h,i)\
-__asm__ volatile("rorx  $11, %"#e",%%edi\n\t":::"%edi",SSE_REGs); /* edi = e>>11  */\
-__asm__ volatile("xorl  %%edx, %%edi\n\t":::"%edx","%edi",SSE_REGs); /* edi = (e>>11) ^ (e>>6)  */\
-__asm__ volatile("rorx  $25, %"#e", %%edx\n\t":::"%edx",SSE_REGs);   /* edx = e>>25             */\
-
-#define RND_STEP_RORX_3(a,b,c,d,e,f,g,h,i)\
-__asm__ volatile("movl  %"#f", %%esi\n\t":::"%esi",SSE_REGs);  /* esi = f   */\
-__asm__ volatile("xorl  %"#g", %%esi\n\t":::"%esi",SSE_REGs);  /* esi = f ^ g  */\
-__asm__ volatile("xorl  %%edi, %%edx\n\t":::"%edi","%edx",SSE_REGs);  /* edx = Sigma1(e)  */\
-__asm__ volatile("andl  %"#e", %%esi\n\t":::"%esi",SSE_REGs);  /* esi = (f ^ g) & e       */\
-__asm__ volatile("xorl  %"#g", %%esi\n\t":::"%esi",SSE_REGs);  /* esi = Ch(e,f,g)         */\
-
-#define RND_STEP_RORX_4(a,b,c,d,e,f,g,h,i)\
-/*__asm__ volatile("movl    %0, %%edx\n\t"::"m"(w_k):"%edx");*/\
-__asm__ volatile("addl  %0, %"#h"\n\t"::"r"(W_K[i]):SSE_REGs);    /* h += w_k  */\
-__asm__ volatile("addl  %%edx, %"#h"\n\t":::"%edx",SSE_REGs);     /* h = h + w_k + Sigma1(e) */\
-__asm__ volatile("rorx  $2, %"#a", %%r8d\n\t":::"%r8",SSE_REGs);  /* r8d = a>>2   */\
-__asm__ volatile("rorx  $13, %"#a", %%edi\n\t":::"%edi",SSE_REGs);/* edi = a>>13  */\
-
-#define RND_STEP_RORX_5(a,b,c,d,e,f,g,h,i)\
-__asm__ volatile("rorx  $22, %"#a", %%edx\n\t":::"%edx",SSE_REGs); /* edx = a>>22 */\
-__asm__ volatile("xorl  %%r8d, %%edi\n\t":::"%edi","%r8",SSE_REGs);/* edi = (a>>2) ^ (a>>13)  */\
-__asm__ volatile("xorl  %%edi, %%edx\n\t":::"%edi","%edx",SSE_REGs);  /* edx = Sigma0(a)      */\
- 
-#define RND_STEP_RORX_6(a,b,c,d,e,f,g,h,i)\
-__asm__ volatile("movl  %"#b", %%edi\n\t":::"%edi",SSE_REGs);  /* edi = b          */\
-__asm__ volatile("orl   %"#a", %%edi\n\t":::"%edi",SSE_REGs);  /* edi = a | b      */\
-__asm__ volatile("andl  %"#c", %%edi\n\t":::"%edi",SSE_REGs);  /* edi = (a | b) & c*/\
-__asm__ volatile("movl  %"#b", %%r8d\n\t":::"%r8",SSE_REGs);  /* r8d = b           */\
-
-#define RND_STEP_RORX_7(a,b,c,d,e,f,g,h,i)\
-__asm__ volatile("addl  %%esi, %"#h"\n\t":::"%esi",SSE_REGs);  /* h += Ch(e,f,g)   */\
-__asm__ volatile("andl  %"#a", %%r8d\n\t":::"%r8",SSE_REGs);  /* r8d = b & a       */\
-__asm__ volatile("orl   %%edi, %%r8d\n\t":::"%edi","%r8",SSE_REGs); /* r8d = Maj(a,b,c) */\
-
-#define RND_STEP_RORX_8(a,b,c,d,e,f,g,h,i)\
-__asm__ volatile("addl  "#h", "#d"\n\t");  /* d += h + w_k + Sigma1(e) + Ch(e,f,g) */\
-__asm__ volatile("addl  %"#h", %%r8d\n\t":::"%r8",SSE_REGs); \
-__asm__ volatile("addl  %%edx, %%r8d\n\t":::"%edx","%r8",SSE_REGs); \
-__asm__ volatile("movl  %r8d, "#h"\n\t");   
-
-#endif
-
-#define RND_STEP_1(a,b,c,d,e,f,g,h,i)\
-__asm__ volatile("movl  %"#e", %%edx\n\t":::"%edx",SSE_REGs);\
-__asm__ volatile("roll  $26, %%edx\n\t":::"%edx",SSE_REGs);  /* edx = e>>6     */\
-__asm__ volatile("movl  %"#e", %%edi\n\t":::"%edi",SSE_REGs);\
-
-#define RND_STEP_2(a,b,c,d,e,f,g,h,i)\
-__asm__ volatile("roll  $21, %%edi\n\t":::"%edi",SSE_REGs);         /* edi = e>>11 */\
-__asm__ volatile("xorl  %%edx, %%edi\n\t":::"%edx","%edi",SSE_REGs); /* edi = (e>>11) ^ (e>>6)  */\
-__asm__ volatile("movl  %"#e", %%edx\n\t":::"%edx",SSE_REGs);   /* edx = e      */\
-__asm__ volatile("roll  $7, %%edx\n\t":::"%edx",SSE_REGs);      /* edx = e>>25  */\
-
-#define RND_STEP_3(a,b,c,d,e,f,g,h,i)\
-__asm__ volatile("movl  %"#f", %%esi\n\t":::"%esi",SSE_REGs);  /* esi = f       */\
-__asm__ volatile("xorl  %"#g", %%esi\n\t":::"%esi",SSE_REGs);  /* esi = f ^ g   */\
-__asm__ volatile("xorl  %%edi, %%edx\n\t":::"%edi","%edx",SSE_REGs); /* edx = Sigma1(e) */\
-__asm__ volatile("andl  %"#e", %%esi\n\t":::"%esi",SSE_REGs);  /* esi = (f ^ g) & e  */\
-__asm__ volatile("xorl  %"#g", %%esi\n\t":::"%esi",SSE_REGs);  /* esi = Ch(e,f,g)    */\
-
-#define RND_STEP_4(a,b,c,d,e,f,g,h,i)\
-__asm__ volatile("addl  %0, %"#h"\n\t"::"r"(W_K[i]):SSE_REGs); /* h += w_k  */\
-__asm__ volatile("addl  %%edx, %"#h"\n\t":::"%edx",SSE_REGs); /* h = h + w_k + Sigma1(e) */\
-__asm__ volatile("movl  %"#a", %%r8d\n\t":::"%r8",SSE_REGs);  /* r8d = a    */\
-__asm__ volatile("roll  $30, %%r8d\n\t":::"%r8",SSE_REGs);    /* r8d = a>>2 */\
-__asm__ volatile("movl  %"#a", %%edi\n\t":::"%edi",SSE_REGs);  /* edi = a   */\
-__asm__ volatile("roll  $19, %%edi\n\t":::"%edi",SSE_REGs);    /* edi = a>>13 */\
-__asm__ volatile("movl  %"#a", %%edx\n\t":::"%edx",SSE_REGs);  /* edx = a     */\
-
-#define RND_STEP_5(a,b,c,d,e,f,g,h,i)\
-__asm__ volatile("roll  $10, %%edx\n\t":::"%edx",SSE_REGs);    /* edx = a>>22 */\
-__asm__ volatile("xorl  %%r8d, %%edi\n\t":::"%edi","%r8",SSE_REGs); /* edi = (a>>2) ^ (a>>13)  */\
-__asm__ volatile("xorl  %%edi, %%edx\n\t":::"%edi","%edx",SSE_REGs);/* edx = Sigma0(a)         */\
-
-#define RND_STEP_6(a,b,c,d,e,f,g,h,i)\
-__asm__ volatile("movl  %"#b", %%edi\n\t":::"%edi",SSE_REGs);  /* edi = b      */\
-__asm__ volatile("orl   %"#a", %%edi\n\t":::"%edi",SSE_REGs);  /* edi = a | b  */\
-__asm__ volatile("andl  %"#c", %%edi\n\t":::"%edi",SSE_REGs);  /* edi = (a | b) & c */\
-__asm__ volatile("movl  %"#b", %%r8d\n\t":::"%r8",SSE_REGs);  /* r8d = b       */\
-
-#define RND_STEP_7(a,b,c,d,e,f,g,h,i)\
-__asm__ volatile("addl  %%esi, %"#h"\n\t":::"%esi",SSE_REGs);  /* h += Ch(e,f,g)        */\
-__asm__ volatile("andl  %"#a", %%r8d\n\t":::"%r8",SSE_REGs);  /* r8d = b & a            */\
-__asm__ volatile("orl   %%edi, %%r8d\n\t":::"%edi","%r8",SSE_REGs); /* r8d = Maj(a,b,c) */\
-
-#define RND_STEP_8(a,b,c,d,e,f,g,h,i)\
-__asm__ volatile("addl  "#h", "#d"\n\t");  /* d += h + w_k + Sigma1(e) + Ch(e,f,g) */\
-__asm__ volatile("addl  %"#h", %%r8d\n\t":::"%r8",SSE_REGs); \
-                 /* r8b = h + w_k + Sigma1(e) + Ch(e,f,g) + Maj(a,b,c) */\
-__asm__ volatile("addl  %%edx, %%r8d\n\t":::"%edx","%r8",SSE_REGs);\
-                 /* r8b = h + w_k + Sigma1(e) Sigma0(a) + Ch(e,f,g) + Maj(a,b,c)     */\
-__asm__ volatile("movl  %%r8d, %"#h"\n\t":::"%r8", SSE_REGs); \
-                 /* h = h + w_k + Sigma1(e) + Sigma0(a) + Ch(e,f,g) + Maj(a,b,c) */ \
-
-#define RND_X(a,b,c,d,e,f,g,h,i) \
-       RND_STEP_1(a,b,c,d,e,f,g,h,i); \
-       RND_STEP_2(a,b,c,d,e,f,g,h,i); \
-       RND_STEP_3(a,b,c,d,e,f,g,h,i); \
-       RND_STEP_4(a,b,c,d,e,f,g,h,i); \
-       RND_STEP_5(a,b,c,d,e,f,g,h,i); \
-       RND_STEP_6(a,b,c,d,e,f,g,h,i); \
-       RND_STEP_7(a,b,c,d,e,f,g,h,i); \
-       RND_STEP_8(a,b,c,d,e,f,g,h,i); 
-
-#define RND_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_X(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i);
-#define RND_7(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_X(S_7,S_0,S_1,S_2,S_3,S_4,S_5,S_6,_i);
-#define RND_6(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_X(S_6,S_7,S_0,S_1,S_2,S_3,S_4,S_5,_i);
-#define RND_5(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_X(S_5,S_6,S_7,S_0,S_1,S_2,S_3,S_4,_i);
-#define RND_4(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_X(S_4,S_5,S_6,S_7,S_0,S_1,S_2,S_3,_i);
-#define RND_3(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_X(S_3,S_4,S_5,S_6,S_7,S_0,S_1,S_2,_i);
-#define RND_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_X(S_2,S_3,S_4,S_5,S_6,S_7,S_0,S_1,_i);
-#define RND_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_X(S_1,S_2,S_3,S_4,S_5,S_6,S_7,S_0,_i);
-
-
-#define RND_1_3(a,b,c,d,e,f,g,h,i) {\
-       RND_STEP_1(a,b,c,d,e,f,g,h,i); \
-       RND_STEP_2(a,b,c,d,e,f,g,h,i); \
-       RND_STEP_3(a,b,c,d,e,f,g,h,i); \
-}
-
-#define RND_4_6(a,b,c,d,e,f,g,h,i) {\
-       RND_STEP_4(a,b,c,d,e,f,g,h,i); \
-       RND_STEP_5(a,b,c,d,e,f,g,h,i); \
-       RND_STEP_6(a,b,c,d,e,f,g,h,i); \
-}
-
-#define RND_7_8(a,b,c,d,e,f,g,h,i) {\
-       RND_STEP_7(a,b,c,d,e,f,g,h,i); \
-       RND_STEP_8(a,b,c,d,e,f,g,h,i); \
-}
-
-#define RND_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_X(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i);
-#define RND_7(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_X(S_7,S_0,S_1,S_2,S_3,S_4,S_5,S_6,_i);
-#define RND_6(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_X(S_6,S_7,S_0,S_1,S_2,S_3,S_4,S_5,_i);
-#define RND_5(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_X(S_5,S_6,S_7,S_0,S_1,S_2,S_3,S_4,_i);
-#define RND_4(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_X(S_4,S_5,S_6,S_7,S_0,S_1,S_2,S_3,_i);
-#define RND_3(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_X(S_3,S_4,S_5,S_6,S_7,S_0,S_1,S_2,_i);
-#define RND_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_X(S_2,S_3,S_4,S_5,S_6,S_7,S_0,S_1,_i);
-#define RND_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_X(S_1,S_2,S_3,S_4,S_5,S_6,S_7,S_0,_i);
-
-
-#define RND_0_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_1_3(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i);
-#define RND_7_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_1_3(S_7,S_0,S_1,S_2,S_3,S_4,S_5,S_6,_i);
-#define RND_6_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_1_3(S_6,S_7,S_0,S_1,S_2,S_3,S_4,S_5,_i);
-#define RND_5_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_1_3(S_5,S_6,S_7,S_0,S_1,S_2,S_3,S_4,_i);
-#define RND_4_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_1_3(S_4,S_5,S_6,S_7,S_0,S_1,S_2,S_3,_i);
-#define RND_3_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_1_3(S_3,S_4,S_5,S_6,S_7,S_0,S_1,S_2,_i);
-#define RND_2_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_1_3(S_2,S_3,S_4,S_5,S_6,S_7,S_0,S_1,_i);
-#define RND_1_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_1_3(S_1,S_2,S_3,S_4,S_5,S_6,S_7,S_0,_i);
-
-#define RND_0_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_4_6(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i);
-#define RND_7_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_4_6(S_7,S_0,S_1,S_2,S_3,S_4,S_5,S_6,_i);
-#define RND_6_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_4_6(S_6,S_7,S_0,S_1,S_2,S_3,S_4,S_5,_i);
-#define RND_5_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_4_6(S_5,S_6,S_7,S_0,S_1,S_2,S_3,S_4,_i);
-#define RND_4_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_4_6(S_4,S_5,S_6,S_7,S_0,S_1,S_2,S_3,_i);
-#define RND_3_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_4_6(S_3,S_4,S_5,S_6,S_7,S_0,S_1,S_2,_i);
-#define RND_2_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_4_6(S_2,S_3,S_4,S_5,S_6,S_7,S_0,S_1,_i);
-#define RND_1_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_4_6(S_1,S_2,S_3,S_4,S_5,S_6,S_7,S_0,_i);
-
-#define RND_0_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_7_8(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i);
-#define RND_7_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_7_8(S_7,S_0,S_1,S_2,S_3,S_4,S_5,S_6,_i);
-#define RND_6_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_7_8(S_6,S_7,S_0,S_1,S_2,S_3,S_4,S_5,_i);
-#define RND_5_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_7_8(S_5,S_6,S_7,S_0,S_1,S_2,S_3,S_4,_i);
-#define RND_4_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_7_8(S_4,S_5,S_6,S_7,S_0,S_1,S_2,S_3,_i);
-#define RND_3_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_7_8(S_3,S_4,S_5,S_6,S_7,S_0,S_1,S_2,_i);
-#define RND_2_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_7_8(S_2,S_3,S_4,S_5,S_6,S_7,S_0,S_1,_i);
-#define RND_1_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_7_8(S_1,S_2,S_3,S_4,S_5,S_6,S_7,S_0,_i);
-
-#define FOR(cnt, init, max, inc, loop)  \
-    __asm__ volatile("movl $"#init", %0\n\t"#loop":"::"m"(cnt):) 
-#define END(cnt, init, max, inc, loop)  \
-    __asm__ volatile("addl $"#inc", %0\n\tcmpl $"#max", %0\n\tjle "#loop"\n\t":"=m"(cnt)::) ;
-
-#endif  /* defined(HAVE_INTEL_AVX1) ||  defined(HAVE_INTEL_AVX2) */
-
-#if defined(HAVE_INTEL_AVX1) /* inline Assember for Intel AVX1 instructions */
-
-#define VPALIGNR(op1,op2,op3,op4) __asm__ volatile("vpalignr $"#op4", %"#op3", %"#op2", %"#op1:::XMM_REGs) 
-#define VPADDD(op1,op2,op3)       __asm__ volatile("vpaddd %"#op3", %"#op2", %"#op1:::XMM_REGs)
-#define VPSRLD(op1,op2,op3)       __asm__ volatile("vpsrld $"#op3", %"#op2", %"#op1:::XMM_REGs)
-#define VPSRLQ(op1,op2,op3)       __asm__ volatile("vpsrlq $"#op3", %"#op2", %"#op1:::XMM_REGs)
-#define VPSLLD(op1,op2,op3)       __asm__ volatile("vpslld $"#op3", %"#op2", %"#op1:::XMM_REGs)
-#define VPOR(op1,op2,op3)         __asm__ volatile("vpor   %"#op3", %"#op2", %"#op1:::XMM_REGs)
-#define VPXOR(op1,op2,op3)        __asm__ volatile("vpxor  %"#op3", %"#op2", %"#op1:::XMM_REGs)
-#define VPSHUFD(op1,op2,op3)      __asm__ volatile("vpshufd $"#op3", %"#op2", %"#op1:::XMM_REGs)
-#define VPSHUFB(op1,op2,op3)      __asm__ volatile("vpshufb %"#op3", %"#op2", %"#op1:::XMM_REGs)
-
-#define MessageSched(X0, X1, X2, X3, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5, XFER, SHUF_00BA, SHUF_DC00,\
-     a,b,c,d,e,f,g,h,_i)\
-            RND_STEP_1(a,b,c,d,e,f,g,h,_i);\
-    VPALIGNR (XTMP0, X3, X2, 4) ;\
-            RND_STEP_2(a,b,c,d,e,f,g,h,_i);\
-    VPADDD   (XTMP0, XTMP0, X0) ;\
-            RND_STEP_3(a,b,c,d,e,f,g,h,_i);\
-    VPALIGNR (XTMP1, X1, X0, 4) ;   /* XTMP1 = W[-15] */\
-            RND_STEP_4(a,b,c,d,e,f,g,h,_i);\
-    VPSRLD   (XTMP2, XTMP1, 7) ;\
-            RND_STEP_5(a,b,c,d,e,f,g,h,_i);\
-    VPSLLD   (XTMP3, XTMP1, 25) ; /* VPSLLD   (XTMP3, XTMP1, (32-7)) */\
-            RND_STEP_6(a,b,c,d,e,f,g,h,_i);\
-    VPOR     (XTMP3, XTMP3, XTMP2)  ;  /* XTMP1 = W[-15] MY_ROR 7 */\
-            RND_STEP_7(a,b,c,d,e,f,g,h,_i);\
-    VPSRLD   (XTMP2, XTMP1,18) ;\
-            RND_STEP_8(a,b,c,d,e,f,g,h,_i);\
-\
-            RND_STEP_1(h,a,b,c,d,e,f,g,_i+1);\
-    VPSRLD   (XTMP4, XTMP1, 3)      ;  /* XTMP4 = W[-15] >> 3 */\
-            RND_STEP_2(h,a,b,c,d,e,f,g,_i+1);\
-    VPSLLD   (XTMP1, XTMP1, 14) ; /* VPSLLD   (XTMP1, XTMP1, (32-18)) */\
-            RND_STEP_3(h,a,b,c,d,e,f,g,_i+1);\
-    VPXOR    (XTMP3, XTMP3, XTMP1)  ;\
-            RND_STEP_4(h,a,b,c,d,e,f,g,_i+1);\
-    VPXOR    (XTMP3, XTMP3, XTMP2)  ;  /* XTMP1 = W[-15] MY_ROR 7 ^ W[-15] MY_ROR 18 */\
-            RND_STEP_5(h,a,b,c,d,e,f,g,_i+1);\
-    VPXOR    (XTMP1, XTMP3, XTMP4)  ;  /* XTMP1 = s0 */\
-            RND_STEP_6(h,a,b,c,d,e,f,g,_i+1);\
-    VPSHUFD(XTMP2, X3, 0b11111010)  ;  /* XTMP2 = W[-2] {BBAA}*/\
-            RND_STEP_7(h,a,b,c,d,e,f,g,_i+1);\
-    VPADDD   (XTMP0, XTMP0, XTMP1)  ;  /* XTMP0 = W[-16] + W[-7] + s0 */\
-            RND_STEP_8(h,a,b,c,d,e,f,g,_i+1);\
-\
-            RND_STEP_1(g,h,a,b,c,d,e,f,_i+2);\
-    VPSRLD   (XTMP4, XTMP2, 10) ;      /* XTMP4 = W[-2] >> 10 {BBAA} */\
-            RND_STEP_2(g,h,a,b,c,d,e,f,_i+2);\
-    VPSRLQ   (XTMP3, XTMP2, 19) ;      /* XTMP3 = W[-2] MY_ROR 19 {xBxA} */\
-            RND_STEP_3(g,h,a,b,c,d,e,f,_i+2);\
-    VPSRLQ   (XTMP2, XTMP2, 17) ;      /* XTMP2 = W[-2] MY_ROR 17 {xBxA} */\
-            RND_STEP_4(g,h,a,b,c,d,e,f,_i+2);\
-    VPXOR    (XTMP2, XTMP2, XTMP3) ;\
-            RND_STEP_5(g,h,a,b,c,d,e,f,_i+2);\
-    VPXOR    (XTMP4, XTMP4, XTMP2) ;   /* XTMP4 = s1 {xBxA} */\
-            RND_STEP_6(g,h,a,b,c,d,e,f,_i+2);\
-    VPSHUFB  (XTMP4, XTMP4, SHUF_00BA)  ;  /* XTMP4 = s1 {00BA} */\
-            RND_STEP_7(g,h,a,b,c,d,e,f,_i+2);\
-    VPADDD   (XTMP0, XTMP0, XTMP4)  ;  /* XTMP0 = {..., ..., W[1], W[0]} */\
-            RND_STEP_8(g,h,a,b,c,d,e,f,_i+2);\
-\
-            RND_STEP_1(f,g,h,a,b,c,d,e,_i+3);\
-    VPSHUFD  (XTMP2, XTMP0, 0b01010000) ; /* XTMP2 = W[-2] {DDCC} */\
-            RND_STEP_2(f,g,h,a,b,c,d,e,_i+3);\
-    VPSRLD   (XTMP5, XTMP2, 10);       /* XTMP5 = W[-2] >> 10 {DDCC} */\
-            RND_STEP_3(f,g,h,a,b,c,d,e,_i+3);\
-    VPSRLQ   (XTMP3, XTMP2, 19);       /* XTMP3 = W[-2] MY_ROR 19 {xDxC} */\
-            RND_STEP_4(f,g,h,a,b,c,d,e,_i+3);\
-    VPSRLQ   (XTMP2, XTMP2, 17) ;      /* XTMP2 = W[-2] MY_ROR 17 {xDxC} */\
-            RND_STEP_5(f,g,h,a,b,c,d,e,_i+3);\
-    VPXOR    (XTMP2, XTMP2, XTMP3) ;\
-            RND_STEP_6(f,g,h,a,b,c,d,e,_i+3);\
-    VPXOR    (XTMP5, XTMP5, XTMP2) ;   /* XTMP5 = s1 {xDxC} */\
-            RND_STEP_7(f,g,h,a,b,c,d,e,_i+3);\
-    VPSHUFB  (XTMP5, XTMP5, SHUF_DC00) ; /* XTMP5 = s1 {DC00} */\
-            RND_STEP_8(f,g,h,a,b,c,d,e,_i+3);\
-    VPADDD   (X0, XTMP5, XTMP0) ;      /* X0 = {W[3], W[2], W[1], W[0]} */\
-
-#if defined(HAVE_INTEL_RORX)
-
-#define MessageSched_RORX(X0, X1, X2, X3, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5, \
-                          XFER, SHUF_00BA, SHUF_DC00,a,b,c,d,e,f,g,h,_i)\
-            RND_STEP_RORX_1(a,b,c,d,e,f,g,h,_i);\
-    VPALIGNR (XTMP0, X3, X2, 4) ;\
-            RND_STEP_RORX_2(a,b,c,d,e,f,g,h,_i);\
-    VPADDD   (XTMP0, XTMP0, X0) ;\
-            RND_STEP_RORX_3(a,b,c,d,e,f,g,h,_i);\
-    VPALIGNR (XTMP1, X1, X0, 4) ;   /* XTMP1 = W[-15] */\
-            RND_STEP_RORX_4(a,b,c,d,e,f,g,h,_i);\
-    VPSRLD   (XTMP2, XTMP1, 7) ;\
-            RND_STEP_RORX_5(a,b,c,d,e,f,g,h,_i);\
-    VPSLLD   (XTMP3, XTMP1, 25) ; /* VPSLLD   (XTMP3, XTMP1, (32-7)) */\
-            RND_STEP_RORX_6(a,b,c,d,e,f,g,h,_i);\
-    VPOR     (XTMP3, XTMP3, XTMP2)  ;  /* XTMP1 = W[-15] MY_ROR 7 */\
-            RND_STEP_RORX_7(a,b,c,d,e,f,g,h,_i);\
-    VPSRLD   (XTMP2, XTMP1,18) ;\
-            RND_STEP_RORX_8(a,b,c,d,e,f,g,h,_i);\
-\
-            RND_STEP_RORX_1(h,a,b,c,d,e,f,g,_i+1);\
-    VPSRLD   (XTMP4, XTMP1, 3)      ;  /* XTMP4 = W[-15] >> 3 */\
-            RND_STEP_RORX_2(h,a,b,c,d,e,f,g,_i+1);\
-    VPSLLD   (XTMP1, XTMP1, 14) ; /* VPSLLD   (XTMP1, XTMP1, (32-18)) */\
-            RND_STEP_RORX_3(h,a,b,c,d,e,f,g,_i+1);\
-    VPXOR    (XTMP3, XTMP3, XTMP1)  ;\
-            RND_STEP_RORX_4(h,a,b,c,d,e,f,g,_i+1);\
-    VPXOR    (XTMP3, XTMP3, XTMP2)  ;  /* XTMP1 = W[-15] MY_ROR 7 ^ W[-15] MY_ROR 18 */\
-            RND_STEP_RORX_5(h,a,b,c,d,e,f,g,_i+1);\
-    VPXOR    (XTMP1, XTMP3, XTMP4)  ;  /* XTMP1 = s0 */\
-            RND_STEP_RORX_6(h,a,b,c,d,e,f,g,_i+1);\
-    VPSHUFD(XTMP2, X3, 0b11111010)  ;  /* XTMP2 = W[-2] {BBAA}*/\
-            RND_STEP_RORX_7(h,a,b,c,d,e,f,g,_i+1);\
-    VPADDD   (XTMP0, XTMP0, XTMP1)  ;  /* XTMP0 = W[-16] + W[-7] + s0 */\
-            RND_STEP_RORX_8(h,a,b,c,d,e,f,g,_i+1);\
-\
-            RND_STEP_RORX_1(g,h,a,b,c,d,e,f,_i+2);\
-    VPSRLD   (XTMP4, XTMP2, 10) ;      /* XTMP4 = W[-2] >> 10 {BBAA} */\
-            RND_STEP_RORX_2(g,h,a,b,c,d,e,f,_i+2);\
-    VPSRLQ   (XTMP3, XTMP2, 19) ;      /* XTMP3 = W[-2] MY_ROR 19 {xBxA} */\
-            RND_STEP_RORX_3(g,h,a,b,c,d,e,f,_i+2);\
-    VPSRLQ   (XTMP2, XTMP2, 17) ;      /* XTMP2 = W[-2] MY_ROR 17 {xBxA} */\
-            RND_STEP_RORX_4(g,h,a,b,c,d,e,f,_i+2);\
-    VPXOR    (XTMP2, XTMP2, XTMP3) ;\
-            RND_STEP_RORX_5(g,h,a,b,c,d,e,f,_i+2);\
-    VPXOR    (XTMP4, XTMP4, XTMP2) ;   /* XTMP4 = s1 {xBxA} */\
-            RND_STEP_RORX_6(g,h,a,b,c,d,e,f,_i+2);\
-    VPSHUFB  (XTMP4, XTMP4, SHUF_00BA)  ;  /* XTMP4 = s1 {00BA} */\
-            RND_STEP_RORX_7(g,h,a,b,c,d,e,f,_i+2);\
-    VPADDD   (XTMP0, XTMP0, XTMP4)  ;  /* XTMP0 = {..., ..., W[1], W[0]} */\
-            RND_STEP_RORX_8(g,h,a,b,c,d,e,f,_i+2);\
-\
-            RND_STEP_RORX_1(f,g,h,a,b,c,d,e,_i+3);\
-    VPSHUFD  (XTMP2, XTMP0, 0b01010000) ; /* XTMP2 = W[-2] {DDCC} */\
-            RND_STEP_RORX_2(f,g,h,a,b,c,d,e,_i+3);\
-    VPSRLD   (XTMP5, XTMP2, 10);       /* XTMP5 = W[-2] >> 10 {DDCC} */\
-            RND_STEP_RORX_3(f,g,h,a,b,c,d,e,_i+3);\
-    VPSRLQ   (XTMP3, XTMP2, 19);       /* XTMP3 = W[-2] MY_ROR 19 {xDxC} */\
-            RND_STEP_RORX_4(f,g,h,a,b,c,d,e,_i+3);\
-    VPSRLQ   (XTMP2, XTMP2, 17) ;      /* XTMP2 = W[-2] MY_ROR 17 {xDxC} */\
-            RND_STEP_RORX_5(f,g,h,a,b,c,d,e,_i+3);\
-    VPXOR    (XTMP2, XTMP2, XTMP3) ;\
-            RND_STEP_RORX_6(f,g,h,a,b,c,d,e,_i+3);\
-    VPXOR    (XTMP5, XTMP5, XTMP2) ;   /* XTMP5 = s1 {xDxC} */\
-            RND_STEP_RORX_7(f,g,h,a,b,c,d,e,_i+3);\
-    VPSHUFB  (XTMP5, XTMP5, SHUF_DC00) ; /* XTMP5 = s1 {DC00} */\
-            RND_STEP_RORX_8(f,g,h,a,b,c,d,e,_i+3);\
-    VPADDD   (X0, XTMP5, XTMP0) ;      /* X0 = {W[3], W[2], W[1], W[0]} */\
-
-#endif
-
-
-#define W_K_from_buff\
-         __asm__ volatile("vmovdqu %0, %%xmm4\n\t"\
-                          "vpshufb %%xmm13, %%xmm4, %%xmm4\n\t"\
-                          :: "m"(sha256->buffer[0]):"%xmm4") ;\
-         __asm__ volatile("vmovdqu %0, %%xmm5\n\t"\
-                          "vpshufb %%xmm13, %%xmm5, %%xmm5\n\t"\
-                          ::"m"(sha256->buffer[4]):"%xmm5") ;\
-         __asm__ volatile("vmovdqu %0, %%xmm6\n\t"\
-                          "vpshufb %%xmm13, %%xmm6, %%xmm6\n\t"\
-                          ::"m"(sha256->buffer[8]):"%xmm6") ;\
-         __asm__ volatile("vmovdqu %0, %%xmm7\n\t"\
-                          "vpshufb %%xmm13, %%xmm7, %%xmm7\n\t"\
-                          ::"m"(sha256->buffer[12]):"%xmm7") ;\
-
-#define _SET_W_K_XFER(reg, i)\
-    __asm__ volatile("vpaddd %0, %"#reg", %%xmm9"::"m"(K[i]):XMM_REGs) ;\
-    __asm__ volatile("vmovdqa %%xmm9, %0":"=m"(W_K[i])::XMM_REGs) ;
-
-#define SET_W_K_XFER(reg, i) _SET_W_K_XFER(reg, i)
-
-static const ALIGN32 word64 mSHUF_00BA[] = { 0x0b0a090803020100, 0xFFFFFFFFFFFFFFFF } ; /* shuffle xBxA -> 00BA */
-static const ALIGN32 word64 mSHUF_DC00[] = { 0xFFFFFFFFFFFFFFFF, 0x0b0a090803020100 } ; /* shuffle xDxC -> DC00 */
-static const ALIGN32 word64 mBYTE_FLIP_MASK[] =  { 0x0405060700010203, 0x0c0d0e0f08090a0b } ;
-
-
-#define _Init_Masks(mask1, mask2, mask3)\
-__asm__ volatile("vmovdqu %0, %"#mask1 ::"m"(mBYTE_FLIP_MASK[0])) ;\
-__asm__ volatile("vmovdqu %0, %"#mask2 ::"m"(mSHUF_00BA[0])) ;\
-__asm__ volatile("vmovdqu %0, %"#mask3 ::"m"(mSHUF_DC00[0])) ;
-
-#define Init_Masks(BYTE_FLIP_MASK, SHUF_00BA, SHUF_DC00)\
-    _Init_Masks(BYTE_FLIP_MASK, SHUF_00BA, SHUF_DC00)
-
-#define X0 %xmm4
-#define X1 %xmm5
-#define X2 %xmm6
-#define X3 %xmm7
-#define X_ X0
-
-#define XTMP0 %xmm0
-#define XTMP1 %xmm1
-#define XTMP2 %xmm2
-#define XTMP3 %xmm3
-#define XTMP4 %xmm8
-#define XTMP5 %xmm9
-#define XFER  %xmm10
-
-#define SHUF_00BA   %xmm11 /* shuffle xBxA -> 00BA */
-#define SHUF_DC00   %xmm12 /* shuffle xDxC -> DC00 */
-#define BYTE_FLIP_MASK  %xmm13
-
-#define XMM_REGs   /* Registers are saved in Sha256Update/Finel */
-                   /*"xmm4","xmm5","xmm6","xmm7","xmm8","xmm9","xmm10","xmm11","xmm12","xmm13" */
-
-static int Transform_AVX1(Sha256* sha256)
-{
-
-    word32 W_K[64] ;  /* temp for W+K */
-
-    #if defined(DEBUG_XMM)
-    int i, j ;
-    word32 xmm[29][4*15] ;
-    #endif
-
-    Init_Masks(BYTE_FLIP_MASK, SHUF_00BA, SHUF_DC00) ;
-    W_K_from_buff ; /* X0, X1, X2, X3 = W[0..15] ; */
-
-    DigestToReg(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7) ;
-  
-    SET_W_K_XFER(X0, 0) ;
-    MessageSched(X0, X1, X2, X3, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5, XFER, 
-            SHUF_00BA, SHUF_DC00, S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,0) ;
-    SET_W_K_XFER(X1, 4) ;
-    MessageSched(X1, X2, X3, X0, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5, XFER,
-            SHUF_00BA, SHUF_DC00, S_4,S_5,S_6,S_7,S_0,S_1,S_2,S_3,4) ;
-    SET_W_K_XFER(X2, 8) ;
-    MessageSched(X2, X3, X0, X1, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5, XFER, 
-            SHUF_00BA, SHUF_DC00, S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,8) ;
-    SET_W_K_XFER(X3, 12) ;
-    MessageSched(X3, X0, X1, X2, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5, XFER, 
-            SHUF_00BA, SHUF_DC00, S_4,S_5,S_6,S_7,S_0,S_1,S_2,S_3,12) ;
-    SET_W_K_XFER(X0, 16) ;
-    MessageSched(X0, X1, X2, X3, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5, XFER, 
-            SHUF_00BA, SHUF_DC00, S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,16) ;
-    SET_W_K_XFER(X1, 20) ;
-    MessageSched(X1, X2, X3, X0, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5, XFER, 
-            SHUF_00BA, SHUF_DC00, S_4,S_5,S_6,S_7,S_0,S_1,S_2,S_3,20) ;
-    SET_W_K_XFER(X2, 24) ;
-    MessageSched(X2, X3, X0, X1, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5, XFER, 
-            SHUF_00BA, SHUF_DC00, S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,24) ;
-    SET_W_K_XFER(X3, 28) ;
-    MessageSched(X3, X0, X1, X2, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5, XFER, 
-            SHUF_00BA, SHUF_DC00, S_4,S_5,S_6,S_7,S_0,S_1,S_2,S_3,28) ;
-    SET_W_K_XFER(X0, 32) ;
-    MessageSched(X0, X1, X2, X3, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5, XFER, 
-            SHUF_00BA, SHUF_DC00, S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,32) ;
-    SET_W_K_XFER(X1, 36) ;
-    MessageSched(X1, X2, X3, X0, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5, XFER, 
-            SHUF_00BA, SHUF_DC00, S_4,S_5,S_6,S_7,S_0,S_1,S_2,S_3,36) ;
-    SET_W_K_XFER(X2, 40) ;
-    MessageSched(X2, X3, X0, X1, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5, XFER, 
-            SHUF_00BA, SHUF_DC00, S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,40) ;
-    SET_W_K_XFER(X3, 44) ;
-    MessageSched(X3, X0, X1, X2, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5, XFER, 
-            SHUF_00BA, SHUF_DC00, S_4,S_5,S_6,S_7,S_0,S_1,S_2,S_3,44) ;
-
-    SET_W_K_XFER(X0, 48) ;
-    SET_W_K_XFER(X1, 52) ;
-    SET_W_K_XFER(X2, 56) ;
-    SET_W_K_XFER(X3, 60) ;
-    
-    RND_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,48) ;
-    RND_7(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,49) ;
-    RND_6(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,50) ;
-    RND_5(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,51) ;
-
-    RND_4(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,52) ;
-    RND_3(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,53) ;
-    RND_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,54) ;
-    RND_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,55) ;
-
-    RND_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,56) ;     
-    RND_7(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,57) ;
-    RND_6(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,58) ;
-    RND_5(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,59) ;
-
-    RND_4(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,60) ;
-    RND_3(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,61) ;
-    RND_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,62) ;
-    RND_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,63) ;
-        
-    RegToDigest(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7) ;  
-        
-    #if defined(DEBUG_XMM)
-    for(i=0; i<29; i++) {
-        for(j=0; j<4*14; j+=4)
-            printf("xmm%d[%d]=%08x,%08x,%08x,%08x\n", j/4, i, 
-                   xmm[i][j],xmm[i][j+1],xmm[i][j+2],xmm[i][j+3]) ;
-        printf("\n") ;
-    }
-        
-    for(i=0; i<64; i++)printf("W_K[%d]%08x\n", i, W_K[i]) ;
-    #endif
-
-    return 0;
-}
-
-#if defined(HAVE_INTEL_RORX)
-static int Transform_AVX1_RORX(Sha256* sha256)
-{
-
-    word32 W_K[64] ;  /* temp for W+K */
-
-    #if defined(DEBUG_XMM)
-    int i, j ;
-    word32 xmm[29][4*15] ;
-    #endif
-
-    Init_Masks(BYTE_FLIP_MASK, SHUF_00BA, SHUF_DC00) ;
-    W_K_from_buff ; /* X0, X1, X2, X3 = W[0..15] ; */
-
-    DigestToReg(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7) ;
-    SET_W_K_XFER(X0, 0) ;
-    MessageSched_RORX(X0, X1, X2, X3, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5, 
-            XFER, SHUF_00BA, SHUF_DC00, S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,0) ;
-    SET_W_K_XFER(X1, 4) ;
-    MessageSched_RORX(X1, X2, X3, X0, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5, 
-            XFER, SHUF_00BA, SHUF_DC00, S_4,S_5,S_6,S_7,S_0,S_1,S_2,S_3,4) ;
-    SET_W_K_XFER(X2, 8) ;
-    MessageSched_RORX(X2, X3, X0, X1, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5, 
-            XFER, SHUF_00BA, SHUF_DC00, S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,8) ;
-    SET_W_K_XFER(X3, 12) ;
-    MessageSched_RORX(X3, X0, X1, X2, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5, 
-            XFER, SHUF_00BA, SHUF_DC00, S_4,S_5,S_6,S_7,S_0,S_1,S_2,S_3,12) ;
-    SET_W_K_XFER(X0, 16) ;
-    MessageSched_RORX(X0, X1, X2, X3, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5, 
-            XFER, SHUF_00BA, SHUF_DC00, S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,16) ;
-    SET_W_K_XFER(X1, 20) ;
-    MessageSched_RORX(X1, X2, X3, X0, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5, 
-            XFER, SHUF_00BA, SHUF_DC00, S_4,S_5,S_6,S_7,S_0,S_1,S_2,S_3,20) ;
-    SET_W_K_XFER(X2, 24) ;
-    MessageSched_RORX(X2, X3, X0, X1, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5, 
-            XFER, SHUF_00BA, SHUF_DC00, S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,24) ;
-    SET_W_K_XFER(X3, 28) ;
-    MessageSched_RORX(X3, X0, X1, X2, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5, 
-            XFER, SHUF_00BA, SHUF_DC00, S_4,S_5,S_6,S_7,S_0,S_1,S_2,S_3,28) ;
-    SET_W_K_XFER(X0, 32) ;
-    MessageSched_RORX(X0, X1, X2, X3, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5, 
-            XFER, SHUF_00BA, SHUF_DC00, S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,32) ;
-    SET_W_K_XFER(X1, 36) ;
-    MessageSched_RORX(X1, X2, X3, X0, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5, 
-            XFER, SHUF_00BA, SHUF_DC00, S_4,S_5,S_6,S_7,S_0,S_1,S_2,S_3,36) ;
-    SET_W_K_XFER(X2, 40) ;
-    MessageSched_RORX(X2, X3, X0, X1, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5,
-            XFER, SHUF_00BA, SHUF_DC00, S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,40) ;
-    SET_W_K_XFER(X3, 44) ;
-    MessageSched_RORX(X3, X0, X1, X2, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5,
-            XFER, SHUF_00BA, SHUF_DC00, S_4,S_5,S_6,S_7,S_0,S_1,S_2,S_3,44) ;
-
-    SET_W_K_XFER(X0, 48) ;
-    SET_W_K_XFER(X1, 52) ;
-    SET_W_K_XFER(X2, 56) ;
-    SET_W_K_XFER(X3, 60) ;
-    
-    RND_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,48) ;
-    RND_7(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,49) ;
-    RND_6(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,50) ;
-    RND_5(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,51) ;
-
-    RND_4(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,52) ;
-    RND_3(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,53) ;
-    RND_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,54) ;
-    RND_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,55) ;
-
-    RND_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,56) ;     
-    RND_7(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,57) ;
-    RND_6(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,58) ;
-    RND_5(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,59) ;
-
-    RND_4(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,60) ;
-    RND_3(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,61) ;
-    RND_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,62) ;
-    RND_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,63) ;
-        
-    RegToDigest(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7) ;  
-        
-    #if defined(DEBUG_XMM)
-    for(i=0; i<29; i++) {
-        for(j=0; j<4*14; j+=4)
-            printf("xmm%d[%d]=%08x,%08x,%08x,%08x\n", j/4, i, 
-                    xmm[i][j],xmm[i][j+1],xmm[i][j+2],xmm[i][j+3]) ;
-        printf("\n") ;
-    }
-        
-    for(i=0; i<64; i++)printf("W_K[%d]%08x\n", i, W_K[i]) ;
-    #endif
-
-    return 0;
-}
-#endif  /* HAVE_INTEL_RORX */
-
-#endif  /* HAVE_INTEL_AVX1 */
-
-
-#if defined(HAVE_INTEL_AVX2)
-
-#define _MOVE_to_REG(ymm, mem)       __asm__ volatile("vmovdqu %0, %%"#ymm" ":: "m"(mem):YMM_REGs) ;
-#define _MOVE_to_MEM(mem, ymm)       __asm__ volatile("vmovdqu %%"#ymm", %0" : "=m"(mem)::YMM_REGs) ;
-#define _BYTE_SWAP(ymm, map)              __asm__ volatile("vpshufb %0, %%"#ymm", %%"#ymm"\n\t"\
-                                                       :: "m"(map):YMM_REGs) ;
-#define _MOVE_128(ymm0, ymm1, ymm2, map)   __asm__ volatile("vperm2i128  $"#map", %%"\
-                                  #ymm2", %%"#ymm1", %%"#ymm0" ":::YMM_REGs) ;
-#define _MOVE_BYTE(ymm0, ymm1, map)  __asm__ volatile("vpshufb %0, %%"#ymm1", %%"\
-                                  #ymm0"\n\t":: "m"(map):YMM_REGs) ;
-#define _S_TEMP(dest, src, bits, temp)    __asm__ volatile("vpsrld  $"#bits", %%"\
-         #src", %%"#dest"\n\tvpslld  $32-"#bits", %%"#src", %%"#temp"\n\tvpor %%"\
-         #temp",%%"#dest", %%"#dest" ":::YMM_REGs) ;
-#define _AVX2_R(dest, src, bits)          __asm__ volatile("vpsrld  $"#bits", %%"\
-                                  #src", %%"#dest" ":::YMM_REGs) ;
-#define _XOR(dest, src1, src2)       __asm__ volatile("vpxor   %%"#src1", %%"\
-         #src2", %%"#dest" ":::YMM_REGs) ;
-#define _OR(dest, src1, src2)       __asm__ volatile("vpor    %%"#src1", %%"\
-         #src2", %%"#dest" ":::YMM_REGs) ;
-#define _ADD(dest, src1, src2)       __asm__ volatile("vpaddd   %%"#src1", %%"\
-         #src2", %%"#dest" ":::YMM_REGs) ;
-#define _ADD_MEM(dest, src1, mem)    __asm__ volatile("vpaddd   %0, %%"#src1", %%"\
-         #dest" "::"m"(mem):YMM_REGs) ;
-#define _BLEND(map, dest, src1, src2)    __asm__ volatile("vpblendd    $"#map", %%"\
-         #src1",   %%"#src2", %%"#dest" ":::YMM_REGs) ;
-
-#define    _EXTRACT_XMM_0(xmm, mem)  __asm__ volatile("vpextrd $0, %%"#xmm", %0 ":"=r"(mem)::YMM_REGs) ;
-#define    _EXTRACT_XMM_1(xmm, mem)  __asm__ volatile("vpextrd $1, %%"#xmm", %0 ":"=r"(mem)::YMM_REGs) ;
-#define    _EXTRACT_XMM_2(xmm, mem)  __asm__ volatile("vpextrd $2, %%"#xmm", %0 ":"=r"(mem)::YMM_REGs) ;
-#define    _EXTRACT_XMM_3(xmm, mem)  __asm__ volatile("vpextrd $3, %%"#xmm", %0 ":"=r"(mem)::YMM_REGs) ;
-#define    _EXTRACT_XMM_4(ymm, xmm, mem)\
-      __asm__ volatile("vperm2i128 $0x1, %%"#ymm", %%"#ymm", %%"#ymm" ":::YMM_REGs) ;\
-      __asm__ volatile("vpextrd $0, %%"#xmm", %0 ":"=r"(mem)::YMM_REGs) ;
-#define    _EXTRACT_XMM_5(xmm, mem)  __asm__ volatile("vpextrd $1, %%"#xmm", %0 ":"=r"(mem)::YMM_REGs) ;
-#define    _EXTRACT_XMM_6(xmm, mem)  __asm__ volatile("vpextrd $2, %%"#xmm", %0 ":"=r"(mem)::YMM_REGs) ;
-#define    _EXTRACT_XMM_7(xmm, mem)  __asm__ volatile("vpextrd $3, %%"#xmm", %0 ":"=r"(mem)::YMM_REGs) ;
-
-#define    _SWAP_YMM_HL(ymm)   __asm__ volatile("vperm2i128 $0x1, %%"#ymm", %%"#ymm", %%"#ymm" ":::YMM_REGs) ;
-#define     SWAP_YMM_HL(ymm)   _SWAP_YMM_HL(ymm) 
-
-#define MOVE_to_REG(ymm, mem)      _MOVE_to_REG(ymm, mem)
-#define MOVE_to_MEM(mem, ymm)      _MOVE_to_MEM(mem, ymm)
-#define BYTE_SWAP(ymm, map)        _BYTE_SWAP(ymm, map)
-#define MOVE_128(ymm0, ymm1, ymm2, map) _MOVE_128(ymm0, ymm1, ymm2, map) 
-#define MOVE_BYTE(ymm0, ymm1, map) _MOVE_BYTE(ymm0, ymm1, map)
-#define XOR(dest, src1, src2)      _XOR(dest, src1, src2)
-#define OR(dest, src1, src2)       _OR(dest, src1, src2)
-#define ADD(dest, src1, src2)      _ADD(dest, src1, src2)
-#define ADD_MEM(dest, src1, mem)  _ADD_MEM(dest, src1, mem)
-#define BLEND(map, dest, src1, src2) _BLEND(map, dest, src1, src2)
-
-#define S_TMP(dest, src, bits, temp) _S_TEMP(dest, src, bits, temp); 
-#define AVX2_S(dest, src, bits)      S_TMP(dest, src, bits, S_TEMP)
-#define AVX2_R(dest, src, bits)      _AVX2_R(dest, src, bits)
-
-#define GAMMA0(dest, src)      AVX2_S(dest, src, 7);  AVX2_S(G_TEMP, src, 18); \
-    XOR(dest, G_TEMP, dest) ; AVX2_R(G_TEMP, src, 3);  XOR(dest, G_TEMP, dest) ;
-#define GAMMA0_1(dest, src)    AVX2_S(dest, src, 7);  AVX2_S(G_TEMP, src, 18); 
-#define GAMMA0_2(dest, src)    XOR(dest, G_TEMP, dest) ; AVX2_R(G_TEMP, src, 3);  \
-    XOR(dest, G_TEMP, dest) ;
-
-#define GAMMA1(dest, src)      AVX2_S(dest, src, 17); AVX2_S(G_TEMP, src, 19); \
-    XOR(dest, G_TEMP, dest) ; AVX2_R(G_TEMP, src, 10); XOR(dest, G_TEMP, dest) ;
-#define GAMMA1_1(dest, src)    AVX2_S(dest, src, 17); AVX2_S(G_TEMP, src, 19); 
-#define GAMMA1_2(dest, src)    XOR(dest, G_TEMP, dest) ; AVX2_R(G_TEMP, src, 10); \
-    XOR(dest, G_TEMP, dest) ;
-
-#define    FEEDBACK1_to_W_I_2    MOVE_BYTE(YMM_TEMP0, W_I, mMAP1toW_I_2[0]) ; \
-    BLEND(0x0c, W_I_2, YMM_TEMP0, W_I_2) ;
-#define    FEEDBACK2_to_W_I_2    MOVE_128(YMM_TEMP0, W_I, W_I, 0x08) ;  \
-    MOVE_BYTE(YMM_TEMP0, YMM_TEMP0, mMAP2toW_I_2[0]) ; BLEND(0x30, W_I_2, YMM_TEMP0, W_I_2) ; 
-#define    FEEDBACK3_to_W_I_2    MOVE_BYTE(YMM_TEMP0, W_I, mMAP3toW_I_2[0]) ; \
-    BLEND(0xc0, W_I_2, YMM_TEMP0, W_I_2) ; 
-
-#define    FEEDBACK_to_W_I_7     MOVE_128(YMM_TEMP0, W_I, W_I, 0x08) ;\
-    MOVE_BYTE(YMM_TEMP0, YMM_TEMP0, mMAPtoW_I_7[0]) ; BLEND(0x80, W_I_7, YMM_TEMP0, W_I_7) ;
-
-#undef voitle
-
-#define W_I_16  ymm8
-#define W_I_15  ymm9
-#define W_I_7  ymm10
-#define W_I_2  ymm11
-#define W_I    ymm12
-#define G_TEMP     ymm13
-#define S_TEMP     ymm14
-#define YMM_TEMP0  ymm15
-#define YMM_TEMP0x xmm15
-#define W_I_TEMP   ymm7
-#define W_K_TEMP   ymm15
-#define W_K_TEMPx  xmm15
-
-#define YMM_REGs /* Registers are saved in Sha256Update/Finel */
- /* "%ymm7","%ymm8","%ymm9","%ymm10","%ymm11","%ymm12","%ymm13","%ymm14","%ymm15"*/
-
-
-#define MOVE_15_to_16(w_i_16, w_i_15, w_i_7)\
-    __asm__ volatile("vperm2i128  $0x01, %%"#w_i_15", %%"#w_i_15", %%"#w_i_15" ":::YMM_REGs) ;\
-    __asm__ volatile("vpblendd    $0x08, %%"#w_i_15", %%"#w_i_7", %%"#w_i_16" ":::YMM_REGs) ;\
-    __asm__ volatile("vperm2i128 $0x01,  %%"#w_i_7",  %%"#w_i_7", %%"#w_i_15" ":::YMM_REGs) ;\
-    __asm__ volatile("vpblendd    $0x80, %%"#w_i_15", %%"#w_i_16", %%"#w_i_16" ":::YMM_REGs) ;\
-    __asm__ volatile("vpshufd    $0x93,  %%"#w_i_16", %%"#w_i_16" ":::YMM_REGs) ;\
-
-#define MOVE_7_to_15(w_i_15, w_i_7)\
-    __asm__ volatile("vmovdqu                 %%"#w_i_7",  %%"#w_i_15" ":::YMM_REGs) ;\
-
-#define MOVE_I_to_7(w_i_7, w_i)\
-    __asm__ volatile("vperm2i128 $0x01,       %%"#w_i",   %%"#w_i",   %%"#w_i_7" ":::YMM_REGs) ;\
-    __asm__ volatile("vpblendd    $0x01,       %%"#w_i_7",   %%"#w_i", %%"#w_i_7" ":::YMM_REGs) ;\
-    __asm__ volatile("vpshufd    $0x39, %%"#w_i_7", %%"#w_i_7" ":::YMM_REGs) ;\
-
-#define MOVE_I_to_2(w_i_2, w_i)\
-    __asm__ volatile("vperm2i128 $0x01,       %%"#w_i", %%"#w_i", %%"#w_i_2" ":::YMM_REGs) ;\
-    __asm__ volatile("vpshufd    $0x0e, %%"#w_i_2", %%"#w_i_2" ":::YMM_REGs) ;\
-
-#define ROTATE_W(w_i_16, w_i_15, w_i_7, w_i_2, w_i)\
-    MOVE_15_to_16(w_i_16, w_i_15, w_i_7) ; \
-    MOVE_7_to_15(w_i_15, w_i_7) ; \
-    MOVE_I_to_7(w_i_7, w_i) ; \
-    MOVE_I_to_2(w_i_2, w_i) ;\
-
-#define _RegToDigest(S_0, S_1, S_2, S_3, S_4, S_5, S_6, S_7 )\
-    { word32 d ;\
-    __asm__ volatile("movl %"#S_0", %0":"=r"(d)::SSE_REGs) ;\
-    sha256->digest[0] += d;\
-    __asm__ volatile("movl %"#S_1", %0":"=r"(d)::SSE_REGs) ;\
-    sha256->digest[1] += d;\
-    __asm__ volatile("movl %"#S_2", %0":"=r"(d)::SSE_REGs) ;\
-    sha256->digest[2] += d;\
-    __asm__ volatile("movl %"#S_3", %0":"=r"(d)::SSE_REGs) ;\
-    sha256->digest[3] += d;\
-    __asm__ volatile("movl %"#S_4", %0":"=r"(d)::SSE_REGs) ;\
-    sha256->digest[4] += d;\
-    __asm__ volatile("movl %"#S_5", %0":"=r"(d)::SSE_REGs) ;\
-    sha256->digest[5] += d;\
-    __asm__ volatile("movl %"#S_6", %0":"=r"(d)::SSE_REGs) ;\
-    sha256->digest[6] += d;\
-    __asm__ volatile("movl %"#S_7", %0":"=r"(d)::SSE_REGs) ;\
-    sha256->digest[7] += d;\
-}
-
-#define _DumpS(S_0, S_1, S_2, S_3, S_4, S_5, S_6, S_7 )\
-  { word32 d[8] ;\
-    __asm__ volatile("movl %"#S_0", %0":"=r"(d[0])::SSE_REGs) ;\
-    __asm__ volatile("movl %"#S_1", %0":"=r"(d[1])::SSE_REGs) ;\
-    __asm__ volatile("movl %"#S_2", %0":"=r"(d[2])::SSE_REGs) ;\
-    __asm__ volatile("movl %"#S_3", %0":"=r"(d[3])::SSE_REGs) ;\
-    __asm__ volatile("movl %"#S_4", %0":"=r"(d[4])::SSE_REGs) ;\
-    __asm__ volatile("movl %"#S_5", %0":"=r"(d[5])::SSE_REGs) ;\
-    __asm__ volatile("movl %"#S_6", %0":"=r"(d[6])::SSE_REGs) ;\
-    __asm__ volatile("movl %"#S_7", %0":"=r"(d[7])::SSE_REGs) ;\
-        printf("S[0..7]=%08x,%08x,%08x,%08x,%08x,%08x,%08x,%08x\n", d[0],d[1],d[2],d[3],d[4],d[5],d[6],d[7]);\
-    __asm__ volatile("movl %0, %"#S_0::"r"(d[0]):SSE_REGs) ;\
-    __asm__ volatile("movl %0, %"#S_1::"r"(d[1]):SSE_REGs) ;\
-    __asm__ volatile("movl %0, %"#S_2::"r"(d[2]):SSE_REGs) ;\
-    __asm__ volatile("movl %0, %"#S_3::"r"(d[3]):SSE_REGs) ;\
-    __asm__ volatile("movl %0, %"#S_4::"r"(d[4]):SSE_REGs) ;\
-    __asm__ volatile("movl %0, %"#S_5::"r"(d[5]):SSE_REGs) ;\
-    __asm__ volatile("movl %0, %"#S_6::"r"(d[6]):SSE_REGs) ;\
-    __asm__ volatile("movl %0, %"#S_7::"r"(d[7]):SSE_REGs) ;\
-}
-
-
-#define DigestToReg(S_0, S_1, S_2, S_3, S_4, S_5, S_6, S_7 )\
-    _DigestToReg(S_0, S_1, S_2, S_3, S_4, S_5, S_6, S_7 )
-
-#define RegToDigest(S_0, S_1, S_2, S_3, S_4, S_5, S_6, S_7 )\
-    _RegToDigest(S_0, S_1, S_2, S_3, S_4, S_5, S_6, S_7 )
-
-#define DumS(S_0, S_1, S_2, S_3, S_4, S_5, S_6, S_7 )\
-    _DumpS(S_0, S_1, S_2, S_3, S_4, S_5, S_6, S_7 )
-
-        
-    /* Byte swap Masks to ensure that rest of the words are filled with zero's. */
-    static const unsigned long mBYTE_FLIP_MASK_16[] =  
-        { 0x0405060700010203, 0x0c0d0e0f08090a0b, 0x0405060700010203, 0x0c0d0e0f08090a0b } ;
-    static const unsigned long mBYTE_FLIP_MASK_15[] =  
-        { 0x0405060700010203, 0x0c0d0e0f08090a0b, 0x0405060700010203, 0x0c0d0e0f08090a0b } ;
-    static const unsigned long mBYTE_FLIP_MASK_7 [] =  
-        { 0x0405060700010203, 0x0c0d0e0f08090a0b, 0x0405060700010203, 0x8080808008090a0b } ;
-    static const unsigned long mBYTE_FLIP_MASK_2 [] =  
-        { 0x0405060700010203, 0x8080808080808080, 0x8080808080808080, 0x8080808080808080 } ;
-
-    static const unsigned long mMAPtoW_I_7[] =  
-        { 0x8080808080808080, 0x8080808080808080, 0x8080808080808080, 0x0302010080808080 } ;
-    static const unsigned long mMAP1toW_I_2[] = 
-        { 0x8080808080808080, 0x0706050403020100, 0x8080808080808080, 0x8080808080808080 } ;
-    static const unsigned long mMAP2toW_I_2[] = 
-        { 0x8080808080808080, 0x8080808080808080, 0x0f0e0d0c0b0a0908, 0x8080808080808080 } ;
-    static const unsigned long mMAP3toW_I_2[] = 
-        { 0x8080808080808080, 0x8080808080808080, 0x8080808080808080, 0x0706050403020100 } ;
- 
-static int Transform_AVX2(Sha256* sha256)
-{
-
-    #ifdef WOLFSSL_SMALL_STACK
-        word32* W_K;
-        W_K = (word32*) XMALLOC(sizeof(word32) * 64, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-        if (W_K == NULL)
-            return MEMORY_E;
-    #else
-        word32 W_K[64]  ;
-    #endif
-
-    MOVE_to_REG(W_I_16, sha256->buffer[0]);     BYTE_SWAP(W_I_16, mBYTE_FLIP_MASK_16[0]) ;
-    MOVE_to_REG(W_I_15, sha256->buffer[1]);     BYTE_SWAP(W_I_15, mBYTE_FLIP_MASK_15[0]) ;
-    MOVE_to_REG(W_I,    sha256->buffer[8]) ;    BYTE_SWAP(W_I,    mBYTE_FLIP_MASK_16[0]) ;
-    MOVE_to_REG(W_I_7,  sha256->buffer[16-7]) ; BYTE_SWAP(W_I_7,  mBYTE_FLIP_MASK_7[0])  ;
-    MOVE_to_REG(W_I_2,  sha256->buffer[16-2]) ; BYTE_SWAP(W_I_2,  mBYTE_FLIP_MASK_2[0])  ;
-
-    DigestToReg(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7) ;
-
-    ADD_MEM(W_K_TEMP, W_I_16, K[0]) ;
-    MOVE_to_MEM(W_K[0], W_K_TEMP) ; 
-
-    RND_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,0) ;
-    RND_7(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,1) ;
-    RND_6(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,2) ;
-    RND_5(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,3) ;  
-    RND_4(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,4) ;
-    RND_3(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,5) ;
-    RND_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,6) ;
-    RND_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,7) ;
-
-    ADD_MEM(YMM_TEMP0, W_I, K[8]) ;
-    MOVE_to_MEM(W_K[8], YMM_TEMP0) ; 
-
-        /* W[i] = Gamma1(W[i-2]) + W[i-7] + Gamma0(W[i-15] + W[i-16]) */
-                RND_0_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,8) ;
-        GAMMA0_1(W_I_TEMP, W_I_15) ;
-                RND_0_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,8) ;
-        GAMMA0_2(W_I_TEMP, W_I_15) ;
-                RND_0_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,8) ;
-        ADD(W_I_TEMP, W_I_16, W_I_TEMP) ;/* for saving W_I before adding incomplete W_I_7 */
-                RND_7_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,9) ;
-        ADD(W_I, W_I_7, W_I_TEMP);
-                RND_7_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,9) ;
-        GAMMA1_1(YMM_TEMP0, W_I_2) ; 
-                RND_7_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,9) ;
-        GAMMA1_2(YMM_TEMP0, W_I_2) ; 
-                RND_6_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,10) ;
-        ADD(W_I, W_I, YMM_TEMP0) ;/* now W[16..17] are completed */
-                RND_6_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,10) ;
-        FEEDBACK1_to_W_I_2 ;
-                RND_6_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,10) ;
-        FEEDBACK_to_W_I_7 ; 
-                RND_5_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,11) ;
-        ADD(W_I_TEMP, W_I_7, W_I_TEMP);
-                RND_5_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,11) ;
-        GAMMA1_1(YMM_TEMP0, W_I_2) ; 
-                RND_5_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,11) ;
-        GAMMA1_2(YMM_TEMP0, W_I_2) ; 
-                RND_4_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,12) ;
-        ADD(W_I, W_I_TEMP, YMM_TEMP0) ;/* now W[16..19] are completed */
-                RND_4_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,12) ;
-        FEEDBACK2_to_W_I_2 ;
-                RND_4_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,12) ;
-        GAMMA1_1(YMM_TEMP0, W_I_2) ;
-                RND_3_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,13) ;
-        GAMMA1_2(YMM_TEMP0, W_I_2) ; 
-                RND_3_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,13) ;
-        ADD(W_I, W_I_TEMP, YMM_TEMP0) ; /* now W[16..21] are completed */
-                RND_3_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,13) ;
-        FEEDBACK3_to_W_I_2 ;
-                RND_2_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,14) ;
-        GAMMA1(YMM_TEMP0, W_I_2) ;
-                RND_2_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,14) ;
-                RND_2_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,14) ;
-        ADD(W_I, W_I_TEMP, YMM_TEMP0) ; /* now W[16..23] are completed */
-                RND_1_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,15) ;
-
-        MOVE_to_REG(YMM_TEMP0, K[16]) ;    
-                RND_1_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,15) ;
-        ROTATE_W(W_I_16, W_I_15, W_I_7, W_I_2, W_I) ;
-                RND_1_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,15) ;
-        ADD(YMM_TEMP0, YMM_TEMP0, W_I) ;
-        MOVE_to_MEM(W_K[16], YMM_TEMP0) ;
-
-        /* W[i] = Gamma1(W[i-2]) + W[i-7] + Gamma0(W[i-15] + W[i-16]) */
-                RND_0_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,16) ;
-        GAMMA0_1(W_I_TEMP, W_I_15) ;
-                RND_0_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,16) ;
-        GAMMA0_2(W_I_TEMP, W_I_15) ;
-                RND_0_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,16) ;
-        ADD(W_I_TEMP, W_I_16, W_I_TEMP) ;/* for saving W_I before adding incomplete W_I_7 */
-                RND_7_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,17) ;
-        ADD(W_I, W_I_7, W_I_TEMP);
-                RND_7_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,17) ;
-        GAMMA1_1(YMM_TEMP0, W_I_2) ; 
-                RND_7_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,17) ;
-        GAMMA1_2(YMM_TEMP0, W_I_2) ; 
-                RND_6_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,18) ;
-        ADD(W_I, W_I, YMM_TEMP0) ;/* now W[16..17] are completed */
-                RND_6_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,18) ;
-        FEEDBACK1_to_W_I_2 ;
-                RND_6_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,18) ;
-        FEEDBACK_to_W_I_7 ; 
-                RND_5_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,19) ;
-        ADD(W_I_TEMP, W_I_7, W_I_TEMP);
-                RND_5_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,19) ;
-        GAMMA1(YMM_TEMP0, W_I_2) ; 
-                RND_5_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,19) ;
-        GAMMA1_2(YMM_TEMP0, W_I_2) ; 
-                RND_4_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,20) ;
-        ADD(W_I, W_I_TEMP, YMM_TEMP0) ;/* now W[16..19] are completed */
-                RND_4_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,20) ;
-        FEEDBACK2_to_W_I_2 ;
-                RND_4_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,20) ;
-        GAMMA1_1(YMM_TEMP0, W_I_2) ;
-                RND_3_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,21) ;
-        GAMMA1_2(YMM_TEMP0, W_I_2) ; 
-                RND_3_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,21) ;
-        ADD(W_I, W_I_TEMP, YMM_TEMP0) ; /* now W[16..21] are completed */
-                RND_3_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,21) ;
-        FEEDBACK3_to_W_I_2 ;
-                RND_2_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,22) ;
-        GAMMA1_1(YMM_TEMP0, W_I_2) ;
-                RND_2_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,22) ;
-        GAMMA1_2(YMM_TEMP0, W_I_2) ; 
-                RND_2_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,22) ;
-        ADD(W_I, W_I_TEMP, YMM_TEMP0) ; /* now W[16..23] are completed */
-                RND_1_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,23) ;
-
-        MOVE_to_REG(YMM_TEMP0, K[24]) ;    
-                RND_1_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,23) ;
-        ROTATE_W(W_I_16, W_I_15, W_I_7, W_I_2, W_I) ;
-                RND_1_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,23) ;
-        ADD(YMM_TEMP0, YMM_TEMP0, W_I) ;
-        MOVE_to_MEM(W_K[24], YMM_TEMP0) ;
-
-                /* W[i] = Gamma1(W[i-2]) + W[i-7] + Gamma0(W[i-15] + W[i-16]) */
-                RND_0_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,24) ;
-        GAMMA0_1(W_I_TEMP, W_I_15) ;
-                RND_0_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,24) ;
-        GAMMA0_2(W_I_TEMP, W_I_15) ;
-                RND_0_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,24) ;
-        ADD(W_I_TEMP, W_I_16, W_I_TEMP) ;/* for saving W_I before adding incomplete W_I_7 */
-                RND_7_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,25) ;
-        ADD(W_I, W_I_7, W_I_TEMP);
-                RND_7_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,25) ;
-        GAMMA1_1(YMM_TEMP0, W_I_2) ; 
-                RND_7_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,25) ;
-        GAMMA1_2(YMM_TEMP0, W_I_2) ; 
-                RND_6_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,26) ;
-        ADD(W_I, W_I, YMM_TEMP0) ;/* now W[16..17] are completed */
-                RND_6_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,26) ;
-        FEEDBACK1_to_W_I_2 ;
-                RND_6_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,26) ;
-        FEEDBACK_to_W_I_7 ; 
-                RND_5_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,27) ;
-        ADD(W_I_TEMP, W_I_7, W_I_TEMP);
-                RND_5_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,27) ;
-        GAMMA1_1(YMM_TEMP0, W_I_2) ; 
-                RND_5_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,27) ;
-        GAMMA1_2(YMM_TEMP0, W_I_2) ; 
-                RND_4_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,28) ;
-        ADD(W_I, W_I_TEMP, YMM_TEMP0) ;/* now W[16..19] are completed */
-                RND_4_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,28) ;
-        FEEDBACK2_to_W_I_2 ;
-                RND_4_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,28) ;
-        GAMMA1_1(YMM_TEMP0, W_I_2) ;
-                RND_3_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,29) ;
-        GAMMA1_2(YMM_TEMP0, W_I_2) ; 
-                RND_3_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,29) ;
-        ADD(W_I, W_I_TEMP, YMM_TEMP0) ; /* now W[16..21] are completed */
-                RND_3_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,29) ;
-        FEEDBACK3_to_W_I_2 ;
-                RND_2_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,30) ;
-        GAMMA1(YMM_TEMP0, W_I_2) ;
-                RND_2_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,30) ;
-                RND_2_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,30) ;
-        ADD(W_I, W_I_TEMP, YMM_TEMP0) ; /* now W[16..23] are completed */
-                RND_1_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,31) ;
-
-        MOVE_to_REG(YMM_TEMP0, K[32]) ;    
-                RND_1_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,31) ;
-        ROTATE_W(W_I_16, W_I_15, W_I_7, W_I_2, W_I) ;
-                RND_1_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,31) ;
-        ADD(YMM_TEMP0, YMM_TEMP0, W_I) ;
-        MOVE_to_MEM(W_K[32], YMM_TEMP0) ;
-
-        
-                /* W[i] = Gamma1(W[i-2]) + W[i-7] + Gamma0(W[i-15] + W[i-16]) */
-                RND_0_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,32) ;
-        GAMMA0_1(W_I_TEMP, W_I_15) ;
-                RND_0_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,32) ;
-        GAMMA0_2(W_I_TEMP, W_I_15) ;
-                RND_0_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,32) ;
-        ADD(W_I_TEMP, W_I_16, W_I_TEMP) ;/* for saving W_I before adding incomplete W_I_7 */
-                RND_7_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,33) ;
-        ADD(W_I, W_I_7, W_I_TEMP);
-                RND_7_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,33) ;
-        GAMMA1_1(YMM_TEMP0, W_I_2) ;
-                RND_7_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,33) ;
-        GAMMA1_2(YMM_TEMP0, W_I_2) ; 
-                RND_6_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,34) ;
-        ADD(W_I, W_I, YMM_TEMP0) ;/* now W[16..17] are completed */
-                RND_6_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,34) ;
-        FEEDBACK1_to_W_I_2 ;
-                RND_6_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,34) ;
-        FEEDBACK_to_W_I_7 ; 
-                RND_5_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,35) ;
-        ADD(W_I_TEMP, W_I_7, W_I_TEMP);
-                RND_5_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,35) ;
-        GAMMA1_1(YMM_TEMP0, W_I_2) ;
-                RND_5_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,35) ;
-        GAMMA1_2(YMM_TEMP0, W_I_2) ;
-                RND_4_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,36) ;
-        ADD(W_I, W_I_TEMP, YMM_TEMP0) ;/* now W[16..19] are completed */
-                RND_4_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,36) ;
-        FEEDBACK2_to_W_I_2 ;
-                RND_4_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,36) ;
-        GAMMA1_1(YMM_TEMP0, W_I_2) ;
-                RND_3_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,37) ;
-        GAMMA1_2(YMM_TEMP0, W_I_2) ;
-                RND_3_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,37) ;
-        ADD(W_I, W_I_TEMP, YMM_TEMP0) ; /* now W[16..21] are completed */
-                RND_3_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,37) ;
-        FEEDBACK3_to_W_I_2 ;
-                RND_2_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,38) ;
-        GAMMA1_1(YMM_TEMP0, W_I_2) ;
-                RND_2_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,38) ;
-        GAMMA1_2(YMM_TEMP0, W_I_2) ;
-                RND_2_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,38) ;
-        ADD(W_I, W_I_TEMP, YMM_TEMP0) ; /* now W[16..23] are completed */
-                RND_1_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,39) ;
-
-        MOVE_to_REG(YMM_TEMP0, K[40]) ;    
-                RND_1_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,39) ;
-        ROTATE_W(W_I_16, W_I_15, W_I_7, W_I_2, W_I) ;
-                RND_1_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,39) ;
-        ADD(YMM_TEMP0, YMM_TEMP0, W_I) ;
-        MOVE_to_MEM(W_K[40], YMM_TEMP0) ;
-
-                /* W[i] = Gamma1(W[i-2]) + W[i-7] + Gamma0(W[i-15] + W[i-16]) */
-                RND_0_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,40) ;
-        GAMMA0_1(W_I_TEMP, W_I_15) ;
-                RND_0_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,40) ;
-        GAMMA0_2(W_I_TEMP, W_I_15) ;
-                RND_0_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,40) ;
-        ADD(W_I_TEMP, W_I_16, W_I_TEMP) ;/* for saving W_I before adding incomplete W_I_7 */
-                RND_7_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,41) ;
-        ADD(W_I, W_I_7, W_I_TEMP);
-                RND_7_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,41) ;
-        GAMMA1_1(YMM_TEMP0, W_I_2) ;
-                RND_7_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,41) ;
-        GAMMA1_2(YMM_TEMP0, W_I_2) ;
-                RND_6_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,42) ;
-        ADD(W_I, W_I, YMM_TEMP0) ;/* now W[16..17] are completed */
-                RND_6_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,42) ;
-        FEEDBACK1_to_W_I_2 ;
-                RND_6_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,42) ;
-        FEEDBACK_to_W_I_7 ; 
-                RND_5_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,43) ;
-        ADD(W_I_TEMP, W_I_7, W_I_TEMP);
-                RND_5_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,43) ;
-        GAMMA1_1(YMM_TEMP0, W_I_2) ; 
-                RND_5_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,43) ;
-        GAMMA1_2(YMM_TEMP0, W_I_2) ;
-                RND_4_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,44) ;
-        ADD(W_I, W_I_TEMP, YMM_TEMP0) ;/* now W[16..19] are completed */
-                RND_4_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,44) ;
-        FEEDBACK2_to_W_I_2 ;
-                RND_4_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,44) ;
-        GAMMA1_1(YMM_TEMP0, W_I_2) ;
-                RND_3_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,45) ;
-        GAMMA1_2(YMM_TEMP0, W_I_2) ;
-                RND_3_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,45) ;
-        ADD(W_I, W_I_TEMP, YMM_TEMP0) ; /* now W[16..21] are completed */
-                RND_3_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,45) ;
-        FEEDBACK3_to_W_I_2 ;
-                RND_2_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,46) ;
-        GAMMA1_1(YMM_TEMP0, W_I_2) ;
-                RND_2_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,46) ;
-        GAMMA1_2(YMM_TEMP0, W_I_2) ;
-                RND_2_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,46) ;
-        ADD(W_I, W_I_TEMP, YMM_TEMP0) ; /* now W[16..23] are completed */
-                RND_1_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,47) ;
-
-        MOVE_to_REG(YMM_TEMP0, K[48]) ;    
-                RND_1_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,47) ;
-        ROTATE_W(W_I_16, W_I_15, W_I_7, W_I_2, W_I) ;
-                RND_1_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,47) ;
-        ADD(YMM_TEMP0, YMM_TEMP0, W_I) ;
-        MOVE_to_MEM(W_K[48], YMM_TEMP0) ;
-        
-                /* W[i] = Gamma1(W[i-2]) + W[i-7] + Gamma0(W[i-15] + W[i-16]) */
-                RND_0_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,48) ;
-        GAMMA0_1(W_I_TEMP, W_I_15) ;
-                RND_0_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,48) ;
-        GAMMA0_2(W_I_TEMP, W_I_15) ;
-                RND_0_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,48) ;
-        ADD(W_I_TEMP, W_I_16, W_I_TEMP) ;/* for saving W_I before adding incomplete W_I_7 */
-                RND_7_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,49) ;
-        ADD(W_I, W_I_7, W_I_TEMP);
-                RND_7_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,49) ;
-        GAMMA1_1(YMM_TEMP0, W_I_2) ; 
-                RND_7_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,49) ;
-        GAMMA1_2(YMM_TEMP0, W_I_2) ;
-                RND_6_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,50) ;
-        ADD(W_I, W_I, YMM_TEMP0) ;/* now W[16..17] are completed */
-                RND_6_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,50) ;
-        FEEDBACK1_to_W_I_2 ;
-                RND_6_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,50) ;
-        FEEDBACK_to_W_I_7 ; 
-                RND_5_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,51) ;
-        ADD(W_I_TEMP, W_I_7, W_I_TEMP);
-                RND_5_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,51) ;
-        GAMMA1_1(YMM_TEMP0, W_I_2) ;
-                RND_5_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,51) ;
-        GAMMA1_2(YMM_TEMP0, W_I_2) ;
-                RND_4_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,52) ;
-        ADD(W_I, W_I_TEMP, YMM_TEMP0) ;/* now W[16..19] are completed */
-                RND_4_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,52) ;
-        FEEDBACK2_to_W_I_2 ;
-                RND_4_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,52) ;
-        GAMMA1_1(YMM_TEMP0, W_I_2) ;
-                RND_3_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,53) ;
-        GAMMA1_2(YMM_TEMP0, W_I_2) ;
-                RND_3_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,53) ;
-        ADD(W_I, W_I_TEMP, YMM_TEMP0) ; /* now W[16..21] are completed */
-                RND_3_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,53) ;
-        FEEDBACK3_to_W_I_2 ;
-                RND_2_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,54) ;
-        GAMMA1_1(YMM_TEMP0, W_I_2) ;
-                RND_2_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,54) ;
-        GAMMA1_2(YMM_TEMP0, W_I_2) ;
-                RND_2_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,54) ;
-        ADD(W_I, W_I_TEMP, YMM_TEMP0) ; /* now W[16..23] are completed */
-                RND_1_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,55) ;
-
-        MOVE_to_REG(YMM_TEMP0, K[56]) ;    
-                RND_1_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,55) ;
-        ROTATE_W(W_I_16, W_I_15, W_I_7, W_I_2, W_I) ;
-                RND_1_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,55) ;
-        ADD(YMM_TEMP0, YMM_TEMP0, W_I) ;
-        MOVE_to_MEM(W_K[56], YMM_TEMP0) ;        
-        
-        RND_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,56) ;
-        RND_7(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,57) ;
-        RND_6(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,58) ;
-        RND_5(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,59) ;
-
-        RND_4(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,60) ;
-        RND_3(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,61) ;
-        RND_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,62) ;
-        RND_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,63) ;
-
-    RegToDigest(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7) ;  
-
-    #ifdef WOLFSSL_SMALL_STACK
-        XFREE(W, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    #endif
-    
-    return 0;
-}
-
-#endif   /* HAVE_INTEL_AVX2 */
-
-#endif   /* WOLFSSL_TI_HAHS */
-
-#endif   /* HAVE_FIPS */
-
-#endif /* NO_SHA256 */
-
+/* sha256.c
+ *
+ * Copyright (C) 2006-2015 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL. (formerly known as CyaSSL)
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+/* code submitted by raphael.huck@efixo.com */
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/sha256.h>
+
+#if !defined(NO_SHA256)
+#ifdef HAVE_FIPS
+
+int wc_InitSha256(Sha256* sha)
+{
+    return InitSha256_fips(sha);
+}
+
+
+int wc_Sha256Update(Sha256* sha, const byte* data, word32 len)
+{
+    return Sha256Update_fips(sha, data, len);
+}
+
+
+int wc_Sha256Final(Sha256* sha, byte* out)
+{
+    return Sha256Final_fips(sha, out);
+}
+
+
+int wc_Sha256Hash(const byte* data, word32 len, byte* out)
+{
+    return Sha256Hash(data, len, out);
+}
+
+#else /* else build without fips */
+
+#if !defined(NO_SHA256) && !defined(WOLFSSL_TI_HASH)
+    /* defined in port/ti/ti_sha256.c */
+
+#if !defined (ALIGN32)
+    #if defined (__GNUC__)
+        #define ALIGN32 __attribute__ ( (aligned (32)))
+    #elif defined(_MSC_VER)
+        /* disable align warning, we want alignment ! */
+        #pragma warning(disable: 4324)
+        #define ALIGN32 __declspec (align (32))
+    #else
+        #define ALIGN32
+    #endif
+#endif
+
+#ifdef WOLFSSL_PIC32MZ_HASH
+#define wc_InitSha256   wc_InitSha256_sw
+#define wc_Sha256Update wc_Sha256Update_sw
+#define wc_Sha256Final  wc_Sha256Final_sw
+#endif
+
+#ifdef HAVE_FIPS
+    /* set NO_WRAPPERS before headers, use direct internal f()s not wrappers */
+    #define FIPS_NO_WRAPPERS
+#endif
+
+#if defined(USE_INTEL_SPEEDUP)
+#define HAVE_INTEL_AVX1
+#define HAVE_INTEL_AVX2
+
+#if defined(DEBUG_XMM)
+#include "stdio.h"
+#endif
+
+#endif
+
+#if defined(HAVE_INTEL_AVX2)
+#define HAVE_INTEL_RORX
+#endif
+ 
+
+/*****
+Intel AVX1/AVX2 Macro Control Structure
+
+#define HAVE_INTEL_AVX1
+#define HAVE_INTEL_AVX2
+
+#define HAVE_INTEL_RORX
+
+
+int InitSha256(Sha256* sha256) { 
+     Save/Recover XMM, YMM
+     ...
+}
+
+#if defined(HAVE_INTEL_AVX1)|| defined(HAVE_INTEL_AVX2)
+  Transform() ; Function prototype 
+#else
+  Transform() {   }
+  int Sha256Final() { 
+     Save/Recover XMM, YMM
+     ...
+  }
+#endif
+
+#if defined(HAVE_INTEL_AVX1)|| defined(HAVE_INTEL_AVX2)
+    #if defined(HAVE_INTEL_RORX
+         #define RND with rorx instuction
+    #else
+        #define RND
+    #endif
+#endif
+
+#if defined(HAVE_INTEL_AVX1)
+   
+   #define XMM Instructions/inline asm
+   
+   int Transform() {
+       Stitched Message Sched/Round
+    } 
+   
+#elif defined(HAVE_INTEL_AVX2)
+  
+  #define YMM Instructions/inline asm
+  
+  int Transform() {
+      More granural Stitched Message Sched/Round
+  }
+  
+*/
+
+
+#if defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)
+
+/* Each platform needs to query info type 1 from cpuid to see if aesni is
+ * supported. Also, let's setup a macro for proper linkage w/o ABI conflicts
+ */
+
+#ifndef _MSC_VER
+    #define cpuid(reg, leaf, sub)\
+            __asm__ __volatile__ ("cpuid":\
+             "=a" (reg[0]), "=b" (reg[1]), "=c" (reg[2]), "=d" (reg[3]) :\
+             "a" (leaf), "c"(sub));
+
+    #define XASM_LINK(f) asm(f)
+#else
+
+    #include <intrin.h>
+    #define cpuid(a,b) __cpuid((int*)a,b)
+
+    #define XASM_LINK(f)
+
+#endif /* _MSC_VER */
+
+#define EAX 0
+#define EBX 1
+#define ECX 2 
+#define EDX 3
+    
+#define CPUID_AVX1   0x1
+#define CPUID_AVX2   0x2
+#define CPUID_RDRAND 0x4
+#define CPUID_RDSEED 0x8
+#define CPUID_BMI2   0x10   /* MULX, RORX */
+
+#define IS_INTEL_AVX1       (cpuid_flags&CPUID_AVX1)
+#define IS_INTEL_AVX2       (cpuid_flags&CPUID_AVX2)
+#define IS_INTEL_BMI2       (cpuid_flags&CPUID_BMI2)
+#define IS_INTEL_RDRAND     (cpuid_flags&CPUID_RDRAND)
+#define IS_INTEL_RDSEED     (cpuid_flags&CPUID_RDSEED)
+
+static word32 cpuid_check = 0 ;
+static word32 cpuid_flags = 0 ;
+
+static word32 cpuid_flag(word32 leaf, word32 sub, word32 num, word32 bit) {
+    int got_intel_cpu=0;
+    unsigned int reg[5]; 
+    
+    reg[4] = '\0' ;
+    cpuid(reg, 0, 0);  
+    if(memcmp((char *)&(reg[EBX]), "Genu", 4) == 0 &&  
+                memcmp((char *)&(reg[EDX]), "ineI", 4) == 0 &&  
+                memcmp((char *)&(reg[ECX]), "ntel", 4) == 0) {  
+        got_intel_cpu = 1;  
+    }    
+    if (got_intel_cpu) {
+        cpuid(reg, leaf, sub);
+        return((reg[num]>>bit)&0x1) ;
+    }
+    return 0 ;
+}
+
+static int set_cpuid_flags(void) {  
+    if(cpuid_check==0) {
+        if(cpuid_flag(1, 0, ECX, 28)){ cpuid_flags |= CPUID_AVX1 ;}
+        if(cpuid_flag(7, 0, EBX, 5)){  cpuid_flags |= CPUID_AVX2 ; }
+        if(cpuid_flag(7, 0, EBX, 8)) { cpuid_flags |= CPUID_BMI2 ; }
+        if(cpuid_flag(1, 0, ECX, 30)){ cpuid_flags |= CPUID_RDRAND ;  } 
+        if(cpuid_flag(7, 0, EBX, 18)){ cpuid_flags |= CPUID_RDSEED ;  }
+        cpuid_check = 1 ;
+        return 0 ;
+    }
+    return 1 ;
+}
+
+
+/* #if defined(HAVE_INTEL_AVX1/2) at the tail of sha512 */
+static int Transform(Sha256* sha256);
+
+#if defined(HAVE_INTEL_AVX1)
+static int Transform_AVX1(Sha256 *sha256) ;
+#endif
+#if defined(HAVE_INTEL_AVX2)
+static int Transform_AVX2(Sha256 *sha256) ; 
+static int Transform_AVX1_RORX(Sha256 *sha256) ; 
+#endif
+
+static int (*Transform_p)(Sha256* sha256) /* = _Transform */;
+
+#define XTRANSFORM(sha256, B)  (*Transform_p)(sha256)
+
+static void set_Transform(void) {
+     if(set_cpuid_flags())return ;
+
+#if defined(HAVE_INTEL_AVX2)
+     if(IS_INTEL_AVX2 && IS_INTEL_BMI2){ 
+         Transform_p = Transform_AVX1_RORX; return ; 
+         Transform_p = Transform_AVX2      ; 
+                  /* for avoiding warning,"not used" */
+     }
+#endif
+#if defined(HAVE_INTEL_AVX1)
+     Transform_p = ((IS_INTEL_AVX1) ? Transform_AVX1 : Transform) ; return ;
+#endif
+     Transform_p = Transform ; return ;
+}
+
+#else
+   #if defined(FREESCALE_MMCAU)
+      #define XTRANSFORM(sha256, B) Transform(sha256, B)
+   #else
+      #define XTRANSFORM(sha256, B) Transform(sha256)
+   #endif
+#endif
+
+/* Dummy for saving MM_REGs on behalf of Transform */
+#if defined(HAVE_INTEL_AVX2)&& !defined(HAVE_INTEL_AVX1)
+#define  SAVE_XMM_YMM   __asm__ volatile("or %%r8d, %%r8d":::\
+  "%ymm4","%ymm5","%ymm6","%ymm7","%ymm8","%ymm9","%ymm10","%ymm11","%ymm12","%ymm13","%ymm14","%ymm15")
+#elif defined(HAVE_INTEL_AVX1)
+#define  SAVE_XMM_YMM   __asm__ volatile("or %%r8d, %%r8d":::\
+    "xmm0","xmm1","xmm2","xmm3","xmm4","xmm5","xmm6","xmm7","xmm8","xmm9","xmm10",\
+    "xmm11","xmm12","xmm13","xmm14","xmm15")
+#else
+#define  SAVE_XMM_YMM
+#endif
+
+#ifdef WOLFSSL_PIC32MZ_HASH
+#define InitSha256   InitSha256_sw
+#define Sha256Update Sha256Update_sw
+#define Sha256Final  Sha256Final_sw
+#endif
+
+#include <wolfssl/wolfcrypt/logging.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
+
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #include <wolfcrypt/src/misc.c>
+#endif
+
+#ifdef FREESCALE_MMCAU
+    #include "cau_api.h"
+#endif
+
+#ifndef WOLFSSL_HAVE_MIN
+#define WOLFSSL_HAVE_MIN
+
+    static INLINE word32 min(word32 a, word32 b)
+    {
+        return a > b ? b : a;
+    }
+
+#endif /* WOLFSSL_HAVE_MIN */
+
+
+int wc_InitSha256(Sha256* sha256)
+{
+    #ifdef FREESCALE_MMCAU
+        cau_sha256_initialize_output(sha256->digest);
+    #else
+        sha256->digest[0] = 0x6A09E667L;
+        sha256->digest[1] = 0xBB67AE85L;
+        sha256->digest[2] = 0x3C6EF372L;
+        sha256->digest[3] = 0xA54FF53AL;
+        sha256->digest[4] = 0x510E527FL;
+        sha256->digest[5] = 0x9B05688CL;
+        sha256->digest[6] = 0x1F83D9ABL;
+        sha256->digest[7] = 0x5BE0CD19L;
+    #endif
+
+    sha256->buffLen = 0;
+    sha256->loLen   = 0;
+    sha256->hiLen   = 0;
+    
+#if defined(HAVE_INTEL_AVX1)|| defined(HAVE_INTEL_AVX2)
+    set_Transform() ; /* choose best Transform function under this runtime environment */
+#endif
+
+    return 0;
+}
+
+
+#if !defined(FREESCALE_MMCAU)
+static const ALIGN32 word32 K[64] = {
+    0x428A2F98L, 0x71374491L, 0xB5C0FBCFL, 0xE9B5DBA5L, 0x3956C25BL,
+    0x59F111F1L, 0x923F82A4L, 0xAB1C5ED5L, 0xD807AA98L, 0x12835B01L,
+    0x243185BEL, 0x550C7DC3L, 0x72BE5D74L, 0x80DEB1FEL, 0x9BDC06A7L,
+    0xC19BF174L, 0xE49B69C1L, 0xEFBE4786L, 0x0FC19DC6L, 0x240CA1CCL,
+    0x2DE92C6FL, 0x4A7484AAL, 0x5CB0A9DCL, 0x76F988DAL, 0x983E5152L,
+    0xA831C66DL, 0xB00327C8L, 0xBF597FC7L, 0xC6E00BF3L, 0xD5A79147L,
+    0x06CA6351L, 0x14292967L, 0x27B70A85L, 0x2E1B2138L, 0x4D2C6DFCL,
+    0x53380D13L, 0x650A7354L, 0x766A0ABBL, 0x81C2C92EL, 0x92722C85L,
+    0xA2BFE8A1L, 0xA81A664BL, 0xC24B8B70L, 0xC76C51A3L, 0xD192E819L,
+    0xD6990624L, 0xF40E3585L, 0x106AA070L, 0x19A4C116L, 0x1E376C08L,
+    0x2748774CL, 0x34B0BCB5L, 0x391C0CB3L, 0x4ED8AA4AL, 0x5B9CCA4FL,
+    0x682E6FF3L, 0x748F82EEL, 0x78A5636FL, 0x84C87814L, 0x8CC70208L,
+    0x90BEFFFAL, 0xA4506CEBL, 0xBEF9A3F7L, 0xC67178F2L
+};
+
+#endif
+
+#if defined(FREESCALE_MMCAU)
+
+static int Transform(Sha256* sha256, byte* buf)
+{
+    cau_sha256_hash_n(buf, 1, sha256->digest);
+
+    return 0;
+}
+
+#endif /* FREESCALE_MMCAU */
+
+#define Ch(x,y,z)       ((z) ^ ((x) & ((y) ^ (z))))
+#define Maj(x,y,z)      ((((x) | (y)) & (z)) | ((x) & (y)))
+#define R(x, n)         (((x)&0xFFFFFFFFU)>>(n))
+
+#define S(x, n)         rotrFixed(x, n)
+#define Sigma0(x)       (S(x, 2) ^ S(x, 13) ^ S(x, 22))
+#define Sigma1(x)       (S(x, 6) ^ S(x, 11) ^ S(x, 25))
+#define Gamma0(x)       (S(x, 7) ^ S(x, 18) ^ R(x, 3))
+#define Gamma1(x)       (S(x, 17) ^ S(x, 19) ^ R(x, 10))
+
+#define RND(a,b,c,d,e,f,g,h,i) \
+     t0 = (h) + Sigma1((e)) + Ch((e), (f), (g)) + K[(i)] + W[(i)]; \
+     t1 = Sigma0((a)) + Maj((a), (b), (c)); \
+     (d) += t0; \
+     (h)  = t0 + t1;
+
+#if !defined(FREESCALE_MMCAU)
+static int Transform(Sha256* sha256)
+{
+    word32 S[8], t0, t1;
+    int i;
+
+#ifdef WOLFSSL_SMALL_STACK
+    word32* W;
+
+    W = (word32*) XMALLOC(sizeof(word32) * 64, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    if (W == NULL)
+        return MEMORY_E;
+#else
+    word32 W[64];
+#endif
+
+    /* Copy context->state[] to working vars */
+    for (i = 0; i < 8; i++)
+        S[i] = sha256->digest[i];
+
+    for (i = 0; i < 16; i++)
+        W[i] = sha256->buffer[i];
+
+    for (i = 16; i < 64; i++)
+        W[i] = Gamma1(W[i-2]) + W[i-7] + Gamma0(W[i-15]) + W[i-16];
+
+    for (i = 0; i < 64; i += 8) {
+        RND(S[0],S[1],S[2],S[3],S[4],S[5],S[6],S[7],i+0);
+        RND(S[7],S[0],S[1],S[2],S[3],S[4],S[5],S[6],i+1);
+        RND(S[6],S[7],S[0],S[1],S[2],S[3],S[4],S[5],i+2);
+        RND(S[5],S[6],S[7],S[0],S[1],S[2],S[3],S[4],i+3);
+        RND(S[4],S[5],S[6],S[7],S[0],S[1],S[2],S[3],i+4);
+        RND(S[3],S[4],S[5],S[6],S[7],S[0],S[1],S[2],i+5);
+        RND(S[2],S[3],S[4],S[5],S[6],S[7],S[0],S[1],i+6);
+        RND(S[1],S[2],S[3],S[4],S[5],S[6],S[7],S[0],i+7);
+    }
+
+    /* Add the working vars back into digest state[] */
+    for (i = 0; i < 8; i++) {
+        sha256->digest[i] += S[i];
+    }
+
+#ifdef WOLFSSL_SMALL_STACK
+    XFREE(W, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+
+    return 0;
+}
+
+#endif /* #if !defined(FREESCALE_MMCAU) */
+
+static INLINE void AddLength(Sha256* sha256, word32 len)
+{
+    word32 tmp = sha256->loLen;
+    if ( (sha256->loLen += len) < tmp)
+        sha256->hiLen++;                       /* carry low to high */
+}
+
+int wc_Sha256Update(Sha256* sha256, const byte* data, word32 len)
+{
+
+    /* do block size increments */
+    byte* local = (byte*)sha256->buffer;
+
+    SAVE_XMM_YMM ; /* for Intel AVX */
+
+    while (len) {
+        word32 add = min(len, SHA256_BLOCK_SIZE - sha256->buffLen);
+        XMEMCPY(&local[sha256->buffLen], data, add);
+
+        sha256->buffLen += add;
+        data            += add;
+        len             -= add;
+
+        if (sha256->buffLen == SHA256_BLOCK_SIZE) {
+            int ret;
+
+            #if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU)
+                #if defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)
+                if(!IS_INTEL_AVX1 && !IS_INTEL_AVX2)
+                #endif
+                ByteReverseWords(sha256->buffer, sha256->buffer,
+                                 SHA256_BLOCK_SIZE);
+            #endif
+            ret = XTRANSFORM(sha256, local);
+            if (ret != 0)
+                return ret;
+
+            AddLength(sha256, SHA256_BLOCK_SIZE);
+            sha256->buffLen = 0;
+        }
+    }
+
+    return 0;
+}
+
+int wc_Sha256Final(Sha256* sha256, byte* hash)
+{
+    byte* local = (byte*)sha256->buffer;
+    int ret;
+    
+    SAVE_XMM_YMM ; /* for Intel AVX */
+
+    AddLength(sha256, sha256->buffLen);  /* before adding pads */
+
+    local[sha256->buffLen++] = 0x80;     /* add 1 */
+
+    /* pad with zeros */
+    if (sha256->buffLen > SHA256_PAD_SIZE) {
+        XMEMSET(&local[sha256->buffLen], 0, SHA256_BLOCK_SIZE - sha256->buffLen);
+        sha256->buffLen += SHA256_BLOCK_SIZE - sha256->buffLen;
+
+        #if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU)
+            #if defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)
+            if(!IS_INTEL_AVX1 && !IS_INTEL_AVX2)
+            #endif
+            ByteReverseWords(sha256->buffer, sha256->buffer, SHA256_BLOCK_SIZE);
+        #endif
+
+        ret = XTRANSFORM(sha256, local);
+        if (ret != 0)
+            return ret;
+
+        sha256->buffLen = 0;
+    }
+    XMEMSET(&local[sha256->buffLen], 0, SHA256_PAD_SIZE - sha256->buffLen);
+
+    /* put lengths in bits */
+    sha256->hiLen = (sha256->loLen >> (8*sizeof(sha256->loLen) - 3)) +
+                 (sha256->hiLen << 3);
+    sha256->loLen = sha256->loLen << 3;
+
+    /* store lengths */
+    #if defined(LITTLE_ENDIAN_ORDER) && !defined(FREESCALE_MMCAU)
+        #if defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)
+        if(!IS_INTEL_AVX1 && !IS_INTEL_AVX2)
+        #endif
+            ByteReverseWords(sha256->buffer, sha256->buffer, SHA256_BLOCK_SIZE);
+    #endif
+    /* ! length ordering dependent on digest endian type ! */
+    XMEMCPY(&local[SHA256_PAD_SIZE], &sha256->hiLen, sizeof(word32));
+    XMEMCPY(&local[SHA256_PAD_SIZE + sizeof(word32)], &sha256->loLen,
+            sizeof(word32));
+
+    #if defined(FREESCALE_MMCAU) || defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)
+        /* Kinetis requires only these bytes reversed */
+        #if defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)
+        if(IS_INTEL_AVX1 || IS_INTEL_AVX2)
+        #endif
+        ByteReverseWords(&sha256->buffer[SHA256_PAD_SIZE/sizeof(word32)],
+                         &sha256->buffer[SHA256_PAD_SIZE/sizeof(word32)],
+                         2 * sizeof(word32));
+    #endif
+
+    ret = XTRANSFORM(sha256, local);
+    if (ret != 0)
+        return ret;
+
+    #if defined(LITTLE_ENDIAN_ORDER)
+        ByteReverseWords(sha256->digest, sha256->digest, SHA256_DIGEST_SIZE);
+    #endif
+    XMEMCPY(hash, sha256->digest, SHA256_DIGEST_SIZE);
+
+    return wc_InitSha256(sha256);  /* reset state */
+}
+
+
+
+int wc_Sha256Hash(const byte* data, word32 len, byte* hash)
+{
+    int ret = 0;
+#ifdef WOLFSSL_SMALL_STACK
+    Sha256* sha256;
+#else
+    Sha256 sha256[1];
+#endif
+
+#ifdef WOLFSSL_SMALL_STACK
+    sha256 = (Sha256*)XMALLOC(sizeof(Sha256), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    if (sha256 == NULL)
+        return MEMORY_E;
+#endif
+
+    if ((ret = wc_InitSha256(sha256)) != 0) {
+        WOLFSSL_MSG("InitSha256 failed");
+    }
+    else if ((ret = wc_Sha256Update(sha256, data, len)) != 0) {
+        WOLFSSL_MSG("Sha256Update failed");
+    }
+    else if ((ret = wc_Sha256Final(sha256, hash)) != 0) {
+        WOLFSSL_MSG("Sha256Final failed");
+    }
+
+#ifdef WOLFSSL_SMALL_STACK
+    XFREE(sha256, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+
+    return ret;
+}
+
+#ifdef WOLFSSL_TI_HASH
+#include "wolfssl/wolfcrypt/port/ti/ti-hash.h"
+#endif
+int wc_Sha256GetHash(Sha256* sha256, byte* hash)
+{
+#if defined(WOLFSS_TI_HASH)
+    return wc_Sha256GetHash_TI(sha256, hash) ;
+#else
+    int ret ;
+    Sha256 save = *sha256 ;
+    ret = wc_Sha256Final(sha256, hash) ;
+    *sha256 = save ;
+    return ret ;
+#endif
+}
+
+#if defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)
+
+#define _DigestToReg(S_0, S_1, S_2, S_3, S_4, S_5, S_6, S_7 )\
+    { word32 d ;\
+    d = sha256->digest[0]; __asm__ volatile("movl %0, %"#S_0::"r"(d):SSE_REGs) ;\
+    d = sha256->digest[1]; __asm__ volatile("movl %0, %"#S_1::"r"(d):SSE_REGs) ;\
+    d = sha256->digest[2]; __asm__ volatile("movl %0, %"#S_2::"r"(d):SSE_REGs) ;\
+    d = sha256->digest[3]; __asm__ volatile("movl %0, %"#S_3::"r"(d):SSE_REGs) ;\
+    d = sha256->digest[4]; __asm__ volatile("movl %0, %"#S_4::"r"(d):SSE_REGs) ;\
+    d = sha256->digest[5]; __asm__ volatile("movl %0, %"#S_5::"r"(d):SSE_REGs) ;\
+    d = sha256->digest[6]; __asm__ volatile("movl %0, %"#S_6::"r"(d):SSE_REGs) ;\
+    d = sha256->digest[7]; __asm__ volatile("movl %0, %"#S_7::"r"(d):SSE_REGs) ;\
+}
+
+#define _RegToDigest(S_0, S_1, S_2, S_3, S_4, S_5, S_6, S_7 )\
+    { word32 d ; \
+    __asm__ volatile("movl %"#S_0", %0":"=r"(d)::SSE_REGs) ; sha256->digest[0] += d;\
+    __asm__ volatile("movl %"#S_1", %0":"=r"(d)::SSE_REGs) ; sha256->digest[1] += d;\
+    __asm__ volatile("movl %"#S_2", %0":"=r"(d)::SSE_REGs) ; sha256->digest[2] += d;\
+    __asm__ volatile("movl %"#S_3", %0":"=r"(d)::SSE_REGs) ; sha256->digest[3] += d;\
+    __asm__ volatile("movl %"#S_4", %0":"=r"(d)::SSE_REGs) ; sha256->digest[4] += d;\
+    __asm__ volatile("movl %"#S_5", %0":"=r"(d)::SSE_REGs) ; sha256->digest[5] += d;\
+    __asm__ volatile("movl %"#S_6", %0":"=r"(d)::SSE_REGs) ; sha256->digest[6] += d;\
+    __asm__ volatile("movl %"#S_7", %0":"=r"(d)::SSE_REGs) ; sha256->digest[7] += d;\
+}
+
+
+#define DigestToReg(S_0, S_1, S_2, S_3, S_4, S_5, S_6, S_7 )\
+    _DigestToReg(S_0, S_1, S_2, S_3, S_4, S_5, S_6, S_7 )
+
+#define RegToDigest(S_0, S_1, S_2, S_3, S_4, S_5, S_6, S_7 )\
+    _RegToDigest(S_0, S_1, S_2, S_3, S_4, S_5, S_6, S_7 )
+
+
+
+
+#define S_0 %r15d 
+#define S_1 %r10d
+#define S_2 %r11d       
+#define S_3 %r12d
+#define S_4 %r13d
+#define S_5 %r14d
+#define S_6 %ebx
+#define S_7 %r9d
+
+#define SSE_REGs "%edi", "%ecx", "%esi", "%edx", "%ebx","%r8","%r9","%r10","%r11","%r12","%r13","%r14","%r15"
+
+#if defined(HAVE_INTEL_RORX)
+#define RND_STEP_RORX_1(a,b,c,d,e,f,g,h,i)\
+__asm__ volatile("rorx  $6, %"#e", %%edx\n\t":::"%edx",SSE_REGs);  /* edx = e>>6 */\
+
+#define RND_STEP_RORX_2(a,b,c,d,e,f,g,h,i)\
+__asm__ volatile("rorx  $11, %"#e",%%edi\n\t":::"%edi",SSE_REGs); /* edi = e>>11  */\
+__asm__ volatile("xorl  %%edx, %%edi\n\t":::"%edx","%edi",SSE_REGs); /* edi = (e>>11) ^ (e>>6)  */\
+__asm__ volatile("rorx  $25, %"#e", %%edx\n\t":::"%edx",SSE_REGs);   /* edx = e>>25             */\
+
+#define RND_STEP_RORX_3(a,b,c,d,e,f,g,h,i)\
+__asm__ volatile("movl  %"#f", %%esi\n\t":::"%esi",SSE_REGs);  /* esi = f   */\
+__asm__ volatile("xorl  %"#g", %%esi\n\t":::"%esi",SSE_REGs);  /* esi = f ^ g  */\
+__asm__ volatile("xorl  %%edi, %%edx\n\t":::"%edi","%edx",SSE_REGs);  /* edx = Sigma1(e)  */\
+__asm__ volatile("andl  %"#e", %%esi\n\t":::"%esi",SSE_REGs);  /* esi = (f ^ g) & e       */\
+__asm__ volatile("xorl  %"#g", %%esi\n\t":::"%esi",SSE_REGs);  /* esi = Ch(e,f,g)         */\
+
+#define RND_STEP_RORX_4(a,b,c,d,e,f,g,h,i)\
+/*__asm__ volatile("movl    %0, %%edx\n\t"::"m"(w_k):"%edx");*/\
+__asm__ volatile("addl  %0, %"#h"\n\t"::"r"(W_K[i]):SSE_REGs);    /* h += w_k  */\
+__asm__ volatile("addl  %%edx, %"#h"\n\t":::"%edx",SSE_REGs);     /* h = h + w_k + Sigma1(e) */\
+__asm__ volatile("rorx  $2, %"#a", %%r8d\n\t":::"%r8",SSE_REGs);  /* r8d = a>>2   */\
+__asm__ volatile("rorx  $13, %"#a", %%edi\n\t":::"%edi",SSE_REGs);/* edi = a>>13  */\
+
+#define RND_STEP_RORX_5(a,b,c,d,e,f,g,h,i)\
+__asm__ volatile("rorx  $22, %"#a", %%edx\n\t":::"%edx",SSE_REGs); /* edx = a>>22 */\
+__asm__ volatile("xorl  %%r8d, %%edi\n\t":::"%edi","%r8",SSE_REGs);/* edi = (a>>2) ^ (a>>13)  */\
+__asm__ volatile("xorl  %%edi, %%edx\n\t":::"%edi","%edx",SSE_REGs);  /* edx = Sigma0(a)      */\
+ 
+#define RND_STEP_RORX_6(a,b,c,d,e,f,g,h,i)\
+__asm__ volatile("movl  %"#b", %%edi\n\t":::"%edi",SSE_REGs);  /* edi = b          */\
+__asm__ volatile("orl   %"#a", %%edi\n\t":::"%edi",SSE_REGs);  /* edi = a | b      */\
+__asm__ volatile("andl  %"#c", %%edi\n\t":::"%edi",SSE_REGs);  /* edi = (a | b) & c*/\
+__asm__ volatile("movl  %"#b", %%r8d\n\t":::"%r8",SSE_REGs);  /* r8d = b           */\
+
+#define RND_STEP_RORX_7(a,b,c,d,e,f,g,h,i)\
+__asm__ volatile("addl  %%esi, %"#h"\n\t":::"%esi",SSE_REGs);  /* h += Ch(e,f,g)   */\
+__asm__ volatile("andl  %"#a", %%r8d\n\t":::"%r8",SSE_REGs);  /* r8d = b & a       */\
+__asm__ volatile("orl   %%edi, %%r8d\n\t":::"%edi","%r8",SSE_REGs); /* r8d = Maj(a,b,c) */\
+
+#define RND_STEP_RORX_8(a,b,c,d,e,f,g,h,i)\
+__asm__ volatile("addl  "#h", "#d"\n\t");  /* d += h + w_k + Sigma1(e) + Ch(e,f,g) */\
+__asm__ volatile("addl  %"#h", %%r8d\n\t":::"%r8",SSE_REGs); \
+__asm__ volatile("addl  %%edx, %%r8d\n\t":::"%edx","%r8",SSE_REGs); \
+__asm__ volatile("movl  %r8d, "#h"\n\t");   
+
+#endif
+
+#define RND_STEP_1(a,b,c,d,e,f,g,h,i)\
+__asm__ volatile("movl  %"#e", %%edx\n\t":::"%edx",SSE_REGs);\
+__asm__ volatile("roll  $26, %%edx\n\t":::"%edx",SSE_REGs);  /* edx = e>>6     */\
+__asm__ volatile("movl  %"#e", %%edi\n\t":::"%edi",SSE_REGs);\
+
+#define RND_STEP_2(a,b,c,d,e,f,g,h,i)\
+__asm__ volatile("roll  $21, %%edi\n\t":::"%edi",SSE_REGs);         /* edi = e>>11 */\
+__asm__ volatile("xorl  %%edx, %%edi\n\t":::"%edx","%edi",SSE_REGs); /* edi = (e>>11) ^ (e>>6)  */\
+__asm__ volatile("movl  %"#e", %%edx\n\t":::"%edx",SSE_REGs);   /* edx = e      */\
+__asm__ volatile("roll  $7, %%edx\n\t":::"%edx",SSE_REGs);      /* edx = e>>25  */\
+
+#define RND_STEP_3(a,b,c,d,e,f,g,h,i)\
+__asm__ volatile("movl  %"#f", %%esi\n\t":::"%esi",SSE_REGs);  /* esi = f       */\
+__asm__ volatile("xorl  %"#g", %%esi\n\t":::"%esi",SSE_REGs);  /* esi = f ^ g   */\
+__asm__ volatile("xorl  %%edi, %%edx\n\t":::"%edi","%edx",SSE_REGs); /* edx = Sigma1(e) */\
+__asm__ volatile("andl  %"#e", %%esi\n\t":::"%esi",SSE_REGs);  /* esi = (f ^ g) & e  */\
+__asm__ volatile("xorl  %"#g", %%esi\n\t":::"%esi",SSE_REGs);  /* esi = Ch(e,f,g)    */\
+
+#define RND_STEP_4(a,b,c,d,e,f,g,h,i)\
+__asm__ volatile("addl  %0, %"#h"\n\t"::"r"(W_K[i]):SSE_REGs); /* h += w_k  */\
+__asm__ volatile("addl  %%edx, %"#h"\n\t":::"%edx",SSE_REGs); /* h = h + w_k + Sigma1(e) */\
+__asm__ volatile("movl  %"#a", %%r8d\n\t":::"%r8",SSE_REGs);  /* r8d = a    */\
+__asm__ volatile("roll  $30, %%r8d\n\t":::"%r8",SSE_REGs);    /* r8d = a>>2 */\
+__asm__ volatile("movl  %"#a", %%edi\n\t":::"%edi",SSE_REGs);  /* edi = a   */\
+__asm__ volatile("roll  $19, %%edi\n\t":::"%edi",SSE_REGs);    /* edi = a>>13 */\
+__asm__ volatile("movl  %"#a", %%edx\n\t":::"%edx",SSE_REGs);  /* edx = a     */\
+
+#define RND_STEP_5(a,b,c,d,e,f,g,h,i)\
+__asm__ volatile("roll  $10, %%edx\n\t":::"%edx",SSE_REGs);    /* edx = a>>22 */\
+__asm__ volatile("xorl  %%r8d, %%edi\n\t":::"%edi","%r8",SSE_REGs); /* edi = (a>>2) ^ (a>>13)  */\
+__asm__ volatile("xorl  %%edi, %%edx\n\t":::"%edi","%edx",SSE_REGs);/* edx = Sigma0(a)         */\
+
+#define RND_STEP_6(a,b,c,d,e,f,g,h,i)\
+__asm__ volatile("movl  %"#b", %%edi\n\t":::"%edi",SSE_REGs);  /* edi = b      */\
+__asm__ volatile("orl   %"#a", %%edi\n\t":::"%edi",SSE_REGs);  /* edi = a | b  */\
+__asm__ volatile("andl  %"#c", %%edi\n\t":::"%edi",SSE_REGs);  /* edi = (a | b) & c */\
+__asm__ volatile("movl  %"#b", %%r8d\n\t":::"%r8",SSE_REGs);  /* r8d = b       */\
+
+#define RND_STEP_7(a,b,c,d,e,f,g,h,i)\
+__asm__ volatile("addl  %%esi, %"#h"\n\t":::"%esi",SSE_REGs);  /* h += Ch(e,f,g)        */\
+__asm__ volatile("andl  %"#a", %%r8d\n\t":::"%r8",SSE_REGs);  /* r8d = b & a            */\
+__asm__ volatile("orl   %%edi, %%r8d\n\t":::"%edi","%r8",SSE_REGs); /* r8d = Maj(a,b,c) */\
+
+#define RND_STEP_8(a,b,c,d,e,f,g,h,i)\
+__asm__ volatile("addl  "#h", "#d"\n\t");  /* d += h + w_k + Sigma1(e) + Ch(e,f,g) */\
+__asm__ volatile("addl  %"#h", %%r8d\n\t":::"%r8",SSE_REGs); \
+                 /* r8b = h + w_k + Sigma1(e) + Ch(e,f,g) + Maj(a,b,c) */\
+__asm__ volatile("addl  %%edx, %%r8d\n\t":::"%edx","%r8",SSE_REGs);\
+                 /* r8b = h + w_k + Sigma1(e) Sigma0(a) + Ch(e,f,g) + Maj(a,b,c)     */\
+__asm__ volatile("movl  %%r8d, %"#h"\n\t":::"%r8", SSE_REGs); \
+                 /* h = h + w_k + Sigma1(e) + Sigma0(a) + Ch(e,f,g) + Maj(a,b,c) */ \
+
+#define RND_X(a,b,c,d,e,f,g,h,i) \
+       RND_STEP_1(a,b,c,d,e,f,g,h,i); \
+       RND_STEP_2(a,b,c,d,e,f,g,h,i); \
+       RND_STEP_3(a,b,c,d,e,f,g,h,i); \
+       RND_STEP_4(a,b,c,d,e,f,g,h,i); \
+       RND_STEP_5(a,b,c,d,e,f,g,h,i); \
+       RND_STEP_6(a,b,c,d,e,f,g,h,i); \
+       RND_STEP_7(a,b,c,d,e,f,g,h,i); \
+       RND_STEP_8(a,b,c,d,e,f,g,h,i); 
+
+#define RND_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_X(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i);
+#define RND_7(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_X(S_7,S_0,S_1,S_2,S_3,S_4,S_5,S_6,_i);
+#define RND_6(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_X(S_6,S_7,S_0,S_1,S_2,S_3,S_4,S_5,_i);
+#define RND_5(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_X(S_5,S_6,S_7,S_0,S_1,S_2,S_3,S_4,_i);
+#define RND_4(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_X(S_4,S_5,S_6,S_7,S_0,S_1,S_2,S_3,_i);
+#define RND_3(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_X(S_3,S_4,S_5,S_6,S_7,S_0,S_1,S_2,_i);
+#define RND_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_X(S_2,S_3,S_4,S_5,S_6,S_7,S_0,S_1,_i);
+#define RND_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_X(S_1,S_2,S_3,S_4,S_5,S_6,S_7,S_0,_i);
+
+
+#define RND_1_3(a,b,c,d,e,f,g,h,i) {\
+       RND_STEP_1(a,b,c,d,e,f,g,h,i); \
+       RND_STEP_2(a,b,c,d,e,f,g,h,i); \
+       RND_STEP_3(a,b,c,d,e,f,g,h,i); \
+}
+
+#define RND_4_6(a,b,c,d,e,f,g,h,i) {\
+       RND_STEP_4(a,b,c,d,e,f,g,h,i); \
+       RND_STEP_5(a,b,c,d,e,f,g,h,i); \
+       RND_STEP_6(a,b,c,d,e,f,g,h,i); \
+}
+
+#define RND_7_8(a,b,c,d,e,f,g,h,i) {\
+       RND_STEP_7(a,b,c,d,e,f,g,h,i); \
+       RND_STEP_8(a,b,c,d,e,f,g,h,i); \
+}
+
+#define RND_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_X(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i);
+#define RND_7(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_X(S_7,S_0,S_1,S_2,S_3,S_4,S_5,S_6,_i);
+#define RND_6(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_X(S_6,S_7,S_0,S_1,S_2,S_3,S_4,S_5,_i);
+#define RND_5(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_X(S_5,S_6,S_7,S_0,S_1,S_2,S_3,S_4,_i);
+#define RND_4(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_X(S_4,S_5,S_6,S_7,S_0,S_1,S_2,S_3,_i);
+#define RND_3(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_X(S_3,S_4,S_5,S_6,S_7,S_0,S_1,S_2,_i);
+#define RND_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_X(S_2,S_3,S_4,S_5,S_6,S_7,S_0,S_1,_i);
+#define RND_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_X(S_1,S_2,S_3,S_4,S_5,S_6,S_7,S_0,_i);
+
+
+#define RND_0_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_1_3(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i);
+#define RND_7_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_1_3(S_7,S_0,S_1,S_2,S_3,S_4,S_5,S_6,_i);
+#define RND_6_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_1_3(S_6,S_7,S_0,S_1,S_2,S_3,S_4,S_5,_i);
+#define RND_5_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_1_3(S_5,S_6,S_7,S_0,S_1,S_2,S_3,S_4,_i);
+#define RND_4_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_1_3(S_4,S_5,S_6,S_7,S_0,S_1,S_2,S_3,_i);
+#define RND_3_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_1_3(S_3,S_4,S_5,S_6,S_7,S_0,S_1,S_2,_i);
+#define RND_2_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_1_3(S_2,S_3,S_4,S_5,S_6,S_7,S_0,S_1,_i);
+#define RND_1_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_1_3(S_1,S_2,S_3,S_4,S_5,S_6,S_7,S_0,_i);
+
+#define RND_0_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_4_6(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i);
+#define RND_7_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_4_6(S_7,S_0,S_1,S_2,S_3,S_4,S_5,S_6,_i);
+#define RND_6_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_4_6(S_6,S_7,S_0,S_1,S_2,S_3,S_4,S_5,_i);
+#define RND_5_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_4_6(S_5,S_6,S_7,S_0,S_1,S_2,S_3,S_4,_i);
+#define RND_4_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_4_6(S_4,S_5,S_6,S_7,S_0,S_1,S_2,S_3,_i);
+#define RND_3_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_4_6(S_3,S_4,S_5,S_6,S_7,S_0,S_1,S_2,_i);
+#define RND_2_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_4_6(S_2,S_3,S_4,S_5,S_6,S_7,S_0,S_1,_i);
+#define RND_1_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_4_6(S_1,S_2,S_3,S_4,S_5,S_6,S_7,S_0,_i);
+
+#define RND_0_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_7_8(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i);
+#define RND_7_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_7_8(S_7,S_0,S_1,S_2,S_3,S_4,S_5,S_6,_i);
+#define RND_6_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_7_8(S_6,S_7,S_0,S_1,S_2,S_3,S_4,S_5,_i);
+#define RND_5_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_7_8(S_5,S_6,S_7,S_0,S_1,S_2,S_3,S_4,_i);
+#define RND_4_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_7_8(S_4,S_5,S_6,S_7,S_0,S_1,S_2,S_3,_i);
+#define RND_3_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_7_8(S_3,S_4,S_5,S_6,S_7,S_0,S_1,S_2,_i);
+#define RND_2_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_7_8(S_2,S_3,S_4,S_5,S_6,S_7,S_0,S_1,_i);
+#define RND_1_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,_i) RND_7_8(S_1,S_2,S_3,S_4,S_5,S_6,S_7,S_0,_i);
+
+#define FOR(cnt, init, max, inc, loop)  \
+    __asm__ volatile("movl $"#init", %0\n\t"#loop":"::"m"(cnt):) 
+#define END(cnt, init, max, inc, loop)  \
+    __asm__ volatile("addl $"#inc", %0\n\tcmpl $"#max", %0\n\tjle "#loop"\n\t":"=m"(cnt)::) ;
+
+#endif  /* defined(HAVE_INTEL_AVX1) ||  defined(HAVE_INTEL_AVX2) */
+
+#if defined(HAVE_INTEL_AVX1) /* inline Assember for Intel AVX1 instructions */
+
+#define VPALIGNR(op1,op2,op3,op4) __asm__ volatile("vpalignr $"#op4", %"#op3", %"#op2", %"#op1:::XMM_REGs) 
+#define VPADDD(op1,op2,op3)       __asm__ volatile("vpaddd %"#op3", %"#op2", %"#op1:::XMM_REGs)
+#define VPSRLD(op1,op2,op3)       __asm__ volatile("vpsrld $"#op3", %"#op2", %"#op1:::XMM_REGs)
+#define VPSRLQ(op1,op2,op3)       __asm__ volatile("vpsrlq $"#op3", %"#op2", %"#op1:::XMM_REGs)
+#define VPSLLD(op1,op2,op3)       __asm__ volatile("vpslld $"#op3", %"#op2", %"#op1:::XMM_REGs)
+#define VPOR(op1,op2,op3)         __asm__ volatile("vpor   %"#op3", %"#op2", %"#op1:::XMM_REGs)
+#define VPXOR(op1,op2,op3)        __asm__ volatile("vpxor  %"#op3", %"#op2", %"#op1:::XMM_REGs)
+#define VPSHUFD(op1,op2,op3)      __asm__ volatile("vpshufd $"#op3", %"#op2", %"#op1:::XMM_REGs)
+#define VPSHUFB(op1,op2,op3)      __asm__ volatile("vpshufb %"#op3", %"#op2", %"#op1:::XMM_REGs)
+
+#define MessageSched(X0, X1, X2, X3, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5, XFER, SHUF_00BA, SHUF_DC00,\
+     a,b,c,d,e,f,g,h,_i)\
+            RND_STEP_1(a,b,c,d,e,f,g,h,_i);\
+    VPALIGNR (XTMP0, X3, X2, 4) ;\
+            RND_STEP_2(a,b,c,d,e,f,g,h,_i);\
+    VPADDD   (XTMP0, XTMP0, X0) ;\
+            RND_STEP_3(a,b,c,d,e,f,g,h,_i);\
+    VPALIGNR (XTMP1, X1, X0, 4) ;   /* XTMP1 = W[-15] */\
+            RND_STEP_4(a,b,c,d,e,f,g,h,_i);\
+    VPSRLD   (XTMP2, XTMP1, 7) ;\
+            RND_STEP_5(a,b,c,d,e,f,g,h,_i);\
+    VPSLLD   (XTMP3, XTMP1, 25) ; /* VPSLLD   (XTMP3, XTMP1, (32-7)) */\
+            RND_STEP_6(a,b,c,d,e,f,g,h,_i);\
+    VPOR     (XTMP3, XTMP3, XTMP2)  ;  /* XTMP1 = W[-15] MY_ROR 7 */\
+            RND_STEP_7(a,b,c,d,e,f,g,h,_i);\
+    VPSRLD   (XTMP2, XTMP1,18) ;\
+            RND_STEP_8(a,b,c,d,e,f,g,h,_i);\
+\
+            RND_STEP_1(h,a,b,c,d,e,f,g,_i+1);\
+    VPSRLD   (XTMP4, XTMP1, 3)      ;  /* XTMP4 = W[-15] >> 3 */\
+            RND_STEP_2(h,a,b,c,d,e,f,g,_i+1);\
+    VPSLLD   (XTMP1, XTMP1, 14) ; /* VPSLLD   (XTMP1, XTMP1, (32-18)) */\
+            RND_STEP_3(h,a,b,c,d,e,f,g,_i+1);\
+    VPXOR    (XTMP3, XTMP3, XTMP1)  ;\
+            RND_STEP_4(h,a,b,c,d,e,f,g,_i+1);\
+    VPXOR    (XTMP3, XTMP3, XTMP2)  ;  /* XTMP1 = W[-15] MY_ROR 7 ^ W[-15] MY_ROR 18 */\
+            RND_STEP_5(h,a,b,c,d,e,f,g,_i+1);\
+    VPXOR    (XTMP1, XTMP3, XTMP4)  ;  /* XTMP1 = s0 */\
+            RND_STEP_6(h,a,b,c,d,e,f,g,_i+1);\
+    VPSHUFD(XTMP2, X3, 0b11111010)  ;  /* XTMP2 = W[-2] {BBAA}*/\
+            RND_STEP_7(h,a,b,c,d,e,f,g,_i+1);\
+    VPADDD   (XTMP0, XTMP0, XTMP1)  ;  /* XTMP0 = W[-16] + W[-7] + s0 */\
+            RND_STEP_8(h,a,b,c,d,e,f,g,_i+1);\
+\
+            RND_STEP_1(g,h,a,b,c,d,e,f,_i+2);\
+    VPSRLD   (XTMP4, XTMP2, 10) ;      /* XTMP4 = W[-2] >> 10 {BBAA} */\
+            RND_STEP_2(g,h,a,b,c,d,e,f,_i+2);\
+    VPSRLQ   (XTMP3, XTMP2, 19) ;      /* XTMP3 = W[-2] MY_ROR 19 {xBxA} */\
+            RND_STEP_3(g,h,a,b,c,d,e,f,_i+2);\
+    VPSRLQ   (XTMP2, XTMP2, 17) ;      /* XTMP2 = W[-2] MY_ROR 17 {xBxA} */\
+            RND_STEP_4(g,h,a,b,c,d,e,f,_i+2);\
+    VPXOR    (XTMP2, XTMP2, XTMP3) ;\
+            RND_STEP_5(g,h,a,b,c,d,e,f,_i+2);\
+    VPXOR    (XTMP4, XTMP4, XTMP2) ;   /* XTMP4 = s1 {xBxA} */\
+            RND_STEP_6(g,h,a,b,c,d,e,f,_i+2);\
+    VPSHUFB  (XTMP4, XTMP4, SHUF_00BA)  ;  /* XTMP4 = s1 {00BA} */\
+            RND_STEP_7(g,h,a,b,c,d,e,f,_i+2);\
+    VPADDD   (XTMP0, XTMP0, XTMP4)  ;  /* XTMP0 = {..., ..., W[1], W[0]} */\
+            RND_STEP_8(g,h,a,b,c,d,e,f,_i+2);\
+\
+            RND_STEP_1(f,g,h,a,b,c,d,e,_i+3);\
+    VPSHUFD  (XTMP2, XTMP0, 0b01010000) ; /* XTMP2 = W[-2] {DDCC} */\
+            RND_STEP_2(f,g,h,a,b,c,d,e,_i+3);\
+    VPSRLD   (XTMP5, XTMP2, 10);       /* XTMP5 = W[-2] >> 10 {DDCC} */\
+            RND_STEP_3(f,g,h,a,b,c,d,e,_i+3);\
+    VPSRLQ   (XTMP3, XTMP2, 19);       /* XTMP3 = W[-2] MY_ROR 19 {xDxC} */\
+            RND_STEP_4(f,g,h,a,b,c,d,e,_i+3);\
+    VPSRLQ   (XTMP2, XTMP2, 17) ;      /* XTMP2 = W[-2] MY_ROR 17 {xDxC} */\
+            RND_STEP_5(f,g,h,a,b,c,d,e,_i+3);\
+    VPXOR    (XTMP2, XTMP2, XTMP3) ;\
+            RND_STEP_6(f,g,h,a,b,c,d,e,_i+3);\
+    VPXOR    (XTMP5, XTMP5, XTMP2) ;   /* XTMP5 = s1 {xDxC} */\
+            RND_STEP_7(f,g,h,a,b,c,d,e,_i+3);\
+    VPSHUFB  (XTMP5, XTMP5, SHUF_DC00) ; /* XTMP5 = s1 {DC00} */\
+            RND_STEP_8(f,g,h,a,b,c,d,e,_i+3);\
+    VPADDD   (X0, XTMP5, XTMP0) ;      /* X0 = {W[3], W[2], W[1], W[0]} */\
+
+#if defined(HAVE_INTEL_RORX)
+
+#define MessageSched_RORX(X0, X1, X2, X3, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5, \
+                          XFER, SHUF_00BA, SHUF_DC00,a,b,c,d,e,f,g,h,_i)\
+            RND_STEP_RORX_1(a,b,c,d,e,f,g,h,_i);\
+    VPALIGNR (XTMP0, X3, X2, 4) ;\
+            RND_STEP_RORX_2(a,b,c,d,e,f,g,h,_i);\
+    VPADDD   (XTMP0, XTMP0, X0) ;\
+            RND_STEP_RORX_3(a,b,c,d,e,f,g,h,_i);\
+    VPALIGNR (XTMP1, X1, X0, 4) ;   /* XTMP1 = W[-15] */\
+            RND_STEP_RORX_4(a,b,c,d,e,f,g,h,_i);\
+    VPSRLD   (XTMP2, XTMP1, 7) ;\
+            RND_STEP_RORX_5(a,b,c,d,e,f,g,h,_i);\
+    VPSLLD   (XTMP3, XTMP1, 25) ; /* VPSLLD   (XTMP3, XTMP1, (32-7)) */\
+            RND_STEP_RORX_6(a,b,c,d,e,f,g,h,_i);\
+    VPOR     (XTMP3, XTMP3, XTMP2)  ;  /* XTMP1 = W[-15] MY_ROR 7 */\
+            RND_STEP_RORX_7(a,b,c,d,e,f,g,h,_i);\
+    VPSRLD   (XTMP2, XTMP1,18) ;\
+            RND_STEP_RORX_8(a,b,c,d,e,f,g,h,_i);\
+\
+            RND_STEP_RORX_1(h,a,b,c,d,e,f,g,_i+1);\
+    VPSRLD   (XTMP4, XTMP1, 3)      ;  /* XTMP4 = W[-15] >> 3 */\
+            RND_STEP_RORX_2(h,a,b,c,d,e,f,g,_i+1);\
+    VPSLLD   (XTMP1, XTMP1, 14) ; /* VPSLLD   (XTMP1, XTMP1, (32-18)) */\
+            RND_STEP_RORX_3(h,a,b,c,d,e,f,g,_i+1);\
+    VPXOR    (XTMP3, XTMP3, XTMP1)  ;\
+            RND_STEP_RORX_4(h,a,b,c,d,e,f,g,_i+1);\
+    VPXOR    (XTMP3, XTMP3, XTMP2)  ;  /* XTMP1 = W[-15] MY_ROR 7 ^ W[-15] MY_ROR 18 */\
+            RND_STEP_RORX_5(h,a,b,c,d,e,f,g,_i+1);\
+    VPXOR    (XTMP1, XTMP3, XTMP4)  ;  /* XTMP1 = s0 */\
+            RND_STEP_RORX_6(h,a,b,c,d,e,f,g,_i+1);\
+    VPSHUFD(XTMP2, X3, 0b11111010)  ;  /* XTMP2 = W[-2] {BBAA}*/\
+            RND_STEP_RORX_7(h,a,b,c,d,e,f,g,_i+1);\
+    VPADDD   (XTMP0, XTMP0, XTMP1)  ;  /* XTMP0 = W[-16] + W[-7] + s0 */\
+            RND_STEP_RORX_8(h,a,b,c,d,e,f,g,_i+1);\
+\
+            RND_STEP_RORX_1(g,h,a,b,c,d,e,f,_i+2);\
+    VPSRLD   (XTMP4, XTMP2, 10) ;      /* XTMP4 = W[-2] >> 10 {BBAA} */\
+            RND_STEP_RORX_2(g,h,a,b,c,d,e,f,_i+2);\
+    VPSRLQ   (XTMP3, XTMP2, 19) ;      /* XTMP3 = W[-2] MY_ROR 19 {xBxA} */\
+            RND_STEP_RORX_3(g,h,a,b,c,d,e,f,_i+2);\
+    VPSRLQ   (XTMP2, XTMP2, 17) ;      /* XTMP2 = W[-2] MY_ROR 17 {xBxA} */\
+            RND_STEP_RORX_4(g,h,a,b,c,d,e,f,_i+2);\
+    VPXOR    (XTMP2, XTMP2, XTMP3) ;\
+            RND_STEP_RORX_5(g,h,a,b,c,d,e,f,_i+2);\
+    VPXOR    (XTMP4, XTMP4, XTMP2) ;   /* XTMP4 = s1 {xBxA} */\
+            RND_STEP_RORX_6(g,h,a,b,c,d,e,f,_i+2);\
+    VPSHUFB  (XTMP4, XTMP4, SHUF_00BA)  ;  /* XTMP4 = s1 {00BA} */\
+            RND_STEP_RORX_7(g,h,a,b,c,d,e,f,_i+2);\
+    VPADDD   (XTMP0, XTMP0, XTMP4)  ;  /* XTMP0 = {..., ..., W[1], W[0]} */\
+            RND_STEP_RORX_8(g,h,a,b,c,d,e,f,_i+2);\
+\
+            RND_STEP_RORX_1(f,g,h,a,b,c,d,e,_i+3);\
+    VPSHUFD  (XTMP2, XTMP0, 0b01010000) ; /* XTMP2 = W[-2] {DDCC} */\
+            RND_STEP_RORX_2(f,g,h,a,b,c,d,e,_i+3);\
+    VPSRLD   (XTMP5, XTMP2, 10);       /* XTMP5 = W[-2] >> 10 {DDCC} */\
+            RND_STEP_RORX_3(f,g,h,a,b,c,d,e,_i+3);\
+    VPSRLQ   (XTMP3, XTMP2, 19);       /* XTMP3 = W[-2] MY_ROR 19 {xDxC} */\
+            RND_STEP_RORX_4(f,g,h,a,b,c,d,e,_i+3);\
+    VPSRLQ   (XTMP2, XTMP2, 17) ;      /* XTMP2 = W[-2] MY_ROR 17 {xDxC} */\
+            RND_STEP_RORX_5(f,g,h,a,b,c,d,e,_i+3);\
+    VPXOR    (XTMP2, XTMP2, XTMP3) ;\
+            RND_STEP_RORX_6(f,g,h,a,b,c,d,e,_i+3);\
+    VPXOR    (XTMP5, XTMP5, XTMP2) ;   /* XTMP5 = s1 {xDxC} */\
+            RND_STEP_RORX_7(f,g,h,a,b,c,d,e,_i+3);\
+    VPSHUFB  (XTMP5, XTMP5, SHUF_DC00) ; /* XTMP5 = s1 {DC00} */\
+            RND_STEP_RORX_8(f,g,h,a,b,c,d,e,_i+3);\
+    VPADDD   (X0, XTMP5, XTMP0) ;      /* X0 = {W[3], W[2], W[1], W[0]} */\
+
+#endif
+
+
+#define W_K_from_buff\
+         __asm__ volatile("vmovdqu %0, %%xmm4\n\t"\
+                          "vpshufb %%xmm13, %%xmm4, %%xmm4\n\t"\
+                          :: "m"(sha256->buffer[0]):"%xmm4") ;\
+         __asm__ volatile("vmovdqu %0, %%xmm5\n\t"\
+                          "vpshufb %%xmm13, %%xmm5, %%xmm5\n\t"\
+                          ::"m"(sha256->buffer[4]):"%xmm5") ;\
+         __asm__ volatile("vmovdqu %0, %%xmm6\n\t"\
+                          "vpshufb %%xmm13, %%xmm6, %%xmm6\n\t"\
+                          ::"m"(sha256->buffer[8]):"%xmm6") ;\
+         __asm__ volatile("vmovdqu %0, %%xmm7\n\t"\
+                          "vpshufb %%xmm13, %%xmm7, %%xmm7\n\t"\
+                          ::"m"(sha256->buffer[12]):"%xmm7") ;\
+
+#define _SET_W_K_XFER(reg, i)\
+    __asm__ volatile("vpaddd %0, %"#reg", %%xmm9"::"m"(K[i]):XMM_REGs) ;\
+    __asm__ volatile("vmovdqa %%xmm9, %0":"=m"(W_K[i])::XMM_REGs) ;
+
+#define SET_W_K_XFER(reg, i) _SET_W_K_XFER(reg, i)
+
+static const ALIGN32 word64 mSHUF_00BA[] = { 0x0b0a090803020100, 0xFFFFFFFFFFFFFFFF } ; /* shuffle xBxA -> 00BA */
+static const ALIGN32 word64 mSHUF_DC00[] = { 0xFFFFFFFFFFFFFFFF, 0x0b0a090803020100 } ; /* shuffle xDxC -> DC00 */
+static const ALIGN32 word64 mBYTE_FLIP_MASK[] =  { 0x0405060700010203, 0x0c0d0e0f08090a0b } ;
+
+
+#define _Init_Masks(mask1, mask2, mask3)\
+__asm__ volatile("vmovdqu %0, %"#mask1 ::"m"(mBYTE_FLIP_MASK[0])) ;\
+__asm__ volatile("vmovdqu %0, %"#mask2 ::"m"(mSHUF_00BA[0])) ;\
+__asm__ volatile("vmovdqu %0, %"#mask3 ::"m"(mSHUF_DC00[0])) ;
+
+#define Init_Masks(BYTE_FLIP_MASK, SHUF_00BA, SHUF_DC00)\
+    _Init_Masks(BYTE_FLIP_MASK, SHUF_00BA, SHUF_DC00)
+
+#define X0 %xmm4
+#define X1 %xmm5
+#define X2 %xmm6
+#define X3 %xmm7
+#define X_ X0
+
+#define XTMP0 %xmm0
+#define XTMP1 %xmm1
+#define XTMP2 %xmm2
+#define XTMP3 %xmm3
+#define XTMP4 %xmm8
+#define XTMP5 %xmm9
+#define XFER  %xmm10
+
+#define SHUF_00BA   %xmm11 /* shuffle xBxA -> 00BA */
+#define SHUF_DC00   %xmm12 /* shuffle xDxC -> DC00 */
+#define BYTE_FLIP_MASK  %xmm13
+
+#define XMM_REGs   /* Registers are saved in Sha256Update/Finel */
+                   /*"xmm4","xmm5","xmm6","xmm7","xmm8","xmm9","xmm10","xmm11","xmm12","xmm13" */
+
+static int Transform_AVX1(Sha256* sha256)
+{
+
+    word32 W_K[64] ;  /* temp for W+K */
+
+    #if defined(DEBUG_XMM)
+    int i, j ;
+    word32 xmm[29][4*15] ;
+    #endif
+
+    Init_Masks(BYTE_FLIP_MASK, SHUF_00BA, SHUF_DC00) ;
+    W_K_from_buff ; /* X0, X1, X2, X3 = W[0..15] ; */
+
+    DigestToReg(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7) ;
+  
+    SET_W_K_XFER(X0, 0) ;
+    MessageSched(X0, X1, X2, X3, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5, XFER, 
+            SHUF_00BA, SHUF_DC00, S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,0) ;
+    SET_W_K_XFER(X1, 4) ;
+    MessageSched(X1, X2, X3, X0, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5, XFER,
+            SHUF_00BA, SHUF_DC00, S_4,S_5,S_6,S_7,S_0,S_1,S_2,S_3,4) ;
+    SET_W_K_XFER(X2, 8) ;
+    MessageSched(X2, X3, X0, X1, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5, XFER, 
+            SHUF_00BA, SHUF_DC00, S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,8) ;
+    SET_W_K_XFER(X3, 12) ;
+    MessageSched(X3, X0, X1, X2, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5, XFER, 
+            SHUF_00BA, SHUF_DC00, S_4,S_5,S_6,S_7,S_0,S_1,S_2,S_3,12) ;
+    SET_W_K_XFER(X0, 16) ;
+    MessageSched(X0, X1, X2, X3, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5, XFER, 
+            SHUF_00BA, SHUF_DC00, S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,16) ;
+    SET_W_K_XFER(X1, 20) ;
+    MessageSched(X1, X2, X3, X0, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5, XFER, 
+            SHUF_00BA, SHUF_DC00, S_4,S_5,S_6,S_7,S_0,S_1,S_2,S_3,20) ;
+    SET_W_K_XFER(X2, 24) ;
+    MessageSched(X2, X3, X0, X1, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5, XFER, 
+            SHUF_00BA, SHUF_DC00, S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,24) ;
+    SET_W_K_XFER(X3, 28) ;
+    MessageSched(X3, X0, X1, X2, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5, XFER, 
+            SHUF_00BA, SHUF_DC00, S_4,S_5,S_6,S_7,S_0,S_1,S_2,S_3,28) ;
+    SET_W_K_XFER(X0, 32) ;
+    MessageSched(X0, X1, X2, X3, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5, XFER, 
+            SHUF_00BA, SHUF_DC00, S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,32) ;
+    SET_W_K_XFER(X1, 36) ;
+    MessageSched(X1, X2, X3, X0, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5, XFER, 
+            SHUF_00BA, SHUF_DC00, S_4,S_5,S_6,S_7,S_0,S_1,S_2,S_3,36) ;
+    SET_W_K_XFER(X2, 40) ;
+    MessageSched(X2, X3, X0, X1, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5, XFER, 
+            SHUF_00BA, SHUF_DC00, S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,40) ;
+    SET_W_K_XFER(X3, 44) ;
+    MessageSched(X3, X0, X1, X2, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5, XFER, 
+            SHUF_00BA, SHUF_DC00, S_4,S_5,S_6,S_7,S_0,S_1,S_2,S_3,44) ;
+
+    SET_W_K_XFER(X0, 48) ;
+    SET_W_K_XFER(X1, 52) ;
+    SET_W_K_XFER(X2, 56) ;
+    SET_W_K_XFER(X3, 60) ;
+    
+    RND_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,48) ;
+    RND_7(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,49) ;
+    RND_6(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,50) ;
+    RND_5(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,51) ;
+
+    RND_4(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,52) ;
+    RND_3(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,53) ;
+    RND_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,54) ;
+    RND_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,55) ;
+
+    RND_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,56) ;     
+    RND_7(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,57) ;
+    RND_6(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,58) ;
+    RND_5(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,59) ;
+
+    RND_4(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,60) ;
+    RND_3(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,61) ;
+    RND_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,62) ;
+    RND_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,63) ;
+        
+    RegToDigest(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7) ;  
+        
+    #if defined(DEBUG_XMM)
+    for(i=0; i<29; i++) {
+        for(j=0; j<4*14; j+=4)
+            printf("xmm%d[%d]=%08x,%08x,%08x,%08x\n", j/4, i, 
+                   xmm[i][j],xmm[i][j+1],xmm[i][j+2],xmm[i][j+3]) ;
+        printf("\n") ;
+    }
+        
+    for(i=0; i<64; i++)printf("W_K[%d]%08x\n", i, W_K[i]) ;
+    #endif
+
+    return 0;
+}
+
+#if defined(HAVE_INTEL_RORX)
+static int Transform_AVX1_RORX(Sha256* sha256)
+{
+
+    word32 W_K[64] ;  /* temp for W+K */
+
+    #if defined(DEBUG_XMM)
+    int i, j ;
+    word32 xmm[29][4*15] ;
+    #endif
+
+    Init_Masks(BYTE_FLIP_MASK, SHUF_00BA, SHUF_DC00) ;
+    W_K_from_buff ; /* X0, X1, X2, X3 = W[0..15] ; */
+
+    DigestToReg(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7) ;
+    SET_W_K_XFER(X0, 0) ;
+    MessageSched_RORX(X0, X1, X2, X3, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5, 
+            XFER, SHUF_00BA, SHUF_DC00, S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,0) ;
+    SET_W_K_XFER(X1, 4) ;
+    MessageSched_RORX(X1, X2, X3, X0, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5, 
+            XFER, SHUF_00BA, SHUF_DC00, S_4,S_5,S_6,S_7,S_0,S_1,S_2,S_3,4) ;
+    SET_W_K_XFER(X2, 8) ;
+    MessageSched_RORX(X2, X3, X0, X1, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5, 
+            XFER, SHUF_00BA, SHUF_DC00, S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,8) ;
+    SET_W_K_XFER(X3, 12) ;
+    MessageSched_RORX(X3, X0, X1, X2, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5, 
+            XFER, SHUF_00BA, SHUF_DC00, S_4,S_5,S_6,S_7,S_0,S_1,S_2,S_3,12) ;
+    SET_W_K_XFER(X0, 16) ;
+    MessageSched_RORX(X0, X1, X2, X3, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5, 
+            XFER, SHUF_00BA, SHUF_DC00, S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,16) ;
+    SET_W_K_XFER(X1, 20) ;
+    MessageSched_RORX(X1, X2, X3, X0, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5, 
+            XFER, SHUF_00BA, SHUF_DC00, S_4,S_5,S_6,S_7,S_0,S_1,S_2,S_3,20) ;
+    SET_W_K_XFER(X2, 24) ;
+    MessageSched_RORX(X2, X3, X0, X1, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5, 
+            XFER, SHUF_00BA, SHUF_DC00, S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,24) ;
+    SET_W_K_XFER(X3, 28) ;
+    MessageSched_RORX(X3, X0, X1, X2, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5, 
+            XFER, SHUF_00BA, SHUF_DC00, S_4,S_5,S_6,S_7,S_0,S_1,S_2,S_3,28) ;
+    SET_W_K_XFER(X0, 32) ;
+    MessageSched_RORX(X0, X1, X2, X3, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5, 
+            XFER, SHUF_00BA, SHUF_DC00, S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,32) ;
+    SET_W_K_XFER(X1, 36) ;
+    MessageSched_RORX(X1, X2, X3, X0, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5, 
+            XFER, SHUF_00BA, SHUF_DC00, S_4,S_5,S_6,S_7,S_0,S_1,S_2,S_3,36) ;
+    SET_W_K_XFER(X2, 40) ;
+    MessageSched_RORX(X2, X3, X0, X1, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5,
+            XFER, SHUF_00BA, SHUF_DC00, S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,40) ;
+    SET_W_K_XFER(X3, 44) ;
+    MessageSched_RORX(X3, X0, X1, X2, XTMP0, XTMP1, XTMP2, XTMP3, XTMP4, XTMP5,
+            XFER, SHUF_00BA, SHUF_DC00, S_4,S_5,S_6,S_7,S_0,S_1,S_2,S_3,44) ;
+
+    SET_W_K_XFER(X0, 48) ;
+    SET_W_K_XFER(X1, 52) ;
+    SET_W_K_XFER(X2, 56) ;
+    SET_W_K_XFER(X3, 60) ;
+    
+    RND_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,48) ;
+    RND_7(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,49) ;
+    RND_6(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,50) ;
+    RND_5(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,51) ;
+
+    RND_4(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,52) ;
+    RND_3(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,53) ;
+    RND_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,54) ;
+    RND_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,55) ;
+
+    RND_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,56) ;     
+    RND_7(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,57) ;
+    RND_6(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,58) ;
+    RND_5(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,59) ;
+
+    RND_4(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,60) ;
+    RND_3(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,61) ;
+    RND_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,62) ;
+    RND_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,63) ;
+        
+    RegToDigest(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7) ;  
+        
+    #if defined(DEBUG_XMM)
+    for(i=0; i<29; i++) {
+        for(j=0; j<4*14; j+=4)
+            printf("xmm%d[%d]=%08x,%08x,%08x,%08x\n", j/4, i, 
+                    xmm[i][j],xmm[i][j+1],xmm[i][j+2],xmm[i][j+3]) ;
+        printf("\n") ;
+    }
+        
+    for(i=0; i<64; i++)printf("W_K[%d]%08x\n", i, W_K[i]) ;
+    #endif
+
+    return 0;
+}
+#endif  /* HAVE_INTEL_RORX */
+
+#endif  /* HAVE_INTEL_AVX1 */
+
+
+#if defined(HAVE_INTEL_AVX2)
+
+#define _MOVE_to_REG(ymm, mem)       __asm__ volatile("vmovdqu %0, %%"#ymm" ":: "m"(mem):YMM_REGs) ;
+#define _MOVE_to_MEM(mem, ymm)       __asm__ volatile("vmovdqu %%"#ymm", %0" : "=m"(mem)::YMM_REGs) ;
+#define _BYTE_SWAP(ymm, map)              __asm__ volatile("vpshufb %0, %%"#ymm", %%"#ymm"\n\t"\
+                                                       :: "m"(map):YMM_REGs) ;
+#define _MOVE_128(ymm0, ymm1, ymm2, map)   __asm__ volatile("vperm2i128  $"#map", %%"\
+                                  #ymm2", %%"#ymm1", %%"#ymm0" ":::YMM_REGs) ;
+#define _MOVE_BYTE(ymm0, ymm1, map)  __asm__ volatile("vpshufb %0, %%"#ymm1", %%"\
+                                  #ymm0"\n\t":: "m"(map):YMM_REGs) ;
+#define _S_TEMP(dest, src, bits, temp)    __asm__ volatile("vpsrld  $"#bits", %%"\
+         #src", %%"#dest"\n\tvpslld  $32-"#bits", %%"#src", %%"#temp"\n\tvpor %%"\
+         #temp",%%"#dest", %%"#dest" ":::YMM_REGs) ;
+#define _AVX2_R(dest, src, bits)          __asm__ volatile("vpsrld  $"#bits", %%"\
+                                  #src", %%"#dest" ":::YMM_REGs) ;
+#define _XOR(dest, src1, src2)       __asm__ volatile("vpxor   %%"#src1", %%"\
+         #src2", %%"#dest" ":::YMM_REGs) ;
+#define _OR(dest, src1, src2)       __asm__ volatile("vpor    %%"#src1", %%"\
+         #src2", %%"#dest" ":::YMM_REGs) ;
+#define _ADD(dest, src1, src2)       __asm__ volatile("vpaddd   %%"#src1", %%"\
+         #src2", %%"#dest" ":::YMM_REGs) ;
+#define _ADD_MEM(dest, src1, mem)    __asm__ volatile("vpaddd   %0, %%"#src1", %%"\
+         #dest" "::"m"(mem):YMM_REGs) ;
+#define _BLEND(map, dest, src1, src2)    __asm__ volatile("vpblendd    $"#map", %%"\
+         #src1",   %%"#src2", %%"#dest" ":::YMM_REGs) ;
+
+#define    _EXTRACT_XMM_0(xmm, mem)  __asm__ volatile("vpextrd $0, %%"#xmm", %0 ":"=r"(mem)::YMM_REGs) ;
+#define    _EXTRACT_XMM_1(xmm, mem)  __asm__ volatile("vpextrd $1, %%"#xmm", %0 ":"=r"(mem)::YMM_REGs) ;
+#define    _EXTRACT_XMM_2(xmm, mem)  __asm__ volatile("vpextrd $2, %%"#xmm", %0 ":"=r"(mem)::YMM_REGs) ;
+#define    _EXTRACT_XMM_3(xmm, mem)  __asm__ volatile("vpextrd $3, %%"#xmm", %0 ":"=r"(mem)::YMM_REGs) ;
+#define    _EXTRACT_XMM_4(ymm, xmm, mem)\
+      __asm__ volatile("vperm2i128 $0x1, %%"#ymm", %%"#ymm", %%"#ymm" ":::YMM_REGs) ;\
+      __asm__ volatile("vpextrd $0, %%"#xmm", %0 ":"=r"(mem)::YMM_REGs) ;
+#define    _EXTRACT_XMM_5(xmm, mem)  __asm__ volatile("vpextrd $1, %%"#xmm", %0 ":"=r"(mem)::YMM_REGs) ;
+#define    _EXTRACT_XMM_6(xmm, mem)  __asm__ volatile("vpextrd $2, %%"#xmm", %0 ":"=r"(mem)::YMM_REGs) ;
+#define    _EXTRACT_XMM_7(xmm, mem)  __asm__ volatile("vpextrd $3, %%"#xmm", %0 ":"=r"(mem)::YMM_REGs) ;
+
+#define    _SWAP_YMM_HL(ymm)   __asm__ volatile("vperm2i128 $0x1, %%"#ymm", %%"#ymm", %%"#ymm" ":::YMM_REGs) ;
+#define     SWAP_YMM_HL(ymm)   _SWAP_YMM_HL(ymm) 
+
+#define MOVE_to_REG(ymm, mem)      _MOVE_to_REG(ymm, mem)
+#define MOVE_to_MEM(mem, ymm)      _MOVE_to_MEM(mem, ymm)
+#define BYTE_SWAP(ymm, map)        _BYTE_SWAP(ymm, map)
+#define MOVE_128(ymm0, ymm1, ymm2, map) _MOVE_128(ymm0, ymm1, ymm2, map) 
+#define MOVE_BYTE(ymm0, ymm1, map) _MOVE_BYTE(ymm0, ymm1, map)
+#define XOR(dest, src1, src2)      _XOR(dest, src1, src2)
+#define OR(dest, src1, src2)       _OR(dest, src1, src2)
+#define ADD(dest, src1, src2)      _ADD(dest, src1, src2)
+#define ADD_MEM(dest, src1, mem)  _ADD_MEM(dest, src1, mem)
+#define BLEND(map, dest, src1, src2) _BLEND(map, dest, src1, src2)
+
+#define S_TMP(dest, src, bits, temp) _S_TEMP(dest, src, bits, temp); 
+#define AVX2_S(dest, src, bits)      S_TMP(dest, src, bits, S_TEMP)
+#define AVX2_R(dest, src, bits)      _AVX2_R(dest, src, bits)
+
+#define GAMMA0(dest, src)      AVX2_S(dest, src, 7);  AVX2_S(G_TEMP, src, 18); \
+    XOR(dest, G_TEMP, dest) ; AVX2_R(G_TEMP, src, 3);  XOR(dest, G_TEMP, dest) ;
+#define GAMMA0_1(dest, src)    AVX2_S(dest, src, 7);  AVX2_S(G_TEMP, src, 18); 
+#define GAMMA0_2(dest, src)    XOR(dest, G_TEMP, dest) ; AVX2_R(G_TEMP, src, 3);  \
+    XOR(dest, G_TEMP, dest) ;
+
+#define GAMMA1(dest, src)      AVX2_S(dest, src, 17); AVX2_S(G_TEMP, src, 19); \
+    XOR(dest, G_TEMP, dest) ; AVX2_R(G_TEMP, src, 10); XOR(dest, G_TEMP, dest) ;
+#define GAMMA1_1(dest, src)    AVX2_S(dest, src, 17); AVX2_S(G_TEMP, src, 19); 
+#define GAMMA1_2(dest, src)    XOR(dest, G_TEMP, dest) ; AVX2_R(G_TEMP, src, 10); \
+    XOR(dest, G_TEMP, dest) ;
+
+#define    FEEDBACK1_to_W_I_2    MOVE_BYTE(YMM_TEMP0, W_I, mMAP1toW_I_2[0]) ; \
+    BLEND(0x0c, W_I_2, YMM_TEMP0, W_I_2) ;
+#define    FEEDBACK2_to_W_I_2    MOVE_128(YMM_TEMP0, W_I, W_I, 0x08) ;  \
+    MOVE_BYTE(YMM_TEMP0, YMM_TEMP0, mMAP2toW_I_2[0]) ; BLEND(0x30, W_I_2, YMM_TEMP0, W_I_2) ; 
+#define    FEEDBACK3_to_W_I_2    MOVE_BYTE(YMM_TEMP0, W_I, mMAP3toW_I_2[0]) ; \
+    BLEND(0xc0, W_I_2, YMM_TEMP0, W_I_2) ; 
+
+#define    FEEDBACK_to_W_I_7     MOVE_128(YMM_TEMP0, W_I, W_I, 0x08) ;\
+    MOVE_BYTE(YMM_TEMP0, YMM_TEMP0, mMAPtoW_I_7[0]) ; BLEND(0x80, W_I_7, YMM_TEMP0, W_I_7) ;
+
+#undef voitle
+
+#define W_I_16  ymm8
+#define W_I_15  ymm9
+#define W_I_7  ymm10
+#define W_I_2  ymm11
+#define W_I    ymm12
+#define G_TEMP     ymm13
+#define S_TEMP     ymm14
+#define YMM_TEMP0  ymm15
+#define YMM_TEMP0x xmm15
+#define W_I_TEMP   ymm7
+#define W_K_TEMP   ymm15
+#define W_K_TEMPx  xmm15
+
+#define YMM_REGs /* Registers are saved in Sha256Update/Finel */
+ /* "%ymm7","%ymm8","%ymm9","%ymm10","%ymm11","%ymm12","%ymm13","%ymm14","%ymm15"*/
+
+
+#define MOVE_15_to_16(w_i_16, w_i_15, w_i_7)\
+    __asm__ volatile("vperm2i128  $0x01, %%"#w_i_15", %%"#w_i_15", %%"#w_i_15" ":::YMM_REGs) ;\
+    __asm__ volatile("vpblendd    $0x08, %%"#w_i_15", %%"#w_i_7", %%"#w_i_16" ":::YMM_REGs) ;\
+    __asm__ volatile("vperm2i128 $0x01,  %%"#w_i_7",  %%"#w_i_7", %%"#w_i_15" ":::YMM_REGs) ;\
+    __asm__ volatile("vpblendd    $0x80, %%"#w_i_15", %%"#w_i_16", %%"#w_i_16" ":::YMM_REGs) ;\
+    __asm__ volatile("vpshufd    $0x93,  %%"#w_i_16", %%"#w_i_16" ":::YMM_REGs) ;\
+
+#define MOVE_7_to_15(w_i_15, w_i_7)\
+    __asm__ volatile("vmovdqu                 %%"#w_i_7",  %%"#w_i_15" ":::YMM_REGs) ;\
+
+#define MOVE_I_to_7(w_i_7, w_i)\
+    __asm__ volatile("vperm2i128 $0x01,       %%"#w_i",   %%"#w_i",   %%"#w_i_7" ":::YMM_REGs) ;\
+    __asm__ volatile("vpblendd    $0x01,       %%"#w_i_7",   %%"#w_i", %%"#w_i_7" ":::YMM_REGs) ;\
+    __asm__ volatile("vpshufd    $0x39, %%"#w_i_7", %%"#w_i_7" ":::YMM_REGs) ;\
+
+#define MOVE_I_to_2(w_i_2, w_i)\
+    __asm__ volatile("vperm2i128 $0x01,       %%"#w_i", %%"#w_i", %%"#w_i_2" ":::YMM_REGs) ;\
+    __asm__ volatile("vpshufd    $0x0e, %%"#w_i_2", %%"#w_i_2" ":::YMM_REGs) ;\
+
+#define ROTATE_W(w_i_16, w_i_15, w_i_7, w_i_2, w_i)\
+    MOVE_15_to_16(w_i_16, w_i_15, w_i_7) ; \
+    MOVE_7_to_15(w_i_15, w_i_7) ; \
+    MOVE_I_to_7(w_i_7, w_i) ; \
+    MOVE_I_to_2(w_i_2, w_i) ;\
+
+#define _RegToDigest(S_0, S_1, S_2, S_3, S_4, S_5, S_6, S_7 )\
+    { word32 d ;\
+    __asm__ volatile("movl %"#S_0", %0":"=r"(d)::SSE_REGs) ;\
+    sha256->digest[0] += d;\
+    __asm__ volatile("movl %"#S_1", %0":"=r"(d)::SSE_REGs) ;\
+    sha256->digest[1] += d;\
+    __asm__ volatile("movl %"#S_2", %0":"=r"(d)::SSE_REGs) ;\
+    sha256->digest[2] += d;\
+    __asm__ volatile("movl %"#S_3", %0":"=r"(d)::SSE_REGs) ;\
+    sha256->digest[3] += d;\
+    __asm__ volatile("movl %"#S_4", %0":"=r"(d)::SSE_REGs) ;\
+    sha256->digest[4] += d;\
+    __asm__ volatile("movl %"#S_5", %0":"=r"(d)::SSE_REGs) ;\
+    sha256->digest[5] += d;\
+    __asm__ volatile("movl %"#S_6", %0":"=r"(d)::SSE_REGs) ;\
+    sha256->digest[6] += d;\
+    __asm__ volatile("movl %"#S_7", %0":"=r"(d)::SSE_REGs) ;\
+    sha256->digest[7] += d;\
+}
+
+#define _DumpS(S_0, S_1, S_2, S_3, S_4, S_5, S_6, S_7 )\
+  { word32 d[8] ;\
+    __asm__ volatile("movl %"#S_0", %0":"=r"(d[0])::SSE_REGs) ;\
+    __asm__ volatile("movl %"#S_1", %0":"=r"(d[1])::SSE_REGs) ;\
+    __asm__ volatile("movl %"#S_2", %0":"=r"(d[2])::SSE_REGs) ;\
+    __asm__ volatile("movl %"#S_3", %0":"=r"(d[3])::SSE_REGs) ;\
+    __asm__ volatile("movl %"#S_4", %0":"=r"(d[4])::SSE_REGs) ;\
+    __asm__ volatile("movl %"#S_5", %0":"=r"(d[5])::SSE_REGs) ;\
+    __asm__ volatile("movl %"#S_6", %0":"=r"(d[6])::SSE_REGs) ;\
+    __asm__ volatile("movl %"#S_7", %0":"=r"(d[7])::SSE_REGs) ;\
+        printf("S[0..7]=%08x,%08x,%08x,%08x,%08x,%08x,%08x,%08x\n", d[0],d[1],d[2],d[3],d[4],d[5],d[6],d[7]);\
+    __asm__ volatile("movl %0, %"#S_0::"r"(d[0]):SSE_REGs) ;\
+    __asm__ volatile("movl %0, %"#S_1::"r"(d[1]):SSE_REGs) ;\
+    __asm__ volatile("movl %0, %"#S_2::"r"(d[2]):SSE_REGs) ;\
+    __asm__ volatile("movl %0, %"#S_3::"r"(d[3]):SSE_REGs) ;\
+    __asm__ volatile("movl %0, %"#S_4::"r"(d[4]):SSE_REGs) ;\
+    __asm__ volatile("movl %0, %"#S_5::"r"(d[5]):SSE_REGs) ;\
+    __asm__ volatile("movl %0, %"#S_6::"r"(d[6]):SSE_REGs) ;\
+    __asm__ volatile("movl %0, %"#S_7::"r"(d[7]):SSE_REGs) ;\
+}
+
+
+#define DigestToReg(S_0, S_1, S_2, S_3, S_4, S_5, S_6, S_7 )\
+    _DigestToReg(S_0, S_1, S_2, S_3, S_4, S_5, S_6, S_7 )
+
+#define RegToDigest(S_0, S_1, S_2, S_3, S_4, S_5, S_6, S_7 )\
+    _RegToDigest(S_0, S_1, S_2, S_3, S_4, S_5, S_6, S_7 )
+
+#define DumS(S_0, S_1, S_2, S_3, S_4, S_5, S_6, S_7 )\
+    _DumpS(S_0, S_1, S_2, S_3, S_4, S_5, S_6, S_7 )
+
+        
+    /* Byte swap Masks to ensure that rest of the words are filled with zero's. */
+    static const unsigned long mBYTE_FLIP_MASK_16[] =  
+        { 0x0405060700010203, 0x0c0d0e0f08090a0b, 0x0405060700010203, 0x0c0d0e0f08090a0b } ;
+    static const unsigned long mBYTE_FLIP_MASK_15[] =  
+        { 0x0405060700010203, 0x0c0d0e0f08090a0b, 0x0405060700010203, 0x0c0d0e0f08090a0b } ;
+    static const unsigned long mBYTE_FLIP_MASK_7 [] =  
+        { 0x0405060700010203, 0x0c0d0e0f08090a0b, 0x0405060700010203, 0x8080808008090a0b } ;
+    static const unsigned long mBYTE_FLIP_MASK_2 [] =  
+        { 0x0405060700010203, 0x8080808080808080, 0x8080808080808080, 0x8080808080808080 } ;
+
+    static const unsigned long mMAPtoW_I_7[] =  
+        { 0x8080808080808080, 0x8080808080808080, 0x8080808080808080, 0x0302010080808080 } ;
+    static const unsigned long mMAP1toW_I_2[] = 
+        { 0x8080808080808080, 0x0706050403020100, 0x8080808080808080, 0x8080808080808080 } ;
+    static const unsigned long mMAP2toW_I_2[] = 
+        { 0x8080808080808080, 0x8080808080808080, 0x0f0e0d0c0b0a0908, 0x8080808080808080 } ;
+    static const unsigned long mMAP3toW_I_2[] = 
+        { 0x8080808080808080, 0x8080808080808080, 0x8080808080808080, 0x0706050403020100 } ;
+ 
+static int Transform_AVX2(Sha256* sha256)
+{
+
+    #ifdef WOLFSSL_SMALL_STACK
+        word32* W_K;
+        W_K = (word32*) XMALLOC(sizeof(word32) * 64, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        if (W_K == NULL)
+            return MEMORY_E;
+    #else
+        word32 W_K[64]  ;
+    #endif
+
+    MOVE_to_REG(W_I_16, sha256->buffer[0]);     BYTE_SWAP(W_I_16, mBYTE_FLIP_MASK_16[0]) ;
+    MOVE_to_REG(W_I_15, sha256->buffer[1]);     BYTE_SWAP(W_I_15, mBYTE_FLIP_MASK_15[0]) ;
+    MOVE_to_REG(W_I,    sha256->buffer[8]) ;    BYTE_SWAP(W_I,    mBYTE_FLIP_MASK_16[0]) ;
+    MOVE_to_REG(W_I_7,  sha256->buffer[16-7]) ; BYTE_SWAP(W_I_7,  mBYTE_FLIP_MASK_7[0])  ;
+    MOVE_to_REG(W_I_2,  sha256->buffer[16-2]) ; BYTE_SWAP(W_I_2,  mBYTE_FLIP_MASK_2[0])  ;
+
+    DigestToReg(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7) ;
+
+    ADD_MEM(W_K_TEMP, W_I_16, K[0]) ;
+    MOVE_to_MEM(W_K[0], W_K_TEMP) ; 
+
+    RND_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,0) ;
+    RND_7(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,1) ;
+    RND_6(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,2) ;
+    RND_5(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,3) ;  
+    RND_4(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,4) ;
+    RND_3(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,5) ;
+    RND_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,6) ;
+    RND_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,7) ;
+
+    ADD_MEM(YMM_TEMP0, W_I, K[8]) ;
+    MOVE_to_MEM(W_K[8], YMM_TEMP0) ; 
+
+        /* W[i] = Gamma1(W[i-2]) + W[i-7] + Gamma0(W[i-15] + W[i-16]) */
+                RND_0_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,8) ;
+        GAMMA0_1(W_I_TEMP, W_I_15) ;
+                RND_0_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,8) ;
+        GAMMA0_2(W_I_TEMP, W_I_15) ;
+                RND_0_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,8) ;
+        ADD(W_I_TEMP, W_I_16, W_I_TEMP) ;/* for saving W_I before adding incomplete W_I_7 */
+                RND_7_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,9) ;
+        ADD(W_I, W_I_7, W_I_TEMP);
+                RND_7_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,9) ;
+        GAMMA1_1(YMM_TEMP0, W_I_2) ; 
+                RND_7_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,9) ;
+        GAMMA1_2(YMM_TEMP0, W_I_2) ; 
+                RND_6_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,10) ;
+        ADD(W_I, W_I, YMM_TEMP0) ;/* now W[16..17] are completed */
+                RND_6_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,10) ;
+        FEEDBACK1_to_W_I_2 ;
+                RND_6_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,10) ;
+        FEEDBACK_to_W_I_7 ; 
+                RND_5_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,11) ;
+        ADD(W_I_TEMP, W_I_7, W_I_TEMP);
+                RND_5_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,11) ;
+        GAMMA1_1(YMM_TEMP0, W_I_2) ; 
+                RND_5_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,11) ;
+        GAMMA1_2(YMM_TEMP0, W_I_2) ; 
+                RND_4_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,12) ;
+        ADD(W_I, W_I_TEMP, YMM_TEMP0) ;/* now W[16..19] are completed */
+                RND_4_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,12) ;
+        FEEDBACK2_to_W_I_2 ;
+                RND_4_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,12) ;
+        GAMMA1_1(YMM_TEMP0, W_I_2) ;
+                RND_3_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,13) ;
+        GAMMA1_2(YMM_TEMP0, W_I_2) ; 
+                RND_3_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,13) ;
+        ADD(W_I, W_I_TEMP, YMM_TEMP0) ; /* now W[16..21] are completed */
+                RND_3_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,13) ;
+        FEEDBACK3_to_W_I_2 ;
+                RND_2_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,14) ;
+        GAMMA1(YMM_TEMP0, W_I_2) ;
+                RND_2_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,14) ;
+                RND_2_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,14) ;
+        ADD(W_I, W_I_TEMP, YMM_TEMP0) ; /* now W[16..23] are completed */
+                RND_1_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,15) ;
+
+        MOVE_to_REG(YMM_TEMP0, K[16]) ;    
+                RND_1_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,15) ;
+        ROTATE_W(W_I_16, W_I_15, W_I_7, W_I_2, W_I) ;
+                RND_1_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,15) ;
+        ADD(YMM_TEMP0, YMM_TEMP0, W_I) ;
+        MOVE_to_MEM(W_K[16], YMM_TEMP0) ;
+
+        /* W[i] = Gamma1(W[i-2]) + W[i-7] + Gamma0(W[i-15] + W[i-16]) */
+                RND_0_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,16) ;
+        GAMMA0_1(W_I_TEMP, W_I_15) ;
+                RND_0_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,16) ;
+        GAMMA0_2(W_I_TEMP, W_I_15) ;
+                RND_0_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,16) ;
+        ADD(W_I_TEMP, W_I_16, W_I_TEMP) ;/* for saving W_I before adding incomplete W_I_7 */
+                RND_7_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,17) ;
+        ADD(W_I, W_I_7, W_I_TEMP);
+                RND_7_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,17) ;
+        GAMMA1_1(YMM_TEMP0, W_I_2) ; 
+                RND_7_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,17) ;
+        GAMMA1_2(YMM_TEMP0, W_I_2) ; 
+                RND_6_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,18) ;
+        ADD(W_I, W_I, YMM_TEMP0) ;/* now W[16..17] are completed */
+                RND_6_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,18) ;
+        FEEDBACK1_to_W_I_2 ;
+                RND_6_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,18) ;
+        FEEDBACK_to_W_I_7 ; 
+                RND_5_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,19) ;
+        ADD(W_I_TEMP, W_I_7, W_I_TEMP);
+                RND_5_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,19) ;
+        GAMMA1(YMM_TEMP0, W_I_2) ; 
+                RND_5_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,19) ;
+        GAMMA1_2(YMM_TEMP0, W_I_2) ; 
+                RND_4_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,20) ;
+        ADD(W_I, W_I_TEMP, YMM_TEMP0) ;/* now W[16..19] are completed */
+                RND_4_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,20) ;
+        FEEDBACK2_to_W_I_2 ;
+                RND_4_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,20) ;
+        GAMMA1_1(YMM_TEMP0, W_I_2) ;
+                RND_3_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,21) ;
+        GAMMA1_2(YMM_TEMP0, W_I_2) ; 
+                RND_3_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,21) ;
+        ADD(W_I, W_I_TEMP, YMM_TEMP0) ; /* now W[16..21] are completed */
+                RND_3_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,21) ;
+        FEEDBACK3_to_W_I_2 ;
+                RND_2_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,22) ;
+        GAMMA1_1(YMM_TEMP0, W_I_2) ;
+                RND_2_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,22) ;
+        GAMMA1_2(YMM_TEMP0, W_I_2) ; 
+                RND_2_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,22) ;
+        ADD(W_I, W_I_TEMP, YMM_TEMP0) ; /* now W[16..23] are completed */
+                RND_1_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,23) ;
+
+        MOVE_to_REG(YMM_TEMP0, K[24]) ;    
+                RND_1_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,23) ;
+        ROTATE_W(W_I_16, W_I_15, W_I_7, W_I_2, W_I) ;
+                RND_1_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,23) ;
+        ADD(YMM_TEMP0, YMM_TEMP0, W_I) ;
+        MOVE_to_MEM(W_K[24], YMM_TEMP0) ;
+
+                /* W[i] = Gamma1(W[i-2]) + W[i-7] + Gamma0(W[i-15] + W[i-16]) */
+                RND_0_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,24) ;
+        GAMMA0_1(W_I_TEMP, W_I_15) ;
+                RND_0_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,24) ;
+        GAMMA0_2(W_I_TEMP, W_I_15) ;
+                RND_0_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,24) ;
+        ADD(W_I_TEMP, W_I_16, W_I_TEMP) ;/* for saving W_I before adding incomplete W_I_7 */
+                RND_7_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,25) ;
+        ADD(W_I, W_I_7, W_I_TEMP);
+                RND_7_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,25) ;
+        GAMMA1_1(YMM_TEMP0, W_I_2) ; 
+                RND_7_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,25) ;
+        GAMMA1_2(YMM_TEMP0, W_I_2) ; 
+                RND_6_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,26) ;
+        ADD(W_I, W_I, YMM_TEMP0) ;/* now W[16..17] are completed */
+                RND_6_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,26) ;
+        FEEDBACK1_to_W_I_2 ;
+                RND_6_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,26) ;
+        FEEDBACK_to_W_I_7 ; 
+                RND_5_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,27) ;
+        ADD(W_I_TEMP, W_I_7, W_I_TEMP);
+                RND_5_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,27) ;
+        GAMMA1_1(YMM_TEMP0, W_I_2) ; 
+                RND_5_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,27) ;
+        GAMMA1_2(YMM_TEMP0, W_I_2) ; 
+                RND_4_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,28) ;
+        ADD(W_I, W_I_TEMP, YMM_TEMP0) ;/* now W[16..19] are completed */
+                RND_4_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,28) ;
+        FEEDBACK2_to_W_I_2 ;
+                RND_4_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,28) ;
+        GAMMA1_1(YMM_TEMP0, W_I_2) ;
+                RND_3_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,29) ;
+        GAMMA1_2(YMM_TEMP0, W_I_2) ; 
+                RND_3_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,29) ;
+        ADD(W_I, W_I_TEMP, YMM_TEMP0) ; /* now W[16..21] are completed */
+                RND_3_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,29) ;
+        FEEDBACK3_to_W_I_2 ;
+                RND_2_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,30) ;
+        GAMMA1(YMM_TEMP0, W_I_2) ;
+                RND_2_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,30) ;
+                RND_2_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,30) ;
+        ADD(W_I, W_I_TEMP, YMM_TEMP0) ; /* now W[16..23] are completed */
+                RND_1_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,31) ;
+
+        MOVE_to_REG(YMM_TEMP0, K[32]) ;    
+                RND_1_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,31) ;
+        ROTATE_W(W_I_16, W_I_15, W_I_7, W_I_2, W_I) ;
+                RND_1_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,31) ;
+        ADD(YMM_TEMP0, YMM_TEMP0, W_I) ;
+        MOVE_to_MEM(W_K[32], YMM_TEMP0) ;
+
+        
+                /* W[i] = Gamma1(W[i-2]) + W[i-7] + Gamma0(W[i-15] + W[i-16]) */
+                RND_0_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,32) ;
+        GAMMA0_1(W_I_TEMP, W_I_15) ;
+                RND_0_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,32) ;
+        GAMMA0_2(W_I_TEMP, W_I_15) ;
+                RND_0_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,32) ;
+        ADD(W_I_TEMP, W_I_16, W_I_TEMP) ;/* for saving W_I before adding incomplete W_I_7 */
+                RND_7_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,33) ;
+        ADD(W_I, W_I_7, W_I_TEMP);
+                RND_7_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,33) ;
+        GAMMA1_1(YMM_TEMP0, W_I_2) ;
+                RND_7_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,33) ;
+        GAMMA1_2(YMM_TEMP0, W_I_2) ; 
+                RND_6_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,34) ;
+        ADD(W_I, W_I, YMM_TEMP0) ;/* now W[16..17] are completed */
+                RND_6_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,34) ;
+        FEEDBACK1_to_W_I_2 ;
+                RND_6_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,34) ;
+        FEEDBACK_to_W_I_7 ; 
+                RND_5_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,35) ;
+        ADD(W_I_TEMP, W_I_7, W_I_TEMP);
+                RND_5_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,35) ;
+        GAMMA1_1(YMM_TEMP0, W_I_2) ;
+                RND_5_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,35) ;
+        GAMMA1_2(YMM_TEMP0, W_I_2) ;
+                RND_4_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,36) ;
+        ADD(W_I, W_I_TEMP, YMM_TEMP0) ;/* now W[16..19] are completed */
+                RND_4_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,36) ;
+        FEEDBACK2_to_W_I_2 ;
+                RND_4_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,36) ;
+        GAMMA1_1(YMM_TEMP0, W_I_2) ;
+                RND_3_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,37) ;
+        GAMMA1_2(YMM_TEMP0, W_I_2) ;
+                RND_3_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,37) ;
+        ADD(W_I, W_I_TEMP, YMM_TEMP0) ; /* now W[16..21] are completed */
+                RND_3_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,37) ;
+        FEEDBACK3_to_W_I_2 ;
+                RND_2_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,38) ;
+        GAMMA1_1(YMM_TEMP0, W_I_2) ;
+                RND_2_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,38) ;
+        GAMMA1_2(YMM_TEMP0, W_I_2) ;
+                RND_2_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,38) ;
+        ADD(W_I, W_I_TEMP, YMM_TEMP0) ; /* now W[16..23] are completed */
+                RND_1_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,39) ;
+
+        MOVE_to_REG(YMM_TEMP0, K[40]) ;    
+                RND_1_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,39) ;
+        ROTATE_W(W_I_16, W_I_15, W_I_7, W_I_2, W_I) ;
+                RND_1_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,39) ;
+        ADD(YMM_TEMP0, YMM_TEMP0, W_I) ;
+        MOVE_to_MEM(W_K[40], YMM_TEMP0) ;
+
+                /* W[i] = Gamma1(W[i-2]) + W[i-7] + Gamma0(W[i-15] + W[i-16]) */
+                RND_0_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,40) ;
+        GAMMA0_1(W_I_TEMP, W_I_15) ;
+                RND_0_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,40) ;
+        GAMMA0_2(W_I_TEMP, W_I_15) ;
+                RND_0_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,40) ;
+        ADD(W_I_TEMP, W_I_16, W_I_TEMP) ;/* for saving W_I before adding incomplete W_I_7 */
+                RND_7_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,41) ;
+        ADD(W_I, W_I_7, W_I_TEMP);
+                RND_7_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,41) ;
+        GAMMA1_1(YMM_TEMP0, W_I_2) ;
+                RND_7_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,41) ;
+        GAMMA1_2(YMM_TEMP0, W_I_2) ;
+                RND_6_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,42) ;
+        ADD(W_I, W_I, YMM_TEMP0) ;/* now W[16..17] are completed */
+                RND_6_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,42) ;
+        FEEDBACK1_to_W_I_2 ;
+                RND_6_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,42) ;
+        FEEDBACK_to_W_I_7 ; 
+                RND_5_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,43) ;
+        ADD(W_I_TEMP, W_I_7, W_I_TEMP);
+                RND_5_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,43) ;
+        GAMMA1_1(YMM_TEMP0, W_I_2) ; 
+                RND_5_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,43) ;
+        GAMMA1_2(YMM_TEMP0, W_I_2) ;
+                RND_4_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,44) ;
+        ADD(W_I, W_I_TEMP, YMM_TEMP0) ;/* now W[16..19] are completed */
+                RND_4_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,44) ;
+        FEEDBACK2_to_W_I_2 ;
+                RND_4_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,44) ;
+        GAMMA1_1(YMM_TEMP0, W_I_2) ;
+                RND_3_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,45) ;
+        GAMMA1_2(YMM_TEMP0, W_I_2) ;
+                RND_3_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,45) ;
+        ADD(W_I, W_I_TEMP, YMM_TEMP0) ; /* now W[16..21] are completed */
+                RND_3_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,45) ;
+        FEEDBACK3_to_W_I_2 ;
+                RND_2_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,46) ;
+        GAMMA1_1(YMM_TEMP0, W_I_2) ;
+                RND_2_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,46) ;
+        GAMMA1_2(YMM_TEMP0, W_I_2) ;
+                RND_2_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,46) ;
+        ADD(W_I, W_I_TEMP, YMM_TEMP0) ; /* now W[16..23] are completed */
+                RND_1_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,47) ;
+
+        MOVE_to_REG(YMM_TEMP0, K[48]) ;    
+                RND_1_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,47) ;
+        ROTATE_W(W_I_16, W_I_15, W_I_7, W_I_2, W_I) ;
+                RND_1_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,47) ;
+        ADD(YMM_TEMP0, YMM_TEMP0, W_I) ;
+        MOVE_to_MEM(W_K[48], YMM_TEMP0) ;
+        
+                /* W[i] = Gamma1(W[i-2]) + W[i-7] + Gamma0(W[i-15] + W[i-16]) */
+                RND_0_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,48) ;
+        GAMMA0_1(W_I_TEMP, W_I_15) ;
+                RND_0_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,48) ;
+        GAMMA0_2(W_I_TEMP, W_I_15) ;
+                RND_0_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,48) ;
+        ADD(W_I_TEMP, W_I_16, W_I_TEMP) ;/* for saving W_I before adding incomplete W_I_7 */
+                RND_7_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,49) ;
+        ADD(W_I, W_I_7, W_I_TEMP);
+                RND_7_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,49) ;
+        GAMMA1_1(YMM_TEMP0, W_I_2) ; 
+                RND_7_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,49) ;
+        GAMMA1_2(YMM_TEMP0, W_I_2) ;
+                RND_6_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,50) ;
+        ADD(W_I, W_I, YMM_TEMP0) ;/* now W[16..17] are completed */
+                RND_6_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,50) ;
+        FEEDBACK1_to_W_I_2 ;
+                RND_6_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,50) ;
+        FEEDBACK_to_W_I_7 ; 
+                RND_5_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,51) ;
+        ADD(W_I_TEMP, W_I_7, W_I_TEMP);
+                RND_5_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,51) ;
+        GAMMA1_1(YMM_TEMP0, W_I_2) ;
+                RND_5_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,51) ;
+        GAMMA1_2(YMM_TEMP0, W_I_2) ;
+                RND_4_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,52) ;
+        ADD(W_I, W_I_TEMP, YMM_TEMP0) ;/* now W[16..19] are completed */
+                RND_4_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,52) ;
+        FEEDBACK2_to_W_I_2 ;
+                RND_4_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,52) ;
+        GAMMA1_1(YMM_TEMP0, W_I_2) ;
+                RND_3_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,53) ;
+        GAMMA1_2(YMM_TEMP0, W_I_2) ;
+                RND_3_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,53) ;
+        ADD(W_I, W_I_TEMP, YMM_TEMP0) ; /* now W[16..21] are completed */
+                RND_3_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,53) ;
+        FEEDBACK3_to_W_I_2 ;
+                RND_2_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,54) ;
+        GAMMA1_1(YMM_TEMP0, W_I_2) ;
+                RND_2_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,54) ;
+        GAMMA1_2(YMM_TEMP0, W_I_2) ;
+                RND_2_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,54) ;
+        ADD(W_I, W_I_TEMP, YMM_TEMP0) ; /* now W[16..23] are completed */
+                RND_1_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,55) ;
+
+        MOVE_to_REG(YMM_TEMP0, K[56]) ;    
+                RND_1_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,55) ;
+        ROTATE_W(W_I_16, W_I_15, W_I_7, W_I_2, W_I) ;
+                RND_1_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,55) ;
+        ADD(YMM_TEMP0, YMM_TEMP0, W_I) ;
+        MOVE_to_MEM(W_K[56], YMM_TEMP0) ;        
+        
+        RND_0(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,56) ;
+        RND_7(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,57) ;
+        RND_6(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,58) ;
+        RND_5(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,59) ;
+
+        RND_4(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,60) ;
+        RND_3(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,61) ;
+        RND_2(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,62) ;
+        RND_1(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7,63) ;
+
+    RegToDigest(S_0,S_1,S_2,S_3,S_4,S_5,S_6,S_7) ;  
+
+    #ifdef WOLFSSL_SMALL_STACK
+        XFREE(W, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    #endif
+    
+    return 0;
+}
+
+#endif   /* HAVE_INTEL_AVX2 */
+
+#endif   /* WOLFSSL_TI_HAHS */
+
+#endif   /* HAVE_FIPS */
+
+#endif /* NO_SHA256 */
+
diff --git a/wolfssl/wolfcrypt/md5.h b/wolfssl/wolfcrypt/md5.h
index 94e4466f7..f7d7c150a 100644
--- a/wolfssl/wolfcrypt/md5.h
+++ b/wolfssl/wolfcrypt/md5.h
@@ -1,100 +1,100 @@
-/* md5.h
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-#ifndef WOLF_CRYPT_MD5_H
-#define WOLF_CRYPT_MD5_H
-
-#include <wolfssl/wolfcrypt/types.h>
-
-#ifndef NO_MD5
-
-#ifdef HAVE_FIPS
-    #define wc_InitMd5   InitMd5
-    #define wc_Md5Update Md5Update
-    #define wc_Md5Final  Md5Final
-    #define wc_Md5Hash   Md5Hash
-#endif
-
-#ifdef __cplusplus
-    extern "C" {
-#endif
-
-/* in bytes */
-enum {
-#ifdef STM32F2_HASH
-    MD5_REG_SIZE    =  4,      /* STM32 register size, bytes */
-#endif
-    MD5             =  0,      /* hash type unique */
-    MD5_BLOCK_SIZE  = 64,
-    MD5_DIGEST_SIZE = 16,
-    MD5_PAD_SIZE    = 56
-};
-
-#if defined(WOLFSSL_PIC32MZ_HASH)
-#include "port/pic32/pic32mz-crypt.h"
-#endif
-
-#ifdef TI_HASH_TEST
-#include "wolfssl/wolfcrypt/port/ti/ti-hash.h"
-#endif
-
-
-#ifndef WOLFSSL_TI_HASH
-
-/* MD5 digest */
-typedef struct Md5 {
-    word32  buffLen;   /* in bytes          */
-    word32  loLen;     /* length in bytes   */
-    word32  hiLen;     /* length in bytes   */
-    word32  buffer[MD5_BLOCK_SIZE  / sizeof(word32)];
-    #if !defined(WOLFSSL_PIC32MZ_HASH)
-    word32  digest[MD5_DIGEST_SIZE / sizeof(word32)];
-    #else
-    word32  digest[PIC32_HASH_SIZE / sizeof(word32)];
-    pic32mz_desc desc ; /* Crypt Engine descripter */
-    #endif
-
-#ifdef TI_HASH_TEST
-    wolfssl_TI_Hash ti ;
-#endif
-
-} Md5;
-
-#if defined(TI_HASH_TEST)
-void wc_Md5GetHash_ti(Md5* md5, byte* hash) ;
-#endif
-
-#else /* WOLFSSL_TI_HASH */
-    #include "wolfssl/wolfcrypt/port/ti/ti-hash.h"
-#endif
-
-WOLFSSL_API void wc_InitMd5(Md5*);
-WOLFSSL_API void wc_Md5Update(Md5*, const byte*, word32);
-WOLFSSL_API void wc_Md5Final(Md5*, byte*);
-WOLFSSL_API int  wc_Md5Hash(const byte*, word32, byte*);
-WOLFSSL_API void wc_Md5GetHash(Md5*, byte*);
-
-#ifdef __cplusplus
-    } /* extern "C" */
-#endif
-
-#endif /* NO_MD5 */
-#endif /* WOLF_CRYPT_MD5_H */
+/* md5.h
+ *
+ * Copyright (C) 2006-2015 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL. (formerly known as CyaSSL)
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+#ifndef WOLF_CRYPT_MD5_H
+#define WOLF_CRYPT_MD5_H
+
+#include <wolfssl/wolfcrypt/types.h>
+
+#ifndef NO_MD5
+
+#ifdef HAVE_FIPS
+    #define wc_InitMd5   InitMd5
+    #define wc_Md5Update Md5Update
+    #define wc_Md5Final  Md5Final
+    #define wc_Md5Hash   Md5Hash
+#endif
+
+#ifdef __cplusplus
+    extern "C" {
+#endif
+
+/* in bytes */
+enum {
+#ifdef STM32F2_HASH
+    MD5_REG_SIZE    =  4,      /* STM32 register size, bytes */
+#endif
+    MD5             =  0,      /* hash type unique */
+    MD5_BLOCK_SIZE  = 64,
+    MD5_DIGEST_SIZE = 16,
+    MD5_PAD_SIZE    = 56
+};
+
+#if defined(WOLFSSL_PIC32MZ_HASH)
+#include "port/pic32/pic32mz-crypt.h"
+#endif
+
+#ifdef TI_HASH_TEST
+#include "wolfssl/wolfcrypt/port/ti/ti-hash.h"
+#endif
+
+
+#ifndef WOLFSSL_TI_HASH
+
+/* MD5 digest */
+typedef struct Md5 {
+    word32  buffLen;   /* in bytes          */
+    word32  loLen;     /* length in bytes   */
+    word32  hiLen;     /* length in bytes   */
+    word32  buffer[MD5_BLOCK_SIZE  / sizeof(word32)];
+    #if !defined(WOLFSSL_PIC32MZ_HASH)
+    word32  digest[MD5_DIGEST_SIZE / sizeof(word32)];
+    #else
+    word32  digest[PIC32_HASH_SIZE / sizeof(word32)];
+    pic32mz_desc desc ; /* Crypt Engine descripter */
+    #endif
+
+#ifdef TI_HASH_TEST
+    wolfssl_TI_Hash ti ;
+#endif
+
+} Md5;
+
+#if defined(TI_HASH_TEST)
+void wc_Md5GetHash_ti(Md5* md5, byte* hash) ;
+#endif
+
+#else /* WOLFSSL_TI_HASH */
+    #include "wolfssl/wolfcrypt/port/ti/ti-hash.h"
+#endif
+
+WOLFSSL_API void wc_InitMd5(Md5*);
+WOLFSSL_API void wc_Md5Update(Md5*, const byte*, word32);
+WOLFSSL_API void wc_Md5Final(Md5*, byte*);
+WOLFSSL_API int  wc_Md5Hash(const byte*, word32, byte*);
+WOLFSSL_API void wc_Md5GetHash(Md5*, byte*);
+
+#ifdef __cplusplus
+    } /* extern "C" */
+#endif
+
+#endif /* NO_MD5 */
+#endif /* WOLF_CRYPT_MD5_H */
diff --git a/wolfssl/wolfcrypt/sha.h b/wolfssl/wolfcrypt/sha.h
index 46dce03d0..b5ff4908d 100644
--- a/wolfssl/wolfcrypt/sha.h
+++ b/wolfssl/wolfcrypt/sha.h
@@ -1,88 +1,88 @@
-/* sha.h
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-#ifndef WOLF_CRYPT_SHA_H
-#define WOLF_CRYPT_SHA_H
-
-#include <wolfssl/wolfcrypt/types.h>
-
-#ifndef NO_SHA
-
-#ifdef HAVE_FIPS
-/* for fips @wc_fips */
-#include <cyassl/ctaocrypt/sha.h>
-#endif
-
-#ifdef __cplusplus
-    extern "C" {
-#endif
-
-#ifndef HAVE_FIPS /* avoid redefining structs */
-/* in bytes */
-enum {
-#ifdef STM32F2_HASH
-    SHA_REG_SIZE     =  4,    /* STM32 register size, bytes */
-#endif
-    SHA              =  1,    /* hash type unique */
-    SHA_BLOCK_SIZE   = 64,
-    SHA_DIGEST_SIZE  = 20,
-    SHA_PAD_SIZE     = 56
-};
-
-#ifdef WOLFSSL_PIC32MZ_HASH
-#include "port/pic32/pic32mz-crypt.h"
-#endif
-
-#ifndef WOLFSSL_TI_HASH
-      
-/* Sha digest */
-typedef struct Sha {
-    word32  buffLen;   /* in bytes          */
-    word32  loLen;     /* length in bytes   */
-    word32  hiLen;     /* length in bytes   */
-    word32  buffer[SHA_BLOCK_SIZE  / sizeof(word32)];
-    #ifndef WOLFSSL_PIC32MZ_HASH
-        word32  digest[SHA_DIGEST_SIZE / sizeof(word32)];
-    #else
-        word32  digest[PIC32_HASH_SIZE / sizeof(word32)];
-        pic32mz_desc desc; /* Crypt Engine descripter */
-    #endif
-} Sha;
-
-#else /* WOLFSSL_TI_HASH */
-    #include "wolfssl/wolfcrypt/port/ti/ti-hash.h"
-#endif
-
-#endif /* HAVE_FIPS */
-
-WOLFSSL_API int wc_InitSha(Sha*);
-WOLFSSL_API int wc_ShaUpdate(Sha*, const byte*, word32);
-WOLFSSL_API int wc_ShaFinal(Sha*, byte*);
-WOLFSSL_API int wc_ShaHash(const byte*, word32, byte*);
-WOLFSSL_API int wc_ShaGetHash(Sha*, byte*);
-
-#ifdef __cplusplus
-    } /* extern "C" */
-#endif
-
-#endif /* NO_SHA */
-#endif /* WOLF_CRYPT_SHA_H */
-
+/* sha.h
+ *
+ * Copyright (C) 2006-2015 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL. (formerly known as CyaSSL)
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+#ifndef WOLF_CRYPT_SHA_H
+#define WOLF_CRYPT_SHA_H
+
+#include <wolfssl/wolfcrypt/types.h>
+
+#ifndef NO_SHA
+
+#ifdef HAVE_FIPS
+/* for fips @wc_fips */
+#include <cyassl/ctaocrypt/sha.h>
+#endif
+
+#ifdef __cplusplus
+    extern "C" {
+#endif
+
+#ifndef HAVE_FIPS /* avoid redefining structs */
+/* in bytes */
+enum {
+#ifdef STM32F2_HASH
+    SHA_REG_SIZE     =  4,    /* STM32 register size, bytes */
+#endif
+    SHA              =  1,    /* hash type unique */
+    SHA_BLOCK_SIZE   = 64,
+    SHA_DIGEST_SIZE  = 20,
+    SHA_PAD_SIZE     = 56
+};
+
+#ifdef WOLFSSL_PIC32MZ_HASH
+#include "port/pic32/pic32mz-crypt.h"
+#endif
+
+#ifndef WOLFSSL_TI_HASH
+      
+/* Sha digest */
+typedef struct Sha {
+    word32  buffLen;   /* in bytes          */
+    word32  loLen;     /* length in bytes   */
+    word32  hiLen;     /* length in bytes   */
+    word32  buffer[SHA_BLOCK_SIZE  / sizeof(word32)];
+    #ifndef WOLFSSL_PIC32MZ_HASH
+        word32  digest[SHA_DIGEST_SIZE / sizeof(word32)];
+    #else
+        word32  digest[PIC32_HASH_SIZE / sizeof(word32)];
+        pic32mz_desc desc; /* Crypt Engine descripter */
+    #endif
+} Sha;
+
+#else /* WOLFSSL_TI_HASH */
+    #include "wolfssl/wolfcrypt/port/ti/ti-hash.h"
+#endif
+
+#endif /* HAVE_FIPS */
+
+WOLFSSL_API int wc_InitSha(Sha*);
+WOLFSSL_API int wc_ShaUpdate(Sha*, const byte*, word32);
+WOLFSSL_API int wc_ShaFinal(Sha*, byte*);
+WOLFSSL_API int wc_ShaHash(const byte*, word32, byte*);
+WOLFSSL_API int wc_ShaGetHash(Sha*, byte*);
+
+#ifdef __cplusplus
+    } /* extern "C" */
+#endif
+
+#endif /* NO_SHA */
+#endif /* WOLF_CRYPT_SHA_H */
+
diff --git a/wolfssl/wolfcrypt/sha256.h b/wolfssl/wolfcrypt/sha256.h
index 86616e320..d022d3ac5 100644
--- a/wolfssl/wolfcrypt/sha256.h
+++ b/wolfssl/wolfcrypt/sha256.h
@@ -1,86 +1,86 @@
-/* sha256.h
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-/* code submitted by raphael.huck@efixo.com */
-
-#ifndef WOLF_CRYPT_SHA256_H
-#define WOLF_CRYPT_SHA256_H
-
-#include <wolfssl/wolfcrypt/types.h>
-
-#ifndef NO_SHA256
-
-#ifdef HAVE_FIPS
-    /* for fips @wc_fips */
-    #include <cyassl/ctaocrypt/sha256.h>
-#endif
-
-
-#ifdef __cplusplus
-    extern "C" {
-#endif
-
-#ifndef HAVE_FIPS /* avoid redefinition of structs */
-#ifdef WOLFSSL_PIC32MZ_HASH
-    #include "port/pic32/pic32mz-crypt.h"
-#endif
-
-/* in bytes */
-enum {
-    SHA256              =  2,   /* hash type unique */
-    SHA256_BLOCK_SIZE   = 64,
-    SHA256_DIGEST_SIZE  = 32,
-    SHA256_PAD_SIZE     = 56
-};
-
-#ifndef WOLFSSL_TI_HASH
-
-/* Sha256 digest */
-typedef struct Sha256 {
-    word32  buffLen;   /* in bytes          */
-    word32  loLen;     /* length in bytes   */
-    word32  hiLen;     /* length in bytes   */
-    word32  digest[SHA256_DIGEST_SIZE / sizeof(word32)];
-    word32  buffer[SHA256_BLOCK_SIZE  / sizeof(word32)];
-    #ifdef WOLFSSL_PIC32MZ_HASH
-        pic32mz_desc desc ; /* Crypt Engine descripter */
-    #endif
-} Sha256;
-
-#else /* WOLFSSL_TI_HASH */
-    #include "wolfssl/wolfcrypt/port/ti/ti-hash.h"
-#endif
-
-#endif /* HAVE_FIPS */
-
-WOLFSSL_API int wc_InitSha256(Sha256*);
-WOLFSSL_API int wc_Sha256Update(Sha256*, const byte*, word32);
-WOLFSSL_API int wc_Sha256Final(Sha256*, byte*);
-WOLFSSL_API int wc_Sha256Hash(const byte*, word32, byte*);
-WOLFSSL_API int wc_Sha256GetHash(Sha256*, byte*);
-
-#ifdef __cplusplus
-    } /* extern "C" */
-#endif
-
-#endif /* NO_SHA256 */
-#endif /* WOLF_CRYPT_SHA256_H */
-
+/* sha256.h
+ *
+ * Copyright (C) 2006-2015 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL. (formerly known as CyaSSL)
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+/* code submitted by raphael.huck@efixo.com */
+
+#ifndef WOLF_CRYPT_SHA256_H
+#define WOLF_CRYPT_SHA256_H
+
+#include <wolfssl/wolfcrypt/types.h>
+
+#ifndef NO_SHA256
+
+#ifdef HAVE_FIPS
+    /* for fips @wc_fips */
+    #include <cyassl/ctaocrypt/sha256.h>
+#endif
+
+
+#ifdef __cplusplus
+    extern "C" {
+#endif
+
+#ifndef HAVE_FIPS /* avoid redefinition of structs */
+#ifdef WOLFSSL_PIC32MZ_HASH
+    #include "port/pic32/pic32mz-crypt.h"
+#endif
+
+/* in bytes */
+enum {
+    SHA256              =  2,   /* hash type unique */
+    SHA256_BLOCK_SIZE   = 64,
+    SHA256_DIGEST_SIZE  = 32,
+    SHA256_PAD_SIZE     = 56
+};
+
+#ifndef WOLFSSL_TI_HASH
+
+/* Sha256 digest */
+typedef struct Sha256 {
+    word32  buffLen;   /* in bytes          */
+    word32  loLen;     /* length in bytes   */
+    word32  hiLen;     /* length in bytes   */
+    word32  digest[SHA256_DIGEST_SIZE / sizeof(word32)];
+    word32  buffer[SHA256_BLOCK_SIZE  / sizeof(word32)];
+    #ifdef WOLFSSL_PIC32MZ_HASH
+        pic32mz_desc desc ; /* Crypt Engine descripter */
+    #endif
+} Sha256;
+
+#else /* WOLFSSL_TI_HASH */
+    #include "wolfssl/wolfcrypt/port/ti/ti-hash.h"
+#endif
+
+#endif /* HAVE_FIPS */
+
+WOLFSSL_API int wc_InitSha256(Sha256*);
+WOLFSSL_API int wc_Sha256Update(Sha256*, const byte*, word32);
+WOLFSSL_API int wc_Sha256Final(Sha256*, byte*);
+WOLFSSL_API int wc_Sha256Hash(const byte*, word32, byte*);
+WOLFSSL_API int wc_Sha256GetHash(Sha256*, byte*);
+
+#ifdef __cplusplus
+    } /* extern "C" */
+#endif
+
+#endif /* NO_SHA256 */
+#endif /* WOLF_CRYPT_SHA256_H */
+

From d24c7f070cb1c39764aa6599b67f99ad0c719837 Mon Sep 17 00:00:00 2001
From: Takashi Kojo <kojo@wolfssl.com>
Date: Thu, 21 May 2015 18:12:43 +0900
Subject: [PATCH 092/350] files cleaned

---
 src/include.am                      |  5 +--
 wolfcrypt/src/md5.c                 | 25 -----------
 wolfcrypt/src/sha.c                 |  7 ----
 wolfcrypt/src/sha256.c              |  7 ----
 wolfssl/wolfcrypt/port/ti/ti-ccm.h  | 40 ++++++++++++++++++
 wolfssl/wolfcrypt/port/ti/ti-hash.h | 64 +++++++++++++++++++++++++++++
 6 files changed, 106 insertions(+), 42 deletions(-)
 create mode 100644 wolfssl/wolfcrypt/port/ti/ti-ccm.h
 create mode 100644 wolfssl/wolfcrypt/port/ti/ti-hash.h

diff --git a/src/include.am b/src/include.am
index 1dcf24a2b..f65331b4c 100644
--- a/src/include.am
+++ b/src/include.am
@@ -74,7 +74,8 @@ endif
 src_libwolfssl_la_SOURCES += \
                wolfcrypt/src/logging.c \
                wolfcrypt/src/wc_port.c \
-               wolfcrypt/src/error.c
+               wolfcrypt/src/error.c\
+               wolfcrypt/src/port/ti/ti-hash.c
 
 if BUILD_MEMORY
 src_libwolfssl_la_SOURCES += wolfcrypt/src/memory.c
@@ -191,8 +192,6 @@ if BUILD_PKCS7
 src_libwolfssl_la_SOURCES += wolfcrypt/src/pkcs7.c
 endif
 
-src_libwolfssl_la_SOURCES += wolfcrypt/src/port/ti/ti-hash.c
-
 # ssl files
 src_libwolfssl_la_SOURCES += \
                src/internal.c \
diff --git a/wolfcrypt/src/md5.c b/wolfcrypt/src/md5.c
index 6c2e45d9f..64c2ff15a 100644
--- a/wolfcrypt/src/md5.c
+++ b/wolfcrypt/src/md5.c
@@ -180,12 +180,6 @@
 
 #endif /* WOLFSSL_HAVE_MIN */
 
-#ifdef TI_HASH_TEST
-void wc_InitMd5_ti(Md5* md5) ;
-void wc_Md5Update_ti(Md5* md5, const byte* data, word32 len) ;
-void wc_Md5Final_ti(Md5* md5, byte* hash) ;
-#endif
-
 void wc_InitMd5(Md5* md5)
 {
     md5->digest[0] = 0x67452301L;
@@ -196,10 +190,6 @@ void wc_InitMd5(Md5* md5)
     md5->buffLen = 0;
     md5->loLen   = 0;
     md5->hiLen   = 0;
-
-#ifdef TI_HASH_TEST
-    wc_InitMd5_ti(md5) ;
-#endif
 }
 
 #ifndef FREESCALE_MMCAU
@@ -328,10 +318,6 @@ void wc_Md5Update(Md5* md5, const byte* data, word32 len)
             md5->buffLen = 0;
         }
     }
-#ifdef TI_HASH_TEST
-    wc_Md5Update_ti(md5, data, len) ;
-#endif
-
 }
 
 
@@ -376,10 +362,6 @@ void wc_Md5Final(Md5* md5, byte* hash)
     XMEMCPY(hash, md5->digest, MD5_DIGEST_SIZE);
 
     wc_InitMd5(md5);  /* reset state */
-
-#ifdef TI_HASH_TEST
-    wc_Md5Final_ti(md5, hash) ;
-#endif
 }
 
 #endif /* STM32F2_HASH */
@@ -410,17 +392,10 @@ int wc_Md5Hash(const byte* data, word32 len, byte* hash)
     return 0;
 }
 
-#if defined(WOLFSSL_TI_HASH)||defined(TI_HASH_TEST)
-#include "wolfssl/wolfcrypt/port/ti/ti-hash.h"
-#endif
 void wc_Md5GetHash(Md5* md5, byte* hash)
 {
-#if defined(WOLFSSL_TI_HASH) || defined(TI_HASH_TEST)
-    wc_Md5GetHash_ti(md5, hash) ;
-#else
     Md5 save = *md5 ;
     wc_Md5Final(md5, hash) ;
     *md5 = save ;
-#endif
 }
 #endif /* NO_MD5 */
diff --git a/wolfcrypt/src/sha.c b/wolfcrypt/src/sha.c
index be2106cbd..d1b2dc572 100644
--- a/wolfcrypt/src/sha.c
+++ b/wolfcrypt/src/sha.c
@@ -452,20 +452,13 @@ int wc_ShaHash(const byte* data, word32 len, byte* hash)
 
 }
 
-#ifdef WOLFSSL_TI_HASH
-#include "wolfssl/wolfcrypt/port/ti/ti-hash.h"
-#endif
 int wc_ShaGetHash(Sha* sha, byte* hash)
 {
-#if defined(WOLFSS_TI_HASH)
-    wc_ShaGetHash_TI(sha, hash) ;
-#else
     int ret ;
     Sha save = *sha ;
     ret = wc_ShaFinal(sha, hash) ;
     *sha = save ;
     return ret ;
-#endif
 }
 
 #endif /* HAVE_FIPS */
diff --git a/wolfcrypt/src/sha256.c b/wolfcrypt/src/sha256.c
index 90f99a35b..93e94666d 100644
--- a/wolfcrypt/src/sha256.c
+++ b/wolfcrypt/src/sha256.c
@@ -576,20 +576,13 @@ int wc_Sha256Hash(const byte* data, word32 len, byte* hash)
     return ret;
 }
 
-#ifdef WOLFSSL_TI_HASH
-#include "wolfssl/wolfcrypt/port/ti/ti-hash.h"
-#endif
 int wc_Sha256GetHash(Sha256* sha256, byte* hash)
 {
-#if defined(WOLFSS_TI_HASH)
-    return wc_Sha256GetHash_TI(sha256, hash) ;
-#else
     int ret ;
     Sha256 save = *sha256 ;
     ret = wc_Sha256Final(sha256, hash) ;
     *sha256 = save ;
     return ret ;
-#endif
 }
 
 #if defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)
diff --git a/wolfssl/wolfcrypt/port/ti/ti-ccm.h b/wolfssl/wolfcrypt/port/ti/ti-ccm.h
new file mode 100644
index 000000000..f0fb24799
--- /dev/null
+++ b/wolfssl/wolfcrypt/port/ti/ti-ccm.h
@@ -0,0 +1,40 @@
+/* port/ti/ti_ccm.c
+ *
+ * Copyright (C) 2006-2015 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL. (formerly known as CyaSSL)
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#include <wolfssl/wolfcrypt/settings.h>
+
+#if defined(WOLFSSL_TI_CRYPT) ||  defined(WOLFSSL_TI_HASH)
+
+bool wolfSSL_TI_CCMInit(void) ;
+
+#ifndef SINGLE_THREADED
+void wolfSSL_TI_lockCCM() ;
+void wolfSSL_TI_unlockCCM() ;
+#else 
+#define wolfSSL_TI_lockCCM()
+#define wolfSSL_TI_unlockCCM()
+#endif
+
+#endif
diff --git a/wolfssl/wolfcrypt/port/ti/ti-hash.h b/wolfssl/wolfcrypt/port/ti/ti-hash.h
new file mode 100644
index 000000000..505ccc498
--- /dev/null
+++ b/wolfssl/wolfcrypt/port/ti/ti-hash.h
@@ -0,0 +1,64 @@
+/* port/ti/ti-hash.h
+ *
+ * Copyright (C) 2006-2015 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL. (formerly known as CyaSSL)
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+ 
+#ifndef WOLF_CRYPT_TI_HASH_H
+#define WOLF_CRYPT_TI_HASH_H
+
+#include <wolfssl/wolfcrypt/types.h>
+
+#ifndef WOLFSSL_TI_INITBUFF
+#define WOLFSSL_TI_INITBUFF 64
+#endif
+
+#define WOLFSSL_MAX_HASH_SIZE  64
+
+typedef struct {
+    byte   *msg ;
+    word32 used ;
+    word32 len ;
+    byte hash[WOLFSSL_MAX_HASH_SIZE] ;
+} wolfssl_TI_Hash ;
+
+
+#ifndef TI_HASH_TEST
+#if !defined(NO_MD5)
+typedef wolfssl_TI_Hash Md5 ;
+
+#endif
+#if !defined(NO_SHA)
+typedef wolfssl_TI_Hash Sha ;
+#endif
+#if !defined(NO_SHA256)
+typedef wolfssl_TI_Hash Sha256 ;
+#endif
+
+#if defined(HAVE_SHA224)
+typedef wolfssl_TI_Hash Sha224 ;
+#define SHA224_DIGEST_SIZE  28
+
+WOLFSSL_API int wc_InitSha224(Sha224* sha224) ;
+WOLFSSL_API int wc_Sha224Update(Sha224* sha224, const byte* data, word32 len) ;
+WOLFSSL_API int wc_Sha224Final(Sha224* sha224, byte* hash) ;
+WOLFSSL_API int wc_Sha224Hash(const byte* data, word32 len, byte*hash) ;
+
+#endif
+#endif
+#endif /* WOLF_CRYPT_TI_HASH_H  */

From ce8b4e0cdc2022fac9c1118709aa0e73a1c0cedb Mon Sep 17 00:00:00 2001
From: Takashi Kojo <kojo@wolfssl.com>
Date: Thu, 21 May 2015 18:26:35 +0900
Subject: [PATCH 093/350] Added ti-hash.c

---
 wolfcrypt/src/md5.c             |   2 +-
 wolfcrypt/src/port/ti/ti-hash.c | 128 ++++++++++++--------------------
 wolfcrypt/src/sha.c             |   2 +-
 wolfcrypt/src/sha256.c          |   2 +-
 4 files changed, 50 insertions(+), 84 deletions(-)

diff --git a/wolfcrypt/src/md5.c b/wolfcrypt/src/md5.c
index 64c2ff15a..d5bb17b63 100644
--- a/wolfcrypt/src/md5.c
+++ b/wolfcrypt/src/md5.c
@@ -166,7 +166,7 @@
 
 #elif defined(WOLFSSL_IT_HASH)
 
-    /* defined in port/ti_md5.c */
+    /* defined in port/ti_hash.c */
 
 #else /* CTaoCrypt software implementation */
 
diff --git a/wolfcrypt/src/port/ti/ti-hash.c b/wolfcrypt/src/port/ti/ti-hash.c
index 7647dcdb4..4b7f49a20 100644
--- a/wolfcrypt/src/port/ti/ti-hash.c
+++ b/wolfcrypt/src/port/ti/ti-hash.c
@@ -20,9 +20,15 @@
  */
 
 
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#include <wolfssl/wolfcrypt/settings.h>
+
 #include <wolfssl/wolfcrypt/types.h>
 
-#if defined(WOLFSSL_TI_HASH)||defined(TI_HASH_TEST)
+#if defined(WOLFSSL_TI_HASH)
 
 #ifdef __cplusplus
     extern "C" {
@@ -39,7 +45,7 @@
 #include <wolfssl/wolfcrypt/port/ti/ti-ccm.h>
 #include <wolfssl/wolfcrypt/logging.h>
 
-#if !defined(TI_HASH_TEST)
+#ifndef TI_DUMMY_BUILD
 #include "inc/hw_memmap.h"
 #include "inc/hw_shamd5.h"
 #include "inc/hw_ints.h"
@@ -47,6 +53,11 @@
 #include "driverlib/sysctl.h"
 #include "driverlib/rom_map.h"
 #include "driverlib/rom.h"
+#else
+#define SHAMD5_ALGO_MD5 1
+#define SHAMD5_ALGO_SHA1 2
+#define SHAMD5_ALGO_SHA256 3
+bool wolfSSL_TI_CCMInit(void) { return true ; }
 #endif
 
 static int hashInit(wolfssl_TI_Hash *hash) {
@@ -76,50 +87,33 @@ static int hashUpdate(wolfssl_TI_Hash *hash, const byte* data, word32 len)
     return 0 ;
 }
 
-static int hashFinal(wolfssl_TI_Hash *hash, byte* result, word32 algo, word32 hsize)
+static int hashGetHash(wolfssl_TI_Hash *hash, byte* result, word32 algo, word32 hsize)
 {   
-    #if !defined(TI_HASH_TEST)
     uint32_t h[16] ;
-
+#ifndef TI_DUMMY_BUILD
     wolfSSL_TI_lockCCM() ;
     ROM_SHAMD5Reset(SHAMD5_BASE);
     ROM_SHAMD5ConfigSet(SHAMD5_BASE, algo);
     ROM_SHAMD5DataProcess(SHAMD5_BASE, 
                    (uint32_t *)hash->msg, hash->used, h);
-    XMEMCPY(result, h, hsize) ;
     wolfSSL_TI_unlockCCM() ;
-    #else
-    (void) result ;
+#else
+    (void) hash ;
     (void) algo ;
-    (void) hsize ;
-    #endif
+#endif
+    XMEMCPY(result, h, hsize) ;
+
+    return 0 ;
+}
+
+static int hashFinal(wolfssl_TI_Hash *hash, byte* result, word32 algo, word32 hsize)
+{   
+    hashGetHash(hash, result, algo, hsize) ;
     XFREE(hash->msg, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     hashInit(hash) ;
     return 0 ;
 }
 
-static int hashGetHash(wolfssl_TI_Hash *hash, byte* result, word32 algo, word32 hsize)
-{   
-    #if !defined(TI_HASH_TEST)
-    uint32_t h[16] ;
-
-    wolfSSL_TI_lockCCM() ;
-    ROM_SHAMD5Reset(SHAMD5_BASE);
-    ROM_SHAMD5ConfigSet(SHAMD5_BASE, algo);
-    ROM_SHAMD5DataProcess(SHAMD5_BASE, 
-                   (uint32_t *)hash->msg, hash->used, h);
-    XMEMCPY(result, h, hsize) ;
-    wolfSSL_TI_unlockCCM() ;
-    #else
-    (void) hash ;
-    (void) result ;
-    (void) algo ;
-    (void) hsize ;
-    #endif
-    return 0 ;
-}
-
-#ifndef TI_HASH_TEST
 static int hashHash(const byte* data, word32 len, byte* hash, word32 algo, word32 hsize)
 {
     int ret = 0;
@@ -149,82 +143,39 @@ static int hashHash(const byte* data, word32 len, byte* hash, word32 algo, word3
 
     return ret;
 }
-#endif
 
 #if !defined(NO_MD5)
-
-#ifdef TI_HASH_TEST
-#define SHAMD5_ALGO_MD5 1
-void wc_InitMd5_ti(Md5* md5) ;
-void wc_Md5Update_ti(Md5* md5, const byte* data, word32 len);
-void wc_Md5Final_ti(Md5* md5, byte* hash);
-bool wolfSSL_TI_CCMInit(void) ;
-bool wolfSSL_TI_CCMInit(void) { return true ; }
-#endif 
-
-#ifdef TI_HASH_TEST
-void wc_InitMd5_ti(Md5* md5)
-#else
-void wc_InitMd5(Md5* md5)
-#endif
+WOLFSSL_API void wc_InitMd5(Md5* md5)
 {
     if (md5 == NULL)
         return ;
     if(!wolfSSL_TI_CCMInit())return  ;
-    #ifdef TI_HASH_TEST
-    hashInit(&(md5->ti)) ;
-    #else
     hashInit((wolfssl_TI_Hash *)md5) ;
-    #endif
 }
 
-#ifdef TI_HASH_TEST
-void wc_Md5Update_ti(Md5* md5, const byte* data, word32 len)
-#else
-void wc_Md5Update(Md5* md5, const byte* data, word32 len)
-#endif
+WOLFSSL_API void wc_Md5Update(Md5* md5, const byte* data, word32 len)
 {
-    #ifdef TI_HASH_TEST
-    hashUpdate(&(md5->ti), data, len) ;
-    #else
     hashUpdate((wolfssl_TI_Hash *)md5, data, len) ;
-    #endif
 }
 
-#ifdef TI_HASH_TEST
-void wc_Md5Final_ti(Md5* md5, byte* hash)
-#else
-void wc_Md5Final(Md5* md5, byte* hash)
-#endif
+WOLFSSL_API void wc_Md5Final(Md5* md5, byte* hash)
 {
-    #ifdef TI_HASH_TEST
-    hashFinal(&(md5->ti), hash, SHAMD5_ALGO_MD5, MD5_DIGEST_SIZE) ;
-    #else
     hashFinal((wolfssl_TI_Hash *)md5, hash, SHAMD5_ALGO_MD5, MD5_DIGEST_SIZE) ;
-    #endif
 }
 
-
-void wc_Md5GetHash_ti(Md5* md5, byte* hash)
+WOLFSSL_API void wc_Md5GetHash(Md5* md5, byte* hash)
 {
-    hashGetHash(&(md5->ti), hash, SHAMD5_ALGO_MD5, MD5_DIGEST_SIZE) ;
-    #ifdef TI_HASH_TEST
-    wc_Md5Final(md5, hash) ;
-    #endif
+    hashGetHash(md5, hash, SHAMD5_ALGO_MD5, MD5_DIGEST_SIZE) ;
 }
 
-#ifndef TI_HASH_TEST
 WOLFSSL_API int wc_Md5Hash(const byte*data, word32 len, byte*hash)
 { 
     return hashHash(data, len, hash, SHAMD5_ALGO_MD5, MD5_DIGEST_SIZE) ;
 }
-#endif
 
 #endif /* NO_MD5 */
 
-#ifndef TI_HASH_TEST
 #if !defined(NO_SHA)
-
 WOLFSSL_API int wc_InitSha(Sha* sha)
 {
     if (sha == NULL)
@@ -242,6 +193,12 @@ WOLFSSL_API int wc_ShaFinal(Sha* sha, byte* hash)
 {
    return hashFinal((wolfssl_TI_Hash *)sha, hash, SHAMD5_ALGO_SHA1, SHA_DIGEST_SIZE) ;
 }
+
+WOLFSSL_API int wc_ShaGetHash(Sha* sha, byte* hash)
+{
+    return hashGetHash(sha, hash, SHAMD5_ALGO_SHA1, SHA_DIGEST_SIZE) ;
+}
+
 WOLFSSL_API int wc_ShaHash(const byte*data, word32 len, byte*hash)
 { 
     return hashHash(data, len, hash, SHAMD5_ALGO_SHA1, SHA_DIGEST_SIZE) ;
@@ -268,6 +225,11 @@ WOLFSSL_API int wc_Sha224Final(Sha224* sha224, byte* hash)
    return hashFinal((wolfssl_TI_Hash *)sha224, hash, SHAMD5_ALGO_SHA224, SHA224_DIGEST_SIZE) ;
 }
 
+WOLFSSL_API int wc_Sha224GetHash(Sha224* sha224, byte* hash)
+{
+    return hashGetHash(sha224, hash, SHAMD5_ALGO_SHA224, SHA224_DIGEST_SIZE) ;
+}
+
 WOLFSSL_API int wc_Sha224Hash(const byte* data, word32 len, byte*hash)
 { 
     return hashHash(data, len, hash, SHAMD5_ALGO_SHA224, SHA224_DIGEST_SIZE) ;
@@ -294,11 +256,15 @@ WOLFSSL_API int wc_Sha256Final(Sha256* sha256, byte* hash)
    return hashFinal((wolfssl_TI_Hash *)sha256, hash, SHAMD5_ALGO_SHA256, SHA256_DIGEST_SIZE) ;
 }
 
+WOLFSSL_API int wc_Sha256GetHash(Sha256* sha256, byte* hash)
+{
+    return hashGetHash(sha256, hash, SHAMD5_ALGO_SHA256, SHA_DIGEST_SIZE) ;
+}
+
 WOLFSSL_API int wc_Sha256Hash(const byte* data, word32 len, byte*hash)
 { 
     return hashHash(data, len, hash, SHAMD5_ALGO_SHA256, SHA256_DIGEST_SIZE) ;
 }
 #endif
-#endif /* TI_HASH_TEST */
 
 #endif
diff --git a/wolfcrypt/src/sha.c b/wolfcrypt/src/sha.c
index d1b2dc572..78f2640f0 100644
--- a/wolfcrypt/src/sha.c
+++ b/wolfcrypt/src/sha.c
@@ -198,7 +198,7 @@ int wc_ShaFinal(Sha* sha, byte* hash)
 
 #elif defined(WOLFSSL_TI_HASH)
  
-    /* defined in port/ti/ti_sha.c */
+    /* defined in port/ti/ti_hash.c */
 
 #else /* wc_ software implementation */
 
diff --git a/wolfcrypt/src/sha256.c b/wolfcrypt/src/sha256.c
index 93e94666d..a204637f4 100644
--- a/wolfcrypt/src/sha256.c
+++ b/wolfcrypt/src/sha256.c
@@ -57,7 +57,7 @@ int wc_Sha256Hash(const byte* data, word32 len, byte* out)
 #else /* else build without fips */
 
 #if !defined(NO_SHA256) && !defined(WOLFSSL_TI_HASH)
-    /* defined in port/ti/ti_sha256.c */
+    /* defined in port/ti/ti_hash.c */
 
 #if !defined (ALIGN32)
     #if defined (__GNUC__)

From 5bcce85de41d499fa6af0c9c921d692b36fdc409 Mon Sep 17 00:00:00 2001
From: Takashi Kojo <kojo@wolfssl.com>
Date: Thu, 21 May 2015 18:34:51 +0900
Subject: [PATCH 094/350] md5.h cleaned

---
 wolfssl/wolfcrypt/md5.h | 9 ---------
 1 file changed, 9 deletions(-)

diff --git a/wolfssl/wolfcrypt/md5.h b/wolfssl/wolfcrypt/md5.h
index f7d7c150a..b1f775c4c 100644
--- a/wolfssl/wolfcrypt/md5.h
+++ b/wolfssl/wolfcrypt/md5.h
@@ -71,17 +71,8 @@ typedef struct Md5 {
     word32  digest[PIC32_HASH_SIZE / sizeof(word32)];
     pic32mz_desc desc ; /* Crypt Engine descripter */
     #endif
-
-#ifdef TI_HASH_TEST
-    wolfssl_TI_Hash ti ;
-#endif
-
 } Md5;
 
-#if defined(TI_HASH_TEST)
-void wc_Md5GetHash_ti(Md5* md5, byte* hash) ;
-#endif
-
 #else /* WOLFSSL_TI_HASH */
     #include "wolfssl/wolfcrypt/port/ti/ti-hash.h"
 #endif

From 64602d19698870aa36d69ba091f6718ec431ded7 Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Thu, 21 May 2015 10:11:21 -0700
Subject: [PATCH 095/350] added check for allowed minimum DH key size

---
 certs/test/catalog.txt   |   6 ++++++
 certs/test/dh1024.der    | Bin 0 -> 138 bytes
 certs/test/dh1024.pem    |  17 +++++++++++++++++
 certs/test/dh512.der     | Bin 0 -> 72 bytes
 certs/test/dh512.pem     |  12 ++++++++++++
 examples/client/client.c |  22 +++++++++++++++++++++-
 examples/server/server.c |  33 +++++++++++++++++++++++++++++++--
 src/internal.c           |  27 +++++++++++++++++++++++++++
 src/ssl.c                |  35 +++++++++++++++++++++++++++++++++++
 wolfssl/error-ssl.h      |   2 ++
 wolfssl/internal.h       |  21 +++++++++++++++++++++
 wolfssl/ssl.h            |   4 ++++
 wolfssl/test.h           |   5 +++++
 13 files changed, 181 insertions(+), 3 deletions(-)
 create mode 100644 certs/test/dh1024.der
 create mode 100644 certs/test/dh1024.pem
 create mode 100644 certs/test/dh512.der
 create mode 100644 certs/test/dh512.pem

diff --git a/certs/test/catalog.txt b/certs/test/catalog.txt
index dcc1393d4..a1f77b4b3 100644
--- a/certs/test/catalog.txt
+++ b/certs/test/catalog.txt
@@ -1,3 +1,9 @@
 crit-cert.pem:
   Simple self-signed certificate with critical Basic Constraints and Key Usage
   extensions.
+dh512.pem, dh512.der:
+  512-bit DH parameters. Used for testing the rejection of lower-bit sized DH
+  keys.
+dh1024.pem, dh1024.der:
+  1024-bit DH parameters. Used for testing the rejection of lower-bit sized DH
+  keys.
diff --git a/certs/test/dh1024.der b/certs/test/dh1024.der
new file mode 100644
index 0000000000000000000000000000000000000000..1a3ff399f733d01722161352eee93f06dae5dcd6
GIT binary patch
literal 138
zcmXqLY-eh0WO!G+Z1TR9JK}?O&bhLJzxU^cV9k}PY<yGie(gMw&AD!hOp+<9<?39w
zqnj4}UGQ)h<5C9ydY7jqjonsyzh3?Oc3492)ZcgAbLR0%MTM7_Bu{)ExI4FU@}n&=
wzZ4b!$8LTeGl}EWX}{+^pJfz#TzYa16RMt>i&jd@#vTqkyuhoMnTe4J0Mcng9smFU

literal 0
HcmV?d00001

diff --git a/certs/test/dh1024.pem b/certs/test/dh1024.pem
new file mode 100644
index 000000000..82d14e766
--- /dev/null
+++ b/certs/test/dh1024.pem
@@ -0,0 +1,17 @@
+    DH Parameters: (1024 bit)
+        prime:
+            00:ee:73:a6:93:be:a9:b8:5f:52:b9:9c:d4:a8:0f:
+            8d:f9:b0:53:29:a9:25:06:0e:95:dd:f5:89:c8:6b:
+            09:ae:94:1c:62:35:05:39:ab:6d:46:c5:b2:a2:fd:
+            a0:e1:ba:01:a5:00:4f:7f:44:e5:74:81:8b:3a:2e:
+            fa:ea:fe:f6:c3:18:11:ca:fd:ee:8b:9c:9e:0d:1a:
+            5a:57:77:74:63:91:e7:51:bb:6d:79:93:e2:b4:5c:
+            fa:21:21:ff:5d:b3:e7:5c:92:08:ca:cb:4e:e7:8c:
+            f3:1c:21:8c:44:8c:6d:31:60:7a:e6:37:15:79:1b:
+            1d:5d:c3:56:c3:a0:4a:8d:03
+        generator: 2 (0x2)
+-----BEGIN DH PARAMETERS-----
+MIGHAoGBAO5zppO+qbhfUrmc1KgPjfmwUympJQYOld31ichrCa6UHGI1BTmrbUbF
+sqL9oOG6AaUAT39E5XSBizou+ur+9sMYEcr97oucng0aWld3dGOR51G7bXmT4rRc
++iEh/12z51ySCMrLTueM8xwhjESMbTFgeuY3FXkbHV3DVsOgSo0DAgEC
+-----END DH PARAMETERS-----
diff --git a/certs/test/dh512.der b/certs/test/dh512.der
new file mode 100644
index 0000000000000000000000000000000000000000..f743db4219b6080049fd58d208f515c65f32584c
GIT binary patch
literal 72
zcmXqTV{&9@FH@fR@c!*A=RN~%|KwoS@^cMLeH&M}_#50f>3Z{Q>SJ%+ZLiB0tG)7N
eZn=4VTh_L_fz#6tmOsmWD>>2isQP9mMkWBCtRchz

literal 0
HcmV?d00001

diff --git a/certs/test/dh512.pem b/certs/test/dh512.pem
new file mode 100644
index 000000000..d1fef9243
--- /dev/null
+++ b/certs/test/dh512.pem
@@ -0,0 +1,12 @@
+    DH Parameters: (512 bit)
+        prime:
+            00:87:76:23:99:e1:df:db:6a:43:8e:30:2b:4f:63:
+            53:05:77:ce:80:02:8e:b1:a8:44:4f:30:d8:c9:45:
+            d9:cd:65:e3:4b:2d:b6:eb:77:a3:26:ea:4d:03:84:
+            d9:d7:b6:6a:b6:dd:51:97:66:c1:77:e6:6b:ed:19:
+            91:45:c5:27:b3
+        generator: 2 (0x2)
+-----BEGIN DH PARAMETERS-----
+MEYCQQCHdiOZ4d/bakOOMCtPY1MFd86AAo6xqERPMNjJRdnNZeNLLbbrd6Mm6k0D
+hNnXtmq23VGXZsF35mvtGZFFxSezAgEC
+-----END DH PARAMETERS-----
diff --git a/examples/client/client.c b/examples/client/client.c
index ee5dae9ca..0546bb0f2 100644
--- a/examples/client/client.c
+++ b/examples/client/client.c
@@ -130,6 +130,10 @@ static void Usage(void)
     printf("-c <file>   Certificate file,           default %s\n", cliCert);
     printf("-k <file>   Key file,                   default %s\n", cliKey);
     printf("-A <file>   Certificate Authority file, default %s\n", caCert);
+#ifndef NO_DH
+    printf("-Z <num>    Minimum DH key bits,        default %d\n",
+                                 DEFAULT_MIN_DHKEY_BITS);
+#endif
     printf("-b <num>    Benchmark <num> connections and print stats\n");
     printf("-s          Use pre Shared keys\n");
     printf("-t          Track wolfSSL memory use\n");
@@ -224,6 +228,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
     int    atomicUser    = 0;
     int    pkCallbacks   = 0;
     int    overrideDateErrors = 0;
+    int    minDhKeyBits  = DEFAULT_MIN_DHKEY_BITS;
     char*  cipherList = NULL;
     const char* verifyCert = caCert;
     const char* ourCert    = cliCert;
@@ -269,11 +274,12 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
     (void)useClientCert;
     (void)overrideDateErrors;
     (void)disableCRL;
+    (void)minDhKeyBits;
 
     StackTrap();
 
     while ((ch = mygetopt(argc, argv,
-                          "?gdDusmNrwRitfxXUPCh:p:v:l:A:c:k:b:zS:L:ToO:a"))
+                          "?gdDusmNrwRitfxXUPCh:p:v:l:A:c:k:Z:b:zS:L:ToO:a"))
                                                                         != -1) {
         switch (ch) {
             case '?' :
@@ -375,6 +381,16 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
                 ourKey = myoptarg;
                 break;
 
+            case 'Z' :
+                #ifndef NO_DH
+                    minDhKeyBits = atoi(myoptarg);
+                    if (minDhKeyBits <= 0 || minDhKeyBits > 16000) {
+                        Usage();
+                        exit(MY_EX_USAGE);
+                    }
+                #endif
+                break;
+
             case 'b' :
                 benchmark = atoi(myoptarg);
                 if (benchmark < 0 || benchmark > 1000000) {
@@ -570,6 +586,10 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
     if (fewerPackets)
         wolfSSL_CTX_set_group_messages(ctx);
 
+#ifndef NO_DH
+    wolfSSL_CTX_SetMinDhKey_Sz(ctx, (word16)minDhKeyBits);
+#endif
+
     if (usePsk) {
 #ifndef NO_PSK
         wolfSSL_CTX_set_psk_client_callback(ctx, my_psk_client_cb);
diff --git a/examples/server/server.c b/examples/server/server.c
index 5ebfb7d38..a8d597a7e 100644
--- a/examples/server/server.c
+++ b/examples/server/server.c
@@ -131,6 +131,11 @@ static void Usage(void)
     printf("-c <file>   Certificate file,           default %s\n", svrCert);
     printf("-k <file>   Key file,                   default %s\n", svrKey);
     printf("-A <file>   Certificate Authority file, default %s\n", cliCert);
+#ifndef NO_DH
+    printf("-D <file>   Diffie-Hellman Params file, default %s\n", dhParam);
+    printf("-Z <num>    Minimum DH key bits,        default %d\n",
+                                 DEFAULT_MIN_DHKEY_BITS);
+#endif
     printf("-d          Disable client cert check\n");
     printf("-b          Bind to any interface instead of localhost only\n");
     printf("-s          Use pre Shared keys\n");
@@ -184,11 +189,13 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
     int    serverReadyFile = 0;
     int    wc_shutdown     = 0;
     int    resume = 0;            /* do resume, and resume count */
+    int    minDhKeyBits = DEFAULT_MIN_DHKEY_BITS;
     int    ret;
     char*  cipherList = NULL;
     const char* verifyCert = cliCert;
     const char* ourCert    = svrCert;
     const char* ourKey     = svrKey;
+    const char* ourDhParam = dhParam;
     int    argc = ((func_args*)args)->argc;
     char** argv = ((func_args*)args)->argv;
 
@@ -213,15 +220,17 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
     (void)needDH;
     (void)ourKey;
     (void)ourCert;
+    (void)ourDhParam;
     (void)verifyCert;
     (void)useNtruKey;
     (void)doCliCertCheck;
+    (void)minDhKeyBits;
 
 #ifdef CYASSL_TIRTOS
     fdOpenSession(Task_self());
 #endif
 
-    while ((ch = mygetopt(argc, argv, "?dbstnNufrRawPp:v:l:A:c:k:S:oO:"))
+    while ((ch = mygetopt(argc, argv, "?dbstnNufrRawPp:v:l:A:c:k:Z:S:oO:D:"))
                          != -1) {
         switch (ch) {
             case '?' :
@@ -310,6 +319,22 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
                 ourKey = myoptarg;
                 break;
 
+            case 'D' :
+                #ifndef NO_DH
+                    ourDhParam = myoptarg;
+                #endif
+                break;
+
+            case 'Z' :
+                #ifndef NO_DH
+                    minDhKeyBits = atoi(myoptarg);
+                    if (minDhKeyBits <= 0 || minDhKeyBits > 16000) {
+                        Usage();
+                        exit(MY_EX_USAGE);
+                    }
+                #endif
+                break;
+
             case 'N':
                 nonBlocking = 1;
                 break;
@@ -451,6 +476,10 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
     }
 #endif
 
+#ifndef NO_DH
+    wolfSSL_CTX_SetMinDhKey_Sz(ctx, (word16)minDhKeyBits);
+#endif
+
 #ifdef HAVE_NTRU
     if (useNtruKey) {
         if (CyaSSL_CTX_use_NTRUPrivateKey_file(ctx, ourKey)
@@ -579,7 +608,7 @@ while (1) {  /* allow resume option */
     SSL_set_fd(ssl, clientfd);
     if (usePsk == 0 || useAnon == 1 || cipherList != NULL || needDH == 1) {
         #if !defined(NO_FILESYSTEM) && !defined(NO_DH) && !defined(NO_ASN)
-            CyaSSL_SetTmpDH_file(ssl, dhParam, SSL_FILETYPE_PEM);
+            CyaSSL_SetTmpDH_file(ssl, ourDhParam, SSL_FILETYPE_PEM);
         #elif !defined(NO_DH)
             SetDH(ssl);  /* repick suites with DHE, higher priority than PSK */
         #endif
diff --git a/src/internal.c b/src/internal.c
index aa69f8310..217dec9b5 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -372,6 +372,10 @@ int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method)
         return BAD_MUTEX_E;
     }
 
+#ifndef NO_DH
+    ctx->minDhKeySz = MIN_DHKEY_SZ;
+#endif
+
 #ifdef HAVE_ECC
     ctx->eccTempKeySz = ECDHE_SIZE;
 #endif
@@ -1537,6 +1541,10 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx)
     ssl->options.handShakeState  = NULL_STATE;
     ssl->options.processReply = doProcessInit;
 
+#ifndef NO_DH
+    ssl->options.minDhKeySz = ctx->minDhKeySz;
+#endif
+
 #ifdef WOLFSSL_DTLS
     ssl->dtls_timeout_init              = DTLS_TIMEOUT_INIT;
     ssl->dtls_timeout_max               = DTLS_TIMEOUT_MAX;
@@ -8024,6 +8032,9 @@ const char* wolfSSL_ERR_reason_error_string(unsigned long e)
     case BAD_TICKET_ENCRYPT:
         return "Bad user ticket callback encrypt Error";
 
+    case DH_KEY_SIZE_E:
+        return "DH key too small Error";
+
     default :
         return "unknown error number";
     }
@@ -9755,6 +9766,12 @@ static void PickHashSigAlgo(WOLFSSL* ssl,
         if ((*inOutIdx - begin) + length > size)
             return BUFFER_ERROR;
 
+        if (length < ssl->options.minDhKeySz) {
+            WOLFSSL_MSG("Server using a DH key that is too small");
+            SendAlert(ssl, alert_fatal, handshake_failure);
+            return DH_KEY_SIZE_E;
+        }
+
         ssl->buffers.serverDH_P.buffer = (byte*) XMALLOC(length, ssl->heap,
                                                          DYNAMIC_TYPE_DH);
 
@@ -9766,6 +9783,8 @@ static void PickHashSigAlgo(WOLFSSL* ssl,
         XMEMCPY(ssl->buffers.serverDH_P.buffer, input + *inOutIdx, length);
         *inOutIdx += length;
 
+        ssl->options.dhKeySz = length;
+
         /* g */
         if ((*inOutIdx - begin) + OPAQUE16_LEN > size)
             return BUFFER_ERROR;
@@ -9885,6 +9904,12 @@ static void PickHashSigAlgo(WOLFSSL* ssl,
         if ((*inOutIdx - begin) + length > size)
             return BUFFER_ERROR;
 
+        if (length < ssl->options.minDhKeySz) {
+            WOLFSSL_MSG("Server using a DH key that is too small");
+            SendAlert(ssl, alert_fatal, handshake_failure);
+            return DH_KEY_SIZE_E;
+        }
+
         ssl->buffers.serverDH_P.buffer = (byte*) XMALLOC(length, ssl->heap,
                                                          DYNAMIC_TYPE_DH);
 
@@ -9896,6 +9921,8 @@ static void PickHashSigAlgo(WOLFSSL* ssl,
         XMEMCPY(ssl->buffers.serverDH_P.buffer, input + *inOutIdx, length);
         *inOutIdx += length;
 
+        ssl->options.dhKeySz = length;
+
         /* g */
         if ((*inOutIdx - begin) + OPAQUE16_LEN > size)
             return BUFFER_ERROR;
diff --git a/src/ssl.c b/src/ssl.c
index 258b91db6..7342e81a4 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -438,6 +438,9 @@ int wolfSSL_SetTmpDH(WOLFSSL* ssl, const unsigned char* p, int pSz,
     WOLFSSL_ENTER("wolfSSL_SetTmpDH");
     if (ssl == NULL || p == NULL || g == NULL) return BAD_FUNC_ARG;
 
+    if (pSz < ssl->options.minDhKeySz)
+        return DH_KEY_SIZE_E;
+
     if (ssl->options.side != WOLFSSL_SERVER_END)
         return SIDE_ERROR;
 
@@ -487,6 +490,9 @@ int wolfSSL_CTX_SetTmpDH(WOLFSSL_CTX* ctx, const unsigned char* p, int pSz,
     WOLFSSL_ENTER("wolfSSL_CTX_SetTmpDH");
     if (ctx == NULL || p == NULL || g == NULL) return BAD_FUNC_ARG;
 
+    if (pSz < ctx->minDhKeySz)
+        return DH_KEY_SIZE_E;
+
     XFREE(ctx->serverDH_P.buffer, ctx->heap, DYNAMIC_TYPE_DH);
     XFREE(ctx->serverDH_G.buffer, ctx->heap, DYNAMIC_TYPE_DH);
 
@@ -3894,6 +3900,35 @@ int wolfSSL_CTX_SetTmpDH_file(WOLFSSL_CTX* ctx, const char* fname, int format)
 }
 
 
+int wolfSSL_CTX_SetMinDhKey_Sz(WOLFSSL_CTX* ctx, word16 keySz)
+{
+    if (ctx == NULL || keySz > 16000 || keySz % 8 != 0)
+        return BAD_FUNC_ARG;
+
+    ctx->minDhKeySz = keySz / 8;
+    return SSL_SUCCESS;
+}
+
+
+int wolfSSL_SetMinDhKey_Sz(WOLFSSL* ssl, word16 keySz)
+{
+    if (ssl == NULL || keySz > 16000 || keySz % 8 != 0)
+        return BAD_FUNC_ARG;
+
+    ssl->options.minDhKeySz = keySz / 8;
+    return SSL_SUCCESS;
+}
+
+
+int wolfSSL_GetDhKey_Sz(WOLFSSL* ssl)
+{
+    if (ssl == NULL)
+        return BAD_FUNC_ARG;
+
+    return (ssl->options.dhKeySz * 8);
+}
+
+
 #endif /* NO_DH */
 
 
diff --git a/wolfssl/error-ssl.h b/wolfssl/error-ssl.h
index d9dc80dc0..f151c3fb5 100644
--- a/wolfssl/error-ssl.h
+++ b/wolfssl/error-ssl.h
@@ -133,6 +133,8 @@ enum wolfSSL_ErrorCodes {
     BAD_TICKET_MSG_SZ       = -399,        /* Bad session ticket msg size    */
     BAD_TICKET_ENCRYPT      = -400,        /* Bad user ticket encrypt        */
 
+    DH_KEY_SIZE_E           = -401,        /* DH Key too small */
+
     /* add strings to SetErrorString !!!!! */
 
     /* begin negotiation parameter errors */
diff --git a/wolfssl/internal.h b/wolfssl/internal.h
index edba235dc..d8e4da871 100644
--- a/wolfssl/internal.h
+++ b/wolfssl/internal.h
@@ -895,6 +895,20 @@ enum Misc {
     COPY               =   1   /* should we copy static buffer for write */
 };
 
+
+#ifndef WOLFSSL_MIN_DHKEY_BITS
+    #ifdef WOLFSSL_MAX_STRENGTH
+        #define WOLFSSL_MIN_DHKEY_BITS 2048
+    #else
+        #define WOLFSSL_MIN_DHKEY_BITS 1024
+    #endif
+#endif
+#if (WOLFSSL_MIN_DHKEY_BITS % 8)
+    #error DH minimum bit size must be multiple of 8
+#endif
+#define MIN_DHKEY_SZ (WOLFSSL_MIN_DHKEY_BITS / 8)
+
+
 #ifdef SESSION_INDEX
 /* Shift values for making a session index */
 #define SESSIDX_ROW_SHIFT 4
@@ -1508,6 +1522,9 @@ struct WOLFSSL_CTX {
     byte        quietShutdown;    /* don't send close notify */
     byte        groupMessages;    /* group handshake messages before sending */
     byte        minDowngrade;     /* minimum downgrade version */
+#ifndef NO_DH
+    word16      minDhKeySz;       /* minimum DH key size */
+#endif
     CallbackIORecv CBIORecv;
     CallbackIOSend CBIOSend;
 #ifdef WOLFSSL_DTLS
@@ -1916,6 +1933,10 @@ typedef struct Options {
     byte            minDowngrade;       /* minimum downgrade version */
     byte            connectState;       /* nonblocking resume */
     byte            acceptState;        /* nonblocking resume */
+#ifndef NO_DH
+    word16          minDhKeySz;         /* minimum DH key size */
+    word16          dhKeySz;            /* actual DH key size */
+#endif
 
 } Options;
 
diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h
index aaa100db8..f50bf9eb4 100644
--- a/wolfssl/ssl.h
+++ b/wolfssl/ssl.h
@@ -901,6 +901,10 @@ WOLFSSL_API int  wolfSSL_CTX_SetTmpDH_buffer(WOLFSSL_CTX*, const unsigned char*
     WOLFSSL_API int  wolfSSL_CTX_SetTmpDH_file(WOLFSSL_CTX*, const char* f,
                                              int format);
 #endif
+
+WOLFSSL_API int wolfSSL_CTX_SetMinDhKey_Sz(WOLFSSL_CTX*, unsigned short);
+WOLFSSL_API int wolfSSL_SetMinDhKey_Sz(WOLFSSL*, unsigned short);
+WOLFSSL_API int wolfSSL_GetDhKey_Sz(WOLFSSL*);
 #endif /* NO_DH */
 
 WOLFSSL_API int  wolfSSL_SetTmpEC_DHE_Sz(WOLFSSL*, unsigned short);
diff --git a/wolfssl/test.h b/wolfssl/test.h
index 31d90f12b..1b1e444ba 100644
--- a/wolfssl/test.h
+++ b/wolfssl/test.h
@@ -154,6 +154,11 @@
 #define CLIENT_DEFAULT_VERSION 3
 #define CLIENT_DTLS_DEFAULT_VERSION (-2)
 #define CLIENT_INVALID_VERSION (-99)
+#if !defined(NO_FILESYSTEM) && defined(WOLFSSL_MAX_STRENGTH)
+    #define DEFAULT_MIN_DHKEY_BITS 2048
+#else
+    #define DEFAULT_MIN_DHKEY_BITS 1024
+#endif
 
 /* all certs relative to wolfSSL home directory now */
 #define caCert     "./certs/ca-cert.pem"

From 8fbcd7d74b52768f680fdbe2b74ede25be0f73de Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Thu, 21 May 2015 10:30:54 -0700
Subject: [PATCH 096/350] added upper bound check on DH min bit size for
 configure forced default

---
 wolfssl/internal.h | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/wolfssl/internal.h b/wolfssl/internal.h
index d8e4da871..d4dc91247 100644
--- a/wolfssl/internal.h
+++ b/wolfssl/internal.h
@@ -906,6 +906,9 @@ enum Misc {
 #if (WOLFSSL_MIN_DHKEY_BITS % 8)
     #error DH minimum bit size must be multiple of 8
 #endif
+#if (WOLFSSL_MIN_DHKEY_BITS > 16000)
+    #error DH minimum bit size must not be greater than 16000
+#endif
 #define MIN_DHKEY_SZ (WOLFSSL_MIN_DHKEY_BITS / 8)
 
 

From aaa1fe813a8ce8f9ebcbf55ef719d462672a6d80 Mon Sep 17 00:00:00 2001
From: Takashi Kojo <kojo@wolfssl.com>
Date: Fri, 22 May 2015 09:55:49 +0900
Subject: [PATCH 097/350] Added aes.c/des3.c

---
 wolfcrypt/benchmark/benchmark.c |  6 ++---
 wolfcrypt/src/aes.c             | 40 ++++++++++++++++++++++++++-------
 wolfcrypt/src/des3.c            |  3 +++
 wolfssl/wolfcrypt/aes.h         |  3 +++
 4 files changed, 41 insertions(+), 11 deletions(-)

diff --git a/wolfcrypt/benchmark/benchmark.c b/wolfcrypt/benchmark/benchmark.c
index 9c27980e7..bd5fd27f5 100644
--- a/wolfcrypt/benchmark/benchmark.c
+++ b/wolfcrypt/benchmark/benchmark.c
@@ -1846,9 +1846,9 @@ void bench_ed25519KeySign(void)
         return ( ns / CLOCK * 2.0);
     }
 
-#elif defined(WOLFSSL_IAR_ARM) || defined (WOLFSSL_MDK_ARM)
-    #warning "Write your current_time()"
-    double current_time(int reset) { return 0.0 ; }
+#elif defined(WOLFSSL_IAR_ARM_TIME) || defined (WOLFSSL_MDK_ARM)
+    extern   double current_time(int reset);
+
     
 #elif defined FREERTOS
 
diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c
index 896ee147d..9e80e9839 100644
--- a/wolfcrypt/src/aes.c
+++ b/wolfcrypt/src/aes.c
@@ -230,6 +230,10 @@ void wc_AesFreeCavium(Aes* aes)
                                     word32 length);
     static int  wc_AesCaviumCbcDecrypt(Aes* aes, byte* out, const byte* in,
                                     word32 length);
+#elif defined(WOLFSSL_TI_CRYPT)
+    
+    /* defined in port/ti_aes.c */
+
 #else
     /* using CTaoCrypt software AES implementation */
     #define NEED_AES_TABLES
@@ -1505,6 +1509,11 @@ static void wc_AesDecrypt(Aes* aes, const byte* inBlock, byte* outBlock)
     {
         return wc_AesSetKey(aes, userKey, keylen, iv, dir);
     }
+    
+#elif defined(WOLFSSL_TI_CRYPT)
+    
+    /* defined in port/ti_md5.c */
+
 #else
     static int wc_AesSetKeyLocal(Aes* aes, const byte* userKey, word32 keylen,
                 const byte* iv, int dir)
@@ -1775,17 +1784,21 @@ int wc_AesCbcDecryptWithKey(byte* out, const byte* in, word32 inSz,
     #elif defined(WOLFSSL_PIC32MZ_CRYPT)
         #error "PIC32MZ doesn't yet support AES direct"
 
+    #elif defined(WOLFSSL_TI_CRYPT)
+    
+        /* defined in port/ti_aes.c */
+    
     #else
         /* Allow direct access to one block encrypt */
         void wc_AesEncryptDirect(Aes* aes, byte* out, const byte* in)
         {
-            return wc_AesEncrypt(aes, in, out);
+            wc_AesEncrypt(aes, in, out);
         }
 
         /* Allow direct access to one block decrypt */
         void wc_AesDecryptDirect(Aes* aes, byte* out, const byte* in)
         {
-            return wc_AesDecrypt(aes, in, out);
+            wc_AesDecrypt(aes, in, out);
         }
 
     #endif /* FREESCALE_MMCAU, AES direct block */
@@ -2309,6 +2322,10 @@ int wc_AesCbcDecryptWithKey(byte* out, const byte* in, word32 inSz,
         return 0 ;
     }
 
+#elif defined(WOLFSSL_TI_CRYPT)
+    
+    /* defined in port/ti_aes.c */    
+
 #else
     int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
     {
@@ -2589,7 +2606,10 @@ int wc_AesCbcDecryptWithKey(byte* out, const byte* in, word32 inSz,
 
     #elif defined(FREESCALE_MMCAU)
         #error "Freescale mmCAU doesn't currently support AES-CTR mode"
-
+    
+    #elif defined(WOLFSSL_TI_CRYPT)
+        /* defined in port/ti/ti_aes.c */
+    
     #else
         /* Increment AES counter */
         static INLINE void IncrementAesCounter(byte* inOutCtr)
@@ -2671,7 +2691,7 @@ enum {
     CTR_SZ = 4
 };
 
-
+#if !defined(WOLFSSL_TI_CRYPT)
 static INLINE void InitGcmCounter(byte* inOutCtr)
 {
     inOutCtr[AES_BLOCK_SIZE - 4] = 0;
@@ -2776,6 +2796,10 @@ int wc_AesGcmSetKey(Aes* aes, const byte* key, word32 len)
     if (ret == 0) {
     #ifdef FREESCALE_MMCAU
         cau_aes_encrypt(iv, rk, aes->rounds, aes->H);
+   
+    #elif defined(WOLFSSL_TI_CRYPT)
+        /* defined in port/ti/ti_aes.c */
+    
     #else
         wc_AesEncrypt(aes, iv, aes->H);
     #endif
@@ -3289,8 +3313,7 @@ static void GHASH(Aes* aes, const byte* a, word32 aSz,
 }
 
 #endif /* end GCM_WORD32 */
-
-
+ 
 int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
                    const byte* iv, word32 ivSz,
                    byte* authTag, word32 authTagSz,
@@ -3445,8 +3468,7 @@ int  wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
     }
     return 0;
 }
-
-
+#endif
 
 WOLFSSL_API int wc_GmacSetKey(Gmac* gmac, const byte* key, word32 len)
 {
@@ -3478,6 +3500,7 @@ WOLFSSL_API int wc_GmacUpdate(Gmac* gmac, const byte* iv, word32 ivSz,
 
 #endif
 
+#if !defined(WOLFSSL_TI_CRYPT)
 void wc_AesCcmSetKey(Aes* aes, const byte* key, word32 keySz)
 {
     byte nonce[AES_BLOCK_SIZE];
@@ -3758,6 +3781,7 @@ int  wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
 
     return result;
 }
+#endif /* WOLFCRYPT_TI_CRYPT */
 
 #endif /* HAVE_AESCCM */
 
diff --git a/wolfcrypt/src/des3.c b/wolfcrypt/src/des3.c
index 5edb7f79e..62e0ef12c 100644
--- a/wolfcrypt/src/des3.c
+++ b/wolfcrypt/src/des3.c
@@ -944,6 +944,9 @@ int  wc_Des3_SetIV(Des3* des, const byte* iv);
         return 0;
     }
 
+#elif defined(WOLFSSL_TI_CRYPT)
+    /* defined in port/ti/ti-des3.c */
+    
 #else /* CTaoCrypt software implementation */
 
 /* permuted choice table (key) */
diff --git a/wolfssl/wolfcrypt/aes.h b/wolfssl/wolfcrypt/aes.h
index 5b6ad6a83..a94ad0801 100644
--- a/wolfssl/wolfcrypt/aes.h
+++ b/wolfssl/wolfcrypt/aes.h
@@ -113,6 +113,9 @@ typedef struct Aes {
     word32 iv_ce [AES_BLOCK_SIZE  /sizeof(word32)] ;
     int    keylen ;
 #endif
+#ifdef WOLFSSL_TI_CRYPT
+    int    keylen ;
+#endif
 } Aes;
 
 

From 67a93a5999b305651076eadd7069bd1869a28eb7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= <moises@wolfssl.com>
Date: Fri, 22 May 2015 20:05:40 -0300
Subject: [PATCH 098/350] fixes trailing white spaces. adds port mapping in
 Vagrantfile.

---
 Vagrantfile    |  2 ++
 src/internal.c |  2 +-
 src/tls.c      | 46 +++++++++++++++++++++++-----------------------
 3 files changed, 26 insertions(+), 24 deletions(-)

diff --git a/Vagrantfile b/Vagrantfile
index 58d4212c3..aef42caf7 100644
--- a/Vagrantfile
+++ b/Vagrantfile
@@ -45,4 +45,6 @@ VAGRANTFILE_API_VERSION = "2"
 Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
   config.vm.box = "hashicorp/precise64"
   config.vm.provision "shell", inline: $setup
+  config.vm.network "forwarded_port", guest: 11111, host: 33333
+
 end
diff --git a/src/internal.c b/src/internal.c
index 217dec9b5..d69cc114b 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -3669,7 +3669,7 @@ static int MatchDomainName(const char* pattern, int len, const char* str)
             break;
 
         if (p == '*') {
-            while (--len > 0 && 
+            while (--len > 0 &&
                          (p = (char)XTOLOWER((unsigned char)*pattern++)) == '*')
                 ;
 
diff --git a/src/tls.c b/src/tls.c
index ca94c5b71..754037bc3 100644
--- a/src/tls.c
+++ b/src/tls.c
@@ -72,7 +72,7 @@ static int p_hash(byte* result, word32 resLen, const byte* secret,
 #ifdef WOLFSSL_SMALL_STACK
     byte*  previous;
     byte*  current;
-    Hmac*  hmac;    
+    Hmac*  hmac;
 #else
     byte   previous[P_HASH_MAX_SIZE];  /* max size */
     byte   current[P_HASH_MAX_SIZE];   /* max size */
@@ -147,7 +147,7 @@ static int p_hash(byte* result, word32 resLen, const byte* secret,
                         break;
 
                     if ((i == lastTime) && lastLen)
-                        XMEMCPY(&result[idx], current, 
+                        XMEMCPY(&result[idx], current,
                                                  min(lastLen, P_HASH_MAX_SIZE));
                     else {
                         XMEMCPY(&result[idx], current, len);
@@ -187,7 +187,7 @@ static INLINE void get_xor(byte *digest, word32 digLen, byte* md5, byte* sha)
 {
     word32 i;
 
-    for (i = 0; i < digLen; i++) 
+    for (i = 0; i < digLen; i++)
         digest[i] = md5[i] ^ sha[i];
 }
 
@@ -288,7 +288,7 @@ static int PRF(byte* digest, word32 digLen, const byte* secret, word32 secLen,
 
         if (labLen + seedLen > MAX_PRF_LABSEED)
             return BUFFER_E;
-        
+
 #ifdef WOLFSSL_SMALL_STACK
         labelSeed = (byte*)XMALLOC(MAX_PRF_LABSEED, NULL,
                                                        DYNAMIC_TYPE_TMP_BUFFER);
@@ -430,7 +430,7 @@ int wolfSSL_DeriveTlsKeys(byte* key_data, word32 keyLen,
 int DeriveTlsKeys(WOLFSSL* ssl)
 {
     int   ret;
-    int   length = 2 * ssl->specs.hash_size + 
+    int   length = 2 * ssl->specs.hash_size +
                    2 * ssl->specs.key_size  +
                    2 * ssl->specs.iv_size;
 #ifdef WOLFSSL_SMALL_STACK
@@ -586,9 +586,9 @@ static INLINE word32 GetSEQIncrement(WOLFSSL* ssl, int verify)
     }
 #endif
     if (verify)
-        return ssl->keys.peer_sequence_number++; 
+        return ssl->keys.peer_sequence_number++;
     else
-        return ssl->keys.sequence_number++; 
+        return ssl->keys.sequence_number++;
 }
 
 
@@ -640,10 +640,10 @@ int wolfSSL_GetHmacType(WOLFSSL* ssl)
             return SHA;
         }
         #endif
-        #ifdef HAVE_BLAKE2 
+        #ifdef HAVE_BLAKE2
         case blake2b_mac:
         {
-            return BLAKE2B_ID; 
+            return BLAKE2B_ID;
         }
         #endif
         default:
@@ -667,7 +667,7 @@ int wolfSSL_SetTlsHmacInner(WOLFSSL* ssl, byte* inner, word32 sz, int content,
         c16toa((word16)GetEpoch(ssl, verify), inner);
 #endif
     c32toa(GetSEQIncrement(ssl, verify), &inner[sizeof(word32)]);
-    inner[SEQ_SZ] = (byte)content;                          
+    inner[SEQ_SZ] = (byte)content;
     inner[SEQ_SZ + ENUM_LEN]            = ssl->version.major;
     inner[SEQ_SZ + ENUM_LEN + ENUM_LEN] = ssl->version.minor;
     c16toa((word16)sz, inner + SEQ_SZ + ENUM_LEN + VERSION_SZ);
@@ -686,7 +686,7 @@ int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz,
 
     if (ssl == NULL)
         return BAD_FUNC_ARG;
-    
+
 #ifdef HAVE_FUZZER
     if (ssl->fuzzerCb)
         ssl->fuzzerCb(ssl, in, sz, FUZZ_HMAC, ssl->fuzzerCtx);
@@ -735,7 +735,7 @@ static INLINE word16 TLSX_ToSemaphore(word16 type)
                 WOLFSSL_MSG("### TLSX semaphore colision or overflow detected!");
             }
     }
-    
+
     return type;
 }
 
@@ -1044,7 +1044,7 @@ int TLSX_UseSNI(TLSX** extensions, byte type, const void* data, word16 size)
         return ret;
 
     if (!extension) {
-        if ((ret = TLSX_Push(extensions, SERVER_NAME_INDICATION, (void*)sni)) 
+        if ((ret = TLSX_Push(extensions, SERVER_NAME_INDICATION, (void*)sni))
                                                                          != 0) {
             TLSX_SNI_Free(sni);
             return ret;
@@ -1053,7 +1053,7 @@ int TLSX_UseSNI(TLSX** extensions, byte type, const void* data, word16 size)
     else {
         /* push new SNI object to extension data. */
         sni->next = (SNI*)extension->data;
-        extension->data = (void*)sni;        
+        extension->data = (void*)sni;
 
         /* look for another server name of the same type to remove */
         do {
@@ -1626,7 +1626,7 @@ int TLSX_UseSupportedCurve(TLSX** extensions, word16 name)
 
                 break;
             }
-        } while ((curve = curve->next));        
+        } while ((curve = curve->next));
     }
 
     return SSL_SUCCESS;
@@ -1680,7 +1680,7 @@ static byte TLSX_SecureRenegotiation_GetSize(SecureRenegotiation* data,
 
 static word16 TLSX_SecureRenegotiation_Write(SecureRenegotiation* data,
                                                     byte* output, int isRequest)
-{   
+{
     word16 offset = OPAQUE8_LEN; /* RenegotiationInfo length */
 
     if (data->enabled) {
@@ -1696,11 +1696,11 @@ static word16 TLSX_SecureRenegotiation_Write(SecureRenegotiation* data,
     }
 
     output[0] = offset - 1;  /* info length - self */
-    
+
     return offset;
-}   
-    
-static int TLSX_SecureRenegotiation_Parse(WOLFSSL* ssl, byte* input, 
+}
+
+static int TLSX_SecureRenegotiation_Parse(WOLFSSL* ssl, byte* input,
                                                   word16 length, byte isRequest)
 {
     int ret = SECURE_RENEGOTIATION_E;
@@ -1726,7 +1726,7 @@ static int TLSX_SecureRenegotiation_Parse(WOLFSSL* ssl, byte* input,
             if (!ssl->secure_renegotiation->enabled) {
                 if (*input == 0) {
                     ssl->secure_renegotiation->enabled = 1;
-                    ret = 0;                    
+                    ret = 0;
                 }
             }
             else if (*input == 2 * TLS_FINISHED_SZ) {
@@ -1749,7 +1749,7 @@ int TLSX_UseSecureRenegotiation(TLSX** extensions)
 {
     int ret = 0;
     SecureRenegotiation* data = NULL;
-    
+
     data = (SecureRenegotiation*)XMALLOC(sizeof(SecureRenegotiation), NULL,
                                                              DYNAMIC_TYPE_TLSX);
     if (data == NULL)
@@ -2362,7 +2362,7 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte isRequest,
 #endif
 #ifndef NO_OLD_TLS
             method->downgrade = 1;
-#endif 
+#endif
         }
         return method;
     }

From 559404137e8bcb2bcad712b786f585d9299b2579 Mon Sep 17 00:00:00 2001
From: Takashi Kojo <kojo@wolfssl.com>
Date: Wed, 27 May 2015 18:37:19 +0900
Subject: [PATCH 099/350] moving xxxGetHash to hash.c

---
 wolfcrypt/benchmark/benchmark.c |  3 +-
 wolfcrypt/src/hash.c            | 66 +++++++++++++++++++++++++++++++++
 wolfcrypt/src/md5.c             |  6 ---
 wolfcrypt/src/sha.c             |  9 -----
 wolfcrypt/src/sha256.c          |  9 -----
 5 files changed, 67 insertions(+), 26 deletions(-)
 create mode 100644 wolfcrypt/src/hash.c

diff --git a/wolfcrypt/benchmark/benchmark.c b/wolfcrypt/benchmark/benchmark.c
index bd5fd27f5..838a80e34 100644
--- a/wolfcrypt/benchmark/benchmark.c
+++ b/wolfcrypt/benchmark/benchmark.c
@@ -1846,9 +1846,8 @@ void bench_ed25519KeySign(void)
         return ( ns / CLOCK * 2.0);
     }
 
-#elif defined(WOLFSSL_IAR_ARM_TIME) || defined (WOLFSSL_MDK_ARM)
+#elif defined(WOLFSSL_IAR_ARM_TIME) || defined (WOLFSSL_MDK_ARM) || defined(WOLFSSL_USER_TIME)
     extern   double current_time(int reset);
-
     
 #elif defined FREERTOS
 
diff --git a/wolfcrypt/src/hash.c b/wolfcrypt/src/hash.c
new file mode 100644
index 000000000..7a6e51f3b
--- /dev/null
+++ b/wolfcrypt/src/hash.c
@@ -0,0 +1,66 @@
+/* hash.c
+ *
+ * Copyright (C) 2006-2015 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL. (formerly known as CyaSSL)
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#include <wolfssl/wolfcrypt/settings.h>
+
+#if !defined(NO_MD5) && !defined(WOLFSSL_TI_HASH)
+
+#include <wolfssl/wolfcrypt/md5.h>
+void wc_Md5GetHash(Md5* md5, byte* hash)
+{
+    Md5 save = *md5 ;
+    wc_Md5Final(md5, hash) ;
+    *md5 = save ;
+}
+#endif
+
+#if !defined(NO_SHA) && !defined(WOLFSSL_TI_HASH)
+
+#include <wolfssl/wolfcrypt/sha.h>
+
+int wc_ShaGetHash(Sha* sha, byte* hash)
+{
+    int ret ;
+    Sha save = *sha ;
+    ret = wc_ShaFinal(sha, hash) ;
+    *sha = save ;
+    return ret ;
+}
+#endif
+
+#if !defined(NO_SHA256)  && !defined(WOLFSSL_TI_HASH)
+
+#include <wolfssl/wolfcrypt/sha256.h>
+
+int wc_Sha256GetHash(Sha256* sha256, byte* hash)
+{
+    int ret ;
+    Sha256 save = *sha256 ;
+    ret = wc_Sha256Final(sha256, hash) ;
+    *sha256 = save ;
+    return ret ;
+}
+
+#endif
diff --git a/wolfcrypt/src/md5.c b/wolfcrypt/src/md5.c
index d5bb17b63..db1e21f87 100644
--- a/wolfcrypt/src/md5.c
+++ b/wolfcrypt/src/md5.c
@@ -392,10 +392,4 @@ int wc_Md5Hash(const byte* data, word32 len, byte* hash)
     return 0;
 }
 
-void wc_Md5GetHash(Md5* md5, byte* hash)
-{
-    Md5 save = *md5 ;
-    wc_Md5Final(md5, hash) ;
-    *md5 = save ;
-}
 #endif /* NO_MD5 */
diff --git a/wolfcrypt/src/sha.c b/wolfcrypt/src/sha.c
index 78f2640f0..f67f88ddc 100644
--- a/wolfcrypt/src/sha.c
+++ b/wolfcrypt/src/sha.c
@@ -452,15 +452,6 @@ int wc_ShaHash(const byte* data, word32 len, byte* hash)
 
 }
 
-int wc_ShaGetHash(Sha* sha, byte* hash)
-{
-    int ret ;
-    Sha save = *sha ;
-    ret = wc_ShaFinal(sha, hash) ;
-    *sha = save ;
-    return ret ;
-}
-
 #endif /* HAVE_FIPS */
 #endif /* NO_SHA */
 
diff --git a/wolfcrypt/src/sha256.c b/wolfcrypt/src/sha256.c
index a204637f4..7342d836f 100644
--- a/wolfcrypt/src/sha256.c
+++ b/wolfcrypt/src/sha256.c
@@ -576,15 +576,6 @@ int wc_Sha256Hash(const byte* data, word32 len, byte* hash)
     return ret;
 }
 
-int wc_Sha256GetHash(Sha256* sha256, byte* hash)
-{
-    int ret ;
-    Sha256 save = *sha256 ;
-    ret = wc_Sha256Final(sha256, hash) ;
-    *sha256 = save ;
-    return ret ;
-}
-
 #if defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)
 
 #define _DigestToReg(S_0, S_1, S_2, S_3, S_4, S_5, S_6, S_7 )\

From 902799ef755270bb992aa645c7514cb35fae6e66 Mon Sep 17 00:00:00 2001
From: Takashi Kojo <kojo@wolfssl.com>
Date: Wed, 27 May 2015 19:34:11 +0900
Subject: [PATCH 100/350] adding ti hash/crypt to include.am

---
 src/include.am               | 6 +++---
 wolfcrypt/src/include.am     | 8 ++++++++
 wolfssl/wolfcrypt/include.am | 4 +++-
 3 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/src/include.am b/src/include.am
index f65331b4c..161a9cd91 100644
--- a/src/include.am
+++ b/src/include.am
@@ -49,7 +49,8 @@ endif
 src_libwolfssl_la_SOURCES += \
                wolfcrypt/src/hmac.c \
                wolfcrypt/src/random.c \
-               wolfcrypt/src/sha256.c
+               wolfcrypt/src/sha256.c \
+               wolfcrypt/src/hash.c
 
 if BUILD_RSA
 src_libwolfssl_la_SOURCES += wolfcrypt/src/rsa.c
@@ -74,8 +75,7 @@ endif
 src_libwolfssl_la_SOURCES += \
                wolfcrypt/src/logging.c \
                wolfcrypt/src/wc_port.c \
-               wolfcrypt/src/error.c\
-               wolfcrypt/src/port/ti/ti-hash.c
+               wolfcrypt/src/error.c
 
 if BUILD_MEMORY
 src_libwolfssl_la_SOURCES += wolfcrypt/src/memory.c
diff --git a/wolfcrypt/src/include.am b/wolfcrypt/src/include.am
index a6e815427..299921579 100644
--- a/wolfcrypt/src/include.am
+++ b/wolfcrypt/src/include.am
@@ -38,3 +38,11 @@ EXTRA_DIST += \
               wolfcrypt/src/fp_sqr_comba_8.i \
               wolfcrypt/src/fp_sqr_comba_9.i \
               wolfcrypt/src/fp_sqr_comba_small_set.i
+
+EXTRA_DIST += wolfcrypt/src/port/ti/ti-aes.c \
+              wolfcrypt/src/port/ti/ti-des3.c \
+              wolfcrypt/src/port/ti/ti-hash.c \
+              wolfcrypt/src/port/ti/ti-ccm.c \
+              wolfcrypt/src/port/pic32/pic32mz-hash.c
+
+
diff --git a/wolfssl/wolfcrypt/include.am b/wolfssl/wolfcrypt/include.am
index 2603f117c..26a7759b3 100644
--- a/wolfssl/wolfcrypt/include.am
+++ b/wolfssl/wolfcrypt/include.am
@@ -52,5 +52,7 @@ nobase_include_HEADERS+= \
                          wolfssl/wolfcrypt/mpi_superclass.h
 
 noinst_HEADERS+= \
-                         wolfssl/wolfcrypt/port/pic32/pic32mz-crypt.h
+                         wolfssl/wolfcrypt/port/pic32/pic32mz-crypt.h \
+                         wolfssl/wolfcrypt/port/ti/ti-hash.h \
+                         wolfssl/wolfcrypt/port/ti/ti-ccm.h
 

From d67168d53928e32f8c532e5b8986e01ce87fd093 Mon Sep 17 00:00:00 2001
From: Takashi Kojo <kojo@wolfssl.com>
Date: Thu, 28 May 2015 20:40:53 +0900
Subject: [PATCH 101/350] aes.c cleaned. ti-has.c, ti-aes.c, ti-des3.c are
 included in each respective algorithm source file.

---
 wolfcrypt/src/aes.c             | 43 ++++++++++-----------------------
 wolfcrypt/src/des3.c            |  9 ++++---
 wolfcrypt/src/md5.c             | 13 ++++++----
 wolfcrypt/src/port/ti/ti-hash.c |  8 +++---
 wolfcrypt/src/sha.c             | 12 +++++----
 wolfcrypt/src/sha256.c          | 13 +++++++---
 wolfcrypt/src/wc_port.c         |  5 +++-
 wolfssl/internal.h              |  2 ++
 wolfssl/wolfcrypt/hash.h        | 35 +++++++++++++++++++++++++++
 wolfssl/wolfcrypt/md5.h         |  6 -----
 wolfssl/wolfcrypt/sha.h         |  1 -
 wolfssl/wolfcrypt/sha256.h      |  1 -
 12 files changed, 88 insertions(+), 60 deletions(-)
 create mode 100644 wolfssl/wolfcrypt/hash.h

diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c
index 9e80e9839..85f01a0d1 100644
--- a/wolfcrypt/src/aes.c
+++ b/wolfcrypt/src/aes.c
@@ -174,6 +174,11 @@ void wc_AesFreeCavium(Aes* aes)
 }
 #endif
 #else /* HAVE_FIPS */
+
+#ifdef WOLFSSL_TI_CRYPT
+#include <wolfcrypt/src/port/ti/ti-aes.c>
+#else
+
 #include <wolfssl/wolfcrypt/error-crypt.h>
 #include <wolfssl/wolfcrypt/logging.h>
 #ifdef NO_INLINE
@@ -230,10 +235,6 @@ void wc_AesFreeCavium(Aes* aes)
                                     word32 length);
     static int  wc_AesCaviumCbcDecrypt(Aes* aes, byte* out, const byte* in,
                                     word32 length);
-#elif defined(WOLFSSL_TI_CRYPT)
-    
-    /* defined in port/ti_aes.c */
-
 #else
     /* using CTaoCrypt software AES implementation */
     #define NEED_AES_TABLES
@@ -1509,11 +1510,6 @@ static void wc_AesDecrypt(Aes* aes, const byte* inBlock, byte* outBlock)
     {
         return wc_AesSetKey(aes, userKey, keylen, iv, dir);
     }
-    
-#elif defined(WOLFSSL_TI_CRYPT)
-    
-    /* defined in port/ti_md5.c */
-
 #else
     static int wc_AesSetKeyLocal(Aes* aes, const byte* userKey, word32 keylen,
                 const byte* iv, int dir)
@@ -1784,10 +1780,6 @@ int wc_AesCbcDecryptWithKey(byte* out, const byte* in, word32 inSz,
     #elif defined(WOLFSSL_PIC32MZ_CRYPT)
         #error "PIC32MZ doesn't yet support AES direct"
 
-    #elif defined(WOLFSSL_TI_CRYPT)
-    
-        /* defined in port/ti_aes.c */
-    
     #else
         /* Allow direct access to one block encrypt */
         void wc_AesEncryptDirect(Aes* aes, byte* out, const byte* in)
@@ -2322,10 +2314,6 @@ int wc_AesCbcDecryptWithKey(byte* out, const byte* in, word32 inSz,
         return 0 ;
     }
 
-#elif defined(WOLFSSL_TI_CRYPT)
-    
-    /* defined in port/ti_aes.c */    
-
 #else
     int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
     {
@@ -2606,10 +2594,7 @@ int wc_AesCbcDecryptWithKey(byte* out, const byte* in, word32 inSz,
 
     #elif defined(FREESCALE_MMCAU)
         #error "Freescale mmCAU doesn't currently support AES-CTR mode"
-    
-    #elif defined(WOLFSSL_TI_CRYPT)
-        /* defined in port/ti/ti_aes.c */
-    
+
     #else
         /* Increment AES counter */
         static INLINE void IncrementAesCounter(byte* inOutCtr)
@@ -2691,7 +2676,7 @@ enum {
     CTR_SZ = 4
 };
 
-#if !defined(WOLFSSL_TI_CRYPT)
+
 static INLINE void InitGcmCounter(byte* inOutCtr)
 {
     inOutCtr[AES_BLOCK_SIZE - 4] = 0;
@@ -2796,10 +2781,6 @@ int wc_AesGcmSetKey(Aes* aes, const byte* key, word32 len)
     if (ret == 0) {
     #ifdef FREESCALE_MMCAU
         cau_aes_encrypt(iv, rk, aes->rounds, aes->H);
-   
-    #elif defined(WOLFSSL_TI_CRYPT)
-        /* defined in port/ti/ti_aes.c */
-    
     #else
         wc_AesEncrypt(aes, iv, aes->H);
     #endif
@@ -3313,7 +3294,8 @@ static void GHASH(Aes* aes, const byte* a, word32 aSz,
 }
 
 #endif /* end GCM_WORD32 */
- 
+
+
 int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
                    const byte* iv, word32 ivSz,
                    byte* authTag, word32 authTagSz,
@@ -3468,7 +3450,8 @@ int  wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
     }
     return 0;
 }
-#endif
+
+
 
 WOLFSSL_API int wc_GmacSetKey(Gmac* gmac, const byte* key, word32 len)
 {
@@ -3500,7 +3483,6 @@ WOLFSSL_API int wc_GmacUpdate(Gmac* gmac, const byte* iv, word32 ivSz,
 
 #endif
 
-#if !defined(WOLFSSL_TI_CRYPT)
 void wc_AesCcmSetKey(Aes* aes, const byte* key, word32 keySz)
 {
     byte nonce[AES_BLOCK_SIZE];
@@ -3781,7 +3763,6 @@ int  wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
 
     return result;
 }
-#endif /* WOLFCRYPT_TI_CRYPT */
 
 #endif /* HAVE_AESCCM */
 
@@ -3909,6 +3890,8 @@ static int AesCaviumCbcDecrypt(Aes* aes, byte* out, const byte* in,
 
 #endif /* HAVE_CAVIUM */
 
+#endif /* WOLFSSL_TI_CRYPT */
+
 #endif /* HAVE_FIPS */
 
 #endif /* NO_AES */
diff --git a/wolfcrypt/src/des3.c b/wolfcrypt/src/des3.c
index 62e0ef12c..f886ecdc7 100644
--- a/wolfcrypt/src/des3.c
+++ b/wolfcrypt/src/des3.c
@@ -129,6 +129,11 @@ void wc_Des3_FreeCavium(Des3* des3)
 
 #endif /* HAVE_CAVIUM */
 #else /* build without fips */
+
+#if defined(WOLFSSL_TI_CRYPT)
+    #include <wolfcrypt/src/port/ti/ti-des3.c>
+#else
+
 #include <wolfssl/wolfcrypt/error-crypt.h>
 #include <wolfssl/wolfcrypt/logging.h>
 
@@ -943,9 +948,6 @@ int  wc_Des3_SetIV(Des3* des, const byte* iv);
                 PIC32_DECRYPTION, PIC32_ALGO_TDES, PIC32_CRYPTOALGO_TCBC);
         return 0;
     }
-
-#elif defined(WOLFSSL_TI_CRYPT)
-    /* defined in port/ti/ti-des3.c */
     
 #else /* CTaoCrypt software implementation */
 
@@ -1671,5 +1673,6 @@ static int wc_Des3_CaviumCbcDecrypt(Des3* des3, byte* out, const byte* in,
 }
 
 #endif /* HAVE_CAVIUM */
+#endif /* WOLFSSL_TI_CRYPT */
 #endif /* HAVE_FIPS */
 #endif /* NO_DES3 */
diff --git a/wolfcrypt/src/md5.c b/wolfcrypt/src/md5.c
index db1e21f87..02a24ec15 100644
--- a/wolfcrypt/src/md5.c
+++ b/wolfcrypt/src/md5.c
@@ -26,7 +26,12 @@
 
 #include <wolfssl/wolfcrypt/settings.h>
 
-#if !defined(NO_MD5) && !defined(WOLFSSL_TI_HASH)
+#if !defined(NO_MD5)
+
+#if defined(WOLFSSL_TI_HASH)
+    #define WOLFSSL_TI_MD5
+    #include <wolfcrypt/src/port/ti/ti-hash.c>
+#else
 
 #ifdef WOLFSSL_PIC32MZ_HASH
 #define wc_InitMd5   wc_InitMd5_sw
@@ -164,10 +169,6 @@
         wc_InitMd5(md5);  /* reset state */
     }
 
-#elif defined(WOLFSSL_IT_HASH)
-
-    /* defined in port/ti_hash.c */
-
 #else /* CTaoCrypt software implementation */
 
 #ifndef WOLFSSL_HAVE_MIN
@@ -392,4 +393,6 @@ int wc_Md5Hash(const byte* data, word32 len, byte* hash)
     return 0;
 }
 
+#endif /* WOLFSSL_TI_HASH */
+
 #endif /* NO_MD5 */
diff --git a/wolfcrypt/src/port/ti/ti-hash.c b/wolfcrypt/src/port/ti/ti-hash.c
index 4b7f49a20..f2885298f 100644
--- a/wolfcrypt/src/port/ti/ti-hash.c
+++ b/wolfcrypt/src/port/ti/ti-hash.c
@@ -144,7 +144,7 @@ static int hashHash(const byte* data, word32 len, byte* hash, word32 algo, word3
     return ret;
 }
 
-#if !defined(NO_MD5)
+#if !defined(NO_MD5) && defined(WOLFSSL_TI_MD5)
 WOLFSSL_API void wc_InitMd5(Md5* md5)
 {
     if (md5 == NULL)
@@ -175,7 +175,7 @@ WOLFSSL_API int wc_Md5Hash(const byte*data, word32 len, byte*hash)
 
 #endif /* NO_MD5 */
 
-#if !defined(NO_SHA)
+#if !defined(NO_SHA) && defined(WOLFSSL_TI_SHA)
 WOLFSSL_API int wc_InitSha(Sha* sha)
 {
     if (sha == NULL)
@@ -206,7 +206,7 @@ WOLFSSL_API int wc_ShaHash(const byte*data, word32 len, byte*hash)
 
 #endif /* NO_SHA */
 
-#if defined(HAVE_SHA224)
+#if defined(HAVE_SHA224) && defined(WOLFSSL_TI_SHA224)
 WOLFSSL_API int wc_InitSha224(Sha224* sha224)
 {
     if (sha224 == NULL)
@@ -237,7 +237,7 @@ WOLFSSL_API int wc_Sha224Hash(const byte* data, word32 len, byte*hash)
 
 #endif /* HAVE_SHA224 */
 
-#if !defined(NO_SHA256)
+#if !defined(NO_SHA256) && defined(WOLFSSL_TI_SHA256)
 WOLFSSL_API int wc_InitSha256(Sha256* sha256)
 {
     if (sha256 == NULL)
diff --git a/wolfcrypt/src/sha.c b/wolfcrypt/src/sha.c
index f67f88ddc..f710603cb 100644
--- a/wolfcrypt/src/sha.c
+++ b/wolfcrypt/src/sha.c
@@ -26,7 +26,7 @@
 
 #include <wolfssl/wolfcrypt/settings.h>
 
-#if !defined(NO_SHA) && !defined(WOLFSSL_TI_HASH)
+#if !defined(NO_SHA)
 
 #include <wolfssl/wolfcrypt/sha.h>
 #include <wolfssl/wolfcrypt/logging.h>
@@ -64,6 +64,11 @@
 
 #else /* else build without fips */
 
+#if defined(WOLFSSL_TI_HASH)
+    #define WOLFSSL_TI_SHA
+    #include <wolfcrypt/src/port/ti/ti-hash.c>
+#else
+
 #ifdef WOLFSSL_PIC32MZ_HASH
 #define wc_InitSha   wc_InitSha_sw
 #define wc_ShaUpdate wc_ShaUpdate_sw
@@ -196,10 +201,6 @@ int wc_ShaFinal(Sha* sha, byte* hash)
     return wc_InitSha(sha);  /* reset state */
 }
 
-#elif defined(WOLFSSL_TI_HASH)
- 
-    /* defined in port/ti/ti_hash.c */
-
 #else /* wc_ software implementation */
 
 #ifndef WOLFSSL_HAVE_MIN
@@ -453,5 +454,6 @@ int wc_ShaHash(const byte* data, word32 len, byte* hash)
 }
 
 #endif /* HAVE_FIPS */
+#endif /* WOLFSSL_TI_HASH */
 #endif /* NO_SHA */
 
diff --git a/wolfcrypt/src/sha256.c b/wolfcrypt/src/sha256.c
index 7342d836f..bc40798de 100644
--- a/wolfcrypt/src/sha256.c
+++ b/wolfcrypt/src/sha256.c
@@ -56,8 +56,13 @@ int wc_Sha256Hash(const byte* data, word32 len, byte* out)
 
 #else /* else build without fips */
 
-#if !defined(NO_SHA256) && !defined(WOLFSSL_TI_HASH)
-    /* defined in port/ti/ti_hash.c */
+#if !defined(NO_SHA256) && defined(WOLFSSL_TI_HASH)
+    #define WOLFSSL_TI_SHA256
+    #ifdef HAVE_SHA224
+        #define WOLFSSL_TI_SHA224
+    #endif
+    #include <wolfcrypt/src/port/ti/ti-hash.c>
+#else
 
 #if !defined (ALIGN32)
     #if defined (__GNUC__)
@@ -1757,9 +1762,9 @@ static int Transform_AVX2(Sha256* sha256)
 
 #endif   /* HAVE_INTEL_AVX2 */
 
-#endif   /* WOLFSSL_TI_HAHS */
-
 #endif   /* HAVE_FIPS */
 
+#endif   /* WOLFSSL_TI_HAHS */
+
 #endif /* NO_SHA256 */
 
diff --git a/wolfcrypt/src/wc_port.c b/wolfcrypt/src/wc_port.c
index 864ac2490..953a16be4 100644
--- a/wolfcrypt/src/wc_port.c
+++ b/wolfcrypt/src/wc_port.c
@@ -649,4 +649,7 @@ int UnLockMutex(wolfSSL_Mutex *m)
     #endif /* USE_WINDOWS_API */
 
 #endif /* SINGLE_THREADED */
-
+        
+#if defined(WOLFSSL_TI_CRYPT) ||  defined(WOLFSSL_TI_HASH)
+    #include <wolfcrypt/src/port/ti/ti-ccm.c> /* initialize and Mutex for TI Crypt Engine */
+#endif
diff --git a/wolfssl/internal.h b/wolfssl/internal.h
index edba235dc..854ea57fb 100644
--- a/wolfssl/internal.h
+++ b/wolfssl/internal.h
@@ -88,6 +88,8 @@
     #include <wolfssl/wolfcrypt/ripemd.h>
 #endif
 
+#include <wolfssl/wolfcrypt/hash.h>
+
 #ifdef WOLFSSL_CALLBACKS
     #include <wolfssl/callbacks.h>
     #include <signal.h>
diff --git a/wolfssl/wolfcrypt/hash.h b/wolfssl/wolfcrypt/hash.h
new file mode 100644
index 000000000..bbc2d8b95
--- /dev/null
+++ b/wolfssl/wolfcrypt/hash.h
@@ -0,0 +1,35 @@
+/* hash.h
+ *
+ * Copyright (C) 2006-2015 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL. (formerly known as CyaSSL)
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+#ifndef WOLF_CRYPT_HASH_H
+#define WOLF_CRYPT_HASH_H
+
+#ifndef NO_MD5
+WOLFSSL_API void wc_Md5GetHash(Md5*, byte*);
+#endif
+#ifndef NO_SHA
+WOLFSSL_API int wc_ShaGetHash(Sha*, byte*);
+#endif
+#ifndef NO_SHA256
+WOLFSSL_API int wc_Sha256GetHash(Sha256*, byte*);
+#endif
+
+#endif
diff --git a/wolfssl/wolfcrypt/md5.h b/wolfssl/wolfcrypt/md5.h
index b1f775c4c..d0b134b6a 100644
--- a/wolfssl/wolfcrypt/md5.h
+++ b/wolfssl/wolfcrypt/md5.h
@@ -52,11 +52,6 @@ enum {
 #include "port/pic32/pic32mz-crypt.h"
 #endif
 
-#ifdef TI_HASH_TEST
-#include "wolfssl/wolfcrypt/port/ti/ti-hash.h"
-#endif
-
-
 #ifndef WOLFSSL_TI_HASH
 
 /* MD5 digest */
@@ -81,7 +76,6 @@ WOLFSSL_API void wc_InitMd5(Md5*);
 WOLFSSL_API void wc_Md5Update(Md5*, const byte*, word32);
 WOLFSSL_API void wc_Md5Final(Md5*, byte*);
 WOLFSSL_API int  wc_Md5Hash(const byte*, word32, byte*);
-WOLFSSL_API void wc_Md5GetHash(Md5*, byte*);
 
 #ifdef __cplusplus
     } /* extern "C" */
diff --git a/wolfssl/wolfcrypt/sha.h b/wolfssl/wolfcrypt/sha.h
index b5ff4908d..80a2c9832 100644
--- a/wolfssl/wolfcrypt/sha.h
+++ b/wolfssl/wolfcrypt/sha.h
@@ -77,7 +77,6 @@ WOLFSSL_API int wc_InitSha(Sha*);
 WOLFSSL_API int wc_ShaUpdate(Sha*, const byte*, word32);
 WOLFSSL_API int wc_ShaFinal(Sha*, byte*);
 WOLFSSL_API int wc_ShaHash(const byte*, word32, byte*);
-WOLFSSL_API int wc_ShaGetHash(Sha*, byte*);
 
 #ifdef __cplusplus
     } /* extern "C" */
diff --git a/wolfssl/wolfcrypt/sha256.h b/wolfssl/wolfcrypt/sha256.h
index d022d3ac5..7cf6d8677 100644
--- a/wolfssl/wolfcrypt/sha256.h
+++ b/wolfssl/wolfcrypt/sha256.h
@@ -75,7 +75,6 @@ WOLFSSL_API int wc_InitSha256(Sha256*);
 WOLFSSL_API int wc_Sha256Update(Sha256*, const byte*, word32);
 WOLFSSL_API int wc_Sha256Final(Sha256*, byte*);
 WOLFSSL_API int wc_Sha256Hash(const byte*, word32, byte*);
-WOLFSSL_API int wc_Sha256GetHash(Sha256*, byte*);
 
 #ifdef __cplusplus
     } /* extern "C" */

From e4580c34616dece28a56f442b086bd9ceec8561b Mon Sep 17 00:00:00 2001
From: Takashi Kojo <kojo@wolfssl.com>
Date: Thu, 28 May 2015 20:50:22 +0900
Subject: [PATCH 102/350] adding hash.h to include.am

---
 wolfssl/wolfcrypt/include.am | 1 +
 1 file changed, 1 insertion(+)

diff --git a/wolfssl/wolfcrypt/include.am b/wolfssl/wolfcrypt/include.am
index 26a7759b3..1f3a726b8 100644
--- a/wolfssl/wolfcrypt/include.am
+++ b/wolfssl/wolfcrypt/include.am
@@ -20,6 +20,7 @@ nobase_include_HEADERS+= \
                          wolfssl/wolfcrypt/ge_operations.h \
                          wolfssl/wolfcrypt/error-crypt.h \
                          wolfssl/wolfcrypt/fips_test.h \
+                         wolfssl/wolfcrypt/hash.h \
                          wolfssl/wolfcrypt/hc128.h \
                          wolfssl/wolfcrypt/hmac.h \
                          wolfssl/wolfcrypt/integer.h \

From 77fe4f3a2eb76dbe91a8d75a98ab01b73e33c90f Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Thu, 28 May 2015 10:25:41 -0700
Subject: [PATCH 103/350] Fixes #71. Disable SHA works with TLS, PWDBASED,
 testing.

---
 configure.ac              |   2 -
 src/crl.c                 |   6 +-
 src/ssl.c                 |  29 +++++++---
 wolfcrypt/src/asn.c       | 116 ++++++++++++++++++++++----------------
 wolfcrypt/src/pkcs7.c     |   2 +-
 wolfcrypt/src/pwdbased.c  |   8 +++
 wolfcrypt/test/test.c     |  43 ++++++++------
 wolfssl/internal.h        |  26 +++++----
 wolfssl/wolfcrypt/asn.h   |  27 +++++----
 wolfssl/wolfcrypt/pkcs7.h |   2 +-
 10 files changed, 156 insertions(+), 105 deletions(-)

diff --git a/configure.ac b/configure.ac
index e707f8657..4197c9304 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1775,8 +1775,6 @@ AC_ARG_ENABLE([examples],
 
 AS_IF([test "x$ENABLED_FILESYSTEM" = "xno"], [ENABLED_EXAMPLES="no"])
 AS_IF([test "x$ENABLED_INLINE" = "xno"], [ENABLED_EXAMPLES="no"])
-# certs still have sha signatures for now
-AS_IF([test "x$ENABLED_SHA" = "xno" && test "x$ENABLED_PSK" = "xno"], [ENABLED_EXAMPLES="no"])
 AM_CONDITIONAL([BUILD_EXAMPLES], [test "x$ENABLED_EXAMPLES" = "xyes"])
 
 
diff --git a/src/crl.c b/src/crl.c
index 39bfa1284..0f47ee1a4 100644
--- a/src/crl.c
+++ b/src/crl.c
@@ -66,8 +66,8 @@ static int InitCRL_Entry(CRL_Entry* crle, DecodedCRL* dcrl)
 {
     WOLFSSL_ENTER("InitCRL_Entry");
 
-    XMEMCPY(crle->issuerHash, dcrl->issuerHash, SHA_DIGEST_SIZE);
-    /* XMEMCPY(crle->crlHash, dcrl->crlHash, SHA_DIGEST_SIZE);
+    XMEMCPY(crle->issuerHash, dcrl->issuerHash, CRL_DIGEST_SIZE);
+    /* XMEMCPY(crle->crlHash, dcrl->crlHash, CRL_DIGEST_SIZE);
      *   copy the hash here if needed for optimized comparisons */
     XMEMCPY(crle->lastDate, dcrl->lastDate, MAX_DATE_SIZE);
     XMEMCPY(crle->nextDate, dcrl->nextDate, MAX_DATE_SIZE);
@@ -152,7 +152,7 @@ int CheckCertCRL(WOLFSSL_CRL* crl, DecodedCert* cert)
     crle = crl->crlList;
 
     while (crle) {
-        if (XMEMCMP(crle->issuerHash, cert->issuerHash, SHA_DIGEST_SIZE) == 0) {
+        if (XMEMCMP(crle->issuerHash, cert->issuerHash, CRL_DIGEST_SIZE) == 0) {
             WOLFSSL_MSG("Found CRL Entry on list");
             WOLFSSL_MSG("Checking next date validity");
 
diff --git a/src/ssl.c b/src/ssl.c
index 7342e81a4..48ee6a54f 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -1797,7 +1797,7 @@ int AlreadySigner(WOLFSSL_CERT_MANAGER* cm, byte* hash)
         #else
             subjectHash = signers->subjectNameHash;
         #endif
-        if (XMEMCMP(hash, subjectHash, SHA_DIGEST_SIZE) == 0) {
+        if (XMEMCMP(hash, subjectHash, SIGNER_DIGEST_SIZE) == 0) {
             ret = 1;
             break;
         }
@@ -1831,7 +1831,7 @@ Signer* GetCA(void* vp, byte* hash)
         #else
             subjectHash = signers->subjectNameHash;
         #endif
-        if (XMEMCMP(hash, subjectHash, SHA_DIGEST_SIZE) == 0) {
+        if (XMEMCMP(hash, subjectHash, SIGNER_DIGEST_SIZE) == 0) {
             ret = signers;
             break;
         }
@@ -1861,7 +1861,8 @@ Signer* GetCAByName(void* vp, byte* hash)
     for (row = 0; row < CA_TABLE_SIZE && ret == NULL; row++) {
         signers = cm->caTable[row];
         while (signers && ret == NULL) {
-            if (XMEMCMP(hash, signers->subjectNameHash, SHA_DIGEST_SIZE) == 0) {
+            if (XMEMCMP(hash,
+                           signers->subjectNameHash, SIGNER_DIGEST_SIZE) == 0) {
                 ret = signers;
             }
             signers = signers->next;
@@ -1942,10 +1943,10 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, buffer der, int type, int verify)
         #endif
         #ifndef NO_SKID
             XMEMCPY(signer->subjectKeyIdHash, cert->extSubjKeyId,
-                                                               SHA_DIGEST_SIZE);
+                                                            SIGNER_DIGEST_SIZE);
         #endif
             XMEMCPY(signer->subjectNameHash, cert->subjectHash,
-                                                               SHA_DIGEST_SIZE);
+                                                            SIGNER_DIGEST_SIZE);
             signer->keyUsage = cert->extKeyUsageSet ? cert->extKeyUsage
                                                     : 0xFFFF;
             signer->next    = NULL; /* If Key Usage not set, all uses valid. */
@@ -7458,6 +7459,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
 #endif /* NO_MD5 */
 
 
+#ifndef NO_SHA
     void wolfSSL_SHA_Init(WOLFSSL_SHA_CTX* sha)
     {
         typedef char sha_test[sizeof(SHA_CTX) >= sizeof(Sha) ? 1 : -1];
@@ -7503,6 +7505,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
         WOLFSSL_ENTER("SHA1_Final");
         SHA_Final(input, sha);
     }
+#endif /* NO_SHA */
 
 
     void wolfSSL_SHA256_Init(WOLFSSL_SHA256_CTX* sha256)
@@ -7606,12 +7609,14 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
     #endif /* NO_MD5 */
 
 
+#ifndef NO_SHA
     const WOLFSSL_EVP_MD* wolfSSL_EVP_sha1(void)
     {
         static const char* type = "SHA";
         WOLFSSL_ENTER("EVP_sha1");
         return type;
     }
+#endif /* NO_SHA */
 
 
     const WOLFSSL_EVP_MD* wolfSSL_EVP_sha256(void)
@@ -8225,11 +8230,13 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
             wolfSSL_MD5_Init((MD5_CTX*)&ctx->hash);
         }
     #endif
+    #ifndef NO_SHA
         /* has to be last since would pick or 256, 384, or 512 too */
         else if (XSTRNCMP(type, "SHA", 3) == 0) {
              ctx->macType = SHA;
              wolfSSL_SHA_Init((SHA_CTX*)&ctx->hash);
         }
+    #endif /* NO_SHA */
         else
              return BAD_FUNC_ARG;
 
@@ -12386,12 +12393,14 @@ int wolfSSL_EVP_MD_size(const WOLFSSL_EVP_MD* type)
         return BAD_FUNC_ARG;
     }
 
-    if (XSTRNCMP(type, "MD5", 3) == 0) {
-        return MD5_DIGEST_SIZE;
-    }
-    else if (XSTRNCMP(type, "SHA256", 6) == 0) {
+    if (XSTRNCMP(type, "SHA256", 6) == 0) {
         return SHA256_DIGEST_SIZE;
     }
+#ifndef NO_MD5
+    else if (XSTRNCMP(type, "MD5", 3) == 0) {
+        return MD5_DIGEST_SIZE;
+    }
+#endif
 #ifdef WOLFSSL_SHA384
     else if (XSTRNCMP(type, "SHA384", 6) == 0) {
         return SHA384_DIGEST_SIZE;
@@ -12402,10 +12411,12 @@ int wolfSSL_EVP_MD_size(const WOLFSSL_EVP_MD* type)
         return SHA512_DIGEST_SIZE;
     }
 #endif
+#ifndef NO_SHA
     /* has to be last since would pick or 256, 384, or 512 too */
     else if (XSTRNCMP(type, "SHA", 3) == 0) {
         return SHA_DIGEST_SIZE;
     }
+#endif
 
     return BAD_FUNC_ARG;
 }
diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
index 018e84fa2..e3d9ff44b 100644
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -941,9 +941,11 @@ static int DecryptKey(const char* password, int passwordSz, byte* salt,
     if (version == PKCS5v2)
         ret = wc_PBKDF2(key, (byte*)password, passwordSz, salt, saltSz, iterations,
                derivedLen, typeH);
+#ifndef NO_SHA
     else if (version == PKCS5)
         ret = wc_PBKDF1(key, (byte*)password, passwordSz, salt, saltSz, iterations,
                derivedLen, typeH);
+#endif
     else if (version == PKCS12) {
         int  i, idx = 0;
         byte unicodePasswd[MAX_UNICODE_SZ];
@@ -1447,9 +1449,9 @@ void InitDecodedCert(DecodedCert* cert, byte* source, word32 inSz, void* heap)
     cert->extAuthInfoSz   = 0;
     cert->extCrlInfo      = NULL;
     cert->extCrlInfoSz    = 0;
-    XMEMSET(cert->extSubjKeyId, 0, SHA_SIZE);
+    XMEMSET(cert->extSubjKeyId, 0, KEYID_SIZE);
     cert->extSubjKeyIdSet = 0;
-    XMEMSET(cert->extAuthKeyId, 0, SHA_SIZE);
+    XMEMSET(cert->extAuthKeyId, 0, KEYID_SIZE);
     cert->extAuthKeyIdSet = 0;
     cert->extKeyUsageSet  = 0;
     cert->extKeyUsage     = 0;
@@ -1852,11 +1854,11 @@ static int GetKey(DecodedCert* cert)
 /* process NAME, either issuer or subject */
 static int GetName(DecodedCert* cert, int nameType)
 {
-    Sha    sha;     /* MUST have SHA-1 hash for cert names */
     int    length;  /* length of all distinguished names */
     int    dummy;
     int    ret;
-    char* full = (nameType == ISSUER) ? cert->issuer : cert->subject;
+    char*  full;
+    byte*  hash;
     word32 idx;
     #ifdef OPENSSL_EXTRA
         DecodedName* dName =
@@ -1865,6 +1867,15 @@ static int GetName(DecodedCert* cert, int nameType)
 
     WOLFSSL_MSG("Getting Cert Name");
 
+    if (nameType == ISSUER) {
+        full = cert->issuer;
+        hash = cert->issuerHash;
+    }
+    else {
+        full = cert->subject;
+        hash = cert->subjectHash;
+    }
+
     if (cert->source[cert->srcIdx] == ASN_OBJECT_ID) {
         WOLFSSL_MSG("Trying optional prefix...");
 
@@ -1882,14 +1893,13 @@ static int GetName(DecodedCert* cert, int nameType)
     if (GetSequence(cert->source, &cert->srcIdx, &length, cert->maxIdx) < 0)
         return ASN_PARSE_E;
 
-    ret = wc_InitSha(&sha);
+#ifdef NO_SHA
+    ret = wc_Sha256Hash(&cert->source[idx], length + cert->srcIdx - idx, hash);
+#else
+    ret = wc_ShaHash(&cert->source[idx], length + cert->srcIdx - idx, hash);
+#endif
     if (ret != 0)
         return ret;
-    wc_ShaUpdate(&sha, &cert->source[idx], length + cert->srcIdx - idx);
-    if (nameType == ISSUER)
-        wc_ShaFinal(&sha, cert->issuerHash);
-    else
-        wc_ShaFinal(&sha, cert->subjectHash);
 
     length += cert->srcIdx;
     idx = 0;
@@ -3811,19 +3821,18 @@ static int DecodeAuthKeyId(byte* input, int sz, DecodedCert* cert)
         cert->extAuthKeyIdSz = length;
     #endif /* OPENSSL_EXTRA */
 
-    if (length == SHA_SIZE) {
+    if (length == KEYID_SIZE) {
         XMEMCPY(cert->extAuthKeyId, input + idx, length);
     }
     else {
-        Sha sha;
-        ret = wc_InitSha(&sha);
-        if (ret != 0)
-            return ret;
-        wc_ShaUpdate(&sha, input + idx, length);
-        wc_ShaFinal(&sha, cert->extAuthKeyId);
+    #ifdef NO_SHA
+        ret = wc_Sha256Hash(input + idx, length, cert->extAuthKeyId);
+    #else
+        ret = wc_ShaHash(input + idx, length, cert->extAuthKeyId);
+    #endif
     }
 
-    return 0;
+    return ret;
 }
 
 
@@ -3853,12 +3862,11 @@ static int DecodeSubjKeyId(byte* input, int sz, DecodedCert* cert)
         XMEMCPY(cert->extSubjKeyId, input + idx, length);
     }
     else {
-        Sha sha;
-        ret = wc_InitSha(&sha);
-        if (ret != 0)
-            return ret;
-        wc_ShaUpdate(&sha, input + idx, length);
-        wc_ShaFinal(&sha, cert->extSubjKeyId);
+    #ifdef NO_SHA
+        ret = wc_Sha256Hash(input + idx, length, cert->extSubjKeyId);
+    #else
+        ret = wc_ShaHash(input + idx, length, cert->extSubjKeyId);
+    #endif
     }
 
     return ret;
@@ -4355,12 +4363,15 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm)
     #ifndef NO_SKID
         if (cert->extSubjKeyIdSet == 0
                           && cert->publicKey != NULL && cert->pubKeySize > 0) {
-            Sha sha;
-            ret = wc_InitSha(&sha);
+        #ifdef NO_SHA
+            ret = wc_Sha256Hash(cert->publicKey, cert->pubKeySize,
+                                                            cert->extSubjKeyId);
+        #else
+            ret = wc_ShaHash(cert->publicKey, cert->pubKeySize,
+                                                            cert->extSubjKeyId);
+        #endif
             if (ret != 0)
                 return ret;
-            wc_ShaUpdate(&sha, cert->publicKey, cert->pubKeySize);
-            wc_ShaFinal(&sha, cert->extSubjKeyId);
         }
     #endif
 
@@ -4379,14 +4390,15 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm)
         if (ca) {
 #ifdef HAVE_OCSP
             /* Need the ca's public key hash for OCSP */
-            {
-                Sha sha;
-                ret = wc_InitSha(&sha);
-                if (ret != 0)
-                    return ret;
-                wc_ShaUpdate(&sha, ca->publicKey, ca->pubKeySize);
-                wc_ShaFinal(&sha, cert->issuerKeyHash);
-            }
+    #ifdef NO_SHA
+            ret = wc_Sha256Hash(ca->publicKey, ca->pubKeySize,
+                                cert->issuerKeyHash);
+    #else /* NO_SHA */
+            ret = wc_ShaHash(ca->publicKey, ca->pubKeySize,
+                                cert->issuerKeyHash);
+    #endif /* NO_SHA */
+            if (ret != 0)
+                return ret;
 #endif /* HAVE_OCSP */
             /* try to confirm/verify signature */
             if (!ConfirmSignature(cert->source + cert->certBegin,
@@ -7343,13 +7355,18 @@ int EncodeOcspRequest(OcspRequest* req)
 
     WOLFSSL_ENTER("EncodeOcspRequest");
 
+#ifdef NO_SHA
+    algoSz = SetAlgoID(SHA256h, algoArray, hashType, 0);
+#else
     algoSz = SetAlgoID(SHAh, algoArray, hashType, 0);
+#endif
 
     req->issuerHash = req->cert->issuerHash;
-    issuerSz = SetDigest(req->cert->issuerHash, SHA_SIZE, issuerArray);
-    
+    issuerSz = SetDigest(req->cert->issuerHash, KEYID_SIZE, issuerArray);
+
     req->issuerKeyHash = req->cert->issuerKeyHash;
-    issuerKeySz = SetDigest(req->cert->issuerKeyHash, SHA_SIZE, issuerKeyArray);
+    issuerKeySz = SetDigest(req->cert->issuerKeyHash,
+                                                    KEYID_SIZE, issuerKeyArray);
 
     req->serial = req->cert->serial;
     req->serialSz = req->cert->serialSz;
@@ -7453,14 +7470,14 @@ int CompareOcspReqResp(OcspRequest* req, OcspResponse* resp)
         }
     }
 
-    cmp = XMEMCMP(req->issuerHash, resp->issuerHash, SHA_DIGEST_SIZE);
+    cmp = XMEMCMP(req->issuerHash, resp->issuerHash, KEYID_SIZE);
     if (cmp != 0)
     {
         WOLFSSL_MSG("\tissuerHash mismatch");
         return cmp;
     }
 
-    cmp = XMEMCMP(req->issuerKeyHash, resp->issuerKeyHash, SHA_DIGEST_SIZE);
+    cmp = XMEMCMP(req->issuerKeyHash, resp->issuerKeyHash, KEYID_SIZE);
     if (cmp != 0)
     {
         WOLFSSL_MSG("\tissuerKeyHash mismatch");
@@ -7487,13 +7504,12 @@ int CompareOcspReqResp(OcspRequest* req, OcspResponse* resp)
 #endif
 
 
-/* store SHA1 hash of NAME */
+/* store SHA hash of NAME */
 WOLFSSL_LOCAL int GetNameHash(const byte* source, word32* idx, byte* hash,
                              int maxIdx)
 {
-    Sha    sha;
     int    length;  /* length of all distinguished names */
-    int    ret = 0;
+    int    ret;
     word32 dummy;
 
     WOLFSSL_ENTER("GetNameHash");
@@ -7515,15 +7531,15 @@ WOLFSSL_LOCAL int GetNameHash(const byte* source, word32* idx, byte* hash,
     if (GetSequence(source, idx, &length, maxIdx) < 0)
         return ASN_PARSE_E;
 
-    ret = wc_InitSha(&sha);
-    if (ret != 0)
-        return ret;
-    wc_ShaUpdate(&sha, source + dummy, length + *idx - dummy);
-    wc_ShaFinal(&sha, hash);
+#ifdef NO_SHA
+    ret = wc_Sha256Hash(source + dummy, length + *idx - dummy, hash);
+#else
+    ret = wc_ShaHash(source + dummy, length + *idx - dummy, hash);
+#endif
 
     *idx += length;
 
-    return 0;
+    return ret;
 }
 
 
diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c
index 1e46ee608..2f66ea216 100644
--- a/wolfcrypt/src/pkcs7.c
+++ b/wolfcrypt/src/pkcs7.c
@@ -188,7 +188,7 @@ int wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* cert, word32 certSz)
 
         XMEMCPY(pkcs7->publicKey, dCert->publicKey, dCert->pubKeySize);
         pkcs7->publicKeySz = dCert->pubKeySize;
-        XMEMCPY(pkcs7->issuerHash, dCert->issuerHash, SHA_SIZE);
+        XMEMCPY(pkcs7->issuerHash, dCert->issuerHash, KEYID_SIZE);
         pkcs7->issuer = dCert->issuerRaw;
         pkcs7->issuerSz = dCert->issuerRawLen;
         XMEMCPY(pkcs7->issuerSn, dCert->serial, dCert->serialSz);
diff --git a/wolfcrypt/src/pwdbased.c b/wolfcrypt/src/pwdbased.c
index 745493982..b9764d8d0 100644
--- a/wolfcrypt/src/pwdbased.c
+++ b/wolfcrypt/src/pwdbased.c
@@ -68,6 +68,7 @@
 #endif /* WOLFSSL_HAVE_MIN */
 
 
+#ifndef NO_SHA
 /* PBKDF1 needs at least SHA available */
 int wc_PBKDF1(byte* output, const byte* passwd, int pLen, const byte* salt,
            int sLen, int iterations, int kLen, int hashType)
@@ -130,6 +131,7 @@ int wc_PBKDF1(byte* output, const byte* passwd, int pLen, const byte* salt,
 
     return 0;
 }
+#endif /* NO_SHA */
 
 
 int GetDigestSize(int hashType)
@@ -142,9 +144,11 @@ int GetDigestSize(int hashType)
             hLen = MD5_DIGEST_SIZE;
             break;
 #endif
+#ifndef NO_SHA
         case SHA:
             hLen = SHA_DIGEST_SIZE;
             break;
+#endif
 #ifndef NO_SHA256
         case SHA256:
             hLen = SHA256_DIGEST_SIZE;
@@ -264,10 +268,12 @@ int GetPKCS12HashSizes(int hashType, word32* v, word32* u)
             *u = MD5_DIGEST_SIZE;
             break;
 #endif
+#ifndef NO_SHA
         case SHA:
             *v = SHA_BLOCK_SIZE;
             *u = SHA_DIGEST_SIZE;
             break;
+#endif
 #ifndef NO_SHA256
         case SHA256:
             *v = SHA256_BLOCK_SIZE;
@@ -313,6 +319,7 @@ int DoPKCS12Hash(int hashType, byte* buffer, word32 totalLen,
             }
             break;
 #endif /* NO_MD5 */
+#ifndef NO_SHA
         case SHA:
             {
                 Sha sha;
@@ -328,6 +335,7 @@ int DoPKCS12Hash(int hashType, byte* buffer, word32 totalLen,
                 }
             }
             break;
+#endif /* NO_SHA */
 #ifndef NO_SHA256
         case SHA256:
             {
diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c
index 8dac3b8ea..6620a5fda 100644
--- a/wolfcrypt/test/test.c
+++ b/wolfcrypt/test/test.c
@@ -4409,9 +4409,10 @@ int openssl_test(void)
 {
     EVP_MD_CTX md_ctx;
     testVector a, b, c, d, e, f;
-    byte       hash[SHA_DIGEST_SIZE*4];  /* max size */
+    byte       hash[SHA256_DIGEST_SIZE*2];  /* max size */
 
     (void)a;
+    (void)b;
     (void)c;
     (void)e;
     (void)f;
@@ -4436,6 +4437,8 @@ int openssl_test(void)
 
 #endif /* NO_MD5 */
 
+#ifndef NO_SHA
+
     b.input  = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
                "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
                "aaaaaaaaaa";
@@ -4453,6 +4456,8 @@ int openssl_test(void)
     if (memcmp(hash, b.output, SHA_DIGEST_SIZE) != 0)
         return -72;
 
+#endif /* NO_SHA */
+
 
     d.input  = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
     d.output = "\x24\x8D\x6A\x61\xD2\x06\x38\xB8\xE5\xC0\x26\x93\x0C\x3E\x60"
@@ -4656,22 +4661,22 @@ int pkcs12_test(void)
     byte  derived[64];
 
     const byte verify[] = {
-        0x8A, 0xAA, 0xE6, 0x29, 0x7B, 0x6C, 0xB0, 0x46,
-        0x42, 0xAB, 0x5B, 0x07, 0x78, 0x51, 0x28, 0x4E,
-        0xB7, 0x12, 0x8F, 0x1A, 0x2A, 0x7F, 0xBC, 0xA3
+        0x27, 0xE9, 0x0D, 0x7E, 0xD5, 0xA1, 0xC4, 0x11,
+        0xBA, 0x87, 0x8B, 0xC0, 0x90, 0xF5, 0xCE, 0xBE,
+        0x5E, 0x9D, 0x5F, 0xE3, 0xD6, 0x2B, 0x73, 0xAA
     };
 
     const byte verify2[] = {
-        0x48, 0x3D, 0xD6, 0xE9, 0x19, 0xD7, 0xDE, 0x2E,
-        0x8E, 0x64, 0x8B, 0xA8, 0xF8, 0x62, 0xF3, 0xFB,
-        0xFB, 0xDC, 0x2B, 0xCB, 0x2C, 0x02, 0x95, 0x7F
+        0x90, 0x1B, 0x49, 0x70, 0xF0, 0x94, 0xF0, 0xF8,
+        0x45, 0xC0, 0xF3, 0xF3, 0x13, 0x59, 0x18, 0x6A,
+        0x35, 0xE3, 0x67, 0xFE, 0xD3, 0x21, 0xFD, 0x7C
     };
 
     int id         =  1;
     int kLen       = 24;
     int iterations =  1;
-    int ret = wc_PKCS12_PBKDF(derived, passwd, sizeof(passwd), salt, 8, iterations,
-                           kLen, SHA, id);
+    int ret = wc_PKCS12_PBKDF(derived, passwd, sizeof(passwd), salt, 8,
+                                                  iterations, kLen, SHA256, id);
 
     if (ret < 0)
         return -103;
@@ -4680,8 +4685,8 @@ int pkcs12_test(void)
         return -104;
 
     iterations = 1000;
-    ret = wc_PKCS12_PBKDF(derived, passwd2, sizeof(passwd2), salt2, 8, iterations,
-                       kLen, SHA, id);
+    ret = wc_PKCS12_PBKDF(derived, passwd2, sizeof(passwd2), salt2, 8,
+                                                  iterations, kLen, SHA256, id);
     if (ret < 0)
         return -105;
 
@@ -4701,12 +4706,12 @@ int pbkdf2_test(void)
     byte  derived[64];
 
     const byte verify[] = {
-        0xba, 0x9b, 0x3b, 0x95, 0x04, 0x4d, 0x78, 0x11, 0xec, 0xa1, 0xff, 0x3f,
-        0xea, 0x3a, 0xdb, 0x55, 0x3e, 0x54, 0x0b, 0xa0, 0x9f, 0xad, 0xe6, 0x81
+        0x43, 0x6d, 0xb5, 0xe8, 0xd0, 0xfb, 0x3f, 0x35, 0x42, 0x48, 0x39, 0xbc,
+        0x2d, 0xd4, 0xf9, 0x37, 0xd4, 0x95, 0x16, 0xa7, 0x2a, 0x9a, 0x21, 0xd1
     };
 
     int ret = wc_PBKDF2(derived, (byte*)passwd, (int)strlen(passwd), salt, 8,
-                                                         iterations, kLen, SHA);
+                                                      iterations, kLen, SHA256);
     if (ret != 0)
         return ret;
 
@@ -4717,6 +4722,7 @@ int pbkdf2_test(void)
 }
 
 
+#ifndef NO_SHA
 int pbkdf1_test(void)
 {
     char passwd[] = "password";
@@ -4738,11 +4744,15 @@ int pbkdf1_test(void)
 
     return 0;
 }
+#endif
 
 
 int pwdbased_test(void)
 {
-   int ret =  pbkdf1_test();
+   int ret = 0;
+#ifndef NO_SHA
+   ret += pbkdf1_test();
+#endif
    ret += pbkdf2_test();
 
    return ret + pkcs12_test();
@@ -4968,7 +4978,8 @@ int ecc_test(void)
     if (ret != 0)
         return -1017;
 
-#if (defined(HAVE_ECC192) && defined(HAVE_ECC224)) || defined(HAVE_ALL_CURVES)
+#if !defined(NO_SHA) && \
+    ((defined(HAVE_ECC192) && defined(HAVE_ECC224)) || defined(HAVE_ALL_CURVES))
     {
         /* test raw ECC key import */
         Sha sha;
diff --git a/wolfssl/internal.h b/wolfssl/internal.h
index d4dc91247..7434841dd 100644
--- a/wolfssl/internal.h
+++ b/wolfssl/internal.h
@@ -433,13 +433,15 @@ typedef byte word24[3];
             #endif
         #endif
         #if !defined(NO_DES3)
-            #if !defined(NO_RSA)
-                #define BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
-                #define BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
-            #endif
+            #ifndef NO_SHA
+                #if !defined(NO_RSA)
+                    #define BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
+                    #define BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
+                #endif
 
-            #define BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
-            #define BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
+                #define BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
+                #define BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
+            #endif /* NO_SHA */
         #endif
     #endif
 
@@ -1152,10 +1154,10 @@ struct WOLFSSL_CIPHER {
 
 typedef struct OCSP_Entry OCSP_Entry;
 
-#ifdef SHA_DIGEST_SIZE
-    #define OCSP_DIGEST_SIZE SHA_DIGEST_SIZE
+#ifdef NO_SHA
+    #define OCSP_DIGEST_SIZE SHA256_DIGEST_SIZE
 #else
-    #define OCSP_DIGEST_SIZE 160
+    #define OCSP_DIGEST_SIZE SHA_DIGEST_SIZE
 #endif
 
 #ifdef NO_ASN 
@@ -1189,10 +1191,10 @@ struct WOLFSSL_OCSP {
 
 typedef struct CRL_Entry CRL_Entry;
 
-#ifdef SHA_DIGEST_SIZE
-    #define CRL_DIGEST_SIZE SHA_DIGEST_SIZE
+#ifdef NO_SHA
+    #define CRL_DIGEST_SIZE SHA256_DIGEST_SIZE
 #else
-    #define CRL_DIGEST_SIZE 160
+    #define CRL_DIGEST_SIZE SHA_DIGEST_SIZE
 #endif
 
 #ifdef NO_ASN 
diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h
index 7511cdfc4..10d0943bb 100644
--- a/wolfssl/wolfcrypt/asn.h
+++ b/wolfssl/wolfcrypt/asn.h
@@ -48,6 +48,7 @@
 #ifndef NO_MD5
     #include <wolfssl/wolfcrypt/md5.h>
 #endif
+#include <wolfssl/wolfcrypt/sha256.h>
 #include <wolfssl/wolfcrypt/asn_public.h>   /* public interface */
 #ifdef HAVE_ECC
     #include <wolfssl/wolfcrypt/ecc.h>
@@ -138,7 +139,11 @@ enum Misc_ASN {
     ASN_BOOL_SIZE       =   2,     /* including type */
     ASN_ECC_HEADER_SZ   =   2,     /* String type + 1 byte len */
     ASN_ECC_CONTEXT_SZ  =   2,     /* Content specific type + 1 byte len */
-    SHA_SIZE            =  20,
+#ifdef NO_SHA
+    KEYID_SIZE          = SHA256_DIGEST_SIZE,
+#else
+    KEYID_SIZE          = SHA_DIGEST_SIZE,
+#endif
     RSA_INTS            =   8,     /* RSA ints in private key */
     MIN_DATE_SIZE       =  13,
     MAX_DATE_SIZE       =  32,
@@ -353,10 +358,10 @@ struct DecodedCert {
     Base_entry* permittedNames;      /* Permitted name bases             */
     Base_entry* excludedNames;       /* Excluded name bases              */
 #endif /* IGNORE_NAME_CONSTRAINTS */
-    byte    subjectHash[SHA_SIZE];   /* hash of all Names                */
-    byte    issuerHash[SHA_SIZE];    /* hash of all Names                */
+    byte    subjectHash[KEYID_SIZE]; /* hash of all Names                */
+    byte    issuerHash[KEYID_SIZE];  /* hash of all Names                */
 #ifdef HAVE_OCSP
-    byte    issuerKeyHash[SHA_SIZE]; /* hash of the public Key           */
+    byte    issuerKeyHash[KEYID_SIZE]; /* hash of the public Key         */
 #endif /* HAVE_OCSP */
     byte*   signature;               /* not owned, points into raw cert  */
     char*   subjectCN;               /* CommonName                       */
@@ -379,9 +384,9 @@ struct DecodedCert {
     int     extAuthInfoSz;           /* length of the URI                */
     byte*   extCrlInfo;              /* CRL Distribution Points          */
     int     extCrlInfoSz;            /* length of the URI                */
-    byte    extSubjKeyId[SHA_SIZE];  /* Subject Key ID                   */
+    byte    extSubjKeyId[KEYID_SIZE]; /* Subject Key ID                  */
     byte    extSubjKeyIdSet;         /* Set when the SKID was read from cert */
-    byte    extAuthKeyId[SHA_SIZE];  /* Authority Key ID                 */
+    byte    extAuthKeyId[KEYID_SIZE]; /* Authority Key ID                */
     byte    extAuthKeyIdSet;         /* Set when the AKID was read from cert */
 #ifndef IGNORE_NAME_CONSTRAINTS
     byte    extNameConstraintSet;
@@ -471,10 +476,10 @@ struct DecodedCert {
 };
 
 
-#ifdef SHA_DIGEST_SIZE
-    #define SIGNER_DIGEST_SIZE SHA_DIGEST_SIZE
+#ifdef NO_SHA
+    #define SIGNER_DIGEST_SIZE SHA256_DIGEST_SIZE
 #else
-    #define SIGNER_DIGEST_SIZE 20
+    #define SIGNER_DIGEST_SIZE SHA_DIGEST_SIZE
 #endif
 
 /* CA Signers */
@@ -710,8 +715,8 @@ struct DecodedCRL {
     word32  sigLength;               /* length of signature              */
     word32  signatureOID;            /* sum of algorithm object id       */
     byte*   signature;               /* pointer into raw source, not owned */
-    byte    issuerHash[SHA_DIGEST_SIZE];  /* issuer hash                 */
-    byte    crlHash[SHA_DIGEST_SIZE];     /* raw crl data hash           */
+    byte    issuerHash[SIGNER_DIGEST_SIZE]; /* issuer hash               */
+    byte    crlHash[SIGNER_DIGEST_SIZE]; /* raw crl data hash            */
     byte    lastDate[MAX_DATE_SIZE]; /* last date updated  */
     byte    nextDate[MAX_DATE_SIZE]; /* next update date   */
     byte    lastDateFormat;          /* format of last date */
diff --git a/wolfssl/wolfcrypt/pkcs7.h b/wolfssl/wolfcrypt/pkcs7.h
index c748f4514..e39a12b9d 100644
--- a/wolfssl/wolfcrypt/pkcs7.h
+++ b/wolfssl/wolfcrypt/pkcs7.h
@@ -80,7 +80,7 @@ typedef struct PKCS7 {
 
     byte*  singleCert;            /* recipient cert, DER, not owner       */
     word32 singleCertSz;          /* size of recipient cert buffer, bytes */
-    byte issuerHash[SHA_SIZE];    /* hash of all alt Names                */
+    byte issuerHash[KEYID_SIZE];  /* hash of all alt Names                */
     byte*  issuer;                /* issuer name of singleCert            */
     word32 issuerSz;              /* length of issuer name                */
     byte issuerSn[MAX_SN_SZ];     /* singleCert's serial number           */

From a7a00a4bd5092124dc94620c75a695caf1479a58 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= <moises@wolfssl.com>
Date: Thu, 28 May 2015 17:04:15 -0300
Subject: [PATCH 104/350] remove trailing spaces.

---
 wolfcrypt/src/integer.c | 278 ++++++++++++++++++++--------------------
 1 file changed, 139 insertions(+), 139 deletions(-)

diff --git a/wolfcrypt/src/integer.c b/wolfcrypt/src/integer.c
index eaf538283..ecf117c43 100644
--- a/wolfcrypt/src/integer.c
+++ b/wolfcrypt/src/integer.c
@@ -33,7 +33,7 @@
 /* in case user set USE_FAST_MATH there */
 #include <wolfssl/wolfcrypt/settings.h>
 
-#ifndef NO_BIG_INT 
+#ifndef NO_BIG_INT
 
 #ifndef USE_FAST_MATH
 
@@ -168,7 +168,7 @@ mp_count_bits (mp_int * a)
 
   /* get number of digits and add that */
   r = (a->used - 1) * DIGIT_BIT;
-  
+
   /* take the last digit and count the bits in it */
   q = a->dp[a->used - 1];
   while (q > ((mp_digit) 0)) {
@@ -416,7 +416,7 @@ void mp_zero (mp_int * a)
 }
 
 
-/* trim unused digits 
+/* trim unused digits
  *
  * This is used to ensure that leading zero digits are
  * trimed and the leading "used" digit will be non-zero
@@ -440,7 +440,7 @@ mp_clamp (mp_int * a)
 }
 
 
-/* swap the elements of two integers, for cases where you can't simply swap the 
+/* swap the elements of two integers, for cases where you can't simply swap the
  * mp_int pointers around
  */
 void
@@ -513,8 +513,8 @@ void mp_rshd (mp_int * a, int b)
     /* top [offset into digits] */
     top = a->dp + b;
 
-    /* this is implemented as a sliding window where 
-     * the window is b-digits long and digits from 
+    /* this is implemented as a sliding window where
+     * the window is b-digits long and digits from
      * the top of the window are copied to the bottom
      *
      * e.g.
@@ -532,7 +532,7 @@ void mp_rshd (mp_int * a, int b)
       *bottom++ = 0;
     }
   }
-  
+
   /* remove excess digits */
   a->used -= b;
 }
@@ -662,7 +662,7 @@ int mp_mul_2d (mp_int * a, int b, mp_int * c)
       /* set the carry to the carry bits of the current word */
       r = rr;
     }
-    
+
     /* set final carry */
     if (r != 0) {
        c->dp[(c->used)++] = r;
@@ -765,7 +765,7 @@ int mp_exptmod (mp_int * G, mp_int * X, mp_int * P, mp_int * Y)
      mp_clear(&tmpG);
      mp_clear(&tmpX);
      return err;
-#else 
+#else
      /* no invmod */
      return MP_VAL;
 #endif
@@ -793,7 +793,7 @@ int mp_exptmod (mp_int * G, mp_int * X, mp_int * P, mp_int * Y)
      dr = mp_reduce_is_2k(P) << 1;
   }
 #endif
-    
+
   /* if the modulus is odd or dr != 0 use the montgomery method */
 #ifdef BN_MP_EXPTMOD_FAST_C
   if (mp_isodd (P) == 1 || dr !=  0) {
@@ -813,7 +813,7 @@ int mp_exptmod (mp_int * G, mp_int * X, mp_int * P, mp_int * Y)
 }
 
 
-/* b = |a| 
+/* b = |a|
  *
  * Simple function copies the input and fixes the sign to positive
  */
@@ -857,10 +857,10 @@ int mp_invmod (mp_int * a, mp_int * b, mp_int * c)
 }
 
 
-/* computes the modular inverse via binary extended euclidean algorithm, 
- * that is c = 1/a mod b 
+/* computes the modular inverse via binary extended euclidean algorithm,
+ * that is c = 1/a mod b
  *
- * Based on slow invmod except this is optimized for the case where b is 
+ * Based on slow invmod except this is optimized for the case where b is
  * odd as per HAC Note 14.64 on pp. 610
  */
 int fast_mp_invmod (mp_int * a, mp_int * b, mp_int * c)
@@ -1006,7 +1006,7 @@ int mp_invmod_slow (mp_int * a, mp_int * b, mp_int * c)
   }
 
   /* init temps */
-  if ((res = mp_init_multi(&x, &y, &u, &v, 
+  if ((res = mp_init_multi(&x, &y, &u, &v,
                            &A, &B)) != MP_OKAY) {
      return res;
   }
@@ -1138,14 +1138,14 @@ top:
          goto LBL_ERR;
       }
   }
-  
+
   /* too big */
   while (mp_cmp_mag(&C, b) != MP_LT) {
       if ((res = mp_sub(&C, b, &C)) != MP_OKAY) {
          goto LBL_ERR;
       }
   }
-  
+
   /* C is now the inverse */
   mp_exch (&C, c);
   res = MP_OKAY;
@@ -1171,7 +1171,7 @@ int mp_cmp_mag (mp_int * a, mp_int * b)
   if (a->used > b->used) {
     return MP_GT;
   }
-  
+
   if (a->used < b->used) {
     return MP_LT;
   }
@@ -1208,7 +1208,7 @@ mp_cmp (mp_int * a, mp_int * b)
         return MP_GT;
      }
   }
-  
+
   /* compare digits */
   if (a->sign == MP_NEG) {
      /* if negative compare opposite direction */
@@ -1303,7 +1303,7 @@ int mp_div(mp_int * a, mp_int * b, mp_int * c, mp_int * d)
     }
     return res;
   }
-	
+
   /* init our temps */
   if ((res = mp_init_multi(&ta, &tb, &tq, &q, 0, 0)) != MP_OKAY) {
      return res;
@@ -1313,7 +1313,7 @@ int mp_div(mp_int * a, mp_int * b, mp_int * c, mp_int * d)
   mp_set(&tq, 1);
   n = mp_count_bits(a) - mp_count_bits(b);
   if (((res = mp_abs(a, &ta)) != MP_OKAY) ||
-      ((res = mp_abs(b, &tb)) != MP_OKAY) || 
+      ((res = mp_abs(b, &tb)) != MP_OKAY) ||
       ((res = mp_mul_2d(&tb, n, &tb)) != MP_OKAY) ||
       ((res = mp_mul_2d(&tq, n, &tq)) != MP_OKAY)) {
       goto LBL_ERR;
@@ -1491,8 +1491,8 @@ s_mp_add (mp_int * a, mp_int * b, mp_int * c)
       *tmpc++ &= MP_MASK;
     }
 
-    /* now copy higher words if any, that is in A+B 
-     * if A or B has more digits add those in 
+    /* now copy higher words if any, that is in A+B
+     * if A or B has more digits add those in
      */
     if (min != max) {
       for (; i < max; i++) {
@@ -1631,7 +1631,7 @@ mp_sub (mp_int * a, mp_int * b, mp_int * c)
 int mp_reduce_is_2k_l(mp_int *a)
 {
    int ix, iy;
-   
+
    if (a->used == 0) {
       return MP_NO;
    } else if (a->used == 1) {
@@ -1644,7 +1644,7 @@ int mp_reduce_is_2k_l(mp_int *a)
           }
       }
       return (iy >= (a->used/2)) ? MP_YES : MP_NO;
-      
+
    }
    return MP_NO;
 }
@@ -1655,7 +1655,7 @@ int mp_reduce_is_2k(mp_int *a)
 {
    int ix, iy, iw;
    mp_digit iz;
-   
+
    if (a->used == 0) {
       return MP_NO;
    } else if (a->used == 1) {
@@ -1664,7 +1664,7 @@ int mp_reduce_is_2k(mp_int *a)
       iy = mp_count_bits(a);
       iz = 1;
       iw = 1;
-    
+
       /* Test every bit from the second digit up, must be 1 */
       for (ix = DIGIT_BIT; ix < iy; ix++) {
           if ((a->dp[iw] & iz) == 0) {
@@ -1774,7 +1774,7 @@ int mp_exptmod_fast (mp_int * G, mp_int * X, mp_int * P, mp_int * Y,
 
   /* determine and setup reduction code */
   if (redmode == 0) {
-#ifdef BN_MP_MONTGOMERY_SETUP_C     
+#ifdef BN_MP_MONTGOMERY_SETUP_C
      /* now setup montgomery  */
      if ((err = mp_montgomery_setup (P, &mp)) != MP_OKAY) {
         goto LBL_M;
@@ -1790,7 +1790,7 @@ int mp_exptmod_fast (mp_int * G, mp_int * X, mp_int * P, mp_int * Y,
      if (((P->used * 2 + 1) < MP_WARRAY) &&
           P->used < (1 << ((CHAR_BIT * sizeof (mp_word)) - (2 * DIGIT_BIT)))) {
         redux = fast_mp_montgomery_reduce;
-     } else 
+     } else
 #endif
      {
 #ifdef BN_MP_MONTGOMERY_REDUCE_C
@@ -1841,7 +1841,7 @@ int mp_exptmod_fast (mp_int * G, mp_int * X, mp_int * P, mp_int * Y,
      if ((err = mp_montgomery_calc_normalization (&res, P)) != MP_OKAY) {
        goto LBL_RES;
      }
-#else 
+#else
      err = MP_VAL;
      goto LBL_RES;
 #endif
@@ -2075,7 +2075,7 @@ int fast_mp_montgomery_reduce (mp_int * x, mp_int * n, mp_digit rho)
 
 #ifdef WOLFSSL_SMALL_STACK
   W = (mp_word*)XMALLOC(sizeof(mp_word) * MP_WARRAY, 0, DYNAMIC_TYPE_BIGINT);
-  if (W == NULL)    
+  if (W == NULL)
     return MP_MEM;
 #endif
 
@@ -2316,7 +2316,7 @@ void mp_dr_setup(mp_int *a, mp_digit *d)
    /* the casts are required if DIGIT_BIT is one less than
     * the number of bits in a mp_digit [e.g. DIGIT_BIT==31]
     */
-   *d = (mp_digit)((((mp_word)1) << ((mp_word)DIGIT_BIT)) - 
+   *d = (mp_digit)((((mp_word)1) << ((mp_word)DIGIT_BIT)) -
         ((mp_word)a->dp[0]));
 }
 
@@ -2400,35 +2400,35 @@ int mp_reduce_2k(mp_int *a, mp_int *n, mp_digit d)
 {
    mp_int q;
    int    p, res;
-   
+
    if ((res = mp_init(&q)) != MP_OKAY) {
       return res;
    }
-   
-   p = mp_count_bits(n);    
+
+   p = mp_count_bits(n);
 top:
    /* q = a/2**p, a = a mod 2**p */
    if ((res = mp_div_2d(a, p, &q, a)) != MP_OKAY) {
       goto ERR;
    }
-   
+
    if (d != 1) {
       /* q = q * d */
-      if ((res = mp_mul_d(&q, d, &q)) != MP_OKAY) { 
+      if ((res = mp_mul_d(&q, d, &q)) != MP_OKAY) {
          goto ERR;
       }
    }
-   
+
    /* a = a + q */
    if ((res = s_mp_add(a, &q, a)) != MP_OKAY) {
       goto ERR;
    }
-   
+
    if (mp_cmp_mag(a, n) != MP_LT) {
       s_mp_sub(a, n, a);
       goto top;
    }
-   
+
 ERR:
    mp_clear(&q);
    return res;
@@ -2440,29 +2440,29 @@ int mp_reduce_2k_setup(mp_int *a, mp_digit *d)
 {
    int res, p;
    mp_int tmp;
-   
+
    if ((res = mp_init(&tmp)) != MP_OKAY) {
       return res;
    }
-   
+
    p = mp_count_bits(a);
    if ((res = mp_2expt(&tmp, p)) != MP_OKAY) {
       mp_clear(&tmp);
       return res;
    }
-   
+
    if ((res = s_mp_sub(&tmp, a, &tmp)) != MP_OKAY) {
       mp_clear(&tmp);
       return res;
    }
-   
+
    *d = tmp.dp[0];
    mp_clear(&tmp);
    return MP_OKAY;
 }
 
 
-/* computes a = 2**b 
+/* computes a = 2**b
  *
  * Simple algorithm which zeroes the int, grows it then just sets one bit
  * as required.
@@ -2578,8 +2578,8 @@ mp_sqr (mp_int * a, mp_int * b)
   {
 #ifdef BN_FAST_S_MP_SQR_C
     /* can we use the fast comba multiplier? */
-    if ((a->used * 2 + 1) < MP_WARRAY && 
-         a->used < 
+    if ((a->used * 2 + 1) < MP_WARRAY &&
+         a->used <
          (1 << (sizeof(mp_word) * CHAR_BIT - 2*DIGIT_BIT - 1))) {
       res = fast_s_mp_sqr (a, b);
     } else
@@ -2604,18 +2604,18 @@ int mp_mul (mp_int * a, mp_int * b, mp_int * c)
   {
     /* can we use the fast multiplier?
      *
-     * The fast multiplier can be used if the output will 
-     * have less than MP_WARRAY digits and the number of 
+     * The fast multiplier can be used if the output will
+     * have less than MP_WARRAY digits and the number of
      * digits won't affect carry propagation
      */
     int     digs = a->used + b->used + 1;
 
 #ifdef BN_FAST_S_MP_MUL_DIGS_C
     if ((digs < MP_WARRAY) &&
-        MIN(a->used, b->used) <= 
+        MIN(a->used, b->used) <=
         (1 << ((CHAR_BIT * sizeof (mp_word)) - (2 * DIGIT_BIT)))) {
       res = fast_s_mp_mul_digs (a, b, c, digs);
-    } else 
+    } else
 #endif
 #ifdef BN_S_MP_MUL_DIGS_C
       res = s_mp_mul (a, b, c); /* uses s_mp_mul_digs */
@@ -2649,24 +2649,24 @@ int mp_mul_2(mp_int * a, mp_int * b)
 
     /* alias for source */
     tmpa = a->dp;
-    
+
     /* alias for dest */
     tmpb = b->dp;
 
     /* carry */
     r = 0;
     for (x = 0; x < a->used; x++) {
-    
-      /* get what will be the *next* carry bit from the 
-       * MSB of the current digit 
+
+      /* get what will be the *next* carry bit from the
+       * MSB of the current digit
        */
       rr = *tmpa >> ((mp_digit)(DIGIT_BIT - 1));
-      
+
       /* now shift up this digit, add in the carry [from the previous] */
       *tmpb++ = ((*tmpa++ << ((mp_digit)1)) | r) & MP_MASK;
-      
-      /* copy the carry that would be from the source 
-       * digit into the next iteration 
+
+      /* copy the carry that would be from the source
+       * digit into the next iteration
        */
       r = rr;
     }
@@ -2678,8 +2678,8 @@ int mp_mul_2(mp_int * a, mp_int * b)
       ++(b->used);
     }
 
-    /* now zero any excess digits on the destination 
-     * that we didn't write to 
+    /* now zero any excess digits on the destination
+     * that we didn't write to
      */
     tmpb = b->dp + b->used;
     for (x = b->used; x < oldused; x++) {
@@ -2699,14 +2699,14 @@ mp_div_3 (mp_int * a, mp_int *c, mp_digit * d)
   mp_word  w, t;
   mp_digit b;
   int      res, ix;
-  
+
   /* b = 2**DIGIT_BIT / 3 */
   b = (mp_digit) ( (((mp_word)1) << ((mp_word)DIGIT_BIT)) / ((mp_word)3) );
 
   if ((res = mp_init_size(&q, a->used)) != MP_OKAY) {
      return res;
   }
-  
+
   q.used = a->used;
   q.sign = a->sign;
   w = 0;
@@ -2744,7 +2744,7 @@ mp_div_3 (mp_int * a, mp_int *c, mp_digit * d)
      mp_exch(&q, c);
   }
   mp_clear(&q);
-  
+
   return res;
 }
 
@@ -2755,8 +2755,8 @@ int mp_init_size (mp_int * a, int size)
   int x;
 
   /* pad size so there are always extra digits */
-  size += (MP_PREC * 2) - (size % MP_PREC);	
-  
+  size += (MP_PREC * 2) - (size % MP_PREC);
+
   /* alloc mem */
   a->dp = OPT_CAST(mp_digit) XMALLOC (sizeof (mp_digit) * size, 0,
                                       DYNAMIC_TYPE_BIGINT);
@@ -2779,10 +2779,10 @@ int mp_init_size (mp_int * a, int size)
 
 
 /* the jist of squaring...
- * you do like mult except the offset of the tmpx [one that 
- * starts closer to zero] can't equal the offset of tmpy.  
+ * you do like mult except the offset of the tmpx [one that
+ * starts closer to zero] can't equal the offset of tmpy.
  * So basically you set up iy like before then you min it with
- * (ty-tx) so that it never happens.  You double all those 
+ * (ty-tx) so that it never happens.  You double all those
  * you add in the inner loop
 
 After that loop you do the squares and add them in.
@@ -2812,13 +2812,13 @@ int fast_s_mp_sqr (mp_int * a, mp_int * b)
 
 #ifdef WOLFSSL_SMALL_STACK
   W = (mp_digit*)XMALLOC(sizeof(mp_digit) * MP_WARRAY, 0, DYNAMIC_TYPE_BIGINT);
-  if (W == NULL)    
+  if (W == NULL)
     return MP_MEM;
 #endif
 
   /* number of output digits to produce */
   W1 = 0;
-  for (ix = 0; ix < pa; ix++) { 
+  for (ix = 0; ix < pa; ix++) {
       int      tx, ty, iy;
       mp_word  _W;
       mp_digit *tmpy;
@@ -2839,7 +2839,7 @@ int fast_s_mp_sqr (mp_int * a, mp_int * b)
        */
       iy = MIN(a->used-tx, ty+1);
 
-      /* now for squaring tx can never equal ty 
+      /* now for squaring tx can never equal ty
        * we halve the distance since they approach at a rate of 2x
        * and we have to round because odd cases need to be executed
        */
@@ -2893,15 +2893,15 @@ int fast_s_mp_sqr (mp_int * a, mp_int * b)
 
 /* Fast (comba) multiplier
  *
- * This is the fast column-array [comba] multiplier.  It is 
- * designed to compute the columns of the product first 
- * then handle the carries afterwards.  This has the effect 
+ * This is the fast column-array [comba] multiplier.  It is
+ * designed to compute the columns of the product first
+ * then handle the carries afterwards.  This has the effect
  * of making the nested loops that compute the columns very
  * simple and schedulable on super-scalar processors.
  *
- * This has been modified to produce a variable number of 
- * digits of output so if say only a half-product is required 
- * you don't have to compute the upper half (a feature 
+ * This has been modified to produce a variable number of
+ * digits of output so if say only a half-product is required
+ * you don't have to compute the upper half (a feature
  * required for fast Barrett reduction).
  *
  * Based on Algorithm 14.12 on pp.595 of HAC.
@@ -2931,13 +2931,13 @@ int fast_s_mp_mul_digs (mp_int * a, mp_int * b, mp_int * c, int digs)
 
 #ifdef WOLFSSL_SMALL_STACK
   W = (mp_digit*)XMALLOC(sizeof(mp_digit) * MP_WARRAY, 0, DYNAMIC_TYPE_BIGINT);
-  if (W == NULL)    
+  if (W == NULL)
     return MP_MEM;
 #endif
 
   /* clear the carry */
   _W = 0;
-  for (ix = 0; ix < pa; ix++) { 
+  for (ix = 0; ix < pa; ix++) {
       int      tx, ty;
       int      iy;
       mp_digit *tmpx, *tmpy;
@@ -2950,7 +2950,7 @@ int fast_s_mp_mul_digs (mp_int * a, mp_int * b, mp_int * c, int digs)
       tmpx = a->dp + tx;
       tmpy = b->dp + ty;
 
-      /* this is the number of times the loop will iterrate, essentially 
+      /* this is the number of times the loop will iterrate, essentially
          while (tx++ < a->used && ty-- >= 0) { ... }
        */
       iy = MIN(a->used-tx, ty+1);
@@ -3028,7 +3028,7 @@ int s_mp_sqr (mp_int * a, mp_int * b)
 
     /* alias for where to store the results */
     tmpt        = t.dp + (2*ix + 1);
-    
+
     for (iy = ix + 1; iy < pa; iy++) {
       /* first calculate the product */
       r       = ((mp_word)tmpx) * ((mp_word)a->dp[iy]);
@@ -3060,7 +3060,7 @@ int s_mp_sqr (mp_int * a, mp_int * b)
 
 
 /* multiplies |a| * |b| and only computes upto digs digits of result
- * HAC pp. 595, Algorithm 14.12  Modified so you can control how 
+ * HAC pp. 595, Algorithm 14.12  Modified so you can control how
  * many digits of output are created.
  */
 int s_mp_mul_digs (mp_int * a, mp_int * b, mp_int * c, int digs)
@@ -3073,7 +3073,7 @@ int s_mp_mul_digs (mp_int * a, mp_int * b, mp_int * c, int digs)
 
   /* can we use the fast multiplier? */
   if (((digs) < MP_WARRAY) &&
-      MIN (a->used, b->used) < 
+      MIN (a->used, b->used) <
           (1 << ((CHAR_BIT * sizeof (mp_word)) - (2 * DIGIT_BIT)))) {
     return fast_s_mp_mul_digs (a, b, c, digs);
   }
@@ -3095,10 +3095,10 @@ int s_mp_mul_digs (mp_int * a, mp_int * b, mp_int * c, int digs)
     /* setup some aliases */
     /* copy of the digit from a used within the nested loop */
     tmpx = a->dp[ix];
-    
+
     /* an alias for the destination shifted ix places */
     tmpt = t.dp + ix;
-    
+
     /* an alias for the digits of b */
     tmpy = b->dp;
 
@@ -3208,7 +3208,7 @@ int s_mp_exptmod (mp_int * G, mp_int * X, mp_int * P, mp_int * Y, int redmode)
   /* init M array */
   /* init first cell */
   if ((err = mp_init(&M[1])) != MP_OKAY) {
-     return err; 
+     return err;
   }
 
   /* now init the second half of the array */
@@ -3226,7 +3226,7 @@ int s_mp_exptmod (mp_int * G, mp_int * X, mp_int * P, mp_int * Y, int redmode)
   if ((err = mp_init (&mu)) != MP_OKAY) {
     goto LBL_M;
   }
-  
+
   if (redmode == 0) {
      if ((err = mp_reduce_setup (&mu, P)) != MP_OKAY) {
         goto LBL_MU;
@@ -3237,22 +3237,22 @@ int s_mp_exptmod (mp_int * G, mp_int * X, mp_int * P, mp_int * Y, int redmode)
         goto LBL_MU;
      }
      redux = mp_reduce_2k_l;
-  }    
+  }
 
   /* create M table
    *
-   * The M table contains powers of the base, 
+   * The M table contains powers of the base,
    * e.g. M[x] = G**x mod P
    *
-   * The first half of the table is not 
+   * The first half of the table is not
    * computed though accept for M[0] and M[1]
    */
   if ((err = mp_mod (G, P, &M[1])) != MP_OKAY) {
     goto LBL_MU;
   }
 
-  /* compute the value at M[1<<(winsize-1)] by squaring 
-   * M[1] (winsize-1) times 
+  /* compute the value at M[1<<(winsize-1)] by squaring
+   * M[1] (winsize-1) times
    */
   if ((err = mp_copy (&M[1], &M[(mp_digit)(1 << (winsize - 1))])) != MP_OKAY) {
     goto LBL_MU;
@@ -3260,7 +3260,7 @@ int s_mp_exptmod (mp_int * G, mp_int * X, mp_int * P, mp_int * Y, int redmode)
 
   for (x = 0; x < (winsize - 1); x++) {
     /* square it */
-    if ((err = mp_sqr (&M[(mp_digit)(1 << (winsize - 1))], 
+    if ((err = mp_sqr (&M[(mp_digit)(1 << (winsize - 1))],
                        &M[(mp_digit)(1 << (winsize - 1))])) != MP_OKAY) {
       goto LBL_MU;
     }
@@ -3407,7 +3407,7 @@ LBL_M:
 int mp_reduce_setup (mp_int * a, mp_int * b)
 {
   int     res;
-  
+
   if ((res = mp_2expt (a, b->used * 2 * DIGIT_BIT)) != MP_OKAY) {
     return res;
   }
@@ -3415,7 +3415,7 @@ int mp_reduce_setup (mp_int * a, mp_int * b)
 }
 
 
-/* reduces x mod m, assumes 0 < x < m**2, mu is 
+/* reduces x mod m, assumes 0 < x < m**2, mu is
  * precomputed via mp_reduce_setup.
  * From HAC pp.604 Algorithm 14.42
  */
@@ -3430,7 +3430,7 @@ int mp_reduce (mp_int * x, mp_int * m, mp_int * mu)
   }
 
   /* q1 = x / b**(k-1)  */
-  mp_rshd (&q, um - 1);         
+  mp_rshd (&q, um - 1);
 
   /* according to HAC this optimization is ok */
   if (((mp_word) um) > (((mp_digit)1) << (DIGIT_BIT - 1))) {
@@ -3446,8 +3446,8 @@ int mp_reduce (mp_int * x, mp_int * m, mp_int * mu)
     if ((res = fast_s_mp_mul_high_digs (&q, mu, &q, um)) != MP_OKAY) {
       goto CLEANUP;
     }
-#else 
-    { 
+#else
+    {
       res = MP_VAL;
       goto CLEANUP;
     }
@@ -3455,7 +3455,7 @@ int mp_reduce (mp_int * x, mp_int * m, mp_int * mu)
   }
 
   /* q3 = q2 / b**(k+1) */
-  mp_rshd (&q, um + 1);         
+  mp_rshd (&q, um + 1);
 
   /* x = x mod b**(k+1), quick (no division) */
   if ((res = mp_mod_2d (x, DIGIT_BIT * (um + 1), x)) != MP_OKAY) {
@@ -3487,7 +3487,7 @@ int mp_reduce (mp_int * x, mp_int * m, mp_int * mu)
       goto CLEANUP;
     }
   }
-  
+
 CLEANUP:
   mp_clear (&q);
 
@@ -3495,7 +3495,7 @@ CLEANUP:
 }
 
 
-/* reduces a modulo n where n is of the form 2**p - d 
+/* reduces a modulo n where n is of the form 2**p - d
    This differs from reduce_2k since "d" can be larger
    than a single digit.
 */
@@ -3503,33 +3503,33 @@ int mp_reduce_2k_l(mp_int *a, mp_int *n, mp_int *d)
 {
    mp_int q;
    int    p, res;
-   
+
    if ((res = mp_init(&q)) != MP_OKAY) {
       return res;
    }
-   
-   p = mp_count_bits(n);    
+
+   p = mp_count_bits(n);
 top:
    /* q = a/2**p, a = a mod 2**p */
    if ((res = mp_div_2d(a, p, &q, a)) != MP_OKAY) {
       goto ERR;
    }
-   
+
    /* q = q * d */
-   if ((res = mp_mul(&q, d, &q)) != MP_OKAY) { 
+   if ((res = mp_mul(&q, d, &q)) != MP_OKAY) {
       goto ERR;
    }
-   
+
    /* a = a + q */
    if ((res = s_mp_add(a, &q, a)) != MP_OKAY) {
       goto ERR;
    }
-   
+
    if (mp_cmp_mag(a, n) != MP_LT) {
       s_mp_sub(a, n, a);
       goto top;
    }
-   
+
 ERR:
    mp_clear(&q);
    return res;
@@ -3541,19 +3541,19 @@ int mp_reduce_2k_setup_l(mp_int *a, mp_int *d)
 {
    int    res;
    mp_int tmp;
-   
+
    if ((res = mp_init(&tmp)) != MP_OKAY) {
       return res;
    }
-   
+
    if ((res = mp_2expt(&tmp, mp_count_bits(a))) != MP_OKAY) {
       goto ERR;
    }
-   
+
    if ((res = s_mp_sub(&tmp, a, d)) != MP_OKAY) {
       goto ERR;
    }
-   
+
 ERR:
    mp_clear(&tmp);
    return res;
@@ -3650,17 +3650,17 @@ int fast_s_mp_mul_high_digs (mp_int * a, mp_int * b, mp_int * c, int digs)
 
   if (pa > MP_WARRAY)
     return MP_RANGE;  /* TAO range check */
-  
+
 #ifdef WOLFSSL_SMALL_STACK
   W = (mp_digit*)XMALLOC(sizeof(mp_digit) * MP_WARRAY, 0, DYNAMIC_TYPE_BIGINT);
-  if (W == NULL)    
+  if (W == NULL)
     return MP_MEM;
 #endif
 
   /* number of output digits to produce */
   pa = a->used + b->used;
   _W = 0;
-  for (ix = digs; ix < pa; ix++) { 
+  for (ix = digs; ix < pa; ix++) {
       int      tx, ty, iy;
       mp_digit *tmpx, *tmpy;
 
@@ -3672,7 +3672,7 @@ int fast_s_mp_mul_high_digs (mp_int * a, mp_int * b, mp_int * c, int digs)
       tmpx = a->dp + tx;
       tmpy = b->dp + ty;
 
-      /* this is the number of times the loop will iterrate, essentially its 
+      /* this is the number of times the loop will iterrate, essentially its
          while (tx++ < a->used && ty-- >= 0) { ... }
        */
       iy = MIN(a->used-tx, ty+1);
@@ -3688,7 +3688,7 @@ int fast_s_mp_mul_high_digs (mp_int * a, mp_int * b, mp_int * c, int digs)
       /* make next carry */
       _W = _W >> ((mp_word)DIGIT_BIT);
   }
-  
+
   /* setup dest */
   olduse  = c->used;
   c->used = pa;
@@ -3723,7 +3723,7 @@ int mp_set_int (mp_int * a, unsigned long b)
   int     x, res;
 
   mp_zero (a);
-  
+
   /* set four bits at a time */
   for (x = 0; x < 8; x++) {
     /* shift the number up four bits */
@@ -4036,13 +4036,13 @@ static int mp_div_d (mp_int * a, mp_digit b, mp_int * c, mp_digit * d)
   if ((res = mp_init_size(&q, a->used)) != MP_OKAY) {
      return res;
   }
-  
+
   q.used = a->used;
   q.sign = a->sign;
   w = 0;
   for (ix = a->used - 1; ix >= 0; ix--) {
      w = (w << ((mp_word)DIGIT_BIT)) | ((mp_word)a->dp[ix]);
-     
+
      if (w >= b) {
         t = (mp_digit)(w / b);
         w -= ((mp_word)t) * ((mp_word)b);
@@ -4051,17 +4051,17 @@ static int mp_div_d (mp_int * a, mp_digit b, mp_int * c, mp_digit * d)
       }
       q.dp[ix] = (mp_digit)t;
   }
-  
+
   if (d != NULL) {
      *d = (mp_digit)w;
   }
-  
+
   if (c != NULL) {
      mp_clamp(&q);
      mp_exch(&q, c);
   }
   mp_clear(&q);
-  
+
   return res;
 }
 
@@ -4117,11 +4117,11 @@ const mp_digit ltm_prime_tab[] = {
 };
 
 
-/* Miller-Rabin test of "a" to the base of "b" as described in 
+/* Miller-Rabin test of "a" to the base of "b" as described in
  * HAC pp. 139 Algorithm 4.24
  *
  * Sets result to 0 if definitely composite or 1 if probably prime.
- * Randomly the chance of error is no more than 1/4 and often 
+ * Randomly the chance of error is no more than 1/4 and often
  * very much lower.
  */
 static int mp_prime_miller_rabin (mp_int * a, mp_int * b, int *result)
@@ -4135,7 +4135,7 @@ static int mp_prime_miller_rabin (mp_int * a, mp_int * b, int *result)
   /* ensure b > 1 */
   if (mp_cmp_d(b, 1) != MP_GT) {
      return MP_VAL;
-  }     
+  }
 
   /* get n1 = a - 1 */
   if ((err = mp_init_copy (&n1, a)) != MP_OKAY) {
@@ -4200,7 +4200,7 @@ LBL_N1:mp_clear (&n1);
 }
 
 
-/* determines if an integers is divisible by one 
+/* determines if an integers is divisible by one
  * of the first PRIME_SIZE primes or not
  *
  * sets result to 0 if not, 1 if yes
@@ -4392,17 +4392,17 @@ int mp_gcd (mp_int * a, mp_int * b, mp_int * c)
             /* swap u and v to make sure v is >= u */
             mp_exch(&u, &v);
         }
-     
+
         /* subtract smallest from largest */
         if ((res = s_mp_sub(&v, &u, &v)) != MP_OKAY) {
             goto LBL_V;
         }
-     
+
         /* Divide out all factors of two */
         if ((res = mp_div_2d(&v, mp_cnt_lsb(&v), &v, NULL)) != MP_OKAY) {
             goto LBL_V;
-        } 
-    } 
+        }
+    }
 
     /* multiply by 2**k which we divided out at the beginning */
     if ((res = mp_mul_2d (&u, k, c)) != MP_OKAY) {
@@ -4439,8 +4439,8 @@ int mp_read_radix (mp_int * a, const char *str, int radix)
     return MP_VAL;
   }
 
-  /* if the leading digit is a 
-   * minus set the sign to negative. 
+  /* if the leading digit is a
+   * minus set the sign to negative.
    */
   if (*str == '-') {
     ++str;
@@ -4451,7 +4451,7 @@ int mp_read_radix (mp_int * a, const char *str, int radix)
 
   /* set the integer to the default of zero */
   mp_zero (a);
-  
+
   /* process each digit of the string */
   while (*str) {
     /* if the radix < 36 the conversion is case insensitive
@@ -4465,9 +4465,9 @@ int mp_read_radix (mp_int * a, const char *str, int radix)
       }
     }
 
-    /* if the char was found in the map 
+    /* if the char was found in the map
      * and is less than the given radix add it
-     * to the number, otherwise exit the loop. 
+     * to the number, otherwise exit the loop.
      */
     if (y < radix) {
       if ((res = mp_mul_d (a, (mp_digit) radix, a)) != MP_OKAY) {
@@ -4481,7 +4481,7 @@ int mp_read_radix (mp_int * a, const char *str, int radix)
     }
     ++str;
   }
-  
+
   /* set the sign only if a != 0 */
   if (mp_iszero(a) != 1) {
      a->sign = neg;

From ed655653906fd955be02599d7bb83a219eacbdc8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= <moises@wolfssl.com>
Date: Thu, 28 May 2015 17:11:29 -0300
Subject: [PATCH 105/350] integer.c: refactoring mp_exptmod_fast to reduce
 stack usage: --- variable M moved to the heap (512 bytes saved)

---
 wolfcrypt/src/integer.c | 29 +++++++++++++++++++++++++++--
 1 file changed, 27 insertions(+), 2 deletions(-)

diff --git a/wolfcrypt/src/integer.c b/wolfcrypt/src/integer.c
index ecf117c43..b3ce4203e 100644
--- a/wolfcrypt/src/integer.c
+++ b/wolfcrypt/src/integer.c
@@ -1721,16 +1721,27 @@ int mp_dr_is_modulus(mp_int *a)
 int mp_exptmod_fast (mp_int * G, mp_int * X, mp_int * P, mp_int * Y,
                      int redmode)
 {
-  mp_int  M[TAB_SIZE], res;
+  mp_int res;
   mp_digit buf, mp;
   int     err, bitbuf, bitcpy, bitcnt, mode, digidx, x, y, winsize;
-
+#ifdef WOLFSSL_SMALL_STACK
+  mp_int* M = NULL;
+#else
+  mp_int M[TAB_SIZE];
+#endif
   /* use a pointer to the reduction algorithm.  This allows us to use
    * one of many reduction algorithms without modding the guts of
    * the code with if statements everywhere.
    */
   int     (*redux)(mp_int*,mp_int*,mp_digit);
 
+#ifdef WOLFSSL_SMALL_STACK
+  M = (mp_int*) XMALLOC(sizeof(mp_int) * TAB_SIZE, NULL,
+                                                       DYNAMIC_TYPE_TMP_BUFFER);
+  if (M == NULL)
+    return MP_MEM;
+#endif
+
   /* find window size */
   x = mp_count_bits (X);
   if (x <= 7) {
@@ -1758,6 +1769,10 @@ int mp_exptmod_fast (mp_int * G, mp_int * X, mp_int * P, mp_int * Y,
   /* init M array */
   /* init first cell */
   if ((err = mp_init(&M[1])) != MP_OKAY) {
+#ifdef WOLFSSL_SMALL_STACK
+  XFREE(M, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+
      return err;
   }
 
@@ -1768,6 +1783,11 @@ int mp_exptmod_fast (mp_int * G, mp_int * X, mp_int * P, mp_int * Y,
         mp_clear (&M[y]);
       }
       mp_clear(&M[1]);
+
+#ifdef WOLFSSL_SMALL_STACK
+      XFREE(M, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+
       return err;
     }
   }
@@ -2002,6 +2022,11 @@ LBL_M:
   for (x = 1<<(winsize-1); x < (1 << winsize); x++) {
     mp_clear (&M[x]);
   }
+
+#ifdef WOLFSSL_SMALL_STACK
+  XFREE(M, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+
   return err;
 }
 

From 3d41595ed490b305ee3c2c99dbadf4aae1c88bc4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= <moises@wolfssl.com>
Date: Fri, 29 May 2015 12:02:06 -0300
Subject: [PATCH 106/350] internal.c: refactoring TimingPadVerify to reduce
 stack usage: --- variable dummy replaced with ssl object (~250 bytes saved)

internal.c: refactoring VerifyMac to reduce stack usage:
--- variable dummy replaced with ssl object (~250 bytes saved)
---
 src/internal.c | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/src/internal.c b/src/internal.c
index d69cc114b..d31ba9fcf 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -6062,11 +6062,10 @@ static int TimingPadVerify(WOLFSSL* ssl, const byte* input, int padLen, int t,
                            int pLen, int content)
 {
     byte verify[MAX_DIGEST_SIZE];
-    byte dummy[MAX_PAD_SIZE];
+    byte dmy[sizeof(WOLFSSL) >= MAX_PAD_SIZE ? 1 : MAX_PAD_SIZE] = {0};
+    byte* dummy = sizeof(dmy) < MAX_PAD_SIZE ? (byte*) ssl : dmy;
     int  ret = 0;
 
-    XMEMSET(dummy, 1, sizeof(dummy));
-
     if ( (t + padLen + 1) > pLen) {
         WOLFSSL_MSG("Plain Len not long enough for pad/mac");
         PadCheck(dummy, (byte)padLen, MAX_PAD_SIZE);
@@ -6300,9 +6299,8 @@ static INLINE int VerifyMac(WOLFSSL* ssl, const byte* input, word32 msgSz,
         else {  /* sslv3, some implementations have bad padding, but don't
                  * allow bad read */
             int  badPadLen = 0;
-            byte dummy[MAX_PAD_SIZE];
-
-            XMEMSET(dummy, 1, sizeof(dummy));
+            byte dmy[sizeof(WOLFSSL) >= MAX_PAD_SIZE ? 1 : MAX_PAD_SIZE] = {0};
+            byte* dummy = sizeof(dmy) < MAX_PAD_SIZE ? (byte*) ssl : dmy;
 
             if (pad > (msgSz - digestSz - 1)) {
                 WOLFSSL_MSG("Plain Len not long enough for pad/mac");

From 644f7a4cdbe671968ffd5073cf883b67e89e7327 Mon Sep 17 00:00:00 2001
From: Takashi Kojo <kojo@wolfssl.com>
Date: Mon, 1 Jun 2015 14:32:36 +0900
Subject: [PATCH 107/350] ti-hash.c included in wc_port.c

---
 wolfcrypt/src/md5.c             | 3 +--
 wolfcrypt/src/port/ti/ti-hash.c | 8 ++++----
 wolfcrypt/src/sha.c             | 3 +--
 wolfcrypt/src/sha256.c          | 6 +-----
 wolfcrypt/src/wc_port.c         | 3 ++-
 5 files changed, 9 insertions(+), 14 deletions(-)

diff --git a/wolfcrypt/src/md5.c b/wolfcrypt/src/md5.c
index 02a24ec15..fbf732add 100644
--- a/wolfcrypt/src/md5.c
+++ b/wolfcrypt/src/md5.c
@@ -29,8 +29,7 @@
 #if !defined(NO_MD5)
 
 #if defined(WOLFSSL_TI_HASH)
-    #define WOLFSSL_TI_MD5
-    #include <wolfcrypt/src/port/ti/ti-hash.c>
+    /* #include <wolfcrypt/src/port/ti/ti-hash.c> included by wc_port.c */
 #else
 
 #ifdef WOLFSSL_PIC32MZ_HASH
diff --git a/wolfcrypt/src/port/ti/ti-hash.c b/wolfcrypt/src/port/ti/ti-hash.c
index f2885298f..4b7f49a20 100644
--- a/wolfcrypt/src/port/ti/ti-hash.c
+++ b/wolfcrypt/src/port/ti/ti-hash.c
@@ -144,7 +144,7 @@ static int hashHash(const byte* data, word32 len, byte* hash, word32 algo, word3
     return ret;
 }
 
-#if !defined(NO_MD5) && defined(WOLFSSL_TI_MD5)
+#if !defined(NO_MD5)
 WOLFSSL_API void wc_InitMd5(Md5* md5)
 {
     if (md5 == NULL)
@@ -175,7 +175,7 @@ WOLFSSL_API int wc_Md5Hash(const byte*data, word32 len, byte*hash)
 
 #endif /* NO_MD5 */
 
-#if !defined(NO_SHA) && defined(WOLFSSL_TI_SHA)
+#if !defined(NO_SHA)
 WOLFSSL_API int wc_InitSha(Sha* sha)
 {
     if (sha == NULL)
@@ -206,7 +206,7 @@ WOLFSSL_API int wc_ShaHash(const byte*data, word32 len, byte*hash)
 
 #endif /* NO_SHA */
 
-#if defined(HAVE_SHA224) && defined(WOLFSSL_TI_SHA224)
+#if defined(HAVE_SHA224)
 WOLFSSL_API int wc_InitSha224(Sha224* sha224)
 {
     if (sha224 == NULL)
@@ -237,7 +237,7 @@ WOLFSSL_API int wc_Sha224Hash(const byte* data, word32 len, byte*hash)
 
 #endif /* HAVE_SHA224 */
 
-#if !defined(NO_SHA256) && defined(WOLFSSL_TI_SHA256)
+#if !defined(NO_SHA256)
 WOLFSSL_API int wc_InitSha256(Sha256* sha256)
 {
     if (sha256 == NULL)
diff --git a/wolfcrypt/src/sha.c b/wolfcrypt/src/sha.c
index f710603cb..be8cf17af 100644
--- a/wolfcrypt/src/sha.c
+++ b/wolfcrypt/src/sha.c
@@ -65,8 +65,7 @@
 #else /* else build without fips */
 
 #if defined(WOLFSSL_TI_HASH)
-    #define WOLFSSL_TI_SHA
-    #include <wolfcrypt/src/port/ti/ti-hash.c>
+    /* #include <wolfcrypt/src/port/ti/ti-hash.c> included by wc_port.c */
 #else
 
 #ifdef WOLFSSL_PIC32MZ_HASH
diff --git a/wolfcrypt/src/sha256.c b/wolfcrypt/src/sha256.c
index bc40798de..f9f02b003 100644
--- a/wolfcrypt/src/sha256.c
+++ b/wolfcrypt/src/sha256.c
@@ -57,11 +57,7 @@ int wc_Sha256Hash(const byte* data, word32 len, byte* out)
 #else /* else build without fips */
 
 #if !defined(NO_SHA256) && defined(WOLFSSL_TI_HASH)
-    #define WOLFSSL_TI_SHA256
-    #ifdef HAVE_SHA224
-        #define WOLFSSL_TI_SHA224
-    #endif
-    #include <wolfcrypt/src/port/ti/ti-hash.c>
+    /* #include <wolfcrypt/src/port/ti/ti-hash.c> included by wc_port.c */
 #else
 
 #if !defined (ALIGN32)
diff --git a/wolfcrypt/src/wc_port.c b/wolfcrypt/src/wc_port.c
index 953a16be4..419033751 100644
--- a/wolfcrypt/src/wc_port.c
+++ b/wolfcrypt/src/wc_port.c
@@ -651,5 +651,6 @@ int UnLockMutex(wolfSSL_Mutex *m)
 #endif /* SINGLE_THREADED */
         
 #if defined(WOLFSSL_TI_CRYPT) ||  defined(WOLFSSL_TI_HASH)
-    #include <wolfcrypt/src/port/ti/ti-ccm.c> /* initialize and Mutex for TI Crypt Engine */
+    #include <wolfcrypt/src/port/ti/ti-ccm.c>  /* initialize and Mutex for TI Crypt Engine */
+    #include <wolfcrypt/src/port/ti/ti-hash.c> /* md5, sha1, sha224, sha256 */
 #endif

From fe3253e618e86cb5a87f5fc4dc86cc39bb3e126d Mon Sep 17 00:00:00 2001
From: Takashi Kojo <kojo@wolfssl.com>
Date: Mon, 1 Jun 2015 20:02:20 +0900
Subject: [PATCH 108/350] IAR/EWARM  wolfSSL name change

---
 .../Projects/CyaSSL-Lib/CyaSSL-Lib.eww        |   16 -
 .../CyaSSL-Lib/wolfCrypt-benchmark.ewp        | 1877 -----------------
 .../CyaSSL-Lib/wolfCrypt-benchmark.icf        |   32 -
 .../Projects/CyaSSL-Lib/wolfCrypt-test.ewp    | 1877 -----------------
 .../Projects/CyaSSL-Lib/wolfCrypt-test.icf    |   31 -
 .../benchmark-main.c                          |    8 +-
 .../Projects/benchmark/current_time.c         |   66 +
 .../wolfCrypt-benchmark.ewd                   | 1457 +------------
 .../benchmark/wolfCrypt-benchmark.ewp         |  981 +++++++++
 .../Projects/common/minimum-startup.c         |   52 +
 IDE/IAR-EWARM/Projects/common/wolfssl.icf     |   11 +
 .../wolfSSL-Lib.ewd}                          |  200 +-
 .../CyaSSL-Lib.ewp => lib/wolfSSL-Lib.ewp}    |  314 +--
 .../Projects/{CyaSSL-Lib => test}/test-main.c |    5 +-
 .../Projects/test/wolfCrypt-test.ewd          | 1374 ++++++++++++
 .../Projects/test/wolfCrypt-test.ewp          |  978 +++++++++
 IDE/IAR-EWARM/Projects/user_settings.h        |   14 +
 IDE/IAR-EWARM/Projects/wolfssl.eww            |  224 ++
 IDE/IAR-EWARM/README                          |   28 +-
 wolfcrypt/benchmark/benchmark.c               |    2 +-
 wolfssl/wolfcrypt/settings.h                  |   11 -
 21 files changed, 4171 insertions(+), 5387 deletions(-)
 delete mode 100644 IDE/IAR-EWARM/Projects/CyaSSL-Lib/CyaSSL-Lib.eww
 delete mode 100644 IDE/IAR-EWARM/Projects/CyaSSL-Lib/wolfCrypt-benchmark.ewp
 delete mode 100644 IDE/IAR-EWARM/Projects/CyaSSL-Lib/wolfCrypt-benchmark.icf
 delete mode 100644 IDE/IAR-EWARM/Projects/CyaSSL-Lib/wolfCrypt-test.ewp
 delete mode 100644 IDE/IAR-EWARM/Projects/CyaSSL-Lib/wolfCrypt-test.icf
 rename IDE/IAR-EWARM/Projects/{CyaSSL-Lib => benchmark}/benchmark-main.c (88%)
 create mode 100644 IDE/IAR-EWARM/Projects/benchmark/current_time.c
 rename IDE/IAR-EWARM/Projects/{CyaSSL-Lib => benchmark}/wolfCrypt-benchmark.ewd (50%)
 create mode 100644 IDE/IAR-EWARM/Projects/benchmark/wolfCrypt-benchmark.ewp
 create mode 100644 IDE/IAR-EWARM/Projects/common/minimum-startup.c
 create mode 100644 IDE/IAR-EWARM/Projects/common/wolfssl.icf
 rename IDE/IAR-EWARM/Projects/{CyaSSL-Lib/wolfCrypt-test.ewd => lib/wolfSSL-Lib.ewd} (94%)
 rename IDE/IAR-EWARM/Projects/{CyaSSL-Lib/CyaSSL-Lib.ewp => lib/wolfSSL-Lib.ewp} (91%)
 rename IDE/IAR-EWARM/Projects/{CyaSSL-Lib => test}/test-main.c (93%)
 create mode 100644 IDE/IAR-EWARM/Projects/test/wolfCrypt-test.ewd
 create mode 100644 IDE/IAR-EWARM/Projects/test/wolfCrypt-test.ewp
 create mode 100644 IDE/IAR-EWARM/Projects/user_settings.h
 create mode 100644 IDE/IAR-EWARM/Projects/wolfssl.eww

diff --git a/IDE/IAR-EWARM/Projects/CyaSSL-Lib/CyaSSL-Lib.eww b/IDE/IAR-EWARM/Projects/CyaSSL-Lib/CyaSSL-Lib.eww
deleted file mode 100644
index 9702cae02..000000000
--- a/IDE/IAR-EWARM/Projects/CyaSSL-Lib/CyaSSL-Lib.eww
+++ /dev/null
@@ -1,16 +0,0 @@
-<?xml version="1.0" encoding="iso-8859-1"?>
-
-<workspace>
-  <project>
-    <path>$WS_DIR$\CyaSSL-Lib.ewp</path>
-  </project>
-  <project>
-    <path>$WS_DIR$\wolfCrypt-benchmark.ewp</path>
-  </project>
-  <project>
-    <path>$WS_DIR$\wolfCrypt-test.ewp</path>
-  </project>
-  <batchBuild/>
-</workspace>
-
-
diff --git a/IDE/IAR-EWARM/Projects/CyaSSL-Lib/wolfCrypt-benchmark.ewp b/IDE/IAR-EWARM/Projects/CyaSSL-Lib/wolfCrypt-benchmark.ewp
deleted file mode 100644
index d61e0a0e9..000000000
--- a/IDE/IAR-EWARM/Projects/CyaSSL-Lib/wolfCrypt-benchmark.ewp
+++ /dev/null
@@ -1,1877 +0,0 @@
-<?xml version="1.0" encoding="iso-8859-1"?>
-
-<project>
-  <fileVersion>2</fileVersion>
-  <configuration>
-    <name>Debug</name>
-    <toolchain>
-      <name>ARM</name>
-    </toolchain>
-    <debug>1</debug>
-    <settings>
-      <name>General</name>
-      <archiveVersion>3</archiveVersion>
-      <data>
-        <version>22</version>
-        <wantNonLocal>1</wantNonLocal>
-        <debug>1</debug>
-        <option>
-          <name>ExePath</name>
-          <state>Debug\Exe</state>
-        </option>
-        <option>
-          <name>ObjPath</name>
-          <state>Debug\Obj</state>
-        </option>
-        <option>
-          <name>ListPath</name>
-          <state>Debug\List</state>
-        </option>
-        <option>
-          <name>Variant</name>
-          <version>20</version>
-          <state>38</state>
-        </option>
-        <option>
-          <name>GEndianMode</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>Input variant</name>
-          <version>3</version>
-          <state>1</state>
-        </option>
-        <option>
-          <name>Input description</name>
-          <state>Full formatting.</state>
-        </option>
-        <option>
-          <name>Output variant</name>
-          <version>2</version>
-          <state>1</state>
-        </option>
-        <option>
-          <name>Output description</name>
-          <state>Full formatting.</state>
-        </option>
-        <option>
-          <name>GOutputBinary</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>FPU</name>
-          <version>2</version>
-          <state>0</state>
-        </option>
-        <option>
-          <name>OGCoreOrChip</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GRuntimeLibSelect</name>
-          <version>0</version>
-          <state>1</state>
-        </option>
-        <option>
-          <name>GRuntimeLibSelectSlave</name>
-          <version>0</version>
-          <state>1</state>
-        </option>
-        <option>
-          <name>RTDescription</name>
-          <state>Use the normal configuration of the C/C++ runtime library. No locale interface, C locale, no file descriptor support, no multibytes in printf and scanf, and no hex floats in strtod.</state>
-        </option>
-        <option>
-          <name>OGProductVersion</name>
-          <state>5.10.0.159</state>
-        </option>
-        <option>
-          <name>OGLastSavedByProductVersion</name>
-          <state>6.60.1.5099</state>
-        </option>
-        <option>
-          <name>GeneralEnableMisra</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GeneralMisraVerbose</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>OGChipSelectEditMenu</name>
-          <state>Default	None</state>
-        </option>
-        <option>
-          <name>GenLowLevelInterface</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>GEndianModeBE</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>OGBufferedTerminalOutput</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenStdoutInterface</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GeneralMisraRules98</name>
-          <version>0</version>
-          <state>1000111110110101101110011100111111101110011011000101110111101101100111111111111100110011111001110111001111111111111111111111111</state>
-        </option>
-        <option>
-          <name>GeneralMisraVer</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GeneralMisraRules04</name>
-          <version>0</version>
-          <state>111101110010111111111000110111111111111111111111111110010111101111010101111111111111111111111111101111111011111001111011111011111111111111111</state>
-        </option>
-        <option>
-          <name>RTConfigPath2</name>
-          <state>$TOOLKIT_DIR$\INC\c\DLib_Config_Normal.h</state>
-        </option>
-        <option>
-          <name>GFPUCoreSlave</name>
-          <version>20</version>
-          <state>38</state>
-        </option>
-        <option>
-          <name>GBECoreSlave</name>
-          <version>20</version>
-          <state>38</state>
-        </option>
-        <option>
-          <name>OGUseCmsis</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>OGUseCmsisDspLib</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GRuntimeLibThreads</name>
-          <state>0</state>
-        </option>
-      </data>
-    </settings>
-    <settings>
-      <name>ICCARM</name>
-      <archiveVersion>2</archiveVersion>
-      <data>
-        <version>29</version>
-        <wantNonLocal>1</wantNonLocal>
-        <debug>1</debug>
-        <option>
-          <name>CCOptimizationNoSizeConstraints</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCDefines</name>
-          <state></state>
-        </option>
-        <option>
-          <name>CCPreprocFile</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCPreprocComments</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCPreprocLine</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCListCFile</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCListCMnemonics</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCListCMessages</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCListAssFile</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCListAssSource</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCEnableRemarks</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCDiagSuppress</name>
-          <state>Pa050</state>
-        </option>
-        <option>
-          <name>CCDiagRemark</name>
-          <state></state>
-        </option>
-        <option>
-          <name>CCDiagWarning</name>
-          <state></state>
-        </option>
-        <option>
-          <name>CCDiagError</name>
-          <state></state>
-        </option>
-        <option>
-          <name>CCObjPrefix</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>CCAllowList</name>
-          <version>1</version>
-          <state>0000000</state>
-        </option>
-        <option>
-          <name>CCDebugInfo</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>IEndianMode</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>IProcessor</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>IExtraOptionsCheck</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IExtraOptions</name>
-          <state></state>
-        </option>
-        <option>
-          <name>CCLangConformance</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCSignedPlainChar</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>CCRequirePrototypes</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCMultibyteSupport</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCDiagWarnAreErr</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCCompilerRuntimeInfo</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IFpuProcessor</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>OutputFile</name>
-          <state>$FILE_BNAME$.o</state>
-        </option>
-        <option>
-          <name>CCLibConfigHeader</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>PreInclude</name>
-          <state></state>
-        </option>
-        <option>
-          <name>CompilerMisraOverride</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCIncludePath2</name>
-          <state>$PROJ_DIR$\..\..\..\..</state>
-        </option>
-        <option>
-          <name>CCStdIncCheck</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCCodeSection</name>
-          <state>.text</state>
-        </option>
-        <option>
-          <name>IInterwork2</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IProcessorMode2</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>CCOptLevel</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>CCOptStrategy</name>
-          <version>0</version>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCOptLevelSlave</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>CompilerMisraRules98</name>
-          <version>0</version>
-          <state>1000111110110101101110011100111111101110011011000101110111101101100111111111111100110011111001110111001111111111111111111111111</state>
-        </option>
-        <option>
-          <name>CompilerMisraRules04</name>
-          <version>0</version>
-          <state>111101110010111111111000110111111111111111111111111110010111101111010101111111111111111111111111101111111011111001111011111011111111111111111</state>
-        </option>
-        <option>
-          <name>CCPosIndRopi</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCPosIndRwpi</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCPosIndNoDynInit</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IccLang</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IccCDialect</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>IccAllowVLA</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IccCppDialect</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>IccExceptions</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>IccRTTI</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>IccStaticDestr</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>IccCppInlineSemantics</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IccCmsis</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>IccFloatSemantics</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCNoLiteralPool</name>
-          <state>0</state>
-        </option>
-      </data>
-    </settings>
-    <settings>
-      <name>AARM</name>
-      <archiveVersion>2</archiveVersion>
-      <data>
-        <version>9</version>
-        <wantNonLocal>1</wantNonLocal>
-        <debug>1</debug>
-        <option>
-          <name>AObjPrefix</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>AEndian</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>ACaseSensitivity</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>MacroChars</name>
-          <version>0</version>
-          <state>0</state>
-        </option>
-        <option>
-          <name>AWarnEnable</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>AWarnWhat</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>AWarnOne</name>
-          <state></state>
-        </option>
-        <option>
-          <name>AWarnRange1</name>
-          <state></state>
-        </option>
-        <option>
-          <name>AWarnRange2</name>
-          <state></state>
-        </option>
-        <option>
-          <name>ADebug</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>AltRegisterNames</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>ADefines</name>
-          <state></state>
-        </option>
-        <option>
-          <name>AList</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>AListHeader</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>AListing</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>Includes</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>MacDefs</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>MacExps</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>MacExec</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>OnlyAssed</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>MultiLine</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>PageLengthCheck</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>PageLength</name>
-          <state>80</state>
-        </option>
-        <option>
-          <name>TabSpacing</name>
-          <state>8</state>
-        </option>
-        <option>
-          <name>AXRef</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>AXRefDefines</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>AXRefInternal</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>AXRefDual</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>AProcessor</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>AFpuProcessor</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>AOutputFile</name>
-          <state>$FILE_BNAME$.o</state>
-        </option>
-        <option>
-          <name>AMultibyteSupport</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>ALimitErrorsCheck</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>ALimitErrorsEdit</name>
-          <state>100</state>
-        </option>
-        <option>
-          <name>AIgnoreStdInclude</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>AUserIncludes</name>
-          <state></state>
-        </option>
-        <option>
-          <name>AExtraOptionsCheckV2</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>AExtraOptionsV2</name>
-          <state></state>
-        </option>
-        <option>
-          <name>AsmNoLiteralPool</name>
-          <state>0</state>
-        </option>
-      </data>
-    </settings>
-    <settings>
-      <name>OBJCOPY</name>
-      <archiveVersion>0</archiveVersion>
-      <data>
-        <version>1</version>
-        <wantNonLocal>1</wantNonLocal>
-        <debug>1</debug>
-        <option>
-          <name>OOCOutputFormat</name>
-          <version>2</version>
-          <state>0</state>
-        </option>
-        <option>
-          <name>OCOutputOverride</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>OOCOutputFile</name>
-          <state>c.srec</state>
-        </option>
-        <option>
-          <name>OOCCommandLineProducer</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>OOCObjCopyEnable</name>
-          <state>0</state>
-        </option>
-      </data>
-    </settings>
-    <settings>
-      <name>CUSTOM</name>
-      <archiveVersion>3</archiveVersion>
-      <data>
-        <extensions></extensions>
-        <cmdline></cmdline>
-      </data>
-    </settings>
-    <settings>
-      <name>BICOMP</name>
-      <archiveVersion>0</archiveVersion>
-      <data/>
-    </settings>
-    <settings>
-      <name>BUILDACTION</name>
-      <archiveVersion>1</archiveVersion>
-      <data>
-        <prebuild></prebuild>
-        <postbuild></postbuild>
-      </data>
-    </settings>
-    <settings>
-      <name>ILINK</name>
-      <archiveVersion>0</archiveVersion>
-      <data>
-        <version>16</version>
-        <wantNonLocal>1</wantNonLocal>
-        <debug>1</debug>
-        <option>
-          <name>IlinkOutputFile</name>
-          <state>benchmark.out</state>
-        </option>
-        <option>
-          <name>IlinkLibIOConfig</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>XLinkMisraHandler</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IlinkInputFileSlave</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IlinkDebugInfoEnable</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>IlinkKeepSymbols</name>
-          <state></state>
-        </option>
-        <option>
-          <name>IlinkRawBinaryFile</name>
-          <state></state>
-        </option>
-        <option>
-          <name>IlinkRawBinarySymbol</name>
-          <state></state>
-        </option>
-        <option>
-          <name>IlinkRawBinarySegment</name>
-          <state></state>
-        </option>
-        <option>
-          <name>IlinkRawBinaryAlign</name>
-          <state></state>
-        </option>
-        <option>
-          <name>IlinkDefines</name>
-          <state></state>
-        </option>
-        <option>
-          <name>IlinkConfigDefines</name>
-          <state></state>
-        </option>
-        <option>
-          <name>IlinkMapFile</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IlinkLogFile</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IlinkLogInitialization</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IlinkLogModule</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IlinkLogSection</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IlinkLogVeneer</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IlinkIcfOverride</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>IlinkIcfFile</name>
-          <state>$PROJ_DIR$\wolfCrypt-benchmark.icf</state>
-        </option>
-        <option>
-          <name>IlinkIcfFileSlave</name>
-          <state></state>
-        </option>
-        <option>
-          <name>IlinkEnableRemarks</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IlinkSuppressDiags</name>
-          <state></state>
-        </option>
-        <option>
-          <name>IlinkTreatAsRem</name>
-          <state></state>
-        </option>
-        <option>
-          <name>IlinkTreatAsWarn</name>
-          <state></state>
-        </option>
-        <option>
-          <name>IlinkTreatAsErr</name>
-          <state></state>
-        </option>
-        <option>
-          <name>IlinkWarningsAreErrors</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IlinkUseExtraOptions</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IlinkExtraOptions</name>
-          <state></state>
-        </option>
-        <option>
-          <name>IlinkLowLevelInterfaceSlave</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>IlinkAutoLibEnable</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>IlinkAdditionalLibs</name>
-          <state>$PROJ_DIR$\Debug\Exe\CyaSSL-Lib.a</state>
-        </option>
-        <option>
-          <name>IlinkOverrideProgramEntryLabel</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IlinkProgramEntryLabelSelect</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IlinkProgramEntryLabel</name>
-          <state>__iar_program_start</state>
-        </option>
-        <option>
-          <name>DoFill</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>FillerByte</name>
-          <state>0xFF</state>
-        </option>
-        <option>
-          <name>FillerStart</name>
-          <state>0x0</state>
-        </option>
-        <option>
-          <name>FillerEnd</name>
-          <state>0x0</state>
-        </option>
-        <option>
-          <name>CrcSize</name>
-          <version>0</version>
-          <state>1</state>
-        </option>
-        <option>
-          <name>CrcAlign</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>CrcPoly</name>
-          <state>0x11021</state>
-        </option>
-        <option>
-          <name>CrcCompl</name>
-          <version>0</version>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CrcBitOrder</name>
-          <version>0</version>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CrcInitialValue</name>
-          <state>0x0</state>
-        </option>
-        <option>
-          <name>DoCrc</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IlinkBE8Slave</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>IlinkBufferedTerminalOutput</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>IlinkStdoutInterfaceSlave</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>CrcFullSize</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IlinkIElfToolPostProcess</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IlinkLogAutoLibSelect</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IlinkLogRedirSymbols</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IlinkLogUnusedFragments</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IlinkCrcReverseByteOrder</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IlinkCrcUseAsInput</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>IlinkOptInline</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IlinkOptExceptionsAllow</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>IlinkOptExceptionsForce</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IlinkCmsis</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>IlinkOptMergeDuplSections</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IlinkOptUseVfe</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>IlinkOptForceVfe</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IlinkStackAnalysisEnable</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IlinkStackControlFile</name>
-          <state></state>
-        </option>
-        <option>
-          <name>IlinkStackCallGraphFile</name>
-          <state></state>
-        </option>
-        <option>
-          <name>CrcAlgorithm</name>
-          <version>0</version>
-          <state>1</state>
-        </option>
-        <option>
-          <name>CrcUnitSize</name>
-          <version>0</version>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IlinkThreadsSlave</name>
-          <state>1</state>
-        </option>
-      </data>
-    </settings>
-    <settings>
-      <name>IARCHIVE</name>
-      <archiveVersion>0</archiveVersion>
-      <data>
-        <version>0</version>
-        <wantNonLocal>1</wantNonLocal>
-        <debug>1</debug>
-        <option>
-          <name>IarchiveInputs</name>
-          <state></state>
-        </option>
-        <option>
-          <name>IarchiveOverride</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IarchiveOutput</name>
-          <state>###Unitialized###</state>
-        </option>
-      </data>
-    </settings>
-    <settings>
-      <name>BILINK</name>
-      <archiveVersion>0</archiveVersion>
-      <data/>
-    </settings>
-  </configuration>
-  <configuration>
-    <name>Release</name>
-    <toolchain>
-      <name>ARM</name>
-    </toolchain>
-    <debug>0</debug>
-    <settings>
-      <name>General</name>
-      <archiveVersion>3</archiveVersion>
-      <data>
-        <version>22</version>
-        <wantNonLocal>1</wantNonLocal>
-        <debug>0</debug>
-        <option>
-          <name>ExePath</name>
-          <state>Release\Exe</state>
-        </option>
-        <option>
-          <name>ObjPath</name>
-          <state>Release\Obj</state>
-        </option>
-        <option>
-          <name>ListPath</name>
-          <state>Release\List</state>
-        </option>
-        <option>
-          <name>Variant</name>
-          <version>20</version>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GEndianMode</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>Input variant</name>
-          <version>3</version>
-          <state>1</state>
-        </option>
-        <option>
-          <name>Input description</name>
-          <state>Full formatting.</state>
-        </option>
-        <option>
-          <name>Output variant</name>
-          <version>2</version>
-          <state>1</state>
-        </option>
-        <option>
-          <name>Output description</name>
-          <state>Full formatting.</state>
-        </option>
-        <option>
-          <name>GOutputBinary</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>FPU</name>
-          <version>2</version>
-          <state>0</state>
-        </option>
-        <option>
-          <name>OGCoreOrChip</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GRuntimeLibSelect</name>
-          <version>0</version>
-          <state>1</state>
-        </option>
-        <option>
-          <name>GRuntimeLibSelectSlave</name>
-          <version>0</version>
-          <state>1</state>
-        </option>
-        <option>
-          <name>RTDescription</name>
-          <state>Use the normal configuration of the C/C++ runtime library. No locale interface, C locale, no file descriptor support, no multibytes in printf and scanf, and no hex floats in strtod.</state>
-        </option>
-        <option>
-          <name>OGProductVersion</name>
-          <state>5.10.0.159</state>
-        </option>
-        <option>
-          <name>OGLastSavedByProductVersion</name>
-          <state>6.30.1.53141</state>
-        </option>
-        <option>
-          <name>GeneralEnableMisra</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GeneralMisraVerbose</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>OGChipSelectEditMenu</name>
-          <state>default	None</state>
-        </option>
-        <option>
-          <name>GenLowLevelInterface</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GEndianModeBE</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>OGBufferedTerminalOutput</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenStdoutInterface</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GeneralMisraRules98</name>
-          <version>0</version>
-          <state>1000111110110101101110011100111111101110011011000101110111101101100111111111111100110011111001110111001111111111111111111111111</state>
-        </option>
-        <option>
-          <name>GeneralMisraVer</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GeneralMisraRules04</name>
-          <version>0</version>
-          <state>111101110010111111111000110111111111111111111111111110010111101111010101111111111111111111111111101111111011111001111011111011111111111111111</state>
-        </option>
-        <option>
-          <name>RTConfigPath2</name>
-          <state>$TOOLKIT_DIR$\INC\c\DLib_Config_Normal.h</state>
-        </option>
-        <option>
-          <name>GFPUCoreSlave</name>
-          <version>20</version>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GBECoreSlave</name>
-          <version>20</version>
-          <state>0</state>
-        </option>
-        <option>
-          <name>OGUseCmsis</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>OGUseCmsisDspLib</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GRuntimeLibThreads</name>
-          <state>0</state>
-        </option>
-      </data>
-    </settings>
-    <settings>
-      <name>ICCARM</name>
-      <archiveVersion>2</archiveVersion>
-      <data>
-        <version>29</version>
-        <wantNonLocal>1</wantNonLocal>
-        <debug>0</debug>
-        <option>
-          <name>CCOptimizationNoSizeConstraints</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCDefines</name>
-          <state>NDEBUG</state>
-        </option>
-        <option>
-          <name>CCPreprocFile</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCPreprocComments</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCPreprocLine</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCListCFile</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCListCMnemonics</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCListCMessages</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCListAssFile</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCListAssSource</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCEnableRemarks</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCDiagSuppress</name>
-          <state></state>
-        </option>
-        <option>
-          <name>CCDiagRemark</name>
-          <state></state>
-        </option>
-        <option>
-          <name>CCDiagWarning</name>
-          <state></state>
-        </option>
-        <option>
-          <name>CCDiagError</name>
-          <state></state>
-        </option>
-        <option>
-          <name>CCObjPrefix</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>CCAllowList</name>
-          <version>1</version>
-          <state>1111111</state>
-        </option>
-        <option>
-          <name>CCDebugInfo</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IEndianMode</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>IProcessor</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>IExtraOptionsCheck</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IExtraOptions</name>
-          <state></state>
-        </option>
-        <option>
-          <name>CCLangConformance</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCSignedPlainChar</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>CCRequirePrototypes</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCMultibyteSupport</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCDiagWarnAreErr</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCCompilerRuntimeInfo</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IFpuProcessor</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>OutputFile</name>
-          <state>$FILE_BNAME$.o</state>
-        </option>
-        <option>
-          <name>CCLibConfigHeader</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>PreInclude</name>
-          <state></state>
-        </option>
-        <option>
-          <name>CompilerMisraOverride</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCIncludePath2</name>
-          <state></state>
-        </option>
-        <option>
-          <name>CCStdIncCheck</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCCodeSection</name>
-          <state>.text</state>
-        </option>
-        <option>
-          <name>IInterwork2</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>IProcessorMode2</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>CCOptLevel</name>
-          <state>3</state>
-        </option>
-        <option>
-          <name>CCOptStrategy</name>
-          <version>0</version>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCOptLevelSlave</name>
-          <state>3</state>
-        </option>
-        <option>
-          <name>CompilerMisraRules98</name>
-          <version>0</version>
-          <state>1000111110110101101110011100111111101110011011000101110111101101100111111111111100110011111001110111001111111111111111111111111</state>
-        </option>
-        <option>
-          <name>CompilerMisraRules04</name>
-          <version>0</version>
-          <state>111101110010111111111000110111111111111111111111111110010111101111010101111111111111111111111111101111111011111001111011111011111111111111111</state>
-        </option>
-        <option>
-          <name>CCPosIndRopi</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCPosIndRwpi</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCPosIndNoDynInit</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IccLang</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IccCDialect</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>IccAllowVLA</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IccCppDialect</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>IccExceptions</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>IccRTTI</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>IccStaticDestr</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>IccCppInlineSemantics</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IccCmsis</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>IccFloatSemantics</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCNoLiteralPool</name>
-          <state>0</state>
-        </option>
-      </data>
-    </settings>
-    <settings>
-      <name>AARM</name>
-      <archiveVersion>2</archiveVersion>
-      <data>
-        <version>9</version>
-        <wantNonLocal>1</wantNonLocal>
-        <debug>0</debug>
-        <option>
-          <name>AObjPrefix</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>AEndian</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>ACaseSensitivity</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>MacroChars</name>
-          <version>0</version>
-          <state>0</state>
-        </option>
-        <option>
-          <name>AWarnEnable</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>AWarnWhat</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>AWarnOne</name>
-          <state></state>
-        </option>
-        <option>
-          <name>AWarnRange1</name>
-          <state></state>
-        </option>
-        <option>
-          <name>AWarnRange2</name>
-          <state></state>
-        </option>
-        <option>
-          <name>ADebug</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>AltRegisterNames</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>ADefines</name>
-          <state></state>
-        </option>
-        <option>
-          <name>AList</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>AListHeader</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>AListing</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>Includes</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>MacDefs</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>MacExps</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>MacExec</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>OnlyAssed</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>MultiLine</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>PageLengthCheck</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>PageLength</name>
-          <state>80</state>
-        </option>
-        <option>
-          <name>TabSpacing</name>
-          <state>8</state>
-        </option>
-        <option>
-          <name>AXRef</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>AXRefDefines</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>AXRefInternal</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>AXRefDual</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>AProcessor</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>AFpuProcessor</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>AOutputFile</name>
-          <state>$FILE_BNAME$.o</state>
-        </option>
-        <option>
-          <name>AMultibyteSupport</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>ALimitErrorsCheck</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>ALimitErrorsEdit</name>
-          <state>100</state>
-        </option>
-        <option>
-          <name>AIgnoreStdInclude</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>AUserIncludes</name>
-          <state></state>
-        </option>
-        <option>
-          <name>AExtraOptionsCheckV2</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>AExtraOptionsV2</name>
-          <state></state>
-        </option>
-        <option>
-          <name>AsmNoLiteralPool</name>
-          <state>0</state>
-        </option>
-      </data>
-    </settings>
-    <settings>
-      <name>OBJCOPY</name>
-      <archiveVersion>0</archiveVersion>
-      <data>
-        <version>1</version>
-        <wantNonLocal>1</wantNonLocal>
-        <debug>0</debug>
-        <option>
-          <name>OOCOutputFormat</name>
-          <version>2</version>
-          <state>0</state>
-        </option>
-        <option>
-          <name>OCOutputOverride</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>OOCOutputFile</name>
-          <state>c.srec</state>
-        </option>
-        <option>
-          <name>OOCCommandLineProducer</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>OOCObjCopyEnable</name>
-          <state>0</state>
-        </option>
-      </data>
-    </settings>
-    <settings>
-      <name>CUSTOM</name>
-      <archiveVersion>3</archiveVersion>
-      <data>
-        <extensions></extensions>
-        <cmdline></cmdline>
-      </data>
-    </settings>
-    <settings>
-      <name>BICOMP</name>
-      <archiveVersion>0</archiveVersion>
-      <data/>
-    </settings>
-    <settings>
-      <name>BUILDACTION</name>
-      <archiveVersion>1</archiveVersion>
-      <data>
-        <prebuild></prebuild>
-        <postbuild></postbuild>
-      </data>
-    </settings>
-    <settings>
-      <name>ILINK</name>
-      <archiveVersion>0</archiveVersion>
-      <data>
-        <version>16</version>
-        <wantNonLocal>1</wantNonLocal>
-        <debug>0</debug>
-        <option>
-          <name>IlinkOutputFile</name>
-          <state>c.out</state>
-        </option>
-        <option>
-          <name>IlinkLibIOConfig</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>XLinkMisraHandler</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IlinkInputFileSlave</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IlinkDebugInfoEnable</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>IlinkKeepSymbols</name>
-          <state></state>
-        </option>
-        <option>
-          <name>IlinkRawBinaryFile</name>
-          <state></state>
-        </option>
-        <option>
-          <name>IlinkRawBinarySymbol</name>
-          <state></state>
-        </option>
-        <option>
-          <name>IlinkRawBinarySegment</name>
-          <state></state>
-        </option>
-        <option>
-          <name>IlinkRawBinaryAlign</name>
-          <state></state>
-        </option>
-        <option>
-          <name>IlinkDefines</name>
-          <state></state>
-        </option>
-        <option>
-          <name>IlinkConfigDefines</name>
-          <state></state>
-        </option>
-        <option>
-          <name>IlinkMapFile</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IlinkLogFile</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IlinkLogInitialization</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IlinkLogModule</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IlinkLogSection</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IlinkLogVeneer</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IlinkIcfOverride</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IlinkIcfFile</name>
-          <state>$TOOLKIT_DIR$\CONFIG\generic.icf</state>
-        </option>
-        <option>
-          <name>IlinkIcfFileSlave</name>
-          <state></state>
-        </option>
-        <option>
-          <name>IlinkEnableRemarks</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IlinkSuppressDiags</name>
-          <state></state>
-        </option>
-        <option>
-          <name>IlinkTreatAsRem</name>
-          <state></state>
-        </option>
-        <option>
-          <name>IlinkTreatAsWarn</name>
-          <state></state>
-        </option>
-        <option>
-          <name>IlinkTreatAsErr</name>
-          <state></state>
-        </option>
-        <option>
-          <name>IlinkWarningsAreErrors</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IlinkUseExtraOptions</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IlinkExtraOptions</name>
-          <state></state>
-        </option>
-        <option>
-          <name>IlinkLowLevelInterfaceSlave</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>IlinkAutoLibEnable</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>IlinkAdditionalLibs</name>
-          <state></state>
-        </option>
-        <option>
-          <name>IlinkOverrideProgramEntryLabel</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IlinkProgramEntryLabelSelect</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IlinkProgramEntryLabel</name>
-          <state></state>
-        </option>
-        <option>
-          <name>DoFill</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>FillerByte</name>
-          <state>0xFF</state>
-        </option>
-        <option>
-          <name>FillerStart</name>
-          <state>0x0</state>
-        </option>
-        <option>
-          <name>FillerEnd</name>
-          <state>0x0</state>
-        </option>
-        <option>
-          <name>CrcSize</name>
-          <version>0</version>
-          <state>1</state>
-        </option>
-        <option>
-          <name>CrcAlign</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>CrcPoly</name>
-          <state>0x11021</state>
-        </option>
-        <option>
-          <name>CrcCompl</name>
-          <version>0</version>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CrcBitOrder</name>
-          <version>0</version>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CrcInitialValue</name>
-          <state>0x0</state>
-        </option>
-        <option>
-          <name>DoCrc</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IlinkBE8Slave</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>IlinkBufferedTerminalOutput</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>IlinkStdoutInterfaceSlave</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>CrcFullSize</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IlinkIElfToolPostProcess</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IlinkLogAutoLibSelect</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IlinkLogRedirSymbols</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IlinkLogUnusedFragments</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IlinkCrcReverseByteOrder</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IlinkCrcUseAsInput</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>IlinkOptInline</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>IlinkOptExceptionsAllow</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>IlinkOptExceptionsForce</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IlinkCmsis</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>IlinkOptMergeDuplSections</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IlinkOptUseVfe</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>IlinkOptForceVfe</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IlinkStackAnalysisEnable</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IlinkStackControlFile</name>
-          <state></state>
-        </option>
-        <option>
-          <name>IlinkStackCallGraphFile</name>
-          <state></state>
-        </option>
-        <option>
-          <name>CrcAlgorithm</name>
-          <version>0</version>
-          <state>1</state>
-        </option>
-        <option>
-          <name>CrcUnitSize</name>
-          <version>0</version>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IlinkThreadsSlave</name>
-          <state>1</state>
-        </option>
-      </data>
-    </settings>
-    <settings>
-      <name>IARCHIVE</name>
-      <archiveVersion>0</archiveVersion>
-      <data>
-        <version>0</version>
-        <wantNonLocal>1</wantNonLocal>
-        <debug>0</debug>
-        <option>
-          <name>IarchiveInputs</name>
-          <state></state>
-        </option>
-        <option>
-          <name>IarchiveOverride</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IarchiveOutput</name>
-          <state>###Unitialized###</state>
-        </option>
-      </data>
-    </settings>
-    <settings>
-      <name>BILINK</name>
-      <archiveVersion>0</archiveVersion>
-      <data/>
-    </settings>
-  </configuration>
-  <file>
-    <name>$PROJ_DIR$\benchmark-main.c</name>
-  </file>
-  <file>
-    <name>$PROJ_DIR$\..\..\..\..\ctaocrypt\benchmark\benchmark.c</name>
-  </file>
-</project>
-
-
diff --git a/IDE/IAR-EWARM/Projects/CyaSSL-Lib/wolfCrypt-benchmark.icf b/IDE/IAR-EWARM/Projects/CyaSSL-Lib/wolfCrypt-benchmark.icf
deleted file mode 100644
index a4ab009ee..000000000
--- a/IDE/IAR-EWARM/Projects/CyaSSL-Lib/wolfCrypt-benchmark.icf
+++ /dev/null
@@ -1,32 +0,0 @@
-/*###ICF### Section handled by ICF editor, don't touch! ****/
-/*-Editor annotation file-*/
-/* IcfEditorFile="$TOOLKIT_DIR$\config\ide\IcfEditor\cortex_v1_0.xml" */
-/*-Specials-*/
-define symbol __ICFEDIT_intvec_start__ = 0x00000000;
-/*-Memory Regions-*/
-define symbol __ICFEDIT_region_ROM_start__ = 0x00000000;
-define symbol __ICFEDIT_region_ROM_end__   = 0x0007FFFF;
-define symbol __ICFEDIT_region_RAM_start__ = 0x20000000;
-define symbol __ICFEDIT_region_RAM_end__   = 0x2000FFFF;
-/*-Sizes-*/
-define symbol __ICFEDIT_size_cstack__ = 0x2000;
-define symbol __ICFEDIT_size_heap__   = 0x2000;
-/**** End of ICF editor section. ###ICF###*/
-
-
-define memory mem with size = 4G;
-define region ROM_region   = mem:[from __ICFEDIT_region_ROM_start__   to __ICFEDIT_region_ROM_end__];
-define region RAM_region   = mem:[from __ICFEDIT_region_RAM_start__   to __ICFEDIT_region_RAM_end__];
-
-define block CSTACK    with alignment = 8, size = __ICFEDIT_size_cstack__   { };
-define block HEAP      with alignment = 8, size = __ICFEDIT_size_heap__     { };
-
-initialize by copy { readwrite };
-//initialize by copy with packing = none { section __DLIB_PERTHREAD }; // Required in a multi-threaded application
-do not initialize  { section .noinit };
-
-place at address mem:__ICFEDIT_intvec_start__ { readonly section .intvec };
-
-place in ROM_region   { readonly };
-place in RAM_region   { readwrite,
-                        block CSTACK, block HEAP };
\ No newline at end of file
diff --git a/IDE/IAR-EWARM/Projects/CyaSSL-Lib/wolfCrypt-test.ewp b/IDE/IAR-EWARM/Projects/CyaSSL-Lib/wolfCrypt-test.ewp
deleted file mode 100644
index 60e146e43..000000000
--- a/IDE/IAR-EWARM/Projects/CyaSSL-Lib/wolfCrypt-test.ewp
+++ /dev/null
@@ -1,1877 +0,0 @@
-<?xml version="1.0" encoding="iso-8859-1"?>
-
-<project>
-  <fileVersion>2</fileVersion>
-  <configuration>
-    <name>Debug</name>
-    <toolchain>
-      <name>ARM</name>
-    </toolchain>
-    <debug>1</debug>
-    <settings>
-      <name>General</name>
-      <archiveVersion>3</archiveVersion>
-      <data>
-        <version>22</version>
-        <wantNonLocal>1</wantNonLocal>
-        <debug>1</debug>
-        <option>
-          <name>ExePath</name>
-          <state>Debug\Exe</state>
-        </option>
-        <option>
-          <name>ObjPath</name>
-          <state>Debug\Obj</state>
-        </option>
-        <option>
-          <name>ListPath</name>
-          <state>Debug\List</state>
-        </option>
-        <option>
-          <name>Variant</name>
-          <version>20</version>
-          <state>38</state>
-        </option>
-        <option>
-          <name>GEndianMode</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>Input variant</name>
-          <version>3</version>
-          <state>1</state>
-        </option>
-        <option>
-          <name>Input description</name>
-          <state>Full formatting.</state>
-        </option>
-        <option>
-          <name>Output variant</name>
-          <version>2</version>
-          <state>1</state>
-        </option>
-        <option>
-          <name>Output description</name>
-          <state>Full formatting.</state>
-        </option>
-        <option>
-          <name>GOutputBinary</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>FPU</name>
-          <version>2</version>
-          <state>0</state>
-        </option>
-        <option>
-          <name>OGCoreOrChip</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GRuntimeLibSelect</name>
-          <version>0</version>
-          <state>2</state>
-        </option>
-        <option>
-          <name>GRuntimeLibSelectSlave</name>
-          <version>0</version>
-          <state>2</state>
-        </option>
-        <option>
-          <name>RTDescription</name>
-          <state>Use the full configuration of the C/C++ runtime library. Full locale interface, C locale, file descriptor support, multibytes in printf and scanf, and hex floats in strtod.</state>
-        </option>
-        <option>
-          <name>OGProductVersion</name>
-          <state>5.10.0.159</state>
-        </option>
-        <option>
-          <name>OGLastSavedByProductVersion</name>
-          <state>6.60.1.5099</state>
-        </option>
-        <option>
-          <name>GeneralEnableMisra</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GeneralMisraVerbose</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>OGChipSelectEditMenu</name>
-          <state>Default	None</state>
-        </option>
-        <option>
-          <name>GenLowLevelInterface</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>GEndianModeBE</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>OGBufferedTerminalOutput</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenStdoutInterface</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GeneralMisraRules98</name>
-          <version>0</version>
-          <state>1000111110110101101110011100111111101110011011000101110111101101100111111111111100110011111001110111001111111111111111111111111</state>
-        </option>
-        <option>
-          <name>GeneralMisraVer</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GeneralMisraRules04</name>
-          <version>0</version>
-          <state>111101110010111111111000110111111111111111111111111110010111101111010101111111111111111111111111101111111011111001111011111011111111111111111</state>
-        </option>
-        <option>
-          <name>RTConfigPath2</name>
-          <state>$TOOLKIT_DIR$\INC\c\DLib_Config_Full.h</state>
-        </option>
-        <option>
-          <name>GFPUCoreSlave</name>
-          <version>20</version>
-          <state>38</state>
-        </option>
-        <option>
-          <name>GBECoreSlave</name>
-          <version>20</version>
-          <state>38</state>
-        </option>
-        <option>
-          <name>OGUseCmsis</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>OGUseCmsisDspLib</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GRuntimeLibThreads</name>
-          <state>0</state>
-        </option>
-      </data>
-    </settings>
-    <settings>
-      <name>ICCARM</name>
-      <archiveVersion>2</archiveVersion>
-      <data>
-        <version>29</version>
-        <wantNonLocal>1</wantNonLocal>
-        <debug>1</debug>
-        <option>
-          <name>CCOptimizationNoSizeConstraints</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCDefines</name>
-          <state></state>
-        </option>
-        <option>
-          <name>CCPreprocFile</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCPreprocComments</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCPreprocLine</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCListCFile</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCListCMnemonics</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCListCMessages</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCListAssFile</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCListAssSource</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCEnableRemarks</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCDiagSuppress</name>
-          <state>Pa050</state>
-        </option>
-        <option>
-          <name>CCDiagRemark</name>
-          <state></state>
-        </option>
-        <option>
-          <name>CCDiagWarning</name>
-          <state></state>
-        </option>
-        <option>
-          <name>CCDiagError</name>
-          <state></state>
-        </option>
-        <option>
-          <name>CCObjPrefix</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>CCAllowList</name>
-          <version>1</version>
-          <state>0000000</state>
-        </option>
-        <option>
-          <name>CCDebugInfo</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>IEndianMode</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>IProcessor</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>IExtraOptionsCheck</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IExtraOptions</name>
-          <state></state>
-        </option>
-        <option>
-          <name>CCLangConformance</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCSignedPlainChar</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>CCRequirePrototypes</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCMultibyteSupport</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCDiagWarnAreErr</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCCompilerRuntimeInfo</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IFpuProcessor</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>OutputFile</name>
-          <state>$FILE_BNAME$.o</state>
-        </option>
-        <option>
-          <name>CCLibConfigHeader</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>PreInclude</name>
-          <state></state>
-        </option>
-        <option>
-          <name>CompilerMisraOverride</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCIncludePath2</name>
-          <state>$PROJ_DIR$\..\..\..\..</state>
-        </option>
-        <option>
-          <name>CCStdIncCheck</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCCodeSection</name>
-          <state>.text</state>
-        </option>
-        <option>
-          <name>IInterwork2</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IProcessorMode2</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>CCOptLevel</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>CCOptStrategy</name>
-          <version>0</version>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCOptLevelSlave</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>CompilerMisraRules98</name>
-          <version>0</version>
-          <state>1000111110110101101110011100111111101110011011000101110111101101100111111111111100110011111001110111001111111111111111111111111</state>
-        </option>
-        <option>
-          <name>CompilerMisraRules04</name>
-          <version>0</version>
-          <state>111101110010111111111000110111111111111111111111111110010111101111010101111111111111111111111111101111111011111001111011111011111111111111111</state>
-        </option>
-        <option>
-          <name>CCPosIndRopi</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCPosIndRwpi</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCPosIndNoDynInit</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IccLang</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IccCDialect</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>IccAllowVLA</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IccCppDialect</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>IccExceptions</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>IccRTTI</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>IccStaticDestr</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>IccCppInlineSemantics</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IccCmsis</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>IccFloatSemantics</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCNoLiteralPool</name>
-          <state>0</state>
-        </option>
-      </data>
-    </settings>
-    <settings>
-      <name>AARM</name>
-      <archiveVersion>2</archiveVersion>
-      <data>
-        <version>9</version>
-        <wantNonLocal>1</wantNonLocal>
-        <debug>1</debug>
-        <option>
-          <name>AObjPrefix</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>AEndian</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>ACaseSensitivity</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>MacroChars</name>
-          <version>0</version>
-          <state>0</state>
-        </option>
-        <option>
-          <name>AWarnEnable</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>AWarnWhat</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>AWarnOne</name>
-          <state></state>
-        </option>
-        <option>
-          <name>AWarnRange1</name>
-          <state></state>
-        </option>
-        <option>
-          <name>AWarnRange2</name>
-          <state></state>
-        </option>
-        <option>
-          <name>ADebug</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>AltRegisterNames</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>ADefines</name>
-          <state></state>
-        </option>
-        <option>
-          <name>AList</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>AListHeader</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>AListing</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>Includes</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>MacDefs</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>MacExps</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>MacExec</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>OnlyAssed</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>MultiLine</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>PageLengthCheck</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>PageLength</name>
-          <state>80</state>
-        </option>
-        <option>
-          <name>TabSpacing</name>
-          <state>8</state>
-        </option>
-        <option>
-          <name>AXRef</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>AXRefDefines</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>AXRefInternal</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>AXRefDual</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>AProcessor</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>AFpuProcessor</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>AOutputFile</name>
-          <state>$FILE_BNAME$.o</state>
-        </option>
-        <option>
-          <name>AMultibyteSupport</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>ALimitErrorsCheck</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>ALimitErrorsEdit</name>
-          <state>100</state>
-        </option>
-        <option>
-          <name>AIgnoreStdInclude</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>AUserIncludes</name>
-          <state></state>
-        </option>
-        <option>
-          <name>AExtraOptionsCheckV2</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>AExtraOptionsV2</name>
-          <state></state>
-        </option>
-        <option>
-          <name>AsmNoLiteralPool</name>
-          <state>0</state>
-        </option>
-      </data>
-    </settings>
-    <settings>
-      <name>OBJCOPY</name>
-      <archiveVersion>0</archiveVersion>
-      <data>
-        <version>1</version>
-        <wantNonLocal>1</wantNonLocal>
-        <debug>1</debug>
-        <option>
-          <name>OOCOutputFormat</name>
-          <version>2</version>
-          <state>0</state>
-        </option>
-        <option>
-          <name>OCOutputOverride</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>OOCOutputFile</name>
-          <state>wolfCrypt-test.srec</state>
-        </option>
-        <option>
-          <name>OOCCommandLineProducer</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>OOCObjCopyEnable</name>
-          <state>0</state>
-        </option>
-      </data>
-    </settings>
-    <settings>
-      <name>CUSTOM</name>
-      <archiveVersion>3</archiveVersion>
-      <data>
-        <extensions></extensions>
-        <cmdline></cmdline>
-      </data>
-    </settings>
-    <settings>
-      <name>BICOMP</name>
-      <archiveVersion>0</archiveVersion>
-      <data/>
-    </settings>
-    <settings>
-      <name>BUILDACTION</name>
-      <archiveVersion>1</archiveVersion>
-      <data>
-        <prebuild></prebuild>
-        <postbuild></postbuild>
-      </data>
-    </settings>
-    <settings>
-      <name>ILINK</name>
-      <archiveVersion>0</archiveVersion>
-      <data>
-        <version>16</version>
-        <wantNonLocal>1</wantNonLocal>
-        <debug>1</debug>
-        <option>
-          <name>IlinkOutputFile</name>
-          <state>test.out</state>
-        </option>
-        <option>
-          <name>IlinkLibIOConfig</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>XLinkMisraHandler</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IlinkInputFileSlave</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IlinkDebugInfoEnable</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>IlinkKeepSymbols</name>
-          <state></state>
-        </option>
-        <option>
-          <name>IlinkRawBinaryFile</name>
-          <state></state>
-        </option>
-        <option>
-          <name>IlinkRawBinarySymbol</name>
-          <state></state>
-        </option>
-        <option>
-          <name>IlinkRawBinarySegment</name>
-          <state></state>
-        </option>
-        <option>
-          <name>IlinkRawBinaryAlign</name>
-          <state></state>
-        </option>
-        <option>
-          <name>IlinkDefines</name>
-          <state></state>
-        </option>
-        <option>
-          <name>IlinkConfigDefines</name>
-          <state></state>
-        </option>
-        <option>
-          <name>IlinkMapFile</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IlinkLogFile</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IlinkLogInitialization</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IlinkLogModule</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IlinkLogSection</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IlinkLogVeneer</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IlinkIcfOverride</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>IlinkIcfFile</name>
-          <state>$PROJ_DIR$\wolfCrypt-test.icf</state>
-        </option>
-        <option>
-          <name>IlinkIcfFileSlave</name>
-          <state></state>
-        </option>
-        <option>
-          <name>IlinkEnableRemarks</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IlinkSuppressDiags</name>
-          <state></state>
-        </option>
-        <option>
-          <name>IlinkTreatAsRem</name>
-          <state></state>
-        </option>
-        <option>
-          <name>IlinkTreatAsWarn</name>
-          <state></state>
-        </option>
-        <option>
-          <name>IlinkTreatAsErr</name>
-          <state></state>
-        </option>
-        <option>
-          <name>IlinkWarningsAreErrors</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IlinkUseExtraOptions</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IlinkExtraOptions</name>
-          <state></state>
-        </option>
-        <option>
-          <name>IlinkLowLevelInterfaceSlave</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>IlinkAutoLibEnable</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>IlinkAdditionalLibs</name>
-          <state>$PROJ_DIR$\Debug\Exe\CyaSSL-Lib.a</state>
-        </option>
-        <option>
-          <name>IlinkOverrideProgramEntryLabel</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IlinkProgramEntryLabelSelect</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IlinkProgramEntryLabel</name>
-          <state>__iar_program_start</state>
-        </option>
-        <option>
-          <name>DoFill</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>FillerByte</name>
-          <state>0xFF</state>
-        </option>
-        <option>
-          <name>FillerStart</name>
-          <state>0x0</state>
-        </option>
-        <option>
-          <name>FillerEnd</name>
-          <state>0x0</state>
-        </option>
-        <option>
-          <name>CrcSize</name>
-          <version>0</version>
-          <state>1</state>
-        </option>
-        <option>
-          <name>CrcAlign</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>CrcPoly</name>
-          <state>0x11021</state>
-        </option>
-        <option>
-          <name>CrcCompl</name>
-          <version>0</version>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CrcBitOrder</name>
-          <version>0</version>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CrcInitialValue</name>
-          <state>0x0</state>
-        </option>
-        <option>
-          <name>DoCrc</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IlinkBE8Slave</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>IlinkBufferedTerminalOutput</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>IlinkStdoutInterfaceSlave</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>CrcFullSize</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IlinkIElfToolPostProcess</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IlinkLogAutoLibSelect</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IlinkLogRedirSymbols</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IlinkLogUnusedFragments</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IlinkCrcReverseByteOrder</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IlinkCrcUseAsInput</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>IlinkOptInline</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IlinkOptExceptionsAllow</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>IlinkOptExceptionsForce</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IlinkCmsis</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>IlinkOptMergeDuplSections</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IlinkOptUseVfe</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>IlinkOptForceVfe</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IlinkStackAnalysisEnable</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IlinkStackControlFile</name>
-          <state></state>
-        </option>
-        <option>
-          <name>IlinkStackCallGraphFile</name>
-          <state></state>
-        </option>
-        <option>
-          <name>CrcAlgorithm</name>
-          <version>0</version>
-          <state>1</state>
-        </option>
-        <option>
-          <name>CrcUnitSize</name>
-          <version>0</version>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IlinkThreadsSlave</name>
-          <state>1</state>
-        </option>
-      </data>
-    </settings>
-    <settings>
-      <name>IARCHIVE</name>
-      <archiveVersion>0</archiveVersion>
-      <data>
-        <version>0</version>
-        <wantNonLocal>1</wantNonLocal>
-        <debug>1</debug>
-        <option>
-          <name>IarchiveInputs</name>
-          <state></state>
-        </option>
-        <option>
-          <name>IarchiveOverride</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IarchiveOutput</name>
-          <state>###Unitialized###</state>
-        </option>
-      </data>
-    </settings>
-    <settings>
-      <name>BILINK</name>
-      <archiveVersion>0</archiveVersion>
-      <data/>
-    </settings>
-  </configuration>
-  <configuration>
-    <name>Release</name>
-    <toolchain>
-      <name>ARM</name>
-    </toolchain>
-    <debug>0</debug>
-    <settings>
-      <name>General</name>
-      <archiveVersion>3</archiveVersion>
-      <data>
-        <version>22</version>
-        <wantNonLocal>1</wantNonLocal>
-        <debug>0</debug>
-        <option>
-          <name>ExePath</name>
-          <state>Release\Exe</state>
-        </option>
-        <option>
-          <name>ObjPath</name>
-          <state>Release\Obj</state>
-        </option>
-        <option>
-          <name>ListPath</name>
-          <state>Release\List</state>
-        </option>
-        <option>
-          <name>Variant</name>
-          <version>20</version>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GEndianMode</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>Input variant</name>
-          <version>3</version>
-          <state>1</state>
-        </option>
-        <option>
-          <name>Input description</name>
-          <state>Full formatting.</state>
-        </option>
-        <option>
-          <name>Output variant</name>
-          <version>2</version>
-          <state>1</state>
-        </option>
-        <option>
-          <name>Output description</name>
-          <state>Full formatting.</state>
-        </option>
-        <option>
-          <name>GOutputBinary</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>FPU</name>
-          <version>2</version>
-          <state>0</state>
-        </option>
-        <option>
-          <name>OGCoreOrChip</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GRuntimeLibSelect</name>
-          <version>0</version>
-          <state>1</state>
-        </option>
-        <option>
-          <name>GRuntimeLibSelectSlave</name>
-          <version>0</version>
-          <state>1</state>
-        </option>
-        <option>
-          <name>RTDescription</name>
-          <state>Use the normal configuration of the C/C++ runtime library. No locale interface, C locale, no file descriptor support, no multibytes in printf and scanf, and no hex floats in strtod.</state>
-        </option>
-        <option>
-          <name>OGProductVersion</name>
-          <state>5.10.0.159</state>
-        </option>
-        <option>
-          <name>OGLastSavedByProductVersion</name>
-          <state>6.30.1.53141</state>
-        </option>
-        <option>
-          <name>GeneralEnableMisra</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GeneralMisraVerbose</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>OGChipSelectEditMenu</name>
-          <state>default	None</state>
-        </option>
-        <option>
-          <name>GenLowLevelInterface</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GEndianModeBE</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>OGBufferedTerminalOutput</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GenStdoutInterface</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GeneralMisraRules98</name>
-          <version>0</version>
-          <state>1000111110110101101110011100111111101110011011000101110111101101100111111111111100110011111001110111001111111111111111111111111</state>
-        </option>
-        <option>
-          <name>GeneralMisraVer</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GeneralMisraRules04</name>
-          <version>0</version>
-          <state>111101110010111111111000110111111111111111111111111110010111101111010101111111111111111111111111101111111011111001111011111011111111111111111</state>
-        </option>
-        <option>
-          <name>RTConfigPath2</name>
-          <state>$TOOLKIT_DIR$\INC\c\DLib_Config_Normal.h</state>
-        </option>
-        <option>
-          <name>GFPUCoreSlave</name>
-          <version>20</version>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GBECoreSlave</name>
-          <version>20</version>
-          <state>0</state>
-        </option>
-        <option>
-          <name>OGUseCmsis</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>OGUseCmsisDspLib</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>GRuntimeLibThreads</name>
-          <state>0</state>
-        </option>
-      </data>
-    </settings>
-    <settings>
-      <name>ICCARM</name>
-      <archiveVersion>2</archiveVersion>
-      <data>
-        <version>29</version>
-        <wantNonLocal>1</wantNonLocal>
-        <debug>0</debug>
-        <option>
-          <name>CCOptimizationNoSizeConstraints</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCDefines</name>
-          <state>NDEBUG</state>
-        </option>
-        <option>
-          <name>CCPreprocFile</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCPreprocComments</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCPreprocLine</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCListCFile</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCListCMnemonics</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCListCMessages</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCListAssFile</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCListAssSource</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCEnableRemarks</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCDiagSuppress</name>
-          <state></state>
-        </option>
-        <option>
-          <name>CCDiagRemark</name>
-          <state></state>
-        </option>
-        <option>
-          <name>CCDiagWarning</name>
-          <state></state>
-        </option>
-        <option>
-          <name>CCDiagError</name>
-          <state></state>
-        </option>
-        <option>
-          <name>CCObjPrefix</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>CCAllowList</name>
-          <version>1</version>
-          <state>1111111</state>
-        </option>
-        <option>
-          <name>CCDebugInfo</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IEndianMode</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>IProcessor</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>IExtraOptionsCheck</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IExtraOptions</name>
-          <state></state>
-        </option>
-        <option>
-          <name>CCLangConformance</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCSignedPlainChar</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>CCRequirePrototypes</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCMultibyteSupport</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCDiagWarnAreErr</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCCompilerRuntimeInfo</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IFpuProcessor</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>OutputFile</name>
-          <state>$FILE_BNAME$.o</state>
-        </option>
-        <option>
-          <name>CCLibConfigHeader</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>PreInclude</name>
-          <state></state>
-        </option>
-        <option>
-          <name>CompilerMisraOverride</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCIncludePath2</name>
-          <state></state>
-        </option>
-        <option>
-          <name>CCStdIncCheck</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCCodeSection</name>
-          <state>.text</state>
-        </option>
-        <option>
-          <name>IInterwork2</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>IProcessorMode2</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>CCOptLevel</name>
-          <state>3</state>
-        </option>
-        <option>
-          <name>CCOptStrategy</name>
-          <version>0</version>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCOptLevelSlave</name>
-          <state>3</state>
-        </option>
-        <option>
-          <name>CompilerMisraRules98</name>
-          <version>0</version>
-          <state>1000111110110101101110011100111111101110011011000101110111101101100111111111111100110011111001110111001111111111111111111111111</state>
-        </option>
-        <option>
-          <name>CompilerMisraRules04</name>
-          <version>0</version>
-          <state>111101110010111111111000110111111111111111111111111110010111101111010101111111111111111111111111101111111011111001111011111011111111111111111</state>
-        </option>
-        <option>
-          <name>CCPosIndRopi</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCPosIndRwpi</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCPosIndNoDynInit</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IccLang</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IccCDialect</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>IccAllowVLA</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IccCppDialect</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>IccExceptions</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>IccRTTI</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>IccStaticDestr</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>IccCppInlineSemantics</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IccCmsis</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>IccFloatSemantics</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCNoLiteralPool</name>
-          <state>0</state>
-        </option>
-      </data>
-    </settings>
-    <settings>
-      <name>AARM</name>
-      <archiveVersion>2</archiveVersion>
-      <data>
-        <version>9</version>
-        <wantNonLocal>1</wantNonLocal>
-        <debug>0</debug>
-        <option>
-          <name>AObjPrefix</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>AEndian</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>ACaseSensitivity</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>MacroChars</name>
-          <version>0</version>
-          <state>0</state>
-        </option>
-        <option>
-          <name>AWarnEnable</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>AWarnWhat</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>AWarnOne</name>
-          <state></state>
-        </option>
-        <option>
-          <name>AWarnRange1</name>
-          <state></state>
-        </option>
-        <option>
-          <name>AWarnRange2</name>
-          <state></state>
-        </option>
-        <option>
-          <name>ADebug</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>AltRegisterNames</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>ADefines</name>
-          <state></state>
-        </option>
-        <option>
-          <name>AList</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>AListHeader</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>AListing</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>Includes</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>MacDefs</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>MacExps</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>MacExec</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>OnlyAssed</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>MultiLine</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>PageLengthCheck</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>PageLength</name>
-          <state>80</state>
-        </option>
-        <option>
-          <name>TabSpacing</name>
-          <state>8</state>
-        </option>
-        <option>
-          <name>AXRef</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>AXRefDefines</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>AXRefInternal</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>AXRefDual</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>AProcessor</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>AFpuProcessor</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>AOutputFile</name>
-          <state>$FILE_BNAME$.o</state>
-        </option>
-        <option>
-          <name>AMultibyteSupport</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>ALimitErrorsCheck</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>ALimitErrorsEdit</name>
-          <state>100</state>
-        </option>
-        <option>
-          <name>AIgnoreStdInclude</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>AUserIncludes</name>
-          <state></state>
-        </option>
-        <option>
-          <name>AExtraOptionsCheckV2</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>AExtraOptionsV2</name>
-          <state></state>
-        </option>
-        <option>
-          <name>AsmNoLiteralPool</name>
-          <state>0</state>
-        </option>
-      </data>
-    </settings>
-    <settings>
-      <name>OBJCOPY</name>
-      <archiveVersion>0</archiveVersion>
-      <data>
-        <version>1</version>
-        <wantNonLocal>1</wantNonLocal>
-        <debug>0</debug>
-        <option>
-          <name>OOCOutputFormat</name>
-          <version>2</version>
-          <state>0</state>
-        </option>
-        <option>
-          <name>OCOutputOverride</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>OOCOutputFile</name>
-          <state>c.srec</state>
-        </option>
-        <option>
-          <name>OOCCommandLineProducer</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>OOCObjCopyEnable</name>
-          <state>0</state>
-        </option>
-      </data>
-    </settings>
-    <settings>
-      <name>CUSTOM</name>
-      <archiveVersion>3</archiveVersion>
-      <data>
-        <extensions></extensions>
-        <cmdline></cmdline>
-      </data>
-    </settings>
-    <settings>
-      <name>BICOMP</name>
-      <archiveVersion>0</archiveVersion>
-      <data/>
-    </settings>
-    <settings>
-      <name>BUILDACTION</name>
-      <archiveVersion>1</archiveVersion>
-      <data>
-        <prebuild></prebuild>
-        <postbuild></postbuild>
-      </data>
-    </settings>
-    <settings>
-      <name>ILINK</name>
-      <archiveVersion>0</archiveVersion>
-      <data>
-        <version>16</version>
-        <wantNonLocal>1</wantNonLocal>
-        <debug>0</debug>
-        <option>
-          <name>IlinkOutputFile</name>
-          <state>c.out</state>
-        </option>
-        <option>
-          <name>IlinkLibIOConfig</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>XLinkMisraHandler</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IlinkInputFileSlave</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IlinkDebugInfoEnable</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>IlinkKeepSymbols</name>
-          <state></state>
-        </option>
-        <option>
-          <name>IlinkRawBinaryFile</name>
-          <state></state>
-        </option>
-        <option>
-          <name>IlinkRawBinarySymbol</name>
-          <state></state>
-        </option>
-        <option>
-          <name>IlinkRawBinarySegment</name>
-          <state></state>
-        </option>
-        <option>
-          <name>IlinkRawBinaryAlign</name>
-          <state></state>
-        </option>
-        <option>
-          <name>IlinkDefines</name>
-          <state></state>
-        </option>
-        <option>
-          <name>IlinkConfigDefines</name>
-          <state></state>
-        </option>
-        <option>
-          <name>IlinkMapFile</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IlinkLogFile</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IlinkLogInitialization</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IlinkLogModule</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IlinkLogSection</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IlinkLogVeneer</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IlinkIcfOverride</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IlinkIcfFile</name>
-          <state>$TOOLKIT_DIR$\CONFIG\generic.icf</state>
-        </option>
-        <option>
-          <name>IlinkIcfFileSlave</name>
-          <state></state>
-        </option>
-        <option>
-          <name>IlinkEnableRemarks</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IlinkSuppressDiags</name>
-          <state></state>
-        </option>
-        <option>
-          <name>IlinkTreatAsRem</name>
-          <state></state>
-        </option>
-        <option>
-          <name>IlinkTreatAsWarn</name>
-          <state></state>
-        </option>
-        <option>
-          <name>IlinkTreatAsErr</name>
-          <state></state>
-        </option>
-        <option>
-          <name>IlinkWarningsAreErrors</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IlinkUseExtraOptions</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IlinkExtraOptions</name>
-          <state></state>
-        </option>
-        <option>
-          <name>IlinkLowLevelInterfaceSlave</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>IlinkAutoLibEnable</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>IlinkAdditionalLibs</name>
-          <state></state>
-        </option>
-        <option>
-          <name>IlinkOverrideProgramEntryLabel</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IlinkProgramEntryLabelSelect</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IlinkProgramEntryLabel</name>
-          <state></state>
-        </option>
-        <option>
-          <name>DoFill</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>FillerByte</name>
-          <state>0xFF</state>
-        </option>
-        <option>
-          <name>FillerStart</name>
-          <state>0x0</state>
-        </option>
-        <option>
-          <name>FillerEnd</name>
-          <state>0x0</state>
-        </option>
-        <option>
-          <name>CrcSize</name>
-          <version>0</version>
-          <state>1</state>
-        </option>
-        <option>
-          <name>CrcAlign</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>CrcPoly</name>
-          <state>0x11021</state>
-        </option>
-        <option>
-          <name>CrcCompl</name>
-          <version>0</version>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CrcBitOrder</name>
-          <version>0</version>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CrcInitialValue</name>
-          <state>0x0</state>
-        </option>
-        <option>
-          <name>DoCrc</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IlinkBE8Slave</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>IlinkBufferedTerminalOutput</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>IlinkStdoutInterfaceSlave</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>CrcFullSize</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IlinkIElfToolPostProcess</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IlinkLogAutoLibSelect</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IlinkLogRedirSymbols</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IlinkLogUnusedFragments</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IlinkCrcReverseByteOrder</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IlinkCrcUseAsInput</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>IlinkOptInline</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>IlinkOptExceptionsAllow</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>IlinkOptExceptionsForce</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IlinkCmsis</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>IlinkOptMergeDuplSections</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IlinkOptUseVfe</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>IlinkOptForceVfe</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IlinkStackAnalysisEnable</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IlinkStackControlFile</name>
-          <state></state>
-        </option>
-        <option>
-          <name>IlinkStackCallGraphFile</name>
-          <state></state>
-        </option>
-        <option>
-          <name>CrcAlgorithm</name>
-          <version>0</version>
-          <state>1</state>
-        </option>
-        <option>
-          <name>CrcUnitSize</name>
-          <version>0</version>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IlinkThreadsSlave</name>
-          <state>1</state>
-        </option>
-      </data>
-    </settings>
-    <settings>
-      <name>IARCHIVE</name>
-      <archiveVersion>0</archiveVersion>
-      <data>
-        <version>0</version>
-        <wantNonLocal>1</wantNonLocal>
-        <debug>0</debug>
-        <option>
-          <name>IarchiveInputs</name>
-          <state></state>
-        </option>
-        <option>
-          <name>IarchiveOverride</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IarchiveOutput</name>
-          <state>###Unitialized###</state>
-        </option>
-      </data>
-    </settings>
-    <settings>
-      <name>BILINK</name>
-      <archiveVersion>0</archiveVersion>
-      <data/>
-    </settings>
-  </configuration>
-  <file>
-    <name>$PROJ_DIR$\test-main.c</name>
-  </file>
-  <file>
-    <name>$PROJ_DIR$\..\..\..\..\ctaocrypt\test\test.c</name>
-  </file>
-</project>
-
-
diff --git a/IDE/IAR-EWARM/Projects/CyaSSL-Lib/wolfCrypt-test.icf b/IDE/IAR-EWARM/Projects/CyaSSL-Lib/wolfCrypt-test.icf
deleted file mode 100644
index 211d253d4..000000000
--- a/IDE/IAR-EWARM/Projects/CyaSSL-Lib/wolfCrypt-test.icf
+++ /dev/null
@@ -1,31 +0,0 @@
-/*###ICF### Section handled by ICF editor, don't touch! ****/
-/*-Editor annotation file-*/
-/* IcfEditorFile="$TOOLKIT_DIR$\config\ide\IcfEditor\cortex_v1_0.xml" */
-/*-Specials-*/
-define symbol __ICFEDIT_intvec_start__ = 0x0;
-/*-Memory Regions-*/
-define symbol __ICFEDIT_region_ROM_start__ = 0x0;
-define symbol __ICFEDIT_region_ROM_end__   = 0x000FFFFF;
-define symbol __ICFEDIT_region_RAM_start__ = 0x1FFF0000;
-define symbol __ICFEDIT_region_RAM_end__   = 0x2000FFFF;
-/*-Sizes-*/
-define symbol __ICFEDIT_size_cstack__ = 0x2000;
-define symbol __ICFEDIT_size_heap__   = 0x3000;
-/**** End of ICF editor section. ###ICF###*/
-
-
-define memory mem with size = 4G;
-define region ROM_region   = mem:[from __ICFEDIT_region_ROM_start__   to __ICFEDIT_region_ROM_end__];
-define region RAM_region   = mem:[from __ICFEDIT_region_RAM_start__   to __ICFEDIT_region_RAM_end__];
-
-define block CSTACK    with alignment = 8, size = __ICFEDIT_size_cstack__   { };
-define block HEAP      with alignment = 8, size = __ICFEDIT_size_heap__     { };
-
-initialize by copy { readwrite };
-do not initialize  { section .noinit };
-
-place at address mem:__ICFEDIT_intvec_start__ { readonly section .intvec };
-
-place in ROM_region   { readonly };
-place in RAM_region   { readwrite,
-                        block CSTACK, block HEAP };
\ No newline at end of file
diff --git a/IDE/IAR-EWARM/Projects/CyaSSL-Lib/benchmark-main.c b/IDE/IAR-EWARM/Projects/benchmark/benchmark-main.c
similarity index 88%
rename from IDE/IAR-EWARM/Projects/CyaSSL-Lib/benchmark-main.c
rename to IDE/IAR-EWARM/Projects/benchmark/benchmark-main.c
index 113fc4d23..d8f559d4c 100644
--- a/IDE/IAR-EWARM/Projects/CyaSSL-Lib/benchmark-main.c
+++ b/IDE/IAR-EWARM/Projects/benchmark/benchmark-main.c
@@ -19,7 +19,11 @@
  * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
  */
 
-#include "stdio.h"
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#include <wolfssl/wolfcrypt/settings.h>
 
 typedef struct func_args {
     int    argc;
@@ -29,6 +33,7 @@ typedef struct func_args {
 
 func_args args = { 0 } ;
 
+extern double current_time(int reset) ;
 extern int benchmark_test(void *args) ;
 
 main(void) {
@@ -37,4 +42,3 @@ main(void) {
 }
 
 
-
diff --git a/IDE/IAR-EWARM/Projects/benchmark/current_time.c b/IDE/IAR-EWARM/Projects/benchmark/current_time.c
new file mode 100644
index 000000000..7d42cfc02
--- /dev/null
+++ b/IDE/IAR-EWARM/Projects/benchmark/current_time.c
@@ -0,0 +1,66 @@
+/* current-time.c
+ *
+ * Copyright (C) 2006-2015 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL. (formerly known as CyaSSL)
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#include <wolfssl/wolfcrypt/settings.h>
+
+#ifdef WOLFSSL_TI_CURRTIME
+#include <stdio.h>
+#include <stdbool.h>
+#include <stdint.h>
+
+#include "inc/hw_ints.h"
+#include "inc/hw_memmap.h"
+#include "inc/hw_timer.h"
+#include "driverlib/rom.h"
+#include "driverlib/sysctl.h"
+#include "driverlib/timer.h"
+
+void InitTimer(void) {
+    uint32_t ui32SysClock = SysCtlClockFreqSet((SYSCTL_XTAL_25MHZ |
+                                       SYSCTL_OSC_MAIN |
+                                       SYSCTL_USE_PLL |
+                                       SYSCTL_CFG_VCO_480), 120000000);
+
+    printf("Clock=%dMHz\n", ui32SysClock/1000000) ;
+    ROM_SysCtlPeripheralEnable(SYSCTL_PERIPH_TIMER0);
+    ROM_TimerConfigure(TIMER0_BASE, TIMER_CFG_PERIODIC);
+    ROM_TimerLoadSet(TIMER0_BASE, TIMER_A, -1);
+    ROM_TimerEnable(TIMER0_BASE, TIMER_A);
+}
+
+static int initFlag = false ;
+double current_time(int reset)
+{   
+    if(!initFlag)InitTimer() ;
+    initFlag = true ;
+    if(reset)ROM_TimerLoadSet(TIMER0_BASE, TIMER_A, -1);
+    return (double)(-(int)ROM_TimerValueGet(TIMER0_BASE, TIMER_A ))/120000000.0 ;
+}
+
+#else
+
+double current_time(int reset) { return 0.0 ; }
+
+#endif
\ No newline at end of file
diff --git a/IDE/IAR-EWARM/Projects/CyaSSL-Lib/wolfCrypt-benchmark.ewd b/IDE/IAR-EWARM/Projects/benchmark/wolfCrypt-benchmark.ewd
similarity index 50%
rename from IDE/IAR-EWARM/Projects/CyaSSL-Lib/wolfCrypt-benchmark.ewd
rename to IDE/IAR-EWARM/Projects/benchmark/wolfCrypt-benchmark.ewd
index 0bf90e8eb..3f908a2d3 100644
--- a/IDE/IAR-EWARM/Projects/CyaSSL-Lib/wolfCrypt-benchmark.ewd
+++ b/IDE/IAR-EWARM/Projects/benchmark/wolfCrypt-benchmark.ewd
@@ -12,7 +12,7 @@
       <name>C-SPY</name>
       <archiveVersion>2</archiveVersion>
       <data>
-        <version>25</version>
+        <version>26</version>
         <wantNonLocal>1</wantNonLocal>
         <debug>1</debug>
         <option>
@@ -77,11 +77,11 @@
         </option>
         <option>
           <name>OCDownloadVerifyAll</name>
-          <state>0</state>
+          <state>1</state>
         </option>
         <option>
           <name>OCProductVersion</name>
-          <state>6.60.1.5099</state>
+          <state>5.11.0.50579</state>
         </option>
         <option>
           <name>OCDynDriverList</name>
@@ -89,7 +89,7 @@
         </option>
         <option>
           <name>OCLastSavedByProductVersion</name>
-          <state>6.60.1.5099</state>
+          <state>7.40.1.8463</state>
         </option>
         <option>
           <name>OCDownloadAttachToProgram</name>
@@ -183,6 +183,30 @@
           <name>OCAllMTBOptions</name>
           <state>1</state>
         </option>
+        <option>
+          <name>OCMulticoreNrOfCores</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>OCMulticoreMaster</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>OCMulticorePort</name>
+          <state>53461</state>
+        </option>
+        <option>
+          <name>OCMulticoreWorkspace</name>
+          <state></state>
+        </option>
+        <option>
+          <name>OCMulticoreSlaveProject</name>
+          <state></state>
+        </option>
+        <option>
+          <name>OCMulticoreSlaveConfiguration</name>
+          <state></state>
+        </option>
       </data>
     </settings>
     <settings>
@@ -245,7 +269,7 @@
         </option>
         <option>
           <name>AngelLogFile</name>
-          <state>$PROJ_DIR$\cspycomm.log</state>
+          <state>$TOOLKIT_DIR$\cspycomm.log</state>
         </option>
         <option>
           <name>OCDriverInfo</name>
@@ -257,7 +281,7 @@
       <name>CMSISDAP_ID</name>
       <archiveVersion>2</archiveVersion>
       <data>
-        <version>0</version>
+        <version>2</version>
         <wantNonLocal>1</wantNonLocal>
         <debug>1</debug>
         <option>
@@ -295,7 +319,7 @@
         </option>
         <option>
           <name>CMSISDAPInterfaceRadio</name>
-          <state>0</state>
+          <state>1</state>
         </option>
         <option>
           <name>CMSISDAPInterfaceCmdLine</name>
@@ -332,7 +356,7 @@
         </option>
         <option>
           <name>RDICatchUndef</name>
-          <state>0</state>
+          <state>1</state>
         </option>
         <option>
           <name>RDICatchSWI</name>
@@ -340,11 +364,11 @@
         </option>
         <option>
           <name>RDICatchData</name>
-          <state>0</state>
+          <state>1</state>
         </option>
         <option>
           <name>RDICatchPrefetch</name>
-          <state>0</state>
+          <state>1</state>
         </option>
         <option>
           <name>RDICatchIRQ</name>
@@ -360,31 +384,31 @@
         </option>
         <option>
           <name>CatchMMERR</name>
-          <state>0</state>
+          <state>1</state>
         </option>
         <option>
           <name>CatchNOCPERR</name>
-          <state>0</state>
+          <state>1</state>
         </option>
         <option>
           <name>CatchCHKERR</name>
-          <state>0</state>
+          <state>1</state>
         </option>
         <option>
           <name>CatchSTATERR</name>
-          <state>0</state>
+          <state>1</state>
         </option>
         <option>
           <name>CatchBUSERR</name>
-          <state>0</state>
+          <state>1</state>
         </option>
         <option>
           <name>CatchINTERR</name>
-          <state>0</state>
+          <state>1</state>
         </option>
         <option>
           <name>CatchHARDERR</name>
-          <state>0</state>
+          <state>1</state>
         </option>
         <option>
           <name>CatchDummy</name>
@@ -398,6 +422,30 @@
           <name>CMSISDAPMultiCPUNumber</name>
           <state>0</state>
         </option>
+        <option>
+          <name>OCProbeCfgOverride</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>OCProbeConfig</name>
+          <state></state>
+        </option>
+        <option>
+          <name>CMSISDAPProbeConfigRadio</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CMSISDAPSelectedCPUBehaviour</name>
+          <state></state>
+        </option>
+        <option>
+          <name>ICpuName</name>
+          <state></state>
+        </option>
+        <option>
+          <name>OCJetEmuParams</name>
+          <state>1</state>
+        </option>
       </data>
     </settings>
     <settings>
@@ -421,7 +469,7 @@
         </option>
         <option>
           <name>LogFile</name>
-          <state>$PROJ_DIR$\cspycomm.log</state>
+          <state>$TOOLKIT_DIR$\cspycomm.log</state>
         </option>
         <option>
           <name>CCJTagBreakpointRadio</name>
@@ -433,1305 +481,8 @@
         </option>
         <option>
           <name>CCJTagUpdateBreakpoints</name>
-          <state>_call_main</state>
-        </option>
-      </data>
-    </settings>
-    <settings>
-      <name>IARROM_ID</name>
-      <archiveVersion>2</archiveVersion>
-      <data>
-        <version>1</version>
-        <wantNonLocal>1</wantNonLocal>
-        <debug>1</debug>
-        <option>
-          <name>CRomLogFileCheck</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CRomLogFileEditB</name>
-          <state>$PROJ_DIR$\cspycomm.log</state>
-        </option>
-        <option>
-          <name>CRomCommPort</name>
-          <version>0</version>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CRomCommBaud</name>
-          <version>0</version>
-          <state>7</state>
-        </option>
-        <option>
-          <name>OCDriverInfo</name>
-          <state>1</state>
-        </option>
-      </data>
-    </settings>
-    <settings>
-      <name>IJET_ID</name>
-      <archiveVersion>2</archiveVersion>
-      <data>
-        <version>2</version>
-        <wantNonLocal>1</wantNonLocal>
-        <debug>1</debug>
-        <option>
-          <name>OCDriverInfo</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>IjetAttachSlave</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>OCIarProbeScriptFile</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>IjetResetList</name>
-          <version>1</version>
-          <state>10</state>
-        </option>
-        <option>
-          <name>IjetHWResetDuration</name>
-          <state>300</state>
-        </option>
-        <option>
-          <name>IjetHWResetDelay</name>
-          <state>200</state>
-        </option>
-        <option>
-          <name>IjetPowerFromProbe</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>IjetPowerRadio</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IjetDoLogfile</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IjetLogFile</name>
-          <state>$PROJ_DIR$\cspycomm.log</state>
-        </option>
-        <option>
-          <name>IjetInterfaceRadio</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IjetInterfaceCmdLine</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IjetMultiTargetEnable</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IjetMultiTarget</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IjetScanChainNonARMDevices</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IjetIRLength</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IjetJtagSpeedList</name>
-          <version>0</version>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IjetProtocolRadio</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IjetSwoPin</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IjetCpuClockEdit</name>
-          <state>72.0</state>
-        </option>
-        <option>
-          <name>IjetSwoPrescalerList</name>
-          <version>1</version>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IjetBreakpointRadio</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IjetRestoreBreakpointsCheck</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IjetUpdateBreakpointsEdit</name>
-          <state>_call_main</state>
-        </option>
-        <option>
-          <name>RDICatchReset</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>RDICatchUndef</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>RDICatchSWI</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>RDICatchData</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>RDICatchPrefetch</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>RDICatchIRQ</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>RDICatchFIQ</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CatchCORERESET</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CatchMMERR</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>CatchNOCPERR</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>CatchCHKERR</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>CatchSTATERR</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>CatchBUSERR</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>CatchINTERR</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>CatchHARDERR</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>CatchDummy</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>OCProbeCfgOverride</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>OCProbeConfig</name>
-          <state></state>
-        </option>
-        <option>
-          <name>IjetProbeConfigRadio</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IjetMultiCPUEnable</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IjetMultiCPUNumber</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>IjetSelectedCPUBehaviour</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>ICpuName</name>
-          <state></state>
-        </option>
-      </data>
-    </settings>
-    <settings>
-      <name>JLINK_ID</name>
-      <archiveVersion>2</archiveVersion>
-      <data>
-        <version>15</version>
-        <wantNonLocal>1</wantNonLocal>
-        <debug>1</debug>
-        <option>
-          <name>JLinkSpeed</name>
-          <state>32</state>
-        </option>
-        <option>
-          <name>CCJLinkDoLogfile</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCJLinkLogFile</name>
-          <state>$PROJ_DIR$\cspycomm.log</state>
-        </option>
-        <option>
-          <name>CCJLinkHWResetDelay</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>OCDriverInfo</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>JLinkInitialSpeed</name>
-          <state>32</state>
-        </option>
-        <option>
-          <name>CCDoJlinkMultiTarget</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCScanChainNonARMDevices</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCJLinkMultiTarget</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCJLinkIRLength</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCJLinkCommRadio</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCJLinkTCPIP</name>
-          <state>aaa.bbb.ccc.ddd</state>
-        </option>
-        <option>
-          <name>CCJLinkSpeedRadioV2</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCUSBDevice</name>
-          <version>1</version>
-          <state>1</state>
-        </option>
-        <option>
-          <name>CCRDICatchReset</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCRDICatchUndef</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCRDICatchSWI</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCRDICatchData</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCRDICatchPrefetch</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCRDICatchIRQ</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCRDICatchFIQ</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCJLinkBreakpointRadio</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCJLinkDoUpdateBreakpoints</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCJLinkUpdateBreakpoints</name>
-          <state>_call_main</state>
-        </option>
-        <option>
-          <name>CCJLinkInterfaceRadio</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>OCJLinkAttachSlave</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>CCJLinkResetList</name>
-          <version>6</version>
-          <state>7</state>
-        </option>
-        <option>
-          <name>CCJLinkInterfaceCmdLine</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCCatchCORERESET</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCCatchMMERR</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCCatchNOCPERR</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCCatchCHRERR</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCCatchSTATERR</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCCatchBUSERR</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCCatchINTERR</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCCatchHARDERR</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCCatchDummy</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>OCJLinkScriptFile</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>CCJLinkUsbSerialNo</name>
-          <state></state>
-        </option>
-        <option>
-          <name>CCTcpIpAlt</name>
-          <version>0</version>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCJLinkTcpIpSerialNo</name>
-          <state></state>
-        </option>
-        <option>
-          <name>CCCpuClockEdit</name>
-          <state>72.0</state>
-        </option>
-        <option>
-          <name>CCSwoClockAuto</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCSwoClockEdit</name>
-          <state>2000</state>
-        </option>
-        <option>
-          <name>OCJLinkTraceSource</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>OCJLinkTraceSourceDummy</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>OCJLinkDeviceName</name>
-          <state>1</state>
-        </option>
-      </data>
-    </settings>
-    <settings>
-      <name>LMIFTDI_ID</name>
-      <archiveVersion>2</archiveVersion>
-      <data>
-        <version>2</version>
-        <wantNonLocal>1</wantNonLocal>
-        <debug>1</debug>
-        <option>
-          <name>OCDriverInfo</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>LmiftdiSpeed</name>
-          <state>500</state>
-        </option>
-        <option>
-          <name>CCLmiftdiDoLogfile</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCLmiftdiLogFile</name>
-          <state>$PROJ_DIR$\cspycomm.log</state>
-        </option>
-        <option>
-          <name>CCLmiFtdiInterfaceRadio</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCLmiFtdiInterfaceCmdLine</name>
-          <state>0</state>
-        </option>
-      </data>
-    </settings>
-    <settings>
-      <name>MACRAIGOR_ID</name>
-      <archiveVersion>2</archiveVersion>
-      <data>
-        <version>3</version>
-        <wantNonLocal>1</wantNonLocal>
-        <debug>1</debug>
-        <option>
-          <name>jtag</name>
-          <version>0</version>
-          <state>0</state>
-        </option>
-        <option>
-          <name>EmuSpeed</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>TCPIP</name>
-          <state>aaa.bbb.ccc.ddd</state>
-        </option>
-        <option>
-          <name>DoLogfile</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>LogFile</name>
-          <state>$PROJ_DIR$\cspycomm.log</state>
-        </option>
-        <option>
-          <name>DoEmuMultiTarget</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>EmuMultiTarget</name>
-          <state>0@ARM7TDMI</state>
-        </option>
-        <option>
-          <name>EmuHWReset</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CEmuCommBaud</name>
-          <version>0</version>
-          <state>4</state>
-        </option>
-        <option>
-          <name>CEmuCommPort</name>
-          <version>0</version>
-          <state>0</state>
-        </option>
-        <option>
-          <name>jtago</name>
-          <version>0</version>
-          <state>0</state>
-        </option>
-        <option>
-          <name>OCDriverInfo</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>UnusedAddr</name>
-          <state>0x00800000</state>
-        </option>
-        <option>
-          <name>CCMacraigorHWResetDelay</name>
-          <state></state>
-        </option>
-        <option>
-          <name>CCJTagBreakpointRadio</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCJTagDoUpdateBreakpoints</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCJTagUpdateBreakpoints</name>
-          <state>_call_main</state>
-        </option>
-        <option>
-          <name>CCMacraigorInterfaceRadio</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCMacraigorInterfaceCmdLine</name>
-          <state>0</state>
-        </option>
-      </data>
-    </settings>
-    <settings>
-      <name>PEMICRO_ID</name>
-      <archiveVersion>2</archiveVersion>
-      <data>
-        <version>1</version>
-        <wantNonLocal>1</wantNonLocal>
-        <debug>1</debug>
-        <option>
-          <name>OCDriverInfo</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>OCPEMicroAttachSlave</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>CCPEMicroInterfaceList</name>
-          <version>0</version>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCPEMicroResetDelay</name>
-          <state></state>
-        </option>
-        <option>
-          <name>CCPEMicroJtagSpeed</name>
-          <state>5000</state>
-        </option>
-        <option>
-          <name>CCJPEMicroShowSettings</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>DoLogfile</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>LogFile</name>
-          <state>$PROJ_DIR$\cspycomm.log</state>
-        </option>
-        <option>
-          <name>CCPEMicroUSBDevice</name>
-          <version>0</version>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCPEMicroSerialPort</name>
-          <version>0</version>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCJPEMicroTCPIPAutoScanNetwork</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>CCPEMicroTCPIP</name>
-          <state>10.0.0.1</state>
-        </option>
-        <option>
-          <name>CCPEMicroCommCmdLineProducer</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCSTLinkInterfaceRadio</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCSTLinkInterfaceCmdLine</name>
-          <state>0</state>
-        </option>
-      </data>
-    </settings>
-    <settings>
-      <name>RDI_ID</name>
-      <archiveVersion>2</archiveVersion>
-      <data>
-        <version>2</version>
-        <wantNonLocal>1</wantNonLocal>
-        <debug>1</debug>
-        <option>
-          <name>CRDIDriverDll</name>
-          <state>###Uninitialized###</state>
-        </option>
-        <option>
-          <name>CRDILogFileCheck</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CRDILogFileEdit</name>
-          <state>$PROJ_DIR$\cspycomm.log</state>
-        </option>
-        <option>
-          <name>CCRDIHWReset</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCRDICatchReset</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCRDICatchUndef</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCRDICatchSWI</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCRDICatchData</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCRDICatchPrefetch</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCRDICatchIRQ</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCRDICatchFIQ</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>OCDriverInfo</name>
-          <state>1</state>
-        </option>
-      </data>
-    </settings>
-    <settings>
-      <name>STLINK_ID</name>
-      <archiveVersion>2</archiveVersion>
-      <data>
-        <version>2</version>
-        <wantNonLocal>1</wantNonLocal>
-        <debug>1</debug>
-        <option>
-          <name>OCDriverInfo</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>CCSTLinkInterfaceRadio</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCSTLinkInterfaceCmdLine</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCSTLinkResetList</name>
-          <version>1</version>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCCpuClockEdit</name>
-          <state>72.0</state>
-        </option>
-        <option>
-          <name>CCSwoClockAuto</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCSwoClockEdit</name>
-          <state>2000</state>
-        </option>
-      </data>
-    </settings>
-    <settings>
-      <name>THIRDPARTY_ID</name>
-      <archiveVersion>2</archiveVersion>
-      <data>
-        <version>0</version>
-        <wantNonLocal>1</wantNonLocal>
-        <debug>1</debug>
-        <option>
-          <name>CThirdPartyDriverDll</name>
-          <state>###Uninitialized###</state>
-        </option>
-        <option>
-          <name>CThirdPartyLogFileCheck</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CThirdPartyLogFileEditB</name>
-          <state>$PROJ_DIR$\cspycomm.log</state>
-        </option>
-        <option>
-          <name>OCDriverInfo</name>
-          <state>1</state>
-        </option>
-      </data>
-    </settings>
-    <settings>
-      <name>XDS100_ID</name>
-      <archiveVersion>2</archiveVersion>
-      <data>
-        <version>2</version>
-        <wantNonLocal>1</wantNonLocal>
-        <debug>1</debug>
-        <option>
-          <name>OCDriverInfo</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>OCXDS100AttachSlave</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>TIPackageOverride</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>TIPackage</name>
-          <state></state>
-        </option>
-        <option>
-          <name>CCXds100InterfaceList</name>
-          <version>1</version>
-          <state>0</state>
-        </option>
-        <option>
-          <name>BoardFile</name>
-          <state></state>
-        </option>
-        <option>
-          <name>DoLogfile</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>LogFile</name>
-          <state>$PROJ_DIR$\cspycomm.log</state>
-        </option>
-      </data>
-    </settings>
-    <debuggerPlugins>
-      <plugin>
-        <file>$TOOLKIT_DIR$\plugins\middleware\HCCWare\HCCWare.ewplugin</file>
-        <loadFlag>0</loadFlag>
-      </plugin>
-      <plugin>
-        <file>$TOOLKIT_DIR$\plugins\rtos\AVIX\AVIX.ENU.ewplugin</file>
-        <loadFlag>0</loadFlag>
-      </plugin>
-      <plugin>
-        <file>$TOOLKIT_DIR$\plugins\rtos\CMX\CmxArmPlugin.ENU.ewplugin</file>
-        <loadFlag>0</loadFlag>
-      </plugin>
-      <plugin>
-        <file>$TOOLKIT_DIR$\plugins\rtos\CMX\CmxTinyArmPlugin.ENU.ewplugin</file>
-        <loadFlag>0</loadFlag>
-      </plugin>
-      <plugin>
-        <file>$TOOLKIT_DIR$\plugins\rtos\embOS\embOSPlugin.ewplugin</file>
-        <loadFlag>0</loadFlag>
-      </plugin>
-      <plugin>
-        <file>$TOOLKIT_DIR$\plugins\rtos\MQX\MQXRtosPlugin.ewplugin</file>
-        <loadFlag>0</loadFlag>
-      </plugin>
-      <plugin>
-        <file>$TOOLKIT_DIR$\plugins\rtos\OpenRTOS\OpenRTOSPlugin.ewplugin</file>
-        <loadFlag>0</loadFlag>
-      </plugin>
-      <plugin>
-        <file>$TOOLKIT_DIR$\plugins\rtos\PowerPac\PowerPacRTOS.ewplugin</file>
-        <loadFlag>0</loadFlag>
-      </plugin>
-      <plugin>
-        <file>$TOOLKIT_DIR$\plugins\rtos\Quadros\Quadros_EWB6_Plugin.ewplugin</file>
-        <loadFlag>0</loadFlag>
-      </plugin>
-      <plugin>
-        <file>$TOOLKIT_DIR$\plugins\rtos\SafeRTOS\SafeRTOSPlugin.ewplugin</file>
-        <loadFlag>0</loadFlag>
-      </plugin>
-      <plugin>
-        <file>$TOOLKIT_DIR$\plugins\rtos\ThreadX\ThreadXArmPlugin.ENU.ewplugin</file>
-        <loadFlag>0</loadFlag>
-      </plugin>
-      <plugin>
-        <file>$TOOLKIT_DIR$\plugins\rtos\uCOS-II\uCOS-II-286-KA-CSpy.ewplugin</file>
-        <loadFlag>0</loadFlag>
-      </plugin>
-      <plugin>
-        <file>$TOOLKIT_DIR$\plugins\rtos\uCOS-II\uCOS-II-KA-CSpy.ewplugin</file>
-        <loadFlag>0</loadFlag>
-      </plugin>
-      <plugin>
-        <file>$TOOLKIT_DIR$\plugins\rtos\uCOS-III\uCOS-III-KA-CSpy.ewplugin</file>
-        <loadFlag>0</loadFlag>
-      </plugin>
-      <plugin>
-        <file>$EW_DIR$\common\plugins\CodeCoverage\CodeCoverage.ENU.ewplugin</file>
-        <loadFlag>1</loadFlag>
-      </plugin>
-      <plugin>
-        <file>$EW_DIR$\common\plugins\Orti\Orti.ENU.ewplugin</file>
-        <loadFlag>0</loadFlag>
-      </plugin>
-      <plugin>
-        <file>$EW_DIR$\common\plugins\SymList\SymList.ENU.ewplugin</file>
-        <loadFlag>1</loadFlag>
-      </plugin>
-      <plugin>
-        <file>$EW_DIR$\common\plugins\uCProbe\uCProbePlugin.ENU.ewplugin</file>
-        <loadFlag>0</loadFlag>
-      </plugin>
-    </debuggerPlugins>
-  </configuration>
-  <configuration>
-    <name>Release</name>
-    <toolchain>
-      <name>ARM</name>
-    </toolchain>
-    <debug>0</debug>
-    <settings>
-      <name>C-SPY</name>
-      <archiveVersion>2</archiveVersion>
-      <data>
-        <version>25</version>
-        <wantNonLocal>1</wantNonLocal>
-        <debug>0</debug>
-        <option>
-          <name>CInput</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>CEndian</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>CProcessor</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>OCVariant</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>MacOverride</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>MacFile</name>
-          <state></state>
-        </option>
-        <option>
-          <name>MemOverride</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>MemFile</name>
-          <state></state>
-        </option>
-        <option>
-          <name>RunToEnable</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>RunToName</name>
           <state>main</state>
         </option>
-        <option>
-          <name>CExtraOptionsCheck</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CExtraOptions</name>
-          <state></state>
-        </option>
-        <option>
-          <name>CFpuProcessor</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>OCDDFArgumentProducer</name>
-          <state></state>
-        </option>
-        <option>
-          <name>OCDownloadSuppressDownload</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>OCDownloadVerifyAll</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>OCProductVersion</name>
-          <state>6.60.1.5099</state>
-        </option>
-        <option>
-          <name>OCDynDriverList</name>
-          <state>ARMSIM_ID</state>
-        </option>
-        <option>
-          <name>OCLastSavedByProductVersion</name>
-          <state></state>
-        </option>
-        <option>
-          <name>OCDownloadAttachToProgram</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>UseFlashLoader</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CLowLevel</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>OCBE8Slave</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>MacFile2</name>
-          <state></state>
-        </option>
-        <option>
-          <name>CDevice</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>FlashLoadersV3</name>
-          <state></state>
-        </option>
-        <option>
-          <name>OCImagesSuppressCheck1</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>OCImagesPath1</name>
-          <state></state>
-        </option>
-        <option>
-          <name>OCImagesSuppressCheck2</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>OCImagesPath2</name>
-          <state></state>
-        </option>
-        <option>
-          <name>OCImagesSuppressCheck3</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>OCImagesPath3</name>
-          <state></state>
-        </option>
-        <option>
-          <name>OverrideDefFlashBoard</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>OCImagesOffset1</name>
-          <state></state>
-        </option>
-        <option>
-          <name>OCImagesOffset2</name>
-          <state></state>
-        </option>
-        <option>
-          <name>OCImagesOffset3</name>
-          <state></state>
-        </option>
-        <option>
-          <name>OCImagesUse1</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>OCImagesUse2</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>OCImagesUse3</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>OCDeviceConfigMacroFile</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>OCDebuggerExtraOption</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>OCAllMTBOptions</name>
-          <state>1</state>
-        </option>
-      </data>
-    </settings>
-    <settings>
-      <name>ARMSIM_ID</name>
-      <archiveVersion>2</archiveVersion>
-      <data>
-        <version>1</version>
-        <wantNonLocal>1</wantNonLocal>
-        <debug>0</debug>
-        <option>
-          <name>OCSimDriverInfo</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>OCSimEnablePSP</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>OCSimPspOverrideConfig</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>OCSimPspConfigFile</name>
-          <state></state>
-        </option>
-      </data>
-    </settings>
-    <settings>
-      <name>ANGEL_ID</name>
-      <archiveVersion>2</archiveVersion>
-      <data>
-        <version>0</version>
-        <wantNonLocal>1</wantNonLocal>
-        <debug>0</debug>
-        <option>
-          <name>CCAngelHeartbeat</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>CAngelCommunication</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>CAngelCommBaud</name>
-          <version>0</version>
-          <state>3</state>
-        </option>
-        <option>
-          <name>CAngelCommPort</name>
-          <version>0</version>
-          <state>0</state>
-        </option>
-        <option>
-          <name>ANGELTCPIP</name>
-          <state>aaa.bbb.ccc.ddd</state>
-        </option>
-        <option>
-          <name>DoAngelLogfile</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>AngelLogFile</name>
-          <state>$PROJ_DIR$\cspycomm.log</state>
-        </option>
-        <option>
-          <name>OCDriverInfo</name>
-          <state>1</state>
-        </option>
-      </data>
-    </settings>
-    <settings>
-      <name>CMSISDAP_ID</name>
-      <archiveVersion>2</archiveVersion>
-      <data>
-        <version>0</version>
-        <wantNonLocal>1</wantNonLocal>
-        <debug>0</debug>
-        <option>
-          <name>OCDriverInfo</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>CMSISDAPAttachSlave</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>OCIarProbeScriptFile</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>CMSISDAPResetList</name>
-          <version>1</version>
-          <state>10</state>
-        </option>
-        <option>
-          <name>CMSISDAPHWResetDuration</name>
-          <state>300</state>
-        </option>
-        <option>
-          <name>CMSISDAPHWResetDelay</name>
-          <state>200</state>
-        </option>
-        <option>
-          <name>CMSISDAPDoLogfile</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CMSISDAPLogFile</name>
-          <state>$PROJ_DIR$\cspycomm.log</state>
-        </option>
-        <option>
-          <name>CMSISDAPInterfaceRadio</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CMSISDAPInterfaceCmdLine</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CMSISDAPMultiTargetEnable</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CMSISDAPMultiTarget</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CMSISDAPJtagSpeedList</name>
-          <version>0</version>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CMSISDAPBreakpointRadio</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CMSISDAPRestoreBreakpointsCheck</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CMSISDAPUpdateBreakpointsEdit</name>
-          <state>_call_main</state>
-        </option>
-        <option>
-          <name>RDICatchReset</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>RDICatchUndef</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>RDICatchSWI</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>RDICatchData</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>RDICatchPrefetch</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>RDICatchIRQ</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>RDICatchFIQ</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CatchCORERESET</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CatchMMERR</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CatchNOCPERR</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CatchCHKERR</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CatchSTATERR</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CatchBUSERR</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CatchINTERR</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CatchHARDERR</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CatchDummy</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CMSISDAPMultiCPUEnable</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CMSISDAPMultiCPUNumber</name>
-          <state>0</state>
-        </option>
-      </data>
-    </settings>
-    <settings>
-      <name>GDBSERVER_ID</name>
-      <archiveVersion>2</archiveVersion>
-      <data>
-        <version>0</version>
-        <wantNonLocal>1</wantNonLocal>
-        <debug>0</debug>
-        <option>
-          <name>OCDriverInfo</name>
-          <state>1</state>
-        </option>
-        <option>
-          <name>TCPIP</name>
-          <state>aaa.bbb.ccc.ddd</state>
-        </option>
-        <option>
-          <name>DoLogfile</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>LogFile</name>
-          <state>$PROJ_DIR$\cspycomm.log</state>
-        </option>
-        <option>
-          <name>CCJTagBreakpointRadio</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCJTagDoUpdateBreakpoints</name>
-          <state>0</state>
-        </option>
-        <option>
-          <name>CCJTagUpdateBreakpoints</name>
-          <state>_call_main</state>
-        </option>
       </data>
     </settings>
     <settings>
@@ -1740,14 +491,14 @@
       <data>
         <version>1</version>
         <wantNonLocal>1</wantNonLocal>
-        <debug>0</debug>
+        <debug>1</debug>
         <option>
           <name>CRomLogFileCheck</name>
           <state>0</state>
         </option>
         <option>
           <name>CRomLogFileEditB</name>
-          <state>$PROJ_DIR$\cspycomm.log</state>
+          <state>$TOOLKIT_DIR$\cspycomm.log</state>
         </option>
         <option>
           <name>CRomCommPort</name>
@@ -1769,9 +520,9 @@
       <name>IJET_ID</name>
       <archiveVersion>2</archiveVersion>
       <data>
-        <version>2</version>
+        <version>6</version>
         <wantNonLocal>1</wantNonLocal>
-        <debug>0</debug>
+        <debug>1</debug>
         <option>
           <name>OCDriverInfo</name>
           <state>1</state>
@@ -1963,6 +714,28 @@
           <name>ICpuName</name>
           <state></state>
         </option>
+        <option>
+          <name>OCJetEmuParams</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>IjetPreferETB</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>IjetTraceSettingsList</name>
+          <version>0</version>
+          <state>0</state>
+        </option>
+        <option>
+          <name>IjetTraceSizeList</name>
+          <version>0</version>
+          <state>2</state>
+        </option>
+        <option>
+          <name>FlashBoardPathSlave</name>
+          <state>0</state>
+        </option>
       </data>
     </settings>
     <settings>
@@ -1971,7 +744,7 @@
       <data>
         <version>15</version>
         <wantNonLocal>1</wantNonLocal>
-        <debug>0</debug>
+        <debug>1</debug>
         <option>
           <name>JLinkSpeed</name>
           <state>32</state>
@@ -1982,7 +755,7 @@
         </option>
         <option>
           <name>CCJLinkLogFile</name>
-          <state>$PROJ_DIR$\cspycomm.log</state>
+          <state>$TOOLKIT_DIR$\cspycomm.log</state>
         </option>
         <option>
           <name>CCJLinkHWResetDelay</name>
@@ -2067,7 +840,7 @@
         </option>
         <option>
           <name>CCJLinkUpdateBreakpoints</name>
-          <state>_call_main</state>
+          <state>main</state>
         </option>
         <option>
           <name>CCJLinkInterfaceRadio</name>
@@ -2171,7 +944,7 @@
       <data>
         <version>2</version>
         <wantNonLocal>1</wantNonLocal>
-        <debug>0</debug>
+        <debug>1</debug>
         <option>
           <name>OCDriverInfo</name>
           <state>1</state>
@@ -2186,7 +959,7 @@
         </option>
         <option>
           <name>CCLmiftdiLogFile</name>
-          <state>$PROJ_DIR$\cspycomm.log</state>
+          <state>$TOOLKIT_DIR$\cspycomm.log</state>
         </option>
         <option>
           <name>CCLmiFtdiInterfaceRadio</name>
@@ -2204,7 +977,7 @@
       <data>
         <version>3</version>
         <wantNonLocal>1</wantNonLocal>
-        <debug>0</debug>
+        <debug>1</debug>
         <option>
           <name>jtag</name>
           <version>0</version>
@@ -2224,7 +997,7 @@
         </option>
         <option>
           <name>LogFile</name>
-          <state>$PROJ_DIR$\cspycomm.log</state>
+          <state>$TOOLKIT_DIR$\cspycomm.log</state>
         </option>
         <option>
           <name>DoEmuMultiTarget</name>
@@ -2275,7 +1048,7 @@
         </option>
         <option>
           <name>CCJTagUpdateBreakpoints</name>
-          <state>_call_main</state>
+          <state>main</state>
         </option>
         <option>
           <name>CCMacraigorInterfaceRadio</name>
@@ -2293,7 +1066,7 @@
       <data>
         <version>1</version>
         <wantNonLocal>1</wantNonLocal>
-        <debug>0</debug>
+        <debug>1</debug>
         <option>
           <name>OCDriverInfo</name>
           <state>1</state>
@@ -2365,10 +1138,10 @@
       <data>
         <version>2</version>
         <wantNonLocal>1</wantNonLocal>
-        <debug>0</debug>
+        <debug>1</debug>
         <option>
           <name>CRDIDriverDll</name>
-          <state>###Uninitialized###</state>
+          <state>Browse to your RDI driver</state>
         </option>
         <option>
           <name>CRDILogFileCheck</name>
@@ -2376,7 +1149,7 @@
         </option>
         <option>
           <name>CRDILogFileEdit</name>
-          <state>$PROJ_DIR$\cspycomm.log</state>
+          <state>$TOOLKIT_DIR$\cspycomm.log</state>
         </option>
         <option>
           <name>CCRDIHWReset</name>
@@ -2422,7 +1195,7 @@
       <data>
         <version>2</version>
         <wantNonLocal>1</wantNonLocal>
-        <debug>0</debug>
+        <debug>1</debug>
         <option>
           <name>OCDriverInfo</name>
           <state>1</state>
@@ -2460,10 +1233,10 @@
       <data>
         <version>0</version>
         <wantNonLocal>1</wantNonLocal>
-        <debug>0</debug>
+        <debug>1</debug>
         <option>
           <name>CThirdPartyDriverDll</name>
-          <state>###Uninitialized###</state>
+          <state>Browse to your third-party driver</state>
         </option>
         <option>
           <name>CThirdPartyLogFileCheck</name>
@@ -2471,7 +1244,7 @@
         </option>
         <option>
           <name>CThirdPartyLogFileEditB</name>
-          <state>$PROJ_DIR$\cspycomm.log</state>
+          <state>$TOOLKIT_DIR$\cspycomm.log</state>
         </option>
         <option>
           <name>OCDriverInfo</name>
@@ -2485,7 +1258,7 @@
       <data>
         <version>2</version>
         <wantNonLocal>1</wantNonLocal>
-        <debug>0</debug>
+        <debug>1</debug>
         <option>
           <name>OCDriverInfo</name>
           <state>1</state>
@@ -2504,7 +1277,7 @@
         </option>
         <option>
           <name>CCXds100InterfaceList</name>
-          <version>1</version>
+          <version>2</version>
           <state>0</state>
         </option>
         <option>
@@ -2551,11 +1324,7 @@
         <loadFlag>0</loadFlag>
       </plugin>
       <plugin>
-        <file>$TOOLKIT_DIR$\plugins\rtos\PowerPac\PowerPacRTOS.ewplugin</file>
-        <loadFlag>0</loadFlag>
-      </plugin>
-      <plugin>
-        <file>$TOOLKIT_DIR$\plugins\rtos\Quadros\Quadros_EWB6_Plugin.ewplugin</file>
+        <file>$TOOLKIT_DIR$\plugins\rtos\Quadros\Quadros_EWB7_Plugin.ewplugin</file>
         <loadFlag>0</loadFlag>
       </plugin>
       <plugin>
@@ -2566,6 +1335,10 @@
         <file>$TOOLKIT_DIR$\plugins\rtos\ThreadX\ThreadXArmPlugin.ENU.ewplugin</file>
         <loadFlag>0</loadFlag>
       </plugin>
+      <plugin>
+        <file>$TOOLKIT_DIR$\plugins\rtos\TI-RTOS\tirtosplugin.ewplugin</file>
+        <loadFlag>0</loadFlag>
+      </plugin>
       <plugin>
         <file>$TOOLKIT_DIR$\plugins\rtos\uCOS-II\uCOS-II-286-KA-CSpy.ewplugin</file>
         <loadFlag>0</loadFlag>
diff --git a/IDE/IAR-EWARM/Projects/benchmark/wolfCrypt-benchmark.ewp b/IDE/IAR-EWARM/Projects/benchmark/wolfCrypt-benchmark.ewp
new file mode 100644
index 000000000..bbb9b30a4
--- /dev/null
+++ b/IDE/IAR-EWARM/Projects/benchmark/wolfCrypt-benchmark.ewp
@@ -0,0 +1,981 @@
+<?xml version="1.0" encoding="iso-8859-1"?>
+
+<project>
+  <fileVersion>2</fileVersion>
+  <configuration>
+    <name>Debug</name>
+    <toolchain>
+      <name>ARM</name>
+    </toolchain>
+    <debug>1</debug>
+    <settings>
+      <name>General</name>
+      <archiveVersion>3</archiveVersion>
+      <data>
+        <version>22</version>
+        <wantNonLocal>1</wantNonLocal>
+        <debug>1</debug>
+        <option>
+          <name>ExePath</name>
+          <state>ewarm\Exe</state>
+        </option>
+        <option>
+          <name>ObjPath</name>
+          <state>ewarm\Obj</state>
+        </option>
+        <option>
+          <name>ListPath</name>
+          <state>ewarm\List</state>
+        </option>
+        <option>
+          <name>Variant</name>
+          <version>21</version>
+          <state>40</state>
+        </option>
+        <option>
+          <name>GEndianMode</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>Input variant</name>
+          <version>3</version>
+          <state>6</state>
+        </option>
+        <option>
+          <name>Input description</name>
+          <state>No specifier n, no float nor long long, no scan set, no assignment suppressing.</state>
+        </option>
+        <option>
+          <name>Output variant</name>
+          <version>2</version>
+          <state>2</state>
+        </option>
+        <option>
+          <name>Output description</name>
+          <state>Full formatting, without multibyte support.</state>
+        </option>
+        <option>
+          <name>GOutputBinary</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>FPU</name>
+          <version>4</version>
+          <state>6</state>
+        </option>
+        <option>
+          <name>OGCoreOrChip</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>GRuntimeLibSelect</name>
+          <version>0</version>
+          <state>1</state>
+        </option>
+        <option>
+          <name>GRuntimeLibSelectSlave</name>
+          <version>0</version>
+          <state>1</state>
+        </option>
+        <option>
+          <name>RTDescription</name>
+          <state>Use the normal configuration of the C/C++ runtime library. No locale interface, C locale, no file descriptor support, no multibytes in printf and scanf, and no hex floats in strtod.</state>
+        </option>
+        <option>
+          <name>OGProductVersion</name>
+          <state>5.11.0.50579</state>
+        </option>
+        <option>
+          <name>OGLastSavedByProductVersion</name>
+          <state>7.40.1.8463</state>
+        </option>
+        <option>
+          <name>GeneralEnableMisra</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>GeneralMisraVerbose</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>OGChipSelectEditMenu</name>
+          <state>Default	None</state>
+        </option>
+        <option>
+          <name>GenLowLevelInterface</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>GEndianModeBE</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>OGBufferedTerminalOutput</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>GenStdoutInterface</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>GeneralMisraRules98</name>
+          <version>0</version>
+          <state>1000111110110101101110011100111111101110011011000101110111101101100111111111111100110011111001110111001111111111111111111111111</state>
+        </option>
+        <option>
+          <name>GeneralMisraVer</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>GeneralMisraRules04</name>
+          <version>0</version>
+          <state>111101110010111111111000110111111111111111111111111110010111101111010101111111111111111111111111101111111011111001111011111011111111111111111</state>
+        </option>
+        <option>
+          <name>RTConfigPath2</name>
+          <state>$TOOLKIT_DIR$\INC\c\DLib_Config_Normal.h</state>
+        </option>
+        <option>
+          <name>GFPUCoreSlave</name>
+          <version>21</version>
+          <state>40</state>
+        </option>
+        <option>
+          <name>GBECoreSlave</name>
+          <version>21</version>
+          <state>40</state>
+        </option>
+        <option>
+          <name>OGUseCmsis</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>OGUseCmsisDspLib</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>GRuntimeLibThreads</name>
+          <state>0</state>
+        </option>
+      </data>
+    </settings>
+    <settings>
+      <name>ICCARM</name>
+      <archiveVersion>2</archiveVersion>
+      <data>
+        <version>31</version>
+        <wantNonLocal>1</wantNonLocal>
+        <debug>1</debug>
+        <option>
+          <name>CCDefines</name>
+          <state>ewarm</state>
+          <state>PART_TM4C129XNCZAD</state>
+          <state>WOLFSSL_USER_SETTINGS</state>
+          <state>TARGET_IS_SNOWFLAKE_RA0</state>
+        </option>
+        <option>
+          <name>CCPreprocFile</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CCPreprocComments</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CCPreprocLine</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CCListCFile</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CCListCMnemonics</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CCListCMessages</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CCListAssFile</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CCListAssSource</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CCEnableRemarks</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CCDiagSuppress</name>
+          <state>Pa050</state>
+        </option>
+        <option>
+          <name>CCDiagRemark</name>
+          <state></state>
+        </option>
+        <option>
+          <name>CCDiagWarning</name>
+          <state></state>
+        </option>
+        <option>
+          <name>CCDiagError</name>
+          <state></state>
+        </option>
+        <option>
+          <name>CCObjPrefix</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>CCAllowList</name>
+          <version>1</version>
+          <state>11111110</state>
+        </option>
+        <option>
+          <name>CCDebugInfo</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>IEndianMode</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>IProcessor</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>IExtraOptionsCheck</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>IExtraOptions</name>
+          <state></state>
+        </option>
+        <option>
+          <name>CCLangConformance</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CCSignedPlainChar</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>CCRequirePrototypes</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CCMultibyteSupport</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CCDiagWarnAreErr</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CCCompilerRuntimeInfo</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>IFpuProcessor</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>OutputFile</name>
+          <state>$FILE_BNAME$.o</state>
+        </option>
+        <option>
+          <name>CCLibConfigHeader</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>PreInclude</name>
+          <state></state>
+        </option>
+        <option>
+          <name>CompilerMisraOverride</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CCIncludePath2</name>
+          <state>$PROJ_DIR$\..\..\..\..</state>
+          <state>$PROJ_DIR$\..</state>
+          <state>$PROJ_DIR$\..\..\..\..\..</state>
+        </option>
+        <option>
+          <name>CCStdIncCheck</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CCCodeSection</name>
+          <state>.text</state>
+        </option>
+        <option>
+          <name>IInterwork2</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>IProcessorMode2</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>CCOptLevel</name>
+          <state>3</state>
+        </option>
+        <option>
+          <name>CCOptStrategy</name>
+          <version>0</version>
+          <state>1</state>
+        </option>
+        <option>
+          <name>CCOptLevelSlave</name>
+          <state>3</state>
+        </option>
+        <option>
+          <name>CompilerMisraRules98</name>
+          <version>0</version>
+          <state>1000111110110101101110011100111111101110011011000101110111101101100111111111111100110011111001110111001111111111111111111111111</state>
+        </option>
+        <option>
+          <name>CompilerMisraRules04</name>
+          <version>0</version>
+          <state>111101110010111111111000110111111111111111111111111110010111101111010101111111111111111111111111101111111011111001111011111011111111111111111</state>
+        </option>
+        <option>
+          <name>CCPosIndRopi</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CCPosIndRwpi</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CCPosIndNoDynInit</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>IccLang</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>IccCDialect</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>IccAllowVLA</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>IccCppDialect</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>IccExceptions</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>IccRTTI</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>IccStaticDestr</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>IccCppInlineSemantics</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>IccCmsis</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>IccFloatSemantics</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CCOptimizationNoSizeConstraints</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CCNoLiteralPool</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CCOptStrategySlave</name>
+          <version>0</version>
+          <state>1</state>
+        </option>
+        <option>
+          <name>CCGuardCalls</name>
+          <state>1</state>
+        </option>
+      </data>
+    </settings>
+    <settings>
+      <name>AARM</name>
+      <archiveVersion>2</archiveVersion>
+      <data>
+        <version>9</version>
+        <wantNonLocal>1</wantNonLocal>
+        <debug>1</debug>
+        <option>
+          <name>AObjPrefix</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>AEndian</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>ACaseSensitivity</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>MacroChars</name>
+          <version>0</version>
+          <state>0</state>
+        </option>
+        <option>
+          <name>AWarnEnable</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>AWarnWhat</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>AWarnOne</name>
+          <state></state>
+        </option>
+        <option>
+          <name>AWarnRange1</name>
+          <state></state>
+        </option>
+        <option>
+          <name>AWarnRange2</name>
+          <state></state>
+        </option>
+        <option>
+          <name>ADebug</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>AltRegisterNames</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>ADefines</name>
+          <state>ewarm</state>
+        </option>
+        <option>
+          <name>AList</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>AListHeader</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>AListing</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>Includes</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>MacDefs</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>MacExps</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>MacExec</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>OnlyAssed</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>MultiLine</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>PageLengthCheck</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>PageLength</name>
+          <state>80</state>
+        </option>
+        <option>
+          <name>TabSpacing</name>
+          <state>8</state>
+        </option>
+        <option>
+          <name>AXRef</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>AXRefDefines</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>AXRefInternal</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>AXRefDual</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>AProcessor</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>AFpuProcessor</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>AOutputFile</name>
+          <state>$FILE_BNAME$.o</state>
+        </option>
+        <option>
+          <name>AMultibyteSupport</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>ALimitErrorsCheck</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>ALimitErrorsEdit</name>
+          <state>100</state>
+        </option>
+        <option>
+          <name>AIgnoreStdInclude</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>AUserIncludes</name>
+          <state>$PROJ_DIR$\..\..\..\..</state>
+        </option>
+        <option>
+          <name>AExtraOptionsCheckV2</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>AExtraOptionsV2</name>
+          <state></state>
+        </option>
+        <option>
+          <name>AsmNoLiteralPool</name>
+          <state>0</state>
+        </option>
+      </data>
+    </settings>
+    <settings>
+      <name>OBJCOPY</name>
+      <archiveVersion>0</archiveVersion>
+      <data>
+        <version>1</version>
+        <wantNonLocal>1</wantNonLocal>
+        <debug>1</debug>
+        <option>
+          <name>OOCOutputFormat</name>
+          <version>2</version>
+          <state>2</state>
+        </option>
+        <option>
+          <name>OCOutputOverride</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>OOCOutputFile</name>
+          <state>wolfCrypt-benchmark.bin</state>
+        </option>
+        <option>
+          <name>OOCCommandLineProducer</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>OOCObjCopyEnable</name>
+          <state>1</state>
+        </option>
+      </data>
+    </settings>
+    <settings>
+      <name>CUSTOM</name>
+      <archiveVersion>3</archiveVersion>
+      <data>
+        <extensions></extensions>
+        <cmdline></cmdline>
+        <hasPrio>0</hasPrio>
+      </data>
+    </settings>
+    <settings>
+      <name>BICOMP</name>
+      <archiveVersion>0</archiveVersion>
+      <data/>
+    </settings>
+    <settings>
+      <name>BUILDACTION</name>
+      <archiveVersion>1</archiveVersion>
+      <data>
+        <prebuild></prebuild>
+        <postbuild></postbuild>
+      </data>
+    </settings>
+    <settings>
+      <name>ILINK</name>
+      <archiveVersion>0</archiveVersion>
+      <data>
+        <version>16</version>
+        <wantNonLocal>1</wantNonLocal>
+        <debug>1</debug>
+        <option>
+          <name>IlinkLibIOConfig</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>XLinkMisraHandler</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>IlinkInputFileSlave</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>IlinkOutputFile</name>
+          <state>benchmark.out</state>
+        </option>
+        <option>
+          <name>IlinkDebugInfoEnable</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>IlinkKeepSymbols</name>
+          <state></state>
+        </option>
+        <option>
+          <name>IlinkRawBinaryFile</name>
+          <state></state>
+        </option>
+        <option>
+          <name>IlinkRawBinarySymbol</name>
+          <state></state>
+        </option>
+        <option>
+          <name>IlinkRawBinarySegment</name>
+          <state></state>
+        </option>
+        <option>
+          <name>IlinkRawBinaryAlign</name>
+          <state></state>
+        </option>
+        <option>
+          <name>IlinkDefines</name>
+          <state></state>
+        </option>
+        <option>
+          <name>IlinkConfigDefines</name>
+          <state></state>
+        </option>
+        <option>
+          <name>IlinkMapFile</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>IlinkLogFile</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>IlinkLogInitialization</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>IlinkLogModule</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>IlinkLogSection</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>IlinkLogVeneer</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>IlinkIcfOverride</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>IlinkIcfFile</name>
+          <state>$PROJ_DIR$\..\common\wolfssl.icf</state>
+        </option>
+        <option>
+          <name>IlinkIcfFileSlave</name>
+          <state></state>
+        </option>
+        <option>
+          <name>IlinkEnableRemarks</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>IlinkSuppressDiags</name>
+          <state></state>
+        </option>
+        <option>
+          <name>IlinkTreatAsRem</name>
+          <state></state>
+        </option>
+        <option>
+          <name>IlinkTreatAsWarn</name>
+          <state></state>
+        </option>
+        <option>
+          <name>IlinkTreatAsErr</name>
+          <state></state>
+        </option>
+        <option>
+          <name>IlinkWarningsAreErrors</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>IlinkUseExtraOptions</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>IlinkExtraOptions</name>
+          <state></state>
+        </option>
+        <option>
+          <name>IlinkLowLevelInterfaceSlave</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>IlinkAutoLibEnable</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>IlinkAdditionalLibs</name>
+          <state></state>
+        </option>
+        <option>
+          <name>IlinkOverrideProgramEntryLabel</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>IlinkProgramEntryLabelSelect</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>IlinkProgramEntryLabel</name>
+          <state>__iar_program_start</state>
+        </option>
+        <option>
+          <name>DoFill</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>FillerByte</name>
+          <state>0xFF</state>
+        </option>
+        <option>
+          <name>FillerStart</name>
+          <state>0x0</state>
+        </option>
+        <option>
+          <name>FillerEnd</name>
+          <state>0x0</state>
+        </option>
+        <option>
+          <name>CrcSize</name>
+          <version>0</version>
+          <state>1</state>
+        </option>
+        <option>
+          <name>CrcAlign</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>CrcPoly</name>
+          <state>0x11021</state>
+        </option>
+        <option>
+          <name>CrcCompl</name>
+          <version>0</version>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CrcBitOrder</name>
+          <version>0</version>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CrcInitialValue</name>
+          <state>0x0</state>
+        </option>
+        <option>
+          <name>DoCrc</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>IlinkBE8Slave</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>IlinkBufferedTerminalOutput</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>IlinkStdoutInterfaceSlave</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>CrcFullSize</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>IlinkIElfToolPostProcess</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>IlinkLogAutoLibSelect</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>IlinkLogRedirSymbols</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>IlinkLogUnusedFragments</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>IlinkCrcReverseByteOrder</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>IlinkCrcUseAsInput</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>IlinkOptInline</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>IlinkOptExceptionsAllow</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>IlinkOptExceptionsForce</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>IlinkCmsis</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>IlinkOptMergeDuplSections</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>IlinkOptUseVfe</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>IlinkOptForceVfe</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>IlinkStackAnalysisEnable</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>IlinkStackControlFile</name>
+          <state></state>
+        </option>
+        <option>
+          <name>IlinkStackCallGraphFile</name>
+          <state></state>
+        </option>
+        <option>
+          <name>CrcAlgorithm</name>
+          <version>0</version>
+          <state>1</state>
+        </option>
+        <option>
+          <name>CrcUnitSize</name>
+          <version>0</version>
+          <state>0</state>
+        </option>
+        <option>
+          <name>IlinkThreadsSlave</name>
+          <state>1</state>
+        </option>
+      </data>
+    </settings>
+    <settings>
+      <name>IARCHIVE</name>
+      <archiveVersion>0</archiveVersion>
+      <data>
+        <version>0</version>
+        <wantNonLocal>1</wantNonLocal>
+        <debug>1</debug>
+        <option>
+          <name>IarchiveInputs</name>
+          <state></state>
+        </option>
+        <option>
+          <name>IarchiveOverride</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>IarchiveOutput</name>
+          <state>###Unitialized###</state>
+        </option>
+      </data>
+    </settings>
+    <settings>
+      <name>BILINK</name>
+      <archiveVersion>0</archiveVersion>
+      <data/>
+    </settings>
+  </configuration>
+  <group>
+    <name>Config</name>
+    <file>
+      <name>$PROJ_DIR$\..\user_settings.h</name>
+    </file>
+  </group>
+  <group>
+    <name>Lib</name>
+    <file>
+      <name>$PROJ_DIR$\..\lib\ewarm\Exe\wolfSSL-Lib.a</name>
+    </file>
+  </group>
+  <group>
+    <name>Source</name>
+    <file>
+      <name>$PROJ_DIR$\benchmark-main.c</name>
+    </file>
+    <file>
+      <name>$PROJ_DIR$\..\..\..\..\wolfcrypt\benchmark\benchmark.c</name>
+    </file>
+    <file>
+      <name>$PROJ_DIR$\current_time.c</name>
+    </file>
+    <file>
+      <name>$PROJ_DIR$\..\common\minimum-startup.c</name>
+    </file>
+  </group>
+</project>
+
+
diff --git a/IDE/IAR-EWARM/Projects/common/minimum-startup.c b/IDE/IAR-EWARM/Projects/common/minimum-startup.c
new file mode 100644
index 000000000..0315d577e
--- /dev/null
+++ b/IDE/IAR-EWARM/Projects/common/minimum-startup.c
@@ -0,0 +1,52 @@
+/* minimum-startup.c
+ *
+ * Copyright (C) 2006-2015 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL. (formerly known as CyaSSL)
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+#include <stdint.h>
+#pragma language=extended
+
+extern void __iar_program_start(void);
+static void Reset(void)
+{
+    __iar_program_start();
+}
+
+static void Nmi  (void){ while(1) ; }
+static void Fault(void){ while(1) ; }
+
+static unsigned long long Stack[256*4*16] @ ".noinit";
+
+typedef union
+{
+    void (*Handler)(void);
+    uint32_t Ptr;
+} Vector;
+
+__root const Vector  __vector_table[100] @ ".intvec" =
+{
+    { .Ptr = (uint32_t)Stack + sizeof(Stack) },
+                                // stack top
+    Reset,                   // reset
+    Nmi,                        // NMI
+    Fault,                      // hard fault
+    Fault,                      // MPU fault
+    Fault,                      // bus fault
+    Fault,                      // usage fault
+};
+
diff --git a/IDE/IAR-EWARM/Projects/common/wolfssl.icf b/IDE/IAR-EWARM/Projects/common/wolfssl.icf
new file mode 100644
index 000000000..96a6f0860
--- /dev/null
+++ b/IDE/IAR-EWARM/Projects/common/wolfssl.icf
@@ -0,0 +1,11 @@
+
+define memory mem with size = 4G;
+define region FLASH = mem:[from 0x00000000 to 0x000fffff];
+define region SRAM = mem:[from 0x20000000 to 0x2003ffff];
+define block HEAP with alignment = 8, size = 0x00010000 { };
+initialize by copy { readwrite };
+do not initialize { section .noinit };
+place at start of FLASH { readonly section .intvec };
+place in FLASH { readonly };
+place at start of SRAM { section VTABLE };
+place in SRAM { readwrite, block HEAP };
diff --git a/IDE/IAR-EWARM/Projects/CyaSSL-Lib/wolfCrypt-test.ewd b/IDE/IAR-EWARM/Projects/lib/wolfSSL-Lib.ewd
similarity index 94%
rename from IDE/IAR-EWARM/Projects/CyaSSL-Lib/wolfCrypt-test.ewd
rename to IDE/IAR-EWARM/Projects/lib/wolfSSL-Lib.ewd
index 6c2de8d14..69eb45f09 100644
--- a/IDE/IAR-EWARM/Projects/CyaSSL-Lib/wolfCrypt-test.ewd
+++ b/IDE/IAR-EWARM/Projects/lib/wolfSSL-Lib.ewd
@@ -12,7 +12,7 @@
       <name>C-SPY</name>
       <archiveVersion>2</archiveVersion>
       <data>
-        <version>25</version>
+        <version>26</version>
         <wantNonLocal>1</wantNonLocal>
         <debug>1</debug>
         <option>
@@ -81,7 +81,7 @@
         </option>
         <option>
           <name>OCProductVersion</name>
-          <state>6.60.1.5099</state>
+          <state>7.20.1.7306</state>
         </option>
         <option>
           <name>OCDynDriverList</name>
@@ -89,7 +89,7 @@
         </option>
         <option>
           <name>OCLastSavedByProductVersion</name>
-          <state>6.60.1.5099</state>
+          <state>7.20.1.7306</state>
         </option>
         <option>
           <name>OCDownloadAttachToProgram</name>
@@ -183,6 +183,30 @@
           <name>OCAllMTBOptions</name>
           <state>1</state>
         </option>
+        <option>
+          <name>OCMulticoreNrOfCores</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>OCMulticoreMaster</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>OCMulticorePort</name>
+          <state>53461</state>
+        </option>
+        <option>
+          <name>OCMulticoreWorkspace</name>
+          <state></state>
+        </option>
+        <option>
+          <name>OCMulticoreSlaveProject</name>
+          <state></state>
+        </option>
+        <option>
+          <name>OCMulticoreSlaveConfiguration</name>
+          <state></state>
+        </option>
       </data>
     </settings>
     <settings>
@@ -257,7 +281,7 @@
       <name>CMSISDAP_ID</name>
       <archiveVersion>2</archiveVersion>
       <data>
-        <version>0</version>
+        <version>2</version>
         <wantNonLocal>1</wantNonLocal>
         <debug>1</debug>
         <option>
@@ -332,7 +356,7 @@
         </option>
         <option>
           <name>RDICatchUndef</name>
-          <state>0</state>
+          <state>1</state>
         </option>
         <option>
           <name>RDICatchSWI</name>
@@ -340,11 +364,11 @@
         </option>
         <option>
           <name>RDICatchData</name>
-          <state>0</state>
+          <state>1</state>
         </option>
         <option>
           <name>RDICatchPrefetch</name>
-          <state>0</state>
+          <state>1</state>
         </option>
         <option>
           <name>RDICatchIRQ</name>
@@ -360,31 +384,31 @@
         </option>
         <option>
           <name>CatchMMERR</name>
-          <state>0</state>
+          <state>1</state>
         </option>
         <option>
           <name>CatchNOCPERR</name>
-          <state>0</state>
+          <state>1</state>
         </option>
         <option>
           <name>CatchCHKERR</name>
-          <state>0</state>
+          <state>1</state>
         </option>
         <option>
           <name>CatchSTATERR</name>
-          <state>0</state>
+          <state>1</state>
         </option>
         <option>
           <name>CatchBUSERR</name>
-          <state>0</state>
+          <state>1</state>
         </option>
         <option>
           <name>CatchINTERR</name>
-          <state>0</state>
+          <state>1</state>
         </option>
         <option>
           <name>CatchHARDERR</name>
-          <state>0</state>
+          <state>1</state>
         </option>
         <option>
           <name>CatchDummy</name>
@@ -398,6 +422,30 @@
           <name>CMSISDAPMultiCPUNumber</name>
           <state>0</state>
         </option>
+        <option>
+          <name>OCProbeCfgOverride</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>OCProbeConfig</name>
+          <state></state>
+        </option>
+        <option>
+          <name>CMSISDAPProbeConfigRadio</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CMSISDAPSelectedCPUBehaviour</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>ICpuName</name>
+          <state></state>
+        </option>
+        <option>
+          <name>OCJetEmuParams</name>
+          <state>1</state>
+        </option>
       </data>
     </settings>
     <settings>
@@ -472,7 +520,7 @@
       <name>IJET_ID</name>
       <archiveVersion>2</archiveVersion>
       <data>
-        <version>2</version>
+        <version>3</version>
         <wantNonLocal>1</wantNonLocal>
         <debug>1</debug>
         <option>
@@ -666,6 +714,10 @@
           <name>ICpuName</name>
           <state></state>
         </option>
+        <option>
+          <name>OCJetEmuParams</name>
+          <state>1</state>
+        </option>
       </data>
     </settings>
     <settings>
@@ -677,7 +729,7 @@
         <debug>1</debug>
         <option>
           <name>JLinkSpeed</name>
-          <state>32</state>
+          <state>1000</state>
         </option>
         <option>
           <name>CCJLinkDoLogfile</name>
@@ -697,7 +749,7 @@
         </option>
         <option>
           <name>JLinkInitialSpeed</name>
-          <state>32</state>
+          <state>1000</state>
         </option>
         <option>
           <name>CCDoJlinkMultiTarget</name>
@@ -783,7 +835,7 @@
         <option>
           <name>CCJLinkResetList</name>
           <version>6</version>
-          <state>7</state>
+          <state>5</state>
         </option>
         <option>
           <name>CCJLinkInterfaceCmdLine</name>
@@ -1207,7 +1259,7 @@
         </option>
         <option>
           <name>CCXds100InterfaceList</name>
-          <version>1</version>
+          <version>2</version>
           <state>0</state>
         </option>
         <option>
@@ -1253,14 +1305,6 @@
         <file>$TOOLKIT_DIR$\plugins\rtos\OpenRTOS\OpenRTOSPlugin.ewplugin</file>
         <loadFlag>0</loadFlag>
       </plugin>
-      <plugin>
-        <file>$TOOLKIT_DIR$\plugins\rtos\PowerPac\PowerPacRTOS.ewplugin</file>
-        <loadFlag>0</loadFlag>
-      </plugin>
-      <plugin>
-        <file>$TOOLKIT_DIR$\plugins\rtos\Quadros\Quadros_EWB6_Plugin.ewplugin</file>
-        <loadFlag>0</loadFlag>
-      </plugin>
       <plugin>
         <file>$TOOLKIT_DIR$\plugins\rtos\SafeRTOS\SafeRTOSPlugin.ewplugin</file>
         <loadFlag>0</loadFlag>
@@ -1269,6 +1313,10 @@
         <file>$TOOLKIT_DIR$\plugins\rtos\ThreadX\ThreadXArmPlugin.ENU.ewplugin</file>
         <loadFlag>0</loadFlag>
       </plugin>
+      <plugin>
+        <file>$TOOLKIT_DIR$\plugins\rtos\TI-RTOS\tirtosplugin.ewplugin</file>
+        <loadFlag>0</loadFlag>
+      </plugin>
       <plugin>
         <file>$TOOLKIT_DIR$\plugins\rtos\uCOS-II\uCOS-II-286-KA-CSpy.ewplugin</file>
         <loadFlag>0</loadFlag>
@@ -1309,7 +1357,7 @@
       <name>C-SPY</name>
       <archiveVersion>2</archiveVersion>
       <data>
-        <version>25</version>
+        <version>26</version>
         <wantNonLocal>1</wantNonLocal>
         <debug>0</debug>
         <option>
@@ -1378,7 +1426,7 @@
         </option>
         <option>
           <name>OCProductVersion</name>
-          <state>6.60.1.5099</state>
+          <state>7.20.1.7306</state>
         </option>
         <option>
           <name>OCDynDriverList</name>
@@ -1480,6 +1528,30 @@
           <name>OCAllMTBOptions</name>
           <state>1</state>
         </option>
+        <option>
+          <name>OCMulticoreNrOfCores</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>OCMulticoreMaster</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>OCMulticorePort</name>
+          <state>53461</state>
+        </option>
+        <option>
+          <name>OCMulticoreWorkspace</name>
+          <state></state>
+        </option>
+        <option>
+          <name>OCMulticoreSlaveProject</name>
+          <state></state>
+        </option>
+        <option>
+          <name>OCMulticoreSlaveConfiguration</name>
+          <state></state>
+        </option>
       </data>
     </settings>
     <settings>
@@ -1554,7 +1626,7 @@
       <name>CMSISDAP_ID</name>
       <archiveVersion>2</archiveVersion>
       <data>
-        <version>0</version>
+        <version>2</version>
         <wantNonLocal>1</wantNonLocal>
         <debug>0</debug>
         <option>
@@ -1629,7 +1701,7 @@
         </option>
         <option>
           <name>RDICatchUndef</name>
-          <state>0</state>
+          <state>1</state>
         </option>
         <option>
           <name>RDICatchSWI</name>
@@ -1637,11 +1709,11 @@
         </option>
         <option>
           <name>RDICatchData</name>
-          <state>0</state>
+          <state>1</state>
         </option>
         <option>
           <name>RDICatchPrefetch</name>
-          <state>0</state>
+          <state>1</state>
         </option>
         <option>
           <name>RDICatchIRQ</name>
@@ -1657,31 +1729,31 @@
         </option>
         <option>
           <name>CatchMMERR</name>
-          <state>0</state>
+          <state>1</state>
         </option>
         <option>
           <name>CatchNOCPERR</name>
-          <state>0</state>
+          <state>1</state>
         </option>
         <option>
           <name>CatchCHKERR</name>
-          <state>0</state>
+          <state>1</state>
         </option>
         <option>
           <name>CatchSTATERR</name>
-          <state>0</state>
+          <state>1</state>
         </option>
         <option>
           <name>CatchBUSERR</name>
-          <state>0</state>
+          <state>1</state>
         </option>
         <option>
           <name>CatchINTERR</name>
-          <state>0</state>
+          <state>1</state>
         </option>
         <option>
           <name>CatchHARDERR</name>
-          <state>0</state>
+          <state>1</state>
         </option>
         <option>
           <name>CatchDummy</name>
@@ -1695,6 +1767,30 @@
           <name>CMSISDAPMultiCPUNumber</name>
           <state>0</state>
         </option>
+        <option>
+          <name>OCProbeCfgOverride</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>OCProbeConfig</name>
+          <state></state>
+        </option>
+        <option>
+          <name>CMSISDAPProbeConfigRadio</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CMSISDAPSelectedCPUBehaviour</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>ICpuName</name>
+          <state></state>
+        </option>
+        <option>
+          <name>OCJetEmuParams</name>
+          <state>1</state>
+        </option>
       </data>
     </settings>
     <settings>
@@ -1769,7 +1865,7 @@
       <name>IJET_ID</name>
       <archiveVersion>2</archiveVersion>
       <data>
-        <version>2</version>
+        <version>3</version>
         <wantNonLocal>1</wantNonLocal>
         <debug>0</debug>
         <option>
@@ -1963,6 +2059,10 @@
           <name>ICpuName</name>
           <state></state>
         </option>
+        <option>
+          <name>OCJetEmuParams</name>
+          <state>1</state>
+        </option>
       </data>
     </settings>
     <settings>
@@ -1974,7 +2074,7 @@
         <debug>0</debug>
         <option>
           <name>JLinkSpeed</name>
-          <state>32</state>
+          <state>1000</state>
         </option>
         <option>
           <name>CCJLinkDoLogfile</name>
@@ -1994,7 +2094,7 @@
         </option>
         <option>
           <name>JLinkInitialSpeed</name>
-          <state>32</state>
+          <state>1000</state>
         </option>
         <option>
           <name>CCDoJlinkMultiTarget</name>
@@ -2504,7 +2604,7 @@
         </option>
         <option>
           <name>CCXds100InterfaceList</name>
-          <version>1</version>
+          <version>2</version>
           <state>0</state>
         </option>
         <option>
@@ -2550,14 +2650,6 @@
         <file>$TOOLKIT_DIR$\plugins\rtos\OpenRTOS\OpenRTOSPlugin.ewplugin</file>
         <loadFlag>0</loadFlag>
       </plugin>
-      <plugin>
-        <file>$TOOLKIT_DIR$\plugins\rtos\PowerPac\PowerPacRTOS.ewplugin</file>
-        <loadFlag>0</loadFlag>
-      </plugin>
-      <plugin>
-        <file>$TOOLKIT_DIR$\plugins\rtos\Quadros\Quadros_EWB6_Plugin.ewplugin</file>
-        <loadFlag>0</loadFlag>
-      </plugin>
       <plugin>
         <file>$TOOLKIT_DIR$\plugins\rtos\SafeRTOS\SafeRTOSPlugin.ewplugin</file>
         <loadFlag>0</loadFlag>
@@ -2566,6 +2658,10 @@
         <file>$TOOLKIT_DIR$\plugins\rtos\ThreadX\ThreadXArmPlugin.ENU.ewplugin</file>
         <loadFlag>0</loadFlag>
       </plugin>
+      <plugin>
+        <file>$TOOLKIT_DIR$\plugins\rtos\TI-RTOS\tirtosplugin.ewplugin</file>
+        <loadFlag>0</loadFlag>
+      </plugin>
       <plugin>
         <file>$TOOLKIT_DIR$\plugins\rtos\uCOS-II\uCOS-II-286-KA-CSpy.ewplugin</file>
         <loadFlag>0</loadFlag>
diff --git a/IDE/IAR-EWARM/Projects/CyaSSL-Lib/CyaSSL-Lib.ewp b/IDE/IAR-EWARM/Projects/lib/wolfSSL-Lib.ewp
similarity index 91%
rename from IDE/IAR-EWARM/Projects/CyaSSL-Lib/CyaSSL-Lib.ewp
rename to IDE/IAR-EWARM/Projects/lib/wolfSSL-Lib.ewp
index bc278a468..04c1d6840 100644
--- a/IDE/IAR-EWARM/Projects/CyaSSL-Lib/CyaSSL-Lib.ewp
+++ b/IDE/IAR-EWARM/Projects/lib/wolfSSL-Lib.ewp
@@ -17,20 +17,20 @@
         <debug>1</debug>
         <option>
           <name>ExePath</name>
-          <state>Debug\Exe</state>
+          <state>ewarm\Exe</state>
         </option>
         <option>
           <name>ObjPath</name>
-          <state>Debug\Obj</state>
+          <state>ewarm\Obj</state>
         </option>
         <option>
           <name>ListPath</name>
-          <state>Debug\List</state>
+          <state>ewarm\List</state>
         </option>
         <option>
           <name>Variant</name>
-          <version>20</version>
-          <state>38</state>
+          <version>21</version>
+          <state>40</state>
         </option>
         <option>
           <name>GEndianMode</name>
@@ -60,8 +60,8 @@
         </option>
         <option>
           <name>FPU</name>
-          <version>2</version>
-          <state>0</state>
+          <version>4</version>
+          <state>6</state>
         </option>
         <option>
           <name>OGCoreOrChip</name>
@@ -87,7 +87,7 @@
         </option>
         <option>
           <name>OGLastSavedByProductVersion</name>
-          <state>6.60.1.5099</state>
+          <state>7.40.1.8463</state>
         </option>
         <option>
           <name>GeneralEnableMisra</name>
@@ -99,7 +99,7 @@
         </option>
         <option>
           <name>OGChipSelectEditMenu</name>
-          <state>MB9BF618T	Fujitsu MB9BF618T</state>
+          <state>Default	None</state>
         </option>
         <option>
           <name>GenLowLevelInterface</name>
@@ -137,13 +137,13 @@
         </option>
         <option>
           <name>GFPUCoreSlave</name>
-          <version>20</version>
-          <state>38</state>
+          <version>21</version>
+          <state>40</state>
         </option>
         <option>
           <name>GBECoreSlave</name>
-          <version>20</version>
-          <state>38</state>
+          <version>21</version>
+          <state>40</state>
         </option>
         <option>
           <name>OGUseCmsis</name>
@@ -163,12 +163,12 @@
       <name>ICCARM</name>
       <archiveVersion>2</archiveVersion>
       <data>
-        <version>29</version>
+        <version>31</version>
         <wantNonLocal>1</wantNonLocal>
         <debug>1</debug>
         <option>
           <name>CCDefines</name>
-          <state></state>
+          <state>WOLFSSL_USER_SETTINGS</state>
         </option>
         <option>
           <name>CCPreprocFile</name>
@@ -208,7 +208,7 @@
         </option>
         <option>
           <name>CCDiagSuppress</name>
-          <state>Pa050</state>
+          <state>Pa050,Pa089,Pe177</state>
         </option>
         <option>
           <name>CCDiagRemark</name>
@@ -229,7 +229,7 @@
         <option>
           <name>CCAllowList</name>
           <version>1</version>
-          <state>0000000</state>
+          <state>11111110</state>
         </option>
         <option>
           <name>CCDebugInfo</name>
@@ -298,6 +298,7 @@
         <option>
           <name>CCIncludePath2</name>
           <state>$PROJ_DIR$\..\..\..\..</state>
+          <state>$PROJ_DIR$\..\</state>
         </option>
         <option>
           <name>CCStdIncCheck</name>
@@ -317,16 +318,16 @@
         </option>
         <option>
           <name>CCOptLevel</name>
-          <state>0</state>
+          <state>3</state>
         </option>
         <option>
           <name>CCOptStrategy</name>
           <version>0</version>
-          <state>1</state>
+          <state>2</state>
         </option>
         <option>
           <name>CCOptLevelSlave</name>
-          <state>0</state>
+          <state>3</state>
         </option>
         <option>
           <name>CompilerMisraRules98</name>
@@ -398,6 +399,15 @@
           <name>CCNoLiteralPool</name>
           <state>0</state>
         </option>
+        <option>
+          <name>CCOptStrategySlave</name>
+          <version>0</version>
+          <state>2</state>
+        </option>
+        <option>
+          <name>CCGuardCalls</name>
+          <state>1</state>
+        </option>
       </data>
     </settings>
     <settings>
@@ -602,6 +612,7 @@
       <data>
         <extensions></extensions>
         <cmdline></cmdline>
+        <hasPrio>0</hasPrio>
       </data>
     </settings>
     <settings>
@@ -924,7 +935,7 @@
         </option>
         <option>
           <name>IarchiveOutput</name>
-          <state>C:\ROOT\CyaSSL-Release\IAR\IDE\IAR-EWARM\Projects\CyaSSL-Lib\Debug\Exe\CyaSSL-Lib.a</state>
+          <state>C:\ROOT\CyaSSL-Support\TI\Staging-20150522\wolfssl\IDE\IAR-EWARM\Projects\lib\ewarm\Exe\wolfSSL-Lib.a</state>
         </option>
       </data>
     </settings>
@@ -961,7 +972,7 @@
         </option>
         <option>
           <name>Variant</name>
-          <version>20</version>
+          <version>21</version>
           <state>0</state>
         </option>
         <option>
@@ -992,7 +1003,7 @@
         </option>
         <option>
           <name>FPU</name>
-          <version>2</version>
+          <version>4</version>
           <state>0</state>
         </option>
         <option>
@@ -1069,12 +1080,12 @@
         </option>
         <option>
           <name>GFPUCoreSlave</name>
-          <version>20</version>
+          <version>21</version>
           <state>1</state>
         </option>
         <option>
           <name>GBECoreSlave</name>
-          <version>20</version>
+          <version>21</version>
           <state>1</state>
         </option>
         <option>
@@ -1095,7 +1106,7 @@
       <name>ICCARM</name>
       <archiveVersion>2</archiveVersion>
       <data>
-        <version>29</version>
+        <version>31</version>
         <wantNonLocal>1</wantNonLocal>
         <debug>0</debug>
         <option>
@@ -1161,7 +1172,7 @@
         <option>
           <name>CCAllowList</name>
           <version>1</version>
-          <state>1111111</state>
+          <state>11111110</state>
         </option>
         <option>
           <name>CCDebugInfo</name>
@@ -1330,6 +1341,15 @@
           <name>CCNoLiteralPool</name>
           <state>0</state>
         </option>
+        <option>
+          <name>CCOptStrategySlave</name>
+          <version>0</version>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CCGuardCalls</name>
+          <state>1</state>
+        </option>
       </data>
     </settings>
     <settings>
@@ -1534,6 +1554,7 @@
       <data>
         <extensions></extensions>
         <cmdline></cmdline>
+        <hasPrio>0</hasPrio>
       </data>
     </settings>
     <settings>
@@ -1867,7 +1888,142 @@
     </settings>
   </configuration>
   <group>
-    <name>CyaSSL</name>
+    <name>Config</name>
+    <file>
+      <name>$PROJ_DIR$\..\..\..\..\wolfssl\wolfcrypt\settings.h</name>
+    </file>
+    <file>
+      <name>$PROJ_DIR$\..\user_settings.h</name>
+    </file>
+  </group>
+  <group>
+    <name>wolfCrypt</name>
+    <file>
+      <name>$PROJ_DIR$\..\..\..\..\wolfcrypt\src\aes.c</name>
+    </file>
+    <file>
+      <name>$PROJ_DIR$\..\..\..\..\wolfcrypt\src\arc4.c</name>
+    </file>
+    <file>
+      <name>$PROJ_DIR$\..\..\..\..\wolfcrypt\src\asm.c</name>
+    </file>
+    <file>
+      <name>$PROJ_DIR$\..\..\..\..\wolfcrypt\src\asn.c</name>
+    </file>
+    <file>
+      <name>$PROJ_DIR$\..\..\..\..\wolfcrypt\src\blake2b.c</name>
+    </file>
+    <file>
+      <name>$PROJ_DIR$\..\..\..\..\wolfcrypt\src\camellia.c</name>
+    </file>
+    <file>
+      <name>$PROJ_DIR$\..\..\..\..\wolfcrypt\src\chacha.c</name>
+    </file>
+    <file>
+      <name>$PROJ_DIR$\..\..\..\..\wolfcrypt\src\chacha20_poly1305.c</name>
+    </file>
+    <file>
+      <name>$PROJ_DIR$\..\..\..\..\wolfcrypt\src\coding.c</name>
+    </file>
+    <file>
+      <name>$PROJ_DIR$\..\..\..\..\wolfcrypt\src\compress.c</name>
+    </file>
+    <file>
+      <name>$PROJ_DIR$\..\..\..\..\wolfcrypt\src\curve25519.c</name>
+    </file>
+    <file>
+      <name>$PROJ_DIR$\..\..\..\..\wolfcrypt\src\des3.c</name>
+    </file>
+    <file>
+      <name>$PROJ_DIR$\..\..\..\..\wolfcrypt\src\dh.c</name>
+    </file>
+    <file>
+      <name>$PROJ_DIR$\..\..\..\..\wolfcrypt\src\dsa.c</name>
+    </file>
+    <file>
+      <name>$PROJ_DIR$\..\..\..\..\wolfcrypt\src\ecc.c</name>
+    </file>
+    <file>
+      <name>$PROJ_DIR$\..\..\..\..\wolfcrypt\src\ecc_fp.c</name>
+    </file>
+    <file>
+      <name>$PROJ_DIR$\..\..\..\..\wolfcrypt\src\ed25519.c</name>
+    </file>
+    <file>
+      <name>$PROJ_DIR$\..\..\..\..\wolfcrypt\src\error.c</name>
+    </file>
+    <file>
+      <name>$PROJ_DIR$\..\..\..\..\wolfcrypt\src\fe_operations.c</name>
+    </file>
+    <file>
+      <name>$PROJ_DIR$\..\..\..\..\wolfcrypt\src\ge_operations.c</name>
+    </file>
+    <file>
+      <name>$PROJ_DIR$\..\..\..\..\wolfcrypt\src\hc128.c</name>
+    </file>
+    <file>
+      <name>$PROJ_DIR$\..\..\..\..\wolfcrypt\src\hmac.c</name>
+    </file>
+    <file>
+      <name>$PROJ_DIR$\..\..\..\..\wolfcrypt\src\integer.c</name>
+    </file>
+    <file>
+      <name>$PROJ_DIR$\..\..\..\..\wolfcrypt\src\logging.c</name>
+    </file>
+    <file>
+      <name>$PROJ_DIR$\..\..\..\..\wolfcrypt\src\md2.c</name>
+    </file>
+    <file>
+      <name>$PROJ_DIR$\..\..\..\..\wolfcrypt\src\md4.c</name>
+    </file>
+    <file>
+      <name>$PROJ_DIR$\..\..\..\..\wolfcrypt\src\md5.c</name>
+    </file>
+    <file>
+      <name>$PROJ_DIR$\..\..\..\..\wolfcrypt\src\memory.c</name>
+    </file>
+    <file>
+      <name>$PROJ_DIR$\..\..\..\..\wolfcrypt\src\misc.c</name>
+    </file>
+    <file>
+      <name>$PROJ_DIR$\..\..\..\..\wolfcrypt\src\pkcs7.c</name>
+    </file>
+    <file>
+      <name>$PROJ_DIR$\..\..\..\..\wolfcrypt\src\poly1305.c</name>
+    </file>
+    <file>
+      <name>$PROJ_DIR$\..\..\..\..\wolfcrypt\src\pwdbased.c</name>
+    </file>
+    <file>
+      <name>$PROJ_DIR$\..\..\..\..\wolfcrypt\src\rabbit.c</name>
+    </file>
+    <file>
+      <name>$PROJ_DIR$\..\..\..\..\wolfcrypt\src\random.c</name>
+    </file>
+    <file>
+      <name>$PROJ_DIR$\..\..\..\..\wolfcrypt\src\ripemd.c</name>
+    </file>
+    <file>
+      <name>$PROJ_DIR$\..\..\..\..\wolfcrypt\src\rsa.c</name>
+    </file>
+    <file>
+      <name>$PROJ_DIR$\..\..\..\..\wolfcrypt\src\sha.c</name>
+    </file>
+    <file>
+      <name>$PROJ_DIR$\..\..\..\..\wolfcrypt\src\sha256.c</name>
+    </file>
+    <file>
+      <name>$PROJ_DIR$\..\..\..\..\wolfcrypt\src\sha512.c</name>
+    </file>
+    <file>
+      <name>$PROJ_DIR$\..\..\..\..\wolfcrypt\src\tfm.c</name>
+    </file>
+    <file>
+      <name>$PROJ_DIR$\..\..\..\..\wolfcrypt\src\wc_port.c</name>
+    </file>
+  </group>
+  <group>
+    <name>wolfSSL</name>
     <file>
       <name>$PROJ_DIR$\..\..\..\..\src\crl.c</name>
     </file>
@@ -1893,108 +2049,6 @@
       <name>$PROJ_DIR$\..\..\..\..\src\tls.c</name>
     </file>
   </group>
-  <group>
-    <name>wolfCrypt</name>
-    <file>
-      <name>$PROJ_DIR$\..\..\..\..\ctaocrypt\src\aes.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\..\..\ctaocrypt\src\arc4.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\..\..\ctaocrypt\src\asm.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\..\..\ctaocrypt\src\asn.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\..\..\ctaocrypt\src\blake2b.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\..\..\ctaocrypt\src\camellia.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\..\..\ctaocrypt\src\coding.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\..\..\ctaocrypt\src\compress.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\..\..\ctaocrypt\src\des3.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\..\..\ctaocrypt\src\dh.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\..\..\ctaocrypt\src\dsa.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\..\..\ctaocrypt\src\ecc.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\..\..\ctaocrypt\src\ecc_fp.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\..\..\ctaocrypt\src\error.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\..\..\ctaocrypt\src\hc128.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\..\..\ctaocrypt\src\hmac.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\..\..\ctaocrypt\src\integer.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\..\..\ctaocrypt\src\logging.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\..\..\ctaocrypt\src\md2.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\..\..\ctaocrypt\src\md4.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\..\..\ctaocrypt\src\md5.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\..\..\ctaocrypt\src\memory.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\..\..\ctaocrypt\src\misc.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\..\..\ctaocrypt\src\wc_port.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\..\..\ctaocrypt\src\pwdbased.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\..\..\ctaocrypt\src\rabbit.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\..\..\ctaocrypt\src\random.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\..\..\ctaocrypt\src\ripemd.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\..\..\ctaocrypt\src\rsa.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\..\..\ctaocrypt\src\sha.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\..\..\ctaocrypt\src\sha256.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\..\..\ctaocrypt\src\sha512.c</name>
-    </file>
-    <file>
-      <name>$PROJ_DIR$\..\..\..\..\ctaocrypt\src\tfm.c</name>
-    </file>
-  </group>
 </project>
 
 
diff --git a/IDE/IAR-EWARM/Projects/CyaSSL-Lib/test-main.c b/IDE/IAR-EWARM/Projects/test/test-main.c
similarity index 93%
rename from IDE/IAR-EWARM/Projects/CyaSSL-Lib/test-main.c
rename to IDE/IAR-EWARM/Projects/test/test-main.c
index 5ebfe3219..ad78746d5 100644
--- a/IDE/IAR-EWARM/Projects/CyaSSL-Lib/test-main.c
+++ b/IDE/IAR-EWARM/Projects/test/test-main.c
@@ -28,9 +28,10 @@ typedef struct func_args {
 
 func_args args = { 0 } ;
 
-extern int ctaocrypt_test(void *args) ;
+extern int wolfcrypt_test(void *args) ;
 
 main(void) {
-    ctaocrypt_test(&args) ;
+    wolfcrypt_test(&args) ;
     return 0;
 }
+
diff --git a/IDE/IAR-EWARM/Projects/test/wolfCrypt-test.ewd b/IDE/IAR-EWARM/Projects/test/wolfCrypt-test.ewd
new file mode 100644
index 000000000..3f908a2d3
--- /dev/null
+++ b/IDE/IAR-EWARM/Projects/test/wolfCrypt-test.ewd
@@ -0,0 +1,1374 @@
+<?xml version="1.0" encoding="iso-8859-1"?>
+
+<project>
+  <fileVersion>2</fileVersion>
+  <configuration>
+    <name>Debug</name>
+    <toolchain>
+      <name>ARM</name>
+    </toolchain>
+    <debug>1</debug>
+    <settings>
+      <name>C-SPY</name>
+      <archiveVersion>2</archiveVersion>
+      <data>
+        <version>26</version>
+        <wantNonLocal>1</wantNonLocal>
+        <debug>1</debug>
+        <option>
+          <name>CInput</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>CEndian</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>CProcessor</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>OCVariant</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>MacOverride</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>MacFile</name>
+          <state></state>
+        </option>
+        <option>
+          <name>MemOverride</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>MemFile</name>
+          <state></state>
+        </option>
+        <option>
+          <name>RunToEnable</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>RunToName</name>
+          <state>main</state>
+        </option>
+        <option>
+          <name>CExtraOptionsCheck</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CExtraOptions</name>
+          <state></state>
+        </option>
+        <option>
+          <name>CFpuProcessor</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>OCDDFArgumentProducer</name>
+          <state></state>
+        </option>
+        <option>
+          <name>OCDownloadSuppressDownload</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>OCDownloadVerifyAll</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>OCProductVersion</name>
+          <state>5.11.0.50579</state>
+        </option>
+        <option>
+          <name>OCDynDriverList</name>
+          <state>ARMSIM_ID</state>
+        </option>
+        <option>
+          <name>OCLastSavedByProductVersion</name>
+          <state>7.40.1.8463</state>
+        </option>
+        <option>
+          <name>OCDownloadAttachToProgram</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>UseFlashLoader</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CLowLevel</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>OCBE8Slave</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>MacFile2</name>
+          <state></state>
+        </option>
+        <option>
+          <name>CDevice</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>FlashLoadersV3</name>
+          <state>$TOOLKIT_DIR$\config\flashloader\</state>
+        </option>
+        <option>
+          <name>OCImagesSuppressCheck1</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>OCImagesPath1</name>
+          <state></state>
+        </option>
+        <option>
+          <name>OCImagesSuppressCheck2</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>OCImagesPath2</name>
+          <state></state>
+        </option>
+        <option>
+          <name>OCImagesSuppressCheck3</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>OCImagesPath3</name>
+          <state></state>
+        </option>
+        <option>
+          <name>OverrideDefFlashBoard</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>OCImagesOffset1</name>
+          <state></state>
+        </option>
+        <option>
+          <name>OCImagesOffset2</name>
+          <state></state>
+        </option>
+        <option>
+          <name>OCImagesOffset3</name>
+          <state></state>
+        </option>
+        <option>
+          <name>OCImagesUse1</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>OCImagesUse2</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>OCImagesUse3</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>OCDeviceConfigMacroFile</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>OCDebuggerExtraOption</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>OCAllMTBOptions</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>OCMulticoreNrOfCores</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>OCMulticoreMaster</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>OCMulticorePort</name>
+          <state>53461</state>
+        </option>
+        <option>
+          <name>OCMulticoreWorkspace</name>
+          <state></state>
+        </option>
+        <option>
+          <name>OCMulticoreSlaveProject</name>
+          <state></state>
+        </option>
+        <option>
+          <name>OCMulticoreSlaveConfiguration</name>
+          <state></state>
+        </option>
+      </data>
+    </settings>
+    <settings>
+      <name>ARMSIM_ID</name>
+      <archiveVersion>2</archiveVersion>
+      <data>
+        <version>1</version>
+        <wantNonLocal>1</wantNonLocal>
+        <debug>1</debug>
+        <option>
+          <name>OCSimDriverInfo</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>OCSimEnablePSP</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>OCSimPspOverrideConfig</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>OCSimPspConfigFile</name>
+          <state></state>
+        </option>
+      </data>
+    </settings>
+    <settings>
+      <name>ANGEL_ID</name>
+      <archiveVersion>2</archiveVersion>
+      <data>
+        <version>0</version>
+        <wantNonLocal>1</wantNonLocal>
+        <debug>1</debug>
+        <option>
+          <name>CCAngelHeartbeat</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>CAngelCommunication</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>CAngelCommBaud</name>
+          <version>0</version>
+          <state>3</state>
+        </option>
+        <option>
+          <name>CAngelCommPort</name>
+          <version>0</version>
+          <state>0</state>
+        </option>
+        <option>
+          <name>ANGELTCPIP</name>
+          <state>aaa.bbb.ccc.ddd</state>
+        </option>
+        <option>
+          <name>DoAngelLogfile</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>AngelLogFile</name>
+          <state>$TOOLKIT_DIR$\cspycomm.log</state>
+        </option>
+        <option>
+          <name>OCDriverInfo</name>
+          <state>1</state>
+        </option>
+      </data>
+    </settings>
+    <settings>
+      <name>CMSISDAP_ID</name>
+      <archiveVersion>2</archiveVersion>
+      <data>
+        <version>2</version>
+        <wantNonLocal>1</wantNonLocal>
+        <debug>1</debug>
+        <option>
+          <name>OCDriverInfo</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>CMSISDAPAttachSlave</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>OCIarProbeScriptFile</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>CMSISDAPResetList</name>
+          <version>1</version>
+          <state>4</state>
+        </option>
+        <option>
+          <name>CMSISDAPHWResetDuration</name>
+          <state>300</state>
+        </option>
+        <option>
+          <name>CMSISDAPHWResetDelay</name>
+          <state>200</state>
+        </option>
+        <option>
+          <name>CMSISDAPDoLogfile</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CMSISDAPLogFile</name>
+          <state>$PROJ_DIR$\cspycomm.log</state>
+        </option>
+        <option>
+          <name>CMSISDAPInterfaceRadio</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>CMSISDAPInterfaceCmdLine</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CMSISDAPMultiTargetEnable</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CMSISDAPMultiTarget</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CMSISDAPJtagSpeedList</name>
+          <version>0</version>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CMSISDAPBreakpointRadio</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CMSISDAPRestoreBreakpointsCheck</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CMSISDAPUpdateBreakpointsEdit</name>
+          <state>_call_main</state>
+        </option>
+        <option>
+          <name>RDICatchReset</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>RDICatchUndef</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>RDICatchSWI</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>RDICatchData</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>RDICatchPrefetch</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>RDICatchIRQ</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>RDICatchFIQ</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CatchCORERESET</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CatchMMERR</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>CatchNOCPERR</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>CatchCHKERR</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>CatchSTATERR</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>CatchBUSERR</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>CatchINTERR</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>CatchHARDERR</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>CatchDummy</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CMSISDAPMultiCPUEnable</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CMSISDAPMultiCPUNumber</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>OCProbeCfgOverride</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>OCProbeConfig</name>
+          <state></state>
+        </option>
+        <option>
+          <name>CMSISDAPProbeConfigRadio</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CMSISDAPSelectedCPUBehaviour</name>
+          <state></state>
+        </option>
+        <option>
+          <name>ICpuName</name>
+          <state></state>
+        </option>
+        <option>
+          <name>OCJetEmuParams</name>
+          <state>1</state>
+        </option>
+      </data>
+    </settings>
+    <settings>
+      <name>GDBSERVER_ID</name>
+      <archiveVersion>2</archiveVersion>
+      <data>
+        <version>0</version>
+        <wantNonLocal>1</wantNonLocal>
+        <debug>1</debug>
+        <option>
+          <name>OCDriverInfo</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>TCPIP</name>
+          <state>aaa.bbb.ccc.ddd</state>
+        </option>
+        <option>
+          <name>DoLogfile</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>LogFile</name>
+          <state>$TOOLKIT_DIR$\cspycomm.log</state>
+        </option>
+        <option>
+          <name>CCJTagBreakpointRadio</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CCJTagDoUpdateBreakpoints</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CCJTagUpdateBreakpoints</name>
+          <state>main</state>
+        </option>
+      </data>
+    </settings>
+    <settings>
+      <name>IARROM_ID</name>
+      <archiveVersion>2</archiveVersion>
+      <data>
+        <version>1</version>
+        <wantNonLocal>1</wantNonLocal>
+        <debug>1</debug>
+        <option>
+          <name>CRomLogFileCheck</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CRomLogFileEditB</name>
+          <state>$TOOLKIT_DIR$\cspycomm.log</state>
+        </option>
+        <option>
+          <name>CRomCommPort</name>
+          <version>0</version>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CRomCommBaud</name>
+          <version>0</version>
+          <state>7</state>
+        </option>
+        <option>
+          <name>OCDriverInfo</name>
+          <state>1</state>
+        </option>
+      </data>
+    </settings>
+    <settings>
+      <name>IJET_ID</name>
+      <archiveVersion>2</archiveVersion>
+      <data>
+        <version>6</version>
+        <wantNonLocal>1</wantNonLocal>
+        <debug>1</debug>
+        <option>
+          <name>OCDriverInfo</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>IjetAttachSlave</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>OCIarProbeScriptFile</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>IjetResetList</name>
+          <version>1</version>
+          <state>10</state>
+        </option>
+        <option>
+          <name>IjetHWResetDuration</name>
+          <state>300</state>
+        </option>
+        <option>
+          <name>IjetHWResetDelay</name>
+          <state>200</state>
+        </option>
+        <option>
+          <name>IjetPowerFromProbe</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>IjetPowerRadio</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>IjetDoLogfile</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>IjetLogFile</name>
+          <state>$PROJ_DIR$\cspycomm.log</state>
+        </option>
+        <option>
+          <name>IjetInterfaceRadio</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>IjetInterfaceCmdLine</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>IjetMultiTargetEnable</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>IjetMultiTarget</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>IjetScanChainNonARMDevices</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>IjetIRLength</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>IjetJtagSpeedList</name>
+          <version>0</version>
+          <state>0</state>
+        </option>
+        <option>
+          <name>IjetProtocolRadio</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>IjetSwoPin</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>IjetCpuClockEdit</name>
+          <state>72.0</state>
+        </option>
+        <option>
+          <name>IjetSwoPrescalerList</name>
+          <version>1</version>
+          <state>0</state>
+        </option>
+        <option>
+          <name>IjetBreakpointRadio</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>IjetRestoreBreakpointsCheck</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>IjetUpdateBreakpointsEdit</name>
+          <state>_call_main</state>
+        </option>
+        <option>
+          <name>RDICatchReset</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>RDICatchUndef</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>RDICatchSWI</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>RDICatchData</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>RDICatchPrefetch</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>RDICatchIRQ</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>RDICatchFIQ</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CatchCORERESET</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CatchMMERR</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>CatchNOCPERR</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>CatchCHKERR</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>CatchSTATERR</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>CatchBUSERR</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>CatchINTERR</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>CatchHARDERR</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>CatchDummy</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>OCProbeCfgOverride</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>OCProbeConfig</name>
+          <state></state>
+        </option>
+        <option>
+          <name>IjetProbeConfigRadio</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>IjetMultiCPUEnable</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>IjetMultiCPUNumber</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>IjetSelectedCPUBehaviour</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>ICpuName</name>
+          <state></state>
+        </option>
+        <option>
+          <name>OCJetEmuParams</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>IjetPreferETB</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>IjetTraceSettingsList</name>
+          <version>0</version>
+          <state>0</state>
+        </option>
+        <option>
+          <name>IjetTraceSizeList</name>
+          <version>0</version>
+          <state>2</state>
+        </option>
+        <option>
+          <name>FlashBoardPathSlave</name>
+          <state>0</state>
+        </option>
+      </data>
+    </settings>
+    <settings>
+      <name>JLINK_ID</name>
+      <archiveVersion>2</archiveVersion>
+      <data>
+        <version>15</version>
+        <wantNonLocal>1</wantNonLocal>
+        <debug>1</debug>
+        <option>
+          <name>JLinkSpeed</name>
+          <state>32</state>
+        </option>
+        <option>
+          <name>CCJLinkDoLogfile</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CCJLinkLogFile</name>
+          <state>$TOOLKIT_DIR$\cspycomm.log</state>
+        </option>
+        <option>
+          <name>CCJLinkHWResetDelay</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>OCDriverInfo</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>JLinkInitialSpeed</name>
+          <state>32</state>
+        </option>
+        <option>
+          <name>CCDoJlinkMultiTarget</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CCScanChainNonARMDevices</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CCJLinkMultiTarget</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CCJLinkIRLength</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CCJLinkCommRadio</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CCJLinkTCPIP</name>
+          <state>aaa.bbb.ccc.ddd</state>
+        </option>
+        <option>
+          <name>CCJLinkSpeedRadioV2</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CCUSBDevice</name>
+          <version>1</version>
+          <state>1</state>
+        </option>
+        <option>
+          <name>CCRDICatchReset</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CCRDICatchUndef</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CCRDICatchSWI</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CCRDICatchData</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CCRDICatchPrefetch</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CCRDICatchIRQ</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CCRDICatchFIQ</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CCJLinkBreakpointRadio</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CCJLinkDoUpdateBreakpoints</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CCJLinkUpdateBreakpoints</name>
+          <state>main</state>
+        </option>
+        <option>
+          <name>CCJLinkInterfaceRadio</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>OCJLinkAttachSlave</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>CCJLinkResetList</name>
+          <version>6</version>
+          <state>5</state>
+        </option>
+        <option>
+          <name>CCJLinkInterfaceCmdLine</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CCCatchCORERESET</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CCCatchMMERR</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CCCatchNOCPERR</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CCCatchCHRERR</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CCCatchSTATERR</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CCCatchBUSERR</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CCCatchINTERR</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CCCatchHARDERR</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CCCatchDummy</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>OCJLinkScriptFile</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>CCJLinkUsbSerialNo</name>
+          <state></state>
+        </option>
+        <option>
+          <name>CCTcpIpAlt</name>
+          <version>0</version>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CCJLinkTcpIpSerialNo</name>
+          <state></state>
+        </option>
+        <option>
+          <name>CCCpuClockEdit</name>
+          <state>72.0</state>
+        </option>
+        <option>
+          <name>CCSwoClockAuto</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CCSwoClockEdit</name>
+          <state>2000</state>
+        </option>
+        <option>
+          <name>OCJLinkTraceSource</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>OCJLinkTraceSourceDummy</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>OCJLinkDeviceName</name>
+          <state>1</state>
+        </option>
+      </data>
+    </settings>
+    <settings>
+      <name>LMIFTDI_ID</name>
+      <archiveVersion>2</archiveVersion>
+      <data>
+        <version>2</version>
+        <wantNonLocal>1</wantNonLocal>
+        <debug>1</debug>
+        <option>
+          <name>OCDriverInfo</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>LmiftdiSpeed</name>
+          <state>500</state>
+        </option>
+        <option>
+          <name>CCLmiftdiDoLogfile</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CCLmiftdiLogFile</name>
+          <state>$TOOLKIT_DIR$\cspycomm.log</state>
+        </option>
+        <option>
+          <name>CCLmiFtdiInterfaceRadio</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CCLmiFtdiInterfaceCmdLine</name>
+          <state>0</state>
+        </option>
+      </data>
+    </settings>
+    <settings>
+      <name>MACRAIGOR_ID</name>
+      <archiveVersion>2</archiveVersion>
+      <data>
+        <version>3</version>
+        <wantNonLocal>1</wantNonLocal>
+        <debug>1</debug>
+        <option>
+          <name>jtag</name>
+          <version>0</version>
+          <state>0</state>
+        </option>
+        <option>
+          <name>EmuSpeed</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>TCPIP</name>
+          <state>aaa.bbb.ccc.ddd</state>
+        </option>
+        <option>
+          <name>DoLogfile</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>LogFile</name>
+          <state>$TOOLKIT_DIR$\cspycomm.log</state>
+        </option>
+        <option>
+          <name>DoEmuMultiTarget</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>EmuMultiTarget</name>
+          <state>0@ARM7TDMI</state>
+        </option>
+        <option>
+          <name>EmuHWReset</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CEmuCommBaud</name>
+          <version>0</version>
+          <state>4</state>
+        </option>
+        <option>
+          <name>CEmuCommPort</name>
+          <version>0</version>
+          <state>0</state>
+        </option>
+        <option>
+          <name>jtago</name>
+          <version>0</version>
+          <state>0</state>
+        </option>
+        <option>
+          <name>OCDriverInfo</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>UnusedAddr</name>
+          <state>0x00800000</state>
+        </option>
+        <option>
+          <name>CCMacraigorHWResetDelay</name>
+          <state></state>
+        </option>
+        <option>
+          <name>CCJTagBreakpointRadio</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CCJTagDoUpdateBreakpoints</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CCJTagUpdateBreakpoints</name>
+          <state>main</state>
+        </option>
+        <option>
+          <name>CCMacraigorInterfaceRadio</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CCMacraigorInterfaceCmdLine</name>
+          <state>0</state>
+        </option>
+      </data>
+    </settings>
+    <settings>
+      <name>PEMICRO_ID</name>
+      <archiveVersion>2</archiveVersion>
+      <data>
+        <version>1</version>
+        <wantNonLocal>1</wantNonLocal>
+        <debug>1</debug>
+        <option>
+          <name>OCDriverInfo</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>OCPEMicroAttachSlave</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>CCPEMicroInterfaceList</name>
+          <version>0</version>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CCPEMicroResetDelay</name>
+          <state></state>
+        </option>
+        <option>
+          <name>CCPEMicroJtagSpeed</name>
+          <state>#UNINITIALIZED#</state>
+        </option>
+        <option>
+          <name>CCJPEMicroShowSettings</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>DoLogfile</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>LogFile</name>
+          <state>$PROJ_DIR$\cspycomm.log</state>
+        </option>
+        <option>
+          <name>CCPEMicroUSBDevice</name>
+          <version>0</version>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CCPEMicroSerialPort</name>
+          <version>0</version>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CCJPEMicroTCPIPAutoScanNetwork</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>CCPEMicroTCPIP</name>
+          <state>10.0.0.1</state>
+        </option>
+        <option>
+          <name>CCPEMicroCommCmdLineProducer</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CCSTLinkInterfaceRadio</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CCSTLinkInterfaceCmdLine</name>
+          <state>0</state>
+        </option>
+      </data>
+    </settings>
+    <settings>
+      <name>RDI_ID</name>
+      <archiveVersion>2</archiveVersion>
+      <data>
+        <version>2</version>
+        <wantNonLocal>1</wantNonLocal>
+        <debug>1</debug>
+        <option>
+          <name>CRDIDriverDll</name>
+          <state>Browse to your RDI driver</state>
+        </option>
+        <option>
+          <name>CRDILogFileCheck</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CRDILogFileEdit</name>
+          <state>$TOOLKIT_DIR$\cspycomm.log</state>
+        </option>
+        <option>
+          <name>CCRDIHWReset</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CCRDICatchReset</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CCRDICatchUndef</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CCRDICatchSWI</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CCRDICatchData</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CCRDICatchPrefetch</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CCRDICatchIRQ</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CCRDICatchFIQ</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>OCDriverInfo</name>
+          <state>1</state>
+        </option>
+      </data>
+    </settings>
+    <settings>
+      <name>STLINK_ID</name>
+      <archiveVersion>2</archiveVersion>
+      <data>
+        <version>2</version>
+        <wantNonLocal>1</wantNonLocal>
+        <debug>1</debug>
+        <option>
+          <name>OCDriverInfo</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>CCSTLinkInterfaceRadio</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CCSTLinkInterfaceCmdLine</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CCSTLinkResetList</name>
+          <version>1</version>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CCCpuClockEdit</name>
+          <state>72.0</state>
+        </option>
+        <option>
+          <name>CCSwoClockAuto</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CCSwoClockEdit</name>
+          <state>2000</state>
+        </option>
+      </data>
+    </settings>
+    <settings>
+      <name>THIRDPARTY_ID</name>
+      <archiveVersion>2</archiveVersion>
+      <data>
+        <version>0</version>
+        <wantNonLocal>1</wantNonLocal>
+        <debug>1</debug>
+        <option>
+          <name>CThirdPartyDriverDll</name>
+          <state>Browse to your third-party driver</state>
+        </option>
+        <option>
+          <name>CThirdPartyLogFileCheck</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CThirdPartyLogFileEditB</name>
+          <state>$TOOLKIT_DIR$\cspycomm.log</state>
+        </option>
+        <option>
+          <name>OCDriverInfo</name>
+          <state>1</state>
+        </option>
+      </data>
+    </settings>
+    <settings>
+      <name>XDS100_ID</name>
+      <archiveVersion>2</archiveVersion>
+      <data>
+        <version>2</version>
+        <wantNonLocal>1</wantNonLocal>
+        <debug>1</debug>
+        <option>
+          <name>OCDriverInfo</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>OCXDS100AttachSlave</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>TIPackageOverride</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>TIPackage</name>
+          <state></state>
+        </option>
+        <option>
+          <name>CCXds100InterfaceList</name>
+          <version>2</version>
+          <state>0</state>
+        </option>
+        <option>
+          <name>BoardFile</name>
+          <state></state>
+        </option>
+        <option>
+          <name>DoLogfile</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>LogFile</name>
+          <state>$PROJ_DIR$\cspycomm.log</state>
+        </option>
+      </data>
+    </settings>
+    <debuggerPlugins>
+      <plugin>
+        <file>$TOOLKIT_DIR$\plugins\middleware\HCCWare\HCCWare.ewplugin</file>
+        <loadFlag>0</loadFlag>
+      </plugin>
+      <plugin>
+        <file>$TOOLKIT_DIR$\plugins\rtos\AVIX\AVIX.ENU.ewplugin</file>
+        <loadFlag>0</loadFlag>
+      </plugin>
+      <plugin>
+        <file>$TOOLKIT_DIR$\plugins\rtos\CMX\CmxArmPlugin.ENU.ewplugin</file>
+        <loadFlag>0</loadFlag>
+      </plugin>
+      <plugin>
+        <file>$TOOLKIT_DIR$\plugins\rtos\CMX\CmxTinyArmPlugin.ENU.ewplugin</file>
+        <loadFlag>0</loadFlag>
+      </plugin>
+      <plugin>
+        <file>$TOOLKIT_DIR$\plugins\rtos\embOS\embOSPlugin.ewplugin</file>
+        <loadFlag>0</loadFlag>
+      </plugin>
+      <plugin>
+        <file>$TOOLKIT_DIR$\plugins\rtos\MQX\MQXRtosPlugin.ewplugin</file>
+        <loadFlag>0</loadFlag>
+      </plugin>
+      <plugin>
+        <file>$TOOLKIT_DIR$\plugins\rtos\OpenRTOS\OpenRTOSPlugin.ewplugin</file>
+        <loadFlag>0</loadFlag>
+      </plugin>
+      <plugin>
+        <file>$TOOLKIT_DIR$\plugins\rtos\Quadros\Quadros_EWB7_Plugin.ewplugin</file>
+        <loadFlag>0</loadFlag>
+      </plugin>
+      <plugin>
+        <file>$TOOLKIT_DIR$\plugins\rtos\SafeRTOS\SafeRTOSPlugin.ewplugin</file>
+        <loadFlag>0</loadFlag>
+      </plugin>
+      <plugin>
+        <file>$TOOLKIT_DIR$\plugins\rtos\ThreadX\ThreadXArmPlugin.ENU.ewplugin</file>
+        <loadFlag>0</loadFlag>
+      </plugin>
+      <plugin>
+        <file>$TOOLKIT_DIR$\plugins\rtos\TI-RTOS\tirtosplugin.ewplugin</file>
+        <loadFlag>0</loadFlag>
+      </plugin>
+      <plugin>
+        <file>$TOOLKIT_DIR$\plugins\rtos\uCOS-II\uCOS-II-286-KA-CSpy.ewplugin</file>
+        <loadFlag>0</loadFlag>
+      </plugin>
+      <plugin>
+        <file>$TOOLKIT_DIR$\plugins\rtos\uCOS-II\uCOS-II-KA-CSpy.ewplugin</file>
+        <loadFlag>0</loadFlag>
+      </plugin>
+      <plugin>
+        <file>$TOOLKIT_DIR$\plugins\rtos\uCOS-III\uCOS-III-KA-CSpy.ewplugin</file>
+        <loadFlag>0</loadFlag>
+      </plugin>
+      <plugin>
+        <file>$EW_DIR$\common\plugins\CodeCoverage\CodeCoverage.ENU.ewplugin</file>
+        <loadFlag>1</loadFlag>
+      </plugin>
+      <plugin>
+        <file>$EW_DIR$\common\plugins\Orti\Orti.ENU.ewplugin</file>
+        <loadFlag>0</loadFlag>
+      </plugin>
+      <plugin>
+        <file>$EW_DIR$\common\plugins\SymList\SymList.ENU.ewplugin</file>
+        <loadFlag>1</loadFlag>
+      </plugin>
+      <plugin>
+        <file>$EW_DIR$\common\plugins\uCProbe\uCProbePlugin.ENU.ewplugin</file>
+        <loadFlag>0</loadFlag>
+      </plugin>
+    </debuggerPlugins>
+  </configuration>
+</project>
+
+
diff --git a/IDE/IAR-EWARM/Projects/test/wolfCrypt-test.ewp b/IDE/IAR-EWARM/Projects/test/wolfCrypt-test.ewp
new file mode 100644
index 000000000..ec45ce948
--- /dev/null
+++ b/IDE/IAR-EWARM/Projects/test/wolfCrypt-test.ewp
@@ -0,0 +1,978 @@
+<?xml version="1.0" encoding="iso-8859-1"?>
+
+<project>
+  <fileVersion>2</fileVersion>
+  <configuration>
+    <name>Debug</name>
+    <toolchain>
+      <name>ARM</name>
+    </toolchain>
+    <debug>1</debug>
+    <settings>
+      <name>General</name>
+      <archiveVersion>3</archiveVersion>
+      <data>
+        <version>22</version>
+        <wantNonLocal>1</wantNonLocal>
+        <debug>1</debug>
+        <option>
+          <name>ExePath</name>
+          <state>ewarm\Exe</state>
+        </option>
+        <option>
+          <name>ObjPath</name>
+          <state>ewarm\Obj</state>
+        </option>
+        <option>
+          <name>ListPath</name>
+          <state>ewarm\List</state>
+        </option>
+        <option>
+          <name>Variant</name>
+          <version>21</version>
+          <state>40</state>
+        </option>
+        <option>
+          <name>GEndianMode</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>Input variant</name>
+          <version>3</version>
+          <state>6</state>
+        </option>
+        <option>
+          <name>Input description</name>
+          <state>No specifier n, no float nor long long, no scan set, no assignment suppressing.</state>
+        </option>
+        <option>
+          <name>Output variant</name>
+          <version>2</version>
+          <state>4</state>
+        </option>
+        <option>
+          <name>Output description</name>
+          <state>No specifier a, A, without multibyte support.</state>
+        </option>
+        <option>
+          <name>GOutputBinary</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>FPU</name>
+          <version>4</version>
+          <state>6</state>
+        </option>
+        <option>
+          <name>OGCoreOrChip</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>GRuntimeLibSelect</name>
+          <version>0</version>
+          <state>1</state>
+        </option>
+        <option>
+          <name>GRuntimeLibSelectSlave</name>
+          <version>0</version>
+          <state>1</state>
+        </option>
+        <option>
+          <name>RTDescription</name>
+          <state>Use the normal configuration of the C/C++ runtime library. No locale interface, C locale, no file descriptor support, no multibytes in printf and scanf, and no hex floats in strtod.</state>
+        </option>
+        <option>
+          <name>OGProductVersion</name>
+          <state>5.11.0.50579</state>
+        </option>
+        <option>
+          <name>OGLastSavedByProductVersion</name>
+          <state>7.40.1.8463</state>
+        </option>
+        <option>
+          <name>GeneralEnableMisra</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>GeneralMisraVerbose</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>OGChipSelectEditMenu</name>
+          <state>Default	None</state>
+        </option>
+        <option>
+          <name>GenLowLevelInterface</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>GEndianModeBE</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>OGBufferedTerminalOutput</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>GenStdoutInterface</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>GeneralMisraRules98</name>
+          <version>0</version>
+          <state>1000111110110101101110011100111111101110011011000101110111101101100111111111111100110011111001110111001111111111111111111111111</state>
+        </option>
+        <option>
+          <name>GeneralMisraVer</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>GeneralMisraRules04</name>
+          <version>0</version>
+          <state>111101110010111111111000110111111111111111111111111110010111101111010101111111111111111111111111101111111011111001111011111011111111111111111</state>
+        </option>
+        <option>
+          <name>RTConfigPath2</name>
+          <state>$TOOLKIT_DIR$\INC\c\DLib_Config_Normal.h</state>
+        </option>
+        <option>
+          <name>GFPUCoreSlave</name>
+          <version>21</version>
+          <state>40</state>
+        </option>
+        <option>
+          <name>GBECoreSlave</name>
+          <version>21</version>
+          <state>40</state>
+        </option>
+        <option>
+          <name>OGUseCmsis</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>OGUseCmsisDspLib</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>GRuntimeLibThreads</name>
+          <state>0</state>
+        </option>
+      </data>
+    </settings>
+    <settings>
+      <name>ICCARM</name>
+      <archiveVersion>2</archiveVersion>
+      <data>
+        <version>31</version>
+        <wantNonLocal>1</wantNonLocal>
+        <debug>1</debug>
+        <option>
+          <name>CCDefines</name>
+          <state>ewarm</state>
+          <state>PART_TM4C129XNCZAD</state>
+          <state>WOLFSSL_USER_SETTINGS</state>
+          <state>TARGET_IS_SNOWFLAKE_RA0</state>
+        </option>
+        <option>
+          <name>CCPreprocFile</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CCPreprocComments</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CCPreprocLine</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CCListCFile</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CCListCMnemonics</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CCListCMessages</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CCListAssFile</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CCListAssSource</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CCEnableRemarks</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CCDiagSuppress</name>
+          <state>Pa050</state>
+        </option>
+        <option>
+          <name>CCDiagRemark</name>
+          <state></state>
+        </option>
+        <option>
+          <name>CCDiagWarning</name>
+          <state></state>
+        </option>
+        <option>
+          <name>CCDiagError</name>
+          <state></state>
+        </option>
+        <option>
+          <name>CCObjPrefix</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>CCAllowList</name>
+          <version>1</version>
+          <state>11111110</state>
+        </option>
+        <option>
+          <name>CCDebugInfo</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>IEndianMode</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>IProcessor</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>IExtraOptionsCheck</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>IExtraOptions</name>
+          <state></state>
+        </option>
+        <option>
+          <name>CCLangConformance</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CCSignedPlainChar</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>CCRequirePrototypes</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CCMultibyteSupport</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CCDiagWarnAreErr</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CCCompilerRuntimeInfo</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>IFpuProcessor</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>OutputFile</name>
+          <state>$FILE_BNAME$.o</state>
+        </option>
+        <option>
+          <name>CCLibConfigHeader</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>PreInclude</name>
+          <state></state>
+        </option>
+        <option>
+          <name>CompilerMisraOverride</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CCIncludePath2</name>
+          <state>$PROJ_DIR$\..\..\..\..</state>
+          <state>$PROJ_DIR$\..\</state>
+          <state>$PROJ_DIR$\..\..\..\..\..</state>
+        </option>
+        <option>
+          <name>CCStdIncCheck</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CCCodeSection</name>
+          <state>.text</state>
+        </option>
+        <option>
+          <name>IInterwork2</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>IProcessorMode2</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>CCOptLevel</name>
+          <state>3</state>
+        </option>
+        <option>
+          <name>CCOptStrategy</name>
+          <version>0</version>
+          <state>1</state>
+        </option>
+        <option>
+          <name>CCOptLevelSlave</name>
+          <state>3</state>
+        </option>
+        <option>
+          <name>CompilerMisraRules98</name>
+          <version>0</version>
+          <state>1000111110110101101110011100111111101110011011000101110111101101100111111111111100110011111001110111001111111111111111111111111</state>
+        </option>
+        <option>
+          <name>CompilerMisraRules04</name>
+          <version>0</version>
+          <state>111101110010111111111000110111111111111111111111111110010111101111010101111111111111111111111111101111111011111001111011111011111111111111111</state>
+        </option>
+        <option>
+          <name>CCPosIndRopi</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CCPosIndRwpi</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CCPosIndNoDynInit</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>IccLang</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>IccCDialect</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>IccAllowVLA</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>IccCppDialect</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>IccExceptions</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>IccRTTI</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>IccStaticDestr</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>IccCppInlineSemantics</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>IccCmsis</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>IccFloatSemantics</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CCOptimizationNoSizeConstraints</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CCNoLiteralPool</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CCOptStrategySlave</name>
+          <version>0</version>
+          <state>1</state>
+        </option>
+        <option>
+          <name>CCGuardCalls</name>
+          <state>1</state>
+        </option>
+      </data>
+    </settings>
+    <settings>
+      <name>AARM</name>
+      <archiveVersion>2</archiveVersion>
+      <data>
+        <version>9</version>
+        <wantNonLocal>1</wantNonLocal>
+        <debug>1</debug>
+        <option>
+          <name>AObjPrefix</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>AEndian</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>ACaseSensitivity</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>MacroChars</name>
+          <version>0</version>
+          <state>0</state>
+        </option>
+        <option>
+          <name>AWarnEnable</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>AWarnWhat</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>AWarnOne</name>
+          <state></state>
+        </option>
+        <option>
+          <name>AWarnRange1</name>
+          <state></state>
+        </option>
+        <option>
+          <name>AWarnRange2</name>
+          <state></state>
+        </option>
+        <option>
+          <name>ADebug</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>AltRegisterNames</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>ADefines</name>
+          <state>ewarm</state>
+        </option>
+        <option>
+          <name>AList</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>AListHeader</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>AListing</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>Includes</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>MacDefs</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>MacExps</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>MacExec</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>OnlyAssed</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>MultiLine</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>PageLengthCheck</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>PageLength</name>
+          <state>80</state>
+        </option>
+        <option>
+          <name>TabSpacing</name>
+          <state>8</state>
+        </option>
+        <option>
+          <name>AXRef</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>AXRefDefines</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>AXRefInternal</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>AXRefDual</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>AProcessor</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>AFpuProcessor</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>AOutputFile</name>
+          <state>$FILE_BNAME$.o</state>
+        </option>
+        <option>
+          <name>AMultibyteSupport</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>ALimitErrorsCheck</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>ALimitErrorsEdit</name>
+          <state>100</state>
+        </option>
+        <option>
+          <name>AIgnoreStdInclude</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>AUserIncludes</name>
+          <state>$PROJ_DIR$\..\..\..\..</state>
+        </option>
+        <option>
+          <name>AExtraOptionsCheckV2</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>AExtraOptionsV2</name>
+          <state></state>
+        </option>
+        <option>
+          <name>AsmNoLiteralPool</name>
+          <state>0</state>
+        </option>
+      </data>
+    </settings>
+    <settings>
+      <name>OBJCOPY</name>
+      <archiveVersion>0</archiveVersion>
+      <data>
+        <version>1</version>
+        <wantNonLocal>1</wantNonLocal>
+        <debug>1</debug>
+        <option>
+          <name>OOCOutputFormat</name>
+          <version>2</version>
+          <state>2</state>
+        </option>
+        <option>
+          <name>OCOutputOverride</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>OOCOutputFile</name>
+          <state>wolfCrypt-test.bin</state>
+        </option>
+        <option>
+          <name>OOCCommandLineProducer</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>OOCObjCopyEnable</name>
+          <state>1</state>
+        </option>
+      </data>
+    </settings>
+    <settings>
+      <name>CUSTOM</name>
+      <archiveVersion>3</archiveVersion>
+      <data>
+        <extensions></extensions>
+        <cmdline></cmdline>
+        <hasPrio>0</hasPrio>
+      </data>
+    </settings>
+    <settings>
+      <name>BICOMP</name>
+      <archiveVersion>0</archiveVersion>
+      <data/>
+    </settings>
+    <settings>
+      <name>BUILDACTION</name>
+      <archiveVersion>1</archiveVersion>
+      <data>
+        <prebuild></prebuild>
+        <postbuild></postbuild>
+      </data>
+    </settings>
+    <settings>
+      <name>ILINK</name>
+      <archiveVersion>0</archiveVersion>
+      <data>
+        <version>16</version>
+        <wantNonLocal>1</wantNonLocal>
+        <debug>1</debug>
+        <option>
+          <name>IlinkLibIOConfig</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>XLinkMisraHandler</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>IlinkInputFileSlave</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>IlinkOutputFile</name>
+          <state>test.out</state>
+        </option>
+        <option>
+          <name>IlinkDebugInfoEnable</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>IlinkKeepSymbols</name>
+          <state></state>
+        </option>
+        <option>
+          <name>IlinkRawBinaryFile</name>
+          <state></state>
+        </option>
+        <option>
+          <name>IlinkRawBinarySymbol</name>
+          <state></state>
+        </option>
+        <option>
+          <name>IlinkRawBinarySegment</name>
+          <state></state>
+        </option>
+        <option>
+          <name>IlinkRawBinaryAlign</name>
+          <state></state>
+        </option>
+        <option>
+          <name>IlinkDefines</name>
+          <state></state>
+        </option>
+        <option>
+          <name>IlinkConfigDefines</name>
+          <state></state>
+        </option>
+        <option>
+          <name>IlinkMapFile</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>IlinkLogFile</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>IlinkLogInitialization</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>IlinkLogModule</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>IlinkLogSection</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>IlinkLogVeneer</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>IlinkIcfOverride</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>IlinkIcfFile</name>
+          <state>$PROJ_DIR$\..\common\wolfssl.icf</state>
+        </option>
+        <option>
+          <name>IlinkIcfFileSlave</name>
+          <state></state>
+        </option>
+        <option>
+          <name>IlinkEnableRemarks</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>IlinkSuppressDiags</name>
+          <state></state>
+        </option>
+        <option>
+          <name>IlinkTreatAsRem</name>
+          <state></state>
+        </option>
+        <option>
+          <name>IlinkTreatAsWarn</name>
+          <state></state>
+        </option>
+        <option>
+          <name>IlinkTreatAsErr</name>
+          <state></state>
+        </option>
+        <option>
+          <name>IlinkWarningsAreErrors</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>IlinkUseExtraOptions</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>IlinkExtraOptions</name>
+          <state></state>
+        </option>
+        <option>
+          <name>IlinkLowLevelInterfaceSlave</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>IlinkAutoLibEnable</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>IlinkAdditionalLibs</name>
+          <state></state>
+        </option>
+        <option>
+          <name>IlinkOverrideProgramEntryLabel</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>IlinkProgramEntryLabelSelect</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>IlinkProgramEntryLabel</name>
+          <state>__iar_program_start</state>
+        </option>
+        <option>
+          <name>DoFill</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>FillerByte</name>
+          <state>0xFF</state>
+        </option>
+        <option>
+          <name>FillerStart</name>
+          <state>0x0</state>
+        </option>
+        <option>
+          <name>FillerEnd</name>
+          <state>0x0</state>
+        </option>
+        <option>
+          <name>CrcSize</name>
+          <version>0</version>
+          <state>1</state>
+        </option>
+        <option>
+          <name>CrcAlign</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>CrcPoly</name>
+          <state>0x11021</state>
+        </option>
+        <option>
+          <name>CrcCompl</name>
+          <version>0</version>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CrcBitOrder</name>
+          <version>0</version>
+          <state>0</state>
+        </option>
+        <option>
+          <name>CrcInitialValue</name>
+          <state>0x0</state>
+        </option>
+        <option>
+          <name>DoCrc</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>IlinkBE8Slave</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>IlinkBufferedTerminalOutput</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>IlinkStdoutInterfaceSlave</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>CrcFullSize</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>IlinkIElfToolPostProcess</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>IlinkLogAutoLibSelect</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>IlinkLogRedirSymbols</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>IlinkLogUnusedFragments</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>IlinkCrcReverseByteOrder</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>IlinkCrcUseAsInput</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>IlinkOptInline</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>IlinkOptExceptionsAllow</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>IlinkOptExceptionsForce</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>IlinkCmsis</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>IlinkOptMergeDuplSections</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>IlinkOptUseVfe</name>
+          <state>1</state>
+        </option>
+        <option>
+          <name>IlinkOptForceVfe</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>IlinkStackAnalysisEnable</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>IlinkStackControlFile</name>
+          <state></state>
+        </option>
+        <option>
+          <name>IlinkStackCallGraphFile</name>
+          <state></state>
+        </option>
+        <option>
+          <name>CrcAlgorithm</name>
+          <version>0</version>
+          <state>1</state>
+        </option>
+        <option>
+          <name>CrcUnitSize</name>
+          <version>0</version>
+          <state>0</state>
+        </option>
+        <option>
+          <name>IlinkThreadsSlave</name>
+          <state>1</state>
+        </option>
+      </data>
+    </settings>
+    <settings>
+      <name>IARCHIVE</name>
+      <archiveVersion>0</archiveVersion>
+      <data>
+        <version>0</version>
+        <wantNonLocal>1</wantNonLocal>
+        <debug>1</debug>
+        <option>
+          <name>IarchiveInputs</name>
+          <state></state>
+        </option>
+        <option>
+          <name>IarchiveOverride</name>
+          <state>0</state>
+        </option>
+        <option>
+          <name>IarchiveOutput</name>
+          <state>###Unitialized###</state>
+        </option>
+      </data>
+    </settings>
+    <settings>
+      <name>BILINK</name>
+      <archiveVersion>0</archiveVersion>
+      <data/>
+    </settings>
+  </configuration>
+  <group>
+    <name>Config</name>
+    <file>
+      <name>$PROJ_DIR$\..\user_settings.h</name>
+    </file>
+  </group>
+  <group>
+    <name>Lib</name>
+    <file>
+      <name>$PROJ_DIR$\..\lib\ewarm\Exe\wolfSSL-Lib.a</name>
+    </file>
+  </group>
+  <group>
+    <name>Source</name>
+    <file>
+      <name>$PROJ_DIR$\..\common\minimum-startup.c</name>
+    </file>
+    <file>
+      <name>$PROJ_DIR$\test-main.c</name>
+    </file>
+    <file>
+      <name>$PROJ_DIR$\..\..\..\..\wolfcrypt\test\test.c</name>
+    </file>
+  </group>
+</project>
+
+
diff --git a/IDE/IAR-EWARM/Projects/user_settings.h b/IDE/IAR-EWARM/Projects/user_settings.h
new file mode 100644
index 000000000..5e4f36e9a
--- /dev/null
+++ b/IDE/IAR-EWARM/Projects/user_settings.h
@@ -0,0 +1,14 @@
+
+#define NO_MAIN_DRIVER
+#define BENCH_EMBEDDED
+#define SINGLE_THREADED
+#define NO_FILESYSTEM
+#define NO_WRITEV
+#define WOLFSSL_USER_IO
+#define NO_DEV_RANDOM
+#define USE_CERT_BUFFERS_2048
+#define WOLFSSL_USER_CURRTIME
+
+#define CUSTOM_RAND_GENERATE custom_rand_generate
+/*  warning "write a real random seed!!!!, just for testing now"   */
+static int custom_rand_generate(void) { return 0 ; }
\ No newline at end of file
diff --git a/IDE/IAR-EWARM/Projects/wolfssl.eww b/IDE/IAR-EWARM/Projects/wolfssl.eww
new file mode 100644
index 000000000..b080e4115
--- /dev/null
+++ b/IDE/IAR-EWARM/Projects/wolfssl.eww
@@ -0,0 +1,224 @@
+<?xml version="1.0" encoding="iso-8859-1"?>
+
+<workspace>
+  <project>
+    <path>$WS_DIR$\benchmark\wolfCrypt-benchmark.ewp</path>
+  </project>
+  <project>
+    <path>$WS_DIR$\test\wolfCrypt-test.ewp</path>
+  </project>
+  <project>
+    <path>$WS_DIR$\lib\wolfSSL-Lib.ewp</path>
+  </project>
+  <batchBuild>
+    <batchDefinition>
+      <name>All Examples</name>
+      <member>
+        <project>driverlib</project>
+        <configuration>Debug</configuration>
+      </member>
+      <member>
+        <project>grlib</project>
+        <configuration>Debug</configuration>
+      </member>
+      <member>
+        <project>usblib</project>
+        <configuration>Debug</configuration>
+      </member>
+      <member>
+        <project>aes128_cbc_decrypt</project>
+        <configuration>Debug</configuration>
+      </member>
+      <member>
+        <project>aes128_cbc_encrypt</project>
+        <configuration>Debug</configuration>
+      </member>
+      <member>
+        <project>aes128_ccm_decrypt</project>
+        <configuration>Debug</configuration>
+      </member>
+      <member>
+        <project>aes128_ccm_encrypt</project>
+        <configuration>Debug</configuration>
+      </member>
+      <member>
+        <project>aes128_cmac</project>
+        <configuration>Debug</configuration>
+      </member>
+      <member>
+        <project>aes128_ecb_decrypt</project>
+        <configuration>Debug</configuration>
+      </member>
+      <member>
+        <project>aes128_ecb_encrypt</project>
+        <configuration>Debug</configuration>
+      </member>
+      <member>
+        <project>aes128_gcm_decrypt</project>
+        <configuration>Debug</configuration>
+      </member>
+      <member>
+        <project>aes128_gcm_encrypt</project>
+        <configuration>Debug</configuration>
+      </member>
+      <member>
+        <project>bitband</project>
+        <configuration>Debug</configuration>
+      </member>
+      <member>
+        <project>blinky</project>
+        <configuration>Debug</configuration>
+      </member>
+      <member>
+        <project>boot_demo_uart</project>
+        <configuration>Debug</configuration>
+      </member>
+      <member>
+        <project>boot_demo_usb</project>
+        <configuration>Debug</configuration>
+      </member>
+      <member>
+        <project>calibrate</project>
+        <configuration>Debug</configuration>
+      </member>
+      <member>
+        <project>crc32</project>
+        <configuration>Debug</configuration>
+      </member>
+      <member>
+        <project>enet_io</project>
+        <configuration>Debug</configuration>
+      </member>
+      <member>
+        <project>enet_lwip</project>
+        <configuration>Debug</configuration>
+      </member>
+      <member>
+        <project>enet_uip</project>
+        <configuration>Debug</configuration>
+      </member>
+      <member>
+        <project>fontview</project>
+        <configuration>Debug</configuration>
+      </member>
+      <member>
+        <project>gpio_jtag</project>
+        <configuration>Debug</configuration>
+      </member>
+      <member>
+        <project>grlib_demo</project>
+        <configuration>Debug</configuration>
+      </member>
+      <member>
+        <project>hello</project>
+        <configuration>Debug</configuration>
+      </member>
+      <member>
+        <project>hello_widget</project>
+        <configuration>Debug</configuration>
+      </member>
+      <member>
+        <project>hibernate</project>
+        <configuration>Debug</configuration>
+      </member>
+      <member>
+        <project>interrupts</project>
+        <configuration>Debug</configuration>
+      </member>
+      <member>
+        <project>lang_demo</project>
+        <configuration>Debug</configuration>
+      </member>
+      <member>
+        <project>mpu_fault</project>
+        <configuration>Debug</configuration>
+      </member>
+      <member>
+        <project>qs_weather</project>
+        <configuration>Debug</configuration>
+      </member>
+      <member>
+        <project>scribble</project>
+        <configuration>Debug</configuration>
+      </member>
+      <member>
+        <project>sd_card</project>
+        <configuration>Debug</configuration>
+      </member>
+      <member>
+        <project>sha1_hash</project>
+        <configuration>Debug</configuration>
+      </member>
+      <member>
+        <project>sha1_hmac</project>
+        <configuration>Debug</configuration>
+      </member>
+      <member>
+        <project>synth</project>
+        <configuration>Debug</configuration>
+      </member>
+      <member>
+        <project>tamper</project>
+        <configuration>Debug</configuration>
+      </member>
+      <member>
+        <project>tdes_cbc_decrypt</project>
+        <configuration>Debug</configuration>
+      </member>
+      <member>
+        <project>tdes_cbc_encrypt</project>
+        <configuration>Debug</configuration>
+      </member>
+      <member>
+        <project>timers</project>
+        <configuration>Debug</configuration>
+      </member>
+      <member>
+        <project>uart_echo</project>
+        <configuration>Debug</configuration>
+      </member>
+      <member>
+        <project>udma_demo</project>
+        <configuration>Debug</configuration>
+      </member>
+      <member>
+        <project>usb_dev_bulk</project>
+        <configuration>Debug</configuration>
+      </member>
+      <member>
+        <project>usb_dev_keyboard</project>
+        <configuration>Debug</configuration>
+      </member>
+      <member>
+        <project>usb_dev_msc</project>
+        <configuration>Debug</configuration>
+      </member>
+      <member>
+        <project>usb_host_hub</project>
+        <configuration>Debug</configuration>
+      </member>
+      <member>
+        <project>usb_host_msc</project>
+        <configuration>Debug</configuration>
+      </member>
+      <member>
+        <project>usb_otg_mouse</project>
+        <configuration>Debug</configuration>
+      </member>
+      <member>
+        <project>usb_stick_demo</project>
+        <configuration>Debug</configuration>
+      </member>
+      <member>
+        <project>usb_stick_update</project>
+        <configuration>Debug</configuration>
+      </member>
+      <member>
+        <project>watchdog</project>
+        <configuration>Debug</configuration>
+      </member>
+    </batchDefinition>
+  </batchBuild>
+</workspace>
+
+
diff --git a/IDE/IAR-EWARM/README b/IDE/IAR-EWARM/README
index f393cae30..2731104ea 100644
--- a/IDE/IAR-EWARM/README
+++ b/IDE/IAR-EWARM/README
@@ -7,38 +7,38 @@ In order to generate project for specific target MPU, take following steps.
 
 Included Project Files 
 ----------------------- 
-1. Workspace: CyaSSL-Lib.eww 
-   The workspace includes CyaSSL-Lib library and wolfCrypt-test, wolfCrypt-benchmark  
-   executable projects. The library project generates full set library of wolfCrypt  
-   and CyaSSL functions. 
+1. Workspace: wolfssl.eww 
+   The workspace includes wolfSSL-Lib library and wolfCrypt-test, wolfCrypt-benchmark  
+   executable projects.
 
-2. Test suites Project: wolfCrypt-test.ewp 
+2. wolfSSL-Lib Project: lib/wolfSSL-lib.ewp
+   generates full set library of wolfCrypt and wolfSSL functions.    
+
+3. Test suites Project: test/wolfCrypt-test.ewp 
    generates test.out test suites executable 
 
-3. Benchmark Project: wolfCrypt-benchmark.ewp 
+4. Benchmark Project: benchmark/wolfCrypt-benchmark.ewp 
    generates benchmark.out benchmark executable 
 
 Set Up Steps
 ------------
 0. Default Setting
    Default Target of the projects are set to Cortex-M3 Simulator.
-   For check the projects, you can build and download to the simulator.
+   user_settings.h includes default options for the projects.
+   You can build and download the to the simulator.
    Open Terminal I/O window, by "view"->"Terminal I/O", and start execution.
 
 1. Project option settings 
    For each project,... 
    General Options: Choose appropriate "Target" options 
 
-   For executable projects,... 
+2. For executable projects,... 
    Add "SystemInit" and "startup" for your MPU
    Debugger: Choose your debug "Driver" 
 
-2. For benchmark project,... 
-   Write your own "current_time" benchmark timer under "defined(CYASSL_IAR_ARM)" in benchmark.c 
-
-3. settings.h 
-   Uncomment the "CYASSL_IAR_ARM" define located in: 
-    <cyassl_root>/cyassl/ctaocrypt/settings. 
+3. For benchmark project,... 
+   Choose option for current_time function.
+   Or write own "current_time" benchmark timer with WOLFSSL_USER_CURRTIME option.
 
 4. Build and download 
    Go to "Project->Make" and "Download and Debug" in Menu bar for EWARM build and download.  
diff --git a/wolfcrypt/benchmark/benchmark.c b/wolfcrypt/benchmark/benchmark.c
index 838a80e34..f284774f3 100644
--- a/wolfcrypt/benchmark/benchmark.c
+++ b/wolfcrypt/benchmark/benchmark.c
@@ -1846,7 +1846,7 @@ void bench_ed25519KeySign(void)
         return ( ns / CLOCK * 2.0);
     }
 
-#elif defined(WOLFSSL_IAR_ARM_TIME) || defined (WOLFSSL_MDK_ARM) || defined(WOLFSSL_USER_TIME)
+#elif defined(WOLFSSL_IAR_ARM_TIME) || defined (WOLFSSL_MDK_ARM) || defined(WOLFSSL_USER_CURRTIME)
     extern   double current_time(int reset);
     
 #elif defined FREERTOS
diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h
index 8148c40a2..f59ef5180 100644
--- a/wolfssl/wolfcrypt/settings.h
+++ b/wolfssl/wolfcrypt/settings.h
@@ -153,17 +153,6 @@
     #define NO_FILESYSTEM
 #endif
 
-#if defined(WOLFSSL_IAR_ARM)
-    #define NO_MAIN_DRIVER
-    #define SINGLE_THREADED
-    #define USE_CERT_BUFFERS_1024
-    #define BENCH_EMBEDDED
-    #define NO_FILESYSTEM
-    #define NO_WRITEV
-    #define WOLFSSL_USER_IO
-    #define  BENCH_EMBEDDED
-#endif
-
 #ifdef MICROCHIP_PIC32
     /* #define WOLFSSL_MICROCHIP_PIC32MZ */
     #define SIZEOF_LONG_LONG 8

From defd1f9f9426cf9df9a8e77332442605e15a6d84 Mon Sep 17 00:00:00 2001
From: Chris Conlon <chris@wolfssl.com>
Date: Tue, 2 Jun 2015 21:58:23 -0600
Subject: [PATCH 109/350] add configure option for wolfSSL JNI, --enable-jni

---
 configure.ac | 69 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 69 insertions(+)

diff --git a/configure.ac b/configure.ac
index 4197c9304..f15b552c5 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1878,6 +1878,75 @@ fi
 AM_CONDITIONAL([BUILD_MCAPI], [test "x$ENABLED_MCAPI" = "xyes"])
 
 
+# wolfSSL JNI
+AC_ARG_ENABLE([jni],
+    [  --enable-jni            Enable wolfSSL JNI (default: disabled)],
+    [ ENABLED_JNI=$enableval ],
+    [ ENABLED_JNI=no ]
+    )
+if test "$ENABLED_JNI" = "yes"
+then
+    # Enable prereqs if not already enabled
+    if test "x$ENABLED_DTLS" = "xno"
+    then
+        ENABLED_DTLS="yes"
+        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DTLS"
+    fi
+    if test "x$ENABLED_OPENSSLEXTRA" = "xno"
+    then
+        ENABLED_OPENSSLEXTRA="yes"
+        AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA"
+    fi
+    if test "x$ENABLED_CRL" = "xno"
+    then
+        ENABLED_CRL="yes"
+        AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL"
+        AM_CONDITIONAL([BUILD_CRL], [test "x$ENABLED_CRL" = "xyes"])
+    fi
+    if test "x$ENABLED_OCSP" = "xno"
+    then
+        ENABLED_OCSP="yes"
+        AM_CFLAGS="$AM_CFLAGS -DHAVE_OCSP"
+        AM_CONDITIONAL([BUILD_OCSP], [test "x$ENABLED_OCSP" = "xyes"])
+    fi
+    if test "x$ENABLED_CRL_MONITOR" = "xno"
+    then
+        ENABLED_CRL_MONITOR="yes"
+        AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL_MONITOR"
+    fi
+    if test "x$ENABLED_SAVESESSION" = "xno"
+    then
+        ENABLED_SAVESESSION="yes"
+        AM_CFLAGS="$AM_CFLAGS -DPERSIST_SESSION_CACHE"
+    fi
+    if test "x$ENABLED_SAVECERT" = "xno"
+    then
+        ENABLED_SAVECERT="yes"
+        AM_CFLAGS="$AM_CFLAGS -DPERSIST_CERT_CACHE"
+    fi
+    if test "x$ENABLED_ATOMICUSER" = "xno"
+    then
+        ENABLED_ATOMICUSER="yes"
+        AM_CFLAGS="$AM_CFLAGS -DATOMIC_USER"
+    fi
+    if test "x$ENABLED_ECC" = "xno"
+    then
+        ENABLED_ECC="yes"
+        AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC"
+    fi
+    if test "x$ENABLED_PKCALLBACKS" = "xno"
+    then
+        ENABLED_PKCALLBACKS="yes"
+        AM_CFLAGS="$AM_CFLAGS -DHAVE_PK_CALLBACKS"
+    fi
+    if test "x$ENABLED_DH" = "xno"
+    then
+        ENABLED_DH="yes"
+        AM_CFLAGS="$AM_CFLAGS -DHAVE_DH"
+    fi
+fi
+
+
 # Check for build-type conflicts
 AS_IF([test "x$ENABLED_MAXSTRENGTH" = "xyes" && \
        test "x$ENABLED_LEANPSK" = "xyes"],

From 7584af3d368cddba89d07a94104db3e5c70884f0 Mon Sep 17 00:00:00 2001
From: Takashi Kojo <kojo@wolfssl.com>
Date: Fri, 5 Jun 2015 13:23:54 +0900
Subject: [PATCH 110/350] Adding hash.c

---
 .../Projects/benchmark/ewarm/Exe/benchmark.sim  | Bin 0 -> 79551 bytes
 1 file changed, 0 insertions(+), 0 deletions(-)
 create mode 100644 IDE/IAR-EWARM/Projects/benchmark/ewarm/Exe/benchmark.sim

diff --git a/IDE/IAR-EWARM/Projects/benchmark/ewarm/Exe/benchmark.sim b/IDE/IAR-EWARM/Projects/benchmark/ewarm/Exe/benchmark.sim
new file mode 100644
index 0000000000000000000000000000000000000000..3a85061fd416d84ce7acffca068ebd00cb380361
GIT binary patch
literal 79551
zcmb>TbPQqu0Y<Ya3=E8nASMViPVnGnQt&lnWJok)WJpHCAQhvSz99gK8^#F?jHWEQ
zFF&}mFz~ufaGUAo|AB#v<pRTpydUwe7`W0e`fk*4WB8B`<}qJTaAWvT{3GVUj*krd
zJQp0?7(PUSW!S(nX+J<}lYjU;*!huxpZ|h~8^Z@LuskPNJ`5}$`~##f;D_Y{j(OWQ
zGAXcrc>nuDLcmUt*{)y}PGA-GKRn!|9xx~}HW(%_DikDaOz3jsoc|rH<J#{Z2@}9N
zbig_^!8+7_fNWI$Vc^E_LE%UK2S$dyFFv$`Ot4H~RH#VUnb74H;06*C*vjGtvU$_*
z2MGc@K`I6Ig48J{Fe)S@FeofY5ZEiQm4!iO|APz$4ZaJC8H}1s_Ion0e%Sc?K?cW0
z)(>-jGblVrP)JBf0I6ln;M~ceB=X=u2E%Jd1}`~-A51)lUNZ?rYz&fd;NZ9bB3Z#C
z6PWybk?8|FgM(ay;{oT10tfh+UI!L3yne_~;QnE2=LS|c9yf*+|G%&K&!FM(p{s#m
zB`91wet>w*4GgMkZUzrP_JC}$*zF<5Fo9tPqlWx#<{1n#8D2Xw8vbCCxw(^Jrl%aE
zCc{MG+c2?CxELo~%n~kk^%lbnhMi0kSXTW1-uS;vhGB-rX66|T9R>xtGN7=M`OQAT
z0u)y4Ah#9#w{YX!@BtiZj0!9hStqbfWLUwllHr5N4|WFT3m{YC{=a<Ap~$d;;e+?j
zwa+u<7&YZ@GsSYpGKX@7I>>m+bvTLNLgn+L@!8S%_iuyjHu}$?0J8hTRu(s2w>3_U
z8$2&4WMpPEI*HtBlX;O*$iVvH@-IdPj{TsRwYiX$@giZ9Q(gk=t&LKi3=FTG7+61?
z{iU4oFyloAgA${*{B7Y6%xr8I41X|HEBs)p4w5O8`*CqL2g3*92E!jr*$O|HvV~+}
ztY|qH3r4@WsF~5_#C)q$3Y0<?{8Gr!NLY}uB7s4Hal?nb0b5zz8aE_lbU2CJ>XUf@
zc3lhHb=(({G9Dysa!NySUEME`-hjOf47x8rIP$qM>UC^jbrW}!aZ|r#>GuD7(|-mX
zh7WTa7!(&KC?+r{C1*U$VAMYFX-WfwN|21=4<_$fPW$$Q=pY$nR>P;}29O9y=H+dU
z4SQdFXavQr-Y@0}3ZS@UfQW(e0;2-MM8*kB6H7KStTJ>1rNFbGyv)IN0Tc%X{~X*P
zYAxL~-2Q*J{Ljh&kxBli0hQrb;Mbe>`@>h}+nR0`ZVVq%e;j?yDqtwZeF4OC{K5W!
zVLvP#OYHWLvq-SaVAPbp{R5PXn2dff=^WY#O2d{3f}r#Y7O8@YaKJ^3pdvSKS!6Km
z+>wy8kzob@36{03FZdazyx?bG0JB(D@SkV_@mBo*F7%H<0pj)#TUas<WH2gqIWW9-
zVF;3IkYi9i_>rGEMQ-*ct}AREOt0A3&pFI>Fm+b=!4#PyXY2Om>W4iA?hFhcw(`0$
z>Naj*akIazn9=LRa~o7@C?q6gFlw0Hc4T;v!3YXn2i6ZWc0R~pQ1+8%)MI$<$|QeV
z>;p49+XbT^Os5roFrAK;sh9h4aT_?T89~#Zv@DEOCI@4|=r<R;otST(1gEs@p9&cc
z(h3QnR8|0XkBA%BErdHl!R}!F5dJgZ0b|C&*NlR_PKs_z_V0aB;PC%@!oL6C<Nh&d
zIA7#fnELy}w_~r_1T>@|Ws+hB+v^Jj9Zqbw9%XP!c``7)c3@!rVEl9KCVu4y83sSZ
z1g8G}{Q2-}W?@F9*HW__g5(4p6n=;aD1u^+f#HFt9ESy?rr_;E9gz6qx!u$e1db>6
z+fE%?U>4JDrVa+JmlqThI2btgFHB%iD1fGSP_9nMVA2qC6T9^wgF}(^!<!$l+|2Od
zTmvY_uqd)<B_^=lI`ol+5tgSP|3LViAL{p;Ke!$!W-#ttn84T}`h!th(3!D8A;UpN
zA%Rivz^B#*g$zfTgp4w|4ky-I3U2?uYy1P1vU3^~GeEJ%sLAAJcU$lSGY`)N@eb!#
z?8?zB(L72&n5>U~J}$B6BO{Nq+oy~D9O@S~{a`rY{E7!GFWhkE^KrT0j>Dgi%lN%w
z28#tZOa}4ge4zZv4V!+j9XRv(xUk<V9v%NzK0f}hVtf|;U^~EJR4;e^qVYyA8Kne;
zAA$y;x@YcfaL9sl0E5=di=bSgm@o;R2N<;ap<*3KVy#fI|KIA?GrV?$>aPD%wcb-s
zG2zm4<h-Yl0J2B=_5)B1f>lEDo+3uxQ%pe5dx{A+Zz*Ij>|Bt*pa3dSKxLMQ+X5$E
zH`WV^ZvVe){{@9<a|0xuDP$N(fWo}Pi3J?u`F|NSN-py2vfegy1GNE)elTd{Tm+>?
zO{vaJ44PIK7!^7koaC<jU}$)d!Jr1ppF2J>^3UGH>ZWr${?&<cj;s0|>c5!3^*hwF
z)bofrsQzH8j(-)wBYpua{;%J`&bf?*=@lPe8IN8=K2)vWD|U8}`uqkl2VGfETt2^O
zw~^x`Bco!1!VifAg$zawmD>+85FyXB8xro4@G#y5PRWW10&tNcs0ceqgaK4TYwYxp
zQ%Jb}965v-7z(!XxH0Omx*6Qo$jHo4kU-R3EFVh$Gcqt;1l3&ydok-SmJj*=H8K<>
zG!tHc<7%?pqSr1=ljJ<*7CN!rHu}L7sr-W}62$v)E0KZaL&Sej&ib%b)Q#P3MFyir
z=LQ}(IX6(<$i%?#VRFNQ3`Px?i%beEAGH6oPq?rVQuae?be2_+lDp{#I|D1YPA~Zl
zsrNzZh5s{8FxUyI=`(+WTnnm`A-WkSFid1v(c;83k@W(@N>IMi{KLY)agjlRX@aqv
zmK(!Lkgl!&S=>Oh*Kbgb;{IC!+@jEMWBkzemr=v+f<^|DhT83y84hxtG6El%ncTnq
zFJ}0_2C9=!&vBK!7$o=eVgm=`MMeer2ZleGv}ZZ7>_?^9FGBdt7aio@USw3@egHDP
z@2_Tt0|TQb^X-=zoE0b88Ll{NWB|KM(apk*@x$i7V4uK6SU#Nj0TSuXVAPh`&z-@b
z4T>Emh5~m+ZPweTGo&kSvwQ4k_`tYB`myfI56*mU^Ea@%8Duc1Gipq9W54|&gQ4O8
zd&K_y4@?XWAK9CkRxnOrTg|nCVFKSOv6VtA{(rao1<E16nuJywxc&b=`8NxL!-oe=
zV$gc`*?$oKMiU=cZ3|fTViVg+u@(Qn*MfPcnph?<O<<nEsKI>Ok%4sv%ZJ#1tTP!E
zI2xEHIDBIC;G4my5q?{62FM-3SNK-)tzi71^$TR`+9s|Uj2d>gd1rD|9ALM)$}>Y`
z)&wWk3tX#&R&uRi{IK_z?gOD&T(f66soa)w6Pi8CN#ZuwY{u74jH0ucUOO{&%1x4E
zP-b`#EyFcuv6Ij(k&cZ&7#@_k@?JLl!Q^T5gXv|7>xWC=T7{oy0@o_8l|n0+9>7db
z0=quDi3@Dk!=E4*r8F&n&NPEzC(8u38H^eSK7DE6oWTf+rH}6$*k`iMn&>2aYl;jg
zWk382%_l6LkJx8%PFUo`K85wxLTDS0<-_g2oHN;G-2EYOfbq2h1A}st94MCyxba+>
z%?xsx^Q$;!g&$0od><HDKr+g1pRR)J)VK{&56Zg+yV+(q$T4cLO^}0&J=h5o6M>6O
zfQxa##TYc0_JdTiO}KJ_=>gjehMgP}m}W3)sNQA;$AjWkmN_CbTAWxfFs%|=$+Uv;
z1N$$L2Ot*1hok=lJ~HyNTws|3kz;$10O~97vrJ%G#k5jr1>=XK;MhCY$UK8-W`~o|
ztsWWH8K5u;|I5f=|D|+2^DNd0i=3EI!Xx-E>rAE@cYkn@5FQ{G|Nmyb9u^`D8ued{
z*E4}bg=xb7Z(1laYDhA&C^C{rG6G04O#4A*F-<sif&IC_433!{PCOSFHAF9R%n+E_
z;l%Kvr-5x1-%7R>j2|j~ZhgS0!M-2FV_V6$g5iS^IFw#qfaqhrz_$t{&iEnur~U)B
znS8S*I;q_jbOWUrsoR1x`DXEf(=8`jy5%F7ZUrXrf!)CL0A>RlIQ01&d1kQ8>;UH$
zCU6Q?`>FqcX(kucW~NyaouqE_&g7Z}$uX>GHWQm;n7}y(V#7&r9=X(z_ka(a7eGD)
z`BdsQ=S;R)Y+xS>qS?bn(1#oo*uY`O^Z*vxQ^EGkYhand1NI@)DlTvu-TFiS0oP2B
z&p<YVd@6ODbtcm+Ca}%CXf`tuv>B43xmGYefY}i7lZ7GiBHs*yjrB6_uK&L+T$}%a
zi6!Cz#|%ad_6uw?m^4^!an4}qVA5c?1nRppv3NaLo53=JQN!foh73jx){9K54BbHa
zDgKAX1H%lETjg(eIZ1%r33lbD4Ahc~Y5r~}zFXoQJRQrOxIpDrrO^*2&*e@ZFF{;q
z;0AIX#7xegEDS;yk3VNx!GA((9fL~S3x0-~FZdal)`3`3EBH_Nxq(<Ge{ci{t@!u-
z&VR8L|GwY+&$r^=_iO*zR{Z;Z`9If+f8Q_sXIk;^``P~rZt|dhLNlm8!REFiWBCR~
z4XOPa84Mbr+Cs#Q;lth*p%si1xK{J6V3;7bN@}ItihtkLz#{`2S{NrVOkhxEP-0sN
zGEEvRy0k@Zm8KhL4CK@wHU@_eEiF<jHQfGx&-el2)wamZVASBgtq3lI*sn;<VANo_
zEeqy3d_3DMwo-1z|L;LywdpNfE2UQa|LzUuCA2Uo2u$Fczz?lu1ZS{((E2S1u4VWp
zFeq?LV4J`WmE)Yj@<HY|Cs>Ycf*80QU)UfCwuRy2oCdL#Vk;Ovy!;1pkx2`vc4CIs
zPHb0%W-w}0+!h6^Ex9T)Lttj36YE93RZ`$QU;1DBffP7zE8P}!lbSWrNfIe<%c7+}
zzImIS_-=`H@OSKk#B8R~52ng}P9HBp^0d?nP@V>v%=keD?8~>!A~O`gDPCxm+)AMp
z3?FR%>phU0DKu-Mlj?0jH#xA4qBDhN34zm+BASgt^ENvPLTv=sfp8lkb)d)up;baF
z<yJ5~fSLc`KPVJ7HiK$qh7a-JFj>_s1hzW@%v;<X`y5h#fa>Z4p9&gzp*3Q5BR9CT
z5xzA|rV!ND`^5-pIkI&;=AOknVUrX0G{mR}%ZH#}yfe9GaLogi=AinpOisX!8&Vrq
zI=>1B*M{sL7<tO%lHERE1=)sN7jl71eJ+%`5GICP7sA9)>q3wy7q~9un!&J>2V562
zL+e7eE1-JU<u)fc)*Y_0%#)eF&k2;1rB*VnVE9n=Pw)YRW$_zaGhSqw4yp;IRxm$c
znZ~pVB4-T_NuFkoc?vVyoLDcgt&&^Gwu0e9^godY5SAoF_XUn=5IMF71>kxWQvS)U
zVE7;jHse(jtX}PtVVwaA+0{Qm^=c5fUftxxj1sELe}d{&CL%)>RHGt?DyaTr)L=ph
zRhSrZsKUfhLlq>-1P)b5n~8k}8@N5tC&LMLw?Ek3-`0WJN1L43QQYnQ6VyIpBhuZV
z82bNh_c~D80kw@lErIRpKrI|l`{@6-btp2ckYpC3$jn8OnSvw(Yb~9+(EUsTT<btu
z0z5M$z%7Ae4P2|lR&uRi_)z@!9k?X`;&FjX65U^*RPpixL?7z~u~iW9xW9T2xMqq$
z^Dd~ilDsWBQ*4$PIPap@R$>J5uEYc}unU+Tz|3a?=g-TH0?>8<-zp|>DW&vR?*S9I
zlme9*pc)9dltOO@fJ!NRWd@|I0<{8Q<{$eDDl?`xihx^8tQUk<v4P8rXMgk_u))hJ
zP|HX1HlnOTZ}|{cR<VK0Dv0@AV0)t*S3VE}mpdTefkIajsg)y%Rw8l{2vtb0Kn&c*
z0mUf8hj6eh8jURAHXx{d%m*$7%Kzv+-~+ckK=y)KJ(8e09oqIlZ}l({uoqId^MP9)
z5c8$M_P%N0m>~kL0oYavfy)o;KY9;@z^yHiy`Y*v5~;O?-Vb6UU@xSs0ri4l=HCa`
z(;FJZW`Ock#u^@QONR^G(&2@+bT;hH|G>mH_W`H}4=NWm-9Y8yyWbiQG_kaBUZJ;e
zaMpv6P|yIka3E&R_`}AKc@fl}Isxi|&+Ks0zTN1A9MafKmxR`NqM-H@yv_r)l9bjm
zsKLf!nZRSQO3<-bvj;3QS7l5D_kbXFxBb?7z%*-ulhW-bP<w3#(`?XaJ;c5Scux}+
zv+N!FoOmxA{9uCH=K(IwG5w_XhmB#z1yIXL<hRs{f8PavgIZ;Lzd<cA?%$xc8OLu>
zYmN0cs2#=h8`Mtw|I5HleZz;n23wdixHBd@3EiIMBzgNl#>otjn?OC_2DwgX-*>W;
zz%8B*){Zq!OqUGyFe((d8~kAMH2lF7xyI@JC4)WwAO0H@xEt(YP$+OO*vjVCv4Pi3
z#EnUT`9tA9<_Qwek@o`VYzk!DonbYD5~Llc`Gbvt^#a3+f8V$MGH~PAP_UP2#>$Ki
zC$<YpZjia5O}|*(_#S}Az1K0Qg4&<pk#BID6fyGs@B7qWps{)AIIDZ7+pG;Ye=rEJ
zx{0{Wa8uj~YH><|TBGe68I4Xxw>zA~Z@<jA`GZG+@wEdZ(`yH$-hQ)_5;Vr;kYfDP
zCD6<u>jg(Q4Yz;a^?$RwF+5;U2hCNyZ$ymE9{BX45i~;1{DJG=qlXL%pjIs3YNl0e
zD?#zG<0oh=<VGXvhz9eAFMnYp8k!lLI~f#29=yu%kYjr7$avs2g8*pGD{`ZQj3)=j
z1rW&!CYiwG=Zhd;f@bJMAKd)GW8fvn{MwQ6&}$|kh^`>8E)WTtqx0kd&Cz*se7@Kw
z#kHc<iR}W{N|0|({9<Qt_)y=-pujVMZAGK2&_!^Yca@<VD7Ccy1<4jPLi!&6zSn~J
z8I5KS*j9SD{rkT17dykV3-J$OW3HfiJ0@@&Nd7kK3?`&`J0|eF9TUpD9ZU>)-VP>q
z^%kV&2c_txKN<8GK7MK7n87m>G^Wjbfl<TZLsJ7MxV{91FV{-875~3a{l}<Lc7X?4
zdvJk6p5eoBaK9N;OM?1#pxOhu_ljP7aLwQCBy>w0G~RO{9Wven>NlNCM;q?})gLe$
zvcO?@w*geLLt6Ea`m*b%4z#{hzAfkmsxOgy>=^as{M}CcaGSY6=?`u*W?g9jwsUa<
zD7WqUBRT=pXJllb1)f=ER1lgdJV9h4+X}Xo|Gr=U37WYCl>>}FyB;tqg5vevFE*69
zRyOdcl>BYZ8Ei;##s-cvHk3Gni6O@sOzi3{NP8Y+*XbWj3JmJZA9DUMXh=@jaDlyn
zQ9*oy*mQ~MOyFK!&ri@yJj(@8{BHdb?q>UdQ4v&1E&O%=*}9CIKR6iLoOt&8e_-J8
z|G>zzWg{r(^M3T;>wCe^z_)_`#4<M!OK1iE3EqzuU{Qq(j-4R&M}BY|0OePa3o~Bu
zGYG8#&5v=d;6LHw24aD9aDl~c{9s^U*vX)F;s-|pD2EpP0EJBc50EQzet=5P%pVqR
zkdgy5_Rr$R>xMcX%lv`+4<mFwHWJHxEb|A}Kbjdz8CnSp>Yy12Cx&J@(CD@kLz~>D
zkBmG#SN1a-|6qFQ{wj`L?FUmO-v>qx(1@M8+o!9rnOEiykAH(^T@mpGnp4zB&;-vZ
zf=q+VfI#LoG%@BiG%@BiG!t&#(#T-g37W};&1-PGHD=7oSm?xZabkibXf1)G_5;=o
zxr}vAinq5qN#8z}aX*9YwJRI@YghJda{J{#;mq`aVL#7DMxHgU{I|CMV0f_Y2SdX#
zSI*03KbT&c|6uAo=KB5;quZ1O2{*<EFjKEQ0MGrpv%7V;HEpoSxbcI*p~Xqmjro?E
z8;jdcH^v8SZU@~GWEdtS%4B48I7!}O`N+)mBE$cc7bEkBkl(P-X85qC0W^mY<a+c6
z%L2Art6nof=gXKsc>mVSNRZJ;U{L;*apMP1!;1_?y*X}%x4*OVUN!o`WNq<->2$IS
za|0+{v3LCD2F;d$=Evh-h4C?bkZS<VNm~41S{?3kTavkf=OYsjOci?rNE{>&l5=iw
zhw653V36JSk&*A=#br)f7nZnc+*<OQhXqu_JY#2i?Zd<gvNwCSBy$5>$7k*`mNFjD
z+<OX#2xz_(EY93<j~g@x#|*OF`m=;{gBw((TLXh^irlM<3O|^v8D@1k@!SH<$1{Jp
z@e6&PnObRr30zl#<H?oXP1KFgEhD3G!}T8w4JH{5u9CMnJ~F{$q#Hit&+y?k&KPO>
zrI~T`2SbDZ2L`@h8J{y=WH9P{aSOdI@`0I67!(H8#y^-=FMrL&zWg;GJ9`5tRk3&Y
zzq)P*ikmVyg&$1SuP-j)umP#fHvYj>{Y`q=Yd$u%2A+>BJZv5QuddmFLY1unBxm%4
zDH|g1*5C%0b3>DBYiNVZwV}x!Yd8j%JJ!HqkRo^J;t|(|PZr?VS^S!h8I&#<*_b=-
zfMd<g6%;!fw?L^&TAI0`Oa@g(8m9~&T!!r<BM)<j|EtS(pmcBqY~u0T9j-jL7QW_S
z^kiWEaQ`Q5$^h_;e(Q&=uri==1M3CG4bU9xp#F>{LpEcnlj7|)P7=3|X57nQeeJ@^
z_S%JQt=u*_26cu9^)kzygl=v7!Ej*f4~7R{TzM{={$M%@Dh0l{ez@c**XekYe_{fo
z8>}1v+vjlpS-}>@jK<B3n%WnbG<9w>C>_WU{J_lO{_TG$`vta+bxs`ngJe?V7(OyF
ze81SuA$)<QV~vwb2S{{{Qwx+n0;NHs(Q*tQIT&7FWPE+GVAJaaex}<6;5KUkxP5A{
zg)t)#YMbWm0~ua&p!GwC2)33O6&aQJRoEYRvT*Wj{L0|JWPh{_qhgB86eqS@20w%Y
zc%438gtUMmEo4x>`RBj(t3)lk8%M^DjgE2$Uo(o$n0Yb-Ho_3Gu?)O=3PiGA0Fg{!
z^7BOwJ;qy1s_YL`^>*xMR%O23tG8u8iz=%ssE$AJLwqHJ#)(9y3;rJ%IT)0f8W<I1
zCU7NY$Z`B)_`o%R%}sm-!)rDHkqInr9KTpU$W9WTzz%K=C?*{F!P2lWp-e`=M0iG<
zllm=?c?*6pXgo-Gcadw(7AMhLB6DA46l?_5DWLUW%pX?%c#*-ek@>@v9}EgF5;PJr
z5>_On$OxEjae8%Idd1)Gcm9B8MtQ$V*Y17sp?}E?hut%09LQkkI0%^!WO4Xt-O?z-
z_<@BH6v_g>89yER$iyW0o9Uy#Z^jP|a)Q4ZJ~*&A@T~oz!Z33NLxv-RrwoVYw*4#`
z{NH9;@PF&%D1X4H!Fh4!jQc-IIzT2L_{!h_Ql0$(<a);+3>rccvMzw;W%(zb{o&9c
zI1ywH$4&+n(Ffo#7nz9?<|*JX2a&87KqM2G{CrVp27@AFfnx!`!j#`1z6s1=`^d=Y
z;VONL^CJ_N&<seuBk_Zgf%PK)iof3zK>lVq^H^Y((1ak@vp*cr>K@)7pc#IlnP-34
zOi+*l#f;()F$VrsGiUOz`2RiZFAIaje*P5>A67LB&A9(#PCG*f$WI`XjsGwyFnzfC
zp99j8W100B<TpkIwh62g*(WZU0qQ-(G|imJx`OFL4R{u#y&0rq&wpm9jykXohKY=d
zj1w6YnI^K&+L<xYiDy59BBP?%MAliB89@?3G9qpqIt`y{8(3%0blS0>+l^Jb>=u)b
z;O%8Hg$zs|7XN2tVE7Q($T*96!X_t1q;WN-5A*+9WU$WUli1?4Wxtvmr(VOSWeoxf
zOdqQMvoJ7xuy15gU{D0DKDpAM<i<Mt?hl0n*MBf9Sp1QZug~?w{yw+g84F+YaWcR5
zWafG8$Fu4+Cnw)WM!t`(EB1eM+xd}^U-P!)2WCEw3!u8d<_FVGP>ss{n~UMw#rRh<
z`J_PNvu%Dbt>pU6$zc402`?L@7o_gVMQ4@++@3PgJR6;qelS^Yy4~`CLyKin!>5N0
ztg|LMt=KQ<#-iEq=~e?G3>3j(aJ>Or7|24yfMv!8CzV@lZXo~v{s;2^{sxHuLvEAq
zdzJ^BdN*%_=7WMBf<i(I91;v4I6?K&YFdTG>e~!68KyBPmCG>CVANN*E&hR-N7;=X
z6wctafk85$w&?eZ`#FT*VnVXU(3OMraxfN*esi(Qi5uKHVfxVd4^dZHP<<_@f*aEZ
z_kX(|ERjiIVESPFj}MvyHa}ocVASEBz%zw+0`qOY8Ho%`A6)*i%;272ks&&PK|ypT
zqh{P~mYKgY_-3=t6X^h@(LSdW`}siYgE<-X<lWA>+24+Tb*xJ8s?86k*`QV}=Wmvu
zlE3=?`M>h>^nVrUss4j$w*RYpmi`|Y`N}vLK4>)9{9xL>{RhJW?%yoGrGIt(lKR#8
z)BlyHm;b9MFZCZxtNmZyw8W>TOb(`s?;{i6^^13Z2pr&h&A^i4x?}(H9}E*j=QzmB
zmYF2uDYw9B@onxIj2fD^`DSp#`)QiHxxxK3?uoLX)j5oy-v7;=FfrtHvM@1l-wnKq
zhe3m7zlR+6gv%G09&pcK*vUJAdj<aqesKQ?H15I;X7R7!KfwTIaj*FM{oYRo70}Au
zHT%V8fL6Z9Y-CvR_xt6ab`NLHlwJiI&-wX}#SJ8O@+X6i!w2I=KF};@fnx!q0>?~_
z2G$AEt7gu$aQpZD=|9lQ2<1kumEtQnI~ZOwid(vYYL`0jJhXTtgWA%MjGO`wEZrDC
z#Qb4UWMSBu;P8RFaqkZm1&|2`+(G)88_Q(;T)A&qxG`pUF$BqQXzkd~r1|6)NLTRh
z$IrQDxXFO)MscABR&LTOmwyysVEmx-1Elw91FBhf8_Hw^%t5u}%iA+%Fk~>OImr2c
zVC3H9#xh}}8-u#&1CUAVf~>1pS1^9y0-JFdY6j~Hh<kQ}+PRzz>Wpf;KQeMFTx6L6
z8pRjB$fW1+VM+rie;@cXp@DUV1A~JMhsK`$tTUK25^u4t1ey5zSHgoCGY(|1%ry8R
zxWGe>WrF_)e(qDB8%#o8u`&3+^5VL3fl-fRKZB0UMN|`5peEe<#ryzb*5Tiv5M!TM
zbP?i5i2JfHZhp@Bk&$!hYfc81Uko4Eote~Dx~{y)pvDi?w;ZZ33`L*+#WI<7PW!*r
zuSd1_3Dn+szaBq_*xL@(Z-$~@|6)CZ`!CiH2iSS9vaXU|$-08!L)L#524xggG8cD#
zWaO;>Qm}r>41=A>?&iP93QvWzX7Hb21*b<)8l5!<)URhyVO{a}`-C5$^wax;Yo74T
zJ|{7>b`8@9+drUo4bumWKZtfsnT+rZ0n;|8m$wz%U@e-bW(*9P7NEA=2Y+5S&`M{G
zj4MAFCO}sBO>hIPs{H%C7Cfex->9I#^x?;E(0B$1cx^Vrhtx(j$VyASKsP2gdC>Z`
zY{wrg+0im;8JnHNL9KoyK0g|t9gTngwpK<ELy*j5C*@lVN{&BRw4-HUB2pM4f*2wk
z7$UcCYiBShGHM68x!)Gf(9gK~gXe(oZ;sEPz6XOEqy98E!`t_MFcg5wE$-jU<>!7d
z6qL#6XY6xQy>;&g3z9esR9y1by&oJ%;v7(M-dp#6@W92(WX}EIDd77kzy~tx?CszT
zu?*(d*NlS`JY}>qgk)zrZNIITQN~av!}Yq6$y;Wg6W8lzMuXdY89_f-s@Yy&H{(l)
zmVv04=cIDm4=(P9Brb8g4=&z^B+hgD99;Zdf`B2&oM@RcnR!m<ZfR$5y>4b=P>hyg
z)Yby6oabTqz||1+gC)C+#Z#t?2UHh=dhK5?&gPK101=1u<2hxKdDz&|pdM`YlZz`~
zGctL)?%5y6!1UqAFO7_c84fZG4;<teHDp2StDx&sL3~j-ziB6k&kN@}f%&X(K7-c1
z3knIKRjL7QOdt0AQpnKEXmpaf-Qgs5`(ef_P_F}HjGGra#?1*DV}#B!e7Xc$n-6Nu
zE4gX9DY$`qY5xDd|Je^_^@H<*Gp`$HZMa5;BZI#ThyITJEE*HtSZ~4AJEuKM$k^e;
zcFWRD!R^oYx8Ri<4;$1IG%`SI-kKX8W-z&Ncf8LK{>=$aYsc7oKy@!4?^W|3Ot1I+
zU`XKm&79`{%8d`ypZ9+y=cn_7DLejE0Ef~A^B+vvY`>Y`fmF%;Y6I2CZe=_mdH+}U
z>_D<{&SJm%{z2ux!A#llk&y#t(w&R@J~HrIUD)%3!Jyb>%?}2H*_-Zj`@eE__J0-Z
z4C3ot*z<$Qz}jWa4<<A@CIh((dw#Hh<yg?<SPTR%?D@e4mSZ!Ry(#|HWjlnaYz90Z
zIe3m-?34+TtN&8J9<&Bm_4Y$h+<@a;Xg4U16%wT3v3d#|%L)lXa1ls4P)OheiGb^P
z22Gaz4xlx-7nmMER^e)9D7gLoF8hPxG|-Hc2AuzW|FsXC2AaWXz!6j)>SrWmR5Elp
zO>pD71&Zk({|q*Q#u6d={(XP=??DEmKErEwM$ky1?(JXf+*b{MFr8-V;P}l0S{LpV
z1R4X=_J4K9rkX<*v`6JNTL;H)zC5{KJ%9XP`9S3je=tGCK`Ie);2Z_k{SY)VcDhPN
zF#|L<c2e3?&Xa-ZgD2Wp33b+iL&CM^c88NB&b+n%TkU!=(Cop3GS~lK%GVo0=J8&Z
zxxT*yUq|l5;?}Z(*G<d~)PuYI1GY<r1vK*31nKvI)*3TS)X3o2$)K(b>CuY61f>{o
zyY0fpdKm`}@e3eQ1WXEo$<G&g9|XxXIkDc_{Da{DXwB*uSG`NHSP}cD?8dMPk~i)C
z#lK?URJ+Ki$9@5{69%-ODFL(-hEwJuX#P#X?caB;zm0Ayc0zo8=XQq^|Ls>94>LeB
zW}um~$)I^cr4!E$e=wZ{jbeXsJ$Q*>#h>rz{&=`Se4_jEgA<DzWQL5_4YY>@w2t>d
z2GfViAK+E<KNB)IKQglKa1yz-54?wn=|d8HPlU*YB#b>oOdn!?oP5nG$f%GhrJm5?
z@GwL1ha>|yT$?~U4I$(7Vs4<3`oat+nTbv!w~otv$f#ss`d|t-x$r_!#)pJmPUQ)#
zw{}9;)iQn1|6!Q1AY(&<{|5#>^^8XuA2JyAzqlFRj(>H$LfZ{Ic6^%kH_uo9SFYe)
z4WNB4{;#gufyR+*Ib=a&lhyIg;=lU7`@eGc^M4iRr|^U6^?z=oA55>AfAjs5`_+yj
zlPd=r;RKB@KfK8Ek&&re3Z%ZvY0v&h2F4FB{wrjB%y5tag*2#+;IL%W5WIb=qY7Ly
z@Z9d|2m-U%Z+mrUfmuwqxxhP53=$Z2Zh-Gu_~Xy&*1v(zjY)y=!?ORdlqLvDY5ky-
zh8Qo{l(7;%UcfogC__8rqJ)nOXtdyd!(^u|`{mul-B|S-KHUKKm6yv@GBAGV2KSYB
zHiG)fyPO!OBf^vML;HV?48sf#i590N`&ryLbs9c>ZV*sl{E+;goq^%Q{6<h;4OBY#
z-?nr!%J`gd^#{X*MIRaY+FV!cZ*zN<vEVfy2h(d0Cg#_E%qw4WaDYY&KDe&f|G^Ek
zPeSXq#0O?RP#@Xo2h(ihA51Huef~3`@q!tAQlR+gHvYjhlk+#n8KWOec-bJmAazeJ
zg32BTnIN78PKrO6z$MHEP(N8IS%!HA!xTns1yI|7)y9qOf(f)I93+zq-&beygDG0!
z2UE0=EQ}Q`2V=o#L_eAF!`FYb>?d1*R{j55@DLP-4;v;s?bt8n#-i2m={8afuKEWW
z@wovW?Ld#gW&dC?D0B-Hb8Y`XF?Xl|7IR_Xm_x)F>jO|czXXqDq&<8Ejnlyrk1J^y
zkAgIh$Mb*pJXkJM!NB<8@LzW5c*hpdc!xgA1lH+n6PRza&j97fGk;m8Xk>6qU{K(g
z$*7rd`&9<}Y(=+gKNuQBJFflUInd#{Vt)sy&BY1IMW7K6N6>B~lo1bBoFg9buOc`Y
zK4>D1d9V^O=7FgO)Fwk7^|*GC?==JKQYXlW2gh94h{p=2g||U#b~JCZ&tO3s@n8Xu
zc(9<1c)-MvM?7F+=p!C1;1Lg&84NqwCV*CwKxTwNy-5~uzY;WG%m8MwtoZXi6+Ys@
z2_Es#*(orKe<o;zqXj(D@#lNUPX#w<nF`w5>d)rZ;kF^;#t#mG?hPHFF<1rANUn$*
zXwKO%!$~4YM%0Z%x8c*hhDN6?`?=ki-B`67K3#7}$XMYdbZfoLgA7ny-uVN{o7);e
z_24e2bfnsf@xzTj2B6tf0S<{)rzQJY-8gj{K79d~ubcmXa_MZyc&u)~ZU0y7OgDZo
z7~J^5bKn|$M0UmgKDW;VMr3I{4!IIMCcELbVuor0gHpE4gA8c-%4X}vcER)qQ@6qo
zrf%eY%cjsWS4bAdik5@1VDy`d-BMjnT(>~AsOuj@`3jmhr%pQ%RIalBS@4iUi(yj3
zrw0v<PCNE<xUpz}#*q^;CO8S*nhuS@-@idIcon?26FmmM|AxdMuLQ%46;8spSlvKn
z?3Lf3*xLgcP1X&)Z3Rj*29Qy7P@J(m;M9EuDq$HCAASbSZ-e6$|HwLh;&BxX<1z6!
zt>RJn_nrq+Wil8TKZyTkft0HZ;Br-$aRSp+<_XNVS!QH1Fn&<@%`k&;f<XrB1O^4x
znT(q8w;5)B%DDSOz~IIYh62$JQ10q?TCtxWT(&am%R$GIk3&n=Z9f<uaQ;RuS=Ern
zlI!7P$=kqV$(UuP8q!!YE;aRXFjaiuv1Eq%pmKGu(~kYielSd6MJiVp-)01lB(uz5
zL@HMq!R0C=O1TOXLoQcgV(8^6Be+~;oWZb@c>?1K{uAurm64#eJB(l!`wIROs&1fl
zlZ-2Vf8Y6!K>@Tscg=pbnV>!Y+~8Izs14uX#tTaK44Ke2{4wzP2aF$r;p+{Ou&lRX
z{NVdb6I3cHfL7ex_`z`C1t^CY?D@#Z&*o-xTjm2ZA2(<&!`uCp3wW2T+7G7c<=mjw
z-{*_*ujcTmUXba4$@#yUVh56s=~&L~_sWGOg(ZbY?FW<h91InA;3_zbQ@|rdAayq{
z%5P*;Hf{)#(Mr(D0F_BBw<5vkG%$Yn`SZpP4hGl?9B{wdpUtgtgFyzbn+rom#sVj{
zTZ(QPZoj{KgU3*AHE`;z0PnPH_;dwa${+a206p6P+&AwB&pzqI-Da2tD&rZHSAAsU
z>~vkRztin|#=_T}9PF<>cvijU;Ntwq$bHKd)Sh0k|CSraM@EiauQT{p?Dv0_!L{on
zBR~6VPd=^NQXiN(Ky7Q#EQs9?rk$Yrn)^4WF{o`li$m%HR2(!HXH19<(#!Rm)A-3n
zhS$yvr`cJqD1KmMz8%f{o0$PNJGT&A6D+)KkOA7ms*%8;1X?4ab(>)}XpIPXPO!S3
zB}k^82eKOE+r=du3?HOH^JCedks{E@9As_^#xwrG1ebxaQ=sE;ptyk452k421XNl>
zGlTKN_aCtFG~JgU{Mp=EHyC6vOmJuTE5qXkDs3Ks`q~_@@#32e%u^W@7<HK@FyGE(
zaByS%@Ztx<j7k{>CD6Fplm=(H4;hRT*xcOR3_7;|U^w95Eby!6YX*x0PcDN+gD%hA
z9}E*fD=-3NJY3m7GV!_IVw?e5&)Xmq|LSm+&{cyUOuP4i%N3sA{;#~bLGx6hF8;4v
z!LwAk40=D9R_pS_zY6BmxPV_RNab5@Y-*%_wSxM_UbzgqJfOKR&`3T=^|gz!oA>=-
zU=aP)@HK-am%)KYmq+gh6Su+zsOSe*mRyiXv@3%yk0@4AF07)LFEY#slChWFCKD~!
z<n;er;d;<nEF7;LA!8)qJ?rAPVf+bTK0llv0Oqs9`3xEy`#t6EUQoz*mZ6xyJTozY
zY39O&BR_Z=+%`gXARD-W_EUjKjvovPtl-iLly^V*%erysc5PsD6LD+!^rC?y!!QHU
zCU}6-s$=-@5!`3KjipV%@Zs%$u9*fIoEe~29p^0p1%?l2{<AaifOpM9N=Hyj?-RKG
zhwwqE2GolVxNYgiHA^UiYxcDt3=?i=AbMq=2=t^i!98gXP=A>Q{pc0&e)M|W?E~<c
zA>_C77(N94r%n5S;e+u1{SVg5R4_1nV26*Mz(Zc2VFKfHP@ZL;QOUsYf$u-VRD%qb
z2@DD>GZ{6LZhy*Po~`M|H4oJLy8A=pfLO;JtUWLXj2;*p-X53+sQiV_IkOSb|H4!Q
zDw8q#Uu^53{V$ezu>RKur}?)*bG@1<r!Z;mhMmHMJmU-#LvAO)#L(Lb4B&PG<YXpL
zuZtDjIsmm3Am`eE=K8?1dMkc^U-pYZ0UF}q^JyS65F9%h6hUj{L8Fn5pz~yOKqtXO
zZS<50;^4RdB3Z#C6PWybkzZ-z?@ymV>%ID<m^8R<gI3oYNG$j$zz7=YT=lnMBj~&t
z$XF#}q>|x-%D;yhpc4la5*XFW<QN{5$?)sx+){J{o&K=ux5IA8=&01~4yTV;#)Ls@
zG!1_+LDz9VxEw9h?8E|J<NXmjGW++t=Whm$ix(g+0Fk;cL2JkaY8#Q(kWD~Y&jeaG
z#sOY8M(i3gh7ZgB3Sg`u6NRrK<CwtaCIDVT#t&UXCN_x+%NjB+=o&JH4|RVbYsfgj
zYsmOf){rrLX#WeEYi0OQ^cOML3R^=avf}smT|Xgf$b`Xb$e0uuK7{>+t!0}12r@Q#
z_6JJ?)5JM5Htd`@gCXO<YX(722G9zFOMgJK_iarRXEG==tOAWXGl5T&sBPl^<Qn1i
z5M-MEUj_}n2@D@*H-gOKo_O|$K?CnZkU7Y!#3rJIDrjXG2Y6)|>MAillvQFpGs<Ol
zI7!}O|H#C}2VNt_@PX|wBV;8w3&RKIMxI%G6F}?33{cjGF?{&@hkH6`g&5yV#Og2x
zm5DPh{9tI{p2s+2gA>~=LpO#MzrXwc;@HUIcJ~2jjSgs}X5x&)8GN&tXDoAD;+6<1
zvDq0uNPyO(t~UO`w0qTSZmw0Y`S=$6V0ch3x8VoF0{>UH?EGJOf$MjLA55!3Yigfg
zjDIzQgW-b{NMAK*ofYz$TNWO~np<{I%W5@fr87*0dxJZCMXo!BY<ojHT(%uU_ISf_
zxa{!;4g*l>v-jc_S4+@5w>5k{Ee~_YeeinPE#TF!T434R(%`kWXmT=m<REKm5&B?j
zY9Xc`y$xDL4Oyqe@WB*me1Q7vl(<*?{_g$*v<Akok^j?Ci-|KuR(ZJn`JVX~lzP=0
zIaUfl*1br2x`A>8(@&7NbR&aWzMQ}VPq+WyAN~TZ;W+t&L%`t!f8)fN468icAgfF`
z8p~w%IdR|eKwI?!(skqK<L4YR++@JHSyJeMmz&7Sl^+Ed{(avFUUBoP0okO-4P`Q%
z9|br;`TFH;P|lh38#cmt1-yckQGs;=%S5(`3~KB%Kx-u#71(ETG_Xu)cAGGRA;Up#
zlN;v*2K9|@!Vf?;atgAnVp;L;do|dujbOW2plf4RH87~}bc3vnk-x|ZUKt|<UK!Kd
zz^H%VQ&$5Ed|eF73?_}(TP)x+b@G44JeV-!Kn5ptT?{A2x|plbburQxQB7chn&9`7
z`2oZ%b8wilO-#NB3I&MEVlQreUN7@Pnn?|`CT6{p!z)hCH5VDw_@H`Zp?W-#^f-f8
z#I)W*weK0!KCz!qpF`~X{}U94Y!kJS^r~L;f91*P30@DwbCqS4$VyO%Jp!!{MN%bn
zv0kqJOWAtR2qk1C)}$HyCm<t~pmkc4petWkR{Z)d{GVaPukQl?MOOU!&ikKZ9v681
z3woKn_ZOs0UhxZ2CYQ-@A+3Lbl*XVwIImmF1{OE{3^6y5$rt}IXjESWoqF`^`?~)O
z8l@L2<v``svme{PHu!Vggv=rS``++3{uKj9(nXF3)@~3nh7UKueVvGlbuy5$?aU7)
zw_~r_1QpzVf9C`31LE+yXza$YO4AK=Vp8}okO_{^S;)WNH-U9qUId-!Bm+KciD3e0
z>;g2G$UKALL+~$V@QDlz6CkGV1?yLY>i_e-A2id+A$f5@255I7(*;Hi?u$a;onxRL
zHfZg_pYIjm9rWxMATy<ZzBm2{x#8&rkk8ZpIY8z!8$oUT4~~erTZRvRf5K+ez%!oU
znuZay^KT+`=5BSMErdVcE&jviZhw7G0J~1*A|!nOeLwaG<XYIg?Vs;{{~F-)w)b$%
z+nz$2w>^9b<j+rkk^T9_pVzHp1B;tRhGND{Hz$c;84hjUTd-aY$1RRo-r#j23?Fv?
z-~{)Cu7g|2CGZe|h%zWJqP3E%e}dXf91;#P3==>sMvb7`uQHxwFunF<@^)MJnv<15
z?d}hr1L_^!PCTzYd8WBp-HLy8w2JSl-4CYKpw%5*zuA9D{b~cP@Br6uIzO0Jf8&mS
z70SWzLAAl|2h;97;Jz+9v~7&85|@f^+@O9dsCELGc<bU4nOvD@xk+*ka%+AtBy7G&
zkCrebcXP~ut+)i`eGW)IU-9d^!e7uCp`cYdptShezi|UY24{w-8=pi*#s;SuZlKnK
zhTE_22H^AlRyT0!!A6aiHh_AQOMk#djhMl4#snJu%izp#lVDKV;Ogw=b&FvR%WG%O
zyFXYC-2K7v0MuW(_k-twi`*Qi75in}<fVCDyYuk9cHuiOog%Z`X~lkZH%5JR(Ar@Z
zh7TN|d7;&y@uCzt?%!NW-!JarkOcKrs_lM&)@`#Z+5BL_%TAHw`pvHN^kO*6CGKdM
zdY;Wrnm?GTx8K&x&`WT01?_h8VBosVFbgy<4BBl2+IIsQ!*X-|eyhWE;cE^iu3Lc&
z3?Dpyp!Nr;HLk<(f%^x80wnCXJUKJC7$o*{xHEp>-^uRj3Fl?(V)mMpA<Q7LU%;L5
zL-9Ta1_N#e1qLO?59{{@{9utz+!*kKMf)<l%l?%g8JTBEFer1%JN;m>{&n&F^8$B<
zuMY~CGA24PUv|!zB{9*7>2gB`gT~j31@8BMM6fevOx)@JrNOW<!T(D`pkspnhyR8L
z6BrX&6z~7AQFlx{^ka|U{T~+Mj0ubi1@4R=Ihch%ursq>0I?2#<X~q0z|I^gaY?E%
z@lb-(2S#S^gg^-mW$%RhKmLeuW*$r|aMykL!=KHK@goO=zz22)j{O~O>>%9?2R?Fu
zdch0~uNgU*pt5WiKrEO{lZ2?-($^de3tlsGGQZ~FcK*Q3aN-9G!)jNJ{fr+H{%KT#
z&WmIG5dClGM*)6|{fr;N{%y!?b>h7EA;ZJvL&C8i5*r*oFfyF}!NQRHupqP5iTmP)
z3=fwL3CDhjfMgg?|6mbt_`%H(_b?-a;R7=xqo%`$wG9V24lpoIIKZKxVRh;14~_-z
zGZ-f9b>i61_(APos4Iw8`j?TxFcYM1!|Q|m68jlHNd9A(!S?z91H(rR#x7U(3x=6p
zt_MCeHQf5aBe2q`_F}jz+eL<11{sWs6CFC74HC*8Xc)9Rv0gC9Y<J4Lydz_UQ})GE
zKX?j`|KM1V@!);N)gKZI);sZBSdn3v+2N#o`C!IMCzky?GgdmuUOb+#BSGc?>qij=
z_6+l#tRDp!*fW-IWPHHk#-73cQG}5zgF%aFKl?`kFzfS0kO@qe859{47#}cxIP!Pb
zM+Sbg3okO+UN<l>e4SCin9=LRagjY?`Oa6F1yC0jB&a?x$ZT@uxP0q}0K*C=k^QHB
zh!mXqAy5D^W6|I38$m7?ynOtJ!~)Gs&5eytYWpn{`x6;IO!=FUX|WMvXGLOrB1nDL
zU&a}(l8r7I84er{3>gXjuWqt>LSx4B2loU8UFAz`uaAO4kA0ULEH?B18e}N^V*PlM
zo#hIn;z|b&XM+T`2RpzaqO-rrjqyX=-{U_xHk|swv*Gj)js>TG@Dx-&h<_!i$g!V6
zLHWYQuMPGZ`{fnnE-n1pP{6>$@PUJ&(P81&h9DsxrVlJk6G3ceX`TZg`52f#Fflhs
z9gv#o!0`H_!9iKgUyPraJ}@$Zc3GYNA;Z9+boz&g!s#CZ3T&?%7>hELeldK$&Cd9B
zMj`tZMrGz-3?BrX3la|gVAvr0Kwg70gKs~Bf&<5akCF_WzZgC+JP>sA%DBXFiNVWN
z<ia6-#@9_uOdkc99T=oC7_>fIG{|grlDd5O2g8QbKO_WBL;SNr_<>PoN5(`ajr|jx
zxGx|0!L#Au4-Sw|8BYJ;5nxa_{X>EQ6uP(naD3!o*!$vHzwXOlzN~Kde>5;NWVCGH
z*!llE@4x#$3Yb}DHe@(T=o>o7DZXN0V42zI)bL?NBkR{2Wg9arHyUL$NHjS$e3;+Z
z=yc%2oJPhETmLX<$n9rw1N9?CJ~Hw%e3;m1kWrZ7;L_-1kYKT&(XB9HMP|cpjZBV>
zElv!VbP^d9J|vnX9{VBE!1_^xalZ#cMn)3oJO_;=1_j2C984z@1QQx$1Pm24E+tG#
z_<DJVN2?R_#T6elm=xVKAB6s3;W@y;`uYIFf{z@G9Isgz9HbU})L@c%!20z;A%`2o
zgNBR?8<{ddCD;_F9~YUbh1i9ztjc80nB~NG**(MBWtJ1yC63qZjE)H}GFE1Cyk=km
zo#wUtuiQh8%oZmOH;er`i5#z47(pgAY-Gyla{6_Vv6_>e>k3PPV}_%PV}ha^%WMrd
zHc&n0yX5KmOvs7N34a+g95Ngvm?r33Fnr`-6#T%>$a(?9I{1-;k?{jNBZmYir*$})
z>}Qw`I%Ax}fN=uLM-E1Y84MpKxIpUtKQM5w_^1Io8}uUwBTOHcq=VF|#1{z;9~c<}
z6B;Bm6de-^Js2`yBr?tbm6V`T<=t<FnbHa#37}Be_<|>ZamIodJOPk!KK4Uq1LKSh
ziA*yX9(1{}E1mkmqQLc$g^^3P$%*?TBlnlfyFW7V@7T}y;q-5Y89SU9KFn-5Abn8s
z2!~fj5JwP$7ue>?gad&JItrIqUmsy){HVdU!A(E|RFZD|t&ySdiv^nZ7CLY^Yb3Be
z*pQ)_+2N$Kzrl_1!-C)26HY)%tcHIHSq~VwIQBCr!E>FG94OZnfpQuLB&P*S^Duv4
zVV()fbuKDAhd%N#v3y`+xg;edz0iT_^+m%|vI@VLJ~Mw{WMX>l$n-0bLAg57I+68t
z6JvIU@-L<@Pr&(&^$MfH1P2M{j0FA!nFsP(;Jl_3#Bu1OBoo6grcVqHB;C9-Zgbpb
zXm%2~aG9U+bu%;bM*)@~2IUL}?GG10=|S+adcw}c{|WmO_#SA%^BCLZ;|cu<I}&~-
zFevN*ms@(jUu1xCi{K>(sTT<=Gg)Q@Nvui))hPi9EHfNFFf({0ux(%j=e`fU3<}`X
z)62lX!_A<e!@;1C5!qn_zBj-PbZ<aL#zA(D*Q}i8S2QyOJ}~n$e6VU#$jp^$b?R_A
z@WG%dDRZh5!-w4s=QtGfLM~nX!Lwj}2Bf}u^$Sw}Jo}ZA0jYJ4foq+6zgS)$1C^SL
z{Z6bG6f^ssOfUb;Sm|VRahI#&MTHDT#f=Uf&I$<%nT@UoKKyUI`GZBEi=E+PLgS*$
ziLMSGW;Z;@SeoeI@&J?;7%~zPGFzP-K7dXkNl09f0J;M}!=TBP?ScZdCg5OL;ly(B
z_z#{1r+#o0Tz<~@VeYRB&);XP%UtioePLxrqm$C*6B#R<SoVWzG?|O%6Luy@gK8>9
zen?Hl$e%HPBjW=>H-1n}#Uu<mB^Fdufmxp~Haam~W>DY&*HZ<*81xohc#+A1R7-JQ
zWKXbQ5WM&*GXYvpB_vFEu8`U0#Cq8v6I4r;Cz^v}F7OwFe)9!|%yy?Wm-i*2)=<vB
zGBO!7?7x((SIq2insXUcOXWVF`2)1?j+ud3qy9_!`XfI$8g7F2<8U}IoczJU;PHWx
zAtS-#2WtZ;RFX0$x^iAzkdd0`;IaS|c8r+`4uK$<lN=`*K=Ie%VsYu_51s`#e{d9B
z1h*MDe(eO)EWbeJBFEzIpNLpw1IOZl4~-2!Gdx{uFYa<>MT*Dr2Z;E{zkKTl2ZM)e
zHatEuK<Bm;-25St;P1+F;pPtx0Z4p!xPs!t!xa`EoF7HN@xl2~fQ0y1@smN%{KCy2
zG7N|q>2&1+$B59yn?Ga}5OJdX02U`6t|I$kank;C|3*-Z2wmQnc=LyV0CKCL^5@MT
zA`BKAK{3JvjuBAJmiH48?x3{Ea}g9Tpm6rUh!_7?H`o>Ql`pZpJ`TzeoPKUQpshmh
zp9&cYzu2K=*-i%zXN3gz2cR=SK(^`ZXLDoxVEGet7UkE3bqPm*@Js;N5dTU-fnz^|
zqVk0ekamQk+@%Fy8wxpj7(Z|@b~r46w<9Ki*v`^C2S4&Lg4z+CQYWQmI557xU~o`Y
z1JRCPWKhaV)JlAr$nv_8At^)Y7vtyK?4b4+8@L6*_)*X~F@Y6SrfD*O+7F7J90xy2
zGIIQ4{K)V?z|9HVesFT-zi^750os1>gti|PGrOJmFUuypO<0>C_&_PMF=K+0#{P*;
zte4Lwv?jbrSed|}!1`eCix2LMACBw*`EErbh}3=g!I#C2L9N3L<l7S;8MvwIV~|fT
z{4iiN*etKfx1T}D3tUQbfJ$j)h6h0m?iv3%{xd9p&A}e;%6uvQ6+1VZ8_xyzO#fGx
z>KI=4F)-*eWXkMscd~Y4(0G1P!i_=0<|2ch%|*~z=MD^xP8`mO85|A_AJQ8goj4pE
z<v6$*J_s-<{$ltP$O(!iP#DkRVEVwq{@WpngXsekD~E*gFV;^ME{8rlFl$IiNGSbc
z{>UK#O3@&9@;=~jbIbtc;f1d`7$aS6_IJCnxiMxkXnwlrkjbF&;Ua?`!v}-L1sMxo
zb1*c!Hhj=(1f}!?A5<C(z$G)sYi>r4*KDjEPN4dm@5ef)h7V$m-!rcLkXW$YiRZ$G
z3{aW_wdXg2+w&XY?Rhq6d!CJ8dmdy0tUb^0;m&_hd*0&02c(j+&k0geid_7JR8p!v
zfR*C{3>#2d^b8+%{)gpFP>bFm(*T?k)%IH?wkI-tSoOak6E$x#d|2>*_eTMKo=Y6B
zxfwt;VL<|j)gbAZ;rM}((J^7#1CI~P3<U|^;F8n-)oljvAFLY`G-NNaygmSGYp^S3
zfMV(r`))VZD~w7^zZgD%awe#S5AvbT{$@9Z54r#MCY=7k6L9ng$A<R_IS=ArNmHS9
zuZ_r+3@;KP`I6;z10yI`!rJwaTnTE|CnWHKawSTuo*SiAALS~5rB$zx+3X~ESvFy1
zA}C+-Jy1ewX&g=HO<0leGJ!#1MIz$^h7UjgvB6pqA3pyB??C7U^_*GUI@}U62&8T%
z<zGx+vpGOz4~K;6FXnFo630F}uu4d1xTyVNMM~e0w9V$W5VUd!C9Ma#+U)N_OY4x7
zeWU@DvN>LJaUNjcc+JM`;VQA8;lsjzajp#?wl#du*qTY3bY1X|LDvLpsun~^)k+T(
zGFzQkFKc9i(sX{JJ~%uB|7{1?HG-G-CZeZi=YN=~+4A46j{^Lhmps8~mh&|m11ufe
zL({Prw7=^0gL}c19~=$-uWqm^=xXd|_#picbUu{&g)2WqCNNB8f%Icp^`Z3-!w2qv
z3K<MD6@D>(y2#FYg<%$G3;>eSSAa_co&D@?3?F{{J^F)V!tozG6Hfl%C^-3pC*a5r
zjs-`4h-`qQj8FXxAD;aMrHoJgpfy0v8(7^AxE*l&s(b&(8Lx&9?2X*IhWiE7SwC_!
z9OwAYpqTNGL-7~e2T)7X>B0eLh7XJkZIaNI2FG`X8$UP#Ag#$APM{dw@%QQvjtQ==
z9QzqQZ2Id9rq}&NR<Zo=36$0d?*mY~lH>BtA3Wf8;fWs{6Hfl%X#l0?iGSTcFf(K%
zR7i4|!b0-zgM}G8of<wIX<*P`_^_;jQI+)<+ec3ZFQ*L-g3cTcSW`JOsD$nUmElZ^
zznH!iaxi{i;*gL~`^E85K;qzM2Q~*60|~`nY@e83GjOoHJ^`-#{a>Bny7_}60hDqN
zFa&^8tjFJLKR7n{f&Jz5Hx5kO{Y6$`{`V%>f2_YaK7v}!ApbSHa$LUsgNI>*6U)Vu
z;NCaS1d#s}!Tu{qSoNBnV}~T;1W-GLai&KC;|z}<3=PXO{9j$?+VxR^ACx}0|GIBJ
z`-5Qt%j;7N;5714gX^-JfWF0k&<rk0+L+1ui}52UZLmK8weAq*;LAU!esD}U4M`mv
zPX6Fo0BQ-bedJ(eoRN?i@E{@Mz-G`+tpDGi{AFbjy5Rmm^rHj6#(w_~|IN8CLDED*
z#(xHljSy8#e^?nzFD}T~;UshUpmb8EfF{@F9TEwN3lkhaFfuzQa0Y<lFCc;I0ca&<
zVxq$bW^gYR7MDyPIaoy>JjiHw;=Oc0dST{+ger+e(4G<FM-EnyZjS_(2O!)2ec${a
zl2$d`AY+{jJ3-@uAKVvw<X{1%;rl;0B0&AJ10PD75;GV-Ff%b~F?`5tI>q7t>JY~%
zc8=F9oMu;)Kqva}Gki#CS|ZirG{NP-huEgf%pNC(4>uaFaVY2&T)OguXTkD}5OCZE
z{Mq9KO3OZf62LX{hS#7z6T=6WKdeZ7Ce6%#r@+fUGZs4eUEJkrdr<@0XVOUUac%gZ
z+XQN>A7pp<sL|BO&hW9Sab;$wtHXz_4KFg*Bs#c2dhdw|AXhM5WKhgZT$%7P6EwOa
z)O7!c1v^6q$IgG>z5lMvWYA>zz|r&~LsLU#Kj@r9lfN%AUuJYTHGKHn2pT7Ok@({w
zq;0PO?`thU>T7L(&hX*+?=8=tXDrKH?!<jzA+)cx0NmGF-~?;ivq0PSEF`q;89wa#
z&7jwI;Xx)Vysy;*Z9xcLe3Y31?Q3Nulswmf_O%u`!P@l<A7=k%(6|4RzFs4<-D&mZ
zeTj-l<ADqxdVVK>dt2e_L1PEA!EO5hl-`!t`lDESTL}psKUf-aA7*BDx^i4xk&%<=
z;IabT*Gf!a2uyqk>OuLxx&Y2)4K8M&-c|u9&x3kd3?Bl2Zv>|T-`}7Z1gYKd`V>E?
zoOAij`uY^8lwj<0V!NQ3+2;i6ZG8mywzfO5fl~nEFRqUr&KmGhT9D5`qqLyj*7t;c
z30X)zEnZMhivi>}P^-?<6*Nlg=?WXA<%G8CI0?4uKqeqsbsvAhdRvG%LG5iJVnz7@
zELIS`Ert&le(m1~ayMpgi{ZneUy$Aw#7<EE7gVNg{{<?=AmN^o+2X`~5fm?L9)QMd
zVSQkTETpfcbcq$Muf_0T>Mzi^5prKk1KQUD*#+urF??wLb@B&?!<U3*pw*BQY94_4
z9voEeX(c5pB|c1Keci~Ag|(-ZnZN>S)8XxD31I1IX=Zji30{^-SdjQ6VF`Hj2-eqP
zyL=|0CE-B==#H)h;5G>VFO4h*IgKRli&uY~0FOK}X#BYd%Iz9Spz!|x6IAv=`e8r7
z=R#y>C}fJc-Qu{!An4ZW1R6JFe9g*n;6r{R^9N>jMtz14S&go)4Ik1QZ~R~>h<|mw
z&f#NXqwoi2e*TLeI21Hg_8Z7HIUV>A*?9lQ9;Sv22Zo8#9Zm;61U7m<+~_2Axl39=
z>%a%MM&=KU3<k~)AD9>lB{LE{GC(6*9tlq1@vHy|=L~0X9ROO%w&0)M!$p}BT*WRv
z$Z(Kob87gY4bshI<m~i;iK$RBE1^N!E5qpnBNKQ$k;yAzVd8@Xk%vi{6I`_~F350{
z*ywcNgJ5Haw15U^WKZZaL}yk)p`^0}s!oT1DDcQ+R08({$5%`YAopb?c))uU3<`{H
ziHQpmo<7*c&hYVh!!M3Y3{0;XIXAi<`0$|NB8P(J%GYe%wwG@F;8<|u2TuXR#2w%=
z!29O~Fzx>H255{2Y2Jq6gY8d-87%O58;%Q#;CY)4@Vt$qtHX!p2FT0}Xe<phbEA+@
z4V}3Gjbs#G-jU(pS^%H9$$bE__r?#21@5jq7eM>9AR{mi;1L)H_y`OKw3Ox`sg!>H
z1Ju*AzHkF&45kA*1|xd$2Fe(WI#O@X!4-M_hT+4ZAIHJ1V`1?8%?*^X7={m<f84+r
zi(&Y%;s>a|$9GAi64a9Pe8m8bAI{gT@V2tV1BfhU+VTdcE$-Kh3{K$G;*_A^7UlNu
zd%@q;ZlJtS`6I$@?~70U3=E)gQ_%S75AeN}3~DMnK_mHXzu4T2z-=1+OW<~{8mLWk
zjN=;vC=V_9$idF2Y~*I?cK?S5!~gH$|JcB7W4?_XX5tS(`qO@~F$i6#0FS%!?B`Hq
zQ3TZqPExC!I`(V1DS~eT3HSk8g}L#!f!n9O5O+982z+2>=D2WDO8zqV_NpI@x*Gcx
zelY0@GZ<_UaT9eDu+-SE@Y06i*9}j05Q~SwW52@>7Trz;h&qq`3_lok4fYhcpOlaQ
zvrn^YfawBvMg@isK|9zzIWjmlg3i2V^8mStBZ1WuGy=gX#h6gw&amHsn?b>!n@Pc=
zn@J&Qb2mH3g&;Y>AB@%vApAk4p_~2N#b$Pg4+;$o`vt7nFB@#x_`*U!z-qw@3xS`P
z4E6-GtL)$Sf<s`z3l0I7{eeGNtQ~%^SYKjS0p9|q@PkR)Wj}WXb3uVShZXx}kV+0K
zkP3$%ET_L;3TA)uoPnWXE5ir&A530?3=#^f_x*mZ#=ry?GycKEz@U8FSs-JE6Uzlb
z1}25o`xq1i5&|H6SqMKMfpISbgTU674WJQL$sY?DoFoJ?7!*%BcR2B0WM9BAfkB7y
zB7*|M0~Q6w3Cs#i6EfWx6;|&PNMP9@u-B@jgn_}Mz@34CLBa7A1GB*vVP{Z@r*Ux-
zhtCC}56sN$7g#a^f3QU7I7G`i{9y6^esL0q{RL)_n0K-Rb3)(`7H{W_WCv$3t2rat
zp&86NoRREsI3Y-m;iCY<^NXN3QrZkPuR`z#BiKBKAB<r0#4j*|#6ad12>xL7cCJWv
za0auQE0P_W!K}j-$qt7LK<2SP&C`7eTK96{#|MGF4W1kvnk*Ap+(0cpP;2m4Ba4!z
z8}o|)-$nkjC~3+vt@!_)|38ZoD`;M6#sBY|U^WjUXbltdf94sCT#O(73o?B8FW~r!
zL4j!|7Z=lq|3V-!r&o-MjI)Hfm_Pg%28lVpVp3w5Ez8CF;lC(I%=HzsvT8=_D+34S
z2?-euuM8cSCM?KkcxB|kIN?D?!z*J4h6(q7OyDqnz&k(ShgyPtMx6uCd=Po(2SY)*
z1NXc-2j*#9^8<cpg5@~Da<_jl6x2Cz%&&7`n#Mjq;D<(neTH;KokOw1tse{t#SU!q
ziX9jy3uOfS&@<r7h;j&Y(8>sOV4W4{z%Y?%7V}IYCLuo1I3_1wzz;=%OFtM?0v#A<
z39&##Fa2Q92y|drB~$@YbLj_zPN0KQX45N1HpW>@SoJc%^%}E4bThA#=7Z>Gc-_nl
zF(V0N1}DQTMyzHq!_8p+%8(2(g$czCi$MB0m}fCy)z1Xi57EnrqW2L<FQ5M_K2=>l
zhS#mEtX~^a*{Axy;&X-Z8B#f?`oH2plIH^PU0G&ARCvm<eq~5ynaDHM{}rdB5tIKb
zPE}4mAwH07BO@rJK;|l#Fn(o7Wcu2W1hOIiSLb(z*X``=Umdc(Z-TP2<A3$RM00qj
z#{cU0`aFYmx*6Z{47TYYGtx6Srn7!^NLA0^p6>rjE{|nCgTDVOi46Z&l9}~iUaw<#
z-NwQT+KG_E^0gs^?MpqIN(Re^dY2Lh9*}4T+n0K`5{EfI7*a|cxaXBPsBy7<_%Fut
z;lGI6D;5?1S0*mZQy5-%vVeCpV3@&)WX5c;85~&6V4A}4x`Ty%-sK+*7T10-V3@=F
zrQSK&Vb%`@mt+UFImr$(Tp$;K@`TGPW@XR_v;Qk&XNIp00gRIwGC(Qh;tvK1h7a`)
zOke7m0vs5>)H`}OO#Q(i;^DwL)58HZ5Bk3{aA26gqQp0YdFB7_hJX2HuqZLDWRL~j
z<q2XluH-QI|6LU<&ajfl;Qx2|zx<&2WzhJI^8`2lS2H+S+&Dk7F&z2vfkDlULA`N<
ztlN<vDutl?4LSdU?g!Vo5dZ3Ap@AFsRmKd|9Pj_i(9z)si*)>}NJhyEOc|*8-~W}7
zlfw@dZEWJ6av+(f7eVtQ{GaAHb6?o;QG(y=!j6v${0txZ8}dJ_VF2#}Z2pvS|3`($
zwI2)z{9iHYfzpBhmxchw*L{2eKlmQ-eW>^Ad&R@!|BA^EBnKD&QqKnxkN?&54@nHF
zRw$40bswWcOz;nNfreK+3?2>!iS;st86FM=i5oLK95y5dIDAOt(wEpTV7Bk#(FaAD
z_kVm5rnMV3K;7^G>;{9Rj~N~g9Qp-G3?Et>3^P3(HY5c&d`OZo+y4Ah=1otKYxqAU
z7zh7QH$V@WdKp|{!>$jOAsjk<0zdd3fI_hO6%Vs<(zPEf2SBXiq-#Goz^u(lptBc1
zVxN;tF8IF^28Ag&POgDYdxXaeGdRwW;s6{k{;!zf@pXF>$W4r|n;H4O)cZNa6lQ|#
z1;vX&vWG)K@<x!~lLH(+BrBLTKIfPLx+y`j@yd@60t^bB3~Fxn7ua4mFtfdGWS7dg
z{)6Gb;U5eKtP&VxqcX1lU^#I32g`w~1Wx%`8P|Vs960=g<G`+j4yRig*MIOFIQ)a>
zz^?@POKh(jnAl!7GK*(i{=snI&<}<K@(B#G;Te~IupBt_gXKVc0;l}+jLSbb4jlTy
zabSKzhtu_p%RhJy9Qwg?;C{mX%U6DUFyR06N2u77QGN4ACVo%~J@DapL)Z@id;eF6
z5b%E`oWuCKhX)k40zY^T1pUxC!1TJ0uU_Wf4~8coU!#T#Xx#uv?co@ZDyG-X%=dmU
zytw>>!3Lxj6!yjm#TmrdK(6`437ctZ{^o?wG&TQo0w`|gJN^G+xn5-_qEs>6D4?Y2
z#`5tC!~gHoez83Ou^1E?l(^k^+~f{G_qjHoSPVLWiGh)Ufq{vEfq{jAfq{d8fk6P&
z4rE|paA06yXkcJqkY-?DFbi1zB``SEvF`8^aj9u>>Q<+-S6hE{oh!dO;@6tV%#Xc8
ze;Fuz%Pm_wvFuETst?oGKi8l7Uq7vNw86zxt$%USR?n!7_tK?zsm|bg<@)fzzgVVH
z{lh{Zd>R)|ck4a&^K$m{_<rW8b0&$tuFBniD>7)RZu7n?mlaDQG&3J~x|}%Km(_Ww
zw4$=_OSWCa%)5m<)wlUS+$X-a<3rjSg_B#X&eckI-A`^ZlzN(A95~&zJ~-(?dCJC?
zb=kXR7Bv2wqRsI$BEzFV@~>-ud(OQn+kaFCDPJyL{fNoCD7;_(vDWI)G<J>Go0t!6
z)t^;;v~4Me`Q=aT8U~w|?pNNG#mp4bB=%NY=6u(rEtShZd}9B+@KL7U*)O+JukK@I
zlTR|a*!6GOk-5QoCJRD8FEV=A#ajCM+Y-w+&D^WrCpfUpFN_Nm$lLp~OVQ4j?e4U7
ztaf+Z_CE97+8Z*FHTFnh{uMTs|Dpj2D!*q)PJg-g+8Jku&hmLT)Au^P*wE44$!-xX
z`TX{~6P4~<H49(zJJp<&Yxx0+wdS@4PLH?RMr#TL<@}1Ga(@5k`x|D_$}e|yovpg1
zu35@WelEpjF&P&_qGwy_nW=0{=i=di9zOZfw0B$PO`I+5fAm1ZB85ANncn45Vp2jf
zT)QSedaAYHfb#<-8(DE_A#PqyzO~1@KkZzxP4~n~IgwV$kKsP-rR#U!o%!x>LjB_T
zYK-6ad@YJOYMtg{QujN$Ow+mh&N1cF8GqhxOaAy|$EiDp*9BUWog9>=3o8g7YpGT7
zYW-om`;ws1&vm&AHIIAi&y)RZu<6d5pf=tMj}MmTh;7!MxwBy9FOMmLN+~bhkM#Um
zA!Ywz!3~|-u=f*;m5%#)wjaD`ar57zQ$1$fS7w}V{JKozUe!{yzU{Y`>|bmDWUiGC
z@1%-=*=ORjlHBS-4hi>ud$Hrjgt+gPdSBNcZraxnJHKY~h0K+@SMxUush+o<x#q<3
zS_y%?<T)>@cU#})tWZ1qMIthfar>+{D`xpOr{+z4R`=}xDvtAe6ra5ieSdTI^Ihl6
z^1ZHb&VO~SW`pMXO-l?7mF=|*rYt>nAZ?MU`5wQLWv80{Y`8Gtf#{9p#$Gd6K7POT
z#*r`JY`y-siQ>K2e9L?{ymt=qU3KO@%d{ttw_cnl-I3+9Ltf`#ePF5^%d5D#v8FwY
z#U<^(^c=Z=N6Dsd4!U%El5v>8OJVnGxjl*3XI1emH18An5!q=Y{Q8~x%5$bC6Su#8
zD)Z20qkC24{Y!J~i$8@{o)eMSZ+^V^)!FaC(X0N(i{#thZ@cYM(fE1&DZ3*XJ9SJ{
zEaDv&A1XR5E5@VxXivANjfUe?-v5P+D=hDA=HZz0WXp{S2g6blTTWLOY%{uA5|iWM
z6u#ra@-Kk_sg8BQOT?uP$EjOQ%U*4L+I6n{$B18RRx>~Lp8U%|AvCva?YFWs9TR<+
zzN%h->i_4o*3s)OrfLm~leYFpZM^3xy-PKn@0II}1OH+lmg*m7`ry+jG~KOt@z2ZI
z$Kv~$pU;^jI<+cy|Le%0skfT<UC~u6iMX8kz*F<Y$v&6PL#0`jeP1f<B4%b6?o_|)
z|8U>7wH+VC*C?D!vpQG1#p`~ugrU^aCgZ^A3H8BAuH`8kAFRvX-LjzZpNuxg&nX!m
z1rdK;`z3SkO=<s89kl&&@oHrz@1jTj@{hw;ho)(1yxzoqXsbSR_0hIj9Ojpowrd!C
zTDo6(Qx-GRt|qa!F*4`7w6|0)pY)0S^M^;7eha_cN<F)emF;Sh$wm2p%Z_vf>zT|A
z{k&+w!!A~%*WZ?uzG>#Re4pU3YJOoHn?T;)z%E6*pKN!h*|OT*UAOm{uUl`(#I3PM
z3R$nPvE+*eB>ew9LsI4C-fPpH9Xij<yP00@^kT!_?oRfOXvyam?@m<S=Biof&hJ$7
zQm*C4Nl^Z8Yv62tt8L^_ASkz{C@RPAKi}Wq7OnhYSJ&CfS?Zdp-{j{?Sr(I_7!p1E
zqMn(GRXP{X#^>Ra`KP_xa%tjh>3K&FH25prNnGSz9+fF2BqO$K@*^&-1qYr!P_l6r
zmll%c<>cc&-u-Fqify_(SIUW;ko*|l%3iwO=kCmRyA$dc|5aoBKL2Y`%pU7Bm!oyR
zqfIoOyUUI#pT6_w?Y4}MPj)2VF}!}NHQ7l(X}Yk3;IS436|dG>+ufIb82wx)xKQ(W
zuKqk(Z-Y&DJ_oh&zIlAG{DRnK?VOzjD`$F45&V_%(p{<N&x#}V9~MaI)P~)dV661s
z&$IpbMT?sU7oF<)$9-jnS>xAb=kHZ5)#%%POKtyJ`z3R&be>GA2;e;vpEcX9E+k2~
z_uHWzHzvIJZmAcy{&3URhS>T0CSS;`(Y>0#Qb_gu=9z0wSl3DjEKi>EB5$|#?dl4(
zvz!u<d0)2Adc!!&zj;O8)Mu&B{;#S#zekbdh3NZdv!Cy}X_oJGj&uI2D>WN5uWedl
zxL(;_%W%rlV+Lu9Ob_hwD=|OS^k><H2@f{hSZ*vjgXN>wtv8O}1J2g-eVZt*f6ce7
zcf)&UU*A<{LRh9fxxe+|yvH3`KGO0!2X_Rfy4Ammo6BO_!x&rA{;SxL`?sEK`sS!h
zw<iUK3A{9Rzm_YUczsq6&qDJmkspzLHo~tv)mNT-cQSFi=~J19Z#TME+1$T0C$jic
zsQoz+iAwY1#rw~G4}P`kZ+vvV?R}BkE){K`*Pm)UlCjgyM8!hKVez5(!?I#Us*m>Y
zc-m-mPv!mZ$hg9?a5E3by(e34%sCjAGNI*kb>cRos|7JR9wp&BE;xM&3|Q`17n~|C
zb$E%o)wH<P)~B=Q%71kIwPtn1WADk#1`46S%GQ3%J<~C<jOnYY&r|<D*R_sbKW(bk
z;F7epfAPk9o>9A0)1_az&fxnO`|yDNVWv`_MxhUGy^E(`&OY|DpZR(GB+;pJa`(Tk
z3YvN=a^Dr*=8}lZiVr+BGf(!poH$gP)!Fx@qB3G;w%tzkyM+(;ZS(K=Aih@NWZIf@
zwOg$2CrfxqJ#8`!oStADoa9=cvhhKA_U@K-jsIj8aQvL2?NJbs;o2|x_uiEDoa&(M
zKZ;i?U-m9~#3cVXygxKeYxV0*>>6A3nGYRpn^kRoc`1j6!Ke29%A1xlGwsR}dmGbq
zzDrxCa`~h!?4Lh;%Jf_K=vM04FRW}=_nBOjPg-`Q>z|&<+~CiP7KC=O8a@2Br1W(&
zx8<7zhgI(j<Jjis?F|%AwENk0cbYAm-Q9Jp&wSnXhD_Yrd!&#xmW?I<N<hMY(HW8|
zzxQ67{?eiIjPuR(@_8>d>~-p7@936%ZV`Q=^7gx$h3;HVH81&Few>s8<^KlG<~D63
zkGFzyYYL)r{EGPg{{G*}A7-)6R_>~<nYtxESIW(p48>*9voD62saWZ8@oY>FpUnUK
z-Ihz!W=qeTc%Z@m=$*tx3guCm-a;~BQj;HX?OJf)sg{zB^8;xiS#eH2Zr<)sYmaZ!
z-MK<e<iyI4;jNOT>wVZ~zT17be(~P~#_#jhiemPBO>;SF{X5#E&bhlxQ~C6rV{f-*
z{CTn?`J>_WQ+JY`1X`yHJ18A%Q4sWMtyS55>4)vlb%I8k$8#6Xll9i$bmy}{8}FN-
zgXI?<Z`RHcD_A*m=M=$T9xvUMQvR$s((_?~lzna34IN{p_Y*wZkNa8NJb3X`&%Z@i
zW|(n*U3R{)YN^J(?YGqW*4i)GZ>95OZbbm^r1-4aXX-+d+<Lzq6239v#STloxbKIX
zzOIj*zpvp!X3gZQ`73o*&u<o5bHaM2guwFJIWO{(t#4QFRy)gC5t;WzV%8hR?f%Ux
zW=(yTn)iQI-LpN49Op&fKYQ_f*Uj1aUgyl_zq-P?LGxP862tYI?6nM)mmV{ivdHv6
znqP_eo~A#`PEB~Q;lgrb(Hkruy=J^|{C?|fJzu~?as6+;WxdzlJNs@}btc4j+LQY%
z7w0|Rn&l(ip>uGDe5zZ0VBB1mS3QiertQCqOSpgQIi_!plD$1C=#s!o<FISF!tU2+
z^&~Dduj2U;*(W0Wy3=Omxp(S`+f7f(Jbe4qy~<|er8$xJKZV*Ci%3+SJ6^os{Cn`L
zvw!2GSJ~bd$#<z}yS@HY<L8W>c1Kh!bW9c>ig%C|D?0pW509#iMz<&Lf5)jSEDITV
zIPPuUa%0Yuu#^c0Pgf_l7+o#cmg7+pv*UtOcwoTtFLlAGj#7u0h+9pIQ@1{yy;}aG
z>)bV~BYt^LW`3*?`paPLx7@OhiDhTLs`@bb|GED3==IZDY7H)?Tl*I$-SdpvsG2Ul
z%XJ3dtJsGJ{vBp2)o&E~;M2Q!x?A?KpO=}R$M=g)oil0w>#E$Tw<3eC=r-?*xU5*>
zshRnp&*j9)(yY!yUn(m5W@g((sNXHzxo?~Q!w=$XJ5HvpQK;QwbuL-L>;BUwL#gQr
z#(_z$^}!n-l&9=&S(p7!W<lf6DcT$b5g8u+l7C&NwCCIl+Ww<@wescSqDM^LkHh=r
z)3jEHZerJXt<QXDYul{qqnDR*m>Ya**HGTHbU)LsEatZ{O=4ZzGUu01+EV%X!zXsX
zg^w~*&wjbZc6A@?MfoI?BVGTNnamB=TeKkbGpo_Vt|g_fzj0f>X?9rkJ|T{6e&OCg
zfjqmPU5e9e+3wz5$7<*6w)fe@t-T?Itg%N}@~^NZ{1*+7RQWyQ+Vq!uJI^>fq?gaT
zxnZx<3-*rg&gT}<l9jjLomlA3Ra5hl-|5FmxfW3V=WK3kF!Fe-Ew`pXFvqVb>hJIW
zeEeY+t+sMk*O{qX>T;#r<j+uC7Bl-|NVJNTo*B=^bgs$#&%?J|n)Xh5-o)7r{znfa
zE>gG?mFZnBBPJ#Eh-=s615dRU*f>8>5|R~{=Huq&{IvFXx9-jr+eA*RlnZZ_{J7qS
zz4YDgyE7O6O{o7qUyU(l&(|WCqt<EBCUw8N%QT%&-#MndE#uGI9myY`Tt9Wk&`F>*
zS=d2odW(YKvDR7@uS-8{cdrvP`guHep{A_2{=7S%4L0$<32H09@c5v1j@agvGj|pU
z{_>dOu9Wg}#gU#r3#9Bngx%1oReC?cxc#`F=gor`EqeYfIyJ+L`^vKOjbE2)+^f2!
z*0<e$$^NxEPv%+$@J_18ntdidB+0Gr+aclJ2`_fs(2M(S+4Ob&;raU-Vl!(dU&vpn
zd-eQgA=MMsGuH?#ua$U_mptco^=|94oE2($UnC;mFm9jKykeIBv(&t)tLmQpSL8Uq
z=l!!6qPuR+e(rV7EdSLN&iR_xYBm_I-?T)_P}%;N!IY(@2htXmnD6oXv+PvUgAErZ
z7>nLm{?Tg&i{tlOZ|eC1&Wh`Qn^@L+&DYs?!}~KKzN?<xXPGwd@z#qz(j8d`cgX9w
z)d!}|WqB3H7;D<|tGJ~7x1J;S<|x_pNkNxxzcdaL$Q5?KHmfJ`x_K4P!pJ_6AFn%Y
zgwMTGU%B1%Wa7iOPi3lXHoDJ=yniXwzW9?w<vEe!{pQDmU!DCPAHC}DeUW_IiniM>
zry4)6-)VOw!$QYI<xsrCVzHvbvU_+`A8B-Z+WdE%%4=E3xPs%}W}X{!o@_~(a4@Vo
zvE}sDf^9|~B{4Y{oWgem1qB6ha&mHJWo2buy?XVkfq{X6nVFf{(xpq6T3A?E?BBnC
zzk`E=!{Wt@7tfnFZ(d_#W8>$~pFdx}e*OCI-@kv?)YQ~Ge*E~crKP21Q&UsZ?Afzt
z>+9?5|NsC0e|vj-yNQX3Nnc-IpR=>Gvx|$1%aJ2Tj@-L<@7~LoFJGQMefo4rNJvO^
zb#?WWDO08x85tQZTefW3p+kobDJv^0+uGXNzI*rXosW-?&(x_?r*d<1b2~XXIsN+e
z>(}AKhY$Pt`T22haB%49>FF(8xNu=wT3VWhhK9z?n>TN&sHmuH+O%m?Sy@?GbaZs|
zqD6}qd3t(!=H}++c6WDoU%YtnqN=K@YEe;9(T^WLeti4(?ORGpN=jQ>TU$m(M#hX8
zGiHd1iHTjga^=dBB}<mX#Kgp$IdkSrY;0_7YHDigwr$(CO`0@mQcg}zPC-FIfrp2O
zM?gS8z~8@r|Gs_u_U+D{J9pl?b?a7KTwI)}sHmu$o10sBczF2o<;$1%_V)J9ojZ4K
zOG``3gb5QS+_-V$#_H9pSA+6@Pft(Jo;`c^T)uqyG8Y#Y*Z1$=zdw2M<Vi$CL<B1<
zE9;IOJ9cc|ym_;$tE(#;8ynk&3l}cv=;-Lk$;rv}_xJaoI(6!ly}i9XKR-V|6B85D
z!Gi}6u3x`?{ocKM_cAjxGcz(WG71X|3wL#Ob!BH~XIoiWSxuZcaiXB0prE6pqocpS
zzkhmqditF^ckaA;_3G91>C>lw`t<43`Sa(`pF4N%+=mYzK5W^tWy`Z?&z=<*7Z*>P
zHf`FPHEY(Cl$4YxDJdyEfByXW+O=!fnwpxLwzjsmK6>=%(a)bhf0~<{o4<JR;)RTi
zj7({1Y3cp@_wVQB<>k4%ySsn<`0=BZl$2CqVPT=HtgNi2rl#i6qeqW+c6N5==jZ2d
z-@bi&Qc_Y9A0Hpzs#U92Nk~XY?Ay0*pR}~J^q)U}{)B~vh1uEJ*?D_=dmlS??AWDC
zmo8OSR#qw~C@9RDHEY)G+qZ8YIB?*=zkmP!Ra8_|oIQK?Y*bWK)R!+`zR1hV%iq0w
z_wI@nD^?gA8yk0Ybab$@v$G#Re*Czhp`qc%jT<)#2?+@a2nYy7Mn*=etE;OwG&D54
zdGqE?e0+R-LPA19U|?WieSLlX%9SfuN=iyfZr!?dtCyFT7cVa_udc4H?$f7FpH@{>
zRn4D2fBxjjlP8}%dGh3(IdkT`fB*jdf&~i}Jb3Wnfwi@@wXd(Q@49vC)@f;JX?^|r
z_3MTW8#bIcapJ`5*RNmi-o1Objg5^>b8~ZZaBy(&%$YN1CMG5(ii?YjYinz3v#_wR
z)YaA1?b@|#S9y7P`L%1;uBoZ1sXcu7@L^_VW~PXUh)8mBa&l;BXsDv1q9P9u4^M4v
zZLPpo0WFFB5?W0gSS~1NN$dxWH8NjhnZq#U-*?a7OdACD3T$oK0O31=`3wvnw#svY
z&VB-&o6qpUy#X`|Suf}Iih)t^12ezCMaB%Hj6es*grW?`j6es+giRTZ8G#Os37;|!
zW&}DMOptkC=*FT1o)tdb^NN|788ioc+PMP62G0ziZU(c#bHk?(gV~1*7-WOwo?K-4
z_=Sn(;}`H*QEz_;D1q3ZRe}6J1WX0Y81#2s1dW1z*!y8C=&qP6KU5eMq(JVJcVqb4
zRlxs%L7(Bn{syrhjM4%>7_|c(Sbs1|*UMe`p(5xhcjSkPAc)1F`TC-OzRzVX&`2xT
zrX4@{6<9to3vyKi$#8*OtI4&~LGJriw^ytTpjE;G7eVK9dpKw$6lP>(csOJvY|L1Z
z;o-0%;bX>&3=fAF39=6~+{pJe$ZrDn3<?7JM}DX<Zo0&vA9I1_Yf}-(_n@^#893Z0
zpa4=Y{(+g1<!e&`!v{W)&$R`9Fj_}}e6D@vhl*m59N6cIA206YFuWl4gAqgi$PX1o
zkRFg6vOZG9A@-cT2s&5m12o;WZeVdkq&%66j4K$F8C2!m<lSBzfTT>gEGy4NhRF(U
zjH~~B|MQcTf%PKG*RCSQm7tq8Ui{Z^W8Ls!FX$|WkNymE8RqC`<YlbQxblPN0D}U9
z60@8CD+X@=4=jBC9~e9?{$QBk|3QHZG)u^GwZfsuA={zn6*ss4s~DE}S7&M@uExJQ
zTH~|-2<QY^9-mh%JYU#-_Pe+-sJOfeW&HzZhq3v8NOWm=70xd5fLI;%9J@X;a)HjA
z*?*B!7Ifa}_KOTNIT9FVI3+O5Xii|50ott$o<r={efiOU+6EanmJj?43=_oN1XnO9
z@wqW5a=Y=m=^ap<r7%-)#ozCf{t2#SP*~BpqIiQFqr!_~1<vFP{;x!&c|WRf@_tm|
zdQt5l^P+h5M@H@gn-X@esCJN9QG8&N#m<as2bqlG1DgbPYE(POXcTj<5}P5o^6z)2
z|L(6i!Kqs8BIgXt3=ap+36&YQKs)&yPW@nE*qH%ZU+v*=>IVnI&x~6?K=Y8Ne(*5J
zKHywoNp`*#P~u$a;P&^s_CEph-5(kFIX((-EWF4tgJCno{lvNb$v=i!mTsIY{(f)&
z$1n?GBGW&W`K&7-vm`xk3tsREh|K_%1sh)Q1n{opU9s>5Pk^8s7s{Ft&<ru}MBa}g
z9F7@xe@vNxDeIWfn1LzUm~aqH6qLq5rb+B)&_9^K@L^*E=Ldd<_*atB3=_gH@P1_B
z5>T>qV_fm~`?|l3Gcae#87F{Z4ix&JlRz-#K`|m=e(MK^0IF+l{oqkR%xi;O09xC^
zI{VZQ4gpX(%Q_h}&wb+ui@~WMJPHvGpwl5hC*gWHocO`Pz`OFs4<3d9hZ8?|7+6>Q
z{~q!W6elY|@uA^=fe|G%K_L!uzaMt@uV<W4k%8&%iiDkLAq8^d&V*lBX5)V)u+C<j
zU+us;8RT9<ZvFR{K}TXgXt&v_21w3P;0yxg2r0((0!oJ9u>SD}dswgf$jDWZfjy)v
z5(Lc9-Hhy7kozHFyfXncgnuOva`TeEp!JFC!Qtx%4_|(_z5@)iATFMd-Nlg5okvXg
z;&N-T10pRDcB%hg))@`2A`4h2fYJyHL&K|+;FCo_X{X^;NC7DIfYMIGt0N4s)MNUW
zb%xR$Wh|~_onYh!T3L$eepq_MCd0u1vH_b64+AT>KH&HRDG@nWfl5Tdm0~mge!up|
z$c+;$Tlt4UK^(lA1k{!h(306Np{1bJx`FQ^<7x&K230jTb+-?PVdBge8Ky9<{`>vV
zKTr+xVXK&%fF7jvBkyK&+4U7WxU3YoXpy0r;o)GBkeN}D;o(q`urgyuhKIwBgqImV
zGCUl9B*;FnaML8ae6(@{?Fae$z4(uSseqk;-l0or8;#sF-7MVxei!@$kp<Tp4u8KV
z?g7=Xx-UOC%DIWV8C7imTJI0q4aa_|>6N&mVF8muVMV1wVS(6#rVsy_j0)HkiYl5u
z{9`IA*i_N<N<3*(!6y*y^r^t860D=Ju(Hyju<*b~0oDe|^-gS;wcH%t{(isuyIy*Q
z3(Es5Fz?)N26ZDhLpM-;tnkNtqp=%ETmgKCee!eAom8Ox{2d#3-R}NyX%Lvn;wI)M
z@8;yj`%#eL?|1#*cYlN|xckFr0w^bl>~~OLP>BE4`LR=u@%6>R6Ce3GJO$!^b^Ks>
zeUQPy#X+w3hX4bE0%-S`<^_ol%uKu=<r&#89A<EkQUAsKIY^H22czY8&?$?Ik{4K3
z2}$u79cBQ@TrO~sfv_gSS;1fyM5m`5(+?KQ7Z({;v4GRc?%yEyuwD?E$*?*IeAa02
zfBlUNtF6F3{r~;@zq>y?7I?WatPF7b`~A!>2E`R085uzC0=ZBE<~9b<8K?}(L2?W~
z7%hK-+{M6kfn`;o6ptZ;(y4;30<QuGImRC>nm^z+*Zqc>s`#5xK|sIvhde{nW!{er
zoV*_yxM1$f{_O^@tr=z*W_UO-OejREtv4do)*n%7YlamRv`3W~R%*EY{T}j*K>-x<
z3=bS+99-EhA=<|bT3;^+*bA5mm<s5xxKzFo=3e37ppXOI*s<-Gl^etq!(R;08U?h9
zLGAztC~vkiFf2_@KGsrG^J8Xt`Mcig>TkTCKK<XDoqcU%e*V3XqemwO7#JilGcq!*
zOiw>otF0X-`S0KJr0dtWK3l!ocUD>18`o2(`sX$^$vd1p+1XxO`%CoKulKJbBR8FN
zckko=@ZtBHwQC*IuUy&uchREwSL@fi?w>P9`TLS3!PAP0o<tuwF#FK<?WHn*|2|wd
zd9rPmnwn3PnOTmby?q_i_wQf*&zxzFF)_*bvUF*n$<wD7IX-^;Ik~X#QSpr%tAh;<
zlk7!BwRl)qID(EJpPH(y>=t+U@LUZE34?{xrkV4zvT|*mHA|n9ot@82NJwRNLxZ&K
zqeu7EUcWw@sjlvKcGIT%`K6_=q&Yc-<~29Vmgwk2=t)VL=t@hQZOY5L^DZiC%kKpX
zqQ3<NE%CLsE=#<2ZTq>+n`^5zHG}LPKfYV2uOBzPrA7E_aPYE>ix+o-#uaqlzCD<r
zpx_|?=g;F48#h+IjgH>7FDvVc+v(H2H}~yJ_qMbwy65FJ<%*Bbj296R8@$e+Z_U1N
zVYk-%_eY<uTIDbH`}f<U&dzPueSK$z8XKogX>Aoe@9Nqm@bl+OHYO&P#`^ky9|8gv
zxY*cK?3zDc_3?@o-k$>l7yVnjIQD>pLqk`8KkM2_lkE4*ovY|!VNt;H_3Ov`d-fzB
z+_tT}^wzEQ$%=|j1_A;KQvd%y<@@~kZ|<c_`+d%yZ4}|*kuVh&R?~m;=J3P#_<f6}
zPd7c|;?iL$F0L1T<jCYt%a?~X)z$rRx3#TWlag}cd2H-1ZAnR^sl~<579=Dbn9<lM
zdC}j0Uj3ari_?^pT<Wy6LRL?hVBOr&!F|fjtw;0SyW^L4?8vqe5z(l;cW?QlxVSyC
z+}vViw{Nete(>OSn2}M6pOsaK92b|!ZBNfhTx@JSIVvh1Phw(r#2z{{KkxG8z3<no
zabA{`bY#WEiIz*IPBk=t^5k-NW#uQM=g+S?pE%JSX>OjkJvaAOPj4?{%GIkIFZub+
zd9ZS&=a!tD8^6NB*06v1@>%uOtMltqQ&06(RegE6Zk@XX2ZzAbUAyu-Dk?tYtEzex
z>FLF&$jDfHT(&Iy_?9ijfya(bSAOy0bj{tn3+I%Syik;vx4Y}@J?+lky@_qz-Mp<`
zUHlUY3LZGw+0`7`y0vgsTH2W#9v%}|nVH!bzkT~I#K$MII5F{1ys2r{&+zbd7k2K<
zoY>YT9&zyCOm$gVtDW=asargJcvJYtkJp=L%+NL#6ja)snR%(;=FOFzeSPf9r%W;4
zHhZ?NlAN5)r1o}Eg_kc+dY(Ji{y#KyRfUE|K-K;GOZ$6zn13u>7}?O-$tljuD|KuC
z{#3(f&#oVHa%$O;k#XU$qhr&CnKL!Zb#<cz`T6BeZ`e@%CnRLWwcWdOt;EE1l9P`u
zt*QCZQeOUUW_9(q-cO(Y^JZsX+nb+%Z{yLU6GIFP5&{?*nV8el&#lzf4y*n5@44jl
z>symnul9XbR`zDrsZ;%~O-=H1PoC^_sIC3g{_EF!(a6Y6uif4IPJa0Cn|tkA$2V85
zY))UaDE{yI^{%hx%u(LIWJ&P%qM|3$4jh;ry?uM>p}&70%1oYYyG~8bC(Fz%C(7Qw
z&hh*AuS{poH2a&FWW+388u;bu(~Bk_KmOz>EPOQi#*Nj*hK5POqM};%EG!&6$B$19
zQdV|LJ$!g>oP>md#<XeX3t3sY_-D=1-^$L;$0;PFV%E?gJ^Rt4`?jxNpH)*=_siV0
zss3zf>8tsioI=vg&9d`!bRtTmq)harrOkBn^6qSkirVsS!Gh@DK|xEtSzDL+Uc0tE
zar5TdbDEk#)sG+FwbR#+D{N^Io*o>$?CZsgJ2OD}|Lxm@ItmI734i`PmfyIs@<ep>
zwzpYXSN5Gg-Rrh*U;0f;%OY<tuPOI@d}dsUh}iJr{P|X|3m0~0zkh#JYt<_Mr@w!{
z6?1lOJL>B@>$<UVT4-yl;1pNauJb>Cz7$|$VqvSV|JN80u;7D@O@+(+`Kr5Ctnhvu
z7`W*3;>EH592^=B^!KxNO`2rCcJ5roJr))P9$&wHWZAPP`Tn+T<p*!wT3@QD=#(rV
zpkVO-|5K^Ypa1e*y0ky{?Ab;i9v%r1VPQ4XH*XH>$H(t`IDNY5A{UpAGveZUmPd|E
z4qv`J^iy5kpC((|D)*F>6Ki5)cRiPsG}10Eel|5B;lP5%M#&le{_`&0xwE)lNy#Nm
zODm*q!UXHp9Ua`wZf-rN-n~1nxnoE6Wf2h#n|t?`SH{KddBn{vCVTt#+Oh`^Zd)4}
zrG!~omH2USiO6|+PP)y;#>1te;*k>*v*XF3L-S)VU*4OyW{vavq@*LuCQh_mF?Fip
zk|$3tn^#tT>VE$Gs?muP-OlFbd6Bufx3>58GWJ}(x-rGiZ_cHaD?K0N<lNX27PjWs
zmoJ~$U%fi7nwolQeO1+$zIE%|Uvh8=NbK5`f3>3GLx-xWSH7NJOp%O?h03yJ;UBkb
zDL#Je*z~{`FHS4py}Picq~ygMd3ifUZ|`Y$_wG%+)7{P6*44$|T2Sy{f}LHB)7Gtp
zN7B;Htn%=faD$ndjrH5N?~HtWGD3-ohZdWfX2pkxulu=kXXb^rHt~rE56+B`m9<iz
zH&1=%!-qF5e*AbXJY$CTW<fzE<IK!UyKmlHS<u(V-Z^E8@$%WTb+^gM*(kNQi%xp^
z@}$DKbM2m?p{xFDXarQ;zrVDqr-!+J;ljutot>Nwyu4E4`}e2bdiLzPp_5a~v5brh
zI~*OG4$qvaxj|Pqs+^x+PH@A9>eC@1EB@@>oqJ78Ovftu*wW;hA1yWI?`D=)f9tLO
z^q==r_O-p)`S&*FADtL-)F2_ifRTxrG5y@ibnUQO?SIcD|6SjjbbYn&v(;s9W|f`l
zcRkf4Key>*r^CtGU+uNO-i!W<-1Iuqz3-&^hu_>E);hjfdu4O_l|}J?7p-@FwSJEB
z{y9s6zb`3zGOg&q?C1mAOAl@T`%vcZWZQL<)qJwl%yOd4?CTuuzkg-=ex}*~j7dg}
z$<n|tOP^jedHV4u$H&4)lM8RGF1}%y6l^G}WiQIY!NYQVYS3|Iw^ZfBbK?$67-&dL
zGhaB3m5ZNsmj2dR?0lT;LMmoL4brn49^JQn^!lvYYjwX&^-c9>H<iAcU&<*Y&DktF
zuURLeL`TX*PfFTMS32*`ro5;v@1hn&|6UNZ<Xez+nXmP=?TObm*Ph#~8C0$L_^#b!
z{kTH?7UAhF!OOk|U)-5-5uE=I>bzBONKp9mSpLt($`c!-x4n(dy0S0pbg$d#ed#y%
zSr&O)dQG|K<ul`oPsD~75$9XI&R^J_ec}C4t@o?^pRW4-R_wQP+firVS=W7y(?X3~
z1*f#ScAa<q`BLB~6AK$t{lCWgfCV1{Y${xA=Bw_Szry?Rioivm0~g2sTkOzqz@eYD
ztACRH+DUU2_sq2@@UZy$k>%^2<okQJl^@)8Yklc0MW<v%0R;nr|4*g<fBwt&`O^N}
zOJ^H>&hkiz@Cd7!3coq5|0aIl!}#f@i>AADoN*D?vlKrvIsC}-&`-<j{xsFuR=L}z
zoLG|*yX$$Zq>;8{@w2JL2?rJ=G)m5B^q+Up|IXt2J4!BTN?IXxS`(~SPw3!o?r`fl
z<@WBl=DQu)mv@M0*ofR)UU@HW&!aeQF<I{0Ys+pwxNZHwC?(9us>IKVOGJ*#bJA^3
zHXbfE6^|U1m>o}I4$Y4}ba`*y<u%Ul*CZWTmNe0F#l)$GOQt@#Z2qM3Q+MU_t47aH
zbUU9g&x<tAy|q2Jm$9e!>c*6-eseDQt@M1bGUvvYoUk>&!oGZF|MKd*>Z{aK>r<<~
z^i{2Mf4PoBK!Rge{?%O-A37>jz4BG{Vv6)+EL3Ecg@0VOrTF-kW77kVy*RD>;_kwl
zyCpB?l*rpD%6m_{>%BMe&fad`w(c(e)~<pF6AJ8Vob0w19@(09W>uQUgc}~rY^==R
zzB7K~lM&)eJhV8`G%MaTeBICRotYPQwuw({J2*4qpsba;>^$|I^B&%`c=+SB@Q)eV
zn`a0r84G4!+MRiGWx>rp_RhX3#>=P7*4;K+&PGYDU360W%aaN(&$WA=3tja;R3o55
z<NngB`#sG4Jqsg$EbQcL=;W0W=iQ%rYyY$BhR>W@jyYvq*pcDbbl7pG=7yQNQRTY)
za)SIDs!wkSS@9=ickZ>_Vmel0$Cf51|7fYHc{j7X{9A8z^?%+^pRVoA&c3%XKYwD#
z(W40g1_n&bjEv`2rl*J1YHL52{P%Bb()H`U&sMK~Gpnqu-}Tff`MFI^oen2Y{%WtS
zeJ}d!*QVEzk$orK-G6g`_~7_v?b^-hSFXhWU9`yc)%x|y`{&FF{=Q_%lW9dov!f3j
zC_S`&`$L((e{I)Ip6rvQrj`?BW>)8DZ~v9)`}b!5GiNelOiTj5EM0oh<muC&93MYE
znp{}8y7<P8q+mlsEqhT>4jvYksX@n&yQL~C&y72L*g!)<!hGShX<YoQtomDL&En%^
zXIC*35|W<X&~V@O(WA3!uV4FRs;k$Z-L&b|{L)e(X--brdCkocB|17LdQwtmy3*2j
zHs$4Qc^4HG{d>WJCEtRA%6zS@w<lh^R(o#q=Add#&AWDwAIBBy>kChBX<7C)ICy8q
zMR5K<sPp!%LxO_BWBEUSDo<?Oxb1Cp^p$;CS-ozjPp9A9x39?C(sIf@FRvL_e0(;%
zh=^$QI)8q5_Js>awcfw?f4XYbTe082+m1Rr&${mGn-*$pEI6gLwd=gA>q~*3KUvtA
znEo}^*Dv@G5K!S_W23rj{(SGpD^@J}92gk;Z}H-W0}c+XUH$#`YbQ-o+%tD>fro{~
zN0zT&lke}@Q+{yUw)LgAZaF0@Dk>NV2t1Yg|Nk%F=g<3dFI{T%IeS(@goj7XR9N`1
z{+l=Z9>&L;E}A~Q<BW@oo~5|><nSX$LO(5E{->#~uFBok_QaZ$lwHqbV~w;WC7(?#
zE<UgzAwhCRW8=Jw{{D;W@7!@oQ&I}4)6%kDJz)ZOb4N$dDL1#{n(y9aU*54p!$w48
zdF8!(dmhEbiOF(vuPwWM`?mFi2Pt7jMkRh$Rw8m-T$65ldh&3wv3caEsO)$W6Ei>d
z(4oC~moGcNU$f@OvZN%-6%!{KE}1&@viXxIpSmk6uNpmn-tBziL|&x1`K|4_xr{x%
zy&F@mUY&Ev&(HJ0%9S^^<m9aR6&CiH{mYm0s;^$1TA!NwrLU^W{pGrK0ume?`B!)C
z`p{8P;gzqd8dIdFXQ3h^6aI18vf|@gwoDH^cI>qBix&%P?%sVdr=-MAQC@!9U2pHi
zJA3!?wsm*&w{~?sm{3qq<78)7cx3C=Gpo|lCfxAwU}I%w{?7RAn~V@2-=W2ciCOWc
zrt5x&hi6{cxl?>%TieWtg9okDWo6ZO&YO4B;^D*B!asg!Z=Nwj$yiYE((cU6l?69%
zvUm3N884qQMR(im*)~dYa-x&k+fORIeA(`K?%b;Xp`ig48X8Nh?%!wb@9ByBv2Y=0
zLuaRyI4^JNt^ND28$Ns1a?Hu;!j6oLro)bonj2=$j4IdFl@sLWuRgtD!-_v4A-UIf
z@7A#r69dgxg4P#+<}*QS1VHo9+1c6IpgCdC{IG$6fdL~UBO_?O8Z-wAn%@PjO90KK
zgXaA~bK#&h3848_&|D{I-2i9~7c}Sm;lqayYuBz_3!2{ttqlOpk%Q)BL390}H36Xc
zV$i%ZXg(h_XA7E31+9w!&8>sx<j<Tra|X1w0klp6G`|a)!v@V?gXZ!<^Twb#f6$yP
zXdW4~mI1V0K|(@80yJOF%F4<LnwJL6GlS-qLG#Iv9zA*ln&$=0FN4-Cfab_S>oP#|
zy`cGh(EK=Pz8f@W4w}0L%^QQ(Zh+>EL36#JH36V`bI@80(E1C|+5*r#F=(9w0|NsC
zXiWlWKK#$0KYu`T+MqQNpfw+$H5j0|bW2N1OVFG(XsrcktpRAhAGEgM{rmUtL38e)
zwI0sS&d#7YYS276Xl@_01_3m;4_apcn*Ro^e*n!<gXXzG^XZ^@anQOE(E1V3+62&g
z3DCL+3kwSi(EK)Nodakc1!$cFXige5#|~OI0$N`Jn!^Xp(}U)zLF*M@^X=28PoEB2
zM*^Dn2CXFlt*5A~tE&U86#=c^0Ikme&B24#CV=MVLF-jOYZ^f789?h3Ky&M$H5VNn
z9UY)G8KCtgpfwes`Ek&?6wrDN&^i;)nt=xo9y|c8Ndc{q0IkIUtseocxd5##0j&oC
zty2N5(*Ui10Ig2|t)l>~Qvt2lsI0841g(Vt&EJF8KIG=+=7QFJfY#W6)~$fn3V_y*
zfYvU6)**n_T7cG-fYu3s)&PLkwSeaGLF*Mj>r_B%TtI6lK<i^b>n}j-96;+SKx-F3
zYcD|S7(nYEK<hj}>svtUJ3#AFK<gqv>k&X}V?b+EKx;riYh6HVDM0H7K<hL>>rz1L
zRX}TBK<h<7YcN1-eL!mme*F0H1GE-KP*6}1w2lC@wg$AG2ee)XwAKf-?gX^X2eh6C
zv_1s1z5uia2eiHew3Y?5E(f%Z1GE+bw3Z08ZUnT32eifpwB7`?jsdhr0<>NQwB7-<
z9tgD70krnUV(a}Md)yS<7(XQaU}a#v%Kzy`0^^6C9~y2(dl?iMKB)cxodclsgW*H;
z4~7p_KNvo&{K4=+>nFp9vY!ke-u<|_RKtz&L&*<@5Bq;Ie0cto;e*02kVy6qh7aMt
z7(VR%1u>gJ!Dw&6R^7Ku-4`~nxG{XF`@yo}@Asnr8XFni_&=2-Fn$R7q5gp3!_1!>
z-Z^xAc$d&6se1p1N}B(dhGe#{4M~P>AoV5xbLGBXWcZ--li`EnPscYB+&LQ|uHpU3
z@PX|o!w0^f{GVJB7(ZzLVE7>RGhjp61Bk7cHZXkX`|<C4=?{hv=|34hH2q-skn`i;
z_y0dq<bGac_`v*=;lqy~3?G<4zWBlL;lU4v4=;Z3f6_<@cwhl_H^T?zANPMu2nD%B
z?LWf@=bsE8;(joEnDgWB_sahebMF6O_;BS1!-so67(N{S!SG?v4~7p%e(--1NMQKz
z@IS+cGd}`0v^-=`V3;7F#Q*7sF#jhF#R7MP8*P64`=0)r;e+T;h7Sfm7(Ph-`1f7(
z55(+^KNvnN`@!&G!w-fJQ-6T`!|-9+5B^V20vJAQ{?G7X-jARSd*3j17wqL#V4c7)
zmF+7-0?PzY2nr}LPcU+0`^uQWG=c4FLn4m?;{>)91@7>$Rw-}?xo3_b|ECnu`#;vC
zfMg;5ezAc;ng3IO5dWtJL6#MaAB2B0GO%3W|1>9n;X}oL=?4rS_Wxk`Aor8ugTxQU
z5Bk3#ZUv>5fFBGWqJA)Zu>ZmE!QuzQ2Zta0pE?2<KE(cK_~7v)V*|rOklR?lHY91f
zv8*U?huC*)gMbn!ei%P2{>SiP;*bB|*ZgPrQ2c}O!`*)nvvq$kd;q0LogWMz1b;Am
z;QGPvLFfnnr<eeS5BmQ>Vdl2s(gOyi`#)Y7Gk$om55#(6%=qE<zOyfx7<=C`bW1Ao
zf4dM=;2!u!fIIk&gf`=c`TNxuFnkc$&!E8cp>78#Wicq+|FJ<BB+K++!w!hsmTlnw
z<if=8!T1N$hlbw_ADn*t{|@qv$`7Uw(%@M7|NY+o|KBhF|Ns5&|Nq|){r~@c_y7Oj
z5C7-?^u~eV!-IeSzn}iEwxRifkV#m@gw<!?gX&fg7F0BJ3`{I+1ciu}8|&AGL{NzE
zf8t?0;R|AMF)%PND!Zn4u0H$z-@RQk%0i3;Kx~j0qXN?h6{rj6Y~WbI^nvZq|L<S^
zGkggC;r|5`x*##V|0#0cFS4uzu|xj<|K9cg|M&X;|G#(s|NlMj|Nrml|Nno_|Ih!a
z#DU>M&%giQ%m3>`Q~sO{oGX|=i2Q)$)fNYa4>kW3AAo!XiU)`dAQfN#L2LlAE&u=j
z9{K<OcfbGtzeoK4|K0Zg|L<o1|9`jp&;KdGf#E~+zyIIe{>y;VtKnWmI_&X<rGo_<
zcvdifc>P}jTtdV+NIZbJ`Q?9zjXWz@KD7RX$#OnOk^6L!WhF@T_)mySGaMK`sQ(ju
z!1!V6f6$2)|Gx|W|Ns5RzyIGq{`>#^=Rf{WDGm%D#Qy#N&iG$p!_MadTXo;Ebg%uY
zQ_G;hG(k#f=?eZ&C62$pPyV}f1<QwhzgXND6rESFe7N$9LBnG|D5Ny6IDA^}?7WI;
zC8*qF`Jndq|96Z3Q67vFKt6I_!7u?-lKFpWC{A6a=ms+7-7glm|KHF2gXH2_KNvnt
z`oaIn#)09(rN0b1ELTCMGJH7mSM~wOwICBfCc#W$UZv=kx`O3H?(hHKSN(&O0H89t
z;0OPw2nU7_8~%daH}x0qSDo6V2QdF6)iNlsPGFwExq{_G@PGd=ZN;3cSXc6Yk_lk>
zQ1?$^BP2#9{dIrv|NG5<94i<nEL_0=_JM{E$Y$o%lB*QmK)RhkY2_cohoBz}A8dXw
zd@%XJ|H;RJ;X}z^mKBT>*jFd6V3;5XRjc#=|MyM*SY|MRO-fwB2o4M884MF7SF^2B
zTnRGo$p8P}-TpCr&;pg#KNvpn{NVrO;K1;~=PyW>@jvg^q}si2Sh@xFGP!ZP`F~+Z
zEO2LFnE#f2cJLcXZN?9u_ONg<DDW^aC@?St*fTI#IxsMNum`op7##W?7!?>MfbuUW
zmot7?x7RZ-vn0sRT_G(oGbc5Li@`CqI5@S$JGBxjqN7lhTB2a9pbC<64F)yk6ckib
z6jX~9O7iow6;w_2jMEf~Q<L-aQi^pHR4qVUUnl)y1_lO4*I-?DXJ3-kJBI|3rk(`z
zT~dpU<8k_qfx*}X>Oo@t7vyXL4iF;M2RS-9d4?zu?LS`^Q?T*GhBqiKgEJDb#2f=d
zu!kc#W*M29VKt5+I3v->)GV|hC9xzGn+k}$TV`Hj4mN3!dvrmD6YDqEvecr={Jd0!
z^wg4K1-GKil*CGf{IoPZ1_lO@zk`Ys5s8+Ifgvc^5oB~~UUE@oK}lwQ9yGa{fzoGg
zW=>8fJk2JSr7Pr@r51tIXO^TEC4!U}gUl#SR0t?d%E?StaD|uy^$JK1Vtz_01?Hz@
zq-Iy9q$cO5Ac8PCF;BfjAt^O4IU_f*C>vD8F}QeulT3DMr9ygY9@K#f3aX^|1<8!W
z^rF<%+|;}hP)a1l41*>{4yGnXMurUwIoRfK2=9tyv)N;C^((_cf0yOg-g_NWRhM~j
zX<9H>%*4Bk4ozv<U%Sa={_IN!yN>QFidp`A;<GFBi`iSF(>#tB{Mz!4>7?x}uUobU
z-RvYYFN(XdFZP|UJx$y)*PvJH^OVb_=NFVd`!q>js(^JBOLMrv?^|V)EdpMs|4n{p
z^K|<O&UN_#rhP5vyck{z)kPUzH~yn2Ty{px;5N^nqe;t6cf8-eVa)-vZ#Pf6dHi&k
zz@RO?D(A7(VQ%Jm(udrhc=#z5=O2#0GV7WFyT`Sj39GMs`}o-7a)kG?oo6-oXUKDS
zC%5UxWMA9Hmim3!9ftJm-G^5?Hvc~U>%=3uy7dh9lbINq44POLGchuNgX3jatmu*}
zCOab+-CAFA;v}=0#V?OPz6N=($~w>ae`~*IWaXA;ArxV*#M`h&cfG!lT~cvETE>J;
z`R?K@+NZXwZ5KEs{Ie>FYqHS<CtfkVU)MFS&kuR>C$;3qH|K1>c_#Izvt^|2H8t+%
zh_yekZR3iia~cbl`x&*1%2e=ukofo7+g$tQ!|%TWk45af!N&ad0JB7B_l$oVzg@8X
zm3+WL@;JkL-<b(pcAa~C?q;@b*_8jk%O$-2rGDU=7-Ow8rS*b>M5NwQW9Bu|@fAjb
zs_*KjDXzR$HoZ5kZqvjIW_pWd_kV1Cd%!MXN7Ve)4G&($#+Qa2_YLg3B5$(H?4yBv
z;7olcW<~}^rY1&)AVFh?qc>Ahw?5!nD%tneC4|Rx`x?dB59`cXXDJkCuTS<?Hn?M+
zCepd*!H)&8y5Xr0j$NCbrk?cX@Q$7v>$aZU&-bsTDC4R-AK#C4bHmp7ukBc{=-VHQ
zv(uvE>bA|;{kiMSuM^uRlrG>a&;A?f8pZQ}YVWy!v%g99aWCX~cdYX6+{D%x$sG4H
z9RHUl-F~90dsig=npcWenrFzI$E_024V@lc&{0@W!Y{ATxodU94U3y@nY-Vg>0Vg8
z{L>SQ*lVTpJNUxR-e`%`EdIK%@>Z4n{^I5Xx%0bCL=WU<W+^-iJnx!!hV_WmfqAPA
zvgxm$Y49*_u4~o*mFEg}h)MA&{5r_g*vRnTK=6=F_Lgh&vJXza=y9$=ci;N&yEa`v
zd?YwelxbDs&R49nE7Q5p-TXbHM>hLQ)ba&!ArdbQU22X8-N;>FcTGgMT6C_QW&5<d
zD~v<6`iu@7dAj5DS)<;y)lZMr`R0FKa&(!)z6n;wSt^?v8im$8u2xGv-?8(5iL!an
zha>8-uJRx^yz*Fnx7aaEQS`f$tMAH(Y0-OCYrn5Z6<()nA$WH3AA`j@F1ycPQ0)JG
z@aJ0Dchk;K_e=<GSi0!PyPa3dUGDys)cV-?<)+P>;tN_gY}DH;h1#Bn^F&^B30-&C
z*J<s_%^HbY<}6FTJZ)p?e65O^kL3#8Ex!akPW$+}{{6AW$v!hbg4}R)n?jGt=er-g
zVw+N9Jf4(V{r<H|=1Fq7;hIaTuFAR0U!Pp^XjS8Qx@y5WJ=xqp>n{Cts(Y0iS+#lc
z6L0U3<QwN)*bcp!|BW@&?TcOiCmw^kn7bXG){#5g_Z&N_(j}0rD4!-}_a)+D4zI(e
z1G33Zd`H6g4xBl3EsgKU>aE7#0+|{cB<r3n-FDG3%OiA+%Cy-+8oAXmtg2B(taVOb
zo24preAjI;o3?V-gEeY%S7vE8@60{==9kwT&aAp8v+vB-QqS|>bz^Dz?Kh6`nlcW}
zuOq{*uk>5Jt|0y5;*UAk`={~su2~%#k#<?mef9^Rx8FQpysS1#R4|;%y6GF|D<cv9
z^Rpb88XL;(w~6!~73QcrdF0iVUA#-?ZO*$VRrRB@<Gq=U;GX6e204v2?w@^6y$WMY
z3f1%OT)8)&@mmSgs>dy9Y*S4ZK01~9Z?UfP^r<=dSGQPv`#II%*N-`>+S^0|&**KA
zzII3IjV@=jz14*se(LgfwBD^*85zr-EZEF_rKDk7ZIbK$FotX=1_pzzCpWOTIY8Gs
z@w(|9&^w@@<gijfmf=G+sOM0~u!7~og<qgHIm0Rju=vLR8g8B&4E7d)&vX=XGj!8%
z`}uv|4`VkiH%&K?&ISJ&6bkl&PC?|`!mzbz1M^CTiA-(`s~HuUJt|zd3|Ky_{>8Q@
z_J_dl$Xo^nt_=TIMnzl+%o$M*N+0-*f*qI>xHF<0{9hRbK}3aknqM(FgG8HOF**6a
z+T;WgXZm1_q<WJOO!U7H!i-N)Gn77r8U;J}zxrIvoWPM0;J}ek;1066hzX=C*g^S2
zsBx47R{|5*<{~8~up2-p@C7??gWcx;YEu$S6l5=4)CeL9aV1C;;z}c^IK)rf35*$m
z4*stU1wki4>c0HoKW_tr3je1c9{itjf<bHOBz`bf*USACVE@3*t_wO*tH9PFUv9tS
zf9L=FoIe<=Q)F<fNRj!^Z=nNHb^A8|r#lY(pI*36aP$8l09u*HBeTZ;0|Os}>XH`<
z4lEVCA1(M~)L0(K=rZ1tQDb;up|-_o%YHStB_Czja%IGR@Fev8U`R-lk<s0<-~WRQ
zm;VO~t}xdX`(^B4vWy8!WGr;~J~Hv$xy_*B|B9V&-VcTZhP9=VQ-7ETv~FZmo$~wZ
zSB7=#Bw1g(axZ!9%{uKz!Gho)ssUcFma?|}C<tI!JMRZ$LaAhm46!;=WDImbHlDma
z=SNY%oF4@ax-71*SW@QvC<$<R#i}yrM_GW5v&Rn>ZwHw<KZ*n9{3wL0D21vh572Sm
z`H_(mq^kZ)$$Caj`-=h@6Y~WVCZu1?56B2ixR5TGKOtjcf<Ss;{)LQ-2?6O7^8_*l
z6DOoy%nQg2OuUdLm^UGFVxmA=VBUqyi-`eg6LST!1d}GDUd#>13QW3?DwsPVYhsc>
zYGCe#tcytjsS|SqvIUbTq+HAi$PP@tkRq5fA$wx7KuTcFh3t#T0Vxa$a-g+^{U4yY
zNuHr`1J8a9H_%OhN^X{J|G&TdC$PIxuG8@(Kg-7kCf1J}4FA91|94;~qrSv`0R@(?
z4Mmo24wC=BU;S6GGi9UMMh+!IH<qsl3VwY*_m|}Xhy~hdzy>~x3A7*O!&bHo-VFXv
z5+)qVK|ffk+h3WAvwyJXIsTbdkL7g_56kO5zB@k{j=@g4I{ul}4<vT{Gi&<29}JH|
zeyA6KPR(k6#lv3b05T!p0gL|Q_kJ)u1*t>U&+@vR{oW6T$Jc)_6oTXsX0*RDBij|V
zU{{n=<ceB{Xu0|?<?GoJcoRPCE!f($fz?gKjn9omiE+iR@0x#ElniA-H{q&)_7u!y
z-~yf9$@t;Fpu;Oh1<=`nj1w4UFklg9n82`-amD}dJ%6>_AT0a;tREYg7*~SM0=4|l
z`n915B5wR2LT|xo1B()FI~3f0eZTgHMTv2xg6yyF7ymGADA)^HOMagNvNBxEjp2h+
z11L2h_Qi2v?2D6sz*u2a5$M2JP*mYq5$NDpu&JW4BG93+;8VrHia>{h1xA&Om4Ob7
zg+-N)m4Ob9g_|lHD+3)G3qMsJtPFHGSjh7AKoQH=1BIZ|cVqr@D1q3ZTW34|aF}wK
zG3f7w?uKJvur$<EloaG-v@+6Ck`m%#vNqOMmKNq_wlUFBu{YOOmlx+}w=>gIlM~}(
zvo+OKl@;Y>l@Z}#VPs-q<KW`q;};Yb6_=Ej;S=PRU}R;M;b#-&5*OxSk>U_wmlok=
z(ln7*)i;;ZFxFKx&@oiEP%_oiGE$LMXn-C#rT{&F40I3~3-n+z&;ex(ER0}^fq{{M
zg@uukg@KWgg@qA(Xc<Th%m9gl)Uhxyu&^+I)qsW^LFTZ436N$GW@KPs0T~A}6J!op
zEyxH)76u3#H2wn81F{2T2FMPGy&xGzMyPwhhJZAJ+yhbrG8be9L=5T<kUK$c10S^p
zvyXuhZazp3*?r){*kEpCU;vq|&>+yj0D%k&4WJ|11Q<YJrNAK2pwPh3puoV;08t|V
z3QDL-gc^nh5L<u&q!#1@2GH4V4Gb`|8Wb2n@(duo3}Ce&7RXMB`Cu&|dqMVrj);Sp
z19B4xgQUSU$Q>XvL2d!N4`w1bf+6OC#3A;<+zmQ%4(un0tH5eO{sG$!GFO0s19U<i
z6B8&|FmNz1aWF7}&#GhKU}6HDUdI6y;NSqCVaEg#2a7Q<FmZtOGBAMT7#KiiK+FQA
zE|3}ykQp2x^FU^S3}%9;<$$RLnF(Tp%>bDV@-N6<ggZbd=z-k;QU}ow;(`={-3vA!
zqzGgN6BF1iAbS~@Ko*1i0(K|Vtspj79IO|lhEbt`p;3VWjKNU@;xjZbFoG~BA%JWG
z1sq5mgh6~ra6;68_+WJn3?Q>WW`L3aBRJtOFf@Y90jUS^L6HWcLFRxkNE|E=PB09O
zP%)5^U<^tOAoUClaC1O*AiEc)2b5tz2>|A9P~rvK4bqRreIT_UHIS?Wib)P821W)a
zP?Uhhz~>Z##5f$FVoVH-91c)5P7I9TBm+9jkcoi-tOmpeWmN|TMh=j?69XeCVnA#L
zh#Uh0NF1C>7$9s0sM#R3ATNXDK=wi00<jM!2GI)<gQ^9Y4aOioNFL;Vkb020AUi=~
zAUA=`1DOj_2a#h0`HjH=w2Os-!9fA!LIDQ{1rQrt3P9MPP*4zX02$=~%1sIaAcYQ~
z&|^>#011Q3RR;zEkQj*X0AYj8U~mAb2Zuh`3<n2@9*}up^BF+)D!|k-fc1ji05T73
zAIJd=AhQ`D_JQ0Bb|=UTkoh1QVitn{h!651$Q>XySPoRGK->h9Vt}XxxeH{60%&-g
zi9vydi33!!f`SH=vl&>JI20HdI6&eGEFd)?y-W-YEYQGZf$9N8A6P9DC`dTK@*wpr
zV7(wQ1_c&KE(DniVk>|W1;{v%8YEf)RQiD30X7@tCQwNNHiH3V2FP5fo4{rv*dTXt
zfZYi*6Kn?)SPZHb<_=J?5ArJqsCZKVB>(|XK!b!G1X#dP;UEAC8j#aKG`Ip00Luxm
zFfa(PfY_iw1*HT~jRHyrATtC&iHSjgg~5RVj0GTS!RCMo2L=`-wP14@96)A*f*xeI
z064Zm`a$MF<e+YG0NV)C4{;;Jy%3j!+y=1|#AgBN1-S*}7myhscYxdt@+$;`>;su6
zz#{NrE2AoF0fVxv8-t2#L7NQQ560+REaZRPk2e|AT4h9jFdopaNOt)xaeEW<YX+Va
znK?h09<=^oc+m5MsbGpzeuc(<29+|fI%HK-oFM8LA3)^S%KX;@>9}?ibXEXsg-gZi
zjcqdPV{Ig#Y!dmwc7XK<+kxew=`Q~_3H@Mvy)QObrtK9UTeRHUO^iPnvtM3hEpRCS
zweL4<ZG6Sd!}Ec`$KlieQqfm}A+q~LUkQh=aa!+W`QVA9@+;S1=PwPyCz%{SFgQBC
z3Wz(-B*?J*Hxm<shW`f!hIhXi75qOiFh2gxt|+k|bQ_3+1cRcd<Ky3aj7z>Yr0_E{
zT?%4waP)Kx`N+tUbJv}t=p%zuz()p#z}GB+3%@o9#_V@|#lyH^ug@#iKn8^kds)G@
zi|k+T<oF=ql_Q_b{-9URd`u4#-9WM`PBt#m7vo>C^L@L($;`B$(Tzc2-A56=jlUYd
zuY1kT!uX5*ACLL*j|z+ozu3Q@aPWJ@zz6fgqUXjR7@Rl%YW~i$f77p~f8{RR_D`g@
ze^lVp-_P`m@AGbl;~y3Hlz#F3v)J$aijR4hLyAn(bC4TEz;4L@z`*GLg+W~WwKIR$
zen~g+*N*&KpTpdJ<s&1@mX8YT{I`yLRA3L{&;W;qz%TZ%jKA2wKise7{J_D&`Jn^<
z15=$DcaDElU<rEVz@+et{SzeI41ckISm?mz%%F$}AyBw5FnrkJ|AE1E;wxr;m;Koe
zEFV~RGVE`WDtyh%#&RjofkAqsqmX2=qyHBM8JX9P{3iQrUOTh3JmBG7@>)2|Ot1D1
zqn`5}*H?#?onHk73+=zeG>IviLxt7#)j>taR{?>SULR1H>8N^z{o;mS4c`QQv3*Rr
zz@VUD#_?d|uf}g19gcleU{d(S^hwZpgM<I8FC|-EyM>s1U}W=uRl>q`<JwmSu`*tk
z4-76J91?%AeF|{+=-}aSfXm^PV}RlZ21kwk@vj0{LGkVK`l6!w1CTpzbAjwW$+hjH
z0xRELr&ml)LOe%5DzGvCV*B>m!RZwnYp&A_$Hb2ejJyw$ezAT1<PhqR{EO{R(<>gP
z&kj)zxlR)t6JIkk3VvyjXT6vrm&D3+As3v+6u&eGI&+kMWN-%A==ho?@WY-0cTlK^
zUQ+(R;2iYInT`8`|0^G!J+B@4S#I#~rpcM;ZNK~ad4tqU$ADLkY@pkSo;>H+FZ0@&
zUt>Qg#_vA2*sAQQ?4jbL;>+^k;13ng4ZlBr<o`5-;otXV{}yH_dUR%XxGQB`%1~0&
zaGT(+oH0Aw|HFTy|B4!JGu$=Ylrn-c_P(%i_^&A7Ua(cnm&HvZ19U(8mH&(i8VP*9
z{C*}Iwc&aU+-A6IWeDZ`S2S>&;O^kW@}cGzgA$iF!v~okj&B6GLH#raK6Um6HinNj
zpqiP1*}=hyA5@%uu;FG<u$VK)(K#nSIonn>#n+<>Jny6X@`EENcf)czYA%2IV2|U$
z&%%s{KMOO1LIIT9SuUl>IWTxSHb_J|o@4^0l8wJVe`EeFCb;M~Tj}-J2NYI1GF>W@
zLy`Z-{98_N(QiJeJoBY>9~t>TDms}QUrh)sV|9Dgr-y1z1BN+%uh{rd)nK*jJM(XG
z!9~B>O)rDplKzo_oo7FTlluoo_O#De)%{<|8SdZ^`Pz^oa(6F#DX7GG%@+{(nk7*1
zYlA$b!~yN-_4!br==kA*Bj|3$4~=`-b2%Jd@dY@3X%K|wW;QNRZf0X*c;LYJi|zA6
z2MOm*4x-L{4@`7K?i~B5z~cJKfi;&y;TPK{QD@Mdiwhliof#CtHiFAI9!8Ko3<~kD
zAguE{CrLy*!pop<`z5*Uw|`V%1C>B*kP?VZ=@;8Ki~YvVyBuUTK9Nk3(|=y?WcY!>
zapSMXFD&~(xpavnx6Kx?E{0!h9~U|t`KZ9A0M=#byuiUmTI~56C#n6Ql61Y32&fcg
z1DB#~`$44{yMbGxo6LU4SFC{`w*|d&=Hb|X&>6&LQ1Ji4ASU+Ok$=X1vDeQ09Q#3R
zmHh{uSs#G-Jo^*fK;<1+EyMjE1qXFsesE@W>)4=^bM=S9gR4JOCS+!>&svpz^@mQw
z>uine6qgbgoum@iyw`ku{;%%U1^9&g>ic%it;{7asSGaa<G0f->{s7+f0y-1{;vBS
z|MSQEYX9!;@;=EO%nSL|{@q@p-KoLx0Dsu8h7S%B8Oa@BUd*qC4-FD4k|%(9A-@_v
z9FTaCJOj+rNYPK$aAR1>qQsoRlJ!_(&L)=MEZ^mL>Ur3Hvy?pHX8X<N678Jq;P`{Z
z+9k_51D6U8gJg#wIgqMb7a3MC%s!ael*#<s(2?=Ak)vjUQwGCKrq_mvhcW{tG839J
z95WbZ!DLq^9Li|S0LeOK1WLS2V9q?4(Ubv`)l78CWXuG~9?A%m$V_a`bj)Oeo4hjd
zP-bJM16bZc;zc5OS8=oNWfM3u*xI~-#Z7S|hZ4hzpWom8W_rM|f<cMxfNB=wOokb*
z4ykEeJVGp~Sx&D6oI)LzrX6_2=)5$`*Wqc})2vtr)pXVD42OjDgzNx^1?da2JscjS
zKgf=7IP#-`K_Md{B_U%$%7TmsDGxFfQWY{2QWG*4q%O#Okoq7~Ax$CY$d48VmX9tB
z|G)qF2cdsJ=`T?F!$0N?277g1e(`VFz~aV{;g!*yaWX?8fse)Qm9Tqy!lDFz9_7S^
ziSDl$T%RWRzY_5Cd&T6Mn&|&Z$kYE7vzO;9F4m`sUay2*Rg>Ibv9T^q@_WVLs+#Qi
ziph0p@}XA@tOs5(G8}%z#PlHfQ4)i~!B@;o3Mom+sY#&Gq>cYT<T^098ceSEr;y1s
zfoY~fmWKo51jZQ(NeP(@6BuSDWG%{iocT1%!(m~jmqV;WLeiq7r%7rV>e*L*upGGZ
z!{h<z&etnHEGB^Nn7s1CW<y#^xkJw@KE94uoSa>+xVhDnkNhxsaO8)@gd;y}HZaax
zkd~Hq<cG(BBR_l^9;F@m5wJitooPlwYI-`uj0LF=Q;+<pcyQ!L%>?DNBR?88K*CbN
zjb-Nl?_&QM6j;F{yaroY+yp-`Gqi3Hb>q4q0FL3mzd)mcAb*AYXWd}17sT=hvp{2a
zGHwDotsB_gK&M5SU1kTzjo!boA1vIJIUWu>a~oa>I#}j5ykc~4{lUU5U;~o*nd9ML
znFo>q$wOo+b3rm54m)!|;viXw_)n-f$P7WSETe;f4#=z%ml$;1F2MG{L(Zsy*#GWt
zMGnYhn9U3mEc1SV%>{`vIxtSynNtCASsut`OcN|~e}MTQ+Zi30Cp=_lSiyD`^}MS@
z4t}(Ao)D)ydCIZ=VAOtp5fqLe_JV3Y&^ZmfZekyp894Tfeqd&hcayzf;r9Kz%kTJC
z3>+N$^FP!uNL;XTGj#j;-RGCJo0FR(_?(2W|Df|9K(kejzZ~4Ye>eUOsU;vMLb!oX
zgkWH}|072HU<!z2OuhdjLfjEdHl{KtGA1}CG$w#=JN56`z?kcl+njqOgL_KzD<;+p
zKYS)|&*625b?|jjb-DjT!(G*d@pWkyYbMv!rdN!ttgpCOLmjy0yp;gS3b?DfaJ@DS
zbIs(O+W3l#)zrb)fpgAUu-p$fRTs9`U#(j+Ii_~KVq;}}#m(CKii?$FPA*vfj+?4W
z+beDs?$=w@Z5)nfmN+bOS><y7#|gI(7xvdBS>3PLd04X8r|`Vu;^}$C&9lX2iOc;T
zYuwzj*rqLU;d*To(*BBzhvyXwPtPlMp2semUGD#wk{0K}^7@-~*DDsDwk+0ZJg>NU
zdR}qyq`R=aX6L#8qarQMh5Pk3^_ExMJjb$Frt!RD=jnOH!t=;wlgs@dF==5g?61o*
zx?i!gvAyD8yYRzcLE9^Co+U0<T<-sHadXRNp0>n=18g$~n#~$%n_W6yvGB0G{%ywd
zijC*O4~q>wuQ+)2xZH8M|3jb*<bv%w$FrHHx4dHG<9o%!*Y}Er@0iOzm-|1ylwSDZ
z&`|Ee^SV5*?G+C@`zt>7at9kp7nl1#?v&a{y5}%X=X-4u(({UsUEKjR*RW5LasEEZ
z`#+A9?vrfKVVKVH`kPtbD;9QhhxS)|?0Z}o=I?R2|6@fd#8!}*>JH@&`&_u@gY279
z3bN~a9>_e94jy(JNw)bmlJ|c!l-fx0z5WscGK>8c4?D=TeUfo5_kU!R?vrGBz0IxV
z6&u)n=?;5bxWTrBfNe3iLD<3$w#5O9EzDqBG_cyj0QQjp7JJsX-2d^X1mqWFTduj>
z|M8{-(<h8zJFb*q^9cvojy)xqeqjOoWd(*U$3UqHi!GdBTN<$1!V0z}1B)$8U|Rx^
zY)N<6=K>8cur20wpjZLLJ`30e9k2~0;27z7#m)|i4H>Z6X5iT9d&SPa$AuAWG6&e?
zave}yfJ}zO_m^T&C?QPNk-Y!oNiisVkj;g-`a&@%Y>-W62AjO67!>{plR@FK2F+Y<
zu#4wlm<$Q^4h)moz$TZVnS9OVra!8CndaL_UiC+JFDSiS@JDwo=lne`XZ#^<&3VPb
z4odah^Y^)&0GqizFYgr_J17U)NV3kikvt4GbxTMJJgtNB)qb$4Wo~J&_}D?|oPGWt
zm)&49zw5xvWSYOvWjltM9P@1?H({8`Jb$0$Iy5u6=I?P?g=Qwp{CzIVFwA6_ZzH)7
z!%VjM`y}V0nR&!zCc;FHj#q5#<u0}^Q~hmScwTQ!O?}12*Y}Etuf%1s%S4|T7uMHc
zfAjUdV&&WB!Z~l7ORry<3(ISezgamtUa_#JyX<oDb?NXwniB59_WHZ3rVC>#&xVZ>
zj;RkN8dLYa_yD>y%n@|{k+>VnM;=!B2MQSnK02`NbL!Y{=Vs*Q=;k2#<NN!63K{#Q
z4I~^i6cRSL@LmM94G#TD$YA*Bz}V=Nn80*tL573Of&>Nyg#-ruyB9$%_=2sxZY*vI
z8HyQP5=~AlA9>i4;OabN6cQSgx<V~AxGx|0=)l+@`R)7R{|*WY2_TcF{sEZ-a)$+2
zX50UT83`FD85my&6dqt$n2?abqNFIx_R)gj$M;45Sd>^kaxk)ev|;%1eKxo)R{95Y
z@}&=>hTD(tlm4-JJV;^lP)KF-NJwS#Sda=bJ0W2~0;sPGT7%yST9<zZvM#@3N!InS
z?Z;o-E>KW;cW&>&_53wowT`vB3%ePtV4Ujq_r{Ed%=O=0x;IAu|G)2gOsA6IgzU+M
zGye8DS1wcJ*y5R_D)-G{v%`VFs5rG%$G5$V70|yHEaJk{_-x^g6TdG%e|Gkv;x%^j
z!|l9Rzq}QRa%Fw_c;%19@BiFn%1`g|(du=w{Pn-_TVcCW;@n&wi>H5GUhP}5^87vT
z1n=G73ij;ZcdTx<#xM1SuUZY>UtyK)V6nV#<>u3wx1ar}StOqtw&sY7lIEA`|FxW#
zD^FQ%xnT02!;#Uclg{w;*M52b|6*)QtAE{!{0Gl;{)sp<E?y|e;n!3b{N41E)!yBg
zu4_%a-1hqZj}x+>_QnZWP<!KuEU3M4M7A;Y{*ME)2jQ&_&}tgcs*y<>4(2dU<aT4s
zWthn2cHu`z!-XFa6AorDP3(Nd!G7UK%mSu4_kZ-rUicw!K-{7I6(@VRi@FQ@>(A-u
zB$?KCyxPPf<KX{lGwbmmEC*U%aj-aN?oLPn)%`iGuQsumIP|zod9{h<jEl4+^Xos!
zrzMzQb8!2=+Q!`aikXGw6%R{}gUIVmOl_I}5{z7!UjI&Fe9gq?|7s7*p-ij9=2t9i
zY_GW4+Fmj9q`GLiFunel)F<KpYBy8MD<)RfSA47&ekdF`{zK$Is>5rEWEbYw-;x<$
zGxPYr+Q;ggwL7ut6)PVfIJYtJmAELofLy@%ni<XhMG|dU{}Rz`&$3D)#&&}P$A73`
zvpsuv5<c78vi~I^LST^un(f(E$>_GXyxI-*vBQDmKTHm!I)FmswL~AfzjJmcx4zm9
z_4jVR5|;}<JRThXVe<gu|1%QM&}U<N#lx28AohAUlU-Jki~p-VeAj=N9B6yR!?P~~
zL^90-k^Zm#lr_KNgSN7md6-^*Nn)C|#-&SQiwn=|Piei9*MC?XsLKMW{Rh@p2PXYr
z{iy+^iN04`*u)(CUu|LnjV^zd*q4>;a{Y(R0g!sTOb`jNt?AVkHa!QBu4%8fura^>
zntc2R$AK~z|5sc2nC70ANONI({W<4fR;fc>W~sx!j8ccDSA1-84q*=dufCRwz23so
z<MKB_N0R0BpA=q6|5uwCt21n}lO6VCCOg<<COb5~;$icD^|_?)6&ssP;wFhj68C@H
zu-TKr^!jVkEQz}85{G}8B@T6&CEyXv)>nJjY7+e%wz-tJu)O}1Hb)ZVj=vfEvP&K8
zvPvEHWtM{N-J96=iixf5)gHD&iGSId61JJ84s}_j4*#I?Ew47Q{Y?bf$@uz9BHQad
zJdqNqF08LVrp=Y~f3=0DCX;DiiNn6E5(m31h|N8(7};!+roGz4w#}t317!QxygivE
z4*#-B9O|-499my(Wb1jw#s(T^6??sjX`V|>(jo~^T9_l@|7t7K-^_g(r4Dx4r4IYD
zAZ`SO)83?MuQsx6aru`4vi(brEhrqbOC3Pr+45>18!QwzGR|@No0KWR`1(&`tc3ro
zEsQl;c9|s(`?5<M?6M&)v`GeqW!tNLY?~zNG8akg$trR9mkkNW5(iL7g4_lU!DK%N
zw%7akK)wKl;q@On5B6oYz2f5or7b?bec2$k|Eqs>$A4HnXnM637Lu8TF4un;JOIgp
zQWGEFKd?$rXij^zl?@b@AYG8~1f}gSE<CS4rZK-}1E*m-aB764E09f~TPXjOF->cH
zwS}kW)g~UE*IRk^W^Zu;$5ckCLtO?Wq-qoTUTtIpr9Yn6|8hW~yDw{w%PNV#pjgi=
zbpVBI&#QfGps-|m{U-^Q@@7fw1*g1EDYBAGbHFhLim?nxc>PIedbNiQ6kcMlH!|8~
zCrZ?0lsN3mEO7vZEF`QpvDqYoQW4|puZf@#i<AI`*+*!)+nZ4biYrjs$}Dy0dj%R<
z|5^%4Bemc(wJ#eItA9Z;4^5pduQsxQ(jCN&o0#Uf>`h!H0dn<RP`onPWd6&Bq$p6j
z2f3o@6%X5=M3CRMxzuHX?Ejj_G$+krPga_PO;(!2JQx30-%9*n?O}F)#mde6ij|G~
z6%)7jD>gQezig5cCGP*|Ia!y%`1)TW&uc~&|5sZX_k!{&D6M5VzT)HNe#OjP>cIGl
zj}4>?<g!f?wMigXeM#bZ&BW^eY9G_}A2JU>F~`Se2afZ7Sx&E5xVc|3a)VL>(<>IJ
z-hXwUC652lcu?#DDl2$iGxPbs+QMv;^)CaG2LEM&TnTbvi37;35F5Xg6iWO_N|Zo$
zV{MilC~iS<oQ=zsw#n$O)Ob(_PRWpzSqFA2C`}&!Ve$avVvtKgt_IorSz=#iv5Wt!
zEqs5nN*usBKHKjVD>uY-e6Lu+eggRe6c2?G$u4`6L2mpE3P(2oS6f*uv;SshI@D%l
zI{eMfbZ~hEs>41Ovb<tu<$lG-{WID76)Wp1iB1W|*WW;TSp8pZW~$7#&Wd!{oe}B4
zG&|D4|JBE0rpZjN*chE&u`w$<NIEmkE_8{M0Hrvd*Nn{mueLE>|6%a}RFd=Yfl6{d
zzPb!Ys4GEX&j@uV$d@LP$A7Rq0Hu-7X*{plKyl6YHyc#qfWtDw?-esR&PpBlUNM7x
z2Z`;y3CQ8NnTcukzpP@1y3AsSe;J@q1No-d0TgziaPxolxwuf`cLK62w=mXZfJ!1*
z{sFlV6lx&Xfx^=!5u_7RZX?`=oP%(=trna=U@37k)9;LZ*~JcaS;Y?fGI6<WcOt6W
zP;(W!+x}p6TWu!OJV<G6mxar1wkWw|Gt=(Ox{P86aM)!PgI6I}CxP4u3OP_1g2JFs
zVqZoiD6cdB0hKk`ka`A`D?s4|$`hdQ+LHuQ3rYpsT>fPwg6q4Fd7v~0sUx1blsdS)
zVg%=1P;J5TiV+;2n<PLn3X08tNl7k$ll)(8<f+WE&CGPzo1N)ko1F<taizA&J+JuK
z(i}cZ)MeiPQ6TzSVlSw6%r12Rm1rOnYLlB@?E}|n%&$Ksn@H}<JT0Lk`8TW70URpX
zkdnFi)h4#R$)GZn<@M*3EiOEg;1Unq`Y<@~58RFb)f7BDp!~?g)ADLF8>oC_d%ceh
z)TT&tIsU`u0Nd-YX^aHwh*oeNv6+YG^(H3&SD<=glLTfx0rC~7o&eRmVy`zd@5}0v
zc#Tp|fc&;M0oiY2ueY%L%L4h1X)df41M*F&1CJy~HOP;D6F`34;$jCa(Q7jxZ4FSa
z0;vJ{%Qg|}Grqd)9+y%V*4KaX_GXlV+Z>>_5lCHaV$Z8BY|~zCW&_t^*?pi|45@Yi
zsR6ZJ_JC_Um@ocigM5MBhWVQa@&%}N0>u!>7fka&zNiJ2npu$c5Xd}``)!jz?g#k_
zR5#aUK;tO~Q4c`k6XcIta4QE?+wIGM`QvXUYTIRR60$%3Wq|wvNtdPIwoBiuJ!~Mm
zVR7*{2^1S3Ux3_Nn{`?O6msBJ8#E=^g3}wwHz1$XW$H+xr$~@LYT;=O<d1!sFn^$@
zOOQYICd1<6Una~SwxATA@jtuN0onb1F8K~jufG>D&IN^dr-Y~E!4!s>g)WS#LK`?<
z?_qRI<$S$`u`!kF^=8I{;C?-N-}b}9ONVDxHbp^3twH1XEFXC|Y#{x8_U%p``_0{~
z+%(-BT)uz*{!byJR`Q#)1-Qqrb&=&G4+DoHwmZKa2;2n@>d(LYfn%gV@4!XKs5fzA
z1sc$?g0J7#g2xIt6hZDH*H!a=fJOpfqYPiaH)D)4kZ(S0Ou~ZU`}e?qkkJYohVS3K
z!Q&H&KUhBcu!$%cU^)5SAfW(@XhFgTETS6{K4203kYJF>$OT#t4q6xP_=*9%Cfpzq
zv^VDacdmb29tH_q9tx>k9to*j9t%>rJRYEoi7b45Gw;qG>Hcd6lTKkvLtLH*6SzDX
z6S+Jc6S+Ja6S+JOCUSW)CUJQ>CUJQ-Cc)+=K%)fd&p5MM*QM_+`kZHD_0@lAeGp$@
zPX_Dk)i;~vCC@&H28|-HyB*kY{Rhv2>puiGT>l|5VRz>BA2J87|4?{v{fA1!t}KQX
z>>qU)SyTdlutYojV2MtVgR#)*w-*Ig8mI*R;K&L5VZ-D9>YHopt1{QtSJTu2f5^nF
zlk|VJ!L{|(2hrA77Z?J6IK(taYDlDjW?s3UTm<jJUm5>_gT?>VAJx`Zdqi7b)ugVH
z=y=7)%KD0jwe=MT>ne$WA1u+UBtZ7AlJI|3W!m~`7wct-)>peiS4nuk;$r1|#mdV4
zii^$E86^K%we{6z(biYRsViLiUh%NXI<&sxV_o3_GG&De$dnZ>{;!HmTVHKrJ?PT<
zYE$S67q3@LtlY0yS-D;@v6(u9<bSHRzS=3;`l>Q@olDOvW>(f$oUE;{cv#ng%~=OF
zXPt}xs|wTBS36igyR^RA5xUOB=@kbn*DF?5rdJ$nrp_Sw->R*zc8j*Ys!m<w()@}O
zJeL#eum)_(8n7vAT>M|vnYO;#$NI>n_0_)6H7*{n_*g|9I9~CwnL2}Hf2p><+9lfh
zsw(xhMCU7R@Jv$cD^Awe;E;I@4w=^y{;z6GTVL&Aoh8xwYES5E3BOl7tQ@acS@~Y^
zu$el8<UgslzS<<(`l={(rAzlKE>=;8)>quDE5UAA33kg$7ynnqrme3wvz~BieYH7s
zrHjuiW>&setgJk*nAuF7LGnLTTVL%EZGBady4s}+JgUP1o}F3^HfJ^1oYgM=uPRMj
zU+rYQ=hFIWXXt7d=U1GpJg-<;nO||TnL2~y|EadV+9%rjsxEbvOVcY3@K{Nx!z!>T
ztH7qLa`AsvZQA;3H|rIb)>pejSGjn;;%1d~;C#i+X6l?Gx5}md%j0!FG6GzFBv@od
zxL71sWO}$%B<{$Rkl2y<BQwF}N1{bmfr~{_MV5n0MbeHe0f`++4jaIwA9Ms3QX=bc
za6Q0YTCUry=>{sT9N=X&sH9f<gIrR-xybTShk}yY{2znH{tKYdTd>O-(aU8WtYf&E
z@N)U#AJ7;ssNB?HAh%rp`j<f?`JzGs$giOB->=`d{Xrl9CEo_*lDXwKqGYc74XUZO
z|25bRs#93VtLv0lKJqYXxPAW~{u?xpTi}rKv|#TH{Vu18F6M>je;?So^!C=5(TBn;
zKMH<~T+(De>1v$J>KUupZ!ktT3+-z)R5@JB6Iv3xujt>#dkxFk?#wRvIQ!ti%-K)c
z-1ogdHuoU^nT0$m`8qFkSGAOQ-C4OI=2pkgvY<e_8M(&{SDa91-f+A=a{p)U2glqe
zF25R>e2OhyQ&XgsYrDFIqO{(hTpeFwUW?$6Vy@KPTv=s$Cl58Y>J&{{_+tMe?=-0u
z1>N3<76;}WmwYklq6*v0YpteyUkVmv35XqBBFT|sF6UG3p}uv`29wP^GL~MeZut41
zniKswUoYcbQ-4W*^3n>CiW4myOvihE{ogm?bxy#N?~8x#`&3bQjNv0Ab0a&;1%V%o
z(w!R{*?(PR%GmUg(Qu-(;D-i#mi+-gSoFU=2gwR<1d+d=ACM|=Kk%bP0JP4HLGi$k
z28Dx(2NMn^A51!!dNAc++QD>C-6F7+#qG+E1_nkA@rx`U3mD#ifBK*0V*<nb?+^d8
zd<<ZC|NZWNmX8h$@4w&t&+^fL;r;ik|5-jNFuebM@juH)0fzVA&;D0%d;k5^e+C5s
z&|JQM`vw-byFVNnc-<zs&31Eed;k5?|3<gduFSVre&l9Y;ly$&|3ec4`-Z(QKJ+u_
zx?W&V==#CH!1a-lZRJNs2F3}6GE52v1&lKsq!}i-%L&e~a{Kdr(=P^%{EJNbN|!6;
z3S<O7Ff*}VV6Nca$*9a+5G2R&k&)s1#ZC_43rrPUI~kRj3Y@^SQ$Z7$ZYnqgrVkZ(
z$}xOoVR(I!VP>Z!g976ZMjkCU#u*Kgif#_l-@nWMVp{S3d+`5IHwG1fjrkvPS&Sce
zxdpm0t@!X=^cP4Zk45zX(`qL-j*kM2Akl5VL8AFAQV&4>jQh{#w%OHUfBuIi7QxFP
zvqJxyOKossxn$|4;r8|W*I%|Snr<NRy#E{<^FI`@fY`eK8FUz~E_Cy7gM<mFHfM3`
zbnD$P*=>fKhuhch2Y<0LK-NGod^q0V<)-NN{rkzE3@hG$|NGC+Z57<LTOJs>X}U42
z`0#z-PmsIvSaKh5ta$(Z)jxxsEGyoBfA&vfBZ&XyAINX<55(qktY-gcz{LJBfDxq2
z|98V~meuSZ9hlfZCV)lUep~DY-KxN`;?wu1KR{*{vM4-Yfa)q>WLWX}`w?)+l(2|A
zU|7Ze(E%)0@)xAGn1$;BNH@cZkKYgfQ`ngQp@@a?LH>t)7LY48{sXyb-M=q8E!^IJ
zKk$#;ZJ!e)?1V0Z{I>m{ozxB|mP>|i0d8NvhyU8-66gjJzwpn_4H9}FUf(|k9g8d6
zdOG`;edJ<bP|&VmP-0YM-pHtwEmI;VSHYwwv7b?Cj@v>f)=M%!7~gx!?EA>T|NY`Z
zC%OISB*cC&<}m0nUrdo&;KXoQXk-3|6D)!cPD(K7@LgHpx)F3!9gC7%gxmM;f<HmG
zEHPj31jnSnFHn5``KjQ>3rWWeAGYvj<jF9oY<3b!(7mi5)1Ytarh1$GLp>YYYgV3Q
zSLMs%AL{vKFK9@JePCv1yO1j*@PqMmy`0Z07L^|tw{ZwuV5xAgaDT<3(heqdWsg^s
z$$|Kw6#L;K!vh<)1j%M6=1U*;<bP;pC~)UZVANT$UnD`n4YYn1)E^OdYjCs3;B#}4
zX^dskbiBx*z@VBa)9qw)c~NYGmga4y5A`f8uNirgU5zgbeW>SGywD{n@`0I${eq_q
zXa)M7kBmHiuNV}*UtGc=d_kaM(htT1KCc)QCjDRn)10!CelQ<Mkpqb_ePm&Jdy(OR
zfSZ%VWGC*+j2i5>S=~BfePkFkc=qSYrO2^9V9@w>HUC351E?kh<&R~5B|y0f%-3>T
zDCyw#;d|x}gN-1$Re$q8^nztHBrOsk^(N>p7tpRv{}2BS_}myLOmH*EaFk(~ILpl;
z)<8q@BI7F1-5&qHJN{?Th~LjJ!ytii27?Cg6@v`NSSC%z{SGpYG7hnf8Y~w*Vm)OT
zGz=41!0urJ#aTO}!igUZ48d-oJmcW@|9jkj294}15I)C80fztIL;o{qB*8@#82*3v
z`Olyc2^TS7`2XGcKZ8a9*hUu_CQXiy4xFB#a92;1>2h_soD|!jr2-0f<`{`Zt~QrJ
zp)PyDOH%j)GYcCe)K5dg^T);690C^vDncq;UNI<40h64vS1O|AKzvYWgVF#fv?sYr
zTxQf*v7g<I@fL%I&=n78nAgjt$a%QE|Ni-p!%i!=L`e{P*MEzRAo};8{11H$5Pw@p
z8YH;LfI^7lV*uwTxNF~{x%MfQTze47wYxD~JLeCB#)gY9_a^;k&{%d6*@X$53*j!D
zgXY31RC3|}F9qu%A<A@%LBsxQ=6dun_58!2QU4`&J<Oea|3Unq^~f$QV6Xq;vp!LV
zL7~gF(e3{ixAmadSB1y^|1Y-dsT2SIzes@H+vo;yuOQsLD?c)FrpSTH(+|HvE@WBn
z<(4Q3;&1)OvC+cq=QGaNEDQz-OprEnJ7{Ha^9EKo^c*%5oWr=`Ic&mT<QxXcMa-aF
z)C|gNpp*|w^_^&`ej$}o{X{&e9#no*{D!1@5ZnHr1-MLU_?`b@E(64!$T20r0Za9r
zuBfSgp(}M#{X|#XsUGA)#ow@058^%l3rqFPka%fkU|>)@m~b$$z#Y^+d;eYfH>j<(
z_l1DN`|qN=bzgq)Zraf320E>;YXhjqBk%V9yZrA4H~&{B7+5td_A{zjU1t1X{R?!C
z<NUYI(i`4+aD8}}!NvHY;m?M54zoVIOPIx=025{U;PL}@${y%kIsXsF2IiiBz90U}
z;@0gp|E(F4{)9iE)8v%gqTT*{-~5+B$-tZ8L+gL053WBP7!Gi_$hf$6?00cf0-quB
z`}?)OtPFM+4JsTy@Guw@*d#EhGEQZf%Al;}#<Y@c#ry9nzZ^DlZOH$S%L+Q>PQwjc
zLUn_5gJh$@t%y8U@dr$+z1-MVa)R5NfBu2m7Wu3^4<u%S+D|9I?T-RhmIol-oL`bN
zITApu#$O;a>V9!;&~O8p4lx^ac5G<qReNJ&W(NrSsXYUO$N^CO*|&i~odvu$cZM6|
zbcX2+%1o=+R&uR)|NX*GQ0pa^fe)1C8%1V0x`9Nw|7z?Mn<Y9EWDhIEt?Z%?m{u#f
zae;le9O6=T?gx-oUopg`?95=7y8ki&yHgkJPOV=c6V-oNxIye-P-6VBaX;v;(GUI$
zH#E30D2Thsx-m`Up1}Ljg)9F9gD2Mm@gI!ROfwF+GiWePVEC}QiF<~F4EF?!3XYxJ
zGnPJ5)p!S5VLO3s0{aAx37iwSCNMs5_`t{@{)16oLG$MYWli1-+L|mEbT!#77-(``
z;CbNifr+7E)4S&mA6OWEJ$LxP!SMaL!v_I|FVD3!`7UZ^XeI>yVA0l0V9?^7#Bw#z
z38ap9V#B6-8Nmk(io6p!AMnofbY;E3__~pq>9sSXfhF(6dKs&VMIQ|qximjqwye<8
zWWM14;lClzL|KsQ<+U`~!RFS>KuqSD1Tu+dBIg4hG?RExOj`THf`R{Ag@a`U;|GiX
z92>=dFmm_)uwt0|!-^q8gK58IMTTaQ0_%kw4VL{D6*(Hr7Yh|Y^7S%;D_ACo|6ugq
z@==vR^MZ^8!-qo+4Dw7G4xjcl2wO0Gc-+8g!SG>6LxUW{2d_p4Iff6)jSg}k`E?Bp
z@(dqj8Xe>-FM!0)H8{wrTsR=deF3EQc*6lXh7U&?EFY>W^!{*RU{tVusF9(O5b%Q~
zTO)ya8qXZi>6Qj=|G!K9WN~AApybA&XyC^9;psnyjV;n_Q`8@V!q)~gKF6(@z@T{c
zB?F`23g!uSUotSV%oE(nv6E-krj1N&Li`I}GYJ_OUD}i^XQj1bzq%0vr^7480#43Z
zp&a`eG-TYEFEGzqEIG^R#pMN(%oC1$v|;3#!8WnciSw3&6vqVrZ|@8D{;*)+Z~%qj
zn+FUU4j*4N%>7}(!0<tYK|sUd!{Y|t8LYD!q&Q|ZNV!Nc>KyoVtAS(6^#`D^P12CM
zkfFhLAxnejLXL*ag+dLE3z83@{*=~8;GV(Ja0tfN2JsJyA9~5axC15zQB$x1m7lQU
zfkwswS%nYmOj-$-UNSIp7-=PdLV!V&=_>0CT}7@3AU8L%gLvAC%nuH*vtDJLp`gg{
zgG<0chINAA3f7q%63i16-56Fde0ch^0qoiw4c-fd8WQ`nG&nC}n$P+G6ykwDSm5Ce
z@?nMs^F>gYH*Dg5kOXBP*u?svL_=bKl?Dq~4iY=yFk{!d3R2CW2?~3S3oaiN7%DVW
zF0#%rfV$05hIJyt4=x8Ou!}U^7(U$j0rlA}(tY;zhwuYN1=b0O5byorBEb0omgZO|
z$ZYKT!RWxGz&e3<2J1`*DUO*AQfxCFq&R0fNU_g!km8!@A_a1}1G~T#1%=)p4h#%x
zoDUe41y(VvbZ}$%Q1ypF!{I|~Lz&Dnr_Z-p=kb1Y;pTcEja1T<U4WD`WpWI9pDr4J
z&G7%gz|Aoa*_^OH3>t|Sxj!;;Z+88Bn{D3RA3PgS%?ZL`4kwB^Mt>MIY~kiG&tRL$
zK9BJ=12-q!O-vIqHX~g08OcRl^Ei-v#{1{QPKbNH+=hfe{nyO3urOeF0P^wvZwYG=
zVe#cRgT`l2d1asoD);-7G}JC+Xvkj3(%`s|qoIDGP=n<{iH7opDh-|s3J*9SDVTvH
z;lfJ>Wex+51W7jmH_(|>TnRxxSh%?o7!*->o46lvWx(VdHnAY_4vK^JB>eJYb>ni=
z&&=22*w3NDdchH#x<vMKsR*dps9k-@z?h;Xu|HF*(XGpk^&*2N^R1g7891|EdvSs8
zljPVB>ap@%)W{Cl$)RI*aVjW}vm0GCP_R~O|6$Fb`{1#-hg+bVk{jcPbAOinW>8-F
znu!TivMl?^$Ze$+=f-?{?hgioK<il&jc)O;7`eEAuq!}JWxntt<D+DU)7{G)I-F3G
zS+9PGHPB$XP$p-f@FDcrM;nF}i613jCTM1NIC0$KkkUv3l|35$91a@odtZF+W6<Qg
zI`xNz0OJP{MgdKZi<#M3nVnKvS)EdRQjB^l_Uk2qRO!C_<j>;Px8cf521d~7)hz45
zarZ%id-umgey$4&*$f&U``Hv&u5j$%{V|=N@gk#wLULlp!OvU)4xj!PO>mOA$id9A
zUm=4*gYzP@!h%GQ{zMBY4YSMqpF9#d9w3WpUgrO#llUNmS?Sw%iJ$u(GHQt30-fK!
z^$(+l;B5v~1_h9<3Kt({7$`CRVAS@Kd6Y2shlN6-7SH|)r3fYd2T2(YpZ*ypewGVz
zl}btgwX2^#=l^si@XB-kPd5TDKIbY(%<Pm&OcdD3pvIuu@(^U6!-we&3fWg)GOT9M
z@Y%1Z<|cFZB@-iq5`!}1hnauOHd*cO{=ndH_9fGTvoD!evwdXb(3S7~A)vtfQIMVC
z!ExCg9~t?LZzJ?f|D$tBMv-X+<A+s$K%$Hv5`M4v$j$*$*XYK1o8g1XU(k8NAh|!^
z7ySf<>knCWMb-zLANZLVelY6#ztWW4`H_*I@wTVjm#dy~G5Z;mK;l2I9)HgJQINq>
zYNOMR{d{g_n+zC0uF${I;ly@}Wu>EpX9b7miv9eG47V5*SynYkFgz%e6Z*ku=^)qb
z^z#D0Cd);TDzAzl8Lt8c4W_Fs>&s+xWz9Af$njn|D9Kd;N`F>bpp<7}U}Zf^0(4_3
zqvofppm=up__m=yP9gc_1CYxh;lugIW`E-c21k$|bT_$wnjVnh?Cp8~hrz@NzdwG}
z-E{OLJJ+s{jQkVaWI!R59{=i80sB=aH*YrsH%qra-vfWJx$(O>xOuvP#Qa}nasB!3
z{sWYM8r(YFo?krsk||x~!70#fsA}f^A`j5@8=~m{^Ih`?$PAEPkQvV}f?R6kX6^Rp
zJKrym8+U(9<5$eS|6|4kp8c#Jxfs|K+$2QwR_qs61C^u#;Lv2$vjw@8k@3T<U+f<_
z7+I9KlsEkT{F(W6Gy8(q?hFP7ppi>1h0VV|d|-Ipz`ppkJF|gtkR0O=Cfk=6IqVqq
z7(a5b--en|@r&Vu*&jrFulm8D<n8wR`<4G7_ndmpuzx`t=wuZY@Y&HV*QYyzV%S0o
z6t7GV9OQE4>SZh|3^adU0J)v%qVA?l8I}jTKc@2Y>}OPDP*lq9lQ7$~!D+{SHaD|P
zh73|y8l6~forpEnSh3$yf#H^c!YRohIaoUIlxueSdBIYH>Eel42bmM0pc=kju1qFZ
zMt9TP9~J@(Q;j!Sxhc3Yd|>{;4=!~<eN<LAIk&4n3>p~qS~qmMiMuh~VpQY*G(p|-
zg95|ep9T(T8XWsmWW+C|YdCypY7qIz!hhgXOM{DR!>7guP`Q^P!@$mT#m#lc{ta#_
zn|8cr;qch+|AB!+Wz&m{m6?n>s<*sk43xP;Kski@7N}I>WM{gnrzjW_BqQ;fg@4EX
z6CW8^R5mSeNp#xax+*a<X~%vyx7C?uo8BcFxmmhNNPPXy@PEZ?Hii{R2On@qEOU~$
z1rq=I{p-J#nS~Myq(LUHOw33Eo6f+%&U*D#hMq!4$csz|nHPyie`qu;eE>Qg?(6qE
z|5juwNSJ|jfK>}{vNMBJD>jBW$gD^-+qA(IWc!N@ko`t(4<$jiAN;o>(?DWHBFGIH
zN%aqQeoW*SyXgO+fK%dun=1>{PZ9e!xb67J2=)EWkLmm(`~5$-a{7Nr<z#uV^P?j_
z$A1400h}u{Uu1~?V6^5A@sa_#oE5HrRiZdJT!O*ks}luom&w6gWVQ+9XOL^EP+S8F
zV@?SLhQ=QZ6PT}PD|i(2%P>FCRq`t6mq~GAP~-i`!NKu>ONn6x<A=My7-w+&VB{{7
zVVI-1iBa?OEhas-TcCJO)nM6gpuqlvk=t)4gl2zGCdahGAjZG|B+97w{T9e34hajX
z7m1))hqP#UFJ@$}%;b>B%;J!EnaLrsGK)hZGrPlS&wdUmjU@0+&gLJmv-;c^6j&a-
z$a0W*kyJ0opy0j{w5xGN#sYT+jTH%>E`rMQPkS@6a!RUv7#Q*r^BDXb{TMRy(ilAb
z+!zcPkj{bN0i6T!`}^O04A65Rm@i>H1%kyHdJ2T8UceoslNW?QCok~cP5#CD?X^SO
zD`r+9CyD*89~fB=NCbXlVC1<Z3_o|_vtyLQW(Uxz3!t6+?3X<`;$Ims#J@6S)d1^Y
z{MsPs1Uhj6e5QxvYtV@cu#+e(_7}J_C~)#}vO>;a5V!<6e*tv%0_zPP-qp^a(-*eh
zWqPpM8Du(WtQmwE6!||LF$(%&XwdA$e3=P!V|GS?yQd7h=9kN$c_rPKKm70i_@Q|J
z#~Z^AH^B@^hx<QX7|wKZyuk3mg89Jb7Sa1Zo(KwPGhgg<V^9-SReNBd&2rKGlR+eC
zcf0%p3vHH*{$Ch8{l7G@NjwnvV8JhRap^}+W+82bOZ=bq2nYXAop3qd|ASAN@&_4a
zcHI^Goj(XLUruLw;QxVvlR@qNkB-9oKWZEWz9hsud}wa~nIN;D;e!REfF|Pw28D$W
z4t!?HzW*bG@&EUk|L^}u5mZRzv}O1(<HrOA{!b?at1<+Ba|<xMKFa8wG0TZ@zg0%S
z4^so@FAU7HocJy%Wf(atCHQ|}<nqj@ObGa4%3ztn_=SOy!`UK%5#$0c{!e!l0)A+N
z?-Aed`^Q&{4C{=_jH(Q#5AsY0K6fev$?W|7>68Df0EyYG9KV@<&gS)h6)CykwTA%n
zZ>Grs&IdoUC^EmEpx`O9;rGW68-9QN0UD!r`LB>@k-@;keic-^a9mKxaQM*Rppd})
zz#_xp3j>2ig8vr=hn*QG*_p05$T4dCyk)R4Q%)g+!`Z;u;e&vK3dn67N)I^P{(qPI
zuaJ2EM}dGvh5}e8=-v>}o#Gt(8C2OW?EL-XE9=HwxeS?|zdwNOX8W&@sF30Cs#O7G
z7K4LAf`i-M7oYkSGB_L@K7jb3y9pQ={ueMXunI6d;CI;YfZu^Z<qJc?Lw*N`idsg7
zKl~5=Gc&vgpM{|y!_d$o$H35_$}n@D83TiZ1p@=8EdxV?9RmY{H-m$>4+DdOA45ZL
zGy}tdSO$iM0tN=5Dh39IT84&cGZ+}8w=*y_>}ELd;v7Rt)hz~)Jq!%L7#daxF*4{H
zGBTLuF@o%L0G~?4z+eYDpoxKjVFCEOB?bnQ5Kx`Rz@S~g23DZ~CK(vi86e`|1FaYs
z7y_W`rPe?ch)>}JGsI@Ff@u*j$-p4o06r@WY(9tuKA4DsfdOPL=sYQqJ3yx)B|z23
zGVp*|AoD>CKk#Wz3=EEIAokmU1Q{3@tQsKpfyx$;5Xd|b4Rfb*0>u4_2_Rb;800{b
z3=9mi2SBzV+%EwYhq)Kz4zLQ9FAN3@1`G{{PcjxV6f!h?_{Fq|VG{#G`()<J43`-g
zwj5y*VH9Cxc=(kylrfYMbgs!X#%YWU7lecvEau2CGB|wXZ202l;KcBO^+(_b2FC<<
zMh1rcoEJ9yYWUdUa8l;r*Oo+1R>s#C6dhPWy_z4cx^FqU`M0!faQO7UkbTD7w;bHP
zZ&|nxeC7)1aN@YgK7&Dpfthtb+YAN`CRIjNp$Ci_?6=rfFnsv*k5Pl^HiHU-D#ru%
zS+I6C`y>}B{}2C785CJoFnl=jUur&^8~;WI1&ao=op)byC^IN9C^CHb{$J<<gRbyZ
zl}(H~q8IPJWK#y+Z_^{p@Zr^e)(eb!+!ybAGJJUQ-|iyUhO?e89x~~I`uc2)j~+7W
z<=<w~<Jf=qB?lwJhue*ex>_JNYH-eAyTYImvVZ>DtK9S7UgJLfkU@j*O4v@&_!h_|
z_5VRVllgBiax;9~*Es*}Y3^MQ5wZnP*)7}*AJ;d|e|wC3^+QHI!Hb+T7&KHiv0Y)*
zS+jrs+kM>g-|pw0_YlI{%RT??F7D|ML23l9q`__S`p=-@w4Z$jgU0-~3%D6Rwl~gy
zyNSE`A;X8B|4NFC2?&*@NGexzGkh#+od0$yciuygUXT3@dOTMdJ{0{|RAfxx+5oES
z_P*ih&i}yRxc9}E*1Ip+z<m;i59$9b_A{t*UWT;0*%)CyX8X_T#;79<3SGu}uLf_1
z4_5zpE<wWD|3ic0@9(pIodubqHver^x6A{GOr_`V?|r}Kzpdy7-Bt4cd)yy}4;+6N
zd{kfqjh3DN$DmZ~{rh|EFNm!FAJCXK|ECBAhSzRVAUA=;e}A|C4KmH~jU;#A8wu|J
z->v_ETD*a8B)NZo5B%f!Mv6Q5jg<E9?~%V8-$--!zGa)u@WJ~}@Ed9E-{1Xzf%N|V
zF8iC!t;3B$!PgUFrs!`5CI1f%&cDCg{W5ZMcKiQb;19$UGq8^T-#Ngp@$vHY{{3C<
z&)JtOjG*-|rT;+gxb>2O5j2|q|NGb9cVDt7|Ns8+H%J92P5%Ba`inuy!5h>9XZW!E
z?|~1K8yJ;ry%|32{Oj;(Vgsme!|-AD-@7lFlr8r&C|G!c@c-`@elvWi`orP|N{bLT
zegya4ZoOnuzV(uY@&EVzzai#7{W<@wE;vMgf4~0|WX}KZ8-IiByY-Sm85A!6zpsR<
zJ^vHrZ;;C+{((Zxz|GO^_xEYw5dZ!C095xRux|d1HVq6a3{x1CSiG55Fnmb-w_-D+
zhWQ1j2Mqh+ch4{|G@P}rPn);k8RRY+@SQXPpdyfgf#HEY1H%OS_m;o@Iq8Aq9~@v{
zc;LXm@L)ek4j~RIus+m-NCf`ypF!d5OC|>P2Mh{~o=gxs>p{K(-D3nw>kPWG`$2s!
zP}+2SBfvfPEfY6r#)4}DC@q81al=;7?PI}j1hqlp|G#hh3sT3p7hwwn!-xG)UIQ8p
z;vNW^@(v{Lq2L#|kAZ>VM@sshJs=4vR%kSS3zBcxd|L!0ACS(r7+L<p%R8?@@*IaJ
zMS|oTHeB9;EMM@m{}o97z)}GXko=4N2R5L{Yxukb$tMVVJAvd6*eamt5BMeU0wjMR
z{+l*PenL#)a%BAqf9^g5%m4To0+N?_`E4h%{Ds4to`U2Ho*04U18%czL6#SI-}eM0
zukbl32&DgjR{Jbu`3*`%k3sSuUOWf`$!nPE?nRbo;EH(!lHc&F&k-c=ur41}KFsGK
zNdAN9*?5pVgNV!oWc?0%oj_@Y!QiJ!I7t3Mj@)Eq`3GNX?}7Ah=n9Sl$v508Uxh4x
zU~c0bkUYcxMQR}Vgz!fw;hXTY{}xC-f~yf6zaQcgP{NmC#)=yt`Gl%^SCIY-A;u{2
zo4|ki8c6=a#M2HSd52u-1<3X<`2Fn)NPfoAbKvk}u(GT}mVfY1`!Y!0p|~9!e+-i{
zDv{+K4rE>g$wz!l4hEUu;M`k-EZ=Y={ya!tLcSRse;e$b7NN+e|2YkkPx$p8tUurZ
zFS`FufaR;|O+n@#2r)(pUxqu$M?vxt*ZzaeXRu5`iJt>&bq|5$8<s?hg7iP|@Lr8#
zzZCaAkbJ;?n<$X{g3T%0P~=&zZ3oFa>^^S>l5Z$Gw*p1pXg6qPjKM*R!5Jj4af}Bw
z{Y)ud4$?27Z4J&}2cE_*Mb^*o&UrdWe!;WD;P_FP+Pf7+9(-giBr{{=f8Ccqe01Nk
zb&I+&Z-I_67IrxCTx0~dT3GfofLbjeo`&=l(9D4FLq-k$TcBBq$-fvixNb9iIP@D-
zPJw6O->`Kr^4$C4OAjNwHN!Z`MGCZv1ymES{SB&#nV>Z>8>}Yo0hv41YnnI1hpu0o
zm+rn~P-aj7)vv$4zxoH7TS$?Ei1m5?|GxbPhz+VU85Fub|9@Zq160C;>d4>UkNyDF
zQ=mHP*Y~skV0C1(N3-Xz???YNdo_Fi|33W(sK)#Ceeb_UuSW0x-}|Bbt^ex1>b?Je
zZ-?^N{;Tz>_5T089?D<(uiC5H`~UZHD1Yw1O0P=q|KIbW{HfrY2IP)k-xL2s+|UiK
zHx)Mh|9<5c$Teqog6z)q$o2g7z4jkOjrafHHxk<azkB}x&D4VA{XaN3q<Q}Op7T%1
zP1`N<0i!NRg~@FOg+$L^-xL2expljNMB+W-J%4?V{0AEE1L=$Pi1qvh+E?Jl>jpAA
z+9TBS*LP2_yA<3s-F|%+{SO+s`~O|^N03{z+yC!^a61_k0z7|xHwN3N@WB7W0S8~t
zU*EO=LEI#v?d{?1`Rltf)GkSFPY+kmU*Dy{W`o8Ze|>)r*8A`K^Zy{X{QLg+KhuW2
zZ`is)si6UU-zF%|K<<|JkoWxc{qJ9SFM02O-_L{n|LgnLzp`Gk-v7QIhw|V4mG+YM
z{`Y-9l>hXvq?e@kzwg_j{JVd}y~Mr$eP0jdU;PWZDO1Et#Cz`xhJb(H7lU#H!-xNf
zdK**+ez5<3Pjml`ABXI}Z2osfYUW}4q|+HU^WBcyA3G^@>qy}ld#{&WQ&c=J*?*6p
zK6B>GoA!Ialj=|H=k1yGU8c6)4phfipT2FsdYKX5Q?*dLnj?Ga@2QvA@jX=&6?VC7
z?=Je?-sOJm5AJm#cK@2RQyaE2xk2h>uYU{=7#Lu6^A|S<UWZo)6+9W(E-`!%`N81i
z0Xq57A;F#D1Md(24-AeSPCffM+#H+|++ivkKJYexdZwPd3%@obddjd~x%g3@F=YP<
zhXdjT?x2%V3)~sDGVB*-nC3RcO~6uP|AH4h0l#j<zjCb6*w1soV?StL&PjHS{R%&r
zv_1AS{9x2(*vr7cRB>`smy^^+nf(Gk81;WXm)H*)@nB#$xv80*?Lv^8(q+(DS2LZy
zUzC5qVI_PSw0g_&6{Di#D@MnFA1u~F@{0St9TtCNw9$FR%p>!m!T$4wlbaaiIgCL1
zg5)&zPkhD9|Ko<lentfcxdL}-C*g~nPG%RiHnzBJ`2Fbv({F)81?~(V*mwWA3~DJB
zxO0PgkBT5yOmHfE&CK)da>3S(zZ$=6{?+_dM|v^n>_JweU##DZofkR8e_(KX=D_qI
znj`*|5fk`~QdX7ypcG%`_~kMa12=;K1A}70UPi6+Hw(6k@F-jWnY8Iw)7K*(6<AUv
zw|rD!yLNdK$Q+k14h*VH4}v)2Ul}tWlPY}8#HX^~z^%|N#WC0MGuSKz22F;7y*zFk
ze}DSO^jpvsbjOE)>(<|&zA*h332oTq@QM}01NkY);T4NR!Cr$c&Kb-f7@QatrJ1F<
zofBC0GiNYpb6n(oz?^ZH-}RLXi%UW@19O6>oJ+=IrY~2O!K$1yq@0}+INS{O6u862
zwx)nj2<3d>_==e);FS+g&?_Du=1Vi3IQCC)DsUIs-|f`o1RArzufE%fV?Rip$o`p5
zAbkuBkb80xGC)06P#?C#iTz?i1_N}KN&EtnLcv~zouKyg%>RrU8Mhd9`EP^NaZ2?%
zaa~TxV9@Z{KmV-(_x!hp+%0bzxEU1+_BuMPbV|%%yOsZ0F3>^J@fAZrLW0u+2f5@7
zS4l=C){mwPNuT9|O*I%lFgPYBFkemtpAu8BmqAJNqdY&$Eu{=)kceqQLWYybg&;ZA
zj7g3MJ}NL@a-Qqp`sz}VYKH1BhHt4EtiPB)8#^l}Bxfl9V)&YxkdVRQyy+u@e?kKD
z4c?0i6$jY4t}0|W$S5QzWN7S6$Z(KJ0MB9->`ln%aDvREeY?m2x(x_iVlXg#_z$Tn
zKh#hB{pmCFZy~`0FBuFA+?_HGedY>s`1HScmJ{bi#|%zpmi-JF3>u&rx&n75g#vfy
zjA#Z(?5bXH_+;!nODaf;QA_@|sTSL9#|)599TPzNpoAYVDl&bLXP)WcDL09Y{i;)j
zpo5o#Qvy?lpfiIK(*q_jpD96bBdE^`8qX|npWwuE5f<<47iK!Kf<_a;XYX3<?{q3~
zXY^qBkg*eVv^Rr-?#lun7B|qS#FV!Tvz^~aXoLDk3?CwYvblk3D25LqKMfi9=CWO7
z(D1#&q``Wz<t;<E(?ce`9~TuL1ndN>Rx<Ja|NY2+{tF;E1_k4Xj2aRbAu@X2|G#hl
zFR>pa6L|6e_k-XbHps1@zV(rp42+<@36sL!7X>|aJ3*>6!Kd4u{>Q=~v7b@L;R8?O
z|L@DdeR;Nr5Hlsb|9|iO&wCN%zF*(p{Q{Yy`~V^+?EU|H?LY2IAUOu*U*GS8WkGg;
z*3}mDFe>qQ|Nq|dPwWO*g%YdxukUBUYW{yO2HV1@a2eXS0>|%(IR_X{%yF>xvhn`)
zeaA0Qne+d<&p(s>^WR!>&wp#h9sEW>```D*KmWgL|7COg_x%gFHR1oE!pX$@*Z29q
zAZ-pw?qA=te?#hHDQ$fZea~OtCxYby+#=n6eUJT}|ACQ7+x!1_GjL0Q^#+5IhWG#P
z;{OhOsBHk%(Z9Y|f?EbEUMk+dz8C)j(f_`?f_vq^zGs8`_JMDtxD~t<ynlU9{sp4{
zeK&>5NB?3_0@azie;{TB{{ppt0^dk;gZTfxEB=}PmT|TA1891-2h~TQ`U%1Z_c_4*
zS5Tey>B-eS&tG`k{r}&;hk;>&ji6q5;{y8t`v_;Dp8mo;_TDd+I&KeQwCCRY`PPeq
z9(z#V7E;r{1BU?2)?eQr{ep-;`V9&tNJ#wn4XXKneP{XwY6XB&#7ap}d2;A4Bt<Y^
z{QrI4KTtbT!3`9zpp?VFP~cwR&b$TG-aGu6D-bmMJ<*Bn0^>%W2a?PIuLKR)E^tFx
zBKw&X7!{Z{fNH`21|T~B10w^77T6N-gGIV>BU6TRhL8k@!5wy&{VP8*vOJau`oZGu
z{DZ}tQ~u}0H_rw3K-MOTd}QQr+Q4<8_Xh(5qY}eP&~54LKNvL_FDkf+?FFTAvAqpj
z88n!#fM)cV_A)3if%uw?7eOpW4aN&h8cY`%KCt{?+6%hPnrScS#8e&zQ3ghZFW<NP
zWSGD>g=uQ08>_<VeHv1r(@F)lwrpT#5Mf}L%s7#03PgrcNs>W9>VVq;H<k?odj+<#
zdsezg7_#})xQLm6)>UxG21<0eGrBEw`f*WUuMPtPgAW4(gWtD~z;mA%7&$T=z7#NU
zB<%m}-@pHJe!u?*hJuIh1h_zTgT2cC{}$W~pwU|JknqEQ|NnzVZaW}}0xZVxf%^x8
z2IGbQ-w*v~Pyo3CG!_aHWmEu}(Xf@t<Hz??KR`ZK;bu@^_`tA(-Oa-7%Xg)pzn?QO
zFncg&IDRQ$WK3ZAz`BEhq2n#XgMZKeJqMZe|NEN%|G%I6Zvmd6(s29#-R1uZCyD(G
VDhi+*>KXn+0mwPb{~NBB0{~pfG{yh`

literal 0
HcmV?d00001


From 7433dcb95cbe59a4ae3a1a057ac418580f37f04c Mon Sep 17 00:00:00 2001
From: Takashi Kojo <kojo@wolfssl.com>
Date: Fri, 5 Jun 2015 13:26:32 +0900
Subject: [PATCH 111/350] Adding hash.c

---
 .../Projects/benchmark/ewarm/Exe/benchmark.sim  | Bin 79551 -> 0 bytes
 IDE/IAR-EWARM/Projects/lib/wolfSSL-Lib.ewp      |   7 +++++++
 2 files changed, 7 insertions(+)
 delete mode 100644 IDE/IAR-EWARM/Projects/benchmark/ewarm/Exe/benchmark.sim

diff --git a/IDE/IAR-EWARM/Projects/benchmark/ewarm/Exe/benchmark.sim b/IDE/IAR-EWARM/Projects/benchmark/ewarm/Exe/benchmark.sim
deleted file mode 100644
index 3a85061fd416d84ce7acffca068ebd00cb380361..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 79551
zcmb>TbPQqu0Y<Ya3=E8nASMViPVnGnQt&lnWJok)WJpHCAQhvSz99gK8^#F?jHWEQ
zFF&}mFz~ufaGUAo|AB#v<pRTpydUwe7`W0e`fk*4WB8B`<}qJTaAWvT{3GVUj*krd
zJQp0?7(PUSW!S(nX+J<}lYjU;*!huxpZ|h~8^Z@LuskPNJ`5}$`~##f;D_Y{j(OWQ
zGAXcrc>nuDLcmUt*{)y}PGA-GKRn!|9xx~}HW(%_DikDaOz3jsoc|rH<J#{Z2@}9N
zbig_^!8+7_fNWI$Vc^E_LE%UK2S$dyFFv$`Ot4H~RH#VUnb74H;06*C*vjGtvU$_*
z2MGc@K`I6Ig48J{Fe)S@FeofY5ZEiQm4!iO|APz$4ZaJC8H}1s_Ion0e%Sc?K?cW0
z)(>-jGblVrP)JBf0I6ln;M~ceB=X=u2E%Jd1}`~-A51)lUNZ?rYz&fd;NZ9bB3Z#C
z6PWybk?8|FgM(ay;{oT10tfh+UI!L3yne_~;QnE2=LS|c9yf*+|G%&K&!FM(p{s#m
zB`91wet>w*4GgMkZUzrP_JC}$*zF<5Fo9tPqlWx#<{1n#8D2Xw8vbCCxw(^Jrl%aE
zCc{MG+c2?CxELo~%n~kk^%lbnhMi0kSXTW1-uS;vhGB-rX66|T9R>xtGN7=M`OQAT
z0u)y4Ah#9#w{YX!@BtiZj0!9hStqbfWLUwllHr5N4|WFT3m{YC{=a<Ap~$d;;e+?j
zwa+u<7&YZ@GsSYpGKX@7I>>m+bvTLNLgn+L@!8S%_iuyjHu}$?0J8hTRu(s2w>3_U
z8$2&4WMpPEI*HtBlX;O*$iVvH@-IdPj{TsRwYiX$@giZ9Q(gk=t&LKi3=FTG7+61?
z{iU4oFyloAgA${*{B7Y6%xr8I41X|HEBs)p4w5O8`*CqL2g3*92E!jr*$O|HvV~+}
ztY|qH3r4@WsF~5_#C)q$3Y0<?{8Gr!NLY}uB7s4Hal?nb0b5zz8aE_lbU2CJ>XUf@
zc3lhHb=(({G9Dysa!NySUEME`-hjOf47x8rIP$qM>UC^jbrW}!aZ|r#>GuD7(|-mX
zh7WTa7!(&KC?+r{C1*U$VAMYFX-WfwN|21=4<_$fPW$$Q=pY$nR>P;}29O9y=H+dU
z4SQdFXavQr-Y@0}3ZS@UfQW(e0;2-MM8*kB6H7KStTJ>1rNFbGyv)IN0Tc%X{~X*P
zYAxL~-2Q*J{Ljh&kxBli0hQrb;Mbe>`@>h}+nR0`ZVVq%e;j?yDqtwZeF4OC{K5W!
zVLvP#OYHWLvq-SaVAPbp{R5PXn2dff=^WY#O2d{3f}r#Y7O8@YaKJ^3pdvSKS!6Km
z+>wy8kzob@36{03FZdazyx?bG0JB(D@SkV_@mBo*F7%H<0pj)#TUas<WH2gqIWW9-
zVF;3IkYi9i_>rGEMQ-*ct}AREOt0A3&pFI>Fm+b=!4#PyXY2Om>W4iA?hFhcw(`0$
z>Naj*akIazn9=LRa~o7@C?q6gFlw0Hc4T;v!3YXn2i6ZWc0R~pQ1+8%)MI$<$|QeV
z>;p49+XbT^Os5roFrAK;sh9h4aT_?T89~#Zv@DEOCI@4|=r<R;otST(1gEs@p9&cc
z(h3QnR8|0XkBA%BErdHl!R}!F5dJgZ0b|C&*NlR_PKs_z_V0aB;PC%@!oL6C<Nh&d
zIA7#fnELy}w_~r_1T>@|Ws+hB+v^Jj9Zqbw9%XP!c``7)c3@!rVEl9KCVu4y83sSZ
z1g8G}{Q2-}W?@F9*HW__g5(4p6n=;aD1u^+f#HFt9ESy?rr_;E9gz6qx!u$e1db>6
z+fE%?U>4JDrVa+JmlqThI2btgFHB%iD1fGSP_9nMVA2qC6T9^wgF}(^!<!$l+|2Od
zTmvY_uqd)<B_^=lI`ol+5tgSP|3LViAL{p;Ke!$!W-#ttn84T}`h!th(3!D8A;UpN
zA%Rivz^B#*g$zfTgp4w|4ky-I3U2?uYy1P1vU3^~GeEJ%sLAAJcU$lSGY`)N@eb!#
z?8?zB(L72&n5>U~J}$B6BO{Nq+oy~D9O@S~{a`rY{E7!GFWhkE^KrT0j>Dgi%lN%w
z28#tZOa}4ge4zZv4V!+j9XRv(xUk<V9v%NzK0f}hVtf|;U^~EJR4;e^qVYyA8Kne;
zAA$y;x@YcfaL9sl0E5=di=bSgm@o;R2N<;ap<*3KVy#fI|KIA?GrV?$>aPD%wcb-s
zG2zm4<h-Yl0J2B=_5)B1f>lEDo+3uxQ%pe5dx{A+Zz*Ij>|Bt*pa3dSKxLMQ+X5$E
zH`WV^ZvVe){{@9<a|0xuDP$N(fWo}Pi3J?u`F|NSN-py2vfegy1GNE)elTd{Tm+>?
zO{vaJ44PIK7!^7koaC<jU}$)d!Jr1ppF2J>^3UGH>ZWr${?&<cj;s0|>c5!3^*hwF
z)bofrsQzH8j(-)wBYpua{;%J`&bf?*=@lPe8IN8=K2)vWD|U8}`uqkl2VGfETt2^O
zw~^x`Bco!1!VifAg$zawmD>+85FyXB8xro4@G#y5PRWW10&tNcs0ceqgaK4TYwYxp
zQ%Jb}965v-7z(!XxH0Omx*6Qo$jHo4kU-R3EFVh$Gcqt;1l3&ydok-SmJj*=H8K<>
zG!tHc<7%?pqSr1=ljJ<*7CN!rHu}L7sr-W}62$v)E0KZaL&Sej&ib%b)Q#P3MFyir
z=LQ}(IX6(<$i%?#VRFNQ3`Px?i%beEAGH6oPq?rVQuae?be2_+lDp{#I|D1YPA~Zl
zsrNzZh5s{8FxUyI=`(+WTnnm`A-WkSFid1v(c;83k@W(@N>IMi{KLY)agjlRX@aqv
zmK(!Lkgl!&S=>Oh*Kbgb;{IC!+@jEMWBkzemr=v+f<^|DhT83y84hxtG6El%ncTnq
zFJ}0_2C9=!&vBK!7$o=eVgm=`MMeer2ZleGv}ZZ7>_?^9FGBdt7aio@USw3@egHDP
z@2_Tt0|TQb^X-=zoE0b88Ll{NWB|KM(apk*@x$i7V4uK6SU#Nj0TSuXVAPh`&z-@b
z4T>Emh5~m+ZPweTGo&kSvwQ4k_`tYB`myfI56*mU^Ea@%8Duc1Gipq9W54|&gQ4O8
zd&K_y4@?XWAK9CkRxnOrTg|nCVFKSOv6VtA{(rao1<E16nuJywxc&b=`8NxL!-oe=
zV$gc`*?$oKMiU=cZ3|fTViVg+u@(Qn*MfPcnph?<O<<nEsKI>Ok%4sv%ZJ#1tTP!E
zI2xEHIDBIC;G4my5q?{62FM-3SNK-)tzi71^$TR`+9s|Uj2d>gd1rD|9ALM)$}>Y`
z)&wWk3tX#&R&uRi{IK_z?gOD&T(f66soa)w6Pi8CN#ZuwY{u74jH0ucUOO{&%1x4E
zP-b`#EyFcuv6Ij(k&cZ&7#@_k@?JLl!Q^T5gXv|7>xWC=T7{oy0@o_8l|n0+9>7db
z0=quDi3@Dk!=E4*r8F&n&NPEzC(8u38H^eSK7DE6oWTf+rH}6$*k`iMn&>2aYl;jg
zWk382%_l6LkJx8%PFUo`K85wxLTDS0<-_g2oHN;G-2EYOfbq2h1A}st94MCyxba+>
z%?xsx^Q$;!g&$0od><HDKr+g1pRR)J)VK{&56Zg+yV+(q$T4cLO^}0&J=h5o6M>6O
zfQxa##TYc0_JdTiO}KJ_=>gjehMgP}m}W3)sNQA;$AjWkmN_CbTAWxfFs%|=$+Uv;
z1N$$L2Ot*1hok=lJ~HyNTws|3kz;$10O~97vrJ%G#k5jr1>=XK;MhCY$UK8-W`~o|
ztsWWH8K5u;|I5f=|D|+2^DNd0i=3EI!Xx-E>rAE@cYkn@5FQ{G|Nmyb9u^`D8ued{
z*E4}bg=xb7Z(1laYDhA&C^C{rG6G04O#4A*F-<sif&IC_433!{PCOSFHAF9R%n+E_
z;l%Kvr-5x1-%7R>j2|j~ZhgS0!M-2FV_V6$g5iS^IFw#qfaqhrz_$t{&iEnur~U)B
znS8S*I;q_jbOWUrsoR1x`DXEf(=8`jy5%F7ZUrXrf!)CL0A>RlIQ01&d1kQ8>;UH$
zCU6Q?`>FqcX(kucW~NyaouqE_&g7Z}$uX>GHWQm;n7}y(V#7&r9=X(z_ka(a7eGD)
z`BdsQ=S;R)Y+xS>qS?bn(1#oo*uY`O^Z*vxQ^EGkYhand1NI@)DlTvu-TFiS0oP2B
z&p<YVd@6ODbtcm+Ca}%CXf`tuv>B43xmGYefY}i7lZ7GiBHs*yjrB6_uK&L+T$}%a
zi6!Cz#|%ad_6uw?m^4^!an4}qVA5c?1nRppv3NaLo53=JQN!foh73jx){9K54BbHa
zDgKAX1H%lETjg(eIZ1%r33lbD4Ahc~Y5r~}zFXoQJRQrOxIpDrrO^*2&*e@ZFF{;q
z;0AIX#7xegEDS;yk3VNx!GA((9fL~S3x0-~FZdal)`3`3EBH_Nxq(<Ge{ci{t@!u-
z&VR8L|GwY+&$r^=_iO*zR{Z;Z`9If+f8Q_sXIk;^``P~rZt|dhLNlm8!REFiWBCR~
z4XOPa84Mbr+Cs#Q;lth*p%si1xK{J6V3;7bN@}ItihtkLz#{`2S{NrVOkhxEP-0sN
zGEEvRy0k@Zm8KhL4CK@wHU@_eEiF<jHQfGx&-el2)wamZVASBgtq3lI*sn;<VANo_
zEeqy3d_3DMwo-1z|L;LywdpNfE2UQa|LzUuCA2Uo2u$Fczz?lu1ZS{((E2S1u4VWp
zFeq?LV4J`WmE)Yj@<HY|Cs>Ycf*80QU)UfCwuRy2oCdL#Vk;Ovy!;1pkx2`vc4CIs
zPHb0%W-w}0+!h6^Ex9T)Lttj36YE93RZ`$QU;1DBffP7zE8P}!lbSWrNfIe<%c7+}
zzImIS_-=`H@OSKk#B8R~52ng}P9HBp^0d?nP@V>v%=keD?8~>!A~O`gDPCxm+)AMp
z3?FR%>phU0DKu-Mlj?0jH#xA4qBDhN34zm+BASgt^ENvPLTv=sfp8lkb)d)up;baF
z<yJ5~fSLc`KPVJ7HiK$qh7a-JFj>_s1hzW@%v;<X`y5h#fa>Z4p9&gzp*3Q5BR9CT
z5xzA|rV!ND`^5-pIkI&;=AOknVUrX0G{mR}%ZH#}yfe9GaLogi=AinpOisX!8&Vrq
zI=>1B*M{sL7<tO%lHERE1=)sN7jl71eJ+%`5GICP7sA9)>q3wy7q~9un!&J>2V562
zL+e7eE1-JU<u)fc)*Y_0%#)eF&k2;1rB*VnVE9n=Pw)YRW$_zaGhSqw4yp;IRxm$c
znZ~pVB4-T_NuFkoc?vVyoLDcgt&&^Gwu0e9^godY5SAoF_XUn=5IMF71>kxWQvS)U
zVE7;jHse(jtX}PtVVwaA+0{Qm^=c5fUftxxj1sELe}d{&CL%)>RHGt?DyaTr)L=ph
zRhSrZsKUfhLlq>-1P)b5n~8k}8@N5tC&LMLw?Ek3-`0WJN1L43QQYnQ6VyIpBhuZV
z82bNh_c~D80kw@lErIRpKrI|l`{@6-btp2ckYpC3$jn8OnSvw(Yb~9+(EUsTT<btu
z0z5M$z%7Ae4P2|lR&uRi_)z@!9k?X`;&FjX65U^*RPpixL?7z~u~iW9xW9T2xMqq$
z^Dd~ilDsWBQ*4$PIPap@R$>J5uEYc}unU+Tz|3a?=g-TH0?>8<-zp|>DW&vR?*S9I
zlme9*pc)9dltOO@fJ!NRWd@|I0<{8Q<{$eDDl?`xihx^8tQUk<v4P8rXMgk_u))hJ
zP|HX1HlnOTZ}|{cR<VK0Dv0@AV0)t*S3VE}mpdTefkIajsg)y%Rw8l{2vtb0Kn&c*
z0mUf8hj6eh8jURAHXx{d%m*$7%Kzv+-~+ckK=y)KJ(8e09oqIlZ}l({uoqId^MP9)
z5c8$M_P%N0m>~kL0oYavfy)o;KY9;@z^yHiy`Y*v5~;O?-Vb6UU@xSs0ri4l=HCa`
z(;FJZW`Ock#u^@QONR^G(&2@+bT;hH|G>mH_W`H}4=NWm-9Y8yyWbiQG_kaBUZJ;e
zaMpv6P|yIka3E&R_`}AKc@fl}Isxi|&+Ks0zTN1A9MafKmxR`NqM-H@yv_r)l9bjm
zsKLf!nZRSQO3<-bvj;3QS7l5D_kbXFxBb?7z%*-ulhW-bP<w3#(`?XaJ;c5Scux}+
zv+N!FoOmxA{9uCH=K(IwG5w_XhmB#z1yIXL<hRs{f8PavgIZ;Lzd<cA?%$xc8OLu>
zYmN0cs2#=h8`Mtw|I5HleZz;n23wdixHBd@3EiIMBzgNl#>otjn?OC_2DwgX-*>W;
zz%8B*){Zq!OqUGyFe((d8~kAMH2lF7xyI@JC4)WwAO0H@xEt(YP$+OO*vjVCv4Pi3
z#EnUT`9tA9<_Qwek@o`VYzk!DonbYD5~Llc`Gbvt^#a3+f8V$MGH~PAP_UP2#>$Ki
zC$<YpZjia5O}|*(_#S}Az1K0Qg4&<pk#BID6fyGs@B7qWps{)AIIDZ7+pG;Ye=rEJ
zx{0{Wa8uj~YH><|TBGe68I4Xxw>zA~Z@<jA`GZG+@wEdZ(`yH$-hQ)_5;Vr;kYfDP
zCD6<u>jg(Q4Yz;a^?$RwF+5;U2hCNyZ$ymE9{BX45i~;1{DJG=qlXL%pjIs3YNl0e
zD?#zG<0oh=<VGXvhz9eAFMnYp8k!lLI~f#29=yu%kYjr7$avs2g8*pGD{`ZQj3)=j
z1rW&!CYiwG=Zhd;f@bJMAKd)GW8fvn{MwQ6&}$|kh^`>8E)WTtqx0kd&Cz*se7@Kw
z#kHc<iR}W{N|0|({9<Qt_)y=-pujVMZAGK2&_!^Yca@<VD7Ccy1<4jPLi!&6zSn~J
z8I5KS*j9SD{rkT17dykV3-J$OW3HfiJ0@@&Nd7kK3?`&`J0|eF9TUpD9ZU>)-VP>q
z^%kV&2c_txKN<8GK7MK7n87m>G^Wjbfl<TZLsJ7MxV{91FV{-875~3a{l}<Lc7X?4
zdvJk6p5eoBaK9N;OM?1#pxOhu_ljP7aLwQCBy>w0G~RO{9Wven>NlNCM;q?})gLe$
zvcO?@w*geLLt6Ea`m*b%4z#{hzAfkmsxOgy>=^as{M}CcaGSY6=?`u*W?g9jwsUa<
zD7WqUBRT=pXJllb1)f=ER1lgdJV9h4+X}Xo|Gr=U37WYCl>>}FyB;tqg5vevFE*69
zRyOdcl>BYZ8Ei;##s-cvHk3Gni6O@sOzi3{NP8Y+*XbWj3JmJZA9DUMXh=@jaDlyn
zQ9*oy*mQ~MOyFK!&ri@yJj(@8{BHdb?q>UdQ4v&1E&O%=*}9CIKR6iLoOt&8e_-J8
z|G>zzWg{r(^M3T;>wCe^z_)_`#4<M!OK1iE3EqzuU{Qq(j-4R&M}BY|0OePa3o~Bu
zGYG8#&5v=d;6LHw24aD9aDl~c{9s^U*vX)F;s-|pD2EpP0EJBc50EQzet=5P%pVqR
zkdgy5_Rr$R>xMcX%lv`+4<mFwHWJHxEb|A}Kbjdz8CnSp>Yy12Cx&J@(CD@kLz~>D
zkBmG#SN1a-|6qFQ{wj`L?FUmO-v>qx(1@M8+o!9rnOEiykAH(^T@mpGnp4zB&;-vZ
zf=q+VfI#LoG%@BiG%@BiG!t&#(#T-g37W};&1-PGHD=7oSm?xZabkibXf1)G_5;=o
zxr}vAinq5qN#8z}aX*9YwJRI@YghJda{J{#;mq`aVL#7DMxHgU{I|CMV0f_Y2SdX#
zSI*03KbT&c|6uAo=KB5;quZ1O2{*<EFjKEQ0MGrpv%7V;HEpoSxbcI*p~Xqmjro?E
z8;jdcH^v8SZU@~GWEdtS%4B48I7!}O`N+)mBE$cc7bEkBkl(P-X85qC0W^mY<a+c6
z%L2Art6nof=gXKsc>mVSNRZJ;U{L;*apMP1!;1_?y*X}%x4*OVUN!o`WNq<->2$IS
za|0+{v3LCD2F;d$=Evh-h4C?bkZS<VNm~41S{?3kTavkf=OYsjOci?rNE{>&l5=iw
zhw653V36JSk&*A=#br)f7nZnc+*<OQhXqu_JY#2i?Zd<gvNwCSBy$5>$7k*`mNFjD
z+<OX#2xz_(EY93<j~g@x#|*OF`m=;{gBw((TLXh^irlM<3O|^v8D@1k@!SH<$1{Jp
z@e6&PnObRr30zl#<H?oXP1KFgEhD3G!}T8w4JH{5u9CMnJ~F{$q#Hit&+y?k&KPO>
zrI~T`2SbDZ2L`@h8J{y=WH9P{aSOdI@`0I67!(H8#y^-=FMrL&zWg;GJ9`5tRk3&Y
zzq)P*ikmVyg&$1SuP-j)umP#fHvYj>{Y`q=Yd$u%2A+>BJZv5QuddmFLY1unBxm%4
zDH|g1*5C%0b3>DBYiNVZwV}x!Yd8j%JJ!HqkRo^J;t|(|PZr?VS^S!h8I&#<*_b=-
zfMd<g6%;!fw?L^&TAI0`Oa@g(8m9~&T!!r<BM)<j|EtS(pmcBqY~u0T9j-jL7QW_S
z^kiWEaQ`Q5$^h_;e(Q&=uri==1M3CG4bU9xp#F>{LpEcnlj7|)P7=3|X57nQeeJ@^
z_S%JQt=u*_26cu9^)kzygl=v7!Ej*f4~7R{TzM{={$M%@Dh0l{ez@c**XekYe_{fo
z8>}1v+vjlpS-}>@jK<B3n%WnbG<9w>C>_WU{J_lO{_TG$`vta+bxs`ngJe?V7(OyF
ze81SuA$)<QV~vwb2S{{{Qwx+n0;NHs(Q*tQIT&7FWPE+GVAJaaex}<6;5KUkxP5A{
zg)t)#YMbWm0~ua&p!GwC2)33O6&aQJRoEYRvT*Wj{L0|JWPh{_qhgB86eqS@20w%Y
zc%438gtUMmEo4x>`RBj(t3)lk8%M^DjgE2$Uo(o$n0Yb-Ho_3Gu?)O=3PiGA0Fg{!
z^7BOwJ;qy1s_YL`^>*xMR%O23tG8u8iz=%ssE$AJLwqHJ#)(9y3;rJ%IT)0f8W<I1
zCU7NY$Z`B)_`o%R%}sm-!)rDHkqInr9KTpU$W9WTzz%K=C?*{F!P2lWp-e`=M0iG<
zllm=?c?*6pXgo-Gcadw(7AMhLB6DA46l?_5DWLUW%pX?%c#*-ek@>@v9}EgF5;PJr
z5>_On$OxEjae8%Idd1)Gcm9B8MtQ$V*Y17sp?}E?hut%09LQkkI0%^!WO4Xt-O?z-
z_<@BH6v_g>89yER$iyW0o9Uy#Z^jP|a)Q4ZJ~*&A@T~oz!Z33NLxv-RrwoVYw*4#`
z{NH9;@PF&%D1X4H!Fh4!jQc-IIzT2L_{!h_Ql0$(<a);+3>rccvMzw;W%(zb{o&9c
zI1ywH$4&+n(Ffo#7nz9?<|*JX2a&87KqM2G{CrVp27@AFfnx!`!j#`1z6s1=`^d=Y
z;VONL^CJ_N&<seuBk_Zgf%PK)iof3zK>lVq^H^Y((1ak@vp*cr>K@)7pc#IlnP-34
zOi+*l#f;()F$VrsGiUOz`2RiZFAIaje*P5>A67LB&A9(#PCG*f$WI`XjsGwyFnzfC
zp99j8W100B<TpkIwh62g*(WZU0qQ-(G|imJx`OFL4R{u#y&0rq&wpm9jykXohKY=d
zj1w6YnI^K&+L<xYiDy59BBP?%MAliB89@?3G9qpqIt`y{8(3%0blS0>+l^Jb>=u)b
z;O%8Hg$zs|7XN2tVE7Q($T*96!X_t1q;WN-5A*+9WU$WUli1?4Wxtvmr(VOSWeoxf
zOdqQMvoJ7xuy15gU{D0DKDpAM<i<Mt?hl0n*MBf9Sp1QZug~?w{yw+g84F+YaWcR5
zWafG8$Fu4+Cnw)WM!t`(EB1eM+xd}^U-P!)2WCEw3!u8d<_FVGP>ss{n~UMw#rRh<
z`J_PNvu%Dbt>pU6$zc402`?L@7o_gVMQ4@++@3PgJR6;qelS^Yy4~`CLyKin!>5N0
ztg|LMt=KQ<#-iEq=~e?G3>3j(aJ>Or7|24yfMv!8CzV@lZXo~v{s;2^{sxHuLvEAq
zdzJ^BdN*%_=7WMBf<i(I91;v4I6?K&YFdTG>e~!68KyBPmCG>CVANN*E&hR-N7;=X
z6wctafk85$w&?eZ`#FT*VnVXU(3OMraxfN*esi(Qi5uKHVfxVd4^dZHP<<_@f*aEZ
z_kX(|ERjiIVESPFj}MvyHa}ocVASEBz%zw+0`qOY8Ho%`A6)*i%;272ks&&PK|ypT
zqh{P~mYKgY_-3=t6X^h@(LSdW`}siYgE<-X<lWA>+24+Tb*xJ8s?86k*`QV}=Wmvu
zlE3=?`M>h>^nVrUss4j$w*RYpmi`|Y`N}vLK4>)9{9xL>{RhJW?%yoGrGIt(lKR#8
z)BlyHm;b9MFZCZxtNmZyw8W>TOb(`s?;{i6^^13Z2pr&h&A^i4x?}(H9}E*j=QzmB
zmYF2uDYw9B@onxIj2fD^`DSp#`)QiHxxxK3?uoLX)j5oy-v7;=FfrtHvM@1l-wnKq
zhe3m7zlR+6gv%G09&pcK*vUJAdj<aqesKQ?H15I;X7R7!KfwTIaj*FM{oYRo70}Au
zHT%V8fL6Z9Y-CvR_xt6ab`NLHlwJiI&-wX}#SJ8O@+X6i!w2I=KF};@fnx!q0>?~_
z2G$AEt7gu$aQpZD=|9lQ2<1kumEtQnI~ZOwid(vYYL`0jJhXTtgWA%MjGO`wEZrDC
z#Qb4UWMSBu;P8RFaqkZm1&|2`+(G)88_Q(;T)A&qxG`pUF$BqQXzkd~r1|6)NLTRh
z$IrQDxXFO)MscABR&LTOmwyysVEmx-1Elw91FBhf8_Hw^%t5u}%iA+%Fk~>OImr2c
zVC3H9#xh}}8-u#&1CUAVf~>1pS1^9y0-JFdY6j~Hh<kQ}+PRzz>Wpf;KQeMFTx6L6
z8pRjB$fW1+VM+rie;@cXp@DUV1A~JMhsK`$tTUK25^u4t1ey5zSHgoCGY(|1%ry8R
zxWGe>WrF_)e(qDB8%#o8u`&3+^5VL3fl-fRKZB0UMN|`5peEe<#ryzb*5Tiv5M!TM
zbP?i5i2JfHZhp@Bk&$!hYfc81Uko4Eote~Dx~{y)pvDi?w;ZZ33`L*+#WI<7PW!*r
zuSd1_3Dn+szaBq_*xL@(Z-$~@|6)CZ`!CiH2iSS9vaXU|$-08!L)L#524xggG8cD#
zWaO;>Qm}r>41=A>?&iP93QvWzX7Hb21*b<)8l5!<)URhyVO{a}`-C5$^wax;Yo74T
zJ|{7>b`8@9+drUo4bumWKZtfsnT+rZ0n;|8m$wz%U@e-bW(*9P7NEA=2Y+5S&`M{G
zj4MAFCO}sBO>hIPs{H%C7Cfex->9I#^x?;E(0B$1cx^Vrhtx(j$VyASKsP2gdC>Z`
zY{wrg+0im;8JnHNL9KoyK0g|t9gTngwpK<ELy*j5C*@lVN{&BRw4-HUB2pM4f*2wk
z7$UcCYiBShGHM68x!)Gf(9gK~gXe(oZ;sEPz6XOEqy98E!`t_MFcg5wE$-jU<>!7d
z6qL#6XY6xQy>;&g3z9esR9y1by&oJ%;v7(M-dp#6@W92(WX}EIDd77kzy~tx?CszT
zu?*(d*NlS`JY}>qgk)zrZNIITQN~av!}Yq6$y;Wg6W8lzMuXdY89_f-s@Yy&H{(l)
zmVv04=cIDm4=(P9Brb8g4=&z^B+hgD99;Zdf`B2&oM@RcnR!m<ZfR$5y>4b=P>hyg
z)Yby6oabTqz||1+gC)C+#Z#t?2UHh=dhK5?&gPK101=1u<2hxKdDz&|pdM`YlZz`~
zGctL)?%5y6!1UqAFO7_c84fZG4;<teHDp2StDx&sL3~j-ziB6k&kN@}f%&X(K7-c1
z3knIKRjL7QOdt0AQpnKEXmpaf-Qgs5`(ef_P_F}HjGGra#?1*DV}#B!e7Xc$n-6Nu
zE4gX9DY$`qY5xDd|Je^_^@H<*Gp`$HZMa5;BZI#ThyITJEE*HtSZ~4AJEuKM$k^e;
zcFWRD!R^oYx8Ri<4;$1IG%`SI-kKX8W-z&Ncf8LK{>=$aYsc7oKy@!4?^W|3Ot1I+
zU`XKm&79`{%8d`ypZ9+y=cn_7DLejE0Ef~A^B+vvY`>Y`fmF%;Y6I2CZe=_mdH+}U
z>_D<{&SJm%{z2ux!A#llk&y#t(w&R@J~HrIUD)%3!Jyb>%?}2H*_-Zj`@eE__J0-Z
z4C3ot*z<$Qz}jWa4<<A@CIh((dw#Hh<yg?<SPTR%?D@e4mSZ!Ry(#|HWjlnaYz90Z
zIe3m-?34+TtN&8J9<&Bm_4Y$h+<@a;Xg4U16%wT3v3d#|%L)lXa1ls4P)OheiGb^P
z22Gaz4xlx-7nmMER^e)9D7gLoF8hPxG|-Hc2AuzW|FsXC2AaWXz!6j)>SrWmR5Elp
zO>pD71&Zk({|q*Q#u6d={(XP=??DEmKErEwM$ky1?(JXf+*b{MFr8-V;P}l0S{LpV
z1R4X=_J4K9rkX<*v`6JNTL;H)zC5{KJ%9XP`9S3je=tGCK`Ie);2Z_k{SY)VcDhPN
zF#|L<c2e3?&Xa-ZgD2Wp33b+iL&CM^c88NB&b+n%TkU!=(Cop3GS~lK%GVo0=J8&Z
zxxT*yUq|l5;?}Z(*G<d~)PuYI1GY<r1vK*31nKvI)*3TS)X3o2$)K(b>CuY61f>{o
zyY0fpdKm`}@e3eQ1WXEo$<G&g9|XxXIkDc_{Da{DXwB*uSG`NHSP}cD?8dMPk~i)C
z#lK?URJ+Ki$9@5{69%-ODFL(-hEwJuX#P#X?caB;zm0Ayc0zo8=XQq^|Ls>94>LeB
zW}um~$)I^cr4!E$e=wZ{jbeXsJ$Q*>#h>rz{&=`Se4_jEgA<DzWQL5_4YY>@w2t>d
z2GfViAK+E<KNB)IKQglKa1yz-54?wn=|d8HPlU*YB#b>oOdn!?oP5nG$f%GhrJm5?
z@GwL1ha>|yT$?~U4I$(7Vs4<3`oat+nTbv!w~otv$f#ss`d|t-x$r_!#)pJmPUQ)#
zw{}9;)iQn1|6!Q1AY(&<{|5#>^^8XuA2JyAzqlFRj(>H$LfZ{Ic6^%kH_uo9SFYe)
z4WNB4{;#gufyR+*Ib=a&lhyIg;=lU7`@eGc^M4iRr|^U6^?z=oA55>AfAjs5`_+yj
zlPd=r;RKB@KfK8Ek&&re3Z%ZvY0v&h2F4FB{wrjB%y5tag*2#+;IL%W5WIb=qY7Ly
z@Z9d|2m-U%Z+mrUfmuwqxxhP53=$Z2Zh-Gu_~Xy&*1v(zjY)y=!?ORdlqLvDY5ky-
zh8Qo{l(7;%UcfogC__8rqJ)nOXtdyd!(^u|`{mul-B|S-KHUKKm6yv@GBAGV2KSYB
zHiG)fyPO!OBf^vML;HV?48sf#i590N`&ryLbs9c>ZV*sl{E+;goq^%Q{6<h;4OBY#
z-?nr!%J`gd^#{X*MIRaY+FV!cZ*zN<vEVfy2h(d0Cg#_E%qw4WaDYY&KDe&f|G^Ek
zPeSXq#0O?RP#@Xo2h(ihA51Huef~3`@q!tAQlR+gHvYjhlk+#n8KWOec-bJmAazeJ
zg32BTnIN78PKrO6z$MHEP(N8IS%!HA!xTns1yI|7)y9qOf(f)I93+zq-&beygDG0!
z2UE0=EQ}Q`2V=o#L_eAF!`FYb>?d1*R{j55@DLP-4;v;s?bt8n#-i2m={8afuKEWW
z@wovW?Ld#gW&dC?D0B-Hb8Y`XF?Xl|7IR_Xm_x)F>jO|czXXqDq&<8Ejnlyrk1J^y
zkAgIh$Mb*pJXkJM!NB<8@LzW5c*hpdc!xgA1lH+n6PRza&j97fGk;m8Xk>6qU{K(g
z$*7rd`&9<}Y(=+gKNuQBJFflUInd#{Vt)sy&BY1IMW7K6N6>B~lo1bBoFg9buOc`Y
zK4>D1d9V^O=7FgO)Fwk7^|*GC?==JKQYXlW2gh94h{p=2g||U#b~JCZ&tO3s@n8Xu
zc(9<1c)-MvM?7F+=p!C1;1Lg&84NqwCV*CwKxTwNy-5~uzY;WG%m8MwtoZXi6+Ys@
z2_Es#*(orKe<o;zqXj(D@#lNUPX#w<nF`w5>d)rZ;kF^;#t#mG?hPHFF<1rANUn$*
zXwKO%!$~4YM%0Z%x8c*hhDN6?`?=ki-B`67K3#7}$XMYdbZfoLgA7ny-uVN{o7);e
z_24e2bfnsf@xzTj2B6tf0S<{)rzQJY-8gj{K79d~ubcmXa_MZyc&u)~ZU0y7OgDZo
z7~J^5bKn|$M0UmgKDW;VMr3I{4!IIMCcELbVuor0gHpE4gA8c-%4X}vcER)qQ@6qo
zrf%eY%cjsWS4bAdik5@1VDy`d-BMjnT(>~AsOuj@`3jmhr%pQ%RIalBS@4iUi(yj3
zrw0v<PCNE<xUpz}#*q^;CO8S*nhuS@-@idIcon?26FmmM|AxdMuLQ%46;8spSlvKn
z?3Lf3*xLgcP1X&)Z3Rj*29Qy7P@J(m;M9EuDq$HCAASbSZ-e6$|HwLh;&BxX<1z6!
zt>RJn_nrq+Wil8TKZyTkft0HZ;Br-$aRSp+<_XNVS!QH1Fn&<@%`k&;f<XrB1O^4x
znT(q8w;5)B%DDSOz~IIYh62$JQ10q?TCtxWT(&am%R$GIk3&n=Z9f<uaQ;RuS=Ern
zlI!7P$=kqV$(UuP8q!!YE;aRXFjaiuv1Eq%pmKGu(~kYielSd6MJiVp-)01lB(uz5
zL@HMq!R0C=O1TOXLoQcgV(8^6Be+~;oWZb@c>?1K{uAurm64#eJB(l!`wIROs&1fl
zlZ-2Vf8Y6!K>@Tscg=pbnV>!Y+~8Izs14uX#tTaK44Ke2{4wzP2aF$r;p+{Ou&lRX
z{NVdb6I3cHfL7ex_`z`C1t^CY?D@#Z&*o-xTjm2ZA2(<&!`uCp3wW2T+7G7c<=mjw
z-{*_*ujcTmUXba4$@#yUVh56s=~&L~_sWGOg(ZbY?FW<h91InA;3_zbQ@|rdAayq{
z%5P*;Hf{)#(Mr(D0F_BBw<5vkG%$Yn`SZpP4hGl?9B{wdpUtgtgFyzbn+rom#sVj{
zTZ(QPZoj{KgU3*AHE`;z0PnPH_;dwa${+a206p6P+&AwB&pzqI-Da2tD&rZHSAAsU
z>~vkRztin|#=_T}9PF<>cvijU;Ntwq$bHKd)Sh0k|CSraM@EiauQT{p?Dv0_!L{on
zBR~6VPd=^NQXiN(Ky7Q#EQs9?rk$Yrn)^4WF{o`li$m%HR2(!HXH19<(#!Rm)A-3n
zhS$yvr`cJqD1KmMz8%f{o0$PNJGT&A6D+)KkOA7ms*%8;1X?4ab(>)}XpIPXPO!S3
zB}k^82eKOE+r=du3?HOH^JCedks{E@9As_^#xwrG1ebxaQ=sE;ptyk452k421XNl>
zGlTKN_aCtFG~JgU{Mp=EHyC6vOmJuTE5qXkDs3Ks`q~_@@#32e%u^W@7<HK@FyGE(
zaByS%@Ztx<j7k{>CD6Fplm=(H4;hRT*xcOR3_7;|U^w95Eby!6YX*x0PcDN+gD%hA
z9}E*fD=-3NJY3m7GV!_IVw?e5&)Xmq|LSm+&{cyUOuP4i%N3sA{;#~bLGx6hF8;4v
z!LwAk40=D9R_pS_zY6BmxPV_RNab5@Y-*%_wSxM_UbzgqJfOKR&`3T=^|gz!oA>=-
zU=aP)@HK-am%)KYmq+gh6Su+zsOSe*mRyiXv@3%yk0@4AF07)LFEY#slChWFCKD~!
z<n;er;d;<nEF7;LA!8)qJ?rAPVf+bTK0llv0Oqs9`3xEy`#t6EUQoz*mZ6xyJTozY
zY39O&BR_Z=+%`gXARD-W_EUjKjvovPtl-iLly^V*%erysc5PsD6LD+!^rC?y!!QHU
zCU}6-s$=-@5!`3KjipV%@Zs%$u9*fIoEe~29p^0p1%?l2{<AaifOpM9N=Hyj?-RKG
zhwwqE2GolVxNYgiHA^UiYxcDt3=?i=AbMq=2=t^i!98gXP=A>Q{pc0&e)M|W?E~<c
zA>_C77(N94r%n5S;e+u1{SVg5R4_1nV26*Mz(Zc2VFKfHP@ZL;QOUsYf$u-VRD%qb
z2@DD>GZ{6LZhy*Po~`M|H4oJLy8A=pfLO;JtUWLXj2;*p-X53+sQiV_IkOSb|H4!Q
zDw8q#Uu^53{V$ezu>RKur}?)*bG@1<r!Z;mhMmHMJmU-#LvAO)#L(Lb4B&PG<YXpL
zuZtDjIsmm3Am`eE=K8?1dMkc^U-pYZ0UF}q^JyS65F9%h6hUj{L8Fn5pz~yOKqtXO
zZS<50;^4RdB3Z#C6PWybkzZ-z?@ymV>%ID<m^8R<gI3oYNG$j$zz7=YT=lnMBj~&t
z$XF#}q>|x-%D;yhpc4la5*XFW<QN{5$?)sx+){J{o&K=ux5IA8=&01~4yTV;#)Ls@
zG!1_+LDz9VxEw9h?8E|J<NXmjGW++t=Whm$ix(g+0Fk;cL2JkaY8#Q(kWD~Y&jeaG
z#sOY8M(i3gh7ZgB3Sg`u6NRrK<CwtaCIDVT#t&UXCN_x+%NjB+=o&JH4|RVbYsfgj
zYsmOf){rrLX#WeEYi0OQ^cOML3R^=avf}smT|Xgf$b`Xb$e0uuK7{>+t!0}12r@Q#
z_6JJ?)5JM5Htd`@gCXO<YX(722G9zFOMgJK_iarRXEG==tOAWXGl5T&sBPl^<Qn1i
z5M-MEUj_}n2@D@*H-gOKo_O|$K?CnZkU7Y!#3rJIDrjXG2Y6)|>MAillvQFpGs<Ol
zI7!}O|H#C}2VNt_@PX|wBV;8w3&RKIMxI%G6F}?33{cjGF?{&@hkH6`g&5yV#Og2x
zm5DPh{9tI{p2s+2gA>~=LpO#MzrXwc;@HUIcJ~2jjSgs}X5x&)8GN&tXDoAD;+6<1
zvDq0uNPyO(t~UO`w0qTSZmw0Y`S=$6V0ch3x8VoF0{>UH?EGJOf$MjLA55!3Yigfg
zjDIzQgW-b{NMAK*ofYz$TNWO~np<{I%W5@fr87*0dxJZCMXo!BY<ojHT(%uU_ISf_
zxa{!;4g*l>v-jc_S4+@5w>5k{Ee~_YeeinPE#TF!T434R(%`kWXmT=m<REKm5&B?j
zY9Xc`y$xDL4Oyqe@WB*me1Q7vl(<*?{_g$*v<Akok^j?Ci-|KuR(ZJn`JVX~lzP=0
zIaUfl*1br2x`A>8(@&7NbR&aWzMQ}VPq+WyAN~TZ;W+t&L%`t!f8)fN468icAgfF`
z8p~w%IdR|eKwI?!(skqK<L4YR++@JHSyJeMmz&7Sl^+Ed{(avFUUBoP0okO-4P`Q%
z9|br;`TFH;P|lh38#cmt1-yckQGs;=%S5(`3~KB%Kx-u#71(ETG_Xu)cAGGRA;Up#
zlN;v*2K9|@!Vf?;atgAnVp;L;do|dujbOW2plf4RH87~}bc3vnk-x|ZUKt|<UK!Kd
zz^H%VQ&$5Ed|eF73?_}(TP)x+b@G44JeV-!Kn5ptT?{A2x|plbburQxQB7chn&9`7
z`2oZ%b8wilO-#NB3I&MEVlQreUN7@Pnn?|`CT6{p!z)hCH5VDw_@H`Zp?W-#^f-f8
z#I)W*weK0!KCz!qpF`~X{}U94Y!kJS^r~L;f91*P30@DwbCqS4$VyO%Jp!!{MN%bn
zv0kqJOWAtR2qk1C)}$HyCm<t~pmkc4petWkR{Z)d{GVaPukQl?MOOU!&ikKZ9v681
z3woKn_ZOs0UhxZ2CYQ-@A+3Lbl*XVwIImmF1{OE{3^6y5$rt}IXjESWoqF`^`?~)O
z8l@L2<v``svme{PHu!Vggv=rS``++3{uKj9(nXF3)@~3nh7UKueVvGlbuy5$?aU7)
zw_~r_1QpzVf9C`31LE+yXza$YO4AK=Vp8}okO_{^S;)WNH-U9qUId-!Bm+KciD3e0
z>;g2G$UKALL+~$V@QDlz6CkGV1?yLY>i_e-A2id+A$f5@255I7(*;Hi?u$a;onxRL
zHfZg_pYIjm9rWxMATy<ZzBm2{x#8&rkk8ZpIY8z!8$oUT4~~erTZRvRf5K+ez%!oU
znuZay^KT+`=5BSMErdVcE&jviZhw7G0J~1*A|!nOeLwaG<XYIg?Vs;{{~F-)w)b$%
z+nz$2w>^9b<j+rkk^T9_pVzHp1B;tRhGND{Hz$c;84hjUTd-aY$1RRo-r#j23?Fv?
z-~{)Cu7g|2CGZe|h%zWJqP3E%e}dXf91;#P3==>sMvb7`uQHxwFunF<@^)MJnv<15
z?d}hr1L_^!PCTzYd8WBp-HLy8w2JSl-4CYKpw%5*zuA9D{b~cP@Br6uIzO0Jf8&mS
z70SWzLAAl|2h;97;Jz+9v~7&85|@f^+@O9dsCELGc<bU4nOvD@xk+*ka%+AtBy7G&
zkCrebcXP~ut+)i`eGW)IU-9d^!e7uCp`cYdptShezi|UY24{w-8=pi*#s;SuZlKnK
zhTE_22H^AlRyT0!!A6aiHh_AQOMk#djhMl4#snJu%izp#lVDKV;Ogw=b&FvR%WG%O
zyFXYC-2K7v0MuW(_k-twi`*Qi75in}<fVCDyYuk9cHuiOog%Z`X~lkZH%5JR(Ar@Z
zh7TN|d7;&y@uCzt?%!NW-!JarkOcKrs_lM&)@`#Z+5BL_%TAHw`pvHN^kO*6CGKdM
zdY;Wrnm?GTx8K&x&`WT01?_h8VBosVFbgy<4BBl2+IIsQ!*X-|eyhWE;cE^iu3Lc&
z3?Dpyp!Nr;HLk<(f%^x80wnCXJUKJC7$o*{xHEp>-^uRj3Fl?(V)mMpA<Q7LU%;L5
zL-9Ta1_N#e1qLO?59{{@{9utz+!*kKMf)<l%l?%g8JTBEFer1%JN;m>{&n&F^8$B<
zuMY~CGA24PUv|!zB{9*7>2gB`gT~j31@8BMM6fevOx)@JrNOW<!T(D`pkspnhyR8L
z6BrX&6z~7AQFlx{^ka|U{T~+Mj0ubi1@4R=Ihch%ursq>0I?2#<X~q0z|I^gaY?E%
z@lb-(2S#S^gg^-mW$%RhKmLeuW*$r|aMykL!=KHK@goO=zz22)j{O~O>>%9?2R?Fu
zdch0~uNgU*pt5WiKrEO{lZ2?-($^de3tlsGGQZ~FcK*Q3aN-9G!)jNJ{fr+H{%KT#
z&WmIG5dClGM*)6|{fr;N{%y!?b>h7EA;ZJvL&C8i5*r*oFfyF}!NQRHupqP5iTmP)
z3=fwL3CDhjfMgg?|6mbt_`%H(_b?-a;R7=xqo%`$wG9V24lpoIIKZKxVRh;14~_-z
zGZ-f9b>i61_(APos4Iw8`j?TxFcYM1!|Q|m68jlHNd9A(!S?z91H(rR#x7U(3x=6p
zt_MCeHQf5aBe2q`_F}jz+eL<11{sWs6CFC74HC*8Xc)9Rv0gC9Y<J4Lydz_UQ})GE
zKX?j`|KM1V@!);N)gKZI);sZBSdn3v+2N#o`C!IMCzky?GgdmuUOb+#BSGc?>qij=
z_6+l#tRDp!*fW-IWPHHk#-73cQG}5zgF%aFKl?`kFzfS0kO@qe859{47#}cxIP!Pb
zM+Sbg3okO+UN<l>e4SCin9=LRagjY?`Oa6F1yC0jB&a?x$ZT@uxP0q}0K*C=k^QHB
zh!mXqAy5D^W6|I38$m7?ynOtJ!~)Gs&5eytYWpn{`x6;IO!=FUX|WMvXGLOrB1nDL
zU&a}(l8r7I84er{3>gXjuWqt>LSx4B2loU8UFAz`uaAO4kA0ULEH?B18e}N^V*PlM
zo#hIn;z|b&XM+T`2RpzaqO-rrjqyX=-{U_xHk|swv*Gj)js>TG@Dx-&h<_!i$g!V6
zLHWYQuMPGZ`{fnnE-n1pP{6>$@PUJ&(P81&h9DsxrVlJk6G3ceX`TZg`52f#Fflhs
z9gv#o!0`H_!9iKgUyPraJ}@$Zc3GYNA;Z9+boz&g!s#CZ3T&?%7>hELeldK$&Cd9B
zMj`tZMrGz-3?BrX3la|gVAvr0Kwg70gKs~Bf&<5akCF_WzZgC+JP>sA%DBXFiNVWN
z<ia6-#@9_uOdkc99T=oC7_>fIG{|grlDd5O2g8QbKO_WBL;SNr_<>PoN5(`ajr|jx
zxGx|0!L#Au4-Sw|8BYJ;5nxa_{X>EQ6uP(naD3!o*!$vHzwXOlzN~Kde>5;NWVCGH
z*!llE@4x#$3Yb}DHe@(T=o>o7DZXN0V42zI)bL?NBkR{2Wg9arHyUL$NHjS$e3;+Z
z=yc%2oJPhETmLX<$n9rw1N9?CJ~Hw%e3;m1kWrZ7;L_-1kYKT&(XB9HMP|cpjZBV>
zElv!VbP^d9J|vnX9{VBE!1_^xalZ#cMn)3oJO_;=1_j2C984z@1QQx$1Pm24E+tG#
z_<DJVN2?R_#T6elm=xVKAB6s3;W@y;`uYIFf{z@G9Isgz9HbU})L@c%!20z;A%`2o
zgNBR?8<{ddCD;_F9~YUbh1i9ztjc80nB~NG**(MBWtJ1yC63qZjE)H}GFE1Cyk=km
zo#wUtuiQh8%oZmOH;er`i5#z47(pgAY-Gyla{6_Vv6_>e>k3PPV}_%PV}ha^%WMrd
zHc&n0yX5KmOvs7N34a+g95Ngvm?r33Fnr`-6#T%>$a(?9I{1-;k?{jNBZmYir*$})
z>}Qw`I%Ax}fN=uLM-E1Y84MpKxIpUtKQM5w_^1Io8}uUwBTOHcq=VF|#1{z;9~c<}
z6B;Bm6de-^Js2`yBr?tbm6V`T<=t<FnbHa#37}Be_<|>ZamIodJOPk!KK4Uq1LKSh
ziA*yX9(1{}E1mkmqQLc$g^^3P$%*?TBlnlfyFW7V@7T}y;q-5Y89SU9KFn-5Abn8s
z2!~fj5JwP$7ue>?gad&JItrIqUmsy){HVdU!A(E|RFZD|t&ySdiv^nZ7CLY^Yb3Be
z*pQ)_+2N$Kzrl_1!-C)26HY)%tcHIHSq~VwIQBCr!E>FG94OZnfpQuLB&P*S^Duv4
zVV()fbuKDAhd%N#v3y`+xg;edz0iT_^+m%|vI@VLJ~Mw{WMX>l$n-0bLAg57I+68t
z6JvIU@-L<@Pr&(&^$MfH1P2M{j0FA!nFsP(;Jl_3#Bu1OBoo6grcVqHB;C9-Zgbpb
zXm%2~aG9U+bu%;bM*)@~2IUL}?GG10=|S+adcw}c{|WmO_#SA%^BCLZ;|cu<I}&~-
zFevN*ms@(jUu1xCi{K>(sTT<=Gg)Q@Nvui))hPi9EHfNFFf({0ux(%j=e`fU3<}`X
z)62lX!_A<e!@;1C5!qn_zBj-PbZ<aL#zA(D*Q}i8S2QyOJ}~n$e6VU#$jp^$b?R_A
z@WG%dDRZh5!-w4s=QtGfLM~nX!Lwj}2Bf}u^$Sw}Jo}ZA0jYJ4foq+6zgS)$1C^SL
z{Z6bG6f^ssOfUb;Sm|VRahI#&MTHDT#f=Uf&I$<%nT@UoKKyUI`GZBEi=E+PLgS*$
ziLMSGW;Z;@SeoeI@&J?;7%~zPGFzP-K7dXkNl09f0J;M}!=TBP?ScZdCg5OL;ly(B
z_z#{1r+#o0Tz<~@VeYRB&);XP%UtioePLxrqm$C*6B#R<SoVWzG?|O%6Luy@gK8>9
zen?Hl$e%HPBjW=>H-1n}#Uu<mB^Fdufmxp~Haam~W>DY&*HZ<*81xohc#+A1R7-JQ
zWKXbQ5WM&*GXYvpB_vFEu8`U0#Cq8v6I4r;Cz^v}F7OwFe)9!|%yy?Wm-i*2)=<vB
zGBO!7?7x((SIq2insXUcOXWVF`2)1?j+ud3qy9_!`XfI$8g7F2<8U}IoczJU;PHWx
zAtS-#2WtZ;RFX0$x^iAzkdd0`;IaS|c8r+`4uK$<lN=`*K=Ie%VsYu_51s`#e{d9B
z1h*MDe(eO)EWbeJBFEzIpNLpw1IOZl4~-2!Gdx{uFYa<>MT*Dr2Z;E{zkKTl2ZM)e
zHatEuK<Bm;-25St;P1+F;pPtx0Z4p!xPs!t!xa`EoF7HN@xl2~fQ0y1@smN%{KCy2
zG7N|q>2&1+$B59yn?Ga}5OJdX02U`6t|I$kank;C|3*-Z2wmQnc=LyV0CKCL^5@MT
zA`BKAK{3JvjuBAJmiH48?x3{Ea}g9Tpm6rUh!_7?H`o>Ql`pZpJ`TzeoPKUQpshmh
zp9&cYzu2K=*-i%zXN3gz2cR=SK(^`ZXLDoxVEGet7UkE3bqPm*@Js;N5dTU-fnz^|
zqVk0ekamQk+@%Fy8wxpj7(Z|@b~r46w<9Ki*v`^C2S4&Lg4z+CQYWQmI557xU~o`Y
z1JRCPWKhaV)JlAr$nv_8At^)Y7vtyK?4b4+8@L6*_)*X~F@Y6SrfD*O+7F7J90xy2
zGIIQ4{K)V?z|9HVesFT-zi^750os1>gti|PGrOJmFUuypO<0>C_&_PMF=K+0#{P*;
zte4Lwv?jbrSed|}!1`eCix2LMACBw*`EErbh}3=g!I#C2L9N3L<l7S;8MvwIV~|fT
z{4iiN*etKfx1T}D3tUQbfJ$j)h6h0m?iv3%{xd9p&A}e;%6uvQ6+1VZ8_xyzO#fGx
z>KI=4F)-*eWXkMscd~Y4(0G1P!i_=0<|2ch%|*~z=MD^xP8`mO85|A_AJQ8goj4pE
z<v6$*J_s-<{$ltP$O(!iP#DkRVEVwq{@WpngXsekD~E*gFV;^ME{8rlFl$IiNGSbc
z{>UK#O3@&9@;=~jbIbtc;f1d`7$aS6_IJCnxiMxkXnwlrkjbF&;Ua?`!v}-L1sMxo
zb1*c!Hhj=(1f}!?A5<C(z$G)sYi>r4*KDjEPN4dm@5ef)h7V$m-!rcLkXW$YiRZ$G
z3{aW_wdXg2+w&XY?Rhq6d!CJ8dmdy0tUb^0;m&_hd*0&02c(j+&k0geid_7JR8p!v
zfR*C{3>#2d^b8+%{)gpFP>bFm(*T?k)%IH?wkI-tSoOak6E$x#d|2>*_eTMKo=Y6B
zxfwt;VL<|j)gbAZ;rM}((J^7#1CI~P3<U|^;F8n-)oljvAFLY`G-NNaygmSGYp^S3
zfMV(r`))VZD~w7^zZgD%awe#S5AvbT{$@9Z54r#MCY=7k6L9ng$A<R_IS=ArNmHS9
zuZ_r+3@;KP`I6;z10yI`!rJwaTnTE|CnWHKawSTuo*SiAALS~5rB$zx+3X~ESvFy1
zA}C+-Jy1ewX&g=HO<0leGJ!#1MIz$^h7UjgvB6pqA3pyB??C7U^_*GUI@}U62&8T%
z<zGx+vpGOz4~K;6FXnFo630F}uu4d1xTyVNMM~e0w9V$W5VUd!C9Ma#+U)N_OY4x7
zeWU@DvN>LJaUNjcc+JM`;VQA8;lsjzajp#?wl#du*qTY3bY1X|LDvLpsun~^)k+T(
zGFzQkFKc9i(sX{JJ~%uB|7{1?HG-G-CZeZi=YN=~+4A46j{^Lhmps8~mh&|m11ufe
zL({Prw7=^0gL}c19~=$-uWqm^=xXd|_#picbUu{&g)2WqCNNB8f%Icp^`Z3-!w2qv
z3K<MD6@D>(y2#FYg<%$G3;>eSSAa_co&D@?3?F{{J^F)V!tozG6Hfl%C^-3pC*a5r
zjs-`4h-`qQj8FXxAD;aMrHoJgpfy0v8(7^AxE*l&s(b&(8Lx&9?2X*IhWiE7SwC_!
z9OwAYpqTNGL-7~e2T)7X>B0eLh7XJkZIaNI2FG`X8$UP#Ag#$APM{dw@%QQvjtQ==
z9QzqQZ2Id9rq}&NR<Zo=36$0d?*mY~lH>BtA3Wf8;fWs{6Hfl%X#l0?iGSTcFf(K%
zR7i4|!b0-zgM}G8of<wIX<*P`_^_;jQI+)<+ec3ZFQ*L-g3cTcSW`JOsD$nUmElZ^
zznH!iaxi{i;*gL~`^E85K;qzM2Q~*60|~`nY@e83GjOoHJ^`-#{a>Bny7_}60hDqN
zFa&^8tjFJLKR7n{f&Jz5Hx5kO{Y6$`{`V%>f2_YaK7v}!ApbSHa$LUsgNI>*6U)Vu
z;NCaS1d#s}!Tu{qSoNBnV}~T;1W-GLai&KC;|z}<3=PXO{9j$?+VxR^ACx}0|GIBJ
z`-5Qt%j;7N;5714gX^-JfWF0k&<rk0+L+1ui}52UZLmK8weAq*;LAU!esD}U4M`mv
zPX6Fo0BQ-bedJ(eoRN?i@E{@Mz-G`+tpDGi{AFbjy5Rmm^rHj6#(w_~|IN8CLDED*
z#(xHljSy8#e^?nzFD}T~;UshUpmb8EfF{@F9TEwN3lkhaFfuzQa0Y<lFCc;I0ca&<
zVxq$bW^gYR7MDyPIaoy>JjiHw;=Oc0dST{+ger+e(4G<FM-EnyZjS_(2O!)2ec${a
zl2$d`AY+{jJ3-@uAKVvw<X{1%;rl;0B0&AJ10PD75;GV-Ff%b~F?`5tI>q7t>JY~%
zc8=F9oMu;)Kqva}Gki#CS|ZirG{NP-huEgf%pNC(4>uaFaVY2&T)OguXTkD}5OCZE
z{Mq9KO3OZf62LX{hS#7z6T=6WKdeZ7Ce6%#r@+fUGZs4eUEJkrdr<@0XVOUUac%gZ
z+XQN>A7pp<sL|BO&hW9Sab;$wtHXz_4KFg*Bs#c2dhdw|AXhM5WKhgZT$%7P6EwOa
z)O7!c1v^6q$IgG>z5lMvWYA>zz|r&~LsLU#Kj@r9lfN%AUuJYTHGKHn2pT7Ok@({w
zq;0PO?`thU>T7L(&hX*+?=8=tXDrKH?!<jzA+)cx0NmGF-~?;ivq0PSEF`q;89wa#
z&7jwI;Xx)Vysy;*Z9xcLe3Y31?Q3Nulswmf_O%u`!P@l<A7=k%(6|4RzFs4<-D&mZ
zeTj-l<ADqxdVVK>dt2e_L1PEA!EO5hl-`!t`lDESTL}psKUf-aA7*BDx^i4xk&%<=
z;IabT*Gf!a2uyqk>OuLxx&Y2)4K8M&-c|u9&x3kd3?Bl2Zv>|T-`}7Z1gYKd`V>E?
zoOAij`uY^8lwj<0V!NQ3+2;i6ZG8mywzfO5fl~nEFRqUr&KmGhT9D5`qqLyj*7t;c
z30X)zEnZMhivi>}P^-?<6*Nlg=?WXA<%G8CI0?4uKqeqsbsvAhdRvG%LG5iJVnz7@
zELIS`Ert&le(m1~ayMpgi{ZneUy$Aw#7<EE7gVNg{{<?=AmN^o+2X`~5fm?L9)QMd
zVSQkTETpfcbcq$Muf_0T>Mzi^5prKk1KQUD*#+urF??wLb@B&?!<U3*pw*BQY94_4
z9voEeX(c5pB|c1Keci~Ag|(-ZnZN>S)8XxD31I1IX=Zji30{^-SdjQ6VF`Hj2-eqP
zyL=|0CE-B==#H)h;5G>VFO4h*IgKRli&uY~0FOK}X#BYd%Iz9Spz!|x6IAv=`e8r7
z=R#y>C}fJc-Qu{!An4ZW1R6JFe9g*n;6r{R^9N>jMtz14S&go)4Ik1QZ~R~>h<|mw
z&f#NXqwoi2e*TLeI21Hg_8Z7HIUV>A*?9lQ9;Sv22Zo8#9Zm;61U7m<+~_2Axl39=
z>%a%MM&=KU3<k~)AD9>lB{LE{GC(6*9tlq1@vHy|=L~0X9ROO%w&0)M!$p}BT*WRv
z$Z(Kob87gY4bshI<m~i;iK$RBE1^N!E5qpnBNKQ$k;yAzVd8@Xk%vi{6I`_~F350{
z*ywcNgJ5Haw15U^WKZZaL}yk)p`^0}s!oT1DDcQ+R08({$5%`YAopb?c))uU3<`{H
ziHQpmo<7*c&hYVh!!M3Y3{0;XIXAi<`0$|NB8P(J%GYe%wwG@F;8<|u2TuXR#2w%=
z!29O~Fzx>H255{2Y2Jq6gY8d-87%O58;%Q#;CY)4@Vt$qtHX!p2FT0}Xe<phbEA+@
z4V}3Gjbs#G-jU(pS^%H9$$bE__r?#21@5jq7eM>9AR{mi;1L)H_y`OKw3Ox`sg!>H
z1Ju*AzHkF&45kA*1|xd$2Fe(WI#O@X!4-M_hT+4ZAIHJ1V`1?8%?*^X7={m<f84+r
zi(&Y%;s>a|$9GAi64a9Pe8m8bAI{gT@V2tV1BfhU+VTdcE$-Kh3{K$G;*_A^7UlNu
zd%@q;ZlJtS`6I$@?~70U3=E)gQ_%S75AeN}3~DMnK_mHXzu4T2z-=1+OW<~{8mLWk
zjN=;vC=V_9$idF2Y~*I?cK?S5!~gH$|JcB7W4?_XX5tS(`qO@~F$i6#0FS%!?B`Hq
zQ3TZqPExC!I`(V1DS~eT3HSk8g}L#!f!n9O5O+982z+2>=D2WDO8zqV_NpI@x*Gcx
zelY0@GZ<_UaT9eDu+-SE@Y06i*9}j05Q~SwW52@>7Trz;h&qq`3_lok4fYhcpOlaQ
zvrn^YfawBvMg@isK|9zzIWjmlg3i2V^8mStBZ1WuGy=gX#h6gw&amHsn?b>!n@Pc=
zn@J&Qb2mH3g&;Y>AB@%vApAk4p_~2N#b$Pg4+;$o`vt7nFB@#x_`*U!z-qw@3xS`P
z4E6-GtL)$Sf<s`z3l0I7{eeGNtQ~%^SYKjS0p9|q@PkR)Wj}WXb3uVShZXx}kV+0K
zkP3$%ET_L;3TA)uoPnWXE5ir&A530?3=#^f_x*mZ#=ry?GycKEz@U8FSs-JE6Uzlb
z1}25o`xq1i5&|H6SqMKMfpISbgTU674WJQL$sY?DoFoJ?7!*%BcR2B0WM9BAfkB7y
zB7*|M0~Q6w3Cs#i6EfWx6;|&PNMP9@u-B@jgn_}Mz@34CLBa7A1GB*vVP{Z@r*Ux-
zhtCC}56sN$7g#a^f3QU7I7G`i{9y6^esL0q{RL)_n0K-Rb3)(`7H{W_WCv$3t2rat
zp&86NoRREsI3Y-m;iCY<^NXN3QrZkPuR`z#BiKBKAB<r0#4j*|#6ad12>xL7cCJWv
za0auQE0P_W!K}j-$qt7LK<2SP&C`7eTK96{#|MGF4W1kvnk*Ap+(0cpP;2m4Ba4!z
z8}o|)-$nkjC~3+vt@!_)|38ZoD`;M6#sBY|U^WjUXbltdf94sCT#O(73o?B8FW~r!
zL4j!|7Z=lq|3V-!r&o-MjI)Hfm_Pg%28lVpVp3w5Ez8CF;lC(I%=HzsvT8=_D+34S
z2?-euuM8cSCM?KkcxB|kIN?D?!z*J4h6(q7OyDqnz&k(ShgyPtMx6uCd=Po(2SY)*
z1NXc-2j*#9^8<cpg5@~Da<_jl6x2Cz%&&7`n#Mjq;D<(neTH;KokOw1tse{t#SU!q
ziX9jy3uOfS&@<r7h;j&Y(8>sOV4W4{z%Y?%7V}IYCLuo1I3_1wzz;=%OFtM?0v#A<
z39&##Fa2Q92y|drB~$@YbLj_zPN0KQX45N1HpW>@SoJc%^%}E4bThA#=7Z>Gc-_nl
zF(V0N1}DQTMyzHq!_8p+%8(2(g$czCi$MB0m}fCy)z1Xi57EnrqW2L<FQ5M_K2=>l
zhS#mEtX~^a*{Axy;&X-Z8B#f?`oH2plIH^PU0G&ARCvm<eq~5ynaDHM{}rdB5tIKb
zPE}4mAwH07BO@rJK;|l#Fn(o7Wcu2W1hOIiSLb(z*X``=Umdc(Z-TP2<A3$RM00qj
z#{cU0`aFYmx*6Z{47TYYGtx6Srn7!^NLA0^p6>rjE{|nCgTDVOi46Z&l9}~iUaw<#
z-NwQT+KG_E^0gs^?MpqIN(Re^dY2Lh9*}4T+n0K`5{EfI7*a|cxaXBPsBy7<_%Fut
z;lGI6D;5?1S0*mZQy5-%vVeCpV3@&)WX5c;85~&6V4A}4x`Ty%-sK+*7T10-V3@=F
zrQSK&Vb%`@mt+UFImr$(Tp$;K@`TGPW@XR_v;Qk&XNIp00gRIwGC(Qh;tvK1h7a`)
zOke7m0vs5>)H`}OO#Q(i;^DwL)58HZ5Bk3{aA26gqQp0YdFB7_hJX2HuqZLDWRL~j
z<q2XluH-QI|6LU<&ajfl;Qx2|zx<&2WzhJI^8`2lS2H+S+&Dk7F&z2vfkDlULA`N<
ztlN<vDutl?4LSdU?g!Vo5dZ3Ap@AFsRmKd|9Pj_i(9z)si*)>}NJhyEOc|*8-~W}7
zlfw@dZEWJ6av+(f7eVtQ{GaAHb6?o;QG(y=!j6v${0txZ8}dJ_VF2#}Z2pvS|3`($
zwI2)z{9iHYfzpBhmxchw*L{2eKlmQ-eW>^Ad&R@!|BA^EBnKD&QqKnxkN?&54@nHF
zRw$40bswWcOz;nNfreK+3?2>!iS;st86FM=i5oLK95y5dIDAOt(wEpTV7Bk#(FaAD
z_kVm5rnMV3K;7^G>;{9Rj~N~g9Qp-G3?Et>3^P3(HY5c&d`OZo+y4Ah=1otKYxqAU
z7zh7QH$V@WdKp|{!>$jOAsjk<0zdd3fI_hO6%Vs<(zPEf2SBXiq-#Goz^u(lptBc1
zVxN;tF8IF^28Ag&POgDYdxXaeGdRwW;s6{k{;!zf@pXF>$W4r|n;H4O)cZNa6lQ|#
z1;vX&vWG)K@<x!~lLH(+BrBLTKIfPLx+y`j@yd@60t^bB3~Fxn7ua4mFtfdGWS7dg
z{)6Gb;U5eKtP&VxqcX1lU^#I32g`w~1Wx%`8P|Vs960=g<G`+j4yRig*MIOFIQ)a>
zz^?@POKh(jnAl!7GK*(i{=snI&<}<K@(B#G;Te~IupBt_gXKVc0;l}+jLSbb4jlTy
zabSKzhtu_p%RhJy9Qwg?;C{mX%U6DUFyR06N2u77QGN4ACVo%~J@DapL)Z@id;eF6
z5b%E`oWuCKhX)k40zY^T1pUxC!1TJ0uU_Wf4~8coU!#T#Xx#uv?co@ZDyG-X%=dmU
zytw>>!3Lxj6!yjm#TmrdK(6`437ctZ{^o?wG&TQo0w`|gJN^G+xn5-_qEs>6D4?Y2
z#`5tC!~gHoez83Ou^1E?l(^k^+~f{G_qjHoSPVLWiGh)Ufq{vEfq{jAfq{d8fk6P&
z4rE|paA06yXkcJqkY-?DFbi1zB``SEvF`8^aj9u>>Q<+-S6hE{oh!dO;@6tV%#Xc8
ze;Fuz%Pm_wvFuETst?oGKi8l7Uq7vNw86zxt$%USR?n!7_tK?zsm|bg<@)fzzgVVH
z{lh{Zd>R)|ck4a&^K$m{_<rW8b0&$tuFBniD>7)RZu7n?mlaDQG&3J~x|}%Km(_Ww
zw4$=_OSWCa%)5m<)wlUS+$X-a<3rjSg_B#X&eckI-A`^ZlzN(A95~&zJ~-(?dCJC?
zb=kXR7Bv2wqRsI$BEzFV@~>-ud(OQn+kaFCDPJyL{fNoCD7;_(vDWI)G<J>Go0t!6
z)t^;;v~4Me`Q=aT8U~w|?pNNG#mp4bB=%NY=6u(rEtShZd}9B+@KL7U*)O+JukK@I
zlTR|a*!6GOk-5QoCJRD8FEV=A#ajCM+Y-w+&D^WrCpfUpFN_Nm$lLp~OVQ4j?e4U7
ztaf+Z_CE97+8Z*FHTFnh{uMTs|Dpj2D!*q)PJg-g+8Jku&hmLT)Au^P*wE44$!-xX
z`TX{~6P4~<H49(zJJp<&Yxx0+wdS@4PLH?RMr#TL<@}1Ga(@5k`x|D_$}e|yovpg1
zu35@WelEpjF&P&_qGwy_nW=0{=i=di9zOZfw0B$PO`I+5fAm1ZB85ANncn45Vp2jf
zT)QSedaAYHfb#<-8(DE_A#PqyzO~1@KkZzxP4~n~IgwV$kKsP-rR#U!o%!x>LjB_T
zYK-6ad@YJOYMtg{QujN$Ow+mh&N1cF8GqhxOaAy|$EiDp*9BUWog9>=3o8g7YpGT7
zYW-om`;ws1&vm&AHIIAi&y)RZu<6d5pf=tMj}MmTh;7!MxwBy9FOMmLN+~bhkM#Um
zA!Ywz!3~|-u=f*;m5%#)wjaD`ar57zQ$1$fS7w}V{JKozUe!{yzU{Y`>|bmDWUiGC
z@1%-=*=ORjlHBS-4hi>ud$Hrjgt+gPdSBNcZraxnJHKY~h0K+@SMxUush+o<x#q<3
zS_y%?<T)>@cU#})tWZ1qMIthfar>+{D`xpOr{+z4R`=}xDvtAe6ra5ieSdTI^Ihl6
z^1ZHb&VO~SW`pMXO-l?7mF=|*rYt>nAZ?MU`5wQLWv80{Y`8Gtf#{9p#$Gd6K7POT
z#*r`JY`y-siQ>K2e9L?{ymt=qU3KO@%d{ttw_cnl-I3+9Ltf`#ePF5^%d5D#v8FwY
z#U<^(^c=Z=N6Dsd4!U%El5v>8OJVnGxjl*3XI1emH18An5!q=Y{Q8~x%5$bC6Su#8
zD)Z20qkC24{Y!J~i$8@{o)eMSZ+^V^)!FaC(X0N(i{#thZ@cYM(fE1&DZ3*XJ9SJ{
zEaDv&A1XR5E5@VxXivANjfUe?-v5P+D=hDA=HZz0WXp{S2g6blTTWLOY%{uA5|iWM
z6u#ra@-Kk_sg8BQOT?uP$EjOQ%U*4L+I6n{$B18RRx>~Lp8U%|AvCva?YFWs9TR<+
zzN%h->i_4o*3s)OrfLm~leYFpZM^3xy-PKn@0II}1OH+lmg*m7`ry+jG~KOt@z2ZI
z$Kv~$pU;^jI<+cy|Le%0skfT<UC~u6iMX8kz*F<Y$v&6PL#0`jeP1f<B4%b6?o_|)
z|8U>7wH+VC*C?D!vpQG1#p`~ugrU^aCgZ^A3H8BAuH`8kAFRvX-LjzZpNuxg&nX!m
z1rdK;`z3SkO=<s89kl&&@oHrz@1jTj@{hw;ho)(1yxzoqXsbSR_0hIj9Ojpowrd!C
zTDo6(Qx-GRt|qa!F*4`7w6|0)pY)0S^M^;7eha_cN<F)emF;Sh$wm2p%Z_vf>zT|A
z{k&+w!!A~%*WZ?uzG>#Re4pU3YJOoHn?T;)z%E6*pKN!h*|OT*UAOm{uUl`(#I3PM
z3R$nPvE+*eB>ew9LsI4C-fPpH9Xij<yP00@^kT!_?oRfOXvyam?@m<S=Biof&hJ$7
zQm*C4Nl^Z8Yv62tt8L^_ASkz{C@RPAKi}Wq7OnhYSJ&CfS?Zdp-{j{?Sr(I_7!p1E
zqMn(GRXP{X#^>Ra`KP_xa%tjh>3K&FH25prNnGSz9+fF2BqO$K@*^&-1qYr!P_l6r
zmll%c<>cc&-u-Fqify_(SIUW;ko*|l%3iwO=kCmRyA$dc|5aoBKL2Y`%pU7Bm!oyR
zqfIoOyUUI#pT6_w?Y4}MPj)2VF}!}NHQ7l(X}Yk3;IS436|dG>+ufIb82wx)xKQ(W
zuKqk(Z-Y&DJ_oh&zIlAG{DRnK?VOzjD`$F45&V_%(p{<N&x#}V9~MaI)P~)dV661s
z&$IpbMT?sU7oF<)$9-jnS>xAb=kHZ5)#%%POKtyJ`z3R&be>GA2;e;vpEcX9E+k2~
z_uHWzHzvIJZmAcy{&3URhS>T0CSS;`(Y>0#Qb_gu=9z0wSl3DjEKi>EB5$|#?dl4(
zvz!u<d0)2Adc!!&zj;O8)Mu&B{;#S#zekbdh3NZdv!Cy}X_oJGj&uI2D>WN5uWedl
zxL(;_%W%rlV+Lu9Ob_hwD=|OS^k><H2@f{hSZ*vjgXN>wtv8O}1J2g-eVZt*f6ce7
zcf)&UU*A<{LRh9fxxe+|yvH3`KGO0!2X_Rfy4Ammo6BO_!x&rA{;SxL`?sEK`sS!h
zw<iUK3A{9Rzm_YUczsq6&qDJmkspzLHo~tv)mNT-cQSFi=~J19Z#TME+1$T0C$jic
zsQoz+iAwY1#rw~G4}P`kZ+vvV?R}BkE){K`*Pm)UlCjgyM8!hKVez5(!?I#Us*m>Y
zc-m-mPv!mZ$hg9?a5E3by(e34%sCjAGNI*kb>cRos|7JR9wp&BE;xM&3|Q`17n~|C
zb$E%o)wH<P)~B=Q%71kIwPtn1WADk#1`46S%GQ3%J<~C<jOnYY&r|<D*R_sbKW(bk
z;F7epfAPk9o>9A0)1_az&fxnO`|yDNVWv`_MxhUGy^E(`&OY|DpZR(GB+;pJa`(Tk
z3YvN=a^Dr*=8}lZiVr+BGf(!poH$gP)!Fx@qB3G;w%tzkyM+(;ZS(K=Aih@NWZIf@
zwOg$2CrfxqJ#8`!oStADoa9=cvhhKA_U@K-jsIj8aQvL2?NJbs;o2|x_uiEDoa&(M
zKZ;i?U-m9~#3cVXygxKeYxV0*>>6A3nGYRpn^kRoc`1j6!Ke29%A1xlGwsR}dmGbq
zzDrxCa`~h!?4Lh;%Jf_K=vM04FRW}=_nBOjPg-`Q>z|&<+~CiP7KC=O8a@2Br1W(&
zx8<7zhgI(j<Jjis?F|%AwENk0cbYAm-Q9Jp&wSnXhD_Yrd!&#xmW?I<N<hMY(HW8|
zzxQ67{?eiIjPuR(@_8>d>~-p7@936%ZV`Q=^7gx$h3;HVH81&Few>s8<^KlG<~D63
zkGFzyYYL)r{EGPg{{G*}A7-)6R_>~<nYtxESIW(p48>*9voD62saWZ8@oY>FpUnUK
z-Ihz!W=qeTc%Z@m=$*tx3guCm-a;~BQj;HX?OJf)sg{zB^8;xiS#eH2Zr<)sYmaZ!
z-MK<e<iyI4;jNOT>wVZ~zT17be(~P~#_#jhiemPBO>;SF{X5#E&bhlxQ~C6rV{f-*
z{CTn?`J>_WQ+JY`1X`yHJ18A%Q4sWMtyS55>4)vlb%I8k$8#6Xll9i$bmy}{8}FN-
zgXI?<Z`RHcD_A*m=M=$T9xvUMQvR$s((_?~lzna34IN{p_Y*wZkNa8NJb3X`&%Z@i
zW|(n*U3R{)YN^J(?YGqW*4i)GZ>95OZbbm^r1-4aXX-+d+<Lzq6239v#STloxbKIX
zzOIj*zpvp!X3gZQ`73o*&u<o5bHaM2guwFJIWO{(t#4QFRy)gC5t;WzV%8hR?f%Ux
zW=(yTn)iQI-LpN49Op&fKYQ_f*Uj1aUgyl_zq-P?LGxP862tYI?6nM)mmV{ivdHv6
znqP_eo~A#`PEB~Q;lgrb(Hkruy=J^|{C?|fJzu~?as6+;WxdzlJNs@}btc4j+LQY%
z7w0|Rn&l(ip>uGDe5zZ0VBB1mS3QiertQCqOSpgQIi_!plD$1C=#s!o<FISF!tU2+
z^&~Dduj2U;*(W0Wy3=Omxp(S`+f7f(Jbe4qy~<|er8$xJKZV*Ci%3+SJ6^os{Cn`L
zvw!2GSJ~bd$#<z}yS@HY<L8W>c1Kh!bW9c>ig%C|D?0pW509#iMz<&Lf5)jSEDITV
zIPPuUa%0Yuu#^c0Pgf_l7+o#cmg7+pv*UtOcwoTtFLlAGj#7u0h+9pIQ@1{yy;}aG
z>)bV~BYt^LW`3*?`paPLx7@OhiDhTLs`@bb|GED3==IZDY7H)?Tl*I$-SdpvsG2Ul
z%XJ3dtJsGJ{vBp2)o&E~;M2Q!x?A?KpO=}R$M=g)oil0w>#E$Tw<3eC=r-?*xU5*>
zshRnp&*j9)(yY!yUn(m5W@g((sNXHzxo?~Q!w=$XJ5HvpQK;QwbuL-L>;BUwL#gQr
z#(_z$^}!n-l&9=&S(p7!W<lf6DcT$b5g8u+l7C&NwCCIl+Ww<@wescSqDM^LkHh=r
z)3jEHZerJXt<QXDYul{qqnDR*m>Ya**HGTHbU)LsEatZ{O=4ZzGUu01+EV%X!zXsX
zg^w~*&wjbZc6A@?MfoI?BVGTNnamB=TeKkbGpo_Vt|g_fzj0f>X?9rkJ|T{6e&OCg
zfjqmPU5e9e+3wz5$7<*6w)fe@t-T?Itg%N}@~^NZ{1*+7RQWyQ+Vq!uJI^>fq?gaT
zxnZx<3-*rg&gT}<l9jjLomlA3Ra5hl-|5FmxfW3V=WK3kF!Fe-Ew`pXFvqVb>hJIW
zeEeY+t+sMk*O{qX>T;#r<j+uC7Bl-|NVJNTo*B=^bgs$#&%?J|n)Xh5-o)7r{znfa
zE>gG?mFZnBBPJ#Eh-=s615dRU*f>8>5|R~{=Huq&{IvFXx9-jr+eA*RlnZZ_{J7qS
zz4YDgyE7O6O{o7qUyU(l&(|WCqt<EBCUw8N%QT%&-#MndE#uGI9myY`Tt9Wk&`F>*
zS=d2odW(YKvDR7@uS-8{cdrvP`guHep{A_2{=7S%4L0$<32H09@c5v1j@agvGj|pU
z{_>dOu9Wg}#gU#r3#9Bngx%1oReC?cxc#`F=gor`EqeYfIyJ+L`^vKOjbE2)+^f2!
z*0<e$$^NxEPv%+$@J_18ntdidB+0Gr+aclJ2`_fs(2M(S+4Ob&;raU-Vl!(dU&vpn
zd-eQgA=MMsGuH?#ua$U_mptco^=|94oE2($UnC;mFm9jKykeIBv(&t)tLmQpSL8Uq
z=l!!6qPuR+e(rV7EdSLN&iR_xYBm_I-?T)_P}%;N!IY(@2htXmnD6oXv+PvUgAErZ
z7>nLm{?Tg&i{tlOZ|eC1&Wh`Qn^@L+&DYs?!}~KKzN?<xXPGwd@z#qz(j8d`cgX9w
z)d!}|WqB3H7;D<|tGJ~7x1J;S<|x_pNkNxxzcdaL$Q5?KHmfJ`x_K4P!pJ_6AFn%Y
zgwMTGU%B1%Wa7iOPi3lXHoDJ=yniXwzW9?w<vEe!{pQDmU!DCPAHC}DeUW_IiniM>
zry4)6-)VOw!$QYI<xsrCVzHvbvU_+`A8B-Z+WdE%%4=E3xPs%}W}X{!o@_~(a4@Vo
zvE}sDf^9|~B{4Y{oWgem1qB6ha&mHJWo2buy?XVkfq{X6nVFf{(xpq6T3A?E?BBnC
zzk`E=!{Wt@7tfnFZ(d_#W8>$~pFdx}e*OCI-@kv?)YQ~Ge*E~crKP21Q&UsZ?Afzt
z>+9?5|NsC0e|vj-yNQX3Nnc-IpR=>Gvx|$1%aJ2Tj@-L<@7~LoFJGQMefo4rNJvO^
zb#?WWDO08x85tQZTefW3p+kobDJv^0+uGXNzI*rXosW-?&(x_?r*d<1b2~XXIsN+e
z>(}AKhY$Pt`T22haB%49>FF(8xNu=wT3VWhhK9z?n>TN&sHmuH+O%m?Sy@?GbaZs|
zqD6}qd3t(!=H}++c6WDoU%YtnqN=K@YEe;9(T^WLeti4(?ORGpN=jQ>TU$m(M#hX8
zGiHd1iHTjga^=dBB}<mX#Kgp$IdkSrY;0_7YHDigwr$(CO`0@mQcg}zPC-FIfrp2O
zM?gS8z~8@r|Gs_u_U+D{J9pl?b?a7KTwI)}sHmu$o10sBczF2o<;$1%_V)J9ojZ4K
zOG``3gb5QS+_-V$#_H9pSA+6@Pft(Jo;`c^T)uqyG8Y#Y*Z1$=zdw2M<Vi$CL<B1<
zE9;IOJ9cc|ym_;$tE(#;8ynk&3l}cv=;-Lk$;rv}_xJaoI(6!ly}i9XKR-V|6B85D
z!Gi}6u3x`?{ocKM_cAjxGcz(WG71X|3wL#Ob!BH~XIoiWSxuZcaiXB0prE6pqocpS
zzkhmqditF^ckaA;_3G91>C>lw`t<43`Sa(`pF4N%+=mYzK5W^tWy`Z?&z=<*7Z*>P
zHf`FPHEY(Cl$4YxDJdyEfByXW+O=!fnwpxLwzjsmK6>=%(a)bhf0~<{o4<JR;)RTi
zj7({1Y3cp@_wVQB<>k4%ySsn<`0=BZl$2CqVPT=HtgNi2rl#i6qeqW+c6N5==jZ2d
z-@bi&Qc_Y9A0Hpzs#U92Nk~XY?Ay0*pR}~J^q)U}{)B~vh1uEJ*?D_=dmlS??AWDC
zmo8OSR#qw~C@9RDHEY)G+qZ8YIB?*=zkmP!Ra8_|oIQK?Y*bWK)R!+`zR1hV%iq0w
z_wI@nD^?gA8yk0Ybab$@v$G#Re*Czhp`qc%jT<)#2?+@a2nYy7Mn*=etE;OwG&D54
zdGqE?e0+R-LPA19U|?WieSLlX%9SfuN=iyfZr!?dtCyFT7cVa_udc4H?$f7FpH@{>
zRn4D2fBxjjlP8}%dGh3(IdkT`fB*jdf&~i}Jb3Wnfwi@@wXd(Q@49vC)@f;JX?^|r
z_3MTW8#bIcapJ`5*RNmi-o1Objg5^>b8~ZZaBy(&%$YN1CMG5(ii?YjYinz3v#_wR
z)YaA1?b@|#S9y7P`L%1;uBoZ1sXcu7@L^_VW~PXUh)8mBa&l;BXsDv1q9P9u4^M4v
zZLPpo0WFFB5?W0gSS~1NN$dxWH8NjhnZq#U-*?a7OdACD3T$oK0O31=`3wvnw#svY
z&VB-&o6qpUy#X`|Suf}Iih)t^12ezCMaB%Hj6es*grW?`j6es+giRTZ8G#Os37;|!
zW&}DMOptkC=*FT1o)tdb^NN|788ioc+PMP62G0ziZU(c#bHk?(gV~1*7-WOwo?K-4
z_=Sn(;}`H*QEz_;D1q3ZRe}6J1WX0Y81#2s1dW1z*!y8C=&qP6KU5eMq(JVJcVqb4
zRlxs%L7(Bn{syrhjM4%>7_|c(Sbs1|*UMe`p(5xhcjSkPAc)1F`TC-OzRzVX&`2xT
zrX4@{6<9to3vyKi$#8*OtI4&~LGJriw^ytTpjE;G7eVK9dpKw$6lP>(csOJvY|L1Z
z;o-0%;bX>&3=fAF39=6~+{pJe$ZrDn3<?7JM}DX<Zo0&vA9I1_Yf}-(_n@^#893Z0
zpa4=Y{(+g1<!e&`!v{W)&$R`9Fj_}}e6D@vhl*m59N6cIA206YFuWl4gAqgi$PX1o
zkRFg6vOZG9A@-cT2s&5m12o;WZeVdkq&%66j4K$F8C2!m<lSBzfTT>gEGy4NhRF(U
zjH~~B|MQcTf%PKG*RCSQm7tq8Ui{Z^W8Ls!FX$|WkNymE8RqC`<YlbQxblPN0D}U9
z60@8CD+X@=4=jBC9~e9?{$QBk|3QHZG)u^GwZfsuA={zn6*ss4s~DE}S7&M@uExJQ
zTH~|-2<QY^9-mh%JYU#-_Pe+-sJOfeW&HzZhq3v8NOWm=70xd5fLI;%9J@X;a)HjA
z*?*B!7Ifa}_KOTNIT9FVI3+O5Xii|50ott$o<r={efiOU+6EanmJj?43=_oN1XnO9
z@wqW5a=Y=m=^ap<r7%-)#ozCf{t2#SP*~BpqIiQFqr!_~1<vFP{;x!&c|WRf@_tm|
zdQt5l^P+h5M@H@gn-X@esCJN9QG8&N#m<as2bqlG1DgbPYE(POXcTj<5}P5o^6z)2
z|L(6i!Kqs8BIgXt3=ap+36&YQKs)&yPW@nE*qH%ZU+v*=>IVnI&x~6?K=Y8Ne(*5J
zKHywoNp`*#P~u$a;P&^s_CEph-5(kFIX((-EWF4tgJCno{lvNb$v=i!mTsIY{(f)&
z$1n?GBGW&W`K&7-vm`xk3tsREh|K_%1sh)Q1n{opU9s>5Pk^8s7s{Ft&<ru}MBa}g
z9F7@xe@vNxDeIWfn1LzUm~aqH6qLq5rb+B)&_9^K@L^*E=Ldd<_*atB3=_gH@P1_B
z5>T>qV_fm~`?|l3Gcae#87F{Z4ix&JlRz-#K`|m=e(MK^0IF+l{oqkR%xi;O09xC^
zI{VZQ4gpX(%Q_h}&wb+ui@~WMJPHvGpwl5hC*gWHocO`Pz`OFs4<3d9hZ8?|7+6>Q
z{~q!W6elY|@uA^=fe|G%K_L!uzaMt@uV<W4k%8&%iiDkLAq8^d&V*lBX5)V)u+C<j
zU+us;8RT9<ZvFR{K}TXgXt&v_21w3P;0yxg2r0((0!oJ9u>SD}dswgf$jDWZfjy)v
z5(Lc9-Hhy7kozHFyfXncgnuOva`TeEp!JFC!Qtx%4_|(_z5@)iATFMd-Nlg5okvXg
z;&N-T10pRDcB%hg))@`2A`4h2fYJyHL&K|+;FCo_X{X^;NC7DIfYMIGt0N4s)MNUW
zb%xR$Wh|~_onYh!T3L$eepq_MCd0u1vH_b64+AT>KH&HRDG@nWfl5Tdm0~mge!up|
z$c+;$Tlt4UK^(lA1k{!h(306Np{1bJx`FQ^<7x&K230jTb+-?PVdBge8Ky9<{`>vV
zKTr+xVXK&%fF7jvBkyK&+4U7WxU3YoXpy0r;o)GBkeN}D;o(q`urgyuhKIwBgqImV
zGCUl9B*;FnaML8ae6(@{?Fae$z4(uSseqk;-l0or8;#sF-7MVxei!@$kp<Tp4u8KV
z?g7=Xx-UOC%DIWV8C7imTJI0q4aa_|>6N&mVF8muVMV1wVS(6#rVsy_j0)HkiYl5u
z{9`IA*i_N<N<3*(!6y*y^r^t860D=Ju(Hyju<*b~0oDe|^-gS;wcH%t{(isuyIy*Q
z3(Es5Fz?)N26ZDhLpM-;tnkNtqp=%ETmgKCee!eAom8Ox{2d#3-R}NyX%Lvn;wI)M
z@8;yj`%#eL?|1#*cYlN|xckFr0w^bl>~~OLP>BE4`LR=u@%6>R6Ce3GJO$!^b^Ks>
zeUQPy#X+w3hX4bE0%-S`<^_ol%uKu=<r&#89A<EkQUAsKIY^H22czY8&?$?Ik{4K3
z2}$u79cBQ@TrO~sfv_gSS;1fyM5m`5(+?KQ7Z({;v4GRc?%yEyuwD?E$*?*IeAa02
zfBlUNtF6F3{r~;@zq>y?7I?WatPF7b`~A!>2E`R085uzC0=ZBE<~9b<8K?}(L2?W~
z7%hK-+{M6kfn`;o6ptZ;(y4;30<QuGImRC>nm^z+*Zqc>s`#5xK|sIvhde{nW!{er
zoV*_yxM1$f{_O^@tr=z*W_UO-OejREtv4do)*n%7YlamRv`3W~R%*EY{T}j*K>-x<
z3=bS+99-EhA=<|bT3;^+*bA5mm<s5xxKzFo=3e37ppXOI*s<-Gl^etq!(R;08U?h9
zLGAztC~vkiFf2_@KGsrG^J8Xt`Mcig>TkTCKK<XDoqcU%e*V3XqemwO7#JilGcq!*
zOiw>otF0X-`S0KJr0dtWK3l!ocUD>18`o2(`sX$^$vd1p+1XxO`%CoKulKJbBR8FN
zckko=@ZtBHwQC*IuUy&uchREwSL@fi?w>P9`TLS3!PAP0o<tuwF#FK<?WHn*|2|wd
zd9rPmnwn3PnOTmby?q_i_wQf*&zxzFF)_*bvUF*n$<wD7IX-^;Ik~X#QSpr%tAh;<
zlk7!BwRl)qID(EJpPH(y>=t+U@LUZE34?{xrkV4zvT|*mHA|n9ot@82NJwRNLxZ&K
zqeu7EUcWw@sjlvKcGIT%`K6_=q&Yc-<~29Vmgwk2=t)VL=t@hQZOY5L^DZiC%kKpX
zqQ3<NE%CLsE=#<2ZTq>+n`^5zHG}LPKfYV2uOBzPrA7E_aPYE>ix+o-#uaqlzCD<r
zpx_|?=g;F48#h+IjgH>7FDvVc+v(H2H}~yJ_qMbwy65FJ<%*Bbj296R8@$e+Z_U1N
zVYk-%_eY<uTIDbH`}f<U&dzPueSK$z8XKogX>Aoe@9Nqm@bl+OHYO&P#`^ky9|8gv
zxY*cK?3zDc_3?@o-k$>l7yVnjIQD>pLqk`8KkM2_lkE4*ovY|!VNt;H_3Ov`d-fzB
z+_tT}^wzEQ$%=|j1_A;KQvd%y<@@~kZ|<c_`+d%yZ4}|*kuVh&R?~m;=J3P#_<f6}
zPd7c|;?iL$F0L1T<jCYt%a?~X)z$rRx3#TWlag}cd2H-1ZAnR^sl~<579=Dbn9<lM
zdC}j0Uj3ari_?^pT<Wy6LRL?hVBOr&!F|fjtw;0SyW^L4?8vqe5z(l;cW?QlxVSyC
z+}vViw{Nete(>OSn2}M6pOsaK92b|!ZBNfhTx@JSIVvh1Phw(r#2z{{KkxG8z3<no
zabA{`bY#WEiIz*IPBk=t^5k-NW#uQM=g+S?pE%JSX>OjkJvaAOPj4?{%GIkIFZub+
zd9ZS&=a!tD8^6NB*06v1@>%uOtMltqQ&06(RegE6Zk@XX2ZzAbUAyu-Dk?tYtEzex
z>FLF&$jDfHT(&Iy_?9ijfya(bSAOy0bj{tn3+I%Syik;vx4Y}@J?+lky@_qz-Mp<`
zUHlUY3LZGw+0`7`y0vgsTH2W#9v%}|nVH!bzkT~I#K$MII5F{1ys2r{&+zbd7k2K<
zoY>YT9&zyCOm$gVtDW=asargJcvJYtkJp=L%+NL#6ja)snR%(;=FOFzeSPf9r%W;4
zHhZ?NlAN5)r1o}Eg_kc+dY(Ji{y#KyRfUE|K-K;GOZ$6zn13u>7}?O-$tljuD|KuC
z{#3(f&#oVHa%$O;k#XU$qhr&CnKL!Zb#<cz`T6BeZ`e@%CnRLWwcWdOt;EE1l9P`u
zt*QCZQeOUUW_9(q-cO(Y^JZsX+nb+%Z{yLU6GIFP5&{?*nV8el&#lzf4y*n5@44jl
z>symnul9XbR`zDrsZ;%~O-=H1PoC^_sIC3g{_EF!(a6Y6uif4IPJa0Cn|tkA$2V85
zY))UaDE{yI^{%hx%u(LIWJ&P%qM|3$4jh;ry?uM>p}&70%1oYYyG~8bC(Fz%C(7Qw
z&hh*AuS{poH2a&FWW+388u;bu(~Bk_KmOz>EPOQi#*Nj*hK5POqM};%EG!&6$B$19
zQdV|LJ$!g>oP>md#<XeX3t3sY_-D=1-^$L;$0;PFV%E?gJ^Rt4`?jxNpH)*=_siV0
zss3zf>8tsioI=vg&9d`!bRtTmq)harrOkBn^6qSkirVsS!Gh@DK|xEtSzDL+Uc0tE
zar5TdbDEk#)sG+FwbR#+D{N^Io*o>$?CZsgJ2OD}|Lxm@ItmI734i`PmfyIs@<ep>
zwzpYXSN5Gg-Rrh*U;0f;%OY<tuPOI@d}dsUh}iJr{P|X|3m0~0zkh#JYt<_Mr@w!{
z6?1lOJL>B@>$<UVT4-yl;1pNauJb>Cz7$|$VqvSV|JN80u;7D@O@+(+`Kr5Ctnhvu
z7`W*3;>EH592^=B^!KxNO`2rCcJ5roJr))P9$&wHWZAPP`Tn+T<p*!wT3@QD=#(rV
zpkVO-|5K^Ypa1e*y0ky{?Ab;i9v%r1VPQ4XH*XH>$H(t`IDNY5A{UpAGveZUmPd|E
z4qv`J^iy5kpC((|D)*F>6Ki5)cRiPsG}10Eel|5B;lP5%M#&le{_`&0xwE)lNy#Nm
zODm*q!UXHp9Ua`wZf-rN-n~1nxnoE6Wf2h#n|t?`SH{KddBn{vCVTt#+Oh`^Zd)4}
zrG!~omH2USiO6|+PP)y;#>1te;*k>*v*XF3L-S)VU*4OyW{vavq@*LuCQh_mF?Fip
zk|$3tn^#tT>VE$Gs?muP-OlFbd6Bufx3>58GWJ}(x-rGiZ_cHaD?K0N<lNX27PjWs
zmoJ~$U%fi7nwolQeO1+$zIE%|Uvh8=NbK5`f3>3GLx-xWSH7NJOp%O?h03yJ;UBkb
zDL#Je*z~{`FHS4py}Picq~ygMd3ifUZ|`Y$_wG%+)7{P6*44$|T2Sy{f}LHB)7Gtp
zN7B;Htn%=faD$ndjrH5N?~HtWGD3-ohZdWfX2pkxulu=kXXb^rHt~rE56+B`m9<iz
zH&1=%!-qF5e*AbXJY$CTW<fzE<IK!UyKmlHS<u(V-Z^E8@$%WTb+^gM*(kNQi%xp^
z@}$DKbM2m?p{xFDXarQ;zrVDqr-!+J;ljutot>Nwyu4E4`}e2bdiLzPp_5a~v5brh
zI~*OG4$qvaxj|Pqs+^x+PH@A9>eC@1EB@@>oqJ78Ovftu*wW;hA1yWI?`D=)f9tLO
z^q==r_O-p)`S&*FADtL-)F2_ifRTxrG5y@ibnUQO?SIcD|6SjjbbYn&v(;s9W|f`l
zcRkf4Key>*r^CtGU+uNO-i!W<-1Iuqz3-&^hu_>E);hjfdu4O_l|}J?7p-@FwSJEB
z{y9s6zb`3zGOg&q?C1mAOAl@T`%vcZWZQL<)qJwl%yOd4?CTuuzkg-=ex}*~j7dg}
z$<n|tOP^jedHV4u$H&4)lM8RGF1}%y6l^G}WiQIY!NYQVYS3|Iw^ZfBbK?$67-&dL
zGhaB3m5ZNsmj2dR?0lT;LMmoL4brn49^JQn^!lvYYjwX&^-c9>H<iAcU&<*Y&DktF
zuURLeL`TX*PfFTMS32*`ro5;v@1hn&|6UNZ<Xez+nXmP=?TObm*Ph#~8C0$L_^#b!
z{kTH?7UAhF!OOk|U)-5-5uE=I>bzBONKp9mSpLt($`c!-x4n(dy0S0pbg$d#ed#y%
zSr&O)dQG|K<ul`oPsD~75$9XI&R^J_ec}C4t@o?^pRW4-R_wQP+firVS=W7y(?X3~
z1*f#ScAa<q`BLB~6AK$t{lCWgfCV1{Y${xA=Bw_Szry?Rioivm0~g2sTkOzqz@eYD
ztACRH+DUU2_sq2@@UZy$k>%^2<okQJl^@)8Yklc0MW<v%0R;nr|4*g<fBwt&`O^N}
zOJ^H>&hkiz@Cd7!3coq5|0aIl!}#f@i>AADoN*D?vlKrvIsC}-&`-<j{xsFuR=L}z
zoLG|*yX$$Zq>;8{@w2JL2?rJ=G)m5B^q+Up|IXt2J4!BTN?IXxS`(~SPw3!o?r`fl
z<@WBl=DQu)mv@M0*ofR)UU@HW&!aeQF<I{0Ys+pwxNZHwC?(9us>IKVOGJ*#bJA^3
zHXbfE6^|U1m>o}I4$Y4}ba`*y<u%Ul*CZWTmNe0F#l)$GOQt@#Z2qM3Q+MU_t47aH
zbUU9g&x<tAy|q2Jm$9e!>c*6-eseDQt@M1bGUvvYoUk>&!oGZF|MKd*>Z{aK>r<<~
z^i{2Mf4PoBK!Rge{?%O-A37>jz4BG{Vv6)+EL3Ecg@0VOrTF-kW77kVy*RD>;_kwl
zyCpB?l*rpD%6m_{>%BMe&fad`w(c(e)~<pF6AJ8Vob0w19@(09W>uQUgc}~rY^==R
zzB7K~lM&)eJhV8`G%MaTeBICRotYPQwuw({J2*4qpsba;>^$|I^B&%`c=+SB@Q)eV
zn`a0r84G4!+MRiGWx>rp_RhX3#>=P7*4;K+&PGYDU360W%aaN(&$WA=3tja;R3o55
z<NngB`#sG4Jqsg$EbQcL=;W0W=iQ%rYyY$BhR>W@jyYvq*pcDbbl7pG=7yQNQRTY)
za)SIDs!wkSS@9=ickZ>_Vmel0$Cf51|7fYHc{j7X{9A8z^?%+^pRVoA&c3%XKYwD#
z(W40g1_n&bjEv`2rl*J1YHL52{P%Bb()H`U&sMK~Gpnqu-}Tff`MFI^oen2Y{%WtS
zeJ}d!*QVEzk$orK-G6g`_~7_v?b^-hSFXhWU9`yc)%x|y`{&FF{=Q_%lW9dov!f3j
zC_S`&`$L((e{I)Ip6rvQrj`?BW>)8DZ~v9)`}b!5GiNelOiTj5EM0oh<muC&93MYE
znp{}8y7<P8q+mlsEqhT>4jvYksX@n&yQL~C&y72L*g!)<!hGShX<YoQtomDL&En%^
zXIC*35|W<X&~V@O(WA3!uV4FRs;k$Z-L&b|{L)e(X--brdCkocB|17LdQwtmy3*2j
zHs$4Qc^4HG{d>WJCEtRA%6zS@w<lh^R(o#q=Add#&AWDwAIBBy>kChBX<7C)ICy8q
zMR5K<sPp!%LxO_BWBEUSDo<?Oxb1Cp^p$;CS-ozjPp9A9x39?C(sIf@FRvL_e0(;%
zh=^$QI)8q5_Js>awcfw?f4XYbTe082+m1Rr&${mGn-*$pEI6gLwd=gA>q~*3KUvtA
znEo}^*Dv@G5K!S_W23rj{(SGpD^@J}92gk;Z}H-W0}c+XUH$#`YbQ-o+%tD>fro{~
zN0zT&lke}@Q+{yUw)LgAZaF0@Dk>NV2t1Yg|Nk%F=g<3dFI{T%IeS(@goj7XR9N`1
z{+l=Z9>&L;E}A~Q<BW@oo~5|><nSX$LO(5E{->#~uFBok_QaZ$lwHqbV~w;WC7(?#
zE<UgzAwhCRW8=Jw{{D;W@7!@oQ&I}4)6%kDJz)ZOb4N$dDL1#{n(y9aU*54p!$w48
zdF8!(dmhEbiOF(vuPwWM`?mFi2Pt7jMkRh$Rw8m-T$65ldh&3wv3caEsO)$W6Ei>d
z(4oC~moGcNU$f@OvZN%-6%!{KE}1&@viXxIpSmk6uNpmn-tBziL|&x1`K|4_xr{x%
zy&F@mUY&Ev&(HJ0%9S^^<m9aR6&CiH{mYm0s;^$1TA!NwrLU^W{pGrK0ume?`B!)C
z`p{8P;gzqd8dIdFXQ3h^6aI18vf|@gwoDH^cI>qBix&%P?%sVdr=-MAQC@!9U2pHi
zJA3!?wsm*&w{~?sm{3qq<78)7cx3C=Gpo|lCfxAwU}I%w{?7RAn~V@2-=W2ciCOWc
zrt5x&hi6{cxl?>%TieWtg9okDWo6ZO&YO4B;^D*B!asg!Z=Nwj$yiYE((cU6l?69%
zvUm3N884qQMR(im*)~dYa-x&k+fORIeA(`K?%b;Xp`ig48X8Nh?%!wb@9ByBv2Y=0
zLuaRyI4^JNt^ND28$Ns1a?Hu;!j6oLro)bonj2=$j4IdFl@sLWuRgtD!-_v4A-UIf
z@7A#r69dgxg4P#+<}*QS1VHo9+1c6IpgCdC{IG$6fdL~UBO_?O8Z-wAn%@PjO90KK
zgXaA~bK#&h3848_&|D{I-2i9~7c}Sm;lqayYuBz_3!2{ttqlOpk%Q)BL390}H36Xc
zV$i%ZXg(h_XA7E31+9w!&8>sx<j<Tra|X1w0klp6G`|a)!v@V?gXZ!<^Twb#f6$yP
zXdW4~mI1V0K|(@80yJOF%F4<LnwJL6GlS-qLG#Iv9zA*ln&$=0FN4-Cfab_S>oP#|
zy`cGh(EK=Pz8f@W4w}0L%^QQ(Zh+>EL36#JH36V`bI@80(E1C|+5*r#F=(9w0|NsC
zXiWlWKK#$0KYu`T+MqQNpfw+$H5j0|bW2N1OVFG(XsrcktpRAhAGEgM{rmUtL38e)
zwI0sS&d#7YYS276Xl@_01_3m;4_apcn*Ro^e*n!<gXXzG^XZ^@anQOE(E1V3+62&g
z3DCL+3kwSi(EK)Nodakc1!$cFXige5#|~OI0$N`Jn!^Xp(}U)zLF*M@^X=28PoEB2
zM*^Dn2CXFlt*5A~tE&U86#=c^0Ikme&B24#CV=MVLF-jOYZ^f789?h3Ky&M$H5VNn
z9UY)G8KCtgpfwes`Ek&?6wrDN&^i;)nt=xo9y|c8Ndc{q0IkIUtseocxd5##0j&oC
zty2N5(*Ui10Ig2|t)l>~Qvt2lsI0841g(Vt&EJF8KIG=+=7QFJfY#W6)~$fn3V_y*
zfYvU6)**n_T7cG-fYu3s)&PLkwSeaGLF*Mj>r_B%TtI6lK<i^b>n}j-96;+SKx-F3
zYcD|S7(nYEK<hj}>svtUJ3#AFK<gqv>k&X}V?b+EKx;riYh6HVDM0H7K<hL>>rz1L
zRX}TBK<h<7YcN1-eL!mme*F0H1GE-KP*6}1w2lC@wg$AG2ee)XwAKf-?gX^X2eh6C
zv_1s1z5uia2eiHew3Y?5E(f%Z1GE+bw3Z08ZUnT32eifpwB7`?jsdhr0<>NQwB7-<
z9tgD70krnUV(a}Md)yS<7(XQaU}a#v%Kzy`0^^6C9~y2(dl?iMKB)cxodclsgW*H;
z4~7p_KNvo&{K4=+>nFp9vY!ke-u<|_RKtz&L&*<@5Bq;Ie0cto;e*02kVy6qh7aMt
z7(VR%1u>gJ!Dw&6R^7Ku-4`~nxG{XF`@yo}@Asnr8XFni_&=2-Fn$R7q5gp3!_1!>
z-Z^xAc$d&6se1p1N}B(dhGe#{4M~P>AoV5xbLGBXWcZ--li`EnPscYB+&LQ|uHpU3
z@PX|o!w0^f{GVJB7(ZzLVE7>RGhjp61Bk7cHZXkX`|<C4=?{hv=|34hH2q-skn`i;
z_y0dq<bGac_`v*=;lqy~3?G<4zWBlL;lU4v4=;Z3f6_<@cwhl_H^T?zANPMu2nD%B
z?LWf@=bsE8;(joEnDgWB_sahebMF6O_;BS1!-so67(N{S!SG?v4~7p%e(--1NMQKz
z@IS+cGd}`0v^-=`V3;7F#Q*7sF#jhF#R7MP8*P64`=0)r;e+T;h7Sfm7(Ph-`1f7(
z55(+^KNvnN`@!&G!w-fJQ-6T`!|-9+5B^V20vJAQ{?G7X-jARSd*3j17wqL#V4c7)
zmF+7-0?PzY2nr}LPcU+0`^uQWG=c4FLn4m?;{>)91@7>$Rw-}?xo3_b|ECnu`#;vC
zfMg;5ezAc;ng3IO5dWtJL6#MaAB2B0GO%3W|1>9n;X}oL=?4rS_Wxk`Aor8ugTxQU
z5Bk3#ZUv>5fFBGWqJA)Zu>ZmE!QuzQ2Zta0pE?2<KE(cK_~7v)V*|rOklR?lHY91f
zv8*U?huC*)gMbn!ei%P2{>SiP;*bB|*ZgPrQ2c}O!`*)nvvq$kd;q0LogWMz1b;Am
z;QGPvLFfnnr<eeS5BmQ>Vdl2s(gOyi`#)Y7Gk$om55#(6%=qE<zOyfx7<=C`bW1Ao
zf4dM=;2!u!fIIk&gf`=c`TNxuFnkc$&!E8cp>78#Wicq+|FJ<BB+K++!w!hsmTlnw
z<if=8!T1N$hlbw_ADn*t{|@qv$`7Uw(%@M7|NY+o|KBhF|Ns5&|Nq|){r~@c_y7Oj
z5C7-?^u~eV!-IeSzn}iEwxRifkV#m@gw<!?gX&fg7F0BJ3`{I+1ciu}8|&AGL{NzE
zf8t?0;R|AMF)%PND!Zn4u0H$z-@RQk%0i3;Kx~j0qXN?h6{rj6Y~WbI^nvZq|L<S^
zGkggC;r|5`x*##V|0#0cFS4uzu|xj<|K9cg|M&X;|G#(s|NlMj|Nrml|Nno_|Ih!a
z#DU>M&%giQ%m3>`Q~sO{oGX|=i2Q)$)fNYa4>kW3AAo!XiU)`dAQfN#L2LlAE&u=j
z9{K<OcfbGtzeoK4|K0Zg|L<o1|9`jp&;KdGf#E~+zyIIe{>y;VtKnWmI_&X<rGo_<
zcvdifc>P}jTtdV+NIZbJ`Q?9zjXWz@KD7RX$#OnOk^6L!WhF@T_)mySGaMK`sQ(ju
z!1!V6f6$2)|Gx|W|Ns5RzyIGq{`>#^=Rf{WDGm%D#Qy#N&iG$p!_MadTXo;Ebg%uY
zQ_G;hG(k#f=?eZ&C62$pPyV}f1<QwhzgXND6rESFe7N$9LBnG|D5Ny6IDA^}?7WI;
zC8*qF`Jndq|96Z3Q67vFKt6I_!7u?-lKFpWC{A6a=ms+7-7glm|KHF2gXH2_KNvnt
z`oaIn#)09(rN0b1ELTCMGJH7mSM~wOwICBfCc#W$UZv=kx`O3H?(hHKSN(&O0H89t
z;0OPw2nU7_8~%daH}x0qSDo6V2QdF6)iNlsPGFwExq{_G@PGd=ZN;3cSXc6Yk_lk>
zQ1?$^BP2#9{dIrv|NG5<94i<nEL_0=_JM{E$Y$o%lB*QmK)RhkY2_cohoBz}A8dXw
zd@%XJ|H;RJ;X}z^mKBT>*jFd6V3;5XRjc#=|MyM*SY|MRO-fwB2o4M884MF7SF^2B
zTnRGo$p8P}-TpCr&;pg#KNvpn{NVrO;K1;~=PyW>@jvg^q}si2Sh@xFGP!ZP`F~+Z
zEO2LFnE#f2cJLcXZN?9u_ONg<DDW^aC@?St*fTI#IxsMNum`op7##W?7!?>MfbuUW
zmot7?x7RZ-vn0sRT_G(oGbc5Li@`CqI5@S$JGBxjqN7lhTB2a9pbC<64F)yk6ckib
z6jX~9O7iow6;w_2jMEf~Q<L-aQi^pHR4qVUUnl)y1_lO4*I-?DXJ3-kJBI|3rk(`z
zT~dpU<8k_qfx*}X>Oo@t7vyXL4iF;M2RS-9d4?zu?LS`^Q?T*GhBqiKgEJDb#2f=d
zu!kc#W*M29VKt5+I3v->)GV|hC9xzGn+k}$TV`Hj4mN3!dvrmD6YDqEvecr={Jd0!
z^wg4K1-GKil*CGf{IoPZ1_lO@zk`Ys5s8+Ifgvc^5oB~~UUE@oK}lwQ9yGa{fzoGg
zW=>8fJk2JSr7Pr@r51tIXO^TEC4!U}gUl#SR0t?d%E?StaD|uy^$JK1Vtz_01?Hz@
zq-Iy9q$cO5Ac8PCF;BfjAt^O4IU_f*C>vD8F}QeulT3DMr9ygY9@K#f3aX^|1<8!W
z^rF<%+|;}hP)a1l41*>{4yGnXMurUwIoRfK2=9tyv)N;C^((_cf0yOg-g_NWRhM~j
zX<9H>%*4Bk4ozv<U%Sa={_IN!yN>QFidp`A;<GFBi`iSF(>#tB{Mz!4>7?x}uUobU
z-RvYYFN(XdFZP|UJx$y)*PvJH^OVb_=NFVd`!q>js(^JBOLMrv?^|V)EdpMs|4n{p
z^K|<O&UN_#rhP5vyck{z)kPUzH~yn2Ty{px;5N^nqe;t6cf8-eVa)-vZ#Pf6dHi&k
zz@RO?D(A7(VQ%Jm(udrhc=#z5=O2#0GV7WFyT`Sj39GMs`}o-7a)kG?oo6-oXUKDS
zC%5UxWMA9Hmim3!9ftJm-G^5?Hvc~U>%=3uy7dh9lbINq44POLGchuNgX3jatmu*}
zCOab+-CAFA;v}=0#V?OPz6N=($~w>ae`~*IWaXA;ArxV*#M`h&cfG!lT~cvETE>J;
z`R?K@+NZXwZ5KEs{Ie>FYqHS<CtfkVU)MFS&kuR>C$;3qH|K1>c_#Izvt^|2H8t+%
zh_yekZR3iia~cbl`x&*1%2e=ukofo7+g$tQ!|%TWk45af!N&ad0JB7B_l$oVzg@8X
zm3+WL@;JkL-<b(pcAa~C?q;@b*_8jk%O$-2rGDU=7-Ow8rS*b>M5NwQW9Bu|@fAjb
zs_*KjDXzR$HoZ5kZqvjIW_pWd_kV1Cd%!MXN7Ve)4G&($#+Qa2_YLg3B5$(H?4yBv
z;7olcW<~}^rY1&)AVFh?qc>Ahw?5!nD%tneC4|Rx`x?dB59`cXXDJkCuTS<?Hn?M+
zCepd*!H)&8y5Xr0j$NCbrk?cX@Q$7v>$aZU&-bsTDC4R-AK#C4bHmp7ukBc{=-VHQ
zv(uvE>bA|;{kiMSuM^uRlrG>a&;A?f8pZQ}YVWy!v%g99aWCX~cdYX6+{D%x$sG4H
z9RHUl-F~90dsig=npcWenrFzI$E_024V@lc&{0@W!Y{ATxodU94U3y@nY-Vg>0Vg8
z{L>SQ*lVTpJNUxR-e`%`EdIK%@>Z4n{^I5Xx%0bCL=WU<W+^-iJnx!!hV_WmfqAPA
zvgxm$Y49*_u4~o*mFEg}h)MA&{5r_g*vRnTK=6=F_Lgh&vJXza=y9$=ci;N&yEa`v
zd?YwelxbDs&R49nE7Q5p-TXbHM>hLQ)ba&!ArdbQU22X8-N;>FcTGgMT6C_QW&5<d
zD~v<6`iu@7dAj5DS)<;y)lZMr`R0FKa&(!)z6n;wSt^?v8im$8u2xGv-?8(5iL!an
zha>8-uJRx^yz*Fnx7aaEQS`f$tMAH(Y0-OCYrn5Z6<()nA$WH3AA`j@F1ycPQ0)JG
z@aJ0Dchk;K_e=<GSi0!PyPa3dUGDys)cV-?<)+P>;tN_gY}DH;h1#Bn^F&^B30-&C
z*J<s_%^HbY<}6FTJZ)p?e65O^kL3#8Ex!akPW$+}{{6AW$v!hbg4}R)n?jGt=er-g
zVw+N9Jf4(V{r<H|=1Fq7;hIaTuFAR0U!Pp^XjS8Qx@y5WJ=xqp>n{Cts(Y0iS+#lc
z6L0U3<QwN)*bcp!|BW@&?TcOiCmw^kn7bXG){#5g_Z&N_(j}0rD4!-}_a)+D4zI(e
z1G33Zd`H6g4xBl3EsgKU>aE7#0+|{cB<r3n-FDG3%OiA+%Cy-+8oAXmtg2B(taVOb
zo24preAjI;o3?V-gEeY%S7vE8@60{==9kwT&aAp8v+vB-QqS|>bz^Dz?Kh6`nlcW}
zuOq{*uk>5Jt|0y5;*UAk`={~su2~%#k#<?mef9^Rx8FQpysS1#R4|;%y6GF|D<cv9
z^Rpb88XL;(w~6!~73QcrdF0iVUA#-?ZO*$VRrRB@<Gq=U;GX6e204v2?w@^6y$WMY
z3f1%OT)8)&@mmSgs>dy9Y*S4ZK01~9Z?UfP^r<=dSGQPv`#II%*N-`>+S^0|&**KA
zzII3IjV@=jz14*se(LgfwBD^*85zr-EZEF_rKDk7ZIbK$FotX=1_pzzCpWOTIY8Gs
z@w(|9&^w@@<gijfmf=G+sOM0~u!7~og<qgHIm0Rju=vLR8g8B&4E7d)&vX=XGj!8%
z`}uv|4`VkiH%&K?&ISJ&6bkl&PC?|`!mzbz1M^CTiA-(`s~HuUJt|zd3|Ky_{>8Q@
z_J_dl$Xo^nt_=TIMnzl+%o$M*N+0-*f*qI>xHF<0{9hRbK}3aknqM(FgG8HOF**6a
z+T;WgXZm1_q<WJOO!U7H!i-N)Gn77r8U;J}zxrIvoWPM0;J}ek;1066hzX=C*g^S2
zsBx47R{|5*<{~8~up2-p@C7??gWcx;YEu$S6l5=4)CeL9aV1C;;z}c^IK)rf35*$m
z4*stU1wki4>c0HoKW_tr3je1c9{itjf<bHOBz`bf*USACVE@3*t_wO*tH9PFUv9tS
zf9L=FoIe<=Q)F<fNRj!^Z=nNHb^A8|r#lY(pI*36aP$8l09u*HBeTZ;0|Os}>XH`<
z4lEVCA1(M~)L0(K=rZ1tQDb;up|-_o%YHStB_Czja%IGR@Fev8U`R-lk<s0<-~WRQ
zm;VO~t}xdX`(^B4vWy8!WGr;~J~Hv$xy_*B|B9V&-VcTZhP9=VQ-7ETv~FZmo$~wZ
zSB7=#Bw1g(axZ!9%{uKz!Gho)ssUcFma?|}C<tI!JMRZ$LaAhm46!;=WDImbHlDma
z=SNY%oF4@ax-71*SW@QvC<$<R#i}yrM_GW5v&Rn>ZwHw<KZ*n9{3wL0D21vh572Sm
z`H_(mq^kZ)$$Caj`-=h@6Y~WVCZu1?56B2ixR5TGKOtjcf<Ss;{)LQ-2?6O7^8_*l
z6DOoy%nQg2OuUdLm^UGFVxmA=VBUqyi-`eg6LST!1d}GDUd#>13QW3?DwsPVYhsc>
zYGCe#tcytjsS|SqvIUbTq+HAi$PP@tkRq5fA$wx7KuTcFh3t#T0Vxa$a-g+^{U4yY
zNuHr`1J8a9H_%OhN^X{J|G&TdC$PIxuG8@(Kg-7kCf1J}4FA91|94;~qrSv`0R@(?
z4Mmo24wC=BU;S6GGi9UMMh+!IH<qsl3VwY*_m|}Xhy~hdzy>~x3A7*O!&bHo-VFXv
z5+)qVK|ffk+h3WAvwyJXIsTbdkL7g_56kO5zB@k{j=@g4I{ul}4<vT{Gi&<29}JH|
zeyA6KPR(k6#lv3b05T!p0gL|Q_kJ)u1*t>U&+@vR{oW6T$Jc)_6oTXsX0*RDBij|V
zU{{n=<ceB{Xu0|?<?GoJcoRPCE!f($fz?gKjn9omiE+iR@0x#ElniA-H{q&)_7u!y
z-~yf9$@t;Fpu;Oh1<=`nj1w4UFklg9n82`-amD}dJ%6>_AT0a;tREYg7*~SM0=4|l
z`n915B5wR2LT|xo1B()FI~3f0eZTgHMTv2xg6yyF7ymGADA)^HOMagNvNBxEjp2h+
z11L2h_Qi2v?2D6sz*u2a5$M2JP*mYq5$NDpu&JW4BG93+;8VrHia>{h1xA&Om4Ob7
zg+-N)m4Ob9g_|lHD+3)G3qMsJtPFHGSjh7AKoQH=1BIZ|cVqr@D1q3ZTW34|aF}wK
zG3f7w?uKJvur$<EloaG-v@+6Ck`m%#vNqOMmKNq_wlUFBu{YOOmlx+}w=>gIlM~}(
zvo+OKl@;Y>l@Z}#VPs-q<KW`q;};Yb6_=Ej;S=PRU}R;M;b#-&5*OxSk>U_wmlok=
z(ln7*)i;;ZFxFKx&@oiEP%_oiGE$LMXn-C#rT{&F40I3~3-n+z&;ex(ER0}^fq{{M
zg@uukg@KWgg@qA(Xc<Th%m9gl)Uhxyu&^+I)qsW^LFTZ436N$GW@KPs0T~A}6J!op
zEyxH)76u3#H2wn81F{2T2FMPGy&xGzMyPwhhJZAJ+yhbrG8be9L=5T<kUK$c10S^p
zvyXuhZazp3*?r){*kEpCU;vq|&>+yj0D%k&4WJ|11Q<YJrNAK2pwPh3puoV;08t|V
z3QDL-gc^nh5L<u&q!#1@2GH4V4Gb`|8Wb2n@(duo3}Ce&7RXMB`Cu&|dqMVrj);Sp
z19B4xgQUSU$Q>XvL2d!N4`w1bf+6OC#3A;<+zmQ%4(un0tH5eO{sG$!GFO0s19U<i
z6B8&|FmNz1aWF7}&#GhKU}6HDUdI6y;NSqCVaEg#2a7Q<FmZtOGBAMT7#KiiK+FQA
zE|3}ykQp2x^FU^S3}%9;<$$RLnF(Tp%>bDV@-N6<ggZbd=z-k;QU}ow;(`={-3vA!
zqzGgN6BF1iAbS~@Ko*1i0(K|Vtspj79IO|lhEbt`p;3VWjKNU@;xjZbFoG~BA%JWG
z1sq5mgh6~ra6;68_+WJn3?Q>WW`L3aBRJtOFf@Y90jUS^L6HWcLFRxkNE|E=PB09O
zP%)5^U<^tOAoUClaC1O*AiEc)2b5tz2>|A9P~rvK4bqRreIT_UHIS?Wib)P821W)a
zP?Uhhz~>Z##5f$FVoVH-91c)5P7I9TBm+9jkcoi-tOmpeWmN|TMh=j?69XeCVnA#L
zh#Uh0NF1C>7$9s0sM#R3ATNXDK=wi00<jM!2GI)<gQ^9Y4aOioNFL;Vkb020AUi=~
zAUA=`1DOj_2a#h0`HjH=w2Os-!9fA!LIDQ{1rQrt3P9MPP*4zX02$=~%1sIaAcYQ~
z&|^>#011Q3RR;zEkQj*X0AYj8U~mAb2Zuh`3<n2@9*}up^BF+)D!|k-fc1ji05T73
zAIJd=AhQ`D_JQ0Bb|=UTkoh1QVitn{h!651$Q>XySPoRGK->h9Vt}XxxeH{60%&-g
zi9vydi33!!f`SH=vl&>JI20HdI6&eGEFd)?y-W-YEYQGZf$9N8A6P9DC`dTK@*wpr
zV7(wQ1_c&KE(DniVk>|W1;{v%8YEf)RQiD30X7@tCQwNNHiH3V2FP5fo4{rv*dTXt
zfZYi*6Kn?)SPZHb<_=J?5ArJqsCZKVB>(|XK!b!G1X#dP;UEAC8j#aKG`Ip00Luxm
zFfa(PfY_iw1*HT~jRHyrATtC&iHSjgg~5RVj0GTS!RCMo2L=`-wP14@96)A*f*xeI
z064Zm`a$MF<e+YG0NV)C4{;;Jy%3j!+y=1|#AgBN1-S*}7myhscYxdt@+$;`>;su6
zz#{NrE2AoF0fVxv8-t2#L7NQQ560+REaZRPk2e|AT4h9jFdopaNOt)xaeEW<YX+Va
znK?h09<=^oc+m5MsbGpzeuc(<29+|fI%HK-oFM8LA3)^S%KX;@>9}?ibXEXsg-gZi
zjcqdPV{Ig#Y!dmwc7XK<+kxew=`Q~_3H@Mvy)QObrtK9UTeRHUO^iPnvtM3hEpRCS
zweL4<ZG6Sd!}Ec`$KlieQqfm}A+q~LUkQh=aa!+W`QVA9@+;S1=PwPyCz%{SFgQBC
z3Wz(-B*?J*Hxm<shW`f!hIhXi75qOiFh2gxt|+k|bQ_3+1cRcd<Ky3aj7z>Yr0_E{
zT?%4waP)Kx`N+tUbJv}t=p%zuz()p#z}GB+3%@o9#_V@|#lyH^ug@#iKn8^kds)G@
zi|k+T<oF=ql_Q_b{-9URd`u4#-9WM`PBt#m7vo>C^L@L($;`B$(Tzc2-A56=jlUYd
zuY1kT!uX5*ACLL*j|z+ozu3Q@aPWJ@zz6fgqUXjR7@Rl%YW~i$f77p~f8{RR_D`g@
ze^lVp-_P`m@AGbl;~y3Hlz#F3v)J$aijR4hLyAn(bC4TEz;4L@z`*GLg+W~WwKIR$
zen~g+*N*&KpTpdJ<s&1@mX8YT{I`yLRA3L{&;W;qz%TZ%jKA2wKise7{J_D&`Jn^<
z15=$DcaDElU<rEVz@+et{SzeI41ckISm?mz%%F$}AyBw5FnrkJ|AE1E;wxr;m;Koe
zEFV~RGVE`WDtyh%#&RjofkAqsqmX2=qyHBM8JX9P{3iQrUOTh3JmBG7@>)2|Ot1D1
zqn`5}*H?#?onHk73+=zeG>IviLxt7#)j>taR{?>SULR1H>8N^z{o;mS4c`QQv3*Rr
zz@VUD#_?d|uf}g19gcleU{d(S^hwZpgM<I8FC|-EyM>s1U}W=uRl>q`<JwmSu`*tk
z4-76J91?%AeF|{+=-}aSfXm^PV}RlZ21kwk@vj0{LGkVK`l6!w1CTpzbAjwW$+hjH
z0xRELr&ml)LOe%5DzGvCV*B>m!RZwnYp&A_$Hb2ejJyw$ezAT1<PhqR{EO{R(<>gP
z&kj)zxlR)t6JIkk3VvyjXT6vrm&D3+As3v+6u&eGI&+kMWN-%A==ho?@WY-0cTlK^
zUQ+(R;2iYInT`8`|0^G!J+B@4S#I#~rpcM;ZNK~ad4tqU$ADLkY@pkSo;>H+FZ0@&
zUt>Qg#_vA2*sAQQ?4jbL;>+^k;13ng4ZlBr<o`5-;otXV{}yH_dUR%XxGQB`%1~0&
zaGT(+oH0Aw|HFTy|B4!JGu$=Ylrn-c_P(%i_^&A7Ua(cnm&HvZ19U(8mH&(i8VP*9
z{C*}Iwc&aU+-A6IWeDZ`S2S>&;O^kW@}cGzgA$iF!v~okj&B6GLH#raK6Um6HinNj
zpqiP1*}=hyA5@%uu;FG<u$VK)(K#nSIonn>#n+<>Jny6X@`EENcf)czYA%2IV2|U$
z&%%s{KMOO1LIIT9SuUl>IWTxSHb_J|o@4^0l8wJVe`EeFCb;M~Tj}-J2NYI1GF>W@
zLy`Z-{98_N(QiJeJoBY>9~t>TDms}QUrh)sV|9Dgr-y1z1BN+%uh{rd)nK*jJM(XG
z!9~B>O)rDplKzo_oo7FTlluoo_O#De)%{<|8SdZ^`Pz^oa(6F#DX7GG%@+{(nk7*1
zYlA$b!~yN-_4!br==kA*Bj|3$4~=`-b2%Jd@dY@3X%K|wW;QNRZf0X*c;LYJi|zA6
z2MOm*4x-L{4@`7K?i~B5z~cJKfi;&y;TPK{QD@Mdiwhliof#CtHiFAI9!8Ko3<~kD
zAguE{CrLy*!pop<`z5*Uw|`V%1C>B*kP?VZ=@;8Ki~YvVyBuUTK9Nk3(|=y?WcY!>
zapSMXFD&~(xpavnx6Kx?E{0!h9~U|t`KZ9A0M=#byuiUmTI~56C#n6Ql61Y32&fcg
z1DB#~`$44{yMbGxo6LU4SFC{`w*|d&=Hb|X&>6&LQ1Ji4ASU+Ok$=X1vDeQ09Q#3R
zmHh{uSs#G-Jo^*fK;<1+EyMjE1qXFsesE@W>)4=^bM=S9gR4JOCS+!>&svpz^@mQw
z>uine6qgbgoum@iyw`ku{;%%U1^9&g>ic%it;{7asSGaa<G0f->{s7+f0y-1{;vBS
z|MSQEYX9!;@;=EO%nSL|{@q@p-KoLx0Dsu8h7S%B8Oa@BUd*qC4-FD4k|%(9A-@_v
z9FTaCJOj+rNYPK$aAR1>qQsoRlJ!_(&L)=MEZ^mL>Ur3Hvy?pHX8X<N678Jq;P`{Z
z+9k_51D6U8gJg#wIgqMb7a3MC%s!ael*#<s(2?=Ak)vjUQwGCKrq_mvhcW{tG839J
z95WbZ!DLq^9Li|S0LeOK1WLS2V9q?4(Ubv`)l78CWXuG~9?A%m$V_a`bj)Oeo4hjd
zP-bJM16bZc;zc5OS8=oNWfM3u*xI~-#Z7S|hZ4hzpWom8W_rM|f<cMxfNB=wOokb*
z4ykEeJVGp~Sx&D6oI)LzrX6_2=)5$`*Wqc})2vtr)pXVD42OjDgzNx^1?da2JscjS
zKgf=7IP#-`K_Md{B_U%$%7TmsDGxFfQWY{2QWG*4q%O#Okoq7~Ax$CY$d48VmX9tB
z|G)qF2cdsJ=`T?F!$0N?277g1e(`VFz~aV{;g!*yaWX?8fse)Qm9Tqy!lDFz9_7S^
ziSDl$T%RWRzY_5Cd&T6Mn&|&Z$kYE7vzO;9F4m`sUay2*Rg>Ibv9T^q@_WVLs+#Qi
ziph0p@}XA@tOs5(G8}%z#PlHfQ4)i~!B@;o3Mom+sY#&Gq>cYT<T^098ceSEr;y1s
zfoY~fmWKo51jZQ(NeP(@6BuSDWG%{iocT1%!(m~jmqV;WLeiq7r%7rV>e*L*upGGZ
z!{h<z&etnHEGB^Nn7s1CW<y#^xkJw@KE94uoSa>+xVhDnkNhxsaO8)@gd;y}HZaax
zkd~Hq<cG(BBR_l^9;F@m5wJitooPlwYI-`uj0LF=Q;+<pcyQ!L%>?DNBR?88K*CbN
zjb-Nl?_&QM6j;F{yaroY+yp-`Gqi3Hb>q4q0FL3mzd)mcAb*AYXWd}17sT=hvp{2a
zGHwDotsB_gK&M5SU1kTzjo!boA1vIJIUWu>a~oa>I#}j5ykc~4{lUU5U;~o*nd9ML
znFo>q$wOo+b3rm54m)!|;viXw_)n-f$P7WSETe;f4#=z%ml$;1F2MG{L(Zsy*#GWt
zMGnYhn9U3mEc1SV%>{`vIxtSynNtCASsut`OcN|~e}MTQ+Zi30Cp=_lSiyD`^}MS@
z4t}(Ao)D)ydCIZ=VAOtp5fqLe_JV3Y&^ZmfZekyp894Tfeqd&hcayzf;r9Kz%kTJC
z3>+N$^FP!uNL;XTGj#j;-RGCJo0FR(_?(2W|Df|9K(kejzZ~4Ye>eUOsU;vMLb!oX
zgkWH}|072HU<!z2OuhdjLfjEdHl{KtGA1}CG$w#=JN56`z?kcl+njqOgL_KzD<;+p
zKYS)|&*625b?|jjb-DjT!(G*d@pWkyYbMv!rdN!ttgpCOLmjy0yp;gS3b?DfaJ@DS
zbIs(O+W3l#)zrb)fpgAUu-p$fRTs9`U#(j+Ii_~KVq;}}#m(CKii?$FPA*vfj+?4W
z+beDs?$=w@Z5)nfmN+bOS><y7#|gI(7xvdBS>3PLd04X8r|`Vu;^}$C&9lX2iOc;T
zYuwzj*rqLU;d*To(*BBzhvyXwPtPlMp2semUGD#wk{0K}^7@-~*DDsDwk+0ZJg>NU
zdR}qyq`R=aX6L#8qarQMh5Pk3^_ExMJjb$Frt!RD=jnOH!t=;wlgs@dF==5g?61o*
zx?i!gvAyD8yYRzcLE9^Co+U0<T<-sHadXRNp0>n=18g$~n#~$%n_W6yvGB0G{%ywd
zijC*O4~q>wuQ+)2xZH8M|3jb*<bv%w$FrHHx4dHG<9o%!*Y}Er@0iOzm-|1ylwSDZ
z&`|Ee^SV5*?G+C@`zt>7at9kp7nl1#?v&a{y5}%X=X-4u(({UsUEKjR*RW5LasEEZ
z`#+A9?vrfKVVKVH`kPtbD;9QhhxS)|?0Z}o=I?R2|6@fd#8!}*>JH@&`&_u@gY279
z3bN~a9>_e94jy(JNw)bmlJ|c!l-fx0z5WscGK>8c4?D=TeUfo5_kU!R?vrGBz0IxV
z6&u)n=?;5bxWTrBfNe3iLD<3$w#5O9EzDqBG_cyj0QQjp7JJsX-2d^X1mqWFTduj>
z|M8{-(<h8zJFb*q^9cvojy)xqeqjOoWd(*U$3UqHi!GdBTN<$1!V0z}1B)$8U|Rx^
zY)N<6=K>8cur20wpjZLLJ`30e9k2~0;27z7#m)|i4H>Z6X5iT9d&SPa$AuAWG6&e?
zave}yfJ}zO_m^T&C?QPNk-Y!oNiisVkj;g-`a&@%Y>-W62AjO67!>{plR@FK2F+Y<
zu#4wlm<$Q^4h)moz$TZVnS9OVra!8CndaL_UiC+JFDSiS@JDwo=lne`XZ#^<&3VPb
z4odah^Y^)&0GqizFYgr_J17U)NV3kikvt4GbxTMJJgtNB)qb$4Wo~J&_}D?|oPGWt
zm)&49zw5xvWSYOvWjltM9P@1?H({8`Jb$0$Iy5u6=I?P?g=Qwp{CzIVFwA6_ZzH)7
z!%VjM`y}V0nR&!zCc;FHj#q5#<u0}^Q~hmScwTQ!O?}12*Y}Etuf%1s%S4|T7uMHc
zfAjUdV&&WB!Z~l7ORry<3(ISezgamtUa_#JyX<oDb?NXwniB59_WHZ3rVC>#&xVZ>
zj;RkN8dLYa_yD>y%n@|{k+>VnM;=!B2MQSnK02`NbL!Y{=Vs*Q=;k2#<NN!63K{#Q
z4I~^i6cRSL@LmM94G#TD$YA*Bz}V=Nn80*tL573Of&>Nyg#-ruyB9$%_=2sxZY*vI
z8HyQP5=~AlA9>i4;OabN6cQSgx<V~AxGx|0=)l+@`R)7R{|*WY2_TcF{sEZ-a)$+2
zX50UT83`FD85my&6dqt$n2?abqNFIx_R)gj$M;45Sd>^kaxk)ev|;%1eKxo)R{95Y
z@}&=>hTD(tlm4-JJV;^lP)KF-NJwS#Sda=bJ0W2~0;sPGT7%yST9<zZvM#@3N!InS
z?Z;o-E>KW;cW&>&_53wowT`vB3%ePtV4Ujq_r{Ed%=O=0x;IAu|G)2gOsA6IgzU+M
zGye8DS1wcJ*y5R_D)-G{v%`VFs5rG%$G5$V70|yHEaJk{_-x^g6TdG%e|Gkv;x%^j
z!|l9Rzq}QRa%Fw_c;%19@BiFn%1`g|(du=w{Pn-_TVcCW;@n&wi>H5GUhP}5^87vT
z1n=G73ij;ZcdTx<#xM1SuUZY>UtyK)V6nV#<>u3wx1ar}StOqtw&sY7lIEA`|FxW#
zD^FQ%xnT02!;#Uclg{w;*M52b|6*)QtAE{!{0Gl;{)sp<E?y|e;n!3b{N41E)!yBg
zu4_%a-1hqZj}x+>_QnZWP<!KuEU3M4M7A;Y{*ME)2jQ&_&}tgcs*y<>4(2dU<aT4s
zWthn2cHu`z!-XFa6AorDP3(Nd!G7UK%mSu4_kZ-rUicw!K-{7I6(@VRi@FQ@>(A-u
zB$?KCyxPPf<KX{lGwbmmEC*U%aj-aN?oLPn)%`iGuQsumIP|zod9{h<jEl4+^Xos!
zrzMzQb8!2=+Q!`aikXGw6%R{}gUIVmOl_I}5{z7!UjI&Fe9gq?|7s7*p-ij9=2t9i
zY_GW4+Fmj9q`GLiFunel)F<KpYBy8MD<)RfSA47&ekdF`{zK$Is>5rEWEbYw-;x<$
zGxPYr+Q;ggwL7ut6)PVfIJYtJmAELofLy@%ni<XhMG|dU{}Rz`&$3D)#&&}P$A73`
zvpsuv5<c78vi~I^LST^un(f(E$>_GXyxI-*vBQDmKTHm!I)FmswL~AfzjJmcx4zm9
z_4jVR5|;}<JRThXVe<gu|1%QM&}U<N#lx28AohAUlU-Jki~p-VeAj=N9B6yR!?P~~
zL^90-k^Zm#lr_KNgSN7md6-^*Nn)C|#-&SQiwn=|Piei9*MC?XsLKMW{Rh@p2PXYr
z{iy+^iN04`*u)(CUu|LnjV^zd*q4>;a{Y(R0g!sTOb`jNt?AVkHa!QBu4%8fura^>
zntc2R$AK~z|5sc2nC70ANONI({W<4fR;fc>W~sx!j8ccDSA1-84q*=dufCRwz23so
z<MKB_N0R0BpA=q6|5uwCt21n}lO6VCCOg<<COb5~;$icD^|_?)6&ssP;wFhj68C@H
zu-TKr^!jVkEQz}85{G}8B@T6&CEyXv)>nJjY7+e%wz-tJu)O}1Hb)ZVj=vfEvP&K8
zvPvEHWtM{N-J96=iixf5)gHD&iGSId61JJ84s}_j4*#I?Ew47Q{Y?bf$@uz9BHQad
zJdqNqF08LVrp=Y~f3=0DCX;DiiNn6E5(m31h|N8(7};!+roGz4w#}t317!QxygivE
z4*#-B9O|-499my(Wb1jw#s(T^6??sjX`V|>(jo~^T9_l@|7t7K-^_g(r4Dx4r4IYD
zAZ`SO)83?MuQsx6aru`4vi(brEhrqbOC3Pr+45>18!QwzGR|@No0KWR`1(&`tc3ro
zEsQl;c9|s(`?5<M?6M&)v`GeqW!tNLY?~zNG8akg$trR9mkkNW5(iL7g4_lU!DK%N
zw%7akK)wKl;q@On5B6oYz2f5or7b?bec2$k|Eqs>$A4HnXnM637Lu8TF4un;JOIgp
zQWGEFKd?$rXij^zl?@b@AYG8~1f}gSE<CS4rZK-}1E*m-aB764E09f~TPXjOF->cH
zwS}kW)g~UE*IRk^W^Zu;$5ckCLtO?Wq-qoTUTtIpr9Yn6|8hW~yDw{w%PNV#pjgi=
zbpVBI&#QfGps-|m{U-^Q@@7fw1*g1EDYBAGbHFhLim?nxc>PIedbNiQ6kcMlH!|8~
zCrZ?0lsN3mEO7vZEF`QpvDqYoQW4|puZf@#i<AI`*+*!)+nZ4biYrjs$}Dy0dj%R<
z|5^%4Bemc(wJ#eItA9Z;4^5pduQsxQ(jCN&o0#Uf>`h!H0dn<RP`onPWd6&Bq$p6j
z2f3o@6%X5=M3CRMxzuHX?Ejj_G$+krPga_PO;(!2JQx30-%9*n?O}F)#mde6ij|G~
z6%)7jD>gQezig5cCGP*|Ia!y%`1)TW&uc~&|5sZX_k!{&D6M5VzT)HNe#OjP>cIGl
zj}4>?<g!f?wMigXeM#bZ&BW^eY9G_}A2JU>F~`Se2afZ7Sx&E5xVc|3a)VL>(<>IJ
z-hXwUC652lcu?#DDl2$iGxPbs+QMv;^)CaG2LEM&TnTbvi37;35F5Xg6iWO_N|Zo$
zV{MilC~iS<oQ=zsw#n$O)Ob(_PRWpzSqFA2C`}&!Ve$avVvtKgt_IorSz=#iv5Wt!
zEqs5nN*usBKHKjVD>uY-e6Lu+eggRe6c2?G$u4`6L2mpE3P(2oS6f*uv;SshI@D%l
zI{eMfbZ~hEs>41Ovb<tu<$lG-{WID76)Wp1iB1W|*WW;TSp8pZW~$7#&Wd!{oe}B4
zG&|D4|JBE0rpZjN*chE&u`w$<NIEmkE_8{M0Hrvd*Nn{mueLE>|6%a}RFd=Yfl6{d
zzPb!Ys4GEX&j@uV$d@LP$A7Rq0Hu-7X*{plKyl6YHyc#qfWtDw?-esR&PpBlUNM7x
z2Z`;y3CQ8NnTcukzpP@1y3AsSe;J@q1No-d0TgziaPxolxwuf`cLK62w=mXZfJ!1*
z{sFlV6lx&Xfx^=!5u_7RZX?`=oP%(=trna=U@37k)9;LZ*~JcaS;Y?fGI6<WcOt6W
zP;(W!+x}p6TWu!OJV<G6mxar1wkWw|Gt=(Ox{P86aM)!PgI6I}CxP4u3OP_1g2JFs
zVqZoiD6cdB0hKk`ka`A`D?s4|$`hdQ+LHuQ3rYpsT>fPwg6q4Fd7v~0sUx1blsdS)
zVg%=1P;J5TiV+;2n<PLn3X08tNl7k$ll)(8<f+WE&CGPzo1N)ko1F<taizA&J+JuK
z(i}cZ)MeiPQ6TzSVlSw6%r12Rm1rOnYLlB@?E}|n%&$Ksn@H}<JT0Lk`8TW70URpX
zkdnFi)h4#R$)GZn<@M*3EiOEg;1Unq`Y<@~58RFb)f7BDp!~?g)ADLF8>oC_d%ceh
z)TT&tIsU`u0Nd-YX^aHwh*oeNv6+YG^(H3&SD<=glLTfx0rC~7o&eRmVy`zd@5}0v
zc#Tp|fc&;M0oiY2ueY%L%L4h1X)df41M*F&1CJy~HOP;D6F`34;$jCa(Q7jxZ4FSa
z0;vJ{%Qg|}Grqd)9+y%V*4KaX_GXlV+Z>>_5lCHaV$Z8BY|~zCW&_t^*?pi|45@Yi
zsR6ZJ_JC_Um@ocigM5MBhWVQa@&%}N0>u!>7fka&zNiJ2npu$c5Xd}``)!jz?g#k_
zR5#aUK;tO~Q4c`k6XcIta4QE?+wIGM`QvXUYTIRR60$%3Wq|wvNtdPIwoBiuJ!~Mm
zVR7*{2^1S3Ux3_Nn{`?O6msBJ8#E=^g3}wwHz1$XW$H+xr$~@LYT;=O<d1!sFn^$@
zOOQYICd1<6Una~SwxATA@jtuN0onb1F8K~jufG>D&IN^dr-Y~E!4!s>g)WS#LK`?<
z?_qRI<$S$`u`!kF^=8I{;C?-N-}b}9ONVDxHbp^3twH1XEFXC|Y#{x8_U%p``_0{~
z+%(-BT)uz*{!byJR`Q#)1-Qqrb&=&G4+DoHwmZKa2;2n@>d(LYfn%gV@4!XKs5fzA
z1sc$?g0J7#g2xIt6hZDH*H!a=fJOpfqYPiaH)D)4kZ(S0Ou~ZU`}e?qkkJYohVS3K
z!Q&H&KUhBcu!$%cU^)5SAfW(@XhFgTETS6{K4203kYJF>$OT#t4q6xP_=*9%Cfpzq
zv^VDacdmb29tH_q9tx>k9to*j9t%>rJRYEoi7b45Gw;qG>Hcd6lTKkvLtLH*6SzDX
z6S+Jc6S+Ja6S+JOCUSW)CUJQ>CUJQ-Cc)+=K%)fd&p5MM*QM_+`kZHD_0@lAeGp$@
zPX_Dk)i;~vCC@&H28|-HyB*kY{Rhv2>puiGT>l|5VRz>BA2J87|4?{v{fA1!t}KQX
z>>qU)SyTdlutYojV2MtVgR#)*w-*Ig8mI*R;K&L5VZ-D9>YHopt1{QtSJTu2f5^nF
zlk|VJ!L{|(2hrA77Z?J6IK(taYDlDjW?s3UTm<jJUm5>_gT?>VAJx`Zdqi7b)ugVH
z=y=7)%KD0jwe=MT>ne$WA1u+UBtZ7AlJI|3W!m~`7wct-)>peiS4nuk;$r1|#mdV4
zii^$E86^K%we{6z(biYRsViLiUh%NXI<&sxV_o3_GG&De$dnZ>{;!HmTVHKrJ?PT<
zYE$S67q3@LtlY0yS-D;@v6(u9<bSHRzS=3;`l>Q@olDOvW>(f$oUE;{cv#ng%~=OF
zXPt}xs|wTBS36igyR^RA5xUOB=@kbn*DF?5rdJ$nrp_Sw->R*zc8j*Ys!m<w()@}O
zJeL#eum)_(8n7vAT>M|vnYO;#$NI>n_0_)6H7*{n_*g|9I9~CwnL2}Hf2p><+9lfh
zsw(xhMCU7R@Jv$cD^Awe;E;I@4w=^y{;z6GTVL&Aoh8xwYES5E3BOl7tQ@acS@~Y^
zu$el8<UgslzS<<(`l={(rAzlKE>=;8)>quDE5UAA33kg$7ynnqrme3wvz~BieYH7s
zrHjuiW>&setgJk*nAuF7LGnLTTVL%EZGBady4s}+JgUP1o}F3^HfJ^1oYgM=uPRMj
zU+rYQ=hFIWXXt7d=U1GpJg-<;nO||TnL2~y|EadV+9%rjsxEbvOVcY3@K{Nx!z!>T
ztH7qLa`AsvZQA;3H|rIb)>pejSGjn;;%1d~;C#i+X6l?Gx5}md%j0!FG6GzFBv@od
zxL71sWO}$%B<{$Rkl2y<BQwF}N1{bmfr~{_MV5n0MbeHe0f`++4jaIwA9Ms3QX=bc
za6Q0YTCUry=>{sT9N=X&sH9f<gIrR-xybTShk}yY{2znH{tKYdTd>O-(aU8WtYf&E
z@N)U#AJ7;ssNB?HAh%rp`j<f?`JzGs$giOB->=`d{Xrl9CEo_*lDXwKqGYc74XUZO
z|25bRs#93VtLv0lKJqYXxPAW~{u?xpTi}rKv|#TH{Vu18F6M>je;?So^!C=5(TBn;
zKMH<~T+(De>1v$J>KUupZ!ktT3+-z)R5@JB6Iv3xujt>#dkxFk?#wRvIQ!ti%-K)c
z-1ogdHuoU^nT0$m`8qFkSGAOQ-C4OI=2pkgvY<e_8M(&{SDa91-f+A=a{p)U2glqe
zF25R>e2OhyQ&XgsYrDFIqO{(hTpeFwUW?$6Vy@KPTv=s$Cl58Y>J&{{_+tMe?=-0u
z1>N3<76;}WmwYklq6*v0YpteyUkVmv35XqBBFT|sF6UG3p}uv`29wP^GL~MeZut41
zniKswUoYcbQ-4W*^3n>CiW4myOvihE{ogm?bxy#N?~8x#`&3bQjNv0Ab0a&;1%V%o
z(w!R{*?(PR%GmUg(Qu-(;D-i#mi+-gSoFU=2gwR<1d+d=ACM|=Kk%bP0JP4HLGi$k
z28Dx(2NMn^A51!!dNAc++QD>C-6F7+#qG+E1_nkA@rx`U3mD#ifBK*0V*<nb?+^d8
zd<<ZC|NZWNmX8h$@4w&t&+^fL;r;ik|5-jNFuebM@juH)0fzVA&;D0%d;k5^e+C5s
z&|JQM`vw-byFVNnc-<zs&31Eed;k5?|3<gduFSVre&l9Y;ly$&|3ec4`-Z(QKJ+u_
zx?W&V==#CH!1a-lZRJNs2F3}6GE52v1&lKsq!}i-%L&e~a{Kdr(=P^%{EJNbN|!6;
z3S<O7Ff*}VV6Nca$*9a+5G2R&k&)s1#ZC_43rrPUI~kRj3Y@^SQ$Z7$ZYnqgrVkZ(
z$}xOoVR(I!VP>Z!g976ZMjkCU#u*Kgif#_l-@nWMVp{S3d+`5IHwG1fjrkvPS&Sce
zxdpm0t@!X=^cP4Zk45zX(`qL-j*kM2Akl5VL8AFAQV&4>jQh{#w%OHUfBuIi7QxFP
zvqJxyOKossxn$|4;r8|W*I%|Snr<NRy#E{<^FI`@fY`eK8FUz~E_Cy7gM<mFHfM3`
zbnD$P*=>fKhuhch2Y<0LK-NGod^q0V<)-NN{rkzE3@hG$|NGC+Z57<LTOJs>X}U42
z`0#z-PmsIvSaKh5ta$(Z)jxxsEGyoBfA&vfBZ&XyAINX<55(qktY-gcz{LJBfDxq2
z|98V~meuSZ9hlfZCV)lUep~DY-KxN`;?wu1KR{*{vM4-Yfa)q>WLWX}`w?)+l(2|A
zU|7Ze(E%)0@)xAGn1$;BNH@cZkKYgfQ`ngQp@@a?LH>t)7LY48{sXyb-M=q8E!^IJ
zKk$#;ZJ!e)?1V0Z{I>m{ozxB|mP>|i0d8NvhyU8-66gjJzwpn_4H9}FUf(|k9g8d6
zdOG`;edJ<bP|&VmP-0YM-pHtwEmI;VSHYwwv7b?Cj@v>f)=M%!7~gx!?EA>T|NY`Z
zC%OISB*cC&<}m0nUrdo&;KXoQXk-3|6D)!cPD(K7@LgHpx)F3!9gC7%gxmM;f<HmG
zEHPj31jnSnFHn5``KjQ>3rWWeAGYvj<jF9oY<3b!(7mi5)1Ytarh1$GLp>YYYgV3Q
zSLMs%AL{vKFK9@JePCv1yO1j*@PqMmy`0Z07L^|tw{ZwuV5xAgaDT<3(heqdWsg^s
z$$|Kw6#L;K!vh<)1j%M6=1U*;<bP;pC~)UZVANT$UnD`n4YYn1)E^OdYjCs3;B#}4
zX^dskbiBx*z@VBa)9qw)c~NYGmga4y5A`f8uNirgU5zgbeW>SGywD{n@`0I${eq_q
zXa)M7kBmHiuNV}*UtGc=d_kaM(htT1KCc)QCjDRn)10!CelQ<Mkpqb_ePm&Jdy(OR
zfSZ%VWGC*+j2i5>S=~BfePkFkc=qSYrO2^9V9@w>HUC351E?kh<&R~5B|y0f%-3>T
zDCyw#;d|x}gN-1$Re$q8^nztHBrOsk^(N>p7tpRv{}2BS_}myLOmH*EaFk(~ILpl;
z)<8q@BI7F1-5&qHJN{?Th~LjJ!ytii27?Cg6@v`NSSC%z{SGpYG7hnf8Y~w*Vm)OT
zGz=41!0urJ#aTO}!igUZ48d-oJmcW@|9jkj294}15I)C80fztIL;o{qB*8@#82*3v
z`Olyc2^TS7`2XGcKZ8a9*hUu_CQXiy4xFB#a92;1>2h_soD|!jr2-0f<`{`Zt~QrJ
zp)PyDOH%j)GYcCe)K5dg^T);690C^vDncq;UNI<40h64vS1O|AKzvYWgVF#fv?sYr
zTxQf*v7g<I@fL%I&=n78nAgjt$a%QE|Ni-p!%i!=L`e{P*MEzRAo};8{11H$5Pw@p
z8YH;LfI^7lV*uwTxNF~{x%MfQTze47wYxD~JLeCB#)gY9_a^;k&{%d6*@X$53*j!D
zgXY31RC3|}F9qu%A<A@%LBsxQ=6dun_58!2QU4`&J<Oea|3Unq^~f$QV6Xq;vp!LV
zL7~gF(e3{ixAmadSB1y^|1Y-dsT2SIzes@H+vo;yuOQsLD?c)FrpSTH(+|HvE@WBn
z<(4Q3;&1)OvC+cq=QGaNEDQz-OprEnJ7{Ha^9EKo^c*%5oWr=`Ic&mT<QxXcMa-aF
z)C|gNpp*|w^_^&`ej$}o{X{&e9#no*{D!1@5ZnHr1-MLU_?`b@E(64!$T20r0Za9r
zuBfSgp(}M#{X|#XsUGA)#ow@058^%l3rqFPka%fkU|>)@m~b$$z#Y^+d;eYfH>j<(
z_l1DN`|qN=bzgq)Zraf320E>;YXhjqBk%V9yZrA4H~&{B7+5td_A{zjU1t1X{R?!C
z<NUYI(i`4+aD8}}!NvHY;m?M54zoVIOPIx=025{U;PL}@${y%kIsXsF2IiiBz90U}
z;@0gp|E(F4{)9iE)8v%gqTT*{-~5+B$-tZ8L+gL053WBP7!Gi_$hf$6?00cf0-quB
z`}?)OtPFM+4JsTy@Guw@*d#EhGEQZf%Al;}#<Y@c#ry9nzZ^DlZOH$S%L+Q>PQwjc
zLUn_5gJh$@t%y8U@dr$+z1-MVa)R5NfBu2m7Wu3^4<u%S+D|9I?T-RhmIol-oL`bN
zITApu#$O;a>V9!;&~O8p4lx^ac5G<qReNJ&W(NrSsXYUO$N^CO*|&i~odvu$cZM6|
zbcX2+%1o=+R&uR)|NX*GQ0pa^fe)1C8%1V0x`9Nw|7z?Mn<Y9EWDhIEt?Z%?m{u#f
zae;le9O6=T?gx-oUopg`?95=7y8ki&yHgkJPOV=c6V-oNxIye-P-6VBaX;v;(GUI$
zH#E30D2Thsx-m`Up1}Ljg)9F9gD2Mm@gI!ROfwF+GiWePVEC}QiF<~F4EF?!3XYxJ
zGnPJ5)p!S5VLO3s0{aAx37iwSCNMs5_`t{@{)16oLG$MYWli1-+L|mEbT!#77-(``
z;CbNifr+7E)4S&mA6OWEJ$LxP!SMaL!v_I|FVD3!`7UZ^XeI>yVA0l0V9?^7#Bw#z
z38ap9V#B6-8Nmk(io6p!AMnofbY;E3__~pq>9sSXfhF(6dKs&VMIQ|qximjqwye<8
zWWM14;lClzL|KsQ<+U`~!RFS>KuqSD1Tu+dBIg4hG?RExOj`THf`R{Ag@a`U;|GiX
z92>=dFmm_)uwt0|!-^q8gK58IMTTaQ0_%kw4VL{D6*(Hr7Yh|Y^7S%;D_ACo|6ugq
z@==vR^MZ^8!-qo+4Dw7G4xjcl2wO0Gc-+8g!SG>6LxUW{2d_p4Iff6)jSg}k`E?Bp
z@(dqj8Xe>-FM!0)H8{wrTsR=deF3EQc*6lXh7U&?EFY>W^!{*RU{tVusF9(O5b%Q~
zTO)ya8qXZi>6Qj=|G!K9WN~AApybA&XyC^9;psnyjV;n_Q`8@V!q)~gKF6(@z@T{c
zB?F`23g!uSUotSV%oE(nv6E-krj1N&Li`I}GYJ_OUD}i^XQj1bzq%0vr^7480#43Z
zp&a`eG-TYEFEGzqEIG^R#pMN(%oC1$v|;3#!8WnciSw3&6vqVrZ|@8D{;*)+Z~%qj
zn+FUU4j*4N%>7}(!0<tYK|sUd!{Y|t8LYD!q&Q|ZNV!Nc>KyoVtAS(6^#`D^P12CM
zkfFhLAxnejLXL*ag+dLE3z83@{*=~8;GV(Ja0tfN2JsJyA9~5axC15zQB$x1m7lQU
zfkwswS%nYmOj-$-UNSIp7-=PdLV!V&=_>0CT}7@3AU8L%gLvAC%nuH*vtDJLp`gg{
zgG<0chINAA3f7q%63i16-56Fde0ch^0qoiw4c-fd8WQ`nG&nC}n$P+G6ykwDSm5Ce
z@?nMs^F>gYH*Dg5kOXBP*u?svL_=bKl?Dq~4iY=yFk{!d3R2CW2?~3S3oaiN7%DVW
zF0#%rfV$05hIJyt4=x8Ou!}U^7(U$j0rlA}(tY;zhwuYN1=b0O5byorBEb0omgZO|
z$ZYKT!RWxGz&e3<2J1`*DUO*AQfxCFq&R0fNU_g!km8!@A_a1}1G~T#1%=)p4h#%x
zoDUe41y(VvbZ}$%Q1ypF!{I|~Lz&Dnr_Z-p=kb1Y;pTcEja1T<U4WD`WpWI9pDr4J
z&G7%gz|Aoa*_^OH3>t|Sxj!;;Z+88Bn{D3RA3PgS%?ZL`4kwB^Mt>MIY~kiG&tRL$
zK9BJ=12-q!O-vIqHX~g08OcRl^Ei-v#{1{QPKbNH+=hfe{nyO3urOeF0P^wvZwYG=
zVe#cRgT`l2d1asoD);-7G}JC+Xvkj3(%`s|qoIDGP=n<{iH7opDh-|s3J*9SDVTvH
z;lfJ>Wex+51W7jmH_(|>TnRxxSh%?o7!*->o46lvWx(VdHnAY_4vK^JB>eJYb>ni=
z&&=22*w3NDdchH#x<vMKsR*dps9k-@z?h;Xu|HF*(XGpk^&*2N^R1g7891|EdvSs8
zljPVB>ap@%)W{Cl$)RI*aVjW}vm0GCP_R~O|6$Fb`{1#-hg+bVk{jcPbAOinW>8-F
znu!TivMl?^$Ze$+=f-?{?hgioK<il&jc)O;7`eEAuq!}JWxntt<D+DU)7{G)I-F3G
zS+9PGHPB$XP$p-f@FDcrM;nF}i613jCTM1NIC0$KkkUv3l|35$91a@odtZF+W6<Qg
zI`xNz0OJP{MgdKZi<#M3nVnKvS)EdRQjB^l_Uk2qRO!C_<j>;Px8cf521d~7)hz45
zarZ%id-umgey$4&*$f&U``Hv&u5j$%{V|=N@gk#wLULlp!OvU)4xj!PO>mOA$id9A
zUm=4*gYzP@!h%GQ{zMBY4YSMqpF9#d9w3WpUgrO#llUNmS?Sw%iJ$u(GHQt30-fK!
z^$(+l;B5v~1_h9<3Kt({7$`CRVAS@Kd6Y2shlN6-7SH|)r3fYd2T2(YpZ*ypewGVz
zl}btgwX2^#=l^si@XB-kPd5TDKIbY(%<Pm&OcdD3pvIuu@(^U6!-we&3fWg)GOT9M
z@Y%1Z<|cFZB@-iq5`!}1hnauOHd*cO{=ndH_9fGTvoD!evwdXb(3S7~A)vtfQIMVC
z!ExCg9~t?LZzJ?f|D$tBMv-X+<A+s$K%$Hv5`M4v$j$*$*XYK1o8g1XU(k8NAh|!^
z7ySf<>knCWMb-zLANZLVelY6#ztWW4`H_*I@wTVjm#dy~G5Z;mK;l2I9)HgJQINq>
zYNOMR{d{g_n+zC0uF${I;ly@}Wu>EpX9b7miv9eG47V5*SynYkFgz%e6Z*ku=^)qb
z^z#D0Cd);TDzAzl8Lt8c4W_Fs>&s+xWz9Af$njn|D9Kd;N`F>bpp<7}U}Zf^0(4_3
zqvofppm=up__m=yP9gc_1CYxh;lugIW`E-c21k$|bT_$wnjVnh?Cp8~hrz@NzdwG}
z-E{OLJJ+s{jQkVaWI!R59{=i80sB=aH*YrsH%qra-vfWJx$(O>xOuvP#Qa}nasB!3
z{sWYM8r(YFo?krsk||x~!70#fsA}f^A`j5@8=~m{^Ih`?$PAEPkQvV}f?R6kX6^Rp
zJKrym8+U(9<5$eS|6|4kp8c#Jxfs|K+$2QwR_qs61C^u#;Lv2$vjw@8k@3T<U+f<_
z7+I9KlsEkT{F(W6Gy8(q?hFP7ppi>1h0VV|d|-Ipz`ppkJF|gtkR0O=Cfk=6IqVqq
z7(a5b--en|@r&Vu*&jrFulm8D<n8wR`<4G7_ndmpuzx`t=wuZY@Y&HV*QYyzV%S0o
z6t7GV9OQE4>SZh|3^adU0J)v%qVA?l8I}jTKc@2Y>}OPDP*lq9lQ7$~!D+{SHaD|P
zh73|y8l6~forpEnSh3$yf#H^c!YRohIaoUIlxueSdBIYH>Eel42bmM0pc=kju1qFZ
zMt9TP9~J@(Q;j!Sxhc3Yd|>{;4=!~<eN<LAIk&4n3>p~qS~qmMiMuh~VpQY*G(p|-
zg95|ep9T(T8XWsmWW+C|YdCypY7qIz!hhgXOM{DR!>7guP`Q^P!@$mT#m#lc{ta#_
zn|8cr;qch+|AB!+Wz&m{m6?n>s<*sk43xP;Kski@7N}I>WM{gnrzjW_BqQ;fg@4EX
z6CW8^R5mSeNp#xax+*a<X~%vyx7C?uo8BcFxmmhNNPPXy@PEZ?Hii{R2On@qEOU~$
z1rq=I{p-J#nS~Myq(LUHOw33Eo6f+%&U*D#hMq!4$csz|nHPyie`qu;eE>Qg?(6qE
z|5juwNSJ|jfK>}{vNMBJD>jBW$gD^-+qA(IWc!N@ko`t(4<$jiAN;o>(?DWHBFGIH
zN%aqQeoW*SyXgO+fK%dun=1>{PZ9e!xb67J2=)EWkLmm(`~5$-a{7Nr<z#uV^P?j_
z$A1400h}u{Uu1~?V6^5A@sa_#oE5HrRiZdJT!O*ks}luom&w6gWVQ+9XOL^EP+S8F
zV@?SLhQ=QZ6PT}PD|i(2%P>FCRq`t6mq~GAP~-i`!NKu>ONn6x<A=My7-w+&VB{{7
zVVI-1iBa?OEhas-TcCJO)nM6gpuqlvk=t)4gl2zGCdahGAjZG|B+97w{T9e34hajX
z7m1))hqP#UFJ@$}%;b>B%;J!EnaLrsGK)hZGrPlS&wdUmjU@0+&gLJmv-;c^6j&a-
z$a0W*kyJ0opy0j{w5xGN#sYT+jTH%>E`rMQPkS@6a!RUv7#Q*r^BDXb{TMRy(ilAb
z+!zcPkj{bN0i6T!`}^O04A65Rm@i>H1%kyHdJ2T8UceoslNW?QCok~cP5#CD?X^SO
zD`r+9CyD*89~fB=NCbXlVC1<Z3_o|_vtyLQW(Uxz3!t6+?3X<`;$Ims#J@6S)d1^Y
z{MsPs1Uhj6e5QxvYtV@cu#+e(_7}J_C~)#}vO>;a5V!<6e*tv%0_zPP-qp^a(-*eh
zWqPpM8Du(WtQmwE6!||LF$(%&XwdA$e3=P!V|GS?yQd7h=9kN$c_rPKKm70i_@Q|J
z#~Z^AH^B@^hx<QX7|wKZyuk3mg89Jb7Sa1Zo(KwPGhgg<V^9-SReNBd&2rKGlR+eC
zcf0%p3vHH*{$Ch8{l7G@NjwnvV8JhRap^}+W+82bOZ=bq2nYXAop3qd|ASAN@&_4a
zcHI^Goj(XLUruLw;QxVvlR@qNkB-9oKWZEWz9hsud}wa~nIN;D;e!REfF|Pw28D$W
z4t!?HzW*bG@&EUk|L^}u5mZRzv}O1(<HrOA{!b?at1<+Ba|<xMKFa8wG0TZ@zg0%S
z4^so@FAU7HocJy%Wf(atCHQ|}<nqj@ObGa4%3ztn_=SOy!`UK%5#$0c{!e!l0)A+N
z?-Aed`^Q&{4C{=_jH(Q#5AsY0K6fev$?W|7>68Df0EyYG9KV@<&gS)h6)CykwTA%n
zZ>Grs&IdoUC^EmEpx`O9;rGW68-9QN0UD!r`LB>@k-@;keic-^a9mKxaQM*Rppd})
zz#_xp3j>2ig8vr=hn*QG*_p05$T4dCyk)R4Q%)g+!`Z;u;e&vK3dn67N)I^P{(qPI
zuaJ2EM}dGvh5}e8=-v>}o#Gt(8C2OW?EL-XE9=HwxeS?|zdwNOX8W&@sF30Cs#O7G
z7K4LAf`i-M7oYkSGB_L@K7jb3y9pQ={ueMXunI6d;CI;YfZu^Z<qJc?Lw*N`idsg7
zKl~5=Gc&vgpM{|y!_d$o$H35_$}n@D83TiZ1p@=8EdxV?9RmY{H-m$>4+DdOA45ZL
zGy}tdSO$iM0tN=5Dh39IT84&cGZ+}8w=*y_>}ELd;v7Rt)hz~)Jq!%L7#daxF*4{H
zGBTLuF@o%L0G~?4z+eYDpoxKjVFCEOB?bnQ5Kx`Rz@S~g23DZ~CK(vi86e`|1FaYs
z7y_W`rPe?ch)>}JGsI@Ff@u*j$-p4o06r@WY(9tuKA4DsfdOPL=sYQqJ3yx)B|z23
zGVp*|AoD>CKk#Wz3=EEIAokmU1Q{3@tQsKpfyx$;5Xd|b4Rfb*0>u4_2_Rb;800{b
z3=9mi2SBzV+%EwYhq)Kz4zLQ9FAN3@1`G{{PcjxV6f!h?_{Fq|VG{#G`()<J43`-g
zwj5y*VH9Cxc=(kylrfYMbgs!X#%YWU7lecvEau2CGB|wXZ202l;KcBO^+(_b2FC<<
zMh1rcoEJ9yYWUdUa8l;r*Oo+1R>s#C6dhPWy_z4cx^FqU`M0!faQO7UkbTD7w;bHP
zZ&|nxeC7)1aN@YgK7&Dpfthtb+YAN`CRIjNp$Ci_?6=rfFnsv*k5Pl^HiHU-D#ru%
zS+I6C`y>}B{}2C785CJoFnl=jUur&^8~;WI1&ao=op)byC^IN9C^CHb{$J<<gRbyZ
zl}(H~q8IPJWK#y+Z_^{p@Zr^e)(eb!+!ybAGJJUQ-|iyUhO?e89x~~I`uc2)j~+7W
z<=<w~<Jf=qB?lwJhue*ex>_JNYH-eAyTYImvVZ>DtK9S7UgJLfkU@j*O4v@&_!h_|
z_5VRVllgBiax;9~*Es*}Y3^MQ5wZnP*)7}*AJ;d|e|wC3^+QHI!Hb+T7&KHiv0Y)*
zS+jrs+kM>g-|pw0_YlI{%RT??F7D|ML23l9q`__S`p=-@w4Z$jgU0-~3%D6Rwl~gy
zyNSE`A;X8B|4NFC2?&*@NGexzGkh#+od0$yciuygUXT3@dOTMdJ{0{|RAfxx+5oES
z_P*ih&i}yRxc9}E*1Ip+z<m;i59$9b_A{t*UWT;0*%)CyX8X_T#;79<3SGu}uLf_1
z4_5zpE<wWD|3ic0@9(pIodubqHver^x6A{GOr_`V?|r}Kzpdy7-Bt4cd)yy}4;+6N
zd{kfqjh3DN$DmZ~{rh|EFNm!FAJCXK|ECBAhSzRVAUA=;e}A|C4KmH~jU;#A8wu|J
z->v_ETD*a8B)NZo5B%f!Mv6Q5jg<E9?~%V8-$--!zGa)u@WJ~}@Ed9E-{1Xzf%N|V
zF8iC!t;3B$!PgUFrs!`5CI1f%&cDCg{W5ZMcKiQb;19$UGq8^T-#Ngp@$vHY{{3C<
z&)JtOjG*-|rT;+gxb>2O5j2|q|NGb9cVDt7|Ns8+H%J92P5%Ba`inuy!5h>9XZW!E
z?|~1K8yJ;ry%|32{Oj;(Vgsme!|-AD-@7lFlr8r&C|G!c@c-`@elvWi`orP|N{bLT
zegya4ZoOnuzV(uY@&EVzzai#7{W<@wE;vMgf4~0|WX}KZ8-IiByY-Sm85A!6zpsR<
zJ^vHrZ;;C+{((Zxz|GO^_xEYw5dZ!C095xRux|d1HVq6a3{x1CSiG55Fnmb-w_-D+
zhWQ1j2Mqh+ch4{|G@P}rPn);k8RRY+@SQXPpdyfgf#HEY1H%OS_m;o@Iq8Aq9~@v{
zc;LXm@L)ek4j~RIus+m-NCf`ypF!d5OC|>P2Mh{~o=gxs>p{K(-D3nw>kPWG`$2s!
zP}+2SBfvfPEfY6r#)4}DC@q81al=;7?PI}j1hqlp|G#hh3sT3p7hwwn!-xG)UIQ8p
z;vNW^@(v{Lq2L#|kAZ>VM@sshJs=4vR%kSS3zBcxd|L!0ACS(r7+L<p%R8?@@*IaJ
zMS|oTHeB9;EMM@m{}o97z)}GXko=4N2R5L{Yxukb$tMVVJAvd6*eamt5BMeU0wjMR
z{+l*PenL#)a%BAqf9^g5%m4To0+N?_`E4h%{Ds4to`U2Ho*04U18%czL6#SI-}eM0
zukbl32&DgjR{Jbu`3*`%k3sSuUOWf`$!nPE?nRbo;EH(!lHc&F&k-c=ur41}KFsGK
zNdAN9*?5pVgNV!oWc?0%oj_@Y!QiJ!I7t3Mj@)Eq`3GNX?}7Ah=n9Sl$v508Uxh4x
zU~c0bkUYcxMQR}Vgz!fw;hXTY{}xC-f~yf6zaQcgP{NmC#)=yt`Gl%^SCIY-A;u{2
zo4|ki8c6=a#M2HSd52u-1<3X<`2Fn)NPfoAbKvk}u(GT}mVfY1`!Y!0p|~9!e+-i{
zDv{+K4rE>g$wz!l4hEUu;M`k-EZ=Y={ya!tLcSRse;e$b7NN+e|2YkkPx$p8tUurZ
zFS`FufaR;|O+n@#2r)(pUxqu$M?vxt*ZzaeXRu5`iJt>&bq|5$8<s?hg7iP|@Lr8#
zzZCaAkbJ;?n<$X{g3T%0P~=&zZ3oFa>^^S>l5Z$Gw*p1pXg6qPjKM*R!5Jj4af}Bw
z{Y)ud4$?27Z4J&}2cE_*Mb^*o&UrdWe!;WD;P_FP+Pf7+9(-giBr{{=f8Ccqe01Nk
zb&I+&Z-I_67IrxCTx0~dT3GfofLbjeo`&=l(9D4FLq-k$TcBBq$-fvixNb9iIP@D-
zPJw6O->`Kr^4$C4OAjNwHN!Z`MGCZv1ymES{SB&#nV>Z>8>}Yo0hv41YnnI1hpu0o
zm+rn~P-aj7)vv$4zxoH7TS$?Ei1m5?|GxbPhz+VU85Fub|9@Zq160C;>d4>UkNyDF
zQ=mHP*Y~skV0C1(N3-Xz???YNdo_Fi|33W(sK)#Ceeb_UuSW0x-}|Bbt^ex1>b?Je
zZ-?^N{;Tz>_5T089?D<(uiC5H`~UZHD1Yw1O0P=q|KIbW{HfrY2IP)k-xL2s+|UiK
zHx)Mh|9<5c$Teqog6z)q$o2g7z4jkOjrafHHxk<azkB}x&D4VA{XaN3q<Q}Op7T%1
zP1`N<0i!NRg~@FOg+$L^-xL2expljNMB+W-J%4?V{0AEE1L=$Pi1qvh+E?Jl>jpAA
z+9TBS*LP2_yA<3s-F|%+{SO+s`~O|^N03{z+yC!^a61_k0z7|xHwN3N@WB7W0S8~t
zU*EO=LEI#v?d{?1`Rltf)GkSFPY+kmU*Dy{W`o8Ze|>)r*8A`K^Zy{X{QLg+KhuW2
zZ`is)si6UU-zF%|K<<|JkoWxc{qJ9SFM02O-_L{n|LgnLzp`Gk-v7QIhw|V4mG+YM
z{`Y-9l>hXvq?e@kzwg_j{JVd}y~Mr$eP0jdU;PWZDO1Et#Cz`xhJb(H7lU#H!-xNf
zdK**+ez5<3Pjml`ABXI}Z2osfYUW}4q|+HU^WBcyA3G^@>qy}ld#{&WQ&c=J*?*6p
zK6B>GoA!Ialj=|H=k1yGU8c6)4phfipT2FsdYKX5Q?*dLnj?Ga@2QvA@jX=&6?VC7
z?=Je?-sOJm5AJm#cK@2RQyaE2xk2h>uYU{=7#Lu6^A|S<UWZo)6+9W(E-`!%`N81i
z0Xq57A;F#D1Md(24-AeSPCffM+#H+|++ivkKJYexdZwPd3%@obddjd~x%g3@F=YP<
zhXdjT?x2%V3)~sDGVB*-nC3RcO~6uP|AH4h0l#j<zjCb6*w1soV?StL&PjHS{R%&r
zv_1AS{9x2(*vr7cRB>`smy^^+nf(Gk81;WXm)H*)@nB#$xv80*?Lv^8(q+(DS2LZy
zUzC5qVI_PSw0g_&6{Di#D@MnFA1u~F@{0St9TtCNw9$FR%p>!m!T$4wlbaaiIgCL1
zg5)&zPkhD9|Ko<lentfcxdL}-C*g~nPG%RiHnzBJ`2Fbv({F)81?~(V*mwWA3~DJB
zxO0PgkBT5yOmHfE&CK)da>3S(zZ$=6{?+_dM|v^n>_JweU##DZofkR8e_(KX=D_qI
znj`*|5fk`~QdX7ypcG%`_~kMa12=;K1A}70UPi6+Hw(6k@F-jWnY8Iw)7K*(6<AUv
zw|rD!yLNdK$Q+k14h*VH4}v)2Ul}tWlPY}8#HX^~z^%|N#WC0MGuSKz22F;7y*zFk
ze}DSO^jpvsbjOE)>(<|&zA*h332oTq@QM}01NkY);T4NR!Cr$c&Kb-f7@QatrJ1F<
zofBC0GiNYpb6n(oz?^ZH-}RLXi%UW@19O6>oJ+=IrY~2O!K$1yq@0}+INS{O6u862
zwx)nj2<3d>_==e);FS+g&?_Du=1Vi3IQCC)DsUIs-|f`o1RArzufE%fV?Rip$o`p5
zAbkuBkb80xGC)06P#?C#iTz?i1_N}KN&EtnLcv~zouKyg%>RrU8Mhd9`EP^NaZ2?%
zaa~TxV9@Z{KmV-(_x!hp+%0bzxEU1+_BuMPbV|%%yOsZ0F3>^J@fAZrLW0u+2f5@7
zS4l=C){mwPNuT9|O*I%lFgPYBFkemtpAu8BmqAJNqdY&$Eu{=)kceqQLWYybg&;ZA
zj7g3MJ}NL@a-Qqp`sz}VYKH1BhHt4EtiPB)8#^l}Bxfl9V)&YxkdVRQyy+u@e?kKD
z4c?0i6$jY4t}0|W$S5QzWN7S6$Z(KJ0MB9->`ln%aDvREeY?m2x(x_iVlXg#_z$Tn
zKh#hB{pmCFZy~`0FBuFA+?_HGedY>s`1HScmJ{bi#|%zpmi-JF3>u&rx&n75g#vfy
zjA#Z(?5bXH_+;!nODaf;QA_@|sTSL9#|)599TPzNpoAYVDl&bLXP)WcDL09Y{i;)j
zpo5o#Qvy?lpfiIK(*q_jpD96bBdE^`8qX|npWwuE5f<<47iK!Kf<_a;XYX3<?{q3~
zXY^qBkg*eVv^Rr-?#lun7B|qS#FV!Tvz^~aXoLDk3?CwYvblk3D25LqKMfi9=CWO7
z(D1#&q``Wz<t;<E(?ce`9~TuL1ndN>Rx<Ja|NY2+{tF;E1_k4Xj2aRbAu@X2|G#hl
zFR>pa6L|6e_k-XbHps1@zV(rp42+<@36sL!7X>|aJ3*>6!Kd4u{>Q=~v7b@L;R8?O
z|L@DdeR;Nr5Hlsb|9|iO&wCN%zF*(p{Q{Yy`~V^+?EU|H?LY2IAUOu*U*GS8WkGg;
z*3}mDFe>qQ|Nq|dPwWO*g%YdxukUBUYW{yO2HV1@a2eXS0>|%(IR_X{%yF>xvhn`)
zeaA0Qne+d<&p(s>^WR!>&wp#h9sEW>```D*KmWgL|7COg_x%gFHR1oE!pX$@*Z29q
zAZ-pw?qA=te?#hHDQ$fZea~OtCxYby+#=n6eUJT}|ACQ7+x!1_GjL0Q^#+5IhWG#P
z;{OhOsBHk%(Z9Y|f?EbEUMk+dz8C)j(f_`?f_vq^zGs8`_JMDtxD~t<ynlU9{sp4{
zeK&>5NB?3_0@azie;{TB{{ppt0^dk;gZTfxEB=}PmT|TA1891-2h~TQ`U%1Z_c_4*
zS5Tey>B-eS&tG`k{r}&;hk;>&ji6q5;{y8t`v_;Dp8mo;_TDd+I&KeQwCCRY`PPeq
z9(z#V7E;r{1BU?2)?eQr{ep-;`V9&tNJ#wn4XXKneP{XwY6XB&#7ap}d2;A4Bt<Y^
z{QrI4KTtbT!3`9zpp?VFP~cwR&b$TG-aGu6D-bmMJ<*Bn0^>%W2a?PIuLKR)E^tFx
zBKw&X7!{Z{fNH`21|T~B10w^77T6N-gGIV>BU6TRhL8k@!5wy&{VP8*vOJau`oZGu
z{DZ}tQ~u}0H_rw3K-MOTd}QQr+Q4<8_Xh(5qY}eP&~54LKNvL_FDkf+?FFTAvAqpj
z88n!#fM)cV_A)3if%uw?7eOpW4aN&h8cY`%KCt{?+6%hPnrScS#8e&zQ3ghZFW<NP
zWSGD>g=uQ08>_<VeHv1r(@F)lwrpT#5Mf}L%s7#03PgrcNs>W9>VVq;H<k?odj+<#
zdsezg7_#})xQLm6)>UxG21<0eGrBEw`f*WUuMPtPgAW4(gWtD~z;mA%7&$T=z7#NU
zB<%m}-@pHJe!u?*hJuIh1h_zTgT2cC{}$W~pwU|JknqEQ|NnzVZaW}}0xZVxf%^x8
z2IGbQ-w*v~Pyo3CG!_aHWmEu}(Xf@t<Hz??KR`ZK;bu@^_`tA(-Oa-7%Xg)pzn?QO
zFncg&IDRQ$WK3ZAz`BEhq2n#XgMZKeJqMZe|NEN%|G%I6Zvmd6(s29#-R1uZCyD(G
VDhi+*>KXn+0mwPb{~NBB0{~pfG{yh`

diff --git a/IDE/IAR-EWARM/Projects/lib/wolfSSL-Lib.ewp b/IDE/IAR-EWARM/Projects/lib/wolfSSL-Lib.ewp
index 04c1d6840..3888c46f6 100644
--- a/IDE/IAR-EWARM/Projects/lib/wolfSSL-Lib.ewp
+++ b/IDE/IAR-EWARM/Projects/lib/wolfSSL-Lib.ewp
@@ -169,6 +169,9 @@
         <option>
           <name>CCDefines</name>
           <state>WOLFSSL_USER_SETTINGS</state>
+          <state>ewarm</state>
+          <state>PART_TM4C129XNCZAD</state>
+          <state>TARGET_IS_SNOWFLAKE_RA0</state>
         </option>
         <option>
           <name>CCPreprocFile</name>
@@ -299,6 +302,7 @@
           <name>CCIncludePath2</name>
           <state>$PROJ_DIR$\..\..\..\..</state>
           <state>$PROJ_DIR$\..\</state>
+          <state>$PROJ_DIR$\..\..\..\..\..</state>
         </option>
         <option>
           <name>CCStdIncCheck</name>
@@ -1958,6 +1962,9 @@
     <file>
       <name>$PROJ_DIR$\..\..\..\..\wolfcrypt\src\ge_operations.c</name>
     </file>
+    <file>
+      <name>$PROJ_DIR$\..\..\..\..\wolfcrypt\src\hash.c</name>
+    </file>
     <file>
       <name>$PROJ_DIR$\..\..\..\..\wolfcrypt\src\hc128.c</name>
     </file>

From 96a298018dd25de8dbf3a3df3291732af21a7ec9 Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Fri, 5 Jun 2015 09:42:10 -0700
Subject: [PATCH 112/350] simplify padcheck compare

---
 src/internal.c | 15 ++++-----------
 1 file changed, 4 insertions(+), 11 deletions(-)

diff --git a/src/internal.c b/src/internal.c
index d31ba9fcf..6cca94b45 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -6010,23 +6010,16 @@ static INLINE void CompressRounds(WOLFSSL* ssl, int rounds, const byte* dummy)
 
 
 /* check all length bytes for the pad value, return 0 on success */
-static int PadCheck(const byte* input, byte pad, int length)
+static int PadCheck(const byte* a, byte pad, int length)
 {
     int i;
-    int good = 0;
-    int bad  = 0;
+    int compareSum = 0;
 
     for (i = 0; i < length; i++) {
-        if (input[i] == pad)
-            good++;
-        else
-            bad++;
+        compareSum |= a[i] ^ pad;
     }
 
-    if (good == length)
-        return 0;
-    else
-        return 0 - bad;  /* pad check failed */
+    return compareSum;
 }
 
 

From e461bc72b8149e6ef45457c1f2319bea91d30ca7 Mon Sep 17 00:00:00 2001
From: Jacob Barthelmeh <jacob@wolfssl.com>
Date: Fri, 5 Jun 2015 15:39:37 -0600
Subject: [PATCH 113/350] curve25519 and ed25519 low memory

---
 configure.ac                      |  22 +-
 src/include.am                    |   8 +
 wolfcrypt/src/curve25519.c        |  68 +--
 wolfcrypt/src/ed25519.c           | 707 ++----------------------------
 wolfcrypt/src/fe_low_mem.c        | 596 +++++++++++++++++++++++++
 wolfcrypt/src/fe_operations.c     |  69 ++-
 wolfcrypt/src/ge_low_mem.c        | 558 +++++++++++++++++++++++
 wolfcrypt/src/ge_operations.c     | 680 +++++++++++++++++++++++++++-
 wolfcrypt/test/test.c             |  24 +-
 wolfssl/wolfcrypt/fe_operations.h |  91 +++-
 wolfssl/wolfcrypt/ge_operations.h |  27 +-
 11 files changed, 2060 insertions(+), 790 deletions(-)
 create mode 100644 wolfcrypt/src/fe_low_mem.c
 create mode 100644 wolfcrypt/src/ge_low_mem.c

diff --git a/configure.ac b/configure.ac
index f15b552c5..d2b073efc 100644
--- a/configure.ac
+++ b/configure.ac
@@ -680,6 +680,9 @@ then
 fi
 
 
+# for using memory optimization setting on both curve25519 and ed25519
+ENABLED_CURVED25519_SMALL=no
+
 # CURVE25519
 AC_ARG_ENABLE([curve25519],
     [AS_HELP_STRING([--enable-curve25519],[Enable Curve25519 (default: disabled)])],
@@ -687,10 +690,18 @@ AC_ARG_ENABLE([curve25519],
     [ ENABLED_CURVE25519=no ]
     )
 
+
+if test "$ENABLED_CURVE25519" = "small"
+then
+    AM_CFLAGS="$AM_CFLAGS -DCURVED25519_SMALL"
+    ENABLED_CURVED25519_SMALL=yes
+    ENABLED_CURVE25519=yes
+fi
+
 if test "$ENABLED_CURVE25519" = "yes"
 then
-    ENABLED_FEMATH=yes
     AM_CFLAGS="$AM_CFLAGS -DHAVE_CURVE25519"
+    ENABLED_FEMATH=yes
 fi
 
 
@@ -705,6 +716,13 @@ AC_ARG_ENABLE([ed25519],
     )
 
 
+if test "$ENABLED_ED25519" = "small"
+then
+    AM_CFLAGS="$AM_CFLAGS -DCURVED25519_SMALL"
+    ENABLED_CURVED25519_SMALL=yes
+    ENABLED_ED25519=yes
+fi
+
 if test "$ENABLED_ED25519" = "yes"
 then
     if test "$ENABLED_SHA512" = "no"
@@ -716,8 +734,8 @@ then
     AM_CFLAGS="$AM_CFLAGS -DHAVE_ED25519"
 fi
 
-
 AM_CONDITIONAL([BUILD_ED25519], [test "x$ENABLED_ED25519" = "xyes"])
+AM_CONDITIONAL([BUILD_CURVED25519_SMALL], [test "x$ENABLED_CURVED25519_SMALL" = "xyes"])
 AM_CONDITIONAL([BUILD_FEMATH],  [test "x$ENABLED_FEMATH" = "xyes"])
 AM_CONDITIONAL([BUILD_GEMATH],  [test "x$ENABLED_GEMATH" = "xyes"])
 
diff --git a/src/include.am b/src/include.am
index a89d7d472..8081e5e4c 100644
--- a/src/include.am
+++ b/src/include.am
@@ -176,12 +176,20 @@ src_libwolfssl_la_SOURCES += wolfcrypt/src/ed25519.c
 endif
 
 if BUILD_FEMATH
+if BUILD_CURVED25519_SMALL
+src_libwolfssl_la_SOURCES += wolfcrypt/src/fe_low_mem.c
+else
 src_libwolfssl_la_SOURCES += wolfcrypt/src/fe_operations.c
 endif
+endif
 
 if BUILD_GEMATH
+if BUILD_CURVED25519_SMALL
+src_libwolfssl_la_SOURCES += wolfcrypt/src/ge_low_mem.c
+else
 src_libwolfssl_la_SOURCES += wolfcrypt/src/ge_operations.c
 endif
+endif
 
 if BUILD_LIBZ
 src_libwolfssl_la_SOURCES += wolfcrypt/src/compress.c
diff --git a/wolfcrypt/src/curve25519.c b/wolfcrypt/src/curve25519.c
index 74fb53c83..b745a046c 100644
--- a/wolfcrypt/src/curve25519.c
+++ b/wolfcrypt/src/curve25519.c
@@ -46,72 +46,6 @@ const curve25519_set_type curve25519_sets[] = {
 };
 
 
-/* internal function */
-static int curve25519(unsigned char* q, unsigned char* n, unsigned char* p)
-{
-  unsigned char e[32];
-  unsigned int i;
-  fe x1;
-  fe x2;
-  fe z2;
-  fe x3;
-  fe z3;
-  fe tmp0;
-  fe tmp1;
-  int pos;
-  unsigned int swap;
-  unsigned int b;
-
-  for (i = 0;i < 32;++i) e[i] = n[i];
-  e[0] &= 248;
-  e[31] &= 127;
-  e[31] |= 64;
-
-  fe_frombytes(x1,p);
-  fe_1(x2);
-  fe_0(z2);
-  fe_copy(x3,x1);
-  fe_1(z3);
-
-  swap = 0;
-  for (pos = 254;pos >= 0;--pos) {
-    b = e[pos / 8] >> (pos & 7);
-    b &= 1;
-    swap ^= b;
-    fe_cswap(x2,x3,swap);
-    fe_cswap(z2,z3,swap);
-    swap = b;
-
-    /* montgomery */
-	fe_sub(tmp0,x3,z3);
-	fe_sub(tmp1,x2,z2);
-	fe_add(x2,x2,z2);
-	fe_add(z2,x3,z3);
-	fe_mul(z3,tmp0,x2);
-	fe_mul(z2,z2,tmp1);
-	fe_sq(tmp0,tmp1);
-	fe_sq(tmp1,x2);
-	fe_add(x3,z3,z2);
-	fe_sub(z2,z3,z2);
-	fe_mul(x2,tmp1,tmp0);
-	fe_sub(tmp1,tmp1,tmp0);
-	fe_sq(z2,z2);
-	fe_mul121666(z3,tmp1);
-	fe_sq(x3,x3);
-	fe_add(tmp0,tmp0,z3);
-	fe_mul(z3,x1,z2);
-	fe_mul(z2,tmp1,tmp0);
-  }
-  fe_cswap(x2,x3,swap);
-  fe_cswap(z2,z3,swap);
-
-  fe_invert(z2,z2);
-  fe_mul(x2,x2,z2);
-  fe_tobytes(q,x2);
-
-  return 0;
-}
-
 
 int wc_curve25519_make_key(RNG* rng, int keysize, curve25519_key* key)
 {
@@ -138,7 +72,7 @@ int wc_curve25519_make_key(RNG* rng, int keysize, curve25519_key* key)
   key->k.point[31] &= 127;
   key->k.point[31] |= 64;
 
-  /*compute public key*/
+  /* compute public key */
   ret = curve25519(p, key->k.point, basepoint);
 
   /* store keys in big endian format */
diff --git a/wolfcrypt/src/ed25519.c b/wolfcrypt/src/ed25519.c
index 54dc25b97..ba0dcbe53 100644
--- a/wolfcrypt/src/ed25519.c
+++ b/wolfcrypt/src/ed25519.c
@@ -39,636 +39,6 @@
 #endif
 
 
-void sc_reduce(byte* s);
-void sc_muladd(byte* s, const byte* a, const byte* b, const byte* c);
-
-/*
-Input:
-  s[0]+256*s[1]+...+256^63*s[63] = s
-
-Output:
-  s[0]+256*s[1]+...+256^31*s[31] = s mod l
-  where l = 2^252 + 27742317777372353535851937790883648493.
-  Overwrites s in place.
-*/
-
-void sc_reduce(byte* s)
-{
-  int64_t s0 = 2097151 & load_3(s);
-  int64_t s1 = 2097151 & (load_4(s + 2) >> 5);
-  int64_t s2 = 2097151 & (load_3(s + 5) >> 2);
-  int64_t s3 = 2097151 & (load_4(s + 7) >> 7);
-  int64_t s4 = 2097151 & (load_4(s + 10) >> 4);
-  int64_t s5 = 2097151 & (load_3(s + 13) >> 1);
-  int64_t s6 = 2097151 & (load_4(s + 15) >> 6);
-  int64_t s7 = 2097151 & (load_3(s + 18) >> 3);
-  int64_t s8 = 2097151 & load_3(s + 21);
-  int64_t s9 = 2097151 & (load_4(s + 23) >> 5);
-  int64_t s10 = 2097151 & (load_3(s + 26) >> 2);
-  int64_t s11 = 2097151 & (load_4(s + 28) >> 7);
-  int64_t s12 = 2097151 & (load_4(s + 31) >> 4);
-  int64_t s13 = 2097151 & (load_3(s + 34) >> 1);
-  int64_t s14 = 2097151 & (load_4(s + 36) >> 6);
-  int64_t s15 = 2097151 & (load_3(s + 39) >> 3);
-  int64_t s16 = 2097151 & load_3(s + 42);
-  int64_t s17 = 2097151 & (load_4(s + 44) >> 5);
-  int64_t s18 = 2097151 & (load_3(s + 47) >> 2);
-  int64_t s19 = 2097151 & (load_4(s + 49) >> 7);
-  int64_t s20 = 2097151 & (load_4(s + 52) >> 4);
-  int64_t s21 = 2097151 & (load_3(s + 55) >> 1);
-  int64_t s22 = 2097151 & (load_4(s + 57) >> 6);
-  int64_t s23 = (load_4(s + 60) >> 3);
-  int64_t carry0;
-  int64_t carry1;
-  int64_t carry2;
-  int64_t carry3;
-  int64_t carry4;
-  int64_t carry5;
-  int64_t carry6;
-  int64_t carry7;
-  int64_t carry8;
-  int64_t carry9;
-  int64_t carry10;
-  int64_t carry11;
-  int64_t carry12;
-  int64_t carry13;
-  int64_t carry14;
-  int64_t carry15;
-  int64_t carry16;
-
-  s11 += s23 * 666643;
-  s12 += s23 * 470296;
-  s13 += s23 * 654183;
-  s14 -= s23 * 997805;
-  s15 += s23 * 136657;
-  s16 -= s23 * 683901;
-  s23 = 0;
-
-  s10 += s22 * 666643;
-  s11 += s22 * 470296;
-  s12 += s22 * 654183;
-  s13 -= s22 * 997805;
-  s14 += s22 * 136657;
-  s15 -= s22 * 683901;
-  s22 = 0;
-
-  s9 += s21 * 666643;
-  s10 += s21 * 470296;
-  s11 += s21 * 654183;
-  s12 -= s21 * 997805;
-  s13 += s21 * 136657;
-  s14 -= s21 * 683901;
-  s21 = 0;
-
-  s8 += s20 * 666643;
-  s9 += s20 * 470296;
-  s10 += s20 * 654183;
-  s11 -= s20 * 997805;
-  s12 += s20 * 136657;
-  s13 -= s20 * 683901;
-  s20 = 0;
-
-  s7 += s19 * 666643;
-  s8 += s19 * 470296;
-  s9 += s19 * 654183;
-  s10 -= s19 * 997805;
-  s11 += s19 * 136657;
-  s12 -= s19 * 683901;
-  s19 = 0;
-
-  s6 += s18 * 666643;
-  s7 += s18 * 470296;
-  s8 += s18 * 654183;
-  s9 -= s18 * 997805;
-  s10 += s18 * 136657;
-  s11 -= s18 * 683901;
-  s18 = 0;
-
-  carry6 = (s6 + (1<<20)) >> 21; s7 += carry6; s6 -= carry6 << 21;
-  carry8 = (s8 + (1<<20)) >> 21; s9 += carry8; s8 -= carry8 << 21;
-  carry10 = (s10 + (1<<20)) >> 21; s11 += carry10; s10 -= carry10 << 21;
-  carry12 = (s12 + (1<<20)) >> 21; s13 += carry12; s12 -= carry12 << 21;
-  carry14 = (s14 + (1<<20)) >> 21; s15 += carry14; s14 -= carry14 << 21;
-  carry16 = (s16 + (1<<20)) >> 21; s17 += carry16; s16 -= carry16 << 21;
-
-  carry7 = (s7 + (1<<20)) >> 21; s8 += carry7; s7 -= carry7 << 21;
-  carry9 = (s9 + (1<<20)) >> 21; s10 += carry9; s9 -= carry9 << 21;
-  carry11 = (s11 + (1<<20)) >> 21; s12 += carry11; s11 -= carry11 << 21;
-  carry13 = (s13 + (1<<20)) >> 21; s14 += carry13; s13 -= carry13 << 21;
-  carry15 = (s15 + (1<<20)) >> 21; s16 += carry15; s15 -= carry15 << 21;
-
-  s5 += s17 * 666643;
-  s6 += s17 * 470296;
-  s7 += s17 * 654183;
-  s8 -= s17 * 997805;
-  s9 += s17 * 136657;
-  s10 -= s17 * 683901;
-  s17 = 0;
-
-  s4 += s16 * 666643;
-  s5 += s16 * 470296;
-  s6 += s16 * 654183;
-  s7 -= s16 * 997805;
-  s8 += s16 * 136657;
-  s9 -= s16 * 683901;
-  s16 = 0;
-
-  s3 += s15 * 666643;
-  s4 += s15 * 470296;
-  s5 += s15 * 654183;
-  s6 -= s15 * 997805;
-  s7 += s15 * 136657;
-  s8 -= s15 * 683901;
-  s15 = 0;
-
-  s2 += s14 * 666643;
-  s3 += s14 * 470296;
-  s4 += s14 * 654183;
-  s5 -= s14 * 997805;
-  s6 += s14 * 136657;
-  s7 -= s14 * 683901;
-  s14 = 0;
-
-  s1 += s13 * 666643;
-  s2 += s13 * 470296;
-  s3 += s13 * 654183;
-  s4 -= s13 * 997805;
-  s5 += s13 * 136657;
-  s6 -= s13 * 683901;
-  s13 = 0;
-
-  s0 += s12 * 666643;
-  s1 += s12 * 470296;
-  s2 += s12 * 654183;
-  s3 -= s12 * 997805;
-  s4 += s12 * 136657;
-  s5 -= s12 * 683901;
-  s12 = 0;
-
-  carry0 = (s0 + (1<<20)) >> 21; s1 += carry0; s0 -= carry0 << 21;
-  carry2 = (s2 + (1<<20)) >> 21; s3 += carry2; s2 -= carry2 << 21;
-  carry4 = (s4 + (1<<20)) >> 21; s5 += carry4; s4 -= carry4 << 21;
-  carry6 = (s6 + (1<<20)) >> 21; s7 += carry6; s6 -= carry6 << 21;
-  carry8 = (s8 + (1<<20)) >> 21; s9 += carry8; s8 -= carry8 << 21;
-  carry10 = (s10 + (1<<20)) >> 21; s11 += carry10; s10 -= carry10 << 21;
-
-  carry1 = (s1 + (1<<20)) >> 21; s2 += carry1; s1 -= carry1 << 21;
-  carry3 = (s3 + (1<<20)) >> 21; s4 += carry3; s3 -= carry3 << 21;
-  carry5 = (s5 + (1<<20)) >> 21; s6 += carry5; s5 -= carry5 << 21;
-  carry7 = (s7 + (1<<20)) >> 21; s8 += carry7; s7 -= carry7 << 21;
-  carry9 = (s9 + (1<<20)) >> 21; s10 += carry9; s9 -= carry9 << 21;
-  carry11 = (s11 + (1<<20)) >> 21; s12 += carry11; s11 -= carry11 << 21;
-
-  s0 += s12 * 666643;
-  s1 += s12 * 470296;
-  s2 += s12 * 654183;
-  s3 -= s12 * 997805;
-  s4 += s12 * 136657;
-  s5 -= s12 * 683901;
-  s12 = 0;
-
-  carry0 = s0 >> 21; s1 += carry0; s0 -= carry0 << 21;
-  carry1 = s1 >> 21; s2 += carry1; s1 -= carry1 << 21;
-  carry2 = s2 >> 21; s3 += carry2; s2 -= carry2 << 21;
-  carry3 = s3 >> 21; s4 += carry3; s3 -= carry3 << 21;
-  carry4 = s4 >> 21; s5 += carry4; s4 -= carry4 << 21;
-  carry5 = s5 >> 21; s6 += carry5; s5 -= carry5 << 21;
-  carry6 = s6 >> 21; s7 += carry6; s6 -= carry6 << 21;
-  carry7 = s7 >> 21; s8 += carry7; s7 -= carry7 << 21;
-  carry8 = s8 >> 21; s9 += carry8; s8 -= carry8 << 21;
-  carry9 = s9 >> 21; s10 += carry9; s9 -= carry9 << 21;
-  carry10 = s10 >> 21; s11 += carry10; s10 -= carry10 << 21;
-  carry11 = s11 >> 21; s12 += carry11; s11 -= carry11 << 21;
-
-  s0 += s12 * 666643;
-  s1 += s12 * 470296;
-  s2 += s12 * 654183;
-  s3 -= s12 * 997805;
-  s4 += s12 * 136657;
-  s5 -= s12 * 683901;
-  s12 = 0;
-
-  carry0 = s0 >> 21; s1 += carry0; s0 -= carry0 << 21;
-  carry1 = s1 >> 21; s2 += carry1; s1 -= carry1 << 21;
-  carry2 = s2 >> 21; s3 += carry2; s2 -= carry2 << 21;
-  carry3 = s3 >> 21; s4 += carry3; s3 -= carry3 << 21;
-  carry4 = s4 >> 21; s5 += carry4; s4 -= carry4 << 21;
-  carry5 = s5 >> 21; s6 += carry5; s5 -= carry5 << 21;
-  carry6 = s6 >> 21; s7 += carry6; s6 -= carry6 << 21;
-  carry7 = s7 >> 21; s8 += carry7; s7 -= carry7 << 21;
-  carry8 = s8 >> 21; s9 += carry8; s8 -= carry8 << 21;
-  carry9 = s9 >> 21; s10 += carry9; s9 -= carry9 << 21;
-  carry10 = s10 >> 21; s11 += carry10; s10 -= carry10 << 21;
-
-  s[0] = s0 >> 0;
-  s[1] = s0 >> 8;
-  s[2] = (s0 >> 16) | (s1 << 5);
-  s[3] = s1 >> 3;
-  s[4] = s1 >> 11;
-  s[5] = (s1 >> 19) | (s2 << 2);
-  s[6] = s2 >> 6;
-  s[7] = (s2 >> 14) | (s3 << 7);
-  s[8] = s3 >> 1;
-  s[9] = s3 >> 9;
-  s[10] = (s3 >> 17) | (s4 << 4);
-  s[11] = s4 >> 4;
-  s[12] = s4 >> 12;
-  s[13] = (s4 >> 20) | (s5 << 1);
-  s[14] = s5 >> 7;
-  s[15] = (s5 >> 15) | (s6 << 6);
-  s[16] = s6 >> 2;
-  s[17] = s6 >> 10;
-  s[18] = (s6 >> 18) | (s7 << 3);
-  s[19] = s7 >> 5;
-  s[20] = s7 >> 13;
-  s[21] = s8 >> 0;
-  s[22] = s8 >> 8;
-  s[23] = (s8 >> 16) | (s9 << 5);
-  s[24] = s9 >> 3;
-  s[25] = s9 >> 11;
-  s[26] = (s9 >> 19) | (s10 << 2);
-  s[27] = s10 >> 6;
-  s[28] = (s10 >> 14) | (s11 << 7);
-  s[29] = s11 >> 1;
-  s[30] = s11 >> 9;
-  s[31] = s11 >> 17;
-
-  /* hush warnings after setting values to 0 */
-  (void)s12;
-  (void)s13;
-  (void)s14;
-  (void)s15;
-  (void)s16;
-  (void)s17;
-  (void)s18;
-  (void)s19;
-  (void)s20;
-  (void)s21;
-  (void)s22;
-  (void)s23;
-}
-
-
-/*
-Input:
-  a[0]+256*a[1]+...+256^31*a[31] = a
-  b[0]+256*b[1]+...+256^31*b[31] = b
-  c[0]+256*c[1]+...+256^31*c[31] = c
-
-Output:
-  s[0]+256*s[1]+...+256^31*s[31] = (ab+c) mod l
-  where l = 2^252 + 27742317777372353535851937790883648493.
-*/
-
-void sc_muladd(byte* s, const byte* a, const byte* b, const byte* c)
-{
-  int64_t a0 = 2097151 & load_3(a);
-  int64_t a1 = 2097151 & (load_4(a + 2) >> 5);
-  int64_t a2 = 2097151 & (load_3(a + 5) >> 2);
-  int64_t a3 = 2097151 & (load_4(a + 7) >> 7);
-  int64_t a4 = 2097151 & (load_4(a + 10) >> 4);
-  int64_t a5 = 2097151 & (load_3(a + 13) >> 1);
-  int64_t a6 = 2097151 & (load_4(a + 15) >> 6);
-  int64_t a7 = 2097151 & (load_3(a + 18) >> 3);
-  int64_t a8 = 2097151 & load_3(a + 21);
-  int64_t a9 = 2097151 & (load_4(a + 23) >> 5);
-  int64_t a10 = 2097151 & (load_3(a + 26) >> 2);
-  int64_t a11 = (load_4(a + 28) >> 7);
-  int64_t b0 = 2097151 & load_3(b);
-  int64_t b1 = 2097151 & (load_4(b + 2) >> 5);
-  int64_t b2 = 2097151 & (load_3(b + 5) >> 2);
-  int64_t b3 = 2097151 & (load_4(b + 7) >> 7);
-  int64_t b4 = 2097151 & (load_4(b + 10) >> 4);
-  int64_t b5 = 2097151 & (load_3(b + 13) >> 1);
-  int64_t b6 = 2097151 & (load_4(b + 15) >> 6);
-  int64_t b7 = 2097151 & (load_3(b + 18) >> 3);
-  int64_t b8 = 2097151 & load_3(b + 21);
-  int64_t b9 = 2097151 & (load_4(b + 23) >> 5);
-  int64_t b10 = 2097151 & (load_3(b + 26) >> 2);
-  int64_t b11 = (load_4(b + 28) >> 7);
-  int64_t c0 = 2097151 & load_3(c);
-  int64_t c1 = 2097151 & (load_4(c + 2) >> 5);
-  int64_t c2 = 2097151 & (load_3(c + 5) >> 2);
-  int64_t c3 = 2097151 & (load_4(c + 7) >> 7);
-  int64_t c4 = 2097151 & (load_4(c + 10) >> 4);
-  int64_t c5 = 2097151 & (load_3(c + 13) >> 1);
-  int64_t c6 = 2097151 & (load_4(c + 15) >> 6);
-  int64_t c7 = 2097151 & (load_3(c + 18) >> 3);
-  int64_t c8 = 2097151 & load_3(c + 21);
-  int64_t c9 = 2097151 & (load_4(c + 23) >> 5);
-  int64_t c10 = 2097151 & (load_3(c + 26) >> 2);
-  int64_t c11 = (load_4(c + 28) >> 7);
-  int64_t s0;
-  int64_t s1;
-  int64_t s2;
-  int64_t s3;
-  int64_t s4;
-  int64_t s5;
-  int64_t s6;
-  int64_t s7;
-  int64_t s8;
-  int64_t s9;
-  int64_t s10;
-  int64_t s11;
-  int64_t s12;
-  int64_t s13;
-  int64_t s14;
-  int64_t s15;
-  int64_t s16;
-  int64_t s17;
-  int64_t s18;
-  int64_t s19;
-  int64_t s20;
-  int64_t s21;
-  int64_t s22;
-  int64_t s23;
-  int64_t carry0;
-  int64_t carry1;
-  int64_t carry2;
-  int64_t carry3;
-  int64_t carry4;
-  int64_t carry5;
-  int64_t carry6;
-  int64_t carry7;
-  int64_t carry8;
-  int64_t carry9;
-  int64_t carry10;
-  int64_t carry11;
-  int64_t carry12;
-  int64_t carry13;
-  int64_t carry14;
-  int64_t carry15;
-  int64_t carry16;
-  int64_t carry17;
-  int64_t carry18;
-  int64_t carry19;
-  int64_t carry20;
-  int64_t carry21;
-  int64_t carry22;
-
-  s0 = c0 + a0*b0;
-  s1 = c1 + a0*b1 + a1*b0;
-  s2 = c2 + a0*b2 + a1*b1 + a2*b0;
-  s3 = c3 + a0*b3 + a1*b2 + a2*b1 + a3*b0;
-  s4 = c4 + a0*b4 + a1*b3 + a2*b2 + a3*b1 + a4*b0;
-  s5 = c5 + a0*b5 + a1*b4 + a2*b3 + a3*b2 + a4*b1 + a5*b0;
-  s6 = c6 + a0*b6 + a1*b5 + a2*b4 + a3*b3 + a4*b2 + a5*b1 + a6*b0;
-  s7 = c7 + a0*b7 + a1*b6 + a2*b5 + a3*b4 + a4*b3 + a5*b2 + a6*b1 + a7*b0;
-  s8 = c8 + a0*b8 + a1*b7 + a2*b6 + a3*b5 + a4*b4 + a5*b3 + a6*b2 + a7*b1 + a8*b0;
-  s9 = c9 + a0*b9 + a1*b8 + a2*b7 + a3*b6 + a4*b5 + a5*b4 + a6*b3 + a7*b2 + a8*b1 + a9*b0;
-  s10 = c10 + a0*b10 + a1*b9 + a2*b8 + a3*b7 + a4*b6 + a5*b5 + a6*b4 + a7*b3 + a8*b2 + a9*b1 + a10*b0;
-  s11 = c11 + a0*b11 + a1*b10 + a2*b9 + a3*b8 + a4*b7 + a5*b6 + a6*b5 + a7*b4 + a8*b3 + a9*b2 + a10*b1 + a11*b0;
-  s12 = a1*b11 + a2*b10 + a3*b9 + a4*b8 + a5*b7 + a6*b6 + a7*b5 + a8*b4 + a9*b3 + a10*b2 + a11*b1;
-  s13 = a2*b11 + a3*b10 + a4*b9 + a5*b8 + a6*b7 + a7*b6 + a8*b5 + a9*b4 + a10*b3 + a11*b2;
-  s14 = a3*b11 + a4*b10 + a5*b9 + a6*b8 + a7*b7 + a8*b6 + a9*b5 + a10*b4 + a11*b3;
-  s15 = a4*b11 + a5*b10 + a6*b9 + a7*b8 + a8*b7 + a9*b6 + a10*b5 + a11*b4;
-  s16 = a5*b11 + a6*b10 + a7*b9 + a8*b8 + a9*b7 + a10*b6 + a11*b5;
-  s17 = a6*b11 + a7*b10 + a8*b9 + a9*b8 + a10*b7 + a11*b6;
-  s18 = a7*b11 + a8*b10 + a9*b9 + a10*b8 + a11*b7;
-  s19 = a8*b11 + a9*b10 + a10*b9 + a11*b8;
-  s20 = a9*b11 + a10*b10 + a11*b9;
-  s21 = a10*b11 + a11*b10;
-  s22 = a11*b11;
-  s23 = 0;
-
-  carry0 = (s0 + (1<<20)) >> 21; s1 += carry0; s0 -= carry0 << 21;
-  carry2 = (s2 + (1<<20)) >> 21; s3 += carry2; s2 -= carry2 << 21;
-  carry4 = (s4 + (1<<20)) >> 21; s5 += carry4; s4 -= carry4 << 21;
-  carry6 = (s6 + (1<<20)) >> 21; s7 += carry6; s6 -= carry6 << 21;
-  carry8 = (s8 + (1<<20)) >> 21; s9 += carry8; s8 -= carry8 << 21;
-  carry10 = (s10 + (1<<20)) >> 21; s11 += carry10; s10 -= carry10 << 21;
-  carry12 = (s12 + (1<<20)) >> 21; s13 += carry12; s12 -= carry12 << 21;
-  carry14 = (s14 + (1<<20)) >> 21; s15 += carry14; s14 -= carry14 << 21;
-  carry16 = (s16 + (1<<20)) >> 21; s17 += carry16; s16 -= carry16 << 21;
-  carry18 = (s18 + (1<<20)) >> 21; s19 += carry18; s18 -= carry18 << 21;
-  carry20 = (s20 + (1<<20)) >> 21; s21 += carry20; s20 -= carry20 << 21;
-  carry22 = (s22 + (1<<20)) >> 21; s23 += carry22; s22 -= carry22 << 21;
-
-  carry1 = (s1 + (1<<20)) >> 21; s2 += carry1; s1 -= carry1 << 21;
-  carry3 = (s3 + (1<<20)) >> 21; s4 += carry3; s3 -= carry3 << 21;
-  carry5 = (s5 + (1<<20)) >> 21; s6 += carry5; s5 -= carry5 << 21;
-  carry7 = (s7 + (1<<20)) >> 21; s8 += carry7; s7 -= carry7 << 21;
-  carry9 = (s9 + (1<<20)) >> 21; s10 += carry9; s9 -= carry9 << 21;
-  carry11 = (s11 + (1<<20)) >> 21; s12 += carry11; s11 -= carry11 << 21;
-  carry13 = (s13 + (1<<20)) >> 21; s14 += carry13; s13 -= carry13 << 21;
-  carry15 = (s15 + (1<<20)) >> 21; s16 += carry15; s15 -= carry15 << 21;
-  carry17 = (s17 + (1<<20)) >> 21; s18 += carry17; s17 -= carry17 << 21;
-  carry19 = (s19 + (1<<20)) >> 21; s20 += carry19; s19 -= carry19 << 21;
-  carry21 = (s21 + (1<<20)) >> 21; s22 += carry21; s21 -= carry21 << 21;
-
-  s11 += s23 * 666643;
-  s12 += s23 * 470296;
-  s13 += s23 * 654183;
-  s14 -= s23 * 997805;
-  s15 += s23 * 136657;
-  s16 -= s23 * 683901;
-  s23 = 0;
-
-  s10 += s22 * 666643;
-  s11 += s22 * 470296;
-  s12 += s22 * 654183;
-  s13 -= s22 * 997805;
-  s14 += s22 * 136657;
-  s15 -= s22 * 683901;
-  s22 = 0;
-
-  s9 += s21 * 666643;
-  s10 += s21 * 470296;
-  s11 += s21 * 654183;
-  s12 -= s21 * 997805;
-  s13 += s21 * 136657;
-  s14 -= s21 * 683901;
-  s21 = 0;
-
-  s8 += s20 * 666643;
-  s9 += s20 * 470296;
-  s10 += s20 * 654183;
-  s11 -= s20 * 997805;
-  s12 += s20 * 136657;
-  s13 -= s20 * 683901;
-  s20 = 0;
-
-  s7 += s19 * 666643;
-  s8 += s19 * 470296;
-  s9 += s19 * 654183;
-  s10 -= s19 * 997805;
-  s11 += s19 * 136657;
-  s12 -= s19 * 683901;
-  s19 = 0;
-
-  s6 += s18 * 666643;
-  s7 += s18 * 470296;
-  s8 += s18 * 654183;
-  s9 -= s18 * 997805;
-  s10 += s18 * 136657;
-  s11 -= s18 * 683901;
-  s18 = 0;
-
-  carry6 = (s6 + (1<<20)) >> 21; s7 += carry6; s6 -= carry6 << 21;
-  carry8 = (s8 + (1<<20)) >> 21; s9 += carry8; s8 -= carry8 << 21;
-  carry10 = (s10 + (1<<20)) >> 21; s11 += carry10; s10 -= carry10 << 21;
-  carry12 = (s12 + (1<<20)) >> 21; s13 += carry12; s12 -= carry12 << 21;
-  carry14 = (s14 + (1<<20)) >> 21; s15 += carry14; s14 -= carry14 << 21;
-  carry16 = (s16 + (1<<20)) >> 21; s17 += carry16; s16 -= carry16 << 21;
-
-  carry7 = (s7 + (1<<20)) >> 21; s8 += carry7; s7 -= carry7 << 21;
-  carry9 = (s9 + (1<<20)) >> 21; s10 += carry9; s9 -= carry9 << 21;
-  carry11 = (s11 + (1<<20)) >> 21; s12 += carry11; s11 -= carry11 << 21;
-  carry13 = (s13 + (1<<20)) >> 21; s14 += carry13; s13 -= carry13 << 21;
-  carry15 = (s15 + (1<<20)) >> 21; s16 += carry15; s15 -= carry15 << 21;
-
-  s5 += s17 * 666643;
-  s6 += s17 * 470296;
-  s7 += s17 * 654183;
-  s8 -= s17 * 997805;
-  s9 += s17 * 136657;
-  s10 -= s17 * 683901;
-  s17 = 0;
-
-  s4 += s16 * 666643;
-  s5 += s16 * 470296;
-  s6 += s16 * 654183;
-  s7 -= s16 * 997805;
-  s8 += s16 * 136657;
-  s9 -= s16 * 683901;
-  s16 = 0;
-
-  s3 += s15 * 666643;
-  s4 += s15 * 470296;
-  s5 += s15 * 654183;
-  s6 -= s15 * 997805;
-  s7 += s15 * 136657;
-  s8 -= s15 * 683901;
-  s15 = 0;
-
-  s2 += s14 * 666643;
-  s3 += s14 * 470296;
-  s4 += s14 * 654183;
-  s5 -= s14 * 997805;
-  s6 += s14 * 136657;
-  s7 -= s14 * 683901;
-  s14 = 0;
-
-  s1 += s13 * 666643;
-  s2 += s13 * 470296;
-  s3 += s13 * 654183;
-  s4 -= s13 * 997805;
-  s5 += s13 * 136657;
-  s6 -= s13 * 683901;
-  s13 = 0;
-
-  s0 += s12 * 666643;
-  s1 += s12 * 470296;
-  s2 += s12 * 654183;
-  s3 -= s12 * 997805;
-  s4 += s12 * 136657;
-  s5 -= s12 * 683901;
-  s12 = 0;
-
-  carry0 = (s0 + (1<<20)) >> 21; s1 += carry0; s0 -= carry0 << 21;
-  carry2 = (s2 + (1<<20)) >> 21; s3 += carry2; s2 -= carry2 << 21;
-  carry4 = (s4 + (1<<20)) >> 21; s5 += carry4; s4 -= carry4 << 21;
-  carry6 = (s6 + (1<<20)) >> 21; s7 += carry6; s6 -= carry6 << 21;
-  carry8 = (s8 + (1<<20)) >> 21; s9 += carry8; s8 -= carry8 << 21;
-  carry10 = (s10 + (1<<20)) >> 21; s11 += carry10; s10 -= carry10 << 21;
-
-  carry1 = (s1 + (1<<20)) >> 21; s2 += carry1; s1 -= carry1 << 21;
-  carry3 = (s3 + (1<<20)) >> 21; s4 += carry3; s3 -= carry3 << 21;
-  carry5 = (s5 + (1<<20)) >> 21; s6 += carry5; s5 -= carry5 << 21;
-  carry7 = (s7 + (1<<20)) >> 21; s8 += carry7; s7 -= carry7 << 21;
-  carry9 = (s9 + (1<<20)) >> 21; s10 += carry9; s9 -= carry9 << 21;
-  carry11 = (s11 + (1<<20)) >> 21; s12 += carry11; s11 -= carry11 << 21;
-
-  s0 += s12 * 666643;
-  s1 += s12 * 470296;
-  s2 += s12 * 654183;
-  s3 -= s12 * 997805;
-  s4 += s12 * 136657;
-  s5 -= s12 * 683901;
-  s12 = 0;
-
-  carry0 = s0 >> 21; s1 += carry0; s0 -= carry0 << 21;
-  carry1 = s1 >> 21; s2 += carry1; s1 -= carry1 << 21;
-  carry2 = s2 >> 21; s3 += carry2; s2 -= carry2 << 21;
-  carry3 = s3 >> 21; s4 += carry3; s3 -= carry3 << 21;
-  carry4 = s4 >> 21; s5 += carry4; s4 -= carry4 << 21;
-  carry5 = s5 >> 21; s6 += carry5; s5 -= carry5 << 21;
-  carry6 = s6 >> 21; s7 += carry6; s6 -= carry6 << 21;
-  carry7 = s7 >> 21; s8 += carry7; s7 -= carry7 << 21;
-  carry8 = s8 >> 21; s9 += carry8; s8 -= carry8 << 21;
-  carry9 = s9 >> 21; s10 += carry9; s9 -= carry9 << 21;
-  carry10 = s10 >> 21; s11 += carry10; s10 -= carry10 << 21;
-  carry11 = s11 >> 21; s12 += carry11; s11 -= carry11 << 21;
-
-  s0 += s12 * 666643;
-  s1 += s12 * 470296;
-  s2 += s12 * 654183;
-  s3 -= s12 * 997805;
-  s4 += s12 * 136657;
-  s5 -= s12 * 683901;
-  s12 = 0;
-
-  carry0 = s0 >> 21; s1 += carry0; s0 -= carry0 << 21;
-  carry1 = s1 >> 21; s2 += carry1; s1 -= carry1 << 21;
-  carry2 = s2 >> 21; s3 += carry2; s2 -= carry2 << 21;
-  carry3 = s3 >> 21; s4 += carry3; s3 -= carry3 << 21;
-  carry4 = s4 >> 21; s5 += carry4; s4 -= carry4 << 21;
-  carry5 = s5 >> 21; s6 += carry5; s5 -= carry5 << 21;
-  carry6 = s6 >> 21; s7 += carry6; s6 -= carry6 << 21;
-  carry7 = s7 >> 21; s8 += carry7; s7 -= carry7 << 21;
-  carry8 = s8 >> 21; s9 += carry8; s8 -= carry8 << 21;
-  carry9 = s9 >> 21; s10 += carry9; s9 -= carry9 << 21;
-  carry10 = s10 >> 21; s11 += carry10; s10 -= carry10 << 21;
-
-  s[0] = s0 >> 0;
-  s[1] = s0 >> 8;
-  s[2] = (s0 >> 16) | (s1 << 5);
-  s[3] = s1 >> 3;
-  s[4] = s1 >> 11;
-  s[5] = (s1 >> 19) | (s2 << 2);
-  s[6] = s2 >> 6;
-  s[7] = (s2 >> 14) | (s3 << 7);
-  s[8] = s3 >> 1;
-  s[9] = s3 >> 9;
-  s[10] = (s3 >> 17) | (s4 << 4);
-  s[11] = s4 >> 4;
-  s[12] = s4 >> 12;
-  s[13] = (s4 >> 20) | (s5 << 1);
-  s[14] = s5 >> 7;
-  s[15] = (s5 >> 15) | (s6 << 6);
-  s[16] = s6 >> 2;
-  s[17] = s6 >> 10;
-  s[18] = (s6 >> 18) | (s7 << 3);
-  s[19] = s7 >> 5;
-  s[20] = s7 >> 13;
-  s[21] = s8 >> 0;
-  s[22] = s8 >> 8;
-  s[23] = (s8 >> 16) | (s9 << 5);
-  s[24] = s9 >> 3;
-  s[25] = s9 >> 11;
-  s[26] = (s9 >> 19) | (s10 << 2);
-  s[27] = s10 >> 6;
-  s[28] = (s10 >> 14) | (s11 << 7);
-  s[29] = s11 >> 1;
-  s[30] = s11 >> 9;
-  s[31] = s11 >> 17;
-
-  /* hush warnings after setting values to 0 */
-  (void)s12;
-  (void)s13;
-  (void)s14;
-  (void)s15;
-  (void)s16;
-  (void)s17;
-  (void)s18;
-  (void)s19;
-  (void)s20;
-  (void)s21;
-  (void)s22;
-  (void)s23;
-}
-
-
 /*
     generate an ed25519 key pair.
     returns 0 on success
@@ -676,8 +46,8 @@ void sc_muladd(byte* s, const byte* a, const byte* b, const byte* c)
 int wc_ed25519_make_key(RNG* rng, int keySz, ed25519_key* key)
 {
     byte  az[64];
-    ge_p3 A;
     int   ret;
+    ge_p3 A;
 
     if (rng == NULL || key == NULL)
         return BAD_FUNC_ARG;
@@ -713,13 +83,13 @@ int wc_ed25519_make_key(RNG* rng, int keySz, ed25519_key* key)
 int wc_ed25519_sign_msg(const byte* in, word32 inlen, byte* out,
                         word32 *outlen, ed25519_key* key)
 {
-    int    ret = 0;
-    byte   nonce[64];
-    byte   hram[64];
+    ge_p3  R;
+    byte   nonce[SHA512_DIGEST_SIZE];
+    byte   hram[SHA512_DIGEST_SIZE];
     byte   az[64];
     word32 sigSz;
-    ge_p3  R;
     Sha512 sha;
+    int    ret = 0;
 
     /* sanity check on arguments */
     if (in == NULL || out == NULL || outlen == NULL || key == NULL)
@@ -732,7 +102,8 @@ int wc_ed25519_sign_msg(const byte* in, word32 inlen, byte* out,
         return BAD_FUNC_ARG;
     *outlen = sigSz;
 
-    /* create nonce to use */
+    /* step 1: create nonce to use where nonce is r in
+       r = H(h_b, ... ,h_2b-1,M) */
     ret |= wc_Sha512Hash(key->k,32,az);
     az[0]  &= 248;
     az[31] &= 63;
@@ -742,10 +113,14 @@ int wc_ed25519_sign_msg(const byte* in, word32 inlen, byte* out,
     ret |= wc_Sha512Update(&sha, in, inlen);
     ret |= wc_Sha512Final(&sha, nonce);
     sc_reduce(nonce);
+
+    /* step 2: computing R = rB where rB is the scalar multiplication of
+       r and B */
     ge_scalarmult_base(&R,nonce);
     ge_p3_tobytes(out,&R);
 
-    /* hash scalarmult of nonce + public key + message */
+    /* step 3: hash R + public key + message getting H(R,A,M) then
+       creating S = (r + H(R,A,M)a) mod l */
     ret |= wc_InitSha512(&sha);
     ret |= wc_Sha512Update(&sha, out, 32);
     ret |= wc_Sha512Update(&sha, key->p, 32);
@@ -768,13 +143,13 @@ int wc_ed25519_sign_msg(const byte* in, word32 inlen, byte* out,
 int wc_ed25519_verify_msg(byte* sig, word32 siglen, const byte* msg,
                           word32 msglen, int* stat, ed25519_key* key)
 {
-    int    ret;
-    word32 sigSz;
-    byte   h[64];
     byte   rcheck[32];
-    Sha512 sha;
+    byte   h[SHA512_DIGEST_SIZE];
     ge_p3  A;
     ge_p2  R;
+    word32 sigSz;
+    int    ret;
+    Sha512 sha;
 
     /* sanity check on arguments */
     if (sig == NULL || msg == NULL || stat == NULL || key == NULL)
@@ -789,10 +164,12 @@ int wc_ed25519_verify_msg(byte* sig, word32 siglen, const byte* msg,
         return BAD_FUNC_ARG;
     if (sig[63] & 224)
         return BAD_FUNC_ARG;
+
+    /* uncompress A (public key), test if valid, and negate it */
     if (ge_frombytes_negate_vartime(&A, key->p) != 0)
         return BAD_FUNC_ARG;
 
-    /* reduce hash of r + public key + message */
+    /* find H(R,A,M) and store it as h */
     ret |= wc_InitSha512(&sha);
     ret |= wc_Sha512Update(&sha, sig,    32);
     ret |= wc_Sha512Update(&sha, key->p, 32);
@@ -800,12 +177,16 @@ int wc_ed25519_verify_msg(byte* sig, word32 siglen, const byte* msg,
     ret |= wc_Sha512Final(&sha,  h);
     sc_reduce(h);
 
-    /* scalarmult placed in R using hash + A + s */
-    ge_double_scalarmult_vartime(&R, h, &A, sig + 32);
-    ge_tobytes(rcheck,&R);
+    /*
+       Uses a fast single-signature verification SB = R + H(R,A,M)A becomes
+       SB - H(R,A,M)A saving decompression of R
+    */
+    ret |= ge_double_scalarmult_vartime(&R, h, &A, sig + 32);
+    ge_tobytes(rcheck, &R);
 
-    /* comparison of r created to r in sig */
+    /* comparison of R created to R in sig */
     ret  |= ConstantCompare(rcheck, sig, 32);
+
     *stat = (ret == 0)? 1: 0;
 
     return ret;
@@ -843,6 +224,7 @@ int wc_ed25519_export_public(ed25519_key* key, byte* out, word32* outLen)
 {
     word32 keySz;
 
+    /* sanity check on arguments */
     if (key == NULL || out == NULL || outLen == NULL)
         return BAD_FUNC_ARG;
 
@@ -858,35 +240,6 @@ int wc_ed25519_export_public(ed25519_key* key, byte* out, word32* outLen)
 }
 
 
-/* internal function for importing uncompressed public keys */
-static int compress_key(byte* out, const byte* xIn, const byte* yIn,
-                        word32 keySz)
-{
-    fe     x,y,z;
-    ge_p3  g;
-    byte   bArray[ED25519_KEY_SIZE];
-    word32 i;
-
-    fe_0(x);
-    fe_0(y);
-    fe_1(z);
-    fe_frombytes(x, xIn);
-    fe_frombytes(y, yIn);
-
-    fe_copy(g.X, x);
-    fe_copy(g.Y, y);
-    fe_copy(g.Z, z);
-
-    ge_p3_tobytes(bArray, &g);
-
-    for (i = 0; i < keySz; i++) {
-        out[keySz - 1 - i] = bArray[i];
-    }
-
-    return 0;
-}
-
-
 /*
     Imports a compressed/uncompressed public key.
     in    the byte array containing the public key
@@ -898,6 +251,7 @@ int wc_ed25519_import_public(const byte* in, word32 inLen, ed25519_key* key)
     word32 keySz;
     int    ret;
 
+    /* sanity check on arguments */
     if (in == NULL || key == NULL)
         return BAD_FUNC_ARG;
 
@@ -917,7 +271,7 @@ int wc_ed25519_import_public(const byte* in, word32 inLen, ed25519_key* key)
     /* importing uncompressed public key */
     if (in[0] == 0x04) {
         /* pass in (x,y) and store compressed key */
-        ret = compress_key(key->p, (in+1), (in+1+keySz), keySz);
+        ret = ge_compress_key(key->p, (in+1), (in+1+keySz), keySz);
         return ret;
     }
 
@@ -942,6 +296,7 @@ int wc_ed25519_import_private_key(const byte* priv, word32 privSz,
     word32 keySz;
     int    ret;
 
+    /* sanity check on arguments */
     if (priv == NULL || pub == NULL || key == NULL)
         return BAD_FUNC_ARG;
 
diff --git a/wolfcrypt/src/fe_low_mem.c b/wolfcrypt/src/fe_low_mem.c
new file mode 100644
index 000000000..80834f54c
--- /dev/null
+++ b/wolfcrypt/src/fe_low_mem.c
@@ -0,0 +1,596 @@
+/* fe_low_mem.c
+ *
+ * Copyright (C) 2006-2015 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL. (formerly known as CyaSSL)
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+/* Based from Daniel Beer's public domain word. */
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#include <wolfssl/wolfcrypt/settings.h>
+
+#if defined(HAVE_ED25519) || defined(HAVE_CURVE25519)
+
+#include <wolfssl/wolfcrypt/fe_operations.h>
+
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #include <wolfcrypt/src/misc.c>
+#endif
+
+
+void fprime_copy(byte *x, const byte *a)
+{
+    int i;
+    for (i = 0; i < F25519_SIZE; i++)
+        x[i] = a[i];
+}
+
+
+void fe_copy(fe x, const fe a)
+{
+    int i;
+    for (i = 0; i < F25519_SIZE; i++)
+        x[i] = a[i];
+}
+
+
+/* Double an X-coordinate */
+static void xc_double(byte *x3, byte *z3,
+		      const byte *x1, const byte *z1)
+{
+	/* Explicit formulas database: dbl-1987-m
+	 *
+	 * source 1987 Montgomery "Speeding the Pollard and elliptic
+	 *   curve methods of factorization", page 261, fourth display
+	 * compute X3 = (X1^2-Z1^2)^2
+	 * compute Z3 = 4 X1 Z1 (X1^2 + a X1 Z1 + Z1^2)
+	 */
+	byte x1sq[F25519_SIZE];
+	byte z1sq[F25519_SIZE];
+	byte x1z1[F25519_SIZE];
+	byte a[F25519_SIZE];
+
+	fe_mul__distinct(x1sq, x1, x1);
+	fe_mul__distinct(z1sq, z1, z1);
+	fe_mul__distinct(x1z1, x1, z1);
+
+	fe_sub(a, x1sq, z1sq);
+	fe_mul__distinct(x3, a, a);
+
+	fe_mul_c(a, x1z1, 486662);
+	fe_add(a, x1sq, a);
+	fe_add(a, z1sq, a);
+	fe_mul__distinct(x1sq, x1z1, a);
+	fe_mul_c(z3, x1sq, 4);
+}
+
+
+/* Differential addition */
+static void xc_diffadd(byte *x5, byte *z5,
+		       const byte *x1, const byte *z1,
+		       const byte *x2, const byte *z2,
+		       const byte *x3, const byte *z3)
+{
+	/* Explicit formulas database: dbl-1987-m3
+	 *
+	 * source 1987 Montgomery "Speeding the Pollard and elliptic curve
+	 *   methods of factorization", page 261, fifth display, plus
+	 *   common-subexpression elimination
+	 * compute A = X2+Z2
+	 * compute B = X2-Z2
+	 * compute C = X3+Z3
+	 * compute D = X3-Z3
+	 * compute DA = D A
+	 * compute CB = C B
+	 * compute X5 = Z1(DA+CB)^2
+	 * compute Z5 = X1(DA-CB)^2
+	 */
+	byte da[F25519_SIZE];
+	byte cb[F25519_SIZE];
+	byte a[F25519_SIZE];
+	byte b[F25519_SIZE];
+
+	fe_add(a, x2, z2);
+	fe_sub(b, x3, z3); /* D */
+	fe_mul__distinct(da, a, b);
+
+	fe_sub(b, x2, z2);
+	fe_add(a, x3, z3); /* C */
+	fe_mul__distinct(cb, a, b);
+
+	fe_add(a, da, cb);
+	fe_mul__distinct(b, a, a);
+	fe_mul__distinct(x5, z1, b);
+
+	fe_sub(a, da, cb);
+	fe_mul__distinct(b, a, a);
+	fe_mul__distinct(z5, x1, b);
+}
+
+
+int curve25519(byte *result, byte *e, byte *q)
+{
+	/* Current point: P_m */
+	byte xm[F25519_SIZE];
+	byte zm[F25519_SIZE] = {1};
+
+	/* Predecessor: P_(m-1) */
+	byte xm1[F25519_SIZE] = {1};
+	byte zm1[F25519_SIZE] = {0};
+
+	int i;
+
+	/* Note: bit 254 is assumed to be 1 */
+	fe_copy(xm, q);
+
+	for (i = 253; i >= 0; i--) {
+		const int bit = (e[i >> 3] >> (i & 7)) & 1;
+		byte xms[F25519_SIZE];
+		byte zms[F25519_SIZE];
+
+		/* From P_m and P_(m-1), compute P_(2m) and P_(2m-1) */
+		xc_diffadd(xm1, zm1, q, f25519_one, xm, zm, xm1, zm1);
+		xc_double(xm, zm, xm, zm);
+
+		/* Compute P_(2m+1) */
+		xc_diffadd(xms, zms, xm1, zm1, xm, zm, q, f25519_one);
+
+		/* Select:
+		 *   bit = 1 --> (P_(2m+1), P_(2m))
+		 *   bit = 0 --> (P_(2m), P_(2m-1))
+		 */
+		fe_select(xm1, xm1, xm, bit);
+		fe_select(zm1, zm1, zm, bit);
+		fe_select(xm, xm, xms, bit);
+		fe_select(zm, zm, zms, bit);
+	}
+
+	/* Freeze out of projective coordinates */
+	fe_inv__distinct(zm1, zm);
+	fe_mul__distinct(result, zm1, xm);
+	fe_normalize(result);
+    return 0;
+}
+
+
+static void raw_add(byte *x, const byte *p)
+{
+	word16 c = 0;
+	int i;
+
+	for (i = 0; i < F25519_SIZE; i++) {
+		c += ((word16)x[i]) + ((word16)p[i]);
+		x[i] = c;
+		c >>= 8;
+	}
+}
+
+
+static void raw_try_sub(byte *x, const byte *p)
+{
+	byte minusp[F25519_SIZE];
+	word16 c = 0;
+	int i;
+
+	for (i = 0; i < F25519_SIZE; i++) {
+		c = ((word16)x[i]) - ((word16)p[i]) - c;
+		minusp[i] = c;
+		c = (c >> 8) & 1;
+	}
+
+	fprime_select(x, minusp, x, c);
+}
+
+
+static int prime_msb(const byte *p)
+{
+    int i;
+    byte x;
+    int shift = 1;
+    int z     = F25519_SIZE - 1;
+
+   /*
+       Test for any hot bits.
+       As soon as one instance is incountered set shift to 0.
+    */
+	for (i = F25519_SIZE - 1; i >= 0; i--) {
+        shift &= ((shift ^ ((-p[i] | p[i]) >> 7)) & 1);
+        z -= shift;
+    }
+	x = p[z];
+	z <<= 3;
+    shift = 1;
+    for (i = 0; i < 8; i++) {
+        shift &= ((-(x >> i) | (x >> i)) >> (7 - i) & 1);
+        z += shift;
+    }
+
+	return z - 1;
+}
+
+
+void fprime_select(byte *dst, const byte *zero, const byte *one, byte condition)
+{
+	const byte mask = -condition;
+	int i;
+
+	for (i = 0; i < F25519_SIZE; i++)
+		dst[i] = zero[i] ^ (mask & (one[i] ^ zero[i]));
+}
+
+
+void fprime_add(byte *r, const byte *a, const byte *modulus)
+{
+	raw_add(r, a);
+	raw_try_sub(r, modulus);
+}
+
+
+void fprime_sub(byte *r, const byte *a, const byte *modulus)
+{
+	raw_add(r, modulus);
+	raw_try_sub(r, a);
+	raw_try_sub(r, modulus);
+}
+
+
+void fprime_mul(byte *r, const byte *a, const byte *b,
+		const byte *modulus)
+{
+	word16 c = 0;
+	int i,j;
+
+	XMEMSET(r, 0, F25519_SIZE);
+
+	for (i = prime_msb(modulus); i >= 0; i--) {
+		const byte bit = (b[i >> 3] >> (i & 7)) & 1;
+		byte plusa[F25519_SIZE];
+
+	    for (j = 0; j < F25519_SIZE; j++) {
+		    c |= ((word16)r[j]) << 1;
+		    r[j] = c;
+		    c >>= 8;
+	    }
+		raw_try_sub(r, modulus);
+
+		fprime_copy(plusa, r);
+		fprime_add(plusa, a, modulus);
+
+		fprime_select(r, r, plusa, bit);
+	}
+}
+
+
+void fe_load(byte *x, word32 c)
+{
+	word32 i;
+
+	for (i = 0; i < sizeof(c); i++) {
+		x[i] = c;
+		c >>= 8;
+	}
+
+	for (; i < F25519_SIZE; i++)
+		x[i] = 0;
+}
+
+
+void fe_normalize(byte *x)
+{
+	byte minusp[F25519_SIZE];
+	word16 c;
+	int i;
+
+	/* Reduce using 2^255 = 19 mod p */
+	c = (x[31] >> 7) * 19;
+	x[31] &= 127;
+
+	for (i = 0; i < F25519_SIZE; i++) {
+		c += x[i];
+		x[i] = c;
+		c >>= 8;
+	}
+
+	/* The number is now less than 2^255 + 18, and therefore less than
+	 * 2p. Try subtracting p, and conditionally load the subtracted
+	 * value if underflow did not occur.
+	 */
+	c = 19;
+
+	for (i = 0; i + 1 < F25519_SIZE; i++) {
+		c += x[i];
+		minusp[i] = c;
+		c >>= 8;
+	}
+
+	c += ((word16)x[i]) - 128;
+	minusp[31] = c;
+
+	/* Load x-p if no underflow */
+	fe_select(x, minusp, x, (c >> 15) & 1);
+}
+
+
+void fe_select(byte *dst,
+		   const byte *zero, const byte *one,
+		   byte condition)
+{
+	const byte mask = -condition;
+	int i;
+
+	for (i = 0; i < F25519_SIZE; i++)
+		dst[i] = zero[i] ^ (mask & (one[i] ^ zero[i]));
+}
+
+
+void fe_add(fe r, const fe a, const fe b)
+{
+	word16 c = 0;
+	int i;
+
+	/* Add */
+	for (i = 0; i < F25519_SIZE; i++) {
+		c >>= 8;
+		c += ((word16)a[i]) + ((word16)b[i]);
+		r[i] = c;
+	}
+
+	/* Reduce with 2^255 = 19 mod p */
+	r[31] &= 127;
+	c = (c >> 7) * 19;
+
+	for (i = 0; i < F25519_SIZE; i++) {
+		c += r[i];
+		r[i] = c;
+		c >>= 8;
+	}
+}
+
+
+void fe_sub(fe r, const fe a, const fe b)
+{
+	word32 c = 0;
+	int i;
+
+	/* Calculate a + 2p - b, to avoid underflow */
+	c = 218;
+	for (i = 0; i + 1 < F25519_SIZE; i++) {
+		c += 65280 + ((word32)a[i]) - ((word32)b[i]);
+		r[i] = c;
+		c >>= 8;
+	}
+
+	c += ((word32)a[31]) - ((word32)b[31]);
+	r[31] = c & 127;
+	c = (c >> 7) * 19;
+
+	for (i = 0; i < F25519_SIZE; i++) {
+		c += r[i];
+		r[i] = c;
+		c >>= 8;
+	}
+}
+
+
+void fe_neg(fe r, const fe a)
+{
+	word32 c = 0;
+	int i;
+
+	/* Calculate 2p - a, to avoid underflow */
+	c = 218;
+	for (i = 0; i + 1 < F25519_SIZE; i++) {
+		c += 65280 - ((word32)a[i]);
+		r[i] = c;
+		c >>= 8;
+	}
+
+	c -= ((word32)a[31]);
+	r[31] = c & 127;
+	c = (c >> 7) * 19;
+
+	for (i = 0; i < F25519_SIZE; i++) {
+		c += r[i];
+		r[i] = c;
+		c >>= 8;
+	}
+}
+
+
+void fe_mul__distinct(byte *r, const byte *a, const byte *b)
+{
+	word32 c = 0;
+	int i;
+
+	for (i = 0; i < F25519_SIZE; i++) {
+		int j;
+
+		c >>= 8;
+		for (j = 0; j <= i; j++)
+			c += ((word32)a[j]) * ((word32)b[i - j]);
+
+		for (; j < F25519_SIZE; j++)
+			c += ((word32)a[j]) *
+			     ((word32)b[i + F25519_SIZE - j]) * 38;
+
+		r[i] = c;
+	}
+
+	r[31] &= 127;
+	c = (c >> 7) * 19;
+
+	for (i = 0; i < F25519_SIZE; i++) {
+		c += r[i];
+		r[i] = c;
+		c >>= 8;
+	}
+}
+
+
+void fe_mul(fe r, const fe a, const fe b)
+{
+	byte tmp[F25519_SIZE];
+
+	fe_mul__distinct(tmp, a, b);
+	fe_copy(r, tmp);
+}
+
+
+void fe_mul_c(byte *r, const byte *a, word32 b)
+{
+	word32 c = 0;
+	int i;
+
+	for (i = 0; i < F25519_SIZE; i++) {
+		c >>= 8;
+		c += b * ((word32)a[i]);
+		r[i] = c;
+	}
+
+	r[31] &= 127;
+	c >>= 7;
+	c *= 19;
+
+	for (i = 0; i < F25519_SIZE; i++) {
+		c += r[i];
+		r[i] = c;
+		c >>= 8;
+	}
+}
+
+
+void fe_inv__distinct(byte *r, const byte *x)
+{
+	byte s[F25519_SIZE];
+	int i;
+
+	/* This is a prime field, so by Fermat's little theorem:
+	 *
+	 *     x^(p-1) = 1 mod p
+	 *
+	 * Therefore, raise to (p-2) = 2^255-21 to get a multiplicative
+	 * inverse.
+	 *
+	 * This is a 255-bit binary number with the digits:
+	 *
+	 *     11111111... 01011
+	 *
+	 * We compute the result by the usual binary chain, but
+	 * alternate between keeping the accumulator in r and s, so as
+	 * to avoid copying temporaries.
+	 */
+
+	/* 1 1 */
+	fe_mul__distinct(s, x, x);
+	fe_mul__distinct(r, s, x);
+
+	/* 1 x 248 */
+	for (i = 0; i < 248; i++) {
+		fe_mul__distinct(s, r, r);
+		fe_mul__distinct(r, s, x);
+	}
+
+	/* 0 */
+	fe_mul__distinct(s, r, r);
+
+	/* 1 */
+	fe_mul__distinct(r, s, s);
+	fe_mul__distinct(s, r, x);
+
+	/* 0 */
+	fe_mul__distinct(r, s, s);
+
+	/* 1 */
+	fe_mul__distinct(s, r, r);
+	fe_mul__distinct(r, s, x);
+
+	/* 1 */
+	fe_mul__distinct(s, r, r);
+	fe_mul__distinct(r, s, x);
+}
+
+
+void fe_invert(fe r, const fe x)
+{
+	byte tmp[F25519_SIZE];
+
+	fe_inv__distinct(tmp, x);
+	fe_copy(r, tmp);
+}
+
+
+/* Raise x to the power of (p-5)/8 = 2^252-3, using s for temporary
+ * storage.
+ */
+static void exp2523(byte *r, const byte *x, byte *s)
+{
+	int i;
+
+	/* This number is a 252-bit number with the binary expansion:
+	 *
+	 *     111111... 01
+	 */
+
+	/* 1 1 */
+	fe_mul__distinct(r, x, x);
+	fe_mul__distinct(s, r, x);
+
+	/* 1 x 248 */
+	for (i = 0; i < 248; i++) {
+		fe_mul__distinct(r, s, s);
+		fe_mul__distinct(s, r, x);
+	}
+
+	/* 0 */
+	fe_mul__distinct(r, s, s);
+
+	/* 1 */
+	fe_mul__distinct(s, r, r);
+	fe_mul__distinct(r, s, x);
+}
+
+
+void fe_sqrt(byte *r, const byte *a)
+{
+	byte v[F25519_SIZE];
+	byte i[F25519_SIZE];
+	byte x[F25519_SIZE];
+	byte y[F25519_SIZE];
+
+	/* v = (2a)^((p-5)/8) [x = 2a] */
+	fe_mul_c(x, a, 2);
+	exp2523(v, x, y);
+
+	/* i = 2av^2 - 1 */
+	fe_mul__distinct(y, v, v);
+	fe_mul__distinct(i, x, y);
+	fe_load(y, 1);
+	fe_sub(i, i, y);
+
+	/* r = avi */
+	fe_mul__distinct(x, v, a);
+	fe_mul__distinct(r, x, i);
+}
+
+#endif /* HAVE_CURVE25519 or HAVE_ED25519 */
+
diff --git a/wolfcrypt/src/fe_operations.c b/wolfcrypt/src/fe_operations.c
index 5d50517cc..da07c951c 100644
--- a/wolfcrypt/src/fe_operations.c
+++ b/wolfcrypt/src/fe_operations.c
@@ -105,6 +105,72 @@ void fe_0(fe h)
 }
 
 
+int curve25519(byte* q, byte* n, byte* p)
+{
+  unsigned char e[32];
+  unsigned int i;
+  fe x1;
+  fe x2;
+  fe z2;
+  fe x3;
+  fe z3;
+  fe tmp0;
+  fe tmp1;
+  int pos;
+  unsigned int swap;
+  unsigned int b;
+
+  for (i = 0;i < 32;++i) e[i] = n[i];
+  e[0] &= 248;
+  e[31] &= 127;
+  e[31] |= 64;
+
+  fe_frombytes(x1,p);
+  fe_1(x2);
+  fe_0(z2);
+  fe_copy(x3,x1);
+  fe_1(z3);
+
+  swap = 0;
+  for (pos = 254;pos >= 0;--pos) {
+    b = e[pos / 8] >> (pos & 7);
+    b &= 1;
+    swap ^= b;
+    fe_cswap(x2,x3,swap);
+    fe_cswap(z2,z3,swap);
+    swap = b;
+
+    /* montgomery */
+	fe_sub(tmp0,x3,z3);
+	fe_sub(tmp1,x2,z2);
+	fe_add(x2,x2,z2);
+	fe_add(z2,x3,z3);
+	fe_mul(z3,tmp0,x2);
+	fe_mul(z2,z2,tmp1);
+	fe_sq(tmp0,tmp1);
+	fe_sq(tmp1,x2);
+	fe_add(x3,z3,z2);
+	fe_sub(z2,z3,z2);
+	fe_mul(x2,tmp1,tmp0);
+	fe_sub(tmp1,tmp1,tmp0);
+	fe_sq(z2,z2);
+	fe_mul121666(z3,tmp1);
+	fe_sq(x3,x3);
+	fe_add(tmp0,tmp0,z3);
+	fe_mul(z3,x1,z2);
+	fe_mul(z2,tmp1,tmp0);
+  }
+  fe_cswap(x2,x3,swap);
+  fe_cswap(z2,z3,swap);
+
+  fe_invert(z2,z2);
+  fe_mul(x2,x2,z2);
+  fe_tobytes(q,x2);
+
+  return 0;
+}
+
+
 /*
 h = f * f
 Can overlap h with f.
@@ -1236,9 +1302,6 @@ void fe_neg(fe h,const fe f)
 
 
 /*
-return 1 if f == 0
-return 0 if f != 0
-
 Preconditions:
    |f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
 */
diff --git a/wolfcrypt/src/ge_low_mem.c b/wolfcrypt/src/ge_low_mem.c
new file mode 100644
index 000000000..43c533c69
--- /dev/null
+++ b/wolfcrypt/src/ge_low_mem.c
@@ -0,0 +1,558 @@
+/* ge_low_mem.c
+ *
+ * Copyright (C) 2006-2015 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL. (formerly known as CyaSSL)
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+ /* Based from Daniel Beer's public domain work. */
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#include <wolfssl/wolfcrypt/settings.h>
+
+#ifdef HAVE_ED25519
+
+#include <wolfssl/wolfcrypt/ge_operations.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #include <wolfcrypt/src/misc.c>
+#endif
+
+void ed25519_smult(ge_p3 *r, const ge_p3 *a, const byte *e);
+void ed25519_add(ge_p3 *r, const ge_p3 *a, const ge_p3 *b);
+void ed25519_double(ge_p3 *r, const ge_p3 *a);
+
+
+static const byte ed25519_order[F25519_SIZE] = {
+	0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58,
+	0xd6, 0x9c, 0xf7, 0xa2, 0xde, 0xf9, 0xde, 0x14,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10
+};
+
+/*Arithmetic modulo the group order m = 2^252 +
+ 27742317777372353535851937790883648493 =
+ 7237005577332262213973186563042994240857116359379907606001950938285454250989 */
+
+static const word32 m[32] = {
+    0xED,0xD3,0xF5,0x5C,0x1A,0x63,0x12,0x58,0xD6,0x9C,0xF7,0xA2,0xDE,0xF9,
+    0xDE,0x14,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+    0x00,0x00,0x00,0x10
+};
+
+static const word32 mu[33] = {
+    0x1B,0x13,0x2C,0x0A,0xA3,0xE5,0x9C,0xED,0xA7,0x29,0x63,0x08,0x5D,0x21,
+    0x06,0x21,0xEB,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+    0xFF,0xFF,0xFF,0xFF,0x0F
+};
+
+
+int ge_compress_key(byte* out, const byte* xIn, const byte* yIn,
+                        word32 keySz)
+{
+	byte tmp[F25519_SIZE];
+	byte parity;
+    int     i;
+
+	fe_copy(tmp, xIn);
+	parity = (tmp[0] & 1) << 7;
+
+    byte pt[32];
+	fe_copy(pt, yIn);
+	pt[31] |= parity;
+
+    for(i = 0; i < 32; i++) {
+        out[32-i-1] = pt[i];
+    }
+    (void)keySz;
+    return 0;
+}
+
+
+static word32 lt(word32 a,word32 b) /* 16-bit inputs */
+{
+  unsigned int x = a;
+  x -= (unsigned int) b; /* 0..65535: no; 4294901761..4294967295: yes */
+  x >>= 31; /* 0: no; 1: yes */
+  return x;
+}
+
+
+/* Reduce coefficients of r before calling reduce_add_sub */
+static void reduce_add_sub(word32 *r)
+{
+  word32 pb = 0;
+  word32 b;
+  word32 mask;
+  int i;
+  unsigned char t[32];
+
+  for(i=0;i<32;i++)
+  {
+    pb += m[i];
+    b = lt(r[i],pb);
+    t[i] = r[i]-pb+(b<<8);
+    pb = b;
+  }
+  mask = b - 1;
+  for(i=0;i<32;i++)
+    r[i] ^= mask & (r[i] ^ t[i]);
+}
+
+
+/* Reduce coefficients of x before calling barrett_reduce */
+static void barrett_reduce(word32* r, word32 x[64])
+{
+  /* See HAC, Alg. 14.42 */
+  int i,j;
+  word32 q2[66];
+  word32 *q3 = q2 + 33;
+  word32 r1[33];
+  word32 r2[33];
+  word32 carry;
+  word32 pb = 0;
+  word32 b;
+
+  for (i = 0;i < 66;++i) q2[i] = 0;
+  for (i = 0;i < 33;++i) r2[i] = 0;
+
+  for(i=0;i<33;i++)
+    for(j=0;j<33;j++)
+      if(i+j >= 31) q2[i+j] += mu[i]*x[j+31];
+  carry = q2[31] >> 8;
+  q2[32] += carry;
+  carry = q2[32] >> 8;
+  q2[33] += carry;
+
+  for(i=0;i<33;i++)r1[i] = x[i];
+  for(i=0;i<32;i++)
+    for(j=0;j<33;j++)
+      if(i+j < 33) r2[i+j] += m[i]*q3[j];
+
+  for(i=0;i<32;i++)
+  {
+    carry = r2[i] >> 8;
+    r2[i+1] += carry;
+    r2[i] &= 0xff;
+  }
+
+  for(i=0;i<32;i++)
+  {
+    pb += r2[i];
+    b = lt(r1[i],pb);
+    r[i] = r1[i]-pb+(b<<8);
+    pb = b;
+  }
+
+  /* XXX: Can it really happen that r<0?, See HAC, Alg 14.42, Step 3
+   * r is an unsigned type.
+   * If so: Handle  it here!
+   */
+
+  reduce_add_sub(r);
+  reduce_add_sub(r);
+}
+
+
+void sc_reduce(unsigned char x[64])
+{
+  int i;
+  word32 t[64];
+  word32 r[32];
+  for(i=0;i<64;i++) t[i] = x[i];
+  barrett_reduce(r, t);
+  for(i=0;i<32;i++) x[i] = (r[i] & 0xFF);
+}
+
+
+void sc_muladd(byte* out, const byte* a, const byte* b, const byte* c)
+{
+
+	byte s[32];
+    byte e[64];
+
+    XMEMSET(e, 0, sizeof(e));
+    XMEMCPY(e, b, 32);
+
+	/* Obtain e */
+	sc_reduce(e);
+
+	/* Compute s = ze + k */
+	fprime_mul(s, a, e, ed25519_order);
+	fprime_add(s, c, ed25519_order);
+
+	XMEMCPY(out, s, 32);
+}
+
+
+/* Base point is (numbers wrapped):
+ *
+ *     x = 151122213495354007725011514095885315114
+ *         54012693041857206046113283949847762202
+ *     y = 463168356949264781694283940034751631413
+ *         07993866256225615783033603165251855960
+ *
+ * y is derived by transforming the original Montgomery base (u=9). x
+ * is the corresponding positive coordinate for the new curve equation.
+ * t is x*y.
+ */
+const ge_p3 ed25519_base = {
+	.X = {
+		0x1a, 0xd5, 0x25, 0x8f, 0x60, 0x2d, 0x56, 0xc9,
+		0xb2, 0xa7, 0x25, 0x95, 0x60, 0xc7, 0x2c, 0x69,
+		0x5c, 0xdc, 0xd6, 0xfd, 0x31, 0xe2, 0xa4, 0xc0,
+		0xfe, 0x53, 0x6e, 0xcd, 0xd3, 0x36, 0x69, 0x21
+	},
+	.Y = {
+		0x58, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66,
+		0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66,
+		0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66,
+		0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66
+	},
+	.T = {
+		0xa3, 0xdd, 0xb7, 0xa5, 0xb3, 0x8a, 0xde, 0x6d,
+		0xf5, 0x52, 0x51, 0x77, 0x80, 0x9f, 0xf0, 0x20,
+		0x7d, 0xe3, 0xab, 0x64, 0x8e, 0x4e, 0xea, 0x66,
+		0x65, 0x76, 0x8b, 0xd7, 0x0f, 0x5f, 0x87, 0x67
+	},
+	.Z = {1, 0}
+};
+
+
+const ge_p3 ed25519_neutral = {
+	.X = {0},
+	.Y = {1, 0},
+	.T = {0},
+	.Z = {1, 0}
+};
+
+
+static const byte ed25519_d[F25519_SIZE] = {
+	0xa3, 0x78, 0x59, 0x13, 0xca, 0x4d, 0xeb, 0x75,
+	0xab, 0xd8, 0x41, 0x41, 0x4d, 0x0a, 0x70, 0x00,
+	0x98, 0xe8, 0x79, 0x77, 0x79, 0x40, 0xc7, 0x8c,
+	0x73, 0xfe, 0x6f, 0x2b, 0xee, 0x6c, 0x03, 0x52
+};
+
+
+/* k = 2d */
+static const byte ed25519_k[F25519_SIZE] = {
+	0x59, 0xf1, 0xb2, 0x26, 0x94, 0x9b, 0xd6, 0xeb,
+	0x56, 0xb1, 0x83, 0x82, 0x9a, 0x14, 0xe0, 0x00,
+	0x30, 0xd1, 0xf3, 0xee, 0xf2, 0x80, 0x8e, 0x19,
+	0xe7, 0xfc, 0xdf, 0x56, 0xdc, 0xd9, 0x06, 0x24
+};
+
+
+void ed25519_add(ge_p3 *r,
+		 const ge_p3 *p1, const ge_p3 *p2)
+{
+	/* Explicit formulas database: add-2008-hwcd-3
+	 *
+	 * source 2008 Hisil--Wong--Carter--Dawson,
+	 *     http://eprint.iacr.org/2008/522, Section 3.1
+	 * appliesto extended-1
+	 * parameter k
+	 * assume k = 2 d
+	 * compute A = (Y1-X1)(Y2-X2)
+	 * compute B = (Y1+X1)(Y2+X2)
+	 * compute C = T1 k T2
+	 * compute D = Z1 2 Z2
+	 * compute E = B - A
+	 * compute F = D - C
+	 * compute G = D + C
+	 * compute H = B + A
+	 * compute X3 = E F
+	 * compute Y3 = G H
+	 * compute T3 = E H
+	 * compute Z3 = F G
+	 */
+	byte a[F25519_SIZE];
+	byte b[F25519_SIZE];
+	byte c[F25519_SIZE];
+	byte d[F25519_SIZE];
+	byte e[F25519_SIZE];
+	byte f[F25519_SIZE];
+	byte g[F25519_SIZE];
+	byte h[F25519_SIZE];
+
+	/* A = (Y1-X1)(Y2-X2) */
+	fe_sub(c, p1->Y, p1->X);
+	fe_sub(d, p2->Y, p2->X);
+	fe_mul__distinct(a, c, d);
+
+	/* B = (Y1+X1)(Y2+X2) */
+	fe_add(c, p1->Y, p1->X);
+	fe_add(d, p2->Y, p2->X);
+	fe_mul__distinct(b, c, d);
+
+	/* C = T1 k T2 */
+	fe_mul__distinct(d, p1->T, p2->T);
+	fe_mul__distinct(c, d, ed25519_k);
+
+	/* D = Z1 2 Z2 */
+	fe_mul__distinct(d, p1->Z, p2->Z);
+	fe_add(d, d, d);
+
+	/* E = B - A */
+	fe_sub(e, b, a);
+
+	/* F = D - C */
+	fe_sub(f, d, c);
+
+	/* G = D + C */
+	fe_add(g, d, c);
+
+	/* H = B + A */
+	fe_add(h, b, a);
+
+	/* X3 = E F */
+	fe_mul__distinct(r->X, e, f);
+
+	/* Y3 = G H */
+	fe_mul__distinct(r->Y, g, h);
+
+	/* T3 = E H */
+	fe_mul__distinct(r->T, e, h);
+
+	/* Z3 = F G */
+	fe_mul__distinct(r->Z, f, g);
+}
+
+
+void ed25519_double(ge_p3 *r, const ge_p3 *p)
+{
+	/* Explicit formulas database: dbl-2008-hwcd
+	 *
+	 * source 2008 Hisil--Wong--Carter--Dawson,
+	 *     http://eprint.iacr.org/2008/522, Section 3.3
+	 * compute A = X1^2
+	 * compute B = Y1^2
+	 * compute C = 2 Z1^2
+	 * compute D = a A
+	 * compute E = (X1+Y1)^2-A-B
+	 * compute G = D + B
+	 * compute F = G - C
+	 * compute H = D - B
+	 * compute X3 = E F
+	 * compute Y3 = G H
+	 * compute T3 = E H
+	 * compute Z3 = F G
+	 */
+	byte a[F25519_SIZE];
+	byte b[F25519_SIZE];
+	byte c[F25519_SIZE];
+	byte e[F25519_SIZE];
+	byte f[F25519_SIZE];
+	byte g[F25519_SIZE];
+	byte h[F25519_SIZE];
+
+	/* A = X1^2 */
+	fe_mul__distinct(a, p->X, p->X);
+
+	/* B = Y1^2 */
+	fe_mul__distinct(b, p->Y, p->Y);
+
+	/* C = 2 Z1^2 */
+	fe_mul__distinct(c, p->Z, p->Z);
+	fe_add(c, c, c);
+
+	/* D = a A (alter sign) */
+	/* E = (X1+Y1)^2-A-B */
+	fe_add(f, p->X, p->Y);
+	fe_mul__distinct(e, f, f);
+	fe_sub(e, e, a);
+	fe_sub(e, e, b);
+
+	/* G = D + B */
+	fe_sub(g, b, a);
+
+	/* F = G - C */
+	fe_sub(f, g, c);
+
+	/* H = D - B */
+	fe_neg(h, b);
+	fe_sub(h, h, a);
+
+	/* X3 = E F */
+	fe_mul__distinct(r->X, e, f);
+
+	/* Y3 = G H */
+	fe_mul__distinct(r->Y, g, h);
+
+	/* T3 = E H */
+	fe_mul__distinct(r->T, e, h);
+
+	/* Z3 = F G */
+	fe_mul__distinct(r->Z, f, g);
+}
+
+
+void ed25519_smult(ge_p3 *r_out, const ge_p3 *p, const byte *e)
+{
+	ge_p3 r;
+	int   i;
+
+    XMEMCPY(&r, &ed25519_neutral, sizeof(r));
+
+	for (i = 255; i >= 0; i--) {
+		const byte bit = (e[i >> 3] >> (i & 7)) & 1;
+		ge_p3 s;
+
+		ed25519_double(&r, &r);
+		ed25519_add(&s, &r, p);
+
+		fe_select(r.X, r.X, s.X, bit);
+		fe_select(r.Y, r.Y, s.Y, bit);
+		fe_select(r.Z, r.Z, s.Z, bit);
+		fe_select(r.T, r.T, s.T, bit);
+	}
+    XMEMCPY(r_out, &r, sizeof(r));
+}
+
+
+void ge_scalarmult_base(ge_p3 *R,const unsigned char *nonce)
+{
+	ed25519_smult(R, &ed25519_base, nonce);
+}
+
+
+/* pack the point h into array s */
+void ge_p3_tobytes(unsigned char *s,const ge_p3 *h)
+{
+	byte x[F25519_SIZE];
+	byte y[F25519_SIZE];
+	byte z1[F25519_SIZE];
+	byte parity;
+
+	fe_inv__distinct(z1, h->Z);
+	fe_mul__distinct(x, h->X, z1);
+	fe_mul__distinct(y, h->Y, z1);
+
+	fe_normalize(x);
+	fe_normalize(y);
+
+	parity = (x[0] & 1) << 7;
+	fe_copy(s, y);
+	fe_normalize(s);
+	s[31] |= parity;
+}
+
+
+/* pack the point h into array s */
+void ge_tobytes(unsigned char *s,const ge_p2 *h)
+{
+	byte x[F25519_SIZE];
+	byte y[F25519_SIZE];
+	byte z1[F25519_SIZE];
+	byte parity;
+
+	fe_inv__distinct(z1, h->Z);
+	fe_mul__distinct(x, h->X, z1);
+	fe_mul__distinct(y, h->Y, z1);
+
+	fe_normalize(x);
+	fe_normalize(y);
+
+	parity = (x[0] & 1) << 7;
+	fe_copy(s, y);
+	fe_normalize(s);
+	s[31] |= parity;
+}
+
+
+/*
+   Test if the public key can be uncommpressed and negate it (-X,Y,Z,-T)
+   return 0 on success
+ */
+int ge_frombytes_negate_vartime(ge_p3 *p,const unsigned char *s)
+{
+
+	byte parity;
+    byte x[F25519_SIZE];
+	byte y[F25519_SIZE];
+	byte a[F25519_SIZE];
+	byte b[F25519_SIZE];
+	byte c[F25519_SIZE];
+    int ret = 0;
+
+    /* unpack the key s */
+    parity = s[31] >> 7;
+    fe_copy(y, s);
+	y[31] &= 127;
+
+	fe_mul__distinct(c, y, y);
+    fe_mul__distinct(b, c, ed25519_d);
+	fe_add(a, b, f25519_one);
+	fe_inv__distinct(b, a);
+	fe_sub(a, c, f25519_one);
+	fe_mul__distinct(c, a, b);
+	fe_sqrt(a, c);
+	fe_neg(b, a);
+	fe_select(x, a, b, (a[0] ^ parity) & 1);
+
+    /* test that x^2 is equal to c */
+    fe_mul__distinct(a, x, x);
+	fe_normalize(a);
+	fe_normalize(c);
+	ret |= ConstantCompare(a, c, F25519_SIZE);
+
+    /* project the key s onto p */
+	fe_copy(p->X, x);
+	fe_copy(p->Y, y);
+	fe_load(p->Z, 1);
+	fe_mul__distinct(p->T, x, y);
+
+    /* negate, the point becomes (-X,Y,Z,-T) */
+    fe_neg(p->X,p->X);
+    fe_neg(p->T,p->T);
+
+    return ret;
+}
+
+
+int ge_double_scalarmult_vartime(ge_p2* R, const unsigned char *h,
+                                 const ge_p3 *inA,const unsigned char *sig)
+{
+    ge_p3 p, A;
+    int ret = 0;
+
+    XMEMCPY(&A, inA, sizeof(ge_p3));
+
+    /* find SB */
+    ed25519_smult(&p, &ed25519_base, sig);
+
+    /* find H(R,A,M) * -A */
+	ed25519_smult(&A, &A, h);
+
+    /* SB + -H(R,A,M)A */
+	ed25519_add(&A, &p, &A);
+
+    fe_copy(R->X, A.X);
+    fe_copy(R->Y, A.Y);
+    fe_copy(R->Z, A.Z);
+
+    return ret;
+}
+
+#endif /* HAVE_ED25519 */
+
diff --git a/wolfcrypt/src/ge_operations.c b/wolfcrypt/src/ge_operations.c
index 2a4885ae8..665cfe89b 100644
--- a/wolfcrypt/src/ge_operations.c
+++ b/wolfcrypt/src/ge_operations.c
@@ -51,12 +51,670 @@ Representations:
   ge_p1p1 (completed): ((X:Z),(Y:T)) satisfying x=X/Z, y=Y/T
   ge_precomp (Duif): (y+x,y-x,2dxy)
 */
+
+
 /*
+Input:
+  s[0]+256*s[1]+...+256^63*s[63] = s
+
+Output:
+  s[0]+256*s[1]+...+256^31*s[31] = s mod l
+  where l = 2^252 + 27742317777372353535851937790883648493.
+  Overwrites s in place.
+*/
+void sc_reduce(byte* s)
+{
+  int64_t s0 = 2097151 & load_3(s);
+  int64_t s1 = 2097151 & (load_4(s + 2) >> 5);
+  int64_t s2 = 2097151 & (load_3(s + 5) >> 2);
+  int64_t s3 = 2097151 & (load_4(s + 7) >> 7);
+  int64_t s4 = 2097151 & (load_4(s + 10) >> 4);
+  int64_t s5 = 2097151 & (load_3(s + 13) >> 1);
+  int64_t s6 = 2097151 & (load_4(s + 15) >> 6);
+  int64_t s7 = 2097151 & (load_3(s + 18) >> 3);
+  int64_t s8 = 2097151 & load_3(s + 21);
+  int64_t s9 = 2097151 & (load_4(s + 23) >> 5);
+  int64_t s10 = 2097151 & (load_3(s + 26) >> 2);
+  int64_t s11 = 2097151 & (load_4(s + 28) >> 7);
+  int64_t s12 = 2097151 & (load_4(s + 31) >> 4);
+  int64_t s13 = 2097151 & (load_3(s + 34) >> 1);
+  int64_t s14 = 2097151 & (load_4(s + 36) >> 6);
+  int64_t s15 = 2097151 & (load_3(s + 39) >> 3);
+  int64_t s16 = 2097151 & load_3(s + 42);
+  int64_t s17 = 2097151 & (load_4(s + 44) >> 5);
+  int64_t s18 = 2097151 & (load_3(s + 47) >> 2);
+  int64_t s19 = 2097151 & (load_4(s + 49) >> 7);
+  int64_t s20 = 2097151 & (load_4(s + 52) >> 4);
+  int64_t s21 = 2097151 & (load_3(s + 55) >> 1);
+  int64_t s22 = 2097151 & (load_4(s + 57) >> 6);
+  int64_t s23 = (load_4(s + 60) >> 3);
+  int64_t carry0;
+  int64_t carry1;
+  int64_t carry2;
+  int64_t carry3;
+  int64_t carry4;
+  int64_t carry5;
+  int64_t carry6;
+  int64_t carry7;
+  int64_t carry8;
+  int64_t carry9;
+  int64_t carry10;
+  int64_t carry11;
+  int64_t carry12;
+  int64_t carry13;
+  int64_t carry14;
+  int64_t carry15;
+  int64_t carry16;
+
+  s11 += s23 * 666643;
+  s12 += s23 * 470296;
+  s13 += s23 * 654183;
+  s14 -= s23 * 997805;
+  s15 += s23 * 136657;
+  s16 -= s23 * 683901;
+  s23 = 0;
+
+  s10 += s22 * 666643;
+  s11 += s22 * 470296;
+  s12 += s22 * 654183;
+  s13 -= s22 * 997805;
+  s14 += s22 * 136657;
+  s15 -= s22 * 683901;
+  s22 = 0;
+
+  s9 += s21 * 666643;
+  s10 += s21 * 470296;
+  s11 += s21 * 654183;
+  s12 -= s21 * 997805;
+  s13 += s21 * 136657;
+  s14 -= s21 * 683901;
+  s21 = 0;
+
+  s8 += s20 * 666643;
+  s9 += s20 * 470296;
+  s10 += s20 * 654183;
+  s11 -= s20 * 997805;
+  s12 += s20 * 136657;
+  s13 -= s20 * 683901;
+  s20 = 0;
+
+  s7 += s19 * 666643;
+  s8 += s19 * 470296;
+  s9 += s19 * 654183;
+  s10 -= s19 * 997805;
+  s11 += s19 * 136657;
+  s12 -= s19 * 683901;
+  s19 = 0;
+
+  s6 += s18 * 666643;
+  s7 += s18 * 470296;
+  s8 += s18 * 654183;
+  s9 -= s18 * 997805;
+  s10 += s18 * 136657;
+  s11 -= s18 * 683901;
+  s18 = 0;
+
+  carry6 = (s6 + (1<<20)) >> 21; s7 += carry6; s6 -= carry6 << 21;
+  carry8 = (s8 + (1<<20)) >> 21; s9 += carry8; s8 -= carry8 << 21;
+  carry10 = (s10 + (1<<20)) >> 21; s11 += carry10; s10 -= carry10 << 21;
+  carry12 = (s12 + (1<<20)) >> 21; s13 += carry12; s12 -= carry12 << 21;
+  carry14 = (s14 + (1<<20)) >> 21; s15 += carry14; s14 -= carry14 << 21;
+  carry16 = (s16 + (1<<20)) >> 21; s17 += carry16; s16 -= carry16 << 21;
+
+  carry7 = (s7 + (1<<20)) >> 21; s8 += carry7; s7 -= carry7 << 21;
+  carry9 = (s9 + (1<<20)) >> 21; s10 += carry9; s9 -= carry9 << 21;
+  carry11 = (s11 + (1<<20)) >> 21; s12 += carry11; s11 -= carry11 << 21;
+  carry13 = (s13 + (1<<20)) >> 21; s14 += carry13; s13 -= carry13 << 21;
+  carry15 = (s15 + (1<<20)) >> 21; s16 += carry15; s15 -= carry15 << 21;
+
+  s5 += s17 * 666643;
+  s6 += s17 * 470296;
+  s7 += s17 * 654183;
+  s8 -= s17 * 997805;
+  s9 += s17 * 136657;
+  s10 -= s17 * 683901;
+  s17 = 0;
+
+  s4 += s16 * 666643;
+  s5 += s16 * 470296;
+  s6 += s16 * 654183;
+  s7 -= s16 * 997805;
+  s8 += s16 * 136657;
+  s9 -= s16 * 683901;
+  s16 = 0;
+
+  s3 += s15 * 666643;
+  s4 += s15 * 470296;
+  s5 += s15 * 654183;
+  s6 -= s15 * 997805;
+  s7 += s15 * 136657;
+  s8 -= s15 * 683901;
+  s15 = 0;
+
+  s2 += s14 * 666643;
+  s3 += s14 * 470296;
+  s4 += s14 * 654183;
+  s5 -= s14 * 997805;
+  s6 += s14 * 136657;
+  s7 -= s14 * 683901;
+  s14 = 0;
+
+  s1 += s13 * 666643;
+  s2 += s13 * 470296;
+  s3 += s13 * 654183;
+  s4 -= s13 * 997805;
+  s5 += s13 * 136657;
+  s6 -= s13 * 683901;
+  s13 = 0;
+
+  s0 += s12 * 666643;
+  s1 += s12 * 470296;
+  s2 += s12 * 654183;
+  s3 -= s12 * 997805;
+  s4 += s12 * 136657;
+  s5 -= s12 * 683901;
+  s12 = 0;
+
+  carry0 = (s0 + (1<<20)) >> 21; s1 += carry0; s0 -= carry0 << 21;
+  carry2 = (s2 + (1<<20)) >> 21; s3 += carry2; s2 -= carry2 << 21;
+  carry4 = (s4 + (1<<20)) >> 21; s5 += carry4; s4 -= carry4 << 21;
+  carry6 = (s6 + (1<<20)) >> 21; s7 += carry6; s6 -= carry6 << 21;
+  carry8 = (s8 + (1<<20)) >> 21; s9 += carry8; s8 -= carry8 << 21;
+  carry10 = (s10 + (1<<20)) >> 21; s11 += carry10; s10 -= carry10 << 21;
+
+  carry1 = (s1 + (1<<20)) >> 21; s2 += carry1; s1 -= carry1 << 21;
+  carry3 = (s3 + (1<<20)) >> 21; s4 += carry3; s3 -= carry3 << 21;
+  carry5 = (s5 + (1<<20)) >> 21; s6 += carry5; s5 -= carry5 << 21;
+  carry7 = (s7 + (1<<20)) >> 21; s8 += carry7; s7 -= carry7 << 21;
+  carry9 = (s9 + (1<<20)) >> 21; s10 += carry9; s9 -= carry9 << 21;
+  carry11 = (s11 + (1<<20)) >> 21; s12 += carry11; s11 -= carry11 << 21;
+
+  s0 += s12 * 666643;
+  s1 += s12 * 470296;
+  s2 += s12 * 654183;
+  s3 -= s12 * 997805;
+  s4 += s12 * 136657;
+  s5 -= s12 * 683901;
+  s12 = 0;
+
+  carry0 = s0 >> 21; s1 += carry0; s0 -= carry0 << 21;
+  carry1 = s1 >> 21; s2 += carry1; s1 -= carry1 << 21;
+  carry2 = s2 >> 21; s3 += carry2; s2 -= carry2 << 21;
+  carry3 = s3 >> 21; s4 += carry3; s3 -= carry3 << 21;
+  carry4 = s4 >> 21; s5 += carry4; s4 -= carry4 << 21;
+  carry5 = s5 >> 21; s6 += carry5; s5 -= carry5 << 21;
+  carry6 = s6 >> 21; s7 += carry6; s6 -= carry6 << 21;
+  carry7 = s7 >> 21; s8 += carry7; s7 -= carry7 << 21;
+  carry8 = s8 >> 21; s9 += carry8; s8 -= carry8 << 21;
+  carry9 = s9 >> 21; s10 += carry9; s9 -= carry9 << 21;
+  carry10 = s10 >> 21; s11 += carry10; s10 -= carry10 << 21;
+  carry11 = s11 >> 21; s12 += carry11; s11 -= carry11 << 21;
+
+  s0 += s12 * 666643;
+  s1 += s12 * 470296;
+  s2 += s12 * 654183;
+  s3 -= s12 * 997805;
+  s4 += s12 * 136657;
+  s5 -= s12 * 683901;
+  s12 = 0;
+
+  carry0 = s0 >> 21; s1 += carry0; s0 -= carry0 << 21;
+  carry1 = s1 >> 21; s2 += carry1; s1 -= carry1 << 21;
+  carry2 = s2 >> 21; s3 += carry2; s2 -= carry2 << 21;
+  carry3 = s3 >> 21; s4 += carry3; s3 -= carry3 << 21;
+  carry4 = s4 >> 21; s5 += carry4; s4 -= carry4 << 21;
+  carry5 = s5 >> 21; s6 += carry5; s5 -= carry5 << 21;
+  carry6 = s6 >> 21; s7 += carry6; s6 -= carry6 << 21;
+  carry7 = s7 >> 21; s8 += carry7; s7 -= carry7 << 21;
+  carry8 = s8 >> 21; s9 += carry8; s8 -= carry8 << 21;
+  carry9 = s9 >> 21; s10 += carry9; s9 -= carry9 << 21;
+  carry10 = s10 >> 21; s11 += carry10; s10 -= carry10 << 21;
+
+  s[0] = s0 >> 0;
+  s[1] = s0 >> 8;
+  s[2] = (s0 >> 16) | (s1 << 5);
+  s[3] = s1 >> 3;
+  s[4] = s1 >> 11;
+  s[5] = (s1 >> 19) | (s2 << 2);
+  s[6] = s2 >> 6;
+  s[7] = (s2 >> 14) | (s3 << 7);
+  s[8] = s3 >> 1;
+  s[9] = s3 >> 9;
+  s[10] = (s3 >> 17) | (s4 << 4);
+  s[11] = s4 >> 4;
+  s[12] = s4 >> 12;
+  s[13] = (s4 >> 20) | (s5 << 1);
+  s[14] = s5 >> 7;
+  s[15] = (s5 >> 15) | (s6 << 6);
+  s[16] = s6 >> 2;
+  s[17] = s6 >> 10;
+  s[18] = (s6 >> 18) | (s7 << 3);
+  s[19] = s7 >> 5;
+  s[20] = s7 >> 13;
+  s[21] = s8 >> 0;
+  s[22] = s8 >> 8;
+  s[23] = (s8 >> 16) | (s9 << 5);
+  s[24] = s9 >> 3;
+  s[25] = s9 >> 11;
+  s[26] = (s9 >> 19) | (s10 << 2);
+  s[27] = s10 >> 6;
+  s[28] = (s10 >> 14) | (s11 << 7);
+  s[29] = s11 >> 1;
+  s[30] = s11 >> 9;
+  s[31] = s11 >> 17;
+
+  /* hush warnings after setting values to 0 */
+  (void)s12;
+  (void)s13;
+  (void)s14;
+  (void)s15;
+  (void)s16;
+  (void)s17;
+  (void)s18;
+  (void)s19;
+  (void)s20;
+  (void)s21;
+  (void)s22;
+  (void)s23;
+}
 
 
+/*
+Input:
+  a[0]+256*a[1]+...+256^31*a[31] = a
+  b[0]+256*b[1]+...+256^31*b[31] = b
+  c[0]+256*c[1]+...+256^31*c[31] = c
+
+Output:
+  s[0]+256*s[1]+...+256^31*s[31] = (ab+c) mod l
+  where l = 2^252 + 27742317777372353535851937790883648493.
+*/
+void sc_muladd(byte* s, const byte* a, const byte* b, const byte* c)
+{
+  int64_t a0 = 2097151 & load_3(a);
+  int64_t a1 = 2097151 & (load_4(a + 2) >> 5);
+  int64_t a2 = 2097151 & (load_3(a + 5) >> 2);
+  int64_t a3 = 2097151 & (load_4(a + 7) >> 7);
+  int64_t a4 = 2097151 & (load_4(a + 10) >> 4);
+  int64_t a5 = 2097151 & (load_3(a + 13) >> 1);
+  int64_t a6 = 2097151 & (load_4(a + 15) >> 6);
+  int64_t a7 = 2097151 & (load_3(a + 18) >> 3);
+  int64_t a8 = 2097151 & load_3(a + 21);
+  int64_t a9 = 2097151 & (load_4(a + 23) >> 5);
+  int64_t a10 = 2097151 & (load_3(a + 26) >> 2);
+  int64_t a11 = (load_4(a + 28) >> 7);
+  int64_t b0 = 2097151 & load_3(b);
+  int64_t b1 = 2097151 & (load_4(b + 2) >> 5);
+  int64_t b2 = 2097151 & (load_3(b + 5) >> 2);
+  int64_t b3 = 2097151 & (load_4(b + 7) >> 7);
+  int64_t b4 = 2097151 & (load_4(b + 10) >> 4);
+  int64_t b5 = 2097151 & (load_3(b + 13) >> 1);
+  int64_t b6 = 2097151 & (load_4(b + 15) >> 6);
+  int64_t b7 = 2097151 & (load_3(b + 18) >> 3);
+  int64_t b8 = 2097151 & load_3(b + 21);
+  int64_t b9 = 2097151 & (load_4(b + 23) >> 5);
+  int64_t b10 = 2097151 & (load_3(b + 26) >> 2);
+  int64_t b11 = (load_4(b + 28) >> 7);
+  int64_t c0 = 2097151 & load_3(c);
+  int64_t c1 = 2097151 & (load_4(c + 2) >> 5);
+  int64_t c2 = 2097151 & (load_3(c + 5) >> 2);
+  int64_t c3 = 2097151 & (load_4(c + 7) >> 7);
+  int64_t c4 = 2097151 & (load_4(c + 10) >> 4);
+  int64_t c5 = 2097151 & (load_3(c + 13) >> 1);
+  int64_t c6 = 2097151 & (load_4(c + 15) >> 6);
+  int64_t c7 = 2097151 & (load_3(c + 18) >> 3);
+  int64_t c8 = 2097151 & load_3(c + 21);
+  int64_t c9 = 2097151 & (load_4(c + 23) >> 5);
+  int64_t c10 = 2097151 & (load_3(c + 26) >> 2);
+  int64_t c11 = (load_4(c + 28) >> 7);
+  int64_t s0;
+  int64_t s1;
+  int64_t s2;
+  int64_t s3;
+  int64_t s4;
+  int64_t s5;
+  int64_t s6;
+  int64_t s7;
+  int64_t s8;
+  int64_t s9;
+  int64_t s10;
+  int64_t s11;
+  int64_t s12;
+  int64_t s13;
+  int64_t s14;
+  int64_t s15;
+  int64_t s16;
+  int64_t s17;
+  int64_t s18;
+  int64_t s19;
+  int64_t s20;
+  int64_t s21;
+  int64_t s22;
+  int64_t s23;
+  int64_t carry0;
+  int64_t carry1;
+  int64_t carry2;
+  int64_t carry3;
+  int64_t carry4;
+  int64_t carry5;
+  int64_t carry6;
+  int64_t carry7;
+  int64_t carry8;
+  int64_t carry9;
+  int64_t carry10;
+  int64_t carry11;
+  int64_t carry12;
+  int64_t carry13;
+  int64_t carry14;
+  int64_t carry15;
+  int64_t carry16;
+  int64_t carry17;
+  int64_t carry18;
+  int64_t carry19;
+  int64_t carry20;
+  int64_t carry21;
+  int64_t carry22;
+
+  s0 = c0 + a0*b0;
+  s1 = c1 + a0*b1 + a1*b0;
+  s2 = c2 + a0*b2 + a1*b1 + a2*b0;
+  s3 = c3 + a0*b3 + a1*b2 + a2*b1 + a3*b0;
+  s4 = c4 + a0*b4 + a1*b3 + a2*b2 + a3*b1 + a4*b0;
+  s5 = c5 + a0*b5 + a1*b4 + a2*b3 + a3*b2 + a4*b1 + a5*b0;
+  s6 = c6 + a0*b6 + a1*b5 + a2*b4 + a3*b3 + a4*b2 + a5*b1 + a6*b0;
+  s7 = c7 + a0*b7 + a1*b6 + a2*b5 + a3*b4 + a4*b3 + a5*b2 + a6*b1 + a7*b0;
+  s8 = c8 + a0*b8 + a1*b7 + a2*b6 + a3*b5 + a4*b4 + a5*b3 + a6*b2 + a7*b1
+          + a8*b0;
+  s9 = c9 + a0*b9 + a1*b8 + a2*b7 + a3*b6 + a4*b5 + a5*b4 + a6*b3 + a7*b2
+          + a8*b1 + a9*b0;
+  s10 = c10 + a0*b10 + a1*b9 + a2*b8 + a3*b7 + a4*b6 + a5*b5 + a6*b4 + a7*b3
+            + a8*b2 + a9*b1 + a10*b0;
+  s11 = c11 + a0*b11 + a1*b10 + a2*b9 + a3*b8 + a4*b7 + a5*b6 + a6*b5 + a7*b4
+            + a8*b3 + a9*b2 + a10*b1 + a11*b0;
+  s12 = a1*b11 + a2*b10 + a3*b9 + a4*b8 + a5*b7 + a6*b6 + a7*b5 + a8*b4 + a9*b3
+               + a10*b2 + a11*b1;
+  s13 = a2*b11 + a3*b10 + a4*b9 + a5*b8 + a6*b7 + a7*b6 + a8*b5 + a9*b4 + a10*b3
+               + a11*b2;
+  s14 = a3*b11 + a4*b10 + a5*b9 + a6*b8 + a7*b7 + a8*b6 + a9*b5 + a10*b4
+               + a11*b3;
+  s15 = a4*b11 + a5*b10 + a6*b9 + a7*b8 + a8*b7 + a9*b6 + a10*b5 + a11*b4;
+  s16 = a5*b11 + a6*b10 + a7*b9 + a8*b8 + a9*b7 + a10*b6 + a11*b5;
+  s17 = a6*b11 + a7*b10 + a8*b9 + a9*b8 + a10*b7 + a11*b6;
+  s18 = a7*b11 + a8*b10 + a9*b9 + a10*b8 + a11*b7;
+  s19 = a8*b11 + a9*b10 + a10*b9 + a11*b8;
+  s20 = a9*b11 + a10*b10 + a11*b9;
+  s21 = a10*b11 + a11*b10;
+  s22 = a11*b11;
+  s23 = 0;
+
+  carry0 = (s0 + (1<<20)) >> 21; s1 += carry0; s0 -= carry0 << 21;
+  carry2 = (s2 + (1<<20)) >> 21; s3 += carry2; s2 -= carry2 << 21;
+  carry4 = (s4 + (1<<20)) >> 21; s5 += carry4; s4 -= carry4 << 21;
+  carry6 = (s6 + (1<<20)) >> 21; s7 += carry6; s6 -= carry6 << 21;
+  carry8 = (s8 + (1<<20)) >> 21; s9 += carry8; s8 -= carry8 << 21;
+  carry10 = (s10 + (1<<20)) >> 21; s11 += carry10; s10 -= carry10 << 21;
+  carry12 = (s12 + (1<<20)) >> 21; s13 += carry12; s12 -= carry12 << 21;
+  carry14 = (s14 + (1<<20)) >> 21; s15 += carry14; s14 -= carry14 << 21;
+  carry16 = (s16 + (1<<20)) >> 21; s17 += carry16; s16 -= carry16 << 21;
+  carry18 = (s18 + (1<<20)) >> 21; s19 += carry18; s18 -= carry18 << 21;
+  carry20 = (s20 + (1<<20)) >> 21; s21 += carry20; s20 -= carry20 << 21;
+  carry22 = (s22 + (1<<20)) >> 21; s23 += carry22; s22 -= carry22 << 21;
+
+  carry1 = (s1 + (1<<20)) >> 21; s2 += carry1; s1 -= carry1 << 21;
+  carry3 = (s3 + (1<<20)) >> 21; s4 += carry3; s3 -= carry3 << 21;
+  carry5 = (s5 + (1<<20)) >> 21; s6 += carry5; s5 -= carry5 << 21;
+  carry7 = (s7 + (1<<20)) >> 21; s8 += carry7; s7 -= carry7 << 21;
+  carry9 = (s9 + (1<<20)) >> 21; s10 += carry9; s9 -= carry9 << 21;
+  carry11 = (s11 + (1<<20)) >> 21; s12 += carry11; s11 -= carry11 << 21;
+  carry13 = (s13 + (1<<20)) >> 21; s14 += carry13; s13 -= carry13 << 21;
+  carry15 = (s15 + (1<<20)) >> 21; s16 += carry15; s15 -= carry15 << 21;
+  carry17 = (s17 + (1<<20)) >> 21; s18 += carry17; s17 -= carry17 << 21;
+  carry19 = (s19 + (1<<20)) >> 21; s20 += carry19; s19 -= carry19 << 21;
+  carry21 = (s21 + (1<<20)) >> 21; s22 += carry21; s21 -= carry21 << 21;
+
+  s11 += s23 * 666643;
+  s12 += s23 * 470296;
+  s13 += s23 * 654183;
+  s14 -= s23 * 997805;
+  s15 += s23 * 136657;
+  s16 -= s23 * 683901;
+  s23 = 0;
+
+  s10 += s22 * 666643;
+  s11 += s22 * 470296;
+  s12 += s22 * 654183;
+  s13 -= s22 * 997805;
+  s14 += s22 * 136657;
+  s15 -= s22 * 683901;
+  s22 = 0;
+
+  s9 += s21 * 666643;
+  s10 += s21 * 470296;
+  s11 += s21 * 654183;
+  s12 -= s21 * 997805;
+  s13 += s21 * 136657;
+  s14 -= s21 * 683901;
+  s21 = 0;
+
+  s8 += s20 * 666643;
+  s9 += s20 * 470296;
+  s10 += s20 * 654183;
+  s11 -= s20 * 997805;
+  s12 += s20 * 136657;
+  s13 -= s20 * 683901;
+  s20 = 0;
+
+  s7 += s19 * 666643;
+  s8 += s19 * 470296;
+  s9 += s19 * 654183;
+  s10 -= s19 * 997805;
+  s11 += s19 * 136657;
+  s12 -= s19 * 683901;
+  s19 = 0;
+
+  s6 += s18 * 666643;
+  s7 += s18 * 470296;
+  s8 += s18 * 654183;
+  s9 -= s18 * 997805;
+  s10 += s18 * 136657;
+  s11 -= s18 * 683901;
+  s18 = 0;
+
+  carry6 = (s6 + (1<<20)) >> 21; s7 += carry6; s6 -= carry6 << 21;
+  carry8 = (s8 + (1<<20)) >> 21; s9 += carry8; s8 -= carry8 << 21;
+  carry10 = (s10 + (1<<20)) >> 21; s11 += carry10; s10 -= carry10 << 21;
+  carry12 = (s12 + (1<<20)) >> 21; s13 += carry12; s12 -= carry12 << 21;
+  carry14 = (s14 + (1<<20)) >> 21; s15 += carry14; s14 -= carry14 << 21;
+  carry16 = (s16 + (1<<20)) >> 21; s17 += carry16; s16 -= carry16 << 21;
+
+  carry7 = (s7 + (1<<20)) >> 21; s8 += carry7; s7 -= carry7 << 21;
+  carry9 = (s9 + (1<<20)) >> 21; s10 += carry9; s9 -= carry9 << 21;
+  carry11 = (s11 + (1<<20)) >> 21; s12 += carry11; s11 -= carry11 << 21;
+  carry13 = (s13 + (1<<20)) >> 21; s14 += carry13; s13 -= carry13 << 21;
+  carry15 = (s15 + (1<<20)) >> 21; s16 += carry15; s15 -= carry15 << 21;
+
+  s5 += s17 * 666643;
+  s6 += s17 * 470296;
+  s7 += s17 * 654183;
+  s8 -= s17 * 997805;
+  s9 += s17 * 136657;
+  s10 -= s17 * 683901;
+  s17 = 0;
+
+  s4 += s16 * 666643;
+  s5 += s16 * 470296;
+  s6 += s16 * 654183;
+  s7 -= s16 * 997805;
+  s8 += s16 * 136657;
+  s9 -= s16 * 683901;
+  s16 = 0;
+
+  s3 += s15 * 666643;
+  s4 += s15 * 470296;
+  s5 += s15 * 654183;
+  s6 -= s15 * 997805;
+  s7 += s15 * 136657;
+  s8 -= s15 * 683901;
+  s15 = 0;
+
+  s2 += s14 * 666643;
+  s3 += s14 * 470296;
+  s4 += s14 * 654183;
+  s5 -= s14 * 997805;
+  s6 += s14 * 136657;
+  s7 -= s14 * 683901;
+  s14 = 0;
+
+  s1 += s13 * 666643;
+  s2 += s13 * 470296;
+  s3 += s13 * 654183;
+  s4 -= s13 * 997805;
+  s5 += s13 * 136657;
+  s6 -= s13 * 683901;
+  s13 = 0;
+
+  s0 += s12 * 666643;
+  s1 += s12 * 470296;
+  s2 += s12 * 654183;
+  s3 -= s12 * 997805;
+  s4 += s12 * 136657;
+  s5 -= s12 * 683901;
+  s12 = 0;
+
+  carry0 = (s0 + (1<<20)) >> 21; s1 += carry0; s0 -= carry0 << 21;
+  carry2 = (s2 + (1<<20)) >> 21; s3 += carry2; s2 -= carry2 << 21;
+  carry4 = (s4 + (1<<20)) >> 21; s5 += carry4; s4 -= carry4 << 21;
+  carry6 = (s6 + (1<<20)) >> 21; s7 += carry6; s6 -= carry6 << 21;
+  carry8 = (s8 + (1<<20)) >> 21; s9 += carry8; s8 -= carry8 << 21;
+  carry10 = (s10 + (1<<20)) >> 21; s11 += carry10; s10 -= carry10 << 21;
+
+  carry1 = (s1 + (1<<20)) >> 21; s2 += carry1; s1 -= carry1 << 21;
+  carry3 = (s3 + (1<<20)) >> 21; s4 += carry3; s3 -= carry3 << 21;
+  carry5 = (s5 + (1<<20)) >> 21; s6 += carry5; s5 -= carry5 << 21;
+  carry7 = (s7 + (1<<20)) >> 21; s8 += carry7; s7 -= carry7 << 21;
+  carry9 = (s9 + (1<<20)) >> 21; s10 += carry9; s9 -= carry9 << 21;
+  carry11 = (s11 + (1<<20)) >> 21; s12 += carry11; s11 -= carry11 << 21;
+
+  s0 += s12 * 666643;
+  s1 += s12 * 470296;
+  s2 += s12 * 654183;
+  s3 -= s12 * 997805;
+  s4 += s12 * 136657;
+  s5 -= s12 * 683901;
+  s12 = 0;
+
+  carry0 = s0 >> 21; s1 += carry0; s0 -= carry0 << 21;
+  carry1 = s1 >> 21; s2 += carry1; s1 -= carry1 << 21;
+  carry2 = s2 >> 21; s3 += carry2; s2 -= carry2 << 21;
+  carry3 = s3 >> 21; s4 += carry3; s3 -= carry3 << 21;
+  carry4 = s4 >> 21; s5 += carry4; s4 -= carry4 << 21;
+  carry5 = s5 >> 21; s6 += carry5; s5 -= carry5 << 21;
+  carry6 = s6 >> 21; s7 += carry6; s6 -= carry6 << 21;
+  carry7 = s7 >> 21; s8 += carry7; s7 -= carry7 << 21;
+  carry8 = s8 >> 21; s9 += carry8; s8 -= carry8 << 21;
+  carry9 = s9 >> 21; s10 += carry9; s9 -= carry9 << 21;
+  carry10 = s10 >> 21; s11 += carry10; s10 -= carry10 << 21;
+  carry11 = s11 >> 21; s12 += carry11; s11 -= carry11 << 21;
+
+  s0 += s12 * 666643;
+  s1 += s12 * 470296;
+  s2 += s12 * 654183;
+  s3 -= s12 * 997805;
+  s4 += s12 * 136657;
+  s5 -= s12 * 683901;
+  s12 = 0;
+
+  carry0 = s0 >> 21; s1 += carry0; s0 -= carry0 << 21;
+  carry1 = s1 >> 21; s2 += carry1; s1 -= carry1 << 21;
+  carry2 = s2 >> 21; s3 += carry2; s2 -= carry2 << 21;
+  carry3 = s3 >> 21; s4 += carry3; s3 -= carry3 << 21;
+  carry4 = s4 >> 21; s5 += carry4; s4 -= carry4 << 21;
+  carry5 = s5 >> 21; s6 += carry5; s5 -= carry5 << 21;
+  carry6 = s6 >> 21; s7 += carry6; s6 -= carry6 << 21;
+  carry7 = s7 >> 21; s8 += carry7; s7 -= carry7 << 21;
+  carry8 = s8 >> 21; s9 += carry8; s8 -= carry8 << 21;
+  carry9 = s9 >> 21; s10 += carry9; s9 -= carry9 << 21;
+  carry10 = s10 >> 21; s11 += carry10; s10 -= carry10 << 21;
+
+  s[0] = s0 >> 0;
+  s[1] = s0 >> 8;
+  s[2] = (s0 >> 16) | (s1 << 5);
+  s[3] = s1 >> 3;
+  s[4] = s1 >> 11;
+  s[5] = (s1 >> 19) | (s2 << 2);
+  s[6] = s2 >> 6;
+  s[7] = (s2 >> 14) | (s3 << 7);
+  s[8] = s3 >> 1;
+  s[9] = s3 >> 9;
+  s[10] = (s3 >> 17) | (s4 << 4);
+  s[11] = s4 >> 4;
+  s[12] = s4 >> 12;
+  s[13] = (s4 >> 20) | (s5 << 1);
+  s[14] = s5 >> 7;
+  s[15] = (s5 >> 15) | (s6 << 6);
+  s[16] = s6 >> 2;
+  s[17] = s6 >> 10;
+  s[18] = (s6 >> 18) | (s7 << 3);
+  s[19] = s7 >> 5;
+  s[20] = s7 >> 13;
+  s[21] = s8 >> 0;
+  s[22] = s8 >> 8;
+  s[23] = (s8 >> 16) | (s9 << 5);
+  s[24] = s9 >> 3;
+  s[25] = s9 >> 11;
+  s[26] = (s9 >> 19) | (s10 << 2);
+  s[27] = s10 >> 6;
+  s[28] = (s10 >> 14) | (s11 << 7);
+  s[29] = s11 >> 1;
+  s[30] = s11 >> 9;
+  s[31] = s11 >> 17;
+
+  /* hush warnings after setting values to 0 */
+  (void)s12;
+  (void)s13;
+  (void)s14;
+  (void)s15;
+  (void)s16;
+  (void)s17;
+  (void)s18;
+  (void)s19;
+  (void)s20;
+  (void)s21;
+  (void)s22;
+  (void)s23;
+}
+
+
+int ge_compress_key(byte* out, const byte* xIn, const byte* yIn, word32 keySz)
+{
+    fe     x,y,z;
+    ge_p3  g;
+    byte   bArray[keySz];
+    word32 i;
+
+    fe_0(x);
+    fe_0(y);
+    fe_1(z);
+    fe_frombytes(x, xIn);
+    fe_frombytes(y, yIn);
+
+    fe_copy(g.X, x);
+    fe_copy(g.Y, y);
+    fe_copy(g.Z, z);
+
+    ge_p3_tobytes(bArray, &g);
+
+    for (i = 0; i < keySz; i++) {
+        out[keySz - 1 - i] = bArray[i];
+    }
+
+    return 0;
+}
+
+
+/*
 r = p + q
 */
-
 void ge_add(ge_p1p1 *r,const ge_p3 *p,const ge_cached *q)
 {
 	fe t0;
@@ -89,7 +747,8 @@ static unsigned char equal(signed char b,signed char c)
 
 static unsigned char negative(signed char b)
 {
-  unsigned long long x = b; /* 18446744073709551361..18446744073709551615: yes; 0..255: no */
+  unsigned long long x = b; /* 18446744073709551361..18446744073709551615:
+                               yes; 0..255: no */
   x >>= 63; /* 1: yes; 0: no */
   return x;
 }
@@ -1482,7 +2141,6 @@ B is the Ed25519 base point (x,4/5) with x positive.
 Preconditions:
   a[31] <= 127
 */
-
 void ge_scalarmult_base(ge_p3 *h,const unsigned char *a)
 {
   signed char e[64];
@@ -1610,8 +2268,8 @@ where a = a[0]+256*a[1]+...+256^31 a[31].
 and b = b[0]+256*b[1]+...+256^31 b[31].
 B is the Ed25519 base point (x,4/5) with x positive.
 */
-
-void ge_double_scalarmult_vartime(ge_p2 *r,const unsigned char *a,const ge_p3 *A,const unsigned char *b)
+int ge_double_scalarmult_vartime(ge_p2 *r, const unsigned char *a, 
+                                 const ge_p3 *A, const unsigned char *b)
 {
   signed char aslide[256];
   signed char bslide[256];
@@ -1661,16 +2319,20 @@ void ge_double_scalarmult_vartime(ge_p2 *r,const unsigned char *a,const ge_p3 *A
 
     ge_p1p1_to_p2(r,&t);
   }
+
+  return 0;
 }
 
 
 static const fe d = {
--10913610,13857413,-15372611,6949391,114729,-8787816,-6275908,-3247719,-18696448,-12055116
+-10913610,13857413,-15372611,6949391,114729,
+-8787816,-6275908,-3247719,-18696448,-12055116
 } ;
 
 
 static const fe sqrtm1 = {
--32595792,-7943725,9377950,3500415,12389472,-272473,-25146209,-2005654,326686,11406482
+-32595792,-7943725,9377950,3500415,12389472,
+-272473,-25146209,-2005654,326686,11406482
 } ;
 
 
@@ -1689,6 +2351,7 @@ int ge_frombytes_negate_vartime(ge_p3 *h,const unsigned char *s)
   fe_sub(u,u,h->Z);       /* u = y^2-1 */
   fe_add(v,v,h->Z);       /* v = dy^2+1 */
 
+
   fe_sq(v3,v);
   fe_mul(v3,v3,v);        /* v3 = v^3 */
   fe_sq(h->X,v3);
@@ -1850,7 +2513,8 @@ r = p
 */
 
 static const fe d2 = {
--21827239,-5839606,-30745221,13898782,229458,15978800,-12551817,-6495438,29715968,9444199
+-21827239,-5839606,-30745221,13898782,229458,
+15978800,-12551817,-6495438,29715968,9444199
 } ;
 
 
diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c
index 6620a5fda..ee1990929 100644
--- a/wolfcrypt/test/test.c
+++ b/wolfcrypt/test/test.c
@@ -5728,54 +5728,54 @@ int ed25519_test(void)
 
         if (wc_ed25519_import_private_key(sKeys[i], ED25519_KEY_SIZE, pKeys[i],
                 pKeySz[i], &key) != 0)
-            return -1021;
+            return -1021 - i;
 
         if (wc_ed25519_sign_msg(msgs[i], msgSz[i], out, &outlen, &key)
                 != 0)
-            return -1022;
+            return -1027 - i;
 
         if (XMEMCMP(out, sigs[i], 64))
-            return -1023;
+            return -1033 - i;
 
         /* test verify on good msg */
         if (wc_ed25519_verify_msg(out, outlen, msgs[i], msgSz[i], &verify,
                     &key) != 0 || verify != 1)
-            return -1024;
+            return -1039 - i;
 
         /* test verify on bad msg */
         out[outlen-1] = out[outlen-1] + 1;
         if (wc_ed25519_verify_msg(out, outlen, msgs[i], msgSz[i], &verify,
                     &key) == 0 || verify == 1)
-            return -1025;
+            return -1045 - i;
 
         /* test api for import/exporting keys */
         exportPSz = sizeof(exportPKey);
         exportSSz = sizeof(exportSKey);
         if (wc_ed25519_export_public(&key, exportPKey, &exportPSz) != 0)
-            return -1026;
+            return -1051 - i;
 
         if (wc_ed25519_import_public(exportPKey, exportPSz, &key2) != 0)
-            return -1027;
+            return -1057 - i;
 
         if (wc_ed25519_export_private_only(&key, exportSKey, &exportSSz) != 0)
-            return -1028;
+            return -1063 - i;
 
         if (wc_ed25519_import_private_key(exportSKey, exportSSz,
                                           exportPKey, exportPSz, &key2) != 0)
-            return -1029;
+            return -1069 - i;
 
         /* clear "out" buffer and test sign with imported keys */
         outlen = sizeof(out);
         XMEMSET(out, 0, sizeof(out));
         if (wc_ed25519_sign_msg(msgs[i], msgSz[i], out, &outlen, &key2) != 0)
-            return -1030;
+            return -1075 - i;
 
         if (wc_ed25519_verify_msg(out, outlen, msgs[i], msgSz[i], &verify,
                                   &key2) != 0 || verify != 1)
-            return -1031;
+            return -1081 - i;
 
         if (XMEMCMP(out, sigs[i], 64))
-            return -1032;
+            return -1087 - i;
     }
 
     /* clean up keys when done */
diff --git a/wolfssl/wolfcrypt/fe_operations.h b/wolfssl/wolfcrypt/fe_operations.h
index 3cd49015a..a779f2be7 100644
--- a/wolfssl/wolfcrypt/fe_operations.h
+++ b/wolfssl/wolfcrypt/fe_operations.h
@@ -19,9 +19,6 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
  */
 
- /* Based On Daniel J Bernstein's curve25519 and ed25519 Public Domain ref10
-    work. */
-
 #ifndef WOLF_CRYPT_FE_OPERATIONS_H
 #define WOLF_CRYPT_FE_OPERATIONS_H
 
@@ -29,7 +26,10 @@
 
 #if defined(HAVE_CURVE25519) || defined(HAVE_ED25519)
 
-#include <stdint.h>
+#ifndef CURVED25519_SMALL
+    #include <stdint.h>
+#endif
+#include <wolfssl/wolfcrypt/types.h>
 
 /*
 fe means field element.
@@ -39,29 +39,94 @@ t[0]+2^26 t[1]+2^51 t[2]+2^77 t[3]+2^102 t[4]+...+2^230 t[9].
 Bounds on each t[i] vary depending on context.
 */
 
-typedef int32_t fe[10];
+#ifdef CURVED25519_SMALL
+    #define F25519_SIZE	32
+    typedef byte     fe[32];
+#else
+    typedef int32_t  fe[10];
+#endif
+
+WOLFSSL_LOCAL int  curve25519(byte * q, byte * n, byte * p);
+WOLFSSL_LOCAL void fe_copy(fe, const fe);
+WOLFSSL_LOCAL void fe_add(fe, const fe, const fe);
+WOLFSSL_LOCAL void fe_neg(fe,const fe);
+WOLFSSL_LOCAL void fe_sub(fe, const fe, const fe);
+WOLFSSL_LOCAL void fe_invert(fe, const fe);
+WOLFSSL_LOCAL void fe_mul(fe,const fe,const fe);
+
+/* default to be faster but take more memory */
+#ifndef CURVED25519_SMALL
+
+/* Based On Daniel J Bernstein's curve25519 and ed25519 Public Domain ref10
+   work. */
 
 WOLFSSL_LOCAL void fe_0(fe);
 WOLFSSL_LOCAL void fe_1(fe);
-WOLFSSL_LOCAL void fe_add(fe, const fe, const fe);
+WOLFSSL_LOCAL int  fe_isnonzero(const fe);
+WOLFSSL_LOCAL int  fe_isnegative(const fe);
 WOLFSSL_LOCAL void fe_tobytes(unsigned char *, const fe);
-WOLFSSL_LOCAL void fe_sub(fe, const fe, const fe);
-WOLFSSL_LOCAL void fe_invert(fe, const fe);
 WOLFSSL_LOCAL void fe_sq(fe, const fe);
 WOLFSSL_LOCAL void fe_sq2(fe,const fe);
 WOLFSSL_LOCAL void fe_frombytes(fe,const unsigned char *);
-WOLFSSL_LOCAL void fe_mul(fe,const fe,const fe);
-WOLFSSL_LOCAL void fe_copy(fe, const fe);
 WOLFSSL_LOCAL void fe_cswap(fe,fe,unsigned int);
 WOLFSSL_LOCAL void fe_mul121666(fe,fe);
-WOLFSSL_LOCAL int fe_isnonzero(const fe);
-WOLFSSL_LOCAL int fe_isnegative(const fe);
 WOLFSSL_LOCAL void fe_cmov(fe,const fe,unsigned int);
-WOLFSSL_LOCAL void fe_neg(fe,const fe);
 WOLFSSL_LOCAL void fe_pow22523(fe,const fe);
+
+/* 64 type needed for SHA512 */
 WOLFSSL_LOCAL uint64_t load_3(const unsigned char *in);
 WOLFSSL_LOCAL uint64_t load_4(const unsigned char *in);
+#endif /* not defined CURVED25519_SMALL */
 
+/* Use less memory and only 32bit types or less, but is slower
+   Based on Daniel Beer's public domain work. */
+#ifdef CURVED25519_SMALL
+static const byte c25519_base_x[F25519_SIZE] = {9};
+static const byte f25519_zero[F25519_SIZE]   = {0};
+static const byte f25519_one[F25519_SIZE]    = {1};
+static const byte fprime_zero[F25519_SIZE]   = {0};
+static const byte fprime_one[F25519_SIZE]    = {1};
+
+WOLFSSL_LOCAL void fe_load(byte *x, word32 c);
+WOLFSSL_LOCAL void fe_normalize(byte *x);
+WOLFSSL_LOCAL void fe_inv__distinct(byte *r, const byte *x);
+
+/* Conditional copy. If condition == 0, then zero is copied to dst. If
+ * condition == 1, then one is copied to dst. Any other value results in
+ * undefined behaviour.
+ */
+WOLFSSL_LOCAL void fe_select(byte *dst, const byte *zero, const byte *one,
+		   byte condition);
+
+/* Multiply a point by a small constant. The two pointers are not
+ * required to be distinct.
+ *
+ * The constant must be less than 2^24.
+ */
+WOLFSSL_LOCAL void fe_mul_c(byte *r, const byte *a, word32 b);
+WOLFSSL_LOCAL void fe_mul__distinct(byte *r, const byte *a, const byte *b);
+
+/* Compute one of the square roots of the field element, if the element
+ * is square. The other square is -r.
+ *
+ * If the input is not square, the returned value is a valid field
+ * element, but not the correct answer. If you don't already know that
+ * your element is square, you should square the return value and test.
+ */
+WOLFSSL_LOCAL void fe_sqrt(byte *r, const byte *x);
+
+/* Conditional copy. If condition == 0, then zero is copied to dst. If
+ * condition == 1, then one is copied to dst. Any other value results in
+ * undefined behaviour.
+ */
+WOLFSSL_LOCAL void fprime_select(byte *dst, const byte *zero, const byte *one,
+		                         byte condition);
+WOLFSSL_LOCAL void fprime_add(byte *r, const byte *a, const byte *modulus);
+WOLFSSL_LOCAL void fprime_sub(byte *r, const byte *a, const byte *modulus);
+WOLFSSL_LOCAL void fprime_mul(byte *r, const byte *a, const byte *b,
+		                      const byte *modulus);
+WOLFSSL_LOCAL void fprime_copy(byte *x, const byte *a);
+#endif /* CURVED25519_SMALL */
 #endif /* HAVE_CURVE25519 or HAVE_ED25519 */
 #endif /* WOLF_CRYPT_FE_OPERATIONS_H */
 
diff --git a/wolfssl/wolfcrypt/ge_operations.h b/wolfssl/wolfcrypt/ge_operations.h
index 8cd09c547..00d1b3edc 100644
--- a/wolfssl/wolfcrypt/ge_operations.h
+++ b/wolfssl/wolfcrypt/ge_operations.h
@@ -28,7 +28,9 @@
 
 #ifdef HAVE_ED25519
 
-#include <stdint.h>
+#ifndef CURVED25519_SMALL
+    #include <stdint.h>
+#endif
 #include <wolfssl/wolfcrypt/fe_operations.h>
 
 /*
@@ -59,6 +61,20 @@ typedef struct {
   fe T;
 } ge_p3;
 
+WOLFSSL_LOCAL int  ge_compress_key(byte* out, const byte* xIn, const byte* yIn,
+                                                                word32 keySz);
+WOLFSSL_LOCAL int  ge_frombytes_negate_vartime(ge_p3 *,const unsigned char *);
+
+WOLFSSL_LOCAL int  ge_double_scalarmult_vartime(ge_p2 *,const unsigned char *,
+                                         const ge_p3 *,const unsigned char *);
+WOLFSSL_LOCAL void ge_scalarmult_base(ge_p3 *,const unsigned char *);
+WOLFSSL_LOCAL void sc_reduce(byte* s);
+WOLFSSL_LOCAL void sc_muladd(byte* s, const byte* a, const byte* b,
+                             const byte* c);
+WOLFSSL_LOCAL void ge_tobytes(unsigned char *,const ge_p2 *);
+WOLFSSL_LOCAL void ge_p3_tobytes(unsigned char *,const ge_p3 *);
+
+#ifndef CURVED25519_SMALL
 typedef struct {
   fe X;
   fe Y;
@@ -79,10 +95,6 @@ typedef struct {
   fe T2d;
 } ge_cached;
 
-WOLFSSL_LOCAL void ge_tobytes(unsigned char *,const ge_p2 *);
-WOLFSSL_LOCAL void ge_p3_tobytes(unsigned char *,const ge_p3 *);
-WOLFSSL_LOCAL int ge_frombytes_negate_vartime(ge_p3 *,const unsigned char *);
-
 WOLFSSL_LOCAL void ge_p2_0(ge_p2 *);
 WOLFSSL_LOCAL void ge_p3_0(ge_p3 *);
 WOLFSSL_LOCAL void ge_precomp_0(ge_precomp *);
@@ -97,10 +109,7 @@ WOLFSSL_LOCAL void ge_madd(ge_p1p1 *,const ge_p3 *,const ge_precomp *);
 WOLFSSL_LOCAL void ge_msub(ge_p1p1 *,const ge_p3 *,const ge_precomp *);
 WOLFSSL_LOCAL void ge_add(ge_p1p1 *,const ge_p3 *,const ge_cached *);
 WOLFSSL_LOCAL void ge_sub(ge_p1p1 *,const ge_p3 *,const ge_cached *);
-WOLFSSL_LOCAL void ge_scalarmult_base(ge_p3 *,const unsigned char *);
-WOLFSSL_LOCAL void ge_double_scalarmult_vartime(ge_p2 *,const unsigned char *,
-                                         const ge_p3 *,const unsigned char *);
-
+#endif /* no CURVED25519_SMALL */
 #endif /* HAVE_ED25519 */
 #endif /* WOLF_CRYPT_GE_OPERATIONS_H */
 

From 067f11ff345139d0f556f9c5beaf8f8fd14f651e Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Fri, 5 Jun 2015 14:46:48 -0700
Subject: [PATCH 114/350] Added a known answer test inside the HashDRBG that is
 called when creating a new instance of a DRBG, at reseed time. Added a check
 that the freed DRBG's state actually gets cleared.

---
 wolfcrypt/src/random.c | 165 +++++++++++++++++++++++++++++++++--------
 1 file changed, 133 insertions(+), 32 deletions(-)

diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c
index d1786e5b1..6a27bff56 100755
--- a/wolfcrypt/src/random.c
+++ b/wolfcrypt/src/random.c
@@ -64,6 +64,7 @@ int  wc_RNG_GenerateByte(RNG* rng, byte* b)
 }
 
 #if defined(HAVE_HASHDRBG) || defined(NO_RC4)
+
     int wc_FreeRng(RNG* rng)
     {
         return FreeRng_fips(rng);
@@ -170,6 +171,8 @@ typedef struct DRBG {
 } DRBG;
 
 
+static int wc_RNG_HealthTestLocal(int reseed);
+
 /* Hash Derivation Function */
 /* Returns: DRBG_SUCCESS or DRBG_FAILURE */
 static int Hash_df(DRBG* drbg, byte* out, word32 outSz, byte type,
@@ -201,8 +204,7 @@ static int Hash_df(DRBG* drbg, byte* out, word32 outSz, byte type,
         if (wc_Sha256Update(&sha, (byte*)&bits, sizeof(bits)) != 0)
             return DRBG_FAILURE;
 
-        /* churning V is the only string that doesn't have 
-         * the type added */
+        /* churning V is the only string that doesn't have the type added */
         if (type != drbgInitV)
             if (wc_Sha256Update(&sha, &type, sizeof(type)) != 0)
                 return DRBG_FAILURE;
@@ -350,7 +352,12 @@ static INLINE void array_add(byte* d, word32 dLen, const byte* s, word32 sLen)
     }
 }
 
-
+/* Isn't failing the whole library more conservative? The library checks itself
+ * once, and if there are any contiunous errors, we assume the whole thing is
+ * dead. */
+/* XXX: Need to do a KAT self-test when this is called. 800-90 S11.3.
+ * We can set the frequency of the retesting, and that'll be when it
+ * is time to reseed, since we have to test the reseed anyway. */
 /* Returns: DRBG_SUCCESS, DRBG_NEED_RESEED, or DRBG_FAILURE */
 static int Hash_DRBG_Generate(DRBG* drbg, byte* out, word32 outSz)
 {
@@ -413,12 +420,15 @@ static int Hash_DRBG_Instantiate(DRBG* drbg, const byte* seed, word32 seedSz,
 }
 
 
-/* Returns: DRBG_SUCCESS */
+/* Returns: DRBG_SUCCESS or DRBG_FAILURE */
 static int Hash_DRBG_Uninstantiate(DRBG* drbg)
 {
+    volatile DRBG clear = {0, 0, {0}, {0}, 0};
+
     ForceZero(drbg, sizeof(DRBG));
 
-    return DRBG_SUCCESS;
+    return (ConstantCompare((byte*)drbg, (byte*)&clear, sizeof(DRBG)) == 0) ?
+        DRBG_SUCCESS : DRBG_FAILURE;
 }
 
 /* End NIST DRBG Code */
@@ -430,25 +440,31 @@ int wc_InitRng(RNG* rng)
     int ret = BAD_FUNC_ARG;
 
     if (rng != NULL) {
-        byte entropy[ENTROPY_NONCE_SZ];
+        if (wc_RNG_HealthTestLocal(0) == 0) {
+            byte entropy[ENTROPY_NONCE_SZ];
 
-        rng->drbg = (struct DRBG*)XMALLOC(sizeof(DRBG), NULL, DYNAMIC_TYPE_RNG);
-        if (rng->drbg == NULL) {
-            ret = MEMORY_E;
-        }
-        /* This doesn't use a separate nonce. The entropy input will be
-         * the default size plus the size of the nonce making the seed
-         * size. */
-        else if (wc_GenerateSeed(&rng->seed, entropy, ENTROPY_NONCE_SZ) == 0 &&
-                 Hash_DRBG_Instantiate(rng->drbg, entropy, ENTROPY_NONCE_SZ,
-                                                     NULL, 0) == DRBG_SUCCESS) {
+            rng->drbg =
+                    (struct DRBG*)XMALLOC(sizeof(DRBG), NULL, DYNAMIC_TYPE_RNG);
+            if (rng->drbg == NULL) {
+                ret = MEMORY_E;
+            }
+            /* This doesn't use a separate nonce. The entropy input will be
+             * the default size plus the size of the nonce making the seed
+             * size. */
+            else if (wc_GenerateSeed(&rng->seed,
+                                              entropy, ENTROPY_NONCE_SZ) == 0 &&
+                     Hash_DRBG_Instantiate(rng->drbg,
+                          entropy, ENTROPY_NONCE_SZ, NULL, 0) == DRBG_SUCCESS) {
 
-            ret = Hash_DRBG_Generate(rng->drbg, NULL, 0);
+                ret = Hash_DRBG_Generate(rng->drbg, NULL, 0);
+            }
+            else
+                ret = DRBG_FAILURE;
+
+            ForceZero(entropy, ENTROPY_NONCE_SZ);
         }
         else
-            ret = DRBG_FAILURE;
-
-        ForceZero(entropy, ENTROPY_NONCE_SZ);
+            ret = DRBG_CONT_FAILURE;
 
         if (ret == DRBG_SUCCESS) {
             rng->status = DRBG_OK;
@@ -485,19 +501,24 @@ int wc_RNG_GenerateBlock(RNG* rng, byte* output, word32 sz)
     ret = Hash_DRBG_Generate(rng->drbg, output, sz);
 
     if (ret == DRBG_NEED_RESEED) {
-        byte entropy[ENTROPY_SZ];
+        if (wc_RNG_HealthTestLocal(1) == 0) {
+            byte entropy[ENTROPY_SZ];
 
-        if (wc_GenerateSeed(&rng->seed, entropy, ENTROPY_SZ) == 0 &&
-            Hash_DRBG_Reseed(rng->drbg, entropy, ENTROPY_SZ) == DRBG_SUCCESS) {
+            if (wc_GenerateSeed(&rng->seed, entropy, ENTROPY_SZ) == 0 &&
+                Hash_DRBG_Reseed(rng->drbg, entropy, ENTROPY_SZ)
+                                                              == DRBG_SUCCESS) {
 
-            ret = Hash_DRBG_Generate(rng->drbg, NULL, 0);
-            if (ret == DRBG_SUCCESS)
-                ret = Hash_DRBG_Generate(rng->drbg, output, sz);
+                ret = Hash_DRBG_Generate(rng->drbg, NULL, 0);
+                if (ret == DRBG_SUCCESS)
+                    ret = Hash_DRBG_Generate(rng->drbg, output, sz);
+            }
+            else
+                ret = DRBG_FAILURE;
+
+            ForceZero(entropy, ENTROPY_SZ);
         }
         else
-            ret = DRBG_FAILURE;
-
-        ForceZero(entropy, ENTROPY_SZ);
+            ret = DRBG_CONT_FAILURE;
     }
 
     if (ret == DRBG_SUCCESS) {
@@ -545,8 +566,8 @@ int wc_FreeRng(RNG* rng)
 
 
 int wc_RNG_HealthTest(int reseed, const byte* entropyA, word32 entropyASz,
-                               const byte* entropyB, word32 entropyBSz,
-                               byte* output, word32 outputSz)
+                                  const byte* entropyB, word32 entropyBSz,
+                                  byte* output, word32 outputSz)
 {
     DRBG drbg;
 
@@ -579,11 +600,91 @@ int wc_RNG_HealthTest(int reseed, const byte* entropyA, word32 entropyASz,
         return -1;
     }
 
-    Hash_DRBG_Uninstantiate(&drbg);
+    if (Hash_DRBG_Uninstantiate(&drbg) != 0) {
+        return -1;
+    }
 
     return 0;
 }
 
+
+const byte entropyA[] = {
+    0x63, 0x36, 0x33, 0x77, 0xe4, 0x1e, 0x86, 0x46, 0x8d, 0xeb, 0x0a, 0xb4,
+    0xa8, 0xed, 0x68, 0x3f, 0x6a, 0x13, 0x4e, 0x47, 0xe0, 0x14, 0xc7, 0x00,
+    0x45, 0x4e, 0x81, 0xe9, 0x53, 0x58, 0xa5, 0x69, 0x80, 0x8a, 0xa3, 0x8f,
+    0x2a, 0x72, 0xa6, 0x23, 0x59, 0x91, 0x5a, 0x9f, 0x8a, 0x04, 0xca, 0x68
+};
+
+const byte reseedEntropyA[] = {
+    0xe6, 0x2b, 0x8a, 0x8e, 0xe8, 0xf1, 0x41, 0xb6, 0x98, 0x05, 0x66, 0xe3,
+    0xbf, 0xe3, 0xc0, 0x49, 0x03, 0xda, 0xd4, 0xac, 0x2c, 0xdf, 0x9f, 0x22,
+    0x80, 0x01, 0x0a, 0x67, 0x39, 0xbc, 0x83, 0xd3
+};
+
+const byte outputA[] = {
+    0x04, 0xee, 0xc6, 0x3b, 0xb2, 0x31, 0xdf, 0x2c, 0x63, 0x0a, 0x1a, 0xfb,
+    0xe7, 0x24, 0x94, 0x9d, 0x00, 0x5a, 0x58, 0x78, 0x51, 0xe1, 0xaa, 0x79,
+    0x5e, 0x47, 0x73, 0x47, 0xc8, 0xb0, 0x56, 0x62, 0x1c, 0x18, 0xbd, 0xdc,
+    0xdd, 0x8d, 0x99, 0xfc, 0x5f, 0xc2, 0xb9, 0x20, 0x53, 0xd8, 0xcf, 0xac,
+    0xfb, 0x0b, 0xb8, 0x83, 0x12, 0x05, 0xfa, 0xd1, 0xdd, 0xd6, 0xc0, 0x71,
+    0x31, 0x8a, 0x60, 0x18, 0xf0, 0x3b, 0x73, 0xf5, 0xed, 0xe4, 0xd4, 0xd0,
+    0x71, 0xf9, 0xde, 0x03, 0xfd, 0x7a, 0xea, 0x10, 0x5d, 0x92, 0x99, 0xb8,
+    0xaf, 0x99, 0xaa, 0x07, 0x5b, 0xdb, 0x4d, 0xb9, 0xaa, 0x28, 0xc1, 0x8d,
+    0x17, 0x4b, 0x56, 0xee, 0x2a, 0x01, 0x4d, 0x09, 0x88, 0x96, 0xff, 0x22,
+    0x82, 0xc9, 0x55, 0xa8, 0x19, 0x69, 0xe0, 0x69, 0xfa, 0x8c, 0xe0, 0x07,
+    0xa1, 0x80, 0x18, 0x3a, 0x07, 0xdf, 0xae, 0x17
+};
+
+const byte entropyB[] = {
+    0xa6, 0x5a, 0xd0, 0xf3, 0x45, 0xdb, 0x4e, 0x0e, 0xff, 0xe8, 0x75, 0xc3,
+    0xa2, 0xe7, 0x1f, 0x42, 0xc7, 0x12, 0x9d, 0x62, 0x0f, 0xf5, 0xc1, 0x19,
+    0xa9, 0xef, 0x55, 0xf0, 0x51, 0x85, 0xe0, 0xfb, 0x85, 0x81, 0xf9, 0x31,
+    0x75, 0x17, 0x27, 0x6e, 0x06, 0xe9, 0x60, 0x7d, 0xdb, 0xcb, 0xcc, 0x2e
+};
+
+const byte outputB[] = {
+    0xd3, 0xe1, 0x60, 0xc3, 0x5b, 0x99, 0xf3, 0x40, 0xb2, 0x62, 0x82, 0x64,
+    0xd1, 0x75, 0x10, 0x60, 0xe0, 0x04, 0x5d, 0xa3, 0x83, 0xff, 0x57, 0xa5,
+    0x7d, 0x73, 0xa6, 0x73, 0xd2, 0xb8, 0xd8, 0x0d, 0xaa, 0xf6, 0xa6, 0xc3,
+    0x5a, 0x91, 0xbb, 0x45, 0x79, 0xd7, 0x3f, 0xd0, 0xc8, 0xfe, 0xd1, 0x11,
+    0xb0, 0x39, 0x13, 0x06, 0x82, 0x8a, 0xdf, 0xed, 0x52, 0x8f, 0x01, 0x81,
+    0x21, 0xb3, 0xfe, 0xbd, 0xc3, 0x43, 0xe7, 0x97, 0xb8, 0x7d, 0xbb, 0x63,
+    0xdb, 0x13, 0x33, 0xde, 0xd9, 0xd1, 0xec, 0xe1, 0x77, 0xcf, 0xa6, 0xb7,
+    0x1f, 0xe8, 0xab, 0x1d, 0xa4, 0x66, 0x24, 0xed, 0x64, 0x15, 0xe5, 0x1c,
+    0xcd, 0xe2, 0xc7, 0xca, 0x86, 0xe2, 0x83, 0x99, 0x0e, 0xea, 0xeb, 0x91,
+    0x12, 0x04, 0x15, 0x52, 0x8b, 0x22, 0x95, 0x91, 0x02, 0x81, 0xb0, 0x2d,
+    0xd4, 0x31, 0xf4, 0xc9, 0xf7, 0x04, 0x27, 0xdf
+};
+
+
+static int wc_RNG_HealthTestLocal(int reseed)
+{
+    int ret = 0;
+    byte check[SHA256_DIGEST_SIZE * 4];
+
+    if (reseed) {
+        ret = wc_RNG_HealthTest(1, entropyA, sizeof(entropyA),
+                                reseedEntropyA, sizeof(reseedEntropyA),
+                                check, sizeof(check));
+        if (ret == 0) {
+            if (ConstantCompare(check, outputA, sizeof(check)) != 0)
+                ret = -1;
+        }
+    }
+    else {
+        ret = wc_RNG_HealthTest(0, entropyB, sizeof(entropyB),
+                                NULL, 0,
+                                check, sizeof(check));
+        if (ret == 0) {
+            if (ConstantCompare(check, outputB, sizeof(check)) != 0)
+                ret = -1;
+        }
+    }
+
+    return ret;
+}
+
+
 #else /* HAVE_HASHDRBG || NO_RC4 */
 
 /* Get seed and key cipher */

From 9f8862888eda716b8d3fa0e7237f2ddd571c19d3 Mon Sep 17 00:00:00 2001
From: Nickolas Lapp <nickolaslapp@gmail.com>
Date: Mon, 8 Jun 2015 14:40:15 -0600
Subject: [PATCH 115/350] Fixing bug in wc_ecc_sig_size not handling error code

---
 wolfcrypt/src/ecc.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c
index 82b74bf5f..122121260 100644
--- a/wolfcrypt/src/ecc.c
+++ b/wolfcrypt/src/ecc.c
@@ -2705,7 +2705,7 @@ int wc_ecc_size(ecc_key* key)
 int wc_ecc_sig_size(ecc_key* key)
 {
     int sz = wc_ecc_size(key);
-    if (sz < 0)
+    if (sz <= 0)
         return sz;
 
     return sz * 2 + SIG_HEADER_SZ + 4;  /* (4) worst case estimate */

From 13b0d632b2169e43b1f76db54c8c7d809b26da0c Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Mon, 8 Jun 2015 14:44:02 -0700
Subject: [PATCH 116/350] add WOLFSSL_VXWORKS setting

---
 wolfssl/wolfcrypt/settings.h | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h
index fa6aaa0e9..57c404a54 100644
--- a/wolfssl/wolfcrypt/settings.h
+++ b/wolfssl/wolfcrypt/settings.h
@@ -108,6 +108,9 @@
 /* Uncomment next line if using Max Strength build */
 /* #define WOLFSSL_MAX_STRENGTH */
 
+/* Uncomment next line if building for VxWorks */
+/* #define WOLFSSL_VXWORKS */
+
 #include <wolfssl/wolfcrypt/visibility.h>
 
 #ifdef WOLFSSL_USER_SETTINGS
@@ -273,6 +276,12 @@
 #endif
 
 
+#ifdef WOLFSSL_VXWORKS
+    #define NO_DEV_RANDOM
+    #define NO_WRITEV
+#endif
+
+
 /* Micrium will use Visual Studio for compilation but not the Win32 API */
 #if defined(_WIN32) && !defined(MICRIUM) && !defined(FREERTOS) \
         && !defined(EBSNET) && !defined(WOLFSSL_EROAD)

From d9ccc51f58b1cf23884fae2370838303f64b6849 Mon Sep 17 00:00:00 2001
From: Takashi Kojo <kojo@wolfssl.com>
Date: Tue, 9 Jun 2015 07:02:21 +0900
Subject: [PATCH 117/350] Fix TI driver API to ROM_xxx

---
 IDE/IAR-EWARM/Projects/benchmark/current_time.c | 2 +-
 wolfcrypt/src/port/ti/ti-aes.c                  | 2 +-
 wolfcrypt/src/port/ti/ti-ccm.c                  | 2 +-
 wolfcrypt/src/port/ti/ti-des3.c                 | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/IDE/IAR-EWARM/Projects/benchmark/current_time.c b/IDE/IAR-EWARM/Projects/benchmark/current_time.c
index 7d42cfc02..9a21fd740 100644
--- a/IDE/IAR-EWARM/Projects/benchmark/current_time.c
+++ b/IDE/IAR-EWARM/Projects/benchmark/current_time.c
@@ -38,7 +38,7 @@
 #include "driverlib/timer.h"
 
 void InitTimer(void) {
-    uint32_t ui32SysClock = SysCtlClockFreqSet((SYSCTL_XTAL_25MHZ |
+    uint32_t ui32SysClock = ROM_SysCtlClockFreqSet((SYSCTL_XTAL_25MHZ |
                                        SYSCTL_OSC_MAIN |
                                        SYSCTL_USE_PLL |
                                        SYSCTL_CFG_VCO_480), 120000000);
diff --git a/wolfcrypt/src/port/ti/ti-aes.c b/wolfcrypt/src/port/ti/ti-aes.c
index 8ca83385c..d38e7a3cb 100644
--- a/wolfcrypt/src/port/ti/ti-aes.c
+++ b/wolfcrypt/src/port/ti/ti-aes.c
@@ -89,7 +89,7 @@ static int  AesAlign16(Aes* aes, byte* out, const byte* in, word32 sz, word32 di
     ROM_AESReset(AES_BASE);
     ROM_AESConfigSet(AES_BASE, (aes->keylen | dir | 
                      (mode==AES_CFG_MODE_CTR_NOCTR ? AES_CFG_MODE_CTR : mode)));
-    AESIVSet(AES_BASE, aes->reg);
+    ROM_AESIVSet(AES_BASE, aes->reg);
     ROM_AESKey1Set(AES_BASE, aes->key, aes->keylen);
     if((dir == AES_CFG_DIR_DECRYPT)&& (mode == AES_CFG_MODE_CBC))
         /* if input and output same will overwrite input iv */
diff --git a/wolfcrypt/src/port/ti/ti-ccm.c b/wolfcrypt/src/port/ti/ti-ccm.c
index 801cc9bb5..73f464d6f 100644
--- a/wolfcrypt/src/port/ti/ti-ccm.c
+++ b/wolfcrypt/src/port/ti/ti-ccm.c
@@ -48,7 +48,7 @@ bool wolfSSL_TI_CCMInit(void)
     if(ccm_init)return true ;
     ccm_init = true ;
 
-    SysCtlClockFreqSet((SYSCTL_XTAL_25MHZ |
+    ROM_SysCtlClockFreqSet((SYSCTL_XTAL_25MHZ |
                                        SYSCTL_OSC_MAIN |
                                        SYSCTL_USE_PLL |
                                        SYSCTL_CFG_VCO_480), 120000000);
diff --git a/wolfcrypt/src/port/ti/ti-des3.c b/wolfcrypt/src/port/ti/ti-des3.c
index d51c48e1a..21c61d310 100644
--- a/wolfcrypt/src/port/ti/ti-des3.c
+++ b/wolfcrypt/src/port/ti/ti-des3.c
@@ -74,7 +74,7 @@ static int  DesCbcAlign16(Des* des, byte* out, const byte* in, word32 sz, word32
     wolfSSL_TI_lockCCM() ;
     ROM_DESReset(DES_BASE);
     ROM_DESConfigSet(DES_BASE, (dir | DES_CFG_MODE_CBC | tri));
-    DESIVSet(DES_BASE, des->reg);
+    ROM_DESIVSet(DES_BASE, des->reg);
     ROM_DESKeySet(DES_BASE, des->key);
     if(dir == DES_CFG_DIR_DECRYPT)
         /* if input and output same will overwrite input iv */

From 0426adaa1b90484d71b9ae153a59ebd594d461e0 Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Tue, 9 Jun 2015 08:37:55 -0700
Subject: [PATCH 118/350] document current scripts

---
 SCRIPTS-LIST | 33 +++++++++++++++++++++++++++++++++
 1 file changed, 33 insertions(+)
 create mode 100644 SCRIPTS-LIST

diff --git a/SCRIPTS-LIST b/SCRIPTS-LIST
new file mode 100644
index 000000000..0638c5555
--- /dev/null
+++ b/SCRIPTS-LIST
@@ -0,0 +1,33 @@
+autogen.sh - creates ./configure from source checkout, sets up git hooks
+
+pre-commit.sh - our pre commit hook, saves current state before running commit
+                tests to allow a resotre back to current state
+
+commit-tests.sh - our commit tests, must pass before a commit is accepted, use
+                  -n (--no-verify) to disable
+
+client-test.sh - example client test against google
+
+fips-check.sh - checks if current wolfSSL version works against FIPS wolfCrypt
+                comment out last line to leave working directory
+
+gencertbuf.pl - creates certs_test.h, our certs / keys C array for easy non
+                filesystem testing
+
+pull_to_vagrant.sh - synchronize to a vm without using git
+
+certs/
+ renewcerts.sh - renews test certs and crls
+ crl/
+  gencrls.sh   - generates crls, used by renewcerts.sh
+
+scripts/
+ external.test - example client test against our website, part of tests
+ resume.test   - example sessoin resume test, part of tests
+ sniffer-testsuite.test -  runs snifftest on a pcap of testsuite, part of tests
+                           in sniffer mode
+swig/
+ PythonBuild.sh - builds and runs simple python example
+
+valgrind-error.sh - deprecated, was used to detect valgrind errors before
+                    automake switched to concurrent tests

From 44db14007613d1bc4f20c464b3a1f12bcf0895de Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Tue, 9 Jun 2015 08:51:55 -0700
Subject: [PATCH 119/350] move client-test.sh to scripts/google.test

---
 SCRIPTS-LIST                          |  2 +-
 client-test.sh => scripts/google.test | 10 ++++++----
 scripts/include.am                    |  1 +
 3 files changed, 8 insertions(+), 5 deletions(-)
 rename client-test.sh => scripts/google.test (57%)

diff --git a/SCRIPTS-LIST b/SCRIPTS-LIST
index 0638c5555..2f2306590 100644
--- a/SCRIPTS-LIST
+++ b/SCRIPTS-LIST
@@ -6,7 +6,6 @@ pre-commit.sh - our pre commit hook, saves current state before running commit
 commit-tests.sh - our commit tests, must pass before a commit is accepted, use
                   -n (--no-verify) to disable
 
-client-test.sh - example client test against google
 
 fips-check.sh - checks if current wolfSSL version works against FIPS wolfCrypt
                 comment out last line to leave working directory
@@ -23,6 +22,7 @@ certs/
 
 scripts/
  external.test - example client test against our website, part of tests
+ google.test   - example client test against google, part of tests
  resume.test   - example sessoin resume test, part of tests
  sniffer-testsuite.test -  runs snifftest on a pcap of testsuite, part of tests
                            in sniffer mode
diff --git a/client-test.sh b/scripts/google.test
similarity index 57%
rename from client-test.sh
rename to scripts/google.test
index 7ff918135..789c06989 100755
--- a/client-test.sh
+++ b/scripts/google.test
@@ -1,16 +1,18 @@
 #!/bin/bash
 
-# client-test.sh
+# google.test
+
+server=www.google.com
 
 [ ! -x ./examples/client/client ] && echo -e "\n\nClient doesn't exist" && exit 1
 
 # is our desired server there?
-ping -c 2 -i 0.2 www.google.com
+ping -c 2 -i 0.2 $server
 RESULT=$?
-[ $RESULT -ne 0 ] && echo -e "\n\nCouldn't find server, skipping" && exit 0
+[ $RESULT -ne 0 ] && echo -e "\n\nCouldn't find $server, skipping" && exit 0
 
 # client test against the server
-./examples/client/client -h www.google.com -p 443 -g -d
+./examples/client/client -X -C -h $server -p 443 -g -d
 RESULT=$?
 [ $RESULT -ne 0 ] && echo -e "\n\nClient connection failed" && exit 1
 
diff --git a/scripts/include.am b/scripts/include.am
index 0591e2813..924634aa7 100644
--- a/scripts/include.am
+++ b/scripts/include.am
@@ -12,6 +12,7 @@ if BUILD_EXAMPLES
 dist_noinst_SCRIPTS+= scripts/resume.test
 if !BUILD_IPV6
 dist_noinst_SCRIPTS+= scripts/external.test
+dist_noinst_SCRIPTS+= scripts/google.test
 endif
 endif
 

From f76af05abf2caff34cbd6608263656e3244e640a Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Wed, 10 Jun 2015 14:11:36 -0700
Subject: [PATCH 120/350] change autoconf scripts to /bin/sh, no -i on ping for
 portability

---
 commit-tests.sh                | 2 +-
 scripts/external.test          | 4 ++--
 scripts/google.test            | 4 ++--
 scripts/resume.test            | 2 +-
 scripts/sniffer-testsuite.test | 2 +-
 5 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/commit-tests.sh b/commit-tests.sh
index 995824398..eae91ab19 100755
--- a/commit-tests.sh
+++ b/commit-tests.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh
 
 #commit-tests.sh
 
diff --git a/scripts/external.test b/scripts/external.test
index 1d6cb7e12..0438b0ea4 100755
--- a/scripts/external.test
+++ b/scripts/external.test
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh
 
 # external.test
 
@@ -8,7 +8,7 @@ ca=./certs/wolfssl-website-ca.pem
 [ ! -x ./examples/client/client ] && echo -e "\n\nClient doesn't exist" && exit 1
 
 # is our desired server there?
-ping -c 2 -i 0.2 $server
+ping -c 2 $server
 RESULT=$?
 [ $RESULT -ne 0 ] && echo -e "\n\nCouldn't find $server, skipping" && exit 0
 
diff --git a/scripts/google.test b/scripts/google.test
index 789c06989..8a3ca3750 100755
--- a/scripts/google.test
+++ b/scripts/google.test
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh
 
 # google.test
 
@@ -7,7 +7,7 @@ server=www.google.com
 [ ! -x ./examples/client/client ] && echo -e "\n\nClient doesn't exist" && exit 1
 
 # is our desired server there?
-ping -c 2 -i 0.2 $server
+ping -c 2 $server
 RESULT=$?
 [ $RESULT -ne 0 ] && echo -e "\n\nCouldn't find $server, skipping" && exit 0
 
diff --git a/scripts/resume.test b/scripts/resume.test
index 19817234b..aa665f61b 100755
--- a/scripts/resume.test
+++ b/scripts/resume.test
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh
 
 #reusme.test
 
diff --git a/scripts/sniffer-testsuite.test b/scripts/sniffer-testsuite.test
index 5dbaf86bc..c68040301 100755
--- a/scripts/sniffer-testsuite.test
+++ b/scripts/sniffer-testsuite.test
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh
 
 #sniffer-testsuite.test
 

From ce583552ceb9b78e2b71a3e70e18f1728ea01167 Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Wed, 10 Jun 2015 14:22:35 -0700
Subject: [PATCH 121/350] fix resumte.test script warning

---
 scripts/resume.test | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/scripts/resume.test b/scripts/resume.test
index aa665f61b..e4b0a6eb3 100755
--- a/scripts/resume.test
+++ b/scripts/resume.test
@@ -10,7 +10,7 @@ server_pid=$no_pid
 do_cleanup() {
     echo "in cleanup"
 
-    if  [[ $server_pid != $no_pid ]]
+    if  [ $server_pid != $no_pid ]
     then
         echo "killing server"
         kill -9 $server_pid
@@ -42,7 +42,7 @@ done
 ./examples/client/client -r -p $resume_port
 client_result=$?
 
-if [[ $client_result != 0 ]] ;
+if [ $client_result != 0 ]
 then
     echo -e "client failed!"
     do_cleanup
@@ -52,7 +52,7 @@ fi
 wait $server_pid
 server_result=$?
 
-if [[ $server_result != 0 ]] ;
+if [ $server_result != 0 ]
 then
     echo -e "client failed!"
     exit 1

From 53bf8ed7cb2c9d78cd8bcb3ff8c4b49979082300 Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Wed, 10 Jun 2015 15:24:24 -0700
Subject: [PATCH 122/350] fix scan-build warnings

---
 examples/client/client.c | 4 +++-
 src/internal.c           | 4 ++++
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/examples/client/client.c b/examples/client/client.c
index 0546bb0f2..38ef59383 100644
--- a/examples/client/client.c
+++ b/examples/client/client.c
@@ -299,7 +299,9 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
                 break;
 
             case 'C' :
-                disableCRL = 1;
+                #ifdef HAVE_CRL
+                    disableCRL = 1;
+                #endif
                 break;
 
             case 'u' :
diff --git a/src/internal.c b/src/internal.c
index 6cca94b45..e837c41e3 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -6059,6 +6059,8 @@ static int TimingPadVerify(WOLFSSL* ssl, const byte* input, int padLen, int t,
     byte* dummy = sizeof(dmy) < MAX_PAD_SIZE ? (byte*) ssl : dmy;
     int  ret = 0;
 
+    (void)dmy;
+
     if ( (t + padLen + 1) > pLen) {
         WOLFSSL_MSG("Plain Len not long enough for pad/mac");
         PadCheck(dummy, (byte)padLen, MAX_PAD_SIZE);
@@ -6295,6 +6297,8 @@ static INLINE int VerifyMac(WOLFSSL* ssl, const byte* input, word32 msgSz,
             byte dmy[sizeof(WOLFSSL) >= MAX_PAD_SIZE ? 1 : MAX_PAD_SIZE] = {0};
             byte* dummy = sizeof(dmy) < MAX_PAD_SIZE ? (byte*) ssl : dmy;
 
+            (void)dmy;
+
             if (pad > (msgSz - digestSz - 1)) {
                 WOLFSSL_MSG("Plain Len not long enough for pad/mac");
                 pad       = 0;  /* no bad read */

From 47af6459d80a72578e33ba0f16fd3dc84c885e51 Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Wed, 10 Jun 2015 16:32:43 -0700
Subject: [PATCH 123/350] add user context to session ticket encrypt callback

---
 src/internal.c     |  5 +++--
 src/ssl.c          | 11 +++++++++++
 wolfssl/internal.h |  3 +++
 wolfssl/ssl.h      |  3 ++-
 wolfssl/test.h     |  4 +++-
 5 files changed, 22 insertions(+), 4 deletions(-)

diff --git a/src/internal.c b/src/internal.c
index e837c41e3..9b54a3075 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -13772,7 +13772,7 @@ int DoSessionTicket(WOLFSSL* ssl,
         encLen = WOLFSSL_TICKET_ENC_SZ;  /* max size user can use */
         ret = ssl->ctx->ticketEncCb(ssl, et->key_name, et->iv, et->mac, 1,
                                     et->enc_ticket, sizeof(InternalTicket),
-                                    &encLen);
+                                    &encLen, ssl->ticket_encrypt_ctx);
         if (ret == WOLFSSL_TICKET_RET_OK) {
             if (encLen < (int)sizeof(InternalTicket) ||
                 encLen > WOLFSSL_TICKET_ENC_SZ) {
@@ -13846,7 +13846,8 @@ int DoSessionTicket(WOLFSSL* ssl,
         outLen = inLen;   /* may be reduced by user padding */
         ret = ssl->ctx->ticketEncCb(ssl, et->key_name, et->iv,
                                     et->enc_ticket + inLen, 0,
-                                    et->enc_ticket, inLen, &outLen);
+                                    et->enc_ticket, inLen, &outLen,
+                                    ssl->ticket_encrypt_ctx);
         if (ret == WOLFSSL_TICKET_RET_FATAL || ret < 0) return ret;
         if (outLen > inLen || outLen < (int)sizeof(InternalTicket)) {
             WOLFSSL_MSG("Bad user ticket decrypt len");
diff --git a/src/ssl.c b/src/ssl.c
index 48ee6a54f..ccadfca2c 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -895,6 +895,17 @@ int wolfSSL_CTX_set_TicketHint(WOLFSSL_CTX* ctx, int hint)
     return SSL_SUCCESS;
 }
 
+/* set user context, SSL_SUCCESS on ok */
+int wolfSSL_set_TicketEncCtx(WOLFSSL* ssl, void* ctx)
+{
+    if (ssl == NULL)
+        return BAD_FUNC_ARG;
+
+    ssl->ticket_encrypt_ctx = ctx;
+
+    return SSL_SUCCESS;
+}
+
 #endif /* !defined(NO_WOLFSSL_CLIENT) && defined(HAVE_SESSION_TICKET) */
 
 /* Session Ticket */
diff --git a/wolfssl/internal.h b/wolfssl/internal.h
index 7434841dd..e111b00e9 100644
--- a/wolfssl/internal.h
+++ b/wolfssl/internal.h
@@ -2251,6 +2251,9 @@ struct WOLFSSL {
         void*                 session_ticket_ctx;
         byte                  expect_session_ticket;
     #endif
+    #if !defined(NO_WOLFSSL_SERVER) && defined(HAVE_SESSION_TICKET)
+        void*                 ticket_encrypt_ctx;  /* session encrypt context */
+    #endif
 #endif /* HAVE_TLS_EXTENSIONS */
 #ifdef HAVE_NETX
     NetX_Ctx        nxCtx;             /* NetX IO Context */
diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h
index 11a7697b0..2c34a8c4a 100644
--- a/wolfssl/ssl.h
+++ b/wolfssl/ssl.h
@@ -1391,10 +1391,11 @@ typedef int (*SessionTicketEncCb)(WOLFSSL*,
                                  unsigned char key_name[WOLFSSL_TICKET_NAME_SZ],
                                  unsigned char iv[WOLFSSL_TICKET_IV_SZ],
                                  unsigned char mac[WOLFSSL_TICKET_MAC_SZ],
-                                 int enc, unsigned char*, int, int*);
+                                 int enc, unsigned char*, int, int*, void*);
 WOLFSSL_API int wolfSSL_CTX_set_TicketEncCb(WOLFSSL_CTX* ctx,
                                             SessionTicketEncCb);
 WOLFSSL_API int wolfSSL_CTX_set_TicketHint(WOLFSSL_CTX* ctx, int);
+WOLFSSL_API int wolfSSL_set_TicketEncCtx(WOLFSSL* ctx, void*);
 
 #endif /* NO_WOLFSSL_SERVER */
 
diff --git a/wolfssl/test.h b/wolfssl/test.h
index 1b1e444ba..112c3301e 100644
--- a/wolfssl/test.h
+++ b/wolfssl/test.h
@@ -1878,9 +1878,11 @@ static INLINE const char* mymktemp(char *tempfn, int len, int num)
                              byte key_name[WOLFSSL_TICKET_NAME_SZ],
                              byte iv[WOLFSSL_TICKET_IV_SZ],
                              byte mac[WOLFSSL_TICKET_MAC_SZ],
-                             int enc, byte* ticket, int inLen, int* outLen)
+                             int enc, byte* ticket, int inLen, int* outLen,
+                             void* userCtx)
     {
         (void)ssl;
+        (void)userCtx;
 
         int ret;
         word16 sLen = htons(inLen);

From 89d9accc4d8cc1bbaed1a2b4c0596ffaecb22747 Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Wed, 10 Jun 2015 18:13:13 -0700
Subject: [PATCH 124/350] switch user ticket encrypt ctx to WOLFSSL_CTX

---
 src/internal.c     | 4 ++--
 src/ssl.c          | 6 +++---
 wolfssl/internal.h | 4 +---
 wolfssl/ssl.h      | 2 +-
 4 files changed, 7 insertions(+), 9 deletions(-)

diff --git a/src/internal.c b/src/internal.c
index 9b54a3075..1591acb3f 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -13772,7 +13772,7 @@ int DoSessionTicket(WOLFSSL* ssl,
         encLen = WOLFSSL_TICKET_ENC_SZ;  /* max size user can use */
         ret = ssl->ctx->ticketEncCb(ssl, et->key_name, et->iv, et->mac, 1,
                                     et->enc_ticket, sizeof(InternalTicket),
-                                    &encLen, ssl->ticket_encrypt_ctx);
+                                    &encLen, ssl->ctx->ticketEncCtx);
         if (ret == WOLFSSL_TICKET_RET_OK) {
             if (encLen < (int)sizeof(InternalTicket) ||
                 encLen > WOLFSSL_TICKET_ENC_SZ) {
@@ -13847,7 +13847,7 @@ int DoSessionTicket(WOLFSSL* ssl,
         ret = ssl->ctx->ticketEncCb(ssl, et->key_name, et->iv,
                                     et->enc_ticket + inLen, 0,
                                     et->enc_ticket, inLen, &outLen,
-                                    ssl->ticket_encrypt_ctx);
+                                    ssl->ctx->ticketEncCtx);
         if (ret == WOLFSSL_TICKET_RET_FATAL || ret < 0) return ret;
         if (outLen > inLen || outLen < (int)sizeof(InternalTicket)) {
             WOLFSSL_MSG("Bad user ticket decrypt len");
diff --git a/src/ssl.c b/src/ssl.c
index ccadfca2c..139e343f9 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -896,12 +896,12 @@ int wolfSSL_CTX_set_TicketHint(WOLFSSL_CTX* ctx, int hint)
 }
 
 /* set user context, SSL_SUCCESS on ok */
-int wolfSSL_set_TicketEncCtx(WOLFSSL* ssl, void* ctx)
+int wolfSSL_CTX_set_TicketEncCtx(WOLFSSL_CTX* ctx, void* userCtx)
 {
-    if (ssl == NULL)
+    if (ctx == NULL)
         return BAD_FUNC_ARG;
 
-    ssl->ticket_encrypt_ctx = ctx;
+    ctx->ticketEncCtx = userCtx;
 
     return SSL_SUCCESS;
 }
diff --git a/wolfssl/internal.h b/wolfssl/internal.h
index e111b00e9..65131fc05 100644
--- a/wolfssl/internal.h
+++ b/wolfssl/internal.h
@@ -1564,6 +1564,7 @@ struct WOLFSSL_CTX {
     TLSX* extensions;                  /* RFC 6066 TLS Extensions data */
     #if defined(HAVE_SESSION_TICKET) && !defined(NO_WOLFSSL_SEVER)
         SessionTicketEncCb ticketEncCb;   /* enc/dec session ticket Cb */
+        void*              ticketEncCtx;  /* session encrypt context */
         int                ticketHint;    /* ticket hint in seconds */
     #endif
 #endif
@@ -2251,9 +2252,6 @@ struct WOLFSSL {
         void*                 session_ticket_ctx;
         byte                  expect_session_ticket;
     #endif
-    #if !defined(NO_WOLFSSL_SERVER) && defined(HAVE_SESSION_TICKET)
-        void*                 ticket_encrypt_ctx;  /* session encrypt context */
-    #endif
 #endif /* HAVE_TLS_EXTENSIONS */
 #ifdef HAVE_NETX
     NetX_Ctx        nxCtx;             /* NetX IO Context */
diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h
index 2c34a8c4a..9c3ac84c9 100644
--- a/wolfssl/ssl.h
+++ b/wolfssl/ssl.h
@@ -1395,7 +1395,7 @@ typedef int (*SessionTicketEncCb)(WOLFSSL*,
 WOLFSSL_API int wolfSSL_CTX_set_TicketEncCb(WOLFSSL_CTX* ctx,
                                             SessionTicketEncCb);
 WOLFSSL_API int wolfSSL_CTX_set_TicketHint(WOLFSSL_CTX* ctx, int);
-WOLFSSL_API int wolfSSL_set_TicketEncCtx(WOLFSSL* ctx, void*);
+WOLFSSL_API int wolfSSL_CTX_set_TicketEncCtx(WOLFSSL_CTX* ctx, void*);
 
 #endif /* NO_WOLFSSL_SERVER */
 

From 6d9fece9f4b56c615f7289698e300c2da6f94133 Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Fri, 12 Jun 2015 09:39:03 -0700
Subject: [PATCH 125/350] bump dev version

---
 configure.ac       | 2 +-
 support/wolfssl.pc | 2 +-
 wolfssl/version.h  | 4 ++--
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/configure.ac b/configure.ac
index d2b073efc..4623799ed 100644
--- a/configure.ac
+++ b/configure.ac
@@ -6,7 +6,7 @@
 #
 #
 
-AC_INIT([wolfssl],[3.4.8],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[http://www.wolfssl.com])
+AC_INIT([wolfssl],[3.4.9],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[http://www.wolfssl.com])
 
 AC_CONFIG_AUX_DIR([build-aux])
 
diff --git a/support/wolfssl.pc b/support/wolfssl.pc
index c07ae3ea2..1d641e333 100644
--- a/support/wolfssl.pc
+++ b/support/wolfssl.pc
@@ -5,6 +5,6 @@ includedir=${prefix}/include
 
 Name: wolfssl
 Description: wolfssl C library.
-Version: 3.4.8
+Version: 3.4.9
 Libs: -L${libdir} -lwolfssl
 Cflags: -I${includedir}
diff --git a/wolfssl/version.h b/wolfssl/version.h
index c76e07613..6d44785a9 100644
--- a/wolfssl/version.h
+++ b/wolfssl/version.h
@@ -26,8 +26,8 @@
 extern "C" {
 #endif
 
-#define LIBWOLFSSL_VERSION_STRING "3.4.8"
-#define LIBWOLFSSL_VERSION_HEX 0x03004008
+#define LIBWOLFSSL_VERSION_STRING "3.4.9"
+#define LIBWOLFSSL_VERSION_HEX 0x03004009
 
 #ifdef __cplusplus
 }

From 203786dc254048e54272242cb79b78f32554e277 Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Fri, 12 Jun 2015 13:11:07 -0700
Subject: [PATCH 126/350] add ecc keygen validate option

---
 wolfcrypt/src/ecc.c             | 42 +++++++++++++++++++++++++++++++++
 wolfcrypt/src/error.c           |  3 +++
 wolfssl/wolfcrypt/error-crypt.h |  1 +
 3 files changed, 46 insertions(+)

diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c
index 122121260..7012642b9 100644
--- a/wolfcrypt/src/ecc.c
+++ b/wolfcrypt/src/ecc.c
@@ -939,6 +939,14 @@ int ecc_map(ecc_point* P, mp_int* modulus, mp_digit* mp)
    if (P == NULL || mp == NULL || modulus == NULL)
        return ECC_BAD_ARG_E;
 
+   /* special case for point at infinity */
+   if (mp_cmp_d(P->z, 0) == MP_EQ) {
+       mp_set(P->x, 0);
+       mp_set(P->y, 0);
+       mp_set(P->z, 1);
+       return MP_OKAY;
+   }
+
    if ((err = mp_init_multi(&t1, &t2, NULL, NULL, NULL, NULL)) != MP_OKAY) {
       return MEMORY_E;
    }
@@ -1511,6 +1519,23 @@ int wc_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key, byte* out,
 }
 
 
+#ifdef WOLFSSL_VALIDATE_KEYGEN
+
+/* return 1 if point is at infinity, 0 if not, < 0 on error */
+static int ecc_point_is_at_infinity(ecc_point* p)
+{
+    if (p == NULL)
+        return BAD_FUNC_ARG;
+
+    if (get_digit_count(p->x) == 0 && get_digit_count(p->y) == 0)
+        return 1;
+
+    return 0;
+}
+
+#endif /* WOLFSSL_VALIDATE_KEYGEN */
+
+
 int wc_ecc_make_key_ex(RNG* rng, ecc_key* key, const ecc_set_type* dp);
 
 /**
@@ -1626,6 +1651,23 @@ int wc_ecc_make_key_ex(RNG* rng, ecc_key* key, const ecc_set_type* dp)
    /* make the public key */
    if (err == MP_OKAY)
        err = ecc_mulmod(&key->k, base, &key->pubkey, &prime, 1);
+
+#ifdef WOLFSSL_VALIDATE_KEYGEN
+   /* validate the public key, order * pubkey = point at infinity */
+   if (err == MP_OKAY) {
+       ecc_point* inf = ecc_new_point();
+       if (inf == NULL)
+           err = MEMORY_E;
+       else {
+           err = ecc_mulmod(&order, &key->pubkey, inf, &prime, 1);
+           if (err == MP_OKAY && !ecc_point_is_at_infinity(inf))
+               err = MP_NOT_INF_E;
+
+           ecc_del_point(inf);
+       }
+   }
+#endif /* WOLFSSL_VALIDATE_KEYGEN */
+
    if (err == MP_OKAY)
        key->type = ECC_PRIVATEKEY;
 
diff --git a/wolfcrypt/src/error.c b/wolfcrypt/src/error.c
index dc2917e0d..58a5b4fa0 100644
--- a/wolfcrypt/src/error.c
+++ b/wolfcrypt/src/error.c
@@ -322,6 +322,9 @@ const char* wc_GetErrorString(int error)
     case IS_POINT_E:
         return "ECC is point on curve failed";
 
+    case MP_NOT_INF_E:
+        return " ECC point expected at infinity error";
+
     default:
         return "unknown error number";
 
diff --git a/wolfssl/wolfcrypt/error-crypt.h b/wolfssl/wolfcrypt/error-crypt.h
index 65eb9eed8..616610cc6 100644
--- a/wolfssl/wolfcrypt/error-crypt.h
+++ b/wolfssl/wolfcrypt/error-crypt.h
@@ -148,6 +148,7 @@ enum {
 
     MAC_CMP_FAILED_E    = -213,  /* MAC comparison failed */
     IS_POINT_E          = -214,  /* ECC is point on curve failed */
+    MP_NOT_INF_E        = -215,  /* ECC point expected at infinity error */
 
     MIN_CODE_E          = -300   /* errors -101 - -299 */
 };

From 89d39a6073286d3e05363b8e0bd71532c753d29f Mon Sep 17 00:00:00 2001
From: Takashi Kojo <kojo@wolfssl.com>
Date: Mon, 15 Jun 2015 09:46:16 +0900
Subject: [PATCH 127/350] GetHash in SendBuffered, BuildTlsFinished. HashFinal
 in FreeHandshakeResources.

---
 src/internal.c | 119 ++++++++++---------------------------------------
 src/tls.c      |   6 +--
 2 files changed, 27 insertions(+), 98 deletions(-)

diff --git a/src/internal.c b/src/internal.c
index 48f226201..2d8fda0e5 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -1833,11 +1833,30 @@ void SSL_ResourceFree(WOLFSSL* ssl)
 #endif
 }
 
+#ifdef WOLFSSL_TI_HASH
+static void HashFinal(WOLFSSL * ssl) {
+	byte dummyHash[32] ;
+#ifndef NO_MD5
+    wc_Md5Final(&(ssl->hsHashes->hashMd5), dummyHash) ;
+#endif
+#ifndef NO_SHA
+    wc_ShaFinal(&(ssl->hsHashes->hashSha), dummyHash) ;
+#endif
+#ifndef NO_SHA256
+    wc_Sha256Final(&(ssl->hsHashes->hashSha256), dummyHash) ;
+#endif
+}
+#else
+
+    #define HashFinal(ssl)
+
+#endif
 
 /* Free any handshake resources no longer needed */
 void FreeHandshakeResources(WOLFSSL* ssl)
 {
 
+    HashFinal(ssl) ;
 #ifdef HAVE_SECURE_RENEGOTIATION
     if (ssl->secure_renegotiation && ssl->secure_renegotiation->enabled) {
         WOLFSSL_MSG("Secure Renegotiation needs to retain handshake resources");
@@ -2677,7 +2696,6 @@ void ShrinkInputBuffer(WOLFSSL* ssl, int forcedFree)
     ssl->buffers.inputBuffer.length = usedLength;
 }
 
-
 int SendBuffered(WOLFSSL* ssl)
 {
     if (ssl->ctx->CBIOSend == NULL) {
@@ -3015,14 +3033,14 @@ static void BuildMD5(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
     wc_Md5Update(&ssl->hsHashes->hashMd5, sender, SIZEOF_SENDER);
     wc_Md5Update(&ssl->hsHashes->hashMd5, ssl->arrays->masterSecret,SECRET_LEN);
     wc_Md5Update(&ssl->hsHashes->hashMd5, PAD1, PAD_MD5);
-    wc_Md5Final(&ssl->hsHashes->hashMd5, md5_result);
+    wc_Md5GetHash(&ssl->hsHashes->hashMd5, md5_result);
 
     /* make md5 outer */
     wc_Md5Update(&ssl->hsHashes->hashMd5, ssl->arrays->masterSecret,SECRET_LEN);
     wc_Md5Update(&ssl->hsHashes->hashMd5, PAD2, PAD_MD5);
     wc_Md5Update(&ssl->hsHashes->hashMd5, md5_result, MD5_DIGEST_SIZE);
 
-    wc_Md5Final(&ssl->hsHashes->hashMd5, hashes->md5);
+    wc_Md5GetHash(&ssl->hsHashes->hashMd5, hashes->md5);
 }
 
 
@@ -3035,14 +3053,14 @@ static void BuildSHA(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
     wc_ShaUpdate(&ssl->hsHashes->hashSha, sender, SIZEOF_SENDER);
     wc_ShaUpdate(&ssl->hsHashes->hashSha, ssl->arrays->masterSecret,SECRET_LEN);
     wc_ShaUpdate(&ssl->hsHashes->hashSha, PAD1, PAD_SHA);
-    wc_ShaFinal(&ssl->hsHashes->hashSha, sha_result);
+    wc_ShaGetHash(&ssl->hsHashes->hashSha, sha_result);
 
     /* make sha outer */
     wc_ShaUpdate(&ssl->hsHashes->hashSha, ssl->arrays->masterSecret,SECRET_LEN);
     wc_ShaUpdate(&ssl->hsHashes->hashSha, PAD2, PAD_SHA);
     wc_ShaUpdate(&ssl->hsHashes->hashSha, sha_result, SHA_DIGEST_SIZE);
 
-    wc_ShaFinal(&ssl->hsHashes->hashSha, hashes->sha);
+    wc_ShaGetHash(&ssl->hsHashes->hashSha, hashes->sha);
 }
 #endif
 
@@ -3052,33 +3070,10 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
 {
     int ret = 0;
 #ifdef WOLFSSL_SMALL_STACK
-    #ifndef NO_OLD_TLS
-    #ifndef NO_MD5
-        Md5* md5 = (Md5*)XMALLOC(sizeof(Md5), NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    #endif
-    #ifndef NO_SHA
-        Sha* sha = (Sha*)XMALLOC(sizeof(Sha), NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    #endif
-    #endif
-    #ifndef NO_SHA256
-        Sha256* sha256 = (Sha256*)XMALLOC(sizeof(Sha256), NULL,
-                                                       DYNAMIC_TYPE_TMP_BUFFER);
-    #endif
     #ifdef WOLFSSL_SHA384
         Sha384* sha384 = (Sha384*)XMALLOC(sizeof(Sha384), NULL,                                                                        DYNAMIC_TYPE_TMP_BUFFER);
     #endif
 #else
-    #ifndef NO_OLD_TLS
-    #ifndef NO_MD5
-        Md5 md5[1];
-    #endif
-    #ifndef NO_SHA
-        Sha sha[1];
-    #endif
-    #endif
-    #ifndef NO_SHA256
-        Sha256 sha256[1];
-    #endif
     #ifdef WOLFSSL_SHA384
         Sha384 sha384[1];
     #endif
@@ -3086,32 +3081,10 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
 
 #ifdef WOLFSSL_SMALL_STACK
     if (ssl == NULL
-    #ifndef NO_OLD_TLS
-    #ifndef NO_MD5
-        || md5 == NULL
-    #endif
-    #ifndef NO_SHA
-        || sha == NULL
-    #endif
-    #endif
-    #ifndef NO_SHA256
-        || sha256 == NULL
-    #endif
     #ifdef WOLFSSL_SHA384
         || sha384 == NULL
     #endif
         ) {
-    #ifndef NO_OLD_TLS
-    #ifndef NO_MD5
-        XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    #endif
-    #ifndef NO_SHA
-        XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    #endif
-    #endif
-    #ifndef NO_SHA256
-        XFREE(sha256, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    #endif
     #ifdef WOLFSSL_SHA384
         XFREE(sha384, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     #endif
@@ -3120,17 +3093,6 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
 #endif
 
     /* store current states, building requires get_digest which resets state */
-#ifndef NO_OLD_TLS
-#ifndef NO_MD5
-    md5[0] = ssl->hsHashes->hashMd5;
-#endif
-#ifndef NO_SHA
-    sha[0] = ssl->hsHashes->hashSha;
-    #endif
-#endif
-#ifndef NO_SHA256
-    sha256[0] = ssl->hsHashes->hashSha256;
-#endif
 #ifdef WOLFSSL_SHA384
     sha384[0] = ssl->hsHashes->hashSha384;
 #endif
@@ -3148,35 +3110,13 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
 #endif
 
     /* restore */
-#ifndef NO_OLD_TLS
-    #ifndef NO_MD5
-        ssl->hsHashes->hashMd5 = md5[0];
-    #endif
-    #ifndef NO_SHA
-    ssl->hsHashes->hashSha = sha[0];
-    #endif
-#endif
     if (IsAtLeastTLSv1_2(ssl)) {
-    #ifndef NO_SHA256
-        ssl->hsHashes->hashSha256 = sha256[0];
-    #endif
     #ifdef WOLFSSL_SHA384
         ssl->hsHashes->hashSha384 = sha384[0];
     #endif
     }
 
 #ifdef WOLFSSL_SMALL_STACK
-#ifndef NO_OLD_TLS
-#ifndef NO_MD5
-    XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-#ifndef NO_SHA
-    XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-#endif
-#ifndef NO_SHA256
-    XFREE(sha256, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
 #ifdef WOLFSSL_SHA384
     XFREE(sha384, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
@@ -6697,6 +6637,7 @@ int ProcessReply(WOLFSSL* ssl)
             /* input exhausted? */
             if (ssl->buffers.inputBuffer.idx == ssl->buffers.inputBuffer.length)
                 return 0;
+
             /* more messages per record */
             else if ((ssl->buffers.inputBuffer.idx - startIdx) < ssl->curSize) {
                 WOLFSSL_MSG("More messages in record");
@@ -6909,13 +6850,6 @@ static void BuildSHA_CertVerify(WOLFSSL* ssl, byte* digest)
 static int BuildCertHashes(WOLFSSL* ssl, Hashes* hashes)
 {
     /* store current states, building requires get_digest which resets state */
-    #ifndef NO_OLD_TLS
-    Md5 md5 = ssl->hsHashes->hashMd5;
-    Sha sha = ssl->hsHashes->hashSha;
-    #endif
-    #ifndef NO_SHA256
-        Sha256 sha256 = ssl->hsHashes->hashSha256;
-    #endif
     #ifdef WOLFSSL_SHA384
         Sha384 sha384 = ssl->hsHashes->hashSha384;
     #endif
@@ -6955,13 +6889,8 @@ static int BuildCertHashes(WOLFSSL* ssl, Hashes* hashes)
     }
 
     /* restore */
-    ssl->hsHashes->hashMd5 = md5;
-    ssl->hsHashes->hashSha = sha;
 #endif
     if (IsAtLeastTLSv1_2(ssl)) {
-        #ifndef NO_SHA256
-            ssl->hsHashes->hashSha256 = sha256;
-        #endif
         #ifdef WOLFSSL_SHA384
             ssl->hsHashes->hashSha384 = sha384;
         #endif
diff --git a/src/tls.c b/src/tls.c
index ca94c5b71..675ab61a6 100644
--- a/src/tls.c
+++ b/src/tls.c
@@ -335,14 +335,14 @@ int BuildTlsFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
     word32      hashSz = FINISHED_SZ;
 
 #ifndef NO_OLD_TLS
-    wc_Md5Final(&ssl->hsHashes->hashMd5, handshake_hash);
-    wc_ShaFinal(&ssl->hsHashes->hashSha, &handshake_hash[MD5_DIGEST_SIZE]);
+    wc_Md5GetHash(&ssl->hsHashes->hashMd5, handshake_hash);
+    wc_ShaGetHash(&ssl->hsHashes->hashSha, &handshake_hash[MD5_DIGEST_SIZE]);
 #endif
 
     if (IsAtLeastTLSv1_2(ssl)) {
 #ifndef NO_SHA256
         if (ssl->specs.mac_algorithm <= sha256_mac) {
-            int ret = wc_Sha256Final(&ssl->hsHashes->hashSha256,handshake_hash);
+            int ret = wc_Sha256GetHash(&ssl->hsHashes->hashSha256,handshake_hash);
 
             if (ret != 0)
                 return ret;

From c2818ed87c6988f10e60a48288380851d9d011a8 Mon Sep 17 00:00:00 2001
From: Takashi Kojo <kojo@wolfssl.com>
Date: Mon, 15 Jun 2015 09:59:34 +0900
Subject: [PATCH 128/350] DIGEST_SIZE fixed in Sha256GetHash

---
 wolfcrypt/src/port/ti/ti-ccm.c  |  3 ++-
 wolfcrypt/src/port/ti/ti-hash.c | 11 ++++++-----
 2 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/wolfcrypt/src/port/ti/ti-ccm.c b/wolfcrypt/src/port/ti/ti-ccm.c
index 73f464d6f..09705cfb8 100644
--- a/wolfcrypt/src/port/ti/ti-ccm.c
+++ b/wolfcrypt/src/port/ti/ti-ccm.c
@@ -36,6 +36,7 @@
 #include "driverlib/rom.h"
 
 #ifndef SINGLE_THREADED
+#include <wolfssl/wolfcrypt/wc_port.h>
     static wolfSSL_Mutex TI_CCM_Mutex ;
 #endif
 
@@ -48,7 +49,7 @@ bool wolfSSL_TI_CCMInit(void)
     if(ccm_init)return true ;
     ccm_init = true ;
 
-    ROM_SysCtlClockFreqSet((SYSCTL_XTAL_25MHZ |
+    SysCtlClockFreqSet((SYSCTL_XTAL_25MHZ |
                                        SYSCTL_OSC_MAIN |
                                        SYSCTL_USE_PLL |
                                        SYSCTL_CFG_VCO_480), 120000000);
diff --git a/wolfcrypt/src/port/ti/ti-hash.c b/wolfcrypt/src/port/ti/ti-hash.c
index 4b7f49a20..98dbba870 100644
--- a/wolfcrypt/src/port/ti/ti-hash.c
+++ b/wolfcrypt/src/port/ti/ti-hash.c
@@ -72,6 +72,7 @@ static int hashUpdate(wolfssl_TI_Hash *hash, const byte* data, word32 len)
     void *p ;
 
     if((hash== NULL) || (data == NULL))return BAD_FUNC_ARG;
+
     if(hash->len < hash->used+len) {
         if(hash->msg == NULL) {
             p = XMALLOC(hash->used+len, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -191,7 +192,7 @@ WOLFSSL_API int wc_ShaUpdate(Sha* sha, const byte* data, word32 len)
 
 WOLFSSL_API int wc_ShaFinal(Sha* sha, byte* hash)
 {
-   return hashFinal((wolfssl_TI_Hash *)sha, hash, SHAMD5_ALGO_SHA1, SHA_DIGEST_SIZE) ;
+    return hashFinal((wolfssl_TI_Hash *)sha, hash, SHAMD5_ALGO_SHA1, SHA_DIGEST_SIZE) ;
 }
 
 WOLFSSL_API int wc_ShaGetHash(Sha* sha, byte* hash)
@@ -222,7 +223,7 @@ WOLFSSL_API int wc_Sha224Update(Sha224* sha224, const byte* data, word32 len)
 
 WOLFSSL_API int wc_Sha224Final(Sha224* sha224, byte* hash)
 {
-   return hashFinal((wolfssl_TI_Hash *)sha224, hash, SHAMD5_ALGO_SHA224, SHA224_DIGEST_SIZE) ;
+    return hashFinal((wolfssl_TI_Hash *)sha224, hash, SHAMD5_ALGO_SHA224, SHA224_DIGEST_SIZE) ;
 }
 
 WOLFSSL_API int wc_Sha224GetHash(Sha224* sha224, byte* hash)
@@ -253,16 +254,16 @@ WOLFSSL_API int wc_Sha256Update(Sha256* sha256, const byte* data, word32 len)
 
 WOLFSSL_API int wc_Sha256Final(Sha256* sha256, byte* hash)
 {
-   return hashFinal((wolfssl_TI_Hash *)sha256, hash, SHAMD5_ALGO_SHA256, SHA256_DIGEST_SIZE) ;
+    return hashFinal((wolfssl_TI_Hash *)sha256, hash, SHAMD5_ALGO_SHA256, SHA256_DIGEST_SIZE) ;
 }
 
 WOLFSSL_API int wc_Sha256GetHash(Sha256* sha256, byte* hash)
 {
-    return hashGetHash(sha256, hash, SHAMD5_ALGO_SHA256, SHA_DIGEST_SIZE) ;
+    return hashGetHash(sha256, hash, SHAMD5_ALGO_SHA256, SHA256_DIGEST_SIZE) ;
 }
 
 WOLFSSL_API int wc_Sha256Hash(const byte* data, word32 len, byte*hash)
-{ 
+{
     return hashHash(data, len, hash, SHAMD5_ALGO_SHA256, SHA256_DIGEST_SIZE) ;
 }
 #endif

From d976256816e1ab2925fb0587e6eb39125148fead Mon Sep 17 00:00:00 2001
From: Takashi Kojo <kojo@wolfssl.com>
Date: Mon, 15 Jun 2015 10:13:14 +0900
Subject: [PATCH 129/350] TI-RTOS adjustment in test.h

---
 wolfssl/test.h | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/wolfssl/test.h b/wolfssl/test.h
index 31d90f12b..2c825d980 100644
--- a/wolfssl/test.h
+++ b/wolfssl/test.h
@@ -41,6 +41,13 @@
     #include <arpa/inet.h>
     #include <sys/socket.h>
     #include <ti/sysbios/knl/Task.h>
+    struct hostent {
+    	char *h_name; /* official name of host */
+    	char **h_aliases; /* alias list */
+    	int h_addrtype; /* host address type */
+    	int h_length; /* length of address */
+    	char **h_addr_list; /* list of addresses from name server */
+    };
     #define SOCKET_T int
 #else
     #include <string.h>
@@ -405,6 +412,8 @@ static INLINE void build_addr(SOCKADDR_IN_T* addr, const char* peer,
         #ifdef WOLFSSL_MDK_ARM
             int err;
             struct hostent* entry = gethostbyname(peer, &err);
+        #elif defined(WOLFSSL_TIRTOS)
+            struct hostent* entry = DNSGetHostByName(peer);
         #else
             struct hostent* entry = gethostbyname(peer);
         #endif
@@ -604,7 +613,7 @@ static INLINE void tcp_listen(SOCKET_T* sockfd, word16* port, int useAnyAddr,
         if (listen(*sockfd, 5) != 0)
             err_sys("tcp listen failed");
     }
-    #if defined(NO_MAIN_DRIVER) && !defined(USE_WINDOWS_API)
+    #if (defined(NO_MAIN_DRIVER) && !defined(USE_WINDOWS_API)) && !defined(WOLFSSL_TIRTOS)
         if (*port == 0) {
             socklen_t len = sizeof(addr);
             if (getsockname(*sockfd, (struct sockaddr*)&addr, &len) == 0) {
@@ -662,7 +671,7 @@ static INLINE void udp_accept(SOCKET_T* sockfd, SOCKET_T* clientfd,
     if (bind(*sockfd, (const struct sockaddr*)&addr, sizeof(addr)) != 0)
         err_sys("tcp bind failed");
 
-    #if defined(NO_MAIN_DRIVER) && !defined(USE_WINDOWS_API)
+    #if (defined(NO_MAIN_DRIVER) && !defined(USE_WINDOWS_API)) && !defined(WOLFSSL_TIRTOS)
         if (port == 0) {
             socklen_t len = sizeof(addr);
             if (getsockname(*sockfd, (struct sockaddr*)&addr, &len) == 0) {

From a634d0e3455fbb3d97d4afb308652684a598b9be Mon Sep 17 00:00:00 2001
From: Takashi Kojo <kojo@wolfssl.com>
Date: Mon, 15 Jun 2015 12:28:05 +0900
Subject: [PATCH 130/350] including hash.h in hash.c

---
 wolfcrypt/src/hash.c | 19 +++++++++++--------
 1 file changed, 11 insertions(+), 8 deletions(-)

diff --git a/wolfcrypt/src/hash.c b/wolfcrypt/src/hash.c
index 7a6e51f3b..cc9a65431 100644
--- a/wolfcrypt/src/hash.c
+++ b/wolfcrypt/src/hash.c
@@ -26,8 +26,18 @@
 #include <wolfssl/wolfcrypt/settings.h>
 
 #if !defined(NO_MD5) && !defined(WOLFSSL_TI_HASH)
-
 #include <wolfssl/wolfcrypt/md5.h>
+#endif
+#if !defined(NO_SHA) && !defined(WOLFSSL_TI_HASH)
+#include <wolfssl/wolfcrypt/sha.h>
+#endif
+#if !defined(NO_SHA256)  && !defined(WOLFSSL_TI_HASH)
+#include <wolfssl/wolfcrypt/sha256.h>
+#endif
+
+#include <wolfssl/wolfcrypt/hash.h>
+
+#if !defined(NO_MD5) && !defined(WOLFSSL_TI_HASH)
 void wc_Md5GetHash(Md5* md5, byte* hash)
 {
     Md5 save = *md5 ;
@@ -37,9 +47,6 @@ void wc_Md5GetHash(Md5* md5, byte* hash)
 #endif
 
 #if !defined(NO_SHA) && !defined(WOLFSSL_TI_HASH)
-
-#include <wolfssl/wolfcrypt/sha.h>
-
 int wc_ShaGetHash(Sha* sha, byte* hash)
 {
     int ret ;
@@ -51,9 +58,6 @@ int wc_ShaGetHash(Sha* sha, byte* hash)
 #endif
 
 #if !defined(NO_SHA256)  && !defined(WOLFSSL_TI_HASH)
-
-#include <wolfssl/wolfcrypt/sha256.h>
-
 int wc_Sha256GetHash(Sha256* sha256, byte* hash)
 {
     int ret ;
@@ -62,5 +66,4 @@ int wc_Sha256GetHash(Sha256* sha256, byte* hash)
     *sha256 = save ;
     return ret ;
 }
-
 #endif

From 5976296a7742bbb314cd873f89a0ef077e0a75f3 Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Mon, 15 Jun 2015 07:37:05 -0700
Subject: [PATCH 131/350] removed a comment from random.c

---
 wolfcrypt/src/random.c | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c
index 6a27bff56..34763ae8b 100755
--- a/wolfcrypt/src/random.c
+++ b/wolfcrypt/src/random.c
@@ -352,12 +352,7 @@ static INLINE void array_add(byte* d, word32 dLen, const byte* s, word32 sLen)
     }
 }
 
-/* Isn't failing the whole library more conservative? The library checks itself
- * once, and if there are any contiunous errors, we assume the whole thing is
- * dead. */
-/* XXX: Need to do a KAT self-test when this is called. 800-90 S11.3.
- * We can set the frequency of the retesting, and that'll be when it
- * is time to reseed, since we have to test the reseed anyway. */
+
 /* Returns: DRBG_SUCCESS, DRBG_NEED_RESEED, or DRBG_FAILURE */
 static int Hash_DRBG_Generate(DRBG* drbg, byte* out, word32 outSz)
 {

From c98fde3d432dce88c4a80ed97e330eb2107ef5ac Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Mon, 15 Jun 2015 09:46:07 -0700
Subject: [PATCH 132/350] updated wolfssl fips project files so test harness
 will run. added a readme

---
 IDE/WIN/README.txt           |  23 +++++++
 IDE/WIN/test.vcxproj         | 121 ++++++++++++++++++++++++++++++++++-
 IDE/WIN/wolfssl-fips.sln     |  14 ++--
 IDE/WIN/wolfssl-fips.vcxproj |  25 +++++---
 4 files changed, 165 insertions(+), 18 deletions(-)
 create mode 100644 IDE/WIN/README.txt

diff --git a/IDE/WIN/README.txt b/IDE/WIN/README.txt
new file mode 100644
index 000000000..d2ed0faaa
--- /dev/null
+++ b/IDE/WIN/README.txt
@@ -0,0 +1,23 @@
+# Notes on the wolfssl-fips project
+
+First, if you did not get the FIPS files with your archive, you must contact
+wolfSSL to obtain them.
+
+# On Building the wolfssl-fips project
+
+The wolfCrypt FIPS library for Windows is a part of the wolfSSL library. It
+must be built as a static library.
+
+The library project is built with Whole Program Optimization disabled. This is
+required so that necessary components of the library are not optimized away.
+There are two functions added to the library that are used as markers in
+memory for the in-core memory check of the code. WPO consolidates them into a
+single function. WPO also optimizes away the automatic FIPS entry function.
+
+A project using the library must disable 
+
+Each of the source files inside the FIPS boundary defines their own code and
+constant section. The code section names start with ".fipsA$" and the constant
+section names start with ".fipsB$". Each subsection has a letter to organize
+them in a secific order. This specific ordering puts marker functions and
+constants on either end of the boundary so it can be hashed.
diff --git a/IDE/WIN/test.vcxproj b/IDE/WIN/test.vcxproj
index 22aaeecc9..4ee75a0e1 100644
--- a/IDE/WIN/test.vcxproj
+++ b/IDE/WIN/test.vcxproj
@@ -9,6 +9,22 @@
       <Configuration>Debug</Configuration>
       <Platform>x64</Platform>
     </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Debug|Win32">
+      <Configuration>DLL Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Debug|x64">
+      <Configuration>DLL Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Release|Win32">
+      <Configuration>DLL Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="DLL Release|x64">
+      <Configuration>DLL Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
     <ProjectConfiguration Include="Release|Win32">
       <Configuration>Release</Configuration>
       <Platform>Win32</Platform>
@@ -39,6 +55,22 @@
     <ConfigurationType>Application</ConfigurationType>
     <PlatformToolset>v110</PlatformToolset>
   </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <PlatformToolset>v110</PlatformToolset>
+  </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
   <ImportGroup Label="ExtensionSettings">
   </ImportGroup>
@@ -54,6 +86,18 @@
   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">
     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
   </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
   <PropertyGroup Label="UserMacros" />
   <PropertyGroup>
     <_ProjectFileVersion>11.0.61030.0</_ProjectFileVersion>
@@ -96,6 +140,7 @@
       <GenerateDebugInformation>true</GenerateDebugInformation>
       <SubSystem>Console</SubSystem>
       <AdditionalDependencies>ws2_32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <RandomizedBaseAddress>false</RandomizedBaseAddress>
     </Link>
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
@@ -125,6 +170,79 @@
       <PrecompiledHeader />
       <WarningLevel>Level3</WarningLevel>
       <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+      <WholeProgramOptimization>true</WholeProgramOptimization>
+    </ClCompile>
+    <Link>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <AdditionalDependencies>ws2_32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <LinkTimeCodeGeneration>UseLinkTimeCodeGeneration</LinkTimeCodeGeneration>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>..\..\;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;USE_CERT_BUFFERS_2048;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader />
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <TargetMachine>MachineX86</TargetMachine>
+      <AdditionalDependencies>ws2_32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>..\..\;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;USE_CERT_BUFFERS_2048;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader />
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <AdditionalDependencies>ws2_32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'">
+    <ClCompile>
+      <AdditionalIncludeDirectories>..\..\;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;USE_CERT_BUFFERS_2048;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <PrecompiledHeader />
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Console</SubSystem>
+      <AdditionalDependencies>ws2_32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <TargetMachine>MachineX86</TargetMachine>
+      <LinkTimeCodeGeneration>UseLinkTimeCodeGeneration</LinkTimeCodeGeneration>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">
+    <ClCompile>
+      <AdditionalIncludeDirectories>..\..\;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;USE_CERT_BUFFERS_2048;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+      <PrecompiledHeader />
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
     </ClCompile>
     <Link>
       <GenerateDebugInformation>true</GenerateDebugInformation>
@@ -141,9 +259,10 @@
   <ItemGroup>
     <ProjectReference Include="wolfssl-fips.vcxproj">
       <Project>{73973223-5ee8-41ca-8e88-1d60e89a237b}</Project>
+      <ReferenceOutputAssembly>false</ReferenceOutputAssembly>
     </ProjectReference>
   </ItemGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
   <ImportGroup Label="ExtensionTargets">
   </ImportGroup>
-</Project>
+</Project>
\ No newline at end of file
diff --git a/IDE/WIN/wolfssl-fips.sln b/IDE/WIN/wolfssl-fips.sln
index b8578fdea..f1fecbbae 100644
--- a/IDE/WIN/wolfssl-fips.sln
+++ b/IDE/WIN/wolfssl-fips.sln
@@ -4,9 +4,6 @@ Microsoft Visual Studio Solution File, Format Version 12.00
 Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "wolfssl-fips", "wolfssl-fips.vcxproj", "{73973223-5EE8-41CA-8E88-1D60E89A237B}"
 EndProject
 Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "test", "test.vcxproj", "{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}"
-	ProjectSection(ProjectDependencies) = postProject
-		{73973223-5EE8-41CA-8E88-1D60E89A237B} = {73973223-5EE8-41CA-8E88-1D60E89A237B}
-	EndProjectSection
 EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
@@ -40,13 +37,14 @@ Global
 		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Debug|Win32.Build.0 = Debug|Win32
 		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Debug|x64.ActiveCfg = Debug|x64
 		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Debug|x64.Build.0 = Debug|x64
-		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Debug|Win32.ActiveCfg = Release|x64
-		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Debug|x64.ActiveCfg = Debug|x64
-		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Debug|x64.Build.0 = Debug|x64
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Debug|Win32.ActiveCfg = Debug|Win32
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Debug|Win32.Build.0 = Debug|Win32
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Debug|x64.ActiveCfg = DLL Debug|x64
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Debug|x64.Build.0 = DLL Debug|x64
 		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Release|Win32.ActiveCfg = Release|Win32
 		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Release|Win32.Build.0 = Release|Win32
-		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Release|x64.ActiveCfg = Release|x64
-		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Release|x64.Build.0 = Release|x64
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Release|x64.ActiveCfg = DLL Release|x64
+		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Release|x64.Build.0 = DLL Release|x64
 		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Release|Win32.ActiveCfg = Release|Win32
 		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Release|Win32.Build.0 = Release|Win32
 		{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Release|x64.ActiveCfg = Release|x64
diff --git a/IDE/WIN/wolfssl-fips.vcxproj b/IDE/WIN/wolfssl-fips.vcxproj
index 4e67a2250..7936ee730 100644
--- a/IDE/WIN/wolfssl-fips.vcxproj
+++ b/IDE/WIN/wolfssl-fips.vcxproj
@@ -120,7 +120,7 @@
     <ClCompile>
       <Optimization>Disabled</Optimization>
       <AdditionalIncludeDirectories>./;../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>OPENSSL_EXTRA;HAVE_THREAD_LS;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>OPENSSL_EXTRA;HAVE_THREAD_LS;WOLFSSL_KEY_GEN;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
       <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
       <WarningLevel>Level4</WarningLevel>
@@ -132,7 +132,7 @@
     <ClCompile>
       <Optimization>Disabled</Optimization>
       <AdditionalIncludeDirectories>./;../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>OPENSSL_EXTRA;HAVE_THREAD_LS;BUILDING_WOLFSSL;WOLFSSL_DLL;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>OPENSSL_EXTRA;HAVE_THREAD_LS;WOLFSSL_KEY_GEN;BUILDING_WOLFSSL;WOLFSSL_DLL;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <MinimalRebuild>true</MinimalRebuild>
       <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
       <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
@@ -145,7 +145,7 @@
     <ClCompile>
       <Optimization>Disabled</Optimization>
       <AdditionalIncludeDirectories>./;../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>OPENSSL_EXTRA;HAVE_THREAD_LS;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>OPENSSL_EXTRA;HAVE_THREAD_LS;WOLFSSL_KEY_GEN;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
       <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
       <WarningLevel>Level4</WarningLevel>
@@ -157,7 +157,7 @@
     <ClCompile>
       <Optimization>Disabled</Optimization>
       <AdditionalIncludeDirectories>./;../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>OPENSSL_EXTRA;HAVE_THREAD_LS;BUILDING_WOLFSSL;WOLFSSL_DLL;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>OPENSSL_EXTRA;HAVE_THREAD_LS;WOLFSSL_KEY_GEN;BUILDING_WOLFSSL;WOLFSSL_DLL;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
       <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
       <WarningLevel>Level4</WarningLevel>
@@ -165,7 +165,9 @@
       <DisableSpecificWarnings>4206;4214;4706;%(DisableSpecificWarnings)</DisableSpecificWarnings>
     </ClCompile>
     <Link>
-      <AdditionalDependencies>ws2_32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <AdditionalDependencies>ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OptimizeReferences>false</OptimizeReferences>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
     </Link>
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
@@ -173,7 +175,7 @@
       <Optimization>MaxSpeed</Optimization>
       <IntrinsicFunctions>true</IntrinsicFunctions>
       <AdditionalIncludeDirectories>./;../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>OPENSSL_EXTRA;HAVE_THREAD_LS;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>OPENSSL_EXTRA;HAVE_THREAD_LS;WOLFSSL_KEY_GEN;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
       <FunctionLevelLinking>true</FunctionLevelLinking>
       <WarningLevel>Level3</WarningLevel>
@@ -185,7 +187,7 @@
       <Optimization>MaxSpeed</Optimization>
       <IntrinsicFunctions>true</IntrinsicFunctions>
       <AdditionalIncludeDirectories>./;../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>OPENSSL_EXTRA;HAVE_THREAD_LS;BUILDING_WOLFSSL;WOLFSSL_DLL;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>OPENSSL_EXTRA;HAVE_THREAD_LS;WOLFSSL_KEY_GEN;BUILDING_WOLFSSL;WOLFSSL_DLL;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
       <FunctionLevelLinking>true</FunctionLevelLinking>
       <WarningLevel>Level3</WarningLevel>
@@ -197,11 +199,12 @@
       <Optimization>MaxSpeed</Optimization>
       <IntrinsicFunctions>true</IntrinsicFunctions>
       <AdditionalIncludeDirectories>./;../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>OPENSSL_EXTRA;HAVE_THREAD_LS;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>OPENSSL_EXTRA;HAVE_THREAD_LS;WOLFSSL_KEY_GEN;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
       <FunctionLevelLinking>true</FunctionLevelLinking>
       <WarningLevel>Level3</WarningLevel>
       <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+      <WholeProgramOptimization>false</WholeProgramOptimization>
     </ClCompile>
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">
@@ -209,7 +212,7 @@
       <Optimization>MaxSpeed</Optimization>
       <IntrinsicFunctions>true</IntrinsicFunctions>
       <AdditionalIncludeDirectories>./;../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>OPENSSL_EXTRA;HAVE_THREAD_LS;BUILDING_WOLFSSL;WOLFSSL_DLL;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>OPENSSL_EXTRA;HAVE_THREAD_LS;WOLFSSL_KEY_GEN;BUILDING_WOLFSSL;WOLFSSL_DLL;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
       <FunctionLevelLinking>true</FunctionLevelLinking>
       <WarningLevel>Level3</WarningLevel>
@@ -246,6 +249,10 @@
     </ClCompile>
     <ClCompile Include="..\..\ctaocrypt\src\fips.c">
       <ObjectFileName>$(IntDir)ctaocrypt\</ObjectFileName>
+      <WholeProgramOptimization Condition="'$(Configuration)|$(Platform)'=='Release|x64'">false</WholeProgramOptimization>
+      <WholeProgramOptimization Condition="'$(Configuration)|$(Platform)'=='Release|Debug'">false</WholeProgramOptimization>
+      <WholeProgramOptimization Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</WholeProgramOptimization>
+      <WholeProgramOptimization Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">false</WholeProgramOptimization>
     </ClCompile>
     <ClCompile Include="..\..\ctaocrypt\src\fips_test.c">
       <ObjectFileName>$(IntDir)ctaocrypt\</ObjectFileName>

From f358aab84571b56fb15e04504801ac87ec4fab59 Mon Sep 17 00:00:00 2001
From: Vikram Adiga <vikram.adiga@ti.com>
Date: Mon, 15 Jun 2015 14:58:53 -0700
Subject: [PATCH 133/350] update TI-RTOS build scripts to add hardware
 accelerator lib build

---
 tirtos/README                                 | 42 +++++--------------
 tirtos/packages/ti/net/wolfssl/package.bld    | 13 ++++--
 .../{package.bld => package.bld.hide}         |  0
 .../test/{package.bld => package.bld.hide}    |  0
 tirtos/wolfssl.bld                            |  3 +-
 tirtos/wolfssl.mak                            |  6 +--
 6 files changed, 25 insertions(+), 39 deletions(-)
 rename tirtos/packages/ti/net/wolfssl/tests/EK_TM4C1294XL/wolfcrypt/benchmark/{package.bld => package.bld.hide} (100%)
 rename tirtos/packages/ti/net/wolfssl/tests/EK_TM4C1294XL/wolfcrypt/test/{package.bld => package.bld.hide} (100%)

diff --git a/tirtos/README b/tirtos/README
index c933e662c..6001f5664 100644
--- a/tirtos/README
+++ b/tirtos/README
@@ -1,36 +1,14 @@
-wolfSSL library for TI-RTOS
+# wolfSSL library for TI-RTOS
 
-This directory contains the files that build wolfSSL library for TI-RTOS. 
-Please follow the instructions in TI-RTOS user guide (www.ti.com/tool/ti-rtos) 
-to build the wolfSSL library and the example applications.
+This directory contains the files that build wolfSSL library for TI-RTOS.
+Please follow the instructions in "Using wolfSSL with TI-RTOS" (http://processors.wiki.ti.com/index.php/Using_wolfSSL_with_TI-RTOS) to build the wolfSSL
+library and the example applications.
 
-Included Files
----------------
+Also read TI-RTOS Getting Started Guide and TI-RTOS User Guide to learn more
+about TI-RTOS (http://www.ti.com/tool/ti-rtos).
 
-1. wolfSSL library build files (packages/ti/net/wolfssl)
+## Example Application
 
-    Build instructions provided in TI-RTOS user guide (www.ti.com/tool/ti-rtos)
-
-2. wc_ test application (packages/ti/net/wolfssl/tests/wolfcrypt/test)
-
-    This application is the standard wc_ test application provided with
-    wolfSSL.
-   
-    It will be built along with the wolfSSL library. Load the built executable
-    on the target and make sure the wolfSSL library works as expected.
-
-3. wc_ benchmark application 
-   (packages/ti/net/wolfssl/tests/wolfcrypt/benchmark)
-
-    This application is the standard wc_ benchmark application provided
-    with wolfSSL.
-
-    It will be built along with the wolfSSL library. Load the built executable
-    on the target and run to get the benchmark results for the configured 
-    wolfSSL library.
-
-Examples Application
---------------------
-
-A simple 'TCP echo server with TLS' example application is provided with TI-RTOS
-product. Look in the TI-RTOS user guide for instructions to build examples.
+A simple "TCP echo server with TLS" example application is provided with TI-RTOS
+product. Look in the TI-RTOS Getting Started Guide for instructions to build
+examples.
diff --git a/tirtos/packages/ti/net/wolfssl/package.bld b/tirtos/packages/ti/net/wolfssl/package.bld
index 002cb08dc..1d506f13f 100644
--- a/tirtos/packages/ti/net/wolfssl/package.bld
+++ b/tirtos/packages/ti/net/wolfssl/package.bld
@@ -5,7 +5,7 @@
 var Build = xdc.useModule('xdc.bld.BuildEnvironment');
 var Pkg = xdc.useModule('xdc.bld.PackageContents');
 
-/* make command to search for the srcs */ 
+/* make command to search for the srcs */
 Pkg.makePrologue = "vpath %.c $(subst ;,  ,$(XPKGPATH))";
 
 /* WOLFSSL sources */
@@ -17,7 +17,7 @@ var wolfSSLObjList = [
     "wolfcrypt/src/blake2b.c",
     "wolfcrypt/src/camellia.c",
     "wolfcrypt/src/chacha.c",
-    "wolfcrypt/src/coding.c", 
+    "wolfcrypt/src/coding.c",
     "wolfcrypt/src/des3.c",
     "wolfcrypt/src/dh.c",
     "wolfcrypt/src/dsa.c",
@@ -25,6 +25,7 @@ var wolfSSLObjList = [
     "wolfcrypt/src/error.c",
     "wolfcrypt/src/hc128.c",
     "wolfcrypt/src/hmac.c",
+    "wolfcrypt/src/hash.c",
     "wolfcrypt/src/integer.c",
     "wolfcrypt/src/logging.c",
     "wolfcrypt/src/md4.c",
@@ -46,11 +47,17 @@ var wolfSSLObjList = [
     "src/keys.c",
     "src/ssl.c",
     "src/tls.c",
-    ];
+];
 
 for each (var targ in Build.targets) {
     var libOptions = {incs: wolfsslPathInclude};
     var lib = Pkg.addLibrary("lib/wolfssl", targ, libOptions);
     lib.addObjects(wolfSSLObjList);
+
+    var hwLibptions = {incs: wolfsslPathInclude, defs: " -DWOLFSSL_TI_HASH "
+           + "-DWOLFSSL_TI_CRYPT -DTARGET_IS_SNOWFLAKE_RA2"};
+
+    var hwLib = Pkg.addLibrary("lib/wolfssl_tm4c_hw", targ, hwLibptions);
+    hwLib.addObjects(wolfSSLObjList);
 }
 
diff --git a/tirtos/packages/ti/net/wolfssl/tests/EK_TM4C1294XL/wolfcrypt/benchmark/package.bld b/tirtos/packages/ti/net/wolfssl/tests/EK_TM4C1294XL/wolfcrypt/benchmark/package.bld.hide
similarity index 100%
rename from tirtos/packages/ti/net/wolfssl/tests/EK_TM4C1294XL/wolfcrypt/benchmark/package.bld
rename to tirtos/packages/ti/net/wolfssl/tests/EK_TM4C1294XL/wolfcrypt/benchmark/package.bld.hide
diff --git a/tirtos/packages/ti/net/wolfssl/tests/EK_TM4C1294XL/wolfcrypt/test/package.bld b/tirtos/packages/ti/net/wolfssl/tests/EK_TM4C1294XL/wolfcrypt/test/package.bld.hide
similarity index 100%
rename from tirtos/packages/ti/net/wolfssl/tests/EK_TM4C1294XL/wolfcrypt/test/package.bld
rename to tirtos/packages/ti/net/wolfssl/tests/EK_TM4C1294XL/wolfcrypt/test/package.bld.hide
diff --git a/tirtos/wolfssl.bld b/tirtos/wolfssl.bld
index 696208ba0..e7330e06f 100644
--- a/tirtos/wolfssl.bld
+++ b/tirtos/wolfssl.bld
@@ -34,6 +34,7 @@
 var armOpts = " -ms ";
 var gnuOpts = " -D_POSIX_SOURCE ";
 var iarOpts = "";
+var TivaWareDir = "";
 
 /* Uncomment the following lines to build libraries for debug mode: */
 // Pkg.attrs.profile = "debug";
@@ -67,7 +68,7 @@ for (arg = 0; arg < arguments.length; arg++) {
         continue;
     }
 
-    if (targetName.match(/^TivaWareDir/) ) {
+    if (targetName.match(/^TIVAWARE/) ) {
         TivaWareDir = rootDir;
         continue;
     }
diff --git a/tirtos/wolfssl.mak b/tirtos/wolfssl.mak
index 450e10aa7..5ab82c065 100644
--- a/tirtos/wolfssl.mak
+++ b/tirtos/wolfssl.mak
@@ -9,7 +9,7 @@ XDC_INSTALL_DIR ?= C:/ti/xdctools_3_24_02_30
 SYSBIOS_INSTALL_DIR ?= C:/ti/bios_6_34_01_14
 NDK_INSTALL_DIR ?= C:/ti/ndk_2_24_00_02
 TIRTOS_INSTALLATION_DIR ?= C:/ti/tirtos_tivac_2_00_00_22
-TivaWareDir ?= C:/ti/tivaware
+TIVAWARE ?= C:/ti/tivaware
 WOLFSSL_INSTALL_DIR ?= C:/wolfssl/wolfssl-2.9.4
 
 #
@@ -40,12 +40,12 @@ XDCARGS= \
     ti.targets.arm.elf.M4F=\"$(ti.targets.arm.elf.M4F)\" \
     gnu.targets.arm.M4F=\"$(gnu.targets.arm.M4F)\" \
     iar.targets.arm.M4F=\"$(iar.targets.arm.M4F)\" \
-    TivaWareDir=\"$(TivaWareDir)\" 
+    TIVAWARE=\"$(TIVAWARE)\"
 
 #
 # Set XDCPATH to contain necessary repositories.
 #
-XDCPATH = $(SYSBIOS_INSTALL_DIR)/packages;$(NDK_INSTALL_DIR)/packages;$(WOLFSSL_INSTALL_DIR);$(TIRTOS_INSTALLATION_DIR)/packages;$(TivaWareDir);
+XDCPATH = $(SYSBIOS_INSTALL_DIR)/packages;$(NDK_INSTALL_DIR)/packages;$(WOLFSSL_INSTALL_DIR);$(TIRTOS_INSTALLATION_DIR)/packages;$(TIVAWARE);
 export XDCPATH
 
 #

From f2d9eb2994e9b8a88e92e21a02db8b59e9ffa840 Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Mon, 15 Jun 2015 15:47:40 -0700
Subject: [PATCH 134/350] 1. Disable randomized base address on FIPS test
 project. 2. Fixed setting for disabling whole program optimization on file
 fips.c in the windows project file.

---
 IDE/WIN/test.vcxproj         | 9 ++++++++-
 IDE/WIN/wolfssl-fips.vcxproj | 6 +++---
 2 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/IDE/WIN/test.vcxproj b/IDE/WIN/test.vcxproj
index 4ee75a0e1..47681399b 100644
--- a/IDE/WIN/test.vcxproj
+++ b/IDE/WIN/test.vcxproj
@@ -123,6 +123,7 @@
       <SubSystem>Console</SubSystem>
       <TargetMachine>MachineX86</TargetMachine>
       <AdditionalDependencies>ws2_32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <RandomizedBaseAddress>false</RandomizedBaseAddress>
     </Link>
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
@@ -160,6 +161,7 @@
       <EnableCOMDATFolding>true</EnableCOMDATFolding>
       <TargetMachine>MachineX86</TargetMachine>
       <LinkTimeCodeGeneration>UseLinkTimeCodeGeneration</LinkTimeCodeGeneration>
+      <RandomizedBaseAddress>false</RandomizedBaseAddress>
     </Link>
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
@@ -179,6 +181,7 @@
       <OptimizeReferences>true</OptimizeReferences>
       <EnableCOMDATFolding>true</EnableCOMDATFolding>
       <LinkTimeCodeGeneration>UseLinkTimeCodeGeneration</LinkTimeCodeGeneration>
+      <RandomizedBaseAddress>false</RandomizedBaseAddress>
     </Link>
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'">
@@ -191,6 +194,7 @@
       <PrecompiledHeader />
       <WarningLevel>Level3</WarningLevel>
       <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+      <RandomizedBaseAddress>false</RandomizedBaseAddress>
     </ClCompile>
     <Link>
       <GenerateDebugInformation>true</GenerateDebugInformation>
@@ -214,6 +218,7 @@
       <GenerateDebugInformation>true</GenerateDebugInformation>
       <SubSystem>Console</SubSystem>
       <AdditionalDependencies>ws2_32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <RandomizedBaseAddress>false</RandomizedBaseAddress>
     </Link>
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'">
@@ -233,6 +238,7 @@
       <EnableCOMDATFolding>true</EnableCOMDATFolding>
       <TargetMachine>MachineX86</TargetMachine>
       <LinkTimeCodeGeneration>UseLinkTimeCodeGeneration</LinkTimeCodeGeneration>
+      <RandomizedBaseAddress>false</RandomizedBaseAddress>
     </Link>
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">
@@ -251,6 +257,7 @@
       <OptimizeReferences>true</OptimizeReferences>
       <EnableCOMDATFolding>true</EnableCOMDATFolding>
       <LinkTimeCodeGeneration>UseLinkTimeCodeGeneration</LinkTimeCodeGeneration>
+      <RandomizedBaseAddress>false</RandomizedBaseAddress>
     </Link>
   </ItemDefinitionGroup>
   <ItemGroup>
@@ -265,4 +272,4 @@
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
   <ImportGroup Label="ExtensionTargets">
   </ImportGroup>
-</Project>
\ No newline at end of file
+</Project>
diff --git a/IDE/WIN/wolfssl-fips.vcxproj b/IDE/WIN/wolfssl-fips.vcxproj
index 7936ee730..04c22c407 100644
--- a/IDE/WIN/wolfssl-fips.vcxproj
+++ b/IDE/WIN/wolfssl-fips.vcxproj
@@ -250,9 +250,9 @@
     <ClCompile Include="..\..\ctaocrypt\src\fips.c">
       <ObjectFileName>$(IntDir)ctaocrypt\</ObjectFileName>
       <WholeProgramOptimization Condition="'$(Configuration)|$(Platform)'=='Release|x64'">false</WholeProgramOptimization>
-      <WholeProgramOptimization Condition="'$(Configuration)|$(Platform)'=='Release|Debug'">false</WholeProgramOptimization>
-      <WholeProgramOptimization Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</WholeProgramOptimization>
       <WholeProgramOptimization Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">false</WholeProgramOptimization>
+      <WholeProgramOptimization Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">false</WholeProgramOptimization>
+      <WholeProgramOptimization Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">false</WholeProgramOptimization>
     </ClCompile>
     <ClCompile Include="..\..\ctaocrypt\src\fips_test.c">
       <ObjectFileName>$(IntDir)ctaocrypt\</ObjectFileName>
@@ -314,4 +314,4 @@
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
   <ImportGroup Label="ExtensionTargets">
   </ImportGroup>
-</Project>
\ No newline at end of file
+</Project>

From 86a9b1734a83c88d5fb1b07fff312ff69256ad4e Mon Sep 17 00:00:00 2001
From: Takashi Kojo <kojo@wolfsssl.com>
Date: Tue, 16 Jun 2015 09:30:56 +0900
Subject: [PATCH 135/350] TI hash option control in hash.c

---
 wolfcrypt/src/hash.c | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/wolfcrypt/src/hash.c b/wolfcrypt/src/hash.c
index cc9a65431..f275b50c1 100644
--- a/wolfcrypt/src/hash.c
+++ b/wolfcrypt/src/hash.c
@@ -25,19 +25,21 @@
 
 #include <wolfssl/wolfcrypt/settings.h>
 
-#if !defined(NO_MD5) && !defined(WOLFSSL_TI_HASH)
+#if !defined(WOLFSSL_TI_HASH)
+
+#if !defined(NO_MD5)
 #include <wolfssl/wolfcrypt/md5.h>
 #endif
-#if !defined(NO_SHA) && !defined(WOLFSSL_TI_HASH)
+#if !defined(NO_SHA)
 #include <wolfssl/wolfcrypt/sha.h>
 #endif
-#if !defined(NO_SHA256)  && !defined(WOLFSSL_TI_HASH)
+#if !defined(NO_SHA256)
 #include <wolfssl/wolfcrypt/sha256.h>
 #endif
 
 #include <wolfssl/wolfcrypt/hash.h>
 
-#if !defined(NO_MD5) && !defined(WOLFSSL_TI_HASH)
+#if !defined(NO_MD5)
 void wc_Md5GetHash(Md5* md5, byte* hash)
 {
     Md5 save = *md5 ;
@@ -46,7 +48,7 @@ void wc_Md5GetHash(Md5* md5, byte* hash)
 }
 #endif
 
-#if !defined(NO_SHA) && !defined(WOLFSSL_TI_HASH)
+#if !defined(NO_SHA)
 int wc_ShaGetHash(Sha* sha, byte* hash)
 {
     int ret ;
@@ -57,7 +59,7 @@ int wc_ShaGetHash(Sha* sha, byte* hash)
 }
 #endif
 
-#if !defined(NO_SHA256)  && !defined(WOLFSSL_TI_HASH)
+#if !defined(NO_SHA256)
 int wc_Sha256GetHash(Sha256* sha256, byte* hash)
 {
     int ret ;
@@ -67,3 +69,6 @@ int wc_Sha256GetHash(Sha256* sha256, byte* hash)
     return ret ;
 }
 #endif
+
+#endif
+

From 8fa258c657fbab6de8c5210a28b64ebb12fcc015 Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Mon, 15 Jun 2015 17:52:30 -0700
Subject: [PATCH 136/350] fix scan-build warning

---
 wolfcrypt/src/random.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c
index 34763ae8b..4a1f7ea5b 100755
--- a/wolfcrypt/src/random.c
+++ b/wolfcrypt/src/random.c
@@ -418,12 +418,16 @@ static int Hash_DRBG_Instantiate(DRBG* drbg, const byte* seed, word32 seedSz,
 /* Returns: DRBG_SUCCESS or DRBG_FAILURE */
 static int Hash_DRBG_Uninstantiate(DRBG* drbg)
 {
-    volatile DRBG clear = {0, 0, {0}, {0}, 0};
+    word32 i;
+    int    compareSum = 0;
+    byte*  compareDrbg = (byte*)drbg;
 
     ForceZero(drbg, sizeof(DRBG));
 
-    return (ConstantCompare((byte*)drbg, (byte*)&clear, sizeof(DRBG)) == 0) ?
-        DRBG_SUCCESS : DRBG_FAILURE;
+    for (i = 0; i < sizeof(DRBG); i++)
+        compareSum |= compareDrbg[i] ^ 0;
+
+    return (compareSum == 0) ? DRBG_SUCCESS : DRBG_FAILURE;
 }
 
 /* End NIST DRBG Code */

From a62589f3fce17136cc1eceb462a089efedbc2178 Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Tue, 16 Jun 2015 11:29:27 -0700
Subject: [PATCH 137/350] add wc_ecc_check_key(), import validate option too

---
 wolfcrypt/src/ecc.c             | 221 +++++++++++++++++++++++++-------
 wolfcrypt/src/error.c           |   7 +-
 wolfcrypt/src/tfm.c             |   3 +-
 wolfcrypt/test/test.c           |   4 +
 wolfssl/wolfcrypt/ecc.h         |   2 +
 wolfssl/wolfcrypt/error-crypt.h |   3 +-
 wolfssl/wolfcrypt/tfm.h         |   2 +-
 7 files changed, 193 insertions(+), 49 deletions(-)

diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c
index 7012642b9..897d46adf 100644
--- a/wolfcrypt/src/ecc.c
+++ b/wolfcrypt/src/ecc.c
@@ -195,6 +195,7 @@ int  ecc_projective_dbl_point(ecc_point* P, ecc_point* R, mp_int* modulus,
                               mp_digit* mp);
 static int ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R, mp_int* modulus,
                       int map);
+static int ecc_check_pubkey_order(ecc_key* key, mp_int* prime, mp_int* order);
 #ifdef ECC_SHAMIR
 static int ecc_mul2add(ecc_point* A, mp_int* kA, ecc_point* B, mp_int* kB,
                        ecc_point* C, mp_int* modulus);
@@ -1519,8 +1520,6 @@ int wc_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key, byte* out,
 }
 
 
-#ifdef WOLFSSL_VALIDATE_KEYGEN
-
 /* return 1 if point is at infinity, 0 if not, < 0 on error */
 static int ecc_point_is_at_infinity(ecc_point* p)
 {
@@ -1533,8 +1532,6 @@ static int ecc_point_is_at_infinity(ecc_point* p)
     return 0;
 }
 
-#endif /* WOLFSSL_VALIDATE_KEYGEN */
-
 
 int wc_ecc_make_key_ex(RNG* rng, ecc_key* key, const ecc_set_type* dp);
 
@@ -1652,20 +1649,10 @@ int wc_ecc_make_key_ex(RNG* rng, ecc_key* key, const ecc_set_type* dp)
    if (err == MP_OKAY)
        err = ecc_mulmod(&key->k, base, &key->pubkey, &prime, 1);
 
-#ifdef WOLFSSL_VALIDATE_KEYGEN
+#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
    /* validate the public key, order * pubkey = point at infinity */
-   if (err == MP_OKAY) {
-       ecc_point* inf = ecc_new_point();
-       if (inf == NULL)
-           err = MEMORY_E;
-       else {
-           err = ecc_mulmod(&order, &key->pubkey, inf, &prime, 1);
-           if (err == MP_OKAY && !ecc_point_is_at_infinity(inf))
-               err = MP_NOT_INF_E;
-
-           ecc_del_point(inf);
-       }
-   }
+   if (err == MP_OKAY)
+       err = ecc_check_pubkey_order(key, &prime, &order);
 #endif /* WOLFSSL_VALIDATE_KEYGEN */
 
    if (err == MP_OKAY)
@@ -2358,32 +2345,30 @@ int wc_ecc_export_x963_ex(ecc_key* key, byte* out, word32* outLen, int compresse
 }
 
 
-/* is pubkey point on curve ? */
-static int ecc_is_point(ecc_key* key)
+/* is ec point on curve descriped by dp ? */
+static int ecc_is_point(const ecc_set_type* dp, ecc_point* ecp, mp_int* prime)
 {
-   mp_int prime, b, t1, t2;
+   mp_int b, t1, t2;
    int err;
 
-   if ((err = mp_init_multi(&prime, &b, &t1, &t2, NULL, NULL)) != MP_OKAY) {
+   if ((err = mp_init_multi(&b, &t1, &t2, NULL, NULL, NULL)) != MP_OKAY) {
       return err;
    }
 
-   /* load prime and b */
-   err = mp_read_radix(&prime, key->dp->prime, 16);
-   if (err == MP_OKAY)
-       err = mp_read_radix(&b, key->dp->Bf, 16);
+   /* load  b */
+   err = mp_read_radix(&b, dp->Bf, 16);
 
    /* compute y^2 */
    if (err == MP_OKAY)
-       err = mp_sqr(key->pubkey.y, &t1);
+       err = mp_sqr(ecp->y, &t1);
 
    /* compute x^3 */
    if (err == MP_OKAY)
-       err = mp_sqr(key->pubkey.x, &t2);
+       err = mp_sqr(ecp->x, &t2);
    if (err == MP_OKAY)
-       err = mp_mod(&t2, &prime, &t2);
+       err = mp_mod(&t2, prime, &t2);
    if (err == MP_OKAY)
-       err = mp_mul(key->pubkey.x, &t2, &t2);
+       err = mp_mul(ecp->x, &t2, &t2);
 
    /* compute y^2 - x^3 */
    if (err == MP_OKAY)
@@ -2391,19 +2376,19 @@ static int ecc_is_point(ecc_key* key)
 
    /* compute y^2 - x^3 + 3x */
    if (err == MP_OKAY)
-       err = mp_add(&t1, key->pubkey.x, &t1);
+       err = mp_add(&t1, ecp->x, &t1);
    if (err == MP_OKAY)
-       err = mp_add(&t1, key->pubkey.x, &t1);
+       err = mp_add(&t1, ecp->x, &t1);
    if (err == MP_OKAY)
-       err = mp_add(&t1, key->pubkey.x, &t1);
+       err = mp_add(&t1, ecp->x, &t1);
    if (err == MP_OKAY)
-       err = mp_mod(&t1, &prime, &t1);
+       err = mp_mod(&t1, prime, &t1);
 
    while (err == MP_OKAY && mp_cmp_d(&t1, 0) == MP_LT) {
-      err = mp_add(&t1, &prime, &t1);
+      err = mp_add(&t1, prime, &t1);
    }
-   while (err == MP_OKAY && mp_cmp(&t1, &prime) != MP_LT) {
-      err = mp_sub(&t1, &prime, &t1);
+   while (err == MP_OKAY && mp_cmp(&t1, prime) != MP_LT) {
+      err = mp_sub(&t1, prime, &t1);
    }
 
    /* compare to b */
@@ -2415,7 +2400,6 @@ static int ecc_is_point(ecc_key* key)
        }
    }
 
-   mp_clear(&prime);
    mp_clear(&b);
    mp_clear(&t1);
    mp_clear(&t2);
@@ -2424,6 +2408,146 @@ static int ecc_is_point(ecc_key* key)
 }
 
 
+/* validate privkey * generator == pubkey, 0 on success */
+static int ecc_check_privkey_gen(ecc_key* key, mp_int* prime)
+{
+    ecc_point* base = NULL;
+    ecc_point* res  = NULL;
+    int        err;
+
+    if (key == NULL)
+        return BAD_FUNC_ARG;
+
+    base = ecc_new_point();
+    if (base == NULL)
+        return MEMORY_E;
+
+    /* set up base generator */
+    err = mp_read_radix(base->x, (char*)key->dp->Gx, 16);
+    if (err == MP_OKAY)
+        err = mp_read_radix(base->y, (char*)key->dp->Gy, 16);
+    if (err == MP_OKAY)
+        mp_set(base->z, 1);
+
+    if (err == MP_OKAY) {
+        res = ecc_new_point();
+        if (res == NULL)
+            err = MEMORY_E;
+        else {
+            err = ecc_mulmod(&key->k, base, res, prime, 1);
+            if (err == MP_OKAY) {
+                /* compare result to public key */
+                if (mp_cmp(res->x, key->pubkey.x) != MP_EQ ||
+                    mp_cmp(res->y, key->pubkey.y) != MP_EQ ||
+                    mp_cmp(res->z, key->pubkey.z) != MP_EQ) {
+                    /* didn't match */
+                    err = ECC_PRIV_KEY_E;
+                }
+            }
+        }
+    }
+
+    ecc_del_point(res);
+    ecc_del_point(base);
+
+    return err;
+}
+
+
+#ifdef WOLFSSL_VALIDATE_ECC_IMPORT
+
+/* check privkey generator helper, creates prime needed */
+static int ecc_check_privkey_gen_helper(ecc_key* key)
+{
+    mp_int prime;
+    int    err;
+
+    if (key == NULL)
+        return BAD_FUNC_ARG;
+
+    err = mp_init(&prime);
+    if (err != MP_OKAY)
+        return err;
+
+    err = mp_read_radix(&prime, (char*)key->dp->prime, 16);
+
+    if (err == MP_OKAY);
+        err = ecc_check_privkey_gen(key, &prime);
+
+    mp_clear(&prime);
+
+    return err;
+}
+
+#endif /* WOLFSSL_VALIDATE_ECC_IMPORT */
+
+
+/* validate order * pubkey = point at infinity, 0 on success */
+static int ecc_check_pubkey_order(ecc_key* key, mp_int* prime, mp_int* order)
+{
+    ecc_point* inf = NULL;
+    int        err;
+
+    if (key == NULL)
+        return BAD_FUNC_ARG;
+
+    inf = ecc_new_point();
+    if (inf == NULL)
+        err = MEMORY_E;
+    else {
+        err = ecc_mulmod(order, &key->pubkey, inf, prime, 1);
+        if (err == MP_OKAY && !ecc_point_is_at_infinity(inf))
+            err = ECC_INF_E;
+    }
+
+    ecc_del_point(inf);
+
+    return err;
+}
+
+
+/* perform sanity checks on ec key validity, 0 on success */
+int wc_ecc_check_key(ecc_key* key)
+{
+    mp_int prime;  /* used by multiple calls so let's cache */
+    mp_int order;  /* other callers have, so let's gen here */
+    int    err;
+
+    if (key == NULL)
+        return BAD_FUNC_ARG;
+
+    /* pubkey point cannot be at inifinity */
+    if (ecc_point_is_at_infinity(&key->pubkey))
+        return ECC_INF_E;
+
+    err = mp_init_multi(&prime, &order, NULL, NULL, NULL, NULL);
+    if (err != MP_OKAY)
+        return err;
+
+    err = mp_read_radix(&prime, (char*)key->dp->prime, 16);
+
+    /* make sure point is actually on curve */
+    if (err == MP_OKAY)
+        err = ecc_is_point(key->dp, &key->pubkey, &prime);
+
+    if (err == MP_OKAY)
+        err = mp_read_radix(&order, (char*)key->dp->order, 16);
+
+    /* pubkey * order must be at infinity */
+    if (err == MP_OKAY)
+        err = ecc_check_pubkey_order(key, &prime, &order);
+
+    /* private * base generator must equal pubkey */
+    if (err == MP_OKAY && key->type == ECC_PRIVATEKEY)
+        err = ecc_check_privkey_gen(key, &prime);
+
+    mp_clear(&order);
+    mp_clear(&prime);
+
+    return err;
+}
+
+
 /* import public ECC key in ANSI X9.63 format */
 int wc_ecc_import_x963(const byte* in, word32 inLen, ecc_key* key)
 {
@@ -2558,11 +2682,10 @@ int wc_ecc_import_x963(const byte* in, word32 inLen, ecc_key* key)
    if (err == MP_OKAY)
        mp_set(key->pubkey.z, 1);
 
-   if (err == MP_OKAY) {
-       err = ecc_is_point(key);
-       if (err != MP_OKAY)
-           err = IS_POINT_E;
-   }
+#ifdef WOLFSSL_VALIDATE_ECC_IMPORT
+   if (err == MP_OKAY)
+       err = wc_ecc_check_key(key);
+#endif
 
    if (err != MP_OKAY) {
        mp_clear(key->pubkey.x);
@@ -2610,7 +2733,14 @@ int wc_ecc_import_private_key(const byte* priv, word32 privSz, const byte* pub,
 
     key->type = ECC_PRIVATEKEY;
 
-    return mp_read_unsigned_bin(&key->k, priv, privSz);
+    ret = mp_read_unsigned_bin(&key->k, priv, privSz);
+
+#ifdef WOLFSSL_VALIDATE_ECC_IMPORT
+    if (ret == MP_OKAY)
+        ret = ecc_check_privkey_gen_helper(key);
+#endif
+
+    return ret;
 }
 
 /**
@@ -2722,6 +2852,11 @@ int wc_ecc_import_raw(ecc_key* key, const char* qx, const char* qy,
         err = mp_read_radix(&key->k, d, 16);
     }
 
+#ifdef WOLFSSL_VALIDATE_ECC_IMPORT
+    if (err == MP_OKAY)
+        err = wc_ecc_check_key(key);
+#endif
+
     if (err != MP_OKAY) {
         mp_clear(key->pubkey.x);
         mp_clear(key->pubkey.y);
diff --git a/wolfcrypt/src/error.c b/wolfcrypt/src/error.c
index 58a5b4fa0..7d1d5ebe7 100644
--- a/wolfcrypt/src/error.c
+++ b/wolfcrypt/src/error.c
@@ -322,8 +322,11 @@ const char* wc_GetErrorString(int error)
     case IS_POINT_E:
         return "ECC is point on curve failed";
 
-    case MP_NOT_INF_E:
-        return " ECC point expected at infinity error";
+    case ECC_INF_E:
+        return " ECC point at infinity error";
+
+    case ECC_PRIV_KEY_E:
+        return " ECC private key is not valid error";
 
     default:
         return "unknown error number";
diff --git a/wolfcrypt/src/tfm.c b/wolfcrypt/src/tfm.c
index 526891772..2c1e86c31 100755
--- a/wolfcrypt/src/tfm.c
+++ b/wolfcrypt/src/tfm.c
@@ -2638,10 +2638,9 @@ int mp_read_radix(mp_int *a, const char *str, int radix)
 }
 
 /* fast math conversion */
-int mp_set(fp_int *a, fp_digit b)
+void mp_set(fp_int *a, fp_digit b)
 {
     fp_set(a,b);
-    return MP_OKAY;
 }
 
 /* fast math conversion */
diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c
index ee1990929..cf5dbe56e 100644
--- a/wolfcrypt/test/test.c
+++ b/wolfcrypt/test/test.c
@@ -4888,6 +4888,10 @@ int ecc_test(void)
     if (ret != 0)
         return -1014;
 
+    ret = wc_ecc_check_key(&userA);
+    if (ret != 0)
+        return -1024;
+
     ret = wc_ecc_make_key(&rng, 32, &userB);
 
     if (ret != 0)
diff --git a/wolfssl/wolfcrypt/ecc.h b/wolfssl/wolfcrypt/ecc.h
index 551a6d2ac..447e8d3e2 100644
--- a/wolfssl/wolfcrypt/ecc.h
+++ b/wolfssl/wolfcrypt/ecc.h
@@ -135,6 +135,8 @@ extern const ecc_set_type ecc_sets[];
 WOLFSSL_API
 int wc_ecc_make_key(RNG* rng, int keysize, ecc_key* key);
 WOLFSSL_API
+int wc_ecc_check_key(ecc_key* key);
+WOLFSSL_API
 int wc_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key, byte* out,
                       word32* outlen);
 WOLFSSL_API
diff --git a/wolfssl/wolfcrypt/error-crypt.h b/wolfssl/wolfcrypt/error-crypt.h
index 616610cc6..79991fdf4 100644
--- a/wolfssl/wolfcrypt/error-crypt.h
+++ b/wolfssl/wolfcrypt/error-crypt.h
@@ -148,7 +148,8 @@ enum {
 
     MAC_CMP_FAILED_E    = -213,  /* MAC comparison failed */
     IS_POINT_E          = -214,  /* ECC is point on curve failed */
-    MP_NOT_INF_E        = -215,  /* ECC point expected at infinity error */
+    ECC_INF_E           = -215,  /* ECC point infinity error */
+    ECC_PRIV_KEY_E      = -216,  /* ECC private key not valid error */
 
     MIN_CODE_E          = -300   /* errors -101 - -299 */
 };
diff --git a/wolfssl/wolfcrypt/tfm.h b/wolfssl/wolfcrypt/tfm.h
index 6c8969307..1b0bbeab9 100644
--- a/wolfssl/wolfcrypt/tfm.h
+++ b/wolfssl/wolfcrypt/tfm.h
@@ -684,7 +684,7 @@ void mp_rshb(mp_int *a, int x);
 
 #ifdef HAVE_ECC
     int mp_read_radix(mp_int* a, const char* str, int radix);
-    int mp_set(fp_int *a, fp_digit b);
+    void mp_set(fp_int *a, fp_digit b);
     int mp_sqr(fp_int *a, fp_int *b);
     int mp_montgomery_reduce(fp_int *a, fp_int *m, fp_digit mp);
     int mp_montgomery_setup(fp_int *a, fp_digit *rho);

From 19cad21a465aa851b73940c2543ef40b34ad453f Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Tue, 16 Jun 2015 21:49:01 -0700
Subject: [PATCH 138/350] fix bug when defragmenting out of order DTLS
 handshake messages

---
 src/internal.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/internal.c b/src/internal.c
index 1591acb3f..5e264340b 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -2165,8 +2165,8 @@ void DtlsMsgSet(DtlsMsg* msg, word32 seq, const byte* data, byte type,
              * hash routines look at a defragmented message if it had actually
              * come across as a single handshake message. */
             XMEMCPY(msg->msg + fragOffset, data, fragSz);
-            c32to24(msg->sz, msg->msg - DTLS_HANDSHAKE_FRAG_SZ);
         }
+        c32to24(msg->sz, msg->msg - DTLS_HANDSHAKE_FRAG_SZ);
     }
 }
 

From 11f0ae47afd15f1a1201ca1bb1daea3096fa4b7c Mon Sep 17 00:00:00 2001
From: lchristina26 <leah@wolfssl.com>
Date: Wed, 17 Jun 2015 09:51:38 -0600
Subject: [PATCH 139/350] fix redeclaration of RsaKeyToDer() with FIPS

---
 wolfssl/wolfcrypt/rsa.h | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/wolfssl/wolfcrypt/rsa.h b/wolfssl/wolfcrypt/rsa.h
index 30c0a0dfd..5441535eb 100644
--- a/wolfssl/wolfcrypt/rsa.h
+++ b/wolfssl/wolfcrypt/rsa.h
@@ -96,13 +96,15 @@ WOLFSSL_API int  wc_RsaPublicKeyDecode(const byte* input, word32* inOutIdx,
                                                                RsaKey*, word32);
 WOLFSSL_API int  wc_RsaPublicKeyDecodeRaw(const byte* n, word32 nSz,
                                         const byte* e, word32 eSz, RsaKey* key);
+#ifdef WOLFSSL_KEY_GEN
+    WOLFSSL_API int wc_RsaKeyToDer(RsaKey*, byte* output, word32 inLen);
+#endif
 #endif /* HAVE_FIPS*/
 WOLFSSL_API int  wc_RsaFlattenPublicKey(RsaKey*, byte*, word32*, byte*,
                                                                        word32*);
 
 #ifdef WOLFSSL_KEY_GEN
     WOLFSSL_API int wc_MakeRsaKey(RsaKey* key, int size, long e, RNG* rng);
-    WOLFSSL_API int wc_RsaKeyToDer(RsaKey*, byte* output, word32 inLen);
 #endif
 
 #ifdef HAVE_CAVIUM

From 7d9a1ccf42324ca8a8241d103795d0e250bdd8a2 Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Wed, 17 Jun 2015 12:37:10 -0700
Subject: [PATCH 140/350] allow storage of out of order zero length DTLS
 handshake messages

---
 src/internal.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/internal.c b/src/internal.c
index 5e264340b..d6102716c 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -2147,14 +2147,15 @@ void DtlsMsgSet(DtlsMsg* msg, word32 seq, const byte* data, byte type,
                                               word32 fragOffset, word32 fragSz)
 {
     if (msg != NULL && data != NULL && msg->fragSz <= msg->sz &&
-                     fragOffset < msg->sz && (fragOffset + fragSz) <= msg->sz) {
+                    fragOffset <= msg->sz && (fragOffset + fragSz) <= msg->sz) {
 
         msg->seq = seq;
         msg->type = type;
         msg->fragSz += fragSz;
         /* If fragOffset is zero, this is either a full message that is out
          * of order, or the first fragment of a fragmented message. Copy the
-         * handshake message header as well as the message data. */
+         * handshake message header with the message data. Zero length messages
+         * like Server Hello Done should be saved as well. */
         if (fragOffset == 0)
             XMEMCPY(msg->buf, data - DTLS_HANDSHAKE_HEADER_SZ,
                                             fragSz + DTLS_HANDSHAKE_HEADER_SZ);

From e61592b9d86ea29d1366f23eebcf723f62947fff Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Wed, 17 Jun 2015 13:46:09 -0700
Subject: [PATCH 141/350] Added ECC test certificate for having keyUsage
 without digitalSignature.

---
 certs/test/catalog.txt  |  3 +++
 certs/test/digsigku.pem | 52 +++++++++++++++++++++++++++++++++++++++++
 2 files changed, 55 insertions(+)
 create mode 100644 certs/test/digsigku.pem

diff --git a/certs/test/catalog.txt b/certs/test/catalog.txt
index a1f77b4b3..da7c211ec 100644
--- a/certs/test/catalog.txt
+++ b/certs/test/catalog.txt
@@ -7,3 +7,6 @@ dh512.pem, dh512.der:
 dh1024.pem, dh1024.der:
   1024-bit DH parameters. Used for testing the rejection of lower-bit sized DH
   keys.
+digsigku.pem:
+  ECC certificate with a KeyUsage extension without the digitalSignature bit
+  set.
diff --git a/certs/test/digsigku.pem b/certs/test/digsigku.pem
new file mode 100644
index 000000000..edc30ba3d
--- /dev/null
+++ b/certs/test/digsigku.pem
@@ -0,0 +1,52 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            e3:81:4b:48:a5:70:61:70
+        Signature Algorithm: ecdsa-with-SHA1
+        Issuer: C=US, ST=Washington, L=Seattle, O=Foofarah, OU=Arglebargle, CN=foobarbaz/emailAddress=info@worlss.com
+        Validity
+            Not Before: Sep 10 00:45:36 2014 GMT
+            Not After : Jun  6 00:45:36 2017 GMT
+        Subject: C=US, ST=Washington, L=Seattle, O=Foofarah, OU=Arglebargle, CN=foobarbaz/emailAddress=info@worlss.com
+        Subject Public Key Info:
+            Public Key Algorithm: id-ecPublicKey
+            EC Public Key:
+                pub: 
+                    04:bb:33:ac:4c:27:50:4a:c6:4a:a5:04:c3:3c:de:
+                    9f:36:db:72:2d:ce:94:ea:2b:fa:cb:20:09:39:2c:
+                    16:e8:61:02:e9:af:4d:d3:02:93:9a:31:5b:97:92:
+                    21:7f:f0:cf:18:da:91:11:02:34:86:e8:20:58:33:
+                    0b:80:34:89:d8
+                ASN1 OID: prime256v1
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                5D:5D:26:EF:AC:7E:36:F9:9B:76:15:2B:4A:25:02:23:EF:B2:89:30
+            X509v3 Authority Key Identifier: 
+                keyid:5D:5D:26:EF:AC:7E:36:F9:9B:76:15:2B:4A:25:02:23:EF:B2:89:30
+
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+            X509v3 Key Usage: critical
+                Non Repudiation, Key Encipherment
+    Signature Algorithm: ecdsa-with-SHA1
+        30:46:02:21:00:f4:36:ee:86:21:d5:c7:1f:2d:0d:bb:29:ae:
+        c1:74:ff:a3:ce:41:fe:cb:93:eb:ff:ef:fe:e3:4d:20:e5:18:
+        65:02:21:00:b1:39:13:12:e2:b5:19:f2:8f:5b:40:ac:7a:5c:
+        e2:a6:e3:d3:e6:9f:79:3c:29:d8:c6:7d:88:f4:60:0c:48:00
+-----BEGIN CERTIFICATE-----
+MIICfTCCAiOgAwIBAgIJAOOBS0ilcGFwMAkGByqGSM49BAEwgZExCzAJBgNVBAYT
+AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMREwDwYD
+VQQKDAhGb29mYXJhaDEUMBIGA1UECwwLQXJnbGViYXJnbGUxEjAQBgNVBAMMCWZv
+b2JhcmJhejEeMBwGCSqGSIb3DQEJARYPaW5mb0B3b3Jsc3MuY29tMB4XDTE0MDkx
+MDAwNDUzNloXDTE3MDYwNjAwNDUzNlowgZExCzAJBgNVBAYTAlVTMRMwEQYDVQQI
+DApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMREwDwYDVQQKDAhGb29mYXJh
+aDEUMBIGA1UECwwLQXJnbGViYXJnbGUxEjAQBgNVBAMMCWZvb2JhcmJhejEeMBwG
+CSqGSIb3DQEJARYPaW5mb0B3b3Jsc3MuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0D
+AQcDQgAEuzOsTCdQSsZKpQTDPN6fNttyLc6U6iv6yyAJOSwW6GEC6a9N0wKTmjFb
+l5Ihf/DPGNqREQI0huggWDMLgDSJ2KNjMGEwHQYDVR0OBBYEFF1dJu+sfjb5m3YV
+K0olAiPvsokwMB8GA1UdIwQYMBaAFF1dJu+sfjb5m3YVK0olAiPvsokwMA8GA1Ud
+EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgVgMAkGByqGSM49BAEDSQAwRgIhAPQ2
+7oYh1ccfLQ27Ka7BdP+jzkH+y5Pr/+/+400g5RhlAiEAsTkTEuK1GfKPW0Cselzi
+puPT5p95PCnYxn2I9GAMSAA=
+-----END CERTIFICATE-----

From 4e546d92d9ec4422e62c0ef6996762e8b7d0bdb8 Mon Sep 17 00:00:00 2001
From: Takashi Kojo <kojo@wolfssl.com>
Date: Thu, 18 Jun 2015 14:25:48 +0900
Subject: [PATCH 142/350] BuildMD5/SHA for GetHash, RestorePos

---
 src/internal.c | 422 ++++++++++++++++++++++++++++---------------------
 1 file changed, 246 insertions(+), 176 deletions(-)

diff --git a/src/internal.c b/src/internal.c
index 2d8fda0e5..8b24167dd 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -1835,7 +1835,7 @@ void SSL_ResourceFree(WOLFSSL* ssl)
 
 #ifdef WOLFSSL_TI_HASH
 static void HashFinal(WOLFSSL * ssl) {
-	byte dummyHash[32] ;
+    byte dummyHash[32] ;
 #ifndef NO_MD5
     wc_Md5Final(&(ssl->hsHashes->hashMd5), dummyHash) ;
 #endif
@@ -3025,22 +3025,44 @@ static const byte PAD2[PAD_MD5] =
                               };
 
 /* calculate MD5 hash for finished */
+#ifdef WOLFSSL_TI_HASH
+#include <wolfssl/wolfcrypt/hash.h>
+#endif
+
 static void BuildMD5(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
 {
+
     byte md5_result[MD5_DIGEST_SIZE];
 
+#ifdef WOLFSSL_SMALL_STACK
+        Md5* md5   = (Md5*)XMALLOC(sizeof(Md5), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        Md5* md5_2 = (Md5*)XMALLOC(sizeof(Md5), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#else
+        Md5 md5[1];
+        Md5 md5_2[1];
+#endif
+
     /* make md5 inner */
+    md5[0] = ssl->hsHashes->hashMd5 ; /* Save current position */
+
     wc_Md5Update(&ssl->hsHashes->hashMd5, sender, SIZEOF_SENDER);
     wc_Md5Update(&ssl->hsHashes->hashMd5, ssl->arrays->masterSecret,SECRET_LEN);
     wc_Md5Update(&ssl->hsHashes->hashMd5, PAD1, PAD_MD5);
     wc_Md5GetHash(&ssl->hsHashes->hashMd5, md5_result);
+    wc_Md5RestorePos(&ssl->hsHashes->hashMd5, md5) ; /* Restore current position */
 
     /* make md5 outer */
-    wc_Md5Update(&ssl->hsHashes->hashMd5, ssl->arrays->masterSecret,SECRET_LEN);
-    wc_Md5Update(&ssl->hsHashes->hashMd5, PAD2, PAD_MD5);
-    wc_Md5Update(&ssl->hsHashes->hashMd5, md5_result, MD5_DIGEST_SIZE);
+    wc_InitMd5(md5_2) ;
+    wc_Md5Update(md5_2, ssl->arrays->masterSecret,SECRET_LEN);
+    wc_Md5Update(md5_2, PAD2, PAD_MD5);
+    wc_Md5Update(md5_2, md5_result, MD5_DIGEST_SIZE);
+    wc_Md5Final(md5_2, hashes->md5);
+
+#ifdef WOLFSSL_SMALL_STACK
+    XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(md5_2, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
 
-    wc_Md5GetHash(&ssl->hsHashes->hashMd5, hashes->md5);
 }
 
 
@@ -3049,21 +3071,36 @@ static void BuildSHA(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
 {
     byte sha_result[SHA_DIGEST_SIZE];
 
+#ifdef WOLFSSL_SMALL_STACK
+        Sha* sha = (Sha*)XMALLOC(sizeof(Sha), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        Sha* sha2 = (Sha*)XMALLOC(sizeof(Sha), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#else
+        Sha sha[1];
+        Sha sha2[1] ;
+#endif
     /* make sha inner */
+    sha[0] = ssl->hsHashes->hashSha ; /* Save current position */
+
     wc_ShaUpdate(&ssl->hsHashes->hashSha, sender, SIZEOF_SENDER);
     wc_ShaUpdate(&ssl->hsHashes->hashSha, ssl->arrays->masterSecret,SECRET_LEN);
     wc_ShaUpdate(&ssl->hsHashes->hashSha, PAD1, PAD_SHA);
     wc_ShaGetHash(&ssl->hsHashes->hashSha, sha_result);
+    wc_ShaRestorePos(&ssl->hsHashes->hashSha, sha) ; /* Restore current position */
 
     /* make sha outer */
-    wc_ShaUpdate(&ssl->hsHashes->hashSha, ssl->arrays->masterSecret,SECRET_LEN);
-    wc_ShaUpdate(&ssl->hsHashes->hashSha, PAD2, PAD_SHA);
-    wc_ShaUpdate(&ssl->hsHashes->hashSha, sha_result, SHA_DIGEST_SIZE);
+    wc_InitSha(sha2) ;
+    wc_ShaUpdate(sha2, ssl->arrays->masterSecret,SECRET_LEN);
+    wc_ShaUpdate(sha2, PAD2, PAD_SHA);
+    wc_ShaUpdate(sha2, sha_result, SHA_DIGEST_SIZE);
+    wc_ShaFinal(sha2, hashes->sha);
 
-    wc_ShaGetHash(&ssl->hsHashes->hashSha, hashes->sha);
-}
+#ifdef WOLFSSL_SMALL_STACK
+    XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(sha2, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
+}
+#endif
 
 /* Finished doesn't support SHA512, not SHA512 cipher suites yet */
 static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
@@ -5120,7 +5157,7 @@ static int Poly1305Tag(WOLFSSL* ssl, byte* additional, const byte* out,
     if ((ret = wc_Poly1305SetKey(ssl->auth.poly1305, cipher, keySz)) != 0)
         return ret;
 
-	/* additional input to poly1305 */
+    /* additional input to poly1305 */
     if ((ret = wc_Poly1305Update(ssl->auth.poly1305, additional, blockSz)) != 0)
         return ret;
 
@@ -5179,7 +5216,7 @@ static int Poly1305TagOld(WOLFSSL* ssl, byte* additional, const byte* out,
     if ((ret = wc_Poly1305SetKey(ssl->auth.poly1305, cipher, keySz)) != 0)
         return ret;
 
-	/* add TLS compressed length and additional input to poly1305 */
+    /* add TLS compressed length and additional input to poly1305 */
     additional[AEAD_AUTH_DATA_SZ - 2] = (msglen >> 8) & 0xff;
     additional[AEAD_AUTH_DATA_SZ - 1] =  msglen       & 0xff;
     if ((ret = wc_Poly1305Update(ssl->auth.poly1305, additional,
@@ -5219,201 +5256,201 @@ static int Poly1305TagOld(WOLFSSL* ssl, byte* additional, const byte* out,
 static int  ChachaAEADEncrypt(WOLFSSL* ssl, byte* out, const byte* input,
                               word16 sz)
 {
-	const byte* additionalSrc = input - RECORD_HEADER_SZ;
-	int ret = 0;
-	byte tag[POLY1305_AUTH_SZ];
-	byte additional[CHACHA20_BLOCK_SIZE];
-	byte nonce[AEAD_NONCE_SZ];
-	byte cipher[CHACHA20_256_KEY_SIZE]; /* generated key for poly1305 */
+    const byte* additionalSrc = input - RECORD_HEADER_SZ;
+    int ret = 0;
+    byte tag[POLY1305_AUTH_SZ];
+    byte additional[CHACHA20_BLOCK_SIZE];
+    byte nonce[AEAD_NONCE_SZ];
+    byte cipher[CHACHA20_256_KEY_SIZE]; /* generated key for poly1305 */
     #ifdef CHACHA_AEAD_TEST
         int i;
     #endif
 
-	XMEMSET(tag, 0, sizeof(tag));
-	XMEMSET(nonce, 0, AEAD_NONCE_SZ);
-	XMEMSET(cipher, 0, sizeof(cipher));
-	XMEMSET(additional, 0, CHACHA20_BLOCK_SIZE);
+    XMEMSET(tag, 0, sizeof(tag));
+    XMEMSET(nonce, 0, AEAD_NONCE_SZ);
+    XMEMSET(cipher, 0, sizeof(cipher));
+    XMEMSET(additional, 0, CHACHA20_BLOCK_SIZE);
 
-	/* get nonce */
-	c32toa(ssl->keys.sequence_number, nonce + AEAD_IMP_IV_SZ
-	       + AEAD_SEQ_OFFSET);
+    /* get nonce */
+    c32toa(ssl->keys.sequence_number, nonce + AEAD_IMP_IV_SZ
+           + AEAD_SEQ_OFFSET);
 
-	/* opaque SEQ number stored for AD */
-	c32toa(GetSEQIncrement(ssl, 0), additional + AEAD_SEQ_OFFSET);
+    /* opaque SEQ number stored for AD */
+    c32toa(GetSEQIncrement(ssl, 0), additional + AEAD_SEQ_OFFSET);
 
-	/* Store the type, version. Unfortunately, they are in
-	 * the input buffer ahead of the plaintext. */
-	#ifdef WOLFSSL_DTLS
-	    if (ssl->options.dtls) {
-	        c16toa(ssl->keys.dtls_epoch, additional);
-	        additionalSrc -= DTLS_HANDSHAKE_EXTRA;
-	    }
-	#endif
+    /* Store the type, version. Unfortunately, they are in
+     * the input buffer ahead of the plaintext. */
+    #ifdef WOLFSSL_DTLS
+        if (ssl->options.dtls) {
+            c16toa(ssl->keys.dtls_epoch, additional);
+            additionalSrc -= DTLS_HANDSHAKE_EXTRA;
+        }
+    #endif
 
-	XMEMCPY(additional + AEAD_TYPE_OFFSET, additionalSrc, 3);
+    XMEMCPY(additional + AEAD_TYPE_OFFSET, additionalSrc, 3);
 
-	#ifdef CHACHA_AEAD_TEST
-		printf("Encrypt Additional : ");
-		for (i = 0; i < CHACHA20_BLOCK_SIZE; i++) {
-		    printf("%02x", additional[i]);
-		}
-		printf("\n\n");
-		printf("input before encryption :\n");
-		for (i = 0; i < sz; i++) {
-		    printf("%02x", input[i]);
-		    if ((i + 1) % 16 == 0)
-		        printf("\n");
-		}
-		printf("\n");
-	#endif
+    #ifdef CHACHA_AEAD_TEST
+        printf("Encrypt Additional : ");
+        for (i = 0; i < CHACHA20_BLOCK_SIZE; i++) {
+            printf("%02x", additional[i]);
+        }
+        printf("\n\n");
+        printf("input before encryption :\n");
+        for (i = 0; i < sz; i++) {
+            printf("%02x", input[i]);
+            if ((i + 1) % 16 == 0)
+                printf("\n");
+        }
+        printf("\n");
+    #endif
 
-	/* set the nonce for chacha and get poly1305 key */
-	if ((ret = wc_Chacha_SetIV(ssl->encrypt.chacha, nonce, 0)) != 0)
-	    return ret;
+    /* set the nonce for chacha and get poly1305 key */
+    if ((ret = wc_Chacha_SetIV(ssl->encrypt.chacha, nonce, 0)) != 0)
+        return ret;
 
-		if ((ret = wc_Chacha_Process(ssl->encrypt.chacha, cipher,
-	                cipher, sizeof(cipher))) != 0)
-	    return ret;
+        if ((ret = wc_Chacha_Process(ssl->encrypt.chacha, cipher,
+                    cipher, sizeof(cipher))) != 0)
+        return ret;
 
-	/* encrypt the plain text */
-	if ((ret = wc_Chacha_Process(ssl->encrypt.chacha, out, input,
-	               sz - ssl->specs.aead_mac_size)) != 0)
-	    return ret;
+    /* encrypt the plain text */
+    if ((ret = wc_Chacha_Process(ssl->encrypt.chacha, out, input,
+                   sz - ssl->specs.aead_mac_size)) != 0)
+        return ret;
 
-	/* get the tag : future use of hmac could go here*/
-	if (ssl->options.oldPoly == 1) {
-	    if ((ret = Poly1305TagOld(ssl, additional, (const byte* )out,
-	                cipher, sz, tag)) != 0)
-	        return ret;
-	}
-	else {
-	    if ((ret = Poly1305Tag(ssl, additional, (const byte* )out,
-	                cipher, sz, tag)) != 0)
-	        return ret;
-	}
+    /* get the tag : future use of hmac could go here*/
+    if (ssl->options.oldPoly == 1) {
+        if ((ret = Poly1305TagOld(ssl, additional, (const byte* )out,
+                    cipher, sz, tag)) != 0)
+            return ret;
+    }
+    else {
+        if ((ret = Poly1305Tag(ssl, additional, (const byte* )out,
+                    cipher, sz, tag)) != 0)
+            return ret;
+    }
 
-	/* append tag to ciphertext */
-	XMEMCPY(out + sz - ssl->specs.aead_mac_size, tag, sizeof(tag));
+    /* append tag to ciphertext */
+    XMEMCPY(out + sz - ssl->specs.aead_mac_size, tag, sizeof(tag));
 
-	AeadIncrementExpIV(ssl);
-	ForceZero(nonce, AEAD_NONCE_SZ);
+    AeadIncrementExpIV(ssl);
+    ForceZero(nonce, AEAD_NONCE_SZ);
 
-	#ifdef CHACHA_AEAD_TEST
-	   printf("mac tag :\n");
-	    for (i = 0; i < 16; i++) {
-	       printf("%02x", tag[i]);
-	       if ((i + 1) % 16 == 0)
-	           printf("\n");
-	    }
-	   printf("\n\noutput after encrypt :\n");
-	    for (i = 0; i < sz; i++) {
-	       printf("%02x", out[i]);
-	       if ((i + 1) % 16 == 0)
-	           printf("\n");
-	    }
-	    printf("\n");
-	#endif
+    #ifdef CHACHA_AEAD_TEST
+       printf("mac tag :\n");
+        for (i = 0; i < 16; i++) {
+           printf("%02x", tag[i]);
+           if ((i + 1) % 16 == 0)
+               printf("\n");
+        }
+       printf("\n\noutput after encrypt :\n");
+        for (i = 0; i < sz; i++) {
+           printf("%02x", out[i]);
+           if ((i + 1) % 16 == 0)
+               printf("\n");
+        }
+        printf("\n");
+    #endif
 
-	return ret;
+    return ret;
 }
 
 
 static int ChachaAEADDecrypt(WOLFSSL* ssl, byte* plain, const byte* input,
                            word16 sz)
 {
-	byte additional[CHACHA20_BLOCK_SIZE];
-	byte nonce[AEAD_NONCE_SZ];
-	byte tag[POLY1305_AUTH_SZ];
-	byte cipher[CHACHA20_256_KEY_SIZE]; /* generated key for mac */
-	int ret = 0;
+    byte additional[CHACHA20_BLOCK_SIZE];
+    byte nonce[AEAD_NONCE_SZ];
+    byte tag[POLY1305_AUTH_SZ];
+    byte cipher[CHACHA20_256_KEY_SIZE]; /* generated key for mac */
+    int ret = 0;
 
-	XMEMSET(tag, 0, sizeof(tag));
-	XMEMSET(cipher, 0, sizeof(cipher));
-	XMEMSET(nonce, 0, AEAD_NONCE_SZ);
-	XMEMSET(additional, 0, CHACHA20_BLOCK_SIZE);
+    XMEMSET(tag, 0, sizeof(tag));
+    XMEMSET(cipher, 0, sizeof(cipher));
+    XMEMSET(nonce, 0, AEAD_NONCE_SZ);
+    XMEMSET(additional, 0, CHACHA20_BLOCK_SIZE);
 
     #ifdef CHACHA_AEAD_TEST
        int i;
-	   printf("input before decrypt :\n");
-	    for (i = 0; i < sz; i++) {
-	       printf("%02x", input[i]);
-	       if ((i + 1) % 16 == 0)
-	           printf("\n");
-	    }
-	    printf("\n");
-	#endif
+       printf("input before decrypt :\n");
+        for (i = 0; i < sz; i++) {
+           printf("%02x", input[i]);
+           if ((i + 1) % 16 == 0)
+               printf("\n");
+        }
+        printf("\n");
+    #endif
 
-	/* get nonce */
-	c32toa(ssl->keys.peer_sequence_number, nonce + AEAD_IMP_IV_SZ
-	        + AEAD_SEQ_OFFSET);
+    /* get nonce */
+    c32toa(ssl->keys.peer_sequence_number, nonce + AEAD_IMP_IV_SZ
+            + AEAD_SEQ_OFFSET);
 
-	/* sequence number field is 64-bits, we only use 32-bits */
-	c32toa(GetSEQIncrement(ssl, 1), additional + AEAD_SEQ_OFFSET);
+    /* sequence number field is 64-bits, we only use 32-bits */
+    c32toa(GetSEQIncrement(ssl, 1), additional + AEAD_SEQ_OFFSET);
 
-	/* get AD info */
-	additional[AEAD_TYPE_OFFSET] = ssl->curRL.type;
-	additional[AEAD_VMAJ_OFFSET] = ssl->curRL.pvMajor;
-	additional[AEAD_VMIN_OFFSET] = ssl->curRL.pvMinor;
+    /* get AD info */
+    additional[AEAD_TYPE_OFFSET] = ssl->curRL.type;
+    additional[AEAD_VMAJ_OFFSET] = ssl->curRL.pvMajor;
+    additional[AEAD_VMIN_OFFSET] = ssl->curRL.pvMinor;
 
-	/* Store the type, version. */
-	#ifdef WOLFSSL_DTLS
-	    if (ssl->options.dtls)
-	        c16toa(ssl->keys.dtls_state.curEpoch, additional);
-	#endif
+    /* Store the type, version. */
+    #ifdef WOLFSSL_DTLS
+        if (ssl->options.dtls)
+            c16toa(ssl->keys.dtls_state.curEpoch, additional);
+    #endif
 
-	#ifdef CHACHA_AEAD_TEST
-		printf("Decrypt Additional : ");
-		for (i = 0; i < CHACHA20_BLOCK_SIZE; i++) {
-		    printf("%02x", additional[i]);
-		}
-		printf("\n\n");
-	#endif
+    #ifdef CHACHA_AEAD_TEST
+        printf("Decrypt Additional : ");
+        for (i = 0; i < CHACHA20_BLOCK_SIZE; i++) {
+            printf("%02x", additional[i]);
+        }
+        printf("\n\n");
+    #endif
 
-	/* set nonce and get poly1305 key */
-	if ((ret = wc_Chacha_SetIV(ssl->decrypt.chacha, nonce, 0)) != 0)
-	    return ret;
+    /* set nonce and get poly1305 key */
+    if ((ret = wc_Chacha_SetIV(ssl->decrypt.chacha, nonce, 0)) != 0)
+        return ret;
 
-	if ((ret = wc_Chacha_Process(ssl->decrypt.chacha, cipher,
-	                cipher, sizeof(cipher))) != 0)
-	    return ret;
+    if ((ret = wc_Chacha_Process(ssl->decrypt.chacha, cipher,
+                    cipher, sizeof(cipher))) != 0)
+        return ret;
 
-	/* get the tag : future use of hmac could go here*/
-	if (ssl->options.oldPoly == 1) {
-	    if ((ret = Poly1305TagOld(ssl, additional, input, cipher,
-	                    sz, tag)) != 0)
-	        return ret;
-	}
-	else {
-	    if ((ret = Poly1305Tag(ssl, additional, input, cipher,
-	                    sz, tag)) != 0)
-	        return ret;
-	}
+    /* get the tag : future use of hmac could go here*/
+    if (ssl->options.oldPoly == 1) {
+        if ((ret = Poly1305TagOld(ssl, additional, input, cipher,
+                        sz, tag)) != 0)
+            return ret;
+    }
+    else {
+        if ((ret = Poly1305Tag(ssl, additional, input, cipher,
+                        sz, tag)) != 0)
+            return ret;
+    }
 
-	/* check mac sent along with packet */
+    /* check mac sent along with packet */
     if (ConstantCompare(input + sz - ssl->specs.aead_mac_size, tag,
                 ssl->specs.aead_mac_size) != 0) {
-	    WOLFSSL_MSG("Mac did not match");
-	    SendAlert(ssl, alert_fatal, bad_record_mac);
-	    ForceZero(nonce, AEAD_NONCE_SZ);
-	    return VERIFY_MAC_ERROR;
-	}
+        WOLFSSL_MSG("Mac did not match");
+        SendAlert(ssl, alert_fatal, bad_record_mac);
+        ForceZero(nonce, AEAD_NONCE_SZ);
+        return VERIFY_MAC_ERROR;
+    }
 
-	/* if mac was good decrypt message */
-	if ((ret = wc_Chacha_Process(ssl->decrypt.chacha, plain, input,
-	               sz - ssl->specs.aead_mac_size)) != 0)
-	    return ret;
+    /* if mac was good decrypt message */
+    if ((ret = wc_Chacha_Process(ssl->decrypt.chacha, plain, input,
+                   sz - ssl->specs.aead_mac_size)) != 0)
+        return ret;
 
-	#ifdef CHACHA_AEAD_TEST
-	   printf("plain after decrypt :\n");
-	    for (i = 0; i < sz; i++) {
-	       printf("%02x", plain[i]);
-	       if ((i + 1) % 16 == 0)
-	           printf("\n");
-	    }
-	    printf("\n");
-	#endif
+    #ifdef CHACHA_AEAD_TEST
+       printf("plain after decrypt :\n");
+        for (i = 0; i < sz; i++) {
+           printf("%02x", plain[i]);
+           if ((i + 1) % 16 == 0)
+               printf("\n");
+        }
+        printf("\n");
+    #endif
 
-	return ret;
+    return ret;
 }
 #endif /* HAVE_CHACHA && HAVE_POLY1305 */
 #endif /* HAVE_AEAD */
@@ -6811,17 +6848,33 @@ static void BuildMD5_CertVerify(WOLFSSL* ssl, byte* digest)
 {
     byte md5_result[MD5_DIGEST_SIZE];
 
+#ifdef WOLFSSL_SMALL_STACK
+        Md5* md5   = (Md5*)XMALLOC(sizeof(Md5), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        Md5* md5_2 = (Md5*)XMALLOC(sizeof(Md5), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#else
+        Md5 md5[1];
+        Md5 md5_2[1];
+#endif
+
     /* make md5 inner */
+    md5[0] = ssl->hsHashes->hashMd5 ; /* Save current position */
     wc_Md5Update(&ssl->hsHashes->hashMd5, ssl->arrays->masterSecret,SECRET_LEN);
     wc_Md5Update(&ssl->hsHashes->hashMd5, PAD1, PAD_MD5);
-    wc_Md5Final(&ssl->hsHashes->hashMd5, md5_result);
+    wc_Md5GetHash(&ssl->hsHashes->hashMd5, md5_result);
+    wc_Md5RestorePos(&ssl->hsHashes->hashMd5, md5) ; /* Restore current position */
 
     /* make md5 outer */
-    wc_Md5Update(&ssl->hsHashes->hashMd5, ssl->arrays->masterSecret, SECRET_LEN);
-    wc_Md5Update(&ssl->hsHashes->hashMd5, PAD2, PAD_MD5);
-    wc_Md5Update(&ssl->hsHashes->hashMd5, md5_result, MD5_DIGEST_SIZE);
+    wc_InitMd5(md5_2) ;
+    wc_Md5Update(md5_2, ssl->arrays->masterSecret, SECRET_LEN);
+    wc_Md5Update(md5_2, PAD2, PAD_MD5);
+    wc_Md5Update(md5_2, md5_result, MD5_DIGEST_SIZE);
 
-    wc_Md5Final(&ssl->hsHashes->hashMd5, digest);
+    wc_Md5Final(md5_2, digest);
+
+#ifdef WOLFSSL_SMALL_STACK
+    XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(md5_2, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
 }
 
 
@@ -6829,17 +6882,34 @@ static void BuildSHA_CertVerify(WOLFSSL* ssl, byte* digest)
 {
     byte sha_result[SHA_DIGEST_SIZE];
 
+#ifdef WOLFSSL_SMALL_STACK
+        Sha* sha   = (Sha*)XMALLOC(sizeof(Sha), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        Sha* sha2 = (Sha*)XMALLOC(sizeof(Sha), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#else
+        Sha sha[1];
+        Sha sha2[1];
+#endif
+
     /* make sha inner */
+    sha[0] = ssl->hsHashes->hashSha ; /* Save current position */
     wc_ShaUpdate(&ssl->hsHashes->hashSha, ssl->arrays->masterSecret,SECRET_LEN);
     wc_ShaUpdate(&ssl->hsHashes->hashSha, PAD1, PAD_SHA);
-    wc_ShaFinal(&ssl->hsHashes->hashSha, sha_result);
+    wc_ShaGetHash(&ssl->hsHashes->hashSha, sha_result);
+    wc_ShaRestorePos(&ssl->hsHashes->hashSha, sha) ; /* Restore current position */
 
     /* make sha outer */
-    wc_ShaUpdate(&ssl->hsHashes->hashSha, ssl->arrays->masterSecret,SECRET_LEN);
-    wc_ShaUpdate(&ssl->hsHashes->hashSha, PAD2, PAD_SHA);
-    wc_ShaUpdate(&ssl->hsHashes->hashSha, sha_result, SHA_DIGEST_SIZE);
+    wc_InitSha(sha2) ;
+    wc_ShaUpdate(sha2, ssl->arrays->masterSecret,SECRET_LEN);
+    wc_ShaUpdate(sha2, PAD2, PAD_SHA);
+    wc_ShaUpdate(sha2, sha_result, SHA_DIGEST_SIZE);
+
+    wc_ShaFinal(sha2, digest);
+
+#ifdef WOLFSSL_SMALL_STACK
+    XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(sha2, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
 
-    wc_ShaFinal(&ssl->hsHashes->hashSha, digest);
 }
 #endif /* NO_CERTS */
 #endif /* NO_OLD_TLS */

From 7ef85d1894737b9671e4ad336c6ab48a0367047b Mon Sep 17 00:00:00 2001
From: Takashi Kojo <kojo@wolfssl.com>
Date: Thu, 18 Jun 2015 14:27:15 +0900
Subject: [PATCH 143/350] Add RestorePos

---
 wolfcrypt/src/hash.c            | 22 ++++++++++++----------
 wolfcrypt/src/port/ti/ti-hash.c | 22 +++++++++++++++++++++-
 wolfssl/wolfcrypt/hash.h        |  6 ++++++
 3 files changed, 39 insertions(+), 11 deletions(-)

diff --git a/wolfcrypt/src/hash.c b/wolfcrypt/src/hash.c
index f275b50c1..55a1f6a1d 100644
--- a/wolfcrypt/src/hash.c
+++ b/wolfcrypt/src/hash.c
@@ -27,16 +27,6 @@
 
 #if !defined(WOLFSSL_TI_HASH)
 
-#if !defined(NO_MD5)
-#include <wolfssl/wolfcrypt/md5.h>
-#endif
-#if !defined(NO_SHA)
-#include <wolfssl/wolfcrypt/sha.h>
-#endif
-#if !defined(NO_SHA256)
-#include <wolfssl/wolfcrypt/sha256.h>
-#endif
-
 #include <wolfssl/wolfcrypt/hash.h>
 
 #if !defined(NO_MD5)
@@ -46,6 +36,10 @@ void wc_Md5GetHash(Md5* md5, byte* hash)
     wc_Md5Final(md5, hash) ;
     *md5 = save ;
 }
+
+WOLFSSL_API void wc_Md5RestorePos(Md5* m1, Md5* m2) {
+    *m1 = *m2 ;
+}
 #endif
 
 #if !defined(NO_SHA)
@@ -57,6 +51,10 @@ int wc_ShaGetHash(Sha* sha, byte* hash)
     *sha = save ;
     return ret ;
 }
+
+WOLFSSL_API void wc_ShaRestorePos(Sha* s1, Sha* s2) {
+    *s1 = *s2 ;
+}
 #endif
 
 #if !defined(NO_SHA256)
@@ -68,6 +66,10 @@ int wc_Sha256GetHash(Sha256* sha256, byte* hash)
     *sha256 = save ;
     return ret ;
 }
+
+WOLFSSL_API void wc_Sha256RestorePos(Sha256* s1, Sha256* s2) {
+    *s1 = *s2 ;
+}
 #endif
 
 #endif
diff --git a/wolfcrypt/src/port/ti/ti-hash.c b/wolfcrypt/src/port/ti/ti-hash.c
index 98dbba870..c60f86423 100644
--- a/wolfcrypt/src/port/ti/ti-hash.c
+++ b/wolfcrypt/src/port/ti/ti-hash.c
@@ -107,6 +107,10 @@ static int hashGetHash(wolfssl_TI_Hash *hash, byte* result, word32 algo, word32
     return 0 ;
 }
 
+static void hashRestorePos(wolfssl_TI_Hash *h1, wolfssl_TI_Hash *h2) {
+	h1->used = h2->used ;
+}
+
 static int hashFinal(wolfssl_TI_Hash *hash, byte* result, word32 algo, word32 hsize)
 {   
     hashGetHash(hash, result, algo, hsize) ;
@@ -166,7 +170,11 @@ WOLFSSL_API void wc_Md5Final(Md5* md5, byte* hash)
 
 WOLFSSL_API void wc_Md5GetHash(Md5* md5, byte* hash)
 {
-    hashGetHash(md5, hash, SHAMD5_ALGO_MD5, MD5_DIGEST_SIZE) ;
+    hashGetHash((wolfssl_TI_Hash *)md5, hash, SHAMD5_ALGO_MD5, MD5_DIGEST_SIZE) ;
+}
+
+WOLFSSL_API void wc_Md5RestorePos(Md5* m1, Md5* m2) {
+	hashRestorePos((wolfssl_TI_Hash *)m1, (wolfssl_TI_Hash *)m2) ;
 }
 
 WOLFSSL_API int wc_Md5Hash(const byte*data, word32 len, byte*hash)
@@ -200,6 +208,10 @@ WOLFSSL_API int wc_ShaGetHash(Sha* sha, byte* hash)
     return hashGetHash(sha, hash, SHAMD5_ALGO_SHA1, SHA_DIGEST_SIZE) ;
 }
 
+WOLFSSL_API void wc_ShaRestorePos(Sha* s1, Sha* s2) {
+	hashRestorePos((wolfssl_TI_Hash *)s1, (wolfssl_TI_Hash *)s2) ;
+}
+
 WOLFSSL_API int wc_ShaHash(const byte*data, word32 len, byte*hash)
 { 
     return hashHash(data, len, hash, SHAMD5_ALGO_SHA1, SHA_DIGEST_SIZE) ;
@@ -231,6 +243,10 @@ WOLFSSL_API int wc_Sha224GetHash(Sha224* sha224, byte* hash)
     return hashGetHash(sha224, hash, SHAMD5_ALGO_SHA224, SHA224_DIGEST_SIZE) ;
 }
 
+WOLFSSL_API void wc_Sha224RestorePos(Sha224* s1, Sha224* s2) {
+	hashRestorePos((wolfssl_TI_Hash *)s1, (wolfssl_TI_Hash *)s2) ;
+}
+
 WOLFSSL_API int wc_Sha224Hash(const byte* data, word32 len, byte*hash)
 { 
     return hashHash(data, len, hash, SHAMD5_ALGO_SHA224, SHA224_DIGEST_SIZE) ;
@@ -262,6 +278,10 @@ WOLFSSL_API int wc_Sha256GetHash(Sha256* sha256, byte* hash)
     return hashGetHash(sha256, hash, SHAMD5_ALGO_SHA256, SHA256_DIGEST_SIZE) ;
 }
 
+WOLFSSL_API void wc_Sha256RestorePos(Sha256* s1, Sha256* s2) {
+	hashRestorePos((wolfssl_TI_Hash *)s1, (wolfssl_TI_Hash *)s2) ;
+}
+
 WOLFSSL_API int wc_Sha256Hash(const byte* data, word32 len, byte*hash)
 {
     return hashHash(data, len, hash, SHAMD5_ALGO_SHA256, SHA256_DIGEST_SIZE) ;
diff --git a/wolfssl/wolfcrypt/hash.h b/wolfssl/wolfcrypt/hash.h
index bbc2d8b95..ad1062809 100644
--- a/wolfssl/wolfcrypt/hash.h
+++ b/wolfssl/wolfcrypt/hash.h
@@ -23,13 +23,19 @@
 #define WOLF_CRYPT_HASH_H
 
 #ifndef NO_MD5
+#include <wolfssl/wolfcrypt/md5.h>
 WOLFSSL_API void wc_Md5GetHash(Md5*, byte*);
+WOLFSSL_API void wc_Md5RestorePos(Md5*, Md5*) ;
 #endif
 #ifndef NO_SHA
+#include <wolfssl/wolfcrypt/sha.h>
 WOLFSSL_API int wc_ShaGetHash(Sha*, byte*);
+WOLFSSL_API void wc_ShaRestorePos(Sha*, Sha*) ;
 #endif
 #ifndef NO_SHA256
+#include <wolfssl/wolfcrypt/sha256.h>
 WOLFSSL_API int wc_Sha256GetHash(Sha256*, byte*);
+WOLFSSL_API void wc_Sha256RestorePos(Sha256*, Sha256*) ;
 #endif
 
 #endif

From ae749f727dde6b7f4d287ad65b9dbfd241d5c0e1 Mon Sep 17 00:00:00 2001
From: Takashi Kojo <kojo@wolfssl.com>
Date: Thu, 18 Jun 2015 14:27:52 +0900
Subject: [PATCH 144/350] IAR_ARM block in settings.h

---
 wolfssl/wolfcrypt/settings.h | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h
index f59ef5180..8148c40a2 100644
--- a/wolfssl/wolfcrypt/settings.h
+++ b/wolfssl/wolfcrypt/settings.h
@@ -153,6 +153,17 @@
     #define NO_FILESYSTEM
 #endif
 
+#if defined(WOLFSSL_IAR_ARM)
+    #define NO_MAIN_DRIVER
+    #define SINGLE_THREADED
+    #define USE_CERT_BUFFERS_1024
+    #define BENCH_EMBEDDED
+    #define NO_FILESYSTEM
+    #define NO_WRITEV
+    #define WOLFSSL_USER_IO
+    #define  BENCH_EMBEDDED
+#endif
+
 #ifdef MICROCHIP_PIC32
     /* #define WOLFSSL_MICROCHIP_PIC32MZ */
     #define SIZEOF_LONG_LONG 8

From fa9d6428fc4c2ac931cd400b4a71d69731a83ddd Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Thu, 18 Jun 2015 10:14:55 -0700
Subject: [PATCH 145/350] add hash.c to vcprojs

---
 IDE/WIN/wolfssl-fips.vcxproj | 1 +
 wolfssl-ntru.vcproj          | 4 ++++
 wolfssl.vcproj               | 4 ++++
 wolfssl.vcxproj              | 3 ++-
 4 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/IDE/WIN/wolfssl-fips.vcxproj b/IDE/WIN/wolfssl-fips.vcxproj
index 04c22c407..b1a68ebac 100644
--- a/IDE/WIN/wolfssl-fips.vcxproj
+++ b/IDE/WIN/wolfssl-fips.vcxproj
@@ -272,6 +272,7 @@
     <ClCompile Include="..\..\wolfcrypt\src\dsa.c" />
     <ClCompile Include="..\..\wolfcrypt\src\ecc.c" />
     <ClCompile Include="..\..\wolfcrypt\src\error.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\hash.c" />
     <ClCompile Include="..\..\wolfcrypt\src\hc128.c" />
     <ClCompile Include="..\..\wolfcrypt\src\hmac.c" />
     <ClCompile Include="..\..\wolfcrypt\src\integer.c" />
diff --git a/wolfssl-ntru.vcproj b/wolfssl-ntru.vcproj
index 9af066aa5..3d295f660 100755
--- a/wolfssl-ntru.vcproj
+++ b/wolfssl-ntru.vcproj
@@ -202,6 +202,10 @@
 				RelativePath=".\wolfcrypt\src\error.c"
 				>
 			</File>
+			<File
+				RelativePath=".\wolfcrypt\src\hash.c"
+				>
+			</File>
 			<File
 				RelativePath=".\wolfcrypt\src\hc128.c"
 				>
diff --git a/wolfssl.vcproj b/wolfssl.vcproj
index b4db8ba89..b4a4543ad 100755
--- a/wolfssl.vcproj
+++ b/wolfssl.vcproj
@@ -199,6 +199,10 @@
 				RelativePath=".\wolfcrypt\src\error.c"
 				>
 			</File>
+			<File
+				RelativePath=".\wolfcrypt\src\hash.c"
+				>
+			</File>
 			<File
 				RelativePath=".\wolfcrypt\src\hc128.c"
 				>
diff --git a/wolfssl.vcxproj b/wolfssl.vcxproj
index 8a95297e1..24b29bb81 100644
--- a/wolfssl.vcxproj
+++ b/wolfssl.vcxproj
@@ -287,6 +287,7 @@
     <ClCompile Include="wolfcrypt\src\dsa.c" />
     <ClCompile Include="wolfcrypt\src\ecc.c" />
     <ClCompile Include="wolfcrypt\src\error.c" />
+    <ClCompile Include="wolfcrypt\src\hash.c" />
     <ClCompile Include="wolfcrypt\src\hc128.c" />
     <ClCompile Include="wolfcrypt\src\hmac.c" />
     <ClCompile Include="wolfcrypt\src\integer.c" />
@@ -329,4 +330,4 @@
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
   <ImportGroup Label="ExtensionTargets">
   </ImportGroup>
-</Project>
\ No newline at end of file
+</Project>

From 63e2b29a0858842ae66d6ee0a966fca1df0c2ccb Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Thu, 18 Jun 2015 10:49:08 -0700
Subject: [PATCH 146/350] update ti-rtos package for pull request file renames

---
 tirtos/include.am | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tirtos/include.am b/tirtos/include.am
index 03f87e4bf..0e2f7a902 100644
--- a/tirtos/include.am
+++ b/tirtos/include.am
@@ -9,12 +9,12 @@ EXTRA_DIST += \
          tirtos/packages/ti/net/wolfssl/package.bld \
          tirtos/packages/ti/net/wolfssl/package.xdc \
          tirtos/packages/ti/net/wolfssl/package.xs \
-         tirtos/packages/ti/net/wolfssl/tests/EK_TM4C1294XL/wolfcrypt/test/package.bld \
+         tirtos/packages/ti/net/wolfssl/tests/EK_TM4C1294XL/wolfcrypt/test/package.bld.hide \
          tirtos/packages/ti/net/wolfssl/tests/EK_TM4C1294XL/wolfcrypt/test/package.xdc \
          tirtos/packages/ti/net/wolfssl/tests/EK_TM4C1294XL/wolfcrypt/test/test.cfg \
          tirtos/packages/ti/net/wolfssl/tests/EK_TM4C1294XL/wolfcrypt/test/TM4C1294NC.icf \
          tirtos/packages/ti/net/wolfssl/tests/EK_TM4C1294XL/wolfcrypt/test/main.c \
-         tirtos/packages/ti/net/wolfssl/tests/EK_TM4C1294XL/wolfcrypt/benchmark/package.bld \
+         tirtos/packages/ti/net/wolfssl/tests/EK_TM4C1294XL/wolfcrypt/benchmark/package.bld.hide \
          tirtos/packages/ti/net/wolfssl/tests/EK_TM4C1294XL/wolfcrypt/benchmark/package.xdc \
          tirtos/packages/ti/net/wolfssl/tests/EK_TM4C1294XL/wolfcrypt/benchmark/benchmark.cfg \
         tirtos/packages/ti/net/wolfssl/tests/EK_TM4C1294XL/wolfcrypt/benchmark/TM4C1294NC.icf \

From 6cad1949b4de337f75969ac5977a2923a41e6465 Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Thu, 18 Jun 2015 11:12:35 -0700
Subject: [PATCH 147/350] if NO_SHA don't run external script tests

---
 examples/client/client.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/examples/client/client.c b/examples/client/client.c
index 38ef59383..5838c67b9 100644
--- a/examples/client/client.c
+++ b/examples/client/client.c
@@ -495,6 +495,10 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
             done = 1;
         #endif
 
+        #ifdef NO_SHA
+            done = 1;  /* external cert chain most likely has SHA */
+        #endif
+
         if (done) {
             printf("external test can't be run in this mode");
 

From fe39cd34b9a22ada9d797695b6a6df4bd796124e Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Thu, 18 Jun 2015 11:18:51 -0700
Subject: [PATCH 148/350] bump version

---
 configure.ac       | 4 ++--
 rpm/spec.in        | 1 +
 support/wolfssl.pc | 2 +-
 wolfssl/version.h  | 4 ++--
 4 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/configure.ac b/configure.ac
index 4623799ed..ba2393a07 100644
--- a/configure.ac
+++ b/configure.ac
@@ -6,7 +6,7 @@
 #
 #
 
-AC_INIT([wolfssl],[3.4.9],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[http://www.wolfssl.com])
+AC_INIT([wolfssl],[3.5.0],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[http://www.wolfssl.com])
 
 AC_CONFIG_AUX_DIR([build-aux])
 
@@ -31,7 +31,7 @@ AC_CONFIG_MACRO_DIR([m4])
 AC_CONFIG_HEADERS([config.h:config.in])dnl Keep filename to 8.3 for MS-DOS.
 
 #shared library versioning
-WOLFSSL_LIBRARY_VERSION=0:1:0
+WOLFSSL_LIBRARY_VERSION=0:2:0
 #                       | | |
 #                +------+ | +---+
 #                |        |     |
diff --git a/rpm/spec.in b/rpm/spec.in
index a68ab9c39..e1878ded7 100644
--- a/rpm/spec.in
+++ b/rpm/spec.in
@@ -187,6 +187,7 @@ mkdir -p $RPM_BUILD_ROOT/
 %{_includedir}/wolfssl/wolfcrypt/fe_operations.h
 %{_includedir}/wolfssl/wolfcrypt/fips_test.h
 %{_includedir}/wolfssl/wolfcrypt/ge_operations.h
+%{_includedir}/wolfssl/wolfcrypt/hash.h
 %{_includedir}/wolfssl/wolfcrypt/hc128.h
 %{_includedir}/wolfssl/wolfcrypt/hmac.h
 %{_includedir}/wolfssl/wolfcrypt/integer.h
diff --git a/support/wolfssl.pc b/support/wolfssl.pc
index 1d641e333..82994504c 100644
--- a/support/wolfssl.pc
+++ b/support/wolfssl.pc
@@ -5,6 +5,6 @@ includedir=${prefix}/include
 
 Name: wolfssl
 Description: wolfssl C library.
-Version: 3.4.9
+Version: 3.5.0
 Libs: -L${libdir} -lwolfssl
 Cflags: -I${includedir}
diff --git a/wolfssl/version.h b/wolfssl/version.h
index 6d44785a9..f6b54952a 100644
--- a/wolfssl/version.h
+++ b/wolfssl/version.h
@@ -26,8 +26,8 @@
 extern "C" {
 #endif
 
-#define LIBWOLFSSL_VERSION_STRING "3.4.9"
-#define LIBWOLFSSL_VERSION_HEX 0x03004009
+#define LIBWOLFSSL_VERSION_STRING "3.5.0"
+#define LIBWOLFSSL_VERSION_HEX 0x03005000
 
 #ifdef __cplusplus
 }

From eee50cf42e29c0de8cc5e7e732606533c94020e7 Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Thu, 18 Jun 2015 11:21:13 -0700
Subject: [PATCH 149/350] update rpm version

---
 rpm/spec.in | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rpm/spec.in b/rpm/spec.in
index e1878ded7..1e291ddbf 100644
--- a/rpm/spec.in
+++ b/rpm/spec.in
@@ -69,7 +69,7 @@ mkdir -p $RPM_BUILD_ROOT/
 %{_libdir}/libwolfssl.la
 %{_libdir}/libwolfssl.so
 %{_libdir}/libwolfssl.so.0
-%{_libdir}/libwolfssl.so.0.0.1
+%{_libdir}/libwolfssl.so.0.0.2
 
 %files devel
 %defattr(-,root,root,-)

From 48a42e1a7506593528ce4d27495a91b3ac6be9b3 Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Thu, 18 Jun 2015 16:58:59 -0700
Subject: [PATCH 150/350] prepare release

---
 README             | 32 ++++++++++++++++++++++++--------
 configure.ac       |  2 +-
 support/wolfssl.pc |  2 +-
 wolfssl/version.h  |  4 ++--
 4 files changed, 28 insertions(+), 12 deletions(-)

diff --git a/README b/README
index f5c77acc5..b7948c4ef 100644
--- a/README
+++ b/README
@@ -34,17 +34,33 @@ before calling wolfSSL_new();  Though it's not recommended.
 
 *** end Notes ***
 
+wolfSSL (Formerly CyaSSL) Release 3.6.0 (06/19/2015)
+
+Release 3.6.0 of wolfSSL has bug fixes and new features including:
+
+- Max Strength build that only allows TLSv1.2, AEAD ciphers, and PFS (Perfect
+   Forward Secrecy).  With --enable-maxstrength
+- Server side session ticket support, the example server and echosever use the
+   example callback myTicketEncCb(), see wolfSSL_CTX_set_TicketEncCb()
+- FIPS version submitted for iOS.
+- TI Crypto Hardware Acceleration
+- DTLS fragmentation fixes
+- ECC key check validation with wc_ecc_check_key()
+- 32bit code options to reduce memory for Curve25519 and Ed25519
+- wolfSSL JNI build switch with --enable-jni
+- PicoTCP support improvements
+- DH min ephemeral key size enforcement with wolfSSL_CTX_SetMinDhKey_Sz()
+- KEEP_PEER_CERT and AltNames can now be used together
+- ChaCha20 big endian fix
+- SHA-512 signature algorithm support for key exchange and verify messages
+- ECC make key crash fix on RNG failure, ECC users must update.
+- Improvements to usage of time code.
+- Improvements to VS solution files.
 - GNU Binutils 2.24 ld has problems with some debug builds, to fix an ld error
   add -fdebug-types-section to C_EXTRA_FLAGS
 
-wolfSSL (Formerly CyaSSL) Release 3.4.8 (04/06/2015)
-
-Release 3.4.8 of wolfSSL has bug fixes and new features including:
-
-- FIPS version submitted for iOS.
-- Max Strength build that only allows TLSv1.2, AEAD ciphers, and PFS.
-- Improvements to usage of time code.
-- Improvements to VS solution files.
+- No high level security fixes that requires an update though we always
+  recommend updating to the latest (except note 14, ecc RNG failure)
 
 See INSTALL file for build instructions.
 More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html
diff --git a/configure.ac b/configure.ac
index ba2393a07..4b6d3314d 100644
--- a/configure.ac
+++ b/configure.ac
@@ -6,7 +6,7 @@
 #
 #
 
-AC_INIT([wolfssl],[3.5.0],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[http://www.wolfssl.com])
+AC_INIT([wolfssl],[3.6.0],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[http://www.wolfssl.com])
 
 AC_CONFIG_AUX_DIR([build-aux])
 
diff --git a/support/wolfssl.pc b/support/wolfssl.pc
index 82994504c..277eb17bb 100644
--- a/support/wolfssl.pc
+++ b/support/wolfssl.pc
@@ -5,6 +5,6 @@ includedir=${prefix}/include
 
 Name: wolfssl
 Description: wolfssl C library.
-Version: 3.5.0
+Version: 3.6.0
 Libs: -L${libdir} -lwolfssl
 Cflags: -I${includedir}
diff --git a/wolfssl/version.h b/wolfssl/version.h
index f6b54952a..b163a0a3d 100644
--- a/wolfssl/version.h
+++ b/wolfssl/version.h
@@ -26,8 +26,8 @@
 extern "C" {
 #endif
 
-#define LIBWOLFSSL_VERSION_STRING "3.5.0"
-#define LIBWOLFSSL_VERSION_HEX 0x03005000
+#define LIBWOLFSSL_VERSION_STRING "3.6.0"
+#define LIBWOLFSSL_VERSION_HEX 0x03006000
 
 #ifdef __cplusplus
 }

From 45a3838433119b620ed0a214c7369ccef632f82b Mon Sep 17 00:00:00 2001
From: Takashi Kojo <kojo@wolfssl.com>
Date: Sat, 20 Jun 2015 10:59:08 +0900
Subject: [PATCH 151/350] missed wolfSSL_TI_CCMInit in wc_xxxHash

---
 wolfcrypt/src/port/ti/ti-hash.c | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/wolfcrypt/src/port/ti/ti-hash.c b/wolfcrypt/src/port/ti/ti-hash.c
index c60f86423..59edd3b0a 100644
--- a/wolfcrypt/src/port/ti/ti-hash.c
+++ b/wolfcrypt/src/port/ti/ti-hash.c
@@ -61,6 +61,7 @@ bool wolfSSL_TI_CCMInit(void) { return true ; }
 #endif
 
 static int hashInit(wolfssl_TI_Hash *hash) {
+    if(!wolfSSL_TI_CCMInit())return  ;
     hash->used = 0 ;
     hash->msg  = 0 ;
     hash->len  = 0 ;
@@ -154,7 +155,6 @@ WOLFSSL_API void wc_InitMd5(Md5* md5)
 {
     if (md5 == NULL)
         return ;
-    if(!wolfSSL_TI_CCMInit())return  ;
     hashInit((wolfssl_TI_Hash *)md5) ;
 }
 
@@ -189,7 +189,6 @@ WOLFSSL_API int wc_InitSha(Sha* sha)
 {
     if (sha == NULL)
         return 1 ;
-    if(!wolfSSL_TI_CCMInit())return 1 ;
     return hashInit((wolfssl_TI_Hash *)sha) ;
 }
 
@@ -224,7 +223,6 @@ WOLFSSL_API int wc_InitSha224(Sha224* sha224)
 {
     if (sha224 == NULL)
         return 1 ;
-    if(!wolfSSL_TI_CCMInit())return 1 ;
     return hashInit((wolfssl_TI_Hash *)sha224) ;
 }
 
@@ -259,7 +257,6 @@ WOLFSSL_API int wc_InitSha256(Sha256* sha256)
 {
     if (sha256 == NULL)
         return 1 ;
-    if(!wolfSSL_TI_CCMInit())return 1 ;
     return hashInit((wolfssl_TI_Hash *)sha256) ;
 }
 

From b54dc09971649dbe5839b8b3d2f3ec173030b463 Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Fri, 19 Jun 2015 22:21:27 -0700
Subject: [PATCH 152/350] updated fips-check to cover all builds

---
 fips-check.sh | 77 +++++++++++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 74 insertions(+), 3 deletions(-)

diff --git a/fips-check.sh b/fips-check.sh
index c2d6e98dd..d47cb1c32 100755
--- a/fips-check.sh
+++ b/fips-check.sh
@@ -5,22 +5,86 @@
 # previous release of the FIPS code. While wolfSSL and wolfCrypt
 # may be advancing, they must work correctly with the last tested
 # copy of our FIPS approved code.
+#
+# This should check out all the approved versions. The command line
+# option selects the version.
+#
+#     $ ./fips-check [version]
+#
+#     - version: linux (default), ios, android, windows
+#
+
+function Usage() {
+    echo "Usage: $0 [platform]"
+    echo "Where \"platform\" is one of linux (default), ios, android, windows"
+}
+
+LINUX_FIPS_VERSION=v3.2.6
+LINUX_FIPS_REPO=git@github.com:wolfSSL/fips.git
+LINUX_CTAO_VERSION=v3.2.6
+LINUX_CTAO_REPO=git@github.com:cyassl/cyassl.git
+
+IOS_FIPS_VERSION=v3.4.8a
+IOS_FIPS_REPO=git@github.com:wolfSSL/fips.git
+IOS_CTAO_VERSION=v3.4.8.fips
+IOS_CTAO_REPO=git@github.com:cyassl/cyassl.git
+
+ANDROID_FIPS_VERSION=v3.5.0
+ANDROID_FIPS_REPO=git@github.com:wolfSSL/fips.git
+ANDROID_CTAO_VERSION=v3.5.0
+ANDROID_CTAO_REPO=git@github.com:cyassl/cyassl.git
+
+#WINDOWS_FIPS_VERSION=v3.6.0
+WINDOWS_FIPS_VERSION=master
+WINDOWS_FIPS_REPO=git@github.com:wolfSSL/fips.git
+WINDOWS_CTAO_VERSION=v3.6.0
+WINDOWS_CTAO_REPO=git@github.com:cyassl/cyassl.git
 
-FIPS_VERSION=v3.2.6
-FIPS_REPO=git@github.com:wolfSSL/fips.git
 FIPS_SRCS=( fips.c fips_test.c )
 WC_MODS=( aes des3 sha sha256 sha512 rsa hmac random )
 TEST_DIR=XXX-fips-test
 WC_INC_PATH=cyassl/ctaocrypt
 WC_SRC_PATH=ctaocrypt/src
 
+if [ "x$1" == "x" ]; then PLATFORM="linux"; else PLATFORM=$1; fi
+
+case $PLATFORM in
+ios)
+  FIPS_VERSION=$IOS_FIPS_VERSION
+  FIPS_REPO=$IOS_FIPS_REPO
+  CTAO_VERSION=$IOS_CTAO_VERSION
+  CTAO_REPO=$IOS_CTAO_REPO
+  ;;
+android)
+  FIPS_VERSION=$ANDROID_FIPS_VERSION
+  FIPS_REPO=$ANDROID_FIPS_REPO
+  CTAO_VERSION=$ANDROID_CTAO_VERSION
+  CTAO_REPO=$ANDROID_CTAO_REPO
+  ;;
+windows)
+  FIPS_VERSION=$WINDOWS_FIPS_VERSION
+  FIPS_REPO=$WINDOWS_FIPS_REPO
+  CTAO_VERSION=$WINDOWS_CTAO_VERSION
+  CTAO_REPO=$WINDOWS_CTAO_REPO
+  ;;
+linux)
+  FIPS_VERSION=$LINUX_FIPS_VERSION
+  FIPS_REPO=$LINUX_FIPS_REPO
+  CTAO_VERSION=$LINUX_CTAO_VERSION
+  CTAO_REPO=$LINUX_CTAO_REPO
+  ;;
+*)
+  Usage
+  exit 1
+esac
+
 git clone . $TEST_DIR
 [ $? -ne 0 ] && echo -e "\n\nCouldn't duplicate current working directory.\n\n" && exit 1
 
 pushd $TEST_DIR
 
 # make a clone of the last FIPS release tag
-git clone -b $FIPS_VERSION . old-tree
+git clone -b $CTAO_VERSION $CTAO_REPO old-tree
 [ $? -ne 0 ] && echo -e "\n\nCouldn't checkout the FIPS release.\n\n" && exit 1
 
 for MOD in ${WC_MODS[@]}
@@ -29,6 +93,13 @@ do
     cp old-tree/$WC_INC_PATH/${MOD}.h $WC_INC_PATH
 done
 
+# The following is temporary. We are using random.c from a separate release
+pushd old-tree
+git checkout v3.6.0
+popd
+cp old-tree/$WC_SRC_PATH/random.c $WC_SRC_PATH
+cp old-tree/$WC_INC_PATH/random.h $WC_INC_PATH
+
 # clone the FIPS repository
 git clone -b $FIPS_VERSION $FIPS_REPO fips
 [ $? -ne 0 ] && echo -e "\n\nCouldn't checkout the FIPS repository.\n\n" && exit 1

From 075370a39ce5f76dd212fb60311f4c7a80866f2c Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Sat, 20 Jun 2015 14:57:31 -0700
Subject: [PATCH 153/350] update automake includes to limit which files are
 added from the IDE sub-directories

---
 IDE/WIN/include.am | 8 ++++++++
 IDE/iOS/include.am | 7 +++++++
 IDE/include.am     | 8 ++++++++
 Makefile.am        | 2 +-
 4 files changed, 24 insertions(+), 1 deletion(-)
 create mode 100644 IDE/WIN/include.am
 create mode 100644 IDE/iOS/include.am
 create mode 100644 IDE/include.am

diff --git a/IDE/WIN/include.am b/IDE/WIN/include.am
new file mode 100644
index 000000000..ac6560514
--- /dev/null
+++ b/IDE/WIN/include.am
@@ -0,0 +1,8 @@
+# vim:ft=automake
+# included from Top Level Makefile.am
+# All paths should be given relative to the root
+
+EXTRA_DIST+= IDE/WIN/README.txt
+EXTRA_DIST+= IDE/WIN/test.vcxproj
+EXTRA_DIST+= IDE/WIN/wolfssl-fips.sln
+EXTRA_DIST+= IDE/WIN/wolfssl-fips.vcxproj
diff --git a/IDE/iOS/include.am b/IDE/iOS/include.am
new file mode 100644
index 000000000..504b4d19c
--- /dev/null
+++ b/IDE/iOS/include.am
@@ -0,0 +1,7 @@
+# vim:ft=automake
+# included from Top Level Makefile.am
+# All paths should be given relative to the root
+
+EXTRA_DIST+= IDE/iOS/README.md
+EXTRA_DIST+= IDE/iOS/wolfssl-FIPS.xcodeproj/project.pbxproj
+EXTRA_DIST+= IDE/iOS/wolfssl.xcodeproj/project.pbxproj
diff --git a/IDE/include.am b/IDE/include.am
new file mode 100644
index 000000000..7fe6e6a60
--- /dev/null
+++ b/IDE/include.am
@@ -0,0 +1,8 @@
+# vim:ft=automake
+# included from Top Level Makefile.am
+# All paths should be given relative to the root
+
+include IDE/WIN/include.am
+include IDE/iOS/include.am
+
+EXTRA_DIST+= IDE/IAR-EWARM IDE/MDK-ARM IDE/MDK5-ARM IDE/MYSQL
diff --git a/Makefile.am b/Makefile.am
index a47f19bf4..65b4d3d82 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -55,7 +55,6 @@ EXTRA_DIST+= wolfssl.sln
 EXTRA_DIST+= wolfssl64.sln
 EXTRA_DIST+= valgrind-error.sh
 EXTRA_DIST+= gencertbuf.pl
-EXTRA_DIST+= IDE
 EXTRA_DIST+= README.md
 EXTRA_DIST+= LICENSING
 EXTRA_DIST+= INSTALL
@@ -97,6 +96,7 @@ include mcapi/wolfssl.X/nbproject/include.am
 include mcapi/zlib.X/nbproject/include.am
 include tirtos/include.am
 include scripts/include.am
+include IDE/include.am
 
 if USE_VALGRIND
 TESTS_ENVIRONMENT=./valgrind-error.sh

From 9889dfb2fb71c5abbe647f92d95e3c865472823f Mon Sep 17 00:00:00 2001
From: kaleb-himes <kaleb@wolfssl.com>
Date: Mon, 22 Jun 2015 11:31:02 -0600
Subject: [PATCH 154/350] README edits

---
 README | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/README b/README
index b7948c4ef..c7245ecbc 100644
--- a/README
+++ b/README
@@ -5,17 +5,17 @@ wolfSSL now needs all examples and tests to be run from the wolfSSL home
 directory.  This is because it finds certs and keys from ./certs/.  Trying to
 maintain the ability to run each program from its own directory, the testsuite
 directory, the main directory (for make check/test), and for the various
-different project layouts (with or without config) was becoming harder and 
+different project layouts (with or without config) was becoming harder and
 harder.  Now to run testsuite just do:
 
 ./testsuite/testsuite
 
-or 
+or
 
 make check    (when using autoconf)
 
 On *nix or Windows the examples and testsuite will check to see if the current
-directory is the source directory and if so, attempt to change to the wolfSSL 
+directory is the source directory and if so, attempt to change to the wolfSSL
 home directory.  This should work in most setup cases, if not, just follow the
 beginning of the note and specify the full path.
 
@@ -40,7 +40,7 @@ Release 3.6.0 of wolfSSL has bug fixes and new features including:
 
 - Max Strength build that only allows TLSv1.2, AEAD ciphers, and PFS (Perfect
    Forward Secrecy).  With --enable-maxstrength
-- Server side session ticket support, the example server and echosever use the
+- Server side session ticket support, the example server and echoserver use the
    example callback myTicketEncCb(), see wolfSSL_CTX_set_TicketEncCb()
 - FIPS version submitted for iOS.
 - TI Crypto Hardware Acceleration

From 4b5cc6ebb3217b7d1d0537015ac49c94e925b6bc Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Mon, 22 Jun 2015 13:21:35 -0600
Subject: [PATCH 155/350] add hash.c to the iOS project files

---
 .../wolfssl-FIPS.xcodeproj/project.pbxproj    |  8 ++++++
 IDE/iOS/wolfssl.xcodeproj/project.pbxproj     | 28 +++++++++++++++++++
 2 files changed, 36 insertions(+)

diff --git a/IDE/iOS/wolfssl-FIPS.xcodeproj/project.pbxproj b/IDE/iOS/wolfssl-FIPS.xcodeproj/project.pbxproj
index 06011aecd..e24cc16eb 100644
--- a/IDE/iOS/wolfssl-FIPS.xcodeproj/project.pbxproj
+++ b/IDE/iOS/wolfssl-FIPS.xcodeproj/project.pbxproj
@@ -165,6 +165,8 @@
 		521648271A8AC2990062516A /* sha512.c in Sources */ = {isa = PBXBuildFile; fileRef = 5216481A1A8AC2990062516A /* sha512.c */; };
 		521648281A8AC2990062516A /* wolfcrypt_first.c in Sources */ = {isa = PBXBuildFile; fileRef = 5216481B1A8AC2990062516A /* wolfcrypt_first.c */; };
 		521648291A8AC2990062516A /* wolfcrypt_last.c in Sources */ = {isa = PBXBuildFile; fileRef = 5216481C1A8AC2990062516A /* wolfcrypt_last.c */; };
+		525BE5BA1B38853E0054BBCD /* hash.c in Sources */ = {isa = PBXBuildFile; fileRef = 525BE5B91B38853E0054BBCD /* hash.c */; };
+		525BE5BC1B3885750054BBCD /* hash.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 525BE5BB1B3885580054BBCD /* hash.h */; };
 /* End PBXBuildFile section */
 
 /* Begin PBXCopyFilesBuildPhase section */
@@ -174,6 +176,7 @@
 			dstPath = include/wolfssl/wolfcrypt;
 			dstSubfolderSpec = 7;
 			files = (
+				525BE5BC1B3885750054BBCD /* hash.h in CopyFiles */,
 				521646CD1A8A7FF30062516A /* aes.h in CopyFiles */,
 				521646CE1A8A7FF30062516A /* arc4.h in CopyFiles */,
 				521646CF1A8A7FF30062516A /* asn_public.h in CopyFiles */,
@@ -470,6 +473,8 @@
 		5216481A1A8AC2990062516A /* sha512.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = sha512.c; path = ../../ctaocrypt/src/sha512.c; sourceTree = "<group>"; };
 		5216481B1A8AC2990062516A /* wolfcrypt_first.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = wolfcrypt_first.c; path = ../../ctaocrypt/src/wolfcrypt_first.c; sourceTree = "<group>"; };
 		5216481C1A8AC2990062516A /* wolfcrypt_last.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = wolfcrypt_last.c; path = ../../ctaocrypt/src/wolfcrypt_last.c; sourceTree = "<group>"; };
+		525BE5B91B38853E0054BBCD /* hash.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = hash.c; path = ../../wolfcrypt/src/hash.c; sourceTree = "<group>"; };
+		525BE5BB1B3885580054BBCD /* hash.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = hash.h; path = ../../wolfssl/wolfcrypt/hash.h; sourceTree = "<group>"; };
 		52B1344D16F3C9E800C07B32 /* libwolfssl.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = libwolfssl.a; sourceTree = BUILT_PRODUCTS_DIR; };
 /* End PBXFileReference section */
 
@@ -582,6 +587,7 @@
 				5216466C1A8993770062516A /* ecc.h */,
 				5216466D1A8993770062516A /* error-crypt.h */,
 				5216466E1A8993770062516A /* fips_test.h */,
+				525BE5BB1B3885580054BBCD /* hash.h */,
 				5216466F1A8993770062516A /* hc128.h */,
 				521646701A8993770062516A /* hmac.h */,
 				521646721A8993770062516A /* integer.h */,
@@ -653,6 +659,7 @@
 				5216461A1A8992CC0062516A /* dsa.c */,
 				5216461B1A8992CC0062516A /* ecc.c */,
 				5216461C1A8992CC0062516A /* error.c */,
+				525BE5B91B38853E0054BBCD /* hash.c */,
 				5216461D1A8992CC0062516A /* hc128.c */,
 				5216461E1A8992CC0062516A /* hmac.c */,
 				5216461F1A8992CC0062516A /* integer.c */,
@@ -790,6 +797,7 @@
 				521648241A8AC2990062516A /* rsa.c in Sources */,
 				5216481D1A8AC2990062516A /* aes.c in Sources */,
 				5216481E1A8AC2990062516A /* des3.c in Sources */,
+				525BE5BA1B38853E0054BBCD /* hash.c in Sources */,
 				521648251A8AC2990062516A /* sha.c in Sources */,
 				521648271A8AC2990062516A /* sha512.c in Sources */,
 				521648201A8AC2990062516A /* fips.c in Sources */,
diff --git a/IDE/iOS/wolfssl.xcodeproj/project.pbxproj b/IDE/iOS/wolfssl.xcodeproj/project.pbxproj
index 0de405b73..96743a577 100644
--- a/IDE/iOS/wolfssl.xcodeproj/project.pbxproj
+++ b/IDE/iOS/wolfssl.xcodeproj/project.pbxproj
@@ -153,6 +153,8 @@
 		5216472A1A8A80100062516A /* types.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 521646BE1A8993F50062516A /* types.h */; };
 		5216472B1A8A80100062516A /* visibility.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 521646BF1A8993F50062516A /* visibility.h */; };
 		5216472C1A8A80100062516A /* wc_port.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 521646C01A8993F50062516A /* wc_port.h */; };
+		525BE5341B3869110054BBCD /* hash.c in Sources */ = {isa = PBXBuildFile; fileRef = 525BE5331B3869110054BBCD /* hash.c */; };
+		525BE5361B3869780054BBCD /* hash.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 525BE5351B3869430054BBCD /* hash.h */; };
 /* End PBXBuildFile section */
 
 /* Begin PBXCopyFilesBuildPhase section */
@@ -162,6 +164,7 @@
 			dstPath = include/wolfssl/wolfcrypt;
 			dstSubfolderSpec = 7;
 			files = (
+				525BE5361B3869780054BBCD /* hash.h in CopyFiles */,
 				521646CD1A8A7FF30062516A /* aes.h in CopyFiles */,
 				521646CE1A8A7FF30062516A /* arc4.h in CopyFiles */,
 				521646CF1A8A7FF30062516A /* asn_public.h in CopyFiles */,
@@ -446,6 +449,8 @@
 		521646BE1A8993F50062516A /* types.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = types.h; path = ../../cyassl/ctaocrypt/types.h; sourceTree = "<group>"; };
 		521646BF1A8993F50062516A /* visibility.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = visibility.h; path = ../../cyassl/ctaocrypt/visibility.h; sourceTree = "<group>"; };
 		521646C01A8993F50062516A /* wc_port.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = wc_port.h; path = ../../cyassl/ctaocrypt/wc_port.h; sourceTree = "<group>"; };
+		525BE5331B3869110054BBCD /* hash.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = hash.c; path = ../../wolfcrypt/src/hash.c; sourceTree = "<group>"; };
+		525BE5351B3869430054BBCD /* hash.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = hash.h; path = ../../wolfssl/wolfcrypt/hash.h; sourceTree = "<group>"; };
 		52B1344D16F3C9E800C07B32 /* libwolfssl.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = libwolfssl.a; sourceTree = BUILT_PRODUCTS_DIR; };
 /* End PBXFileReference section */
 
@@ -558,6 +563,7 @@
 				5216466C1A8993770062516A /* ecc.h */,
 				5216466D1A8993770062516A /* error-crypt.h */,
 				5216466E1A8993770062516A /* fips_test.h */,
+				525BE5351B3869430054BBCD /* hash.h */,
 				5216466F1A8993770062516A /* hc128.h */,
 				521646701A8993770062516A /* hmac.h */,
 				521646721A8993770062516A /* integer.h */,
@@ -628,6 +634,7 @@
 				5216461A1A8992CC0062516A /* dsa.c */,
 				5216461B1A8992CC0062516A /* ecc.c */,
 				5216461C1A8992CC0062516A /* error.c */,
+				525BE5331B3869110054BBCD /* hash.c */,
 				5216461D1A8992CC0062516A /* hc128.c */,
 				5216461E1A8992CC0062516A /* hmac.c */,
 				5216461F1A8992CC0062516A /* integer.c */,
@@ -752,6 +759,7 @@
 				521646341A8992CC0062516A /* asn.c in Sources */,
 				521646501A8992CC0062516A /* sha512.c in Sources */,
 				5216464A1A8992CC0062516A /* rabbit.c in Sources */,
+				525BE5341B3869110054BBCD /* hash.c in Sources */,
 				521646441A8992CC0062516A /* md5.c in Sources */,
 				5216460F1A89928E0062516A /* ssl.c in Sources */,
 				5216464D1A8992CC0062516A /* rsa.c in Sources */,
@@ -847,6 +855,17 @@
 				DSTROOT = /tmp/wolfssl_ios.dst;
 				GCC_PRECOMPILE_PREFIX_HEADER = NO;
 				GCC_PREFIX_HEADER = "";
+				GCC_PREPROCESSOR_DEFINITIONS = (
+					"DEBUG=1",
+					"$(inherited)",
+					IPHONE,
+					HAVE_HASHDRBG,
+					USE_FAST_MATH,
+					HAVE_HASHDRBG,
+					HAVE_AESGCM,
+					WOLFSSL_SHA512,
+					WOLFSSL_SHA384,
+				);
 				HEADER_SEARCH_PATHS = (
 					$SRCROOT,
 					$PROJECT_DIR/../..,
@@ -867,6 +886,15 @@
 				DSTROOT = /tmp/wolfssl_ios.dst;
 				GCC_PRECOMPILE_PREFIX_HEADER = NO;
 				GCC_PREFIX_HEADER = "";
+				GCC_PREPROCESSOR_DEFINITIONS = (
+					IPHONE,
+					HAVE_HASHDRBG,
+					USE_FAST_MATH,
+					HAVE_HASHDRBG,
+					HAVE_AESGCM,
+					WOLFSSL_SHA512,
+					WOLFSSL_SHA384,
+				);
 				HEADER_SEARCH_PATHS = (
 					$SRCROOT,
 					$PROJECT_DIR/../..,

From 57128a82abe8e3ed8ec497a19df61af4d02a95ec Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Mon, 22 Jun 2015 15:35:21 -0600
Subject: [PATCH 156/350] update README.md for v3.6.0

---
 README.md | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)

diff --git a/README.md b/README.md
index a490ac2ff..7b7d57ce8 100644
--- a/README.md
+++ b/README.md
@@ -38,6 +38,38 @@ before calling wolfSSL_new();  Though it's not recommended.
 - GNU Binutils 2.24 ld has problems with some debug builds, to fix an ld error
   add -fdebug-types-section to C_EXTRA_FLAGS
 
+#wolfSSL (Formerly CyaSSL) Release 3.6.0 (06/19/2015)
+
+##Release 3.6.0 of wolfSSL has bug fixes and new features including:
+
+- Max Strength build that only allows TLSv1.2, AEAD ciphers, and PFS (Perfect
+   Forward Secrecy).  With --enable-maxstrength
+- Server side session ticket support, the example server and echosever use the
+   example callback myTicketEncCb(), see wolfSSL_CTX_set_TicketEncCb()
+- FIPS version submitted for iOS.
+- TI Crypto Hardware Acceleration
+- DTLS fragmentation fixes
+- ECC key check validation with wc_ecc_check_key()
+- 32bit code options to reduce memory for Curve25519 and Ed25519
+- wolfSSL JNI build switch with --enable-jni
+- PicoTCP support improvements
+- DH min ephemeral key size enforcement with wolfSSL_CTX_SetMinDhKey_Sz()
+- KEEP_PEER_CERT and AltNames can now be used together
+- ChaCha20 big endian fix
+- SHA-512 signature algorithm support for key exchange and verify messages
+- ECC make key crash fix on RNG failure, ECC users must update.
+- Improvements to usage of time code.
+- Improvements to VS solution files.
+- GNU Binutils 2.24 ld has problems with some debug builds, to fix an ld error
+  add -fdebug-types-section to C_EXTRA_FLAGS
+
+- No high level security fixes that requires an update though we always
+  recommend updating to the latest (except note 14, ecc RNG failure)
+
+See INSTALL file for build instructions.
+More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html
+
+
 #wolfSSL (Formerly CyaSSL) Release 3.4.8 (04/06/2015)
 
 ##Release 3.4.8 of wolfSSL has bug fixes and new features including:

From c6e25917112b97c13bdd2bceac41ce313090a17b Mon Sep 17 00:00:00 2001
From: Takashi Kojo <kojo@wolfssl.com>
Date: Tue, 23 Jun 2015 17:39:15 +0900
Subject: [PATCH 157/350] Remove wornings

---
 wolfcrypt/src/port/ti/ti-aes.c     |  1 +
 wolfcrypt/src/port/ti/ti-ccm.c     |  8 ++++----
 wolfcrypt/src/port/ti/ti-des3.c    | 10 ++++++++--
 wolfcrypt/src/port/ti/ti-hash.c    |  3 ++-
 wolfssl/wolfcrypt/port/ti/ti-ccm.h | 12 +++++++++---
 5 files changed, 24 insertions(+), 10 deletions(-)

diff --git a/wolfcrypt/src/port/ti/ti-aes.c b/wolfcrypt/src/port/ti/ti-aes.c
index d38e7a3cb..fdf3c689b 100644
--- a/wolfcrypt/src/port/ti/ti-aes.c
+++ b/wolfcrypt/src/port/ti/ti-aes.c
@@ -250,6 +250,7 @@ static int AesAuthArgCheck(Aes* aes, byte* out, const byte* in, word32 inSz,
                               const byte* authTag, word32 authTagSz,
                               const byte* authIn, word32 authInSz, word32 *M,  word32 *L)
 {
+    (void) authInSz ;
     if((aes == NULL)||(nonce == NULL)||(authTag== NULL)||(authIn == NULL))
         return BAD_FUNC_ARG;
     if((inSz != 0) && ((out == NULL)||(in == NULL)))
diff --git a/wolfcrypt/src/port/ti/ti-ccm.c b/wolfcrypt/src/port/ti/ti-ccm.c
index 09705cfb8..2b25820c4 100644
--- a/wolfcrypt/src/port/ti/ti-ccm.c
+++ b/wolfcrypt/src/port/ti/ti-ccm.c
@@ -27,7 +27,7 @@
 
 #if defined(WOLFSSL_TI_CRYPT) ||  defined(WOLFSSL_TI_HASH)
 
-
+#include "wolfssl/wolfcrypt/port/ti/ti-ccm.h"
 #include <stdbool.h>
 #include <stdint.h>
 
@@ -44,7 +44,7 @@
 #define WAIT(stat) { volatile int i ; for(i=0; i<TIMEOUT; i++)if(stat)break ; if(i==TIMEOUT)return(false) ; }
 
 static bool ccm_init = false ;
-bool wolfSSL_TI_CCMInit(void)
+int wolfSSL_TI_CCMInit(void)
 {
     if(ccm_init)return true ;
     ccm_init = true ;
@@ -70,11 +70,11 @@ bool wolfSSL_TI_CCMInit(void)
 }
 
 #ifndef SINGLE_THREADED
-void wolfSSL_TI_lockCCM() {
+void wolfSSL_TI_lockCCM(void) {
     LockMutex(&TI_CCM_Mutex) ;
 }
 
-void wolfSSL_TI_unlockCCM() {
+void wolfSSL_TI_unlockCCM(void) {
     UnLockMutex(&TI_CCM_Mutex) ;
 }
 #endif
diff --git a/wolfcrypt/src/port/ti/ti-des3.c b/wolfcrypt/src/port/ti/ti-des3.c
index 21c61d310..04203e241 100644
--- a/wolfcrypt/src/port/ti/ti-des3.c
+++ b/wolfcrypt/src/port/ti/ti-des3.c
@@ -159,7 +159,10 @@ WOLFSSL_API int  wc_Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 s
 
 WOLFSSL_API int  wc_Des_CbcDecryptWithKey(byte* out, const byte* in, word32 sz,
                                           const byte* key, const byte* iv)
-{ return 0 ;}
+{   
+    (void)out; (void)in; (void)sz; (void)key; (void)iv ; 
+    return 0 ;
+}
 
 WOLFSSL_API int  wc_Des3_CbcEncrypt(Des3* des, byte* out, const byte* in, word32 sz)
 {   
@@ -173,7 +176,10 @@ WOLFSSL_API int  wc_Des3_CbcDecrypt(Des3* des, byte* out, const byte* in, word32
 
 WOLFSSL_API int  wc_Des3_CbcDecryptWithKey(byte* out, const byte* in, word32 sz,
                                                const byte* key, const byte* iv)
-{ return 0 ; }
+{ 
+     (void)out; (void)in; (void)sz; (void)key; (void)iv ; 
+     return 0 ;
+ }
 
 
 #endif /* WOLFSSL_TI_CRYPT */
diff --git a/wolfcrypt/src/port/ti/ti-hash.c b/wolfcrypt/src/port/ti/ti-hash.c
index 59edd3b0a..04e6650b6 100644
--- a/wolfcrypt/src/port/ti/ti-hash.c
+++ b/wolfcrypt/src/port/ti/ti-hash.c
@@ -44,6 +44,7 @@
 #include <wolfssl/wolfcrypt/port/ti/ti-hash.h>
 #include <wolfssl/wolfcrypt/port/ti/ti-ccm.h>
 #include <wolfssl/wolfcrypt/logging.h>
+#include <wolfssl/wolfcrypt/hash.h>
 
 #ifndef TI_DUMMY_BUILD
 #include "inc/hw_memmap.h"
@@ -61,7 +62,7 @@ bool wolfSSL_TI_CCMInit(void) { return true ; }
 #endif
 
 static int hashInit(wolfssl_TI_Hash *hash) {
-    if(!wolfSSL_TI_CCMInit())return  ;
+    if(!wolfSSL_TI_CCMInit())return 1 ;
     hash->used = 0 ;
     hash->msg  = 0 ;
     hash->len  = 0 ;
diff --git a/wolfssl/wolfcrypt/port/ti/ti-ccm.h b/wolfssl/wolfcrypt/port/ti/ti-ccm.h
index f0fb24799..8e75e0d3e 100644
--- a/wolfssl/wolfcrypt/port/ti/ti-ccm.h
+++ b/wolfssl/wolfcrypt/port/ti/ti-ccm.h
@@ -19,6 +19,9 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
  */
 
+#ifndef WOLF_CRYPT_TI_CCM_H
+#define WOLF_CRYPT_TI_CCM_H
+
 #ifdef HAVE_CONFIG_H
     #include <config.h>
 #endif
@@ -27,14 +30,17 @@
 
 #if defined(WOLFSSL_TI_CRYPT) ||  defined(WOLFSSL_TI_HASH)
 
-bool wolfSSL_TI_CCMInit(void) ;
+int wolfSSL_TI_CCMInit(void) ;
 
 #ifndef SINGLE_THREADED
-void wolfSSL_TI_lockCCM() ;
-void wolfSSL_TI_unlockCCM() ;
+void wolfSSL_TI_lockCCM(void) ;
+void wolfSSL_TI_unlockCCM(void) ;
 #else 
 #define wolfSSL_TI_lockCCM()
 #define wolfSSL_TI_unlockCCM()
 #endif
 
 #endif
+
+#endif
+

From a910daa8862beafb051d2af35ea27651b2e96816 Mon Sep 17 00:00:00 2001
From: Takashi Kojo <kojo@wolfssl.com>
Date: Wed, 24 Jun 2015 11:06:38 +0900
Subject: [PATCH 158/350] fixed arm-none-eabi-gcc type check on AESIVSet,
 AESKey1Set

---
 wolfcrypt/src/port/ti/ti-aes.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/wolfcrypt/src/port/ti/ti-aes.c b/wolfcrypt/src/port/ti/ti-aes.c
index fdf3c689b..91d11a590 100644
--- a/wolfcrypt/src/port/ti/ti-aes.c
+++ b/wolfcrypt/src/port/ti/ti-aes.c
@@ -89,8 +89,8 @@ static int  AesAlign16(Aes* aes, byte* out, const byte* in, word32 sz, word32 di
     ROM_AESReset(AES_BASE);
     ROM_AESConfigSet(AES_BASE, (aes->keylen | dir | 
                      (mode==AES_CFG_MODE_CTR_NOCTR ? AES_CFG_MODE_CTR : mode)));
-    ROM_AESIVSet(AES_BASE, aes->reg);
-    ROM_AESKey1Set(AES_BASE, aes->key, aes->keylen);
+    ROM_AESIVSet(AES_BASE, (uint32_t *)aes->reg);
+    ROM_AESKey1Set(AES_BASE, (uint32_t *)aes->key, aes->keylen);
     if((dir == AES_CFG_DIR_DECRYPT)&& (mode == AES_CFG_MODE_CBC))
         /* if input and output same will overwrite input iv */
         XMEMCPY(aes->tmp, in + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE);

From 1feac72b62d5b81a9c2d38464d89fcd03ddea54a Mon Sep 17 00:00:00 2001
From: Takashi Kojo <kojo@wolfssl.com>
Date: Wed, 24 Jun 2015 11:47:58 +0900
Subject: [PATCH 159/350] check InitMutex

---
 wolfcrypt/src/port/ti/ti-ccm.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/wolfcrypt/src/port/ti/ti-ccm.c b/wolfcrypt/src/port/ti/ti-ccm.c
index 2b25820c4..65a51350e 100644
--- a/wolfcrypt/src/port/ti/ti-ccm.c
+++ b/wolfcrypt/src/port/ti/ti-ccm.c
@@ -63,7 +63,7 @@ int wolfSSL_TI_CCMInit(void)
     WAIT(ROM_SysCtlPeripheralReady(SYSCTL_PERIPH_CCM0)) ;
     
 #ifndef SINGLE_THREADED
-    InitMutex(&TI_CCM_Mutex) ;
+    if(InitMutex(&TI_CCM_Mutex))return false ;
 #endif
 
     return true ;

From 309aadd3f30a2eb0b10e38846476afcd04b3f489 Mon Sep 17 00:00:00 2001
From: Takashi Kojo <kojo@wolfssl.com>
Date: Wed, 24 Jun 2015 14:12:40 +0900
Subject: [PATCH 160/350] TI-des3.c, type mismatch

---
 wolfcrypt/src/port/ti/ti-des3.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/wolfcrypt/src/port/ti/ti-des3.c b/wolfcrypt/src/port/ti/ti-des3.c
index 04203e241..2927a1b89 100644
--- a/wolfcrypt/src/port/ti/ti-des3.c
+++ b/wolfcrypt/src/port/ti/ti-des3.c
@@ -74,8 +74,8 @@ static int  DesCbcAlign16(Des* des, byte* out, const byte* in, word32 sz, word32
     wolfSSL_TI_lockCCM() ;
     ROM_DESReset(DES_BASE);
     ROM_DESConfigSet(DES_BASE, (dir | DES_CFG_MODE_CBC | tri));
-    ROM_DESIVSet(DES_BASE, des->reg);
-    ROM_DESKeySet(DES_BASE, des->key);
+    ROM_DESIVSet(DES_BASE, (uint32_t*)des->reg);
+    ROM_DESKeySet(DES_BASE,(uint32_t*)des->key);
     if(dir == DES_CFG_DIR_DECRYPT)
         /* if input and output same will overwrite input iv */
         XMEMCPY(des->tmp, in + sz - DES_BLOCK_SIZE, DES_BLOCK_SIZE);
@@ -161,7 +161,7 @@ WOLFSSL_API int  wc_Des_CbcDecryptWithKey(byte* out, const byte* in, word32 sz,
                                           const byte* key, const byte* iv)
 {   
     (void)out; (void)in; (void)sz; (void)key; (void)iv ; 
-    return 0 ;
+    return -1 ;
 }
 
 WOLFSSL_API int  wc_Des3_CbcEncrypt(Des3* des, byte* out, const byte* in, word32 sz)
@@ -178,7 +178,7 @@ WOLFSSL_API int  wc_Des3_CbcDecryptWithKey(byte* out, const byte* in, word32 sz,
                                                const byte* key, const byte* iv)
 { 
      (void)out; (void)in; (void)sz; (void)key; (void)iv ; 
-     return 0 ;
+     return -1 ;
  }
 
 

From 5ba35b1f649b96dbd61418600a6ecde655659390 Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Wed, 24 Jun 2015 11:16:18 -0600
Subject: [PATCH 161/350] force HAVE_HASHDRBG enabled in settings.h unless
 WOLFSSL_FORCE_RC4_DRBG flag set

---
 wolfssl/wolfcrypt/random.h   | 3 +++
 wolfssl/wolfcrypt/settings.h | 6 ++++++
 2 files changed, 9 insertions(+)

diff --git a/wolfssl/wolfcrypt/random.h b/wolfssl/wolfcrypt/random.h
index 192144324..989e53230 100644
--- a/wolfssl/wolfcrypt/random.h
+++ b/wolfssl/wolfcrypt/random.h
@@ -35,6 +35,9 @@
 #endif
 
 #ifndef HAVE_FIPS /* avoid redefining structs and macros */
+#if defined(WOLFSSL_FORCE_RC4_DRBG) && defined(NO_RC4)
+    #error Cannot have WOLFSSL_FORCE_RC4_DRBG and NO_RC4 defined.
+#endif /* WOLFSSL_FORCE_RC4_DRBG && NO_RC4 */
 #if defined(HAVE_HASHDRBG) || defined(NO_RC4)
     #ifdef NO_SHA256
         #error "Hash DRBG requires SHA-256."
diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h
index 57c404a54..af8e690ff 100644
--- a/wolfssl/wolfcrypt/settings.h
+++ b/wolfssl/wolfcrypt/settings.h
@@ -790,6 +790,12 @@
     #define NO_OLD_TLS
 #endif
 
+/* If not forcing to use ARC4 as the DRBG, always enable Hash_DRBG */
+#undef HAVE_HASHDRBG
+#ifndef WOLFSSL_FORCE_RC4_DRBG
+    #define HAVE_HASHDRBG
+#endif
+
 /* Place any other flags or defines here */
 
 

From 0525575fbf9bedb42e115774a915ad0d910def6d Mon Sep 17 00:00:00 2001
From: Vikram Adiga <vikram.adiga@ti.com>
Date: Wed, 24 Jun 2015 17:41:02 -0700
Subject: [PATCH 162/350] add IAR compiler option to ignore EWOULDBLOCK/EAGAIN
 warning for TI-RTOS

---
 tirtos/wolfssl.bld | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tirtos/wolfssl.bld b/tirtos/wolfssl.bld
index e7330e06f..1c1e55ef5 100644
--- a/tirtos/wolfssl.bld
+++ b/tirtos/wolfssl.bld
@@ -33,7 +33,7 @@
 
 var armOpts = " -ms ";
 var gnuOpts = " -D_POSIX_SOURCE ";
-var iarOpts = "";
+var iarOpts = " --diag_suppress=Pa134 ";
 var TivaWareDir = "";
 
 /* Uncomment the following lines to build libraries for debug mode: */

From 61c50b26d09f606d499b67cc00ac1224af7fe438 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= <moises@wolfssl.com>
Date: Thu, 25 Jun 2015 12:48:11 -0300
Subject: [PATCH 163/350] makes wolfSSL_SNI_GetFromBuffer() return
 SNI_UNSUPPORTED instead of BUFFER_ERROR for SSL v2.0 client hello buffers.

---
 src/tls.c   | 24 +++++++++++++++++++++++-
 tests/api.c | 24 ++++++++++++++++++++++++
 2 files changed, 47 insertions(+), 1 deletion(-)

diff --git a/src/tls.c b/src/tls.c
index f4c76d738..3e90df8ff 100644
--- a/src/tls.c
+++ b/src/tls.c
@@ -1108,8 +1108,30 @@ int TLSX_SNI_GetFromBuffer(const byte* clientHello, word32 helloSz,
         return INCOMPLETE_DATA;
 
     /* TLS record header */
-    if ((enum ContentType) clientHello[offset++] != handshake)
+    if ((enum ContentType) clientHello[offset++] != handshake) {
+
+        /* checking for SSLv2.0 client hello according to: */
+        /* http://tools.ietf.org/html/rfc4346#appendix-E.1 */
+        if ((enum HandShakeType) clientHello[++offset] == client_hello) {
+            offset += ENUM_LEN + VERSION_SZ; /* skip version */
+            
+            ato16(clientHello + offset, &len16);
+            offset += OPAQUE16_LEN;
+            
+            if (len16 % 3) /* cipher_spec_length must be multiple of 3 */
+                return BUFFER_ERROR;
+
+            ato16(clientHello + offset, &len16);
+            offset += OPAQUE16_LEN;
+            
+            if (len16 != 0) /* session_id_length must be 0 */
+                return BUFFER_ERROR;
+                        
+            return SNI_UNSUPPORTED;
+        }
+
         return BUFFER_ERROR;
+    }
 
     if (clientHello[offset++] != SSLv3_MAJOR)
         return BUFFER_ERROR;
diff --git a/tests/api.c b/tests/api.c
index 216a9addf..08e70d4ae 100644
--- a/tests/api.c
+++ b/tests/api.c
@@ -904,6 +904,14 @@ static void test_wolfSSL_SNI_GetFromBuffer(void)
         0x01, 0x04, 0x03, 0x05, 0x03, 0x02, 0x03, 0x04, 0x02, 0x02, 0x02, 0x00,
         0x12, 0x00, 0x00
     };
+    
+    byte buffer5[] = { /* SSL v2.0 client hello */
+        0x00, 0x2b, 0x01, 0x03, 0x01, 0x00, 0x09, 0x00, 0x00,
+        /* dummy bytes bellow, just to pass size check */
+        0xb6, 0x03, 0x03, 0x83, 0xa3, 0xe6, 0xdc, 0x16, 0xa1, 0x43, 0xe9, 0x45,
+        0x15, 0xbd, 0x64, 0xa9, 0xb6, 0x07, 0xb4, 0x50, 0xc6, 0xdd, 0xff, 0xc2,
+        0xd3, 0x0d, 0x4f, 0x36, 0xb4, 0x41, 0x51, 0x61, 0xc1, 0xa5, 0x9e, 0x00,
+    };
 
     byte result[32] = {0};
     word32 length   = 32;
@@ -944,6 +952,22 @@ static void test_wolfSSL_SNI_GetFromBuffer(void)
                                                            0, result, &length));
     result[length] = 0;
     AssertStrEQ("api.textmate.org", (const char*) result);
+
+    /* SSL v2.0 tests */
+    AssertIntEQ(SNI_UNSUPPORTED, wolfSSL_SNI_GetFromBuffer(buffer5,
+                                          sizeof(buffer5), 0, result, &length));
+
+    buffer5[2] = 0x02;
+    AssertIntEQ(BUFFER_ERROR, wolfSSL_SNI_GetFromBuffer(buffer5,
+                                          sizeof(buffer5), 0, result, &length));
+
+    buffer5[2] = 0x01; buffer5[6] = 0x08;
+    AssertIntEQ(BUFFER_ERROR, wolfSSL_SNI_GetFromBuffer(buffer5,
+                                          sizeof(buffer5), 0, result, &length));
+    
+    buffer5[6] = 0x09; buffer5[8] = 0x01;
+    AssertIntEQ(BUFFER_ERROR, wolfSSL_SNI_GetFromBuffer(buffer5,
+                                          sizeof(buffer5), 0, result, &length));
 }
 
 static void test_wolfSSL_client_server(callback_functions* client_callbacks,

From 8b324b94e9d80611da05e742c52a3681543d86fe Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Wed, 24 Jun 2015 11:49:30 -0600
Subject: [PATCH 164/350] removed some unused code due to an always true
 comparison

---
 wolfcrypt/src/pkcs7.c | 48 +++++++++++++++----------------------------
 1 file changed, 17 insertions(+), 31 deletions(-)

diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c
index 2f66ea216..84c26421a 100644
--- a/wolfcrypt/src/pkcs7.c
+++ b/wolfcrypt/src/pkcs7.c
@@ -1166,8 +1166,8 @@ WOLFSSL_LOCAL int wc_CreateRecipientInfo(const byte* cert, word32 certSz,
 /* build PKCS#7 envelopedData content type, return enveloped size */
 int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz)
 {
-    int i, ret = 0, idx = 0;
-    int totalSz = 0, padSz = 0, desOutSz = 0;
+    int i, ret, idx = 0;
+    int totalSz, padSz, desOutSz;
 
     int contentInfoSeqSz, outerContentTypeSz, outerContentSz;
     byte contentInfoSeq[MAX_SEQ_SZ];
@@ -1180,7 +1180,6 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz)
 
     RNG rng;
     int contentKeyEncSz, blockKeySz;
-    int dynamicFlag = 0;
     byte contentKeyPlain[MAX_CONTENT_KEY_LEN];
 #ifdef WOLFSSL_SMALL_STACK
     byte* contentKeyEnc;
@@ -1300,34 +1299,26 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz)
         return BAD_FUNC_ARG;
     }
 
-    /* allocate encrypted content buffer, pad if necessary, PKCS#7 padding */
+    /* allocate encrypted content buffer and PKCS#7 padding */
     padSz = DES_BLOCK_SIZE - (pkcs7->contentSz % DES_BLOCK_SIZE);
     desOutSz = pkcs7->contentSz + padSz;
 
-    if (padSz != 0) {
-        plain = (byte*)XMALLOC(desOutSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-        if (plain == NULL) {
+    plain = (byte*)XMALLOC(desOutSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    if (plain == NULL) {
 #ifdef WOLFSSL_SMALL_STACK
-            XFREE(recip, NULL, DYNAMMIC_TYPE_TMP_BUFFER);
+        XFREE(recip, NULL, DYNAMMIC_TYPE_TMP_BUFFER);
 #endif
-            return MEMORY_E;
-        }
-        XMEMCPY(plain, pkcs7->content, pkcs7->contentSz);
-        dynamicFlag = 1;
+        return MEMORY_E;
+    }
+    XMEMCPY(plain, pkcs7->content, pkcs7->contentSz);
 
-        for (i = 0; i < padSz; i++) {
-            plain[pkcs7->contentSz + i] = padSz;
-        }
-
-    } else {
-        plain = pkcs7->content;
-        desOutSz = pkcs7->contentSz;
+    for (i = 0; i < padSz; i++) {
+        plain[pkcs7->contentSz + i] = padSz;
     }
 
     encryptedContent = (byte*)XMALLOC(desOutSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     if (encryptedContent == NULL) {
-        if (dynamicFlag)
-            XFREE(plain, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        XFREE(plain, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #ifdef WOLFSSL_SMALL_STACK
         XFREE(recip, NULL, DYNAMMIC_TYPE_TMP_BUFFER);
 #endif
@@ -1344,8 +1335,7 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz)
 
     if (contentEncAlgoSz == 0) {
         XFREE(encryptedContent, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-        if (dynamicFlag)
-            XFREE(plain, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        XFREE(plain, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #ifdef WOLFSSL_SMALL_STACK
         XFREE(recip, NULL, DYNAMMIC_TYPE_TMP_BUFFER);
 #endif
@@ -1363,8 +1353,7 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz)
 
         if (ret != 0) {
             XFREE(encryptedContent, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-            if (dynamicFlag)
-                XFREE(plain, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+            XFREE(plain, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #ifdef WOLFSSL_SMALL_STACK
             XFREE(recip, NULL, DYNAMMIC_TYPE_TMP_BUFFER);
 #endif
@@ -1381,8 +1370,7 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz)
 
         if (ret != 0) {
             XFREE(encryptedContent, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-            if (dynamicFlag)
-                XFREE(plain, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+            XFREE(plain, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #ifdef WOLFSSL_SMALL_STACK
             XFREE(recip, NULL, DYNAMMIC_TYPE_TMP_BUFFER);
 #endif
@@ -1418,8 +1406,7 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz)
     if (totalSz > (int)outputSz) {
         WOLFSSL_MSG("Pkcs7_encrypt output buffer too small");
         XFREE(encryptedContent, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-        if (dynamicFlag)
-            XFREE(plain, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        XFREE(plain, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #ifdef WOLFSSL_SMALL_STACK
         XFREE(recip, NULL, DYNAMMIC_TYPE_TMP_BUFFER);
 #endif
@@ -1457,8 +1444,7 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz)
 
     ForceZero(contentKeyPlain, MAX_CONTENT_KEY_LEN);
 
-    if (dynamicFlag)
-        XFREE(plain, NULL, DYNAMMIC_TYPE_TMP_BUFFER);
+    XFREE(plain, NULL, DYNAMMIC_TYPE_TMP_BUFFER);
     XFREE(encryptedContent, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     
 #ifdef WOLFSSL_SMALL_STACK

From 91b3959063ef0ad13e975abea2b16f849b9cd99f Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Fri, 26 Jun 2015 11:56:21 -0600
Subject: [PATCH 165/350] fix uninitialized decoded cert in CertManagerVerify()

---
 src/ssl.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/src/ssl.c b/src/ssl.c
index 139e343f9..da689ae5b 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -2847,9 +2847,7 @@ int wolfSSL_CertManagerVerifyBuffer(WOLFSSL_CERT_MANAGER* cm, const byte* buff,
         info->consumed = 0;
 
         ret = PemToDer(buff, sz, CERT_TYPE, &der, cm->heap, info, &eccKey);
-
-        if (ret == 0)
-            InitDecodedCert(cert, der.buffer, der.length, cm->heap);
+        InitDecodedCert(cert, der.buffer, der.length, cm->heap);
 
     #ifdef WOLFSSL_SMALL_STACK
         XFREE(info, NULL, DYNAMIC_TYPE_TMP_BUFFER);

From d6047736e966d4a32771dab19270e3f9de775802 Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Wed, 1 Jul 2015 11:12:54 -0700
Subject: [PATCH 166/350] added GPL headers to the unit test driver files

---
 tests/unit.c | 21 ++++++++++++++++++++-
 tests/unit.h | 21 ++++++++++++++++++++-
 2 files changed, 40 insertions(+), 2 deletions(-)

diff --git a/tests/unit.c b/tests/unit.c
index d66f84cf7..73ae2bcd7 100644
--- a/tests/unit.c
+++ b/tests/unit.c
@@ -1,4 +1,23 @@
-/* unit.c unit tests driver */
+/* unit.c API unit tests driver
+ *
+ * Copyright (C) 2006-2015 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL. (formerly known as CyaSSL)
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
 
 /* Name change compatibility layer no longer need to be included here */
 
diff --git a/tests/unit.h b/tests/unit.h
index ab8fbc2ff..bccd6d2ce 100644
--- a/tests/unit.h
+++ b/tests/unit.h
@@ -1,4 +1,23 @@
-/* unit.h unit tests driver */
+/* unit.c API unit tests driver
+ *
+ * Copyright (C) 2006-2015 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL. (formerly known as CyaSSL)
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
 
 #ifndef CyaSSL_UNIT_H
 #define CyaSSL_UNIT_H

From afde172f288d484f693a25fcbb78643ddd288da0 Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Fri, 26 Jun 2015 10:48:54 -0600
Subject: [PATCH 167/350] added buffer version of CertManagerLoadCABuffer

---
 src/ssl.c     | 75 ++++++++++++++++++++++++++++++++++++---------------
 wolfssl/ssl.h |  2 ++
 2 files changed, 56 insertions(+), 21 deletions(-)

diff --git a/src/ssl.c b/src/ssl.c
index da689ae5b..22dd46165 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -2801,6 +2801,60 @@ static int ProcessChainBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
 }
 
 
+static INLINE WOLFSSL_METHOD* cm_pick_method(void)
+{
+    #ifndef NO_WOLFSSL_CLIENT
+        #ifdef NO_OLD_TLS
+            return wolfTLSv1_2_client_method();
+        #else
+            return wolfSSLv3_client_method();
+        #endif
+    #elif !defined(NO_WOLFSSL_SERVER)
+        #ifdef NO_OLD_TLS
+            return wolfTLSv1_2_server_method();
+        #else
+            return wolfSSLv3_server_method();
+        #endif
+    #else
+        return NULL;
+    #endif
+}
+
+
+/* like load verify locations, 1 for success, < 0 for error */
+int wolfSSL_CertManagerLoadCABuffer(WOLFSSL_CERT_MANAGER* cm,
+                                   const unsigned char* in, long sz, int format)
+{
+    int ret = SSL_FATAL_ERROR;
+    WOLFSSL_CTX* tmp;
+
+    WOLFSSL_ENTER("wolfSSL_CertManagerLoadCABuffer");
+
+    if (cm == NULL) {
+        WOLFSSL_MSG("No CertManager error");
+        return ret;
+    }
+    tmp = wolfSSL_CTX_new(cm_pick_method());
+
+    if (tmp == NULL) {
+        WOLFSSL_MSG("CTX new failed");
+        return ret;
+    }
+
+    /* for tmp use */
+    wolfSSL_CertManagerFree(tmp->cm);
+    tmp->cm = cm;
+
+    ret = wolfSSL_CTX_load_verify_buffer(tmp, in, sz, format);
+
+    /* don't loose our good one */
+    tmp->cm = NULL;
+    wolfSSL_CTX_free(tmp);
+
+    return ret;
+}
+
+
 /* Verify the ceritficate, SSL_SUCCESS for ok, < 0 for error */
 int wolfSSL_CertManagerVerifyBuffer(WOLFSSL_CERT_MANAGER* cm, const byte* buff,
                                    long sz, int format)
@@ -3337,26 +3391,6 @@ int wolfSSL_CertManagerVerify(WOLFSSL_CERT_MANAGER* cm, const char* fname,
 }
 
 
-static INLINE WOLFSSL_METHOD* cm_pick_method(void)
-{
-    #ifndef NO_WOLFSSL_CLIENT
-        #ifdef NO_OLD_TLS
-            return wolfTLSv1_2_client_method();
-        #else
-            return wolfSSLv3_client_method();
-        #endif      
-    #elif !defined(NO_WOLFSSL_SERVER)
-        #ifdef NO_OLD_TLS
-            return wolfTLSv1_2_server_method();
-        #else
-            return wolfSSLv3_server_method();
-        #endif
-    #else
-        return NULL;
-    #endif
-}
-
-
 /* like load verify locations, 1 for success, < 0 for error */
 int wolfSSL_CertManagerLoadCA(WOLFSSL_CERT_MANAGER* cm, const char* file,
                              const char* path)
@@ -3391,7 +3425,6 @@ int wolfSSL_CertManagerLoadCA(WOLFSSL_CERT_MANAGER* cm, const char* file,
 }
 
 
-
 /* turn on CRL if off and compiled in, set options */
 int wolfSSL_CertManagerEnableCRL(WOLFSSL_CERT_MANAGER* cm, int options)
 {
diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h
index 9c3ac84c9..2c10f895e 100644
--- a/wolfssl/ssl.h
+++ b/wolfssl/ssl.h
@@ -1202,6 +1202,8 @@ WOLFSSL_API void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl);
 
     WOLFSSL_API int wolfSSL_CertManagerLoadCA(WOLFSSL_CERT_MANAGER*, const char* f,
                                                                  const char* d);
+    WOLFSSL_API int wolfSSL_CertManagerLoadCABuffer(WOLFSSL_CERT_MANAGER*,
+                                  const unsigned char* in, long sz, int format);
     WOLFSSL_API int wolfSSL_CertManagerUnloadCAs(WOLFSSL_CERT_MANAGER* cm);
     WOLFSSL_API int wolfSSL_CertManagerVerify(WOLFSSL_CERT_MANAGER*, const char* f,
                                                                     int format);

From 1d663d3bff4dafae763bc5c2f33eca380573d544 Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Wed, 1 Jul 2015 12:24:11 -0700
Subject: [PATCH 168/350] merge conflict

---
 cyassl/openssl/ecdh.h          |    3 +
 cyassl/openssl/include.am      |    1 +
 rpm/spec.in                    |    2 +
 src/ssl.c                      | 2344 +++++++++++++++++++++++++++++---
 wolfcrypt/src/asn.c            |  114 +-
 wolfcrypt/src/ecc.c            | 1839 +++++++++++++++----------
 wolfcrypt/src/integer.c        |  177 ++-
 wolfcrypt/src/tfm.c            |  283 ++--
 wolfssl/openssl/bn.h           |   40 +-
 wolfssl/openssl/dsa.h          |    2 +
 wolfssl/openssl/ec.h           |  121 ++
 wolfssl/openssl/ecdh.h         |   23 +
 wolfssl/openssl/ecdsa.h        |   36 +
 wolfssl/openssl/evp.h          |    5 +
 wolfssl/openssl/include.am     |    1 +
 wolfssl/openssl/opensslv.h     |    2 +-
 wolfssl/openssl/pem.h          |   55 +-
 wolfssl/openssl/ssl.h          |    4 +
 wolfssl/ssl.h                  |    4 +
 wolfssl/wolfcrypt/asn.h        |    1 +
 wolfssl/wolfcrypt/asn_public.h |    5 +-
 wolfssl/wolfcrypt/dsa.h        |    3 +
 wolfssl/wolfcrypt/ecc.h        |   29 +-
 wolfssl/wolfcrypt/integer.h    |    7 +-
 wolfssl/wolfcrypt/tfm.h        |   16 +-
 25 files changed, 4072 insertions(+), 1045 deletions(-)
 create mode 100644 cyassl/openssl/ecdh.h
 create mode 100644 wolfssl/openssl/ecdh.h

diff --git a/cyassl/openssl/ecdh.h b/cyassl/openssl/ecdh.h
new file mode 100644
index 000000000..b774bf0da
--- /dev/null
+++ b/cyassl/openssl/ecdh.h
@@ -0,0 +1,3 @@
+/* ecdh.h for openssl */
+
+#include <wolfssl/openssl/ecdh.h>
diff --git a/cyassl/openssl/include.am b/cyassl/openssl/include.am
index e531f767a..88950eeec 100644
--- a/cyassl/openssl/include.am
+++ b/cyassl/openssl/include.am
@@ -11,6 +11,7 @@ nobase_include_HEADERS+= \
                          cyassl/openssl/dh.h \
                          cyassl/openssl/dsa.h \
                          cyassl/openssl/ecdsa.h \
+                         cyassl/openssl/ecdh.h \
                          cyassl/openssl/ec.h \
                          cyassl/openssl/engine.h \
                          cyassl/openssl/err.h \
diff --git a/rpm/spec.in b/rpm/spec.in
index 1e291ddbf..2c5de469b 100644
--- a/rpm/spec.in
+++ b/rpm/spec.in
@@ -134,6 +134,7 @@ mkdir -p $RPM_BUILD_ROOT/
 %{_includedir}/cyassl/openssl/dsa.h
 %{_includedir}/cyassl/openssl/ec.h
 %{_includedir}/cyassl/openssl/ecdsa.h
+%{_includedir}/cyassl/openssl/ecdh.h
 %{_includedir}/cyassl/openssl/engine.h
 %{_includedir}/cyassl/openssl/err.h
 %{_includedir}/cyassl/openssl/evp.h
@@ -226,6 +227,7 @@ mkdir -p $RPM_BUILD_ROOT/
 %{_includedir}/wolfssl/openssl/dsa.h
 %{_includedir}/wolfssl/openssl/ec.h
 %{_includedir}/wolfssl/openssl/ecdsa.h
+%{_includedir}/wolfssl/openssl/ecdh.h
 %{_includedir}/wolfssl/openssl/engine.h
 %{_includedir}/wolfssl/openssl/err.h
 %{_includedir}/wolfssl/openssl/evp.h
diff --git a/src/ssl.c b/src/ssl.c
index 22dd46165..e391095ce 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -46,6 +46,9 @@
     #include <wolfssl/openssl/dh.h>
     #include <wolfssl/openssl/rsa.h>
     #include <wolfssl/openssl/pem.h>
+    #include <wolfssl/openssl/ec.h>
+    #include <wolfssl/openssl/ecdsa.h>
+    #include <wolfssl/openssl/ecdh.h>
     /* openssl headers end, wolfssl internal headers next */
     #include <wolfssl/wolfcrypt/hmac.h>
     #include <wolfssl/wolfcrypt/random.h>
@@ -786,7 +789,7 @@ int wolfSSL_UseSecureRenegotiation(WOLFSSL* ssl)
 
     if (ret == SSL_SUCCESS) {
         TLSX* extension = TLSX_Find(ssl->extensions, SECURE_RENEGOTIATION);
-        
+
         if (extension)
             ssl->secure_renegotiation = (SecureRenegotiation*)extension->data;
     }
@@ -1518,8 +1521,6 @@ int wolfSSL_KeyPemToDer(const unsigned char* pem, int pemSz, unsigned char* buff
     EncryptedInfo  info[1];
 #endif
 
-    (void)pass;
-
     WOLFSSL_ENTER("wolfSSL_KeyPemToDer");
 
     if (pem == NULL || buff == NULL || buffSz <= 0) {
@@ -1552,6 +1553,8 @@ int wolfSSL_KeyPemToDer(const unsigned char* pem, int pemSz, unsigned char* buff
         wolfSSL_CTX_set_default_passwd_cb(info->ctx, OurPasswordCb);
         wolfSSL_CTX_set_default_passwd_cb_userdata(info->ctx, (void*)pass);
     }
+#else
+	(void)pass;
 #endif
 
     ret = PemToDer(pem, pemSz, PRIVATEKEY_TYPE, &der, NULL, info, &eccKey);
@@ -2104,6 +2107,85 @@ int wolfSSL_Init(void)
 }
 
 
+#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
+
+static int wolfssl_decrypt_buffer_key(buffer* der, byte* password, int passwordSz, EncryptedInfo* info)
+{
+	int ret;
+
+#ifdef WOLFSSL_SMALL_STACK
+	byte* key      = NULL;
+	byte* iv       = NULL;
+#else
+	byte  key[AES_256_KEY_SIZE];
+#ifndef NO_MD5
+	byte  iv[AES_IV_SIZE];
+#endif
+#endif
+
+	if (der == NULL || password == NULL || info == NULL)
+		return SSL_FATAL_ERROR;
+
+	/* use file's salt for key derivation, hex decode first */
+	if (Base16_Decode(info->iv, info->ivSz, info->iv, &info->ivSz) != 0)
+		return ASN_INPUT_E;
+
+#ifndef NO_MD5
+
+#ifdef WOLFSSL_SMALL_STACK
+	iv = (byte*)XMALLOC(AES_IV_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+	if (iv == NULL)
+		return MEMORY_E;
+
+	key = (byte*)XMALLOC(AES_256_KEY_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+	if (key == NULL) {
+		XFREE(iv, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+		return MEMORY_E;
+	}
+#endif /* WOLFSSL_SMALL_STACK */
+
+	if ((ret = EVP_BytesToKey(info->name, "MD5", info->iv,
+							  password, passwordSz, 1, key, iv)) <= 0) {
+
+		XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+		XFREE(iv, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+		return ASN_INPUT_E;
+	}
+
+#endif /* NO_MD5 */
+
+#ifndef NO_DES3
+	if (XSTRNCMP(info->name, "DES-CBC", 7) == 0)
+		ret = wc_Des_CbcDecryptWithKey(der->buffer, der->buffer, der->length,
+									   key, info->iv);
+	else if (XSTRNCMP(info->name, "DES-EDE3-CBC", 12) == 0)
+		ret = wc_Des3_CbcDecryptWithKey(der->buffer, der->buffer, der->length,
+										key, info->iv);
+#endif /* NO_DES3 */
+#ifndef NO_AES
+	else if (XSTRNCMP(info->name, "AES-128-CBC", 11) == 0)
+		ret = wc_AesCbcDecryptWithKey(der->buffer, der->buffer, der->length,
+									  key, AES_128_KEY_SIZE, info->iv);
+	else if (XSTRNCMP(info->name, "AES-192-CBC", 11) == 0)
+		ret = wc_AesCbcDecryptWithKey(der->buffer, der->buffer, der->length,
+									  key, AES_192_KEY_SIZE, info->iv);
+	else if (XSTRNCMP(info->name, "AES-256-CBC", 11) == 0)
+		ret = wc_AesCbcDecryptWithKey(der->buffer, der->buffer, der->length,
+									  key, AES_256_KEY_SIZE, info->iv);
+#endif /* NO_AES */
+	else
+		ret = SSL_BAD_FILE;
+
+#ifdef WOLFSSL_SMALL_STACK
+	XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+	XFREE(iv, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+
+	return ret;
+}
+#endif /* defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) */
+
+
 #ifndef NO_CERTS
 
 static const char* BEGIN_CERT         = "-----BEGIN CERTIFICATE-----";
@@ -2140,6 +2222,7 @@ int PemToDer(const unsigned char* buff, long longSz, int type,
     int         ret         = 0;
     int         dynamicType = 0;
     int         sz          = (int)longSz;
+	int			encrypted_key = 0;
 
     switch (type) {
         case CA_TYPE:       /* same as below */
@@ -2147,20 +2230,26 @@ int PemToDer(const unsigned char* buff, long longSz, int type,
         case CRL_TYPE:      header= BEGIN_X509_CRL; footer= END_X509_CRL; break;
         case DH_PARAM_TYPE: header= BEGIN_DH_PARAM; footer= END_DH_PARAM; break;
         case CERTREQ_TYPE:  header= BEGIN_CERT_REQ; footer= END_CERT_REQ; break;
+		case DSA_TYPE:		header= BEGIN_DSA_PRIV; footer= END_DSA_PRIV; break;
+		case ECC_TYPE:		header= BEGIN_EC_PRIV;  footer= END_EC_PRIV; break;
+		case RSA_TYPE:		header= BEGIN_RSA_PRIV; footer= END_RSA_PRIV; break;
         default:            header= BEGIN_RSA_PRIV; footer= END_RSA_PRIV; break;
     }
-    
+
     switch (type) {
         case CA_TYPE:   dynamicType = DYNAMIC_TYPE_CA;   break;
         case CERT_TYPE: dynamicType = DYNAMIC_TYPE_CERT; break;
         case CRL_TYPE:  dynamicType = DYNAMIC_TYPE_CRL;  break;
+		case DSA_TYPE:	dynamicType = DYNAMIC_TYPE_DSA;  break;
+		case ECC_TYPE:	dynamicType = DYNAMIC_TYPE_ECC;  break;
+		case RSA_TYPE:	dynamicType = DYNAMIC_TYPE_RSA;  break;
         default:        dynamicType = DYNAMIC_TYPE_KEY;  break;
     }
 
     /* find header */
     for (;;) {
         headerEnd = XSTRNSTR((char*)buff, header, sz);
-        
+
         if (headerEnd || type != PRIVATEKEY_TYPE) {
             break;
         } else if (header == BEGIN_RSA_PRIV) {
@@ -2192,7 +2281,7 @@ int PemToDer(const unsigned char* buff, long longSz, int type,
 
     if (type == PRIVATEKEY_TYPE) {
         if (eccKey)
-            *eccKey = header == BEGIN_EC_PRIV;      
+            *eccKey = header == BEGIN_EC_PRIV;
     }
 
 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
@@ -2235,6 +2324,8 @@ int PemToDer(const unsigned char* buff, long longSz, int type,
             while (*newline == '\r' || *newline == '\n')
                 newline++;
             headerEnd = newline;
+
+			encrypted_key = 1;
         }
     }
 #endif /* OPENSSL_EXTRA || HAVE_WEBSERVER */
@@ -2274,7 +2365,7 @@ int PemToDer(const unsigned char* buff, long longSz, int type,
                                                               &der->length) < 0)
         return SSL_BAD_FILE;
 
-    if (header == BEGIN_PRIV_KEY) {
+    if (header == BEGIN_PRIV_KEY && !encrypted_key) {
         /* pkcs8 key, convert and adjust length */
         if ((ret = ToTraditional(der->buffer, der->length)) < 0)
             return ret;
@@ -2284,7 +2375,7 @@ int PemToDer(const unsigned char* buff, long longSz, int type,
     }
 
 #if (defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)) && !defined(NO_PWDBASED)
-    if (header == BEGIN_ENC_PRIV_KEY) {
+    if (encrypted_key || header == BEGIN_ENC_PRIV_KEY) {
         int   passwordSz;
     #ifdef WOLFSSL_SMALL_STACK
         char* password = NULL;
@@ -2303,19 +2394,31 @@ int PemToDer(const unsigned char* buff, long longSz, int type,
         passwordSz = info->ctx->passwd_cb(password, sizeof(password), 0,
                                                            info->ctx->userdata);
         /* convert and adjust length */
-        ret = ToTraditionalEnc(der->buffer, der->length, password, passwordSz);
-
+		if (header == BEGIN_ENC_PRIV_KEY) {
+        	ret = ToTraditionalEnc(der->buffer, der->length, password, passwordSz);
     #ifdef WOLFSSL_SMALL_STACK
-        XFREE(password, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        	XFREE(password, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     #endif
+			if (ret < 0) {
+				XFREE(der->buffer, heap, dynamicType);
+            	return ret;
+			}
 
-        if (ret < 0)
-            return ret;
-
-        der->length = ret;
-        return 0;
+			der->length = ret;
+		}
+		/* decrypt the key */
+		else {
+			ret = wolfssl_decrypt_buffer_key(der, (byte*)password, passwordSz, info);
+    #ifdef WOLFSSL_SMALL_STACK
+        	XFREE(password, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    #endif
+			if (ret != 0) {
+				XFREE(der->buffer, heap, dynamicType);
+            	return ret;
+			}
+		}
     }
-#endif
+#endif  /* OPENSSL_EXTRA || HAVE_WEBSERVER || NO_PWDBASED */
 
     return 0;
 }
@@ -2510,87 +2613,34 @@ static int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
     }
 
 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
-    if (info->set) {
+	/* for SSL_FILETYPE_PEM, PemToDer manage the decryption if required */
+    if (info->set && (format != SSL_FILETYPE_PEM)) {
         /* decrypt */
         int   passwordSz;
 #ifdef WOLFSSL_SMALL_STACK
         char* password = NULL;
-        byte* key      = NULL;
-        byte* iv       = NULL;
 #else
         char  password[80];
-        byte  key[AES_256_KEY_SIZE];
-        #ifndef NO_MD5
-        byte  iv[AES_IV_SIZE];
-        #endif
 #endif
 
     #ifdef WOLFSSL_SMALL_STACK
         password = (char*)XMALLOC(80, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-        key      = (byte*)XMALLOC(AES_256_KEY_SIZE, NULL,
-                                                   DYNAMIC_TYPE_TMP_BUFFER);
-        iv       = (byte*)XMALLOC(AES_IV_SIZE, NULL, 
-                                                   DYNAMIC_TYPE_TMP_BUFFER);
-
-        if (password == NULL || key == NULL || iv == NULL) {
-            XFREE(password, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-            XFREE(key,      NULL, DYNAMIC_TYPE_TMP_BUFFER);
-            XFREE(iv,       NULL, DYNAMIC_TYPE_TMP_BUFFER);
-            ret = MEMORY_E;
-        }
+        if (password == NULL)
+			ret = MEMORY_E;
         else
     #endif
         if (!ctx || !ctx->passwd_cb) {
             ret = NO_PASSWORD;
         }
         else {
-            passwordSz = ctx->passwd_cb(password, sizeof(password), 0,
-                                                             ctx->userdata);
+            passwordSz = ctx->passwd_cb(password, sizeof(password), 0, ctx->userdata);
 
-            /* use file's salt for key derivation, hex decode first */
-            if (Base16_Decode(info->iv, info->ivSz, info->iv, &info->ivSz)
-                                                                         != 0) {
-                ret = ASN_INPUT_E;
-            }
-#ifndef NO_MD5
-            else if ((ret = EVP_BytesToKey(info->name, "MD5", info->iv,
-                           (byte*)password, passwordSz, 1, key, iv)) <= 0) {
-                /* empty */
-            }
-#endif
-#ifndef NO_DES3
-            else if (XSTRNCMP(info->name, "DES-CBC", 7) == 0) {
-                ret = wc_Des_CbcDecryptWithKey(der.buffer, der.buffer, der.length,
-                                                                 key, info->iv);
-            }
-            else if (XSTRNCMP(info->name, "DES-EDE3-CBC", 13) == 0) {
-                ret = wc_Des3_CbcDecryptWithKey(der.buffer, der.buffer, der.length,
-                                                                 key, info->iv);
-            }
-#endif
-#ifndef NO_AES
-            else if (XSTRNCMP(info->name, "AES-128-CBC", 13) == 0) {
-                ret = wc_AesCbcDecryptWithKey(der.buffer, der.buffer, der.length,
-                                               key, AES_128_KEY_SIZE, info->iv);
-            }
-            else if (XSTRNCMP(info->name, "AES-192-CBC", 13) == 0) {
-                ret = wc_AesCbcDecryptWithKey(der.buffer, der.buffer, der.length,
-                                               key, AES_192_KEY_SIZE, info->iv);
-            }
-            else if (XSTRNCMP(info->name, "AES-256-CBC", 13) == 0) {
-                ret = wc_AesCbcDecryptWithKey(der.buffer, der.buffer, der.length,
-                                               key, AES_256_KEY_SIZE, info->iv);
-            }
-#endif
-            else {
-                ret = SSL_BAD_FILE;
-            }
+			/* decrypt the key */
+			ret = wolfssl_decrypt_buffer_key(&der, (byte*)password, passwordSz, info);
         }
 
     #ifdef WOLFSSL_SMALL_STACK
         XFREE(password, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-        XFREE(key,      NULL, DYNAMIC_TYPE_TMP_BUFFER);
-        XFREE(iv,       NULL, DYNAMIC_TYPE_TMP_BUFFER);
     #endif
 
         if (ret != 0) {
@@ -3840,7 +3890,7 @@ static int wolfSSL_SetTmpDH_buffer_wrapper(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
             ret = PemToDer(buf, sz, DH_PARAM_TYPE, &der, ctx->heap, NULL,NULL);
             weOwnDer = 1;
         }
-        
+
         if (ret == 0) {
             if (wc_DhParamsLoad(der.buffer, der.length, p, &pSz, g, &gSz) < 0)
                 ret = SSL_BAD_FILETYPE;
@@ -11165,12 +11215,27 @@ int wolfSSL_BN_rand(WOLFSSL_BIGNUM* bn, int bits, int top, int bottom)
 
 int wolfSSL_BN_is_bit_set(const WOLFSSL_BIGNUM* bn, int n)
 {
-    (void)bn;
-    (void)n;
+   	if (bn == NULL || bn->internal == NULL) {
+		WOLFSSL_MSG("bn NULL error");
+		return 0;
+	}
 
-    WOLFSSL_MSG("wolfSSL_BN_is_bit_set");
+	return mp_is_bit_set((mp_int*)bn->internal, n);
+}
 
-    return 0;
+int wolfSSL_BN_set_bit(WOLFSSL_BIGNUM* bn, int n)
+{
+	if (bn == NULL || bn->internal == NULL) {
+		WOLFSSL_MSG("bn NULL error");
+		return 0;
+	}
+
+	if (mp_set_int((mp_int*)bn->internal, n) != MP_OKAY) {
+		WOLFSSL_MSG("mp_set_int error");
+		return 0;
+	}
+
+	return 1;
 }
 
 
@@ -11242,29 +11307,37 @@ WOLFSSL_BIGNUM* wolfSSL_BN_dup(const WOLFSSL_BIGNUM* bn)
         return NULL;
     }
 
+	ret->neg = bn->neg;
+
     return ret;
 }
 
 
 WOLFSSL_BIGNUM* wolfSSL_BN_copy(WOLFSSL_BIGNUM* r, const WOLFSSL_BIGNUM* bn)
 {
-    (void)r;
-    (void)bn;
-
     WOLFSSL_MSG("wolfSSL_BN_copy");
 
-    return NULL;
+	if (mp_copy((mp_int*)bn->internal, (mp_int*)r->internal) != MP_OKAY) {
+		WOLFSSL_MSG("mp_copy error");
+		return NULL;
+	}
+
+	r->neg = bn->neg;
+
+    return r;
 }
 
 
-int wolfSSL_BN_set_word(WOLFSSL_BIGNUM* bn, unsigned long w)
+int wolfSSL_BN_set_word(WOLFSSL_BIGNUM* bn, WOLFSSL_BN_ULONG w)
 {
-    (void)bn;
-    (void)w;
-
     WOLFSSL_MSG("wolfSSL_BN_set_word");
 
-    return SSL_FATAL_ERROR;
+	if (mp_set_int((mp_int*)bn->internal, w) != MP_OKAY) {
+		WOLFSSL_MSG("mp_init_set_int error");
+		return 0;
+	}
+
+    return 1;
 }
 
 
@@ -11288,6 +11361,251 @@ char* wolfSSL_BN_bn2dec(const WOLFSSL_BIGNUM* bn)
     return NULL;
 }
 
+int wolfSSL_BN_lshift(WOLFSSL_BIGNUM *r, const WOLFSSL_BIGNUM *bn, int n)
+{
+	WOLFSSL_MSG("wolfSSL_BN_lshift");
+
+	if (bn == NULL || bn->internal == NULL) {
+		WOLFSSL_MSG("bn NULL error");
+		return 0;
+	}
+
+	/*  create new bn for res, if not done before */
+	if (r == NULL)
+		r = wolfSSL_BN_new();
+
+	if (r == NULL) {
+		WOLFSSL_MSG("bn new error");
+		return 0;
+	}
+
+	if (mp_mul_2d((mp_int*)bn->internal, n, (mp_int*)r->internal) != MP_OKAY) {
+		WOLFSSL_MSG("mp_mul_2d error");
+		return 0;
+	}
+
+	return 1;
+}
+
+int wolfSSL_BN_rshift(WOLFSSL_BIGNUM *r, const WOLFSSL_BIGNUM *bn, int n)
+{
+	WOLFSSL_MSG("wolfSSL_BN_rshift");
+
+	if (bn == NULL || bn->internal == NULL) {
+		WOLFSSL_MSG("bn NULL error");
+		return 0;
+	}
+
+	/*  create new bn for res, if not done before */
+	if (r == NULL)
+		r = wolfSSL_BN_new();
+
+	if (r == NULL) {
+		WOLFSSL_MSG("bn new error");
+		return 0;
+	}
+
+	if (mp_div_2d((mp_int*)bn->internal, n, (mp_int*)r->internal, NULL) != MP_OKAY) {
+		WOLFSSL_MSG("mp_mul_2d error");
+		return 0;
+	}
+
+	return 1;
+
+}
+
+int wolfSSL_BN_add_word(WOLFSSL_BIGNUM *bn, WOLFSSL_BN_ULONG w)
+{
+	WOLFSSL_MSG("wolfSSL_BN_add_word");
+
+	if (bn == NULL || bn->internal == NULL) {
+		WOLFSSL_MSG("bn NULL error");
+		return 0;
+	}
+
+	if (mp_add_d((mp_int*)bn->internal, w, (mp_int*)bn->internal) != MP_OKAY) {
+		WOLFSSL_MSG("mp_add_d error");
+		return 0;
+	}
+
+	return 1;
+}
+
+int wolfSSL_BN_add(WOLFSSL_BIGNUM *r, WOLFSSL_BIGNUM *a, WOLFSSL_BIGNUM *b)
+{
+	WOLFSSL_MSG("wolfSSL_BN_add");
+
+	if (r == NULL || r->internal == NULL || a == NULL || a->internal == NULL || b == NULL || b->internal == NULL) {
+		WOLFSSL_MSG("bn NULL error");
+		return 0;
+	}
+
+	if (mp_add((mp_int*)a->internal, (mp_int*)b->internal, (mp_int*)r->internal) != MP_OKAY) {
+		WOLFSSL_MSG("mp_add_d error");
+		return 0;
+	}
+
+	return 1;
+}
+
+#ifdef WOLFSSL_KEY_GEN
+
+int wolfSSL_BN_is_prime_ex(const WOLFSSL_BIGNUM *bn, int nbchecks, WOLFSSL_BN_CTX *ctx, WOLFSSL_BN_GENCB *cb)
+{
+	(void)ctx;
+	(void)cb;
+
+	int res;
+
+	WOLFSSL_MSG("wolfSSL_BN_is_prime_ex");
+
+	if (bn == NULL || bn->internal == NULL) {
+		WOLFSSL_MSG("bn NULL error");
+		return 0;
+	}
+
+	if (mp_prime_is_prime((mp_int*)bn->internal, nbchecks, &res) != MP_OKAY) {
+		WOLFSSL_MSG("mp_prime_is_prime error");
+		return 0;
+	}
+
+	if (res != MP_YES) {
+		WOLFSSL_MSG("mp_prime_is_prime not prime");
+		return 0;
+	}
+
+	return 1;
+}
+#endif /* #ifdef WOLFSSL_KEY_GEN */
+
+WOLFSSL_BN_ULONG wolfSSL_BN_mod_word(const WOLFSSL_BIGNUM *bn, WOLFSSL_BN_ULONG w)
+{
+	mp_int mod, res;
+	WOLFSSL_BN_ULONG ret = 0;
+
+	WOLFSSL_MSG("wolfSSL_BN_mod_word");
+
+	if (bn == NULL || bn->internal == NULL) {
+		WOLFSSL_MSG("bn NULL error");
+		return 0;
+	}
+
+	if (mp_init_multi(&mod, &res, NULL, NULL, NULL, NULL) != MP_OKAY) {
+		WOLFSSL_MSG("mp_init error");
+		return 0;
+	}
+
+	if (mp_set_int(&mod, w) != MP_OKAY) {
+		WOLFSSL_MSG("mp_set_int error");
+		mp_clear(&mod);
+		return 0;
+	}
+
+	if (mp_mod((mp_int*)bn->internal, &mod, &res) != MP_OKAY) {
+		WOLFSSL_MSG("mp_add_d error");
+		mp_clear(&mod);
+		mp_clear(&res);
+		return 0;
+	}
+
+	ret = res.dp[0];
+
+	mp_clear(&mod);
+	mp_clear(&res);
+	return ret;
+}
+
+#if (defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY)) && defined(HAVE_ECC)
+char *wolfSSL_BN_bn2hex(const WOLFSSL_BIGNUM *bn)
+{
+	int len = 0;
+	char *buf;
+
+	WOLFSSL_MSG("wolfSSL_BN_bn2hex");
+
+	if (bn == NULL || bn->internal == NULL) {
+		WOLFSSL_MSG("bn NULL error");
+		return NULL;
+	}
+
+	if (mp_radix_size((mp_int*)bn->internal, 16, &len) != MP_OKAY) {
+		WOLFSSL_MSG("mp_radix_size failure");
+		return NULL;
+	}
+
+	buf = (char*) XMALLOC(len, NULL, DYNAMIC_TYPE_ECC);
+	if (buf == NULL) {
+		WOLFSSL_MSG("wolfSSL_BN_bn2hex malloc buffer failure");
+		return NULL;
+	}
+
+	if (mp_toradix((mp_int*)bn->internal, buf, 16) != MP_OKAY) {
+		XFREE(buf, NULL, DYNAMIC_TYPE_ECC);
+		return NULL;
+	}
+
+	return buf;
+}
+
+int wolfSSL_BN_print_fp(FILE *fp, const WOLFSSL_BIGNUM *bn)
+{
+	char *buf;
+
+	WOLFSSL_MSG("wolfSSL_BN_print_fp");
+
+	if (fp == NULL || bn == NULL || bn->internal == NULL) {
+		WOLFSSL_MSG("bn NULL error");
+		return 0;
+	}
+
+	buf = wolfSSL_BN_bn2hex(bn);
+	if (buf == NULL) {
+		WOLFSSL_MSG("wolfSSL_BN_bn2hex failure");
+		return 0;
+	}
+
+	fprintf(fp, "%s", buf);
+	XFREE(buf, NULL, DYNAMIC_TYPE_ECC);
+	return 1;
+}
+#else /* defined(HAVE_ECC) */
+char *wolfSSL_BN_bn2hex(const WOLFSSL_BIGNUM *bn)
+{
+	(void)bn;
+
+	WOLFSSL_MSG("wolfSSL_BN_bn2hex not implemented");
+
+	return (char*)"";
+}
+
+int wolfSSL_BN_print_fp(FILE *fp, const WOLFSSL_BIGNUM *bn)
+{
+	(void)fp;
+	(void)bn;
+
+	WOLFSSL_MSG("wolfSSL_BN_print_fp not implemented");
+
+	return 1;
+}
+#endif /* (defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY)) && defined(HAVE_ECC) */
+
+WOLFSSL_BIGNUM *wolfSSL_BN_CTX_get(WOLFSSL_BN_CTX *ctx)
+{
+	/* ctx is not used, return new Bignum */
+	(void)ctx;
+
+	WOLFSSL_ENTER("wolfSSL_BN_CTX_get");
+
+	return wolfSSL_BN_new();
+}
+
+void wolfSSL_BN_CTX_start(WOLFSSL_BN_CTX *ctx)
+{
+	(void)ctx;
+
+	WOLFSSL_ENTER("wolfSSL_BN_CTX_start");
+	WOLFSSL_MSG("wolfSSL_BN_CTX_start TBD");
+}
 
 #ifndef NO_DH
 
@@ -11478,7 +11796,7 @@ int wolfSSL_DH_generate_key(WOLFSSL_DH* dh)
        else {
             if (dh->pub_key)
                 wolfSSL_BN_free(dh->pub_key);
-   
+
             dh->pub_key = wolfSSL_BN_new();
             if (dh->pub_key == NULL) {
                 WOLFSSL_MSG("Bad DH new pub");
@@ -11756,7 +12074,7 @@ static int SetIndividualExternal(WOLFSSL_BIGNUM** bn, mp_int* mpi)
 {
     WOLFSSL_MSG("Entering SetIndividualExternal");
 
-    if (mpi == NULL) {
+    if (mpi == NULL || bn == NULL) {
         WOLFSSL_MSG("mpi NULL error");
         return SSL_FATAL_ERROR;
     }
@@ -11776,10 +12094,33 @@ static int SetIndividualExternal(WOLFSSL_BIGNUM** bn, mp_int* mpi)
 
     return 0;
 }
+
+static int SetIndividualInternal(WOLFSSL_BIGNUM* bn, mp_int* mpi)
+{
+	WOLFSSL_MSG("Entering SetIndividualInternal");
+
+	if (bn == NULL) {
+		WOLFSSL_MSG("bn NULL error");
+		return SSL_FATAL_ERROR;
+	}
+
+	if (mpi == NULL || (mp_init(mpi) != MP_OKAY)) {
+		WOLFSSL_MSG("mpi NULL error");
+		return SSL_FATAL_ERROR;
+	}
+
+	if (mp_copy((mp_int*)bn->internal, mpi) != MP_OKAY) {
+		WOLFSSL_MSG("mp_copy error");
+		return SSL_FATAL_ERROR;
+	}
+
+	return 0;
+}
 #endif /* !NO_RSA && !NO_DSA */
 
 
 #ifndef NO_DSA
+/* wolfSSL -> OpenSSL */
 static int SetDsaExternal(WOLFSSL_DSA* dsa)
 {
     DsaKey* key;
@@ -11821,10 +12162,54 @@ static int SetDsaExternal(WOLFSSL_DSA* dsa)
 
     return 0;
 }
+
+/* Openssl -> WolfSSL */
+static int SetDsaInternal(WOLFSSL_DSA* dsa)
+{
+	DsaKey* key;
+	WOLFSSL_MSG("Entering SetDsaInternal");
+
+	if (dsa == NULL || dsa->internal == NULL) {
+		WOLFSSL_MSG("dsa key NULL error");
+		return SSL_FATAL_ERROR;
+	}
+
+	key = (DsaKey*)dsa->internal;
+
+	if (dsa->p != NULL && SetIndividualInternal(dsa->p, &key->p) < 0) {
+		WOLFSSL_MSG("rsa p key error");
+		return SSL_FATAL_ERROR;
+	}
+
+	if (dsa->q != NULL && SetIndividualInternal(dsa->q, &key->q) < 0) {
+		WOLFSSL_MSG("rsa q key error");
+		return SSL_FATAL_ERROR;
+	}
+
+	if (dsa->g != NULL && SetIndividualInternal(dsa->g, &key->g) < 0) {
+		WOLFSSL_MSG("rsa g key error");
+		return SSL_FATAL_ERROR;
+	}
+
+	if (dsa->pub_key != NULL && SetIndividualInternal(dsa->pub_key, &key->y) < 0) {
+		WOLFSSL_MSG("rsa pub_key error");
+		return SSL_FATAL_ERROR;
+	}
+
+	if (dsa->priv_key != NULL && SetIndividualInternal(dsa->priv_key, &key->x) < 0) {
+		WOLFSSL_MSG("rsa priv_key error");
+		return SSL_FATAL_ERROR;
+	}
+
+	dsa->inSet = 1;
+
+	return 0;
+}
 #endif /* NO_DSA */
 
 
 #ifndef NO_RSA
+/* WolfSSL -> OpenSSL */
 static int SetRsaExternal(WOLFSSL_RSA* rsa)
 {
     RsaKey* key;
@@ -11882,6 +12267,64 @@ static int SetRsaExternal(WOLFSSL_RSA* rsa)
     return 0;
 }
 
+/* Openssl -> WolfSSL */
+static int SetRsaInternal(WOLFSSL_RSA* rsa)
+{
+	RsaKey* key;
+	WOLFSSL_MSG("Entering SetRsaInternal");
+
+	if (rsa == NULL || rsa->internal == NULL) {
+		WOLFSSL_MSG("rsa key NULL error");
+		return SSL_FATAL_ERROR;
+	}
+
+	key = (RsaKey*)rsa->internal;
+
+	if (SetIndividualInternal(rsa->n, &key->n) < 0) {
+		WOLFSSL_MSG("rsa n key error");
+		return SSL_FATAL_ERROR;
+	}
+
+	if (SetIndividualInternal(rsa->e, &key->e) < 0) {
+		WOLFSSL_MSG("rsa e key error");
+		return SSL_FATAL_ERROR;
+	}
+
+	if (rsa->d != NULL && SetIndividualInternal(rsa->d, &key->d) < 0) {
+		WOLFSSL_MSG("rsa d key error");
+		return SSL_FATAL_ERROR;
+	}
+
+	if (rsa->p != NULL && SetIndividualInternal(rsa->p, &key->p) < 0) {
+		WOLFSSL_MSG("rsa p key error");
+		return SSL_FATAL_ERROR;
+	}
+
+	if (rsa->q != NULL && SetIndividualInternal(rsa->q, &key->q) < 0) {
+		WOLFSSL_MSG("rsa q key error");
+		return SSL_FATAL_ERROR;
+	}
+
+	if (rsa->dmp1 != NULL && SetIndividualInternal(rsa->dmp1, &key->dP) < 0) {
+		WOLFSSL_MSG("rsa dP key error");
+		return SSL_FATAL_ERROR;
+	}
+
+	if (rsa->dmq1 != NULL && SetIndividualInternal(rsa->dmq1, &key->dQ) < 0) {
+		WOLFSSL_MSG("rsa dQ key error");
+		return SSL_FATAL_ERROR;
+	}
+
+	if (rsa->iqmp != NULL && SetIndividualInternal(rsa->iqmp, &key->u) < 0) {
+		WOLFSSL_MSG("rsa u key error");
+		return SSL_FATAL_ERROR;
+	}
+
+	rsa->inSet = 1;
+
+	return 0;
+}
+
 
 /* SSL_SUCCESS on ok */
 int wolfSSL_RSA_generate_key_ex(WOLFSSL_RSA* rsa, int bits, WOLFSSL_BIGNUM* bn,
@@ -12001,47 +12444,86 @@ int wolfSSL_DSA_do_sign(const unsigned char* d, unsigned char* sigRet,
     RNG    tmpRNG[1];
 #endif
 
-    WOLFSSL_MSG("wolfSSL_DSA_do_sign");
+    WOLFSSL_ENTER("wolfSSL_DSA_do_sign");
 
-    if (d == NULL || sigRet == NULL || dsa == NULL)
+	if (d == NULL || sigRet == NULL || dsa == NULL) {
         WOLFSSL_MSG("Bad function arguments");
-    else if (dsa->inSet == 0)
-        WOLFSSL_MSG("No DSA internal set");
-    else {
-    #ifdef WOLFSSL_SMALL_STACK
-        tmpRNG = (RNG*)XMALLOC(sizeof(RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
-        if (tmpRNG == NULL)
-            return SSL_FATAL_ERROR;
-    #endif
+		return ret;
+	}
 
-        if (wc_InitRng(tmpRNG) == 0) {
-            rng = tmpRNG;
-            initTmpRng = 1;
-        }
-        else {
-            WOLFSSL_MSG("Bad RNG Init, trying global");
-            if (initGlobalRNG == 0)
-                WOLFSSL_MSG("Global RNG no Init");
-            else
-                rng = &globalRNG;
-        }
+	if (dsa->inSet == 0)
+	{
+		WOLFSSL_MSG("No DSA internal set, do it");
 
-        if (rng) {
-            if (DsaSign(d, sigRet, (DsaKey*)dsa->internal, rng) < 0)
-                WOLFSSL_MSG("DsaSign failed");
-            else
-                ret = SSL_SUCCESS;
-        }
+		if (SetDsaInternal(dsa) < 0) {
+			WOLFSSL_MSG("SetDsaInternal failed");
+			return ret;
+		}
+	}
+#ifdef WOLFSSL_SMALL_STACK
+	tmpRNG = (RNG*)XMALLOC(sizeof(RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+	if (tmpRNG == NULL)
+		return SSL_FATAL_ERROR;
+#endif
 
-        if (initTmpRng)
-            wc_FreeRng(tmpRNG);
-    #ifdef WOLFSSL_SMALL_STACK
-        XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    #endif
-    }
+	if (wc_InitRng(tmpRNG) == 0) {
+		rng = tmpRNG;
+		initTmpRng = 1;
+	}
+	else {
+		WOLFSSL_MSG("Bad RNG Init, trying global");
+		if (initGlobalRNG == 0)
+			WOLFSSL_MSG("Global RNG no Init");
+		else
+			rng = &globalRNG;
+	}
+
+	if (rng) {
+		if (DsaSign(d, sigRet, (DsaKey*)dsa->internal, rng) < 0)
+			WOLFSSL_MSG("DsaSign failed");
+		else
+			ret = SSL_SUCCESS;
+	}
+
+	if (initTmpRng)
+		wc_FreeRng(tmpRNG);
+#ifdef WOLFSSL_SMALL_STACK
+	XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
 
     return ret;
 }
+
+
+int wolfSSL_DSA_do_verify(const unsigned char* d, unsigned char* sig,
+						WOLFSSL_DSA* dsa, int *dsacheck)
+{
+	int    ret = SSL_FATAL_ERROR;
+
+	WOLFSSL_ENTER("wolfSSL_DSA_do_verify");
+
+	if (d == NULL || sig == NULL || dsa == NULL) {
+		WOLFSSL_MSG("Bad function arguments");
+		return SSL_FATAL_ERROR;
+	}
+	if (dsa->inSet == 0)
+	{
+		WOLFSSL_MSG("No DSA internal set, do it");
+
+		if (SetDsaInternal(dsa) < 0) {
+			WOLFSSL_MSG("SetDsaInternal failed");
+			return SSL_FATAL_ERROR;
+		}
+	}
+
+	ret = DsaVerify(d, sig, (DsaKey*)dsa->internal, dsacheck);
+	if (ret != 0 || *dsacheck != 1) {
+		WOLFSSL_MSG("DsaVerify failed");
+		return ret;
+	}
+
+	return SSL_SUCCESS;
+}
 #endif /* NO_DSA */
 
 
@@ -12051,7 +12533,7 @@ int wolfSSL_RSA_sign(int type, const unsigned char* m,
                            unsigned int mLen, unsigned char* sigRet,
                            unsigned int* sigLen, WOLFSSL_RSA* rsa)
 {
-    word32 outLen;    
+    word32 outLen;
     word32 signSz;
     int    initTmpRng = 0;
     RNG*   rng        = NULL;
@@ -12066,43 +12548,55 @@ int wolfSSL_RSA_sign(int type, const unsigned char* m,
 
     WOLFSSL_MSG("wolfSSL_RSA_sign");
 
-    if (m == NULL || sigRet == NULL || sigLen == NULL || rsa == NULL)
+    if (m == NULL || sigRet == NULL || sigLen == NULL || rsa == NULL) {
         WOLFSSL_MSG("Bad function arguments");
-    else if (rsa->inSet == 0)
-        WOLFSSL_MSG("No RSA internal set");
-    else if (type != NID_md5 && type != NID_sha1)
-        WOLFSSL_MSG("Bad md type");
-    else {
-        outLen = (word32)wolfSSL_BN_num_bytes(rsa->n);
+		return 0;
+	}
 
-    #ifdef WOLFSSL_SMALL_STACK
-        tmpRNG = (RNG*)XMALLOC(sizeof(RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
-        if (tmpRNG == NULL)
-            return 0;
+	if (type != NID_md5 && type != NID_sha1) {
+		WOLFSSL_MSG("Bad md type");
+		return 0;
+	}
 
-        encodedSig = (byte*)XMALLOC(MAX_ENCODED_SIG_SZ, NULL,
-                                                       DYNAMIC_TYPE_TMP_BUFFER);
-        if (encodedSig == NULL) {
-            XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-            return 0;
-        }
-    #endif
+	if (rsa->inSet == 0)
+	{
+		WOLFSSL_MSG("No RSA internal set, do it");
 
-        if (outLen == 0)
-            WOLFSSL_MSG("Bad RSA size");
-        else if (wc_InitRng(tmpRNG) == 0) {
-            rng = tmpRNG;
-            initTmpRng = 1;
-        }
-        else {
-            WOLFSSL_MSG("Bad RNG Init, trying global");
+		if (SetRsaInternal(rsa) < 0) {
+			WOLFSSL_MSG("SetRsaInternal failed");
+			return 0;
+		}
+	}
 
-            if (initGlobalRNG == 0)
-                WOLFSSL_MSG("Global RNG no Init");
-            else
-                rng = &globalRNG;
-        }
-    }
+    outLen = (word32)wolfSSL_BN_num_bytes(rsa->n);
+
+#ifdef WOLFSSL_SMALL_STACK
+	tmpRNG = (RNG*)XMALLOC(sizeof(RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+	if (tmpRNG == NULL)
+		return 0;
+
+	encodedSig = (byte*)XMALLOC(MAX_ENCODED_SIG_SZ, NULL,
+												   DYNAMIC_TYPE_TMP_BUFFER);
+	if (encodedSig == NULL) {
+		XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+		return 0;
+	}
+#endif
+
+	if (outLen == 0)
+		WOLFSSL_MSG("Bad RSA size");
+	else if (wc_InitRng(tmpRNG) == 0) {
+		rng = tmpRNG;
+		initTmpRng = 1;
+	}
+	else {
+		WOLFSSL_MSG("Bad RNG Init, trying global");
+
+		if (initGlobalRNG == 0)
+			WOLFSSL_MSG("Global RNG no Init");
+		else
+			rng = &globalRNG;
+	}
 
     if (rng) {
         type = (type == NID_md5) ? MD5h : SHAh;
@@ -12130,7 +12624,11 @@ int wolfSSL_RSA_sign(int type, const unsigned char* m,
     XFREE(encodedSig, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
-    WOLFSSL_MSG("wolfSSL_RSA_sign success");
+	if (ret == SSL_SUCCESS)
+		WOLFSSL_MSG("wolfSSL_RSA_sign success");
+	else {
+		WOLFSSL_MSG("wolfSSL_RSA_sign failed");
+	}
     return ret;
 }
 
@@ -12138,15 +12636,38 @@ int wolfSSL_RSA_sign(int type, const unsigned char* m,
 int wolfSSL_RSA_public_decrypt(int flen, unsigned char* from,
                           unsigned char* to, WOLFSSL_RSA* rsa, int padding)
 {
-    (void)flen;
-    (void)from;
-    (void)to;
-    (void)rsa;
-    (void)padding;
+    int tlen = 0;
 
-    WOLFSSL_MSG("wolfSSL_RSA_public_decrypt");
+	WOLFSSL_MSG("wolfSSL_RSA_public_decrypt");
 
-    return SSL_FATAL_ERROR;
+	if (rsa == NULL || rsa->internal == NULL || from == NULL) {
+		WOLFSSL_MSG("Bad function arguments");
+		return 0;
+	}
+
+	if (padding != RSA_PKCS1_PADDING) {
+		WOLFSSL_MSG("wolfSSL_RSA_public_decrypt unsupported padding");
+		return 0;
+	}
+
+	if (rsa->inSet == 0)
+	{
+		WOLFSSL_MSG("No RSA internal set, do it");
+
+		if (SetRsaInternal(rsa) < 0) {
+			WOLFSSL_MSG("SetRsaInternal failed");
+			return 0;
+		}
+	}
+
+	/* size of 'to' buffer must be size of RSA key */
+	tlen = wc_RsaSSL_Verify(from, flen, to, wolfSSL_RSA_size(rsa), (RsaKey*)rsa->internal);
+	if (tlen <= 0)
+		WOLFSSL_MSG("wolfSSL_RSA_public_decrypt failed");
+	else {
+		WOLFSSL_MSG("wolfSSL_RSA_public_decrypt success");
+	}
+    return tlen;
 }
 
 
@@ -12317,7 +12838,7 @@ const WOLFSSL_EVP_MD* wolfSSL_EVP_get_digestbynid(int id)
 WOLFSSL_RSA* wolfSSL_EVP_PKEY_get1_RSA(WOLFSSL_EVP_PKEY* key)
 {
     (void)key;
-    WOLFSSL_MSG("wolfSSL_EVP_PKEY_get1_RSA");
+    WOLFSSL_MSG("wolfSSL_EVP_PKEY_get1_RSA not implemented");
 
     return NULL;
 }
@@ -12326,12 +12847,21 @@ WOLFSSL_RSA* wolfSSL_EVP_PKEY_get1_RSA(WOLFSSL_EVP_PKEY* key)
 WOLFSSL_DSA* wolfSSL_EVP_PKEY_get1_DSA(WOLFSSL_EVP_PKEY* key)
 {
     (void)key;
-    WOLFSSL_MSG("wolfSSL_EVP_PKEY_get1_DSA");
+    WOLFSSL_MSG("wolfSSL_EVP_PKEY_get1_DSA not implemented");
 
     return NULL;
 }
 
 
+WOLFSSL_EC_KEY* wolfSSL_EVP_PKEY_get1_EC_KEY(WOLFSSL_EVP_PKEY* key)
+{
+	(void)key;
+	WOLFSSL_MSG("wolfSSL_EVP_PKEY_get1_EC_KEY not implemented");
+
+	return NULL;
+}
+
+
 void* wolfSSL_EVP_X_STATE(const WOLFSSL_EVP_CIPHER_CTX* ctx)
 {
     WOLFSSL_MSG("wolfSSL_EVP_X_STATE");
@@ -12515,46 +13045,1384 @@ void wolfSSL_OPENSSL_free(void* p)
     XFREE(p, NULL, 0);
 }
 
+#if defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA)
+
+int wolfSSL_PEM_write_buf_RSAPrivateKey(RSA* rsa, const EVP_CIPHER* cipher,
+										unsigned char* passwd, int len,
+										byte **pem, int *plen)
+{
+    (void)cipher;
+    (void)passwd;
+    (void)len;
+
+	byte *der, *tmp;
+	int	der_max_len = 0, derSz = 0;
+
+    WOLFSSL_MSG("wolfSSL_PEM_write_buf_RSAPrivateKey");
+
+	if (pem == NULL || plen == NULL || rsa == NULL || rsa->internal == NULL) {
+		WOLFSSL_MSG("Bad function arguments");
+		return 0;
+	}
+
+	if (rsa->inSet == 0) {
+		WOLFSSL_MSG("No RSA internal set, do it");
+
+		if (SetRsaInternal(rsa) < 0) {
+			WOLFSSL_MSG("SetRsaInternal failed");
+			return 0;
+		}
+	}
+
+	der_max_len = 5 * wolfSSL_RSA_size(rsa);
+	printf("der_max_len = %d\n", der_max_len);
+
+	der = (byte*)XMALLOC(der_max_len, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+	if (der == NULL) {
+		WOLFSSL_MSG("malloc failed");
+		return 0;
+	}
+
+	/* Key to DER */
+	derSz = wc_RsaKeyToDer(rsa->internal, der, der_max_len);
+	if (derSz < 0) {
+		WOLFSSL_MSG("wc_RsaKeyToDer failed");
+		XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+		return 0;
+	}
+
+	/* tmp buffer with a max size */
+	*plen = (derSz * 2) + sizeof(BEGIN_RSA_PRIV) + sizeof(END_RSA_PRIV);
+	tmp = (byte*)XMALLOC(*plen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+	if (tmp == NULL) {
+		WOLFSSL_MSG("malloc failed");
+		return 0;
+	}
+
+	/* DER to PEM */
+	*plen = wc_DerToPem(der, derSz, tmp, *plen, PRIVATEKEY_TYPE);
+	if (*plen <= 0) {
+		WOLFSSL_MSG("wc_DerToPem failed");
+		XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+		XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+		return 0;
+	}
+	XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+
+	*pem = (byte*)XMALLOC((*plen)+1, NULL, DYNAMIC_TYPE_OUT_BUFFER);
+	if (*pem == NULL) {
+		WOLFSSL_MSG("malloc failed");
+		XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+		return 0;
+	}
+	XMEMSET(*pem, 0, (*plen)+1);
+
+	if (XMEMCPY(*pem, tmp, *plen) == NULL) {
+		WOLFSSL_MSG("malloc failed");
+		XFREE(pem, NULL, DYNAMIC_TYPE_OUT_BUFFER);
+		XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+		return 0;
+	}
+
+	return 1;
+}
+
+int wolfSSL_PEM_write_RSAPrivateKey(FILE *fp, WOLFSSL_RSA *rsa, const EVP_CIPHER *enc,
+									unsigned char *kstr, int klen,
+									pem_password_cb *cb, void *u)
+{
+	(void)enc;
+	(void)kstr;
+	(void)klen;
+	(void)cb;
+	(void)u;
+
+	byte	*pem;
+	int		plen, ret;
+
+	WOLFSSL_MSG("wolfSSL_PEM_write_RSAPrivateKey");
+
+	if (fp == NULL || rsa == NULL || rsa->internal == NULL) {
+		WOLFSSL_MSG("Bad function arguments");
+		return 0;
+	}
+
+	ret = wolfSSL_PEM_write_buf_RSAPrivateKey(rsa, enc, NULL, 0, &pem, &plen);
+	if (ret != 1) {
+		WOLFSSL_MSG("wolfSSL_PEM_write_buf_RSAPrivateKey failed");
+		return 0;
+	}
+
+	ret = (int)XFWRITE(pem, plen, 1, fp);
+	if (ret != 1) {
+		WOLFSSL_MSG("RSA private key file write failed");
+		return 0;
+	}
+
+	XFREE(pem, NULL, DYNAMIC_TYPE_OUT_BUFFER);
+	return 1;
+}
 
 int wolfSSL_PEM_write_bio_RSAPrivateKey(WOLFSSL_BIO* bio, RSA* rsa,
+										const EVP_CIPHER* cipher,
+										unsigned char* passwd, int len,
+										pem_password_cb cb, void* arg)
+{
+	(void)bio;
+	(void)rsa;
+	(void)cipher;
+	(void)passwd;
+	(void)len;
+	(void)cb;
+	(void)arg;
+
+	WOLFSSL_MSG("wolfSSL_PEM_write_bio_RSAPrivateKey not implemented");
+
+	return SSL_FATAL_ERROR;
+}
+#endif /* defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) */
+
+WOLFSSL_API int wolfSSL_PEM_write_bio_ECPrivateKey(WOLFSSL_BIO* bio, WOLFSSL_EC_KEY* ec,
+												   const EVP_CIPHER* cipher,
+												   unsigned char* passwd, int len,
+												   pem_password_cb cb, void* arg)
+{
+	(void)bio;
+	(void)ec;
+	(void)cipher;
+	(void)passwd;
+	(void)len;
+	(void)cb;
+	(void)arg;
+
+	WOLFSSL_MSG("wolfSSL_PEM_write_bio_ECPrivateKey not implemented");
+
+	return SSL_FATAL_ERROR;
+
+}
+
+#ifdef HAVE_ECC
+
+/* EC_POINT Openssl -> WolfSSL */
+static int SetECPointInternal(WOLFSSL_EC_POINT *p)
+{
+	ecc_point* point;
+	WOLFSSL_ENTER("SetECPointInternal");
+
+	if (p == NULL || p->internal == NULL) {
+		WOLFSSL_MSG("ECPoint NULL error");
+		return SSL_FATAL_ERROR;
+	}
+
+	point = (ecc_point*)p->internal;
+
+#ifndef ALT_ECC_SIZE
+	if (p->X != NULL && SetIndividualInternal(p->X, &point->x[0]) < 0) {
+		WOLFSSL_MSG("ecc point X error");
+		return SSL_FATAL_ERROR;
+	}
+
+	if (p->Y != NULL && SetIndividualInternal(p->Y, &point->y[0]) < 0) {
+		WOLFSSL_MSG("ecc point Y error");
+		return SSL_FATAL_ERROR;
+	}
+
+	if (p->Z != NULL && SetIndividualInternal(p->Z, &point->z[0]) < 0) {
+		WOLFSSL_MSG("ecc point Z error");
+		return SSL_FATAL_ERROR;
+	}
+#else
+	if (p->X != NULL && SetIndividualInternal(p->X, &point->x) < 0) {
+		WOLFSSL_MSG("ecc point X error");
+		return SSL_FATAL_ERROR;
+	}
+
+	if (p->Y != NULL && SetIndividualInternal(p->Y, &point->y) < 0) {
+		WOLFSSL_MSG("ecc point Y error");
+		return SSL_FATAL_ERROR;
+	}
+
+	if (p->Z != NULL && SetIndividualInternal(p->Z, &point->z) < 0) {
+		WOLFSSL_MSG("ecc point Z error");
+		return SSL_FATAL_ERROR;
+	}
+#endif
+
+	p->inSet = 1;
+
+	return 0;
+}
+
+/* EC_POINT WolfSSL -> OpenSSL */
+static int SetECPointExternal(WOLFSSL_EC_POINT *p)
+{
+	ecc_point* point;
+
+	WOLFSSL_ENTER("SetECPointExternal");
+
+	if (p == NULL || p->internal == NULL) {
+		WOLFSSL_MSG("ECPoint NULL error");
+		return SSL_FATAL_ERROR;
+	}
+
+	point = (ecc_point*)p->internal;
+
+#ifndef ALT_ECC_SIZE
+	if (SetIndividualExternal(&p->X, &point->x[0]) < 0) {
+		WOLFSSL_MSG("ecc point X error");
+		return SSL_FATAL_ERROR;
+	}
+
+	if (SetIndividualExternal(&p->Y, &point->y[0]) < 0) {
+		WOLFSSL_MSG("ecc point Y error");
+		return SSL_FATAL_ERROR;
+	}
+
+	if (SetIndividualExternal(&p->Z, &point->z[0]) < 0) {
+		WOLFSSL_MSG("ecc point Z error");
+		return SSL_FATAL_ERROR;
+	}
+#else
+	if (SetIndividualExternal(&p->X, &point->x) < 0) {
+		WOLFSSL_MSG("ecc point X error");
+		return SSL_FATAL_ERROR;
+	}
+
+	if (SetIndividualExternal(&p->Y, &point->y) < 0) {
+		WOLFSSL_MSG("ecc point Y error");
+		return SSL_FATAL_ERROR;
+	}
+
+	if (SetIndividualExternal(&p->Z, &point->z) < 0) {
+		WOLFSSL_MSG("ecc point Z error");
+		return SSL_FATAL_ERROR;
+	}
+#endif
+
+	p->exSet = 1;
+
+	return 0;
+}
+
+/* EC_KEY wolfSSL -> OpenSSL */
+static int SetECKeyExternal(WOLFSSL_EC_KEY* eckey)
+{
+	ecc_key* key;
+
+	WOLFSSL_ENTER("SetECKeyExternal");
+
+	if (eckey == NULL || eckey->internal == NULL) {
+		WOLFSSL_MSG("ec key NULL error");
+		return SSL_FATAL_ERROR;
+	}
+
+	key = (ecc_key*)eckey->internal;
+
+	/* set group (nid and idx) */
+	eckey->group->curve_nid = ecc_sets[key->idx].nid;
+	eckey->group->curve_idx = key->idx;
+
+	if (eckey->pub_key->internal != NULL) {
+		/* set the internal public key */
+		if (ecc_copy_point(&key->pubkey, eckey->pub_key->internal) != 1) {
+			WOLFSSL_MSG("SetECKeyExternal ecc_copy_point failed");
+			return SSL_FATAL_ERROR;
+		}
+
+		//eckey->pub_key->internal = (ecc_point*)&(key->pubkey);
+
+		/* set the external pubkey (point) */
+		if (SetECPointExternal(eckey->pub_key) < 0) {
+			WOLFSSL_MSG("SetECKeyExternal SetECPointExternal failed");
+			return SSL_FATAL_ERROR;
+		}
+	}
+
+	/* set the external privkey */
+	if (key->type == ECC_PRIVATEKEY) {
+		if (SetIndividualExternal(&eckey->priv_key, &key->k) < 0) {
+			WOLFSSL_MSG("ec priv key error");
+			return SSL_FATAL_ERROR;
+		}
+	}
+
+	eckey->exSet = 1;
+
+	return SSL_SUCCESS;
+}
+
+/* EC_KEY Openssl -> WolfSSL */
+static int SetECKeyInternal(WOLFSSL_EC_KEY* eckey)
+{
+	ecc_key* key;
+
+	WOLFSSL_ENTER("SetECKeyInternal");
+
+	if (eckey == NULL || eckey->internal == NULL) {
+		WOLFSSL_MSG("ec key NULL error");
+		return SSL_FATAL_ERROR;
+	}
+
+	key = (ecc_key*)eckey->internal;
+
+	/* set group (idx of curve and corresponding domain parameters) */
+	key->idx = eckey->group->curve_idx;
+	key->dp = &ecc_sets[key->idx];
+
+	/* set pubkey (point) */
+	if (eckey->pub_key != NULL && eckey->pub_key->internal != NULL) {
+		if (SetECPointInternal(eckey->pub_key) < 0) {
+			WOLFSSL_MSG("SetECPointInternal failure");
+			return SSL_FATAL_ERROR;
+		}
+	}
+
+	/* set privkey */
+	if (eckey->priv_key != NULL && eckey->priv_key->internal != NULL) {
+		key->type = ECC_PRIVATEKEY;
+
+		if (SetIndividualInternal(eckey->priv_key, &key->k) < 0) {
+			WOLFSSL_MSG("rsa p key error");
+			return SSL_FATAL_ERROR;
+		}
+	}
+	else
+		key->type = ECC_PUBLICKEY;
+
+	eckey->inSet = 1;
+
+	return SSL_SUCCESS;
+}
+
+WOLFSSL_EC_POINT *wolfSSL_EC_KEY_get0_public_key(const WOLFSSL_EC_KEY *key)
+{
+	WOLFSSL_ENTER("wolfSSL_EC_KEY_get0_public_key");
+
+	if (key == NULL) {
+		WOLFSSL_MSG("wolfSSL_EC_KEY_get0_group Bad arguments");
+		return NULL;
+	}
+
+	return key->pub_key;
+}
+
+const WOLFSSL_EC_GROUP *wolfSSL_EC_KEY_get0_group(const WOLFSSL_EC_KEY *key)
+{
+	WOLFSSL_ENTER("wolfSSL_EC_KEY_get0_group");
+
+	if (key == NULL) {
+		WOLFSSL_MSG("wolfSSL_EC_KEY_get0_group Bad arguments");
+		return NULL;
+	}
+
+	return key->group;
+}
+
+int wolfSSL_EC_KEY_set_private_key(WOLFSSL_EC_KEY *key, const WOLFSSL_BIGNUM *priv_key)
+{
+	(void)key;
+	(void)priv_key;
+
+	WOLFSSL_ENTER("wolfSSL_EC_KEY_set_private_key");
+	WOLFSSL_MSG("wolfSSL_EC_KEY_set_private_key TBD");
+
+	return -1;
+}
+
+WOLFSSL_BIGNUM *wolfSSL_EC_KEY_get0_private_key(const WOLFSSL_EC_KEY *key)
+{
+	WOLFSSL_ENTER("wolfSSL_EC_KEY_get0_private_key");
+
+	if (key == NULL) {
+		WOLFSSL_MSG("wolfSSL_EC_KEY_get0_private_key Bad arguments");
+		return NULL;
+	}
+
+	return key->priv_key;
+}
+
+WOLFSSL_EC_KEY *wolfSSL_EC_KEY_new_by_curve_name(int nid)
+{
+	WOLFSSL_EC_KEY *key;
+	int x;
+
+	WOLFSSL_ENTER("wolfSSL_EC_KEY_new_by_curve_name");
+
+	key = wolfSSL_EC_KEY_new();
+	if (key == NULL) {
+		WOLFSSL_MSG("wolfSSL_EC_KEY_new failure");
+		return NULL;
+	}
+
+	/* set the nid of the curve */
+	key->group->curve_nid = nid;
+
+	/* search and set the corresponding internal curve idx */
+	for (x = 0; ecc_sets[x].size != 0; x++)
+		if (ecc_sets[x].nid == key->group->curve_nid) {
+			key->group->curve_idx = x;
+			break;
+		}
+
+	return key;
+}
+
+static void InitwolfSSL_ECKey(WOLFSSL_EC_KEY* key)
+{
+	if (key) {
+		key->group    = NULL;
+		key->pub_key  = NULL;
+		key->priv_key = NULL;
+		key->internal = NULL;
+		key->inSet    = 0;
+		key->exSet    = 0;
+	}
+}
+
+WOLFSSL_EC_KEY *wolfSSL_EC_KEY_new(void)
+{
+	WOLFSSL_EC_KEY *external;
+	ecc_key* key;
+
+	WOLFSSL_ENTER("wolfSSL_EC_KEY_new");
+
+	external = (WOLFSSL_EC_KEY*)XMALLOC(sizeof(WOLFSSL_EC_KEY), NULL, DYNAMIC_TYPE_ECC);
+	if (external == NULL) {
+		WOLFSSL_MSG("wolfSSL_EC_KEY_new malloc WOLFSSL_EC_KEY failure");
+		return NULL;
+	}
+	XMEMSET(external, 0, sizeof(WOLFSSL_EC_KEY));
+
+	InitwolfSSL_ECKey(external);
+
+	external->internal = (ecc_key*)XMALLOC(sizeof(ecc_key), NULL, DYNAMIC_TYPE_ECC);
+	if (external->internal == NULL) {
+		WOLFSSL_MSG("wolfSSL_EC_KEY_new malloc ecc key failure");
+		wolfSSL_EC_KEY_free(external);
+		return NULL;
+	}
+	XMEMSET(external->internal, 0, sizeof(ecc_key));
+
+	wc_ecc_init(external->internal);
+
+	/* public key */
+	external->pub_key = (WOLFSSL_EC_POINT*)XMALLOC(sizeof(WOLFSSL_EC_POINT), NULL, DYNAMIC_TYPE_ECC);
+	if (external->pub_key == NULL) {
+		WOLFSSL_MSG("wolfSSL_EC_KEY_new malloc WOLFSSL_EC_POINT failure");
+		wolfSSL_EC_KEY_free(external);
+		return NULL;
+	}
+	XMEMSET(external->pub_key, 0, sizeof(WOLFSSL_EC_POINT));
+
+	key = external->internal;
+	external->pub_key->internal = (ecc_point*)&key->pubkey;
+
+	/* curve group */
+	external->group = (WOLFSSL_EC_GROUP*)XMALLOC(sizeof(WOLFSSL_EC_GROUP), NULL, DYNAMIC_TYPE_ECC);
+	if (external->group == NULL) {
+		WOLFSSL_MSG("wolfSSL_EC_KEY_new malloc WOLFSSL_EC_GROUP failure");
+		wolfSSL_EC_KEY_free(external);
+		return NULL;
+	}
+	XMEMSET(external->group, 0, sizeof(WOLFSSL_EC_GROUP));
+
+	/* private key */
+	external->priv_key = wolfSSL_BN_new();
+	if (external->priv_key == NULL) {
+		WOLFSSL_MSG("wolfSSL_BN_new failure");
+		wolfSSL_EC_KEY_free(external);
+		return NULL;
+	}
+
+	return external;
+}
+
+void wolfSSL_EC_KEY_free(WOLFSSL_EC_KEY *key)
+{
+	WOLFSSL_ENTER("wolfSSL_EC_KEY_free");
+
+	if (key != NULL) {
+		if (key->internal != NULL) {
+			wc_ecc_free((ecc_key*)key->internal);
+			XFREE(key->internal, NULL, DYNAMIC_TYPE_ECC);
+		}
+		wolfSSL_BN_free(key->priv_key);
+		wolfSSL_EC_POINT_free(key->pub_key);
+		wolfSSL_EC_GROUP_free(key->group);
+		InitwolfSSL_ECKey(key); /* set back to NULLs for safety */
+
+		XFREE(key, NULL, DYNAMIC_TYPE_ECC);
+		key = NULL;
+	}
+}
+
+int wolfSSL_EC_KEY_set_group(WOLFSSL_EC_KEY *key, WOLFSSL_EC_GROUP *group)
+{
+	(void)key;
+	(void)group;
+
+	WOLFSSL_ENTER("wolfSSL_EC_KEY_set_group");
+	WOLFSSL_MSG("wolfSSL_EC_KEY_set_group TBD");
+
+	return -1;
+}
+
+int wolfSSL_EC_KEY_generate_key(WOLFSSL_EC_KEY *key)
+{
+	int    initTmpRng = 0;
+	RNG*   rng = NULL;
+#ifdef WOLFSSL_SMALL_STACK
+	RNG*   tmpRNG = NULL;
+#else
+	RNG    tmpRNG[1];
+#endif
+
+	WOLFSSL_ENTER("wolfSSL_EC_KEY_generate_key");
+
+	if (key == NULL || key->internal == NULL || key->group == NULL || key->group->curve_idx < 0) {
+		WOLFSSL_MSG("wolfSSL_EC_KEY_generate_key Bad arguments");
+		return 0;
+	}
+
+#ifdef WOLFSSL_SMALL_STACK
+	tmpRNG = (RNG*)XMALLOC(sizeof(RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+	if (tmpRNG == NULL)
+		return 0;
+#endif
+
+	if (wc_InitRng(tmpRNG) == 0) {
+		rng = tmpRNG;
+		initTmpRng = 1;
+	}
+	else {
+		WOLFSSL_MSG("Bad RNG Init, trying global");
+		if (initGlobalRNG == 0)
+			WOLFSSL_MSG("Global RNG no Init");
+		else
+			rng = &globalRNG;
+	}
+
+	if (rng == NULL) {
+		WOLFSSL_MSG("wolfSSL_EC_KEY_generate_key failed to set RNG");
+#ifdef WOLFSSL_SMALL_STACK
+		XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+		return 0;
+	}
+
+	if (wc_ecc_make_key(rng, ecc_sets[key->group->curve_idx].size, (ecc_key*)key->internal) != MP_OKAY) {
+		WOLFSSL_MSG("wolfSSL_EC_KEY_generate_key wc_ecc_make_key failed");
+#ifdef WOLFSSL_SMALL_STACK
+		XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+		return 0;
+	}
+
+	if (initTmpRng)
+		wc_FreeRng(tmpRNG);
+#ifdef WOLFSSL_SMALL_STACK
+	XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+
+	if (SetECKeyExternal(key) < 0) {
+		WOLFSSL_MSG("wolfSSL_EC_KEY_generate_key SetECKeyExternal failed");
+		return 0;
+	}
+
+	return 1;
+}
+
+void wolfSSL_EC_KEY_set_asn1_flag(WOLFSSL_EC_KEY *key, int asn1_flag){
+	(void)key;
+	(void)asn1_flag;
+
+	WOLFSSL_ENTER("wolfSSL_EC_KEY_set_asn1_flag");
+	WOLFSSL_MSG("wolfSSL_EC_KEY_set_asn1_flag TBD");
+}
+
+int wolfSSL_EC_KEY_set_public_key(WOLFSSL_EC_KEY *key, const WOLFSSL_EC_POINT *pub)
+{
+	ecc_point *pub_p, *key_p;
+
+	WOLFSSL_ENTER("wolfSSL_EC_KEY_set_public_key");
+
+	if (key == NULL || key->internal == NULL || pub == NULL || pub->internal == NULL) {
+		WOLFSSL_MSG("wolfSSL_EC_GROUP_get_order Bad arguments");
+		return 0;
+	}
+
+	if (key->inSet == 0) {
+		if (SetECKeyInternal(key) < 0) {
+			WOLFSSL_MSG("SetECKeyInternal failed");
+			return 0;
+		}
+	}
+
+	if (pub->inSet == 0) {
+		if (SetECPointInternal((WOLFSSL_EC_POINT *)pub) < 0) {
+			WOLFSSL_MSG("SetECPointInternal failed");
+			return 0;
+		}
+	}
+
+	pub_p = (ecc_point*)pub->internal;
+	key_p = (ecc_point*)key->pub_key->internal;
+
+	/* create new point if required */
+	if (key_p == NULL)
+		key_p = ecc_new_point();
+
+	if (key_p == NULL) {
+		WOLFSSL_MSG("key ecc point NULL");
+		return 0;
+	}
+
+	if (ecc_copy_point(pub_p, key_p) != 1) {
+		WOLFSSL_MSG("ecc_copy_point failure");
+		return 0;
+	}
+
+	if (SetECKeyExternal(key) < 0) {
+		WOLFSSL_MSG("SetECKeyInternal failed");
+		return 0;
+	}
+
+#ifdef DEBUG_WOLFSSL
+	wolfssl_EC_POINT_dump("pub", pub);
+	wolfssl_EC_POINT_dump("key->pub_key", key->pub_key);
+#endif
+	return 1;
+
+}
+/* End EC_KEY */
+
+#ifdef DEBUG_WOLFSSL
+void wolfssl_EC_POINT_dump(const char *msg, const WOLFSSL_EC_POINT *p)
+{
+	char *num;
+
+	WOLFSSL_ENTER("wolfssl_EC_POINT_dump");
+
+	if (p == NULL) {
+		fprintf(stderr, "%s = NULL", msg);
+		return ;
+	}
+
+	fprintf(stderr, "%s:\n\tinSet=%d, exSet=%d\n", msg, p->inSet, p->exSet);
+	num = wolfSSL_BN_bn2hex(p->X);
+	fprintf(stderr, "\tX = %s\n", num);
+	XFREE(num, NULL, DYNAMIC_TYPE_ECC);
+	num = wolfSSL_BN_bn2hex(p->Y);
+	fprintf(stderr, "\tY = %s\n", num);
+	XFREE(num, NULL, DYNAMIC_TYPE_ECC);
+}
+#endif
+
+/* Start EC_GROUP */
+
+/* return 0 if equal, 1 if not and -1 in case of error */
+int wolfSSL_EC_GROUP_cmp(const WOLFSSL_EC_GROUP *a, const WOLFSSL_EC_GROUP *b, WOLFSSL_BN_CTX *ctx)
+{
+	(void)ctx;
+
+	WOLFSSL_ENTER("wolfSSL_EC_GROUP_cmp");
+
+	if (a == NULL || b == NULL) {
+		WOLFSSL_MSG("wolfSSL_EC_GROUP_cmp Bad arguments");
+		return -1;
+	}
+
+	/* ok */
+	if ((a->curve_idx == b->curve_idx) && (a->curve_nid == b->curve_nid))
+		return 0;
+
+	/* ko */
+	return 1;
+}
+
+void wolfSSL_EC_GROUP_free(WOLFSSL_EC_GROUP *group)
+{
+	WOLFSSL_ENTER("wolfSSL_EC_GROUP_free");
+
+	XFREE(group, NULL, DYNAMIC_TYPE_ECC);
+}
+
+void wolfSSL_EC_GROUP_set_asn1_flag(WOLFSSL_EC_GROUP *group, int flag)
+{
+	(void)group;
+	(void)flag;
+
+	WOLFSSL_ENTER("wolfSSL_EC_GROUP_set_asn1_flag");
+	WOLFSSL_MSG("wolfSSL_EC_GROUP_set_asn1_flag TBD");
+}
+
+WOLFSSL_EC_GROUP *wolfSSL_EC_GROUP_new_by_curve_name(int nid)
+{
+	WOLFSSL_EC_GROUP *g;
+	int x;
+
+	WOLFSSL_ENTER("wolfSSL_EC_GROUP_new_by_curve_name");
+
+	/* curve group */
+	g = (WOLFSSL_EC_GROUP*) XMALLOC(sizeof(WOLFSSL_EC_GROUP), NULL, DYNAMIC_TYPE_ECC);
+	if (g == NULL) {
+		WOLFSSL_MSG("wolfSSL_EC_GROUP_new_by_curve_name malloc failure");
+		return NULL;
+	}
+	XMEMSET(g, 0, sizeof(WOLFSSL_EC_GROUP));
+
+	/* set the nid of the curve */
+	g->curve_nid = nid;
+
+	/* search and set the corresponding internal curve idx */
+	for (x = 0; ecc_sets[x].size != 0; x++)
+		if (ecc_sets[x].nid == g->curve_nid) {
+			g->curve_idx = x;
+			break;
+		}
+
+	return g;
+}
+
+int wolfSSL_EC_GROUP_get_curve_name(const WOLFSSL_EC_GROUP *group)
+{
+	WOLFSSL_ENTER("wolfSSL_EC_GROUP_get_curve_name");
+
+	if (group == NULL) {
+		WOLFSSL_MSG("wolfSSL_EC_GROUP_get_curve_name Bad arguments");
+		return -1;
+	}
+
+	return group->curve_nid;
+}
+
+int wolfSSL_EC_GROUP_get_degree(const WOLFSSL_EC_GROUP *group)
+{
+	WOLFSSL_ENTER("wolfSSL_EC_GROUP_get_degree");
+
+	if (group == NULL || group->curve_idx < 0) {
+		WOLFSSL_MSG("wolfSSL_EC_GROUP_get_degree Bad arguments");
+		return 0;
+	}
+
+	switch(group->curve_nid) {
+		case NID_X9_62_prime256v1:
+			return 256;
+			break;
+		case NID_secp384r1:
+			return 384;
+			break;
+		case NID_secp521r1:
+			return 521;
+			break;
+		default :
+			return 0;
+			break;
+	}
+
+	return 0;
+}
+
+int wolfSSL_EC_GROUP_get_order(const WOLFSSL_EC_GROUP *group, WOLFSSL_BIGNUM *order, WOLFSSL_BN_CTX *ctx)
+{
+	(void)ctx;
+
+	if (group == NULL || order == NULL || order->internal == NULL) {
+		WOLFSSL_MSG("wolfSSL_EC_GROUP_get_order NULL error");
+		return SSL_FATAL_ERROR;
+	}
+
+	if (mp_init(order->internal) != MP_OKAY) {
+		WOLFSSL_MSG("wolfSSL_EC_GROUP_get_order mp_init failure");
+		return 0;
+	}
+
+	if (mp_read_radix(order->internal, ecc_sets[group->curve_idx].order, 16) != MP_OKAY) {
+		WOLFSSL_MSG("wolfSSL_EC_GROUP_get_order mp_read order failure");
+		mp_clear(order->internal);
+		return 0;
+	}
+
+	return 1;
+}
+/* End EC_GROUP */
+
+/* Start EC_POINT */
+
+int wolfSSL_ECPoint_i2d(const WOLFSSL_EC_GROUP *group, const WOLFSSL_EC_POINT *p, unsigned char *out, unsigned int *len)
+{
+	int err;
+
+	WOLFSSL_ENTER("wolfSSL_ECPoint_i2d");
+
+	if (group == NULL || p == NULL || len == NULL) {
+		WOLFSSL_MSG("wolfSSL_ECPoint_i2d NULL error");
+		return 0;
+	}
+
+	if (p->inSet == 0) {
+		WOLFSSL_MSG("No ECPoint internal set, do it");
+
+		if (SetECPointInternal((WOLFSSL_EC_POINT *)p) < 0) {
+			WOLFSSL_MSG("SetECPointInternal SetECPointInternal failed");
+			return 0;
+		}
+	}
+
+#ifdef DEBUG_WOLFSSL
+	if (out != NULL)
+		wolfssl_EC_POINT_dump("i2d p", p);
+#endif
+	err = wc_ecc_export_point_der(group->curve_idx, p->internal, out, len);
+	if (err != MP_OKAY && !(out == NULL && err == LENGTH_ONLY_E)) {
+		WOLFSSL_MSG("wolfSSL_ECPoint_i2d wc_ecc_export_point_der failed");
+		return 0;
+	}
+
+	return 1;
+}
+
+int wolfSSL_ECPoint_d2i(unsigned char *in, unsigned int len, const WOLFSSL_EC_GROUP *group, WOLFSSL_EC_POINT *p)
+{
+	WOLFSSL_ENTER("wolfSSL_ECPoint_d2i");
+
+	if (group == NULL || p == NULL || p->internal == NULL || in == NULL) {
+		WOLFSSL_MSG("wolfSSL_ECPoint_d2i NULL error");
+		return 0;
+	}
+
+	if (wc_ecc_import_point_der(in, len, group->curve_idx, p->internal) != MP_OKAY) {
+		WOLFSSL_MSG("wc_ecc_import_point_der failed");
+		return 0;
+	}
+
+	if (p->exSet == 0) {
+		WOLFSSL_MSG("No ECPoint external set, do it");
+
+		if (SetECPointExternal(p) < 0) {
+			WOLFSSL_MSG("SetECPointExternal failed");
+			return 0;
+		}
+	}
+
+#ifdef DEBUG_WOLFSSL
+	wolfssl_EC_POINT_dump("d2i p", p);
+#endif
+	return 1;
+}
+
+WOLFSSL_EC_POINT *wolfSSL_EC_POINT_new(const WOLFSSL_EC_GROUP *group)
+{
+	WOLFSSL_EC_POINT *p;
+
+	WOLFSSL_ENTER("wolfSSL_EC_POINT_new");
+
+	if (group == NULL) {
+		WOLFSSL_MSG("wolfSSL_EC_POINT_new NULL error");
+		return NULL;
+	}
+
+	p = (WOLFSSL_EC_POINT *)XMALLOC(sizeof(WOLFSSL_EC_POINT), NULL, DYNAMIC_TYPE_ECC);
+	if (p == NULL) {
+		WOLFSSL_MSG("wolfSSL_EC_POINT_new malloc ecc point failure");
+		return NULL;
+	}
+	XMEMSET(p, 0, sizeof(WOLFSSL_EC_POINT));
+
+	p->internal = ecc_new_point();
+	if (p->internal == NULL) {
+		WOLFSSL_MSG("ecc_new_point failure");
+		return NULL;
+	}
+/*
+	if (SetECPointExternal(p) < 0) {
+		WOLFSSL_MSG("SetECPointExternal failed");
+		return NULL;
+	}
+*/
+	return p;
+}
+
+int wolfSSL_EC_POINT_get_affine_coordinates_GFp(const WOLFSSL_EC_GROUP *group, const WOLFSSL_EC_POINT *point,
+												WOLFSSL_BIGNUM *x, WOLFSSL_BIGNUM *y, WOLFSSL_BN_CTX *ctx)
+{
+	(void)ctx;
+	//ecc_point *p;
+
+	WOLFSSL_ENTER("wolfSSL_EC_POINT_get_affine_coordinates_GFp");
+
+	if (group == NULL || point == NULL || point->internal == NULL || x == NULL || y == NULL) {
+		WOLFSSL_MSG("wolfSSL_EC_POINT_get_affine_coordinates_GFp NULL error");
+		return 0;
+	}
+
+	if (point->inSet == 0) {
+		WOLFSSL_MSG("No ECPoint internal set, do it");
+
+		if (SetECPointInternal((WOLFSSL_EC_POINT *)point) < 0) {
+			WOLFSSL_MSG("SetECPointInternal failed");
+			return 0;
+		}
+	}
+
+	//p = (ecc_point*)point->internal;
+
+	BN_copy(x, point->X);
+	BN_copy(y, point->Y);
+
+	/*
+	if (mp_copy((mp_int*)p->x, (mp_int*)x->internal) != MP_OKAY) {
+		WOLFSSL_MSG("mp_copy error");
+		return 0;
+	}
+
+	if (mp_copy((mp_int*)p->y, (mp_int*)y->internal) != MP_OKAY) {
+		WOLFSSL_MSG("mp_copy error");
+		return 0;
+	}*/
+
+	return 1;
+}
+
+int wolfSSL_EC_POINT_mul(const WOLFSSL_EC_GROUP *group, WOLFSSL_EC_POINT *r, const WOLFSSL_BIGNUM *n,
+						 const WOLFSSL_EC_POINT *q, const WOLFSSL_BIGNUM *m, WOLFSSL_BN_CTX *ctx)
+{
+	(void)ctx;
+	(void)n;
+
+	mp_int prime;
+
+	WOLFSSL_ENTER("wolfSSL_EC_POINT_mul");
+
+	if (group == NULL || r == NULL || r->internal == NULL || q == NULL || q->internal == NULL || m == NULL) {
+		WOLFSSL_MSG("wolfSSL_EC_POINT_mul NULL error");
+		return 0;
+	}
+
+	if (q->inSet == 0) {
+		WOLFSSL_MSG("No ECPoint internal set, do it");
+
+		if (SetECPointInternal((WOLFSSL_EC_POINT *)q) < 0) {
+			WOLFSSL_MSG("SetECPointInternal failed");
+			return 0;
+		}
+	}
+
+	/* compute the prime value of the curve */
+	if (mp_init(&prime) != MP_OKAY) {
+		WOLFSSL_MSG("wolfSSL_EC_POINT_mul init BN failed");
+		return 0;
+	}
+
+	if (mp_read_radix(&prime, ecc_sets[group->curve_idx].prime, 16) != MP_OKAY) {
+		WOLFSSL_MSG("wolfSSL_EC_POINT_mul read prime curve value failed");
+		return 0;
+	}
+
+	/* r = q * m % prime */
+	if (ecc_mulmod((mp_int*)m->internal, (ecc_point*)q->internal, (ecc_point*)r->internal, &prime, 1) != MP_OKAY) {
+		WOLFSSL_MSG("ecc_mulmod failure");
+		mp_clear(&prime);
+		return 0;
+	}
+
+	mp_clear(&prime);
+
+	/* set the external value for the computed point */
+	if (SetECPointInternal(r) < 0) {
+		WOLFSSL_MSG("SetECPointInternal failed");
+		return 0;
+	}
+
+	return 1;
+}
+
+void wolfSSL_EC_POINT_clear_free(WOLFSSL_EC_POINT *p)
+{
+	WOLFSSL_ENTER("wolfSSL_EC_POINT_clear_free");
+
+	return wolfSSL_EC_POINT_free(p);
+}
+
+/* return 0 if equal, 1 if not and -1 in case of error */
+int wolfSSL_EC_POINT_cmp(const WOLFSSL_EC_GROUP *group, const WOLFSSL_EC_POINT *a,
+						 const WOLFSSL_EC_POINT *b, WOLFSSL_BN_CTX *ctx)
+{
+	(void)ctx;
+
+	WOLFSSL_ENTER("wolfSSL_EC_POINT_cmp");
+
+	if (group == NULL || a == NULL || a->internal == NULL || b == NULL || b->internal == NULL) {
+		WOLFSSL_MSG("wolfSSL_EC_POINT_cmp Bad arguments");
+		return -1;
+	}
+
+	return ecc_cmp_point((ecc_point*)a->internal, (ecc_point*)b->internal);
+}
+
+void wolfSSL_EC_POINT_free(WOLFSSL_EC_POINT *p)
+{
+	WOLFSSL_ENTER("wolfSSL_EC_POINT_free");
+
+	if (p != NULL) {
+		if (p->internal == NULL) {
+			ecc_del_point((ecc_point*)p->internal);
+			XFREE(p->internal, NULL, DYNAMIC_TYPE_ECC);
+			p->internal = NULL;
+		}
+
+		wolfSSL_BN_free(p->X);
+		wolfSSL_BN_free(p->Y);
+		wolfSSL_BN_free(p->Z);
+		p->X = NULL;
+		p->Y = NULL;
+		p->Z = NULL;
+		p->inSet = p->exSet = 0;
+
+		XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+		p = NULL;
+	}
+}
+
+
+int wolfSSL_EC_POINT_is_at_infinity(const WOLFSSL_EC_GROUP *group, const WOLFSSL_EC_POINT *point)
+{
+	int ret;
+
+	WOLFSSL_ENTER("wolfSSL_EC_POINT_is_at_infinity");
+
+	if (group == NULL || point == NULL || point->internal == NULL) {
+		WOLFSSL_MSG("wolfSSL_EC_POINT_is_at_infinity NULL error");
+		return -1;
+	}
+	if (point->inSet == 0) {
+		WOLFSSL_MSG("No ECPoint internal set, do it");
+
+		if (SetECPointInternal((WOLFSSL_EC_POINT *)point) < 0) {
+			WOLFSSL_MSG("SetECPointInternal failed");
+			return -1;
+		}
+	}
+
+	ret = ecc_point_is_at_infinity(point->internal);
+	if (ret < 0) {
+		WOLFSSL_MSG("ecc_point_is_at_infinity failure");
+		return -1;
+	}
+
+	return ret;
+}
+
+/* End EC_POINT */
+
+/* Start ECDSA_SIG */
+void wolfSSL_ECDSA_SIG_free(WOLFSSL_ECDSA_SIG *sig)
+{
+	WOLFSSL_ENTER("wolfSSL_ECDSA_SIG_free");
+
+	if (sig) {
+		wolfSSL_BN_free(sig->r);
+		wolfSSL_BN_free(sig->s);
+
+		XFREE(sig, NULL, DYNAMIC_TYPE_ECC);
+	}
+}
+
+WOLFSSL_ECDSA_SIG *wolfSSL_ECDSA_SIG_new(void)
+{
+	WOLFSSL_ECDSA_SIG *sig;
+
+	WOLFSSL_ENTER("wolfSSL_ECDSA_SIG_new");
+
+	sig = (WOLFSSL_ECDSA_SIG*) XMALLOC(sizeof(WOLFSSL_ECDSA_SIG), NULL, DYNAMIC_TYPE_ECC);
+	if (sig == NULL) {
+		WOLFSSL_MSG("wolfSSL_ECDSA_SIG_new malloc ECDSA signature failure");
+		return NULL;
+	}
+
+	sig->r = wolfSSL_BN_new();
+	if (sig->r == NULL) {
+		WOLFSSL_MSG("wolfSSL_ECDSA_SIG_new malloc ECDSA r failure");
+		wolfSSL_ECDSA_SIG_free(sig);
+		return NULL;
+	}
+
+	sig->s = wolfSSL_BN_new();
+	if (sig->s == NULL) {
+		WOLFSSL_MSG("wolfSSL_ECDSA_SIG_new malloc ECDSA s failure");
+		wolfSSL_ECDSA_SIG_free(sig);
+		return NULL;
+	}
+
+	return sig;
+}
+
+/* return signature structure on success, NULL otherwise */
+WOLFSSL_ECDSA_SIG *wolfSSL_ECDSA_do_sign(const unsigned char *d, int dlen, WOLFSSL_EC_KEY *key)
+{
+	WOLFSSL_ECDSA_SIG *sig = NULL;
+	int    initTmpRng = 0;
+	RNG*   rng = NULL;
+#ifdef WOLFSSL_SMALL_STACK
+	RNG*   tmpRNG = NULL;
+#else
+	RNG    tmpRNG[1];
+#endif
+
+	WOLFSSL_ENTER("wolfSSL_ECDSA_do_sign");
+
+	if (d == NULL || key == NULL || key->internal == NULL) {
+		WOLFSSL_MSG("wolfSSL_ECDSA_do_sign Bad arguments");
+		return NULL;
+	}
+
+	/* set internal key if not done */
+	if (key->inSet == 0)
+	{
+		WOLFSSL_MSG("wolfSSL_ECDSA_do_sign No EC key internal set, do it");
+
+		if (SetECKeyInternal(key) < 0) {
+			WOLFSSL_MSG("wolfSSL_ECDSA_do_sign SetECKeyInternal failed");
+			return NULL;
+		}
+	}
+
+#ifdef WOLFSSL_SMALL_STACK
+	tmpRNG = (RNG*)XMALLOC(sizeof(RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+	if (tmpRNG == NULL)
+		return NULL;
+#endif
+
+	if (wc_InitRng(tmpRNG) == 0) {
+		rng = tmpRNG;
+		initTmpRng = 1;
+	}
+	else {
+		WOLFSSL_MSG("wolfSSL_ECDSA_do_sign Bad RNG Init, trying global");
+		if (initGlobalRNG == 0)
+			WOLFSSL_MSG("wolfSSL_ECDSA_do_sign Global RNG no Init");
+		else
+			rng = &globalRNG;
+	}
+
+	if (rng) {
+		mp_int sig_r, sig_s;
+
+		if (mp_init_multi(&sig_r, &sig_s, NULL, NULL, NULL, NULL) == MP_OKAY) {
+			if (wc_ecc_sign_hash_ex(d, dlen, rng, (ecc_key*)key->internal, &sig_r, &sig_s) != MP_OKAY)
+				WOLFSSL_MSG("wc_ecc_sign_hash_ex failed");
+			else {
+				/* put signature blob in ECDSA structure */
+				sig = wolfSSL_ECDSA_SIG_new();
+				if (sig == NULL)
+					WOLFSSL_MSG("wolfSSL_ECDSA_SIG_new failed");
+				else if (SetIndividualExternal(&(sig->r), &sig_r) < 0) {
+					WOLFSSL_MSG("ecdsa r key error");
+					wolfSSL_ECDSA_SIG_free(sig);
+				}
+				else if (SetIndividualExternal(&(sig->s), &sig_s) < 0) {
+					WOLFSSL_MSG("ecdsa s key error");
+					wolfSSL_ECDSA_SIG_free(sig);
+				}
+
+				mp_clear(&sig_r);
+				mp_clear(&sig_s);
+			}
+		}
+	}
+
+	if (initTmpRng)
+		wc_FreeRng(tmpRNG);
+#ifdef WOLFSSL_SMALL_STACK
+	XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+
+	return sig;
+}
+
+int wolfSSL_ECDSA_do_verify(const unsigned char *d, int dlen, const WOLFSSL_ECDSA_SIG *sig, WOLFSSL_EC_KEY *key)
+{
+	int check_sign = 0;
+
+	WOLFSSL_ENTER("wolfSSL_ECDSA_do_verify");
+
+	if (d == NULL || sig == NULL || key == NULL || key->internal == NULL) {
+		WOLFSSL_MSG("wolfSSL_ECDSA_do_verify Bad arguments");
+		return -1;
+	}
+
+	/* set internal key if not done */
+	if (key->inSet == 0)
+	{
+		WOLFSSL_MSG("No EC key internal set, do it");
+
+		if (SetECKeyInternal(key) < 0) {
+			WOLFSSL_MSG("SetECKeyInternal failed");
+			return -1;
+		}
+	}
+
+	if (wc_ecc_verify_hash_ex((mp_int*)sig->r->internal, (mp_int*)sig->s->internal, d, dlen,
+							  &check_sign, (ecc_key *)key->internal) != MP_OKAY) {
+		WOLFSSL_MSG("wc_ecc_verify_hash failed");
+		return -1;
+	}
+	else if (check_sign == 0) {
+		WOLFSSL_MSG("wc_ecc_verify_hash incorrect signature detected");
+		return 0;
+	}
+
+	return 1;
+}
+/* End ECDSA_SIG */
+
+/* Start ECDH */
+int wolfSSL_ECDH_compute_key(void *out, size_t outlen, const WOLFSSL_EC_POINT *pub_key,
+							 WOLFSSL_EC_KEY *ecdh, void *(*KDF) (const void *in, size_t inlen, void *out, size_t *outlen))
+{
+	(void)KDF;
+	word32 len;
+
+	WOLFSSL_ENTER("wolfSSL_ECDH_compute_key");
+
+	if (out == NULL || pub_key == NULL || pub_key->internal == NULL || ecdh == NULL || ecdh->internal == NULL) {
+		WOLFSSL_MSG("Bad function arguments");
+		return 0;
+	}
+
+	/* set internal key if not done */
+	if (ecdh->inSet == 0)
+	{
+		WOLFSSL_MSG("No EC key internal set, do it");
+
+		if (SetECKeyInternal(ecdh) < 0) {
+			WOLFSSL_MSG("SetECKeyInternal failed");
+			return 0;
+		}
+	}
+
+	len = (word32)outlen;
+
+	if (wc_ecc_shared_secret_ssh((ecc_key*)ecdh->internal, (ecc_point*)pub_key->internal, (byte *)out, &len) != MP_OKAY) {
+		WOLFSSL_MSG("wc_ecc_shared_secret failed");
+		return 0;
+	}
+
+	return len;
+}
+
+/* End ECDH */
+
+int wolfSSL_PEM_write_EC_PUBKEY(FILE *fp, WOLFSSL_EC_KEY *x)
+{
+	(void)fp;
+	(void)x;
+
+	WOLFSSL_MSG("wolfSSL_PEM_write_EC_PUBKEY not implemented");
+
+	return -1;
+}
+
+
+#endif /* HAVE_ECC */
+
+
+#ifndef NO_DSA
+
+int wolfSSL_PEM_write_bio_DSAPrivateKey(WOLFSSL_BIO* bio, DSA* dsa,
                                   const EVP_CIPHER* cipher,
                                   unsigned char* passwd, int len,
                                   pem_password_cb cb, void* arg)
 {
     (void)bio;
-    (void)rsa;
+    (void)dsa;
     (void)cipher;
     (void)passwd;
     (void)len;
     (void)cb;
     (void)arg;
 
-    WOLFSSL_MSG("wolfSSL_PEM_write_bio_RSAPrivateKey");
+    WOLFSSL_MSG("wolfSSL_PEM_write_bio_DSAPrivateKey not implemented");
 
     return SSL_FATAL_ERROR;
 }
 
 
-
-int wolfSSL_PEM_write_bio_DSAPrivateKey(WOLFSSL_BIO* bio, DSA* rsa,
-                                  const EVP_CIPHER* cipher,
-                                  unsigned char* passwd, int len,
-                                  pem_password_cb cb, void* arg)
+int wolfSSL_PEM_write_DSAPrivateKey(FILE *fp, WOLFSSL_DSA *dsa, const EVP_CIPHER *enc,
+									unsigned char *kstr, int klen,
+									pem_password_cb *cb, void *u)
 {
-    (void)bio;
-    (void)rsa;
-    (void)cipher;
-    (void)passwd;
-    (void)len;
-    (void)cb;
-    (void)arg;
+	(void)enc;
+	(void)kstr;
+	(void)klen;
+	(void)cb;
+	(void)u;
 
-    WOLFSSL_MSG("wolfSSL_PEM_write_bio_DSAPrivateKey");
+	byte *der, *pem;
+	int	derSz = 0, pemSz = 0;
 
-    return SSL_FATAL_ERROR;
+
+	WOLFSSL_MSG("wolfSSL_PEM_write_DSAPrivateKey");
+
+	if (fp == NULL || dsa == NULL || dsa->internal == NULL || kstr == NULL || klen <= 0) {
+		WOLFSSL_MSG("Bad function arguments");
+		return 0;
+	}
+
+	if (dsa->inSet == 0) {
+		WOLFSSL_MSG("No RSA internal set, do it");
+
+		if (SetDsaInternal(dsa) < 0) {
+			WOLFSSL_MSG("SetDsaInternal failed");
+			return 0;
+		}
+	}
+
+	der = (byte*)XMALLOC(klen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+	if (der == NULL) {
+		WOLFSSL_MSG("malloc failed");
+		return 0;
+	}
+
+	/* Key to DER */
+	derSz = wc_DsaKeyToDer(dsa->internal, der, klen);
+	if (derSz < 0) {
+		XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+		return 0;
+	}
+
+	pemSz = (derSz * 4)/3 + 8;
+	pem = (byte*)XMALLOC(pemSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+	if (der == NULL) {
+		WOLFSSL_MSG("malloc failed");
+		return 0;
+	}
+
+	/* DER to PEM */
+	pemSz = wc_DerToPem(der, derSz, pem, pemSz, PRIVATEKEY_TYPE);
+	if (pemSz <= 0) {
+		XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+		return 0;
+	}
+	XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+
+	fwrite(pem, 1, pemSz, fp);
+
+	XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+	return 1;
 }
 
+int wolfSSL_PEM_write_DSA_PUBKEY(FILE *fp, WOLFSSL_DSA *x)
+{
+	(void)fp;
+	(void)x;
 
+	WOLFSSL_MSG("wolfSSL_PEM_write_DSA_PUBKEY not implemented");
+
+	return -1;
+}
+
+#endif /* #ifndef NO_DSA */
 
 WOLFSSL_EVP_PKEY* wolfSSL_PEM_read_bio_PrivateKey(WOLFSSL_BIO* bio,
                     WOLFSSL_EVP_PKEY** key, pem_password_cb cb, void* arg)
@@ -12564,14 +14432,90 @@ WOLFSSL_EVP_PKEY* wolfSSL_PEM_read_bio_PrivateKey(WOLFSSL_BIO* bio,
     (void)cb;
     (void)arg;
 
-    WOLFSSL_MSG("wolfSSL_PEM_read_bio_PrivateKey");
+    WOLFSSL_MSG("wolfSSL_PEM_read_bio_PrivateKey not implemented");
 
     return NULL;
 }
 
 
+int wolfSSL_EVP_PKEY_type(int type)
+{
+	(void)type;
+
+	WOLFSSL_MSG("wolfSSL_EVP_PKEY_type not implemented");
+
+	return -1;
+}
+
+
+WOLFSSL_EVP_PKEY *wolfSSL_PEM_read_PUBKEY(FILE *fp, EVP_PKEY **x,
+													  pem_password_cb *cb, void *u)
+{
+	(void)fp;
+	(void)x;
+	(void)cb;
+	(void)u;
+
+	WOLFSSL_MSG("wolfSSL_PEM_read_PUBKEY not implemented");
+
+	return NULL;
+}
+
+
+int wolfSSL_PEM_write_ECPrivateKey(FILE *fp, WOLFSSL_EC_KEY *key, const EVP_CIPHER *enc,
+														unsigned char *kstr, int klen,
+														pem_password_cb *cb, void *u)
+{
+	(void)fp;
+	(void)key;
+	(void)enc;
+	(void)kstr;
+	(void)klen;
+	(void)cb;
+	(void)u;
+
+	WOLFSSL_MSG("wolfSSL_PEM_write_ECPrivateKey not implemented");
+
+	return -1;
+}
 
 #ifndef NO_RSA
+
+WOLFSSL_RSA *wolfSSL_PEM_read_RSAPublicKey(FILE *fp, WOLFSSL_RSA **x,
+										   pem_password_cb *cb, void *u)
+{
+	(void)fp;
+	(void)x;
+	(void)cb;
+	(void)u;
+
+	WOLFSSL_MSG("wolfSSL_PEM_read_RSAPublicKey not implemented");
+
+	return NULL;
+}
+
+
+int wolfSSL_PEM_write_RSAPublicKey(FILE *fp, WOLFSSL_RSA *x)
+{
+	(void)fp;
+	(void)x;
+
+	WOLFSSL_MSG("wolfSSL_PEM_write_RSAPublicKey not implemented");
+
+	return -1;
+}
+
+
+int wolfSSL_PEM_write_RSA_PUBKEY(FILE *fp, WOLFSSL_RSA *x)
+{
+	(void)fp;
+	(void)x;
+
+	WOLFSSL_MSG("wolfSSL_PEM_write_RSA_PUBKEY not implemented");
+
+	return -1;
+}
+
 /* Load RSA from Der, SSL_SUCCESS on success < 0 on error */
 int wolfSSL_RSA_LoadDer(WOLFSSL_RSA* rsa, const unsigned char* der,  int derSz)
 {
@@ -12634,8 +14578,36 @@ int wolfSSL_DSA_LoadDer(WOLFSSL_DSA* dsa, const unsigned char* der,  int derSz)
 }
 #endif /* NO_DSA */
 
+#ifdef HAVE_ECC
+/* Load EC KEY from Der, SSL_SUCCESS on success < 0 on error */
+int wolfSSL_EC_KEY_LoadDer(WOLFSSL_EC_KEY* key, const unsigned char* der,  int derSz)
+{
+	word32 idx = 0;
+	int    ret;
 
+	WOLFSSL_ENTER("wolfSSL_EC_KEY_LoadDer");
 
+	if (key == NULL || key->internal == NULL || der == NULL || derSz <= 0) {
+		WOLFSSL_MSG("Bad function arguments");
+		return BAD_FUNC_ARG;
+	}
+
+	ret = wc_EccPrivateKeyDecode(der, &idx, (ecc_key*)key->internal, derSz);
+	if (ret < 0) {
+		WOLFSSL_MSG("wc_EccPrivateKeyDecode failed");
+		return ret;
+	}
+
+	if (SetECKeyExternal(key) < 0) {
+		WOLFSSL_MSG("SetECKeyExternal failed");
+		return SSL_FATAL_ERROR;
+	}
+
+	key->inSet = 1;
+
+	return SSL_SUCCESS;
+}
+#endif /* HAVE_ECC */
 
 #endif /* OPENSSL_EXTRA */
 
diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
index e3d9ff44b..c8b545a83 100644
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -1413,6 +1413,110 @@ int DsaPrivateKeyDecode(const byte* input, word32* inOutIdx, DsaKey* key,
     return 0;
 }
 
+static mp_int* GetDsaInt(DsaKey* key, int idx)
+{
+	if (idx == 0)
+		return &key->p;
+	if (idx == 1)
+		return &key->q;
+	if (idx == 2)
+		return &key->g;
+	if (idx == 3)
+		return &key->x;
+	if (idx == 4)
+		return &key->y;
+
+	return NULL;
+}
+
+/* Release Tmp DSA resources */
+static INLINE void FreeTmpDsas(byte** tmps)
+{
+	int i;
+
+	for (i = 0; i < DSA_INTS; i++)
+		XFREE(tmps[i], NULL, DYNAMIC_TYPE_DSA);
+}
+
+/* Convert DsaKey key to DER format, write to output (inLen), return bytes
+ written */
+int wc_DsaKeyToDer(DsaKey* key, byte* output, word32 inLen)
+{
+	word32 seqSz, verSz, rawLen, intTotalLen = 0;
+	word32 sizes[DSA_INTS];
+	int    i, j, outLen, ret = 0;
+
+	byte  seq[MAX_SEQ_SZ];
+	byte  ver[MAX_VERSION_SZ];
+	byte* tmps[DSA_INTS];
+
+	if (!key || !output)
+		return BAD_FUNC_ARG;
+
+	if (key->type != DSA_PRIVATE)
+		return BAD_FUNC_ARG;
+
+	for (i = 0; i < DSA_INTS; i++)
+		tmps[i] = NULL;
+
+	/* write all big ints from key to DER tmps */
+	for (i = 0; i < DSA_INTS; i++) {
+		mp_int* keyInt = GetDsaInt(key, i);
+		rawLen = mp_unsigned_bin_size(keyInt);
+		tmps[i] = (byte*)XMALLOC(rawLen + MAX_SEQ_SZ, NULL, DYNAMIC_TYPE_DSA);
+		if (tmps[i] == NULL) {
+			ret = MEMORY_E;
+			break;
+		}
+
+		tmps[i][0] = ASN_INTEGER;
+		sizes[i] = SetLength(rawLen, tmps[i] + 1) + 1;  /* int tag */
+
+		if (sizes[i] <= MAX_SEQ_SZ) {
+			int err = mp_to_unsigned_bin(keyInt, tmps[i] + sizes[i]);
+			if (err == MP_OKAY) {
+				sizes[i] += rawLen;
+				intTotalLen += sizes[i];
+			}
+			else {
+				ret = err;
+				break;
+			}
+		}
+		else {
+			ret = ASN_INPUT_E;
+			break;
+		}
+	}
+
+	if (ret != 0) {
+		FreeTmpDsas(tmps);
+		return ret;
+	}
+
+	/* make headers */
+	verSz = SetMyVersion(0, ver, FALSE);
+	seqSz = SetSequence(verSz + intTotalLen, seq);
+
+	outLen = seqSz + verSz + intTotalLen;
+	if (outLen > (int)inLen)
+		return BAD_FUNC_ARG;
+
+	/* write to output */
+	XMEMCPY(output, seq, seqSz);
+	j = seqSz;
+	XMEMCPY(output + j, ver, verSz);
+	j += verSz;
+
+	for (i = 0; i < DSA_INTS; i++) {
+		XMEMCPY(output + j, tmps[i], sizes[i]);
+		j += sizes[i];
+	}
+	FreeTmpDsas(tmps);
+
+	return outLen;
+}
+
 #endif /* NO_DSA */
 
 
@@ -6609,8 +6713,8 @@ int wc_EccPrivateKeyDecode(const byte* input, word32* inOutIdx, ecc_key* key,
     byte* priv;
     byte* pub;
 #else
-    byte priv[ECC_MAXSIZE];
-    byte pub[ECC_MAXSIZE * 2 + 1]; /* public key has two parts plus header */
+    byte priv[ECC_MAXSIZE+1];
+    byte pub[2*(ECC_MAXSIZE+1)]; /* public key has two parts plus header */
 #endif
 
     if (input == NULL || inOutIdx == NULL || key == NULL || inSz == 0)
@@ -6636,11 +6740,11 @@ int wc_EccPrivateKeyDecode(const byte* input, word32* inOutIdx, ecc_key* key,
         return BUFFER_E;
 
 #ifdef WOLFSSL_SMALL_STACK
-    priv = (byte*)XMALLOC(ECC_MAXSIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    priv = (byte*)XMALLOC(ECC_MAXSIZE+1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     if (priv == NULL)
         return MEMORY_E;
     
-    pub = (byte*)XMALLOC(ECC_MAXSIZE * 2 + 1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    pub = (byte*)XMALLOC(2*(ECC_MAXSIZE+1), NULL, DYNAMIC_TYPE_TMP_BUFFER);
     if (pub == NULL) {
         XFREE(priv, NULL, DYNAMIC_TYPE_TMP_BUFFER);
         return MEMORY_E;
@@ -6713,7 +6817,7 @@ int wc_EccPrivateKeyDecode(const byte* input, word32* inOutIdx, ecc_key* key,
                 else {
                     /* pub key */
                     pubSz = length - 1;  /* null prefix */
-                    if (pubSz < (ECC_MAXSIZE*2 + 1)) {
+                    if (pubSz < 2*(ECC_MAXSIZE+1)) {
                         XMEMCPY(pub, &input[*inOutIdx], pubSz);
                         *inOutIdx += length;
                         ret = wc_ecc_import_private_key(priv, privSz, pub, pubSz,
diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c
index 897d46adf..738fea3b8 100644
--- a/wolfcrypt/src/ecc.c
+++ b/wolfcrypt/src/ecc.c
@@ -30,6 +30,7 @@
 #ifdef HAVE_ECC
 
 #include <wolfssl/wolfcrypt/ecc.h>
+#include <wolfssl/openssl/ec.h>
 #include <wolfssl/wolfcrypt/asn.h>
 #include <wolfssl/wolfcrypt/error-crypt.h>
 
@@ -86,6 +87,7 @@ const ecc_set_type ecc_sets[] = {
 #ifdef ECC112
 {
         14,
+		NID_secp111r1,
         "SECP112R1",
         "DB7C2ABF62E35E668076BEAD208B",
         "DB7C2ABF62E35E668076BEAD2088",
@@ -98,6 +100,7 @@ const ecc_set_type ecc_sets[] = {
 #ifdef ECC128
 {
         16,
+		NID_secp128r1,
         "SECP128R1",
         "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF",
         "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFC",
@@ -110,6 +113,7 @@ const ecc_set_type ecc_sets[] = {
 #ifdef ECC160
 {
         20,
+		NID_secp160r1,
         "SECP160R1",
         "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF",
         "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFC",
@@ -122,6 +126,7 @@ const ecc_set_type ecc_sets[] = {
 #ifdef ECC192
 {
         24,
+		NID_cert192,
         "ECC-192",
         "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF",
         "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC",
@@ -134,6 +139,7 @@ const ecc_set_type ecc_sets[] = {
 #ifdef ECC224
 {
         28,
+		NID_cert224,
         "ECC-224",
         "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001",
         "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE",
@@ -146,7 +152,8 @@ const ecc_set_type ecc_sets[] = {
 #ifdef ECC256
 {
         32,
-        "ECC-256",
+		NID_X9_62_prime256v1,
+        "nistp256",
         "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF",
         "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC",
         "5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B",
@@ -158,7 +165,8 @@ const ecc_set_type ecc_sets[] = {
 #ifdef ECC384
 {
         48,
-        "ECC-384",
+		NID_secp384r1,
+        "nistp384",
         "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFF",
         "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFC",
         "B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141120314088F5013875AC656398D8A2ED19D2A85C8EDD3EC2AEF",
@@ -170,7 +178,8 @@ const ecc_set_type ecc_sets[] = {
 #ifdef ECC521
 {
         66,
-        "ECC-521",
+		NID_secp521r1,
+        "nistp521",
         "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF",
         "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC",
         "51953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B315F3B8B489918EF109E156193951EC7E937B1652C0BD3BB1BF073573DF883D2C34F1EF451FD46B503F00",
@@ -180,21 +189,17 @@ const ecc_set_type ecc_sets[] = {
 },
 #endif
 {
-   0,
+   0, -1,
    NULL, NULL, NULL, NULL, NULL, NULL, NULL
 }
 };
 
 
-ecc_point* ecc_new_point(void);
-void ecc_del_point(ecc_point* p);
 int  ecc_map(ecc_point*, mp_int*, mp_digit*);
 int  ecc_projective_add_point(ecc_point* P, ecc_point* Q, ecc_point* R,
                               mp_int* modulus, mp_digit* mp);
 int  ecc_projective_dbl_point(ecc_point* P, ecc_point* R, mp_int* modulus,
                               mp_digit* mp);
-static int ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R, mp_int* modulus,
-                      int map);
 static int ecc_check_pubkey_order(ecc_key* key, mp_int* prime, mp_int* order);
 #ifdef ECC_SHAMIR
 static int ecc_mul2add(ecc_point* A, mp_int* kA, ecc_point* B, mp_int* kB,
@@ -256,7 +261,7 @@ int ecc_projective_add_point(ecc_point *P, ecc_point *Q, ecc_point *R,
 
    /* should we dbl instead? */
    fp_sub(modulus, Q->y, &t1);
-   if ( (fp_cmp(P->x, Q->x) == FP_EQ) && 
+   if ( (fp_cmp(P->x, Q->x) == FP_EQ) &&
         (get_digit_count(Q->z) && fp_cmp(P->z, Q->z) == FP_EQ) &&
         (fp_cmp(P->y, Q->y) == FP_EQ || fp_cmp(P->y, &t1) == FP_EQ)) {
         return ecc_projective_dbl_point(P, R, modulus, mp);
@@ -349,7 +354,7 @@ int ecc_projective_add_point(ecc_point *P, ecc_point *Q, ecc_point *R,
    /* T1 = T1 * X  */
    fp_mul(&t1, &x, &t1);
    fp_montgomery_reduce(&t1, modulus, *mp);
- 
+
    /* X = Y*Y */
    fp_sqr(&y, &x);
    fp_montgomery_reduce(&x, modulus, *mp);
@@ -363,7 +368,7 @@ int ecc_projective_add_point(ecc_point *P, ecc_point *Q, ecc_point *R,
    fp_sub(&t2, &x, &t2);
    if (fp_cmp_d(&t2, 0) == FP_LT) {
       fp_add(&t2, modulus, &t2);
-   } 
+   }
    /* T2 = T2 - X */
    fp_sub(&t2, &x, &t2);
    if (fp_cmp_d(&t2, 0) == FP_LT) {
@@ -386,7 +391,7 @@ int ecc_projective_add_point(ecc_point *P, ecc_point *Q, ecc_point *R,
    fp_copy(&x, R->x);
    fp_copy(&y, R->y);
    fp_copy(&z, R->z);
-   
+
    return MP_OKAY;
 }
 
@@ -429,7 +434,7 @@ int ecc_projective_dbl_point(ecc_point *P, ecc_point *R, mp_int* modulus,
    if (fp_cmp(R->z, modulus) != FP_LT) {
       fp_sub(R->z, modulus, R->z);
    }
-   
+
    /* &t2 = X - T1 */
    fp_sub(R->x, &t1, &t2);
    if (fp_cmp_d(&t2, 0) == FP_LT) {
@@ -488,7 +493,7 @@ int ecc_projective_dbl_point(ecc_point *P, ecc_point *R, mp_int* modulus,
       fp_add(R->x, modulus, R->x);
    }
 
-   /* Y = Y - X */     
+   /* Y = Y - X */
    fp_sub(R->y, R->x, R->y);
    if (fp_cmp_d(R->y, 0) == FP_LT) {
       fp_add(R->y, modulus, R->y);
@@ -501,7 +506,7 @@ int ecc_projective_dbl_point(ecc_point *P, ecc_point *R, mp_int* modulus,
    if (fp_cmp_d(R->y, 0) == FP_LT) {
       fp_add(R->y, modulus, R->y);
    }
- 
+
    return MP_OKAY;
 }
 
@@ -532,12 +537,12 @@ int ecc_projective_add_point(ecc_point* P, ecc_point* Q, ecc_point* R,
    if ((err = mp_init_multi(&t1, &t2, &x, &y, &z, NULL)) != MP_OKAY) {
       return err;
    }
-   
+
    /* should we dbl instead? */
    err = mp_sub(modulus, Q->y, &t1);
 
    if (err == MP_OKAY) {
-       if ( (mp_cmp(P->x, Q->x) == MP_EQ) && 
+       if ( (mp_cmp(P->x, Q->x) == MP_EQ) &&
             (get_digit_count(Q->z) && mp_cmp(P->z, Q->z) == MP_EQ) &&
             (mp_cmp(P->y, Q->y) == MP_EQ || mp_cmp(P->y, &t1) == MP_EQ)) {
                 mp_clear(&t1);
@@ -678,7 +683,7 @@ int ecc_projective_add_point(ecc_point* P, ecc_point* Q, ecc_point* R,
        err = mp_sqr(&x, &x);
    if (err == MP_OKAY)
        err = mp_montgomery_reduce(&x, modulus, *mp);
-   
+
    /* T2 = T2 * x */
    if (err == MP_OKAY)
        err = mp_mul(&t2, &x, &t2);
@@ -690,7 +695,7 @@ int ecc_projective_add_point(ecc_point* P, ecc_point* Q, ecc_point* R,
        err = mp_mul(&t1, &x, &t1);
    if (err == MP_OKAY)
        err = mp_montgomery_reduce(&t1, modulus, *mp);
- 
+
    /* X = Y*Y */
    if (err == MP_OKAY)
        err = mp_sqr(&y, &x);
@@ -710,7 +715,7 @@ int ecc_projective_add_point(ecc_point* P, ecc_point* Q, ecc_point* R,
    if (err == MP_OKAY) {
        if (mp_cmp_d(&t2, 0) == MP_LT)
            err = mp_add(&t2, modulus, &t2);
-   } 
+   }
    /* T2 = T2 - X */
    if (err == MP_OKAY)
        err = mp_sub(&t2, &x, &t2);
@@ -853,7 +858,7 @@ int ecc_projective_dbl_point(ecc_point *P, ecc_point *R, mp_int* modulus,
        err = mp_sqr(R->y, R->y);
    if (err == MP_OKAY)
        err = mp_montgomery_reduce(R->y, modulus, *mp);
-   
+
    /* T2 = Y * Y */
    if (err == MP_OKAY)
        err = mp_sqr(R->y, &t2);
@@ -867,7 +872,7 @@ int ecc_projective_dbl_point(ecc_point *P, ecc_point *R, mp_int* modulus,
    }
    if (err == MP_OKAY)
        err = mp_div_2(&t2, &t2);
-   
+
    /* Y = Y * X */
    if (err == MP_OKAY)
        err = mp_mul(R->y, R->x, R->y);
@@ -894,7 +899,7 @@ int ecc_projective_dbl_point(ecc_point *P, ecc_point *R, mp_int* modulus,
        if (mp_cmp_d(R->x, 0) == MP_LT)
            err = mp_add(R->x, modulus, R->x);
    }
-   /* Y = Y - X */     
+   /* Y = Y - X */
    if (err == MP_OKAY)
        err = mp_sub(R->y, R->x, R->y);
    if (err == MP_OKAY) {
@@ -915,7 +920,7 @@ int ecc_projective_dbl_point(ecc_point *P, ecc_point *R, mp_int* modulus,
            err = mp_add(R->y, modulus, R->y);
    }
 
-   /* clean up */ 
+   /* clean up */
    mp_clear(&t1);
    mp_clear(&t2);
 
@@ -958,7 +963,7 @@ int ecc_map(ecc_point* P, mp_int* modulus, mp_digit* mp)
    /* get 1/z */
    if (err == MP_OKAY)
        err = mp_invmod(P->z, modulus, &t1);
- 
+
    /* get 1/z^2 and 1/z^3 */
    if (err == MP_OKAY)
        err = mp_sqr(&t1, &t2);
@@ -978,7 +983,7 @@ int ecc_map(ecc_point* P, mp_int* modulus, mp_digit* mp)
        err = mp_mul(P->y, &t1, P->y);
    if (err == MP_OKAY)
        err = mp_montgomery_reduce(P->y, modulus, *mp);
-   
+
    if (err == MP_OKAY)
        mp_set(P->z, 1);
 
@@ -996,7 +1001,7 @@ int ecc_map(ecc_point* P, mp_int* modulus, mp_digit* mp)
 #define WINSIZE 4
 
 /**
-   Perform a point multiplication 
+   Perform a point multiplication
    k    The scalar to multiply by
    G    The base point
    R    [out] Destination for kG
@@ -1007,10 +1012,10 @@ int ecc_map(ecc_point* P, mp_int* modulus, mp_digit* mp)
 */
 #ifdef FP_ECC
 static int normal_ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R,
-                             mp_int* modulus, int map)
+                      mp_int* modulus, int map)
 #else
-static int ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R, mp_int* modulus,
-                      int map)
+int ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R, mp_int* modulus,
+               int map)
 #endif
 {
    ecc_point *tG, *M[8];
@@ -1035,7 +1040,7 @@ static int ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R, mp_int* modulus,
       mp_clear(&mu);
       return err;
    }
-  
+
   /* alloc ram for window temps */
   for (i = 0; i < 8; i++) {
       M[i] = ecc_new_point();
@@ -1070,7 +1075,7 @@ static int ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R, mp_int* modulus,
        }
    }
    mp_clear(&mu);
-   
+
    /* calc the M tab, which holds kG for k==8..15 */
    /* M[0] == 8G */
    if (err == MP_OKAY)
@@ -1104,7 +1109,7 @@ static int ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R, mp_int* modulus,
                    break;
                }
                buf    = get_digit(k, digidx);
-               bitcnt = (int) DIGIT_BIT; 
+               bitcnt = (int) DIGIT_BIT;
                --digidx;
            }
 
@@ -1222,10 +1227,10 @@ static int ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R, mp_int* modulus,
 */
 #ifdef FP_ECC
 static int normal_ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R,
-                             mp_int* modulus, int map)
+                      mp_int* modulus, int map)
 #else
-static int ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R, mp_int* modulus,
-                      int map)
+int ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R, mp_int* modulus,
+              int map)
 #endif
 {
    ecc_point    *tG, *M[3];
@@ -1382,7 +1387,7 @@ static void alt_fp_init(fp_int* a)
 
 /**
    Allocate a new ECC point
-   return A newly allocated point or NULL on error 
+   return A newly allocated point or NULL on error
 */
 ecc_point* ecc_new_point(void)
 {
@@ -1431,11 +1436,66 @@ void ecc_del_point(ecc_point* p)
    }
 }
 
+/** Copy the value of a point to an other one
+  p	The point to copy
+  r	The created point
+*/
+int ecc_copy_point(ecc_point* p, ecc_point *r)
+{
+	/* prevents null arguments */
+	if (p == NULL || r == NULL)
+		return 0;
+
+	if (mp_copy(p->x, r->x) != MP_OKAY)
+		return 0;
+	if (mp_copy(p->y, r->y) != MP_OKAY)
+		return 0;
+	if (mp_copy(p->z, r->z) != MP_OKAY)
+		return 0;
+
+	return 1;
+}
+
+/** Compare the value of a point with an other one
+ a	The point to compare
+ b	The othe point to compare
+
+ return 0 if equal, 1 if not, -1 in case of error
+ */
+int ecc_cmp_point(ecc_point* a, ecc_point *b)
+{
+	int ret;
+
+	/* prevents null arguments */
+	if (a == NULL || b == NULL)
+		return -1;
+
+	ret = mp_cmp(a->x, b->x);
+	if (ret != MP_EQ) {
+		if (ret != MP_LT && ret != MP_GT)
+			return -1;
+		return 1;
+	}
+	ret = mp_cmp(a->y, b->y);
+	if (ret != MP_EQ) {
+		if (ret != MP_LT && ret != MP_GT)
+			return -1;
+		return 1;
+	}
+	ret = mp_cmp(a->z, b->z);
+	if (ret != MP_EQ) {
+		if (ret != MP_LT && ret != MP_GT)
+			return -1;
+		return 1;
+	}
+
+	return 0;
+}
 
 /** Returns whether an ECC idx is valid or not
   n      The idx number to check
   return 1 if valid, 0 if not
-*/  
+*/
 static int ecc_is_valid_idx(int n)
 {
    int x;
@@ -1519,9 +1579,70 @@ int wc_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key, byte* out,
    return err;
 }
 
+/**
+ Create an ECC shared secret between two keys
+ private_key      The private ECC key
+ point			  The point to use (public key)
+ out              [out] Destination of the shared secret
+ Conforms to EC-DH from ANSI X9.63
+ outlen           [in/out] The max size and resulting size of the shared secret
+ return           MP_OKAY if successful
+ */
+int wc_ecc_shared_secret_ssh(ecc_key* private_key, ecc_point* point, byte* out, word32 *outlen)
+{
+	word32         x = 0;
+	ecc_point*     result;
+	mp_int         prime;
+	int            err;
+
+	if (private_key == NULL || point == NULL || out == NULL || outlen == NULL)
+		return BAD_FUNC_ARG;
+
+	/* type valid? */
+	if (private_key->type != ECC_PRIVATEKEY) {
+		return ECC_BAD_ARG_E;
+	}
+
+	if (ecc_is_valid_idx(private_key->idx) == 0)
+		return ECC_BAD_ARG_E;
+
+	/* make new point */
+	result = ecc_new_point();
+	if (result == NULL) {
+		return MEMORY_E;
+	}
+
+	if ((err = mp_init(&prime)) != MP_OKAY) {
+		ecc_del_point(result);
+		return err;
+	}
+
+	err = mp_read_radix(&prime, (char *)private_key->dp->prime, 16);
+
+	if (err == MP_OKAY)
+		err = ecc_mulmod(&private_key->k, point, result, &prime, 1);
+
+	if (err == MP_OKAY) {
+		x = mp_unsigned_bin_size(&prime);
+		if (*outlen < x)
+			err = BUFFER_E;
+	}
+
+	if (err == MP_OKAY) {
+		XMEMSET(out, 0, x);
+		err = mp_to_unsigned_bin(result->x,out + (x - mp_unsigned_bin_size(result->x)));
+		*outlen = x;
+	}
+
+	mp_clear(&prime);
+	ecc_del_point(result);
+
+	return err;
+}
+
 
 /* return 1 if point is at infinity, 0 if not, < 0 on error */
-static int ecc_point_is_at_infinity(ecc_point* p)
+int ecc_point_is_at_infinity(ecc_point* p)
 {
     if (p == NULL)
         return BAD_FUNC_ARG;
@@ -1533,38 +1654,7 @@ static int ecc_point_is_at_infinity(ecc_point* p)
 }
 
 
-int wc_ecc_make_key_ex(RNG* rng, ecc_key* key, const ecc_set_type* dp);
-
-/**
-  Make a new ECC key 
-  rng          An active RNG state
-  keysize      The keysize for the new key (in octets from 20 to 65 bytes)
-  key          [out] Destination of the newly created key
-  return       MP_OKAY if successful,
-                       upon error all allocated memory will be freed
-*/
-int wc_ecc_make_key(RNG* rng, int keysize, ecc_key* key)
-{
-   int x, err;
-
-   if (key == NULL || rng == NULL)
-       return ECC_BAD_ARG_E;
-
-   /* find key size */
-   for (x = 0; (keysize > ecc_sets[x].size) && (ecc_sets[x].size != 0); x++)
-       ;
-   keysize = ecc_sets[x].size;
-
-   if (keysize > ECC_MAXSIZE || ecc_sets[x].size == 0) {
-      return BAD_FUNC_ARG;
-   }
-   err = wc_ecc_make_key_ex(rng, key, &ecc_sets[x]);
-   key->idx = x;
-
-   return err;
-}
-
-int wc_ecc_make_key_ex(RNG* rng, ecc_key* key, const ecc_set_type* dp)
+static int wc_ecc_make_key_ex(RNG* rng, ecc_key* key, const ecc_set_type* dp)
 {
    int            err;
    ecc_point*     base;
@@ -1626,22 +1716,22 @@ int wc_ecc_make_key_ex(RNG* rng, ecc_key* key, const ecc_set_type* dp)
    }
 
    /* read in the specs for this key */
-   if (err == MP_OKAY) 
+   if (err == MP_OKAY)
        err = mp_read_radix(&prime,   (char *)key->dp->prime, 16);
-   if (err == MP_OKAY) 
+   if (err == MP_OKAY)
        err = mp_read_radix(&order,   (char *)key->dp->order, 16);
-   if (err == MP_OKAY) 
+   if (err == MP_OKAY)
        err = mp_read_radix(base->x, (char *)key->dp->Gx, 16);
-   if (err == MP_OKAY) 
+   if (err == MP_OKAY)
        err = mp_read_radix(base->y, (char *)key->dp->Gy, 16);
-   
-   if (err == MP_OKAY) 
+
+   if (err == MP_OKAY)
        mp_set(base->z, 1);
-   if (err == MP_OKAY) 
+   if (err == MP_OKAY)
        err = mp_read_unsigned_bin(&key->k, (byte*)buf, keysize);
 
    /* the key should be smaller than the order of base point */
-   if (err == MP_OKAY) { 
+   if (err == MP_OKAY) {
        if (mp_cmp(&key->k, &order) != MP_LT)
            err = mp_mod(&key->k, &order, &key->k);
    }
@@ -1679,6 +1769,34 @@ int wc_ecc_make_key_ex(RNG* rng, ecc_key* key, const ecc_set_type* dp)
    return err;
 }
 
+/**
+ Make a new ECC key
+ rng          An active RNG state
+ keysize      The keysize for the new key (in octets from 20 to 65 bytes)
+ key          [out] Destination of the newly created key
+ return       MP_OKAY if successful,
+ upon error all allocated memory will be freed
+ */
+int wc_ecc_make_key(RNG* rng, int keysize, ecc_key* key)
+{
+	int x, err;
+
+	if (key == NULL || rng == NULL)
+		return ECC_BAD_ARG_E;
+
+	/* find key size */
+	for (x = 0; (keysize > ecc_sets[x].size) && (ecc_sets[x].size != 0); x++)
+		;
+	keysize = ecc_sets[x].size;
+
+	if (keysize > ECC_MAXSIZE || ecc_sets[x].size == 0) {
+		return BAD_FUNC_ARG;
+	}
+	err = wc_ecc_make_key_ex(rng, key, &ecc_sets[x]);
+	key->idx = x;
+
+	return err;
+}
 
 /* Setup dynamic pointers is using normal math for proper freeing */
 int wc_ecc_init(ecc_key* key)
@@ -1709,6 +1827,39 @@ int wc_ecc_init(ecc_key* key)
 }
 
 
+/**
+ Sign a message digest
+ in        The message digest to sign
+ inlen     The length of the digest
+ out       [out] The destination for the signature
+ outlen    [in/out] The max size and resulting size of the signature
+ key       A private ECC key
+ return    MP_OKAY if successful
+ */
+int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen,
+					 RNG* rng, ecc_key* key)
+{
+	mp_int	r;
+	mp_int	s;
+	int		err;
+
+	if (in == NULL || out == NULL || outlen == NULL || key == NULL || rng == NULL)
+		return ECC_BAD_ARG_E;
+
+	if ((err = mp_init_multi(&r, &s, NULL, NULL, NULL, NULL)) != MP_OKAY) {
+		return err;
+	}
+
+	err = wc_ecc_sign_hash_ex(in, inlen, rng, key, &r, &s);
+	if (err == MP_OKAY)
+		err = StoreECC_DSA_Sig(out, outlen, &r, &s);
+
+	mp_clear(&r);
+	mp_clear(&s);
+
+	return err;
+}
+
 /**
   Sign a message digest
   in        The message digest to sign
@@ -1716,25 +1867,25 @@ int wc_ecc_init(ecc_key* key)
   out       [out] The destination for the signature
   outlen    [in/out] The max size and resulting size of the signature
   key       A private ECC key
+  r         [out] The destination for r component of the signature
+  s			[out] The destination for s component of the signature
   return    MP_OKAY if successful
 */
-int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen, 
-                  RNG* rng, ecc_key* key)
+int wc_ecc_sign_hash_ex(const byte* in, word32 inlen, RNG* rng,
+					 ecc_key* key, mp_int *r, mp_int *s)
 {
-   mp_int        r;
-   mp_int        s;
    mp_int        e;
    mp_int        p;
    int           err;
 
-   if (in == NULL || out == NULL || outlen == NULL || key == NULL || rng ==NULL)
+   if (in == NULL || r == NULL || s == NULL || key == NULL || rng == NULL)
        return ECC_BAD_ARG_E;
 
    /* is this a private key? */
    if (key->type != ECC_PRIVATEKEY) {
       return ECC_BAD_ARG_E;
    }
-   
+
    /* is the IDX valid ?  */
    if (ecc_is_valid_idx(key->idx) != 1) {
       return ECC_BAD_ARG_E;
@@ -1742,7 +1893,7 @@ int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen,
 
    /* get the hash and load it as a bignum into 'e' */
    /* init the bignums */
-   if ((err = mp_init_multi(&r, &s, &p, &e, NULL, NULL)) != MP_OKAY) { 
+   if ((err = mp_init_multi(&p, &e, NULL, NULL, NULL, NULL)) != MP_OKAY) {
       return err;
    }
    err = mp_read_radix(&p, (char *)key->dp->order, 16);
@@ -1775,45 +1926,39 @@ int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen,
            if (err != MP_OKAY) break;
 
            /* find r = x1 mod n */
-           err = mp_mod(pubkey.pubkey.x, &p, &r);
+           err = mp_mod(pubkey.pubkey.x, &p, r);
            if (err != MP_OKAY) break;
 
-           if (mp_iszero(&r) == MP_YES) {
+           if (mp_iszero(r) == MP_YES) {
                mp_clear(pubkey.pubkey.x);
                mp_clear(pubkey.pubkey.y);
                mp_clear(pubkey.pubkey.z);
                mp_clear(&pubkey.k);
            }
-           else { 
+           else {
                /* find s = (e + xr)/k */
                err = mp_invmod(&pubkey.k, &p, &pubkey.k);
                if (err != MP_OKAY) break;
 
-               err = mp_mulmod(&key->k, &r, &p, &s);   /* s = xr */
-               if (err != MP_OKAY) break;
-           
-               err = mp_add(&e, &s, &s);               /* s = e +  xr */
+               err = mp_mulmod(&key->k, r, &p, s);   /* s = xr */
                if (err != MP_OKAY) break;
 
-               err = mp_mod(&s, &p, &s);               /* s = e +  xr */
+               err = mp_add(&e, s, s);               /* s = e +  xr */
                if (err != MP_OKAY) break;
 
-               err = mp_mulmod(&s, &pubkey.k, &p, &s); /* s = (e + xr)/k */
+               err = mp_mod(s, &p, s);               /* s = e +  xr */
                if (err != MP_OKAY) break;
 
-               if (mp_iszero(&s) == MP_NO)
+               err = mp_mulmod(s, &pubkey.k, &p, s); /* s = (e + xr)/k */
+               if (err != MP_OKAY) break;
+
+               if (mp_iszero(s) == MP_NO)
                    break;
             }
        }
        wc_ecc_free(&pubkey);
    }
 
-   /* store as SEQUENCE { r, s -- integer } */
-   if (err == MP_OKAY)
-       err = StoreECC_DSA_Sig(out, outlen, &r, &s);
-
-   mp_clear(&r);
-   mp_clear(&s);
    mp_clear(&p);
    mp_clear(&e);
 
@@ -1851,7 +1996,7 @@ void wc_ecc_free(ecc_key* key)
   B        Second point to multiply
   kB       What to multiple B by
   C        [out] Destination point (can overlap with A or B)
-  modulus  Modulus for curve 
+  modulus  Modulus for curve
   return MP_OKAY on success
 */
 #ifdef FP_ECC
@@ -1873,9 +2018,9 @@ static int ecc_mul2add(ecc_point* A, mp_int* kA,
   int            tableInit = 0;
   mp_digit mp;
   mp_int   mu;
- 
+
   /* argchks */
-  if (A == NULL || kA == NULL || B == NULL || kB == NULL || C == NULL || 
+  if (A == NULL || kA == NULL || B == NULL || kB == NULL || C == NULL ||
                    modulus == NULL)
     return ECC_BAD_ARG_E;
 
@@ -1980,8 +2125,8 @@ static int ecc_mul2add(ecc_point* A, mp_int* kA,
                 err = ecc_projective_add_point(precomp[x], precomp[(y<<2)],
                                                precomp[x+(y<<2)], modulus, &mp);
         }
-    } 
-  }  
+    }
+  }
 
   if (err == MP_OKAY) {
     nibble  = 3;
@@ -2002,8 +2147,8 @@ static int ecc_mul2add(ecc_point* A, mp_int* kA,
         /* extract two bits from both, shift/update */
         nA = (bitbufA >> 6) & 0x03;
         nB = (bitbufB >> 6) & 0x03;
-        bitbufA = (bitbufA << 2) & 0xFF;   
-        bitbufB = (bitbufB << 2) & 0xFF;   
+        bitbufA = (bitbufA << 2) & 0xFF;
+        bitbufB = (bitbufB << 2) & 0xFF;
 
         /* if both zero, if first, continue */
         if ((nA == 0) && (nB == 0) && (first == 1)) {
@@ -2074,32 +2219,72 @@ static int ecc_mul2add(ecc_point* A, mp_int* kA,
 
 
 
-/* verify 
+/* verify
  *
  * w  = s^-1 mod n
- * u1 = xw 
+ * u1 = xw
  * u2 = rw
  * X = u1*G + u2*Q
  * v = X_x1 mod n
  * accept if v == r
  */
 
+/**
+ Verify an ECC signature
+ sig         The signature to verify
+ siglen      The length of the signature (octets)
+ hash        The hash (message digest) that was signed
+ hashlen     The length of the hash (octets)
+ stat        Result of signature, 1==valid, 0==invalid
+ key         The corresponding public ECC key
+ return      MP_OKAY if successful (even if the signature is not valid)
+ */
+int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash,
+					   word32 hashlen, int* stat, ecc_key* key)
+{
+	mp_int	r;
+	mp_int	s;
+	int		err;
+
+	if (sig == NULL || hash == NULL || stat == NULL || key == NULL)
+		return ECC_BAD_ARG_E;
+
+	/* default to invalid signature */
+	*stat = 0;
+
+	/* Note, DecodeECC_DSA_Sig() calls mp_init() on r and s.
+	 * If either of those don't allocate correctly, none of
+	 * the rest of this function will execute, and everything
+	 * gets cleaned up at the end. */
+	XMEMSET(&r, 0, sizeof(r));
+	XMEMSET(&s, 0, sizeof(s));
+
+	err = DecodeECC_DSA_Sig(sig, siglen, &r, &s);
+	if (err != MP_OKAY)
+		return err;
+
+	err = wc_ecc_verify_hash_ex(&r, &s, hash, hashlen, stat, key);
+
+	mp_clear(&r);
+	mp_clear(&s);
+
+	return err;
+}
+
 /**
    Verify an ECC signature
-   sig         The signature to verify
-   siglen      The length of the signature (octets)
+   r           The signature R component to verify
+   s           The signature S component to verify
    hash        The hash (message digest) that was signed
    hashlen     The length of the hash (octets)
    stat        Result of signature, 1==valid, 0==invalid
    key         The corresponding public ECC key
    return      MP_OKAY if successful (even if the signature is not valid)
 */
-int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash,
+int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash,
                     word32 hashlen, int* stat, ecc_key* key)
 {
    ecc_point    *mG, *mQ;
-   mp_int        r;
-   mp_int        s;
    mp_int        v;
    mp_int        w;
    mp_int        u1;
@@ -2109,8 +2294,8 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash,
    mp_int        m;
    int           err;
 
-   if (sig == NULL || hash == NULL || stat == NULL || key == NULL)
-       return ECC_BAD_ARG_E; 
+   if (r == NULL || s == NULL || hash == NULL || stat == NULL || key == NULL)
+       return ECC_BAD_ARG_E;
 
    /* default to invalid signature */
    *stat = 0;
@@ -2141,15 +2326,6 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash,
    if (mQ  == NULL || mG == NULL)
       err = MEMORY_E;
 
-   /* Note, DecodeECC_DSA_Sig() calls mp_init() on r and s.
-    * If either of those don't allocate correctly, none of
-    * the rest of this function will execute, and everything
-    * gets cleaned up at the end. */
-   XMEMSET(&r, 0, sizeof(r));
-   XMEMSET(&s, 0, sizeof(s));
-   if (err == MP_OKAY)
-       err = DecodeECC_DSA_Sig(sig, siglen, &r, &s);
-
    /* get the order */
    if (err == MP_OKAY)
        err = mp_read_radix(&p, (char *)key->dp->order, 16);
@@ -2160,9 +2336,8 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash,
 
    /* check for zero */
    if (err == MP_OKAY) {
-       if (mp_iszero(&r) || mp_iszero(&s) || mp_cmp(&r, &p) != MP_LT ||
-                                             mp_cmp(&s, &p) != MP_LT)
-           err = MP_ZERO_E; 
+       if (mp_iszero(r) || mp_iszero(s) || mp_cmp(r, &p) != MP_LT || mp_cmp(s, &p) != MP_LT)
+           err = MP_ZERO_E;
    }
    /* read hash */
    if (err == MP_OKAY) {
@@ -2181,7 +2356,7 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash,
 
    /*  w  = s^-1 mod n */
    if (err == MP_OKAY)
-       err = mp_invmod(&s, &p, &w);
+       err = mp_invmod(s, &p, &w);
 
    /* u1 = ew */
    if (err == MP_OKAY)
@@ -2189,7 +2364,7 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash,
 
    /* u2 = rw */
    if (err == MP_OKAY)
-       err = mp_mulmod(&r, &w, &p, &u2);
+       err = mp_mulmod(r, &w, &p, &u2);
 
    /* find mG and mQ */
    if (err == MP_OKAY)
@@ -2216,7 +2391,7 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash,
            err = ecc_mulmod(&u1, mG, mG, &m, 0);
        if (err == MP_OKAY)
            err = ecc_mulmod(&u2, mQ, mQ, &m, 0);
-  
+
        /* find the montgomery mp */
        if (err == MP_OKAY)
            err = mp_montgomery_setup(&m, &mp);
@@ -2224,7 +2399,7 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash,
        /* add them */
        if (err == MP_OKAY)
            err = ecc_projective_add_point(mQ, mG, mG, &m, &mp);
-   
+
        /* reduce */
        if (err == MP_OKAY)
            err = ecc_map(mG, &m, &mp);
@@ -2233,7 +2408,7 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash,
        /* use Shamir's trick to compute u1*mG + u2*mQ using half the doubles */
        if (err == MP_OKAY)
            err = ecc_mul2add(mG, &u1, mQ, &u2, mG, &m);
-#endif /* ECC_SHAMIR */ 
+#endif /* ECC_SHAMIR */
 
    /* v = X_x1 mod n */
    if (err == MP_OKAY)
@@ -2241,15 +2416,13 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash,
 
    /* does v == r */
    if (err == MP_OKAY) {
-       if (mp_cmp(&v, &r) == MP_EQ)
+       if (mp_cmp(&v, r) == MP_EQ)
            *stat = 1;
    }
 
    ecc_del_point(mG);
    ecc_del_point(mQ);
 
-   mp_clear(&r);
-   mp_clear(&s);
    mp_clear(&v);
    mp_clear(&w);
    mp_clear(&u1);
@@ -2261,6 +2434,192 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash,
    return err;
 }
 
+/* import point from der */
+int wc_ecc_import_point_der(byte* in, word32 inLen, const int curve_idx, ecc_point* point)
+{
+	int err;
+	int compressed = 0;
+
+	if (in == NULL || point == NULL || (ecc_is_valid_idx(curve_idx) == 0))
+		return ECC_BAD_ARG_E;
+
+	/* must be odd */
+	if ((inLen & 1) == 0) {
+		return ECC_BAD_ARG_E;
+	}
+
+	/* init point */
+#ifdef ALT_ECC_SIZE
+	point->x = (mp_int*)&point->xyz[0];
+	point->y = (mp_int*)&point->xyz[1];
+	point->z = (mp_int*)&point->xyz[2];
+	alt_fp_init(point->x);
+	alt_fp_init(point->y);
+	alt_fp_init(point->z);
+#else
+	err = mp_init_multi(point->x, point->y, point->z, NULL,	NULL, NULL);
+#endif
+	if (err != MP_OKAY)
+		return MEMORY_E;
+
+	/* check for 4, 2, or 3 */
+	if (in[0] != 0x04 && in[0] != 0x02 && in[0] != 0x03) {
+		err = ASN_PARSE_E;
+	}
+
+	if (in[0] == 0x02 || in[0] == 0x03) {
+#ifdef HAVE_COMP_KEY
+		compressed = 1;
+#else
+		err = NOT_COMPILED_IN;
+#endif
+	}
+
+	/* read data */
+	if (err == MP_OKAY)
+		err = mp_read_unsigned_bin(point->x, (byte*)in+1, (inLen-1)>>1);
+
+#ifdef HAVE_COMP_KEY
+	if (err == MP_OKAY && compressed == 1) {   /* build y */
+		mp_int t1, t2, prime, a, b;
+
+		if (mp_init_multi(&t1, &t2, &prime, &a, &b, NULL) != MP_OKAY)
+			err = MEMORY_E;
+
+		/* load prime */
+		if (err == MP_OKAY)
+			err = mp_read_radix(&prime, (char *)ecc_sets[curve_idx].prime, 16);
+
+		/* load a */
+		if (err == MP_OKAY)
+			err = mp_read_radix(&a, (char *)ecc_sets[curve_idx].Af, 16);
+
+		/* load b */
+		if (err == MP_OKAY)
+			err = mp_read_radix(&b, (char *)ecc_sets[curve_idx].Bf, 16);
+
+		/* compute x^3 */
+		if (err == MP_OKAY)
+			err = mp_sqr(point->x, &t1);
+
+		if (err == MP_OKAY)
+			err = mp_mulmod(&t1, point->x, &prime, &t1);
+
+		/* compute x^3 + a*x */
+		if (err == MP_OKAY)
+			err = mp_mulmod(&a, point->x, &prime, &t2);
+
+		if (err == MP_OKAY)
+			err = mp_add(&t1, &t2, &t1);
+
+		/* compute x^3 + a*x + b */
+		if (err == MP_OKAY)
+			err = mp_add(&t1, &b, &t1);
+
+		/* compute sqrt(x^3 + a*x + b) */
+		if (err == MP_OKAY)
+			err = mp_sqrtmod_prime(&t1, &prime, &t2);
+
+		/* adjust y */
+		if (err == MP_OKAY) {
+			if ((mp_isodd(&t2) && in[0] == 0x03) ||
+				(!mp_isodd(&t2) && in[0] == 0x02)) {
+				err = mp_mod(&t2, &prime, point->y);
+			}
+			else {
+				err = mp_submod(&prime, &t2, &prime, point->y);
+			}
+		}
+
+		mp_clear(&a);
+		mp_clear(&b);
+		mp_clear(&prime);
+		mp_clear(&t2);
+		mp_clear(&t1);
+	}
+#endif
+
+	if (err == MP_OKAY && compressed == 0)
+		err = mp_read_unsigned_bin(point->y, (byte*)in+1+((inLen-1)>>1), (inLen-1)>>1);
+	if (err == MP_OKAY)
+		mp_set(point->z, 1);
+
+	if (err != MP_OKAY) {
+		mp_clear(point->x);
+		mp_clear(point->y);
+		mp_clear(point->z);
+	}
+
+	return err;
+}
+
+/* export point to der */
+int wc_ecc_export_point_der(const int curve_idx, ecc_point* point, byte* out, word32* outLen)
+{
+#ifdef WOLFSSL_SMALL_STACK
+	byte*  buf;
+#else
+	byte   buf[ECC_BUFSIZE];
+#endif
+	word32 numlen;
+	int    ret = MP_OKAY;
+
+	if (curve_idx < 0)
+		return ECC_BAD_ARG_E;
+
+	/* return length needed only */
+	if (point != NULL && out == NULL && outLen != NULL) {
+		numlen = ecc_sets[curve_idx].size;
+		*outLen = 1 + 2*numlen;
+		return LENGTH_ONLY_E;
+	}
+
+	if (point == NULL && out == NULL && outLen == NULL)
+		return ECC_BAD_ARG_E;
+
+	numlen = ecc_sets[curve_idx].size;
+
+	if (*outLen < (1 + 2*numlen)) {
+		*outLen = 1 + 2*numlen;
+		return BUFFER_E;
+	}
+
+	/* store byte 0x04 */
+	out[0] = 0x04;
+
+#ifdef WOLFSSL_SMALL_STACK
+	buf = (byte*)XMALLOC(ECC_BUFSIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+	if (buf == NULL)
+		return MEMORY_E;
+#endif
+
+	do {
+		/* pad and store x */
+		XMEMSET(buf, 0, ECC_BUFSIZE);
+		ret = mp_to_unsigned_bin(point->x,
+								 buf + (numlen - mp_unsigned_bin_size(point->x)));
+		if (ret != MP_OKAY)
+			break;
+		XMEMCPY(out+1, buf, numlen);
+
+		/* pad and store y */
+		XMEMSET(buf, 0, ECC_BUFSIZE);
+		ret = mp_to_unsigned_bin(point->y,
+								 buf + (numlen - mp_unsigned_bin_size(point->y)));
+		if (ret != MP_OKAY)
+			break;
+		XMEMCPY(out+1+numlen, buf, numlen);
+
+		*outLen = 1 + 2*numlen;
+	} while (0);
+
+#ifdef WOLFSSL_SMALL_STACK
+	XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+
+	return ret;
+}
+
 
 /* export public ECC key in ANSI X9.63 format */
 int wc_ecc_export_x963(ecc_key* key, byte* out, word32* outLen)
@@ -2553,7 +2912,7 @@ int wc_ecc_import_x963(const byte* in, word32 inLen, ecc_key* key)
 {
    int x, err;
    int compressed = 0;
-   
+
    if (in == NULL || key == NULL)
        return ECC_BAD_ARG_E;
 
@@ -2698,7 +3057,7 @@ int wc_ecc_import_x963(const byte* in, word32 inLen, ecc_key* key)
 }
 
 
-/* export ecc private key only raw, outLen is in/out size 
+/* export ecc private key only raw, outLen is in/out size
    return MP_OKAY on success */
 int wc_ecc_export_private_only(ecc_key* key, byte* out, word32* outLen)
 {
@@ -2716,7 +3075,7 @@ int wc_ecc_export_private_only(ecc_key* key, byte* out, word32* outLen)
       *outLen = numlen;
       return BUFFER_E;
    }
-   *outLen = numlen; 
+   *outLen = numlen;
    XMEMSET(out, 0, *outLen);
    return mp_to_unsigned_bin(&key->k, out + (numlen -
                                              mp_unsigned_bin_size(&key->k)));
@@ -2917,7 +3276,7 @@ int wc_ecc_sig_size(ecc_key* key)
 /** Our FP cache */
 typedef struct {
    ecc_point* g;               /* cached COPY of base point */
-   ecc_point* LUT[1U<<FP_LUT]; /* fixed point lookup */ 
+   ecc_point* LUT[1U<<FP_LUT]; /* fixed point lookup */
    mp_int     mu;              /* copy of the montgomery constant */
    int        lru_count;       /* amount of times this entry has been used */
    int        lock;            /* flag to indicate cache eviction */
@@ -2936,524 +3295,524 @@ static THREAD_LS_T fp_cache_t fp_cache[FP_ENTRIES];
 static const struct {
    int ham, terma, termb;
 } lut_orders[] = {
-   { 0, 0, 0 }, { 1, 0, 0 }, { 1, 0, 0 }, { 2, 1, 2 }, { 1, 0, 0 }, { 2, 1, 4 }, { 2, 2, 4 }, { 3, 3, 4 }, 
-   { 1, 0, 0 }, { 2, 1, 8 }, { 2, 2, 8 }, { 3, 3, 8 }, { 2, 4, 8 }, { 3, 5, 8 }, { 3, 6, 8 }, { 4, 7, 8 }, 
-   { 1, 0, 0 }, { 2, 1, 16 }, { 2, 2, 16 }, { 3, 3, 16 }, { 2, 4, 16 }, { 3, 5, 16 }, { 3, 6, 16 }, { 4, 7, 16 }, 
-   { 2, 8, 16 }, { 3, 9, 16 }, { 3, 10, 16 }, { 4, 11, 16 }, { 3, 12, 16 }, { 4, 13, 16 }, { 4, 14, 16 }, { 5, 15, 16 }, 
-   { 1, 0, 0 }, { 2, 1, 32 }, { 2, 2, 32 }, { 3, 3, 32 }, { 2, 4, 32 }, { 3, 5, 32 }, { 3, 6, 32 }, { 4, 7, 32 }, 
-   { 2, 8, 32 }, { 3, 9, 32 }, { 3, 10, 32 }, { 4, 11, 32 }, { 3, 12, 32 }, { 4, 13, 32 }, { 4, 14, 32 }, { 5, 15, 32 }, 
-   { 2, 16, 32 }, { 3, 17, 32 }, { 3, 18, 32 }, { 4, 19, 32 }, { 3, 20, 32 }, { 4, 21, 32 }, { 4, 22, 32 }, { 5, 23, 32 }, 
-   { 3, 24, 32 }, { 4, 25, 32 }, { 4, 26, 32 }, { 5, 27, 32 }, { 4, 28, 32 }, { 5, 29, 32 }, { 5, 30, 32 }, { 6, 31, 32 }, 
+   { 0, 0, 0 }, { 1, 0, 0 }, { 1, 0, 0 }, { 2, 1, 2 }, { 1, 0, 0 }, { 2, 1, 4 }, { 2, 2, 4 }, { 3, 3, 4 },
+   { 1, 0, 0 }, { 2, 1, 8 }, { 2, 2, 8 }, { 3, 3, 8 }, { 2, 4, 8 }, { 3, 5, 8 }, { 3, 6, 8 }, { 4, 7, 8 },
+   { 1, 0, 0 }, { 2, 1, 16 }, { 2, 2, 16 }, { 3, 3, 16 }, { 2, 4, 16 }, { 3, 5, 16 }, { 3, 6, 16 }, { 4, 7, 16 },
+   { 2, 8, 16 }, { 3, 9, 16 }, { 3, 10, 16 }, { 4, 11, 16 }, { 3, 12, 16 }, { 4, 13, 16 }, { 4, 14, 16 }, { 5, 15, 16 },
+   { 1, 0, 0 }, { 2, 1, 32 }, { 2, 2, 32 }, { 3, 3, 32 }, { 2, 4, 32 }, { 3, 5, 32 }, { 3, 6, 32 }, { 4, 7, 32 },
+   { 2, 8, 32 }, { 3, 9, 32 }, { 3, 10, 32 }, { 4, 11, 32 }, { 3, 12, 32 }, { 4, 13, 32 }, { 4, 14, 32 }, { 5, 15, 32 },
+   { 2, 16, 32 }, { 3, 17, 32 }, { 3, 18, 32 }, { 4, 19, 32 }, { 3, 20, 32 }, { 4, 21, 32 }, { 4, 22, 32 }, { 5, 23, 32 },
+   { 3, 24, 32 }, { 4, 25, 32 }, { 4, 26, 32 }, { 5, 27, 32 }, { 4, 28, 32 }, { 5, 29, 32 }, { 5, 30, 32 }, { 6, 31, 32 },
 #if FP_LUT > 6
-   { 1, 0, 0 }, { 2, 1, 64 }, { 2, 2, 64 }, { 3, 3, 64 }, { 2, 4, 64 }, { 3, 5, 64 }, { 3, 6, 64 }, { 4, 7, 64 }, 
-   { 2, 8, 64 }, { 3, 9, 64 }, { 3, 10, 64 }, { 4, 11, 64 }, { 3, 12, 64 }, { 4, 13, 64 }, { 4, 14, 64 }, { 5, 15, 64 }, 
-   { 2, 16, 64 }, { 3, 17, 64 }, { 3, 18, 64 }, { 4, 19, 64 }, { 3, 20, 64 }, { 4, 21, 64 }, { 4, 22, 64 }, { 5, 23, 64 }, 
-   { 3, 24, 64 }, { 4, 25, 64 }, { 4, 26, 64 }, { 5, 27, 64 }, { 4, 28, 64 }, { 5, 29, 64 }, { 5, 30, 64 }, { 6, 31, 64 }, 
-   { 2, 32, 64 }, { 3, 33, 64 }, { 3, 34, 64 }, { 4, 35, 64 }, { 3, 36, 64 }, { 4, 37, 64 }, { 4, 38, 64 }, { 5, 39, 64 }, 
-   { 3, 40, 64 }, { 4, 41, 64 }, { 4, 42, 64 }, { 5, 43, 64 }, { 4, 44, 64 }, { 5, 45, 64 }, { 5, 46, 64 }, { 6, 47, 64 }, 
-   { 3, 48, 64 }, { 4, 49, 64 }, { 4, 50, 64 }, { 5, 51, 64 }, { 4, 52, 64 }, { 5, 53, 64 }, { 5, 54, 64 }, { 6, 55, 64 }, 
-   { 4, 56, 64 }, { 5, 57, 64 }, { 5, 58, 64 }, { 6, 59, 64 }, { 5, 60, 64 }, { 6, 61, 64 }, { 6, 62, 64 }, { 7, 63, 64 }, 
+   { 1, 0, 0 }, { 2, 1, 64 }, { 2, 2, 64 }, { 3, 3, 64 }, { 2, 4, 64 }, { 3, 5, 64 }, { 3, 6, 64 }, { 4, 7, 64 },
+   { 2, 8, 64 }, { 3, 9, 64 }, { 3, 10, 64 }, { 4, 11, 64 }, { 3, 12, 64 }, { 4, 13, 64 }, { 4, 14, 64 }, { 5, 15, 64 },
+   { 2, 16, 64 }, { 3, 17, 64 }, { 3, 18, 64 }, { 4, 19, 64 }, { 3, 20, 64 }, { 4, 21, 64 }, { 4, 22, 64 }, { 5, 23, 64 },
+   { 3, 24, 64 }, { 4, 25, 64 }, { 4, 26, 64 }, { 5, 27, 64 }, { 4, 28, 64 }, { 5, 29, 64 }, { 5, 30, 64 }, { 6, 31, 64 },
+   { 2, 32, 64 }, { 3, 33, 64 }, { 3, 34, 64 }, { 4, 35, 64 }, { 3, 36, 64 }, { 4, 37, 64 }, { 4, 38, 64 }, { 5, 39, 64 },
+   { 3, 40, 64 }, { 4, 41, 64 }, { 4, 42, 64 }, { 5, 43, 64 }, { 4, 44, 64 }, { 5, 45, 64 }, { 5, 46, 64 }, { 6, 47, 64 },
+   { 3, 48, 64 }, { 4, 49, 64 }, { 4, 50, 64 }, { 5, 51, 64 }, { 4, 52, 64 }, { 5, 53, 64 }, { 5, 54, 64 }, { 6, 55, 64 },
+   { 4, 56, 64 }, { 5, 57, 64 }, { 5, 58, 64 }, { 6, 59, 64 }, { 5, 60, 64 }, { 6, 61, 64 }, { 6, 62, 64 }, { 7, 63, 64 },
 #if FP_LUT > 7
-   { 1, 0, 0 }, { 2, 1, 128 }, { 2, 2, 128 }, { 3, 3, 128 }, { 2, 4, 128 }, { 3, 5, 128 }, { 3, 6, 128 }, { 4, 7, 128 }, 
-   { 2, 8, 128 }, { 3, 9, 128 }, { 3, 10, 128 }, { 4, 11, 128 }, { 3, 12, 128 }, { 4, 13, 128 }, { 4, 14, 128 }, { 5, 15, 128 }, 
-   { 2, 16, 128 }, { 3, 17, 128 }, { 3, 18, 128 }, { 4, 19, 128 }, { 3, 20, 128 }, { 4, 21, 128 }, { 4, 22, 128 }, { 5, 23, 128 }, 
-   { 3, 24, 128 }, { 4, 25, 128 }, { 4, 26, 128 }, { 5, 27, 128 }, { 4, 28, 128 }, { 5, 29, 128 }, { 5, 30, 128 }, { 6, 31, 128 }, 
-   { 2, 32, 128 }, { 3, 33, 128 }, { 3, 34, 128 }, { 4, 35, 128 }, { 3, 36, 128 }, { 4, 37, 128 }, { 4, 38, 128 }, { 5, 39, 128 }, 
-   { 3, 40, 128 }, { 4, 41, 128 }, { 4, 42, 128 }, { 5, 43, 128 }, { 4, 44, 128 }, { 5, 45, 128 }, { 5, 46, 128 }, { 6, 47, 128 }, 
-   { 3, 48, 128 }, { 4, 49, 128 }, { 4, 50, 128 }, { 5, 51, 128 }, { 4, 52, 128 }, { 5, 53, 128 }, { 5, 54, 128 }, { 6, 55, 128 }, 
-   { 4, 56, 128 }, { 5, 57, 128 }, { 5, 58, 128 }, { 6, 59, 128 }, { 5, 60, 128 }, { 6, 61, 128 }, { 6, 62, 128 }, { 7, 63, 128 }, 
-   { 2, 64, 128 }, { 3, 65, 128 }, { 3, 66, 128 }, { 4, 67, 128 }, { 3, 68, 128 }, { 4, 69, 128 }, { 4, 70, 128 }, { 5, 71, 128 }, 
-   { 3, 72, 128 }, { 4, 73, 128 }, { 4, 74, 128 }, { 5, 75, 128 }, { 4, 76, 128 }, { 5, 77, 128 }, { 5, 78, 128 }, { 6, 79, 128 }, 
-   { 3, 80, 128 }, { 4, 81, 128 }, { 4, 82, 128 }, { 5, 83, 128 }, { 4, 84, 128 }, { 5, 85, 128 }, { 5, 86, 128 }, { 6, 87, 128 }, 
-   { 4, 88, 128 }, { 5, 89, 128 }, { 5, 90, 128 }, { 6, 91, 128 }, { 5, 92, 128 }, { 6, 93, 128 }, { 6, 94, 128 }, { 7, 95, 128 }, 
-   { 3, 96, 128 }, { 4, 97, 128 }, { 4, 98, 128 }, { 5, 99, 128 }, { 4, 100, 128 }, { 5, 101, 128 }, { 5, 102, 128 }, { 6, 103, 128 }, 
-   { 4, 104, 128 }, { 5, 105, 128 }, { 5, 106, 128 }, { 6, 107, 128 }, { 5, 108, 128 }, { 6, 109, 128 }, { 6, 110, 128 }, { 7, 111, 128 }, 
-   { 4, 112, 128 }, { 5, 113, 128 }, { 5, 114, 128 }, { 6, 115, 128 }, { 5, 116, 128 }, { 6, 117, 128 }, { 6, 118, 128 }, { 7, 119, 128 }, 
-   { 5, 120, 128 }, { 6, 121, 128 }, { 6, 122, 128 }, { 7, 123, 128 }, { 6, 124, 128 }, { 7, 125, 128 }, { 7, 126, 128 }, { 8, 127, 128 }, 
+   { 1, 0, 0 }, { 2, 1, 128 }, { 2, 2, 128 }, { 3, 3, 128 }, { 2, 4, 128 }, { 3, 5, 128 }, { 3, 6, 128 }, { 4, 7, 128 },
+   { 2, 8, 128 }, { 3, 9, 128 }, { 3, 10, 128 }, { 4, 11, 128 }, { 3, 12, 128 }, { 4, 13, 128 }, { 4, 14, 128 }, { 5, 15, 128 },
+   { 2, 16, 128 }, { 3, 17, 128 }, { 3, 18, 128 }, { 4, 19, 128 }, { 3, 20, 128 }, { 4, 21, 128 }, { 4, 22, 128 }, { 5, 23, 128 },
+   { 3, 24, 128 }, { 4, 25, 128 }, { 4, 26, 128 }, { 5, 27, 128 }, { 4, 28, 128 }, { 5, 29, 128 }, { 5, 30, 128 }, { 6, 31, 128 },
+   { 2, 32, 128 }, { 3, 33, 128 }, { 3, 34, 128 }, { 4, 35, 128 }, { 3, 36, 128 }, { 4, 37, 128 }, { 4, 38, 128 }, { 5, 39, 128 },
+   { 3, 40, 128 }, { 4, 41, 128 }, { 4, 42, 128 }, { 5, 43, 128 }, { 4, 44, 128 }, { 5, 45, 128 }, { 5, 46, 128 }, { 6, 47, 128 },
+   { 3, 48, 128 }, { 4, 49, 128 }, { 4, 50, 128 }, { 5, 51, 128 }, { 4, 52, 128 }, { 5, 53, 128 }, { 5, 54, 128 }, { 6, 55, 128 },
+   { 4, 56, 128 }, { 5, 57, 128 }, { 5, 58, 128 }, { 6, 59, 128 }, { 5, 60, 128 }, { 6, 61, 128 }, { 6, 62, 128 }, { 7, 63, 128 },
+   { 2, 64, 128 }, { 3, 65, 128 }, { 3, 66, 128 }, { 4, 67, 128 }, { 3, 68, 128 }, { 4, 69, 128 }, { 4, 70, 128 }, { 5, 71, 128 },
+   { 3, 72, 128 }, { 4, 73, 128 }, { 4, 74, 128 }, { 5, 75, 128 }, { 4, 76, 128 }, { 5, 77, 128 }, { 5, 78, 128 }, { 6, 79, 128 },
+   { 3, 80, 128 }, { 4, 81, 128 }, { 4, 82, 128 }, { 5, 83, 128 }, { 4, 84, 128 }, { 5, 85, 128 }, { 5, 86, 128 }, { 6, 87, 128 },
+   { 4, 88, 128 }, { 5, 89, 128 }, { 5, 90, 128 }, { 6, 91, 128 }, { 5, 92, 128 }, { 6, 93, 128 }, { 6, 94, 128 }, { 7, 95, 128 },
+   { 3, 96, 128 }, { 4, 97, 128 }, { 4, 98, 128 }, { 5, 99, 128 }, { 4, 100, 128 }, { 5, 101, 128 }, { 5, 102, 128 }, { 6, 103, 128 },
+   { 4, 104, 128 }, { 5, 105, 128 }, { 5, 106, 128 }, { 6, 107, 128 }, { 5, 108, 128 }, { 6, 109, 128 }, { 6, 110, 128 }, { 7, 111, 128 },
+   { 4, 112, 128 }, { 5, 113, 128 }, { 5, 114, 128 }, { 6, 115, 128 }, { 5, 116, 128 }, { 6, 117, 128 }, { 6, 118, 128 }, { 7, 119, 128 },
+   { 5, 120, 128 }, { 6, 121, 128 }, { 6, 122, 128 }, { 7, 123, 128 }, { 6, 124, 128 }, { 7, 125, 128 }, { 7, 126, 128 }, { 8, 127, 128 },
 #if FP_LUT > 8
-   { 1, 0, 0 }, { 2, 1, 256 }, { 2, 2, 256 }, { 3, 3, 256 }, { 2, 4, 256 }, { 3, 5, 256 }, { 3, 6, 256 }, { 4, 7, 256 }, 
-   { 2, 8, 256 }, { 3, 9, 256 }, { 3, 10, 256 }, { 4, 11, 256 }, { 3, 12, 256 }, { 4, 13, 256 }, { 4, 14, 256 }, { 5, 15, 256 }, 
-   { 2, 16, 256 }, { 3, 17, 256 }, { 3, 18, 256 }, { 4, 19, 256 }, { 3, 20, 256 }, { 4, 21, 256 }, { 4, 22, 256 }, { 5, 23, 256 }, 
-   { 3, 24, 256 }, { 4, 25, 256 }, { 4, 26, 256 }, { 5, 27, 256 }, { 4, 28, 256 }, { 5, 29, 256 }, { 5, 30, 256 }, { 6, 31, 256 }, 
-   { 2, 32, 256 }, { 3, 33, 256 }, { 3, 34, 256 }, { 4, 35, 256 }, { 3, 36, 256 }, { 4, 37, 256 }, { 4, 38, 256 }, { 5, 39, 256 }, 
-   { 3, 40, 256 }, { 4, 41, 256 }, { 4, 42, 256 }, { 5, 43, 256 }, { 4, 44, 256 }, { 5, 45, 256 }, { 5, 46, 256 }, { 6, 47, 256 }, 
-   { 3, 48, 256 }, { 4, 49, 256 }, { 4, 50, 256 }, { 5, 51, 256 }, { 4, 52, 256 }, { 5, 53, 256 }, { 5, 54, 256 }, { 6, 55, 256 }, 
-   { 4, 56, 256 }, { 5, 57, 256 }, { 5, 58, 256 }, { 6, 59, 256 }, { 5, 60, 256 }, { 6, 61, 256 }, { 6, 62, 256 }, { 7, 63, 256 }, 
-   { 2, 64, 256 }, { 3, 65, 256 }, { 3, 66, 256 }, { 4, 67, 256 }, { 3, 68, 256 }, { 4, 69, 256 }, { 4, 70, 256 }, { 5, 71, 256 }, 
-   { 3, 72, 256 }, { 4, 73, 256 }, { 4, 74, 256 }, { 5, 75, 256 }, { 4, 76, 256 }, { 5, 77, 256 }, { 5, 78, 256 }, { 6, 79, 256 }, 
-   { 3, 80, 256 }, { 4, 81, 256 }, { 4, 82, 256 }, { 5, 83, 256 }, { 4, 84, 256 }, { 5, 85, 256 }, { 5, 86, 256 }, { 6, 87, 256 }, 
-   { 4, 88, 256 }, { 5, 89, 256 }, { 5, 90, 256 }, { 6, 91, 256 }, { 5, 92, 256 }, { 6, 93, 256 }, { 6, 94, 256 }, { 7, 95, 256 }, 
-   { 3, 96, 256 }, { 4, 97, 256 }, { 4, 98, 256 }, { 5, 99, 256 }, { 4, 100, 256 }, { 5, 101, 256 }, { 5, 102, 256 }, { 6, 103, 256 }, 
-   { 4, 104, 256 }, { 5, 105, 256 }, { 5, 106, 256 }, { 6, 107, 256 }, { 5, 108, 256 }, { 6, 109, 256 }, { 6, 110, 256 }, { 7, 111, 256 }, 
-   { 4, 112, 256 }, { 5, 113, 256 }, { 5, 114, 256 }, { 6, 115, 256 }, { 5, 116, 256 }, { 6, 117, 256 }, { 6, 118, 256 }, { 7, 119, 256 }, 
-   { 5, 120, 256 }, { 6, 121, 256 }, { 6, 122, 256 }, { 7, 123, 256 }, { 6, 124, 256 }, { 7, 125, 256 }, { 7, 126, 256 }, { 8, 127, 256 }, 
-   { 2, 128, 256 }, { 3, 129, 256 }, { 3, 130, 256 }, { 4, 131, 256 }, { 3, 132, 256 }, { 4, 133, 256 }, { 4, 134, 256 }, { 5, 135, 256 }, 
-   { 3, 136, 256 }, { 4, 137, 256 }, { 4, 138, 256 }, { 5, 139, 256 }, { 4, 140, 256 }, { 5, 141, 256 }, { 5, 142, 256 }, { 6, 143, 256 }, 
-   { 3, 144, 256 }, { 4, 145, 256 }, { 4, 146, 256 }, { 5, 147, 256 }, { 4, 148, 256 }, { 5, 149, 256 }, { 5, 150, 256 }, { 6, 151, 256 }, 
-   { 4, 152, 256 }, { 5, 153, 256 }, { 5, 154, 256 }, { 6, 155, 256 }, { 5, 156, 256 }, { 6, 157, 256 }, { 6, 158, 256 }, { 7, 159, 256 }, 
-   { 3, 160, 256 }, { 4, 161, 256 }, { 4, 162, 256 }, { 5, 163, 256 }, { 4, 164, 256 }, { 5, 165, 256 }, { 5, 166, 256 }, { 6, 167, 256 }, 
-   { 4, 168, 256 }, { 5, 169, 256 }, { 5, 170, 256 }, { 6, 171, 256 }, { 5, 172, 256 }, { 6, 173, 256 }, { 6, 174, 256 }, { 7, 175, 256 }, 
-   { 4, 176, 256 }, { 5, 177, 256 }, { 5, 178, 256 }, { 6, 179, 256 }, { 5, 180, 256 }, { 6, 181, 256 }, { 6, 182, 256 }, { 7, 183, 256 }, 
-   { 5, 184, 256 }, { 6, 185, 256 }, { 6, 186, 256 }, { 7, 187, 256 }, { 6, 188, 256 }, { 7, 189, 256 }, { 7, 190, 256 }, { 8, 191, 256 }, 
-   { 3, 192, 256 }, { 4, 193, 256 }, { 4, 194, 256 }, { 5, 195, 256 }, { 4, 196, 256 }, { 5, 197, 256 }, { 5, 198, 256 }, { 6, 199, 256 }, 
-   { 4, 200, 256 }, { 5, 201, 256 }, { 5, 202, 256 }, { 6, 203, 256 }, { 5, 204, 256 }, { 6, 205, 256 }, { 6, 206, 256 }, { 7, 207, 256 }, 
-   { 4, 208, 256 }, { 5, 209, 256 }, { 5, 210, 256 }, { 6, 211, 256 }, { 5, 212, 256 }, { 6, 213, 256 }, { 6, 214, 256 }, { 7, 215, 256 }, 
-   { 5, 216, 256 }, { 6, 217, 256 }, { 6, 218, 256 }, { 7, 219, 256 }, { 6, 220, 256 }, { 7, 221, 256 }, { 7, 222, 256 }, { 8, 223, 256 }, 
-   { 4, 224, 256 }, { 5, 225, 256 }, { 5, 226, 256 }, { 6, 227, 256 }, { 5, 228, 256 }, { 6, 229, 256 }, { 6, 230, 256 }, { 7, 231, 256 }, 
-   { 5, 232, 256 }, { 6, 233, 256 }, { 6, 234, 256 }, { 7, 235, 256 }, { 6, 236, 256 }, { 7, 237, 256 }, { 7, 238, 256 }, { 8, 239, 256 }, 
-   { 5, 240, 256 }, { 6, 241, 256 }, { 6, 242, 256 }, { 7, 243, 256 }, { 6, 244, 256 }, { 7, 245, 256 }, { 7, 246, 256 }, { 8, 247, 256 }, 
-   { 6, 248, 256 }, { 7, 249, 256 }, { 7, 250, 256 }, { 8, 251, 256 }, { 7, 252, 256 }, { 8, 253, 256 }, { 8, 254, 256 }, { 9, 255, 256 }, 
+   { 1, 0, 0 }, { 2, 1, 256 }, { 2, 2, 256 }, { 3, 3, 256 }, { 2, 4, 256 }, { 3, 5, 256 }, { 3, 6, 256 }, { 4, 7, 256 },
+   { 2, 8, 256 }, { 3, 9, 256 }, { 3, 10, 256 }, { 4, 11, 256 }, { 3, 12, 256 }, { 4, 13, 256 }, { 4, 14, 256 }, { 5, 15, 256 },
+   { 2, 16, 256 }, { 3, 17, 256 }, { 3, 18, 256 }, { 4, 19, 256 }, { 3, 20, 256 }, { 4, 21, 256 }, { 4, 22, 256 }, { 5, 23, 256 },
+   { 3, 24, 256 }, { 4, 25, 256 }, { 4, 26, 256 }, { 5, 27, 256 }, { 4, 28, 256 }, { 5, 29, 256 }, { 5, 30, 256 }, { 6, 31, 256 },
+   { 2, 32, 256 }, { 3, 33, 256 }, { 3, 34, 256 }, { 4, 35, 256 }, { 3, 36, 256 }, { 4, 37, 256 }, { 4, 38, 256 }, { 5, 39, 256 },
+   { 3, 40, 256 }, { 4, 41, 256 }, { 4, 42, 256 }, { 5, 43, 256 }, { 4, 44, 256 }, { 5, 45, 256 }, { 5, 46, 256 }, { 6, 47, 256 },
+   { 3, 48, 256 }, { 4, 49, 256 }, { 4, 50, 256 }, { 5, 51, 256 }, { 4, 52, 256 }, { 5, 53, 256 }, { 5, 54, 256 }, { 6, 55, 256 },
+   { 4, 56, 256 }, { 5, 57, 256 }, { 5, 58, 256 }, { 6, 59, 256 }, { 5, 60, 256 }, { 6, 61, 256 }, { 6, 62, 256 }, { 7, 63, 256 },
+   { 2, 64, 256 }, { 3, 65, 256 }, { 3, 66, 256 }, { 4, 67, 256 }, { 3, 68, 256 }, { 4, 69, 256 }, { 4, 70, 256 }, { 5, 71, 256 },
+   { 3, 72, 256 }, { 4, 73, 256 }, { 4, 74, 256 }, { 5, 75, 256 }, { 4, 76, 256 }, { 5, 77, 256 }, { 5, 78, 256 }, { 6, 79, 256 },
+   { 3, 80, 256 }, { 4, 81, 256 }, { 4, 82, 256 }, { 5, 83, 256 }, { 4, 84, 256 }, { 5, 85, 256 }, { 5, 86, 256 }, { 6, 87, 256 },
+   { 4, 88, 256 }, { 5, 89, 256 }, { 5, 90, 256 }, { 6, 91, 256 }, { 5, 92, 256 }, { 6, 93, 256 }, { 6, 94, 256 }, { 7, 95, 256 },
+   { 3, 96, 256 }, { 4, 97, 256 }, { 4, 98, 256 }, { 5, 99, 256 }, { 4, 100, 256 }, { 5, 101, 256 }, { 5, 102, 256 }, { 6, 103, 256 },
+   { 4, 104, 256 }, { 5, 105, 256 }, { 5, 106, 256 }, { 6, 107, 256 }, { 5, 108, 256 }, { 6, 109, 256 }, { 6, 110, 256 }, { 7, 111, 256 },
+   { 4, 112, 256 }, { 5, 113, 256 }, { 5, 114, 256 }, { 6, 115, 256 }, { 5, 116, 256 }, { 6, 117, 256 }, { 6, 118, 256 }, { 7, 119, 256 },
+   { 5, 120, 256 }, { 6, 121, 256 }, { 6, 122, 256 }, { 7, 123, 256 }, { 6, 124, 256 }, { 7, 125, 256 }, { 7, 126, 256 }, { 8, 127, 256 },
+   { 2, 128, 256 }, { 3, 129, 256 }, { 3, 130, 256 }, { 4, 131, 256 }, { 3, 132, 256 }, { 4, 133, 256 }, { 4, 134, 256 }, { 5, 135, 256 },
+   { 3, 136, 256 }, { 4, 137, 256 }, { 4, 138, 256 }, { 5, 139, 256 }, { 4, 140, 256 }, { 5, 141, 256 }, { 5, 142, 256 }, { 6, 143, 256 },
+   { 3, 144, 256 }, { 4, 145, 256 }, { 4, 146, 256 }, { 5, 147, 256 }, { 4, 148, 256 }, { 5, 149, 256 }, { 5, 150, 256 }, { 6, 151, 256 },
+   { 4, 152, 256 }, { 5, 153, 256 }, { 5, 154, 256 }, { 6, 155, 256 }, { 5, 156, 256 }, { 6, 157, 256 }, { 6, 158, 256 }, { 7, 159, 256 },
+   { 3, 160, 256 }, { 4, 161, 256 }, { 4, 162, 256 }, { 5, 163, 256 }, { 4, 164, 256 }, { 5, 165, 256 }, { 5, 166, 256 }, { 6, 167, 256 },
+   { 4, 168, 256 }, { 5, 169, 256 }, { 5, 170, 256 }, { 6, 171, 256 }, { 5, 172, 256 }, { 6, 173, 256 }, { 6, 174, 256 }, { 7, 175, 256 },
+   { 4, 176, 256 }, { 5, 177, 256 }, { 5, 178, 256 }, { 6, 179, 256 }, { 5, 180, 256 }, { 6, 181, 256 }, { 6, 182, 256 }, { 7, 183, 256 },
+   { 5, 184, 256 }, { 6, 185, 256 }, { 6, 186, 256 }, { 7, 187, 256 }, { 6, 188, 256 }, { 7, 189, 256 }, { 7, 190, 256 }, { 8, 191, 256 },
+   { 3, 192, 256 }, { 4, 193, 256 }, { 4, 194, 256 }, { 5, 195, 256 }, { 4, 196, 256 }, { 5, 197, 256 }, { 5, 198, 256 }, { 6, 199, 256 },
+   { 4, 200, 256 }, { 5, 201, 256 }, { 5, 202, 256 }, { 6, 203, 256 }, { 5, 204, 256 }, { 6, 205, 256 }, { 6, 206, 256 }, { 7, 207, 256 },
+   { 4, 208, 256 }, { 5, 209, 256 }, { 5, 210, 256 }, { 6, 211, 256 }, { 5, 212, 256 }, { 6, 213, 256 }, { 6, 214, 256 }, { 7, 215, 256 },
+   { 5, 216, 256 }, { 6, 217, 256 }, { 6, 218, 256 }, { 7, 219, 256 }, { 6, 220, 256 }, { 7, 221, 256 }, { 7, 222, 256 }, { 8, 223, 256 },
+   { 4, 224, 256 }, { 5, 225, 256 }, { 5, 226, 256 }, { 6, 227, 256 }, { 5, 228, 256 }, { 6, 229, 256 }, { 6, 230, 256 }, { 7, 231, 256 },
+   { 5, 232, 256 }, { 6, 233, 256 }, { 6, 234, 256 }, { 7, 235, 256 }, { 6, 236, 256 }, { 7, 237, 256 }, { 7, 238, 256 }, { 8, 239, 256 },
+   { 5, 240, 256 }, { 6, 241, 256 }, { 6, 242, 256 }, { 7, 243, 256 }, { 6, 244, 256 }, { 7, 245, 256 }, { 7, 246, 256 }, { 8, 247, 256 },
+   { 6, 248, 256 }, { 7, 249, 256 }, { 7, 250, 256 }, { 8, 251, 256 }, { 7, 252, 256 }, { 8, 253, 256 }, { 8, 254, 256 }, { 9, 255, 256 },
 #if FP_LUT > 9
-   { 1, 0, 0 }, { 2, 1, 512 }, { 2, 2, 512 }, { 3, 3, 512 }, { 2, 4, 512 }, { 3, 5, 512 }, { 3, 6, 512 }, { 4, 7, 512 }, 
-   { 2, 8, 512 }, { 3, 9, 512 }, { 3, 10, 512 }, { 4, 11, 512 }, { 3, 12, 512 }, { 4, 13, 512 }, { 4, 14, 512 }, { 5, 15, 512 }, 
-   { 2, 16, 512 }, { 3, 17, 512 }, { 3, 18, 512 }, { 4, 19, 512 }, { 3, 20, 512 }, { 4, 21, 512 }, { 4, 22, 512 }, { 5, 23, 512 }, 
-   { 3, 24, 512 }, { 4, 25, 512 }, { 4, 26, 512 }, { 5, 27, 512 }, { 4, 28, 512 }, { 5, 29, 512 }, { 5, 30, 512 }, { 6, 31, 512 }, 
-   { 2, 32, 512 }, { 3, 33, 512 }, { 3, 34, 512 }, { 4, 35, 512 }, { 3, 36, 512 }, { 4, 37, 512 }, { 4, 38, 512 }, { 5, 39, 512 }, 
-   { 3, 40, 512 }, { 4, 41, 512 }, { 4, 42, 512 }, { 5, 43, 512 }, { 4, 44, 512 }, { 5, 45, 512 }, { 5, 46, 512 }, { 6, 47, 512 }, 
-   { 3, 48, 512 }, { 4, 49, 512 }, { 4, 50, 512 }, { 5, 51, 512 }, { 4, 52, 512 }, { 5, 53, 512 }, { 5, 54, 512 }, { 6, 55, 512 }, 
-   { 4, 56, 512 }, { 5, 57, 512 }, { 5, 58, 512 }, { 6, 59, 512 }, { 5, 60, 512 }, { 6, 61, 512 }, { 6, 62, 512 }, { 7, 63, 512 }, 
-   { 2, 64, 512 }, { 3, 65, 512 }, { 3, 66, 512 }, { 4, 67, 512 }, { 3, 68, 512 }, { 4, 69, 512 }, { 4, 70, 512 }, { 5, 71, 512 }, 
-   { 3, 72, 512 }, { 4, 73, 512 }, { 4, 74, 512 }, { 5, 75, 512 }, { 4, 76, 512 }, { 5, 77, 512 }, { 5, 78, 512 }, { 6, 79, 512 }, 
-   { 3, 80, 512 }, { 4, 81, 512 }, { 4, 82, 512 }, { 5, 83, 512 }, { 4, 84, 512 }, { 5, 85, 512 }, { 5, 86, 512 }, { 6, 87, 512 }, 
-   { 4, 88, 512 }, { 5, 89, 512 }, { 5, 90, 512 }, { 6, 91, 512 }, { 5, 92, 512 }, { 6, 93, 512 }, { 6, 94, 512 }, { 7, 95, 512 }, 
-   { 3, 96, 512 }, { 4, 97, 512 }, { 4, 98, 512 }, { 5, 99, 512 }, { 4, 100, 512 }, { 5, 101, 512 }, { 5, 102, 512 }, { 6, 103, 512 }, 
-   { 4, 104, 512 }, { 5, 105, 512 }, { 5, 106, 512 }, { 6, 107, 512 }, { 5, 108, 512 }, { 6, 109, 512 }, { 6, 110, 512 }, { 7, 111, 512 }, 
-   { 4, 112, 512 }, { 5, 113, 512 }, { 5, 114, 512 }, { 6, 115, 512 }, { 5, 116, 512 }, { 6, 117, 512 }, { 6, 118, 512 }, { 7, 119, 512 }, 
-   { 5, 120, 512 }, { 6, 121, 512 }, { 6, 122, 512 }, { 7, 123, 512 }, { 6, 124, 512 }, { 7, 125, 512 }, { 7, 126, 512 }, { 8, 127, 512 }, 
-   { 2, 128, 512 }, { 3, 129, 512 }, { 3, 130, 512 }, { 4, 131, 512 }, { 3, 132, 512 }, { 4, 133, 512 }, { 4, 134, 512 }, { 5, 135, 512 }, 
-   { 3, 136, 512 }, { 4, 137, 512 }, { 4, 138, 512 }, { 5, 139, 512 }, { 4, 140, 512 }, { 5, 141, 512 }, { 5, 142, 512 }, { 6, 143, 512 }, 
-   { 3, 144, 512 }, { 4, 145, 512 }, { 4, 146, 512 }, { 5, 147, 512 }, { 4, 148, 512 }, { 5, 149, 512 }, { 5, 150, 512 }, { 6, 151, 512 }, 
-   { 4, 152, 512 }, { 5, 153, 512 }, { 5, 154, 512 }, { 6, 155, 512 }, { 5, 156, 512 }, { 6, 157, 512 }, { 6, 158, 512 }, { 7, 159, 512 }, 
-   { 3, 160, 512 }, { 4, 161, 512 }, { 4, 162, 512 }, { 5, 163, 512 }, { 4, 164, 512 }, { 5, 165, 512 }, { 5, 166, 512 }, { 6, 167, 512 }, 
-   { 4, 168, 512 }, { 5, 169, 512 }, { 5, 170, 512 }, { 6, 171, 512 }, { 5, 172, 512 }, { 6, 173, 512 }, { 6, 174, 512 }, { 7, 175, 512 }, 
-   { 4, 176, 512 }, { 5, 177, 512 }, { 5, 178, 512 }, { 6, 179, 512 }, { 5, 180, 512 }, { 6, 181, 512 }, { 6, 182, 512 }, { 7, 183, 512 }, 
-   { 5, 184, 512 }, { 6, 185, 512 }, { 6, 186, 512 }, { 7, 187, 512 }, { 6, 188, 512 }, { 7, 189, 512 }, { 7, 190, 512 }, { 8, 191, 512 }, 
-   { 3, 192, 512 }, { 4, 193, 512 }, { 4, 194, 512 }, { 5, 195, 512 }, { 4, 196, 512 }, { 5, 197, 512 }, { 5, 198, 512 }, { 6, 199, 512 }, 
-   { 4, 200, 512 }, { 5, 201, 512 }, { 5, 202, 512 }, { 6, 203, 512 }, { 5, 204, 512 }, { 6, 205, 512 }, { 6, 206, 512 }, { 7, 207, 512 }, 
-   { 4, 208, 512 }, { 5, 209, 512 }, { 5, 210, 512 }, { 6, 211, 512 }, { 5, 212, 512 }, { 6, 213, 512 }, { 6, 214, 512 }, { 7, 215, 512 }, 
-   { 5, 216, 512 }, { 6, 217, 512 }, { 6, 218, 512 }, { 7, 219, 512 }, { 6, 220, 512 }, { 7, 221, 512 }, { 7, 222, 512 }, { 8, 223, 512 }, 
-   { 4, 224, 512 }, { 5, 225, 512 }, { 5, 226, 512 }, { 6, 227, 512 }, { 5, 228, 512 }, { 6, 229, 512 }, { 6, 230, 512 }, { 7, 231, 512 }, 
-   { 5, 232, 512 }, { 6, 233, 512 }, { 6, 234, 512 }, { 7, 235, 512 }, { 6, 236, 512 }, { 7, 237, 512 }, { 7, 238, 512 }, { 8, 239, 512 }, 
-   { 5, 240, 512 }, { 6, 241, 512 }, { 6, 242, 512 }, { 7, 243, 512 }, { 6, 244, 512 }, { 7, 245, 512 }, { 7, 246, 512 }, { 8, 247, 512 }, 
-   { 6, 248, 512 }, { 7, 249, 512 }, { 7, 250, 512 }, { 8, 251, 512 }, { 7, 252, 512 }, { 8, 253, 512 }, { 8, 254, 512 }, { 9, 255, 512 }, 
-   { 2, 256, 512 }, { 3, 257, 512 }, { 3, 258, 512 }, { 4, 259, 512 }, { 3, 260, 512 }, { 4, 261, 512 }, { 4, 262, 512 }, { 5, 263, 512 }, 
-   { 3, 264, 512 }, { 4, 265, 512 }, { 4, 266, 512 }, { 5, 267, 512 }, { 4, 268, 512 }, { 5, 269, 512 }, { 5, 270, 512 }, { 6, 271, 512 }, 
-   { 3, 272, 512 }, { 4, 273, 512 }, { 4, 274, 512 }, { 5, 275, 512 }, { 4, 276, 512 }, { 5, 277, 512 }, { 5, 278, 512 }, { 6, 279, 512 }, 
-   { 4, 280, 512 }, { 5, 281, 512 }, { 5, 282, 512 }, { 6, 283, 512 }, { 5, 284, 512 }, { 6, 285, 512 }, { 6, 286, 512 }, { 7, 287, 512 }, 
-   { 3, 288, 512 }, { 4, 289, 512 }, { 4, 290, 512 }, { 5, 291, 512 }, { 4, 292, 512 }, { 5, 293, 512 }, { 5, 294, 512 }, { 6, 295, 512 }, 
-   { 4, 296, 512 }, { 5, 297, 512 }, { 5, 298, 512 }, { 6, 299, 512 }, { 5, 300, 512 }, { 6, 301, 512 }, { 6, 302, 512 }, { 7, 303, 512 }, 
-   { 4, 304, 512 }, { 5, 305, 512 }, { 5, 306, 512 }, { 6, 307, 512 }, { 5, 308, 512 }, { 6, 309, 512 }, { 6, 310, 512 }, { 7, 311, 512 }, 
-   { 5, 312, 512 }, { 6, 313, 512 }, { 6, 314, 512 }, { 7, 315, 512 }, { 6, 316, 512 }, { 7, 317, 512 }, { 7, 318, 512 }, { 8, 319, 512 }, 
-   { 3, 320, 512 }, { 4, 321, 512 }, { 4, 322, 512 }, { 5, 323, 512 }, { 4, 324, 512 }, { 5, 325, 512 }, { 5, 326, 512 }, { 6, 327, 512 }, 
-   { 4, 328, 512 }, { 5, 329, 512 }, { 5, 330, 512 }, { 6, 331, 512 }, { 5, 332, 512 }, { 6, 333, 512 }, { 6, 334, 512 }, { 7, 335, 512 }, 
-   { 4, 336, 512 }, { 5, 337, 512 }, { 5, 338, 512 }, { 6, 339, 512 }, { 5, 340, 512 }, { 6, 341, 512 }, { 6, 342, 512 }, { 7, 343, 512 }, 
-   { 5, 344, 512 }, { 6, 345, 512 }, { 6, 346, 512 }, { 7, 347, 512 }, { 6, 348, 512 }, { 7, 349, 512 }, { 7, 350, 512 }, { 8, 351, 512 }, 
-   { 4, 352, 512 }, { 5, 353, 512 }, { 5, 354, 512 }, { 6, 355, 512 }, { 5, 356, 512 }, { 6, 357, 512 }, { 6, 358, 512 }, { 7, 359, 512 }, 
-   { 5, 360, 512 }, { 6, 361, 512 }, { 6, 362, 512 }, { 7, 363, 512 }, { 6, 364, 512 }, { 7, 365, 512 }, { 7, 366, 512 }, { 8, 367, 512 }, 
-   { 5, 368, 512 }, { 6, 369, 512 }, { 6, 370, 512 }, { 7, 371, 512 }, { 6, 372, 512 }, { 7, 373, 512 }, { 7, 374, 512 }, { 8, 375, 512 }, 
-   { 6, 376, 512 }, { 7, 377, 512 }, { 7, 378, 512 }, { 8, 379, 512 }, { 7, 380, 512 }, { 8, 381, 512 }, { 8, 382, 512 }, { 9, 383, 512 }, 
-   { 3, 384, 512 }, { 4, 385, 512 }, { 4, 386, 512 }, { 5, 387, 512 }, { 4, 388, 512 }, { 5, 389, 512 }, { 5, 390, 512 }, { 6, 391, 512 }, 
-   { 4, 392, 512 }, { 5, 393, 512 }, { 5, 394, 512 }, { 6, 395, 512 }, { 5, 396, 512 }, { 6, 397, 512 }, { 6, 398, 512 }, { 7, 399, 512 }, 
-   { 4, 400, 512 }, { 5, 401, 512 }, { 5, 402, 512 }, { 6, 403, 512 }, { 5, 404, 512 }, { 6, 405, 512 }, { 6, 406, 512 }, { 7, 407, 512 }, 
-   { 5, 408, 512 }, { 6, 409, 512 }, { 6, 410, 512 }, { 7, 411, 512 }, { 6, 412, 512 }, { 7, 413, 512 }, { 7, 414, 512 }, { 8, 415, 512 }, 
-   { 4, 416, 512 }, { 5, 417, 512 }, { 5, 418, 512 }, { 6, 419, 512 }, { 5, 420, 512 }, { 6, 421, 512 }, { 6, 422, 512 }, { 7, 423, 512 }, 
-   { 5, 424, 512 }, { 6, 425, 512 }, { 6, 426, 512 }, { 7, 427, 512 }, { 6, 428, 512 }, { 7, 429, 512 }, { 7, 430, 512 }, { 8, 431, 512 }, 
-   { 5, 432, 512 }, { 6, 433, 512 }, { 6, 434, 512 }, { 7, 435, 512 }, { 6, 436, 512 }, { 7, 437, 512 }, { 7, 438, 512 }, { 8, 439, 512 }, 
-   { 6, 440, 512 }, { 7, 441, 512 }, { 7, 442, 512 }, { 8, 443, 512 }, { 7, 444, 512 }, { 8, 445, 512 }, { 8, 446, 512 }, { 9, 447, 512 }, 
-   { 4, 448, 512 }, { 5, 449, 512 }, { 5, 450, 512 }, { 6, 451, 512 }, { 5, 452, 512 }, { 6, 453, 512 }, { 6, 454, 512 }, { 7, 455, 512 }, 
-   { 5, 456, 512 }, { 6, 457, 512 }, { 6, 458, 512 }, { 7, 459, 512 }, { 6, 460, 512 }, { 7, 461, 512 }, { 7, 462, 512 }, { 8, 463, 512 }, 
-   { 5, 464, 512 }, { 6, 465, 512 }, { 6, 466, 512 }, { 7, 467, 512 }, { 6, 468, 512 }, { 7, 469, 512 }, { 7, 470, 512 }, { 8, 471, 512 }, 
-   { 6, 472, 512 }, { 7, 473, 512 }, { 7, 474, 512 }, { 8, 475, 512 }, { 7, 476, 512 }, { 8, 477, 512 }, { 8, 478, 512 }, { 9, 479, 512 }, 
-   { 5, 480, 512 }, { 6, 481, 512 }, { 6, 482, 512 }, { 7, 483, 512 }, { 6, 484, 512 }, { 7, 485, 512 }, { 7, 486, 512 }, { 8, 487, 512 }, 
-   { 6, 488, 512 }, { 7, 489, 512 }, { 7, 490, 512 }, { 8, 491, 512 }, { 7, 492, 512 }, { 8, 493, 512 }, { 8, 494, 512 }, { 9, 495, 512 }, 
-   { 6, 496, 512 }, { 7, 497, 512 }, { 7, 498, 512 }, { 8, 499, 512 }, { 7, 500, 512 }, { 8, 501, 512 }, { 8, 502, 512 }, { 9, 503, 512 }, 
-   { 7, 504, 512 }, { 8, 505, 512 }, { 8, 506, 512 }, { 9, 507, 512 }, { 8, 508, 512 }, { 9, 509, 512 }, { 9, 510, 512 }, { 10, 511, 512 }, 
+   { 1, 0, 0 }, { 2, 1, 512 }, { 2, 2, 512 }, { 3, 3, 512 }, { 2, 4, 512 }, { 3, 5, 512 }, { 3, 6, 512 }, { 4, 7, 512 },
+   { 2, 8, 512 }, { 3, 9, 512 }, { 3, 10, 512 }, { 4, 11, 512 }, { 3, 12, 512 }, { 4, 13, 512 }, { 4, 14, 512 }, { 5, 15, 512 },
+   { 2, 16, 512 }, { 3, 17, 512 }, { 3, 18, 512 }, { 4, 19, 512 }, { 3, 20, 512 }, { 4, 21, 512 }, { 4, 22, 512 }, { 5, 23, 512 },
+   { 3, 24, 512 }, { 4, 25, 512 }, { 4, 26, 512 }, { 5, 27, 512 }, { 4, 28, 512 }, { 5, 29, 512 }, { 5, 30, 512 }, { 6, 31, 512 },
+   { 2, 32, 512 }, { 3, 33, 512 }, { 3, 34, 512 }, { 4, 35, 512 }, { 3, 36, 512 }, { 4, 37, 512 }, { 4, 38, 512 }, { 5, 39, 512 },
+   { 3, 40, 512 }, { 4, 41, 512 }, { 4, 42, 512 }, { 5, 43, 512 }, { 4, 44, 512 }, { 5, 45, 512 }, { 5, 46, 512 }, { 6, 47, 512 },
+   { 3, 48, 512 }, { 4, 49, 512 }, { 4, 50, 512 }, { 5, 51, 512 }, { 4, 52, 512 }, { 5, 53, 512 }, { 5, 54, 512 }, { 6, 55, 512 },
+   { 4, 56, 512 }, { 5, 57, 512 }, { 5, 58, 512 }, { 6, 59, 512 }, { 5, 60, 512 }, { 6, 61, 512 }, { 6, 62, 512 }, { 7, 63, 512 },
+   { 2, 64, 512 }, { 3, 65, 512 }, { 3, 66, 512 }, { 4, 67, 512 }, { 3, 68, 512 }, { 4, 69, 512 }, { 4, 70, 512 }, { 5, 71, 512 },
+   { 3, 72, 512 }, { 4, 73, 512 }, { 4, 74, 512 }, { 5, 75, 512 }, { 4, 76, 512 }, { 5, 77, 512 }, { 5, 78, 512 }, { 6, 79, 512 },
+   { 3, 80, 512 }, { 4, 81, 512 }, { 4, 82, 512 }, { 5, 83, 512 }, { 4, 84, 512 }, { 5, 85, 512 }, { 5, 86, 512 }, { 6, 87, 512 },
+   { 4, 88, 512 }, { 5, 89, 512 }, { 5, 90, 512 }, { 6, 91, 512 }, { 5, 92, 512 }, { 6, 93, 512 }, { 6, 94, 512 }, { 7, 95, 512 },
+   { 3, 96, 512 }, { 4, 97, 512 }, { 4, 98, 512 }, { 5, 99, 512 }, { 4, 100, 512 }, { 5, 101, 512 }, { 5, 102, 512 }, { 6, 103, 512 },
+   { 4, 104, 512 }, { 5, 105, 512 }, { 5, 106, 512 }, { 6, 107, 512 }, { 5, 108, 512 }, { 6, 109, 512 }, { 6, 110, 512 }, { 7, 111, 512 },
+   { 4, 112, 512 }, { 5, 113, 512 }, { 5, 114, 512 }, { 6, 115, 512 }, { 5, 116, 512 }, { 6, 117, 512 }, { 6, 118, 512 }, { 7, 119, 512 },
+   { 5, 120, 512 }, { 6, 121, 512 }, { 6, 122, 512 }, { 7, 123, 512 }, { 6, 124, 512 }, { 7, 125, 512 }, { 7, 126, 512 }, { 8, 127, 512 },
+   { 2, 128, 512 }, { 3, 129, 512 }, { 3, 130, 512 }, { 4, 131, 512 }, { 3, 132, 512 }, { 4, 133, 512 }, { 4, 134, 512 }, { 5, 135, 512 },
+   { 3, 136, 512 }, { 4, 137, 512 }, { 4, 138, 512 }, { 5, 139, 512 }, { 4, 140, 512 }, { 5, 141, 512 }, { 5, 142, 512 }, { 6, 143, 512 },
+   { 3, 144, 512 }, { 4, 145, 512 }, { 4, 146, 512 }, { 5, 147, 512 }, { 4, 148, 512 }, { 5, 149, 512 }, { 5, 150, 512 }, { 6, 151, 512 },
+   { 4, 152, 512 }, { 5, 153, 512 }, { 5, 154, 512 }, { 6, 155, 512 }, { 5, 156, 512 }, { 6, 157, 512 }, { 6, 158, 512 }, { 7, 159, 512 },
+   { 3, 160, 512 }, { 4, 161, 512 }, { 4, 162, 512 }, { 5, 163, 512 }, { 4, 164, 512 }, { 5, 165, 512 }, { 5, 166, 512 }, { 6, 167, 512 },
+   { 4, 168, 512 }, { 5, 169, 512 }, { 5, 170, 512 }, { 6, 171, 512 }, { 5, 172, 512 }, { 6, 173, 512 }, { 6, 174, 512 }, { 7, 175, 512 },
+   { 4, 176, 512 }, { 5, 177, 512 }, { 5, 178, 512 }, { 6, 179, 512 }, { 5, 180, 512 }, { 6, 181, 512 }, { 6, 182, 512 }, { 7, 183, 512 },
+   { 5, 184, 512 }, { 6, 185, 512 }, { 6, 186, 512 }, { 7, 187, 512 }, { 6, 188, 512 }, { 7, 189, 512 }, { 7, 190, 512 }, { 8, 191, 512 },
+   { 3, 192, 512 }, { 4, 193, 512 }, { 4, 194, 512 }, { 5, 195, 512 }, { 4, 196, 512 }, { 5, 197, 512 }, { 5, 198, 512 }, { 6, 199, 512 },
+   { 4, 200, 512 }, { 5, 201, 512 }, { 5, 202, 512 }, { 6, 203, 512 }, { 5, 204, 512 }, { 6, 205, 512 }, { 6, 206, 512 }, { 7, 207, 512 },
+   { 4, 208, 512 }, { 5, 209, 512 }, { 5, 210, 512 }, { 6, 211, 512 }, { 5, 212, 512 }, { 6, 213, 512 }, { 6, 214, 512 }, { 7, 215, 512 },
+   { 5, 216, 512 }, { 6, 217, 512 }, { 6, 218, 512 }, { 7, 219, 512 }, { 6, 220, 512 }, { 7, 221, 512 }, { 7, 222, 512 }, { 8, 223, 512 },
+   { 4, 224, 512 }, { 5, 225, 512 }, { 5, 226, 512 }, { 6, 227, 512 }, { 5, 228, 512 }, { 6, 229, 512 }, { 6, 230, 512 }, { 7, 231, 512 },
+   { 5, 232, 512 }, { 6, 233, 512 }, { 6, 234, 512 }, { 7, 235, 512 }, { 6, 236, 512 }, { 7, 237, 512 }, { 7, 238, 512 }, { 8, 239, 512 },
+   { 5, 240, 512 }, { 6, 241, 512 }, { 6, 242, 512 }, { 7, 243, 512 }, { 6, 244, 512 }, { 7, 245, 512 }, { 7, 246, 512 }, { 8, 247, 512 },
+   { 6, 248, 512 }, { 7, 249, 512 }, { 7, 250, 512 }, { 8, 251, 512 }, { 7, 252, 512 }, { 8, 253, 512 }, { 8, 254, 512 }, { 9, 255, 512 },
+   { 2, 256, 512 }, { 3, 257, 512 }, { 3, 258, 512 }, { 4, 259, 512 }, { 3, 260, 512 }, { 4, 261, 512 }, { 4, 262, 512 }, { 5, 263, 512 },
+   { 3, 264, 512 }, { 4, 265, 512 }, { 4, 266, 512 }, { 5, 267, 512 }, { 4, 268, 512 }, { 5, 269, 512 }, { 5, 270, 512 }, { 6, 271, 512 },
+   { 3, 272, 512 }, { 4, 273, 512 }, { 4, 274, 512 }, { 5, 275, 512 }, { 4, 276, 512 }, { 5, 277, 512 }, { 5, 278, 512 }, { 6, 279, 512 },
+   { 4, 280, 512 }, { 5, 281, 512 }, { 5, 282, 512 }, { 6, 283, 512 }, { 5, 284, 512 }, { 6, 285, 512 }, { 6, 286, 512 }, { 7, 287, 512 },
+   { 3, 288, 512 }, { 4, 289, 512 }, { 4, 290, 512 }, { 5, 291, 512 }, { 4, 292, 512 }, { 5, 293, 512 }, { 5, 294, 512 }, { 6, 295, 512 },
+   { 4, 296, 512 }, { 5, 297, 512 }, { 5, 298, 512 }, { 6, 299, 512 }, { 5, 300, 512 }, { 6, 301, 512 }, { 6, 302, 512 }, { 7, 303, 512 },
+   { 4, 304, 512 }, { 5, 305, 512 }, { 5, 306, 512 }, { 6, 307, 512 }, { 5, 308, 512 }, { 6, 309, 512 }, { 6, 310, 512 }, { 7, 311, 512 },
+   { 5, 312, 512 }, { 6, 313, 512 }, { 6, 314, 512 }, { 7, 315, 512 }, { 6, 316, 512 }, { 7, 317, 512 }, { 7, 318, 512 }, { 8, 319, 512 },
+   { 3, 320, 512 }, { 4, 321, 512 }, { 4, 322, 512 }, { 5, 323, 512 }, { 4, 324, 512 }, { 5, 325, 512 }, { 5, 326, 512 }, { 6, 327, 512 },
+   { 4, 328, 512 }, { 5, 329, 512 }, { 5, 330, 512 }, { 6, 331, 512 }, { 5, 332, 512 }, { 6, 333, 512 }, { 6, 334, 512 }, { 7, 335, 512 },
+   { 4, 336, 512 }, { 5, 337, 512 }, { 5, 338, 512 }, { 6, 339, 512 }, { 5, 340, 512 }, { 6, 341, 512 }, { 6, 342, 512 }, { 7, 343, 512 },
+   { 5, 344, 512 }, { 6, 345, 512 }, { 6, 346, 512 }, { 7, 347, 512 }, { 6, 348, 512 }, { 7, 349, 512 }, { 7, 350, 512 }, { 8, 351, 512 },
+   { 4, 352, 512 }, { 5, 353, 512 }, { 5, 354, 512 }, { 6, 355, 512 }, { 5, 356, 512 }, { 6, 357, 512 }, { 6, 358, 512 }, { 7, 359, 512 },
+   { 5, 360, 512 }, { 6, 361, 512 }, { 6, 362, 512 }, { 7, 363, 512 }, { 6, 364, 512 }, { 7, 365, 512 }, { 7, 366, 512 }, { 8, 367, 512 },
+   { 5, 368, 512 }, { 6, 369, 512 }, { 6, 370, 512 }, { 7, 371, 512 }, { 6, 372, 512 }, { 7, 373, 512 }, { 7, 374, 512 }, { 8, 375, 512 },
+   { 6, 376, 512 }, { 7, 377, 512 }, { 7, 378, 512 }, { 8, 379, 512 }, { 7, 380, 512 }, { 8, 381, 512 }, { 8, 382, 512 }, { 9, 383, 512 },
+   { 3, 384, 512 }, { 4, 385, 512 }, { 4, 386, 512 }, { 5, 387, 512 }, { 4, 388, 512 }, { 5, 389, 512 }, { 5, 390, 512 }, { 6, 391, 512 },
+   { 4, 392, 512 }, { 5, 393, 512 }, { 5, 394, 512 }, { 6, 395, 512 }, { 5, 396, 512 }, { 6, 397, 512 }, { 6, 398, 512 }, { 7, 399, 512 },
+   { 4, 400, 512 }, { 5, 401, 512 }, { 5, 402, 512 }, { 6, 403, 512 }, { 5, 404, 512 }, { 6, 405, 512 }, { 6, 406, 512 }, { 7, 407, 512 },
+   { 5, 408, 512 }, { 6, 409, 512 }, { 6, 410, 512 }, { 7, 411, 512 }, { 6, 412, 512 }, { 7, 413, 512 }, { 7, 414, 512 }, { 8, 415, 512 },
+   { 4, 416, 512 }, { 5, 417, 512 }, { 5, 418, 512 }, { 6, 419, 512 }, { 5, 420, 512 }, { 6, 421, 512 }, { 6, 422, 512 }, { 7, 423, 512 },
+   { 5, 424, 512 }, { 6, 425, 512 }, { 6, 426, 512 }, { 7, 427, 512 }, { 6, 428, 512 }, { 7, 429, 512 }, { 7, 430, 512 }, { 8, 431, 512 },
+   { 5, 432, 512 }, { 6, 433, 512 }, { 6, 434, 512 }, { 7, 435, 512 }, { 6, 436, 512 }, { 7, 437, 512 }, { 7, 438, 512 }, { 8, 439, 512 },
+   { 6, 440, 512 }, { 7, 441, 512 }, { 7, 442, 512 }, { 8, 443, 512 }, { 7, 444, 512 }, { 8, 445, 512 }, { 8, 446, 512 }, { 9, 447, 512 },
+   { 4, 448, 512 }, { 5, 449, 512 }, { 5, 450, 512 }, { 6, 451, 512 }, { 5, 452, 512 }, { 6, 453, 512 }, { 6, 454, 512 }, { 7, 455, 512 },
+   { 5, 456, 512 }, { 6, 457, 512 }, { 6, 458, 512 }, { 7, 459, 512 }, { 6, 460, 512 }, { 7, 461, 512 }, { 7, 462, 512 }, { 8, 463, 512 },
+   { 5, 464, 512 }, { 6, 465, 512 }, { 6, 466, 512 }, { 7, 467, 512 }, { 6, 468, 512 }, { 7, 469, 512 }, { 7, 470, 512 }, { 8, 471, 512 },
+   { 6, 472, 512 }, { 7, 473, 512 }, { 7, 474, 512 }, { 8, 475, 512 }, { 7, 476, 512 }, { 8, 477, 512 }, { 8, 478, 512 }, { 9, 479, 512 },
+   { 5, 480, 512 }, { 6, 481, 512 }, { 6, 482, 512 }, { 7, 483, 512 }, { 6, 484, 512 }, { 7, 485, 512 }, { 7, 486, 512 }, { 8, 487, 512 },
+   { 6, 488, 512 }, { 7, 489, 512 }, { 7, 490, 512 }, { 8, 491, 512 }, { 7, 492, 512 }, { 8, 493, 512 }, { 8, 494, 512 }, { 9, 495, 512 },
+   { 6, 496, 512 }, { 7, 497, 512 }, { 7, 498, 512 }, { 8, 499, 512 }, { 7, 500, 512 }, { 8, 501, 512 }, { 8, 502, 512 }, { 9, 503, 512 },
+   { 7, 504, 512 }, { 8, 505, 512 }, { 8, 506, 512 }, { 9, 507, 512 }, { 8, 508, 512 }, { 9, 509, 512 }, { 9, 510, 512 }, { 10, 511, 512 },
 #if FP_LUT > 10
-   { 1, 0, 0 }, { 2, 1, 1024 }, { 2, 2, 1024 }, { 3, 3, 1024 }, { 2, 4, 1024 }, { 3, 5, 1024 }, { 3, 6, 1024 }, { 4, 7, 1024 }, 
-   { 2, 8, 1024 }, { 3, 9, 1024 }, { 3, 10, 1024 }, { 4, 11, 1024 }, { 3, 12, 1024 }, { 4, 13, 1024 }, { 4, 14, 1024 }, { 5, 15, 1024 }, 
-   { 2, 16, 1024 }, { 3, 17, 1024 }, { 3, 18, 1024 }, { 4, 19, 1024 }, { 3, 20, 1024 }, { 4, 21, 1024 }, { 4, 22, 1024 }, { 5, 23, 1024 }, 
-   { 3, 24, 1024 }, { 4, 25, 1024 }, { 4, 26, 1024 }, { 5, 27, 1024 }, { 4, 28, 1024 }, { 5, 29, 1024 }, { 5, 30, 1024 }, { 6, 31, 1024 }, 
-   { 2, 32, 1024 }, { 3, 33, 1024 }, { 3, 34, 1024 }, { 4, 35, 1024 }, { 3, 36, 1024 }, { 4, 37, 1024 }, { 4, 38, 1024 }, { 5, 39, 1024 }, 
-   { 3, 40, 1024 }, { 4, 41, 1024 }, { 4, 42, 1024 }, { 5, 43, 1024 }, { 4, 44, 1024 }, { 5, 45, 1024 }, { 5, 46, 1024 }, { 6, 47, 1024 }, 
-   { 3, 48, 1024 }, { 4, 49, 1024 }, { 4, 50, 1024 }, { 5, 51, 1024 }, { 4, 52, 1024 }, { 5, 53, 1024 }, { 5, 54, 1024 }, { 6, 55, 1024 }, 
-   { 4, 56, 1024 }, { 5, 57, 1024 }, { 5, 58, 1024 }, { 6, 59, 1024 }, { 5, 60, 1024 }, { 6, 61, 1024 }, { 6, 62, 1024 }, { 7, 63, 1024 }, 
-   { 2, 64, 1024 }, { 3, 65, 1024 }, { 3, 66, 1024 }, { 4, 67, 1024 }, { 3, 68, 1024 }, { 4, 69, 1024 }, { 4, 70, 1024 }, { 5, 71, 1024 }, 
-   { 3, 72, 1024 }, { 4, 73, 1024 }, { 4, 74, 1024 }, { 5, 75, 1024 }, { 4, 76, 1024 }, { 5, 77, 1024 }, { 5, 78, 1024 }, { 6, 79, 1024 }, 
-   { 3, 80, 1024 }, { 4, 81, 1024 }, { 4, 82, 1024 }, { 5, 83, 1024 }, { 4, 84, 1024 }, { 5, 85, 1024 }, { 5, 86, 1024 }, { 6, 87, 1024 }, 
-   { 4, 88, 1024 }, { 5, 89, 1024 }, { 5, 90, 1024 }, { 6, 91, 1024 }, { 5, 92, 1024 }, { 6, 93, 1024 }, { 6, 94, 1024 }, { 7, 95, 1024 }, 
-   { 3, 96, 1024 }, { 4, 97, 1024 }, { 4, 98, 1024 }, { 5, 99, 1024 }, { 4, 100, 1024 }, { 5, 101, 1024 }, { 5, 102, 1024 }, { 6, 103, 1024 }, 
-   { 4, 104, 1024 }, { 5, 105, 1024 }, { 5, 106, 1024 }, { 6, 107, 1024 }, { 5, 108, 1024 }, { 6, 109, 1024 }, { 6, 110, 1024 }, { 7, 111, 1024 }, 
-   { 4, 112, 1024 }, { 5, 113, 1024 }, { 5, 114, 1024 }, { 6, 115, 1024 }, { 5, 116, 1024 }, { 6, 117, 1024 }, { 6, 118, 1024 }, { 7, 119, 1024 }, 
-   { 5, 120, 1024 }, { 6, 121, 1024 }, { 6, 122, 1024 }, { 7, 123, 1024 }, { 6, 124, 1024 }, { 7, 125, 1024 }, { 7, 126, 1024 }, { 8, 127, 1024 }, 
-   { 2, 128, 1024 }, { 3, 129, 1024 }, { 3, 130, 1024 }, { 4, 131, 1024 }, { 3, 132, 1024 }, { 4, 133, 1024 }, { 4, 134, 1024 }, { 5, 135, 1024 }, 
-   { 3, 136, 1024 }, { 4, 137, 1024 }, { 4, 138, 1024 }, { 5, 139, 1024 }, { 4, 140, 1024 }, { 5, 141, 1024 }, { 5, 142, 1024 }, { 6, 143, 1024 }, 
-   { 3, 144, 1024 }, { 4, 145, 1024 }, { 4, 146, 1024 }, { 5, 147, 1024 }, { 4, 148, 1024 }, { 5, 149, 1024 }, { 5, 150, 1024 }, { 6, 151, 1024 }, 
-   { 4, 152, 1024 }, { 5, 153, 1024 }, { 5, 154, 1024 }, { 6, 155, 1024 }, { 5, 156, 1024 }, { 6, 157, 1024 }, { 6, 158, 1024 }, { 7, 159, 1024 }, 
-   { 3, 160, 1024 }, { 4, 161, 1024 }, { 4, 162, 1024 }, { 5, 163, 1024 }, { 4, 164, 1024 }, { 5, 165, 1024 }, { 5, 166, 1024 }, { 6, 167, 1024 }, 
-   { 4, 168, 1024 }, { 5, 169, 1024 }, { 5, 170, 1024 }, { 6, 171, 1024 }, { 5, 172, 1024 }, { 6, 173, 1024 }, { 6, 174, 1024 }, { 7, 175, 1024 }, 
-   { 4, 176, 1024 }, { 5, 177, 1024 }, { 5, 178, 1024 }, { 6, 179, 1024 }, { 5, 180, 1024 }, { 6, 181, 1024 }, { 6, 182, 1024 }, { 7, 183, 1024 }, 
-   { 5, 184, 1024 }, { 6, 185, 1024 }, { 6, 186, 1024 }, { 7, 187, 1024 }, { 6, 188, 1024 }, { 7, 189, 1024 }, { 7, 190, 1024 }, { 8, 191, 1024 }, 
-   { 3, 192, 1024 }, { 4, 193, 1024 }, { 4, 194, 1024 }, { 5, 195, 1024 }, { 4, 196, 1024 }, { 5, 197, 1024 }, { 5, 198, 1024 }, { 6, 199, 1024 }, 
-   { 4, 200, 1024 }, { 5, 201, 1024 }, { 5, 202, 1024 }, { 6, 203, 1024 }, { 5, 204, 1024 }, { 6, 205, 1024 }, { 6, 206, 1024 }, { 7, 207, 1024 }, 
-   { 4, 208, 1024 }, { 5, 209, 1024 }, { 5, 210, 1024 }, { 6, 211, 1024 }, { 5, 212, 1024 }, { 6, 213, 1024 }, { 6, 214, 1024 }, { 7, 215, 1024 }, 
-   { 5, 216, 1024 }, { 6, 217, 1024 }, { 6, 218, 1024 }, { 7, 219, 1024 }, { 6, 220, 1024 }, { 7, 221, 1024 }, { 7, 222, 1024 }, { 8, 223, 1024 }, 
-   { 4, 224, 1024 }, { 5, 225, 1024 }, { 5, 226, 1024 }, { 6, 227, 1024 }, { 5, 228, 1024 }, { 6, 229, 1024 }, { 6, 230, 1024 }, { 7, 231, 1024 }, 
-   { 5, 232, 1024 }, { 6, 233, 1024 }, { 6, 234, 1024 }, { 7, 235, 1024 }, { 6, 236, 1024 }, { 7, 237, 1024 }, { 7, 238, 1024 }, { 8, 239, 1024 }, 
-   { 5, 240, 1024 }, { 6, 241, 1024 }, { 6, 242, 1024 }, { 7, 243, 1024 }, { 6, 244, 1024 }, { 7, 245, 1024 }, { 7, 246, 1024 }, { 8, 247, 1024 }, 
-   { 6, 248, 1024 }, { 7, 249, 1024 }, { 7, 250, 1024 }, { 8, 251, 1024 }, { 7, 252, 1024 }, { 8, 253, 1024 }, { 8, 254, 1024 }, { 9, 255, 1024 }, 
-   { 2, 256, 1024 }, { 3, 257, 1024 }, { 3, 258, 1024 }, { 4, 259, 1024 }, { 3, 260, 1024 }, { 4, 261, 1024 }, { 4, 262, 1024 }, { 5, 263, 1024 }, 
-   { 3, 264, 1024 }, { 4, 265, 1024 }, { 4, 266, 1024 }, { 5, 267, 1024 }, { 4, 268, 1024 }, { 5, 269, 1024 }, { 5, 270, 1024 }, { 6, 271, 1024 }, 
-   { 3, 272, 1024 }, { 4, 273, 1024 }, { 4, 274, 1024 }, { 5, 275, 1024 }, { 4, 276, 1024 }, { 5, 277, 1024 }, { 5, 278, 1024 }, { 6, 279, 1024 }, 
-   { 4, 280, 1024 }, { 5, 281, 1024 }, { 5, 282, 1024 }, { 6, 283, 1024 }, { 5, 284, 1024 }, { 6, 285, 1024 }, { 6, 286, 1024 }, { 7, 287, 1024 }, 
-   { 3, 288, 1024 }, { 4, 289, 1024 }, { 4, 290, 1024 }, { 5, 291, 1024 }, { 4, 292, 1024 }, { 5, 293, 1024 }, { 5, 294, 1024 }, { 6, 295, 1024 }, 
-   { 4, 296, 1024 }, { 5, 297, 1024 }, { 5, 298, 1024 }, { 6, 299, 1024 }, { 5, 300, 1024 }, { 6, 301, 1024 }, { 6, 302, 1024 }, { 7, 303, 1024 }, 
-   { 4, 304, 1024 }, { 5, 305, 1024 }, { 5, 306, 1024 }, { 6, 307, 1024 }, { 5, 308, 1024 }, { 6, 309, 1024 }, { 6, 310, 1024 }, { 7, 311, 1024 }, 
-   { 5, 312, 1024 }, { 6, 313, 1024 }, { 6, 314, 1024 }, { 7, 315, 1024 }, { 6, 316, 1024 }, { 7, 317, 1024 }, { 7, 318, 1024 }, { 8, 319, 1024 }, 
-   { 3, 320, 1024 }, { 4, 321, 1024 }, { 4, 322, 1024 }, { 5, 323, 1024 }, { 4, 324, 1024 }, { 5, 325, 1024 }, { 5, 326, 1024 }, { 6, 327, 1024 }, 
-   { 4, 328, 1024 }, { 5, 329, 1024 }, { 5, 330, 1024 }, { 6, 331, 1024 }, { 5, 332, 1024 }, { 6, 333, 1024 }, { 6, 334, 1024 }, { 7, 335, 1024 }, 
-   { 4, 336, 1024 }, { 5, 337, 1024 }, { 5, 338, 1024 }, { 6, 339, 1024 }, { 5, 340, 1024 }, { 6, 341, 1024 }, { 6, 342, 1024 }, { 7, 343, 1024 }, 
-   { 5, 344, 1024 }, { 6, 345, 1024 }, { 6, 346, 1024 }, { 7, 347, 1024 }, { 6, 348, 1024 }, { 7, 349, 1024 }, { 7, 350, 1024 }, { 8, 351, 1024 }, 
-   { 4, 352, 1024 }, { 5, 353, 1024 }, { 5, 354, 1024 }, { 6, 355, 1024 }, { 5, 356, 1024 }, { 6, 357, 1024 }, { 6, 358, 1024 }, { 7, 359, 1024 }, 
-   { 5, 360, 1024 }, { 6, 361, 1024 }, { 6, 362, 1024 }, { 7, 363, 1024 }, { 6, 364, 1024 }, { 7, 365, 1024 }, { 7, 366, 1024 }, { 8, 367, 1024 }, 
-   { 5, 368, 1024 }, { 6, 369, 1024 }, { 6, 370, 1024 }, { 7, 371, 1024 }, { 6, 372, 1024 }, { 7, 373, 1024 }, { 7, 374, 1024 }, { 8, 375, 1024 }, 
-   { 6, 376, 1024 }, { 7, 377, 1024 }, { 7, 378, 1024 }, { 8, 379, 1024 }, { 7, 380, 1024 }, { 8, 381, 1024 }, { 8, 382, 1024 }, { 9, 383, 1024 }, 
-   { 3, 384, 1024 }, { 4, 385, 1024 }, { 4, 386, 1024 }, { 5, 387, 1024 }, { 4, 388, 1024 }, { 5, 389, 1024 }, { 5, 390, 1024 }, { 6, 391, 1024 }, 
-   { 4, 392, 1024 }, { 5, 393, 1024 }, { 5, 394, 1024 }, { 6, 395, 1024 }, { 5, 396, 1024 }, { 6, 397, 1024 }, { 6, 398, 1024 }, { 7, 399, 1024 }, 
-   { 4, 400, 1024 }, { 5, 401, 1024 }, { 5, 402, 1024 }, { 6, 403, 1024 }, { 5, 404, 1024 }, { 6, 405, 1024 }, { 6, 406, 1024 }, { 7, 407, 1024 }, 
-   { 5, 408, 1024 }, { 6, 409, 1024 }, { 6, 410, 1024 }, { 7, 411, 1024 }, { 6, 412, 1024 }, { 7, 413, 1024 }, { 7, 414, 1024 }, { 8, 415, 1024 }, 
-   { 4, 416, 1024 }, { 5, 417, 1024 }, { 5, 418, 1024 }, { 6, 419, 1024 }, { 5, 420, 1024 }, { 6, 421, 1024 }, { 6, 422, 1024 }, { 7, 423, 1024 }, 
-   { 5, 424, 1024 }, { 6, 425, 1024 }, { 6, 426, 1024 }, { 7, 427, 1024 }, { 6, 428, 1024 }, { 7, 429, 1024 }, { 7, 430, 1024 }, { 8, 431, 1024 }, 
-   { 5, 432, 1024 }, { 6, 433, 1024 }, { 6, 434, 1024 }, { 7, 435, 1024 }, { 6, 436, 1024 }, { 7, 437, 1024 }, { 7, 438, 1024 }, { 8, 439, 1024 }, 
-   { 6, 440, 1024 }, { 7, 441, 1024 }, { 7, 442, 1024 }, { 8, 443, 1024 }, { 7, 444, 1024 }, { 8, 445, 1024 }, { 8, 446, 1024 }, { 9, 447, 1024 }, 
-   { 4, 448, 1024 }, { 5, 449, 1024 }, { 5, 450, 1024 }, { 6, 451, 1024 }, { 5, 452, 1024 }, { 6, 453, 1024 }, { 6, 454, 1024 }, { 7, 455, 1024 }, 
-   { 5, 456, 1024 }, { 6, 457, 1024 }, { 6, 458, 1024 }, { 7, 459, 1024 }, { 6, 460, 1024 }, { 7, 461, 1024 }, { 7, 462, 1024 }, { 8, 463, 1024 }, 
-   { 5, 464, 1024 }, { 6, 465, 1024 }, { 6, 466, 1024 }, { 7, 467, 1024 }, { 6, 468, 1024 }, { 7, 469, 1024 }, { 7, 470, 1024 }, { 8, 471, 1024 }, 
-   { 6, 472, 1024 }, { 7, 473, 1024 }, { 7, 474, 1024 }, { 8, 475, 1024 }, { 7, 476, 1024 }, { 8, 477, 1024 }, { 8, 478, 1024 }, { 9, 479, 1024 }, 
-   { 5, 480, 1024 }, { 6, 481, 1024 }, { 6, 482, 1024 }, { 7, 483, 1024 }, { 6, 484, 1024 }, { 7, 485, 1024 }, { 7, 486, 1024 }, { 8, 487, 1024 }, 
-   { 6, 488, 1024 }, { 7, 489, 1024 }, { 7, 490, 1024 }, { 8, 491, 1024 }, { 7, 492, 1024 }, { 8, 493, 1024 }, { 8, 494, 1024 }, { 9, 495, 1024 }, 
-   { 6, 496, 1024 }, { 7, 497, 1024 }, { 7, 498, 1024 }, { 8, 499, 1024 }, { 7, 500, 1024 }, { 8, 501, 1024 }, { 8, 502, 1024 }, { 9, 503, 1024 }, 
-   { 7, 504, 1024 }, { 8, 505, 1024 }, { 8, 506, 1024 }, { 9, 507, 1024 }, { 8, 508, 1024 }, { 9, 509, 1024 }, { 9, 510, 1024 }, { 10, 511, 1024 }, 
-   { 2, 512, 1024 }, { 3, 513, 1024 }, { 3, 514, 1024 }, { 4, 515, 1024 }, { 3, 516, 1024 }, { 4, 517, 1024 }, { 4, 518, 1024 }, { 5, 519, 1024 }, 
-   { 3, 520, 1024 }, { 4, 521, 1024 }, { 4, 522, 1024 }, { 5, 523, 1024 }, { 4, 524, 1024 }, { 5, 525, 1024 }, { 5, 526, 1024 }, { 6, 527, 1024 }, 
-   { 3, 528, 1024 }, { 4, 529, 1024 }, { 4, 530, 1024 }, { 5, 531, 1024 }, { 4, 532, 1024 }, { 5, 533, 1024 }, { 5, 534, 1024 }, { 6, 535, 1024 }, 
-   { 4, 536, 1024 }, { 5, 537, 1024 }, { 5, 538, 1024 }, { 6, 539, 1024 }, { 5, 540, 1024 }, { 6, 541, 1024 }, { 6, 542, 1024 }, { 7, 543, 1024 }, 
-   { 3, 544, 1024 }, { 4, 545, 1024 }, { 4, 546, 1024 }, { 5, 547, 1024 }, { 4, 548, 1024 }, { 5, 549, 1024 }, { 5, 550, 1024 }, { 6, 551, 1024 }, 
-   { 4, 552, 1024 }, { 5, 553, 1024 }, { 5, 554, 1024 }, { 6, 555, 1024 }, { 5, 556, 1024 }, { 6, 557, 1024 }, { 6, 558, 1024 }, { 7, 559, 1024 }, 
-   { 4, 560, 1024 }, { 5, 561, 1024 }, { 5, 562, 1024 }, { 6, 563, 1024 }, { 5, 564, 1024 }, { 6, 565, 1024 }, { 6, 566, 1024 }, { 7, 567, 1024 }, 
-   { 5, 568, 1024 }, { 6, 569, 1024 }, { 6, 570, 1024 }, { 7, 571, 1024 }, { 6, 572, 1024 }, { 7, 573, 1024 }, { 7, 574, 1024 }, { 8, 575, 1024 }, 
-   { 3, 576, 1024 }, { 4, 577, 1024 }, { 4, 578, 1024 }, { 5, 579, 1024 }, { 4, 580, 1024 }, { 5, 581, 1024 }, { 5, 582, 1024 }, { 6, 583, 1024 }, 
-   { 4, 584, 1024 }, { 5, 585, 1024 }, { 5, 586, 1024 }, { 6, 587, 1024 }, { 5, 588, 1024 }, { 6, 589, 1024 }, { 6, 590, 1024 }, { 7, 591, 1024 }, 
-   { 4, 592, 1024 }, { 5, 593, 1024 }, { 5, 594, 1024 }, { 6, 595, 1024 }, { 5, 596, 1024 }, { 6, 597, 1024 }, { 6, 598, 1024 }, { 7, 599, 1024 }, 
-   { 5, 600, 1024 }, { 6, 601, 1024 }, { 6, 602, 1024 }, { 7, 603, 1024 }, { 6, 604, 1024 }, { 7, 605, 1024 }, { 7, 606, 1024 }, { 8, 607, 1024 }, 
-   { 4, 608, 1024 }, { 5, 609, 1024 }, { 5, 610, 1024 }, { 6, 611, 1024 }, { 5, 612, 1024 }, { 6, 613, 1024 }, { 6, 614, 1024 }, { 7, 615, 1024 }, 
-   { 5, 616, 1024 }, { 6, 617, 1024 }, { 6, 618, 1024 }, { 7, 619, 1024 }, { 6, 620, 1024 }, { 7, 621, 1024 }, { 7, 622, 1024 }, { 8, 623, 1024 }, 
-   { 5, 624, 1024 }, { 6, 625, 1024 }, { 6, 626, 1024 }, { 7, 627, 1024 }, { 6, 628, 1024 }, { 7, 629, 1024 }, { 7, 630, 1024 }, { 8, 631, 1024 }, 
-   { 6, 632, 1024 }, { 7, 633, 1024 }, { 7, 634, 1024 }, { 8, 635, 1024 }, { 7, 636, 1024 }, { 8, 637, 1024 }, { 8, 638, 1024 }, { 9, 639, 1024 }, 
-   { 3, 640, 1024 }, { 4, 641, 1024 }, { 4, 642, 1024 }, { 5, 643, 1024 }, { 4, 644, 1024 }, { 5, 645, 1024 }, { 5, 646, 1024 }, { 6, 647, 1024 }, 
-   { 4, 648, 1024 }, { 5, 649, 1024 }, { 5, 650, 1024 }, { 6, 651, 1024 }, { 5, 652, 1024 }, { 6, 653, 1024 }, { 6, 654, 1024 }, { 7, 655, 1024 }, 
-   { 4, 656, 1024 }, { 5, 657, 1024 }, { 5, 658, 1024 }, { 6, 659, 1024 }, { 5, 660, 1024 }, { 6, 661, 1024 }, { 6, 662, 1024 }, { 7, 663, 1024 }, 
-   { 5, 664, 1024 }, { 6, 665, 1024 }, { 6, 666, 1024 }, { 7, 667, 1024 }, { 6, 668, 1024 }, { 7, 669, 1024 }, { 7, 670, 1024 }, { 8, 671, 1024 }, 
-   { 4, 672, 1024 }, { 5, 673, 1024 }, { 5, 674, 1024 }, { 6, 675, 1024 }, { 5, 676, 1024 }, { 6, 677, 1024 }, { 6, 678, 1024 }, { 7, 679, 1024 }, 
-   { 5, 680, 1024 }, { 6, 681, 1024 }, { 6, 682, 1024 }, { 7, 683, 1024 }, { 6, 684, 1024 }, { 7, 685, 1024 }, { 7, 686, 1024 }, { 8, 687, 1024 }, 
-   { 5, 688, 1024 }, { 6, 689, 1024 }, { 6, 690, 1024 }, { 7, 691, 1024 }, { 6, 692, 1024 }, { 7, 693, 1024 }, { 7, 694, 1024 }, { 8, 695, 1024 }, 
-   { 6, 696, 1024 }, { 7, 697, 1024 }, { 7, 698, 1024 }, { 8, 699, 1024 }, { 7, 700, 1024 }, { 8, 701, 1024 }, { 8, 702, 1024 }, { 9, 703, 1024 }, 
-   { 4, 704, 1024 }, { 5, 705, 1024 }, { 5, 706, 1024 }, { 6, 707, 1024 }, { 5, 708, 1024 }, { 6, 709, 1024 }, { 6, 710, 1024 }, { 7, 711, 1024 }, 
-   { 5, 712, 1024 }, { 6, 713, 1024 }, { 6, 714, 1024 }, { 7, 715, 1024 }, { 6, 716, 1024 }, { 7, 717, 1024 }, { 7, 718, 1024 }, { 8, 719, 1024 }, 
-   { 5, 720, 1024 }, { 6, 721, 1024 }, { 6, 722, 1024 }, { 7, 723, 1024 }, { 6, 724, 1024 }, { 7, 725, 1024 }, { 7, 726, 1024 }, { 8, 727, 1024 }, 
-   { 6, 728, 1024 }, { 7, 729, 1024 }, { 7, 730, 1024 }, { 8, 731, 1024 }, { 7, 732, 1024 }, { 8, 733, 1024 }, { 8, 734, 1024 }, { 9, 735, 1024 }, 
-   { 5, 736, 1024 }, { 6, 737, 1024 }, { 6, 738, 1024 }, { 7, 739, 1024 }, { 6, 740, 1024 }, { 7, 741, 1024 }, { 7, 742, 1024 }, { 8, 743, 1024 }, 
-   { 6, 744, 1024 }, { 7, 745, 1024 }, { 7, 746, 1024 }, { 8, 747, 1024 }, { 7, 748, 1024 }, { 8, 749, 1024 }, { 8, 750, 1024 }, { 9, 751, 1024 }, 
-   { 6, 752, 1024 }, { 7, 753, 1024 }, { 7, 754, 1024 }, { 8, 755, 1024 }, { 7, 756, 1024 }, { 8, 757, 1024 }, { 8, 758, 1024 }, { 9, 759, 1024 }, 
-   { 7, 760, 1024 }, { 8, 761, 1024 }, { 8, 762, 1024 }, { 9, 763, 1024 }, { 8, 764, 1024 }, { 9, 765, 1024 }, { 9, 766, 1024 }, { 10, 767, 1024 }, 
-   { 3, 768, 1024 }, { 4, 769, 1024 }, { 4, 770, 1024 }, { 5, 771, 1024 }, { 4, 772, 1024 }, { 5, 773, 1024 }, { 5, 774, 1024 }, { 6, 775, 1024 }, 
-   { 4, 776, 1024 }, { 5, 777, 1024 }, { 5, 778, 1024 }, { 6, 779, 1024 }, { 5, 780, 1024 }, { 6, 781, 1024 }, { 6, 782, 1024 }, { 7, 783, 1024 }, 
-   { 4, 784, 1024 }, { 5, 785, 1024 }, { 5, 786, 1024 }, { 6, 787, 1024 }, { 5, 788, 1024 }, { 6, 789, 1024 }, { 6, 790, 1024 }, { 7, 791, 1024 }, 
-   { 5, 792, 1024 }, { 6, 793, 1024 }, { 6, 794, 1024 }, { 7, 795, 1024 }, { 6, 796, 1024 }, { 7, 797, 1024 }, { 7, 798, 1024 }, { 8, 799, 1024 }, 
-   { 4, 800, 1024 }, { 5, 801, 1024 }, { 5, 802, 1024 }, { 6, 803, 1024 }, { 5, 804, 1024 }, { 6, 805, 1024 }, { 6, 806, 1024 }, { 7, 807, 1024 }, 
-   { 5, 808, 1024 }, { 6, 809, 1024 }, { 6, 810, 1024 }, { 7, 811, 1024 }, { 6, 812, 1024 }, { 7, 813, 1024 }, { 7, 814, 1024 }, { 8, 815, 1024 }, 
-   { 5, 816, 1024 }, { 6, 817, 1024 }, { 6, 818, 1024 }, { 7, 819, 1024 }, { 6, 820, 1024 }, { 7, 821, 1024 }, { 7, 822, 1024 }, { 8, 823, 1024 }, 
-   { 6, 824, 1024 }, { 7, 825, 1024 }, { 7, 826, 1024 }, { 8, 827, 1024 }, { 7, 828, 1024 }, { 8, 829, 1024 }, { 8, 830, 1024 }, { 9, 831, 1024 }, 
-   { 4, 832, 1024 }, { 5, 833, 1024 }, { 5, 834, 1024 }, { 6, 835, 1024 }, { 5, 836, 1024 }, { 6, 837, 1024 }, { 6, 838, 1024 }, { 7, 839, 1024 }, 
-   { 5, 840, 1024 }, { 6, 841, 1024 }, { 6, 842, 1024 }, { 7, 843, 1024 }, { 6, 844, 1024 }, { 7, 845, 1024 }, { 7, 846, 1024 }, { 8, 847, 1024 }, 
-   { 5, 848, 1024 }, { 6, 849, 1024 }, { 6, 850, 1024 }, { 7, 851, 1024 }, { 6, 852, 1024 }, { 7, 853, 1024 }, { 7, 854, 1024 }, { 8, 855, 1024 }, 
-   { 6, 856, 1024 }, { 7, 857, 1024 }, { 7, 858, 1024 }, { 8, 859, 1024 }, { 7, 860, 1024 }, { 8, 861, 1024 }, { 8, 862, 1024 }, { 9, 863, 1024 }, 
-   { 5, 864, 1024 }, { 6, 865, 1024 }, { 6, 866, 1024 }, { 7, 867, 1024 }, { 6, 868, 1024 }, { 7, 869, 1024 }, { 7, 870, 1024 }, { 8, 871, 1024 }, 
-   { 6, 872, 1024 }, { 7, 873, 1024 }, { 7, 874, 1024 }, { 8, 875, 1024 }, { 7, 876, 1024 }, { 8, 877, 1024 }, { 8, 878, 1024 }, { 9, 879, 1024 }, 
-   { 6, 880, 1024 }, { 7, 881, 1024 }, { 7, 882, 1024 }, { 8, 883, 1024 }, { 7, 884, 1024 }, { 8, 885, 1024 }, { 8, 886, 1024 }, { 9, 887, 1024 }, 
-   { 7, 888, 1024 }, { 8, 889, 1024 }, { 8, 890, 1024 }, { 9, 891, 1024 }, { 8, 892, 1024 }, { 9, 893, 1024 }, { 9, 894, 1024 }, { 10, 895, 1024 }, 
-   { 4, 896, 1024 }, { 5, 897, 1024 }, { 5, 898, 1024 }, { 6, 899, 1024 }, { 5, 900, 1024 }, { 6, 901, 1024 }, { 6, 902, 1024 }, { 7, 903, 1024 }, 
-   { 5, 904, 1024 }, { 6, 905, 1024 }, { 6, 906, 1024 }, { 7, 907, 1024 }, { 6, 908, 1024 }, { 7, 909, 1024 }, { 7, 910, 1024 }, { 8, 911, 1024 }, 
-   { 5, 912, 1024 }, { 6, 913, 1024 }, { 6, 914, 1024 }, { 7, 915, 1024 }, { 6, 916, 1024 }, { 7, 917, 1024 }, { 7, 918, 1024 }, { 8, 919, 1024 }, 
-   { 6, 920, 1024 }, { 7, 921, 1024 }, { 7, 922, 1024 }, { 8, 923, 1024 }, { 7, 924, 1024 }, { 8, 925, 1024 }, { 8, 926, 1024 }, { 9, 927, 1024 }, 
-   { 5, 928, 1024 }, { 6, 929, 1024 }, { 6, 930, 1024 }, { 7, 931, 1024 }, { 6, 932, 1024 }, { 7, 933, 1024 }, { 7, 934, 1024 }, { 8, 935, 1024 }, 
-   { 6, 936, 1024 }, { 7, 937, 1024 }, { 7, 938, 1024 }, { 8, 939, 1024 }, { 7, 940, 1024 }, { 8, 941, 1024 }, { 8, 942, 1024 }, { 9, 943, 1024 }, 
-   { 6, 944, 1024 }, { 7, 945, 1024 }, { 7, 946, 1024 }, { 8, 947, 1024 }, { 7, 948, 1024 }, { 8, 949, 1024 }, { 8, 950, 1024 }, { 9, 951, 1024 }, 
-   { 7, 952, 1024 }, { 8, 953, 1024 }, { 8, 954, 1024 }, { 9, 955, 1024 }, { 8, 956, 1024 }, { 9, 957, 1024 }, { 9, 958, 1024 }, { 10, 959, 1024 }, 
-   { 5, 960, 1024 }, { 6, 961, 1024 }, { 6, 962, 1024 }, { 7, 963, 1024 }, { 6, 964, 1024 }, { 7, 965, 1024 }, { 7, 966, 1024 }, { 8, 967, 1024 }, 
-   { 6, 968, 1024 }, { 7, 969, 1024 }, { 7, 970, 1024 }, { 8, 971, 1024 }, { 7, 972, 1024 }, { 8, 973, 1024 }, { 8, 974, 1024 }, { 9, 975, 1024 }, 
-   { 6, 976, 1024 }, { 7, 977, 1024 }, { 7, 978, 1024 }, { 8, 979, 1024 }, { 7, 980, 1024 }, { 8, 981, 1024 }, { 8, 982, 1024 }, { 9, 983, 1024 }, 
-   { 7, 984, 1024 }, { 8, 985, 1024 }, { 8, 986, 1024 }, { 9, 987, 1024 }, { 8, 988, 1024 }, { 9, 989, 1024 }, { 9, 990, 1024 }, { 10, 991, 1024 }, 
-   { 6, 992, 1024 }, { 7, 993, 1024 }, { 7, 994, 1024 }, { 8, 995, 1024 }, { 7, 996, 1024 }, { 8, 997, 1024 }, { 8, 998, 1024 }, { 9, 999, 1024 }, 
-   { 7, 1000, 1024 }, { 8, 1001, 1024 }, { 8, 1002, 1024 }, { 9, 1003, 1024 }, { 8, 1004, 1024 }, { 9, 1005, 1024 }, { 9, 1006, 1024 }, { 10, 1007, 1024 }, 
-   { 7, 1008, 1024 }, { 8, 1009, 1024 }, { 8, 1010, 1024 }, { 9, 1011, 1024 }, { 8, 1012, 1024 }, { 9, 1013, 1024 }, { 9, 1014, 1024 }, { 10, 1015, 1024 }, 
-   { 8, 1016, 1024 }, { 9, 1017, 1024 }, { 9, 1018, 1024 }, { 10, 1019, 1024 }, { 9, 1020, 1024 }, { 10, 1021, 1024 }, { 10, 1022, 1024 }, { 11, 1023, 1024 }, 
+   { 1, 0, 0 }, { 2, 1, 1024 }, { 2, 2, 1024 }, { 3, 3, 1024 }, { 2, 4, 1024 }, { 3, 5, 1024 }, { 3, 6, 1024 }, { 4, 7, 1024 },
+   { 2, 8, 1024 }, { 3, 9, 1024 }, { 3, 10, 1024 }, { 4, 11, 1024 }, { 3, 12, 1024 }, { 4, 13, 1024 }, { 4, 14, 1024 }, { 5, 15, 1024 },
+   { 2, 16, 1024 }, { 3, 17, 1024 }, { 3, 18, 1024 }, { 4, 19, 1024 }, { 3, 20, 1024 }, { 4, 21, 1024 }, { 4, 22, 1024 }, { 5, 23, 1024 },
+   { 3, 24, 1024 }, { 4, 25, 1024 }, { 4, 26, 1024 }, { 5, 27, 1024 }, { 4, 28, 1024 }, { 5, 29, 1024 }, { 5, 30, 1024 }, { 6, 31, 1024 },
+   { 2, 32, 1024 }, { 3, 33, 1024 }, { 3, 34, 1024 }, { 4, 35, 1024 }, { 3, 36, 1024 }, { 4, 37, 1024 }, { 4, 38, 1024 }, { 5, 39, 1024 },
+   { 3, 40, 1024 }, { 4, 41, 1024 }, { 4, 42, 1024 }, { 5, 43, 1024 }, { 4, 44, 1024 }, { 5, 45, 1024 }, { 5, 46, 1024 }, { 6, 47, 1024 },
+   { 3, 48, 1024 }, { 4, 49, 1024 }, { 4, 50, 1024 }, { 5, 51, 1024 }, { 4, 52, 1024 }, { 5, 53, 1024 }, { 5, 54, 1024 }, { 6, 55, 1024 },
+   { 4, 56, 1024 }, { 5, 57, 1024 }, { 5, 58, 1024 }, { 6, 59, 1024 }, { 5, 60, 1024 }, { 6, 61, 1024 }, { 6, 62, 1024 }, { 7, 63, 1024 },
+   { 2, 64, 1024 }, { 3, 65, 1024 }, { 3, 66, 1024 }, { 4, 67, 1024 }, { 3, 68, 1024 }, { 4, 69, 1024 }, { 4, 70, 1024 }, { 5, 71, 1024 },
+   { 3, 72, 1024 }, { 4, 73, 1024 }, { 4, 74, 1024 }, { 5, 75, 1024 }, { 4, 76, 1024 }, { 5, 77, 1024 }, { 5, 78, 1024 }, { 6, 79, 1024 },
+   { 3, 80, 1024 }, { 4, 81, 1024 }, { 4, 82, 1024 }, { 5, 83, 1024 }, { 4, 84, 1024 }, { 5, 85, 1024 }, { 5, 86, 1024 }, { 6, 87, 1024 },
+   { 4, 88, 1024 }, { 5, 89, 1024 }, { 5, 90, 1024 }, { 6, 91, 1024 }, { 5, 92, 1024 }, { 6, 93, 1024 }, { 6, 94, 1024 }, { 7, 95, 1024 },
+   { 3, 96, 1024 }, { 4, 97, 1024 }, { 4, 98, 1024 }, { 5, 99, 1024 }, { 4, 100, 1024 }, { 5, 101, 1024 }, { 5, 102, 1024 }, { 6, 103, 1024 },
+   { 4, 104, 1024 }, { 5, 105, 1024 }, { 5, 106, 1024 }, { 6, 107, 1024 }, { 5, 108, 1024 }, { 6, 109, 1024 }, { 6, 110, 1024 }, { 7, 111, 1024 },
+   { 4, 112, 1024 }, { 5, 113, 1024 }, { 5, 114, 1024 }, { 6, 115, 1024 }, { 5, 116, 1024 }, { 6, 117, 1024 }, { 6, 118, 1024 }, { 7, 119, 1024 },
+   { 5, 120, 1024 }, { 6, 121, 1024 }, { 6, 122, 1024 }, { 7, 123, 1024 }, { 6, 124, 1024 }, { 7, 125, 1024 }, { 7, 126, 1024 }, { 8, 127, 1024 },
+   { 2, 128, 1024 }, { 3, 129, 1024 }, { 3, 130, 1024 }, { 4, 131, 1024 }, { 3, 132, 1024 }, { 4, 133, 1024 }, { 4, 134, 1024 }, { 5, 135, 1024 },
+   { 3, 136, 1024 }, { 4, 137, 1024 }, { 4, 138, 1024 }, { 5, 139, 1024 }, { 4, 140, 1024 }, { 5, 141, 1024 }, { 5, 142, 1024 }, { 6, 143, 1024 },
+   { 3, 144, 1024 }, { 4, 145, 1024 }, { 4, 146, 1024 }, { 5, 147, 1024 }, { 4, 148, 1024 }, { 5, 149, 1024 }, { 5, 150, 1024 }, { 6, 151, 1024 },
+   { 4, 152, 1024 }, { 5, 153, 1024 }, { 5, 154, 1024 }, { 6, 155, 1024 }, { 5, 156, 1024 }, { 6, 157, 1024 }, { 6, 158, 1024 }, { 7, 159, 1024 },
+   { 3, 160, 1024 }, { 4, 161, 1024 }, { 4, 162, 1024 }, { 5, 163, 1024 }, { 4, 164, 1024 }, { 5, 165, 1024 }, { 5, 166, 1024 }, { 6, 167, 1024 },
+   { 4, 168, 1024 }, { 5, 169, 1024 }, { 5, 170, 1024 }, { 6, 171, 1024 }, { 5, 172, 1024 }, { 6, 173, 1024 }, { 6, 174, 1024 }, { 7, 175, 1024 },
+   { 4, 176, 1024 }, { 5, 177, 1024 }, { 5, 178, 1024 }, { 6, 179, 1024 }, { 5, 180, 1024 }, { 6, 181, 1024 }, { 6, 182, 1024 }, { 7, 183, 1024 },
+   { 5, 184, 1024 }, { 6, 185, 1024 }, { 6, 186, 1024 }, { 7, 187, 1024 }, { 6, 188, 1024 }, { 7, 189, 1024 }, { 7, 190, 1024 }, { 8, 191, 1024 },
+   { 3, 192, 1024 }, { 4, 193, 1024 }, { 4, 194, 1024 }, { 5, 195, 1024 }, { 4, 196, 1024 }, { 5, 197, 1024 }, { 5, 198, 1024 }, { 6, 199, 1024 },
+   { 4, 200, 1024 }, { 5, 201, 1024 }, { 5, 202, 1024 }, { 6, 203, 1024 }, { 5, 204, 1024 }, { 6, 205, 1024 }, { 6, 206, 1024 }, { 7, 207, 1024 },
+   { 4, 208, 1024 }, { 5, 209, 1024 }, { 5, 210, 1024 }, { 6, 211, 1024 }, { 5, 212, 1024 }, { 6, 213, 1024 }, { 6, 214, 1024 }, { 7, 215, 1024 },
+   { 5, 216, 1024 }, { 6, 217, 1024 }, { 6, 218, 1024 }, { 7, 219, 1024 }, { 6, 220, 1024 }, { 7, 221, 1024 }, { 7, 222, 1024 }, { 8, 223, 1024 },
+   { 4, 224, 1024 }, { 5, 225, 1024 }, { 5, 226, 1024 }, { 6, 227, 1024 }, { 5, 228, 1024 }, { 6, 229, 1024 }, { 6, 230, 1024 }, { 7, 231, 1024 },
+   { 5, 232, 1024 }, { 6, 233, 1024 }, { 6, 234, 1024 }, { 7, 235, 1024 }, { 6, 236, 1024 }, { 7, 237, 1024 }, { 7, 238, 1024 }, { 8, 239, 1024 },
+   { 5, 240, 1024 }, { 6, 241, 1024 }, { 6, 242, 1024 }, { 7, 243, 1024 }, { 6, 244, 1024 }, { 7, 245, 1024 }, { 7, 246, 1024 }, { 8, 247, 1024 },
+   { 6, 248, 1024 }, { 7, 249, 1024 }, { 7, 250, 1024 }, { 8, 251, 1024 }, { 7, 252, 1024 }, { 8, 253, 1024 }, { 8, 254, 1024 }, { 9, 255, 1024 },
+   { 2, 256, 1024 }, { 3, 257, 1024 }, { 3, 258, 1024 }, { 4, 259, 1024 }, { 3, 260, 1024 }, { 4, 261, 1024 }, { 4, 262, 1024 }, { 5, 263, 1024 },
+   { 3, 264, 1024 }, { 4, 265, 1024 }, { 4, 266, 1024 }, { 5, 267, 1024 }, { 4, 268, 1024 }, { 5, 269, 1024 }, { 5, 270, 1024 }, { 6, 271, 1024 },
+   { 3, 272, 1024 }, { 4, 273, 1024 }, { 4, 274, 1024 }, { 5, 275, 1024 }, { 4, 276, 1024 }, { 5, 277, 1024 }, { 5, 278, 1024 }, { 6, 279, 1024 },
+   { 4, 280, 1024 }, { 5, 281, 1024 }, { 5, 282, 1024 }, { 6, 283, 1024 }, { 5, 284, 1024 }, { 6, 285, 1024 }, { 6, 286, 1024 }, { 7, 287, 1024 },
+   { 3, 288, 1024 }, { 4, 289, 1024 }, { 4, 290, 1024 }, { 5, 291, 1024 }, { 4, 292, 1024 }, { 5, 293, 1024 }, { 5, 294, 1024 }, { 6, 295, 1024 },
+   { 4, 296, 1024 }, { 5, 297, 1024 }, { 5, 298, 1024 }, { 6, 299, 1024 }, { 5, 300, 1024 }, { 6, 301, 1024 }, { 6, 302, 1024 }, { 7, 303, 1024 },
+   { 4, 304, 1024 }, { 5, 305, 1024 }, { 5, 306, 1024 }, { 6, 307, 1024 }, { 5, 308, 1024 }, { 6, 309, 1024 }, { 6, 310, 1024 }, { 7, 311, 1024 },
+   { 5, 312, 1024 }, { 6, 313, 1024 }, { 6, 314, 1024 }, { 7, 315, 1024 }, { 6, 316, 1024 }, { 7, 317, 1024 }, { 7, 318, 1024 }, { 8, 319, 1024 },
+   { 3, 320, 1024 }, { 4, 321, 1024 }, { 4, 322, 1024 }, { 5, 323, 1024 }, { 4, 324, 1024 }, { 5, 325, 1024 }, { 5, 326, 1024 }, { 6, 327, 1024 },
+   { 4, 328, 1024 }, { 5, 329, 1024 }, { 5, 330, 1024 }, { 6, 331, 1024 }, { 5, 332, 1024 }, { 6, 333, 1024 }, { 6, 334, 1024 }, { 7, 335, 1024 },
+   { 4, 336, 1024 }, { 5, 337, 1024 }, { 5, 338, 1024 }, { 6, 339, 1024 }, { 5, 340, 1024 }, { 6, 341, 1024 }, { 6, 342, 1024 }, { 7, 343, 1024 },
+   { 5, 344, 1024 }, { 6, 345, 1024 }, { 6, 346, 1024 }, { 7, 347, 1024 }, { 6, 348, 1024 }, { 7, 349, 1024 }, { 7, 350, 1024 }, { 8, 351, 1024 },
+   { 4, 352, 1024 }, { 5, 353, 1024 }, { 5, 354, 1024 }, { 6, 355, 1024 }, { 5, 356, 1024 }, { 6, 357, 1024 }, { 6, 358, 1024 }, { 7, 359, 1024 },
+   { 5, 360, 1024 }, { 6, 361, 1024 }, { 6, 362, 1024 }, { 7, 363, 1024 }, { 6, 364, 1024 }, { 7, 365, 1024 }, { 7, 366, 1024 }, { 8, 367, 1024 },
+   { 5, 368, 1024 }, { 6, 369, 1024 }, { 6, 370, 1024 }, { 7, 371, 1024 }, { 6, 372, 1024 }, { 7, 373, 1024 }, { 7, 374, 1024 }, { 8, 375, 1024 },
+   { 6, 376, 1024 }, { 7, 377, 1024 }, { 7, 378, 1024 }, { 8, 379, 1024 }, { 7, 380, 1024 }, { 8, 381, 1024 }, { 8, 382, 1024 }, { 9, 383, 1024 },
+   { 3, 384, 1024 }, { 4, 385, 1024 }, { 4, 386, 1024 }, { 5, 387, 1024 }, { 4, 388, 1024 }, { 5, 389, 1024 }, { 5, 390, 1024 }, { 6, 391, 1024 },
+   { 4, 392, 1024 }, { 5, 393, 1024 }, { 5, 394, 1024 }, { 6, 395, 1024 }, { 5, 396, 1024 }, { 6, 397, 1024 }, { 6, 398, 1024 }, { 7, 399, 1024 },
+   { 4, 400, 1024 }, { 5, 401, 1024 }, { 5, 402, 1024 }, { 6, 403, 1024 }, { 5, 404, 1024 }, { 6, 405, 1024 }, { 6, 406, 1024 }, { 7, 407, 1024 },
+   { 5, 408, 1024 }, { 6, 409, 1024 }, { 6, 410, 1024 }, { 7, 411, 1024 }, { 6, 412, 1024 }, { 7, 413, 1024 }, { 7, 414, 1024 }, { 8, 415, 1024 },
+   { 4, 416, 1024 }, { 5, 417, 1024 }, { 5, 418, 1024 }, { 6, 419, 1024 }, { 5, 420, 1024 }, { 6, 421, 1024 }, { 6, 422, 1024 }, { 7, 423, 1024 },
+   { 5, 424, 1024 }, { 6, 425, 1024 }, { 6, 426, 1024 }, { 7, 427, 1024 }, { 6, 428, 1024 }, { 7, 429, 1024 }, { 7, 430, 1024 }, { 8, 431, 1024 },
+   { 5, 432, 1024 }, { 6, 433, 1024 }, { 6, 434, 1024 }, { 7, 435, 1024 }, { 6, 436, 1024 }, { 7, 437, 1024 }, { 7, 438, 1024 }, { 8, 439, 1024 },
+   { 6, 440, 1024 }, { 7, 441, 1024 }, { 7, 442, 1024 }, { 8, 443, 1024 }, { 7, 444, 1024 }, { 8, 445, 1024 }, { 8, 446, 1024 }, { 9, 447, 1024 },
+   { 4, 448, 1024 }, { 5, 449, 1024 }, { 5, 450, 1024 }, { 6, 451, 1024 }, { 5, 452, 1024 }, { 6, 453, 1024 }, { 6, 454, 1024 }, { 7, 455, 1024 },
+   { 5, 456, 1024 }, { 6, 457, 1024 }, { 6, 458, 1024 }, { 7, 459, 1024 }, { 6, 460, 1024 }, { 7, 461, 1024 }, { 7, 462, 1024 }, { 8, 463, 1024 },
+   { 5, 464, 1024 }, { 6, 465, 1024 }, { 6, 466, 1024 }, { 7, 467, 1024 }, { 6, 468, 1024 }, { 7, 469, 1024 }, { 7, 470, 1024 }, { 8, 471, 1024 },
+   { 6, 472, 1024 }, { 7, 473, 1024 }, { 7, 474, 1024 }, { 8, 475, 1024 }, { 7, 476, 1024 }, { 8, 477, 1024 }, { 8, 478, 1024 }, { 9, 479, 1024 },
+   { 5, 480, 1024 }, { 6, 481, 1024 }, { 6, 482, 1024 }, { 7, 483, 1024 }, { 6, 484, 1024 }, { 7, 485, 1024 }, { 7, 486, 1024 }, { 8, 487, 1024 },
+   { 6, 488, 1024 }, { 7, 489, 1024 }, { 7, 490, 1024 }, { 8, 491, 1024 }, { 7, 492, 1024 }, { 8, 493, 1024 }, { 8, 494, 1024 }, { 9, 495, 1024 },
+   { 6, 496, 1024 }, { 7, 497, 1024 }, { 7, 498, 1024 }, { 8, 499, 1024 }, { 7, 500, 1024 }, { 8, 501, 1024 }, { 8, 502, 1024 }, { 9, 503, 1024 },
+   { 7, 504, 1024 }, { 8, 505, 1024 }, { 8, 506, 1024 }, { 9, 507, 1024 }, { 8, 508, 1024 }, { 9, 509, 1024 }, { 9, 510, 1024 }, { 10, 511, 1024 },
+   { 2, 512, 1024 }, { 3, 513, 1024 }, { 3, 514, 1024 }, { 4, 515, 1024 }, { 3, 516, 1024 }, { 4, 517, 1024 }, { 4, 518, 1024 }, { 5, 519, 1024 },
+   { 3, 520, 1024 }, { 4, 521, 1024 }, { 4, 522, 1024 }, { 5, 523, 1024 }, { 4, 524, 1024 }, { 5, 525, 1024 }, { 5, 526, 1024 }, { 6, 527, 1024 },
+   { 3, 528, 1024 }, { 4, 529, 1024 }, { 4, 530, 1024 }, { 5, 531, 1024 }, { 4, 532, 1024 }, { 5, 533, 1024 }, { 5, 534, 1024 }, { 6, 535, 1024 },
+   { 4, 536, 1024 }, { 5, 537, 1024 }, { 5, 538, 1024 }, { 6, 539, 1024 }, { 5, 540, 1024 }, { 6, 541, 1024 }, { 6, 542, 1024 }, { 7, 543, 1024 },
+   { 3, 544, 1024 }, { 4, 545, 1024 }, { 4, 546, 1024 }, { 5, 547, 1024 }, { 4, 548, 1024 }, { 5, 549, 1024 }, { 5, 550, 1024 }, { 6, 551, 1024 },
+   { 4, 552, 1024 }, { 5, 553, 1024 }, { 5, 554, 1024 }, { 6, 555, 1024 }, { 5, 556, 1024 }, { 6, 557, 1024 }, { 6, 558, 1024 }, { 7, 559, 1024 },
+   { 4, 560, 1024 }, { 5, 561, 1024 }, { 5, 562, 1024 }, { 6, 563, 1024 }, { 5, 564, 1024 }, { 6, 565, 1024 }, { 6, 566, 1024 }, { 7, 567, 1024 },
+   { 5, 568, 1024 }, { 6, 569, 1024 }, { 6, 570, 1024 }, { 7, 571, 1024 }, { 6, 572, 1024 }, { 7, 573, 1024 }, { 7, 574, 1024 }, { 8, 575, 1024 },
+   { 3, 576, 1024 }, { 4, 577, 1024 }, { 4, 578, 1024 }, { 5, 579, 1024 }, { 4, 580, 1024 }, { 5, 581, 1024 }, { 5, 582, 1024 }, { 6, 583, 1024 },
+   { 4, 584, 1024 }, { 5, 585, 1024 }, { 5, 586, 1024 }, { 6, 587, 1024 }, { 5, 588, 1024 }, { 6, 589, 1024 }, { 6, 590, 1024 }, { 7, 591, 1024 },
+   { 4, 592, 1024 }, { 5, 593, 1024 }, { 5, 594, 1024 }, { 6, 595, 1024 }, { 5, 596, 1024 }, { 6, 597, 1024 }, { 6, 598, 1024 }, { 7, 599, 1024 },
+   { 5, 600, 1024 }, { 6, 601, 1024 }, { 6, 602, 1024 }, { 7, 603, 1024 }, { 6, 604, 1024 }, { 7, 605, 1024 }, { 7, 606, 1024 }, { 8, 607, 1024 },
+   { 4, 608, 1024 }, { 5, 609, 1024 }, { 5, 610, 1024 }, { 6, 611, 1024 }, { 5, 612, 1024 }, { 6, 613, 1024 }, { 6, 614, 1024 }, { 7, 615, 1024 },
+   { 5, 616, 1024 }, { 6, 617, 1024 }, { 6, 618, 1024 }, { 7, 619, 1024 }, { 6, 620, 1024 }, { 7, 621, 1024 }, { 7, 622, 1024 }, { 8, 623, 1024 },
+   { 5, 624, 1024 }, { 6, 625, 1024 }, { 6, 626, 1024 }, { 7, 627, 1024 }, { 6, 628, 1024 }, { 7, 629, 1024 }, { 7, 630, 1024 }, { 8, 631, 1024 },
+   { 6, 632, 1024 }, { 7, 633, 1024 }, { 7, 634, 1024 }, { 8, 635, 1024 }, { 7, 636, 1024 }, { 8, 637, 1024 }, { 8, 638, 1024 }, { 9, 639, 1024 },
+   { 3, 640, 1024 }, { 4, 641, 1024 }, { 4, 642, 1024 }, { 5, 643, 1024 }, { 4, 644, 1024 }, { 5, 645, 1024 }, { 5, 646, 1024 }, { 6, 647, 1024 },
+   { 4, 648, 1024 }, { 5, 649, 1024 }, { 5, 650, 1024 }, { 6, 651, 1024 }, { 5, 652, 1024 }, { 6, 653, 1024 }, { 6, 654, 1024 }, { 7, 655, 1024 },
+   { 4, 656, 1024 }, { 5, 657, 1024 }, { 5, 658, 1024 }, { 6, 659, 1024 }, { 5, 660, 1024 }, { 6, 661, 1024 }, { 6, 662, 1024 }, { 7, 663, 1024 },
+   { 5, 664, 1024 }, { 6, 665, 1024 }, { 6, 666, 1024 }, { 7, 667, 1024 }, { 6, 668, 1024 }, { 7, 669, 1024 }, { 7, 670, 1024 }, { 8, 671, 1024 },
+   { 4, 672, 1024 }, { 5, 673, 1024 }, { 5, 674, 1024 }, { 6, 675, 1024 }, { 5, 676, 1024 }, { 6, 677, 1024 }, { 6, 678, 1024 }, { 7, 679, 1024 },
+   { 5, 680, 1024 }, { 6, 681, 1024 }, { 6, 682, 1024 }, { 7, 683, 1024 }, { 6, 684, 1024 }, { 7, 685, 1024 }, { 7, 686, 1024 }, { 8, 687, 1024 },
+   { 5, 688, 1024 }, { 6, 689, 1024 }, { 6, 690, 1024 }, { 7, 691, 1024 }, { 6, 692, 1024 }, { 7, 693, 1024 }, { 7, 694, 1024 }, { 8, 695, 1024 },
+   { 6, 696, 1024 }, { 7, 697, 1024 }, { 7, 698, 1024 }, { 8, 699, 1024 }, { 7, 700, 1024 }, { 8, 701, 1024 }, { 8, 702, 1024 }, { 9, 703, 1024 },
+   { 4, 704, 1024 }, { 5, 705, 1024 }, { 5, 706, 1024 }, { 6, 707, 1024 }, { 5, 708, 1024 }, { 6, 709, 1024 }, { 6, 710, 1024 }, { 7, 711, 1024 },
+   { 5, 712, 1024 }, { 6, 713, 1024 }, { 6, 714, 1024 }, { 7, 715, 1024 }, { 6, 716, 1024 }, { 7, 717, 1024 }, { 7, 718, 1024 }, { 8, 719, 1024 },
+   { 5, 720, 1024 }, { 6, 721, 1024 }, { 6, 722, 1024 }, { 7, 723, 1024 }, { 6, 724, 1024 }, { 7, 725, 1024 }, { 7, 726, 1024 }, { 8, 727, 1024 },
+   { 6, 728, 1024 }, { 7, 729, 1024 }, { 7, 730, 1024 }, { 8, 731, 1024 }, { 7, 732, 1024 }, { 8, 733, 1024 }, { 8, 734, 1024 }, { 9, 735, 1024 },
+   { 5, 736, 1024 }, { 6, 737, 1024 }, { 6, 738, 1024 }, { 7, 739, 1024 }, { 6, 740, 1024 }, { 7, 741, 1024 }, { 7, 742, 1024 }, { 8, 743, 1024 },
+   { 6, 744, 1024 }, { 7, 745, 1024 }, { 7, 746, 1024 }, { 8, 747, 1024 }, { 7, 748, 1024 }, { 8, 749, 1024 }, { 8, 750, 1024 }, { 9, 751, 1024 },
+   { 6, 752, 1024 }, { 7, 753, 1024 }, { 7, 754, 1024 }, { 8, 755, 1024 }, { 7, 756, 1024 }, { 8, 757, 1024 }, { 8, 758, 1024 }, { 9, 759, 1024 },
+   { 7, 760, 1024 }, { 8, 761, 1024 }, { 8, 762, 1024 }, { 9, 763, 1024 }, { 8, 764, 1024 }, { 9, 765, 1024 }, { 9, 766, 1024 }, { 10, 767, 1024 },
+   { 3, 768, 1024 }, { 4, 769, 1024 }, { 4, 770, 1024 }, { 5, 771, 1024 }, { 4, 772, 1024 }, { 5, 773, 1024 }, { 5, 774, 1024 }, { 6, 775, 1024 },
+   { 4, 776, 1024 }, { 5, 777, 1024 }, { 5, 778, 1024 }, { 6, 779, 1024 }, { 5, 780, 1024 }, { 6, 781, 1024 }, { 6, 782, 1024 }, { 7, 783, 1024 },
+   { 4, 784, 1024 }, { 5, 785, 1024 }, { 5, 786, 1024 }, { 6, 787, 1024 }, { 5, 788, 1024 }, { 6, 789, 1024 }, { 6, 790, 1024 }, { 7, 791, 1024 },
+   { 5, 792, 1024 }, { 6, 793, 1024 }, { 6, 794, 1024 }, { 7, 795, 1024 }, { 6, 796, 1024 }, { 7, 797, 1024 }, { 7, 798, 1024 }, { 8, 799, 1024 },
+   { 4, 800, 1024 }, { 5, 801, 1024 }, { 5, 802, 1024 }, { 6, 803, 1024 }, { 5, 804, 1024 }, { 6, 805, 1024 }, { 6, 806, 1024 }, { 7, 807, 1024 },
+   { 5, 808, 1024 }, { 6, 809, 1024 }, { 6, 810, 1024 }, { 7, 811, 1024 }, { 6, 812, 1024 }, { 7, 813, 1024 }, { 7, 814, 1024 }, { 8, 815, 1024 },
+   { 5, 816, 1024 }, { 6, 817, 1024 }, { 6, 818, 1024 }, { 7, 819, 1024 }, { 6, 820, 1024 }, { 7, 821, 1024 }, { 7, 822, 1024 }, { 8, 823, 1024 },
+   { 6, 824, 1024 }, { 7, 825, 1024 }, { 7, 826, 1024 }, { 8, 827, 1024 }, { 7, 828, 1024 }, { 8, 829, 1024 }, { 8, 830, 1024 }, { 9, 831, 1024 },
+   { 4, 832, 1024 }, { 5, 833, 1024 }, { 5, 834, 1024 }, { 6, 835, 1024 }, { 5, 836, 1024 }, { 6, 837, 1024 }, { 6, 838, 1024 }, { 7, 839, 1024 },
+   { 5, 840, 1024 }, { 6, 841, 1024 }, { 6, 842, 1024 }, { 7, 843, 1024 }, { 6, 844, 1024 }, { 7, 845, 1024 }, { 7, 846, 1024 }, { 8, 847, 1024 },
+   { 5, 848, 1024 }, { 6, 849, 1024 }, { 6, 850, 1024 }, { 7, 851, 1024 }, { 6, 852, 1024 }, { 7, 853, 1024 }, { 7, 854, 1024 }, { 8, 855, 1024 },
+   { 6, 856, 1024 }, { 7, 857, 1024 }, { 7, 858, 1024 }, { 8, 859, 1024 }, { 7, 860, 1024 }, { 8, 861, 1024 }, { 8, 862, 1024 }, { 9, 863, 1024 },
+   { 5, 864, 1024 }, { 6, 865, 1024 }, { 6, 866, 1024 }, { 7, 867, 1024 }, { 6, 868, 1024 }, { 7, 869, 1024 }, { 7, 870, 1024 }, { 8, 871, 1024 },
+   { 6, 872, 1024 }, { 7, 873, 1024 }, { 7, 874, 1024 }, { 8, 875, 1024 }, { 7, 876, 1024 }, { 8, 877, 1024 }, { 8, 878, 1024 }, { 9, 879, 1024 },
+   { 6, 880, 1024 }, { 7, 881, 1024 }, { 7, 882, 1024 }, { 8, 883, 1024 }, { 7, 884, 1024 }, { 8, 885, 1024 }, { 8, 886, 1024 }, { 9, 887, 1024 },
+   { 7, 888, 1024 }, { 8, 889, 1024 }, { 8, 890, 1024 }, { 9, 891, 1024 }, { 8, 892, 1024 }, { 9, 893, 1024 }, { 9, 894, 1024 }, { 10, 895, 1024 },
+   { 4, 896, 1024 }, { 5, 897, 1024 }, { 5, 898, 1024 }, { 6, 899, 1024 }, { 5, 900, 1024 }, { 6, 901, 1024 }, { 6, 902, 1024 }, { 7, 903, 1024 },
+   { 5, 904, 1024 }, { 6, 905, 1024 }, { 6, 906, 1024 }, { 7, 907, 1024 }, { 6, 908, 1024 }, { 7, 909, 1024 }, { 7, 910, 1024 }, { 8, 911, 1024 },
+   { 5, 912, 1024 }, { 6, 913, 1024 }, { 6, 914, 1024 }, { 7, 915, 1024 }, { 6, 916, 1024 }, { 7, 917, 1024 }, { 7, 918, 1024 }, { 8, 919, 1024 },
+   { 6, 920, 1024 }, { 7, 921, 1024 }, { 7, 922, 1024 }, { 8, 923, 1024 }, { 7, 924, 1024 }, { 8, 925, 1024 }, { 8, 926, 1024 }, { 9, 927, 1024 },
+   { 5, 928, 1024 }, { 6, 929, 1024 }, { 6, 930, 1024 }, { 7, 931, 1024 }, { 6, 932, 1024 }, { 7, 933, 1024 }, { 7, 934, 1024 }, { 8, 935, 1024 },
+   { 6, 936, 1024 }, { 7, 937, 1024 }, { 7, 938, 1024 }, { 8, 939, 1024 }, { 7, 940, 1024 }, { 8, 941, 1024 }, { 8, 942, 1024 }, { 9, 943, 1024 },
+   { 6, 944, 1024 }, { 7, 945, 1024 }, { 7, 946, 1024 }, { 8, 947, 1024 }, { 7, 948, 1024 }, { 8, 949, 1024 }, { 8, 950, 1024 }, { 9, 951, 1024 },
+   { 7, 952, 1024 }, { 8, 953, 1024 }, { 8, 954, 1024 }, { 9, 955, 1024 }, { 8, 956, 1024 }, { 9, 957, 1024 }, { 9, 958, 1024 }, { 10, 959, 1024 },
+   { 5, 960, 1024 }, { 6, 961, 1024 }, { 6, 962, 1024 }, { 7, 963, 1024 }, { 6, 964, 1024 }, { 7, 965, 1024 }, { 7, 966, 1024 }, { 8, 967, 1024 },
+   { 6, 968, 1024 }, { 7, 969, 1024 }, { 7, 970, 1024 }, { 8, 971, 1024 }, { 7, 972, 1024 }, { 8, 973, 1024 }, { 8, 974, 1024 }, { 9, 975, 1024 },
+   { 6, 976, 1024 }, { 7, 977, 1024 }, { 7, 978, 1024 }, { 8, 979, 1024 }, { 7, 980, 1024 }, { 8, 981, 1024 }, { 8, 982, 1024 }, { 9, 983, 1024 },
+   { 7, 984, 1024 }, { 8, 985, 1024 }, { 8, 986, 1024 }, { 9, 987, 1024 }, { 8, 988, 1024 }, { 9, 989, 1024 }, { 9, 990, 1024 }, { 10, 991, 1024 },
+   { 6, 992, 1024 }, { 7, 993, 1024 }, { 7, 994, 1024 }, { 8, 995, 1024 }, { 7, 996, 1024 }, { 8, 997, 1024 }, { 8, 998, 1024 }, { 9, 999, 1024 },
+   { 7, 1000, 1024 }, { 8, 1001, 1024 }, { 8, 1002, 1024 }, { 9, 1003, 1024 }, { 8, 1004, 1024 }, { 9, 1005, 1024 }, { 9, 1006, 1024 }, { 10, 1007, 1024 },
+   { 7, 1008, 1024 }, { 8, 1009, 1024 }, { 8, 1010, 1024 }, { 9, 1011, 1024 }, { 8, 1012, 1024 }, { 9, 1013, 1024 }, { 9, 1014, 1024 }, { 10, 1015, 1024 },
+   { 8, 1016, 1024 }, { 9, 1017, 1024 }, { 9, 1018, 1024 }, { 10, 1019, 1024 }, { 9, 1020, 1024 }, { 10, 1021, 1024 }, { 10, 1022, 1024 }, { 11, 1023, 1024 },
 #if FP_LUT > 11
-   { 1, 0, 0 }, { 2, 1, 2048 }, { 2, 2, 2048 }, { 3, 3, 2048 }, { 2, 4, 2048 }, { 3, 5, 2048 }, { 3, 6, 2048 }, { 4, 7, 2048 }, 
-   { 2, 8, 2048 }, { 3, 9, 2048 }, { 3, 10, 2048 }, { 4, 11, 2048 }, { 3, 12, 2048 }, { 4, 13, 2048 }, { 4, 14, 2048 }, { 5, 15, 2048 }, 
-   { 2, 16, 2048 }, { 3, 17, 2048 }, { 3, 18, 2048 }, { 4, 19, 2048 }, { 3, 20, 2048 }, { 4, 21, 2048 }, { 4, 22, 2048 }, { 5, 23, 2048 }, 
-   { 3, 24, 2048 }, { 4, 25, 2048 }, { 4, 26, 2048 }, { 5, 27, 2048 }, { 4, 28, 2048 }, { 5, 29, 2048 }, { 5, 30, 2048 }, { 6, 31, 2048 }, 
-   { 2, 32, 2048 }, { 3, 33, 2048 }, { 3, 34, 2048 }, { 4, 35, 2048 }, { 3, 36, 2048 }, { 4, 37, 2048 }, { 4, 38, 2048 }, { 5, 39, 2048 }, 
-   { 3, 40, 2048 }, { 4, 41, 2048 }, { 4, 42, 2048 }, { 5, 43, 2048 }, { 4, 44, 2048 }, { 5, 45, 2048 }, { 5, 46, 2048 }, { 6, 47, 2048 }, 
-   { 3, 48, 2048 }, { 4, 49, 2048 }, { 4, 50, 2048 }, { 5, 51, 2048 }, { 4, 52, 2048 }, { 5, 53, 2048 }, { 5, 54, 2048 }, { 6, 55, 2048 }, 
-   { 4, 56, 2048 }, { 5, 57, 2048 }, { 5, 58, 2048 }, { 6, 59, 2048 }, { 5, 60, 2048 }, { 6, 61, 2048 }, { 6, 62, 2048 }, { 7, 63, 2048 }, 
-   { 2, 64, 2048 }, { 3, 65, 2048 }, { 3, 66, 2048 }, { 4, 67, 2048 }, { 3, 68, 2048 }, { 4, 69, 2048 }, { 4, 70, 2048 }, { 5, 71, 2048 }, 
-   { 3, 72, 2048 }, { 4, 73, 2048 }, { 4, 74, 2048 }, { 5, 75, 2048 }, { 4, 76, 2048 }, { 5, 77, 2048 }, { 5, 78, 2048 }, { 6, 79, 2048 }, 
-   { 3, 80, 2048 }, { 4, 81, 2048 }, { 4, 82, 2048 }, { 5, 83, 2048 }, { 4, 84, 2048 }, { 5, 85, 2048 }, { 5, 86, 2048 }, { 6, 87, 2048 }, 
-   { 4, 88, 2048 }, { 5, 89, 2048 }, { 5, 90, 2048 }, { 6, 91, 2048 }, { 5, 92, 2048 }, { 6, 93, 2048 }, { 6, 94, 2048 }, { 7, 95, 2048 }, 
-   { 3, 96, 2048 }, { 4, 97, 2048 }, { 4, 98, 2048 }, { 5, 99, 2048 }, { 4, 100, 2048 }, { 5, 101, 2048 }, { 5, 102, 2048 }, { 6, 103, 2048 }, 
-   { 4, 104, 2048 }, { 5, 105, 2048 }, { 5, 106, 2048 }, { 6, 107, 2048 }, { 5, 108, 2048 }, { 6, 109, 2048 }, { 6, 110, 2048 }, { 7, 111, 2048 }, 
-   { 4, 112, 2048 }, { 5, 113, 2048 }, { 5, 114, 2048 }, { 6, 115, 2048 }, { 5, 116, 2048 }, { 6, 117, 2048 }, { 6, 118, 2048 }, { 7, 119, 2048 }, 
-   { 5, 120, 2048 }, { 6, 121, 2048 }, { 6, 122, 2048 }, { 7, 123, 2048 }, { 6, 124, 2048 }, { 7, 125, 2048 }, { 7, 126, 2048 }, { 8, 127, 2048 }, 
-   { 2, 128, 2048 }, { 3, 129, 2048 }, { 3, 130, 2048 }, { 4, 131, 2048 }, { 3, 132, 2048 }, { 4, 133, 2048 }, { 4, 134, 2048 }, { 5, 135, 2048 }, 
-   { 3, 136, 2048 }, { 4, 137, 2048 }, { 4, 138, 2048 }, { 5, 139, 2048 }, { 4, 140, 2048 }, { 5, 141, 2048 }, { 5, 142, 2048 }, { 6, 143, 2048 }, 
-   { 3, 144, 2048 }, { 4, 145, 2048 }, { 4, 146, 2048 }, { 5, 147, 2048 }, { 4, 148, 2048 }, { 5, 149, 2048 }, { 5, 150, 2048 }, { 6, 151, 2048 }, 
-   { 4, 152, 2048 }, { 5, 153, 2048 }, { 5, 154, 2048 }, { 6, 155, 2048 }, { 5, 156, 2048 }, { 6, 157, 2048 }, { 6, 158, 2048 }, { 7, 159, 2048 }, 
-   { 3, 160, 2048 }, { 4, 161, 2048 }, { 4, 162, 2048 }, { 5, 163, 2048 }, { 4, 164, 2048 }, { 5, 165, 2048 }, { 5, 166, 2048 }, { 6, 167, 2048 }, 
-   { 4, 168, 2048 }, { 5, 169, 2048 }, { 5, 170, 2048 }, { 6, 171, 2048 }, { 5, 172, 2048 }, { 6, 173, 2048 }, { 6, 174, 2048 }, { 7, 175, 2048 }, 
-   { 4, 176, 2048 }, { 5, 177, 2048 }, { 5, 178, 2048 }, { 6, 179, 2048 }, { 5, 180, 2048 }, { 6, 181, 2048 }, { 6, 182, 2048 }, { 7, 183, 2048 }, 
-   { 5, 184, 2048 }, { 6, 185, 2048 }, { 6, 186, 2048 }, { 7, 187, 2048 }, { 6, 188, 2048 }, { 7, 189, 2048 }, { 7, 190, 2048 }, { 8, 191, 2048 }, 
-   { 3, 192, 2048 }, { 4, 193, 2048 }, { 4, 194, 2048 }, { 5, 195, 2048 }, { 4, 196, 2048 }, { 5, 197, 2048 }, { 5, 198, 2048 }, { 6, 199, 2048 }, 
-   { 4, 200, 2048 }, { 5, 201, 2048 }, { 5, 202, 2048 }, { 6, 203, 2048 }, { 5, 204, 2048 }, { 6, 205, 2048 }, { 6, 206, 2048 }, { 7, 207, 2048 }, 
-   { 4, 208, 2048 }, { 5, 209, 2048 }, { 5, 210, 2048 }, { 6, 211, 2048 }, { 5, 212, 2048 }, { 6, 213, 2048 }, { 6, 214, 2048 }, { 7, 215, 2048 }, 
-   { 5, 216, 2048 }, { 6, 217, 2048 }, { 6, 218, 2048 }, { 7, 219, 2048 }, { 6, 220, 2048 }, { 7, 221, 2048 }, { 7, 222, 2048 }, { 8, 223, 2048 }, 
-   { 4, 224, 2048 }, { 5, 225, 2048 }, { 5, 226, 2048 }, { 6, 227, 2048 }, { 5, 228, 2048 }, { 6, 229, 2048 }, { 6, 230, 2048 }, { 7, 231, 2048 }, 
-   { 5, 232, 2048 }, { 6, 233, 2048 }, { 6, 234, 2048 }, { 7, 235, 2048 }, { 6, 236, 2048 }, { 7, 237, 2048 }, { 7, 238, 2048 }, { 8, 239, 2048 }, 
-   { 5, 240, 2048 }, { 6, 241, 2048 }, { 6, 242, 2048 }, { 7, 243, 2048 }, { 6, 244, 2048 }, { 7, 245, 2048 }, { 7, 246, 2048 }, { 8, 247, 2048 }, 
-   { 6, 248, 2048 }, { 7, 249, 2048 }, { 7, 250, 2048 }, { 8, 251, 2048 }, { 7, 252, 2048 }, { 8, 253, 2048 }, { 8, 254, 2048 }, { 9, 255, 2048 }, 
-   { 2, 256, 2048 }, { 3, 257, 2048 }, { 3, 258, 2048 }, { 4, 259, 2048 }, { 3, 260, 2048 }, { 4, 261, 2048 }, { 4, 262, 2048 }, { 5, 263, 2048 }, 
-   { 3, 264, 2048 }, { 4, 265, 2048 }, { 4, 266, 2048 }, { 5, 267, 2048 }, { 4, 268, 2048 }, { 5, 269, 2048 }, { 5, 270, 2048 }, { 6, 271, 2048 }, 
-   { 3, 272, 2048 }, { 4, 273, 2048 }, { 4, 274, 2048 }, { 5, 275, 2048 }, { 4, 276, 2048 }, { 5, 277, 2048 }, { 5, 278, 2048 }, { 6, 279, 2048 }, 
-   { 4, 280, 2048 }, { 5, 281, 2048 }, { 5, 282, 2048 }, { 6, 283, 2048 }, { 5, 284, 2048 }, { 6, 285, 2048 }, { 6, 286, 2048 }, { 7, 287, 2048 }, 
-   { 3, 288, 2048 }, { 4, 289, 2048 }, { 4, 290, 2048 }, { 5, 291, 2048 }, { 4, 292, 2048 }, { 5, 293, 2048 }, { 5, 294, 2048 }, { 6, 295, 2048 }, 
-   { 4, 296, 2048 }, { 5, 297, 2048 }, { 5, 298, 2048 }, { 6, 299, 2048 }, { 5, 300, 2048 }, { 6, 301, 2048 }, { 6, 302, 2048 }, { 7, 303, 2048 }, 
-   { 4, 304, 2048 }, { 5, 305, 2048 }, { 5, 306, 2048 }, { 6, 307, 2048 }, { 5, 308, 2048 }, { 6, 309, 2048 }, { 6, 310, 2048 }, { 7, 311, 2048 }, 
-   { 5, 312, 2048 }, { 6, 313, 2048 }, { 6, 314, 2048 }, { 7, 315, 2048 }, { 6, 316, 2048 }, { 7, 317, 2048 }, { 7, 318, 2048 }, { 8, 319, 2048 }, 
-   { 3, 320, 2048 }, { 4, 321, 2048 }, { 4, 322, 2048 }, { 5, 323, 2048 }, { 4, 324, 2048 }, { 5, 325, 2048 }, { 5, 326, 2048 }, { 6, 327, 2048 }, 
-   { 4, 328, 2048 }, { 5, 329, 2048 }, { 5, 330, 2048 }, { 6, 331, 2048 }, { 5, 332, 2048 }, { 6, 333, 2048 }, { 6, 334, 2048 }, { 7, 335, 2048 }, 
-   { 4, 336, 2048 }, { 5, 337, 2048 }, { 5, 338, 2048 }, { 6, 339, 2048 }, { 5, 340, 2048 }, { 6, 341, 2048 }, { 6, 342, 2048 }, { 7, 343, 2048 }, 
-   { 5, 344, 2048 }, { 6, 345, 2048 }, { 6, 346, 2048 }, { 7, 347, 2048 }, { 6, 348, 2048 }, { 7, 349, 2048 }, { 7, 350, 2048 }, { 8, 351, 2048 }, 
-   { 4, 352, 2048 }, { 5, 353, 2048 }, { 5, 354, 2048 }, { 6, 355, 2048 }, { 5, 356, 2048 }, { 6, 357, 2048 }, { 6, 358, 2048 }, { 7, 359, 2048 }, 
-   { 5, 360, 2048 }, { 6, 361, 2048 }, { 6, 362, 2048 }, { 7, 363, 2048 }, { 6, 364, 2048 }, { 7, 365, 2048 }, { 7, 366, 2048 }, { 8, 367, 2048 }, 
-   { 5, 368, 2048 }, { 6, 369, 2048 }, { 6, 370, 2048 }, { 7, 371, 2048 }, { 6, 372, 2048 }, { 7, 373, 2048 }, { 7, 374, 2048 }, { 8, 375, 2048 }, 
-   { 6, 376, 2048 }, { 7, 377, 2048 }, { 7, 378, 2048 }, { 8, 379, 2048 }, { 7, 380, 2048 }, { 8, 381, 2048 }, { 8, 382, 2048 }, { 9, 383, 2048 }, 
-   { 3, 384, 2048 }, { 4, 385, 2048 }, { 4, 386, 2048 }, { 5, 387, 2048 }, { 4, 388, 2048 }, { 5, 389, 2048 }, { 5, 390, 2048 }, { 6, 391, 2048 }, 
-   { 4, 392, 2048 }, { 5, 393, 2048 }, { 5, 394, 2048 }, { 6, 395, 2048 }, { 5, 396, 2048 }, { 6, 397, 2048 }, { 6, 398, 2048 }, { 7, 399, 2048 }, 
-   { 4, 400, 2048 }, { 5, 401, 2048 }, { 5, 402, 2048 }, { 6, 403, 2048 }, { 5, 404, 2048 }, { 6, 405, 2048 }, { 6, 406, 2048 }, { 7, 407, 2048 }, 
-   { 5, 408, 2048 }, { 6, 409, 2048 }, { 6, 410, 2048 }, { 7, 411, 2048 }, { 6, 412, 2048 }, { 7, 413, 2048 }, { 7, 414, 2048 }, { 8, 415, 2048 }, 
-   { 4, 416, 2048 }, { 5, 417, 2048 }, { 5, 418, 2048 }, { 6, 419, 2048 }, { 5, 420, 2048 }, { 6, 421, 2048 }, { 6, 422, 2048 }, { 7, 423, 2048 }, 
-   { 5, 424, 2048 }, { 6, 425, 2048 }, { 6, 426, 2048 }, { 7, 427, 2048 }, { 6, 428, 2048 }, { 7, 429, 2048 }, { 7, 430, 2048 }, { 8, 431, 2048 }, 
-   { 5, 432, 2048 }, { 6, 433, 2048 }, { 6, 434, 2048 }, { 7, 435, 2048 }, { 6, 436, 2048 }, { 7, 437, 2048 }, { 7, 438, 2048 }, { 8, 439, 2048 }, 
-   { 6, 440, 2048 }, { 7, 441, 2048 }, { 7, 442, 2048 }, { 8, 443, 2048 }, { 7, 444, 2048 }, { 8, 445, 2048 }, { 8, 446, 2048 }, { 9, 447, 2048 }, 
-   { 4, 448, 2048 }, { 5, 449, 2048 }, { 5, 450, 2048 }, { 6, 451, 2048 }, { 5, 452, 2048 }, { 6, 453, 2048 }, { 6, 454, 2048 }, { 7, 455, 2048 }, 
-   { 5, 456, 2048 }, { 6, 457, 2048 }, { 6, 458, 2048 }, { 7, 459, 2048 }, { 6, 460, 2048 }, { 7, 461, 2048 }, { 7, 462, 2048 }, { 8, 463, 2048 }, 
-   { 5, 464, 2048 }, { 6, 465, 2048 }, { 6, 466, 2048 }, { 7, 467, 2048 }, { 6, 468, 2048 }, { 7, 469, 2048 }, { 7, 470, 2048 }, { 8, 471, 2048 }, 
-   { 6, 472, 2048 }, { 7, 473, 2048 }, { 7, 474, 2048 }, { 8, 475, 2048 }, { 7, 476, 2048 }, { 8, 477, 2048 }, { 8, 478, 2048 }, { 9, 479, 2048 }, 
-   { 5, 480, 2048 }, { 6, 481, 2048 }, { 6, 482, 2048 }, { 7, 483, 2048 }, { 6, 484, 2048 }, { 7, 485, 2048 }, { 7, 486, 2048 }, { 8, 487, 2048 }, 
-   { 6, 488, 2048 }, { 7, 489, 2048 }, { 7, 490, 2048 }, { 8, 491, 2048 }, { 7, 492, 2048 }, { 8, 493, 2048 }, { 8, 494, 2048 }, { 9, 495, 2048 }, 
-   { 6, 496, 2048 }, { 7, 497, 2048 }, { 7, 498, 2048 }, { 8, 499, 2048 }, { 7, 500, 2048 }, { 8, 501, 2048 }, { 8, 502, 2048 }, { 9, 503, 2048 }, 
-   { 7, 504, 2048 }, { 8, 505, 2048 }, { 8, 506, 2048 }, { 9, 507, 2048 }, { 8, 508, 2048 }, { 9, 509, 2048 }, { 9, 510, 2048 }, { 10, 511, 2048 }, 
-   { 2, 512, 2048 }, { 3, 513, 2048 }, { 3, 514, 2048 }, { 4, 515, 2048 }, { 3, 516, 2048 }, { 4, 517, 2048 }, { 4, 518, 2048 }, { 5, 519, 2048 }, 
-   { 3, 520, 2048 }, { 4, 521, 2048 }, { 4, 522, 2048 }, { 5, 523, 2048 }, { 4, 524, 2048 }, { 5, 525, 2048 }, { 5, 526, 2048 }, { 6, 527, 2048 }, 
-   { 3, 528, 2048 }, { 4, 529, 2048 }, { 4, 530, 2048 }, { 5, 531, 2048 }, { 4, 532, 2048 }, { 5, 533, 2048 }, { 5, 534, 2048 }, { 6, 535, 2048 }, 
-   { 4, 536, 2048 }, { 5, 537, 2048 }, { 5, 538, 2048 }, { 6, 539, 2048 }, { 5, 540, 2048 }, { 6, 541, 2048 }, { 6, 542, 2048 }, { 7, 543, 2048 }, 
-   { 3, 544, 2048 }, { 4, 545, 2048 }, { 4, 546, 2048 }, { 5, 547, 2048 }, { 4, 548, 2048 }, { 5, 549, 2048 }, { 5, 550, 2048 }, { 6, 551, 2048 }, 
-   { 4, 552, 2048 }, { 5, 553, 2048 }, { 5, 554, 2048 }, { 6, 555, 2048 }, { 5, 556, 2048 }, { 6, 557, 2048 }, { 6, 558, 2048 }, { 7, 559, 2048 }, 
-   { 4, 560, 2048 }, { 5, 561, 2048 }, { 5, 562, 2048 }, { 6, 563, 2048 }, { 5, 564, 2048 }, { 6, 565, 2048 }, { 6, 566, 2048 }, { 7, 567, 2048 }, 
-   { 5, 568, 2048 }, { 6, 569, 2048 }, { 6, 570, 2048 }, { 7, 571, 2048 }, { 6, 572, 2048 }, { 7, 573, 2048 }, { 7, 574, 2048 }, { 8, 575, 2048 }, 
-   { 3, 576, 2048 }, { 4, 577, 2048 }, { 4, 578, 2048 }, { 5, 579, 2048 }, { 4, 580, 2048 }, { 5, 581, 2048 }, { 5, 582, 2048 }, { 6, 583, 2048 }, 
-   { 4, 584, 2048 }, { 5, 585, 2048 }, { 5, 586, 2048 }, { 6, 587, 2048 }, { 5, 588, 2048 }, { 6, 589, 2048 }, { 6, 590, 2048 }, { 7, 591, 2048 }, 
-   { 4, 592, 2048 }, { 5, 593, 2048 }, { 5, 594, 2048 }, { 6, 595, 2048 }, { 5, 596, 2048 }, { 6, 597, 2048 }, { 6, 598, 2048 }, { 7, 599, 2048 }, 
-   { 5, 600, 2048 }, { 6, 601, 2048 }, { 6, 602, 2048 }, { 7, 603, 2048 }, { 6, 604, 2048 }, { 7, 605, 2048 }, { 7, 606, 2048 }, { 8, 607, 2048 }, 
-   { 4, 608, 2048 }, { 5, 609, 2048 }, { 5, 610, 2048 }, { 6, 611, 2048 }, { 5, 612, 2048 }, { 6, 613, 2048 }, { 6, 614, 2048 }, { 7, 615, 2048 }, 
-   { 5, 616, 2048 }, { 6, 617, 2048 }, { 6, 618, 2048 }, { 7, 619, 2048 }, { 6, 620, 2048 }, { 7, 621, 2048 }, { 7, 622, 2048 }, { 8, 623, 2048 }, 
-   { 5, 624, 2048 }, { 6, 625, 2048 }, { 6, 626, 2048 }, { 7, 627, 2048 }, { 6, 628, 2048 }, { 7, 629, 2048 }, { 7, 630, 2048 }, { 8, 631, 2048 }, 
-   { 6, 632, 2048 }, { 7, 633, 2048 }, { 7, 634, 2048 }, { 8, 635, 2048 }, { 7, 636, 2048 }, { 8, 637, 2048 }, { 8, 638, 2048 }, { 9, 639, 2048 }, 
-   { 3, 640, 2048 }, { 4, 641, 2048 }, { 4, 642, 2048 }, { 5, 643, 2048 }, { 4, 644, 2048 }, { 5, 645, 2048 }, { 5, 646, 2048 }, { 6, 647, 2048 }, 
-   { 4, 648, 2048 }, { 5, 649, 2048 }, { 5, 650, 2048 }, { 6, 651, 2048 }, { 5, 652, 2048 }, { 6, 653, 2048 }, { 6, 654, 2048 }, { 7, 655, 2048 }, 
-   { 4, 656, 2048 }, { 5, 657, 2048 }, { 5, 658, 2048 }, { 6, 659, 2048 }, { 5, 660, 2048 }, { 6, 661, 2048 }, { 6, 662, 2048 }, { 7, 663, 2048 }, 
-   { 5, 664, 2048 }, { 6, 665, 2048 }, { 6, 666, 2048 }, { 7, 667, 2048 }, { 6, 668, 2048 }, { 7, 669, 2048 }, { 7, 670, 2048 }, { 8, 671, 2048 }, 
-   { 4, 672, 2048 }, { 5, 673, 2048 }, { 5, 674, 2048 }, { 6, 675, 2048 }, { 5, 676, 2048 }, { 6, 677, 2048 }, { 6, 678, 2048 }, { 7, 679, 2048 }, 
-   { 5, 680, 2048 }, { 6, 681, 2048 }, { 6, 682, 2048 }, { 7, 683, 2048 }, { 6, 684, 2048 }, { 7, 685, 2048 }, { 7, 686, 2048 }, { 8, 687, 2048 }, 
-   { 5, 688, 2048 }, { 6, 689, 2048 }, { 6, 690, 2048 }, { 7, 691, 2048 }, { 6, 692, 2048 }, { 7, 693, 2048 }, { 7, 694, 2048 }, { 8, 695, 2048 }, 
-   { 6, 696, 2048 }, { 7, 697, 2048 }, { 7, 698, 2048 }, { 8, 699, 2048 }, { 7, 700, 2048 }, { 8, 701, 2048 }, { 8, 702, 2048 }, { 9, 703, 2048 }, 
-   { 4, 704, 2048 }, { 5, 705, 2048 }, { 5, 706, 2048 }, { 6, 707, 2048 }, { 5, 708, 2048 }, { 6, 709, 2048 }, { 6, 710, 2048 }, { 7, 711, 2048 }, 
-   { 5, 712, 2048 }, { 6, 713, 2048 }, { 6, 714, 2048 }, { 7, 715, 2048 }, { 6, 716, 2048 }, { 7, 717, 2048 }, { 7, 718, 2048 }, { 8, 719, 2048 }, 
-   { 5, 720, 2048 }, { 6, 721, 2048 }, { 6, 722, 2048 }, { 7, 723, 2048 }, { 6, 724, 2048 }, { 7, 725, 2048 }, { 7, 726, 2048 }, { 8, 727, 2048 }, 
-   { 6, 728, 2048 }, { 7, 729, 2048 }, { 7, 730, 2048 }, { 8, 731, 2048 }, { 7, 732, 2048 }, { 8, 733, 2048 }, { 8, 734, 2048 }, { 9, 735, 2048 }, 
-   { 5, 736, 2048 }, { 6, 737, 2048 }, { 6, 738, 2048 }, { 7, 739, 2048 }, { 6, 740, 2048 }, { 7, 741, 2048 }, { 7, 742, 2048 }, { 8, 743, 2048 }, 
-   { 6, 744, 2048 }, { 7, 745, 2048 }, { 7, 746, 2048 }, { 8, 747, 2048 }, { 7, 748, 2048 }, { 8, 749, 2048 }, { 8, 750, 2048 }, { 9, 751, 2048 }, 
-   { 6, 752, 2048 }, { 7, 753, 2048 }, { 7, 754, 2048 }, { 8, 755, 2048 }, { 7, 756, 2048 }, { 8, 757, 2048 }, { 8, 758, 2048 }, { 9, 759, 2048 }, 
-   { 7, 760, 2048 }, { 8, 761, 2048 }, { 8, 762, 2048 }, { 9, 763, 2048 }, { 8, 764, 2048 }, { 9, 765, 2048 }, { 9, 766, 2048 }, { 10, 767, 2048 }, 
-   { 3, 768, 2048 }, { 4, 769, 2048 }, { 4, 770, 2048 }, { 5, 771, 2048 }, { 4, 772, 2048 }, { 5, 773, 2048 }, { 5, 774, 2048 }, { 6, 775, 2048 }, 
-   { 4, 776, 2048 }, { 5, 777, 2048 }, { 5, 778, 2048 }, { 6, 779, 2048 }, { 5, 780, 2048 }, { 6, 781, 2048 }, { 6, 782, 2048 }, { 7, 783, 2048 }, 
-   { 4, 784, 2048 }, { 5, 785, 2048 }, { 5, 786, 2048 }, { 6, 787, 2048 }, { 5, 788, 2048 }, { 6, 789, 2048 }, { 6, 790, 2048 }, { 7, 791, 2048 }, 
-   { 5, 792, 2048 }, { 6, 793, 2048 }, { 6, 794, 2048 }, { 7, 795, 2048 }, { 6, 796, 2048 }, { 7, 797, 2048 }, { 7, 798, 2048 }, { 8, 799, 2048 }, 
-   { 4, 800, 2048 }, { 5, 801, 2048 }, { 5, 802, 2048 }, { 6, 803, 2048 }, { 5, 804, 2048 }, { 6, 805, 2048 }, { 6, 806, 2048 }, { 7, 807, 2048 }, 
-   { 5, 808, 2048 }, { 6, 809, 2048 }, { 6, 810, 2048 }, { 7, 811, 2048 }, { 6, 812, 2048 }, { 7, 813, 2048 }, { 7, 814, 2048 }, { 8, 815, 2048 }, 
-   { 5, 816, 2048 }, { 6, 817, 2048 }, { 6, 818, 2048 }, { 7, 819, 2048 }, { 6, 820, 2048 }, { 7, 821, 2048 }, { 7, 822, 2048 }, { 8, 823, 2048 }, 
-   { 6, 824, 2048 }, { 7, 825, 2048 }, { 7, 826, 2048 }, { 8, 827, 2048 }, { 7, 828, 2048 }, { 8, 829, 2048 }, { 8, 830, 2048 }, { 9, 831, 2048 }, 
-   { 4, 832, 2048 }, { 5, 833, 2048 }, { 5, 834, 2048 }, { 6, 835, 2048 }, { 5, 836, 2048 }, { 6, 837, 2048 }, { 6, 838, 2048 }, { 7, 839, 2048 }, 
-   { 5, 840, 2048 }, { 6, 841, 2048 }, { 6, 842, 2048 }, { 7, 843, 2048 }, { 6, 844, 2048 }, { 7, 845, 2048 }, { 7, 846, 2048 }, { 8, 847, 2048 }, 
-   { 5, 848, 2048 }, { 6, 849, 2048 }, { 6, 850, 2048 }, { 7, 851, 2048 }, { 6, 852, 2048 }, { 7, 853, 2048 }, { 7, 854, 2048 }, { 8, 855, 2048 }, 
-   { 6, 856, 2048 }, { 7, 857, 2048 }, { 7, 858, 2048 }, { 8, 859, 2048 }, { 7, 860, 2048 }, { 8, 861, 2048 }, { 8, 862, 2048 }, { 9, 863, 2048 }, 
-   { 5, 864, 2048 }, { 6, 865, 2048 }, { 6, 866, 2048 }, { 7, 867, 2048 }, { 6, 868, 2048 }, { 7, 869, 2048 }, { 7, 870, 2048 }, { 8, 871, 2048 }, 
-   { 6, 872, 2048 }, { 7, 873, 2048 }, { 7, 874, 2048 }, { 8, 875, 2048 }, { 7, 876, 2048 }, { 8, 877, 2048 }, { 8, 878, 2048 }, { 9, 879, 2048 }, 
-   { 6, 880, 2048 }, { 7, 881, 2048 }, { 7, 882, 2048 }, { 8, 883, 2048 }, { 7, 884, 2048 }, { 8, 885, 2048 }, { 8, 886, 2048 }, { 9, 887, 2048 }, 
-   { 7, 888, 2048 }, { 8, 889, 2048 }, { 8, 890, 2048 }, { 9, 891, 2048 }, { 8, 892, 2048 }, { 9, 893, 2048 }, { 9, 894, 2048 }, { 10, 895, 2048 }, 
-   { 4, 896, 2048 }, { 5, 897, 2048 }, { 5, 898, 2048 }, { 6, 899, 2048 }, { 5, 900, 2048 }, { 6, 901, 2048 }, { 6, 902, 2048 }, { 7, 903, 2048 }, 
-   { 5, 904, 2048 }, { 6, 905, 2048 }, { 6, 906, 2048 }, { 7, 907, 2048 }, { 6, 908, 2048 }, { 7, 909, 2048 }, { 7, 910, 2048 }, { 8, 911, 2048 }, 
-   { 5, 912, 2048 }, { 6, 913, 2048 }, { 6, 914, 2048 }, { 7, 915, 2048 }, { 6, 916, 2048 }, { 7, 917, 2048 }, { 7, 918, 2048 }, { 8, 919, 2048 }, 
-   { 6, 920, 2048 }, { 7, 921, 2048 }, { 7, 922, 2048 }, { 8, 923, 2048 }, { 7, 924, 2048 }, { 8, 925, 2048 }, { 8, 926, 2048 }, { 9, 927, 2048 }, 
-   { 5, 928, 2048 }, { 6, 929, 2048 }, { 6, 930, 2048 }, { 7, 931, 2048 }, { 6, 932, 2048 }, { 7, 933, 2048 }, { 7, 934, 2048 }, { 8, 935, 2048 }, 
-   { 6, 936, 2048 }, { 7, 937, 2048 }, { 7, 938, 2048 }, { 8, 939, 2048 }, { 7, 940, 2048 }, { 8, 941, 2048 }, { 8, 942, 2048 }, { 9, 943, 2048 }, 
-   { 6, 944, 2048 }, { 7, 945, 2048 }, { 7, 946, 2048 }, { 8, 947, 2048 }, { 7, 948, 2048 }, { 8, 949, 2048 }, { 8, 950, 2048 }, { 9, 951, 2048 }, 
-   { 7, 952, 2048 }, { 8, 953, 2048 }, { 8, 954, 2048 }, { 9, 955, 2048 }, { 8, 956, 2048 }, { 9, 957, 2048 }, { 9, 958, 2048 }, { 10, 959, 2048 }, 
-   { 5, 960, 2048 }, { 6, 961, 2048 }, { 6, 962, 2048 }, { 7, 963, 2048 }, { 6, 964, 2048 }, { 7, 965, 2048 }, { 7, 966, 2048 }, { 8, 967, 2048 }, 
-   { 6, 968, 2048 }, { 7, 969, 2048 }, { 7, 970, 2048 }, { 8, 971, 2048 }, { 7, 972, 2048 }, { 8, 973, 2048 }, { 8, 974, 2048 }, { 9, 975, 2048 }, 
-   { 6, 976, 2048 }, { 7, 977, 2048 }, { 7, 978, 2048 }, { 8, 979, 2048 }, { 7, 980, 2048 }, { 8, 981, 2048 }, { 8, 982, 2048 }, { 9, 983, 2048 }, 
-   { 7, 984, 2048 }, { 8, 985, 2048 }, { 8, 986, 2048 }, { 9, 987, 2048 }, { 8, 988, 2048 }, { 9, 989, 2048 }, { 9, 990, 2048 }, { 10, 991, 2048 }, 
-   { 6, 992, 2048 }, { 7, 993, 2048 }, { 7, 994, 2048 }, { 8, 995, 2048 }, { 7, 996, 2048 }, { 8, 997, 2048 }, { 8, 998, 2048 }, { 9, 999, 2048 }, 
-   { 7, 1000, 2048 }, { 8, 1001, 2048 }, { 8, 1002, 2048 }, { 9, 1003, 2048 }, { 8, 1004, 2048 }, { 9, 1005, 2048 }, { 9, 1006, 2048 }, { 10, 1007, 2048 }, 
-   { 7, 1008, 2048 }, { 8, 1009, 2048 }, { 8, 1010, 2048 }, { 9, 1011, 2048 }, { 8, 1012, 2048 }, { 9, 1013, 2048 }, { 9, 1014, 2048 }, { 10, 1015, 2048 }, 
-   { 8, 1016, 2048 }, { 9, 1017, 2048 }, { 9, 1018, 2048 }, { 10, 1019, 2048 }, { 9, 1020, 2048 }, { 10, 1021, 2048 }, { 10, 1022, 2048 }, { 11, 1023, 2048 }, 
-   { 2, 1024, 2048 }, { 3, 1025, 2048 }, { 3, 1026, 2048 }, { 4, 1027, 2048 }, { 3, 1028, 2048 }, { 4, 1029, 2048 }, { 4, 1030, 2048 }, { 5, 1031, 2048 }, 
-   { 3, 1032, 2048 }, { 4, 1033, 2048 }, { 4, 1034, 2048 }, { 5, 1035, 2048 }, { 4, 1036, 2048 }, { 5, 1037, 2048 }, { 5, 1038, 2048 }, { 6, 1039, 2048 }, 
-   { 3, 1040, 2048 }, { 4, 1041, 2048 }, { 4, 1042, 2048 }, { 5, 1043, 2048 }, { 4, 1044, 2048 }, { 5, 1045, 2048 }, { 5, 1046, 2048 }, { 6, 1047, 2048 }, 
-   { 4, 1048, 2048 }, { 5, 1049, 2048 }, { 5, 1050, 2048 }, { 6, 1051, 2048 }, { 5, 1052, 2048 }, { 6, 1053, 2048 }, { 6, 1054, 2048 }, { 7, 1055, 2048 }, 
-   { 3, 1056, 2048 }, { 4, 1057, 2048 }, { 4, 1058, 2048 }, { 5, 1059, 2048 }, { 4, 1060, 2048 }, { 5, 1061, 2048 }, { 5, 1062, 2048 }, { 6, 1063, 2048 }, 
-   { 4, 1064, 2048 }, { 5, 1065, 2048 }, { 5, 1066, 2048 }, { 6, 1067, 2048 }, { 5, 1068, 2048 }, { 6, 1069, 2048 }, { 6, 1070, 2048 }, { 7, 1071, 2048 }, 
-   { 4, 1072, 2048 }, { 5, 1073, 2048 }, { 5, 1074, 2048 }, { 6, 1075, 2048 }, { 5, 1076, 2048 }, { 6, 1077, 2048 }, { 6, 1078, 2048 }, { 7, 1079, 2048 }, 
-   { 5, 1080, 2048 }, { 6, 1081, 2048 }, { 6, 1082, 2048 }, { 7, 1083, 2048 }, { 6, 1084, 2048 }, { 7, 1085, 2048 }, { 7, 1086, 2048 }, { 8, 1087, 2048 }, 
-   { 3, 1088, 2048 }, { 4, 1089, 2048 }, { 4, 1090, 2048 }, { 5, 1091, 2048 }, { 4, 1092, 2048 }, { 5, 1093, 2048 }, { 5, 1094, 2048 }, { 6, 1095, 2048 }, 
-   { 4, 1096, 2048 }, { 5, 1097, 2048 }, { 5, 1098, 2048 }, { 6, 1099, 2048 }, { 5, 1100, 2048 }, { 6, 1101, 2048 }, { 6, 1102, 2048 }, { 7, 1103, 2048 }, 
-   { 4, 1104, 2048 }, { 5, 1105, 2048 }, { 5, 1106, 2048 }, { 6, 1107, 2048 }, { 5, 1108, 2048 }, { 6, 1109, 2048 }, { 6, 1110, 2048 }, { 7, 1111, 2048 }, 
-   { 5, 1112, 2048 }, { 6, 1113, 2048 }, { 6, 1114, 2048 }, { 7, 1115, 2048 }, { 6, 1116, 2048 }, { 7, 1117, 2048 }, { 7, 1118, 2048 }, { 8, 1119, 2048 }, 
-   { 4, 1120, 2048 }, { 5, 1121, 2048 }, { 5, 1122, 2048 }, { 6, 1123, 2048 }, { 5, 1124, 2048 }, { 6, 1125, 2048 }, { 6, 1126, 2048 }, { 7, 1127, 2048 }, 
-   { 5, 1128, 2048 }, { 6, 1129, 2048 }, { 6, 1130, 2048 }, { 7, 1131, 2048 }, { 6, 1132, 2048 }, { 7, 1133, 2048 }, { 7, 1134, 2048 }, { 8, 1135, 2048 }, 
-   { 5, 1136, 2048 }, { 6, 1137, 2048 }, { 6, 1138, 2048 }, { 7, 1139, 2048 }, { 6, 1140, 2048 }, { 7, 1141, 2048 }, { 7, 1142, 2048 }, { 8, 1143, 2048 }, 
-   { 6, 1144, 2048 }, { 7, 1145, 2048 }, { 7, 1146, 2048 }, { 8, 1147, 2048 }, { 7, 1148, 2048 }, { 8, 1149, 2048 }, { 8, 1150, 2048 }, { 9, 1151, 2048 }, 
-   { 3, 1152, 2048 }, { 4, 1153, 2048 }, { 4, 1154, 2048 }, { 5, 1155, 2048 }, { 4, 1156, 2048 }, { 5, 1157, 2048 }, { 5, 1158, 2048 }, { 6, 1159, 2048 }, 
-   { 4, 1160, 2048 }, { 5, 1161, 2048 }, { 5, 1162, 2048 }, { 6, 1163, 2048 }, { 5, 1164, 2048 }, { 6, 1165, 2048 }, { 6, 1166, 2048 }, { 7, 1167, 2048 }, 
-   { 4, 1168, 2048 }, { 5, 1169, 2048 }, { 5, 1170, 2048 }, { 6, 1171, 2048 }, { 5, 1172, 2048 }, { 6, 1173, 2048 }, { 6, 1174, 2048 }, { 7, 1175, 2048 }, 
-   { 5, 1176, 2048 }, { 6, 1177, 2048 }, { 6, 1178, 2048 }, { 7, 1179, 2048 }, { 6, 1180, 2048 }, { 7, 1181, 2048 }, { 7, 1182, 2048 }, { 8, 1183, 2048 }, 
-   { 4, 1184, 2048 }, { 5, 1185, 2048 }, { 5, 1186, 2048 }, { 6, 1187, 2048 }, { 5, 1188, 2048 }, { 6, 1189, 2048 }, { 6, 1190, 2048 }, { 7, 1191, 2048 }, 
-   { 5, 1192, 2048 }, { 6, 1193, 2048 }, { 6, 1194, 2048 }, { 7, 1195, 2048 }, { 6, 1196, 2048 }, { 7, 1197, 2048 }, { 7, 1198, 2048 }, { 8, 1199, 2048 }, 
-   { 5, 1200, 2048 }, { 6, 1201, 2048 }, { 6, 1202, 2048 }, { 7, 1203, 2048 }, { 6, 1204, 2048 }, { 7, 1205, 2048 }, { 7, 1206, 2048 }, { 8, 1207, 2048 }, 
-   { 6, 1208, 2048 }, { 7, 1209, 2048 }, { 7, 1210, 2048 }, { 8, 1211, 2048 }, { 7, 1212, 2048 }, { 8, 1213, 2048 }, { 8, 1214, 2048 }, { 9, 1215, 2048 }, 
-   { 4, 1216, 2048 }, { 5, 1217, 2048 }, { 5, 1218, 2048 }, { 6, 1219, 2048 }, { 5, 1220, 2048 }, { 6, 1221, 2048 }, { 6, 1222, 2048 }, { 7, 1223, 2048 }, 
-   { 5, 1224, 2048 }, { 6, 1225, 2048 }, { 6, 1226, 2048 }, { 7, 1227, 2048 }, { 6, 1228, 2048 }, { 7, 1229, 2048 }, { 7, 1230, 2048 }, { 8, 1231, 2048 }, 
-   { 5, 1232, 2048 }, { 6, 1233, 2048 }, { 6, 1234, 2048 }, { 7, 1235, 2048 }, { 6, 1236, 2048 }, { 7, 1237, 2048 }, { 7, 1238, 2048 }, { 8, 1239, 2048 }, 
-   { 6, 1240, 2048 }, { 7, 1241, 2048 }, { 7, 1242, 2048 }, { 8, 1243, 2048 }, { 7, 1244, 2048 }, { 8, 1245, 2048 }, { 8, 1246, 2048 }, { 9, 1247, 2048 }, 
-   { 5, 1248, 2048 }, { 6, 1249, 2048 }, { 6, 1250, 2048 }, { 7, 1251, 2048 }, { 6, 1252, 2048 }, { 7, 1253, 2048 }, { 7, 1254, 2048 }, { 8, 1255, 2048 }, 
-   { 6, 1256, 2048 }, { 7, 1257, 2048 }, { 7, 1258, 2048 }, { 8, 1259, 2048 }, { 7, 1260, 2048 }, { 8, 1261, 2048 }, { 8, 1262, 2048 }, { 9, 1263, 2048 }, 
-   { 6, 1264, 2048 }, { 7, 1265, 2048 }, { 7, 1266, 2048 }, { 8, 1267, 2048 }, { 7, 1268, 2048 }, { 8, 1269, 2048 }, { 8, 1270, 2048 }, { 9, 1271, 2048 }, 
-   { 7, 1272, 2048 }, { 8, 1273, 2048 }, { 8, 1274, 2048 }, { 9, 1275, 2048 }, { 8, 1276, 2048 }, { 9, 1277, 2048 }, { 9, 1278, 2048 }, { 10, 1279, 2048 }, 
-   { 3, 1280, 2048 }, { 4, 1281, 2048 }, { 4, 1282, 2048 }, { 5, 1283, 2048 }, { 4, 1284, 2048 }, { 5, 1285, 2048 }, { 5, 1286, 2048 }, { 6, 1287, 2048 }, 
-   { 4, 1288, 2048 }, { 5, 1289, 2048 }, { 5, 1290, 2048 }, { 6, 1291, 2048 }, { 5, 1292, 2048 }, { 6, 1293, 2048 }, { 6, 1294, 2048 }, { 7, 1295, 2048 }, 
-   { 4, 1296, 2048 }, { 5, 1297, 2048 }, { 5, 1298, 2048 }, { 6, 1299, 2048 }, { 5, 1300, 2048 }, { 6, 1301, 2048 }, { 6, 1302, 2048 }, { 7, 1303, 2048 }, 
-   { 5, 1304, 2048 }, { 6, 1305, 2048 }, { 6, 1306, 2048 }, { 7, 1307, 2048 }, { 6, 1308, 2048 }, { 7, 1309, 2048 }, { 7, 1310, 2048 }, { 8, 1311, 2048 }, 
-   { 4, 1312, 2048 }, { 5, 1313, 2048 }, { 5, 1314, 2048 }, { 6, 1315, 2048 }, { 5, 1316, 2048 }, { 6, 1317, 2048 }, { 6, 1318, 2048 }, { 7, 1319, 2048 }, 
-   { 5, 1320, 2048 }, { 6, 1321, 2048 }, { 6, 1322, 2048 }, { 7, 1323, 2048 }, { 6, 1324, 2048 }, { 7, 1325, 2048 }, { 7, 1326, 2048 }, { 8, 1327, 2048 }, 
-   { 5, 1328, 2048 }, { 6, 1329, 2048 }, { 6, 1330, 2048 }, { 7, 1331, 2048 }, { 6, 1332, 2048 }, { 7, 1333, 2048 }, { 7, 1334, 2048 }, { 8, 1335, 2048 }, 
-   { 6, 1336, 2048 }, { 7, 1337, 2048 }, { 7, 1338, 2048 }, { 8, 1339, 2048 }, { 7, 1340, 2048 }, { 8, 1341, 2048 }, { 8, 1342, 2048 }, { 9, 1343, 2048 }, 
-   { 4, 1344, 2048 }, { 5, 1345, 2048 }, { 5, 1346, 2048 }, { 6, 1347, 2048 }, { 5, 1348, 2048 }, { 6, 1349, 2048 }, { 6, 1350, 2048 }, { 7, 1351, 2048 }, 
-   { 5, 1352, 2048 }, { 6, 1353, 2048 }, { 6, 1354, 2048 }, { 7, 1355, 2048 }, { 6, 1356, 2048 }, { 7, 1357, 2048 }, { 7, 1358, 2048 }, { 8, 1359, 2048 }, 
-   { 5, 1360, 2048 }, { 6, 1361, 2048 }, { 6, 1362, 2048 }, { 7, 1363, 2048 }, { 6, 1364, 2048 }, { 7, 1365, 2048 }, { 7, 1366, 2048 }, { 8, 1367, 2048 }, 
-   { 6, 1368, 2048 }, { 7, 1369, 2048 }, { 7, 1370, 2048 }, { 8, 1371, 2048 }, { 7, 1372, 2048 }, { 8, 1373, 2048 }, { 8, 1374, 2048 }, { 9, 1375, 2048 }, 
-   { 5, 1376, 2048 }, { 6, 1377, 2048 }, { 6, 1378, 2048 }, { 7, 1379, 2048 }, { 6, 1380, 2048 }, { 7, 1381, 2048 }, { 7, 1382, 2048 }, { 8, 1383, 2048 }, 
-   { 6, 1384, 2048 }, { 7, 1385, 2048 }, { 7, 1386, 2048 }, { 8, 1387, 2048 }, { 7, 1388, 2048 }, { 8, 1389, 2048 }, { 8, 1390, 2048 }, { 9, 1391, 2048 }, 
-   { 6, 1392, 2048 }, { 7, 1393, 2048 }, { 7, 1394, 2048 }, { 8, 1395, 2048 }, { 7, 1396, 2048 }, { 8, 1397, 2048 }, { 8, 1398, 2048 }, { 9, 1399, 2048 }, 
-   { 7, 1400, 2048 }, { 8, 1401, 2048 }, { 8, 1402, 2048 }, { 9, 1403, 2048 }, { 8, 1404, 2048 }, { 9, 1405, 2048 }, { 9, 1406, 2048 }, { 10, 1407, 2048 }, 
-   { 4, 1408, 2048 }, { 5, 1409, 2048 }, { 5, 1410, 2048 }, { 6, 1411, 2048 }, { 5, 1412, 2048 }, { 6, 1413, 2048 }, { 6, 1414, 2048 }, { 7, 1415, 2048 }, 
-   { 5, 1416, 2048 }, { 6, 1417, 2048 }, { 6, 1418, 2048 }, { 7, 1419, 2048 }, { 6, 1420, 2048 }, { 7, 1421, 2048 }, { 7, 1422, 2048 }, { 8, 1423, 2048 }, 
-   { 5, 1424, 2048 }, { 6, 1425, 2048 }, { 6, 1426, 2048 }, { 7, 1427, 2048 }, { 6, 1428, 2048 }, { 7, 1429, 2048 }, { 7, 1430, 2048 }, { 8, 1431, 2048 }, 
-   { 6, 1432, 2048 }, { 7, 1433, 2048 }, { 7, 1434, 2048 }, { 8, 1435, 2048 }, { 7, 1436, 2048 }, { 8, 1437, 2048 }, { 8, 1438, 2048 }, { 9, 1439, 2048 }, 
-   { 5, 1440, 2048 }, { 6, 1441, 2048 }, { 6, 1442, 2048 }, { 7, 1443, 2048 }, { 6, 1444, 2048 }, { 7, 1445, 2048 }, { 7, 1446, 2048 }, { 8, 1447, 2048 }, 
-   { 6, 1448, 2048 }, { 7, 1449, 2048 }, { 7, 1450, 2048 }, { 8, 1451, 2048 }, { 7, 1452, 2048 }, { 8, 1453, 2048 }, { 8, 1454, 2048 }, { 9, 1455, 2048 }, 
-   { 6, 1456, 2048 }, { 7, 1457, 2048 }, { 7, 1458, 2048 }, { 8, 1459, 2048 }, { 7, 1460, 2048 }, { 8, 1461, 2048 }, { 8, 1462, 2048 }, { 9, 1463, 2048 }, 
-   { 7, 1464, 2048 }, { 8, 1465, 2048 }, { 8, 1466, 2048 }, { 9, 1467, 2048 }, { 8, 1468, 2048 }, { 9, 1469, 2048 }, { 9, 1470, 2048 }, { 10, 1471, 2048 }, 
-   { 5, 1472, 2048 }, { 6, 1473, 2048 }, { 6, 1474, 2048 }, { 7, 1475, 2048 }, { 6, 1476, 2048 }, { 7, 1477, 2048 }, { 7, 1478, 2048 }, { 8, 1479, 2048 }, 
-   { 6, 1480, 2048 }, { 7, 1481, 2048 }, { 7, 1482, 2048 }, { 8, 1483, 2048 }, { 7, 1484, 2048 }, { 8, 1485, 2048 }, { 8, 1486, 2048 }, { 9, 1487, 2048 }, 
-   { 6, 1488, 2048 }, { 7, 1489, 2048 }, { 7, 1490, 2048 }, { 8, 1491, 2048 }, { 7, 1492, 2048 }, { 8, 1493, 2048 }, { 8, 1494, 2048 }, { 9, 1495, 2048 }, 
-   { 7, 1496, 2048 }, { 8, 1497, 2048 }, { 8, 1498, 2048 }, { 9, 1499, 2048 }, { 8, 1500, 2048 }, { 9, 1501, 2048 }, { 9, 1502, 2048 }, { 10, 1503, 2048 }, 
-   { 6, 1504, 2048 }, { 7, 1505, 2048 }, { 7, 1506, 2048 }, { 8, 1507, 2048 }, { 7, 1508, 2048 }, { 8, 1509, 2048 }, { 8, 1510, 2048 }, { 9, 1511, 2048 }, 
-   { 7, 1512, 2048 }, { 8, 1513, 2048 }, { 8, 1514, 2048 }, { 9, 1515, 2048 }, { 8, 1516, 2048 }, { 9, 1517, 2048 }, { 9, 1518, 2048 }, { 10, 1519, 2048 }, 
-   { 7, 1520, 2048 }, { 8, 1521, 2048 }, { 8, 1522, 2048 }, { 9, 1523, 2048 }, { 8, 1524, 2048 }, { 9, 1525, 2048 }, { 9, 1526, 2048 }, { 10, 1527, 2048 }, 
-   { 8, 1528, 2048 }, { 9, 1529, 2048 }, { 9, 1530, 2048 }, { 10, 1531, 2048 }, { 9, 1532, 2048 }, { 10, 1533, 2048 }, { 10, 1534, 2048 }, { 11, 1535, 2048 }, 
-   { 3, 1536, 2048 }, { 4, 1537, 2048 }, { 4, 1538, 2048 }, { 5, 1539, 2048 }, { 4, 1540, 2048 }, { 5, 1541, 2048 }, { 5, 1542, 2048 }, { 6, 1543, 2048 }, 
-   { 4, 1544, 2048 }, { 5, 1545, 2048 }, { 5, 1546, 2048 }, { 6, 1547, 2048 }, { 5, 1548, 2048 }, { 6, 1549, 2048 }, { 6, 1550, 2048 }, { 7, 1551, 2048 }, 
-   { 4, 1552, 2048 }, { 5, 1553, 2048 }, { 5, 1554, 2048 }, { 6, 1555, 2048 }, { 5, 1556, 2048 }, { 6, 1557, 2048 }, { 6, 1558, 2048 }, { 7, 1559, 2048 }, 
-   { 5, 1560, 2048 }, { 6, 1561, 2048 }, { 6, 1562, 2048 }, { 7, 1563, 2048 }, { 6, 1564, 2048 }, { 7, 1565, 2048 }, { 7, 1566, 2048 }, { 8, 1567, 2048 }, 
-   { 4, 1568, 2048 }, { 5, 1569, 2048 }, { 5, 1570, 2048 }, { 6, 1571, 2048 }, { 5, 1572, 2048 }, { 6, 1573, 2048 }, { 6, 1574, 2048 }, { 7, 1575, 2048 }, 
-   { 5, 1576, 2048 }, { 6, 1577, 2048 }, { 6, 1578, 2048 }, { 7, 1579, 2048 }, { 6, 1580, 2048 }, { 7, 1581, 2048 }, { 7, 1582, 2048 }, { 8, 1583, 2048 }, 
-   { 5, 1584, 2048 }, { 6, 1585, 2048 }, { 6, 1586, 2048 }, { 7, 1587, 2048 }, { 6, 1588, 2048 }, { 7, 1589, 2048 }, { 7, 1590, 2048 }, { 8, 1591, 2048 }, 
-   { 6, 1592, 2048 }, { 7, 1593, 2048 }, { 7, 1594, 2048 }, { 8, 1595, 2048 }, { 7, 1596, 2048 }, { 8, 1597, 2048 }, { 8, 1598, 2048 }, { 9, 1599, 2048 }, 
-   { 4, 1600, 2048 }, { 5, 1601, 2048 }, { 5, 1602, 2048 }, { 6, 1603, 2048 }, { 5, 1604, 2048 }, { 6, 1605, 2048 }, { 6, 1606, 2048 }, { 7, 1607, 2048 }, 
-   { 5, 1608, 2048 }, { 6, 1609, 2048 }, { 6, 1610, 2048 }, { 7, 1611, 2048 }, { 6, 1612, 2048 }, { 7, 1613, 2048 }, { 7, 1614, 2048 }, { 8, 1615, 2048 }, 
-   { 5, 1616, 2048 }, { 6, 1617, 2048 }, { 6, 1618, 2048 }, { 7, 1619, 2048 }, { 6, 1620, 2048 }, { 7, 1621, 2048 }, { 7, 1622, 2048 }, { 8, 1623, 2048 }, 
-   { 6, 1624, 2048 }, { 7, 1625, 2048 }, { 7, 1626, 2048 }, { 8, 1627, 2048 }, { 7, 1628, 2048 }, { 8, 1629, 2048 }, { 8, 1630, 2048 }, { 9, 1631, 2048 }, 
-   { 5, 1632, 2048 }, { 6, 1633, 2048 }, { 6, 1634, 2048 }, { 7, 1635, 2048 }, { 6, 1636, 2048 }, { 7, 1637, 2048 }, { 7, 1638, 2048 }, { 8, 1639, 2048 }, 
-   { 6, 1640, 2048 }, { 7, 1641, 2048 }, { 7, 1642, 2048 }, { 8, 1643, 2048 }, { 7, 1644, 2048 }, { 8, 1645, 2048 }, { 8, 1646, 2048 }, { 9, 1647, 2048 }, 
-   { 6, 1648, 2048 }, { 7, 1649, 2048 }, { 7, 1650, 2048 }, { 8, 1651, 2048 }, { 7, 1652, 2048 }, { 8, 1653, 2048 }, { 8, 1654, 2048 }, { 9, 1655, 2048 }, 
-   { 7, 1656, 2048 }, { 8, 1657, 2048 }, { 8, 1658, 2048 }, { 9, 1659, 2048 }, { 8, 1660, 2048 }, { 9, 1661, 2048 }, { 9, 1662, 2048 }, { 10, 1663, 2048 }, 
-   { 4, 1664, 2048 }, { 5, 1665, 2048 }, { 5, 1666, 2048 }, { 6, 1667, 2048 }, { 5, 1668, 2048 }, { 6, 1669, 2048 }, { 6, 1670, 2048 }, { 7, 1671, 2048 }, 
-   { 5, 1672, 2048 }, { 6, 1673, 2048 }, { 6, 1674, 2048 }, { 7, 1675, 2048 }, { 6, 1676, 2048 }, { 7, 1677, 2048 }, { 7, 1678, 2048 }, { 8, 1679, 2048 }, 
-   { 5, 1680, 2048 }, { 6, 1681, 2048 }, { 6, 1682, 2048 }, { 7, 1683, 2048 }, { 6, 1684, 2048 }, { 7, 1685, 2048 }, { 7, 1686, 2048 }, { 8, 1687, 2048 }, 
-   { 6, 1688, 2048 }, { 7, 1689, 2048 }, { 7, 1690, 2048 }, { 8, 1691, 2048 }, { 7, 1692, 2048 }, { 8, 1693, 2048 }, { 8, 1694, 2048 }, { 9, 1695, 2048 }, 
-   { 5, 1696, 2048 }, { 6, 1697, 2048 }, { 6, 1698, 2048 }, { 7, 1699, 2048 }, { 6, 1700, 2048 }, { 7, 1701, 2048 }, { 7, 1702, 2048 }, { 8, 1703, 2048 }, 
-   { 6, 1704, 2048 }, { 7, 1705, 2048 }, { 7, 1706, 2048 }, { 8, 1707, 2048 }, { 7, 1708, 2048 }, { 8, 1709, 2048 }, { 8, 1710, 2048 }, { 9, 1711, 2048 }, 
-   { 6, 1712, 2048 }, { 7, 1713, 2048 }, { 7, 1714, 2048 }, { 8, 1715, 2048 }, { 7, 1716, 2048 }, { 8, 1717, 2048 }, { 8, 1718, 2048 }, { 9, 1719, 2048 }, 
-   { 7, 1720, 2048 }, { 8, 1721, 2048 }, { 8, 1722, 2048 }, { 9, 1723, 2048 }, { 8, 1724, 2048 }, { 9, 1725, 2048 }, { 9, 1726, 2048 }, { 10, 1727, 2048 }, 
-   { 5, 1728, 2048 }, { 6, 1729, 2048 }, { 6, 1730, 2048 }, { 7, 1731, 2048 }, { 6, 1732, 2048 }, { 7, 1733, 2048 }, { 7, 1734, 2048 }, { 8, 1735, 2048 }, 
-   { 6, 1736, 2048 }, { 7, 1737, 2048 }, { 7, 1738, 2048 }, { 8, 1739, 2048 }, { 7, 1740, 2048 }, { 8, 1741, 2048 }, { 8, 1742, 2048 }, { 9, 1743, 2048 }, 
-   { 6, 1744, 2048 }, { 7, 1745, 2048 }, { 7, 1746, 2048 }, { 8, 1747, 2048 }, { 7, 1748, 2048 }, { 8, 1749, 2048 }, { 8, 1750, 2048 }, { 9, 1751, 2048 }, 
-   { 7, 1752, 2048 }, { 8, 1753, 2048 }, { 8, 1754, 2048 }, { 9, 1755, 2048 }, { 8, 1756, 2048 }, { 9, 1757, 2048 }, { 9, 1758, 2048 }, { 10, 1759, 2048 }, 
-   { 6, 1760, 2048 }, { 7, 1761, 2048 }, { 7, 1762, 2048 }, { 8, 1763, 2048 }, { 7, 1764, 2048 }, { 8, 1765, 2048 }, { 8, 1766, 2048 }, { 9, 1767, 2048 }, 
-   { 7, 1768, 2048 }, { 8, 1769, 2048 }, { 8, 1770, 2048 }, { 9, 1771, 2048 }, { 8, 1772, 2048 }, { 9, 1773, 2048 }, { 9, 1774, 2048 }, { 10, 1775, 2048 }, 
-   { 7, 1776, 2048 }, { 8, 1777, 2048 }, { 8, 1778, 2048 }, { 9, 1779, 2048 }, { 8, 1780, 2048 }, { 9, 1781, 2048 }, { 9, 1782, 2048 }, { 10, 1783, 2048 }, 
-   { 8, 1784, 2048 }, { 9, 1785, 2048 }, { 9, 1786, 2048 }, { 10, 1787, 2048 }, { 9, 1788, 2048 }, { 10, 1789, 2048 }, { 10, 1790, 2048 }, { 11, 1791, 2048 }, 
-   { 4, 1792, 2048 }, { 5, 1793, 2048 }, { 5, 1794, 2048 }, { 6, 1795, 2048 }, { 5, 1796, 2048 }, { 6, 1797, 2048 }, { 6, 1798, 2048 }, { 7, 1799, 2048 }, 
-   { 5, 1800, 2048 }, { 6, 1801, 2048 }, { 6, 1802, 2048 }, { 7, 1803, 2048 }, { 6, 1804, 2048 }, { 7, 1805, 2048 }, { 7, 1806, 2048 }, { 8, 1807, 2048 }, 
-   { 5, 1808, 2048 }, { 6, 1809, 2048 }, { 6, 1810, 2048 }, { 7, 1811, 2048 }, { 6, 1812, 2048 }, { 7, 1813, 2048 }, { 7, 1814, 2048 }, { 8, 1815, 2048 }, 
-   { 6, 1816, 2048 }, { 7, 1817, 2048 }, { 7, 1818, 2048 }, { 8, 1819, 2048 }, { 7, 1820, 2048 }, { 8, 1821, 2048 }, { 8, 1822, 2048 }, { 9, 1823, 2048 }, 
-   { 5, 1824, 2048 }, { 6, 1825, 2048 }, { 6, 1826, 2048 }, { 7, 1827, 2048 }, { 6, 1828, 2048 }, { 7, 1829, 2048 }, { 7, 1830, 2048 }, { 8, 1831, 2048 }, 
-   { 6, 1832, 2048 }, { 7, 1833, 2048 }, { 7, 1834, 2048 }, { 8, 1835, 2048 }, { 7, 1836, 2048 }, { 8, 1837, 2048 }, { 8, 1838, 2048 }, { 9, 1839, 2048 }, 
-   { 6, 1840, 2048 }, { 7, 1841, 2048 }, { 7, 1842, 2048 }, { 8, 1843, 2048 }, { 7, 1844, 2048 }, { 8, 1845, 2048 }, { 8, 1846, 2048 }, { 9, 1847, 2048 }, 
-   { 7, 1848, 2048 }, { 8, 1849, 2048 }, { 8, 1850, 2048 }, { 9, 1851, 2048 }, { 8, 1852, 2048 }, { 9, 1853, 2048 }, { 9, 1854, 2048 }, { 10, 1855, 2048 }, 
-   { 5, 1856, 2048 }, { 6, 1857, 2048 }, { 6, 1858, 2048 }, { 7, 1859, 2048 }, { 6, 1860, 2048 }, { 7, 1861, 2048 }, { 7, 1862, 2048 }, { 8, 1863, 2048 }, 
-   { 6, 1864, 2048 }, { 7, 1865, 2048 }, { 7, 1866, 2048 }, { 8, 1867, 2048 }, { 7, 1868, 2048 }, { 8, 1869, 2048 }, { 8, 1870, 2048 }, { 9, 1871, 2048 }, 
-   { 6, 1872, 2048 }, { 7, 1873, 2048 }, { 7, 1874, 2048 }, { 8, 1875, 2048 }, { 7, 1876, 2048 }, { 8, 1877, 2048 }, { 8, 1878, 2048 }, { 9, 1879, 2048 }, 
-   { 7, 1880, 2048 }, { 8, 1881, 2048 }, { 8, 1882, 2048 }, { 9, 1883, 2048 }, { 8, 1884, 2048 }, { 9, 1885, 2048 }, { 9, 1886, 2048 }, { 10, 1887, 2048 }, 
-   { 6, 1888, 2048 }, { 7, 1889, 2048 }, { 7, 1890, 2048 }, { 8, 1891, 2048 }, { 7, 1892, 2048 }, { 8, 1893, 2048 }, { 8, 1894, 2048 }, { 9, 1895, 2048 }, 
-   { 7, 1896, 2048 }, { 8, 1897, 2048 }, { 8, 1898, 2048 }, { 9, 1899, 2048 }, { 8, 1900, 2048 }, { 9, 1901, 2048 }, { 9, 1902, 2048 }, { 10, 1903, 2048 }, 
-   { 7, 1904, 2048 }, { 8, 1905, 2048 }, { 8, 1906, 2048 }, { 9, 1907, 2048 }, { 8, 1908, 2048 }, { 9, 1909, 2048 }, { 9, 1910, 2048 }, { 10, 1911, 2048 }, 
-   { 8, 1912, 2048 }, { 9, 1913, 2048 }, { 9, 1914, 2048 }, { 10, 1915, 2048 }, { 9, 1916, 2048 }, { 10, 1917, 2048 }, { 10, 1918, 2048 }, { 11, 1919, 2048 }, 
-   { 5, 1920, 2048 }, { 6, 1921, 2048 }, { 6, 1922, 2048 }, { 7, 1923, 2048 }, { 6, 1924, 2048 }, { 7, 1925, 2048 }, { 7, 1926, 2048 }, { 8, 1927, 2048 }, 
-   { 6, 1928, 2048 }, { 7, 1929, 2048 }, { 7, 1930, 2048 }, { 8, 1931, 2048 }, { 7, 1932, 2048 }, { 8, 1933, 2048 }, { 8, 1934, 2048 }, { 9, 1935, 2048 }, 
-   { 6, 1936, 2048 }, { 7, 1937, 2048 }, { 7, 1938, 2048 }, { 8, 1939, 2048 }, { 7, 1940, 2048 }, { 8, 1941, 2048 }, { 8, 1942, 2048 }, { 9, 1943, 2048 }, 
-   { 7, 1944, 2048 }, { 8, 1945, 2048 }, { 8, 1946, 2048 }, { 9, 1947, 2048 }, { 8, 1948, 2048 }, { 9, 1949, 2048 }, { 9, 1950, 2048 }, { 10, 1951, 2048 }, 
-   { 6, 1952, 2048 }, { 7, 1953, 2048 }, { 7, 1954, 2048 }, { 8, 1955, 2048 }, { 7, 1956, 2048 }, { 8, 1957, 2048 }, { 8, 1958, 2048 }, { 9, 1959, 2048 }, 
-   { 7, 1960, 2048 }, { 8, 1961, 2048 }, { 8, 1962, 2048 }, { 9, 1963, 2048 }, { 8, 1964, 2048 }, { 9, 1965, 2048 }, { 9, 1966, 2048 }, { 10, 1967, 2048 }, 
-   { 7, 1968, 2048 }, { 8, 1969, 2048 }, { 8, 1970, 2048 }, { 9, 1971, 2048 }, { 8, 1972, 2048 }, { 9, 1973, 2048 }, { 9, 1974, 2048 }, { 10, 1975, 2048 }, 
-   { 8, 1976, 2048 }, { 9, 1977, 2048 }, { 9, 1978, 2048 }, { 10, 1979, 2048 }, { 9, 1980, 2048 }, { 10, 1981, 2048 }, { 10, 1982, 2048 }, { 11, 1983, 2048 }, 
-   { 6, 1984, 2048 }, { 7, 1985, 2048 }, { 7, 1986, 2048 }, { 8, 1987, 2048 }, { 7, 1988, 2048 }, { 8, 1989, 2048 }, { 8, 1990, 2048 }, { 9, 1991, 2048 }, 
-   { 7, 1992, 2048 }, { 8, 1993, 2048 }, { 8, 1994, 2048 }, { 9, 1995, 2048 }, { 8, 1996, 2048 }, { 9, 1997, 2048 }, { 9, 1998, 2048 }, { 10, 1999, 2048 }, 
-   { 7, 2000, 2048 }, { 8, 2001, 2048 }, { 8, 2002, 2048 }, { 9, 2003, 2048 }, { 8, 2004, 2048 }, { 9, 2005, 2048 }, { 9, 2006, 2048 }, { 10, 2007, 2048 }, 
-   { 8, 2008, 2048 }, { 9, 2009, 2048 }, { 9, 2010, 2048 }, { 10, 2011, 2048 }, { 9, 2012, 2048 }, { 10, 2013, 2048 }, { 10, 2014, 2048 }, { 11, 2015, 2048 }, 
-   { 7, 2016, 2048 }, { 8, 2017, 2048 }, { 8, 2018, 2048 }, { 9, 2019, 2048 }, { 8, 2020, 2048 }, { 9, 2021, 2048 }, { 9, 2022, 2048 }, { 10, 2023, 2048 }, 
-   { 8, 2024, 2048 }, { 9, 2025, 2048 }, { 9, 2026, 2048 }, { 10, 2027, 2048 }, { 9, 2028, 2048 }, { 10, 2029, 2048 }, { 10, 2030, 2048 }, { 11, 2031, 2048 }, 
-   { 8, 2032, 2048 }, { 9, 2033, 2048 }, { 9, 2034, 2048 }, { 10, 2035, 2048 }, { 9, 2036, 2048 }, { 10, 2037, 2048 }, { 10, 2038, 2048 }, { 11, 2039, 2048 }, 
-   { 9, 2040, 2048 }, { 10, 2041, 2048 }, { 10, 2042, 2048 }, { 11, 2043, 2048 }, { 10, 2044, 2048 }, { 11, 2045, 2048 }, { 11, 2046, 2048 }, { 12, 2047, 2048 }, 
+   { 1, 0, 0 }, { 2, 1, 2048 }, { 2, 2, 2048 }, { 3, 3, 2048 }, { 2, 4, 2048 }, { 3, 5, 2048 }, { 3, 6, 2048 }, { 4, 7, 2048 },
+   { 2, 8, 2048 }, { 3, 9, 2048 }, { 3, 10, 2048 }, { 4, 11, 2048 }, { 3, 12, 2048 }, { 4, 13, 2048 }, { 4, 14, 2048 }, { 5, 15, 2048 },
+   { 2, 16, 2048 }, { 3, 17, 2048 }, { 3, 18, 2048 }, { 4, 19, 2048 }, { 3, 20, 2048 }, { 4, 21, 2048 }, { 4, 22, 2048 }, { 5, 23, 2048 },
+   { 3, 24, 2048 }, { 4, 25, 2048 }, { 4, 26, 2048 }, { 5, 27, 2048 }, { 4, 28, 2048 }, { 5, 29, 2048 }, { 5, 30, 2048 }, { 6, 31, 2048 },
+   { 2, 32, 2048 }, { 3, 33, 2048 }, { 3, 34, 2048 }, { 4, 35, 2048 }, { 3, 36, 2048 }, { 4, 37, 2048 }, { 4, 38, 2048 }, { 5, 39, 2048 },
+   { 3, 40, 2048 }, { 4, 41, 2048 }, { 4, 42, 2048 }, { 5, 43, 2048 }, { 4, 44, 2048 }, { 5, 45, 2048 }, { 5, 46, 2048 }, { 6, 47, 2048 },
+   { 3, 48, 2048 }, { 4, 49, 2048 }, { 4, 50, 2048 }, { 5, 51, 2048 }, { 4, 52, 2048 }, { 5, 53, 2048 }, { 5, 54, 2048 }, { 6, 55, 2048 },
+   { 4, 56, 2048 }, { 5, 57, 2048 }, { 5, 58, 2048 }, { 6, 59, 2048 }, { 5, 60, 2048 }, { 6, 61, 2048 }, { 6, 62, 2048 }, { 7, 63, 2048 },
+   { 2, 64, 2048 }, { 3, 65, 2048 }, { 3, 66, 2048 }, { 4, 67, 2048 }, { 3, 68, 2048 }, { 4, 69, 2048 }, { 4, 70, 2048 }, { 5, 71, 2048 },
+   { 3, 72, 2048 }, { 4, 73, 2048 }, { 4, 74, 2048 }, { 5, 75, 2048 }, { 4, 76, 2048 }, { 5, 77, 2048 }, { 5, 78, 2048 }, { 6, 79, 2048 },
+   { 3, 80, 2048 }, { 4, 81, 2048 }, { 4, 82, 2048 }, { 5, 83, 2048 }, { 4, 84, 2048 }, { 5, 85, 2048 }, { 5, 86, 2048 }, { 6, 87, 2048 },
+   { 4, 88, 2048 }, { 5, 89, 2048 }, { 5, 90, 2048 }, { 6, 91, 2048 }, { 5, 92, 2048 }, { 6, 93, 2048 }, { 6, 94, 2048 }, { 7, 95, 2048 },
+   { 3, 96, 2048 }, { 4, 97, 2048 }, { 4, 98, 2048 }, { 5, 99, 2048 }, { 4, 100, 2048 }, { 5, 101, 2048 }, { 5, 102, 2048 }, { 6, 103, 2048 },
+   { 4, 104, 2048 }, { 5, 105, 2048 }, { 5, 106, 2048 }, { 6, 107, 2048 }, { 5, 108, 2048 }, { 6, 109, 2048 }, { 6, 110, 2048 }, { 7, 111, 2048 },
+   { 4, 112, 2048 }, { 5, 113, 2048 }, { 5, 114, 2048 }, { 6, 115, 2048 }, { 5, 116, 2048 }, { 6, 117, 2048 }, { 6, 118, 2048 }, { 7, 119, 2048 },
+   { 5, 120, 2048 }, { 6, 121, 2048 }, { 6, 122, 2048 }, { 7, 123, 2048 }, { 6, 124, 2048 }, { 7, 125, 2048 }, { 7, 126, 2048 }, { 8, 127, 2048 },
+   { 2, 128, 2048 }, { 3, 129, 2048 }, { 3, 130, 2048 }, { 4, 131, 2048 }, { 3, 132, 2048 }, { 4, 133, 2048 }, { 4, 134, 2048 }, { 5, 135, 2048 },
+   { 3, 136, 2048 }, { 4, 137, 2048 }, { 4, 138, 2048 }, { 5, 139, 2048 }, { 4, 140, 2048 }, { 5, 141, 2048 }, { 5, 142, 2048 }, { 6, 143, 2048 },
+   { 3, 144, 2048 }, { 4, 145, 2048 }, { 4, 146, 2048 }, { 5, 147, 2048 }, { 4, 148, 2048 }, { 5, 149, 2048 }, { 5, 150, 2048 }, { 6, 151, 2048 },
+   { 4, 152, 2048 }, { 5, 153, 2048 }, { 5, 154, 2048 }, { 6, 155, 2048 }, { 5, 156, 2048 }, { 6, 157, 2048 }, { 6, 158, 2048 }, { 7, 159, 2048 },
+   { 3, 160, 2048 }, { 4, 161, 2048 }, { 4, 162, 2048 }, { 5, 163, 2048 }, { 4, 164, 2048 }, { 5, 165, 2048 }, { 5, 166, 2048 }, { 6, 167, 2048 },
+   { 4, 168, 2048 }, { 5, 169, 2048 }, { 5, 170, 2048 }, { 6, 171, 2048 }, { 5, 172, 2048 }, { 6, 173, 2048 }, { 6, 174, 2048 }, { 7, 175, 2048 },
+   { 4, 176, 2048 }, { 5, 177, 2048 }, { 5, 178, 2048 }, { 6, 179, 2048 }, { 5, 180, 2048 }, { 6, 181, 2048 }, { 6, 182, 2048 }, { 7, 183, 2048 },
+   { 5, 184, 2048 }, { 6, 185, 2048 }, { 6, 186, 2048 }, { 7, 187, 2048 }, { 6, 188, 2048 }, { 7, 189, 2048 }, { 7, 190, 2048 }, { 8, 191, 2048 },
+   { 3, 192, 2048 }, { 4, 193, 2048 }, { 4, 194, 2048 }, { 5, 195, 2048 }, { 4, 196, 2048 }, { 5, 197, 2048 }, { 5, 198, 2048 }, { 6, 199, 2048 },
+   { 4, 200, 2048 }, { 5, 201, 2048 }, { 5, 202, 2048 }, { 6, 203, 2048 }, { 5, 204, 2048 }, { 6, 205, 2048 }, { 6, 206, 2048 }, { 7, 207, 2048 },
+   { 4, 208, 2048 }, { 5, 209, 2048 }, { 5, 210, 2048 }, { 6, 211, 2048 }, { 5, 212, 2048 }, { 6, 213, 2048 }, { 6, 214, 2048 }, { 7, 215, 2048 },
+   { 5, 216, 2048 }, { 6, 217, 2048 }, { 6, 218, 2048 }, { 7, 219, 2048 }, { 6, 220, 2048 }, { 7, 221, 2048 }, { 7, 222, 2048 }, { 8, 223, 2048 },
+   { 4, 224, 2048 }, { 5, 225, 2048 }, { 5, 226, 2048 }, { 6, 227, 2048 }, { 5, 228, 2048 }, { 6, 229, 2048 }, { 6, 230, 2048 }, { 7, 231, 2048 },
+   { 5, 232, 2048 }, { 6, 233, 2048 }, { 6, 234, 2048 }, { 7, 235, 2048 }, { 6, 236, 2048 }, { 7, 237, 2048 }, { 7, 238, 2048 }, { 8, 239, 2048 },
+   { 5, 240, 2048 }, { 6, 241, 2048 }, { 6, 242, 2048 }, { 7, 243, 2048 }, { 6, 244, 2048 }, { 7, 245, 2048 }, { 7, 246, 2048 }, { 8, 247, 2048 },
+   { 6, 248, 2048 }, { 7, 249, 2048 }, { 7, 250, 2048 }, { 8, 251, 2048 }, { 7, 252, 2048 }, { 8, 253, 2048 }, { 8, 254, 2048 }, { 9, 255, 2048 },
+   { 2, 256, 2048 }, { 3, 257, 2048 }, { 3, 258, 2048 }, { 4, 259, 2048 }, { 3, 260, 2048 }, { 4, 261, 2048 }, { 4, 262, 2048 }, { 5, 263, 2048 },
+   { 3, 264, 2048 }, { 4, 265, 2048 }, { 4, 266, 2048 }, { 5, 267, 2048 }, { 4, 268, 2048 }, { 5, 269, 2048 }, { 5, 270, 2048 }, { 6, 271, 2048 },
+   { 3, 272, 2048 }, { 4, 273, 2048 }, { 4, 274, 2048 }, { 5, 275, 2048 }, { 4, 276, 2048 }, { 5, 277, 2048 }, { 5, 278, 2048 }, { 6, 279, 2048 },
+   { 4, 280, 2048 }, { 5, 281, 2048 }, { 5, 282, 2048 }, { 6, 283, 2048 }, { 5, 284, 2048 }, { 6, 285, 2048 }, { 6, 286, 2048 }, { 7, 287, 2048 },
+   { 3, 288, 2048 }, { 4, 289, 2048 }, { 4, 290, 2048 }, { 5, 291, 2048 }, { 4, 292, 2048 }, { 5, 293, 2048 }, { 5, 294, 2048 }, { 6, 295, 2048 },
+   { 4, 296, 2048 }, { 5, 297, 2048 }, { 5, 298, 2048 }, { 6, 299, 2048 }, { 5, 300, 2048 }, { 6, 301, 2048 }, { 6, 302, 2048 }, { 7, 303, 2048 },
+   { 4, 304, 2048 }, { 5, 305, 2048 }, { 5, 306, 2048 }, { 6, 307, 2048 }, { 5, 308, 2048 }, { 6, 309, 2048 }, { 6, 310, 2048 }, { 7, 311, 2048 },
+   { 5, 312, 2048 }, { 6, 313, 2048 }, { 6, 314, 2048 }, { 7, 315, 2048 }, { 6, 316, 2048 }, { 7, 317, 2048 }, { 7, 318, 2048 }, { 8, 319, 2048 },
+   { 3, 320, 2048 }, { 4, 321, 2048 }, { 4, 322, 2048 }, { 5, 323, 2048 }, { 4, 324, 2048 }, { 5, 325, 2048 }, { 5, 326, 2048 }, { 6, 327, 2048 },
+   { 4, 328, 2048 }, { 5, 329, 2048 }, { 5, 330, 2048 }, { 6, 331, 2048 }, { 5, 332, 2048 }, { 6, 333, 2048 }, { 6, 334, 2048 }, { 7, 335, 2048 },
+   { 4, 336, 2048 }, { 5, 337, 2048 }, { 5, 338, 2048 }, { 6, 339, 2048 }, { 5, 340, 2048 }, { 6, 341, 2048 }, { 6, 342, 2048 }, { 7, 343, 2048 },
+   { 5, 344, 2048 }, { 6, 345, 2048 }, { 6, 346, 2048 }, { 7, 347, 2048 }, { 6, 348, 2048 }, { 7, 349, 2048 }, { 7, 350, 2048 }, { 8, 351, 2048 },
+   { 4, 352, 2048 }, { 5, 353, 2048 }, { 5, 354, 2048 }, { 6, 355, 2048 }, { 5, 356, 2048 }, { 6, 357, 2048 }, { 6, 358, 2048 }, { 7, 359, 2048 },
+   { 5, 360, 2048 }, { 6, 361, 2048 }, { 6, 362, 2048 }, { 7, 363, 2048 }, { 6, 364, 2048 }, { 7, 365, 2048 }, { 7, 366, 2048 }, { 8, 367, 2048 },
+   { 5, 368, 2048 }, { 6, 369, 2048 }, { 6, 370, 2048 }, { 7, 371, 2048 }, { 6, 372, 2048 }, { 7, 373, 2048 }, { 7, 374, 2048 }, { 8, 375, 2048 },
+   { 6, 376, 2048 }, { 7, 377, 2048 }, { 7, 378, 2048 }, { 8, 379, 2048 }, { 7, 380, 2048 }, { 8, 381, 2048 }, { 8, 382, 2048 }, { 9, 383, 2048 },
+   { 3, 384, 2048 }, { 4, 385, 2048 }, { 4, 386, 2048 }, { 5, 387, 2048 }, { 4, 388, 2048 }, { 5, 389, 2048 }, { 5, 390, 2048 }, { 6, 391, 2048 },
+   { 4, 392, 2048 }, { 5, 393, 2048 }, { 5, 394, 2048 }, { 6, 395, 2048 }, { 5, 396, 2048 }, { 6, 397, 2048 }, { 6, 398, 2048 }, { 7, 399, 2048 },
+   { 4, 400, 2048 }, { 5, 401, 2048 }, { 5, 402, 2048 }, { 6, 403, 2048 }, { 5, 404, 2048 }, { 6, 405, 2048 }, { 6, 406, 2048 }, { 7, 407, 2048 },
+   { 5, 408, 2048 }, { 6, 409, 2048 }, { 6, 410, 2048 }, { 7, 411, 2048 }, { 6, 412, 2048 }, { 7, 413, 2048 }, { 7, 414, 2048 }, { 8, 415, 2048 },
+   { 4, 416, 2048 }, { 5, 417, 2048 }, { 5, 418, 2048 }, { 6, 419, 2048 }, { 5, 420, 2048 }, { 6, 421, 2048 }, { 6, 422, 2048 }, { 7, 423, 2048 },
+   { 5, 424, 2048 }, { 6, 425, 2048 }, { 6, 426, 2048 }, { 7, 427, 2048 }, { 6, 428, 2048 }, { 7, 429, 2048 }, { 7, 430, 2048 }, { 8, 431, 2048 },
+   { 5, 432, 2048 }, { 6, 433, 2048 }, { 6, 434, 2048 }, { 7, 435, 2048 }, { 6, 436, 2048 }, { 7, 437, 2048 }, { 7, 438, 2048 }, { 8, 439, 2048 },
+   { 6, 440, 2048 }, { 7, 441, 2048 }, { 7, 442, 2048 }, { 8, 443, 2048 }, { 7, 444, 2048 }, { 8, 445, 2048 }, { 8, 446, 2048 }, { 9, 447, 2048 },
+   { 4, 448, 2048 }, { 5, 449, 2048 }, { 5, 450, 2048 }, { 6, 451, 2048 }, { 5, 452, 2048 }, { 6, 453, 2048 }, { 6, 454, 2048 }, { 7, 455, 2048 },
+   { 5, 456, 2048 }, { 6, 457, 2048 }, { 6, 458, 2048 }, { 7, 459, 2048 }, { 6, 460, 2048 }, { 7, 461, 2048 }, { 7, 462, 2048 }, { 8, 463, 2048 },
+   { 5, 464, 2048 }, { 6, 465, 2048 }, { 6, 466, 2048 }, { 7, 467, 2048 }, { 6, 468, 2048 }, { 7, 469, 2048 }, { 7, 470, 2048 }, { 8, 471, 2048 },
+   { 6, 472, 2048 }, { 7, 473, 2048 }, { 7, 474, 2048 }, { 8, 475, 2048 }, { 7, 476, 2048 }, { 8, 477, 2048 }, { 8, 478, 2048 }, { 9, 479, 2048 },
+   { 5, 480, 2048 }, { 6, 481, 2048 }, { 6, 482, 2048 }, { 7, 483, 2048 }, { 6, 484, 2048 }, { 7, 485, 2048 }, { 7, 486, 2048 }, { 8, 487, 2048 },
+   { 6, 488, 2048 }, { 7, 489, 2048 }, { 7, 490, 2048 }, { 8, 491, 2048 }, { 7, 492, 2048 }, { 8, 493, 2048 }, { 8, 494, 2048 }, { 9, 495, 2048 },
+   { 6, 496, 2048 }, { 7, 497, 2048 }, { 7, 498, 2048 }, { 8, 499, 2048 }, { 7, 500, 2048 }, { 8, 501, 2048 }, { 8, 502, 2048 }, { 9, 503, 2048 },
+   { 7, 504, 2048 }, { 8, 505, 2048 }, { 8, 506, 2048 }, { 9, 507, 2048 }, { 8, 508, 2048 }, { 9, 509, 2048 }, { 9, 510, 2048 }, { 10, 511, 2048 },
+   { 2, 512, 2048 }, { 3, 513, 2048 }, { 3, 514, 2048 }, { 4, 515, 2048 }, { 3, 516, 2048 }, { 4, 517, 2048 }, { 4, 518, 2048 }, { 5, 519, 2048 },
+   { 3, 520, 2048 }, { 4, 521, 2048 }, { 4, 522, 2048 }, { 5, 523, 2048 }, { 4, 524, 2048 }, { 5, 525, 2048 }, { 5, 526, 2048 }, { 6, 527, 2048 },
+   { 3, 528, 2048 }, { 4, 529, 2048 }, { 4, 530, 2048 }, { 5, 531, 2048 }, { 4, 532, 2048 }, { 5, 533, 2048 }, { 5, 534, 2048 }, { 6, 535, 2048 },
+   { 4, 536, 2048 }, { 5, 537, 2048 }, { 5, 538, 2048 }, { 6, 539, 2048 }, { 5, 540, 2048 }, { 6, 541, 2048 }, { 6, 542, 2048 }, { 7, 543, 2048 },
+   { 3, 544, 2048 }, { 4, 545, 2048 }, { 4, 546, 2048 }, { 5, 547, 2048 }, { 4, 548, 2048 }, { 5, 549, 2048 }, { 5, 550, 2048 }, { 6, 551, 2048 },
+   { 4, 552, 2048 }, { 5, 553, 2048 }, { 5, 554, 2048 }, { 6, 555, 2048 }, { 5, 556, 2048 }, { 6, 557, 2048 }, { 6, 558, 2048 }, { 7, 559, 2048 },
+   { 4, 560, 2048 }, { 5, 561, 2048 }, { 5, 562, 2048 }, { 6, 563, 2048 }, { 5, 564, 2048 }, { 6, 565, 2048 }, { 6, 566, 2048 }, { 7, 567, 2048 },
+   { 5, 568, 2048 }, { 6, 569, 2048 }, { 6, 570, 2048 }, { 7, 571, 2048 }, { 6, 572, 2048 }, { 7, 573, 2048 }, { 7, 574, 2048 }, { 8, 575, 2048 },
+   { 3, 576, 2048 }, { 4, 577, 2048 }, { 4, 578, 2048 }, { 5, 579, 2048 }, { 4, 580, 2048 }, { 5, 581, 2048 }, { 5, 582, 2048 }, { 6, 583, 2048 },
+   { 4, 584, 2048 }, { 5, 585, 2048 }, { 5, 586, 2048 }, { 6, 587, 2048 }, { 5, 588, 2048 }, { 6, 589, 2048 }, { 6, 590, 2048 }, { 7, 591, 2048 },
+   { 4, 592, 2048 }, { 5, 593, 2048 }, { 5, 594, 2048 }, { 6, 595, 2048 }, { 5, 596, 2048 }, { 6, 597, 2048 }, { 6, 598, 2048 }, { 7, 599, 2048 },
+   { 5, 600, 2048 }, { 6, 601, 2048 }, { 6, 602, 2048 }, { 7, 603, 2048 }, { 6, 604, 2048 }, { 7, 605, 2048 }, { 7, 606, 2048 }, { 8, 607, 2048 },
+   { 4, 608, 2048 }, { 5, 609, 2048 }, { 5, 610, 2048 }, { 6, 611, 2048 }, { 5, 612, 2048 }, { 6, 613, 2048 }, { 6, 614, 2048 }, { 7, 615, 2048 },
+   { 5, 616, 2048 }, { 6, 617, 2048 }, { 6, 618, 2048 }, { 7, 619, 2048 }, { 6, 620, 2048 }, { 7, 621, 2048 }, { 7, 622, 2048 }, { 8, 623, 2048 },
+   { 5, 624, 2048 }, { 6, 625, 2048 }, { 6, 626, 2048 }, { 7, 627, 2048 }, { 6, 628, 2048 }, { 7, 629, 2048 }, { 7, 630, 2048 }, { 8, 631, 2048 },
+   { 6, 632, 2048 }, { 7, 633, 2048 }, { 7, 634, 2048 }, { 8, 635, 2048 }, { 7, 636, 2048 }, { 8, 637, 2048 }, { 8, 638, 2048 }, { 9, 639, 2048 },
+   { 3, 640, 2048 }, { 4, 641, 2048 }, { 4, 642, 2048 }, { 5, 643, 2048 }, { 4, 644, 2048 }, { 5, 645, 2048 }, { 5, 646, 2048 }, { 6, 647, 2048 },
+   { 4, 648, 2048 }, { 5, 649, 2048 }, { 5, 650, 2048 }, { 6, 651, 2048 }, { 5, 652, 2048 }, { 6, 653, 2048 }, { 6, 654, 2048 }, { 7, 655, 2048 },
+   { 4, 656, 2048 }, { 5, 657, 2048 }, { 5, 658, 2048 }, { 6, 659, 2048 }, { 5, 660, 2048 }, { 6, 661, 2048 }, { 6, 662, 2048 }, { 7, 663, 2048 },
+   { 5, 664, 2048 }, { 6, 665, 2048 }, { 6, 666, 2048 }, { 7, 667, 2048 }, { 6, 668, 2048 }, { 7, 669, 2048 }, { 7, 670, 2048 }, { 8, 671, 2048 },
+   { 4, 672, 2048 }, { 5, 673, 2048 }, { 5, 674, 2048 }, { 6, 675, 2048 }, { 5, 676, 2048 }, { 6, 677, 2048 }, { 6, 678, 2048 }, { 7, 679, 2048 },
+   { 5, 680, 2048 }, { 6, 681, 2048 }, { 6, 682, 2048 }, { 7, 683, 2048 }, { 6, 684, 2048 }, { 7, 685, 2048 }, { 7, 686, 2048 }, { 8, 687, 2048 },
+   { 5, 688, 2048 }, { 6, 689, 2048 }, { 6, 690, 2048 }, { 7, 691, 2048 }, { 6, 692, 2048 }, { 7, 693, 2048 }, { 7, 694, 2048 }, { 8, 695, 2048 },
+   { 6, 696, 2048 }, { 7, 697, 2048 }, { 7, 698, 2048 }, { 8, 699, 2048 }, { 7, 700, 2048 }, { 8, 701, 2048 }, { 8, 702, 2048 }, { 9, 703, 2048 },
+   { 4, 704, 2048 }, { 5, 705, 2048 }, { 5, 706, 2048 }, { 6, 707, 2048 }, { 5, 708, 2048 }, { 6, 709, 2048 }, { 6, 710, 2048 }, { 7, 711, 2048 },
+   { 5, 712, 2048 }, { 6, 713, 2048 }, { 6, 714, 2048 }, { 7, 715, 2048 }, { 6, 716, 2048 }, { 7, 717, 2048 }, { 7, 718, 2048 }, { 8, 719, 2048 },
+   { 5, 720, 2048 }, { 6, 721, 2048 }, { 6, 722, 2048 }, { 7, 723, 2048 }, { 6, 724, 2048 }, { 7, 725, 2048 }, { 7, 726, 2048 }, { 8, 727, 2048 },
+   { 6, 728, 2048 }, { 7, 729, 2048 }, { 7, 730, 2048 }, { 8, 731, 2048 }, { 7, 732, 2048 }, { 8, 733, 2048 }, { 8, 734, 2048 }, { 9, 735, 2048 },
+   { 5, 736, 2048 }, { 6, 737, 2048 }, { 6, 738, 2048 }, { 7, 739, 2048 }, { 6, 740, 2048 }, { 7, 741, 2048 }, { 7, 742, 2048 }, { 8, 743, 2048 },
+   { 6, 744, 2048 }, { 7, 745, 2048 }, { 7, 746, 2048 }, { 8, 747, 2048 }, { 7, 748, 2048 }, { 8, 749, 2048 }, { 8, 750, 2048 }, { 9, 751, 2048 },
+   { 6, 752, 2048 }, { 7, 753, 2048 }, { 7, 754, 2048 }, { 8, 755, 2048 }, { 7, 756, 2048 }, { 8, 757, 2048 }, { 8, 758, 2048 }, { 9, 759, 2048 },
+   { 7, 760, 2048 }, { 8, 761, 2048 }, { 8, 762, 2048 }, { 9, 763, 2048 }, { 8, 764, 2048 }, { 9, 765, 2048 }, { 9, 766, 2048 }, { 10, 767, 2048 },
+   { 3, 768, 2048 }, { 4, 769, 2048 }, { 4, 770, 2048 }, { 5, 771, 2048 }, { 4, 772, 2048 }, { 5, 773, 2048 }, { 5, 774, 2048 }, { 6, 775, 2048 },
+   { 4, 776, 2048 }, { 5, 777, 2048 }, { 5, 778, 2048 }, { 6, 779, 2048 }, { 5, 780, 2048 }, { 6, 781, 2048 }, { 6, 782, 2048 }, { 7, 783, 2048 },
+   { 4, 784, 2048 }, { 5, 785, 2048 }, { 5, 786, 2048 }, { 6, 787, 2048 }, { 5, 788, 2048 }, { 6, 789, 2048 }, { 6, 790, 2048 }, { 7, 791, 2048 },
+   { 5, 792, 2048 }, { 6, 793, 2048 }, { 6, 794, 2048 }, { 7, 795, 2048 }, { 6, 796, 2048 }, { 7, 797, 2048 }, { 7, 798, 2048 }, { 8, 799, 2048 },
+   { 4, 800, 2048 }, { 5, 801, 2048 }, { 5, 802, 2048 }, { 6, 803, 2048 }, { 5, 804, 2048 }, { 6, 805, 2048 }, { 6, 806, 2048 }, { 7, 807, 2048 },
+   { 5, 808, 2048 }, { 6, 809, 2048 }, { 6, 810, 2048 }, { 7, 811, 2048 }, { 6, 812, 2048 }, { 7, 813, 2048 }, { 7, 814, 2048 }, { 8, 815, 2048 },
+   { 5, 816, 2048 }, { 6, 817, 2048 }, { 6, 818, 2048 }, { 7, 819, 2048 }, { 6, 820, 2048 }, { 7, 821, 2048 }, { 7, 822, 2048 }, { 8, 823, 2048 },
+   { 6, 824, 2048 }, { 7, 825, 2048 }, { 7, 826, 2048 }, { 8, 827, 2048 }, { 7, 828, 2048 }, { 8, 829, 2048 }, { 8, 830, 2048 }, { 9, 831, 2048 },
+   { 4, 832, 2048 }, { 5, 833, 2048 }, { 5, 834, 2048 }, { 6, 835, 2048 }, { 5, 836, 2048 }, { 6, 837, 2048 }, { 6, 838, 2048 }, { 7, 839, 2048 },
+   { 5, 840, 2048 }, { 6, 841, 2048 }, { 6, 842, 2048 }, { 7, 843, 2048 }, { 6, 844, 2048 }, { 7, 845, 2048 }, { 7, 846, 2048 }, { 8, 847, 2048 },
+   { 5, 848, 2048 }, { 6, 849, 2048 }, { 6, 850, 2048 }, { 7, 851, 2048 }, { 6, 852, 2048 }, { 7, 853, 2048 }, { 7, 854, 2048 }, { 8, 855, 2048 },
+   { 6, 856, 2048 }, { 7, 857, 2048 }, { 7, 858, 2048 }, { 8, 859, 2048 }, { 7, 860, 2048 }, { 8, 861, 2048 }, { 8, 862, 2048 }, { 9, 863, 2048 },
+   { 5, 864, 2048 }, { 6, 865, 2048 }, { 6, 866, 2048 }, { 7, 867, 2048 }, { 6, 868, 2048 }, { 7, 869, 2048 }, { 7, 870, 2048 }, { 8, 871, 2048 },
+   { 6, 872, 2048 }, { 7, 873, 2048 }, { 7, 874, 2048 }, { 8, 875, 2048 }, { 7, 876, 2048 }, { 8, 877, 2048 }, { 8, 878, 2048 }, { 9, 879, 2048 },
+   { 6, 880, 2048 }, { 7, 881, 2048 }, { 7, 882, 2048 }, { 8, 883, 2048 }, { 7, 884, 2048 }, { 8, 885, 2048 }, { 8, 886, 2048 }, { 9, 887, 2048 },
+   { 7, 888, 2048 }, { 8, 889, 2048 }, { 8, 890, 2048 }, { 9, 891, 2048 }, { 8, 892, 2048 }, { 9, 893, 2048 }, { 9, 894, 2048 }, { 10, 895, 2048 },
+   { 4, 896, 2048 }, { 5, 897, 2048 }, { 5, 898, 2048 }, { 6, 899, 2048 }, { 5, 900, 2048 }, { 6, 901, 2048 }, { 6, 902, 2048 }, { 7, 903, 2048 },
+   { 5, 904, 2048 }, { 6, 905, 2048 }, { 6, 906, 2048 }, { 7, 907, 2048 }, { 6, 908, 2048 }, { 7, 909, 2048 }, { 7, 910, 2048 }, { 8, 911, 2048 },
+   { 5, 912, 2048 }, { 6, 913, 2048 }, { 6, 914, 2048 }, { 7, 915, 2048 }, { 6, 916, 2048 }, { 7, 917, 2048 }, { 7, 918, 2048 }, { 8, 919, 2048 },
+   { 6, 920, 2048 }, { 7, 921, 2048 }, { 7, 922, 2048 }, { 8, 923, 2048 }, { 7, 924, 2048 }, { 8, 925, 2048 }, { 8, 926, 2048 }, { 9, 927, 2048 },
+   { 5, 928, 2048 }, { 6, 929, 2048 }, { 6, 930, 2048 }, { 7, 931, 2048 }, { 6, 932, 2048 }, { 7, 933, 2048 }, { 7, 934, 2048 }, { 8, 935, 2048 },
+   { 6, 936, 2048 }, { 7, 937, 2048 }, { 7, 938, 2048 }, { 8, 939, 2048 }, { 7, 940, 2048 }, { 8, 941, 2048 }, { 8, 942, 2048 }, { 9, 943, 2048 },
+   { 6, 944, 2048 }, { 7, 945, 2048 }, { 7, 946, 2048 }, { 8, 947, 2048 }, { 7, 948, 2048 }, { 8, 949, 2048 }, { 8, 950, 2048 }, { 9, 951, 2048 },
+   { 7, 952, 2048 }, { 8, 953, 2048 }, { 8, 954, 2048 }, { 9, 955, 2048 }, { 8, 956, 2048 }, { 9, 957, 2048 }, { 9, 958, 2048 }, { 10, 959, 2048 },
+   { 5, 960, 2048 }, { 6, 961, 2048 }, { 6, 962, 2048 }, { 7, 963, 2048 }, { 6, 964, 2048 }, { 7, 965, 2048 }, { 7, 966, 2048 }, { 8, 967, 2048 },
+   { 6, 968, 2048 }, { 7, 969, 2048 }, { 7, 970, 2048 }, { 8, 971, 2048 }, { 7, 972, 2048 }, { 8, 973, 2048 }, { 8, 974, 2048 }, { 9, 975, 2048 },
+   { 6, 976, 2048 }, { 7, 977, 2048 }, { 7, 978, 2048 }, { 8, 979, 2048 }, { 7, 980, 2048 }, { 8, 981, 2048 }, { 8, 982, 2048 }, { 9, 983, 2048 },
+   { 7, 984, 2048 }, { 8, 985, 2048 }, { 8, 986, 2048 }, { 9, 987, 2048 }, { 8, 988, 2048 }, { 9, 989, 2048 }, { 9, 990, 2048 }, { 10, 991, 2048 },
+   { 6, 992, 2048 }, { 7, 993, 2048 }, { 7, 994, 2048 }, { 8, 995, 2048 }, { 7, 996, 2048 }, { 8, 997, 2048 }, { 8, 998, 2048 }, { 9, 999, 2048 },
+   { 7, 1000, 2048 }, { 8, 1001, 2048 }, { 8, 1002, 2048 }, { 9, 1003, 2048 }, { 8, 1004, 2048 }, { 9, 1005, 2048 }, { 9, 1006, 2048 }, { 10, 1007, 2048 },
+   { 7, 1008, 2048 }, { 8, 1009, 2048 }, { 8, 1010, 2048 }, { 9, 1011, 2048 }, { 8, 1012, 2048 }, { 9, 1013, 2048 }, { 9, 1014, 2048 }, { 10, 1015, 2048 },
+   { 8, 1016, 2048 }, { 9, 1017, 2048 }, { 9, 1018, 2048 }, { 10, 1019, 2048 }, { 9, 1020, 2048 }, { 10, 1021, 2048 }, { 10, 1022, 2048 }, { 11, 1023, 2048 },
+   { 2, 1024, 2048 }, { 3, 1025, 2048 }, { 3, 1026, 2048 }, { 4, 1027, 2048 }, { 3, 1028, 2048 }, { 4, 1029, 2048 }, { 4, 1030, 2048 }, { 5, 1031, 2048 },
+   { 3, 1032, 2048 }, { 4, 1033, 2048 }, { 4, 1034, 2048 }, { 5, 1035, 2048 }, { 4, 1036, 2048 }, { 5, 1037, 2048 }, { 5, 1038, 2048 }, { 6, 1039, 2048 },
+   { 3, 1040, 2048 }, { 4, 1041, 2048 }, { 4, 1042, 2048 }, { 5, 1043, 2048 }, { 4, 1044, 2048 }, { 5, 1045, 2048 }, { 5, 1046, 2048 }, { 6, 1047, 2048 },
+   { 4, 1048, 2048 }, { 5, 1049, 2048 }, { 5, 1050, 2048 }, { 6, 1051, 2048 }, { 5, 1052, 2048 }, { 6, 1053, 2048 }, { 6, 1054, 2048 }, { 7, 1055, 2048 },
+   { 3, 1056, 2048 }, { 4, 1057, 2048 }, { 4, 1058, 2048 }, { 5, 1059, 2048 }, { 4, 1060, 2048 }, { 5, 1061, 2048 }, { 5, 1062, 2048 }, { 6, 1063, 2048 },
+   { 4, 1064, 2048 }, { 5, 1065, 2048 }, { 5, 1066, 2048 }, { 6, 1067, 2048 }, { 5, 1068, 2048 }, { 6, 1069, 2048 }, { 6, 1070, 2048 }, { 7, 1071, 2048 },
+   { 4, 1072, 2048 }, { 5, 1073, 2048 }, { 5, 1074, 2048 }, { 6, 1075, 2048 }, { 5, 1076, 2048 }, { 6, 1077, 2048 }, { 6, 1078, 2048 }, { 7, 1079, 2048 },
+   { 5, 1080, 2048 }, { 6, 1081, 2048 }, { 6, 1082, 2048 }, { 7, 1083, 2048 }, { 6, 1084, 2048 }, { 7, 1085, 2048 }, { 7, 1086, 2048 }, { 8, 1087, 2048 },
+   { 3, 1088, 2048 }, { 4, 1089, 2048 }, { 4, 1090, 2048 }, { 5, 1091, 2048 }, { 4, 1092, 2048 }, { 5, 1093, 2048 }, { 5, 1094, 2048 }, { 6, 1095, 2048 },
+   { 4, 1096, 2048 }, { 5, 1097, 2048 }, { 5, 1098, 2048 }, { 6, 1099, 2048 }, { 5, 1100, 2048 }, { 6, 1101, 2048 }, { 6, 1102, 2048 }, { 7, 1103, 2048 },
+   { 4, 1104, 2048 }, { 5, 1105, 2048 }, { 5, 1106, 2048 }, { 6, 1107, 2048 }, { 5, 1108, 2048 }, { 6, 1109, 2048 }, { 6, 1110, 2048 }, { 7, 1111, 2048 },
+   { 5, 1112, 2048 }, { 6, 1113, 2048 }, { 6, 1114, 2048 }, { 7, 1115, 2048 }, { 6, 1116, 2048 }, { 7, 1117, 2048 }, { 7, 1118, 2048 }, { 8, 1119, 2048 },
+   { 4, 1120, 2048 }, { 5, 1121, 2048 }, { 5, 1122, 2048 }, { 6, 1123, 2048 }, { 5, 1124, 2048 }, { 6, 1125, 2048 }, { 6, 1126, 2048 }, { 7, 1127, 2048 },
+   { 5, 1128, 2048 }, { 6, 1129, 2048 }, { 6, 1130, 2048 }, { 7, 1131, 2048 }, { 6, 1132, 2048 }, { 7, 1133, 2048 }, { 7, 1134, 2048 }, { 8, 1135, 2048 },
+   { 5, 1136, 2048 }, { 6, 1137, 2048 }, { 6, 1138, 2048 }, { 7, 1139, 2048 }, { 6, 1140, 2048 }, { 7, 1141, 2048 }, { 7, 1142, 2048 }, { 8, 1143, 2048 },
+   { 6, 1144, 2048 }, { 7, 1145, 2048 }, { 7, 1146, 2048 }, { 8, 1147, 2048 }, { 7, 1148, 2048 }, { 8, 1149, 2048 }, { 8, 1150, 2048 }, { 9, 1151, 2048 },
+   { 3, 1152, 2048 }, { 4, 1153, 2048 }, { 4, 1154, 2048 }, { 5, 1155, 2048 }, { 4, 1156, 2048 }, { 5, 1157, 2048 }, { 5, 1158, 2048 }, { 6, 1159, 2048 },
+   { 4, 1160, 2048 }, { 5, 1161, 2048 }, { 5, 1162, 2048 }, { 6, 1163, 2048 }, { 5, 1164, 2048 }, { 6, 1165, 2048 }, { 6, 1166, 2048 }, { 7, 1167, 2048 },
+   { 4, 1168, 2048 }, { 5, 1169, 2048 }, { 5, 1170, 2048 }, { 6, 1171, 2048 }, { 5, 1172, 2048 }, { 6, 1173, 2048 }, { 6, 1174, 2048 }, { 7, 1175, 2048 },
+   { 5, 1176, 2048 }, { 6, 1177, 2048 }, { 6, 1178, 2048 }, { 7, 1179, 2048 }, { 6, 1180, 2048 }, { 7, 1181, 2048 }, { 7, 1182, 2048 }, { 8, 1183, 2048 },
+   { 4, 1184, 2048 }, { 5, 1185, 2048 }, { 5, 1186, 2048 }, { 6, 1187, 2048 }, { 5, 1188, 2048 }, { 6, 1189, 2048 }, { 6, 1190, 2048 }, { 7, 1191, 2048 },
+   { 5, 1192, 2048 }, { 6, 1193, 2048 }, { 6, 1194, 2048 }, { 7, 1195, 2048 }, { 6, 1196, 2048 }, { 7, 1197, 2048 }, { 7, 1198, 2048 }, { 8, 1199, 2048 },
+   { 5, 1200, 2048 }, { 6, 1201, 2048 }, { 6, 1202, 2048 }, { 7, 1203, 2048 }, { 6, 1204, 2048 }, { 7, 1205, 2048 }, { 7, 1206, 2048 }, { 8, 1207, 2048 },
+   { 6, 1208, 2048 }, { 7, 1209, 2048 }, { 7, 1210, 2048 }, { 8, 1211, 2048 }, { 7, 1212, 2048 }, { 8, 1213, 2048 }, { 8, 1214, 2048 }, { 9, 1215, 2048 },
+   { 4, 1216, 2048 }, { 5, 1217, 2048 }, { 5, 1218, 2048 }, { 6, 1219, 2048 }, { 5, 1220, 2048 }, { 6, 1221, 2048 }, { 6, 1222, 2048 }, { 7, 1223, 2048 },
+   { 5, 1224, 2048 }, { 6, 1225, 2048 }, { 6, 1226, 2048 }, { 7, 1227, 2048 }, { 6, 1228, 2048 }, { 7, 1229, 2048 }, { 7, 1230, 2048 }, { 8, 1231, 2048 },
+   { 5, 1232, 2048 }, { 6, 1233, 2048 }, { 6, 1234, 2048 }, { 7, 1235, 2048 }, { 6, 1236, 2048 }, { 7, 1237, 2048 }, { 7, 1238, 2048 }, { 8, 1239, 2048 },
+   { 6, 1240, 2048 }, { 7, 1241, 2048 }, { 7, 1242, 2048 }, { 8, 1243, 2048 }, { 7, 1244, 2048 }, { 8, 1245, 2048 }, { 8, 1246, 2048 }, { 9, 1247, 2048 },
+   { 5, 1248, 2048 }, { 6, 1249, 2048 }, { 6, 1250, 2048 }, { 7, 1251, 2048 }, { 6, 1252, 2048 }, { 7, 1253, 2048 }, { 7, 1254, 2048 }, { 8, 1255, 2048 },
+   { 6, 1256, 2048 }, { 7, 1257, 2048 }, { 7, 1258, 2048 }, { 8, 1259, 2048 }, { 7, 1260, 2048 }, { 8, 1261, 2048 }, { 8, 1262, 2048 }, { 9, 1263, 2048 },
+   { 6, 1264, 2048 }, { 7, 1265, 2048 }, { 7, 1266, 2048 }, { 8, 1267, 2048 }, { 7, 1268, 2048 }, { 8, 1269, 2048 }, { 8, 1270, 2048 }, { 9, 1271, 2048 },
+   { 7, 1272, 2048 }, { 8, 1273, 2048 }, { 8, 1274, 2048 }, { 9, 1275, 2048 }, { 8, 1276, 2048 }, { 9, 1277, 2048 }, { 9, 1278, 2048 }, { 10, 1279, 2048 },
+   { 3, 1280, 2048 }, { 4, 1281, 2048 }, { 4, 1282, 2048 }, { 5, 1283, 2048 }, { 4, 1284, 2048 }, { 5, 1285, 2048 }, { 5, 1286, 2048 }, { 6, 1287, 2048 },
+   { 4, 1288, 2048 }, { 5, 1289, 2048 }, { 5, 1290, 2048 }, { 6, 1291, 2048 }, { 5, 1292, 2048 }, { 6, 1293, 2048 }, { 6, 1294, 2048 }, { 7, 1295, 2048 },
+   { 4, 1296, 2048 }, { 5, 1297, 2048 }, { 5, 1298, 2048 }, { 6, 1299, 2048 }, { 5, 1300, 2048 }, { 6, 1301, 2048 }, { 6, 1302, 2048 }, { 7, 1303, 2048 },
+   { 5, 1304, 2048 }, { 6, 1305, 2048 }, { 6, 1306, 2048 }, { 7, 1307, 2048 }, { 6, 1308, 2048 }, { 7, 1309, 2048 }, { 7, 1310, 2048 }, { 8, 1311, 2048 },
+   { 4, 1312, 2048 }, { 5, 1313, 2048 }, { 5, 1314, 2048 }, { 6, 1315, 2048 }, { 5, 1316, 2048 }, { 6, 1317, 2048 }, { 6, 1318, 2048 }, { 7, 1319, 2048 },
+   { 5, 1320, 2048 }, { 6, 1321, 2048 }, { 6, 1322, 2048 }, { 7, 1323, 2048 }, { 6, 1324, 2048 }, { 7, 1325, 2048 }, { 7, 1326, 2048 }, { 8, 1327, 2048 },
+   { 5, 1328, 2048 }, { 6, 1329, 2048 }, { 6, 1330, 2048 }, { 7, 1331, 2048 }, { 6, 1332, 2048 }, { 7, 1333, 2048 }, { 7, 1334, 2048 }, { 8, 1335, 2048 },
+   { 6, 1336, 2048 }, { 7, 1337, 2048 }, { 7, 1338, 2048 }, { 8, 1339, 2048 }, { 7, 1340, 2048 }, { 8, 1341, 2048 }, { 8, 1342, 2048 }, { 9, 1343, 2048 },
+   { 4, 1344, 2048 }, { 5, 1345, 2048 }, { 5, 1346, 2048 }, { 6, 1347, 2048 }, { 5, 1348, 2048 }, { 6, 1349, 2048 }, { 6, 1350, 2048 }, { 7, 1351, 2048 },
+   { 5, 1352, 2048 }, { 6, 1353, 2048 }, { 6, 1354, 2048 }, { 7, 1355, 2048 }, { 6, 1356, 2048 }, { 7, 1357, 2048 }, { 7, 1358, 2048 }, { 8, 1359, 2048 },
+   { 5, 1360, 2048 }, { 6, 1361, 2048 }, { 6, 1362, 2048 }, { 7, 1363, 2048 }, { 6, 1364, 2048 }, { 7, 1365, 2048 }, { 7, 1366, 2048 }, { 8, 1367, 2048 },
+   { 6, 1368, 2048 }, { 7, 1369, 2048 }, { 7, 1370, 2048 }, { 8, 1371, 2048 }, { 7, 1372, 2048 }, { 8, 1373, 2048 }, { 8, 1374, 2048 }, { 9, 1375, 2048 },
+   { 5, 1376, 2048 }, { 6, 1377, 2048 }, { 6, 1378, 2048 }, { 7, 1379, 2048 }, { 6, 1380, 2048 }, { 7, 1381, 2048 }, { 7, 1382, 2048 }, { 8, 1383, 2048 },
+   { 6, 1384, 2048 }, { 7, 1385, 2048 }, { 7, 1386, 2048 }, { 8, 1387, 2048 }, { 7, 1388, 2048 }, { 8, 1389, 2048 }, { 8, 1390, 2048 }, { 9, 1391, 2048 },
+   { 6, 1392, 2048 }, { 7, 1393, 2048 }, { 7, 1394, 2048 }, { 8, 1395, 2048 }, { 7, 1396, 2048 }, { 8, 1397, 2048 }, { 8, 1398, 2048 }, { 9, 1399, 2048 },
+   { 7, 1400, 2048 }, { 8, 1401, 2048 }, { 8, 1402, 2048 }, { 9, 1403, 2048 }, { 8, 1404, 2048 }, { 9, 1405, 2048 }, { 9, 1406, 2048 }, { 10, 1407, 2048 },
+   { 4, 1408, 2048 }, { 5, 1409, 2048 }, { 5, 1410, 2048 }, { 6, 1411, 2048 }, { 5, 1412, 2048 }, { 6, 1413, 2048 }, { 6, 1414, 2048 }, { 7, 1415, 2048 },
+   { 5, 1416, 2048 }, { 6, 1417, 2048 }, { 6, 1418, 2048 }, { 7, 1419, 2048 }, { 6, 1420, 2048 }, { 7, 1421, 2048 }, { 7, 1422, 2048 }, { 8, 1423, 2048 },
+   { 5, 1424, 2048 }, { 6, 1425, 2048 }, { 6, 1426, 2048 }, { 7, 1427, 2048 }, { 6, 1428, 2048 }, { 7, 1429, 2048 }, { 7, 1430, 2048 }, { 8, 1431, 2048 },
+   { 6, 1432, 2048 }, { 7, 1433, 2048 }, { 7, 1434, 2048 }, { 8, 1435, 2048 }, { 7, 1436, 2048 }, { 8, 1437, 2048 }, { 8, 1438, 2048 }, { 9, 1439, 2048 },
+   { 5, 1440, 2048 }, { 6, 1441, 2048 }, { 6, 1442, 2048 }, { 7, 1443, 2048 }, { 6, 1444, 2048 }, { 7, 1445, 2048 }, { 7, 1446, 2048 }, { 8, 1447, 2048 },
+   { 6, 1448, 2048 }, { 7, 1449, 2048 }, { 7, 1450, 2048 }, { 8, 1451, 2048 }, { 7, 1452, 2048 }, { 8, 1453, 2048 }, { 8, 1454, 2048 }, { 9, 1455, 2048 },
+   { 6, 1456, 2048 }, { 7, 1457, 2048 }, { 7, 1458, 2048 }, { 8, 1459, 2048 }, { 7, 1460, 2048 }, { 8, 1461, 2048 }, { 8, 1462, 2048 }, { 9, 1463, 2048 },
+   { 7, 1464, 2048 }, { 8, 1465, 2048 }, { 8, 1466, 2048 }, { 9, 1467, 2048 }, { 8, 1468, 2048 }, { 9, 1469, 2048 }, { 9, 1470, 2048 }, { 10, 1471, 2048 },
+   { 5, 1472, 2048 }, { 6, 1473, 2048 }, { 6, 1474, 2048 }, { 7, 1475, 2048 }, { 6, 1476, 2048 }, { 7, 1477, 2048 }, { 7, 1478, 2048 }, { 8, 1479, 2048 },
+   { 6, 1480, 2048 }, { 7, 1481, 2048 }, { 7, 1482, 2048 }, { 8, 1483, 2048 }, { 7, 1484, 2048 }, { 8, 1485, 2048 }, { 8, 1486, 2048 }, { 9, 1487, 2048 },
+   { 6, 1488, 2048 }, { 7, 1489, 2048 }, { 7, 1490, 2048 }, { 8, 1491, 2048 }, { 7, 1492, 2048 }, { 8, 1493, 2048 }, { 8, 1494, 2048 }, { 9, 1495, 2048 },
+   { 7, 1496, 2048 }, { 8, 1497, 2048 }, { 8, 1498, 2048 }, { 9, 1499, 2048 }, { 8, 1500, 2048 }, { 9, 1501, 2048 }, { 9, 1502, 2048 }, { 10, 1503, 2048 },
+   { 6, 1504, 2048 }, { 7, 1505, 2048 }, { 7, 1506, 2048 }, { 8, 1507, 2048 }, { 7, 1508, 2048 }, { 8, 1509, 2048 }, { 8, 1510, 2048 }, { 9, 1511, 2048 },
+   { 7, 1512, 2048 }, { 8, 1513, 2048 }, { 8, 1514, 2048 }, { 9, 1515, 2048 }, { 8, 1516, 2048 }, { 9, 1517, 2048 }, { 9, 1518, 2048 }, { 10, 1519, 2048 },
+   { 7, 1520, 2048 }, { 8, 1521, 2048 }, { 8, 1522, 2048 }, { 9, 1523, 2048 }, { 8, 1524, 2048 }, { 9, 1525, 2048 }, { 9, 1526, 2048 }, { 10, 1527, 2048 },
+   { 8, 1528, 2048 }, { 9, 1529, 2048 }, { 9, 1530, 2048 }, { 10, 1531, 2048 }, { 9, 1532, 2048 }, { 10, 1533, 2048 }, { 10, 1534, 2048 }, { 11, 1535, 2048 },
+   { 3, 1536, 2048 }, { 4, 1537, 2048 }, { 4, 1538, 2048 }, { 5, 1539, 2048 }, { 4, 1540, 2048 }, { 5, 1541, 2048 }, { 5, 1542, 2048 }, { 6, 1543, 2048 },
+   { 4, 1544, 2048 }, { 5, 1545, 2048 }, { 5, 1546, 2048 }, { 6, 1547, 2048 }, { 5, 1548, 2048 }, { 6, 1549, 2048 }, { 6, 1550, 2048 }, { 7, 1551, 2048 },
+   { 4, 1552, 2048 }, { 5, 1553, 2048 }, { 5, 1554, 2048 }, { 6, 1555, 2048 }, { 5, 1556, 2048 }, { 6, 1557, 2048 }, { 6, 1558, 2048 }, { 7, 1559, 2048 },
+   { 5, 1560, 2048 }, { 6, 1561, 2048 }, { 6, 1562, 2048 }, { 7, 1563, 2048 }, { 6, 1564, 2048 }, { 7, 1565, 2048 }, { 7, 1566, 2048 }, { 8, 1567, 2048 },
+   { 4, 1568, 2048 }, { 5, 1569, 2048 }, { 5, 1570, 2048 }, { 6, 1571, 2048 }, { 5, 1572, 2048 }, { 6, 1573, 2048 }, { 6, 1574, 2048 }, { 7, 1575, 2048 },
+   { 5, 1576, 2048 }, { 6, 1577, 2048 }, { 6, 1578, 2048 }, { 7, 1579, 2048 }, { 6, 1580, 2048 }, { 7, 1581, 2048 }, { 7, 1582, 2048 }, { 8, 1583, 2048 },
+   { 5, 1584, 2048 }, { 6, 1585, 2048 }, { 6, 1586, 2048 }, { 7, 1587, 2048 }, { 6, 1588, 2048 }, { 7, 1589, 2048 }, { 7, 1590, 2048 }, { 8, 1591, 2048 },
+   { 6, 1592, 2048 }, { 7, 1593, 2048 }, { 7, 1594, 2048 }, { 8, 1595, 2048 }, { 7, 1596, 2048 }, { 8, 1597, 2048 }, { 8, 1598, 2048 }, { 9, 1599, 2048 },
+   { 4, 1600, 2048 }, { 5, 1601, 2048 }, { 5, 1602, 2048 }, { 6, 1603, 2048 }, { 5, 1604, 2048 }, { 6, 1605, 2048 }, { 6, 1606, 2048 }, { 7, 1607, 2048 },
+   { 5, 1608, 2048 }, { 6, 1609, 2048 }, { 6, 1610, 2048 }, { 7, 1611, 2048 }, { 6, 1612, 2048 }, { 7, 1613, 2048 }, { 7, 1614, 2048 }, { 8, 1615, 2048 },
+   { 5, 1616, 2048 }, { 6, 1617, 2048 }, { 6, 1618, 2048 }, { 7, 1619, 2048 }, { 6, 1620, 2048 }, { 7, 1621, 2048 }, { 7, 1622, 2048 }, { 8, 1623, 2048 },
+   { 6, 1624, 2048 }, { 7, 1625, 2048 }, { 7, 1626, 2048 }, { 8, 1627, 2048 }, { 7, 1628, 2048 }, { 8, 1629, 2048 }, { 8, 1630, 2048 }, { 9, 1631, 2048 },
+   { 5, 1632, 2048 }, { 6, 1633, 2048 }, { 6, 1634, 2048 }, { 7, 1635, 2048 }, { 6, 1636, 2048 }, { 7, 1637, 2048 }, { 7, 1638, 2048 }, { 8, 1639, 2048 },
+   { 6, 1640, 2048 }, { 7, 1641, 2048 }, { 7, 1642, 2048 }, { 8, 1643, 2048 }, { 7, 1644, 2048 }, { 8, 1645, 2048 }, { 8, 1646, 2048 }, { 9, 1647, 2048 },
+   { 6, 1648, 2048 }, { 7, 1649, 2048 }, { 7, 1650, 2048 }, { 8, 1651, 2048 }, { 7, 1652, 2048 }, { 8, 1653, 2048 }, { 8, 1654, 2048 }, { 9, 1655, 2048 },
+   { 7, 1656, 2048 }, { 8, 1657, 2048 }, { 8, 1658, 2048 }, { 9, 1659, 2048 }, { 8, 1660, 2048 }, { 9, 1661, 2048 }, { 9, 1662, 2048 }, { 10, 1663, 2048 },
+   { 4, 1664, 2048 }, { 5, 1665, 2048 }, { 5, 1666, 2048 }, { 6, 1667, 2048 }, { 5, 1668, 2048 }, { 6, 1669, 2048 }, { 6, 1670, 2048 }, { 7, 1671, 2048 },
+   { 5, 1672, 2048 }, { 6, 1673, 2048 }, { 6, 1674, 2048 }, { 7, 1675, 2048 }, { 6, 1676, 2048 }, { 7, 1677, 2048 }, { 7, 1678, 2048 }, { 8, 1679, 2048 },
+   { 5, 1680, 2048 }, { 6, 1681, 2048 }, { 6, 1682, 2048 }, { 7, 1683, 2048 }, { 6, 1684, 2048 }, { 7, 1685, 2048 }, { 7, 1686, 2048 }, { 8, 1687, 2048 },
+   { 6, 1688, 2048 }, { 7, 1689, 2048 }, { 7, 1690, 2048 }, { 8, 1691, 2048 }, { 7, 1692, 2048 }, { 8, 1693, 2048 }, { 8, 1694, 2048 }, { 9, 1695, 2048 },
+   { 5, 1696, 2048 }, { 6, 1697, 2048 }, { 6, 1698, 2048 }, { 7, 1699, 2048 }, { 6, 1700, 2048 }, { 7, 1701, 2048 }, { 7, 1702, 2048 }, { 8, 1703, 2048 },
+   { 6, 1704, 2048 }, { 7, 1705, 2048 }, { 7, 1706, 2048 }, { 8, 1707, 2048 }, { 7, 1708, 2048 }, { 8, 1709, 2048 }, { 8, 1710, 2048 }, { 9, 1711, 2048 },
+   { 6, 1712, 2048 }, { 7, 1713, 2048 }, { 7, 1714, 2048 }, { 8, 1715, 2048 }, { 7, 1716, 2048 }, { 8, 1717, 2048 }, { 8, 1718, 2048 }, { 9, 1719, 2048 },
+   { 7, 1720, 2048 }, { 8, 1721, 2048 }, { 8, 1722, 2048 }, { 9, 1723, 2048 }, { 8, 1724, 2048 }, { 9, 1725, 2048 }, { 9, 1726, 2048 }, { 10, 1727, 2048 },
+   { 5, 1728, 2048 }, { 6, 1729, 2048 }, { 6, 1730, 2048 }, { 7, 1731, 2048 }, { 6, 1732, 2048 }, { 7, 1733, 2048 }, { 7, 1734, 2048 }, { 8, 1735, 2048 },
+   { 6, 1736, 2048 }, { 7, 1737, 2048 }, { 7, 1738, 2048 }, { 8, 1739, 2048 }, { 7, 1740, 2048 }, { 8, 1741, 2048 }, { 8, 1742, 2048 }, { 9, 1743, 2048 },
+   { 6, 1744, 2048 }, { 7, 1745, 2048 }, { 7, 1746, 2048 }, { 8, 1747, 2048 }, { 7, 1748, 2048 }, { 8, 1749, 2048 }, { 8, 1750, 2048 }, { 9, 1751, 2048 },
+   { 7, 1752, 2048 }, { 8, 1753, 2048 }, { 8, 1754, 2048 }, { 9, 1755, 2048 }, { 8, 1756, 2048 }, { 9, 1757, 2048 }, { 9, 1758, 2048 }, { 10, 1759, 2048 },
+   { 6, 1760, 2048 }, { 7, 1761, 2048 }, { 7, 1762, 2048 }, { 8, 1763, 2048 }, { 7, 1764, 2048 }, { 8, 1765, 2048 }, { 8, 1766, 2048 }, { 9, 1767, 2048 },
+   { 7, 1768, 2048 }, { 8, 1769, 2048 }, { 8, 1770, 2048 }, { 9, 1771, 2048 }, { 8, 1772, 2048 }, { 9, 1773, 2048 }, { 9, 1774, 2048 }, { 10, 1775, 2048 },
+   { 7, 1776, 2048 }, { 8, 1777, 2048 }, { 8, 1778, 2048 }, { 9, 1779, 2048 }, { 8, 1780, 2048 }, { 9, 1781, 2048 }, { 9, 1782, 2048 }, { 10, 1783, 2048 },
+   { 8, 1784, 2048 }, { 9, 1785, 2048 }, { 9, 1786, 2048 }, { 10, 1787, 2048 }, { 9, 1788, 2048 }, { 10, 1789, 2048 }, { 10, 1790, 2048 }, { 11, 1791, 2048 },
+   { 4, 1792, 2048 }, { 5, 1793, 2048 }, { 5, 1794, 2048 }, { 6, 1795, 2048 }, { 5, 1796, 2048 }, { 6, 1797, 2048 }, { 6, 1798, 2048 }, { 7, 1799, 2048 },
+   { 5, 1800, 2048 }, { 6, 1801, 2048 }, { 6, 1802, 2048 }, { 7, 1803, 2048 }, { 6, 1804, 2048 }, { 7, 1805, 2048 }, { 7, 1806, 2048 }, { 8, 1807, 2048 },
+   { 5, 1808, 2048 }, { 6, 1809, 2048 }, { 6, 1810, 2048 }, { 7, 1811, 2048 }, { 6, 1812, 2048 }, { 7, 1813, 2048 }, { 7, 1814, 2048 }, { 8, 1815, 2048 },
+   { 6, 1816, 2048 }, { 7, 1817, 2048 }, { 7, 1818, 2048 }, { 8, 1819, 2048 }, { 7, 1820, 2048 }, { 8, 1821, 2048 }, { 8, 1822, 2048 }, { 9, 1823, 2048 },
+   { 5, 1824, 2048 }, { 6, 1825, 2048 }, { 6, 1826, 2048 }, { 7, 1827, 2048 }, { 6, 1828, 2048 }, { 7, 1829, 2048 }, { 7, 1830, 2048 }, { 8, 1831, 2048 },
+   { 6, 1832, 2048 }, { 7, 1833, 2048 }, { 7, 1834, 2048 }, { 8, 1835, 2048 }, { 7, 1836, 2048 }, { 8, 1837, 2048 }, { 8, 1838, 2048 }, { 9, 1839, 2048 },
+   { 6, 1840, 2048 }, { 7, 1841, 2048 }, { 7, 1842, 2048 }, { 8, 1843, 2048 }, { 7, 1844, 2048 }, { 8, 1845, 2048 }, { 8, 1846, 2048 }, { 9, 1847, 2048 },
+   { 7, 1848, 2048 }, { 8, 1849, 2048 }, { 8, 1850, 2048 }, { 9, 1851, 2048 }, { 8, 1852, 2048 }, { 9, 1853, 2048 }, { 9, 1854, 2048 }, { 10, 1855, 2048 },
+   { 5, 1856, 2048 }, { 6, 1857, 2048 }, { 6, 1858, 2048 }, { 7, 1859, 2048 }, { 6, 1860, 2048 }, { 7, 1861, 2048 }, { 7, 1862, 2048 }, { 8, 1863, 2048 },
+   { 6, 1864, 2048 }, { 7, 1865, 2048 }, { 7, 1866, 2048 }, { 8, 1867, 2048 }, { 7, 1868, 2048 }, { 8, 1869, 2048 }, { 8, 1870, 2048 }, { 9, 1871, 2048 },
+   { 6, 1872, 2048 }, { 7, 1873, 2048 }, { 7, 1874, 2048 }, { 8, 1875, 2048 }, { 7, 1876, 2048 }, { 8, 1877, 2048 }, { 8, 1878, 2048 }, { 9, 1879, 2048 },
+   { 7, 1880, 2048 }, { 8, 1881, 2048 }, { 8, 1882, 2048 }, { 9, 1883, 2048 }, { 8, 1884, 2048 }, { 9, 1885, 2048 }, { 9, 1886, 2048 }, { 10, 1887, 2048 },
+   { 6, 1888, 2048 }, { 7, 1889, 2048 }, { 7, 1890, 2048 }, { 8, 1891, 2048 }, { 7, 1892, 2048 }, { 8, 1893, 2048 }, { 8, 1894, 2048 }, { 9, 1895, 2048 },
+   { 7, 1896, 2048 }, { 8, 1897, 2048 }, { 8, 1898, 2048 }, { 9, 1899, 2048 }, { 8, 1900, 2048 }, { 9, 1901, 2048 }, { 9, 1902, 2048 }, { 10, 1903, 2048 },
+   { 7, 1904, 2048 }, { 8, 1905, 2048 }, { 8, 1906, 2048 }, { 9, 1907, 2048 }, { 8, 1908, 2048 }, { 9, 1909, 2048 }, { 9, 1910, 2048 }, { 10, 1911, 2048 },
+   { 8, 1912, 2048 }, { 9, 1913, 2048 }, { 9, 1914, 2048 }, { 10, 1915, 2048 }, { 9, 1916, 2048 }, { 10, 1917, 2048 }, { 10, 1918, 2048 }, { 11, 1919, 2048 },
+   { 5, 1920, 2048 }, { 6, 1921, 2048 }, { 6, 1922, 2048 }, { 7, 1923, 2048 }, { 6, 1924, 2048 }, { 7, 1925, 2048 }, { 7, 1926, 2048 }, { 8, 1927, 2048 },
+   { 6, 1928, 2048 }, { 7, 1929, 2048 }, { 7, 1930, 2048 }, { 8, 1931, 2048 }, { 7, 1932, 2048 }, { 8, 1933, 2048 }, { 8, 1934, 2048 }, { 9, 1935, 2048 },
+   { 6, 1936, 2048 }, { 7, 1937, 2048 }, { 7, 1938, 2048 }, { 8, 1939, 2048 }, { 7, 1940, 2048 }, { 8, 1941, 2048 }, { 8, 1942, 2048 }, { 9, 1943, 2048 },
+   { 7, 1944, 2048 }, { 8, 1945, 2048 }, { 8, 1946, 2048 }, { 9, 1947, 2048 }, { 8, 1948, 2048 }, { 9, 1949, 2048 }, { 9, 1950, 2048 }, { 10, 1951, 2048 },
+   { 6, 1952, 2048 }, { 7, 1953, 2048 }, { 7, 1954, 2048 }, { 8, 1955, 2048 }, { 7, 1956, 2048 }, { 8, 1957, 2048 }, { 8, 1958, 2048 }, { 9, 1959, 2048 },
+   { 7, 1960, 2048 }, { 8, 1961, 2048 }, { 8, 1962, 2048 }, { 9, 1963, 2048 }, { 8, 1964, 2048 }, { 9, 1965, 2048 }, { 9, 1966, 2048 }, { 10, 1967, 2048 },
+   { 7, 1968, 2048 }, { 8, 1969, 2048 }, { 8, 1970, 2048 }, { 9, 1971, 2048 }, { 8, 1972, 2048 }, { 9, 1973, 2048 }, { 9, 1974, 2048 }, { 10, 1975, 2048 },
+   { 8, 1976, 2048 }, { 9, 1977, 2048 }, { 9, 1978, 2048 }, { 10, 1979, 2048 }, { 9, 1980, 2048 }, { 10, 1981, 2048 }, { 10, 1982, 2048 }, { 11, 1983, 2048 },
+   { 6, 1984, 2048 }, { 7, 1985, 2048 }, { 7, 1986, 2048 }, { 8, 1987, 2048 }, { 7, 1988, 2048 }, { 8, 1989, 2048 }, { 8, 1990, 2048 }, { 9, 1991, 2048 },
+   { 7, 1992, 2048 }, { 8, 1993, 2048 }, { 8, 1994, 2048 }, { 9, 1995, 2048 }, { 8, 1996, 2048 }, { 9, 1997, 2048 }, { 9, 1998, 2048 }, { 10, 1999, 2048 },
+   { 7, 2000, 2048 }, { 8, 2001, 2048 }, { 8, 2002, 2048 }, { 9, 2003, 2048 }, { 8, 2004, 2048 }, { 9, 2005, 2048 }, { 9, 2006, 2048 }, { 10, 2007, 2048 },
+   { 8, 2008, 2048 }, { 9, 2009, 2048 }, { 9, 2010, 2048 }, { 10, 2011, 2048 }, { 9, 2012, 2048 }, { 10, 2013, 2048 }, { 10, 2014, 2048 }, { 11, 2015, 2048 },
+   { 7, 2016, 2048 }, { 8, 2017, 2048 }, { 8, 2018, 2048 }, { 9, 2019, 2048 }, { 8, 2020, 2048 }, { 9, 2021, 2048 }, { 9, 2022, 2048 }, { 10, 2023, 2048 },
+   { 8, 2024, 2048 }, { 9, 2025, 2048 }, { 9, 2026, 2048 }, { 10, 2027, 2048 }, { 9, 2028, 2048 }, { 10, 2029, 2048 }, { 10, 2030, 2048 }, { 11, 2031, 2048 },
+   { 8, 2032, 2048 }, { 9, 2033, 2048 }, { 9, 2034, 2048 }, { 10, 2035, 2048 }, { 9, 2036, 2048 }, { 10, 2037, 2048 }, { 10, 2038, 2048 }, { 11, 2039, 2048 },
+   { 9, 2040, 2048 }, { 10, 2041, 2048 }, { 10, 2042, 2048 }, { 11, 2043, 2048 }, { 10, 2044, 2048 }, { 11, 2045, 2048 }, { 11, 2046, 2048 }, { 12, 2047, 2048 },
 #endif
 #endif
 #endif
@@ -3500,9 +3859,9 @@ static int find_base(ecc_point* g)
 {
    int x;
    for (x = 0; x < FP_ENTRIES; x++) {
-      if (fp_cache[x].g != NULL && 
-          mp_cmp(fp_cache[x].g->x, g->x) == MP_EQ && 
-          mp_cmp(fp_cache[x].g->y, g->y) == MP_EQ && 
+      if (fp_cache[x].g != NULL &&
+          mp_cmp(fp_cache[x].g->x, g->x) == MP_EQ &&
+          mp_cmp(fp_cache[x].g->y, g->y) == MP_EQ &&
           mp_cmp(fp_cache[x].g->z, g->z) == MP_EQ) {
          break;
       }
@@ -3531,7 +3890,7 @@ static int add_entry(int idx, ecc_point *g)
       ecc_del_point(fp_cache[idx].g);
       fp_cache[idx].g = NULL;
       return GEN_MEM_ERR;
-   }              
+   }
 
    for (x = 0; x < (1U<<FP_LUT); x++) {
       fp_cache[idx].LUT[x] = ecc_new_point();
@@ -3546,19 +3905,19 @@ static int add_entry(int idx, ecc_point *g)
          return GEN_MEM_ERR;
       }
    }
-   
+
    fp_cache[idx].lru_count = 0;
 
    return MP_OKAY;
 }
 
-/* build the LUT by spacing the bits of the input by #modulus/FP_LUT bits apart 
- * 
- * The algorithm builds patterns in increasing bit order by first making all 
+/* build the LUT by spacing the bits of the input by #modulus/FP_LUT bits apart
+ *
+ * The algorithm builds patterns in increasing bit order by first making all
  * single bit input patterns, then all two bit input patterns and so on
  */
 static int build_lut(int idx, mp_int* modulus, mp_digit* mp, mp_int* mu)
-{ 
+{
    unsigned x, y, err, bitlen, lut_gap;
    mp_int tmp;
 
@@ -3570,45 +3929,45 @@ static int build_lut(int idx, mp_int* modulus, mp_digit* mp, mp_int* mu)
    if ((sizeof(lut_orders) / sizeof(lut_orders[0])) < (1U<<FP_LUT)) {
        err = BAD_FUNC_ARG;
    }
-   else {   
+   else {
     /* get bitlen and round up to next multiple of FP_LUT */
     bitlen  = mp_unsigned_bin_size(modulus) << 3;
     x       = bitlen % FP_LUT;
     if (x) {
       bitlen += FP_LUT - x;
-    }  
+    }
     lut_gap = bitlen / FP_LUT;
 
     /* init the mu */
     err = mp_init_copy(&fp_cache[idx].mu, mu);
    }
-   
+
    /* copy base */
    if (err == MP_OKAY) {
      if ((mp_mulmod(fp_cache[idx].g->x, mu, modulus,
-                  fp_cache[idx].LUT[1]->x) != MP_OKAY) || 
+                  fp_cache[idx].LUT[1]->x) != MP_OKAY) ||
          (mp_mulmod(fp_cache[idx].g->y, mu, modulus,
-                  fp_cache[idx].LUT[1]->y) != MP_OKAY) || 
+                  fp_cache[idx].LUT[1]->y) != MP_OKAY) ||
          (mp_mulmod(fp_cache[idx].g->z, mu, modulus,
                   fp_cache[idx].LUT[1]->z) != MP_OKAY)) {
-       err = MP_MULMOD_E; 
+       err = MP_MULMOD_E;
      }
    }
-       
+
    /* make all single bit entries */
    for (x = 1; x < FP_LUT; x++) {
       if (err != MP_OKAY)
           break;
       if ((mp_copy(fp_cache[idx].LUT[1<<(x-1)]->x,
-                   fp_cache[idx].LUT[1<<x]->x) != MP_OKAY) || 
+                   fp_cache[idx].LUT[1<<x]->x) != MP_OKAY) ||
           (mp_copy(fp_cache[idx].LUT[1<<(x-1)]->y,
-                   fp_cache[idx].LUT[1<<x]->y) != MP_OKAY) || 
+                   fp_cache[idx].LUT[1<<x]->y) != MP_OKAY) ||
           (mp_copy(fp_cache[idx].LUT[1<<(x-1)]->z,
                    fp_cache[idx].LUT[1<<x]->z) != MP_OKAY)){
           err = MP_INIT_E;
           break;
       } else {
-          
+
          /* now double it bitlen/FP_LUT times */
          for (y = 0; y < lut_gap; y++) {
              if ((err = ecc_projective_dbl_point(fp_cache[idx].LUT[1<<x],
@@ -3618,7 +3977,7 @@ static int build_lut(int idx, mp_int* modulus, mp_digit* mp, mp_int* mu)
          }
      }
   }
-      
+
    /* now make all entries in increase order of hamming weight */
    for (x = 2; x <= FP_LUT; x++) {
        if (err != MP_OKAY)
@@ -3627,7 +3986,7 @@ static int build_lut(int idx, mp_int* modulus, mp_digit* mp, mp_int* mu)
            if (err != MP_OKAY)
              break;
            if (lut_orders[y].ham != (int)x) continue;
-                     
+
            /* perform the add */
            if ((err = ecc_projective_add_point(
                            fp_cache[idx].LUT[lut_orders[y].terma],
@@ -3637,7 +3996,7 @@ static int build_lut(int idx, mp_int* modulus, mp_digit* mp, mp_int* mu)
            }
        }
    }
-      
+
    /* now map all entries back to affine space to make point addition faster */
    for (x = 1; x < (1UL<<FP_LUT); x++) {
        if (err != MP_OKAY)
@@ -3645,7 +4004,7 @@ static int build_lut(int idx, mp_int* modulus, mp_digit* mp, mp_int* mu)
 
        /* convert z to normal from montgomery */
        err = mp_montgomery_reduce(fp_cache[idx].LUT[x]->z, modulus, *mp);
- 
+
        /* invert it */
        if (err == MP_OKAY)
          err = mp_invmod(fp_cache[idx].LUT[x]->z, modulus,
@@ -3654,7 +4013,7 @@ static int build_lut(int idx, mp_int* modulus, mp_digit* mp, mp_int* mu)
        if (err == MP_OKAY)
          /* now square it */
          err = mp_sqrmod(fp_cache[idx].LUT[x]->z, modulus, &tmp);
-       
+
        if (err == MP_OKAY)
          /* fix x */
          err = mp_mulmod(fp_cache[idx].LUT[x]->x, &tmp, modulus,
@@ -3723,10 +4082,10 @@ static int accel_fp_mul(int idx, mp_int* k, ecc_point *R, mp_int* modulus,
       for (x = 0; ecc_sets[x].size; x++) {
          if (y <= (unsigned)ecc_sets[x].size) break;
       }
-   
+
       /* back off if we are on the 521 bit curve */
       if (y == 66) --x;
-      
+
       if ((err = mp_read_radix(&order, ecc_sets[x].order, 16)) != MP_OKAY) {
          mp_clear(&order);
          mp_clear(&tk);
@@ -3746,22 +4105,22 @@ static int accel_fp_mul(int idx, mp_int* k, ecc_point *R, mp_int* modulus,
       mp_clear(&order);
    } else {
       mp_copy(k, &tk);
-   }       
-   
+   }
+
    /* get bitlen and round up to next multiple of FP_LUT */
    bitlen  = mp_unsigned_bin_size(modulus) << 3;
    x       = bitlen % FP_LUT;
    if (x) {
       bitlen += FP_LUT - x;
-   }  
+   }
    lut_gap = bitlen / FP_LUT;
-        
+
    /* get the k value */
    if (mp_unsigned_bin_size(&tk) > (int)(KB_SIZE - 2)) {
       mp_clear(&tk);
       return BUFFER_E;
    }
-   
+
    /* store k */
 #ifdef WOLFSSL_SMALL_STACK
    kb = (unsigned char*)XMALLOC(KB_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -3844,7 +4203,7 @@ static int accel_fp_mul(int idx, mp_int* k, ecc_point *R, mp_int* modulus,
 
 #ifdef ECC_SHAMIR
 /* perform a fixed point ECC mulmod */
-static int accel_fp_mul2add(int idx1, int idx2, 
+static int accel_fp_mul2add(int idx1, int idx2,
                             mp_int* kA, mp_int* kB,
                             ecc_point *R, mp_int* modulus, mp_digit* mp)
 {
@@ -3871,15 +4230,15 @@ static int accel_fp_mul2add(int idx1, int idx2,
       for (x = 0; ecc_sets[x].size; x++) {
          if (y <= (unsigned)ecc_sets[x].size) break;
       }
-   
+
       /* back off if we are on the 521 bit curve */
       if (y == 66) --x;
-      
+
       if ((err = mp_init(&order)) != MP_OKAY) {
          mp_clear(&tkb);
          mp_clear(&tka);
          return err;
-      }      
+      }
       if ((err = mp_read_radix(&order, ecc_sets[x].order, 16)) != MP_OKAY) {
          mp_clear(&tkb);
          mp_clear(&tka);
@@ -3901,7 +4260,7 @@ static int accel_fp_mul2add(int idx1, int idx2,
       mp_clear(&order);
    } else {
       mp_copy(kA, &tka);
-   }       
+   }
 
    /* if it's smaller than modulus we fine */
    if (mp_unsigned_bin_size(kB) > mp_unsigned_bin_size(modulus)) {
@@ -3910,15 +4269,15 @@ static int accel_fp_mul2add(int idx1, int idx2,
       for (x = 0; ecc_sets[x].size; x++) {
          if (y <= (unsigned)ecc_sets[x].size) break;
       }
-   
+
       /* back off if we are on the 521 bit curve */
       if (y == 66) --x;
-      
+
       if ((err = mp_init(&order)) != MP_OKAY) {
          mp_clear(&tkb);
          mp_clear(&tka);
          return err;
-      }      
+      }
       if ((err = mp_read_radix(&order, ecc_sets[x].order, 16)) != MP_OKAY) {
          mp_clear(&tkb);
          mp_clear(&tka);
@@ -3940,16 +4299,16 @@ static int accel_fp_mul2add(int idx1, int idx2,
       mp_clear(&order);
    } else {
       mp_copy(kB, &tkb);
-   }     
+   }
 
    /* get bitlen and round up to next multiple of FP_LUT */
    bitlen  = mp_unsigned_bin_size(modulus) << 3;
    x       = bitlen % FP_LUT;
    if (x) {
       bitlen += FP_LUT - x;
-   }  
+   }
    lut_gap = bitlen / FP_LUT;
-        
+
    /* get the k value */
    if ((mp_unsigned_bin_size(&tka) > (int)(KB_SIZE - 2)) ||
        (mp_unsigned_bin_size(&tkb) > (int)(KB_SIZE - 2))  ) {
@@ -3957,7 +4316,7 @@ static int accel_fp_mul2add(int idx1, int idx2,
       mp_clear(&tkb);
       return BUFFER_E;
    }
-   
+
    /* store k */
 #ifdef WOLFSSL_SMALL_STACK
    kb[0] = (unsigned char*)XMALLOC(KB_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -3972,7 +4331,7 @@ static int accel_fp_mul2add(int idx1, int idx2,
       XFREE(kb[0], NULL, DYNAMIC_TYPE_TMP_BUFFER);
       return err;
    }
-   
+
    /* let's reverse kb so it's little endian */
    x = 0;
    y = mp_unsigned_bin_size(&tka) - 1;
@@ -3980,8 +4339,8 @@ static int accel_fp_mul2add(int idx1, int idx2,
    while ((unsigned)x < y) {
       z = kb[0][x]; kb[0][x] = kb[0][y]; kb[0][y] = z;
       ++x; --y;
-   }      
-   
+   }
+
    /* store b */
 #ifdef WOLFSSL_SMALL_STACK
    kb[1] = (unsigned char*)XMALLOC(KB_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -4089,9 +4448,9 @@ static int accel_fp_mul2add(int idx1, int idx2,
   B        Second point to multiply
   kB       What to multiple B by
   C        [out] Destination point (can overlap with A or B)
-  modulus  Modulus for curve 
+  modulus  Modulus for curve
   return MP_OKAY on success
-*/ 
+*/
 int ecc_mul2add(ecc_point* A, mp_int* kA,
                 ecc_point* B, mp_int* kB,
                 ecc_point* C, mp_int* modulus)
@@ -4099,7 +4458,7 @@ int ecc_mul2add(ecc_point* A, mp_int* kA,
    int  idx1 = -1, idx2 = -1, err = MP_OKAY, mpInit = 0;
    mp_digit mp;
    mp_int   mu;
-  
+
    err = mp_init(&mu);
    if (err != MP_OKAY)
        return err;
@@ -4156,7 +4515,7 @@ int ecc_mul2add(ecc_point* A, mp_int* kA,
              mpInit = 1;
              err = mp_montgomery_calc_normalization(&mu, modulus);
            }
-                 
+
            if (err == MP_OKAY)
              /* build the LUT */
                err = build_lut(idx1, modulus, &mp, &mu);
@@ -4174,8 +4533,8 @@ int ecc_mul2add(ecc_point* A, mp_int* kA,
                     err = mp_montgomery_calc_normalization(&mu, modulus);
                 }
             }
-                 
-            if (err == MP_OKAY) 
+
+            if (err == MP_OKAY)
             /* build the LUT */
               err = build_lut(idx2, modulus, &mp, &mu);
         }
@@ -4203,7 +4562,7 @@ int ecc_mul2add(ecc_point* A, mp_int* kA,
 
     return err;
 }
-#endif
+#endif /* ECC_SHAMIR */
 
 /** ECC Fixed Point mulmod global
     k        The multiplicand
@@ -4213,7 +4572,7 @@ int ecc_mul2add(ecc_point* A, mp_int* kA,
     map      [boolean] If non-zero maps the point back to affine co-ordinates,
              otherwise it's left in jacobian-montgomery form
     return MP_OKAY if successful
-*/   
+*/
 int ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R, mp_int* modulus,
                int map)
 {
@@ -4224,13 +4583,13 @@ int ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R, mp_int* modulus,
 
    if (mp_init(&mu) != MP_OKAY)
        return MP_INIT_E;
-   
+
 #ifndef HAVE_THREAD_LS
    if (initMutex == 0) {
         InitMutex(&ecc_fp_lock);
         initMutex = 1;
    }
-   
+
    if (LockMutex(&ecc_fp_lock) != 0)
       return BAD_MUTEX_E;
 #endif /* HAVE_THREAD_LS */
@@ -4252,7 +4611,7 @@ int ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R, mp_int* modulus,
       }
 
 
-      if (err == MP_OKAY) { 
+      if (err == MP_OKAY) {
         /* if it's 2 build the LUT, if it's higher just use the LUT */
         if (idx >= 0 && fp_cache[idx].lru_count == 2) {
            /* compute mp */
@@ -4263,14 +4622,14 @@ int ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R, mp_int* modulus,
              mpSetup = 1;
              err = mp_montgomery_calc_normalization(&mu, modulus);
            }
-                 
-           if (err == MP_OKAY) 
+
+           if (err == MP_OKAY)
              /* build the LUT */
              err = build_lut(idx, modulus, &mp, &mu);
         }
       }
 
-      if (err == MP_OKAY) { 
+      if (err == MP_OKAY) {
         if (idx >= 0 && fp_cache[idx].lru_count >= 2) {
            if (mpSetup == 0) {
               /* compute mp */
@@ -4307,9 +4666,9 @@ static void wc_ecc_fp_free_cache(void)
          mp_clear(&fp_cache[x].mu);
          fp_cache[x].lru_count = 0;
          fp_cache[x].lock = 0;
-      }         
+      }
    }
-}         
+}
 
 /** Free the Fixed Point cache */
 void wc_ecc_fp_free(void)
@@ -4319,7 +4678,7 @@ void wc_ecc_fp_free(void)
         InitMutex(&ecc_fp_lock);
         initMutex = 1;
    }
-   
+
    if (LockMutex(&ecc_fp_lock) == 0) {
 #endif /* HAVE_THREAD_LS */
 
@@ -4340,21 +4699,21 @@ void wc_ecc_fp_free(void)
 
 
 enum ecCliState {
-    ecCLI_INIT      = 1,    
-    ecCLI_SALT_GET  = 2,    
-    ecCLI_SALT_SET  = 3,    
-    ecCLI_SENT_REQ  = 4,    
-    ecCLI_RECV_RESP = 5,    
-    ecCLI_BAD_STATE = 99    
+    ecCLI_INIT      = 1,
+    ecCLI_SALT_GET  = 2,
+    ecCLI_SALT_SET  = 3,
+    ecCLI_SENT_REQ  = 4,
+    ecCLI_RECV_RESP = 5,
+    ecCLI_BAD_STATE = 99
 };
 
 enum ecSrvState {
-    ecSRV_INIT      = 1,    
-    ecSRV_SALT_GET  = 2,    
-    ecSRV_SALT_SET  = 3,    
-    ecSRV_RECV_REQ  = 4,    
-    ecSRV_SENT_RESP = 5,    
-    ecSRV_BAD_STATE = 99    
+    ecSRV_INIT      = 1,
+    ecSRV_SALT_GET  = 2,
+    ecSRV_SALT_SET  = 3,
+    ecSRV_RECV_REQ  = 4,
+    ecSRV_SENT_RESP = 5,
+    ecSRV_BAD_STATE = 99
 };
 
 
@@ -4474,7 +4833,7 @@ static int ecc_ctx_set_salt(ecEncCtx* ctx, int flags, RNG* rng)
 {
     byte* saltBuffer = NULL;
 
-    if (ctx == NULL || rng == NULL || flags == 0) 
+    if (ctx == NULL || rng == NULL || flags == 0)
         return BAD_FUNC_ARG;
 
     saltBuffer = (flags == REQ_RESP_CLIENT) ? ctx->clientSalt : ctx->serverSalt;
@@ -4573,7 +4932,7 @@ static int ecc_get_key_sizes(ecEncCtx* ctx, int* encKeySz, int* ivSz,
 
 /* ecc encrypt with shared secret run through kdf
    ctx holds non default algos and inputs
-   msgSz should be the right size for encAlgo, i.e., already padded 
+   msgSz should be the right size for encAlgo, i.e., already padded
    return 0 on success */
 int wc_ecc_encrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg,
                 word32 msgSz, byte* out, word32* outSz, ecEncCtx* ctx)
@@ -4604,9 +4963,9 @@ int wc_ecc_encrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg,
 
     if (ctx == NULL) {  /* use defaults */
         ecc_ctx_init(&localCtx, 0);
-        ctx = &localCtx;  
+        ctx = &localCtx;
     }
-        
+
     ret = ecc_get_key_sizes(ctx, &encKeySz, &ivSz, &keysLen, &digestSz,
                             &blockSz);
     if (ret != 0)
@@ -4627,10 +4986,10 @@ int wc_ecc_encrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg,
 
         ctx->cliSt = ecCLI_SENT_REQ; /* only do this once */
     }
-        
+
     if (keysLen > ECC_BUFSIZE) /* keys size */
         return BUFFER_E;
-        
+
     if ( (msgSz%blockSz) != 0)
         return BAD_PADDING_E;
 
@@ -4756,14 +5115,14 @@ int wc_ecc_decrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg,
 
     if (ctx == NULL) {  /* use defaults */
         ecc_ctx_init(&localCtx, 0);
-        ctx = &localCtx;  
+        ctx = &localCtx;
     }
-        
+
     ret = ecc_get_key_sizes(ctx, &encKeySz, &ivSz, &keysLen, &digestSz,
                             &blockSz);
     if (ret != 0)
         return ret;
-        
+
     if (ctx->protocol == REQ_RESP_CLIENT) {
         offset = keysLen;
         keysLen *= 2;
@@ -4779,10 +5138,10 @@ int wc_ecc_decrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg,
 
         ctx->srvSt = ecSRV_RECV_REQ; /* only do this once */
     }
-        
+
     if (keysLen > ECC_BUFSIZE) /* keys size */
         return BUFFER_E;
-        
+
     if ( ((msgSz-digestSz) % blockSz) != 0)
         return BAD_PADDING_E;
 
diff --git a/wolfcrypt/src/integer.c b/wolfcrypt/src/integer.c
index b3ce4203e..bb5877305 100644
--- a/wolfcrypt/src/integer.c
+++ b/wolfcrypt/src/integer.c
@@ -45,7 +45,23 @@
     #endif
 #endif
 
-static void bn_reverse (unsigned char *s, int len);
+/* reverse an array, used for radix code */
+static void
+bn_reverse (unsigned char *s, int len)
+{
+	int     ix, iy;
+	unsigned char t;
+
+	ix = 0;
+	iy = len - 1;
+	while (ix < iy) {
+		t     = s[ix];
+		s[ix] = s[iy];
+		s[iy] = t;
+		++ix;
+		--iy;
+	}
+}
 
 /* math settings check */
 word32 CheckRunTimeSettings(void)
@@ -327,25 +343,6 @@ int mp_grow (mp_int * a, int size)
 }
 
 
-/* reverse an array, used for radix code */
-void
-bn_reverse (unsigned char *s, int len)
-{
-  int     ix, iy;
-  unsigned char t;
-
-  ix = 0;
-  iy = len - 1;
-  while (ix < iy) {
-    t     = s[ix];
-    s[ix] = s[iy];
-    s[iy] = t;
-    ++ix;
-    --iy;
-  }
-}
-
-
 /* shift right by a certain bit count (store quotient in c, optional
    remainder in d) */
 int mp_div_2d (mp_int * a, int b, mp_int * c, mp_int * d)
@@ -1251,6 +1248,14 @@ void mp_set (mp_int * a, mp_digit b)
   a->used  = (a->dp[0] != 0) ? 1 : 0;
 }
 
+/* chek if a bit is set */
+int mp_is_bit_set (mp_int *a, mp_digit b)
+{
+	if ((mp_digit)a->used < b/DIGIT_BIT)
+		return 0;
+
+	return (int)((a->dp[b/DIGIT_BIT] >> b%DIGIT_BIT) & (mp_digit)1);
+}
 
 /* c = a mod b, 0 <= c < b */
 int
@@ -2514,6 +2519,25 @@ mp_2expt (mp_int * a, int b)
   return MP_OKAY;
 }
 
+/* set the b bit of a */
+int
+mp_set_bit (mp_int * a, int b)
+{
+	int i = b / DIGIT_BIT, res;
+
+	/* grow a to accomodate the single bit */
+	if ((res = mp_grow (a, i + 1)) != MP_OKAY) {
+		return res;
+	}
+
+	/* set the used count of where the bit will go */
+	a->used = i + 1;
+
+	/* put the single bit in its place */
+	a->dp[i] |= ((mp_digit)1) << (b % DIGIT_BIT);
+
+	return MP_OKAY;
+}
 
 /* multiply by a digit */
 int
@@ -3961,7 +3985,7 @@ int mp_sub_d (mp_int * a, mp_digit b, mp_int * c)
 #endif /* defined(HAVE_ECC) || !defined(NO_PWDBASED) */
 
 
-#if defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY)
+#if defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) || defined(HAVE_ECC)
 
 static const int lnz[16] = {
    4, 0, 1, 0, 2, 0, 1, 0, 3, 0, 1, 0, 2, 0, 1, 0
@@ -4096,7 +4120,7 @@ int mp_mod_d (mp_int * a, mp_digit b, mp_digit * c)
   return mp_div_d(a, b, NULL, c);
 }
 
-#endif /* defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) */
+#endif /* defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) || defined(HAVE_ECC) */
 
 #ifdef WOLFSSL_KEY_GEN
 
@@ -4514,6 +4538,115 @@ int mp_read_radix (mp_int * a, const char *str, int radix)
   return MP_OKAY;
 }
 
+/* returns size of ASCII representation */
+int mp_radix_size (mp_int *a, int radix, int *size)
+{
+	int     res, digs;
+	mp_int  t;
+	mp_digit d;
+
+	*size = 0;
+
+	/* special case for binary */
+	if (radix == 2) {
+		*size = mp_count_bits (a) + (a->sign == MP_NEG ? 1 : 0) + 1;
+		return MP_OKAY;
+	}
+
+	/* make sure the radix is in range */
+	if (radix < 2 || radix > 64) {
+		return MP_VAL;
+	}
+
+	if (mp_iszero(a) == MP_YES) {
+		*size = 2;
+		return MP_OKAY;
+	}
+
+	/* digs is the digit count */
+	digs = 0;
+
+	/* if it's negative add one for the sign */
+	if (a->sign == MP_NEG) {
+		++digs;
+	}
+
+	/* init a copy of the input */
+	if ((res = mp_init_copy (&t, a)) != MP_OKAY) {
+		return res;
+	}
+
+	/* force temp to positive */
+	t.sign = MP_ZPOS;
+
+	/* fetch out all of the digits */
+	while (mp_iszero (&t) == MP_NO) {
+		if ((res = mp_div_d (&t, (mp_digit) radix, &t, &d)) != MP_OKAY) {
+			mp_clear (&t);
+			return res;
+		}
+		++digs;
+	}
+	mp_clear (&t);
+
+	/* return digs + 1, the 1 is for the NULL byte that would be required. */
+	*size = digs + 1;
+	return MP_OKAY;
+}
+
+/* stores a bignum as a ASCII string in a given radix (2..64) */
+int mp_toradix (mp_int *a, char *str, int radix)
+{
+	int     res, digs;
+	mp_int  t;
+	mp_digit d;
+	char   *_s = str;
+
+	/* check range of the radix */
+	if (radix < 2 || radix > 64) {
+		return MP_VAL;
+	}
+
+	/* quick out if its zero */
+	if (mp_iszero(a) == 1) {
+		*str++ = '0';
+		*str = '\0';
+		return MP_OKAY;
+	}
+
+	if ((res = mp_init_copy (&t, a)) != MP_OKAY) {
+		return res;
+	}
+
+	/* if it is negative output a - */
+	if (t.sign == MP_NEG) {
+		++_s;
+		*str++ = '-';
+		t.sign = MP_ZPOS;
+	}
+
+	digs = 0;
+	while (mp_iszero (&t) == 0) {
+		if ((res = mp_div_d (&t, (mp_digit) radix, &t, &d)) != MP_OKAY) {
+			mp_clear (&t);
+			return res;
+		}
+		*str++ = mp_s_rmap[d];
+		++digs;
+	}
+
+	/* reverse the digits of the string.  In this case _s points
+	 * to the first digit [exluding the sign] of the number]
+	 */
+	bn_reverse ((unsigned char *)_s, digs);
+
+	/* append a NULL so the string is properly terminated */
+	*str = '\0';
+
+	mp_clear (&t);
+	return MP_OKAY;
+}
+
 #endif /* HAVE_ECC */
 
 #endif /* USE_FAST_MATH */
diff --git a/wolfcrypt/src/tfm.c b/wolfcrypt/src/tfm.c
index 2c1e86c31..423fbabfb 100755
--- a/wolfcrypt/src/tfm.c
+++ b/wolfcrypt/src/tfm.c
@@ -97,7 +97,7 @@ void s_fp_add(fp_int *a, fp_int *b, fp_int *c)
   y       = MAX(a->used, b->used);
   oldused = MIN(c->used, FP_SIZE);   /* help static analysis w/ largest size */
   c->used = y;
- 
+
   t = 0;
   for (x = 0; x < y; x++) {
       t         += ((fp_word)a->dp[x]) + ((fp_word)b->dp[x]);
@@ -192,9 +192,9 @@ void fp_mul(fp_int *A, fp_int *B, fp_int *C)
     }
 
     /* pick a comba (unrolled 4/8/16/32 x or rolled) based on the size
-       of the largest input.  We also want to avoid doing excess mults if the 
+       of the largest input.  We also want to avoid doing excess mults if the
        inputs are not close to the next power of two.  That is, for example,
-       if say y=17 then we would do (32-17)^2 = 225 unneeded multiplications 
+       if say y=17 then we would do (32-17)^2 = 225 unneeded multiplications
     */
 
 #ifdef TFM_MUL3
@@ -251,7 +251,7 @@ void fp_mul(fp_int *A, fp_int *B, fp_int *C)
            fp_mul_comba_small(A,B,C);
            return;
         }
-#endif        
+#endif
 #if defined(TFM_MUL20)
         if (y <= 20) {
            fp_mul_comba20(A,B,C);
@@ -281,7 +281,7 @@ void fp_mul(fp_int *A, fp_int *B, fp_int *C)
            fp_mul_comba48(A,B,C);
            return;
         }
-#endif        
+#endif
 #if defined(TFM_MUL64)
         if (yy >= 56 && y <= 64) {
            fp_mul_comba64(A,B,C);
@@ -294,7 +294,7 @@ void fp_mul(fp_int *A, fp_int *B, fp_int *C)
 void fp_mul_2(fp_int * a, fp_int * b)
 {
   int     x, oldused;
-   
+
   oldused = b->used;
   b->used = a->used;
 
@@ -303,24 +303,24 @@ void fp_mul_2(fp_int * a, fp_int * b)
 
     /* alias for source */
     tmpa = a->dp;
-    
+
     /* alias for dest */
     tmpb = b->dp;
 
     /* carry */
     r = 0;
     for (x = 0; x < a->used; x++) {
-    
-      /* get what will be the *next* carry bit from the 
-       * MSB of the current digit 
+
+      /* get what will be the *next* carry bit from the
+       * MSB of the current digit
        */
       rr = *tmpa >> ((fp_digit)(DIGIT_BIT - 1));
-      
+
       /* now shift up this digit, add in the carry [from the previous] */
       *tmpb++ = ((*tmpa++ << ((fp_digit)1)) | r);
-      
-      /* copy the carry that would be from the source 
-       * digit into the next iteration 
+
+      /* copy the carry that would be from the source
+       * digit into the next iteration
        */
       r = rr;
     }
@@ -332,8 +332,8 @@ void fp_mul_2(fp_int * a, fp_int * b)
       ++(b->used);
     }
 
-    /* now zero any excess digits on the destination 
-     * that we didn't write to 
+    /* now zero any excess digits on the destination
+     * that we didn't write to
      */
     tmpb = b->dp + b->used;
     for (x = b->used; x < oldused; x++) {
@@ -385,7 +385,7 @@ void fp_mul_2d(fp_int *a, int b, fp_int *c)
 
    /* shift the digits */
    if (b != 0) {
-      carry = 0;   
+      carry = 0;
       shift = DIGIT_BIT - b;
       for (x = 0; x < c->used; x++) {
           carrytmp = c->dp[x] >> shift;
@@ -405,7 +405,7 @@ void fp_mul_2d(fp_int *a, int b, fp_int *c)
 
 INLINE static void fp_mul_comba_mulx(fp_int *A, fp_int *B, fp_int *C)
 
-{     
+{
    int       ix, iy, iz, pa;
    fp_int    tmp, *dst;
 
@@ -414,7 +414,7 @@ INLINE static void fp_mul_comba_mulx(fp_int *A, fp_int *B, fp_int *C)
    if (pa >= FP_SIZE) {
       pa = FP_SIZE-1;
    }
- 
+
    if (A == C || B == C) {
       fp_init(&tmp);
       dst = &tmp;
@@ -428,7 +428,7 @@ INLINE static void fp_mul_comba_mulx(fp_int *A, fp_int *B, fp_int *C)
   dst->used = pa;
   dst->sign = A->sign ^ B->sign;
   fp_clamp(dst);
-  fp_copy(dst, C);  
+  fp_copy(dst, C);
 }
 #endif
 
@@ -442,7 +442,7 @@ void fp_mul_comba(fp_int *A, fp_int *B, fp_int *C)
 
    COMBA_START;
    COMBA_CLEAR;
-   
+
    /* get size of output and trim */
    pa = A->used + B->used;
    if (pa >= FP_SIZE) {
@@ -466,7 +466,7 @@ void fp_mul_comba(fp_int *A, fp_int *B, fp_int *C)
       tmpx = A->dp + tx;
       tmpy = B->dp + ty;
 
-      /* this is the number of times the loop will iterrate, essentially its 
+      /* this is the number of times the loop will iterrate, essentially its
          while (tx++ < a->used && ty-- >= 0) { ... }
        */
       iy = MIN(A->used-tx, ty+1);
@@ -504,7 +504,7 @@ int fp_div(fp_int *a, fp_int *b, fp_int *c, fp_int *d)
   if (fp_cmp_mag (a, b) == FP_LT) {
     if (d != NULL) {
       fp_copy (a, d);
-    } 
+    }
     if (c != NULL) {
       fp_zero (c);
     }
@@ -554,7 +554,7 @@ int fp_div(fp_int *a, fp_int *b, fp_int *c, fp_int *d)
       continue;
     }
 
-    /* step 3.1 if xi == yt then set q{i-t-1} to b-1, 
+    /* step 3.1 if xi == yt then set q{i-t-1} to b-1,
      * otherwise set q{i-t-1} to (xi*b + x{i-1})/yt */
     if (x.dp[i] == y.dp[t]) {
       q.dp[i - t - 1] = (fp_digit) ((((fp_word)1) << DIGIT_BIT) - 1);
@@ -566,10 +566,10 @@ int fp_div(fp_int *a, fp_int *b, fp_int *c, fp_int *d)
       q.dp[i - t - 1] = (fp_digit) (tmp);
     }
 
-    /* while (q{i-t-1} * (yt * b + y{t-1})) > 
-             xi * b**2 + xi-1 * b + xi-2 
-     
-       do q{i-t-1} -= 1; 
+    /* while (q{i-t-1} * (yt * b + y{t-1})) >
+             xi * b**2 + xi-1 * b + xi-2
+
+       do q{i-t-1} -= 1;
     */
     q.dp[i - t - 1] = (q.dp[i - t - 1] + 1);
     do {
@@ -603,10 +603,10 @@ int fp_div(fp_int *a, fp_int *b, fp_int *c, fp_int *d)
     }
   }
 
-  /* now q is the quotient and x is the remainder 
-   * [which we have to normalize] 
+  /* now q is the quotient and x is the remainder
+   * [which we have to normalize]
    */
-  
+
   /* get sign before writing to c */
   x.sign = x.used == 0 ? FP_ZPOS : a->sign;
 
@@ -619,7 +619,7 @@ int fp_div(fp_int *a, fp_int *b, fp_int *c, fp_int *d)
   if (d != NULL) {
     fp_div_2d (&x, norm, &x, NULL);
 
-/* the following is a kludge, essentially we were seeing the right remainder but 
+/* the following is a kludge, essentially we were seeing the right remainder but
    with excess digits that should have been zero
  */
     for (i = b->used; i < x.used; i++) {
@@ -743,7 +743,7 @@ void fp_mod_2d(fp_int *a, int b, fp_int *c)
 
    /* get copy of input */
    fp_copy(a, c);
- 
+
    /* if 2**d is larger than we just return */
    if (b >= (DIGIT_BIT * a->used)) {
       return;
@@ -852,12 +852,12 @@ top:
   while (fp_cmp_d(&C, 0) == FP_LT) {
       fp_add(&C, b, &C);
   }
-  
+
   /* too big */
   while (fp_cmp_mag(&C, b) != FP_LT) {
       fp_sub(&C, b, &C);
   }
-  
+
   /* C is now the inverse */
   fp_copy(&C, c);
   return FP_OKAY;
@@ -965,7 +965,7 @@ int fp_mulmod(fp_int *a, fp_int *b, fp_int *c, fp_int *d)
 
 #ifdef TFM_TIMING_RESISTANT
 
-/* timing resistant montgomery ladder based exptmod 
+/* timing resistant montgomery ladder based exptmod
 
    Based on work by Marc Joye, Sung-Ming Yen, "The Montgomery Powering Ladder", Cryptographic Hardware and Embedded Systems, CHES 2002
 */
@@ -980,9 +980,9 @@ static int _fp_exptmod(fp_int * G, fp_int * X, fp_int * P, fp_int * Y)
      return err;
   }
 
-  fp_init(&R[0]);   
-  fp_init(&R[1]);   
-   
+  fp_init(&R[0]);
+  fp_init(&R[1]);
+
   /* now we need R mod m */
   fp_montgomery_calc_normalization (&R[0], P);
 
@@ -998,7 +998,7 @@ static int _fp_exptmod(fp_int * G, fp_int * X, fp_int * P, fp_int * Y)
   /* for j = t-1 downto 0 do
         r_!k = R0*R1; r_k = r_k^2
   */
-  
+
   /* set initial mode and bit cnt */
   bitcnt = 1;
   buf    = 0;
@@ -1028,11 +1028,11 @@ static int _fp_exptmod(fp_int * G, fp_int * X, fp_int * P, fp_int * Y)
    fp_montgomery_reduce(&R[0], P, mp);
    fp_copy(&R[0], Y);
    return FP_OKAY;
-}   
+}
 
 #else
 
-/* y = g**x (mod b) 
+/* y = g**x (mod b)
  * Some restrictions... x must be positive and < b
  */
 static int _fp_exptmod(fp_int * G, fp_int * X, fp_int * P, fp_int * Y)
@@ -1053,10 +1053,10 @@ static int _fp_exptmod(fp_int * G, fp_int * X, fp_int * P, fp_int * Y)
     winsize = 5;
   } else {
     winsize = 6;
-  } 
+  }
 
   /* init M array */
-  XMEMSET(M, 0, sizeof(M)); 
+  XMEMSET(M, 0, sizeof(M));
 
   /* now setup montgomery  */
   if ((err = fp_montgomery_setup (P, &mp)) != FP_OKAY) {
@@ -1218,7 +1218,7 @@ int fp_exptmod(fp_int * G, fp_int * X, fp_int * P, fp_int * Y)
       return err;
 #else
       return FP_VAL;
-#endif 
+#endif
    }
    else {
       /* Positive exponent so just exptmod */
@@ -1234,13 +1234,13 @@ void fp_2expt(fp_int *a, int b)
    /* zero a as per default */
    fp_zero (a);
 
-   if (b < 0) { 
+   if (b < 0) {
       return;
    }
 
    z = b / DIGIT_BIT;
    if (z >= FP_SIZE) {
-      return; 
+      return;
    }
 
   /* set the used count of where the bit will go */
@@ -1362,7 +1362,7 @@ void fp_sqr_comba(fp_int *A, fp_int *B)
   fp_int    tmp, *dst;
 #ifdef TFM_ISO
   fp_word   tt;
-#endif    
+#endif
 
   /* get size of output and trim */
   pa = A->used + A->used;
@@ -1382,7 +1382,7 @@ void fp_sqr_comba(fp_int *A, fp_int *B)
      dst = B;
   }
 
-  for (ix = 0; ix < pa; ix++) { 
+  for (ix = 0; ix < pa; ix++) {
       int      tx, ty, iy;
       fp_digit *tmpy, *tmpx;
 
@@ -1399,9 +1399,9 @@ void fp_sqr_comba(fp_int *A, fp_int *B)
        */
       iy = MIN(A->used-tx, ty+1);
 
-      /* now for squaring tx can never equal ty 
-       * we halve the distance since they approach 
-       * at a rate of 2x and we have to round because 
+      /* now for squaring tx can never equal ty
+       * we halve the distance since they approach
+       * at a rate of 2x and we have to round because
        * odd cases need to be executed
        */
       iy = MIN(iy, (ty-tx+1)>>1);
@@ -1562,14 +1562,14 @@ void fp_montgomery_calc_normalization(fp_int *a, fp_int *b)
 #endif
 
 #ifdef HAVE_INTEL_MULX
-static inline void innermul8_mulx(fp_digit *c_mulx, fp_digit *cy_mulx, fp_digit *tmpm, fp_digit mu) 
+static inline void innermul8_mulx(fp_digit *c_mulx, fp_digit *cy_mulx, fp_digit *tmpm, fp_digit mu)
 {
     fp_digit _c0, _c1, _c2, _c3, _c4, _c5, _c6, _c7, cy ;
 
     cy = *cy_mulx ;
-    _c0=c_mulx[0]; _c1=c_mulx[1]; _c2=c_mulx[2]; _c3=c_mulx[3]; _c4=c_mulx[4]; _c5=c_mulx[5]; _c6=c_mulx[6]; _c7=c_mulx[7];    
+    _c0=c_mulx[0]; _c1=c_mulx[1]; _c2=c_mulx[2]; _c3=c_mulx[3]; _c4=c_mulx[4]; _c5=c_mulx[5]; _c6=c_mulx[6]; _c7=c_mulx[7];
     INNERMUL8_MULX ;
-    c_mulx[0]=_c0; c_mulx[1]=_c1; c_mulx[2]=_c2; c_mulx[3]=_c3; c_mulx[4]=_c4; c_mulx[5]=_c5; c_mulx[6]=_c6; c_mulx[7]=_c7; 
+    c_mulx[0]=_c0; c_mulx[1]=_c1; c_mulx[2]=_c2; c_mulx[3]=_c3; c_mulx[4]=_c4; c_mulx[5]=_c5; c_mulx[6]=_c6; c_mulx[7]=_c7;
     *cy_mulx = cy ;
 }
 
@@ -1625,7 +1625,7 @@ static void fp_montgomery_reduce_mulx(fp_int *a, fp_int *m, fp_digit mp)
            PROPCARRY;
            ++_c;
        }
-  }         
+  }
 
   /* now copy out */
   _c   = c + pa;
@@ -1642,7 +1642,7 @@ static void fp_montgomery_reduce_mulx(fp_int *a, fp_int *m, fp_digit mp)
 
   a->used = pa+1;
   fp_clamp(a);
-  
+
   /* if A >= m then A = A - m */
   if (fp_cmp_mag (a, m) != FP_LT) {
     s_fp_sub (a, m, a);
@@ -1706,7 +1706,7 @@ void fp_montgomery_reduce(fp_int *a, fp_int *m, fp_digit mp)
            PROPCARRY;
            ++_c;
        }
-  }         
+  }
 
   /* now copy out */
   _c   = c + pa;
@@ -1723,7 +1723,7 @@ void fp_montgomery_reduce(fp_int *a, fp_int *m, fp_digit mp)
 
   a->used = pa+1;
   fp_clamp(a);
-  
+
   /* if A >= m then A = A - m */
   if (fp_cmp_mag (a, m) != FP_LT) {
     s_fp_sub (a, m, a);
@@ -1810,6 +1810,15 @@ void fp_set(fp_int *a, fp_digit b)
    a->used  = a->dp[0] ? 1 : 0;
 }
 
+/* chek if a bit is set */
+int fp_is_bit_set (fp_int *a, fp_digit b)
+{
+	if ((fp_digit)a->used < b/DIGIT_BIT)
+		return 0;
+
+	return (int)((a->dp[b/DIGIT_BIT] >> b%DIGIT_BIT) & (fp_digit)1);
+}
+
 int fp_count_bits (fp_int * a)
 {
   int     r;
@@ -1865,7 +1874,7 @@ void fp_lshd(fp_int *a, int x)
    for (; y >= x; y--) {
        a->dp[y] = a->dp[y-x];
    }
- 
+
    /* zero lower digits */
    for (; y >= 0; y--) {
        a->dp[y] = 0;
@@ -1927,7 +1936,7 @@ void fp_rshd(fp_int *a, int x)
    for (; y < a->used; y++) {
       a->dp[y] = 0;
    }
-   
+
    /* decrement count */
    a->used -= x;
    fp_clamp(a);
@@ -2100,6 +2109,11 @@ int mp_sub_d(fp_int *a, fp_digit b, fp_int *c)
     return MP_OKAY;
 }
 
+int mp_mul_2d(fp_int *a, int b, fp_int *c)
+{
+	fp_mul_2d(a, b, c);
+	return MP_OKAY;
+}
 
 #ifdef ALT_ECC_SIZE
 void fp_copy(fp_int *a, fp_int* b)
@@ -2169,6 +2183,10 @@ int mp_set_int(fp_int *a, fp_digit b)
     return MP_OKAY;
 }
 
+int mp_is_bit_set (fp_int *a, fp_digit b)
+{
+	return fp_is_bit_set(a, b);
+}
 
 #if defined(WOLFSSL_KEY_GEN) || defined (HAVE_ECC)
 
@@ -2288,13 +2306,13 @@ static int fp_div_d(fp_int *a, fp_digit b, fp_int *c, fp_digit *d)
 
   /* no easy answer [c'est la vie].  Just division */
   fp_init(&q);
-  
+
   q.used = a->used;
   q.sign = a->sign;
   w = 0;
   for (ix = a->used - 1; ix >= 0; ix--) {
      w = (w << ((fp_word)DIGIT_BIT)) | ((fp_word)a->dp[ix]);
-     
+
      if (w >= b) {
         t = (fp_digit)(w / b);
         w -= ((fp_word)t) * ((fp_word)b);
@@ -2303,16 +2321,16 @@ static int fp_div_d(fp_int *a, fp_digit b, fp_int *c, fp_digit *d)
       }
       q.dp[ix] = (fp_digit)t;
   }
-  
+
   if (d != NULL) {
      *d = (fp_digit)w;
   }
-  
+
   if (c != NULL) {
      fp_clamp(&q);
      fp_copy(&q, c);
   }
- 
+
   return FP_OKAY;
 }
 
@@ -2357,11 +2375,11 @@ int mp_prime_is_prime(mp_int* a, int t, int* result)
     return MP_OKAY;
 }
 
-/* Miller-Rabin test of "a" to the base of "b" as described in 
+/* Miller-Rabin test of "a" to the base of "b" as described in
  * HAC pp. 139 Algorithm 4.24
  *
  * Sets result to 0 if definitely composite or 1 if probably prime.
- * Randomly the chance of error is no more than 1/4 and often 
+ * Randomly the chance of error is no more than 1/4 and often
  * very much lower.
  */
 static void fp_prime_miller_rabin (fp_int * a, fp_int * b, int *result)
@@ -2375,7 +2393,7 @@ static void fp_prime_miller_rabin (fp_int * a, fp_int * b, int *result)
   /* ensure b > 1 */
   if (fp_cmp_d(b, 1) != FP_GT) {
      return;
-  }     
+  }
 
   /* get n1 = a - 1 */
   fp_init_copy(&n1, a);
@@ -2501,7 +2519,7 @@ void fp_lcm(fp_int *a, fp_int *b, fp_int *c)
    } else {
       fp_div(b, &t1, &t2, NULL);
       fp_mul(a, &t2, c);
-   }   
+   }
 }
 
 
@@ -2537,7 +2555,7 @@ void fp_gcd(fp_int *a, fp_int *b, fp_int *c)
       fp_init_copy(&u, b);
       fp_init_copy(&v, a);
    }
- 
+
    fp_init(&r);
    while (fp_iszero(&v) == FP_NO) {
       fp_mod(&u, &v, &r);
@@ -2649,7 +2667,7 @@ int mp_sqr(fp_int *A, fp_int *B)
     fp_sqr(A, B);
     return MP_OKAY;
 }
-  
+
 /* fast math conversion */
 int mp_montgomery_reduce(fp_int *a, fp_int *m, fp_digit mp)
 {
@@ -2677,6 +2695,11 @@ int mp_init_copy(fp_int * a, fp_int * b)
     return MP_OKAY;
 }
 
+int mp_div_2d(fp_int* a, int b, fp_int* c, fp_int* d)
+{
+    fp_div_2d(a, b, c, d);
+    return MP_OKAY;
+}
 
 #ifdef HAVE_COMP_KEY
 
@@ -2686,15 +2709,119 @@ int mp_cnt_lsb(fp_int* a)
     return MP_OKAY;
 }
 
-int mp_div_2d(fp_int* a, int b, fp_int* c, fp_int* d)
-{
-    fp_div_2d(a, b, c, d);
-    return MP_OKAY;
-}
-
 #endif /* HAVE_COMP_KEY */
 
 
+#if defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY)
+
+/* returns size of ASCII reprensentation */
+int mp_radix_size (mp_int *a, int radix, int *size)
+{
+	int     res, digs;
+	fp_int  t;
+	fp_digit d;
+
+	*size = 0;
+
+	/* special case for binary */
+	if (radix == 2) {
+		*size = fp_count_bits (a) + (a->sign == FP_NEG ? 1 : 0) + 1;
+		return FP_YES;
+	}
+
+	/* make sure the radix is in range */
+	if (radix < 2 || radix > 64) {
+		return FP_VAL;
+	}
+
+	if (fp_iszero(a) == MP_YES) {
+		*size = 2;
+		return FP_YES;
+	}
+
+	/* digs is the digit count */
+	digs = 0;
+
+	/* if it's negative add one for the sign */
+	if (a->sign == FP_NEG) {
+		++digs;
+	}
+
+	/* init a copy of the input */
+	fp_init_copy (&t, a);
+
+	/* force temp to positive */
+	t.sign = FP_ZPOS;
+
+	/* fetch out all of the digits */
+	while (fp_iszero (&t) == FP_NO) {
+		if ((res = fp_div_d (&t, (mp_digit) radix, &t, &d)) != FP_OKAY) {
+			fp_zero (&t);
+			return res;
+		}
+		++digs;
+	}
+	fp_zero (&t);
+
+	/* return digs + 1, the 1 is for the NULL byte that would be required. */
+	*size = digs + 1;
+	return FP_OKAY;
+}
+
+/* stores a bignum as a ASCII string in a given radix (2..64) */
+int mp_toradix (mp_int *a, char *str, int radix)
+{
+	int     res, digs;
+	fp_int  t;
+	fp_digit d;
+	char   *_s = str;
+
+	/* check range of the radix */
+	if (radix < 2 || radix > 64) {
+		return FP_VAL;
+	}
+
+	/* quick out if its zero */
+	if (fp_iszero(a) == 1) {
+		*str++ = '0';
+		*str = '\0';
+		return FP_YES;
+	}
+
+	/* init a copy of the input */
+	fp_init_copy (&t, a);
+
+	/* if it is negative output a - */
+	if (t.sign == FP_NEG) {
+		++_s;
+		*str++ = '-';
+		t.sign = FP_ZPOS;
+	}
+
+	digs = 0;
+	while (fp_iszero (&t) == 0) {
+		if ((res = fp_div_d (&t, (fp_digit) radix, &t, &d)) != FP_OKAY) {
+			fp_zero (&t);
+			return res;
+		}
+		*str++ = fp_s_rmap[d];
+		++digs;
+	}
+
+	/* reverse the digits of the string.  In this case _s points
+	 * to the first digit [exluding the sign] of the number]
+	 */
+	fp_reverse ((unsigned char *)_s, digs);
+
+	/* append a NULL so the string is properly terminated */
+	*str = '\0';
+
+	fp_zero (&t);
+	return FP_OKAY;
+}
+
+#endif /* defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) */
+
 #endif /* HAVE_ECC */
 
 #endif /* USE_FAST_MATH */
diff --git a/wolfssl/openssl/bn.h b/wolfssl/openssl/bn.h
index 4d81eb1b3..efd937d76 100644
--- a/wolfssl/openssl/bn.h
+++ b/wolfssl/openssl/bn.h
@@ -5,6 +5,7 @@
 #define WOLFSSL_BN_H_
 
 #include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/integer.h>
 
 #ifdef __cplusplus
     extern "C" {
@@ -16,8 +17,10 @@ typedef struct WOLFSSL_BIGNUM {
 } WOLFSSL_BIGNUM;
 
 
-typedef struct WOLFSSL_BN_CTX WOLFSSL_BN_CTX;
+#define WOLFSSL_BN_ULONG mp_digit
 
+typedef struct WOLFSSL_BN_CTX WOLFSSL_BN_CTX;
+typedef struct WOLFSSL_BN_GENCB WOLFSSL_BN_GENCB;
 
 WOLFSSL_API WOLFSSL_BN_CTX* wolfSSL_BN_CTX_new(void);
 WOLFSSL_API void           wolfSSL_BN_CTX_init(WOLFSSL_BN_CTX*);
@@ -58,14 +61,28 @@ WOLFSSL_API int wolfSSL_BN_hex2bn(WOLFSSL_BIGNUM**, const char* str);
 WOLFSSL_API WOLFSSL_BIGNUM* wolfSSL_BN_dup(const WOLFSSL_BIGNUM*);
 WOLFSSL_API WOLFSSL_BIGNUM* wolfSSL_BN_copy(WOLFSSL_BIGNUM*, const WOLFSSL_BIGNUM*);
 
-WOLFSSL_API int wolfSSL_BN_set_word(WOLFSSL_BIGNUM*, unsigned long w);
-
 WOLFSSL_API int   wolfSSL_BN_dec2bn(WOLFSSL_BIGNUM**, const char* str);
 WOLFSSL_API char* wolfSSL_BN_bn2dec(const WOLFSSL_BIGNUM*);
 
+WOLFSSL_API int wolfSSL_BN_lshift(WOLFSSL_BIGNUM*, const WOLFSSL_BIGNUM*, int);
+WOLFSSL_API int wolfSSL_BN_add_word(WOLFSSL_BIGNUM*, WOLFSSL_BN_ULONG);
+WOLFSSL_API int wolfSSL_BN_set_bit(WOLFSSL_BIGNUM*, int);
+WOLFSSL_API int wolfSSL_BN_set_word(WOLFSSL_BIGNUM*, WOLFSSL_BN_ULONG);
+
+
+/* 2/6 */
+WOLFSSL_API int wolfSSL_BN_add(WOLFSSL_BIGNUM*, WOLFSSL_BIGNUM*, WOLFSSL_BIGNUM*);
+WOLFSSL_API char *wolfSSL_BN_bn2hex(const WOLFSSL_BIGNUM*);
+WOLFSSL_API int wolfSSL_BN_is_prime_ex(const WOLFSSL_BIGNUM*, int, WOLFSSL_BN_CTX*, WOLFSSL_BN_GENCB*);
+WOLFSSL_API WOLFSSL_BN_ULONG wolfSSL_BN_mod_word(const WOLFSSL_BIGNUM*, WOLFSSL_BN_ULONG);
+WOLFSSL_API int wolfSSL_BN_print_fp(FILE*, const WOLFSSL_BIGNUM*);
+WOLFSSL_API int wolfSSL_BN_rshift(WOLFSSL_BIGNUM*, const WOLFSSL_BIGNUM*, int);
+WOLFSSL_API WOLFSSL_BIGNUM *wolfSSL_BN_CTX_get(WOLFSSL_BN_CTX *ctx);
+WOLFSSL_API void wolfSSL_BN_CTX_start(WOLFSSL_BN_CTX *ctx);
 
 typedef WOLFSSL_BIGNUM BIGNUM;
 typedef WOLFSSL_BN_CTX BN_CTX;
+typedef WOLFSSL_BN_GENCB BN_GENCB;
 
 #define BN_CTX_new        wolfSSL_BN_CTX_new
 #define BN_CTX_init       wolfSSL_BN_CTX_init
@@ -104,10 +121,25 @@ typedef WOLFSSL_BN_CTX BN_CTX;
 
 #define BN_dec2bn wolfSSL_BN_dec2bn
 #define BN_bn2dec wolfSSL_BN_bn2dec
+#define BN_bn2hex wolfSSL_BN_bn2hex
 
+#define BN_lshift wolfSSL_BN_lshift
+#define BN_add_word wolfSSL_BN_add_word
+#define BN_add wolfSSL_BN_add
+#define BN_set_word wolfSSL_BN_set_word
+#define BN_set_bit wolfSSL_BN_set_bit
+
+
+#define BN_is_prime_ex wolfSSL_BN_is_prime_ex
+#define BN_print_fp wolfSSL_BN_print_fp
+#define BN_rshift wolfSSL_BN_rshift
+#define BN_mod_word wolfSSL_BN_mod_word
+
+#define BN_CTX_get wolfSSL_BN_CTX_get
+#define BN_CTX_start wolfSSL_BN_CTX_start
 
 #ifdef __cplusplus
-    }  /* extern "C" */ 
+    }  /* extern "C" */
 #endif
 
 
diff --git a/wolfssl/openssl/dsa.h b/wolfssl/openssl/dsa.h
index 725567018..4cb7299a9 100644
--- a/wolfssl/openssl/dsa.h
+++ b/wolfssl/openssl/dsa.h
@@ -38,6 +38,8 @@ WOLFSSL_API int wolfSSL_DSA_generate_parameters_ex(WOLFSSL_DSA*, int bits,
 WOLFSSL_API int wolfSSL_DSA_LoadDer(WOLFSSL_DSA*, const unsigned char*, int sz);
 WOLFSSL_API int wolfSSL_DSA_do_sign(const unsigned char* d, unsigned char* sigRet,
                                   WOLFSSL_DSA* dsa);
+WOLFSSL_API int wolfSSL_DSA_do_verify(const unsigned char* d, unsigned char* sig,
+								WOLFSSL_DSA* dsa, int *dsacheck);
 
 #define DSA_new wolfSSL_DSA_new
 #define DSA_free wolfSSL_DSA_free
diff --git a/wolfssl/openssl/ec.h b/wolfssl/openssl/ec.h
index 5ffdaf6e5..af2d22e17 100644
--- a/wolfssl/openssl/ec.h
+++ b/wolfssl/openssl/ec.h
@@ -1,2 +1,123 @@
 /* ec.h for openssl */
 
+#ifndef WOLFSSL_EC_H_
+#define WOLFSSL_EC_H_
+
+#include <wolfssl/openssl/ssl.h>
+#include <wolfssl/openssl/bn.h>
+
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* Map OpenSSL NID value */
+enum {
+	POINT_CONVERSION_UNCOMPRESSED = 4,
+	NID_secp111r1 = 0,
+	NID_secp128r1 = 1,
+	NID_secp160r1 = 2,
+	NID_cert192 = 3,
+	NID_cert224 = 4,
+	NID_X9_62_prime256v1 = 5,
+	NID_secp384r1 = 6,
+	NID_secp521r1 = 7,
+	NID_X9_62_prime_field = 100,
+	OPENSSL_EC_NAMED_CURVE  = 0x001
+};
+
+struct WOLFSSL_EC_POINT {
+	WOLFSSL_BIGNUM *X;
+	WOLFSSL_BIGNUM *Y;
+	WOLFSSL_BIGNUM *Z;
+
+	void*          internal;     /* our ECC point */
+	char           inSet;        /* internal set from external ? */
+	char           exSet;        /* external set from internal ? */
+};
+
+struct WOLFSSL_EC_GROUP {
+	int curve_idx; /* index of curve, used by WolfSSL as a curve reference */
+	int curve_nid; /* NID of curve, used by OpenSSL/OpenSSH as a curve reference */
+};
+
+struct WOLFSSL_EC_KEY {
+	WOLFSSL_EC_GROUP *group;
+	WOLFSSL_EC_POINT *pub_key;
+	WOLFSSL_BIGNUM *priv_key;
+
+	void*          internal;     /* our ECC Key */
+	char           inSet;        /* internal set from external ? */
+	char           exSet;        /* external set from internal ? */
+};
+
+WOLFSSL_API int wolfSSL_ECPoint_i2d(const WOLFSSL_EC_GROUP *curve, const WOLFSSL_EC_POINT *p, unsigned char *out, unsigned int *len);
+WOLFSSL_API int wolfSSL_ECPoint_d2i(unsigned char *in, unsigned int len, const WOLFSSL_EC_GROUP *curve, WOLFSSL_EC_POINT *p);
+WOLFSSL_API int wolfSSL_EC_KEY_LoadDer(WOLFSSL_EC_KEY* key, const unsigned char* der,  int derSz);
+
+WOLFSSL_API void wolfSSL_EC_KEY_free(WOLFSSL_EC_KEY *key);
+WOLFSSL_API WOLFSSL_EC_POINT *wolfSSL_EC_KEY_get0_public_key(const WOLFSSL_EC_KEY *key);
+WOLFSSL_API const WOLFSSL_EC_GROUP *wolfSSL_EC_KEY_get0_group(const WOLFSSL_EC_KEY *key);
+WOLFSSL_API int wolfSSL_EC_KEY_set_private_key(WOLFSSL_EC_KEY *key, const WOLFSSL_BIGNUM *priv_key);
+WOLFSSL_API WOLFSSL_BIGNUM *wolfSSL_EC_KEY_get0_private_key(const WOLFSSL_EC_KEY *key);
+WOLFSSL_API WOLFSSL_EC_KEY *wolfSSL_EC_KEY_new_by_curve_name(int nid);
+WOLFSSL_API WOLFSSL_EC_KEY *wolfSSL_EC_KEY_new(void);
+WOLFSSL_API int wolfSSL_EC_KEY_set_group(WOLFSSL_EC_KEY *key, WOLFSSL_EC_GROUP *group);
+WOLFSSL_API int wolfSSL_EC_KEY_generate_key(WOLFSSL_EC_KEY *key);
+WOLFSSL_API void wolfSSL_EC_KEY_set_asn1_flag(WOLFSSL_EC_KEY *key, int asn1_flag);
+WOLFSSL_API int wolfSSL_EC_KEY_set_public_key(WOLFSSL_EC_KEY *key, const WOLFSSL_EC_POINT *pub);
+
+
+WOLFSSL_API void wolfSSL_EC_GROUP_set_asn1_flag(WOLFSSL_EC_GROUP *group, int flag);
+WOLFSSL_API WOLFSSL_EC_GROUP *wolfSSL_EC_GROUP_new_by_curve_name(int nid);
+WOLFSSL_API int wolfSSL_EC_GROUP_cmp(const WOLFSSL_EC_GROUP *a, const WOLFSSL_EC_GROUP *b, WOLFSSL_BN_CTX *ctx);
+WOLFSSL_API int wolfSSL_EC_GROUP_get_curve_name(const WOLFSSL_EC_GROUP *group);
+WOLFSSL_API int wolfSSL_EC_GROUP_get_degree(const WOLFSSL_EC_GROUP *group);
+WOLFSSL_API int wolfSSL_EC_GROUP_get_order(const WOLFSSL_EC_GROUP *group, WOLFSSL_BIGNUM *order, WOLFSSL_BN_CTX *ctx);
+WOLFSSL_API void wolfSSL_EC_GROUP_free(WOLFSSL_EC_GROUP *group);
+
+WOLFSSL_API void wolfssl_EC_POINT_dump(const char *msg, const WOLFSSL_EC_POINT *p);
+WOLFSSL_API WOLFSSL_EC_POINT *wolfSSL_EC_POINT_new(const WOLFSSL_EC_GROUP *group);
+WOLFSSL_API int wolfSSL_EC_POINT_get_affine_coordinates_GFp(const WOLFSSL_EC_GROUP *group, const WOLFSSL_EC_POINT *p,
+														WOLFSSL_BIGNUM *x, WOLFSSL_BIGNUM *y, WOLFSSL_BN_CTX *ctx);
+WOLFSSL_API int wolfSSL_EC_POINT_mul(const WOLFSSL_EC_GROUP *group, WOLFSSL_EC_POINT *r, const WOLFSSL_BIGNUM *n,
+									 const WOLFSSL_EC_POINT *q, const WOLFSSL_BIGNUM *m, WOLFSSL_BN_CTX *ctx);
+WOLFSSL_API void wolfSSL_EC_POINT_clear_free(WOLFSSL_EC_POINT *point);
+WOLFSSL_API int wolfSSL_EC_POINT_cmp(const WOLFSSL_EC_GROUP *group, const WOLFSSL_EC_POINT *a,
+									 const WOLFSSL_EC_POINT *b, WOLFSSL_BN_CTX *ctx);
+WOLFSSL_API void wolfSSL_EC_POINT_free(WOLFSSL_EC_POINT *point);
+WOLFSSL_API int wolfSSL_EC_POINT_is_at_infinity(const WOLFSSL_EC_GROUP *group, const WOLFSSL_EC_POINT *a);
+
+#define EC_KEY_free wolfSSL_EC_KEY_free
+#define EC_KEY_get0_public_key wolfSSL_EC_KEY_get0_public_key
+#define EC_KEY_get0_group wolfSSL_EC_KEY_get0_group
+#define EC_KEY_set_private_key wolfSSL_EC_KEY_set_private_key
+#define EC_KEY_get0_private_key wolfSSL_EC_KEY_get0_private_key
+#define	EC_KEY_new_by_curve_name wolfSSL_EC_KEY_new_by_curve_name
+#define EC_KEY_set_group wolfSSL_EC_KEY_set_group
+#define EC_KEY_generate_key	wolfSSL_EC_KEY_generate_key
+#define EC_KEY_set_asn1_flag wolfSSL_EC_KEY_set_asn1_flag
+#define EC_KEY_set_public_key wolfSSL_EC_KEY_set_public_key
+#define EC_KEY_new wolfSSL_EC_KEY_new
+
+#define EC_GROUP_set_asn1_flag wolfSSL_EC_GROUP_set_asn1_flag
+#define EC_GROUP_new_by_curve_name wolfSSL_EC_GROUP_new_by_curve_name
+#define EC_GROUP_cmp wolfSSL_EC_GROUP_cmp
+#define EC_GROUP_get_curve_name wolfSSL_EC_GROUP_get_curve_name
+#define EC_GROUP_get_degree wolfSSL_EC_GROUP_get_degree
+#define EC_GROUP_get_order wolfSSL_EC_GROUP_get_order
+#define EC_GROUP_free wolfSSL_EC_GROUP_free
+
+#define EC_POINT_new wolfSSL_EC_POINT_new
+#define EC_POINT_get_affine_coordinates_GFp wolfSSL_EC_POINT_get_affine_coordinates_GFp
+#define EC_POINT_mul wolfSSL_EC_POINT_mul
+#define EC_POINT_clear_free wolfSSL_EC_POINT_clear_free
+#define EC_POINT_cmp wolfSSL_EC_POINT_cmp
+#define EC_POINT_free wolfSSL_EC_POINT_free
+#define EC_POINT_is_at_infinity wolfSSL_EC_POINT_is_at_infinity
+
+#ifdef __cplusplus
+}  /* extern "C" */
+#endif
+
+#endif /* header */
diff --git a/wolfssl/openssl/ecdh.h b/wolfssl/openssl/ecdh.h
new file mode 100644
index 000000000..3e4c26de0
--- /dev/null
+++ b/wolfssl/openssl/ecdh.h
@@ -0,0 +1,23 @@
+/* ecdh.h for openssl */
+
+#ifndef WOLFSSL_ECDH_H_
+#define WOLFSSL_ECDH_H_
+
+#include <wolfssl/openssl/ssl.h>
+#include <wolfssl/openssl/bn.h>
+
+#ifdef __cplusplus
+extern C {
+#endif
+
+
+WOLFSSL_API	int wolfSSL_ECDH_compute_key(void *out, size_t outlen, const WOLFSSL_EC_POINT *pub_key,
+								 WOLFSSL_EC_KEY *ecdh, void *(*KDF) (const void *in, size_t inlen, void *out, size_t *outlen));
+
+#define ECDH_compute_key wolfSSL_ECDH_compute_key
+
+#ifdef __cplusplus
+}  /* extern C */
+#endif
+
+#endif /* header */
diff --git a/wolfssl/openssl/ecdsa.h b/wolfssl/openssl/ecdsa.h
index f3cf0de35..07f7888d1 100644
--- a/wolfssl/openssl/ecdsa.h
+++ b/wolfssl/openssl/ecdsa.h
@@ -1,2 +1,38 @@
 /* ecdsa.h for openssl */
 
+#ifndef WOLFSSL_ECDSA_H_
+#define WOLFSSL_ECDSA_H_
+
+#include <wolfssl/openssl/ssl.h>
+#include <wolfssl/openssl/bn.h>
+
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+struct WOLFSSL_ECDSA_SIG {
+	WOLFSSL_BIGNUM *r;
+	WOLFSSL_BIGNUM *s;
+#if 0
+	void*          internal;     /* our EC DSA */
+	char           inSet;        /* internal set from external ? */
+	char           exSet;        /* external set from internal ? */
+#endif
+};
+
+WOLFSSL_API void wolfSSL_ECDSA_SIG_free(WOLFSSL_ECDSA_SIG *sig);
+WOLFSSL_API WOLFSSL_ECDSA_SIG *wolfSSL_ECDSA_SIG_new(void);
+WOLFSSL_API WOLFSSL_ECDSA_SIG *wolfSSL_ECDSA_do_sign(const unsigned char *dgst, int dgst_len, WOLFSSL_EC_KEY *eckey);
+WOLFSSL_API int wolfSSL_ECDSA_do_verify(const unsigned char *dgst, int dgst_len, const WOLFSSL_ECDSA_SIG *sig, WOLFSSL_EC_KEY *eckey);
+
+#define	ECDSA_SIG_free wolfSSL_ECDSA_SIG_free
+#define	ECDSA_SIG_new wolfSSL_ECDSA_SIG_new
+#define	ECDSA_do_sign wolfSSL_ECDSA_do_sign
+#define	ECDSA_do_verify wolfSSL_ECDSA_do_verify
+
+#ifdef __cplusplus
+}  /* extern "C" */
+#endif
+
+#endif /* header */
\ No newline at end of file
diff --git a/wolfssl/openssl/evp.h b/wolfssl/openssl/evp.h
index ded0b2f62..bc6b2baf3 100644
--- a/wolfssl/openssl/evp.h
+++ b/wolfssl/openssl/evp.h
@@ -41,6 +41,7 @@
 #include <wolfssl/openssl/ripemd.h>
 #include <wolfssl/openssl/rsa.h>
 #include <wolfssl/openssl/dsa.h>
+#include <wolfssl/openssl/ec.h>
 
 #include <wolfssl/wolfcrypt/aes.h>
 #include <wolfssl/wolfcrypt/des3.h>
@@ -124,6 +125,7 @@ enum {
     NULL_CIPHER_TYPE  = 10,
     EVP_PKEY_RSA      = 11,
     EVP_PKEY_DSA      = 12,
+	EVP_PKEY_EC		  = 13,
     NID_sha1          = 64,
     NID_md5           =  4
 };
@@ -182,6 +184,7 @@ WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_get_digestbynid(int);
 
 WOLFSSL_API WOLFSSL_RSA* wolfSSL_EVP_PKEY_get1_RSA(WOLFSSL_EVP_PKEY*);
 WOLFSSL_API WOLFSSL_DSA* wolfSSL_EVP_PKEY_get1_DSA(WOLFSSL_EVP_PKEY*);
+WOLFSSL_API WOLFSSL_EC_KEY *wolfSSL_EVP_PKEY_get1_EC_KEY(WOLFSSL_EVP_PKEY *key);
 
 /* these next ones don't need real OpenSSL type, for OpenSSH compat only */
 WOLFSSL_API void* wolfSSL_EVP_X_STATE(const WOLFSSL_EVP_CIPHER_CTX* ctx);
@@ -244,6 +247,8 @@ typedef WOLFSSL_EVP_CIPHER_CTX EVP_CIPHER_CTX;
 
 #define EVP_PKEY_get1_RSA   wolfSSL_EVP_PKEY_get1_RSA
 #define EVP_PKEY_get1_DSA   wolfSSL_EVP_PKEY_get1_DSA
+#define EVP_PKEY_get1_EC_KEY wolfSSL_EVP_PKEY_get1_EC_KEY
+
 
 #ifndef EVP_MAX_MD_SIZE
     #define EVP_MAX_MD_SIZE   64     /* sha512 */
diff --git a/wolfssl/openssl/include.am b/wolfssl/openssl/include.am
index 05b509bcc..9d415962f 100644
--- a/wolfssl/openssl/include.am
+++ b/wolfssl/openssl/include.am
@@ -11,6 +11,7 @@ nobase_include_HEADERS+= \
                          wolfssl/openssl/dh.h \
                          wolfssl/openssl/dsa.h \
                          wolfssl/openssl/ecdsa.h \
+                         wolfssl/openssl/ecdh.h \
                          wolfssl/openssl/ec.h \
                          wolfssl/openssl/engine.h \
                          wolfssl/openssl/err.h \
diff --git a/wolfssl/openssl/opensslv.h b/wolfssl/openssl/opensslv.h
index e13e992b8..dc8de4260 100644
--- a/wolfssl/openssl/opensslv.h
+++ b/wolfssl/openssl/opensslv.h
@@ -5,7 +5,7 @@
 
 
 /* api version compatibility */
-#define OPENSSL_VERSION_NUMBER 0x0090410fL
+#define OPENSSL_VERSION_NUMBER 0x0090810fL
 
 
 #endif /* header */
diff --git a/wolfssl/openssl/pem.h b/wolfssl/openssl/pem.h
index 926e43f48..56b85baec 100644
--- a/wolfssl/openssl/pem.h
+++ b/wolfssl/openssl/pem.h
@@ -14,23 +14,70 @@
 #endif
 
 
-WOLFSSL_API int wolfSSL_PEM_write_bio_RSAPrivateKey(WOLFSSL_BIO* bio, RSA* rsa,
+WOLFSSL_API int wolfSSL_PEM_write_bio_ECPrivateKey(WOLFSSL_BIO* bio, WOLFSSL_EC_KEY* ec,
+												   const EVP_CIPHER* cipher,
+												   unsigned char* passwd, int len,
+												   pem_password_cb cb, void* arg);
+
+WOLFSSL_API int wolfSSL_PEM_write_bio_RSAPrivateKey(WOLFSSL_BIO* bio, WOLFSSL_RSA* rsa,
 	                                  const EVP_CIPHER* cipher,
 	                                  unsigned char* passwd, int len,
 	                                  pem_password_cb cb, void* arg);
 
-WOLFSSL_API int wolfSSL_PEM_write_bio_DSAPrivateKey(WOLFSSL_BIO* bio, DSA* rsa,
+WOLFSSL_API int wolfSSL_PEM_write_RSAPrivateKey(FILE *fp, WOLFSSL_RSA *rsa, const EVP_CIPHER *enc,
+												unsigned char *kstr, int klen,
+												pem_password_cb *cb, void *u);
+
+WOLFSSL_API int wolfSSL_PEM_write_bio_DSAPrivateKey(WOLFSSL_BIO* bio, WOLFSSL_DSA* dsa,
 	                                  const EVP_CIPHER* cipher,
 	                                  unsigned char* passwd, int len,
 	                                  pem_password_cb cb, void* arg);
 
+WOLFSSL_API int wolfSSL_PEM_write_DSAPrivateKey(FILE *fp, WOLFSSL_DSA *dsa, const EVP_CIPHER *enc,
+											unsigned char *kstr, int klen,
+											pem_password_cb *cb, void *u);
+
 WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_PEM_read_bio_PrivateKey(WOLFSSL_BIO* bio,
-                        WOLFSSL_EVP_PKEY**, pem_password_cb cb, void* arg); 
+                        WOLFSSL_EVP_PKEY**, pem_password_cb cb, void* arg);
 
+WOLFSSL_API int wolfSSL_EVP_PKEY_type(int type);
+
+WOLFSSL_API WOLFSSL_EVP_PKEY *wolfSSL_PEM_read_PUBKEY(FILE *fp, EVP_PKEY **x,
+													  pem_password_cb *cb, void *u);
+
+WOLFSSL_API WOLFSSL_RSA *wolfSSL_PEM_read_RSAPublicKey(FILE *fp, WOLFSSL_RSA **x,
+													   pem_password_cb *cb, void *u);
+
+WOLFSSL_API int wolfSSL_PEM_write_DSA_PUBKEY(FILE *fp, WOLFSSL_DSA *x);
+
+WOLFSSL_API int wolfSSL_PEM_write_RSAPublicKey(FILE *fp, WOLFSSL_RSA *x);
+
+WOLFSSL_API int wolfSSL_PEM_write_RSA_PUBKEY(FILE *fp, WOLFSSL_RSA *x);
+
+WOLFSSL_API int wolfSSL_PEM_write_buf_RSAPrivateKey(RSA* rsa, const EVP_CIPHER* cipher,
+												unsigned char* passwd, int len,
+													byte **pem, int *plen);
+
+WOLFSSL_API int wolfSSL_PEM_write_EC_PUBKEY(FILE *fp, WOLFSSL_EC_KEY *key);
+WOLFSSL_API int wolfSSL_PEM_write_ECPrivateKey(FILE *fp, WOLFSSL_EC_KEY *key, const EVP_CIPHER *enc,
+														unsigned char *kstr, int klen,
+														pem_password_cb *cb, void *u);
+
+#define PEM_write_bio_ECPrivateKey wolfSSL_PEM_write_bio_ECPrivateKey
 #define PEM_write_bio_RSAPrivateKey wolfSSL_PEM_write_bio_RSAPrivateKey
+#define PEM_write_RSAPrivateKey wolfSSL_PEM_write_RSAPrivateKey
 #define PEM_write_bio_DSAPrivateKey wolfSSL_PEM_write_bio_DSAPrivateKey
+#define PEM_write_DSAPrivateKey wolfSSL_PEM_write_DSAPrivateKey
 #define PEM_read_bio_PrivateKey     wolfSSL_PEM_read_bio_PrivateKey
-
+#define PEM_write_RSA_PUBKEY wolfSSL_PEM_write_RSA_PUBKEY
+#define PEM_write_RSAPublicKey wolfSSL_PEM_write_RSAPublicKey
+#define PEM_write_DSA_PUBKEY wolfSSL_PEM_write_DSA_PUBKEY
+#define PEM_read_RSAPublicKey wolfSSL_PEM_read_RSAPublicKey
+#define PEM_read_RSAPublicKey wolfSSL_PEM_read_RSAPublicKey
+#define PEM_read_PUBKEY wolfSSL_PEM_read_PUBKEY
+#define PEM_write_EC_PUBKEY wolfSSL_PEM_write_EC_PUBKEY
+#define PEM_write_ECPrivateKey wolfSSL_PEM_write_ECPrivateKey
+#define EVP_PKEY_type wolfSSL_EVP_PKEY_type
 
 #ifdef __cplusplus
     }  /* extern "C" */ 
diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h
index 34d7948c3..155b2c273 100644
--- a/wolfssl/openssl/ssl.h
+++ b/wolfssl/openssl/ssl.h
@@ -58,6 +58,10 @@ typedef WOLFSSL_X509_CHAIN X509_CHAIN;
 typedef WOLFSSL_EVP_PKEY       EVP_PKEY;
 typedef WOLFSSL_RSA            RSA;
 typedef WOLFSSL_DSA            DSA;
+typedef WOLFSSL_EC_KEY         EC_KEY;
+typedef WOLFSSL_EC_GROUP       EC_GROUP;
+typedef WOLFSSL_EC_POINT       EC_POINT;
+typedef WOLFSSL_ECDSA_SIG	   ECDSA_SIG;
 typedef WOLFSSL_BIO            BIO;
 typedef WOLFSSL_BIO_METHOD     BIO_METHOD;
 typedef WOLFSSL_CIPHER         SSL_CIPHER;
diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h
index 2c10f895e..1b1c65afe 100644
--- a/wolfssl/ssl.h
+++ b/wolfssl/ssl.h
@@ -76,6 +76,10 @@ typedef struct WOLFSSL_SOCKADDR     WOLFSSL_SOCKADDR;
 
 typedef struct WOLFSSL_RSA            WOLFSSL_RSA;
 typedef struct WOLFSSL_DSA            WOLFSSL_DSA;
+typedef struct WOLFSSL_EC_KEY         WOLFSSL_EC_KEY;
+typedef struct WOLFSSL_EC_POINT       WOLFSSL_EC_POINT;
+typedef struct WOLFSSL_EC_GROUP       WOLFSSL_EC_GROUP;
+typedef struct WOLFSSL_ECDSA_SIG      WOLFSSL_ECDSA_SIG;
 typedef struct WOLFSSL_CIPHER         WOLFSSL_CIPHER;
 typedef struct WOLFSSL_X509_LOOKUP    WOLFSSL_X509_LOOKUP;
 typedef struct WOLFSSL_X509_LOOKUP_METHOD WOLFSSL_X509_LOOKUP_METHOD;
diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h
index 10d0943bb..4cf24a923 100644
--- a/wolfssl/wolfcrypt/asn.h
+++ b/wolfssl/wolfcrypt/asn.h
@@ -145,6 +145,7 @@ enum Misc_ASN {
     KEYID_SIZE          = SHA_DIGEST_SIZE,
 #endif
     RSA_INTS            =   8,     /* RSA ints in private key */
+	DSA_INTS            =   5,     /* DSA ints in private key */
     MIN_DATE_SIZE       =  13,
     MAX_DATE_SIZE       =  32,
     ASN_GEN_TIME_SZ     =  15,     /* 7 numbers * 2 + Zulu tag */
diff --git a/wolfssl/wolfcrypt/asn_public.h b/wolfssl/wolfcrypt/asn_public.h
index 8708708c7..b5bb672ba 100644
--- a/wolfssl/wolfcrypt/asn_public.h
+++ b/wolfssl/wolfcrypt/asn_public.h
@@ -43,7 +43,10 @@ enum CertType {
     CRL_TYPE,
     CA_TYPE,
     ECC_PRIVATEKEY_TYPE,
-    CERTREQ_TYPE
+    CERTREQ_TYPE,
+	DSA_TYPE,
+	ECC_TYPE,
+	RSA_TYPE
 };
 
 
diff --git a/wolfssl/wolfcrypt/dsa.h b/wolfssl/wolfcrypt/dsa.h
index 960bd751b..ee85ea109 100644
--- a/wolfssl/wolfcrypt/dsa.h
+++ b/wolfssl/wolfcrypt/dsa.h
@@ -36,6 +36,7 @@
 #define DsaVerify wc_DsaVerify
 #define DsaPublicKeyDecode wc_DsaPublicKeyDecode
 #define DsaPrivateKeyDecode wc_DsaPrivateKeyDecode
+#define DsaKeyToDer wc_DsaKeyToDer
 
 #ifdef __cplusplus
     extern "C" {
@@ -66,6 +67,8 @@ WOLFSSL_API int wc_DsaPublicKeyDecode(const byte* input, word32* inOutIdx, DsaKe
 WOLFSSL_API int wc_DsaPrivateKeyDecode(const byte* input, word32* inOutIdx, DsaKey*,
                                    word32);
 
+WOLFSSL_API int wc_DsaKeyToDer(DsaKey* key, byte* output, word32 inLen);
+
 #ifdef __cplusplus
     } /* extern "C" */
 #endif
diff --git a/wolfssl/wolfcrypt/ecc.h b/wolfssl/wolfcrypt/ecc.h
index 447e8d3e2..40534a786 100644
--- a/wolfssl/wolfcrypt/ecc.h
+++ b/wolfssl/wolfcrypt/ecc.h
@@ -47,6 +47,7 @@ enum {
 /* ECC set type defined a NIST GF(p) curve */
 typedef struct {
     int size;       /* The size of the curve in octets */
+	int nid;			  /* id of this curve */
     const char* name;     /* name of this curve */
     const char* prime;    /* prime that defines the field, curve is in (hex) */
     const char* Af;       /* fields A param (hex) */
@@ -140,18 +141,38 @@ WOLFSSL_API
 int wc_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key, byte* out,
                       word32* outlen);
 WOLFSSL_API
-int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen, 
-                  RNG* rng, ecc_key* key);
+int wc_ecc_shared_secret_ssh(ecc_key* private_key, ecc_point* point, byte* out, word32 *outlen);
+WOLFSSL_API
+int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen,
+					 RNG* rng, ecc_key* key);
+WOLFSSL_API
+int wc_ecc_sign_hash_ex(const byte* in, word32 inlen, RNG* rng,
+						ecc_key* key, mp_int *r, mp_int *s);
 WOLFSSL_API
 int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash,
                     word32 hashlen, int* stat, ecc_key* key);
 WOLFSSL_API
+int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash,
+						  word32 hashlen, int* stat, ecc_key* key);
+WOLFSSL_API
 int wc_ecc_init(ecc_key* key);
 WOLFSSL_API
 void wc_ecc_free(ecc_key* key);
 WOLFSSL_API
 void wc_ecc_fp_free(void);
 
+WOLFSSL_API
+ecc_point* ecc_new_point(void);
+WOLFSSL_API
+void ecc_del_point(ecc_point* p);
+WOLFSSL_API
+int ecc_copy_point(ecc_point* p, ecc_point *r);
+WOLFSSL_API
+int ecc_cmp_point(ecc_point* a, ecc_point *b);
+WOLFSSL_API
+int ecc_point_is_at_infinity(ecc_point *p);
+WOLFSSL_API
+int ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R, mp_int* modulus, int map);
 
 /* ASN key helpers */
 WOLFSSL_API
@@ -173,6 +194,10 @@ int wc_ecc_import_raw(ecc_key* key, const char* qx, const char* qy,
 WOLFSSL_API
 int wc_ecc_export_private_only(ecc_key* key, byte* out, word32* outLen);
 
+WOLFSSL_API
+int wc_ecc_export_point_der(const int curve_idx, ecc_point* point, byte* out, word32* outLen);
+int wc_ecc_import_point_der(byte* in, word32 inLen, const int curve_idx, ecc_point* point);
+
 /* size helper */
 WOLFSSL_API
 int wc_ecc_size(ecc_key* key);
diff --git a/wolfssl/wolfcrypt/integer.h b/wolfssl/wolfcrypt/integer.h
index b623298ed..bd7da60d9 100644
--- a/wolfssl/wolfcrypt/integer.h
+++ b/wolfssl/wolfcrypt/integer.h
@@ -140,7 +140,8 @@ extern "C" {
 #define MP_OKAY       0   /* ok result */
 #define MP_MEM        -2  /* out of mem */
 #define MP_VAL        -3  /* invalid input */
-#define MP_RANGE      MP_VAL
+#define MP_NOT_INF	  -4  /* point not at infinity */
+#define MP_RANGE      MP_NOT_INF
 
 #define MP_YES        1   /* yes response */
 #define MP_NO         0   /* no response */
@@ -250,6 +251,7 @@ int  mp_cmp_mag (mp_int * a, mp_int * b);
 int  mp_cmp (mp_int * a, mp_int * b);
 int  mp_cmp_d(mp_int * a, mp_digit b);
 void mp_set (mp_int * a, mp_digit b);
+int  mp_is_bit_set (mp_int * a, mp_digit b);
 int  mp_mod (mp_int * a, mp_int * b, mp_int * c);
 int  mp_div(mp_int * a, mp_int * b, mp_int * c, mp_int * d);
 int  mp_div_2(mp_int * a, mp_int * b);
@@ -287,6 +289,7 @@ int  mp_sqr (mp_int * a, mp_int * b);
 int  mp_mulmod (mp_int * a, mp_int * b, mp_int * c, mp_int * d);
 int  mp_mul_d (mp_int * a, mp_digit b, mp_int * c);
 int  mp_2expt (mp_int * a, int b);
+int  mp_set_bit (mp_int * a, int b);
 int  mp_reduce_2k_setup(mp_int *a, mp_digit *d);
 int  mp_add_d (mp_int* a, mp_digit b, mp_int* c);
 int mp_set_int (mp_int * a, unsigned long b);
@@ -296,6 +299,8 @@ int mp_sub_d (mp_int * a, mp_digit b, mp_int * c);
 /* added */
 int mp_init_multi(mp_int* a, mp_int* b, mp_int* c, mp_int* d, mp_int* e,
                   mp_int* f);
+int mp_toradix (mp_int *a, char *str, int radix);
+int mp_radix_size (mp_int * a, int radix, int *size);
 
 #if defined(HAVE_ECC) || defined(WOLFSSL_KEY_GEN)
     int mp_sqrmod(mp_int* a, mp_int* b, mp_int* c);
diff --git a/wolfssl/wolfcrypt/tfm.h b/wolfssl/wolfcrypt/tfm.h
index 1b0bbeab9..3564f71f9 100644
--- a/wolfssl/wolfcrypt/tfm.h
+++ b/wolfssl/wolfcrypt/tfm.h
@@ -234,6 +234,10 @@
  *
  * It defaults to 4096-bits [allowing multiplications upto 2048x2048 bits ]
  */
+
+/* For DH with 3072 bits key size */
+//#define FP_MAX_BITS		  32768
+
 #ifndef FP_MAX_BITS
     #define FP_MAX_BITS           4096
 #endif
@@ -258,6 +262,7 @@
 #define FP_OKAY     0
 #define FP_VAL      1
 #define FP_MEM      2
+#define FP_NOT_INF	3
 
 /* equalities */
 #define FP_LT        -1   /* less than */
@@ -344,7 +349,7 @@ typedef struct {
 /* #define TFM_PRESCOTT */
 
 /* Do we want timing resistant fp_exptmod() ?
- * This makes it slower but also timing invariant with respect to the exponent 
+ * This makes it slower but also timing invariant with respect to the exponent
  */
 /* #define TFM_TIMING_RESISTANT */
 
@@ -372,6 +377,9 @@ typedef struct {
 /* set to a small digit */
 void fp_set(fp_int *a, fp_digit b);
 
+/* check if a bit is set */
+int fp_is_bit_set(fp_int *a, fp_digit b);
+
 /* copy from a to b */
 #ifndef ALT_ECC_SIZE
     #define fp_copy(a, b)  (void)(((a) != (b)) ? ((void)XMEMCPY((b), (a), sizeof(fp_int))) : (void)0)
@@ -645,6 +653,7 @@ void fp_sqr_comba64(fp_int *a, fp_int *b);
     #define MP_EQ   FP_EQ   /* equal to     */
     #define MP_GT   FP_GT   /* greater than */
     #define MP_VAL  FP_VAL  /* invalid */
+	#define MP_NOT_INF FP_NOT_INF /* point not at infinity */
     #define MP_OKAY FP_OKAY /* ok result    */
     #define MP_NO   FP_NO   /* yes/no result */
     #define MP_YES  FP_YES  /* yes/no result */
@@ -665,6 +674,8 @@ int  mp_mulmod (mp_int * a, mp_int * b, mp_int * c, mp_int * d);
 int  mp_mod(mp_int *a, mp_int *b, mp_int *c);
 int  mp_invmod(mp_int *a, mp_int *b, mp_int *c);
 int  mp_exptmod (mp_int * g, mp_int * x, mp_int * p, mp_int * y);
+int  mp_mul_2d(mp_int *a, int b, mp_int *c);
+
 
 int  mp_cmp(mp_int *a, mp_int *b);
 int  mp_cmp_d(mp_int *a, mp_digit b);
@@ -680,7 +691,10 @@ int  mp_iszero(mp_int* a);
 int  mp_count_bits(mp_int *a);
 int  mp_leading_bit(mp_int *a);
 int  mp_set_int(fp_int *a, fp_digit b);
+int  mp_is_bit_set (fp_int * a, fp_digit b);
 void mp_rshb(mp_int *a, int x);
+int mp_toradix (mp_int *a, char *str, int radix);
+int mp_radix_size (mp_int * a, int radix, int *size);
 
 #ifdef HAVE_ECC
     int mp_read_radix(mp_int* a, const char* str, int radix);

From e164173562e85dec6d528d4d62c55d807bdf7e84 Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Wed, 1 Jul 2015 12:51:19 -0700
Subject: [PATCH 169/350] fix null deference potential on new API

---
 wolfcrypt/src/ecc.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c
index 738fea3b8..bacd6486a 100644
--- a/wolfcrypt/src/ecc.c
+++ b/wolfcrypt/src/ecc.c
@@ -2574,7 +2574,7 @@ int wc_ecc_export_point_der(const int curve_idx, ecc_point* point, byte* out, wo
 		return LENGTH_ONLY_E;
 	}
 
-	if (point == NULL && out == NULL && outLen == NULL)
+	if (point == NULL || out == NULL || outLen == NULL)
 		return ECC_BAD_ARG_E;
 
 	numlen = ecc_sets[curve_idx].size;

From 9452d6cfb41a41e701a07ed1fdbf13f0d957651f Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Wed, 1 Jul 2015 13:28:10 -0700
Subject: [PATCH 170/350] don't leak on bad verify decoding with extended API

---
 wolfcrypt/src/ecc.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c
index bacd6486a..2fc8d6db9 100644
--- a/wolfcrypt/src/ecc.c
+++ b/wolfcrypt/src/ecc.c
@@ -2260,10 +2260,9 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash,
 	XMEMSET(&s, 0, sizeof(s));
 
 	err = DecodeECC_DSA_Sig(sig, siglen, &r, &s);
-	if (err != MP_OKAY)
-		return err;
 
-	err = wc_ecc_verify_hash_ex(&r, &s, hash, hashlen, stat, key);
+	if (err == MP_OKAY)
+	    err = wc_ecc_verify_hash_ex(&r, &s, hash, hashlen, stat, key);
 
 	mp_clear(&r);
 	mp_clear(&s);

From 74245dcc1c2d615cefcba75e1caec022648da22c Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Wed, 1 Jul 2015 14:43:58 -0700
Subject: [PATCH 171/350] bump dev version

---
 configure.ac       | 2 +-
 support/wolfssl.pc | 2 +-
 wolfssl/version.h  | 4 ++--
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/configure.ac b/configure.ac
index 4b6d3314d..b0e7591d8 100644
--- a/configure.ac
+++ b/configure.ac
@@ -6,7 +6,7 @@
 #
 #
 
-AC_INIT([wolfssl],[3.6.0],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[http://www.wolfssl.com])
+AC_INIT([wolfssl],[3.6.1],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[http://www.wolfssl.com])
 
 AC_CONFIG_AUX_DIR([build-aux])
 
diff --git a/support/wolfssl.pc b/support/wolfssl.pc
index 277eb17bb..024f117ab 100644
--- a/support/wolfssl.pc
+++ b/support/wolfssl.pc
@@ -5,6 +5,6 @@ includedir=${prefix}/include
 
 Name: wolfssl
 Description: wolfssl C library.
-Version: 3.6.0
+Version: 3.6.1
 Libs: -L${libdir} -lwolfssl
 Cflags: -I${includedir}
diff --git a/wolfssl/version.h b/wolfssl/version.h
index b163a0a3d..6ec106bab 100644
--- a/wolfssl/version.h
+++ b/wolfssl/version.h
@@ -26,8 +26,8 @@
 extern "C" {
 #endif
 
-#define LIBWOLFSSL_VERSION_STRING "3.6.0"
-#define LIBWOLFSSL_VERSION_HEX 0x03006000
+#define LIBWOLFSSL_VERSION_STRING "3.6.1"
+#define LIBWOLFSSL_VERSION_HEX 0x03006001
 
 #ifdef __cplusplus
 }

From e121d01206f271b33298738f3863c69a465cfd2b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= <moises@wolfssl.com>
Date: Wed, 1 Jul 2015 12:44:42 -0300
Subject: [PATCH 172/350] TLSX and SNI code maintenance:  * improves docs;  *
 fixes indentation;  * Extracts TLSX_New() from TLSX_Push();  * Replaces
 TLSX_SNI_Append() with TLSX_SNI_New();  * Adds missing STK_VALIDATE_REQUEST()
 in TLSX_WriteRequest();  * Moves TLSX_SetResponse() to the right position
 inside TLSX_SNI_Parse().

---
 src/tls.c     | 252 +++++++++++++++++++++++++++++++-------------------
 wolfssl/ssl.h |  23 +++--
 2 files changed, 172 insertions(+), 103 deletions(-)

diff --git a/src/tls.c b/src/tls.c
index 3e90df8ff..e095f1756 100644
--- a/src/tls.c
+++ b/src/tls.c
@@ -713,15 +713,38 @@ int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz,
 
 #ifdef HAVE_TLS_EXTENSIONS
 
+/**
+ * The TLSX semaphore is used to calculate the size of the extensions to be sent
+ * from one peer to another.
+ */
 
-/** Supports up to 64 flags. Update as needed. */
+/** Supports up to 64 flags. Increase as needed. */
 #define SEMAPHORE_SIZE 8
 
-
+/**
+ * Converts the extension type (id) to an index in the semaphore.
+ *
+ * Oficial reference for TLS extension types:
+ *   http://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xml
+ *
+ * Motivation:
+ *   Previously, we used the extension type itself as the index of that
+ *   extension in the semaphore as the extension types were declared
+ *   sequentially, but maintain a semaphore as big as the number of available
+ *   extensions is no longer an option since the release of renegotiation_info.
+ *
+ * How to update:
+ *   Assign extension types that extrapolate the number of available semaphores
+ *   to the first available index going backwards in the semaphore array.
+ *   When adding a new extension type that don't extrapolate the number of
+ *   available semaphores, check for a possible collision with with a
+ *   'remapped' extension type.
+ */
 static INLINE word16 TLSX_ToSemaphore(word16 type)
 {
     switch (type) {
-        case SECURE_RENEGOTIATION:
+
+        case SECURE_RENEGOTIATION: /* 0xFF01 */
             return 63;
 
         default:
@@ -739,30 +762,45 @@ static INLINE word16 TLSX_ToSemaphore(word16 type)
     return type;
 }
 
-
+/** Checks if a specific light (tls extension) is not set in the semaphore. */
 #define IS_OFF(semaphore, light) \
     ((semaphore)[(light) / 8] ^  (byte) (0x01 << ((light) % 8)))
 
-
+/** Turn on a specific light (tls extension) in the semaphore. */
 #define TURN_ON(semaphore, light) \
     ((semaphore)[(light) / 8] |= (byte) (0x01 << ((light) % 8)))
 
+/** Creates a new extension. */
+static TLSX* TLSX_New(TLSX_Type type, void* data)
+{
+    TLSX* extension = (TLSX*)XMALLOC(sizeof(TLSX), 0, DYNAMIC_TYPE_TLSX);
 
+    if (extension) {
+        extension->type = type;
+        extension->data = data;
+        extension->resp = 0;
+        extension->next = NULL;
+    }
+
+    return extension;
+}
+
+/**
+ * Creates a new extension and pushes it to the provided list.
+ * Checks for duplicate extensions, keeps the newest.
+ */
 static int TLSX_Push(TLSX** list, TLSX_Type type, void* data)
 {
-    TLSX* extension;
+    TLSX* extension = TLSX_New(type, data);
 
-    extension = (TLSX*)XMALLOC(sizeof(TLSX), 0, DYNAMIC_TYPE_TLSX);
     if (extension == NULL)
         return MEMORY_E;
 
-    extension->type = type;
-    extension->data = data;
-    extension->resp = 0;
+    /* pushes the new extension on the list. */
     extension->next = *list;
     *list = extension;
 
-    /* remove duplicated extensions, there should be only one of each type. */
+    /* remove duplicate extensions, there should be only one of each type. */
     do {
         if (extension->next && extension->next->type == type) {
             TLSX *next = extension->next;
@@ -781,9 +819,9 @@ static int TLSX_Push(TLSX** list, TLSX_Type type, void* data)
     return 0;
 }
 
-
 #ifndef NO_WOLFSSL_SERVER
 
+/** Mark an extension to be sent back to the client. */
 void TLSX_SetResponse(WOLFSSL* ssl, TLSX_Type type);
 
 void TLSX_SetResponse(WOLFSSL* ssl, TLSX_Type type)
@@ -796,10 +834,46 @@ void TLSX_SetResponse(WOLFSSL* ssl, TLSX_Type type)
 
 #endif
 
-/* SNI - Server Name Indication */
-
+/* Server Name Indication */
 #ifdef HAVE_SNI
 
+/** Creates a new SNI object. */
+static SNI* TLSX_SNI_New(byte type, const void* data, word16 size)
+{
+    SNI* sni = (SNI*)XMALLOC(sizeof(SNI), 0, DYNAMIC_TYPE_TLSX);
+
+    if (sni) {
+        sni->type = type;
+        sni->next = NULL;
+
+    #ifndef NO_WOLFSSL_SERVER
+        sni->options = 0;
+        sni->status  = WOLFSSL_SNI_NO_MATCH;
+    #endif
+
+        switch (sni->type) {
+            case WOLFSSL_SNI_HOST_NAME:
+                sni->data.host_name = XMALLOC(size + 1, 0, DYNAMIC_TYPE_TLSX);
+
+                if (sni->data.host_name) {
+                    XSTRNCPY(sni->data.host_name, (const char*)data, size);
+                    sni->data.host_name[size] = 0;
+                } else {
+                    XFREE(sni, 0, DYNAMIC_TYPE_TLSX);
+                    sni = NULL;
+                }
+            break;
+
+            default: /* invalid type */
+                XFREE(sni, 0, DYNAMIC_TYPE_TLSX);
+                sni = NULL;
+        }
+    }
+
+    return sni;
+}
+
+/** Releases a SNI object. */
 static void TLSX_SNI_Free(SNI* sni)
 {
     if (sni) {
@@ -813,6 +887,7 @@ static void TLSX_SNI_Free(SNI* sni)
     }
 }
 
+/** Releases all SNI objects in the provided list. */
 static void TLSX_SNI_FreeAll(SNI* list)
 {
     SNI* sni;
@@ -823,48 +898,7 @@ static void TLSX_SNI_FreeAll(SNI* list)
     }
 }
 
-static int TLSX_SNI_Append(SNI** list, byte type, const void* data, word16 size)
-{
-    SNI* sni;
-
-    if (list == NULL)
-        return BAD_FUNC_ARG;
-
-    if ((sni = XMALLOC(sizeof(SNI), 0, DYNAMIC_TYPE_TLSX)) == NULL)
-        return MEMORY_E;
-
-    switch (type) {
-        case WOLFSSL_SNI_HOST_NAME: {
-            sni->data.host_name = XMALLOC(size + 1, 0, DYNAMIC_TYPE_TLSX);
-
-            if (sni->data.host_name) {
-                XSTRNCPY(sni->data.host_name, (const char*)data, size);
-                sni->data.host_name[size] = 0;
-            } else {
-                XFREE(sni, 0, DYNAMIC_TYPE_TLSX);
-                return MEMORY_E;
-            }
-        }
-        break;
-
-        default: /* invalid type */
-            XFREE(sni, 0, DYNAMIC_TYPE_TLSX);
-            return BAD_FUNC_ARG;
-    }
-
-    sni->type = type;
-    sni->next = *list;
-
-#ifndef NO_WOLFSSL_SERVER
-    sni->options = 0;
-    sni->status  = WOLFSSL_SNI_NO_MATCH;
-#endif
-
-    *list = sni;
-
-    return 0;
-}
-
+/** Tells the buffered size of the SNI objects in a list. */
 static word16 TLSX_SNI_GetSize(SNI* list)
 {
     SNI* sni;
@@ -885,6 +919,7 @@ static word16 TLSX_SNI_GetSize(SNI* list)
     return length;
 }
 
+/** Writes the SNI objects of a list in a buffer. */
 static word16 TLSX_SNI_Write(SNI* list, byte* output)
 {
     SNI* sni;
@@ -915,6 +950,7 @@ static word16 TLSX_SNI_Write(SNI* list, byte* output)
     return offset;
 }
 
+/** Finds a SNI object in the provided list. */
 static SNI* TLSX_SNI_Find(SNI *list, byte type)
 {
     SNI *sni = list;
@@ -926,17 +962,18 @@ static SNI* TLSX_SNI_Find(SNI *list, byte type)
 }
 
 #ifndef NO_WOLFSSL_SERVER
+
+/** Sets the status of a SNI object. */
 static void TLSX_SNI_SetStatus(TLSX* extensions, byte type, byte status)
 {
     TLSX* extension = TLSX_Find(extensions, SERVER_NAME_INDICATION);
     SNI* sni = TLSX_SNI_Find(extension ? extension->data : NULL, type);
 
-    if (sni) {
+    if (sni)
         sni->status = status;
-        WOLFSSL_MSG("SNI did match!");
-    }
 }
 
+/** Gets the status of a SNI object. */
 byte TLSX_SNI_Status(TLSX* extensions, byte type)
 {
     TLSX* extension = TLSX_Find(extensions, SERVER_NAME_INDICATION);
@@ -947,8 +984,10 @@ byte TLSX_SNI_Status(TLSX* extensions, byte type)
 
     return 0;
 }
-#endif
 
+#endif /* NO_WOLFSSL_SERVER */
+
+/** Parses a buffer of SNI extensions. */
 static int TLSX_SNI_Parse(WOLFSSL* ssl, byte* input, word16 length,
                                                                  byte isRequest)
 {
@@ -963,12 +1002,12 @@ static int TLSX_SNI_Parse(WOLFSSL* ssl, byte* input, word16 length,
         extension = TLSX_Find(ssl->ctx->extensions, SERVER_NAME_INDICATION);
 
     if (!extension || !extension->data)
-        return isRequest ? 0 : BUFFER_ERROR; /* not using SNI OR unexpected
-                                                SNI response from server. */
+        return isRequest ? 0             /* not using SNI.           */
+                         : BUFFER_ERROR; /* unexpected SNI response. */
 
     if (!isRequest)
-        return length ? BUFFER_ERROR : 0; /* SNI response must be empty!
-                                             Nothing else to do. */
+        return length ? BUFFER_ERROR /* SNI response MUST be empty. */
+                      : 0;           /* nothing else to do.         */
 
 #ifndef NO_WOLFSSL_SERVER
 
@@ -995,9 +1034,8 @@ static int TLSX_SNI_Parse(WOLFSSL* ssl, byte* input, word16 length,
         if (offset + size > length)
             return BUFFER_ERROR;
 
-        if (!(sni = TLSX_SNI_Find((SNI*)extension->data, type))) {
-            continue; /* not using this SNI type */
-        }
+        if (!(sni = TLSX_SNI_Find((SNI*)extension->data, type)))
+            continue; /* not using this type of SNI. */
 
         switch(type) {
             case WOLFSSL_SNI_HOST_NAME: {
@@ -1009,10 +1047,15 @@ static int TLSX_SNI_Parse(WOLFSSL* ssl, byte* input, word16 length,
                     int r = TLSX_UseSNI(&ssl->extensions,
                                                     type, input + offset, size);
 
-                    if (r != SSL_SUCCESS) return r; /* throw error */
+                    if (r != SSL_SUCCESS)
+                        return r; /* throws error. */
 
                     TLSX_SNI_SetStatus(ssl->extensions, type,
-                      matched ? WOLFSSL_SNI_REAL_MATCH : WOLFSSL_SNI_FAKE_MATCH);
+                                       matched ? WOLFSSL_SNI_REAL_MATCH
+                                               : WOLFSSL_SNI_FAKE_MATCH);
+
+                    TLSX_SetResponse(ssl, SERVER_NAME_INDICATION);
+                    WOLFSSL_MSG("SNI did match!");
 
                 } else if (!(sni->options & WOLFSSL_SNI_CONTINUE_ON_MISMATCH)) {
                     SendAlert(ssl, alert_fatal, unrecognized_name);
@@ -1022,8 +1065,6 @@ static int TLSX_SNI_Parse(WOLFSSL* ssl, byte* input, word16 length,
                 break;
             }
         }
-
-        TLSX_SetResponse(ssl, SERVER_NAME_INDICATION);
     }
 
 #endif
@@ -1035,17 +1076,16 @@ int TLSX_UseSNI(TLSX** extensions, byte type, const void* data, word16 size)
 {
     TLSX* extension = TLSX_Find(*extensions, SERVER_NAME_INDICATION);
     SNI*  sni       = NULL;
-    int   ret       = 0;
 
     if (extensions == NULL || data == NULL)
         return BAD_FUNC_ARG;
 
-    if ((ret = TLSX_SNI_Append(&sni, type, data, size)) != 0)
-        return ret;
+    if ((sni = TLSX_SNI_New(type, data, size)) == NULL)
+        return MEMORY_E;
 
     if (!extension) {
-        if ((ret = TLSX_Push(extensions, SERVER_NAME_INDICATION, (void*)sni))
-                                                                         != 0) {
+        int ret = TLSX_Push(extensions, SERVER_NAME_INDICATION, (void*)sni);
+        if (ret != 0) {
             TLSX_SNI_Free(sni);
             return ret;
         }
@@ -1055,7 +1095,7 @@ int TLSX_UseSNI(TLSX** extensions, byte type, const void* data, word16 size)
         sni->next = (SNI*)extension->data;
         extension->data = (void*)sni;
 
-        /* look for another server name of the same type to remove */
+        /* remove duplicate SNI, there should be only one of each type. */
         do {
             if (sni->next && sni->next->type == type) {
                 SNI *next = sni->next;
@@ -1063,6 +1103,8 @@ int TLSX_UseSNI(TLSX** extensions, byte type, const void* data, word16 size)
                 sni->next = next->next;
                 TLSX_SNI_Free(next);
 
+                /* there is no way to occur more than */
+                /* two SNIs of the same type.         */
                 break;
             }
         } while ((sni = sni->next));
@@ -1072,6 +1114,8 @@ int TLSX_UseSNI(TLSX** extensions, byte type, const void* data, word16 size)
 }
 
 #ifndef NO_WOLFSSL_SERVER
+
+/** Tells the SNI requested by the client. */
 word16 TLSX_SNI_GetRequest(TLSX* extensions, byte type, void** data)
 {
     TLSX* extension = TLSX_Find(extensions, SERVER_NAME_INDICATION);
@@ -1088,6 +1132,7 @@ word16 TLSX_SNI_GetRequest(TLSX* extensions, byte type, void** data)
     return 0;
 }
 
+/** Sets the options for a SNI object. */
 void TLSX_SNI_SetOptions(TLSX* extensions, byte type, byte options)
 {
     TLSX* extension = TLSX_Find(extensions, SERVER_NAME_INDICATION);
@@ -1097,6 +1142,7 @@ void TLSX_SNI_SetOptions(TLSX* extensions, byte type, byte options)
         sni->options = options;
 }
 
+/** Retrieves a SNI request from a client hello buffer. */
 int TLSX_SNI_GetFromBuffer(const byte* clientHello, word32 helloSz,
                            byte type, byte* sni, word32* inOutSz)
 {
@@ -1114,19 +1160,19 @@ int TLSX_SNI_GetFromBuffer(const byte* clientHello, word32 helloSz,
         /* http://tools.ietf.org/html/rfc4346#appendix-E.1 */
         if ((enum HandShakeType) clientHello[++offset] == client_hello) {
             offset += ENUM_LEN + VERSION_SZ; /* skip version */
-            
+
             ato16(clientHello + offset, &len16);
             offset += OPAQUE16_LEN;
-            
+
             if (len16 % 3) /* cipher_spec_length must be multiple of 3 */
                 return BUFFER_ERROR;
 
             ato16(clientHello + offset, &len16);
             offset += OPAQUE16_LEN;
-            
+
             if (len16 != 0) /* session_id_length must be 0 */
                 return BUFFER_ERROR;
-                        
+
             return SNI_UNSUPPORTED;
         }
 
@@ -1433,7 +1479,7 @@ static void TLSX_EllipticCurve_ValidateRequest(WOLFSSL* ssl, byte* semaphore)
         if (ssl->suites->suites[i] == ECC_BYTE)
             return;
 
-    /* No elliptic curve suite found */
+    /* turns semaphore on to avoid sending this extension. */
     TURN_ON(semaphore, TLSX_ToSemaphore(ELLIPTIC_CURVES));
 }
 
@@ -1956,7 +2002,7 @@ int TLSX_UseSessionTicket(TLSX** extensions, SessionTicket* ticket)
 
 #endif /* HAVE_SESSION_TICKET */
 
-
+/** Finds an extension in the provided list. */
 TLSX* TLSX_Find(TLSX* list, TLSX_Type type)
 {
     TLSX* extension = list;
@@ -1967,6 +2013,7 @@ TLSX* TLSX_Find(TLSX* list, TLSX_Type type)
     return extension;
 }
 
+/** Releases all extensions in the provided list. */
 void TLSX_FreeAll(TLSX* list)
 {
     TLSX* extension;
@@ -1975,6 +2022,7 @@ void TLSX_FreeAll(TLSX* list)
         list = extension->next;
 
         switch (extension->type) {
+
             case SERVER_NAME_INDICATION:
                 SNI_FREE_ALL((SNI*)extension->data);
                 break;
@@ -2004,10 +2052,12 @@ void TLSX_FreeAll(TLSX* list)
     }
 }
 
+/** Checks if the tls extensions are supported based on the protocol version. */
 int TLSX_SupportExtensions(WOLFSSL* ssl) {
     return ssl && (IsTLS(ssl) || ssl->version.major == DTLS_MAJOR);
 }
 
+/** Tells the buffered size of the extensions in a list. */
 static word16 TLSX_GetSize(TLSX* list, byte* semaphore, byte isRequest)
 {
     TLSX* extension;
@@ -2016,26 +2066,31 @@ static word16 TLSX_GetSize(TLSX* list, byte* semaphore, byte isRequest)
     while ((extension = list)) {
         list = extension->next;
 
+        /* only extensions marked as response are sent back to the client. */
         if (!isRequest && !extension->resp)
             continue; /* skip! */
 
+        /* ssl level extensions are expected to override ctx level ones. */
         if (!IS_OFF(semaphore, TLSX_ToSemaphore(extension->type)))
             continue; /* skip! */
 
-        /* type + data length */
+        /* extension type + extension data length. */
         length += HELLO_EXT_TYPE_SZ + OPAQUE16_LEN;
 
         switch (extension->type) {
+
             case SERVER_NAME_INDICATION:
+                /* SNI only sends the name on the request. */
                 if (isRequest)
                     length += SNI_GET_SIZE(extension->data);
                 break;
+
             case MAX_FRAGMENT_LENGTH:
                 length += MFL_GET_SIZE(extension->data);
                 break;
 
             case TRUNCATED_HMAC:
-                /* empty extension. */
+                /* always empty. */
                 break;
 
             case ELLIPTIC_CURVES:
@@ -2051,12 +2106,15 @@ static word16 TLSX_GetSize(TLSX* list, byte* semaphore, byte isRequest)
                 break;
         }
 
+        /* marks the extension as processed so ctx level */
+        /* extensions don't overlap with ssl level ones. */
         TURN_ON(semaphore, TLSX_ToSemaphore(extension->type));
     }
 
     return length;
 }
 
+/** Writes the extensions of a list in a buffer. */
 static word16 TLSX_Write(TLSX* list, byte* output, byte* semaphore,
                                                                  byte isRequest)
 {
@@ -2067,18 +2125,20 @@ static word16 TLSX_Write(TLSX* list, byte* output, byte* semaphore,
     while ((extension = list)) {
         list = extension->next;
 
+        /* only extensions marked as response are written in a response. */
         if (!isRequest && !extension->resp)
             continue; /* skip! */
 
+        /* ssl level extensions are expected to override ctx level ones. */
         if (!IS_OFF(semaphore, TLSX_ToSemaphore(extension->type)))
             continue; /* skip! */
 
-        /* extension type */
+        /* writes extension type. */
         c16toa(extension->type, output + offset);
         offset += HELLO_EXT_TYPE_SZ + OPAQUE16_LEN;
         length_offset = offset;
 
-        /* extension data should be written internally */
+        /* extension data should be written internally. */
         switch (extension->type) {
             case SERVER_NAME_INDICATION:
                 if (isRequest)
@@ -2090,7 +2150,7 @@ static word16 TLSX_Write(TLSX* list, byte* output, byte* semaphore,
                 break;
 
             case TRUNCATED_HMAC:
-                /* empty extension. */
+                /* always empty. */
                 break;
 
             case ELLIPTIC_CURVES:
@@ -2108,9 +2168,11 @@ static word16 TLSX_Write(TLSX* list, byte* output, byte* semaphore,
                 break;
         }
 
-        /* writing extension data length */
+        /* writes extension data length. */
         c16toa(offset - length_offset, output + length_offset - OPAQUE16_LEN);
 
+        /* marks the extension as processed so ctx level */
+        /* extensions don't overlap with ssl level ones. */
         TURN_ON(semaphore, TLSX_ToSemaphore(extension->type));
     }
 
@@ -2119,6 +2181,7 @@ static word16 TLSX_Write(TLSX* list, byte* output, byte* semaphore,
 
 #ifndef NO_WOLFSSL_CLIENT
 
+/** Tells the buffered size of extensions to be sent into the client hello. */
 word16 TLSX_GetRequestSize(WOLFSSL* ssl)
 {
     word16 length = 0;
@@ -2140,11 +2203,12 @@ word16 TLSX_GetRequestSize(WOLFSSL* ssl)
     }
 
     if (length)
-        length += OPAQUE16_LEN; /* for total length storage */
+        length += OPAQUE16_LEN; /* for total length storage. */
 
     return length;
 }
 
+/** Writes the extensions to be sent into the client hello. */
 word16 TLSX_WriteRequest(WOLFSSL* ssl, byte* output)
 {
     word16 offset = 0;
@@ -2155,6 +2219,7 @@ word16 TLSX_WriteRequest(WOLFSSL* ssl, byte* output)
         offset += OPAQUE16_LEN; /* extensions length */
 
         EC_VALIDATE_REQUEST(ssl, semaphore);
+        STK_VALIDATE_REQUEST(ssl);
 
         if (ssl->extensions)
             offset += TLSX_Write(ssl->extensions, output + offset,
@@ -2195,6 +2260,7 @@ word16 TLSX_WriteRequest(WOLFSSL* ssl, byte* output)
 
 #ifndef NO_WOLFSSL_SERVER
 
+/** Tells the buffered size of extensions to be sent into the server hello. */
 word16 TLSX_GetResponseSize(WOLFSSL* ssl)
 {
     word16 length = 0;
@@ -2211,6 +2277,7 @@ word16 TLSX_GetResponseSize(WOLFSSL* ssl)
     return length;
 }
 
+/** Writes the server hello extensions into a buffer. */
 word16 TLSX_WriteResponse(WOLFSSL *ssl, byte* output)
 {
     word16 offset = 0;
@@ -2231,6 +2298,7 @@ word16 TLSX_WriteResponse(WOLFSSL *ssl, byte* output)
 
 #endif /* NO_WOLFSSL_SERVER */
 
+/** Parses a buffer of TLS extensions. */
 int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte isRequest,
                                                                  Suites *suites)
 {
@@ -2326,8 +2394,7 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte isRequest,
 #undef TURN_ON
 #undef SEMAPHORE_SIZE
 
-#endif
-
+#endif /* HAVE_TLS_EXTENSIONS */
 
 #ifndef NO_WOLFSSL_CLIENT
 
@@ -2465,4 +2532,3 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte isRequest,
 
 #endif /* NO_WOLFSSL_SERVER */
 #endif /* NO_TLS */
-
diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h
index 2c10f895e..f281c89e6 100644
--- a/wolfssl/ssl.h
+++ b/wolfssl/ssl.h
@@ -1269,8 +1269,8 @@ enum {
     WOLFSSL_SNI_HOST_NAME = 0
 };
 
-WOLFSSL_API int wolfSSL_UseSNI(WOLFSSL* ssl, unsigned char type, const void* data,
-                                                           unsigned short size);
+WOLFSSL_API int wolfSSL_UseSNI(WOLFSSL* ssl, unsigned char type,
+                                         const void* data, unsigned short size);
 WOLFSSL_API int wolfSSL_CTX_UseSNI(WOLFSSL_CTX* ctx, unsigned char type,
                                          const void* data, unsigned short size);
 
@@ -1278,26 +1278,30 @@ WOLFSSL_API int wolfSSL_CTX_UseSNI(WOLFSSL_CTX* ctx, unsigned char type,
 
 /* SNI options */
 enum {
-    WOLFSSL_SNI_CONTINUE_ON_MISMATCH = 0x01, /* do not abort on mismatch flag */
-    WOLFSSL_SNI_ANSWER_ON_MISMATCH   = 0x02  /* fake match on mismatch flag */
+    /* Do not abort the handshake if the requested SNI didn't match. */
+    WOLFSSL_SNI_CONTINUE_ON_MISMATCH = 0x01,
+
+    /* Behave as if the requested SNI matched in a case of missmatch.  */
+    /* In this case, the status will be set to WOLFSSL_SNI_FAKE_MATCH. */
+    WOLFSSL_SNI_ANSWER_ON_MISMATCH   = 0x02
 };
 
 WOLFSSL_API void wolfSSL_SNI_SetOptions(WOLFSSL* ssl, unsigned char type,
                                                          unsigned char options);
-WOLFSSL_API void wolfSSL_CTX_SNI_SetOptions(WOLFSSL_CTX* ctx, unsigned char type,
-                                                         unsigned char options);
+WOLFSSL_API void wolfSSL_CTX_SNI_SetOptions(WOLFSSL_CTX* ctx,
+                                     unsigned char type, unsigned char options);
 
 /* SNI status */
 enum {
     WOLFSSL_SNI_NO_MATCH   = 0,
-    WOLFSSL_SNI_FAKE_MATCH = 1, /* if WOLFSSL_SNI_ANSWER_ON_MISMATCH is enabled */
+    WOLFSSL_SNI_FAKE_MATCH = 1, /**< @see WOLFSSL_SNI_ANSWER_ON_MISMATCH */
     WOLFSSL_SNI_REAL_MATCH = 2
 };
 
 WOLFSSL_API unsigned char wolfSSL_SNI_Status(WOLFSSL* ssl, unsigned char type);
 
-WOLFSSL_API unsigned short wolfSSL_SNI_GetRequest(WOLFSSL *ssl, unsigned char type,
-                                                                   void** data);
+WOLFSSL_API unsigned short wolfSSL_SNI_GetRequest(WOLFSSL *ssl,
+                                               unsigned char type, void** data);
 WOLFSSL_API int wolfSSL_SNI_GetFromBuffer(
                  const unsigned char* clientHello, unsigned int helloSz,
                  unsigned char type, unsigned char* sni, unsigned int* inOutSz);
@@ -1463,4 +1467,3 @@ WOLFSSL_API int wolfSSL_accept_ex(WOLFSSL*, HandShakeCallBack, TimeoutCallBack,
 
 
 #endif /* WOLFSSL_SSL_H */
-

From ca01cebd284f1121106f60f3152b12a4cd24e7e5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= <moises@wolfssl.com>
Date: Wed, 1 Jul 2015 19:09:46 -0300
Subject: [PATCH 173/350] adds SNI abort option to turn SNI mandatory for
 WebSocket (RFC6455 page 17).

@see WOLFSSL_SNI_ABORT_ON_ABSENCE and the xxxSNI_SetOptions() functions for further details.
---
 src/internal.c      |   3 +
 src/tls.c           |  62 +++++++-
 tests/api.c         | 346 +++++++++++++++++++++++---------------------
 wolfssl/error-ssl.h |   3 +-
 wolfssl/ssl.h       |   5 +-
 5 files changed, 248 insertions(+), 171 deletions(-)

diff --git a/src/internal.c b/src/internal.c
index 75d85b130..49621ec85 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -8030,6 +8030,9 @@ const char* wolfSSL_ERR_reason_error_string(unsigned long e)
     case DH_KEY_SIZE_E:
         return "DH key too small Error";
 
+    case SNI_ABSENT_ERROR:
+        return "No Server Name Indication extension Error";
+
     default :
         return "unknown error number";
     }
diff --git a/src/tls.c b/src/tls.c
index e095f1756..68f63f9cc 100644
--- a/src/tls.c
+++ b/src/tls.c
@@ -1072,6 +1072,49 @@ static int TLSX_SNI_Parse(WOLFSSL* ssl, byte* input, word16 length,
     return 0;
 }
 
+static int TLSX_SNI_VerifyParse(WOLFSSL* ssl,  byte isRequest)
+{
+    if (isRequest) {
+    #ifndef NO_WOLFSSL_SERVER
+        TLSX* ctx_ext = TLSX_Find(ssl->ctx->extensions, SERVER_NAME_INDICATION);
+        TLSX* ssl_ext = TLSX_Find(ssl->extensions,      SERVER_NAME_INDICATION);
+        SNI* ctx_sni = ctx_ext ? ctx_ext->data : NULL;
+        SNI* ssl_sni = ssl_ext ? ssl_ext->data : NULL;
+        SNI* sni = NULL;
+
+        for (; ctx_sni; ctx_sni = ctx_sni->next) {
+            if (ctx_sni->options & WOLFSSL_SNI_ABORT_ON_ABSENCE) {
+                sni = TLSX_SNI_Find(ssl_sni, ctx_sni->type);
+
+                if (sni) {
+                    if (sni->status != WOLFSSL_SNI_NO_MATCH)
+                        continue;
+
+                    /* if ssl level overrides ctx level, it is ok. */
+                    if ((sni->options & WOLFSSL_SNI_ABORT_ON_ABSENCE) == 0)
+                        continue;
+                }
+
+                SendAlert(ssl, alert_fatal, handshake_failure);
+                return SNI_ABSENT_ERROR;
+            }
+        }
+
+        for (; ssl_sni; ssl_sni = ssl_sni->next) {
+            if (ssl_sni->options & WOLFSSL_SNI_ABORT_ON_ABSENCE) {
+                if (ssl_sni->status != WOLFSSL_SNI_NO_MATCH)
+                    continue;
+
+                SendAlert(ssl, alert_fatal, handshake_failure);
+                return SNI_ABSENT_ERROR;
+            }
+        }
+    #endif /* NO_WOLFSSL_SERVER */
+    }
+
+    return 0;
+}
+
 int TLSX_UseSNI(TLSX** extensions, byte type, const void* data, word16 size)
 {
     TLSX* extension = TLSX_Find(*extensions, SERVER_NAME_INDICATION);
@@ -1295,17 +1338,19 @@ int TLSX_SNI_GetFromBuffer(const byte* clientHello, word32 helloSz,
 
 #endif
 
-#define SNI_FREE_ALL TLSX_SNI_FreeAll
-#define SNI_GET_SIZE TLSX_SNI_GetSize
-#define SNI_WRITE    TLSX_SNI_Write
-#define SNI_PARSE    TLSX_SNI_Parse
+#define SNI_FREE_ALL     TLSX_SNI_FreeAll
+#define SNI_GET_SIZE     TLSX_SNI_GetSize
+#define SNI_WRITE        TLSX_SNI_Write
+#define SNI_PARSE        TLSX_SNI_Parse
+#define SNI_VERIFY_PARSE TLSX_SNI_VerifyParse
 
 #else
 
 #define SNI_FREE_ALL(list)
-#define SNI_GET_SIZE(list)    0
-#define SNI_WRITE(a, b)       0
-#define SNI_PARSE(a, b, c, d) 0
+#define SNI_GET_SIZE(list)     0
+#define SNI_WRITE(a, b)        0
+#define SNI_PARSE(a, b, c, d)  0
+#define SNI_VERIFY_PARSE(a, b) 0
 
 #endif /* HAVE_SNI */
 
@@ -2386,6 +2431,9 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte isRequest,
         offset += size;
     }
 
+    if (ret == 0)
+        ret = SNI_VERIFY_PARSE(ssl, isRequest);
+
     return ret;
 }
 
diff --git a/tests/api.c b/tests/api.c
index 08e70d4ae..02d9cd9b6 100644
--- a/tests/api.c
+++ b/tests/api.c
@@ -134,9 +134,9 @@ static void test_wolfSSL_Method_Allocators(void)
 static void test_wolfSSL_CTX_new(WOLFSSL_METHOD *method)
 {
     WOLFSSL_CTX *ctx;
-    
+
     AssertNull(ctx = wolfSSL_CTX_new(NULL));
-    
+
     AssertNotNull(method);
     AssertNotNull(ctx = wolfSSL_CTX_new(method));
 
@@ -152,10 +152,10 @@ static void test_wolfSSL_CTX_use_certificate_file(void)
     AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
 
     /* invalid context */
-    AssertFalse(wolfSSL_CTX_use_certificate_file(NULL, svrCert, 
+    AssertFalse(wolfSSL_CTX_use_certificate_file(NULL, svrCert,
                                                              SSL_FILETYPE_PEM));
     /* invalid cert file */
-    AssertFalse(wolfSSL_CTX_use_certificate_file(ctx, bogusFile, 
+    AssertFalse(wolfSSL_CTX_use_certificate_file(ctx, bogusFile,
                                                              SSL_FILETYPE_PEM));
     /* invalid cert type */
     AssertFalse(wolfSSL_CTX_use_certificate_file(ctx, svrCert, 9999));
@@ -181,10 +181,10 @@ static void test_wolfSSL_CTX_use_PrivateKey_file(void)
     AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
 
     /* invalid context */
-    AssertFalse(wolfSSL_CTX_use_PrivateKey_file(NULL, svrKey, 
+    AssertFalse(wolfSSL_CTX_use_PrivateKey_file(NULL, svrKey,
                                                              SSL_FILETYPE_PEM));
     /* invalid key file */
-    AssertFalse(wolfSSL_CTX_use_PrivateKey_file(ctx, bogusFile, 
+    AssertFalse(wolfSSL_CTX_use_PrivateKey_file(ctx, bogusFile,
                                                              SSL_FILETYPE_PEM));
     /* invalid key type */
     AssertFalse(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKey, 9999));
@@ -209,7 +209,7 @@ static void test_wolfSSL_CTX_load_verify_locations(void)
     WOLFSSL_CTX *ctx;
 
     AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
-    
+
     /* invalid context */
     AssertFalse(wolfSSL_CTX_load_verify_locations(NULL, caCert, 0));
 
@@ -272,18 +272,18 @@ static void test_client_wolfSSL_new(void)
     AssertNotNull(ctx        = wolfSSL_CTX_new(wolfSSLv23_client_method()));
 
     AssertTrue(wolfSSL_CTX_load_verify_locations(ctx, caCert, 0));
-    
+
     /* invalid context */
     AssertNull(ssl = wolfSSL_new(NULL));
 
     /* success */
     AssertNotNull(ssl = wolfSSL_new(ctx_nocert));
     wolfSSL_free(ssl);
-    
+
     /* success */
     AssertNotNull(ssl = wolfSSL_new(ctx));
     wolfSSL_free(ssl);
-    
+
     wolfSSL_CTX_free(ctx);
     wolfSSL_CTX_free(ctx_nocert);
 #endif
@@ -353,7 +353,7 @@ static THREAD_RETURN WOLFSSL_THREAD test_server_nofail(void* args)
                 "Please run from wolfSSL home dir");*/
         goto done;
     }
-    
+
     ssl = wolfSSL_new(ctx);
     tcp_accept(&sockfd, &clientfd, (func_args*)args, port, 0, 0, 0);
     CloseSocket(sockfd);
@@ -382,7 +382,7 @@ static THREAD_RETURN WOLFSSL_THREAD test_server_nofail(void* args)
         input[idx] = 0;
         printf("Client message: %s\n", input);
     }
-    
+
     if (wolfSSL_write(ssl, msg, sizeof(msg)) != sizeof(msg))
     {
         /*err_sys("SSL_write failed");*/
@@ -401,7 +401,7 @@ done:
     wolfSSL_shutdown(ssl);
     wolfSSL_free(ssl);
     wolfSSL_CTX_free(ctx);
-    
+
     CloseSocket(clientfd);
     ((func_args*)args)->return_code = TEST_SUCCESS;
 
@@ -494,7 +494,7 @@ static void test_client_nofail(void* args)
 done2:
     wolfSSL_free(ssl);
     wolfSSL_CTX_free(ctx);
-    
+
     CloseSocket(sockfd);
     ((func_args*)args)->return_code = TEST_SUCCESS;
 
@@ -720,10 +720,10 @@ static void test_wolfSSL_read_write(void)
 
     StartTCP();
     InitTcpReady(&ready);
-    
+
     server_args.signal = &ready;
     client_args.signal = &ready;
-    
+
     start_thread(test_server_nofail, &server_args, &serverThread);
     wait_tcp_ready(&server_args);
     test_client_nofail(&client_args);
@@ -746,68 +746,106 @@ static void test_wolfSSL_read_write(void)
  *----------------------------------------------------------------------------*/
 
 #ifdef HAVE_SNI
+static void test_wolfSSL_UseSNI_params(void)
+{
+    WOLFSSL_CTX *ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
+    WOLFSSL     *ssl = wolfSSL_new(ctx);
+
+    AssertNotNull(ctx);
+    AssertNotNull(ssl);
+
+    /* invalid [ctx|ssl] */
+    AssertIntNE(SSL_SUCCESS, wolfSSL_CTX_UseSNI(NULL, 0, "ctx", 3));
+    AssertIntNE(SSL_SUCCESS, wolfSSL_UseSNI(    NULL, 0, "ssl", 3));
+    /* invalid type */
+    AssertIntNE(SSL_SUCCESS, wolfSSL_CTX_UseSNI(ctx, -1, "ctx", 3));
+    AssertIntNE(SSL_SUCCESS, wolfSSL_UseSNI(    ssl, -1, "ssl", 3));
+    /* invalid data */
+    AssertIntNE(SSL_SUCCESS, wolfSSL_CTX_UseSNI(ctx,  0, NULL,  3));
+    AssertIntNE(SSL_SUCCESS, wolfSSL_UseSNI(    ssl,  0, NULL,  3));
+    /* success case */
+    AssertIntEQ(SSL_SUCCESS, wolfSSL_CTX_UseSNI(ctx,  0, "ctx", 3));
+    AssertIntEQ(SSL_SUCCESS, wolfSSL_UseSNI(    ssl,  0, "ssl", 3));
+
+    wolfSSL_free(ssl);
+    wolfSSL_CTX_free(ctx);
+}
+
+/* BEGIN of connection tests callbacks */
 static void use_SNI_at_ctx(WOLFSSL_CTX* ctx)
 {
-    byte type = WOLFSSL_SNI_HOST_NAME;
-    char name[] = "www.yassl.com";
-
     AssertIntEQ(SSL_SUCCESS,
-                    wolfSSL_CTX_UseSNI(ctx, type, (void *) name, XSTRLEN(name)));
+        wolfSSL_CTX_UseSNI(ctx, WOLFSSL_SNI_HOST_NAME, "www.wolfssl.com", 15));
 }
 
 static void use_SNI_at_ssl(WOLFSSL* ssl)
 {
-    byte type = WOLFSSL_SNI_HOST_NAME;
-    char name[] = "www.yassl.com";
-
     AssertIntEQ(SSL_SUCCESS,
-                        wolfSSL_UseSNI(ssl, type, (void *) name, XSTRLEN(name)));
+             wolfSSL_UseSNI(ssl, WOLFSSL_SNI_HOST_NAME, "www.wolfssl.com", 15));
 }
 
 static void different_SNI_at_ssl(WOLFSSL* ssl)
 {
-    byte type = WOLFSSL_SNI_HOST_NAME;
-    char name[] = "ww2.yassl.com";
-
     AssertIntEQ(SSL_SUCCESS,
-                        wolfSSL_UseSNI(ssl, type, (void *) name, XSTRLEN(name)));
+             wolfSSL_UseSNI(ssl, WOLFSSL_SNI_HOST_NAME, "ww2.wolfssl.com", 15));
 }
 
 static void use_SNI_WITH_CONTINUE_at_ssl(WOLFSSL* ssl)
 {
-    byte type = WOLFSSL_SNI_HOST_NAME;
-
     use_SNI_at_ssl(ssl);
-
-    wolfSSL_SNI_SetOptions(ssl, type, WOLFSSL_SNI_CONTINUE_ON_MISMATCH);
+    wolfSSL_SNI_SetOptions(ssl, WOLFSSL_SNI_HOST_NAME,
+                                              WOLFSSL_SNI_CONTINUE_ON_MISMATCH);
 }
 
 static void use_SNI_WITH_FAKE_ANSWER_at_ssl(WOLFSSL* ssl)
 {
-    byte type = WOLFSSL_SNI_HOST_NAME;
-
     use_SNI_at_ssl(ssl);
-
-    wolfSSL_SNI_SetOptions(ssl, type, WOLFSSL_SNI_ANSWER_ON_MISMATCH);
+    wolfSSL_SNI_SetOptions(ssl, WOLFSSL_SNI_HOST_NAME,
+                                                WOLFSSL_SNI_ANSWER_ON_MISMATCH);
 }
 
-static void verify_SNI_abort_on_client(WOLFSSL* ssl)
+static void use_MANDATORY_SNI_at_ctx(WOLFSSL_CTX* ctx)
+{
+    use_SNI_at_ctx(ctx);
+    wolfSSL_CTX_SNI_SetOptions(ctx, WOLFSSL_SNI_HOST_NAME,
+                                                  WOLFSSL_SNI_ABORT_ON_ABSENCE);
+}
+
+static void use_MANDATORY_SNI_at_ssl(WOLFSSL* ssl)
+{
+    use_SNI_at_ssl(ssl);
+    wolfSSL_SNI_SetOptions(ssl, WOLFSSL_SNI_HOST_NAME,
+                                                  WOLFSSL_SNI_ABORT_ON_ABSENCE);
+}
+
+static void use_PSEUDO_MANDATORY_SNI_at_ctx(WOLFSSL_CTX* ctx)
+{
+    use_SNI_at_ctx(ctx);
+    wolfSSL_CTX_SNI_SetOptions(ctx, WOLFSSL_SNI_HOST_NAME,
+                 WOLFSSL_SNI_ANSWER_ON_MISMATCH | WOLFSSL_SNI_ABORT_ON_ABSENCE);
+}
+
+static void verify_FATAL_ERROR_on_client(WOLFSSL* ssl)
 {
     AssertIntEQ(FATAL_ERROR, wolfSSL_get_error(ssl, 0));
 }
 
-static void verify_SNI_abort_on_server(WOLFSSL* ssl)
+static void verify_UNKNOWN_SNI_on_server(WOLFSSL* ssl)
 {
     AssertIntEQ(UNKNOWN_SNI_HOST_NAME_E, wolfSSL_get_error(ssl, 0));
 }
 
+static void verify_SNI_ABSENT_on_server(WOLFSSL* ssl)
+{
+    AssertIntEQ(SNI_ABSENT_ERROR, wolfSSL_get_error(ssl, 0));
+}
+
 static void verify_SNI_no_matching(WOLFSSL* ssl)
 {
-    byte  type    = WOLFSSL_SNI_HOST_NAME;
+    byte type = WOLFSSL_SNI_HOST_NAME;
     char* request = (char*) &type; /* to be overwriten */
 
     AssertIntEQ(WOLFSSL_SNI_NO_MATCH, wolfSSL_SNI_Status(ssl, type));
-
     AssertNotNull(request);
     AssertIntEQ(0, wolfSSL_SNI_GetRequest(ssl, type, (void**) &request));
     AssertNull(request);
@@ -815,30 +853,118 @@ static void verify_SNI_no_matching(WOLFSSL* ssl)
 
 static void verify_SNI_real_matching(WOLFSSL* ssl)
 {
-    byte   type    = WOLFSSL_SNI_HOST_NAME;
-    char*  request = NULL;
-    char   name[]  = "www.yassl.com";
-    word16 length  = XSTRLEN(name);
+    byte type = WOLFSSL_SNI_HOST_NAME;
+    char* request = NULL;
 
     AssertIntEQ(WOLFSSL_SNI_REAL_MATCH, wolfSSL_SNI_Status(ssl, type));
-
-    AssertIntEQ(length, wolfSSL_SNI_GetRequest(ssl, type, (void**) &request));
+    AssertIntEQ(15, wolfSSL_SNI_GetRequest(ssl, type, (void**) &request));
     AssertNotNull(request);
-    AssertStrEQ(name, request);
+    AssertStrEQ("www.wolfssl.com", request);
 }
 
 static void verify_SNI_fake_matching(WOLFSSL* ssl)
 {
-    byte   type    = WOLFSSL_SNI_HOST_NAME;
-    char*  request = NULL;
-    char   name[]  = "ww2.yassl.com";
-    word16 length  = XSTRLEN(name);
+    byte type = WOLFSSL_SNI_HOST_NAME;
+    char* request = NULL;
 
     AssertIntEQ(WOLFSSL_SNI_FAKE_MATCH, wolfSSL_SNI_Status(ssl, type));
-
-    AssertIntEQ(length, wolfSSL_SNI_GetRequest(ssl, type, (void**) &request));
+    AssertIntEQ(15, wolfSSL_SNI_GetRequest(ssl, type, (void**) &request));
     AssertNotNull(request);
-    AssertStrEQ(name, request);
+    AssertStrEQ("ww2.wolfssl.com", request);
+}
+/* END of connection tests callbacks */
+
+/* connection test runner */
+static void test_wolfSSL_client_server(callback_functions* client_callbacks,
+                                      callback_functions* server_callbacks)
+{
+#ifdef HAVE_IO_TESTS_DEPENDENCIES
+    tcp_ready ready;
+    func_args client_args;
+    func_args server_args;
+    THREAD_TYPE serverThread;
+
+    StartTCP();
+
+    client_args.callbacks = client_callbacks;
+    server_args.callbacks = server_callbacks;
+
+#ifdef WOLFSSL_TIRTOS
+    fdOpenSession(Task_self());
+#endif
+
+    /* RUN Server side */
+    InitTcpReady(&ready);
+    server_args.signal = &ready;
+    client_args.signal = &ready;
+    start_thread(run_wolfssl_server, &server_args, &serverThread);
+    wait_tcp_ready(&server_args);
+
+    /* RUN Client side */
+    run_wolfssl_client(&client_args);
+    join_thread(serverThread);
+
+    FreeTcpReady(&ready);
+#ifdef WOLFSSL_TIRTOS
+    fdCloseSession(Task_self());
+#endif
+
+#else
+    (void)client_callbacks;
+    (void)server_callbacks;
+#endif
+}
+
+static void test_wolfSSL_UseSNI_connection(void)
+{
+    unsigned long i;
+    callback_functions callbacks[] = {
+        /* success case at ctx */
+        {0, use_SNI_at_ctx, 0, 0},
+        {0, use_SNI_at_ctx, 0, verify_SNI_real_matching},
+
+        /* success case at ssl */
+        {0, 0, use_SNI_at_ssl, 0},
+        {0, 0, use_SNI_at_ssl, verify_SNI_real_matching},
+
+        /* default missmatch behavior */
+        {0, 0, different_SNI_at_ssl, verify_FATAL_ERROR_on_client},
+        {0, 0, use_SNI_at_ssl,       verify_UNKNOWN_SNI_on_server},
+
+        /* continue on missmatch */
+        {0, 0, different_SNI_at_ssl,         0},
+        {0, 0, use_SNI_WITH_CONTINUE_at_ssl, verify_SNI_no_matching},
+
+        /* fake answer on missmatch */
+        {0, 0, different_SNI_at_ssl,            0},
+        {0, 0, use_SNI_WITH_FAKE_ANSWER_at_ssl, verify_SNI_fake_matching},
+
+        /* sni abort - success */
+        {0, use_SNI_at_ctx,           0, 0},
+        {0, use_MANDATORY_SNI_at_ctx, 0, verify_SNI_real_matching},
+
+        /* sni abort - abort when absent (ctx) */
+        {0, 0,                        0, verify_FATAL_ERROR_on_client},
+        {0, use_MANDATORY_SNI_at_ctx, 0, verify_SNI_ABSENT_on_server},
+
+        /* sni abort - abort when absent (ssl) */
+        {0, 0, 0,                        verify_FATAL_ERROR_on_client},
+        {0, 0, use_MANDATORY_SNI_at_ssl, verify_SNI_ABSENT_on_server},
+
+        /* sni abort - success when overwriten */
+        {0, 0, 0, 0},
+        {0, use_MANDATORY_SNI_at_ctx, use_SNI_at_ssl, verify_SNI_no_matching},
+
+        /* sni abort - success when allowing missmatches */
+        {0, 0, different_SNI_at_ssl, 0},
+        {0, use_PSEUDO_MANDATORY_SNI_at_ctx, 0, verify_SNI_fake_matching},
+    };
+
+    for (i = 0; i < sizeof(callbacks) / sizeof(callback_functions); i += 2) {
+        callbacks[i    ].method = wolfSSLv23_client_method;
+        callbacks[i + 1].method = wolfSSLv23_server_method;
+        test_wolfSSL_client_server(&callbacks[i], &callbacks[i + 1]);
+    }
 }
 
 static void test_wolfSSL_SNI_GetFromBuffer(void)
@@ -904,7 +1030,7 @@ static void test_wolfSSL_SNI_GetFromBuffer(void)
         0x01, 0x04, 0x03, 0x05, 0x03, 0x02, 0x03, 0x04, 0x02, 0x02, 0x02, 0x00,
         0x12, 0x00, 0x00
     };
-    
+
     byte buffer5[] = { /* SSL v2.0 client hello */
         0x00, 0x2b, 0x01, 0x03, 0x01, 0x00, 0x09, 0x00, 0x00,
         /* dummy bytes bellow, just to pass size check */
@@ -933,7 +1059,7 @@ static void test_wolfSSL_SNI_GetFromBuffer(void)
                                                            0, result, &length));
     buffer[1] = 0x03;
 
-    AssertIntEQ(SNI_UNSUPPORTED, wolfSSL_SNI_GetFromBuffer(buffer, 
+    AssertIntEQ(SNI_UNSUPPORTED, wolfSSL_SNI_GetFromBuffer(buffer,
                                            sizeof(buffer), 0, result, &length));
     buffer[2] = 0x03;
 
@@ -964,121 +1090,19 @@ static void test_wolfSSL_SNI_GetFromBuffer(void)
     buffer5[2] = 0x01; buffer5[6] = 0x08;
     AssertIntEQ(BUFFER_ERROR, wolfSSL_SNI_GetFromBuffer(buffer5,
                                           sizeof(buffer5), 0, result, &length));
-    
+
     buffer5[6] = 0x09; buffer5[8] = 0x01;
     AssertIntEQ(BUFFER_ERROR, wolfSSL_SNI_GetFromBuffer(buffer5,
                                           sizeof(buffer5), 0, result, &length));
 }
 
-static void test_wolfSSL_client_server(callback_functions* client_callbacks,
-                                      callback_functions* server_callbacks)
-{
-#ifdef HAVE_IO_TESTS_DEPENDENCIES
-    tcp_ready ready;
-    func_args client_args;
-    func_args server_args;
-    THREAD_TYPE serverThread;
-
-    StartTCP();
-
-    client_args.callbacks = client_callbacks;
-    server_args.callbacks = server_callbacks;
-
-#ifdef WOLFSSL_TIRTOS
-    fdOpenSession(Task_self());
-#endif
-
-    /* RUN Server side */
-    InitTcpReady(&ready);
-    server_args.signal = &ready;
-    client_args.signal = &ready;
-    start_thread(run_wolfssl_server, &server_args, &serverThread);
-    wait_tcp_ready(&server_args);
-
-    /* RUN Client side */
-    run_wolfssl_client(&client_args);
-    join_thread(serverThread);
-
-    FreeTcpReady(&ready);
-#ifdef WOLFSSL_TIRTOS
-    fdCloseSession(Task_self());
-#endif
-    
-#else
-    (void)client_callbacks;
-    (void)server_callbacks;
-#endif
-}
-
 #endif /* HAVE_SNI */
 
 static void test_wolfSSL_UseSNI(void)
 {
 #ifdef HAVE_SNI
-    callback_functions client_callbacks = {wolfSSLv23_client_method, 0, 0, 0};
-    callback_functions server_callbacks = {wolfSSLv23_server_method, 0, 0, 0};
-
-    WOLFSSL_CTX *ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
-    WOLFSSL     *ssl = wolfSSL_new(ctx);
-
-    AssertNotNull(ctx);
-    AssertNotNull(ssl);
-
-    /* error cases */
-    AssertIntNE(SSL_SUCCESS,
-                    wolfSSL_CTX_UseSNI(NULL, 0, (void *) "ctx", XSTRLEN("ctx")));
-    AssertIntNE(SSL_SUCCESS,
-                    wolfSSL_UseSNI(    NULL, 0, (void *) "ssl", XSTRLEN("ssl")));
-    AssertIntNE(SSL_SUCCESS,
-                    wolfSSL_CTX_UseSNI(ctx, -1, (void *) "ctx", XSTRLEN("ctx")));
-    AssertIntNE(SSL_SUCCESS,
-                    wolfSSL_UseSNI(    ssl, -1, (void *) "ssl", XSTRLEN("ssl")));
-    AssertIntNE(SSL_SUCCESS,
-                    wolfSSL_CTX_UseSNI(ctx,  0, (void *) NULL,  XSTRLEN("ctx")));
-    AssertIntNE(SSL_SUCCESS,
-                    wolfSSL_UseSNI(    ssl,  0, (void *) NULL,  XSTRLEN("ssl")));
-
-    /* success case */
-    AssertIntEQ(SSL_SUCCESS,
-                    wolfSSL_CTX_UseSNI(ctx,  0, (void *) "ctx", XSTRLEN("ctx")));
-    AssertIntEQ(SSL_SUCCESS,
-                    wolfSSL_UseSNI(    ssl,  0, (void *) "ssl", XSTRLEN("ssl")));
-
-    wolfSSL_free(ssl);
-    wolfSSL_CTX_free(ctx);
-
-    /* Testing success case at ctx */
-    client_callbacks.ctx_ready = server_callbacks.ctx_ready = use_SNI_at_ctx;
-    server_callbacks.on_result = verify_SNI_real_matching;
-
-    test_wolfSSL_client_server(&client_callbacks, &server_callbacks);
-
-    /* Testing success case at ssl */
-    client_callbacks.ctx_ready = server_callbacks.ctx_ready = NULL;
-    client_callbacks.ssl_ready = server_callbacks.ssl_ready = use_SNI_at_ssl;
-
-    test_wolfSSL_client_server(&client_callbacks, &server_callbacks);
-
-    /* Testing default mismatch behaviour */
-    client_callbacks.ssl_ready = different_SNI_at_ssl;
-    client_callbacks.on_result = verify_SNI_abort_on_client;
-    server_callbacks.on_result = verify_SNI_abort_on_server;
-
-    test_wolfSSL_client_server(&client_callbacks, &server_callbacks);
-    client_callbacks.on_result = NULL;
-
-    /* Testing continue on mismatch */
-    client_callbacks.ssl_ready = different_SNI_at_ssl;
-    server_callbacks.ssl_ready = use_SNI_WITH_CONTINUE_at_ssl;
-    server_callbacks.on_result = verify_SNI_no_matching;
-
-    test_wolfSSL_client_server(&client_callbacks, &server_callbacks);
-
-    /* Testing fake answer on mismatch */
-    server_callbacks.ssl_ready = use_SNI_WITH_FAKE_ANSWER_at_ssl;
-    server_callbacks.on_result = verify_SNI_fake_matching;
-
-    test_wolfSSL_client_server(&client_callbacks, &server_callbacks);
+    test_wolfSSL_UseSNI_params();
+    test_wolfSSL_UseSNI_connection();
 
     test_wolfSSL_SNI_GetFromBuffer();
 #endif
diff --git a/wolfssl/error-ssl.h b/wolfssl/error-ssl.h
index f151c3fb5..23e5f4d37 100644
--- a/wolfssl/error-ssl.h
+++ b/wolfssl/error-ssl.h
@@ -134,6 +134,7 @@ enum wolfSSL_ErrorCodes {
     BAD_TICKET_ENCRYPT      = -400,        /* Bad user ticket encrypt        */
 
     DH_KEY_SIZE_E           = -401,        /* DH Key too small */
+    SNI_ABSENT_ERROR        = -402,        /* No SNI request. */
 
     /* add strings to SetErrorString !!!!! */
 
@@ -165,5 +166,3 @@ void SetErrorString(int err, char* buff);
 
 
 #endif /* wolfSSL_ERROR_H */
-
-
diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h
index f281c89e6..cbb9f8314 100644
--- a/wolfssl/ssl.h
+++ b/wolfssl/ssl.h
@@ -1283,7 +1283,10 @@ enum {
 
     /* Behave as if the requested SNI matched in a case of missmatch.  */
     /* In this case, the status will be set to WOLFSSL_SNI_FAKE_MATCH. */
-    WOLFSSL_SNI_ANSWER_ON_MISMATCH   = 0x02
+    WOLFSSL_SNI_ANSWER_ON_MISMATCH   = 0x02,
+
+    /* Abort the handshake if the client didn't send a SNI request. */
+    WOLFSSL_SNI_ABORT_ON_ABSENCE     = 0x04,
 };
 
 WOLFSSL_API void wolfSSL_SNI_SetOptions(WOLFSSL* ssl, unsigned char type,

From b183bdc009ea7c445dfd529ef9e5dfb078dc5a82 Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Thu, 2 Jul 2015 13:48:58 -0700
Subject: [PATCH 174/350] fix ALT_ECC_SIZE in ssh mode

---
 src/ssl.c           | 46 ++++++---------------------------------------
 wolfcrypt/src/ecc.c |  2 +-
 2 files changed, 7 insertions(+), 41 deletions(-)

diff --git a/src/ssl.c b/src/ssl.c
index e391095ce..49e7b8ef8 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -13216,37 +13216,20 @@ static int SetECPointInternal(WOLFSSL_EC_POINT *p)
 
 	point = (ecc_point*)p->internal;
 
-#ifndef ALT_ECC_SIZE
-	if (p->X != NULL && SetIndividualInternal(p->X, &point->x[0]) < 0) {
+	if (p->X != NULL && SetIndividualInternal(p->X, point->x) < 0) {
 		WOLFSSL_MSG("ecc point X error");
 		return SSL_FATAL_ERROR;
 	}
 
-	if (p->Y != NULL && SetIndividualInternal(p->Y, &point->y[0]) < 0) {
+	if (p->Y != NULL && SetIndividualInternal(p->Y, point->y) < 0) {
 		WOLFSSL_MSG("ecc point Y error");
 		return SSL_FATAL_ERROR;
 	}
 
-	if (p->Z != NULL && SetIndividualInternal(p->Z, &point->z[0]) < 0) {
+	if (p->Z != NULL && SetIndividualInternal(p->Z, point->z) < 0) {
 		WOLFSSL_MSG("ecc point Z error");
 		return SSL_FATAL_ERROR;
 	}
-#else
-	if (p->X != NULL && SetIndividualInternal(p->X, &point->x) < 0) {
-		WOLFSSL_MSG("ecc point X error");
-		return SSL_FATAL_ERROR;
-	}
-
-	if (p->Y != NULL && SetIndividualInternal(p->Y, &point->y) < 0) {
-		WOLFSSL_MSG("ecc point Y error");
-		return SSL_FATAL_ERROR;
-	}
-
-	if (p->Z != NULL && SetIndividualInternal(p->Z, &point->z) < 0) {
-		WOLFSSL_MSG("ecc point Z error");
-		return SSL_FATAL_ERROR;
-	}
-#endif
 
 	p->inSet = 1;
 
@@ -13267,37 +13250,20 @@ static int SetECPointExternal(WOLFSSL_EC_POINT *p)
 
 	point = (ecc_point*)p->internal;
 
-#ifndef ALT_ECC_SIZE
-	if (SetIndividualExternal(&p->X, &point->x[0]) < 0) {
+	if (SetIndividualExternal(&p->X, point->x) < 0) {
 		WOLFSSL_MSG("ecc point X error");
 		return SSL_FATAL_ERROR;
 	}
 
-	if (SetIndividualExternal(&p->Y, &point->y[0]) < 0) {
+	if (SetIndividualExternal(&p->Y, point->y) < 0) {
 		WOLFSSL_MSG("ecc point Y error");
 		return SSL_FATAL_ERROR;
 	}
 
-	if (SetIndividualExternal(&p->Z, &point->z[0]) < 0) {
+	if (SetIndividualExternal(&p->Z, point->z) < 0) {
 		WOLFSSL_MSG("ecc point Z error");
 		return SSL_FATAL_ERROR;
 	}
-#else
-	if (SetIndividualExternal(&p->X, &point->x) < 0) {
-		WOLFSSL_MSG("ecc point X error");
-		return SSL_FATAL_ERROR;
-	}
-
-	if (SetIndividualExternal(&p->Y, &point->y) < 0) {
-		WOLFSSL_MSG("ecc point Y error");
-		return SSL_FATAL_ERROR;
-	}
-
-	if (SetIndividualExternal(&p->Z, &point->z) < 0) {
-		WOLFSSL_MSG("ecc point Z error");
-		return SSL_FATAL_ERROR;
-	}
-#endif
 
 	p->exSet = 1;
 
diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c
index 2fc8d6db9..2a6612718 100644
--- a/wolfcrypt/src/ecc.c
+++ b/wolfcrypt/src/ecc.c
@@ -2436,7 +2436,7 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash,
 /* import point from der */
 int wc_ecc_import_point_der(byte* in, word32 inLen, const int curve_idx, ecc_point* point)
 {
-	int err;
+	int err = 0;
 	int compressed = 0;
 
 	if (in == NULL || point == NULL || (ecc_is_valid_idx(curve_idx) == 0))

From 6355bb4daf5798ad0de4f9f48d4f9aba2255920d Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Thu, 2 Jul 2015 13:52:37 -0700
Subject: [PATCH 175/350] remove C++ comments

---
 src/ssl.c               | 5 -----
 wolfssl/wolfcrypt/tfm.h | 2 --
 2 files changed, 7 deletions(-)

diff --git a/src/ssl.c b/src/ssl.c
index 49e7b8ef8..db75781e4 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -13295,8 +13295,6 @@ static int SetECKeyExternal(WOLFSSL_EC_KEY* eckey)
 			return SSL_FATAL_ERROR;
 		}
 
-		//eckey->pub_key->internal = (ecc_point*)&(key->pubkey);
-
 		/* set the external pubkey (point) */
 		if (SetECPointExternal(eckey->pub_key) < 0) {
 			WOLFSSL_MSG("SetECKeyExternal SetECPointExternal failed");
@@ -13913,7 +13911,6 @@ int wolfSSL_EC_POINT_get_affine_coordinates_GFp(const WOLFSSL_EC_GROUP *group, c
 												WOLFSSL_BIGNUM *x, WOLFSSL_BIGNUM *y, WOLFSSL_BN_CTX *ctx)
 {
 	(void)ctx;
-	//ecc_point *p;
 
 	WOLFSSL_ENTER("wolfSSL_EC_POINT_get_affine_coordinates_GFp");
 
@@ -13931,8 +13928,6 @@ int wolfSSL_EC_POINT_get_affine_coordinates_GFp(const WOLFSSL_EC_GROUP *group, c
 		}
 	}
 
-	//p = (ecc_point*)point->internal;
-
 	BN_copy(x, point->X);
 	BN_copy(y, point->Y);
 
diff --git a/wolfssl/wolfcrypt/tfm.h b/wolfssl/wolfcrypt/tfm.h
index 3564f71f9..50e9712e7 100644
--- a/wolfssl/wolfcrypt/tfm.h
+++ b/wolfssl/wolfcrypt/tfm.h
@@ -235,8 +235,6 @@
  * It defaults to 4096-bits [allowing multiplications upto 2048x2048 bits ]
  */
 
-/* For DH with 3072 bits key size */
-//#define FP_MAX_BITS		  32768
 
 #ifndef FP_MAX_BITS
     #define FP_MAX_BITS           4096

From e2689a06567975141acadad6f7900de02931e806 Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Fri, 3 Jul 2015 09:50:16 -0700
Subject: [PATCH 176/350] fix opensslextra small stack invalid free

---
 src/ssl.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/ssl.c b/src/ssl.c
index db75781e4..564605344 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -2147,8 +2147,10 @@ static int wolfssl_decrypt_buffer_key(buffer* der, byte* password, int passwordS
 	if ((ret = EVP_BytesToKey(info->name, "MD5", info->iv,
 							  password, passwordSz, 1, key, iv)) <= 0) {
 
-		XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-		XFREE(iv, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        #ifdef WOLFSSL_SMALL_STACK
+		    XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+		    XFREE(iv, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        #endif
 		return ASN_INPUT_E;
 	}
 

From 9b0c1499c342f169214a7c11d7b67d8cd8e673b6 Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Fri, 3 Jul 2015 09:53:48 -0700
Subject: [PATCH 177/350] fix opensslextra w/ dsa additions

---
 wolfcrypt/src/asn.c            | 2 +-
 wolfssl/wolfcrypt/asn_public.h | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
index c8b545a83..59e75be5e 100644
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -4641,7 +4641,7 @@ WOLFSSL_LOCAL int SetSerialNumber(const byte* sn, word32 snSz, byte* output)
 
 
 
-#if defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN)
+#if defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN) || !defined(NO_DSA)
 
 /* convert der buffer to pem into output, can't do inplace, der and output
    need to be different */
diff --git a/wolfssl/wolfcrypt/asn_public.h b/wolfssl/wolfcrypt/asn_public.h
index b5bb672ba..d7b47328d 100644
--- a/wolfssl/wolfcrypt/asn_public.h
+++ b/wolfssl/wolfcrypt/asn_public.h
@@ -175,7 +175,7 @@ WOLFSSL_API int  wc_SetDatesBuffer(Cert*, const byte*, int);
 #endif /* WOLFSSL_CERT_GEN */
 
 
-#if defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN)
+#if defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN) || !defined(NO_DSA)
     WOLFSSL_API int wc_DerToPem(const byte* der, word32 derSz, byte* output,
                             word32 outputSz, int type);
 #endif

From 1a853d277d3fdec64580748b9717016cf7fd7a50 Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Fri, 3 Jul 2015 09:58:42 -0700
Subject: [PATCH 178/350] fix opensslextra w/o ecc ssh

---
 wolfcrypt/src/tfm.c | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/wolfcrypt/src/tfm.c b/wolfcrypt/src/tfm.c
index 423fbabfb..26467e9bd 100755
--- a/wolfcrypt/src/tfm.c
+++ b/wolfcrypt/src/tfm.c
@@ -2115,6 +2115,12 @@ int mp_mul_2d(fp_int *a, int b, fp_int *c)
 	return MP_OKAY;
 }
 
+int mp_div_2d(fp_int* a, int b, fp_int* c, fp_int* d)
+{
+    fp_div_2d(a, b, c, d);
+    return MP_OKAY;
+}
+
 #ifdef ALT_ECC_SIZE
 void fp_copy(fp_int *a, fp_int* b)
 {
@@ -2695,12 +2701,6 @@ int mp_init_copy(fp_int * a, fp_int * b)
     return MP_OKAY;
 }
 
-int mp_div_2d(fp_int* a, int b, fp_int* c, fp_int* d)
-{
-    fp_div_2d(a, b, c, d);
-    return MP_OKAY;
-}
-
 #ifdef HAVE_COMP_KEY
 
 int mp_cnt_lsb(fp_int* a)

From 88fa36e3c0c108aa82f093c687088b02b4103fed Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Fri, 3 Jul 2015 20:53:55 -0700
Subject: [PATCH 179/350] fix enable dsa w/o opensslextra or keygen

---
 wolfssl/wolfcrypt/coding.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/wolfssl/wolfcrypt/coding.h b/wolfssl/wolfcrypt/coding.h
index 296bc3ca7..286e437a4 100644
--- a/wolfssl/wolfcrypt/coding.h
+++ b/wolfssl/wolfcrypt/coding.h
@@ -33,7 +33,7 @@
 WOLFSSL_API int Base64_Decode(const byte* in, word32 inLen, byte* out,
                                word32* outLen);
 
-#if defined(OPENSSL_EXTRA) || defined(SESSION_CERTS) || defined(WOLFSSL_KEY_GEN)                         || defined(WOLFSSL_CERT_GEN) || defined(HAVE_WEBSERVER)
+#if defined(OPENSSL_EXTRA) || defined(SESSION_CERTS) || defined(WOLFSSL_KEY_GEN)                         || defined(WOLFSSL_CERT_GEN) || defined(HAVE_WEBSERVER)                         || !defined(NO_DSA)
     #ifndef WOLFSSL_BASE64_ENCODE
         #define WOLFSSL_BASE64_ENCODE
     #endif

From 702dbcf570047abc43d0e89d1782cf0914b009fc Mon Sep 17 00:00:00 2001
From: Ludovic FLAMENT <ludovic.flament@cryptograph-ic.com>
Date: Sun, 5 Jul 2015 20:10:43 +0200
Subject: [PATCH 180/350] align return code, coding style (tab-> space, line
 with 80 char), curve_idx validity

---
 src/ssl.c                      | 3336 +++++++++++++++++---------------
 wolfcrypt/src/asn.c            |  169 +-
 wolfcrypt/src/ecc.c            |  622 +++---
 wolfcrypt/src/integer.c        |  227 +--
 wolfcrypt/src/tfm.c            |  194 +-
 wolfssl/openssl/bn.h           |   20 +-
 wolfssl/openssl/dh.h           |    9 +-
 wolfssl/openssl/dsa.h          |   25 +-
 wolfssl/openssl/ec.h           |  170 +-
 wolfssl/openssl/ecdh.h         |    9 +-
 wolfssl/openssl/ecdsa.h        |   26 +-
 wolfssl/ssl.h                  |    2 +-
 wolfssl/wolfcrypt/asn.h        |   14 +-
 wolfssl/wolfcrypt/asn_public.h |   14 +-
 wolfssl/wolfcrypt/dsa.h        |   19 +-
 wolfssl/wolfcrypt/ecc.h        |   20 +-
 16 files changed, 2562 insertions(+), 2314 deletions(-)

diff --git a/src/ssl.c b/src/ssl.c
index 564605344..a947a8aee 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -567,7 +567,7 @@ static int wolfSSL_read_internal(WOLFSSL* ssl, void* data, int sz, int peek)
 
 #ifdef HAVE_MAX_FRAGMENT
     ret = ReceiveData(ssl, (byte*)data,
-                     min(sz, min(ssl->max_fragment, OUTPUT_RECORD_SIZE)), peek);
+                      min(sz, min(ssl->max_fragment, OUTPUT_RECORD_SIZE)),peek);
 #else
     ret = ReceiveData(ssl, (byte*)data, min(sz, OUTPUT_RECORD_SIZE), peek);
 #endif
@@ -635,7 +635,8 @@ int wolfSSL_UseSNI(WOLFSSL* ssl, byte type, const void* data, word16 size)
     return TLSX_UseSNI(&ssl->extensions, type, data, size);
 }
 
-int wolfSSL_CTX_UseSNI(WOLFSSL_CTX* ctx, byte type, const void* data, word16 size)
+int wolfSSL_CTX_UseSNI(WOLFSSL_CTX* ctx, byte type,
+                       const void* data, word16 size)
 {
     if (ctx == NULL)
         return BAD_FUNC_ARG;
@@ -673,8 +674,8 @@ word16 wolfSSL_SNI_GetRequest(WOLFSSL* ssl, byte type, void** data)
     return 0;
 }
 
-int wolfSSL_SNI_GetFromBuffer(const byte* clientHello, word32 helloSz, byte type,
-                                                     byte* sni, word32* inOutSz)
+int wolfSSL_SNI_GetFromBuffer(const byte* clientHello, word32 helloSz,
+                              byte type, byte* sni, word32* inOutSz)
 {
     if (clientHello && helloSz > 0 && sni && inOutSz && *inOutSz > 0)
         return TLSX_SNI_GetFromBuffer(clientHello, helloSz, type, sni, inOutSz);
@@ -929,7 +930,8 @@ int wolfSSL_CTX_UseSessionTicket(WOLFSSL_CTX* ctx)
     return TLSX_UseSessionTicket(&ctx->extensions, NULL);
 }
 
-WOLFSSL_API int wolfSSL_get_SessionTicket(WOLFSSL* ssl, byte* buf, word32* bufSz)
+WOLFSSL_API int wolfSSL_get_SessionTicket(WOLFSSL* ssl,
+                                          byte* buf, word32* bufSz)
 {
     if (ssl == NULL || buf == NULL || bufSz == NULL || *bufSz == 0)
         return BAD_FUNC_ARG;
@@ -1371,7 +1373,7 @@ WOLFSSL_CERT_MANAGER* wolfSSL_CertManagerNew(void)
     WOLFSSL_ENTER("wolfSSL_CertManagerNew");
 
     cm = (WOLFSSL_CERT_MANAGER*) XMALLOC(sizeof(WOLFSSL_CERT_MANAGER), 0,
-                                        DYNAMIC_TYPE_CERT_MANAGER);
+                                         DYNAMIC_TYPE_CERT_MANAGER);
     if (cm) {
         XMEMSET(cm, 0, sizeof(WOLFSSL_CERT_MANAGER));
 
@@ -1429,8 +1431,7 @@ int wolfSSL_CertManagerUnloadCAs(WOLFSSL_CERT_MANAGER* cm)
 
 /* Return bytes written to buff or < 0 for error */
 int wolfSSL_CertPemToDer(const unsigned char* pem, int pemSz,
-                        unsigned char* buff, int buffSz,
-                        int type)
+                        unsigned char* buff, int buffSz, int type)
 {
     int            eccKey = 0;
     int            ret;
@@ -1455,7 +1456,7 @@ int wolfSSL_CertPemToDer(const unsigned char* pem, int pemSz,
 
 #ifdef WOLFSSL_SMALL_STACK
     info = (EncryptedInfo*)XMALLOC(sizeof(EncryptedInfo), NULL,
-                                                       DYNAMIC_TYPE_TMP_BUFFER);
+                                   DYNAMIC_TYPE_TMP_BUFFER);
     if (info == NULL)
         return MEMORY_E;
 #endif
@@ -1509,8 +1510,8 @@ static INLINE int OurPasswordCb(char* passwd, int sz, int rw, void* userdata)
 
 
 /* Return bytes written to buff or < 0 for error */
-int wolfSSL_KeyPemToDer(const unsigned char* pem, int pemSz, unsigned char* buff,
-                       int buffSz, const char* pass)
+int wolfSSL_KeyPemToDer(const unsigned char* pem, int pemSz,
+                        unsigned char* buff, int buffSz, const char* pass)
 {
     int            eccKey = 0;
     int            ret;
@@ -1530,7 +1531,7 @@ int wolfSSL_KeyPemToDer(const unsigned char* pem, int pemSz, unsigned char* buff
 
 #ifdef WOLFSSL_SMALL_STACK
     info = (EncryptedInfo*)XMALLOC(sizeof(EncryptedInfo), NULL,
-                                                       DYNAMIC_TYPE_TMP_BUFFER);
+                                   DYNAMIC_TYPE_TMP_BUFFER);
     if (info == NULL)
         return MEMORY_E;
 #endif
@@ -1554,7 +1555,7 @@ int wolfSSL_KeyPemToDer(const unsigned char* pem, int pemSz, unsigned char* buff
         wolfSSL_CTX_set_default_passwd_cb_userdata(info->ctx, (void*)pass);
     }
 #else
-	(void)pass;
+    (void)pass;
 #endif
 
     ret = PemToDer(pem, pemSz, PRIVATEKEY_TYPE, &der, NULL, info, &eccKey);
@@ -1875,8 +1876,8 @@ Signer* GetCAByName(void* vp, byte* hash)
     for (row = 0; row < CA_TABLE_SIZE && ret == NULL; row++) {
         signers = cm->caTable[row];
         while (signers && ret == NULL) {
-            if (XMEMCMP(hash,
-                           signers->subjectNameHash, SIGNER_DIGEST_SIZE) == 0) {
+            if (XMEMCMP(hash, signers->subjectNameHash,
+                        SIGNER_DIGEST_SIZE) == 0) {
                 ret = signers;
             }
             signers = signers->next;
@@ -1908,7 +1909,7 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, buffer der, int type, int verify)
 
 #ifdef WOLFSSL_SMALL_STACK
     cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL,
-                                                       DYNAMIC_TYPE_TMP_BUFFER);
+                                 DYNAMIC_TYPE_TMP_BUFFER);
     if (cert == NULL)
         return MEMORY_E;
 #endif
@@ -1929,7 +1930,7 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, buffer der, int type, int verify)
     }
 #ifndef ALLOW_INVALID_CERTSIGN
     else if (ret == 0 && cert->isCA == 1 && type != WOLFSSL_USER_CA &&
-                              (cert->extKeyUsage & KEYUSE_KEY_CERT_SIGN) == 0) {
+             (cert->extKeyUsage & KEYUSE_KEY_CERT_SIGN) == 0) {
         /* Intermediate CA certs are required to have the keyCertSign
         * extension set. User loaded root certs are not. */
         WOLFSSL_MSG("    Doesn't have key usage certificate signing");
@@ -1957,10 +1958,10 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, buffer der, int type, int verify)
         #endif
         #ifndef NO_SKID
             XMEMCPY(signer->subjectKeyIdHash, cert->extSubjKeyId,
-                                                            SIGNER_DIGEST_SIZE);
+                    SIGNER_DIGEST_SIZE);
         #endif
             XMEMCPY(signer->subjectNameHash, cert->subjectHash,
-                                                            SIGNER_DIGEST_SIZE);
+                    SIGNER_DIGEST_SIZE);
             signer->keyUsage = cert->extKeyUsageSet ? cert->extKeyUsage
                                                     : 0xFFFF;
             signer->next    = NULL; /* If Key Usage not set, all uses valid. */
@@ -2109,81 +2110,80 @@ int wolfSSL_Init(void)
 
 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
 
-static int wolfssl_decrypt_buffer_key(buffer* der, byte* password, int passwordSz, EncryptedInfo* info)
+static int wolfssl_decrypt_buffer_key(buffer* der, byte* password,
+                                      int passwordSz, EncryptedInfo* info)
 {
-	int ret;
+    int ret;
 
 #ifdef WOLFSSL_SMALL_STACK
-	byte* key      = NULL;
-	byte* iv       = NULL;
+    byte* key      = NULL;
+    byte* iv       = NULL;
 #else
-	byte  key[AES_256_KEY_SIZE];
+    byte  key[AES_256_KEY_SIZE];
 #ifndef NO_MD5
-	byte  iv[AES_IV_SIZE];
+    byte  iv[AES_IV_SIZE];
 #endif
 #endif
 
-	if (der == NULL || password == NULL || info == NULL)
-		return SSL_FATAL_ERROR;
+    if (der == NULL || password == NULL || info == NULL)
+        return SSL_FATAL_ERROR;
 
-	/* use file's salt for key derivation, hex decode first */
-	if (Base16_Decode(info->iv, info->ivSz, info->iv, &info->ivSz) != 0)
-		return ASN_INPUT_E;
+    /* use file's salt for key derivation, hex decode first */
+    if (Base16_Decode(info->iv, info->ivSz, info->iv, &info->ivSz) != 0)
+        return ASN_INPUT_E;
 
 #ifndef NO_MD5
 
 #ifdef WOLFSSL_SMALL_STACK
-	iv = (byte*)XMALLOC(AES_IV_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-	if (iv == NULL)
-		return MEMORY_E;
+    iv = (byte*)XMALLOC(AES_IV_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    if (iv == NULL)
+        return MEMORY_E;
 
-	key = (byte*)XMALLOC(AES_256_KEY_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-	if (key == NULL) {
-		XFREE(iv, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-		return MEMORY_E;
-	}
+    key = (byte*)XMALLOC(AES_256_KEY_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    if (key == NULL) {
+        XFREE(iv, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        return MEMORY_E;
+    }
 #endif /* WOLFSSL_SMALL_STACK */
 
-	if ((ret = EVP_BytesToKey(info->name, "MD5", info->iv,
-							  password, passwordSz, 1, key, iv)) <= 0) {
+    if ((ret = EVP_BytesToKey(info->name, "MD5", info->iv,
+                              password, passwordSz, 1, key, iv)) <= 0) {
 
-        #ifdef WOLFSSL_SMALL_STACK
-		    XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-		    XFREE(iv, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-        #endif
-		return ASN_INPUT_E;
-	}
+        XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        XFREE(iv, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        return ASN_INPUT_E;
+    }
 
 #endif /* NO_MD5 */
 
 #ifndef NO_DES3
-	if (XSTRNCMP(info->name, "DES-CBC", 7) == 0)
-		ret = wc_Des_CbcDecryptWithKey(der->buffer, der->buffer, der->length,
-									   key, info->iv);
-	else if (XSTRNCMP(info->name, "DES-EDE3-CBC", 12) == 0)
-		ret = wc_Des3_CbcDecryptWithKey(der->buffer, der->buffer, der->length,
-										key, info->iv);
+    if (XSTRNCMP(info->name, "DES-CBC", 7) == 0)
+        ret = wc_Des_CbcDecryptWithKey(der->buffer, der->buffer, der->length,
+                                       key, info->iv);
+    else if (XSTRNCMP(info->name, "DES-EDE3-CBC", 12) == 0)
+        ret = wc_Des3_CbcDecryptWithKey(der->buffer, der->buffer, der->length,
+                                        key, info->iv);
 #endif /* NO_DES3 */
 #ifndef NO_AES
-	else if (XSTRNCMP(info->name, "AES-128-CBC", 11) == 0)
-		ret = wc_AesCbcDecryptWithKey(der->buffer, der->buffer, der->length,
-									  key, AES_128_KEY_SIZE, info->iv);
-	else if (XSTRNCMP(info->name, "AES-192-CBC", 11) == 0)
-		ret = wc_AesCbcDecryptWithKey(der->buffer, der->buffer, der->length,
-									  key, AES_192_KEY_SIZE, info->iv);
-	else if (XSTRNCMP(info->name, "AES-256-CBC", 11) == 0)
-		ret = wc_AesCbcDecryptWithKey(der->buffer, der->buffer, der->length,
-									  key, AES_256_KEY_SIZE, info->iv);
+    else if (XSTRNCMP(info->name, "AES-128-CBC", 11) == 0)
+        ret = wc_AesCbcDecryptWithKey(der->buffer, der->buffer, der->length,
+                                      key, AES_128_KEY_SIZE, info->iv);
+    else if (XSTRNCMP(info->name, "AES-192-CBC", 11) == 0)
+        ret = wc_AesCbcDecryptWithKey(der->buffer, der->buffer, der->length,
+                                      key, AES_192_KEY_SIZE, info->iv);
+    else if (XSTRNCMP(info->name, "AES-256-CBC", 11) == 0)
+        ret = wc_AesCbcDecryptWithKey(der->buffer, der->buffer, der->length,
+                                      key, AES_256_KEY_SIZE, info->iv);
 #endif /* NO_AES */
-	else
-		ret = SSL_BAD_FILE;
+    else
+        ret = SSL_BAD_FILE;
 
 #ifdef WOLFSSL_SMALL_STACK
-	XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-	XFREE(iv, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(iv, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
-	return ret;
+    return ret;
 }
 #endif /* defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) */
 
@@ -2224,27 +2224,27 @@ int PemToDer(const unsigned char* buff, long longSz, int type,
     int         ret         = 0;
     int         dynamicType = 0;
     int         sz          = (int)longSz;
-	int			encrypted_key = 0;
+    int         encrypted_key = 0;
 
     switch (type) {
         case CA_TYPE:       /* same as below */
-        case CERT_TYPE:     header= BEGIN_CERT;     footer= END_CERT;     break;
-        case CRL_TYPE:      header= BEGIN_X509_CRL; footer= END_X509_CRL; break;
-        case DH_PARAM_TYPE: header= BEGIN_DH_PARAM; footer= END_DH_PARAM; break;
-        case CERTREQ_TYPE:  header= BEGIN_CERT_REQ; footer= END_CERT_REQ; break;
-		case DSA_TYPE:		header= BEGIN_DSA_PRIV; footer= END_DSA_PRIV; break;
-		case ECC_TYPE:		header= BEGIN_EC_PRIV;  footer= END_EC_PRIV; break;
-		case RSA_TYPE:		header= BEGIN_RSA_PRIV; footer= END_RSA_PRIV; break;
-        default:            header= BEGIN_RSA_PRIV; footer= END_RSA_PRIV; break;
+        case CERT_TYPE:     header=BEGIN_CERT;     footer=END_CERT;     break;
+        case CRL_TYPE:      header=BEGIN_X509_CRL; footer=END_X509_CRL; break;
+        case DH_PARAM_TYPE: header=BEGIN_DH_PARAM; footer=END_DH_PARAM; break;
+        case CERTREQ_TYPE:  header=BEGIN_CERT_REQ; footer=END_CERT_REQ; break;
+        case DSA_TYPE:      header=BEGIN_DSA_PRIV; footer=END_DSA_PRIV; break;
+        case ECC_TYPE:      header=BEGIN_EC_PRIV;  footer=END_EC_PRIV;  break;
+        case RSA_TYPE:      header=BEGIN_RSA_PRIV; footer=END_RSA_PRIV; break;
+        default:            header=BEGIN_RSA_PRIV; footer=END_RSA_PRIV; break;
     }
 
     switch (type) {
         case CA_TYPE:   dynamicType = DYNAMIC_TYPE_CA;   break;
         case CERT_TYPE: dynamicType = DYNAMIC_TYPE_CERT; break;
         case CRL_TYPE:  dynamicType = DYNAMIC_TYPE_CRL;  break;
-		case DSA_TYPE:	dynamicType = DYNAMIC_TYPE_DSA;  break;
-		case ECC_TYPE:	dynamicType = DYNAMIC_TYPE_ECC;  break;
-		case RSA_TYPE:	dynamicType = DYNAMIC_TYPE_RSA;  break;
+        case DSA_TYPE:  dynamicType = DYNAMIC_TYPE_DSA;  break;
+        case ECC_TYPE:  dynamicType = DYNAMIC_TYPE_ECC;  break;
+        case RSA_TYPE:  dynamicType = DYNAMIC_TYPE_RSA;  break;
         default:        dynamicType = DYNAMIC_TYPE_KEY;  break;
     }
 
@@ -2327,7 +2327,7 @@ int PemToDer(const unsigned char* buff, long longSz, int type,
                 newline++;
             headerEnd = newline;
 
-			encrypted_key = 1;
+            encrypted_key = 1;
         }
     }
 #endif /* OPENSSL_EXTRA || HAVE_WEBSERVER */
@@ -2363,8 +2363,8 @@ int PemToDer(const unsigned char* buff, long longSz, int type,
 
     der->length = (word32)neededSz;
 
-    if (Base64_Decode((byte*)headerEnd, (word32)neededSz, der->buffer,
-                                                              &der->length) < 0)
+    if (Base64_Decode((byte*)headerEnd, (word32)neededSz,
+                      der->buffer, &der->length) < 0)
         return SSL_BAD_FILE;
 
     if (header == BEGIN_PRIV_KEY && !encrypted_key) {
@@ -2394,31 +2394,33 @@ int PemToDer(const unsigned char* buff, long longSz, int type,
             return MEMORY_E;
     #endif
         passwordSz = info->ctx->passwd_cb(password, sizeof(password), 0,
-                                                           info->ctx->userdata);
+                                          info->ctx->userdata);
         /* convert and adjust length */
-		if (header == BEGIN_ENC_PRIV_KEY) {
-        	ret = ToTraditionalEnc(der->buffer, der->length, password, passwordSz);
+        if (header == BEGIN_ENC_PRIV_KEY) {
+            ret = ToTraditionalEnc(der->buffer, der->length,
+                                   password, passwordSz);
     #ifdef WOLFSSL_SMALL_STACK
-        	XFREE(password, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+            XFREE(password, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     #endif
-			if (ret < 0) {
-				XFREE(der->buffer, heap, dynamicType);
-            	return ret;
-			}
+            if (ret < 0) {
+                XFREE(der->buffer, heap, dynamicType);
+                return ret;
+            }
 
-			der->length = ret;
-		}
-		/* decrypt the key */
-		else {
-			ret = wolfssl_decrypt_buffer_key(der, (byte*)password, passwordSz, info);
+            der->length = ret;
+        }
+        /* decrypt the key */
+        else {
+            ret = wolfssl_decrypt_buffer_key(der, (byte*)password,
+                                             passwordSz, info);
     #ifdef WOLFSSL_SMALL_STACK
-        	XFREE(password, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+            XFREE(password, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     #endif
-			if (ret != 0) {
-				XFREE(der->buffer, heap, dynamicType);
-            	return ret;
-			}
-		}
+            if (ret != 0) {
+                XFREE(der->buffer, heap, dynamicType);
+                return ret;
+            }
+        }
     }
 #endif  /* OPENSSL_EXTRA || HAVE_WEBSERVER || NO_PWDBASED */
 
@@ -2467,7 +2469,7 @@ static int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
 
 #ifdef WOLFSSL_SMALL_STACK
     info = (EncryptedInfo*)XMALLOC(sizeof(EncryptedInfo), NULL,
-                                                       DYNAMIC_TYPE_TMP_BUFFER);
+                                   DYNAMIC_TYPE_TMP_BUFFER);
     if (info == NULL)
         return MEMORY_E;
 #endif
@@ -2528,7 +2530,7 @@ static int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
                 part.buffer = 0;
 
                 ret = PemToDer(buff + consumed, sz - consumed, type, &part,
-                                                           heap, info, &eccKey);
+                               heap, info, &eccKey);
                 if (ret == 0) {
                     gotOne = 1;
                     if ( (idx + part.length) > bufferSz) {
@@ -2572,9 +2574,8 @@ static int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
             if (shrinked) {
                 if (ssl) {
                     if (ssl->buffers.certChain.buffer &&
-                                                  ssl->buffers.weOwnCertChain) {
-                        XFREE(ssl->buffers.certChain.buffer, heap,
-                              dynamicType);
+                        ssl->buffers.weOwnCertChain) {
+                        XFREE(ssl->buffers.certChain.buffer, heap, dynamicType);
                     }
                     ssl->buffers.certChain.buffer = shrinked;
                     ssl->buffers.certChain.length = idx;
@@ -2615,7 +2616,7 @@ static int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
     }
 
 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
-	/* for SSL_FILETYPE_PEM, PemToDer manage the decryption if required */
+    /* for SSL_FILETYPE_PEM, PemToDer manage the decryption if required */
     if (info->set && (format != SSL_FILETYPE_PEM)) {
         /* decrypt */
         int   passwordSz;
@@ -2628,17 +2629,19 @@ static int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
     #ifdef WOLFSSL_SMALL_STACK
         password = (char*)XMALLOC(80, NULL, DYNAMIC_TYPE_TMP_BUFFER);
         if (password == NULL)
-			ret = MEMORY_E;
+            ret = MEMORY_E;
         else
     #endif
         if (!ctx || !ctx->passwd_cb) {
             ret = NO_PASSWORD;
         }
         else {
-            passwordSz = ctx->passwd_cb(password, sizeof(password), 0, ctx->userdata);
+            passwordSz = ctx->passwd_cb(password, sizeof(password),
+                                        0, ctx->userdata);
 
-			/* decrypt the key */
-			ret = wolfssl_decrypt_buffer_key(&der, (byte*)password, passwordSz, info);
+            /* decrypt the key */
+            ret = wolfssl_decrypt_buffer_key(&der, (byte*)password,
+                                             passwordSz, info);
         }
 
     #ifdef WOLFSSL_SMALL_STACK
@@ -2712,15 +2715,15 @@ static int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
 
         #ifdef WOLFSSL_SMALL_STACK
             key = (RsaKey*)XMALLOC(sizeof(RsaKey), NULL,
-                                                       DYNAMIC_TYPE_TMP_BUFFER);
+                                   DYNAMIC_TYPE_TMP_BUFFER);
             if (key == NULL)
                 return MEMORY_E;
         #endif
 
             ret = wc_InitRsaKey(key, 0);
             if (ret == 0) {
-                if (wc_RsaPrivateKeyDecode(der.buffer, &idx, key, der.length) !=
-                                                                            0) {
+                if (wc_RsaPrivateKeyDecode(der.buffer, &idx, key, der.length)
+                    != 0) {
                 #ifdef HAVE_ECC
                     /* could have DER ECC (or pkcs8 ecc), no easy way to tell */
                     eccKey = 1;  /* so try it out */
@@ -2772,7 +2775,7 @@ static int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
 
     #ifdef WOLFSSL_SMALL_STACK
         cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL,
-                                                       DYNAMIC_TYPE_TMP_BUFFER);
+                                     DYNAMIC_TYPE_TMP_BUFFER);
         if (cert == NULL)
             return MEMORY_E;
     #endif
@@ -2909,7 +2912,7 @@ int wolfSSL_CertManagerLoadCABuffer(WOLFSSL_CERT_MANAGER* cm,
 
 /* Verify the ceritficate, SSL_SUCCESS for ok, < 0 for error */
 int wolfSSL_CertManagerVerifyBuffer(WOLFSSL_CERT_MANAGER* cm, const byte* buff,
-                                   long sz, int format)
+                                    long sz, int format)
 {
     int ret = 0;
     buffer der;
@@ -2923,7 +2926,7 @@ int wolfSSL_CertManagerVerifyBuffer(WOLFSSL_CERT_MANAGER* cm, const byte* buff,
 
 #ifdef WOLFSSL_SMALL_STACK
     cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL,
-                                                       DYNAMIC_TYPE_TMP_BUFFER);
+                                 DYNAMIC_TYPE_TMP_BUFFER);
     if (cert == NULL)
         return MEMORY_E;
 #endif
@@ -2941,7 +2944,7 @@ int wolfSSL_CertManagerVerifyBuffer(WOLFSSL_CERT_MANAGER* cm, const byte* buff,
 
     #ifdef WOLFSSL_SMALL_STACK
         info = (EncryptedInfo*)XMALLOC(sizeof(EncryptedInfo), NULL,
-                                                       DYNAMIC_TYPE_TMP_BUFFER);
+                                       DYNAMIC_TYPE_TMP_BUFFER);
         if (info == NULL) {
             XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER);
             return MEMORY_E;
@@ -2995,7 +2998,7 @@ int wolfSSL_CertManagerEnableOCSP(WOLFSSL_CERT_MANAGER* cm, int options)
     #ifdef HAVE_OCSP
         if (cm->ocsp == NULL) {
             cm->ocsp = (WOLFSSL_OCSP*)XMALLOC(sizeof(WOLFSSL_OCSP), cm->heap,
-                                                             DYNAMIC_TYPE_OCSP);
+                                              DYNAMIC_TYPE_OCSP);
             if (cm->ocsp == NULL)
                 return MEMORY_E;
 
@@ -3062,7 +3065,7 @@ int wolfSSL_CertManagerCheckOCSP(WOLFSSL_CERT_MANAGER* cm, byte* der, int sz)
 
 #ifdef WOLFSSL_SMALL_STACK
     cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL,
-                                                       DYNAMIC_TYPE_TMP_BUFFER);
+                                 DYNAMIC_TYPE_TMP_BUFFER);
     if (cert == NULL)
         return MEMORY_E;
 #endif
@@ -3086,7 +3089,7 @@ int wolfSSL_CertManagerCheckOCSP(WOLFSSL_CERT_MANAGER* cm, byte* der, int sz)
 
 
 int wolfSSL_CertManagerSetOCSPOverrideURL(WOLFSSL_CERT_MANAGER* cm,
-                                                                const char* url)
+                                          const char* url)
 {
     WOLFSSL_ENTER("wolfSSL_CertManagerSetOCSPOverrideURL");
     if (cm == NULL)
@@ -3160,7 +3163,7 @@ int wolfSSL_SetOCSP_Cb(WOLFSSL* ssl,
     WOLFSSL_ENTER("wolfSSL_SetOCSP_Cb");
     if (ssl)
         return wolfSSL_CertManagerSetOCSP_Cb(ssl->ctx->cm,
-                                                     ioCb, respFreeCb, ioCbCtx);
+                                             ioCb, respFreeCb, ioCbCtx);
     else
         return BAD_FUNC_ARG;
 }
@@ -3196,12 +3199,13 @@ int wolfSSL_CTX_SetOCSP_OverrideURL(WOLFSSL_CTX* ctx, const char* url)
 }
 
 
-int wolfSSL_CTX_SetOCSP_Cb(WOLFSSL_CTX* ctx,
-                        CbOCSPIO ioCb, CbOCSPRespFree respFreeCb, void* ioCbCtx)
+int wolfSSL_CTX_SetOCSP_Cb(WOLFSSL_CTX* ctx, CbOCSPIO ioCb,
+                           CbOCSPRespFree respFreeCb, void* ioCbCtx)
 {
     WOLFSSL_ENTER("wolfSSL_CTX_SetOCSP_Cb");
     if (ctx)
-        return wolfSSL_CertManagerSetOCSP_Cb(ctx->cm, ioCb, respFreeCb, ioCbCtx);
+        return wolfSSL_CertManagerSetOCSP_Cb(ctx->cm, ioCb,
+                                             respFreeCb, ioCbCtx);
     else
         return BAD_FUNC_ARG;
 }
@@ -3334,8 +3338,8 @@ int wolfSSL_CTX_load_verify_locations(WOLFSSL_CTX* ctx, const char* file,
                 XSTRNCAT(name, "\\", 2);
                 XSTRNCAT(name, FindFileData.cFileName, MAX_FILENAME_SZ/2);
 
-                ret = ProcessFile(ctx, name, SSL_FILETYPE_PEM, CA_TYPE, NULL,0,
-                                                                          NULL);
+                ret = ProcessFile(ctx, name, SSL_FILETYPE_PEM, CA_TYPE,
+                                  NULL, 0, NULL);
             }
         } while (ret == SSL_SUCCESS && FindNextFileA(hFind, &FindFileData));
 
@@ -3376,8 +3380,8 @@ int wolfSSL_CTX_load_verify_locations(WOLFSSL_CTX* ctx, const char* file,
                 WOLFSSL_MSG("stat on name failed");
                 ret = BAD_PATH_ERROR;
             } else if (s.st_mode & S_IFREG)
-                ret = ProcessFile(ctx, name, SSL_FILETYPE_PEM, CA_TYPE, NULL,0,
-                                                                          NULL);
+                ret = ProcessFile(ctx, name, SSL_FILETYPE_PEM, CA_TYPE,
+                                  NULL, 0, NULL);
         }
 
     #ifdef WOLFSSL_SMALL_STACK
@@ -3557,7 +3561,7 @@ int wolfSSL_CertManagerCheckCRL(WOLFSSL_CERT_MANAGER* cm, byte* der, int sz)
 
 #ifdef WOLFSSL_SMALL_STACK
     cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL,
-                                                       DYNAMIC_TYPE_TMP_BUFFER);
+                                 DYNAMIC_TYPE_TMP_BUFFER);
     if (cert == NULL)
         return MEMORY_E;
 #endif
@@ -3670,7 +3674,8 @@ int wolfSSL_CTX_DisableCRL(WOLFSSL_CTX* ctx)
 }
 
 
-int wolfSSL_CTX_LoadCRL(WOLFSSL_CTX* ctx, const char* path, int type, int monitor)
+int wolfSSL_CTX_LoadCRL(WOLFSSL_CTX* ctx, const char* path,
+                        int type, int monitor)
 {
     WOLFSSL_ENTER("wolfSSL_CTX_LoadCRL");
     if (ctx)
@@ -3697,7 +3702,7 @@ int wolfSSL_CTX_SetCRL_Cb(WOLFSSL_CTX* ctx, CbMissingCRL cb)
 
 /* Add format parameter to allow DER load of CA files */
 int wolfSSL_CTX_der_load_verify_locations(WOLFSSL_CTX* ctx, const char* file,
-                                         int format)
+                                          int format)
 {
     WOLFSSL_ENTER("wolfSSL_CTX_der_load_verify_locations");
     if (ctx == NULL || file == NULL)
@@ -3760,14 +3765,14 @@ int wolfSSL_PemCertToDer(const char* fileName, unsigned char* derBuf, int derSz)
             else {
             #ifdef WOLFSSL_SMALL_STACK
                 info = (EncryptedInfo*)XMALLOC(sizeof(EncryptedInfo), NULL,
-                                                       DYNAMIC_TYPE_TMP_BUFFER);
+                                               DYNAMIC_TYPE_TMP_BUFFER);
                 if (info == NULL)
                     ret = MEMORY_E;
                 else
             #endif
                 {
-                    ret = PemToDer(fileBuf, sz, CA_TYPE, &converted, 0, info,
-                                                                          &ecc);
+                    ret = PemToDer(fileBuf, sz, CA_TYPE, &converted,
+                                   0, info, &ecc);
                 #ifdef WOLFSSL_SMALL_STACK
                     XFREE(info, NULL, DYNAMIC_TYPE_TMP_BUFFER);
                 #endif
@@ -3798,7 +3803,7 @@ int wolfSSL_PemCertToDer(const char* fileName, unsigned char* derBuf, int derSz)
 
 
 int wolfSSL_CTX_use_certificate_file(WOLFSSL_CTX* ctx, const char* file,
-                                    int format)
+                                     int format)
 {
     WOLFSSL_ENTER("wolfSSL_CTX_use_certificate_file");
     if (ProcessFile(ctx, file, format, CERT_TYPE, NULL, 0, NULL) == SSL_SUCCESS)
@@ -3808,7 +3813,8 @@ int wolfSSL_CTX_use_certificate_file(WOLFSSL_CTX* ctx, const char* file,
 }
 
 
-int wolfSSL_CTX_use_PrivateKey_file(WOLFSSL_CTX* ctx, const char* file,int format)
+int wolfSSL_CTX_use_PrivateKey_file(WOLFSSL_CTX* ctx, const char* file,
+                                    int format)
 {
     WOLFSSL_ENTER("wolfSSL_CTX_use_PrivateKey_file");
     if (ProcessFile(ctx, file, format, PRIVATEKEY_TYPE, NULL, 0, NULL)
@@ -3855,7 +3861,8 @@ int wolfSSL_CTX_use_certificate_chain_file(WOLFSSL_CTX* ctx, const char* file)
 
 /* server wrapper for ctx or ssl Diffie-Hellman parameters */
 static int wolfSSL_SetTmpDH_buffer_wrapper(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
-                                  const unsigned char* buf, long sz, int format)
+                                           const unsigned char* buf,
+                                           long sz, int format)
 {
     buffer der;
     int    ret      = 0;
@@ -4033,8 +4040,8 @@ int wolfSSL_GetDhKey_Sz(WOLFSSL* ssl)
 int wolfSSL_use_certificate_file(WOLFSSL* ssl, const char* file, int format)
 {
     WOLFSSL_ENTER("wolfSSL_use_certificate_file");
-    if (ProcessFile(ssl->ctx, file, format, CERT_TYPE, ssl, 0, NULL)
-                    == SSL_SUCCESS)
+    if (ProcessFile(ssl->ctx, file, format, CERT_TYPE,
+                    ssl, 0, NULL) == SSL_SUCCESS)
         return SSL_SUCCESS;
 
     return SSL_FAILURE;
@@ -4044,8 +4051,8 @@ int wolfSSL_use_certificate_file(WOLFSSL* ssl, const char* file, int format)
 int wolfSSL_use_PrivateKey_file(WOLFSSL* ssl, const char* file, int format)
 {
     WOLFSSL_ENTER("wolfSSL_use_PrivateKey_file");
-    if (ProcessFile(ssl->ctx, file, format, PRIVATEKEY_TYPE, ssl, 0, NULL)
-                                                                 == SSL_SUCCESS)
+    if (ProcessFile(ssl->ctx, file, format, PRIVATEKEY_TYPE,
+                    ssl, 0, NULL) == SSL_SUCCESS)
         return SSL_SUCCESS;
 
     return SSL_FAILURE;
@@ -4056,8 +4063,8 @@ int wolfSSL_use_certificate_chain_file(WOLFSSL* ssl, const char* file)
 {
    /* procces up to MAX_CHAIN_DEPTH plus subject cert */
    WOLFSSL_ENTER("wolfSSL_use_certificate_chain_file");
-   if (ProcessFile(ssl->ctx, file, SSL_FILETYPE_PEM, CERT_TYPE, ssl, 1, NULL)
-                                                                 == SSL_SUCCESS)
+   if (ProcessFile(ssl->ctx, file, SSL_FILETYPE_PEM, CERT_TYPE,
+                   ssl, 1, NULL) == SSL_SUCCESS)
        return SSL_SUCCESS;
 
    return SSL_FAILURE;
@@ -4223,7 +4230,8 @@ int wolfSSL_CTX_restore_cert_cache(WOLFSSL_CTX* ctx, const char* fname)
 #endif /* NO_FILESYSTEM */
 
 /* Persist cert cache to memory */
-int wolfSSL_CTX_memsave_cert_cache(WOLFSSL_CTX* ctx, void* mem, int sz, int* used)
+int wolfSSL_CTX_memsave_cert_cache(WOLFSSL_CTX* ctx, void* mem,
+                                   int sz, int* used)
 {
     WOLFSSL_ENTER("wolfSSL_CTX_memsave_cert_cache");
 
@@ -4869,7 +4877,8 @@ static INLINE int StoreCertRow(WOLFSSL_CERT_MANAGER* cm, byte* current, int row)
 
 
 /* Persist cert cache to memory, have lock */
-static INLINE int DoMemSaveCertCache(WOLFSSL_CERT_MANAGER* cm, void* mem, int sz)
+static INLINE int DoMemSaveCertCache(WOLFSSL_CERT_MANAGER* cm,
+                                     void* mem, int sz)
 {
     int realSz;
     int ret = SSL_SUCCESS;
@@ -5191,8 +5200,8 @@ int wolfSSL_dtls_got_timeout(WOLFSSL* ssl)
     WOLFSSL_METHOD* wolfSSLv3_client_method(void)
     {
         WOLFSSL_METHOD* method =
-                              (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), 0,
-                                                       DYNAMIC_TYPE_METHOD);
+                              (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD),
+                                                        0, DYNAMIC_TYPE_METHOD);
         WOLFSSL_ENTER("SSLv3_client_method");
         if (method)
             InitSSL_Method(method, MakeSSLv3());
@@ -5206,8 +5215,8 @@ int wolfSSL_dtls_got_timeout(WOLFSSL* ssl)
         WOLFSSL_METHOD* wolfDTLSv1_client_method(void)
         {
             WOLFSSL_METHOD* method =
-                              (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), 0,
-                                                       DYNAMIC_TYPE_METHOD);
+                              (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD),
+                                                        0, DYNAMIC_TYPE_METHOD);
             WOLFSSL_ENTER("DTLSv1_client_method");
             if (method)
                 InitSSL_Method(method, MakeDTLSv1());
@@ -5218,8 +5227,8 @@ int wolfSSL_dtls_got_timeout(WOLFSSL* ssl)
         WOLFSSL_METHOD* wolfDTLSv1_2_client_method(void)
         {
             WOLFSSL_METHOD* method =
-                              (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), 0,
-                                                       DYNAMIC_TYPE_METHOD);
+                              (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD),
+                                                        0, DYNAMIC_TYPE_METHOD);
             WOLFSSL_ENTER("DTLSv1_2_client_method");
             if (method)
                 InitSSL_Method(method, MakeDTLSv1_2());
@@ -5479,8 +5488,8 @@ int wolfSSL_dtls_got_timeout(WOLFSSL* ssl)
     WOLFSSL_METHOD* wolfSSLv3_server_method(void)
     {
         WOLFSSL_METHOD* method =
-                              (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), 0,
-                                                       DYNAMIC_TYPE_METHOD);
+                              (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD),
+                                                        0, DYNAMIC_TYPE_METHOD);
         WOLFSSL_ENTER("SSLv3_server_method");
         if (method) {
             InitSSL_Method(method, MakeSSLv3());
@@ -6786,8 +6795,9 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
 /* used to be defined on NO_FILESYSTEM only, but are generally useful */
 
     /* wolfSSL extension allows DER files to be loaded from buffers as well */
-    int wolfSSL_CTX_load_verify_buffer(WOLFSSL_CTX* ctx, const unsigned char* in,
-                                      long sz, int format)
+    int wolfSSL_CTX_load_verify_buffer(WOLFSSL_CTX* ctx,
+                                       const unsigned char* in,
+                                       long sz, int format)
     {
         WOLFSSL_ENTER("wolfSSL_CTX_load_verify_buffer");
         if (format == SSL_FILETYPE_PEM)
@@ -7096,7 +7106,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
 
 
     WOLFSSL_X509* wolfSSL_X509_STORE_CTX_get_current_cert(
-                                                     WOLFSSL_X509_STORE_CTX* ctx)
+                                                    WOLFSSL_X509_STORE_CTX* ctx)
     {
         (void)ctx;
         return 0;
@@ -8299,7 +8309,8 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
 
 
     /* SSL_SUCCESS on ok */
-    int wolfSSL_EVP_DigestInit(WOLFSSL_EVP_MD_CTX* ctx, const WOLFSSL_EVP_MD* type)
+    int wolfSSL_EVP_DigestInit(WOLFSSL_EVP_MD_CTX* ctx,
+                               const WOLFSSL_EVP_MD* type)
     {
         WOLFSSL_ENTER("EVP_DigestInit");
         if (XSTRNCMP(type, "SHA256", 6) == 0) {
@@ -8429,7 +8440,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
 
     /* SSL_SUCCESS on ok */
     int wolfSSL_EVP_DigestFinal_ex(WOLFSSL_EVP_MD_CTX* ctx, unsigned char* md,
-                                  unsigned int* s)
+                                   unsigned int* s)
     {
         WOLFSSL_ENTER("EVP_DigestFinal_ex");
         return EVP_DigestFinal(ctx, md, s);
@@ -8437,8 +8448,8 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
 
 
     unsigned char* wolfSSL_HMAC(const WOLFSSL_EVP_MD* evp_md, const void* key,
-                               int key_len, const unsigned char* d, int n,
-                               unsigned char* md, unsigned int* md_len)
+                                int key_len, const unsigned char* d, int n,
+                                unsigned char* md, unsigned int* md_len)
     {
         int type;
         unsigned char* ret = NULL;
@@ -8508,7 +8519,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
 #ifndef NO_DES3
     /* SSL_SUCCESS on ok */
     int wolfSSL_DES_key_sched(WOLFSSL_const_DES_cblock* key,
-                             WOLFSSL_DES_key_schedule* schedule)
+                              WOLFSSL_DES_key_schedule* schedule)
     {
         WOLFSSL_ENTER("DES_key_sched");
         XMEMCPY(schedule, key, sizeof(const_DES_cblock));
@@ -8517,9 +8528,9 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
 
 
     void wolfSSL_DES_cbc_encrypt(const unsigned char* input,
-                     unsigned char* output, long length,
-                     WOLFSSL_DES_key_schedule* schedule, WOLFSSL_DES_cblock* ivec,
-                     int enc)
+                                 unsigned char* output, long length,
+                                 WOLFSSL_DES_key_schedule* schedule,
+                                 WOLFSSL_DES_cblock* ivec, int enc)
     {
         Des myDes;
 
@@ -8643,8 +8654,8 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
 
 
     int wolfSSL_CTX_set_session_id_context(WOLFSSL_CTX* ctx,
-                                       const unsigned char* sid_ctx,
-                                       unsigned int sid_ctx_len)
+                                           const unsigned char* sid_ctx,
+                                           unsigned int sid_ctx_len)
     {
         /* No application specific context needed for wolfSSL */
         (void)ctx;
@@ -8662,7 +8673,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
     }
 
     unsigned long wolfSSL_ERR_get_error_line_data(const char** file, int* line,
-                                          const char** data, int *flags)
+                                                  const char** data, int *flags)
     {
         /* Not implemented */
         (void)file;
@@ -8844,8 +8855,8 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
     }
 
 
-    byte* wolfSSL_X509_get_authorityKeyID(
-                                      WOLFSSL_X509* x509, byte* dst, int* dstLen)
+    byte* wolfSSL_X509_get_authorityKeyID(WOLFSSL_X509* x509,
+                                          byte* dst, int* dstLen)
     {
         byte *id = NULL;
         int copySz = 0;
@@ -8855,7 +8866,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
         if (x509 != NULL) {
             if (x509->authKeyIdSet) {
                 copySz = min(dstLen != NULL ? *dstLen : 0,
-                                                        (int)x509->authKeyIdSz);
+                             (int)x509->authKeyIdSz);
                 id = x509->authKeyId;
             }
 
@@ -8872,8 +8883,8 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
     }
 
 
-    byte* wolfSSL_X509_get_subjectKeyID(
-                                      WOLFSSL_X509* x509, byte* dst, int* dstLen)
+    byte* wolfSSL_X509_get_subjectKeyID(WOLFSSL_X509* x509,
+                                        byte* dst, int* dstLen)
     {
         byte *id = NULL;
         int copySz = 0;
@@ -8915,7 +8926,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
 
 
     int wolfSSL_X509_NAME_get_text_by_NID(WOLFSSL_X509_NAME* name,
-                                                    int nid, char* buf, int len)
+                                          int nid, char* buf, int len)
     {
         char *text = NULL;
         int textSz = 0;
@@ -9027,7 +9038,8 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
     /* write X509 serial number in unsigned binary to buffer
        buffer needs to be at least EXTERNAL_SERIAL_SIZE (32) for all cases
        return SSL_SUCCESS on success */
-    int wolfSSL_X509_get_serial_number(WOLFSSL_X509* x509, byte* in, int* inOutSz)
+    int wolfSSL_X509_get_serial_number(WOLFSSL_X509* x509,
+                                       byte* in, int* inOutSz)
     {
         WOLFSSL_ENTER("wolfSSL_X509_get_serial_number");
         if (x509 == NULL || in == NULL ||
@@ -9137,7 +9149,8 @@ byte* wolfSSL_X509_get_hw_type(WOLFSSL_X509* x509, byte* in, int* inOutSz)
 }
 
 
-byte* wolfSSL_X509_get_hw_serial_number(WOLFSSL_X509* x509,byte* in,int* inOutSz)
+byte* wolfSSL_X509_get_hw_serial_number(WOLFSSL_X509* x509,byte* in,
+                                        int* inOutSz)
 {
     int copySz;
 
@@ -9177,15 +9190,15 @@ WOLFSSL_X509* wolfSSL_X509_d2i(WOLFSSL_X509** x509, const byte* in, int len)
 
     #ifdef WOLFSSL_SMALL_STACK
         cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL,
-                                                       DYNAMIC_TYPE_TMP_BUFFER);
+                                     DYNAMIC_TYPE_TMP_BUFFER);
         if (cert == NULL)
             return NULL;
     #endif
 
         InitDecodedCert(cert, (byte*)in, len, NULL);
         if (ParseCertRelative(cert, CERT_TYPE, 0, NULL) == 0) {
-            newX509 = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509),
-                                                       NULL, DYNAMIC_TYPE_X509);
+            newX509 = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), NULL,
+                                             DYNAMIC_TYPE_X509);
             if (newX509 != NULL) {
                 InitX509(newX509, 1);
                 if (CopyDecodedToX509(newX509, cert) != 0) {
@@ -11028,76 +11041,94 @@ const WOLFSSL_BIGNUM* wolfSSL_BN_value_one(void)
     return bn_one;
 }
 
-
+/* return compliant with OpenSSL
+ *   size of BIGNUM in bytes, 0 if error */
 int wolfSSL_BN_num_bytes(const WOLFSSL_BIGNUM* bn)
 {
     WOLFSSL_MSG("wolfSSL_BN_num_bytes");
 
     if (bn == NULL || bn->internal == NULL)
-        return 0;
+        return SSL_FAILURE;
 
     return mp_unsigned_bin_size((mp_int*)bn->internal);
 }
 
-
+/* return compliant with OpenSSL
+ *   size of BIGNUM in bits, 0 if error */
 int wolfSSL_BN_num_bits(const WOLFSSL_BIGNUM* bn)
 {
     WOLFSSL_MSG("wolfSSL_BN_num_bits");
 
     if (bn == NULL || bn->internal == NULL)
-        return 0;
+        return SSL_FAILURE;
 
     return mp_count_bits((mp_int*)bn->internal);
 }
 
-
+/* return compliant with OpenSSL
+ *   1 if BIGNUM is zero, 0 else */
 int wolfSSL_BN_is_zero(const WOLFSSL_BIGNUM* bn)
 {
     WOLFSSL_MSG("wolfSSL_BN_is_zero");
 
     if (bn == NULL || bn->internal == NULL)
-        return 0;
+        return SSL_FAILURE;
 
-    return mp_iszero((mp_int*)bn->internal);
+    if (mp_iszero((mp_int*)bn->internal) == MP_YES)
+        return SSL_SUCCESS;
+
+    return SSL_FAILURE;
 }
 
-
+/* return compliant with OpenSSL
+ *   1 if BIGNUM is one, 0 else */
 int wolfSSL_BN_is_one(const WOLFSSL_BIGNUM* bn)
 {
     WOLFSSL_MSG("wolfSSL_BN_is_one");
 
     if (bn == NULL || bn->internal == NULL)
-        return 0;
+        return SSL_FAILURE;
 
-    if (mp_cmp_d((mp_int*)bn->internal, 1) == 0)
-        return 1;
+    if (mp_cmp_d((mp_int*)bn->internal, 1) == MP_EQ)
+        return SSL_SUCCESS;
 
-    return 0;
+    return SSL_FAILURE;
 }
 
-
+/* return compliant with OpenSSL
+ *   1 if BIGNUM is odd, 0 else */
 int wolfSSL_BN_is_odd(const WOLFSSL_BIGNUM* bn)
 {
     WOLFSSL_MSG("wolfSSL_BN_is_odd");
 
     if (bn == NULL || bn->internal == NULL)
-        return 0;
+        return SSL_FAILURE;
 
-    return mp_isodd((mp_int*)bn->internal);
+    if (mp_isodd((mp_int*)bn->internal) == MP_YES)
+        return SSL_SUCCESS;
+
+    return SSL_FAILURE;
 }
 
-
+/* return compliant with OpenSSL
+ *   -1 if a < b, 0 if a == b and 1 if a > b
+ */
 int wolfSSL_BN_cmp(const WOLFSSL_BIGNUM* a, const WOLFSSL_BIGNUM* b)
 {
+    int ret;
+
     WOLFSSL_MSG("wolfSSL_BN_cmp");
 
-    if (a == NULL || a->internal == NULL || b == NULL || b->internal ==NULL)
-        return 0;
+    if (a == NULL || a->internal == NULL || b == NULL || b->internal == NULL)
+        return SSL_FATAL_ERROR;
 
-    return mp_cmp((mp_int*)a->internal, (mp_int*)b->internal);
+    ret = mp_cmp((mp_int*)a->internal, (mp_int*)b->internal);
+
+    return (ret == MP_EQ ? 0 : (ret == MP_GT ? 1 : -1));
 }
 
-
+/* return compliant with OpenSSL
+ *   length of BIGNUM in bytes, -1 if error */
 int wolfSSL_BN_bn2bin(const WOLFSSL_BIGNUM* bn, unsigned char* r)
 {
     WOLFSSL_MSG("wolfSSL_BN_bn2bin");
@@ -11137,14 +11168,15 @@ WOLFSSL_BIGNUM* wolfSSL_BN_bin2bn(const unsigned char* str, int len,
     return ret;
 }
 
-
+/* return compliant with OpenSSL
+ *   1 if success, 0 if error */
 int wolfSSL_mask_bits(WOLFSSL_BIGNUM* bn, int n)
 {
     (void)bn;
     (void)n;
     WOLFSSL_MSG("wolfSSL_BN_mask_bits");
 
-    return SSL_FATAL_ERROR;
+    return SSL_FAILURE;
 }
 
 
@@ -11214,30 +11246,35 @@ int wolfSSL_BN_rand(WOLFSSL_BIGNUM* bn, int bits, int top, int bottom)
     return ret;
 }
 
-
+/* return code compliant with OpenSSL :
+ *   1 if bit set, 0 else
+ */
 int wolfSSL_BN_is_bit_set(const WOLFSSL_BIGNUM* bn, int n)
 {
-   	if (bn == NULL || bn->internal == NULL) {
-		WOLFSSL_MSG("bn NULL error");
-		return 0;
-	}
+    if (bn == NULL || bn->internal == NULL) {
+        WOLFSSL_MSG("bn NULL error");
+        return SSL_FAILURE;
+    }
 
-	return mp_is_bit_set((mp_int*)bn->internal, n);
+    return mp_is_bit_set((mp_int*)bn->internal, n);
 }
 
+/* return code compliant with OpenSSL :
+ *   1 if success, 0 else
+ */
 int wolfSSL_BN_set_bit(WOLFSSL_BIGNUM* bn, int n)
 {
-	if (bn == NULL || bn->internal == NULL) {
-		WOLFSSL_MSG("bn NULL error");
-		return 0;
-	}
+    if (bn == NULL || bn->internal == NULL) {
+        WOLFSSL_MSG("bn NULL error");
+        return SSL_FAILURE;
+    }
 
-	if (mp_set_int((mp_int*)bn->internal, n) != MP_OKAY) {
-		WOLFSSL_MSG("mp_set_int error");
-		return 0;
-	}
+    if (mp_set_int((mp_int*)bn->internal, n) != MP_OKAY) {
+        WOLFSSL_MSG("mp_set_int error");
+        return SSL_FAILURE;
+    }
 
-	return 1;
+    return SSL_SUCCESS;
 }
 
 
@@ -11309,7 +11346,7 @@ WOLFSSL_BIGNUM* wolfSSL_BN_dup(const WOLFSSL_BIGNUM* bn)
         return NULL;
     }
 
-	ret->neg = bn->neg;
+    ret->neg = bn->neg;
 
     return ret;
 }
@@ -11319,30 +11356,34 @@ WOLFSSL_BIGNUM* wolfSSL_BN_copy(WOLFSSL_BIGNUM* r, const WOLFSSL_BIGNUM* bn)
 {
     WOLFSSL_MSG("wolfSSL_BN_copy");
 
-	if (mp_copy((mp_int*)bn->internal, (mp_int*)r->internal) != MP_OKAY) {
-		WOLFSSL_MSG("mp_copy error");
-		return NULL;
-	}
+    if (mp_copy((mp_int*)bn->internal, (mp_int*)r->internal) != MP_OKAY) {
+        WOLFSSL_MSG("mp_copy error");
+        return NULL;
+    }
 
-	r->neg = bn->neg;
+    r->neg = bn->neg;
 
     return r;
 }
 
-
+/* return code compliant with OpenSSL :
+ *   1 if success, 0 else
+ */
 int wolfSSL_BN_set_word(WOLFSSL_BIGNUM* bn, WOLFSSL_BN_ULONG w)
 {
     WOLFSSL_MSG("wolfSSL_BN_set_word");
 
-	if (mp_set_int((mp_int*)bn->internal, w) != MP_OKAY) {
-		WOLFSSL_MSG("mp_init_set_int error");
-		return 0;
-	}
+    if (mp_set_int((mp_int*)bn->internal, w) != MP_OKAY) {
+        WOLFSSL_MSG("mp_init_set_int error");
+        return SSL_FAILURE;
+    }
 
-    return 1;
+    return SSL_SUCCESS;
 }
 
-
+/* return code compliant with OpenSSL :
+ *   number length in decimal if success, 0 if error
+ */
 int wolfSSL_BN_dec2bn(WOLFSSL_BIGNUM** bn, const char* str)
 {
     (void)bn;
@@ -11350,7 +11391,7 @@ int wolfSSL_BN_dec2bn(WOLFSSL_BIGNUM** bn, const char* str)
 
     WOLFSSL_MSG("wolfSSL_BN_dec2bn");
 
-    return SSL_FATAL_ERROR;
+    return SSL_FAILURE;
 }
 
 
@@ -11363,250 +11404,282 @@ char* wolfSSL_BN_bn2dec(const WOLFSSL_BIGNUM* bn)
     return NULL;
 }
 
+/* return code compliant with OpenSSL :
+ *   1 if success, 0 else
+ */
 int wolfSSL_BN_lshift(WOLFSSL_BIGNUM *r, const WOLFSSL_BIGNUM *bn, int n)
 {
-	WOLFSSL_MSG("wolfSSL_BN_lshift");
+    WOLFSSL_MSG("wolfSSL_BN_lshift");
 
-	if (bn == NULL || bn->internal == NULL) {
-		WOLFSSL_MSG("bn NULL error");
-		return 0;
-	}
+    if (bn == NULL || bn->internal == NULL) {
+        WOLFSSL_MSG("bn NULL error");
+        return SSL_FAILURE;
+    }
 
-	/*  create new bn for res, if not done before */
-	if (r == NULL)
-		r = wolfSSL_BN_new();
+    /*  create new bn for res, if not done before */
+    if (r == NULL)
+        r = wolfSSL_BN_new();
 
-	if (r == NULL) {
-		WOLFSSL_MSG("bn new error");
-		return 0;
-	}
+    if (r == NULL) {
+        WOLFSSL_MSG("bn new error");
+        return SSL_FAILURE;
+    }
 
-	if (mp_mul_2d((mp_int*)bn->internal, n, (mp_int*)r->internal) != MP_OKAY) {
-		WOLFSSL_MSG("mp_mul_2d error");
-		return 0;
-	}
+    if (mp_mul_2d((mp_int*)bn->internal, n, (mp_int*)r->internal) != MP_OKAY) {
+        WOLFSSL_MSG("mp_mul_2d error");
+        return SSL_FAILURE;
+    }
 
-	return 1;
+    return SSL_SUCCESS;
 }
 
+/* return code compliant with OpenSSL :
+ *   1 if success, 0 else
+ */
 int wolfSSL_BN_rshift(WOLFSSL_BIGNUM *r, const WOLFSSL_BIGNUM *bn, int n)
 {
-	WOLFSSL_MSG("wolfSSL_BN_rshift");
+    WOLFSSL_MSG("wolfSSL_BN_rshift");
 
-	if (bn == NULL || bn->internal == NULL) {
-		WOLFSSL_MSG("bn NULL error");
-		return 0;
-	}
+    if (bn == NULL || bn->internal == NULL) {
+        WOLFSSL_MSG("bn NULL error");
+        return SSL_FAILURE;
+    }
 
-	/*  create new bn for res, if not done before */
-	if (r == NULL)
-		r = wolfSSL_BN_new();
+    /*  create new bn for res, if not done before */
+    if (r == NULL)
+        r = wolfSSL_BN_new();
 
-	if (r == NULL) {
-		WOLFSSL_MSG("bn new error");
-		return 0;
-	}
+    if (r == NULL) {
+        WOLFSSL_MSG("bn new error");
+        return SSL_FAILURE;
+    }
 
-	if (mp_div_2d((mp_int*)bn->internal, n, (mp_int*)r->internal, NULL) != MP_OKAY) {
-		WOLFSSL_MSG("mp_mul_2d error");
-		return 0;
-	}
+    if (mp_div_2d((mp_int*)bn->internal, n,
+                  (mp_int*)r->internal, NULL) != MP_OKAY) {
+        WOLFSSL_MSG("mp_mul_2d error");
+        return SSL_FAILURE;
+    }
 
-	return 1;
+    return SSL_SUCCESS;
 
 }
 
+/* return code compliant with OpenSSL :
+ *   1 if success, 0 else
+ */
 int wolfSSL_BN_add_word(WOLFSSL_BIGNUM *bn, WOLFSSL_BN_ULONG w)
 {
-	WOLFSSL_MSG("wolfSSL_BN_add_word");
+    WOLFSSL_MSG("wolfSSL_BN_add_word");
 
-	if (bn == NULL || bn->internal == NULL) {
-		WOLFSSL_MSG("bn NULL error");
-		return 0;
-	}
+    if (bn == NULL || bn->internal == NULL) {
+        WOLFSSL_MSG("bn NULL error");
+        return SSL_FAILURE;
+    }
 
-	if (mp_add_d((mp_int*)bn->internal, w, (mp_int*)bn->internal) != MP_OKAY) {
-		WOLFSSL_MSG("mp_add_d error");
-		return 0;
-	}
+    if (mp_add_d((mp_int*)bn->internal, w, (mp_int*)bn->internal) != MP_OKAY) {
+        WOLFSSL_MSG("mp_add_d error");
+        return SSL_FAILURE;
+    }
 
-	return 1;
+    return SSL_SUCCESS;
 }
 
+/* return code compliant with OpenSSL :
+ *   1 if success, 0 else
+ */
 int wolfSSL_BN_add(WOLFSSL_BIGNUM *r, WOLFSSL_BIGNUM *a, WOLFSSL_BIGNUM *b)
 {
-	WOLFSSL_MSG("wolfSSL_BN_add");
+    WOLFSSL_MSG("wolfSSL_BN_add");
 
-	if (r == NULL || r->internal == NULL || a == NULL || a->internal == NULL || b == NULL || b->internal == NULL) {
-		WOLFSSL_MSG("bn NULL error");
-		return 0;
-	}
+    if (r == NULL || r->internal == NULL || a == NULL || a->internal == NULL ||
+        b == NULL || b->internal == NULL) {
+        WOLFSSL_MSG("bn NULL error");
+        return SSL_FAILURE;
+    }
 
-	if (mp_add((mp_int*)a->internal, (mp_int*)b->internal, (mp_int*)r->internal) != MP_OKAY) {
-		WOLFSSL_MSG("mp_add_d error");
-		return 0;
-	}
+    if (mp_add((mp_int*)a->internal, (mp_int*)b->internal,
+               (mp_int*)r->internal) != MP_OKAY) {
+        WOLFSSL_MSG("mp_add_d error");
+        return SSL_FAILURE;
+    }
 
-	return 1;
+    return SSL_SUCCESS;
 }
 
 #ifdef WOLFSSL_KEY_GEN
 
-int wolfSSL_BN_is_prime_ex(const WOLFSSL_BIGNUM *bn, int nbchecks, WOLFSSL_BN_CTX *ctx, WOLFSSL_BN_GENCB *cb)
+/* return code compliant with OpenSSL :
+ *   1 if prime, 0 if not, -1 if error
+ */
+int wolfSSL_BN_is_prime_ex(const WOLFSSL_BIGNUM *bn, int nbchecks,
+                           WOLFSSL_BN_CTX *ctx, WOLFSSL_BN_GENCB *cb)
 {
-	(void)ctx;
-	(void)cb;
+    (void)ctx;
+    (void)cb;
 
-	int res;
+    int res;
 
-	WOLFSSL_MSG("wolfSSL_BN_is_prime_ex");
+    WOLFSSL_MSG("wolfSSL_BN_is_prime_ex");
 
-	if (bn == NULL || bn->internal == NULL) {
-		WOLFSSL_MSG("bn NULL error");
-		return 0;
-	}
+    if (bn == NULL || bn->internal == NULL) {
+        WOLFSSL_MSG("bn NULL error");
+        return SSL_FATAL_ERROR;
+    }
 
-	if (mp_prime_is_prime((mp_int*)bn->internal, nbchecks, &res) != MP_OKAY) {
-		WOLFSSL_MSG("mp_prime_is_prime error");
-		return 0;
-	}
+    if (mp_prime_is_prime((mp_int*)bn->internal, nbchecks, &res) != MP_OKAY) {
+        WOLFSSL_MSG("mp_prime_is_prime error");
+        return SSL_FATAL_ERROR;
+    }
 
-	if (res != MP_YES) {
-		WOLFSSL_MSG("mp_prime_is_prime not prime");
-		return 0;
-	}
+    if (res != MP_YES) {
+        WOLFSSL_MSG("mp_prime_is_prime not prime");
+        return SSL_FAILURE;
+    }
 
-	return 1;
+    return SSL_SUCCESS;
 }
 #endif /* #ifdef WOLFSSL_KEY_GEN */
 
-WOLFSSL_BN_ULONG wolfSSL_BN_mod_word(const WOLFSSL_BIGNUM *bn, WOLFSSL_BN_ULONG w)
+/* return code compliant with OpenSSL :
+ *   (bn mod w) if success, -1 if error
+ */
+WOLFSSL_BN_ULONG wolfSSL_BN_mod_word(const WOLFSSL_BIGNUM *bn,
+                                     WOLFSSL_BN_ULONG w)
 {
-	mp_int mod, res;
-	WOLFSSL_BN_ULONG ret = 0;
+    mp_int mod, res;
+    WOLFSSL_BN_ULONG ret = 0;
 
-	WOLFSSL_MSG("wolfSSL_BN_mod_word");
+    WOLFSSL_MSG("wolfSSL_BN_mod_word");
 
-	if (bn == NULL || bn->internal == NULL) {
-		WOLFSSL_MSG("bn NULL error");
-		return 0;
-	}
+    if (bn == NULL || bn->internal == NULL) {
+        WOLFSSL_MSG("bn NULL error");
+        return SSL_FATAL_ERROR;
+    }
 
-	if (mp_init_multi(&mod, &res, NULL, NULL, NULL, NULL) != MP_OKAY) {
-		WOLFSSL_MSG("mp_init error");
-		return 0;
-	}
+    if (mp_init_multi(&mod, &res, NULL, NULL, NULL, NULL) != MP_OKAY) {
+        WOLFSSL_MSG("mp_init error");
+        return SSL_FATAL_ERROR;
+    }
 
-	if (mp_set_int(&mod, w) != MP_OKAY) {
-		WOLFSSL_MSG("mp_set_int error");
-		mp_clear(&mod);
-		return 0;
-	}
+    if (mp_set_int(&mod, w) != MP_OKAY) {
+        WOLFSSL_MSG("mp_set_int error");
+        mp_clear(&mod);
+        return SSL_FATAL_ERROR;
+    }
 
-	if (mp_mod((mp_int*)bn->internal, &mod, &res) != MP_OKAY) {
-		WOLFSSL_MSG("mp_add_d error");
-		mp_clear(&mod);
-		mp_clear(&res);
-		return 0;
-	}
+    if (mp_mod((mp_int*)bn->internal, &mod, &res) != MP_OKAY) {
+        WOLFSSL_MSG("mp_add_d error");
+        mp_clear(&mod);
+        mp_clear(&res);
+        return SSL_FATAL_ERROR;
+    }
 
-	ret = res.dp[0];
+    ret = res.dp[0];
 
-	mp_clear(&mod);
-	mp_clear(&res);
-	return ret;
+    mp_clear(&mod);
+    mp_clear(&res);
+    return ret;
 }
 
 #if (defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY)) && defined(HAVE_ECC)
 char *wolfSSL_BN_bn2hex(const WOLFSSL_BIGNUM *bn)
 {
-	int len = 0;
-	char *buf;
+    int len = 0;
+    char *buf;
 
-	WOLFSSL_MSG("wolfSSL_BN_bn2hex");
+    WOLFSSL_MSG("wolfSSL_BN_bn2hex");
 
-	if (bn == NULL || bn->internal == NULL) {
-		WOLFSSL_MSG("bn NULL error");
-		return NULL;
-	}
+    if (bn == NULL || bn->internal == NULL) {
+        WOLFSSL_MSG("bn NULL error");
+        return NULL;
+    }
 
-	if (mp_radix_size((mp_int*)bn->internal, 16, &len) != MP_OKAY) {
-		WOLFSSL_MSG("mp_radix_size failure");
-		return NULL;
-	}
+    if (mp_radix_size((mp_int*)bn->internal, 16, &len) != MP_OKAY) {
+        WOLFSSL_MSG("mp_radix_size failure");
+        return NULL;
+    }
 
-	buf = (char*) XMALLOC(len, NULL, DYNAMIC_TYPE_ECC);
-	if (buf == NULL) {
-		WOLFSSL_MSG("wolfSSL_BN_bn2hex malloc buffer failure");
-		return NULL;
-	}
+    buf = (char*) XMALLOC(len, NULL, DYNAMIC_TYPE_ECC);
+    if (buf == NULL) {
+        WOLFSSL_MSG("wolfSSL_BN_bn2hex malloc buffer failure");
+        return NULL;
+    }
 
-	if (mp_toradix((mp_int*)bn->internal, buf, 16) != MP_OKAY) {
-		XFREE(buf, NULL, DYNAMIC_TYPE_ECC);
-		return NULL;
-	}
+    if (mp_toradix((mp_int*)bn->internal, buf, 16) != MP_OKAY) {
+        XFREE(buf, NULL, DYNAMIC_TYPE_ECC);
+        return NULL;
+    }
 
-	return buf;
+    return buf;
 }
 
+/* return code compliant with OpenSSL :
+ *   1 if success, 0 if error
+ */
 int wolfSSL_BN_print_fp(FILE *fp, const WOLFSSL_BIGNUM *bn)
 {
-	char *buf;
+    char *buf;
 
-	WOLFSSL_MSG("wolfSSL_BN_print_fp");
+    WOLFSSL_MSG("wolfSSL_BN_print_fp");
 
-	if (fp == NULL || bn == NULL || bn->internal == NULL) {
-		WOLFSSL_MSG("bn NULL error");
-		return 0;
-	}
+    if (fp == NULL || bn == NULL || bn->internal == NULL) {
+        WOLFSSL_MSG("bn NULL error");
+        return SSL_FAILURE;
+    }
 
-	buf = wolfSSL_BN_bn2hex(bn);
-	if (buf == NULL) {
-		WOLFSSL_MSG("wolfSSL_BN_bn2hex failure");
-		return 0;
-	}
+    buf = wolfSSL_BN_bn2hex(bn);
+    if (buf == NULL) {
+        WOLFSSL_MSG("wolfSSL_BN_bn2hex failure");
+        return SSL_FAILURE;
+    }
 
-	fprintf(fp, "%s", buf);
-	XFREE(buf, NULL, DYNAMIC_TYPE_ECC);
-	return 1;
+    fprintf(fp, "%s", buf);
+    XFREE(buf, NULL, DYNAMIC_TYPE_ECC);
+
+    return SSL_SUCCESS;
 }
+
 #else /* defined(HAVE_ECC) */
+
 char *wolfSSL_BN_bn2hex(const WOLFSSL_BIGNUM *bn)
 {
-	(void)bn;
+    (void)bn;
 
-	WOLFSSL_MSG("wolfSSL_BN_bn2hex not implemented");
+    WOLFSSL_MSG("wolfSSL_BN_bn2hex not implemented");
 
-	return (char*)"";
+    return (char*)"";
 }
 
+/* return code compliant with OpenSSL :
+ *   1 if success, 0 if error
+ */
 int wolfSSL_BN_print_fp(FILE *fp, const WOLFSSL_BIGNUM *bn)
 {
-	(void)fp;
-	(void)bn;
+    (void)fp;
+    (void)bn;
 
-	WOLFSSL_MSG("wolfSSL_BN_print_fp not implemented");
+    WOLFSSL_MSG("wolfSSL_BN_print_fp not implemented");
 
-	return 1;
+    return SSL_SUCCESS;
 }
-#endif /* (defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY)) && defined(HAVE_ECC) */
+#endif /*(defined(WOLFSSL_KEY_GEN)||defined(HAVE_COMP_KEY))&&defined(HAVE_ECC)*/
 
 WOLFSSL_BIGNUM *wolfSSL_BN_CTX_get(WOLFSSL_BN_CTX *ctx)
 {
-	/* ctx is not used, return new Bignum */
-	(void)ctx;
+    /* ctx is not used, return new Bignum */
+    (void)ctx;
 
-	WOLFSSL_ENTER("wolfSSL_BN_CTX_get");
+    WOLFSSL_ENTER("wolfSSL_BN_CTX_get");
 
-	return wolfSSL_BN_new();
+    return wolfSSL_BN_new();
 }
 
 void wolfSSL_BN_CTX_start(WOLFSSL_BN_CTX *ctx)
 {
-	(void)ctx;
+    (void)ctx;
 
-	WOLFSSL_ENTER("wolfSSL_BN_CTX_start");
-	WOLFSSL_MSG("wolfSSL_BN_CTX_start TBD");
+    WOLFSSL_ENTER("wolfSSL_BN_CTX_start");
+    WOLFSSL_MSG("wolfSSL_BN_CTX_start TBD");
 }
 
 #ifndef NO_DH
@@ -11717,7 +11790,7 @@ static int SetDhInternal(WOLFSSL_DH* dh)
             WOLFSSL_MSG("Bad DH SetKey");
         else {
             dh->inSet = 1;
-            ret = 0;
+            ret = SSL_SUCCESS;
         }
 
     #ifdef WOLFSSL_SMALL_STACK
@@ -11730,22 +11803,26 @@ static int SetDhInternal(WOLFSSL_DH* dh)
     return ret;
 }
 
-
+/* return code compliant with OpenSSL :
+ *   DH prime size in bytes if success, 0 if error
+ */
 int wolfSSL_DH_size(WOLFSSL_DH* dh)
 {
     WOLFSSL_MSG("wolfSSL_DH_size");
 
     if (dh == NULL)
-        return 0;
+        return SSL_FATAL_ERROR;
 
     return wolfSSL_BN_num_bytes(dh->p);
 }
 
 
-/* return SSL_SUCCESS on ok, else 0 */
+/* return code compliant with OpenSSL :
+ *   1 if success, 0 if error
+ */
 int wolfSSL_DH_generate_key(WOLFSSL_DH* dh)
 {
-    int            ret    = 0;
+    int            ret    = SSL_FAILURE;
     word32         pubSz  = 768;
     word32         privSz = 768;
     int            initTmpRng = 0;
@@ -11777,7 +11854,7 @@ int wolfSSL_DH_generate_key(WOLFSSL_DH* dh)
 
     if (dh == NULL || dh->p == NULL || dh->g == NULL)
         WOLFSSL_MSG("Bad function arguments");
-    else if (dh->inSet == 0 && SetDhInternal(dh) < 0)
+    else if (dh->inSet == 0 && SetDhInternal(dh) != SSL_SUCCESS)
             WOLFSSL_MSG("Bad DH set internal");
     else if (wc_InitRng(tmpRNG) == 0) {
         rng = tmpRNG;
@@ -11836,11 +11913,13 @@ int wolfSSL_DH_generate_key(WOLFSSL_DH* dh)
 }
 
 
-/* return key size on ok, 0 otherwise */
+/* return code compliant with OpenSSL :
+ *   size of shared secret if success, -1 if error
+ */
 int wolfSSL_DH_compute_key(unsigned char* key, WOLFSSL_BIGNUM* otherPub,
                           WOLFSSL_DH* dh)
 {
-    int            ret    = 0;
+    int            ret    = SSL_FATAL_ERROR;
     word32         keySz  = 0;
     word32         pubSz  = 1024;
     word32         privSz = 1024;
@@ -11862,7 +11941,7 @@ int wolfSSL_DH_compute_key(unsigned char* key, WOLFSSL_BIGNUM* otherPub,
     priv = (unsigned char*)XMALLOC(privSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     if (priv == NULL) {
         XFREE(pub, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-        return 0;
+        return ret;
     }
 #endif
 
@@ -11880,8 +11959,8 @@ int wolfSSL_DH_compute_key(unsigned char* key, WOLFSSL_BIGNUM* otherPub,
 
         if (privSz <= 0 || pubSz <= 0)
             WOLFSSL_MSG("Bad BN2bin set");
-        else if (wc_DhAgree((DhKey*)dh->internal, key, &keySz, priv, privSz, pub,
-                                                                     pubSz) < 0)
+        else if (wc_DhAgree((DhKey*)dh->internal, key, &keySz,
+                            priv, privSz, pub, pubSz) < 0)
             WOLFSSL_MSG("wc_DhAgree failed");
         else
             ret = (int)keySz;
@@ -12094,29 +12173,29 @@ static int SetIndividualExternal(WOLFSSL_BIGNUM** bn, mp_int* mpi)
         return SSL_FATAL_ERROR;
     }
 
-    return 0;
+    return SSL_SUCCESS;
 }
 
 static int SetIndividualInternal(WOLFSSL_BIGNUM* bn, mp_int* mpi)
 {
-	WOLFSSL_MSG("Entering SetIndividualInternal");
+    WOLFSSL_MSG("Entering SetIndividualInternal");
 
-	if (bn == NULL) {
-		WOLFSSL_MSG("bn NULL error");
-		return SSL_FATAL_ERROR;
-	}
+    if (bn == NULL) {
+        WOLFSSL_MSG("bn NULL error");
+        return SSL_FATAL_ERROR;
+    }
 
-	if (mpi == NULL || (mp_init(mpi) != MP_OKAY)) {
-		WOLFSSL_MSG("mpi NULL error");
-		return SSL_FATAL_ERROR;
-	}
+    if (mpi == NULL || (mp_init(mpi) != MP_OKAY)) {
+        WOLFSSL_MSG("mpi NULL error");
+        return SSL_FATAL_ERROR;
+    }
 
-	if (mp_copy((mp_int*)bn->internal, mpi) != MP_OKAY) {
-		WOLFSSL_MSG("mp_copy error");
-		return SSL_FATAL_ERROR;
-	}
+    if (mp_copy((mp_int*)bn->internal, mpi) != MP_OKAY) {
+        WOLFSSL_MSG("mp_copy error");
+        return SSL_FATAL_ERROR;
+    }
 
-	return 0;
+    return SSL_SUCCESS;
 }
 #endif /* !NO_RSA && !NO_DSA */
 
@@ -12135,77 +12214,82 @@ static int SetDsaExternal(WOLFSSL_DSA* dsa)
 
     key = (DsaKey*)dsa->internal;
 
-    if (SetIndividualExternal(&dsa->p, &key->p) < 0) {
+    if (SetIndividualExternal(&dsa->p, &key->p) != SSL_SUCCESS) {
         WOLFSSL_MSG("dsa p key error");
         return SSL_FATAL_ERROR;
     }
 
-    if (SetIndividualExternal(&dsa->q, &key->q) < 0) {
+    if (SetIndividualExternal(&dsa->q, &key->q) != SSL_SUCCESS) {
         WOLFSSL_MSG("dsa q key error");
         return SSL_FATAL_ERROR;
     }
 
-    if (SetIndividualExternal(&dsa->g, &key->g) < 0) {
+    if (SetIndividualExternal(&dsa->g, &key->g) != SSL_SUCCESS) {
         WOLFSSL_MSG("dsa g key error");
         return SSL_FATAL_ERROR;
     }
 
-    if (SetIndividualExternal(&dsa->pub_key, &key->y) < 0) {
+    if (SetIndividualExternal(&dsa->pub_key, &key->y) != SSL_SUCCESS) {
         WOLFSSL_MSG("dsa y key error");
         return SSL_FATAL_ERROR;
     }
 
-    if (SetIndividualExternal(&dsa->priv_key, &key->x) < 0) {
+    if (SetIndividualExternal(&dsa->priv_key, &key->x) != SSL_SUCCESS) {
         WOLFSSL_MSG("dsa x key error");
         return SSL_FATAL_ERROR;
     }
 
     dsa->exSet = 1;
 
-    return 0;
+    return SSL_SUCCESS;
 }
 
 /* Openssl -> WolfSSL */
 static int SetDsaInternal(WOLFSSL_DSA* dsa)
 {
-	DsaKey* key;
-	WOLFSSL_MSG("Entering SetDsaInternal");
+    DsaKey* key;
+    WOLFSSL_MSG("Entering SetDsaInternal");
 
-	if (dsa == NULL || dsa->internal == NULL) {
-		WOLFSSL_MSG("dsa key NULL error");
-		return SSL_FATAL_ERROR;
-	}
+    if (dsa == NULL || dsa->internal == NULL) {
+        WOLFSSL_MSG("dsa key NULL error");
+        return SSL_FATAL_ERROR;
+    }
 
-	key = (DsaKey*)dsa->internal;
+    key = (DsaKey*)dsa->internal;
 
-	if (dsa->p != NULL && SetIndividualInternal(dsa->p, &key->p) < 0) {
-		WOLFSSL_MSG("rsa p key error");
-		return SSL_FATAL_ERROR;
-	}
+    if (dsa->p != NULL &&
+        SetIndividualInternal(dsa->p, &key->p) != SSL_SUCCESS) {
+        WOLFSSL_MSG("rsa p key error");
+        return SSL_FATAL_ERROR;
+    }
 
-	if (dsa->q != NULL && SetIndividualInternal(dsa->q, &key->q) < 0) {
-		WOLFSSL_MSG("rsa q key error");
-		return SSL_FATAL_ERROR;
-	}
+    if (dsa->q != NULL &&
+        SetIndividualInternal(dsa->q, &key->q) != SSL_SUCCESS) {
+        WOLFSSL_MSG("rsa q key error");
+        return SSL_FATAL_ERROR;
+    }
 
-	if (dsa->g != NULL && SetIndividualInternal(dsa->g, &key->g) < 0) {
-		WOLFSSL_MSG("rsa g key error");
-		return SSL_FATAL_ERROR;
-	}
+    if (dsa->g != NULL &&
+        SetIndividualInternal(dsa->g, &key->g) != SSL_SUCCESS) {
+        WOLFSSL_MSG("rsa g key error");
+        return SSL_FATAL_ERROR;
+    }
 
-	if (dsa->pub_key != NULL && SetIndividualInternal(dsa->pub_key, &key->y) < 0) {
-		WOLFSSL_MSG("rsa pub_key error");
-		return SSL_FATAL_ERROR;
-	}
+    if (dsa->pub_key != NULL &&
+        SetIndividualInternal(dsa->pub_key, &key->y) != SSL_SUCCESS) {
+        WOLFSSL_MSG("rsa pub_key error");
+        return SSL_FATAL_ERROR;
+    }
 
-	if (dsa->priv_key != NULL && SetIndividualInternal(dsa->priv_key, &key->x) < 0) {
-		WOLFSSL_MSG("rsa priv_key error");
-		return SSL_FATAL_ERROR;
-	}
+    if (dsa->priv_key != NULL &&
+        SetIndividualInternal(dsa->priv_key, &key->x) != SSL_SUCCESS) {
+        WOLFSSL_MSG("rsa priv_key error");
+        return SSL_FATAL_ERROR;
+    }
 
-	dsa->inSet = 1;
+    dsa->inSet = 1;
 
-	return 0;
+    return SSL_SUCCESS;
 }
 #endif /* NO_DSA */
 
@@ -12224,113 +12308,119 @@ static int SetRsaExternal(WOLFSSL_RSA* rsa)
 
     key = (RsaKey*)rsa->internal;
 
-    if (SetIndividualExternal(&rsa->n, &key->n) < 0) {
+    if (SetIndividualExternal(&rsa->n, &key->n) != SSL_SUCCESS) {
         WOLFSSL_MSG("rsa n key error");
         return SSL_FATAL_ERROR;
     }
 
-    if (SetIndividualExternal(&rsa->e, &key->e) < 0) {
+    if (SetIndividualExternal(&rsa->e, &key->e) != SSL_SUCCESS) {
         WOLFSSL_MSG("rsa e key error");
         return SSL_FATAL_ERROR;
     }
 
-    if (SetIndividualExternal(&rsa->d, &key->d) < 0) {
+    if (SetIndividualExternal(&rsa->d, &key->d) != SSL_SUCCESS) {
         WOLFSSL_MSG("rsa d key error");
         return SSL_FATAL_ERROR;
     }
 
-    if (SetIndividualExternal(&rsa->p, &key->p) < 0) {
+    if (SetIndividualExternal(&rsa->p, &key->p) != SSL_SUCCESS) {
         WOLFSSL_MSG("rsa p key error");
         return SSL_FATAL_ERROR;
     }
 
-    if (SetIndividualExternal(&rsa->q, &key->q) < 0) {
+    if (SetIndividualExternal(&rsa->q, &key->q) != SSL_SUCCESS) {
         WOLFSSL_MSG("rsa q key error");
         return SSL_FATAL_ERROR;
     }
 
-    if (SetIndividualExternal(&rsa->dmp1, &key->dP) < 0) {
+    if (SetIndividualExternal(&rsa->dmp1, &key->dP) != SSL_SUCCESS) {
         WOLFSSL_MSG("rsa dP key error");
         return SSL_FATAL_ERROR;
     }
 
-    if (SetIndividualExternal(&rsa->dmq1, &key->dQ) < 0) {
+    if (SetIndividualExternal(&rsa->dmq1, &key->dQ) != SSL_SUCCESS) {
         WOLFSSL_MSG("rsa dQ key error");
         return SSL_FATAL_ERROR;
     }
 
-    if (SetIndividualExternal(&rsa->iqmp, &key->u) < 0) {
+    if (SetIndividualExternal(&rsa->iqmp, &key->u) != SSL_SUCCESS) {
         WOLFSSL_MSG("rsa u key error");
         return SSL_FATAL_ERROR;
     }
 
     rsa->exSet = 1;
 
-    return 0;
+    return SSL_SUCCESS;
 }
 
 /* Openssl -> WolfSSL */
 static int SetRsaInternal(WOLFSSL_RSA* rsa)
 {
-	RsaKey* key;
-	WOLFSSL_MSG("Entering SetRsaInternal");
+    RsaKey* key;
+    WOLFSSL_MSG("Entering SetRsaInternal");
 
-	if (rsa == NULL || rsa->internal == NULL) {
-		WOLFSSL_MSG("rsa key NULL error");
-		return SSL_FATAL_ERROR;
-	}
+    if (rsa == NULL || rsa->internal == NULL) {
+        WOLFSSL_MSG("rsa key NULL error");
+        return SSL_FATAL_ERROR;
+    }
 
-	key = (RsaKey*)rsa->internal;
+    key = (RsaKey*)rsa->internal;
 
-	if (SetIndividualInternal(rsa->n, &key->n) < 0) {
-		WOLFSSL_MSG("rsa n key error");
-		return SSL_FATAL_ERROR;
-	}
+    if (SetIndividualInternal(rsa->n, &key->n) != SSL_SUCCESS) {
+        WOLFSSL_MSG("rsa n key error");
+        return SSL_FATAL_ERROR;
+    }
 
-	if (SetIndividualInternal(rsa->e, &key->e) < 0) {
-		WOLFSSL_MSG("rsa e key error");
-		return SSL_FATAL_ERROR;
-	}
+    if (SetIndividualInternal(rsa->e, &key->e) != SSL_SUCCESS) {
+        WOLFSSL_MSG("rsa e key error");
+        return SSL_FATAL_ERROR;
+    }
 
-	if (rsa->d != NULL && SetIndividualInternal(rsa->d, &key->d) < 0) {
-		WOLFSSL_MSG("rsa d key error");
-		return SSL_FATAL_ERROR;
-	}
+    if (rsa->d != NULL &&
+        SetIndividualInternal(rsa->d, &key->d) != SSL_SUCCESS) {
+        WOLFSSL_MSG("rsa d key error");
+        return SSL_FATAL_ERROR;
+    }
 
-	if (rsa->p != NULL && SetIndividualInternal(rsa->p, &key->p) < 0) {
-		WOLFSSL_MSG("rsa p key error");
-		return SSL_FATAL_ERROR;
-	}
+    if (rsa->p != NULL &&
+        SetIndividualInternal(rsa->p, &key->p) != SSL_SUCCESS) {
+        WOLFSSL_MSG("rsa p key error");
+        return SSL_FATAL_ERROR;
+    }
 
-	if (rsa->q != NULL && SetIndividualInternal(rsa->q, &key->q) < 0) {
-		WOLFSSL_MSG("rsa q key error");
-		return SSL_FATAL_ERROR;
-	}
+    if (rsa->q != NULL &&
+        SetIndividualInternal(rsa->q, &key->q) != SSL_SUCCESS) {
+        WOLFSSL_MSG("rsa q key error");
+        return SSL_FATAL_ERROR;
+    }
 
-	if (rsa->dmp1 != NULL && SetIndividualInternal(rsa->dmp1, &key->dP) < 0) {
-		WOLFSSL_MSG("rsa dP key error");
-		return SSL_FATAL_ERROR;
-	}
+    if (rsa->dmp1 != NULL &&
+        SetIndividualInternal(rsa->dmp1, &key->dP) != SSL_SUCCESS) {
+        WOLFSSL_MSG("rsa dP key error");
+        return SSL_FATAL_ERROR;
+    }
 
-	if (rsa->dmq1 != NULL && SetIndividualInternal(rsa->dmq1, &key->dQ) < 0) {
-		WOLFSSL_MSG("rsa dQ key error");
-		return SSL_FATAL_ERROR;
-	}
+    if (rsa->dmq1 != NULL &&
+        SetIndividualInternal(rsa->dmq1, &key->dQ) != SSL_SUCCESS) {
+        WOLFSSL_MSG("rsa dQ key error");
+        return SSL_FATAL_ERROR;
+    }
 
-	if (rsa->iqmp != NULL && SetIndividualInternal(rsa->iqmp, &key->u) < 0) {
-		WOLFSSL_MSG("rsa u key error");
-		return SSL_FATAL_ERROR;
-	}
+    if (rsa->iqmp != NULL &&
+        SetIndividualInternal(rsa->iqmp, &key->u) != SSL_SUCCESS) {
+        WOLFSSL_MSG("rsa u key error");
+        return SSL_FATAL_ERROR;
+    }
 
-	rsa->inSet = 1;
+    rsa->inSet = 1;
 
-	return 0;
+    return SSL_SUCCESS;
 }
 
 
 /* SSL_SUCCESS on ok */
 int wolfSSL_RSA_generate_key_ex(WOLFSSL_RSA* rsa, int bits, WOLFSSL_BIGNUM* bn,
-                               void* cb)
+                                void* cb)
 {
     int ret = SSL_FATAL_ERROR;
 
@@ -12359,7 +12449,7 @@ int wolfSSL_RSA_generate_key_ex(WOLFSSL_RSA* rsa, int bits, WOLFSSL_BIGNUM* bn,
             WOLFSSL_MSG("RNG init failed");
         else if (wc_MakeRsaKey((RsaKey*)rsa->internal, bits, 65537, rng) < 0)
             WOLFSSL_MSG("wc_MakeRsaKey failed");
-        else if (SetRsaExternal(rsa) < 0)
+        else if (SetRsaExternal(rsa) != SSL_SUCCESS)
             WOLFSSL_MSG("SetRsaExternal failed");
         else {
             rsa->inSet = 1;
@@ -12389,7 +12479,9 @@ int wolfSSL_RSA_blinding_on(WOLFSSL_RSA* rsa, WOLFSSL_BN_CTX* bn)
     return SSL_SUCCESS;  /* on by default */
 }
 
-
+/* return compliant with OpenSSL
+ *   size of encrypted data if success , -1 if error
+ */
 int wolfSSL_RSA_public_encrypt(int len, unsigned char* fr,
                             unsigned char* to, WOLFSSL_RSA* rsa, int padding)
 {
@@ -12404,7 +12496,9 @@ int wolfSSL_RSA_public_encrypt(int len, unsigned char* fr,
     return SSL_FATAL_ERROR;
 }
 
-
+/* return compliant with OpenSSL
+ *   size of plain recovered data if success , -1 if error
+ */
 int wolfSSL_RSA_private_decrypt(int len, unsigned char* fr,
                             unsigned char* to, WOLFSSL_RSA* rsa, int padding)
 {
@@ -12419,13 +12513,15 @@ int wolfSSL_RSA_private_decrypt(int len, unsigned char* fr,
     return SSL_FATAL_ERROR;
 }
 
-
+/* return compliant with OpenSSL
+ *   RSA modulus size in bytes, -1 if error
+ */
 int wolfSSL_RSA_size(const WOLFSSL_RSA* rsa)
 {
     WOLFSSL_MSG("wolfSSL_RSA_size");
 
     if (rsa == NULL)
-        return 0;
+        return SSL_FATAL_ERROR;
 
     return wolfSSL_BN_num_bytes(rsa->n);
 }
@@ -12448,49 +12544,49 @@ int wolfSSL_DSA_do_sign(const unsigned char* d, unsigned char* sigRet,
 
     WOLFSSL_ENTER("wolfSSL_DSA_do_sign");
 
-	if (d == NULL || sigRet == NULL || dsa == NULL) {
+    if (d == NULL || sigRet == NULL || dsa == NULL) {
         WOLFSSL_MSG("Bad function arguments");
-		return ret;
-	}
+        return ret;
+    }
 
-	if (dsa->inSet == 0)
-	{
-		WOLFSSL_MSG("No DSA internal set, do it");
+    if (dsa->inSet == 0)
+    {
+        WOLFSSL_MSG("No DSA internal set, do it");
 
-		if (SetDsaInternal(dsa) < 0) {
-			WOLFSSL_MSG("SetDsaInternal failed");
-			return ret;
-		}
-	}
+        if (SetDsaInternal(dsa) != SSL_SUCCESS) {
+            WOLFSSL_MSG("SetDsaInternal failed");
+            return ret;
+        }
+    }
 #ifdef WOLFSSL_SMALL_STACK
-	tmpRNG = (RNG*)XMALLOC(sizeof(RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
-	if (tmpRNG == NULL)
-		return SSL_FATAL_ERROR;
+    tmpRNG = (RNG*)XMALLOC(sizeof(RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    if (tmpRNG == NULL)
+        return SSL_FATAL_ERROR;
 #endif
 
-	if (wc_InitRng(tmpRNG) == 0) {
-		rng = tmpRNG;
-		initTmpRng = 1;
-	}
-	else {
-		WOLFSSL_MSG("Bad RNG Init, trying global");
-		if (initGlobalRNG == 0)
-			WOLFSSL_MSG("Global RNG no Init");
-		else
-			rng = &globalRNG;
-	}
+    if (wc_InitRng(tmpRNG) == 0) {
+        rng = tmpRNG;
+        initTmpRng = 1;
+    }
+    else {
+        WOLFSSL_MSG("Bad RNG Init, trying global");
+        if (initGlobalRNG == 0)
+            WOLFSSL_MSG("Global RNG no Init");
+        else
+            rng = &globalRNG;
+    }
 
-	if (rng) {
-		if (DsaSign(d, sigRet, (DsaKey*)dsa->internal, rng) < 0)
-			WOLFSSL_MSG("DsaSign failed");
-		else
-			ret = SSL_SUCCESS;
-	}
+    if (rng) {
+        if (DsaSign(d, sigRet, (DsaKey*)dsa->internal, rng) < 0)
+            WOLFSSL_MSG("DsaSign failed");
+        else
+            ret = SSL_SUCCESS;
+    }
 
-	if (initTmpRng)
-		wc_FreeRng(tmpRNG);
+    if (initTmpRng)
+        wc_FreeRng(tmpRNG);
 #ifdef WOLFSSL_SMALL_STACK
-	XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
     return ret;
@@ -12498,33 +12594,33 @@ int wolfSSL_DSA_do_sign(const unsigned char* d, unsigned char* sigRet,
 
 
 int wolfSSL_DSA_do_verify(const unsigned char* d, unsigned char* sig,
-						WOLFSSL_DSA* dsa, int *dsacheck)
+                        WOLFSSL_DSA* dsa, int *dsacheck)
 {
-	int    ret = SSL_FATAL_ERROR;
+    int    ret = SSL_FATAL_ERROR;
 
-	WOLFSSL_ENTER("wolfSSL_DSA_do_verify");
+    WOLFSSL_ENTER("wolfSSL_DSA_do_verify");
 
-	if (d == NULL || sig == NULL || dsa == NULL) {
-		WOLFSSL_MSG("Bad function arguments");
-		return SSL_FATAL_ERROR;
-	}
-	if (dsa->inSet == 0)
-	{
-		WOLFSSL_MSG("No DSA internal set, do it");
+    if (d == NULL || sig == NULL || dsa == NULL) {
+        WOLFSSL_MSG("Bad function arguments");
+        return SSL_FATAL_ERROR;
+    }
+    if (dsa->inSet == 0)
+    {
+        WOLFSSL_MSG("No DSA internal set, do it");
 
-		if (SetDsaInternal(dsa) < 0) {
-			WOLFSSL_MSG("SetDsaInternal failed");
-			return SSL_FATAL_ERROR;
-		}
-	}
+        if (SetDsaInternal(dsa) != SSL_SUCCESS) {
+            WOLFSSL_MSG("SetDsaInternal failed");
+            return SSL_FATAL_ERROR;
+        }
+    }
 
-	ret = DsaVerify(d, sig, (DsaKey*)dsa->internal, dsacheck);
-	if (ret != 0 || *dsacheck != 1) {
-		WOLFSSL_MSG("DsaVerify failed");
-		return ret;
-	}
+    ret = DsaVerify(d, sig, (DsaKey*)dsa->internal, dsacheck);
+    if (ret != 0 || *dsacheck != 1) {
+        WOLFSSL_MSG("DsaVerify failed");
+        return ret;
+    }
 
-	return SSL_SUCCESS;
+    return SSL_SUCCESS;
 }
 #endif /* NO_DSA */
 
@@ -12552,53 +12648,53 @@ int wolfSSL_RSA_sign(int type, const unsigned char* m,
 
     if (m == NULL || sigRet == NULL || sigLen == NULL || rsa == NULL) {
         WOLFSSL_MSG("Bad function arguments");
-		return 0;
-	}
+        return 0;
+    }
 
-	if (type != NID_md5 && type != NID_sha1) {
-		WOLFSSL_MSG("Bad md type");
-		return 0;
-	}
+    if (type != NID_md5 && type != NID_sha1) {
+        WOLFSSL_MSG("Bad md type");
+        return 0;
+    }
 
-	if (rsa->inSet == 0)
-	{
-		WOLFSSL_MSG("No RSA internal set, do it");
+    if (rsa->inSet == 0)
+    {
+        WOLFSSL_MSG("No RSA internal set, do it");
 
-		if (SetRsaInternal(rsa) < 0) {
-			WOLFSSL_MSG("SetRsaInternal failed");
-			return 0;
-		}
-	}
+        if (SetRsaInternal(rsa) != SSL_SUCCESS) {
+            WOLFSSL_MSG("SetRsaInternal failed");
+            return 0;
+        }
+    }
 
     outLen = (word32)wolfSSL_BN_num_bytes(rsa->n);
 
 #ifdef WOLFSSL_SMALL_STACK
-	tmpRNG = (RNG*)XMALLOC(sizeof(RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
-	if (tmpRNG == NULL)
-		return 0;
+    tmpRNG = (RNG*)XMALLOC(sizeof(RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    if (tmpRNG == NULL)
+        return 0;
 
-	encodedSig = (byte*)XMALLOC(MAX_ENCODED_SIG_SZ, NULL,
-												   DYNAMIC_TYPE_TMP_BUFFER);
-	if (encodedSig == NULL) {
-		XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-		return 0;
-	}
+    encodedSig = (byte*)XMALLOC(MAX_ENCODED_SIG_SZ, NULL,
+                                                   DYNAMIC_TYPE_TMP_BUFFER);
+    if (encodedSig == NULL) {
+        XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        return 0;
+    }
 #endif
 
-	if (outLen == 0)
-		WOLFSSL_MSG("Bad RSA size");
-	else if (wc_InitRng(tmpRNG) == 0) {
-		rng = tmpRNG;
-		initTmpRng = 1;
-	}
-	else {
-		WOLFSSL_MSG("Bad RNG Init, trying global");
+    if (outLen == 0)
+        WOLFSSL_MSG("Bad RSA size");
+    else if (wc_InitRng(tmpRNG) == 0) {
+        rng = tmpRNG;
+        initTmpRng = 1;
+    }
+    else {
+        WOLFSSL_MSG("Bad RNG Init, trying global");
 
-		if (initGlobalRNG == 0)
-			WOLFSSL_MSG("Global RNG no Init");
-		else
-			rng = &globalRNG;
-	}
+        if (initGlobalRNG == 0)
+            WOLFSSL_MSG("Global RNG no Init");
+        else
+            rng = &globalRNG;
+    }
 
     if (rng) {
         type = (type == NID_md5) ? MD5h : SHAh;
@@ -12626,11 +12722,11 @@ int wolfSSL_RSA_sign(int type, const unsigned char* m,
     XFREE(encodedSig, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
-	if (ret == SSL_SUCCESS)
-		WOLFSSL_MSG("wolfSSL_RSA_sign success");
-	else {
-		WOLFSSL_MSG("wolfSSL_RSA_sign failed");
-	}
+    if (ret == SSL_SUCCESS)
+        WOLFSSL_MSG("wolfSSL_RSA_sign success");
+    else {
+        WOLFSSL_MSG("wolfSSL_RSA_sign failed");
+    }
     return ret;
 }
 
@@ -12640,35 +12736,36 @@ int wolfSSL_RSA_public_decrypt(int flen, unsigned char* from,
 {
     int tlen = 0;
 
-	WOLFSSL_MSG("wolfSSL_RSA_public_decrypt");
+    WOLFSSL_MSG("wolfSSL_RSA_public_decrypt");
 
-	if (rsa == NULL || rsa->internal == NULL || from == NULL) {
-		WOLFSSL_MSG("Bad function arguments");
-		return 0;
-	}
+    if (rsa == NULL || rsa->internal == NULL || from == NULL) {
+        WOLFSSL_MSG("Bad function arguments");
+        return 0;
+    }
 
-	if (padding != RSA_PKCS1_PADDING) {
-		WOLFSSL_MSG("wolfSSL_RSA_public_decrypt unsupported padding");
-		return 0;
-	}
+    if (padding != RSA_PKCS1_PADDING) {
+        WOLFSSL_MSG("wolfSSL_RSA_public_decrypt unsupported padding");
+        return 0;
+    }
 
-	if (rsa->inSet == 0)
-	{
-		WOLFSSL_MSG("No RSA internal set, do it");
+    if (rsa->inSet == 0)
+    {
+        WOLFSSL_MSG("No RSA internal set, do it");
 
-		if (SetRsaInternal(rsa) < 0) {
-			WOLFSSL_MSG("SetRsaInternal failed");
-			return 0;
-		}
-	}
+        if (SetRsaInternal(rsa) != SSL_SUCCESS) {
+            WOLFSSL_MSG("SetRsaInternal failed");
+            return 0;
+        }
+    }
 
-	/* size of 'to' buffer must be size of RSA key */
-	tlen = wc_RsaSSL_Verify(from, flen, to, wolfSSL_RSA_size(rsa), (RsaKey*)rsa->internal);
-	if (tlen <= 0)
-		WOLFSSL_MSG("wolfSSL_RSA_public_decrypt failed");
-	else {
-		WOLFSSL_MSG("wolfSSL_RSA_public_decrypt success");
-	}
+    /* size of 'to' buffer must be size of RSA key */
+    tlen = wc_RsaSSL_Verify(from, flen, to, wolfSSL_RSA_size(rsa),
+                            (RsaKey*)rsa->internal);
+    if (tlen <= 0)
+        WOLFSSL_MSG("wolfSSL_RSA_public_decrypt failed");
+    else {
+        WOLFSSL_MSG("wolfSSL_RSA_public_decrypt success");
+    }
     return tlen;
 }
 
@@ -12857,10 +12954,10 @@ WOLFSSL_DSA* wolfSSL_EVP_PKEY_get1_DSA(WOLFSSL_EVP_PKEY* key)
 
 WOLFSSL_EC_KEY* wolfSSL_EVP_PKEY_get1_EC_KEY(WOLFSSL_EVP_PKEY* key)
 {
-	(void)key;
-	WOLFSSL_MSG("wolfSSL_EVP_PKEY_get1_EC_KEY not implemented");
+    (void)key;
+    WOLFSSL_MSG("wolfSSL_EVP_PKEY_get1_EC_KEY not implemented");
 
-	return NULL;
+    return NULL;
 }
 
 
@@ -13050,157 +13147,157 @@ void wolfSSL_OPENSSL_free(void* p)
 #if defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA)
 
 int wolfSSL_PEM_write_buf_RSAPrivateKey(RSA* rsa, const EVP_CIPHER* cipher,
-										unsigned char* passwd, int len,
-										byte **pem, int *plen)
+                                        unsigned char* passwd, int len,
+                                        byte **pem, int *plen)
 {
     (void)cipher;
     (void)passwd;
     (void)len;
 
-	byte *der, *tmp;
-	int	der_max_len = 0, derSz = 0;
+    byte *der, *tmp;
+    int    der_max_len = 0, derSz = 0;
 
     WOLFSSL_MSG("wolfSSL_PEM_write_buf_RSAPrivateKey");
 
-	if (pem == NULL || plen == NULL || rsa == NULL || rsa->internal == NULL) {
-		WOLFSSL_MSG("Bad function arguments");
-		return 0;
-	}
+    if (pem == NULL || plen == NULL || rsa == NULL || rsa->internal == NULL) {
+        WOLFSSL_MSG("Bad function arguments");
+        return SSL_FAILURE;
+    }
 
-	if (rsa->inSet == 0) {
-		WOLFSSL_MSG("No RSA internal set, do it");
+    if (rsa->inSet == 0) {
+        WOLFSSL_MSG("No RSA internal set, do it");
 
-		if (SetRsaInternal(rsa) < 0) {
-			WOLFSSL_MSG("SetRsaInternal failed");
-			return 0;
-		}
-	}
+        if (SetRsaInternal(rsa) != SSL_SUCCESS) {
+            WOLFSSL_MSG("SetRsaInternal failed");
+            return SSL_FAILURE;
+        }
+    }
 
-	der_max_len = 5 * wolfSSL_RSA_size(rsa);
-	printf("der_max_len = %d\n", der_max_len);
+    der_max_len = 5 * wolfSSL_RSA_size(rsa);
+    printf("der_max_len = %d\n", der_max_len);
 
-	der = (byte*)XMALLOC(der_max_len, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-	if (der == NULL) {
-		WOLFSSL_MSG("malloc failed");
-		return 0;
-	}
+    der = (byte*)XMALLOC(der_max_len, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    if (der == NULL) {
+        WOLFSSL_MSG("malloc failed");
+        return SSL_FAILURE;
+    }
 
-	/* Key to DER */
-	derSz = wc_RsaKeyToDer(rsa->internal, der, der_max_len);
-	if (derSz < 0) {
-		WOLFSSL_MSG("wc_RsaKeyToDer failed");
-		XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-		return 0;
-	}
+    /* Key to DER */
+    derSz = wc_RsaKeyToDer(rsa->internal, der, der_max_len);
+    if (derSz < 0) {
+        WOLFSSL_MSG("wc_RsaKeyToDer failed");
+        XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        return SSL_FAILURE;
+    }
 
-	/* tmp buffer with a max size */
-	*plen = (derSz * 2) + sizeof(BEGIN_RSA_PRIV) + sizeof(END_RSA_PRIV);
-	tmp = (byte*)XMALLOC(*plen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-	if (tmp == NULL) {
-		WOLFSSL_MSG("malloc failed");
-		return 0;
-	}
+    /* tmp buffer with a max size */
+    *plen = (derSz * 2) + sizeof(BEGIN_RSA_PRIV) + sizeof(END_RSA_PRIV);
+    tmp = (byte*)XMALLOC(*plen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    if (tmp == NULL) {
+        WOLFSSL_MSG("malloc failed");
+        return SSL_FAILURE;
+    }
 
-	/* DER to PEM */
-	*plen = wc_DerToPem(der, derSz, tmp, *plen, PRIVATEKEY_TYPE);
-	if (*plen <= 0) {
-		WOLFSSL_MSG("wc_DerToPem failed");
-		XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-		XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-		return 0;
-	}
-	XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    /* DER to PEM */
+    *plen = wc_DerToPem(der, derSz, tmp, *plen, PRIVATEKEY_TYPE);
+    if (*plen <= 0) {
+        WOLFSSL_MSG("wc_DerToPem failed");
+        XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        return SSL_FAILURE;
+    }
+    XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 
-	*pem = (byte*)XMALLOC((*plen)+1, NULL, DYNAMIC_TYPE_OUT_BUFFER);
-	if (*pem == NULL) {
-		WOLFSSL_MSG("malloc failed");
-		XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-		return 0;
-	}
-	XMEMSET(*pem, 0, (*plen)+1);
+    *pem = (byte*)XMALLOC((*plen)+1, NULL, DYNAMIC_TYPE_OUT_BUFFER);
+    if (*pem == NULL) {
+        WOLFSSL_MSG("malloc failed");
+        XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        return SSL_FAILURE;
+    }
+    XMEMSET(*pem, 0, (*plen)+1);
 
-	if (XMEMCPY(*pem, tmp, *plen) == NULL) {
-		WOLFSSL_MSG("malloc failed");
-		XFREE(pem, NULL, DYNAMIC_TYPE_OUT_BUFFER);
-		XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-		return 0;
-	}
+    if (XMEMCPY(*pem, tmp, *plen) == NULL) {
+        WOLFSSL_MSG("malloc failed");
+        XFREE(pem, NULL, DYNAMIC_TYPE_OUT_BUFFER);
+        XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        return SSL_FAILURE;
+    }
 
-	return 1;
+    return SSL_SUCCESS;
 }
 
-int wolfSSL_PEM_write_RSAPrivateKey(FILE *fp, WOLFSSL_RSA *rsa, const EVP_CIPHER *enc,
-									unsigned char *kstr, int klen,
-									pem_password_cb *cb, void *u)
+int wolfSSL_PEM_write_RSAPrivateKey(FILE *fp, WOLFSSL_RSA *rsa,
+                                    const EVP_CIPHER *enc,
+                                    unsigned char *kstr, int klen,
+                                    pem_password_cb *cb, void *u)
 {
-	(void)enc;
-	(void)kstr;
-	(void)klen;
-	(void)cb;
-	(void)u;
+    (void)enc;
+    (void)kstr;
+    (void)klen;
+    (void)cb;
+    (void)u;
 
-	byte	*pem;
-	int		plen, ret;
+    byte    *pem;
+    int     plen, ret;
 
-	WOLFSSL_MSG("wolfSSL_PEM_write_RSAPrivateKey");
+    WOLFSSL_MSG("wolfSSL_PEM_write_RSAPrivateKey");
 
-	if (fp == NULL || rsa == NULL || rsa->internal == NULL) {
-		WOLFSSL_MSG("Bad function arguments");
-		return 0;
-	}
+    if (fp == NULL || rsa == NULL || rsa->internal == NULL) {
+        WOLFSSL_MSG("Bad function arguments");
+        return SSL_FAILURE;
+    }
 
-	ret = wolfSSL_PEM_write_buf_RSAPrivateKey(rsa, enc, NULL, 0, &pem, &plen);
-	if (ret != 1) {
-		WOLFSSL_MSG("wolfSSL_PEM_write_buf_RSAPrivateKey failed");
-		return 0;
-	}
+    ret = wolfSSL_PEM_write_buf_RSAPrivateKey(rsa, enc, NULL, 0, &pem, &plen);
+    if (ret != 1) {
+        WOLFSSL_MSG("wolfSSL_PEM_write_buf_RSAPrivateKey failed");
+        return SSL_FAILURE;
+    }
 
-	ret = (int)XFWRITE(pem, plen, 1, fp);
-	if (ret != 1) {
-		WOLFSSL_MSG("RSA private key file write failed");
-		return 0;
-	}
+    ret = (int)XFWRITE(pem, plen, 1, fp);
+    if (ret != 1) {
+        WOLFSSL_MSG("RSA private key file write failed");
+        return SSL_FAILURE;
+    }
 
-	XFREE(pem, NULL, DYNAMIC_TYPE_OUT_BUFFER);
-	return 1;
+    XFREE(pem, NULL, DYNAMIC_TYPE_OUT_BUFFER);
+    return SSL_SUCCESS;
 }
 
 int wolfSSL_PEM_write_bio_RSAPrivateKey(WOLFSSL_BIO* bio, RSA* rsa,
-										const EVP_CIPHER* cipher,
-										unsigned char* passwd, int len,
-										pem_password_cb cb, void* arg)
+                                        const EVP_CIPHER* cipher,
+                                        unsigned char* passwd, int len,
+                                        pem_password_cb cb, void* arg)
 {
-	(void)bio;
-	(void)rsa;
-	(void)cipher;
-	(void)passwd;
-	(void)len;
-	(void)cb;
-	(void)arg;
+    (void)bio;
+    (void)rsa;
+    (void)cipher;
+    (void)passwd;
+    (void)len;
+    (void)cb;
+    (void)arg;
 
-	WOLFSSL_MSG("wolfSSL_PEM_write_bio_RSAPrivateKey not implemented");
+    WOLFSSL_MSG("wolfSSL_PEM_write_bio_RSAPrivateKey not implemented");
 
-	return SSL_FATAL_ERROR;
+    return SSL_FAILURE;
 }
 #endif /* defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) */
 
-WOLFSSL_API int wolfSSL_PEM_write_bio_ECPrivateKey(WOLFSSL_BIO* bio, WOLFSSL_EC_KEY* ec,
-												   const EVP_CIPHER* cipher,
-												   unsigned char* passwd, int len,
-												   pem_password_cb cb, void* arg)
+int wolfSSL_PEM_write_bio_ECPrivateKey(WOLFSSL_BIO* bio, WOLFSSL_EC_KEY* ec,
+                                       const EVP_CIPHER* cipher,
+                                       unsigned char* passwd, int len,
+                                       pem_password_cb cb, void* arg)
 {
-	(void)bio;
-	(void)ec;
-	(void)cipher;
-	(void)passwd;
-	(void)len;
-	(void)cb;
-	(void)arg;
+    (void)bio;
+    (void)ec;
+    (void)cipher;
+    (void)passwd;
+    (void)len;
+    (void)cb;
+    (void)arg;
 
-	WOLFSSL_MSG("wolfSSL_PEM_write_bio_ECPrivateKey not implemented");
-
-	return SSL_FATAL_ERROR;
+    WOLFSSL_MSG("wolfSSL_PEM_write_bio_ECPrivateKey not implemented");
 
+    return SSL_FAILURE;
 }
 
 #ifdef HAVE_ECC
@@ -13208,456 +13305,472 @@ WOLFSSL_API int wolfSSL_PEM_write_bio_ECPrivateKey(WOLFSSL_BIO* bio, WOLFSSL_EC_
 /* EC_POINT Openssl -> WolfSSL */
 static int SetECPointInternal(WOLFSSL_EC_POINT *p)
 {
-	ecc_point* point;
-	WOLFSSL_ENTER("SetECPointInternal");
+    ecc_point* point;
+    WOLFSSL_ENTER("SetECPointInternal");
 
-	if (p == NULL || p->internal == NULL) {
-		WOLFSSL_MSG("ECPoint NULL error");
-		return SSL_FATAL_ERROR;
-	}
+    if (p == NULL || p->internal == NULL) {
+        WOLFSSL_MSG("ECPoint NULL error");
+        return SSL_FATAL_ERROR;
+    }
 
-	point = (ecc_point*)p->internal;
+    point = (ecc_point*)p->internal;
 
-	if (p->X != NULL && SetIndividualInternal(p->X, point->x) < 0) {
-		WOLFSSL_MSG("ecc point X error");
-		return SSL_FATAL_ERROR;
-	}
+    if (p->X != NULL && SetIndividualInternal(p->X, point->x) != SSL_SUCCESS) {
+        WOLFSSL_MSG("ecc point X error");
+        return SSL_FATAL_ERROR;
+    }
 
-	if (p->Y != NULL && SetIndividualInternal(p->Y, point->y) < 0) {
-		WOLFSSL_MSG("ecc point Y error");
-		return SSL_FATAL_ERROR;
-	}
+    if (p->Y != NULL && SetIndividualInternal(p->Y, point->y) != SSL_SUCCESS) {
+        WOLFSSL_MSG("ecc point Y error");
+        return SSL_FATAL_ERROR;
+    }
 
-	if (p->Z != NULL && SetIndividualInternal(p->Z, point->z) < 0) {
-		WOLFSSL_MSG("ecc point Z error");
-		return SSL_FATAL_ERROR;
-	}
+    if (p->Z != NULL && SetIndividualInternal(p->Z, point->z) != SSL_SUCCESS) {
+        WOLFSSL_MSG("ecc point Z error");
+        return SSL_FATAL_ERROR;
+    }
 
-	p->inSet = 1;
+    p->inSet = 1;
 
-	return 0;
+    return SSL_SUCCESS;
 }
 
 /* EC_POINT WolfSSL -> OpenSSL */
 static int SetECPointExternal(WOLFSSL_EC_POINT *p)
 {
-	ecc_point* point;
+    ecc_point* point;
 
-	WOLFSSL_ENTER("SetECPointExternal");
+    WOLFSSL_ENTER("SetECPointExternal");
 
-	if (p == NULL || p->internal == NULL) {
-		WOLFSSL_MSG("ECPoint NULL error");
-		return SSL_FATAL_ERROR;
-	}
+    if (p == NULL || p->internal == NULL) {
+        WOLFSSL_MSG("ECPoint NULL error");
+        return SSL_FATAL_ERROR;
+    }
 
-	point = (ecc_point*)p->internal;
+    point = (ecc_point*)p->internal;
 
-	if (SetIndividualExternal(&p->X, point->x) < 0) {
-		WOLFSSL_MSG("ecc point X error");
-		return SSL_FATAL_ERROR;
-	}
+    if (SetIndividualExternal(&p->X, point->x) != SSL_SUCCESS) {
+        WOLFSSL_MSG("ecc point X error");
+        return SSL_FATAL_ERROR;
+    }
 
-	if (SetIndividualExternal(&p->Y, point->y) < 0) {
-		WOLFSSL_MSG("ecc point Y error");
-		return SSL_FATAL_ERROR;
-	}
+    if (SetIndividualExternal(&p->Y, point->y) != SSL_SUCCESS) {
+        WOLFSSL_MSG("ecc point Y error");
+        return SSL_FATAL_ERROR;
+    }
 
-	if (SetIndividualExternal(&p->Z, point->z) < 0) {
-		WOLFSSL_MSG("ecc point Z error");
-		return SSL_FATAL_ERROR;
-	}
+    if (SetIndividualExternal(&p->Z, point->z) != SSL_SUCCESS) {
+        WOLFSSL_MSG("ecc point Z error");
+        return SSL_FATAL_ERROR;
+    }
 
-	p->exSet = 1;
+    p->exSet = 1;
 
-	return 0;
+    return SSL_SUCCESS;
 }
 
 /* EC_KEY wolfSSL -> OpenSSL */
 static int SetECKeyExternal(WOLFSSL_EC_KEY* eckey)
 {
-	ecc_key* key;
+    ecc_key* key;
 
-	WOLFSSL_ENTER("SetECKeyExternal");
+    WOLFSSL_ENTER("SetECKeyExternal");
 
-	if (eckey == NULL || eckey->internal == NULL) {
-		WOLFSSL_MSG("ec key NULL error");
-		return SSL_FATAL_ERROR;
-	}
+    if (eckey == NULL || eckey->internal == NULL) {
+        WOLFSSL_MSG("ec key NULL error");
+        return SSL_FATAL_ERROR;
+    }
 
-	key = (ecc_key*)eckey->internal;
+    key = (ecc_key*)eckey->internal;
 
-	/* set group (nid and idx) */
-	eckey->group->curve_nid = ecc_sets[key->idx].nid;
-	eckey->group->curve_idx = key->idx;
+    /* set group (nid and idx) */
+    eckey->group->curve_nid = ecc_sets[key->idx].nid;
+    eckey->group->curve_idx = key->idx;
 
-	if (eckey->pub_key->internal != NULL) {
-		/* set the internal public key */
-		if (ecc_copy_point(&key->pubkey, eckey->pub_key->internal) != 1) {
-			WOLFSSL_MSG("SetECKeyExternal ecc_copy_point failed");
-			return SSL_FATAL_ERROR;
-		}
+    if (eckey->pub_key->internal != NULL) {
+        /* set the internal public key */
+        if (ecc_copy_point(&key->pubkey, eckey->pub_key->internal) != MP_OKAY) {
+            WOLFSSL_MSG("SetECKeyExternal ecc_copy_point failed");
+            return SSL_FATAL_ERROR;
+        }
 
-		/* set the external pubkey (point) */
-		if (SetECPointExternal(eckey->pub_key) < 0) {
-			WOLFSSL_MSG("SetECKeyExternal SetECPointExternal failed");
-			return SSL_FATAL_ERROR;
-		}
-	}
+        /* set the external pubkey (point) */
+        if (SetECPointExternal(eckey->pub_key) != SSL_SUCCESS) {
+            WOLFSSL_MSG("SetECKeyExternal SetECPointExternal failed");
+            return SSL_FATAL_ERROR;
+        }
+    }
 
-	/* set the external privkey */
-	if (key->type == ECC_PRIVATEKEY) {
-		if (SetIndividualExternal(&eckey->priv_key, &key->k) < 0) {
-			WOLFSSL_MSG("ec priv key error");
-			return SSL_FATAL_ERROR;
-		}
-	}
+    /* set the external privkey */
+    if (key->type == ECC_PRIVATEKEY) {
+        if (SetIndividualExternal(&eckey->priv_key, &key->k) != SSL_SUCCESS) {
+            WOLFSSL_MSG("ec priv key error");
+            return SSL_FATAL_ERROR;
+        }
+    }
 
-	eckey->exSet = 1;
+    eckey->exSet = 1;
 
-	return SSL_SUCCESS;
+    return SSL_SUCCESS;
 }
 
 /* EC_KEY Openssl -> WolfSSL */
 static int SetECKeyInternal(WOLFSSL_EC_KEY* eckey)
 {
-	ecc_key* key;
+    ecc_key* key;
 
-	WOLFSSL_ENTER("SetECKeyInternal");
+    WOLFSSL_ENTER("SetECKeyInternal");
 
-	if (eckey == NULL || eckey->internal == NULL) {
-		WOLFSSL_MSG("ec key NULL error");
-		return SSL_FATAL_ERROR;
-	}
+    if (eckey == NULL || eckey->internal == NULL) {
+        WOLFSSL_MSG("ec key NULL error");
+        return SSL_FATAL_ERROR;
+    }
 
-	key = (ecc_key*)eckey->internal;
+    key = (ecc_key*)eckey->internal;
 
-	/* set group (idx of curve and corresponding domain parameters) */
-	key->idx = eckey->group->curve_idx;
-	key->dp = &ecc_sets[key->idx];
+    /* set group (idx of curve and corresponding domain parameters) */
+    key->idx = eckey->group->curve_idx;
+    key->dp = &ecc_sets[key->idx];
 
-	/* set pubkey (point) */
-	if (eckey->pub_key != NULL && eckey->pub_key->internal != NULL) {
-		if (SetECPointInternal(eckey->pub_key) < 0) {
-			WOLFSSL_MSG("SetECPointInternal failure");
-			return SSL_FATAL_ERROR;
-		}
-	}
+    /* set pubkey (point) */
+    if (eckey->pub_key != NULL && eckey->pub_key->internal != NULL) {
+        if (SetECPointInternal(eckey->pub_key) != SSL_SUCCESS) {
+            WOLFSSL_MSG("SetECPointInternal failure");
+            return SSL_FATAL_ERROR;
+        }
+    }
 
-	/* set privkey */
-	if (eckey->priv_key != NULL && eckey->priv_key->internal != NULL) {
-		key->type = ECC_PRIVATEKEY;
+    /* set privkey */
+    if (eckey->priv_key != NULL && eckey->priv_key->internal != NULL) {
+        key->type = ECC_PRIVATEKEY;
 
-		if (SetIndividualInternal(eckey->priv_key, &key->k) < 0) {
-			WOLFSSL_MSG("rsa p key error");
-			return SSL_FATAL_ERROR;
-		}
-	}
-	else
-		key->type = ECC_PUBLICKEY;
+        if (SetIndividualInternal(eckey->priv_key, &key->k) != SSL_SUCCESS) {
+            WOLFSSL_MSG("rsa p key error");
+            return SSL_FATAL_ERROR;
+        }
+    }
+    else
+        key->type = ECC_PUBLICKEY;
 
-	eckey->inSet = 1;
+    eckey->inSet = 1;
 
-	return SSL_SUCCESS;
+    return SSL_SUCCESS;
 }
 
 WOLFSSL_EC_POINT *wolfSSL_EC_KEY_get0_public_key(const WOLFSSL_EC_KEY *key)
 {
-	WOLFSSL_ENTER("wolfSSL_EC_KEY_get0_public_key");
+    WOLFSSL_ENTER("wolfSSL_EC_KEY_get0_public_key");
 
-	if (key == NULL) {
-		WOLFSSL_MSG("wolfSSL_EC_KEY_get0_group Bad arguments");
-		return NULL;
-	}
+    if (key == NULL) {
+        WOLFSSL_MSG("wolfSSL_EC_KEY_get0_group Bad arguments");
+        return NULL;
+    }
 
-	return key->pub_key;
+    return key->pub_key;
 }
 
 const WOLFSSL_EC_GROUP *wolfSSL_EC_KEY_get0_group(const WOLFSSL_EC_KEY *key)
 {
-	WOLFSSL_ENTER("wolfSSL_EC_KEY_get0_group");
+    WOLFSSL_ENTER("wolfSSL_EC_KEY_get0_group");
 
-	if (key == NULL) {
-		WOLFSSL_MSG("wolfSSL_EC_KEY_get0_group Bad arguments");
-		return NULL;
-	}
+    if (key == NULL) {
+        WOLFSSL_MSG("wolfSSL_EC_KEY_get0_group Bad arguments");
+        return NULL;
+    }
 
-	return key->group;
+    return key->group;
 }
 
-int wolfSSL_EC_KEY_set_private_key(WOLFSSL_EC_KEY *key, const WOLFSSL_BIGNUM *priv_key)
+/* return code compliant with OpenSSL :
+ *   1 if success, 0 if error
+ */
+int wolfSSL_EC_KEY_set_private_key(WOLFSSL_EC_KEY *key,
+                                   const WOLFSSL_BIGNUM *priv_key)
 {
-	(void)key;
-	(void)priv_key;
+    (void)key;
+    (void)priv_key;
 
-	WOLFSSL_ENTER("wolfSSL_EC_KEY_set_private_key");
-	WOLFSSL_MSG("wolfSSL_EC_KEY_set_private_key TBD");
+    WOLFSSL_ENTER("wolfSSL_EC_KEY_set_private_key");
+    WOLFSSL_MSG("wolfSSL_EC_KEY_set_private_key TBD");
 
-	return -1;
+    return SSL_FAILURE;
 }
 
 WOLFSSL_BIGNUM *wolfSSL_EC_KEY_get0_private_key(const WOLFSSL_EC_KEY *key)
 {
-	WOLFSSL_ENTER("wolfSSL_EC_KEY_get0_private_key");
+    WOLFSSL_ENTER("wolfSSL_EC_KEY_get0_private_key");
 
-	if (key == NULL) {
-		WOLFSSL_MSG("wolfSSL_EC_KEY_get0_private_key Bad arguments");
-		return NULL;
-	}
+    if (key == NULL) {
+        WOLFSSL_MSG("wolfSSL_EC_KEY_get0_private_key Bad arguments");
+        return NULL;
+    }
 
-	return key->priv_key;
+    return key->priv_key;
 }
 
 WOLFSSL_EC_KEY *wolfSSL_EC_KEY_new_by_curve_name(int nid)
 {
-	WOLFSSL_EC_KEY *key;
-	int x;
+    WOLFSSL_EC_KEY *key;
+    int x;
 
-	WOLFSSL_ENTER("wolfSSL_EC_KEY_new_by_curve_name");
+    WOLFSSL_ENTER("wolfSSL_EC_KEY_new_by_curve_name");
 
-	key = wolfSSL_EC_KEY_new();
-	if (key == NULL) {
-		WOLFSSL_MSG("wolfSSL_EC_KEY_new failure");
-		return NULL;
-	}
+    key = wolfSSL_EC_KEY_new();
+    if (key == NULL) {
+        WOLFSSL_MSG("wolfSSL_EC_KEY_new failure");
+        return NULL;
+    }
 
-	/* set the nid of the curve */
-	key->group->curve_nid = nid;
+    /* set the nid of the curve */
+    key->group->curve_nid = nid;
 
-	/* search and set the corresponding internal curve idx */
-	for (x = 0; ecc_sets[x].size != 0; x++)
-		if (ecc_sets[x].nid == key->group->curve_nid) {
-			key->group->curve_idx = x;
-			break;
-		}
+    /* search and set the corresponding internal curve idx */
+    for (x = 0; ecc_sets[x].size != 0; x++)
+        if (ecc_sets[x].nid == key->group->curve_nid) {
+            key->group->curve_idx = x;
+            break;
+        }
 
-	return key;
+    return key;
 }
 
 static void InitwolfSSL_ECKey(WOLFSSL_EC_KEY* key)
 {
-	if (key) {
-		key->group    = NULL;
-		key->pub_key  = NULL;
-		key->priv_key = NULL;
-		key->internal = NULL;
-		key->inSet    = 0;
-		key->exSet    = 0;
-	}
+    if (key) {
+        key->group    = NULL;
+        key->pub_key  = NULL;
+        key->priv_key = NULL;
+        key->internal = NULL;
+        key->inSet    = 0;
+        key->exSet    = 0;
+    }
 }
 
 WOLFSSL_EC_KEY *wolfSSL_EC_KEY_new(void)
 {
-	WOLFSSL_EC_KEY *external;
-	ecc_key* key;
+    WOLFSSL_EC_KEY *external;
+    ecc_key* key;
 
-	WOLFSSL_ENTER("wolfSSL_EC_KEY_new");
+    WOLFSSL_ENTER("wolfSSL_EC_KEY_new");
 
-	external = (WOLFSSL_EC_KEY*)XMALLOC(sizeof(WOLFSSL_EC_KEY), NULL, DYNAMIC_TYPE_ECC);
-	if (external == NULL) {
-		WOLFSSL_MSG("wolfSSL_EC_KEY_new malloc WOLFSSL_EC_KEY failure");
-		return NULL;
-	}
-	XMEMSET(external, 0, sizeof(WOLFSSL_EC_KEY));
+    external = (WOLFSSL_EC_KEY*)XMALLOC(sizeof(WOLFSSL_EC_KEY), NULL,
+                                        DYNAMIC_TYPE_ECC);
+    if (external == NULL) {
+        WOLFSSL_MSG("wolfSSL_EC_KEY_new malloc WOLFSSL_EC_KEY failure");
+        return NULL;
+    }
+    XMEMSET(external, 0, sizeof(WOLFSSL_EC_KEY));
 
-	InitwolfSSL_ECKey(external);
+    InitwolfSSL_ECKey(external);
 
-	external->internal = (ecc_key*)XMALLOC(sizeof(ecc_key), NULL, DYNAMIC_TYPE_ECC);
-	if (external->internal == NULL) {
-		WOLFSSL_MSG("wolfSSL_EC_KEY_new malloc ecc key failure");
-		wolfSSL_EC_KEY_free(external);
-		return NULL;
-	}
-	XMEMSET(external->internal, 0, sizeof(ecc_key));
+    external->internal = (ecc_key*)XMALLOC(sizeof(ecc_key), NULL,
+                                           DYNAMIC_TYPE_ECC);
+    if (external->internal == NULL) {
+        WOLFSSL_MSG("wolfSSL_EC_KEY_new malloc ecc key failure");
+        wolfSSL_EC_KEY_free(external);
+        return NULL;
+    }
+    XMEMSET(external->internal, 0, sizeof(ecc_key));
 
-	wc_ecc_init(external->internal);
+    wc_ecc_init(external->internal);
 
-	/* public key */
-	external->pub_key = (WOLFSSL_EC_POINT*)XMALLOC(sizeof(WOLFSSL_EC_POINT), NULL, DYNAMIC_TYPE_ECC);
-	if (external->pub_key == NULL) {
-		WOLFSSL_MSG("wolfSSL_EC_KEY_new malloc WOLFSSL_EC_POINT failure");
-		wolfSSL_EC_KEY_free(external);
-		return NULL;
-	}
-	XMEMSET(external->pub_key, 0, sizeof(WOLFSSL_EC_POINT));
+    /* public key */
+    external->pub_key = (WOLFSSL_EC_POINT*)XMALLOC(sizeof(WOLFSSL_EC_POINT),
+                                                   NULL, DYNAMIC_TYPE_ECC);
+    if (external->pub_key == NULL) {
+        WOLFSSL_MSG("wolfSSL_EC_KEY_new malloc WOLFSSL_EC_POINT failure");
+        wolfSSL_EC_KEY_free(external);
+        return NULL;
+    }
+    XMEMSET(external->pub_key, 0, sizeof(WOLFSSL_EC_POINT));
 
-	key = external->internal;
-	external->pub_key->internal = (ecc_point*)&key->pubkey;
+    key = external->internal;
+    external->pub_key->internal = (ecc_point*)&key->pubkey;
 
-	/* curve group */
-	external->group = (WOLFSSL_EC_GROUP*)XMALLOC(sizeof(WOLFSSL_EC_GROUP), NULL, DYNAMIC_TYPE_ECC);
-	if (external->group == NULL) {
-		WOLFSSL_MSG("wolfSSL_EC_KEY_new malloc WOLFSSL_EC_GROUP failure");
-		wolfSSL_EC_KEY_free(external);
-		return NULL;
-	}
-	XMEMSET(external->group, 0, sizeof(WOLFSSL_EC_GROUP));
+    /* curve group */
+    external->group = (WOLFSSL_EC_GROUP*)XMALLOC(sizeof(WOLFSSL_EC_GROUP), NULL,
+                                                 DYNAMIC_TYPE_ECC);
+    if (external->group == NULL) {
+        WOLFSSL_MSG("wolfSSL_EC_KEY_new malloc WOLFSSL_EC_GROUP failure");
+        wolfSSL_EC_KEY_free(external);
+        return NULL;
+    }
+    XMEMSET(external->group, 0, sizeof(WOLFSSL_EC_GROUP));
 
-	/* private key */
-	external->priv_key = wolfSSL_BN_new();
-	if (external->priv_key == NULL) {
-		WOLFSSL_MSG("wolfSSL_BN_new failure");
-		wolfSSL_EC_KEY_free(external);
-		return NULL;
-	}
+    /* private key */
+    external->priv_key = wolfSSL_BN_new();
+    if (external->priv_key == NULL) {
+        WOLFSSL_MSG("wolfSSL_BN_new failure");
+        wolfSSL_EC_KEY_free(external);
+        return NULL;
+    }
 
-	return external;
+    return external;
 }
 
 void wolfSSL_EC_KEY_free(WOLFSSL_EC_KEY *key)
 {
-	WOLFSSL_ENTER("wolfSSL_EC_KEY_free");
+    WOLFSSL_ENTER("wolfSSL_EC_KEY_free");
 
-	if (key != NULL) {
-		if (key->internal != NULL) {
-			wc_ecc_free((ecc_key*)key->internal);
-			XFREE(key->internal, NULL, DYNAMIC_TYPE_ECC);
-		}
-		wolfSSL_BN_free(key->priv_key);
-		wolfSSL_EC_POINT_free(key->pub_key);
-		wolfSSL_EC_GROUP_free(key->group);
-		InitwolfSSL_ECKey(key); /* set back to NULLs for safety */
+    if (key != NULL) {
+        if (key->internal != NULL) {
+            wc_ecc_free((ecc_key*)key->internal);
+            XFREE(key->internal, NULL, DYNAMIC_TYPE_ECC);
+        }
+        wolfSSL_BN_free(key->priv_key);
+        wolfSSL_EC_POINT_free(key->pub_key);
+        wolfSSL_EC_GROUP_free(key->group);
+        InitwolfSSL_ECKey(key); /* set back to NULLs for safety */
 
-		XFREE(key, NULL, DYNAMIC_TYPE_ECC);
-		key = NULL;
-	}
+        XFREE(key, NULL, DYNAMIC_TYPE_ECC);
+        key = NULL;
+    }
 }
 
 int wolfSSL_EC_KEY_set_group(WOLFSSL_EC_KEY *key, WOLFSSL_EC_GROUP *group)
 {
-	(void)key;
-	(void)group;
+    (void)key;
+    (void)group;
 
-	WOLFSSL_ENTER("wolfSSL_EC_KEY_set_group");
-	WOLFSSL_MSG("wolfSSL_EC_KEY_set_group TBD");
+    WOLFSSL_ENTER("wolfSSL_EC_KEY_set_group");
+    WOLFSSL_MSG("wolfSSL_EC_KEY_set_group TBD");
 
-	return -1;
+    return -1;
 }
 
 int wolfSSL_EC_KEY_generate_key(WOLFSSL_EC_KEY *key)
 {
-	int    initTmpRng = 0;
-	RNG*   rng = NULL;
+    int    initTmpRng = 0;
+    RNG*   rng = NULL;
 #ifdef WOLFSSL_SMALL_STACK
-	RNG*   tmpRNG = NULL;
+    RNG*   tmpRNG = NULL;
 #else
-	RNG    tmpRNG[1];
+    RNG    tmpRNG[1];
 #endif
 
-	WOLFSSL_ENTER("wolfSSL_EC_KEY_generate_key");
+    WOLFSSL_ENTER("wolfSSL_EC_KEY_generate_key");
 
-	if (key == NULL || key->internal == NULL || key->group == NULL || key->group->curve_idx < 0) {
-		WOLFSSL_MSG("wolfSSL_EC_KEY_generate_key Bad arguments");
-		return 0;
-	}
+    if (key == NULL || key->internal == NULL ||
+        key->group == NULL || key->group->curve_idx < 0) {
+        WOLFSSL_MSG("wolfSSL_EC_KEY_generate_key Bad arguments");
+        return 0;
+    }
 
 #ifdef WOLFSSL_SMALL_STACK
-	tmpRNG = (RNG*)XMALLOC(sizeof(RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
-	if (tmpRNG == NULL)
-		return 0;
+    tmpRNG = (RNG*)XMALLOC(sizeof(RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    if (tmpRNG == NULL)
+        return 0;
 #endif
 
-	if (wc_InitRng(tmpRNG) == 0) {
-		rng = tmpRNG;
-		initTmpRng = 1;
-	}
-	else {
-		WOLFSSL_MSG("Bad RNG Init, trying global");
-		if (initGlobalRNG == 0)
-			WOLFSSL_MSG("Global RNG no Init");
-		else
-			rng = &globalRNG;
-	}
+    if (wc_InitRng(tmpRNG) == 0) {
+        rng = tmpRNG;
+        initTmpRng = 1;
+    }
+    else {
+        WOLFSSL_MSG("Bad RNG Init, trying global");
+        if (initGlobalRNG == 0)
+            WOLFSSL_MSG("Global RNG no Init");
+        else
+            rng = &globalRNG;
+    }
 
-	if (rng == NULL) {
-		WOLFSSL_MSG("wolfSSL_EC_KEY_generate_key failed to set RNG");
+    if (rng == NULL) {
+        WOLFSSL_MSG("wolfSSL_EC_KEY_generate_key failed to set RNG");
 #ifdef WOLFSSL_SMALL_STACK
-		XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
-		return 0;
-	}
+        return 0;
+    }
 
-	if (wc_ecc_make_key(rng, ecc_sets[key->group->curve_idx].size, (ecc_key*)key->internal) != MP_OKAY) {
-		WOLFSSL_MSG("wolfSSL_EC_KEY_generate_key wc_ecc_make_key failed");
+    if (wc_ecc_make_key(rng, ecc_sets[key->group->curve_idx].size,
+                        (ecc_key*)key->internal) != MP_OKAY) {
+        WOLFSSL_MSG("wolfSSL_EC_KEY_generate_key wc_ecc_make_key failed");
 #ifdef WOLFSSL_SMALL_STACK
-		XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
-		return 0;
-	}
+        return 0;
+    }
 
-	if (initTmpRng)
-		wc_FreeRng(tmpRNG);
+    if (initTmpRng)
+        wc_FreeRng(tmpRNG);
 #ifdef WOLFSSL_SMALL_STACK
-	XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
-	if (SetECKeyExternal(key) < 0) {
-		WOLFSSL_MSG("wolfSSL_EC_KEY_generate_key SetECKeyExternal failed");
-		return 0;
-	}
+    if (SetECKeyExternal(key) != SSL_SUCCESS) {
+        WOLFSSL_MSG("wolfSSL_EC_KEY_generate_key SetECKeyExternal failed");
+        return 0;
+    }
 
-	return 1;
+    return 1;
 }
 
-void wolfSSL_EC_KEY_set_asn1_flag(WOLFSSL_EC_KEY *key, int asn1_flag){
-	(void)key;
-	(void)asn1_flag;
-
-	WOLFSSL_ENTER("wolfSSL_EC_KEY_set_asn1_flag");
-	WOLFSSL_MSG("wolfSSL_EC_KEY_set_asn1_flag TBD");
-}
-
-int wolfSSL_EC_KEY_set_public_key(WOLFSSL_EC_KEY *key, const WOLFSSL_EC_POINT *pub)
+void wolfSSL_EC_KEY_set_asn1_flag(WOLFSSL_EC_KEY *key, int asn1_flag)
 {
-	ecc_point *pub_p, *key_p;
+    (void)key;
+    (void)asn1_flag;
 
-	WOLFSSL_ENTER("wolfSSL_EC_KEY_set_public_key");
+    WOLFSSL_ENTER("wolfSSL_EC_KEY_set_asn1_flag");
+    WOLFSSL_MSG("wolfSSL_EC_KEY_set_asn1_flag TBD");
+}
 
-	if (key == NULL || key->internal == NULL || pub == NULL || pub->internal == NULL) {
-		WOLFSSL_MSG("wolfSSL_EC_GROUP_get_order Bad arguments");
-		return 0;
-	}
+/* return code compliant with OpenSSL :
+ *   1 if success, 0 if error
+ */
+int wolfSSL_EC_KEY_set_public_key(WOLFSSL_EC_KEY *key,
+                                  const WOLFSSL_EC_POINT *pub)
+{
+    ecc_point *pub_p, *key_p;
 
-	if (key->inSet == 0) {
-		if (SetECKeyInternal(key) < 0) {
-			WOLFSSL_MSG("SetECKeyInternal failed");
-			return 0;
-		}
-	}
+    WOLFSSL_ENTER("wolfSSL_EC_KEY_set_public_key");
 
-	if (pub->inSet == 0) {
-		if (SetECPointInternal((WOLFSSL_EC_POINT *)pub) < 0) {
-			WOLFSSL_MSG("SetECPointInternal failed");
-			return 0;
-		}
-	}
+    if (key == NULL || key->internal == NULL ||
+        pub == NULL || pub->internal == NULL) {
+        WOLFSSL_MSG("wolfSSL_EC_GROUP_get_order Bad arguments");
+        return SSL_FAILURE;
+    }
 
-	pub_p = (ecc_point*)pub->internal;
-	key_p = (ecc_point*)key->pub_key->internal;
+    if (key->inSet == 0) {
+        if (SetECKeyInternal(key) != SSL_SUCCESS) {
+            WOLFSSL_MSG("SetECKeyInternal failed");
+            return SSL_FAILURE;
+        }
+    }
 
-	/* create new point if required */
-	if (key_p == NULL)
-		key_p = ecc_new_point();
+    if (pub->inSet == 0) {
+        if (SetECPointInternal((WOLFSSL_EC_POINT *)pub) != SSL_SUCCESS) {
+            WOLFSSL_MSG("SetECPointInternal failed");
+            return SSL_FAILURE;
+        }
+    }
 
-	if (key_p == NULL) {
-		WOLFSSL_MSG("key ecc point NULL");
-		return 0;
-	}
+    pub_p = (ecc_point*)pub->internal;
+    key_p = (ecc_point*)key->pub_key->internal;
 
-	if (ecc_copy_point(pub_p, key_p) != 1) {
-		WOLFSSL_MSG("ecc_copy_point failure");
-		return 0;
-	}
+    /* create new point if required */
+    if (key_p == NULL)
+        key_p = ecc_new_point();
 
-	if (SetECKeyExternal(key) < 0) {
-		WOLFSSL_MSG("SetECKeyInternal failed");
-		return 0;
-	}
+    if (key_p == NULL) {
+        WOLFSSL_MSG("key ecc point NULL");
+        return SSL_FAILURE;
+    }
+
+    if (ecc_copy_point(pub_p, key_p) != MP_OKAY) {
+        WOLFSSL_MSG("ecc_copy_point failure");
+        return SSL_FAILURE;
+    }
+
+    if (SetECKeyExternal(key) != SSL_SUCCESS) {
+        WOLFSSL_MSG("SetECKeyInternal failed");
+        return SSL_FAILURE;
+    }
 
 #ifdef DEBUG_WOLFSSL
-	wolfssl_EC_POINT_dump("pub", pub);
-	wolfssl_EC_POINT_dump("key->pub_key", key->pub_key);
+    wolfssl_EC_POINT_dump("pub", pub);
+    wolfssl_EC_POINT_dump("key->pub_key", key->pub_key);
 #endif
-	return 1;
+    return SSL_SUCCESS;
 
 }
 /* End EC_KEY */
@@ -13665,415 +13778,452 @@ int wolfSSL_EC_KEY_set_public_key(WOLFSSL_EC_KEY *key, const WOLFSSL_EC_POINT *p
 #ifdef DEBUG_WOLFSSL
 void wolfssl_EC_POINT_dump(const char *msg, const WOLFSSL_EC_POINT *p)
 {
-	char *num;
+    char *num;
 
-	WOLFSSL_ENTER("wolfssl_EC_POINT_dump");
+    WOLFSSL_ENTER("wolfssl_EC_POINT_dump");
 
-	if (p == NULL) {
-		fprintf(stderr, "%s = NULL", msg);
-		return ;
-	}
+    if (p == NULL) {
+        fprintf(stderr, "%s = NULL", msg);
+        return ;
+    }
 
-	fprintf(stderr, "%s:\n\tinSet=%d, exSet=%d\n", msg, p->inSet, p->exSet);
-	num = wolfSSL_BN_bn2hex(p->X);
-	fprintf(stderr, "\tX = %s\n", num);
-	XFREE(num, NULL, DYNAMIC_TYPE_ECC);
-	num = wolfSSL_BN_bn2hex(p->Y);
-	fprintf(stderr, "\tY = %s\n", num);
-	XFREE(num, NULL, DYNAMIC_TYPE_ECC);
+    fprintf(stderr, "%s:\n\tinSet=%d, exSet=%d\n", msg, p->inSet, p->exSet);
+    num = wolfSSL_BN_bn2hex(p->X);
+    fprintf(stderr, "\tX = %s\n", num);
+    XFREE(num, NULL, DYNAMIC_TYPE_ECC);
+    num = wolfSSL_BN_bn2hex(p->Y);
+    fprintf(stderr, "\tY = %s\n", num);
+    XFREE(num, NULL, DYNAMIC_TYPE_ECC);
 }
 #endif
 
 /* Start EC_GROUP */
 
-/* return 0 if equal, 1 if not and -1 in case of error */
-int wolfSSL_EC_GROUP_cmp(const WOLFSSL_EC_GROUP *a, const WOLFSSL_EC_GROUP *b, WOLFSSL_BN_CTX *ctx)
+/* return code compliant with OpenSSL :
+ *   0 if equal, 1 if not and -1 in case of error
+ */
+int wolfSSL_EC_GROUP_cmp(const WOLFSSL_EC_GROUP *a, const WOLFSSL_EC_GROUP *b,
+                         WOLFSSL_BN_CTX *ctx)
 {
-	(void)ctx;
+    (void)ctx;
 
-	WOLFSSL_ENTER("wolfSSL_EC_GROUP_cmp");
+    WOLFSSL_ENTER("wolfSSL_EC_GROUP_cmp");
 
-	if (a == NULL || b == NULL) {
-		WOLFSSL_MSG("wolfSSL_EC_GROUP_cmp Bad arguments");
-		return -1;
-	}
+    if (a == NULL || b == NULL) {
+        WOLFSSL_MSG("wolfSSL_EC_GROUP_cmp Bad arguments");
+        return SSL_FATAL_ERROR;
+    }
 
-	/* ok */
-	if ((a->curve_idx == b->curve_idx) && (a->curve_nid == b->curve_nid))
-		return 0;
+    /* ok */
+    if ((a->curve_idx == b->curve_idx) && (a->curve_nid == b->curve_nid))
+        return 0;
 
-	/* ko */
-	return 1;
+    /* ko */
+    return 1;
 }
 
 void wolfSSL_EC_GROUP_free(WOLFSSL_EC_GROUP *group)
 {
-	WOLFSSL_ENTER("wolfSSL_EC_GROUP_free");
+    WOLFSSL_ENTER("wolfSSL_EC_GROUP_free");
 
-	XFREE(group, NULL, DYNAMIC_TYPE_ECC);
+    XFREE(group, NULL, DYNAMIC_TYPE_ECC);
 }
 
 void wolfSSL_EC_GROUP_set_asn1_flag(WOLFSSL_EC_GROUP *group, int flag)
 {
-	(void)group;
-	(void)flag;
+    (void)group;
+    (void)flag;
 
-	WOLFSSL_ENTER("wolfSSL_EC_GROUP_set_asn1_flag");
-	WOLFSSL_MSG("wolfSSL_EC_GROUP_set_asn1_flag TBD");
+    WOLFSSL_ENTER("wolfSSL_EC_GROUP_set_asn1_flag");
+    WOLFSSL_MSG("wolfSSL_EC_GROUP_set_asn1_flag TBD");
 }
 
 WOLFSSL_EC_GROUP *wolfSSL_EC_GROUP_new_by_curve_name(int nid)
 {
-	WOLFSSL_EC_GROUP *g;
-	int x;
+    WOLFSSL_EC_GROUP *g;
+    int x;
 
-	WOLFSSL_ENTER("wolfSSL_EC_GROUP_new_by_curve_name");
+    WOLFSSL_ENTER("wolfSSL_EC_GROUP_new_by_curve_name");
 
-	/* curve group */
-	g = (WOLFSSL_EC_GROUP*) XMALLOC(sizeof(WOLFSSL_EC_GROUP), NULL, DYNAMIC_TYPE_ECC);
-	if (g == NULL) {
-		WOLFSSL_MSG("wolfSSL_EC_GROUP_new_by_curve_name malloc failure");
-		return NULL;
-	}
-	XMEMSET(g, 0, sizeof(WOLFSSL_EC_GROUP));
+    /* curve group */
+    g = (WOLFSSL_EC_GROUP*) XMALLOC(sizeof(WOLFSSL_EC_GROUP), NULL,
+                                    DYNAMIC_TYPE_ECC);
+    if (g == NULL) {
+        WOLFSSL_MSG("wolfSSL_EC_GROUP_new_by_curve_name malloc failure");
+        return NULL;
+    }
+    XMEMSET(g, 0, sizeof(WOLFSSL_EC_GROUP));
 
-	/* set the nid of the curve */
-	g->curve_nid = nid;
+    /* set the nid of the curve */
+    g->curve_nid = nid;
 
-	/* search and set the corresponding internal curve idx */
-	for (x = 0; ecc_sets[x].size != 0; x++)
-		if (ecc_sets[x].nid == g->curve_nid) {
-			g->curve_idx = x;
-			break;
-		}
+    /* search and set the corresponding internal curve idx */
+    for (x = 0; ecc_sets[x].size != 0; x++)
+        if (ecc_sets[x].nid == g->curve_nid) {
+            g->curve_idx = x;
+            break;
+        }
 
-	return g;
+    return g;
 }
 
+/* return code compliant with OpenSSL :
+ *   the curve nid if success, 0 if error
+ */
 int wolfSSL_EC_GROUP_get_curve_name(const WOLFSSL_EC_GROUP *group)
 {
-	WOLFSSL_ENTER("wolfSSL_EC_GROUP_get_curve_name");
+    WOLFSSL_ENTER("wolfSSL_EC_GROUP_get_curve_name");
 
-	if (group == NULL) {
-		WOLFSSL_MSG("wolfSSL_EC_GROUP_get_curve_name Bad arguments");
-		return -1;
-	}
+    if (group == NULL) {
+        WOLFSSL_MSG("wolfSSL_EC_GROUP_get_curve_name Bad arguments");
+        return SSL_FAILURE;
+    }
 
-	return group->curve_nid;
+    return group->curve_nid;
 }
 
+/* return code compliant with OpenSSL :
+ *   the degree of the curve if success, 0 if error
+ */
 int wolfSSL_EC_GROUP_get_degree(const WOLFSSL_EC_GROUP *group)
 {
-	WOLFSSL_ENTER("wolfSSL_EC_GROUP_get_degree");
+    WOLFSSL_ENTER("wolfSSL_EC_GROUP_get_degree");
 
-	if (group == NULL || group->curve_idx < 0) {
-		WOLFSSL_MSG("wolfSSL_EC_GROUP_get_degree Bad arguments");
-		return 0;
-	}
+    if (group == NULL || group->curve_idx < 0) {
+        WOLFSSL_MSG("wolfSSL_EC_GROUP_get_degree Bad arguments");
+        return SSL_FAILURE;
+    }
 
-	switch(group->curve_nid) {
-		case NID_X9_62_prime256v1:
-			return 256;
-			break;
-		case NID_secp384r1:
-			return 384;
-			break;
-		case NID_secp521r1:
-			return 521;
-			break;
-		default :
-			return 0;
-			break;
-	}
+    switch(group->curve_nid) {
+        case NID_X9_62_prime256v1:
+            return 256;
+            break;
+        case NID_secp384r1:
+            return 384;
+            break;
+        case NID_secp521r1:
+            return 521;
+            break;
+        default :
+            return SSL_FAILURE;
+            break;
+    }
 
-	return 0;
+    return SSL_FAILURE;
 }
 
-int wolfSSL_EC_GROUP_get_order(const WOLFSSL_EC_GROUP *group, WOLFSSL_BIGNUM *order, WOLFSSL_BN_CTX *ctx)
+/* return code compliant with OpenSSL :
+ *   1 if success, 0 if error
+ */
+int wolfSSL_EC_GROUP_get_order(const WOLFSSL_EC_GROUP *group,
+                               WOLFSSL_BIGNUM *order, WOLFSSL_BN_CTX *ctx)
 {
-	(void)ctx;
+    (void)ctx;
 
-	if (group == NULL || order == NULL || order->internal == NULL) {
-		WOLFSSL_MSG("wolfSSL_EC_GROUP_get_order NULL error");
-		return SSL_FATAL_ERROR;
-	}
+    if (group == NULL || order == NULL || order->internal == NULL) {
+        WOLFSSL_MSG("wolfSSL_EC_GROUP_get_order NULL error");
+        return SSL_FAILURE;
+    }
 
-	if (mp_init(order->internal) != MP_OKAY) {
-		WOLFSSL_MSG("wolfSSL_EC_GROUP_get_order mp_init failure");
-		return 0;
-	}
+    if (mp_init(order->internal) != MP_OKAY) {
+        WOLFSSL_MSG("wolfSSL_EC_GROUP_get_order mp_init failure");
+        return SSL_FAILURE;
+    }
 
-	if (mp_read_radix(order->internal, ecc_sets[group->curve_idx].order, 16) != MP_OKAY) {
-		WOLFSSL_MSG("wolfSSL_EC_GROUP_get_order mp_read order failure");
-		mp_clear(order->internal);
-		return 0;
-	}
+    if (mp_read_radix(order->internal, ecc_sets[group->curve_idx].order,
+                      16) != MP_OKAY) {
+        WOLFSSL_MSG("wolfSSL_EC_GROUP_get_order mp_read order failure");
+        mp_clear(order->internal);
+        return SSL_FAILURE;
+    }
 
-	return 1;
+    return SSL_SUCCESS;
 }
 /* End EC_GROUP */
 
 /* Start EC_POINT */
 
-int wolfSSL_ECPoint_i2d(const WOLFSSL_EC_GROUP *group, const WOLFSSL_EC_POINT *p, unsigned char *out, unsigned int *len)
+/* return code compliant with OpenSSL :
+ *   1 if success, 0 if error
+ */
+int wolfSSL_ECPoint_i2d(const WOLFSSL_EC_GROUP *group,
+                        const WOLFSSL_EC_POINT *p,
+                        unsigned char *out, unsigned int *len)
 {
-	int err;
+    int err;
 
-	WOLFSSL_ENTER("wolfSSL_ECPoint_i2d");
+    WOLFSSL_ENTER("wolfSSL_ECPoint_i2d");
 
-	if (group == NULL || p == NULL || len == NULL) {
-		WOLFSSL_MSG("wolfSSL_ECPoint_i2d NULL error");
-		return 0;
-	}
+    if (group == NULL || p == NULL || len == NULL) {
+        WOLFSSL_MSG("wolfSSL_ECPoint_i2d NULL error");
+        return SSL_FAILURE;
+    }
 
-	if (p->inSet == 0) {
-		WOLFSSL_MSG("No ECPoint internal set, do it");
+    if (p->inSet == 0) {
+        WOLFSSL_MSG("No ECPoint internal set, do it");
 
-		if (SetECPointInternal((WOLFSSL_EC_POINT *)p) < 0) {
-			WOLFSSL_MSG("SetECPointInternal SetECPointInternal failed");
-			return 0;
-		}
-	}
+        if (SetECPointInternal((WOLFSSL_EC_POINT *)p) != SSL_SUCCESS) {
+            WOLFSSL_MSG("SetECPointInternal SetECPointInternal failed");
+            return SSL_FAILURE;
+        }
+    }
 
 #ifdef DEBUG_WOLFSSL
-	if (out != NULL)
-		wolfssl_EC_POINT_dump("i2d p", p);
+    if (out != NULL)
+        wolfssl_EC_POINT_dump("i2d p", p);
 #endif
-	err = wc_ecc_export_point_der(group->curve_idx, p->internal, out, len);
-	if (err != MP_OKAY && !(out == NULL && err == LENGTH_ONLY_E)) {
-		WOLFSSL_MSG("wolfSSL_ECPoint_i2d wc_ecc_export_point_der failed");
-		return 0;
-	}
+    err = wc_ecc_export_point_der(group->curve_idx, p->internal, out, len);
+    if (err != MP_OKAY && !(out == NULL && err == LENGTH_ONLY_E)) {
+        WOLFSSL_MSG("wolfSSL_ECPoint_i2d wc_ecc_export_point_der failed");
+        return SSL_FAILURE;
+    }
 
-	return 1;
+    return SSL_SUCCESS;
 }
 
-int wolfSSL_ECPoint_d2i(unsigned char *in, unsigned int len, const WOLFSSL_EC_GROUP *group, WOLFSSL_EC_POINT *p)
+/* return code compliant with OpenSSL :
+ *   1 if success, 0 if error
+ */
+int wolfSSL_ECPoint_d2i(unsigned char *in, unsigned int len,
+                        const WOLFSSL_EC_GROUP *group, WOLFSSL_EC_POINT *p)
 {
-	WOLFSSL_ENTER("wolfSSL_ECPoint_d2i");
+    WOLFSSL_ENTER("wolfSSL_ECPoint_d2i");
 
-	if (group == NULL || p == NULL || p->internal == NULL || in == NULL) {
-		WOLFSSL_MSG("wolfSSL_ECPoint_d2i NULL error");
-		return 0;
-	}
+    if (group == NULL || p == NULL || p->internal == NULL || in == NULL) {
+        WOLFSSL_MSG("wolfSSL_ECPoint_d2i NULL error");
+        return SSL_FAILURE;
+    }
 
-	if (wc_ecc_import_point_der(in, len, group->curve_idx, p->internal) != MP_OKAY) {
-		WOLFSSL_MSG("wc_ecc_import_point_der failed");
-		return 0;
-	}
+    if (wc_ecc_import_point_der(in, len, group->curve_idx,
+                                p->internal) != MP_OKAY) {
+        WOLFSSL_MSG("wc_ecc_import_point_der failed");
+        return SSL_FAILURE;
+    }
 
-	if (p->exSet == 0) {
-		WOLFSSL_MSG("No ECPoint external set, do it");
+    if (p->exSet == 0) {
+        WOLFSSL_MSG("No ECPoint external set, do it");
 
-		if (SetECPointExternal(p) < 0) {
-			WOLFSSL_MSG("SetECPointExternal failed");
-			return 0;
-		}
-	}
+        if (SetECPointExternal(p) != SSL_SUCCESS) {
+            WOLFSSL_MSG("SetECPointExternal failed");
+            return SSL_FAILURE;
+        }
+    }
 
 #ifdef DEBUG_WOLFSSL
-	wolfssl_EC_POINT_dump("d2i p", p);
+    wolfssl_EC_POINT_dump("d2i p", p);
 #endif
-	return 1;
+    return SSL_SUCCESS;
 }
 
 WOLFSSL_EC_POINT *wolfSSL_EC_POINT_new(const WOLFSSL_EC_GROUP *group)
 {
-	WOLFSSL_EC_POINT *p;
+    WOLFSSL_EC_POINT *p;
 
-	WOLFSSL_ENTER("wolfSSL_EC_POINT_new");
+    WOLFSSL_ENTER("wolfSSL_EC_POINT_new");
 
-	if (group == NULL) {
-		WOLFSSL_MSG("wolfSSL_EC_POINT_new NULL error");
-		return NULL;
-	}
+    if (group == NULL) {
+        WOLFSSL_MSG("wolfSSL_EC_POINT_new NULL error");
+        return NULL;
+    }
 
-	p = (WOLFSSL_EC_POINT *)XMALLOC(sizeof(WOLFSSL_EC_POINT), NULL, DYNAMIC_TYPE_ECC);
-	if (p == NULL) {
-		WOLFSSL_MSG("wolfSSL_EC_POINT_new malloc ecc point failure");
-		return NULL;
-	}
-	XMEMSET(p, 0, sizeof(WOLFSSL_EC_POINT));
+    p = (WOLFSSL_EC_POINT *)XMALLOC(sizeof(WOLFSSL_EC_POINT), NULL,
+                                    DYNAMIC_TYPE_ECC);
+    if (p == NULL) {
+        WOLFSSL_MSG("wolfSSL_EC_POINT_new malloc ecc point failure");
+        return NULL;
+    }
+    XMEMSET(p, 0, sizeof(WOLFSSL_EC_POINT));
 
-	p->internal = ecc_new_point();
-	if (p->internal == NULL) {
-		WOLFSSL_MSG("ecc_new_point failure");
-		return NULL;
-	}
-/*
-	if (SetECPointExternal(p) < 0) {
-		WOLFSSL_MSG("SetECPointExternal failed");
-		return NULL;
-	}
-*/
-	return p;
+    p->internal = ecc_new_point();
+    if (p->internal == NULL) {
+        WOLFSSL_MSG("ecc_new_point failure");
+        return NULL;
+    }
+
+    return p;
 }
 
-int wolfSSL_EC_POINT_get_affine_coordinates_GFp(const WOLFSSL_EC_GROUP *group, const WOLFSSL_EC_POINT *point,
-												WOLFSSL_BIGNUM *x, WOLFSSL_BIGNUM *y, WOLFSSL_BN_CTX *ctx)
+/* return code compliant with OpenSSL :
+ *   1 if success, 0 if error
+ */
+int wolfSSL_EC_POINT_get_affine_coordinates_GFp(const WOLFSSL_EC_GROUP *group,
+                                                const WOLFSSL_EC_POINT *point,
+                                                WOLFSSL_BIGNUM *x,
+                                                WOLFSSL_BIGNUM *y,
+                                                WOLFSSL_BN_CTX *ctx)
 {
-	(void)ctx;
+    (void)ctx;
 
-	WOLFSSL_ENTER("wolfSSL_EC_POINT_get_affine_coordinates_GFp");
+    WOLFSSL_ENTER("wolfSSL_EC_POINT_get_affine_coordinates_GFp");
 
-	if (group == NULL || point == NULL || point->internal == NULL || x == NULL || y == NULL) {
-		WOLFSSL_MSG("wolfSSL_EC_POINT_get_affine_coordinates_GFp NULL error");
-		return 0;
-	}
+    if (group == NULL || point == NULL || point->internal == NULL ||
+        x == NULL || y == NULL) {
+        WOLFSSL_MSG("wolfSSL_EC_POINT_get_affine_coordinates_GFp NULL error");
+        return SSL_FAILURE;
+    }
 
-	if (point->inSet == 0) {
-		WOLFSSL_MSG("No ECPoint internal set, do it");
+    if (point->inSet == 0) {
+        WOLFSSL_MSG("No ECPoint internal set, do it");
 
-		if (SetECPointInternal((WOLFSSL_EC_POINT *)point) < 0) {
-			WOLFSSL_MSG("SetECPointInternal failed");
-			return 0;
-		}
-	}
+        if (SetECPointInternal((WOLFSSL_EC_POINT *)point) != SSL_SUCCESS) {
+            WOLFSSL_MSG("SetECPointInternal failed");
+            return SSL_FAILURE;
+        }
+    }
 
-	BN_copy(x, point->X);
-	BN_copy(y, point->Y);
+    BN_copy(x, point->X);
+    BN_copy(y, point->Y);
 
-	/*
-	if (mp_copy((mp_int*)p->x, (mp_int*)x->internal) != MP_OKAY) {
-		WOLFSSL_MSG("mp_copy error");
-		return 0;
-	}
-
-	if (mp_copy((mp_int*)p->y, (mp_int*)y->internal) != MP_OKAY) {
-		WOLFSSL_MSG("mp_copy error");
-		return 0;
-	}*/
-
-	return 1;
+    return SSL_SUCCESS;
 }
 
-int wolfSSL_EC_POINT_mul(const WOLFSSL_EC_GROUP *group, WOLFSSL_EC_POINT *r, const WOLFSSL_BIGNUM *n,
-						 const WOLFSSL_EC_POINT *q, const WOLFSSL_BIGNUM *m, WOLFSSL_BN_CTX *ctx)
+/* return code compliant with OpenSSL :
+ *   1 if success, 0 if error
+ */
+int wolfSSL_EC_POINT_mul(const WOLFSSL_EC_GROUP *group, WOLFSSL_EC_POINT *r,
+                         const WOLFSSL_BIGNUM *n, const WOLFSSL_EC_POINT *q,
+                         const WOLFSSL_BIGNUM *m, WOLFSSL_BN_CTX *ctx)
 {
-	(void)ctx;
-	(void)n;
+    (void)ctx;
+    (void)n;
 
-	mp_int prime;
+    mp_int prime;
 
-	WOLFSSL_ENTER("wolfSSL_EC_POINT_mul");
+    WOLFSSL_ENTER("wolfSSL_EC_POINT_mul");
 
-	if (group == NULL || r == NULL || r->internal == NULL || q == NULL || q->internal == NULL || m == NULL) {
-		WOLFSSL_MSG("wolfSSL_EC_POINT_mul NULL error");
-		return 0;
-	}
+    if (group == NULL || r == NULL || r->internal == NULL ||
+        q == NULL || q->internal == NULL || m == NULL) {
+        WOLFSSL_MSG("wolfSSL_EC_POINT_mul NULL error");
+        return SSL_FAILURE;
+    }
 
-	if (q->inSet == 0) {
-		WOLFSSL_MSG("No ECPoint internal set, do it");
+    if (q->inSet == 0) {
+        WOLFSSL_MSG("No ECPoint internal set, do it");
 
-		if (SetECPointInternal((WOLFSSL_EC_POINT *)q) < 0) {
-			WOLFSSL_MSG("SetECPointInternal failed");
-			return 0;
-		}
-	}
+        if (SetECPointInternal((WOLFSSL_EC_POINT *)q) != SSL_SUCCESS) {
+            WOLFSSL_MSG("SetECPointInternal failed");
+            return SSL_FAILURE;
+        }
+    }
 
-	/* compute the prime value of the curve */
-	if (mp_init(&prime) != MP_OKAY) {
-		WOLFSSL_MSG("wolfSSL_EC_POINT_mul init BN failed");
-		return 0;
-	}
+    /* compute the prime value of the curve */
+    if (mp_init(&prime) != MP_OKAY) {
+        WOLFSSL_MSG("wolfSSL_EC_POINT_mul init BN failed");
+        return SSL_FAILURE;
+    }
 
-	if (mp_read_radix(&prime, ecc_sets[group->curve_idx].prime, 16) != MP_OKAY) {
-		WOLFSSL_MSG("wolfSSL_EC_POINT_mul read prime curve value failed");
-		return 0;
-	}
+    if (mp_read_radix(&prime, ecc_sets[group->curve_idx].prime, 16) != MP_OKAY){
+        WOLFSSL_MSG("wolfSSL_EC_POINT_mul read prime curve value failed");
+        return SSL_FAILURE;
+    }
 
-	/* r = q * m % prime */
-	if (ecc_mulmod((mp_int*)m->internal, (ecc_point*)q->internal, (ecc_point*)r->internal, &prime, 1) != MP_OKAY) {
-		WOLFSSL_MSG("ecc_mulmod failure");
-		mp_clear(&prime);
-		return 0;
-	}
+    /* r = q * m % prime */
+    if (ecc_mulmod((mp_int*)m->internal, (ecc_point*)q->internal,
+                   (ecc_point*)r->internal, &prime, 1) != MP_OKAY) {
+        WOLFSSL_MSG("ecc_mulmod failure");
+        mp_clear(&prime);
+        return SSL_FAILURE;
+    }
 
-	mp_clear(&prime);
+    mp_clear(&prime);
 
-	/* set the external value for the computed point */
-	if (SetECPointInternal(r) < 0) {
-		WOLFSSL_MSG("SetECPointInternal failed");
-		return 0;
-	}
+    /* set the external value for the computed point */
+    if (SetECPointInternal(r) != SSL_SUCCESS) {
+        WOLFSSL_MSG("SetECPointInternal failed");
+        return SSL_FAILURE;
+    }
 
-	return 1;
+    return SSL_SUCCESS;
 }
 
 void wolfSSL_EC_POINT_clear_free(WOLFSSL_EC_POINT *p)
 {
-	WOLFSSL_ENTER("wolfSSL_EC_POINT_clear_free");
+    WOLFSSL_ENTER("wolfSSL_EC_POINT_clear_free");
 
-	return wolfSSL_EC_POINT_free(p);
+    wolfSSL_EC_POINT_free(p);
 }
 
-/* return 0 if equal, 1 if not and -1 in case of error */
-int wolfSSL_EC_POINT_cmp(const WOLFSSL_EC_GROUP *group, const WOLFSSL_EC_POINT *a,
-						 const WOLFSSL_EC_POINT *b, WOLFSSL_BN_CTX *ctx)
+/* return code compliant with OpenSSL :
+ *   0 if equal, 1 if not and -1 in case of error
+ */
+int wolfSSL_EC_POINT_cmp(const WOLFSSL_EC_GROUP *group,
+                         const WOLFSSL_EC_POINT *a, const WOLFSSL_EC_POINT *b,
+                         WOLFSSL_BN_CTX *ctx)
 {
-	(void)ctx;
+    (void)ctx;
+    int ret;
+    
+    WOLFSSL_ENTER("wolfSSL_EC_POINT_cmp");
 
-	WOLFSSL_ENTER("wolfSSL_EC_POINT_cmp");
+    if (group == NULL || a == NULL || a->internal == NULL || b == NULL ||
+        b->internal == NULL) {
+        WOLFSSL_MSG("wolfSSL_EC_POINT_cmp Bad arguments");
+        return SSL_FATAL_ERROR;
+    }
 
-	if (group == NULL || a == NULL || a->internal == NULL || b == NULL || b->internal == NULL) {
-		WOLFSSL_MSG("wolfSSL_EC_POINT_cmp Bad arguments");
-		return -1;
-	}
+    ret = ecc_cmp_point((ecc_point*)a->internal, (ecc_point*)b->internal);
+    if (ret == MP_EQ)
+        return 0;
+    else if (ret == MP_LT || ret == MP_GT)
+        return 1;
 
-	return ecc_cmp_point((ecc_point*)a->internal, (ecc_point*)b->internal);
+    return SSL_FATAL_ERROR;
 }
 
 void wolfSSL_EC_POINT_free(WOLFSSL_EC_POINT *p)
 {
-	WOLFSSL_ENTER("wolfSSL_EC_POINT_free");
+    WOLFSSL_ENTER("wolfSSL_EC_POINT_free");
 
-	if (p != NULL) {
-		if (p->internal == NULL) {
-			ecc_del_point((ecc_point*)p->internal);
-			XFREE(p->internal, NULL, DYNAMIC_TYPE_ECC);
-			p->internal = NULL;
-		}
+    if (p != NULL) {
+        if (p->internal == NULL) {
+            ecc_del_point((ecc_point*)p->internal);
+            XFREE(p->internal, NULL, DYNAMIC_TYPE_ECC);
+            p->internal = NULL;
+        }
 
-		wolfSSL_BN_free(p->X);
-		wolfSSL_BN_free(p->Y);
-		wolfSSL_BN_free(p->Z);
-		p->X = NULL;
-		p->Y = NULL;
-		p->Z = NULL;
-		p->inSet = p->exSet = 0;
+        wolfSSL_BN_free(p->X);
+        wolfSSL_BN_free(p->Y);
+        wolfSSL_BN_free(p->Z);
+        p->X = NULL;
+        p->Y = NULL;
+        p->Z = NULL;
+        p->inSet = p->exSet = 0;
 
-		XFREE(p, NULL, DYNAMIC_TYPE_ECC);
-		p = NULL;
-	}
+        XFREE(p, NULL, DYNAMIC_TYPE_ECC);
+        p = NULL;
+    }
 }
 
-
-int wolfSSL_EC_POINT_is_at_infinity(const WOLFSSL_EC_GROUP *group, const WOLFSSL_EC_POINT *point)
+/* return code compliant with OpenSSL :
+ *   1 if point at infinity, 0 else
+ */
+int wolfSSL_EC_POINT_is_at_infinity(const WOLFSSL_EC_GROUP *group,
+                                    const WOLFSSL_EC_POINT *point)
 {
-	int ret;
+    int ret;
 
-	WOLFSSL_ENTER("wolfSSL_EC_POINT_is_at_infinity");
+    WOLFSSL_ENTER("wolfSSL_EC_POINT_is_at_infinity");
 
-	if (group == NULL || point == NULL || point->internal == NULL) {
-		WOLFSSL_MSG("wolfSSL_EC_POINT_is_at_infinity NULL error");
-		return -1;
-	}
-	if (point->inSet == 0) {
-		WOLFSSL_MSG("No ECPoint internal set, do it");
+    if (group == NULL || point == NULL || point->internal == NULL) {
+        WOLFSSL_MSG("wolfSSL_EC_POINT_is_at_infinity NULL error");
+        return SSL_FAILURE;
+    }
+    if (point->inSet == 0) {
+        WOLFSSL_MSG("No ECPoint internal set, do it");
 
-		if (SetECPointInternal((WOLFSSL_EC_POINT *)point) < 0) {
-			WOLFSSL_MSG("SetECPointInternal failed");
-			return -1;
-		}
-	}
+        if (SetECPointInternal((WOLFSSL_EC_POINT *)point) != SSL_SUCCESS) {
+            WOLFSSL_MSG("SetECPointInternal failed");
+            return SSL_FAILURE;
+        }
+    }
 
-	ret = ecc_point_is_at_infinity(point->internal);
-	if (ret < 0) {
-		WOLFSSL_MSG("ecc_point_is_at_infinity failure");
-		return -1;
-	}
+    ret = ecc_point_is_at_infinity(point->internal);
+    if (ret <= 0) {
+        WOLFSSL_MSG("ecc_point_is_at_infinity failure");
+        return SSL_FAILURE;
+    }
 
-	return ret;
+    return SSL_SUCCESS;
 }
 
 /* End EC_POINT */
@@ -14081,209 +14231,229 @@ int wolfSSL_EC_POINT_is_at_infinity(const WOLFSSL_EC_GROUP *group, const WOLFSSL
 /* Start ECDSA_SIG */
 void wolfSSL_ECDSA_SIG_free(WOLFSSL_ECDSA_SIG *sig)
 {
-	WOLFSSL_ENTER("wolfSSL_ECDSA_SIG_free");
+    WOLFSSL_ENTER("wolfSSL_ECDSA_SIG_free");
 
-	if (sig) {
-		wolfSSL_BN_free(sig->r);
-		wolfSSL_BN_free(sig->s);
+    if (sig) {
+        wolfSSL_BN_free(sig->r);
+        wolfSSL_BN_free(sig->s);
 
-		XFREE(sig, NULL, DYNAMIC_TYPE_ECC);
-	}
+        XFREE(sig, NULL, DYNAMIC_TYPE_ECC);
+    }
 }
 
 WOLFSSL_ECDSA_SIG *wolfSSL_ECDSA_SIG_new(void)
 {
-	WOLFSSL_ECDSA_SIG *sig;
+    WOLFSSL_ECDSA_SIG *sig;
 
-	WOLFSSL_ENTER("wolfSSL_ECDSA_SIG_new");
+    WOLFSSL_ENTER("wolfSSL_ECDSA_SIG_new");
 
-	sig = (WOLFSSL_ECDSA_SIG*) XMALLOC(sizeof(WOLFSSL_ECDSA_SIG), NULL, DYNAMIC_TYPE_ECC);
-	if (sig == NULL) {
-		WOLFSSL_MSG("wolfSSL_ECDSA_SIG_new malloc ECDSA signature failure");
-		return NULL;
-	}
+    sig = (WOLFSSL_ECDSA_SIG*) XMALLOC(sizeof(WOLFSSL_ECDSA_SIG), NULL,
+                                       DYNAMIC_TYPE_ECC);
+    if (sig == NULL) {
+        WOLFSSL_MSG("wolfSSL_ECDSA_SIG_new malloc ECDSA signature failure");
+        return NULL;
+    }
 
-	sig->r = wolfSSL_BN_new();
-	if (sig->r == NULL) {
-		WOLFSSL_MSG("wolfSSL_ECDSA_SIG_new malloc ECDSA r failure");
-		wolfSSL_ECDSA_SIG_free(sig);
-		return NULL;
-	}
+    sig->r = wolfSSL_BN_new();
+    if (sig->r == NULL) {
+        WOLFSSL_MSG("wolfSSL_ECDSA_SIG_new malloc ECDSA r failure");
+        wolfSSL_ECDSA_SIG_free(sig);
+        return NULL;
+    }
 
-	sig->s = wolfSSL_BN_new();
-	if (sig->s == NULL) {
-		WOLFSSL_MSG("wolfSSL_ECDSA_SIG_new malloc ECDSA s failure");
-		wolfSSL_ECDSA_SIG_free(sig);
-		return NULL;
-	}
+    sig->s = wolfSSL_BN_new();
+    if (sig->s == NULL) {
+        WOLFSSL_MSG("wolfSSL_ECDSA_SIG_new malloc ECDSA s failure");
+        wolfSSL_ECDSA_SIG_free(sig);
+        return NULL;
+    }
 
-	return sig;
+    return sig;
 }
 
 /* return signature structure on success, NULL otherwise */
-WOLFSSL_ECDSA_SIG *wolfSSL_ECDSA_do_sign(const unsigned char *d, int dlen, WOLFSSL_EC_KEY *key)
+WOLFSSL_ECDSA_SIG *wolfSSL_ECDSA_do_sign(const unsigned char *d, int dlen,
+                                         WOLFSSL_EC_KEY *key)
 {
-	WOLFSSL_ECDSA_SIG *sig = NULL;
-	int    initTmpRng = 0;
-	RNG*   rng = NULL;
+    WOLFSSL_ECDSA_SIG *sig = NULL;
+    int    initTmpRng = 0;
+    RNG*   rng = NULL;
 #ifdef WOLFSSL_SMALL_STACK
-	RNG*   tmpRNG = NULL;
+    RNG*   tmpRNG = NULL;
 #else
-	RNG    tmpRNG[1];
+    RNG    tmpRNG[1];
 #endif
 
-	WOLFSSL_ENTER("wolfSSL_ECDSA_do_sign");
+    WOLFSSL_ENTER("wolfSSL_ECDSA_do_sign");
 
-	if (d == NULL || key == NULL || key->internal == NULL) {
-		WOLFSSL_MSG("wolfSSL_ECDSA_do_sign Bad arguments");
-		return NULL;
-	}
+    if (d == NULL || key == NULL || key->internal == NULL) {
+        WOLFSSL_MSG("wolfSSL_ECDSA_do_sign Bad arguments");
+        return NULL;
+    }
 
-	/* set internal key if not done */
-	if (key->inSet == 0)
-	{
-		WOLFSSL_MSG("wolfSSL_ECDSA_do_sign No EC key internal set, do it");
+    /* set internal key if not done */
+    if (key->inSet == 0)
+    {
+        WOLFSSL_MSG("wolfSSL_ECDSA_do_sign No EC key internal set, do it");
 
-		if (SetECKeyInternal(key) < 0) {
-			WOLFSSL_MSG("wolfSSL_ECDSA_do_sign SetECKeyInternal failed");
-			return NULL;
-		}
-	}
+        if (SetECKeyInternal(key) != SSL_SUCCESS) {
+            WOLFSSL_MSG("wolfSSL_ECDSA_do_sign SetECKeyInternal failed");
+            return NULL;
+        }
+    }
 
 #ifdef WOLFSSL_SMALL_STACK
-	tmpRNG = (RNG*)XMALLOC(sizeof(RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
-	if (tmpRNG == NULL)
-		return NULL;
+    tmpRNG = (RNG*)XMALLOC(sizeof(RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    if (tmpRNG == NULL)
+        return NULL;
 #endif
 
-	if (wc_InitRng(tmpRNG) == 0) {
-		rng = tmpRNG;
-		initTmpRng = 1;
-	}
-	else {
-		WOLFSSL_MSG("wolfSSL_ECDSA_do_sign Bad RNG Init, trying global");
-		if (initGlobalRNG == 0)
-			WOLFSSL_MSG("wolfSSL_ECDSA_do_sign Global RNG no Init");
-		else
-			rng = &globalRNG;
-	}
+    if (wc_InitRng(tmpRNG) == 0) {
+        rng = tmpRNG;
+        initTmpRng = 1;
+    }
+    else {
+        WOLFSSL_MSG("wolfSSL_ECDSA_do_sign Bad RNG Init, trying global");
+        if (initGlobalRNG == 0)
+            WOLFSSL_MSG("wolfSSL_ECDSA_do_sign Global RNG no Init");
+        else
+            rng = &globalRNG;
+    }
 
-	if (rng) {
-		mp_int sig_r, sig_s;
+    if (rng) {
+        mp_int sig_r, sig_s;
 
-		if (mp_init_multi(&sig_r, &sig_s, NULL, NULL, NULL, NULL) == MP_OKAY) {
-			if (wc_ecc_sign_hash_ex(d, dlen, rng, (ecc_key*)key->internal, &sig_r, &sig_s) != MP_OKAY)
-				WOLFSSL_MSG("wc_ecc_sign_hash_ex failed");
-			else {
-				/* put signature blob in ECDSA structure */
-				sig = wolfSSL_ECDSA_SIG_new();
-				if (sig == NULL)
-					WOLFSSL_MSG("wolfSSL_ECDSA_SIG_new failed");
-				else if (SetIndividualExternal(&(sig->r), &sig_r) < 0) {
-					WOLFSSL_MSG("ecdsa r key error");
-					wolfSSL_ECDSA_SIG_free(sig);
-				}
-				else if (SetIndividualExternal(&(sig->s), &sig_s) < 0) {
-					WOLFSSL_MSG("ecdsa s key error");
-					wolfSSL_ECDSA_SIG_free(sig);
-				}
+        if (mp_init_multi(&sig_r, &sig_s, NULL, NULL, NULL, NULL) == MP_OKAY) {
+            if (wc_ecc_sign_hash_ex(d, dlen, rng, (ecc_key*)key->internal,
+                                    &sig_r, &sig_s) != MP_OKAY) {
+                WOLFSSL_MSG("wc_ecc_sign_hash_ex failed");
+            }
+            else {
+                /* put signature blob in ECDSA structure */
+                sig = wolfSSL_ECDSA_SIG_new();
+                if (sig == NULL)
+                    WOLFSSL_MSG("wolfSSL_ECDSA_SIG_new failed");
+                else if (SetIndividualExternal(&(sig->r), &sig_r)!=SSL_SUCCESS){
+                    WOLFSSL_MSG("ecdsa r key error");
+                    wolfSSL_ECDSA_SIG_free(sig);
+                }
+                else if (SetIndividualExternal(&(sig->s), &sig_s)!=SSL_SUCCESS){
+                    WOLFSSL_MSG("ecdsa s key error");
+                    wolfSSL_ECDSA_SIG_free(sig);
+                }
 
-				mp_clear(&sig_r);
-				mp_clear(&sig_s);
-			}
-		}
-	}
+                mp_clear(&sig_r);
+                mp_clear(&sig_s);
+            }
+        }
+    }
 
-	if (initTmpRng)
-		wc_FreeRng(tmpRNG);
+    if (initTmpRng)
+        wc_FreeRng(tmpRNG);
 #ifdef WOLFSSL_SMALL_STACK
-	XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
-	return sig;
+    return sig;
 }
 
-int wolfSSL_ECDSA_do_verify(const unsigned char *d, int dlen, const WOLFSSL_ECDSA_SIG *sig, WOLFSSL_EC_KEY *key)
+/* return code compliant with OpenSSL :
+ *   1 for a valid signature, 0 for an invalid signature and -1 on error
+ */
+int wolfSSL_ECDSA_do_verify(const unsigned char *d, int dlen,
+                            const WOLFSSL_ECDSA_SIG *sig, WOLFSSL_EC_KEY *key)
 {
-	int check_sign = 0;
+    int check_sign = 0;
 
-	WOLFSSL_ENTER("wolfSSL_ECDSA_do_verify");
+    WOLFSSL_ENTER("wolfSSL_ECDSA_do_verify");
 
-	if (d == NULL || sig == NULL || key == NULL || key->internal == NULL) {
-		WOLFSSL_MSG("wolfSSL_ECDSA_do_verify Bad arguments");
-		return -1;
-	}
+    if (d == NULL || sig == NULL || key == NULL || key->internal == NULL) {
+        WOLFSSL_MSG("wolfSSL_ECDSA_do_verify Bad arguments");
+        return SSL_FATAL_ERROR;
+    }
 
-	/* set internal key if not done */
-	if (key->inSet == 0)
-	{
-		WOLFSSL_MSG("No EC key internal set, do it");
+    /* set internal key if not done */
+    if (key->inSet == 0)
+    {
+        WOLFSSL_MSG("No EC key internal set, do it");
 
-		if (SetECKeyInternal(key) < 0) {
-			WOLFSSL_MSG("SetECKeyInternal failed");
-			return -1;
-		}
-	}
+        if (SetECKeyInternal(key) != SSL_SUCCESS) {
+            WOLFSSL_MSG("SetECKeyInternal failed");
+            return SSL_FATAL_ERROR;
+        }
+    }
 
-	if (wc_ecc_verify_hash_ex((mp_int*)sig->r->internal, (mp_int*)sig->s->internal, d, dlen,
-							  &check_sign, (ecc_key *)key->internal) != MP_OKAY) {
-		WOLFSSL_MSG("wc_ecc_verify_hash failed");
-		return -1;
-	}
-	else if (check_sign == 0) {
-		WOLFSSL_MSG("wc_ecc_verify_hash incorrect signature detected");
-		return 0;
-	}
+    if (wc_ecc_verify_hash_ex((mp_int*)sig->r->internal,
+                              (mp_int*)sig->s->internal, d, dlen, &check_sign,
+                              (ecc_key *)key->internal) != MP_OKAY) {
+        WOLFSSL_MSG("wc_ecc_verify_hash failed");
+        return SSL_FATAL_ERROR;
+    }
+    else if (check_sign == 0) {
+        WOLFSSL_MSG("wc_ecc_verify_hash incorrect signature detected");
+        return SSL_FAILURE;
+    }
 
-	return 1;
+    return SSL_SUCCESS;
 }
 /* End ECDSA_SIG */
 
 /* Start ECDH */
-int wolfSSL_ECDH_compute_key(void *out, size_t outlen, const WOLFSSL_EC_POINT *pub_key,
-							 WOLFSSL_EC_KEY *ecdh, void *(*KDF) (const void *in, size_t inlen, void *out, size_t *outlen))
+/* return code compliant with OpenSSL :
+ *   length of computed key if success, -1 if error
+ */
+int wolfSSL_ECDH_compute_key(void *out, size_t outlen,
+                             const WOLFSSL_EC_POINT *pub_key,
+                             WOLFSSL_EC_KEY *ecdh,
+                             void *(*KDF) (const void *in, size_t inlen,
+                                           void *out, size_t *outlen))
 {
-	(void)KDF;
-	word32 len;
+    (void)KDF;
+    word32 len;
 
-	WOLFSSL_ENTER("wolfSSL_ECDH_compute_key");
+    WOLFSSL_ENTER("wolfSSL_ECDH_compute_key");
 
-	if (out == NULL || pub_key == NULL || pub_key->internal == NULL || ecdh == NULL || ecdh->internal == NULL) {
-		WOLFSSL_MSG("Bad function arguments");
-		return 0;
-	}
+    if (out == NULL || pub_key == NULL || pub_key->internal == NULL ||
+        ecdh == NULL || ecdh->internal == NULL) {
+        WOLFSSL_MSG("Bad function arguments");
+        return SSL_FATAL_ERROR;
+    }
 
-	/* set internal key if not done */
-	if (ecdh->inSet == 0)
-	{
-		WOLFSSL_MSG("No EC key internal set, do it");
+    /* set internal key if not done */
+    if (ecdh->inSet == 0)
+    {
+        WOLFSSL_MSG("No EC key internal set, do it");
 
-		if (SetECKeyInternal(ecdh) < 0) {
-			WOLFSSL_MSG("SetECKeyInternal failed");
-			return 0;
-		}
-	}
+        if (SetECKeyInternal(ecdh) != SSL_SUCCESS) {
+            WOLFSSL_MSG("SetECKeyInternal failed");
+            return SSL_FATAL_ERROR;
+        }
+    }
 
-	len = (word32)outlen;
+    len = (word32)outlen;
 
-	if (wc_ecc_shared_secret_ssh((ecc_key*)ecdh->internal, (ecc_point*)pub_key->internal, (byte *)out, &len) != MP_OKAY) {
-		WOLFSSL_MSG("wc_ecc_shared_secret failed");
-		return 0;
-	}
+    if (wc_ecc_shared_secret_ssh((ecc_key*)ecdh->internal,
+                                 (ecc_point*)pub_key->internal,
+                                 (byte *)out, &len) != MP_OKAY) {
+        WOLFSSL_MSG("wc_ecc_shared_secret failed");
+        return SSL_FATAL_ERROR;
+    }
 
-	return len;
+    return len;
 }
 
 /* End ECDH */
-
+/* return code compliant with OpenSSL :
+ *   1 if success, 0 if error
+ */
 int wolfSSL_PEM_write_EC_PUBKEY(FILE *fp, WOLFSSL_EC_KEY *x)
 {
-	(void)fp;
-	(void)x;
+    (void)fp;
+    (void)x;
 
-	WOLFSSL_MSG("wolfSSL_PEM_write_EC_PUBKEY not implemented");
+    WOLFSSL_MSG("wolfSSL_PEM_write_EC_PUBKEY not implemented");
 
-	return -1;
+    return SSL_FAILURE;
 }
 
 
@@ -14292,6 +14462,9 @@ int wolfSSL_PEM_write_EC_PUBKEY(FILE *fp, WOLFSSL_EC_KEY *x)
 
 #ifndef NO_DSA
 
+/* return code compliant with OpenSSL :
+ *   1 if success, 0 if error
+ */
 int wolfSSL_PEM_write_bio_DSAPrivateKey(WOLFSSL_BIO* bio, DSA* dsa,
                                   const EVP_CIPHER* cipher,
                                   unsigned char* passwd, int len,
@@ -14307,82 +14480,89 @@ int wolfSSL_PEM_write_bio_DSAPrivateKey(WOLFSSL_BIO* bio, DSA* dsa,
 
     WOLFSSL_MSG("wolfSSL_PEM_write_bio_DSAPrivateKey not implemented");
 
-    return SSL_FATAL_ERROR;
+    return SSL_FAILURE;
 }
 
-
-int wolfSSL_PEM_write_DSAPrivateKey(FILE *fp, WOLFSSL_DSA *dsa, const EVP_CIPHER *enc,
-									unsigned char *kstr, int klen,
-									pem_password_cb *cb, void *u)
+/* return code compliant with OpenSSL :
+ *   1 if success, 0 if error
+ */
+int wolfSSL_PEM_write_DSAPrivateKey(FILE *fp, WOLFSSL_DSA *dsa,
+                                    const EVP_CIPHER *enc,
+                                    unsigned char *kstr, int klen,
+                                    pem_password_cb *cb, void *u)
 {
-	(void)enc;
-	(void)kstr;
-	(void)klen;
-	(void)cb;
-	(void)u;
+    (void)enc;
+    (void)kstr;
+    (void)klen;
+    (void)cb;
+    (void)u;
 
-	byte *der, *pem;
-	int	derSz = 0, pemSz = 0;
+    byte *der, *pem;
+    int    derSz = 0, pemSz = 0;
 
 
-	WOLFSSL_MSG("wolfSSL_PEM_write_DSAPrivateKey");
+    WOLFSSL_MSG("wolfSSL_PEM_write_DSAPrivateKey");
 
-	if (fp == NULL || dsa == NULL || dsa->internal == NULL || kstr == NULL || klen <= 0) {
-		WOLFSSL_MSG("Bad function arguments");
-		return 0;
-	}
+    if (fp == NULL || dsa == NULL || dsa->internal == NULL ||
+        kstr == NULL || klen <= 0) {
+        WOLFSSL_MSG("Bad function arguments");
+        return SSL_FAILURE;
+    }
 
-	if (dsa->inSet == 0) {
-		WOLFSSL_MSG("No RSA internal set, do it");
+    if (dsa->inSet == 0) {
+        WOLFSSL_MSG("No RSA internal set, do it");
 
-		if (SetDsaInternal(dsa) < 0) {
-			WOLFSSL_MSG("SetDsaInternal failed");
-			return 0;
-		}
-	}
+        if (SetDsaInternal(dsa) != SSL_SUCCESS) {
+            WOLFSSL_MSG("SetDsaInternal failed");
+            return SSL_FAILURE;
+        }
+    }
 
-	der = (byte*)XMALLOC(klen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-	if (der == NULL) {
-		WOLFSSL_MSG("malloc failed");
-		return 0;
-	}
+    der = (byte*)XMALLOC(klen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    if (der == NULL) {
+        WOLFSSL_MSG("malloc failed");
+        return SSL_FAILURE;
+    }
 
-	/* Key to DER */
-	derSz = wc_DsaKeyToDer(dsa->internal, der, klen);
-	if (derSz < 0) {
-		XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-		return 0;
-	}
+    /* Key to DER */
+    derSz = wc_DsaKeyToDer(dsa->internal, der, klen);
+    if (derSz < 0) {
+        XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        return SSL_FAILURE;
+    }
 
-	pemSz = (derSz * 4)/3 + 8;
-	pem = (byte*)XMALLOC(pemSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-	if (der == NULL) {
-		WOLFSSL_MSG("malloc failed");
-		return 0;
-	}
+    pemSz = (derSz * 4)/3 + 8;
+    pem = (byte*)XMALLOC(pemSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    if (der == NULL) {
+        WOLFSSL_MSG("malloc failed");
+        return SSL_FAILURE;
+    }
 
-	/* DER to PEM */
-	pemSz = wc_DerToPem(der, derSz, pem, pemSz, PRIVATEKEY_TYPE);
-	if (pemSz <= 0) {
-		XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-		return 0;
-	}
-	XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    /* DER to PEM */
+    pemSz = wc_DerToPem(der, derSz, pem, pemSz, PRIVATEKEY_TYPE);
+    if (pemSz <= 0) {
+        XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        return SSL_FAILURE;
+    }
+    XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 
-	fwrite(pem, 1, pemSz, fp);
+    fwrite(pem, 1, pemSz, fp);
 
-	XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-	return 1;
+    XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    return SSL_SUCCESS;
 }
 
+/* return code compliant with OpenSSL :
+ *   1 if success, 0 if error
+ */
 int wolfSSL_PEM_write_DSA_PUBKEY(FILE *fp, WOLFSSL_DSA *x)
 {
-	(void)fp;
-	(void)x;
+    (void)fp;
+    (void)x;
 
-	WOLFSSL_MSG("wolfSSL_PEM_write_DSA_PUBKEY not implemented");
+    WOLFSSL_MSG("wolfSSL_PEM_write_DSA_PUBKEY not implemented");
 
-	return -1;
+    return SSL_FAILURE;
 }
 
 #endif /* #ifndef NO_DSA */
@@ -14403,84 +14583,91 @@ WOLFSSL_EVP_PKEY* wolfSSL_PEM_read_bio_PrivateKey(WOLFSSL_BIO* bio,
 
 int wolfSSL_EVP_PKEY_type(int type)
 {
-	(void)type;
+    (void)type;
 
-	WOLFSSL_MSG("wolfSSL_EVP_PKEY_type not implemented");
+    WOLFSSL_MSG("wolfSSL_EVP_PKEY_type not implemented");
 
-	return -1;
+    return SSL_FATAL_ERROR;
 }
 
 
 WOLFSSL_EVP_PKEY *wolfSSL_PEM_read_PUBKEY(FILE *fp, EVP_PKEY **x,
-													  pem_password_cb *cb, void *u)
+                                          pem_password_cb *cb, void *u)
 {
-	(void)fp;
-	(void)x;
-	(void)cb;
-	(void)u;
+    (void)fp;
+    (void)x;
+    (void)cb;
+    (void)u;
 
-	WOLFSSL_MSG("wolfSSL_PEM_read_PUBKEY not implemented");
+    WOLFSSL_MSG("wolfSSL_PEM_read_PUBKEY not implemented");
 
-	return NULL;
+    return NULL;
 }
 
-
-int wolfSSL_PEM_write_ECPrivateKey(FILE *fp, WOLFSSL_EC_KEY *key, const EVP_CIPHER *enc,
-														unsigned char *kstr, int klen,
-														pem_password_cb *cb, void *u)
+/* return code compliant with OpenSSL :
+ *   1 if success, 0 if error
+ */
+int wolfSSL_PEM_write_ECPrivateKey(FILE *fp, WOLFSSL_EC_KEY *key,
+                                   const EVP_CIPHER *enc,
+                                   unsigned char *kstr, int klen,
+                                   pem_password_cb *cb, void *u)
 {
-	(void)fp;
-	(void)key;
-	(void)enc;
-	(void)kstr;
-	(void)klen;
-	(void)cb;
-	(void)u;
+    (void)fp;
+    (void)key;
+    (void)enc;
+    (void)kstr;
+    (void)klen;
+    (void)cb;
+    (void)u;
 
-	WOLFSSL_MSG("wolfSSL_PEM_write_ECPrivateKey not implemented");
+    WOLFSSL_MSG("wolfSSL_PEM_write_ECPrivateKey not implemented");
 
-	return -1;
+    return SSL_FAILURE;
 }
 
 #ifndef NO_RSA
 
 WOLFSSL_RSA *wolfSSL_PEM_read_RSAPublicKey(FILE *fp, WOLFSSL_RSA **x,
-										   pem_password_cb *cb, void *u)
+                                           pem_password_cb *cb, void *u)
 {
-	(void)fp;
-	(void)x;
-	(void)cb;
-	(void)u;
+    (void)fp;
+    (void)x;
+    (void)cb;
+    (void)u;
 
-	WOLFSSL_MSG("wolfSSL_PEM_read_RSAPublicKey not implemented");
+    WOLFSSL_MSG("wolfSSL_PEM_read_RSAPublicKey not implemented");
 
-	return NULL;
+    return NULL;
 }
 
-
+/* return code compliant with OpenSSL :
+ *   1 if success, 0 if error
+ */
 int wolfSSL_PEM_write_RSAPublicKey(FILE *fp, WOLFSSL_RSA *x)
 {
-	(void)fp;
-	(void)x;
+    (void)fp;
+    (void)x;
 
-	WOLFSSL_MSG("wolfSSL_PEM_write_RSAPublicKey not implemented");
+    WOLFSSL_MSG("wolfSSL_PEM_write_RSAPublicKey not implemented");
 
-	return -1;
+    return SSL_FAILURE;
 }
 
-
+/* return code compliant with OpenSSL :
+ *   1 if success, 0 if error
+ */
 int wolfSSL_PEM_write_RSA_PUBKEY(FILE *fp, WOLFSSL_RSA *x)
 {
-	(void)fp;
-	(void)x;
+    (void)fp;
+    (void)x;
 
-	WOLFSSL_MSG("wolfSSL_PEM_write_RSA_PUBKEY not implemented");
+    WOLFSSL_MSG("wolfSSL_PEM_write_RSA_PUBKEY not implemented");
 
-	return -1;
+    return SSL_FAILURE;
 }
 
-/* Load RSA from Der, SSL_SUCCESS on success < 0 on error */
-int wolfSSL_RSA_LoadDer(WOLFSSL_RSA* rsa, const unsigned char* der,  int derSz)
+/* return SSL_SUCCESS if success, SSL_FATAL_ERROR if error */
+int wolfSSL_RSA_LoadDer(WOLFSSL_RSA* rsa, const unsigned char* der, int derSz)
 {
     word32 idx = 0;
     int    ret;
@@ -14489,16 +14676,16 @@ int wolfSSL_RSA_LoadDer(WOLFSSL_RSA* rsa, const unsigned char* der,  int derSz)
 
     if (rsa == NULL || rsa->internal == NULL || der == NULL || derSz <= 0) {
         WOLFSSL_MSG("Bad function arguments");
-        return BAD_FUNC_ARG;
+        return SSL_FATAL_ERROR;
     }
 
     ret = wc_RsaPrivateKeyDecode(der, &idx, (RsaKey*)rsa->internal, derSz);
     if (ret < 0) {
         WOLFSSL_MSG("RsaPrivateKeyDecode failed");
-        return ret;
+        return SSL_FATAL_ERROR;
     }
 
-    if (SetRsaExternal(rsa) < 0) {
+    if (SetRsaExternal(rsa) != SSL_SUCCESS) {
         WOLFSSL_MSG("SetRsaExternal failed");
         return SSL_FATAL_ERROR;
     }
@@ -14511,8 +14698,8 @@ int wolfSSL_RSA_LoadDer(WOLFSSL_RSA* rsa, const unsigned char* der,  int derSz)
 
 
 #ifndef NO_DSA
-/* Load DSA from Der, SSL_SUCCESS on success < 0 on error */
-int wolfSSL_DSA_LoadDer(WOLFSSL_DSA* dsa, const unsigned char* der,  int derSz)
+/* return SSL_SUCCESS if success, SSL_FATAL_ERROR if error */
+int wolfSSL_DSA_LoadDer(WOLFSSL_DSA* dsa, const unsigned char* der, int derSz)
 {
     word32 idx = 0;
     int    ret;
@@ -14521,16 +14708,16 @@ int wolfSSL_DSA_LoadDer(WOLFSSL_DSA* dsa, const unsigned char* der,  int derSz)
 
     if (dsa == NULL || dsa->internal == NULL || der == NULL || derSz <= 0) {
         WOLFSSL_MSG("Bad function arguments");
-        return BAD_FUNC_ARG;
+        return SSL_FATAL_ERROR;
     }
 
     ret = DsaPrivateKeyDecode(der, &idx, (DsaKey*)dsa->internal, derSz);
     if (ret < 0) {
         WOLFSSL_MSG("DsaPrivateKeyDecode failed");
-        return ret;
+        return SSL_FATAL_ERROR;
     }
 
-    if (SetDsaExternal(dsa) < 0) {
+    if (SetDsaExternal(dsa) != SSL_SUCCESS) {
         WOLFSSL_MSG("SetDsaExternal failed");
         return SSL_FATAL_ERROR;
     }
@@ -14542,33 +14729,34 @@ int wolfSSL_DSA_LoadDer(WOLFSSL_DSA* dsa, const unsigned char* der,  int derSz)
 #endif /* NO_DSA */
 
 #ifdef HAVE_ECC
-/* Load EC KEY from Der, SSL_SUCCESS on success < 0 on error */
-int wolfSSL_EC_KEY_LoadDer(WOLFSSL_EC_KEY* key, const unsigned char* der,  int derSz)
+/* return SSL_SUCCESS if success, SSL_FATAL_ERROR if error */
+int wolfSSL_EC_KEY_LoadDer(WOLFSSL_EC_KEY* key,
+                           const unsigned char* der,  int derSz)
 {
-	word32 idx = 0;
-	int    ret;
+    word32 idx = 0;
+    int    ret;
 
-	WOLFSSL_ENTER("wolfSSL_EC_KEY_LoadDer");
+    WOLFSSL_ENTER("wolfSSL_EC_KEY_LoadDer");
 
-	if (key == NULL || key->internal == NULL || der == NULL || derSz <= 0) {
-		WOLFSSL_MSG("Bad function arguments");
-		return BAD_FUNC_ARG;
-	}
+    if (key == NULL || key->internal == NULL || der == NULL || derSz <= 0) {
+        WOLFSSL_MSG("Bad function arguments");
+        return SSL_FATAL_ERROR;
+    }
 
-	ret = wc_EccPrivateKeyDecode(der, &idx, (ecc_key*)key->internal, derSz);
-	if (ret < 0) {
-		WOLFSSL_MSG("wc_EccPrivateKeyDecode failed");
-		return ret;
-	}
+    ret = wc_EccPrivateKeyDecode(der, &idx, (ecc_key*)key->internal, derSz);
+    if (ret < 0) {
+        WOLFSSL_MSG("wc_EccPrivateKeyDecode failed");
+        return SSL_FATAL_ERROR;
+    }
 
-	if (SetECKeyExternal(key) < 0) {
-		WOLFSSL_MSG("SetECKeyExternal failed");
-		return SSL_FATAL_ERROR;
-	}
+    if (SetECKeyExternal(key) != SSL_SUCCESS) {
+        WOLFSSL_MSG("SetECKeyExternal failed");
+        return SSL_FATAL_ERROR;
+    }
 
-	key->inSet = 1;
+    key->inSet = 1;
 
-	return SSL_SUCCESS;
+    return SSL_SUCCESS;
 }
 #endif /* HAVE_ECC */
 
diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
index 59e75be5e..01fd2eaca 100644
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -529,7 +529,8 @@ WOLFSSL_LOCAL int GetSet(const byte* input, word32* inOutIdx, int* len,
 
 
 /* winodws header clash for WinCE using GetVersion */
-WOLFSSL_LOCAL int GetMyVersion(const byte* input, word32* inOutIdx, int* version)
+WOLFSSL_LOCAL int GetMyVersion(const byte* input, word32* inOutIdx,
+                               int* version)
 {
     word32 idx = *inOutIdx;
 
@@ -939,12 +940,12 @@ static int DecryptKey(const char* password, int passwordSz, byte* salt,
 #endif
 
     if (version == PKCS5v2)
-        ret = wc_PBKDF2(key, (byte*)password, passwordSz, salt, saltSz, iterations,
-               derivedLen, typeH);
+        ret = wc_PBKDF2(key, (byte*)password, passwordSz,
+                        salt, saltSz, iterations, derivedLen, typeH);
 #ifndef NO_SHA
     else if (version == PKCS5)
-        ret = wc_PBKDF1(key, (byte*)password, passwordSz, salt, saltSz, iterations,
-               derivedLen, typeH);
+        ret = wc_PBKDF1(key, (byte*)password, passwordSz,
+                        salt, saltSz, iterations, derivedLen, typeH);
 #endif
     else if (version == PKCS12) {
         int  i, idx = 0;
@@ -1415,106 +1416,106 @@ int DsaPrivateKeyDecode(const byte* input, word32* inOutIdx, DsaKey* key,
 
 static mp_int* GetDsaInt(DsaKey* key, int idx)
 {
-	if (idx == 0)
-		return &key->p;
-	if (idx == 1)
-		return &key->q;
-	if (idx == 2)
-		return &key->g;
-	if (idx == 3)
-		return &key->x;
-	if (idx == 4)
-		return &key->y;
+    if (idx == 0)
+        return &key->p;
+    if (idx == 1)
+        return &key->q;
+    if (idx == 2)
+        return &key->g;
+    if (idx == 3)
+        return &key->x;
+    if (idx == 4)
+        return &key->y;
 
-	return NULL;
+    return NULL;
 }
 
 /* Release Tmp DSA resources */
 static INLINE void FreeTmpDsas(byte** tmps)
 {
-	int i;
+    int i;
 
-	for (i = 0; i < DSA_INTS; i++)
-		XFREE(tmps[i], NULL, DYNAMIC_TYPE_DSA);
+    for (i = 0; i < DSA_INTS; i++)
+        XFREE(tmps[i], NULL, DYNAMIC_TYPE_DSA);
 }
 
 /* Convert DsaKey key to DER format, write to output (inLen), return bytes
  written */
 int wc_DsaKeyToDer(DsaKey* key, byte* output, word32 inLen)
 {
-	word32 seqSz, verSz, rawLen, intTotalLen = 0;
-	word32 sizes[DSA_INTS];
-	int    i, j, outLen, ret = 0;
+    word32 seqSz, verSz, rawLen, intTotalLen = 0;
+    word32 sizes[DSA_INTS];
+    int    i, j, outLen, ret = 0;
 
-	byte  seq[MAX_SEQ_SZ];
-	byte  ver[MAX_VERSION_SZ];
-	byte* tmps[DSA_INTS];
+    byte  seq[MAX_SEQ_SZ];
+    byte  ver[MAX_VERSION_SZ];
+    byte* tmps[DSA_INTS];
 
-	if (!key || !output)
-		return BAD_FUNC_ARG;
+    if (!key || !output)
+        return BAD_FUNC_ARG;
 
-	if (key->type != DSA_PRIVATE)
-		return BAD_FUNC_ARG;
+    if (key->type != DSA_PRIVATE)
+        return BAD_FUNC_ARG;
 
-	for (i = 0; i < DSA_INTS; i++)
-		tmps[i] = NULL;
+    for (i = 0; i < DSA_INTS; i++)
+        tmps[i] = NULL;
 
-	/* write all big ints from key to DER tmps */
-	for (i = 0; i < DSA_INTS; i++) {
-		mp_int* keyInt = GetDsaInt(key, i);
-		rawLen = mp_unsigned_bin_size(keyInt);
-		tmps[i] = (byte*)XMALLOC(rawLen + MAX_SEQ_SZ, NULL, DYNAMIC_TYPE_DSA);
-		if (tmps[i] == NULL) {
-			ret = MEMORY_E;
-			break;
-		}
+    /* write all big ints from key to DER tmps */
+    for (i = 0; i < DSA_INTS; i++) {
+        mp_int* keyInt = GetDsaInt(key, i);
+        rawLen = mp_unsigned_bin_size(keyInt);
+        tmps[i] = (byte*)XMALLOC(rawLen + MAX_SEQ_SZ, NULL, DYNAMIC_TYPE_DSA);
+        if (tmps[i] == NULL) {
+            ret = MEMORY_E;
+            break;
+        }
 
-		tmps[i][0] = ASN_INTEGER;
-		sizes[i] = SetLength(rawLen, tmps[i] + 1) + 1;  /* int tag */
+        tmps[i][0] = ASN_INTEGER;
+        sizes[i] = SetLength(rawLen, tmps[i] + 1) + 1;  /* int tag */
 
-		if (sizes[i] <= MAX_SEQ_SZ) {
-			int err = mp_to_unsigned_bin(keyInt, tmps[i] + sizes[i]);
-			if (err == MP_OKAY) {
-				sizes[i] += rawLen;
-				intTotalLen += sizes[i];
-			}
-			else {
-				ret = err;
-				break;
-			}
-		}
-		else {
-			ret = ASN_INPUT_E;
-			break;
-		}
-	}
+        if (sizes[i] <= MAX_SEQ_SZ) {
+            int err = mp_to_unsigned_bin(keyInt, tmps[i] + sizes[i]);
+            if (err == MP_OKAY) {
+                sizes[i] += rawLen;
+                intTotalLen += sizes[i];
+            }
+            else {
+                ret = err;
+                break;
+            }
+        }
+        else {
+            ret = ASN_INPUT_E;
+            break;
+        }
+    }
 
-	if (ret != 0) {
-		FreeTmpDsas(tmps);
-		return ret;
-	}
+    if (ret != 0) {
+        FreeTmpDsas(tmps);
+        return ret;
+    }
 
-	/* make headers */
-	verSz = SetMyVersion(0, ver, FALSE);
-	seqSz = SetSequence(verSz + intTotalLen, seq);
+    /* make headers */
+    verSz = SetMyVersion(0, ver, FALSE);
+    seqSz = SetSequence(verSz + intTotalLen, seq);
 
-	outLen = seqSz + verSz + intTotalLen;
-	if (outLen > (int)inLen)
-		return BAD_FUNC_ARG;
+    outLen = seqSz + verSz + intTotalLen;
+    if (outLen > (int)inLen)
+        return BAD_FUNC_ARG;
 
-	/* write to output */
-	XMEMCPY(output, seq, seqSz);
-	j = seqSz;
-	XMEMCPY(output + j, ver, verSz);
-	j += verSz;
+    /* write to output */
+    XMEMCPY(output, seq, seqSz);
+    j = seqSz;
+    XMEMCPY(output + j, ver, verSz);
+    j += verSz;
 
-	for (i = 0; i < DSA_INTS; i++) {
-		XMEMCPY(output + j, tmps[i], sizes[i]);
-		j += sizes[i];
-	}
-	FreeTmpDsas(tmps);
+    for (i = 0; i < DSA_INTS; i++) {
+        XMEMCPY(output + j, tmps[i], sizes[i]);
+        j += sizes[i];
+    }
+    FreeTmpDsas(tmps);
 
-	return outLen;
+    return outLen;
 }
 
 #endif /* NO_DSA */
@@ -1862,7 +1863,7 @@ static int GetKey(DecodedCert* cert)
 
 #ifdef WOLFSSL_SMALL_STACK
             keyBlob = (byte*)XMALLOC(MAX_NTRU_KEY_SZ, NULL,
-                                                       DYNAMIC_TYPE_TMP_BUFFER);
+                                     DYNAMIC_TYPE_TMP_BUFFER);
             if (keyBlob == NULL)
                 return MEMORY_E;
 #endif
@@ -3354,7 +3355,7 @@ static int ConfirmSignature(const byte* buf, word32 bufSz,
 #ifndef IGNORE_NAME_CONSTRAINTS
 
 static int MatchBaseName(int type, const char* name, int nameSz,
-                                                   const char* base, int baseSz)
+                         const char* base, int baseSz)
 {
     if (base == NULL || baseSz <= 0 || name == NULL || nameSz <= 0 ||
             name[0] == '.' || nameSz < baseSz ||
@@ -6272,14 +6273,16 @@ int wc_SignCert(int requestSz, int sType, byte* buffer, word32 buffSz,
 }
 
 
-int wc_MakeSelfCert(Cert* cert, byte* buffer, word32 buffSz, RsaKey* key, RNG* rng)
+int wc_MakeSelfCert(Cert* cert, byte* buffer, word32 buffSz,
+                    RsaKey* key, RNG* rng)
 {
     int ret = wc_MakeCert(cert, buffer, buffSz, key, NULL, rng);
 
     if (ret < 0)
         return ret;
 
-    return wc_SignCert(cert->bodySz, cert->sigType, buffer, buffSz, key, NULL,rng);
+    return wc_SignCert(cert->bodySz, cert->sigType,
+                       buffer, buffSz, key, NULL, rng);
 }
 
 
diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c
index 2a6612718..42411a7b8 100644
--- a/wolfcrypt/src/ecc.c
+++ b/wolfcrypt/src/ecc.c
@@ -87,7 +87,7 @@ const ecc_set_type ecc_sets[] = {
 #ifdef ECC112
 {
         14,
-		NID_secp111r1,
+        NID_secp111r1,
         "SECP112R1",
         "DB7C2ABF62E35E668076BEAD208B",
         "DB7C2ABF62E35E668076BEAD2088",
@@ -100,7 +100,7 @@ const ecc_set_type ecc_sets[] = {
 #ifdef ECC128
 {
         16,
-		NID_secp128r1,
+        NID_secp128r1,
         "SECP128R1",
         "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF",
         "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFC",
@@ -113,7 +113,7 @@ const ecc_set_type ecc_sets[] = {
 #ifdef ECC160
 {
         20,
-		NID_secp160r1,
+        NID_secp160r1,
         "SECP160R1",
         "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF",
         "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFC",
@@ -126,7 +126,7 @@ const ecc_set_type ecc_sets[] = {
 #ifdef ECC192
 {
         24,
-		NID_cert192,
+        NID_cert192,
         "ECC-192",
         "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF",
         "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC",
@@ -139,7 +139,7 @@ const ecc_set_type ecc_sets[] = {
 #ifdef ECC224
 {
         28,
-		NID_cert224,
+        NID_cert224,
         "ECC-224",
         "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001",
         "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE",
@@ -152,7 +152,7 @@ const ecc_set_type ecc_sets[] = {
 #ifdef ECC256
 {
         32,
-		NID_X9_62_prime256v1,
+        NID_X9_62_prime256v1,
         "nistp256",
         "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF",
         "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC",
@@ -165,7 +165,7 @@ const ecc_set_type ecc_sets[] = {
 #ifdef ECC384
 {
         48,
-		NID_secp384r1,
+        NID_secp384r1,
         "nistp384",
         "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFF",
         "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFC",
@@ -178,7 +178,7 @@ const ecc_set_type ecc_sets[] = {
 #ifdef ECC521
 {
         66,
-		NID_secp521r1,
+        NID_secp521r1,
         "nistp521",
         "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF",
         "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC",
@@ -1437,59 +1437,55 @@ void ecc_del_point(ecc_point* p)
 }
 
 /** Copy the value of a point to an other one
-  p	The point to copy
-  r	The created point
+  p    The point to copy
+  r    The created point
 */
 int ecc_copy_point(ecc_point* p, ecc_point *r)
 {
-	/* prevents null arguments */
-	if (p == NULL || r == NULL)
-		return 0;
+    int ret;
 
-	if (mp_copy(p->x, r->x) != MP_OKAY)
-		return 0;
-	if (mp_copy(p->y, r->y) != MP_OKAY)
-		return 0;
-	if (mp_copy(p->z, r->z) != MP_OKAY)
-		return 0;
+    /* prevents null arguments */
+    if (p == NULL || r == NULL)
+        return ECC_BAD_ARG_E;
 
-	return 1;
+    ret = mp_copy(p->x, r->x);
+    if (ret != MP_OKAY)
+        return ret;
+    ret = mp_copy(p->y, r->y);
+    if (ret != MP_OKAY)
+        return ret;
+    ret = mp_copy(p->z, r->z);
+    if (ret != MP_OKAY)
+        return ret;
+
+    return MP_OKAY;
 }
 
 /** Compare the value of a point with an other one
- a	The point to compare
- b	The othe point to compare
+ a    The point to compare
+ b    The othe point to compare
 
- return 0 if equal, 1 if not, -1 in case of error
+ return MP_EQ if equal, MP_LT/MP_GT if not, < 0 in case of error
  */
 int ecc_cmp_point(ecc_point* a, ecc_point *b)
 {
-	int ret;
+    int ret;
 
-	/* prevents null arguments */
-	if (a == NULL || b == NULL)
-		return -1;
+    /* prevents null arguments */
+    if (a == NULL || b == NULL)
+        return BAD_FUNC_ARG;
 
-	ret = mp_cmp(a->x, b->x);
-	if (ret != MP_EQ) {
-		if (ret != MP_LT && ret != MP_GT)
-			return -1;
-		return 1;
-	}
-	ret = mp_cmp(a->y, b->y);
-	if (ret != MP_EQ) {
-		if (ret != MP_LT && ret != MP_GT)
-			return -1;
-		return 1;
-	}
-	ret = mp_cmp(a->z, b->z);
-	if (ret != MP_EQ) {
-		if (ret != MP_LT && ret != MP_GT)
-			return -1;
-		return 1;
-	}
+    ret = mp_cmp(a->x, b->x);
+    if (ret != MP_EQ)
+        return ret;
+    ret = mp_cmp(a->y, b->y);
+    if (ret != MP_EQ)
+        return ret;
+    ret = mp_cmp(a->z, b->z);
+    if (ret != MP_EQ)
+        return ret;
 
-	return 0;
+    return MP_EQ;
 }
 
 /** Returns whether an ECC idx is valid or not
@@ -1582,62 +1578,64 @@ int wc_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key, byte* out,
 /**
  Create an ECC shared secret between two keys
  private_key      The private ECC key
- point			  The point to use (public key)
+ point              The point to use (public key)
  out              [out] Destination of the shared secret
  Conforms to EC-DH from ANSI X9.63
  outlen           [in/out] The max size and resulting size of the shared secret
  return           MP_OKAY if successful
  */
-int wc_ecc_shared_secret_ssh(ecc_key* private_key, ecc_point* point, byte* out, word32 *outlen)
+int wc_ecc_shared_secret_ssh(ecc_key* private_key, ecc_point* point,
+                             byte* out, word32 *outlen)
 {
-	word32         x = 0;
-	ecc_point*     result;
-	mp_int         prime;
-	int            err;
+    word32         x = 0;
+    ecc_point*     result;
+    mp_int         prime;
+    int            err;
 
-	if (private_key == NULL || point == NULL || out == NULL || outlen == NULL)
-		return BAD_FUNC_ARG;
+    if (private_key == NULL || point == NULL || out == NULL || outlen == NULL)
+        return BAD_FUNC_ARG;
 
-	/* type valid? */
-	if (private_key->type != ECC_PRIVATEKEY) {
-		return ECC_BAD_ARG_E;
-	}
+    /* type valid? */
+    if (private_key->type != ECC_PRIVATEKEY) {
+        return ECC_BAD_ARG_E;
+    }
 
-	if (ecc_is_valid_idx(private_key->idx) == 0)
-		return ECC_BAD_ARG_E;
+    if (ecc_is_valid_idx(private_key->idx) == 0)
+        return ECC_BAD_ARG_E;
 
-	/* make new point */
-	result = ecc_new_point();
-	if (result == NULL) {
-		return MEMORY_E;
-	}
+    /* make new point */
+    result = ecc_new_point();
+    if (result == NULL) {
+        return MEMORY_E;
+    }
 
-	if ((err = mp_init(&prime)) != MP_OKAY) {
-		ecc_del_point(result);
-		return err;
-	}
+    if ((err = mp_init(&prime)) != MP_OKAY) {
+        ecc_del_point(result);
+        return err;
+    }
 
-	err = mp_read_radix(&prime, (char *)private_key->dp->prime, 16);
+    err = mp_read_radix(&prime, (char *)private_key->dp->prime, 16);
 
-	if (err == MP_OKAY)
-		err = ecc_mulmod(&private_key->k, point, result, &prime, 1);
+    if (err == MP_OKAY)
+        err = ecc_mulmod(&private_key->k, point, result, &prime, 1);
 
-	if (err == MP_OKAY) {
-		x = mp_unsigned_bin_size(&prime);
-		if (*outlen < x)
-			err = BUFFER_E;
-	}
+    if (err == MP_OKAY) {
+        x = mp_unsigned_bin_size(&prime);
+        if (*outlen < x)
+            err = BUFFER_E;
+    }
 
-	if (err == MP_OKAY) {
-		XMEMSET(out, 0, x);
-		err = mp_to_unsigned_bin(result->x,out + (x - mp_unsigned_bin_size(result->x)));
-		*outlen = x;
-	}
+    if (err == MP_OKAY) {
+        XMEMSET(out, 0, x);
+        err = mp_to_unsigned_bin(result->x,out +
+                                 (x - mp_unsigned_bin_size(result->x)));
+        *outlen = x;
+    }
 
-	mp_clear(&prime);
-	ecc_del_point(result);
+    mp_clear(&prime);
+    ecc_del_point(result);
 
-	return err;
+    return err;
 }
 
 
@@ -1779,23 +1777,23 @@ static int wc_ecc_make_key_ex(RNG* rng, ecc_key* key, const ecc_set_type* dp)
  */
 int wc_ecc_make_key(RNG* rng, int keysize, ecc_key* key)
 {
-	int x, err;
+    int x, err;
 
-	if (key == NULL || rng == NULL)
-		return ECC_BAD_ARG_E;
+    if (key == NULL || rng == NULL)
+        return ECC_BAD_ARG_E;
 
-	/* find key size */
-	for (x = 0; (keysize > ecc_sets[x].size) && (ecc_sets[x].size != 0); x++)
-		;
-	keysize = ecc_sets[x].size;
+    /* find key size */
+    for (x = 0; (keysize > ecc_sets[x].size) && (ecc_sets[x].size != 0); x++)
+        ;
+    keysize = ecc_sets[x].size;
 
-	if (keysize > ECC_MAXSIZE || ecc_sets[x].size == 0) {
-		return BAD_FUNC_ARG;
-	}
-	err = wc_ecc_make_key_ex(rng, key, &ecc_sets[x]);
-	key->idx = x;
+    if (keysize > ECC_MAXSIZE || ecc_sets[x].size == 0) {
+        return BAD_FUNC_ARG;
+    }
+    err = wc_ecc_make_key_ex(rng, key, &ecc_sets[x]);
+    key->idx = x;
 
-	return err;
+    return err;
 }
 
 /* Setup dynamic pointers is using normal math for proper freeing */
@@ -1823,7 +1821,7 @@ int wc_ecc_init(ecc_key* key)
     alt_fp_init(key->pubkey.z);
 #endif
 
-    return 0;
+    return MP_OKAY;
 }
 
 
@@ -1837,27 +1835,28 @@ int wc_ecc_init(ecc_key* key)
  return    MP_OKAY if successful
  */
 int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen,
-					 RNG* rng, ecc_key* key)
+                     RNG* rng, ecc_key* key)
 {
-	mp_int	r;
-	mp_int	s;
-	int		err;
+    mp_int    r;
+    mp_int    s;
+    int        err;
 
-	if (in == NULL || out == NULL || outlen == NULL || key == NULL || rng == NULL)
-		return ECC_BAD_ARG_E;
+    if (in == NULL || out == NULL || outlen == NULL ||
+        key == NULL || rng == NULL)
+        return ECC_BAD_ARG_E;
 
-	if ((err = mp_init_multi(&r, &s, NULL, NULL, NULL, NULL)) != MP_OKAY) {
-		return err;
-	}
+    if ((err = mp_init_multi(&r, &s, NULL, NULL, NULL, NULL)) != MP_OKAY) {
+        return err;
+    }
 
-	err = wc_ecc_sign_hash_ex(in, inlen, rng, key, &r, &s);
-	if (err == MP_OKAY)
-		err = StoreECC_DSA_Sig(out, outlen, &r, &s);
+    err = wc_ecc_sign_hash_ex(in, inlen, rng, key, &r, &s);
+    if (err == MP_OKAY)
+        err = StoreECC_DSA_Sig(out, outlen, &r, &s);
 
-	mp_clear(&r);
-	mp_clear(&s);
+    mp_clear(&r);
+    mp_clear(&s);
 
-	return err;
+    return err;
 }
 
 /**
@@ -1868,11 +1867,11 @@ int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen,
   outlen    [in/out] The max size and resulting size of the signature
   key       A private ECC key
   r         [out] The destination for r component of the signature
-  s			[out] The destination for s component of the signature
+  s            [out] The destination for s component of the signature
   return    MP_OKAY if successful
 */
 int wc_ecc_sign_hash_ex(const byte* in, word32 inlen, RNG* rng,
-					 ecc_key* key, mp_int *r, mp_int *s)
+                     ecc_key* key, mp_int *r, mp_int *s)
 {
    mp_int        e;
    mp_int        p;
@@ -1916,47 +1915,48 @@ int wc_ecc_sign_hash_ex(const byte* in, word32 inlen, RNG* rng,
    if (err == MP_OKAY) {
        int loop_check = 0;
        ecc_key pubkey;
-       wc_ecc_init(&pubkey);
-       for (;;) {
-           if (++loop_check > 64) {
-                err = RNG_FAILURE_E;
-                break;
+       if (wc_ecc_init(&pubkey) == MP_OKAY) {
+           for (;;) {
+               if (++loop_check > 64) {
+                    err = RNG_FAILURE_E;
+                    break;
+               }
+               err = wc_ecc_make_key_ex(rng, &pubkey, key->dp);
+               if (err != MP_OKAY) break;
+
+               /* find r = x1 mod n */
+               err = mp_mod(pubkey.pubkey.x, &p, r);
+               if (err != MP_OKAY) break;
+
+               if (mp_iszero(r) == MP_YES) {
+                   mp_clear(pubkey.pubkey.x);
+                   mp_clear(pubkey.pubkey.y);
+                   mp_clear(pubkey.pubkey.z);
+                   mp_clear(&pubkey.k);
+               }
+               else {
+                   /* find s = (e + xr)/k */
+                   err = mp_invmod(&pubkey.k, &p, &pubkey.k);
+                   if (err != MP_OKAY) break;
+
+                   err = mp_mulmod(&key->k, r, &p, s);   /* s = xr */
+                   if (err != MP_OKAY) break;
+
+                   err = mp_add(&e, s, s);               /* s = e +  xr */
+                   if (err != MP_OKAY) break;
+
+                   err = mp_mod(s, &p, s);               /* s = e +  xr */
+                   if (err != MP_OKAY) break;
+
+                   err = mp_mulmod(s, &pubkey.k, &p, s); /* s = (e + xr)/k */
+                   if (err != MP_OKAY) break;
+
+                   if (mp_iszero(s) == MP_NO)
+                       break;
+                }
            }
-           err = wc_ecc_make_key_ex(rng, &pubkey, key->dp);
-           if (err != MP_OKAY) break;
-
-           /* find r = x1 mod n */
-           err = mp_mod(pubkey.pubkey.x, &p, r);
-           if (err != MP_OKAY) break;
-
-           if (mp_iszero(r) == MP_YES) {
-               mp_clear(pubkey.pubkey.x);
-               mp_clear(pubkey.pubkey.y);
-               mp_clear(pubkey.pubkey.z);
-               mp_clear(&pubkey.k);
-           }
-           else {
-               /* find s = (e + xr)/k */
-               err = mp_invmod(&pubkey.k, &p, &pubkey.k);
-               if (err != MP_OKAY) break;
-
-               err = mp_mulmod(&key->k, r, &p, s);   /* s = xr */
-               if (err != MP_OKAY) break;
-
-               err = mp_add(&e, s, s);               /* s = e +  xr */
-               if (err != MP_OKAY) break;
-
-               err = mp_mod(s, &p, s);               /* s = e +  xr */
-               if (err != MP_OKAY) break;
-
-               err = mp_mulmod(s, &pubkey.k, &p, s); /* s = (e + xr)/k */
-               if (err != MP_OKAY) break;
-
-               if (mp_iszero(s) == MP_NO)
-                   break;
-            }
+           wc_ecc_free(&pubkey);
        }
-       wc_ecc_free(&pubkey);
    }
 
    mp_clear(&p);
@@ -2240,34 +2240,34 @@ static int ecc_mul2add(ecc_point* A, mp_int* kA,
  return      MP_OKAY if successful (even if the signature is not valid)
  */
 int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash,
-					   word32 hashlen, int* stat, ecc_key* key)
+                       word32 hashlen, int* stat, ecc_key* key)
 {
-	mp_int	r;
-	mp_int	s;
-	int		err;
+    mp_int    r;
+    mp_int    s;
+    int        err;
 
-	if (sig == NULL || hash == NULL || stat == NULL || key == NULL)
-		return ECC_BAD_ARG_E;
+    if (sig == NULL || hash == NULL || stat == NULL || key == NULL)
+        return ECC_BAD_ARG_E;
 
-	/* default to invalid signature */
-	*stat = 0;
+    /* default to invalid signature */
+    *stat = 0;
 
-	/* Note, DecodeECC_DSA_Sig() calls mp_init() on r and s.
-	 * If either of those don't allocate correctly, none of
-	 * the rest of this function will execute, and everything
-	 * gets cleaned up at the end. */
-	XMEMSET(&r, 0, sizeof(r));
-	XMEMSET(&s, 0, sizeof(s));
+    /* Note, DecodeECC_DSA_Sig() calls mp_init() on r and s.
+     * If either of those don't allocate correctly, none of
+     * the rest of this function will execute, and everything
+     * gets cleaned up at the end. */
+    XMEMSET(&r, 0, sizeof(r));
+    XMEMSET(&s, 0, sizeof(s));
 
-	err = DecodeECC_DSA_Sig(sig, siglen, &r, &s);
+    err = DecodeECC_DSA_Sig(sig, siglen, &r, &s);
 
-	if (err == MP_OKAY)
-	    err = wc_ecc_verify_hash_ex(&r, &s, hash, hashlen, stat, key);
+    if (err == MP_OKAY)
+        err = wc_ecc_verify_hash_ex(&r, &s, hash, hashlen, stat, key);
 
-	mp_clear(&r);
-	mp_clear(&s);
+    mp_clear(&r);
+    mp_clear(&s);
 
-	return err;
+    return err;
 }
 
 /**
@@ -2335,7 +2335,8 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash,
 
    /* check for zero */
    if (err == MP_OKAY) {
-       if (mp_iszero(r) || mp_iszero(s) || mp_cmp(r, &p) != MP_LT || mp_cmp(s, &p) != MP_LT)
+       if (mp_iszero(r) || mp_iszero(s) || mp_cmp(r, &p) != MP_LT ||
+           mp_cmp(s, &p) != MP_LT)
            err = MP_ZERO_E;
    }
    /* read hash */
@@ -2434,189 +2435,193 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash,
 }
 
 /* import point from der */
-int wc_ecc_import_point_der(byte* in, word32 inLen, const int curve_idx, ecc_point* point)
+int wc_ecc_import_point_der(byte* in, word32 inLen, const int curve_idx,
+                            ecc_point* point)
 {
-	int err = 0;
-	int compressed = 0;
+    int err = 0;
+    int compressed = 0;
 
-	if (in == NULL || point == NULL || (ecc_is_valid_idx(curve_idx) == 0))
-		return ECC_BAD_ARG_E;
+    if (in == NULL || point == NULL || (curve_idx < 0) ||
+        (ecc_is_valid_idx(curve_idx) == 0))
+        return ECC_BAD_ARG_E;
 
-	/* must be odd */
-	if ((inLen & 1) == 0) {
-		return ECC_BAD_ARG_E;
-	}
+    /* must be odd */
+    if ((inLen & 1) == 0) {
+        return ECC_BAD_ARG_E;
+    }
 
-	/* init point */
+    /* init point */
 #ifdef ALT_ECC_SIZE
-	point->x = (mp_int*)&point->xyz[0];
-	point->y = (mp_int*)&point->xyz[1];
-	point->z = (mp_int*)&point->xyz[2];
-	alt_fp_init(point->x);
-	alt_fp_init(point->y);
-	alt_fp_init(point->z);
+    point->x = (mp_int*)&point->xyz[0];
+    point->y = (mp_int*)&point->xyz[1];
+    point->z = (mp_int*)&point->xyz[2];
+    alt_fp_init(point->x);
+    alt_fp_init(point->y);
+    alt_fp_init(point->z);
 #else
-	err = mp_init_multi(point->x, point->y, point->z, NULL,	NULL, NULL);
+    err = mp_init_multi(point->x, point->y, point->z, NULL, NULL, NULL);
 #endif
-	if (err != MP_OKAY)
-		return MEMORY_E;
+    if (err != MP_OKAY)
+        return MEMORY_E;
 
-	/* check for 4, 2, or 3 */
-	if (in[0] != 0x04 && in[0] != 0x02 && in[0] != 0x03) {
-		err = ASN_PARSE_E;
-	}
+    /* check for 4, 2, or 3 */
+    if (in[0] != 0x04 && in[0] != 0x02 && in[0] != 0x03) {
+        err = ASN_PARSE_E;
+    }
 
-	if (in[0] == 0x02 || in[0] == 0x03) {
+    if (in[0] == 0x02 || in[0] == 0x03) {
 #ifdef HAVE_COMP_KEY
-		compressed = 1;
+        compressed = 1;
 #else
-		err = NOT_COMPILED_IN;
+        err = NOT_COMPILED_IN;
 #endif
-	}
+    }
 
-	/* read data */
-	if (err == MP_OKAY)
-		err = mp_read_unsigned_bin(point->x, (byte*)in+1, (inLen-1)>>1);
+    /* read data */
+    if (err == MP_OKAY)
+        err = mp_read_unsigned_bin(point->x, (byte*)in+1, (inLen-1)>>1);
 
 #ifdef HAVE_COMP_KEY
-	if (err == MP_OKAY && compressed == 1) {   /* build y */
-		mp_int t1, t2, prime, a, b;
+    if (err == MP_OKAY && compressed == 1) {   /* build y */
+        mp_int t1, t2, prime, a, b;
 
-		if (mp_init_multi(&t1, &t2, &prime, &a, &b, NULL) != MP_OKAY)
-			err = MEMORY_E;
+        if (mp_init_multi(&t1, &t2, &prime, &a, &b, NULL) != MP_OKAY)
+            err = MEMORY_E;
 
-		/* load prime */
-		if (err == MP_OKAY)
-			err = mp_read_radix(&prime, (char *)ecc_sets[curve_idx].prime, 16);
+        /* load prime */
+        if (err == MP_OKAY)
+            err = mp_read_radix(&prime, (char *)ecc_sets[curve_idx].prime, 16);
 
-		/* load a */
-		if (err == MP_OKAY)
-			err = mp_read_radix(&a, (char *)ecc_sets[curve_idx].Af, 16);
+        /* load a */
+        if (err == MP_OKAY)
+            err = mp_read_radix(&a, (char *)ecc_sets[curve_idx].Af, 16);
 
-		/* load b */
-		if (err == MP_OKAY)
-			err = mp_read_radix(&b, (char *)ecc_sets[curve_idx].Bf, 16);
+        /* load b */
+        if (err == MP_OKAY)
+            err = mp_read_radix(&b, (char *)ecc_sets[curve_idx].Bf, 16);
 
-		/* compute x^3 */
-		if (err == MP_OKAY)
-			err = mp_sqr(point->x, &t1);
+        /* compute x^3 */
+        if (err == MP_OKAY)
+            err = mp_sqr(point->x, &t1);
 
-		if (err == MP_OKAY)
-			err = mp_mulmod(&t1, point->x, &prime, &t1);
+        if (err == MP_OKAY)
+            err = mp_mulmod(&t1, point->x, &prime, &t1);
 
-		/* compute x^3 + a*x */
-		if (err == MP_OKAY)
-			err = mp_mulmod(&a, point->x, &prime, &t2);
+        /* compute x^3 + a*x */
+        if (err == MP_OKAY)
+            err = mp_mulmod(&a, point->x, &prime, &t2);
 
-		if (err == MP_OKAY)
-			err = mp_add(&t1, &t2, &t1);
+        if (err == MP_OKAY)
+            err = mp_add(&t1, &t2, &t1);
 
-		/* compute x^3 + a*x + b */
-		if (err == MP_OKAY)
-			err = mp_add(&t1, &b, &t1);
+        /* compute x^3 + a*x + b */
+        if (err == MP_OKAY)
+            err = mp_add(&t1, &b, &t1);
 
-		/* compute sqrt(x^3 + a*x + b) */
-		if (err == MP_OKAY)
-			err = mp_sqrtmod_prime(&t1, &prime, &t2);
+        /* compute sqrt(x^3 + a*x + b) */
+        if (err == MP_OKAY)
+            err = mp_sqrtmod_prime(&t1, &prime, &t2);
 
-		/* adjust y */
-		if (err == MP_OKAY) {
-			if ((mp_isodd(&t2) && in[0] == 0x03) ||
-				(!mp_isodd(&t2) && in[0] == 0x02)) {
-				err = mp_mod(&t2, &prime, point->y);
-			}
-			else {
-				err = mp_submod(&prime, &t2, &prime, point->y);
-			}
-		}
+        /* adjust y */
+        if (err == MP_OKAY) {
+            if ((mp_isodd(&t2) && in[0] == 0x03) ||
+                (!mp_isodd(&t2) && in[0] == 0x02)) {
+                err = mp_mod(&t2, &prime, point->y);
+            }
+            else {
+                err = mp_submod(&prime, &t2, &prime, point->y);
+            }
+        }
 
-		mp_clear(&a);
-		mp_clear(&b);
-		mp_clear(&prime);
-		mp_clear(&t2);
-		mp_clear(&t1);
-	}
+        mp_clear(&a);
+        mp_clear(&b);
+        mp_clear(&prime);
+        mp_clear(&t2);
+        mp_clear(&t1);
+    }
 #endif
 
-	if (err == MP_OKAY && compressed == 0)
-		err = mp_read_unsigned_bin(point->y, (byte*)in+1+((inLen-1)>>1), (inLen-1)>>1);
-	if (err == MP_OKAY)
-		mp_set(point->z, 1);
+    if (err == MP_OKAY && compressed == 0)
+        err = mp_read_unsigned_bin(point->y,
+                                   (byte*)in+1+((inLen-1)>>1), (inLen-1)>>1);
+    if (err == MP_OKAY)
+        mp_set(point->z, 1);
 
-	if (err != MP_OKAY) {
-		mp_clear(point->x);
-		mp_clear(point->y);
-		mp_clear(point->z);
-	}
+    if (err != MP_OKAY) {
+        mp_clear(point->x);
+        mp_clear(point->y);
+        mp_clear(point->z);
+    }
 
-	return err;
+    return err;
 }
 
 /* export point to der */
-int wc_ecc_export_point_der(const int curve_idx, ecc_point* point, byte* out, word32* outLen)
+int wc_ecc_export_point_der(const int curve_idx, ecc_point* point, byte* out,
+                            word32* outLen)
 {
 #ifdef WOLFSSL_SMALL_STACK
-	byte*  buf;
+    byte*  buf;
 #else
-	byte   buf[ECC_BUFSIZE];
+    byte   buf[ECC_BUFSIZE];
 #endif
-	word32 numlen;
-	int    ret = MP_OKAY;
+    word32 numlen;
+    int    ret = MP_OKAY;
 
-	if (curve_idx < 0)
-		return ECC_BAD_ARG_E;
+    if ((curve_idx < 0) || (ecc_is_valid_idx(curve_idx) == 0))
+        return ECC_BAD_ARG_E;
 
-	/* return length needed only */
-	if (point != NULL && out == NULL && outLen != NULL) {
-		numlen = ecc_sets[curve_idx].size;
-		*outLen = 1 + 2*numlen;
-		return LENGTH_ONLY_E;
-	}
+    /* return length needed only */
+    if (point != NULL && out == NULL && outLen != NULL) {
+        numlen = ecc_sets[curve_idx].size;
+        *outLen = 1 + 2*numlen;
+        return LENGTH_ONLY_E;
+    }
 
-	if (point == NULL || out == NULL || outLen == NULL)
-		return ECC_BAD_ARG_E;
+    if (point == NULL || out == NULL || outLen == NULL)
+        return ECC_BAD_ARG_E;
 
-	numlen = ecc_sets[curve_idx].size;
+    numlen = ecc_sets[curve_idx].size;
 
-	if (*outLen < (1 + 2*numlen)) {
-		*outLen = 1 + 2*numlen;
-		return BUFFER_E;
-	}
+    if (*outLen < (1 + 2*numlen)) {
+        *outLen = 1 + 2*numlen;
+        return BUFFER_E;
+    }
 
-	/* store byte 0x04 */
-	out[0] = 0x04;
+    /* store byte 0x04 */
+    out[0] = 0x04;
 
 #ifdef WOLFSSL_SMALL_STACK
-	buf = (byte*)XMALLOC(ECC_BUFSIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-	if (buf == NULL)
-		return MEMORY_E;
+    buf = (byte*)XMALLOC(ECC_BUFSIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    if (buf == NULL)
+        return MEMORY_E;
 #endif
 
-	do {
-		/* pad and store x */
-		XMEMSET(buf, 0, ECC_BUFSIZE);
-		ret = mp_to_unsigned_bin(point->x,
-								 buf + (numlen - mp_unsigned_bin_size(point->x)));
-		if (ret != MP_OKAY)
-			break;
-		XMEMCPY(out+1, buf, numlen);
+    do {
+        /* pad and store x */
+        XMEMSET(buf, 0, ECC_BUFSIZE);
+        ret = mp_to_unsigned_bin(point->x, buf +
+                                 (numlen - mp_unsigned_bin_size(point->x)));
+        if (ret != MP_OKAY)
+            break;
+        XMEMCPY(out+1, buf, numlen);
 
-		/* pad and store y */
-		XMEMSET(buf, 0, ECC_BUFSIZE);
-		ret = mp_to_unsigned_bin(point->y,
-								 buf + (numlen - mp_unsigned_bin_size(point->y)));
-		if (ret != MP_OKAY)
-			break;
-		XMEMCPY(out+1+numlen, buf, numlen);
+        /* pad and store y */
+        XMEMSET(buf, 0, ECC_BUFSIZE);
+        ret = mp_to_unsigned_bin(point->y, buf +
+                                 (numlen - mp_unsigned_bin_size(point->y)));
+        if (ret != MP_OKAY)
+            break;
+        XMEMCPY(out+1+numlen, buf, numlen);
 
-		*outLen = 1 + 2*numlen;
-	} while (0);
+        *outLen = 1 + 2*numlen;
+    } while (0);
 
 #ifdef WOLFSSL_SMALL_STACK
-	XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
-	return ret;
+    return ret;
 }
 
 
@@ -2690,7 +2695,8 @@ int wc_ecc_export_x963(ecc_key* key, byte* out, word32* outLen)
 
 /* export public ECC key in ANSI X9.63 format, extended with
  * compression option */
-int wc_ecc_export_x963_ex(ecc_key* key, byte* out, word32* outLen, int compressed)
+int wc_ecc_export_x963_ex(ecc_key* key, byte* out, word32* outLen,
+                          int compressed)
 {
     if (compressed == 0)
         return wc_ecc_export_x963(key, out, outLen);
@@ -3235,8 +3241,8 @@ int wc_ecc_size(ecc_key* key)
 }
 
 
-/* worst case estimate, check actual return from wc_ecc_sign_hash for actual value
-   of signature size in octets */
+/* worst case estimate, check actual return from wc_ecc_sign_hash for actual
+   value of signature size in octets */
 int wc_ecc_sig_size(ecc_key* key)
 {
     int sz = wc_ecc_size(key);
diff --git a/wolfcrypt/src/integer.c b/wolfcrypt/src/integer.c
index bb5877305..00685acfc 100644
--- a/wolfcrypt/src/integer.c
+++ b/wolfcrypt/src/integer.c
@@ -49,18 +49,18 @@
 static void
 bn_reverse (unsigned char *s, int len)
 {
-	int     ix, iy;
-	unsigned char t;
+    int     ix, iy;
+    unsigned char t;
 
-	ix = 0;
-	iy = len - 1;
-	while (ix < iy) {
-		t     = s[ix];
-		s[ix] = s[iy];
-		s[iy] = t;
-		++ix;
-		--iy;
-	}
+    ix = 0;
+    iy = len - 1;
+    while (ix < iy) {
+        t     = s[ix];
+        s[ix] = s[iy];
+        s[iy] = t;
+        ++ix;
+        --iy;
+    }
 }
 
 /* math settings check */
@@ -1251,10 +1251,10 @@ void mp_set (mp_int * a, mp_digit b)
 /* chek if a bit is set */
 int mp_is_bit_set (mp_int *a, mp_digit b)
 {
-	if ((mp_digit)a->used < b/DIGIT_BIT)
-		return 0;
+    if ((mp_digit)a->used < b/DIGIT_BIT)
+        return 0;
 
-	return (int)((a->dp[b/DIGIT_BIT] >> b%DIGIT_BIT) & (mp_digit)1);
+    return (int)((a->dp[b/DIGIT_BIT] >> b%DIGIT_BIT) & (mp_digit)1);
 }
 
 /* c = a mod b, 0 <= c < b */
@@ -1888,7 +1888,8 @@ int mp_exptmod_fast (mp_int * G, mp_int * X, mp_int * P, mp_int * Y,
   }
 
   for (x = 0; x < (winsize - 1); x++) {
-    if ((err = mp_sqr (&M[(mp_digit)(1 << (winsize - 1))], &M[(mp_digit)(1 << (winsize - 1))])) != MP_OKAY) {
+    if ((err = mp_sqr (&M[(mp_digit)(1 << (winsize - 1))],
+                       &M[(mp_digit)(1 << (winsize - 1))])) != MP_OKAY) {
       goto LBL_RES;
     }
     if ((err = redux (&M[(mp_digit)(1 << (winsize - 1))], P, mp)) != MP_OKAY) {
@@ -2523,20 +2524,20 @@ mp_2expt (mp_int * a, int b)
 int
 mp_set_bit (mp_int * a, int b)
 {
-	int i = b / DIGIT_BIT, res;
+    int i = b / DIGIT_BIT, res;
 
-	/* grow a to accomodate the single bit */
-	if ((res = mp_grow (a, i + 1)) != MP_OKAY) {
-		return res;
-	}
+    /* grow a to accomodate the single bit */
+    if ((res = mp_grow (a, i + 1)) != MP_OKAY) {
+        return res;
+    }
 
-	/* set the used count of where the bit will go */
-	a->used = i + 1;
+    /* set the used count of where the bit will go */
+    a->used = i + 1;
 
-	/* put the single bit in its place */
-	a->dp[i] |= ((mp_digit)1) << (b % DIGIT_BIT);
+    /* put the single bit in its place */
+    a->dp[i] |= ((mp_digit)1) << (b % DIGIT_BIT);
 
-	return MP_OKAY;
+    return MP_OKAY;
 }
 
 /* multiply by a digit */
@@ -3192,7 +3193,8 @@ int mp_montgomery_calc_normalization (mp_int * a, mp_int * b)
   bits = mp_count_bits (b) % DIGIT_BIT;
 
   if (b->used > 1) {
-     if ((res = mp_2expt (a, (b->used - 1) * DIGIT_BIT + bits - 1)) != MP_OKAY) {
+     if ((res = mp_2expt (a, (b->used - 1) * DIGIT_BIT + bits - 1))
+         != MP_OKAY) {
         return res;
      }
   } else {
@@ -3624,7 +3626,8 @@ s_mp_mul_high_digs (mp_int * a, mp_int * b, mp_int * c, int digs)
   /* can we use the fast multiplier? */
 #ifdef BN_FAST_S_MP_MUL_HIGH_DIGS_C
   if (((a->used + b->used + 1) < MP_WARRAY)
-      && MIN (a->used, b->used) < (1 << ((CHAR_BIT * sizeof (mp_word)) - (2 * DIGIT_BIT)))) {
+      && MIN (a->used, b->used) <
+      (1 << ((CHAR_BIT * sizeof (mp_word)) - (2 * DIGIT_BIT)))) {
     return fast_s_mp_mul_high_digs (a, b, c, digs);
   }
 #endif
@@ -3818,7 +3821,8 @@ int mp_sqrmod (mp_int * a, mp_int * b, mp_int * c)
 #endif
 
 
-#if defined(HAVE_ECC) || !defined(NO_PWDBASED) || defined(WOLFSSL_SNIFFER) || defined(WOLFSSL_HAVE_WOLFSCEP) || defined(WOLFSSL_KEY_GEN)
+#if defined(HAVE_ECC) || !defined(NO_PWDBASED) || defined(WOLFSSL_SNIFFER) || \
+    defined(WOLFSSL_HAVE_WOLFSCEP) || defined(WOLFSSL_KEY_GEN)
 
 /* single digit addition */
 int mp_add_d (mp_int* a, mp_digit b, mp_int* c)
@@ -4120,7 +4124,7 @@ int mp_mod_d (mp_int * a, mp_digit b, mp_digit * c)
   return mp_div_d(a, b, NULL, c);
 }
 
-#endif /* defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) || defined(HAVE_ECC) */
+#endif /* defined(WOLFSSL_KEY_GEN)||defined(HAVE_COMP_KEY)||defined(HAVE_ECC) */
 
 #ifdef WOLFSSL_KEY_GEN
 
@@ -4472,7 +4476,8 @@ LBL_U:mp_clear (&v);
 #ifdef HAVE_ECC
 
 /* chars used in radix conversions */
-const char *mp_s_rmap = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz+/";
+const char *mp_s_rmap = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ\
+                         abcdefghijklmnopqrstuvwxyz+/";
 
 /* read a string [ASCII] in a given radix */
 int mp_read_radix (mp_int * a, const char *str, int radix)
@@ -4541,110 +4546,110 @@ int mp_read_radix (mp_int * a, const char *str, int radix)
 /* returns size of ASCII representation */
 int mp_radix_size (mp_int *a, int radix, int *size)
 {
-	int     res, digs;
-	mp_int  t;
-	mp_digit d;
+    int     res, digs;
+    mp_int  t;
+    mp_digit d;
 
-	*size = 0;
+    *size = 0;
 
-	/* special case for binary */
-	if (radix == 2) {
-		*size = mp_count_bits (a) + (a->sign == MP_NEG ? 1 : 0) + 1;
-		return MP_OKAY;
-	}
+    /* special case for binary */
+    if (radix == 2) {
+        *size = mp_count_bits (a) + (a->sign == MP_NEG ? 1 : 0) + 1;
+        return MP_OKAY;
+    }
 
-	/* make sure the radix is in range */
-	if (radix < 2 || radix > 64) {
-		return MP_VAL;
-	}
+    /* make sure the radix is in range */
+    if (radix < 2 || radix > 64) {
+        return MP_VAL;
+    }
 
-	if (mp_iszero(a) == MP_YES) {
-		*size = 2;
-		return MP_OKAY;
-	}
+    if (mp_iszero(a) == MP_YES) {
+        *size = 2;
+        return MP_OKAY;
+    }
 
-	/* digs is the digit count */
-	digs = 0;
+    /* digs is the digit count */
+    digs = 0;
 
-	/* if it's negative add one for the sign */
-	if (a->sign == MP_NEG) {
-		++digs;
-	}
+    /* if it's negative add one for the sign */
+    if (a->sign == MP_NEG) {
+        ++digs;
+    }
 
-	/* init a copy of the input */
-	if ((res = mp_init_copy (&t, a)) != MP_OKAY) {
-		return res;
-	}
+    /* init a copy of the input */
+    if ((res = mp_init_copy (&t, a)) != MP_OKAY) {
+        return res;
+    }
 
-	/* force temp to positive */
-	t.sign = MP_ZPOS;
+    /* force temp to positive */
+    t.sign = MP_ZPOS;
 
-	/* fetch out all of the digits */
-	while (mp_iszero (&t) == MP_NO) {
-		if ((res = mp_div_d (&t, (mp_digit) radix, &t, &d)) != MP_OKAY) {
-			mp_clear (&t);
-			return res;
-		}
-		++digs;
-	}
-	mp_clear (&t);
+    /* fetch out all of the digits */
+    while (mp_iszero (&t) == MP_NO) {
+        if ((res = mp_div_d (&t, (mp_digit) radix, &t, &d)) != MP_OKAY) {
+            mp_clear (&t);
+            return res;
+        }
+        ++digs;
+    }
+    mp_clear (&t);
 
-	/* return digs + 1, the 1 is for the NULL byte that would be required. */
-	*size = digs + 1;
-	return MP_OKAY;
+    /* return digs + 1, the 1 is for the NULL byte that would be required. */
+    *size = digs + 1;
+    return MP_OKAY;
 }
 
 /* stores a bignum as a ASCII string in a given radix (2..64) */
 int mp_toradix (mp_int *a, char *str, int radix)
 {
-	int     res, digs;
-	mp_int  t;
-	mp_digit d;
-	char   *_s = str;
+    int     res, digs;
+    mp_int  t;
+    mp_digit d;
+    char   *_s = str;
 
-	/* check range of the radix */
-	if (radix < 2 || radix > 64) {
-		return MP_VAL;
-	}
+    /* check range of the radix */
+    if (radix < 2 || radix > 64) {
+        return MP_VAL;
+    }
 
-	/* quick out if its zero */
-	if (mp_iszero(a) == 1) {
-		*str++ = '0';
-		*str = '\0';
-		return MP_OKAY;
-	}
+    /* quick out if its zero */
+    if (mp_iszero(a) == 1) {
+        *str++ = '0';
+        *str = '\0';
+        return MP_OKAY;
+    }
 
-	if ((res = mp_init_copy (&t, a)) != MP_OKAY) {
-		return res;
-	}
+    if ((res = mp_init_copy (&t, a)) != MP_OKAY) {
+        return res;
+    }
 
-	/* if it is negative output a - */
-	if (t.sign == MP_NEG) {
-		++_s;
-		*str++ = '-';
-		t.sign = MP_ZPOS;
-	}
+    /* if it is negative output a - */
+    if (t.sign == MP_NEG) {
+        ++_s;
+        *str++ = '-';
+        t.sign = MP_ZPOS;
+    }
 
-	digs = 0;
-	while (mp_iszero (&t) == 0) {
-		if ((res = mp_div_d (&t, (mp_digit) radix, &t, &d)) != MP_OKAY) {
-			mp_clear (&t);
-			return res;
-		}
-		*str++ = mp_s_rmap[d];
-		++digs;
-	}
+    digs = 0;
+    while (mp_iszero (&t) == 0) {
+        if ((res = mp_div_d (&t, (mp_digit) radix, &t, &d)) != MP_OKAY) {
+            mp_clear (&t);
+            return res;
+        }
+        *str++ = mp_s_rmap[d];
+        ++digs;
+    }
 
-	/* reverse the digits of the string.  In this case _s points
-	 * to the first digit [exluding the sign] of the number]
-	 */
-	bn_reverse ((unsigned char *)_s, digs);
+    /* reverse the digits of the string.  In this case _s points
+     * to the first digit [exluding the sign] of the number]
+     */
+    bn_reverse ((unsigned char *)_s, digs);
 
-	/* append a NULL so the string is properly terminated */
-	*str = '\0';
+    /* append a NULL so the string is properly terminated */
+    *str = '\0';
 
-	mp_clear (&t);
-	return MP_OKAY;
+    mp_clear (&t);
+    return MP_OKAY;
 }
 
 #endif /* HAVE_ECC */
diff --git a/wolfcrypt/src/tfm.c b/wolfcrypt/src/tfm.c
index 26467e9bd..3391693ae 100755
--- a/wolfcrypt/src/tfm.c
+++ b/wolfcrypt/src/tfm.c
@@ -538,7 +538,7 @@ int fp_div(fp_int *a, fp_int *b, fp_int *c, fp_int *d)
   t = y.used - 1;
 
   /* while (x >= y*b**n-t) do { q[n-t] += 1; x -= y*b**{n-t} } */
-  fp_lshd (&y, n - t);                                             /* y = y*b**{n-t} */
+  fp_lshd (&y, n - t); /* y = y*b**{n-t} */
 
   while (fp_cmp (&x, &y) != FP_LT) {
     ++(q.dp[n - t]);
@@ -966,8 +966,8 @@ int fp_mulmod(fp_int *a, fp_int *b, fp_int *c, fp_int *d)
 #ifdef TFM_TIMING_RESISTANT
 
 /* timing resistant montgomery ladder based exptmod
-
-   Based on work by Marc Joye, Sung-Ming Yen, "The Montgomery Powering Ladder", Cryptographic Hardware and Embedded Systems, CHES 2002
+   Based on work by Marc Joye, Sung-Ming Yen, "The Montgomery Powering Ladder",
+   Cryptographic Hardware and Embedded Systems, CHES 2002
 */
 static int _fp_exptmod(fp_int * G, fp_int * X, fp_int * P, fp_int * Y)
 {
@@ -1085,7 +1085,8 @@ static int _fp_exptmod(fp_int * G, fp_int * X, fp_int * P, fp_int * Y)
    }
    fp_mulmod (&M[1], &res, P, &M[1]);
 
-  /* compute the value at M[1<<(winsize-1)] by squaring M[1] (winsize-1) times */
+  /* compute the value at M[1<<(winsize-1)] by
+   * squaring M[1] (winsize-1) times */
   fp_copy (&M[1], &M[1 << (winsize - 1)]);
   for (x = 0; x < (winsize - 1); x++) {
     fp_sqr (&M[1 << (winsize - 1)], &M[1 << (winsize - 1)]);
@@ -1737,7 +1738,8 @@ void fp_read_unsigned_bin(fp_int *a, unsigned char *b, int c)
 
   /* If we know the endianness of this architecture, and we're using
      32-bit fp_digits, we can optimize this */
-#if (defined(LITTLE_ENDIAN_ORDER) || defined(BIG_ENDIAN_ORDER)) && defined(FP_32BIT)
+#if (defined(LITTLE_ENDIAN_ORDER) || defined(BIG_ENDIAN_ORDER)) && \
+    defined(FP_32BIT)
   /* But not for both simultaneously */
 #if defined(LITTLE_ENDIAN_ORDER) && defined(BIG_ENDIAN_ORDER)
 #error Both LITTLE_ENDIAN_ORDER and BIG_ENDIAN_ORDER defined.
@@ -1757,12 +1759,12 @@ void fp_read_unsigned_bin(fp_int *a, unsigned char *b, int c)
        /* Use Duff's device to unroll the loop. */
        int idx = (c - 1) & ~3;
        switch (c % 4) {
-       case 0:	do { pd[idx+0] = *b++;
-       case 3:	     pd[idx+1] = *b++;
-       case 2:	     pd[idx+2] = *b++;
-       case 1:	     pd[idx+3] = *b++;
+       case 0:    do { pd[idx+0] = *b++;
+       case 3:         pd[idx+1] = *b++;
+       case 2:         pd[idx+2] = *b++;
+       case 1:         pd[idx+3] = *b++;
                      idx -= 4;
-	 	        } while ((c -= 4) > 0);
+                 } while ((c -= 4) > 0);
        }
      }
 #else
@@ -1813,10 +1815,10 @@ void fp_set(fp_int *a, fp_digit b)
 /* chek if a bit is set */
 int fp_is_bit_set (fp_int *a, fp_digit b)
 {
-	if ((fp_digit)a->used < b/DIGIT_BIT)
-		return 0;
+    if ((fp_digit)a->used < b/DIGIT_BIT)
+        return 0;
 
-	return (int)((a->dp[b/DIGIT_BIT] >> b%DIGIT_BIT) & (fp_digit)1);
+    return (int)((a->dp[b/DIGIT_BIT] >> b%DIGIT_BIT) & (fp_digit)1);
 }
 
 int fp_count_bits (fp_int * a)
@@ -2003,7 +2005,8 @@ void mp_clear (mp_int * a)
 }
 
 /* handle up to 6 inits */
-int mp_init_multi(mp_int* a, mp_int* b, mp_int* c, mp_int* d, mp_int* e, mp_int* f)
+int mp_init_multi(mp_int* a, mp_int* b, mp_int* c, mp_int* d,
+                  mp_int* e, mp_int* f)
 {
     if (a)
         fp_init(a);
@@ -2111,7 +2114,7 @@ int mp_sub_d(fp_int *a, fp_digit b, fp_int *c)
 
 int mp_mul_2d(fp_int *a, int b, fp_int *c)
 {
-	fp_mul_2d(a, b, c);
+    fp_mul_2d(a, b, c);
 	return MP_OKAY;
 }
 
@@ -2191,7 +2194,7 @@ int mp_set_int(fp_int *a, fp_digit b)
 
 int mp_is_bit_set (fp_int *a, fp_digit b)
 {
-	return fp_is_bit_set(a, b);
+    return fp_is_bit_set(a, b);
 }
 
 #if defined(WOLFSSL_KEY_GEN) || defined (HAVE_ECC)
@@ -2597,7 +2600,8 @@ int mp_add_d(fp_int *a, fp_digit b, fp_int *c)
 #ifdef HAVE_ECC
 
 /* chars used in radix conversions */
-static const char *fp_s_rmap = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz+/";
+static const char *fp_s_rmap = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ\
+                                abcdefghijklmnopqrstuvwxyz+/";
 
 static int fp_read_radix(fp_int *a, const char *str, int radix)
 {
@@ -2717,107 +2721,107 @@ int mp_cnt_lsb(fp_int* a)
 /* returns size of ASCII reprensentation */
 int mp_radix_size (mp_int *a, int radix, int *size)
 {
-	int     res, digs;
-	fp_int  t;
-	fp_digit d;
+    int     res, digs;
+    fp_int  t;
+    fp_digit d;
 
-	*size = 0;
+    *size = 0;
 
-	/* special case for binary */
-	if (radix == 2) {
-		*size = fp_count_bits (a) + (a->sign == FP_NEG ? 1 : 0) + 1;
-		return FP_YES;
-	}
+    /* special case for binary */
+    if (radix == 2) {
+        *size = fp_count_bits (a) + (a->sign == FP_NEG ? 1 : 0) + 1;
+        return FP_YES;
+    }
 
-	/* make sure the radix is in range */
-	if (radix < 2 || radix > 64) {
-		return FP_VAL;
-	}
+    /* make sure the radix is in range */
+    if (radix < 2 || radix > 64) {
+        return FP_VAL;
+    }
 
-	if (fp_iszero(a) == MP_YES) {
-		*size = 2;
-		return FP_YES;
-	}
+    if (fp_iszero(a) == MP_YES) {
+        *size = 2;
+        return FP_YES;
+    }
 
-	/* digs is the digit count */
-	digs = 0;
+    /* digs is the digit count */
+    digs = 0;
 
-	/* if it's negative add one for the sign */
-	if (a->sign == FP_NEG) {
-		++digs;
-	}
+    /* if it's negative add one for the sign */
+    if (a->sign == FP_NEG) {
+        ++digs;
+    }
 
-	/* init a copy of the input */
-	fp_init_copy (&t, a);
+    /* init a copy of the input */
+    fp_init_copy (&t, a);
 
-	/* force temp to positive */
-	t.sign = FP_ZPOS;
+    /* force temp to positive */
+    t.sign = FP_ZPOS;
 
-	/* fetch out all of the digits */
-	while (fp_iszero (&t) == FP_NO) {
-		if ((res = fp_div_d (&t, (mp_digit) radix, &t, &d)) != FP_OKAY) {
-			fp_zero (&t);
-			return res;
-		}
-		++digs;
-	}
-	fp_zero (&t);
+    /* fetch out all of the digits */
+    while (fp_iszero (&t) == FP_NO) {
+        if ((res = fp_div_d (&t, (mp_digit) radix, &t, &d)) != FP_OKAY) {
+            fp_zero (&t);
+            return res;
+        }
+        ++digs;
+    }
+    fp_zero (&t);
 
-	/* return digs + 1, the 1 is for the NULL byte that would be required. */
-	*size = digs + 1;
-	return FP_OKAY;
+    /* return digs + 1, the 1 is for the NULL byte that would be required. */
+    *size = digs + 1;
+    return FP_OKAY;
 }
 
 /* stores a bignum as a ASCII string in a given radix (2..64) */
 int mp_toradix (mp_int *a, char *str, int radix)
 {
-	int     res, digs;
-	fp_int  t;
-	fp_digit d;
-	char   *_s = str;
+    int     res, digs;
+    fp_int  t;
+    fp_digit d;
+    char   *_s = str;
 
-	/* check range of the radix */
-	if (radix < 2 || radix > 64) {
-		return FP_VAL;
-	}
+    /* check range of the radix */
+    if (radix < 2 || radix > 64) {
+        return FP_VAL;
+    }
 
-	/* quick out if its zero */
-	if (fp_iszero(a) == 1) {
-		*str++ = '0';
-		*str = '\0';
-		return FP_YES;
-	}
+    /* quick out if its zero */
+    if (fp_iszero(a) == 1) {
+        *str++ = '0';
+        *str = '\0';
+        return FP_YES;
+    }
 
-	/* init a copy of the input */
-	fp_init_copy (&t, a);
+    /* init a copy of the input */
+    fp_init_copy (&t, a);
 
-	/* if it is negative output a - */
-	if (t.sign == FP_NEG) {
-		++_s;
-		*str++ = '-';
-		t.sign = FP_ZPOS;
-	}
+    /* if it is negative output a - */
+    if (t.sign == FP_NEG) {
+        ++_s;
+        *str++ = '-';
+        t.sign = FP_ZPOS;
+    }
 
-	digs = 0;
-	while (fp_iszero (&t) == 0) {
-		if ((res = fp_div_d (&t, (fp_digit) radix, &t, &d)) != FP_OKAY) {
-			fp_zero (&t);
-			return res;
-		}
-		*str++ = fp_s_rmap[d];
-		++digs;
-	}
+    digs = 0;
+    while (fp_iszero (&t) == 0) {
+        if ((res = fp_div_d (&t, (fp_digit) radix, &t, &d)) != FP_OKAY) {
+            fp_zero (&t);
+            return res;
+        }
+        *str++ = fp_s_rmap[d];
+        ++digs;
+    }
 
-	/* reverse the digits of the string.  In this case _s points
-	 * to the first digit [exluding the sign] of the number]
-	 */
-	fp_reverse ((unsigned char *)_s, digs);
+    /* reverse the digits of the string.  In this case _s points
+     * to the first digit [exluding the sign] of the number]
+     */
+    fp_reverse ((unsigned char *)_s, digs);
 
-	/* append a NULL so the string is properly terminated */
-	*str = '\0';
+    /* append a NULL so the string is properly terminated */
+    *str = '\0';
 
-	fp_zero (&t);
-	return FP_OKAY;
+    fp_zero (&t);
+    return FP_OKAY;
 }
 
 #endif /* defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) */
diff --git a/wolfssl/openssl/bn.h b/wolfssl/openssl/bn.h
index efd937d76..225e6976d 100644
--- a/wolfssl/openssl/bn.h
+++ b/wolfssl/openssl/bn.h
@@ -32,9 +32,9 @@ WOLFSSL_API void           wolfSSL_BN_clear_free(WOLFSSL_BIGNUM*);
 
 
 WOLFSSL_API int wolfSSL_BN_sub(WOLFSSL_BIGNUM*, const WOLFSSL_BIGNUM*,
-	                         const WOLFSSL_BIGNUM*);
+                             const WOLFSSL_BIGNUM*);
 WOLFSSL_API int wolfSSL_BN_mod(WOLFSSL_BIGNUM*, const WOLFSSL_BIGNUM*,
-	                         const WOLFSSL_BIGNUM*, const WOLFSSL_BN_CTX*);
+                             const WOLFSSL_BIGNUM*, const WOLFSSL_BN_CTX*);
 
 WOLFSSL_API const WOLFSSL_BIGNUM* wolfSSL_BN_value_one(void);
 
@@ -50,7 +50,7 @@ WOLFSSL_API int wolfSSL_BN_cmp(const WOLFSSL_BIGNUM*, const WOLFSSL_BIGNUM*);
 
 WOLFSSL_API int wolfSSL_BN_bn2bin(const WOLFSSL_BIGNUM*, unsigned char*);
 WOLFSSL_API WOLFSSL_BIGNUM* wolfSSL_BN_bin2bn(const unsigned char*, int len,
-	                            WOLFSSL_BIGNUM* ret);
+                                WOLFSSL_BIGNUM* ret);
 
 WOLFSSL_API int wolfSSL_mask_bits(WOLFSSL_BIGNUM*, int n);
 
@@ -59,7 +59,8 @@ WOLFSSL_API int wolfSSL_BN_is_bit_set(const WOLFSSL_BIGNUM*, int n);
 WOLFSSL_API int wolfSSL_BN_hex2bn(WOLFSSL_BIGNUM**, const char* str);
 
 WOLFSSL_API WOLFSSL_BIGNUM* wolfSSL_BN_dup(const WOLFSSL_BIGNUM*);
-WOLFSSL_API WOLFSSL_BIGNUM* wolfSSL_BN_copy(WOLFSSL_BIGNUM*, const WOLFSSL_BIGNUM*);
+WOLFSSL_API WOLFSSL_BIGNUM* wolfSSL_BN_copy(WOLFSSL_BIGNUM*,
+                                            const WOLFSSL_BIGNUM*);
 
 WOLFSSL_API int   wolfSSL_BN_dec2bn(WOLFSSL_BIGNUM**, const char* str);
 WOLFSSL_API char* wolfSSL_BN_bn2dec(const WOLFSSL_BIGNUM*);
@@ -69,12 +70,13 @@ WOLFSSL_API int wolfSSL_BN_add_word(WOLFSSL_BIGNUM*, WOLFSSL_BN_ULONG);
 WOLFSSL_API int wolfSSL_BN_set_bit(WOLFSSL_BIGNUM*, int);
 WOLFSSL_API int wolfSSL_BN_set_word(WOLFSSL_BIGNUM*, WOLFSSL_BN_ULONG);
 
-
-/* 2/6 */
-WOLFSSL_API int wolfSSL_BN_add(WOLFSSL_BIGNUM*, WOLFSSL_BIGNUM*, WOLFSSL_BIGNUM*);
+WOLFSSL_API int wolfSSL_BN_add(WOLFSSL_BIGNUM*, WOLFSSL_BIGNUM*,
+                               WOLFSSL_BIGNUM*);
 WOLFSSL_API char *wolfSSL_BN_bn2hex(const WOLFSSL_BIGNUM*);
-WOLFSSL_API int wolfSSL_BN_is_prime_ex(const WOLFSSL_BIGNUM*, int, WOLFSSL_BN_CTX*, WOLFSSL_BN_GENCB*);
-WOLFSSL_API WOLFSSL_BN_ULONG wolfSSL_BN_mod_word(const WOLFSSL_BIGNUM*, WOLFSSL_BN_ULONG);
+WOLFSSL_API int wolfSSL_BN_is_prime_ex(const WOLFSSL_BIGNUM*, int,
+                                       WOLFSSL_BN_CTX*, WOLFSSL_BN_GENCB*);
+WOLFSSL_API WOLFSSL_BN_ULONG wolfSSL_BN_mod_word(const WOLFSSL_BIGNUM*,
+                                                 WOLFSSL_BN_ULONG);
 WOLFSSL_API int wolfSSL_BN_print_fp(FILE*, const WOLFSSL_BIGNUM*);
 WOLFSSL_API int wolfSSL_BN_rshift(WOLFSSL_BIGNUM*, const WOLFSSL_BIGNUM*, int);
 WOLFSSL_API WOLFSSL_BIGNUM *wolfSSL_BN_CTX_get(WOLFSSL_BN_CTX *ctx);
diff --git a/wolfssl/openssl/dh.h b/wolfssl/openssl/dh.h
index 071abf70f..be5ac383e 100644
--- a/wolfssl/openssl/dh.h
+++ b/wolfssl/openssl/dh.h
@@ -4,21 +4,16 @@
 #ifndef WOLFSSL_DH_H_
 #define WOLFSSL_DH_H_
 
-
 #include <wolfssl/openssl/ssl.h>
 #include <wolfssl/openssl/bn.h>
 
-
 #ifdef __cplusplus
     extern "C" {
 #endif
 
-
-
-
 typedef struct WOLFSSL_DH {
-	WOLFSSL_BIGNUM* p;
-	WOLFSSL_BIGNUM* g;
+    WOLFSSL_BIGNUM* p;
+    WOLFSSL_BIGNUM* g;
     WOLFSSL_BIGNUM* pub_key;      /* openssh deference g^x */
     WOLFSSL_BIGNUM* priv_key;     /* openssh deference x   */
     void*          internal;     /* our DH */
diff --git a/wolfssl/openssl/dsa.h b/wolfssl/openssl/dsa.h
index 4cb7299a9..aedcab452 100644
--- a/wolfssl/openssl/dsa.h
+++ b/wolfssl/openssl/dsa.h
@@ -4,23 +4,19 @@
 #ifndef WOLFSSL_DSA_H_
 #define WOLFSSL_DSA_H_
 
-
 #include <wolfssl/openssl/ssl.h>
 #include <wolfssl/openssl/bn.h>
 
-
 #ifdef __cplusplus
     extern "C" {
 #endif
 
-
-
 struct WOLFSSL_DSA {
-	WOLFSSL_BIGNUM* p;
-	WOLFSSL_BIGNUM* q;
-	WOLFSSL_BIGNUM* g;
-	WOLFSSL_BIGNUM* pub_key;      /* our y */
-	WOLFSSL_BIGNUM* priv_key;     /* our x */
+    WOLFSSL_BIGNUM* p;
+    WOLFSSL_BIGNUM* q;
+    WOLFSSL_BIGNUM* g;
+    WOLFSSL_BIGNUM* pub_key;      /* our y */
+    WOLFSSL_BIGNUM* priv_key;     /* our x */
     void*          internal;     /* our Dsa Key */
     char           inSet;        /* internal set from external ? */
     char           exSet;        /* external set from internal ? */
@@ -36,10 +32,13 @@ WOLFSSL_API int wolfSSL_DSA_generate_parameters_ex(WOLFSSL_DSA*, int bits,
                    unsigned long* hRet, void* cb);
 
 WOLFSSL_API int wolfSSL_DSA_LoadDer(WOLFSSL_DSA*, const unsigned char*, int sz);
-WOLFSSL_API int wolfSSL_DSA_do_sign(const unsigned char* d, unsigned char* sigRet,
-                                  WOLFSSL_DSA* dsa);
-WOLFSSL_API int wolfSSL_DSA_do_verify(const unsigned char* d, unsigned char* sig,
-								WOLFSSL_DSA* dsa, int *dsacheck);
+
+WOLFSSL_API int wolfSSL_DSA_do_sign(const unsigned char* d,
+                                    unsigned char* sigRet, WOLFSSL_DSA* dsa);
+
+WOLFSSL_API int wolfSSL_DSA_do_verify(const unsigned char* d,
+                                      unsigned char* sig,
+                                      WOLFSSL_DSA* dsa, int *dsacheck);
 
 #define DSA_new wolfSSL_DSA_new
 #define DSA_free wolfSSL_DSA_free
diff --git a/wolfssl/openssl/ec.h b/wolfssl/openssl/ec.h
index af2d22e17..9ba76d97e 100644
--- a/wolfssl/openssl/ec.h
+++ b/wolfssl/openssl/ec.h
@@ -6,96 +6,135 @@
 #include <wolfssl/openssl/ssl.h>
 #include <wolfssl/openssl/bn.h>
 
-
 #ifdef __cplusplus
 extern "C" {
 #endif
 
 /* Map OpenSSL NID value */
 enum {
-	POINT_CONVERSION_UNCOMPRESSED = 4,
-	NID_secp111r1 = 0,
-	NID_secp128r1 = 1,
-	NID_secp160r1 = 2,
-	NID_cert192 = 3,
-	NID_cert224 = 4,
-	NID_X9_62_prime256v1 = 5,
-	NID_secp384r1 = 6,
-	NID_secp521r1 = 7,
-	NID_X9_62_prime_field = 100,
-	OPENSSL_EC_NAMED_CURVE  = 0x001
+    POINT_CONVERSION_UNCOMPRESSED = 4,
+    NID_secp111r1 = 0,
+    NID_secp128r1 = 1,
+    NID_secp160r1 = 2,
+    NID_cert192 = 3,
+    NID_cert224 = 4,
+    NID_X9_62_prime256v1 = 5,
+    NID_secp384r1 = 6,
+    NID_secp521r1 = 7,
+    NID_X9_62_prime_field = 100,
+    OPENSSL_EC_NAMED_CURVE  = 0x001
 };
 
 struct WOLFSSL_EC_POINT {
-	WOLFSSL_BIGNUM *X;
-	WOLFSSL_BIGNUM *Y;
-	WOLFSSL_BIGNUM *Z;
+    WOLFSSL_BIGNUM *X;
+    WOLFSSL_BIGNUM *Y;
+    WOLFSSL_BIGNUM *Z;
 
-	void*          internal;     /* our ECC point */
-	char           inSet;        /* internal set from external ? */
-	char           exSet;        /* external set from internal ? */
+    void*          internal;     /* our ECC point */
+    char           inSet;        /* internal set from external ? */
+    char           exSet;        /* external set from internal ? */
 };
 
 struct WOLFSSL_EC_GROUP {
-	int curve_idx; /* index of curve, used by WolfSSL as a curve reference */
-	int curve_nid; /* NID of curve, used by OpenSSL/OpenSSH as a curve reference */
+    int curve_idx; /* index of curve, used by WolfSSL as reference */
+    int curve_nid; /* NID of curve, used by OpenSSL/OpenSSH as reference */
 };
 
 struct WOLFSSL_EC_KEY {
-	WOLFSSL_EC_GROUP *group;
-	WOLFSSL_EC_POINT *pub_key;
-	WOLFSSL_BIGNUM *priv_key;
+    WOLFSSL_EC_GROUP *group;
+    WOLFSSL_EC_POINT *pub_key;
+    WOLFSSL_BIGNUM *priv_key;
 
-	void*          internal;     /* our ECC Key */
-	char           inSet;        /* internal set from external ? */
-	char           exSet;        /* external set from internal ? */
+    void*          internal;     /* our ECC Key */
+    char           inSet;        /* internal set from external ? */
+    char           exSet;        /* external set from internal ? */
 };
 
-WOLFSSL_API int wolfSSL_ECPoint_i2d(const WOLFSSL_EC_GROUP *curve, const WOLFSSL_EC_POINT *p, unsigned char *out, unsigned int *len);
-WOLFSSL_API int wolfSSL_ECPoint_d2i(unsigned char *in, unsigned int len, const WOLFSSL_EC_GROUP *curve, WOLFSSL_EC_POINT *p);
-WOLFSSL_API int wolfSSL_EC_KEY_LoadDer(WOLFSSL_EC_KEY* key, const unsigned char* der,  int derSz);
-
-WOLFSSL_API void wolfSSL_EC_KEY_free(WOLFSSL_EC_KEY *key);
-WOLFSSL_API WOLFSSL_EC_POINT *wolfSSL_EC_KEY_get0_public_key(const WOLFSSL_EC_KEY *key);
-WOLFSSL_API const WOLFSSL_EC_GROUP *wolfSSL_EC_KEY_get0_group(const WOLFSSL_EC_KEY *key);
-WOLFSSL_API int wolfSSL_EC_KEY_set_private_key(WOLFSSL_EC_KEY *key, const WOLFSSL_BIGNUM *priv_key);
-WOLFSSL_API WOLFSSL_BIGNUM *wolfSSL_EC_KEY_get0_private_key(const WOLFSSL_EC_KEY *key);
-WOLFSSL_API WOLFSSL_EC_KEY *wolfSSL_EC_KEY_new_by_curve_name(int nid);
-WOLFSSL_API WOLFSSL_EC_KEY *wolfSSL_EC_KEY_new(void);
-WOLFSSL_API int wolfSSL_EC_KEY_set_group(WOLFSSL_EC_KEY *key, WOLFSSL_EC_GROUP *group);
-WOLFSSL_API int wolfSSL_EC_KEY_generate_key(WOLFSSL_EC_KEY *key);
-WOLFSSL_API void wolfSSL_EC_KEY_set_asn1_flag(WOLFSSL_EC_KEY *key, int asn1_flag);
-WOLFSSL_API int wolfSSL_EC_KEY_set_public_key(WOLFSSL_EC_KEY *key, const WOLFSSL_EC_POINT *pub);
-
-
-WOLFSSL_API void wolfSSL_EC_GROUP_set_asn1_flag(WOLFSSL_EC_GROUP *group, int flag);
-WOLFSSL_API WOLFSSL_EC_GROUP *wolfSSL_EC_GROUP_new_by_curve_name(int nid);
-WOLFSSL_API int wolfSSL_EC_GROUP_cmp(const WOLFSSL_EC_GROUP *a, const WOLFSSL_EC_GROUP *b, WOLFSSL_BN_CTX *ctx);
-WOLFSSL_API int wolfSSL_EC_GROUP_get_curve_name(const WOLFSSL_EC_GROUP *group);
-WOLFSSL_API int wolfSSL_EC_GROUP_get_degree(const WOLFSSL_EC_GROUP *group);
-WOLFSSL_API int wolfSSL_EC_GROUP_get_order(const WOLFSSL_EC_GROUP *group, WOLFSSL_BIGNUM *order, WOLFSSL_BN_CTX *ctx);
-WOLFSSL_API void wolfSSL_EC_GROUP_free(WOLFSSL_EC_GROUP *group);
-
-WOLFSSL_API void wolfssl_EC_POINT_dump(const char *msg, const WOLFSSL_EC_POINT *p);
-WOLFSSL_API WOLFSSL_EC_POINT *wolfSSL_EC_POINT_new(const WOLFSSL_EC_GROUP *group);
-WOLFSSL_API int wolfSSL_EC_POINT_get_affine_coordinates_GFp(const WOLFSSL_EC_GROUP *group, const WOLFSSL_EC_POINT *p,
-														WOLFSSL_BIGNUM *x, WOLFSSL_BIGNUM *y, WOLFSSL_BN_CTX *ctx);
-WOLFSSL_API int wolfSSL_EC_POINT_mul(const WOLFSSL_EC_GROUP *group, WOLFSSL_EC_POINT *r, const WOLFSSL_BIGNUM *n,
-									 const WOLFSSL_EC_POINT *q, const WOLFSSL_BIGNUM *m, WOLFSSL_BN_CTX *ctx);
-WOLFSSL_API void wolfSSL_EC_POINT_clear_free(WOLFSSL_EC_POINT *point);
-WOLFSSL_API int wolfSSL_EC_POINT_cmp(const WOLFSSL_EC_GROUP *group, const WOLFSSL_EC_POINT *a,
-									 const WOLFSSL_EC_POINT *b, WOLFSSL_BN_CTX *ctx);
-WOLFSSL_API void wolfSSL_EC_POINT_free(WOLFSSL_EC_POINT *point);
-WOLFSSL_API int wolfSSL_EC_POINT_is_at_infinity(const WOLFSSL_EC_GROUP *group, const WOLFSSL_EC_POINT *a);
+WOLFSSL_API
+int wolfSSL_ECPoint_i2d(const WOLFSSL_EC_GROUP *curve,
+                        const WOLFSSL_EC_POINT *p,
+                        unsigned char *out, unsigned int *len);
+WOLFSSL_API
+int wolfSSL_ECPoint_d2i(unsigned char *in, unsigned int len,
+                        const WOLFSSL_EC_GROUP *curve, WOLFSSL_EC_POINT *p);
+WOLFSSL_API
+int wolfSSL_EC_KEY_LoadDer(WOLFSSL_EC_KEY* key,
+                           const unsigned char* der, int derSz);
+WOLFSSL_API
+void wolfSSL_EC_KEY_free(WOLFSSL_EC_KEY *key);
+WOLFSSL_API
+WOLFSSL_EC_POINT *wolfSSL_EC_KEY_get0_public_key(const WOLFSSL_EC_KEY *key);
+WOLFSSL_API
+const WOLFSSL_EC_GROUP *wolfSSL_EC_KEY_get0_group(const WOLFSSL_EC_KEY *key);
+WOLFSSL_API
+int wolfSSL_EC_KEY_set_private_key(WOLFSSL_EC_KEY *key,
+                                   const WOLFSSL_BIGNUM *priv_key);
+WOLFSSL_API
+WOLFSSL_BIGNUM *wolfSSL_EC_KEY_get0_private_key(const WOLFSSL_EC_KEY *key);
+WOLFSSL_API
+WOLFSSL_EC_KEY *wolfSSL_EC_KEY_new_by_curve_name(int nid);
+WOLFSSL_API
+WOLFSSL_EC_KEY *wolfSSL_EC_KEY_new(void);
+WOLFSSL_API
+int wolfSSL_EC_KEY_set_group(WOLFSSL_EC_KEY *key, WOLFSSL_EC_GROUP *group);
+WOLFSSL_API
+int wolfSSL_EC_KEY_generate_key(WOLFSSL_EC_KEY *key);
+WOLFSSL_API
+void wolfSSL_EC_KEY_set_asn1_flag(WOLFSSL_EC_KEY *key, int asn1_flag);
+WOLFSSL_API
+int wolfSSL_EC_KEY_set_public_key(WOLFSSL_EC_KEY *key,
+                                  const WOLFSSL_EC_POINT *pub);
+WOLFSSL_API
+void wolfSSL_EC_GROUP_set_asn1_flag(WOLFSSL_EC_GROUP *group, int flag);
+WOLFSSL_API
+WOLFSSL_EC_GROUP *wolfSSL_EC_GROUP_new_by_curve_name(int nid);
+WOLFSSL_API
+int wolfSSL_EC_GROUP_cmp(const WOLFSSL_EC_GROUP *a, const WOLFSSL_EC_GROUP *b,
+                         WOLFSSL_BN_CTX *ctx);
+WOLFSSL_API
+int wolfSSL_EC_GROUP_get_curve_name(const WOLFSSL_EC_GROUP *group);
+WOLFSSL_API
+int wolfSSL_EC_GROUP_get_degree(const WOLFSSL_EC_GROUP *group);
+WOLFSSL_API
+int wolfSSL_EC_GROUP_get_order(const WOLFSSL_EC_GROUP *group,
+                               WOLFSSL_BIGNUM *order, WOLFSSL_BN_CTX *ctx);
+WOLFSSL_API
+void wolfSSL_EC_GROUP_free(WOLFSSL_EC_GROUP *group);
+WOLFSSL_API
+void wolfssl_EC_POINT_dump(const char *msg, const WOLFSSL_EC_POINT *p);
+WOLFSSL_API
+WOLFSSL_EC_POINT *wolfSSL_EC_POINT_new(const WOLFSSL_EC_GROUP *group);
+WOLFSSL_API
+int wolfSSL_EC_POINT_get_affine_coordinates_GFp(const WOLFSSL_EC_GROUP *group,
+                                                const WOLFSSL_EC_POINT *p,
+                                                WOLFSSL_BIGNUM *x,
+                                                WOLFSSL_BIGNUM *y,
+                                                WOLFSSL_BN_CTX *ctx);
+WOLFSSL_API
+int wolfSSL_EC_POINT_mul(const WOLFSSL_EC_GROUP *group, WOLFSSL_EC_POINT *r,
+                         const WOLFSSL_BIGNUM *n,
+                         const WOLFSSL_EC_POINT *q, const WOLFSSL_BIGNUM *m,
+                         WOLFSSL_BN_CTX *ctx);
+WOLFSSL_API
+void wolfSSL_EC_POINT_clear_free(WOLFSSL_EC_POINT *point);
+WOLFSSL_API
+int wolfSSL_EC_POINT_cmp(const WOLFSSL_EC_GROUP *group,
+                         const WOLFSSL_EC_POINT *a, const WOLFSSL_EC_POINT *b,
+                         WOLFSSL_BN_CTX *ctx);
+WOLFSSL_API
+void wolfSSL_EC_POINT_free(WOLFSSL_EC_POINT *point);
+WOLFSSL_API
+int wolfSSL_EC_POINT_is_at_infinity(const WOLFSSL_EC_GROUP *group,
+                                    const WOLFSSL_EC_POINT *a);
 
 #define EC_KEY_free wolfSSL_EC_KEY_free
 #define EC_KEY_get0_public_key wolfSSL_EC_KEY_get0_public_key
 #define EC_KEY_get0_group wolfSSL_EC_KEY_get0_group
 #define EC_KEY_set_private_key wolfSSL_EC_KEY_set_private_key
 #define EC_KEY_get0_private_key wolfSSL_EC_KEY_get0_private_key
-#define	EC_KEY_new_by_curve_name wolfSSL_EC_KEY_new_by_curve_name
+#define EC_KEY_new_by_curve_name wolfSSL_EC_KEY_new_by_curve_name
 #define EC_KEY_set_group wolfSSL_EC_KEY_set_group
-#define EC_KEY_generate_key	wolfSSL_EC_KEY_generate_key
+#define EC_KEY_generate_key wolfSSL_EC_KEY_generate_key
 #define EC_KEY_set_asn1_flag wolfSSL_EC_KEY_set_asn1_flag
 #define EC_KEY_set_public_key wolfSSL_EC_KEY_set_public_key
 #define EC_KEY_new wolfSSL_EC_KEY_new
@@ -109,7 +148,8 @@ WOLFSSL_API int wolfSSL_EC_POINT_is_at_infinity(const WOLFSSL_EC_GROUP *group, c
 #define EC_GROUP_free wolfSSL_EC_GROUP_free
 
 #define EC_POINT_new wolfSSL_EC_POINT_new
-#define EC_POINT_get_affine_coordinates_GFp wolfSSL_EC_POINT_get_affine_coordinates_GFp
+#define EC_POINT_get_affine_coordinates_GFp \
+            wolfSSL_EC_POINT_get_affine_coordinates_GFp
 #define EC_POINT_mul wolfSSL_EC_POINT_mul
 #define EC_POINT_clear_free wolfSSL_EC_POINT_clear_free
 #define EC_POINT_cmp wolfSSL_EC_POINT_cmp
diff --git a/wolfssl/openssl/ecdh.h b/wolfssl/openssl/ecdh.h
index 3e4c26de0..b5583dd93 100644
--- a/wolfssl/openssl/ecdh.h
+++ b/wolfssl/openssl/ecdh.h
@@ -11,8 +11,13 @@ extern C {
 #endif
 
 
-WOLFSSL_API	int wolfSSL_ECDH_compute_key(void *out, size_t outlen, const WOLFSSL_EC_POINT *pub_key,
-								 WOLFSSL_EC_KEY *ecdh, void *(*KDF) (const void *in, size_t inlen, void *out, size_t *outlen));
+WOLFSSL_API int wolfSSL_ECDH_compute_key(void *out, size_t outlen,
+                                         const WOLFSSL_EC_POINT *pub_key,
+                                         WOLFSSL_EC_KEY *ecdh,
+                                         void *(*KDF) (const void *in,
+                                                       size_t inlen,
+                                                       void *out,
+                                                       size_t *outlen));
 
 #define ECDH_compute_key wolfSSL_ECDH_compute_key
 
diff --git a/wolfssl/openssl/ecdsa.h b/wolfssl/openssl/ecdsa.h
index 07f7888d1..22b2d4cda 100644
--- a/wolfssl/openssl/ecdsa.h
+++ b/wolfssl/openssl/ecdsa.h
@@ -12,24 +12,24 @@ extern "C" {
 #endif
 
 struct WOLFSSL_ECDSA_SIG {
-	WOLFSSL_BIGNUM *r;
-	WOLFSSL_BIGNUM *s;
-#if 0
-	void*          internal;     /* our EC DSA */
-	char           inSet;        /* internal set from external ? */
-	char           exSet;        /* external set from internal ? */
-#endif
+    WOLFSSL_BIGNUM *r;
+    WOLFSSL_BIGNUM *s;
 };
 
 WOLFSSL_API void wolfSSL_ECDSA_SIG_free(WOLFSSL_ECDSA_SIG *sig);
 WOLFSSL_API WOLFSSL_ECDSA_SIG *wolfSSL_ECDSA_SIG_new(void);
-WOLFSSL_API WOLFSSL_ECDSA_SIG *wolfSSL_ECDSA_do_sign(const unsigned char *dgst, int dgst_len, WOLFSSL_EC_KEY *eckey);
-WOLFSSL_API int wolfSSL_ECDSA_do_verify(const unsigned char *dgst, int dgst_len, const WOLFSSL_ECDSA_SIG *sig, WOLFSSL_EC_KEY *eckey);
+WOLFSSL_API WOLFSSL_ECDSA_SIG *wolfSSL_ECDSA_do_sign(const unsigned char *dgst,
+                                                     int dgst_len,
+                                                     WOLFSSL_EC_KEY *eckey);
+WOLFSSL_API int wolfSSL_ECDSA_do_verify(const unsigned char *dgst,
+                                        int dgst_len,
+                                        const WOLFSSL_ECDSA_SIG *sig,
+                                        WOLFSSL_EC_KEY *eckey);
 
-#define	ECDSA_SIG_free wolfSSL_ECDSA_SIG_free
-#define	ECDSA_SIG_new wolfSSL_ECDSA_SIG_new
-#define	ECDSA_do_sign wolfSSL_ECDSA_do_sign
-#define	ECDSA_do_verify wolfSSL_ECDSA_do_verify
+#define ECDSA_SIG_free wolfSSL_ECDSA_SIG_free
+#define ECDSA_SIG_new wolfSSL_ECDSA_SIG_new
+#define ECDSA_do_sign wolfSSL_ECDSA_do_sign
+#define ECDSA_do_verify wolfSSL_ECDSA_do_verify
 
 #ifdef __cplusplus
 }  /* extern "C" */
diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h
index c56a4e7d7..0b0e367f9 100644
--- a/wolfssl/ssl.h
+++ b/wolfssl/ssl.h
@@ -1199,7 +1199,7 @@ WOLFSSL_API void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl);
 
 
 #ifndef NO_CERTS
-	WOLFSSL_API void wolfSSL_CTX_SetCACb(WOLFSSL_CTX*, CallbackCACache);
+    WOLFSSL_API void wolfSSL_CTX_SetCACb(WOLFSSL_CTX*, CallbackCACache);
 
     WOLFSSL_API WOLFSSL_CERT_MANAGER* wolfSSL_CertManagerNew(void);
     WOLFSSL_API void wolfSSL_CertManagerFree(WOLFSSL_CERT_MANAGER*);
diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h
index 4cf24a923..824ea019b 100644
--- a/wolfssl/wolfcrypt/asn.h
+++ b/wolfssl/wolfcrypt/asn.h
@@ -145,7 +145,7 @@ enum Misc_ASN {
     KEYID_SIZE          = SHA_DIGEST_SIZE,
 #endif
     RSA_INTS            =   8,     /* RSA ints in private key */
-	DSA_INTS            =   5,     /* DSA ints in private key */
+    DSA_INTS            =   5,     /* DSA ints in private key */
     MIN_DATE_SIZE       =  13,
     MAX_DATE_SIZE       =  32,
     ASN_GEN_TIME_SZ     =  15,     /* 7 numbers * 2 + Zulu tag */
@@ -521,7 +521,7 @@ WOLFSSL_TEST_API void InitDecodedCert(DecodedCert*, byte*, word32, void*);
 WOLFSSL_TEST_API void FreeDecodedCert(DecodedCert*);
 WOLFSSL_TEST_API int  ParseCert(DecodedCert*, int type, int verify, void* cm);
 
-WOLFSSL_LOCAL int ParseCertRelative(DecodedCert*, int type, int verify,void* cm);
+WOLFSSL_LOCAL int ParseCertRelative(DecodedCert*,int type,int verify,void* cm);
 WOLFSSL_LOCAL int DecodeToKey(DecodedCert*, int verify);
 
 WOLFSSL_LOCAL Signer* MakeSigner(void*);
@@ -530,7 +530,7 @@ WOLFSSL_LOCAL void    FreeSignerTable(Signer**, int, void*);
 
 
 WOLFSSL_LOCAL int ToTraditional(byte* buffer, word32 length);
-WOLFSSL_LOCAL int ToTraditionalEnc(byte* buffer, word32 length,const char*, int);
+WOLFSSL_LOCAL int ToTraditionalEnc(byte* buffer, word32 length,const char*,int);
 
 WOLFSSL_LOCAL int ValidateDate(const byte* date, byte format, int dateType);
 
@@ -550,10 +550,10 @@ WOLFSSL_LOCAL int GetAlgoId(const byte* input, word32* inOutIdx, word32* oid,
 WOLFSSL_LOCAL word32 SetLength(word32 length, byte* output);
 WOLFSSL_LOCAL word32 SetSequence(word32 len, byte* output);
 WOLFSSL_LOCAL word32 SetOctetString(word32 len, byte* output);
-WOLFSSL_LOCAL word32 SetImplicit(byte tag, byte number, word32 len,byte* output);
+WOLFSSL_LOCAL word32 SetImplicit(byte tag,byte number,word32 len,byte* output);
 WOLFSSL_LOCAL word32 SetExplicit(byte number, word32 len, byte* output);
 WOLFSSL_LOCAL word32 SetSet(word32 len, byte* output);
-WOLFSSL_LOCAL word32 SetAlgoID(int algoOID, byte* output, int type, int curveSz);
+WOLFSSL_LOCAL word32 SetAlgoID(int algoOID,byte* output,int type,int curveSz);
 WOLFSSL_LOCAL int SetMyVersion(word32 version, byte* output, int header);
 WOLFSSL_LOCAL int SetSerialNumber(const byte* sn, word32 snSz, byte* output);
 WOLFSSL_LOCAL int GetNameHash(const byte* source, word32* idx, byte* hash,
@@ -582,7 +582,7 @@ enum cert_enums {
 #ifndef NO_FILESYSTEM
 /* forward from wolfSSL */
 WOLFSSL_API
-int wolfSSL_PemCertToDer(const char* fileName, unsigned char* derBuf, int derSz);
+int wolfSSL_PemCertToDer(const char* fileName,unsigned char* derBuf,int derSz);
 #define WOLFSSL_PEMCERT_TODER_DEFINED
 #endif
 #endif
@@ -645,7 +645,7 @@ struct OcspResponse {
     word32  responseSz;      /* length of the OCSP Response */
 
     byte    producedDate[MAX_DATE_SIZE];
-							 /* Date at which this response was signed */
+                             /* Date at which this response was signed */
     byte    producedDateFormat; /* format of the producedDate */
     byte*   issuerHash;
     byte*   issuerKeyHash;
diff --git a/wolfssl/wolfcrypt/asn_public.h b/wolfssl/wolfcrypt/asn_public.h
index d7b47328d..223cea9be 100644
--- a/wolfssl/wolfcrypt/asn_public.h
+++ b/wolfssl/wolfcrypt/asn_public.h
@@ -44,9 +44,9 @@ enum CertType {
     CA_TYPE,
     ECC_PRIVATEKEY_TYPE,
     CERTREQ_TYPE,
-	DSA_TYPE,
-	ECC_TYPE,
-	RSA_TYPE
+    DSA_TYPE,
+    ECC_TYPE,
+    RSA_TYPE
 };
 
 
@@ -150,8 +150,8 @@ WOLFSSL_API void wc_InitCert(Cert*);
 WOLFSSL_API int  wc_MakeCert(Cert*, byte* derBuffer, word32 derSz, RsaKey*,
                          ecc_key*, RNG*);
 #ifdef WOLFSSL_CERT_REQ
-    WOLFSSL_API int  wc_MakeCertReq(Cert*, byte* derBuffer, word32 derSz, RsaKey*,
-                                ecc_key*);
+    WOLFSSL_API int  wc_MakeCertReq(Cert*, byte* derBuffer, word32 derSz,
+                                    RsaKey*, ecc_key*);
 #endif
 WOLFSSL_API int  wc_SignCert(int requestSz, int sigType, byte* derBuffer,
                          word32 derSz, RsaKey*, ecc_key*, RNG*);
@@ -188,8 +188,8 @@ WOLFSSL_API int  wc_SetDatesBuffer(Cert*, const byte*, int);
 #endif
 
 /* DER encode signature */
-WOLFSSL_API word32 wc_EncodeSignature(byte* out, const byte* digest, word32 digSz,
-                                  int hashOID);
+WOLFSSL_API word32 wc_EncodeSignature(byte* out, const byte* digest,
+                                      word32 digSz, int hashOID);
 WOLFSSL_API int wc_GetCTC_HashOID(int type);
 
 #ifdef __cplusplus
diff --git a/wolfssl/wolfcrypt/dsa.h b/wolfssl/wolfcrypt/dsa.h
index ee85ea109..8da15cf31 100644
--- a/wolfssl/wolfcrypt/dsa.h
+++ b/wolfssl/wolfcrypt/dsa.h
@@ -54,19 +54,16 @@ typedef struct DsaKey {
     int type;                               /* public or private */
 } DsaKey;
 
-
 WOLFSSL_API void wc_InitDsaKey(DsaKey* key);
 WOLFSSL_API void wc_FreeDsaKey(DsaKey* key);
-
-WOLFSSL_API int wc_DsaSign(const byte* digest, byte* out, DsaKey* key, RNG* rng);
-WOLFSSL_API int wc_DsaVerify(const byte* digest, const byte* sig, DsaKey* key,
-                         int* answer);
-
-WOLFSSL_API int wc_DsaPublicKeyDecode(const byte* input, word32* inOutIdx, DsaKey*,
-                                  word32);
-WOLFSSL_API int wc_DsaPrivateKeyDecode(const byte* input, word32* inOutIdx, DsaKey*,
-                                   word32);
-
+WOLFSSL_API int wc_DsaSign(const byte* digest, byte* out,
+                           DsaKey* key, RNG* rng);
+WOLFSSL_API int wc_DsaVerify(const byte* digest, const byte* sig,
+                             DsaKey* key, int* answer);
+WOLFSSL_API int wc_DsaPublicKeyDecode(const byte* input, word32* inOutIdx,
+                                      DsaKey*, word32);
+WOLFSSL_API int wc_DsaPrivateKeyDecode(const byte* input, word32* inOutIdx,
+                                       DsaKey*, word32);
 WOLFSSL_API int wc_DsaKeyToDer(DsaKey* key, byte* output, word32 inLen);
 
 #ifdef __cplusplus
diff --git a/wolfssl/wolfcrypt/ecc.h b/wolfssl/wolfcrypt/ecc.h
index 40534a786..9908ff9e8 100644
--- a/wolfssl/wolfcrypt/ecc.h
+++ b/wolfssl/wolfcrypt/ecc.h
@@ -47,7 +47,7 @@ enum {
 /* ECC set type defined a NIST GF(p) curve */
 typedef struct {
     int size;       /* The size of the curve in octets */
-	int nid;			  /* id of this curve */
+    int nid;              /* id of this curve */
     const char* name;     /* name of this curve */
     const char* prime;    /* prime that defines the field, curve is in (hex) */
     const char* Af;       /* fields A param (hex) */
@@ -141,19 +141,20 @@ WOLFSSL_API
 int wc_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key, byte* out,
                       word32* outlen);
 WOLFSSL_API
-int wc_ecc_shared_secret_ssh(ecc_key* private_key, ecc_point* point, byte* out, word32 *outlen);
+int wc_ecc_shared_secret_ssh(ecc_key* private_key, ecc_point* point,
+                             byte* out, word32 *outlen);
 WOLFSSL_API
 int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen,
-					 RNG* rng, ecc_key* key);
+                     RNG* rng, ecc_key* key);
 WOLFSSL_API
 int wc_ecc_sign_hash_ex(const byte* in, word32 inlen, RNG* rng,
-						ecc_key* key, mp_int *r, mp_int *s);
+                        ecc_key* key, mp_int *r, mp_int *s);
 WOLFSSL_API
 int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash,
                     word32 hashlen, int* stat, ecc_key* key);
 WOLFSSL_API
 int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash,
-						  word32 hashlen, int* stat, ecc_key* key);
+                          word32 hashlen, int* stat, ecc_key* key);
 WOLFSSL_API
 int wc_ecc_init(ecc_key* key);
 WOLFSSL_API
@@ -195,8 +196,11 @@ WOLFSSL_API
 int wc_ecc_export_private_only(ecc_key* key, byte* out, word32* outLen);
 
 WOLFSSL_API
-int wc_ecc_export_point_der(const int curve_idx, ecc_point* point, byte* out, word32* outLen);
-int wc_ecc_import_point_der(byte* in, word32 inLen, const int curve_idx, ecc_point* point);
+int wc_ecc_export_point_der(const int curve_idx, ecc_point* point,
+                            byte* out, word32* outLen);
+WOLFSSL_API
+int wc_ecc_import_point_der(byte* in, word32 inLen, const int curve_idx,
+                            ecc_point* point);
 
 /* size helper */
 WOLFSSL_API
@@ -244,7 +248,7 @@ ecEncCtx* wc_ecc_ctx_new(int flags, RNG* rng);
 WOLFSSL_API
 void wc_ecc_ctx_free(ecEncCtx*);
 WOLFSSL_API
-int wc_ecc_ctx_reset(ecEncCtx*, RNG*);   /* reset for use again w/o alloc/free */
+int wc_ecc_ctx_reset(ecEncCtx*, RNG*);  /* reset for use again w/o alloc/free */
 
 WOLFSSL_API
 const byte* wc_ecc_ctx_get_own_salt(ecEncCtx*);

From 304982a597cf03e45c4cf9ae294f48b264453876 Mon Sep 17 00:00:00 2001
From: Jacob Barthelmeh <jacob@wolfssl.com>
Date: Mon, 6 Jul 2015 15:29:53 -0600
Subject: [PATCH 181/350] Big Endian System ChaCha20 counter, auto tests added
 for ChaCha20 counter

---
 wolfcrypt/src/chacha.c |  2 +-
 wolfcrypt/test/test.c  | 53 ++++++++++++++++++++++++++++++++++--------
 2 files changed, 44 insertions(+), 11 deletions(-)

diff --git a/wolfcrypt/src/chacha.c b/wolfcrypt/src/chacha.c
index 4e95bdbd0..26972906b 100644
--- a/wolfcrypt/src/chacha.c
+++ b/wolfcrypt/src/chacha.c
@@ -93,7 +93,7 @@ int wc_Chacha_SetIV(ChaCha* ctx, const byte* inIv, word32 counter)
 
     XMEMCPY(temp, inIv, 12);
 
-    ctx->X[12] = LITTLE32(counter); /* block counter */
+    ctx->X[12] = counter;           /* block counter */
     ctx->X[13] = LITTLE32(temp[0]); /* fixed variable from nonce */
     ctx->X[14] = LITTLE32(temp[1]); /* counter from nonce */
     ctx->X[15] = LITTLE32(temp[2]); /* counter from nonce */
diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c
index cf5dbe56e..fb3ad7305 100644
--- a/wolfcrypt/test/test.c
+++ b/wolfcrypt/test/test.c
@@ -1904,10 +1904,12 @@ int chacha_test(void)
 {
     ChaCha enc;
     ChaCha dec;
-    byte   cipher[32];
-    byte   plain[32];
+    byte   cipher[128];
+    byte   plain[128];
+    byte   sliver[64];
     byte   input[] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0};
     word32 keySz;
+    int    ret = 0;
     int    i;
     int    times = 4;
 
@@ -1978,23 +1980,54 @@ int chacha_test(void)
         XMEMSET(cipher, 0, 32);
         XMEMCPY(cipher + 4, ivs[i], 8);
 
-        wc_Chacha_SetKey(&enc, keys[i], keySz);
-        wc_Chacha_SetKey(&dec, keys[i], keySz);
+        ret |= wc_Chacha_SetKey(&enc, keys[i], keySz);
+        ret |= wc_Chacha_SetKey(&dec, keys[i], keySz);
+        if (ret != 0)
+            return ret;
 
-        wc_Chacha_SetIV(&enc, cipher, 0);
-        wc_Chacha_SetIV(&dec, cipher, 0);
+        ret |= wc_Chacha_SetIV(&enc, cipher, 0);
+        ret |= wc_Chacha_SetIV(&dec, cipher, 0);
+        if (ret != 0)
+            return ret;
         XMEMCPY(plain, input, 8);
 
-        wc_Chacha_Process(&enc, cipher, plain,  (word32)8);
-        wc_Chacha_Process(&dec, plain,  cipher, (word32)8);
+        ret |= wc_Chacha_Process(&enc, cipher, plain,  (word32)8);
+        ret |= wc_Chacha_Process(&dec, plain,  cipher, (word32)8);
+        if (ret != 0)
+            return ret;
 
-        if (memcmp(test_chacha[i], cipher, 8))
+        if (XMEMCMP(test_chacha[i], cipher, 8))
             return -130 - 5 - i;
 
-        if (memcmp(plain, input, 8))
+        if (XMEMCMP(plain, input, 8))
             return -130 - i;
     }
 
+    /* test of starting at a diffrent counter
+       encrypts all of the information and decrypts starting at 2nd chunck */
+    XMEMSET(plain,  0, sizeof(plain));
+    XMEMSET(sliver, 1, sizeof(sliver)); /* set as 1's to not match plain */
+    XMEMSET(cipher, 0, sizeof(cipher));
+    XMEMCPY(cipher + 4, ivs[0], 8);
+
+    ret |= wc_Chacha_SetKey(&enc, keys[0], keySz);
+    ret |= wc_Chacha_SetKey(&dec, keys[0], keySz);
+    if (ret != 0)
+        return ret;
+
+    ret |= wc_Chacha_SetIV(&enc, cipher, 0);
+    ret |= wc_Chacha_SetIV(&dec, cipher, 1);
+    if (ret != 0)
+        return ret;
+
+    ret |= wc_Chacha_Process(&enc, cipher, plain,  sizeof(plain));
+    ret |= wc_Chacha_Process(&dec, sliver,  cipher + 64, sizeof(sliver));
+    if (ret != 0)
+        return ret;
+
+    if (XMEMCMP(plain + 64, sliver, 64))
+        return -140;
+
     return 0;
 }
 #endif /* HAVE_CHACHA */

From 14723b7e654fea763e231cba7bccd2203a2ee6f6 Mon Sep 17 00:00:00 2001
From: Jacob Barthelmeh <jacob@wolfssl.com>
Date: Tue, 7 Jul 2015 09:55:58 -0600
Subject: [PATCH 182/350] QSH (quantum-safe handshake) extension

---
 configure.ac                     |    4 +-
 examples/echoserver/echoserver.c |   13 +-
 examples/server/server.c         |   19 +-
 src/internal.c                   | 1007 ++++++++++++----
 src/keys.c                       |  115 +-
 src/ssl.c                        |   68 +-
 src/tls.c                        |  879 ++++++++++++++
 tests/suites.c                   |   23 +-
 tests/test-qsh.conf              | 1904 ++++++++++++++++++++++++++++++
 tests/test.conf                  |  132 ---
 testsuite/testsuite.c            |    8 -
 wolfcrypt/benchmark/benchmark.c  |  282 +++--
 wolfssl/internal.h               |   95 +-
 wolfssl/ssl.h                    |   24 +
 14 files changed, 3962 insertions(+), 611 deletions(-)
 create mode 100644 tests/test-qsh.conf

diff --git a/configure.ac b/configure.ac
index b0e7591d8..ac2a9c5f4 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1411,7 +1411,7 @@ AC_ARG_WITH([ntru],
     [  --with-ntru=PATH        Path to NTRU install (default /usr/) ],
     [
         AC_MSG_CHECKING([for NTRU])
-        CPPFLAGS="$CPPFLAGS -DHAVE_NTRU"
+        CPPFLAGS="$CPPFLAGS -DHAVE_NTRU -DHAVE_QSH -DHAVE_TLS_EXTENSIONS"
         LIBS="$LIBS -lNTRUEncrypt"
 
         AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <ntru_crypto_drbg.h>]], [[ ntru_crypto_drbg_instantiate(0, 0, 0, 0, 0); ]])], [ ntru_linked=yes ],[ ntru_linked=no ])
@@ -1439,7 +1439,7 @@ AC_ARG_WITH([ntru],
             AC_MSG_RESULT([yes])
         fi
 
-        AM_CFLAGS="$AM_CFLAGS -DHAVE_NTRU"
+        AM_CFLAGS="$AM_CFLAGS -DHAVE_NTRU -DHAVE_QSH -DHAVE_TLS_EXTENSIONS"
         ENABLED_NTRU="yes"
     ]
 )
diff --git a/examples/echoserver/echoserver.c b/examples/echoserver/echoserver.c
index 6b5c575e6..2c4af4ee0 100644
--- a/examples/echoserver/echoserver.c
+++ b/examples/echoserver/echoserver.c
@@ -151,18 +151,7 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
 
 #ifndef NO_FILESYSTEM
     if (doPSK == 0) {
-    #ifdef HAVE_NTRU
-        /* ntru */
-        if (CyaSSL_CTX_use_certificate_file(ctx, ntruCert, SSL_FILETYPE_PEM)
-                != SSL_SUCCESS)
-            err_sys("can't load ntru cert file, "
-                    "Please run from wolfSSL home dir");
-
-        if (CyaSSL_CTX_use_NTRUPrivateKey_file(ctx, ntruKey)
-                != SSL_SUCCESS)
-            err_sys("can't load ntru key file, "
-                    "Please run from wolfSSL home dir");
-    #elif defined(HAVE_ECC) && !defined(CYASSL_SNIFFER)
+    #if defined(HAVE_ECC) && !defined(CYASSL_SNIFFER)
         /* ecc */
         if (CyaSSL_CTX_use_certificate_file(ctx, eccCert, SSL_FILETYPE_PEM)
                 != SSL_SUCCESS)
diff --git a/examples/server/server.c b/examples/server/server.c
index a8d597a7e..d9be47eab 100644
--- a/examples/server/server.c
+++ b/examples/server/server.c
@@ -181,7 +181,6 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
     int    useAnon = 0;
     int    doDTLS = 0;
     int    needDH = 0;
-    int    useNtruKey   = 0;
     int    nonBlocking  = 0;
     int    trackMemory  = 0;
     int    fewerPackets = 0;
@@ -222,7 +221,6 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
     (void)ourCert;
     (void)ourDhParam;
     (void)verifyCert;
-    (void)useNtruKey;
     (void)doCliCertCheck;
     (void)minDhKeyBits;
 
@@ -255,10 +253,6 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
             #endif
                 break;
 
-            case 'n' :
-                useNtruKey = 1;
-                break;
-
             case 'u' :
                 doDTLS  = 1;
                 break;
@@ -417,7 +411,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
             method = TLSv1_2_server_method();
             break;
 #endif
-                
+
 #ifdef CYASSL_DTLS
     #ifndef NO_OLD_TLS
         case -1:
@@ -480,17 +474,8 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
     wolfSSL_CTX_SetMinDhKey_Sz(ctx, (word16)minDhKeyBits);
 #endif
 
-#ifdef HAVE_NTRU
-    if (useNtruKey) {
-        if (CyaSSL_CTX_use_NTRUPrivateKey_file(ctx, ourKey)
-                                               != SSL_SUCCESS)
-            err_sys("can't load ntru key file, "
-                    "Please run from wolfSSL home dir");
-    }
-#endif
-
 #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
-    if (!useNtruKey && !usePsk && !useAnon) {
+    if (!usePsk && !useAnon) {
         if (SSL_CTX_use_PrivateKey_file(ctx, ourKey, SSL_FILETYPE_PEM)
                                          != SSL_SUCCESS)
             err_sys("can't load server private key file, check file and run "
diff --git a/src/internal.c b/src/internal.c
index 49621ec85..5ac91ff01 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -135,6 +135,10 @@ static int BuildCertHashes(WOLFSSL* ssl, Hashes* hashes);
 static void PickHashSigAlgo(WOLFSSL* ssl,
                                 const byte* hashSigAlgo, word32 hashSigAlgoSz);
 
+#ifdef HAVE_QSH
+    int QSH_Init(WOLFSSL* ssl);
+#endif
+
 #ifndef WOLFSSL_HAVE_MIN
 #define WOLFSSL_HAVE_MIN
 
@@ -166,30 +170,106 @@ int IsAtLeastTLSv1_2(const WOLFSSL* ssl)
 }
 
 
-#ifdef HAVE_NTRU
-
-static byte GetEntropy(ENTROPY_CMD cmd, byte* out)
+#ifdef HAVE_QSH
+/* free all structs that where used with QSH */
+static int QSH_FreeAll(WOLFSSL* ssl)
 {
-    /* TODO: add locking? */
-    static RNG rng;
+    QSHKey* key        = ssl->QSH_Key;
+    QSHKey* preKey     = NULL;
+    QSHSecret* secret  = ssl->QSH_secret;
+    QSHScheme* list    = NULL;
+    QSHScheme* preList = NULL;
 
-    if (cmd == INIT)
-        return (wc_InitRng(&rng) == 0) ? 1 : 0;
+    /* free elements in struct */
+    while(key) {
+        preKey = key;
+        if (key->pri.buffer)
+            XFREE(key->pri.buffer, ssl->heap, DYNAMIC_TYPE_TMP_ARRAY);
+        if (key->pub.buffer)
+            XFREE(key->pub.buffer, ssl->heap, DYNAMIC_TYPE_TMP_ARRAY);
+        key = (QSHKey*)key->next;
 
-    if (out == NULL)
-        return 0;
-
-    if (cmd == GET_BYTE_OF_ENTROPY)
-        return (wc_RNG_GenerateBlock(&rng, out, 1) == 0) ? 1 : 0;
-
-    if (cmd == GET_NUM_BYTES_PER_BYTE_OF_ENTROPY) {
-        *out = 1;
-        return 1;
+        /* free struct */
+        XFREE(preKey, ssl->heap, DYNAMIC_TYPE_TMP_ARRAY);
     }
 
+
+    /* free all of peers QSH keys */
+    key = ssl->peerQSHKey;
+    while(key) {
+        preKey = key;
+        if (key->pri.buffer)
+            XFREE(key->pri.buffer, ssl->heap, DYNAMIC_TYPE_TMP_ARRAY);
+        if (key->pub.buffer)
+            XFREE(key->pub.buffer, ssl->heap, DYNAMIC_TYPE_TMP_ARRAY);
+        key = (QSHKey*)key->next;
+
+        /* free struct */
+        XFREE(preKey, ssl->heap, DYNAMIC_TYPE_TMP_ARRAY);
+    }
+
+    /* free secret information */
+    if (secret) {
+        /* free up the QSHScheme list in QSHSecret */
+        if (secret->list)
+            list = secret->list;
+        while (list) {
+            preList = list;
+            if (list->PK)
+                XFREE(list->PK, ssl->heap, DYNAMIC_TYPE_TMP_ARRAY);
+            list = (QSHScheme*)list->next;
+            XFREE(preList, ssl->heap, DYNAMIC_TYPE_TMP_ARRAY);
+        }
+
+        /* free secret buffers */
+        if (secret->SerSi) {
+            if (secret->SerSi->buffer)
+                XFREE(secret->SerSi->buffer, ssl->heap, DYNAMIC_TYPE_TMP_ARRAY);
+            XFREE(secret->SerSi, ssl->heap, DYNAMIC_TYPE_TMP_ARRAY);
+        }
+        if (secret->CliSi) {
+            if (secret->CliSi->buffer)
+                XFREE(secret->CliSi->buffer, ssl->heap, DYNAMIC_TYPE_TMP_ARRAY);
+            XFREE(secret->CliSi, ssl->heap, DYNAMIC_TYPE_TMP_ARRAY);
+        }
+    }
+    XFREE(secret, ssl->heap, DYNAMIC_TYPE_TMP_ARRAY);
+
     return 0;
 }
+#endif
 
+
+#ifdef HAVE_NTRU
+static RNG* rng;
+static wolfSSL_Mutex* rngMutex;
+
+static word32 GetEntropy(unsigned char* out, unsigned long long num_bytes)
+{
+    int ret = 0;
+
+    if (rng == NULL) {
+        if ((rng = XMALLOC(sizeof(RNG), 0, DYNAMIC_TYPE_TLSX)) == NULL)
+            return DRBG_OUT_OF_MEMORY;
+        wc_InitRng(rng);
+    }
+
+    if (rngMutex == NULL) {
+        if ((rngMutex = XMALLOC(sizeof(wolfSSL_Mutex), 0,
+                        DYNAMIC_TYPE_TLSX)) == NULL)
+            return DRBG_OUT_OF_MEMORY;
+        InitMutex(rngMutex);
+    }
+
+    ret |= LockMutex(rngMutex);
+    ret |= wc_RNG_GenerateBlock(rng, out, (word32)num_bytes);
+    ret |= UnLockMutex(rngMutex);
+
+    if (ret != 0)
+        return DRBG_ENTROPY_FAIL;
+
+    return DRBG_OK;
+}
 #endif /* HAVE_NTRU */
 
 /* used by ssl.c too */
@@ -692,31 +772,10 @@ void InitSuites(Suites* suites, ProtocolVersion pv, word16 haveRSA,
     }
 #endif
 
-#ifdef BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA
-    if (tls && haveNTRU && haveRSA) {
-        suites->suites[idx++] = 0;
-        suites->suites[idx++] = TLS_NTRU_RSA_WITH_AES_256_CBC_SHA;
-    }
-#endif
-
-#ifdef BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA
-    if (tls && haveNTRU && haveRSA) {
-        suites->suites[idx++] = 0;
-        suites->suites[idx++] = TLS_NTRU_RSA_WITH_AES_128_CBC_SHA;
-    }
-#endif
-
-#ifdef BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA
-    if (tls && haveNTRU && haveRSA) {
-        suites->suites[idx++] = 0;
-        suites->suites[idx++] = TLS_NTRU_RSA_WITH_RC4_128_SHA;
-    }
-#endif
-
-#ifdef BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA
-    if (tls && haveNTRU && haveRSA) {
-        suites->suites[idx++] = 0;
-        suites->suites[idx++] = TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA;
+#ifdef BUILD_TLS_QSH
+    if (tls && haveNTRU) {
+        suites->suites[idx++] = QSH_BYTE;
+        suites->suites[idx++] = TLS_QSH;
     }
 #endif
 
@@ -1596,6 +1655,11 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx)
 #endif
 
 #ifdef HAVE_TLS_EXTENSIONS
+#ifdef HAVE_QSH
+    #ifdef HAVE_NTRU
+        ssl->options.haveNTRU = 1;
+    #endif
+#endif
 #ifdef HAVE_MAX_FRAGMENT
     ssl->max_fragment = MAX_RECORD_SIZE;
 #endif
@@ -1979,6 +2043,10 @@ void FreeHandshakeResources(WOLFSSL* ssl)
         ssl->buffers.peerRsaKey.buffer = NULL;
     #endif /* NO_RSA */
 #endif /* HAVE_PK_CALLBACKS */
+
+#ifdef HAVE_QSH
+    QSH_FreeAll(ssl);
+#endif
 }
 
 
@@ -3214,6 +3282,17 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
             }
         }
 
+        if (first == QSH_BYTE) {
+
+        switch (second) {
+
+        case TLS_QSH :
+            if (requirement == REQUIRES_NTRU)
+                return 1;
+            break;
+            }
+        }
+
         /* ECC extensions */
         if (first == ECC_BYTE) {
 
@@ -3437,11 +3516,6 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
                 return 1;
             break;
 
-        case TLS_NTRU_RSA_WITH_RC4_128_SHA :
-            if (requirement == REQUIRES_NTRU)
-                return 1;
-            break;
-
         case SSL_RSA_WITH_RC4_128_MD5 :
             if (requirement == REQUIRES_RSA)
                 return 1;
@@ -3452,11 +3526,6 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
                 return 1;
             break;
 
-        case TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA :
-            if (requirement == REQUIRES_NTRU)
-                return 1;
-            break;
-
         case TLS_RSA_WITH_AES_128_CBC_SHA :
             if (requirement == REQUIRES_RSA)
                 return 1;
@@ -3467,11 +3536,6 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
                 return 1;
             break;
 
-        case TLS_NTRU_RSA_WITH_AES_128_CBC_SHA :
-            if (requirement == REQUIRES_NTRU)
-                return 1;
-            break;
-
         case TLS_RSA_WITH_AES_256_CBC_SHA :
             if (requirement == REQUIRES_RSA)
                 return 1;
@@ -3488,10 +3552,6 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
                 return 1;
             break;
 
-        case TLS_NTRU_RSA_WITH_AES_256_CBC_SHA :
-            if (requirement == REQUIRES_NTRU)
-                return 1;
-            break;
 #endif
 
         case TLS_PSK_WITH_AES_128_GCM_SHA256 :
@@ -4272,21 +4332,6 @@ static int DoCertificate(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                 }
                 break;
         #endif /* NO_RSA */
-        #ifdef HAVE_NTRU
-            case NTRUk:
-                {
-                    if (dCert->pubKeySize > sizeof(ssl->peerNtruKey)) {
-                        ret = PEER_KEY_ERROR;
-                    }
-                    else {
-                        XMEMCPY(ssl->peerNtruKey, dCert->publicKey,
-                                                             dCert->pubKeySize);
-                        ssl->peerNtruKeyLen = (word16)dCert->pubKeySize;
-                        ssl->peerNtruKeyPresent = 1;
-                    }
-                }
-                break;
-        #endif /* HAVE_NTRU */
         #ifdef HAVE_ECC
             case ECDSAk:
                 {
@@ -8193,22 +8238,6 @@ static const char* const cipher_names[] =
     "RABBIT-SHA",
 #endif
 
-#ifdef BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA
-    "NTRU-RC4-SHA",
-#endif
-
-#ifdef BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA
-    "NTRU-DES-CBC3-SHA",
-#endif
-
-#ifdef BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA
-    "NTRU-AES128-SHA",
-#endif
-
-#ifdef BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA
-    "NTRU-AES256-SHA",
-#endif
-
 #ifdef BUILD_TLS_RSA_WITH_AES_128_CCM_8
     "AES128-CCM-8",
 #endif
@@ -8433,6 +8462,10 @@ static const char* const cipher_names[] =
     "ADH-AES128-SHA",
 #endif
 
+#ifdef BUILD_TLS_QSH
+    "QSH",
+#endif
+
 #ifdef HAVE_RENEGOTIATION_INDICATION
     "RENEGOTIATION-INFO",
 #endif
@@ -8587,22 +8620,6 @@ static int cipher_name_idx[] =
     TLS_RSA_WITH_RABBIT_SHA,
 #endif
 
-#ifdef BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA
-    TLS_NTRU_RSA_WITH_RC4_128_SHA,
-#endif
-
-#ifdef BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA
-    TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA,
-#endif
-
-#ifdef BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA
-    TLS_NTRU_RSA_WITH_AES_128_CBC_SHA,
-#endif
-
-#ifdef BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA
-    TLS_NTRU_RSA_WITH_AES_256_CBC_SHA,
-#endif
-
 #ifdef BUILD_TLS_RSA_WITH_AES_128_CCM_8
     TLS_RSA_WITH_AES_128_CCM_8,
 #endif
@@ -8827,6 +8844,10 @@ static int cipher_name_idx[] =
     TLS_DH_anon_WITH_AES_128_CBC_SHA,
 #endif
 
+#ifdef BUILD_TLS_QSH
+    TLS_QSH,
+#endif
+
 #ifdef HAVE_RENEGOTIATION_INDICATION
     TLS_EMPTY_RENEGOTIATION_INFO_SCSV,
 #endif
@@ -8890,6 +8911,7 @@ int SetCipherList(Suites* suites, const char* list)
         for (i = 0; i < suiteSz; i++) {
             if (XSTRNCMP(name, cipher_names[i], sizeof(name)) == 0) {
                 suites->suites[idx++] = (XSTRSTR(name, "CHACHA")) ? CHACHA_BYTE
+                                      : (XSTRSTR(name, "QSH"))    ? QSH_BYTE
                                       : (XSTRSTR(name, "EC"))     ? ECC_BYTE
                                       : (XSTRSTR(name, "CCM"))    ? ECC_BYTE
                                       : 0x00; /* normal */
@@ -9136,13 +9158,19 @@ static void PickHashSigAlgo(WOLFSSL* ssl,
             idSz = 0;
         }
 #endif
-
         length = VERSION_SZ + RAN_LEN
                + idSz + ENUM_LEN
                + ssl->suites->suiteSz + SUITE_LEN
                + COMP_LEN + ENUM_LEN;
 
 #ifdef HAVE_TLS_EXTENSIONS
+        /* auto populate extensions supported unless user defined */
+        if ((ret = TLSX_PopulateExtensions(ssl, 0)) != 0)
+            return ret;
+    #ifdef HAVE_QSH
+        if (QSH_Init(ssl) != 0)
+            return MEMORY_E;
+    #endif
         length += TLSX_GetRequestSize(ssl);
 #else
         if (IsAtLeastTLSv1_2(ssl) && ssl->suites->hashSigAlgoSz) {
@@ -9480,7 +9508,7 @@ static void PickHashSigAlgo(WOLFSSL* ssl,
 
         *inOutIdx = i;
 
-        /* tls extensions */
+
         if ( (i - begin) < helloSz) {
 #ifdef HAVE_TLS_EXTENSIONS
             if (TLSX_SupportExtensions(ssl)) {
@@ -9711,6 +9739,9 @@ static void PickHashSigAlgo(WOLFSSL* ssl,
     static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
                                    word32* inOutIdx, word32 size)
     {
+    #ifdef HAVE_QSH
+        word16 name;
+    #endif
         word16 length = 0;
         word32 begin  = *inOutIdx;
         int    ret    = 0;
@@ -9723,6 +9754,7 @@ static void PickHashSigAlgo(WOLFSSL* ssl,
         (void)size;
         (void)ret;
 
+
     #ifdef WOLFSSL_CALLBACKS
         if (ssl->hsInfoOn)
             AddPacketName("ServerKeyExchange", &ssl->handShakeInfo);
@@ -9748,6 +9780,25 @@ static void PickHashSigAlgo(WOLFSSL* ssl,
             ssl->arrays->server_hint[min(length, MAX_PSK_ID_LEN - 1)] = 0;
             *inOutIdx += length;
 
+            /* QSH extensions */
+        #ifdef HAVE_QSH
+            if (ssl->peerQSHKeyPresent) {
+                /* extension name */
+                ato16(input + *inOutIdx, &name);
+                *inOutIdx += OPAQUE16_LEN;
+
+                if (name == WOLFSSL_QSH) {
+                    *inOutIdx += TLSX_QSHCipher_Parse(ssl, input + *inOutIdx,
+                                                                       size, 0);
+                }
+                else {
+                    /* unknown extension sent server ignored
+                       handshake */
+                    return BUFFER_ERROR;
+                }
+            }
+        #endif
+
             return 0;
         }
     #endif
@@ -10317,7 +10368,6 @@ static void PickHashSigAlgo(WOLFSSL* ssl,
                 if (encSigSz != verifiedSz || !out || XMEMCMP(out, encodedSig,
                                         min(encSigSz, MAX_ENCODED_SIG_SZ)) != 0)
                     ret = VERIFY_SIGN_ERROR;
-
             #ifdef WOLFSSL_SMALL_STACK
                 XFREE(encodedSig, NULL, DYNAMIC_TYPE_TMP_BUFFER);
             #endif
@@ -10430,6 +10480,25 @@ static void PickHashSigAlgo(WOLFSSL* ssl,
         *inOutIdx += ssl->keys.padSz;
     }
 
+
+    /* QSH extensions */
+#ifdef HAVE_QSH
+    if (ssl->peerQSHKeyPresent) {
+        /* extension name */
+        ato16(input + *inOutIdx, &name);
+        *inOutIdx += OPAQUE16_LEN;
+
+        if (name == WOLFSSL_QSH) {
+            *inOutIdx += TLSX_QSHCipher_Parse(ssl, input + *inOutIdx, size, 0);
+        }
+        else {
+            /* unknown extension sent server ignored
+               handshake */
+            return BUFFER_ERROR;
+        }
+    }
+#endif
+
     return 0;
 #else  /* !NO_DH or HAVE_ECC */
         return NOT_COMPILED_IN;  /* not supported by build */
@@ -10439,6 +10508,373 @@ static void PickHashSigAlgo(WOLFSSL* ssl,
     }
 
 
+#ifdef HAVE_QSH
+
+#ifdef HAVE_NTRU
+/* Encrypt a byte array using ntru
+   key    a struct containing the public key to use
+   bufIn  array to be encrypted
+   inSz   size of bufIn array
+   bufOut cipher text out
+   outSz  will be set to the new size of cipher text
+ */
+static int NtruSecretEncrypt(QSHKey* key, byte* bufIn, word32 inSz,
+        byte* bufOut, word16* outSz)
+{
+    int    ret;
+    DRBG_HANDLE drbg;
+
+    /* sanity checks on input arguments */
+    if (key == NULL || bufIn == NULL || bufOut == NULL || outSz == NULL)
+        return BAD_FUNC_ARG;
+
+    if (key->pub.buffer == NULL)
+        return BAD_FUNC_ARG;
+
+    switch (key->name) {
+        case WOLFSSL_NTRU_EESS439:
+        case WOLFSSL_NTRU_EESS593:
+        case WOLFSSL_NTRU_EESS743:
+            break;
+        default:
+            WOLFSSL_MSG("Unknown QSH encryption key!");
+            return -1;
+    }
+
+    /* set up ntru drbg */
+    ret = ntru_crypto_external_drbg_instantiate(GetEntropy, &drbg);
+    if (ret != DRBG_OK)
+        return NTRU_DRBG_ERROR;
+
+    /* encrypt the byte array */
+    ret = ntru_crypto_ntru_encrypt(drbg, key->pub.length, key->pub.buffer,
+        inSz, bufIn, outSz, bufOut);
+    ntru_crypto_drbg_uninstantiate(drbg);
+    if (ret != NTRU_OK)
+        return NTRU_ENCRYPT_ERROR;
+
+    return ret;
+}
+
+/* Decrypt a byte array using ntru
+   key    a struct containing the private key to use
+   bufIn  array to be decrypted
+   inSz   size of bufIn array
+   bufOut plain text out
+   outSz  will be set to the new size of plain text
+ */
+
+static int NtruSecretDecrypt(QSHKey* key, byte* bufIn, word32 inSz,
+        byte* bufOut, word16* outSz)
+{
+    int    ret;
+    DRBG_HANDLE drbg;
+
+    /* sanity checks on input arguments */
+    if (key == NULL || bufIn == NULL || bufOut == NULL || outSz == NULL)
+        return BAD_FUNC_ARG;
+
+    if (key->pri.buffer == NULL)
+        return BAD_FUNC_ARG;
+
+    switch (key->name) {
+        case WOLFSSL_NTRU_EESS439:
+        case WOLFSSL_NTRU_EESS593:
+        case WOLFSSL_NTRU_EESS743:
+            break;
+        default:
+            WOLFSSL_MSG("Unknown QSH decryption key!");
+            return -1;
+    }
+
+
+    /* set up drbg */
+    ret = ntru_crypto_external_drbg_instantiate(GetEntropy, &drbg);
+    if (ret != DRBG_OK)
+        return NTRU_DRBG_ERROR;
+
+    /* decrypt cipher text */
+    ret = ntru_crypto_ntru_decrypt(key->pri.length, key->pri.buffer,
+        inSz, bufIn, outSz, bufOut);
+    ntru_crypto_drbg_uninstantiate(drbg);
+    if (ret != NTRU_OK)
+        return NTRU_ENCRYPT_ERROR;
+
+    return ret;
+}
+#endif /* HAVE_NTRU */
+
+int QSH_Init(WOLFSSL* ssl)
+{
+    /* check so not initialising twice when running DTLS */
+    if (ssl->QSH_secret != NULL)
+        return 0;
+
+    /* malloc memory for holding generated secret information */
+    if ((ssl->QSH_secret =
+             XMALLOC(sizeof(QSHSecret), NULL, DYNAMIC_TYPE_TMP_BUFFER)) == NULL)
+        return MEMORY_E;
+
+    ssl->QSH_secret->CliSi = (buffer*)XMALLOC(sizeof(buffer), NULL,
+            DYNAMIC_TYPE_TMP_BUFFER);
+    if (ssl->QSH_secret->CliSi == NULL)
+        return MEMORY_E;
+
+    ssl->QSH_secret->SerSi = (buffer*)XMALLOC(sizeof(buffer), NULL,
+            DYNAMIC_TYPE_TMP_BUFFER);
+    if (ssl->QSH_secret->SerSi == NULL)
+        return MEMORY_E;
+
+    /* initialize variables */
+    ssl->QSH_secret->list = NULL;
+    ssl->QSH_secret->CliSi->length = 0;
+    ssl->QSH_secret->CliSi->buffer = NULL;
+    ssl->QSH_secret->SerSi->length = 0;
+    ssl->QSH_secret->SerSi->buffer = NULL;
+
+    return 0;
+}
+
+
+static int QSH_Encrypt(QSHKey* key, byte* in, word32 szIn,
+                                                       byte* out, word32* szOut)
+{
+    int ret = 0;
+    word16 size = *szOut;
+
+    WOLFSSL_MSG("Encrypting QSH key material");
+
+    switch (key->name) {
+    #ifdef HAVE_NTRU
+        case WOLFSSL_NTRU_EESS439:
+        case WOLFSSL_NTRU_EESS593:
+        case WOLFSSL_NTRU_EESS743:
+            ret = NtruSecretEncrypt(key, in, szIn, out, &size);
+            break;
+    #endif
+        default:
+            WOLFSSL_MSG("Unknown QSH encryption key!");
+            return -1;
+    }
+
+    *szOut = size;
+
+    return ret;
+}
+
+
+/* Decrypt using Quantum Safe Handshake algorithms */
+int QSH_Decrypt(QSHKey* key, byte* in, word32 szIn,
+                                                       byte* out, word16* szOut)
+{
+    int ret = 0;
+    word16 size = *szOut;
+
+    WOLFSSL_MSG("Decrypting QSH key material");
+
+    switch (key->name) {
+    #ifdef HAVE_NTRU
+        case WOLFSSL_NTRU_EESS439:
+        case WOLFSSL_NTRU_EESS593:
+        case WOLFSSL_NTRU_EESS743:
+            ret = NtruSecretDecrypt(key, in, szIn, out, &size);
+            break;
+    #endif
+        default:
+            WOLFSSL_MSG("Unknown QSH decryption key!");
+            return -1;
+    }
+
+    *szOut = size;
+
+    return ret;
+}
+
+
+/* Get the max cipher text for corresponding encryption scheme
+   (encrypting  48 or max plain text whichever is smaller)
+ */
+static word32 QSH_MaxSecret(QSHKey* key)
+{
+    byte isNtru = 0;
+    word16 inSz = 48;
+    word16 outSz;
+    DRBG_HANDLE drbg = 0;
+    byte bufIn[48];
+    int ret = 0;
+
+    if (key == NULL || key->pub.length == 0)
+        return 0;
+
+    switch(key->name) {
+#ifdef HAVE_NTRU
+            case WOLFSSL_NTRU_EESS439:
+                isNtru   = 1;
+                break;
+            case WOLFSSL_NTRU_EESS593:
+                isNtru   = 1;
+                break;
+            case WOLFSSL_NTRU_EESS743:
+                isNtru   = 1;
+                break;
+#endif
+        default:
+            WOLFSSL_MSG("Unknown QSH encryption scheme size!");
+            return 0;
+    }
+
+    if (isNtru) {
+        ret = ntru_crypto_external_drbg_instantiate(GetEntropy, &drbg);
+        if (ret != DRBG_OK)
+            return NTRU_DRBG_ERROR;
+        ret = ntru_crypto_ntru_encrypt(drbg, key->pub.length,
+                            key->pub.buffer, inSz, bufIn, &outSz, NULL);
+        if (ret != NTRU_OK) {
+            return NTRU_ENCRYPT_ERROR;
+        }
+        ntru_crypto_drbg_uninstantiate(drbg);
+        return outSz;
+    }
+
+    return 0;
+}
+
+/* Generate the secret byte material for pms
+   returns length on success and -1 on fail
+ */
+static int QSH_GenerateSerCliSecret(WOLFSSL* ssl, byte isServer)
+{
+    int sz       = 0;
+    int plainSz  = 48; /* lesser of 48 and max plain text able to encrypt */
+    int offset   = 0;
+    word32 tmpSz = 0;
+    buffer* buf;
+    QSHKey* current = ssl->peerQSHKey;
+    QSHScheme* schmPre = NULL;
+    QSHScheme* schm    = NULL;
+
+    if (ssl == NULL)
+        return -1;
+
+    WOLFSSL_MSG("Generating QSH secret key material");
+
+    /* get size of buffer needed */
+    while (current) {
+        if (current->pub.length != 0) {
+            sz += plainSz;
+        }
+        current = (QSHKey*)current->next;
+    }
+
+    /* allocate memory for buffer */
+    if (isServer) {
+        buf = ssl->QSH_secret->SerSi;
+    }
+    else {
+        buf = ssl->QSH_secret->CliSi;
+    }
+    buf->length = sz;
+    buf->buffer = XMALLOC(sz, buf->buffer, DYNAMIC_TYPE_TMP_BUFFER);
+    if (buf->buffer == NULL) {
+        WOLFSSL_ERROR(MEMORY_E);
+    }
+
+    /* create secret information */
+    sz = 0;
+    current = ssl->peerQSHKey;
+    while (current) {
+        schm = XMALLOC(sizeof(QSHScheme), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        if (schm == NULL)
+            return MEMORY_E;
+
+        /* initialize variables */
+        schm->name  = 0;
+        schm->PK    = NULL;
+        schm->PKLen = 0;
+        schm->next  = NULL;
+        if (ssl->QSH_secret->list == NULL) {
+            ssl->QSH_secret->list = schm;
+        }
+        else {
+            if (schmPre)
+                schmPre->next = schm;
+        }
+
+        tmpSz = QSH_MaxSecret(current);
+
+        if ((schm->PK = XMALLOC(tmpSz, 0, DYNAMIC_TYPE_TMP_BUFFER)) == NULL)
+            return -1;
+
+        /* store info for writing extension */
+        schm->name = current->name;
+
+        /* no key to use for encryption */
+        if (tmpSz == 0) {
+            current = (QSHKey*)current->next;
+            continue;
+        }
+
+        if (wc_RNG_GenerateBlock(ssl->rng, buf->buffer + offset, plainSz)
+                                                                         != 0) {
+            return -1;
+        }
+        if (QSH_Encrypt(current, buf->buffer + offset, plainSz, schm->PK,
+                                                                 &tmpSz) != 0) {
+            return -1;
+        }
+        schm->PKLen = tmpSz;
+
+        sz += tmpSz;
+        offset += plainSz;
+        schmPre = schm;
+        current = (QSHKey*)current->next;
+    }
+
+    return sz;
+}
+
+
+static word32 QSH_KeyGetSize(WOLFSSL* ssl)
+{
+    word32 sz = 0;
+    QSHKey* current = ssl->peerQSHKey;
+
+    if (ssl == NULL)
+        return -1;
+
+    sz += OPAQUE16_LEN; /* type of extension ie 0x00 0x18 */
+    sz += OPAQUE24_LEN;
+    /* get size of buffer needed */
+    while (current) {
+        sz += OPAQUE16_LEN; /* scheme id */
+        sz += OPAQUE16_LEN; /* encrypted key len*/
+        sz += QSH_MaxSecret(current);
+        current = (QSHKey*)current->next;
+    }
+
+    return sz;
+}
+
+
+/* handle QSH key Exchange
+   return 0 on success
+ */
+static word32 QSH_KeyExchangeWrite(WOLFSSL* ssl, byte isServer)
+{
+    int ret = 0;
+
+    WOLFSSL_ENTER("QSH KeyExchange");
+
+    ret = QSH_GenerateSerCliSecret(ssl, isServer);
+    if (ret < 0)
+        return MEMORY_E;
+
+    return 0;
+}
+
+#endif /* HAVE_QSH */
+
+
     int SendClientKeyExchange(WOLFSSL* ssl)
     {
 #ifdef WOLFSSL_SMALL_STACK
@@ -10451,6 +10887,13 @@ static void PickHashSigAlgo(WOLFSSL* ssl,
         int    ret = 0;
         byte   doUserRsa = 0;
 
+    #ifdef HAVE_QSH
+        word32 qshSz = 0;
+        if (ssl->peerQSHKeyPresent) {
+            qshSz = QSH_KeyGetSize(ssl);
+        }
+    #endif
+
         (void)doUserRsa;
 
 #ifdef HAVE_PK_CALLBACKS
@@ -10702,62 +11145,6 @@ static void PickHashSigAlgo(WOLFSSL* ssl,
                 }
                 break;
         #endif /* !NO_DH && !NO_PSK */
-        #ifdef HAVE_NTRU
-            case ntru_kea:
-                {
-                    word32 rc;
-                    word16 cipherLen = MAX_ENCRYPT_SZ;
-                    DRBG_HANDLE drbg;
-                    static uint8_t const wolfsslStr[] = {
-                        'C', 'y', 'a', 'S', 'S', 'L', ' ', 'N', 'T', 'R', 'U'
-                    };
-
-                    ret = wc_RNG_GenerateBlock(ssl->rng,
-                                      ssl->arrays->preMasterSecret, SECRET_LEN);
-                    if (ret != 0) {
-                    #ifdef WOLFSSL_SMALL_STACK
-                        XFREE(encSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-                    #endif
-                        return ret;
-                    }
-
-                    ssl->arrays->preMasterSz = SECRET_LEN;
-
-                    if (ssl->peerNtruKeyPresent == 0) {
-                    #ifdef WOLFSSL_SMALL_STACK
-                        XFREE(encSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-                    #endif
-                        return NO_PEER_KEY;
-                    }
-
-                    rc = ntru_crypto_drbg_instantiate(MAX_NTRU_BITS, wolfsslStr,
-                                                 sizeof(wolfsslStr), GetEntropy,
-                                                 &drbg);
-                    if (rc != DRBG_OK) {
-                    #ifdef WOLFSSL_SMALL_STACK
-                        XFREE(encSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-                    #endif
-                        return NTRU_DRBG_ERROR;
-                    }
-
-                    rc = ntru_crypto_ntru_encrypt(drbg, ssl->peerNtruKeyLen,
-                                                  ssl->peerNtruKey,
-                                                  ssl->arrays->preMasterSz,
-                                                  ssl->arrays->preMasterSecret,
-                                                  &cipherLen, encSecret);
-                    ntru_crypto_drbg_uninstantiate(drbg);
-                    if (rc != NTRU_OK) {
-                    #ifdef WOLFSSL_SMALL_STACK
-                        XFREE(encSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-                    #endif
-                        return NTRU_ENCRYPT_ERROR;
-                    }
-
-                    encSz = cipherLen;
-                    ret = 0;
-                }
-                break;
-        #endif /* HAVE_NTRU */
         #ifdef HAVE_ECC
             case ecc_diffie_hellman_kea:
                 {
@@ -10855,6 +11242,11 @@ static void PickHashSigAlgo(WOLFSSL* ssl,
             if (ssl->keys.encryptionOn)
                 sendSz += MAX_MSG_EXTRA;
 
+        #ifdef HAVE_QSH
+            encSz += qshSz;
+            sendSz += qshSz;
+        #endif
+
             /* check for available size */
             if ((ret = CheckAvailableSize(ssl, sendSz)) != 0) {
             #ifdef WOLFSSL_SMALL_STACK
@@ -10867,8 +11259,35 @@ static void PickHashSigAlgo(WOLFSSL* ssl,
             output = ssl->buffers.outputBuffer.buffer +
                      ssl->buffers.outputBuffer.length;
 
+
+#ifdef HAVE_QSH
+            if (ssl->peerQSHKeyPresent) {
+                byte idxSave = idx;
+                idx = sendSz - qshSz;
+
+                if (QSH_KeyExchangeWrite(ssl, 0) != 0)
+                    return MEMORY_E;
+
+                /* extension type */
+                c16toa(WOLFSSL_QSH, output + idx);
+                idx += OPAQUE16_LEN;
+
+                /* write to output and check amount written */
+                if (TLSX_QSHPK_Write(ssl->QSH_secret->list, output + idx)
+                                                         > qshSz - OPAQUE16_LEN)
+                    return MEMORY_E;
+
+                idx = idxSave;
+            }
+#endif
+
             AddHeaders(output, encSz + tlsSz, client_key_exchange, ssl);
 
+#ifdef HAVE_QSH
+            if (ssl->peerQSHKeyPresent) {
+                encSz -= qshSz;
+            }
+#endif
             if (tlsSz) {
                 c16toa((word16)encSz, &output[idx]);
                 idx += 2;
@@ -11391,7 +11810,6 @@ int DoSessionTicket(WOLFSSL* ssl,
 
 #ifdef HAVE_TLS_EXTENSIONS
         length += TLSX_GetResponseSize(ssl);
-
     #ifdef HAVE_SESSION_TICKET
         if (ssl->options.useTicket && ssl->arrays->sessionIDSz == 0) {
             /* no session id */
@@ -11544,6 +11962,14 @@ int DoSessionTicket(WOLFSSL* ssl,
         (void)ssl;
         #define ERROR_OUT(err, eLabel) do { ret = err; goto eLabel; } while(0)
 
+    #ifdef HAVE_QSH
+        word32 qshSz = 0;
+        if (ssl->peerQSHKeyPresent) {
+            qshSz = QSH_KeyGetSize(ssl);
+        }
+    #endif
+
+
     #ifndef NO_PSK
         if (ssl->specs.kea == psk_kea)
         {
@@ -11560,6 +11986,11 @@ int DoSessionTicket(WOLFSSL* ssl,
             length += HINT_LEN_SZ;
             sendSz = length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ;
 
+        #ifdef HAVE_QSH
+            length += qshSz;
+            sendSz += qshSz;
+        #endif
+
         #ifdef WOLFSSL_DTLS
             if (ssl->options.dtls) {
                 sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
@@ -11577,10 +12008,33 @@ int DoSessionTicket(WOLFSSL* ssl,
             AddHeaders(output, length, server_key_exchange, ssl);
 
             /* key data */
+        #ifdef HAVE_QSH
+            c16toa((word16)(length - qshSz - HINT_LEN_SZ), output + idx);
+        #else
             c16toa((word16)(length - HINT_LEN_SZ), output + idx);
+        #endif
             idx += HINT_LEN_SZ;
             XMEMCPY(output + idx, ssl->arrays->server_hint,length -HINT_LEN_SZ);
 
+        #ifdef HAVE_QSH
+            if (ssl->peerQSHKeyPresent) {
+                if (qshSz > 0) {
+                    idx = sendSz - qshSz;
+                    if (QSH_KeyExchangeWrite(ssl, 1) != 0)
+                        return MEMORY_E;
+
+                    /* extension type */
+                    c16toa(WOLFSSL_QSH, output + idx);
+                    idx += OPAQUE16_LEN;
+
+                    /* write to output and check amount written */
+                    if (TLSX_QSHPK_Write(ssl->QSH_secret->list, output + idx)
+                                                         > qshSz - OPAQUE16_LEN)
+                        return MEMORY_E;
+                }
+            }
+        #endif
+
         #ifdef WOLFSSL_DTLS
             if (ssl->options.dtls)
                 if ((ret = DtlsPoolSave(ssl, output, sendSz)) != 0)
@@ -11663,6 +12117,10 @@ int DoSessionTicket(WOLFSSL* ssl,
             length += hintLen + HINT_LEN_SZ;
             sendSz = length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ;
 
+        #ifdef HAVE_QSH
+            length += qshSz;
+            sendSz += qshSz;
+        #endif
         #ifdef WOLFSSL_DTLS
             if (ssl->options.dtls) {
                 sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
@@ -11708,6 +12166,24 @@ int DoSessionTicket(WOLFSSL* ssl,
             idx += ssl->buffers.serverDH_Pub.length;
             (void)idx; /* suppress analyzer warning, and keep idx current */
 
+        #ifdef HAVE_QSH
+            if (ssl->peerQSHKeyPresent) {
+                if (qshSz > 0) {
+                    idx = sendSz - qshSz;
+                    QSH_KeyExchangeWrite(ssl, 1);
+
+                    /* extension type */
+                    c16toa(WOLFSSL_QSH, output + idx);
+                    idx += OPAQUE16_LEN;
+
+                    /* write to output and check amount written */
+                    if (TLSX_QSHPK_Write(ssl->QSH_secret->list, output + idx)
+                                                         > qshSz - OPAQUE16_LEN)
+                        return MEMORY_E;
+                }
+            }
+        #endif
+
         #ifdef WOLFSSL_DTLS
             if (ssl->options.dtls)
                 if ((ret = DtlsPoolSave(ssl, output, sendSz)) != 0)
@@ -11866,6 +12342,10 @@ int DoSessionTicket(WOLFSSL* ssl,
 
             sendSz = length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ;
 
+        #ifdef HAVE_QSH
+            length += qshSz;
+            sendSz += qshSz;
+        #endif
         #ifdef WOLFSSL_DTLS
             if (ssl->options.dtls) {
                 sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
@@ -12321,6 +12801,25 @@ int DoSessionTicket(WOLFSSL* ssl,
                     goto done_a;
             }
 
+#ifdef HAVE_QSH
+            if (ssl->peerQSHKeyPresent) {
+                if (qshSz > 0) {
+                    idx = sendSz - qshSz;
+                    QSH_KeyExchangeWrite(ssl, 1);
+
+                    /* extension type */
+                    c16toa(WOLFSSL_QSH, output + idx);
+                    idx += OPAQUE16_LEN;
+
+                    /* write to output and check amount written */
+                    if (TLSX_QSHPK_Write(ssl->QSH_secret->list, output + idx)
+                                                         > qshSz - OPAQUE16_LEN)
+                        return MEMORY_E;
+                }
+            }
+#endif
+
+
             AddHeaders(output, length, server_key_exchange, ssl);
 
         #ifdef WOLFSSL_DTLS
@@ -12436,6 +12935,10 @@ int DoSessionTicket(WOLFSSL* ssl,
 
             sendSz = length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ;
 
+        #ifdef HAVE_QSH
+            length += qshSz;
+            sendSz += qshSz;
+        #endif
         #ifdef WOLFSSL_DTLS
             if (ssl->options.dtls) {
                 sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
@@ -12834,6 +13337,24 @@ int DoSessionTicket(WOLFSSL* ssl,
                 if (ret < 0) return ret;
             }
 
+    #ifdef HAVE_QSH
+            if (ssl->peerQSHKeyPresent) {
+                if (qshSz > 0) {
+                    idx = sendSz - qshSz;
+                    QSH_KeyExchangeWrite(ssl, 1);
+
+                    /* extension type */
+                    c16toa(WOLFSSL_QSH, output + idx);
+                    idx += OPAQUE16_LEN;
+
+                    /* write to output and check amount written */
+                    if (TLSX_QSHPK_Write(ssl->QSH_secret->list, output + idx)
+                                                         > qshSz - OPAQUE16_LEN)
+                        return MEMORY_E;
+                }
+            }
+    #endif
+
         #ifdef WOLFSSL_DTLS
             if (ssl->options.dtls)
                 if ((ret = DtlsPoolSave(ssl, output, sendSz)) != 0)
@@ -12887,9 +13408,6 @@ int DoSessionTicket(WOLFSSL* ssl,
             havePSK = ssl->options.havePSK;
         #endif
 
-        if (ssl->options.haveNTRU)
-            haveRSA = 0;
-
         if (CipherRequires(first, second, REQUIRES_RSA)) {
             WOLFSSL_MSG("Requires RSA");
             if (haveRSA == 0) {
@@ -12956,10 +13474,22 @@ int DoSessionTicket(WOLFSSL* ssl,
 
         /* ECCDHE is always supported if ECC on */
 
+#ifdef HAVE_QSH
+        /* need to negotiate a classic suite in addition to TLS_QSH */
+        if (first == QSH_BYTE && second == TLS_QSH) {
+            if (TLSX_SupportExtensions(ssl)) {
+                ssl->peerQSHKeyPresent = 1; /* matched TLS_QSH */
+            }
+            else {
+                WOLFSSL_MSG("Version of SSL connection does not support TLS_QSH");
+            }
+            return 0;
+        }
+#endif
+
         return 1;
     }
 
-
     static int MatchSuite(WOLFSSL* ssl, Suites* peerSuites)
     {
         word16 i, j;
@@ -13371,8 +13901,14 @@ int DoSessionTicket(WOLFSSL* ssl,
         /* tls extensions */
         if ((i - begin) < helloSz) {
 #ifdef HAVE_TLS_EXTENSIONS
+        #ifdef HAVE_QSH
+            QSH_Init(ssl);
+        #endif
             if (TLSX_SupportExtensions(ssl)) {
                 int ret = 0;
+                /* auto populate extensions supported unless user defined */
+                if ((ret = TLSX_PopulateExtensions(ssl, 1)) != 0)
+                    return ret;
 #else
             if (IsAtLeastTLSv1_2(ssl)) {
 #endif
@@ -13389,6 +13925,7 @@ int DoSessionTicket(WOLFSSL* ssl,
                     return BUFFER_ERROR;
 
 #ifdef HAVE_TLS_EXTENSIONS
+                /* tls extensions */
                 if ((ret = TLSX_Parse(ssl, (byte *) input + i,
                                                      totalExtSz, 1, &clSuites)))
                     return ret;
@@ -13975,6 +14512,9 @@ int DoSessionTicket(WOLFSSL* ssl,
     static int DoClientKeyExchange(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                                                                     word32 size)
     {
+        #ifdef HAVE_QSH
+            word16 name;
+        #endif
         int    ret = 0;
         word32 length = 0;
         byte*  out = NULL;
@@ -14085,7 +14625,26 @@ int DoSessionTicket(WOLFSSL* ssl,
                                                            ssl->chVersion.minor)
                             ret = PMS_VERSION_ERROR;
                         else
+                        {
+                #ifdef HAVE_QSH
+                            if (ssl->peerQSHKeyPresent) {
+                                /* extension name */
+                                ato16(input + *inOutIdx, &name);
+                                *inOutIdx += OPAQUE16_LEN;
+
+                                if (name == WOLFSSL_QSH) {
+                                    *inOutIdx += TLSX_QSHCipher_Parse(ssl, input
+                                      + *inOutIdx, size - *inOutIdx + begin, 1);
+                                }
+                                else {
+                                    /* unknown extension sent client ignored
+                                       handshake */
+                                    return BUFFER_ERROR;
+                                }
+                            }
+                #endif
                             ret = MakeMasterSecret(ssl);
+                         }
                     }
                     else {
                         ret = RSA_PRIVATE_ERROR;
@@ -14140,6 +14699,23 @@ int DoSessionTicket(WOLFSSL* ssl,
                 XMEMCPY(pms, ssl->arrays->psk_key, ssl->arrays->psk_keySz);
                 ssl->arrays->preMasterSz = ssl->arrays->psk_keySz * 2 + 4;
 
+            #ifdef HAVE_QSH
+                if (ssl->peerQSHKeyPresent) {
+                    /* extension name */
+                    ato16(input + *inOutIdx, &name);
+                    *inOutIdx += OPAQUE16_LEN;
+
+                    if (name == WOLFSSL_QSH) {
+                        *inOutIdx += TLSX_QSHCipher_Parse(ssl, input +
+                                        *inOutIdx, size - *inOutIdx + begin, 1);
+                    }
+                    else {
+                        /* unknown extension sent client ignored
+                           handshake */
+                        return BUFFER_ERROR;
+                    }
+                }
+            #endif
                 ret = MakeMasterSecret(ssl);
 
                 /* No further need for PSK */
@@ -14148,44 +14724,6 @@ int DoSessionTicket(WOLFSSL* ssl,
             }
             break;
         #endif /* NO_PSK */
-        #ifdef HAVE_NTRU
-            case ntru_kea:
-            {
-                word16 cipherLen;
-                word16 plainLen = sizeof(ssl->arrays->preMasterSecret);
-
-                if (!ssl->buffers.key.buffer)
-                    return NO_PRIVATE_KEY;
-
-                if ((*inOutIdx - begin) + OPAQUE16_LEN > size)
-                    return BUFFER_ERROR;
-
-                ato16(input + *inOutIdx, &cipherLen);
-                *inOutIdx += OPAQUE16_LEN;
-
-                if (cipherLen > MAX_NTRU_ENCRYPT_SZ)
-                    return NTRU_KEY_ERROR;
-
-                if ((*inOutIdx - begin) + cipherLen > size)
-                    return BUFFER_ERROR;
-
-                if (NTRU_OK != ntru_crypto_ntru_decrypt(
-                            (word16) ssl->buffers.key.length,
-                            ssl->buffers.key.buffer, cipherLen,
-                            input + *inOutIdx, &plainLen,
-                            ssl->arrays->preMasterSecret))
-                    return NTRU_DECRYPT_ERROR;
-
-                if (plainLen != SECRET_LEN)
-                    return NTRU_DECRYPT_ERROR;
-
-                *inOutIdx += cipherLen;
-
-                ssl->arrays->preMasterSz = plainLen;
-                ret = MakeMasterSecret(ssl);
-            }
-            break;
-        #endif /* HAVE_NTRU */
         #ifdef HAVE_ECC
             case ecc_diffie_hellman_kea:
             {
@@ -14248,6 +14786,23 @@ int DoSessionTicket(WOLFSSL* ssl,
                     return ECC_SHARED_ERROR;
 
                 ssl->arrays->preMasterSz = length;
+            #ifdef HAVE_QSH
+                if (ssl->peerQSHKeyPresent) {
+                    /* extension name */
+                    ato16(input + *inOutIdx, &name);
+                    *inOutIdx += OPAQUE16_LEN;
+
+                    if (name == WOLFSSL_QSH) {
+                        *inOutIdx += TLSX_QSHCipher_Parse(ssl, input +
+                                        *inOutIdx, size - *inOutIdx + begin, 1);
+                    }
+                    else {
+                        /* unknown extension sent client ignored
+                           handshake */
+                        return BUFFER_ERROR;
+                    }
+                }
+            #endif
                 ret = MakeMasterSecret(ssl);
             }
             break;
@@ -14282,6 +14837,23 @@ int DoSessionTicket(WOLFSSL* ssl,
 
                 *inOutIdx += clientPubSz;
 
+            #ifdef HAVE_QSH
+                if (ssl->peerQSHKeyPresent) {
+                    /* extension name */
+                    ato16(input + *inOutIdx, &name);
+                    *inOutIdx += OPAQUE16_LEN;
+
+                    if (name == WOLFSSL_QSH) {
+                        *inOutIdx += TLSX_QSHCipher_Parse(ssl, input +
+                                        *inOutIdx, size - *inOutIdx + begin, 1);
+                    }
+                    else {
+                        /* unknown extension sent client ignored
+                           handshake */
+                        return BUFFER_ERROR;
+                    }
+                }
+            #endif
                 if (ret == 0)
                     ret = MakeMasterSecret(ssl);
             }
@@ -14356,6 +14928,23 @@ int DoSessionTicket(WOLFSSL* ssl,
                 XMEMCPY(pms, ssl->arrays->psk_key, ssl->arrays->psk_keySz);
                 ssl->arrays->preMasterSz +=
                                           ssl->arrays->psk_keySz + OPAQUE16_LEN;
+            #ifdef HAVE_QSH
+                if (ssl->peerQSHKeyPresent) {
+                    /* extension name */
+                    ato16(input + *inOutIdx, &name);
+                    *inOutIdx += OPAQUE16_LEN;
+
+                    if (name == WOLFSSL_QSH) {
+                        *inOutIdx += TLSX_QSHCipher_Parse(ssl, input +
+                                        *inOutIdx, size - *inOutIdx + begin, 1);
+                    }
+                    else {
+                        /* unknown extension sent client ignored
+                           handshake */
+                        return BUFFER_ERROR;
+                    }
+                }
+            #endif
                 if (ret == 0)
                     ret = MakeMasterSecret(ssl);
 
diff --git a/src/keys.c b/src/keys.c
index b06debb28..93c769219 100644
--- a/src/keys.c
+++ b/src/keys.c
@@ -877,22 +877,6 @@ int SetCipherSpecs(WOLFSSL* ssl)
         break;
 #endif
 
-#ifdef BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA
-    case TLS_NTRU_RSA_WITH_RC4_128_SHA :
-        ssl->specs.bulk_cipher_algorithm = wolfssl_rc4;
-        ssl->specs.cipher_type           = stream;
-        ssl->specs.mac_algorithm         = sha_mac;
-        ssl->specs.kea                   = ntru_kea;
-        ssl->specs.sig_algo              = rsa_sa_algo;
-        ssl->specs.hash_size             = SHA_DIGEST_SIZE;
-        ssl->specs.pad_size              = PAD_SHA;
-        ssl->specs.static_ecdh           = 0;
-        ssl->specs.key_size              = RC4_KEY_SIZE;
-        ssl->specs.iv_size               = 0;
-        ssl->specs.block_size            = 0;
-
-        break;
-#endif
 
 #ifdef BUILD_SSL_RSA_WITH_RC4_128_MD5
     case SSL_RSA_WITH_RC4_128_MD5 :
@@ -928,23 +912,6 @@ int SetCipherSpecs(WOLFSSL* ssl)
         break;
 #endif
 
-#ifdef BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA
-    case TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA :
-        ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des;
-        ssl->specs.cipher_type           = block;
-        ssl->specs.mac_algorithm         = sha_mac;
-        ssl->specs.kea                   = ntru_kea;
-        ssl->specs.sig_algo              = rsa_sa_algo;
-        ssl->specs.hash_size             = SHA_DIGEST_SIZE;
-        ssl->specs.pad_size              = PAD_SHA;
-        ssl->specs.static_ecdh           = 0;
-        ssl->specs.key_size              = DES3_KEY_SIZE;
-        ssl->specs.block_size            = DES_BLOCK_SIZE;
-        ssl->specs.iv_size               = DES_IV_SIZE;
-
-        break;
-#endif
-
 #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA
     case TLS_RSA_WITH_AES_128_CBC_SHA :
         ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
@@ -1013,23 +980,6 @@ int SetCipherSpecs(WOLFSSL* ssl)
         break;
 #endif
 
-#ifdef BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA
-    case TLS_NTRU_RSA_WITH_AES_128_CBC_SHA :
-        ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
-        ssl->specs.cipher_type           = block;
-        ssl->specs.mac_algorithm         = sha_mac;
-        ssl->specs.kea                   = ntru_kea;
-        ssl->specs.sig_algo              = rsa_sa_algo;
-        ssl->specs.hash_size             = SHA_DIGEST_SIZE;
-        ssl->specs.pad_size              = PAD_SHA;
-        ssl->specs.static_ecdh           = 0;
-        ssl->specs.key_size              = AES_128_KEY_SIZE;
-        ssl->specs.block_size            = AES_BLOCK_SIZE;
-        ssl->specs.iv_size               = AES_IV_SIZE;
-
-        break;
-#endif
-
 #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA
     case TLS_RSA_WITH_AES_256_CBC_SHA :
         ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
@@ -1064,23 +1014,6 @@ int SetCipherSpecs(WOLFSSL* ssl)
         break;
 #endif
 
-#ifdef BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA
-    case TLS_NTRU_RSA_WITH_AES_256_CBC_SHA :
-        ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
-        ssl->specs.cipher_type           = block;
-        ssl->specs.mac_algorithm         = sha_mac;
-        ssl->specs.kea                   = ntru_kea;
-        ssl->specs.sig_algo              = rsa_sa_algo;
-        ssl->specs.hash_size             = SHA_DIGEST_SIZE;
-        ssl->specs.pad_size              = PAD_SHA;
-        ssl->specs.static_ecdh           = 0;
-        ssl->specs.key_size              = AES_256_KEY_SIZE;
-        ssl->specs.block_size            = AES_BLOCK_SIZE;
-        ssl->specs.iv_size               = AES_IV_SIZE;
-
-        break;
-#endif
-
 #ifdef BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256
     case TLS_PSK_WITH_AES_128_GCM_SHA256 :
         ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
@@ -2630,9 +2563,9 @@ static int MakeSslMasterSecret(WOLFSSL* ssl)
         printf("\n");
     }
 #endif
-    
+
 #ifdef WOLFSSL_SMALL_STACK
-    shaOutput = (byte*)XMALLOC(SHA_DIGEST_SIZE, 
+    shaOutput = (byte*)XMALLOC(SHA_DIGEST_SIZE,
                                             NULL, DYNAMIC_TYPE_TMP_BUFFER);
     md5Input  = (byte*)XMALLOC(ENCRYPT_LEN + SHA_DIGEST_SIZE,
                                             NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -2708,7 +2641,7 @@ static int MakeSslMasterSecret(WOLFSSL* ssl)
     XFREE(md5,       NULL, DYNAMIC_TYPE_TMP_BUFFER);
     XFREE(sha,       NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
-    
+
     if (ret == 0)
         ret = CleanPreMaster(ssl);
     else
@@ -2722,6 +2655,48 @@ static int MakeSslMasterSecret(WOLFSSL* ssl)
 /* Master wrapper, doesn't use SSL stack space in TLS mode */
 int MakeMasterSecret(WOLFSSL* ssl)
 {
+    /* append secret to premaster : premaster | SerSi | CliSi */
+#ifdef HAVE_QSH
+    word32 offset = 0;
+
+    if (ssl->peerQSHKeyPresent) {
+        offset += ssl->arrays->preMasterSz;
+        ssl->arrays->preMasterSz += ssl->QSH_secret->CliSi->length +
+                                                 ssl->QSH_secret->SerSi->length;
+        /* test and set flag if QSH has been used */
+        if (ssl->QSH_secret->CliSi->length > 0 ||
+                ssl->QSH_secret->SerSi->length > 0)
+            ssl->isQSH = 1;
+
+        /* append secrets to the premaster */
+        if (ssl->QSH_secret->SerSi != NULL) {
+            XMEMCPY(ssl->arrays->preMasterSecret + offset,
+                ssl->QSH_secret->SerSi->buffer, ssl->QSH_secret->SerSi->length);
+        }
+        offset += ssl->QSH_secret->SerSi->length;
+        if (ssl->QSH_secret->CliSi != NULL) {
+            XMEMCPY(ssl->arrays->preMasterSecret + offset,
+                ssl->QSH_secret->CliSi->buffer, ssl->QSH_secret->CliSi->length);
+        }
+
+        /* show secret SerSi and CliSi */
+        #ifdef SHOW_SECRETS
+            word32 j;
+            printf("QSH generated secret material\n");
+            printf("SerSi        : ");
+            for (j = 0; j < ssl->QSH_secret->SerSi->length; j++) {
+                printf("%02x", ssl->QSH_secret->SerSi->buffer[j]);
+            }
+            printf("\n");
+            printf("CliSi        : ");
+            for (j = 0; j < ssl->QSH_secret->CliSi->length; j++) {
+                printf("%02x", ssl->QSH_secret->CliSi->buffer[j]);
+            }
+            printf("\n");
+        #endif
+    }
+#endif
+
 #ifdef NO_OLD_TLS
     return MakeTlsMasterSecret(ssl);
 #elif !defined(NO_TLS)
diff --git a/src/ssl.c b/src/ssl.c
index a947a8aee..cad25dd21 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -777,6 +777,58 @@ int wolfSSL_CTX_UseSupportedCurve(WOLFSSL_CTX* ctx, word16 name)
 #endif /* NO_WOLFSSL_CLIENT */
 #endif /* HAVE_SUPPORTED_CURVES */
 
+/* QSH quantum safe handshake */
+#ifdef HAVE_QSH
+/* returns 1 if QSH has been used 0 otherwise */
+int wolfSSL_isQSH(WOLFSSL* ssl)
+{
+    /* if no ssl struct than QSH was not used */
+    if (ssl == NULL)
+        return 0;
+
+    return ssl->isQSH;
+}
+
+
+int wolfSSL_UseSupportedQSH(WOLFSSL* ssl, word16 name)
+{
+    if (ssl == NULL)
+        return BAD_FUNC_ARG;
+
+    switch (name) {
+    #ifdef HAVE_NTRU
+        case WOLFSSL_NTRU_EESS439:
+        case WOLFSSL_NTRU_EESS593:
+        case WOLFSSL_NTRU_EESS743:
+            break;
+    #endif
+        default:
+            return BAD_FUNC_ARG;
+    }
+
+    ssl->user_set_QSHSchemes = 1;
+
+    return TLSX_UseQSHScheme(&ssl->extensions, name, NULL, 0);
+}
+
+#ifndef NO_WOLFSSL_CLIENT
+    /* user control over sending client public key in hello
+       when flag = 1 will send keys if flag is 0 or function is not called
+       then will not send keys in the hello extension
+       return 0 on success
+     */
+    int wolfSSL_UseClientQSHKeys(WOLFSSL* ssl, unsigned char flag)
+    {
+        if (ssl == NULL)
+            return BAD_FUNC_ARG;
+
+        ssl->sendQSHKeys = flag;
+
+        return 0;
+    }
+#endif /* NO_WOLFSSL_CLIENT */
+#endif /* HAVE_QSH */
+
 /* Secure Renegotiation */
 #ifdef HAVE_SECURE_RENEGOTIATION
 
@@ -9819,19 +9871,9 @@ const char* wolfSSL_CIPHER_get_name(const WOLFSSL_CIPHER* cipher)
             case TLS_RSA_WITH_RABBIT_SHA :
                 return "TLS_RSA_WITH_RABBIT_SHA";
     #endif
-    #ifdef HAVE_NTRU
-        #ifndef NO_RC4
-            case TLS_NTRU_RSA_WITH_RC4_128_SHA :
-                return "TLS_NTRU_RSA_WITH_RC4_128_SHA";
-        #endif
-        #ifndef NO_DES3
-            case TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA :
-                return "TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA";
-        #endif
-            case TLS_NTRU_RSA_WITH_AES_128_CBC_SHA :
-                return "TLS_NTRU_RSA_WITH_AES_128_CBC_SHA";
-            case TLS_NTRU_RSA_WITH_AES_256_CBC_SHA :
-                return "TLS_NTRU_RSA_WITH_AES_256_CBC_SHA";
+    #ifdef HAVE_QSH
+            case TLS_QSH :
+                return "TLS_QSH";
     #endif /* HAVE_NTRU */
 #endif /* NO_SHA */
             case TLS_RSA_WITH_AES_128_GCM_SHA256 :
diff --git a/src/tls.c b/src/tls.c
index 68f63f9cc..e73bb7d72 100644
--- a/src/tls.c
+++ b/src/tls.c
@@ -36,6 +36,15 @@
     #include <wolfcrypt/src/misc.c>
 #endif
 
+#ifdef HAVE_NTRU
+    #include "ntru_crypto.h"
+    #include <wolfssl/wolfcrypt/random.h>
+#endif
+#ifdef HAVE_QSH
+    static int TLSX_AddQSHKey(QSHKey** list, QSHKey* key);
+    static byte* TLSX_QSHKeyFind_Pub(QSHKey* qsh, word16* pubLen, word16 name);
+    static int TLSX_CreateNtruKey(WOLFSSL* ssl, int type);
+#endif
 
 
 #ifndef NO_TLS
@@ -2047,6 +2056,577 @@ int TLSX_UseSessionTicket(TLSX** extensions, SessionTicket* ticket)
 
 #endif /* HAVE_SESSION_TICKET */
 
+
+#ifdef HAVE_QSH
+static RNG* rng;
+static wolfSSL_Mutex* rngMutex;
+
+static void TLSX_QSH_FreeAll(QSHScheme* list)
+{
+    QSHScheme* current;
+
+    while ((current = list)) {
+        list = current->next;
+        XFREE(current, 0, DYNAMIC_TYPE_TLSX);
+    }
+}
+
+static int TLSX_QSH_Append(QSHScheme** list, word16 name, byte* pub,
+                                                                  word16 pubLen)
+{
+    QSHScheme* temp;
+
+    if (list == NULL)
+        return BAD_FUNC_ARG;
+
+    if ((temp = XMALLOC(sizeof(QSHScheme), 0, DYNAMIC_TYPE_TLSX)) == NULL)
+        return MEMORY_E;
+
+    temp->name  = name;
+    temp->PK    = pub;
+    temp->PKLen = pubLen;
+    temp->next  = *list;
+
+    *list = temp;
+
+    return 0;
+}
+
+
+/* request for server's public key : 02 indicates 0-2 requested */
+static byte TLSX_QSH_SerPKReq(byte* output, byte isRequest)
+{
+    if (isRequest) {
+        /* only request one public key from the server */
+        output[0] = 0x01;
+
+        return OPAQUE8_LEN;
+    }
+    else {
+        return 0;
+    }
+}
+
+#ifndef NO_WOLFSSL_CLIENT
+
+/* check for TLS_QSH suite */
+static void TLSX_QSH_ValidateRequest(WOLFSSL* ssl, byte* semaphore)
+{
+    int i;
+
+    for (i = 0; i < ssl->suites->suiteSz; i+= 2)
+        if (ssl->suites->suites[i] == QSH_BYTE)
+            return;
+
+    /* No QSH suite found */
+    TURN_ON(semaphore, TLSX_ToSemaphore(WOLFSSL_QSH));
+}
+
+
+/* return the size of the QSH hello extension
+   list      the list of QSHScheme structs containing id and key
+   isRequest if 1 then is being sent to the server
+ */
+word16 TLSX_QSH_GetSize(QSHScheme* list, byte isRequest)
+{
+    QSHScheme* temp = list;
+    word16 length = 0;
+
+    /* account for size of scheme list and public key list */
+    if (isRequest)
+        length = OPAQUE16_LEN;
+    length += OPAQUE24_LEN;
+
+    /* for each non null element in list add size */
+    while ((temp)) {
+        /* add public key info Scheme | Key Length | Key */
+        length += OPAQUE16_LEN;
+        length += OPAQUE16_LEN;
+        length += temp->PKLen;
+
+        /* if client add name size for scheme list
+           advance to next QSHScheme struct in list */
+        if (isRequest)
+            length += OPAQUE16_LEN;
+        temp = temp->next;
+    }
+
+    /* add length for request server public keys */
+    if (isRequest)
+        length += OPAQUE8_LEN;
+
+    return length;
+}
+
+
+/* write out a list of QSHScheme IDs */
+static word16 TLSX_QSH_Write(QSHScheme* list, byte* output)
+{
+    QSHScheme* current = list;
+    word16 length      = 0;
+
+    length += OPAQUE16_LEN;
+
+    while (current) {
+        c16toa(current->name, output + length);
+        length += OPAQUE16_LEN;
+        current = (QSHScheme*)current->next;
+    }
+
+    c16toa(length - OPAQUE16_LEN, output); /* writing list length */
+
+    return length;
+}
+
+
+/* write public key list in extension */
+static word16 TLSX_QSHPK_WriteR(QSHScheme* format, byte* output);
+static word16 TLSX_QSHPK_WriteR(QSHScheme* format, byte* output)
+{
+    word32 offset = 0;
+    word16 public_len = 0;
+
+    if (!format)
+        return offset;
+
+    /* write scheme ID */
+    c16toa(format->name, output + offset);
+    offset += OPAQUE16_LEN;
+
+    /* write public key matching scheme */
+    public_len = format->PKLen;
+    c16toa(public_len, output + offset);
+    offset += OPAQUE16_LEN;
+    if (format->PK) {
+        XMEMCPY(output+offset, format->PK, public_len);
+    }
+
+    return public_len + offset;
+}
+
+word16 TLSX_QSHPK_Write(QSHScheme* list, byte* output)
+{
+    QSHScheme* current = list;
+    word32 length = 0;
+    word24 toWire;
+
+    length += OPAQUE24_LEN;
+
+    while (current) {
+        length += TLSX_QSHPK_WriteR(current, output + length);
+        current = (QSHScheme*)current->next;
+    }
+    /* length of public keys sent */
+    c32to24(length - OPAQUE24_LEN, toWire);
+    output[0] = toWire[0];
+    output[1] = toWire[1];
+    output[2] = toWire[2];
+
+    return length;
+}
+
+#endif /* NO_WOLFSSL_CLIENT */
+#ifndef NO_WOLFSSL_SERVER
+
+static void TLSX_QSHAgreement(TLSX** extensions)
+{
+    TLSX* extension = TLSX_Find(*extensions, WOLFSSL_QSH);
+    QSHScheme* format = NULL;
+    QSHScheme* prev   = NULL;
+
+    if (extension == NULL)
+        return;
+
+    format = extension->data;
+    while (format) {
+        if (format->PKLen == 0) {
+            /* case of head */
+            if (format == extension->data) {
+                extension->data = format->next;
+            }
+            if (prev)
+                prev->next = format->next;
+            prev   = format;
+            format = format->next;
+            XFREE(format, ssl->heap, DYNAMIC_TYPE_TMP_ARRAY);
+        } else {
+            prev   = format;
+            format = format->next;
+        }
+    }
+}
+
+
+/* Parse in hello extension
+   input     the byte stream to process
+   length    length of total extension found
+   isRequest set to 1 if being sent to the server
+ */
+static int TLSX_QSH_Parse(WOLFSSL* ssl, byte* input, word16 length,
+                                                                 byte isRequest)
+{
+    byte   numKeys    = 0;
+    word16 offset     = 0;
+    word16 schemSz    = 0;
+    word16 offset_len = 0;
+    word32 offset_pk  = 0;
+    word16 name  = 0;
+    word16 PKLen = 0;
+    byte*  PK = NULL;
+    int r;
+
+    if (OPAQUE16_LEN > length)
+        return BUFFER_ERROR;
+
+    if (isRequest) {
+        ato16(input, &schemSz);
+
+        /* list of public keys avialable for QSH schemes */
+        offset_len = schemSz + OPAQUE16_LEN;
+    }
+
+    offset_pk = ((input[offset_len] << 16)   & 0xFF00000) |
+                (((input[offset_len + 1]) << 8) & 0xFF00) |
+                (input[offset_len + 2] & 0xFF);
+    offset_len += OPAQUE24_LEN;
+
+    /* check buffer size */
+    if (offset_pk > length)
+        return BUFFER_ERROR;
+
+    /* set maximum number of keys the client will accept */
+    if (!isRequest)
+        numKeys = (ssl->maxRequest < 1)? 1 : ssl->maxRequest;
+
+    /* hello extension read list of scheme ids */
+    if (isRequest) {
+
+        /* read in request for public keys */
+        ssl->minRequest = (input[length -1] >> 4) & 0xFF;
+        ssl->maxRequest = input[length -1] & 0x0F;
+
+        /* choose the min between min requested by client and 1 */
+        numKeys = (ssl->minRequest > 1) ? ssl->minRequest : 1;
+
+        if (ssl->minRequest > ssl->maxRequest)
+            return BAD_FUNC_ARG;
+
+        offset  += OPAQUE16_LEN;
+        schemSz += offset;
+        while ((offset < schemSz) && numKeys) {
+            /* Scheme ID list */
+            ato16(input + offset, &name);
+            offset += OPAQUE16_LEN;
+
+            /* validate we have scheme id */
+            if (ssl->user_set_QSHSchemes &&
+                    !TLSX_ValidateQSHScheme(&ssl->extensions, name)) {
+                continue;
+            }
+
+            /* server create keys on demand */
+            if ((r = TLSX_CreateNtruKey(ssl, name)) != 0) {
+                WOLFSSL_MSG("Error creating ntru keys");
+                return r;
+            }
+
+            /* peer sent an agreed upon scheme */
+            r = TLSX_UseQSHScheme(&ssl->extensions, name, NULL, 0);
+
+            if (r != SSL_SUCCESS) return r; /* throw error */
+
+            numKeys--;
+        }
+
+        /* choose the min between min requested by client and 1 */
+        numKeys = (ssl->minRequest > 1) ? ssl->minRequest : 1;
+    }
+
+    /* QSHPK struct */
+    offset_pk += offset_len;
+    while ((offset_len < offset_pk) && numKeys) {
+        QSHKey * temp;
+
+        if ((temp = XMALLOC(sizeof(QSHKey), 0, DYNAMIC_TYPE_TLSX)) == NULL)
+            return MEMORY_E;
+
+        /* initialize */
+        temp->next = NULL;
+        temp->pub.buffer = NULL;
+        temp->pub.length = 0;
+        temp->pri.buffer = NULL;
+        temp->pri.length = 0;
+
+        /* scheme id */
+        ato16(input + offset_len, &(temp->name));
+        offset_len += OPAQUE16_LEN;
+
+        /* public key length */
+        ato16(input + offset_len, &PKLen);
+        temp->pub.length = PKLen;
+        offset_len += OPAQUE16_LEN;
+
+
+        if (isRequest) {
+            /* validate we have scheme id */
+            if (ssl->user_set_QSHSchemes &&
+                    (!TLSX_ValidateQSHScheme(&ssl->extensions, temp->name))) {
+                offset_len += PKLen;
+                XFREE(temp, 0, DYNAMIC_TYPE_TLSX);
+                continue;
+            }
+        }
+
+        /* read in public key */
+        if (PKLen > 0) {
+            temp->pub.buffer = (byte*)XMALLOC(temp->pub.length,
+                               0, DYNAMIC_TYPE_PUBLIC_KEY);
+            XMEMCPY(temp->pub.buffer, input + offset_len, temp->pub.length);
+            offset_len += PKLen;
+        }
+        else {
+            PK = NULL;
+        }
+
+        /* use own key when adding to extensions list for sending reply */
+        PKLen = 0;
+        PK = TLSX_QSHKeyFind_Pub(ssl->QSH_Key, &PKLen, temp->name);
+        r  = TLSX_UseQSHScheme(&ssl->extensions, temp->name, PK, PKLen);
+
+        /* store peers key */
+        ssl->peerQSHKeyPresent = 1;
+        if (TLSX_AddQSHKey(&ssl->peerQSHKey, temp) != 0)
+            return MEMORY_E;
+
+        if (temp->pub.length == 0) {
+            XFREE(temp, 0, DYNAMIC_TYPE_TLSX);
+        }
+
+        if (r != SSL_SUCCESS) {return r;} /* throw error */
+
+        numKeys--;
+    }
+
+    /* reply to a QSH extension sent from client */
+    if (isRequest) {
+        TLSX_SetResponse(ssl, WOLFSSL_QSH);
+        /* only use schemes we have key generated for -- free the rest */
+        TLSX_QSHAgreement(&ssl->extensions);
+    }
+
+    return 0;
+}
+
+
+/* Used for parsing in QSHCipher structs on Key Exchange */
+int TLSX_QSHCipher_Parse(WOLFSSL* ssl, const byte* input, word16 length,
+                                                                  byte isServer)
+{
+    QSHKey* key;
+    word16 Max_Secret_Len = 48;
+    word16 offset     = 0;
+    word16 offset_len = 0;
+    word32 offset_pk  = 0;
+    word16 name       = 0;
+    word16 secretLen  = 0;
+    byte*  secret     = NULL;
+    word16 buffLen    = 0;
+    byte buff[145]; /* size enough for 3 secrets */
+    buffer* buf;
+
+    /* pointer to location where secret should be stored */
+    if (isServer) {
+        buf = ssl->QSH_secret->CliSi;
+    }
+    else {
+        buf = ssl->QSH_secret->SerSi;
+    }
+
+    offset_pk = ((input[offset_len] << 16)    & 0xFF0000) |
+                (((input[offset_len + 1]) << 8) & 0xFF00) |
+                (input[offset_len + 2] & 0xFF);
+    offset_len += OPAQUE24_LEN;
+
+    /* validating extension list length -- check if trying to read over edge
+       of buffer */
+    if (length < (offset_pk + OPAQUE24_LEN)) {
+        return BUFFER_ERROR;
+    }
+
+    /* QSHCipherList struct */
+    offset_pk += offset_len;
+    while (offset_len < offset_pk) {
+
+        /* scheme id */
+        ato16(input + offset_len, &name);
+        offset_len += OPAQUE16_LEN;
+
+        /* public key length */
+        ato16(input + offset_len, &secretLen);
+        offset_len += OPAQUE16_LEN;
+
+        /* read in public key */
+        if (secretLen > 0) {
+            secret = (byte*)(input + offset_len);
+            offset_len += secretLen;
+        }
+        else {
+            secret = NULL;
+        }
+
+        /* no secret sent */
+        if (secret == NULL)
+            continue;
+
+        /* find coresponding key */
+        key = ssl->QSH_Key;
+        while (key) {
+            if (key->name == name)
+                break;
+            else
+                key = (QSHKey*)key->next;
+        }
+
+        /* if we do not have the key than there was a big issue negotiation */
+        if (key == NULL) {
+            WOLFSSL_MSG("key was null for decryption!!!\n");
+            return MEMORY_E;
+        }
+
+        /* Decrypt sent secret */
+        buffLen = Max_Secret_Len;
+        QSH_Decrypt(key, secret, secretLen, buff + offset, &buffLen);
+        offset += buffLen;
+    }
+
+    /* allocate memory for buffer */
+    buf->length = offset;
+    buf->buffer = (byte*)XMALLOC(offset, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    if (buf->buffer == NULL)
+        return MEMORY_E;
+
+    /* store secrets */
+    XMEMCPY(buf->buffer, buff, offset);
+    ForceZero(buff, offset);
+
+    return offset_len;
+}
+
+
+/* return 1 on success */
+int TLSX_ValidateQSHScheme(TLSX** extensions, word16 theirs) {
+    TLSX* extension = TLSX_Find(*extensions, WOLFSSL_QSH);
+    QSHScheme* format    = NULL;
+
+    /* if no extension is sent then do not use QSH */
+    if (!extension) {
+        WOLFSSL_MSG("No QSH Extension");
+        return 0;
+    }
+
+    for (format = (QSHScheme*)extension->data; format; format = format->next) {
+        if (format->name == theirs) {
+	        WOLFSSL_MSG("Found Matching QSH Scheme");
+            return 1; /* have QSH */
+        }
+    }
+
+    return 0;
+}
+#endif /* NO_WOLFSSL_SERVER */
+
+/* test if the QSH Scheme is implemented
+   return 1 if yes 0 if no */
+static int TLSX_HaveQSHScheme(word16 name)
+{
+    switch(name) {
+        #ifdef HAVE_NTRU
+            case WOLFSSL_NTRU_EESS439:
+            case WOLFSSL_NTRU_EESS593:
+            case WOLFSSL_NTRU_EESS743:
+                    return 1;
+        #endif
+            case WOLFSSL_LWE_XXX:
+            case WOLFSSL_HFE_XXX:
+                    return 0; /* not supported yet */
+
+        default:
+            return 0;
+    }
+}
+
+
+/* Add a QSHScheme struct to list of usable ones */
+int TLSX_UseQSHScheme(TLSX** extensions, word16 name, byte* pKey, word16 pkeySz)
+{
+    TLSX*      extension = TLSX_Find(*extensions, WOLFSSL_QSH);
+    QSHScheme* format    = NULL;
+    int        ret       = 0;
+
+    /* sanity check */
+    if (extensions == NULL || (pKey == NULL && pkeySz != 0))
+        return BAD_FUNC_ARG;
+
+    /* if scheme is implemented than add */
+    if (TLSX_HaveQSHScheme(name)) {
+	    if ((ret = TLSX_QSH_Append(&format, name, pKey, pkeySz)) != 0)
+	        return ret;
+
+	    if (!extension) {
+	        if ((ret = TLSX_Push(extensions, WOLFSSL_QSH, format)) != 0) {
+	            XFREE(format, 0, DYNAMIC_TYPE_TLSX);
+	            return ret;
+	        }
+	    }
+	    else {
+	        /* push new QSH object to extension data. */
+	        format->next = (QSHScheme*)extension->data;
+	        extension->data = (void*)format;
+
+	        /* look for another format of the same name to remove (replacement) */
+	        do {
+	            if (format->next && (format->next->name == name)) {
+	                QSHScheme* next = format->next;
+
+	                format->next = next->next;
+	                XFREE(next, 0, DYNAMIC_TYPE_TLSX);
+
+	                break;
+	            }
+	        } while ((format = format->next));
+	    }
+    }
+    return SSL_SUCCESS;
+}
+
+#define QSH_FREE_ALL         TLSX_QSH_FreeAll
+#define QSH_VALIDATE_REQUEST TLSX_QSH_ValidateRequest
+
+#ifndef NO_WOLFSSL_CLIENT
+#define QSH_GET_SIZE TLSX_QSH_GetSize
+#define QSH_WRITE    TLSX_QSH_Write
+#else
+#define QSH_GET_SIZE(list)         0
+#define QSH_WRITE(a, b)            0
+#endif
+
+#ifndef NO_WOLFSSL_SERVER
+#define QSH_PARSE TLSX_QSH_Parse
+#else
+#define QSH_PARSE(a, b, c, d)      0
+#endif
+
+#else
+
+#define QSH_FREE_ALL(list)
+#define QSH_GET_SIZE(list, a)      0
+#define QSH_WRITE(a, b)            0
+#define QSH_PARSE(a, b, c, d)      0
+#define QSH_VALIDATE_REQUEST(a, b)
+
+#endif /* HAVE_QSH */
+
+
 /** Finds an extension in the provided list. */
 TLSX* TLSX_Find(TLSX* list, TLSX_Type type)
 {
@@ -2091,6 +2671,10 @@ void TLSX_FreeAll(TLSX* list)
             case SESSION_TICKET:
                 /* Nothing to do. */
                 break;
+
+            case WOLFSSL_QSH:
+                QSH_FREE_ALL(extension->data);
+                break;
         }
 
         XFREE(extension, 0, DYNAMIC_TYPE_TLSX);
@@ -2122,6 +2706,7 @@ static word16 TLSX_GetSize(TLSX* list, byte* semaphore, byte isRequest)
         /* extension type + extension data length. */
         length += HELLO_EXT_TYPE_SZ + OPAQUE16_LEN;
 
+
         switch (extension->type) {
 
             case SERVER_NAME_INDICATION:
@@ -2149,6 +2734,10 @@ static word16 TLSX_GetSize(TLSX* list, byte* semaphore, byte isRequest)
             case SESSION_TICKET:
                 length += STK_GET_SIZE(extension->data, isRequest);
                 break;
+
+            case WOLFSSL_QSH:
+                length += QSH_GET_SIZE(extension->data, isRequest);
+                break;
         }
 
         /* marks the extension as processed so ctx level */
@@ -2211,6 +2800,14 @@ static word16 TLSX_Write(TLSX* list, byte* output, byte* semaphore,
                 offset += STK_WRITE(extension->data, output + offset,
                                                                      isRequest);
                 break;
+
+            case WOLFSSL_QSH:
+                if (isRequest) {
+                    offset += QSH_WRITE(extension->data, output + offset);
+                }
+                offset += TLSX_QSHPK_Write(extension->data, output + offset);
+                offset += TLSX_QSH_SerPKReq(output + offset, isRequest);
+                break;
         }
 
         /* writes extension data length. */
@@ -2224,6 +2821,280 @@ static word16 TLSX_Write(TLSX* list, byte* output, byte* semaphore,
     return offset;
 }
 
+
+#ifdef HAVE_NTRU
+
+static word32 GetEntropy(unsigned char* out, unsigned long long num_bytes)
+{
+    int ret = 0;
+
+    if (rng == NULL) {
+        if ((rng = XMALLOC(sizeof(RNG), 0, DYNAMIC_TYPE_TLSX)) == NULL)
+            return DRBG_OUT_OF_MEMORY;
+        wc_InitRng(rng);
+    }
+
+    if (rngMutex == NULL) {
+        if ((rngMutex = XMALLOC(sizeof(wolfSSL_Mutex), 0,
+                        DYNAMIC_TYPE_TLSX)) == NULL)
+            return DRBG_OUT_OF_MEMORY;
+        InitMutex(rngMutex);
+    }
+
+    ret |= LockMutex(rngMutex);
+    ret |= wc_RNG_GenerateBlock(rng, out, (word32)num_bytes);
+    ret |= UnLockMutex(rngMutex);
+
+    if (ret != 0)
+        return DRBG_ENTROPY_FAIL;
+
+    return DRBG_OK;
+}
+#endif
+
+
+#ifdef HAVE_QSH
+static int TLSX_CreateQSHKey(WOLFSSL* ssl, int type)
+{
+    int ret;
+
+    switch (type) {
+#ifdef HAVE_NTRU
+        case WOLFSSL_NTRU_EESS439:
+        case WOLFSSL_NTRU_EESS593:
+        case WOLFSSL_NTRU_EESS743:
+            ret = TLSX_CreateNtruKey(ssl, type);
+            break;
+#endif
+        default:
+            WOLFSSL_MSG("Unknown type for creating NTRU key");
+            return -1;
+    }
+
+    return ret;
+}
+
+
+static int TLSX_AddQSHKey(QSHKey** list, QSHKey* key)
+{
+    if (key == NULL)
+        return BAD_FUNC_ARG;
+
+    /* if no public key stored in key then do not add */
+    if (key->pub.length == 0 || key->pub.buffer == NULL)
+        return 0;
+
+    /* first element to be added to the list */
+    QSHKey* current = *list;
+    if (current == NULL) {
+        *list = key;
+        return 0;
+    }
+
+    while (current->next) {
+        /* can only have one of the key in the list */
+        if (current->name == key->name)
+            return -1;
+        current = (QSHKey*)current->next;
+    }
+
+    current->next = (struct QSHKey*)key;
+
+    return 0;
+}
+
+
+#ifdef HAVE_NTRU
+int TLSX_CreateNtruKey(WOLFSSL* ssl, int type)
+{
+    int ret;
+    int ntruType;
+
+    /* variable declarations for NTRU*/
+    QSHKey* temp = NULL;
+    byte   public_key[1027];
+    word16 public_key_len = sizeof(public_key);
+    byte   private_key[1120];
+    word16 private_key_len = sizeof(private_key);
+    DRBG_HANDLE drbg;
+
+    if (ssl == NULL)
+        return BAD_FUNC_ARG;
+
+    switch (type) {
+        case WOLFSSL_NTRU_EESS439:
+            ntruType = NTRU_EES439EP1;
+            break;
+        case WOLFSSL_NTRU_EESS593:
+            ntruType = NTRU_EES593EP1;
+            break;
+        case WOLFSSL_NTRU_EESS743:
+            ntruType = NTRU_EES743EP1;
+            break;
+        default:
+            WOLFSSL_MSG("Unknown type for creating NTRU key");
+            return -1;
+    }
+    ret = ntru_crypto_external_drbg_instantiate(GetEntropy, &drbg);
+    if (ret != DRBG_OK) {
+        WOLFSSL_MSG("NTRU drbg instantiate failed\n");
+        return ret;
+    }
+
+    if ((ret = ntru_crypto_ntru_encrypt_keygen(drbg, ntruType,
+                     &public_key_len, NULL, &private_key_len, NULL)) != NTRU_OK)
+        return ret;
+
+    if ((ret = ntru_crypto_ntru_encrypt_keygen(drbg, ntruType,
+        &public_key_len, public_key, &private_key_len, private_key)) != NTRU_OK)
+        return ret;
+
+    ret = ntru_crypto_drbg_uninstantiate(drbg);
+    if (ret != NTRU_OK) {
+        WOLFSSL_MSG("NTRU drbg uninstantiate failed\n");
+        return ret;
+    }
+
+    if ((temp = XMALLOC(sizeof(QSHKey), 0, DYNAMIC_TYPE_TLSX)) == NULL)
+        return MEMORY_E;
+    temp->name = type;
+    temp->pub.length = public_key_len;
+    temp->pub.buffer = XMALLOC(public_key_len, public_key,
+                                DYNAMIC_TYPE_PUBLIC_KEY);
+    XMEMCPY(temp->pub.buffer, public_key, public_key_len);
+    temp->pri.length = private_key_len;
+    temp->pri.buffer = XMALLOC(private_key_len, private_key,
+                                DYNAMIC_TYPE_ARRAYS);
+    XMEMCPY(temp->pri.buffer, private_key, private_key_len);
+    temp->next = NULL;
+
+    TLSX_AddQSHKey(&ssl->QSH_Key, temp);
+
+    return ret;
+}
+#endif
+
+
+/*
+    Used to find a public key from the list of keys
+    pubLen length of array
+    name   input the name of the scheme looking for ie WOLFSSL_NTRU_ESSXXX
+
+    returns a pointer to public key byte* or NULL if not found
+ */
+static byte* TLSX_QSHKeyFind_Pub(QSHKey* qsh, word16* pubLen, word16 name)
+{
+    QSHKey* current = qsh;
+
+    if (qsh == NULL || pubLen == NULL)
+        return NULL;
+
+    *pubLen = 0;
+
+    while(current) {
+        if (current->name == name) {
+            *pubLen = current->pub.length;
+            return current->pub.buffer;
+        }
+        current = (QSHKey*)current->next;
+    }
+
+    return NULL;
+}
+#endif /* HAVE_QSH */
+
+
+int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer)
+{
+    byte* public_key      = NULL;
+    word16 public_key_len = 0;
+    #ifdef HAVE_QSH
+        TLSX* extension;
+        QSHScheme* qsh;
+        QSHScheme* next;
+    #endif
+    int ret = 0;
+    (void)isServer;
+
+    #ifdef HAVE_QSH
+        /* add supported QSHSchemes */
+        WOLFSSL_MSG("Adding supported QSH Schemes");
+
+        /* server will add extension depending on whats parsed from client */
+        if (!isServer) {
+
+            /* test if user has set a specific scheme already */
+            if (!ssl->user_set_QSHSchemes) {
+                if (ssl->sendQSHKeys) {
+                    if ((ret = TLSX_CreateQSHKey(ssl, WOLFSSL_NTRU_EESS743)) != 0) {
+                        WOLFSSL_MSG("Error creating ntru keys");
+                        return ret;
+                    }
+                    if ((ret = TLSX_CreateQSHKey(ssl, WOLFSSL_NTRU_EESS593)) != 0) {
+                        WOLFSSL_MSG("Error creating ntru keys");
+                        return ret;
+                    }
+                    if ((ret = TLSX_CreateQSHKey(ssl, WOLFSSL_NTRU_EESS439)) != 0) {
+                        WOLFSSL_MSG("Error creating ntru keys");
+                        return ret;
+                    }
+
+                /* add NTRU 256 */
+                public_key = TLSX_QSHKeyFind_Pub(ssl->QSH_Key,
+                        &public_key_len, WOLFSSL_NTRU_EESS743);
+                }
+                if (TLSX_UseQSHScheme(&ssl->extensions, WOLFSSL_NTRU_EESS743,
+                        public_key, public_key_len) != SSL_SUCCESS)
+                    ret = -1;
+
+                /* add NTRU 196 */
+                if (ssl->sendQSHKeys) {
+                    public_key = TLSX_QSHKeyFind_Pub(ssl->QSH_Key,
+                        &public_key_len, WOLFSSL_NTRU_EESS593);
+                }
+                if (TLSX_UseQSHScheme(&ssl->extensions, WOLFSSL_NTRU_EESS593,
+                        public_key, public_key_len) != SSL_SUCCESS)
+                    ret = -1;
+
+                /* add NTRU 128 */
+                if (ssl->sendQSHKeys) {
+                    public_key = TLSX_QSHKeyFind_Pub(ssl->QSH_Key,
+                        &public_key_len, WOLFSSL_NTRU_EESS439);
+                }
+                if (TLSX_UseQSHScheme(&ssl->extensions, WOLFSSL_NTRU_EESS439,
+                        public_key, public_key_len) != SSL_SUCCESS)
+                    ret = -1;
+            }
+            else if (ssl->sendQSHKeys) {
+                /* for each scheme make a client key */
+                extension = TLSX_Find(ssl->extensions, WOLFSSL_QSH);
+                if (extension) {
+                    qsh = (QSHScheme*)extension->data;
+
+                    while (qsh) {
+                        if ((ret = TLSX_CreateQSHKey(ssl, qsh->name)) != 0)
+                            return ret;
+
+                        /* get next now because qsh could be freed */
+                        next = qsh->next;
+
+                        /* find the public key created and add to extension*/
+                        public_key = TLSX_QSHKeyFind_Pub(ssl->QSH_Key,
+                                 &public_key_len, qsh->name);
+                        if (TLSX_UseQSHScheme(&ssl->extensions, qsh->name,
+                                    public_key, public_key_len) != SSL_SUCCESS)
+                            ret = -1;
+                        qsh = next;
+                    }
+                }
+            }
+         } /* is not server */
+    #endif
+
+    return ret;
+}
+
+
 #ifndef NO_WOLFSSL_CLIENT
 
 /** Tells the buffered size of extensions to be sent into the client hello. */
@@ -2235,6 +3106,7 @@ word16 TLSX_GetRequestSize(WOLFSSL* ssl)
         byte semaphore[SEMAPHORE_SIZE] = {0};
 
         EC_VALIDATE_REQUEST(ssl, semaphore);
+        QSH_VALIDATE_REQUEST(ssl, semaphore);
         STK_VALIDATE_REQUEST(ssl);
 
         if (ssl->extensions)
@@ -2265,6 +3137,7 @@ word16 TLSX_WriteRequest(WOLFSSL* ssl, byte* output)
 
         EC_VALIDATE_REQUEST(ssl, semaphore);
         STK_VALIDATE_REQUEST(ssl);
+        QSH_VALIDATE_REQUEST(ssl, semaphore);
 
         if (ssl->extensions)
             offset += TLSX_Write(ssl->extensions, output + offset,
@@ -2406,6 +3279,12 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte isRequest,
                 ret = STK_PARSE(ssl, input + offset, size, isRequest);
                 break;
 
+            case WOLFSSL_QSH:
+                WOLFSSL_MSG("Quantum-Safe-Hybrid extension received");
+
+                ret = QSH_PARSE(ssl, input + offset, size, isRequest);
+                break;
+
             case HELLO_EXT_SIG_ALGO:
                 if (isRequest) {
                     /* do not mess with offset inside the switch! */
diff --git a/tests/suites.c b/tests/suites.c
index d1abc19c9..cb30cdf25 100644
--- a/tests/suites.c
+++ b/tests/suites.c
@@ -108,6 +108,15 @@ static int IsValidCipherSuite(const char* line, char* suite)
         found = 1;
     }
 
+    /* if QSH not enabled then do not use QSH suite */
+    #ifdef HAVE_QSH
+        if (strncmp(suite, "QSH", 3) == 0) {
+            if (wolfSSL_CTX_set_cipher_list(cipherSuiteCtx, suite + 4)
+                                                                 != SSL_SUCCESS)
+            return 0;
+        }
+    #endif
+
     if (found) {
         if (wolfSSL_CTX_set_cipher_list(cipherSuiteCtx, suite) == SSL_SUCCESS)
             valid = 1;
@@ -446,14 +455,24 @@ int SuiteTest(void)
     /* any extra cases will need another argument */
     args.argc = 2;
 
-#ifdef WOLFSSL_DTLS 
+#ifdef WOLFSSL_DTLS
     /* add dtls extra suites */
     strcpy(argv0[1], "tests/test-dtls.conf");
     printf("starting dtls extra cipher suite tests\n");
     test_harness(&args);
     if (args.return_code != 0) {
         printf("error from script %d\n", args.return_code);
-        exit(EXIT_FAILURE);  
+        exit(EXIT_FAILURE);
+    }
+#endif
+#ifdef HAVE_QSH
+    /* add dtls extra suites */
+    strcpy(argv0[1], "tests/test-qsh.conf");
+    printf("starting qsh extra cipher suite tests\n");
+    test_harness(&args);
+    if (args.return_code != 0) {
+        printf("error from script %d\n", args.return_code);
+        exit(EXIT_FAILURE);
     }
 #endif
 
diff --git a/tests/test-qsh.conf b/tests/test-qsh.conf
new file mode 100644
index 000000000..0261e9e47
--- /dev/null
+++ b/tests/test-qsh.conf
@@ -0,0 +1,1904 @@
+# server TLSv1 DHE-RSA-CHACHA20-POLY1305
+-v 1
+-l QSH:DHE-RSA-CHACHA20-POLY1305
+
+# client TLSv1 DHE-RSA-CHACHA20-POLY1305
+-v 1
+-l QSH:DHE-RSA-CHACHA20-POLY1305
+
+# server TLSv1 ECDHE-EDCSA-CHACHA20-POLY1305
+-v 1
+-l QSH:ECDHE-ECDSA-CHACHA20-POLY1305
+-c ./certs/server-ecc.pem
+-k ./certs/ecc-key.pem
+
+# client TLSv1 ECDHE-ECDSA-CHACHA20-POLY1305
+-v 1
+-l QSH:ECDHE-ECDSA-CHACHA20-POLY1305
+-A ./certs/server-ecc.pem
+
+# server TLSv1 ECDHE-RSA-CHACHA20-POLY1305
+-v 1 
+-l QSH:ECDHE-RSA-CHACHA20-POLY1305
+
+# client TLSv1 ECDHE-RSA-CHACHA20-POLY1305
+-v 1
+-l QSH:ECDHE-RSA-CHACHA20-POLY1305
+
+# server TLSv1.1 DHE-RSA-CHACHA20-POLY1305
+-v 2
+-l QSH:DHE-RSA-CHACHA20-POLY1305
+
+# client TLSv1.1 DHE-RSA-CHACHA20-POLY1305
+-v 2
+-l QSH:DHE-RSA-CHACHA20-POLY1305
+
+# server TLSv1.1 ECDHE-RSA-CHACHA20-POLY1305
+-v 2 
+-l QSH:ECDHE-RSA-CHACHA20-POLY1305
+
+# client TLSv1.1 ECDHE-RSA-CHACHA20-POLY1305
+-v 2
+-l QSH:ECDHE-RSA-CHACHA20-POLY1305
+
+# server TLSv1.1 ECDHE-EDCSA-CHACHA20-POLY1305
+-v 2
+-l QSH:ECDHE-ECDSA-CHACHA20-POLY1305
+-c ./certs/server-ecc.pem
+-k ./certs/ecc-key.pem
+
+# client TLSv1.1 ECDHE-ECDSA-CHACHA20-POLY1305
+-v 2
+-l QSH:ECDHE-ECDSA-CHACHA20-POLY1305
+-A ./certs/server-ecc.pem
+
+# server TLSv1.2 DHE-RSA-CHACHA20-POLY1305
+-v 3
+-l QSH:DHE-RSA-CHACHA20-POLY1305
+
+# client TLSv1.2 DHE-RSA-CHACHA20-POLY1305
+-v 3
+-l QSH:DHE-RSA-CHACHA20-POLY1305
+
+# server TLSv1.2 ECDHE-RSA-CHACHA20-POLY1305
+-v 3 
+-l QSH:ECDHE-RSA-CHACHA20-POLY1305
+
+# client TLSv1.2 ECDHE-RSA-CHACHA20-POLY1305
+-v 3
+-l QSH:ECDHE-RSA-CHACHA20-POLY1305
+
+# server TLSv1.2 ECDHE-EDCSA-CHACHA20-POLY1305
+-v 3
+-l QSH:ECDHE-ECDSA-CHACHA20-POLY1305
+-c ./certs/server-ecc.pem
+-k ./certs/ecc-key.pem
+
+# client TLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305
+-v 3
+-l QSH:ECDHE-ECDSA-CHACHA20-POLY1305
+-A ./certs/server-ecc.pem
+
+# server SSLv3 RC4-SHA
+-v 0
+-l QSH:RC4-SHA
+
+# client SSLv3 RC4-SHA
+-v 0
+-l QSH:RC4-SHA
+
+# server SSLv3 RC4-MD5
+-v 0
+-l QSH:RC4-MD5
+
+# client SSLv3 RC4-MD5
+-v 0
+-l QSH:RC4-MD5
+
+# server SSLv3 DES-CBC3-SHA
+-v 0
+-l QSH:DES-CBC3-SHA
+
+# client SSLv3 DES-CBC3-SHA
+-v 0
+-l QSH:DES-CBC3-SHA
+
+# server TLSv1 RC4-SHA
+-v 1
+-l QSH:RC4-SHA
+
+# client TLSv1 RC4-SHA
+-v 1
+-l QSH:RC4-SHA
+
+# server TLSv1 RC4-MD5
+-v 1
+-l QSH:RC4-MD5
+
+# client TLSv1 RC4-MD5
+-v 1
+-l QSH:RC4-MD5
+
+# server TLSv1 DES-CBC3-SHA
+-v 1
+-l QSH:DES-CBC3-SHA
+
+# client TLSv1 DES-CBC3-SHA
+-v 1
+-l QSH:DES-CBC3-SHA
+
+# server TLSv1 AES128-SHA
+-v 1
+-l QSH:AES128-SHA
+
+# client TLSv1 AES128-SHA
+-v 1
+-l QSH:AES128-SHA
+
+# server TLSv1 AES256-SHA
+-v 1
+-l QSH:AES256-SHA
+
+# client TLSv1 AES256-SHA
+-v 1
+-l QSH:AES256-SHA
+
+# server TLSv1 AES128-SHA256
+-v 1
+-l QSH:AES128-SHA256
+
+# client TLSv1 AES128-SHA256
+-v 1
+-l QSH:AES128-SHA256
+
+# server TLSv1 AES256-SHA256
+-v 1
+-l QSH:AES256-SHA256
+
+# client TLSv1 AES256-SHA256
+-v 1
+-l QSH:AES256-SHA256
+
+# server TLSv1.1 RC4-SHA
+-v 2
+-l QSH:RC4-SHA
+
+# client TLSv1.1 RC4-SHA
+-v 2
+-l QSH:RC4-SHA
+
+# server TLSv1.1 RC4-MD5
+-v 2
+-l QSH:RC4-MD5
+
+# client TLSv1.1 RC4-MD5
+-v 2
+-l QSH:RC4-MD5
+
+# server TLSv1.1 DES-CBC3-SHA
+-v 2
+-l QSH:DES-CBC3-SHA
+
+# client TLSv1.1 DES-CBC3-SHA
+-v 2
+-l QSH:DES-CBC3-SHA
+
+# server TLSv1.1 AES128-SHA
+-v 2
+-l QSH:AES128-SHA
+
+# client TLSv1.1 AES128-SHA
+-v 2
+-l QSH:AES128-SHA
+
+# server TLSv1.1 AES256-SHA
+-v 2
+-l QSH:AES256-SHA
+
+# client TLSv1.1 AES256-SHA
+-v 2
+-l QSH:AES256-SHA
+
+# server TLSv1.1 AES128-SHA256
+-v 2
+-l QSH:AES128-SHA256
+
+# client TLSv1.1 AES128-SHA256
+-v 2
+-l QSH:AES128-SHA256
+
+# server TLSv1.1 AES256-SHA256
+-v 2
+-l QSH:AES256-SHA256
+
+# client TLSv1.1 AES256-SHA256
+-v 2
+-l QSH:AES256-SHA256
+
+# server TLSv1.2 RC4-SHA
+-v 3
+-l QSH:RC4-SHA
+
+# client TLSv1.2 RC4-SHA
+-v 3
+-l QSH:RC4-SHA
+
+# server TLSv1.2 RC4-MD5
+-v 3
+-l QSH:RC4-MD5
+
+# client TLSv1.2 RC4-MD5
+-v 3
+-l QSH:RC4-MD5
+
+# server TLSv1.2 DES-CBC3-SHA
+-v 3
+-l QSH:DES-CBC3-SHA
+
+# client TLSv1.2 DES-CBC3-SHA
+-v 3
+-l QSH:DES-CBC3-SHA
+
+# server TLSv1.2 AES128-SHA
+-v 3
+-l QSH:AES128-SHA
+
+# client TLSv1.2 AES128-SHA
+-v 3
+-l QSH:AES128-SHA
+
+# server TLSv1.2 AES256-SHA
+-v 3
+-l QSH:AES256-SHA
+
+# client TLSv1.2 AES256-SHA
+-v 3
+-l QSH:AES256-SHA
+
+# server TLSv1.2 AES128-SHA256
+-v 3
+-l QSH:AES128-SHA256
+
+# client TLSv1.2 AES128-SHA256
+-v 3
+-l QSH:AES128-SHA256
+
+# server TLSv1.2 AES256-SHA256
+-v 3
+-l QSH:AES256-SHA256
+
+# client TLSv1.2 AES256-SHA256
+-v 3
+-l QSH:AES256-SHA256
+
+# server TLSv1 ECDHE-RSA-RC4
+-v 1
+-l QSH:ECDHE-RSA-RC4-SHA
+
+# client TLSv1 ECDHE-RSA-RC4
+-v 1
+-l QSH:ECDHE-RSA-RC4-SHA
+
+# server TLSv1 ECDHE-RSA-DES3
+-v 1
+-l QSH:ECDHE-RSA-DES-CBC3-SHA
+
+# client TLSv1 ECDHE-RSA-DES3
+-v 1
+-l QSH:ECDHE-RSA-DES-CBC3-SHA
+
+# server TLSv1 ECDHE-RSA-AES128 
+-v 1
+-l QSH:ECDHE-RSA-AES128-SHA
+
+# client TLSv1 ECDHE-RSA-AES128 
+-v 1
+-l QSH:ECDHE-RSA-AES128-SHA
+
+# server TLSv1 ECDHE-RSA-AES256
+-v 1
+-l QSH:ECDHE-RSA-AES256-SHA
+
+# client TLSv1 ECDHE-RSA-AES256
+-v 1
+-l QSH:ECDHE-RSA-AES256-SHA
+
+# server TLSv1.1 ECDHE-RSA-RC4
+-v 2
+-l QSH:ECDHE-RSA-RC4-SHA
+
+# client TLSv1.1 ECDHE-RSA-RC4
+-v 2
+-l QSH:ECDHE-RSA-RC4-SHA
+
+# server TLSv1.1 ECDHE-RSA-DES3
+-v 2
+-l QSH:ECDHE-RSA-DES-CBC3-SHA
+
+# client TLSv1.1 ECDHE-RSA-DES3
+-v 2
+-l QSH:ECDHE-RSA-DES-CBC3-SHA
+
+# server TLSv1.1 ECDHE-RSA-AES128 
+-v 2
+-l QSH:ECDHE-RSA-AES128-SHA
+
+# client TLSv1.1 ECDHE-RSA-AES128 
+-v 2
+-l QSH:ECDHE-RSA-AES128-SHA
+
+# server TLSv1.1 ECDHE-RSA-AES256
+-v 2
+-l QSH:ECDHE-RSA-AES256-SHA
+
+# client TLSv1.1 ECDHE-RSA-AES256
+-v 2
+-l QSH:ECDHE-RSA-AES256-SHA
+
+# server TLSv1.2 ECDHE-RSA-RC4
+-v 3
+-l QSH:ECDHE-RSA-RC4-SHA
+
+# client TLSv1.2 ECDHE-RSA-RC4
+-v 3
+-l QSH:ECDHE-RSA-RC4-SHA
+
+# server TLSv1.2 ECDHE-RSA-DES3
+-v 3
+-l QSH:ECDHE-RSA-DES-CBC3-SHA
+
+# client TLSv1.2 ECDHE-RSA-DES3
+-v 3
+-l QSH:ECDHE-RSA-DES-CBC3-SHA
+
+# server TLSv1.2 ECDHE-RSA-AES128 
+-v 3
+-l QSH:ECDHE-RSA-AES128-SHA
+
+# client TLSv1.2 ECDHE-RSA-AES128 
+-v 3
+-l QSH:ECDHE-RSA-AES128-SHA
+
+# server TLSv1.2 ECDHE-RSA-AES128-SHA256
+-v 3
+-l QSH:ECDHE-RSA-AES128-SHA256
+
+# client TLSv1.2 ECDHE-RSA-AES128-SHA256 
+-v 3
+-l QSH:ECDHE-RSA-AES128-SHA256
+
+# server TLSv1.2 ECDHE-RSA-AES256
+-v 3
+-l QSH:ECDHE-RSA-AES256-SHA
+
+# client TLSv1.2 ECDHE-RSA-AES256
+-v 3
+-l QSH:ECDHE-RSA-AES256-SHA
+
+# server TLSv1 ECDHE-ECDSA-RC4
+-v 1
+-l QSH:ECDHE-ECDSA-RC4-SHA
+-c ./certs/server-ecc.pem
+-k ./certs/ecc-key.pem
+
+# client TLSv1 ECDHE-ECDSA-RC4
+-v 1
+-l QSH:ECDHE-ECDSA-RC4-SHA
+-A ./certs/server-ecc.pem
+
+# server TLSv1 ECDHE-ECDSA-DES3
+-v 1
+-l QSH:ECDHE-ECDSA-DES-CBC3-SHA
+-c ./certs/server-ecc.pem
+-k ./certs/ecc-key.pem
+
+# client TLSv1 ECDHE-ECDSA-DES3
+-v 1
+-l QSH:ECDHE-ECDSA-DES-CBC3-SHA
+-A ./certs/server-ecc.pem
+
+# server TLSv1 ECDHE-ECDSA-AES128 
+-v 1
+-l QSH:ECDHE-ECDSA-AES128-SHA
+-c ./certs/server-ecc.pem
+-k ./certs/ecc-key.pem
+
+# client TLSv1 ECDHE-ECDSA-AES128 
+-v 1
+-l QSH:ECDHE-ECDSA-AES128-SHA
+-A ./certs/server-ecc.pem
+
+# server TLSv1 ECDHE-ECDSA-AES256
+-v 1
+-l QSH:ECDHE-ECDSA-AES256-SHA
+-c ./certs/server-ecc.pem
+-k ./certs/ecc-key.pem
+
+# client TLSv1 ECDHE-ECDSA-AES256
+-v 1
+-l QSH:ECDHE-ECDSA-AES256-SHA
+-A ./certs/server-ecc.pem
+
+# server TLSv1.1 ECDHE-EDCSA-RC4
+-v 2
+-l QSH:ECDHE-ECDSA-RC4-SHA
+-c ./certs/server-ecc.pem
+-k ./certs/ecc-key.pem
+
+# client TLSv1.1 ECDHE-ECDSA-RC4
+-v 2
+-l QSH:ECDHE-ECDSA-RC4-SHA
+-A ./certs/server-ecc.pem
+
+# server TLSv1.1 ECDHE-ECDSA-DES3
+-v 2
+-l QSH:ECDHE-ECDSA-DES-CBC3-SHA
+-c ./certs/server-ecc.pem
+-k ./certs/ecc-key.pem
+
+# client TLSv1.1 ECDHE-ECDSA-DES3
+-v 2
+-l QSH:ECDHE-ECDSA-DES-CBC3-SHA
+-A ./certs/server-ecc.pem
+
+# server TLSv1.1 ECDHE-ECDSA-AES128 
+-v 2
+-l QSH:ECDHE-ECDSA-AES128-SHA
+-c ./certs/server-ecc.pem
+-k ./certs/ecc-key.pem
+
+# client TLSv1.1 ECDHE-ECDSA-AES128 
+-v 2
+-l QSH:ECDHE-ECDSA-AES128-SHA
+-A ./certs/server-ecc.pem
+
+# server TLSv1.1 ECDHE-ECDSA-AES256
+-v 2
+-l QSH:ECDHE-ECDSA-AES256-SHA
+-c ./certs/server-ecc.pem
+-k ./certs/ecc-key.pem
+
+# client TLSv1.1 ECDHE-ECDSA-AES256
+-v 2
+-l QSH:ECDHE-ECDSA-AES256-SHA
+-A ./certs/server-ecc.pem
+
+# server TLSv1.2 ECDHE-ECDSA-RC4
+-v 3
+-l QSH:ECDHE-ECDSA-RC4-SHA
+-c ./certs/server-ecc.pem
+-k ./certs/ecc-key.pem
+
+# client TLSv1.2 ECDHE-ECDSA-RC4
+-v 3
+-l QSH:ECDHE-ECDSA-RC4-SHA
+-A ./certs/server-ecc.pem
+
+# server TLSv1.2 ECDHE-ECDSA-DES3
+-v 3
+-l QSH:ECDHE-ECDSA-DES-CBC3-SHA
+-c ./certs/server-ecc.pem
+-k ./certs/ecc-key.pem
+
+# client TLSv1.2 ECDHE-ECDSA-DES3
+-v 3
+-l QSH:ECDHE-ECDSA-DES-CBC3-SHA
+-A ./certs/server-ecc.pem
+
+# server TLSv1.2 ECDHE-ECDSA-AES128 
+-v 3
+-l QSH:ECDHE-ECDSA-AES128-SHA
+-c ./certs/server-ecc.pem
+-k ./certs/ecc-key.pem
+
+# client TLSv1.2 ECDHE-ECDSA-AES128 
+-v 3
+-l QSH:ECDHE-ECDSA-AES128-SHA
+-A ./certs/server-ecc.pem
+
+# server TLSv1.2 ECDHE-ECDSA-AES128-SHA256
+-v 3
+-l QSH:ECDHE-ECDSA-AES128-SHA256
+-c ./certs/server-ecc.pem
+-k ./certs/ecc-key.pem
+
+# client TLSv1.2 ECDHE-ECDSA-AES128-SHA256
+-v 3
+-l QSH:ECDHE-ECDSA-AES128-SHA256
+-A ./certs/server-ecc.pem
+
+# server TLSv1.2 ECDHE-ECDSA-AES256
+-v 3
+-l QSH:ECDHE-ECDSA-AES256-SHA
+-c ./certs/server-ecc.pem
+-k ./certs/ecc-key.pem
+
+# client TLSv1.2 ECDHE-ECDSA-AES256
+-v 3
+-l QSH:ECDHE-ECDSA-AES256-SHA
+-A ./certs/server-ecc.pem
+
+# server TLSv1 ECDH-RSA-RC4
+-v 1
+-l QSH:ECDH-RSA-RC4-SHA
+-c ./certs/server-ecc-rsa.pem
+-k ./certs/ecc-key.pem
+
+# client TLSv1 ECDH-RSA-RC4
+-v 1
+-l QSH:ECDH-RSA-RC4-SHA
+
+# server TLSv1 ECDH-RSA-DES3
+-v 1
+-l QSH:ECDH-RSA-DES-CBC3-SHA
+-c ./certs/server-ecc-rsa.pem
+-k ./certs/ecc-key.pem
+
+# client TLSv1 ECDH-RSA-DES3
+-v 1
+-l QSH:ECDH-RSA-DES-CBC3-SHA
+
+# server TLSv1 ECDH-RSA-AES128 
+-v 1
+-l QSH:ECDH-RSA-AES128-SHA
+-c ./certs/server-ecc-rsa.pem
+-k ./certs/ecc-key.pem
+
+# client TLSv1 ECDH-RSA-AES128 
+-v 1
+-l QSH:ECDH-RSA-AES128-SHA
+
+# server TLSv1 ECDH-RSA-AES256
+-v 1
+-l QSH:ECDH-RSA-AES256-SHA
+-c ./certs/server-ecc-rsa.pem
+-k ./certs/ecc-key.pem
+
+# client TLSv1 ECDH-RSA-AES256
+-v 1
+-l QSH:ECDH-RSA-AES256-SHA
+
+# server TLSv1.1 ECDH-RSA-RC4
+-v 2
+-l QSH:ECDH-RSA-RC4-SHA
+-c ./certs/server-ecc-rsa.pem
+-k ./certs/ecc-key.pem
+
+# client TLSv1.1 ECDH-RSA-RC4
+-v 2
+-l QSH:ECDH-RSA-RC4-SHA
+
+# server TLSv1.1 ECDH-RSA-DES3
+-v 2
+-l QSH:ECDH-RSA-DES-CBC3-SHA
+-c ./certs/server-ecc-rsa.pem
+-k ./certs/ecc-key.pem
+
+# client TLSv1.1 ECDH-RSA-DES3
+-v 2
+-l QSH:ECDH-RSA-DES-CBC3-SHA
+
+# server TLSv1.1 ECDH-RSA-AES128 
+-v 2
+-l QSH:ECDH-RSA-AES128-SHA
+-c ./certs/server-ecc-rsa.pem
+-k ./certs/ecc-key.pem
+
+# client TLSv1.1 ECDH-RSA-AES128 
+-v 2
+-l QSH:ECDH-RSA-AES128-SHA
+
+# server TLSv1.1 ECDH-RSA-AES256
+-v 2
+-l QSH:ECDH-RSA-AES256-SHA
+-c ./certs/server-ecc-rsa.pem
+-k ./certs/ecc-key.pem
+
+# client TLSv1.1 ECDH-RSA-AES256
+-v 2
+-l QSH:ECDH-RSA-AES256-SHA
+
+# server TLSv1.2 ECDH-RSA-RC4
+-v 3
+-l QSH:ECDH-RSA-RC4-SHA
+-c ./certs/server-ecc-rsa.pem
+-k ./certs/ecc-key.pem
+
+# client TLSv1.2 ECDH-RSA-RC4
+-v 3
+-l QSH:ECDH-RSA-RC4-SHA
+
+# server TLSv1.2 ECDH-RSA-DES3
+-v 3
+-l QSH:ECDH-RSA-DES-CBC3-SHA
+-c ./certs/server-ecc-rsa.pem
+-k ./certs/ecc-key.pem
+
+# client TLSv1.2 ECDH-RSA-DES3
+-v 3
+-l QSH:ECDH-RSA-DES-CBC3-SHA
+
+# server TLSv1.2 ECDH-RSA-AES128 
+-v 3
+-l QSH:ECDH-RSA-AES128-SHA
+-c ./certs/server-ecc-rsa.pem
+-k ./certs/ecc-key.pem
+
+# client TLSv1.2 ECDH-RSA-AES128 
+-v 3
+-l QSH:ECDH-RSA-AES128-SHA
+
+# server TLSv1.2 ECDH-RSA-AES128-SHA256 
+-v 3
+-l QSH:ECDH-RSA-AES128-SHA256
+-c ./certs/server-ecc-rsa.pem
+-k ./certs/ecc-key.pem
+
+# client TLSv1.2 ECDH-RSA-AES128-SHA256 
+-v 3
+-l QSH:ECDH-RSA-AES128-SHA256
+
+# server TLSv1.2 ECDH-RSA-AES256
+-v 3
+-l QSH:ECDH-RSA-AES256-SHA
+-c ./certs/server-ecc-rsa.pem
+-k ./certs/ecc-key.pem
+
+# client TLSv1.2 ECDH-RSA-AES256
+-v 3
+-l QSH:ECDH-RSA-AES256-SHA
+
+# server TLSv1 ECDH-ECDSA-RC4
+-v 1
+-l QSH:ECDH-ECDSA-RC4-SHA
+-c ./certs/server-ecc.pem
+-k ./certs/ecc-key.pem
+
+# client TLSv1 ECDH-ECDSA-RC4
+-v 1
+-l QSH:ECDH-ECDSA-RC4-SHA
+-A ./certs/server-ecc.pem
+
+# server TLSv1 ECDH-ECDSA-DES3
+-v 1
+-l QSH:ECDH-ECDSA-DES-CBC3-SHA
+-c ./certs/server-ecc.pem
+-k ./certs/ecc-key.pem
+
+# client TLSv1 ECDH-ECDSA-DES3
+-v 1
+-l QSH:ECDH-ECDSA-DES-CBC3-SHA
+-A ./certs/server-ecc.pem
+
+# server TLSv1 ECDH-ECDSA-AES128 
+-v 1
+-l QSH:ECDH-ECDSA-AES128-SHA
+-c ./certs/server-ecc.pem
+-k ./certs/ecc-key.pem
+
+# client TLSv1 ECDH-ECDSA-AES128 
+-v 1
+-l QSH:ECDH-ECDSA-AES128-SHA
+-A ./certs/server-ecc.pem
+
+# server TLSv1 ECDH-ECDSA-AES256
+-v 1
+-l QSH:ECDH-ECDSA-AES256-SHA
+-c ./certs/server-ecc.pem
+-k ./certs/ecc-key.pem
+
+# client TLSv1 ECDH-ECDSA-AES256
+-v 1
+-l QSH:ECDH-ECDSA-AES256-SHA
+-A ./certs/server-ecc.pem
+
+# server TLSv1.1 ECDH-EDCSA-RC4
+-v 2
+-l QSH:ECDH-ECDSA-RC4-SHA
+-c ./certs/server-ecc.pem
+-k ./certs/ecc-key.pem
+
+# client TLSv1.1 ECDH-ECDSA-RC4
+-v 2
+-l QSH:ECDH-ECDSA-RC4-SHA
+-A ./certs/server-ecc.pem
+
+# server TLSv1.1 ECDH-ECDSA-DES3
+-v 2
+-l QSH:ECDH-ECDSA-DES-CBC3-SHA
+-c ./certs/server-ecc.pem
+-k ./certs/ecc-key.pem
+
+# client TLSv1.1 ECDH-ECDSA-DES3
+-v 2
+-l QSH:ECDH-ECDSA-DES-CBC3-SHA
+-A ./certs/server-ecc.pem
+
+# server TLSv1.1 ECDH-ECDSA-AES128 
+-v 2
+-l QSH:ECDH-ECDSA-AES128-SHA
+-c ./certs/server-ecc.pem
+-k ./certs/ecc-key.pem
+
+# client TLSv1.1 ECDH-ECDSA-AES128 
+-v 2
+-l QSH:ECDH-ECDSA-AES128-SHA
+-A ./certs/server-ecc.pem
+
+# server TLSv1.1 ECDH-ECDSA-AES256
+-v 2
+-l QSH:ECDH-ECDSA-AES256-SHA
+-c ./certs/server-ecc.pem
+-k ./certs/ecc-key.pem
+
+# client TLSv1.1 ECDH-ECDSA-AES256
+-v 2
+-l QSH:ECDH-ECDSA-AES256-SHA
+-A ./certs/server-ecc.pem
+
+# server TLSv1.2 ECDHE-ECDSA-RC4
+-v 3
+-l QSH:ECDH-ECDSA-RC4-SHA
+-c ./certs/server-ecc.pem
+-k ./certs/ecc-key.pem
+
+# client TLSv1.2 ECDH-ECDSA-RC4
+-v 3
+-l QSH:ECDH-ECDSA-RC4-SHA
+-A ./certs/server-ecc.pem
+
+# server TLSv1.2 ECDH-ECDSA-DES3
+-v 3
+-l QSH:ECDH-ECDSA-DES-CBC3-SHA
+-c ./certs/server-ecc.pem
+-k ./certs/ecc-key.pem
+
+# client TLSv1.2 ECDH-ECDSA-DES3
+-v 3
+-l QSH:ECDH-ECDSA-DES-CBC3-SHA
+-A ./certs/server-ecc.pem
+
+# server TLSv1.2 ECDH-ECDSA-AES128 
+-v 3
+-l QSH:ECDH-ECDSA-AES128-SHA
+-c ./certs/server-ecc.pem
+-k ./certs/ecc-key.pem
+
+# client TLSv1.2 ECDH-ECDSA-AES128 
+-v 3
+-l QSH:ECDH-ECDSA-AES128-SHA
+-A ./certs/server-ecc.pem
+
+# server TLSv1.2 ECDH-ECDSA-AES128-SHA256
+-v 3
+-l QSH:ECDH-ECDSA-AES128-SHA256
+-c ./certs/server-ecc.pem
+-k ./certs/ecc-key.pem
+
+# client TLSv1.2 ECDH-ECDSA-AES128-SHA256 
+-v 3
+-l QSH:ECDH-ECDSA-AES128-SHA256
+-A ./certs/server-ecc.pem
+
+# server TLSv1.2 ECDH-ECDSA-AES256
+-v 3
+-l QSH:ECDH-ECDSA-AES256-SHA
+-c ./certs/server-ecc.pem
+-k ./certs/ecc-key.pem
+
+# client TLSv1.2 ECDH-ECDSA-AES256
+-v 3
+-l QSH:ECDH-ECDSA-AES256-SHA
+-A ./certs/server-ecc.pem
+
+# server TLSv1.2 ECDHE-RSA-AES256-SHA384
+-v 3
+-l QSH:ECDHE-RSA-AES256-SHA384
+
+# client TLSv1.2 ECDHE-RSA-AES256-SHA384 
+-v 3
+-l QSH:ECDHE-RSA-AES256-SHA384
+
+# server TLSv1.2 ECDHE-ECDSA-AES256-SHA384
+-v 3
+-l QSH:ECDHE-ECDSA-AES256-SHA384
+-c ./certs/server-ecc.pem
+-k ./certs/ecc-key.pem
+
+# client TLSv1.2 ECDHE-ECDSA-AES256-SHA384
+-v 3
+-l QSH:ECDHE-ECDSA-AES256-SHA384
+-A ./certs/server-ecc.pem
+
+# server TLSv1.2 ECDH-RSA-AES256-SHA384 
+-v 3
+-l QSH:ECDH-RSA-AES256-SHA384
+-c ./certs/server-ecc-rsa.pem
+-k ./certs/ecc-key.pem
+
+# client TLSv1.2 ECDH-RSA-AES256-SHA384 
+-v 3
+-l QSH:ECDH-RSA-AES256-SHA384
+
+# server TLSv1.2 ECDH-ECDSA-AES256-SHA384
+-v 3
+-l QSH:ECDH-ECDSA-AES256-SHA384
+-c ./certs/server-ecc.pem
+-k ./certs/ecc-key.pem
+
+# client TLSv1.2 ECDH-ECDSA-AES256-SHA384 
+-v 3
+-l QSH:ECDH-ECDSA-AES256-SHA384
+-A ./certs/server-ecc.pem
+
+# server TLSv1 HC128-SHA
+-v 1
+-l QSH:HC128-SHA
+
+# client TLSv1 HC128-SHA
+-v 1
+-l QSH:HC128-SHA
+
+# server TLSv1 HC128-MD5
+-v 1
+-l QSH:HC128-MD5
+
+# client TLSv1 HC128-MD5
+-v 1
+-l QSH:HC128-MD5
+
+# server TLSv1 HC128-B2B256
+-v 1
+-l QSH:HC128-B2B256
+
+# client TLSv1 HC128-B2B256
+-v 1
+-l QSH:HC128-B2B256
+
+# server TLSv1 AES128-B2B256
+-v 1
+-l QSH:AES128-B2B256
+
+# client TLSv1 AES128-B2B256
+-v 1
+-l QSH:AES128-B2B256
+
+# server TLSv1 AES256-B2B256
+-v 1
+-l QSH:AES256-B2B256
+
+# client TLSv1 AES256-B2B256
+-v 1
+-l QSH:AES256-B2B256
+
+# server TLSv1.1 HC128-SHA
+-v 2
+-l QSH:HC128-SHA
+
+# client TLSv1.1 HC128-SHA
+-v 2
+-l QSH:HC128-SHA
+
+# server TLSv1.1 HC128-MD5
+-v 2
+-l QSH:HC128-MD5
+
+# client TLSv1.1 HC128-MD5
+-v 2
+-l QSH:HC128-MD5
+
+# server TLSv1.1 HC128-B2B256
+-v 2
+-l QSH:HC128-B2B256
+
+# client TLSv1.1 HC128-B2B256
+-v 2
+-l QSH:HC128-B2B256
+
+# server TLSv1.1 AES128-B2B256
+-v 2
+-l QSH:AES128-B2B256
+
+# client TLSv1.1 AES128-B2B256
+-v 2
+-l QSH:AES128-B2B256
+
+# server TLSv1.1 AES256-B2B256
+-v 2
+-l QSH:AES256-B2B256
+
+# client TLSv1.1 AES256-B2B256
+-v 2
+-l QSH:AES256-B2B256
+
+# server TLSv1.2 HC128-SHA
+-v 3
+-l QSH:HC128-SHA
+
+# client TLSv1.2 HC128-SHA
+-v 3
+-l QSH:HC128-SHA
+
+# server TLSv1.2 HC128-MD5
+-v 3
+-l QSH:HC128-MD5
+
+# client TLSv1.2 HC128-MD5
+-v 3
+-l QSH:HC128-MD5
+
+# server TLSv1.2 HC128-B2B256
+-v 3
+-l QSH:HC128-B2B256
+
+# client TLSv1.2 HC128-B2B256
+-v 3
+-l QSH:HC128-B2B256
+
+# server TLSv1.2 AES128-B2B256
+-v 3
+-l QSH:AES128-B2B256
+
+# client TLSv1.2 AES128-B2B256
+-v 3
+-l QSH:AES128-B2B256
+
+# server TLSv1.2 AES256-B2B256
+-v 3
+-l QSH:AES256-B2B256
+
+# client TLSv1.2 AES256-B2B256
+-v 3
+-l QSH:AES256-B2B256
+
+# server TLSv1 RABBIT-SHA
+-v 1
+-l QSH:RABBIT-SHA
+
+# client TLSv1 RABBIT-SHA
+-v 1
+-l QSH:RABBIT-SHA
+
+# server TLSv1.1 RABBIT-SHA
+-v 2
+-l QSH:RABBIT-SHA
+
+# client TLSv1.1 RABBIT-SHA
+-v 2
+-l QSH:RABBIT-SHA
+
+# server TLSv1.2 RABBIT-SHA
+-v 3
+-l QSH:RABBIT-SHA
+
+# client TLSv1.2 RABBIT-SHA
+-v 3
+-l QSH:RABBIT-SHA
+
+# server TLSv1 DHE AES128
+-v 1
+-l QSH:DHE-RSA-AES128-SHA
+
+# client TLSv1 DHE AES128
+-v 1
+-l QSH:DHE-RSA-AES128-SHA
+
+# server TLSv1 DHE AES256
+-v 1
+-l QSH:DHE-RSA-AES256-SHA
+
+# client TLSv1 DHE AES256
+-v 1
+-l QSH:DHE-RSA-AES256-SHA
+
+# server TLSv1 DHE AES128-SHA256
+-v 1
+-l QSH:DHE-RSA-AES128-SHA256
+
+# client TLSv1 DHE AES128-SHA256
+-v 1
+-l QSH:DHE-RSA-AES128-SHA256
+
+# server TLSv1 DHE AES256-SHA256
+-v 1
+-l QSH:DHE-RSA-AES256-SHA256
+
+# client TLSv1 DHE AES256-SHA256
+-v 1
+-l QSH:DHE-RSA-AES256-SHA256
+
+# server TLSv1.1 DHE AES128
+-v 2
+-l QSH:DHE-RSA-AES128-SHA
+
+# client TLSv1.1 DHE AES128
+-v 2
+-l QSH:DHE-RSA-AES128-SHA
+
+# server TLSv1.1 DHE AES256
+-v 2
+-l QSH:DHE-RSA-AES256-SHA
+
+# client TLSv1.1 DHE AES256
+-v 2
+-l QSH:DHE-RSA-AES256-SHA
+
+# server TLSv1.1 DHE AES128-SHA256
+-v 2
+-l QSH:DHE-RSA-AES128-SHA256
+
+# client TLSv1.1 DHE AES128-SHA256
+-v 2
+-l QSH:DHE-RSA-AES128-SHA256
+
+# server TLSv1.1 DHE AES256-SHA256
+-v 2
+-l QSH:DHE-RSA-AES256-SHA256
+
+# client TLSv1.1 DHE AES256-SHA256
+-v 2
+-l QSH:DHE-RSA-AES256-SHA256
+
+# server TLSv1.2 DHE AES128
+-v 3
+-l QSH:DHE-RSA-AES128-SHA
+
+# client TLSv1.2 DHE AES128
+-v 3
+-l QSH:DHE-RSA-AES128-SHA
+
+# server TLSv1.2 DHE AES256
+-v 3
+-l QSH:DHE-RSA-AES256-SHA
+
+# client TLSv1.2 DHE AES256
+-v 3
+-l QSH:DHE-RSA-AES256-SHA
+
+# server TLSv1.2 DHE AES128-SHA256
+-v 3
+-l QSH:DHE-RSA-AES128-SHA256
+
+# client TLSv1.2 DHE AES128-SHA256
+-v 3
+-l QSH:DHE-RSA-AES128-SHA256
+
+# server TLSv1.2 DHE AES256-SHA256
+-v 3
+-l QSH:DHE-RSA-AES256-SHA256
+
+# client TLSv1.2 DHE AES256-SHA256
+-v 3
+-l QSH:DHE-RSA-AES256-SHA256
+
+# server TLSv1 PSK-AES128
+-s
+-v 1
+-l QSH:PSK-AES128-CBC-SHA
+
+# client TLSv1 PSK-AES128
+-s
+-v 1
+-l QSH:PSK-AES128-CBC-SHA
+
+# server TLSv1 PSK-AES256
+-s
+-v 1
+-l QSH:PSK-AES256-CBC-SHA
+
+# client TLSv1 PSK-AES256
+-s
+-v 1
+-l QSH:PSK-AES256-CBC-SHA
+
+# server TLSv1.1 PSK-AES128
+-s
+-v 2
+-l QSH:PSK-AES128-CBC-SHA
+
+# client TLSv1.1 PSK-AES128
+-s
+-v 2
+-l QSH:PSK-AES128-CBC-SHA
+
+# server TLSv1.1 PSK-AES256
+-s
+-v 2
+-l QSH:PSK-AES256-CBC-SHA
+
+# client TLSv1.1 PSK-AES256
+-s
+-v 2
+-l QSH:PSK-AES256-CBC-SHA
+
+# server TLSv1.2 PSK-AES128
+-s
+-v 3
+-l QSH:PSK-AES128-CBC-SHA
+
+# client TLSv1.2 PSK-AES128
+-s
+-v 3
+-l QSH:PSK-AES128-CBC-SHA
+
+# server TLSv1.2 PSK-AES256
+-s
+-v 3
+-l QSH:PSK-AES256-CBC-SHA
+
+# client TLSv1.2 PSK-AES256
+-s
+-v 3
+-l QSH:PSK-AES256-CBC-SHA
+
+# server TLSv1.0 PSK-AES128-SHA256
+-s
+-v 1
+-l QSH:PSK-AES128-CBC-SHA256
+
+# client TLSv1.0 PSK-AES128-SHA256
+-s
+-v 1
+-l QSH:PSK-AES128-CBC-SHA256
+
+# server TLSv1.1 PSK-AES128-SHA256
+-s
+-v 2
+-l QSH:PSK-AES128-CBC-SHA256
+
+# client TLSv1.1 PSK-AES128-SHA256
+-s
+-v 2
+-l QSH:PSK-AES128-CBC-SHA256
+
+# server TLSv1.2 PSK-AES128-SHA256
+-s
+-v 3
+-l QSH:PSK-AES128-CBC-SHA256
+
+# client TLSv1.2 PSK-AES128-SHA256
+-s
+-v 3
+-l QSH:PSK-AES128-CBC-SHA256
+
+# server TLSv1.0 PSK-AES256-SHA384
+-s
+-v 1
+-l QSH:PSK-AES256-CBC-SHA384
+
+# client TLSv1.0 PSK-AES256-SHA384
+-s
+-v 1
+-l QSH:PSK-AES256-CBC-SHA384
+
+# server TLSv1.1 PSK-AES256-SHA384
+-s
+-v 2
+-l QSH:PSK-AES256-CBC-SHA384
+
+# client TLSv1.1 PSK-AES256-SHA384
+-s
+-v 2
+-l QSH:PSK-AES256-CBC-SHA384
+
+# server TLSv1.2 PSK-AES256-SHA384
+-s
+-v 3
+-l QSH:PSK-AES256-CBC-SHA384
+
+# client TLSv1.2 PSK-AES256-SHA384
+-s
+-v 3
+-l QSH:PSK-AES256-CBC-SHA384
+
+# server TLSv1.0 PSK-NULL
+-s
+-v 1
+-l QSH:PSK-NULL-SHA
+
+# client TLSv1.0 PSK-NULL
+-s
+-v 1
+-l QSH:PSK-NULL-SHA
+
+# server TLSv1.1 PSK-NULL
+-s
+-v 2
+-l QSH:PSK-NULL-SHA
+
+# client TLSv1.1 PSK-NULL
+-s
+-v 2
+-l QSH:PSK-NULL-SHA
+
+# server TLSv1.2 PSK-NULL
+-s
+-v 3
+-l QSH:PSK-NULL-SHA
+
+# client TLSv1.2 PSK-NULL
+-s
+-v 3
+-l QSH:PSK-NULL-SHA
+
+# server TLSv1.2 PSK-NULL-SHA256
+-s
+-v 3
+-l QSH:PSK-NULL-SHA256
+
+# client TLSv1.2 PSK-NULL-SHA256
+-s
+-v 3
+-l QSH:PSK-NULL-SHA256
+
+# server TLSv1.2 PSK-NULL-SHA384
+-s
+-v 3
+-l QSH:PSK-NULL-SHA384
+
+# client TLSv1.2 PSK-NULL-SHA384
+-s
+-v 3
+-l QSH:PSK-NULL-SHA384
+
+# server TLSv1.2 PSK-NULL
+-s
+-v 3
+-l QSH:PSK-NULL-SHA
+
+# client TLSv1.2 PSK-NULL
+-s
+-v 3
+-l QSH:PSK-NULL-SHA
+
+# server TLSv1.2 PSK-NULL-SHA256
+-s
+-v 3
+-l QSH:PSK-NULL-SHA256
+
+# client TLSv1.2 PSK-NULL-SHA256
+-s
+-v 3
+-l QSH:PSK-NULL-SHA256
+
+# server TLSv1.0 RSA-NULL-SHA
+-v 1
+-l QSH:NULL-SHA
+
+# client TLSv1.0 RSA-NULL-SHA
+-v 1
+-l QSH:NULL-SHA
+
+# server TLSv1.1 RSA-NULL-SHA
+-v 2
+-l QSH:NULL-SHA
+
+# client TLSv1.1 RSA-NULL-SHA
+-v 2
+-l QSH:NULL-SHA
+
+# server TLSv1.2 RSA-NULL-SHA
+-v 3
+-l QSH:NULL-SHA
+
+# client TLSv1.2 RSA-NULL-SHA
+-v 3
+-l QSH:NULL-SHA
+
+# server TLSv1.0 RSA-NULL-SHA256
+-v 1
+-l QSH:NULL-SHA256
+
+# client TLSv1.0 RSA-NULL-SHA256
+-v 1
+-l QSH:NULL-SHA256
+
+# server TLSv1.1 RSA-NULL-SHA256
+-v 2
+-l QSH:NULL-SHA256
+
+# client TLSv1.1 RSA-NULL-SHA256
+-v 2
+-l QSH:NULL-SHA256
+
+# server TLSv1.2 RSA-NULL-SHA256
+-v 3
+-l QSH:NULL-SHA256
+
+# client TLSv1.2 RSA-NULL-SHA256
+-v 3
+-l QSH:NULL-SHA256
+
+# server TLSv1 CAMELLIA128-SHA
+-v 1
+-l QSH:CAMELLIA128-SHA
+
+# client TLSv1 CAMELLIA128-SHA
+-v 1
+-l QSH:CAMELLIA128-SHA
+
+# server TLSv1 CAMELLIA256-SHA
+-v 1
+-l QSH:CAMELLIA256-SHA
+
+# client TLSv1 CAMELLIA256-SHA
+-v 1
+-l QSH:CAMELLIA256-SHA
+
+# server TLSv1 CAMELLIA128-SHA256
+-v 1
+-l QSH:CAMELLIA128-SHA256
+
+# client TLSv1 CAMELLIA128-SHA256
+-v 1
+-l QSH:CAMELLIA128-SHA256
+
+# server TLSv1 CAMELLIA256-SHA256
+-v 1
+-l QSH:CAMELLIA256-SHA256
+
+# client TLSv1 CAMELLIA256-SHA256
+-v 1
+-l QSH:CAMELLIA256-SHA256
+
+# server TLSv1.1 CAMELLIA128-SHA
+-v 2
+-l QSH:CAMELLIA128-SHA
+
+# client TLSv1.1 CAMELLIA128-SHA
+-v 2
+-l QSH:CAMELLIA128-SHA
+
+# server TLSv1.1 CAMELLIA256-SHA
+-v 2
+-l QSH:CAMELLIA256-SHA
+
+# client TLSv1.1 CAMELLIA256-SHA
+-v 2
+-l QSH:CAMELLIA256-SHA
+
+# server TLSv1.1 CAMELLIA128-SHA256
+-v 2
+-l QSH:CAMELLIA128-SHA256
+
+# client TLSv1.1 CAMELLIA128-SHA256
+-v 2
+-l QSH:CAMELLIA128-SHA256
+
+# server TLSv1.1 CAMELLIA256-SHA256
+-v 2
+-l QSH:CAMELLIA256-SHA256
+
+# client TLSv1.1 CAMELLIA256-SHA256
+-v 2
+-l QSH:CAMELLIA256-SHA256
+
+# server TLSv1.2 CAMELLIA128-SHA
+-v 3
+-l QSH:CAMELLIA128-SHA
+
+# client TLSv1.2 CAMELLIA128-SHA
+-v 3
+-l QSH:CAMELLIA128-SHA
+
+# server TLSv1.2 CAMELLIA256-SHA
+-v 3
+-l QSH:CAMELLIA256-SHA
+
+# client TLSv1.2 CAMELLIA256-SHA
+-v 3
+-l QSH:CAMELLIA256-SHA
+
+# server TLSv1.2 CAMELLIA128-SHA256
+-v 3
+-l QSH:CAMELLIA128-SHA256
+
+# client TLSv1.2 CAMELLIA128-SHA256
+-v 3
+-l QSH:CAMELLIA128-SHA256
+
+# server TLSv1.2 CAMELLIA256-SHA256
+-v 3
+-l QSH:CAMELLIA256-SHA256
+
+# client TLSv1.2 CAMELLIA256-SHA256
+-v 3
+-l QSH:CAMELLIA256-SHA256
+
+# server TLSv1 DHE-RSA-CAMELLIA128-SHA
+-v 1
+-l QSH:DHE-RSA-CAMELLIA128-SHA
+
+# client TLSv1 DHE-RSA-CAMELLIA128-SHA
+-v 1
+-l QSH:DHE-RSA-CAMELLIA128-SHA
+
+# server TLSv1 DHE-RSA-CAMELLIA256-SHA
+-v 1
+-l QSH:DHE-RSA-CAMELLIA256-SHA
+
+# client TLSv1 DHE-RSA-CAMELLIA256-SHA
+-v 1
+-l QSH:DHE-RSA-CAMELLIA256-SHA
+
+# server TLSv1 DHE-RSA-CAMELLIA128-SHA256
+-v 1
+-l QSH:DHE-RSA-CAMELLIA128-SHA256
+
+# client TLSv1 DHE-RSA-CAMELLIA128-SHA256
+-v 1
+-l QSH:DHE-RSA-CAMELLIA128-SHA256
+
+# server TLSv1 DHE-RSA-CAMELLIA256-SHA256
+-v 1
+-l QSH:DHE-RSA-CAMELLIA256-SHA256
+
+# client TLSv1 DHE-RSA-CAMELLIA256-SHA256
+-v 1
+-l QSH:DHE-RSA-CAMELLIA256-SHA256
+
+# server TLSv1.1 DHE-RSA-CAMELLIA128-SHA
+-v 2
+-l QSH:DHE-RSA-CAMELLIA128-SHA
+
+# client TLSv1.1 DHE-RSA-CAMELLIA128-SHA
+-v 2
+-l QSH:DHE-RSA-CAMELLIA128-SHA
+
+# server TLSv1.1 DHE-RSA-CAMELLIA256-SHA
+-v 2
+-l QSH:DHE-RSA-CAMELLIA256-SHA
+
+# client TLSv1.1 DHE-RSA-CAMELLIA256-SHA
+-v 2
+-l QSH:DHE-RSA-CAMELLIA256-SHA
+
+# server TLSv1.1 DHE-RSA-CAMELLIA128-SHA256
+-v 2
+-l QSH:DHE-RSA-CAMELLIA128-SHA256
+
+# client TLSv1.1 DHE-RSA-CAMELLIA128-SHA256
+-v 2
+-l QSH:DHE-RSA-CAMELLIA128-SHA256
+
+# server TLSv1.1 DHE-RSA-CAMELLIA256-SHA256
+-v 2
+-l QSH:DHE-RSA-CAMELLIA256-SHA256
+
+# client TLSv1.1 DHE-RSA-CAMELLIA256-SHA256
+-v 2
+-l QSH:DHE-RSA-CAMELLIA256-SHA256
+
+# server TLSv1.2 DHE-RSA-CAMELLIA128-SHA
+-v 3
+-l QSH:DHE-RSA-CAMELLIA128-SHA
+
+# client TLSv1.2 DHE-RSA-CAMELLIA128-SHA
+-v 3
+-l QSH:DHE-RSA-CAMELLIA128-SHA
+
+# server TLSv1.2 DHE-RSA-CAMELLIA256-SHA
+-v 3
+-l QSH:DHE-RSA-CAMELLIA256-SHA
+
+# client TLSv1.2 DHE-RSA-CAMELLIA256-SHA
+-v 3
+-l QSH:DHE-RSA-CAMELLIA256-SHA
+
+# server TLSv1.2 DHE-RSA-CAMELLIA128-SHA256
+-v 3
+-l QSH:DHE-RSA-CAMELLIA128-SHA256
+
+# client TLSv1.2 DHE-RSA-CAMELLIA128-SHA256
+-v 3
+-l QSH:DHE-RSA-CAMELLIA128-SHA256
+
+# server TLSv1.2 DHE-RSA-CAMELLIA256-SHA256
+-v 3
+-l QSH:DHE-RSA-CAMELLIA256-SHA256
+
+# client TLSv1.2 DHE-RSA-CAMELLIA256-SHA256
+-v 3
+-l QSH:DHE-RSA-CAMELLIA256-SHA256
+
+# server TLSv1.2 RSA-AES128-GCM-SHA256 
+-v 3
+-l QSH:AES128-GCM-SHA256
+
+# client TLSv1.2 RSA-AES128-GCM-SHA256 
+-v 3
+-l QSH:AES128-GCM-SHA256
+
+# server TLSv1.2 RSA-AES256-GCM-SHA384
+-v 3
+-l QSH:AES256-GCM-SHA384
+
+# client TLSv1.2 RSA-AES256-GCM-SHA384
+-v 3
+-l QSH:AES256-GCM-SHA384
+
+# server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 
+-v 3
+-l QSH:ECDHE-ECDSA-AES128-GCM-SHA256
+-c ./certs/server-ecc.pem
+-k ./certs/ecc-key.pem
+
+# client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 
+-v 3
+-l QSH:ECDHE-ECDSA-AES128-GCM-SHA256
+-A ./certs/server-ecc.pem
+
+# server TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
+-v 3
+-l QSH:ECDHE-ECDSA-AES256-GCM-SHA384
+-c ./certs/server-ecc.pem
+-k ./certs/ecc-key.pem
+
+# client TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
+-v 3
+-l QSH:ECDHE-ECDSA-AES256-GCM-SHA384
+-A ./certs/server-ecc.pem
+
+# server TLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256 
+-v 3
+-l QSH:ECDH-ECDSA-AES128-GCM-SHA256
+-c ./certs/server-ecc.pem
+-k ./certs/ecc-key.pem
+
+# client TLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256 
+-v 3
+-l QSH:ECDH-ECDSA-AES128-GCM-SHA256
+-A ./certs/server-ecc.pem
+
+# server TLSv1.2 ECDH-ECDSA-AES256-GCM-SHA384
+-v 3
+-l QSH:ECDH-ECDSA-AES256-GCM-SHA384
+-c ./certs/server-ecc.pem
+-k ./certs/ecc-key.pem
+
+# client TLSv1.2 ECDH-ECDSA-AES256-GCM-SHA384
+-v 3
+-l QSH:ECDH-ECDSA-AES256-GCM-SHA384
+-A ./certs/server-ecc.pem
+
+# server TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 
+-v 3
+-l QSH:ECDHE-RSA-AES128-GCM-SHA256
+
+# client TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 
+-v 3
+-l QSH:ECDHE-RSA-AES128-GCM-SHA256
+
+# server TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
+-v 3
+-l QSH:ECDHE-RSA-AES256-GCM-SHA384
+
+# client TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
+-v 3
+-l QSH:ECDHE-RSA-AES256-GCM-SHA384
+
+# server TLSv1.2 ECDH-RSA-AES128-GCM-SHA256 
+-v 3
+-l QSH:ECDH-RSA-AES128-GCM-SHA256
+-c ./certs/server-ecc-rsa.pem
+-k ./certs/ecc-key.pem
+
+# client TLSv1.2 ECDH-RSA-AES128-GCM-SHA256 
+-v 3
+-l QSH:ECDH-RSA-AES128-GCM-SHA256
+
+# server TLSv1.2 ECDH-RSA-AES256-GCM-SHA384
+-v 3
+-l QSH:ECDH-RSA-AES256-GCM-SHA384
+-c ./certs/server-ecc-rsa.pem
+-k ./certs/ecc-key.pem
+
+# client TLSv1.2 ECDH-RSA-AES256-GCM-SHA384
+-v 3
+-l QSH:ECDH-RSA-AES256-GCM-SHA384
+
+# server TLSv1.2 DHE-RSA-AES128-GCM-SHA256 
+-v 3
+-l QSH:DHE-RSA-AES128-GCM-SHA256
+
+# client TLSv1.2 DHE-RSA-AES128-GCM-SHA256 
+-v 3
+-l QSH:DHE-RSA-AES128-GCM-SHA256
+
+# server TLSv1.2 DHE-RSA-AES256-GCM-SHA384
+-v 3
+-l QSH:DHE-RSA-AES256-GCM-SHA384
+
+# client TLSv1.2 DHE-RSA-AES256-GCM-SHA384
+-v 3
+-l QSH:DHE-RSA-AES256-GCM-SHA384
+
+# server TLSv1.2 PSK-AES128-GCM-SHA256
+-s
+-v 3
+-l QSH:PSK-AES128-GCM-SHA256
+
+# client TLSv1.2 PSK-AES128-GCM-SHA256
+-s
+-v 3
+-l QSH:PSK-AES128-GCM-SHA256
+
+# server TLSv1.2 PSK-AES256-GCM-SHA384
+-s
+-v 3
+-l QSH:PSK-AES256-GCM-SHA384
+
+# client TLSv1.2 PSK-AES256-GCM-SHA384
+-s
+-v 3
+-l QSH:PSK-AES256-GCM-SHA384
+
+# server TLSv1.2 AES128-CCM-8
+-v 3
+-l QSH:AES128-CCM-8
+
+# client TLSv1.2 AES128-CCM-8
+-v 3
+-l QSH:AES128-CCM-8
+
+# server TLSv1.2 AES256-CCM-8
+-v 3
+-l QSH:AES256-CCM-8
+
+# client TLSv1.2 AES256-CCM-8
+-v 3
+-l QSH:AES256-CCM-8
+
+# server TLSv1.2 ECDHE-ECDSA-AES128-CCM-8
+-v 3
+-l QSH:ECDHE-ECDSA-AES128-CCM-8
+-c ./certs/server-ecc.pem
+-k ./certs/ecc-key.pem
+
+# client TLSv1.2 ECDHE-ECDSA-AES128-CCM-8
+-v 3
+-l QSH:ECDHE-ECDSA-AES128-CCM-8
+-A ./certs/server-ecc.pem
+
+# server TLSv1.2 ECDHE-ECDSA-AES256-CCM-8
+-v 3
+-l QSH:ECDHE-ECDSA-AES256-CCM-8
+-c ./certs/server-ecc.pem
+-k ./certs/ecc-key.pem
+
+# client TLSv1.2 ECDHE-ECDSA-AES256-CCM-8
+-v 3
+-l QSH:ECDHE-ECDSA-AES256-CCM-8
+-A ./certs/server-ecc.pem
+
+# server TLSv1.2 PSK-AES128-CCM
+-s
+-v 3
+-l QSH:PSK-AES128-CCM
+
+# client TLSv1.2 PSK-AES128-CCM
+-s
+-v 3
+-l QSH:PSK-AES128-CCM
+
+# server TLSv1.2 PSK-AES256-CCM
+-s
+-v 3
+-l QSH:PSK-AES256-CCM
+
+# client TLSv1.2 PSK-AES256-CCM
+-s
+-v 3
+-l QSH:PSK-AES256-CCM
+
+# server TLSv1.2 PSK-AES128-CCM-8
+-s
+-v 3
+-l QSH:PSK-AES128-CCM-8
+
+# client TLSv1.2 PSK-AES128-CCM-8
+-s
+-v 3
+-l QSH:PSK-AES128-CCM-8
+
+# server TLSv1.2 PSK-AES256-CCM-8
+-s
+-v 3
+-l QSH:PSK-AES256-CCM-8
+
+# client TLSv1.2 PSK-AES256-CCM-8
+-s
+-v 3
+-l QSH:PSK-AES256-CCM-8
+
+# server TLSv1.0 DHE-PSK-AES128-CBC-SHA256
+-s
+-v 1
+-l QSH:DHE-PSK-AES128-CBC-SHA256
+
+# client TLSv1.0 DHE-PSK-AES128-CBC-SHA256
+-s
+-v 1
+-l QSH:DHE-PSK-AES128-CBC-SHA256
+
+# server TLSv1.1 DHE-PSK-AES128-CBC-SHA256
+-s
+-v 2
+-l QSH:DHE-PSK-AES128-CBC-SHA256
+
+# client TLSv1.1 DHE-PSK-AES128-CBC-SHA256
+-s
+-v 2
+-l QSH:DHE-PSK-AES128-CBC-SHA256
+
+# server TLSv1.2 DHE-PSK-AES128-CBC-SHA256
+-s
+-v 3
+-l QSH:DHE-PSK-AES128-CBC-SHA256
+
+# client TLSv1.2 DHE-PSK-AES128-CBC-SHA256
+-s
+-v 3
+-l QSH:DHE-PSK-AES128-CBC-SHA256
+
+# server TLSv1.0 DHE-PSK-AES256-CBC-SHA384
+-s
+-v 1
+-l QSH:DHE-PSK-AES256-CBC-SHA384
+
+# client TLSv1.0 DHE-PSK-AES256-CBC-SHA384
+-s
+-v 1
+-l QSH:DHE-PSK-AES256-CBC-SHA384
+
+# server TLSv1.1 DHE-PSK-AES256-CBC-SHA384
+-s
+-v 2
+-l QSH:DHE-PSK-AES256-CBC-SHA384
+
+# client TLSv1.1 DHE-PSK-AES256-CBC-SHA384
+-s
+-v 2
+-l QSH:DHE-PSK-AES256-CBC-SHA384
+
+# server TLSv1.2 DHE-PSK-AES256-CBC-SHA384
+-s
+-v 3
+-l QSH:DHE-PSK-AES256-CBC-SHA384
+
+# client TLSv1.2 DHE-PSK-AES256-CBC-SHA384
+-s
+-v 3
+-l QSH:DHE-PSK-AES256-CBC-SHA384
+
+# server TLSv1.0 DHE-PSK-NULL-SHA256
+-s
+-v 1
+-l QSH:DHE-PSK-NULL-SHA256
+
+# client TLSv1.0 DHE-PSK-NULL-SHA256
+-s
+-v 1
+-l QSH:DHE-PSK-NULL-SHA256
+
+# server TLSv1.1 DHE-PSK-NULL-SHA256
+-s
+-v 2
+-l QSH:DHE-PSK-NULL-SHA256
+
+# client TLSv1.1 DHE-PSK-NULL-SHA256
+-s
+-v 2
+-l QSH:DHE-PSK-NULL-SHA256
+
+# server TLSv1.2 DHE-PSK-NULL-SHA256
+-s
+-v 3
+-l QSH:DHE-PSK-NULL-SHA256
+
+# client TLSv1.2 DHE-PSK-NULL-SHA256
+-s
+-v 3
+-l QSH:DHE-PSK-NULL-SHA256
+
+# server TLSv1.0 DHE-PSK-NULL-SHA384
+-s
+-v 1
+-l QSH:DHE-PSK-NULL-SHA384
+
+# client TLSv1.0 DHE-PSK-NULL-SHA384
+-s
+-v 1
+-l QSH:DHE-PSK-NULL-SHA384
+
+# server TLSv1.1 DHE-PSK-NULL-SHA384
+-s
+-v 2
+-l QSH:DHE-PSK-NULL-SHA384
+
+# client TLSv1.1 DHE-PSK-NULL-SHA384
+-s
+-v 2
+-l QSH:DHE-PSK-NULL-SHA384
+
+# server TLSv1.2 DHE-PSK-NULL-SHA384
+-s
+-v 3
+-l QSH:DHE-PSK-NULL-SHA384
+
+# client TLSv1.2 DHE-PSK-NULL-SHA384
+-s
+-v 3
+-l QSH:DHE-PSK-NULL-SHA384
+
+# server TLSv1.2 DHE-PSK-AES128-GCM-SHA256
+-s
+-v 3
+-l QSH:DHE-PSK-AES128-GCM-SHA256
+
+# client TLSv1.2 DHE-PSK-AES128-GCM-SHA256
+-s
+-v 3
+-l QSH:DHE-PSK-AES128-GCM-SHA256
+
+# server TLSv1.2 DHE-PSK-AES256-GCM-SHA384
+-s
+-v 3
+-l QSH:DHE-PSK-AES256-GCM-SHA384
+
+# client TLSv1.2 DHE-PSK-AES256-GCM-SHA384
+-s
+-v 3
+-l QSH:DHE-PSK-AES256-GCM-SHA384
+
+# server TLSv1.2 DHE-PSK-AES128-CCM
+-s
+-v 3
+-l QSH:DHE-PSK-AES128-CCM
+
+# client TLSv1.2 DHE-PSK-AES128-CCM
+-s
+-v 3
+-l QSH:DHE-PSK-AES128-CCM
+
+# server TLSv1.2 DHE-PSK-AES256-CCM
+-s
+-v 3
+-l QSH:DHE-PSK-AES256-CCM
+
+# client TLSv1.2 DHE-PSK-AES256-CCM
+-s
+-v 3
+-l QSH:DHE-PSK-AES256-CCM
+
+# server TLSv1.2 ADH-AES128-SHA
+-a
+-v 3
+-l QSH:ADH-AES128-SHA
+
+# client TLSv1.2 ADH-AES128-SHA
+-a
+-v 3
+-l QSH:ADH-AES128-SHA
+
+# server TLSv1.1 ADH-AES128-SHA
+-a
+-v 2
+-l QSH:ADH-AES128-SHA
+
+# client TLSv1.1 ADH-AES128-SHA
+-a
+-v 2
+-l QSH:ADH-AES128-SHA
+
+# server TLSv1.0 ADH-AES128-SHA
+-a
+-v 1
+-l QSH:ADH-AES128-SHA
+
+# client TLSv1.0 ADH-AES128-SHA
+-a
+-v 1
+-l QSH:ADH-AES128-SHA
+
+
diff --git a/tests/test.conf b/tests/test.conf
index c949c2024..89e024860 100644
--- a/tests/test.conf
+++ b/tests/test.conf
@@ -975,138 +975,6 @@
 -v 3
 -l RABBIT-SHA
 
-# server TLSv1 NTRU_RC4
--v 1
--l NTRU-RC4-SHA
--n
--c ./certs/ntru-cert.pem
--k ./certs/ntru-key.raw
-
-# client TLSv1 NTRU_RC4
--v 1
--l NTRU-RC4-SHA
-
-# server TLSv1 NTRU_DES3
--v 1
--l NTRU-DES-CBC3-SHA
--n
--c ./certs/ntru-cert.pem
--k ./certs/ntru-key.raw
-
-# client TLSv1 NTRU_DES3
--v 1
--l NTRU-DES-CBC3-SHA
-
-# server TLSv1 NTRU_AES128
--v 1
--l NTRU-AES128-SHA
--n
--c ./certs/ntru-cert.pem
--k ./certs/ntru-key.raw
-
-# client TLSv1 NTRU_AES128
--v 1
--l NTRU-AES128-SHA
-
-# server TLSv1 NTRU_AES256
--v 1
--l NTRU-AES256-SHA
--n
--c ./certs/ntru-cert.pem
--k ./certs/ntru-key.raw
-
-# client TLSv1 NTRU_AES256
--v 1
--l NTRU-AES256-SHA
-
-# server TLSv1.1 NTRU_RC4
--v 2
--l NTRU-RC4-SHA
--n
--c ./certs/ntru-cert.pem
--k ./certs/ntru-key.raw
-
-# client TLSv1.1 NTRU_RC4
--v 2
--l NTRU-RC4-SHA
-
-# server TLSv1.1 NTRU_DES3
--v 2
--l NTRU-DES-CBC3-SHA
--n
--c ./certs/ntru-cert.pem
--k ./certs/ntru-key.raw
-
-# client TLSv1.1 NTRU_DES3
--v 2
--l NTRU-DES-CBC3-SHA
-
-# server TLSv1.1 NTRU_AES128
--v 2
--l NTRU-AES128-SHA
--n
--c ./certs/ntru-cert.pem
--k ./certs/ntru-key.raw
-
-# client TLSv1.1 NTRU_AES128
--v 2
--l NTRU-AES128-SHA
-
-# server TLSv1.1 NTRU_AES256
--v 2
--l NTRU-AES256-SHA
--n
--c ./certs/ntru-cert.pem
--k ./certs/ntru-key.raw
-
-# client TLSv1.1 NTRU_AES256
--v 2
--l NTRU-AES256-SHA
-
-# server TLSv1.2 NTRU_RC4
--v 3
--l NTRU-RC4-SHA
--n
--c ./certs/ntru-cert.pem
--k ./certs/ntru-key.raw
-
-# client TLSv1.2 NTRU_RC4
--v 3
--l NTRU-RC4-SHA
-
-# server TLSv1.2 NTRU_DES3
--v 3
--l NTRU-DES-CBC3-SHA
--n
--c ./certs/ntru-cert.pem
--k ./certs/ntru-key.raw
-
-# client TLSv1.2 NTRU_DES3
--v 3
--l NTRU-DES-CBC3-SHA
-
-# server TLSv1.2 NTRU_AES128
--v 3
--l NTRU-AES128-SHA
--n
--c ./certs/ntru-cert.pem
--k ./certs/ntru-key.raw
-
-# client TLSv1.2 NTRU_AES128
--v 3
--l NTRU-AES128-SHA
-
-# server TLSv1.2 NTRU_AES256
--v 3
--l NTRU-AES256-SHA
--n
--c ./certs/ntru-cert.pem
--k ./certs/ntru-key.raw
-
-# client TLSv1.2 NTRU_AES256
--v 3
--l NTRU-AES256-SHA
-
 # server TLSv1 DHE AES128
 -v 1
 -l DHE-RSA-AES128-SHA
diff --git a/testsuite/testsuite.c b/testsuite/testsuite.c
index 4146878de..dc756377c 100644
--- a/testsuite/testsuite.c
+++ b/testsuite/testsuite.c
@@ -255,14 +255,6 @@ void simple_test(func_args* args)
         strcpy(svrArgs.argv[svrArgs.argc++], "-p");
         strcpy(svrArgs.argv[svrArgs.argc++], "0");
     #endif
-    #ifdef HAVE_NTRU
-        strcpy(svrArgs.argv[svrArgs.argc++], "-d");
-        strcpy(svrArgs.argv[svrArgs.argc++], "-n");
-        strcpy(svrArgs.argv[svrArgs.argc++], "-c");
-        strcpy(svrArgs.argv[svrArgs.argc++], "./certs/ntru-cert.pem");
-        strcpy(svrArgs.argv[svrArgs.argc++], "-k");
-        strcpy(svrArgs.argv[svrArgs.argc++], "./certs/ntru-key.raw");
-    #endif
     /* Set the last arg later, when it is known. */
 
     args->return_code = 0;
diff --git a/wolfcrypt/benchmark/benchmark.c b/wolfcrypt/benchmark/benchmark.c
index f284774f3..891ce0bf9 100644
--- a/wolfcrypt/benchmark/benchmark.c
+++ b/wolfcrypt/benchmark/benchmark.c
@@ -338,10 +338,6 @@ int benchmark_test(void *args)
     bench_rsa();
 #endif
 
-#ifdef HAVE_NTRU
-    bench_ntru();
-#endif
-
 #ifndef NO_DH
     bench_dh();
 #endif
@@ -351,6 +347,7 @@ int benchmark_test(void *args)
 #endif
 
 #ifdef HAVE_NTRU
+    bench_ntru();
     bench_ntruKeyGen();
 #endif
 
@@ -1344,7 +1341,7 @@ byte GetEntropy(ENTROPY_CMD cmd, byte* out);
 byte GetEntropy(ENTROPY_CMD cmd, byte* out)
 {
     if (cmd == INIT)
-        return (wc_InitRng(&rng) == 0) ? 1 : 0;
+        return 1; /* using local rng */
 
     if (out == NULL)
         return 0;
@@ -1365,12 +1362,15 @@ void bench_ntru(void)
     int    i;
     double start, total, each, milliEach;
 
-    byte   public_key[557];
+    byte   public_key[1027];
     word16 public_key_len = sizeof(public_key);
-    byte   private_key[607];
+    byte   private_key[1120];
     word16 private_key_len = sizeof(private_key);
+    word16 ntruBits = 128;
+    word16 type     = 0;
+    word32 ret;
 
-    byte ciphertext[552];
+    byte ciphertext[1022];
     word16 ciphertext_len;
     byte plaintext[16];
     word16 plaintext_len;
@@ -1381,107 +1381,120 @@ void bench_ntru(void)
         0x7b, 0x12, 0x49, 0x88, 0xaf, 0xb3, 0x22, 0xd8
     };
 
-    static byte const cyasslStr[] = {
-        'C', 'y', 'a', 'S', 'S', 'L', ' ', 'N', 'T', 'R', 'U'
+    static byte const wolfsslStr[] = {
+        'w', 'o', 'l', 'f', 'S', 'S', 'L', ' ', 'N', 'T', 'R', 'U'
     };
 
-    word32 rc = ntru_crypto_drbg_instantiate(112, cyasslStr, sizeof(cyasslStr),
-                                            (ENTROPY_FN) GetEntropy, &drbg);
-    if(rc != DRBG_OK) {
-        printf("NTRU drbg instantiate failed\n");
-        return;
-    }
+    printf("\n");
+    for (ntruBits = 128; ntruBits < 257; ntruBits += 64) {
+        switch (ntruBits) {
+            case 128:
+                type = NTRU_EES439EP1;
+                break;
+            case 192:
+                type = NTRU_EES593EP1;
+                break;
+            case 256:
+                type = NTRU_EES743EP1;
+                break;
+        }
 
-    rc = ntru_crypto_ntru_encrypt_keygen(drbg, NTRU_EES401EP2, 
-        &public_key_len, NULL, &private_key_len, NULL);
-    if (rc != NTRU_OK) {
-        ntru_crypto_drbg_uninstantiate(drbg);
-        printf("NTRU failed to get key lengths\n");
-        return;
-    }
-
-    rc = ntru_crypto_ntru_encrypt_keygen(drbg, NTRU_EES401EP2, &public_key_len,
-                                     public_key, &private_key_len, 
-                                     private_key);
-
-    ntru_crypto_drbg_uninstantiate(drbg);
-
-    if (rc != NTRU_OK) {
-        ntru_crypto_drbg_uninstantiate(drbg);
-        printf("NTRU keygen failed\n");
-        return;
-    }
-
-    rc = ntru_crypto_drbg_instantiate(112, NULL, 0, (ENTROPY_FN)GetEntropy,
-                                      &drbg);
-    if (rc != DRBG_OK) {
-        printf("NTRU error occurred during DRBG instantiation\n");
-        return;
-    }
-
-    rc = ntru_crypto_ntru_encrypt(drbg, public_key_len, public_key, sizeof(
-        aes_key), aes_key, &ciphertext_len, NULL);
-
-    if (rc != NTRU_OK) {
-        printf("NTRU error occurred requesting the buffer size needed\n");
-        return;
-    }
-    start = current_time(1);
-
-    for (i = 0; i < ntimes; i++) {
-
-        rc = ntru_crypto_ntru_encrypt(drbg, public_key_len, public_key, sizeof(
-            aes_key), aes_key, &ciphertext_len, ciphertext);
-
-        if (rc != NTRU_OK) {
-            printf("NTRU encrypt error\n");
+        ret = ntru_crypto_drbg_instantiate(ntruBits, wolfsslStr,
+                sizeof(wolfsslStr), (ENTROPY_FN) GetEntropy, &drbg);
+        if(ret != DRBG_OK) {
+            printf("NTRU drbg instantiate failed\n");
             return;
         }
 
-    }
-    rc = ntru_crypto_drbg_uninstantiate(drbg);
+        /* set key sizes */
+        ret = ntru_crypto_ntru_encrypt_keygen(drbg, type, &public_key_len,
+                                                  NULL, &private_key_len, NULL);
+        if (ret != NTRU_OK) {
+            ntru_crypto_drbg_uninstantiate(drbg);
+            printf("NTRU failed to get key lengths\n");
+            return;
+        }
 
-    if (rc != DRBG_OK) {
-        printf("NTRU error occurred uninstantiating the DRBG\n");
-        return;
-    }
+        ret = ntru_crypto_ntru_encrypt_keygen(drbg, type, &public_key_len,
+                                     public_key, &private_key_len,
+                                     private_key);
 
-    total = current_time(0) - start;
-    each  = total / ntimes;   /* per second   */
-    milliEach = each * 1000; /* milliseconds */
+        ntru_crypto_drbg_uninstantiate(drbg);
 
-    printf("NTRU 112 encryption took %6.3f milliseconds, avg over %d"
-           " iterations\n", milliEach, ntimes);
+        if (ret != NTRU_OK) {
+            printf("NTRU keygen failed\n");
+            return;
+        }
+
+        ret = ntru_crypto_drbg_instantiate(ntruBits, NULL, 0,
+                (ENTROPY_FN)GetEntropy, &drbg);
+        if (ret != DRBG_OK) {
+            printf("NTRU error occurred during DRBG instantiation\n");
+            return;
+        }
+
+        ret = ntru_crypto_ntru_encrypt(drbg, public_key_len, public_key,
+                sizeof(aes_key), aes_key, &ciphertext_len, NULL);
+
+        if (ret != NTRU_OK) {
+            printf("NTRU error occurred requesting the buffer size needed\n");
+            return;
+        }
+        start = current_time(1);
+
+        for (i = 0; i < ntimes; i++) {
+            ret = ntru_crypto_ntru_encrypt(drbg, public_key_len, public_key,
+                    sizeof(aes_key), aes_key, &ciphertext_len, ciphertext);
+            if (ret != NTRU_OK) {
+                printf("NTRU encrypt error\n");
+                return;
+            }
+        }
+        ret = ntru_crypto_drbg_uninstantiate(drbg);
+
+        if (ret != DRBG_OK) {
+            printf("NTRU error occurred uninstantiating the DRBG\n");
+            return;
+        }
+
+        total = current_time(0) - start;
+        each  = total / ntimes;   /* per second   */
+        milliEach = each * 1000; /* milliseconds */
+
+        printf("NTRU %d encryption took %6.3f milliseconds, avg over %d"
+           " iterations\n", ntruBits, milliEach, ntimes);
 
 
-    rc = ntru_crypto_ntru_decrypt(private_key_len, private_key, ciphertext_len,
-                                  ciphertext, &plaintext_len, NULL);
+        ret = ntru_crypto_ntru_decrypt(private_key_len, private_key,
+                ciphertext_len, ciphertext, &plaintext_len, NULL);
 
-    if (rc != NTRU_OK) {
-        printf("NTRU decrypt error occurred getting the buffer size needed\n");
-        return;
-    }
+        if (ret != NTRU_OK) {
+            printf("NTRU decrypt error occurred getting the buffer size needed\n");
+            return;
+        }
 
-    plaintext_len = sizeof(plaintext);
-    start = current_time(1);
+        plaintext_len = sizeof(plaintext);
+        start = current_time(1);
 
-    for (i = 0; i < ntimes; i++) {
-        rc = ntru_crypto_ntru_decrypt(private_key_len, private_key,
+        for (i = 0; i < ntimes; i++) {
+            ret = ntru_crypto_ntru_decrypt(private_key_len, private_key,
                                       ciphertext_len, ciphertext,
                                       &plaintext_len, plaintext);
 
-        if (rc != NTRU_OK) {
-            printf("NTRU error occurred decrypting the key\n");
-            return;
+            if (ret != NTRU_OK) {
+                printf("NTRU error occurred decrypting the key\n");
+                return;
+            }
         }
+
+        total = current_time(0) - start;
+        each  = total / ntimes;   /* per second   */
+        milliEach = each * 1000; /* milliseconds */
+
+        printf("NTRU %d decryption took %6.3f milliseconds, avg over %d"
+           " iterations\n", ntruBits, milliEach, ntimes);
     }
 
-    total = current_time(0) - start;
-    each  = total / ntimes;   /* per second   */
-    milliEach = each * 1000; /* milliseconds */
-
-    printf("NTRU 112 decryption took %6.3f milliseconds, avg over %d"
-           " iterations\n", milliEach, ntimes);
 }
 
 void bench_ntruKeyGen(void)
@@ -1489,51 +1502,74 @@ void bench_ntruKeyGen(void)
     double start, total, each, milliEach;
     int    i;
 
-    byte   public_key[557]; /* 2048 key equivalent to rsa */
+    byte   public_key[1027];
     word16 public_key_len = sizeof(public_key);
-    byte   private_key[607];
+    byte   private_key[1120];
     word16 private_key_len = sizeof(private_key);
+    word16 ntruBits = 128;
+    word16 type     = 0;
+    word32 ret;
 
     DRBG_HANDLE drbg;
     static uint8_t const pers_str[] = {
-                'C', 'y', 'a', 'S', 'S', 'L', ' ', 't', 'e', 's', 't'
+                'w', 'o', 'l', 'f',  'S', 'S', 'L', ' ', 't', 'e', 's', 't'
     };
 
-    word32 rc = ntru_crypto_drbg_instantiate(112, pers_str, sizeof(pers_str),
-                                             GetEntropy, &drbg);
-    if(rc != DRBG_OK) {
-        printf("NTRU drbg instantiate failed\n");
-        return;
+    for (ntruBits = 128; ntruBits < 257; ntruBits += 64) {
+        ret = ntru_crypto_drbg_instantiate(ntruBits, pers_str,
+                sizeof(pers_str), GetEntropy, &drbg);
+        if (ret != DRBG_OK) {
+            printf("NTRU drbg instantiate failed\n");
+            return;
+        }
+
+        switch (ntruBits) {
+            case 128:
+                type = NTRU_EES439EP1;
+                break;
+            case 192:
+                type = NTRU_EES593EP1;
+                break;
+            case 256:
+                type = NTRU_EES743EP1;
+                break;
+        }
+
+        /* set key sizes */
+        ret = ntru_crypto_ntru_encrypt_keygen(drbg, type, &public_key_len,
+                                                  NULL, &private_key_len, NULL);
+        start = current_time(1);
+
+        for(i = 0; i < genTimes; i++) {
+            ret = ntru_crypto_ntru_encrypt_keygen(drbg, type, &public_key_len,
+                                         public_key, &private_key_len,
+                                         private_key);
+        }
+
+        total = current_time(0) - start;
+
+        if (ret != NTRU_OK) {
+            printf("keygen failed\n");
+            return;
+        }
+
+        ret = ntru_crypto_drbg_uninstantiate(drbg);
+
+        if (ret != NTRU_OK) {
+            printf("NTRU drbg uninstantiate failed\n");
+            return;
+        }
+
+        each = total / genTimes;
+        milliEach = each * 1000;
+
+        printf("NTRU %d key generation  %6.3f milliseconds, avg over %d"
+            " iterations\n", ntruBits, milliEach, genTimes);
     }
-
-    start = current_time(1);
-
-    for(i = 0; i < genTimes; i++) {
-        ntru_crypto_ntru_encrypt_keygen(drbg, NTRU_EES401EP2, &public_key_len,
-                                     public_key, &private_key_len, 
-                                     private_key);
-    }
-
-    total = current_time(0) - start;
-
-    rc = ntru_crypto_drbg_uninstantiate(drbg);
-
-    if (rc != NTRU_OK) {
-        printf("NTRU drbg uninstantiate failed\n");
-        return;
-    }
-
-    each = total / genTimes;
-    milliEach = each * 1000;
-
-    printf("\n");
-    printf("NTRU 112 key generation  %6.3f milliseconds, avg over %d"
-        " iterations\n", milliEach, genTimes);
-
 }
 #endif
 
-#ifdef HAVE_ECC 
+#ifdef HAVE_ECC
 void bench_eccKeyGen(void)
 {
     ecc_key genKey;
diff --git a/wolfssl/internal.h b/wolfssl/internal.h
index 99d3e9a95..46c439b2a 100644
--- a/wolfssl/internal.h
+++ b/wolfssl/internal.h
@@ -203,6 +203,11 @@ typedef byte word24[3];
     #error "You are trying to build max strength with requirements disabled."
 #endif
 
+/* Have QSH : Quantum-safe Handshake */
+#if defined(HAVE_QSH)
+    #define BUILD_TLS_QSH
+#endif
+
 #ifndef WOLFSSL_MAX_STRENGTH
 
     #if !defined(NO_RSA) && !defined(NO_RC4)
@@ -212,17 +217,11 @@ typedef byte word24[3];
         #if !defined(NO_MD5)
             #define BUILD_SSL_RSA_WITH_RC4_128_MD5
         #endif
-        #if !defined(NO_TLS) && defined(HAVE_NTRU) && !defined(NO_SHA)
-            #define BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA
-        #endif
     #endif
 
     #if !defined(NO_RSA) && !defined(NO_DES3)
         #if !defined(NO_SHA)
             #define BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA
-            #if !defined(NO_TLS) && defined(HAVE_NTRU)
-                    #define BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA
-            #endif
         #endif
     #endif
 
@@ -230,10 +229,6 @@ typedef byte word24[3];
         #if !defined(NO_SHA)
             #define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA
             #define BUILD_TLS_RSA_WITH_AES_256_CBC_SHA
-            #if defined(HAVE_NTRU)
-                    #define BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA
-                    #define BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA
-            #endif
         #endif
         #if !defined (NO_SHA256)
             #define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256
@@ -637,11 +632,9 @@ enum {
     TLS_RSA_WITH_AES_256_CBC_B2B256   = 0xF9,
     TLS_RSA_WITH_HC_128_B2B256        = 0xFA,   /* eSTREAM too */
 
-    /* wolfSSL extension - NTRU */
-    TLS_NTRU_RSA_WITH_RC4_128_SHA      = 0xe5,
-    TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA = 0xe6,
-    TLS_NTRU_RSA_WITH_AES_128_CBC_SHA  = 0xe7,  /* clashes w/official SHA-256 */
-    TLS_NTRU_RSA_WITH_AES_256_CBC_SHA  = 0xe8,
+    /* wolfSSL extension - NTRU , Quantum-safe Handshake
+       first byte is 0xD0 (QSH_BYTE) */
+    TLS_QSH      = 0x01,
 
     /* SHA256 */
     TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 = 0x6b,
@@ -718,6 +711,7 @@ enum {
 
 enum Misc {
     ECC_BYTE    =  0xC0,           /* ECC first cipher suite byte */
+    QSH_BYTE    = 0xD0,            /* Quantum-safe Handshake cipher suite */
     CHACHA_BYTE = 0xCC,            /* ChaCha first cipher suite */
 
     SEND_CERT       = 1,
@@ -861,7 +855,12 @@ enum Misc {
     ECDHE_SIZE          = 32,  /* ECHDE server size defaults to 256 bit */
     MAX_EXPORT_ECC_SZ   = 256, /* Export ANS X9.62 max future size */
 
+#ifdef HAVE_QSH
+    /* qsh handshake sends 600+ size keys over hello extensions */
+    MAX_HELLO_SZ       = 2048,  /* max client or server hello */
+#else
     MAX_HELLO_SZ       = 128,  /* max client or server hello */
+#endif
     MAX_CERT_VERIFY_SZ = 1024, /* max   */
     CLIENT_HELLO_FIRST =  35,  /* Protocol + RAN_LEN + sizeof(id_len) */
     MAX_SUITE_NAME     =  48,  /* maximum length of cipher suite string */
@@ -1199,7 +1198,7 @@ typedef struct CRL_Entry CRL_Entry;
     #define CRL_DIGEST_SIZE SHA_DIGEST_SIZE
 #endif
 
-#ifdef NO_ASN 
+#ifdef NO_ASN
     typedef struct RevokedCert RevokedCert;
 #endif
 
@@ -1244,7 +1243,7 @@ struct WOLFSSL_CRL {
 };
 
 
-#ifdef NO_ASN 
+#ifdef NO_ASN
     typedef struct Signer Signer;
 #endif
 
@@ -1360,7 +1359,8 @@ typedef enum {
     TRUNCATED_HMAC         = 0x0004,
     ELLIPTIC_CURVES        = 0x000a,
     SESSION_TICKET         = 0x0023,
-    SECURE_RENEGOTIATION   = 0xff01
+    SECURE_RENEGOTIATION   = 0xff01,
+    WOLFSSL_QSH            = 0x0018  /* Quantum-Safe-Hybrid */
 } TLSX_Type;
 
 typedef struct TLSX {
@@ -1373,6 +1373,7 @@ typedef struct TLSX {
 WOLFSSL_LOCAL TLSX*  TLSX_Find(TLSX* list, TLSX_Type type);
 WOLFSSL_LOCAL void   TLSX_FreeAll(TLSX* list);
 WOLFSSL_LOCAL int    TLSX_SupportExtensions(WOLFSSL* ssl);
+WOLFSSL_LOCAL int    TLSX_PopulateExtensions(WOLFSSL* ssl, byte isRequest);
 
 #ifndef NO_WOLFSSL_CLIENT
 WOLFSSL_LOCAL word16 TLSX_GetRequestSize(WOLFSSL* ssl);
@@ -1386,7 +1387,7 @@ WOLFSSL_LOCAL word16 TLSX_WriteResponse(WOLFSSL* ssl, byte* output);
 
 WOLFSSL_LOCAL int    TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length,
                                                 byte isRequest, Suites *suites);
-                                                
+
 #elif defined(HAVE_SNI)                  \
    || defined(HAVE_MAX_FRAGMENT)         \
    || defined(HAVE_TRUNCATED_HMAC)       \
@@ -1496,6 +1497,47 @@ WOLFSSL_LOCAL SessionTicket* TLSX_SessionTicket_Create(word32 lifetime,
 WOLFSSL_LOCAL void TLSX_SessionTicket_Free(SessionTicket* ticket);
 #endif /* HAVE_SESSION_TICKET */
 
+#ifdef HAVE_QSH
+
+typedef struct QSHScheme {
+    struct QSHScheme* next; /* List Behavior   */
+    byte*             PK;
+    word16            name; /* QSHScheme Names */
+    word16            PKLen;
+} QSHScheme;
+
+typedef struct QSHkey {
+    struct QSHKey* next;
+    word16 name;
+    buffer pub;
+    buffer pri;
+} QSHKey;
+
+typedef struct QSHSecret {
+    QSHScheme* list;
+    buffer* SerSi;
+    buffer* CliSi;
+} QSHSecret;
+
+/* used in key exchange during handshake */
+WOLFSSL_LOCAL int TLSX_QSHCipher_Parse(WOLFSSL* ssl, const byte* input,
+                                                  word16 length, byte isServer);
+WOLFSSL_LOCAL word16 TLSX_QSHPK_Write(QSHScheme* list, byte* output);
+WOLFSSL_LOCAL word16 TLSX_QSH_GetSize(QSHScheme* list, byte isRequest);
+
+/* used by api for setting a specific QSH scheme */
+WOLFSSL_LOCAL int TLSX_UseQSHScheme(TLSX** extensions, word16 name,
+                                                     byte* pKey, word16 pKeySz);
+
+/* used when parsing in QSHCipher structs */
+WOLFSSL_LOCAL int QSH_Decrypt(QSHKey* key, byte* in, word32 szIn,
+                                                      byte* out, word16* szOut);
+#ifndef NO_WOLFSSL_SERVER
+WOLFSSL_LOCAL int TLSX_ValidateQSHScheme(TLSX** extensions, word16 name);
+#endif
+
+#endif /* HAVE_QSH */
+
 /* wolfSSL context type */
 struct WOLFSSL_CTX {
     WOLFSSL_METHOD* method;
@@ -2187,10 +2229,17 @@ struct WOLFSSL {
     RsaKey*         peerRsaKey;
     byte            peerRsaKeyPresent;
 #endif
-#ifdef HAVE_NTRU
-    word16          peerNtruKeyLen;
-    byte            peerNtruKey[MAX_NTRU_PUB_KEY_SZ];
-    byte            peerNtruKeyPresent;
+#ifdef HAVE_QSH
+    QSHKey*         QSH_Key;
+    QSHKey*         peerQSHKey;
+    QSHSecret*      QSH_secret;
+    byte            isQSH;             /* is the handshake a QSH? */
+    byte            sendQSHKeys;       /* flag for if the client should sen
+                                          public keys */
+    byte            peerQSHKeyPresent;
+    byte            minRequest;
+    byte            maxRequest;
+    byte            user_set_QSHSchemes;
 #endif
 #ifdef HAVE_ECC
     ecc_key*        peerEccKey;              /* peer's  ECDHE key */
diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h
index 0b0e367f9..b51f7e9f1 100644
--- a/wolfssl/ssl.h
+++ b/wolfssl/ssl.h
@@ -1366,6 +1366,7 @@ WOLFSSL_API int wolfSSL_CTX_UseSupportedCurve(WOLFSSL_CTX* ctx,
 #endif
 #endif
 
+
 /* Secure Renegotiation */
 #ifdef HAVE_SECURE_RENEGOTIATION
 
@@ -1414,6 +1415,29 @@ WOLFSSL_API int wolfSSL_CTX_set_TicketEncCtx(WOLFSSL_CTX* ctx, void*);
 
 #endif /* HAVE_SESSION_TICKET */
 
+#ifdef HAVE_QSH
+/* Quantum-safe Crypto Schemes */
+enum {
+    WOLFSSL_NTRU_EESS439 = 0x0101, /* max plaintext length of 65  */
+    WOLFSSL_NTRU_EESS593 = 0x0102, /* max plaintext length of 86  */
+    WOLFSSL_NTRU_EESS743 = 0x0103, /* max plaintext length of 106 */
+    WOLFSSL_LWE_XXX  = 0x0201,     /* Learning With Error encryption scheme */
+    WOLFSSL_HFE_XXX  = 0x0301,     /* Hidden Field Equotion scheme */
+    WOLFSSL_NULL_QSH = 0xFFFF      /* QSHScheme is not used */
+};
+
+
+/* test if the connection is using a QSH secure connection return 1 if so */
+WOLFSSL_API int wolfSSL_isQSH(WOLFSSL* ssl);
+WOLFSSL_API int wolfSSL_UseSupportedQSH(WOLFSSL* ssl, unsigned short name);
+#ifndef NO_WOLFSSL_CLIENT
+    /* user control over sending client public key in hello
+       when flag = 1 will send keys if flag is 0 or function is not called
+       then will not send keys in the hello extension */
+    WOLFSSL_API int wolfSSL_UseClientQSHKeys(WOLFSSL* ssl, unsigned char flag);
+#endif
+#endif
+
 #define WOLFSSL_CRL_MONITOR   0x01   /* monitor this dir flag */
 #define WOLFSSL_CRL_START_MON 0x02   /* start monitoring flag */
 

From dafb5a80e71113f44274c37db5b56fae83a1ff6f Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Tue, 7 Jul 2015 09:23:02 -0700
Subject: [PATCH 183/350] recommit invalid free w/o smallstack

---
 src/ssl.c             | 2 ++
 wolfcrypt/test/test.c | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/ssl.c b/src/ssl.c
index cad25dd21..64947d9c5 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -2201,8 +2201,10 @@ static int wolfssl_decrypt_buffer_key(buffer* der, byte* password,
     if ((ret = EVP_BytesToKey(info->name, "MD5", info->iv,
                               password, passwordSz, 1, key, iv)) <= 0) {
 
+#ifdef WOLFSSL_SMALL_STACK
         XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
         XFREE(iv, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
         return ASN_INPUT_E;
     }
 
diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c
index fb3ad7305..6286e3eac 100644
--- a/wolfcrypt/test/test.c
+++ b/wolfcrypt/test/test.c
@@ -1908,7 +1908,7 @@ int chacha_test(void)
     byte   plain[128];
     byte   sliver[64];
     byte   input[] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0};
-    word32 keySz;
+    word32 keySz = 32;
     int    ret = 0;
     int    i;
     int    times = 4;

From d68eb12ee61e08c6c69ab486be58bf4da42988c2 Mon Sep 17 00:00:00 2001
From: Jacob Barthelmeh <jacob@wolfssl.com>
Date: Tue, 7 Jul 2015 22:10:26 -0600
Subject: [PATCH 184/350] use macros in TLSX Write with QSH

---
 src/tls.c | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/src/tls.c b/src/tls.c
index e73bb7d72..78da2efa5 100644
--- a/src/tls.c
+++ b/src/tls.c
@@ -2616,12 +2616,16 @@ int TLSX_UseQSHScheme(TLSX** extensions, word16 name, byte* pKey, word16 pkeySz)
 #define QSH_PARSE(a, b, c, d)      0
 #endif
 
+#define QSHPK_WRITE TLSX_QSHPK_Write
+#define QSH_SERREQ TLSX_QSH_SerPKReq
 #else
 
 #define QSH_FREE_ALL(list)
 #define QSH_GET_SIZE(list, a)      0
 #define QSH_WRITE(a, b)            0
 #define QSH_PARSE(a, b, c, d)      0
+#define QSHPK_WRITE(a, b)          0
+#define QSH_SERREQ(a, b)           0
 #define QSH_VALIDATE_REQUEST(a, b)
 
 #endif /* HAVE_QSH */
@@ -2805,8 +2809,8 @@ static word16 TLSX_Write(TLSX* list, byte* output, byte* semaphore,
                 if (isRequest) {
                     offset += QSH_WRITE(extension->data, output + offset);
                 }
-                offset += TLSX_QSHPK_Write(extension->data, output + offset);
-                offset += TLSX_QSH_SerPKReq(output + offset, isRequest);
+                offset += QSHPK_WRITE(extension->data, output + offset);
+                offset += QSH_SERREQ(output + offset, isRequest);
                 break;
         }
 
@@ -3014,7 +3018,6 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer)
         QSHScheme* next;
     #endif
     int ret = 0;
-    (void)isServer;
 
     #ifdef HAVE_QSH
         /* add supported QSHSchemes */
@@ -3091,6 +3094,11 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer)
          } /* is not server */
     #endif
 
+    (void)isServer;
+    (void)public_key;
+    (void)public_key_len;
+    (void)ssl;
+
     return ret;
 }
 

From 1383a0f1b5d83f61c084f1ed0b9c143ba846adb3 Mon Sep 17 00:00:00 2001
From: Ada Lovelace <adalovelace561@gmail.com>
Date: Wed, 8 Jul 2015 16:39:52 -0600
Subject: [PATCH 185/350] Uptodate wolfssl works with lighttpd-1.4.x (one
 warning), working on making lighttpd-1.4.35 work.

---
 src/ssl.c             | 145 ++++++++++++++++++++++++++++++++++++++++++
 wolfssl/openssl/dh.h  |   4 ++
 wolfssl/openssl/ssl.h |  33 +++++++++-
 wolfssl/ssl.h         |  55 +++++++++++++++-
 4 files changed, 234 insertions(+), 3 deletions(-)

diff --git a/src/ssl.c b/src/ssl.c
index 64947d9c5..342ea54f7 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -15133,3 +15133,148 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl)
     void wolfSSL_cert_service(void) {}
 #endif
 
+
+#ifdef OPENSSL_EXTRA /*Lighttp compatibility*/
+#ifdef HAVE_LIGHTY
+
+    unsigned char *wolfSSL_SHA1(const unsigned char *d, size_t n, unsigned char *md)
+    {
+        (void) *d; (void) n; (void) *md;
+        return NULL;
+    }
+
+    char WOLFSSL_CTX_use_certificate(WOLFSSL_CTX *ctx, WOLFSSL_X509 *x) {
+        (void)ctx;
+        (void)x;
+
+        return 0;
+    }
+
+    int WOLFSSL_CTX_use_PrivateKey(WOLFSSL_CTX *ctx, WOLFSSL_EVP_PKEY *pkey) {
+        (void)ctx;
+        (void)pkey;
+
+        return 0;
+    }
+
+    WOLFSSL_BIO *wolfSSL_BIO_new_file(const char *filename, const char *mode) {
+        (void)filename;
+        (void)mode;
+
+        return NULL;
+    }
+
+    int wolfSSL_BIO_read_filename(WOLFSSL_BIO *b, const char *name) {
+        (void)b;
+        (void)name;
+
+        return 0;
+    }
+
+    WOLFSSL_BIO_METHOD* WOLFSSL_BIO_s_file(void) {
+        return NULL;
+    }
+
+    const char * wolf_OBJ_nid2sn(int n) {
+        (void)n;
+
+        return 0;
+    }
+
+    int wolf_OBJ_obj2nid(const WOLFSSL_ASN1_OBJECT *o) {
+        (void)o;
+
+        return 0;
+    }
+
+    int wolf_OBJ_sn2nid(const char *sn) {
+        (void)sn;
+
+        return 0;
+    }
+
+    WOLFSSL_DH *PEM_read_bio_DHparams(WOLFSSL_BIO *bp, WOLFSSL_DH **x, pem_password_cb *cb, void *u) {
+        (void)bp;
+        (void)x;
+        (void)cb;
+        (void)u;
+
+        return NULL;
+    }
+
+    WOLFSSL_X509 *PEM_read_bio_WOLFSSL_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u) {
+        (void)bp;
+        (void)x;
+        (void)cb;
+        (void)u;
+
+        return NULL;
+    }
+
+    int PEM_write_bio_WOLFSSL_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 *x) {
+        (void)bp;
+        (void)x;
+
+        return 0;
+    }
+
+    long WOLFSSL_CTX_set_tmp_dh(WOLFSSL_CTX *ctx, WOLFSSL_DH *dh) {
+        (void)ctx;
+        (void)dh;
+
+        return 0;
+    }
+
+    void wolfSSL_CTX_set_verify_depth(WOLFSSL_CTX *ctx,int depth) {
+        (void)ctx;
+        (void)depth;
+    }
+
+    void* WOLFSSL_get_app_data( const WOLFSSL *ssl) {
+        //checkout exdata stuff...
+        (void)ssl;
+
+        return 0;
+    }
+
+    void WOLFSSL_set_app_data(WOLFSSL *ssl, void *arg) {
+        (void)ssl;
+        (void)arg;
+    }
+
+    WOLFSSL_ASN1_OBJECT * WOLFSSL_X509_NAME_ENTRY_get_object(WOLFSSL_X509_NAME_ENTRY *ne) {
+        (void)ne;
+
+        return NULL;
+    }
+
+    WOLFSSL_X509_NAME_ENTRY *WOLFSSL_X509_NAME_get_entry(WOLFSSL_X509_NAME *name, int loc) {
+        (void)name;
+        (void)loc;
+
+        return NULL;
+    }
+
+    void WOLFSSL_X509_NAME_free(WOLFSSL_X509_NAME *name){
+        FreeX509Name(name);
+    }
+
+    void wolfSSL_sk_X509_NAME_pop_free(STACK_OF(WOLFSSL_X509_NAME)* sk, void f (WOLFSSL_X509_NAME*)){
+        (void) sk;
+        (void) f;
+    }
+
+    int wolfSSL_X509_check_private_key(WOLFSSL_X509 *x509, WOLFSSL_EVP_PKEY *key){
+        (void) x509;
+        (void) key;
+        return 0;
+    }
+
+    STACK_OF(WOLFSSL_X509_NAME) *wolfSSL_dup_CA_list( STACK_OF(WOLFSSL_X509_NAME) *sk ){
+        (void) sk;
+        return NULL;
+    }
+
+#endif
+#endif
+
diff --git a/wolfssl/openssl/dh.h b/wolfssl/openssl/dh.h
index be5ac383e..2bdb67522 100644
--- a/wolfssl/openssl/dh.h
+++ b/wolfssl/openssl/dh.h
@@ -19,6 +19,10 @@ typedef struct WOLFSSL_DH {
     void*          internal;     /* our DH */
     char           inSet;        /* internal set from external ? */
     char           exSet;        /* external set from internal ? */
+    /*added for lighttpd openssl compatability, go back and add a getter in 
+     * lighttpd src code.
+     */
+     int length;
 } WOLFSSL_DH;
 
 
diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h
index 155b2c273..93041fa7f 100644
--- a/wolfssl/openssl/ssl.h
+++ b/wolfssl/openssl/ssl.h
@@ -49,6 +49,7 @@ typedef WOLFSSL_CTX      SSL_CTX;
 typedef WOLFSSL_X509       X509;
 typedef WOLFSSL_X509_NAME  X509_NAME;
 typedef WOLFSSL_X509_CHAIN X509_CHAIN;
+typedef WOLFSSL_ASN1_STRING    ASN1_STRING; 
 
 
 /* redeclare guard */
@@ -72,7 +73,6 @@ typedef WOLFSSL_X509_EXTENSION X509_EXTENSION;
 typedef WOLFSSL_ASN1_TIME      ASN1_TIME;
 typedef WOLFSSL_ASN1_INTEGER   ASN1_INTEGER;
 typedef WOLFSSL_ASN1_OBJECT    ASN1_OBJECT;
-typedef WOLFSSL_ASN1_STRING    ASN1_STRING;
 typedef WOLFSSL_dynlock_value  CRYPTO_dynlock_value;
 
 #define ASN1_UTCTIME WOLFSSL_ASN1_TIME
@@ -401,6 +401,37 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX;
 /* yassl had set the default to be 500 */
 #define SSL_get_default_timeout(ctx) 500
 
+/* Lighthttp compatability */
+
+#ifdef HAVE_LIGHTY                       
+typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY;
+
+#define SSL_CB_HANDSHAKE_START          0x10
+#define X509_NAME_free WOLFSSL_X509_NAME_free
+#define SSL_CTX_use_certificate WOLFSSL_CTX_use_certificate
+#define SSL_CTX_use_PrivateKey WOLFSSL_CTX_use_PrivateKey
+#define BIO_new_file wolfSSL_BIO_new_file
+#define BIO_read_filename wolfSSL_BIO_read_filename
+#define BIO_s_file WOLFSSL_BIO_s_file
+#define OBJ_nid2sn wolf_OBJ_nid2sn
+#define OBJ_obj2nid wolf_OBJ_obj2nid
+#define OBJ_sn2nid wolf_OBJ_sn2nid
+#define PEM_read_bio_DHparams PEM_read_bio_DHparams
+#define PEM_read_bio_X509 PEM_read_bio_WOLFSSL_X509
+#define PEM_write_bio_X509 PEM_write_bio_WOLFSSL_X509
+#define SSL_CTX_set_tmp_dh WOLFSSL_CTX_set_tmp_dh
+#define SSL_CTX_set_verify_depth wolfSSL_CTX_set_verify_depth
+#define SSL_get_app_data WOLFSSL_get_app_data
+#define SSL_set_app_data WOLFSSL_set_app_data
+#define X509_NAME_entry_count wolfSSL_X509_NAME_entry_count
+#define X509_NAME_ENTRY_get_object WOLFSSL_X509_NAME_ENTRY_get_object
+#define X509_NAME_get_entry WOLFSSL_X509_NAME_get_entry
+#define sk_X509_NAME_pop_free  wolfSSL_sk_X509_NAME_pop_free
+#define SHA1 wolfSSL_SHA1
+#define X509_check_private_key wolfSSL_X509_check_private_key
+#define SSL_dup_CA_list wolfSSL_dup_CA_list
+
+#endif
 
 #ifdef __cplusplus
     } /* extern "C" */
diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h
index b51f7e9f1..df4b38619 100644
--- a/wolfssl/ssl.h
+++ b/wolfssl/ssl.h
@@ -90,7 +90,13 @@ typedef struct WOLFSSL_X509_EXTENSION WOLFSSL_X509_EXTENSION;
 typedef struct WOLFSSL_ASN1_TIME      WOLFSSL_ASN1_TIME;
 typedef struct WOLFSSL_ASN1_INTEGER   WOLFSSL_ASN1_INTEGER;
 typedef struct WOLFSSL_ASN1_OBJECT    WOLFSSL_ASN1_OBJECT;
-typedef struct WOLFSSL_ASN1_STRING    WOLFSSL_ASN1_STRING;
+
+typedef struct WOLFSSL_ASN1_STRING{
+    #ifdef HAVE_LIGHTY
+    char* data;
+    int length;
+    #endif
+}    WOLFSSL_ASN1_STRING;
 typedef struct WOLFSSL_dynlock_value  WOLFSSL_dynlock_value;
 
 #define WOLFSSL_ASN1_UTCTIME WOLFSSL_ASN1_TIME
@@ -144,7 +150,6 @@ typedef struct WOLFSSL_X509_OBJECT {
     } data;
 } WOLFSSL_X509_OBJECT;
 
-
 typedef struct WOLFSSL_X509_STORE_CTX {
     WOLFSSL_X509_STORE* store;    /* Store full of a CA cert chain */
     WOLFSSL_X509* current_cert;   /* stunnel dereference */
@@ -1492,6 +1497,52 @@ WOLFSSL_API int wolfSSL_accept_ex(WOLFSSL*, HandShakeCallBack, TimeoutCallBack,
 #endif
 
 
+//We also want this to be inside openssl extra, but clang throws an error
+#ifdef HAVE_LIGHTY   
+
+typedef struct WOLFSSL_X509_NAME_ENTRY { 
+    WOLFSSL_ASN1_OBJECT* object;
+    WOLFSSL_ASN1_STRING* value;
+    int set;
+    int size;
+} WOLFSSL_X509_NAME_ENTRY;
+
+#endif
+
+#ifdef OPENSSL_EXTRA /*lighttp compatibility */
+#ifdef HAVE_LIGHTY
+
+#include <wolfssl/openssl/dh.h>
+
+WOLFSSL_API void WOLFSSL_X509_NAME_free(WOLFSSL_X509_NAME *name);
+WOLFSSL_API char WOLFSSL_CTX_use_certificate(WOLFSSL_CTX *ctx, WOLFSSL_X509 *x);
+WOLFSSL_API int WOLFSSL_CTX_use_PrivateKey(WOLFSSL_CTX *ctx, WOLFSSL_EVP_PKEY *pkey);
+WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_new_file(const char *filename, const char *mode);
+WOLFSSL_API int wolfSSL_BIO_read_filename(WOLFSSL_BIO *b, const char *name);
+WOLFSSL_API WOLFSSL_BIO_METHOD* WOLFSSL_BIO_s_file(void);
+/* These are to be merged shortly */
+WOLFSSL_API const char *  wolf_OBJ_nid2sn(int n);
+WOLFSSL_API int wolf_OBJ_obj2nid(const WOLFSSL_ASN1_OBJECT *o);
+WOLFSSL_API int wolf_OBJ_sn2nid(const char *sn);
+WOLFSSL_API WOLFSSL_DH *PEM_read_bio_DHparams(WOLFSSL_BIO *bp, WOLFSSL_DH **x, pem_password_cb *cb, void *u);
+WOLFSSL_API WOLFSSL_X509 *PEM_read_bio_WOLFSSL_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u);
+WOLFSSL_API int PEM_write_bio_WOLFSSL_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 *x);
+WOLFSSL_API long WOLFSSL_CTX_set_tmp_dh(WOLFSSL_CTX *ctx, WOLFSSL_DH *dh);
+WOLFSSL_API void wolfSSL_CTX_set_verify_depth(WOLFSSL_CTX *ctx,int depth);
+WOLFSSL_API void* WOLFSSL_get_app_data( const WOLFSSL *ssl);
+WOLFSSL_API void WOLFSSL_set_app_data(WOLFSSL *ssl, void *arg);
+WOLFSSL_API WOLFSSL_ASN1_OBJECT * WOLFSSL_X509_NAME_ENTRY_get_object(WOLFSSL_X509_NAME_ENTRY *ne);
+WOLFSSL_API WOLFSSL_X509_NAME_ENTRY *WOLFSSL_X509_NAME_get_entry(WOLFSSL_X509_NAME *name, int loc);
+WOLFSSL_API void wolfSSL_sk_X509_NAME_pop_free(STACK_OF(WOLFSSL_X509_NAME)* sk, void f (WOLFSSL_X509_NAME*));
+WOLFSSL_API unsigned char *wolfSSL_SHA1(const unsigned char *d, size_t n, unsigned char *md);
+WOLFSSL_API int wolfSSL_X509_check_private_key(WOLFSSL_X509*, WOLFSSL_EVP_PKEY*);
+WOLFSSL_API STACK_OF(WOLFSSL_X509_NAME) *wolfSSL_dup_CA_list( STACK_OF(WOLFSSL_X509_NAME) *sk );
+
+/* end lighttpd*/
+#endif
+#endif
+
+
 #ifdef __cplusplus
     }  /* extern "C" */
 #endif

From e41ebcf5d49d2e8cb783253ad0d345e5cde31c0b Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Wed, 8 Jul 2015 17:33:15 -0600
Subject: [PATCH 186/350] remove c++ comments, switch ASN1 string back to first
 spot

---
 src/ssl.c             |  5 +++--
 wolfssl/openssl/ssl.h |  2 +-
 wolfssl/ssl.h         | 10 +++-------
 3 files changed, 7 insertions(+), 10 deletions(-)

diff --git a/src/ssl.c b/src/ssl.c
index 342ea54f7..b49eeecc6 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -15230,8 +15230,9 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl)
         (void)depth;
     }
 
-    void* WOLFSSL_get_app_data( const WOLFSSL *ssl) {
-        //checkout exdata stuff...
+    void* WOLFSSL_get_app_data( const WOLFSSL *ssl)
+    {
+        /* checkout exdata stuff... */
         (void)ssl;
 
         return 0;
diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h
index 93041fa7f..103d5f217 100644
--- a/wolfssl/openssl/ssl.h
+++ b/wolfssl/openssl/ssl.h
@@ -49,7 +49,6 @@ typedef WOLFSSL_CTX      SSL_CTX;
 typedef WOLFSSL_X509       X509;
 typedef WOLFSSL_X509_NAME  X509_NAME;
 typedef WOLFSSL_X509_CHAIN X509_CHAIN;
-typedef WOLFSSL_ASN1_STRING    ASN1_STRING; 
 
 
 /* redeclare guard */
@@ -73,6 +72,7 @@ typedef WOLFSSL_X509_EXTENSION X509_EXTENSION;
 typedef WOLFSSL_ASN1_TIME      ASN1_TIME;
 typedef WOLFSSL_ASN1_INTEGER   ASN1_INTEGER;
 typedef WOLFSSL_ASN1_OBJECT    ASN1_OBJECT;
+typedef WOLFSSL_ASN1_STRING    ASN1_STRING;
 typedef WOLFSSL_dynlock_value  CRYPTO_dynlock_value;
 
 #define ASN1_UTCTIME WOLFSSL_ASN1_TIME
diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h
index df4b38619..58c21e7b9 100644
--- a/wolfssl/ssl.h
+++ b/wolfssl/ssl.h
@@ -1497,20 +1497,16 @@ WOLFSSL_API int wolfSSL_accept_ex(WOLFSSL*, HandShakeCallBack, TimeoutCallBack,
 #endif
 
 
-//We also want this to be inside openssl extra, but clang throws an error
-#ifdef HAVE_LIGHTY   
+#ifdef OPENSSL_EXTRA /*lighttp compatibility */
+#ifdef HAVE_LIGHTY
 
-typedef struct WOLFSSL_X509_NAME_ENTRY { 
+typedef struct WOLFSSL_X509_NAME_ENTRY {
     WOLFSSL_ASN1_OBJECT* object;
     WOLFSSL_ASN1_STRING* value;
     int set;
     int size;
 } WOLFSSL_X509_NAME_ENTRY;
 
-#endif
-
-#ifdef OPENSSL_EXTRA /*lighttp compatibility */
-#ifdef HAVE_LIGHTY
 
 #include <wolfssl/openssl/dh.h>
 

From e6d8ab0d45c6c81a9314cfd9b742ae779e5746a0 Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Thu, 9 Jul 2015 09:14:33 -0600
Subject: [PATCH 187/350] add enable lighty

---
 configure.ac | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/configure.ac b/configure.ac
index ac2a9c5f4..96a7aa7a9 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1700,6 +1700,24 @@ then
 fi
 
 
+# lighty Support
+AC_ARG_ENABLE([lighty],
+    [  --enable-lighty         Enable lighttpd/lighty (default: disabled)],
+    [ ENABLED_LIGHTY=$enableval ],
+    [ ENABLED_LIGHTY=no ]
+    )
+if test "$ENABLED_LIGHTY" = "yes"
+then
+    # Requires opensslextra make sure on
+    if test "x$ENABLED_OPENSSLEXTRA" = "xno"
+    then
+        ENABLED_OPENSSLEXTRA="yes"
+        AM_CFLAGS="-DOPENSSL_EXTRA $AM_CFLAGS"
+    fi
+    AM_CFLAGS="$AM_CFLAGS -DHAVE_LIGHTY -DHAVE_WOLFSSL_SSL_H=1"
+fi
+
+
 # PWDBASED has to come after certservice since we want it on w/o explicit on
 # PWDBASED
 AC_ARG_ENABLE([pwdbased],
@@ -2199,6 +2217,7 @@ echo "   * Anonymous cipher:          $ENABLED_ANON"
 echo "   * CODING:                    $ENABLED_CODING"
 echo "   * MEMORY:                    $ENABLED_MEMORY"
 echo "   * I/O POOL:                  $ENABLED_IOPOOL"
+echo "   * LIGHTY:                    $ENABLED_LIGHTY"
 echo "   * ERROR_STRINGS:             $ENABLED_ERROR_STRINGS"
 echo "   * DTLS:                      $ENABLED_DTLS"
 echo "   * Old TLS Versions:          $ENABLED_OLD_TLS"

From df8b48cd0fc013b5584c2df9ef749c2ab1b051d8 Mon Sep 17 00:00:00 2001
From: Jacob Barthelmeh <jacob@wolfssl.com>
Date: Sat, 11 Jul 2015 12:52:22 -0600
Subject: [PATCH 188/350] NTRU suites from earlier code

---
 examples/echoserver/echoserver.c |  17 ++-
 examples/server/server.c         |  16 +-
 src/internal.c                   | 242 +++++++++++++++++++++++++++----
 src/keys.c                       |  67 +++++++++
 src/ssl.c                        |  16 +-
 src/tls.c                        |  25 +++-
 tests/test-qsh.conf              | 117 +++++++++++++++
 tests/test.conf                  | 118 +++++++++++++++
 wolfssl/internal.h               |  22 +++
 9 files changed, 605 insertions(+), 35 deletions(-)

diff --git a/examples/echoserver/echoserver.c b/examples/echoserver/echoserver.c
index 2c4af4ee0..db499ae08 100644
--- a/examples/echoserver/echoserver.c
+++ b/examples/echoserver/echoserver.c
@@ -151,7 +151,18 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
 
 #ifndef NO_FILESYSTEM
     if (doPSK == 0) {
-    #if defined(HAVE_ECC) && !defined(CYASSL_SNIFFER)
+    #ifdef HAVE_NTRU
+        /* ntru */
+        if (CyaSSL_CTX_use_certificate_file(ctx, ntruCert, SSL_FILETYPE_PEM)
+                != SSL_SUCCESS)
+            err_sys("can't load ntru cert file, "
+                    "Please run from wolfSSL home dir");
+
+        if (CyaSSL_CTX_use_NTRUPrivateKey_file(ctx, ntruKey)
+                != SSL_SUCCESS)
+            err_sys("can't load ntru key file, "
+                    "Please run from wolfSSL home dir");
+    #elif defined(HAVE_ECC) && !defined(CYASSL_SNIFFER)
         /* ecc */
         if (CyaSSL_CTX_use_certificate_file(ctx, eccCert, SSL_FILETYPE_PEM)
                 != SSL_SUCCESS)
@@ -214,8 +225,8 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
         int     clientfd;
         int     firstRead = 1;
         int     gotFirstG = 0;
-                
-#ifndef CYASSL_DTLS 
+
+#ifndef CYASSL_DTLS
         SOCKADDR_IN_T client;
         socklen_t     client_len = sizeof(client);
         clientfd = accept(sockfd, (struct sockaddr*)&client,
diff --git a/examples/server/server.c b/examples/server/server.c
index d9be47eab..118a7e98e 100644
--- a/examples/server/server.c
+++ b/examples/server/server.c
@@ -181,6 +181,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
     int    useAnon = 0;
     int    doDTLS = 0;
     int    needDH = 0;
+    int    useNtruKey   = 0;
     int    nonBlocking  = 0;
     int    trackMemory  = 0;
     int    fewerPackets = 0;
@@ -221,6 +222,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
     (void)ourCert;
     (void)ourDhParam;
     (void)verifyCert;
+    (void)useNtruKey;
     (void)doCliCertCheck;
     (void)minDhKeyBits;
 
@@ -253,6 +255,10 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
             #endif
                 break;
 
+            case 'n' :
+                useNtruKey = 1;
+                break;
+
             case 'u' :
                 doDTLS  = 1;
                 break;
@@ -474,8 +480,16 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
     wolfSSL_CTX_SetMinDhKey_Sz(ctx, (word16)minDhKeyBits);
 #endif
 
+#ifdef HAVE_NTRU
+    if (useNtruKey) {
+        if (CyaSSL_CTX_use_NTRUPrivateKey_file(ctx, ourKey)
+                                != SSL_SUCCESS)
+            err_sys("can't load ntru key file, "
+                    "Please run from wolfSSL home dir");
+    }
+#endif
 #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
-    if (!usePsk && !useAnon) {
+    if (!useNtruKey && !usePsk && !useAnon) {
         if (SSL_CTX_use_PrivateKey_file(ctx, ourKey, SSL_FILETYPE_PEM)
                                          != SSL_SUCCESS)
             err_sys("can't load server private key file, check file and run "
diff --git a/src/internal.c b/src/internal.c
index 5ac91ff01..b63b1fe2a 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -181,7 +181,7 @@ static int QSH_FreeAll(WOLFSSL* ssl)
     QSHScheme* preList = NULL;
 
     /* free elements in struct */
-    while(key) {
+    while (key) {
         preKey = key;
         if (key->pri.buffer)
             XFREE(key->pri.buffer, ssl->heap, DYNAMIC_TYPE_TMP_ARRAY);
@@ -192,11 +192,12 @@ static int QSH_FreeAll(WOLFSSL* ssl)
         /* free struct */
         XFREE(preKey, ssl->heap, DYNAMIC_TYPE_TMP_ARRAY);
     }
+    key = NULL;
 
 
     /* free all of peers QSH keys */
     key = ssl->peerQSHKey;
-    while(key) {
+    while (key) {
         preKey = key;
         if (key->pri.buffer)
             XFREE(key->pri.buffer, ssl->heap, DYNAMIC_TYPE_TMP_ARRAY);
@@ -207,6 +208,7 @@ static int QSH_FreeAll(WOLFSSL* ssl)
         /* free struct */
         XFREE(preKey, ssl->heap, DYNAMIC_TYPE_TMP_ARRAY);
     }
+    key = NULL;
 
     /* free secret information */
     if (secret) {
@@ -234,6 +236,7 @@ static int QSH_FreeAll(WOLFSSL* ssl)
         }
     }
     XFREE(secret, ssl->heap, DYNAMIC_TYPE_TMP_ARRAY);
+    secret = NULL;
 
     return 0;
 }
@@ -773,12 +776,40 @@ void InitSuites(Suites* suites, ProtocolVersion pv, word16 haveRSA,
 #endif
 
 #ifdef BUILD_TLS_QSH
-    if (tls && haveNTRU) {
+    if (tls) {
         suites->suites[idx++] = QSH_BYTE;
         suites->suites[idx++] = TLS_QSH;
     }
 #endif
 
+#ifdef BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA
+   if (tls && haveNTRU && haveRSA) {
+        suites->suites[idx++] = 0;
+        suites->suites[idx++] = TLS_NTRU_RSA_WITH_AES_256_CBC_SHA;
+   }
+#endif
+
+#ifdef BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA
+    if (tls && haveNTRU && haveRSA) {
+        suites->suites[idx++] = 0;
+        suites->suites[idx++] = TLS_NTRU_RSA_WITH_AES_128_CBC_SHA;
+    }
+#endif
+
+#ifdef BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA
+    if (tls && haveNTRU && haveRSA) {
+        suites->suites[idx++] = 0;
+        suites->suites[idx++] = TLS_NTRU_RSA_WITH_RC4_128_SHA;
+    }
+#endif
+
+#ifdef BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA
+    if (tls && haveNTRU && haveRSA) {
+        suites->suites[idx++] = 0;
+        suites->suites[idx++] = TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA;
+    }
+#endif
+
 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
     if (tls1_2 && haveECDSAsig) {
         suites->suites[idx++] = ECC_BYTE;
@@ -1655,11 +1686,6 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx)
 #endif
 
 #ifdef HAVE_TLS_EXTENSIONS
-#ifdef HAVE_QSH
-    #ifdef HAVE_NTRU
-        ssl->options.haveNTRU = 1;
-    #endif
-#endif
 #ifdef HAVE_MAX_FRAGMENT
     ssl->max_fragment = MAX_RECORD_SIZE;
 #endif
@@ -3282,17 +3308,6 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
             }
         }
 
-        if (first == QSH_BYTE) {
-
-        switch (second) {
-
-        case TLS_QSH :
-            if (requirement == REQUIRES_NTRU)
-                return 1;
-            break;
-            }
-        }
-
         /* ECC extensions */
         if (first == ECC_BYTE) {
 
@@ -3526,6 +3541,11 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
                 return 1;
             break;
 
+        case TLS_NTRU_RSA_WITH_RC4_128_SHA :
+            if (requirement == REQUIRES_NTRU)
+                return 1;
+            break;
+
         case TLS_RSA_WITH_AES_128_CBC_SHA :
             if (requirement == REQUIRES_RSA)
                 return 1;
@@ -3536,11 +3556,21 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
                 return 1;
             break;
 
+        case TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA :
+            if (requirement == REQUIRES_NTRU)
+                return 1;
+            break;
+
         case TLS_RSA_WITH_AES_256_CBC_SHA :
             if (requirement == REQUIRES_RSA)
                 return 1;
             break;
 
+        case TLS_NTRU_RSA_WITH_AES_128_CBC_SHA :
+            if (requirement == REQUIRES_NTRU)
+                return 1;
+            break;
+
         case TLS_RSA_WITH_AES_256_CBC_SHA256 :
             if (requirement == REQUIRES_RSA)
                 return 1;
@@ -3552,6 +3582,10 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
                 return 1;
             break;
 
+        case TLS_NTRU_RSA_WITH_AES_256_CBC_SHA :
+            if (requirement == REQUIRES_NTRU)
+                return 1;
+            break;
 #endif
 
         case TLS_PSK_WITH_AES_128_GCM_SHA256 :
@@ -4332,6 +4366,21 @@ static int DoCertificate(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                 }
                 break;
         #endif /* NO_RSA */
+        #ifdef HAVE_NTRU
+            case NTRUk:
+                {
+                    if (dCert->pubKeySize > sizeof(ssl->peerNtruKey)) {
+                        ret = PEER_KEY_ERROR;
+                    }
+                    else {
+                        XMEMCPY(ssl->peerNtruKey, dCert->publicKey,
+                                                             dCert->pubKeySize);
+                        ssl->peerNtruKeyLen = (word16)dCert->pubKeySize;
+                        ssl->peerNtruKeyPresent = 1;
+                    }
+                }
+                break;
+        #endif /* HAVE_NTRU */
         #ifdef HAVE_ECC
             case ECDSAk:
                 {
@@ -8238,6 +8287,22 @@ static const char* const cipher_names[] =
     "RABBIT-SHA",
 #endif
 
+#ifdef BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA
+    "NTRU-RC4-SHA",
+#endif
+
+#ifdef BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA
+    "NTRU-DES-CBC3-SHA",
+#endif
+
+#ifdef BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA
+    "NTRU-AES128-SHA",
+#endif
+
+#ifdef BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA
+    "NTRU-AES256-SHA",
+#endif
+
 #ifdef BUILD_TLS_RSA_WITH_AES_128_CCM_8
     "AES128-CCM-8",
 #endif
@@ -8620,6 +8685,22 @@ static int cipher_name_idx[] =
     TLS_RSA_WITH_RABBIT_SHA,
 #endif
 
+#ifdef BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA
+    TLS_NTRU_RSA_WITH_RC4_128_SHA,
+#endif
+
+#ifdef BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA
+    TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA,
+#endif
+
+#ifdef BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA
+    TLS_NTRU_RSA_WITH_AES_128_CBC_SHA,
+#endif
+
+#ifdef BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA
+    TLS_NTRU_RSA_WITH_AES_256_CBC_SHA,
+#endif
+
 #ifdef BUILD_TLS_RSA_WITH_AES_128_CCM_8
     TLS_RSA_WITH_AES_128_CCM_8,
 #endif
@@ -11145,6 +11226,57 @@ static word32 QSH_KeyExchangeWrite(WOLFSSL* ssl, byte isServer)
                 }
                 break;
         #endif /* !NO_DH && !NO_PSK */
+        #ifdef HAVE_NTRU
+            case ntru_kea:
+                {
+                    word32 rc;
+                    word16 cipherLen = MAX_ENCRYPT_SZ;
+                    DRBG_HANDLE drbg;
+
+                    ret = wc_RNG_GenerateBlock(ssl->rng,
+                                      ssl->arrays->preMasterSecret, SECRET_LEN);
+                    if (ret != 0) {
+                    #ifdef WOLFSSL_SMALL_STACK
+                        XFREE(encSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+                    #endif
+                        return ret;
+                    }
+
+                    ssl->arrays->preMasterSz = SECRET_LEN;
+
+                    if (ssl->peerNtruKeyPresent == 0) {
+                    #ifdef WOLFSSL_SMALL_STACK
+                        XFREE(encSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+                    #endif
+                        return NO_PEER_KEY;
+                    }
+
+                    rc = ntru_crypto_external_drbg_instantiate(GetEntropy, &drbg);
+                    if (rc != DRBG_OK) {
+                    #ifdef WOLFSSL_SMALL_STACK
+                        XFREE(encSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+                    #endif
+                        return NTRU_DRBG_ERROR;
+                    }
+
+                    rc = ntru_crypto_ntru_encrypt(drbg, ssl->peerNtruKeyLen,
+                                                  ssl->peerNtruKey,
+                                                  ssl->arrays->preMasterSz,
+                                                  ssl->arrays->preMasterSecret,
+                                                  &cipherLen, encSecret);
+                    ntru_crypto_drbg_uninstantiate(drbg);
+                    if (rc != NTRU_OK) {
+                    #ifdef WOLFSSL_SMALL_STACK
+                        XFREE(encSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+                    #endif
+                        return NTRU_ENCRYPT_ERROR;
+                    }
+
+                    encSz = cipherLen;
+                    ret = 0;
+                }
+                break;
+        #endif /* HAVE_NTRU */
         #ifdef HAVE_ECC
             case ecc_diffie_hellman_kea:
                 {
@@ -11964,7 +12096,7 @@ int DoSessionTicket(WOLFSSL* ssl,
 
     #ifdef HAVE_QSH
         word32 qshSz = 0;
-        if (ssl->peerQSHKeyPresent) {
+        if (ssl->peerQSHKeyPresent && ssl->options.haveQSH) {
             qshSz = QSH_KeyGetSize(ssl);
         }
     #endif
@@ -13408,6 +13540,9 @@ int DoSessionTicket(WOLFSSL* ssl,
             havePSK = ssl->options.havePSK;
         #endif
 
+        if (ssl->options.haveNTRU)
+            haveRSA = 0;
+
         if (CipherRequires(first, second, REQUIRES_RSA)) {
             WOLFSSL_MSG("Requires RSA");
             if (haveRSA == 0) {
@@ -13478,7 +13613,7 @@ int DoSessionTicket(WOLFSSL* ssl,
         /* need to negotiate a classic suite in addition to TLS_QSH */
         if (first == QSH_BYTE && second == TLS_QSH) {
             if (TLSX_SupportExtensions(ssl)) {
-                ssl->peerQSHKeyPresent = 1; /* matched TLS_QSH */
+                ssl->options.haveQSH = 1; /* matched TLS_QSH */
             }
             else {
                 WOLFSSL_MSG("Version of SSL connection does not support TLS_QSH");
@@ -14627,7 +14762,7 @@ int DoSessionTicket(WOLFSSL* ssl,
                         else
                         {
                 #ifdef HAVE_QSH
-                            if (ssl->peerQSHKeyPresent) {
+                            if (ssl->options.haveQSH) {
                                 /* extension name */
                                 ato16(input + *inOutIdx, &name);
                                 *inOutIdx += OPAQUE16_LEN;
@@ -14700,7 +14835,7 @@ int DoSessionTicket(WOLFSSL* ssl,
                 ssl->arrays->preMasterSz = ssl->arrays->psk_keySz * 2 + 4;
 
             #ifdef HAVE_QSH
-                if (ssl->peerQSHKeyPresent) {
+                if (ssl->options.haveQSH) {
                     /* extension name */
                     ato16(input + *inOutIdx, &name);
                     *inOutIdx += OPAQUE16_LEN;
@@ -14724,6 +14859,61 @@ int DoSessionTicket(WOLFSSL* ssl,
             }
             break;
         #endif /* NO_PSK */
+        #ifdef HAVE_NTRU
+            case ntru_kea:
+            {
+                word16 cipherLen;
+                word16 plainLen = sizeof(ssl->arrays->preMasterSecret);
+
+                if (!ssl->buffers.key.buffer)
+                    return NO_PRIVATE_KEY;
+
+                if ((*inOutIdx - begin) + OPAQUE16_LEN > size)
+                    return BUFFER_ERROR;
+
+                ato16(input + *inOutIdx, &cipherLen);
+                *inOutIdx += OPAQUE16_LEN;
+
+                if (cipherLen > MAX_NTRU_ENCRYPT_SZ)
+                    return NTRU_KEY_ERROR;
+
+                if ((*inOutIdx - begin) + cipherLen > size)
+                    return BUFFER_ERROR;
+
+                if (NTRU_OK != ntru_crypto_ntru_decrypt(
+                            (word16) ssl->buffers.key.length,
+                            ssl->buffers.key.buffer, cipherLen,
+                            input + *inOutIdx, &plainLen,
+                            ssl->arrays->preMasterSecret))
+                    return NTRU_DECRYPT_ERROR;
+
+                if (plainLen != SECRET_LEN)
+                    return NTRU_DECRYPT_ERROR;
+
+                *inOutIdx += cipherLen;
+
+            #ifdef HAVE_QSH
+                if (ssl->options.haveQSH) {
+                    /* extension name */
+                    ato16(input + *inOutIdx, &name);
+                    *inOutIdx += OPAQUE16_LEN;
+
+                    if (name == WOLFSSL_QSH) {
+                        *inOutIdx += TLSX_QSHCipher_Parse(ssl, input +
+                                        *inOutIdx, size - *inOutIdx + begin, 1);
+                    }
+                    else {
+                        /* unknown extension sent client ignored
+                           handshake */
+                        return BUFFER_ERROR;
+                    }
+                }
+            #endif
+                ssl->arrays->preMasterSz = plainLen;
+                ret = MakeMasterSecret(ssl);
+            }
+            break;
+        #endif /* HAVE_NTRU */
         #ifdef HAVE_ECC
             case ecc_diffie_hellman_kea:
             {
@@ -14787,7 +14977,7 @@ int DoSessionTicket(WOLFSSL* ssl,
 
                 ssl->arrays->preMasterSz = length;
             #ifdef HAVE_QSH
-                if (ssl->peerQSHKeyPresent) {
+                if (ssl->options.haveQSH) {
                     /* extension name */
                     ato16(input + *inOutIdx, &name);
                     *inOutIdx += OPAQUE16_LEN;
@@ -14838,7 +15028,7 @@ int DoSessionTicket(WOLFSSL* ssl,
                 *inOutIdx += clientPubSz;
 
             #ifdef HAVE_QSH
-                if (ssl->peerQSHKeyPresent) {
+                if (ssl->options.haveQSH) {
                     /* extension name */
                     ato16(input + *inOutIdx, &name);
                     *inOutIdx += OPAQUE16_LEN;
@@ -14929,7 +15119,7 @@ int DoSessionTicket(WOLFSSL* ssl,
                 ssl->arrays->preMasterSz +=
                                           ssl->arrays->psk_keySz + OPAQUE16_LEN;
             #ifdef HAVE_QSH
-                if (ssl->peerQSHKeyPresent) {
+                if (ssl->options.haveQSH) {
                     /* extension name */
                     ato16(input + *inOutIdx, &name);
                     *inOutIdx += OPAQUE16_LEN;
diff --git a/src/keys.c b/src/keys.c
index 93c769219..1b15dbb93 100644
--- a/src/keys.c
+++ b/src/keys.c
@@ -877,6 +877,22 @@ int SetCipherSpecs(WOLFSSL* ssl)
         break;
 #endif
 
+#ifdef BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA
+    case TLS_NTRU_RSA_WITH_RC4_128_SHA :
+        ssl->specs.bulk_cipher_algorithm = wolfssl_rc4;
+        ssl->specs.cipher_type           = stream;
+        ssl->specs.mac_algorithm         = sha_mac;
+        ssl->specs.kea                   = ntru_kea;
+        ssl->specs.sig_algo              = rsa_sa_algo;
+        ssl->specs.hash_size             = SHA_DIGEST_SIZE;
+        ssl->specs.pad_size              = PAD_SHA;
+        ssl->specs.static_ecdh           = 0;
+        ssl->specs.key_size              = RC4_KEY_SIZE;
+        ssl->specs.iv_size               = 0;
+        ssl->specs.block_size            = 0;
+
+        break;
+#endif
 
 #ifdef BUILD_SSL_RSA_WITH_RC4_128_MD5
     case SSL_RSA_WITH_RC4_128_MD5 :
@@ -912,6 +928,23 @@ int SetCipherSpecs(WOLFSSL* ssl)
         break;
 #endif
 
+#ifdef BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA
+    case TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA :
+        ssl->specs.bulk_cipher_algorithm = wolfssl_triple_des;
+        ssl->specs.cipher_type           = block;
+        ssl->specs.mac_algorithm         = sha_mac;
+        ssl->specs.kea                   = ntru_kea;
+        ssl->specs.sig_algo              = rsa_sa_algo;
+        ssl->specs.hash_size             = SHA_DIGEST_SIZE;
+        ssl->specs.pad_size              = PAD_SHA;
+        ssl->specs.static_ecdh           = 0;
+        ssl->specs.key_size              = DES3_KEY_SIZE;
+        ssl->specs.block_size            = DES_BLOCK_SIZE;
+        ssl->specs.iv_size               = DES_IV_SIZE;
+
+        break;
+#endif
+
 #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA
     case TLS_RSA_WITH_AES_128_CBC_SHA :
         ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
@@ -980,6 +1013,23 @@ int SetCipherSpecs(WOLFSSL* ssl)
         break;
 #endif
 
+#ifdef BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA
+    case TLS_NTRU_RSA_WITH_AES_128_CBC_SHA :
+        ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
+        ssl->specs.cipher_type           = block;
+        ssl->specs.mac_algorithm         = sha_mac;
+        ssl->specs.kea                   = ntru_kea;
+        ssl->specs.sig_algo              = rsa_sa_algo;
+        ssl->specs.hash_size             = SHA_DIGEST_SIZE;
+        ssl->specs.pad_size              = PAD_SHA;
+        ssl->specs.static_ecdh           = 0;
+        ssl->specs.key_size              = AES_128_KEY_SIZE;
+        ssl->specs.block_size            = AES_BLOCK_SIZE;
+        ssl->specs.iv_size               = AES_IV_SIZE;
+
+        break;
+#endif
+
 #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA
     case TLS_RSA_WITH_AES_256_CBC_SHA :
         ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
@@ -1014,6 +1064,23 @@ int SetCipherSpecs(WOLFSSL* ssl)
         break;
 #endif
 
+#ifdef BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA
+    case TLS_NTRU_RSA_WITH_AES_256_CBC_SHA :
+        ssl->specs.bulk_cipher_algorithm = wolfssl_aes;
+        ssl->specs.cipher_type           = block;
+        ssl->specs.mac_algorithm         = sha_mac;
+        ssl->specs.kea                   = ntru_kea;
+        ssl->specs.sig_algo              = rsa_sa_algo;
+        ssl->specs.hash_size             = SHA_DIGEST_SIZE;
+        ssl->specs.pad_size              = PAD_SHA;
+        ssl->specs.static_ecdh           = 0;
+        ssl->specs.key_size              = AES_256_KEY_SIZE;
+        ssl->specs.block_size            = AES_BLOCK_SIZE;
+        ssl->specs.iv_size               = AES_IV_SIZE;
+
+        break;
+#endif
+
 #ifdef BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256
     case TLS_PSK_WITH_AES_128_GCM_SHA256 :
         ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
diff --git a/src/ssl.c b/src/ssl.c
index b49eeecc6..626436fec 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -9873,10 +9873,24 @@ const char* wolfSSL_CIPHER_get_name(const WOLFSSL_CIPHER* cipher)
             case TLS_RSA_WITH_RABBIT_SHA :
                 return "TLS_RSA_WITH_RABBIT_SHA";
     #endif
+    #ifdef HAVE_NTRU
+        #ifndef NO_RC4
+            case TLS_NTRU_RSA_WITH_RC4_128_SHA :
+                return "TLS_NTRU_RSA_WITH_RC4_128_SHA";
+        #endif
+        #ifndef NO_DES3
+            case TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA :
+                return "TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA";
+        #endif
+            case TLS_NTRU_RSA_WITH_AES_128_CBC_SHA :
+                return "TLS_NTRU_RSA_WITH_AES_128_CBC_SHA";
+            case TLS_NTRU_RSA_WITH_AES_256_CBC_SHA :
+                return "TLS_NTRU_RSA_WITH_AES_256_CBC_SHA";
+    #endif /* HAVE_NTRU */
     #ifdef HAVE_QSH
             case TLS_QSH :
                 return "TLS_QSH";
-    #endif /* HAVE_NTRU */
+    #endif /* HAVE_QSH*/
 #endif /* NO_SHA */
             case TLS_RSA_WITH_AES_128_GCM_SHA256 :
                 return "TLS_RSA_WITH_AES_128_GCM_SHA256";
diff --git a/src/tls.c b/src/tls.c
index 78da2efa5..5a070f667 100644
--- a/src/tls.c
+++ b/src/tls.c
@@ -2232,6 +2232,7 @@ static void TLSX_QSHAgreement(TLSX** extensions)
 {
     TLSX* extension = TLSX_Find(*extensions, WOLFSSL_QSH);
     QSHScheme* format = NULL;
+    QSHScheme* delete = NULL;
     QSHScheme* prev   = NULL;
 
     if (extension == NULL)
@@ -2246,9 +2247,10 @@ static void TLSX_QSHAgreement(TLSX** extensions)
             }
             if (prev)
                 prev->next = format->next;
-            prev   = format;
+            delete = format;
             format = format->next;
-            XFREE(format, ssl->heap, DYNAMIC_TYPE_TMP_ARRAY);
+            XFREE(delete, 0, DYNAMIC_TYPE_TMP_ARRAY);
+            delete = NULL;
         } else {
             prev   = format;
             format = format->next;
@@ -2275,6 +2277,7 @@ static int TLSX_QSH_Parse(WOLFSSL* ssl, byte* input, word16 length,
     byte*  PK = NULL;
     int r;
 
+
     if (OPAQUE16_LEN > length)
         return BUFFER_ERROR;
 
@@ -2313,6 +2316,11 @@ static int TLSX_QSH_Parse(WOLFSSL* ssl, byte* input, word16 length,
 
         offset  += OPAQUE16_LEN;
         schemSz += offset;
+
+        /* check buffer size */
+        if (schemSz > length)
+            return BUFFER_ERROR;
+
         while ((offset < schemSz) && numKeys) {
             /* Scheme ID list */
             ato16(input + offset, &name);
@@ -3028,7 +3036,7 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer)
 
             /* test if user has set a specific scheme already */
             if (!ssl->user_set_QSHSchemes) {
-                if (ssl->sendQSHKeys) {
+                if (ssl->sendQSHKeys && ssl->QSH_Key == NULL) {
                     if ((ret = TLSX_CreateQSHKey(ssl, WOLFSSL_NTRU_EESS743)) != 0) {
                         WOLFSSL_MSG("Error creating ntru keys");
                         return ret;
@@ -3068,7 +3076,7 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer)
                         public_key, public_key_len) != SSL_SUCCESS)
                     ret = -1;
             }
-            else if (ssl->sendQSHKeys) {
+            else if (ssl->sendQSHKeys && ssl->QSH_Key == NULL) {
                 /* for each scheme make a client key */
                 extension = TLSX_Find(ssl->extensions, WOLFSSL_QSH);
                 if (extension) {
@@ -3192,6 +3200,15 @@ word16 TLSX_GetResponseSize(WOLFSSL* ssl)
     word16 length = 0;
     byte semaphore[SEMAPHORE_SIZE] = {0};
 
+    #ifdef HAVE_QSH
+        /* change response if not using TLS_QSH */
+        if (!ssl->options.haveQSH) {
+            TLSX* ext = TLSX_Find(ssl->extensions, WOLFSSL_QSH);
+            if (ext)
+                ext->resp = 0;
+        }
+    #endif
+
     if (TLSX_SupportExtensions(ssl))
         length += TLSX_GetSize(ssl->extensions, semaphore, 0);
 
diff --git a/tests/test-qsh.conf b/tests/test-qsh.conf
index 0261e9e47..8261f147d 100644
--- a/tests/test-qsh.conf
+++ b/tests/test-qsh.conf
@@ -1901,4 +1901,121 @@
 -v 1
 -l QSH:ADH-AES128-SHA
 
+# server TLSv1 NTRU_RC4
+-v 1
+-l QSH:NTRU-RC4-SHA
+-n
+-c ./certs/ntru-cert.pem
+-k ./certs/ntru-key.raw
+
+# client TLSv1 NTRU_RC4
+-v 1
+-l QSH:NTRU-RC4-SHA
+
+# server TLSv1 NTRU_DES3
+-v 1
+-l QSH:NTRU-DES-CBC3-SHA
+-n
+-c ./certs/ntru-cert.pem
+-k ./certs/ntru-key.raw
+
+# client TLSv1 NTRU_DES3
+-v 1
+-l QSH:NTRU-DES-CBC3-SHA
+
+# server TLSv1 NTRU_AES128
+-v 1
+-l QSH:NTRU-AES128-SHA
+-n
+-c ./certs/ntru-cert.pem
+-k ./certs/ntru-key.raw
+
+# client TLSv1 NTRU_AES128
+-v 1
+-l QSH:NTRU-AES128-SHA
+
+# server TLSv1 NTRU_AES256
+-v 1
+-l QSH:NTRU-AES256-SHA
+-n
+-c ./certs/ntru-cert.pem
+-k ./certs/ntru-key.raw
+
+# client TLSv1 NTRU_AES256
+-v 1
+-l QSH:NTRU-AES256-SHA
+
+# server TLSv1.1 NTRU_RC4
+-v 2
+-l QSH:NTRU-RC4-SHA
+-n
+-c ./certs/ntru-cert.pem
+-k ./certs/ntru-key.raw
+
+# client TLSv1.1 NTRU_RC4
+-v 2
+-l QSH:NTRU-RC4-SHA
+
+# server TLSv1.1 NTRU_DES3
+-v 2
+-l QSH:NTRU-DES-CBC3-SHA
+-n
+-c ./certs/ntru-cert.pem
+-k ./certs/ntru-key.raw
+
+# client TLSv1.1 NTRU_DES3
+-v 2
+-l QSH:NTRU-DES-CBC3-SHA
+
+# server TLSv1.1 NTRU_AES128
+-v 2
+-l QSH:NTRU-AES128-SHA
+-n
+-c ./certs/ntru-cert.pem
+-k ./certs/ntru-key.raw
+
+# client TLSv1.1 NTRU_AES128
+-v 2
+-l QSH:NTRU-AES128-SHA
+
+# server TLSv1.1 NTRU_AES256
+-v 2
+-l QSH:NTRU-AES256-SHA
+-n
+-c ./certs/ntru-cert.pem
+-k ./certs/ntru-key.raw
+
+# client TLSv1.1 NTRU_AES256
+-v 2
+-l QSH:NTRU-AES256-SHA
+
+# server TLSv1.2 NTRU_RC4
+-v 3
+-l QSH:NTRU-RC4-SHA
+-n
+-c ./certs/ntru-cert.pem
+-k ./certs/ntru-key.raw
+
+# client TLSv1.2 NTRU_RC4
+-v 3
+-l QSH:NTRU-RC4-SHA
+
+# server TLSv1.2 NTRU_DES3
+-v 3
+-l QSH:NTRU-DES-CBC3-SHA
+-n
+-c ./certs/ntru-cert.pem
+-k ./certs/ntru-key.raw
+
+# client TLSv1.2 NTRU_DES3
+-v 3
+-l QSH:NTRU-DES-CBC3-SHA
+
+# server TLSv1.2 NTRU_AES128
+-v 3
+-l QSH:NTRU-AES128-SHA
+-n
+-c ./certs/ntru-cert.pem
+-k ./certs/ntru-key.raw
+
 
diff --git a/tests/test.conf b/tests/test.conf
index 89e024860..963db7b06 100644
--- a/tests/test.conf
+++ b/tests/test.conf
@@ -1901,3 +1901,121 @@
 -v 1
 -l ADH-AES128-SHA
 
+# server TLSv1 NTRU_RC4
+-v 1
+-l NTRU-RC4-SHA
+-n
+-c ./certs/ntru-cert.pem
+-k ./certs/ntru-key.raw
+
+# client TLSv1 NTRU_RC4
+-v 1
+-l NTRU-RC4-SHA
+
+# server TLSv1 NTRU_DES3
+-v 1
+-l NTRU-DES-CBC3-SHA
+-n
+-c ./certs/ntru-cert.pem
+-k ./certs/ntru-key.raw
+
+# client TLSv1 NTRU_DES3
+-v 1
+-l NTRU-DES-CBC3-SHA
+
+# server TLSv1 NTRU_AES128
+-v 1
+-l NTRU-AES128-SHA
+-n
+-c ./certs/ntru-cert.pem
+-k ./certs/ntru-key.raw
+
+# client TLSv1 NTRU_AES128
+-v 1
+-l NTRU-AES128-SHA
+
+# server TLSv1 NTRU_AES256
+-v 1
+-l NTRU-AES256-SHA
+-n
+-c ./certs/ntru-cert.pem
+-k ./certs/ntru-key.raw
+
+# client TLSv1 NTRU_AES256
+-v 1
+-l NTRU-AES256-SHA
+
+# server TLSv1.1 NTRU_RC4
+-v 2
+-l NTRU-RC4-SHA
+-n
+-c ./certs/ntru-cert.pem
+-k ./certs/ntru-key.raw
+
+# client TLSv1.1 NTRU_RC4
+-v 2
+-l NTRU-RC4-SHA
+
+# server TLSv1.1 NTRU_DES3
+-v 2
+-l NTRU-DES-CBC3-SHA
+-n
+-c ./certs/ntru-cert.pem
+-k ./certs/ntru-key.raw
+
+# client TLSv1.1 NTRU_DES3
+-v 2
+-l NTRU-DES-CBC3-SHA
+
+# server TLSv1.1 NTRU_AES128
+-v 2
+-l NTRU-AES128-SHA
+-n
+-c ./certs/ntru-cert.pem
+-k ./certs/ntru-key.raw
+
+# client TLSv1.1 NTRU_AES128
+-v 2
+-l NTRU-AES128-SHA
+
+# server TLSv1.1 NTRU_AES256
+-v 2
+-l NTRU-AES256-SHA
+-n
+-c ./certs/ntru-cert.pem
+-k ./certs/ntru-key.raw
+
+# client TLSv1.1 NTRU_AES256
+-v 2
+-l NTRU-AES256-SHA
+
+# server TLSv1.2 NTRU_RC4
+-v 3
+-l NTRU-RC4-SHA
+-n
+-c ./certs/ntru-cert.pem
+-k ./certs/ntru-key.raw
+
+# client TLSv1.2 NTRU_RC4
+-v 3
+-l NTRU-RC4-SHA
+
+# server TLSv1.2 NTRU_DES3
+-v 3
+-l NTRU-DES-CBC3-SHA
+-n
+-c ./certs/ntru-cert.pem
+-k ./certs/ntru-key.raw
+
+# client TLSv1.2 NTRU_DES3
+-v 3
+-l NTRU-DES-CBC3-SHA
+
+# server TLSv1.2 NTRU_AES128
+-v 3
+-l NTRU-AES128-SHA
+-n
+-c ./certs/ntru-cert.pem
+-k ./certs/ntru-key.raw
+
+
diff --git a/wolfssl/internal.h b/wolfssl/internal.h
index 46c439b2a..9664bf0e4 100644
--- a/wolfssl/internal.h
+++ b/wolfssl/internal.h
@@ -217,11 +217,17 @@ typedef byte word24[3];
         #if !defined(NO_MD5)
             #define BUILD_SSL_RSA_WITH_RC4_128_MD5
         #endif
+        #if !defined(NO_TLS) && defined(HAVE_NTRU) && !defined(NO_SHA)
+            #define BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA
+        #endif
     #endif
 
     #if !defined(NO_RSA) && !defined(NO_DES3)
         #if !defined(NO_SHA)
             #define BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA
+            #if !defined(NO_TLS) && defined(HAVE_NTRU)
+                    #define BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA
+            #endif
         #endif
     #endif
 
@@ -229,6 +235,10 @@ typedef byte word24[3];
         #if !defined(NO_SHA)
             #define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA
             #define BUILD_TLS_RSA_WITH_AES_256_CBC_SHA
+            #if defined(HAVE_NTRU)
+                    #define BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA
+                    #define BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA
+            #endif
         #endif
         #if !defined (NO_SHA256)
             #define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256
@@ -632,6 +642,12 @@ enum {
     TLS_RSA_WITH_AES_256_CBC_B2B256   = 0xF9,
     TLS_RSA_WITH_HC_128_B2B256        = 0xFA,   /* eSTREAM too */
 
+    /* wolfSSL extension - NTRU */
+    TLS_NTRU_RSA_WITH_RC4_128_SHA      = 0xe5,
+    TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA = 0xe6,
+    TLS_NTRU_RSA_WITH_AES_128_CBC_SHA  = 0xe7,  /* clashes w/official SHA-256 */
+    TLS_NTRU_RSA_WITH_AES_256_CBC_SHA  = 0xe8,
+
     /* wolfSSL extension - NTRU , Quantum-safe Handshake
        first byte is 0xD0 (QSH_BYTE) */
     TLS_QSH      = 0x01,
@@ -1947,6 +1963,7 @@ typedef struct Options {
     word16            haveRSA:1;          /* RSA available */
     word16            haveDH:1;           /* server DH parms set by user */
     word16            haveNTRU:1;         /* server NTRU  private key loaded */
+    byte              haveQSH:1;          /* have QSH ability */
     word16            haveECDSAsig:1;     /* server ECDSA signed cert */
     word16            haveStaticECC:1;    /* static server ECC private key */
     word16            havePeerCert:1;     /* do we have peer's cert */
@@ -2241,6 +2258,11 @@ struct WOLFSSL {
     byte            maxRequest;
     byte            user_set_QSHSchemes;
 #endif
+#ifdef HAVE_NTRU
+    word16          peerNtruKeyLen;
+    byte            peerNtruKey[MAX_NTRU_PUB_KEY_SZ];
+    byte            peerNtruKeyPresent;
+#endif
 #ifdef HAVE_ECC
     ecc_key*        peerEccKey;              /* peer's  ECDHE key */
     ecc_key*        peerEccDsaKey;           /* peer's  ECDSA key */

From 1750fe698e859f8a51cb9b9056ecbc6619af3877 Mon Sep 17 00:00:00 2001
From: kaleb-himes <kaleb@wolfssl.com>
Date: Mon, 13 Jul 2015 11:32:59 -0600
Subject: [PATCH 189/350] Name change to LICENSING

---
 LICENSING | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/LICENSING b/LICENSING
index e43bb9f39..9f50165fd 100644
--- a/LICENSING
+++ b/LICENSING
@@ -1,7 +1,7 @@
 
-CyaSSL and wolfCrypt are either licensed for use under the GPLv2 or a
-standard commercial license. For our users who cannot use CyaSSL under
-GPLv2, a commercial license to CyaSSL and wolfCrypt is available.
+wolfSSL (formerly known as CyaSSL) and wolfCrypt are either licensed for use
+under the GPLv2 or a standard commercial license. For our users who cannot use
+wolfSSL under GPLv2, a commercial license to wolfSSL and wolfCrypt is available.
 Please contact wolfSSL Inc. directly at:
 
 Email: licensing@wolfssl.com

From 67fd0ebbd41471cd0891fe22eef284d89953aa3a Mon Sep 17 00:00:00 2001
From: JacobBarthelmeh <jacob@wolfssl.com>
Date: Mon, 13 Jul 2015 17:26:04 -0600
Subject: [PATCH 190/350] wolfssl enter msgs on lighty stubs and create a new
 BN when given a null argument

---
 src/ssl.c | 34 ++++++++++++++++++++++++++++++----
 1 file changed, 30 insertions(+), 4 deletions(-)

diff --git a/src/ssl.c b/src/ssl.c
index 626436fec..82891e58c 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -11213,15 +11213,20 @@ WOLFSSL_BIGNUM* wolfSSL_BN_bin2bn(const unsigned char* str, int len,
 {
     WOLFSSL_MSG("wolfSSL_BN_bin2bn");
 
+    /* if ret is null create a BN */
+    if (ret == NULL) {
+        ret = wolfSSL_BN_new();
+        if (ret == NULL)
+            return NULL;
+    }
+
+    /* check ret and ret->internal then read in value */
     if (ret && ret->internal) {
         if (mp_read_unsigned_bin((mp_int*)ret->internal, str, len) != 0) {
             WOLFSSL_MSG("mp_read_unsigned_bin failure");
             return NULL;
         }
     }
-    else {
-        WOLFSSL_MSG("wolfSSL_BN_bin2bn wants return bignum");
-    }
 
     return ret;
 }
@@ -15160,6 +15165,7 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl)
     char WOLFSSL_CTX_use_certificate(WOLFSSL_CTX *ctx, WOLFSSL_X509 *x) {
         (void)ctx;
         (void)x;
+        WOLFSSL_ENTER("WOLFSSL_CTX_use_certificate");
 
         return 0;
     }
@@ -15167,6 +15173,7 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl)
     int WOLFSSL_CTX_use_PrivateKey(WOLFSSL_CTX *ctx, WOLFSSL_EVP_PKEY *pkey) {
         (void)ctx;
         (void)pkey;
+        WOLFSSL_ENTER("WOLFSSL_CTX_use_PrivateKey");
 
         return 0;
     }
@@ -15174,6 +15181,7 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl)
     WOLFSSL_BIO *wolfSSL_BIO_new_file(const char *filename, const char *mode) {
         (void)filename;
         (void)mode;
+        WOLFSSL_ENTER("wolfSSL_BIO_new_file");
 
         return NULL;
     }
@@ -15181,28 +15189,33 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl)
     int wolfSSL_BIO_read_filename(WOLFSSL_BIO *b, const char *name) {
         (void)b;
         (void)name;
+        WOLFSSL_ENTER("wolfSSL_BIO_read_filename");
 
         return 0;
     }
 
     WOLFSSL_BIO_METHOD* WOLFSSL_BIO_s_file(void) {
+        WOLFSSL_ENTER("WOLFSSL_BIO_s_file");
         return NULL;
     }
 
     const char * wolf_OBJ_nid2sn(int n) {
         (void)n;
+        WOLFSSL_ENTER("wolf_OBJ_nid2sn");
 
         return 0;
     }
 
     int wolf_OBJ_obj2nid(const WOLFSSL_ASN1_OBJECT *o) {
         (void)o;
+        WOLFSSL_ENTER("wolf_OBJ_obj2nid");
 
         return 0;
     }
 
     int wolf_OBJ_sn2nid(const char *sn) {
         (void)sn;
+        WOLFSSL_ENTER("wolf_OBJ_osn2nid");
 
         return 0;
     }
@@ -15212,6 +15225,7 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl)
         (void)x;
         (void)cb;
         (void)u;
+        WOLFSSL_ENTER("PEM_read_bio_DHparams");
 
         return NULL;
     }
@@ -15221,6 +15235,7 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl)
         (void)x;
         (void)cb;
         (void)u;
+        WOLFSSL_ENTER("PEM_read_bio_WOLFSSL_X509");
 
         return NULL;
     }
@@ -15228,6 +15243,7 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl)
     int PEM_write_bio_WOLFSSL_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 *x) {
         (void)bp;
         (void)x;
+        WOLFSSL_ENTER("PEM_write_bio_WOLFSSL_X509");
 
         return 0;
     }
@@ -15235,6 +15251,7 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl)
     long WOLFSSL_CTX_set_tmp_dh(WOLFSSL_CTX *ctx, WOLFSSL_DH *dh) {
         (void)ctx;
         (void)dh;
+        WOLFSSL_ENTER("WOLFSSL_CTX_set_tmp_dh");
 
         return 0;
     }
@@ -15242,12 +15259,14 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl)
     void wolfSSL_CTX_set_verify_depth(WOLFSSL_CTX *ctx,int depth) {
         (void)ctx;
         (void)depth;
+        WOLFSSL_ENTER("wolfSSL_CTX_set_verify_depth");
     }
 
     void* WOLFSSL_get_app_data( const WOLFSSL *ssl)
     {
         /* checkout exdata stuff... */
         (void)ssl;
+        WOLFSSL_ENTER("WOLFSSL_get_app_data");
 
         return 0;
     }
@@ -15255,10 +15274,12 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl)
     void WOLFSSL_set_app_data(WOLFSSL *ssl, void *arg) {
         (void)ssl;
         (void)arg;
+        WOLFSSL_ENTER("WOLFSSL_set_app_data");
     }
 
     WOLFSSL_ASN1_OBJECT * WOLFSSL_X509_NAME_ENTRY_get_object(WOLFSSL_X509_NAME_ENTRY *ne) {
         (void)ne;
+        WOLFSSL_ENTER("WOLFSSL_X509_NAME_ENTRY_get_object");
 
         return NULL;
     }
@@ -15266,27 +15287,32 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl)
     WOLFSSL_X509_NAME_ENTRY *WOLFSSL_X509_NAME_get_entry(WOLFSSL_X509_NAME *name, int loc) {
         (void)name;
         (void)loc;
+        WOLFSSL_ENTER("WOLFSSL_X509_NAME_get_entry");
 
         return NULL;
     }
 
     void WOLFSSL_X509_NAME_free(WOLFSSL_X509_NAME *name){
         FreeX509Name(name);
+        WOLFSSL_ENTER("WOLFSSL_X509_NAME_free");
     }
 
     void wolfSSL_sk_X509_NAME_pop_free(STACK_OF(WOLFSSL_X509_NAME)* sk, void f (WOLFSSL_X509_NAME*)){
         (void) sk;
         (void) f;
+        WOLFSSL_ENTER("wolfSSL_sk_X509_NAME_pop_free");
     }
 
     int wolfSSL_X509_check_private_key(WOLFSSL_X509 *x509, WOLFSSL_EVP_PKEY *key){
         (void) x509;
         (void) key;
-        return 0;
+        WOLFSSL_ENTER("wolfSSL_X509_check_private_key");
+        return SSL_SUCCESS;
     }
 
     STACK_OF(WOLFSSL_X509_NAME) *wolfSSL_dup_CA_list( STACK_OF(WOLFSSL_X509_NAME) *sk ){
         (void) sk;
+        WOLFSSL_ENTER("wolfSSL_dup_CA_list");
         return NULL;
     }
 

From 7fba0d25f95df4af41604125e21bd7724e8314d2 Mon Sep 17 00:00:00 2001
From: Jacob Barthelmeh <jacob@wolfssl.com>
Date: Tue, 14 Jul 2015 14:33:00 -0600
Subject: [PATCH 191/350] variable declaration location for VS and avoid empty
 struct

---
 src/ssl.c     |  7 +++----
 wolfssl/ssl.h | 16 +++++++++-------
 2 files changed, 12 insertions(+), 11 deletions(-)

diff --git a/src/ssl.c b/src/ssl.c
index 82891e58c..7e40efa64 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -14554,16 +14554,15 @@ int wolfSSL_PEM_write_DSAPrivateKey(FILE *fp, WOLFSSL_DSA *dsa,
                                     unsigned char *kstr, int klen,
                                     pem_password_cb *cb, void *u)
 {
+    byte *der, *pem;
+    int  derSz = 0, pemSz = 0;
+
     (void)enc;
     (void)kstr;
     (void)klen;
     (void)cb;
     (void)u;
 
-    byte *der, *pem;
-    int    derSz = 0, pemSz = 0;
-
-
     WOLFSSL_MSG("wolfSSL_PEM_write_DSAPrivateKey");
 
     if (fp == NULL || dsa == NULL || dsa->internal == NULL ||
diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h
index 58c21e7b9..5b794e079 100644
--- a/wolfssl/ssl.h
+++ b/wolfssl/ssl.h
@@ -90,15 +90,17 @@ typedef struct WOLFSSL_X509_EXTENSION WOLFSSL_X509_EXTENSION;
 typedef struct WOLFSSL_ASN1_TIME      WOLFSSL_ASN1_TIME;
 typedef struct WOLFSSL_ASN1_INTEGER   WOLFSSL_ASN1_INTEGER;
 typedef struct WOLFSSL_ASN1_OBJECT    WOLFSSL_ASN1_OBJECT;
-
-typedef struct WOLFSSL_ASN1_STRING{
-    #ifdef HAVE_LIGHTY
-    char* data;
-    int length;
-    #endif
-}    WOLFSSL_ASN1_STRING;
 typedef struct WOLFSSL_dynlock_value  WOLFSSL_dynlock_value;
 
+#ifdef HAVE_LIGHTY
+    typedef struct WOLFSSL_ASN1_STRING{
+        char* data;
+        int length;
+    }   WOLFSSL_ASN1_STRING;
+#else
+    typedef struct WOLFSSL_ASN1_STRING WOLFSSL_ASN1_STRING;
+#endif
+
 #define WOLFSSL_ASN1_UTCTIME WOLFSSL_ASN1_TIME
 
 typedef struct WOLFSSL_EVP_PKEY {

From 96cf16848c8939576a3206cf0b2094c70bb507f8 Mon Sep 17 00:00:00 2001
From: Nickolas Lapp <nickolaslapp@gmail.com>
Date: Tue, 14 Jul 2015 14:56:26 -0600
Subject: [PATCH 192/350] Stunnel Base Commit

---
 configure.ac               |  81 ++++--
 src/internal.c             |   2 +-
 src/ssl.c                  | 493 +++++++++++++++++++++++++++++++------
 wolfcrypt/src/coding.c     |  19 +-
 wolfssl/internal.h         |  12 +-
 wolfssl/openssl/asn1.h     |  17 ++
 wolfssl/openssl/crypto.h   |   5 +
 wolfssl/openssl/dh.h       |   7 +-
 wolfssl/openssl/err.h      |   3 +-
 wolfssl/openssl/opensslv.h |   8 +-
 wolfssl/openssl/rand.h     |   2 +
 wolfssl/openssl/ssl.h      |  53 +++-
 wolfssl/ssl.h              |  94 ++++++-
 wolfssl/wolfcrypt/coding.h |   3 +
 14 files changed, 675 insertions(+), 124 deletions(-)

diff --git a/configure.ac b/configure.ac
index 96a7aa7a9..a05f9e221 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1130,21 +1130,6 @@ fi
 AM_CONDITIONAL([BUILD_SHA], [test "x$ENABLED_SHA" = "xyes"])
 
 
-# MD4 
-AC_ARG_ENABLE([md4],
-    [  --enable-md4            Enable MD4 (default: disabled)],
-    [ ENABLED_MD4=$enableval ],
-    [ ENABLED_MD4=no ]
-    )
-
-if test "$ENABLED_MD4" = "no"
-then
-    AM_CFLAGS="$AM_CFLAGS -DNO_MD4"
-fi
-
-AM_CONDITIONAL([BUILD_MD4], [test "x$ENABLED_MD4" = "xyes"])
-
-
 # Web Server Build 
 AC_ARG_ENABLE([webserver],
     [  --enable-webserver      Enable Web Server (default: disabled)],
@@ -1717,6 +1702,65 @@ then
     AM_CFLAGS="$AM_CFLAGS -DHAVE_LIGHTY -DHAVE_WOLFSSL_SSL_H=1"
 fi
 
+# stunnel Support
+AC_ARG_ENABLE([stunnel],
+    [  --enable-stunnel         Enable stunnel (default: disabled)],
+    [ ENABLED_STUNNEL=$enableval ],
+    [ ENABLED_STUNNEL=no ]
+    )
+if test "$ENABLED_STUNNEL" = "yes"
+then
+    # Requires opensslextra make sure on
+    if test "x$ENABLED_OPENSSLEXTRA" = "xno"
+    then
+        ENABLED_OPENSSLEXTRA="yes"
+        AM_CFLAGS="-DOPENSSL_EXTRA $AM_CFLAGS"
+    fi
+
+    # Requires coding make sure on
+    if test "x$ENABLED_CODING" = "xno"
+    then
+        ENABLED_CODING="yes"
+    fi
+
+    # For now, requires no fastmath, turn off if on
+    if test "x$ENABLED_FASTMATH" = "xyes"
+    then
+        ENABLED_FASTMATH = "no"
+    fi
+
+    # Requires sessioncerts make sure on
+    if test "x$ENABLED_SESSIONCERTS" = "xno"
+    then
+        ENABLED_SESSIONCERTS="yes"
+        AM_CFLAGS="$AM_CFLAGS -DSESSION_CERTS"
+    fi
+
+    AM_CFLAGS="$AM_CFLAGS -DHAVE_STUNNEL"
+fi
+
+
+# MD4
+AC_ARG_ENABLE([md4],
+    [  --enable-md4            Enable MD4 (default: disabled)],
+    [ ENABLED_MD4=$enableval ],
+    [ ENABLED_MD4=no ]
+    )
+
+
+if test "$ENABLED_MD4" = "no"
+then
+    #turn on MD4 if using stunnel
+    if test "x$ENABLED_STUNNEL" = "xyes"
+    then
+        ENABLED_MD4="yes"
+    else
+        AM_CFLAGS="$AM_CFLAGS -DNO_MD4"
+    fi
+fi
+
+AM_CONDITIONAL([BUILD_MD4], [test "x$ENABLED_MD4" = "xyes"])
+
 
 # PWDBASED has to come after certservice since we want it on w/o explicit on
 # PWDBASED
@@ -1745,7 +1789,11 @@ FASTMATH_DEFAULT=no
 
 if test "$host_cpu" = "x86_64"
 then
-FASTMATH_DEFAULT=yes
+    # fastmath turned off for stunnel by default
+    if test "x$ENABLED_STUNNEL" = "xno"
+    then
+        FASTMATH_DEFAULT=yes
+    fi
 fi
 
 # fastmath
@@ -2218,6 +2266,7 @@ echo "   * CODING:                    $ENABLED_CODING"
 echo "   * MEMORY:                    $ENABLED_MEMORY"
 echo "   * I/O POOL:                  $ENABLED_IOPOOL"
 echo "   * LIGHTY:                    $ENABLED_LIGHTY"
+echo "   * STUNNEL:                   $ENABLED_STUNNEL"
 echo "   * ERROR_STRINGS:             $ENABLED_ERROR_STRINGS"
 echo "   * DTLS:                      $ENABLED_DTLS"
 echo "   * Old TLS Versions:          $ENABLED_OLD_TLS"
diff --git a/src/internal.c b/src/internal.c
index b63b1fe2a..ceef2eeab 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -4464,7 +4464,7 @@ static int DoCertificate(WOLFSSL* ssl, byte* input, word32* inOutIdx,
 #else
                 store->current_cert = NULL;
 #endif
-#ifdef FORTRESS
+#if defined(HAVE_FORTRESS) || defined(HAVE_STUNNEL)
                 store->ex_data = ssl;
 #endif
                 ok = ssl->verifyCallback(0, store);
diff --git a/src/ssl.c b/src/ssl.c
index 7e40efa64..4e10a3a6e 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -7163,7 +7163,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
                                                     WOLFSSL_X509_STORE_CTX* ctx)
     {
         (void)ctx;
-        return 0;
+        return NULL;
     }
 
 
@@ -8787,14 +8787,18 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
     WOLFSSL_X509_NAME* wolfSSL_X509_get_issuer_name(WOLFSSL_X509* cert)
     {
         WOLFSSL_ENTER("X509_get_issuer_name");
-        return &cert->issuer;
+        if(cert)
+            return &cert->issuer;
+        return NULL;
     }
 
 
     WOLFSSL_X509_NAME* wolfSSL_X509_get_subject_name(WOLFSSL_X509* cert)
     {
         WOLFSSL_ENTER("X509_get_subject_name");
-        return &cert->subject;
+        if(cert)
+            return &cert->subject;
+        return NULL;
     }
 
 
@@ -9467,23 +9471,6 @@ WOLFSSL_X509* wolfSSL_X509_load_certificate_file(const char* fname, int format)
 
 
 #ifdef OPENSSL_EXTRA
-int wolfSSL_set_ex_data(WOLFSSL* ssl, int idx, void* data)
-{
-#ifdef FORTRESS
-    if (ssl != NULL && idx < MAX_EX_DATA)
-    {
-        ssl->ex_data[idx] = data;
-        return SSL_SUCCESS;
-    }
-#else
-    (void)ssl;
-    (void)idx;
-    (void)data;
-#endif
-    return SSL_FAILURE;
-}
-
-
 int wolfSSL_set_session_id_context(WOLFSSL* ssl, const unsigned char* id,
                                unsigned int len)
 {
@@ -10130,19 +10117,6 @@ int wolfSSL_COMP_add_compression_method(int method, void* data)
 }
 
 
-
-int wolfSSL_get_ex_new_index(long idx, void* data, void* cb1, void* cb2,
-                         void* cb3)
-{
-    (void)idx;
-    (void)data;
-    (void)cb1;
-    (void)cb2;
-    (void)cb3;
-    return 0;
-}
-
-
 void wolfSSL_set_dynlock_create_callback(WOLFSSL_dynlock_value* (*f)(
                                                           const char*, int))
 {
@@ -10300,6 +10274,7 @@ int wolfSSL_X509_STORE_CTX_init(WOLFSSL_X509_STORE_CTX* ctx,
      WOLFSSL_X509_STORE* store, WOLFSSL_X509* x509, STACK_OF(WOLFSSL_X509)* sk)
 {
     (void)sk;
+    WOLFSSL_ENTER(__func__);
     if (ctx != NULL) {
         ctx->store = store;
         ctx->current_cert = x509;
@@ -10486,7 +10461,8 @@ long wolfSSL_ASN1_INTEGER_get(const WOLFSSL_ASN1_INTEGER* i)
 
 void* wolfSSL_X509_STORE_CTX_get_ex_data(WOLFSSL_X509_STORE_CTX* ctx, int idx)
 {
-#ifdef FORTRESS
+    WOLFSSL_ENTER(__func__);
+#if defined(FORTRESS) || defined(HAVE_STUNNEL)
     if (ctx != NULL && idx == 0)
         return ctx->ex_data;
 #else
@@ -10499,24 +10475,13 @@ void* wolfSSL_X509_STORE_CTX_get_ex_data(WOLFSSL_X509_STORE_CTX* ctx, int idx)
 
 int wolfSSL_get_ex_data_X509_STORE_CTX_idx(void)
 {
+    WOLFSSL_ENTER(__func__);
     return 0;
 }
 
 
-void* wolfSSL_get_ex_data(const WOLFSSL* ssl, int idx)
-{
-#ifdef FORTRESS
-    if (ssl != NULL && idx < MAX_EX_DATA)
-        return ssl->ex_data[idx];
-#else
-    (void)ssl;
-    (void)idx;
-#endif
-    return 0;
-}
-
-
-void wolfSSL_CTX_set_info_callback(WOLFSSL_CTX* ctx, void (*f)(void))
+void wolfSSL_CTX_set_info_callback(WOLFSSL_CTX* ctx,
+       void (*f)(const WOLFSSL* ssl, int type, int val))
 {
     (void)ctx;
     (void)f;
@@ -10529,7 +10494,7 @@ unsigned long wolfSSL_ERR_peek_error(void)
 }
 
 
-int wolfSSL_ERR_GET_REASON(int err)
+int wolfSSL_ERR_GET_REASON(unsigned long err)
 {
     (void)err;
     return 0;
@@ -10550,7 +10515,7 @@ char* wolfSSL_alert_desc_string_long(int alertID)
 }
 
 
-char* wolfSSL_state_string_long(WOLFSSL* ssl)
+char* wolfSSL_state_string_long(const WOLFSSL* ssl)
 {
     (void)ssl;
     return 0;
@@ -10709,23 +10674,6 @@ void* wolfSSL_sk_value(WOLFSSL_X509_REVOKED* rev, int i)
 
 
 /* stunnel 4.28 needs */
-void* wolfSSL_CTX_get_ex_data(const WOLFSSL_CTX* ctx, int d)
-{
-    (void)ctx;
-    (void)d;
-    return 0;
-}
-
-
-int wolfSSL_CTX_set_ex_data(WOLFSSL_CTX* ctx, int d, void* p)
-{
-    (void)ctx;
-    (void)d;
-    (void)p;
-    return SSL_SUCCESS;
-}
-
-
 void wolfSSL_CTX_sess_set_get_cb(WOLFSSL_CTX* ctx,
                     WOLFSSL_SESSION*(*f)(WOLFSSL*, unsigned char*, int, int*))
 {
@@ -10783,17 +10731,6 @@ long wolfSSL_SESSION_get_time(const WOLFSSL_SESSION* sess)
 }
 
 
-int wolfSSL_CTX_get_ex_new_index(long idx, void* arg, void* a, void* b,
-                                void* c)
-{
-    (void)idx;
-    (void)arg;
-    (void)a;
-    (void)b;
-    (void)c;
-    return 0;
-}
-
 #endif /* OPENSSL_EXTRA */
 
 
@@ -15318,3 +15255,403 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl)
 #endif
 #endif
 
+
+#ifdef OPENSSL_EXTRA
+void* wolfSSL_CTX_get_ex_data(const WOLFSSL_CTX* ctx, int idx)
+{
+    WOLFSSL_ENTER(__func__);
+    #ifdef HAVE_STUNNEL
+    if(ctx != NULL && idx < MAX_EX_DATA) {
+        return ctx->ex_data[idx];
+    }
+    #else
+    (void)ctx;
+    (void)idx;
+    #endif
+    return NULL;
+}
+
+
+int wolfSSL_CTX_get_ex_new_index(long idx, void* arg, void* a, void* b,
+                                void* c)
+{
+    WOLFSSL_ENTER(__func__);
+    (void)idx;
+    (void)arg;
+    (void)a;
+    (void)b;
+    (void)c;
+    return 0;
+}
+
+
+int wolfSSL_CTX_set_ex_data(WOLFSSL_CTX* ctx, int idx, void* data)
+{
+    WOLFSSL_ENTER(__func__);
+    #ifdef HAVE_STUNNEL
+    if (ctx != NULL && idx < MAX_EX_DATA)
+    {
+        ctx->ex_data[idx] = data;
+        return SSL_SUCCESS;
+    }
+    #else
+    (void)ctx;
+    (void)idx;
+    (void)data;
+    #endif
+    return SSL_FAILURE;
+}
+
+
+int wolfSSL_set_ex_data(WOLFSSL* ssl, int idx, void* data)
+{
+    WOLFSSL_ENTER(__func__);
+#if defined(FORTRESS) || defined(HAVE_STUNNEL)
+    if (ssl != NULL && idx < MAX_EX_DATA)
+    {
+        ssl->ex_data[idx] = data;
+        return SSL_SUCCESS;
+    }
+#else
+    (void)ssl;
+    (void)idx;
+    (void)data;
+#endif
+    return SSL_FAILURE;
+}
+
+
+int wolfSSL_get_ex_new_index(long idx, void* data, void* cb1, void* cb2,
+                         void* cb3)
+{
+    WOLFSSL_ENTER(__func__);
+    (void)idx;
+    (void)data;
+    (void)cb1;
+    (void)cb2;
+    (void)cb3;
+    return 0;
+}
+
+
+void* wolfSSL_get_ex_data(const WOLFSSL* ssl, int idx)
+{
+    WOLFSSL_ENTER(__func__);
+#if defined(FORTRESS) || defined(HAVE_STUNNEL)
+    if (ssl != NULL && idx < MAX_EX_DATA)
+        return ssl->ex_data[idx];
+#else
+    (void)ssl;
+    (void)idx;
+#endif
+    return 0;
+}
+#endif /* OPENSSL_EXTRA */
+
+
+
+/* stunnel compatability functions*/
+#if defined(OPENSSL_EXTRA) && defined(HAVE_STUNNEL)
+int wolfSSL_SESSION_set_ex_data(WOLFSSL_SESSION* session, int idx, void* data)
+{
+    WOLFSSL_ENTER(__func__);
+    #ifdef HAVE_STUNNEL
+    if(session != NULL && idx < MAX_EX_DATA) {
+        session->ex_data[idx] = data;
+        return SSL_SUCCESS;
+    }
+    #else
+    (void)session;
+    (void)idx;
+    (void)data;
+    #endif
+    return SSL_FAILURE;
+}
+
+
+int wolfSSL_SESSION_get_ex_new_index(long idx, void* data, void* cb1,
+       void* cb2, void* cb3)
+{
+    WOLFSSL_ENTER(__func__);
+    (void)idx;
+    (void)cb1;
+    (void)cb2;
+    (void)cb3;
+    #ifdef HAVE_STUNNEL
+    if(XSTRNCMP(data, "redirect index", 14) == 0) {
+        return 0;
+    }
+    else if(XSTRNCMP(data, "addr index", 10) == 0) {
+        return 1;
+    }
+    #else
+    (void)data;
+    #endif
+    return SSL_FAILURE;
+}
+
+
+void* wolfSSL_SESSION_get_ex_data(const WOLFSSL_SESSION* session, int idx)
+{
+    WOLFSSL_ENTER(__func__);
+    #ifdef HAVE_STUNNEL
+    if (session != NULL && idx < MAX_EX_DATA)
+        return session->ex_data[idx];
+    #else
+    (void)session;
+    (void)idx;
+    #endif 
+    return NULL;
+}
+
+
+WOLFSSL_BIO *wolfSSL_BIO_new_file(const char *filename, const char *mode)
+{
+    (void) filename;
+    (void) mode;
+    return NULL;
+}
+
+
+int wolfSSL_CRYPTO_set_mem_ex_functions(void *(*m) (size_t, const char *, int),
+                                void *(*r) (void *, size_t, const char *,
+                                            int), void (*f) (void *))
+{
+    (void) m;
+    (void) r;
+    (void) f;
+
+    return SSL_FAILURE;
+}
+
+
+WOLFSSL_DH *wolfSSL_DH_generate_parameters(int prime_len, int generator,
+                           void (*callback) (int, int, void *), void *cb_arg)
+{
+    (void)prime_len;
+    (void)generator;
+    (void)callback;
+    (void)cb_arg;
+    return NULL;
+}
+
+
+void wolfSSL_ERR_load_crypto_strings(void){}
+unsigned long wolfSSL_ERR_peek_last_error(void)
+{
+    unsigned long l = 0UL;
+    return l; 
+}
+
+
+int wolfSSL_FIPS_mode(void)
+{
+    return SSL_FAILURE;
+}
+
+int wolfSSL_FIPS_mode_set(int r)
+{
+    (void)r;
+    return SSL_FAILURE;
+}
+
+
+WOLFSSL_DH *wolfSSL_PEM_read_bio_DHparams(WOLFSSL_BIO *bp, WOLFSSL_DH **x, pem_password_cb *cb, void *u)
+{
+    (void) bp;
+    (void) x;
+    (void) cb;
+    (void) u;
+
+    return NULL;
+}
+
+
+int wolfSSL_PEM_write_bio_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 *x)
+{
+    (void) bp;
+    (void) x;
+    return SSL_FAILURE;
+}
+
+
+int wolfSSL_RAND_set_rand_method(const void *meth)
+{
+    (void) meth;
+    return SSL_FAILURE;
+}
+
+
+int wolfSSL_CIPHER_get_bits(const WOLFSSL_CIPHER *c, int *alg_bits)
+{
+    if(c != NULL && c->ssl != NULL) {
+        if(alg_bits != NULL) {
+            *alg_bits = 8 * c->ssl->specs.key_size;
+        }
+        return 8 * c->ssl->specs.key_size;
+    }
+    return SSL_FAILURE;
+}
+
+
+int wolfSSL_sk_X509_NAME_num(const STACK_OF(WOLFSSL_X509_NAME) *s)
+{
+    (void) s;
+    return SSL_FAILURE;
+}
+
+
+int wolfSSL_sk_X509_num(const STACK_OF(WOLFSSL_X509) *s)
+{
+    (void) s;
+    return SSL_FAILURE;
+}
+
+
+int wolfSSL_X509_NAME_print_ex(WOLFSSL_BIO* bio, WOLFSSL_X509_NAME* nm,
+                int indent, unsigned long flags)
+{
+    (void)bio;
+    (void)nm;
+    (void)indent;
+    (void)flags;
+    return SSL_FAILURE;
+}
+
+
+WOLFSSL_ASN1_BIT_STRING* wolfSSL_X509_get0_pubkey_bitstr(const WOLFSSL_X509* x)
+{
+   (void)x;
+   return NULL;
+}
+
+
+int wolfSSL_CTX_add_session(WOLFSSL_CTX* ctx, WOLFSSL_SESSION* session)
+{
+     (void)ctx;
+     (void)session;
+     return SSL_SUCCESS;
+}
+
+
+int wolfSSL_get_state(const WOLFSSL* ssl)
+{
+    (void)ssl;
+    return SSL_FAILURE;
+}
+
+
+void* wolfSSL_sk_X509_NAME_value(STACK_OF(WOLFSSL_X509_NAME)* sk, int i)
+{
+    (void)sk;
+    (void)i;
+    return NULL;
+}
+
+
+void* wolfSSL_sk_X509_value(STACK_OF(WOLFSSL_X509)* sk, int i)
+{
+    (void)sk;
+    (void)i;
+    return NULL;
+}
+
+
+int wolfSSL_version(WOLFSSL* ssl)
+{
+    if (ssl->version.major == SSLv3_MAJOR) {
+        switch (ssl->version.minor) {
+            case SSLv3_MINOR :
+                return SSL3_VERSION;
+            case TLSv1_MINOR :
+            case TLSv1_1_MINOR :
+            case TLSv1_2_MINOR :
+                return TLS1_VERSION;
+            default:
+                return SSL_FAILURE;
+        }
+    }
+    else if (ssl->version.major == DTLS_MAJOR) {
+        switch (ssl->version.minor) {
+            case DTLS_MINOR :
+            case DTLSv1_2_MINOR :
+                return DTLS1_VERSION;
+            default:
+                return SSL_FAILURE;
+        }
+    }
+    return SSL_FAILURE;
+}
+
+
+STACK_OF(WOLFSSL_X509)* wolfSSL_get_peer_cert_chain(const WOLFSSL* ssl)
+{
+    (void)ssl;
+    return NULL;
+}
+
+
+long wolfSSL_CTX_get_options(WOLFSSL_CTX* ctx)
+{
+    (void)ctx;
+    return 0;
+}
+
+
+WOLFSSL_CTX* wolfSSL_get_SSL_CTX(WOLFSSL* ssl)
+{
+    return ssl->ctx;
+}
+
+int wolfSSL_X509_NAME_get_sz(WOLFSSL_X509_NAME* name)
+{
+    if(!name)
+        return -1;
+    return name->sz;
+}
+
+#ifndef NO_DH
+/* Intialize ctx->dh with dh's params. Return SSL_SUCCESS on ok */
+long wolfSSL_CTX_set_tmp_dh(WOLFSSL_CTX* ctx, WOLFSSL_DH* dh)
+{
+    int pSz, gSz;
+    byte *p, *g;
+    int ret=0;
+
+    pSz = wolfSSL_BN_bn2bin(dh->p, NULL);
+    gSz = wolfSSL_BN_bn2bin(dh->g, NULL);
+
+    p = XMALLOC(pSz, ctx->heap, DYNAMIC_TYPE_DH);
+    if(!p)
+        return MEMORY_E;
+
+    g = XMALLOC(gSz, ctx->heap, DYNAMIC_TYPE_DH);
+    if(!g) {
+        XFREE(p, ctx->heap, DYNAMIC_TYPE_DH);
+        return MEMORY_E;
+    }
+
+    pSz = wolfSSL_BN_bn2bin(dh->p, p);
+    gSz = wolfSSL_BN_bn2bin(dh->g, g);
+
+    if(pSz != SSL_FATAL_ERROR && gSz != SSL_FATAL_ERROR)
+        ret = wolfSSL_CTX_SetTmpDH(ctx, p, pSz, g, gSz);
+
+    if(p)
+        XFREE(p, ctx->heap, DYNAMIC_TYPE_DH);
+    if(g)
+        XFREE(g, ctx->heap, DYNAMIC_TYPE_DH);
+
+    return pSz > 0 && gSz > 0 ? SSL_FATAL_ERROR : ret;
+}
+#endif /* NO_DH */
+
+
+const byte* wolfSSL_SESSION_get_id(WOLFSSL_SESSION* sess, unsigned int* idLen)
+{
+    if(!sess)
+        return NULL;
+    *idLen = sess->sessionIDSz;
+    return sess->sessionID;
+}
+#endif /* OPENSSL_EXTRA and HAVE_STUNNEL */
diff --git a/wolfcrypt/src/coding.c b/wolfcrypt/src/coding.c
index 6ead79caf..61c78b1dc 100644
--- a/wolfcrypt/src/coding.c
+++ b/wolfcrypt/src/coding.c
@@ -166,8 +166,8 @@ static int CEscape(int escaped, byte e, byte* out, word32* i, word32 max,
     else
         basic = base64Encode[e];
 
-    /* check whether to escape */
-    if (escaped) {
+    /* check whether to escape. Only escape for EncodeEsc */
+    if (escaped == 1) {
         switch ((char)basic) {
             case '+' :
                 plus     = 1;
@@ -235,8 +235,10 @@ static int DoBase64_Encode(const byte* in, word32 inLen, byte* out,
     word32 outSz = (inLen + 3 - 1) / 3 * 4;
     word32 addSz = (outSz + PEM_LINE_SZ - 1) / PEM_LINE_SZ;  /* new lines */
 
-    if (escaped)
+    if (escaped == 1)
         addSz *= 3;   /* instead of just \n, we're doing %0A triplet */
+    else if (escaped == 2)
+        addSz = 0;    /* encode without \n */
 
     outSz += addSz;
 
@@ -267,7 +269,8 @@ static int DoBase64_Encode(const byte* in, word32 inLen, byte* out,
 
         inLen -= 3;
 
-        if ((++n % (PEM_LINE_SZ / 4)) == 0 && inLen) {
+        /* Insert newline after PEM_LINE_SZ, unless no \n requested */
+        if (escaped != 2 && (++n % (PEM_LINE_SZ / 4)) == 0 && inLen) {
             ret = CEscape(escaped, '\n', out, &i, *outLen, 1);
             if (ret != 0) break;
         }
@@ -299,10 +302,10 @@ static int DoBase64_Encode(const byte* in, word32 inLen, byte* out,
             ret = CEscape(escaped, '=', out, &i, *outLen, 1);
     } 
 
-    if (ret == 0) 
+    if (ret == 0 && escaped != 2) 
         ret = CEscape(escaped, '\n', out, &i, *outLen, 1);
 
-    if (i != outSz && escaped == 0 && ret == 0)
+    if (i != outSz && escaped != 1 && ret == 0)
         return ASN_INPUT_E; 
 
     *outLen = i;
@@ -323,6 +326,10 @@ int Base64_EncodeEsc(const byte* in, word32 inLen, byte* out, word32* outLen)
     return DoBase64_Encode(in, inLen, out, outLen, 1);
 }
 
+int Base64_Encode_NoNl(const byte* in, word32 inLen, byte* out, word32* outLen)
+{
+    return DoBase64_Encode(in, inLen, out, outLen, 2);
+}
 
 #endif  /* defined(WOLFSSL_BASE64_ENCODE) */
 
diff --git a/wolfssl/internal.h b/wolfssl/internal.h
index 9664bf0e4..66c0d18cd 100644
--- a/wolfssl/internal.h
+++ b/wolfssl/internal.h
@@ -890,7 +890,7 @@ enum Misc {
 
     MAX_WOLFSSL_FILE_SIZE = 1024 * 1024 * 4,  /* 4 mb file size alloc limit */
 
-#ifdef FORTRESS
+#if defined(FORTRESS) || defined (HAVE_STUNNEL)
     MAX_EX_DATA        =   3,  /* allow for three items of ex_data */
 #endif
 
@@ -1612,8 +1612,11 @@ struct WOLFSSL_CTX {
 #endif /* HAVE_ANON */
 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
     pem_password_cb passwd_cb;
-    void*            userdata;
+    void*           userdata;
 #endif /* OPENSSL_EXTRA */
+#ifdef HAVE_STUNNEL
+    void*           ex_data[MAX_EX_DATA];
+#endif
 #ifdef HAVE_OCSP
     WOLFSSL_OCSP      ocsp;
 #endif
@@ -1847,6 +1850,9 @@ struct WOLFSSL_SESSION {
     word16       ticketLen;
     byte         ticket[SESSION_TICKET_LEN];
 #endif
+#ifdef HAVE_STUNNEL
+    void*        ex_data[MAX_EX_DATA];
+#endif
 };
 
 
@@ -2300,7 +2306,7 @@ struct WOLFSSL {
 #ifdef KEEP_PEER_CERT
     WOLFSSL_X509     peerCert;           /* X509 peer cert */
 #endif
-#ifdef FORTRESS
+#if defined(FORTRESS) || defined(HAVE_STUNNEL)
     void*           ex_data[MAX_EX_DATA]; /* external data, for Fortress */
 #endif
 #ifdef HAVE_CAVIUM
diff --git a/wolfssl/openssl/asn1.h b/wolfssl/openssl/asn1.h
index 3f34d7d2c..11cafa840 100644
--- a/wolfssl/openssl/asn1.h
+++ b/wolfssl/openssl/asn1.h
@@ -1,2 +1,19 @@
 /* asn1.h for openssl */
 
+#ifndef WOLFSSL_ASN1_H_
+#define WOLFSSL_ASN1_H_
+struct WOLFSSL_ASN1_BIT_STRING {
+    int length;
+    int type;
+    char* data;
+    long flags;
+};
+
+struct WOLFSSL_ASN1_STRING {
+    int length;
+    int type;
+    char* data;
+    long flags;
+};
+
+#endif /* WOLFSSL_ASN1_H_ */
diff --git a/wolfssl/openssl/crypto.h b/wolfssl/openssl/crypto.h
index 8f7c6f40e..97360408b 100644
--- a/wolfssl/openssl/crypto.h
+++ b/wolfssl/openssl/crypto.h
@@ -21,6 +21,11 @@ WOLFSSL_API unsigned long wolfSSLeay(void);
 #define SSLEAY_VERSION 0x0090600fL
 #define SSLEAY_VERSION_NUMBER SSLEAY_VERSION
 
+#ifdef HAVE_STUNNEL
+#define CRYPTO_set_mem_ex_functions      wolfSSL_CRYPTO_set_mem_ex_functions
+#define FIPS_mode                        wolfSSL_FIPS_mode
+#define FIPS_mode_set                    wolfSSL_FIPS_mode_set
+#endif /* HAVE_STUNNEL */
 
 #endif /* header */
 
diff --git a/wolfssl/openssl/dh.h b/wolfssl/openssl/dh.h
index 2bdb67522..e38b7f7af 100644
--- a/wolfssl/openssl/dh.h
+++ b/wolfssl/openssl/dh.h
@@ -11,7 +11,7 @@
     extern "C" {
 #endif
 
-typedef struct WOLFSSL_DH {
+struct WOLFSSL_DH {
     WOLFSSL_BIGNUM* p;
     WOLFSSL_BIGNUM* g;
     WOLFSSL_BIGNUM* pub_key;      /* openssh deference g^x */
@@ -23,7 +23,7 @@ typedef struct WOLFSSL_DH {
      * lighttpd src code.
      */
      int length;
-} WOLFSSL_DH;
+};
 
 
 WOLFSSL_API WOLFSSL_DH* wolfSSL_DH_new(void);
@@ -48,4 +48,7 @@ typedef WOLFSSL_DH DH;
     }  /* extern "C" */ 
 #endif
 
+#ifdef HAVE_STUNNEL
+#define DH_generate_parameters wolfSSL_DH_generate_parameters
+#endif /* HAVE_STUNNEL */
 #endif /* header */
diff --git a/wolfssl/openssl/err.h b/wolfssl/openssl/err.h
index 7e7f1eb78..951386868 100644
--- a/wolfssl/openssl/err.h
+++ b/wolfssl/openssl/err.h
@@ -1,2 +1,3 @@
 /* err.h for openssl */
-
+#define ERR_load_crypto_strings          wolfSSL_ERR_load_crypto_strings
+#define ERR_peek_last_error              wolfSSL_ERR_peek_last_error
diff --git a/wolfssl/openssl/opensslv.h b/wolfssl/openssl/opensslv.h
index dc8de4260..067f22658 100644
--- a/wolfssl/openssl/opensslv.h
+++ b/wolfssl/openssl/opensslv.h
@@ -5,7 +5,13 @@
 
 
 /* api version compatibility */
-#define OPENSSL_VERSION_NUMBER 0x0090810fL
+#ifdef HAVE_STUNNEL
+     #define OPENSSL_VERSION_NUMBER 0x0090700fL
+#else
+     #define OPENSSL_VERSION_NUMBER 0x0090810fL
+#endif
+
+#define OPENSSL_VERSION_TEXT             LIBWOLFSSL_VERSION_STRING 
 
 
 #endif /* header */
diff --git a/wolfssl/openssl/rand.h b/wolfssl/openssl/rand.h
index c1fa62e1c..bc1f83a88 100644
--- a/wolfssl/openssl/rand.h
+++ b/wolfssl/openssl/rand.h
@@ -1,4 +1,6 @@
 /* rand.h for openSSL */
 
 #include <wolfssl/openssl/ssl.h>
+#include <wolfssl/wolfcrypt/random.h>
 
+#define RAND_set_rand_method     wolfSSL_RAND_set_rand_method
diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h
index 103d5f217..1613448c7 100644
--- a/wolfssl/openssl/ssl.h
+++ b/wolfssl/openssl/ssl.h
@@ -289,7 +289,7 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX;
 
 #define X509_get_serialNumber wolfSSL_X509_get_serialNumber
 
-#define ASN1_TIME_pr wolfSSL_ASN1_TIME_pr
+#define ASN1_TIME_print wolfSSL_ASN1_TIME_print
 
 #define ASN1_INTEGER_cmp wolfSSL_ASN1_INTEGER_cmp
 #define ASN1_INTEGER_get wolfSSL_ASN1_INTEGER_get
@@ -304,7 +304,7 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX;
 #define SSL_CTX_set_default_passwd_cb_userdata wolfSSL_CTX_set_default_passwd_cb_userdata
 #define SSL_CTX_set_default_passwd_cb wolfSSL_CTX_set_default_passwd_cb
 
-#define SSL_CTX_set_timeout wolfSSL_CTX_set_timeout
+#define SSL_CTX_set_timeout(ctx, to) wolfSSL_CTX_set_timeout(ctx, (unsigned int) to)
 #define SSL_CTX_set_info_callback wolfSSL_CTX_set_info_callback
 
 #define ERR_peek_error wolfSSL_ERR_peek_error
@@ -392,7 +392,8 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX;
 #define SSL_CTX_sess_set_remove_cb wolfSSL_CTX_sess_set_remove_cb
 
 #define i2d_SSL_SESSION wolfSSL_i2d_SSL_SESSION
-#define d2i_SSL_SESSION wolfSSL_d2i_SSL_SESSION
+#define d2i_SSL_SESSION(sess, val, length) \
+        wolfSSL_d2i_SSL_SESSION(sess, (const unsigned char **)val, length)
 #define SSL_SESSION_set_timeout wolfSSL_SSL_SESSION_set_timeout
 #define SSL_SESSION_get_timeout wolfSSL_SESSION_get_timeout
 #define SSL_SESSION_get_time wolfSSL_SESSION_get_time
@@ -433,6 +434,52 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY;
 
 #endif
 
+
+#ifdef HAVE_STUNNEL
+#include <wolfssl/openssl/asn1.h>
+
+/* defined as: (SSL_ST_ACCEPT|SSL_CB_LOOP), which becomes 0x2001*/
+#define SSL_CB_ACCEPT_LOOP               0x2001 
+#define SSL2_VERSION                     0x0002
+#define SSL3_VERSION                     0x0300
+#define TLS1_VERSION                     0x0301
+#define DTLS1_VERSION                    0xFEFF
+#define SSL23_ST_SR_CLNT_HELLO_A        (0x210|0x2000)
+#define SSL3_ST_SR_CLNT_HELLO_A         (0x110|0x2000)
+#define ASN1_STRFLGS_ESC_MSB             4
+#define X509_V_ERR_CERT_REJECTED         28
+
+#define BIO_new_file                     wolfSSL_BIO_new_file
+#define PEM_read_bio_DHparams            wolfSSL_PEM_read_bio_DHparams
+#define PEM_write_bio_X509               wolfSSL_PEM_write_bio_X509
+#define SSL_alert_desc_string_long       wolfSSL_alert_desc_string_long
+#define SSL_alert_type_string_long       wolfSSL_alert_type_string_long
+#define SSL_CIPHER_get_bits              wolfSSL_CIPHER_get_bits
+#define sk_X509_NAME_num                 wolfSSL_sk_X509_NAME_num
+#define sk_X509_num                      wolfSSL_sk_X509_num
+#define X509_NAME_print_ex               wolfSSL_X509_NAME_print_ex
+#define X509_get0_pubkey_bitstr          wolfSSL_X509_get0_pubkey_bitstr
+#define SSL_CTX_get_options              wolfSSL_CTX_get_options
+
+#define SSL_CTX_flush_sessions           wolfSSL_flush_sessions
+#define SSL_CTX_add_session              wolfSSL_CTX_add_session
+#define SSL_get_SSL_CTX                  wolfSSL_get_SSL_CTX
+#define SSL_CTX_set_tmp_dh               wolfSSL_CTX_set_tmp_dh
+#define SSL_version                      wolfSSL_version
+#define SSL_get_state                    wolfSSL_get_state
+#define SSL_state_string_long            wolfSSL_state_string_long
+#define SSL_get_peer_cert_chain          wolfSSL_get_peer_cert_chain
+#define sk_X509_NAME_value               wolfSSL_sk_X509_NAME_value
+#define sk_X509_value                    wolfSSL_sk_X509_value
+#define SSL_SESSION_get_ex_data          wolfSSL_SESSION_get_ex_data
+#define SSL_SESSION_set_ex_data          wolfSSL_SESSION_set_ex_data
+#define SSL_SESSION_get_ex_new_index     wolfSSL_SESSION_get_ex_new_index
+#define SSL_SESSION_get_id               wolfSSL_SESSION_get_id
+typedef struct CRYPTO_EX_DATA            CRYPTO_EX_DATA;
+typedef WOLFSSL_ASN1_BIT_STRING    ASN1_BIT_STRING;
+
+#endif /* HAVE_STUNNEL */
+
 #ifdef __cplusplus
     } /* extern "C" */
 #endif
diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h
index 5b794e079..d3d4a4aa3 100644
--- a/wolfssl/ssl.h
+++ b/wolfssl/ssl.h
@@ -92,14 +92,10 @@ typedef struct WOLFSSL_ASN1_INTEGER   WOLFSSL_ASN1_INTEGER;
 typedef struct WOLFSSL_ASN1_OBJECT    WOLFSSL_ASN1_OBJECT;
 typedef struct WOLFSSL_dynlock_value  WOLFSSL_dynlock_value;
 
-#ifdef HAVE_LIGHTY
-    typedef struct WOLFSSL_ASN1_STRING{
-        char* data;
-        int length;
-    }   WOLFSSL_ASN1_STRING;
-#else
-    typedef struct WOLFSSL_ASN1_STRING WOLFSSL_ASN1_STRING;
-#endif
+typedef struct WOLFSSL_ASN1_STRING      WOLFSSL_ASN1_STRING;
+typedef struct WOLFSSL_dynlock_value    WOLFSSL_dynlock_value;
+typedef struct WOLFSSL_DH               WOLFSSL_DH;
+typedef struct WOLFSSL_ASN1_BIT_STRING  WOLFSSL_ASN1_BIT_STRING;
 
 #define WOLFSSL_ASN1_UTCTIME WOLFSSL_ASN1_TIME
 
@@ -148,6 +144,7 @@ typedef struct WOLFSSL_X509_REVOKED {
 typedef struct WOLFSSL_X509_OBJECT {
     union {
         char* ptr;
+        WOLFSSL_X509 *x509;
         WOLFSSL_X509_CRL* crl;           /* stunnel dereference */
     } data;
 } WOLFSSL_X509_OBJECT;
@@ -342,7 +339,7 @@ WOLFSSL_API int  wolfSSL_dtls(WOLFSSL* ssl);
 WOLFSSL_API int  wolfSSL_dtls_set_peer(WOLFSSL*, void*, unsigned int);
 WOLFSSL_API int  wolfSSL_dtls_get_peer(WOLFSSL*, void*, unsigned int*);
 
-WOLFSSL_API int   wolfSSL_ERR_GET_REASON(int err);
+WOLFSSL_API int   wolfSSL_ERR_GET_REASON(unsigned long err);
 WOLFSSL_API char* wolfSSL_ERR_error_string(unsigned long,char*);
 WOLFSSL_API void  wolfSSL_ERR_error_string_n(unsigned long e, char* buf,
                                            unsigned long sz);
@@ -526,14 +523,15 @@ WOLFSSL_API void wolfSSL_CTX_set_default_passwd_cb_userdata(WOLFSSL_CTX*,
 WOLFSSL_API void wolfSSL_CTX_set_default_passwd_cb(WOLFSSL_CTX*, pem_password_cb);
 
 
-WOLFSSL_API void wolfSSL_CTX_set_info_callback(WOLFSSL_CTX*, void (*)(void));
+WOLFSSL_API void wolfSSL_CTX_set_info_callback(WOLFSSL_CTX*,
+                          void (*)(const WOLFSSL* ssl, int type, int val));
 
 WOLFSSL_API unsigned long wolfSSL_ERR_peek_error(void);
 WOLFSSL_API int           wolfSSL_GET_REASON(int);
 
 WOLFSSL_API char* wolfSSL_alert_type_string_long(int);
 WOLFSSL_API char* wolfSSL_alert_desc_string_long(int);
-WOLFSSL_API char* wolfSSL_state_string_long(WOLFSSL*);
+WOLFSSL_API char* wolfSSL_state_string_long(const WOLFSSL*);
 
 WOLFSSL_API WOLFSSL_RSA* wolfSSL_RSA_generate_key(int, unsigned long,
                                                void(*)(int, int, void*), void*);
@@ -646,11 +644,16 @@ enum {
     X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD = 20,
     X509_V_ERR_CERT_HAS_EXPIRED               = 21,
     X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD  = 22,
-
+    X509_V_ERR_CERT_REJECTED                  = 23,
     X509_V_OK = 0,
 
+    XN_FLAG_SPC_EQ  = (1 << 23),
+    XN_FLAG_ONELINE = 0,
+
     CRYPTO_LOCK = 1,
-    CRYPTO_NUM_LOCKS = 10
+    CRYPTO_NUM_LOCKS = 10,
+
+    ASN1_STRFLGS_ESC_MSB = 4
 };
 
 /* extras end */
@@ -1541,6 +1544,71 @@ WOLFSSL_API STACK_OF(WOLFSSL_X509_NAME) *wolfSSL_dup_CA_list( STACK_OF(WOLFSSL_X
 #endif
 
 
+#ifdef HAVE_STUNNEL
+
+WOLFSSL_API WOLFSSL_BIO *wolfSSL_BIO_new_file(const char *filename, const char *mode);
+
+WOLFSSL_API int wolfSSL_CRYPTO_set_mem_ex_functions(void *(*m) (size_t, const char *, int), 
+    void *(*r) (void *, size_t, const char *, int), void (*f) (void *));
+
+WOLFSSL_API WOLFSSL_DH *wolfSSL_DH_generate_parameters(int prime_len, int generator,
+    void (*callback) (int, int, void *), void *cb_arg);
+
+WOLFSSL_API void wolfSSL_ERR_load_crypto_strings(void);
+
+WOLFSSL_API unsigned long wolfSSL_ERR_peek_last_error(void);
+
+WOLFSSL_API int wolfSSL_FIPS_mode(void);
+
+WOLFSSL_API int wolfSSL_FIPS_mode_set(int r);
+
+WOLFSSL_API WOLFSSL_DH *wolfSSL_PEM_read_bio_DHparams(WOLFSSL_BIO *bp, 
+    WOLFSSL_DH **x, pem_password_cb *cb, void *u);
+
+WOLFSSL_API int wolfSSL_PEM_write_bio_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 *x);
+
+WOLFSSL_API int wolfSSL_RAND_set_rand_method(const void *meth);
+
+WOLFSSL_API int wolfSSL_CIPHER_get_bits(const WOLFSSL_CIPHER *c, int *alg_bits);
+
+WOLFSSL_API int wolfSSL_sk_X509_NAME_num(const STACK_OF(WOLFSSL_X509_NAME) *s);
+
+WOLFSSL_API int wolfSSL_sk_X509_num(const STACK_OF(WOLFSSL_X509) *s);
+
+WOLFSSL_API int wolfSSL_X509_NAME_print_ex(WOLFSSL_BIO*,WOLFSSL_X509_NAME*,int,unsigned long);
+
+WOLFSSL_API WOLFSSL_ASN1_BIT_STRING* wolfSSL_X509_get0_pubkey_bitstr(
+                            const WOLFSSL_X509*);
+
+WOLFSSL_API int        wolfSSL_CTX_add_session(WOLFSSL_CTX*, WOLFSSL_SESSION*);
+
+WOLFSSL_API WOLFSSL_CTX* wolfSSL_get_SSL_CTX(WOLFSSL* ssl);
+
+WOLFSSL_API int  wolfSSL_version(WOLFSSL*);
+
+WOLFSSL_API int wolfSSL_get_state(const WOLFSSL*);
+
+WOLFSSL_API void* wolfSSL_sk_X509_NAME_value(STACK_OF(WOLFSSL_X509_NAME)*, int);
+
+WOLFSSL_API void* wolfSSL_sk_X509_value(STACK_OF(WOLFSSL_X509)*, int);
+
+WOLFSSL_API STACK_OF(WOLFSSL_X509)* wolfSSL_get_peer_cert_chain(const WOLFSSL*);
+
+WOLFSSL_API long wolfSSL_CTX_get_options(WOLFSSL_CTX* ctx);
+
+WOLFSSL_API void* wolfSSL_SESSION_get_ex_data(const WOLFSSL_SESSION*, int);
+
+WOLFSSL_API int   wolfSSL_SESSION_set_ex_data(WOLFSSL_SESSION*, int, void*);
+
+WOLFSSL_API int wolfSSL_SESSION_get_ex_new_index(long,void*,void*,void*,void*);
+
+WOLFSSL_API int wolfSSL_X509_NAME_get_sz(WOLFSSL_X509_NAME*);
+
+WOLFSSL_API long wolfSSL_CTX_set_tmp_dh(WOLFSSL_CTX*, WOLFSSL_DH*);
+
+WOLFSSL_API const unsigned char* wolfSSL_SESSION_get_id(WOLFSSL_SESSION*, unsigned int*);
+#endif /* HAVE_STUNNEL */
+
 #ifdef __cplusplus
     }  /* extern "C" */
 #endif
diff --git a/wolfssl/wolfcrypt/coding.h b/wolfssl/wolfcrypt/coding.h
index 286e437a4..b92921bd8 100644
--- a/wolfssl/wolfcrypt/coding.h
+++ b/wolfssl/wolfcrypt/coding.h
@@ -48,6 +48,9 @@ WOLFSSL_API int Base64_Decode(const byte* in, word32 inLen, byte* out,
     WOLFSSL_API
     int Base64_EncodeEsc(const byte* in, word32 inLen, byte* out,
                                   word32* outLen);
+    WOLFSSL_API
+    int Base64_Encode_NoNl(const byte* in, word32 inLen, byte* out,
+                                  word32* outLen);
 #endif
 
 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || defined(HAVE_FIPS)

From 4b1e87f9d02b41cc8bfa75b02c583246c14ee554 Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Tue, 14 Jul 2015 21:17:20 -0700
Subject: [PATCH 193/350] update the wolfSSL FIPS VS IDE project files and
 README

---
 IDE/WIN/README.txt           | 21 ++++++++++++++++++---
 IDE/WIN/test.vcxproj         | 17 ++++++++---------
 IDE/WIN/wolfssl-fips.vcxproj | 24 ++++++++----------------
 3 files changed, 34 insertions(+), 28 deletions(-)

diff --git a/IDE/WIN/README.txt b/IDE/WIN/README.txt
index d2ed0faaa..81695ded9 100644
--- a/IDE/WIN/README.txt
+++ b/IDE/WIN/README.txt
@@ -3,7 +3,7 @@
 First, if you did not get the FIPS files with your archive, you must contact
 wolfSSL to obtain them.
 
-# On Building the wolfssl-fips project
+# Building the wolfssl-fips project
 
 The wolfCrypt FIPS library for Windows is a part of the wolfSSL library. It
 must be built as a static library.
@@ -14,10 +14,25 @@ There are two functions added to the library that are used as markers in
 memory for the in-core memory check of the code. WPO consolidates them into a
 single function. WPO also optimizes away the automatic FIPS entry function.
 
-A project using the library must disable 
-
 Each of the source files inside the FIPS boundary defines their own code and
 constant section. The code section names start with ".fipsA$" and the constant
 section names start with ".fipsB$". Each subsection has a letter to organize
 them in a secific order. This specific ordering puts marker functions and
 constants on either end of the boundary so it can be hashed.
+
+# In Core Memory Test
+
+The In Core Memory test calculates a checksum (HMAC-SHA256) of the wolfCrypt
+FIPS library code and constant data and compares it with a known value in
+the code.
+
+The Randomized Base Address setting doesn't cause any problems because
+(I believe) that the addrsses in the executable are all offsets from the base
+rather than absolute addresses.
+
+The "verifyCore" check value in the source fips_test.c needs to be updated when
+building the code. The POS performs this check and the default failure callback
+will print out the calculated checksum. When developing your code, copy this
+value and paste it back into your code in the verifyCore initializer then
+rebuild the code. When statically linking, you may have to recalculate your
+check value when changing your application.
diff --git a/IDE/WIN/test.vcxproj b/IDE/WIN/test.vcxproj
index 47681399b..38e264b20 100644
--- a/IDE/WIN/test.vcxproj
+++ b/IDE/WIN/test.vcxproj
@@ -111,7 +111,7 @@
     <ClCompile>
       <Optimization>Disabled</Optimization>
       <AdditionalIncludeDirectories>..\..\;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;USE_CERT_BUFFERS_2048;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;USE_CERT_BUFFERS_2048;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
       <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
       <PrecompiledHeader />
@@ -130,7 +130,7 @@
     <ClCompile>
       <Optimization>Disabled</Optimization>
       <AdditionalIncludeDirectories>..\..\;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;USE_CERT_BUFFERS_2048;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;USE_CERT_BUFFERS_2048;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
       <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
       <PrecompiledHeader />
@@ -147,7 +147,7 @@
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
     <ClCompile>
       <AdditionalIncludeDirectories>..\..\;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;USE_CERT_BUFFERS_2048;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;USE_CERT_BUFFERS_2048;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
       <PrecompiledHeader />
       <WarningLevel>Level3</WarningLevel>
@@ -167,7 +167,7 @@
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
     <ClCompile>
       <AdditionalIncludeDirectories>..\..\;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;USE_CERT_BUFFERS_2048;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;USE_CERT_BUFFERS_2048;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
       <PrecompiledHeader />
       <WarningLevel>Level3</WarningLevel>
@@ -181,14 +181,13 @@
       <OptimizeReferences>true</OptimizeReferences>
       <EnableCOMDATFolding>true</EnableCOMDATFolding>
       <LinkTimeCodeGeneration>UseLinkTimeCodeGeneration</LinkTimeCodeGeneration>
-      <RandomizedBaseAddress>false</RandomizedBaseAddress>
     </Link>
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'">
     <ClCompile>
       <Optimization>Disabled</Optimization>
       <AdditionalIncludeDirectories>..\..\;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;USE_CERT_BUFFERS_2048;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;USE_CERT_BUFFERS_2048;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
       <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
       <PrecompiledHeader />
@@ -207,7 +206,7 @@
     <ClCompile>
       <Optimization>Disabled</Optimization>
       <AdditionalIncludeDirectories>..\..\;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;USE_CERT_BUFFERS_2048;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;USE_CERT_BUFFERS_2048;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
       <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
       <PrecompiledHeader />
@@ -224,7 +223,7 @@
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'">
     <ClCompile>
       <AdditionalIncludeDirectories>..\..\;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;USE_CERT_BUFFERS_2048;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;USE_CERT_BUFFERS_2048;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
       <PrecompiledHeader />
       <WarningLevel>Level3</WarningLevel>
@@ -244,7 +243,7 @@
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">
     <ClCompile>
       <AdditionalIncludeDirectories>..\..\;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;USE_CERT_BUFFERS_2048;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;USE_CERT_BUFFERS_2048;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
       <PrecompiledHeader />
       <WarningLevel>Level3</WarningLevel>
diff --git a/IDE/WIN/wolfssl-fips.vcxproj b/IDE/WIN/wolfssl-fips.vcxproj
index b1a68ebac..c63c79bd1 100644
--- a/IDE/WIN/wolfssl-fips.vcxproj
+++ b/IDE/WIN/wolfssl-fips.vcxproj
@@ -120,7 +120,7 @@
     <ClCompile>
       <Optimization>Disabled</Optimization>
       <AdditionalIncludeDirectories>./;../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>OPENSSL_EXTRA;HAVE_THREAD_LS;WOLFSSL_KEY_GEN;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>OPENSSL_EXTRA;HAVE_THREAD_LS;WOLFSSL_KEY_GEN;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
       <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
       <WarningLevel>Level4</WarningLevel>
@@ -132,7 +132,7 @@
     <ClCompile>
       <Optimization>Disabled</Optimization>
       <AdditionalIncludeDirectories>./;../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>OPENSSL_EXTRA;HAVE_THREAD_LS;WOLFSSL_KEY_GEN;BUILDING_WOLFSSL;WOLFSSL_DLL;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>OPENSSL_EXTRA;HAVE_THREAD_LS;WOLFSSL_KEY_GEN;BUILDING_WOLFSSL;WOLFSSL_DLL;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <MinimalRebuild>true</MinimalRebuild>
       <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
       <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
@@ -145,7 +145,7 @@
     <ClCompile>
       <Optimization>Disabled</Optimization>
       <AdditionalIncludeDirectories>./;../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>OPENSSL_EXTRA;HAVE_THREAD_LS;WOLFSSL_KEY_GEN;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>OPENSSL_EXTRA;HAVE_THREAD_LS;WOLFSSL_KEY_GEN;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
       <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
       <WarningLevel>Level4</WarningLevel>
@@ -157,7 +157,7 @@
     <ClCompile>
       <Optimization>Disabled</Optimization>
       <AdditionalIncludeDirectories>./;../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>OPENSSL_EXTRA;HAVE_THREAD_LS;WOLFSSL_KEY_GEN;BUILDING_WOLFSSL;WOLFSSL_DLL;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>OPENSSL_EXTRA;HAVE_THREAD_LS;WOLFSSL_KEY_GEN;BUILDING_WOLFSSL;WOLFSSL_DLL;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
       <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
       <WarningLevel>Level4</WarningLevel>
@@ -175,7 +175,7 @@
       <Optimization>MaxSpeed</Optimization>
       <IntrinsicFunctions>true</IntrinsicFunctions>
       <AdditionalIncludeDirectories>./;../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>OPENSSL_EXTRA;HAVE_THREAD_LS;WOLFSSL_KEY_GEN;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>OPENSSL_EXTRA;HAVE_THREAD_LS;WOLFSSL_KEY_GEN;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
       <FunctionLevelLinking>true</FunctionLevelLinking>
       <WarningLevel>Level3</WarningLevel>
@@ -187,7 +187,7 @@
       <Optimization>MaxSpeed</Optimization>
       <IntrinsicFunctions>true</IntrinsicFunctions>
       <AdditionalIncludeDirectories>./;../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>OPENSSL_EXTRA;HAVE_THREAD_LS;WOLFSSL_KEY_GEN;BUILDING_WOLFSSL;WOLFSSL_DLL;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>OPENSSL_EXTRA;HAVE_THREAD_LS;WOLFSSL_KEY_GEN;BUILDING_WOLFSSL;WOLFSSL_DLL;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
       <FunctionLevelLinking>true</FunctionLevelLinking>
       <WarningLevel>Level3</WarningLevel>
@@ -199,7 +199,7 @@
       <Optimization>MaxSpeed</Optimization>
       <IntrinsicFunctions>true</IntrinsicFunctions>
       <AdditionalIncludeDirectories>./;../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>OPENSSL_EXTRA;HAVE_THREAD_LS;WOLFSSL_KEY_GEN;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>OPENSSL_EXTRA;HAVE_THREAD_LS;WOLFSSL_KEY_GEN;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
       <FunctionLevelLinking>true</FunctionLevelLinking>
       <WarningLevel>Level3</WarningLevel>
@@ -212,7 +212,7 @@
       <Optimization>MaxSpeed</Optimization>
       <IntrinsicFunctions>true</IntrinsicFunctions>
       <AdditionalIncludeDirectories>./;../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>OPENSSL_EXTRA;HAVE_THREAD_LS;WOLFSSL_KEY_GEN;BUILDING_WOLFSSL;WOLFSSL_DLL;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>OPENSSL_EXTRA;HAVE_THREAD_LS;WOLFSSL_KEY_GEN;BUILDING_WOLFSSL;WOLFSSL_DLL;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
       <FunctionLevelLinking>true</FunctionLevelLinking>
       <WarningLevel>Level3</WarningLevel>
@@ -261,34 +261,26 @@
       <ObjectFileName>$(IntDir)ctaocrypt\</ObjectFileName>
     </ClCompile>
     <ClCompile Include="..\..\wolfcrypt\src\aes.c" />
-    <ClCompile Include="..\..\wolfcrypt\src\arc4.c" />
     <ClCompile Include="..\..\wolfcrypt\src\asn.c" />
-    <ClCompile Include="..\..\wolfcrypt\src\blake2b.c" />
-    <ClCompile Include="..\..\wolfcrypt\src\camellia.c" />
     <ClCompile Include="..\..\wolfcrypt\src\coding.c" />
     <ClCompile Include="..\..\src\crl.c" />
     <ClCompile Include="..\..\wolfcrypt\src\des3.c" />
     <ClCompile Include="..\..\wolfcrypt\src\dh.c" />
-    <ClCompile Include="..\..\wolfcrypt\src\dsa.c" />
     <ClCompile Include="..\..\wolfcrypt\src\ecc.c" />
     <ClCompile Include="..\..\wolfcrypt\src\error.c" />
     <ClCompile Include="..\..\wolfcrypt\src\hash.c" />
-    <ClCompile Include="..\..\wolfcrypt\src\hc128.c" />
     <ClCompile Include="..\..\wolfcrypt\src\hmac.c" />
     <ClCompile Include="..\..\wolfcrypt\src\integer.c" />
     <ClCompile Include="..\..\src\internal.c" />
     <ClCompile Include="..\..\src\io.c" />
     <ClCompile Include="..\..\src\keys.c" />
     <ClCompile Include="..\..\wolfcrypt\src\logging.c" />
-    <ClCompile Include="..\..\wolfcrypt\src\md4.c" />
     <ClCompile Include="..\..\wolfcrypt\src\md5.c" />
     <ClCompile Include="..\..\wolfcrypt\src\memory.c" />
     <ClCompile Include="..\..\src\ocsp.c" />
     <ClCompile Include="..\..\wolfcrypt\src\wc_port.c" />
     <ClCompile Include="..\..\wolfcrypt\src\pwdbased.c" />
-    <ClCompile Include="..\..\wolfcrypt\src\rabbit.c" />
     <ClCompile Include="..\..\wolfcrypt\src\random.c" />
-    <ClCompile Include="..\..\wolfcrypt\src\ripemd.c" />
     <ClCompile Include="..\..\wolfcrypt\src\rsa.c" />
     <ClCompile Include="..\..\wolfcrypt\src\sha.c" />
     <ClCompile Include="..\..\wolfcrypt\src\sha256.c" />

From 55677aa5ae10944aa9778839cc2e0870466affc4 Mon Sep 17 00:00:00 2001
From: Chris Conlon <chris@wolfssl.com>
Date: Wed, 15 Jul 2015 11:56:14 -0600
Subject: [PATCH 194/350] fix BLAKE2b cyassl compat header includes

---
 cyassl/ctaocrypt/blake2-impl.h | 2 +-
 cyassl/ctaocrypt/blake2-int.h  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/cyassl/ctaocrypt/blake2-impl.h b/cyassl/ctaocrypt/blake2-impl.h
index fc5ec3a49..de6ed273b 100644
--- a/cyassl/ctaocrypt/blake2-impl.h
+++ b/cyassl/ctaocrypt/blake2-impl.h
@@ -36,7 +36,7 @@
 #define CTAOCRYPT_BLAKE2_IMPL_H
 
 #include <cyassl/ctaocrypt/types.h>
-#include <wolfssl/wolfcrypt/blake2_impl.h>
+#include <wolfssl/wolfcrypt/blake2-impl.h>
 
 #endif  /* CTAOCRYPT_BLAKE2_IMPL_H */
 
diff --git a/cyassl/ctaocrypt/blake2-int.h b/cyassl/ctaocrypt/blake2-int.h
index 07ea8e745..9dadaadcb 100644
--- a/cyassl/ctaocrypt/blake2-int.h
+++ b/cyassl/ctaocrypt/blake2-int.h
@@ -37,7 +37,7 @@
 #define CTAOCRYPT_BLAKE2_INT_H
 
 #include <cyassl/ctaocrypt/types.h>
-#include <wolfssl/wolfcrypt/blake2_int.h>
+#include <wolfssl/wolfcrypt/blake2-int.h>
 
 #endif  /* CTAOCRYPT_BLAKE2_INT_H */
 

From 763e9370bf1bc6d771ccbdef16357492a3f71c0c Mon Sep 17 00:00:00 2001
From: Jacob Barthelmeh <jacob@wolfssl.com>
Date: Wed, 15 Jul 2015 13:48:31 -0600
Subject: [PATCH 195/350] WOLFSSL_STUB log for debug message

---
 src/ssl.c                   | 30 +++++++++++++++++++++++++++++-
 wolfssl/wolfcrypt/logging.h |  5 +++++
 2 files changed, 34 insertions(+), 1 deletion(-)

diff --git a/src/ssl.c b/src/ssl.c
index 7e40efa64..3dbd22bbd 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -15158,6 +15158,9 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl)
     unsigned char *wolfSSL_SHA1(const unsigned char *d, size_t n, unsigned char *md)
     {
         (void) *d; (void) n; (void) *md;
+        WOLFSSL_ENTER("wolfSSL_SHA1");
+        WOLFSSL_STUB("wolfssl_SHA1");
+
         return NULL;
     }
 
@@ -15165,6 +15168,7 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl)
         (void)ctx;
         (void)x;
         WOLFSSL_ENTER("WOLFSSL_CTX_use_certificate");
+        WOLFSSL_STUB("WOLFSSL_CTX_use_certificate");
 
         return 0;
     }
@@ -15173,6 +15177,7 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl)
         (void)ctx;
         (void)pkey;
         WOLFSSL_ENTER("WOLFSSL_CTX_use_PrivateKey");
+        WOLFSSL_STUB("WOLFSSL_CTX_use_PrivateKey");
 
         return 0;
     }
@@ -15181,6 +15186,7 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl)
         (void)filename;
         (void)mode;
         WOLFSSL_ENTER("wolfSSL_BIO_new_file");
+        WOLFSSL_STUB("wolfSSL_BIO_new_file");
 
         return NULL;
     }
@@ -15189,18 +15195,22 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl)
         (void)b;
         (void)name;
         WOLFSSL_ENTER("wolfSSL_BIO_read_filename");
+        WOLFSSL_STUB("wolfSSL_BIO_read_filename");
 
         return 0;
     }
 
     WOLFSSL_BIO_METHOD* WOLFSSL_BIO_s_file(void) {
         WOLFSSL_ENTER("WOLFSSL_BIO_s_file");
+        WOLFSSL_STUB("WOLFSSL_BIO_s_file");
+
         return NULL;
     }
 
     const char * wolf_OBJ_nid2sn(int n) {
         (void)n;
         WOLFSSL_ENTER("wolf_OBJ_nid2sn");
+        WOLFSSL_STUB("wolf_OBJ_nid2sn");
 
         return 0;
     }
@@ -15208,6 +15218,7 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl)
     int wolf_OBJ_obj2nid(const WOLFSSL_ASN1_OBJECT *o) {
         (void)o;
         WOLFSSL_ENTER("wolf_OBJ_obj2nid");
+        WOLFSSL_STUB("wolf_OBJ_obj2nid");
 
         return 0;
     }
@@ -15215,6 +15226,7 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl)
     int wolf_OBJ_sn2nid(const char *sn) {
         (void)sn;
         WOLFSSL_ENTER("wolf_OBJ_osn2nid");
+        WOLFSSL_STUB("wolf_OBJ_osn2nid");
 
         return 0;
     }
@@ -15225,6 +15237,7 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl)
         (void)cb;
         (void)u;
         WOLFSSL_ENTER("PEM_read_bio_DHparams");
+        WOLFSSL_STUB("PEM_read_bio_DHparams");
 
         return NULL;
     }
@@ -15235,6 +15248,7 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl)
         (void)cb;
         (void)u;
         WOLFSSL_ENTER("PEM_read_bio_WOLFSSL_X509");
+        WOLFSSL_STUB("PEM_read_bio_WOLFSSL_X509");
 
         return NULL;
     }
@@ -15243,6 +15257,7 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl)
         (void)bp;
         (void)x;
         WOLFSSL_ENTER("PEM_write_bio_WOLFSSL_X509");
+        WOLFSSL_STUB("PEM_write_bio_WOLFSSL_X509");
 
         return 0;
     }
@@ -15251,14 +15266,17 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl)
         (void)ctx;
         (void)dh;
         WOLFSSL_ENTER("WOLFSSL_CTX_set_tmp_dh");
+        WOLFSSL_STUB("WOLFSSL_CTX_set_tmp_dh");
 
         return 0;
     }
 
-    void wolfSSL_CTX_set_verify_depth(WOLFSSL_CTX *ctx,int depth) {
+    void wolfSSL_CTX_set_verify_depth(WOLFSSL_CTX *ctx, int depth) {
         (void)ctx;
         (void)depth;
         WOLFSSL_ENTER("wolfSSL_CTX_set_verify_depth");
+        WOLFSSL_STUB("wolfSSL_CTX_set_verify_depth");
+
     }
 
     void* WOLFSSL_get_app_data( const WOLFSSL *ssl)
@@ -15266,6 +15284,7 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl)
         /* checkout exdata stuff... */
         (void)ssl;
         WOLFSSL_ENTER("WOLFSSL_get_app_data");
+        WOLFSSL_STUB("WOLFSSL_get_app_data");
 
         return 0;
     }
@@ -15274,11 +15293,13 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl)
         (void)ssl;
         (void)arg;
         WOLFSSL_ENTER("WOLFSSL_set_app_data");
+        WOLFSSL_STUB("WOLFSSL_set_app_data");
     }
 
     WOLFSSL_ASN1_OBJECT * WOLFSSL_X509_NAME_ENTRY_get_object(WOLFSSL_X509_NAME_ENTRY *ne) {
         (void)ne;
         WOLFSSL_ENTER("WOLFSSL_X509_NAME_ENTRY_get_object");
+        WOLFSSL_STUB("WOLFSSL_X509_NAME_ENTRY_get_object");
 
         return NULL;
     }
@@ -15287,6 +15308,7 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl)
         (void)name;
         (void)loc;
         WOLFSSL_ENTER("WOLFSSL_X509_NAME_get_entry");
+        WOLFSSL_STUB("WOLFSSL_X509_NAME_get_entry");
 
         return NULL;
     }
@@ -15294,24 +15316,30 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl)
     void WOLFSSL_X509_NAME_free(WOLFSSL_X509_NAME *name){
         FreeX509Name(name);
         WOLFSSL_ENTER("WOLFSSL_X509_NAME_free");
+        WOLFSSL_STUB("WOLFSSL_X509_NAME_free");
     }
 
     void wolfSSL_sk_X509_NAME_pop_free(STACK_OF(WOLFSSL_X509_NAME)* sk, void f (WOLFSSL_X509_NAME*)){
         (void) sk;
         (void) f;
         WOLFSSL_ENTER("wolfSSL_sk_X509_NAME_pop_free");
+        WOLFSSL_STUB("wolfSSL_sk_X509_NAME_pop_free");
     }
 
     int wolfSSL_X509_check_private_key(WOLFSSL_X509 *x509, WOLFSSL_EVP_PKEY *key){
         (void) x509;
         (void) key;
         WOLFSSL_ENTER("wolfSSL_X509_check_private_key");
+        WOLFSSL_STUB("wolfSSL_X509_check_private_key");
+
         return SSL_SUCCESS;
     }
 
     STACK_OF(WOLFSSL_X509_NAME) *wolfSSL_dup_CA_list( STACK_OF(WOLFSSL_X509_NAME) *sk ){
         (void) sk;
         WOLFSSL_ENTER("wolfSSL_dup_CA_list");
+        WOLFSSL_STUB("wolfSSL_dup_CA_list");
+
         return NULL;
     }
 
diff --git a/wolfssl/wolfcrypt/logging.h b/wolfssl/wolfcrypt/logging.h
index 0b124835b..2e604080d 100644
--- a/wolfssl/wolfcrypt/logging.h
+++ b/wolfssl/wolfcrypt/logging.h
@@ -46,9 +46,13 @@ typedef void (*wolfSSL_Logging_cb)(const int logLevel,
 WOLFSSL_API int wolfSSL_SetLoggingCb(wolfSSL_Logging_cb log_function);
 
 #ifdef DEBUG_WOLFSSL
+    /* a is prepended to m and b is appended, creating a log msg a + m + b */
+    #define WOLFSSL_LOG_CAT(a, m, b) #a " " m " "  #b
 
     void WOLFSSL_ENTER(const char* msg);
     void WOLFSSL_LEAVE(const char* msg, int ret);
+    #define WOLFSSL_STUB(m) \
+        WOLFSSL_MSG(WOLFSSL_LOG_CAT(wolfSSL Stub, m, not implemented))
 
     void WOLFSSL_ERROR(int);
     void WOLFSSL_MSG(const char* msg);
@@ -57,6 +61,7 @@ WOLFSSL_API int wolfSSL_SetLoggingCb(wolfSSL_Logging_cb log_function);
 
     #define WOLFSSL_ENTER(m)
     #define WOLFSSL_LEAVE(m, r)
+    #define WOLFSSL_STUB(m)
 
     #define WOLFSSL_ERROR(e)
     #define WOLFSSL_MSG(m)

From 0b3bc289ae880d938d882378af4b9c0fc68c73c1 Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Wed, 15 Jul 2015 13:44:09 -0700
Subject: [PATCH 196/350] fix enable stunnel help alignment

---
 configure.ac | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/configure.ac b/configure.ac
index a05f9e221..7bb1b769f 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1704,7 +1704,7 @@ fi
 
 # stunnel Support
 AC_ARG_ENABLE([stunnel],
-    [  --enable-stunnel         Enable stunnel (default: disabled)],
+    [  --enable-stunnel        Enable stunnel (default: disabled)],
     [ ENABLED_STUNNEL=$enableval ],
     [ ENABLED_STUNNEL=no ]
     )

From bffecfbc2dc55c1b3a0c0da8c86ab497ad5a884f Mon Sep 17 00:00:00 2001
From: kaleb-himes <kaleb@wolfssl.com>
Date: Wed, 15 Jul 2015 15:33:49 -0600
Subject: [PATCH 197/350] New AES structure size increased, update mcapi
 context to encompass

---
 mcapi/crypto.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/mcapi/crypto.h b/mcapi/crypto.h
index 7a960d855..82b4d0249 100644
--- a/mcapi/crypto.h
+++ b/mcapi/crypto.h
@@ -163,7 +163,7 @@ enum {
 
 /* AES */
 typedef struct CRYPT_AES_CTX {
-    int holder[70];   /* big enough to hold internal, but check on init */
+    int holder[74];   /* big enough to hold internal, but check on init */
 } CRYPT_AES_CTX;
 
 /* key */

From 8eaac3de472e76a181f6b48ed3f78ed05b81f2d2 Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Wed, 15 Jul 2015 15:01:48 -0700
Subject: [PATCH 198/350] fix clang redef

---
 wolfssl/ssl.h | 1 -
 1 file changed, 1 deletion(-)

diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h
index d3d4a4aa3..465647a1a 100644
--- a/wolfssl/ssl.h
+++ b/wolfssl/ssl.h
@@ -90,7 +90,6 @@ typedef struct WOLFSSL_X509_EXTENSION WOLFSSL_X509_EXTENSION;
 typedef struct WOLFSSL_ASN1_TIME      WOLFSSL_ASN1_TIME;
 typedef struct WOLFSSL_ASN1_INTEGER   WOLFSSL_ASN1_INTEGER;
 typedef struct WOLFSSL_ASN1_OBJECT    WOLFSSL_ASN1_OBJECT;
-typedef struct WOLFSSL_dynlock_value  WOLFSSL_dynlock_value;
 
 typedef struct WOLFSSL_ASN1_STRING      WOLFSSL_ASN1_STRING;
 typedef struct WOLFSSL_dynlock_value    WOLFSSL_dynlock_value;

From ffb73bc3d5c4cd087875a40b33df330237a777d5 Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Wed, 15 Jul 2015 16:25:49 -0700
Subject: [PATCH 199/350] fix no newline in openssl/ecdsa.h

---
 wolfssl/openssl/ecdsa.h | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/wolfssl/openssl/ecdsa.h b/wolfssl/openssl/ecdsa.h
index 22b2d4cda..a92841fff 100644
--- a/wolfssl/openssl/ecdsa.h
+++ b/wolfssl/openssl/ecdsa.h
@@ -35,4 +35,5 @@ WOLFSSL_API int wolfSSL_ECDSA_do_verify(const unsigned char *dgst,
 }  /* extern "C" */
 #endif
 
-#endif /* header */
\ No newline at end of file
+#endif /* header */
+

From 8cb19492031989a57de5a5ec29c92a58c63a9b9d Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Wed, 15 Jul 2015 16:27:50 -0700
Subject: [PATCH 200/350] fix some build warnings from VS

---
 src/ssl.c              | 16 ++++++++--------
 wolfssl/openssl/ecdh.h |  2 +-
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/src/ssl.c b/src/ssl.c
index 146c4f56d..efd30e6d6 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -11514,11 +11514,11 @@ int wolfSSL_BN_add(WOLFSSL_BIGNUM *r, WOLFSSL_BIGNUM *a, WOLFSSL_BIGNUM *b)
 int wolfSSL_BN_is_prime_ex(const WOLFSSL_BIGNUM *bn, int nbchecks,
                            WOLFSSL_BN_CTX *ctx, WOLFSSL_BN_GENCB *cb)
 {
+    int res;
+
     (void)ctx;
     (void)cb;
 
-    int res;
-
     WOLFSSL_MSG("wolfSSL_BN_is_prime_ex");
 
     if (bn == NULL || bn->internal == NULL) {
@@ -13150,13 +13150,13 @@ int wolfSSL_PEM_write_buf_RSAPrivateKey(RSA* rsa, const EVP_CIPHER* cipher,
                                         unsigned char* passwd, int len,
                                         byte **pem, int *plen)
 {
+    byte *der, *tmp;
+    int    der_max_len = 0, derSz = 0;
+
     (void)cipher;
     (void)passwd;
     (void)len;
 
-    byte *der, *tmp;
-    int    der_max_len = 0, derSz = 0;
-
     WOLFSSL_MSG("wolfSSL_PEM_write_buf_RSAPrivateKey");
 
     if (pem == NULL || plen == NULL || rsa == NULL || rsa->internal == NULL) {
@@ -13231,15 +13231,15 @@ int wolfSSL_PEM_write_RSAPrivateKey(FILE *fp, WOLFSSL_RSA *rsa,
                                     unsigned char *kstr, int klen,
                                     pem_password_cb *cb, void *u)
 {
+    byte*   pem;
+    int     plen, ret;
+
     (void)enc;
     (void)kstr;
     (void)klen;
     (void)cb;
     (void)u;
 
-    byte    *pem;
-    int     plen, ret;
-
     WOLFSSL_MSG("wolfSSL_PEM_write_RSAPrivateKey");
 
     if (fp == NULL || rsa == NULL || rsa->internal == NULL) {
diff --git a/wolfssl/openssl/ecdh.h b/wolfssl/openssl/ecdh.h
index b5583dd93..57d9e2e37 100644
--- a/wolfssl/openssl/ecdh.h
+++ b/wolfssl/openssl/ecdh.h
@@ -7,7 +7,7 @@
 #include <wolfssl/openssl/bn.h>
 
 #ifdef __cplusplus
-extern C {
+extern "C" {
 #endif
 
 

From 84a5087bd75e69c0688f499250d51839eaaac715 Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Wed, 15 Jul 2015 16:35:23 -0700
Subject: [PATCH 201/350] resume script cleans up /tmp ready file

---
 scripts/resume.test | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/scripts/resume.test b/scripts/resume.test
index e4b0a6eb3..17bfd8c9f 100755
--- a/scripts/resume.test
+++ b/scripts/resume.test
@@ -7,6 +7,15 @@ resume_port=11112
 no_pid=-1
 server_pid=$no_pid
 
+
+remove_ready_file() {
+    if test -e /tmp/wolfssl_server_ready; then
+        echo -e "removing exisitng server_ready file"
+        rm /tmp/wolfssl_server_ready
+    fi
+}
+
+
 do_cleanup() {
     echo "in cleanup"
 
@@ -15,6 +24,7 @@ do_cleanup() {
         echo "killing server"
         kill -9 $server_pid
     fi
+    remove_ready_file
 }
 
 do_trap() {
@@ -27,10 +37,7 @@ trap do_trap INT TERM
 
 echo -e "\nStarting example server for resume test...\n"
 
-if test -e /tmp/wolfssl_server_ready; then
-    echo -e "removing exisitng server_ready file"
-    rm /tmp/wolfssl_server_ready
-fi
+remove_ready_file
 ./examples/server/server -r -R -p $resume_port &
 server_pid=$!
 
@@ -51,6 +58,7 @@ fi
 
 wait $server_pid
 server_result=$?
+remove_ready_file
 
 if [ $server_result != 0 ]
 then

From 5a00e4b72b5fb1e35ade47cb50ccfbe2327a3260 Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Thu, 16 Jul 2015 10:18:08 -0700
Subject: [PATCH 202/350] use full ivSz with ecc encrypt

---
 wolfcrypt/src/ecc.c     | 2 +-
 wolfssl/wolfcrypt/ecc.h | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c
index 42411a7b8..a65e343df 100644
--- a/wolfcrypt/src/ecc.c
+++ b/wolfcrypt/src/ecc.c
@@ -4912,7 +4912,7 @@ static int ecc_get_key_sizes(ecEncCtx* ctx, int* encKeySz, int* ivSz,
         switch (ctx->encAlgo) {
             case ecAES_128_CBC:
                 *encKeySz = KEY_SIZE_128;
-                *ivSz     = IV_SIZE_64;
+                *ivSz     = IV_SIZE_128;
                 *blockSz  = AES_BLOCK_SIZE;
                 break;
             default:
diff --git a/wolfssl/wolfcrypt/ecc.h b/wolfssl/wolfcrypt/ecc.h
index 9908ff9e8..3da99ec64 100644
--- a/wolfssl/wolfcrypt/ecc.h
+++ b/wolfssl/wolfcrypt/ecc.h
@@ -231,6 +231,7 @@ enum {
     KEY_SIZE_128     = 16,
     KEY_SIZE_256     = 32,
     IV_SIZE_64       =  8,
+    IV_SIZE_128      = 16,
     EXCHANGE_SALT_SZ = 16,
     EXCHANGE_INFO_SZ = 23
 };

From 53fb9188e7ab0f31b1ec1b029576fe0995599880 Mon Sep 17 00:00:00 2001
From: "John M. Schanck" <jschanck@securityinnovation.com>
Date: Thu, 16 Jul 2015 15:43:50 -0400
Subject: [PATCH 203/350] Use ntru functions from stable libntruencrypt api

ntru_crypto_external_drbg_instantiate has been renamed
to ntru_crypto_drbg_external_instantiate in the 1.0.0
release of libntruencrypt. Made various other small changes
to build against libntruencrypt.
---
 IDE/MDK5-ARM/Projects/CryptBenchmark/benchmark.c |  2 +-
 IDE/MDK5-ARM/Projects/CryptTest/test.c           |  2 +-
 configure.ac                                     |  6 +++---
 src/internal.c                                   | 14 +++++++-------
 src/tls.c                                        |  8 ++++----
 wolfcrypt/benchmark/benchmark.c                  |  2 +-
 wolfcrypt/src/asn.c                              |  2 +-
 wolfcrypt/test/test.c                            |  2 +-
 8 files changed, 19 insertions(+), 19 deletions(-)

diff --git a/IDE/MDK5-ARM/Projects/CryptBenchmark/benchmark.c b/IDE/MDK5-ARM/Projects/CryptBenchmark/benchmark.c
index 417ae3177..fa13b8b80 100644
--- a/IDE/MDK5-ARM/Projects/CryptBenchmark/benchmark.c
+++ b/IDE/MDK5-ARM/Projects/CryptBenchmark/benchmark.c
@@ -52,7 +52,7 @@
     #include "cavium_ioctl.h"
 #endif
 #ifdef HAVE_NTRU
-    #include "ntru_crypto.h"
+    #include "libntruencrypt/ntru_crypto.h"
 #endif
 
 #if defined(CYASSL_MDK_ARM)
diff --git a/IDE/MDK5-ARM/Projects/CryptTest/test.c b/IDE/MDK5-ARM/Projects/CryptTest/test.c
index ac5c775b2..167832eae 100644
--- a/IDE/MDK5-ARM/Projects/CryptTest/test.c
+++ b/IDE/MDK5-ARM/Projects/CryptTest/test.c
@@ -101,7 +101,7 @@
 #endif
 
 #ifdef HAVE_NTRU
-    #include "ntru_crypto.h"
+    #include "libntruencrypt/ntru_crypto.h"
 #endif
 #ifdef HAVE_CAVIUM
     #include "cavium_sysdep.h"
diff --git a/configure.ac b/configure.ac
index 7bb1b769f..f076e453c 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1397,9 +1397,9 @@ AC_ARG_WITH([ntru],
     [
         AC_MSG_CHECKING([for NTRU])
         CPPFLAGS="$CPPFLAGS -DHAVE_NTRU -DHAVE_QSH -DHAVE_TLS_EXTENSIONS"
-        LIBS="$LIBS -lNTRUEncrypt"
+        LIBS="$LIBS -lntruencrypt"
 
-        AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <ntru_crypto_drbg.h>]], [[ ntru_crypto_drbg_instantiate(0, 0, 0, 0, 0); ]])], [ ntru_linked=yes ],[ ntru_linked=no ])
+        AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <libntruencrypt/ntru_crypto_drbg.h>]], [[ ntru_crypto_drbg_instantiate(0, 0, 0, 0, 0); ]])], [ ntru_linked=yes ],[ ntru_linked=no ])
 
         if test "x$ntru_linked" == "xno" ; then
             if test "x$withval" != "xno" ; then
@@ -1412,7 +1412,7 @@ AC_ARG_WITH([ntru],
             LDFLAGS="$AM_LDFLAGS -L$tryntrudir/lib"
             CPPFLAGS="$CPPFLAGS -I$tryntrudir/include"
 
-            AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <ntru_crypto_drbg.h>]], [[ ntru_crypto_drbg_instantiate(0, 0, 0, 0, 0); ]])], [ ntru_linked=yes ],[ ntru_linked=no ])
+            AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <libntruencrypt/ntru_crypto_drbg.h>]], [[ ntru_crypto_drbg_instantiate(0, 0, 0, 0, 0); ]])], [ ntru_linked=yes ],[ ntru_linked=no ])
 
             if test "x$ntru_linked" == "xno" ; then
                 AC_MSG_ERROR([NTRU isn't found.
diff --git a/src/internal.c b/src/internal.c
index ceef2eeab..fa4208c44 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -41,7 +41,7 @@
 #endif
 
 #ifdef HAVE_NTRU
-    #include "ntru_crypto.h"
+    #include "libntruencrypt/ntru_crypto.h"
 #endif
 
 #if defined(DEBUG_WOLFSSL) || defined(SHOW_SECRETS) || defined(CHACHA_AEAD_TEST)
@@ -247,7 +247,7 @@ static int QSH_FreeAll(WOLFSSL* ssl)
 static RNG* rng;
 static wolfSSL_Mutex* rngMutex;
 
-static word32 GetEntropy(unsigned char* out, unsigned long long num_bytes)
+static word32 GetEntropy(unsigned char* out, word32 num_bytes)
 {
     int ret = 0;
 
@@ -265,7 +265,7 @@ static word32 GetEntropy(unsigned char* out, unsigned long long num_bytes)
     }
 
     ret |= LockMutex(rngMutex);
-    ret |= wc_RNG_GenerateBlock(rng, out, (word32)num_bytes);
+    ret |= wc_RNG_GenerateBlock(rng, out, num_bytes);
     ret |= UnLockMutex(rngMutex);
 
     if (ret != 0)
@@ -10623,7 +10623,7 @@ static int NtruSecretEncrypt(QSHKey* key, byte* bufIn, word32 inSz,
     }
 
     /* set up ntru drbg */
-    ret = ntru_crypto_external_drbg_instantiate(GetEntropy, &drbg);
+    ret = ntru_crypto_drbg_external_instantiate(GetEntropy, &drbg);
     if (ret != DRBG_OK)
         return NTRU_DRBG_ERROR;
 
@@ -10670,7 +10670,7 @@ static int NtruSecretDecrypt(QSHKey* key, byte* bufIn, word32 inSz,
 
 
     /* set up drbg */
-    ret = ntru_crypto_external_drbg_instantiate(GetEntropy, &drbg);
+    ret = ntru_crypto_drbg_external_instantiate(GetEntropy, &drbg);
     if (ret != DRBG_OK)
         return NTRU_DRBG_ERROR;
 
@@ -10805,7 +10805,7 @@ static word32 QSH_MaxSecret(QSHKey* key)
     }
 
     if (isNtru) {
-        ret = ntru_crypto_external_drbg_instantiate(GetEntropy, &drbg);
+        ret = ntru_crypto_drbg_external_instantiate(GetEntropy, &drbg);
         if (ret != DRBG_OK)
             return NTRU_DRBG_ERROR;
         ret = ntru_crypto_ntru_encrypt(drbg, key->pub.length,
@@ -11251,7 +11251,7 @@ static word32 QSH_KeyExchangeWrite(WOLFSSL* ssl, byte isServer)
                         return NO_PEER_KEY;
                     }
 
-                    rc = ntru_crypto_external_drbg_instantiate(GetEntropy, &drbg);
+                    rc = ntru_crypto_drbg_external_instantiate(GetEntropy, &drbg);
                     if (rc != DRBG_OK) {
                     #ifdef WOLFSSL_SMALL_STACK
                         XFREE(encSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
diff --git a/src/tls.c b/src/tls.c
index 5a070f667..39f36bb17 100644
--- a/src/tls.c
+++ b/src/tls.c
@@ -37,7 +37,7 @@
 #endif
 
 #ifdef HAVE_NTRU
-    #include "ntru_crypto.h"
+    #include "libntruencrypt/ntru_crypto.h"
     #include <wolfssl/wolfcrypt/random.h>
 #endif
 #ifdef HAVE_QSH
@@ -2836,7 +2836,7 @@ static word16 TLSX_Write(TLSX* list, byte* output, byte* semaphore,
 
 #ifdef HAVE_NTRU
 
-static word32 GetEntropy(unsigned char* out, unsigned long long num_bytes)
+static word32 GetEntropy(unsigned char* out, word32 num_bytes)
 {
     int ret = 0;
 
@@ -2854,7 +2854,7 @@ static word32 GetEntropy(unsigned char* out, unsigned long long num_bytes)
     }
 
     ret |= LockMutex(rngMutex);
-    ret |= wc_RNG_GenerateBlock(rng, out, (word32)num_bytes);
+    ret |= wc_RNG_GenerateBlock(rng, out, num_bytes);
     ret |= UnLockMutex(rngMutex);
 
     if (ret != 0)
@@ -2947,7 +2947,7 @@ int TLSX_CreateNtruKey(WOLFSSL* ssl, int type)
             WOLFSSL_MSG("Unknown type for creating NTRU key");
             return -1;
     }
-    ret = ntru_crypto_external_drbg_instantiate(GetEntropy, &drbg);
+    ret = ntru_crypto_drbg_external_instantiate(GetEntropy, &drbg);
     if (ret != DRBG_OK) {
         WOLFSSL_MSG("NTRU drbg instantiate failed\n");
         return ret;
diff --git a/wolfcrypt/benchmark/benchmark.c b/wolfcrypt/benchmark/benchmark.c
index 891ce0bf9..e68af6177 100644
--- a/wolfcrypt/benchmark/benchmark.c
+++ b/wolfcrypt/benchmark/benchmark.c
@@ -71,7 +71,7 @@
     #include "cavium_ioctl.h"
 #endif
 #ifdef HAVE_NTRU
-    #include "ntru_crypto.h"
+    #include "libntruencrypt/ntru_crypto.h"
 #endif
 
 #if defined(WOLFSSL_MDK_ARM)
diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
index 01fd2eaca..8537ed5d2 100644
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -49,7 +49,7 @@
 #endif
 
 #ifdef HAVE_NTRU
-    #include "ntru_crypto.h"
+    #include "libntruencrypt/ntru_crypto.h"
 #endif
 
 #if defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA384)
diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c
index 6286e3eac..c96d836a6 100644
--- a/wolfcrypt/test/test.c
+++ b/wolfcrypt/test/test.c
@@ -115,7 +115,7 @@
 #endif
 
 #ifdef HAVE_NTRU
-    #include "ntru_crypto.h"
+    #include "libntruencrypt/ntru_crypto.h"
 #endif
 #ifdef HAVE_CAVIUM
     #include "cavium_sysdep.h"

From c6003c33bbd9f9141832ef2ab008ea52bd1ab09d Mon Sep 17 00:00:00 2001
From: lchristina26 <leah@wolfssl.com>
Date: Thu, 16 Jul 2015 14:19:11 -0600
Subject: [PATCH 204/350] fix disable filesystem errors

---
 src/ssl.c            | 5 +++++
 wolfssl/openssl/bn.h | 4 +++-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/src/ssl.c b/src/ssl.c
index efd30e6d6..e15d574fa 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -11613,6 +11613,7 @@ char *wolfSSL_BN_bn2hex(const WOLFSSL_BIGNUM *bn)
     return buf;
 }
 
+#ifndef NO_FILESYSTEM
 /* return code compliant with OpenSSL :
  *   1 if success, 0 if error
  */
@@ -11638,6 +11639,7 @@ int wolfSSL_BN_print_fp(FILE *fp, const WOLFSSL_BIGNUM *bn)
 
     return SSL_SUCCESS;
 }
+#endif /* !defined(NO_FILESYSTEM) */
 
 #else /* defined(HAVE_ECC) */
 
@@ -11650,6 +11652,7 @@ char *wolfSSL_BN_bn2hex(const WOLFSSL_BIGNUM *bn)
     return (char*)"";
 }
 
+#ifndef NO_FILESYSTEM
 /* return code compliant with OpenSSL :
  *   1 if success, 0 if error
  */
@@ -11662,6 +11665,8 @@ int wolfSSL_BN_print_fp(FILE *fp, const WOLFSSL_BIGNUM *bn)
 
     return SSL_SUCCESS;
 }
+#endif /* !defined(NO_FILESYSTEM) */
+
 #endif /*(defined(WOLFSSL_KEY_GEN)||defined(HAVE_COMP_KEY))&&defined(HAVE_ECC)*/
 
 WOLFSSL_BIGNUM *wolfSSL_BN_CTX_get(WOLFSSL_BN_CTX *ctx)
diff --git a/wolfssl/openssl/bn.h b/wolfssl/openssl/bn.h
index 225e6976d..c56a3cfca 100644
--- a/wolfssl/openssl/bn.h
+++ b/wolfssl/openssl/bn.h
@@ -77,7 +77,9 @@ WOLFSSL_API int wolfSSL_BN_is_prime_ex(const WOLFSSL_BIGNUM*, int,
                                        WOLFSSL_BN_CTX*, WOLFSSL_BN_GENCB*);
 WOLFSSL_API WOLFSSL_BN_ULONG wolfSSL_BN_mod_word(const WOLFSSL_BIGNUM*,
                                                  WOLFSSL_BN_ULONG);
-WOLFSSL_API int wolfSSL_BN_print_fp(FILE*, const WOLFSSL_BIGNUM*);
+#ifndef NO_FILESYSTEM
+    WOLFSSL_API int wolfSSL_BN_print_fp(FILE*, const WOLFSSL_BIGNUM*);
+#endif
 WOLFSSL_API int wolfSSL_BN_rshift(WOLFSSL_BIGNUM*, const WOLFSSL_BIGNUM*, int);
 WOLFSSL_API WOLFSSL_BIGNUM *wolfSSL_BN_CTX_get(WOLFSSL_BN_CTX *ctx);
 WOLFSSL_API void wolfSSL_BN_CTX_start(WOLFSSL_BN_CTX *ctx);

From e698c12530454e9b52a2e2877c290e0c955e217f Mon Sep 17 00:00:00 2001
From: kaleb-himes <kaleb@wolfssl.com>
Date: Thu, 16 Jul 2015 15:31:36 -0600
Subject: [PATCH 205/350] ecc_encrypt + hkdf requires aes

---
 configure.ac | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/configure.ac b/configure.ac
index 7bb1b769f..63b2fca90 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1000,6 +1000,10 @@ AC_ARG_ENABLE([aes],
 if test "$ENABLED_AES" = "no"
 then
     AM_CFLAGS="$AM_CFLAGS -DNO_AES"
+    if test "$ENABLED_ECC_ENCRYPT" = "yes"
+    then
+        AC_MSG_ERROR([cannot enable eccencrypt and hkdf without aes.])
+    fi
     if test "$ENABLED_AESGCM" = "yes"
     then
         AC_MSG_ERROR([AESGCM requires AES.])

From 5409c171e44f5341d23a99df1f3a2f6fcb217c02 Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Thu, 16 Jul 2015 16:38:48 -0700
Subject: [PATCH 206/350] In wolfSSL_BN_mod_word, typecast error code to a
 unsigned output like in emulated function.

---
 src/ssl.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/ssl.c b/src/ssl.c
index e15d574fa..d00ed60ac 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -11553,25 +11553,25 @@ WOLFSSL_BN_ULONG wolfSSL_BN_mod_word(const WOLFSSL_BIGNUM *bn,
 
     if (bn == NULL || bn->internal == NULL) {
         WOLFSSL_MSG("bn NULL error");
-        return SSL_FATAL_ERROR;
+        return (WOLFSSL_BN_ULONG)SSL_FATAL_ERROR;
     }
 
     if (mp_init_multi(&mod, &res, NULL, NULL, NULL, NULL) != MP_OKAY) {
         WOLFSSL_MSG("mp_init error");
-        return SSL_FATAL_ERROR;
+        return (WOLFSSL_BN_ULONG)SSL_FATAL_ERROR;
     }
 
     if (mp_set_int(&mod, w) != MP_OKAY) {
         WOLFSSL_MSG("mp_set_int error");
         mp_clear(&mod);
-        return SSL_FATAL_ERROR;
+        return (WOLFSSL_BN_ULONG)SSL_FATAL_ERROR;
     }
 
     if (mp_mod((mp_int*)bn->internal, &mod, &res) != MP_OKAY) {
         WOLFSSL_MSG("mp_add_d error");
         mp_clear(&mod);
         mp_clear(&res);
-        return SSL_FATAL_ERROR;
+        return (WOLFSSL_BN_ULONG)SSL_FATAL_ERROR;
     }
 
     ret = res.dp[0];

From 9b81e41856fccb3a8ebbbd392476584f9edb491c Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Thu, 16 Jul 2015 16:46:37 -0700
Subject: [PATCH 207/350] merge pull request 96

---
 configure.ac               |   9 +-
 src/ssl.c                  | 290 +++++++++++++++++--------------------
 wolfcrypt/src/coding.c     |  28 ++--
 wolfssl/openssl/ssl.h      |  33 +++--
 wolfssl/ssl.h              |  41 +++---
 wolfssl/wolfcrypt/coding.h |   6 +
 6 files changed, 200 insertions(+), 207 deletions(-)

diff --git a/configure.ac b/configure.ac
index 63b2fca90..96b6b4e39 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1730,7 +1730,7 @@ then
     # For now, requires no fastmath, turn off if on
     if test "x$ENABLED_FASTMATH" = "xyes"
     then
-        ENABLED_FASTMATH = "no"
+        ENABLED_FASTMATH="no"
     fi
 
     # Requires sessioncerts make sure on
@@ -1740,6 +1740,13 @@ then
         AM_CFLAGS="$AM_CFLAGS -DSESSION_CERTS"
     fi
 
+    # Requires crls, make sure on
+    if test "x$ENABLED_CRL" = "xno"
+    then
+        ENABLED_CRL="yes"
+        AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL"
+        AM_CONDITIONAL([BUILD_CRL], [test "x$ENABLED_CRL" = "xyes"])
+    fi
     AM_CFLAGS="$AM_CFLAGS -DHAVE_STUNNEL"
 fi
 
diff --git a/src/ssl.c b/src/ssl.c
index e15d574fa..86fa7f8f4 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -7109,8 +7109,14 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
 
     void wolfSSL_set_shutdown(WOLFSSL* ssl, int opt)
     {
-        (void)ssl;
-        (void)opt;
+        WOLFSSL_ENTER("wolfSSL_set_shutdown");
+        if(ssl==NULL) {
+            WOLFSSL_MSG("Shutdown not set. ssl is null");
+            return;
+        }
+
+        ssl->options.sentNotify =  (opt&SSL_SENT_SHUTDOWN) > 0;
+        ssl->options.closeNotify = (opt&SSL_RECEIVED_SHUTDOWN) > 0;
     }
 
 
@@ -9490,9 +9496,14 @@ void wolfSSL_set_connect_state(WOLFSSL* ssl)
 
 int wolfSSL_get_shutdown(const WOLFSSL* ssl)
 {
+    WOLFSSL_ENTER("wolfSSL_get_shutdown");
+#ifdef HAVE_STUNNEL
+    return (ssl->options.sentNotify << 1) | (ssl->options.closeNotify);
+#else
     return (ssl->options.isClosed  ||
             ssl->options.connReset ||
             ssl->options.sentNotify);
+#endif
 }
 
 
@@ -10274,7 +10285,7 @@ int wolfSSL_X509_STORE_CTX_init(WOLFSSL_X509_STORE_CTX* ctx,
      WOLFSSL_X509_STORE* store, WOLFSSL_X509* x509, STACK_OF(WOLFSSL_X509)* sk)
 {
     (void)sk;
-    WOLFSSL_ENTER(__func__);
+    WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_init");
     if (ctx != NULL) {
         ctx->store = store;
         ctx->current_cert = x509;
@@ -10461,7 +10472,7 @@ long wolfSSL_ASN1_INTEGER_get(const WOLFSSL_ASN1_INTEGER* i)
 
 void* wolfSSL_X509_STORE_CTX_get_ex_data(WOLFSSL_X509_STORE_CTX* ctx, int idx)
 {
-    WOLFSSL_ENTER(__func__);
+    WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_get_ex_data");
 #if defined(FORTRESS) || defined(HAVE_STUNNEL)
     if (ctx != NULL && idx == 0)
         return ctx->ex_data;
@@ -10475,7 +10486,7 @@ void* wolfSSL_X509_STORE_CTX_get_ex_data(WOLFSSL_X509_STORE_CTX* ctx, int idx)
 
 int wolfSSL_get_ex_data_X509_STORE_CTX_idx(void)
 {
-    WOLFSSL_ENTER(__func__);
+    WOLFSSL_ENTER("wolfSSL_get_ex_data_X509_STORE_CTX_idx");
     return 0;
 }
 
@@ -15106,32 +15117,24 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl)
         return NULL;
     }
 
-    char WOLFSSL_CTX_use_certificate(WOLFSSL_CTX *ctx, WOLFSSL_X509 *x) {
+    char wolfSSL_CTX_use_certificate(WOLFSSL_CTX *ctx, WOLFSSL_X509 *x) {
         (void)ctx;
         (void)x;
-        WOLFSSL_ENTER("WOLFSSL_CTX_use_certificate");
-        WOLFSSL_STUB("WOLFSSL_CTX_use_certificate");
+        WOLFSSL_ENTER("wolfSSL_CTX_use_certificate");
+        WOLFSSL_STUB("wolfSSL_CTX_use_certificate");
 
         return 0;
     }
 
-    int WOLFSSL_CTX_use_PrivateKey(WOLFSSL_CTX *ctx, WOLFSSL_EVP_PKEY *pkey) {
+    int wolfSSL_CTX_use_PrivateKey(WOLFSSL_CTX *ctx, WOLFSSL_EVP_PKEY *pkey) {
         (void)ctx;
         (void)pkey;
-        WOLFSSL_ENTER("WOLFSSL_CTX_use_PrivateKey");
-        WOLFSSL_STUB("WOLFSSL_CTX_use_PrivateKey");
+        WOLFSSL_ENTER("wolfSSL_CTX_use_PrivateKey");
+        WOLFSSL_STUB("wolfSSL_CTX_use_PrivateKey");
 
         return 0;
     }
 
-    WOLFSSL_BIO *wolfSSL_BIO_new_file(const char *filename, const char *mode) {
-        (void)filename;
-        (void)mode;
-        WOLFSSL_ENTER("wolfSSL_BIO_new_file");
-        WOLFSSL_STUB("wolfSSL_BIO_new_file");
-
-        return NULL;
-    }
 
     int wolfSSL_BIO_read_filename(WOLFSSL_BIO *b, const char *name) {
         (void)b;
@@ -15142,9 +15145,9 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl)
         return 0;
     }
 
-    WOLFSSL_BIO_METHOD* WOLFSSL_BIO_s_file(void) {
-        WOLFSSL_ENTER("WOLFSSL_BIO_s_file");
-        WOLFSSL_STUB("WOLFSSL_BIO_s_file");
+    WOLFSSL_BIO_METHOD* wolfSSL_BIO_s_file(void) {
+        WOLFSSL_ENTER("wolfSSL_BIO_s_file");
+        WOLFSSL_STUB("wolfSSL_BIO_s_file");
 
         return NULL;
     }
@@ -15173,16 +15176,6 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl)
         return 0;
     }
 
-    WOLFSSL_DH *PEM_read_bio_DHparams(WOLFSSL_BIO *bp, WOLFSSL_DH **x, pem_password_cb *cb, void *u) {
-        (void)bp;
-        (void)x;
-        (void)cb;
-        (void)u;
-        WOLFSSL_ENTER("PEM_read_bio_DHparams");
-        WOLFSSL_STUB("PEM_read_bio_DHparams");
-
-        return NULL;
-    }
 
     WOLFSSL_X509 *PEM_read_bio_WOLFSSL_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u) {
         (void)bp;
@@ -15195,24 +15188,6 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl)
         return NULL;
     }
 
-    int PEM_write_bio_WOLFSSL_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 *x) {
-        (void)bp;
-        (void)x;
-        WOLFSSL_ENTER("PEM_write_bio_WOLFSSL_X509");
-        WOLFSSL_STUB("PEM_write_bio_WOLFSSL_X509");
-
-        return 0;
-    }
-
-    long WOLFSSL_CTX_set_tmp_dh(WOLFSSL_CTX *ctx, WOLFSSL_DH *dh) {
-        (void)ctx;
-        (void)dh;
-        WOLFSSL_ENTER("WOLFSSL_CTX_set_tmp_dh");
-        WOLFSSL_STUB("WOLFSSL_CTX_set_tmp_dh");
-
-        return 0;
-    }
-
     void wolfSSL_CTX_set_verify_depth(WOLFSSL_CTX *ctx, int depth) {
         (void)ctx;
         (void)depth;
@@ -15221,44 +15196,44 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl)
 
     }
 
-    void* WOLFSSL_get_app_data( const WOLFSSL *ssl)
+    void* wolfSSL_get_app_data( const WOLFSSL *ssl)
     {
         /* checkout exdata stuff... */
         (void)ssl;
-        WOLFSSL_ENTER("WOLFSSL_get_app_data");
-        WOLFSSL_STUB("WOLFSSL_get_app_data");
+        WOLFSSL_ENTER("wolfSSL_get_app_data");
+        WOLFSSL_STUB("wolfSSL_get_app_data");
 
         return 0;
     }
 
-    void WOLFSSL_set_app_data(WOLFSSL *ssl, void *arg) {
+    void wolfSSL_set_app_data(WOLFSSL *ssl, void *arg) {
         (void)ssl;
         (void)arg;
-        WOLFSSL_ENTER("WOLFSSL_set_app_data");
-        WOLFSSL_STUB("WOLFSSL_set_app_data");
+        WOLFSSL_ENTER("wolfSSL_set_app_data");
+        WOLFSSL_STUB("wolfSSL_set_app_data");
     }
 
-    WOLFSSL_ASN1_OBJECT * WOLFSSL_X509_NAME_ENTRY_get_object(WOLFSSL_X509_NAME_ENTRY *ne) {
+    WOLFSSL_ASN1_OBJECT * wolfSSL_X509_NAME_ENTRY_get_object(WOLFSSL_X509_NAME_ENTRY *ne) {
         (void)ne;
-        WOLFSSL_ENTER("WOLFSSL_X509_NAME_ENTRY_get_object");
-        WOLFSSL_STUB("WOLFSSL_X509_NAME_ENTRY_get_object");
+        WOLFSSL_ENTER("wolfSSL_X509_NAME_ENTRY_get_object");
+        WOLFSSL_STUB("wolfSSL_X509_NAME_ENTRY_get_object");
 
         return NULL;
     }
 
-    WOLFSSL_X509_NAME_ENTRY *WOLFSSL_X509_NAME_get_entry(WOLFSSL_X509_NAME *name, int loc) {
+    WOLFSSL_X509_NAME_ENTRY *wolfSSL_X509_NAME_get_entry(WOLFSSL_X509_NAME *name, int loc) {
         (void)name;
         (void)loc;
-        WOLFSSL_ENTER("WOLFSSL_X509_NAME_get_entry");
-        WOLFSSL_STUB("WOLFSSL_X509_NAME_get_entry");
+        WOLFSSL_ENTER("wolfSSL_X509_NAME_get_entry");
+        WOLFSSL_STUB("wolfSSL_X509_NAME_get_entry");
 
         return NULL;
     }
 
-    void WOLFSSL_X509_NAME_free(WOLFSSL_X509_NAME *name){
+    void wolfSSL_X509_NAME_free(WOLFSSL_X509_NAME *name){
         FreeX509Name(name);
-        WOLFSSL_ENTER("WOLFSSL_X509_NAME_free");
-        WOLFSSL_STUB("WOLFSSL_X509_NAME_free");
+        WOLFSSL_ENTER("wolfSSL_X509_NAME_free");
+        WOLFSSL_STUB("wolfSSL_X509_NAME_free");
     }
 
     void wolfSSL_sk_X509_NAME_pop_free(STACK_OF(WOLFSSL_X509_NAME)* sk, void f (WOLFSSL_X509_NAME*)){
@@ -15292,7 +15267,7 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl)
 #ifdef OPENSSL_EXTRA
 void* wolfSSL_CTX_get_ex_data(const WOLFSSL_CTX* ctx, int idx)
 {
-    WOLFSSL_ENTER(__func__);
+    WOLFSSL_ENTER("wolfSSL_CTX_get_ex_data");
     #ifdef HAVE_STUNNEL
     if(ctx != NULL && idx < MAX_EX_DATA) {
         return ctx->ex_data[idx];
@@ -15308,7 +15283,7 @@ void* wolfSSL_CTX_get_ex_data(const WOLFSSL_CTX* ctx, int idx)
 int wolfSSL_CTX_get_ex_new_index(long idx, void* arg, void* a, void* b,
                                 void* c)
 {
-    WOLFSSL_ENTER(__func__);
+    WOLFSSL_ENTER("wolfSSL_CTX_get_ex_new_index");
     (void)idx;
     (void)arg;
     (void)a;
@@ -15320,7 +15295,7 @@ int wolfSSL_CTX_get_ex_new_index(long idx, void* arg, void* a, void* b,
 
 int wolfSSL_CTX_set_ex_data(WOLFSSL_CTX* ctx, int idx, void* data)
 {
-    WOLFSSL_ENTER(__func__);
+    WOLFSSL_ENTER("wolfSSL_CTX_set_ex_data");
     #ifdef HAVE_STUNNEL
     if (ctx != NULL && idx < MAX_EX_DATA)
     {
@@ -15338,7 +15313,7 @@ int wolfSSL_CTX_set_ex_data(WOLFSSL_CTX* ctx, int idx, void* data)
 
 int wolfSSL_set_ex_data(WOLFSSL* ssl, int idx, void* data)
 {
-    WOLFSSL_ENTER(__func__);
+    WOLFSSL_ENTER("wolfSSL_set_ex_data");
 #if defined(FORTRESS) || defined(HAVE_STUNNEL)
     if (ssl != NULL && idx < MAX_EX_DATA)
     {
@@ -15357,7 +15332,7 @@ int wolfSSL_set_ex_data(WOLFSSL* ssl, int idx, void* data)
 int wolfSSL_get_ex_new_index(long idx, void* data, void* cb1, void* cb2,
                          void* cb3)
 {
-    WOLFSSL_ENTER(__func__);
+    WOLFSSL_ENTER("wolfSSL_get_ex_new_index");
     (void)idx;
     (void)data;
     (void)cb1;
@@ -15369,7 +15344,7 @@ int wolfSSL_get_ex_new_index(long idx, void* data, void* cb1, void* cb2,
 
 void* wolfSSL_get_ex_data(const WOLFSSL* ssl, int idx)
 {
-    WOLFSSL_ENTER(__func__);
+    WOLFSSL_ENTER("wolfSSL_get_ex_data");
 #if defined(FORTRESS) || defined(HAVE_STUNNEL)
     if (ssl != NULL && idx < MAX_EX_DATA)
         return ssl->ex_data[idx];
@@ -15382,22 +15357,94 @@ void* wolfSSL_get_ex_data(const WOLFSSL* ssl, int idx)
 #endif /* OPENSSL_EXTRA */
 
 
+#if defined(HAVE_LIGHTY) || defined(HAVE_STUNNEL)
+WOLFSSL_BIO *wolfSSL_BIO_new_file(const char *filename, const char *mode) {
+    (void)filename;
+    (void)mode;
+    WOLFSSL_ENTER("wolfSSL_BIO_new_file");
+    WOLFSSL_STUB("wolfSSL_BIO_new_file");
+
+    return NULL;
+}
+
+
+WOLFSSL_DH *wolfSSL_PEM_read_bio_DHparams(WOLFSSL_BIO *bp, WOLFSSL_DH **x, pem_password_cb *cb, void *u)
+{
+    (void) bp;
+    (void) x;
+    (void) cb;
+    (void) u;
+
+    WOLFSSL_ENTER("wolfSSL_PEM_read_bio_DHparams");
+    WOLFSSL_STUB("wolfSSL_PEM_read_bio_DHparams");
+
+    return NULL;
+}
+
+int PEM_write_bio_WOLFSSL_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 *x) {
+    (void)bp;
+    (void)x;
+    WOLFSSL_ENTER("PEM_write_bio_WOLFSSL_X509");
+    WOLFSSL_STUB("PEM_write_bio_WOLFSSL_X509");
+
+    return 0;
+}
+
+
+#ifndef NO_DH
+/* Intialize ctx->dh with dh's params. Return SSL_SUCCESS on ok */
+long wolfSSL_CTX_set_tmp_dh(WOLFSSL_CTX* ctx, WOLFSSL_DH* dh)
+{
+    int pSz, gSz;
+    byte *p, *g;
+    int ret=0;
+
+    WOLFSSL_ENTER("wolfSSL_CTX_set_tmp_dh");
+
+    if(!ctx || !dh)
+        return BAD_FUNC_ARG;
+
+    /* Get needed size for p and g */
+    pSz = wolfSSL_BN_bn2bin(dh->p, NULL);
+    gSz = wolfSSL_BN_bn2bin(dh->g, NULL);
+
+    if(pSz <= 0 || gSz <= 0)
+        return SSL_FATAL_ERROR;
+
+    p = XMALLOC(pSz, ctx->heap, DYNAMIC_TYPE_DH);
+    if(!p)
+        return MEMORY_E;
+
+    g = XMALLOC(gSz, ctx->heap, DYNAMIC_TYPE_DH);
+    if(!g) {
+        XFREE(p, ctx->heap, DYNAMIC_TYPE_DH);
+        return MEMORY_E;
+    }
+
+    pSz = wolfSSL_BN_bn2bin(dh->p, p);
+    gSz = wolfSSL_BN_bn2bin(dh->g, g);
+
+    if(pSz >= 0 && gSz >= 0) /* Conversion successful */
+        ret = wolfSSL_CTX_SetTmpDH(ctx, p, pSz, g, gSz);
+
+    XFREE(p, ctx->heap, DYNAMIC_TYPE_DH);
+    XFREE(g, ctx->heap, DYNAMIC_TYPE_DH);
+
+    return pSz > 0 && gSz > 0 ? ret : SSL_FATAL_ERROR;
+}
+#endif /* NO_DH */
+#endif /* HAVE_LIGHTY || HAVE_STUNNEL */
+
 
 /* stunnel compatability functions*/
 #if defined(OPENSSL_EXTRA) && defined(HAVE_STUNNEL)
 int wolfSSL_SESSION_set_ex_data(WOLFSSL_SESSION* session, int idx, void* data)
 {
-    WOLFSSL_ENTER(__func__);
-    #ifdef HAVE_STUNNEL
+    WOLFSSL_ENTER("wolfSSL_SESSION_set_ex_data");
     if(session != NULL && idx < MAX_EX_DATA) {
         session->ex_data[idx] = data;
         return SSL_SUCCESS;
     }
-    #else
-    (void)session;
-    (void)idx;
-    (void)data;
-    #endif
     return SSL_FAILURE;
 }
 
@@ -15405,43 +15452,26 @@ int wolfSSL_SESSION_set_ex_data(WOLFSSL_SESSION* session, int idx, void* data)
 int wolfSSL_SESSION_get_ex_new_index(long idx, void* data, void* cb1,
        void* cb2, void* cb3)
 {
-    WOLFSSL_ENTER(__func__);
+    WOLFSSL_ENTER("wolfSSL_SESSION_get_ex_new_index");
     (void)idx;
     (void)cb1;
     (void)cb2;
     (void)cb3;
-    #ifdef HAVE_STUNNEL
     if(XSTRNCMP(data, "redirect index", 14) == 0) {
         return 0;
     }
     else if(XSTRNCMP(data, "addr index", 10) == 0) {
         return 1;
     }
-    #else
-    (void)data;
-    #endif
     return SSL_FAILURE;
 }
 
 
 void* wolfSSL_SESSION_get_ex_data(const WOLFSSL_SESSION* session, int idx)
 {
-    WOLFSSL_ENTER(__func__);
-    #ifdef HAVE_STUNNEL
+    WOLFSSL_ENTER("wolfSSL_SESSION_get_ex_data");
     if (session != NULL && idx < MAX_EX_DATA)
         return session->ex_data[idx];
-    #else
-    (void)session;
-    (void)idx;
-    #endif 
-    return NULL;
-}
-
-
-WOLFSSL_BIO *wolfSSL_BIO_new_file(const char *filename, const char *mode)
-{
-    (void) filename;
-    (void) mode;
     return NULL;
 }
 
@@ -15489,25 +15519,6 @@ int wolfSSL_FIPS_mode_set(int r)
 }
 
 
-WOLFSSL_DH *wolfSSL_PEM_read_bio_DHparams(WOLFSSL_BIO *bp, WOLFSSL_DH **x, pem_password_cb *cb, void *u)
-{
-    (void) bp;
-    (void) x;
-    (void) cb;
-    (void) u;
-
-    return NULL;
-}
-
-
-int wolfSSL_PEM_write_bio_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 *x)
-{
-    (void) bp;
-    (void) x;
-    return SSL_FAILURE;
-}
-
-
 int wolfSSL_RAND_set_rand_method(const void *meth)
 {
     (void) meth;
@@ -15517,13 +15528,14 @@ int wolfSSL_RAND_set_rand_method(const void *meth)
 
 int wolfSSL_CIPHER_get_bits(const WOLFSSL_CIPHER *c, int *alg_bits)
 {
+    int ret = SSL_FAILURE;
     if(c != NULL && c->ssl != NULL) {
+        ret = 8 * c->ssl->specs.key_size;
         if(alg_bits != NULL) {
-            *alg_bits = 8 * c->ssl->specs.key_size;
+            *alg_bits = ret;
         }
-        return 8 * c->ssl->specs.key_size;
     }
-    return SSL_FAILURE;
+    return ret;
 }
 
 
@@ -15643,47 +15655,13 @@ int wolfSSL_X509_NAME_get_sz(WOLFSSL_X509_NAME* name)
     return name->sz;
 }
 
-#ifndef NO_DH
-/* Intialize ctx->dh with dh's params. Return SSL_SUCCESS on ok */
-long wolfSSL_CTX_set_tmp_dh(WOLFSSL_CTX* ctx, WOLFSSL_DH* dh)
-{
-    int pSz, gSz;
-    byte *p, *g;
-    int ret=0;
-
-    pSz = wolfSSL_BN_bn2bin(dh->p, NULL);
-    gSz = wolfSSL_BN_bn2bin(dh->g, NULL);
-
-    p = XMALLOC(pSz, ctx->heap, DYNAMIC_TYPE_DH);
-    if(!p)
-        return MEMORY_E;
-
-    g = XMALLOC(gSz, ctx->heap, DYNAMIC_TYPE_DH);
-    if(!g) {
-        XFREE(p, ctx->heap, DYNAMIC_TYPE_DH);
-        return MEMORY_E;
-    }
-
-    pSz = wolfSSL_BN_bn2bin(dh->p, p);
-    gSz = wolfSSL_BN_bn2bin(dh->g, g);
-
-    if(pSz != SSL_FATAL_ERROR && gSz != SSL_FATAL_ERROR)
-        ret = wolfSSL_CTX_SetTmpDH(ctx, p, pSz, g, gSz);
-
-    if(p)
-        XFREE(p, ctx->heap, DYNAMIC_TYPE_DH);
-    if(g)
-        XFREE(g, ctx->heap, DYNAMIC_TYPE_DH);
-
-    return pSz > 0 && gSz > 0 ? SSL_FATAL_ERROR : ret;
-}
-#endif /* NO_DH */
-
 
 const byte* wolfSSL_SESSION_get_id(WOLFSSL_SESSION* sess, unsigned int* idLen)
 {
-    if(!sess)
+    if(!sess || !idLen) {
+        WOLFSSL_MSG("Bad func args. Please provide idLen");
         return NULL;
+    }
     *idLen = sess->sessionIDSz;
     return sess->sessionID;
 }
diff --git a/wolfcrypt/src/coding.c b/wolfcrypt/src/coding.c
index 61c78b1dc..f4d919255 100644
--- a/wolfcrypt/src/coding.c
+++ b/wolfcrypt/src/coding.c
@@ -167,7 +167,7 @@ static int CEscape(int escaped, byte e, byte* out, word32* i, word32 max,
         basic = base64Encode[e];
 
     /* check whether to escape. Only escape for EncodeEsc */
-    if (escaped == 1) {
+    if (escaped == WC_ESC_NL_ENC) {
         switch ((char)basic) {
             case '+' :
                 plus     = 1;
@@ -235,9 +235,9 @@ static int DoBase64_Encode(const byte* in, word32 inLen, byte* out,
     word32 outSz = (inLen + 3 - 1) / 3 * 4;
     word32 addSz = (outSz + PEM_LINE_SZ - 1) / PEM_LINE_SZ;  /* new lines */
 
-    if (escaped == 1)
+    if (escaped == WC_ESC_NL_ENC)
         addSz *= 3;   /* instead of just \n, we're doing %0A triplet */
-    else if (escaped == 2)
+    else if (escaped == WC_NO_NL_ENC)
         addSz = 0;    /* encode without \n */
 
     outSz += addSz;
@@ -245,7 +245,7 @@ static int DoBase64_Encode(const byte* in, word32 inLen, byte* out,
     /* if escaped we can't predetermine size for one pass encoding, but
      * make sure we have enough if no escapes are in input */
     if (outSz > *outLen) return BAD_FUNC_ARG;
-    
+
     while (inLen > 2) {
         byte b1 = in[j++];
         byte b2 = in[j++];
@@ -270,7 +270,7 @@ static int DoBase64_Encode(const byte* in, word32 inLen, byte* out,
         inLen -= 3;
 
         /* Insert newline after PEM_LINE_SZ, unless no \n requested */
-        if (escaped != 2 && (++n % (PEM_LINE_SZ / 4)) == 0 && inLen) {
+        if (escaped != WC_NO_NL_ENC && (++n % (PEM_LINE_SZ/4)) == 0 && inLen){
             ret = CEscape(escaped, '\n', out, &i, *outLen, 1);
             if (ret != 0) break;
         }
@@ -288,47 +288,47 @@ static int DoBase64_Encode(const byte* in, word32 inLen, byte* out,
         byte e3 = (byte)((b2 & 0xF) << 2);
 
         ret = CEscape(escaped, e1, out, &i, *outLen, 0);
-        if (ret == 0) 
+        if (ret == 0)
             ret = CEscape(escaped, e2, out, &i, *outLen, 0);
         if (ret == 0) {
             /* third */
             if (twoBytes)
                 ret = CEscape(escaped, e3, out, &i, *outLen, 0);
-            else 
+            else
                 ret = CEscape(escaped, '=', out, &i, *outLen, 1);
         }
         /* fourth always pad */
         if (ret == 0)
             ret = CEscape(escaped, '=', out, &i, *outLen, 1);
-    } 
+    }
 
-    if (ret == 0 && escaped != 2) 
+    if (ret == 0 && escaped != WC_NO_NL_ENC)
         ret = CEscape(escaped, '\n', out, &i, *outLen, 1);
 
     if (i != outSz && escaped != 1 && ret == 0)
-        return ASN_INPUT_E; 
+        return ASN_INPUT_E;
 
     *outLen = i;
-    return ret; 
+    return ret;
 }
 
 
 /* Base64 Encode, PEM style, with \n line endings */
 int Base64_Encode(const byte* in, word32 inLen, byte* out, word32* outLen)
 {
-    return DoBase64_Encode(in, inLen, out, outLen, 0);
+    return DoBase64_Encode(in, inLen, out, outLen, WC_STD_ENC);
 }
 
 
 /* Base64 Encode, with %0A esacped line endings instead of \n */
 int Base64_EncodeEsc(const byte* in, word32 inLen, byte* out, word32* outLen)
 {
-    return DoBase64_Encode(in, inLen, out, outLen, 1);
+    return DoBase64_Encode(in, inLen, out, outLen, WC_ESC_NL_ENC);
 }
 
 int Base64_Encode_NoNl(const byte* in, word32 inLen, byte* out, word32* outLen)
 {
-    return DoBase64_Encode(in, inLen, out, outLen, 2);
+    return DoBase64_Encode(in, inLen, out, outLen, WC_NO_NL_ENC);
 }
 
 #endif  /* defined(WOLFSSL_BASE64_ENCODE) */
diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h
index 1613448c7..80864e824 100644
--- a/wolfssl/openssl/ssl.h
+++ b/wolfssl/openssl/ssl.h
@@ -408,25 +408,21 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX;
 typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY;
 
 #define SSL_CB_HANDSHAKE_START          0x10
-#define X509_NAME_free WOLFSSL_X509_NAME_free
-#define SSL_CTX_use_certificate WOLFSSL_CTX_use_certificate
-#define SSL_CTX_use_PrivateKey WOLFSSL_CTX_use_PrivateKey
-#define BIO_new_file wolfSSL_BIO_new_file
+#define X509_NAME_free wolfSSL_X509_NAME_free
+#define SSL_CTX_use_certificate wolfSSL_CTX_use_certificate
+#define SSL_CTX_use_PrivateKey wolfSSL_CTX_use_PrivateKey
 #define BIO_read_filename wolfSSL_BIO_read_filename
-#define BIO_s_file WOLFSSL_BIO_s_file
+#define BIO_s_file wolfSSL_BIO_s_file
 #define OBJ_nid2sn wolf_OBJ_nid2sn
 #define OBJ_obj2nid wolf_OBJ_obj2nid
 #define OBJ_sn2nid wolf_OBJ_sn2nid
-#define PEM_read_bio_DHparams PEM_read_bio_DHparams
 #define PEM_read_bio_X509 PEM_read_bio_WOLFSSL_X509
-#define PEM_write_bio_X509 PEM_write_bio_WOLFSSL_X509
-#define SSL_CTX_set_tmp_dh WOLFSSL_CTX_set_tmp_dh
 #define SSL_CTX_set_verify_depth wolfSSL_CTX_set_verify_depth
-#define SSL_get_app_data WOLFSSL_get_app_data
-#define SSL_set_app_data WOLFSSL_set_app_data
+#define SSL_get_app_data wolfSSL_get_app_data
+#define SSL_set_app_data wolfSSL_set_app_data
 #define X509_NAME_entry_count wolfSSL_X509_NAME_entry_count
-#define X509_NAME_ENTRY_get_object WOLFSSL_X509_NAME_ENTRY_get_object
-#define X509_NAME_get_entry WOLFSSL_X509_NAME_get_entry
+#define X509_NAME_ENTRY_get_object wolfSSL_X509_NAME_ENTRY_get_object
+#define X509_NAME_get_entry wolfSSL_X509_NAME_get_entry
 #define sk_X509_NAME_pop_free  wolfSSL_sk_X509_NAME_pop_free
 #define SHA1 wolfSSL_SHA1
 #define X509_check_private_key wolfSSL_X509_check_private_key
@@ -434,6 +430,15 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY;
 
 #endif
 
+#if defined(HAVE_STUNNEL) || defined(HAVE_LIGHTY)
+
+#define PEM_read_bio_DHparams wolfSSL_PEM_read_bio_DHparams
+#define PEM_write_bio_X509 PEM_write_bio_WOLFSSL_X509
+#define SSL_CTX_set_tmp_dh wolfSSL_CTX_set_tmp_dh
+#define BIO_new_file wolfSSL_BIO_new_file
+
+
+#endif /* HAVE_STUNNEL || HAVE_LIGHTY */
 
 #ifdef HAVE_STUNNEL
 #include <wolfssl/openssl/asn1.h>
@@ -449,9 +454,6 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY;
 #define ASN1_STRFLGS_ESC_MSB             4
 #define X509_V_ERR_CERT_REJECTED         28
 
-#define BIO_new_file                     wolfSSL_BIO_new_file
-#define PEM_read_bio_DHparams            wolfSSL_PEM_read_bio_DHparams
-#define PEM_write_bio_X509               wolfSSL_PEM_write_bio_X509
 #define SSL_alert_desc_string_long       wolfSSL_alert_desc_string_long
 #define SSL_alert_type_string_long       wolfSSL_alert_type_string_long
 #define SSL_CIPHER_get_bits              wolfSSL_CIPHER_get_bits
@@ -464,7 +466,6 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY;
 #define SSL_CTX_flush_sessions           wolfSSL_flush_sessions
 #define SSL_CTX_add_session              wolfSSL_CTX_add_session
 #define SSL_get_SSL_CTX                  wolfSSL_get_SSL_CTX
-#define SSL_CTX_set_tmp_dh               wolfSSL_CTX_set_tmp_dh
 #define SSL_version                      wolfSSL_version
 #define SSL_get_state                    wolfSSL_get_state
 #define SSL_state_string_long            wolfSSL_state_string_long
diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h
index 465647a1a..397a91b68 100644
--- a/wolfssl/ssl.h
+++ b/wolfssl/ssl.h
@@ -1513,26 +1513,23 @@ typedef struct WOLFSSL_X509_NAME_ENTRY {
 
 
 #include <wolfssl/openssl/dh.h>
+#include <wolfssl/openssl/asn1.h>
 
-WOLFSSL_API void WOLFSSL_X509_NAME_free(WOLFSSL_X509_NAME *name);
-WOLFSSL_API char WOLFSSL_CTX_use_certificate(WOLFSSL_CTX *ctx, WOLFSSL_X509 *x);
-WOLFSSL_API int WOLFSSL_CTX_use_PrivateKey(WOLFSSL_CTX *ctx, WOLFSSL_EVP_PKEY *pkey);
-WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_new_file(const char *filename, const char *mode);
+WOLFSSL_API void wolfSSL_X509_NAME_free(WOLFSSL_X509_NAME *name);
+WOLFSSL_API char wolfSSL_CTX_use_certificate(WOLFSSL_CTX *ctx, WOLFSSL_X509 *x);
+WOLFSSL_API int wolfSSL_CTX_use_PrivateKey(WOLFSSL_CTX *ctx, WOLFSSL_EVP_PKEY *pkey);
 WOLFSSL_API int wolfSSL_BIO_read_filename(WOLFSSL_BIO *b, const char *name);
-WOLFSSL_API WOLFSSL_BIO_METHOD* WOLFSSL_BIO_s_file(void);
+WOLFSSL_API WOLFSSL_BIO_METHOD* wolfSSL_BIO_s_file(void);
 /* These are to be merged shortly */
 WOLFSSL_API const char *  wolf_OBJ_nid2sn(int n);
 WOLFSSL_API int wolf_OBJ_obj2nid(const WOLFSSL_ASN1_OBJECT *o);
 WOLFSSL_API int wolf_OBJ_sn2nid(const char *sn);
-WOLFSSL_API WOLFSSL_DH *PEM_read_bio_DHparams(WOLFSSL_BIO *bp, WOLFSSL_DH **x, pem_password_cb *cb, void *u);
 WOLFSSL_API WOLFSSL_X509 *PEM_read_bio_WOLFSSL_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u);
-WOLFSSL_API int PEM_write_bio_WOLFSSL_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 *x);
-WOLFSSL_API long WOLFSSL_CTX_set_tmp_dh(WOLFSSL_CTX *ctx, WOLFSSL_DH *dh);
 WOLFSSL_API void wolfSSL_CTX_set_verify_depth(WOLFSSL_CTX *ctx,int depth);
-WOLFSSL_API void* WOLFSSL_get_app_data( const WOLFSSL *ssl);
-WOLFSSL_API void WOLFSSL_set_app_data(WOLFSSL *ssl, void *arg);
-WOLFSSL_API WOLFSSL_ASN1_OBJECT * WOLFSSL_X509_NAME_ENTRY_get_object(WOLFSSL_X509_NAME_ENTRY *ne);
-WOLFSSL_API WOLFSSL_X509_NAME_ENTRY *WOLFSSL_X509_NAME_get_entry(WOLFSSL_X509_NAME *name, int loc);
+WOLFSSL_API void* wolfSSL_get_app_data( const WOLFSSL *ssl);
+WOLFSSL_API void wolfSSL_set_app_data(WOLFSSL *ssl, void *arg);
+WOLFSSL_API WOLFSSL_ASN1_OBJECT * wolfSSL_X509_NAME_ENTRY_get_object(WOLFSSL_X509_NAME_ENTRY *ne);
+WOLFSSL_API WOLFSSL_X509_NAME_ENTRY *wolfSSL_X509_NAME_get_entry(WOLFSSL_X509_NAME *name, int loc);
 WOLFSSL_API void wolfSSL_sk_X509_NAME_pop_free(STACK_OF(WOLFSSL_X509_NAME)* sk, void f (WOLFSSL_X509_NAME*));
 WOLFSSL_API unsigned char *wolfSSL_SHA1(const unsigned char *d, size_t n, unsigned char *md);
 WOLFSSL_API int wolfSSL_X509_check_private_key(WOLFSSL_X509*, WOLFSSL_EVP_PKEY*);
@@ -1542,12 +1539,22 @@ WOLFSSL_API STACK_OF(WOLFSSL_X509_NAME) *wolfSSL_dup_CA_list( STACK_OF(WOLFSSL_X
 #endif
 #endif
 
+#if defined(HAVE_STUNNEL) || defined(HAVE_LIGHTY)
+
+WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_new_file(const char *filename, const char *mode);
+WOLFSSL_API long wolfSSL_CTX_set_tmp_dh(WOLFSSL_CTX*, WOLFSSL_DH*);
+WOLFSSL_API WOLFSSL_DH *wolfSSL_PEM_read_bio_DHparams(WOLFSSL_BIO *bp,
+    WOLFSSL_DH **x, pem_password_cb *cb, void *u);
+WOLFSSL_API int PEM_write_bio_WOLFSSL_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 *x);
+
+
+#endif /* HAVE_STUNNEL || HAVE_LIGHTY */
+
 
 #ifdef HAVE_STUNNEL
 
-WOLFSSL_API WOLFSSL_BIO *wolfSSL_BIO_new_file(const char *filename, const char *mode);
 
-WOLFSSL_API int wolfSSL_CRYPTO_set_mem_ex_functions(void *(*m) (size_t, const char *, int), 
+WOLFSSL_API int wolfSSL_CRYPTO_set_mem_ex_functions(void *(*m) (size_t, const char *, int),
     void *(*r) (void *, size_t, const char *, int), void (*f) (void *));
 
 WOLFSSL_API WOLFSSL_DH *wolfSSL_DH_generate_parameters(int prime_len, int generator,
@@ -1561,11 +1568,6 @@ WOLFSSL_API int wolfSSL_FIPS_mode(void);
 
 WOLFSSL_API int wolfSSL_FIPS_mode_set(int r);
 
-WOLFSSL_API WOLFSSL_DH *wolfSSL_PEM_read_bio_DHparams(WOLFSSL_BIO *bp, 
-    WOLFSSL_DH **x, pem_password_cb *cb, void *u);
-
-WOLFSSL_API int wolfSSL_PEM_write_bio_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 *x);
-
 WOLFSSL_API int wolfSSL_RAND_set_rand_method(const void *meth);
 
 WOLFSSL_API int wolfSSL_CIPHER_get_bits(const WOLFSSL_CIPHER *c, int *alg_bits);
@@ -1603,7 +1605,6 @@ WOLFSSL_API int wolfSSL_SESSION_get_ex_new_index(long,void*,void*,void*,void*);
 
 WOLFSSL_API int wolfSSL_X509_NAME_get_sz(WOLFSSL_X509_NAME*);
 
-WOLFSSL_API long wolfSSL_CTX_set_tmp_dh(WOLFSSL_CTX*, WOLFSSL_DH*);
 
 WOLFSSL_API const unsigned char* wolfSSL_SESSION_get_id(WOLFSSL_SESSION*, unsigned int*);
 #endif /* HAVE_STUNNEL */
diff --git a/wolfssl/wolfcrypt/coding.h b/wolfssl/wolfcrypt/coding.h
index b92921bd8..cb9bde0b8 100644
--- a/wolfssl/wolfcrypt/coding.h
+++ b/wolfssl/wolfcrypt/coding.h
@@ -41,6 +41,12 @@ WOLFSSL_API int Base64_Decode(const byte* in, word32 inLen, byte* out,
 
 
 #ifdef WOLFSSL_BASE64_ENCODE
+    enum Escaped {
+        WC_STD_ENC = 0,       /* normal \n line ending encoding */
+        WC_ESC_NL_ENC,        /* use escape sequence encoding   */
+        WC_NO_NL_ENC          /* no encoding at all             */
+    }; /* Encoding types */
+
     /* encode isn't */
     WOLFSSL_API
     int Base64_Encode(const byte* in, word32 inLen, byte* out,

From 11f1159e3005a17691d421ce1741ad1335ae35c3 Mon Sep 17 00:00:00 2001
From: kaleb-himes <kaleb@wolfssl.com>
Date: Fri, 17 Jul 2015 09:30:25 -0600
Subject: [PATCH 208/350] fortress relies on aes disallowed pair

---
 configure.ac | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/configure.ac b/configure.ac
index 96b6b4e39..7f132c0f1 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1000,6 +1000,10 @@ AC_ARG_ENABLE([aes],
 if test "$ENABLED_AES" = "no"
 then
     AM_CFLAGS="$AM_CFLAGS -DNO_AES"
+    if test "$ENABLED_FORTRESS" = "yes"
+    then
+        AC_MSG_ERROR([fortress requires aes])
+    fi
     if test "$ENABLED_ECC_ENCRYPT" = "yes"
     then
         AC_MSG_ERROR([cannot enable eccencrypt and hkdf without aes.])

From bae8c6fd504270ce26513bf5e206a1b49ab08a41 Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Fri, 17 Jul 2015 09:14:58 -0700
Subject: [PATCH 209/350] add openssh ./configure build

---
 configure.ac | 53 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 53 insertions(+)

diff --git a/configure.ac b/configure.ac
index 7f132c0f1..7f07764dd 100644
--- a/configure.ac
+++ b/configure.ac
@@ -148,12 +148,24 @@ then
 fi
 
 
+# OpenSSH compatibility Build
+AC_ARG_ENABLE([openssh],
+    [AS_HELP_STRING([--enable-openssh],[Enable OpenSSH compatibility build (default: disabled)])],
+    [ENABLED_OPENSSH=$enableval],
+    [ENABLED_OPENSSH=no])
+
+
 # OPENSSL Extra Compatibility
 AC_ARG_ENABLE([opensslextra],
     [  --enable-opensslextra   Enable extra OpenSSL API, size+ (default: disabled)],
     [ ENABLED_OPENSSLEXTRA=$enableval ],
     [ ENABLED_OPENSSLEXTRA=no ]
     )
+if test "$ENABLED_OPENSSH" = "yes"
+then
+    ENABLED_OPENSSLEXTRA="yes"
+fi
+
 if test "$ENABLED_OPENSSLEXTRA" = "yes"
 then
   AM_CFLAGS="-DOPENSSL_EXTRA $AM_CFLAGS"
@@ -194,6 +206,11 @@ AC_ARG_ENABLE([fortress],
     [ ENABLED_FORTRESS=no ]
     )
 
+if test "$ENABLED_OPENSSH" = "yes"
+then
+    ENABLED_FORTRESS="yes"
+fi
+
 if test "$ENABLED_FORTRESS" = "yes"
 then
     AM_CFLAGS="$AM_CFLAGS -DFORTRESS -DWOLFSSL_ALWAYS_VERIFY_CB -DOPENSSL_EXTRA -DWOLFSSL_DES_ECB -DWOLFSSL_AES_COUNTER -DWOLFSSL_AES_DIRECT -DWOLFSSL_DER_LOAD -DWOLFSSL_SHA512 -DWOLFSSL_SHA384 -DWOLFSSL_KEY_GEN"
@@ -481,6 +498,11 @@ AC_ARG_ENABLE([nullcipher],
     [ ENABLED_NULL_CIPHER=no ]
     )
 
+if test "$ENABLED_OPENSSH" = "yes"
+then
+    ENABLED_NULL_CIPHER="yes"
+fi
+
 if test "$ENABLED_NULL_CIPHER" = "yes"
 then
     AM_CFLAGS="$AM_CFLAGS -DHAVE_NULL_CIPHER"
@@ -493,6 +515,11 @@ AC_ARG_ENABLE([ripemd],
     [ ENABLED_RIPEMD=no ]
     )
 
+if test "$ENABLED_OPENSSH" = "yes"
+then
+    ENABLED_RIPEMD="yes"
+fi
+
 if test "$ENABLED_RIPEMD" = "yes"
 then
     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_RIPEMD"
@@ -536,6 +563,11 @@ then
     ENABLED_SHA512=no
 fi
 
+if test "$ENABLED_OPENSSH" = "yes"
+then
+    ENABLED_SHA512="yes"
+fi
+
 if test "$ENABLED_SHA512" = "yes"
 then
     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA512 -DWOLFSSL_SHA384"
@@ -637,6 +669,11 @@ AC_ARG_ENABLE([dsa],
     [ ENABLED_DSA=no ]
     )
 
+if test "$ENABLED_OPENSSH" = "yes"
+then
+    ENABLED_DSA="yes"
+fi
+
 if test "$ENABLED_DSA" = "no"
 then
     AM_CFLAGS="$AM_CFLAGS -DNO_DSA"
@@ -666,6 +703,11 @@ then
     ENABLED_ECC=no
 fi
 
+if test "$ENABLED_OPENSSH" = "yes"
+then
+    ENABLED_ECC="yes"
+fi
+
 if test "$ENABLED_ECC" = "yes"
 then
     AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC -DTFM_ECC256 -DECC_SHAMIR"
@@ -901,6 +943,11 @@ AC_ARG_ENABLE([dh],
     [ ENABLED_DH=yes ]
     )
 
+if test "$ENABLED_OPENSSH" = "yes"
+then
+    ENABLED_DH="yes"
+fi
+
 if test "$ENABLED_DH" = "no"
 then
     AM_CFLAGS="$AM_CFLAGS -DNO_DH"
@@ -1079,6 +1126,11 @@ AC_ARG_ENABLE([arc4],
     [ ENABLED_ARC4=no ]
     )
 
+if test "$ENABLED_OPENSSH" = "yes"
+then
+    ENABLED_ARC4="yes"
+fi
+
 if test "$ENABLED_ARC4" = "no"
 then
     AM_CFLAGS="$AM_CFLAGS -DNO_RC4"
@@ -2236,6 +2288,7 @@ echo
 echo "   Features "
 echo "   * Single threaded:           $ENABLED_SINGLETHREADED"
 echo "   * Filesystem:                $ENABLED_FILESYSTEM"
+echo "   * OpenSSH Build:             $ENABLED_OPENSSH"
 echo "   * OpenSSL Extra API:         $ENABLED_OPENSSLEXTRA"
 echo "   * Max Strength Build:        $ENABLED_MAXSTRENGTH"
 echo "   * fastmath:                  $ENABLED_FASTMATH"

From cb3873ea03ad3cb4aafea0814a271b33abed6ad3 Mon Sep 17 00:00:00 2001
From: Nickolas Lapp <nick@wolfssl.com>
Date: Fri, 17 Jul 2015 15:05:04 -0600
Subject: [PATCH 210/350] Configure options to allow stunnel to use fastmath

---
 configure.ac | 15 +++------------
 1 file changed, 3 insertions(+), 12 deletions(-)

diff --git a/configure.ac b/configure.ac
index 44779a3f2..2633301eb 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1783,12 +1783,6 @@ then
         ENABLED_CODING="yes"
     fi
 
-    # For now, requires no fastmath, turn off if on
-    if test "x$ENABLED_FASTMATH" = "xyes"
-    then
-        ENABLED_FASTMATH="no"
-    fi
-
     # Requires sessioncerts make sure on
     if test "x$ENABLED_SESSIONCERTS" = "xno"
     then
@@ -1803,7 +1797,8 @@ then
         AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL"
         AM_CONDITIONAL([BUILD_CRL], [test "x$ENABLED_CRL" = "xyes"])
     fi
-    AM_CFLAGS="$AM_CFLAGS -DHAVE_STUNNEL"
+    # Stunnel requires timing resistant for stack reasons
+    AM_CFLAGS="$AM_CFLAGS -DHAVE_STUNNEL -DTFM_TIMING_RESISTANT"
 fi
 
 
@@ -1856,11 +1851,7 @@ FASTMATH_DEFAULT=no
 
 if test "$host_cpu" = "x86_64"
 then
-    # fastmath turned off for stunnel by default
-    if test "x$ENABLED_STUNNEL" = "xno"
-    then
-        FASTMATH_DEFAULT=yes
-    fi
+    FASTMATH_DEFAULT=yes
 fi
 
 # fastmath

From 262f5f87cb72d1f171aadc7157211a826474801d Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Fri, 17 Jul 2015 14:52:03 -0700
Subject: [PATCH 211/350] remove auto timing resistant with stunnel

---
 configure.ac | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/configure.ac b/configure.ac
index 2633301eb..e183a81fb 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1797,8 +1797,7 @@ then
         AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL"
         AM_CONDITIONAL([BUILD_CRL], [test "x$ENABLED_CRL" = "xyes"])
     fi
-    # Stunnel requires timing resistant for stack reasons
-    AM_CFLAGS="$AM_CFLAGS -DHAVE_STUNNEL -DTFM_TIMING_RESISTANT"
+    AM_CFLAGS="$AM_CFLAGS -DHAVE_STUNNEL"
 fi
 
 

From 2d021489b34e6c470fecb8a31b3e541fec66537d Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Fri, 17 Jul 2015 15:37:15 -0700
Subject: [PATCH 212/350] fix SetMinDhKey_Sz() implementation defines

---
 src/ssl.c | 59 +++++++++++++++++++++++++++----------------------------
 1 file changed, 29 insertions(+), 30 deletions(-)

diff --git a/src/ssl.c b/src/ssl.c
index 8132ac566..0b3ed2213 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -521,6 +521,35 @@ int wolfSSL_CTX_SetTmpDH(WOLFSSL_CTX* ctx, const unsigned char* p, int pSz,
     return SSL_SUCCESS;
 }
 
+
+int wolfSSL_CTX_SetMinDhKey_Sz(WOLFSSL_CTX* ctx, word16 keySz)
+{
+    if (ctx == NULL || keySz > 16000 || keySz % 8 != 0)
+        return BAD_FUNC_ARG;
+
+    ctx->minDhKeySz = keySz / 8;
+    return SSL_SUCCESS;
+}
+
+
+int wolfSSL_SetMinDhKey_Sz(WOLFSSL* ssl, word16 keySz)
+{
+    if (ssl == NULL || keySz > 16000 || keySz % 8 != 0)
+        return BAD_FUNC_ARG;
+
+    ssl->options.minDhKeySz = keySz / 8;
+    return SSL_SUCCESS;
+}
+
+
+int wolfSSL_GetDhKey_Sz(WOLFSSL* ssl)
+{
+    if (ssl == NULL)
+        return BAD_FUNC_ARG;
+
+    return (ssl->options.dhKeySz * 8);
+}
+
 #endif /* !NO_DH */
 
 
@@ -4055,36 +4084,6 @@ int wolfSSL_CTX_SetTmpDH_file(WOLFSSL_CTX* ctx, const char* fname, int format)
     return wolfSSL_SetTmpDH_file_wrapper(ctx, NULL, fname, format);
 }
 
-
-int wolfSSL_CTX_SetMinDhKey_Sz(WOLFSSL_CTX* ctx, word16 keySz)
-{
-    if (ctx == NULL || keySz > 16000 || keySz % 8 != 0)
-        return BAD_FUNC_ARG;
-
-    ctx->minDhKeySz = keySz / 8;
-    return SSL_SUCCESS;
-}
-
-
-int wolfSSL_SetMinDhKey_Sz(WOLFSSL* ssl, word16 keySz)
-{
-    if (ssl == NULL || keySz > 16000 || keySz % 8 != 0)
-        return BAD_FUNC_ARG;
-
-    ssl->options.minDhKeySz = keySz / 8;
-    return SSL_SUCCESS;
-}
-
-
-int wolfSSL_GetDhKey_Sz(WOLFSSL* ssl)
-{
-    if (ssl == NULL)
-        return BAD_FUNC_ARG;
-
-    return (ssl->options.dhKeySz * 8);
-}
-
-
 #endif /* NO_DH */
 
 

From 51f177fdb7a813843452e9de3771564748bbbaf2 Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Fri, 17 Jul 2015 15:41:51 -0700
Subject: [PATCH 213/350] bump dev version

---
 configure.ac       | 2 +-
 support/wolfssl.pc | 2 +-
 wolfssl/version.h  | 4 ++--
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/configure.ac b/configure.ac
index e183a81fb..e66b68718 100644
--- a/configure.ac
+++ b/configure.ac
@@ -6,7 +6,7 @@
 #
 #
 
-AC_INIT([wolfssl],[3.6.1],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[http://www.wolfssl.com])
+AC_INIT([wolfssl],[3.6.2],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[http://www.wolfssl.com])
 
 AC_CONFIG_AUX_DIR([build-aux])
 
diff --git a/support/wolfssl.pc b/support/wolfssl.pc
index 024f117ab..f95d19b7a 100644
--- a/support/wolfssl.pc
+++ b/support/wolfssl.pc
@@ -5,6 +5,6 @@ includedir=${prefix}/include
 
 Name: wolfssl
 Description: wolfssl C library.
-Version: 3.6.1
+Version: 3.6.2
 Libs: -L${libdir} -lwolfssl
 Cflags: -I${includedir}
diff --git a/wolfssl/version.h b/wolfssl/version.h
index 6ec106bab..f5a990a10 100644
--- a/wolfssl/version.h
+++ b/wolfssl/version.h
@@ -26,8 +26,8 @@
 extern "C" {
 #endif
 
-#define LIBWOLFSSL_VERSION_STRING "3.6.1"
-#define LIBWOLFSSL_VERSION_HEX 0x03006001
+#define LIBWOLFSSL_VERSION_STRING "3.6.2"
+#define LIBWOLFSSL_VERSION_HEX 0x03006002
 
 #ifdef __cplusplus
 }

From 6d619ade1391309d7c20de2dd8d072d347f9e59b Mon Sep 17 00:00:00 2001
From: Nickolas Lapp <nick@wolfssl.com>
Date: Fri, 17 Jul 2015 17:28:17 -0600
Subject: [PATCH 214/350] Fix stunnel warning

---
 wolfssl/openssl/ssl.h | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h
index 80864e824..e8495535a 100644
--- a/wolfssl/openssl/ssl.h
+++ b/wolfssl/openssl/ssl.h
@@ -476,9 +476,11 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY;
 #define SSL_SESSION_set_ex_data          wolfSSL_SESSION_set_ex_data
 #define SSL_SESSION_get_ex_new_index     wolfSSL_SESSION_get_ex_new_index
 #define SSL_SESSION_get_id               wolfSSL_SESSION_get_id
+#define CRYPTO_dynlock_value             WOLFSSL_dynlock_value
 typedef struct CRYPTO_EX_DATA            CRYPTO_EX_DATA;
 typedef WOLFSSL_ASN1_BIT_STRING    ASN1_BIT_STRING;
 
+
 #endif /* HAVE_STUNNEL */
 
 #ifdef __cplusplus

From a4c7b8eb07144909c3526e75af38ea8831d9518d Mon Sep 17 00:00:00 2001
From: Jacob Barthelmeh <jacob@wolfssl.com>
Date: Fri, 17 Jul 2015 18:19:36 -0600
Subject: [PATCH 215/350] version number to use with Lighttpd compatibility

---
 wolfssl/openssl/opensslv.h | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/wolfssl/openssl/opensslv.h b/wolfssl/openssl/opensslv.h
index 067f22658..e569ec52a 100644
--- a/wolfssl/openssl/opensslv.h
+++ b/wolfssl/openssl/opensslv.h
@@ -5,13 +5,15 @@
 
 
 /* api version compatibility */
-#ifdef HAVE_STUNNEL
+#if defined(HAVE_STUNNEL) || defined(HAVE_LIGHTY)
+     /* version number can be increased for Lighty after compatibility for ECDH
+        is added */
      #define OPENSSL_VERSION_NUMBER 0x0090700fL
 #else
      #define OPENSSL_VERSION_NUMBER 0x0090810fL
 #endif
 
-#define OPENSSL_VERSION_TEXT             LIBWOLFSSL_VERSION_STRING 
+#define OPENSSL_VERSION_TEXT             LIBWOLFSSL_VERSION_STRING
 
 
 #endif /* header */

From 03172818a13dd3a8081b9a8b85460a3feb6d611d Mon Sep 17 00:00:00 2001
From: Nickolas Lapp <nick@wolfssl.com>
Date: Mon, 20 Jul 2015 14:37:57 -0600
Subject: [PATCH 216/350] Changes to remove last warnings from Stunnel

---
 src/ssl.c                | 2 +-
 wolfssl/openssl/crypto.h | 3 +++
 wolfssl/openssl/ssl.h    | 4 +---
 wolfssl/ssl.h            | 4 +++-
 4 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/src/ssl.c b/src/ssl.c
index 0b3ed2213..958a382e9 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -15449,7 +15449,7 @@ int wolfSSL_SESSION_set_ex_data(WOLFSSL_SESSION* session, int idx, void* data)
 
 
 int wolfSSL_SESSION_get_ex_new_index(long idx, void* data, void* cb1,
-       void* cb2, void* cb3)
+       void* cb2, CRYPTO_free_func* cb3)
 {
     WOLFSSL_ENTER("wolfSSL_SESSION_get_ex_new_index");
     (void)idx;
diff --git a/wolfssl/openssl/crypto.h b/wolfssl/openssl/crypto.h
index 97360408b..034b1cfe1 100644
--- a/wolfssl/openssl/crypto.h
+++ b/wolfssl/openssl/crypto.h
@@ -25,6 +25,9 @@ WOLFSSL_API unsigned long wolfSSLeay(void);
 #define CRYPTO_set_mem_ex_functions      wolfSSL_CRYPTO_set_mem_ex_functions
 #define FIPS_mode                        wolfSSL_FIPS_mode
 #define FIPS_mode_set                    wolfSSL_FIPS_mode_set
+typedef struct CRYPTO_EX_DATA            CRYPTO_EX_DATA;
+typedef void (CRYPTO_free_func)(void*parent, void*ptr, CRYPTO_EX_DATA *ad, int idx,
+        long argl, void* argp);
 #endif /* HAVE_STUNNEL */
 
 #endif /* header */
diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h
index e8495535a..cae159e55 100644
--- a/wolfssl/openssl/ssl.h
+++ b/wolfssl/openssl/ssl.h
@@ -392,8 +392,7 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX;
 #define SSL_CTX_sess_set_remove_cb wolfSSL_CTX_sess_set_remove_cb
 
 #define i2d_SSL_SESSION wolfSSL_i2d_SSL_SESSION
-#define d2i_SSL_SESSION(sess, val, length) \
-        wolfSSL_d2i_SSL_SESSION(sess, (const unsigned char **)val, length)
+#define d2i_SSL_SESSION wolfSSL_d2i_SSL_SESSION
 #define SSL_SESSION_set_timeout wolfSSL_SSL_SESSION_set_timeout
 #define SSL_SESSION_get_timeout wolfSSL_SESSION_get_timeout
 #define SSL_SESSION_get_time wolfSSL_SESSION_get_time
@@ -477,7 +476,6 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY;
 #define SSL_SESSION_get_ex_new_index     wolfSSL_SESSION_get_ex_new_index
 #define SSL_SESSION_get_id               wolfSSL_SESSION_get_id
 #define CRYPTO_dynlock_value             WOLFSSL_dynlock_value
-typedef struct CRYPTO_EX_DATA            CRYPTO_EX_DATA;
 typedef WOLFSSL_ASN1_BIT_STRING    ASN1_BIT_STRING;
 
 
diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h
index 397a91b68..25b86a6c5 100644
--- a/wolfssl/ssl.h
+++ b/wolfssl/ssl.h
@@ -1553,6 +1553,7 @@ WOLFSSL_API int PEM_write_bio_WOLFSSL_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 *x);
 
 #ifdef HAVE_STUNNEL
 
+#include <wolfssl/openssl/crypto.h>
 
 WOLFSSL_API int wolfSSL_CRYPTO_set_mem_ex_functions(void *(*m) (size_t, const char *, int),
     void *(*r) (void *, size_t, const char *, int), void (*f) (void *));
@@ -1601,7 +1602,8 @@ WOLFSSL_API void* wolfSSL_SESSION_get_ex_data(const WOLFSSL_SESSION*, int);
 
 WOLFSSL_API int   wolfSSL_SESSION_set_ex_data(WOLFSSL_SESSION*, int, void*);
 
-WOLFSSL_API int wolfSSL_SESSION_get_ex_new_index(long,void*,void*,void*,void*);
+WOLFSSL_API int wolfSSL_SESSION_get_ex_new_index(long,void*,void*,void*,
+        CRYPTO_free_func*);
 
 WOLFSSL_API int wolfSSL_X509_NAME_get_sz(WOLFSSL_X509_NAME*);
 

From 922df2cfb394af8d4ee517f30d1813d46a1901cd Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Mon, 20 Jul 2015 16:08:55 -0700
Subject: [PATCH 217/350] allow bigger rsa key gen w/o sanity check error on
 invmod()

---
 wolfcrypt/src/integer.c | 2 +-
 wolfcrypt/src/tfm.c     | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/wolfcrypt/src/integer.c b/wolfcrypt/src/integer.c
index 00685acfc..3fb8054fe 100644
--- a/wolfcrypt/src/integer.c
+++ b/wolfcrypt/src/integer.c
@@ -955,7 +955,7 @@ top:
 
   /* if not zero goto step 4 */
   if (mp_iszero (&u) == 0) {
-    if (++loop_check > 1024) {
+    if (++loop_check > 4096) {
         res = MP_VAL;
         goto LBL_ERR;
     }
diff --git a/wolfcrypt/src/tfm.c b/wolfcrypt/src/tfm.c
index 3391693ae..5c089edde 100755
--- a/wolfcrypt/src/tfm.c
+++ b/wolfcrypt/src/tfm.c
@@ -932,7 +932,7 @@ top:
 
   /* if not zero goto step 4 */
   if (fp_iszero (&u) == FP_NO) {
-    if (++loop_check > 1024) /* bad input */
+    if (++loop_check > 4096) /* bad input */
       return FP_VAL;
     goto top;
   }

From 4916ae72bc1f3f6cc0bac51bcaa2909a5c5e1160 Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Mon, 20 Jul 2015 16:47:03 -0700
Subject: [PATCH 218/350] custom release notes

---
 README    | 13 ++++++++++++-
 README.md | 12 ++++++++++++
 2 files changed, 24 insertions(+), 1 deletion(-)

diff --git a/README b/README
index c7245ecbc..74abbb0e8 100644
--- a/README
+++ b/README
@@ -34,7 +34,18 @@ before calling wolfSSL_new();  Though it's not recommended.
 
 *** end Notes ***
 
-wolfSSL (Formerly CyaSSL) Release 3.6.0 (06/19/2015)
+wolfSSL (Formerly CyaSSL) Release 3.6.2 (07/20/2015)
+
+Release 3.6.2 of wolfSSL is an intermediate custom release including:
+
+- OpenSSH  compatibility with --enable-openssh
+- stunnel  compatibility with --enable-stunnel
+- lighttpd compatibility with --enable-lighty
+
+See INSTALL file for build instructions.
+More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html
+
+ **************** wolfSSL (Formerly CyaSSL) Release 3.6.0 (06/19/2015)
 
 Release 3.6.0 of wolfSSL has bug fixes and new features including:
 
diff --git a/README.md b/README.md
index 7b7d57ce8..edbfb9d35 100644
--- a/README.md
+++ b/README.md
@@ -38,6 +38,18 @@ before calling wolfSSL_new();  Though it's not recommended.
 - GNU Binutils 2.24 ld has problems with some debug builds, to fix an ld error
   add -fdebug-types-section to C_EXTRA_FLAGS
 
+#wolfSSL (Formerly CyaSSL) Release 3.6.2 (07/20/2015)
+
+##Release 3.6.2 of wolfSSL is an intermediate custom release including:
+
+- OpenSSH  compatibility with --enable-openssh
+- stunnel  compatibility with --enable-stunnel
+- lighttpd compatibility with --enable-lighty
+
+See INSTALL file for build instructions.
+More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html
+
+
 #wolfSSL (Formerly CyaSSL) Release 3.6.0 (06/19/2015)
 
 ##Release 3.6.0 of wolfSSL has bug fixes and new features including:

From 8499f816c693529f628dc062b0b2085284ad77b7 Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Tue, 21 Jul 2015 11:10:28 -0700
Subject: [PATCH 219/350] fix potential resource leaks

---
 src/ssl.c | 34 +++++++++++-----------------------
 1 file changed, 11 insertions(+), 23 deletions(-)

diff --git a/src/ssl.c b/src/ssl.c
index 958a382e9..1cc079d9c 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -3447,8 +3447,10 @@ int wolfSSL_CTX_load_verify_locations(WOLFSSL_CTX* ctx, const char* file,
 
     #ifdef WOLFSSL_SMALL_STACK
         name = (char*)XMALLOC(MAX_FILENAME_SZ, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-        if (name == NULL)
+        if (name == NULL) {
+            closedir(dir);
             return MEMORY_E;
+        }
     #endif
 
         while ( ret == SSL_SUCCESS && (entry = readdir(dir)) != NULL) {
@@ -10780,6 +10782,7 @@ int wolfSSL_cmp_peer_cert_to_file(WOLFSSL* ssl, const char *fname)
         WOLFSSL_X509*   peer_cert = &ssl->peerCert;
         buffer         fileDer;
 
+        fileDer.buffer = 0;
         file = XFOPEN(fname, "rb");
         if (file == XBADFILE)
             return SSL_BAD_FILE;
@@ -10805,7 +10808,6 @@ int wolfSSL_cmp_peer_cert_to_file(WOLFSSL* ssl, const char *fname)
             info->set = 0;
             info->ctx = ctx;
             info->consumed = 0;
-            fileDer.buffer = 0;
 
             if ((myBuffer != NULL) &&
                 (sz > 0) &&
@@ -11158,11 +11160,14 @@ int wolfSSL_BN_bn2bin(const WOLFSSL_BIGNUM* bn, unsigned char* r)
 WOLFSSL_BIGNUM* wolfSSL_BN_bin2bn(const unsigned char* str, int len,
                             WOLFSSL_BIGNUM* ret)
 {
+    int weOwn = 0;
+
     WOLFSSL_MSG("wolfSSL_BN_bin2bn");
 
     /* if ret is null create a BN */
     if (ret == NULL) {
         ret = wolfSSL_BN_new();
+        weOwn = 1;
         if (ret == NULL)
             return NULL;
     }
@@ -11171,6 +11176,8 @@ WOLFSSL_BIGNUM* wolfSSL_BN_bin2bn(const unsigned char* str, int len,
     if (ret && ret->internal) {
         if (mp_read_unsigned_bin((mp_int*)ret->internal, str, len) != 0) {
             WOLFSSL_MSG("mp_read_unsigned_bin failure");
+            if (weOwn)
+                wolfSSL_BN_free(ret);
             return NULL;
         }
     }
@@ -11421,20 +11428,11 @@ int wolfSSL_BN_lshift(WOLFSSL_BIGNUM *r, const WOLFSSL_BIGNUM *bn, int n)
 {
     WOLFSSL_MSG("wolfSSL_BN_lshift");
 
-    if (bn == NULL || bn->internal == NULL) {
+    if (r == NULL || r->internal == NULL || bn == NULL || bn->internal == NULL){
         WOLFSSL_MSG("bn NULL error");
         return SSL_FAILURE;
     }
 
-    /*  create new bn for res, if not done before */
-    if (r == NULL)
-        r = wolfSSL_BN_new();
-
-    if (r == NULL) {
-        WOLFSSL_MSG("bn new error");
-        return SSL_FAILURE;
-    }
-
     if (mp_mul_2d((mp_int*)bn->internal, n, (mp_int*)r->internal) != MP_OKAY) {
         WOLFSSL_MSG("mp_mul_2d error");
         return SSL_FAILURE;
@@ -11450,20 +11448,11 @@ int wolfSSL_BN_rshift(WOLFSSL_BIGNUM *r, const WOLFSSL_BIGNUM *bn, int n)
 {
     WOLFSSL_MSG("wolfSSL_BN_rshift");
 
-    if (bn == NULL || bn->internal == NULL) {
+    if (r == NULL || r->internal == NULL || bn == NULL || bn->internal == NULL){
         WOLFSSL_MSG("bn NULL error");
         return SSL_FAILURE;
     }
 
-    /*  create new bn for res, if not done before */
-    if (r == NULL)
-        r = wolfSSL_BN_new();
-
-    if (r == NULL) {
-        WOLFSSL_MSG("bn new error");
-        return SSL_FAILURE;
-    }
-
     if (mp_div_2d((mp_int*)bn->internal, n,
                   (mp_int*)r->internal, NULL) != MP_OKAY) {
         WOLFSSL_MSG("mp_mul_2d error");
@@ -11471,7 +11460,6 @@ int wolfSSL_BN_rshift(WOLFSSL_BIGNUM *r, const WOLFSSL_BIGNUM *bn, int n)
     }
 
     return SSL_SUCCESS;
-
 }
 
 /* return code compliant with OpenSSL :

From 37211d463665dc75e1a957b06279af1e1fde654d Mon Sep 17 00:00:00 2001
From: kaleb-himes <kaleb@wolfssl.com>
Date: Tue, 21 Jul 2015 13:56:47 -0600
Subject: [PATCH 220/350] crl script initialize

---
 configure.ac       |   3 +-
 scripts/crl.test   | 126 +++++++++++++++++++++++++++++++++++++++++++++
 scripts/include.am |   4 ++
 3 files changed, 131 insertions(+), 2 deletions(-)
 create mode 100755 scripts/crl.test

diff --git a/configure.ac b/configure.ac
index e66b68718..718675ae9 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1414,7 +1414,7 @@ then
 fi
 
 
-# CRL 
+# CRL
 AC_ARG_ENABLE([crl],
     [  --enable-crl            Enable CRL (default: disabled)],
     [ ENABLED_CRL=$enableval ],
@@ -1428,7 +1428,6 @@ fi
 
 AM_CONDITIONAL([BUILD_CRL], [test "x$ENABLED_CRL" = "xyes"])
 
-
 # CRL Monitor
 AC_ARG_ENABLE([crl-monitor],
     [  --enable-crl-monitor    Enable CRL Monitor (default: disabled)],
diff --git a/scripts/crl.test b/scripts/crl.test
new file mode 100755
index 000000000..2f4c5a9ee
--- /dev/null
+++ b/scripts/crl.test
@@ -0,0 +1,126 @@
+#!/bin/bash
+
+#crl.test
+
+dir="certs/crl"
+log_file="tests/unit.log"
+result_file="make_test_result.txt"
+success_line="err = -361, CRL Cert revoked"
+exit_code="0"
+allowed_to_run="1"
+script_1="testsuite/testsuite.test"
+script_2="scripts/*.test"
+
+# trap this function so that if we exit on an error the file system will still
+# be restored and the other tests may still pass. Never call this function
+# instead use "exit <some value>" and this function will run automatically
+function restore_file_system() {
+    move_bad_crl_out
+    put_in_good_crl
+}
+trap restore_file_system EXIT
+
+function can_start() {
+
+    # NICK: need a better way of controlling when this script executes
+    # I.E. force it to be last or force it to be first
+
+    # grep for any other test scripts that may be running
+    $allowed_to_run=`ps aux | grep -i "$script_1" | grep -v "grep" | wc -l`
+    if [ $allowed_to_run -ge 1 ]
+    then
+        echo "script is running"
+    else
+        echo "script is not running"
+    fi
+}
+
+function move_good_crl_out() {
+    if test -e $dir/crl.pem; then
+        echo "moving good crl out of the way"
+        mv $dir/crl.pem $dir/crl.unrevoked
+    else
+        echo "file not found: $dir/crl.pem"
+        echo "Please make sure you're running from wolfSSL_root directory"
+        $exit_code = -1
+        echo "exiting with $exit_code"
+        exit $exit_code
+    fi
+}
+
+function put_in_bad_crl() {
+    if test -e $dir/crl.revoked; then
+        echo "moving crl with server revoked into place"
+        mv $dir/crl.revoked $dir/crl.pem
+    else
+        echo "file not found: $dir/crl.revoked"
+        echo "Please make sure you're running from wolfSSL_root directory"
+        $exit_code = -1
+        echo "exiting with $exit_code"
+        exit $exit_code
+    fi
+}
+
+function run_test() {
+
+    # NICK: is there a better way then scrubbing the .log file to get the
+    # error code -361 thoughts?
+    #consider how we might abstract this up one layer perhaps a c program.
+
+    # Redirect stdout and stderr to reduce "noise"
+    ./testsuite/testsuite.test &> scripts/ignore.txt
+    rm scripts/ignore.txt
+
+    if test -e $log_file
+    then
+        while read line;
+        do
+            if [[ "x$success_line" == "x$line" ]]
+            then
+                echo "Successful Revocation!!!!"
+            fi
+        done < $log_file
+    fi
+}
+
+function move_bad_crl_out() {
+    if test -e $dir/crl.pem; then
+        echo "moving crl with server revoked out of the way"
+        mv $dir/crl.pem $dir/crl.revoked
+    else
+        echo "file system corrupted. $dir/crl.pem missing after test"
+        $exit_code = -2
+        echo "exiting with $exit_code"
+        exit $exit_code
+    fi
+}
+
+function put_in_good_crl() {
+    if test -e $dir/crl.unrevoked; then
+        echo "moving good crl back into place"
+        mv $dir/crl.unrevoked $dir/crl.pem
+    else
+        echo "file system corrupted. $dir/crl.unrevoked missing after test"
+        $exit_code = -2
+        echo "exiting with $exit_code"
+        exit $exit_code
+    fi
+}
+
+######### begin program #########
+
+# check if testsuite is currently running
+#can_start
+
+# move good crl to crl.unrevoked
+move_good_crl_out
+
+# move revoked crl into place
+put_in_bad_crl
+
+# run the test
+run_test
+
+echo "exiting with $exit_code"
+exit $exit_code
+########## end program ##########
diff --git a/scripts/include.am b/scripts/include.am
index 924634aa7..95ddbb4dd 100644
--- a/scripts/include.am
+++ b/scripts/include.am
@@ -16,4 +16,8 @@ dist_noinst_SCRIPTS+= scripts/google.test
 endif
 endif
 
+if BUILD_CRL
+dist_noinst_SCRIPTS+= scripts/crl.test
+endif
+
 EXTRA_DIST +=  scripts/testsuite.pcap

From 4743dfe81312f847548f8b2d13c9262798a30f1a Mon Sep 17 00:00:00 2001
From: kaleb-himes <kaleb@wolfssl.com>
Date: Tue, 21 Jul 2015 15:35:24 -0600
Subject: [PATCH 221/350] add a uniquely, always revoked server-cert for
 testing

---
 certs/gen_revoked_certs.sh |  18 ++++
 certs/server-revoked.pem   | 173 +++++++++++++++++++++++++++++++++++++
 2 files changed, 191 insertions(+)
 create mode 100755 certs/gen_revoked_certs.sh
 create mode 100644 certs/server-revoked.pem

diff --git a/certs/gen_revoked_certs.sh b/certs/gen_revoked_certs.sh
new file mode 100755
index 000000000..619b225bc
--- /dev/null
+++ b/certs/gen_revoked_certs.sh
@@ -0,0 +1,18 @@
+    ###########################################################
+    ########## update and sign server-cert.pem ################
+    ###########################################################
+    echo "Updating server-cert.pem"
+    echo ""
+    #pipe the following arguments to openssl req...
+    echo -e "US\nMontana\nBozeman\nwolfSSL\nSupport\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key server-key.pem -nodes > server-req.pem
+
+    openssl x509 -req -in server-req.pem -extfile renewcerts/wolfssl.cnf -extensions wolfssl_opts -days 1000 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > server-revoked.pem
+
+    rm server-req.pem
+
+    openssl x509 -in ca-cert.pem -text > ca_tmp.pem
+    openssl x509 -in server-revoked.pem -text > srv_tmp.pem
+    mv srv_tmp.pem server-revoked.pem
+    cat ca_tmp.pem >> server-revoked.pem
+    rm ca_tmp.pem
+
diff --git a/certs/server-revoked.pem b/certs/server-revoked.pem
new file mode 100644
index 000000000..399ee8676
--- /dev/null
+++ b/certs/server-revoked.pem
@@ -0,0 +1,173 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+        Validity
+            Not Before: Jul 21 21:14:46 2015 GMT
+            Not After : Apr 16 21:14:46 2018 GMT
+        Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL, OU=Support, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27:
+                    01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6:
+                    f6:1c:88:bc:7c:9f:fb:a8:67:7f:fe:5c:9c:51:75:
+                    f7:8a:ca:07:e7:35:2f:8f:e1:bd:7b:c0:2f:7c:ab:
+                    64:a8:17:fc:ca:5d:7b:ba:e0:21:e5:72:2e:6f:2e:
+                    86:d8:95:73:da:ac:1b:53:b9:5f:3f:d7:19:0d:25:
+                    4f:e1:63:63:51:8b:0b:64:3f:ad:43:b8:a5:1c:5c:
+                    34:b3:ae:00:a0:63:c5:f6:7f:0b:59:68:78:73:a6:
+                    8c:18:a9:02:6d:af:c3:19:01:2e:b8:10:e3:c6:cc:
+                    40:b4:69:a3:46:33:69:87:6e:c4:bb:17:a6:f3:e8:
+                    dd:ad:73:bc:7b:2f:21:b5:fd:66:51:0c:bd:54:b3:
+                    e1:6d:5f:1c:bc:23:73:d1:09:03:89:14:d2:10:b9:
+                    64:c3:2a:d0:a1:96:4a:bc:e1:d4:1a:5b:c7:a0:c0:
+                    c1:63:78:0f:44:37:30:32:96:80:32:23:95:a1:77:
+                    ba:13:d2:97:73:e2:5d:25:c9:6a:0d:c3:39:60:a4:
+                    b4:b0:69:42:42:09:e9:d8:08:bc:33:20:b3:58:22:
+                    a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f:
+                    ad:d7
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                B3:11:32:C9:92:98:84:E2:C9:F8:D0:3B:6E:03:42:CA:1F:0E:8E:3C
+            X509v3 Authority Key Identifier: 
+                keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
+                DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+                serial:D9:80:3A:C3:D2:F4:DA:37
+
+            X509v3 Basic Constraints: 
+                CA:TRUE
+    Signature Algorithm: sha1WithRSAEncryption
+        08:2d:bc:b5:b7:d9:89:c3:7c:c3:2d:78:f8:5d:25:17:af:fe:
+        4c:ee:50:57:96:98:1d:aa:80:c2:e6:86:ed:c8:c0:fa:45:a1:
+        3d:fc:1a:26:28:36:3a:73:d6:e5:bc:9f:24:78:72:c1:33:59:
+        21:db:f4:d9:d8:af:6b:8d:0a:f1:8d:51:dd:52:d5:6f:ac:02:
+        e7:39:5d:2e:ac:8f:99:5d:96:15:fd:a9:f1:01:19:a8:29:a8:
+        9d:71:de:f8:c9:60:81:41:f3:20:75:67:20:ef:d5:37:e5:ed:
+        9d:d9:f6:87:1d:5a:6a:a7:1e:40:82:df:4f:64:6a:67:9c:a8:
+        82:ea:9f:33:fb:23:50:49:2a:90:00:c6:91:82:54:c7:a0:dc:
+        01:b6:bb:23:5a:61:48:44:8f:e7:16:26:87:04:59:32:15:72:
+        bc:ab:f5:60:b5:ca:54:13:fa:28:f7:bc:6c:c5:b8:c1:b4:12:
+        31:b6:8a:c1:ad:bf:10:db:7d:c7:02:52:e4:e4:f7:2d:74:04:
+        e4:28:2c:16:cb:b3:34:fc:c9:95:6a:3d:e9:c4:b8:5c:3f:1f:
+        ae:d6:17:b6:fd:df:fb:e0:80:d5:78:a8:a8:f6:4f:13:9c:33:
+        76:51:f5:d7:de:de:ff:f8:11:c6:f9:d5:e8:93:2a:78:8d:a3:
+        eb:22:34:0a
+-----BEGIN CERTIFICATE-----
+MIIEnjCCA4agAwIBAgIBATANBgkqhkiG9w0BAQUFADCBlDELMAkGA1UEBhMCVVMx
+EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh
+d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz
+bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUwNzIx
+MjExNDQ2WhcNMTgwNDE2MjExNDQ2WjCBkDELMAkGA1UEBhMCVVMxEDAOBgNVBAgT
+B01vbnRhbmExEDAOBgNVBAcTB0JvemVtYW4xEDAOBgNVBAoTB3dvbGZTU0wxEDAO
+BgNVBAsTB1N1cHBvcnQxGDAWBgNVBAMTD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqG
+SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBAMCVCOFXQfJxbbfSRUEnAWXGRa7yvCQwuJXOL07W9hyIvHyf+6hn
+f/5cnFF194rKB+c1L4/hvXvAL3yrZKgX/Mpde7rgIeVyLm8uhtiVc9qsG1O5Xz/X
+GQ0lT+FjY1GLC2Q/rUO4pRxcNLOuAKBjxfZ/C1loeHOmjBipAm2vwxkBLrgQ48bM
+QLRpo0YzaYduxLsXpvPo3a1zvHsvIbX9ZlEMvVSz4W1fHLwjc9EJA4kU0hC5ZMMq
+0KGWSrzh1Bpbx6DAwWN4D0Q3MDKWgDIjlaF3uhPSl3PiXSXJag3DOWCktLBpQkIJ
+6dgIvDMgs1gip6rrxOHmYYPF0pbf2dBPrdcCAwEAAaOB/DCB+TAdBgNVHQ4EFgQU
+sxEyyZKYhOLJ+NA7bgNCyh8OjjwwgckGA1UdIwSBwTCBvoAUJ45nEXTDJh0/7TNj
+s6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5h
+MRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290aDETMBEGA1UECwwK
+Q29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcN
+AQkBFhBpbmZvQHdvbGZzc2wuY29tggkA2YA6w9L02jcwDAYDVR0TBAUwAwEB/zAN
+BgkqhkiG9w0BAQUFAAOCAQEACC28tbfZicN8wy14+F0lF6/+TO5QV5aYHaqAwuaG
+7cjA+kWhPfwaJig2OnPW5byfJHhywTNZIdv02diva40K8Y1R3VLVb6wC5zldLqyP
+mV2WFf2p8QEZqCmonXHe+MlggUHzIHVnIO/VN+Xtndn2hx1aaqceQILfT2RqZ5yo
+guqfM/sjUEkqkADGkYJUx6DcAba7I1phSESP5xYmhwRZMhVyvKv1YLXKVBP6KPe8
+bMW4wbQSMbaKwa2/ENt9xwJS5OT3LXQE5CgsFsuzNPzJlWo96cS4XD8frtYXtv3f
+++CA1XioqPZPE5wzdlH1197e//gRxvnV6JMqeI2j6yI0Cg==
+-----END CERTIFICATE-----
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            d9:80:3a:c3:d2:f4:da:37
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+        Validity
+            Not Before: May  7 18:21:01 2015 GMT
+            Not After : Jan 31 18:21:01 2018 GMT
+        Subject: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:bf:0c:ca:2d:14:b2:1e:84:42:5b:cd:38:1f:4a:
+                    f2:4d:75:10:f1:b6:35:9f:df:ca:7d:03:98:d3:ac:
+                    de:03:66:ee:2a:f1:d8:b0:7d:6e:07:54:0b:10:98:
+                    21:4d:80:cb:12:20:e7:cc:4f:de:45:7d:c9:72:77:
+                    32:ea:ca:90:bb:69:52:10:03:2f:a8:f3:95:c5:f1:
+                    8b:62:56:1b:ef:67:6f:a4:10:41:95:ad:0a:9b:e3:
+                    a5:c0:b0:d2:70:76:50:30:5b:a8:e8:08:2c:7c:ed:
+                    a7:a2:7a:8d:38:29:1c:ac:c7:ed:f2:7c:95:b0:95:
+                    82:7d:49:5c:38:cd:77:25:ef:bd:80:75:53:94:3c:
+                    3d:ca:63:5b:9f:15:b5:d3:1d:13:2f:19:d1:3c:db:
+                    76:3a:cc:b8:7d:c9:e5:c2:d7:da:40:6f:d8:21:dc:
+                    73:1b:42:2d:53:9c:fe:1a:fc:7d:ab:7a:36:3f:98:
+                    de:84:7c:05:67:ce:6a:14:38:87:a9:f1:8c:b5:68:
+                    cb:68:7f:71:20:2b:f5:a0:63:f5:56:2f:a3:26:d2:
+                    b7:6f:b1:5a:17:d7:38:99:08:fe:93:58:6f:fe:c3:
+                    13:49:08:16:0b:a7:4d:67:00:52:31:67:23:4e:98:
+                    ed:51:45:1d:b9:04:d9:0b:ec:d8:28:b3:4b:bd:ed:
+                    36:79
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
+            X509v3 Authority Key Identifier: 
+                keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
+                DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+                serial:D9:80:3A:C3:D2:F4:DA:37
+
+            X509v3 Basic Constraints: 
+                CA:TRUE
+    Signature Algorithm: sha256WithRSAEncryption
+        7a:af:44:3b:aa:6f:53:42:b2:33:aa:43:5f:56:30:d3:b9:96:
+        0b:9a:55:5a:39:2a:0b:4e:e4:2e:f1:95:66:c9:86:36:82:8d:
+        63:7c:4d:a2:ee:48:ba:03:c7:90:d7:a7:c6:74:60:48:5f:31:
+        a2:f9:5e:3e:c3:82:e1:e5:2f:41:81:83:29:25:79:d1:53:00:
+        69:3c:ed:0a:30:3b:41:1d:92:a1:2c:a8:9d:2c:e3:23:87:79:
+        e0:55:6e:91:a8:50:da:46:2f:c2:20:50:3e:2b:47:97:14:b0:
+        7d:04:ba:45:51:d0:6e:e1:5a:a2:4b:84:9c:4d:cd:85:04:f9:
+        28:31:82:93:bc:c7:59:49:91:03:e8:df:6a:e4:56:ad:6a:cb:
+        1f:0d:37:e4:5e:bd:e7:9f:d5:ec:9d:3c:18:25:9b:f1:2f:50:
+        7d:eb:31:cb:f1:63:22:9d:57:fc:f3:84:20:1a:c6:07:87:92:
+        26:9e:15:18:59:33:06:dc:fb:b0:b6:76:5d:f1:c1:2f:c8:2f:
+        62:9c:c0:d6:de:eb:65:77:f3:5c:a6:c3:88:27:96:75:b4:f4:
+        54:cd:ff:2d:21:2e:96:f0:07:73:4b:e9:93:92:90:de:62:d9:
+        a3:3b:ac:6e:24:5f:27:4a:b3:94:70:ff:30:17:e7:7e:32:8f:
+        65:b7:75:58
+-----BEGIN CERTIFICATE-----
+MIIEqjCCA5KgAwIBAgIJANmAOsPS9No3MA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD
+VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G
+A1UECgwIU2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3
+dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAe
+Fw0xNTA1MDcxODIxMDFaFw0xODAxMzExODIxMDFaMIGUMQswCQYDVQQGEwJVUzEQ
+MA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3
+dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3Ns
+LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAL8Myi0Ush6EQlvNOB9K8k11EPG2NZ/fyn0D
+mNOs3gNm7irx2LB9bgdUCxCYIU2AyxIg58xP3kV9yXJ3MurKkLtpUhADL6jzlcXx
+i2JWG+9nb6QQQZWtCpvjpcCw0nB2UDBbqOgILHztp6J6jTgpHKzH7fJ8lbCVgn1J
+XDjNdyXvvYB1U5Q8PcpjW58VtdMdEy8Z0TzbdjrMuH3J5cLX2kBv2CHccxtCLVOc
+/hr8fat6Nj+Y3oR8BWfOahQ4h6nxjLVoy2h/cSAr9aBj9VYvoybSt2+xWhfXOJkI
+/pNYb/7DE0kIFgunTWcAUjFnI06Y7VFFHbkE2Qvs2CizS73tNnkCAwEAAaOB/DCB
++TAdBgNVHQ4EFgQUJ45nEXTDJh0/7TNjs6TYHTDl6NUwgckGA1UdIwSBwTCBvoAU
+J45nEXTDJh0/7TNjs6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYD
+VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290
+aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t
+MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkA2YA6w9L02jcwDAYD
+VR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAeq9EO6pvU0KyM6pDX1Yw07mW
+C5pVWjkqC07kLvGVZsmGNoKNY3xNou5IugPHkNenxnRgSF8xovlePsOC4eUvQYGD
+KSV50VMAaTztCjA7QR2SoSyonSzjI4d54FVukahQ2kYvwiBQPitHlxSwfQS6RVHQ
+buFaokuEnE3NhQT5KDGCk7zHWUmRA+jfauRWrWrLHw035F6955/V7J08GCWb8S9Q
+fesxy/FjIp1X/POEIBrGB4eSJp4VGFkzBtz7sLZ2XfHBL8gvYpzA1t7rZXfzXKbD
+iCeWdbT0VM3/LSEulvAHc0vpk5KQ3mLZozusbiRfJ0qzlHD/MBfnfjKPZbd1WA==
+-----END CERTIFICATE-----

From e7dd5c4b8f57274572587e781de4dbe9d6c19619 Mon Sep 17 00:00:00 2001
From: Jacob Barthelmeh <jacob@wolfssl.com>
Date: Tue, 21 Jul 2015 16:55:42 -0600
Subject: [PATCH 222/350] add setting client cipher list

---
 tests/test-qsh.conf | 3 +++
 tests/test.conf     | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/tests/test-qsh.conf b/tests/test-qsh.conf
index 8261f147d..0f59c428f 100644
--- a/tests/test-qsh.conf
+++ b/tests/test-qsh.conf
@@ -2018,4 +2018,7 @@
 -c ./certs/ntru-cert.pem
 -k ./certs/ntru-key.raw
 
+# client TLSv1.2 NTRU_AES128
+-v 3
+-l QSH:NTRU-AES128-SHA
 
diff --git a/tests/test.conf b/tests/test.conf
index 963db7b06..9e6d0674a 100644
--- a/tests/test.conf
+++ b/tests/test.conf
@@ -2018,4 +2018,7 @@
 -c ./certs/ntru-cert.pem
 -k ./certs/ntru-key.raw
 
+# client TLSv1.2 NTRU_AES128
+-v 3
+-l NTRU-AES128-SHA
 

From 27202912e8e2c25b79ec7a5b633092f6a9d582cb Mon Sep 17 00:00:00 2001
From: Nickolas Lapp <nick@wolfssl.com>
Date: Tue, 21 Jul 2015 17:17:41 -0600
Subject: [PATCH 223/350] Adjusted gencrls and renewcerts to add a revoked
 server cert

---
 certs/crl/gencrls.sh          |   3 +
 certs/renewcerts.sh           |  17 ++++
 certs/server-revoked-cert.pem | 172 ++++++++++++++++++++++++++++++++++
 certs/server-revoked-key.pem  |  27 ++++++
 4 files changed, 219 insertions(+)
 create mode 100644 certs/server-revoked-cert.pem
 create mode 100644 certs/server-revoked-key.pem

diff --git a/certs/crl/gencrls.sh b/certs/crl/gencrls.sh
index a18ecf3f7..a84c82510 100755
--- a/certs/crl/gencrls.sh
+++ b/certs/crl/gencrls.sh
@@ -5,6 +5,9 @@
 
 
 # caCrl
+# revoke server-revoked-cert.pem
+openssl ca -config ../renewcerts/wolfssl.cnf -revoke ../server-revoked-cert.pem -keyfile ../ca-key.pem -cert ../ca-cert.pem
+
 openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 1000 -out crl.pem -keyfile ../ca-key.pem -cert ../ca-cert.pem
 
 # metadata
diff --git a/certs/renewcerts.sh b/certs/renewcerts.sh
index a048b631d..493998b90 100755
--- a/certs/renewcerts.sh
+++ b/certs/renewcerts.sh
@@ -98,6 +98,23 @@ function run_renewcerts(){
     mv srv_tmp.pem server-cert.pem
     cat ca_tmp.pem >> server-cert.pem
     rm ca_tmp.pem
+    ###########################################################
+    ########## update and sign server-revoked-key.pem ################
+    ###########################################################
+    echo "Updating server-revoked-cert.pem"
+    echo ""
+    #pipe the following arguments to openssl req...
+    echo -e "US\nMontana\nBozeman\nwolfSSL\nSupport\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key server-revoked-key.pem -nodes > server-revoked-req.pem
+
+    openssl x509 -req -in server-revoked-req.pem -extfile wolfssl.cnf -extensions wolfssl_opts -days 1000 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 02 > server-revoked-cert.pem
+
+    rm server-revoked-req.pem
+
+    openssl x509 -in ca-cert.pem -text > ca_tmp.pem
+    openssl x509 -in server-revoked-cert.pem -text > srv_tmp.pem
+    mv srv_tmp.pem server-revoked-cert.pem
+    cat ca_tmp.pem >> server-revoked-cert.pem
+    rm ca_tmp.pem
     ############################################################
     ########## update and sign the server-ecc-rsa.pem ##########
     ############################################################
diff --git a/certs/server-revoked-cert.pem b/certs/server-revoked-cert.pem
new file mode 100644
index 000000000..f1a84b26b
--- /dev/null
+++ b/certs/server-revoked-cert.pem
@@ -0,0 +1,172 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 2 (0x2)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+        Validity
+            Not Before: Jul 21 22:43:25 2015 GMT
+            Not After : Apr 16 22:43:25 2018 GMT
+        Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL, OU=Support, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:b0:14:16:3a:43:dd:e1:50:45:4f:cf:80:b3:dd:
+                    66:96:c7:e9:f4:dc:de:b6:6b:24:1b:76:48:ac:c6:
+                    23:a5:a7:e4:05:19:bd:b7:f6:de:fa:ff:ed:5b:3c:
+                    79:8a:a9:d5:f1:fb:eb:c8:b1:e4:b2:ab:52:72:89:
+                    93:22:5c:ba:cd:8a:36:2a:2c:d1:40:ec:a8:66:0e:
+                    c3:76:cd:e7:b3:a3:0a:1e:dd:4a:07:82:17:81:ba:
+                    de:57:ce:b6:32:81:c7:bd:11:bb:e9:15:22:4e:e2:
+                    16:ac:e3:d4:c0:68:88:6c:11:fc:c2:bd:1b:db:1d:
+                    fd:e6:43:c7:1b:33:b8:f4:e5:1b:59:39:12:38:4d:
+                    2d:9b:64:68:98:fc:8d:72:12:91:f2:24:25:6c:4c:
+                    4a:48:57:92:00:cc:7e:d8:d4:3d:b8:1d:f2:9e:ea:
+                    b2:23:0f:51:0f:11:41:1c:f5:27:00:1b:08:7a:12:
+                    3a:05:5b:03:24:fe:b1:7b:20:fa:e4:a8:58:c6:ca:
+                    ce:7f:be:95:01:12:9d:05:e6:39:13:1b:c0:3e:56:
+                    2e:2b:9f:76:37:de:de:9b:e0:0d:7a:63:0d:a7:22:
+                    58:db:31:c7:f7:b4:46:5c:ba:b6:4b:48:b1:18:9a:
+                    68:b3:63:47:fd:af:12:5f:2f:fe:10:cb:58:2b:33:
+                    68:85
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                D8:09:2B:59:E1:2A:EE:D9:EE:40:AA:9C:AB:F0:5D:28:09:4F:22:BB
+            X509v3 Authority Key Identifier: 
+                keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
+                DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+                serial:91:68:6B:F0:94:88:41:A2
+
+            X509v3 Basic Constraints: 
+                CA:TRUE
+    Signature Algorithm: sha256WithRSAEncryption
+         21:34:8d:f0:1c:89:16:18:69:b6:5a:6a:c5:56:b0:94:24:19:
+         80:52:df:54:1c:2e:63:2a:77:e2:52:76:7c:2c:d8:42:9f:13:
+         be:26:ab:d1:48:1c:52:91:df:33:57:aa:c9:5e:8e:bd:e3:1b:
+         1b:6d:97:26:e8:35:7c:06:e2:11:d2:ff:91:63:53:09:dc:62:
+         fa:57:9e:75:69:3d:a8:b9:3b:6e:52:b9:c8:93:f1:79:ef:4b:
+         7f:71:26:ab:e4:30:a5:bd:d3:9b:79:f5:f0:05:3f:f5:66:92:
+         c3:e2:3f:b6:08:bc:f5:58:77:34:4d:6e:cf:66:2a:b3:7c:e3:
+         ea:15:b7:92:e2:74:b6:39:44:9e:c5:ea:e5:21:70:a0:47:fc:
+         20:7d:79:0a:a0:a8:3c:51:c6:2d:5f:a3:be:b4:e2:ba:52:27:
+         7c:8f:79:b6:ae:b3:e2:4c:35:85:69:cd:d5:3b:ac:2d:1b:e1:
+         f9:15:97:9a:a3:94:3f:70:50:62:49:b5:52:61:f8:cf:31:2b:
+         fb:83:b9:df:20:55:8d:73:ea:26:eb:a4:ed:11:9e:52:0f:04:
+         40:4d:94:0a:dc:62:f3:3b:88:e2:4d:eb:bd:a2:27:25:a8:63:
+         54:f7:52:e3:47:59:a1:bc:f7:7f:81:16:ec:86:79:9b:73:f6:
+         96:ec:16:62
+-----BEGIN CERTIFICATE-----
+MIIEnjCCA4agAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx
+EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh
+d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz
+bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUwNzIx
+MjI0MzI1WhcNMTgwNDE2MjI0MzI1WjCBkDELMAkGA1UEBhMCVVMxEDAOBgNVBAgM
+B01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xEDAOBgNVBAoMB3dvbGZTU0wxEDAO
+BgNVBAsMB1N1cHBvcnQxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqG
+SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBALAUFjpD3eFQRU/PgLPdZpbH6fTc3rZrJBt2SKzGI6Wn5AUZvbf2
+3vr/7Vs8eYqp1fH768ix5LKrUnKJkyJcus2KNios0UDsqGYOw3bN57OjCh7dSgeC
+F4G63lfOtjKBx70Ru+kVIk7iFqzj1MBoiGwR/MK9G9sd/eZDxxszuPTlG1k5EjhN
+LZtkaJj8jXISkfIkJWxMSkhXkgDMftjUPbgd8p7qsiMPUQ8RQRz1JwAbCHoSOgVb
+AyT+sXsg+uSoWMbKzn++lQESnQXmORMbwD5WLiufdjfe3pvgDXpjDaciWNsxx/e0
+Rly6tktIsRiaaLNjR/2vEl8v/hDLWCszaIUCAwEAAaOB/DCB+TAdBgNVHQ4EFgQU
+2AkrWeEq7tnuQKqcq/BdKAlPIrswgckGA1UdIwSBwTCBvoAUJ45nEXTDJh0/7TNj
+s6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5h
+MRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290aDETMBEGA1UECwwK
+Q29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcN
+AQkBFhBpbmZvQHdvbGZzc2wuY29tggkAkWhr8JSIQaIwDAYDVR0TBAUwAwEB/zAN
+BgkqhkiG9w0BAQsFAAOCAQEAITSN8ByJFhhptlpqxVawlCQZgFLfVBwuYyp34lJ2
+fCzYQp8Tviar0UgcUpHfM1eqyV6OveMbG22XJug1fAbiEdL/kWNTCdxi+leedWk9
+qLk7blK5yJPxee9Lf3Emq+Qwpb3Tm3n18AU/9WaSw+I/tgi89Vh3NE1uz2Yqs3zj
+6hW3kuJ0tjlEnsXq5SFwoEf8IH15CqCoPFHGLV+jvrTiulInfI95tq6z4kw1hWnN
+1TusLRvh+RWXmqOUP3BQYkm1UmH4zzEr+4O53yBVjXPqJuuk7RGeUg8EQE2UCtxi
+8zuI4k3rvaInJahjVPdS40dZobz3f4EW7IZ5m3P2luwWYg==
+-----END CERTIFICATE-----
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 10477743214105739682 (0x91686bf0948841a2)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+        Validity
+            Not Before: Jul 21 22:43:25 2015 GMT
+            Not After : Apr 16 22:43:25 2018 GMT
+        Subject: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:bf:0c:ca:2d:14:b2:1e:84:42:5b:cd:38:1f:4a:
+                    f2:4d:75:10:f1:b6:35:9f:df:ca:7d:03:98:d3:ac:
+                    de:03:66:ee:2a:f1:d8:b0:7d:6e:07:54:0b:10:98:
+                    21:4d:80:cb:12:20:e7:cc:4f:de:45:7d:c9:72:77:
+                    32:ea:ca:90:bb:69:52:10:03:2f:a8:f3:95:c5:f1:
+                    8b:62:56:1b:ef:67:6f:a4:10:41:95:ad:0a:9b:e3:
+                    a5:c0:b0:d2:70:76:50:30:5b:a8:e8:08:2c:7c:ed:
+                    a7:a2:7a:8d:38:29:1c:ac:c7:ed:f2:7c:95:b0:95:
+                    82:7d:49:5c:38:cd:77:25:ef:bd:80:75:53:94:3c:
+                    3d:ca:63:5b:9f:15:b5:d3:1d:13:2f:19:d1:3c:db:
+                    76:3a:cc:b8:7d:c9:e5:c2:d7:da:40:6f:d8:21:dc:
+                    73:1b:42:2d:53:9c:fe:1a:fc:7d:ab:7a:36:3f:98:
+                    de:84:7c:05:67:ce:6a:14:38:87:a9:f1:8c:b5:68:
+                    cb:68:7f:71:20:2b:f5:a0:63:f5:56:2f:a3:26:d2:
+                    b7:6f:b1:5a:17:d7:38:99:08:fe:93:58:6f:fe:c3:
+                    13:49:08:16:0b:a7:4d:67:00:52:31:67:23:4e:98:
+                    ed:51:45:1d:b9:04:d9:0b:ec:d8:28:b3:4b:bd:ed:
+                    36:79
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
+            X509v3 Authority Key Identifier: 
+                keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
+                DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+                serial:91:68:6B:F0:94:88:41:A2
+
+            X509v3 Basic Constraints: 
+                CA:TRUE
+    Signature Algorithm: sha256WithRSAEncryption
+         a0:e4:8f:5e:79:82:10:b4:58:d1:67:5e:cb:d0:7a:b5:f6:be:
+         9c:27:f3:c7:61:78:44:58:06:ff:09:fb:e6:08:f0:34:55:dd:
+         6a:77:92:1a:7b:ef:b8:ed:db:9f:14:f8:b8:af:e9:3e:60:ba:
+         90:90:4c:ef:60:01:5e:76:01:64:f0:e5:19:2f:0b:f4:89:a0:
+         65:fc:d2:28:3c:ff:7c:ea:07:39:6f:bf:56:c2:52:bd:5b:64:
+         21:87:39:75:6e:8f:62:b7:6e:18:e9:5c:4d:f3:16:c8:7a:4e:
+         d2:d3:d3:55:c0:63:84:18:83:6c:2a:18:a6:ca:d6:02:d6:29:
+         88:2a:f7:69:f0:0f:f1:dc:40:ad:88:2f:f6:ab:03:c2:a6:04:
+         7e:bf:12:1e:19:c9:fe:d3:c6:13:23:10:9a:f0:76:7e:d1:89:
+         b1:52:5c:17:06:2f:37:13:25:97:da:67:43:0d:e4:c7:d7:1c:
+         a3:7e:f8:59:97:fa:c2:12:17:07:95:09:ad:fa:a9:23:29:77:
+         f0:3d:29:e0:0c:77:a8:ca:db:e3:fa:b4:5a:7d:a7:92:3b:cb:
+         95:c2:aa:36:ec:ff:f2:a3:b0:32:b8:1e:26:96:76:07:cd:10:
+         04:8b:d4:5a:14:63:10:dd:2a:51:80:b2:2a:ba:0a:f8:51:47:
+         92:a4:21:04
+-----BEGIN CERTIFICATE-----
+MIIEqjCCA5KgAwIBAgIJAJFoa/CUiEGiMA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD
+VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G
+A1UECgwIU2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3
+dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAe
+Fw0xNTA3MjEyMjQzMjVaFw0xODA0MTYyMjQzMjVaMIGUMQswCQYDVQQGEwJVUzEQ
+MA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3
+dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3Ns
+LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAL8Myi0Ush6EQlvNOB9K8k11EPG2NZ/fyn0D
+mNOs3gNm7irx2LB9bgdUCxCYIU2AyxIg58xP3kV9yXJ3MurKkLtpUhADL6jzlcXx
+i2JWG+9nb6QQQZWtCpvjpcCw0nB2UDBbqOgILHztp6J6jTgpHKzH7fJ8lbCVgn1J
+XDjNdyXvvYB1U5Q8PcpjW58VtdMdEy8Z0TzbdjrMuH3J5cLX2kBv2CHccxtCLVOc
+/hr8fat6Nj+Y3oR8BWfOahQ4h6nxjLVoy2h/cSAr9aBj9VYvoybSt2+xWhfXOJkI
+/pNYb/7DE0kIFgunTWcAUjFnI06Y7VFFHbkE2Qvs2CizS73tNnkCAwEAAaOB/DCB
++TAdBgNVHQ4EFgQUJ45nEXTDJh0/7TNjs6TYHTDl6NUwgckGA1UdIwSBwTCBvoAU
+J45nEXTDJh0/7TNjs6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYD
+VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290
+aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t
+MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkAkWhr8JSIQaIwDAYD
+VR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAoOSPXnmCELRY0Wdey9B6tfa+
+nCfzx2F4RFgG/wn75gjwNFXdaneSGnvvuO3bnxT4uK/pPmC6kJBM72ABXnYBZPDl
+GS8L9ImgZfzSKDz/fOoHOW+/VsJSvVtkIYc5dW6PYrduGOlcTfMWyHpO0tPTVcBj
+hBiDbCoYpsrWAtYpiCr3afAP8dxArYgv9qsDwqYEfr8SHhnJ/tPGEyMQmvB2ftGJ
+sVJcFwYvNxMll9pnQw3kx9cco374WZf6whIXB5UJrfqpIyl38D0p4Ax3qMrb4/q0
+Wn2nkjvLlcKqNuz/8qOwMrgeJpZ2B80QBIvUWhRjEN0qUYCyKroK+FFHkqQhBA==
+-----END CERTIFICATE-----
diff --git a/certs/server-revoked-key.pem b/certs/server-revoked-key.pem
new file mode 100644
index 000000000..3cf5640ec
--- /dev/null
+++ b/certs/server-revoked-key.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpQIBAAKCAQEAsBQWOkPd4VBFT8+As91mlsfp9NzetmskG3ZIrMYjpafkBRm9
+t/be+v/tWzx5iqnV8fvryLHksqtScomTIly6zYo2KizRQOyoZg7Dds3ns6MKHt1K
+B4IXgbreV862MoHHvRG76RUiTuIWrOPUwGiIbBH8wr0b2x395kPHGzO49OUbWTkS
+OE0tm2RomPyNchKR8iQlbExKSFeSAMx+2NQ9uB3ynuqyIw9RDxFBHPUnABsIehI6
+BVsDJP6xeyD65KhYxsrOf76VARKdBeY5ExvAPlYuK592N97em+ANemMNpyJY2zHH
+97RGXLq2S0ixGJpos2NH/a8SXy/+EMtYKzNohQIDAQABAoIBAQCfamBBekZ9gxZt
+ztmgfvgt1WutZPdCwzgaoPnlazLE/X9FWuvYjeuN5n44V0VXVLK99q6fsufzF4d6
+6bHLr5b1Fog5oQAHPvysAfvYKU345sj37rPinla3/r7lUuLEUZnMRS0TNy4rqyiK
+eW+akEnLRnHIwjxhIwNIId83cpmnJfE7ZV7svZvk6Ctc//prFa/Y2AwkZcM2j2iG
+xc4kOXr0Y8DE4FYQEZgdJCoYfVDihcwtVXUGm+ZMBNhLzK/KuSxdjL6ySzdCSE9M
+mS4ZJPManR9LOIGsKlFsJrGWnFOm/GOMkzdBSLoEqRogHhYsvn7oDnLMHqPA/gE0
+M85ytBkVAoGBAOO/tTCd94kDfkXar+5+KvcYwQbwnMIbrN0TiIudpaSnE0dBFqU3
+oNC2K+PoGBgwEsEr2ThZCMAbz7NQJYmmNlNlSMNBzeud59F3BqMk3J6k62E0+Fnt
+C8OFfZ8V0vbdGehmeArEqHDcRJZBFsrUWb2/9/j4OYpnsozkp6H1pWQrAoGBAMXr
+jouX1qXLfKvYEpOKaSf+yjfULjT33ib885Nw2xlRzI6wkjHFsb8DERK36PA3CakU
+cdXb923tMMlLoCvSdDd6Qnx1TLRbYaJSFaOLt2we94AvjHtijM6vO7ftd1XvRWer
+/Ip9NT9X1NZxP/NTyUL3DgRmXE4L32fr2FFQEJ4PAoGBAKr2QeFY83RatvNhEigJ
+dd8/Kcc337SmacEa5KlJkgpjkMkwRvuHIqUJ2zCeDVg63hk7/TebPkJXnjaQt1z4
+9Fbt9Qz93MI+KsLGgqj9Bs/gJQE3biazFt2S25YMH+1IVCZspTgQIBF4h9Py0FU5
+ypPyAwdV7nvDE/lHu76MU7c5AoGBALUxR5ioc0vplMNF1wvXpRmGet7Nk1fOrESJ
+QvzyTsNJTbo8EDscv/Mc/Z5jXA++c0uleenNrSGoCgffAk3cJ6U6em+ye3yKREH0
+X/cPy+ZiGzfxT+0NddcqOcPS1HOJz8Jvg43Nvte0sxd3KpK7W//AacbBZzPUTry2
+/5zBbdUlAoGAYglAtoHIC0mQxAe6PXy/QRmgj87fPGsbVFOUwBf8Il2UKpfX9blv
+0rHb0kenc/DP7ZHZTgdc5qGgRyg0d3+O7W2rWTv1MiX85rUE03TCcyC2l1+M+iyx
+6IdHDjYwa4Kt0nT1JxEMjJxe1uhzJfgYJlcz5Iy4ff0xb8/aH0veedc=
+-----END RSA PRIVATE KEY-----

From 349edd40c2147f014113c16c1c8b9534a180dcbc Mon Sep 17 00:00:00 2001
From: Ludovic FLAMENT <ludovic.flament@cryptograph-ic.com>
Date: Wed, 22 Jul 2015 14:18:07 +0200
Subject: [PATCH 224/350] Add support for OpenSSH ssh-keygen tools refactor
 existing code

---
 src/ssl.c                      | 1126 +++++++++++++++++++++++---------
 wolfcrypt/src/aes.c            |   33 +
 wolfcrypt/src/asn.c            |  265 +++++---
 wolfcrypt/src/coding.c         |   33 +
 wolfcrypt/src/des3.c           |   79 ++-
 wolfcrypt/src/dsa.c            |  266 +++++++-
 wolfcrypt/src/ecc.c            |  140 ++--
 wolfcrypt/src/integer.c        |  109 +++-
 wolfcrypt/src/rsa.c            |   97 +--
 wolfcrypt/src/tfm.c            |  150 ++++-
 wolfcrypt/test/test.c          |   40 +-
 wolfssl/openssl/dsa.h          |    2 +-
 wolfssl/openssl/pem.h          |  143 ++--
 wolfssl/wolfcrypt/aes.h        |   63 +-
 wolfssl/wolfcrypt/asn.h        |   21 +-
 wolfssl/wolfcrypt/asn_public.h |    3 +-
 wolfssl/wolfcrypt/coding.h     |    2 +
 wolfssl/wolfcrypt/des3.h       |   38 +-
 wolfssl/wolfcrypt/dsa.h        |    5 +
 wolfssl/wolfcrypt/ecc.h        |   17 +-
 wolfssl/wolfcrypt/integer.h    |    3 +
 wolfssl/wolfcrypt/rsa.h        |   16 +-
 wolfssl/wolfcrypt/tfm.h        |   11 +-
 23 files changed, 1957 insertions(+), 705 deletions(-)

diff --git a/src/ssl.c b/src/ssl.c
index 626436fec..211112164 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -1546,6 +1546,20 @@ int wolfSSL_CertPemToDer(const unsigned char* pem, int pemSz,
 
 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
 
+static const char *EVP_AES_128_CBC = "AES-128-CBC";
+static const char *EVP_AES_192_CBC = "AES-192-CBC";
+static const char *EVP_AES_256_CBC = "AES-256-CBC";
+static const char *EVP_AES_128_CTR = "AES-128-CTR";
+static const char *EVP_AES_192_CTR = "AES-192-CTR";
+static const char *EVP_AES_256_CTR = "AES-256-CTR";
+static const int  EVP_AES_SIZE = 11;
+
+static const char *EVP_DES_CBC = "DES-CBC";
+static const int  EVP_DES_SIZE = 7;
+
+static const char *EVP_DES_EDE3_CBC = "DES-EDE3-CBC";
+static const int  EVP_DES_EDE3_SIZE = 12;
+
 /* our KeyPemToDer password callback, password in userData */
 static INLINE int OurPasswordCb(char* passwd, int sz, int rw, void* userdata)
 {
@@ -2162,6 +2176,7 @@ int wolfSSL_Init(void)
 
 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
 
+/* SSL_SUCCESS if ok, <= 0 else */
 static int wolfssl_decrypt_buffer_key(buffer* der, byte* password,
                                       int passwordSz, EncryptedInfo* info)
 {
@@ -2169,63 +2184,60 @@ static int wolfssl_decrypt_buffer_key(buffer* der, byte* password,
 
 #ifdef WOLFSSL_SMALL_STACK
     byte* key      = NULL;
-    byte* iv       = NULL;
 #else
     byte  key[AES_256_KEY_SIZE];
-#ifndef NO_MD5
-    byte  iv[AES_IV_SIZE];
-#endif
 #endif
 
-    if (der == NULL || password == NULL || info == NULL)
+    WOLFSSL_ENTER("wolfssl_decrypt_buffer_key");
+
+    if (der == NULL || password == NULL || info == NULL) {
+        WOLFSSL_MSG("bad arguments");
         return SSL_FATAL_ERROR;
+    }
 
     /* use file's salt for key derivation, hex decode first */
-    if (Base16_Decode(info->iv, info->ivSz, info->iv, &info->ivSz) != 0)
-        return ASN_INPUT_E;
+    if (Base16_Decode(info->iv, info->ivSz, info->iv, &info->ivSz) != 0) {
+        WOLFSSL_MSG("base16 decode failed");
+        return SSL_FATAL_ERROR;
+    }
 
 #ifndef NO_MD5
 
 #ifdef WOLFSSL_SMALL_STACK
-    iv = (byte*)XMALLOC(AES_IV_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    if (iv == NULL)
-        return MEMORY_E;
-
     key = (byte*)XMALLOC(AES_256_KEY_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     if (key == NULL) {
-        XFREE(iv, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-        return MEMORY_E;
+        WOLFSSL_MSG("memory failure");
+        return SSL_FATAL_ERROR;
     }
 #endif /* WOLFSSL_SMALL_STACK */
 
-    if ((ret = EVP_BytesToKey(info->name, "MD5", info->iv,
-                              password, passwordSz, 1, key, iv)) <= 0) {
-
+    if ((ret = wolfSSL_EVP_BytesToKey(info->name, "MD5", info->iv,
+                              password, passwordSz, 1, key, NULL)) <= 0) {
+        WOLFSSL_MSG("bytes to key failure");
 #ifdef WOLFSSL_SMALL_STACK
         XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-        XFREE(iv, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
-        return ASN_INPUT_E;
+        return SSL_FATAL_ERROR;
     }
 
 #endif /* NO_MD5 */
 
 #ifndef NO_DES3
-    if (XSTRNCMP(info->name, "DES-CBC", 7) == 0)
+    if (XSTRNCMP(info->name, EVP_DES_CBC, EVP_DES_SIZE) == 0)
         ret = wc_Des_CbcDecryptWithKey(der->buffer, der->buffer, der->length,
                                        key, info->iv);
-    else if (XSTRNCMP(info->name, "DES-EDE3-CBC", 12) == 0)
+    else if (XSTRNCMP(info->name, EVP_DES_EDE3_CBC, EVP_DES_EDE3_SIZE) == 0)
         ret = wc_Des3_CbcDecryptWithKey(der->buffer, der->buffer, der->length,
                                         key, info->iv);
 #endif /* NO_DES3 */
 #ifndef NO_AES
-    else if (XSTRNCMP(info->name, "AES-128-CBC", 11) == 0)
+    else if (XSTRNCMP(info->name, EVP_AES_128_CBC, EVP_AES_SIZE) == 0)
         ret = wc_AesCbcDecryptWithKey(der->buffer, der->buffer, der->length,
                                       key, AES_128_KEY_SIZE, info->iv);
-    else if (XSTRNCMP(info->name, "AES-192-CBC", 11) == 0)
+    else if (XSTRNCMP(info->name, EVP_AES_192_CBC, EVP_AES_SIZE) == 0)
         ret = wc_AesCbcDecryptWithKey(der->buffer, der->buffer, der->length,
                                       key, AES_192_KEY_SIZE, info->iv);
-    else if (XSTRNCMP(info->name, "AES-256-CBC", 11) == 0)
+    else if (XSTRNCMP(info->name, EVP_AES_256_CBC, EVP_AES_SIZE) == 0)
         ret = wc_AesCbcDecryptWithKey(der->buffer, der->buffer, der->length,
                                       key, AES_256_KEY_SIZE, info->iv);
 #endif /* NO_AES */
@@ -2234,34 +2246,93 @@ static int wolfssl_decrypt_buffer_key(buffer* der, byte* password,
 
 #ifdef WOLFSSL_SMALL_STACK
     XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    XFREE(iv, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
 
-    return ret;
+    if (ret == MP_OKAY)
+        return SSL_SUCCESS;
+    else if (ret == SSL_BAD_FILE)
+        return SSL_BAD_FILE;
+
+    return SSL_FATAL_ERROR;
 }
 #endif /* defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) */
 
 
-#ifndef NO_CERTS
+#if defined(WOLFSSL_KEY_GEN)
+static int wolfssl_encrypt_buffer_key(byte* der, word32 derSz, byte* password,
+                                      int passwordSz, EncryptedInfo* info)
+{
+    int ret;
 
-static const char* BEGIN_CERT         = "-----BEGIN CERTIFICATE-----";
-static const char* END_CERT           = "-----END CERTIFICATE-----";
-static const char* BEGIN_CERT_REQ     = "-----BEGIN CERTIFICATE REQUEST-----";
-static const char* END_CERT_REQ       = "-----END CERTIFICATE REQUEST-----";
-static const char* BEGIN_DH_PARAM     = "-----BEGIN DH PARAMETERS-----";
-static const char* END_DH_PARAM       = "-----END DH PARAMETERS-----";
-static const char* BEGIN_X509_CRL     = "-----BEGIN X509 CRL-----";
-static const char* END_X509_CRL       = "-----END X509 CRL-----";
-static const char* BEGIN_RSA_PRIV     = "-----BEGIN RSA PRIVATE KEY-----";
-static const char* END_RSA_PRIV       = "-----END RSA PRIVATE KEY-----";
-static const char* BEGIN_PRIV_KEY     = "-----BEGIN PRIVATE KEY-----";
-static const char* END_PRIV_KEY       = "-----END PRIVATE KEY-----";
-static const char* BEGIN_ENC_PRIV_KEY = "-----BEGIN ENCRYPTED PRIVATE KEY-----";
-static const char* END_ENC_PRIV_KEY   = "-----END ENCRYPTED PRIVATE KEY-----";
-static const char* BEGIN_EC_PRIV      = "-----BEGIN EC PRIVATE KEY-----";
-static const char* END_EC_PRIV        = "-----END EC PRIVATE KEY-----";
-static const char* BEGIN_DSA_PRIV     = "-----BEGIN DSA PRIVATE KEY-----";
-static const char* END_DSA_PRIV       = "-----END DSA PRIVATE KEY-----";
+#ifdef WOLFSSL_SMALL_STACK
+    byte* key      = NULL;
+#else
+    byte  key[AES_256_KEY_SIZE];
+#endif
+
+    WOLFSSL_ENTER("wolfssl_encrypt_buffer_key");
+
+    if (der == NULL || password == NULL || info == NULL || info->ivSz == 0) {
+        WOLFSSL_MSG("bad arguments");
+        return SSL_FATAL_ERROR;
+    }
+
+#ifndef NO_MD5
+
+#ifdef WOLFSSL_SMALL_STACK
+    key = (byte*)XMALLOC(AES_256_KEY_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    if (key == NULL) {
+        WOLFSSL_MSG("memory failure");
+        return SSL_FATAL_ERROR;
+    }
+#endif /* WOLFSSL_SMALL_STACK */
+
+    if ((ret = wolfSSL_EVP_BytesToKey(info->name, "MD5", info->iv,
+                              password, passwordSz, 1, key, NULL)) <= 0) {
+        WOLFSSL_MSG("bytes to key failure");
+#ifdef WOLFSSL_SMALL_STACK
+        XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+        return SSL_FATAL_ERROR;
+    }
+
+#endif /* NO_MD5 */
+
+#ifndef NO_DES3
+    if (XSTRNCMP(info->name, EVP_DES_CBC, EVP_DES_SIZE) == 0)
+        ret = wc_Des_CbcEncryptWithKey(der, der, derSz, key, info->iv);
+    else if (XSTRNCMP(info->name, EVP_DES_EDE3_CBC, EVP_DES_EDE3_SIZE) == 0)
+        ret = wc_Des3_CbcEncryptWithKey(der, der, derSz, key, info->iv);
+#endif /* NO_DES3 */
+#ifndef NO_AES
+    else if (XSTRNCMP(info->name, EVP_AES_128_CBC, EVP_AES_SIZE) == 0)
+        ret = wc_AesCbcEncryptWithKey(der, der, derSz,
+                                      key, AES_128_KEY_SIZE, info->iv);
+    else if (XSTRNCMP(info->name, EVP_AES_192_CBC, EVP_AES_SIZE) == 0)
+        ret = wc_AesCbcEncryptWithKey(der, der, derSz,
+                                      key, AES_192_KEY_SIZE, info->iv);
+    else if (XSTRNCMP(info->name, EVP_AES_256_CBC, EVP_AES_SIZE) == 0)
+        ret = wc_AesCbcEncryptWithKey(der, der, derSz,
+                                      key, AES_256_KEY_SIZE, info->iv);
+#endif /* NO_AES */
+    else
+        ret = SSL_BAD_FILE;
+
+#ifdef WOLFSSL_SMALL_STACK
+    XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+    
+    if (ret == MP_OKAY)
+        return SSL_SUCCESS;
+    else if (ret == SSL_BAD_FILE)
+        return SSL_BAD_FILE;
+
+    return SSL_FATAL_ERROR;
+}
+#endif /* defined(WOLFSSL_KEY_GEN) */
+
+
+#ifndef NO_CERTS
 
 /* Remove PEM header/footer, convert to ASN1, store any encrypted data
    info->consumed tracks of PEM bytes consumed in case multiple parts */
@@ -2280,6 +2351,8 @@ int PemToDer(const unsigned char* buff, long longSz, int type,
     int         sz          = (int)longSz;
     int         encrypted_key = 0;
 
+    WOLFSSL_ENTER("PemToDer");
+
     switch (type) {
         case CA_TYPE:       /* same as below */
         case CERT_TYPE:     header=BEGIN_CERT;     footer=END_CERT;     break;
@@ -2361,9 +2434,11 @@ int PemToDer(const unsigned char* buff, long longSz, int type,
             if (start && finish && (start < finish)) {
                 newline = XSTRNSTR(finish, "\r", PEM_LINE_LEN);
 
-                XMEMCPY(info->name, start, finish - start);
+                if (XMEMCPY(info->name, start, finish - start) == NULL)
+                    return SSL_FATAL_ERROR;
                 info->name[finish - start] = 0;
-                XMEMCPY(info->iv, finish + 1, sizeof(info->iv));
+                if (XMEMCPY(info->iv, finish + 1, sizeof(info->iv)) == NULL)
+                    return SSL_FATAL_ERROR;
 
                 if (!newline) newline = XSTRNSTR(finish, "\n", PEM_LINE_LEN);
                 if (newline && (newline > finish)) {
@@ -2470,7 +2545,7 @@ int PemToDer(const unsigned char* buff, long longSz, int type,
     #ifdef WOLFSSL_SMALL_STACK
             XFREE(password, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     #endif
-            if (ret != 0) {
+            if (ret != SSL_SUCCESS) {
                 XFREE(der->buffer, heap, dynamicType);
                 return ret;
             }
@@ -2702,7 +2777,7 @@ static int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
         XFREE(password, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     #endif
 
-        if (ret != 0) {
+        if (ret != SSL_SUCCESS) {
         #ifdef WOLFSSL_SMALL_STACK
             XFREE(info, NULL, DYNAMIC_TYPE_TMP_BUFFER);
         #endif
@@ -7490,30 +7565,30 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
             return 0;
     #endif
 
-        WOLFSSL_ENTER("EVP_BytesToKey");
+        WOLFSSL_ENTER("wolfSSL_EVP_BytesToKey");
         wc_InitMd5(md5);
 
         /* only support MD5 for now */
         if (XSTRNCMP(md, "MD5", 3) != 0) return 0;
 
         /* only support CBC DES and AES for now */
-        if (XSTRNCMP(type, "DES-CBC", 7) == 0) {
+        if (XSTRNCMP(type, EVP_DES_CBC, EVP_DES_SIZE) == 0) {
             keyLen = DES_KEY_SIZE;
             ivLen  = DES_IV_SIZE;
         }
-        else if (XSTRNCMP(type, "DES-EDE3-CBC", 12) == 0) {
+        else if (XSTRNCMP(type, EVP_DES_EDE3_CBC, EVP_DES_EDE3_SIZE) == 0) {
             keyLen = DES3_KEY_SIZE;
             ivLen  = DES_IV_SIZE;
         }
-        else if (XSTRNCMP(type, "AES-128-CBC", 11) == 0) {
+        else if (XSTRNCMP(type, EVP_AES_128_CBC, EVP_AES_SIZE) == 0) {
             keyLen = AES_128_KEY_SIZE;
             ivLen  = AES_IV_SIZE;
         }
-        else if (XSTRNCMP(type, "AES-192-CBC", 11) == 0) {
+        else if (XSTRNCMP(type, EVP_AES_192_CBC, EVP_AES_SIZE) == 0) {
             keyLen = AES_192_KEY_SIZE;
             ivLen  = AES_IV_SIZE;
         }
-        else if (XSTRNCMP(type, "AES-256-CBC", 11) == 0) {
+        else if (XSTRNCMP(type, EVP_AES_256_CBC, EVP_AES_SIZE) == 0) {
             keyLen = AES_256_KEY_SIZE;
             ivLen  = AES_IV_SIZE;
         }
@@ -7555,8 +7630,9 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
 
             if (ivLeft && digestLeft) {
                 int store = min(ivLeft, digestLeft);
-                XMEMCPY(&iv[ivLen - ivLeft], &digest[MD5_DIGEST_SIZE -
-                                                    digestLeft], store);
+                if (iv != NULL)
+                    XMEMCPY(&iv[ivLen - ivLeft],
+                            &digest[MD5_DIGEST_SIZE - digestLeft], store);
                 keyOutput += store;
                 ivLeft    -= store;
             }
@@ -7814,68 +7890,59 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
         /* do nothing */
     }
 
-
     const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_cbc(void)
     {
-        static const char* type = "AES128-CBC";
         WOLFSSL_ENTER("wolfSSL_EVP_aes_128_cbc");
-        return type;
+        return EVP_AES_128_CBC;
     }
 
 
     const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_cbc(void)
     {
-        static const char* type = "AES192-CBC";
         WOLFSSL_ENTER("wolfSSL_EVP_aes_192_cbc");
-        return type;
+        return EVP_AES_192_CBC;
     }
 
 
     const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_cbc(void)
     {
-        static const char* type = "AES256-CBC";
         WOLFSSL_ENTER("wolfSSL_EVP_aes_256_cbc");
-        return type;
+        return EVP_AES_256_CBC;
     }
 
 
     const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_ctr(void)
     {
-        static const char* type = "AES128-CTR";
         WOLFSSL_ENTER("wolfSSL_EVP_aes_128_ctr");
-        return type;
+        return EVP_AES_128_CTR;
     }
 
 
     const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_ctr(void)
     {
-        static const char* type = "AES192-CTR";
         WOLFSSL_ENTER("wolfSSL_EVP_aes_192_ctr");
-        return type;
+        return EVP_AES_192_CTR;
     }
 
 
     const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_ctr(void)
     {
-        static const char* type = "AES256-CTR";
         WOLFSSL_ENTER("wolfSSL_EVP_aes_256_ctr");
-        return type;
+        return EVP_AES_256_CTR;
     }
 
 
     const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_des_cbc(void)
     {
-        static const char* type = "DES-CBC";
         WOLFSSL_ENTER("wolfSSL_EVP_des_cbc");
-        return type;
+        return EVP_DES_CBC;
     }
 
 
     const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_des_ede3_cbc(void)
     {
-        static const char* type = "DES-EDE3-CBC";
         WOLFSSL_ENTER("wolfSSL_EVP_des_ede3_cbc");
-        return type;
+        return EVP_DES_EDE3_CBC;
     }
 
 
@@ -7952,9 +8019,9 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
         }
 
 #ifndef NO_AES
-        if (ctx->cipherType == AES_128_CBC_TYPE || (type &&
-                                       XSTRNCMP(type, "AES128-CBC", 10) == 0)) {
-            WOLFSSL_MSG("AES-128-CBC");
+        if (ctx->cipherType == AES_128_CBC_TYPE ||
+            (type && XSTRNCMP(type, EVP_AES_128_CBC, EVP_AES_SIZE) == 0)) {
+            WOLFSSL_MSG(EVP_AES_128_CBC);
             ctx->cipherType = AES_128_CBC_TYPE;
             ctx->keyLen     = 16;
             if (enc == 0 || enc == 1)
@@ -7971,9 +8038,9 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
                     return ret;
             }
         }
-        else if (ctx->cipherType == AES_192_CBC_TYPE || (type &&
-                                       XSTRNCMP(type, "AES192-CBC", 10) == 0)) {
-            WOLFSSL_MSG("AES-192-CBC");
+        else if (ctx->cipherType == AES_192_CBC_TYPE ||
+                 (type && XSTRNCMP(type, EVP_AES_192_CBC, EVP_AES_SIZE) == 0)) {
+            WOLFSSL_MSG(EVP_AES_192_CBC);
             ctx->cipherType = AES_192_CBC_TYPE;
             ctx->keyLen     = 24;
             if (enc == 0 || enc == 1)
@@ -7990,9 +8057,9 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
                     return ret;
             }
         }
-        else if (ctx->cipherType == AES_256_CBC_TYPE || (type &&
-                                       XSTRNCMP(type, "AES256-CBC", 10) == 0)) {
-            WOLFSSL_MSG("AES-256-CBC");
+        else if (ctx->cipherType == AES_256_CBC_TYPE ||
+                 (type && XSTRNCMP(type, EVP_AES_256_CBC, EVP_AES_SIZE) == 0)) {
+            WOLFSSL_MSG(EVP_AES_256_CBC);
             ctx->cipherType = AES_256_CBC_TYPE;
             ctx->keyLen     = 32;
             if (enc == 0 || enc == 1)
@@ -8010,9 +8077,9 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
             }
         }
 #ifdef WOLFSSL_AES_COUNTER
-        else if (ctx->cipherType == AES_128_CTR_TYPE || (type &&
-                                       XSTRNCMP(type, "AES128-CTR", 10) == 0)) {
-            WOLFSSL_MSG("AES-128-CTR");
+        else if (ctx->cipherType == AES_128_CTR_TYPE ||
+                 (type && XSTRNCMP(type, EVP_AES_128_CTR, EVP_AES_SIZE) == 0)) {
+            WOLFSSL_MSG(EVP_AES_128_CTR);
             ctx->cipherType = AES_128_CTR_TYPE;
             ctx->keyLen     = 16;
             if (enc == 0 || enc == 1)
@@ -8029,9 +8096,9 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
                     return ret;
             }
         }
-        else if (ctx->cipherType == AES_192_CTR_TYPE || (type &&
-                                       XSTRNCMP(type, "AES192-CTR", 10) == 0)) {
-            WOLFSSL_MSG("AES-192-CTR");
+        else if (ctx->cipherType == AES_192_CTR_TYPE ||
+                 (type && XSTRNCMP(type, EVP_AES_192_CTR, EVP_AES_SIZE) == 0)) {
+            WOLFSSL_MSG(EVP_AES_192_CTR);
             ctx->cipherType = AES_192_CTR_TYPE;
             ctx->keyLen     = 24;
             if (enc == 0 || enc == 1)
@@ -8048,9 +8115,9 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
                     return ret;
             }
         }
-        else if (ctx->cipherType == AES_256_CTR_TYPE || (type &&
-                                       XSTRNCMP(type, "AES256-CTR", 10) == 0)) {
-            WOLFSSL_MSG("AES-256-CTR");
+        else if (ctx->cipherType == AES_256_CTR_TYPE ||
+                 (type && XSTRNCMP(type, EVP_AES_256_CTR, EVP_AES_SIZE) == 0)) {
+            WOLFSSL_MSG(EVP_AES_256_CTR);
             ctx->cipherType = AES_256_CTR_TYPE;
             ctx->keyLen     = 32;
             if (enc == 0 || enc == 1)
@@ -8071,9 +8138,9 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
 #endif /* NO_AES */
 
 #ifndef NO_DES3
-        else if (ctx->cipherType == DES_CBC_TYPE || (type &&
-                                       XSTRNCMP(type, "DES-CBC", 7) == 0)) {
-            WOLFSSL_MSG("DES-CBC");
+        else if (ctx->cipherType == DES_CBC_TYPE ||
+                 (type && XSTRNCMP(type, EVP_DES_CBC, EVP_DES_SIZE) == 0)) {
+            WOLFSSL_MSG(EVP_DES_CBC);
             ctx->cipherType = DES_CBC_TYPE;
             ctx->keyLen     = 8;
             if (enc == 0 || enc == 1)
@@ -8088,9 +8155,10 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
             if (iv && key == NULL)
                 wc_Des_SetIV(&ctx->cipher.des, iv);
         }
-        else if (ctx->cipherType == DES_EDE3_CBC_TYPE || (type &&
-                                     XSTRNCMP(type, "DES-EDE3-CBC", 11) == 0)) {
-            WOLFSSL_MSG("DES-EDE3-CBC");
+        else if (ctx->cipherType == DES_EDE3_CBC_TYPE ||
+                 (type &&
+                  XSTRNCMP(type, EVP_DES_EDE3_CBC, EVP_DES_EDE3_SIZE) == 0)) {
+            WOLFSSL_MSG(EVP_DES_EDE3_CBC);
             ctx->cipherType = DES_EDE3_CBC_TYPE;
             ctx->keyLen     = 24;
             if (enc == 0 || enc == 1)
@@ -10926,7 +10994,7 @@ int wolfSSL_RAND_bytes(unsigned char* buf, int num)
     RNG    tmpRNG[1];
 #endif
 
-    WOLFSSL_ENTER("RAND_bytes");
+    WOLFSSL_ENTER("wolfSSL_RAND_bytes");
 
 #ifdef WOLFSSL_SMALL_STACK
     tmpRNG = (RNG*)XMALLOC(sizeof(RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -11035,6 +11103,7 @@ void wolfSSL_BN_free(WOLFSSL_BIGNUM* bn)
             bn->internal = NULL;
         }
         XFREE(bn, NULL, DYNAMIC_TYPE_BIGINT);
+        bn = NULL;
     }
 }
 
@@ -11327,7 +11396,7 @@ int wolfSSL_BN_set_bit(WOLFSSL_BIGNUM* bn, int n)
         return SSL_FAILURE;
     }
 
-    if (mp_set_int((mp_int*)bn->internal, n) != MP_OKAY) {
+    if (mp_set_bit((mp_int*)bn->internal, n) != MP_OKAY) {
         WOLFSSL_MSG("mp_set_int error");
         return SSL_FAILURE;
     }
@@ -11485,6 +11554,7 @@ int wolfSSL_BN_lshift(WOLFSSL_BIGNUM *r, const WOLFSSL_BIGNUM *bn, int n)
 
     if (mp_mul_2d((mp_int*)bn->internal, n, (mp_int*)r->internal) != MP_OKAY) {
         WOLFSSL_MSG("mp_mul_2d error");
+        wolfSSL_BN_free(r);
         return SSL_FAILURE;
     }
 
@@ -11515,11 +11585,11 @@ int wolfSSL_BN_rshift(WOLFSSL_BIGNUM *r, const WOLFSSL_BIGNUM *bn, int n)
     if (mp_div_2d((mp_int*)bn->internal, n,
                   (mp_int*)r->internal, NULL) != MP_OKAY) {
         WOLFSSL_MSG("mp_mul_2d error");
+        wolfSSL_BN_free(r);
         return SSL_FAILURE;
     }
 
     return SSL_SUCCESS;
-
 }
 
 /* return code compliant with OpenSSL :
@@ -11596,7 +11666,6 @@ int wolfSSL_BN_is_prime_ex(const WOLFSSL_BIGNUM *bn, int nbchecks,
 
     return SSL_SUCCESS;
 }
-#endif /* #ifdef WOLFSSL_KEY_GEN */
 
 /* return code compliant with OpenSSL :
  *   (bn mod w) if success, -1 if error
@@ -11604,7 +11673,6 @@ int wolfSSL_BN_is_prime_ex(const WOLFSSL_BIGNUM *bn, int nbchecks,
 WOLFSSL_BN_ULONG wolfSSL_BN_mod_word(const WOLFSSL_BIGNUM *bn,
                                      WOLFSSL_BN_ULONG w)
 {
-    mp_int mod, res;
     WOLFSSL_BN_ULONG ret = 0;
 
     WOLFSSL_MSG("wolfSSL_BN_mod_word");
@@ -11614,32 +11682,16 @@ WOLFSSL_BN_ULONG wolfSSL_BN_mod_word(const WOLFSSL_BIGNUM *bn,
         return SSL_FATAL_ERROR;
     }
 
-    if (mp_init_multi(&mod, &res, NULL, NULL, NULL, NULL) != MP_OKAY) {
-        WOLFSSL_MSG("mp_init error");
-        return SSL_FATAL_ERROR;
-    }
-
-    if (mp_set_int(&mod, w) != MP_OKAY) {
-        WOLFSSL_MSG("mp_set_int error");
-        mp_clear(&mod);
-        return SSL_FATAL_ERROR;
-    }
-
-    if (mp_mod((mp_int*)bn->internal, &mod, &res) != MP_OKAY) {
+    if (mp_mod_d((mp_int*)bn->internal, w, &ret) != MP_OKAY) {
         WOLFSSL_MSG("mp_add_d error");
-        mp_clear(&mod);
-        mp_clear(&res);
         return SSL_FATAL_ERROR;
     }
 
-    ret = res.dp[0];
-
-    mp_clear(&mod);
-    mp_clear(&res);
     return ret;
 }
+#endif /* #ifdef WOLFSSL_KEY_GEN */
 
-#if (defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY)) && defined(HAVE_ECC)
+#if defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY)
 char *wolfSSL_BN_bn2hex(const WOLFSSL_BIGNUM *bn)
 {
     int len = 0;
@@ -11697,7 +11749,7 @@ int wolfSSL_BN_print_fp(FILE *fp, const WOLFSSL_BIGNUM *bn)
     return SSL_SUCCESS;
 }
 
-#else /* defined(HAVE_ECC) */
+#else /* defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) */
 
 char *wolfSSL_BN_bn2hex(const WOLFSSL_BIGNUM *bn)
 {
@@ -11720,7 +11772,8 @@ int wolfSSL_BN_print_fp(FILE *fp, const WOLFSSL_BIGNUM *bn)
 
     return SSL_SUCCESS;
 }
-#endif /*(defined(WOLFSSL_KEY_GEN)||defined(HAVE_COMP_KEY))&&defined(HAVE_ECC)*/
+#endif /* defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) */
+
 
 WOLFSSL_BIGNUM *wolfSSL_BN_CTX_get(WOLFSSL_BN_CTX *ctx)
 {
@@ -12097,36 +12150,9 @@ void wolfSSL_DSA_free(WOLFSSL_DSA* dsa)
         InitwolfSSL_DSA(dsa);  /* set back to NULLs for safety */
 
         XFREE(dsa, NULL, DYNAMIC_TYPE_DSA);
+        dsa = NULL;
     }
 }
-
-
-int wolfSSL_DSA_generate_key(WOLFSSL_DSA* dsa)
-{
-    (void)dsa;
-
-    WOLFSSL_MSG("wolfSSL_DSA_generate_key");
-
-    return 0;  /* key gen not needed by server */
-}
-
-
-int wolfSSL_DSA_generate_parameters_ex(WOLFSSL_DSA* dsa, int bits,
-               unsigned char* seed, int seedLen, int* counterRet,
-               unsigned long* hRet, void* cb)
-{
-    (void)dsa;
-    (void)bits;
-    (void)seed;
-    (void)seedLen;
-    (void)counterRet;
-    (void)hRet;
-    (void)cb;
-
-    WOLFSSL_MSG("wolfSSL_DSA_generate_parameters_ex");
-
-    return 0;  /* key gen not needed by server */
-}
 #endif /* NO_DSA */
 
 #ifndef NO_RSA
@@ -12203,6 +12229,7 @@ void wolfSSL_RSA_free(WOLFSSL_RSA* rsa)
         InitwolfSSL_Rsa(rsa);  /* set back to NULLs for safety */
 
         XFREE(rsa, NULL, DYNAMIC_TYPE_RSA);
+        rsa = NULL;
     }
 }
 #endif /* NO_RSA */
@@ -12238,7 +12265,7 @@ static int SetIndividualInternal(WOLFSSL_BIGNUM* bn, mp_int* mpi)
 {
     WOLFSSL_MSG("Entering SetIndividualInternal");
 
-    if (bn == NULL) {
+    if (bn == NULL || bn->internal == NULL) {
         WOLFSSL_MSG("bn NULL error");
         return SSL_FATAL_ERROR;
     }
@@ -12333,16 +12360,24 @@ static int SetDsaInternal(WOLFSSL_DSA* dsa)
         return SSL_FATAL_ERROR;
     }
 
-    if (dsa->pub_key != NULL &&
-        SetIndividualInternal(dsa->pub_key, &key->y) != SSL_SUCCESS) {
-        WOLFSSL_MSG("rsa pub_key error");
-        return SSL_FATAL_ERROR;
+    if (dsa->pub_key != NULL) {
+        if (SetIndividualInternal(dsa->pub_key, &key->y) != SSL_SUCCESS) {
+            WOLFSSL_MSG("rsa pub_key error");
+            return SSL_FATAL_ERROR;
+        }
+
+        /* public key */
+        key->type = DSA_PUBLIC;
     }
 
-    if (dsa->priv_key != NULL &&
-        SetIndividualInternal(dsa->priv_key, &key->x) != SSL_SUCCESS) {
-        WOLFSSL_MSG("rsa priv_key error");
-        return SSL_FATAL_ERROR;
+    if (dsa->priv_key != NULL) {
+        if (SetIndividualInternal(dsa->priv_key, &key->x) != SSL_SUCCESS) {
+            WOLFSSL_MSG("rsa priv_key error");
+            return SSL_FATAL_ERROR;
+        }
+
+        /* private key */
+        key->type = DSA_PRIVATE;
     }
 
     dsa->inSet = 1;
@@ -12434,10 +12469,17 @@ static int SetRsaInternal(WOLFSSL_RSA* rsa)
         return SSL_FATAL_ERROR;
     }
 
-    if (rsa->d != NULL &&
-        SetIndividualInternal(rsa->d, &key->d) != SSL_SUCCESS) {
-        WOLFSSL_MSG("rsa d key error");
-        return SSL_FATAL_ERROR;
+    /* public key */
+    key->type = RSA_PUBLIC;
+
+    if (rsa->d != NULL) {
+        if (SetIndividualInternal(rsa->d, &key->d) != SSL_SUCCESS) {
+            WOLFSSL_MSG("rsa d key error");
+            return SSL_FATAL_ERROR;
+        }
+
+        /* private key */
+        key->type = RSA_PRIVATE;
     }
 
     if (rsa->p != NULL &&
@@ -12476,19 +12518,25 @@ static int SetRsaInternal(WOLFSSL_RSA* rsa)
 }
 
 
-/* SSL_SUCCESS on ok */
+/* return compliant with OpenSSL
+ *   1 if success, 0 if error
+ */
 int wolfSSL_RSA_generate_key_ex(WOLFSSL_RSA* rsa, int bits, WOLFSSL_BIGNUM* bn,
                                 void* cb)
 {
-    int ret = SSL_FATAL_ERROR;
+    int ret = SSL_FAILURE;
 
-    WOLFSSL_MSG("wolfSSL_RSA_generate_key_ex");
-
-    (void)rsa;
-    (void)bits;
     (void)cb;
     (void)bn;
 
+    WOLFSSL_ENTER("wolfSSL_RSA_generate_key_ex");
+
+    if (rsa == NULL || rsa->internal == NULL ||
+        bits < RSA_MIN_SIZE || bits > RSA_MAX_SIZE) {
+        WOLFSSL_MSG("bad arguments");
+        return SSL_FAILURE;
+    }
+
 #ifdef WOLFSSL_KEY_GEN
     {
     #ifdef WOLFSSL_SMALL_STACK
@@ -12500,12 +12548,13 @@ int wolfSSL_RSA_generate_key_ex(WOLFSSL_RSA* rsa, int bits, WOLFSSL_BIGNUM* bn,
     #ifdef WOLFSSL_SMALL_STACK
         rng = (RNG*)XMALLOC(sizeof(RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
         if (rng == NULL)
-            return SSL_FATAL_ERROR;
+            return SSL_FAILURE;
     #endif
 
         if (wc_InitRng(rng) < 0)
             WOLFSSL_MSG("RNG init failed");
-        else if (wc_MakeRsaKey((RsaKey*)rsa->internal, bits, 65537, rng) < 0)
+        else if (wc_MakeRsaKey((RsaKey*)rsa->internal,
+                               bits, 65537, rng) != MP_OKAY)
             WOLFSSL_MSG("wc_MakeRsaKey failed");
         else if (SetRsaExternal(rsa) != SSL_SUCCESS)
             WOLFSSL_MSG("SetRsaExternal failed");
@@ -12585,8 +12634,146 @@ int wolfSSL_RSA_size(const WOLFSSL_RSA* rsa)
 }
 #endif /* NO_RSA */
 
-
 #ifndef NO_DSA
+/* return code compliant with OpenSSL :
+ *   1 if success, 0 if error
+ */
+int wolfSSL_DSA_generate_key(WOLFSSL_DSA* dsa)
+{
+    int ret = SSL_FAILURE;
+
+    WOLFSSL_ENTER("wolfSSL_DSA_generate_key");
+
+    if (dsa == NULL || dsa->internal == NULL) {
+        WOLFSSL_MSG("Bad arguments");
+        return SSL_FAILURE;
+    }
+
+#ifdef WOLFSSL_KEY_GEN
+    {
+        int initTmpRng = 0;
+        RNG *rng = NULL;
+#ifdef WOLFSSL_SMALL_STACK
+        RNG *tmpRNG = NULL;
+#else
+        RNG tmpRNG[1];
+#endif
+
+#ifdef WOLFSSL_SMALL_STACK
+        tmpRNG = (RNG*)XMALLOC(sizeof(RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        if (tmpRNG == NULL)
+            return SSL_FATAL_ERROR;
+#endif
+        if (wc_InitRng(tmpRNG) == 0) {
+            rng = tmpRNG;
+            initTmpRng = 1;
+        }
+        else {
+            WOLFSSL_MSG("Bad RNG Init, trying global");
+            if (initGlobalRNG == 0)
+                WOLFSSL_MSG("Global RNG no Init");
+            else
+                rng = &globalRNG;
+        }
+
+        if (rng) {
+            if (wc_MakeDsaKey(rng, (DsaKey*)dsa->internal) != MP_OKAY)
+                WOLFSSL_MSG("wc_MakeDsaKey failed");
+            else if (SetDsaExternal(dsa) != SSL_SUCCESS)
+                WOLFSSL_MSG("SetDsaExternal failed");
+            else
+                ret = SSL_SUCCESS;
+        }
+
+        if (initTmpRng)
+            wc_FreeRng(tmpRNG);
+
+#ifdef WOLFSSL_SMALL_STACK
+        XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+    }
+#else /* WOLFSSL_KEY_GEN */
+    WOLFSSL_MSG("No Key Gen built in");
+#endif
+    return ret;
+}
+
+/* return code compliant with OpenSSL :
+ *   1 if success, 0 if error
+ */
+int wolfSSL_DSA_generate_parameters_ex(WOLFSSL_DSA* dsa, int bits,
+                                       unsigned char* seed, int seedLen,
+                                       int* counterRet,
+                                       unsigned long* hRet, void* cb)
+{
+    int ret = SSL_FAILURE;
+
+    (void)seed;
+    (void)seedLen;
+    (void)counterRet;
+    (void)hRet;
+    (void)cb;
+
+    WOLFSSL_ENTER("wolfSSL_DSA_generate_parameters_ex");
+
+    if (dsa == NULL || dsa->internal == NULL) {
+        WOLFSSL_MSG("Bad arguments");
+        return SSL_FAILURE;
+    }
+
+#ifdef WOLFSSL_KEY_GEN
+    {
+        int initTmpRng = 0;
+        RNG *rng = NULL;
+#ifdef WOLFSSL_SMALL_STACK
+        RNG *tmpRNG = NULL;
+#else
+        RNG tmpRNG[1];
+#endif
+
+#ifdef WOLFSSL_SMALL_STACK
+        tmpRNG = (RNG*)XMALLOC(sizeof(RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        if (tmpRNG == NULL)
+            return SSL_FATAL_ERROR;
+#endif
+        if (wc_InitRng(tmpRNG) == 0) {
+            rng = tmpRNG;
+            initTmpRng = 1;
+        }
+        else {
+            WOLFSSL_MSG("Bad RNG Init, trying global");
+            if (initGlobalRNG == 0)
+                WOLFSSL_MSG("Global RNG no Init");
+            else
+                rng = &globalRNG;
+        }
+
+        if (rng) {
+            if (wc_MakeDsaParameters(rng, bits,
+                                     (DsaKey*)dsa->internal) != MP_OKAY)
+                WOLFSSL_MSG("wc_MakeDsaParameters failed");
+            else if (SetDsaExternal(dsa) != SSL_SUCCESS)
+                WOLFSSL_MSG("SetDsaExternal failed");
+            else {
+                dsa->inSet = 1;
+                ret = SSL_SUCCESS;
+            }
+        }
+
+        if (initTmpRng)
+            wc_FreeRng(tmpRNG);
+
+#ifdef WOLFSSL_SMALL_STACK
+        XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+    }
+#else /* WOLFSSL_KEY_GEN */
+    WOLFSSL_MSG("No Key Gen built in");
+#endif
+
+    return ret;
+}
+
 /* return SSL_SUCCESS on success, < 0 otherwise */
 int wolfSSL_DSA_do_sign(const unsigned char* d, unsigned char* sigRet,
                        WOLFSSL_DSA* dsa)
@@ -12616,6 +12803,7 @@ int wolfSSL_DSA_do_sign(const unsigned char* d, unsigned char* sigRet,
             return ret;
         }
     }
+
 #ifdef WOLFSSL_SMALL_STACK
     tmpRNG = (RNG*)XMALLOC(sizeof(RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
     if (tmpRNG == NULL)
@@ -13202,20 +13390,123 @@ void wolfSSL_OPENSSL_free(void* p)
     XFREE(p, NULL, 0);
 }
 
+#if defined(WOLFSSL_KEY_GEN)
+
+static int EncryptDerKey(byte *der, int *derSz, const EVP_CIPHER* cipher,
+                         unsigned char* passwd, int passwdSz, byte **cipherInfo)
+{
+    int ret, paddingSz;
+    word32 idx, cipherInfoSz;
+#ifdef WOLFSSL_SMALL_STACK
+    EncryptedInfo* info = NULL;
+#else
+    EncryptedInfo  info[1];
+#endif
+
+    WOLFSSL_ENTER("EncryptDerKey");
+
+    if (der == NULL || derSz == NULL || cipher == NULL ||
+        passwd == NULL || cipherInfo == NULL)
+        return BAD_FUNC_ARG;
+
+#ifdef WOLFSSL_SMALL_STACK
+    info = (EncryptedInfo*)XMALLOC(sizeof(EncryptedInfo), NULL,
+                                   DYNAMIC_TYPE_TMP_BUFFER);
+    if (info == NULL) {
+        WOLFSSL_MSG("malloc failed");
+        return SSL_FAILURE;
+    }
+#endif
+    info->set      = 0;
+    info->ctx      = NULL;
+    info->consumed = 0;
+
+    /* set iv size */
+    if (XSTRNCMP(cipher, "DES", 3) == 0)
+        info->ivSz = DES_IV_SIZE;
+    else if (XSTRNCMP(cipher, "AES", 3) == 0)
+        info->ivSz = AES_IV_SIZE;
+    else {
+        WOLFSSL_MSG("unsupported cipher");
+#ifdef WOLFSSL_SMALL_STACK
+        XFREE(info, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+        return SSL_FAILURE;
+    }
+
+    /* set the cipher name on info */
+    XSTRNCPY(info->name, cipher, NAME_SZ);
+
+    /* Generate a random salt */
+    if (wolfSSL_RAND_bytes(info->iv, info->ivSz) != SSL_SUCCESS) {
+        WOLFSSL_MSG("generate iv failed");
+#ifdef WOLFSSL_SMALL_STACK
+        XFREE(info, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+        return SSL_FAILURE;
+    }
+
+    /* add the padding before encryption */
+    paddingSz = ((*derSz)/info->ivSz + 1) * info->ivSz - (*derSz);
+    if (paddingSz == 0)
+        paddingSz = info->ivSz;
+    XMEMSET(der+(*derSz), (byte)paddingSz, paddingSz);
+    (*derSz) += paddingSz;
+
+    /* encrypt buffer */
+    if (wolfssl_encrypt_buffer_key(der, *derSz,
+                                   passwd, passwdSz, info) != SSL_SUCCESS) {
+        WOLFSSL_MSG("encrypt key failed");
+#ifdef WOLFSSL_SMALL_STACK
+        XFREE(info, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+        return SSL_FAILURE;
+    }
+
+    /* create cipher info : 'cipher_name,Salt(hex)' */
+    cipherInfoSz = (word32)(2*info->ivSz + XSTRLEN(info->name) + 2);
+    *cipherInfo = (byte*)XMALLOC(cipherInfoSz, NULL,
+                                DYNAMIC_TYPE_TMP_BUFFER);
+    if (*cipherInfo == NULL) {
+        WOLFSSL_MSG("malloc failed");
+#ifdef WOLFSSL_SMALL_STACK
+        XFREE(info, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+        return SSL_FAILURE;
+    }
+    XSTRNCPY((char*)*cipherInfo, info->name, cipherInfoSz);
+    XSTRNCAT((char*)*cipherInfo, ",", 1);
+
+    idx = (word32)XSTRLEN((char*)*cipherInfo);
+    cipherInfoSz -= idx;
+    ret = Base16_Encode(info->iv, info->ivSz, *cipherInfo+idx, &cipherInfoSz);
+
+#ifdef WOLFSSL_SMALL_STACK
+    XFREE(info, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+    if (ret != 0) {
+        WOLFSSL_MSG("Base16_Encode failed");
+        XFREE(*cipherInfo, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        return SSL_FAILURE;
+    }
+
+    return SSL_SUCCESS;
+}
+#endif /* defined(WOLFSSL_KEY_GEN) */
+
 #if defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA)
 
-int wolfSSL_PEM_write_buf_RSAPrivateKey(RSA* rsa, const EVP_CIPHER* cipher,
-                                        unsigned char* passwd, int len,
+/* return code compliant with OpenSSL :
+ *   1 if success, 0 if error
+ */
+int wolfSSL_PEM_write_mem_RSAPrivateKey(RSA* rsa, const EVP_CIPHER* cipher,
+                                        unsigned char* passwd, int passwdSz,
                                         byte **pem, int *plen)
 {
-    (void)cipher;
-    (void)passwd;
-    (void)len;
+    byte *der, *tmp, *cipherInfo = NULL;
+    int  der_max_len = 0, derSz = 0;
 
-    byte *der, *tmp;
-    int    der_max_len = 0, derSz = 0;
-
-    WOLFSSL_MSG("wolfSSL_PEM_write_buf_RSAPrivateKey");
+    WOLFSSL_ENTER("wolfSSL_PEM_write_mem_RSAPrivateKey");
 
     if (pem == NULL || plen == NULL || rsa == NULL || rsa->internal == NULL) {
         WOLFSSL_MSG("Bad function arguments");
@@ -13231,8 +13522,7 @@ int wolfSSL_PEM_write_buf_RSAPrivateKey(RSA* rsa, const EVP_CIPHER* cipher,
         }
     }
 
-    der_max_len = 5 * wolfSSL_RSA_size(rsa);
-    printf("der_max_len = %d\n", der_max_len);
+    der_max_len = 5 * wolfSSL_RSA_size(rsa) + 16;
 
     der = (byte*)XMALLOC(der_max_len, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     if (der == NULL) {
@@ -13248,23 +13538,45 @@ int wolfSSL_PEM_write_buf_RSAPrivateKey(RSA* rsa, const EVP_CIPHER* cipher,
         return SSL_FAILURE;
     }
 
-    /* tmp buffer with a max size */
-    *plen = (derSz * 2) + sizeof(BEGIN_RSA_PRIV) + sizeof(END_RSA_PRIV);
+    /* encrypt DER buffer if required */
+    if (passwd != NULL && passwdSz > 0 && cipher != NULL) {
+        int ret;
+
+        ret = EncryptDerKey(der, &derSz, cipher,
+                            passwd, passwdSz, &cipherInfo);
+        if (ret != SSL_SUCCESS) {
+            WOLFSSL_MSG("EncryptDerKey failed");
+            XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+            return ret;
+        }
+
+        /* tmp buffer with a max size */
+        *plen = (derSz * 2) + sizeof(BEGIN_RSA_PRIV) +
+                sizeof(END_RSA_PRIV) + HEADER_ENCRYPTED_KEY_SIZE;
+    }
+    else /* tmp buffer with a max size */
+        *plen = (derSz * 2) + sizeof(BEGIN_RSA_PRIV) + sizeof(END_RSA_PRIV);
+
     tmp = (byte*)XMALLOC(*plen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     if (tmp == NULL) {
         WOLFSSL_MSG("malloc failed");
+        XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
         return SSL_FAILURE;
     }
 
     /* DER to PEM */
-    *plen = wc_DerToPem(der, derSz, tmp, *plen, PRIVATEKEY_TYPE);
+    *plen = wc_DerToPem(der, derSz, tmp, *plen, cipherInfo, PRIVATEKEY_TYPE);
     if (*plen <= 0) {
         WOLFSSL_MSG("wc_DerToPem failed");
         XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
         XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        if (cipherInfo != NULL)
+            XFREE(cipherInfo, NULL, DYNAMIC_TYPE_TMP_BUFFER);
         return SSL_FAILURE;
     }
     XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    if (cipherInfo != NULL)
+        XFREE(cipherInfo, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 
     *pem = (byte*)XMALLOC((*plen)+1, NULL, DYNAMIC_TYPE_OUT_BUFFER);
     if (*pem == NULL) {
@@ -13275,29 +13587,30 @@ int wolfSSL_PEM_write_buf_RSAPrivateKey(RSA* rsa, const EVP_CIPHER* cipher,
     XMEMSET(*pem, 0, (*plen)+1);
 
     if (XMEMCPY(*pem, tmp, *plen) == NULL) {
-        WOLFSSL_MSG("malloc failed");
+        WOLFSSL_MSG("memcpy failed");
         XFREE(pem, NULL, DYNAMIC_TYPE_OUT_BUFFER);
         XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
         return SSL_FAILURE;
     }
+    XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 
     return SSL_SUCCESS;
 }
 
+/* return code compliant with OpenSSL :
+ *   1 if success, 0 if error
+ */
 int wolfSSL_PEM_write_RSAPrivateKey(FILE *fp, WOLFSSL_RSA *rsa,
                                     const EVP_CIPHER *enc,
                                     unsigned char *kstr, int klen,
                                     pem_password_cb *cb, void *u)
 {
-    (void)enc;
-    (void)kstr;
-    (void)klen;
+    byte *pem;
+    int  plen, ret;
+
     (void)cb;
     (void)u;
 
-    byte    *pem;
-    int     plen, ret;
-
     WOLFSSL_MSG("wolfSSL_PEM_write_RSAPrivateKey");
 
     if (fp == NULL || rsa == NULL || rsa->internal == NULL) {
@@ -13305,9 +13618,9 @@ int wolfSSL_PEM_write_RSAPrivateKey(FILE *fp, WOLFSSL_RSA *rsa,
         return SSL_FAILURE;
     }
 
-    ret = wolfSSL_PEM_write_buf_RSAPrivateKey(rsa, enc, NULL, 0, &pem, &plen);
-    if (ret != 1) {
-        WOLFSSL_MSG("wolfSSL_PEM_write_buf_RSAPrivateKey failed");
+    ret = wolfSSL_PEM_write_mem_RSAPrivateKey(rsa, enc, kstr, klen, &pem, &plen);
+    if (ret != SSL_SUCCESS) {
+        WOLFSSL_MSG("wolfSSL_PEM_write_mem_RSAPrivateKey failed");
         return SSL_FAILURE;
     }
 
@@ -13340,24 +13653,6 @@ int wolfSSL_PEM_write_bio_RSAPrivateKey(WOLFSSL_BIO* bio, RSA* rsa,
 }
 #endif /* defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) */
 
-int wolfSSL_PEM_write_bio_ECPrivateKey(WOLFSSL_BIO* bio, WOLFSSL_EC_KEY* ec,
-                                       const EVP_CIPHER* cipher,
-                                       unsigned char* passwd, int len,
-                                       pem_password_cb cb, void* arg)
-{
-    (void)bio;
-    (void)ec;
-    (void)cipher;
-    (void)passwd;
-    (void)len;
-    (void)cb;
-    (void)arg;
-
-    WOLFSSL_MSG("wolfSSL_PEM_write_bio_ECPrivateKey not implemented");
-
-    return SSL_FAILURE;
-}
-
 #ifdef HAVE_ECC
 
 /* EC_POINT Openssl -> WolfSSL */
@@ -13447,7 +13742,7 @@ static int SetECKeyExternal(WOLFSSL_EC_KEY* eckey)
 
     if (eckey->pub_key->internal != NULL) {
         /* set the internal public key */
-        if (ecc_copy_point(&key->pubkey, eckey->pub_key->internal) != MP_OKAY) {
+        if (wc_ecc_copy_point(&key->pubkey, eckey->pub_key->internal) != MP_OKAY) {
             WOLFSSL_MSG("SetECKeyExternal ecc_copy_point failed");
             return SSL_FATAL_ERROR;
         }
@@ -13486,29 +13781,38 @@ static int SetECKeyInternal(WOLFSSL_EC_KEY* eckey)
 
     key = (ecc_key*)eckey->internal;
 
+    /* validate group */
+    if ((eckey->group->curve_idx < 0) ||
+        (wc_ecc_is_valid_idx(eckey->group->curve_idx) == 0)) {
+        WOLFSSL_MSG("invalid curve idx");
+        return SSL_FATAL_ERROR;
+    }
+
     /* set group (idx of curve and corresponding domain parameters) */
     key->idx = eckey->group->curve_idx;
     key->dp = &ecc_sets[key->idx];
 
     /* set pubkey (point) */
-    if (eckey->pub_key != NULL && eckey->pub_key->internal != NULL) {
+    if (eckey->pub_key != NULL) {
         if (SetECPointInternal(eckey->pub_key) != SSL_SUCCESS) {
-            WOLFSSL_MSG("SetECPointInternal failure");
+            WOLFSSL_MSG("ec key pub error");
             return SSL_FATAL_ERROR;
         }
+
+        /* public key */
+        key->type = ECC_PUBLICKEY;
     }
 
     /* set privkey */
-    if (eckey->priv_key != NULL && eckey->priv_key->internal != NULL) {
-        key->type = ECC_PRIVATEKEY;
-
+    if (eckey->priv_key != NULL) {
         if (SetIndividualInternal(eckey->priv_key, &key->k) != SSL_SUCCESS) {
-            WOLFSSL_MSG("rsa p key error");
+            WOLFSSL_MSG("ec key priv error");
             return SSL_FATAL_ERROR;
         }
+
+        /* private key */
+        key->type = ECC_PRIVATEKEY;
     }
-    else
-        key->type = ECC_PUBLICKEY;
 
     eckey->inSet = 1;
 
@@ -13539,21 +13843,40 @@ const WOLFSSL_EC_GROUP *wolfSSL_EC_KEY_get0_group(const WOLFSSL_EC_KEY *key)
     return key->group;
 }
 
+
 /* return code compliant with OpenSSL :
  *   1 if success, 0 if error
  */
 int wolfSSL_EC_KEY_set_private_key(WOLFSSL_EC_KEY *key,
                                    const WOLFSSL_BIGNUM *priv_key)
 {
-    (void)key;
-    (void)priv_key;
-
     WOLFSSL_ENTER("wolfSSL_EC_KEY_set_private_key");
-    WOLFSSL_MSG("wolfSSL_EC_KEY_set_private_key TBD");
 
-    return SSL_FAILURE;
+    if (key == NULL || priv_key == NULL) {
+        WOLFSSL_MSG("Bad arguments");
+        return SSL_FAILURE;
+    }
+
+    /* free key if previously set */
+    if (key->priv_key != NULL)
+        wolfSSL_BN_free(key->priv_key);
+
+    key->priv_key = wolfSSL_BN_dup(priv_key);
+    if (key->priv_key == NULL) {
+        WOLFSSL_MSG("key ecc priv key NULL");
+        return SSL_FAILURE;
+    }
+
+    if (SetECKeyInternal(key) != SSL_SUCCESS) {
+        WOLFSSL_MSG("SetECKeyInternal failed");
+        wolfSSL_BN_free(key->priv_key);
+        return SSL_FAILURE;
+    }
+
+    return SSL_SUCCESS;
 }
 
+
 WOLFSSL_BIGNUM *wolfSSL_EC_KEY_get0_private_key(const WOLFSSL_EC_KEY *key)
 {
     WOLFSSL_ENTER("wolfSSL_EC_KEY_get0_private_key");
@@ -13807,14 +14130,14 @@ int wolfSSL_EC_KEY_set_public_key(WOLFSSL_EC_KEY *key,
 
     /* create new point if required */
     if (key_p == NULL)
-        key_p = ecc_new_point();
+        key_p = wc_ecc_new_point();
 
     if (key_p == NULL) {
         WOLFSSL_MSG("key ecc point NULL");
         return SSL_FAILURE;
     }
 
-    if (ecc_copy_point(pub_p, key_p) != MP_OKAY) {
+    if (wc_ecc_copy_point(pub_p, key_p) != MP_OKAY) {
         WOLFSSL_MSG("ecc_copy_point failure");
         return SSL_FAILURE;
     }
@@ -13829,7 +14152,6 @@ int wolfSSL_EC_KEY_set_public_key(WOLFSSL_EC_KEY *key,
     wolfssl_EC_POINT_dump("key->pub_key", key->pub_key);
 #endif
     return SSL_SUCCESS;
-
 }
 /* End EC_KEY */
 
@@ -13885,6 +14207,7 @@ void wolfSSL_EC_GROUP_free(WOLFSSL_EC_GROUP *group)
     WOLFSSL_ENTER("wolfSSL_EC_GROUP_free");
 
     XFREE(group, NULL, DYNAMIC_TYPE_ECC);
+    group = NULL;
 }
 
 void wolfSSL_EC_GROUP_set_asn1_flag(WOLFSSL_EC_GROUP *group, int flag)
@@ -14092,7 +14415,7 @@ WOLFSSL_EC_POINT *wolfSSL_EC_POINT_new(const WOLFSSL_EC_GROUP *group)
     }
     XMEMSET(p, 0, sizeof(WOLFSSL_EC_POINT));
 
-    p->internal = ecc_new_point();
+    p->internal = wc_ecc_new_point();
     if (p->internal == NULL) {
         WOLFSSL_MSG("ecc_new_point failure");
         return NULL;
@@ -14176,8 +14499,8 @@ int wolfSSL_EC_POINT_mul(const WOLFSSL_EC_GROUP *group, WOLFSSL_EC_POINT *r,
     }
 
     /* r = q * m % prime */
-    if (ecc_mulmod((mp_int*)m->internal, (ecc_point*)q->internal,
-                   (ecc_point*)r->internal, &prime, 1) != MP_OKAY) {
+    if (wc_ecc_mulmod((mp_int*)m->internal, (ecc_point*)q->internal,
+                      (ecc_point*)r->internal, &prime, 1) != MP_OKAY) {
         WOLFSSL_MSG("ecc_mulmod failure");
         mp_clear(&prime);
         return SSL_FAILURE;
@@ -14219,7 +14542,7 @@ int wolfSSL_EC_POINT_cmp(const WOLFSSL_EC_GROUP *group,
         return SSL_FATAL_ERROR;
     }
 
-    ret = ecc_cmp_point((ecc_point*)a->internal, (ecc_point*)b->internal);
+    ret = wc_ecc_cmp_point((ecc_point*)a->internal, (ecc_point*)b->internal);
     if (ret == MP_EQ)
         return 0;
     else if (ret == MP_LT || ret == MP_GT)
@@ -14234,7 +14557,7 @@ void wolfSSL_EC_POINT_free(WOLFSSL_EC_POINT *p)
 
     if (p != NULL) {
         if (p->internal == NULL) {
-            ecc_del_point((ecc_point*)p->internal);
+            wc_ecc_del_point((ecc_point*)p->internal);
             XFREE(p->internal, NULL, DYNAMIC_TYPE_ECC);
             p->internal = NULL;
         }
@@ -14275,7 +14598,7 @@ int wolfSSL_EC_POINT_is_at_infinity(const WOLFSSL_EC_GROUP *group,
         }
     }
 
-    ret = ecc_point_is_at_infinity(point->internal);
+    ret = wc_ecc_point_is_at_infinity(point->internal);
     if (ret <= 0) {
         WOLFSSL_MSG("ecc_point_is_at_infinity failure");
         return SSL_FAILURE;
@@ -14499,8 +14822,8 @@ int wolfSSL_ECDH_compute_key(void *out, size_t outlen,
 
     return len;
 }
-
 /* End ECDH */
+
 /* return code compliant with OpenSSL :
  *   1 if success, 0 if error
  */
@@ -14514,19 +14837,184 @@ int wolfSSL_PEM_write_EC_PUBKEY(FILE *fp, WOLFSSL_EC_KEY *x)
     return SSL_FAILURE;
 }
 
+#if defined(WOLFSSL_KEY_GEN)
+
+/* return code compliant with OpenSSL :
+ *   1 if success, 0 if error
+ */
+int wolfSSL_PEM_write_bio_ECPrivateKey(WOLFSSL_BIO* bio, WOLFSSL_EC_KEY* ecc,
+                                       const EVP_CIPHER* cipher,
+                                       unsigned char* passwd, int len,
+                                       pem_password_cb cb, void* arg)
+{
+    (void)bio;
+    (void)ecc;
+    (void)cipher;
+    (void)passwd;
+    (void)len;
+    (void)cb;
+    (void)arg;
+
+    WOLFSSL_MSG("wolfSSL_PEM_write_bio_ECPrivateKey not implemented");
+
+    return SSL_FAILURE;
+}
+
+/* return code compliant with OpenSSL :
+ *   1 if success, 0 if error
+ */
+int wolfSSL_PEM_write_mem_ECPrivateKey(WOLFSSL_EC_KEY* ecc,
+                                       const EVP_CIPHER* cipher,
+                                       unsigned char* passwd, int passwdSz,
+                                       byte **pem, int *plen)
+{
+    byte *der, *tmp, *cipherInfo = NULL;
+    int  der_max_len = 0, derSz = 0;
+
+    WOLFSSL_MSG("wolfSSL_PEM_write_mem_ECPrivateKey");
+
+    if (pem == NULL || plen == NULL || ecc == NULL || ecc->internal == NULL) {
+        WOLFSSL_MSG("Bad function arguments");
+        return SSL_FAILURE;
+    }
+
+    if (ecc->inSet == 0) {
+        WOLFSSL_MSG("No ECC internal set, do it");
+
+        if (SetECKeyInternal(ecc) != SSL_SUCCESS) {
+            WOLFSSL_MSG("SetDsaInternal failed");
+            return SSL_FAILURE;
+        }
+    }
+
+    der_max_len = 4 * wc_ecc_size((ecc_key*)ecc->internal) + 16;
+
+    der = (byte*)XMALLOC(der_max_len, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    if (der == NULL) {
+        WOLFSSL_MSG("malloc failed");
+        return SSL_FAILURE;
+    }
+
+    /* Key to DER */
+    derSz = wc_EccKeyToDer(ecc->internal, der, der_max_len);
+    if (derSz < 0) {
+        WOLFSSL_MSG("wc_DsaKeyToDer failed");
+        XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        return SSL_FAILURE;
+    }
+
+    /* encrypt DER buffer if required */
+    if (passwd != NULL && passwdSz > 0 && cipher != NULL) {
+        int ret;
+
+        ret = EncryptDerKey(der, &derSz, cipher,
+                            passwd, passwdSz, &cipherInfo);
+        if (ret != SSL_SUCCESS) {
+            WOLFSSL_MSG("EncryptDerKey failed");
+            XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+            return ret;
+        }
+
+        /* tmp buffer with a max size */
+        *plen = (derSz * 2) + sizeof(BEGIN_EC_PRIV) +
+        sizeof(END_EC_PRIV) + HEADER_ENCRYPTED_KEY_SIZE;
+    }
+    else /* tmp buffer with a max size */
+        *plen = (derSz * 2) + sizeof(BEGIN_EC_PRIV) + sizeof(END_EC_PRIV);
+
+    tmp = (byte*)XMALLOC(*plen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    if (tmp == NULL) {
+        WOLFSSL_MSG("malloc failed");
+        XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        return SSL_FAILURE;
+    }
+
+    /* DER to PEM */
+    *plen = wc_DerToPem(der, derSz, tmp, *plen, cipherInfo, ECC_PRIVATEKEY_TYPE);
+    if (*plen <= 0) {
+        WOLFSSL_MSG("wc_DerToPem failed");
+        XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        if (cipherInfo != NULL)
+            XFREE(cipherInfo, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        return SSL_FAILURE;
+    }
+    XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    if (cipherInfo != NULL)
+        XFREE(cipherInfo, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+
+    *pem = (byte*)XMALLOC((*plen)+1, NULL, DYNAMIC_TYPE_OUT_BUFFER);
+    if (*pem == NULL) {
+        WOLFSSL_MSG("malloc failed");
+        XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        return SSL_FAILURE;
+    }
+    XMEMSET(*pem, 0, (*plen)+1);
+
+    if (XMEMCPY(*pem, tmp, *plen) == NULL) {
+        WOLFSSL_MSG("memcpy failed");
+        XFREE(pem, NULL, DYNAMIC_TYPE_OUT_BUFFER);
+        XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        return SSL_FAILURE;
+    }
+    XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+
+    return SSL_SUCCESS;
+}
+
+/* return code compliant with OpenSSL :
+ *   1 if success, 0 if error
+ */
+int wolfSSL_PEM_write_ECPrivateKey(FILE *fp, WOLFSSL_EC_KEY *ecc,
+                                   const EVP_CIPHER *enc,
+                                   unsigned char *kstr, int klen,
+                                   pem_password_cb *cb, void *u)
+{
+    byte *pem;
+    int  plen, ret;
+
+    (void)cb;
+    (void)u;
+
+    WOLFSSL_MSG("wolfSSL_PEM_write_ECPrivateKey");
+
+    if (fp == NULL || ecc == NULL || ecc->internal == NULL) {
+        WOLFSSL_MSG("Bad function arguments");
+        return SSL_FAILURE;
+    }
+
+    ret = wolfSSL_PEM_write_mem_ECPrivateKey(ecc, enc, kstr, klen, &pem, &plen);
+    if (ret != SSL_SUCCESS) {
+        WOLFSSL_MSG("wolfSSL_PEM_write_mem_ECPrivateKey failed");
+        return SSL_FAILURE;
+    }
+
+    ret = (int)XFWRITE(pem, plen, 1, fp);
+    if (ret != 1) {
+        WOLFSSL_MSG("ECC private key file write failed");
+        return SSL_FAILURE;
+    }
+    
+    XFREE(pem, NULL, DYNAMIC_TYPE_OUT_BUFFER);
+    return SSL_SUCCESS;
+}
+
+#endif /* defined(WOLFSSL_KEY_GEN) */
 
 #endif /* HAVE_ECC */
 
 
 #ifndef NO_DSA
 
+#if defined(WOLFSSL_KEY_GEN)
+
 /* return code compliant with OpenSSL :
  *   1 if success, 0 if error
  */
-int wolfSSL_PEM_write_bio_DSAPrivateKey(WOLFSSL_BIO* bio, DSA* dsa,
-                                  const EVP_CIPHER* cipher,
-                                  unsigned char* passwd, int len,
-                                  pem_password_cb cb, void* arg)
+int wolfSSL_PEM_write_bio_DSAPrivateKey(WOLFSSL_BIO* bio, WOLFSSL_DSA* dsa,
+                                       const EVP_CIPHER* cipher,
+                                       unsigned char* passwd, int len,
+                                       pem_password_cb cb, void* arg)
 {
     (void)bio;
     (void)dsa;
@@ -14544,31 +15032,23 @@ int wolfSSL_PEM_write_bio_DSAPrivateKey(WOLFSSL_BIO* bio, DSA* dsa,
 /* return code compliant with OpenSSL :
  *   1 if success, 0 if error
  */
-int wolfSSL_PEM_write_DSAPrivateKey(FILE *fp, WOLFSSL_DSA *dsa,
-                                    const EVP_CIPHER *enc,
-                                    unsigned char *kstr, int klen,
-                                    pem_password_cb *cb, void *u)
+int wolfSSL_PEM_write_mem_DSAPrivateKey(WOLFSSL_DSA* dsa,
+                                        const EVP_CIPHER* cipher,
+                                        unsigned char* passwd, int passwdSz,
+                                        byte **pem, int *plen)
 {
-    (void)enc;
-    (void)kstr;
-    (void)klen;
-    (void)cb;
-    (void)u;
+    byte *der, *tmp, *cipherInfo = NULL;
+    int  der_max_len = 0, derSz = 0;
 
-    byte *der, *pem;
-    int    derSz = 0, pemSz = 0;
+    WOLFSSL_MSG("wolfSSL_PEM_write_mem_DSAPrivateKey");
 
-
-    WOLFSSL_MSG("wolfSSL_PEM_write_DSAPrivateKey");
-
-    if (fp == NULL || dsa == NULL || dsa->internal == NULL ||
-        kstr == NULL || klen <= 0) {
+    if (pem == NULL || plen == NULL || dsa == NULL || dsa->internal == NULL) {
         WOLFSSL_MSG("Bad function arguments");
         return SSL_FAILURE;
     }
 
     if (dsa->inSet == 0) {
-        WOLFSSL_MSG("No RSA internal set, do it");
+        WOLFSSL_MSG("No DSA internal set, do it");
 
         if (SetDsaInternal(dsa) != SSL_SUCCESS) {
             WOLFSSL_MSG("SetDsaInternal failed");
@@ -14576,40 +15056,120 @@ int wolfSSL_PEM_write_DSAPrivateKey(FILE *fp, WOLFSSL_DSA *dsa,
         }
     }
 
-    der = (byte*)XMALLOC(klen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    der_max_len = 4 * wolfSSL_BN_num_bytes(dsa->g) + 16;
+
+    der = (byte*)XMALLOC(der_max_len, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     if (der == NULL) {
         WOLFSSL_MSG("malloc failed");
         return SSL_FAILURE;
     }
 
     /* Key to DER */
-    derSz = wc_DsaKeyToDer(dsa->internal, der, klen);
+    derSz = wc_DsaKeyToDer(dsa->internal, der, der_max_len);
     if (derSz < 0) {
+        WOLFSSL_MSG("wc_DsaKeyToDer failed");
         XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
         return SSL_FAILURE;
     }
 
-    pemSz = (derSz * 4)/3 + 8;
-    pem = (byte*)XMALLOC(pemSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    if (der == NULL) {
+    /* encrypt DER buffer if required */
+    if (passwd != NULL && passwdSz > 0 && cipher != NULL) {
+        int ret;
+
+        ret = EncryptDerKey(der, &derSz, cipher,
+                            passwd, passwdSz, &cipherInfo);
+        if (ret != SSL_SUCCESS) {
+            WOLFSSL_MSG("EncryptDerKey failed");
+            XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+            return ret;
+        }
+
+        /* tmp buffer with a max size */
+        *plen = (derSz * 2) + sizeof(BEGIN_DSA_PRIV) +
+        sizeof(END_DSA_PRIV) + HEADER_ENCRYPTED_KEY_SIZE;
+    }
+    else /* tmp buffer with a max size */
+        *plen = (derSz * 2) + sizeof(BEGIN_DSA_PRIV) + sizeof(END_DSA_PRIV);
+
+    tmp = (byte*)XMALLOC(*plen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    if (tmp == NULL) {
         WOLFSSL_MSG("malloc failed");
+        XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
         return SSL_FAILURE;
     }
 
     /* DER to PEM */
-    pemSz = wc_DerToPem(der, derSz, pem, pemSz, PRIVATEKEY_TYPE);
-    if (pemSz <= 0) {
+    *plen = wc_DerToPem(der, derSz, tmp, *plen, cipherInfo, DSA_PRIVATEKEY_TYPE);
+    if (*plen <= 0) {
+        WOLFSSL_MSG("wc_DerToPem failed");
         XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        if (cipherInfo != NULL)
+            XFREE(cipherInfo, NULL, DYNAMIC_TYPE_TMP_BUFFER);
         return SSL_FAILURE;
     }
     XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    if (cipherInfo != NULL)
+        XFREE(cipherInfo, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 
-    fwrite(pem, 1, pemSz, fp);
+    *pem = (byte*)XMALLOC((*plen)+1, NULL, DYNAMIC_TYPE_OUT_BUFFER);
+    if (*pem == NULL) {
+        WOLFSSL_MSG("malloc failed");
+        XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        return SSL_FAILURE;
+    }
+    XMEMSET(*pem, 0, (*plen)+1);
+
+    if (XMEMCPY(*pem, tmp, *plen) == NULL) {
+        WOLFSSL_MSG("memcpy failed");
+        XFREE(pem, NULL, DYNAMIC_TYPE_OUT_BUFFER);
+        XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        return SSL_FAILURE;
+    }
+    XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 
-    XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     return SSL_SUCCESS;
 }
 
+/* return code compliant with OpenSSL :
+ *   1 if success, 0 if error
+ */
+int wolfSSL_PEM_write_DSAPrivateKey(FILE *fp, WOLFSSL_DSA *dsa,
+                                    const EVP_CIPHER *enc,
+                                    unsigned char *kstr, int klen,
+                                    pem_password_cb *cb, void *u)
+{
+    byte *pem;
+    int  plen, ret;
+
+    (void)cb;
+    (void)u;
+
+    WOLFSSL_MSG("wolfSSL_PEM_write_DSAPrivateKey");
+
+    if (fp == NULL || dsa == NULL || dsa->internal == NULL) {
+        WOLFSSL_MSG("Bad function arguments");
+        return SSL_FAILURE;
+    }
+
+    ret = wolfSSL_PEM_write_mem_DSAPrivateKey(dsa, enc, kstr, klen, &pem, &plen);
+    if (ret != SSL_SUCCESS) {
+        WOLFSSL_MSG("wolfSSL_PEM_write_mem_DSAPrivateKey failed");
+        return SSL_FAILURE;
+    }
+
+    ret = (int)XFWRITE(pem, plen, 1, fp);
+    if (ret != 1) {
+        WOLFSSL_MSG("DSA private key file write failed");
+        return SSL_FAILURE;
+    }
+    
+    XFREE(pem, NULL, DYNAMIC_TYPE_OUT_BUFFER);
+    return SSL_SUCCESS;
+}
+
+#endif /* defined(WOLFSSL_KEY_GEN) */
+
 /* return code compliant with OpenSSL :
  *   1 if success, 0 if error
  */
@@ -14662,27 +15222,6 @@ WOLFSSL_EVP_PKEY *wolfSSL_PEM_read_PUBKEY(FILE *fp, EVP_PKEY **x,
     return NULL;
 }
 
-/* return code compliant with OpenSSL :
- *   1 if success, 0 if error
- */
-int wolfSSL_PEM_write_ECPrivateKey(FILE *fp, WOLFSSL_EC_KEY *key,
-                                   const EVP_CIPHER *enc,
-                                   unsigned char *kstr, int klen,
-                                   pem_password_cb *cb, void *u)
-{
-    (void)fp;
-    (void)key;
-    (void)enc;
-    (void)kstr;
-    (void)klen;
-    (void)cb;
-    (void)u;
-
-    WOLFSSL_MSG("wolfSSL_PEM_write_ECPrivateKey not implemented");
-
-    return SSL_FAILURE;
-}
-
 #ifndef NO_RSA
 
 WOLFSSL_RSA *wolfSSL_PEM_read_RSAPublicKey(FILE *fp, WOLFSSL_RSA **x,
@@ -14943,7 +15482,9 @@ int  wolfSSL_get_chain_cert_pem(WOLFSSL_X509_CHAIN* chain, int idx,
         return BAD_FUNC_ARG;
 
     /* header */
-    XMEMCPY(buf, header, headerLen);
+    if (XMEMCPY(buf, header, headerLen) == NULL)
+        return SSL_FATAL_ERROR;
+
     i = headerLen;
 
     /* body */
@@ -14956,7 +15497,8 @@ int  wolfSSL_get_chain_cert_pem(WOLFSSL_X509_CHAIN* chain, int idx,
     /* footer */
     if ( (i + footerLen) > inLen)
         return BAD_FUNC_ARG;
-    XMEMCPY(buf + i, footer, footerLen);
+    if (XMEMCPY(buf + i, footer, footerLen) == NULL)
+        return SSL_FATAL_ERROR;
     *outLen += headerLen + footerLen;
 
     return SSL_SUCCESS;
diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c
index 85f01a0d1..c9f8c74ad 100644
--- a/wolfcrypt/src/aes.c
+++ b/wolfcrypt/src/aes.c
@@ -55,6 +55,12 @@ int wc_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
 }
 
 
+int wc_AesCbcEncryptWithKey(byte* out, const byte* in, word32 inSz,
+                            const byte* key, word32 keySz, const byte* iv)
+{
+    return AesCbcDecryptWithKey(out, in, inSz, key, keySz, iv);
+}
+
 int wc_AesCbcDecryptWithKey(byte* out, const byte* in, word32 inSz,
                                  const byte* key, word32 keySz, const byte* iv)
 {
@@ -1748,6 +1754,33 @@ int wc_AesCbcDecryptWithKey(byte* out, const byte* in, word32 inSz,
     return ret;
 }
 
+int wc_AesCbcEncryptWithKey(byte* out, const byte* in, word32 inSz,
+                            const byte* key, word32 keySz, const byte* iv)
+{
+    int  ret = 0;
+#ifdef WOLFSSL_SMALL_STACK
+    Aes* aes = NULL;
+#else
+    Aes  aes[1];
+#endif
+
+#ifdef WOLFSSL_SMALL_STACK
+    aes = (Aes*)XMALLOC(sizeof(Aes), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    if (aes == NULL)
+        return MEMORY_E;
+#endif
+
+    ret = wc_AesSetKey(aes, key, keySz, iv, AES_ENCRYPTION);
+    if (ret == 0)
+        ret = wc_AesCbcEncrypt(aes, out, in, inSz);
+
+#ifdef WOLFSSL_SMALL_STACK
+    XFREE(aes, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+
+    return ret;
+}
+
 
 /* AES-DIRECT */
 #if defined(WOLFSSL_AES_DIRECT)
diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
index 01fd2eaca..e9019456d 100644
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -1386,7 +1386,8 @@ int DsaPublicKeyDecode(const byte* input, word32* inOutIdx, DsaKey* key,
     if (GetInt(&key->p,  input, inOutIdx, inSz) < 0 ||
         GetInt(&key->q,  input, inOutIdx, inSz) < 0 ||
         GetInt(&key->g,  input, inOutIdx, inSz) < 0 ||
-        GetInt(&key->y,  input, inOutIdx, inSz) < 0 )  return ASN_DH_KEY_E;
+        GetInt(&key->y,  input, inOutIdx, inSz) < 0 )
+        return ASN_DH_KEY_E;
 
     key->type = DSA_PUBLIC;
     return 0;
@@ -1408,7 +1409,8 @@ int DsaPrivateKeyDecode(const byte* input, word32* inOutIdx, DsaKey* key,
         GetInt(&key->q,  input, inOutIdx, inSz) < 0 ||
         GetInt(&key->g,  input, inOutIdx, inSz) < 0 ||
         GetInt(&key->y,  input, inOutIdx, inSz) < 0 ||
-        GetInt(&key->x,  input, inOutIdx, inSz) < 0 )  return ASN_DH_KEY_E;
+        GetInt(&key->x,  input, inOutIdx, inSz) < 0 )
+        return ASN_DH_KEY_E;
 
     key->type = DSA_PRIVATE;
     return 0;
@@ -1423,9 +1425,9 @@ static mp_int* GetDsaInt(DsaKey* key, int idx)
     if (idx == 2)
         return &key->g;
     if (idx == 3)
-        return &key->x;
-    if (idx == 4)
         return &key->y;
+    if (idx == 4)
+        return &key->x;
 
     return NULL;
 }
@@ -1445,7 +1447,7 @@ int wc_DsaKeyToDer(DsaKey* key, byte* output, word32 inLen)
 {
     word32 seqSz, verSz, rawLen, intTotalLen = 0;
     word32 sizes[DSA_INTS];
-    int    i, j, outLen, ret = 0;
+    int    i, j, outLen, ret = 0, lbit;
 
     byte  seq[MAX_SEQ_SZ];
     byte  ver[MAX_VERSION_SZ];
@@ -1463,7 +1465,15 @@ int wc_DsaKeyToDer(DsaKey* key, byte* output, word32 inLen)
     /* write all big ints from key to DER tmps */
     for (i = 0; i < DSA_INTS; i++) {
         mp_int* keyInt = GetDsaInt(key, i);
-        rawLen = mp_unsigned_bin_size(keyInt);
+
+        /* leading zero */
+        if ((mp_count_bits(keyInt) & 7) == 0 || mp_iszero(keyInt) == MP_YES)
+            lbit = 1;
+        else
+            lbit = 0;
+
+        rawLen = mp_unsigned_bin_size(keyInt) + lbit;
+
         tmps[i] = (byte*)XMALLOC(rawLen + MAX_SEQ_SZ, NULL, DYNAMIC_TYPE_DSA);
         if (tmps[i] == NULL) {
             ret = MEMORY_E;
@@ -1471,12 +1481,16 @@ int wc_DsaKeyToDer(DsaKey* key, byte* output, word32 inLen)
         }
 
         tmps[i][0] = ASN_INTEGER;
-        sizes[i] = SetLength(rawLen, tmps[i] + 1) + 1;  /* int tag */
+        sizes[i] = SetLength(rawLen, tmps[i] + 1) + 1 + lbit; /* tag & lbit */
 
         if (sizes[i] <= MAX_SEQ_SZ) {
+            /* leading zero */
+            if (lbit)
+                tmps[i][sizes[i]-1] = 0x00;
+
             int err = mp_to_unsigned_bin(keyInt, tmps[i] + sizes[i]);
             if (err == MP_OKAY) {
-                sizes[i] += rawLen;
+                sizes[i] += (rawLen-lbit); /* lbit included in rawLen */
                 intTotalLen += sizes[i];
             }
             else {
@@ -4641,24 +4655,42 @@ WOLFSSL_LOCAL int SetSerialNumber(const byte* sn, word32 snSz, byte* output)
 
 
 
+const char* BEGIN_CERT         = "-----BEGIN CERTIFICATE-----";
+const char* END_CERT           = "-----END CERTIFICATE-----";
+const char* BEGIN_CERT_REQ     = "-----BEGIN CERTIFICATE REQUEST-----";
+const char* END_CERT_REQ       = "-----END CERTIFICATE REQUEST-----";
+const char* BEGIN_DH_PARAM     = "-----BEGIN DH PARAMETERS-----";
+const char* END_DH_PARAM       = "-----END DH PARAMETERS-----";
+const char* BEGIN_X509_CRL     = "-----BEGIN X509 CRL-----";
+const char* END_X509_CRL       = "-----END X509 CRL-----";
+const char* BEGIN_RSA_PRIV     = "-----BEGIN RSA PRIVATE KEY-----";
+const char* END_RSA_PRIV       = "-----END RSA PRIVATE KEY-----";
+const char* BEGIN_PRIV_KEY     = "-----BEGIN PRIVATE KEY-----";
+const char* END_PRIV_KEY       = "-----END PRIVATE KEY-----";
+const char* BEGIN_ENC_PRIV_KEY = "-----BEGIN ENCRYPTED PRIVATE KEY-----";
+const char* END_ENC_PRIV_KEY   = "-----END ENCRYPTED PRIVATE KEY-----";
+const char* BEGIN_EC_PRIV      = "-----BEGIN EC PRIVATE KEY-----";
+const char* END_EC_PRIV        = "-----END EC PRIVATE KEY-----";
+const char* BEGIN_DSA_PRIV     = "-----BEGIN DSA PRIVATE KEY-----";
+const char* END_DSA_PRIV       = "-----END DSA PRIVATE KEY-----";
 
-#if defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN) || !defined(NO_DSA)
+#if defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN)
 
 /* convert der buffer to pem into output, can't do inplace, der and output
    need to be different */
 int wc_DerToPem(const byte* der, word32 derSz, byte* output, word32 outSz,
-             int type)
+             byte *cipher_info, int type)
 {
 #ifdef WOLFSSL_SMALL_STACK
     char* header = NULL;
     char* footer = NULL;
 #else
-    char header[80];
-    char footer[80];
+    char header[40 + HEADER_ENCRYPTED_KEY_SIZE];
+    char footer[40];
 #endif
 
-    int headerLen = 80;
-    int footerLen = 80;
+    int headerLen = 40 + HEADER_ENCRYPTED_KEY_SIZE;
+    int footerLen = 40;
     int i;
     int err;
     int outLen;   /* return length or error */
@@ -4670,36 +4702,55 @@ int wc_DerToPem(const byte* der, word32 derSz, byte* output, word32 outSz,
     header = (char*)XMALLOC(headerLen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     if (header == NULL)
         return MEMORY_E;
-    
+
     footer = (char*)XMALLOC(footerLen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     if (footer == NULL) {
         XFREE(header, NULL, DYNAMIC_TYPE_TMP_BUFFER);
         return MEMORY_E;
     }
 #endif
-
     if (type == CERT_TYPE) {
-        XSTRNCPY(header, "-----BEGIN CERTIFICATE-----\n", headerLen);
-        XSTRNCPY(footer, "-----END CERTIFICATE-----\n",   footerLen);
+        XSTRNCPY(header, BEGIN_CERT, headerLen);
+        XSTRNCAT(header, "\n", 1);
+
+        XSTRNCPY(footer, END_CERT, footerLen);
+        XSTRNCAT(footer, "\n", 1);
     }
     else if (type == PRIVATEKEY_TYPE) {
-        XSTRNCPY(header, "-----BEGIN RSA PRIVATE KEY-----\n", headerLen);
-        XSTRNCPY(footer, "-----END RSA PRIVATE KEY-----\n",   footerLen);
+        XSTRNCPY(header, BEGIN_RSA_PRIV, headerLen);
+        XSTRNCAT(header, "\n", 1);
+
+        XSTRNCPY(footer, END_RSA_PRIV, footerLen);
+        XSTRNCAT(footer, "\n", 1);
     }
-    #ifdef HAVE_ECC
+#ifndef NO_DSA
+    else if (type == DSA_PRIVATEKEY_TYPE) {
+        XSTRNCPY(header, BEGIN_DSA_PRIV, headerLen);
+        XSTRNCAT(header, "\n", 1);
+
+        XSTRNCPY(footer, END_DSA_PRIV, footerLen);
+        XSTRNCAT(footer, "\n", 1);
+    }
+#endif
+#ifdef HAVE_ECC
     else if (type == ECC_PRIVATEKEY_TYPE) {
-        XSTRNCPY(header, "-----BEGIN EC PRIVATE KEY-----\n", headerLen);
-        XSTRNCPY(footer, "-----END EC PRIVATE KEY-----\n",   footerLen);
+        XSTRNCPY(header, BEGIN_EC_PRIV, headerLen);
+        XSTRNCAT(header, "\n", 1);
+
+        XSTRNCPY(footer, END_EC_PRIV, footerLen);
+        XSTRNCAT(footer, "\n", 1);
     }
-    #endif
-    #ifdef WOLFSSL_CERT_REQ
+#endif
+#ifdef WOLFSSL_CERT_REQ
     else if (type == CERTREQ_TYPE)
     {
-        XSTRNCPY(header,
-                       "-----BEGIN CERTIFICATE REQUEST-----\n", headerLen);
-        XSTRNCPY(footer, "-----END CERTIFICATE REQUEST-----\n", footerLen);
+        XSTRNCPY(header, BEGIN_CERT_REQ, headerLen);
+        XSTRNCAT(header, "\n", 1);
+
+        XSTRNCPY(footer, END_CERT_REQ, footerLen);
+        XSTRNCAT(footer, "\n", 1);
     }
-    #endif
+#endif
     else {
 #ifdef WOLFSSL_SMALL_STACK
         XFREE(header, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -4708,6 +4759,14 @@ int wc_DerToPem(const byte* der, word32 derSz, byte* output, word32 outSz,
         return BAD_FUNC_ARG;
     }
 
+    /* extra header information for encrypted key */
+    if (cipher_info != NULL) {
+        XSTRNCAT(header, "Proc-Type: 4,ENCRYPTED\n", 23);
+        XSTRNCAT(header, "DEK-Info: ", 10);
+        XSTRNCAT(header, (char*)cipher_info, XSTRLEN((char*)cipher_info));
+        XSTRNCAT(header, "\n\n", 2);
+    }
+
     headerLen = (int)XSTRLEN(header);
     footerLen = (int)XSTRLEN(footer);
 
@@ -4762,7 +4821,6 @@ int wc_DerToPem(const byte* der, word32 derSz, byte* output, word32 outSz,
     return outLen + headerLen + footerLen;
 }
 
-
 #endif /* WOLFSSL_KEY_GEN || WOLFSSL_CERT_GEN */
 
 
@@ -4810,7 +4868,7 @@ int wc_RsaKeyToDer(RsaKey* key, byte* output, word32 inLen)
 {
     word32 seqSz, verSz, rawLen, intTotalLen = 0;
     word32 sizes[RSA_INTS];
-    int    i, j, outLen, ret = 0;
+    int    i, j, outLen, ret = 0, lbit;
 
     byte  seq[MAX_SEQ_SZ];
     byte  ver[MAX_VERSION_SZ];
@@ -4828,7 +4886,15 @@ int wc_RsaKeyToDer(RsaKey* key, byte* output, word32 inLen)
     /* write all big ints from key to DER tmps */
     for (i = 0; i < RSA_INTS; i++) {
         mp_int* keyInt = GetRsaInt(key, i);
-        rawLen = mp_unsigned_bin_size(keyInt);
+
+        /* leading zero */
+        if ((mp_count_bits(keyInt) & 7) == 0 || mp_iszero(keyInt) == MP_YES)
+            lbit = 1;
+        else
+            lbit = 0;
+
+        rawLen = mp_unsigned_bin_size(keyInt) + lbit;
+
         tmps[i] = (byte*)XMALLOC(rawLen + MAX_SEQ_SZ, key->heap,
                                  DYNAMIC_TYPE_RSA);
         if (tmps[i] == NULL) {
@@ -4837,12 +4903,16 @@ int wc_RsaKeyToDer(RsaKey* key, byte* output, word32 inLen)
         }
 
         tmps[i][0] = ASN_INTEGER;
-        sizes[i] = SetLength(rawLen, tmps[i] + 1) + 1;  /* int tag */
+        sizes[i] = SetLength(rawLen, tmps[i] + 1) + 1 + lbit; /* tag & lbit */
 
         if (sizes[i] <= MAX_SEQ_SZ) {
+            /* leading zero */
+            if (lbit)
+                tmps[i][sizes[i]-1] = 0x00;
+
             int err = mp_to_unsigned_bin(keyInt, tmps[i] + sizes[i]);
             if (err == MP_OKAY) {
-                sizes[i] += rawLen;
+                sizes[i] += (rawLen-lbit); /* lbit included in rawLen */
                 intTotalLen += sizes[i];
             }
             else {
@@ -6846,84 +6916,109 @@ int wc_EccPrivateKeyDecode(const byte* input, word32* inOutIdx, ecc_key* key,
 /* Write a Private ecc key to DER format, length on success else < 0 */
 int wc_EccKeyToDer(ecc_key* key, byte* output, word32 inLen)
 {
-    byte   curve[MAX_ALGO_SZ];
+    byte   curve[MAX_ALGO_SZ+2];
     byte   ver[MAX_VERSION_SZ];
     byte   seq[MAX_SEQ_SZ];
-    int    ret;
-    int    curveSz;
-    int    verSz;
+    byte   *prv, *pub;
+    int    ret, totalSz, curveSz, verSz;
     int    privHdrSz  = ASN_ECC_HEADER_SZ;
     int    pubHdrSz   = ASN_ECC_CONTEXT_SZ + ASN_ECC_HEADER_SZ;
-    int    curveHdrSz = ASN_ECC_CONTEXT_SZ;
-    word32 seqSz;
-    word32 idx = 0;
-    word32 pubSz = ECC_BUFSIZE;
-    word32 privSz;
-    word32 totalSz;
+
+    word32 idx = 0, prvidx = 0, pubidx = 0, curveidx = 0;
+    word32 seqSz, privSz, pubSz = ECC_BUFSIZE;
 
     if (key == NULL || output == NULL || inLen == 0)
         return BAD_FUNC_ARG;
 
-    ret = wc_ecc_export_x963(key, NULL, &pubSz);
-    if (ret != LENGTH_ONLY_E) {
+    /* curve */
+    curve[curveidx++] = ECC_PREFIX_0;
+    curveidx++ /* to put the size after computation */;
+    curveSz = SetCurve(key, curve+curveidx);
+    if (curveSz < 0)
+        return curveSz;
+    /* set computed size */
+    curve[1] = (byte)curveSz;
+    curveidx += curveSz;
+
+    /* private */
+    privSz = key->dp->size;
+    prv = (byte*)XMALLOC(privSz + privHdrSz + MAX_SEQ_SZ,
+                         NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    if (prv == NULL) {
+        return MEMORY_E;
+    }
+    prv[prvidx++] = ASN_OCTET_STRING;
+    prv[prvidx++] = (byte)key->dp->size;
+    ret = wc_ecc_export_private_only(key, prv + prvidx, &privSz);
+    if (ret < 0) {
+        XFREE(prv, NULL, DYNAMIC_TYPE_TMP_BUFFER);
         return ret;
     }
-    curveSz = SetCurve(key, curve);
-    if (curveSz < 0) {
-        return curveSz;
+    prvidx += privSz;
+
+    /* public */
+    ret = wc_ecc_export_x963(key, NULL, &pubSz);
+    if (ret != LENGTH_ONLY_E) {
+        XFREE(prv, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        return ret;
     }
 
-    privSz = key->dp->size;
+    pub = (byte*)XMALLOC(pubSz + pubHdrSz + MAX_SEQ_SZ,
+                         NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    if (pub == NULL) {
+        XFREE(prv, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        return MEMORY_E;
+    }
 
+    pub[pubidx++] = ECC_PREFIX_1;
+    if (pubSz > 128) /* leading zero + extra size byte */
+        pubidx += SetLength(pubSz + ASN_ECC_CONTEXT_SZ + 2, pub+pubidx);
+    else /* leading zero */
+        pubidx += SetLength(pubSz + ASN_ECC_CONTEXT_SZ + 1, pub+pubidx);
+    pub[pubidx++] = ASN_BIT_STRING;
+    pubidx += SetLength(pubSz + 1, pub+pubidx);
+    pub[pubidx++] = (byte)0; /* leading zero */
+    ret = wc_ecc_export_x963(key, pub + pubidx, &pubSz);
+    if (ret != 0) {
+        XFREE(prv, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        XFREE(pub, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        return ret;
+    }
+    pubidx += pubSz;
+
+    /* make headers */
     verSz = SetMyVersion(1, ver, FALSE);
-    if (verSz < 0) {
-        return verSz;
+    seqSz = SetSequence(verSz + prvidx + pubidx + curveidx, seq);
+
+    totalSz = prvidx + pubidx + curveidx + verSz + seqSz;
+    if (totalSz > (int)inLen) {
+        XFREE(prv, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        XFREE(pub, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        return BAD_FUNC_ARG;
     }
 
-    totalSz = verSz + privSz + privHdrSz + curveSz + curveHdrSz +
-              pubSz + pubHdrSz + 1;  /* plus null byte b4 public */
-    seqSz = SetSequence(totalSz, seq);
-    totalSz += seqSz;
-
-    if (totalSz > inLen) {
-        return BUFFER_E;
-    }
-
-    /* write it out */
+    /* write out */
     /* seq */
     XMEMCPY(output + idx, seq, seqSz);
-    idx += seqSz;
+    idx = seqSz;
 
-   /* ver */
+    /* ver */
     XMEMCPY(output + idx, ver, verSz);
     idx += verSz;
 
     /* private */
-    output[idx++] = ASN_OCTET_STRING;
-    output[idx++] = (byte)privSz;
-    ret = wc_ecc_export_private_only(key, output + idx, &privSz);
-    if (ret < 0) {
-        return ret;
-    }
-    idx += privSz;
+    XMEMCPY(output + idx, prv, prvidx);
+    idx += prvidx;
+    XFREE(prv, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 
     /* curve */
-    output[idx++] = ECC_PREFIX_0;
-    output[idx++] = (byte)curveSz;
-    XMEMCPY(output + idx, curve, curveSz);
-    idx += curveSz;
+    XMEMCPY(output + idx, curve, curveidx);
+    idx += curveidx;
 
     /* public */
-    output[idx++] = ECC_PREFIX_1;
-    output[idx++] = (byte)pubSz + ASN_ECC_CONTEXT_SZ + 1;  /* plus null byte */
-    output[idx++] = ASN_BIT_STRING;
-    output[idx++] = (byte)pubSz + 1;  /* plus null byte */
-    output[idx++] = (byte)0;          /* null byte */
-    ret = wc_ecc_export_x963(key, output + idx, &pubSz);
-    if (ret != 0) {
-        return ret;
-    }
-    /* idx += pubSz if do more later */
+    XMEMCPY(output + idx, pub, pubidx);
+    idx += pubidx;
+    XFREE(pub, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 
     return totalSz;
 }
diff --git a/wolfcrypt/src/coding.c b/wolfcrypt/src/coding.c
index 6ead79caf..bed85a5a1 100644
--- a/wolfcrypt/src/coding.c
+++ b/wolfcrypt/src/coding.c
@@ -393,6 +393,39 @@ int Base16_Decode(const byte* in, word32 inLen, byte* out, word32* outLen)
     return 0;
 }
 
+int Base16_Encode(const byte* in, word32 inLen, byte* out, word32* outLen)
+{
+    word32 outIdx = 0;
+    word32 i;
+    byte   hb, lb;
+
+    if (*outLen < (2 * inLen + 1))
+        return BAD_FUNC_ARG;
+
+    for (i = 0; i < inLen; i++) {
+        hb = in[i] >> 4;
+        lb = in[i] & 0x0f;
+
+        /* ASCII value */
+        hb += '0';
+        if (hb > '9')
+            hb += 7;
+
+        /* ASCII value */
+        lb += '0';
+        if (lb>'9')
+            lb += 7;
+
+        out[outIdx++] = hb;
+        out[outIdx++] = lb;
+    }
+
+    /* force 0 at this end */
+    out[outIdx++] = 0;
+
+    *outLen = outIdx;
+    return 0;
+}
 
 #endif /* (OPENSSL_EXTRA) || (HAVE_WEBSERVER) || (HAVE_FIPS) */
 
diff --git a/wolfcrypt/src/des3.c b/wolfcrypt/src/des3.c
index f886ecdc7..ee068a0bc 100644
--- a/wolfcrypt/src/des3.c
+++ b/wolfcrypt/src/des3.c
@@ -91,8 +91,14 @@ void wc_Des_SetIV(Des* des, const byte* iv)
 }
 
 
-int wc_Des_CbcDecryptWithKey(byte* out, const byte* in, word32 sz,
+int wc_Des_CbcEncryptWithKey(byte* out, const byte* in, word32 sz,
                                                 const byte* key, const byte* iv)
+{
+    return Des_CbcEncryptWithKey(out, in, sz, key, iv);
+}
+
+int wc_Des_CbcDecryptWithKey(byte* out, const byte* in, word32 sz,
+                             const byte* key, const byte* iv)
 {
     return Des_CbcDecryptWithKey(out, in, sz, key, iv);
 }
@@ -104,13 +110,18 @@ int wc_Des3_SetIV(Des3* des, const byte* iv)
 }
 
 
+int wc_Des3_CbcEncryptWithKey(byte* out, const byte* in, word32 sz,
+                              const byte* key, const byte* iv)
+{
+    return Des3_CbcEncryptWithKey(out, in, sz, key, iv);
+}
+
 int wc_Des3_CbcDecryptWithKey(byte* out, const byte* in, word32 sz,
-                                                const byte* key, const byte* iv)
+                              const byte* key, const byte* iv)
 {
     return Des3_CbcDecryptWithKey(out, in, sz, key, iv);
 }
 
-
 #ifdef HAVE_CAVIUM
 
 /* Initiliaze Des3 for use with Nitrox device */
@@ -1490,8 +1501,35 @@ void wc_Des_SetIV(Des* des, const byte* iv)
 }
 
 
+int wc_Des_CbcEncryptWithKey(byte* out, const byte* in, word32 sz,
+                             const byte* key, const byte* iv)
+{
+    int ret  = 0;
+#ifdef WOLFSSL_SMALL_STACK
+    Des* des = NULL;
+#else
+    Des  des[1];
+#endif
+
+#ifdef WOLFSSL_SMALL_STACK
+    des = (Des*)XMALLOC(sizeof(Des), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    if (des == NULL)
+        return MEMORY_E;
+#endif
+
+    ret = wc_Des_SetKey(des, key, iv, DES_ENCRYPTION);
+    if (ret == 0)
+        ret = wc_Des_CbcEncrypt(des, out, in, sz);
+
+#ifdef WOLFSSL_SMALL_STACK
+    XFREE(des, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+
+    return ret;
+}
+
 int wc_Des_CbcDecryptWithKey(byte* out, const byte* in, word32 sz,
-                                                const byte* key, const byte* iv)
+                             const byte* key, const byte* iv)
 {
     int ret  = 0;
 #ifdef WOLFSSL_SMALL_STACK
@@ -1508,7 +1546,7 @@ int wc_Des_CbcDecryptWithKey(byte* out, const byte* in, word32 sz,
 
     ret = wc_Des_SetKey(des, key, iv, DES_DECRYPTION);
     if (ret == 0)
-        ret = wc_Des_CbcDecrypt(des, out, in, sz); 
+        ret = wc_Des_CbcDecrypt(des, out, in, sz);
 
 #ifdef WOLFSSL_SMALL_STACK
     XFREE(des, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -1529,8 +1567,35 @@ int wc_Des3_SetIV(Des3* des, const byte* iv)
 }
 
 
+int wc_Des3_CbcEncryptWithKey(byte* out, const byte* in, word32 sz,
+                              const byte* key, const byte* iv)
+{
+    int ret    = 0;
+#ifdef WOLFSSL_SMALL_STACK
+    Des3* des3 = NULL;
+#else
+    Des3  des3[1];
+#endif
+
+#ifdef WOLFSSL_SMALL_STACK
+    des3 = (Des3*)XMALLOC(sizeof(Des3), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    if (des3 == NULL)
+        return MEMORY_E;
+#endif
+
+    ret = wc_Des3_SetKey(des3, key, iv, DES_ENCRYPTION);
+    if (ret == 0)
+        ret = wc_Des3_CbcEncrypt(des3, out, in, sz);
+
+#ifdef WOLFSSL_SMALL_STACK
+    XFREE(des3, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+
+    return ret;
+}
+
 int wc_Des3_CbcDecryptWithKey(byte* out, const byte* in, word32 sz,
-                                                const byte* key, const byte* iv)
+                              const byte* key, const byte* iv)
 {
     int ret    = 0;
 #ifdef WOLFSSL_SMALL_STACK
@@ -1547,7 +1612,7 @@ int wc_Des3_CbcDecryptWithKey(byte* out, const byte* in, word32 sz,
 
     ret = wc_Des3_SetKey(des3, key, iv, DES_DECRYPTION);
     if (ret == 0)
-        ret = wc_Des3_CbcDecrypt(des3, out, in, sz); 
+        ret = wc_Des3_CbcDecrypt(des3, out, in, sz);
 
 #ifdef WOLFSSL_SMALL_STACK
     XFREE(des3, NULL, DYNAMIC_TYPE_TMP_BUFFER);
diff --git a/wolfcrypt/src/dsa.c b/wolfcrypt/src/dsa.c
index f2124b197..1f9308e86 100644
--- a/wolfcrypt/src/dsa.c
+++ b/wolfcrypt/src/dsa.c
@@ -27,10 +27,12 @@
 
 #ifndef NO_DSA
 
-#include <wolfssl/wolfcrypt/dsa.h>
-#include <wolfssl/wolfcrypt/sha.h>
 #include <wolfssl/wolfcrypt/random.h>
+#include <wolfssl/wolfcrypt/integer.h>
 #include <wolfssl/wolfcrypt/error-crypt.h>
+#include <wolfssl/wolfcrypt/logging.h>
+#include <wolfssl/wolfcrypt/sha.h>
+#include <wolfssl/wolfcrypt/dsa.h>
 
 
 enum {
@@ -80,6 +82,266 @@ void wc_FreeDsaKey(DsaKey* key)
 #endif
 }
 
+#ifdef WOLFSSL_KEY_GEN
+
+int wc_MakeDsaKey(RNG *rng, DsaKey *dsa)
+{
+    unsigned char *buf;
+    int qsize, err;
+
+    if (rng == NULL || dsa == NULL)
+        return BAD_FUNC_ARG;
+
+    qsize = mp_unsigned_bin_size(&dsa->q);
+
+    /* allocate ram */
+    buf = (unsigned char *)XMALLOC(qsize, NULL,
+                                   DYNAMIC_TYPE_TMP_BUFFER);
+    if (buf == NULL)
+        return MEMORY_E;
+
+    if (mp_init(&dsa->x) != MP_OKAY) {
+        XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        return MP_INIT_E;
+    }
+
+    do {
+        /* make a random exponent mod q */
+        err = wc_RNG_GenerateBlock(rng, buf, qsize);
+        if (err != MP_OKAY) {
+            mp_clear(&dsa->x);
+            XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+            return err;
+        }
+
+        /* force magnitude */
+        buf[0] |= 0xC0;
+        
+        err = mp_read_unsigned_bin(&dsa->x, buf, qsize);
+        if (err != MP_OKAY) {
+            mp_clear(&dsa->x);
+            XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+            return err;
+        }
+    } while (mp_cmp_d(&dsa->x, 1) != MP_GT);
+
+    XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+
+    if (mp_init(&dsa->y) != MP_OKAY) {
+        mp_clear(&dsa->x);
+        return MP_INIT_E;
+    }
+
+    /* public key : y = g^x mod p */
+    err = mp_exptmod(&dsa->g, &dsa->x, &dsa->p, &dsa->y);
+    if (err != MP_OKAY) {
+        mp_clear(&dsa->x);
+        mp_clear(&dsa->y);
+        return err;
+    }
+
+    dsa->type = DSA_PRIVATE;
+    
+    return MP_OKAY;
+}
+
+/* modulus_size in bits */
+int wc_MakeDsaParameters(RNG *rng, int modulus_size, DsaKey *dsa)
+{
+    mp_int         tmp, tmp2;
+    int            err, res, msize, qsize, loop;
+    unsigned char  *buf;
+
+    if (rng == NULL || dsa == NULL)
+        return BAD_FUNC_ARG;
+
+    /* set group size in bytes from modulus size
+     * FIPS 186-4 defines valid values (1024, 160) (2048, 256) (3072, 256)
+     */
+    switch (modulus_size) {
+        case 1024:
+            qsize = 20;
+            break;
+        case 2048:
+        case 3072:
+            qsize = 32;
+            break;
+        default:
+            return BAD_FUNC_ARG;
+            break;
+    }
+
+    /* modulus size in bytes */
+    msize = modulus_size / 8;
+
+    if (mp_init(&dsa->q) != MP_OKAY)
+        return MP_INIT_E;
+
+    /* make our prime q */
+    err = mp_rand_prime(&dsa->q, qsize, rng, NULL);
+    if (err != MP_OKAY) {
+        mp_clear(&dsa->q);
+        return err;
+    }
+
+    if (mp_init(&tmp) != MP_OKAY) {
+        mp_clear(&dsa->q);
+        return MP_INIT_E;
+    }
+
+    /* tmp = 2q  */
+    err = mp_add(&dsa->q, &dsa->q, &tmp);
+    if (err != MP_OKAY) {
+        mp_clear(&dsa->q);
+        mp_clear(&tmp);
+        return err;
+    }
+
+    /* allocate ram */
+    buf = (unsigned char *)XMALLOC(msize - qsize,
+                                   NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    if (buf == NULL) {
+        mp_clear(&dsa->q);
+        mp_clear(&tmp);
+        return MEMORY_E;
+    }
+
+    /* now make a random string and multply it against q */
+    err = wc_RNG_GenerateBlock(rng, buf, msize - qsize);
+    if (err != MP_OKAY) {
+        mp_clear(&dsa->q);
+        mp_clear(&tmp);
+        XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        return err;
+    }
+
+    /* force magnitude */
+    buf[0] |= 0xC0;
+
+    /* force even */
+    buf[msize - qsize - 1] &= ~1;
+
+    if (mp_init_multi(&tmp2, &dsa->p, 0, 0, 0, 0) != MP_OKAY) {
+        mp_clear(&dsa->q);
+        mp_clear(&tmp);
+        XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        return MP_INIT_E;
+    }
+
+    err = mp_read_unsigned_bin(&tmp2, buf, msize - qsize);
+    if (err != MP_OKAY) {
+        mp_clear(&dsa->q);
+        mp_clear(&dsa->p);
+        mp_clear(&tmp);
+        mp_clear(&tmp2);
+        XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        return err;
+    }
+    XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+
+    /* p = tmp2 * q */
+    err = mp_mul(&dsa->q, &tmp2, &dsa->p);
+    if (err != MP_OKAY) {
+        mp_clear(&dsa->q);
+        mp_clear(&dsa->p);
+        mp_clear(&tmp);
+        mp_clear(&tmp2);
+        return err;
+    }
+
+    /* p = tmp2 * q + 1, so q is a prime divisor of p-1 */
+    err = mp_add_d(&dsa->p, 1, &dsa->p);
+    if (err != MP_OKAY) {
+        mp_clear(&dsa->q);
+        mp_clear(&dsa->p);
+        mp_clear(&tmp);
+        mp_clear(&tmp2);
+        return err;
+    }
+
+    /* loop until p is prime */
+    for (loop = 0; loop++;) {
+        err = mp_prime_is_prime(&dsa->p, 8, &res);
+        if (err != MP_OKAY) {
+            mp_clear(&dsa->q);
+            mp_clear(&dsa->p);
+            mp_clear(&tmp);
+            mp_clear(&tmp2);
+            return err;
+        }
+
+        if (res == MP_YES)
+            break;
+
+        /* p += 2q */
+        err = mp_add(&tmp, &dsa->p, &dsa->p);
+        if (err != MP_OKAY) {
+            mp_clear(&dsa->q);
+            mp_clear(&dsa->p);
+            mp_clear(&tmp);
+            mp_clear(&tmp2);
+            return err;
+        }
+    }
+
+    /* tmp2 += (2*loop)
+     * to have p = (q * tmp2) + 1 prime
+     */
+    if (loop) {
+        err = mp_add_d(&tmp2, 2*loop, &tmp2);
+        if (err != MP_OKAY) {
+            mp_clear(&dsa->q);
+            mp_clear(&dsa->p);
+            mp_clear(&tmp);
+            mp_clear(&tmp2);
+            return err;
+        }
+    }
+
+    if (mp_init(&dsa->g) != MP_OKAY) {
+        mp_clear(&dsa->q);
+        mp_clear(&dsa->p);
+        mp_clear(&tmp);
+        mp_clear(&tmp2);
+        return MP_INIT_E;
+    }
+
+    /* find a value g for which g^tmp2 != 1 */
+    mp_set(&dsa->g, 1);
+
+    do {
+        err = mp_add_d(&dsa->g, 1, &dsa->g);
+        if (err != MP_OKAY) {
+            mp_clear(&dsa->q);
+            mp_clear(&dsa->p);
+            mp_clear(&dsa->g);
+            mp_clear(&tmp);
+            mp_clear(&tmp2);
+            return err;
+        }
+
+        err = mp_exptmod(&dsa->g, &tmp2, &dsa->p, &tmp);
+        if (err != MP_OKAY) {
+            mp_clear(&dsa->q);
+            mp_clear(&dsa->p);
+            mp_clear(&dsa->g);
+            mp_clear(&tmp);
+            mp_clear(&tmp2);
+            return err;
+        }
+
+    } while (mp_cmp_d(&tmp, 1) == MP_EQ);
+
+    /* at this point tmp generates a group of order q mod p */
+    mp_exch(&tmp, &dsa->g);
+
+    mp_clear(&tmp);
+    mp_clear(&tmp2);
+
+    return MP_OKAY;
+}
+#endif /* WOLFSSL_KEY_GEN */
+
 
 int wc_DsaSign(const byte* digest, byte* out, DsaKey* key, RNG* rng)
 {
diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c
index 42411a7b8..d247cb3b7 100644
--- a/wolfcrypt/src/ecc.c
+++ b/wolfcrypt/src/ecc.c
@@ -1014,7 +1014,7 @@ int ecc_map(ecc_point* P, mp_int* modulus, mp_digit* mp)
 static int normal_ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R,
                       mp_int* modulus, int map)
 #else
-int ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R, mp_int* modulus,
+int wc_ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R, mp_int* modulus,
                int map)
 #endif
 {
@@ -1043,10 +1043,10 @@ int ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R, mp_int* modulus,
 
   /* alloc ram for window temps */
   for (i = 0; i < 8; i++) {
-      M[i] = ecc_new_point();
+      M[i] = wc_ecc_new_point();
       if (M[i] == NULL) {
          for (j = 0; j < i; j++) {
-             ecc_del_point(M[j]);
+             wc_ecc_del_point(M[j]);
          }
          mp_clear(&mu);
          return MEMORY_E;
@@ -1054,7 +1054,7 @@ int ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R, mp_int* modulus,
   }
 
    /* make a copy of G incase R==G */
-   tG = ecc_new_point();
+   tG = wc_ecc_new_point();
    if (tG == NULL)
        err = MEMORY_E;
 
@@ -1204,9 +1204,9 @@ int ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R, mp_int* modulus,
        err = ecc_map(R, modulus, &mp);
 
    mp_clear(&mu);
-   ecc_del_point(tG);
+   wc_ecc_del_point(tG);
    for (i = 0; i < 8; i++) {
-       ecc_del_point(M[i]);
+       wc_ecc_del_point(M[i]);
    }
    return err;
 }
@@ -1229,7 +1229,7 @@ int ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R, mp_int* modulus,
 static int normal_ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R,
                       mp_int* modulus, int map)
 #else
-int ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R, mp_int* modulus,
+int wc_ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R, mp_int* modulus,
               int map)
 #endif
 {
@@ -1257,10 +1257,10 @@ int ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R, mp_int* modulus,
 
   /* alloc ram for window temps */
   for (i = 0; i < 3; i++) {
-      M[i] = ecc_new_point();
+      M[i] = wc_ecc_new_point();
       if (M[i] == NULL) {
          for (j = 0; j < i; j++) {
-             ecc_del_point(M[j]);
+             wc_ecc_del_point(M[j]);
          }
          mp_clear(&mu);
          return MEMORY_E;
@@ -1268,7 +1268,7 @@ int ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R, mp_int* modulus,
   }
 
    /* make a copy of G incase R==G */
-   tG = ecc_new_point();
+   tG = wc_ecc_new_point();
    if (tG == NULL)
        err = MEMORY_E;
 
@@ -1364,9 +1364,9 @@ int ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R, mp_int* modulus,
 
    /* done */
    mp_clear(&mu);
-   ecc_del_point(tG);
+   wc_ecc_del_point(tG);
    for (i = 0; i < 3; i++) {
-       ecc_del_point(M[i]);
+       wc_ecc_del_point(M[i]);
    }
    return err;
 }
@@ -1389,7 +1389,7 @@ static void alt_fp_init(fp_int* a)
    Allocate a new ECC point
    return A newly allocated point or NULL on error
 */
-ecc_point* ecc_new_point(void)
+ecc_point* wc_ecc_new_point(void)
 {
    ecc_point* p;
 
@@ -1425,7 +1425,7 @@ ecc_point* ecc_new_point(void)
 /** Free an ECC point from memory
   p   The point to free
 */
-void ecc_del_point(ecc_point* p)
+void wc_ecc_del_point(ecc_point* p)
 {
    /* prevents free'ing null arguments */
    if (p != NULL) {
@@ -1440,7 +1440,7 @@ void ecc_del_point(ecc_point* p)
   p    The point to copy
   r    The created point
 */
-int ecc_copy_point(ecc_point* p, ecc_point *r)
+int wc_ecc_copy_point(ecc_point* p, ecc_point *r)
 {
     int ret;
 
@@ -1467,7 +1467,7 @@ int ecc_copy_point(ecc_point* p, ecc_point *r)
 
  return MP_EQ if equal, MP_LT/MP_GT if not, < 0 in case of error
  */
-int ecc_cmp_point(ecc_point* a, ecc_point *b)
+int wc_ecc_cmp_point(ecc_point* a, ecc_point *b)
 {
     int ret;
 
@@ -1492,7 +1492,7 @@ int ecc_cmp_point(ecc_point* a, ecc_point *b)
   n      The idx number to check
   return 1 if valid, 0 if not
 */
-static int ecc_is_valid_idx(int n)
+int wc_ecc_is_valid_idx(int n)
 {
    int x;
 
@@ -1533,28 +1533,28 @@ int wc_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key, byte* out,
       return ECC_BAD_ARG_E;
    }
 
-   if (ecc_is_valid_idx(private_key->idx) == 0 ||
-       ecc_is_valid_idx(public_key->idx)  == 0)
+   if (wc_ecc_is_valid_idx(private_key->idx) == 0 ||
+       wc_ecc_is_valid_idx(public_key->idx)  == 0)
       return ECC_BAD_ARG_E;
 
    if (XSTRNCMP(private_key->dp->name, public_key->dp->name, ECC_MAXNAME) != 0)
       return ECC_BAD_ARG_E;
 
    /* make new point */
-   result = ecc_new_point();
+   result = wc_ecc_new_point();
    if (result == NULL) {
       return MEMORY_E;
    }
 
    if ((err = mp_init(&prime)) != MP_OKAY) {
-      ecc_del_point(result);
+      wc_ecc_del_point(result);
       return err;
    }
 
    err = mp_read_radix(&prime, (char *)private_key->dp->prime, 16);
 
    if (err == MP_OKAY)
-       err = ecc_mulmod(&private_key->k, &public_key->pubkey, result, &prime,1);
+       err = wc_ecc_mulmod(&private_key->k, &public_key->pubkey, result, &prime,1);
 
    if (err == MP_OKAY) {
        x = mp_unsigned_bin_size(&prime);
@@ -1570,7 +1570,7 @@ int wc_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key, byte* out,
    }
 
    mp_clear(&prime);
-   ecc_del_point(result);
+   wc_ecc_del_point(result);
 
    return err;
 }
@@ -1600,24 +1600,24 @@ int wc_ecc_shared_secret_ssh(ecc_key* private_key, ecc_point* point,
         return ECC_BAD_ARG_E;
     }
 
-    if (ecc_is_valid_idx(private_key->idx) == 0)
+    if (wc_ecc_is_valid_idx(private_key->idx) == 0)
         return ECC_BAD_ARG_E;
 
     /* make new point */
-    result = ecc_new_point();
+    result = wc_ecc_new_point();
     if (result == NULL) {
         return MEMORY_E;
     }
 
     if ((err = mp_init(&prime)) != MP_OKAY) {
-        ecc_del_point(result);
+        wc_ecc_del_point(result);
         return err;
     }
 
     err = mp_read_radix(&prime, (char *)private_key->dp->prime, 16);
 
     if (err == MP_OKAY)
-        err = ecc_mulmod(&private_key->k, point, result, &prime, 1);
+        err = wc_ecc_mulmod(&private_key->k, point, result, &prime, 1);
 
     if (err == MP_OKAY) {
         x = mp_unsigned_bin_size(&prime);
@@ -1633,14 +1633,14 @@ int wc_ecc_shared_secret_ssh(ecc_key* private_key, ecc_point* point,
     }
 
     mp_clear(&prime);
-    ecc_del_point(result);
+    wc_ecc_del_point(result);
 
     return err;
 }
 
 
 /* return 1 if point is at infinity, 0 if not, < 0 on error */
-int ecc_point_is_at_infinity(ecc_point* p)
+int wc_ecc_point_is_at_infinity(ecc_point* p)
 {
     if (p == NULL)
         return BAD_FUNC_ARG;
@@ -1708,7 +1708,7 @@ static int wc_ecc_make_key_ex(RNG* rng, ecc_key* key, const ecc_set_type* dp)
    }
 
    if (err == MP_OKAY) {
-       base = ecc_new_point();
+       base = wc_ecc_new_point();
        if (base == NULL)
            err = MEMORY_E;
    }
@@ -1735,7 +1735,7 @@ static int wc_ecc_make_key_ex(RNG* rng, ecc_key* key, const ecc_set_type* dp)
    }
    /* make the public key */
    if (err == MP_OKAY)
-       err = ecc_mulmod(&key->k, base, &key->pubkey, &prime, 1);
+       err = wc_ecc_mulmod(&key->k, base, &key->pubkey, &prime, 1);
 
 #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN
    /* validate the public key, order * pubkey = point at infinity */
@@ -1753,7 +1753,7 @@ static int wc_ecc_make_key_ex(RNG* rng, ecc_key* key, const ecc_set_type* dp)
        mp_clear(key->pubkey.z);
        mp_clear(&key->k);
    }
-   ecc_del_point(base);
+   wc_ecc_del_point(base);
    if (po_init) {
        mp_clear(&prime);
        mp_clear(&order);
@@ -1886,7 +1886,7 @@ int wc_ecc_sign_hash_ex(const byte* in, word32 inlen, RNG* rng,
    }
 
    /* is the IDX valid ?  */
-   if (ecc_is_valid_idx(key->idx) != 1) {
+   if (wc_ecc_is_valid_idx(key->idx) != 1) {
       return ECC_BAD_ARG_E;
    }
 
@@ -2059,10 +2059,10 @@ static int ecc_mul2add(ecc_point* A, mp_int* kA,
     /* allocate the table */
     if (err == MP_OKAY) {
         for (x = 0; x < 16; x++) {
-            precomp[x] = ecc_new_point();
+            precomp[x] = wc_ecc_new_point();
             if (precomp[x] == NULL) {
                 for (y = 0; y < x; ++y) {
-                    ecc_del_point(precomp[y]);
+                    wc_ecc_del_point(precomp[y]);
                 }
                 err = GEN_MEM_ERR;
                 break;
@@ -2203,7 +2203,7 @@ static int ecc_mul2add(ecc_point* A, mp_int* kA,
 
   if (tableInit) {
     for (x = 0; x < 16; x++) {
-       ecc_del_point(precomp[x]);
+       wc_ecc_del_point(precomp[x]);
     }
   }
    ForceZero(tA, ECC_BUFSIZE);
@@ -2300,7 +2300,7 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash,
    *stat = 0;
 
    /* is the IDX valid ?  */
-   if (ecc_is_valid_idx(key->idx) != 1) {
+   if (wc_ecc_is_valid_idx(key->idx) != 1) {
       return ECC_BAD_ARG_E;
    }
 
@@ -2320,8 +2320,8 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash,
    }
 
    /* allocate points */
-   mG = ecc_new_point();
-   mQ = ecc_new_point();
+   mG = wc_ecc_new_point();
+   mQ = wc_ecc_new_point();
    if (mQ  == NULL || mG == NULL)
       err = MEMORY_E;
 
@@ -2388,9 +2388,9 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash,
 
        /* compute u1*mG + u2*mQ = mG */
        if (err == MP_OKAY)
-           err = ecc_mulmod(&u1, mG, mG, &m, 0);
+           err = wc_ecc_mulmod(&u1, mG, mG, &m, 0);
        if (err == MP_OKAY)
-           err = ecc_mulmod(&u2, mQ, mQ, &m, 0);
+           err = wc_ecc_mulmod(&u2, mQ, mQ, &m, 0);
 
        /* find the montgomery mp */
        if (err == MP_OKAY)
@@ -2420,8 +2420,8 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash,
            *stat = 1;
    }
 
-   ecc_del_point(mG);
-   ecc_del_point(mQ);
+   wc_ecc_del_point(mG);
+   wc_ecc_del_point(mQ);
 
    mp_clear(&v);
    mp_clear(&w);
@@ -2442,7 +2442,7 @@ int wc_ecc_import_point_der(byte* in, word32 inLen, const int curve_idx,
     int compressed = 0;
 
     if (in == NULL || point == NULL || (curve_idx < 0) ||
-        (ecc_is_valid_idx(curve_idx) == 0))
+        (wc_ecc_is_valid_idx(curve_idx) == 0))
         return ECC_BAD_ARG_E;
 
     /* must be odd */
@@ -2568,7 +2568,7 @@ int wc_ecc_export_point_der(const int curve_idx, ecc_point* point, byte* out,
     word32 numlen;
     int    ret = MP_OKAY;
 
-    if ((curve_idx < 0) || (ecc_is_valid_idx(curve_idx) == 0))
+    if ((curve_idx < 0) || (wc_ecc_is_valid_idx(curve_idx) == 0))
         return ECC_BAD_ARG_E;
 
     /* return length needed only */
@@ -2646,7 +2646,7 @@ int wc_ecc_export_x963(ecc_key* key, byte* out, word32* outLen)
    if (key == NULL || out == NULL || outLen == NULL)
       return ECC_BAD_ARG_E;
 
-   if (ecc_is_valid_idx(key->idx) == 0) {
+   if (wc_ecc_is_valid_idx(key->idx) == 0) {
       return ECC_BAD_ARG_E;
    }
    numlen = key->dp->size;
@@ -2782,7 +2782,7 @@ static int ecc_check_privkey_gen(ecc_key* key, mp_int* prime)
     if (key == NULL)
         return BAD_FUNC_ARG;
 
-    base = ecc_new_point();
+    base = wc_ecc_new_point();
     if (base == NULL)
         return MEMORY_E;
 
@@ -2794,11 +2794,11 @@ static int ecc_check_privkey_gen(ecc_key* key, mp_int* prime)
         mp_set(base->z, 1);
 
     if (err == MP_OKAY) {
-        res = ecc_new_point();
+        res = wc_ecc_new_point();
         if (res == NULL)
             err = MEMORY_E;
         else {
-            err = ecc_mulmod(&key->k, base, res, prime, 1);
+            err = wc_ecc_mulmod(&key->k, base, res, prime, 1);
             if (err == MP_OKAY) {
                 /* compare result to public key */
                 if (mp_cmp(res->x, key->pubkey.x) != MP_EQ ||
@@ -2811,8 +2811,8 @@ static int ecc_check_privkey_gen(ecc_key* key, mp_int* prime)
         }
     }
 
-    ecc_del_point(res);
-    ecc_del_point(base);
+    wc_ecc_del_point(res);
+    wc_ecc_del_point(base);
 
     return err;
 }
@@ -2855,16 +2855,16 @@ static int ecc_check_pubkey_order(ecc_key* key, mp_int* prime, mp_int* order)
     if (key == NULL)
         return BAD_FUNC_ARG;
 
-    inf = ecc_new_point();
+    inf = wc_ecc_new_point();
     if (inf == NULL)
         err = MEMORY_E;
     else {
-        err = ecc_mulmod(order, &key->pubkey, inf, prime, 1);
-        if (err == MP_OKAY && !ecc_point_is_at_infinity(inf))
+        err = wc_ecc_mulmod(order, &key->pubkey, inf, prime, 1);
+        if (err == MP_OKAY && !wc_ecc_point_is_at_infinity(inf))
             err = ECC_INF_E;
     }
 
-    ecc_del_point(inf);
+    wc_ecc_del_point(inf);
 
     return err;
 }
@@ -2881,7 +2881,7 @@ int wc_ecc_check_key(ecc_key* key)
         return BAD_FUNC_ARG;
 
     /* pubkey point cannot be at inifinity */
-    if (ecc_point_is_at_infinity(&key->pubkey))
+    if (wc_ecc_point_is_at_infinity(&key->pubkey))
         return ECC_INF_E;
 
     err = mp_init_multi(&prime, &order, NULL, NULL, NULL, NULL);
@@ -3071,7 +3071,7 @@ int wc_ecc_export_private_only(ecc_key* key, byte* out, word32* outLen)
    if (key == NULL || out == NULL || outLen == NULL)
        return ECC_BAD_ARG_E;
 
-   if (ecc_is_valid_idx(key->idx) == 0) {
+   if (wc_ecc_is_valid_idx(key->idx) == 0) {
       return ECC_BAD_ARG_E;
    }
    numlen = key->dp->size;
@@ -3848,10 +3848,10 @@ static int find_hole(void)
    /* free entry z */
    if (z >= 0 && fp_cache[z].g) {
       mp_clear(&fp_cache[z].mu);
-      ecc_del_point(fp_cache[z].g);
+      wc_ecc_del_point(fp_cache[z].g);
       fp_cache[z].g  = NULL;
       for (x = 0; x < (1U<<FP_LUT); x++) {
-         ecc_del_point(fp_cache[z].LUT[x]);
+         wc_ecc_del_point(fp_cache[z].LUT[x]);
          fp_cache[z].LUT[x] = NULL;
       }
       fp_cache[z].lru_count = 0;
@@ -3883,7 +3883,7 @@ static int add_entry(int idx, ecc_point *g)
    unsigned x, y;
 
    /* allocate base and LUT */
-   fp_cache[idx].g = ecc_new_point();
+   fp_cache[idx].g = wc_ecc_new_point();
    if (fp_cache[idx].g == NULL) {
       return GEN_MEM_ERR;
    }
@@ -3892,19 +3892,19 @@ static int add_entry(int idx, ecc_point *g)
    if ((mp_copy(g->x, fp_cache[idx].g->x) != MP_OKAY) ||
        (mp_copy(g->y, fp_cache[idx].g->y) != MP_OKAY) ||
        (mp_copy(g->z, fp_cache[idx].g->z) != MP_OKAY)) {
-      ecc_del_point(fp_cache[idx].g);
+      wc_ecc_del_point(fp_cache[idx].g);
       fp_cache[idx].g = NULL;
       return GEN_MEM_ERR;
    }
 
    for (x = 0; x < (1U<<FP_LUT); x++) {
-      fp_cache[idx].LUT[x] = ecc_new_point();
+      fp_cache[idx].LUT[x] = wc_ecc_new_point();
       if (fp_cache[idx].LUT[x] == NULL) {
          for (y = 0; y < x; y++) {
-            ecc_del_point(fp_cache[idx].LUT[y]);
+            wc_ecc_del_point(fp_cache[idx].LUT[y]);
             fp_cache[idx].LUT[y] = NULL;
          }
-         ecc_del_point(fp_cache[idx].g);
+         wc_ecc_del_point(fp_cache[idx].g);
          fp_cache[idx].g         = NULL;
          fp_cache[idx].lru_count = 0;
          return GEN_MEM_ERR;
@@ -4044,10 +4044,10 @@ static int build_lut(int idx, mp_int* modulus, mp_digit* mp, mp_int* mu)
 
    /* err cleanup */
    for (y = 0; y < (1U<<FP_LUT); y++) {
-      ecc_del_point(fp_cache[idx].LUT[y]);
+      wc_ecc_del_point(fp_cache[idx].LUT[y]);
       fp_cache[idx].LUT[y] = NULL;
    }
-   ecc_del_point(fp_cache[idx].g);
+   wc_ecc_del_point(fp_cache[idx].g);
    fp_cache[idx].g         = NULL;
    fp_cache[idx].lru_count = 0;
    mp_clear(&fp_cache[idx].mu);
@@ -4578,7 +4578,7 @@ int ecc_mul2add(ecc_point* A, mp_int* kA,
              otherwise it's left in jacobian-montgomery form
     return MP_OKAY if successful
 */
-int ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R, mp_int* modulus,
+int wc_ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R, mp_int* modulus,
                int map)
 {
    int   idx, err = MP_OKAY;
@@ -4663,10 +4663,10 @@ static void wc_ecc_fp_free_cache(void)
    for (x = 0; x < FP_ENTRIES; x++) {
       if (fp_cache[x].g != NULL) {
          for (y = 0; y < (1U<<FP_LUT); y++) {
-            ecc_del_point(fp_cache[x].LUT[y]);
+            wc_ecc_del_point(fp_cache[x].LUT[y]);
             fp_cache[x].LUT[y] = NULL;
          }
-         ecc_del_point(fp_cache[x].g);
+         wc_ecc_del_point(fp_cache[x].g);
          fp_cache[x].g         = NULL;
          mp_clear(&fp_cache[x].mu);
          fp_cache[x].lru_count = 0;
@@ -5502,7 +5502,7 @@ int wc_ecc_export_x963_compressed(ecc_key* key, byte* out, word32* outLen)
    if (key == NULL || out == NULL || outLen == NULL)
        return ECC_BAD_ARG_E;
 
-   if (ecc_is_valid_idx(key->idx) == 0) {
+   if (wc_ecc_is_valid_idx(key->idx) == 0) {
       return ECC_BAD_ARG_E;
    }
    numlen = key->dp->size;
diff --git a/wolfcrypt/src/integer.c b/wolfcrypt/src/integer.c
index 00685acfc..aaf9954b5 100644
--- a/wolfcrypt/src/integer.c
+++ b/wolfcrypt/src/integer.c
@@ -45,6 +45,14 @@
     #endif
 #endif
 
+#ifdef SHOW_GEN
+    #ifdef FREESCALE_MQX
+        #include <fio.h>
+    #else
+        #include <stdio.h>
+    #endif
+#endif
+
 /* reverse an array, used for radix code */
 static void
 bn_reverse (unsigned char *s, int len)
@@ -2526,13 +2534,15 @@ mp_set_bit (mp_int * a, int b)
 {
     int i = b / DIGIT_BIT, res;
 
-    /* grow a to accomodate the single bit */
-    if ((res = mp_grow (a, i + 1)) != MP_OKAY) {
-        return res;
-    }
+    if (a->used < (int)(i + 1)) {
+        /* grow a to accomodate the single bit */
+        if ((res = mp_grow (a, i + 1)) != MP_OKAY) {
+            return res;
+        }
 
-    /* set the used count of where the bit will go */
-    a->used = i + 1;
+        /* set the used count of where the bit will go */
+        a->used = (int)(i + 1);
+    }
 
     /* put the single bit in its place */
     a->dp[i] |= ((mp_digit)1) << (b % DIGIT_BIT);
@@ -4086,12 +4096,15 @@ static int mp_div_d (mp_int * a, mp_digit b, mp_int * c, mp_digit * d)
 #endif
 
   /* no easy answer [c'est la vie].  Just division */
-  if ((res = mp_init_size(&q, a->used)) != MP_OKAY) {
-     return res;
+  if (c != NULL) {
+      if ((res = mp_init_size(&q, a->used)) != MP_OKAY) {
+        return res;
+      }
+
+      q.used = a->used;
+      q.sign = a->sign;
   }
 
-  q.used = a->used;
-  q.sign = a->sign;
   w = 0;
   for (ix = a->used - 1; ix >= 0; ix--) {
      w = (w << ((mp_word)DIGIT_BIT)) | ((mp_word)a->dp[ix]);
@@ -4102,7 +4115,8 @@ static int mp_div_d (mp_int * a, mp_digit b, mp_int * c, mp_digit * d)
       } else {
         t = 0;
       }
-      q.dp[ix] = (mp_digit)t;
+      if (c != NULL)
+        q.dp[ix] = (mp_digit)t;
   }
 
   if (d != NULL) {
@@ -4112,8 +4126,8 @@ static int mp_div_d (mp_int * a, mp_digit b, mp_int * c, mp_digit * d)
   if (c != NULL) {
      mp_clamp(&q);
      mp_exch(&q, c);
+     mp_clear(&q);
   }
-  mp_clear(&q);
 
   return res;
 }
@@ -4282,6 +4296,70 @@ static int mp_prime_is_divisible (mp_int * a, int *result)
   return MP_OKAY;
 }
 
+static const int USE_BBS = 1;
+
+int mp_rand_prime(mp_int* N, int len, RNG* rng, void* heap)
+{
+    int   err, res, type;
+    byte* buf;
+
+    if (N == NULL || rng == NULL)
+        return BAD_FUNC_ARG;
+
+    /* get type */
+    if (len < 0) {
+        type = USE_BBS;
+        len = -len;
+    } else {
+        type = 0;
+    }
+
+    /* allow sizes between 2 and 512 bytes for a prime size */
+    if (len < 2 || len > 512) {
+        return BAD_FUNC_ARG;
+    }
+
+    /* allocate buffer to work with */
+    buf = (byte*)XMALLOC(len, heap, DYNAMIC_TYPE_RSA);
+    if (buf == NULL) {
+        return MEMORY_E;
+    }
+    XMEMSET(buf, 0, len);
+
+    do {
+#ifdef SHOW_GEN
+        printf(".");
+        fflush(stdout);
+#endif
+        /* generate value */
+        err = wc_RNG_GenerateBlock(rng, buf, len);
+        if (err != 0) {
+            XFREE(buf, heap, DYNAMIC_TYPE_RSA);
+            return err;
+        }
+
+        /* munge bits */
+        buf[0]     |= 0x80 | 0x40;
+        buf[len-1] |= 0x01 | ((type & USE_BBS) ? 0x02 : 0x00);
+
+        /* load value */
+        if ((err = mp_read_unsigned_bin(N, buf, len)) != MP_OKAY) {
+            XFREE(buf, heap, DYNAMIC_TYPE_RSA);
+            return err;
+        }
+
+        /* test */
+        if ((err = mp_prime_is_prime(N, 8, &res)) != MP_OKAY) {
+            XFREE(buf, heap, DYNAMIC_TYPE_RSA);
+            return err;
+        }
+    } while (res == MP_NO);
+
+    ForceZero(buf, len);
+    XFREE(buf, heap, DYNAMIC_TYPE_RSA);
+    
+    return MP_OKAY;
+}
 
 /*
  * Sets result to 1 if probably prime, 0 otherwise
@@ -4468,8 +4546,6 @@ LBL_U:mp_clear (&v);
     return res;
 }
 
-
-
 #endif /* WOLFSSL_KEY_GEN */
 
 
@@ -4542,6 +4618,9 @@ int mp_read_radix (mp_int * a, const char *str, int radix)
   }
   return MP_OKAY;
 }
+#endif /* HAVE_ECC */
+
+#if defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY)
 
 /* returns size of ASCII representation */
 int mp_radix_size (mp_int *a, int radix, int *size)
@@ -4652,7 +4731,7 @@ int mp_toradix (mp_int *a, char *str, int radix)
     return MP_OKAY;
 }
 
-#endif /* HAVE_ECC */
+#endif /* defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) */
 
 #endif /* USE_FAST_MATH */
 
diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c
index 1a5021783..bc85a949e 100644
--- a/wolfcrypt/src/rsa.c
+++ b/wolfcrypt/src/rsa.c
@@ -131,14 +131,6 @@ int wc_RsaFlattenPublicKey(RsaKey* key, byte* a, word32* aSz, byte* b,
     #include <wolfcrypt/src/misc.c>
 #endif
 
-#ifdef SHOW_GEN
-    #ifdef FREESCALE_MQX
-        #include <fio.h>
-    #else
-        #include <stdio.h>
-    #endif
-#endif
-
 #ifdef HAVE_CAVIUM
     static int  InitCaviumRsaKey(RsaKey* key, void* heap);
     static int  FreeCaviumRsaKey(RsaKey* key);
@@ -152,22 +144,6 @@ int wc_RsaFlattenPublicKey(RsaKey* key, byte* a, word32* aSz, byte* b,
                                     word32 outLen, RsaKey* key);
 #endif
 
-enum {
-    RSA_PUBLIC_ENCRYPT  = 0,
-    RSA_PUBLIC_DECRYPT  = 1,
-    RSA_PRIVATE_ENCRYPT = 2,
-    RSA_PRIVATE_DECRYPT = 3,
-
-    RSA_BLOCK_TYPE_1 = 1,
-    RSA_BLOCK_TYPE_2 = 2,
-
-    RSA_MIN_SIZE = 512,
-    RSA_MAX_SIZE = 4096,
-
-    RSA_MIN_PAD_SZ   = 11      /* seperator + 0 + pad value + 8 pads */
-};
-
-
 int wc_InitRsaKey(RsaKey* key, void* heap)
 {
 #ifdef HAVE_CAVIUM
@@ -610,76 +586,7 @@ int wc_RsaFlattenPublicKey(RsaKey* key, byte* e, word32* eSz, byte* n,
     return 0;
 }
 
-
 #ifdef WOLFSSL_KEY_GEN
-
-static const int USE_BBS = 1;
-
-static int rand_prime(mp_int* N, int len, RNG* rng, void* heap)
-{
-    int   err, res, type;
-    byte* buf;
-
-    (void)heap;
-    if (N == NULL || rng == NULL)
-       return BAD_FUNC_ARG; 
-
-    /* get type */
-    if (len < 0) {
-        type = USE_BBS;
-        len = -len;
-    } else {
-        type = 0;
-    }
-
-    /* allow sizes between 2 and 512 bytes for a prime size */
-    if (len < 2 || len > 512) { 
-        return BAD_FUNC_ARG;
-    }
-   
-    /* allocate buffer to work with */
-    buf = (byte*)XMALLOC(len, heap, DYNAMIC_TYPE_RSA);
-    if (buf == NULL) {
-        return MEMORY_E;
-    }
-    XMEMSET(buf, 0, len);
-
-    do {
-#ifdef SHOW_GEN
-        printf(".");
-        fflush(stdout);
-#endif
-        /* generate value */
-        err = wc_RNG_GenerateBlock(rng, buf, len);
-        if (err != 0) {
-            XFREE(buf, heap, DYNAMIC_TYPE_RSA);
-            return err;
-        }
-
-        /* munge bits */
-        buf[0]     |= 0x80 | 0x40;
-        buf[len-1] |= 0x01 | ((type & USE_BBS) ? 0x02 : 0x00);
- 
-        /* load value */
-        if ((err = mp_read_unsigned_bin(N, buf, len)) != MP_OKAY) {
-            XFREE(buf, heap, DYNAMIC_TYPE_RSA);
-            return err;
-        }
-
-        /* test */
-        if ((err = mp_prime_is_prime(N, 8, &res)) != MP_OKAY) {
-            XFREE(buf, heap, DYNAMIC_TYPE_RSA);
-            return err;
-        }
-    } while (res == MP_NO);
-
-    ForceZero(buf, len);
-    XFREE(buf, heap, DYNAMIC_TYPE_RSA);
-
-    return 0;
-}
-
-
 /* Make an RSA key for size bits, with e specified, 65537 is a good e */
 int wc_MakeRsaKey(RsaKey* key, int size, long e, RNG* rng)
 {
@@ -703,7 +610,7 @@ int wc_MakeRsaKey(RsaKey* key, int size, long e, RNG* rng)
     /* make p */
     if (err == MP_OKAY) {
         do {
-            err = rand_prime(&p, size/16, rng, key->heap); /* size in bytes/2 */
+            err = mp_rand_prime(&p, size/16, rng, key->heap); /* size in bytes/2 */
 
             if (err == MP_OKAY)
                 err = mp_sub_d(&p, 1, &tmp1);  /* tmp1 = p-1 */
@@ -716,7 +623,7 @@ int wc_MakeRsaKey(RsaKey* key, int size, long e, RNG* rng)
     /* make q */
     if (err == MP_OKAY) {
         do {
-            err = rand_prime(&q, size/16, rng, key->heap); /* size in bytes/2 */
+            err = mp_rand_prime(&q, size/16, rng, key->heap); /* size in bytes/2 */
 
             if (err == MP_OKAY)
                 err = mp_sub_d(&q, 1, &tmp1);  /* tmp1 = q-1 */
diff --git a/wolfcrypt/src/tfm.c b/wolfcrypt/src/tfm.c
index 3391693ae..cbb922199 100755
--- a/wolfcrypt/src/tfm.c
+++ b/wolfcrypt/src/tfm.c
@@ -39,6 +39,7 @@
 
 #ifdef USE_FAST_MATH
 
+#include <wolfssl/wolfcrypt/random.h>
 #include <wolfssl/wolfcrypt/tfm.h>
 #include <wolfcrypt/src/asm.c>  /* will define asm MACROS or C ones */
 
@@ -1815,10 +1816,37 @@ void fp_set(fp_int *a, fp_digit b)
 /* chek if a bit is set */
 int fp_is_bit_set (fp_int *a, fp_digit b)
 {
-    if ((fp_digit)a->used < b/DIGIT_BIT)
+    fp_digit i;
+
+    if (b > FP_MAX_BITS)
+        return 0;
+    else
+        i = b/DIGIT_BIT;
+
+    if ((fp_digit)a->used < i)
         return 0;
 
-    return (int)((a->dp[b/DIGIT_BIT] >> b%DIGIT_BIT) & (fp_digit)1);
+    return (int)((a->dp[i] >> b%DIGIT_BIT) & (fp_digit)1);
+}
+
+/* set the b bit of a */
+int fp_set_bit (fp_int * a, fp_digit b)
+{
+    fp_digit i;
+
+    if (b > FP_MAX_BITS)
+        return 0;
+    else
+        i = b/DIGIT_BIT;
+
+    /* set the used count of where the bit will go if required */
+    if (a->used < (int)(i + 1))
+        a->used = (int)(i + 1);
+
+    /* put the single bit in its place */
+    a->dp[i] |= ((mp_digit)1) << (b % DIGIT_BIT);
+
+    return MP_OKAY;
 }
 
 int fp_count_bits (fp_int * a)
@@ -2186,17 +2214,22 @@ void mp_rshb (mp_int* a, int x)
 
 
 /* fast math wrappers */
-int mp_set_int(fp_int *a, fp_digit b)
+int mp_set_int(mp_int *a, mp_digit b)
 {
     fp_set(a, b);
     return MP_OKAY;
 }
 
-int mp_is_bit_set (fp_int *a, fp_digit b)
+int mp_is_bit_set (mp_int *a, mp_digit b)
 {
     return fp_is_bit_set(a, b);
 }
 
+int mp_set_bit(mp_int *a, mp_digit b)
+{
+    return fp_set_bit(a, b);
+}
+
 #if defined(WOLFSSL_KEY_GEN) || defined (HAVE_ECC)
 
 /* c = a * a (mod b) */
@@ -2230,6 +2263,18 @@ static const int lnz[16] = {
    4, 0, 1, 0, 2, 0, 1, 0, 3, 0, 1, 0, 2, 0, 1, 0
 };
 
+/* swap the elements of two integers, for cases where you can't simply swap the
+ * mp_int pointers around
+ */
+static void fp_exch (fp_int * a, fp_int * b)
+{
+    fp_int  t;
+
+    t  = *a;
+    *a = *b;
+    *b = t;
+}
+
 /* Counts the number of lsbs which are zero before the first zero bit */
 int fp_cnt_lsb(fp_int *a)
 {
@@ -2258,8 +2303,6 @@ int fp_cnt_lsb(fp_int *a)
 }
 
 
-
-
 static int s_is_power_of_two(fp_digit b, int *p)
 {
    int x;
@@ -2313,11 +2356,14 @@ static int fp_div_d(fp_int *a, fp_digit b, fp_int *c, fp_digit *d)
      return FP_OKAY;
   }
 
-  /* no easy answer [c'est la vie].  Just division */
-  fp_init(&q);
+  if (c != NULL) {
+    /* no easy answer [c'est la vie].  Just division */
+    fp_init(&q);
+
+    q.used = a->used;
+    q.sign = a->sign;
+  }
 
-  q.used = a->used;
-  q.sign = a->sign;
   w = 0;
   for (ix = a->used - 1; ix >= 0; ix--) {
      w = (w << ((fp_word)DIGIT_BIT)) | ((fp_word)a->dp[ix]);
@@ -2328,7 +2374,8 @@ static int fp_div_d(fp_int *a, fp_digit b, fp_int *c, fp_digit *d)
       } else {
         t = 0;
       }
-      q.dp[ix] = (fp_digit)t;
+      if (c != NULL)
+        q.dp[ix] = (fp_digit)t;
   }
 
   if (d != NULL) {
@@ -2362,6 +2409,7 @@ int mp_mod_d(fp_int *a, fp_digit b, fp_digit *c)
 void fp_gcd(fp_int *a, fp_int *b, fp_int *c);
 void fp_lcm(fp_int *a, fp_int *b, fp_int *c);
 int  fp_isprime(fp_int *a);
+int  fp_randprime(fp_int* N, int len, RNG* rng, void* heap);
 
 int mp_gcd(fp_int *a, fp_int *b, fp_int *c)
 {
@@ -2384,6 +2432,31 @@ int mp_prime_is_prime(mp_int* a, int t, int* result)
     return MP_OKAY;
 }
 
+int mp_rand_prime(mp_int* N, int len, RNG* rng, void* heap)
+{
+    int err;
+
+    err = fp_randprime(N, len, rng, heap);
+    switch(err) {
+        case FP_VAL:
+            return MP_VAL;
+            break;
+        case FP_MEM:
+            return MP_MEM;
+            break;
+        default:
+            break;
+    }
+
+    return MP_OKAY;
+}
+
+int mp_exch (mp_int * a, mp_int * b)
+{
+    fp_exch(a, b);
+    return MP_OKAY;
+}
+
 /* Miller-Rabin test of "a" to the base of "b" as described in
  * HAC pp. 139 Algorithm 4.24
  *
@@ -2513,6 +2586,59 @@ int fp_isprime(fp_int *a)
    return FP_YES;
 }
 
+int fp_randprime(fp_int* N, int len, RNG* rng, void* heap)
+{
+    static const int USE_BBS = 1;
+    int   err, type;
+    byte* buf;
+
+    /* get type */
+    if (len < 0) {
+        type = USE_BBS;
+        len = -len;
+    } else {
+        type = 0;
+    }
+
+    /* allow sizes between 2 and 512 bytes for a prime size */
+    if (len < 2 || len > 512) {
+        return FP_VAL;
+    }
+
+    /* allocate buffer to work with */
+    buf = (byte*)XMALLOC(len, heap, DYNAMIC_TYPE_TMP_BUFFER);
+    if (buf == NULL) {
+        return FP_MEM;
+    }
+    XMEMSET(buf, 0, len);
+
+    do {
+#ifdef SHOW_GEN
+        printf(".");
+        fflush(stdout);
+#endif
+        /* generate value */
+        err = wc_RNG_GenerateBlock(rng, buf, len);
+        if (err != 0) {
+            XFREE(buf, heap, DYNAMIC_TYPE_TMP_BUFFER);
+            return FP_VAL;
+        }
+
+        /* munge bits */
+        buf[0]     |= 0x80 | 0x40;
+        buf[len-1] |= 0x01 | ((type & USE_BBS) ? 0x02 : 0x00);
+
+        /* load value */
+        fp_read_unsigned_bin(N, buf, len);
+
+        /* test */
+    } while (fp_isprime(N) == FP_NO);
+
+    XMEMSET(buf, 0, len);
+    XFREE(buf, heap, DYNAMIC_TYPE_TMP_BUFFER);
+    
+    return FP_OKAY;
+}
 
 /* c = [a, b] */
 void fp_lcm(fp_int *a, fp_int *b, fp_int *c)
@@ -2740,7 +2866,7 @@ int mp_radix_size (mp_int *a, int radix, int *size)
 
     if (fp_iszero(a) == MP_YES) {
         *size = 2;
-        return FP_YES;
+        return FP_OKAY;
     }
 
     /* digs is the digit count */
diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c
index 6286e3eac..f4a624432 100644
--- a/wolfcrypt/test/test.c
+++ b/wolfcrypt/test/test.c
@@ -210,7 +210,7 @@ int pbkdf2_test(void);
 #endif
 
 
-/* General big buffer size for many tests. */ 
+/* General big buffer size for many tests. */
 #define FOURK_BUF 4096
 
 
@@ -3385,6 +3385,8 @@ int rsa_test(void)
 #ifdef HAVE_CAVIUM
     wc_RsaInitCavium(&key, CAVIUM_DEV_ID);
 #endif
+
+printf("1\n");
     ret = wc_InitRsaKey(&key, 0);
     if (ret != 0) {
         free(tmp);
@@ -3445,7 +3447,7 @@ int rsa_test(void)
         free(tmp);
         return -49;
     }
-
+printf("11\n");
     bytes = fread(tmp, 1, FOURK_BUF, file2);
     fclose(file2);
 #endif
@@ -3465,7 +3467,7 @@ int rsa_test(void)
     (void)bytes;
 #endif
 
-
+printf("111\n");
 #ifdef WOLFSSL_KEY_GEN
     {
         byte*  der;
@@ -3476,7 +3478,7 @@ int rsa_test(void)
         RsaKey genKey;
         FILE*  keyFile;
         FILE*  pemFile;
-
+printf("2\n");
         ret = wc_InitRsaKey(&genKey, 0);
         if (ret != 0)
             return -300;
@@ -3502,7 +3504,7 @@ int rsa_test(void)
             free(pem);
             return -302;
         }
-
+printf("22\n");
 #ifdef FREESCALE_MQX
         keyFile = fopen("a:\\certs\\key.der", "wb");
 #else
@@ -3523,14 +3525,14 @@ int rsa_test(void)
             return -313;
         }
 
-        pemSz = wc_DerToPem(der, derSz, pem, FOURK_BUF, PRIVATEKEY_TYPE);
+        pemSz = wc_DerToPem(der, derSz, pem, FOURK_BUF, NULL, PRIVATEKEY_TYPE);
         if (pemSz < 0) {
             free(der);
             free(pem);
             wc_FreeRsaKey(&genKey);
             return -304;
         }
-
+printf("222\n");
 #ifdef FREESCALE_MQX
         pemFile = fopen("a:\\certs\\key.pem", "wb");
 #else
@@ -3567,7 +3569,7 @@ int rsa_test(void)
             wc_FreeRsaKey(&genKey);
             return -306;
         }
-
+printf("2222\n");
         wc_FreeRsaKey(&derIn);
         wc_FreeRsaKey(&genKey);
         free(pem);
@@ -3575,7 +3577,7 @@ int rsa_test(void)
     }
 #endif /* WOLFSSL_KEY_GEN */
 
-
+printf("3\n");
 #ifdef WOLFSSL_CERT_GEN
     /* self signed */
     {
@@ -3598,7 +3600,7 @@ int rsa_test(void)
             free(derCert);
             return -310;
         }
-
+printf("33\n");
         wc_InitCert(&myCert);
 
         strncpy(myCert.subject.country, "US", CTC_NAME_SIZE);
@@ -3628,7 +3630,7 @@ int rsa_test(void)
         }
         FreeDecodedCert(&decode);
 #endif
-
+printf("333\n");
 #ifdef FREESCALE_MQX
         derFile = fopen("a:\\certs\\cert.der", "wb");
 #else
@@ -3646,14 +3648,14 @@ int rsa_test(void)
             free(pem);
             return -414;
         }
-
-        pemSz = wc_DerToPem(derCert, certSz, pem, FOURK_BUF, CERT_TYPE);
+printf("4\n");
+        pemSz = wc_DerToPem(derCert, certSz, pem, FOURK_BUF, NULL, CERT_TYPE);
         if (pemSz < 0) {
             free(derCert);
             free(pem);
             return -404;
         }
-
+printf("41\n");
 #ifdef FREESCALE_MQX
         pemFile = fopen("a:\\certs\\cert.pem", "wb");
 #else
@@ -3793,7 +3795,7 @@ int rsa_test(void)
             return -416;
         }
 
-        pemSz = wc_DerToPem(derCert, certSz, pem, FOURK_BUF, CERT_TYPE);
+        pemSz = wc_DerToPem(derCert, certSz, pem, FOURK_BUF, NULL, CERT_TYPE);
         if (pemSz < 0) {
             free(derCert);
             free(pem);
@@ -3938,7 +3940,7 @@ int rsa_test(void)
             return -5414;
         }
 
-        pemSz = wc_DerToPem(derCert, certSz, pem, FOURK_BUF, CERT_TYPE);
+        pemSz = wc_DerToPem(derCert, certSz, pem, FOURK_BUF, NULL, CERT_TYPE);
         if (pemSz < 0) {
             free(pem);
             free(derCert);
@@ -4122,7 +4124,7 @@ int rsa_test(void)
             return -473;
         }
 
-        pemSz = wc_DerToPem(derCert, certSz, pem, FOURK_BUF, CERT_TYPE);
+        pemSz = wc_DerToPem(derCert, certSz, pem, FOURK_BUF, NULL, CERT_TYPE);
         if (pemSz < 0) {
             free(derCert);
             free(pem);
@@ -4207,7 +4209,7 @@ int rsa_test(void)
             return -466;
         }
 
-        pemSz = wc_DerToPem(der, derSz, pem, FOURK_BUF, CERTREQ_TYPE);
+        pemSz = wc_DerToPem(der, derSz, pem, FOURK_BUF, NULL, CERTREQ_TYPE);
         if (pemSz < 0) {
             free(pem);
             free(der);
@@ -5125,7 +5127,7 @@ int ecc_test(void)
             return -1026;
         }
 
-        pemSz = wc_DerToPem(der, derSz, pem, FOURK_BUF, ECC_PRIVATEKEY_TYPE);
+        pemSz = wc_DerToPem(der, derSz, pem, FOURK_BUF, NULL, ECC_PRIVATEKEY_TYPE);
         if (pemSz < 0) {
             return -1027;
         }
diff --git a/wolfssl/openssl/dsa.h b/wolfssl/openssl/dsa.h
index aedcab452..98048bd9c 100644
--- a/wolfssl/openssl/dsa.h
+++ b/wolfssl/openssl/dsa.h
@@ -24,7 +24,7 @@ struct WOLFSSL_DSA {
 
 
 WOLFSSL_API WOLFSSL_DSA* wolfSSL_DSA_new(void);
-WOLFSSL_API void        wolfSSL_DSA_free(WOLFSSL_DSA*);
+WOLFSSL_API void wolfSSL_DSA_free(WOLFSSL_DSA*);
 
 WOLFSSL_API int wolfSSL_DSA_generate_key(WOLFSSL_DSA*);
 WOLFSSL_API int wolfSSL_DSA_generate_parameters_ex(WOLFSSL_DSA*, int bits,
diff --git a/wolfssl/openssl/pem.h b/wolfssl/openssl/pem.h
index 56b85baec..7da6074a9 100644
--- a/wolfssl/openssl/pem.h
+++ b/wolfssl/openssl/pem.h
@@ -14,75 +14,104 @@
 #endif
 
 
-WOLFSSL_API int wolfSSL_PEM_write_bio_ECPrivateKey(WOLFSSL_BIO* bio, WOLFSSL_EC_KEY* ec,
-												   const EVP_CIPHER* cipher,
-												   unsigned char* passwd, int len,
-												   pem_password_cb cb, void* arg);
+/* RSA */
+WOLFSSL_API
+int wolfSSL_PEM_write_bio_RSAPrivateKey(WOLFSSL_BIO* bio, WOLFSSL_RSA* rsa,
+                                        const EVP_CIPHER* cipher,
+                                        unsigned char* passwd, int len,
+                                        pem_password_cb cb, void* arg);
+WOLFSSL_API
+int wolfSSL_PEM_write_RSAPrivateKey(FILE *fp, WOLFSSL_RSA *rsa,
+                                    const EVP_CIPHER *enc,
+                                    unsigned char *kstr, int klen,
+                                    pem_password_cb *cb, void *u);
+WOLFSSL_API
+int wolfSSL_PEM_write_mem_RSAPrivateKey(RSA* rsa, const EVP_CIPHER* cipher,
+                                        unsigned char* passwd, int len,
+                                        byte **pem, int *plen);
+WOLFSSL_API
+WOLFSSL_RSA *wolfSSL_PEM_read_RSAPublicKey(FILE *fp, WOLFSSL_RSA **x,
+                                           pem_password_cb *cb, void *u);
+WOLFSSL_API
+int wolfSSL_PEM_write_RSAPublicKey(FILE *fp, WOLFSSL_RSA *x);
 
-WOLFSSL_API int wolfSSL_PEM_write_bio_RSAPrivateKey(WOLFSSL_BIO* bio, WOLFSSL_RSA* rsa,
-	                                  const EVP_CIPHER* cipher,
-	                                  unsigned char* passwd, int len,
-	                                  pem_password_cb cb, void* arg);
+WOLFSSL_API
+int wolfSSL_PEM_write_RSA_PUBKEY(FILE *fp, WOLFSSL_RSA *x);
 
-WOLFSSL_API int wolfSSL_PEM_write_RSAPrivateKey(FILE *fp, WOLFSSL_RSA *rsa, const EVP_CIPHER *enc,
-												unsigned char *kstr, int klen,
-												pem_password_cb *cb, void *u);
+/* DSA */
+WOLFSSL_API
+int wolfSSL_PEM_write_bio_DSAPrivateKey(WOLFSSL_BIO* bio,
+                                        WOLFSSL_DSA* dsa,
+                                        const EVP_CIPHER* cipher,
+                                        unsigned char* passwd, int len,
+                                        pem_password_cb cb, void* arg);
+WOLFSSL_API
+int wolfSSL_PEM_write_DSAPrivateKey(FILE *fp, WOLFSSL_DSA *dsa,
+                                    const EVP_CIPHER *enc,
+                                    unsigned char *kstr, int klen,
+                                    pem_password_cb *cb, void *u);
+WOLFSSL_API
+int wolfSSL_PEM_write_mem_DSAPrivateKey(WOLFSSL_DSA* dsa,
+                                        const EVP_CIPHER* cipher,
+                                        unsigned char* passwd, int len,
+                                        byte **pem, int *plen);
+WOLFSSL_API
+int wolfSSL_PEM_write_DSA_PUBKEY(FILE *fp, WOLFSSL_DSA *x);
 
-WOLFSSL_API int wolfSSL_PEM_write_bio_DSAPrivateKey(WOLFSSL_BIO* bio, WOLFSSL_DSA* dsa,
-	                                  const EVP_CIPHER* cipher,
-	                                  unsigned char* passwd, int len,
-	                                  pem_password_cb cb, void* arg);
+/* ECC */
+WOLFSSL_API
+int wolfSSL_PEM_write_bio_ECPrivateKey(WOLFSSL_BIO* bio, WOLFSSL_EC_KEY* ec,
+                                       const EVP_CIPHER* cipher,
+                                       unsigned char* passwd, int len,
+                                       pem_password_cb cb, void* arg);
+WOLFSSL_API
+int wolfSSL_PEM_write_ECPrivateKey(FILE *fp, WOLFSSL_EC_KEY *key,
+                                   const EVP_CIPHER *enc,
+                                   unsigned char *kstr, int klen,
+                                   pem_password_cb *cb, void *u);
+WOLFSSL_API
+int wolfSSL_PEM_write_mem_ECPrivateKey(WOLFSSL_EC_KEY* key,
+                                       const EVP_CIPHER* cipher,
+                                       unsigned char* passwd, int len,
+                                       byte **pem, int *plen);
+WOLFSSL_API
+int wolfSSL_PEM_write_EC_PUBKEY(FILE *fp, WOLFSSL_EC_KEY *key);
 
-WOLFSSL_API int wolfSSL_PEM_write_DSAPrivateKey(FILE *fp, WOLFSSL_DSA *dsa, const EVP_CIPHER *enc,
-											unsigned char *kstr, int klen,
-											pem_password_cb *cb, void *u);
+/* EVP_KEY */
+WOLFSSL_API
+WOLFSSL_EVP_PKEY* wolfSSL_PEM_read_bio_PrivateKey(WOLFSSL_BIO* bio,
+                                                  WOLFSSL_EVP_PKEY**,
+                                                  pem_password_cb cb,
+                                                  void* arg);
+WOLFSSL_API
+int wolfSSL_EVP_PKEY_type(int type);
 
-WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_PEM_read_bio_PrivateKey(WOLFSSL_BIO* bio,
-                        WOLFSSL_EVP_PKEY**, pem_password_cb cb, void* arg);
+WOLFSSL_API
+WOLFSSL_EVP_PKEY *wolfSSL_PEM_read_PUBKEY(FILE *fp, EVP_PKEY **x,
+										  pem_password_cb *cb, void *u);
 
-WOLFSSL_API int wolfSSL_EVP_PKEY_type(int type);
-
-WOLFSSL_API WOLFSSL_EVP_PKEY *wolfSSL_PEM_read_PUBKEY(FILE *fp, EVP_PKEY **x,
-													  pem_password_cb *cb, void *u);
-
-WOLFSSL_API WOLFSSL_RSA *wolfSSL_PEM_read_RSAPublicKey(FILE *fp, WOLFSSL_RSA **x,
-													   pem_password_cb *cb, void *u);
-
-WOLFSSL_API int wolfSSL_PEM_write_DSA_PUBKEY(FILE *fp, WOLFSSL_DSA *x);
-
-WOLFSSL_API int wolfSSL_PEM_write_RSAPublicKey(FILE *fp, WOLFSSL_RSA *x);
-
-WOLFSSL_API int wolfSSL_PEM_write_RSA_PUBKEY(FILE *fp, WOLFSSL_RSA *x);
-
-WOLFSSL_API int wolfSSL_PEM_write_buf_RSAPrivateKey(RSA* rsa, const EVP_CIPHER* cipher,
-												unsigned char* passwd, int len,
-													byte **pem, int *plen);
-
-WOLFSSL_API int wolfSSL_PEM_write_EC_PUBKEY(FILE *fp, WOLFSSL_EC_KEY *key);
-WOLFSSL_API int wolfSSL_PEM_write_ECPrivateKey(FILE *fp, WOLFSSL_EC_KEY *key, const EVP_CIPHER *enc,
-														unsigned char *kstr, int klen,
-														pem_password_cb *cb, void *u);
-
-#define PEM_write_bio_ECPrivateKey wolfSSL_PEM_write_bio_ECPrivateKey
+/* RSA */
 #define PEM_write_bio_RSAPrivateKey wolfSSL_PEM_write_bio_RSAPrivateKey
-#define PEM_write_RSAPrivateKey wolfSSL_PEM_write_RSAPrivateKey
+#define PEM_write_RSAPrivateKey     wolfSSL_PEM_write_RSAPrivateKey
+#define PEM_write_RSA_PUBKEY        wolfSSL_PEM_write_RSA_PUBKEY
+#define PEM_write_RSAPublicKey      wolfSSL_PEM_write_RSAPublicKey
+#define PEM_read_RSAPublicKey       wolfSSL_PEM_read_RSAPublicKey
+/* DSA */
 #define PEM_write_bio_DSAPrivateKey wolfSSL_PEM_write_bio_DSAPrivateKey
-#define PEM_write_DSAPrivateKey wolfSSL_PEM_write_DSAPrivateKey
-#define PEM_read_bio_PrivateKey     wolfSSL_PEM_read_bio_PrivateKey
-#define PEM_write_RSA_PUBKEY wolfSSL_PEM_write_RSA_PUBKEY
-#define PEM_write_RSAPublicKey wolfSSL_PEM_write_RSAPublicKey
-#define PEM_write_DSA_PUBKEY wolfSSL_PEM_write_DSA_PUBKEY
-#define PEM_read_RSAPublicKey wolfSSL_PEM_read_RSAPublicKey
-#define PEM_read_RSAPublicKey wolfSSL_PEM_read_RSAPublicKey
-#define PEM_read_PUBKEY wolfSSL_PEM_read_PUBKEY
-#define PEM_write_EC_PUBKEY wolfSSL_PEM_write_EC_PUBKEY
-#define PEM_write_ECPrivateKey wolfSSL_PEM_write_ECPrivateKey
-#define EVP_PKEY_type wolfSSL_EVP_PKEY_type
+#define PEM_write_DSAPrivateKey     wolfSSL_PEM_write_DSAPrivateKey
+#define PEM_write_DSA_PUBKEY        wolfSSL_PEM_write_DSA_PUBKEY
+/* ECC */
+#define PEM_write_bio_ECPrivateKey wolfSSL_PEM_write_bio_ECPrivateKey
+#define PEM_write_EC_PUBKEY        wolfSSL_PEM_write_EC_PUBKEY
+#define PEM_write_ECPrivateKey     wolfSSL_PEM_write_ECPrivateKey
+/* EVP_KEY */
+#define PEM_read_bio_PrivateKey wolfSSL_PEM_read_bio_PrivateKey
+#define PEM_read_PUBKEY         wolfSSL_PEM_read_PUBKEY
+#define EVP_PKEY_type           wolfSSL_EVP_PKEY_type
 
 #ifdef __cplusplus
     }  /* extern "C" */ 
 #endif
 
-
 #endif /* WOLFSSL_PEM_H_ */
 
diff --git a/wolfssl/wolfcrypt/aes.h b/wolfssl/wolfcrypt/aes.h
index a94ad0801..d99558cbb 100644
--- a/wolfssl/wolfcrypt/aes.h
+++ b/wolfssl/wolfcrypt/aes.h
@@ -126,17 +126,24 @@ typedef struct Gmac {
 #endif /* HAVE_AESGCM */
 #endif /* HAVE_FIPS */
 
- WOLFSSL_API int  wc_AesSetKey(Aes* aes, const byte* key, word32 len, const byte* iv,
-                          int dir);
- WOLFSSL_API int  wc_AesSetIV(Aes* aes, const byte* iv);
- WOLFSSL_API int  wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz);
- WOLFSSL_API int  wc_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz);
- WOLFSSL_API int  wc_AesCbcDecryptWithKey(byte* out, const byte* in, word32 inSz,
-                                 const byte* key, word32 keySz, const byte* iv);
+WOLFSSL_API int  wc_AesSetKey(Aes* aes, const byte* key, word32 len,
+                              const byte* iv, int dir);
+WOLFSSL_API int  wc_AesSetIV(Aes* aes, const byte* iv);
+WOLFSSL_API int  wc_AesCbcEncrypt(Aes* aes, byte* out,
+                                  const byte* in, word32 sz);
+WOLFSSL_API int  wc_AesCbcDecrypt(Aes* aes, byte* out,
+                                  const byte* in, word32 sz);
+WOLFSSL_API int  wc_AesCbcEncryptWithKey(byte* out, const byte* in, word32 inSz,
+                                          const byte* key, word32 keySz,
+                                          const byte* iv);
+WOLFSSL_API int  wc_AesCbcDecryptWithKey(byte* out, const byte* in, word32 inSz,
+                                         const byte* key, word32 keySz,
+                                         const byte* iv);
 
 /* AES-CTR */
 #ifdef WOLFSSL_AES_COUNTER
- WOLFSSL_API void wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz);
+ WOLFSSL_API void wc_AesCtrEncrypt(Aes* aes, byte* out,
+                                   const byte* in, word32 sz);
 #endif
 /* AES-DIRECT */
 #if defined(WOLFSSL_AES_DIRECT)
@@ -147,30 +154,34 @@ typedef struct Gmac {
 #endif
 #ifdef HAVE_AESGCM
  WOLFSSL_API int  wc_AesGcmSetKey(Aes* aes, const byte* key, word32 len);
- WOLFSSL_API int  wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
-                              const byte* iv, word32 ivSz,
-                              byte* authTag, word32 authTagSz,
-                              const byte* authIn, word32 authInSz);
- WOLFSSL_API int  wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
-                              const byte* iv, word32 ivSz,
-                              const byte* authTag, word32 authTagSz,
-                              const byte* authIn, word32 authInSz);
+ WOLFSSL_API int  wc_AesGcmEncrypt(Aes* aes, byte* out,
+                                   const byte* in, word32 sz,
+                                   const byte* iv, word32 ivSz,
+                                   byte* authTag, word32 authTagSz,
+                                   const byte* authIn, word32 authInSz);
+ WOLFSSL_API int  wc_AesGcmDecrypt(Aes* aes, byte* out,
+                                   const byte* in, word32 sz,
+                                   const byte* iv, word32 ivSz,
+                                   const byte* authTag, word32 authTagSz,
+                                   const byte* authIn, word32 authInSz);
 
  WOLFSSL_API int wc_GmacSetKey(Gmac* gmac, const byte* key, word32 len);
  WOLFSSL_API int wc_GmacUpdate(Gmac* gmac, const byte* iv, word32 ivSz,
-                              const byte* authIn, word32 authInSz,
-                              byte* authTag, word32 authTagSz);
+                               const byte* authIn, word32 authInSz,
+                               byte* authTag, word32 authTagSz);
 #endif /* HAVE_AESGCM */
 #ifdef HAVE_AESCCM
  WOLFSSL_API void wc_AesCcmSetKey(Aes* aes, const byte* key, word32 keySz);
- WOLFSSL_API void wc_AesCcmEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
-                              const byte* nonce, word32 nonceSz,
-                              byte* authTag, word32 authTagSz,
-                              const byte* authIn, word32 authInSz);
- WOLFSSL_API int  wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
-                              const byte* nonce, word32 nonceSz,
-                              const byte* authTag, word32 authTagSz,
-                              const byte* authIn, word32 authInSz);
+ WOLFSSL_API void wc_AesCcmEncrypt(Aes* aes, byte* out,
+                                   const byte* in, word32 inSz,
+                                   const byte* nonce, word32 nonceSz,
+                                   byte* authTag, word32 authTagSz,
+                                   const byte* authIn, word32 authInSz);
+ WOLFSSL_API int  wc_AesCcmDecrypt(Aes* aes, byte* out,
+                                   const byte* in, word32 inSz,
+                                   const byte* nonce, word32 nonceSz,
+                                   const byte* authTag, word32 authTagSz,
+                                   const byte* authIn, word32 authInSz);
 #endif /* HAVE_AESCCM */
 
 #ifdef HAVE_CAVIUM
diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h
index 824ea019b..311cad852 100644
--- a/wolfssl/wolfcrypt/asn.h
+++ b/wolfssl/wolfcrypt/asn.h
@@ -182,8 +182,9 @@ enum Misc_ASN {
     MAX_OCSP_EXT_SZ     = 58,      /* Max OCSP Extension length */
     MAX_OCSP_NONCE_SZ   = 18,      /* OCSP Nonce size           */
     EIGHTK_BUF          = 8192,    /* Tmp buffer size           */
-    MAX_PUBLIC_KEY_SZ   = MAX_NTRU_ENC_SZ + MAX_ALGO_SZ + MAX_SEQ_SZ * 2
+    MAX_PUBLIC_KEY_SZ   = MAX_NTRU_ENC_SZ + MAX_ALGO_SZ + MAX_SEQ_SZ * 2,
                                    /* use bigger NTRU size */
+    HEADER_ENCRYPTED_KEY_SIZE = 88 /* Extra header size for encrypted key */
 };
 
 
@@ -476,6 +477,24 @@ struct DecodedCert {
 #endif /* WOLFSSL_SEP */
 };
 
+extern const char* BEGIN_CERT;
+extern const char* END_CERT;
+extern const char* BEGIN_CERT_REQ;
+extern const char* END_CERT_REQ;
+extern const char* BEGIN_DH_PARAM;
+extern const char* END_DH_PARAM;
+extern const char* BEGIN_X509_CRL;
+extern const char* END_X509_CRL;
+extern const char* BEGIN_RSA_PRIV;
+extern const char* END_RSA_PRIV;
+extern const char* BEGIN_PRIV_KEY;
+extern const char* END_PRIV_KEY;
+extern const char* BEGIN_ENC_PRIV_KEY;
+extern const char* END_ENC_PRIV_KEY;
+extern const char* BEGIN_EC_PRIV;
+extern const char* END_EC_PRIV;
+extern const char* BEGIN_DSA_PRIV;
+extern const char* END_DSA_PRIV;
 
 #ifdef NO_SHA
     #define SIGNER_DIGEST_SIZE SHA256_DIGEST_SIZE
diff --git a/wolfssl/wolfcrypt/asn_public.h b/wolfssl/wolfcrypt/asn_public.h
index 223cea9be..cf5c5bc66 100644
--- a/wolfssl/wolfcrypt/asn_public.h
+++ b/wolfssl/wolfcrypt/asn_public.h
@@ -43,6 +43,7 @@ enum CertType {
     CRL_TYPE,
     CA_TYPE,
     ECC_PRIVATEKEY_TYPE,
+    DSA_PRIVATEKEY_TYPE,
     CERTREQ_TYPE,
     DSA_TYPE,
     ECC_TYPE,
@@ -177,7 +178,7 @@ WOLFSSL_API int  wc_SetDatesBuffer(Cert*, const byte*, int);
 
 #if defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN) || !defined(NO_DSA)
     WOLFSSL_API int wc_DerToPem(const byte* der, word32 derSz, byte* output,
-                            word32 outputSz, int type);
+                            word32 outputSz, byte *cipherIno, int type);
 #endif
 
 #ifdef HAVE_ECC
diff --git a/wolfssl/wolfcrypt/coding.h b/wolfssl/wolfcrypt/coding.h
index 286e437a4..e7b482379 100644
--- a/wolfssl/wolfcrypt/coding.h
+++ b/wolfssl/wolfcrypt/coding.h
@@ -53,6 +53,8 @@ WOLFSSL_API int Base64_Decode(const byte* in, word32 inLen, byte* out,
 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || defined(HAVE_FIPS)
     WOLFSSL_API
     int Base16_Decode(const byte* in, word32 inLen, byte* out, word32* outLen);
+    WOLFSSL_API
+    int Base16_Encode(const byte* in, word32 inLen, byte* out, word32* outLen);
 #endif
 
 
diff --git a/wolfssl/wolfcrypt/des3.h b/wolfssl/wolfcrypt/des3.h
index c17884968..c0d9394a2 100644
--- a/wolfssl/wolfcrypt/des3.h
+++ b/wolfssl/wolfcrypt/des3.h
@@ -83,21 +83,35 @@ typedef struct Des3 {
 } Des3;
 #endif /* HAVE_FIPS */
 
-WOLFSSL_API int  wc_Des_SetKey(Des* des, const byte* key, const byte* iv, int dir);
+WOLFSSL_API int  wc_Des_SetKey(Des* des, const byte* key,
+                               const byte* iv, int dir);
 WOLFSSL_API void wc_Des_SetIV(Des* des, const byte* iv);
-WOLFSSL_API int  wc_Des_CbcEncrypt(Des* des, byte* out, const byte* in, word32 sz);
-WOLFSSL_API int  wc_Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 sz);
-WOLFSSL_API int  wc_Des_EcbEncrypt(Des* des, byte* out, const byte* in, word32 sz);
-WOLFSSL_API int  wc_Des_CbcDecryptWithKey(byte* out, const byte* in, word32 sz,
-                                               const byte* key, const byte* iv);
+WOLFSSL_API int  wc_Des_CbcEncrypt(Des* des, byte* out,
+                                   const byte* in, word32 sz);
+WOLFSSL_API int  wc_Des_CbcDecrypt(Des* des, byte* out,
+                                   const byte* in, word32 sz);
+WOLFSSL_API int  wc_Des_EcbEncrypt(Des* des, byte* out,
+                                   const byte* in, word32 sz);
+WOLFSSL_API int  wc_Des_CbcDecryptWithKey(byte* out,
+                                          const byte* in, word32 sz,
+                                          const byte* key, const byte* iv);
+WOLFSSL_API int  wc_Des_CbcEncryptWithKey(byte* out,
+                                          const byte* in, word32 sz,
+                                          const byte* key, const byte* iv);
 
-WOLFSSL_API int  wc_Des3_SetKey(Des3* des, const byte* key, const byte* iv,int dir);
+WOLFSSL_API int  wc_Des3_SetKey(Des3* des, const byte* key,
+                                const byte* iv,int dir);
 WOLFSSL_API int  wc_Des3_SetIV(Des3* des, const byte* iv);
-WOLFSSL_API int  wc_Des3_CbcEncrypt(Des3* des, byte* out, const byte* in,word32 sz);
-WOLFSSL_API int  wc_Des3_CbcDecrypt(Des3* des, byte* out, const byte* in,word32 sz);
-WOLFSSL_API int  wc_Des3_CbcDecryptWithKey(byte* out, const byte* in, word32 sz,
-                                               const byte* key, const byte* iv);
-
+WOLFSSL_API int  wc_Des3_CbcEncrypt(Des3* des, byte* out,
+                                    const byte* in,word32 sz);
+WOLFSSL_API int  wc_Des3_CbcDecrypt(Des3* des, byte* out,
+                                    const byte* in,word32 sz);
+WOLFSSL_API int  wc_Des3_CbcEncryptWithKey(byte* out,
+                                           const byte* in, word32 sz,
+                                           const byte* key, const byte* iv);
+WOLFSSL_API int  wc_Des3_CbcDecryptWithKey(byte* out,
+                                           const byte* in, word32 sz,
+                                           const byte* key, const byte* iv);
 
 #ifdef HAVE_CAVIUM
     WOLFSSL_API int  wc_Des3_InitCavium(Des3*, int);
diff --git a/wolfssl/wolfcrypt/dsa.h b/wolfssl/wolfcrypt/dsa.h
index 8da15cf31..115c18c6e 100644
--- a/wolfssl/wolfcrypt/dsa.h
+++ b/wolfssl/wolfcrypt/dsa.h
@@ -66,6 +66,11 @@ WOLFSSL_API int wc_DsaPrivateKeyDecode(const byte* input, word32* inOutIdx,
                                        DsaKey*, word32);
 WOLFSSL_API int wc_DsaKeyToDer(DsaKey* key, byte* output, word32 inLen);
 
+#ifdef WOLFSSL_KEY_GEN
+WOLFSSL_API int wc_MakeDsaKey(RNG *rng, DsaKey *dsa);
+WOLFSSL_API int wc_MakeDsaParameters(RNG *rng, int modulus_size, DsaKey *dsa);
+#endif
+
 #ifdef __cplusplus
     } /* extern "C" */
 #endif
diff --git a/wolfssl/wolfcrypt/ecc.h b/wolfssl/wolfcrypt/ecc.h
index 9908ff9e8..01ad398b8 100644
--- a/wolfssl/wolfcrypt/ecc.h
+++ b/wolfssl/wolfcrypt/ecc.h
@@ -84,7 +84,7 @@ typedef struct {
  */
 
 #ifndef FP_MAX_BITS_ECC
-    #define FP_MAX_BITS_ECC           512
+    #define FP_MAX_BITS_ECC           528
 #endif
 #define FP_MAX_SIZE_ECC           (FP_MAX_BITS_ECC+(8*DIGIT_BIT))
 #if FP_MAX_BITS_ECC % CHAR_BIT
@@ -163,17 +163,20 @@ WOLFSSL_API
 void wc_ecc_fp_free(void);
 
 WOLFSSL_API
-ecc_point* ecc_new_point(void);
+ecc_point* wc_ecc_new_point(void);
 WOLFSSL_API
-void ecc_del_point(ecc_point* p);
+void wc_ecc_del_point(ecc_point* p);
 WOLFSSL_API
-int ecc_copy_point(ecc_point* p, ecc_point *r);
+int wc_ecc_copy_point(ecc_point* p, ecc_point *r);
 WOLFSSL_API
-int ecc_cmp_point(ecc_point* a, ecc_point *b);
+int wc_ecc_cmp_point(ecc_point* a, ecc_point *b);
 WOLFSSL_API
-int ecc_point_is_at_infinity(ecc_point *p);
+int wc_ecc_point_is_at_infinity(ecc_point *p);
 WOLFSSL_API
-int ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R, mp_int* modulus, int map);
+int wc_ecc_is_valid_idx(int n);
+WOLFSSL_API
+int wc_ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R,
+                  mp_int* modulus, int map);
 
 /* ASN key helpers */
 WOLFSSL_API
diff --git a/wolfssl/wolfcrypt/integer.h b/wolfssl/wolfcrypt/integer.h
index bd7da60d9..8e43a395b 100644
--- a/wolfssl/wolfcrypt/integer.h
+++ b/wolfssl/wolfcrypt/integer.h
@@ -36,6 +36,8 @@
     #include <wolfssl/wolfcrypt/tfm.h>
 #else
 
+#include <wolfssl/wolfcrypt/random.h> 
+
 #ifndef CHAR_BIT
     #include <limits.h>
 #endif
@@ -313,6 +315,7 @@ int mp_radix_size (mp_int * a, int radix, int *size);
     int mp_prime_is_prime (mp_int * a, int t, int *result);
     int mp_gcd (mp_int * a, mp_int * b, mp_int * c);
     int mp_lcm (mp_int * a, mp_int * b, mp_int * c);
+    int mp_rand_prime(mp_int* N, int len, RNG* rng, void* heap);
 #endif
 
 int mp_cnt_lsb(mp_int *a);
diff --git a/wolfssl/wolfcrypt/rsa.h b/wolfssl/wolfcrypt/rsa.h
index 5441535eb..1f12df941 100644
--- a/wolfssl/wolfcrypt/rsa.h
+++ b/wolfssl/wolfcrypt/rsa.h
@@ -46,9 +46,23 @@
 
 enum {
     RSA_PUBLIC   = 0,
-    RSA_PRIVATE  = 1
+    RSA_PRIVATE  = 1,
+
+    RSA_PUBLIC_ENCRYPT  = 0,
+    RSA_PUBLIC_DECRYPT  = 1,
+    RSA_PRIVATE_ENCRYPT = 2,
+    RSA_PRIVATE_DECRYPT = 3,
+
+    RSA_BLOCK_TYPE_1 = 1,
+    RSA_BLOCK_TYPE_2 = 2,
+
+    RSA_MIN_SIZE = 512,
+    RSA_MAX_SIZE = 4096,
+    
+    RSA_MIN_PAD_SZ   = 11      /* seperator + 0 + pad value + 8 pads */
 };
 
+
 /* RSA */
 typedef struct RsaKey {
     mp_int n, e, d, p, q, dP, dQ, u;
diff --git a/wolfssl/wolfcrypt/tfm.h b/wolfssl/wolfcrypt/tfm.h
index 50e9712e7..782dc7046 100644
--- a/wolfssl/wolfcrypt/tfm.h
+++ b/wolfssl/wolfcrypt/tfm.h
@@ -40,6 +40,7 @@
     #include <limits.h>
 #endif
 
+#include <wolfssl/wolfcrypt/random.h> 
 
 #ifdef __cplusplus
     extern "C" {
@@ -377,6 +378,8 @@ void fp_set(fp_int *a, fp_digit b);
 
 /* check if a bit is set */
 int fp_is_bit_set(fp_int *a, fp_digit b);
+/* set the b bit to 1 */
+int fp_set_bit (fp_int * a, fp_digit b);
 
 /* copy from a to b */
 #ifndef ALT_ECC_SIZE
@@ -651,6 +654,7 @@ void fp_sqr_comba64(fp_int *a, fp_int *b);
     #define MP_EQ   FP_EQ   /* equal to     */
     #define MP_GT   FP_GT   /* greater than */
     #define MP_VAL  FP_VAL  /* invalid */
+    #define MP_MEM  FP_MEM  /* memory error */
 	#define MP_NOT_INF FP_NOT_INF /* point not at infinity */
     #define MP_OKAY FP_OKAY /* ok result    */
     #define MP_NO   FP_NO   /* yes/no result */
@@ -688,8 +692,9 @@ int  mp_isodd(mp_int* a);
 int  mp_iszero(mp_int* a);
 int  mp_count_bits(mp_int *a);
 int  mp_leading_bit(mp_int *a);
-int  mp_set_int(fp_int *a, fp_digit b);
-int  mp_is_bit_set (fp_int * a, fp_digit b);
+int  mp_set_int(mp_int *a, mp_digit b);
+int  mp_is_bit_set (mp_int * a, mp_digit b);
+int  mp_set_bit (mp_int * a, mp_digit b);
 void mp_rshb(mp_int *a, int x);
 int mp_toradix (mp_int *a, char *str, int radix);
 int mp_radix_size (mp_int * a, int radix, int *size);
@@ -713,6 +718,8 @@ int mp_radix_size (mp_int * a, int radix, int *size);
 int  mp_gcd(fp_int *a, fp_int *b, fp_int *c);
 int  mp_lcm(fp_int *a, fp_int *b, fp_int *c);
 int  mp_prime_is_prime(mp_int* a, int t, int* result);
+int  mp_rand_prime(mp_int* N, int len, RNG* rng, void* heap);
+int  mp_exch(mp_int *a, mp_int *b);
 #endif /* WOLFSSL_KEY_GEN */
 
 int  mp_cnt_lsb(fp_int *a);

From d2de4719eb088b0caf7f5bd8afb5934b3f207480 Mon Sep 17 00:00:00 2001
From: kaleb-himes <kaleb@wolfssl.com>
Date: Wed, 22 Jul 2015 09:31:23 -0600
Subject: [PATCH 225/350] added way to gen revoked without running renewcerts

---
 certs/crl/gencrls.sh          |  25 +++++
 certs/gen_revoked.sh          |  18 ++++
 certs/gen_revoked_certs.sh    |  18 ----
 certs/renewcerts.sh           |  18 +---
 certs/server-revoked-cert.pem | 131 ++++++++++++-------------
 certs/server-revoked.pem      | 173 ----------------------------------
 6 files changed, 110 insertions(+), 273 deletions(-)
 create mode 100755 certs/gen_revoked.sh
 delete mode 100755 certs/gen_revoked_certs.sh
 delete mode 100644 certs/server-revoked.pem

diff --git a/certs/crl/gencrls.sh b/certs/crl/gencrls.sh
index a84c82510..f5c2a435b 100755
--- a/certs/crl/gencrls.sh
+++ b/certs/crl/gencrls.sh
@@ -2,7 +2,20 @@
 
 # gencrls, crl config already done, see taoCerts.txt for setup
 
+function setup_files() {
+    #set up the file system for updating the crls
+    echo "setting up the file system for generating the crls..."
+    echo ""
+    touch ./index.txt
+    touch ./crlnumber
+    echo "01" >> crlnumber
+    touch ./blank.index.txt
+    mkdir demoCA
+    touch ./demoCA/index.txt
+}
 
+#setup the files
+setup_files
 
 # caCrl
 # revoke server-revoked-cert.pem
@@ -58,3 +71,15 @@ mv tmp eccSrvCRL.pem
 # install (only needed if working outside wolfssl)
 #cp eccSrvCRL.pem ~/wolfssl/certs/crl/eccSrvCRL.pem
 
+exit 0
+
+function cleanup_files() {
+    rm blank.index.txt
+    rm index.*
+    rm crlnumber*
+    rm -r demoCA
+    echo "Removed ../wolfssl.cnf, blank.index.txt, index.*, crlnumber*, demoCA/"
+    echo ""
+    exit 0
+}
+trap cleanup_files EXIT
diff --git a/certs/gen_revoked.sh b/certs/gen_revoked.sh
new file mode 100755
index 000000000..e42073d70
--- /dev/null
+++ b/certs/gen_revoked.sh
@@ -0,0 +1,18 @@
+    ###########################################################
+    ########## update and sign server-revoked-key.pem ################
+    ###########################################################
+    echo "Updating server-revoked-cert.pem"
+    echo ""
+    #pipe the following arguments to openssl req...
+    echo -e "US\nMontana\nBozeman\nwolfSSL\nSupport\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key server-revoked-key.pem -nodes > server-revoked-req.pem
+
+    openssl x509 -req -in server-revoked-req.pem -extfile wolfssl.cnf -extensions wolfssl_opts -days 1000 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 02 > server-revoked-cert.pem
+
+    rm server-revoked-req.pem
+
+    openssl x509 -in ca-cert.pem -text > ca_tmp.pem
+    openssl x509 -in server-revoked-cert.pem -text > srv_tmp.pem
+    mv srv_tmp.pem server-revoked-cert.pem
+    cat ca_tmp.pem >> server-revoked-cert.pem
+    rm ca_tmp.pem
+
diff --git a/certs/gen_revoked_certs.sh b/certs/gen_revoked_certs.sh
deleted file mode 100755
index 619b225bc..000000000
--- a/certs/gen_revoked_certs.sh
+++ /dev/null
@@ -1,18 +0,0 @@
-    ###########################################################
-    ########## update and sign server-cert.pem ################
-    ###########################################################
-    echo "Updating server-cert.pem"
-    echo ""
-    #pipe the following arguments to openssl req...
-    echo -e "US\nMontana\nBozeman\nwolfSSL\nSupport\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key server-key.pem -nodes > server-req.pem
-
-    openssl x509 -req -in server-req.pem -extfile renewcerts/wolfssl.cnf -extensions wolfssl_opts -days 1000 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > server-revoked.pem
-
-    rm server-req.pem
-
-    openssl x509 -in ca-cert.pem -text > ca_tmp.pem
-    openssl x509 -in server-revoked.pem -text > srv_tmp.pem
-    mv srv_tmp.pem server-revoked.pem
-    cat ca_tmp.pem >> server-revoked.pem
-    rm ca_tmp.pem
-
diff --git a/certs/renewcerts.sh b/certs/renewcerts.sh
index 493998b90..c163dcab9 100755
--- a/certs/renewcerts.sh
+++ b/certs/renewcerts.sh
@@ -99,7 +99,7 @@ function run_renewcerts(){
     cat ca_tmp.pem >> server-cert.pem
     rm ca_tmp.pem
     ###########################################################
-    ########## update and sign server-revoked-key.pem ################
+    ########## update and sign server-revoked-key.pem #########
     ###########################################################
     echo "Updating server-revoked-cert.pem"
     echo ""
@@ -198,16 +198,6 @@ function run_renewcerts(){
     echo "We are back in the certs directory"
     echo ""
 
-    #set up the file system for updating the crls
-    echo "setting up the file system for generating the crls..."
-    echo ""
-    touch crl/index.txt
-    touch crl/crlnumber
-    echo "01" >> crl/crlnumber
-    touch crl/blank.index.txt
-    mkdir crl/demoCA
-    touch crl/demoCA/index.txt
-
     echo "Updating the crls..."
     echo ""
     cd crl
@@ -222,12 +212,6 @@ function run_renewcerts(){
     echo ""
 
     rm ../wolfssl.cnf
-    rm blank.index.txt
-    rm index.*
-    rm crlnumber*
-    rm -r demoCA
-    echo "Removed ../wolfssl.cnf, blank.index.txt, index.*, crlnumber*, demoCA/"
-    echo ""
 
 }
 
diff --git a/certs/server-revoked-cert.pem b/certs/server-revoked-cert.pem
index f1a84b26b..e3dfb27c7 100644
--- a/certs/server-revoked-cert.pem
+++ b/certs/server-revoked-cert.pem
@@ -2,16 +2,16 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number: 2 (0x2)
-    Signature Algorithm: sha256WithRSAEncryption
+        Signature Algorithm: sha1WithRSAEncryption
         Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
         Validity
-            Not Before: Jul 21 22:43:25 2015 GMT
-            Not After : Apr 16 22:43:25 2018 GMT
+            Not Before: Jul 22 15:23:38 2015 GMT
+            Not After : Apr 17 15:23:38 2018 GMT
         Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL, OU=Support, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                Public-Key: (2048 bit)
-                Modulus:
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
                     00:b0:14:16:3a:43:dd:e1:50:45:4f:cf:80:b3:dd:
                     66:96:c7:e9:f4:dc:de:b6:6b:24:1b:76:48:ac:c6:
                     23:a5:a7:e4:05:19:bd:b7:f6:de:fa:ff:ed:5b:3c:
@@ -37,34 +37,34 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:91:68:6B:F0:94:88:41:A2
+                serial:D9:80:3A:C3:D2:F4:DA:37
 
             X509v3 Basic Constraints: 
                 CA:TRUE
-    Signature Algorithm: sha256WithRSAEncryption
-         21:34:8d:f0:1c:89:16:18:69:b6:5a:6a:c5:56:b0:94:24:19:
-         80:52:df:54:1c:2e:63:2a:77:e2:52:76:7c:2c:d8:42:9f:13:
-         be:26:ab:d1:48:1c:52:91:df:33:57:aa:c9:5e:8e:bd:e3:1b:
-         1b:6d:97:26:e8:35:7c:06:e2:11:d2:ff:91:63:53:09:dc:62:
-         fa:57:9e:75:69:3d:a8:b9:3b:6e:52:b9:c8:93:f1:79:ef:4b:
-         7f:71:26:ab:e4:30:a5:bd:d3:9b:79:f5:f0:05:3f:f5:66:92:
-         c3:e2:3f:b6:08:bc:f5:58:77:34:4d:6e:cf:66:2a:b3:7c:e3:
-         ea:15:b7:92:e2:74:b6:39:44:9e:c5:ea:e5:21:70:a0:47:fc:
-         20:7d:79:0a:a0:a8:3c:51:c6:2d:5f:a3:be:b4:e2:ba:52:27:
-         7c:8f:79:b6:ae:b3:e2:4c:35:85:69:cd:d5:3b:ac:2d:1b:e1:
-         f9:15:97:9a:a3:94:3f:70:50:62:49:b5:52:61:f8:cf:31:2b:
-         fb:83:b9:df:20:55:8d:73:ea:26:eb:a4:ed:11:9e:52:0f:04:
-         40:4d:94:0a:dc:62:f3:3b:88:e2:4d:eb:bd:a2:27:25:a8:63:
-         54:f7:52:e3:47:59:a1:bc:f7:7f:81:16:ec:86:79:9b:73:f6:
-         96:ec:16:62
+    Signature Algorithm: sha1WithRSAEncryption
+        9e:cf:e7:a7:b3:0d:40:4c:c1:ec:ad:8d:c4:5e:8c:91:b0:f3:
+        8e:12:03:0d:6d:aa:6d:28:ac:2d:77:05:59:a7:e0:68:fd:90:
+        17:e2:0e:6c:f0:26:21:85:c2:2b:21:5b:61:c2:70:4d:1e:dc:
+        58:e8:bf:5c:d0:81:10:61:5a:03:8e:37:b4:5a:7b:71:1c:d1:
+        c6:dd:aa:8f:a3:7b:83:90:d1:8c:a4:ff:f5:b3:87:00:d0:f4:
+        b6:ee:26:ca:58:f2:f8:b3:c1:a0:4c:73:cd:8f:33:d8:75:e6:
+        47:88:36:36:98:39:ac:22:75:b6:69:73:ce:c4:1a:40:c2:e7:
+        f1:da:9c:a2:b7:fb:08:d8:8a:da:4d:f4:26:2b:15:89:c9:cb:
+        ad:a8:56:c7:fb:e0:2d:f5:95:f5:89:24:02:f1:32:c2:dd:33:
+        e3:d5:33:65:7c:58:95:82:4f:52:dc:f2:68:83:0b:a8:f4:68:
+        f7:06:b8:6e:04:30:86:b2:ab:01:ff:bf:66:57:41:77:b9:e7:
+        ea:af:0d:44:c6:1a:cb:d6:65:f2:f2:4d:2a:ff:19:25:60:f2:
+        bb:39:c2:96:2a:40:b8:6c:c8:24:c5:1b:dd:43:f0:35:65:80:
+        02:86:54:da:f9:36:29:75:46:ff:c5:c3:ee:ff:ea:84:6c:ab:
+        bd:88:ab:b1
 -----BEGIN CERTIFICATE-----
-MIIEnjCCA4agAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx
+MIIEnjCCA4agAwIBAgIBAjANBgkqhkiG9w0BAQUFADCBlDELMAkGA1UEBhMCVVMx
 EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh
 d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz
-bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUwNzIx
-MjI0MzI1WhcNMTgwNDE2MjI0MzI1WjCBkDELMAkGA1UEBhMCVVMxEDAOBgNVBAgM
-B01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xEDAOBgNVBAoMB3dvbGZTU0wxEDAO
-BgNVBAsMB1N1cHBvcnQxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqG
+bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUwNzIy
+MTUyMzM4WhcNMTgwNDE3MTUyMzM4WjCBkDELMAkGA1UEBhMCVVMxEDAOBgNVBAgT
+B01vbnRhbmExEDAOBgNVBAcTB0JvemVtYW4xEDAOBgNVBAoTB3dvbGZTU0wxEDAO
+BgNVBAsTB1N1cHBvcnQxGDAWBgNVBAMTD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqG
 SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
 ADCCAQoCggEBALAUFjpD3eFQRU/PgLPdZpbH6fTc3rZrJBt2SKzGI6Wn5AUZvbf2
 3vr/7Vs8eYqp1fH768ix5LKrUnKJkyJcus2KNios0UDsqGYOw3bN57OjCh7dSgeC
@@ -76,28 +76,29 @@ Rly6tktIsRiaaLNjR/2vEl8v/hDLWCszaIUCAwEAAaOB/DCB+TAdBgNVHQ4EFgQU
 s6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5h
 MRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290aDETMBEGA1UECwwK
 Q29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcN
-AQkBFhBpbmZvQHdvbGZzc2wuY29tggkAkWhr8JSIQaIwDAYDVR0TBAUwAwEB/zAN
-BgkqhkiG9w0BAQsFAAOCAQEAITSN8ByJFhhptlpqxVawlCQZgFLfVBwuYyp34lJ2
-fCzYQp8Tviar0UgcUpHfM1eqyV6OveMbG22XJug1fAbiEdL/kWNTCdxi+leedWk9
-qLk7blK5yJPxee9Lf3Emq+Qwpb3Tm3n18AU/9WaSw+I/tgi89Vh3NE1uz2Yqs3zj
-6hW3kuJ0tjlEnsXq5SFwoEf8IH15CqCoPFHGLV+jvrTiulInfI95tq6z4kw1hWnN
-1TusLRvh+RWXmqOUP3BQYkm1UmH4zzEr+4O53yBVjXPqJuuk7RGeUg8EQE2UCtxi
-8zuI4k3rvaInJahjVPdS40dZobz3f4EW7IZ5m3P2luwWYg==
+AQkBFhBpbmZvQHdvbGZzc2wuY29tggkA2YA6w9L02jcwDAYDVR0TBAUwAwEB/zAN
+BgkqhkiG9w0BAQUFAAOCAQEAns/np7MNQEzB7K2NxF6MkbDzjhIDDW2qbSisLXcF
+WafgaP2QF+IObPAmIYXCKyFbYcJwTR7cWOi/XNCBEGFaA443tFp7cRzRxt2qj6N7
+g5DRjKT/9bOHAND0tu4myljy+LPBoExzzY8z2HXmR4g2Npg5rCJ1tmlzzsQaQMLn
+8dqcorf7CNiK2k30JisVicnLrahWx/vgLfWV9YkkAvEywt0z49UzZXxYlYJPUtzy
+aIMLqPRo9wa4bgQwhrKrAf+/ZldBd7nn6q8NRMYay9Zl8vJNKv8ZJWDyuznClipA
+uGzIJMUb3UPwNWWAAoZU2vk2KXVG/8XD7v/qhGyrvYirsQ==
 -----END CERTIFICATE-----
 Certificate:
     Data:
         Version: 3 (0x2)
-        Serial Number: 10477743214105739682 (0x91686bf0948841a2)
-    Signature Algorithm: sha256WithRSAEncryption
+        Serial Number:
+            d9:80:3a:c3:d2:f4:da:37
+        Signature Algorithm: sha256WithRSAEncryption
         Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
         Validity
-            Not Before: Jul 21 22:43:25 2015 GMT
-            Not After : Apr 16 22:43:25 2018 GMT
+            Not Before: May  7 18:21:01 2015 GMT
+            Not After : Jan 31 18:21:01 2018 GMT
         Subject: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                Public-Key: (2048 bit)
-                Modulus:
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
                     00:bf:0c:ca:2d:14:b2:1e:84:42:5b:cd:38:1f:4a:
                     f2:4d:75:10:f1:b6:35:9f:df:ca:7d:03:98:d3:ac:
                     de:03:66:ee:2a:f1:d8:b0:7d:6e:07:54:0b:10:98:
@@ -123,32 +124,32 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:91:68:6B:F0:94:88:41:A2
+                serial:D9:80:3A:C3:D2:F4:DA:37
 
             X509v3 Basic Constraints: 
                 CA:TRUE
     Signature Algorithm: sha256WithRSAEncryption
-         a0:e4:8f:5e:79:82:10:b4:58:d1:67:5e:cb:d0:7a:b5:f6:be:
-         9c:27:f3:c7:61:78:44:58:06:ff:09:fb:e6:08:f0:34:55:dd:
-         6a:77:92:1a:7b:ef:b8:ed:db:9f:14:f8:b8:af:e9:3e:60:ba:
-         90:90:4c:ef:60:01:5e:76:01:64:f0:e5:19:2f:0b:f4:89:a0:
-         65:fc:d2:28:3c:ff:7c:ea:07:39:6f:bf:56:c2:52:bd:5b:64:
-         21:87:39:75:6e:8f:62:b7:6e:18:e9:5c:4d:f3:16:c8:7a:4e:
-         d2:d3:d3:55:c0:63:84:18:83:6c:2a:18:a6:ca:d6:02:d6:29:
-         88:2a:f7:69:f0:0f:f1:dc:40:ad:88:2f:f6:ab:03:c2:a6:04:
-         7e:bf:12:1e:19:c9:fe:d3:c6:13:23:10:9a:f0:76:7e:d1:89:
-         b1:52:5c:17:06:2f:37:13:25:97:da:67:43:0d:e4:c7:d7:1c:
-         a3:7e:f8:59:97:fa:c2:12:17:07:95:09:ad:fa:a9:23:29:77:
-         f0:3d:29:e0:0c:77:a8:ca:db:e3:fa:b4:5a:7d:a7:92:3b:cb:
-         95:c2:aa:36:ec:ff:f2:a3:b0:32:b8:1e:26:96:76:07:cd:10:
-         04:8b:d4:5a:14:63:10:dd:2a:51:80:b2:2a:ba:0a:f8:51:47:
-         92:a4:21:04
+        7a:af:44:3b:aa:6f:53:42:b2:33:aa:43:5f:56:30:d3:b9:96:
+        0b:9a:55:5a:39:2a:0b:4e:e4:2e:f1:95:66:c9:86:36:82:8d:
+        63:7c:4d:a2:ee:48:ba:03:c7:90:d7:a7:c6:74:60:48:5f:31:
+        a2:f9:5e:3e:c3:82:e1:e5:2f:41:81:83:29:25:79:d1:53:00:
+        69:3c:ed:0a:30:3b:41:1d:92:a1:2c:a8:9d:2c:e3:23:87:79:
+        e0:55:6e:91:a8:50:da:46:2f:c2:20:50:3e:2b:47:97:14:b0:
+        7d:04:ba:45:51:d0:6e:e1:5a:a2:4b:84:9c:4d:cd:85:04:f9:
+        28:31:82:93:bc:c7:59:49:91:03:e8:df:6a:e4:56:ad:6a:cb:
+        1f:0d:37:e4:5e:bd:e7:9f:d5:ec:9d:3c:18:25:9b:f1:2f:50:
+        7d:eb:31:cb:f1:63:22:9d:57:fc:f3:84:20:1a:c6:07:87:92:
+        26:9e:15:18:59:33:06:dc:fb:b0:b6:76:5d:f1:c1:2f:c8:2f:
+        62:9c:c0:d6:de:eb:65:77:f3:5c:a6:c3:88:27:96:75:b4:f4:
+        54:cd:ff:2d:21:2e:96:f0:07:73:4b:e9:93:92:90:de:62:d9:
+        a3:3b:ac:6e:24:5f:27:4a:b3:94:70:ff:30:17:e7:7e:32:8f:
+        65:b7:75:58
 -----BEGIN CERTIFICATE-----
-MIIEqjCCA5KgAwIBAgIJAJFoa/CUiEGiMA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD
+MIIEqjCCA5KgAwIBAgIJANmAOsPS9No3MA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD
 VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G
 A1UECgwIU2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3
 dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAe
-Fw0xNTA3MjEyMjQzMjVaFw0xODA0MTYyMjQzMjVaMIGUMQswCQYDVQQGEwJVUzEQ
+Fw0xNTA1MDcxODIxMDFaFw0xODAxMzExODIxMDFaMIGUMQswCQYDVQQGEwJVUzEQ
 MA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3
 dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3Ns
 LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZI
@@ -162,11 +163,11 @@ XDjNdyXvvYB1U5Q8PcpjW58VtdMdEy8Z0TzbdjrMuH3J5cLX2kBv2CHccxtCLVOc
 J45nEXTDJh0/7TNjs6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYD
 VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290
 aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t
-MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkAkWhr8JSIQaIwDAYD
-VR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAoOSPXnmCELRY0Wdey9B6tfa+
-nCfzx2F4RFgG/wn75gjwNFXdaneSGnvvuO3bnxT4uK/pPmC6kJBM72ABXnYBZPDl
-GS8L9ImgZfzSKDz/fOoHOW+/VsJSvVtkIYc5dW6PYrduGOlcTfMWyHpO0tPTVcBj
-hBiDbCoYpsrWAtYpiCr3afAP8dxArYgv9qsDwqYEfr8SHhnJ/tPGEyMQmvB2ftGJ
-sVJcFwYvNxMll9pnQw3kx9cco374WZf6whIXB5UJrfqpIyl38D0p4Ax3qMrb4/q0
-Wn2nkjvLlcKqNuz/8qOwMrgeJpZ2B80QBIvUWhRjEN0qUYCyKroK+FFHkqQhBA==
+MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkA2YA6w9L02jcwDAYD
+VR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAeq9EO6pvU0KyM6pDX1Yw07mW
+C5pVWjkqC07kLvGVZsmGNoKNY3xNou5IugPHkNenxnRgSF8xovlePsOC4eUvQYGD
+KSV50VMAaTztCjA7QR2SoSyonSzjI4d54FVukahQ2kYvwiBQPitHlxSwfQS6RVHQ
+buFaokuEnE3NhQT5KDGCk7zHWUmRA+jfauRWrWrLHw035F6955/V7J08GCWb8S9Q
+fesxy/FjIp1X/POEIBrGB4eSJp4VGFkzBtz7sLZ2XfHBL8gvYpzA1t7rZXfzXKbD
+iCeWdbT0VM3/LSEulvAHc0vpk5KQ3mLZozusbiRfJ0qzlHD/MBfnfjKPZbd1WA==
 -----END CERTIFICATE-----
diff --git a/certs/server-revoked.pem b/certs/server-revoked.pem
deleted file mode 100644
index 399ee8676..000000000
--- a/certs/server-revoked.pem
+++ /dev/null
@@ -1,173 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 1 (0x1)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-        Validity
-            Not Before: Jul 21 21:14:46 2015 GMT
-            Not After : Apr 16 21:14:46 2018 GMT
-        Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL, OU=Support, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (2048 bit)
-                Modulus (2048 bit):
-                    00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27:
-                    01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6:
-                    f6:1c:88:bc:7c:9f:fb:a8:67:7f:fe:5c:9c:51:75:
-                    f7:8a:ca:07:e7:35:2f:8f:e1:bd:7b:c0:2f:7c:ab:
-                    64:a8:17:fc:ca:5d:7b:ba:e0:21:e5:72:2e:6f:2e:
-                    86:d8:95:73:da:ac:1b:53:b9:5f:3f:d7:19:0d:25:
-                    4f:e1:63:63:51:8b:0b:64:3f:ad:43:b8:a5:1c:5c:
-                    34:b3:ae:00:a0:63:c5:f6:7f:0b:59:68:78:73:a6:
-                    8c:18:a9:02:6d:af:c3:19:01:2e:b8:10:e3:c6:cc:
-                    40:b4:69:a3:46:33:69:87:6e:c4:bb:17:a6:f3:e8:
-                    dd:ad:73:bc:7b:2f:21:b5:fd:66:51:0c:bd:54:b3:
-                    e1:6d:5f:1c:bc:23:73:d1:09:03:89:14:d2:10:b9:
-                    64:c3:2a:d0:a1:96:4a:bc:e1:d4:1a:5b:c7:a0:c0:
-                    c1:63:78:0f:44:37:30:32:96:80:32:23:95:a1:77:
-                    ba:13:d2:97:73:e2:5d:25:c9:6a:0d:c3:39:60:a4:
-                    b4:b0:69:42:42:09:e9:d8:08:bc:33:20:b3:58:22:
-                    a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f:
-                    ad:d7
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Subject Key Identifier: 
-                B3:11:32:C9:92:98:84:E2:C9:F8:D0:3B:6E:03:42:CA:1F:0E:8E:3C
-            X509v3 Authority Key Identifier: 
-                keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
-                DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:D9:80:3A:C3:D2:F4:DA:37
-
-            X509v3 Basic Constraints: 
-                CA:TRUE
-    Signature Algorithm: sha1WithRSAEncryption
-        08:2d:bc:b5:b7:d9:89:c3:7c:c3:2d:78:f8:5d:25:17:af:fe:
-        4c:ee:50:57:96:98:1d:aa:80:c2:e6:86:ed:c8:c0:fa:45:a1:
-        3d:fc:1a:26:28:36:3a:73:d6:e5:bc:9f:24:78:72:c1:33:59:
-        21:db:f4:d9:d8:af:6b:8d:0a:f1:8d:51:dd:52:d5:6f:ac:02:
-        e7:39:5d:2e:ac:8f:99:5d:96:15:fd:a9:f1:01:19:a8:29:a8:
-        9d:71:de:f8:c9:60:81:41:f3:20:75:67:20:ef:d5:37:e5:ed:
-        9d:d9:f6:87:1d:5a:6a:a7:1e:40:82:df:4f:64:6a:67:9c:a8:
-        82:ea:9f:33:fb:23:50:49:2a:90:00:c6:91:82:54:c7:a0:dc:
-        01:b6:bb:23:5a:61:48:44:8f:e7:16:26:87:04:59:32:15:72:
-        bc:ab:f5:60:b5:ca:54:13:fa:28:f7:bc:6c:c5:b8:c1:b4:12:
-        31:b6:8a:c1:ad:bf:10:db:7d:c7:02:52:e4:e4:f7:2d:74:04:
-        e4:28:2c:16:cb:b3:34:fc:c9:95:6a:3d:e9:c4:b8:5c:3f:1f:
-        ae:d6:17:b6:fd:df:fb:e0:80:d5:78:a8:a8:f6:4f:13:9c:33:
-        76:51:f5:d7:de:de:ff:f8:11:c6:f9:d5:e8:93:2a:78:8d:a3:
-        eb:22:34:0a
------BEGIN CERTIFICATE-----
-MIIEnjCCA4agAwIBAgIBATANBgkqhkiG9w0BAQUFADCBlDELMAkGA1UEBhMCVVMx
-EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh
-d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz
-bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUwNzIx
-MjExNDQ2WhcNMTgwNDE2MjExNDQ2WjCBkDELMAkGA1UEBhMCVVMxEDAOBgNVBAgT
-B01vbnRhbmExEDAOBgNVBAcTB0JvemVtYW4xEDAOBgNVBAoTB3dvbGZTU0wxEDAO
-BgNVBAsTB1N1cHBvcnQxGDAWBgNVBAMTD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqG
-SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
-ADCCAQoCggEBAMCVCOFXQfJxbbfSRUEnAWXGRa7yvCQwuJXOL07W9hyIvHyf+6hn
-f/5cnFF194rKB+c1L4/hvXvAL3yrZKgX/Mpde7rgIeVyLm8uhtiVc9qsG1O5Xz/X
-GQ0lT+FjY1GLC2Q/rUO4pRxcNLOuAKBjxfZ/C1loeHOmjBipAm2vwxkBLrgQ48bM
-QLRpo0YzaYduxLsXpvPo3a1zvHsvIbX9ZlEMvVSz4W1fHLwjc9EJA4kU0hC5ZMMq
-0KGWSrzh1Bpbx6DAwWN4D0Q3MDKWgDIjlaF3uhPSl3PiXSXJag3DOWCktLBpQkIJ
-6dgIvDMgs1gip6rrxOHmYYPF0pbf2dBPrdcCAwEAAaOB/DCB+TAdBgNVHQ4EFgQU
-sxEyyZKYhOLJ+NA7bgNCyh8OjjwwgckGA1UdIwSBwTCBvoAUJ45nEXTDJh0/7TNj
-s6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5h
-MRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290aDETMBEGA1UECwwK
-Q29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcN
-AQkBFhBpbmZvQHdvbGZzc2wuY29tggkA2YA6w9L02jcwDAYDVR0TBAUwAwEB/zAN
-BgkqhkiG9w0BAQUFAAOCAQEACC28tbfZicN8wy14+F0lF6/+TO5QV5aYHaqAwuaG
-7cjA+kWhPfwaJig2OnPW5byfJHhywTNZIdv02diva40K8Y1R3VLVb6wC5zldLqyP
-mV2WFf2p8QEZqCmonXHe+MlggUHzIHVnIO/VN+Xtndn2hx1aaqceQILfT2RqZ5yo
-guqfM/sjUEkqkADGkYJUx6DcAba7I1phSESP5xYmhwRZMhVyvKv1YLXKVBP6KPe8
-bMW4wbQSMbaKwa2/ENt9xwJS5OT3LXQE5CgsFsuzNPzJlWo96cS4XD8frtYXtv3f
-++CA1XioqPZPE5wzdlH1197e//gRxvnV6JMqeI2j6yI0Cg==
------END CERTIFICATE-----
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number:
-            d9:80:3a:c3:d2:f4:da:37
-        Signature Algorithm: sha256WithRSAEncryption
-        Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-        Validity
-            Not Before: May  7 18:21:01 2015 GMT
-            Not After : Jan 31 18:21:01 2018 GMT
-        Subject: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (2048 bit)
-                Modulus (2048 bit):
-                    00:bf:0c:ca:2d:14:b2:1e:84:42:5b:cd:38:1f:4a:
-                    f2:4d:75:10:f1:b6:35:9f:df:ca:7d:03:98:d3:ac:
-                    de:03:66:ee:2a:f1:d8:b0:7d:6e:07:54:0b:10:98:
-                    21:4d:80:cb:12:20:e7:cc:4f:de:45:7d:c9:72:77:
-                    32:ea:ca:90:bb:69:52:10:03:2f:a8:f3:95:c5:f1:
-                    8b:62:56:1b:ef:67:6f:a4:10:41:95:ad:0a:9b:e3:
-                    a5:c0:b0:d2:70:76:50:30:5b:a8:e8:08:2c:7c:ed:
-                    a7:a2:7a:8d:38:29:1c:ac:c7:ed:f2:7c:95:b0:95:
-                    82:7d:49:5c:38:cd:77:25:ef:bd:80:75:53:94:3c:
-                    3d:ca:63:5b:9f:15:b5:d3:1d:13:2f:19:d1:3c:db:
-                    76:3a:cc:b8:7d:c9:e5:c2:d7:da:40:6f:d8:21:dc:
-                    73:1b:42:2d:53:9c:fe:1a:fc:7d:ab:7a:36:3f:98:
-                    de:84:7c:05:67:ce:6a:14:38:87:a9:f1:8c:b5:68:
-                    cb:68:7f:71:20:2b:f5:a0:63:f5:56:2f:a3:26:d2:
-                    b7:6f:b1:5a:17:d7:38:99:08:fe:93:58:6f:fe:c3:
-                    13:49:08:16:0b:a7:4d:67:00:52:31:67:23:4e:98:
-                    ed:51:45:1d:b9:04:d9:0b:ec:d8:28:b3:4b:bd:ed:
-                    36:79
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Subject Key Identifier: 
-                27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
-            X509v3 Authority Key Identifier: 
-                keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
-                DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-                serial:D9:80:3A:C3:D2:F4:DA:37
-
-            X509v3 Basic Constraints: 
-                CA:TRUE
-    Signature Algorithm: sha256WithRSAEncryption
-        7a:af:44:3b:aa:6f:53:42:b2:33:aa:43:5f:56:30:d3:b9:96:
-        0b:9a:55:5a:39:2a:0b:4e:e4:2e:f1:95:66:c9:86:36:82:8d:
-        63:7c:4d:a2:ee:48:ba:03:c7:90:d7:a7:c6:74:60:48:5f:31:
-        a2:f9:5e:3e:c3:82:e1:e5:2f:41:81:83:29:25:79:d1:53:00:
-        69:3c:ed:0a:30:3b:41:1d:92:a1:2c:a8:9d:2c:e3:23:87:79:
-        e0:55:6e:91:a8:50:da:46:2f:c2:20:50:3e:2b:47:97:14:b0:
-        7d:04:ba:45:51:d0:6e:e1:5a:a2:4b:84:9c:4d:cd:85:04:f9:
-        28:31:82:93:bc:c7:59:49:91:03:e8:df:6a:e4:56:ad:6a:cb:
-        1f:0d:37:e4:5e:bd:e7:9f:d5:ec:9d:3c:18:25:9b:f1:2f:50:
-        7d:eb:31:cb:f1:63:22:9d:57:fc:f3:84:20:1a:c6:07:87:92:
-        26:9e:15:18:59:33:06:dc:fb:b0:b6:76:5d:f1:c1:2f:c8:2f:
-        62:9c:c0:d6:de:eb:65:77:f3:5c:a6:c3:88:27:96:75:b4:f4:
-        54:cd:ff:2d:21:2e:96:f0:07:73:4b:e9:93:92:90:de:62:d9:
-        a3:3b:ac:6e:24:5f:27:4a:b3:94:70:ff:30:17:e7:7e:32:8f:
-        65:b7:75:58
------BEGIN CERTIFICATE-----
-MIIEqjCCA5KgAwIBAgIJANmAOsPS9No3MA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD
-VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G
-A1UECgwIU2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3
-dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAe
-Fw0xNTA1MDcxODIxMDFaFw0xODAxMzExODIxMDFaMIGUMQswCQYDVQQGEwJVUzEQ
-MA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3
-dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3Ns
-LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZI
-hvcNAQEBBQADggEPADCCAQoCggEBAL8Myi0Ush6EQlvNOB9K8k11EPG2NZ/fyn0D
-mNOs3gNm7irx2LB9bgdUCxCYIU2AyxIg58xP3kV9yXJ3MurKkLtpUhADL6jzlcXx
-i2JWG+9nb6QQQZWtCpvjpcCw0nB2UDBbqOgILHztp6J6jTgpHKzH7fJ8lbCVgn1J
-XDjNdyXvvYB1U5Q8PcpjW58VtdMdEy8Z0TzbdjrMuH3J5cLX2kBv2CHccxtCLVOc
-/hr8fat6Nj+Y3oR8BWfOahQ4h6nxjLVoy2h/cSAr9aBj9VYvoybSt2+xWhfXOJkI
-/pNYb/7DE0kIFgunTWcAUjFnI06Y7VFFHbkE2Qvs2CizS73tNnkCAwEAAaOB/DCB
-+TAdBgNVHQ4EFgQUJ45nEXTDJh0/7TNjs6TYHTDl6NUwgckGA1UdIwSBwTCBvoAU
-J45nEXTDJh0/7TNjs6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYD
-VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290
-aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t
-MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkA2YA6w9L02jcwDAYD
-VR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAeq9EO6pvU0KyM6pDX1Yw07mW
-C5pVWjkqC07kLvGVZsmGNoKNY3xNou5IugPHkNenxnRgSF8xovlePsOC4eUvQYGD
-KSV50VMAaTztCjA7QR2SoSyonSzjI4d54FVukahQ2kYvwiBQPitHlxSwfQS6RVHQ
-buFaokuEnE3NhQT5KDGCk7zHWUmRA+jfauRWrWrLHw035F6955/V7J08GCWb8S9Q
-fesxy/FjIp1X/POEIBrGB4eSJp4VGFkzBtz7sLZ2XfHBL8gvYpzA1t7rZXfzXKbD
-iCeWdbT0VM3/LSEulvAHc0vpk5KQ3mLZozusbiRfJ0qzlHD/MBfnfjKPZbd1WA==
------END CERTIFICATE-----

From f73c6a5ea958f70deca1a8b63d82d8a4e607be05 Mon Sep 17 00:00:00 2001
From: kaleb-himes <kaleb@wolfssl.com>
Date: Wed, 22 Jul 2015 10:05:39 -0600
Subject: [PATCH 226/350] new crl test using server and client instead

---
 scripts/crl.test | 149 ++++++++++++++++++++---------------------------
 1 file changed, 64 insertions(+), 85 deletions(-)

diff --git a/scripts/crl.test b/scripts/crl.test
index 2f4c5a9ee..5361e1f27 100755
--- a/scripts/crl.test
+++ b/scripts/crl.test
@@ -2,74 +2,85 @@
 
 #crl.test
 
-dir="certs/crl"
-log_file="tests/unit.log"
-result_file="make_test_result.txt"
+log_file="scripts/client_result.txt"
 success_line="err = -361, CRL Cert revoked"
-exit_code="0"
-allowed_to_run="1"
-script_1="testsuite/testsuite.test"
-script_2="scripts/*.test"
+exit_code="-1"
+
+crl_port=11113
+no_pid=-1
+server_pid=$no_pid
+
+function remove_ready_file() {
+    if test -e /tmp/wolfssl_server_ready; then
+        echo -e "removing exisitng server_ready file"
+        rm /tmp/wolfssl_server_ready
+    fi
+}
+
+# trap this function so if user aborts with ^C or other kill signal we still
+# get an exit that will in turn clean up the file system
+function abort_trap() {
+    $exit_code = "-1"
+    echo "got abort signal, exiting with $exit_code"
+    exit $exit_code
+}
+trap abort_trap INT TERM
+
 
 # trap this function so that if we exit on an error the file system will still
 # be restored and the other tests may still pass. Never call this function
 # instead use "exit <some value>" and this function will run automatically
 function restore_file_system() {
-    move_bad_crl_out
-    put_in_good_crl
+    echo "in cleanup"
+
+    if  [ $server_pid != $no_pid ]
+    then
+        echo "killing server"
+        kill -9 $server_pid
+    fi
+    remove_ready_file
 }
 trap restore_file_system EXIT
 
-function can_start() {
-
-    # NICK: need a better way of controlling when this script executes
-    # I.E. force it to be last or force it to be first
-
-    # grep for any other test scripts that may be running
-    $allowed_to_run=`ps aux | grep -i "$script_1" | grep -v "grep" | wc -l`
-    if [ $allowed_to_run -ge 1 ]
-    then
-        echo "script is running"
-    else
-        echo "script is not running"
-    fi
-}
-
-function move_good_crl_out() {
-    if test -e $dir/crl.pem; then
-        echo "moving good crl out of the way"
-        mv $dir/crl.pem $dir/crl.unrevoked
-    else
-        echo "file not found: $dir/crl.pem"
-        echo "Please make sure you're running from wolfSSL_root directory"
-        $exit_code = -1
-        echo "exiting with $exit_code"
-        exit $exit_code
-    fi
-}
-
-function put_in_bad_crl() {
-    if test -e $dir/crl.revoked; then
-        echo "moving crl with server revoked into place"
-        mv $dir/crl.revoked $dir/crl.pem
-    else
-        echo "file not found: $dir/crl.revoked"
-        echo "Please make sure you're running from wolfSSL_root directory"
-        $exit_code = -1
-        echo "exiting with $exit_code"
-        exit $exit_code
-    fi
-}
-
 function run_test() {
+    echo -e "\nStarting example server for crl test...\n"
+
+    remove_ready_file
+    ./examples/server/server -R -p $crl_port &
+    server_pid=$!
+
+    while [ ! -s /tmp/wolfssl_server_ready ]; do
+        echo -e "waiting for server_ready file..."
+        sleep 0.1
+    done
+
+    ./examples/client/client -p $crl_port &> $log_file
+    client_result=$?
+
+    if [ $client_result != 0 ]
+    then
+        echo -e "client failed!"
+        exit 1
+    fi
+
+    wait $server_pid
+    server_result=$?
+
+    if [ $server_result != 0 ]
+    then
+        echo -e "client failed!"
+        exit 1
+    fi
+
+    echo -e "\nSuccess!\n"
 
     # NICK: is there a better way then scrubbing the .log file to get the
     # error code -361 thoughts?
     #consider how we might abstract this up one layer perhaps a c program.
 
     # Redirect stdout and stderr to reduce "noise"
-    ./testsuite/testsuite.test &> scripts/ignore.txt
-    rm scripts/ignore.txt
+#    ./testsuite/testsuite.test &> scripts/ignore.txt
+#    rm scripts/ignore.txt
 
     if test -e $log_file
     then
@@ -83,44 +94,12 @@ function run_test() {
     fi
 }
 
-function move_bad_crl_out() {
-    if test -e $dir/crl.pem; then
-        echo "moving crl with server revoked out of the way"
-        mv $dir/crl.pem $dir/crl.revoked
-    else
-        echo "file system corrupted. $dir/crl.pem missing after test"
-        $exit_code = -2
-        echo "exiting with $exit_code"
-        exit $exit_code
-    fi
-}
-
-function put_in_good_crl() {
-    if test -e $dir/crl.unrevoked; then
-        echo "moving good crl back into place"
-        mv $dir/crl.unrevoked $dir/crl.pem
-    else
-        echo "file system corrupted. $dir/crl.unrevoked missing after test"
-        $exit_code = -2
-        echo "exiting with $exit_code"
-        exit $exit_code
-    fi
-}
 
 ######### begin program #########
 
-# check if testsuite is currently running
-#can_start
-
-# move good crl to crl.unrevoked
-move_good_crl_out
-
-# move revoked crl into place
-put_in_bad_crl
-
 # run the test
 run_test
-
+$exit_code=0
 echo "exiting with $exit_code"
 exit $exit_code
 ########## end program ##########

From 3732d319551b45fc7812e49a43a6a404a298591f Mon Sep 17 00:00:00 2001
From: Nickolas Lapp <nick@wolfssl.com>
Date: Wed, 22 Jul 2015 10:37:24 -0600
Subject: [PATCH 227/350] Fixed file cleanup in gencrls, finished support for
 crl.test update crls sign revoked cert

---
 certs/crl/crl.pem             |  58 +++++++++----------
 certs/crl/crl.revoked         |  63 +++++++++++----------
 certs/crl/gencrls.sh          |  22 ++++----
 certs/server-revoked-cert.pem | 101 +++++++++++++++++-----------------
 scripts/crl.test              |  48 +++++++---------
 5 files changed, 143 insertions(+), 149 deletions(-)

diff --git a/certs/crl/crl.pem b/certs/crl/crl.pem
index 28311c760..caef4cd7a 100644
--- a/certs/crl/crl.pem
+++ b/certs/crl/crl.pem
@@ -2,38 +2,40 @@ Certificate Revocation List (CRL):
         Version 2 (0x1)
     Signature Algorithm: sha256WithRSAEncryption
         Issuer: /C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-        Last Update: May  7 18:21:01 2015 GMT
-        Next Update: Jan 31 18:21:01 2018 GMT
+        Last Update: Jul 22 16:17:45 2015 GMT
+        Next Update: Apr 17 16:17:45 2018 GMT
         CRL extensions:
             X509v3 CRL Number: 
-                1
-No Revoked Certificates.
+                6
+Revoked Certificates:
+    Serial Number: 02
+        Revocation Date: Jul 22 16:17:45 2015 GMT
     Signature Algorithm: sha256WithRSAEncryption
-         96:e2:b9:11:e0:e5:25:be:ab:69:e5:fa:8a:5c:7f:fc:6f:1d:
-         8f:4a:54:70:f8:2e:87:fa:b0:f6:fd:3f:8f:9c:75:8a:eb:62:
-         cc:dd:2c:0a:8c:31:9e:30:3f:22:9b:91:50:6b:43:fd:32:8a:
-         79:ea:0b:6b:68:6c:82:9c:79:da:20:95:83:25:5e:09:fc:57:
-         2d:19:f9:bc:5a:67:95:98:65:dc:2d:91:13:2a:81:c2:6d:ff:
-         12:48:6f:a4:ce:8a:b2:d3:19:b8:c2:86:e0:ba:91:3f:bb:ec:
-         c6:79:83:50:95:19:95:28:eb:ef:ff:bb:16:8f:3c:7d:4c:d1:
-         3e:c3:82:22:8f:c5:e8:0e:b3:64:8f:5d:53:32:d5:98:64:9c:
-         36:c4:6a:cf:68:21:4f:a8:4e:90:37:76:dc:05:70:66:2d:bc:
-         a0:d8:19:5c:96:90:d6:b9:09:56:46:07:be:3c:ae:08:bb:26:
-         26:21:2c:d1:48:01:88:28:bc:21:a4:97:b7:3b:f0:7e:67:73:
-         84:cf:21:43:e7:dd:53:9d:6a:59:c3:e5:98:c9:69:71:c3:e3:
-         70:28:ba:f9:69:0a:af:78:e5:83:02:13:7e:08:70:8c:f3:8b:
-         5d:96:b0:78:b9:d9:99:c5:1e:b7:45:dc:28:32:1a:d0:50:4b:
-         f4:41:92:19
+         7c:5c:fe:a6:cb:e9:78:ed:10:48:59:4a:e6:d9:96:68:ea:30:
+         43:ba:b8:99:d1:8b:96:5e:d9:52:4c:58:3f:c1:d4:98:f1:20:
+         46:02:0f:a3:25:7b:9c:06:c7:3d:5a:f1:00:bf:d2:d6:70:5c:
+         45:ee:dc:fa:22:58:36:f2:14:06:c4:18:c9:b4:f8:ff:54:56:
+         cf:ff:71:00:cd:a1:9a:3c:52:dc:6f:a6:c1:fa:67:2f:a9:4d:
+         7e:f7:da:c0:4c:29:34:53:8d:27:31:02:ad:05:35:3e:7d:8d:
+         ea:f7:2a:f8:57:cb:7f:da:27:54:3d:0b:c4:69:a7:40:8f:b3:
+         cb:fe:dc:76:90:57:aa:62:23:22:61:8a:d5:aa:f4:43:aa:30:
+         bd:9d:97:df:84:58:7c:f1:d6:78:9d:a9:4f:69:7a:a2:b5:0f:
+         a2:61:d0:53:93:ea:d1:0f:35:ea:d4:49:09:a1:53:7d:64:ed:
+         2a:c0:f3:78:d6:ad:07:38:01:56:d5:bb:66:cc:02:e7:a4:f6:
+         9f:65:64:98:f8:db:0d:ed:fc:29:2e:f6:e5:e9:d8:d7:68:97:
+         84:05:99:8e:e2:ad:1c:e6:ba:0d:05:46:5c:9a:6f:60:69:b3:
+         03:d1:af:b9:3c:52:de:08:48:20:1a:3c:86:49:a8:06:49:b8:
+         03:da:ba:89
 -----BEGIN X509 CRL-----
-MIIB7jCB1wIBATANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMxEDAOBgNV
+MIICBDCB7QIBATANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMxEDAOBgNV
 BAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNhd3Rvb3Ro
 MRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20x
-HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTE1MDUwNzE4MjEwMVoX
-DTE4MDEzMTE4MjEwMVqgDjAMMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBCwUAA4IB
-AQCW4rkR4OUlvqtp5fqKXH/8bx2PSlRw+C6H+rD2/T+PnHWK62LM3SwKjDGeMD8i
-m5FQa0P9Mop56gtraGyCnHnaIJWDJV4J/FctGfm8WmeVmGXcLZETKoHCbf8SSG+k
-zoqy0xm4wobgupE/u+zGeYNQlRmVKOvv/7sWjzx9TNE+w4Iij8XoDrNkj11TMtWY
-ZJw2xGrPaCFPqE6QN3bcBXBmLbyg2BlclpDWuQlWRge+PK4IuyYmISzRSAGIKLwh
-pJe3O/B+Z3OEzyFD591TnWpZw+WYyWlxw+NwKLr5aQqveOWDAhN+CHCM84tdlrB4
-udmZxR63RdwoMhrQUEv0QZIZ
+HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTE1MDcyMjE2MTc0NVoX
+DTE4MDQxNzE2MTc0NVowFDASAgECFw0xNTA3MjIxNjE3NDVaoA4wDDAKBgNVHRQE
+AwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAfFz+psvpeO0QSFlK5tmWaOowQ7q4mdGL
+ll7ZUkxYP8HUmPEgRgIPoyV7nAbHPVrxAL/S1nBcRe7c+iJYNvIUBsQYybT4/1RW
+z/9xAM2hmjxS3G+mwfpnL6lNfvfawEwpNFONJzECrQU1Pn2N6vcq+FfLf9onVD0L
+xGmnQI+zy/7cdpBXqmIjImGK1ar0Q6owvZ2X34RYfPHWeJ2pT2l6orUPomHQU5Pq
+0Q816tRJCaFTfWTtKsDzeNatBzgBVtW7ZswC56T2n2VkmPjbDe38KS725enY12iX
+hAWZjuKtHOa6DQVGXJpvYGmzA9GvuTxS3ghIIBo8hkmoBkm4A9q6iQ==
 -----END X509 CRL-----
diff --git a/certs/crl/crl.revoked b/certs/crl/crl.revoked
index 60152d880..6bef57e6b 100644
--- a/certs/crl/crl.revoked
+++ b/certs/crl/crl.revoked
@@ -2,40 +2,43 @@ Certificate Revocation List (CRL):
         Version 2 (0x1)
     Signature Algorithm: sha256WithRSAEncryption
         Issuer: /C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-        Last Update: May  7 18:21:01 2015 GMT
-        Next Update: Jan 31 18:21:01 2018 GMT
+        Last Update: Jul 22 16:17:45 2015 GMT
+        Next Update: Apr 17 16:17:45 2018 GMT
         CRL extensions:
             X509v3 CRL Number: 
-                2
+                7
 Revoked Certificates:
     Serial Number: 01
-        Revocation Date: May  7 18:21:01 2015 GMT
+        Revocation Date: Jul 22 16:17:45 2015 GMT
+    Serial Number: 02
+        Revocation Date: Jul 22 16:17:45 2015 GMT
     Signature Algorithm: sha256WithRSAEncryption
-         b7:34:2b:1c:09:6b:a2:9c:12:4f:fd:ef:69:4c:a4:1d:f2:39:
-         52:29:98:78:b2:86:ea:54:9b:29:e5:c2:88:0e:2f:f9:d2:5b:
-         9d:49:37:68:26:6c:45:61:d4:9d:05:ef:2d:ca:78:0a:d0:28:
-         c1:25:f2:f7:6a:ad:df:1d:eb:8a:66:64:4d:0c:02:91:fb:ff:
-         70:b4:36:b6:e4:79:17:d5:18:6a:72:17:e1:8b:31:49:04:98:
-         96:88:42:ea:8c:fe:91:40:5a:c5:ad:3b:da:9a:47:43:d6:e9:
-         f6:59:75:49:91:a9:e4:8b:c8:03:60:6b:36:69:87:71:f1:5b:
-         92:00:51:bb:fe:d5:4f:0d:0e:f2:56:38:e3:b6:cb:76:11:7b:
-         17:ad:a5:da:37:87:f2:49:af:73:42:56:ed:6c:a1:8d:46:5c:
-         dd:00:a7:8f:1f:5a:dd:d7:87:89:43:30:32:fe:e2:d4:b1:29:
-         12:11:ef:22:0d:8f:7f:c5:33:3b:a9:a7:52:0c:25:b8:0c:e6:
-         8a:8b:68:8f:55:84:65:04:c7:44:48:36:02:4d:4e:43:09:1d:
-         1f:3b:f9:4a:0e:ff:59:42:ca:be:0e:a7:79:89:19:31:73:5a:
-         45:6c:70:56:4d:1b:8a:59:c4:6d:ca:bc:f7:41:c4:f6:f0:fd:
-         9c:7e:f1:7e
+         7f:61:91:8a:8c:c1:23:f1:d4:98:d9:67:67:1e:d2:54:2a:ce:
+         b8:41:d1:f7:c4:88:84:01:a5:52:d6:42:d1:af:e6:c8:fb:13:
+         51:9e:2e:18:c1:e7:9d:83:81:79:d3:34:a3:14:a8:1c:7b:9e:
+         07:2b:fb:73:31:ce:17:52:69:80:cc:f7:fd:42:e3:1c:e0:63:
+         66:70:52:81:09:cc:be:51:02:2c:33:9a:ec:21:15:81:9f:7a:
+         10:d0:9c:23:f4:e6:b3:2b:e2:36:0e:fb:79:da:52:2c:bc:fa:
+         dd:9c:53:6b:48:b0:6a:56:5c:7b:87:53:18:94:c4:37:03:bf:
+         13:18:e3:a4:26:e0:66:0c:dc:e5:99:84:5d:36:69:01:f4:69:
+         d4:06:eb:43:ff:4f:f5:17:46:9d:b7:cb:45:ec:0d:9e:9c:4a:
+         96:3c:0b:92:c5:fb:de:d4:3f:af:a9:5e:b1:6f:9d:d7:8b:b5:
+         ab:86:b6:eb:00:da:b1:f4:6d:72:2d:9b:ec:f3:1b:2f:24:99:
+         d5:04:7b:4f:f8:7a:2e:4e:b6:ee:be:f8:50:d2:96:96:6f:f6:
+         3a:c2:7f:35:48:82:1a:84:64:03:e8:58:8e:0c:dc:62:97:cd:
+         82:ff:16:93:ac:44:14:e1:ae:fc:fb:52:25:b6:0d:70:ec:c4:
+         93:42:37:af
 -----BEGIN X509 CRL-----
-MIICBDCB7QIBATANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMxEDAOBgNV
-BAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNhd3Rvb3Ro
-MRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20x
-HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTE1MDUwNzE4MjEwMVoX
-DTE4MDEzMTE4MjEwMVowFDASAgEBFw0xNTA1MDcxODIxMDFaoA4wDDAKBgNVHRQE
-AwIBAjANBgkqhkiG9w0BAQsFAAOCAQEAtzQrHAlropwST/3vaUykHfI5UimYeLKG
-6lSbKeXCiA4v+dJbnUk3aCZsRWHUnQXvLcp4CtAowSXy92qt3x3rimZkTQwCkfv/
-cLQ2tuR5F9UYanIX4YsxSQSYlohC6oz+kUBaxa072ppHQ9bp9ll1SZGp5IvIA2Br
-NmmHcfFbkgBRu/7VTw0O8lY447bLdhF7F62l2jeH8kmvc0JW7WyhjUZc3QCnjx9a
-3deHiUMwMv7i1LEpEhHvIg2Pf8UzO6mnUgwluAzmiotoj1WEZQTHREg2Ak1OQwkd
-Hzv5Sg7/WULKvg6neYkZMXNaRWxwVk0bilnEbcq890HE9vD9nH7xfg==
+MIICGTCCAQECAQEwDQYJKoZIhvcNAQELBQAwgZQxCzAJBgNVBAYTAlVTMRAwDgYD
+VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290
+aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t
+MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0xNTA3MjIxNjE3NDVa
+Fw0xODA0MTcxNjE3NDVaMCgwEgIBARcNMTUwNzIyMTYxNzQ1WjASAgECFw0xNTA3
+MjIxNjE3NDVaoA4wDDAKBgNVHRQEAwIBBzANBgkqhkiG9w0BAQsFAAOCAQEAf2GR
+iozBI/HUmNlnZx7SVCrOuEHR98SIhAGlUtZC0a/myPsTUZ4uGMHnnYOBedM0oxSo
+HHueByv7czHOF1JpgMz3/ULjHOBjZnBSgQnMvlECLDOa7CEVgZ96ENCcI/Tmsyvi
+Ng77edpSLLz63ZxTa0iwalZce4dTGJTENwO/ExjjpCbgZgzc5ZmEXTZpAfRp1Abr
+Q/9P9RdGnbfLRewNnpxKljwLksX73tQ/r6lesW+d14u1q4a26wDasfRtci2b7PMb
+LySZ1QR7T/h6Lk627r74UNKWlm/2OsJ/NUiCGoRkA+hYjgzcYpfNgv8Wk6xEFOGu
+/PtSJbYNcOzEk0I3rw==
 -----END X509 CRL-----
diff --git a/certs/crl/gencrls.sh b/certs/crl/gencrls.sh
index f5c2a435b..3e500ff84 100755
--- a/certs/crl/gencrls.sh
+++ b/certs/crl/gencrls.sh
@@ -14,6 +14,17 @@ function setup_files() {
     touch ./demoCA/index.txt
 }
 
+function cleanup_files() {
+    rm blank.index.txt
+    rm index.*
+    rm crlnumber*
+    rm -r demoCA
+    echo "Removed ../wolfssl.cnf, blank.index.txt, index.*, crlnumber*, demoCA/"
+    echo ""
+    exit 0
+}
+trap cleanup_files EXIT
+
 #setup the files
 setup_files
 
@@ -72,14 +83,3 @@ mv tmp eccSrvCRL.pem
 #cp eccSrvCRL.pem ~/wolfssl/certs/crl/eccSrvCRL.pem
 
 exit 0
-
-function cleanup_files() {
-    rm blank.index.txt
-    rm index.*
-    rm crlnumber*
-    rm -r demoCA
-    echo "Removed ../wolfssl.cnf, blank.index.txt, index.*, crlnumber*, demoCA/"
-    echo ""
-    exit 0
-}
-trap cleanup_files EXIT
diff --git a/certs/server-revoked-cert.pem b/certs/server-revoked-cert.pem
index e3dfb27c7..c4d4cc68d 100644
--- a/certs/server-revoked-cert.pem
+++ b/certs/server-revoked-cert.pem
@@ -2,16 +2,16 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number: 2 (0x2)
-        Signature Algorithm: sha1WithRSAEncryption
+    Signature Algorithm: sha256WithRSAEncryption
         Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
         Validity
-            Not Before: Jul 22 15:23:38 2015 GMT
-            Not After : Apr 17 15:23:38 2018 GMT
+            Not Before: Jul 22 16:17:13 2015 GMT
+            Not After : Apr 17 16:17:13 2018 GMT
         Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL, OU=Support, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-            RSA Public Key: (2048 bit)
-                Modulus (2048 bit):
+                Public-Key: (2048 bit)
+                Modulus:
                     00:b0:14:16:3a:43:dd:e1:50:45:4f:cf:80:b3:dd:
                     66:96:c7:e9:f4:dc:de:b6:6b:24:1b:76:48:ac:c6:
                     23:a5:a7:e4:05:19:bd:b7:f6:de:fa:ff:ed:5b:3c:
@@ -41,30 +41,30 @@ Certificate:
 
             X509v3 Basic Constraints: 
                 CA:TRUE
-    Signature Algorithm: sha1WithRSAEncryption
-        9e:cf:e7:a7:b3:0d:40:4c:c1:ec:ad:8d:c4:5e:8c:91:b0:f3:
-        8e:12:03:0d:6d:aa:6d:28:ac:2d:77:05:59:a7:e0:68:fd:90:
-        17:e2:0e:6c:f0:26:21:85:c2:2b:21:5b:61:c2:70:4d:1e:dc:
-        58:e8:bf:5c:d0:81:10:61:5a:03:8e:37:b4:5a:7b:71:1c:d1:
-        c6:dd:aa:8f:a3:7b:83:90:d1:8c:a4:ff:f5:b3:87:00:d0:f4:
-        b6:ee:26:ca:58:f2:f8:b3:c1:a0:4c:73:cd:8f:33:d8:75:e6:
-        47:88:36:36:98:39:ac:22:75:b6:69:73:ce:c4:1a:40:c2:e7:
-        f1:da:9c:a2:b7:fb:08:d8:8a:da:4d:f4:26:2b:15:89:c9:cb:
-        ad:a8:56:c7:fb:e0:2d:f5:95:f5:89:24:02:f1:32:c2:dd:33:
-        e3:d5:33:65:7c:58:95:82:4f:52:dc:f2:68:83:0b:a8:f4:68:
-        f7:06:b8:6e:04:30:86:b2:ab:01:ff:bf:66:57:41:77:b9:e7:
-        ea:af:0d:44:c6:1a:cb:d6:65:f2:f2:4d:2a:ff:19:25:60:f2:
-        bb:39:c2:96:2a:40:b8:6c:c8:24:c5:1b:dd:43:f0:35:65:80:
-        02:86:54:da:f9:36:29:75:46:ff:c5:c3:ee:ff:ea:84:6c:ab:
-        bd:88:ab:b1
+    Signature Algorithm: sha256WithRSAEncryption
+         9a:f1:4a:20:31:d1:06:ac:6f:88:ff:c5:c1:db:85:cf:a1:bc:
+         25:6a:04:12:9a:5e:23:31:ab:d1:aa:cb:a2:a7:0e:8f:9a:2d:
+         f2:84:5b:40:05:6f:fb:9c:88:e8:a7:92:a4:95:aa:34:c3:7a:
+         8c:95:6f:a1:30:9a:a7:0c:1c:57:e0:76:ad:4b:53:c1:71:b3:
+         8d:11:96:59:0c:c9:2b:92:69:bb:5a:48:55:23:77:dd:26:0b:
+         34:ec:25:98:7a:3b:a5:de:ed:0b:d0:05:80:cc:d2:db:9e:3c:
+         9e:b2:49:97:38:06:28:48:44:a8:75:88:43:2c:bc:44:44:4f:
+         9a:33:08:8f:dc:8a:51:ce:7e:0f:d6:10:95:01:e1:b4:65:0f:
+         0a:9f:23:b0:76:e8:10:c4:ac:80:97:e4:93:1a:ce:1a:a4:ea:
+         9d:5d:89:93:ca:83:c0:b0:19:eb:c9:58:f7:bf:22:c0:6f:7d:
+         4e:1f:44:69:47:b0:d0:3c:07:db:dc:95:7c:cf:32:fc:3b:4d:
+         43:42:c0:c4:cc:af:5a:f0:4e:e1:65:15:12:7d:bd:bc:68:72:
+         4c:ae:e5:8a:81:21:fb:1a:45:3f:89:f3:2a:a3:c1:e0:49:8b:
+         c1:2b:9f:fd:99:54:d4:84:5f:ec:2a:8e:ba:06:23:85:3f:a1:
+         d9:57:c0:ee
 -----BEGIN CERTIFICATE-----
-MIIEnjCCA4agAwIBAgIBAjANBgkqhkiG9w0BAQUFADCBlDELMAkGA1UEBhMCVVMx
+MIIEnjCCA4agAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx
 EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh
 d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz
 bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUwNzIy
-MTUyMzM4WhcNMTgwNDE3MTUyMzM4WjCBkDELMAkGA1UEBhMCVVMxEDAOBgNVBAgT
-B01vbnRhbmExEDAOBgNVBAcTB0JvemVtYW4xEDAOBgNVBAoTB3dvbGZTU0wxEDAO
-BgNVBAsTB1N1cHBvcnQxGDAWBgNVBAMTD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqG
+MTYxNzEzWhcNMTgwNDE3MTYxNzEzWjCBkDELMAkGA1UEBhMCVVMxEDAOBgNVBAgM
+B01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xEDAOBgNVBAoMB3dvbGZTU0wxEDAO
+BgNVBAsMB1N1cHBvcnQxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqG
 SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
 ADCCAQoCggEBALAUFjpD3eFQRU/PgLPdZpbH6fTc3rZrJBt2SKzGI6Wn5AUZvbf2
 3vr/7Vs8eYqp1fH768ix5LKrUnKJkyJcus2KNios0UDsqGYOw3bN57OjCh7dSgeC
@@ -77,19 +77,18 @@ s6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5h
 MRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290aDETMBEGA1UECwwK
 Q29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcN
 AQkBFhBpbmZvQHdvbGZzc2wuY29tggkA2YA6w9L02jcwDAYDVR0TBAUwAwEB/zAN
-BgkqhkiG9w0BAQUFAAOCAQEAns/np7MNQEzB7K2NxF6MkbDzjhIDDW2qbSisLXcF
-WafgaP2QF+IObPAmIYXCKyFbYcJwTR7cWOi/XNCBEGFaA443tFp7cRzRxt2qj6N7
-g5DRjKT/9bOHAND0tu4myljy+LPBoExzzY8z2HXmR4g2Npg5rCJ1tmlzzsQaQMLn
-8dqcorf7CNiK2k30JisVicnLrahWx/vgLfWV9YkkAvEywt0z49UzZXxYlYJPUtzy
-aIMLqPRo9wa4bgQwhrKrAf+/ZldBd7nn6q8NRMYay9Zl8vJNKv8ZJWDyuznClipA
-uGzIJMUb3UPwNWWAAoZU2vk2KXVG/8XD7v/qhGyrvYirsQ==
+BgkqhkiG9w0BAQsFAAOCAQEAmvFKIDHRBqxviP/FwduFz6G8JWoEEppeIzGr0arL
+oqcOj5ot8oRbQAVv+5yI6KeSpJWqNMN6jJVvoTCapwwcV+B2rUtTwXGzjRGWWQzJ
+K5Jpu1pIVSN33SYLNOwlmHo7pd7tC9AFgMzS2548nrJJlzgGKEhEqHWIQyy8RERP
+mjMIj9yKUc5+D9YQlQHhtGUPCp8jsHboEMSsgJfkkxrOGqTqnV2Jk8qDwLAZ68lY
+978iwG99Th9EaUew0DwH29yVfM8y/DtNQ0LAxMyvWvBO4WUVEn29vGhyTK7lioEh
++xpFP4nzKqPB4EmLwSuf/ZlU1IRf7CqOugYjhT+h2VfA7g==
 -----END CERTIFICATE-----
 Certificate:
     Data:
         Version: 3 (0x2)
-        Serial Number:
-            d9:80:3a:c3:d2:f4:da:37
-        Signature Algorithm: sha256WithRSAEncryption
+        Serial Number: 15672591315981621815 (0xd9803ac3d2f4da37)
+    Signature Algorithm: sha256WithRSAEncryption
         Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
         Validity
             Not Before: May  7 18:21:01 2015 GMT
@@ -97,8 +96,8 @@ Certificate:
         Subject: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-            RSA Public Key: (2048 bit)
-                Modulus (2048 bit):
+                Public-Key: (2048 bit)
+                Modulus:
                     00:bf:0c:ca:2d:14:b2:1e:84:42:5b:cd:38:1f:4a:
                     f2:4d:75:10:f1:b6:35:9f:df:ca:7d:03:98:d3:ac:
                     de:03:66:ee:2a:f1:d8:b0:7d:6e:07:54:0b:10:98:
@@ -129,21 +128,21 @@ Certificate:
             X509v3 Basic Constraints: 
                 CA:TRUE
     Signature Algorithm: sha256WithRSAEncryption
-        7a:af:44:3b:aa:6f:53:42:b2:33:aa:43:5f:56:30:d3:b9:96:
-        0b:9a:55:5a:39:2a:0b:4e:e4:2e:f1:95:66:c9:86:36:82:8d:
-        63:7c:4d:a2:ee:48:ba:03:c7:90:d7:a7:c6:74:60:48:5f:31:
-        a2:f9:5e:3e:c3:82:e1:e5:2f:41:81:83:29:25:79:d1:53:00:
-        69:3c:ed:0a:30:3b:41:1d:92:a1:2c:a8:9d:2c:e3:23:87:79:
-        e0:55:6e:91:a8:50:da:46:2f:c2:20:50:3e:2b:47:97:14:b0:
-        7d:04:ba:45:51:d0:6e:e1:5a:a2:4b:84:9c:4d:cd:85:04:f9:
-        28:31:82:93:bc:c7:59:49:91:03:e8:df:6a:e4:56:ad:6a:cb:
-        1f:0d:37:e4:5e:bd:e7:9f:d5:ec:9d:3c:18:25:9b:f1:2f:50:
-        7d:eb:31:cb:f1:63:22:9d:57:fc:f3:84:20:1a:c6:07:87:92:
-        26:9e:15:18:59:33:06:dc:fb:b0:b6:76:5d:f1:c1:2f:c8:2f:
-        62:9c:c0:d6:de:eb:65:77:f3:5c:a6:c3:88:27:96:75:b4:f4:
-        54:cd:ff:2d:21:2e:96:f0:07:73:4b:e9:93:92:90:de:62:d9:
-        a3:3b:ac:6e:24:5f:27:4a:b3:94:70:ff:30:17:e7:7e:32:8f:
-        65:b7:75:58
+         7a:af:44:3b:aa:6f:53:42:b2:33:aa:43:5f:56:30:d3:b9:96:
+         0b:9a:55:5a:39:2a:0b:4e:e4:2e:f1:95:66:c9:86:36:82:8d:
+         63:7c:4d:a2:ee:48:ba:03:c7:90:d7:a7:c6:74:60:48:5f:31:
+         a2:f9:5e:3e:c3:82:e1:e5:2f:41:81:83:29:25:79:d1:53:00:
+         69:3c:ed:0a:30:3b:41:1d:92:a1:2c:a8:9d:2c:e3:23:87:79:
+         e0:55:6e:91:a8:50:da:46:2f:c2:20:50:3e:2b:47:97:14:b0:
+         7d:04:ba:45:51:d0:6e:e1:5a:a2:4b:84:9c:4d:cd:85:04:f9:
+         28:31:82:93:bc:c7:59:49:91:03:e8:df:6a:e4:56:ad:6a:cb:
+         1f:0d:37:e4:5e:bd:e7:9f:d5:ec:9d:3c:18:25:9b:f1:2f:50:
+         7d:eb:31:cb:f1:63:22:9d:57:fc:f3:84:20:1a:c6:07:87:92:
+         26:9e:15:18:59:33:06:dc:fb:b0:b6:76:5d:f1:c1:2f:c8:2f:
+         62:9c:c0:d6:de:eb:65:77:f3:5c:a6:c3:88:27:96:75:b4:f4:
+         54:cd:ff:2d:21:2e:96:f0:07:73:4b:e9:93:92:90:de:62:d9:
+         a3:3b:ac:6e:24:5f:27:4a:b3:94:70:ff:30:17:e7:7e:32:8f:
+         65:b7:75:58
 -----BEGIN CERTIFICATE-----
 MIIEqjCCA5KgAwIBAgIJANmAOsPS9No3MA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD
 VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G
diff --git a/scripts/crl.test b/scripts/crl.test
index 5361e1f27..421359520 100755
--- a/scripts/crl.test
+++ b/scripts/crl.test
@@ -4,10 +4,12 @@
 
 log_file="scripts/client_result.txt"
 success_line="err = -361, CRL Cert revoked"
-exit_code="-1"
+exit_code=-1
 
 crl_port=11113
+#no_pid tells us process was never started if -1
 no_pid=-1
+#server_pid captured on startup, stores the id of the server process
 server_pid=$no_pid
 
 function remove_ready_file() {
@@ -17,10 +19,17 @@ function remove_ready_file() {
     fi
 }
 
+function remove_log_file() {
+    if test -e $log_file; then
+        echo -e "removing client log file"
+        rm $log_file
+    fi
+}
+
 # trap this function so if user aborts with ^C or other kill signal we still
 # get an exit that will in turn clean up the file system
 function abort_trap() {
-    $exit_code = "-1"
+    exit_code=-2 #different exit code in case of user interrupt
     echo "got abort signal, exiting with $exit_code"
     exit $exit_code
 }
@@ -39,6 +48,7 @@ function restore_file_system() {
         kill -9 $server_pid
     fi
     remove_ready_file
+    remove_log_file
 }
 trap restore_file_system EXIT
 
@@ -46,7 +56,11 @@ function run_test() {
     echo -e "\nStarting example server for crl test...\n"
 
     remove_ready_file
-    ./examples/server/server -R -p $crl_port &
+
+    # starts the server on crl_port, -R generates ready file to be used as a
+    # mutex lock, -c loads the revoked certificate. We capture the processid
+    # into the variable server_pid
+    ./examples/server/server -R -p $crl_port -c certs/server-revoked-cert.pem &
     server_pid=$!
 
     while [ ! -s /tmp/wolfssl_server_ready ]; do
@@ -54,34 +68,10 @@ function run_test() {
         sleep 0.1
     done
 
+    # starts client on crl_port and redirects output to log_file
     ./examples/client/client -p $crl_port &> $log_file
     client_result=$?
 
-    if [ $client_result != 0 ]
-    then
-        echo -e "client failed!"
-        exit 1
-    fi
-
-    wait $server_pid
-    server_result=$?
-
-    if [ $server_result != 0 ]
-    then
-        echo -e "client failed!"
-        exit 1
-    fi
-
-    echo -e "\nSuccess!\n"
-
-    # NICK: is there a better way then scrubbing the .log file to get the
-    # error code -361 thoughts?
-    #consider how we might abstract this up one layer perhaps a c program.
-
-    # Redirect stdout and stderr to reduce "noise"
-#    ./testsuite/testsuite.test &> scripts/ignore.txt
-#    rm scripts/ignore.txt
-
     if test -e $log_file
     then
         while read line;
@@ -99,7 +89,7 @@ function run_test() {
 
 # run the test
 run_test
-$exit_code=0
+exit_code=0
 echo "exiting with $exit_code"
 exit $exit_code
 ########## end program ##########

From c169a113aed6053b17f46440d4f9dbde100b5b1a Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Wed, 22 Jul 2015 11:20:45 -0700
Subject: [PATCH 228/350] for Windows build, clean up warnings and a couple
 variable declarations

---
 src/ssl.c           | 14 +++++------
 wolfcrypt/src/ecc.c | 58 ++++++++++++++++++++++-----------------------
 2 files changed, 35 insertions(+), 37 deletions(-)
 mode change 100644 => 100755 wolfcrypt/src/ecc.c

diff --git a/src/ssl.c b/src/ssl.c
index 1cc079d9c..24591613b 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -13911,8 +13911,6 @@ int wolfSSL_EC_GROUP_get_degree(const WOLFSSL_EC_GROUP *group)
             return SSL_FAILURE;
             break;
     }
-
-    return SSL_FAILURE;
 }
 
 /* return code compliant with OpenSSL :
@@ -14087,11 +14085,11 @@ int wolfSSL_EC_POINT_mul(const WOLFSSL_EC_GROUP *group, WOLFSSL_EC_POINT *r,
                          const WOLFSSL_BIGNUM *n, const WOLFSSL_EC_POINT *q,
                          const WOLFSSL_BIGNUM *m, WOLFSSL_BN_CTX *ctx)
 {
+    mp_int prime;
+
     (void)ctx;
     (void)n;
 
-    mp_int prime;
-
     WOLFSSL_ENTER("wolfSSL_EC_POINT_mul");
 
     if (group == NULL || r == NULL || r->internal == NULL ||
@@ -14153,8 +14151,9 @@ int wolfSSL_EC_POINT_cmp(const WOLFSSL_EC_GROUP *group,
                          const WOLFSSL_EC_POINT *a, const WOLFSSL_EC_POINT *b,
                          WOLFSSL_BN_CTX *ctx)
 {
-    (void)ctx;
     int ret;
+
+	(void)ctx;
     
     WOLFSSL_ENTER("wolfSSL_EC_POINT_cmp");
 
@@ -14411,10 +14410,11 @@ int wolfSSL_ECDH_compute_key(void *out, size_t outlen,
                              void *(*KDF) (const void *in, size_t inlen,
                                            void *out, size_t *outlen))
 {
-    (void)KDF;
     word32 len;
 
-    WOLFSSL_ENTER("wolfSSL_ECDH_compute_key");
+    (void)KDF;
+
+	WOLFSSL_ENTER("wolfSSL_ECDH_compute_key");
 
     if (out == NULL || pub_key == NULL || pub_key->internal == NULL ||
         ecdh == NULL || ecdh->internal == NULL) {
diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c
old mode 100644
new mode 100755
index a65e343df..9d1d0dae0
--- a/wolfcrypt/src/ecc.c
+++ b/wolfcrypt/src/ecc.c
@@ -2597,26 +2597,25 @@ int wc_ecc_export_point_der(const int curve_idx, ecc_point* point, byte* out,
         return MEMORY_E;
 #endif
 
-    do {
-        /* pad and store x */
-        XMEMSET(buf, 0, ECC_BUFSIZE);
-        ret = mp_to_unsigned_bin(point->x, buf +
+    /* pad and store x */
+    XMEMSET(buf, 0, ECC_BUFSIZE);
+    ret = mp_to_unsigned_bin(point->x, buf +
                                  (numlen - mp_unsigned_bin_size(point->x)));
-        if (ret != MP_OKAY)
-            break;
-        XMEMCPY(out+1, buf, numlen);
+    if (ret != MP_OKAY)
+        goto done;
+    XMEMCPY(out+1, buf, numlen);
 
-        /* pad and store y */
-        XMEMSET(buf, 0, ECC_BUFSIZE);
-        ret = mp_to_unsigned_bin(point->y, buf +
+    /* pad and store y */
+    XMEMSET(buf, 0, ECC_BUFSIZE);
+    ret = mp_to_unsigned_bin(point->y, buf +
                                  (numlen - mp_unsigned_bin_size(point->y)));
-        if (ret != MP_OKAY)
-            break;
-        XMEMCPY(out+1+numlen, buf, numlen);
+    if (ret != MP_OKAY)
+        goto done;
+    XMEMCPY(out+1+numlen, buf, numlen);
 
-        *outLen = 1 + 2*numlen;
-    } while (0);
+    *outLen = 1 + 2*numlen;
 
+done:
 #ifdef WOLFSSL_SMALL_STACK
     XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
@@ -2665,26 +2664,25 @@ int wc_ecc_export_x963(ecc_key* key, byte* out, word32* outLen)
       return MEMORY_E;
 #endif
 
-   do {
-      /* pad and store x */
-      XMEMSET(buf, 0, ECC_BUFSIZE);
-      ret = mp_to_unsigned_bin(key->pubkey.x,
+    /* pad and store x */
+    XMEMSET(buf, 0, ECC_BUFSIZE);
+    ret = mp_to_unsigned_bin(key->pubkey.x,
                          buf + (numlen - mp_unsigned_bin_size(key->pubkey.x)));
-      if (ret != MP_OKAY)
-         break;
-      XMEMCPY(out+1, buf, numlen);
+    if (ret != MP_OKAY)
+        goto done;
+    XMEMCPY(out+1, buf, numlen);
 
-      /* pad and store y */
-      XMEMSET(buf, 0, ECC_BUFSIZE);
-      ret = mp_to_unsigned_bin(key->pubkey.y,
+    /* pad and store y */
+    XMEMSET(buf, 0, ECC_BUFSIZE);
+    ret = mp_to_unsigned_bin(key->pubkey.y,
                          buf + (numlen - mp_unsigned_bin_size(key->pubkey.y)));
-      if (ret != MP_OKAY)
-         break;
-      XMEMCPY(out+1+numlen, buf, numlen);
+    if (ret != MP_OKAY)
+        goto done;
+    XMEMCPY(out+1+numlen, buf, numlen);
 
-      *outLen = 1 + 2*numlen;
-   } while (0);
+    *outLen = 1 + 2*numlen;
 
+done:
 #ifdef WOLFSSL_SMALL_STACK
    XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif

From 4cdece20fbd17969177f259a286a73c6e2c27efe Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Wed, 22 Jul 2015 11:52:42 -0700
Subject: [PATCH 229/350] change SetCurve return type to int, as used

---
 wolfcrypt/src/asn.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
index 8537ed5d2..78a849ab1 100644
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -2735,7 +2735,7 @@ WOLFSSL_LOCAL word32 SetExplicit(byte number, word32 len, byte* output)
 
 #if defined(HAVE_ECC) && (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN))
 
-static word32 SetCurve(ecc_key* key, byte* output)
+static int SetCurve(ecc_key* key, byte* output)
 {
 
     /* curve types */

From 5fe7a1b89ab0b3dee9cbe0adeeb35e536a4c9849 Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Wed, 22 Jul 2015 13:32:56 -0700
Subject: [PATCH 230/350] have fastmath use negative error codes for consistent
 <0 error detection

---
 wolfssl/wolfcrypt/tfm.h | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/wolfssl/wolfcrypt/tfm.h b/wolfssl/wolfcrypt/tfm.h
index 50e9712e7..2467069b3 100644
--- a/wolfssl/wolfcrypt/tfm.h
+++ b/wolfssl/wolfcrypt/tfm.h
@@ -257,10 +257,10 @@
 #define FP_NEG      1
 
 /* return codes */
-#define FP_OKAY     0
-#define FP_VAL      1
-#define FP_MEM      2
-#define FP_NOT_INF	3
+#define FP_OKAY      0
+#define FP_VAL      -1
+#define FP_MEM      -2
+#define FP_NOT_INF	-3
 
 /* equalities */
 #define FP_LT        -1   /* less than */

From f9def1431f3a54fe970d16199cc3df8126f4e7b8 Mon Sep 17 00:00:00 2001
From: Nickolas Lapp <nick@wolfssl.com>
Date: Wed, 22 Jul 2015 15:08:29 -0600
Subject: [PATCH 231/350]     Adding support for crl testing via make check.   
  includes modifying crl.pem/revoked     Adding a revoked server cert/key
 pair.     Adding a script to test with a revoked cert (scripts/crl.test)

---
 certs/crl/crl.pem             |  58 ++++++------
 certs/crl/crl.revoked         |  63 +++++++------
 certs/crl/gencrls.sh          |  28 ++++++
 certs/gen_revoked.sh          |  18 ++++
 certs/renewcerts.sh           |  33 +++----
 certs/server-revoked-cert.pem | 172 ++++++++++++++++++++++++++++++++++
 certs/server-revoked-key.pem  |  27 ++++++
 configure.ac                  |   3 +-
 scripts/crl.test              |  95 +++++++++++++++++++
 scripts/include.am            |   4 +
 10 files changed, 425 insertions(+), 76 deletions(-)
 create mode 100755 certs/gen_revoked.sh
 create mode 100644 certs/server-revoked-cert.pem
 create mode 100644 certs/server-revoked-key.pem
 create mode 100755 scripts/crl.test

diff --git a/certs/crl/crl.pem b/certs/crl/crl.pem
index 28311c760..caef4cd7a 100644
--- a/certs/crl/crl.pem
+++ b/certs/crl/crl.pem
@@ -2,38 +2,40 @@ Certificate Revocation List (CRL):
         Version 2 (0x1)
     Signature Algorithm: sha256WithRSAEncryption
         Issuer: /C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-        Last Update: May  7 18:21:01 2015 GMT
-        Next Update: Jan 31 18:21:01 2018 GMT
+        Last Update: Jul 22 16:17:45 2015 GMT
+        Next Update: Apr 17 16:17:45 2018 GMT
         CRL extensions:
             X509v3 CRL Number: 
-                1
-No Revoked Certificates.
+                6
+Revoked Certificates:
+    Serial Number: 02
+        Revocation Date: Jul 22 16:17:45 2015 GMT
     Signature Algorithm: sha256WithRSAEncryption
-         96:e2:b9:11:e0:e5:25:be:ab:69:e5:fa:8a:5c:7f:fc:6f:1d:
-         8f:4a:54:70:f8:2e:87:fa:b0:f6:fd:3f:8f:9c:75:8a:eb:62:
-         cc:dd:2c:0a:8c:31:9e:30:3f:22:9b:91:50:6b:43:fd:32:8a:
-         79:ea:0b:6b:68:6c:82:9c:79:da:20:95:83:25:5e:09:fc:57:
-         2d:19:f9:bc:5a:67:95:98:65:dc:2d:91:13:2a:81:c2:6d:ff:
-         12:48:6f:a4:ce:8a:b2:d3:19:b8:c2:86:e0:ba:91:3f:bb:ec:
-         c6:79:83:50:95:19:95:28:eb:ef:ff:bb:16:8f:3c:7d:4c:d1:
-         3e:c3:82:22:8f:c5:e8:0e:b3:64:8f:5d:53:32:d5:98:64:9c:
-         36:c4:6a:cf:68:21:4f:a8:4e:90:37:76:dc:05:70:66:2d:bc:
-         a0:d8:19:5c:96:90:d6:b9:09:56:46:07:be:3c:ae:08:bb:26:
-         26:21:2c:d1:48:01:88:28:bc:21:a4:97:b7:3b:f0:7e:67:73:
-         84:cf:21:43:e7:dd:53:9d:6a:59:c3:e5:98:c9:69:71:c3:e3:
-         70:28:ba:f9:69:0a:af:78:e5:83:02:13:7e:08:70:8c:f3:8b:
-         5d:96:b0:78:b9:d9:99:c5:1e:b7:45:dc:28:32:1a:d0:50:4b:
-         f4:41:92:19
+         7c:5c:fe:a6:cb:e9:78:ed:10:48:59:4a:e6:d9:96:68:ea:30:
+         43:ba:b8:99:d1:8b:96:5e:d9:52:4c:58:3f:c1:d4:98:f1:20:
+         46:02:0f:a3:25:7b:9c:06:c7:3d:5a:f1:00:bf:d2:d6:70:5c:
+         45:ee:dc:fa:22:58:36:f2:14:06:c4:18:c9:b4:f8:ff:54:56:
+         cf:ff:71:00:cd:a1:9a:3c:52:dc:6f:a6:c1:fa:67:2f:a9:4d:
+         7e:f7:da:c0:4c:29:34:53:8d:27:31:02:ad:05:35:3e:7d:8d:
+         ea:f7:2a:f8:57:cb:7f:da:27:54:3d:0b:c4:69:a7:40:8f:b3:
+         cb:fe:dc:76:90:57:aa:62:23:22:61:8a:d5:aa:f4:43:aa:30:
+         bd:9d:97:df:84:58:7c:f1:d6:78:9d:a9:4f:69:7a:a2:b5:0f:
+         a2:61:d0:53:93:ea:d1:0f:35:ea:d4:49:09:a1:53:7d:64:ed:
+         2a:c0:f3:78:d6:ad:07:38:01:56:d5:bb:66:cc:02:e7:a4:f6:
+         9f:65:64:98:f8:db:0d:ed:fc:29:2e:f6:e5:e9:d8:d7:68:97:
+         84:05:99:8e:e2:ad:1c:e6:ba:0d:05:46:5c:9a:6f:60:69:b3:
+         03:d1:af:b9:3c:52:de:08:48:20:1a:3c:86:49:a8:06:49:b8:
+         03:da:ba:89
 -----BEGIN X509 CRL-----
-MIIB7jCB1wIBATANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMxEDAOBgNV
+MIICBDCB7QIBATANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMxEDAOBgNV
 BAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNhd3Rvb3Ro
 MRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20x
-HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTE1MDUwNzE4MjEwMVoX
-DTE4MDEzMTE4MjEwMVqgDjAMMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBCwUAA4IB
-AQCW4rkR4OUlvqtp5fqKXH/8bx2PSlRw+C6H+rD2/T+PnHWK62LM3SwKjDGeMD8i
-m5FQa0P9Mop56gtraGyCnHnaIJWDJV4J/FctGfm8WmeVmGXcLZETKoHCbf8SSG+k
-zoqy0xm4wobgupE/u+zGeYNQlRmVKOvv/7sWjzx9TNE+w4Iij8XoDrNkj11TMtWY
-ZJw2xGrPaCFPqE6QN3bcBXBmLbyg2BlclpDWuQlWRge+PK4IuyYmISzRSAGIKLwh
-pJe3O/B+Z3OEzyFD591TnWpZw+WYyWlxw+NwKLr5aQqveOWDAhN+CHCM84tdlrB4
-udmZxR63RdwoMhrQUEv0QZIZ
+HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTE1MDcyMjE2MTc0NVoX
+DTE4MDQxNzE2MTc0NVowFDASAgECFw0xNTA3MjIxNjE3NDVaoA4wDDAKBgNVHRQE
+AwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAfFz+psvpeO0QSFlK5tmWaOowQ7q4mdGL
+ll7ZUkxYP8HUmPEgRgIPoyV7nAbHPVrxAL/S1nBcRe7c+iJYNvIUBsQYybT4/1RW
+z/9xAM2hmjxS3G+mwfpnL6lNfvfawEwpNFONJzECrQU1Pn2N6vcq+FfLf9onVD0L
+xGmnQI+zy/7cdpBXqmIjImGK1ar0Q6owvZ2X34RYfPHWeJ2pT2l6orUPomHQU5Pq
+0Q816tRJCaFTfWTtKsDzeNatBzgBVtW7ZswC56T2n2VkmPjbDe38KS725enY12iX
+hAWZjuKtHOa6DQVGXJpvYGmzA9GvuTxS3ghIIBo8hkmoBkm4A9q6iQ==
 -----END X509 CRL-----
diff --git a/certs/crl/crl.revoked b/certs/crl/crl.revoked
index 60152d880..6bef57e6b 100644
--- a/certs/crl/crl.revoked
+++ b/certs/crl/crl.revoked
@@ -2,40 +2,43 @@ Certificate Revocation List (CRL):
         Version 2 (0x1)
     Signature Algorithm: sha256WithRSAEncryption
         Issuer: /C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-        Last Update: May  7 18:21:01 2015 GMT
-        Next Update: Jan 31 18:21:01 2018 GMT
+        Last Update: Jul 22 16:17:45 2015 GMT
+        Next Update: Apr 17 16:17:45 2018 GMT
         CRL extensions:
             X509v3 CRL Number: 
-                2
+                7
 Revoked Certificates:
     Serial Number: 01
-        Revocation Date: May  7 18:21:01 2015 GMT
+        Revocation Date: Jul 22 16:17:45 2015 GMT
+    Serial Number: 02
+        Revocation Date: Jul 22 16:17:45 2015 GMT
     Signature Algorithm: sha256WithRSAEncryption
-         b7:34:2b:1c:09:6b:a2:9c:12:4f:fd:ef:69:4c:a4:1d:f2:39:
-         52:29:98:78:b2:86:ea:54:9b:29:e5:c2:88:0e:2f:f9:d2:5b:
-         9d:49:37:68:26:6c:45:61:d4:9d:05:ef:2d:ca:78:0a:d0:28:
-         c1:25:f2:f7:6a:ad:df:1d:eb:8a:66:64:4d:0c:02:91:fb:ff:
-         70:b4:36:b6:e4:79:17:d5:18:6a:72:17:e1:8b:31:49:04:98:
-         96:88:42:ea:8c:fe:91:40:5a:c5:ad:3b:da:9a:47:43:d6:e9:
-         f6:59:75:49:91:a9:e4:8b:c8:03:60:6b:36:69:87:71:f1:5b:
-         92:00:51:bb:fe:d5:4f:0d:0e:f2:56:38:e3:b6:cb:76:11:7b:
-         17:ad:a5:da:37:87:f2:49:af:73:42:56:ed:6c:a1:8d:46:5c:
-         dd:00:a7:8f:1f:5a:dd:d7:87:89:43:30:32:fe:e2:d4:b1:29:
-         12:11:ef:22:0d:8f:7f:c5:33:3b:a9:a7:52:0c:25:b8:0c:e6:
-         8a:8b:68:8f:55:84:65:04:c7:44:48:36:02:4d:4e:43:09:1d:
-         1f:3b:f9:4a:0e:ff:59:42:ca:be:0e:a7:79:89:19:31:73:5a:
-         45:6c:70:56:4d:1b:8a:59:c4:6d:ca:bc:f7:41:c4:f6:f0:fd:
-         9c:7e:f1:7e
+         7f:61:91:8a:8c:c1:23:f1:d4:98:d9:67:67:1e:d2:54:2a:ce:
+         b8:41:d1:f7:c4:88:84:01:a5:52:d6:42:d1:af:e6:c8:fb:13:
+         51:9e:2e:18:c1:e7:9d:83:81:79:d3:34:a3:14:a8:1c:7b:9e:
+         07:2b:fb:73:31:ce:17:52:69:80:cc:f7:fd:42:e3:1c:e0:63:
+         66:70:52:81:09:cc:be:51:02:2c:33:9a:ec:21:15:81:9f:7a:
+         10:d0:9c:23:f4:e6:b3:2b:e2:36:0e:fb:79:da:52:2c:bc:fa:
+         dd:9c:53:6b:48:b0:6a:56:5c:7b:87:53:18:94:c4:37:03:bf:
+         13:18:e3:a4:26:e0:66:0c:dc:e5:99:84:5d:36:69:01:f4:69:
+         d4:06:eb:43:ff:4f:f5:17:46:9d:b7:cb:45:ec:0d:9e:9c:4a:
+         96:3c:0b:92:c5:fb:de:d4:3f:af:a9:5e:b1:6f:9d:d7:8b:b5:
+         ab:86:b6:eb:00:da:b1:f4:6d:72:2d:9b:ec:f3:1b:2f:24:99:
+         d5:04:7b:4f:f8:7a:2e:4e:b6:ee:be:f8:50:d2:96:96:6f:f6:
+         3a:c2:7f:35:48:82:1a:84:64:03:e8:58:8e:0c:dc:62:97:cd:
+         82:ff:16:93:ac:44:14:e1:ae:fc:fb:52:25:b6:0d:70:ec:c4:
+         93:42:37:af
 -----BEGIN X509 CRL-----
-MIICBDCB7QIBATANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMxEDAOBgNV
-BAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNhd3Rvb3Ro
-MRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20x
-HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTE1MDUwNzE4MjEwMVoX
-DTE4MDEzMTE4MjEwMVowFDASAgEBFw0xNTA1MDcxODIxMDFaoA4wDDAKBgNVHRQE
-AwIBAjANBgkqhkiG9w0BAQsFAAOCAQEAtzQrHAlropwST/3vaUykHfI5UimYeLKG
-6lSbKeXCiA4v+dJbnUk3aCZsRWHUnQXvLcp4CtAowSXy92qt3x3rimZkTQwCkfv/
-cLQ2tuR5F9UYanIX4YsxSQSYlohC6oz+kUBaxa072ppHQ9bp9ll1SZGp5IvIA2Br
-NmmHcfFbkgBRu/7VTw0O8lY447bLdhF7F62l2jeH8kmvc0JW7WyhjUZc3QCnjx9a
-3deHiUMwMv7i1LEpEhHvIg2Pf8UzO6mnUgwluAzmiotoj1WEZQTHREg2Ak1OQwkd
-Hzv5Sg7/WULKvg6neYkZMXNaRWxwVk0bilnEbcq890HE9vD9nH7xfg==
+MIICGTCCAQECAQEwDQYJKoZIhvcNAQELBQAwgZQxCzAJBgNVBAYTAlVTMRAwDgYD
+VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290
+aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t
+MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0xNTA3MjIxNjE3NDVa
+Fw0xODA0MTcxNjE3NDVaMCgwEgIBARcNMTUwNzIyMTYxNzQ1WjASAgECFw0xNTA3
+MjIxNjE3NDVaoA4wDDAKBgNVHRQEAwIBBzANBgkqhkiG9w0BAQsFAAOCAQEAf2GR
+iozBI/HUmNlnZx7SVCrOuEHR98SIhAGlUtZC0a/myPsTUZ4uGMHnnYOBedM0oxSo
+HHueByv7czHOF1JpgMz3/ULjHOBjZnBSgQnMvlECLDOa7CEVgZ96ENCcI/Tmsyvi
+Ng77edpSLLz63ZxTa0iwalZce4dTGJTENwO/ExjjpCbgZgzc5ZmEXTZpAfRp1Abr
+Q/9P9RdGnbfLRewNnpxKljwLksX73tQ/r6lesW+d14u1q4a26wDasfRtci2b7PMb
+LySZ1QR7T/h6Lk627r74UNKWlm/2OsJ/NUiCGoRkA+hYjgzcYpfNgv8Wk6xEFOGu
+/PtSJbYNcOzEk0I3rw==
 -----END X509 CRL-----
diff --git a/certs/crl/gencrls.sh b/certs/crl/gencrls.sh
index a18ecf3f7..3e500ff84 100755
--- a/certs/crl/gencrls.sh
+++ b/certs/crl/gencrls.sh
@@ -2,9 +2,36 @@
 
 # gencrls, crl config already done, see taoCerts.txt for setup
 
+function setup_files() {
+    #set up the file system for updating the crls
+    echo "setting up the file system for generating the crls..."
+    echo ""
+    touch ./index.txt
+    touch ./crlnumber
+    echo "01" >> crlnumber
+    touch ./blank.index.txt
+    mkdir demoCA
+    touch ./demoCA/index.txt
+}
 
+function cleanup_files() {
+    rm blank.index.txt
+    rm index.*
+    rm crlnumber*
+    rm -r demoCA
+    echo "Removed ../wolfssl.cnf, blank.index.txt, index.*, crlnumber*, demoCA/"
+    echo ""
+    exit 0
+}
+trap cleanup_files EXIT
+
+#setup the files
+setup_files
 
 # caCrl
+# revoke server-revoked-cert.pem
+openssl ca -config ../renewcerts/wolfssl.cnf -revoke ../server-revoked-cert.pem -keyfile ../ca-key.pem -cert ../ca-cert.pem
+
 openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 1000 -out crl.pem -keyfile ../ca-key.pem -cert ../ca-cert.pem
 
 # metadata
@@ -55,3 +82,4 @@ mv tmp eccSrvCRL.pem
 # install (only needed if working outside wolfssl)
 #cp eccSrvCRL.pem ~/wolfssl/certs/crl/eccSrvCRL.pem
 
+exit 0
diff --git a/certs/gen_revoked.sh b/certs/gen_revoked.sh
new file mode 100755
index 000000000..e42073d70
--- /dev/null
+++ b/certs/gen_revoked.sh
@@ -0,0 +1,18 @@
+    ###########################################################
+    ########## update and sign server-revoked-key.pem ################
+    ###########################################################
+    echo "Updating server-revoked-cert.pem"
+    echo ""
+    #pipe the following arguments to openssl req...
+    echo -e "US\nMontana\nBozeman\nwolfSSL\nSupport\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key server-revoked-key.pem -nodes > server-revoked-req.pem
+
+    openssl x509 -req -in server-revoked-req.pem -extfile wolfssl.cnf -extensions wolfssl_opts -days 1000 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 02 > server-revoked-cert.pem
+
+    rm server-revoked-req.pem
+
+    openssl x509 -in ca-cert.pem -text > ca_tmp.pem
+    openssl x509 -in server-revoked-cert.pem -text > srv_tmp.pem
+    mv srv_tmp.pem server-revoked-cert.pem
+    cat ca_tmp.pem >> server-revoked-cert.pem
+    rm ca_tmp.pem
+
diff --git a/certs/renewcerts.sh b/certs/renewcerts.sh
index a048b631d..c163dcab9 100755
--- a/certs/renewcerts.sh
+++ b/certs/renewcerts.sh
@@ -98,6 +98,23 @@ function run_renewcerts(){
     mv srv_tmp.pem server-cert.pem
     cat ca_tmp.pem >> server-cert.pem
     rm ca_tmp.pem
+    ###########################################################
+    ########## update and sign server-revoked-key.pem #########
+    ###########################################################
+    echo "Updating server-revoked-cert.pem"
+    echo ""
+    #pipe the following arguments to openssl req...
+    echo -e "US\nMontana\nBozeman\nwolfSSL\nSupport\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key server-revoked-key.pem -nodes > server-revoked-req.pem
+
+    openssl x509 -req -in server-revoked-req.pem -extfile wolfssl.cnf -extensions wolfssl_opts -days 1000 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 02 > server-revoked-cert.pem
+
+    rm server-revoked-req.pem
+
+    openssl x509 -in ca-cert.pem -text > ca_tmp.pem
+    openssl x509 -in server-revoked-cert.pem -text > srv_tmp.pem
+    mv srv_tmp.pem server-revoked-cert.pem
+    cat ca_tmp.pem >> server-revoked-cert.pem
+    rm ca_tmp.pem
     ############################################################
     ########## update and sign the server-ecc-rsa.pem ##########
     ############################################################
@@ -181,16 +198,6 @@ function run_renewcerts(){
     echo "We are back in the certs directory"
     echo ""
 
-    #set up the file system for updating the crls
-    echo "setting up the file system for generating the crls..."
-    echo ""
-    touch crl/index.txt
-    touch crl/crlnumber
-    echo "01" >> crl/crlnumber
-    touch crl/blank.index.txt
-    mkdir crl/demoCA
-    touch crl/demoCA/index.txt
-
     echo "Updating the crls..."
     echo ""
     cd crl
@@ -205,12 +212,6 @@ function run_renewcerts(){
     echo ""
 
     rm ../wolfssl.cnf
-    rm blank.index.txt
-    rm index.*
-    rm crlnumber*
-    rm -r demoCA
-    echo "Removed ../wolfssl.cnf, blank.index.txt, index.*, crlnumber*, demoCA/"
-    echo ""
 
 }
 
diff --git a/certs/server-revoked-cert.pem b/certs/server-revoked-cert.pem
new file mode 100644
index 000000000..c4d4cc68d
--- /dev/null
+++ b/certs/server-revoked-cert.pem
@@ -0,0 +1,172 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 2 (0x2)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+        Validity
+            Not Before: Jul 22 16:17:13 2015 GMT
+            Not After : Apr 17 16:17:13 2018 GMT
+        Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL, OU=Support, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:b0:14:16:3a:43:dd:e1:50:45:4f:cf:80:b3:dd:
+                    66:96:c7:e9:f4:dc:de:b6:6b:24:1b:76:48:ac:c6:
+                    23:a5:a7:e4:05:19:bd:b7:f6:de:fa:ff:ed:5b:3c:
+                    79:8a:a9:d5:f1:fb:eb:c8:b1:e4:b2:ab:52:72:89:
+                    93:22:5c:ba:cd:8a:36:2a:2c:d1:40:ec:a8:66:0e:
+                    c3:76:cd:e7:b3:a3:0a:1e:dd:4a:07:82:17:81:ba:
+                    de:57:ce:b6:32:81:c7:bd:11:bb:e9:15:22:4e:e2:
+                    16:ac:e3:d4:c0:68:88:6c:11:fc:c2:bd:1b:db:1d:
+                    fd:e6:43:c7:1b:33:b8:f4:e5:1b:59:39:12:38:4d:
+                    2d:9b:64:68:98:fc:8d:72:12:91:f2:24:25:6c:4c:
+                    4a:48:57:92:00:cc:7e:d8:d4:3d:b8:1d:f2:9e:ea:
+                    b2:23:0f:51:0f:11:41:1c:f5:27:00:1b:08:7a:12:
+                    3a:05:5b:03:24:fe:b1:7b:20:fa:e4:a8:58:c6:ca:
+                    ce:7f:be:95:01:12:9d:05:e6:39:13:1b:c0:3e:56:
+                    2e:2b:9f:76:37:de:de:9b:e0:0d:7a:63:0d:a7:22:
+                    58:db:31:c7:f7:b4:46:5c:ba:b6:4b:48:b1:18:9a:
+                    68:b3:63:47:fd:af:12:5f:2f:fe:10:cb:58:2b:33:
+                    68:85
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                D8:09:2B:59:E1:2A:EE:D9:EE:40:AA:9C:AB:F0:5D:28:09:4F:22:BB
+            X509v3 Authority Key Identifier: 
+                keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
+                DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+                serial:D9:80:3A:C3:D2:F4:DA:37
+
+            X509v3 Basic Constraints: 
+                CA:TRUE
+    Signature Algorithm: sha256WithRSAEncryption
+         9a:f1:4a:20:31:d1:06:ac:6f:88:ff:c5:c1:db:85:cf:a1:bc:
+         25:6a:04:12:9a:5e:23:31:ab:d1:aa:cb:a2:a7:0e:8f:9a:2d:
+         f2:84:5b:40:05:6f:fb:9c:88:e8:a7:92:a4:95:aa:34:c3:7a:
+         8c:95:6f:a1:30:9a:a7:0c:1c:57:e0:76:ad:4b:53:c1:71:b3:
+         8d:11:96:59:0c:c9:2b:92:69:bb:5a:48:55:23:77:dd:26:0b:
+         34:ec:25:98:7a:3b:a5:de:ed:0b:d0:05:80:cc:d2:db:9e:3c:
+         9e:b2:49:97:38:06:28:48:44:a8:75:88:43:2c:bc:44:44:4f:
+         9a:33:08:8f:dc:8a:51:ce:7e:0f:d6:10:95:01:e1:b4:65:0f:
+         0a:9f:23:b0:76:e8:10:c4:ac:80:97:e4:93:1a:ce:1a:a4:ea:
+         9d:5d:89:93:ca:83:c0:b0:19:eb:c9:58:f7:bf:22:c0:6f:7d:
+         4e:1f:44:69:47:b0:d0:3c:07:db:dc:95:7c:cf:32:fc:3b:4d:
+         43:42:c0:c4:cc:af:5a:f0:4e:e1:65:15:12:7d:bd:bc:68:72:
+         4c:ae:e5:8a:81:21:fb:1a:45:3f:89:f3:2a:a3:c1:e0:49:8b:
+         c1:2b:9f:fd:99:54:d4:84:5f:ec:2a:8e:ba:06:23:85:3f:a1:
+         d9:57:c0:ee
+-----BEGIN CERTIFICATE-----
+MIIEnjCCA4agAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx
+EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh
+d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz
+bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUwNzIy
+MTYxNzEzWhcNMTgwNDE3MTYxNzEzWjCBkDELMAkGA1UEBhMCVVMxEDAOBgNVBAgM
+B01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xEDAOBgNVBAoMB3dvbGZTU0wxEDAO
+BgNVBAsMB1N1cHBvcnQxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqG
+SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBALAUFjpD3eFQRU/PgLPdZpbH6fTc3rZrJBt2SKzGI6Wn5AUZvbf2
+3vr/7Vs8eYqp1fH768ix5LKrUnKJkyJcus2KNios0UDsqGYOw3bN57OjCh7dSgeC
+F4G63lfOtjKBx70Ru+kVIk7iFqzj1MBoiGwR/MK9G9sd/eZDxxszuPTlG1k5EjhN
+LZtkaJj8jXISkfIkJWxMSkhXkgDMftjUPbgd8p7qsiMPUQ8RQRz1JwAbCHoSOgVb
+AyT+sXsg+uSoWMbKzn++lQESnQXmORMbwD5WLiufdjfe3pvgDXpjDaciWNsxx/e0
+Rly6tktIsRiaaLNjR/2vEl8v/hDLWCszaIUCAwEAAaOB/DCB+TAdBgNVHQ4EFgQU
+2AkrWeEq7tnuQKqcq/BdKAlPIrswgckGA1UdIwSBwTCBvoAUJ45nEXTDJh0/7TNj
+s6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5h
+MRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290aDETMBEGA1UECwwK
+Q29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcN
+AQkBFhBpbmZvQHdvbGZzc2wuY29tggkA2YA6w9L02jcwDAYDVR0TBAUwAwEB/zAN
+BgkqhkiG9w0BAQsFAAOCAQEAmvFKIDHRBqxviP/FwduFz6G8JWoEEppeIzGr0arL
+oqcOj5ot8oRbQAVv+5yI6KeSpJWqNMN6jJVvoTCapwwcV+B2rUtTwXGzjRGWWQzJ
+K5Jpu1pIVSN33SYLNOwlmHo7pd7tC9AFgMzS2548nrJJlzgGKEhEqHWIQyy8RERP
+mjMIj9yKUc5+D9YQlQHhtGUPCp8jsHboEMSsgJfkkxrOGqTqnV2Jk8qDwLAZ68lY
+978iwG99Th9EaUew0DwH29yVfM8y/DtNQ0LAxMyvWvBO4WUVEn29vGhyTK7lioEh
++xpFP4nzKqPB4EmLwSuf/ZlU1IRf7CqOugYjhT+h2VfA7g==
+-----END CERTIFICATE-----
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 15672591315981621815 (0xd9803ac3d2f4da37)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+        Validity
+            Not Before: May  7 18:21:01 2015 GMT
+            Not After : Jan 31 18:21:01 2018 GMT
+        Subject: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:bf:0c:ca:2d:14:b2:1e:84:42:5b:cd:38:1f:4a:
+                    f2:4d:75:10:f1:b6:35:9f:df:ca:7d:03:98:d3:ac:
+                    de:03:66:ee:2a:f1:d8:b0:7d:6e:07:54:0b:10:98:
+                    21:4d:80:cb:12:20:e7:cc:4f:de:45:7d:c9:72:77:
+                    32:ea:ca:90:bb:69:52:10:03:2f:a8:f3:95:c5:f1:
+                    8b:62:56:1b:ef:67:6f:a4:10:41:95:ad:0a:9b:e3:
+                    a5:c0:b0:d2:70:76:50:30:5b:a8:e8:08:2c:7c:ed:
+                    a7:a2:7a:8d:38:29:1c:ac:c7:ed:f2:7c:95:b0:95:
+                    82:7d:49:5c:38:cd:77:25:ef:bd:80:75:53:94:3c:
+                    3d:ca:63:5b:9f:15:b5:d3:1d:13:2f:19:d1:3c:db:
+                    76:3a:cc:b8:7d:c9:e5:c2:d7:da:40:6f:d8:21:dc:
+                    73:1b:42:2d:53:9c:fe:1a:fc:7d:ab:7a:36:3f:98:
+                    de:84:7c:05:67:ce:6a:14:38:87:a9:f1:8c:b5:68:
+                    cb:68:7f:71:20:2b:f5:a0:63:f5:56:2f:a3:26:d2:
+                    b7:6f:b1:5a:17:d7:38:99:08:fe:93:58:6f:fe:c3:
+                    13:49:08:16:0b:a7:4d:67:00:52:31:67:23:4e:98:
+                    ed:51:45:1d:b9:04:d9:0b:ec:d8:28:b3:4b:bd:ed:
+                    36:79
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
+            X509v3 Authority Key Identifier: 
+                keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
+                DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+                serial:D9:80:3A:C3:D2:F4:DA:37
+
+            X509v3 Basic Constraints: 
+                CA:TRUE
+    Signature Algorithm: sha256WithRSAEncryption
+         7a:af:44:3b:aa:6f:53:42:b2:33:aa:43:5f:56:30:d3:b9:96:
+         0b:9a:55:5a:39:2a:0b:4e:e4:2e:f1:95:66:c9:86:36:82:8d:
+         63:7c:4d:a2:ee:48:ba:03:c7:90:d7:a7:c6:74:60:48:5f:31:
+         a2:f9:5e:3e:c3:82:e1:e5:2f:41:81:83:29:25:79:d1:53:00:
+         69:3c:ed:0a:30:3b:41:1d:92:a1:2c:a8:9d:2c:e3:23:87:79:
+         e0:55:6e:91:a8:50:da:46:2f:c2:20:50:3e:2b:47:97:14:b0:
+         7d:04:ba:45:51:d0:6e:e1:5a:a2:4b:84:9c:4d:cd:85:04:f9:
+         28:31:82:93:bc:c7:59:49:91:03:e8:df:6a:e4:56:ad:6a:cb:
+         1f:0d:37:e4:5e:bd:e7:9f:d5:ec:9d:3c:18:25:9b:f1:2f:50:
+         7d:eb:31:cb:f1:63:22:9d:57:fc:f3:84:20:1a:c6:07:87:92:
+         26:9e:15:18:59:33:06:dc:fb:b0:b6:76:5d:f1:c1:2f:c8:2f:
+         62:9c:c0:d6:de:eb:65:77:f3:5c:a6:c3:88:27:96:75:b4:f4:
+         54:cd:ff:2d:21:2e:96:f0:07:73:4b:e9:93:92:90:de:62:d9:
+         a3:3b:ac:6e:24:5f:27:4a:b3:94:70:ff:30:17:e7:7e:32:8f:
+         65:b7:75:58
+-----BEGIN CERTIFICATE-----
+MIIEqjCCA5KgAwIBAgIJANmAOsPS9No3MA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD
+VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G
+A1UECgwIU2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3
+dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAe
+Fw0xNTA1MDcxODIxMDFaFw0xODAxMzExODIxMDFaMIGUMQswCQYDVQQGEwJVUzEQ
+MA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3
+dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3Ns
+LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAL8Myi0Ush6EQlvNOB9K8k11EPG2NZ/fyn0D
+mNOs3gNm7irx2LB9bgdUCxCYIU2AyxIg58xP3kV9yXJ3MurKkLtpUhADL6jzlcXx
+i2JWG+9nb6QQQZWtCpvjpcCw0nB2UDBbqOgILHztp6J6jTgpHKzH7fJ8lbCVgn1J
+XDjNdyXvvYB1U5Q8PcpjW58VtdMdEy8Z0TzbdjrMuH3J5cLX2kBv2CHccxtCLVOc
+/hr8fat6Nj+Y3oR8BWfOahQ4h6nxjLVoy2h/cSAr9aBj9VYvoybSt2+xWhfXOJkI
+/pNYb/7DE0kIFgunTWcAUjFnI06Y7VFFHbkE2Qvs2CizS73tNnkCAwEAAaOB/DCB
++TAdBgNVHQ4EFgQUJ45nEXTDJh0/7TNjs6TYHTDl6NUwgckGA1UdIwSBwTCBvoAU
+J45nEXTDJh0/7TNjs6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYD
+VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290
+aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t
+MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkA2YA6w9L02jcwDAYD
+VR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAeq9EO6pvU0KyM6pDX1Yw07mW
+C5pVWjkqC07kLvGVZsmGNoKNY3xNou5IugPHkNenxnRgSF8xovlePsOC4eUvQYGD
+KSV50VMAaTztCjA7QR2SoSyonSzjI4d54FVukahQ2kYvwiBQPitHlxSwfQS6RVHQ
+buFaokuEnE3NhQT5KDGCk7zHWUmRA+jfauRWrWrLHw035F6955/V7J08GCWb8S9Q
+fesxy/FjIp1X/POEIBrGB4eSJp4VGFkzBtz7sLZ2XfHBL8gvYpzA1t7rZXfzXKbD
+iCeWdbT0VM3/LSEulvAHc0vpk5KQ3mLZozusbiRfJ0qzlHD/MBfnfjKPZbd1WA==
+-----END CERTIFICATE-----
diff --git a/certs/server-revoked-key.pem b/certs/server-revoked-key.pem
new file mode 100644
index 000000000..3cf5640ec
--- /dev/null
+++ b/certs/server-revoked-key.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpQIBAAKCAQEAsBQWOkPd4VBFT8+As91mlsfp9NzetmskG3ZIrMYjpafkBRm9
+t/be+v/tWzx5iqnV8fvryLHksqtScomTIly6zYo2KizRQOyoZg7Dds3ns6MKHt1K
+B4IXgbreV862MoHHvRG76RUiTuIWrOPUwGiIbBH8wr0b2x395kPHGzO49OUbWTkS
+OE0tm2RomPyNchKR8iQlbExKSFeSAMx+2NQ9uB3ynuqyIw9RDxFBHPUnABsIehI6
+BVsDJP6xeyD65KhYxsrOf76VARKdBeY5ExvAPlYuK592N97em+ANemMNpyJY2zHH
+97RGXLq2S0ixGJpos2NH/a8SXy/+EMtYKzNohQIDAQABAoIBAQCfamBBekZ9gxZt
+ztmgfvgt1WutZPdCwzgaoPnlazLE/X9FWuvYjeuN5n44V0VXVLK99q6fsufzF4d6
+6bHLr5b1Fog5oQAHPvysAfvYKU345sj37rPinla3/r7lUuLEUZnMRS0TNy4rqyiK
+eW+akEnLRnHIwjxhIwNIId83cpmnJfE7ZV7svZvk6Ctc//prFa/Y2AwkZcM2j2iG
+xc4kOXr0Y8DE4FYQEZgdJCoYfVDihcwtVXUGm+ZMBNhLzK/KuSxdjL6ySzdCSE9M
+mS4ZJPManR9LOIGsKlFsJrGWnFOm/GOMkzdBSLoEqRogHhYsvn7oDnLMHqPA/gE0
+M85ytBkVAoGBAOO/tTCd94kDfkXar+5+KvcYwQbwnMIbrN0TiIudpaSnE0dBFqU3
+oNC2K+PoGBgwEsEr2ThZCMAbz7NQJYmmNlNlSMNBzeud59F3BqMk3J6k62E0+Fnt
+C8OFfZ8V0vbdGehmeArEqHDcRJZBFsrUWb2/9/j4OYpnsozkp6H1pWQrAoGBAMXr
+jouX1qXLfKvYEpOKaSf+yjfULjT33ib885Nw2xlRzI6wkjHFsb8DERK36PA3CakU
+cdXb923tMMlLoCvSdDd6Qnx1TLRbYaJSFaOLt2we94AvjHtijM6vO7ftd1XvRWer
+/Ip9NT9X1NZxP/NTyUL3DgRmXE4L32fr2FFQEJ4PAoGBAKr2QeFY83RatvNhEigJ
+dd8/Kcc337SmacEa5KlJkgpjkMkwRvuHIqUJ2zCeDVg63hk7/TebPkJXnjaQt1z4
+9Fbt9Qz93MI+KsLGgqj9Bs/gJQE3biazFt2S25YMH+1IVCZspTgQIBF4h9Py0FU5
+ypPyAwdV7nvDE/lHu76MU7c5AoGBALUxR5ioc0vplMNF1wvXpRmGet7Nk1fOrESJ
+QvzyTsNJTbo8EDscv/Mc/Z5jXA++c0uleenNrSGoCgffAk3cJ6U6em+ye3yKREH0
+X/cPy+ZiGzfxT+0NddcqOcPS1HOJz8Jvg43Nvte0sxd3KpK7W//AacbBZzPUTry2
+/5zBbdUlAoGAYglAtoHIC0mQxAe6PXy/QRmgj87fPGsbVFOUwBf8Il2UKpfX9blv
+0rHb0kenc/DP7ZHZTgdc5qGgRyg0d3+O7W2rWTv1MiX85rUE03TCcyC2l1+M+iyx
+6IdHDjYwa4Kt0nT1JxEMjJxe1uhzJfgYJlcz5Iy4ff0xb8/aH0veedc=
+-----END RSA PRIVATE KEY-----
diff --git a/configure.ac b/configure.ac
index e66b68718..718675ae9 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1414,7 +1414,7 @@ then
 fi
 
 
-# CRL 
+# CRL
 AC_ARG_ENABLE([crl],
     [  --enable-crl            Enable CRL (default: disabled)],
     [ ENABLED_CRL=$enableval ],
@@ -1428,7 +1428,6 @@ fi
 
 AM_CONDITIONAL([BUILD_CRL], [test "x$ENABLED_CRL" = "xyes"])
 
-
 # CRL Monitor
 AC_ARG_ENABLE([crl-monitor],
     [  --enable-crl-monitor    Enable CRL Monitor (default: disabled)],
diff --git a/scripts/crl.test b/scripts/crl.test
new file mode 100755
index 000000000..421359520
--- /dev/null
+++ b/scripts/crl.test
@@ -0,0 +1,95 @@
+#!/bin/bash
+
+#crl.test
+
+log_file="scripts/client_result.txt"
+success_line="err = -361, CRL Cert revoked"
+exit_code=-1
+
+crl_port=11113
+#no_pid tells us process was never started if -1
+no_pid=-1
+#server_pid captured on startup, stores the id of the server process
+server_pid=$no_pid
+
+function remove_ready_file() {
+    if test -e /tmp/wolfssl_server_ready; then
+        echo -e "removing exisitng server_ready file"
+        rm /tmp/wolfssl_server_ready
+    fi
+}
+
+function remove_log_file() {
+    if test -e $log_file; then
+        echo -e "removing client log file"
+        rm $log_file
+    fi
+}
+
+# trap this function so if user aborts with ^C or other kill signal we still
+# get an exit that will in turn clean up the file system
+function abort_trap() {
+    exit_code=-2 #different exit code in case of user interrupt
+    echo "got abort signal, exiting with $exit_code"
+    exit $exit_code
+}
+trap abort_trap INT TERM
+
+
+# trap this function so that if we exit on an error the file system will still
+# be restored and the other tests may still pass. Never call this function
+# instead use "exit <some value>" and this function will run automatically
+function restore_file_system() {
+    echo "in cleanup"
+
+    if  [ $server_pid != $no_pid ]
+    then
+        echo "killing server"
+        kill -9 $server_pid
+    fi
+    remove_ready_file
+    remove_log_file
+}
+trap restore_file_system EXIT
+
+function run_test() {
+    echo -e "\nStarting example server for crl test...\n"
+
+    remove_ready_file
+
+    # starts the server on crl_port, -R generates ready file to be used as a
+    # mutex lock, -c loads the revoked certificate. We capture the processid
+    # into the variable server_pid
+    ./examples/server/server -R -p $crl_port -c certs/server-revoked-cert.pem &
+    server_pid=$!
+
+    while [ ! -s /tmp/wolfssl_server_ready ]; do
+        echo -e "waiting for server_ready file..."
+        sleep 0.1
+    done
+
+    # starts client on crl_port and redirects output to log_file
+    ./examples/client/client -p $crl_port &> $log_file
+    client_result=$?
+
+    if test -e $log_file
+    then
+        while read line;
+        do
+            if [[ "x$success_line" == "x$line" ]]
+            then
+                echo "Successful Revocation!!!!"
+            fi
+        done < $log_file
+    fi
+}
+
+
+######### begin program #########
+
+# run the test
+run_test
+exit_code=0
+echo "exiting with $exit_code"
+exit $exit_code
+########## end program ##########
diff --git a/scripts/include.am b/scripts/include.am
index 924634aa7..95ddbb4dd 100644
--- a/scripts/include.am
+++ b/scripts/include.am
@@ -16,4 +16,8 @@ dist_noinst_SCRIPTS+= scripts/google.test
 endif
 endif
 
+if BUILD_CRL
+dist_noinst_SCRIPTS+= scripts/crl.test
+endif
+
 EXTRA_DIST +=  scripts/testsuite.pcap

From 8951d72f03c2c9d13f1cfc9d448e842982635c36 Mon Sep 17 00:00:00 2001
From: Ludovic FLAMENT <ludovic.flament@cryptograph-ic.com>
Date: Thu, 23 Jul 2015 13:24:20 +0200
Subject: [PATCH 232/350] Merge branch 'master' of
 https://github.com/wolfSSL/wolfssl

Fix DSA key generation
---
 .../Projects/CryptBenchmark/benchmark.c       |   2 +-
 IDE/MDK5-ARM/Projects/CryptTest/test.c        |   2 +-
 IDE/WIN/README.txt                            |  21 +-
 IDE/WIN/test.vcxproj                          |  17 +-
 IDE/WIN/wolfssl-fips.vcxproj                  |  24 +-
 LICENSING                                     |   6 +-
 README                                        |  13 +-
 README.md                                     |  12 +
 configure.ac                                  | 147 +++-
 cyassl/ctaocrypt/blake2-impl.h                |   2 +-
 cyassl/ctaocrypt/blake2-int.h                 |   2 +-
 mcapi/crypto.h                                |   2 +-
 scripts/resume.test                           |  16 +-
 src/internal.c                                |  16 +-
 src/ssl.c                                     | 770 +++++++++++++-----
 src/tls.c                                     |   8 +-
 support/wolfssl.pc                            |   2 +-
 tests/test-qsh.conf                           |   3 +
 tests/test.conf                               |   3 +
 wolfcrypt/benchmark/benchmark.c               |   2 +-
 wolfcrypt/src/asn.c                           |   2 +-
 wolfcrypt/src/coding.c                        |  35 +-
 wolfcrypt/src/dsa.c                           | 110 ++-
 wolfcrypt/src/ecc.c                           |   2 +-
 wolfcrypt/src/integer.c                       |  42 +-
 wolfcrypt/src/tfm.c                           |   9 +-
 wolfcrypt/test/test.c                         | 128 ++-
 wolfssl/internal.h                            |  12 +-
 wolfssl/openssl/asn1.h                        |  17 +
 wolfssl/openssl/bn.h                          |   4 +-
 wolfssl/openssl/crypto.h                      |   8 +
 wolfssl/openssl/dh.h                          |   7 +-
 wolfssl/openssl/ecdh.h                        |   2 +-
 wolfssl/openssl/ecdsa.h                       |   3 +-
 wolfssl/openssl/err.h                         |   3 +-
 wolfssl/openssl/opensslv.h                    |  10 +-
 wolfssl/openssl/rand.h                        |   2 +
 wolfssl/openssl/ssl.h                         |  76 +-
 wolfssl/ssl.h                                 | 120 ++-
 wolfssl/version.h                             |   4 +-
 wolfssl/wolfcrypt/coding.h                    |   9 +
 wolfssl/wolfcrypt/ecc.h                       |   1 +
 wolfssl/wolfcrypt/logging.h                   |   5 +
 43 files changed, 1254 insertions(+), 427 deletions(-)

diff --git a/IDE/MDK5-ARM/Projects/CryptBenchmark/benchmark.c b/IDE/MDK5-ARM/Projects/CryptBenchmark/benchmark.c
index 417ae3177..fa13b8b80 100644
--- a/IDE/MDK5-ARM/Projects/CryptBenchmark/benchmark.c
+++ b/IDE/MDK5-ARM/Projects/CryptBenchmark/benchmark.c
@@ -52,7 +52,7 @@
     #include "cavium_ioctl.h"
 #endif
 #ifdef HAVE_NTRU
-    #include "ntru_crypto.h"
+    #include "libntruencrypt/ntru_crypto.h"
 #endif
 
 #if defined(CYASSL_MDK_ARM)
diff --git a/IDE/MDK5-ARM/Projects/CryptTest/test.c b/IDE/MDK5-ARM/Projects/CryptTest/test.c
index ac5c775b2..167832eae 100644
--- a/IDE/MDK5-ARM/Projects/CryptTest/test.c
+++ b/IDE/MDK5-ARM/Projects/CryptTest/test.c
@@ -101,7 +101,7 @@
 #endif
 
 #ifdef HAVE_NTRU
-    #include "ntru_crypto.h"
+    #include "libntruencrypt/ntru_crypto.h"
 #endif
 #ifdef HAVE_CAVIUM
     #include "cavium_sysdep.h"
diff --git a/IDE/WIN/README.txt b/IDE/WIN/README.txt
index d2ed0faaa..81695ded9 100644
--- a/IDE/WIN/README.txt
+++ b/IDE/WIN/README.txt
@@ -3,7 +3,7 @@
 First, if you did not get the FIPS files with your archive, you must contact
 wolfSSL to obtain them.
 
-# On Building the wolfssl-fips project
+# Building the wolfssl-fips project
 
 The wolfCrypt FIPS library for Windows is a part of the wolfSSL library. It
 must be built as a static library.
@@ -14,10 +14,25 @@ There are two functions added to the library that are used as markers in
 memory for the in-core memory check of the code. WPO consolidates them into a
 single function. WPO also optimizes away the automatic FIPS entry function.
 
-A project using the library must disable 
-
 Each of the source files inside the FIPS boundary defines their own code and
 constant section. The code section names start with ".fipsA$" and the constant
 section names start with ".fipsB$". Each subsection has a letter to organize
 them in a secific order. This specific ordering puts marker functions and
 constants on either end of the boundary so it can be hashed.
+
+# In Core Memory Test
+
+The In Core Memory test calculates a checksum (HMAC-SHA256) of the wolfCrypt
+FIPS library code and constant data and compares it with a known value in
+the code.
+
+The Randomized Base Address setting doesn't cause any problems because
+(I believe) that the addrsses in the executable are all offsets from the base
+rather than absolute addresses.
+
+The "verifyCore" check value in the source fips_test.c needs to be updated when
+building the code. The POS performs this check and the default failure callback
+will print out the calculated checksum. When developing your code, copy this
+value and paste it back into your code in the verifyCore initializer then
+rebuild the code. When statically linking, you may have to recalculate your
+check value when changing your application.
diff --git a/IDE/WIN/test.vcxproj b/IDE/WIN/test.vcxproj
index 47681399b..38e264b20 100644
--- a/IDE/WIN/test.vcxproj
+++ b/IDE/WIN/test.vcxproj
@@ -111,7 +111,7 @@
     <ClCompile>
       <Optimization>Disabled</Optimization>
       <AdditionalIncludeDirectories>..\..\;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;USE_CERT_BUFFERS_2048;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;USE_CERT_BUFFERS_2048;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
       <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
       <PrecompiledHeader />
@@ -130,7 +130,7 @@
     <ClCompile>
       <Optimization>Disabled</Optimization>
       <AdditionalIncludeDirectories>..\..\;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;USE_CERT_BUFFERS_2048;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;USE_CERT_BUFFERS_2048;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
       <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
       <PrecompiledHeader />
@@ -147,7 +147,7 @@
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
     <ClCompile>
       <AdditionalIncludeDirectories>..\..\;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;USE_CERT_BUFFERS_2048;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;USE_CERT_BUFFERS_2048;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
       <PrecompiledHeader />
       <WarningLevel>Level3</WarningLevel>
@@ -167,7 +167,7 @@
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
     <ClCompile>
       <AdditionalIncludeDirectories>..\..\;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;USE_CERT_BUFFERS_2048;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;USE_CERT_BUFFERS_2048;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
       <PrecompiledHeader />
       <WarningLevel>Level3</WarningLevel>
@@ -181,14 +181,13 @@
       <OptimizeReferences>true</OptimizeReferences>
       <EnableCOMDATFolding>true</EnableCOMDATFolding>
       <LinkTimeCodeGeneration>UseLinkTimeCodeGeneration</LinkTimeCodeGeneration>
-      <RandomizedBaseAddress>false</RandomizedBaseAddress>
     </Link>
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|Win32'">
     <ClCompile>
       <Optimization>Disabled</Optimization>
       <AdditionalIncludeDirectories>..\..\;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;USE_CERT_BUFFERS_2048;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;USE_CERT_BUFFERS_2048;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
       <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
       <PrecompiledHeader />
@@ -207,7 +206,7 @@
     <ClCompile>
       <Optimization>Disabled</Optimization>
       <AdditionalIncludeDirectories>..\..\;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;USE_CERT_BUFFERS_2048;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;USE_CERT_BUFFERS_2048;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
       <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
       <PrecompiledHeader />
@@ -224,7 +223,7 @@
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'">
     <ClCompile>
       <AdditionalIncludeDirectories>..\..\;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;USE_CERT_BUFFERS_2048;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;USE_CERT_BUFFERS_2048;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
       <PrecompiledHeader />
       <WarningLevel>Level3</WarningLevel>
@@ -244,7 +243,7 @@
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">
     <ClCompile>
       <AdditionalIncludeDirectories>..\..\;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;USE_CERT_BUFFERS_2048;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;USE_CERT_BUFFERS_2048;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
       <PrecompiledHeader />
       <WarningLevel>Level3</WarningLevel>
diff --git a/IDE/WIN/wolfssl-fips.vcxproj b/IDE/WIN/wolfssl-fips.vcxproj
index b1a68ebac..c63c79bd1 100644
--- a/IDE/WIN/wolfssl-fips.vcxproj
+++ b/IDE/WIN/wolfssl-fips.vcxproj
@@ -120,7 +120,7 @@
     <ClCompile>
       <Optimization>Disabled</Optimization>
       <AdditionalIncludeDirectories>./;../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>OPENSSL_EXTRA;HAVE_THREAD_LS;WOLFSSL_KEY_GEN;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>OPENSSL_EXTRA;HAVE_THREAD_LS;WOLFSSL_KEY_GEN;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
       <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
       <WarningLevel>Level4</WarningLevel>
@@ -132,7 +132,7 @@
     <ClCompile>
       <Optimization>Disabled</Optimization>
       <AdditionalIncludeDirectories>./;../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>OPENSSL_EXTRA;HAVE_THREAD_LS;WOLFSSL_KEY_GEN;BUILDING_WOLFSSL;WOLFSSL_DLL;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>OPENSSL_EXTRA;HAVE_THREAD_LS;WOLFSSL_KEY_GEN;BUILDING_WOLFSSL;WOLFSSL_DLL;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <MinimalRebuild>true</MinimalRebuild>
       <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
       <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
@@ -145,7 +145,7 @@
     <ClCompile>
       <Optimization>Disabled</Optimization>
       <AdditionalIncludeDirectories>./;../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>OPENSSL_EXTRA;HAVE_THREAD_LS;WOLFSSL_KEY_GEN;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>OPENSSL_EXTRA;HAVE_THREAD_LS;WOLFSSL_KEY_GEN;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
       <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
       <WarningLevel>Level4</WarningLevel>
@@ -157,7 +157,7 @@
     <ClCompile>
       <Optimization>Disabled</Optimization>
       <AdditionalIncludeDirectories>./;../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>OPENSSL_EXTRA;HAVE_THREAD_LS;WOLFSSL_KEY_GEN;BUILDING_WOLFSSL;WOLFSSL_DLL;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>OPENSSL_EXTRA;HAVE_THREAD_LS;WOLFSSL_KEY_GEN;BUILDING_WOLFSSL;WOLFSSL_DLL;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
       <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
       <WarningLevel>Level4</WarningLevel>
@@ -175,7 +175,7 @@
       <Optimization>MaxSpeed</Optimization>
       <IntrinsicFunctions>true</IntrinsicFunctions>
       <AdditionalIncludeDirectories>./;../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>OPENSSL_EXTRA;HAVE_THREAD_LS;WOLFSSL_KEY_GEN;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>OPENSSL_EXTRA;HAVE_THREAD_LS;WOLFSSL_KEY_GEN;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
       <FunctionLevelLinking>true</FunctionLevelLinking>
       <WarningLevel>Level3</WarningLevel>
@@ -187,7 +187,7 @@
       <Optimization>MaxSpeed</Optimization>
       <IntrinsicFunctions>true</IntrinsicFunctions>
       <AdditionalIncludeDirectories>./;../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>OPENSSL_EXTRA;HAVE_THREAD_LS;WOLFSSL_KEY_GEN;BUILDING_WOLFSSL;WOLFSSL_DLL;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>OPENSSL_EXTRA;HAVE_THREAD_LS;WOLFSSL_KEY_GEN;BUILDING_WOLFSSL;WOLFSSL_DLL;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
       <FunctionLevelLinking>true</FunctionLevelLinking>
       <WarningLevel>Level3</WarningLevel>
@@ -199,7 +199,7 @@
       <Optimization>MaxSpeed</Optimization>
       <IntrinsicFunctions>true</IntrinsicFunctions>
       <AdditionalIncludeDirectories>./;../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>OPENSSL_EXTRA;HAVE_THREAD_LS;WOLFSSL_KEY_GEN;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>OPENSSL_EXTRA;HAVE_THREAD_LS;WOLFSSL_KEY_GEN;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
       <FunctionLevelLinking>true</FunctionLevelLinking>
       <WarningLevel>Level3</WarningLevel>
@@ -212,7 +212,7 @@
       <Optimization>MaxSpeed</Optimization>
       <IntrinsicFunctions>true</IntrinsicFunctions>
       <AdditionalIncludeDirectories>./;../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>OPENSSL_EXTRA;HAVE_THREAD_LS;WOLFSSL_KEY_GEN;BUILDING_WOLFSSL;WOLFSSL_DLL;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>OPENSSL_EXTRA;HAVE_THREAD_LS;WOLFSSL_KEY_GEN;BUILDING_WOLFSSL;WOLFSSL_DLL;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
       <FunctionLevelLinking>true</FunctionLevelLinking>
       <WarningLevel>Level3</WarningLevel>
@@ -261,34 +261,26 @@
       <ObjectFileName>$(IntDir)ctaocrypt\</ObjectFileName>
     </ClCompile>
     <ClCompile Include="..\..\wolfcrypt\src\aes.c" />
-    <ClCompile Include="..\..\wolfcrypt\src\arc4.c" />
     <ClCompile Include="..\..\wolfcrypt\src\asn.c" />
-    <ClCompile Include="..\..\wolfcrypt\src\blake2b.c" />
-    <ClCompile Include="..\..\wolfcrypt\src\camellia.c" />
     <ClCompile Include="..\..\wolfcrypt\src\coding.c" />
     <ClCompile Include="..\..\src\crl.c" />
     <ClCompile Include="..\..\wolfcrypt\src\des3.c" />
     <ClCompile Include="..\..\wolfcrypt\src\dh.c" />
-    <ClCompile Include="..\..\wolfcrypt\src\dsa.c" />
     <ClCompile Include="..\..\wolfcrypt\src\ecc.c" />
     <ClCompile Include="..\..\wolfcrypt\src\error.c" />
     <ClCompile Include="..\..\wolfcrypt\src\hash.c" />
-    <ClCompile Include="..\..\wolfcrypt\src\hc128.c" />
     <ClCompile Include="..\..\wolfcrypt\src\hmac.c" />
     <ClCompile Include="..\..\wolfcrypt\src\integer.c" />
     <ClCompile Include="..\..\src\internal.c" />
     <ClCompile Include="..\..\src\io.c" />
     <ClCompile Include="..\..\src\keys.c" />
     <ClCompile Include="..\..\wolfcrypt\src\logging.c" />
-    <ClCompile Include="..\..\wolfcrypt\src\md4.c" />
     <ClCompile Include="..\..\wolfcrypt\src\md5.c" />
     <ClCompile Include="..\..\wolfcrypt\src\memory.c" />
     <ClCompile Include="..\..\src\ocsp.c" />
     <ClCompile Include="..\..\wolfcrypt\src\wc_port.c" />
     <ClCompile Include="..\..\wolfcrypt\src\pwdbased.c" />
-    <ClCompile Include="..\..\wolfcrypt\src\rabbit.c" />
     <ClCompile Include="..\..\wolfcrypt\src\random.c" />
-    <ClCompile Include="..\..\wolfcrypt\src\ripemd.c" />
     <ClCompile Include="..\..\wolfcrypt\src\rsa.c" />
     <ClCompile Include="..\..\wolfcrypt\src\sha.c" />
     <ClCompile Include="..\..\wolfcrypt\src\sha256.c" />
diff --git a/LICENSING b/LICENSING
index e43bb9f39..9f50165fd 100644
--- a/LICENSING
+++ b/LICENSING
@@ -1,7 +1,7 @@
 
-CyaSSL and wolfCrypt are either licensed for use under the GPLv2 or a
-standard commercial license. For our users who cannot use CyaSSL under
-GPLv2, a commercial license to CyaSSL and wolfCrypt is available.
+wolfSSL (formerly known as CyaSSL) and wolfCrypt are either licensed for use
+under the GPLv2 or a standard commercial license. For our users who cannot use
+wolfSSL under GPLv2, a commercial license to wolfSSL and wolfCrypt is available.
 Please contact wolfSSL Inc. directly at:
 
 Email: licensing@wolfssl.com
diff --git a/README b/README
index c7245ecbc..74abbb0e8 100644
--- a/README
+++ b/README
@@ -34,7 +34,18 @@ before calling wolfSSL_new();  Though it's not recommended.
 
 *** end Notes ***
 
-wolfSSL (Formerly CyaSSL) Release 3.6.0 (06/19/2015)
+wolfSSL (Formerly CyaSSL) Release 3.6.2 (07/20/2015)
+
+Release 3.6.2 of wolfSSL is an intermediate custom release including:
+
+- OpenSSH  compatibility with --enable-openssh
+- stunnel  compatibility with --enable-stunnel
+- lighttpd compatibility with --enable-lighty
+
+See INSTALL file for build instructions.
+More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html
+
+ **************** wolfSSL (Formerly CyaSSL) Release 3.6.0 (06/19/2015)
 
 Release 3.6.0 of wolfSSL has bug fixes and new features including:
 
diff --git a/README.md b/README.md
index 7b7d57ce8..edbfb9d35 100644
--- a/README.md
+++ b/README.md
@@ -38,6 +38,18 @@ before calling wolfSSL_new();  Though it's not recommended.
 - GNU Binutils 2.24 ld has problems with some debug builds, to fix an ld error
   add -fdebug-types-section to C_EXTRA_FLAGS
 
+#wolfSSL (Formerly CyaSSL) Release 3.6.2 (07/20/2015)
+
+##Release 3.6.2 of wolfSSL is an intermediate custom release including:
+
+- OpenSSH  compatibility with --enable-openssh
+- stunnel  compatibility with --enable-stunnel
+- lighttpd compatibility with --enable-lighty
+
+See INSTALL file for build instructions.
+More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html
+
+
 #wolfSSL (Formerly CyaSSL) Release 3.6.0 (06/19/2015)
 
 ##Release 3.6.0 of wolfSSL has bug fixes and new features including:
diff --git a/configure.ac b/configure.ac
index 96a7aa7a9..e66b68718 100644
--- a/configure.ac
+++ b/configure.ac
@@ -6,7 +6,7 @@
 #
 #
 
-AC_INIT([wolfssl],[3.6.1],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[http://www.wolfssl.com])
+AC_INIT([wolfssl],[3.6.2],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[http://www.wolfssl.com])
 
 AC_CONFIG_AUX_DIR([build-aux])
 
@@ -148,12 +148,24 @@ then
 fi
 
 
+# OpenSSH compatibility Build
+AC_ARG_ENABLE([openssh],
+    [AS_HELP_STRING([--enable-openssh],[Enable OpenSSH compatibility build (default: disabled)])],
+    [ENABLED_OPENSSH=$enableval],
+    [ENABLED_OPENSSH=no])
+
+
 # OPENSSL Extra Compatibility
 AC_ARG_ENABLE([opensslextra],
     [  --enable-opensslextra   Enable extra OpenSSL API, size+ (default: disabled)],
     [ ENABLED_OPENSSLEXTRA=$enableval ],
     [ ENABLED_OPENSSLEXTRA=no ]
     )
+if test "$ENABLED_OPENSSH" = "yes"
+then
+    ENABLED_OPENSSLEXTRA="yes"
+fi
+
 if test "$ENABLED_OPENSSLEXTRA" = "yes"
 then
   AM_CFLAGS="-DOPENSSL_EXTRA $AM_CFLAGS"
@@ -194,6 +206,11 @@ AC_ARG_ENABLE([fortress],
     [ ENABLED_FORTRESS=no ]
     )
 
+if test "$ENABLED_OPENSSH" = "yes"
+then
+    ENABLED_FORTRESS="yes"
+fi
+
 if test "$ENABLED_FORTRESS" = "yes"
 then
     AM_CFLAGS="$AM_CFLAGS -DFORTRESS -DWOLFSSL_ALWAYS_VERIFY_CB -DOPENSSL_EXTRA -DWOLFSSL_DES_ECB -DWOLFSSL_AES_COUNTER -DWOLFSSL_AES_DIRECT -DWOLFSSL_DER_LOAD -DWOLFSSL_SHA512 -DWOLFSSL_SHA384 -DWOLFSSL_KEY_GEN"
@@ -481,6 +498,11 @@ AC_ARG_ENABLE([nullcipher],
     [ ENABLED_NULL_CIPHER=no ]
     )
 
+if test "$ENABLED_OPENSSH" = "yes"
+then
+    ENABLED_NULL_CIPHER="yes"
+fi
+
 if test "$ENABLED_NULL_CIPHER" = "yes"
 then
     AM_CFLAGS="$AM_CFLAGS -DHAVE_NULL_CIPHER"
@@ -493,6 +515,11 @@ AC_ARG_ENABLE([ripemd],
     [ ENABLED_RIPEMD=no ]
     )
 
+if test "$ENABLED_OPENSSH" = "yes"
+then
+    ENABLED_RIPEMD="yes"
+fi
+
 if test "$ENABLED_RIPEMD" = "yes"
 then
     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_RIPEMD"
@@ -536,6 +563,11 @@ then
     ENABLED_SHA512=no
 fi
 
+if test "$ENABLED_OPENSSH" = "yes"
+then
+    ENABLED_SHA512="yes"
+fi
+
 if test "$ENABLED_SHA512" = "yes"
 then
     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA512 -DWOLFSSL_SHA384"
@@ -637,6 +669,11 @@ AC_ARG_ENABLE([dsa],
     [ ENABLED_DSA=no ]
     )
 
+if test "$ENABLED_OPENSSH" = "yes"
+then
+    ENABLED_DSA="yes"
+fi
+
 if test "$ENABLED_DSA" = "no"
 then
     AM_CFLAGS="$AM_CFLAGS -DNO_DSA"
@@ -666,6 +703,11 @@ then
     ENABLED_ECC=no
 fi
 
+if test "$ENABLED_OPENSSH" = "yes"
+then
+    ENABLED_ECC="yes"
+fi
+
 if test "$ENABLED_ECC" = "yes"
 then
     AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC -DTFM_ECC256 -DECC_SHAMIR"
@@ -901,6 +943,11 @@ AC_ARG_ENABLE([dh],
     [ ENABLED_DH=yes ]
     )
 
+if test "$ENABLED_OPENSSH" = "yes"
+then
+    ENABLED_DH="yes"
+fi
+
 if test "$ENABLED_DH" = "no"
 then
     AM_CFLAGS="$AM_CFLAGS -DNO_DH"
@@ -1000,6 +1047,14 @@ AC_ARG_ENABLE([aes],
 if test "$ENABLED_AES" = "no"
 then
     AM_CFLAGS="$AM_CFLAGS -DNO_AES"
+    if test "$ENABLED_FORTRESS" = "yes"
+    then
+        AC_MSG_ERROR([fortress requires aes])
+    fi
+    if test "$ENABLED_ECC_ENCRYPT" = "yes"
+    then
+        AC_MSG_ERROR([cannot enable eccencrypt and hkdf without aes.])
+    fi
     if test "$ENABLED_AESGCM" = "yes"
     then
         AC_MSG_ERROR([AESGCM requires AES.])
@@ -1071,6 +1126,11 @@ AC_ARG_ENABLE([arc4],
     [ ENABLED_ARC4=no ]
     )
 
+if test "$ENABLED_OPENSSH" = "yes"
+then
+    ENABLED_ARC4="yes"
+fi
+
 if test "$ENABLED_ARC4" = "no"
 then
     AM_CFLAGS="$AM_CFLAGS -DNO_RC4"
@@ -1130,21 +1190,6 @@ fi
 AM_CONDITIONAL([BUILD_SHA], [test "x$ENABLED_SHA" = "xyes"])
 
 
-# MD4 
-AC_ARG_ENABLE([md4],
-    [  --enable-md4            Enable MD4 (default: disabled)],
-    [ ENABLED_MD4=$enableval ],
-    [ ENABLED_MD4=no ]
-    )
-
-if test "$ENABLED_MD4" = "no"
-then
-    AM_CFLAGS="$AM_CFLAGS -DNO_MD4"
-fi
-
-AM_CONDITIONAL([BUILD_MD4], [test "x$ENABLED_MD4" = "xyes"])
-
-
 # Web Server Build 
 AC_ARG_ENABLE([webserver],
     [  --enable-webserver      Enable Web Server (default: disabled)],
@@ -1412,9 +1457,9 @@ AC_ARG_WITH([ntru],
     [
         AC_MSG_CHECKING([for NTRU])
         CPPFLAGS="$CPPFLAGS -DHAVE_NTRU -DHAVE_QSH -DHAVE_TLS_EXTENSIONS"
-        LIBS="$LIBS -lNTRUEncrypt"
+        LIBS="$LIBS -lntruencrypt"
 
-        AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <ntru_crypto_drbg.h>]], [[ ntru_crypto_drbg_instantiate(0, 0, 0, 0, 0); ]])], [ ntru_linked=yes ],[ ntru_linked=no ])
+        AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <libntruencrypt/ntru_crypto_drbg.h>]], [[ ntru_crypto_drbg_instantiate(0, 0, 0, 0, 0); ]])], [ ntru_linked=yes ],[ ntru_linked=no ])
 
         if test "x$ntru_linked" == "xno" ; then
             if test "x$withval" != "xno" ; then
@@ -1427,7 +1472,7 @@ AC_ARG_WITH([ntru],
             LDFLAGS="$AM_LDFLAGS -L$tryntrudir/lib"
             CPPFLAGS="$CPPFLAGS -I$tryntrudir/include"
 
-            AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <ntru_crypto_drbg.h>]], [[ ntru_crypto_drbg_instantiate(0, 0, 0, 0, 0); ]])], [ ntru_linked=yes ],[ ntru_linked=no ])
+            AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <libntruencrypt/ntru_crypto_drbg.h>]], [[ ntru_crypto_drbg_instantiate(0, 0, 0, 0, 0); ]])], [ ntru_linked=yes ],[ ntru_linked=no ])
 
             if test "x$ntru_linked" == "xno" ; then
                 AC_MSG_ERROR([NTRU isn't found.
@@ -1717,6 +1762,66 @@ then
     AM_CFLAGS="$AM_CFLAGS -DHAVE_LIGHTY -DHAVE_WOLFSSL_SSL_H=1"
 fi
 
+# stunnel Support
+AC_ARG_ENABLE([stunnel],
+    [  --enable-stunnel        Enable stunnel (default: disabled)],
+    [ ENABLED_STUNNEL=$enableval ],
+    [ ENABLED_STUNNEL=no ]
+    )
+if test "$ENABLED_STUNNEL" = "yes"
+then
+    # Requires opensslextra make sure on
+    if test "x$ENABLED_OPENSSLEXTRA" = "xno"
+    then
+        ENABLED_OPENSSLEXTRA="yes"
+        AM_CFLAGS="-DOPENSSL_EXTRA $AM_CFLAGS"
+    fi
+
+    # Requires coding make sure on
+    if test "x$ENABLED_CODING" = "xno"
+    then
+        ENABLED_CODING="yes"
+    fi
+
+    # Requires sessioncerts make sure on
+    if test "x$ENABLED_SESSIONCERTS" = "xno"
+    then
+        ENABLED_SESSIONCERTS="yes"
+        AM_CFLAGS="$AM_CFLAGS -DSESSION_CERTS"
+    fi
+
+    # Requires crls, make sure on
+    if test "x$ENABLED_CRL" = "xno"
+    then
+        ENABLED_CRL="yes"
+        AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL"
+        AM_CONDITIONAL([BUILD_CRL], [test "x$ENABLED_CRL" = "xyes"])
+    fi
+    AM_CFLAGS="$AM_CFLAGS -DHAVE_STUNNEL"
+fi
+
+
+# MD4
+AC_ARG_ENABLE([md4],
+    [  --enable-md4            Enable MD4 (default: disabled)],
+    [ ENABLED_MD4=$enableval ],
+    [ ENABLED_MD4=no ]
+    )
+
+
+if test "$ENABLED_MD4" = "no"
+then
+    #turn on MD4 if using stunnel
+    if test "x$ENABLED_STUNNEL" = "xyes"
+    then
+        ENABLED_MD4="yes"
+    else
+        AM_CFLAGS="$AM_CFLAGS -DNO_MD4"
+    fi
+fi
+
+AM_CONDITIONAL([BUILD_MD4], [test "x$ENABLED_MD4" = "xyes"])
+
 
 # PWDBASED has to come after certservice since we want it on w/o explicit on
 # PWDBASED
@@ -1745,7 +1850,7 @@ FASTMATH_DEFAULT=no
 
 if test "$host_cpu" = "x86_64"
 then
-FASTMATH_DEFAULT=yes
+    FASTMATH_DEFAULT=yes
 fi
 
 # fastmath
@@ -2173,6 +2278,7 @@ echo
 echo "   Features "
 echo "   * Single threaded:           $ENABLED_SINGLETHREADED"
 echo "   * Filesystem:                $ENABLED_FILESYSTEM"
+echo "   * OpenSSH Build:             $ENABLED_OPENSSH"
 echo "   * OpenSSL Extra API:         $ENABLED_OPENSSLEXTRA"
 echo "   * Max Strength Build:        $ENABLED_MAXSTRENGTH"
 echo "   * fastmath:                  $ENABLED_FASTMATH"
@@ -2218,6 +2324,7 @@ echo "   * CODING:                    $ENABLED_CODING"
 echo "   * MEMORY:                    $ENABLED_MEMORY"
 echo "   * I/O POOL:                  $ENABLED_IOPOOL"
 echo "   * LIGHTY:                    $ENABLED_LIGHTY"
+echo "   * STUNNEL:                   $ENABLED_STUNNEL"
 echo "   * ERROR_STRINGS:             $ENABLED_ERROR_STRINGS"
 echo "   * DTLS:                      $ENABLED_DTLS"
 echo "   * Old TLS Versions:          $ENABLED_OLD_TLS"
diff --git a/cyassl/ctaocrypt/blake2-impl.h b/cyassl/ctaocrypt/blake2-impl.h
index fc5ec3a49..de6ed273b 100644
--- a/cyassl/ctaocrypt/blake2-impl.h
+++ b/cyassl/ctaocrypt/blake2-impl.h
@@ -36,7 +36,7 @@
 #define CTAOCRYPT_BLAKE2_IMPL_H
 
 #include <cyassl/ctaocrypt/types.h>
-#include <wolfssl/wolfcrypt/blake2_impl.h>
+#include <wolfssl/wolfcrypt/blake2-impl.h>
 
 #endif  /* CTAOCRYPT_BLAKE2_IMPL_H */
 
diff --git a/cyassl/ctaocrypt/blake2-int.h b/cyassl/ctaocrypt/blake2-int.h
index 07ea8e745..9dadaadcb 100644
--- a/cyassl/ctaocrypt/blake2-int.h
+++ b/cyassl/ctaocrypt/blake2-int.h
@@ -37,7 +37,7 @@
 #define CTAOCRYPT_BLAKE2_INT_H
 
 #include <cyassl/ctaocrypt/types.h>
-#include <wolfssl/wolfcrypt/blake2_int.h>
+#include <wolfssl/wolfcrypt/blake2-int.h>
 
 #endif  /* CTAOCRYPT_BLAKE2_INT_H */
 
diff --git a/mcapi/crypto.h b/mcapi/crypto.h
index 7a960d855..82b4d0249 100644
--- a/mcapi/crypto.h
+++ b/mcapi/crypto.h
@@ -163,7 +163,7 @@ enum {
 
 /* AES */
 typedef struct CRYPT_AES_CTX {
-    int holder[70];   /* big enough to hold internal, but check on init */
+    int holder[74];   /* big enough to hold internal, but check on init */
 } CRYPT_AES_CTX;
 
 /* key */
diff --git a/scripts/resume.test b/scripts/resume.test
index e4b0a6eb3..17bfd8c9f 100755
--- a/scripts/resume.test
+++ b/scripts/resume.test
@@ -7,6 +7,15 @@ resume_port=11112
 no_pid=-1
 server_pid=$no_pid
 
+
+remove_ready_file() {
+    if test -e /tmp/wolfssl_server_ready; then
+        echo -e "removing exisitng server_ready file"
+        rm /tmp/wolfssl_server_ready
+    fi
+}
+
+
 do_cleanup() {
     echo "in cleanup"
 
@@ -15,6 +24,7 @@ do_cleanup() {
         echo "killing server"
         kill -9 $server_pid
     fi
+    remove_ready_file
 }
 
 do_trap() {
@@ -27,10 +37,7 @@ trap do_trap INT TERM
 
 echo -e "\nStarting example server for resume test...\n"
 
-if test -e /tmp/wolfssl_server_ready; then
-    echo -e "removing exisitng server_ready file"
-    rm /tmp/wolfssl_server_ready
-fi
+remove_ready_file
 ./examples/server/server -r -R -p $resume_port &
 server_pid=$!
 
@@ -51,6 +58,7 @@ fi
 
 wait $server_pid
 server_result=$?
+remove_ready_file
 
 if [ $server_result != 0 ]
 then
diff --git a/src/internal.c b/src/internal.c
index b63b1fe2a..fa4208c44 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -41,7 +41,7 @@
 #endif
 
 #ifdef HAVE_NTRU
-    #include "ntru_crypto.h"
+    #include "libntruencrypt/ntru_crypto.h"
 #endif
 
 #if defined(DEBUG_WOLFSSL) || defined(SHOW_SECRETS) || defined(CHACHA_AEAD_TEST)
@@ -247,7 +247,7 @@ static int QSH_FreeAll(WOLFSSL* ssl)
 static RNG* rng;
 static wolfSSL_Mutex* rngMutex;
 
-static word32 GetEntropy(unsigned char* out, unsigned long long num_bytes)
+static word32 GetEntropy(unsigned char* out, word32 num_bytes)
 {
     int ret = 0;
 
@@ -265,7 +265,7 @@ static word32 GetEntropy(unsigned char* out, unsigned long long num_bytes)
     }
 
     ret |= LockMutex(rngMutex);
-    ret |= wc_RNG_GenerateBlock(rng, out, (word32)num_bytes);
+    ret |= wc_RNG_GenerateBlock(rng, out, num_bytes);
     ret |= UnLockMutex(rngMutex);
 
     if (ret != 0)
@@ -4464,7 +4464,7 @@ static int DoCertificate(WOLFSSL* ssl, byte* input, word32* inOutIdx,
 #else
                 store->current_cert = NULL;
 #endif
-#ifdef FORTRESS
+#if defined(HAVE_FORTRESS) || defined(HAVE_STUNNEL)
                 store->ex_data = ssl;
 #endif
                 ok = ssl->verifyCallback(0, store);
@@ -10623,7 +10623,7 @@ static int NtruSecretEncrypt(QSHKey* key, byte* bufIn, word32 inSz,
     }
 
     /* set up ntru drbg */
-    ret = ntru_crypto_external_drbg_instantiate(GetEntropy, &drbg);
+    ret = ntru_crypto_drbg_external_instantiate(GetEntropy, &drbg);
     if (ret != DRBG_OK)
         return NTRU_DRBG_ERROR;
 
@@ -10670,7 +10670,7 @@ static int NtruSecretDecrypt(QSHKey* key, byte* bufIn, word32 inSz,
 
 
     /* set up drbg */
-    ret = ntru_crypto_external_drbg_instantiate(GetEntropy, &drbg);
+    ret = ntru_crypto_drbg_external_instantiate(GetEntropy, &drbg);
     if (ret != DRBG_OK)
         return NTRU_DRBG_ERROR;
 
@@ -10805,7 +10805,7 @@ static word32 QSH_MaxSecret(QSHKey* key)
     }
 
     if (isNtru) {
-        ret = ntru_crypto_external_drbg_instantiate(GetEntropy, &drbg);
+        ret = ntru_crypto_drbg_external_instantiate(GetEntropy, &drbg);
         if (ret != DRBG_OK)
             return NTRU_DRBG_ERROR;
         ret = ntru_crypto_ntru_encrypt(drbg, key->pub.length,
@@ -11251,7 +11251,7 @@ static word32 QSH_KeyExchangeWrite(WOLFSSL* ssl, byte isServer)
                         return NO_PEER_KEY;
                     }
 
-                    rc = ntru_crypto_external_drbg_instantiate(GetEntropy, &drbg);
+                    rc = ntru_crypto_drbg_external_instantiate(GetEntropy, &drbg);
                     if (rc != DRBG_OK) {
                     #ifdef WOLFSSL_SMALL_STACK
                         XFREE(encSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
diff --git a/src/ssl.c b/src/ssl.c
index 211112164..feb86736c 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -521,6 +521,35 @@ int wolfSSL_CTX_SetTmpDH(WOLFSSL_CTX* ctx, const unsigned char* p, int pSz,
     return SSL_SUCCESS;
 }
 
+
+int wolfSSL_CTX_SetMinDhKey_Sz(WOLFSSL_CTX* ctx, word16 keySz)
+{
+    if (ctx == NULL || keySz > 16000 || keySz % 8 != 0)
+        return BAD_FUNC_ARG;
+
+    ctx->minDhKeySz = keySz / 8;
+    return SSL_SUCCESS;
+}
+
+
+int wolfSSL_SetMinDhKey_Sz(WOLFSSL* ssl, word16 keySz)
+{
+    if (ssl == NULL || keySz > 16000 || keySz % 8 != 0)
+        return BAD_FUNC_ARG;
+
+    ssl->options.minDhKeySz = keySz / 8;
+    return SSL_SUCCESS;
+}
+
+
+int wolfSSL_GetDhKey_Sz(WOLFSSL* ssl)
+{
+    if (ssl == NULL)
+        return BAD_FUNC_ARG;
+
+    return (ssl->options.dhKeySz * 8);
+}
+
 #endif /* !NO_DH */
 
 
@@ -1648,7 +1677,6 @@ int wolfSSL_KeyPemToDer(const unsigned char* pem, int pemSz,
     }
 
     XFREE(der.buffer, NULL, DYNAMIC_TYPE_KEY);
-
     return ret;
 }
 
@@ -3493,8 +3521,10 @@ int wolfSSL_CTX_load_verify_locations(WOLFSSL_CTX* ctx, const char* file,
 
     #ifdef WOLFSSL_SMALL_STACK
         name = (char*)XMALLOC(MAX_FILENAME_SZ, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-        if (name == NULL)
+        if (name == NULL) {
+            closedir(dir);
             return MEMORY_E;
+        }
     #endif
 
         while ( ret == SSL_SUCCESS && (entry = readdir(dir)) != NULL) {
@@ -4130,36 +4160,6 @@ int wolfSSL_CTX_SetTmpDH_file(WOLFSSL_CTX* ctx, const char* fname, int format)
     return wolfSSL_SetTmpDH_file_wrapper(ctx, NULL, fname, format);
 }
 
-
-int wolfSSL_CTX_SetMinDhKey_Sz(WOLFSSL_CTX* ctx, word16 keySz)
-{
-    if (ctx == NULL || keySz > 16000 || keySz % 8 != 0)
-        return BAD_FUNC_ARG;
-
-    ctx->minDhKeySz = keySz / 8;
-    return SSL_SUCCESS;
-}
-
-
-int wolfSSL_SetMinDhKey_Sz(WOLFSSL* ssl, word16 keySz)
-{
-    if (ssl == NULL || keySz > 16000 || keySz % 8 != 0)
-        return BAD_FUNC_ARG;
-
-    ssl->options.minDhKeySz = keySz / 8;
-    return SSL_SUCCESS;
-}
-
-
-int wolfSSL_GetDhKey_Sz(WOLFSSL* ssl)
-{
-    if (ssl == NULL)
-        return BAD_FUNC_ARG;
-
-    return (ssl->options.dhKeySz * 8);
-}
-
-
 #endif /* NO_DH */
 
 
@@ -7184,8 +7184,14 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
 
     void wolfSSL_set_shutdown(WOLFSSL* ssl, int opt)
     {
-        (void)ssl;
-        (void)opt;
+        WOLFSSL_ENTER("wolfSSL_set_shutdown");
+        if(ssl==NULL) {
+            WOLFSSL_MSG("Shutdown not set. ssl is null");
+            return;
+        }
+
+        ssl->options.sentNotify =  (opt&SSL_SENT_SHUTDOWN) > 0;
+        ssl->options.closeNotify = (opt&SSL_RECEIVED_SHUTDOWN) > 0;
     }
 
 
@@ -7238,7 +7244,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
                                                     WOLFSSL_X509_STORE_CTX* ctx)
     {
         (void)ctx;
-        return 0;
+        return NULL;
     }
 
 
@@ -8855,14 +8861,18 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
     WOLFSSL_X509_NAME* wolfSSL_X509_get_issuer_name(WOLFSSL_X509* cert)
     {
         WOLFSSL_ENTER("X509_get_issuer_name");
-        return &cert->issuer;
+        if(cert)
+            return &cert->issuer;
+        return NULL;
     }
 
 
     WOLFSSL_X509_NAME* wolfSSL_X509_get_subject_name(WOLFSSL_X509* cert)
     {
         WOLFSSL_ENTER("X509_get_subject_name");
-        return &cert->subject;
+        if(cert)
+            return &cert->subject;
+        return NULL;
     }
 
 
@@ -9535,23 +9545,6 @@ WOLFSSL_X509* wolfSSL_X509_load_certificate_file(const char* fname, int format)
 
 
 #ifdef OPENSSL_EXTRA
-int wolfSSL_set_ex_data(WOLFSSL* ssl, int idx, void* data)
-{
-#ifdef FORTRESS
-    if (ssl != NULL && idx < MAX_EX_DATA)
-    {
-        ssl->ex_data[idx] = data;
-        return SSL_SUCCESS;
-    }
-#else
-    (void)ssl;
-    (void)idx;
-    (void)data;
-#endif
-    return SSL_FAILURE;
-}
-
-
 int wolfSSL_set_session_id_context(WOLFSSL* ssl, const unsigned char* id,
                                unsigned int len)
 {
@@ -9571,9 +9564,14 @@ void wolfSSL_set_connect_state(WOLFSSL* ssl)
 
 int wolfSSL_get_shutdown(const WOLFSSL* ssl)
 {
+    WOLFSSL_ENTER("wolfSSL_get_shutdown");
+#ifdef HAVE_STUNNEL
+    return (ssl->options.sentNotify << 1) | (ssl->options.closeNotify);
+#else
     return (ssl->options.isClosed  ||
             ssl->options.connReset ||
             ssl->options.sentNotify);
+#endif
 }
 
 
@@ -10198,19 +10196,6 @@ int wolfSSL_COMP_add_compression_method(int method, void* data)
 }
 
 
-
-int wolfSSL_get_ex_new_index(long idx, void* data, void* cb1, void* cb2,
-                         void* cb3)
-{
-    (void)idx;
-    (void)data;
-    (void)cb1;
-    (void)cb2;
-    (void)cb3;
-    return 0;
-}
-
-
 void wolfSSL_set_dynlock_create_callback(WOLFSSL_dynlock_value* (*f)(
                                                           const char*, int))
 {
@@ -10368,6 +10353,7 @@ int wolfSSL_X509_STORE_CTX_init(WOLFSSL_X509_STORE_CTX* ctx,
      WOLFSSL_X509_STORE* store, WOLFSSL_X509* x509, STACK_OF(WOLFSSL_X509)* sk)
 {
     (void)sk;
+    WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_init");
     if (ctx != NULL) {
         ctx->store = store;
         ctx->current_cert = x509;
@@ -10554,7 +10540,8 @@ long wolfSSL_ASN1_INTEGER_get(const WOLFSSL_ASN1_INTEGER* i)
 
 void* wolfSSL_X509_STORE_CTX_get_ex_data(WOLFSSL_X509_STORE_CTX* ctx, int idx)
 {
-#ifdef FORTRESS
+    WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_get_ex_data");
+#if defined(FORTRESS) || defined(HAVE_STUNNEL)
     if (ctx != NULL && idx == 0)
         return ctx->ex_data;
 #else
@@ -10567,24 +10554,13 @@ void* wolfSSL_X509_STORE_CTX_get_ex_data(WOLFSSL_X509_STORE_CTX* ctx, int idx)
 
 int wolfSSL_get_ex_data_X509_STORE_CTX_idx(void)
 {
+    WOLFSSL_ENTER("wolfSSL_get_ex_data_X509_STORE_CTX_idx");
     return 0;
 }
 
 
-void* wolfSSL_get_ex_data(const WOLFSSL* ssl, int idx)
-{
-#ifdef FORTRESS
-    if (ssl != NULL && idx < MAX_EX_DATA)
-        return ssl->ex_data[idx];
-#else
-    (void)ssl;
-    (void)idx;
-#endif
-    return 0;
-}
-
-
-void wolfSSL_CTX_set_info_callback(WOLFSSL_CTX* ctx, void (*f)(void))
+void wolfSSL_CTX_set_info_callback(WOLFSSL_CTX* ctx,
+       void (*f)(const WOLFSSL* ssl, int type, int val))
 {
     (void)ctx;
     (void)f;
@@ -10597,7 +10573,7 @@ unsigned long wolfSSL_ERR_peek_error(void)
 }
 
 
-int wolfSSL_ERR_GET_REASON(int err)
+int wolfSSL_ERR_GET_REASON(unsigned long err)
 {
     (void)err;
     return 0;
@@ -10618,7 +10594,7 @@ char* wolfSSL_alert_desc_string_long(int alertID)
 }
 
 
-char* wolfSSL_state_string_long(WOLFSSL* ssl)
+char* wolfSSL_state_string_long(const WOLFSSL* ssl)
 {
     (void)ssl;
     return 0;
@@ -10777,23 +10753,6 @@ void* wolfSSL_sk_value(WOLFSSL_X509_REVOKED* rev, int i)
 
 
 /* stunnel 4.28 needs */
-void* wolfSSL_CTX_get_ex_data(const WOLFSSL_CTX* ctx, int d)
-{
-    (void)ctx;
-    (void)d;
-    return 0;
-}
-
-
-int wolfSSL_CTX_set_ex_data(WOLFSSL_CTX* ctx, int d, void* p)
-{
-    (void)ctx;
-    (void)d;
-    (void)p;
-    return SSL_SUCCESS;
-}
-
-
 void wolfSSL_CTX_sess_set_get_cb(WOLFSSL_CTX* ctx,
                     WOLFSSL_SESSION*(*f)(WOLFSSL*, unsigned char*, int, int*))
 {
@@ -10851,17 +10810,6 @@ long wolfSSL_SESSION_get_time(const WOLFSSL_SESSION* sess)
 }
 
 
-int wolfSSL_CTX_get_ex_new_index(long idx, void* arg, void* a, void* b,
-                                void* c)
-{
-    (void)idx;
-    (void)arg;
-    (void)a;
-    (void)b;
-    (void)c;
-    return 0;
-}
-
 #endif /* OPENSSL_EXTRA */
 
 
@@ -10901,6 +10849,7 @@ int wolfSSL_cmp_peer_cert_to_file(WOLFSSL* ssl, const char *fname)
         WOLFSSL_X509*   peer_cert = &ssl->peerCert;
         buffer         fileDer;
 
+        fileDer.buffer = 0;
         file = XFOPEN(fname, "rb");
         if (file == XBADFILE)
             return SSL_BAD_FILE;
@@ -10926,7 +10875,6 @@ int wolfSSL_cmp_peer_cert_to_file(WOLFSSL* ssl, const char *fname)
             info->set = 0;
             info->ctx = ctx;
             info->consumed = 0;
-            fileDer.buffer = 0;
 
             if ((myBuffer != NULL) &&
                 (sz > 0) &&
@@ -11280,17 +11228,27 @@ int wolfSSL_BN_bn2bin(const WOLFSSL_BIGNUM* bn, unsigned char* r)
 WOLFSSL_BIGNUM* wolfSSL_BN_bin2bn(const unsigned char* str, int len,
                             WOLFSSL_BIGNUM* ret)
 {
+    int weOwn = 0;
+
     WOLFSSL_MSG("wolfSSL_BN_bin2bn");
 
+    /* if ret is null create a BN */
+    if (ret == NULL) {
+        ret = wolfSSL_BN_new();
+        weOwn = 1;
+        if (ret == NULL)
+            return NULL;
+    }
+
+    /* check ret and ret->internal then read in value */
     if (ret && ret->internal) {
         if (mp_read_unsigned_bin((mp_int*)ret->internal, str, len) != 0) {
             WOLFSSL_MSG("mp_read_unsigned_bin failure");
+            if (weOwn)
+                wolfSSL_BN_free(ret);
             return NULL;
         }
     }
-    else {
-        WOLFSSL_MSG("wolfSSL_BN_bin2bn wants return bignum");
-    }
 
     return ret;
 }
@@ -11522,6 +11480,38 @@ int wolfSSL_BN_dec2bn(WOLFSSL_BIGNUM** bn, const char* str)
 }
 
 
+#if defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY)
+char *wolfSSL_BN_bn2dec(const WOLFSSL_BIGNUM *bn)
+{
+    int len = 0;
+    char *buf;
+
+    WOLFSSL_MSG("wolfSSL_BN_bn2dec");
+
+    if (bn == NULL || bn->internal == NULL) {
+        WOLFSSL_MSG("bn NULL error");
+        return NULL;
+    }
+
+    if (mp_radix_size((mp_int*)bn->internal, 10, &len) != MP_OKAY) {
+        WOLFSSL_MSG("mp_radix_size failure");
+        return NULL;
+    }
+
+    buf = (char*) XMALLOC(len, NULL, DYNAMIC_TYPE_ECC);
+    if (buf == NULL) {
+        WOLFSSL_MSG("wolfSSL_BN_bn2hex malloc buffer failure");
+        return NULL;
+    }
+
+    if (mp_toradix((mp_int*)bn->internal, buf, 10) != MP_OKAY) {
+        XFREE(buf, NULL, DYNAMIC_TYPE_ECC);
+        return NULL;
+    }
+    
+    return buf;
+}
+#else
 char* wolfSSL_BN_bn2dec(const WOLFSSL_BIGNUM* bn)
 {
     (void)bn;
@@ -11530,6 +11520,7 @@ char* wolfSSL_BN_bn2dec(const WOLFSSL_BIGNUM* bn)
 
     return NULL;
 }
+#endif /* defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) */
 
 /* return code compliant with OpenSSL :
  *   1 if success, 0 else
@@ -11538,23 +11529,13 @@ int wolfSSL_BN_lshift(WOLFSSL_BIGNUM *r, const WOLFSSL_BIGNUM *bn, int n)
 {
     WOLFSSL_MSG("wolfSSL_BN_lshift");
 
-    if (bn == NULL || bn->internal == NULL) {
+    if (r == NULL || r->internal == NULL || bn == NULL || bn->internal == NULL){
         WOLFSSL_MSG("bn NULL error");
         return SSL_FAILURE;
     }
 
-    /*  create new bn for res, if not done before */
-    if (r == NULL)
-        r = wolfSSL_BN_new();
-
-    if (r == NULL) {
-        WOLFSSL_MSG("bn new error");
-        return SSL_FAILURE;
-    }
-
     if (mp_mul_2d((mp_int*)bn->internal, n, (mp_int*)r->internal) != MP_OKAY) {
         WOLFSSL_MSG("mp_mul_2d error");
-        wolfSSL_BN_free(r);
         return SSL_FAILURE;
     }
 
@@ -11568,24 +11549,14 @@ int wolfSSL_BN_rshift(WOLFSSL_BIGNUM *r, const WOLFSSL_BIGNUM *bn, int n)
 {
     WOLFSSL_MSG("wolfSSL_BN_rshift");
 
-    if (bn == NULL || bn->internal == NULL) {
+    if (r == NULL || r->internal == NULL || bn == NULL || bn->internal == NULL){
         WOLFSSL_MSG("bn NULL error");
         return SSL_FAILURE;
     }
 
-    /*  create new bn for res, if not done before */
-    if (r == NULL)
-        r = wolfSSL_BN_new();
-
-    if (r == NULL) {
-        WOLFSSL_MSG("bn new error");
-        return SSL_FAILURE;
-    }
-
     if (mp_div_2d((mp_int*)bn->internal, n,
                   (mp_int*)r->internal, NULL) != MP_OKAY) {
         WOLFSSL_MSG("mp_mul_2d error");
-        wolfSSL_BN_free(r);
         return SSL_FAILURE;
     }
 
@@ -11642,11 +11613,11 @@ int wolfSSL_BN_add(WOLFSSL_BIGNUM *r, WOLFSSL_BIGNUM *a, WOLFSSL_BIGNUM *b)
 int wolfSSL_BN_is_prime_ex(const WOLFSSL_BIGNUM *bn, int nbchecks,
                            WOLFSSL_BN_CTX *ctx, WOLFSSL_BN_GENCB *cb)
 {
+    int res;
+
     (void)ctx;
     (void)cb;
 
-    int res;
-
     WOLFSSL_MSG("wolfSSL_BN_is_prime_ex");
 
     if (bn == NULL || bn->internal == NULL) {
@@ -11679,12 +11650,12 @@ WOLFSSL_BN_ULONG wolfSSL_BN_mod_word(const WOLFSSL_BIGNUM *bn,
 
     if (bn == NULL || bn->internal == NULL) {
         WOLFSSL_MSG("bn NULL error");
-        return SSL_FATAL_ERROR;
+        return (WOLFSSL_BN_ULONG)SSL_FATAL_ERROR;
     }
 
     if (mp_mod_d((mp_int*)bn->internal, w, &ret) != MP_OKAY) {
         WOLFSSL_MSG("mp_add_d error");
-        return SSL_FATAL_ERROR;
+        return (WOLFSSL_BN_ULONG)SSL_FATAL_ERROR;
     }
 
     return ret;
@@ -11723,6 +11694,7 @@ char *wolfSSL_BN_bn2hex(const WOLFSSL_BIGNUM *bn)
     return buf;
 }
 
+#ifndef NO_FILESYSTEM
 /* return code compliant with OpenSSL :
  *   1 if success, 0 if error
  */
@@ -11748,6 +11720,7 @@ int wolfSSL_BN_print_fp(FILE *fp, const WOLFSSL_BIGNUM *bn)
 
     return SSL_SUCCESS;
 }
+#endif /* !defined(NO_FILESYSTEM) */
 
 #else /* defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) */
 
@@ -11760,6 +11733,7 @@ char *wolfSSL_BN_bn2hex(const WOLFSSL_BIGNUM *bn)
     return (char*)"";
 }
 
+#ifndef NO_FILESYSTEM
 /* return code compliant with OpenSSL :
  *   1 if success, 0 if error
  */
@@ -11772,6 +11746,8 @@ int wolfSSL_BN_print_fp(FILE *fp, const WOLFSSL_BIGNUM *bn)
 
     return SSL_SUCCESS;
 }
+#endif /* !defined(NO_FILESYSTEM) */
+
 #endif /* defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) */
 
 
@@ -12649,6 +12625,16 @@ int wolfSSL_DSA_generate_key(WOLFSSL_DSA* dsa)
         return SSL_FAILURE;
     }
 
+    if (dsa->inSet == 0)
+    {
+        WOLFSSL_MSG("No DSA internal set, do it");
+
+        if (SetDsaInternal(dsa) != SSL_SUCCESS) {
+            WOLFSSL_MSG("SetDsaInternal failed");
+            return ret;
+        }
+    }
+
 #ifdef WOLFSSL_KEY_GEN
     {
         int initTmpRng = 0;
@@ -12754,10 +12740,8 @@ int wolfSSL_DSA_generate_parameters_ex(WOLFSSL_DSA* dsa, int bits,
                 WOLFSSL_MSG("wc_MakeDsaParameters failed");
             else if (SetDsaExternal(dsa) != SSL_SUCCESS)
                 WOLFSSL_MSG("SetDsaExternal failed");
-            else {
-                dsa->inSet = 1;
+            else
                 ret = SSL_SUCCESS;
-            }
         }
 
         if (initTmpRng)
@@ -12863,6 +12847,8 @@ int wolfSSL_DSA_do_verify(const unsigned char* d, unsigned char* sig,
     ret = DsaVerify(d, sig, (DsaKey*)dsa->internal, dsacheck);
     if (ret != 0 || *dsacheck != 1) {
         WOLFSSL_MSG("DsaVerify failed");
+        printf("ret = %d\n", ret);
+        printf("*dsacheck = %d\n", *dsacheck);
         return ret;
     }
 
@@ -14789,8 +14775,8 @@ int wolfSSL_ECDH_compute_key(void *out, size_t outlen,
                              void *(*KDF) (const void *in, size_t inlen,
                                            void *out, size_t *outlen))
 {
-    (void)KDF;
     word32 len;
+    (void)KDF;
 
     WOLFSSL_ENTER("wolfSSL_ECDH_compute_key");
 
@@ -15696,142 +15682,558 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl)
     unsigned char *wolfSSL_SHA1(const unsigned char *d, size_t n, unsigned char *md)
     {
         (void) *d; (void) n; (void) *md;
+        WOLFSSL_ENTER("wolfSSL_SHA1");
+        WOLFSSL_STUB("wolfssl_SHA1");
+
         return NULL;
     }
 
-    char WOLFSSL_CTX_use_certificate(WOLFSSL_CTX *ctx, WOLFSSL_X509 *x) {
+    char wolfSSL_CTX_use_certificate(WOLFSSL_CTX *ctx, WOLFSSL_X509 *x) {
         (void)ctx;
         (void)x;
+        WOLFSSL_ENTER("wolfSSL_CTX_use_certificate");
+        WOLFSSL_STUB("wolfSSL_CTX_use_certificate");
 
         return 0;
     }
 
-    int WOLFSSL_CTX_use_PrivateKey(WOLFSSL_CTX *ctx, WOLFSSL_EVP_PKEY *pkey) {
+    int wolfSSL_CTX_use_PrivateKey(WOLFSSL_CTX *ctx, WOLFSSL_EVP_PKEY *pkey) {
         (void)ctx;
         (void)pkey;
+        WOLFSSL_ENTER("wolfSSL_CTX_use_PrivateKey");
+        WOLFSSL_STUB("wolfSSL_CTX_use_PrivateKey");
 
         return 0;
     }
 
-    WOLFSSL_BIO *wolfSSL_BIO_new_file(const char *filename, const char *mode) {
-        (void)filename;
-        (void)mode;
-
-        return NULL;
-    }
 
     int wolfSSL_BIO_read_filename(WOLFSSL_BIO *b, const char *name) {
         (void)b;
         (void)name;
+        WOLFSSL_ENTER("wolfSSL_BIO_read_filename");
+        WOLFSSL_STUB("wolfSSL_BIO_read_filename");
 
         return 0;
     }
 
-    WOLFSSL_BIO_METHOD* WOLFSSL_BIO_s_file(void) {
+    WOLFSSL_BIO_METHOD* wolfSSL_BIO_s_file(void) {
+        WOLFSSL_ENTER("wolfSSL_BIO_s_file");
+        WOLFSSL_STUB("wolfSSL_BIO_s_file");
+
         return NULL;
     }
 
     const char * wolf_OBJ_nid2sn(int n) {
         (void)n;
+        WOLFSSL_ENTER("wolf_OBJ_nid2sn");
+        WOLFSSL_STUB("wolf_OBJ_nid2sn");
 
         return 0;
     }
 
     int wolf_OBJ_obj2nid(const WOLFSSL_ASN1_OBJECT *o) {
         (void)o;
+        WOLFSSL_ENTER("wolf_OBJ_obj2nid");
+        WOLFSSL_STUB("wolf_OBJ_obj2nid");
 
         return 0;
     }
 
     int wolf_OBJ_sn2nid(const char *sn) {
         (void)sn;
+        WOLFSSL_ENTER("wolf_OBJ_osn2nid");
+        WOLFSSL_STUB("wolf_OBJ_osn2nid");
 
         return 0;
     }
 
-    WOLFSSL_DH *PEM_read_bio_DHparams(WOLFSSL_BIO *bp, WOLFSSL_DH **x, pem_password_cb *cb, void *u) {
-        (void)bp;
-        (void)x;
-        (void)cb;
-        (void)u;
-
-        return NULL;
-    }
 
     WOLFSSL_X509 *PEM_read_bio_WOLFSSL_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u) {
         (void)bp;
         (void)x;
         (void)cb;
         (void)u;
+        WOLFSSL_ENTER("PEM_read_bio_WOLFSSL_X509");
+        WOLFSSL_STUB("PEM_read_bio_WOLFSSL_X509");
 
         return NULL;
     }
 
-    int PEM_write_bio_WOLFSSL_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 *x) {
-        (void)bp;
-        (void)x;
-
-        return 0;
-    }
-
-    long WOLFSSL_CTX_set_tmp_dh(WOLFSSL_CTX *ctx, WOLFSSL_DH *dh) {
-        (void)ctx;
-        (void)dh;
-
-        return 0;
-    }
-
-    void wolfSSL_CTX_set_verify_depth(WOLFSSL_CTX *ctx,int depth) {
+    void wolfSSL_CTX_set_verify_depth(WOLFSSL_CTX *ctx, int depth) {
         (void)ctx;
         (void)depth;
+        WOLFSSL_ENTER("wolfSSL_CTX_set_verify_depth");
+        WOLFSSL_STUB("wolfSSL_CTX_set_verify_depth");
+
     }
 
-    void* WOLFSSL_get_app_data( const WOLFSSL *ssl)
+    void* wolfSSL_get_app_data( const WOLFSSL *ssl)
     {
         /* checkout exdata stuff... */
         (void)ssl;
+        WOLFSSL_ENTER("wolfSSL_get_app_data");
+        WOLFSSL_STUB("wolfSSL_get_app_data");
 
         return 0;
     }
 
-    void WOLFSSL_set_app_data(WOLFSSL *ssl, void *arg) {
+    void wolfSSL_set_app_data(WOLFSSL *ssl, void *arg) {
         (void)ssl;
         (void)arg;
+        WOLFSSL_ENTER("wolfSSL_set_app_data");
+        WOLFSSL_STUB("wolfSSL_set_app_data");
     }
 
-    WOLFSSL_ASN1_OBJECT * WOLFSSL_X509_NAME_ENTRY_get_object(WOLFSSL_X509_NAME_ENTRY *ne) {
+    WOLFSSL_ASN1_OBJECT * wolfSSL_X509_NAME_ENTRY_get_object(WOLFSSL_X509_NAME_ENTRY *ne) {
         (void)ne;
+        WOLFSSL_ENTER("wolfSSL_X509_NAME_ENTRY_get_object");
+        WOLFSSL_STUB("wolfSSL_X509_NAME_ENTRY_get_object");
 
         return NULL;
     }
 
-    WOLFSSL_X509_NAME_ENTRY *WOLFSSL_X509_NAME_get_entry(WOLFSSL_X509_NAME *name, int loc) {
+    WOLFSSL_X509_NAME_ENTRY *wolfSSL_X509_NAME_get_entry(WOLFSSL_X509_NAME *name, int loc) {
         (void)name;
         (void)loc;
+        WOLFSSL_ENTER("wolfSSL_X509_NAME_get_entry");
+        WOLFSSL_STUB("wolfSSL_X509_NAME_get_entry");
 
         return NULL;
     }
 
-    void WOLFSSL_X509_NAME_free(WOLFSSL_X509_NAME *name){
+    void wolfSSL_X509_NAME_free(WOLFSSL_X509_NAME *name){
         FreeX509Name(name);
+        WOLFSSL_ENTER("wolfSSL_X509_NAME_free");
+        WOLFSSL_STUB("wolfSSL_X509_NAME_free");
     }
 
     void wolfSSL_sk_X509_NAME_pop_free(STACK_OF(WOLFSSL_X509_NAME)* sk, void f (WOLFSSL_X509_NAME*)){
         (void) sk;
         (void) f;
+        WOLFSSL_ENTER("wolfSSL_sk_X509_NAME_pop_free");
+        WOLFSSL_STUB("wolfSSL_sk_X509_NAME_pop_free");
     }
 
     int wolfSSL_X509_check_private_key(WOLFSSL_X509 *x509, WOLFSSL_EVP_PKEY *key){
         (void) x509;
         (void) key;
-        return 0;
+        WOLFSSL_ENTER("wolfSSL_X509_check_private_key");
+        WOLFSSL_STUB("wolfSSL_X509_check_private_key");
+
+        return SSL_SUCCESS;
     }
 
     STACK_OF(WOLFSSL_X509_NAME) *wolfSSL_dup_CA_list( STACK_OF(WOLFSSL_X509_NAME) *sk ){
         (void) sk;
+        WOLFSSL_ENTER("wolfSSL_dup_CA_list");
+        WOLFSSL_STUB("wolfSSL_dup_CA_list");
+
         return NULL;
     }
 
 #endif
 #endif
 
+
+#ifdef OPENSSL_EXTRA
+void* wolfSSL_CTX_get_ex_data(const WOLFSSL_CTX* ctx, int idx)
+{
+    WOLFSSL_ENTER("wolfSSL_CTX_get_ex_data");
+    #ifdef HAVE_STUNNEL
+    if(ctx != NULL && idx < MAX_EX_DATA) {
+        return ctx->ex_data[idx];
+    }
+    #else
+    (void)ctx;
+    (void)idx;
+    #endif
+    return NULL;
+}
+
+
+int wolfSSL_CTX_get_ex_new_index(long idx, void* arg, void* a, void* b,
+                                void* c)
+{
+    WOLFSSL_ENTER("wolfSSL_CTX_get_ex_new_index");
+    (void)idx;
+    (void)arg;
+    (void)a;
+    (void)b;
+    (void)c;
+    return 0;
+}
+
+
+int wolfSSL_CTX_set_ex_data(WOLFSSL_CTX* ctx, int idx, void* data)
+{
+    WOLFSSL_ENTER("wolfSSL_CTX_set_ex_data");
+    #ifdef HAVE_STUNNEL
+    if (ctx != NULL && idx < MAX_EX_DATA)
+    {
+        ctx->ex_data[idx] = data;
+        return SSL_SUCCESS;
+    }
+    #else
+    (void)ctx;
+    (void)idx;
+    (void)data;
+    #endif
+    return SSL_FAILURE;
+}
+
+
+int wolfSSL_set_ex_data(WOLFSSL* ssl, int idx, void* data)
+{
+    WOLFSSL_ENTER("wolfSSL_set_ex_data");
+#if defined(FORTRESS) || defined(HAVE_STUNNEL)
+    if (ssl != NULL && idx < MAX_EX_DATA)
+    {
+        ssl->ex_data[idx] = data;
+        return SSL_SUCCESS;
+    }
+#else
+    (void)ssl;
+    (void)idx;
+    (void)data;
+#endif
+    return SSL_FAILURE;
+}
+
+
+int wolfSSL_get_ex_new_index(long idx, void* data, void* cb1, void* cb2,
+                         void* cb3)
+{
+    WOLFSSL_ENTER("wolfSSL_get_ex_new_index");
+    (void)idx;
+    (void)data;
+    (void)cb1;
+    (void)cb2;
+    (void)cb3;
+    return 0;
+}
+
+
+void* wolfSSL_get_ex_data(const WOLFSSL* ssl, int idx)
+{
+    WOLFSSL_ENTER("wolfSSL_get_ex_data");
+#if defined(FORTRESS) || defined(HAVE_STUNNEL)
+    if (ssl != NULL && idx < MAX_EX_DATA)
+        return ssl->ex_data[idx];
+#else
+    (void)ssl;
+    (void)idx;
+#endif
+    return 0;
+}
+#endif /* OPENSSL_EXTRA */
+
+
+#if defined(HAVE_LIGHTY) || defined(HAVE_STUNNEL)
+WOLFSSL_BIO *wolfSSL_BIO_new_file(const char *filename, const char *mode) {
+    (void)filename;
+    (void)mode;
+    WOLFSSL_ENTER("wolfSSL_BIO_new_file");
+    WOLFSSL_STUB("wolfSSL_BIO_new_file");
+
+    return NULL;
+}
+
+
+WOLFSSL_DH *wolfSSL_PEM_read_bio_DHparams(WOLFSSL_BIO *bp, WOLFSSL_DH **x, pem_password_cb *cb, void *u)
+{
+    (void) bp;
+    (void) x;
+    (void) cb;
+    (void) u;
+
+    WOLFSSL_ENTER("wolfSSL_PEM_read_bio_DHparams");
+    WOLFSSL_STUB("wolfSSL_PEM_read_bio_DHparams");
+
+    return NULL;
+}
+
+int PEM_write_bio_WOLFSSL_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 *x) {
+    (void)bp;
+    (void)x;
+    WOLFSSL_ENTER("PEM_write_bio_WOLFSSL_X509");
+    WOLFSSL_STUB("PEM_write_bio_WOLFSSL_X509");
+
+    return 0;
+}
+
+
+#ifndef NO_DH
+/* Intialize ctx->dh with dh's params. Return SSL_SUCCESS on ok */
+long wolfSSL_CTX_set_tmp_dh(WOLFSSL_CTX* ctx, WOLFSSL_DH* dh)
+{
+    int pSz, gSz;
+    byte *p, *g;
+    int ret=0;
+
+    WOLFSSL_ENTER("wolfSSL_CTX_set_tmp_dh");
+
+    if(!ctx || !dh)
+        return BAD_FUNC_ARG;
+
+    /* Get needed size for p and g */
+    pSz = wolfSSL_BN_bn2bin(dh->p, NULL);
+    gSz = wolfSSL_BN_bn2bin(dh->g, NULL);
+
+    if(pSz <= 0 || gSz <= 0)
+        return SSL_FATAL_ERROR;
+
+    p = XMALLOC(pSz, ctx->heap, DYNAMIC_TYPE_DH);
+    if(!p)
+        return MEMORY_E;
+
+    g = XMALLOC(gSz, ctx->heap, DYNAMIC_TYPE_DH);
+    if(!g) {
+        XFREE(p, ctx->heap, DYNAMIC_TYPE_DH);
+        return MEMORY_E;
+    }
+
+    pSz = wolfSSL_BN_bn2bin(dh->p, p);
+    gSz = wolfSSL_BN_bn2bin(dh->g, g);
+
+    if(pSz >= 0 && gSz >= 0) /* Conversion successful */
+        ret = wolfSSL_CTX_SetTmpDH(ctx, p, pSz, g, gSz);
+
+    XFREE(p, ctx->heap, DYNAMIC_TYPE_DH);
+    XFREE(g, ctx->heap, DYNAMIC_TYPE_DH);
+
+    return pSz > 0 && gSz > 0 ? ret : SSL_FATAL_ERROR;
+}
+#endif /* NO_DH */
+#endif /* HAVE_LIGHTY || HAVE_STUNNEL */
+
+
+/* stunnel compatability functions*/
+#if defined(OPENSSL_EXTRA) && defined(HAVE_STUNNEL)
+int wolfSSL_SESSION_set_ex_data(WOLFSSL_SESSION* session, int idx, void* data)
+{
+    WOLFSSL_ENTER("wolfSSL_SESSION_set_ex_data");
+    if(session != NULL && idx < MAX_EX_DATA) {
+        session->ex_data[idx] = data;
+        return SSL_SUCCESS;
+    }
+    return SSL_FAILURE;
+}
+
+
+int wolfSSL_SESSION_get_ex_new_index(long idx, void* data, void* cb1,
+       void* cb2, CRYPTO_free_func* cb3)
+{
+    WOLFSSL_ENTER("wolfSSL_SESSION_get_ex_new_index");
+    (void)idx;
+    (void)cb1;
+    (void)cb2;
+    (void)cb3;
+    if(XSTRNCMP(data, "redirect index", 14) == 0) {
+        return 0;
+    }
+    else if(XSTRNCMP(data, "addr index", 10) == 0) {
+        return 1;
+    }
+    return SSL_FAILURE;
+}
+
+
+void* wolfSSL_SESSION_get_ex_data(const WOLFSSL_SESSION* session, int idx)
+{
+    WOLFSSL_ENTER("wolfSSL_SESSION_get_ex_data");
+    if (session != NULL && idx < MAX_EX_DATA)
+        return session->ex_data[idx];
+    return NULL;
+}
+
+
+int wolfSSL_CRYPTO_set_mem_ex_functions(void *(*m) (size_t, const char *, int),
+                                void *(*r) (void *, size_t, const char *,
+                                            int), void (*f) (void *))
+{
+    (void) m;
+    (void) r;
+    (void) f;
+
+    return SSL_FAILURE;
+}
+
+
+WOLFSSL_DH *wolfSSL_DH_generate_parameters(int prime_len, int generator,
+                           void (*callback) (int, int, void *), void *cb_arg)
+{
+    (void)prime_len;
+    (void)generator;
+    (void)callback;
+    (void)cb_arg;
+    return NULL;
+}
+
+
+void wolfSSL_ERR_load_crypto_strings(void){}
+unsigned long wolfSSL_ERR_peek_last_error(void)
+{
+    unsigned long l = 0UL;
+    return l; 
+}
+
+
+int wolfSSL_FIPS_mode(void)
+{
+    return SSL_FAILURE;
+}
+
+int wolfSSL_FIPS_mode_set(int r)
+{
+    (void)r;
+    return SSL_FAILURE;
+}
+
+
+int wolfSSL_RAND_set_rand_method(const void *meth)
+{
+    (void) meth;
+    return SSL_FAILURE;
+}
+
+
+int wolfSSL_CIPHER_get_bits(const WOLFSSL_CIPHER *c, int *alg_bits)
+{
+    int ret = SSL_FAILURE;
+    if(c != NULL && c->ssl != NULL) {
+        ret = 8 * c->ssl->specs.key_size;
+        if(alg_bits != NULL) {
+            *alg_bits = ret;
+        }
+    }
+    return ret;
+}
+
+
+int wolfSSL_sk_X509_NAME_num(const STACK_OF(WOLFSSL_X509_NAME) *s)
+{
+    (void) s;
+    return SSL_FAILURE;
+}
+
+
+int wolfSSL_sk_X509_num(const STACK_OF(WOLFSSL_X509) *s)
+{
+    (void) s;
+    return SSL_FAILURE;
+}
+
+
+int wolfSSL_X509_NAME_print_ex(WOLFSSL_BIO* bio, WOLFSSL_X509_NAME* nm,
+                int indent, unsigned long flags)
+{
+    (void)bio;
+    (void)nm;
+    (void)indent;
+    (void)flags;
+    return SSL_FAILURE;
+}
+
+
+WOLFSSL_ASN1_BIT_STRING* wolfSSL_X509_get0_pubkey_bitstr(const WOLFSSL_X509* x)
+{
+   (void)x;
+   return NULL;
+}
+
+
+int wolfSSL_CTX_add_session(WOLFSSL_CTX* ctx, WOLFSSL_SESSION* session)
+{
+     (void)ctx;
+     (void)session;
+     return SSL_SUCCESS;
+}
+
+
+int wolfSSL_get_state(const WOLFSSL* ssl)
+{
+    (void)ssl;
+    return SSL_FAILURE;
+}
+
+
+void* wolfSSL_sk_X509_NAME_value(STACK_OF(WOLFSSL_X509_NAME)* sk, int i)
+{
+    (void)sk;
+    (void)i;
+    return NULL;
+}
+
+
+void* wolfSSL_sk_X509_value(STACK_OF(WOLFSSL_X509)* sk, int i)
+{
+    (void)sk;
+    (void)i;
+    return NULL;
+}
+
+
+int wolfSSL_version(WOLFSSL* ssl)
+{
+    if (ssl->version.major == SSLv3_MAJOR) {
+        switch (ssl->version.minor) {
+            case SSLv3_MINOR :
+                return SSL3_VERSION;
+            case TLSv1_MINOR :
+            case TLSv1_1_MINOR :
+            case TLSv1_2_MINOR :
+                return TLS1_VERSION;
+            default:
+                return SSL_FAILURE;
+        }
+    }
+    else if (ssl->version.major == DTLS_MAJOR) {
+        switch (ssl->version.minor) {
+            case DTLS_MINOR :
+            case DTLSv1_2_MINOR :
+                return DTLS1_VERSION;
+            default:
+                return SSL_FAILURE;
+        }
+    }
+    return SSL_FAILURE;
+}
+
+
+STACK_OF(WOLFSSL_X509)* wolfSSL_get_peer_cert_chain(const WOLFSSL* ssl)
+{
+    (void)ssl;
+    return NULL;
+}
+
+
+long wolfSSL_CTX_get_options(WOLFSSL_CTX* ctx)
+{
+    (void)ctx;
+    return 0;
+}
+
+
+WOLFSSL_CTX* wolfSSL_get_SSL_CTX(WOLFSSL* ssl)
+{
+    return ssl->ctx;
+}
+
+int wolfSSL_X509_NAME_get_sz(WOLFSSL_X509_NAME* name)
+{
+    if(!name)
+        return -1;
+    return name->sz;
+}
+
+
+const byte* wolfSSL_SESSION_get_id(WOLFSSL_SESSION* sess, unsigned int* idLen)
+{
+    if(!sess || !idLen) {
+        WOLFSSL_MSG("Bad func args. Please provide idLen");
+        return NULL;
+    }
+    *idLen = sess->sessionIDSz;
+    return sess->sessionID;
+}
+#endif /* OPENSSL_EXTRA and HAVE_STUNNEL */
diff --git a/src/tls.c b/src/tls.c
index 5a070f667..39f36bb17 100644
--- a/src/tls.c
+++ b/src/tls.c
@@ -37,7 +37,7 @@
 #endif
 
 #ifdef HAVE_NTRU
-    #include "ntru_crypto.h"
+    #include "libntruencrypt/ntru_crypto.h"
     #include <wolfssl/wolfcrypt/random.h>
 #endif
 #ifdef HAVE_QSH
@@ -2836,7 +2836,7 @@ static word16 TLSX_Write(TLSX* list, byte* output, byte* semaphore,
 
 #ifdef HAVE_NTRU
 
-static word32 GetEntropy(unsigned char* out, unsigned long long num_bytes)
+static word32 GetEntropy(unsigned char* out, word32 num_bytes)
 {
     int ret = 0;
 
@@ -2854,7 +2854,7 @@ static word32 GetEntropy(unsigned char* out, unsigned long long num_bytes)
     }
 
     ret |= LockMutex(rngMutex);
-    ret |= wc_RNG_GenerateBlock(rng, out, (word32)num_bytes);
+    ret |= wc_RNG_GenerateBlock(rng, out, num_bytes);
     ret |= UnLockMutex(rngMutex);
 
     if (ret != 0)
@@ -2947,7 +2947,7 @@ int TLSX_CreateNtruKey(WOLFSSL* ssl, int type)
             WOLFSSL_MSG("Unknown type for creating NTRU key");
             return -1;
     }
-    ret = ntru_crypto_external_drbg_instantiate(GetEntropy, &drbg);
+    ret = ntru_crypto_drbg_external_instantiate(GetEntropy, &drbg);
     if (ret != DRBG_OK) {
         WOLFSSL_MSG("NTRU drbg instantiate failed\n");
         return ret;
diff --git a/support/wolfssl.pc b/support/wolfssl.pc
index 024f117ab..f95d19b7a 100644
--- a/support/wolfssl.pc
+++ b/support/wolfssl.pc
@@ -5,6 +5,6 @@ includedir=${prefix}/include
 
 Name: wolfssl
 Description: wolfssl C library.
-Version: 3.6.1
+Version: 3.6.2
 Libs: -L${libdir} -lwolfssl
 Cflags: -I${includedir}
diff --git a/tests/test-qsh.conf b/tests/test-qsh.conf
index 8261f147d..0f59c428f 100644
--- a/tests/test-qsh.conf
+++ b/tests/test-qsh.conf
@@ -2018,4 +2018,7 @@
 -c ./certs/ntru-cert.pem
 -k ./certs/ntru-key.raw
 
+# client TLSv1.2 NTRU_AES128
+-v 3
+-l QSH:NTRU-AES128-SHA
 
diff --git a/tests/test.conf b/tests/test.conf
index 963db7b06..9e6d0674a 100644
--- a/tests/test.conf
+++ b/tests/test.conf
@@ -2018,4 +2018,7 @@
 -c ./certs/ntru-cert.pem
 -k ./certs/ntru-key.raw
 
+# client TLSv1.2 NTRU_AES128
+-v 3
+-l NTRU-AES128-SHA
 
diff --git a/wolfcrypt/benchmark/benchmark.c b/wolfcrypt/benchmark/benchmark.c
index 891ce0bf9..e68af6177 100644
--- a/wolfcrypt/benchmark/benchmark.c
+++ b/wolfcrypt/benchmark/benchmark.c
@@ -71,7 +71,7 @@
     #include "cavium_ioctl.h"
 #endif
 #ifdef HAVE_NTRU
-    #include "ntru_crypto.h"
+    #include "libntruencrypt/ntru_crypto.h"
 #endif
 
 #if defined(WOLFSSL_MDK_ARM)
diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
index e9019456d..90edfc77c 100644
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -49,7 +49,7 @@
 #endif
 
 #ifdef HAVE_NTRU
-    #include "ntru_crypto.h"
+    #include "libntruencrypt/ntru_crypto.h"
 #endif
 
 #if defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA384)
diff --git a/wolfcrypt/src/coding.c b/wolfcrypt/src/coding.c
index bed85a5a1..0dff4c94d 100644
--- a/wolfcrypt/src/coding.c
+++ b/wolfcrypt/src/coding.c
@@ -166,8 +166,8 @@ static int CEscape(int escaped, byte e, byte* out, word32* i, word32 max,
     else
         basic = base64Encode[e];
 
-    /* check whether to escape */
-    if (escaped) {
+    /* check whether to escape. Only escape for EncodeEsc */
+    if (escaped == WC_ESC_NL_ENC) {
         switch ((char)basic) {
             case '+' :
                 plus     = 1;
@@ -235,15 +235,17 @@ static int DoBase64_Encode(const byte* in, word32 inLen, byte* out,
     word32 outSz = (inLen + 3 - 1) / 3 * 4;
     word32 addSz = (outSz + PEM_LINE_SZ - 1) / PEM_LINE_SZ;  /* new lines */
 
-    if (escaped)
+    if (escaped == WC_ESC_NL_ENC)
         addSz *= 3;   /* instead of just \n, we're doing %0A triplet */
+    else if (escaped == WC_NO_NL_ENC)
+        addSz = 0;    /* encode without \n */
 
     outSz += addSz;
 
     /* if escaped we can't predetermine size for one pass encoding, but
      * make sure we have enough if no escapes are in input */
     if (outSz > *outLen) return BAD_FUNC_ARG;
-    
+
     while (inLen > 2) {
         byte b1 = in[j++];
         byte b2 = in[j++];
@@ -267,7 +269,8 @@ static int DoBase64_Encode(const byte* in, word32 inLen, byte* out,
 
         inLen -= 3;
 
-        if ((++n % (PEM_LINE_SZ / 4)) == 0 && inLen) {
+        /* Insert newline after PEM_LINE_SZ, unless no \n requested */
+        if (escaped != WC_NO_NL_ENC && (++n % (PEM_LINE_SZ/4)) == 0 && inLen){
             ret = CEscape(escaped, '\n', out, &i, *outLen, 1);
             if (ret != 0) break;
         }
@@ -285,44 +288,48 @@ static int DoBase64_Encode(const byte* in, word32 inLen, byte* out,
         byte e3 = (byte)((b2 & 0xF) << 2);
 
         ret = CEscape(escaped, e1, out, &i, *outLen, 0);
-        if (ret == 0) 
+        if (ret == 0)
             ret = CEscape(escaped, e2, out, &i, *outLen, 0);
         if (ret == 0) {
             /* third */
             if (twoBytes)
                 ret = CEscape(escaped, e3, out, &i, *outLen, 0);
-            else 
+            else
                 ret = CEscape(escaped, '=', out, &i, *outLen, 1);
         }
         /* fourth always pad */
         if (ret == 0)
             ret = CEscape(escaped, '=', out, &i, *outLen, 1);
-    } 
+    }
 
-    if (ret == 0) 
+    if (ret == 0 && escaped != WC_NO_NL_ENC)
         ret = CEscape(escaped, '\n', out, &i, *outLen, 1);
 
-    if (i != outSz && escaped == 0 && ret == 0)
-        return ASN_INPUT_E; 
+    if (i != outSz && escaped != 1 && ret == 0)
+        return ASN_INPUT_E;
 
     *outLen = i;
-    return ret; 
+    return ret;
 }
 
 
 /* Base64 Encode, PEM style, with \n line endings */
 int Base64_Encode(const byte* in, word32 inLen, byte* out, word32* outLen)
 {
-    return DoBase64_Encode(in, inLen, out, outLen, 0);
+    return DoBase64_Encode(in, inLen, out, outLen, WC_STD_ENC);
 }
 
 
 /* Base64 Encode, with %0A esacped line endings instead of \n */
 int Base64_EncodeEsc(const byte* in, word32 inLen, byte* out, word32* outLen)
 {
-    return DoBase64_Encode(in, inLen, out, outLen, 1);
+    return DoBase64_Encode(in, inLen, out, outLen, WC_ESC_NL_ENC);
 }
 
+int Base64_Encode_NoNl(const byte* in, word32 inLen, byte* out, word32* outLen)
+{
+    return DoBase64_Encode(in, inLen, out, outLen, WC_NO_NL_ENC);
+}
 
 #endif  /* defined(WOLFSSL_BASE64_ENCODE) */
 
diff --git a/wolfcrypt/src/dsa.c b/wolfcrypt/src/dsa.c
index 1f9308e86..dc0e20e4b 100644
--- a/wolfcrypt/src/dsa.c
+++ b/wolfcrypt/src/dsa.c
@@ -18,6 +18,7 @@
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
  */
+#include <stdio.h>
 
 #ifdef HAVE_CONFIG_H
     #include <config.h>
@@ -93,6 +94,8 @@ int wc_MakeDsaKey(RNG *rng, DsaKey *dsa)
         return BAD_FUNC_ARG;
 
     qsize = mp_unsigned_bin_size(&dsa->q);
+    if (qsize == 0)
+        return BAD_FUNC_ARG;
 
     /* allocate ram */
     buf = (unsigned char *)XMALLOC(qsize, NULL,
@@ -114,9 +117,6 @@ int wc_MakeDsaKey(RNG *rng, DsaKey *dsa)
             return err;
         }
 
-        /* force magnitude */
-        buf[0] |= 0xC0;
-        
         err = mp_read_unsigned_bin(&dsa->x, buf, qsize);
         if (err != MP_OKAY) {
             mp_clear(&dsa->x);
@@ -148,9 +148,11 @@ int wc_MakeDsaKey(RNG *rng, DsaKey *dsa)
 /* modulus_size in bits */
 int wc_MakeDsaParameters(RNG *rng, int modulus_size, DsaKey *dsa)
 {
-    mp_int         tmp, tmp2;
-    int            err, res, msize, qsize, loop;
-    unsigned char  *buf;
+    mp_int  tmp, tmp2;
+    int     err, msize, qsize,
+            loop_check_prime = 0,
+            check_prime = MP_NO;
+    unsigned char   *buf;
 
     if (rng == NULL || dsa == NULL)
         return BAD_FUNC_ARG;
@@ -174,43 +176,16 @@ int wc_MakeDsaParameters(RNG *rng, int modulus_size, DsaKey *dsa)
     /* modulus size in bytes */
     msize = modulus_size / 8;
 
-    if (mp_init(&dsa->q) != MP_OKAY)
-        return MP_INIT_E;
-
-    /* make our prime q */
-    err = mp_rand_prime(&dsa->q, qsize, rng, NULL);
-    if (err != MP_OKAY) {
-        mp_clear(&dsa->q);
-        return err;
-    }
-
-    if (mp_init(&tmp) != MP_OKAY) {
-        mp_clear(&dsa->q);
-        return MP_INIT_E;
-    }
-
-    /* tmp = 2q  */
-    err = mp_add(&dsa->q, &dsa->q, &tmp);
-    if (err != MP_OKAY) {
-        mp_clear(&dsa->q);
-        mp_clear(&tmp);
-        return err;
-    }
-
     /* allocate ram */
     buf = (unsigned char *)XMALLOC(msize - qsize,
                                    NULL, DYNAMIC_TYPE_TMP_BUFFER);
     if (buf == NULL) {
-        mp_clear(&dsa->q);
-        mp_clear(&tmp);
         return MEMORY_E;
     }
 
-    /* now make a random string and multply it against q */
+    /* make a random string that will be multplied against q */
     err = wc_RNG_GenerateBlock(rng, buf, msize - qsize);
     if (err != MP_OKAY) {
-        mp_clear(&dsa->q);
-        mp_clear(&tmp);
         XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
         return err;
     }
@@ -221,9 +196,8 @@ int wc_MakeDsaParameters(RNG *rng, int modulus_size, DsaKey *dsa)
     /* force even */
     buf[msize - qsize - 1] &= ~1;
 
-    if (mp_init_multi(&tmp2, &dsa->p, 0, 0, 0, 0) != MP_OKAY) {
+    if (mp_init_multi(&tmp2, &dsa->p, &dsa->q, 0, 0, 0) != MP_OKAY) {
         mp_clear(&dsa->q);
-        mp_clear(&tmp);
         XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
         return MP_INIT_E;
     }
@@ -232,25 +206,48 @@ int wc_MakeDsaParameters(RNG *rng, int modulus_size, DsaKey *dsa)
     if (err != MP_OKAY) {
         mp_clear(&dsa->q);
         mp_clear(&dsa->p);
-        mp_clear(&tmp);
         mp_clear(&tmp2);
         XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
         return err;
     }
     XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 
-    /* p = tmp2 * q */
-    err = mp_mul(&dsa->q, &tmp2, &dsa->p);
+    /* make our prime q */
+    err = mp_rand_prime(&dsa->q, qsize, rng, NULL);
     if (err != MP_OKAY) {
         mp_clear(&dsa->q);
         mp_clear(&dsa->p);
-        mp_clear(&tmp);
         mp_clear(&tmp2);
         return err;
     }
 
-    /* p = tmp2 * q + 1, so q is a prime divisor of p-1 */
+    /* p = random * q */
+    err = mp_mul(&dsa->q, &tmp2, &dsa->p);
+    if (err != MP_OKAY) {
+        mp_clear(&dsa->q);
+        mp_clear(&dsa->p);
+        mp_clear(&tmp2);
+        return err;
+    }
+
+    /* p = random * q + 1, so q is a prime divisor of p-1 */
     err = mp_add_d(&dsa->p, 1, &dsa->p);
+    if (err != MP_OKAY) {
+        mp_clear(&dsa->q);
+        mp_clear(&dsa->p);
+        mp_clear(&tmp2);
+        return err;
+    }
+
+    if (mp_init(&tmp) != MP_OKAY) {
+        mp_clear(&dsa->q);
+        mp_clear(&dsa->p);
+        mp_clear(&tmp2);
+        return MP_INIT_E;
+    }
+
+    /* tmp = 2q  */
+    err = mp_add(&dsa->q, &dsa->q, &tmp);
     if (err != MP_OKAY) {
         mp_clear(&dsa->q);
         mp_clear(&dsa->p);
@@ -260,8 +257,8 @@ int wc_MakeDsaParameters(RNG *rng, int modulus_size, DsaKey *dsa)
     }
 
     /* loop until p is prime */
-    for (loop = 0; loop++;) {
-        err = mp_prime_is_prime(&dsa->p, 8, &res);
+    while (check_prime == MP_NO) {
+        err = mp_prime_is_prime(&dsa->p, 8, &check_prime);
         if (err != MP_OKAY) {
             mp_clear(&dsa->q);
             mp_clear(&dsa->p);
@@ -270,25 +267,26 @@ int wc_MakeDsaParameters(RNG *rng, int modulus_size, DsaKey *dsa)
             return err;
         }
 
-        if (res == MP_YES)
-            break;
+        if (check_prime != MP_YES) {
+            /* p += 2q */
+            err = mp_add(&tmp, &dsa->p, &dsa->p);
+            if (err != MP_OKAY) {
+                mp_clear(&dsa->q);
+                mp_clear(&dsa->p);
+                mp_clear(&tmp);
+                mp_clear(&tmp2);
+                return err;
+            }
 
-        /* p += 2q */
-        err = mp_add(&tmp, &dsa->p, &dsa->p);
-        if (err != MP_OKAY) {
-            mp_clear(&dsa->q);
-            mp_clear(&dsa->p);
-            mp_clear(&tmp);
-            mp_clear(&tmp2);
-            return err;
+            loop_check_prime++;
         }
     }
 
-    /* tmp2 += (2*loop)
+    /* tmp2 += (2*loop_check_prime)
      * to have p = (q * tmp2) + 1 prime
      */
-    if (loop) {
-        err = mp_add_d(&tmp2, 2*loop, &tmp2);
+    if (loop_check_prime) {
+        err = mp_add_d(&tmp2, 2*loop_check_prime, &tmp2);
         if (err != MP_OKAY) {
             mp_clear(&dsa->q);
             mp_clear(&dsa->p);
diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c
index d247cb3b7..f9b82f220 100644
--- a/wolfcrypt/src/ecc.c
+++ b/wolfcrypt/src/ecc.c
@@ -4912,7 +4912,7 @@ static int ecc_get_key_sizes(ecEncCtx* ctx, int* encKeySz, int* ivSz,
         switch (ctx->encAlgo) {
             case ecAES_128_CBC:
                 *encKeySz = KEY_SIZE_128;
-                *ivSz     = IV_SIZE_64;
+                *ivSz     = IV_SIZE_128;
                 *blockSz  = AES_BLOCK_SIZE;
                 break;
             default:
diff --git a/wolfcrypt/src/integer.c b/wolfcrypt/src/integer.c
index aaf9954b5..5f337fd30 100644
--- a/wolfcrypt/src/integer.c
+++ b/wolfcrypt/src/integer.c
@@ -963,7 +963,7 @@ top:
 
   /* if not zero goto step 4 */
   if (mp_iszero (&u) == 0) {
-    if (++loop_check > 1024) {
+    if (++loop_check > 4096) {
         res = MP_VAL;
         goto LBL_ERR;
     }
@@ -2501,33 +2501,6 @@ int mp_reduce_2k_setup(mp_int *a, mp_digit *d)
 }
 
 
-/* computes a = 2**b
- *
- * Simple algorithm which zeroes the int, grows it then just sets one bit
- * as required.
- */
-int
-mp_2expt (mp_int * a, int b)
-{
-  int     res;
-
-  /* zero a as per default */
-  mp_zero (a);
-
-  /* grow a to accomodate the single bit */
-  if ((res = mp_grow (a, b / DIGIT_BIT + 1)) != MP_OKAY) {
-    return res;
-  }
-
-  /* set the used count of where the bit will go */
-  a->used = b / DIGIT_BIT + 1;
-
-  /* put the single bit in its place */
-  a->dp[b / DIGIT_BIT] = ((mp_digit)1) << (b % DIGIT_BIT);
-
-  return MP_OKAY;
-}
-
 /* set the b bit of a */
 int
 mp_set_bit (mp_int * a, int b)
@@ -2550,6 +2523,19 @@ mp_set_bit (mp_int * a, int b)
     return MP_OKAY;
 }
 
+/* computes a = 2**b
+ *
+ * Simple algorithm which zeroes the int, set the required bit
+ */
+int
+mp_2expt (mp_int * a, int b)
+{
+    /* zero a as per default */
+    mp_zero (a);
+
+    return mp_set_bit(a, b);
+}
+
 /* multiply by a digit */
 int
 mp_mul_d (mp_int * a, mp_digit b, mp_int * c)
diff --git a/wolfcrypt/src/tfm.c b/wolfcrypt/src/tfm.c
index cbb922199..5c5f60bda 100755
--- a/wolfcrypt/src/tfm.c
+++ b/wolfcrypt/src/tfm.c
@@ -933,7 +933,7 @@ top:
 
   /* if not zero goto step 4 */
   if (fp_iszero (&u) == FP_NO) {
-    if (++loop_check > 1024) /* bad input */
+    if (++loop_check > 4096) /* bad input */
       return FP_VAL;
     goto top;
   }
@@ -1840,11 +1840,11 @@ int fp_set_bit (fp_int * a, fp_digit b)
         i = b/DIGIT_BIT;
 
     /* set the used count of where the bit will go if required */
-    if (a->used < (int)(i + 1))
-        a->used = (int)(i + 1);
+    if (a->used < (int)(i+1))
+        a->used = (int)(i+1);
 
     /* put the single bit in its place */
-    a->dp[i] |= ((mp_digit)1) << (b % DIGIT_BIT);
+    a->dp[i] |= ((fp_digit)1) << (b % DIGIT_BIT);
 
     return MP_OKAY;
 }
@@ -1868,6 +1868,7 @@ int fp_count_bits (fp_int * a)
     ++r;
     q >>= ((fp_digit) 1);
   }
+
   return r;
 }
 
diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c
index f4a624432..a36a2fa36 100644
--- a/wolfcrypt/test/test.c
+++ b/wolfcrypt/test/test.c
@@ -115,7 +115,7 @@
 #endif
 
 #ifdef HAVE_NTRU
-    #include "ntru_crypto.h"
+    #include "libntruencrypt/ntru_crypto.h"
 #endif
 #ifdef HAVE_CAVIUM
     #include "cavium_sysdep.h"
@@ -3386,7 +3386,6 @@ int rsa_test(void)
     wc_RsaInitCavium(&key, CAVIUM_DEV_ID);
 #endif
 
-printf("1\n");
     ret = wc_InitRsaKey(&key, 0);
     if (ret != 0) {
         free(tmp);
@@ -3447,7 +3446,7 @@ printf("1\n");
         free(tmp);
         return -49;
     }
-printf("11\n");
+
     bytes = fread(tmp, 1, FOURK_BUF, file2);
     fclose(file2);
 #endif
@@ -3467,7 +3466,6 @@ printf("11\n");
     (void)bytes;
 #endif
 
-printf("111\n");
 #ifdef WOLFSSL_KEY_GEN
     {
         byte*  der;
@@ -3478,7 +3476,7 @@ printf("111\n");
         RsaKey genKey;
         FILE*  keyFile;
         FILE*  pemFile;
-printf("2\n");
+
         ret = wc_InitRsaKey(&genKey, 0);
         if (ret != 0)
             return -300;
@@ -3504,7 +3502,7 @@ printf("2\n");
             free(pem);
             return -302;
         }
-printf("22\n");
+
 #ifdef FREESCALE_MQX
         keyFile = fopen("a:\\certs\\key.der", "wb");
 #else
@@ -3532,7 +3530,7 @@ printf("22\n");
             wc_FreeRsaKey(&genKey);
             return -304;
         }
-printf("222\n");
+
 #ifdef FREESCALE_MQX
         pemFile = fopen("a:\\certs\\key.pem", "wb");
 #else
@@ -3569,7 +3567,7 @@ printf("222\n");
             wc_FreeRsaKey(&genKey);
             return -306;
         }
-printf("2222\n");
+
         wc_FreeRsaKey(&derIn);
         wc_FreeRsaKey(&genKey);
         free(pem);
@@ -3577,7 +3575,6 @@ printf("2222\n");
     }
 #endif /* WOLFSSL_KEY_GEN */
 
-printf("3\n");
 #ifdef WOLFSSL_CERT_GEN
     /* self signed */
     {
@@ -3600,7 +3597,7 @@ printf("3\n");
             free(derCert);
             return -310;
         }
-printf("33\n");
+
         wc_InitCert(&myCert);
 
         strncpy(myCert.subject.country, "US", CTC_NAME_SIZE);
@@ -3630,7 +3627,7 @@ printf("33\n");
         }
         FreeDecodedCert(&decode);
 #endif
-printf("333\n");
+
 #ifdef FREESCALE_MQX
         derFile = fopen("a:\\certs\\cert.der", "wb");
 #else
@@ -3648,14 +3645,14 @@ printf("333\n");
             free(pem);
             return -414;
         }
-printf("4\n");
+
         pemSz = wc_DerToPem(derCert, certSz, pem, FOURK_BUF, NULL, CERT_TYPE);
         if (pemSz < 0) {
             free(derCert);
             free(pem);
             return -404;
         }
-printf("41\n");
+
 #ifdef FREESCALE_MQX
         pemFile = fopen("a:\\certs\\cert.pem", "wb");
 #else
@@ -4430,8 +4427,111 @@ int dsa_test(void)
     if (answer != 1) return -65;
 
     wc_FreeDsaKey(&key);
-    wc_FreeRng(&rng);
 
+#ifdef WOLFSSL_KEY_GEN
+    {
+    byte*  der;
+    byte*  pem;
+    int    derSz = 0;
+    int    pemSz = 0;
+    DsaKey derIn;
+    DsaKey genKey;
+    FILE*  keyFile;
+    FILE*  pemFile;
+
+    wc_InitDsaKey(&genKey);
+    ret = wc_MakeDsaParameters(&rng, 1024, &genKey);
+    if (ret != 0) return -362;
+
+    ret = wc_MakeDsaKey(&rng, &genKey);
+    if (ret != 0) return -363;
+
+    der = (byte*)malloc(FOURK_BUF);
+    if (der == NULL) {
+        wc_FreeDsaKey(&genKey);
+        return -364;
+    }
+    pem = (byte*)malloc(FOURK_BUF);
+    if (pem == NULL) {
+        free(der);
+        wc_FreeDsaKey(&genKey);
+        return -365;
+    }
+
+    derSz = wc_DsaKeyToDer(&genKey, der, FOURK_BUF);
+    if (derSz < 0) {
+        free(der);
+        free(pem);
+        return -366;
+    }
+
+#ifdef FREESCALE_MQX
+    keyFile = fopen("a:\\certs\\key.der", "wb");
+#else
+    keyFile = fopen("./key.der", "wb");
+#endif
+    if (!keyFile) {
+        free(der);
+        free(pem);
+        wc_FreeDsaKey(&genKey);
+        return -367;
+    }
+    ret = (int)fwrite(der, 1, derSz, keyFile);
+    fclose(keyFile);
+    if (ret != derSz) {
+        free(der);
+        free(pem);
+        wc_FreeDsaKey(&genKey);
+        return -368;
+    }
+
+    pemSz = wc_DerToPem(der, derSz, pem, FOURK_BUF, NULL, DSA_PRIVATEKEY_TYPE);
+    if (pemSz < 0) {
+        free(der);
+        free(pem);
+        wc_FreeDsaKey(&genKey);
+        return -369;
+    }
+
+#ifdef FREESCALE_MQX
+    pemFile = fopen("a:\\certs\\key.pem", "wb");
+#else
+    pemFile = fopen("./key.pem", "wb");
+#endif
+    if (!pemFile) {
+        free(der);
+        free(pem);
+        wc_FreeDsaKey(&genKey);
+        return -370;
+    }
+    ret = (int)fwrite(pem, 1, pemSz, pemFile);
+    fclose(pemFile);
+    if (ret != pemSz) {
+        free(der);
+        free(pem);
+        wc_FreeDsaKey(&genKey);
+        return -371;
+    }
+
+    wc_InitDsaKey(&derIn);
+    idx = 0;
+    ret = wc_DsaPrivateKeyDecode(der, &idx, &derIn, derSz);
+    if (ret != 0) {
+        free(der);
+        free(pem);
+        wc_FreeDsaKey(&derIn);
+        wc_FreeDsaKey(&genKey);
+        return -373;
+    }
+
+    wc_FreeDsaKey(&derIn);
+    wc_FreeDsaKey(&genKey);
+    free(pem);
+    free(der);
+    }
+#endif /* WOLFSSL_KEY_GEN */
+
+    wc_FreeRng(&rng);
     return 0;
 }
 
diff --git a/wolfssl/internal.h b/wolfssl/internal.h
index 9664bf0e4..66c0d18cd 100644
--- a/wolfssl/internal.h
+++ b/wolfssl/internal.h
@@ -890,7 +890,7 @@ enum Misc {
 
     MAX_WOLFSSL_FILE_SIZE = 1024 * 1024 * 4,  /* 4 mb file size alloc limit */
 
-#ifdef FORTRESS
+#if defined(FORTRESS) || defined (HAVE_STUNNEL)
     MAX_EX_DATA        =   3,  /* allow for three items of ex_data */
 #endif
 
@@ -1612,8 +1612,11 @@ struct WOLFSSL_CTX {
 #endif /* HAVE_ANON */
 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
     pem_password_cb passwd_cb;
-    void*            userdata;
+    void*           userdata;
 #endif /* OPENSSL_EXTRA */
+#ifdef HAVE_STUNNEL
+    void*           ex_data[MAX_EX_DATA];
+#endif
 #ifdef HAVE_OCSP
     WOLFSSL_OCSP      ocsp;
 #endif
@@ -1847,6 +1850,9 @@ struct WOLFSSL_SESSION {
     word16       ticketLen;
     byte         ticket[SESSION_TICKET_LEN];
 #endif
+#ifdef HAVE_STUNNEL
+    void*        ex_data[MAX_EX_DATA];
+#endif
 };
 
 
@@ -2300,7 +2306,7 @@ struct WOLFSSL {
 #ifdef KEEP_PEER_CERT
     WOLFSSL_X509     peerCert;           /* X509 peer cert */
 #endif
-#ifdef FORTRESS
+#if defined(FORTRESS) || defined(HAVE_STUNNEL)
     void*           ex_data[MAX_EX_DATA]; /* external data, for Fortress */
 #endif
 #ifdef HAVE_CAVIUM
diff --git a/wolfssl/openssl/asn1.h b/wolfssl/openssl/asn1.h
index 3f34d7d2c..11cafa840 100644
--- a/wolfssl/openssl/asn1.h
+++ b/wolfssl/openssl/asn1.h
@@ -1,2 +1,19 @@
 /* asn1.h for openssl */
 
+#ifndef WOLFSSL_ASN1_H_
+#define WOLFSSL_ASN1_H_
+struct WOLFSSL_ASN1_BIT_STRING {
+    int length;
+    int type;
+    char* data;
+    long flags;
+};
+
+struct WOLFSSL_ASN1_STRING {
+    int length;
+    int type;
+    char* data;
+    long flags;
+};
+
+#endif /* WOLFSSL_ASN1_H_ */
diff --git a/wolfssl/openssl/bn.h b/wolfssl/openssl/bn.h
index 225e6976d..c56a3cfca 100644
--- a/wolfssl/openssl/bn.h
+++ b/wolfssl/openssl/bn.h
@@ -77,7 +77,9 @@ WOLFSSL_API int wolfSSL_BN_is_prime_ex(const WOLFSSL_BIGNUM*, int,
                                        WOLFSSL_BN_CTX*, WOLFSSL_BN_GENCB*);
 WOLFSSL_API WOLFSSL_BN_ULONG wolfSSL_BN_mod_word(const WOLFSSL_BIGNUM*,
                                                  WOLFSSL_BN_ULONG);
-WOLFSSL_API int wolfSSL_BN_print_fp(FILE*, const WOLFSSL_BIGNUM*);
+#ifndef NO_FILESYSTEM
+    WOLFSSL_API int wolfSSL_BN_print_fp(FILE*, const WOLFSSL_BIGNUM*);
+#endif
 WOLFSSL_API int wolfSSL_BN_rshift(WOLFSSL_BIGNUM*, const WOLFSSL_BIGNUM*, int);
 WOLFSSL_API WOLFSSL_BIGNUM *wolfSSL_BN_CTX_get(WOLFSSL_BN_CTX *ctx);
 WOLFSSL_API void wolfSSL_BN_CTX_start(WOLFSSL_BN_CTX *ctx);
diff --git a/wolfssl/openssl/crypto.h b/wolfssl/openssl/crypto.h
index 8f7c6f40e..034b1cfe1 100644
--- a/wolfssl/openssl/crypto.h
+++ b/wolfssl/openssl/crypto.h
@@ -21,6 +21,14 @@ WOLFSSL_API unsigned long wolfSSLeay(void);
 #define SSLEAY_VERSION 0x0090600fL
 #define SSLEAY_VERSION_NUMBER SSLEAY_VERSION
 
+#ifdef HAVE_STUNNEL
+#define CRYPTO_set_mem_ex_functions      wolfSSL_CRYPTO_set_mem_ex_functions
+#define FIPS_mode                        wolfSSL_FIPS_mode
+#define FIPS_mode_set                    wolfSSL_FIPS_mode_set
+typedef struct CRYPTO_EX_DATA            CRYPTO_EX_DATA;
+typedef void (CRYPTO_free_func)(void*parent, void*ptr, CRYPTO_EX_DATA *ad, int idx,
+        long argl, void* argp);
+#endif /* HAVE_STUNNEL */
 
 #endif /* header */
 
diff --git a/wolfssl/openssl/dh.h b/wolfssl/openssl/dh.h
index 2bdb67522..e38b7f7af 100644
--- a/wolfssl/openssl/dh.h
+++ b/wolfssl/openssl/dh.h
@@ -11,7 +11,7 @@
     extern "C" {
 #endif
 
-typedef struct WOLFSSL_DH {
+struct WOLFSSL_DH {
     WOLFSSL_BIGNUM* p;
     WOLFSSL_BIGNUM* g;
     WOLFSSL_BIGNUM* pub_key;      /* openssh deference g^x */
@@ -23,7 +23,7 @@ typedef struct WOLFSSL_DH {
      * lighttpd src code.
      */
      int length;
-} WOLFSSL_DH;
+};
 
 
 WOLFSSL_API WOLFSSL_DH* wolfSSL_DH_new(void);
@@ -48,4 +48,7 @@ typedef WOLFSSL_DH DH;
     }  /* extern "C" */ 
 #endif
 
+#ifdef HAVE_STUNNEL
+#define DH_generate_parameters wolfSSL_DH_generate_parameters
+#endif /* HAVE_STUNNEL */
 #endif /* header */
diff --git a/wolfssl/openssl/ecdh.h b/wolfssl/openssl/ecdh.h
index b5583dd93..57d9e2e37 100644
--- a/wolfssl/openssl/ecdh.h
+++ b/wolfssl/openssl/ecdh.h
@@ -7,7 +7,7 @@
 #include <wolfssl/openssl/bn.h>
 
 #ifdef __cplusplus
-extern C {
+extern "C" {
 #endif
 
 
diff --git a/wolfssl/openssl/ecdsa.h b/wolfssl/openssl/ecdsa.h
index 22b2d4cda..a92841fff 100644
--- a/wolfssl/openssl/ecdsa.h
+++ b/wolfssl/openssl/ecdsa.h
@@ -35,4 +35,5 @@ WOLFSSL_API int wolfSSL_ECDSA_do_verify(const unsigned char *dgst,
 }  /* extern "C" */
 #endif
 
-#endif /* header */
\ No newline at end of file
+#endif /* header */
+
diff --git a/wolfssl/openssl/err.h b/wolfssl/openssl/err.h
index 7e7f1eb78..951386868 100644
--- a/wolfssl/openssl/err.h
+++ b/wolfssl/openssl/err.h
@@ -1,2 +1,3 @@
 /* err.h for openssl */
-
+#define ERR_load_crypto_strings          wolfSSL_ERR_load_crypto_strings
+#define ERR_peek_last_error              wolfSSL_ERR_peek_last_error
diff --git a/wolfssl/openssl/opensslv.h b/wolfssl/openssl/opensslv.h
index dc8de4260..e569ec52a 100644
--- a/wolfssl/openssl/opensslv.h
+++ b/wolfssl/openssl/opensslv.h
@@ -5,7 +5,15 @@
 
 
 /* api version compatibility */
-#define OPENSSL_VERSION_NUMBER 0x0090810fL
+#if defined(HAVE_STUNNEL) || defined(HAVE_LIGHTY)
+     /* version number can be increased for Lighty after compatibility for ECDH
+        is added */
+     #define OPENSSL_VERSION_NUMBER 0x0090700fL
+#else
+     #define OPENSSL_VERSION_NUMBER 0x0090810fL
+#endif
+
+#define OPENSSL_VERSION_TEXT             LIBWOLFSSL_VERSION_STRING
 
 
 #endif /* header */
diff --git a/wolfssl/openssl/rand.h b/wolfssl/openssl/rand.h
index c1fa62e1c..bc1f83a88 100644
--- a/wolfssl/openssl/rand.h
+++ b/wolfssl/openssl/rand.h
@@ -1,4 +1,6 @@
 /* rand.h for openSSL */
 
 #include <wolfssl/openssl/ssl.h>
+#include <wolfssl/wolfcrypt/random.h>
 
+#define RAND_set_rand_method     wolfSSL_RAND_set_rand_method
diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h
index 103d5f217..cae159e55 100644
--- a/wolfssl/openssl/ssl.h
+++ b/wolfssl/openssl/ssl.h
@@ -289,7 +289,7 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX;
 
 #define X509_get_serialNumber wolfSSL_X509_get_serialNumber
 
-#define ASN1_TIME_pr wolfSSL_ASN1_TIME_pr
+#define ASN1_TIME_print wolfSSL_ASN1_TIME_print
 
 #define ASN1_INTEGER_cmp wolfSSL_ASN1_INTEGER_cmp
 #define ASN1_INTEGER_get wolfSSL_ASN1_INTEGER_get
@@ -304,7 +304,7 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX;
 #define SSL_CTX_set_default_passwd_cb_userdata wolfSSL_CTX_set_default_passwd_cb_userdata
 #define SSL_CTX_set_default_passwd_cb wolfSSL_CTX_set_default_passwd_cb
 
-#define SSL_CTX_set_timeout wolfSSL_CTX_set_timeout
+#define SSL_CTX_set_timeout(ctx, to) wolfSSL_CTX_set_timeout(ctx, (unsigned int) to)
 #define SSL_CTX_set_info_callback wolfSSL_CTX_set_info_callback
 
 #define ERR_peek_error wolfSSL_ERR_peek_error
@@ -407,25 +407,21 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX;
 typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY;
 
 #define SSL_CB_HANDSHAKE_START          0x10
-#define X509_NAME_free WOLFSSL_X509_NAME_free
-#define SSL_CTX_use_certificate WOLFSSL_CTX_use_certificate
-#define SSL_CTX_use_PrivateKey WOLFSSL_CTX_use_PrivateKey
-#define BIO_new_file wolfSSL_BIO_new_file
+#define X509_NAME_free wolfSSL_X509_NAME_free
+#define SSL_CTX_use_certificate wolfSSL_CTX_use_certificate
+#define SSL_CTX_use_PrivateKey wolfSSL_CTX_use_PrivateKey
 #define BIO_read_filename wolfSSL_BIO_read_filename
-#define BIO_s_file WOLFSSL_BIO_s_file
+#define BIO_s_file wolfSSL_BIO_s_file
 #define OBJ_nid2sn wolf_OBJ_nid2sn
 #define OBJ_obj2nid wolf_OBJ_obj2nid
 #define OBJ_sn2nid wolf_OBJ_sn2nid
-#define PEM_read_bio_DHparams PEM_read_bio_DHparams
 #define PEM_read_bio_X509 PEM_read_bio_WOLFSSL_X509
-#define PEM_write_bio_X509 PEM_write_bio_WOLFSSL_X509
-#define SSL_CTX_set_tmp_dh WOLFSSL_CTX_set_tmp_dh
 #define SSL_CTX_set_verify_depth wolfSSL_CTX_set_verify_depth
-#define SSL_get_app_data WOLFSSL_get_app_data
-#define SSL_set_app_data WOLFSSL_set_app_data
+#define SSL_get_app_data wolfSSL_get_app_data
+#define SSL_set_app_data wolfSSL_set_app_data
 #define X509_NAME_entry_count wolfSSL_X509_NAME_entry_count
-#define X509_NAME_ENTRY_get_object WOLFSSL_X509_NAME_ENTRY_get_object
-#define X509_NAME_get_entry WOLFSSL_X509_NAME_get_entry
+#define X509_NAME_ENTRY_get_object wolfSSL_X509_NAME_ENTRY_get_object
+#define X509_NAME_get_entry wolfSSL_X509_NAME_get_entry
 #define sk_X509_NAME_pop_free  wolfSSL_sk_X509_NAME_pop_free
 #define SHA1 wolfSSL_SHA1
 #define X509_check_private_key wolfSSL_X509_check_private_key
@@ -433,6 +429,58 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY;
 
 #endif
 
+#if defined(HAVE_STUNNEL) || defined(HAVE_LIGHTY)
+
+#define PEM_read_bio_DHparams wolfSSL_PEM_read_bio_DHparams
+#define PEM_write_bio_X509 PEM_write_bio_WOLFSSL_X509
+#define SSL_CTX_set_tmp_dh wolfSSL_CTX_set_tmp_dh
+#define BIO_new_file wolfSSL_BIO_new_file
+
+
+#endif /* HAVE_STUNNEL || HAVE_LIGHTY */
+
+#ifdef HAVE_STUNNEL
+#include <wolfssl/openssl/asn1.h>
+
+/* defined as: (SSL_ST_ACCEPT|SSL_CB_LOOP), which becomes 0x2001*/
+#define SSL_CB_ACCEPT_LOOP               0x2001 
+#define SSL2_VERSION                     0x0002
+#define SSL3_VERSION                     0x0300
+#define TLS1_VERSION                     0x0301
+#define DTLS1_VERSION                    0xFEFF
+#define SSL23_ST_SR_CLNT_HELLO_A        (0x210|0x2000)
+#define SSL3_ST_SR_CLNT_HELLO_A         (0x110|0x2000)
+#define ASN1_STRFLGS_ESC_MSB             4
+#define X509_V_ERR_CERT_REJECTED         28
+
+#define SSL_alert_desc_string_long       wolfSSL_alert_desc_string_long
+#define SSL_alert_type_string_long       wolfSSL_alert_type_string_long
+#define SSL_CIPHER_get_bits              wolfSSL_CIPHER_get_bits
+#define sk_X509_NAME_num                 wolfSSL_sk_X509_NAME_num
+#define sk_X509_num                      wolfSSL_sk_X509_num
+#define X509_NAME_print_ex               wolfSSL_X509_NAME_print_ex
+#define X509_get0_pubkey_bitstr          wolfSSL_X509_get0_pubkey_bitstr
+#define SSL_CTX_get_options              wolfSSL_CTX_get_options
+
+#define SSL_CTX_flush_sessions           wolfSSL_flush_sessions
+#define SSL_CTX_add_session              wolfSSL_CTX_add_session
+#define SSL_get_SSL_CTX                  wolfSSL_get_SSL_CTX
+#define SSL_version                      wolfSSL_version
+#define SSL_get_state                    wolfSSL_get_state
+#define SSL_state_string_long            wolfSSL_state_string_long
+#define SSL_get_peer_cert_chain          wolfSSL_get_peer_cert_chain
+#define sk_X509_NAME_value               wolfSSL_sk_X509_NAME_value
+#define sk_X509_value                    wolfSSL_sk_X509_value
+#define SSL_SESSION_get_ex_data          wolfSSL_SESSION_get_ex_data
+#define SSL_SESSION_set_ex_data          wolfSSL_SESSION_set_ex_data
+#define SSL_SESSION_get_ex_new_index     wolfSSL_SESSION_get_ex_new_index
+#define SSL_SESSION_get_id               wolfSSL_SESSION_get_id
+#define CRYPTO_dynlock_value             WOLFSSL_dynlock_value
+typedef WOLFSSL_ASN1_BIT_STRING    ASN1_BIT_STRING;
+
+
+#endif /* HAVE_STUNNEL */
+
 #ifdef __cplusplus
     } /* extern "C" */
 #endif
diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h
index 58c21e7b9..25b86a6c5 100644
--- a/wolfssl/ssl.h
+++ b/wolfssl/ssl.h
@@ -91,13 +91,10 @@ typedef struct WOLFSSL_ASN1_TIME      WOLFSSL_ASN1_TIME;
 typedef struct WOLFSSL_ASN1_INTEGER   WOLFSSL_ASN1_INTEGER;
 typedef struct WOLFSSL_ASN1_OBJECT    WOLFSSL_ASN1_OBJECT;
 
-typedef struct WOLFSSL_ASN1_STRING{
-    #ifdef HAVE_LIGHTY
-    char* data;
-    int length;
-    #endif
-}    WOLFSSL_ASN1_STRING;
-typedef struct WOLFSSL_dynlock_value  WOLFSSL_dynlock_value;
+typedef struct WOLFSSL_ASN1_STRING      WOLFSSL_ASN1_STRING;
+typedef struct WOLFSSL_dynlock_value    WOLFSSL_dynlock_value;
+typedef struct WOLFSSL_DH               WOLFSSL_DH;
+typedef struct WOLFSSL_ASN1_BIT_STRING  WOLFSSL_ASN1_BIT_STRING;
 
 #define WOLFSSL_ASN1_UTCTIME WOLFSSL_ASN1_TIME
 
@@ -146,6 +143,7 @@ typedef struct WOLFSSL_X509_REVOKED {
 typedef struct WOLFSSL_X509_OBJECT {
     union {
         char* ptr;
+        WOLFSSL_X509 *x509;
         WOLFSSL_X509_CRL* crl;           /* stunnel dereference */
     } data;
 } WOLFSSL_X509_OBJECT;
@@ -340,7 +338,7 @@ WOLFSSL_API int  wolfSSL_dtls(WOLFSSL* ssl);
 WOLFSSL_API int  wolfSSL_dtls_set_peer(WOLFSSL*, void*, unsigned int);
 WOLFSSL_API int  wolfSSL_dtls_get_peer(WOLFSSL*, void*, unsigned int*);
 
-WOLFSSL_API int   wolfSSL_ERR_GET_REASON(int err);
+WOLFSSL_API int   wolfSSL_ERR_GET_REASON(unsigned long err);
 WOLFSSL_API char* wolfSSL_ERR_error_string(unsigned long,char*);
 WOLFSSL_API void  wolfSSL_ERR_error_string_n(unsigned long e, char* buf,
                                            unsigned long sz);
@@ -524,14 +522,15 @@ WOLFSSL_API void wolfSSL_CTX_set_default_passwd_cb_userdata(WOLFSSL_CTX*,
 WOLFSSL_API void wolfSSL_CTX_set_default_passwd_cb(WOLFSSL_CTX*, pem_password_cb);
 
 
-WOLFSSL_API void wolfSSL_CTX_set_info_callback(WOLFSSL_CTX*, void (*)(void));
+WOLFSSL_API void wolfSSL_CTX_set_info_callback(WOLFSSL_CTX*,
+                          void (*)(const WOLFSSL* ssl, int type, int val));
 
 WOLFSSL_API unsigned long wolfSSL_ERR_peek_error(void);
 WOLFSSL_API int           wolfSSL_GET_REASON(int);
 
 WOLFSSL_API char* wolfSSL_alert_type_string_long(int);
 WOLFSSL_API char* wolfSSL_alert_desc_string_long(int);
-WOLFSSL_API char* wolfSSL_state_string_long(WOLFSSL*);
+WOLFSSL_API char* wolfSSL_state_string_long(const WOLFSSL*);
 
 WOLFSSL_API WOLFSSL_RSA* wolfSSL_RSA_generate_key(int, unsigned long,
                                                void(*)(int, int, void*), void*);
@@ -644,11 +643,16 @@ enum {
     X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD = 20,
     X509_V_ERR_CERT_HAS_EXPIRED               = 21,
     X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD  = 22,
-
+    X509_V_ERR_CERT_REJECTED                  = 23,
     X509_V_OK = 0,
 
+    XN_FLAG_SPC_EQ  = (1 << 23),
+    XN_FLAG_ONELINE = 0,
+
     CRYPTO_LOCK = 1,
-    CRYPTO_NUM_LOCKS = 10
+    CRYPTO_NUM_LOCKS = 10,
+
+    ASN1_STRFLGS_ESC_MSB = 4
 };
 
 /* extras end */
@@ -1509,26 +1513,23 @@ typedef struct WOLFSSL_X509_NAME_ENTRY {
 
 
 #include <wolfssl/openssl/dh.h>
+#include <wolfssl/openssl/asn1.h>
 
-WOLFSSL_API void WOLFSSL_X509_NAME_free(WOLFSSL_X509_NAME *name);
-WOLFSSL_API char WOLFSSL_CTX_use_certificate(WOLFSSL_CTX *ctx, WOLFSSL_X509 *x);
-WOLFSSL_API int WOLFSSL_CTX_use_PrivateKey(WOLFSSL_CTX *ctx, WOLFSSL_EVP_PKEY *pkey);
-WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_new_file(const char *filename, const char *mode);
+WOLFSSL_API void wolfSSL_X509_NAME_free(WOLFSSL_X509_NAME *name);
+WOLFSSL_API char wolfSSL_CTX_use_certificate(WOLFSSL_CTX *ctx, WOLFSSL_X509 *x);
+WOLFSSL_API int wolfSSL_CTX_use_PrivateKey(WOLFSSL_CTX *ctx, WOLFSSL_EVP_PKEY *pkey);
 WOLFSSL_API int wolfSSL_BIO_read_filename(WOLFSSL_BIO *b, const char *name);
-WOLFSSL_API WOLFSSL_BIO_METHOD* WOLFSSL_BIO_s_file(void);
+WOLFSSL_API WOLFSSL_BIO_METHOD* wolfSSL_BIO_s_file(void);
 /* These are to be merged shortly */
 WOLFSSL_API const char *  wolf_OBJ_nid2sn(int n);
 WOLFSSL_API int wolf_OBJ_obj2nid(const WOLFSSL_ASN1_OBJECT *o);
 WOLFSSL_API int wolf_OBJ_sn2nid(const char *sn);
-WOLFSSL_API WOLFSSL_DH *PEM_read_bio_DHparams(WOLFSSL_BIO *bp, WOLFSSL_DH **x, pem_password_cb *cb, void *u);
 WOLFSSL_API WOLFSSL_X509 *PEM_read_bio_WOLFSSL_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u);
-WOLFSSL_API int PEM_write_bio_WOLFSSL_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 *x);
-WOLFSSL_API long WOLFSSL_CTX_set_tmp_dh(WOLFSSL_CTX *ctx, WOLFSSL_DH *dh);
 WOLFSSL_API void wolfSSL_CTX_set_verify_depth(WOLFSSL_CTX *ctx,int depth);
-WOLFSSL_API void* WOLFSSL_get_app_data( const WOLFSSL *ssl);
-WOLFSSL_API void WOLFSSL_set_app_data(WOLFSSL *ssl, void *arg);
-WOLFSSL_API WOLFSSL_ASN1_OBJECT * WOLFSSL_X509_NAME_ENTRY_get_object(WOLFSSL_X509_NAME_ENTRY *ne);
-WOLFSSL_API WOLFSSL_X509_NAME_ENTRY *WOLFSSL_X509_NAME_get_entry(WOLFSSL_X509_NAME *name, int loc);
+WOLFSSL_API void* wolfSSL_get_app_data( const WOLFSSL *ssl);
+WOLFSSL_API void wolfSSL_set_app_data(WOLFSSL *ssl, void *arg);
+WOLFSSL_API WOLFSSL_ASN1_OBJECT * wolfSSL_X509_NAME_ENTRY_get_object(WOLFSSL_X509_NAME_ENTRY *ne);
+WOLFSSL_API WOLFSSL_X509_NAME_ENTRY *wolfSSL_X509_NAME_get_entry(WOLFSSL_X509_NAME *name, int loc);
 WOLFSSL_API void wolfSSL_sk_X509_NAME_pop_free(STACK_OF(WOLFSSL_X509_NAME)* sk, void f (WOLFSSL_X509_NAME*));
 WOLFSSL_API unsigned char *wolfSSL_SHA1(const unsigned char *d, size_t n, unsigned char *md);
 WOLFSSL_API int wolfSSL_X509_check_private_key(WOLFSSL_X509*, WOLFSSL_EVP_PKEY*);
@@ -1538,6 +1539,77 @@ WOLFSSL_API STACK_OF(WOLFSSL_X509_NAME) *wolfSSL_dup_CA_list( STACK_OF(WOLFSSL_X
 #endif
 #endif
 
+#if defined(HAVE_STUNNEL) || defined(HAVE_LIGHTY)
+
+WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_new_file(const char *filename, const char *mode);
+WOLFSSL_API long wolfSSL_CTX_set_tmp_dh(WOLFSSL_CTX*, WOLFSSL_DH*);
+WOLFSSL_API WOLFSSL_DH *wolfSSL_PEM_read_bio_DHparams(WOLFSSL_BIO *bp,
+    WOLFSSL_DH **x, pem_password_cb *cb, void *u);
+WOLFSSL_API int PEM_write_bio_WOLFSSL_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 *x);
+
+
+#endif /* HAVE_STUNNEL || HAVE_LIGHTY */
+
+
+#ifdef HAVE_STUNNEL
+
+#include <wolfssl/openssl/crypto.h>
+
+WOLFSSL_API int wolfSSL_CRYPTO_set_mem_ex_functions(void *(*m) (size_t, const char *, int),
+    void *(*r) (void *, size_t, const char *, int), void (*f) (void *));
+
+WOLFSSL_API WOLFSSL_DH *wolfSSL_DH_generate_parameters(int prime_len, int generator,
+    void (*callback) (int, int, void *), void *cb_arg);
+
+WOLFSSL_API void wolfSSL_ERR_load_crypto_strings(void);
+
+WOLFSSL_API unsigned long wolfSSL_ERR_peek_last_error(void);
+
+WOLFSSL_API int wolfSSL_FIPS_mode(void);
+
+WOLFSSL_API int wolfSSL_FIPS_mode_set(int r);
+
+WOLFSSL_API int wolfSSL_RAND_set_rand_method(const void *meth);
+
+WOLFSSL_API int wolfSSL_CIPHER_get_bits(const WOLFSSL_CIPHER *c, int *alg_bits);
+
+WOLFSSL_API int wolfSSL_sk_X509_NAME_num(const STACK_OF(WOLFSSL_X509_NAME) *s);
+
+WOLFSSL_API int wolfSSL_sk_X509_num(const STACK_OF(WOLFSSL_X509) *s);
+
+WOLFSSL_API int wolfSSL_X509_NAME_print_ex(WOLFSSL_BIO*,WOLFSSL_X509_NAME*,int,unsigned long);
+
+WOLFSSL_API WOLFSSL_ASN1_BIT_STRING* wolfSSL_X509_get0_pubkey_bitstr(
+                            const WOLFSSL_X509*);
+
+WOLFSSL_API int        wolfSSL_CTX_add_session(WOLFSSL_CTX*, WOLFSSL_SESSION*);
+
+WOLFSSL_API WOLFSSL_CTX* wolfSSL_get_SSL_CTX(WOLFSSL* ssl);
+
+WOLFSSL_API int  wolfSSL_version(WOLFSSL*);
+
+WOLFSSL_API int wolfSSL_get_state(const WOLFSSL*);
+
+WOLFSSL_API void* wolfSSL_sk_X509_NAME_value(STACK_OF(WOLFSSL_X509_NAME)*, int);
+
+WOLFSSL_API void* wolfSSL_sk_X509_value(STACK_OF(WOLFSSL_X509)*, int);
+
+WOLFSSL_API STACK_OF(WOLFSSL_X509)* wolfSSL_get_peer_cert_chain(const WOLFSSL*);
+
+WOLFSSL_API long wolfSSL_CTX_get_options(WOLFSSL_CTX* ctx);
+
+WOLFSSL_API void* wolfSSL_SESSION_get_ex_data(const WOLFSSL_SESSION*, int);
+
+WOLFSSL_API int   wolfSSL_SESSION_set_ex_data(WOLFSSL_SESSION*, int, void*);
+
+WOLFSSL_API int wolfSSL_SESSION_get_ex_new_index(long,void*,void*,void*,
+        CRYPTO_free_func*);
+
+WOLFSSL_API int wolfSSL_X509_NAME_get_sz(WOLFSSL_X509_NAME*);
+
+
+WOLFSSL_API const unsigned char* wolfSSL_SESSION_get_id(WOLFSSL_SESSION*, unsigned int*);
+#endif /* HAVE_STUNNEL */
 
 #ifdef __cplusplus
     }  /* extern "C" */
diff --git a/wolfssl/version.h b/wolfssl/version.h
index 6ec106bab..f5a990a10 100644
--- a/wolfssl/version.h
+++ b/wolfssl/version.h
@@ -26,8 +26,8 @@
 extern "C" {
 #endif
 
-#define LIBWOLFSSL_VERSION_STRING "3.6.1"
-#define LIBWOLFSSL_VERSION_HEX 0x03006001
+#define LIBWOLFSSL_VERSION_STRING "3.6.2"
+#define LIBWOLFSSL_VERSION_HEX 0x03006002
 
 #ifdef __cplusplus
 }
diff --git a/wolfssl/wolfcrypt/coding.h b/wolfssl/wolfcrypt/coding.h
index e7b482379..6c203e964 100644
--- a/wolfssl/wolfcrypt/coding.h
+++ b/wolfssl/wolfcrypt/coding.h
@@ -41,6 +41,12 @@ WOLFSSL_API int Base64_Decode(const byte* in, word32 inLen, byte* out,
 
 
 #ifdef WOLFSSL_BASE64_ENCODE
+    enum Escaped {
+        WC_STD_ENC = 0,       /* normal \n line ending encoding */
+        WC_ESC_NL_ENC,        /* use escape sequence encoding   */
+        WC_NO_NL_ENC          /* no encoding at all             */
+    }; /* Encoding types */
+
     /* encode isn't */
     WOLFSSL_API
     int Base64_Encode(const byte* in, word32 inLen, byte* out,
@@ -48,6 +54,9 @@ WOLFSSL_API int Base64_Decode(const byte* in, word32 inLen, byte* out,
     WOLFSSL_API
     int Base64_EncodeEsc(const byte* in, word32 inLen, byte* out,
                                   word32* outLen);
+    WOLFSSL_API
+    int Base64_Encode_NoNl(const byte* in, word32 inLen, byte* out,
+                                  word32* outLen);
 #endif
 
 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || defined(HAVE_FIPS)
diff --git a/wolfssl/wolfcrypt/ecc.h b/wolfssl/wolfcrypt/ecc.h
index 01ad398b8..92fcc4f4f 100644
--- a/wolfssl/wolfcrypt/ecc.h
+++ b/wolfssl/wolfcrypt/ecc.h
@@ -234,6 +234,7 @@ enum {
     KEY_SIZE_128     = 16,
     KEY_SIZE_256     = 32,
     IV_SIZE_64       =  8,
+    IV_SIZE_128      = 16,
     EXCHANGE_SALT_SZ = 16,
     EXCHANGE_INFO_SZ = 23
 };
diff --git a/wolfssl/wolfcrypt/logging.h b/wolfssl/wolfcrypt/logging.h
index 0b124835b..2e604080d 100644
--- a/wolfssl/wolfcrypt/logging.h
+++ b/wolfssl/wolfcrypt/logging.h
@@ -46,9 +46,13 @@ typedef void (*wolfSSL_Logging_cb)(const int logLevel,
 WOLFSSL_API int wolfSSL_SetLoggingCb(wolfSSL_Logging_cb log_function);
 
 #ifdef DEBUG_WOLFSSL
+    /* a is prepended to m and b is appended, creating a log msg a + m + b */
+    #define WOLFSSL_LOG_CAT(a, m, b) #a " " m " "  #b
 
     void WOLFSSL_ENTER(const char* msg);
     void WOLFSSL_LEAVE(const char* msg, int ret);
+    #define WOLFSSL_STUB(m) \
+        WOLFSSL_MSG(WOLFSSL_LOG_CAT(wolfSSL Stub, m, not implemented))
 
     void WOLFSSL_ERROR(int);
     void WOLFSSL_MSG(const char* msg);
@@ -57,6 +61,7 @@ WOLFSSL_API int wolfSSL_SetLoggingCb(wolfSSL_Logging_cb log_function);
 
     #define WOLFSSL_ENTER(m)
     #define WOLFSSL_LEAVE(m, r)
+    #define WOLFSSL_STUB(m)
 
     #define WOLFSSL_ERROR(e)
     #define WOLFSSL_MSG(m)

From 03a50c128ae2907d1746fdd5e04e82d28d2c2c50 Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Thu, 23 Jul 2015 15:27:46 -0700
Subject: [PATCH 233/350] update WIN IDE readme

---
 IDE/WIN/README.txt | 39 +++++++++++++++++++++++++++++++++++----
 1 file changed, 35 insertions(+), 4 deletions(-)

diff --git a/IDE/WIN/README.txt b/IDE/WIN/README.txt
index 81695ded9..12e84bdee 100644
--- a/IDE/WIN/README.txt
+++ b/IDE/WIN/README.txt
@@ -3,10 +3,11 @@
 First, if you did not get the FIPS files with your archive, you must contact
 wolfSSL to obtain them.
 
+
 # Building the wolfssl-fips project
 
 The wolfCrypt FIPS library for Windows is a part of the wolfSSL library. It
-must be built as a static library.
+must be built as a static library, for the moment.
 
 The library project is built with Whole Program Optimization disabled. This is
 required so that necessary components of the library are not optimized away.
@@ -20,15 +21,18 @@ section names start with ".fipsB$". Each subsection has a letter to organize
 them in a secific order. This specific ordering puts marker functions and
 constants on either end of the boundary so it can be hashed.
 
+
 # In Core Memory Test
 
 The In Core Memory test calculates a checksum (HMAC-SHA256) of the wolfCrypt
 FIPS library code and constant data and compares it with a known value in
 the code.
 
-The Randomized Base Address setting doesn't cause any problems because
-(I believe) that the addrsses in the executable are all offsets from the base
-rather than absolute addresses.
+The Randomized Base Address setting needs to be disabled on the 32-bit builds
+but can be enabled on the 64-bit builds. In the 32-bit mode the addresses
+being different throws off the in-core memory calculation. It looks like in
+64-bit mode the library uses all offsets, so the core hash calculation
+is the same every time.
 
 The "verifyCore" check value in the source fips_test.c needs to be updated when
 building the code. The POS performs this check and the default failure callback
@@ -36,3 +40,30 @@ will print out the calculated checksum. When developing your code, copy this
 value and paste it back into your code in the verifyCore initializer then
 rebuild the code. When statically linking, you may have to recalculate your
 check value when changing your application.
+
+
+# Build Options
+
+The default build options should be the proper default set of options:
+
+ * HAVE_FIPS
+ * HAVE_THREAD_LS
+ * HAVE_AESGCM
+ * HAVE_HASHDRBG
+ * WOLFSSL_SHA384
+ * WOLFSSL_SHA512
+ * NO_HC128
+ * NO_RC4
+ * NO_RABBIT
+ * NO_DSA
+ * NO_MD4
+
+The "NO" options explicitly disable algorithms that are not allowed in
+FIPS mode.
+
+Additionally one may enable:
+
+ * HAVE_ECC
+ * OPENSSL_EXTRA
+ * WOLFSSL_KEY_GEN
+

From 1a0a9de9c65b62bdd8d43841aa28767e69587fc9 Mon Sep 17 00:00:00 2001
From: kaleb-himes <kaleb@wolfssl.com>
Date: Thu, 23 Jul 2015 14:11:10 -0600
Subject: [PATCH 234/350] changes post review

crl-revoked dash compliant. revoked-cert has unique fields

new print statements
---
 certs/crl/crl.pem                      | 54 ++++++++--------
 certs/gen_revoked.sh                   |  4 +-
 certs/renewcerts.sh                    |  2 +-
 certs/server-revoked-cert.pem          | 83 ++++++++++++------------
 scripts/{crl.test => crl-revoked.test} | 90 ++++++++++++++------------
 scripts/include.am                     | 10 ++-
 6 files changed, 128 insertions(+), 115 deletions(-)
 rename scripts/{crl.test => crl-revoked.test} (54%)

diff --git a/certs/crl/crl.pem b/certs/crl/crl.pem
index caef4cd7a..20610ef60 100644
--- a/certs/crl/crl.pem
+++ b/certs/crl/crl.pem
@@ -2,40 +2,40 @@ Certificate Revocation List (CRL):
         Version 2 (0x1)
     Signature Algorithm: sha256WithRSAEncryption
         Issuer: /C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
-        Last Update: Jul 22 16:17:45 2015 GMT
-        Next Update: Apr 17 16:17:45 2018 GMT
+        Last Update: Jul 23 22:05:10 2015 GMT
+        Next Update: Apr 18 22:05:10 2018 GMT
         CRL extensions:
             X509v3 CRL Number: 
-                6
+                1
 Revoked Certificates:
     Serial Number: 02
-        Revocation Date: Jul 22 16:17:45 2015 GMT
+        Revocation Date: Jul 23 22:05:10 2015 GMT
     Signature Algorithm: sha256WithRSAEncryption
-         7c:5c:fe:a6:cb:e9:78:ed:10:48:59:4a:e6:d9:96:68:ea:30:
-         43:ba:b8:99:d1:8b:96:5e:d9:52:4c:58:3f:c1:d4:98:f1:20:
-         46:02:0f:a3:25:7b:9c:06:c7:3d:5a:f1:00:bf:d2:d6:70:5c:
-         45:ee:dc:fa:22:58:36:f2:14:06:c4:18:c9:b4:f8:ff:54:56:
-         cf:ff:71:00:cd:a1:9a:3c:52:dc:6f:a6:c1:fa:67:2f:a9:4d:
-         7e:f7:da:c0:4c:29:34:53:8d:27:31:02:ad:05:35:3e:7d:8d:
-         ea:f7:2a:f8:57:cb:7f:da:27:54:3d:0b:c4:69:a7:40:8f:b3:
-         cb:fe:dc:76:90:57:aa:62:23:22:61:8a:d5:aa:f4:43:aa:30:
-         bd:9d:97:df:84:58:7c:f1:d6:78:9d:a9:4f:69:7a:a2:b5:0f:
-         a2:61:d0:53:93:ea:d1:0f:35:ea:d4:49:09:a1:53:7d:64:ed:
-         2a:c0:f3:78:d6:ad:07:38:01:56:d5:bb:66:cc:02:e7:a4:f6:
-         9f:65:64:98:f8:db:0d:ed:fc:29:2e:f6:e5:e9:d8:d7:68:97:
-         84:05:99:8e:e2:ad:1c:e6:ba:0d:05:46:5c:9a:6f:60:69:b3:
-         03:d1:af:b9:3c:52:de:08:48:20:1a:3c:86:49:a8:06:49:b8:
-         03:da:ba:89
+         68:55:84:c7:53:54:06:ea:3e:f2:d0:3d:e6:30:84:d5:12:82:
+         55:5b:4c:74:60:49:5d:4f:73:cd:cc:5f:42:bf:0d:93:93:a6:
+         81:60:9d:0c:7f:c6:75:f0:77:77:1f:81:cf:02:4a:7f:2e:e3:
+         1b:c4:b0:eb:0f:25:53:3d:78:7b:3e:8f:16:5e:37:c6:fd:f5:
+         93:bb:9a:d7:f1:78:eb:78:9f:5d:44:85:e0:5e:14:8b:b5:2b:
+         c5:af:23:43:82:27:0b:db:de:12:4a:1a:23:a7:f3:d9:3a:3f:
+         6f:23:e2:53:a0:ef:1e:b5:f2:da:c8:00:d2:f0:57:78:af:5d:
+         e3:8e:c4:06:27:7d:3d:ee:04:06:96:7a:9b:34:d9:e9:bc:a3:
+         2d:6c:01:36:c4:5d:bf:c5:7f:74:f3:bb:55:75:ff:a1:a9:66:
+         cc:b2:e0:a0:f6:0b:05:e1:ac:69:42:3f:df:b4:dd:8f:37:5c:
+         f5:09:4f:a7:c3:d6:ae:a2:c6:63:f3:ed:03:df:3c:ee:58:c1:
+         45:e8:85:7b:99:aa:fc:7d:ae:69:94:b9:50:0a:76:7d:b9:fd:
+         74:55:b8:b1:37:75:7d:f7:e6:1a:91:cd:68:b6:49:37:cb:c8:
+         e1:69:57:1b:c6:ef:ec:0a:fa:d3:72:92:95:ec:f1:c1:c3:53:
+         7d:fb:d0:66
 -----BEGIN X509 CRL-----
 MIICBDCB7QIBATANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMxEDAOBgNV
 BAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNhd3Rvb3Ro
 MRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20x
-HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTE1MDcyMjE2MTc0NVoX
-DTE4MDQxNzE2MTc0NVowFDASAgECFw0xNTA3MjIxNjE3NDVaoA4wDDAKBgNVHRQE
-AwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAfFz+psvpeO0QSFlK5tmWaOowQ7q4mdGL
-ll7ZUkxYP8HUmPEgRgIPoyV7nAbHPVrxAL/S1nBcRe7c+iJYNvIUBsQYybT4/1RW
-z/9xAM2hmjxS3G+mwfpnL6lNfvfawEwpNFONJzECrQU1Pn2N6vcq+FfLf9onVD0L
-xGmnQI+zy/7cdpBXqmIjImGK1ar0Q6owvZ2X34RYfPHWeJ2pT2l6orUPomHQU5Pq
-0Q816tRJCaFTfWTtKsDzeNatBzgBVtW7ZswC56T2n2VkmPjbDe38KS725enY12iX
-hAWZjuKtHOa6DQVGXJpvYGmzA9GvuTxS3ghIIBo8hkmoBkm4A9q6iQ==
+HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTE1MDcyMzIyMDUxMFoX
+DTE4MDQxODIyMDUxMFowFDASAgECFw0xNTA3MjMyMjA1MTBaoA4wDDAKBgNVHRQE
+AwIBATANBgkqhkiG9w0BAQsFAAOCAQEAaFWEx1NUBuo+8tA95jCE1RKCVVtMdGBJ
+XU9zzcxfQr8Nk5OmgWCdDH/GdfB3dx+BzwJKfy7jG8Sw6w8lUz14ez6PFl43xv31
+k7ua1/F463ifXUSF4F4Ui7Urxa8jQ4InC9veEkoaI6fz2To/byPiU6DvHrXy2sgA
+0vBXeK9d447EBid9Pe4EBpZ6mzTZ6byjLWwBNsRdv8V/dPO7VXX/oalmzLLgoPYL
+BeGsaUI/37Tdjzdc9QlPp8PWrqLGY/PtA9887ljBReiFe5mq/H2uaZS5UAp2fbn9
+dFW4sTd1fffmGpHNaLZJN8vI4WlXG8bv7Ar603KSlezxwcNTffvQZg==
 -----END X509 CRL-----
diff --git a/certs/gen_revoked.sh b/certs/gen_revoked.sh
index e42073d70..143f2bc6a 100755
--- a/certs/gen_revoked.sh
+++ b/certs/gen_revoked.sh
@@ -4,9 +4,9 @@
     echo "Updating server-revoked-cert.pem"
     echo ""
     #pipe the following arguments to openssl req...
-    echo -e "US\nMontana\nBozeman\nwolfSSL\nSupport\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key server-revoked-key.pem -nodes > server-revoked-req.pem
+    echo -e "US\nMontana\nBozeman\nwolfSSL_revoked\nSupport_revoked\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key server-revoked-key.pem -nodes > server-revoked-req.pem
 
-    openssl x509 -req -in server-revoked-req.pem -extfile wolfssl.cnf -extensions wolfssl_opts -days 1000 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 02 > server-revoked-cert.pem
+    openssl x509 -req -in server-revoked-req.pem -extfile renewcerts/wolfssl.cnf -extensions wolfssl_opts -days 1000 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 02 > server-revoked-cert.pem
 
     rm server-revoked-req.pem
 
diff --git a/certs/renewcerts.sh b/certs/renewcerts.sh
index c163dcab9..d021258f3 100755
--- a/certs/renewcerts.sh
+++ b/certs/renewcerts.sh
@@ -104,7 +104,7 @@ function run_renewcerts(){
     echo "Updating server-revoked-cert.pem"
     echo ""
     #pipe the following arguments to openssl req...
-    echo -e "US\nMontana\nBozeman\nwolfSSL\nSupport\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key server-revoked-key.pem -nodes > server-revoked-req.pem
+    echo -e "US\nMontana\nBozeman\nwolfSSL_revoked\nSupport_revoked\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key server-revoked-key.pem -nodes > server-revoked-req.pem
 
     openssl x509 -req -in server-revoked-req.pem -extfile wolfssl.cnf -extensions wolfssl_opts -days 1000 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 02 > server-revoked-cert.pem
 
diff --git a/certs/server-revoked-cert.pem b/certs/server-revoked-cert.pem
index c4d4cc68d..65028f3b0 100644
--- a/certs/server-revoked-cert.pem
+++ b/certs/server-revoked-cert.pem
@@ -5,9 +5,9 @@ Certificate:
     Signature Algorithm: sha256WithRSAEncryption
         Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
         Validity
-            Not Before: Jul 22 16:17:13 2015 GMT
-            Not After : Apr 17 16:17:13 2018 GMT
-        Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL, OU=Support, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+            Not Before: Jul 23 22:04:57 2015 GMT
+            Not After : Apr 18 22:04:57 2018 GMT
+        Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL_revoked, OU=Support_revoked, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
                 Public-Key: (2048 bit)
@@ -42,47 +42,48 @@ Certificate:
             X509v3 Basic Constraints: 
                 CA:TRUE
     Signature Algorithm: sha256WithRSAEncryption
-         9a:f1:4a:20:31:d1:06:ac:6f:88:ff:c5:c1:db:85:cf:a1:bc:
-         25:6a:04:12:9a:5e:23:31:ab:d1:aa:cb:a2:a7:0e:8f:9a:2d:
-         f2:84:5b:40:05:6f:fb:9c:88:e8:a7:92:a4:95:aa:34:c3:7a:
-         8c:95:6f:a1:30:9a:a7:0c:1c:57:e0:76:ad:4b:53:c1:71:b3:
-         8d:11:96:59:0c:c9:2b:92:69:bb:5a:48:55:23:77:dd:26:0b:
-         34:ec:25:98:7a:3b:a5:de:ed:0b:d0:05:80:cc:d2:db:9e:3c:
-         9e:b2:49:97:38:06:28:48:44:a8:75:88:43:2c:bc:44:44:4f:
-         9a:33:08:8f:dc:8a:51:ce:7e:0f:d6:10:95:01:e1:b4:65:0f:
-         0a:9f:23:b0:76:e8:10:c4:ac:80:97:e4:93:1a:ce:1a:a4:ea:
-         9d:5d:89:93:ca:83:c0:b0:19:eb:c9:58:f7:bf:22:c0:6f:7d:
-         4e:1f:44:69:47:b0:d0:3c:07:db:dc:95:7c:cf:32:fc:3b:4d:
-         43:42:c0:c4:cc:af:5a:f0:4e:e1:65:15:12:7d:bd:bc:68:72:
-         4c:ae:e5:8a:81:21:fb:1a:45:3f:89:f3:2a:a3:c1:e0:49:8b:
-         c1:2b:9f:fd:99:54:d4:84:5f:ec:2a:8e:ba:06:23:85:3f:a1:
-         d9:57:c0:ee
+         34:66:48:5b:30:5c:6e:fa:76:c9:6a:ce:07:79:d9:99:fa:7a:
+         9d:80:2d:fc:51:78:71:c4:31:2c:40:28:c8:63:26:6f:d2:39:
+         63:97:3f:00:d3:d0:69:10:3f:a9:00:07:7b:59:44:85:29:03:
+         31:0a:d8:ed:88:e5:1e:fa:e0:8c:9b:e0:7e:6e:d6:fb:7c:cc:
+         cf:bd:43:0a:df:15:bd:8f:2a:6f:b2:51:19:b8:2a:64:0e:25:
+         68:75:af:43:5a:bf:40:2b:69:9c:27:81:0c:5d:78:a1:55:a4:
+         21:a0:87:9e:a2:aa:60:ac:da:2f:30:f5:d5:c9:c1:22:6b:c1:
+         06:c2:42:c7:56:35:13:cd:af:5f:c9:89:bf:e9:30:b3:92:bc:
+         21:6d:b8:23:85:46:44:3f:52:72:a4:7b:95:41:1a:b1:03:92:
+         aa:0c:5c:2e:16:95:c5:60:7a:6c:6b:f8:ae:9b:b7:08:c9:1f:
+         0d:85:91:e0:7f:bc:0d:0d:c7:69:2d:5f:99:b7:88:06:be:c5:
+         d3:84:1a:46:b6:cb:53:04:27:e9:71:36:72:41:f6:63:9b:cb:
+         25:6f:16:8b:0e:ef:42:db:b5:27:45:cf:a7:3e:3e:ae:78:7c:
+         d8:6b:a8:f6:52:e4:a7:93:b7:8c:94:d2:4a:93:04:20:67:aa:
+         c3:ea:24:f9
 -----BEGIN CERTIFICATE-----
-MIIEnjCCA4agAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx
+MIIErjCCA5agAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx
 EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh
 d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz
-bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUwNzIy
-MTYxNzEzWhcNMTgwNDE3MTYxNzEzWjCBkDELMAkGA1UEBhMCVVMxEDAOBgNVBAgM
-B01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xEDAOBgNVBAoMB3dvbGZTU0wxEDAO
-BgNVBAsMB1N1cHBvcnQxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqG
-SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
-ADCCAQoCggEBALAUFjpD3eFQRU/PgLPdZpbH6fTc3rZrJBt2SKzGI6Wn5AUZvbf2
-3vr/7Vs8eYqp1fH768ix5LKrUnKJkyJcus2KNios0UDsqGYOw3bN57OjCh7dSgeC
-F4G63lfOtjKBx70Ru+kVIk7iFqzj1MBoiGwR/MK9G9sd/eZDxxszuPTlG1k5EjhN
-LZtkaJj8jXISkfIkJWxMSkhXkgDMftjUPbgd8p7qsiMPUQ8RQRz1JwAbCHoSOgVb
-AyT+sXsg+uSoWMbKzn++lQESnQXmORMbwD5WLiufdjfe3pvgDXpjDaciWNsxx/e0
-Rly6tktIsRiaaLNjR/2vEl8v/hDLWCszaIUCAwEAAaOB/DCB+TAdBgNVHQ4EFgQU
-2AkrWeEq7tnuQKqcq/BdKAlPIrswgckGA1UdIwSBwTCBvoAUJ45nEXTDJh0/7TNj
-s6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5h
-MRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290aDETMBEGA1UECwwK
-Q29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcN
-AQkBFhBpbmZvQHdvbGZzc2wuY29tggkA2YA6w9L02jcwDAYDVR0TBAUwAwEB/zAN
-BgkqhkiG9w0BAQsFAAOCAQEAmvFKIDHRBqxviP/FwduFz6G8JWoEEppeIzGr0arL
-oqcOj5ot8oRbQAVv+5yI6KeSpJWqNMN6jJVvoTCapwwcV+B2rUtTwXGzjRGWWQzJ
-K5Jpu1pIVSN33SYLNOwlmHo7pd7tC9AFgMzS2548nrJJlzgGKEhEqHWIQyy8RERP
-mjMIj9yKUc5+D9YQlQHhtGUPCp8jsHboEMSsgJfkkxrOGqTqnV2Jk8qDwLAZ68lY
-978iwG99Th9EaUew0DwH29yVfM8y/DtNQ0LAxMyvWvBO4WUVEn29vGhyTK7lioEh
-+xpFP4nzKqPB4EmLwSuf/ZlU1IRf7CqOugYjhT+h2VfA7g==
+bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTUwNzIz
+MjIwNDU3WhcNMTgwNDE4MjIwNDU3WjCBoDELMAkGA1UEBhMCVVMxEDAOBgNVBAgM
+B01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xGDAWBgNVBAoMD3dvbGZTU0xfcmV2
+b2tlZDEYMBYGA1UECwwPU3VwcG9ydF9yZXZva2VkMRgwFgYDVQQDDA93d3cud29s
+ZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwFBY6Q93hUEVPz4Cz3WaWx+n03N62
+ayQbdkisxiOlp+QFGb239t76/+1bPHmKqdXx++vIseSyq1JyiZMiXLrNijYqLNFA
+7KhmDsN2zeezowoe3UoHgheBut5XzrYygce9EbvpFSJO4has49TAaIhsEfzCvRvb
+Hf3mQ8cbM7j05RtZORI4TS2bZGiY/I1yEpHyJCVsTEpIV5IAzH7Y1D24HfKe6rIj
+D1EPEUEc9ScAGwh6EjoFWwMk/rF7IPrkqFjGys5/vpUBEp0F5jkTG8A+Vi4rn3Y3
+3t6b4A16Yw2nIljbMcf3tEZcurZLSLEYmmizY0f9rxJfL/4Qy1grM2iFAgMBAAGj
+gfwwgfkwHQYDVR0OBBYEFNgJK1nhKu7Z7kCqnKvwXSgJTyK7MIHJBgNVHSMEgcEw
+gb6AFCeOZxF0wyYdP+0zY7Ok2B0w5ejVoYGapIGXMIGUMQswCQYDVQQGEwJVUzEQ
+MA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3
+dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3Ns
+LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIJANmAOsPS9No3
+MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBADRmSFswXG76dslqzgd5
+2Zn6ep2ALfxReHHEMSxAKMhjJm/SOWOXPwDT0GkQP6kAB3tZRIUpAzEK2O2I5R76
+4Iyb4H5u1vt8zM+9QwrfFb2PKm+yURm4KmQOJWh1r0Nav0AraZwngQxdeKFVpCGg
+h56iqmCs2i8w9dXJwSJrwQbCQsdWNRPNr1/Jib/pMLOSvCFtuCOFRkQ/UnKke5VB
+GrEDkqoMXC4WlcVgemxr+K6btwjJHw2FkeB/vA0Nx2ktX5m3iAa+xdOEGka2y1ME
+J+lxNnJB9mObyyVvFosO70LbtSdFz6c+Pq54fNhrqPZS5KeTt4yU0kqTBCBnqsPq
+JPk=
 -----END CERTIFICATE-----
 Certificate:
     Data:
diff --git a/scripts/crl.test b/scripts/crl-revoked.test
similarity index 54%
rename from scripts/crl.test
rename to scripts/crl-revoked.test
index 421359520..ea72750ee 100755
--- a/scripts/crl.test
+++ b/scripts/crl-revoked.test
@@ -1,35 +1,36 @@
-#!/bin/bash
+#!/bin/sh
 
 #crl.test
 
-log_file="scripts/client_result.txt"
-success_line="err = -361, CRL Cert revoked"
-exit_code=-1
-
+revocation_code="-361"
+exit_code=1
+counter=0
 crl_port=11113
 #no_pid tells us process was never started if -1
 no_pid=-1
 #server_pid captured on startup, stores the id of the server process
 server_pid=$no_pid
 
-function remove_ready_file() {
+remove_ready_file() {
     if test -e /tmp/wolfssl_server_ready; then
         echo -e "removing exisitng server_ready file"
         rm /tmp/wolfssl_server_ready
     fi
 }
 
-function remove_log_file() {
-    if test -e $log_file; then
-        echo -e "removing client log file"
-        rm $log_file
-    fi
-}
-
 # trap this function so if user aborts with ^C or other kill signal we still
 # get an exit that will in turn clean up the file system
-function abort_trap() {
-    exit_code=-2 #different exit code in case of user interrupt
+abort_trap() {
+    echo "script aborted"
+
+    if  [ $server_pid != $no_pid ]
+    then
+        echo "killing server"
+        kill -9 $server_pid
+    fi
+
+    exit_code=2 #different exit code in case of user interrupt
+
     echo "got abort signal, exiting with $exit_code"
     exit $exit_code
 }
@@ -39,20 +40,12 @@ trap abort_trap INT TERM
 # trap this function so that if we exit on an error the file system will still
 # be restored and the other tests may still pass. Never call this function
 # instead use "exit <some value>" and this function will run automatically
-function restore_file_system() {
-    echo "in cleanup"
-
-    if  [ $server_pid != $no_pid ]
-    then
-        echo "killing server"
-        kill -9 $server_pid
-    fi
+restore_file_system() {
     remove_ready_file
-    remove_log_file
 }
 trap restore_file_system EXIT
 
-function run_test() {
+run_test() {
     echo -e "\nStarting example server for crl test...\n"
 
     remove_ready_file
@@ -60,28 +53,42 @@ function run_test() {
     # starts the server on crl_port, -R generates ready file to be used as a
     # mutex lock, -c loads the revoked certificate. We capture the processid
     # into the variable server_pid
-    ./examples/server/server -R -p $crl_port -c certs/server-revoked-cert.pem &
+    ./examples/server/server -R -p $crl_port -c certs/server-revoked-cert.pem \
+                                             -k certs/server-revoked-key.pem &
     server_pid=$!
 
-    while [ ! -s /tmp/wolfssl_server_ready ]; do
+    while [ ! -s /tmp/wolfssl_server_ready -a "$counter" -lt 20 ]; do
         echo -e "waiting for server_ready file..."
         sleep 0.1
+        counter=$((counter+ 1))
     done
 
-    # starts client on crl_port and redirects output to log_file
-    ./examples/client/client -p $crl_port &> $log_file
+    # starts client on crl_port and captures the output from client
+    capture_out=$(./examples/client/client -p $crl_port 2>&1)
     client_result=$?
 
-    if test -e $log_file
-    then
-        while read line;
-        do
-            if [[ "x$success_line" == "x$line" ]]
-            then
-                echo "Successful Revocation!!!!"
-            fi
-        done < $log_file
-    fi
+    wait $server_pid
+    server_result=$?
+
+    # look up wild-card match
+    # read about "job control"
+    case  "$capture_out" in
+    *$revocation_code*)
+        # only exit with zero on detection of the expected error code
+        echo ""
+        echo "Successful Revocation!!!!"
+        echo ""
+        exit_code=0
+        echo "exiting with $exit_code"
+        exit $exit_code
+        ;;
+    *)
+        echo ""
+        echo "Certificate was not revoked saw this instead: $capture_out"
+        echo ""
+        echo "configure with --enable-crl and run this script again"
+        echo ""
+    esac
 }
 
 
@@ -89,7 +96,8 @@ function run_test() {
 
 # run the test
 run_test
-exit_code=0
-echo "exiting with $exit_code"
+
+# If we get to this exit, exit_code will be a -1 signaling failure
+echo "exiting with $exit_code certificate was not revoked"
 exit $exit_code
 ########## end program ##########
diff --git a/scripts/include.am b/scripts/include.am
index 95ddbb4dd..4b1b105c5 100644
--- a/scripts/include.am
+++ b/scripts/include.am
@@ -10,14 +10,18 @@ endif
 
 if BUILD_EXAMPLES
 dist_noinst_SCRIPTS+= scripts/resume.test
+
+if BUILD_CRL
+# make revoked test rely on completion of resume test
+dist_noinst_SCRIPTS+= scripts/crl-revoked.test
+scripts/crl-revoked.log: scripts/resume.log
+endif
+
 if !BUILD_IPV6
 dist_noinst_SCRIPTS+= scripts/external.test
 dist_noinst_SCRIPTS+= scripts/google.test
 endif
 endif
 
-if BUILD_CRL
-dist_noinst_SCRIPTS+= scripts/crl.test
-endif
 
 EXTRA_DIST +=  scripts/testsuite.pcap

From 9f7209b484e8311f71aa7e55ed2cf3e16521d339 Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Thu, 23 Jul 2015 16:37:37 -0700
Subject: [PATCH 235/350] add new certs to include.am

---
 certs/include.am | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/certs/include.am b/certs/include.am
index b5192043e..a5e1ae2cc 100644
--- a/certs/include.am
+++ b/certs/include.am
@@ -25,6 +25,8 @@ EXTRA_DIST += \
 	     certs/server-keyPkcs8Enc2.pem \
 	     certs/server-keyPkcs8Enc.pem \
 	     certs/server-keyPkcs8.pem \
+	     certs/server-revoked-cert.pem \
+	     certs/server-revoked-key.pem \
          certs/wolfssl-website-ca.pem
 EXTRA_DIST += \
 	     certs/ca-key.der \

From bf4be3f02b195bb2eb66fc5c05bdc01b01ae1953 Mon Sep 17 00:00:00 2001
From: kaleb-himes <kaleb@wolfssl.com>
Date: Thu, 23 Jul 2015 21:54:52 -0600
Subject: [PATCH 236/350] comment updates only for crl-revoked.test

---
 scripts/crl-revoked.test | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/scripts/crl-revoked.test b/scripts/crl-revoked.test
index ea72750ee..ee9c89447 100755
--- a/scripts/crl-revoked.test
+++ b/scripts/crl-revoked.test
@@ -70,8 +70,6 @@ run_test() {
     wait $server_pid
     server_result=$?
 
-    # look up wild-card match
-    # read about "job control"
     case  "$capture_out" in
     *$revocation_code*)
         # only exit with zero on detection of the expected error code
@@ -97,7 +95,8 @@ run_test() {
 # run the test
 run_test
 
-# If we get to this exit, exit_code will be a -1 signaling failure
+# If we get to this exit, exit_code will be a 1 signaling failure
 echo "exiting with $exit_code certificate was not revoked"
 exit $exit_code
 ########## end program ##########
+

From 8d7d803e588a18b4b0b362d8be2e47e4b1ec9825 Mon Sep 17 00:00:00 2001
From: Ludovic FLAMENT <ludovic.flament@cryptograph-ic.com>
Date: Fri, 24 Jul 2015 07:50:29 +0200
Subject: [PATCH 237/350] add wc_DerToPemEx to restore compatibility API with
 wc_DerToPem

---
 src/ssl.c                      | 12 ++++++------
 wolfcrypt/src/asn.c            |  9 ++++++++-
 wolfcrypt/test/test.c          | 16 ++++++++--------
 wolfssl/wolfcrypt/asn_public.h |  4 +++-
 4 files changed, 25 insertions(+), 16 deletions(-)

diff --git a/src/ssl.c b/src/ssl.c
index 7f861db21..15cf1ad08 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -13550,9 +13550,9 @@ int wolfSSL_PEM_write_mem_RSAPrivateKey(RSA* rsa, const EVP_CIPHER* cipher,
     }
 
     /* DER to PEM */
-    *plen = wc_DerToPem(der, derSz, tmp, *plen, cipherInfo, PRIVATEKEY_TYPE);
+    *plen = wc_DerToPemEx(der, derSz, tmp, *plen, cipherInfo, PRIVATEKEY_TYPE);
     if (*plen <= 0) {
-        WOLFSSL_MSG("wc_DerToPem failed");
+        WOLFSSL_MSG("wc_DerToPemEx failed");
         XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
         XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
         if (cipherInfo != NULL)
@@ -14916,9 +14916,9 @@ int wolfSSL_PEM_write_mem_ECPrivateKey(WOLFSSL_EC_KEY* ecc,
     }
 
     /* DER to PEM */
-    *plen = wc_DerToPem(der, derSz, tmp, *plen, cipherInfo, ECC_PRIVATEKEY_TYPE);
+    *plen = wc_DerToPemEx(der, derSz, tmp, *plen, cipherInfo, ECC_PRIVATEKEY_TYPE);
     if (*plen <= 0) {
-        WOLFSSL_MSG("wc_DerToPem failed");
+        WOLFSSL_MSG("wc_DerToPemEx failed");
         XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
         XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
         if (cipherInfo != NULL)
@@ -15085,9 +15085,9 @@ int wolfSSL_PEM_write_mem_DSAPrivateKey(WOLFSSL_DSA* dsa,
     }
 
     /* DER to PEM */
-    *plen = wc_DerToPem(der, derSz, tmp, *plen, cipherInfo, DSA_PRIVATEKEY_TYPE);
+    *plen = wc_DerToPemEx(der, derSz, tmp, *plen, cipherInfo, DSA_PRIVATEKEY_TYPE);
     if (*plen <= 0) {
-        WOLFSSL_MSG("wc_DerToPem failed");
+        WOLFSSL_MSG("wc_DerToPemEx failed");
         XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
         XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
         if (cipherInfo != NULL)
diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
index c1a023a6b..daed24e9d 100644
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -4676,9 +4676,16 @@ const char* END_DSA_PRIV       = "-----END DSA PRIVATE KEY-----";
 
 #if defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN)
 
+/* Used for compatibility API */
+int wc_DerToPem(const byte* der, word32 derSz,
+                byte* output, word32 outSz, int type)
+{
+    return wc_DerToPemEx(der, derSz, output, outSz, NULL, type);
+}
+
 /* convert der buffer to pem into output, can't do inplace, der and output
    need to be different */
-int wc_DerToPem(const byte* der, word32 derSz, byte* output, word32 outSz,
+int wc_DerToPemEx(const byte* der, word32 derSz, byte* output, word32 outSz,
              byte *cipher_info, int type)
 {
 #ifdef WOLFSSL_SMALL_STACK
diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c
index a36a2fa36..26ee84d4c 100644
--- a/wolfcrypt/test/test.c
+++ b/wolfcrypt/test/test.c
@@ -3523,7 +3523,7 @@ int rsa_test(void)
             return -313;
         }
 
-        pemSz = wc_DerToPem(der, derSz, pem, FOURK_BUF, NULL, PRIVATEKEY_TYPE);
+        pemSz = wc_DerToPem(der, derSz, pem, FOURK_BUF, PRIVATEKEY_TYPE);
         if (pemSz < 0) {
             free(der);
             free(pem);
@@ -3646,7 +3646,7 @@ int rsa_test(void)
             return -414;
         }
 
-        pemSz = wc_DerToPem(derCert, certSz, pem, FOURK_BUF, NULL, CERT_TYPE);
+        pemSz = wc_DerToPem(derCert, certSz, pem, FOURK_BUF, CERT_TYPE);
         if (pemSz < 0) {
             free(derCert);
             free(pem);
@@ -3792,7 +3792,7 @@ int rsa_test(void)
             return -416;
         }
 
-        pemSz = wc_DerToPem(derCert, certSz, pem, FOURK_BUF, NULL, CERT_TYPE);
+        pemSz = wc_DerToPem(derCert, certSz, pem, FOURK_BUF, CERT_TYPE);
         if (pemSz < 0) {
             free(derCert);
             free(pem);
@@ -3937,7 +3937,7 @@ int rsa_test(void)
             return -5414;
         }
 
-        pemSz = wc_DerToPem(derCert, certSz, pem, FOURK_BUF, NULL, CERT_TYPE);
+        pemSz = wc_DerToPem(derCert, certSz, pem, FOURK_BUF, CERT_TYPE);
         if (pemSz < 0) {
             free(pem);
             free(derCert);
@@ -4121,7 +4121,7 @@ int rsa_test(void)
             return -473;
         }
 
-        pemSz = wc_DerToPem(derCert, certSz, pem, FOURK_BUF, NULL, CERT_TYPE);
+        pemSz = wc_DerToPem(derCert, certSz, pem, FOURK_BUF, CERT_TYPE);
         if (pemSz < 0) {
             free(derCert);
             free(pem);
@@ -4206,7 +4206,7 @@ int rsa_test(void)
             return -466;
         }
 
-        pemSz = wc_DerToPem(der, derSz, pem, FOURK_BUF, NULL, CERTREQ_TYPE);
+        pemSz = wc_DerToPem(der, derSz, pem, FOURK_BUF, CERTREQ_TYPE);
         if (pemSz < 0) {
             free(pem);
             free(der);
@@ -4485,7 +4485,7 @@ int dsa_test(void)
         return -368;
     }
 
-    pemSz = wc_DerToPem(der, derSz, pem, FOURK_BUF, NULL, DSA_PRIVATEKEY_TYPE);
+    pemSz = wc_DerToPem(der, derSz, pem, FOURK_BUF, DSA_PRIVATEKEY_TYPE);
     if (pemSz < 0) {
         free(der);
         free(pem);
@@ -5227,7 +5227,7 @@ int ecc_test(void)
             return -1026;
         }
 
-        pemSz = wc_DerToPem(der, derSz, pem, FOURK_BUF, NULL, ECC_PRIVATEKEY_TYPE);
+        pemSz = wc_DerToPem(der, derSz, pem, FOURK_BUF, ECC_PRIVATEKEY_TYPE);
         if (pemSz < 0) {
             return -1027;
         }
diff --git a/wolfssl/wolfcrypt/asn_public.h b/wolfssl/wolfcrypt/asn_public.h
index cf5c5bc66..04f77851a 100644
--- a/wolfssl/wolfcrypt/asn_public.h
+++ b/wolfssl/wolfcrypt/asn_public.h
@@ -178,7 +178,9 @@ WOLFSSL_API int  wc_SetDatesBuffer(Cert*, const byte*, int);
 
 #if defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN) || !defined(NO_DSA)
     WOLFSSL_API int wc_DerToPem(const byte* der, word32 derSz, byte* output,
-                            word32 outputSz, byte *cipherIno, int type);
+                                word32 outputSz, int type);
+    WOLFSSL_API int wc_DerToPemEx(const byte* der, word32 derSz, byte* output,
+                                word32 outputSz, byte *cipherIno, int type);
 #endif
 
 #ifdef HAVE_ECC

From 78a936a4fd83e6983224ec771e103418591898c5 Mon Sep 17 00:00:00 2001
From: Ludovic FLAMENT <ludovic.flament@cryptograph-ic.com>
Date: Fri, 24 Jul 2015 10:58:17 +0200
Subject: [PATCH 238/350] remove debug info fix potential memory leaks comments
 the size used

---
 src/ssl.c               | 21 ++++++++++++++++-----
 wolfssl/wolfcrypt/ecc.h |  4 ++--
 2 files changed, 18 insertions(+), 7 deletions(-)

diff --git a/src/ssl.c b/src/ssl.c
index 15cf1ad08..58cc6fe94 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -12846,8 +12846,6 @@ int wolfSSL_DSA_do_verify(const unsigned char* d, unsigned char* sig,
     ret = DsaVerify(d, sig, (DsaKey*)dsa->internal, dsacheck);
     if (ret != 0 || *dsacheck != 1) {
         WOLFSSL_MSG("DsaVerify failed");
-        printf("ret = %d\n", ret);
-        printf("*dsacheck = %d\n", *dsacheck);
         return ret;
     }
 
@@ -13507,7 +13505,10 @@ int wolfSSL_PEM_write_mem_RSAPrivateKey(RSA* rsa, const EVP_CIPHER* cipher,
         }
     }
 
-    der_max_len = 5 * wolfSSL_RSA_size(rsa) + 16;
+    /* 5 > size of n, d, p, q, d%(p-1), d(q-1), 1/q%p, e + ASN.1 additionnal
+     *  informations
+     */
+    der_max_len = 5 * wolfSSL_RSA_size(rsa) + AES_BLOCK_SIZE;
 
     der = (byte*)XMALLOC(der_max_len, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     if (der == NULL) {
@@ -13546,6 +13547,8 @@ int wolfSSL_PEM_write_mem_RSAPrivateKey(RSA* rsa, const EVP_CIPHER* cipher,
     if (tmp == NULL) {
         WOLFSSL_MSG("malloc failed");
         XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        if (cipherInfo != NULL)
+            XFREE(cipherInfo, NULL, DYNAMIC_TYPE_TMP_BUFFER);
         return SSL_FAILURE;
     }
 
@@ -14873,7 +14876,9 @@ int wolfSSL_PEM_write_mem_ECPrivateKey(WOLFSSL_EC_KEY* ecc,
         }
     }
 
-    der_max_len = 4 * wc_ecc_size((ecc_key*)ecc->internal) + 16;
+    /* 4 > size of pub, priv + ASN.1 additionnal informations
+     */
+    der_max_len = 4 * wc_ecc_size((ecc_key*)ecc->internal) + AES_BLOCK_SIZE;
 
     der = (byte*)XMALLOC(der_max_len, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     if (der == NULL) {
@@ -14912,6 +14917,8 @@ int wolfSSL_PEM_write_mem_ECPrivateKey(WOLFSSL_EC_KEY* ecc,
     if (tmp == NULL) {
         WOLFSSL_MSG("malloc failed");
         XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        if (cipherInfo != NULL)
+            XFREE(cipherInfo, NULL, DYNAMIC_TYPE_TMP_BUFFER);
         return SSL_FAILURE;
     }
 
@@ -15042,7 +15049,9 @@ int wolfSSL_PEM_write_mem_DSAPrivateKey(WOLFSSL_DSA* dsa,
         }
     }
 
-    der_max_len = 4 * wolfSSL_BN_num_bytes(dsa->g) + 16;
+    /* 4 > size of pub, priv, p, q, g + ASN.1 additionnal informations
+     */
+    der_max_len = 4 * wolfSSL_BN_num_bytes(dsa->g) + AES_BLOCK_SIZE;
 
     der = (byte*)XMALLOC(der_max_len, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     if (der == NULL) {
@@ -15081,6 +15090,8 @@ int wolfSSL_PEM_write_mem_DSAPrivateKey(WOLFSSL_DSA* dsa,
     if (tmp == NULL) {
         WOLFSSL_MSG("malloc failed");
         XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        if (cipherInfo != NULL)
+            XFREE(cipherInfo, NULL, DYNAMIC_TYPE_TMP_BUFFER);
         return SSL_FAILURE;
     }
 
diff --git a/wolfssl/wolfcrypt/ecc.h b/wolfssl/wolfcrypt/ecc.h
index 92fcc4f4f..6630a1ae8 100644
--- a/wolfssl/wolfcrypt/ecc.h
+++ b/wolfssl/wolfcrypt/ecc.h
@@ -73,11 +73,11 @@ typedef struct {
  * mp_ints for the components of the point. With ALT_ECC_SIZE, the components
  * of the point are pointers that are set to each of a three item array of
  * alt_fp_ints. While an mp_int will have 4096 bits of digit inside the
- * structure, the alt_fp_int will only have 512 bits. A size value was added
+ * structure, the alt_fp_int will only have 528 bits. A size value was added
  * in the ALT case, as well, and is set by mp_init() and alt_fp_init(). The
  * functions fp_zero() and fp_copy() use the size parameter. An int needs to
  * be initialized before using it instead of just fp_zeroing it, the init will
- * call zero. FP_MAX_BITS_ECC defaults to 512, but can be set to change the
+ * call zero. FP_MAX_BITS_ECC defaults to 528, but can be set to change the
  * number of bits used in the alternate FP_INT.
  *
  * Do not enable ALT_ECC_SIZE and disable fast math in the configuration.

From 9c2a85d9f6f5da6dafec2469be77deddc8a15802 Mon Sep 17 00:00:00 2001
From: Ludovic FLAMENT <ludovic.flament@cryptograph-ic.com>
Date: Fri, 24 Jul 2015 11:17:06 +0200
Subject: [PATCH 239/350] fix compilation for 32 bits OS

---
 wolfcrypt/src/integer.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/wolfcrypt/src/integer.c b/wolfcrypt/src/integer.c
index 5f337fd30..383f7dab8 100644
--- a/wolfcrypt/src/integer.c
+++ b/wolfcrypt/src/integer.c
@@ -4290,7 +4290,7 @@ int mp_rand_prime(mp_int* N, int len, RNG* rng, void* heap)
     byte* buf;
 
     if (N == NULL || rng == NULL)
-        return BAD_FUNC_ARG;
+        return MP_VAL;
 
     /* get type */
     if (len < 0) {
@@ -4302,13 +4302,13 @@ int mp_rand_prime(mp_int* N, int len, RNG* rng, void* heap)
 
     /* allow sizes between 2 and 512 bytes for a prime size */
     if (len < 2 || len > 512) {
-        return BAD_FUNC_ARG;
+        return MP_VAL;
     }
 
     /* allocate buffer to work with */
     buf = (byte*)XMALLOC(len, heap, DYNAMIC_TYPE_RSA);
     if (buf == NULL) {
-        return MEMORY_E;
+        return MP_MEM;
     }
     XMEMSET(buf, 0, len);
 
@@ -4341,7 +4341,7 @@ int mp_rand_prime(mp_int* N, int len, RNG* rng, void* heap)
         }
     } while (res == MP_NO);
 
-    ForceZero(buf, len);
+    XMEMSET(buf, 0, len);
     XFREE(buf, heap, DYNAMIC_TYPE_RSA);
     
     return MP_OKAY;

From 45ef61e46f69b52ecb2bae63528776058dcccc9d Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Fri, 24 Jul 2015 12:43:26 -0700
Subject: [PATCH 240/350] fix warnings

---
 wolfcrypt/src/asn.c     | 2 +-
 wolfcrypt/src/integer.c | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
index daed24e9d..05d882457 100644
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -7024,7 +7024,7 @@ int wc_EccKeyToDer(ecc_key* key, byte* output, word32 inLen)
 
     /* public */
     XMEMCPY(output + idx, pub, pubidx);
-    idx += pubidx;
+    /* idx += pubidx;  not used after write, if more data remove comment */
     XFREE(pub, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 
     return totalSz;
diff --git a/wolfcrypt/src/integer.c b/wolfcrypt/src/integer.c
index 383f7dab8..48421d0f4 100644
--- a/wolfcrypt/src/integer.c
+++ b/wolfcrypt/src/integer.c
@@ -4045,7 +4045,7 @@ static int mp_div_d (mp_int * a, mp_digit b, mp_int * c, mp_digit * d)
   mp_int  q;
   mp_word w;
   mp_digit t;
-  int     res, ix;
+  int     res = MP_OKAY, ix;
 
   /* cannot divide by zero */
   if (b == 0) {

From 9038ea018aceb9276b560b29d811ca2e12b09228 Mon Sep 17 00:00:00 2001
From: Chris Conlon <chris@wolfssl.com>
Date: Fri, 24 Jul 2015 15:06:58 -0600
Subject: [PATCH 241/350] Freescale/RTCS fixes for io.c

---
 src/io.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/src/io.c b/src/io.c
index 195056665..a55fa8450 100644
--- a/src/io.c
+++ b/src/io.c
@@ -210,6 +210,10 @@ static INLINE int TranslateReturnCode(int old, int sd)
         errno = RTCS_geterror(sd);
         if (errno == RTCSERR_TCP_CONN_CLOSING)
             return 0;   /* convert to BSD style closing */
+        if (errno == RTCSERR_TCP_CONN_RLSD)
+            errno = SOCKET_ECONNRESET;
+        if (errno == RTCSERR_TCP_TIMED_OUT)
+            errno = SOCKET_EAGAIN;
     }
 #endif
 
@@ -316,6 +320,8 @@ int EmbedSend(WOLFSSL* ssl, char *buf, int sz, void *ctx)
 
     sent = (int)SEND_FUNCTION(sd, &buf[sz - len], len, ssl->wflags);
 
+    sent = TranslateReturnCode(sent, sd);
+
     if (sent < 0) {
         err = LastError();
         WOLFSSL_MSG("Embed Send error");
@@ -454,6 +460,9 @@ int EmbedSendTo(WOLFSSL* ssl, char *buf, int sz, void *ctx)
     sent = (int)SENDTO_FUNCTION(sd, &buf[sz - len], len, ssl->wflags,
                                 (const struct sockaddr*)dtlsCtx->peer.sa,
                                 dtlsCtx->peer.sz);
+
+    sent = TranslateReturnCode(sent, sd);
+
     if (sent < 0) {
         err = LastError();
         WOLFSSL_MSG("Embed Send To error");

From 5780f4d5f703fe9c06abc3542c1027cdc2044050 Mon Sep 17 00:00:00 2001
From: Nickolas Lapp <nick@wolfssl.com>
Date: Fri, 24 Jul 2015 15:39:31 -0600
Subject: [PATCH 242/350] stub notices. edited b64 encode size. err cert
 depth/sn

---
 src/ssl.c              | 112 ++++++++++++++++++++++++++++++++++-------
 wolfcrypt/src/coding.c |  72 ++++++++++++++------------
 2 files changed, 134 insertions(+), 50 deletions(-)

diff --git a/src/ssl.c b/src/ssl.c
index 24591613b..94ae8a823 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -7169,13 +7169,16 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
     WOLFSSL_X509* wolfSSL_X509_STORE_CTX_get_current_cert(
                                                     WOLFSSL_X509_STORE_CTX* ctx)
     {
-        (void)ctx;
+        WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_get_current_cert");
+        if(ctx)
+            return ctx->current_cert;
         return NULL;
     }
 
 
     int wolfSSL_X509_STORE_CTX_get_error(WOLFSSL_X509_STORE_CTX* ctx)
     {
+        WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_get_error");
         if (ctx != NULL)
             return ctx->error;
         return 0;
@@ -7184,8 +7187,10 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
 
     int wolfSSL_X509_STORE_CTX_get_error_depth(WOLFSSL_X509_STORE_CTX* ctx)
     {
-        (void)ctx;
-        return 0;
+        WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_get_error_depth");
+        if(ctx)
+            return ctx->error_depth;
+        return SSL_FATAL_ERROR;
     }
 
 
@@ -8802,7 +8807,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
 
     WOLFSSL_X509_NAME* wolfSSL_X509_get_subject_name(WOLFSSL_X509* cert)
     {
-        WOLFSSL_ENTER("X509_get_subject_name");
+        WOLFSSL_ENTER("wolfSSL_X509_get_subject_name");
         if(cert)
             return &cert->subject;
         return NULL;
@@ -10153,8 +10158,7 @@ void wolfSSL_set_dynlock_destroy_callback(
 
 const char* wolfSSL_X509_verify_cert_error_string(long err)
 {
-    (void)err;
-    return 0;
+    return wolfSSL_ERR_reason_error_string(err);
 }
 
 
@@ -14865,8 +14869,8 @@ WOLFSSL_X509* wolfSSL_get_chain_X509(WOLFSSL_X509_CHAIN* chain, int idx)
 
 
 /* Get peer's PEM ceritifcate at index (idx), output to buffer if inLen big
-   enough else return error (-1), output length is in *outLen
-   SSL_SUCCESS on ok */
+   enough else return error (-1). If buffer is NULL only calculate
+   outLen. Output length is in *outLen SSL_SUCCESS on ok */
 int  wolfSSL_get_chain_cert_pem(WOLFSSL_X509_CHAIN* chain, int idx,
                                unsigned char* buf, int inLen, int* outLen)
 {
@@ -14877,11 +14881,21 @@ int  wolfSSL_get_chain_cert_pem(WOLFSSL_X509_CHAIN* chain, int idx,
     int footerLen = sizeof(footer) - 1;
     int i;
     int err;
+    word32 szNeeded = 0;
 
     WOLFSSL_ENTER("wolfSSL_get_chain_cert_pem");
-    if (!chain || !outLen || !buf)
+    if (!chain || !outLen)
         return BAD_FUNC_ARG;
 
+    /* Null output buffer return size needed in outLen */
+    if(!buf) {
+        if(Base64_Encode(chain->certs[idx].buffer, chain->certs[idx].length,
+                    NULL, &szNeeded) != LENGTH_ONLY_E)
+            return SSL_FAILURE;
+        *outLen = szNeeded + headerLen + footerLen;
+        return LENGTH_ONLY_E;
+    }
+
     /* don't even try if inLen too short */
     if (inLen < headerLen + footerLen + chain->certs[idx].length)
         return BAD_FUNC_ARG;
@@ -15256,7 +15270,7 @@ void* wolfSSL_CTX_get_ex_data(const WOLFSSL_CTX* ctx, int idx)
 {
     WOLFSSL_ENTER("wolfSSL_CTX_get_ex_data");
     #ifdef HAVE_STUNNEL
-    if(ctx != NULL && idx < MAX_EX_DATA) {
+    if(ctx != NULL && idx < MAX_EX_DATA && idx >= 0) {
         return ctx->ex_data[idx];
     }
     #else
@@ -15333,7 +15347,7 @@ void* wolfSSL_get_ex_data(const WOLFSSL* ssl, int idx)
 {
     WOLFSSL_ENTER("wolfSSL_get_ex_data");
 #if defined(FORTRESS) || defined(HAVE_STUNNEL)
-    if (ssl != NULL && idx < MAX_EX_DATA)
+    if (ssl != NULL && idx < MAX_EX_DATA && idx >= 0)
         return ssl->ex_data[idx];
 #else
     (void)ssl;
@@ -15457,7 +15471,7 @@ int wolfSSL_SESSION_get_ex_new_index(long idx, void* data, void* cb1,
 void* wolfSSL_SESSION_get_ex_data(const WOLFSSL_SESSION* session, int idx)
 {
     WOLFSSL_ENTER("wolfSSL_SESSION_get_ex_data");
-    if (session != NULL && idx < MAX_EX_DATA)
+    if (session != NULL && idx < MAX_EX_DATA && idx >= 0)
         return session->ex_data[idx];
     return NULL;
 }
@@ -15470,6 +15484,8 @@ int wolfSSL_CRYPTO_set_mem_ex_functions(void *(*m) (size_t, const char *, int),
     (void) m;
     (void) r;
     (void) f;
+    WOLFSSL_ENTER("wolfSSL_CRYPTO_set_mem_ex_functions");
+    WOLFSSL_STUB("wolfSSL_CRYPTO_set_mem_ex_functions");
 
     return SSL_FAILURE;
 }
@@ -15482,26 +15498,45 @@ WOLFSSL_DH *wolfSSL_DH_generate_parameters(int prime_len, int generator,
     (void)generator;
     (void)callback;
     (void)cb_arg;
+    WOLFSSL_ENTER("wolfSSL_DH_generate_parameters");
+    WOLFSSL_STUB("wolfSSL_DH_generate_parameters");
+
     return NULL;
 }
 
 
-void wolfSSL_ERR_load_crypto_strings(void){}
+void wolfSSL_ERR_load_crypto_strings(void)
+{
+    WOLFSSL_ENTER("wolfSSL_ERR_load_crypto_strings");
+    WOLFSSL_ENTER("wolfSSL_ERR_load_crypto_strings");
+    return;
+}
+
+
 unsigned long wolfSSL_ERR_peek_last_error(void)
 {
     unsigned long l = 0UL;
-    return l; 
+    WOLFSSL_ENTER("wolfSSL_ERR_peek_last_error");
+    WOLFSSL_STUB("wolfSSL_ERR_peek_last_error");
+
+    return l;
 }
 
 
 int wolfSSL_FIPS_mode(void)
 {
+    WOLFSSL_ENTER("wolfSSL_FIPS_mode");
+    WOLFSSL_STUB("wolfSSL_FIPS_mode");
+
     return SSL_FAILURE;
 }
 
 int wolfSSL_FIPS_mode_set(int r)
 {
     (void)r;
+    WOLFSSL_ENTER("wolfSSL_FIPS_mode_set");
+    WOLFSSL_STUB("wolfSSL_FIPS_mode_set");
+
     return SSL_FAILURE;
 }
 
@@ -15509,6 +15544,9 @@ int wolfSSL_FIPS_mode_set(int r)
 int wolfSSL_RAND_set_rand_method(const void *meth)
 {
     (void) meth;
+    WOLFSSL_ENTER("wolfSSL_RAND_set_rand_method");
+    WOLFSSL_STUB("wolfSSL_RAND_set_rand_method");
+
     return SSL_FAILURE;
 }
 
@@ -15516,6 +15554,7 @@ int wolfSSL_RAND_set_rand_method(const void *meth)
 int wolfSSL_CIPHER_get_bits(const WOLFSSL_CIPHER *c, int *alg_bits)
 {
     int ret = SSL_FAILURE;
+    WOLFSSL_ENTER("wolfSSL_CIPHER_get_bits");
     if(c != NULL && c->ssl != NULL) {
         ret = 8 * c->ssl->specs.key_size;
         if(alg_bits != NULL) {
@@ -15529,6 +15568,9 @@ int wolfSSL_CIPHER_get_bits(const WOLFSSL_CIPHER *c, int *alg_bits)
 int wolfSSL_sk_X509_NAME_num(const STACK_OF(WOLFSSL_X509_NAME) *s)
 {
     (void) s;
+    WOLFSSL_ENTER("wolfSSL_sk_X509_NAME_num");
+    WOLFSSL_STUB("wolfSSL_sk_X509_NAME_num");
+
     return SSL_FAILURE;
 }
 
@@ -15536,6 +15578,9 @@ int wolfSSL_sk_X509_NAME_num(const STACK_OF(WOLFSSL_X509_NAME) *s)
 int wolfSSL_sk_X509_num(const STACK_OF(WOLFSSL_X509) *s)
 {
     (void) s;
+    WOLFSSL_ENTER("wolfSSL_sk_X509_num");
+    WOLFSSL_STUB("wolfSSL_sk_X509_num");
+
     return SSL_FAILURE;
 }
 
@@ -15547,28 +15592,40 @@ int wolfSSL_X509_NAME_print_ex(WOLFSSL_BIO* bio, WOLFSSL_X509_NAME* nm,
     (void)nm;
     (void)indent;
     (void)flags;
+    WOLFSSL_ENTER("wolfSSL_X509_NAME_print_ex");
+    WOLFSSL_STUB("wolfSSL_X509_NAME_print_ex");
+
     return SSL_FAILURE;
 }
 
 
 WOLFSSL_ASN1_BIT_STRING* wolfSSL_X509_get0_pubkey_bitstr(const WOLFSSL_X509* x)
 {
-   (void)x;
-   return NULL;
+    (void)x;
+    WOLFSSL_ENTER("wolfSSL_X509_get0_pubkey_bitstr");
+    WOLFSSL_STUB("wolfSSL_X509_get0_pubkey_bitstr");
+
+    return NULL;
 }
 
 
 int wolfSSL_CTX_add_session(WOLFSSL_CTX* ctx, WOLFSSL_SESSION* session)
 {
-     (void)ctx;
-     (void)session;
-     return SSL_SUCCESS;
+    (void)ctx;
+    (void)session;
+    WOLFSSL_ENTER("wolfSSL_CTX_add_session");
+    WOLFSSL_STUB("wolfSSL_CTX_add_session");
+
+    return SSL_SUCCESS;
 }
 
 
 int wolfSSL_get_state(const WOLFSSL* ssl)
 {
     (void)ssl;
+    WOLFSSL_ENTER("wolfSSL_get_state");
+    WOLFSSL_STUB("wolfSSL_get_state");
+
     return SSL_FAILURE;
 }
 
@@ -15577,6 +15634,9 @@ void* wolfSSL_sk_X509_NAME_value(STACK_OF(WOLFSSL_X509_NAME)* sk, int i)
 {
     (void)sk;
     (void)i;
+    WOLFSSL_ENTER("wolfSSL_sk_X509_NAME_value");
+    WOLFSSL_STUB("wolfSSL_sk_X509_NAME_value");
+
     return NULL;
 }
 
@@ -15585,12 +15645,16 @@ void* wolfSSL_sk_X509_value(STACK_OF(WOLFSSL_X509)* sk, int i)
 {
     (void)sk;
     (void)i;
+    WOLFSSL_ENTER("wolfSSL_sk_X509_value");
+    WOLFSSL_STUB("wolfSSL_sk_X509_value");
+
     return NULL;
 }
 
 
 int wolfSSL_version(WOLFSSL* ssl)
 {
+    WOLFSSL_ENTER("wolfSSL_version");
     if (ssl->version.major == SSLv3_MAJOR) {
         switch (ssl->version.minor) {
             case SSLv3_MINOR :
@@ -15619,6 +15683,9 @@ int wolfSSL_version(WOLFSSL* ssl)
 STACK_OF(WOLFSSL_X509)* wolfSSL_get_peer_cert_chain(const WOLFSSL* ssl)
 {
     (void)ssl;
+    WOLFSSL_ENTER("wolfSSL_get_peer_cert_chain");
+    WOLFSSL_STUB("wolfSSL_get_peer_cert_chain");
+
     return NULL;
 }
 
@@ -15626,17 +15693,22 @@ STACK_OF(WOLFSSL_X509)* wolfSSL_get_peer_cert_chain(const WOLFSSL* ssl)
 long wolfSSL_CTX_get_options(WOLFSSL_CTX* ctx)
 {
     (void)ctx;
+    WOLFSSL_ENTER("wolfSSL_CTX_get_options");
+    WOLFSSL_STUB("wolfSSL_CTX_get_options");
+
     return 0;
 }
 
 
 WOLFSSL_CTX* wolfSSL_get_SSL_CTX(WOLFSSL* ssl)
 {
+    WOLFSSL_ENTER("wolfSSL_get_SSL_CTX");
     return ssl->ctx;
 }
 
 int wolfSSL_X509_NAME_get_sz(WOLFSSL_X509_NAME* name)
 {
+    WOLFSSL_ENTER("wolfSSL_X509_NAME_get_sz");
     if(!name)
         return -1;
     return name->sz;
@@ -15645,6 +15717,8 @@ int wolfSSL_X509_NAME_get_sz(WOLFSSL_X509_NAME* name)
 
 const byte* wolfSSL_SESSION_get_id(WOLFSSL_SESSION* sess, unsigned int* idLen)
 {
+    WOLFSSL_ENTER("wolfSSL_SESSION_get_id");
+    WOLFSSL_STUB("wolfSSL_SESSION_get_id");
     if(!sess || !idLen) {
         WOLFSSL_MSG("Bad func args. Please provide idLen");
         return NULL;
diff --git a/wolfcrypt/src/coding.c b/wolfcrypt/src/coding.c
index f4d919255..5227a76fe 100644
--- a/wolfcrypt/src/coding.c
+++ b/wolfcrypt/src/coding.c
@@ -150,7 +150,7 @@ const byte base64Encode[] = { 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J',
 /* make sure *i (idx) won't exceed max, store and possibly escape to out,
  * raw means use e w/o decode,  0 on success */
 static int CEscape(int escaped, byte e, byte* out, word32* i, word32 max,
-                  int raw)
+                  int raw, int getSzOnly)
 {
     int    doEscape = 0;
     word32 needed = 1;
@@ -191,39 +191,46 @@ static int CEscape(int escaped, byte e, byte* out, word32* i, word32 max,
     }
 
     /* check size */
-    if ( (idx+needed) > max) {
+    if ( (idx+needed) > max && !getSzOnly) {
         WOLFSSL_MSG("Escape buffer max too small");
         return BUFFER_E;
     }
 
     /* store it */
     if (doEscape == 0) {
-        out[idx++] = basic;
+        if(getSzOnly)
+            idx++;
+        else
+            out[idx++] = basic;
     }
     else {
-        out[idx++] = '%';  /* start escape */
+        if(getSzOnly)
+            idx+=3;
+        else {
+            out[idx++] = '%';  /* start escape */
 
-        if (plus) {
-            out[idx++] = '2';
-            out[idx++] = 'B';
+            if (plus) {
+                out[idx++] = '2';
+                out[idx++] = 'B';
+            }
+            else if (equals) {
+                out[idx++] = '3';
+                out[idx++] = 'D';
+            }
+            else if (newline) {
+                out[idx++] = '0';
+                out[idx++] = 'A';
+            }
         }
-        else if (equals) {
-            out[idx++] = '3';
-            out[idx++] = 'D';
-        }
-        else if (newline) {
-            out[idx++] = '0';
-            out[idx++] = 'A';
-        }
-
     }
     *i = idx;
 
-    return 0;
+    return getSzOnly ? LENGTH_ONLY_E : 0;
 }
 
 
-/* internal worker, handles both escaped and normal line endings */
+/* internal worker, handles both escaped and normal line endings.
+   If out buffer is NULL, will return sz needed in outLen */
 static int DoBase64_Encode(const byte* in, word32 inLen, byte* out,
                            word32* outLen, int escaped)
 {
@@ -232,6 +239,8 @@ static int DoBase64_Encode(const byte* in, word32 inLen, byte* out,
            j = 0,
            n = 0;   /* new line counter */
 
+    int    getSzOnly = (out == NULL);
+
     word32 outSz = (inLen + 3 - 1) / 3 * 4;
     word32 addSz = (outSz + PEM_LINE_SZ - 1) / PEM_LINE_SZ;  /* new lines */
 
@@ -243,8 +252,9 @@ static int DoBase64_Encode(const byte* in, word32 inLen, byte* out,
     outSz += addSz;
 
     /* if escaped we can't predetermine size for one pass encoding, but
-     * make sure we have enough if no escapes are in input */
-    if (outSz > *outLen) return BAD_FUNC_ARG;
+     * make sure we have enough if no escapes are in input
+     * Also need to ensure outLen valid before dereference */
+    if (!outLen || (outSz > *outLen && !getSzOnly)) return BAD_FUNC_ARG;
 
     while (inLen > 2) {
         byte b1 = in[j++];
@@ -258,20 +268,20 @@ static int DoBase64_Encode(const byte* in, word32 inLen, byte* out,
         byte e4 = b3 & 0x3F;
 
         /* store */
-        ret = CEscape(escaped, e1, out, &i, *outLen, 0);
+        ret = CEscape(escaped, e1, out, &i, *outLen, 0, getSzOnly);
         if (ret != 0) break;
-        ret = CEscape(escaped, e2, out, &i, *outLen, 0);
+        ret = CEscape(escaped, e2, out, &i, *outLen, 0, getSzOnly);
         if (ret != 0) break;
-        ret = CEscape(escaped, e3, out, &i, *outLen, 0);
+        ret = CEscape(escaped, e3, out, &i, *outLen, 0, getSzOnly);
         if (ret != 0) break;
-        ret = CEscape(escaped, e4, out, &i, *outLen, 0);
+        ret = CEscape(escaped, e4, out, &i, *outLen, 0, getSzOnly);
         if (ret != 0) break;
 
         inLen -= 3;
 
         /* Insert newline after PEM_LINE_SZ, unless no \n requested */
         if (escaped != WC_NO_NL_ENC && (++n % (PEM_LINE_SZ/4)) == 0 && inLen){
-            ret = CEscape(escaped, '\n', out, &i, *outLen, 1);
+            ret = CEscape(escaped, '\n', out, &i, *outLen, 1, getSzOnly);
             if (ret != 0) break;
         }
     }
@@ -287,23 +297,23 @@ static int DoBase64_Encode(const byte* in, word32 inLen, byte* out,
         byte e2 = (byte)(((b1 & 0x3) << 4) | (b2 >> 4));
         byte e3 = (byte)((b2 & 0xF) << 2);
 
-        ret = CEscape(escaped, e1, out, &i, *outLen, 0);
+        ret = CEscape(escaped, e1, out, &i, *outLen, 0, getSzOnly);
         if (ret == 0)
-            ret = CEscape(escaped, e2, out, &i, *outLen, 0);
+            ret = CEscape(escaped, e2, out, &i, *outLen, 0, getSzOnly);
         if (ret == 0) {
             /* third */
             if (twoBytes)
-                ret = CEscape(escaped, e3, out, &i, *outLen, 0);
+                ret = CEscape(escaped, e3, out, &i, *outLen, 0, getSzOnly);
             else
-                ret = CEscape(escaped, '=', out, &i, *outLen, 1);
+                ret = CEscape(escaped, '=', out, &i, *outLen, 1, getSzOnly);
         }
         /* fourth always pad */
         if (ret == 0)
-            ret = CEscape(escaped, '=', out, &i, *outLen, 1);
+            ret = CEscape(escaped, '=', out, &i, *outLen, 1, getSzOnly);
     }
 
     if (ret == 0 && escaped != WC_NO_NL_ENC)
-        ret = CEscape(escaped, '\n', out, &i, *outLen, 1);
+        ret = CEscape(escaped, '\n', out, &i, *outLen, 1, getSzOnly);
 
     if (i != outSz && escaped != 1 && ret == 0)
         return ASN_INPUT_E;

From 0a975eaff970486a3e8a6d6edac4ce356e35a77c Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Fri, 24 Jul 2015 15:34:56 -0700
Subject: [PATCH 243/350] fix valgrind warning mp_add_d

---
 wolfcrypt/src/integer.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/wolfcrypt/src/integer.c b/wolfcrypt/src/integer.c
index 48421d0f4..5a79191b6 100644
--- a/wolfcrypt/src/integer.c
+++ b/wolfcrypt/src/integer.c
@@ -3878,7 +3878,7 @@ int mp_add_d (mp_int* a, mp_digit b, mp_int* c)
         *tmpc++ &= MP_MASK;
      }
      /* set final carry */
-     if (mu != 0 && ix < c->alloc) {
+     if (ix < c->alloc) {
         ix++;
         *tmpc++  = mu;
      }

From e363848ecc3159a6af8d373f8d360dd20acce88c Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Fri, 24 Jul 2015 19:19:53 -0700
Subject: [PATCH 244/350] fix jenkins build #465 with kegen changes

---
 src/ssl.c | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/src/ssl.c b/src/ssl.c
index e06f042f3..5b7cc6f5e 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -33,7 +33,8 @@
 #include <wolfssl/error-ssl.h>
 #include <wolfssl/wolfcrypt/coding.h>
 
-#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
+#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || \
+                              defined(WOLFSSL_KEY_GEN)
     #include <wolfssl/openssl/evp.h>
 #endif
 
@@ -1578,9 +1579,11 @@ int wolfSSL_CertPemToDer(const unsigned char* pem, int pemSz,
 static const char *EVP_AES_128_CBC = "AES-128-CBC";
 static const char *EVP_AES_192_CBC = "AES-192-CBC";
 static const char *EVP_AES_256_CBC = "AES-256-CBC";
-static const char *EVP_AES_128_CTR = "AES-128-CTR";
-static const char *EVP_AES_192_CTR = "AES-192-CTR";
-static const char *EVP_AES_256_CTR = "AES-256-CTR";
+#if defined(OPENSSL_EXTRA)
+    static const char *EVP_AES_128_CTR = "AES-128-CTR";
+    static const char *EVP_AES_192_CTR = "AES-192-CTR";
+    static const char *EVP_AES_256_CTR = "AES-256-CTR";
+#endif
 static const int  EVP_AES_SIZE = 11;
 
 static const char *EVP_DES_CBC = "DES-CBC";
@@ -1589,6 +1592,7 @@ static const int  EVP_DES_SIZE = 7;
 static const char *EVP_DES_EDE3_CBC = "DES-EDE3-CBC";
 static const int  EVP_DES_EDE3_SIZE = 12;
 
+
 /* our KeyPemToDer password callback, password in userData */
 static INLINE int OurPasswordCb(char* passwd, int sz, int rw, void* userdata)
 {
@@ -2286,7 +2290,7 @@ static int wolfssl_decrypt_buffer_key(buffer* der, byte* password,
 #endif /* defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) */
 
 
-#if defined(WOLFSSL_KEY_GEN)
+#if defined(WOLFSSL_KEY_GEN) && defined(OPENSSL_EXTRA)
 static int wolfssl_encrypt_buffer_key(byte* der, word32 derSz, byte* password,
                                       int passwordSz, EncryptedInfo* info)
 {
@@ -12697,6 +12701,7 @@ int wolfSSL_DSA_generate_parameters_ex(WOLFSSL_DSA* dsa, int bits,
 {
     int ret = SSL_FAILURE;
 
+    (void)bits;
     (void)seed;
     (void)seedLen;
     (void)counterRet;

From b85637e06baa1ca858b8438c7e67d6dcdbf3e38e Mon Sep 17 00:00:00 2001
From: Nickolas Lapp <nick@wolfssl.com>
Date: Mon, 27 Jul 2015 10:43:49 -0600
Subject: [PATCH 245/350] Fixed bug when getting PEM encoded sz. Add idx check

---
 src/ssl.c              | 2 +-
 wolfcrypt/src/coding.c | 4 +++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/ssl.c b/src/ssl.c
index 5b7cc6f5e..0cb454215 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -15481,7 +15481,7 @@ int  wolfSSL_get_chain_cert_pem(WOLFSSL_X509_CHAIN* chain, int idx,
     word32 szNeeded = 0;
 
     WOLFSSL_ENTER("wolfSSL_get_chain_cert_pem");
-    if (!chain || !outLen)
+    if (!chain || !outLen || idx < 0 || idx >= wolfSSL_get_chain_count(chain))
         return BAD_FUNC_ARG;
 
     /* Null output buffer return size needed in outLen */
diff --git a/wolfcrypt/src/coding.c b/wolfcrypt/src/coding.c
index 21d10f9e9..c631d2960 100644
--- a/wolfcrypt/src/coding.c
+++ b/wolfcrypt/src/coding.c
@@ -225,7 +225,7 @@ static int CEscape(int escaped, byte e, byte* out, word32* i, word32 max,
     }
     *i = idx;
 
-    return getSzOnly ? LENGTH_ONLY_E : 0;
+    return 0;
 }
 
 
@@ -319,6 +319,8 @@ static int DoBase64_Encode(const byte* in, word32 inLen, byte* out,
         return ASN_INPUT_E;
 
     *outLen = i;
+    if(ret == 0)
+        return getSzOnly ? LENGTH_ONLY_E : 0;
     return ret;
 }
 

From 38fb8caec8bed251cd5b7f585dace5d7db89e7b7 Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Mon, 27 Jul 2015 14:56:26 -0700
Subject: [PATCH 246/350] restore FIPS des3 build w/o opensslextra

---
 wolfcrypt/src/des3.c | 12 ------------
 1 file changed, 12 deletions(-)

diff --git a/wolfcrypt/src/des3.c b/wolfcrypt/src/des3.c
index ee068a0bc..cab21a9b3 100644
--- a/wolfcrypt/src/des3.c
+++ b/wolfcrypt/src/des3.c
@@ -91,12 +91,6 @@ void wc_Des_SetIV(Des* des, const byte* iv)
 }
 
 
-int wc_Des_CbcEncryptWithKey(byte* out, const byte* in, word32 sz,
-                                                const byte* key, const byte* iv)
-{
-    return Des_CbcEncryptWithKey(out, in, sz, key, iv);
-}
-
 int wc_Des_CbcDecryptWithKey(byte* out, const byte* in, word32 sz,
                              const byte* key, const byte* iv)
 {
@@ -110,12 +104,6 @@ int wc_Des3_SetIV(Des3* des, const byte* iv)
 }
 
 
-int wc_Des3_CbcEncryptWithKey(byte* out, const byte* in, word32 sz,
-                              const byte* key, const byte* iv)
-{
-    return Des3_CbcEncryptWithKey(out, in, sz, key, iv);
-}
-
 int wc_Des3_CbcDecryptWithKey(byte* out, const byte* in, word32 sz,
                               const byte* key, const byte* iv)
 {

From 388d023df664e634daa46f2ac1e77eec178021b9 Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Tue, 28 Jul 2015 09:29:47 -0700
Subject: [PATCH 247/350] put rsa non public enums back into c file for FIPS

---
 src/ssl.c               |  4 ++--
 wolfcrypt/src/rsa.c     | 16 ++++++++++++++++
 wolfssl/wolfcrypt/rsa.h | 13 -------------
 3 files changed, 18 insertions(+), 15 deletions(-)

diff --git a/src/ssl.c b/src/ssl.c
index 0cb454215..637db8d61 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -12514,8 +12514,8 @@ int wolfSSL_RSA_generate_key_ex(WOLFSSL_RSA* rsa, int bits, WOLFSSL_BIGNUM* bn,
 
     WOLFSSL_ENTER("wolfSSL_RSA_generate_key_ex");
 
-    if (rsa == NULL || rsa->internal == NULL ||
-        bits < RSA_MIN_SIZE || bits > RSA_MAX_SIZE) {
+    if (rsa == NULL || rsa->internal == NULL) {
+        /* bit size checked during make key call */
         WOLFSSL_MSG("bad arguments");
         return SSL_FAILURE;
     }
diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c
index bc85a949e..5cd6e6331 100644
--- a/wolfcrypt/src/rsa.c
+++ b/wolfcrypt/src/rsa.c
@@ -144,6 +144,22 @@ int wc_RsaFlattenPublicKey(RsaKey* key, byte* a, word32* aSz, byte* b,
                                     word32 outLen, RsaKey* key);
 #endif
 
+enum {
+    RSA_PUBLIC_ENCRYPT  = 0,
+    RSA_PUBLIC_DECRYPT  = 1,
+    RSA_PRIVATE_ENCRYPT = 2,
+    RSA_PRIVATE_DECRYPT = 3,
+
+    RSA_BLOCK_TYPE_1 = 1,
+    RSA_BLOCK_TYPE_2 = 2,
+
+    RSA_MIN_SIZE = 512,
+    RSA_MAX_SIZE = 4096,
+
+    RSA_MIN_PAD_SZ   = 11      /* seperator + 0 + pad value + 8 pads */
+};
+
+
 int wc_InitRsaKey(RsaKey* key, void* heap)
 {
 #ifdef HAVE_CAVIUM
diff --git a/wolfssl/wolfcrypt/rsa.h b/wolfssl/wolfcrypt/rsa.h
index 1f12df941..df650b3db 100644
--- a/wolfssl/wolfcrypt/rsa.h
+++ b/wolfssl/wolfcrypt/rsa.h
@@ -47,19 +47,6 @@
 enum {
     RSA_PUBLIC   = 0,
     RSA_PRIVATE  = 1,
-
-    RSA_PUBLIC_ENCRYPT  = 0,
-    RSA_PUBLIC_DECRYPT  = 1,
-    RSA_PRIVATE_ENCRYPT = 2,
-    RSA_PRIVATE_DECRYPT = 3,
-
-    RSA_BLOCK_TYPE_1 = 1,
-    RSA_BLOCK_TYPE_2 = 2,
-
-    RSA_MIN_SIZE = 512,
-    RSA_MAX_SIZE = 4096,
-    
-    RSA_MIN_PAD_SZ   = 11      /* seperator + 0 + pad value + 8 pads */
 };
 
 

From 480bab467d1bd77a96b0525ac34165ebc804c81f Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Tue, 28 Jul 2015 09:35:28 -0700
Subject: [PATCH 248/350] fix warning

---
 src/ssl.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/ssl.c b/src/ssl.c
index 637db8d61..f5edfdd7c 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -12511,6 +12511,7 @@ int wolfSSL_RSA_generate_key_ex(WOLFSSL_RSA* rsa, int bits, WOLFSSL_BIGNUM* bn,
 
     (void)cb;
     (void)bn;
+    (void)bits;
 
     WOLFSSL_ENTER("wolfSSL_RSA_generate_key_ex");
 

From 2f3b7b05bac54576dd3a2928e979b382e4c94cee Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Tue, 28 Jul 2015 16:30:10 -0700
Subject: [PATCH 249/350] move wc_ShaHash() outside of sha.[hc]

---
 wolfcrypt/src/asn.c      |  1 +
 wolfcrypt/src/hash.c     | 33 +++++++++++++++++++++++++++++++++
 wolfcrypt/src/sha.c      | 30 ------------------------------
 wolfssl/wolfcrypt/hash.h |  1 +
 wolfssl/wolfcrypt/sha.h  |  1 -
 5 files changed, 35 insertions(+), 31 deletions(-)

diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
index 05d882457..53562e943 100644
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -42,6 +42,7 @@
 #include <wolfssl/wolfcrypt/logging.h>
 
 #include <wolfssl/wolfcrypt/random.h>
+#include <wolfssl/wolfcrypt/hash.h>
 
 
 #ifndef NO_RC4
diff --git a/wolfcrypt/src/hash.c b/wolfcrypt/src/hash.c
index 55a1f6a1d..f9ed38f41 100644
--- a/wolfcrypt/src/hash.c
+++ b/wolfcrypt/src/hash.c
@@ -24,6 +24,7 @@
 #endif
 
 #include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/logging.h>
 
 #if !defined(WOLFSSL_TI_HASH)
 
@@ -55,8 +56,40 @@ int wc_ShaGetHash(Sha* sha, byte* hash)
 WOLFSSL_API void wc_ShaRestorePos(Sha* s1, Sha* s2) {
     *s1 = *s2 ;
 }
+
+int wc_ShaHash(const byte* data, word32 len, byte* hash)
+{
+    int ret = 0;
+#ifdef WOLFSSL_SMALL_STACK
+    Sha* sha;
+#else
+    Sha sha[1];
 #endif
 
+#ifdef WOLFSSL_SMALL_STACK
+    sha = (Sha*)XMALLOC(sizeof(Sha), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    if (sha == NULL)
+        return MEMORY_E;
+#endif
+
+    if ((ret = wc_InitSha(sha)) != 0) {
+        WOLFSSL_MSG("wc_InitSha failed");
+    }
+    else {
+        wc_ShaUpdate(sha, data, len);
+        wc_ShaFinal(sha, hash);
+    }
+
+#ifdef WOLFSSL_SMALL_STACK
+    XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+
+    return ret;
+
+}
+
+#endif /* !defined(NO_SHA) */
+
 #if !defined(NO_SHA256)
 int wc_Sha256GetHash(Sha256* sha256, byte* hash)
 {
diff --git a/wolfcrypt/src/sha.c b/wolfcrypt/src/sha.c
index be8cf17af..b7f119d50 100644
--- a/wolfcrypt/src/sha.c
+++ b/wolfcrypt/src/sha.c
@@ -421,36 +421,6 @@ int wc_ShaFinal(Sha* sha, byte* hash)
 #endif /* STM32F2_HASH */
 
 
-int wc_ShaHash(const byte* data, word32 len, byte* hash)
-{
-    int ret = 0;
-#ifdef WOLFSSL_SMALL_STACK
-    Sha* sha;
-#else
-    Sha sha[1];
-#endif
-
-#ifdef WOLFSSL_SMALL_STACK
-    sha = (Sha*)XMALLOC(sizeof(Sha), NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    if (sha == NULL)
-        return MEMORY_E;
-#endif
-
-    if ((ret = wc_InitSha(sha)) != 0) {
-        WOLFSSL_MSG("wc_InitSha failed");
-    }
-    else {
-        wc_ShaUpdate(sha, data, len);
-        wc_ShaFinal(sha, hash);
-    }
-
-#ifdef WOLFSSL_SMALL_STACK
-    XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-
-    return ret;
-
-}
 
 #endif /* HAVE_FIPS */
 #endif /* WOLFSSL_TI_HASH */
diff --git a/wolfssl/wolfcrypt/hash.h b/wolfssl/wolfcrypt/hash.h
index ad1062809..2dfc1cc30 100644
--- a/wolfssl/wolfcrypt/hash.h
+++ b/wolfssl/wolfcrypt/hash.h
@@ -31,6 +31,7 @@ WOLFSSL_API void wc_Md5RestorePos(Md5*, Md5*) ;
 #include <wolfssl/wolfcrypt/sha.h>
 WOLFSSL_API int wc_ShaGetHash(Sha*, byte*);
 WOLFSSL_API void wc_ShaRestorePos(Sha*, Sha*) ;
+WOLFSSL_API int wc_ShaHash(const byte*, word32, byte*);
 #endif
 #ifndef NO_SHA256
 #include <wolfssl/wolfcrypt/sha256.h>
diff --git a/wolfssl/wolfcrypt/sha.h b/wolfssl/wolfcrypt/sha.h
index 80a2c9832..76a08ba92 100644
--- a/wolfssl/wolfcrypt/sha.h
+++ b/wolfssl/wolfcrypt/sha.h
@@ -76,7 +76,6 @@ typedef struct Sha {
 WOLFSSL_API int wc_InitSha(Sha*);
 WOLFSSL_API int wc_ShaUpdate(Sha*, const byte*, word32);
 WOLFSSL_API int wc_ShaFinal(Sha*, byte*);
-WOLFSSL_API int wc_ShaHash(const byte*, word32, byte*);
 
 #ifdef __cplusplus
     } /* extern "C" */

From 9d2b7117960f21247f76b80431d8fed203f2c464 Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Tue, 28 Jul 2015 16:34:23 -0700
Subject: [PATCH 250/350] add wc_Sha256Hash() outside of sha256.[hc]

---
 wolfcrypt/src/hash.c       | 33 +++++++++++++++++++++++++++++++++
 wolfcrypt/src/sha256.c     | 31 -------------------------------
 wolfssl/wolfcrypt/hash.h   |  1 +
 wolfssl/wolfcrypt/sha256.h |  1 -
 4 files changed, 34 insertions(+), 32 deletions(-)

diff --git a/wolfcrypt/src/hash.c b/wolfcrypt/src/hash.c
index f9ed38f41..7ed3f45b2 100644
--- a/wolfcrypt/src/hash.c
+++ b/wolfcrypt/src/hash.c
@@ -103,7 +103,40 @@ int wc_Sha256GetHash(Sha256* sha256, byte* hash)
 WOLFSSL_API void wc_Sha256RestorePos(Sha256* s1, Sha256* s2) {
     *s1 = *s2 ;
 }
+
+int wc_Sha256Hash(const byte* data, word32 len, byte* hash)
+{
+    int ret = 0;
+#ifdef WOLFSSL_SMALL_STACK
+    Sha256* sha256;
+#else
+    Sha256 sha256[1];
 #endif
 
+#ifdef WOLFSSL_SMALL_STACK
+    sha256 = (Sha256*)XMALLOC(sizeof(Sha256), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    if (sha256 == NULL)
+        return MEMORY_E;
 #endif
 
+    if ((ret = wc_InitSha256(sha256)) != 0) {
+        WOLFSSL_MSG("InitSha256 failed");
+    }
+    else if ((ret = wc_Sha256Update(sha256, data, len)) != 0) {
+        WOLFSSL_MSG("Sha256Update failed");
+    }
+    else if ((ret = wc_Sha256Final(sha256, hash)) != 0) {
+        WOLFSSL_MSG("Sha256Final failed");
+    }
+
+#ifdef WOLFSSL_SMALL_STACK
+    XFREE(sha256, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+
+    return ret;
+}
+#endif /* !defined(NO_SHA256) */
+
+
+#endif /* !defined(WOLFSSL_TI_HASH) */
+
diff --git a/wolfcrypt/src/sha256.c b/wolfcrypt/src/sha256.c
index f9f02b003..6b81ff095 100644
--- a/wolfcrypt/src/sha256.c
+++ b/wolfcrypt/src/sha256.c
@@ -545,37 +545,6 @@ int wc_Sha256Final(Sha256* sha256, byte* hash)
 
 
 
-int wc_Sha256Hash(const byte* data, word32 len, byte* hash)
-{
-    int ret = 0;
-#ifdef WOLFSSL_SMALL_STACK
-    Sha256* sha256;
-#else
-    Sha256 sha256[1];
-#endif
-
-#ifdef WOLFSSL_SMALL_STACK
-    sha256 = (Sha256*)XMALLOC(sizeof(Sha256), NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    if (sha256 == NULL)
-        return MEMORY_E;
-#endif
-
-    if ((ret = wc_InitSha256(sha256)) != 0) {
-        WOLFSSL_MSG("InitSha256 failed");
-    }
-    else if ((ret = wc_Sha256Update(sha256, data, len)) != 0) {
-        WOLFSSL_MSG("Sha256Update failed");
-    }
-    else if ((ret = wc_Sha256Final(sha256, hash)) != 0) {
-        WOLFSSL_MSG("Sha256Final failed");
-    }
-
-#ifdef WOLFSSL_SMALL_STACK
-    XFREE(sha256, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-
-    return ret;
-}
 
 #if defined(HAVE_INTEL_AVX1) || defined(HAVE_INTEL_AVX2)
 
diff --git a/wolfssl/wolfcrypt/hash.h b/wolfssl/wolfcrypt/hash.h
index 2dfc1cc30..2cc59d746 100644
--- a/wolfssl/wolfcrypt/hash.h
+++ b/wolfssl/wolfcrypt/hash.h
@@ -37,6 +37,7 @@ WOLFSSL_API int wc_ShaHash(const byte*, word32, byte*);
 #include <wolfssl/wolfcrypt/sha256.h>
 WOLFSSL_API int wc_Sha256GetHash(Sha256*, byte*);
 WOLFSSL_API void wc_Sha256RestorePos(Sha256*, Sha256*) ;
+WOLFSSL_API int wc_Sha256Hash(const byte*, word32, byte*);
 #endif
 
 #endif
diff --git a/wolfssl/wolfcrypt/sha256.h b/wolfssl/wolfcrypt/sha256.h
index 7cf6d8677..b7d0df1b6 100644
--- a/wolfssl/wolfcrypt/sha256.h
+++ b/wolfssl/wolfcrypt/sha256.h
@@ -74,7 +74,6 @@ typedef struct Sha256 {
 WOLFSSL_API int wc_InitSha256(Sha256*);
 WOLFSSL_API int wc_Sha256Update(Sha256*, const byte*, word32);
 WOLFSSL_API int wc_Sha256Final(Sha256*, byte*);
-WOLFSSL_API int wc_Sha256Hash(const byte*, word32, byte*);
 
 #ifdef __cplusplus
     } /* extern "C" */

From e97a60c647370f68d11c6ad803ef38b745ce7167 Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Tue, 28 Jul 2015 16:41:32 -0700
Subject: [PATCH 251/350] move wc_Sha512/384 Hash() outside of sha512.[hc]

---
 wolfcrypt/src/hash.c       | 69 ++++++++++++++++++++++++++++++++++++++
 wolfcrypt/src/sha512.c     | 62 ----------------------------------
 wolfssl/wolfcrypt/hash.h   | 13 ++++++-
 wolfssl/wolfcrypt/sha512.h |  2 --
 4 files changed, 81 insertions(+), 65 deletions(-)

diff --git a/wolfcrypt/src/hash.c b/wolfcrypt/src/hash.c
index 7ed3f45b2..1f47cd66d 100644
--- a/wolfcrypt/src/hash.c
+++ b/wolfcrypt/src/hash.c
@@ -138,5 +138,74 @@ int wc_Sha256Hash(const byte* data, word32 len, byte* hash)
 #endif /* !defined(NO_SHA256) */
 
 
+#if defined(WOLFSSL_SHA512)
+int wc_Sha512Hash(const byte* data, word32 len, byte* hash)
+{
+    int ret = 0;
+#ifdef WOLFSSL_SMALL_STACK
+    Sha512* sha512;
+#else
+    Sha512 sha512[1];
+#endif
+
+#ifdef WOLFSSL_SMALL_STACK
+    sha512 = (Sha512*)XMALLOC(sizeof(Sha512), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    if (sha512 == NULL)
+        return MEMORY_E;
+#endif
+
+    if ((ret = wc_InitSha512(sha512)) != 0) {
+        WOLFSSL_MSG("InitSha512 failed");
+    }
+    else if ((ret = wc_Sha512Update(sha512, data, len)) != 0) {
+        WOLFSSL_MSG("Sha512Update failed");
+    }
+    else if ((ret = wc_Sha512Final(sha512, hash)) != 0) {
+        WOLFSSL_MSG("Sha512Final failed");
+    }
+
+#ifdef WOLFSSL_SMALL_STACK
+    XFREE(sha512, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+
+    return ret;
+}
+
+#if defined(WOLFSSL_SHA384)
+int wc_Sha384Hash(const byte* data, word32 len, byte* hash)
+{
+    int ret = 0;
+#ifdef WOLFSSL_SMALL_STACK
+    Sha384* sha384;
+#else
+    Sha384 sha384[1];
+#endif
+
+#ifdef WOLFSSL_SMALL_STACK
+    sha384 = (Sha384*)XMALLOC(sizeof(Sha384), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    if (sha384 == NULL)
+        return MEMORY_E;
+#endif
+
+    if ((ret = wc_InitSha384(sha384)) != 0) {
+        WOLFSSL_MSG("InitSha384 failed");
+    }
+    else if ((ret = wc_Sha384Update(sha384, data, len)) != 0) {
+        WOLFSSL_MSG("Sha384Update failed");
+    }
+    else if ((ret = wc_Sha384Final(sha384, hash)) != 0) {
+        WOLFSSL_MSG("Sha384Final failed");
+    }
+
+#ifdef WOLFSSL_SMALL_STACK
+    XFREE(sha384, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+
+    return ret;
+}
+
+#endif /* defined(WOLFSSL_SHA384) */
+#endif /* defined(WOLFSSL_SHA512) */
+
 #endif /* !defined(WOLFSSL_TI_HASH) */
 
diff --git a/wolfcrypt/src/sha512.c b/wolfcrypt/src/sha512.c
index 8e52da909..d9c4fa0d1 100755
--- a/wolfcrypt/src/sha512.c
+++ b/wolfcrypt/src/sha512.c
@@ -609,37 +609,6 @@ int wc_Sha512Final(Sha512* sha512, byte* hash)
 }
 
 
-int wc_Sha512Hash(const byte* data, word32 len, byte* hash)
-{
-    int ret = 0;
-#ifdef WOLFSSL_SMALL_STACK
-    Sha512* sha512;
-#else
-    Sha512 sha512[1];
-#endif
-
-#ifdef WOLFSSL_SMALL_STACK
-    sha512 = (Sha512*)XMALLOC(sizeof(Sha512), NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    if (sha512 == NULL)
-        return MEMORY_E;
-#endif
-    
-    if ((ret = wc_InitSha512(sha512)) != 0) {
-        WOLFSSL_MSG("InitSha512 failed");
-    }
-    else if ((ret = wc_Sha512Update(sha512, data, len)) != 0) {
-        WOLFSSL_MSG("Sha512Update failed");
-    }
-    else if ((ret = wc_Sha512Final(sha512, hash)) != 0) {
-        WOLFSSL_MSG("Sha512Final failed");
-    }
-    
-#ifdef WOLFSSL_SMALL_STACK
-    XFREE(sha512, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-    
-    return ret;
-}
 
 #if defined(HAVE_INTEL_AVX1)
 
@@ -1563,37 +1532,6 @@ int wc_Sha384Final(Sha384* sha384, byte* hash)
 }
 
 
-int wc_Sha384Hash(const byte* data, word32 len, byte* hash)
-{
-    int ret = 0;
-#ifdef WOLFSSL_SMALL_STACK
-    Sha384* sha384;
-#else
-    Sha384 sha384[1];
-#endif
-
-#ifdef WOLFSSL_SMALL_STACK
-    sha384 = (Sha384*)XMALLOC(sizeof(Sha384), NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    if (sha384 == NULL)
-        return MEMORY_E;
-#endif
-
-    if ((ret = wc_InitSha384(sha384)) != 0) {
-        WOLFSSL_MSG("InitSha384 failed");
-    }
-    else if ((ret = wc_Sha384Update(sha384, data, len)) != 0) {
-        WOLFSSL_MSG("Sha384Update failed");
-    }
-    else if ((ret = wc_Sha384Final(sha384, hash)) != 0) {
-        WOLFSSL_MSG("Sha384Final failed");
-    }
-
-#ifdef WOLFSSL_SMALL_STACK
-    XFREE(sha384, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-
-    return ret;
-}
 
 #if defined(HAVE_INTEL_AVX1)
  
diff --git a/wolfssl/wolfcrypt/hash.h b/wolfssl/wolfcrypt/hash.h
index 2cc59d746..ef620e32f 100644
--- a/wolfssl/wolfcrypt/hash.h
+++ b/wolfssl/wolfcrypt/hash.h
@@ -27,12 +27,14 @@
 WOLFSSL_API void wc_Md5GetHash(Md5*, byte*);
 WOLFSSL_API void wc_Md5RestorePos(Md5*, Md5*) ;
 #endif
+
 #ifndef NO_SHA
 #include <wolfssl/wolfcrypt/sha.h>
 WOLFSSL_API int wc_ShaGetHash(Sha*, byte*);
 WOLFSSL_API void wc_ShaRestorePos(Sha*, Sha*) ;
 WOLFSSL_API int wc_ShaHash(const byte*, word32, byte*);
 #endif
+
 #ifndef NO_SHA256
 #include <wolfssl/wolfcrypt/sha256.h>
 WOLFSSL_API int wc_Sha256GetHash(Sha256*, byte*);
@@ -40,4 +42,13 @@ WOLFSSL_API void wc_Sha256RestorePos(Sha256*, Sha256*) ;
 WOLFSSL_API int wc_Sha256Hash(const byte*, word32, byte*);
 #endif
 
-#endif
+#ifdef WOLFSSL_SHA512
+#include <wolfssl/wolfcrypt/sha512.h>
+WOLFSSL_API int wc_Sha512Hash(const byte*, word32, byte*);
+    #if defined(WOLFSSL_SHA384)
+        WOLFSSL_API int wc_Sha384Hash(const byte*, word32, byte*);
+    #endif /* defined(WOLFSSL_SHA384) */
+#endif /* WOLFSSL_SHA512 */
+
+
+#endif /* WOLF_CRYPT_HASH_H */
diff --git a/wolfssl/wolfcrypt/sha512.h b/wolfssl/wolfcrypt/sha512.h
index 83f07c738..455d83854 100644
--- a/wolfssl/wolfcrypt/sha512.h
+++ b/wolfssl/wolfcrypt/sha512.h
@@ -64,7 +64,6 @@ typedef struct Sha512 {
 WOLFSSL_API int wc_InitSha512(Sha512*);
 WOLFSSL_API int wc_Sha512Update(Sha512*, const byte*, word32);
 WOLFSSL_API int wc_Sha512Final(Sha512*, byte*);
-WOLFSSL_API int wc_Sha512Hash(const byte*, word32, byte*);
 
 #if defined(WOLFSSL_SHA384)
 
@@ -91,7 +90,6 @@ typedef struct Sha384 {
 WOLFSSL_API int wc_InitSha384(Sha384*);
 WOLFSSL_API int wc_Sha384Update(Sha384*, const byte*, word32);
 WOLFSSL_API int wc_Sha384Final(Sha384*, byte*);
-WOLFSSL_API int wc_Sha384Hash(const byte*, word32, byte*);
 
 #endif /* WOLFSSL_SHA384 */
 

From b8fac462cd56598ca1c7e5ebf62c5c12fa9a50c9 Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Tue, 28 Jul 2015 16:55:58 -0700
Subject: [PATCH 252/350] No oneshot Hash() in FIPS c files anymore

---
 wolfcrypt/src/sha.c    | 5 -----
 wolfcrypt/src/sha256.c | 5 -----
 wolfcrypt/src/sha512.c | 9 ---------
 3 files changed, 19 deletions(-)

diff --git a/wolfcrypt/src/sha.c b/wolfcrypt/src/sha.c
index b7f119d50..984d7343d 100644
--- a/wolfcrypt/src/sha.c
+++ b/wolfcrypt/src/sha.c
@@ -57,11 +57,6 @@
 	    return ShaFinal_fips(sha,out);
     }
 
-    int wc_ShaHash(const byte* data, word32 sz, byte* out)
-    {
-        return ShaHash(data, sz, out);
-    }
-
 #else /* else build without fips */
 
 #if defined(WOLFSSL_TI_HASH)
diff --git a/wolfcrypt/src/sha256.c b/wolfcrypt/src/sha256.c
index 6b81ff095..3dc1f4a8e 100644
--- a/wolfcrypt/src/sha256.c
+++ b/wolfcrypt/src/sha256.c
@@ -49,11 +49,6 @@ int wc_Sha256Final(Sha256* sha, byte* out)
 }
 
 
-int wc_Sha256Hash(const byte* data, word32 len, byte* out)
-{
-    return Sha256Hash(data, len, out);
-}
-
 #else /* else build without fips */
 
 #if !defined(NO_SHA256) && defined(WOLFSSL_TI_HASH)
diff --git a/wolfcrypt/src/sha512.c b/wolfcrypt/src/sha512.c
index d9c4fa0d1..e5fa61dc1 100755
--- a/wolfcrypt/src/sha512.c
+++ b/wolfcrypt/src/sha512.c
@@ -47,11 +47,6 @@ int wc_Sha512Final(Sha512* sha, byte* out)
 }
 
 
-int wc_Sha512Hash(const byte* data, word32 len, byte* out)
-{
-    return Sha512Hash(data, len, out);
-}
-
 #if defined(WOLFSSL_SHA384) || defined(HAVE_AESGCM)
 
 int wc_InitSha384(Sha384* sha)
@@ -72,10 +67,6 @@ int wc_Sha384Final(Sha384* sha, byte* out)
 }
 
 
-int wc_Sha384Hash(const byte* data, word32 len, byte* out)
-{
-    return Sha384Hash(data, len, out);
-}
 #endif /* WOLFSSL_SHA384 */
 #else /* else build without using fips */
 #include <wolfssl/wolfcrypt/logging.h>

From 12ffa1b77810d896501c6a345adbc1256f4bc6ba Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Wed, 29 Jul 2015 10:43:54 -0700
Subject: [PATCH 253/350] fix small stack with hash changes

---
 wolfcrypt/src/hash.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/wolfcrypt/src/hash.c b/wolfcrypt/src/hash.c
index 1f47cd66d..d397e91fa 100644
--- a/wolfcrypt/src/hash.c
+++ b/wolfcrypt/src/hash.c
@@ -25,6 +25,7 @@
 
 #include <wolfssl/wolfcrypt/settings.h>
 #include <wolfssl/wolfcrypt/logging.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
 
 #if !defined(WOLFSSL_TI_HASH)
 

From 6d172fce32245bc45fa0ac7c2009187f4b987c51 Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Wed, 29 Jul 2015 14:40:57 -0700
Subject: [PATCH 254/350] hash.h should pull in types before checking defines

---
 wolfssl/wolfcrypt/hash.h | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/wolfssl/wolfcrypt/hash.h b/wolfssl/wolfcrypt/hash.h
index ef620e32f..2b35d5a6a 100644
--- a/wolfssl/wolfcrypt/hash.h
+++ b/wolfssl/wolfcrypt/hash.h
@@ -22,6 +22,8 @@
 #ifndef WOLF_CRYPT_HASH_H
 #define WOLF_CRYPT_HASH_H
 
+#include <wolfssl/wolfcrypt/types.h>
+
 #ifndef NO_MD5
 #include <wolfssl/wolfcrypt/md5.h>
 WOLFSSL_API void wc_Md5GetHash(Md5*, byte*);

From 011fdc110386cbaaa10a9f8872108f35d69019e6 Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Thu, 30 Jul 2015 12:42:25 -0700
Subject: [PATCH 255/350] move AES oneshot calls out of aes.[hc]

---
 src/include.am                 |  1 +
 src/ssl.c                      |  1 +
 wolfcrypt/src/aes.c            | 66 --------------------------
 wolfcrypt/src/wc_encrypt.c     | 87 ++++++++++++++++++++++++++++++++++
 wolfssl/wolfcrypt/aes.h        |  6 ---
 wolfssl/wolfcrypt/include.am   |  1 +
 wolfssl/wolfcrypt/wc_encrypt.h | 47 ++++++++++++++++++
 7 files changed, 137 insertions(+), 72 deletions(-)
 create mode 100644 wolfcrypt/src/wc_encrypt.c
 create mode 100644 wolfssl/wolfcrypt/wc_encrypt.h

diff --git a/src/include.am b/src/include.am
index 80ed4de80..b4ba39ddd 100644
--- a/src/include.am
+++ b/src/include.am
@@ -74,6 +74,7 @@ endif
 
 src_libwolfssl_la_SOURCES += \
                wolfcrypt/src/logging.c \
+               wolfcrypt/src/wc_encrypt.c \
                wolfcrypt/src/wc_port.c \
                wolfcrypt/src/error.c
 
diff --git a/src/ssl.c b/src/ssl.c
index f5edfdd7c..45b28926c 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -57,6 +57,7 @@
     #include <wolfssl/wolfcrypt/md4.h>
     #include <wolfssl/wolfcrypt/md5.h>
     #include <wolfssl/wolfcrypt/arc4.h>
+    #include <wolfssl/wolfcrypt/wc_encrypt.h>
     #ifdef WOLFSSL_SHA512
         #include <wolfssl/wolfcrypt/sha512.h>
     #endif
diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c
index c9f8c74ad..9382edaf9 100644
--- a/wolfcrypt/src/aes.c
+++ b/wolfcrypt/src/aes.c
@@ -55,19 +55,6 @@ int wc_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
 }
 
 
-int wc_AesCbcEncryptWithKey(byte* out, const byte* in, word32 inSz,
-                            const byte* key, word32 keySz, const byte* iv)
-{
-    return AesCbcDecryptWithKey(out, in, inSz, key, keySz, iv);
-}
-
-int wc_AesCbcDecryptWithKey(byte* out, const byte* in, word32 inSz,
-                                 const byte* key, word32 keySz, const byte* iv)
-{
-    return AesCbcDecryptWithKey(out, in, inSz, key, keySz, iv);
-}
-
-
 /* AES-CTR */
 #ifdef WOLFSSL_AES_COUNTER
 void wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
@@ -1727,59 +1714,6 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
 }
 
 
-int wc_AesCbcDecryptWithKey(byte* out, const byte* in, word32 inSz,
-                                  const byte* key, word32 keySz, const byte* iv)
-{
-    int  ret = 0;
-#ifdef WOLFSSL_SMALL_STACK
-    Aes* aes = NULL;
-#else
-    Aes  aes[1];
-#endif
-
-#ifdef WOLFSSL_SMALL_STACK
-    aes = (Aes*)XMALLOC(sizeof(Aes), NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    if (aes == NULL)
-        return MEMORY_E;
-#endif
-
-    ret = wc_AesSetKey(aes, key, keySz, iv, AES_DECRYPTION);
-    if (ret == 0)
-        ret = wc_AesCbcDecrypt(aes, out, in, inSz); 
-
-#ifdef WOLFSSL_SMALL_STACK
-    XFREE(aes, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-
-    return ret;
-}
-
-int wc_AesCbcEncryptWithKey(byte* out, const byte* in, word32 inSz,
-                            const byte* key, word32 keySz, const byte* iv)
-{
-    int  ret = 0;
-#ifdef WOLFSSL_SMALL_STACK
-    Aes* aes = NULL;
-#else
-    Aes  aes[1];
-#endif
-
-#ifdef WOLFSSL_SMALL_STACK
-    aes = (Aes*)XMALLOC(sizeof(Aes), NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    if (aes == NULL)
-        return MEMORY_E;
-#endif
-
-    ret = wc_AesSetKey(aes, key, keySz, iv, AES_ENCRYPTION);
-    if (ret == 0)
-        ret = wc_AesCbcEncrypt(aes, out, in, inSz);
-
-#ifdef WOLFSSL_SMALL_STACK
-    XFREE(aes, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-
-    return ret;
-}
 
 
 /* AES-DIRECT */
diff --git a/wolfcrypt/src/wc_encrypt.c b/wolfcrypt/src/wc_encrypt.c
new file mode 100644
index 000000000..c46401c3b
--- /dev/null
+++ b/wolfcrypt/src/wc_encrypt.c
@@ -0,0 +1,87 @@
+/* wc_encrypt.c
+ *
+ * Copyright (C) 2006-2015 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL. (formerly known as CyaSSL)
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#include <wolfssl/wolfcrypt/settings.h>
+#include <wolfssl/wolfcrypt/aes.h>
+#include <wolfssl/wolfcrypt/wc_encrypt.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
+
+
+#ifndef NO_AES
+int wc_AesCbcDecryptWithKey(byte* out, const byte* in, word32 inSz,
+                                  const byte* key, word32 keySz, const byte* iv)
+{
+    int  ret = 0;
+#ifdef WOLFSSL_SMALL_STACK
+    Aes* aes = NULL;
+#else
+    Aes  aes[1];
+#endif
+
+#ifdef WOLFSSL_SMALL_STACK
+    aes = (Aes*)XMALLOC(sizeof(Aes), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    if (aes == NULL)
+        return MEMORY_E;
+#endif
+
+    ret = wc_AesSetKey(aes, key, keySz, iv, AES_DECRYPTION);
+    if (ret == 0)
+        ret = wc_AesCbcDecrypt(aes, out, in, inSz); 
+
+#ifdef WOLFSSL_SMALL_STACK
+    XFREE(aes, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+
+    return ret;
+}
+
+int wc_AesCbcEncryptWithKey(byte* out, const byte* in, word32 inSz,
+                            const byte* key, word32 keySz, const byte* iv)
+{
+    int  ret = 0;
+#ifdef WOLFSSL_SMALL_STACK
+    Aes* aes = NULL;
+#else
+    Aes  aes[1];
+#endif
+
+#ifdef WOLFSSL_SMALL_STACK
+    aes = (Aes*)XMALLOC(sizeof(Aes), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    if (aes == NULL)
+        return MEMORY_E;
+#endif
+
+    ret = wc_AesSetKey(aes, key, keySz, iv, AES_ENCRYPTION);
+    if (ret == 0)
+        ret = wc_AesCbcEncrypt(aes, out, in, inSz);
+
+#ifdef WOLFSSL_SMALL_STACK
+    XFREE(aes, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+
+    return ret;
+}
+#endif /* !NO_AES */
+
diff --git a/wolfssl/wolfcrypt/aes.h b/wolfssl/wolfcrypt/aes.h
index d99558cbb..29e18f088 100644
--- a/wolfssl/wolfcrypt/aes.h
+++ b/wolfssl/wolfcrypt/aes.h
@@ -133,12 +133,6 @@ WOLFSSL_API int  wc_AesCbcEncrypt(Aes* aes, byte* out,
                                   const byte* in, word32 sz);
 WOLFSSL_API int  wc_AesCbcDecrypt(Aes* aes, byte* out,
                                   const byte* in, word32 sz);
-WOLFSSL_API int  wc_AesCbcEncryptWithKey(byte* out, const byte* in, word32 inSz,
-                                          const byte* key, word32 keySz,
-                                          const byte* iv);
-WOLFSSL_API int  wc_AesCbcDecryptWithKey(byte* out, const byte* in, word32 inSz,
-                                         const byte* key, word32 keySz,
-                                         const byte* iv);
 
 /* AES-CTR */
 #ifdef WOLFSSL_AES_COUNTER
diff --git a/wolfssl/wolfcrypt/include.am b/wolfssl/wolfcrypt/include.am
index 1f3a726b8..67949fc28 100644
--- a/wolfssl/wolfcrypt/include.am
+++ b/wolfssl/wolfcrypt/include.am
@@ -29,6 +29,7 @@ nobase_include_HEADERS+= \
                          wolfssl/wolfcrypt/md5.h \
                          wolfssl/wolfcrypt/misc.h \
                          wolfssl/wolfcrypt/pkcs7.h \
+                         wolfssl/wolfcrypt/wc_encrypt.h \
                          wolfssl/wolfcrypt/wc_port.h \
                          wolfssl/wolfcrypt/pwdbased.h \
                          wolfssl/wolfcrypt/rabbit.h \
diff --git a/wolfssl/wolfcrypt/wc_encrypt.h b/wolfssl/wolfcrypt/wc_encrypt.h
new file mode 100644
index 000000000..5b9d86ece
--- /dev/null
+++ b/wolfssl/wolfcrypt/wc_encrypt.h
@@ -0,0 +1,47 @@
+/* wc_encrypt.h
+ *
+ * Copyright (C) 2006-2015 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL. (formerly known as CyaSSL)
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+
+#ifndef WOLF_CRYPT_ENCRYPT_H
+#define WOLF_CRYPT_ENCRYPT_H
+
+#include <wolfssl/wolfcrypt/types.h>
+
+#ifdef __cplusplus
+    extern "C" {
+#endif
+
+#ifndef NO_AES
+WOLFSSL_API int  wc_AesCbcEncryptWithKey(byte* out, const byte* in, word32 inSz,
+                                         const byte* key, word32 keySz,
+                                         const byte* iv);
+WOLFSSL_API int  wc_AesCbcDecryptWithKey(byte* out, const byte* in, word32 inSz,
+                                         const byte* key, word32 keySz,
+                                         const byte* iv);
+#endif /* NO_AES */
+
+
+#ifdef __cplusplus
+    }  /* extern "C" */
+#endif
+
+#endif /* WOLF_CRYPT_ENCRYPT_H */
+

From 78cc76b3cda29eb11efd284b51465602d0225fbc Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Thu, 30 Jul 2015 12:51:33 -0700
Subject: [PATCH 256/350] move DES oneshot APIs out of des.[hc]

---
 wolfcrypt/src/des3.c           | 123 ---------------------------------
 wolfcrypt/src/wc_encrypt.c     | 116 ++++++++++++++++++++++++++++++-
 wolfssl/wolfcrypt/des3.h       |  12 ----
 wolfssl/wolfcrypt/wc_encrypt.h |  17 ++++-
 4 files changed, 131 insertions(+), 137 deletions(-)

diff --git a/wolfcrypt/src/des3.c b/wolfcrypt/src/des3.c
index cab21a9b3..a26f109c2 100644
--- a/wolfcrypt/src/des3.c
+++ b/wolfcrypt/src/des3.c
@@ -91,25 +91,12 @@ void wc_Des_SetIV(Des* des, const byte* iv)
 }
 
 
-int wc_Des_CbcDecryptWithKey(byte* out, const byte* in, word32 sz,
-                             const byte* key, const byte* iv)
-{
-    return Des_CbcDecryptWithKey(out, in, sz, key, iv);
-}
-
-
 int wc_Des3_SetIV(Des3* des, const byte* iv)
 {
     return Des3_SetIV_fips(des, iv);
 }
 
 
-int wc_Des3_CbcDecryptWithKey(byte* out, const byte* in, word32 sz,
-                              const byte* key, const byte* iv)
-{
-    return Des3_CbcDecryptWithKey(out, in, sz, key, iv);
-}
-
 #ifdef HAVE_CAVIUM
 
 /* Initiliaze Des3 for use with Nitrox device */
@@ -1489,61 +1476,6 @@ void wc_Des_SetIV(Des* des, const byte* iv)
 }
 
 
-int wc_Des_CbcEncryptWithKey(byte* out, const byte* in, word32 sz,
-                             const byte* key, const byte* iv)
-{
-    int ret  = 0;
-#ifdef WOLFSSL_SMALL_STACK
-    Des* des = NULL;
-#else
-    Des  des[1];
-#endif
-
-#ifdef WOLFSSL_SMALL_STACK
-    des = (Des*)XMALLOC(sizeof(Des), NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    if (des == NULL)
-        return MEMORY_E;
-#endif
-
-    ret = wc_Des_SetKey(des, key, iv, DES_ENCRYPTION);
-    if (ret == 0)
-        ret = wc_Des_CbcEncrypt(des, out, in, sz);
-
-#ifdef WOLFSSL_SMALL_STACK
-    XFREE(des, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-
-    return ret;
-}
-
-int wc_Des_CbcDecryptWithKey(byte* out, const byte* in, word32 sz,
-                             const byte* key, const byte* iv)
-{
-    int ret  = 0;
-#ifdef WOLFSSL_SMALL_STACK
-    Des* des = NULL;
-#else
-    Des  des[1];
-#endif
-
-#ifdef WOLFSSL_SMALL_STACK
-    des = (Des*)XMALLOC(sizeof(Des), NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    if (des == NULL)
-        return MEMORY_E;
-#endif
-
-    ret = wc_Des_SetKey(des, key, iv, DES_DECRYPTION);
-    if (ret == 0)
-        ret = wc_Des_CbcDecrypt(des, out, in, sz);
-
-#ifdef WOLFSSL_SMALL_STACK
-    XFREE(des, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-
-    return ret;
-}
-
-
 int wc_Des3_SetIV(Des3* des, const byte* iv)
 {
     if (des && iv)
@@ -1555,61 +1487,6 @@ int wc_Des3_SetIV(Des3* des, const byte* iv)
 }
 
 
-int wc_Des3_CbcEncryptWithKey(byte* out, const byte* in, word32 sz,
-                              const byte* key, const byte* iv)
-{
-    int ret    = 0;
-#ifdef WOLFSSL_SMALL_STACK
-    Des3* des3 = NULL;
-#else
-    Des3  des3[1];
-#endif
-
-#ifdef WOLFSSL_SMALL_STACK
-    des3 = (Des3*)XMALLOC(sizeof(Des3), NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    if (des3 == NULL)
-        return MEMORY_E;
-#endif
-
-    ret = wc_Des3_SetKey(des3, key, iv, DES_ENCRYPTION);
-    if (ret == 0)
-        ret = wc_Des3_CbcEncrypt(des3, out, in, sz);
-
-#ifdef WOLFSSL_SMALL_STACK
-    XFREE(des3, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-
-    return ret;
-}
-
-int wc_Des3_CbcDecryptWithKey(byte* out, const byte* in, word32 sz,
-                              const byte* key, const byte* iv)
-{
-    int ret    = 0;
-#ifdef WOLFSSL_SMALL_STACK
-    Des3* des3 = NULL;
-#else
-    Des3  des3[1];
-#endif
-
-#ifdef WOLFSSL_SMALL_STACK
-    des3 = (Des3*)XMALLOC(sizeof(Des3), NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    if (des3 == NULL)
-        return MEMORY_E;
-#endif
-
-    ret = wc_Des3_SetKey(des3, key, iv, DES_DECRYPTION);
-    if (ret == 0)
-        ret = wc_Des3_CbcDecrypt(des3, out, in, sz);
-
-#ifdef WOLFSSL_SMALL_STACK
-    XFREE(des3, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-
-    return ret;
-}
-
-
 #ifdef HAVE_CAVIUM
 
 #include "cavium_common.h"
diff --git a/wolfcrypt/src/wc_encrypt.c b/wolfcrypt/src/wc_encrypt.c
index c46401c3b..db8390ddc 100644
--- a/wolfcrypt/src/wc_encrypt.c
+++ b/wolfcrypt/src/wc_encrypt.c
@@ -25,6 +25,7 @@
 
 #include <wolfssl/wolfcrypt/settings.h>
 #include <wolfssl/wolfcrypt/aes.h>
+#include <wolfssl/wolfcrypt/des3.h>
 #include <wolfssl/wolfcrypt/wc_encrypt.h>
 #include <wolfssl/wolfcrypt/error-crypt.h>
 
@@ -48,7 +49,7 @@ int wc_AesCbcDecryptWithKey(byte* out, const byte* in, word32 inSz,
 
     ret = wc_AesSetKey(aes, key, keySz, iv, AES_DECRYPTION);
     if (ret == 0)
-        ret = wc_AesCbcDecrypt(aes, out, in, inSz); 
+        ret = wc_AesCbcDecrypt(aes, out, in, inSz);
 
 #ifdef WOLFSSL_SMALL_STACK
     XFREE(aes, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -85,3 +86,116 @@ int wc_AesCbcEncryptWithKey(byte* out, const byte* in, word32 inSz,
 }
 #endif /* !NO_AES */
 
+
+#ifndef NO_DES3
+int wc_Des_CbcEncryptWithKey(byte* out, const byte* in, word32 sz,
+                             const byte* key, const byte* iv)
+{
+    int ret  = 0;
+#ifdef WOLFSSL_SMALL_STACK
+    Des* des = NULL;
+#else
+    Des  des[1];
+#endif
+
+#ifdef WOLFSSL_SMALL_STACK
+    des = (Des*)XMALLOC(sizeof(Des), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    if (des == NULL)
+        return MEMORY_E;
+#endif
+
+    ret = wc_Des_SetKey(des, key, iv, DES_ENCRYPTION);
+    if (ret == 0)
+        ret = wc_Des_CbcEncrypt(des, out, in, sz);
+
+#ifdef WOLFSSL_SMALL_STACK
+    XFREE(des, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+
+    return ret;
+}
+
+int wc_Des_CbcDecryptWithKey(byte* out, const byte* in, word32 sz,
+                             const byte* key, const byte* iv)
+{
+    int ret  = 0;
+#ifdef WOLFSSL_SMALL_STACK
+    Des* des = NULL;
+#else
+    Des  des[1];
+#endif
+
+#ifdef WOLFSSL_SMALL_STACK
+    des = (Des*)XMALLOC(sizeof(Des), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    if (des == NULL)
+        return MEMORY_E;
+#endif
+
+    ret = wc_Des_SetKey(des, key, iv, DES_DECRYPTION);
+    if (ret == 0)
+        ret = wc_Des_CbcDecrypt(des, out, in, sz);
+
+#ifdef WOLFSSL_SMALL_STACK
+    XFREE(des, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+
+    return ret;
+}
+
+
+int wc_Des3_CbcEncryptWithKey(byte* out, const byte* in, word32 sz,
+                              const byte* key, const byte* iv)
+{
+    int ret    = 0;
+#ifdef WOLFSSL_SMALL_STACK
+    Des3* des3 = NULL;
+#else
+    Des3  des3[1];
+#endif
+
+#ifdef WOLFSSL_SMALL_STACK
+    des3 = (Des3*)XMALLOC(sizeof(Des3), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    if (des3 == NULL)
+        return MEMORY_E;
+#endif
+
+    ret = wc_Des3_SetKey(des3, key, iv, DES_ENCRYPTION);
+    if (ret == 0)
+        ret = wc_Des3_CbcEncrypt(des3, out, in, sz);
+
+#ifdef WOLFSSL_SMALL_STACK
+    XFREE(des3, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+
+    return ret;
+}
+
+
+int wc_Des3_CbcDecryptWithKey(byte* out, const byte* in, word32 sz,
+                              const byte* key, const byte* iv)
+{
+    int ret    = 0;
+#ifdef WOLFSSL_SMALL_STACK
+    Des3* des3 = NULL;
+#else
+    Des3  des3[1];
+#endif
+
+#ifdef WOLFSSL_SMALL_STACK
+    des3 = (Des3*)XMALLOC(sizeof(Des3), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    if (des3 == NULL)
+        return MEMORY_E;
+#endif
+
+    ret = wc_Des3_SetKey(des3, key, iv, DES_DECRYPTION);
+    if (ret == 0)
+        ret = wc_Des3_CbcDecrypt(des3, out, in, sz);
+
+#ifdef WOLFSSL_SMALL_STACK
+    XFREE(des3, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+
+    return ret;
+}
+
+#endif /* !NO_DES3 */
diff --git a/wolfssl/wolfcrypt/des3.h b/wolfssl/wolfcrypt/des3.h
index c0d9394a2..a61e5e2e1 100644
--- a/wolfssl/wolfcrypt/des3.h
+++ b/wolfssl/wolfcrypt/des3.h
@@ -92,12 +92,6 @@ WOLFSSL_API int  wc_Des_CbcDecrypt(Des* des, byte* out,
                                    const byte* in, word32 sz);
 WOLFSSL_API int  wc_Des_EcbEncrypt(Des* des, byte* out,
                                    const byte* in, word32 sz);
-WOLFSSL_API int  wc_Des_CbcDecryptWithKey(byte* out,
-                                          const byte* in, word32 sz,
-                                          const byte* key, const byte* iv);
-WOLFSSL_API int  wc_Des_CbcEncryptWithKey(byte* out,
-                                          const byte* in, word32 sz,
-                                          const byte* key, const byte* iv);
 
 WOLFSSL_API int  wc_Des3_SetKey(Des3* des, const byte* key,
                                 const byte* iv,int dir);
@@ -106,12 +100,6 @@ WOLFSSL_API int  wc_Des3_CbcEncrypt(Des3* des, byte* out,
                                     const byte* in,word32 sz);
 WOLFSSL_API int  wc_Des3_CbcDecrypt(Des3* des, byte* out,
                                     const byte* in,word32 sz);
-WOLFSSL_API int  wc_Des3_CbcEncryptWithKey(byte* out,
-                                           const byte* in, word32 sz,
-                                           const byte* key, const byte* iv);
-WOLFSSL_API int  wc_Des3_CbcDecryptWithKey(byte* out,
-                                           const byte* in, word32 sz,
-                                           const byte* key, const byte* iv);
 
 #ifdef HAVE_CAVIUM
     WOLFSSL_API int  wc_Des3_InitCavium(Des3*, int);
diff --git a/wolfssl/wolfcrypt/wc_encrypt.h b/wolfssl/wolfcrypt/wc_encrypt.h
index 5b9d86ece..f5425a03a 100644
--- a/wolfssl/wolfcrypt/wc_encrypt.h
+++ b/wolfssl/wolfcrypt/wc_encrypt.h
@@ -36,9 +36,24 @@ WOLFSSL_API int  wc_AesCbcEncryptWithKey(byte* out, const byte* in, word32 inSz,
 WOLFSSL_API int  wc_AesCbcDecryptWithKey(byte* out, const byte* in, word32 inSz,
                                          const byte* key, word32 keySz,
                                          const byte* iv);
-#endif /* NO_AES */
+#endif /* !NO_AES */
 
 
+#ifndef NO_DES3
+WOLFSSL_API int  wc_Des_CbcDecryptWithKey(byte* out,
+                                          const byte* in, word32 sz,
+                                          const byte* key, const byte* iv);
+WOLFSSL_API int  wc_Des_CbcEncryptWithKey(byte* out,
+                                          const byte* in, word32 sz,
+                                          const byte* key, const byte* iv);
+WOLFSSL_API int  wc_Des3_CbcEncryptWithKey(byte* out,
+                                           const byte* in, word32 sz,
+                                           const byte* key, const byte* iv);
+WOLFSSL_API int  wc_Des3_CbcDecryptWithKey(byte* out,
+                                           const byte* in, word32 sz,
+                                           const byte* key, const byte* iv);
+#endif /* !NO_DES3 */
+
 #ifdef __cplusplus
     }  /* extern "C" */
 #endif

From 2cbb30745eb6d575646f3bab1b8e33322c93ec9d Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Thu, 30 Jul 2015 12:59:17 -0700
Subject: [PATCH 257/350] bump dev version

---
 configure.ac       | 2 +-
 support/wolfssl.pc | 2 +-
 wolfssl/version.h  | 4 ++--
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/configure.ac b/configure.ac
index 718675ae9..08acfd7aa 100644
--- a/configure.ac
+++ b/configure.ac
@@ -6,7 +6,7 @@
 #
 #
 
-AC_INIT([wolfssl],[3.6.2],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[http://www.wolfssl.com])
+AC_INIT([wolfssl],[3.6.3],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[http://www.wolfssl.com])
 
 AC_CONFIG_AUX_DIR([build-aux])
 
diff --git a/support/wolfssl.pc b/support/wolfssl.pc
index f95d19b7a..619d3a7c2 100644
--- a/support/wolfssl.pc
+++ b/support/wolfssl.pc
@@ -5,6 +5,6 @@ includedir=${prefix}/include
 
 Name: wolfssl
 Description: wolfssl C library.
-Version: 3.6.2
+Version: 3.6.3
 Libs: -L${libdir} -lwolfssl
 Cflags: -I${includedir}
diff --git a/wolfssl/version.h b/wolfssl/version.h
index f5a990a10..c14cdc514 100644
--- a/wolfssl/version.h
+++ b/wolfssl/version.h
@@ -26,8 +26,8 @@
 extern "C" {
 #endif
 
-#define LIBWOLFSSL_VERSION_STRING "3.6.2"
-#define LIBWOLFSSL_VERSION_HEX 0x03006002
+#define LIBWOLFSSL_VERSION_STRING "3.6.3"
+#define LIBWOLFSSL_VERSION_HEX 0x03006003
 
 #ifdef __cplusplus
 }

From e1513c30d262e5c772e3bf48da2b6b6b8cf4719d Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Thu, 30 Jul 2015 14:24:45 -0700
Subject: [PATCH 258/350] added a pre-push hook. move fips test to pre-push
 check

---
 autogen.sh      |  1 +
 commit-tests.sh |  8 --------
 pre-push.sh     | 19 +++++++++++++++++++
 3 files changed, 20 insertions(+), 8 deletions(-)
 create mode 100755 pre-push.sh

diff --git a/autogen.sh b/autogen.sh
index f0042765d..d817ee781 100755
--- a/autogen.sh
+++ b/autogen.sh
@@ -9,6 +9,7 @@ if test -d .git; then
     mkdir .git/hooks
   fi
   ln -s -f ../../pre-commit.sh .git/hooks/pre-commit
+  ln -s -f ../../pre-push.sh .git/hooks/pre-push
 fi
 
 # Set HAVE_FIPS_SOURCE to 1 in your .profile if you have access to the FIPS
diff --git a/commit-tests.sh b/commit-tests.sh
index eae91ab19..d7a95af48 100755
--- a/commit-tests.sh
+++ b/commit-tests.sh
@@ -31,12 +31,4 @@ make -j 8 test;
 RESULT=$?
 [ $RESULT -ne 0 ] && echo -e "\n\nFull config make test failed" && exit 1
 
-if [ -n "$HAVE_FIPS_SOURCE" ];
-then
-    echo -e "\n\nTesting with FIPS release code...\n\n"
-    ./fips-check.sh
-    RESULT=$?
-    [ $RESULT -ne 0 ] && echo -e "\n\nFIPS build test failed" && exit 1
-fi
-
 exit 0
diff --git a/pre-push.sh b/pre-push.sh
new file mode 100755
index 000000000..f5a065bd1
--- /dev/null
+++ b/pre-push.sh
@@ -0,0 +1,19 @@
+#!/bin/sh
+#
+#
+# Our "pre-push" hook.
+
+RESULT=0
+
+if [ -n "$HAVE_FIPS_SOURCE" ];
+then
+    echo -e "\n\nTesting with FIPS release code...\n\n"
+    ./fips-check.sh --no-keep
+    RESULT=$?
+    [ $RESULT -ne 0 ] && echo -e "\n\nFIPS build test failed" && exit 1
+fi
+
+[ $RESULT -ne 0 ] && echo "\nOops, your push failed\n" && exit 1
+
+echo "\nPush tests passed!\n"
+exit 0

From bcaa8cde06ef3db0e9a66a1493ad8627fdeba36a Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Thu, 30 Jul 2015 14:32:16 -0700
Subject: [PATCH 259/350] fix pre-push calling fips-check with unimplemented
 option

---
 fips-check.sh | 10 +++++-----
 pre-push.sh   |  4 ++--
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/fips-check.sh b/fips-check.sh
index d47cb1c32..a60050fe7 100755
--- a/fips-check.sh
+++ b/fips-check.sh
@@ -79,13 +79,13 @@ linux)
 esac
 
 git clone . $TEST_DIR
-[ $? -ne 0 ] && echo -e "\n\nCouldn't duplicate current working directory.\n\n" && exit 1
+[ $? -ne 0 ] && echo "\n\nCouldn't duplicate current working directory.\n\n" && exit 1
 
 pushd $TEST_DIR
 
 # make a clone of the last FIPS release tag
 git clone -b $CTAO_VERSION $CTAO_REPO old-tree
-[ $? -ne 0 ] && echo -e "\n\nCouldn't checkout the FIPS release.\n\n" && exit 1
+[ $? -ne 0 ] && echo "\n\nCouldn't checkout the FIPS release.\n\n" && exit 1
 
 for MOD in ${WC_MODS[@]}
 do
@@ -102,7 +102,7 @@ cp old-tree/$WC_INC_PATH/random.h $WC_INC_PATH
 
 # clone the FIPS repository
 git clone -b $FIPS_VERSION $FIPS_REPO fips
-[ $? -ne 0 ] && echo -e "\n\nCouldn't checkout the FIPS repository.\n\n" && exit 1
+[ $? -ne 0 ] && echo "\n\nCouldn't checkout the FIPS repository.\n\n" && exit 1
 
 for SRC in ${FIPS_SRCS[@]}
 do
@@ -113,7 +113,7 @@ done
 ./autogen.sh
 ./configure --enable-fips
 make
-[ $? -ne 0 ] && echo -e "\n\nMake failed. Debris left for analysis." && exit 1
+[ $? -ne 0 ] && echo "\n\nMake failed. Debris left for analysis." && exit 1
 
 NEWHASH=`./wolfcrypt/test/testwolfcrypt | sed -n 's/hash = \(.*\)/\1/p'`
 if [ -n "$NEWHASH" ]; then
@@ -122,7 +122,7 @@ if [ -n "$NEWHASH" ]; then
 fi
 
 make test
-[ $? -ne 0 ] && echo -e "\n\nTest failed. Debris left for analysis." && exit 1
+[ $? -ne 0 ] && echo "\n\nTest failed. Debris left for analysis." && exit 1
 
 # Clean up
 popd
diff --git a/pre-push.sh b/pre-push.sh
index f5a065bd1..5315eecb9 100755
--- a/pre-push.sh
+++ b/pre-push.sh
@@ -7,8 +7,8 @@ RESULT=0
 
 if [ -n "$HAVE_FIPS_SOURCE" ];
 then
-    echo -e "\n\nTesting with FIPS release code...\n\n"
-    ./fips-check.sh --no-keep
+    echo "\n\nTesting with FIPS release code...\n\n"
+    ./fips-check.sh
     RESULT=$?
     [ $RESULT -ne 0 ] && echo -e "\n\nFIPS build test failed" && exit 1
 fi

From 27371263b78bd75878a89b7d5186b0553b229d03 Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Thu, 30 Jul 2015 14:47:52 -0700
Subject: [PATCH 260/350] move variable declaration to beginning of block

---
 wolfcrypt/src/asn.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
index 53562e943..0faea7dcb 100644
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -4914,11 +4914,13 @@ int wc_RsaKeyToDer(RsaKey* key, byte* output, word32 inLen)
         sizes[i] = SetLength(rawLen, tmps[i] + 1) + 1 + lbit; /* tag & lbit */
 
         if (sizes[i] <= MAX_SEQ_SZ) {
+            int err;
+
             /* leading zero */
             if (lbit)
                 tmps[i][sizes[i]-1] = 0x00;
 
-            int err = mp_to_unsigned_bin(keyInt, tmps[i] + sizes[i]);
+            err = mp_to_unsigned_bin(keyInt, tmps[i] + sizes[i]);
             if (err == MP_OKAY) {
                 sizes[i] += (rawLen-lbit); /* lbit included in rawLen */
                 intTotalLen += sizes[i];

From 97853dc3c25a43aebae7a1414fbba42cf0b2e37e Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Thu, 30 Jul 2015 16:31:14 -0700
Subject: [PATCH 261/350] keep resume script from endless loop on bad startup

---
 scripts/resume.test | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/scripts/resume.test b/scripts/resume.test
index 17bfd8c9f..b0592af90 100755
--- a/scripts/resume.test
+++ b/scripts/resume.test
@@ -6,6 +6,7 @@
 resume_port=11112
 no_pid=-1
 server_pid=$no_pid
+counter=0
 
 
 remove_ready_file() {
@@ -41,9 +42,10 @@ remove_ready_file
 ./examples/server/server -r -R -p $resume_port &
 server_pid=$!
 
-while [ ! -s /tmp/wolfssl_server_ready ]; do
+while [ ! -s /tmp/wolfssl_server_ready -a "$counter" -lt 20 ]; do
     echo -e "waiting for server_ready file..."
     sleep 0.1
+    counter=$((counter+ 1))
 done
 
 ./examples/client/client -r -p $resume_port

From 95db44def33260e4799735473aa4110e532a1f05 Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Thu, 30 Jul 2015 16:33:14 -0700
Subject: [PATCH 262/350] remove autogen clone of fips repo; pre-push runs
 fips-check if fips directory exists

---
 autogen.sh  | 11 -----------
 pre-push.sh |  2 +-
 2 files changed, 1 insertion(+), 12 deletions(-)

diff --git a/autogen.sh b/autogen.sh
index d817ee781..89e475c0b 100755
--- a/autogen.sh
+++ b/autogen.sh
@@ -12,17 +12,6 @@ if test -d .git; then
   ln -s -f ../../pre-push.sh .git/hooks/pre-push
 fi
 
-# Set HAVE_FIPS_SOURCE to 1 in your .profile if you have access to the FIPS
-# repository. (Hint: If you don't work for us, you don't. This will fail.)
-if test -n "$HAVE_FIPS_SOURCE" -a ! -d ./fips; then
-  git clone git@github.com:wolfSSL/fips.git
-  SAVEDIR=`pwd`
-  cd ./ctaocrypt/src
-  ln -sf ../../fips/fips.c
-  ln -sf ../../fips/fips_test.c
-  cd $SAVEDIR
-fi
-
 # If this is a source checkout then call autoreconf with error as well
 if test -d .git; then
   WARNINGS="all,error"
diff --git a/pre-push.sh b/pre-push.sh
index 5315eecb9..f53b27c23 100755
--- a/pre-push.sh
+++ b/pre-push.sh
@@ -5,7 +5,7 @@
 
 RESULT=0
 
-if [ -n "$HAVE_FIPS_SOURCE" ];
+if [ -d ./fips ];
 then
     echo "\n\nTesting with FIPS release code...\n\n"
     ./fips-check.sh

From cc604d23befdfc6f097815e285dc85a09b47e0b0 Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Thu, 30 Jul 2015 16:45:31 -0700
Subject: [PATCH 263/350] fix psk no server hint sanity check

---
 src/internal.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/src/internal.c b/src/internal.c
index fa4208c44..e4b6d9536 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -4780,9 +4780,17 @@ static int SanityCheckMsgReceived(WOLFSSL* ssl, byte type)
                 }
             }
             if (ssl->msgsReceived.got_server_key_exchange == 0) {
+                int pskNoServerHint = 0;  /* not required in this case */
+
+                #ifndef NO_PSK
+                    if (ssl->specs.kea == psk_kea &&
+                                               ssl->arrays->server_hint[0] == 0)
+                        pskNoServerHint = 1;
+                #endif
                 if (ssl->specs.static_ecdh == 1 ||
                     ssl->specs.kea == rsa_kea ||
-                    ssl->specs.kea == ntru_kea) {
+                    ssl->specs.kea == ntru_kea ||
+                    pskNoServerHint) {
                     WOLFSSL_MSG("No KeyExchange required");
                 } else {
                     WOLFSSL_MSG("No ServerKeyExchange before ServerDone");

From 1470789ac6de254aa653830c9940ceca63b095bc Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Fri, 31 Jul 2015 11:13:05 -0700
Subject: [PATCH 264/350] fix build 483 with wc_encrypt

---
 src/ssl.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/ssl.c b/src/ssl.c
index 45b28926c..e543e68d3 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -36,6 +36,8 @@
 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || \
                               defined(WOLFSSL_KEY_GEN)
     #include <wolfssl/openssl/evp.h>
+    /* openssl headers end, wolfssl internal headers next */
+    #include <wolfssl/wolfcrypt/wc_encrypt.h>
 #endif
 
 #ifdef OPENSSL_EXTRA
@@ -57,7 +59,6 @@
     #include <wolfssl/wolfcrypt/md4.h>
     #include <wolfssl/wolfcrypt/md5.h>
     #include <wolfssl/wolfcrypt/arc4.h>
-    #include <wolfssl/wolfcrypt/wc_encrypt.h>
     #ifdef WOLFSSL_SHA512
         #include <wolfssl/wolfcrypt/sha512.h>
     #endif

From 75b9d809b3f477b756545996c8cc3e4fa5307912 Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Fri, 31 Jul 2015 11:24:34 -0700
Subject: [PATCH 265/350] fix build 267 case 932, certgen w/o sha

---
 wolfcrypt/test/test.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c
index 26ee84d4c..f85ee6373 100644
--- a/wolfcrypt/test/test.c
+++ b/wolfcrypt/test/test.c
@@ -3726,6 +3726,10 @@ int rsa_test(void)
 
         wc_InitCert(&myCert);
 
+#ifdef NO_SHA
+        myCert.sigType = CTC_SHA256wRSA;
+#endif
+
         strncpy(myCert.subject.country, "US", CTC_NAME_SIZE);
         strncpy(myCert.subject.state, "OR", CTC_NAME_SIZE);
         strncpy(myCert.subject.locality, "Portland", CTC_NAME_SIZE);

From 59e894d6a42335f517aafe83f5d009518efb242e Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Fri, 31 Jul 2015 11:35:16 -0700
Subject: [PATCH 266/350] fix build 267 case 1044, dhe + psk w/o aes

---
 wolfssl/internal.h | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/wolfssl/internal.h b/wolfssl/internal.h
index 66c0d18cd..bed49725b 100644
--- a/wolfssl/internal.h
+++ b/wolfssl/internal.h
@@ -366,13 +366,17 @@ typedef byte word24[3];
 
     #if !defined(NO_DH) && !defined(NO_PSK) && !defined(NO_TLS)
         #ifndef NO_SHA256
-            #define BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
+            #ifndef NO_AES
+                #define BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
+            #endif
             #ifdef HAVE_NULL_CIPHER
                 #define BUILD_TLS_DHE_PSK_WITH_NULL_SHA256
             #endif
         #endif
         #ifdef WOLFSSL_SHA384
-            #define BUILD_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
+            #ifndef NO_AES
+                #define BUILD_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
+            #endif
             #ifdef HAVE_NULL_CIPHER
                 #define BUILD_TLS_DHE_PSK_WITH_NULL_SHA384
             #endif

From c14398cb7a4ae03f2f766c97e3298ce53cfe91a0 Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Fri, 31 Jul 2015 11:40:14 -0700
Subject: [PATCH 267/350] fix build 267 case 1197, pwdbases -des3 warning

---
 wolfcrypt/src/asn.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
index 0faea7dcb..5629bfc75 100644
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -905,6 +905,9 @@ static int DecryptKey(const char* password, int passwordSz, byte* salt,
     byte key[MAX_KEY_SIZE];
 #endif
 
+    (void)input;
+    (void)length;
+
     switch (id) {
         case PBE_MD5_DES:
             typeH = MD5;

From 409b044ec71f329f5389da6870346cc4ceeb5a8d Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Fri, 31 Jul 2015 11:44:09 -0700
Subject: [PATCH 268/350] fix build 267, case 1299 ocsp + iopool (no stdlib)

---
 src/io.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/io.c b/src/io.c
index a55fa8450..fac843b40 100644
--- a/src/io.c
+++ b/src/io.c
@@ -527,6 +527,8 @@ int EmbedGenerateCookie(WOLFSSL* ssl, byte *buf, int sz, void *ctx)
 
 #ifdef HAVE_OCSP
 
+#include <stdlib.h>   /* atoi() */
+
 
 static int Word16ToString(char* d, word16 number)
 {

From 16b012002817bfd9e8bf44cec08a0eb46b58b2de Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Fri, 31 Jul 2015 11:57:35 -0700
Subject: [PATCH 269/350] fix build 267, base 1361 fp ecc w/ no memory

---
 wolfcrypt/src/ecc.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c
index a14a9e08d..ea5fb0a3d 100755
--- a/wolfcrypt/src/ecc.c
+++ b/wolfcrypt/src/ecc.c
@@ -4331,7 +4331,9 @@ static int accel_fp_mul2add(int idx1, int idx2,
    if ((err = mp_to_unsigned_bin(&tka, kb[0])) != MP_OKAY) {
       mp_clear(&tka);
       mp_clear(&tkb);
+#ifdef WOLFSSL_SMALL_STACK
       XFREE(kb[0], NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
       return err;
    }
 

From 3fb10301f6e8caba7e00baade0113953516157ea Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Fri, 31 Jul 2015 16:29:35 -0700
Subject: [PATCH 270/350] fix build 267, case 743 blak2b w/o md5

---
 src/tls.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/tls.c b/src/tls.c
index 39f36bb17..8c61557ce 100644
--- a/src/tls.c
+++ b/src/tls.c
@@ -310,7 +310,7 @@ static int PRF(byte* digest, word32 digLen, const byte* secret, word32 secLen,
 
         /* If a cipher suite wants an algorithm better than sha256, it
          * should use better. */
-        if (hash_type < sha256_mac)
+        if (hash_type < sha256_mac || hash_type == blake2b_mac)
             hash_type = sha256_mac;
         ret = p_hash(digest, digLen, secret, secLen, labelSeed,
                      labLen + seedLen, hash_type);
@@ -350,7 +350,7 @@ int BuildTlsFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
 
     if (IsAtLeastTLSv1_2(ssl)) {
 #ifndef NO_SHA256
-        if (ssl->specs.mac_algorithm <= sha256_mac) {
+        if (ssl->specs.mac_algorithm <= sha256_mac || ssl->specs.mac_algorithm == blake2b_mac) {
             int ret = wc_Sha256GetHash(&ssl->hsHashes->hashSha256,handshake_hash);
 
             if (ret != 0)

From 2ade35c65ae66f60d2d33ddd54fc7e53bf9ad87c Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Fri, 31 Jul 2015 16:43:59 -0700
Subject: [PATCH 271/350] expose have 128bit type to options flags

---
 configure.ac | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/configure.ac b/configure.ac
index 08acfd7aa..bc15219aa 100644
--- a/configure.ac
+++ b/configure.ac
@@ -2128,6 +2128,12 @@ then
     AM_CFLAGS="$AM_CFLAGS -wd10006"
 fi
 
+# Expose HAVE___UINT128_T to options flags"
+if test "$ac_cv_type___uint128_t" = "yes"
+then
+    AM_CFLAGS="$AM_CFLAGS -DHAVE___UINT128_T"
+fi
+
 
 LIB_SOCKET_NSL
 AX_HARDEN_CC_COMPILER_FLAGS

From 303fb2bb62440f2d644f90ffe54e236350711bec Mon Sep 17 00:00:00 2001
From: kaleb-himes <kaleb@wolfssl.com>
Date: Fri, 31 Jul 2015 21:51:04 -0600
Subject: [PATCH 272/350] Option for no PSK Id Hint and test cases

update comment file reference
---
 examples/server/server.c  |  19 ++++-
 tests/suites.c            |  11 +++
 tests/test-psk-no-id.conf | 169 ++++++++++++++++++++++++++++++++++++++
 3 files changed, 197 insertions(+), 2 deletions(-)
 create mode 100644 tests/test-psk-no-id.conf

diff --git a/examples/server/server.c b/examples/server/server.c
index 118a7e98e..cba04bc48 100644
--- a/examples/server/server.c
+++ b/examples/server/server.c
@@ -158,6 +158,9 @@ static void Usage(void)
 #ifdef HAVE_ANON
     printf("-a          Anonymous server\n");
 #endif
+#ifndef NO_PSK
+    printf("-I          Do not send PSK identity hint\n");
+#endif
 }
 
 THREAD_RETURN CYASSL_THREAD server_test(void* args)
@@ -199,6 +202,10 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
     int    argc = ((func_args*)args)->argc;
     char** argv = ((func_args*)args)->argv;
 
+#ifndef NO_PSK
+    int doNotSendPskIdentityHint = 1;
+#endif
+
 #ifdef HAVE_SNI
     char*  sniHostName = NULL;
 #endif
@@ -230,7 +237,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
     fdOpenSession(Task_self());
 #endif
 
-    while ((ch = mygetopt(argc, argv, "?dbstnNufrRawPp:v:l:A:c:k:Z:S:oO:D:"))
+    while ((ch = mygetopt(argc, argv, "?dbstnNufrRawPIp:v:l:A:c:k:Z:S:oO:D:"))
                          != -1) {
         switch (ch) {
             case '?' :
@@ -363,6 +370,11 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
                     useAnon = 1;
                 #endif
                 break;
+            case 'I':
+                #ifndef NO_PSK
+                    doNotSendPskIdentityHint = 0;
+                #endif
+                break;
 
             default:
                 Usage();
@@ -500,7 +512,10 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
     if (usePsk) {
 #ifndef NO_PSK
         SSL_CTX_set_psk_server_callback(ctx, my_psk_server_cb);
-        SSL_CTX_use_psk_identity_hint(ctx, "cyassl server");
+
+        if (doNotSendPskIdentityHint == 1)
+            SSL_CTX_use_psk_identity_hint(ctx, "cyassl server");
+
         if (cipherList == NULL) {
             const char *defaultCipherList;
             #if defined(HAVE_AESGCM) && !defined(NO_DH)
diff --git a/tests/suites.c b/tests/suites.c
index cb30cdf25..4095581e9 100644
--- a/tests/suites.c
+++ b/tests/suites.c
@@ -476,6 +476,17 @@ int SuiteTest(void)
     }
 #endif
 
+#ifndef NO_PSK
+    /* add psk extra suites */
+    strcpy(argv0[1], "tests/test-psk-no-id.conf");
+    printf("starting psk no identity extra cipher suite tests\n");
+    test_harness(&args);
+    if (args.return_code != 0) {
+        printf("error from script %d\n", args.return_code);
+        exit(EXIT_FAILURE);
+    }
+#endif
+
     printf(" End Cipher Suite Tests\n");
 
     wolfSSL_CTX_free(cipherSuiteCtx);
diff --git a/tests/test-psk-no-id.conf b/tests/test-psk-no-id.conf
new file mode 100644
index 000000000..8dff242db
--- /dev/null
+++ b/tests/test-psk-no-id.conf
@@ -0,0 +1,169 @@
+#################################
+# ^ Make sure to leave a blank line here. As suites.c parses this file
+# and determines if it's executing a test or not based on every other blank
+# line.
+#
+# Begin No PSK Identity Hint
+#################################
+# No Hint server TLSv1 PSK-AES128
+-s
+-I
+-v 1
+-l PSK-AES128-CBC-SHA
+
+# No Hint client TLSv1 PSK-AES128
+-s
+-v 1
+-l PSK-AES128-CBC-SHA
+
+# No Hint server TLSv1 PSK-AES256
+-s
+-I
+-v 1
+-l PSK-AES256-CBC-SHA
+
+# No Hint client TLSv1 PSK-AES256
+-s
+-v 1
+-l PSK-AES256-CBC-SHA
+
+# No Hint server TLSv1.1 PSK-AES128
+-s
+-I
+-v 2
+-l PSK-AES128-CBC-SHA
+
+# No Hint client TLSv1.1 PSK-AES128
+-s
+-v 2
+-l PSK-AES128-CBC-SHA
+
+# No Hint server TLSv1.1 PSK-AES256
+-s
+-I
+-v 2
+-l PSK-AES256-CBC-SHA
+
+# No Hint client TLSv1.1 PSK-AES256
+-s
+-v 2
+-l PSK-AES256-CBC-SHA
+
+# No Hint server TLSv1.2 PSK-AES128
+-s
+-I
+-v 3
+-l PSK-AES128-CBC-SHA
+
+# No Hint client TLSv1.2 PSK-AES128
+-s
+-v 3
+-l PSK-AES128-CBC-SHA
+
+# No Hint server TLSv1.2 PSK-AES256
+-s
+-I
+-v 3
+-l PSK-AES256-CBC-SHA
+
+# No Hint client TLSv1.2 PSK-AES256
+-s
+-v 3
+-l PSK-AES256-CBC-SHA
+
+# No Hint server TLSv1.0 PSK-AES128-SHA256
+-s
+-I
+-v 1
+-l PSK-AES128-CBC-SHA256
+
+# No Hint client TLSv1.0 PSK-AES128-SHA256
+-s
+-v 1
+-l PSK-AES128-CBC-SHA256
+
+# No Hint server TLSv1.1 PSK-AES128-SHA256
+-s
+-I
+-v 2
+-l PSK-AES128-CBC-SHA256
+
+# No Hint client TLSv1.1 PSK-AES128-SHA256
+-s
+-v 2
+-l PSK-AES128-CBC-SHA256
+
+# No Hint server TLSv1.2 PSK-AES128-SHA256
+-s
+-I
+-v 3
+-l PSK-AES128-CBC-SHA256
+
+# No Hint client TLSv1.2 PSK-AES128-SHA256
+-s
+-v 3
+-l PSK-AES128-CBC-SHA256
+
+# No Hint server TLSv1.0 PSK-AES256-SHA384
+-s
+-I
+-v 1
+-l PSK-AES256-CBC-SHA384
+
+# No Hint client TLSv1.0 PSK-AES256-SHA384
+-s
+-v 1
+-l PSK-AES256-CBC-SHA384
+
+# No Hint server TLSv1.1 PSK-AES256-SHA384
+-s
+-I
+-v 2
+-l PSK-AES256-CBC-SHA384
+
+# No Hint client TLSv1.1 PSK-AES256-SHA384
+-s
+-v 2
+-l PSK-AES256-CBC-SHA384
+
+# No Hint server TLSv1.2 PSK-AES256-SHA384
+-s
+-I
+-v 3
+-l PSK-AES256-CBC-SHA384
+
+# No Hint client TLSv1.2 PSK-AES256-SHA384
+-s
+-v 3
+-l PSK-AES256-CBC-SHA384
+
+# server TLSv1.2 PSK-AES128-GCM-SHA256
+-s
+-I
+-v 3
+-l PSK-AES128-GCM-SHA256
+
+# client TLSv1.2 PSK-AES128-GCM-SHA256
+-s
+-v 3
+-l PSK-AES128-GCM-SHA256
+
+# server TLSv1.2 PSK-AES256-GCM-SHA384
+-s
+-I
+-v 3
+-l PSK-AES256-GCM-SHA384
+
+# client TLSv1.2 PSK-AES256-GCM-SHA384
+-s
+-v 3
+-l PSK-AES256-GCM-SHA384
+
+#######################
+# ^ End no PSK Identity Hint
+#######################
+#################################
+# Handshake message structure is different for
+# Diffie Helman Ephemeral do not test those.
+#################################
+

From f8feb339fcfcdfd517b1c3c4892d1a299773d7b2 Mon Sep 17 00:00:00 2001
From: lchristina26 <leah@wolfssl.com>
Date: Mon, 3 Aug 2015 10:13:42 -0600
Subject: [PATCH 273/350] updates to FREERTOS settings

---
 wolfssl/wolfcrypt/settings.h | 5 ++++-
 wolfssl/wolfcrypt/types.h    | 5 ++++-
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h
index af8e690ff..34c5dc8eb 100644
--- a/wolfssl/wolfcrypt/settings.h
+++ b/wolfssl/wolfcrypt/settings.h
@@ -307,6 +307,10 @@
 
 
 #ifdef FREERTOS
+    #include "FreeRTOS.h"
+    /* FreeRTOS pvPortRealloc() only in AVR32_UC3 port */
+    #define XMALLOC(s, h, type)  pvPortMalloc((s))
+    #define XFREE(p, h, type)    vPortFree((p))
     #ifndef NO_WRITEV
         #define NO_WRITEV
     #endif
@@ -328,7 +332,6 @@
     #endif
 
     #ifndef SINGLE_THREADED
-        #include "FreeRTOS.h"
         #include "semphr.h"
     #endif
 #endif
diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h
index a5ff1d3f2..795d2c9c5 100644
--- a/wolfssl/wolfcrypt/types.h
+++ b/wolfssl/wolfcrypt/types.h
@@ -143,6 +143,9 @@
 	#ifdef HAVE_THREAD_LS
 	    #if defined(_MSC_VER)
 	        #define THREAD_LS_T __declspec(thread)
+	    /* Thread local storage only in FreeRTOS v8.2.1 and higher */
+	    #elif defined(FREERTOS)
+	        #define THREAD_LS_T
 	    #else
 	        #define THREAD_LS_T __thread
 	    #endif
@@ -176,7 +179,7 @@
 	    #define XREALLOC(p, n, h, t) realloc((p), (n))
 	#elif !defined(MICRIUM_MALLOC) && !defined(EBSNET) \
 	        && !defined(WOLFSSL_SAFERTOS) && !defined(FREESCALE_MQX) \
-	        && !defined(WOLFSSL_LEANPSK)
+	        && !defined(WOLFSSL_LEANPSK) && !defined(FREERTOS)
 	    /* default C runtime, can install different routines at runtime via cbs */
 	    #include <wolfssl/wolfcrypt/memory.h>
 	    #define XMALLOC(s, h, t)     ((void)h, (void)t, wolfSSL_Malloc((s)))

From 37ba6aeee739c3d7a1dd7cec684ab796af7ecbab Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Mon, 3 Aug 2015 09:32:51 -0700
Subject: [PATCH 274/350] fix psk no identify hint example logic

---
 examples/server/server.c | 6 +++---
 tests/include.am         | 2 ++
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/examples/server/server.c b/examples/server/server.c
index cba04bc48..c0687a195 100644
--- a/examples/server/server.c
+++ b/examples/server/server.c
@@ -203,7 +203,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
     char** argv = ((func_args*)args)->argv;
 
 #ifndef NO_PSK
-    int doNotSendPskIdentityHint = 1;
+    int sendPskIdentityHint = 1;
 #endif
 
 #ifdef HAVE_SNI
@@ -372,7 +372,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
                 break;
             case 'I':
                 #ifndef NO_PSK
-                    doNotSendPskIdentityHint = 0;
+                    sendPskIdentityHint = 0;
                 #endif
                 break;
 
@@ -513,7 +513,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
 #ifndef NO_PSK
         SSL_CTX_set_psk_server_callback(ctx, my_psk_server_cb);
 
-        if (doNotSendPskIdentityHint == 1)
+        if (sendPskIdentityHint == 1)
             SSL_CTX_use_psk_identity_hint(ctx, "cyassl server");
 
         if (cipherList == NULL) {
diff --git a/tests/include.am b/tests/include.am
index 006458523..f276f3af0 100644
--- a/tests/include.am
+++ b/tests/include.am
@@ -19,5 +19,7 @@ tests_unit_test_DEPENDENCIES = src/libwolfssl.la
 endif
 EXTRA_DIST += tests/unit.h
 EXTRA_DIST += tests/test.conf \
+              tests/test-qsh.conf \
+              tests/test-psk-no-id.conf \
               tests/test-dtls.conf
 DISTCLEANFILES+= tests/.libs/unit.test

From 273a0dd4d5a95e38112d014773e5470b84917797 Mon Sep 17 00:00:00 2001
From: kaleb-himes <kaleb@wolfssl.com>
Date: Mon, 3 Aug 2015 11:04:18 -0600
Subject: [PATCH 275/350] re-format test-psk-no-id.conf add README

---
 tests/CONF_FILES_README.md |  4 ++++
 tests/README               |  1 +
 tests/test-psk-no-id.conf  | 15 ---------------
 3 files changed, 5 insertions(+), 15 deletions(-)
 create mode 100644 tests/CONF_FILES_README.md
 create mode 100644 tests/README

diff --git a/tests/CONF_FILES_README.md b/tests/CONF_FILES_README.md
new file mode 100644
index 000000000..ab260c25d
--- /dev/null
+++ b/tests/CONF_FILES_README.md
@@ -0,0 +1,4 @@
+suites.c is a dynamicically written program where new test cases can be written
+and added to as needed. When creating a new configure file for a test be sure
+to use the exact formatting as the existing configure files. Reference test.conf
+for an example.
diff --git a/tests/README b/tests/README
new file mode 100644
index 000000000..669d024ff
--- /dev/null
+++ b/tests/README
@@ -0,0 +1 @@
+Before creating any new configure files (.conf) read the CONF_FILES_README.md
diff --git a/tests/test-psk-no-id.conf b/tests/test-psk-no-id.conf
index 8dff242db..9669dc5bc 100644
--- a/tests/test-psk-no-id.conf
+++ b/tests/test-psk-no-id.conf
@@ -1,10 +1,3 @@
-#################################
-# ^ Make sure to leave a blank line here. As suites.c parses this file
-# and determines if it's executing a test or not based on every other blank
-# line.
-#
-# Begin No PSK Identity Hint
-#################################
 # No Hint server TLSv1 PSK-AES128
 -s
 -I
@@ -159,11 +152,3 @@
 -v 3
 -l PSK-AES256-GCM-SHA384
 
-#######################
-# ^ End no PSK Identity Hint
-#######################
-#################################
-# Handshake message structure is different for
-# Diffie Helman Ephemeral do not test those.
-#################################
-

From 08959624f22d91eb90b38a3bfc1ca9d4bdd36be1 Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Mon, 3 Aug 2015 15:30:07 -0700
Subject: [PATCH 276/350] fix ed25519 with external hash functions

---
 wolfcrypt/src/ed25519.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/wolfcrypt/src/ed25519.c b/wolfcrypt/src/ed25519.c
index ba0dcbe53..b6f6434b4 100644
--- a/wolfcrypt/src/ed25519.c
+++ b/wolfcrypt/src/ed25519.c
@@ -32,6 +32,7 @@
 
 #include <wolfssl/wolfcrypt/ed25519.h>
 #include <wolfssl/wolfcrypt/error-crypt.h>
+#include <wolfssl/wolfcrypt/hash.h>
 #ifdef NO_INLINE
     #include <wolfssl/wolfcrypt/misc.h>
 #else

From daf01977a1677017df4286051279cffd0c5bca8a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= <moises@wolfssl.com>
Date: Mon, 6 Jul 2015 12:53:53 -0300
Subject: [PATCH 277/350] adds SRP client and server structures.

---
 wolfcrypt/src/srp.c     | 22 ++++++++++++
 wolfssl/wolfcrypt/srp.h | 78 +++++++++++++++++++++++++++++++++++++++++
 2 files changed, 100 insertions(+)
 create mode 100644 wolfcrypt/src/srp.c
 create mode 100644 wolfssl/wolfcrypt/srp.h

diff --git a/wolfcrypt/src/srp.c b/wolfcrypt/src/srp.c
new file mode 100644
index 000000000..a0a22cf47
--- /dev/null
+++ b/wolfcrypt/src/srp.c
@@ -0,0 +1,22 @@
+/* srp.c
+ *
+ * Copyright (C) 2006-2015 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL. (formerly known as CyaSSL)
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+ 
diff --git a/wolfssl/wolfcrypt/srp.h b/wolfssl/wolfcrypt/srp.h
new file mode 100644
index 000000000..23bdeb947
--- /dev/null
+++ b/wolfssl/wolfcrypt/srp.h
@@ -0,0 +1,78 @@
+/* srp.h
+ *
+ * Copyright (C) 2006-2015 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL. (formerly known as CyaSSL)
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+#ifndef WOLF_CRYPT_SRP_H
+#define WOLF_CRYPT_SRP_H
+
+#include <wolfssl/wolfcrypt/types.h>
+
+#ifdef HAVE_SRP
+
+/* Select the largest available hash for the buffer size. */
+#if defined(WOLFSSL_SHA512)
+    SRP_MAX_DIGEST_SIZE = SHA512_DIGEST_SIZE,
+#elif defined(WOLFSSL_SHA384)
+    SRP_MAX_DIGEST_SIZE = SHA384_DIGEST_SIZE,
+#elif !defined(NO_SHA256)
+    SRP_MAX_DIGEST_SIZE = SHA256_DIGEST_SIZE,
+#elif !defined(NO_SHA)
+    SRP_MAX_DIGEST_SIZE = SHA_DIGEST_SIZE,
+#else
+    #error "You have to have some kind of SHA hash if you want to use SRP."
+#endif
+
+typedef struct {
+    mp_int N;                      /**< Modulus. N = 2q+1, [q, N] are primes. */
+    mp_int g;                      /**< Generator. A generator modulo N.      */
+    mp_int a;                      /**< Private ephemeral value. Random.      */
+    mp_int A;                      /**< Public ephemeral value. pow(g, a, N)  */
+    mp_int B;                      /**< Server's public ephemeral value.      */
+    mp_int s;                      /**< Session key.                          */
+    byte   k[SRP_MAX_DIGEST_SIZE]; /**< Multiplier parameeter. H(N, g)        */
+    byte   x[SRP_MAX_DIGEST_SIZE]; /**< Priv key. H(salt, H(user, ":", pswd)) */
+    byte   u[SRP_MAX_DIGEST_SIZE]; /**< Random scrambling parameeter.         */
+    byte   type;                   /**< Hash type, SHA[1:256:384:512]         */
+    byte*  user;                   /**< Username, login.                      */
+    word32 userSz;                 /**< Username length.                      */
+    byte*  salt;                   /**< Small salt.                           */
+    word32 saltSz;                 /**< Salt length.                          */
+    byte*  pswd;                   /**< Password.                             */
+    word32 pswdSz;                 /**< Password length.                      */
+} SrpClient;
+
+typedef struct {
+    mp_int N;                      /**< Modulus. N = 2q+1, [q, N] are primes. */
+    mp_int g;                      /**< Generator. A generator modulo N.      */
+    mp_int b;                      /**< Private ephemeral value.              */
+    mp_int B;                      /**< Public ephemeral value.               */
+    mp_int A;                      /**< Client's public ephemeral value.      */
+    mp_int s;                      /**< Session key.                          */
+    byte   k[SRP_MAX_DIGEST_SIZE]; /**< Multiplier parameeter. H(N, g)        */
+    mp_int v;                      /**< Verifier. v = pow(g, x, N)            */
+    byte   u[SRP_MAX_DIGEST_SIZE]; /**< Random scrambling parameeter.         */
+    byte*  user;                   /**< Username, login.                      */
+    word32 userSz;                 /**< Username length.                      */
+    byte*  salt;                   /**< Small salt.                           */
+    word32 saltSz;                 /**< Salt length.                          */
+} SrpServer;
+
+#endif /* HAVE_SRP */
+#endif /* WOLF_CRYPT_SRP_H */

From 6d7b5bd2f8020d70f0169b24beb2948d385b59c5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= <moises@wolfssl.com>
Date: Mon, 6 Jul 2015 14:10:20 -0300
Subject: [PATCH 278/350] adds srp files to build process.

---
 configure.ac                 | 106 ++++++++++++++++++++---------------
 src/include.am               |   5 +-
 wolfcrypt/src/srp.c          |   6 +-
 wolfssl/wolfcrypt/include.am |   2 +-
 wolfssl/wolfcrypt/srp.h      |  56 ++++++++++++------
 5 files changed, 109 insertions(+), 66 deletions(-)

diff --git a/configure.ac b/configure.ac
index bc15219aa..cb3cbaed3 100644
--- a/configure.ac
+++ b/configure.ac
@@ -85,7 +85,7 @@ AC_CHECK_TYPES(__uint128_t)
 AC_C_BIGENDIAN
 # mktime check takes forever on some systems, if time supported it would be
 # highly unusual for mktime to be missing
-#AC_FUNC_MKTIME 
+#AC_FUNC_MKTIME
 
 AC_PROG_CC
 AC_PROG_CC_C_O
@@ -199,7 +199,7 @@ fi
 AM_CONDITIONAL([BUILD_IPV6], [test "x$ENABLED_IPV6" = "xyes"])
 
 
-# Fortress build 
+# Fortress build
 AC_ARG_ENABLE([fortress],
     [  --enable-fortress       Enable SSL fortress build (default: disabled)],
     [ ENABLED_FORTRESS=$enableval ],
@@ -217,7 +217,7 @@ then
 fi
 
 
-# ssl bump build 
+# ssl bump build
 AC_ARG_ENABLE([bump],
     [  --enable-bump           Enable SSL Bump build (default: disabled)],
     [ ENABLED_BUMP=$enableval ],
@@ -231,7 +231,7 @@ fi
 
 ENABLED_SLOWMATH="yes"
 
-# lean psk build 
+# lean psk build
 AC_ARG_ENABLE([leanpsk],
     [  --enable-leanpsk        Enable Lean PSK build (default: disabled)],
     [ ENABLED_LEANPSK=$enableval ],
@@ -287,7 +287,7 @@ then
 fi
 
 
-# Persistent session cache 
+# Persistent session cache
 AC_ARG_ENABLE([savesession],
     [  --enable-savesession    Enable persistent session cache (default: disabled)],
     [ ENABLED_SAVESESSION=$enableval ],
@@ -300,7 +300,7 @@ then
 fi
 
 
-# Persistent cert cache 
+# Persistent cert cache
 AC_ARG_ENABLE([savecert],
     [  --enable-savecert       Enable persistent cert cache (default: disabled)],
     [ ENABLED_SAVECERT=$enableval ],
@@ -313,7 +313,7 @@ then
 fi
 
 
-# Atomic User Record Layer  
+# Atomic User Record Layer
 AC_ARG_ENABLE([atomicuser],
     [  --enable-atomicuser     Enable Atomic User Record Layer (default: disabled)],
     [ ENABLED_ATOMICUSER=$enableval ],
@@ -326,7 +326,7 @@ then
 fi
 
 
-# Public Key Callbacks  
+# Public Key Callbacks
 AC_ARG_ENABLE([pkcallbacks],
     [  --enable-pkcallbacks    Enable Public Key Callbacks (default: disabled)],
     [ ENABLED_PKCALLBACKS=$enableval ],
@@ -491,7 +491,7 @@ fi
 AM_CONDITIONAL([BUILD_MD2], [test "x$ENABLED_MD2" = "xyes"])
 
 
-# NULL CIPHER 
+# NULL CIPHER
 AC_ARG_ENABLE([nullcipher],
     [  --enable-nullcipher     Enable wolfSSL NULL cipher support (default: disabled)],
     [ ENABLED_NULL_CIPHER=$enableval ],
@@ -650,7 +650,7 @@ then
 fi
 
 
-# HKDF 
+# HKDF
 AC_ARG_ENABLE([hkdf],
     [  --enable-hkdf           Enable HKDF (HMAC-KDF) support (default: disabled)],
     [ ENABLED_HKDF=$enableval ],
@@ -792,7 +792,7 @@ if test "$ENABLED_FPECC" = "yes"
 then
     if test "$ENABLED_ECC" = "no"
     then
-        AC_MSG_ERROR([cannot enable fpecc without enabling ecc.]) 
+        AC_MSG_ERROR([cannot enable fpecc without enabling ecc.])
     fi
     AM_CFLAGS="$AM_CFLAGS -DFP_ECC"
 fi
@@ -809,17 +809,17 @@ if test "$ENABLED_ECC_ENCRYPT" = "yes"
 then
     if test "$ENABLED_ECC" = "no"
     then
-        AC_MSG_ERROR([cannot enable eccencrypt without enabling ecc.]) 
+        AC_MSG_ERROR([cannot enable eccencrypt without enabling ecc.])
     fi
     if test "$ENABLED_HKDF" = "no"
     then
-        AC_MSG_ERROR([cannot enable eccencrypt without enabling hkdf.]) 
+        AC_MSG_ERROR([cannot enable eccencrypt without enabling hkdf.])
     fi
     AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC_ENCRYPT"
 fi
 
 
-# PSK 
+# PSK
 AC_ARG_ENABLE([psk],
     [  --enable-psk            Enable PSK (default: disabled)],
     [ ENABLED_PSK=$enableval ],
@@ -857,7 +857,7 @@ else
 fi
 
 
-# OLD TLS 
+# OLD TLS
 AC_ARG_ENABLE([oldtls],
     [  --enable-oldtls         Enable old TLS versions < 1.2 (default: enabled)],
     [ ENABLED_OLD_TLS=$enableval ],
@@ -877,7 +877,7 @@ else
 fi
 
 
-# STACK SIZE info for examples 
+# STACK SIZE info for examples
 AC_ARG_ENABLE([stacksize],
     [  --enable-stacksize      Enable stack size info on examples (default: disabled)],
     [ ENABLED_STACKSIZE=$enableval ],
@@ -892,7 +892,7 @@ then
 fi
 
 
-# MEMORY 
+# MEMORY
 AC_ARG_ENABLE([memory],
     [  --enable-memory         Enable memory callbacks (default: enabled)],
     [ ENABLED_MEMORY=$enableval ],
@@ -914,7 +914,7 @@ fi
 AM_CONDITIONAL([BUILD_MEMORY], [test "x$ENABLED_MEMORY" = "xyes"])
 
 
-# RSA 
+# RSA
 AC_ARG_ENABLE([rsa],
     [  --enable-rsa            Enable RSA (default: enabled)],
     [ ENABLED_RSA=$enableval ],
@@ -1119,7 +1119,7 @@ fi
 AM_CONDITIONAL([BUILD_DES3], [test "x$ENABLED_DES3" = "xyes"])
 
 
-# ARC4 
+# ARC4
 AC_ARG_ENABLE([arc4],
     [  --enable-arc4           Enable ARC4 (default: disabled)],
     [ ENABLED_ARC4=$enableval ],
@@ -1146,7 +1146,7 @@ fi
 AM_CONDITIONAL([BUILD_RC4], [test "x$ENABLED_ARC4" = "xyes"])
 
 
-# MD5 
+# MD5
 AC_ARG_ENABLE([md5],
     [  --enable-md5            Enable MD5 (default: enabled)],
     [ ENABLED_MD5=$enableval ],
@@ -1168,7 +1168,7 @@ fi
 AM_CONDITIONAL([BUILD_MD5], [test "x$ENABLED_MD5" = "xyes"])
 
 
-# SHA 
+# SHA
 AC_ARG_ENABLE([sha],
     [  --enable-sha            Enable SHA (default: enabled)],
     [ ENABLED_SHA=$enableval ],
@@ -1190,7 +1190,7 @@ fi
 AM_CONDITIONAL([BUILD_SHA], [test "x$ENABLED_SHA" = "xyes"])
 
 
-# Web Server Build 
+# Web Server Build
 AC_ARG_ENABLE([webserver],
     [  --enable-webserver      Enable Web Server (default: disabled)],
     [ ENABLED_WEBSERVER=$enableval ],
@@ -1204,7 +1204,7 @@ fi
 
 
 
-# HC128 
+# HC128
 AC_ARG_ENABLE([hc128],
     [  --enable-hc128          Enable HC-128 (default: disabled)],
     [ ENABLED_HC128=$enableval ],
@@ -1350,7 +1350,7 @@ else
 fi
 
 
-# Filesystem Build 
+# Filesystem Build
 AC_ARG_ENABLE([filesystem],
     [  --enable-filesystem     Enable Filesystem support (default: enabled)],
     [ ENABLED_FILESYSTEM=$enableval ],
@@ -1370,7 +1370,7 @@ else
 fi
 
 
-# inline Build 
+# inline Build
 AC_ARG_ENABLE([inline],
     [  --enable-inline         Enable inline functions (default: enabled)],
     [ ENABLED_INLINE=$enableval ],
@@ -1492,7 +1492,7 @@ AM_CONDITIONAL([BUILD_NTRU], [test "x$ENABLED_NTRU" = "xyes"])
 
 if test "$ENABLED_NTRU" = "yes" && test "$ENABLED_SMALL" = "yes"
 then
-    AC_MSG_ERROR([cannot enable ntru and small, ntru requires TLS which small turns off.]) 
+    AC_MSG_ERROR([cannot enable ntru and small, ntru requires TLS which small turns off.])
 fi
 
 # SNI
@@ -1648,6 +1648,22 @@ then
 fi
 
 
+# Secure Remote Password
+AC_ARG_ENABLE([srp],
+    [  --enable-srp            Enable Secure Remote Password (default: disabled)],
+    [ ENABLED_SRP=$enableval ],
+    [ ENABLED_SRP=no ]
+    )
+
+if test "x$ENABLED_SRP" = "xyes"
+then
+    AM_CFLAGS="$AM_CFLAGS -DWOLFCRYPT_HAVE_SRP"
+fi
+
+AM_CONDITIONAL([BUILD_SRP], [test "x$ENABLED_SRP" = "xyes"])
+
+
+
 # Small Stack
 AC_ARG_ENABLE([smallstack],
     [  --enable-smallstack     Enable Small Stack Usage (default: disabled)],
@@ -1684,7 +1700,7 @@ fi
 AM_CONDITIONAL([USE_VALGRIND], [test "x$ENABLED_VALGRIND" = "xyes"])
 
 
-# Test certs, use internal cert functions for extra testing 
+# Test certs, use internal cert functions for extra testing
 AC_ARG_ENABLE([testcert],
     [  --enable-testcert       Enable Test Cert (default: disabled)],
     [ ENABLED_TESTCERT=$enableval ],
@@ -1715,7 +1731,7 @@ then
 fi
 
 
-# Certificate Service Support 
+# Certificate Service Support
 AC_ARG_ENABLE([certservice],
     [  --enable-certservice    Enable cert service (default: disabled)],
     [ ENABLED_CERT_SERVICE=$enableval ],
@@ -1957,7 +1973,7 @@ AC_ARG_WITH([libz],
 AM_CONDITIONAL([BUILD_LIBZ], [test "x$ENABLED_LIBZ" = "xyes"])
 
 
-# cavium 
+# cavium
 trycaviumdir=""
 AC_ARG_WITH([cavium],
     [  --with-cavium=PATH      PATH to cavium/software dir ],
@@ -2183,7 +2199,7 @@ touch ctaocrypt/src/fips.c
 touch ctaocrypt/src/fips_test.c
 echo
 
-# generate user options header 
+# generate user options header
 echo "---"
 echo "Generating user options header..."
 
@@ -2193,7 +2209,7 @@ OPTION_FILE="wolfssl/options.h"
 #fi
 rm -f $OPTION_FILE
 
-echo "/* wolfssl options.h" > $OPTION_FILE 
+echo "/* wolfssl options.h" > $OPTION_FILE
 echo " * generated from configure options" >> $OPTION_FILE
 echo " *" >> $OPTION_FILE
 echo " * Copyright (C) 2006-2015 wolfSSL Inc." >> $OPTION_FILE
@@ -2202,13 +2218,13 @@ echo " * This file is part of wolfSSL. (formerly known as CyaSSL)" >> $OPTION_FI
 echo " *" >> $OPTION_FILE
 echo " */" >> $OPTION_FILE
 
-echo "" >> $OPTION_FILE 
-echo "#pragma once" >> $OPTION_FILE 
-echo "" >> $OPTION_FILE 
-echo "#ifdef __cplusplus" >> $OPTION_FILE 
-echo "extern \"C\" {" >> $OPTION_FILE 
-echo "#endif" >> $OPTION_FILE 
-echo "" >> $OPTION_FILE 
+echo "" >> $OPTION_FILE
+echo "#pragma once" >> $OPTION_FILE
+echo "" >> $OPTION_FILE
+echo "#ifdef __cplusplus" >> $OPTION_FILE
+echo "extern \"C\" {" >> $OPTION_FILE
+echo "#endif" >> $OPTION_FILE
+echo "" >> $OPTION_FILE
 
 for option in $OPTION_FLAGS; do
     defonly=`echo $option | sed 's/-D//'`
@@ -2244,11 +2260,11 @@ for option in $OPTION_FLAGS; do
     fi
 done
 
-echo "" >> $OPTION_FILE 
-echo "#ifdef __cplusplus" >> $OPTION_FILE 
-echo "}" >> $OPTION_FILE 
-echo "#endif" >> $OPTION_FILE 
-echo "" >> $OPTION_FILE 
+echo "" >> $OPTION_FILE
+echo "#ifdef __cplusplus" >> $OPTION_FILE
+echo "}" >> $OPTION_FILE
+echo "#endif" >> $OPTION_FILE
+echo "" >> $OPTION_FILE
 echo
 
 #backwards compatability for those who have included options or version
@@ -2279,7 +2295,7 @@ echo "   * Debug enabled:             $ax_enable_debug"
 echo "   * Warnings as failure:       $ac_cv_warnings_as_errors"
 echo "   * make -j:                   $enable_jobserver"
 echo "   * VCS checkout:              $ac_cv_vcs_checkout"
-echo 
+echo
 echo "   Features "
 echo "   * Single threaded:           $ENABLED_SINGLETHREADED"
 echo "   * Filesystem:                $ENABLED_FILESYSTEM"
@@ -2351,10 +2367,10 @@ echo "   * Session Ticket:            $ENABLED_SESSION_TICKET"
 echo "   * All TLS Extensions:        $ENABLED_TLSX"
 echo "   * PKCS#7                     $ENABLED_PKCS7"
 echo "   * wolfSCEP                   $ENABLED_WOLFSCEP"
+echo "   * Secure Remote Password     $ENABLED_SRP"
 echo "   * Small Stack:               $ENABLED_SMALL_STACK"
 echo "   * valgrind unit tests:       $ENABLED_VALGRIND"
 echo "   * LIBZ:                      $ENABLED_LIBZ"
 echo "   * Examples:                  $ENABLED_EXAMPLES"
 echo ""
 echo "---"
-
diff --git a/src/include.am b/src/include.am
index b4ba39ddd..6c2629bc0 100644
--- a/src/include.am
+++ b/src/include.am
@@ -201,6 +201,10 @@ if BUILD_PKCS7
 src_libwolfssl_la_SOURCES += wolfcrypt/src/pkcs7.c
 endif
 
+if BUILD_SRP
+src_libwolfssl_la_SOURCES += wolfcrypt/src/srp.c
+endif
+
 # ssl files
 src_libwolfssl_la_SOURCES += \
                src/internal.c \
@@ -220,4 +224,3 @@ endif
 if BUILD_SNIFFER
 src_libwolfssl_la_SOURCES += src/sniffer.c
 endif
-
diff --git a/wolfcrypt/src/srp.c b/wolfcrypt/src/srp.c
index a0a22cf47..66a4f00cd 100644
--- a/wolfcrypt/src/srp.c
+++ b/wolfcrypt/src/srp.c
@@ -19,4 +19,8 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
  */
 
- 
+#ifdef WOLFCRYPT_HAVE_SRP
+
+#include <wolfssl/wolfcrypt/srp.h>
+
+#endif /* WOLFCRYPT_HAVE_SRP */
diff --git a/wolfssl/wolfcrypt/include.am b/wolfssl/wolfcrypt/include.am
index 67949fc28..8387ed7df 100644
--- a/wolfssl/wolfcrypt/include.am
+++ b/wolfssl/wolfcrypt/include.am
@@ -46,6 +46,7 @@ nobase_include_HEADERS+= \
                          wolfssl/wolfcrypt/blake2-int.h \
                          wolfssl/wolfcrypt/blake2-impl.h \
                          wolfssl/wolfcrypt/tfm.h \
+                         wolfssl/wolfcrypt/srp.h \
                          wolfssl/wolfcrypt/types.h \
                          wolfssl/wolfcrypt/visibility.h \
                          wolfssl/wolfcrypt/logging.h \
@@ -57,4 +58,3 @@ noinst_HEADERS+= \
                          wolfssl/wolfcrypt/port/pic32/pic32mz-crypt.h \
                          wolfssl/wolfcrypt/port/ti/ti-hash.h \
                          wolfssl/wolfcrypt/port/ti/ti-ccm.h
-
diff --git a/wolfssl/wolfcrypt/srp.h b/wolfssl/wolfcrypt/srp.h
index 23bdeb947..f6a3edc10 100644
--- a/wolfssl/wolfcrypt/srp.h
+++ b/wolfssl/wolfcrypt/srp.h
@@ -19,12 +19,30 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
  */
 
-#ifndef WOLF_CRYPT_SRP_H
-#define WOLF_CRYPT_SRP_H
+#ifndef WOLFCRYPT_SRP_H
+#define WOLFCRYPT_SRP_H
 
 #include <wolfssl/wolfcrypt/types.h>
+#include <wolfssl/wolfcrypt/sha.h>
+#include <wolfssl/wolfcrypt/sha256.h>
+#include <wolfssl/wolfcrypt/sha512.h>
+#include <wolfssl/wolfcrypt/integer.h>
 
-#ifdef HAVE_SRP
+#ifdef WOLFCRYPT_HAVE_SRP
+
+enum {
+#ifdef NO_SHA
+    SRP_SHA     = 1,
+#endif
+#ifdef NO_SHA256
+    SRP_SHA256  = 2,
+#endif
+#ifndef WOLFSSL_SHA384
+    SRP_SHA384  = 3,
+#endif
+#ifndef WOLFSSL_SHA512
+    SRP_SHA512  = 4,
+#endif
 
 /* Select the largest available hash for the buffer size. */
 #if defined(WOLFSSL_SHA512)
@@ -38,41 +56,43 @@
 #else
     #error "You have to have some kind of SHA hash if you want to use SRP."
 #endif
+};
 
 typedef struct {
-    mp_int N;                      /**< Modulus. N = 2q+1, [q, N] are primes. */
-    mp_int g;                      /**< Generator. A generator modulo N.      */
     mp_int a;                      /**< Private ephemeral value. Random.      */
     mp_int A;                      /**< Public ephemeral value. pow(g, a, N)  */
     mp_int B;                      /**< Server's public ephemeral value.      */
-    mp_int s;                      /**< Session key.                          */
-    byte   k[SRP_MAX_DIGEST_SIZE]; /**< Multiplier parameeter. H(N, g)        */
     byte   x[SRP_MAX_DIGEST_SIZE]; /**< Priv key. H(salt, H(user, ":", pswd)) */
-    byte   u[SRP_MAX_DIGEST_SIZE]; /**< Random scrambling parameeter.         */
-    byte   type;                   /**< Hash type, SHA[1:256:384:512]         */
-    byte*  user;                   /**< Username, login.                      */
-    word32 userSz;                 /**< Username length.                      */
-    byte*  salt;                   /**< Small salt.                           */
-    word32 saltSz;                 /**< Salt length.                          */
     byte*  pswd;                   /**< Password.                             */
     word32 pswdSz;                 /**< Password length.                      */
 } SrpClient;
 
 typedef struct {
-    mp_int N;                      /**< Modulus. N = 2q+1, [q, N] are primes. */
-    mp_int g;                      /**< Generator. A generator modulo N.      */
     mp_int b;                      /**< Private ephemeral value.              */
     mp_int B;                      /**< Public ephemeral value.               */
     mp_int A;                      /**< Client's public ephemeral value.      */
+    mp_int v;                      /**< Verifier. v = pow(g, x, N)            */
+} SrpServer;
+
+typedef struct {
+    mp_int N;                      /**< Modulus. N = 2q+1, [q, N] are primes. */
+    mp_int g;                      /**< Generator. A generator modulo N.      */
     mp_int s;                      /**< Session key.                          */
     byte   k[SRP_MAX_DIGEST_SIZE]; /**< Multiplier parameeter. H(N, g)        */
-    mp_int v;                      /**< Verifier. v = pow(g, x, N)            */
     byte   u[SRP_MAX_DIGEST_SIZE]; /**< Random scrambling parameeter.         */
+    byte   type;                   /**< Hash type, SHA[1:256:384:512]         */
+    byte   side;                   /**< Client or Server side.                */
     byte*  user;                   /**< Username, login.                      */
     word32 userSz;                 /**< Username length.                      */
     byte*  salt;                   /**< Small salt.                           */
     word32 saltSz;                 /**< Salt length.                          */
-} SrpServer;
+    union {
+        SrpClient client;
+        SrpServer server;
+    } specific;
+} Srp;
 
-#endif /* HAVE_SRP */
+int SrpInit(Srp* srp, byte* N, word32 nSz, byte* g, word32 gSz);
+
+#endif /* WOLFCRYPT_HAVE_SRP */
 #endif /* WOLF_CRYPT_SRP_H */

From dfa956d22772e183c8b0890512162baad9d94e22 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= <moises@wolfssl.com>
Date: Tue, 7 Jul 2015 12:01:47 -0300
Subject: [PATCH 279/350] adds wc_SrpInit() with unit tests.

---
 tests/include.am        |   1 +
 tests/srp.c             |  91 +++++++++++++++++++++++++++++
 tests/unit.c            |   5 +-
 tests/unit.h            |   6 +-
 wolfcrypt/src/hmac.c    |  41 +++++++-------
 wolfcrypt/src/srp.c     | 123 ++++++++++++++++++++++++++++++++++++++++
 wolfssl/wolfcrypt/srp.h |  49 ++++++++++++----
 7 files changed, 279 insertions(+), 37 deletions(-)
 create mode 100644 tests/srp.c

diff --git a/tests/include.am b/tests/include.am
index f276f3af0..802ec5ad1 100644
--- a/tests/include.am
+++ b/tests/include.am
@@ -11,6 +11,7 @@ tests_unit_test_SOURCES = \
                   tests/api.c \
                   tests/suites.c \
                   tests/hash.c \
+                  tests/srp.c \
                   examples/client/client.c \
                   examples/server/server.c
 tests_unit_test_CFLAGS       = -DNO_MAIN_DRIVER $(AM_CFLAGS)
diff --git a/tests/srp.c b/tests/srp.c
new file mode 100644
index 000000000..4b8879b43
--- /dev/null
+++ b/tests/srp.c
@@ -0,0 +1,91 @@
+/* srp.c SRP unit tests
+ *
+ * Copyright (C) 2006-2015 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL. (formerly known as CyaSSL)
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#include <wolfssl/wolfcrypt/settings.h>
+
+#include <tests/unit.h>
+#include <wolfssl/wolfcrypt/srp.h>
+
+#ifdef WOLFCRYPT_HAVE_SRP
+
+static void test_SrpInit(void)
+{
+    byte N[] = {
+        0x00, 0xc0, 0x37, 0xc3, 0x75, 0x88, 0xb4, 0x32, 0x98, 0x87, 0xe6, 0x1c,
+        0x2d, 0xa3, 0x32, 0x4b, 0x1b, 0xa4, 0xb8, 0x1a, 0x63, 0xf9, 0x74, 0x8f,
+        0xed, 0x2d, 0x8a, 0x41, 0x0c, 0x2f, 0xc2, 0x1b, 0x12, 0x32, 0xf0, 0xd3,
+        0xbf, 0xa0, 0x24, 0x27, 0x6c, 0xfd, 0x88, 0x44, 0x81, 0x97, 0xaa, 0xe4,
+        0x86, 0xa6, 0x3b, 0xfc, 0xa7, 0xb8, 0xbf, 0x77, 0x54, 0xdf, 0xb3, 0x27,
+        0xc7, 0x20, 0x1f, 0x6f, 0xd1, 0x7f, 0xd7, 0xfd, 0x74, 0x15, 0x8b, 0xd3,
+        0x1c, 0xe7, 0x72, 0xc9, 0xf5, 0xf8, 0xab, 0x58, 0x45, 0x48, 0xa9, 0x9a,
+        0x75, 0x9b, 0x5a, 0x2c, 0x05, 0x32, 0x16, 0x2b, 0x7b, 0x62, 0x18, 0xe8,
+        0xf1, 0x42, 0xbc, 0xe2, 0xc3, 0x0d, 0x77, 0x84, 0x68, 0x9a, 0x48, 0x3e,
+        0x09, 0x5e, 0x70, 0x16, 0x18, 0x43, 0x79, 0x13, 0xa8, 0xc3, 0x9c, 0x3d,
+        0xd0, 0xd4, 0xca, 0x3c, 0x50, 0x0b, 0x88, 0x5f, 0xe3
+    };
+
+    byte g[] = {
+        0x02
+    };
+
+    Srp srp;
+
+    AssertIntEQ(BAD_FUNC_ARG,
+                wc_SrpInit(NULL, SRP_TYPE_SHA, SRP_CLIENT_SIDE, N, sizeof(N),
+                                                                g, sizeof(g)));
+
+    AssertIntEQ(BAD_FUNC_ARG,
+                wc_SrpInit(&srp, 255, SRP_CLIENT_SIDE, N, sizeof(N),
+                                                                g, sizeof(g)));
+
+    AssertIntEQ(BAD_FUNC_ARG,
+                wc_SrpInit(&srp, SRP_TYPE_SHA, 255, N, sizeof(N),
+                                                                g, sizeof(g)));
+
+    AssertIntEQ(BAD_FUNC_ARG,
+                wc_SrpInit(&srp, SRP_TYPE_SHA, 255, N, sizeof(N),
+                                                                g, sizeof(g)));
+
+    AssertIntEQ(BAD_FUNC_ARG,
+                wc_SrpInit(&srp, SRP_TYPE_SHA, SRP_CLIENT_SIDE, NULL, sizeof(N),
+                                                                g, sizeof(g)));
+
+    AssertIntEQ(BAD_FUNC_ARG,
+                wc_SrpInit(&srp, SRP_TYPE_SHA, SRP_CLIENT_SIDE, N, sizeof(N),
+                                                             NULL, sizeof(g)));
+
+    AssertIntEQ(0,
+                wc_SrpInit(&srp, SRP_TYPE_SHA, SRP_CLIENT_SIDE, N, sizeof(N),
+                                                                g, sizeof(g)));
+}
+
+#endif
+
+void SrpTest(void)
+{
+#ifdef WOLFCRYPT_HAVE_SRP
+    test_SrpInit();
+#endif
+}
diff --git a/tests/unit.c b/tests/unit.c
index 73ae2bcd7..3a7f2452c 100644
--- a/tests/unit.c
+++ b/tests/unit.c
@@ -77,6 +77,8 @@ int unit_test(int argc, char** argv)
     }
 #endif
 
+    SrpTest();
+
 #ifdef HAVE_CAVIUM
         CspShutdown(CAVIUM_DEV_ID);
 #endif
@@ -92,7 +94,7 @@ void wait_tcp_ready(func_args* args)
     (void)args;
 #elif defined(_POSIX_THREADS) && !defined(__MINGW32__)
     pthread_mutex_lock(&args->signal->mutex);
-    
+
     if (!args->signal->ready)
         pthread_cond_wait(&args->signal->cond, &args->signal->mutex);
     args->signal->ready = 0; /* reset */
@@ -176,4 +178,3 @@ void FreeTcpReady(tcp_ready* ready)
     (void)ready;
 #endif
 }
-
diff --git a/tests/unit.h b/tests/unit.h
index bccd6d2ce..997186291 100644
--- a/tests/unit.h
+++ b/tests/unit.h
@@ -76,9 +76,9 @@
 
 
 void ApiTest(void);
-int SuiteTest(void);
-int HashTest(void);
+int  SuiteTest(void);
+int  HashTest(void);
+void SrpTest(void);
 
 
 #endif /* CyaSSL_UNIT_H */
-
diff --git a/wolfcrypt/src/hmac.c b/wolfcrypt/src/hmac.c
index 242adfa55..50716f5d9 100644
--- a/wolfcrypt/src/hmac.c
+++ b/wolfcrypt/src/hmac.c
@@ -134,31 +134,31 @@ static int InitHmac(Hmac* hmac, int type)
             ret = wc_InitSha(&hmac->hash.sha);
         break;
         #endif
-        
+
         #ifndef NO_SHA256
         case SHA256:
             ret = wc_InitSha256(&hmac->hash.sha256);
         break;
         #endif
-        
+
         #ifdef WOLFSSL_SHA384
         case SHA384:
             ret = wc_InitSha384(&hmac->hash.sha384);
         break;
         #endif
-        
+
         #ifdef WOLFSSL_SHA512
         case SHA512:
             ret = wc_InitSha512(&hmac->hash.sha512);
         break;
         #endif
-        
-        #ifdef HAVE_BLAKE2 
+
+        #ifdef HAVE_BLAKE2
         case BLAKE2B_ID:
             ret = wc_InitBlake2b(&hmac->hash.blake2b, BLAKE2B_256);
         break;
         #endif
-        
+
         default:
             return BAD_FUNC_ARG;
     }
@@ -287,7 +287,7 @@ int wc_HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length)
         break;
         #endif
 
-        #ifdef HAVE_BLAKE2 
+        #ifdef HAVE_BLAKE2
         case BLAKE2B_ID:
         {
             hmac_block_size = BLAKE2B_BLOCKBYTES;
@@ -367,7 +367,7 @@ static int HmacKeyInnerHash(Hmac* hmac)
         break;
         #endif
 
-        #ifdef HAVE_BLAKE2 
+        #ifdef HAVE_BLAKE2
         case BLAKE2B_ID:
             ret = wc_Blake2bUpdate(&hmac->hash.blake2b,
                                          (byte*) hmac->ipad,BLAKE2B_BLOCKBYTES);
@@ -438,7 +438,7 @@ int wc_HmacUpdate(Hmac* hmac, const byte* msg, word32 length)
         break;
         #endif
 
-        #ifdef HAVE_BLAKE2 
+        #ifdef HAVE_BLAKE2
         case BLAKE2B_ID:
             ret = wc_Blake2bUpdate(&hmac->hash.blake2b, msg, length);
             if (ret != 0)
@@ -570,7 +570,7 @@ int wc_HmacFinal(Hmac* hmac, byte* hash)
         break;
         #endif
 
-        #ifdef HAVE_BLAKE2 
+        #ifdef HAVE_BLAKE2
         case BLAKE2B_ID:
         {
             ret = wc_Blake2bFinal(&hmac->hash.blake2b, (byte*) hmac->innerHash,
@@ -622,7 +622,7 @@ int wc_HmacInitCavium(Hmac* hmac, int devId)
     hmac->devId   = devId;
     hmac->magic   = WOLFSSL_HMAC_CAVIUM_MAGIC;
     hmac->data    = NULL;        /* buffered input data */
-   
+
     hmac->innerHashKeyed = 0;
 
     return 0;
@@ -650,7 +650,7 @@ static void HmacCaviumFinal(Hmac* hmac, byte* hash)
                 (byte*)hmac->ipad, hmac->dataLen, hmac->data, hash, &requestId,
                 hmac->devId) != 0) {
         WOLFSSL_MSG("Cavium Hmac failed");
-    } 
+    }
     hmac->innerHashKeyed = 0;  /* tell update to start over if used again */
 }
 
@@ -685,7 +685,7 @@ static void HmacCaviumUpdate(Hmac* hmac, const byte* msg, word32 length)
     if (hmac->dataLen)
         XMEMCPY(tmp, hmac->data,  hmac->dataLen);
     XMEMCPY(tmp + hmac->dataLen, msg, add);
-        
+
     hmac->dataLen += add;
     XFREE(hmac->data, NULL, DYNAMIC_TYPE_CAVIUM_TMP);
     hmac->data = tmp;
@@ -751,31 +751,31 @@ static INLINE int GetHashSizeByType(int type)
             return SHA_DIGEST_SIZE;
         break;
         #endif
-        
+
         #ifndef NO_SHA256
         case SHA256:
             return SHA256_DIGEST_SIZE;
         break;
         #endif
-        
+
         #ifdef WOLFSSL_SHA384
         case SHA384:
             return SHA384_DIGEST_SIZE;
         break;
         #endif
-        
+
         #ifdef WOLFSSL_SHA512
         case SHA512:
             return SHA512_DIGEST_SIZE;
         break;
         #endif
-        
-        #ifdef HAVE_BLAKE2 
+
+        #ifdef HAVE_BLAKE2
         case BLAKE2B_ID:
             return BLAKE2B_OUTBYTES;
         break;
         #endif
-        
+
         default:
             return BAD_FUNC_ARG;
         break;
@@ -824,7 +824,7 @@ int wc_HKDF(int type, const byte* inKey, word32 inKeySz,
         localSalt = tmp;
         saltSz    = hashSz;
     }
-    
+
     do {
     ret = wc_HmacSetKey(&myHmac, type, localSalt, saltSz);
     if (ret != 0)
@@ -876,4 +876,3 @@ int wc_HKDF(int type, const byte* inKey, word32 inKeySz,
 
 #endif /* HAVE_FIPS */
 #endif /* NO_HMAC */
-
diff --git a/wolfcrypt/src/srp.c b/wolfcrypt/src/srp.c
index 66a4f00cd..19862ae66 100644
--- a/wolfcrypt/src/srp.c
+++ b/wolfcrypt/src/srp.c
@@ -19,8 +19,131 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
  */
 
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#include <wolfssl/wolfcrypt/settings.h>
+
 #ifdef WOLFCRYPT_HAVE_SRP
 
 #include <wolfssl/wolfcrypt/srp.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
+
+static int SrpHashInit(Srp* srp)
+{
+    switch (srp->type) {
+    #ifndef NO_SHA
+        case SRP_TYPE_SHA:
+            return wc_InitSha(&srp->hash.sha);
+    #endif
+
+    #ifndef NO_SHA256
+        case SRP_TYPE_SHA256:
+            return wc_InitSha256(&srp->hash.sha256);
+    #endif
+
+    #ifdef WOLFSSL_SHA384
+        case SRP_TYPE_SHA384:
+            return wc_InitSha384(&srp->hash.sha384);
+    #endif
+
+    #ifdef WOLFSSL_SHA512
+        case SRP_TYPE_SHA512:
+            return wc_InitSha512(&srp->hash.sha512);
+    #endif
+
+        default: return BAD_FUNC_ARG;
+    }
+}
+
+static int SrpHashUpdate(Srp* srp, byte* data, word32 size)
+{
+    switch (srp->type) {
+    #ifndef NO_SHA
+        case SRP_TYPE_SHA:
+            return wc_ShaUpdate(&srp->hash.sha, data, size);
+    #endif
+
+    #ifndef NO_SHA256
+        case SRP_TYPE_SHA256:
+            return wc_Sha256Update(&srp->hash.sha256, data, size);
+    #endif
+
+    #ifdef WOLFSSL_SHA384
+        case SRP_TYPE_SHA384:
+            return wc_Sha384Update(&srp->hash.sha384, data, size);
+    #endif
+
+    #ifdef WOLFSSL_SHA512
+        case SRP_TYPE_SHA512:
+            return wc_Sha512Update(&srp->hash.sha512, data, size);
+    #endif
+
+        default: return BAD_FUNC_ARG;
+    }
+}
+
+static int SrpHashFinal(Srp* srp, byte* digest)
+{
+    switch (srp->type) {
+    #ifndef NO_SHA
+        case SRP_TYPE_SHA:
+            return wc_ShaFinal(&srp->hash.sha, digest);
+    #endif
+
+    #ifndef NO_SHA256
+        case SRP_TYPE_SHA256: return
+            wc_Sha256Final(&srp->hash.sha256, digest);
+    #endif
+
+    #ifdef WOLFSSL_SHA384
+        case SRP_TYPE_SHA384: return
+            wc_Sha384Final(&srp->hash.sha384, digest);
+    #endif
+
+    #ifdef WOLFSSL_SHA512
+        case SRP_TYPE_SHA512: return
+            wc_Sha512Final(&srp->hash.sha512, digest);
+    #endif
+
+        default: return BAD_FUNC_ARG;
+    }
+}
+
+int wc_SrpInit(Srp* srp, byte type, byte side, byte* N, word32 nSz,
+                                                            byte* g, word32 gSz)
+{
+    int ret = 0;
+
+    if (!srp || !N || !g)
+        return BAD_FUNC_ARG;
+
+    if (side != SRP_CLIENT_SIDE && side != SRP_SERVER_SIDE)
+        return BAD_FUNC_ARG;
+
+    srp->side = side;
+    srp->type = type; /* a valid type is checked inside SrpHashXXX functions. */
+
+    if (mp_init_multi(&srp->N, &srp->g, &srp->s, 0, 0, 0) != MP_OKAY)
+        return MP_INIT_E;
+
+    if (mp_read_unsigned_bin(&srp->N, N, nSz) != MP_OKAY)
+        ret = MP_READ_E;
+
+    if (ret == 0 && mp_read_unsigned_bin(&srp->g, g, gSz) != MP_OKAY)
+        ret = MP_READ_E;
+
+    if (ret == 0) ret = SrpHashInit(srp);
+    if (ret == 0) ret = SrpHashUpdate(srp, N, nSz);
+    if (ret == 0) ret = SrpHashUpdate(srp, g, gSz);
+    if (ret == 0) ret = SrpHashFinal(srp, srp->k);
+
+    if (ret != 0) {
+        mp_clear(&srp->N); mp_clear(&srp->g); mp_clear(&srp->s);
+    }
+
+    return ret;
+}
 
 #endif /* WOLFCRYPT_HAVE_SRP */
diff --git a/wolfssl/wolfcrypt/srp.h b/wolfssl/wolfcrypt/srp.h
index f6a3edc10..b4ac77895 100644
--- a/wolfssl/wolfcrypt/srp.h
+++ b/wolfssl/wolfcrypt/srp.h
@@ -19,6 +19,8 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
  */
 
+#ifdef WOLFCRYPT_HAVE_SRP
+
 #ifndef WOLFCRYPT_SRP_H
 #define WOLFCRYPT_SRP_H
 
@@ -28,20 +30,24 @@
 #include <wolfssl/wolfcrypt/sha512.h>
 #include <wolfssl/wolfcrypt/integer.h>
 
-#ifdef WOLFCRYPT_HAVE_SRP
+#ifdef __cplusplus
+    extern "C" {
+#endif
 
 enum {
-#ifdef NO_SHA
-    SRP_SHA     = 1,
+    SRP_CLIENT_SIDE  = 0,
+    SRP_SERVER_SIDE  = 1,
+#ifndef NO_SHA
+    SRP_TYPE_SHA     = 1,
 #endif
-#ifdef NO_SHA256
-    SRP_SHA256  = 2,
+#ifndef NO_SHA256
+    SRP_TYPE_SHA256  = 2,
 #endif
-#ifndef WOLFSSL_SHA384
-    SRP_SHA384  = 3,
+#ifdef WOLFSSL_SHA384
+    SRP_TYPE_SHA384  = 3,
 #endif
-#ifndef WOLFSSL_SHA512
-    SRP_SHA512  = 4,
+#ifdef WOLFSSL_SHA512
+    SRP_TYPE_SHA512  = 4,
 #endif
 
 /* Select the largest available hash for the buffer size. */
@@ -58,6 +64,21 @@ enum {
 #endif
 };
 
+typedef union {
+    #ifndef NO_SHA
+        Sha sha;
+    #endif
+    #ifndef NO_SHA256
+        Sha256 sha256;
+    #endif
+    #ifdef WOLFSSL_SHA384
+        Sha384 sha384;
+    #endif
+    #ifdef WOLFSSL_SHA512
+        Sha512 sha512;
+    #endif
+} SrpHash;
+
 typedef struct {
     mp_int a;                      /**< Private ephemeral value. Random.      */
     mp_int A;                      /**< Public ephemeral value. pow(g, a, N)  */
@@ -90,9 +111,15 @@ typedef struct {
         SrpClient client;
         SrpServer server;
     } specific;
+    SrpHash hash;                  /**< Hash object.                          */
 } Srp;
 
-int SrpInit(Srp* srp, byte* N, word32 nSz, byte* g, word32 gSz);
+WOLFSSL_API int wc_SrpInit(Srp* srp, byte type, byte side, byte* N, word32 nSz,
+                                                           byte* g, word32 gSz);
 
+#ifdef __cplusplus
+   } /* extern "C" */
+#endif
+
+#endif /* WOLFCRYPT_SRP_H */
 #endif /* WOLFCRYPT_HAVE_SRP */
-#endif /* WOLF_CRYPT_SRP_H */

From 119dd0250e27933d77d005cb8e02b8b8007946b1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= <moises@wolfssl.com>
Date: Mon, 13 Jul 2015 16:10:29 -0300
Subject: [PATCH 280/350] fixes field types in SRP structure; adds new memory
 allocation type (DYNAMIC_TYPE_SRP); improves wc_SrpInit; adds wc_SrpTerm(),
 wc_SrpSetUsername(), wc_SrpSetParams(), wc_SrpSetPassword();

---
 tests/srp.c               | 117 ++++++++++++++++++++++-----------
 wolfcrypt/src/srp.c       | 132 +++++++++++++++++++++++++++++++++-----
 wolfssl/wolfcrypt/srp.h   |  27 +++++---
 wolfssl/wolfcrypt/types.h |   3 +-
 4 files changed, 212 insertions(+), 67 deletions(-)

diff --git a/tests/srp.c b/tests/srp.c
index 4b8879b43..a2d59c829 100644
--- a/tests/srp.c
+++ b/tests/srp.c
@@ -30,55 +30,92 @@
 
 #ifdef WOLFCRYPT_HAVE_SRP
 
+static char username[] = "username";
+
+static byte N[] = {
+    0x00, 0xc0, 0x37, 0xc3, 0x75, 0x88, 0xb4, 0x32, 0x98, 0x87, 0xe6, 0x1c,
+    0x2d, 0xa3, 0x32, 0x4b, 0x1b, 0xa4, 0xb8, 0x1a, 0x63, 0xf9, 0x74, 0x8f,
+    0xed, 0x2d, 0x8a, 0x41, 0x0c, 0x2f, 0xc2, 0x1b, 0x12, 0x32, 0xf0, 0xd3,
+    0xbf, 0xa0, 0x24, 0x27, 0x6c, 0xfd, 0x88, 0x44, 0x81, 0x97, 0xaa, 0xe4,
+    0x86, 0xa6, 0x3b, 0xfc, 0xa7, 0xb8, 0xbf, 0x77, 0x54, 0xdf, 0xb3, 0x27,
+    0xc7, 0x20, 0x1f, 0x6f, 0xd1, 0x7f, 0xd7, 0xfd, 0x74, 0x15, 0x8b, 0xd3,
+    0x1c, 0xe7, 0x72, 0xc9, 0xf5, 0xf8, 0xab, 0x58, 0x45, 0x48, 0xa9, 0x9a,
+    0x75, 0x9b, 0x5a, 0x2c, 0x05, 0x32, 0x16, 0x2b, 0x7b, 0x62, 0x18, 0xe8,
+    0xf1, 0x42, 0xbc, 0xe2, 0xc3, 0x0d, 0x77, 0x84, 0x68, 0x9a, 0x48, 0x3e,
+    0x09, 0x5e, 0x70, 0x16, 0x18, 0x43, 0x79, 0x13, 0xa8, 0xc3, 0x9c, 0x3d,
+    0xd0, 0xd4, 0xca, 0x3c, 0x50, 0x0b, 0x88, 0x5f, 0xe3
+};
+
+static byte g[] = {
+    0x02
+};
+
+static byte salt[] = {
+    'r', 'a', 'n', 'd', 'o', 'm'
+};
+
 static void test_SrpInit(void)
 {
-    byte N[] = {
-        0x00, 0xc0, 0x37, 0xc3, 0x75, 0x88, 0xb4, 0x32, 0x98, 0x87, 0xe6, 0x1c,
-        0x2d, 0xa3, 0x32, 0x4b, 0x1b, 0xa4, 0xb8, 0x1a, 0x63, 0xf9, 0x74, 0x8f,
-        0xed, 0x2d, 0x8a, 0x41, 0x0c, 0x2f, 0xc2, 0x1b, 0x12, 0x32, 0xf0, 0xd3,
-        0xbf, 0xa0, 0x24, 0x27, 0x6c, 0xfd, 0x88, 0x44, 0x81, 0x97, 0xaa, 0xe4,
-        0x86, 0xa6, 0x3b, 0xfc, 0xa7, 0xb8, 0xbf, 0x77, 0x54, 0xdf, 0xb3, 0x27,
-        0xc7, 0x20, 0x1f, 0x6f, 0xd1, 0x7f, 0xd7, 0xfd, 0x74, 0x15, 0x8b, 0xd3,
-        0x1c, 0xe7, 0x72, 0xc9, 0xf5, 0xf8, 0xab, 0x58, 0x45, 0x48, 0xa9, 0x9a,
-        0x75, 0x9b, 0x5a, 0x2c, 0x05, 0x32, 0x16, 0x2b, 0x7b, 0x62, 0x18, 0xe8,
-        0xf1, 0x42, 0xbc, 0xe2, 0xc3, 0x0d, 0x77, 0x84, 0x68, 0x9a, 0x48, 0x3e,
-        0x09, 0x5e, 0x70, 0x16, 0x18, 0x43, 0x79, 0x13, 0xa8, 0xc3, 0x9c, 0x3d,
-        0xd0, 0xd4, 0xca, 0x3c, 0x50, 0x0b, 0x88, 0x5f, 0xe3
-    };
-
-    byte g[] = {
-        0x02
-    };
-
     Srp srp;
 
-    AssertIntEQ(BAD_FUNC_ARG,
-                wc_SrpInit(NULL, SRP_TYPE_SHA, SRP_CLIENT_SIDE, N, sizeof(N),
-                                                                g, sizeof(g)));
+    /* invalid params */
+    AssertIntEQ(BAD_FUNC_ARG, wc_SrpInit(NULL, SRP_TYPE_SHA, SRP_CLIENT_SIDE));
+    AssertIntEQ(BAD_FUNC_ARG, wc_SrpInit(&srp, 255,          SRP_CLIENT_SIDE));
+    AssertIntEQ(BAD_FUNC_ARG, wc_SrpInit(&srp, SRP_TYPE_SHA, 255            ));
 
-    AssertIntEQ(BAD_FUNC_ARG,
-                wc_SrpInit(&srp, 255, SRP_CLIENT_SIDE, N, sizeof(N),
-                                                                g, sizeof(g)));
+    /* success */
+    AssertIntEQ(0, wc_SrpInit(&srp, SRP_TYPE_SHA, SRP_CLIENT_SIDE));
 
-    AssertIntEQ(BAD_FUNC_ARG,
-                wc_SrpInit(&srp, SRP_TYPE_SHA, 255, N, sizeof(N),
-                                                                g, sizeof(g)));
+    wc_SrpTerm(&srp);
+}
 
-    AssertIntEQ(BAD_FUNC_ARG,
-                wc_SrpInit(&srp, SRP_TYPE_SHA, 255, N, sizeof(N),
-                                                                g, sizeof(g)));
+static void test_SrpSetUsername(void)
+{
+    Srp srp;
 
-    AssertIntEQ(BAD_FUNC_ARG,
-                wc_SrpInit(&srp, SRP_TYPE_SHA, SRP_CLIENT_SIDE, NULL, sizeof(N),
-                                                                g, sizeof(g)));
+    AssertIntEQ(0, wc_SrpInit(&srp, SRP_TYPE_SHA, SRP_CLIENT_SIDE));
 
-    AssertIntEQ(BAD_FUNC_ARG,
-                wc_SrpInit(&srp, SRP_TYPE_SHA, SRP_CLIENT_SIDE, N, sizeof(N),
-                                                             NULL, sizeof(g)));
+    /* invalid params */
+    AssertIntEQ(BAD_FUNC_ARG, wc_SrpSetUsername(NULL, username));
+    AssertIntEQ(BAD_FUNC_ARG, wc_SrpSetUsername(&srp, NULL));
 
-    AssertIntEQ(0,
-                wc_SrpInit(&srp, SRP_TYPE_SHA, SRP_CLIENT_SIDE, N, sizeof(N),
-                                                                g, sizeof(g)));
+    /* success */
+    AssertIntEQ(0, wc_SrpSetUsername(&srp, username));
+    AssertIntEQ((int) XSTRLEN(username), srp.usernameSz);
+    AssertIntEQ(0, XMEMCMP(srp.username, username, srp.usernameSz));
+
+    wc_SrpTerm(&srp);
+}
+
+static void test_SrpSetParams(void)
+{
+    Srp srp;
+
+    AssertIntEQ(0, wc_SrpInit(&srp, SRP_TYPE_SHA, SRP_CLIENT_SIDE));
+
+    /* invalid params */
+    AssertIntEQ(BAD_FUNC_ARG, wc_SrpSetParams(NULL, N,    sizeof(N),
+                                                    g,    sizeof(g),
+                                                    salt, sizeof(salt)));
+    AssertIntEQ(BAD_FUNC_ARG, wc_SrpSetParams(&srp, NULL, sizeof(N),
+                                                    g,    sizeof(g),
+                                                    salt, sizeof(salt)));
+    AssertIntEQ(BAD_FUNC_ARG, wc_SrpSetParams(&srp, N,    sizeof(N),
+                                                    NULL, sizeof(g),
+                                                    salt, sizeof(salt)));
+    AssertIntEQ(BAD_FUNC_ARG, wc_SrpSetParams(&srp, N,    sizeof(N),
+                                                    g,    sizeof(g),
+                                                    NULL, sizeof(salt)));
+
+    /* success */
+    AssertIntEQ(0, wc_SrpSetParams(&srp, N,    sizeof(N),
+                                         g,    sizeof(g),
+                                         salt, sizeof(salt)));
+
+    AssertIntEQ(sizeof(salt), srp.saltSz);
+    AssertIntEQ(0, XMEMCMP(srp.salt, salt, srp.saltSz));
+
+    wc_SrpTerm(&srp);
 }
 
 #endif
@@ -87,5 +124,7 @@ void SrpTest(void)
 {
 #ifdef WOLFCRYPT_HAVE_SRP
     test_SrpInit();
+    test_SrpSetUsername();
+    test_SrpSetParams();
 #endif
 }
diff --git a/wolfcrypt/src/srp.c b/wolfcrypt/src/srp.c
index 19862ae66..780044017 100644
--- a/wolfcrypt/src/srp.c
+++ b/wolfcrypt/src/srp.c
@@ -111,39 +111,137 @@ static int SrpHashFinal(Srp* srp, byte* digest)
     }
 }
 
-int wc_SrpInit(Srp* srp, byte type, byte side, byte* N, word32 nSz,
-                                                            byte* g, word32 gSz)
+int wc_SrpInit(Srp* srp, byte type, byte side)
 {
     int ret = 0;
 
-    if (!srp || !N || !g)
+    if (!srp)
         return BAD_FUNC_ARG;
 
     if (side != SRP_CLIENT_SIDE && side != SRP_SERVER_SIDE)
         return BAD_FUNC_ARG;
 
-    srp->side = side;
-    srp->type = type; /* a valid type is checked inside SrpHashXXX functions. */
+    if (type != SRP_TYPE_SHA    && type != SRP_TYPE_SHA256 &&
+        type != SRP_TYPE_SHA384 && type != SRP_TYPE_SHA512)
+        return BAD_FUNC_ARG;
 
-    if (mp_init_multi(&srp->N, &srp->g, &srp->s, 0, 0, 0) != MP_OKAY)
+    srp->side     = side;    srp->type       = type;
+    srp->salt     = NULL;    srp->saltSz     = 0;
+    srp->username = NULL;    srp->usernameSz = 0;
+
+    if (mp_init_multi(&srp->N, &srp->g, &srp->s, &srp->u, 0, 0) != MP_OKAY)
         return MP_INIT_E;
 
-    if (mp_read_unsigned_bin(&srp->N, N, nSz) != MP_OKAY)
-        ret = MP_READ_E;
-
-    if (ret == 0 && mp_read_unsigned_bin(&srp->g, g, gSz) != MP_OKAY)
-        ret = MP_READ_E;
-
-    if (ret == 0) ret = SrpHashInit(srp);
-    if (ret == 0) ret = SrpHashUpdate(srp, N, nSz);
-    if (ret == 0) ret = SrpHashUpdate(srp, g, gSz);
-    if (ret == 0) ret = SrpHashFinal(srp, srp->k);
+    if (srp->side == SRP_CLIENT_SIDE) {
+        if (mp_init_multi(&srp->specific.client.a,
+                          &srp->specific.client.A,
+                          &srp->specific.client.B,
+                          &srp->specific.client.password, 0, 0) != MP_OKAY)
+            ret = MP_INIT_E;
+    }
+    else {
+        if (mp_init_multi(&srp->specific.server.b,
+                          &srp->specific.server.B,
+                          &srp->specific.server.A,
+                          &srp->specific.server.verifier, 0, 0) != MP_OKAY)
+            ret = MP_INIT_E;
+    }
 
     if (ret != 0) {
-        mp_clear(&srp->N); mp_clear(&srp->g); mp_clear(&srp->s);
+        mp_clear(&srp->N); mp_clear(&srp->g);
+        mp_clear(&srp->s); mp_clear(&srp->u);
     }
 
     return ret;
 }
 
+void wc_SrpTerm(Srp* srp) {
+    if (srp) {
+        mp_clear(&srp->N); mp_clear(&srp->g);
+        mp_clear(&srp->s); mp_clear(&srp->u);
+
+        XMEMSET(srp->salt, 0, srp->saltSz);
+        XFREE(srp->salt, NULL, DYNAMIC_TYPE_SRP);
+        XMEMSET(srp->username, 0, srp->usernameSz);
+        XFREE(srp->username, NULL, DYNAMIC_TYPE_SRP);
+
+        if (srp->side == SRP_CLIENT_SIDE) {
+            mp_clear(&srp->specific.client.a);
+            mp_clear(&srp->specific.client.A);
+            mp_clear(&srp->specific.client.B);
+            mp_clear(&srp->specific.client.password);
+
+            XMEMSET(srp->specific.client.x, 0, SRP_MAX_DIGEST_SIZE);
+        }
+        else {
+            mp_clear(&srp->specific.server.b);
+            mp_clear(&srp->specific.server.B);
+            mp_clear(&srp->specific.server.A);
+            mp_clear(&srp->specific.server.verifier);
+        }
+    }
+}
+
+int wc_SrpSetUsername(Srp* srp, const char* username) {
+    if (!srp || !username)
+        return BAD_FUNC_ARG;
+
+    srp->username = (byte*)XMALLOC(XSTRLEN(username), NULL, DYNAMIC_TYPE_SRP);
+    if (srp->username == NULL)
+        return MEMORY_E;
+
+    srp->usernameSz = (word32) XSTRLEN(username);
+    XMEMCPY(srp->username, username, srp->usernameSz);
+
+    return 0;
+}
+
+int wc_SrpSetParams(Srp* srp, const byte* N,    word32 nSz,
+                              const byte* g,    word32 gSz,
+                              const byte* salt, word32 saltSz)
+{
+    int ret = 0;
+
+    if (!srp || !N || !g || !salt)
+        return BAD_FUNC_ARG;
+
+    if (mp_read_unsigned_bin(&srp->N, N, nSz) != MP_OKAY)
+        return MP_READ_E;
+
+    if (mp_read_unsigned_bin(&srp->g, g, gSz) != MP_OKAY)
+        return MP_READ_E;
+
+    if ((ret = SrpHashInit(srp)) != 0)
+        return ret;
+
+    if ((ret = SrpHashUpdate(srp, (byte*) N, nSz)) != 0)
+        return ret;
+
+    if ((ret = SrpHashUpdate(srp, (byte*) g, gSz)) != 0)
+        return ret;
+
+    if ((ret = SrpHashFinal(srp, srp->k)) != 0)
+        return ret;
+
+    srp->salt = (byte*)XMALLOC(saltSz, NULL, DYNAMIC_TYPE_SRP);
+    if (srp->salt == NULL)
+        return MEMORY_E;
+
+    XMEMCPY(srp->salt, salt, saltSz);
+    srp->saltSz = saltSz;
+
+    return 0;
+}
+
+int wc_SrpSetPassword(Srp* srp, const byte* password, word32 size) {
+    if (!srp || !password || srp->side != SRP_CLIENT_SIDE)
+        return BAD_FUNC_ARG;
+
+    if (mp_read_unsigned_bin(&srp->specific.client.password, password, size)
+                                                                     != MP_OKAY)
+        return MP_READ_E;
+
+    return 0;
+}
+
 #endif /* WOLFCRYPT_HAVE_SRP */
diff --git a/wolfssl/wolfcrypt/srp.h b/wolfssl/wolfcrypt/srp.h
index b4ac77895..f79042b83 100644
--- a/wolfssl/wolfcrypt/srp.h
+++ b/wolfssl/wolfcrypt/srp.h
@@ -84,27 +84,26 @@ typedef struct {
     mp_int A;                      /**< Public ephemeral value. pow(g, a, N)  */
     mp_int B;                      /**< Server's public ephemeral value.      */
     byte   x[SRP_MAX_DIGEST_SIZE]; /**< Priv key. H(salt, H(user, ":", pswd)) */
-    byte*  pswd;                   /**< Password.                             */
-    word32 pswdSz;                 /**< Password length.                      */
+    mp_int password;               /**< Password.                             */
 } SrpClient;
 
 typedef struct {
     mp_int b;                      /**< Private ephemeral value.              */
     mp_int B;                      /**< Public ephemeral value.               */
     mp_int A;                      /**< Client's public ephemeral value.      */
-    mp_int v;                      /**< Verifier. v = pow(g, x, N)            */
+    mp_int verifier;               /**< Verifier. v = pow(g, x, N)            */
 } SrpServer;
 
 typedef struct {
+    byte   side;                   /**< Client or Server side.                */
+    byte   type;                   /**< Hash type, SHA[1:256:384:512]         */
     mp_int N;                      /**< Modulus. N = 2q+1, [q, N] are primes. */
     mp_int g;                      /**< Generator. A generator modulo N.      */
     mp_int s;                      /**< Session key.                          */
     byte   k[SRP_MAX_DIGEST_SIZE]; /**< Multiplier parameeter. H(N, g)        */
-    byte   u[SRP_MAX_DIGEST_SIZE]; /**< Random scrambling parameeter.         */
-    byte   type;                   /**< Hash type, SHA[1:256:384:512]         */
-    byte   side;                   /**< Client or Server side.                */
-    byte*  user;                   /**< Username, login.                      */
-    word32 userSz;                 /**< Username length.                      */
+    mp_int u;                      /**< Random scrambling parameeter.         */
+    byte*  username;               /**< Username, login.                      */
+    word32 usernameSz;             /**< Username length.                      */
     byte*  salt;                   /**< Small salt.                           */
     word32 saltSz;                 /**< Salt length.                          */
     union {
@@ -114,8 +113,16 @@ typedef struct {
     SrpHash hash;                  /**< Hash object.                          */
 } Srp;
 
-WOLFSSL_API int wc_SrpInit(Srp* srp, byte type, byte side, byte* N, word32 nSz,
-                                                           byte* g, word32 gSz);
+WOLFSSL_API int  wc_SrpInit(Srp* srp, byte type, byte side);
+WOLFSSL_API void wc_SrpTerm(Srp* srp);
+
+WOLFSSL_API int  wc_SrpSetUsername(Srp* srp, const char* user);
+
+WOLFSSL_API int  wc_SrpSetParams(Srp* srp, const byte* N,    word32 nSz,
+                                           const byte* g,    word32 gSz,
+                                           const byte* salt, word32 saltSz);
+
+WOLFSSL_API int  wc_SrpSetPassword(Srp* srp, const byte* password, word32 size);
 
 #ifdef __cplusplus
    } /* extern "C" */
diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h
index 795d2c9c5..060ed0239 100644
--- a/wolfssl/wolfcrypt/types.h
+++ b/wolfssl/wolfcrypt/types.h
@@ -271,7 +271,8 @@
 	    DYNAMIC_TYPE_TLSX         = 43,
 	    DYNAMIC_TYPE_OCSP         = 44,
 	    DYNAMIC_TYPE_SIGNATURE    = 45,
-	    DYNAMIC_TYPE_HASHES       = 46
+	    DYNAMIC_TYPE_HASHES       = 46,
+		DYNAMIC_TYPE_SRP          = 47,
 	};
 
 	/* max error buffer string size */

From 8b23b86659ca3ef185f67b5ed206d469573445b1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= <moises@wolfssl.com>
Date: Wed, 15 Jul 2015 19:22:47 -0300
Subject: [PATCH 281/350] Adds hash type directly inside SrpHash and removes
 temp hash from Srp struct.

---
 wolfcrypt/src/srp.c     | 134 ++++++++++++++++++++++++++++------------
 wolfssl/wolfcrypt/srp.h |  36 ++++++-----
 2 files changed, 113 insertions(+), 57 deletions(-)

diff --git a/wolfcrypt/src/srp.c b/wolfcrypt/src/srp.c
index 780044017..555f3172c 100644
--- a/wolfcrypt/src/srp.c
+++ b/wolfcrypt/src/srp.c
@@ -30,84 +30,117 @@
 #include <wolfssl/wolfcrypt/srp.h>
 #include <wolfssl/wolfcrypt/error-crypt.h>
 
-static int SrpHashInit(Srp* srp)
+static int SrpHashInit(SrpHash* hash, int type)
 {
-    switch (srp->type) {
+    hash->type = type;
+
+    switch (type) {
     #ifndef NO_SHA
         case SRP_TYPE_SHA:
-            return wc_InitSha(&srp->hash.sha);
+            return wc_InitSha(&hash->data.sha);
     #endif
 
     #ifndef NO_SHA256
         case SRP_TYPE_SHA256:
-            return wc_InitSha256(&srp->hash.sha256);
+            return wc_InitSha256(&hash->data.sha256);
     #endif
 
     #ifdef WOLFSSL_SHA384
         case SRP_TYPE_SHA384:
-            return wc_InitSha384(&srp->hash.sha384);
+            return wc_InitSha384(&hash->data.sha384);
     #endif
 
     #ifdef WOLFSSL_SHA512
         case SRP_TYPE_SHA512:
-            return wc_InitSha512(&srp->hash.sha512);
+            return wc_InitSha512(&hash->data.sha512);
     #endif
 
-        default: return BAD_FUNC_ARG;
+        default:
+            return BAD_FUNC_ARG;
     }
 }
 
-static int SrpHashUpdate(Srp* srp, byte* data, word32 size)
+static int SrpHashUpdate(SrpHash* hash, byte* data, word32 size)
 {
-    switch (srp->type) {
+    switch (hash->type) {
     #ifndef NO_SHA
         case SRP_TYPE_SHA:
-            return wc_ShaUpdate(&srp->hash.sha, data, size);
+            return wc_ShaUpdate(&hash->data.sha, data, size);
     #endif
 
     #ifndef NO_SHA256
         case SRP_TYPE_SHA256:
-            return wc_Sha256Update(&srp->hash.sha256, data, size);
+            return wc_Sha256Update(&hash->data.sha256, data, size);
     #endif
 
     #ifdef WOLFSSL_SHA384
         case SRP_TYPE_SHA384:
-            return wc_Sha384Update(&srp->hash.sha384, data, size);
+            return wc_Sha384Update(&hash->data.sha384, data, size);
     #endif
 
     #ifdef WOLFSSL_SHA512
         case SRP_TYPE_SHA512:
-            return wc_Sha512Update(&srp->hash.sha512, data, size);
+            return wc_Sha512Update(&hash->data.sha512, data, size);
     #endif
 
-        default: return BAD_FUNC_ARG;
+        default:
+            return BAD_FUNC_ARG;
     }
 }
 
-static int SrpHashFinal(Srp* srp, byte* digest)
+static int SrpHashFinal(SrpHash* hash, byte* digest)
 {
-    switch (srp->type) {
+    switch (hash->type) {
     #ifndef NO_SHA
         case SRP_TYPE_SHA:
-            return wc_ShaFinal(&srp->hash.sha, digest);
+            return wc_ShaFinal(&hash->data.sha, digest);
     #endif
 
     #ifndef NO_SHA256
-        case SRP_TYPE_SHA256: return
-            wc_Sha256Final(&srp->hash.sha256, digest);
+        case SRP_TYPE_SHA256:
+            return wc_Sha256Final(&hash->data.sha256, digest);
     #endif
 
     #ifdef WOLFSSL_SHA384
-        case SRP_TYPE_SHA384: return
-            wc_Sha384Final(&srp->hash.sha384, digest);
+        case SRP_TYPE_SHA384:
+            return wc_Sha384Final(&hash->data.sha384, digest);
     #endif
 
     #ifdef WOLFSSL_SHA512
-        case SRP_TYPE_SHA512: return
-            wc_Sha512Final(&srp->hash.sha512, digest);
+        case SRP_TYPE_SHA512:
+            return wc_Sha512Final(&hash->data.sha512, digest);
     #endif
 
-        default: return BAD_FUNC_ARG;
+        default:
+            return BAD_FUNC_ARG;
+    }
+}
+
+static word32 SrpHashSize(byte type)
+{
+    switch (type) {
+    #ifndef NO_SHA
+        case SRP_TYPE_SHA:
+            return SHA_DIGEST_SIZE;
+    #endif
+
+    #ifndef NO_SHA256
+        case SRP_TYPE_SHA256:
+            return SHA256_DIGEST_SIZE;
+    #endif
+
+    #ifdef WOLFSSL_SHA384
+        case SRP_TYPE_SHA384:
+            return SHA384_DIGEST_SIZE;
+    #endif
+
+    #ifdef WOLFSSL_SHA512
+        case SRP_TYPE_SHA512:
+            return SHA512_DIGEST_SIZE;
+    #endif
+
+        default:
+            return 0;
     }
 }
 
@@ -115,6 +148,8 @@ int wc_SrpInit(Srp* srp, byte type, byte side)
 {
     int ret = 0;
 
+    /* validating params */
+
     if (!srp)
         return BAD_FUNC_ARG;
 
@@ -125,6 +160,8 @@ int wc_SrpInit(Srp* srp, byte type, byte side)
         type != SRP_TYPE_SHA384 && type != SRP_TYPE_SHA512)
         return BAD_FUNC_ARG;
 
+    /* initializing common data */
+
     srp->side     = side;    srp->type       = type;
     srp->salt     = NULL;    srp->saltSz     = 0;
     srp->username = NULL;    srp->usernameSz = 0;
@@ -132,21 +169,31 @@ int wc_SrpInit(Srp* srp, byte type, byte side)
     if (mp_init_multi(&srp->N, &srp->g, &srp->s, &srp->u, 0, 0) != MP_OKAY)
         return MP_INIT_E;
 
+    /* initializing client specific data */
+
     if (srp->side == SRP_CLIENT_SIDE) {
-        if (mp_init_multi(&srp->specific.client.a,
-                          &srp->specific.client.A,
-                          &srp->specific.client.B,
-                          &srp->specific.client.password, 0, 0) != MP_OKAY)
+        ret = SrpHashInit(&srp->specific.client.proof, type);
+
+        if (ret == 0 && mp_init_multi(&srp->specific.client.a,
+                                      &srp->specific.client.A,
+                                      &srp->specific.client.B,
+                                      &srp->specific.client.x,
+                                      0, 0) != MP_OKAY)
             ret = MP_INIT_E;
     }
-    else {
+
+    /* initializing server specific data */
+
+    if (srp->side == SRP_SERVER_SIDE) {
         if (mp_init_multi(&srp->specific.server.b,
                           &srp->specific.server.B,
                           &srp->specific.server.A,
-                          &srp->specific.server.verifier, 0, 0) != MP_OKAY)
+                          &srp->specific.server.v, 0, 0) != MP_OKAY)
             ret = MP_INIT_E;
     }
 
+    /* undo initializations on error */
+
     if (ret != 0) {
         mp_clear(&srp->N); mp_clear(&srp->g);
         mp_clear(&srp->s); mp_clear(&srp->u);
@@ -169,15 +216,16 @@ void wc_SrpTerm(Srp* srp) {
             mp_clear(&srp->specific.client.a);
             mp_clear(&srp->specific.client.A);
             mp_clear(&srp->specific.client.B);
-            mp_clear(&srp->specific.client.password);
+            mp_clear(&srp->specific.client.x);
 
-            XMEMSET(srp->specific.client.x, 0, SRP_MAX_DIGEST_SIZE);
+            XMEMSET(&srp->specific.client.proof, 0, sizeof(SrpHash));
         }
-        else {
+
+        if (srp->side == SRP_SERVER_SIDE) {
             mp_clear(&srp->specific.server.b);
             mp_clear(&srp->specific.server.B);
             mp_clear(&srp->specific.server.A);
-            mp_clear(&srp->specific.server.verifier);
+            mp_clear(&srp->specific.server.v);
         }
     }
 }
@@ -200,6 +248,7 @@ int wc_SrpSetParams(Srp* srp, const byte* N,    word32 nSz,
                               const byte* g,    word32 gSz,
                               const byte* salt, word32 saltSz)
 {
+    SrpHash hash;
     int ret = 0;
 
     if (!srp || !N || !g || !salt)
@@ -211,16 +260,16 @@ int wc_SrpSetParams(Srp* srp, const byte* N,    word32 nSz,
     if (mp_read_unsigned_bin(&srp->g, g, gSz) != MP_OKAY)
         return MP_READ_E;
 
-    if ((ret = SrpHashInit(srp)) != 0)
+    if ((ret = SrpHashInit(&hash, srp->type)) != 0)
         return ret;
 
-    if ((ret = SrpHashUpdate(srp, (byte*) N, nSz)) != 0)
+    if ((ret = SrpHashUpdate(&hash, (byte*) N, nSz)) != 0)
         return ret;
 
-    if ((ret = SrpHashUpdate(srp, (byte*) g, gSz)) != 0)
+    if ((ret = SrpHashUpdate(&hash, (byte*) g, gSz)) != 0)
         return ret;
 
-    if ((ret = SrpHashFinal(srp, srp->k)) != 0)
+    if ((ret = SrpHashFinal(&hash, srp->k)) != 0)
         return ret;
 
     srp->salt = (byte*)XMALLOC(saltSz, NULL, DYNAMIC_TYPE_SRP);
@@ -234,11 +283,16 @@ int wc_SrpSetParams(Srp* srp, const byte* N,    word32 nSz,
 }
 
 int wc_SrpSetPassword(Srp* srp, const byte* password, word32 size) {
+    byte digest[SRP_MAX_DIGEST_SIZE];
+
     if (!srp || !password || srp->side != SRP_CLIENT_SIDE)
         return BAD_FUNC_ARG;
 
-    if (mp_read_unsigned_bin(&srp->specific.client.password, password, size)
-                                                                     != MP_OKAY)
+    (void) size;
+    /* TODO: calculate digest. */
+
+    if (mp_read_unsigned_bin(&srp->specific.client.x, digest,
+                                             SrpHashSize(srp->type)) != MP_OKAY)
         return MP_READ_E;
 
     return 0;
diff --git a/wolfssl/wolfcrypt/srp.h b/wolfssl/wolfcrypt/srp.h
index f79042b83..b75ac547a 100644
--- a/wolfssl/wolfcrypt/srp.h
+++ b/wolfssl/wolfcrypt/srp.h
@@ -64,34 +64,37 @@ enum {
 #endif
 };
 
-typedef union {
-    #ifndef NO_SHA
-        Sha sha;
-    #endif
-    #ifndef NO_SHA256
-        Sha256 sha256;
-    #endif
-    #ifdef WOLFSSL_SHA384
-        Sha384 sha384;
-    #endif
-    #ifdef WOLFSSL_SHA512
-        Sha512 sha512;
-    #endif
+typedef struct {
+    byte type;
+    union {
+        #ifndef NO_SHA
+            Sha sha;
+        #endif
+        #ifndef NO_SHA256
+            Sha256 sha256;
+        #endif
+        #ifdef WOLFSSL_SHA384
+            Sha384 sha384;
+        #endif
+        #ifdef WOLFSSL_SHA512
+            Sha512 sha512;
+        #endif
+    } data;
 } SrpHash;
 
 typedef struct {
     mp_int a;                      /**< Private ephemeral value. Random.      */
     mp_int A;                      /**< Public ephemeral value. pow(g, a, N)  */
     mp_int B;                      /**< Server's public ephemeral value.      */
-    byte   x[SRP_MAX_DIGEST_SIZE]; /**< Priv key. H(salt, H(user, ":", pswd)) */
-    mp_int password;               /**< Password.                             */
+    mp_int x;                      /**< Priv key. H(salt, H(user, ":", pswd)) */
+    SrpHash proof;                 /**< Client proof. Sent to Server.         */
 } SrpClient;
 
 typedef struct {
     mp_int b;                      /**< Private ephemeral value.              */
     mp_int B;                      /**< Public ephemeral value.               */
     mp_int A;                      /**< Client's public ephemeral value.      */
-    mp_int verifier;               /**< Verifier. v = pow(g, x, N)            */
+    mp_int v;                      /**< Verifier. v = pow(g, x, N)            */
 } SrpServer;
 
 typedef struct {
@@ -110,7 +113,6 @@ typedef struct {
         SrpClient client;
         SrpServer server;
     } specific;
-    SrpHash hash;                  /**< Hash object.                          */
 } Srp;
 
 WOLFSSL_API int  wc_SrpInit(Srp* srp, byte type, byte side);

From 6d5efccc55df7519c4b1b9d83cbef32384627b71 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= <moises@wolfssl.com>
Date: Thu, 16 Jul 2015 16:03:18 -0300
Subject: [PATCH 282/350] finishes SrpSetPassword(), SrpSetVerifier(),
 SrpGetVerifier(); updates client_proof during SrpSetParams();

---
 tests/srp.c             |  11 +--
 wolfcrypt/src/srp.c     | 186 +++++++++++++++++++++++++++-------------
 wolfssl/wolfcrypt/srp.h |  11 ++-
 3 files changed, 141 insertions(+), 67 deletions(-)

diff --git a/tests/srp.c b/tests/srp.c
index a2d59c829..765d8f81f 100644
--- a/tests/srp.c
+++ b/tests/srp.c
@@ -30,7 +30,7 @@
 
 #ifdef WOLFCRYPT_HAVE_SRP
 
-static char username[] = "username";
+static char user[] = "user";
 
 static byte N[] = {
     0x00, 0xc0, 0x37, 0xc3, 0x75, 0x88, 0xb4, 0x32, 0x98, 0x87, 0xe6, 0x1c,
@@ -76,13 +76,13 @@ static void test_SrpSetUsername(void)
     AssertIntEQ(0, wc_SrpInit(&srp, SRP_TYPE_SHA, SRP_CLIENT_SIDE));
 
     /* invalid params */
-    AssertIntEQ(BAD_FUNC_ARG, wc_SrpSetUsername(NULL, username));
+    AssertIntEQ(BAD_FUNC_ARG, wc_SrpSetUsername(NULL, user));
     AssertIntEQ(BAD_FUNC_ARG, wc_SrpSetUsername(&srp, NULL));
 
     /* success */
-    AssertIntEQ(0, wc_SrpSetUsername(&srp, username));
-    AssertIntEQ((int) XSTRLEN(username), srp.usernameSz);
-    AssertIntEQ(0, XMEMCMP(srp.username, username, srp.usernameSz));
+    AssertIntEQ(0, wc_SrpSetUsername(&srp, user));
+    AssertIntEQ((int) XSTRLEN(user), srp.userSz);
+    AssertIntEQ(0, XMEMCMP(srp.user, user, srp.userSz));
 
     wc_SrpTerm(&srp);
 }
@@ -92,6 +92,7 @@ static void test_SrpSetParams(void)
     Srp srp;
 
     AssertIntEQ(0, wc_SrpInit(&srp, SRP_TYPE_SHA, SRP_CLIENT_SIDE));
+    AssertIntEQ(0, wc_SrpSetUsername(&srp, user));
 
     /* invalid params */
     AssertIntEQ(BAD_FUNC_ARG, wc_SrpSetParams(NULL, N,    sizeof(N),
diff --git a/wolfcrypt/src/srp.c b/wolfcrypt/src/srp.c
index 555f3172c..73d79ad4f 100644
--- a/wolfcrypt/src/srp.c
+++ b/wolfcrypt/src/srp.c
@@ -60,7 +60,7 @@ static int SrpHashInit(SrpHash* hash, int type)
     }
 }
 
-static int SrpHashUpdate(SrpHash* hash, byte* data, word32 size)
+static int SrpHashUpdate(SrpHash* hash, const byte* data, word32 size)
 {
     switch (hash->type) {
     #ifndef NO_SHA
@@ -146,10 +146,9 @@ static word32 SrpHashSize(byte type)
 
 int wc_SrpInit(Srp* srp, byte type, byte side)
 {
-    int ret = 0;
+    int r;
 
     /* validating params */
-
     if (!srp)
         return BAD_FUNC_ARG;
 
@@ -161,64 +160,51 @@ int wc_SrpInit(Srp* srp, byte type, byte side)
         return BAD_FUNC_ARG;
 
     /* initializing common data */
-
-    srp->side     = side;    srp->type       = type;
-    srp->salt     = NULL;    srp->saltSz     = 0;
-    srp->username = NULL;    srp->usernameSz = 0;
+    srp->side = side;    srp->type   = type;
+    srp->salt = NULL;    srp->saltSz = 0;
+    srp->user = NULL;    srp->userSz = 0;
 
     if (mp_init_multi(&srp->N, &srp->g, &srp->s, &srp->u, 0, 0) != MP_OKAY)
         return MP_INIT_E;
 
+            r = SrpHashInit(&srp->client_proof, type);
+    if (!r) r = SrpHashInit(&srp->server_proof, type);
+
     /* initializing client specific data */
-
-    if (srp->side == SRP_CLIENT_SIDE) {
-        ret = SrpHashInit(&srp->specific.client.proof, type);
-
-        if (ret == 0 && mp_init_multi(&srp->specific.client.a,
-                                      &srp->specific.client.A,
-                                      &srp->specific.client.B,
-                                      &srp->specific.client.x,
-                                      0, 0) != MP_OKAY)
-            ret = MP_INIT_E;
-    }
+    if (!r && srp->side == SRP_CLIENT_SIDE)
+        r = mp_init_multi(&srp->specific.client.a, &srp->specific.client.A,
+                          &srp->specific.client.B, &srp->specific.client.x,0,0);
 
     /* initializing server specific data */
-
-    if (srp->side == SRP_SERVER_SIDE) {
-        if (mp_init_multi(&srp->specific.server.b,
-                          &srp->specific.server.B,
-                          &srp->specific.server.A,
-                          &srp->specific.server.v, 0, 0) != MP_OKAY)
-            ret = MP_INIT_E;
-    }
+    if (!r && srp->side == SRP_SERVER_SIDE)
+        r = mp_init_multi(&srp->specific.server.b, &srp->specific.server.B,
+                          &srp->specific.server.A, &srp->specific.server.v,0,0);
 
     /* undo initializations on error */
-
-    if (ret != 0) {
+    if (r != 0) {
         mp_clear(&srp->N); mp_clear(&srp->g);
         mp_clear(&srp->s); mp_clear(&srp->u);
     }
 
-    return ret;
+    return r;
 }
 
-void wc_SrpTerm(Srp* srp) {
+void wc_SrpTerm(Srp* srp)
+{
     if (srp) {
         mp_clear(&srp->N); mp_clear(&srp->g);
         mp_clear(&srp->s); mp_clear(&srp->u);
 
         XMEMSET(srp->salt, 0, srp->saltSz);
         XFREE(srp->salt, NULL, DYNAMIC_TYPE_SRP);
-        XMEMSET(srp->username, 0, srp->usernameSz);
-        XFREE(srp->username, NULL, DYNAMIC_TYPE_SRP);
+        XMEMSET(srp->user, 0, srp->userSz);
+        XFREE(srp->user, NULL, DYNAMIC_TYPE_SRP);
 
         if (srp->side == SRP_CLIENT_SIDE) {
             mp_clear(&srp->specific.client.a);
             mp_clear(&srp->specific.client.A);
             mp_clear(&srp->specific.client.B);
             mp_clear(&srp->specific.client.x);
-
-            XMEMSET(&srp->specific.client.proof, 0, sizeof(SrpHash));
         }
 
         if (srp->side == SRP_SERVER_SIDE) {
@@ -227,19 +213,22 @@ void wc_SrpTerm(Srp* srp) {
             mp_clear(&srp->specific.server.A);
             mp_clear(&srp->specific.server.v);
         }
+
+        XMEMSET(srp, 0, sizeof(Srp));
     }
 }
 
-int wc_SrpSetUsername(Srp* srp, const char* username) {
-    if (!srp || !username)
+int wc_SrpSetUsername(Srp* srp, const char* user)
+{
+    if (!srp || !user)
         return BAD_FUNC_ARG;
 
-    srp->username = (byte*)XMALLOC(XSTRLEN(username), NULL, DYNAMIC_TYPE_SRP);
-    if (srp->username == NULL)
+    srp->user = (byte*)XMALLOC(XSTRLEN(user), NULL, DYNAMIC_TYPE_SRP);
+    if (srp->user == NULL)
         return MEMORY_E;
 
-    srp->usernameSz = (word32) XSTRLEN(username);
-    XMEMCPY(srp->username, username, srp->usernameSz);
+    srp->userSz = (word32) XSTRLEN(user);
+    XMEMCPY(srp->user, user, srp->userSz);
 
     return 0;
 }
@@ -249,28 +238,26 @@ int wc_SrpSetParams(Srp* srp, const byte* N,    word32 nSz,
                               const byte* salt, word32 saltSz)
 {
     SrpHash hash;
-    int ret = 0;
+    byte digest1[SRP_MAX_DIGEST_SIZE];
+    byte digest2[SRP_MAX_DIGEST_SIZE];
+    int i, j, r;
 
-    if (!srp || !N || !g || !salt)
+    if (!srp || !srp->user || !N || !g || !salt)
         return BAD_FUNC_ARG;
 
+    /* Set N */
     if (mp_read_unsigned_bin(&srp->N, N, nSz) != MP_OKAY)
         return MP_READ_E;
 
+    /* Set g */
     if (mp_read_unsigned_bin(&srp->g, g, gSz) != MP_OKAY)
         return MP_READ_E;
 
-    if ((ret = SrpHashInit(&hash, srp->type)) != 0)
-        return ret;
-
-    if ((ret = SrpHashUpdate(&hash, (byte*) N, nSz)) != 0)
-        return ret;
-
-    if ((ret = SrpHashUpdate(&hash, (byte*) g, gSz)) != 0)
-        return ret;
-
-    if ((ret = SrpHashFinal(&hash, srp->k)) != 0)
-        return ret;
+    /* Set salt */
+    if (srp->salt) {
+        XMEMSET(srp->salt, 0, srp->saltSz);
+        XFREE(srp->salt, NULL, DYNAMIC_TYPE_SRP);
+    }
 
     srp->salt = (byte*)XMALLOC(saltSz, NULL, DYNAMIC_TYPE_SRP);
     if (srp->salt == NULL)
@@ -279,20 +266,101 @@ int wc_SrpSetParams(Srp* srp, const byte* N,    word32 nSz,
     XMEMCPY(srp->salt, salt, saltSz);
     srp->saltSz = saltSz;
 
-    return 0;
+    /* Set k = H(N, g) */
+            r = SrpHashInit(&hash, srp->type);
+    if (!r) r = SrpHashUpdate(&hash, (byte*) N, nSz);
+    if (!r) r = SrpHashUpdate(&hash, (byte*) g, gSz);
+    if (!r) r = SrpHashFinal(&hash, srp->k);
+
+    /* Update client proof */
+
+    /* digest1 = H(N) */
+    if (!r) r = SrpHashInit(&hash, srp->type);
+    if (!r) r = SrpHashUpdate(&hash, (byte*) N, nSz);
+    if (!r) r = SrpHashFinal(&hash, digest1);
+
+    /* digest2 = H(g) */
+    if (!r) r = SrpHashInit(&hash, srp->type);
+    if (!r) r = SrpHashUpdate(&hash, (byte*) g, gSz);
+    if (!r) r = SrpHashFinal(&hash, digest2);
+
+    /* digest1 = H(N) ^ H(g) */
+    for (i = 0, j = SrpHashSize(srp->type); i < j; i++)
+        digest1[i] ^= digest2[i];
+
+    /* digest2 = H(user) */
+    if (!r) r = SrpHashInit(&hash, srp->type);
+    if (!r) r = SrpHashUpdate(&hash, srp->user, srp->userSz);
+    if (!r) r = SrpHashFinal(&hash, digest2);
+
+    /* Client proof = H( H(N) ^ H(g) | H(user) | salt) */
+    if (!r) r = SrpHashUpdate(&srp->client_proof, digest1, j);
+    if (!r) r = SrpHashUpdate(&srp->client_proof, digest2, j);
+    if (!r) r = SrpHashUpdate(&srp->client_proof, salt, saltSz);
+
+    return r;
 }
 
-int wc_SrpSetPassword(Srp* srp, const byte* password, word32 size) {
+int wc_SrpSetPassword(Srp* srp, const byte* password, word32 size)
+{
+    SrpHash hash;
     byte digest[SRP_MAX_DIGEST_SIZE];
+    int r;
 
-    if (!srp || !password || srp->side != SRP_CLIENT_SIDE)
+    if (!srp || !srp->user || !password || srp->side != SRP_CLIENT_SIDE)
         return BAD_FUNC_ARG;
 
-    (void) size;
-    /* TODO: calculate digest. */
+    /* digest = H(username | ':' | password) */
+            r = SrpHashInit(&hash, srp->type);
+    if (!r) r = SrpHashUpdate(&hash, srp->user, srp->userSz);
+    if (!r) r = SrpHashUpdate(&hash, (const byte*) ":", 1);
+    if (!r) r = SrpHashUpdate(&hash, password, size);
+    if (!r) r = SrpHashFinal(&hash, digest);
 
-    if (mp_read_unsigned_bin(&srp->specific.client.x, digest,
+    /* digest = H(salt | H(username | ':' | password)) */
+    if (!r) r = SrpHashInit(&hash, srp->type);
+    if (!r) r = SrpHashUpdate(&hash, srp->salt, srp->saltSz);
+    if (!r) r = SrpHashUpdate(&hash, digest, SrpHashSize(srp->type));
+    if (!r) r = SrpHashFinal(&hash, digest);
+
+    /* Set x (private key) */
+    if (!r && mp_read_unsigned_bin(&srp->specific.client.x, digest,
                                              SrpHashSize(srp->type)) != MP_OKAY)
+            r = MP_READ_E;
+
+    XMEMSET(digest, 0, SRP_MAX_DIGEST_SIZE);
+
+    return r;
+}
+
+int wc_SrpGetVerifier(Srp* srp, byte* verifier, word32* size)
+{
+    mp_int v;
+    int r;
+
+    if (!srp || !verifier || !size || srp->side != SRP_CLIENT_SIDE)
+        return BAD_FUNC_ARG;
+
+    r = mp_init(&v);
+
+    /* v = g ^ x % N */
+    if (!r) r = mp_exptmod(&srp->g, &srp->specific.client.x, &srp->N, &v);
+    if (!r) r = (int)*size < mp_unsigned_bin_size(&v) ? BUFFER_E : MP_OKAY;
+    if (!r) r = mp_to_unsigned_bin(&v, verifier);
+    if (!r) *size = mp_unsigned_bin_size(&srp->specific.server.v);
+
+    mp_clear(&v);
+
+    return r;
+}
+
+int wc_SrpSetVerifier(Srp* srp, const byte* verifier, word32 size)
+{
+    if (!srp || !verifier || srp->side != SRP_SERVER_SIDE)
+        return BAD_FUNC_ARG;
+
+    if (mp_read_unsigned_bin(&srp->specific.server.v, verifier, size)
+                                                                     != MP_OKAY)
         return MP_READ_E;
 
     return 0;
diff --git a/wolfssl/wolfcrypt/srp.h b/wolfssl/wolfcrypt/srp.h
index b75ac547a..b89733847 100644
--- a/wolfssl/wolfcrypt/srp.h
+++ b/wolfssl/wolfcrypt/srp.h
@@ -87,7 +87,6 @@ typedef struct {
     mp_int A;                      /**< Public ephemeral value. pow(g, a, N)  */
     mp_int B;                      /**< Server's public ephemeral value.      */
     mp_int x;                      /**< Priv key. H(salt, H(user, ":", pswd)) */
-    SrpHash proof;                 /**< Client proof. Sent to Server.         */
 } SrpClient;
 
 typedef struct {
@@ -105,10 +104,12 @@ typedef struct {
     mp_int s;                      /**< Session key.                          */
     byte   k[SRP_MAX_DIGEST_SIZE]; /**< Multiplier parameeter. H(N, g)        */
     mp_int u;                      /**< Random scrambling parameeter.         */
-    byte*  username;               /**< Username, login.                      */
-    word32 usernameSz;             /**< Username length.                      */
+    byte*  user;                   /**< Username, login.                      */
+    word32 userSz;                 /**< Username length.                      */
     byte*  salt;                   /**< Small salt.                           */
     word32 saltSz;                 /**< Salt length.                          */
+    SrpHash client_proof;          /**< Client proof. Sent to Server.         */
+    SrpHash server_proof;          /**< Server proof. Sent to Client.         */
     union {
         SrpClient client;
         SrpServer server;
@@ -126,6 +127,10 @@ WOLFSSL_API int  wc_SrpSetParams(Srp* srp, const byte* N,    word32 nSz,
 
 WOLFSSL_API int  wc_SrpSetPassword(Srp* srp, const byte* password, word32 size);
 
+WOLFSSL_API int  wc_SrpSetVerifier(Srp* srp, const byte* verifier, word32 size);
+
+WOLFSSL_API int  wc_SrpGetVerifier(Srp* srp, byte* verifier, word32* size);
+
 #ifdef __cplusplus
    } /* extern "C" */
 #endif

From 6ee788277fbe8d9d3ad8ab1e5009560f6d052eb5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= <moises@wolfssl.com>
Date: Sat, 25 Jul 2015 21:03:36 -0300
Subject: [PATCH 283/350] adds tests to SrpSetPassword(), SrpSetVerifier(),
 SrpGetVerifier(); adds SrpGenPublic() and SrpSetPrivate() with unit tests;
 fixes k with left pad at g; adds new error SRP_CALL_ORDER_E to force the
 functions to be called in the right order.

---
 tests/srp.c                     | 196 ++++++++++++++++++++++++++++----
 tests/unit.h                    |   4 +-
 wolfcrypt/src/srp.c             | 135 ++++++++++++++++++++--
 wolfssl/wolfcrypt/error-crypt.h |   4 +-
 wolfssl/wolfcrypt/srp.h         |  20 ++--
 5 files changed, 318 insertions(+), 41 deletions(-)

diff --git a/tests/srp.c b/tests/srp.c
index 765d8f81f..7ec4a25c8 100644
--- a/tests/srp.c
+++ b/tests/srp.c
@@ -30,20 +30,19 @@
 
 #ifdef WOLFCRYPT_HAVE_SRP
 
-static char user[] = "user";
+static byte username[] = "user";
+static word32 usernameSz = 4;
+
+static byte password[] = "password";
+static word32 passwordSz = 8;
 
 static byte N[] = {
-    0x00, 0xc0, 0x37, 0xc3, 0x75, 0x88, 0xb4, 0x32, 0x98, 0x87, 0xe6, 0x1c,
-    0x2d, 0xa3, 0x32, 0x4b, 0x1b, 0xa4, 0xb8, 0x1a, 0x63, 0xf9, 0x74, 0x8f,
-    0xed, 0x2d, 0x8a, 0x41, 0x0c, 0x2f, 0xc2, 0x1b, 0x12, 0x32, 0xf0, 0xd3,
-    0xbf, 0xa0, 0x24, 0x27, 0x6c, 0xfd, 0x88, 0x44, 0x81, 0x97, 0xaa, 0xe4,
-    0x86, 0xa6, 0x3b, 0xfc, 0xa7, 0xb8, 0xbf, 0x77, 0x54, 0xdf, 0xb3, 0x27,
-    0xc7, 0x20, 0x1f, 0x6f, 0xd1, 0x7f, 0xd7, 0xfd, 0x74, 0x15, 0x8b, 0xd3,
-    0x1c, 0xe7, 0x72, 0xc9, 0xf5, 0xf8, 0xab, 0x58, 0x45, 0x48, 0xa9, 0x9a,
-    0x75, 0x9b, 0x5a, 0x2c, 0x05, 0x32, 0x16, 0x2b, 0x7b, 0x62, 0x18, 0xe8,
-    0xf1, 0x42, 0xbc, 0xe2, 0xc3, 0x0d, 0x77, 0x84, 0x68, 0x9a, 0x48, 0x3e,
-    0x09, 0x5e, 0x70, 0x16, 0x18, 0x43, 0x79, 0x13, 0xa8, 0xc3, 0x9c, 0x3d,
-    0xd0, 0xd4, 0xca, 0x3c, 0x50, 0x0b, 0x88, 0x5f, 0xe3
+    0xD4, 0xC7, 0xF8, 0xA2, 0xB3, 0x2C, 0x11, 0xB8, 0xFB, 0xA9, 0x58, 0x1E,
+    0xC4, 0xBA, 0x4F, 0x1B, 0x04, 0x21, 0x56, 0x42, 0xEF, 0x73, 0x55, 0xE3,
+    0x7C, 0x0F, 0xC0, 0x44, 0x3E, 0xF7, 0x56, 0xEA, 0x2C, 0x6B, 0x8E, 0xEB,
+    0x75, 0x5A, 0x1C, 0x72, 0x30, 0x27, 0x66, 0x3C, 0xAA, 0x26, 0x5E, 0xF7,
+    0x85, 0xB8, 0xFF, 0x6A, 0x9B, 0x35, 0x22, 0x7A, 0x52, 0xD8, 0x66, 0x33,
+    0xDB, 0xDF, 0xCA, 0x43
 };
 
 static byte g[] = {
@@ -51,7 +50,46 @@ static byte g[] = {
 };
 
 static byte salt[] = {
-    'r', 'a', 'n', 'd', 'o', 'm'
+    0x80, 0x66, 0x61, 0x5B, 0x7D, 0x33, 0xA2, 0x2E, 0x79, 0x18
+};
+
+static byte verifier[] = {
+    0x24, 0x5F, 0xA5, 0x1B, 0x2A, 0x28, 0xF8, 0xFF, 0xE2, 0xA0, 0xF8, 0x61,
+    0x7B, 0x0F, 0x3C, 0x05, 0xD6, 0x4A, 0x55, 0xDF, 0x74, 0x31, 0x54, 0x47,
+    0xA1, 0xFA, 0x9D, 0x25, 0x7B, 0x02, 0x88, 0x0A, 0xE8, 0x5A, 0xBA, 0x8B,
+    0xA2, 0xD3, 0x8A, 0x62, 0x46, 0x8C, 0xEC, 0x52, 0xBE, 0xDE, 0xFC, 0x75,
+    0xF5, 0xDB, 0x9C, 0x8C, 0x9B, 0x34, 0x7A, 0xE7, 0x4A, 0x5F, 0xBB, 0x96,
+    0x38, 0x19, 0xAB, 0x24
+};
+
+static byte a[] = {
+    0x37, 0x95, 0xF2, 0xA6, 0xF1, 0x6F, 0x0D, 0x58, 0xBF, 0xED, 0x44, 0x87,
+    0xE0, 0xB6, 0xCC, 0x1C, 0xA0, 0x50, 0xC6, 0x61, 0xBB, 0x36, 0xE0, 0x9A,
+    0xF3, 0xF7, 0x1E, 0x7A, 0x61, 0x86, 0x5A, 0xF5
+};
+
+static byte A[] = {
+    0x8D, 0x28, 0xC5, 0x6A, 0x46, 0x5C, 0x82, 0xDB, 0xC7, 0xF6, 0x8B, 0x62,
+    0x1A, 0xAD, 0xA1, 0x76, 0x1B, 0x55, 0xFF, 0xAB, 0x10, 0x2F, 0xFF, 0x4A,
+    0xAA, 0x46, 0xAD, 0x33, 0x64, 0xDE, 0x28, 0x2E, 0x82, 0x7A, 0xBE, 0xEA,
+    0x32, 0xFC, 0xD6, 0x14, 0x01, 0x71, 0xE6, 0xC8, 0xC9, 0x53, 0x69, 0x55,
+    0xE1, 0xF8, 0x3D, 0xDD, 0xC7, 0xD5, 0x21, 0xCE, 0xFF, 0x17, 0xFC, 0x23,
+    0xBF, 0xCF, 0x2D, 0xB0
+};
+
+static byte b[] = {
+    0x2B, 0xDD, 0x30, 0x30, 0x53, 0xAF, 0xD8, 0x3A, 0xE7, 0xE0, 0x17, 0x82,
+    0x39, 0x44, 0x2C, 0xDB, 0x30, 0x88, 0x0F, 0xC8, 0x88, 0xC2, 0xB2, 0xC1,
+    0x78, 0x43, 0x2F, 0xD5, 0x60, 0xD4, 0xDA, 0x43
+};
+
+static byte B[] = {
+    0xB5, 0x80, 0x36, 0x7F, 0x50, 0x89, 0xC1, 0x04, 0x42, 0x98, 0xD7, 0x6A,
+    0x37, 0x8E, 0xF1, 0x81, 0x52, 0xC5, 0x7A, 0xA1, 0xD5, 0xB7, 0x66, 0x84,
+    0xA1, 0x3E, 0x32, 0x82, 0x2B, 0x3A, 0xB5, 0xD7, 0x3D, 0x50, 0xF1, 0x58,
+    0xBD, 0x89, 0x75, 0xC7, 0x51, 0xCF, 0x6C, 0x03, 0xD4, 0xCA, 0xD5, 0x6E,
+    0x97, 0x4D, 0xA3, 0x1E, 0x19, 0x0B, 0xF0, 0xAA, 0x7D, 0x14, 0x90, 0x80,
+    0x0E, 0xC7, 0x92, 0xAD
 };
 
 static void test_SrpInit(void)
@@ -76,13 +114,13 @@ static void test_SrpSetUsername(void)
     AssertIntEQ(0, wc_SrpInit(&srp, SRP_TYPE_SHA, SRP_CLIENT_SIDE));
 
     /* invalid params */
-    AssertIntEQ(BAD_FUNC_ARG, wc_SrpSetUsername(NULL, user));
-    AssertIntEQ(BAD_FUNC_ARG, wc_SrpSetUsername(&srp, NULL));
+    AssertIntEQ(BAD_FUNC_ARG, wc_SrpSetUsername(NULL, username, usernameSz));
+    AssertIntEQ(BAD_FUNC_ARG, wc_SrpSetUsername(&srp, NULL, usernameSz));
 
     /* success */
-    AssertIntEQ(0, wc_SrpSetUsername(&srp, user));
-    AssertIntEQ((int) XSTRLEN(user), srp.userSz);
-    AssertIntEQ(0, XMEMCMP(srp.user, user, srp.userSz));
+    AssertIntEQ(0, wc_SrpSetUsername(&srp, username, usernameSz));
+    AssertIntEQ((int) usernameSz, srp.userSz);
+    AssertIntEQ(0, XMEMCMP(srp.user, username, usernameSz));
 
     wc_SrpTerm(&srp);
 }
@@ -92,7 +130,14 @@ static void test_SrpSetParams(void)
     Srp srp;
 
     AssertIntEQ(0, wc_SrpInit(&srp, SRP_TYPE_SHA, SRP_CLIENT_SIDE));
-    AssertIntEQ(0, wc_SrpSetUsername(&srp, user));
+
+    /* invalid call order */
+    AssertIntEQ(SRP_CALL_ORDER_E, wc_SrpSetParams(&srp, N,    sizeof(N),
+                                                        g,    sizeof(g),
+                                                        salt, sizeof(salt)));
+
+    /* fix call order */
+    AssertIntEQ(0, wc_SrpSetUsername(&srp, username, usernameSz));
 
     /* invalid params */
     AssertIntEQ(BAD_FUNC_ARG, wc_SrpSetParams(NULL, N,    sizeof(N),
@@ -119,6 +164,117 @@ static void test_SrpSetParams(void)
     wc_SrpTerm(&srp);
 }
 
+static void test_SrpSetPassword(void)
+{
+    Srp srp;
+    byte v[64];
+    word32 vSz = 0;
+
+    AssertIntEQ(0, wc_SrpInit(&srp, SRP_TYPE_SHA, SRP_CLIENT_SIDE));
+    AssertIntEQ(0, wc_SrpSetUsername(&srp, username, usernameSz));
+
+    /* invalid call order */
+    AssertIntEQ(SRP_CALL_ORDER_E,
+                wc_SrpSetPassword(&srp, password, passwordSz));
+    AssertIntEQ(SRP_CALL_ORDER_E,
+                wc_SrpGetVerifier(&srp, v, &vSz));
+
+    /* fix call order */
+    AssertIntEQ(0, wc_SrpSetParams(&srp, N,    sizeof(N),
+                                         g,    sizeof(g),
+                                         salt, sizeof(salt)));
+
+    /* invalid params */
+    AssertIntEQ(BAD_FUNC_ARG, wc_SrpSetPassword(NULL, password, passwordSz));
+    AssertIntEQ(BAD_FUNC_ARG, wc_SrpSetPassword(&srp, NULL,     passwordSz));
+
+    /* success */
+    AssertIntEQ(0, wc_SrpSetPassword(&srp, password, passwordSz));
+
+    /* invalid params */
+    AssertIntEQ(BAD_FUNC_ARG, wc_SrpGetVerifier(NULL, v,    &vSz));
+    AssertIntEQ(BAD_FUNC_ARG, wc_SrpGetVerifier(&srp, NULL, &vSz));
+    AssertIntEQ(BUFFER_E,     wc_SrpGetVerifier(&srp, v,    &vSz));
+
+    /* success */
+    vSz = sizeof(v);
+    AssertIntEQ(0, wc_SrpGetVerifier(&srp, v, &vSz));
+    AssertIntEQ(vSz, sizeof(verifier));
+    AssertIntEQ(0, XMEMCMP(verifier, v, vSz));
+
+    /* invalid params - client side srp */
+    AssertIntEQ(BAD_FUNC_ARG, wc_SrpSetVerifier(&srp, v, vSz));
+
+    wc_SrpTerm(&srp);
+    AssertIntEQ(0, wc_SrpInit(&srp, SRP_TYPE_SHA, SRP_SERVER_SIDE));
+
+    /* invalid params */
+    AssertIntEQ(BAD_FUNC_ARG, wc_SrpSetVerifier(NULL, v,    vSz));
+    AssertIntEQ(BAD_FUNC_ARG, wc_SrpSetVerifier(&srp, NULL, vSz));
+
+    /* success */
+    AssertIntEQ(0, wc_SrpSetVerifier(&srp, v, vSz));
+
+    wc_SrpTerm(&srp);
+}
+
+static void test_SrpGenPublic(void)
+{
+    Srp srp;
+    byte public[64];
+    word32 publicSz = 0;
+
+    AssertIntEQ(0, wc_SrpInit(&srp, SRP_TYPE_SHA, SRP_CLIENT_SIDE));
+
+    /* invalid call order */
+    AssertIntEQ(SRP_CALL_ORDER_E, wc_SrpGenPublic(&srp, public, &publicSz));
+
+    /* fix call order */
+    AssertIntEQ(0, wc_SrpSetUsername(&srp, username, usernameSz));
+    AssertIntEQ(0, wc_SrpSetParams(&srp, N,    sizeof(N),
+                                         g,    sizeof(g),
+                                         salt, sizeof(salt)));
+
+    /* invalid params */
+    AssertIntEQ(BAD_FUNC_ARG, wc_SrpGenPublic(NULL, public, &publicSz));
+    AssertIntEQ(BAD_FUNC_ARG, wc_SrpGenPublic(&srp, NULL,   &publicSz));
+    AssertIntEQ(BAD_FUNC_ARG, wc_SrpGenPublic(&srp, public, NULL));
+    AssertIntEQ(BUFFER_E,     wc_SrpGenPublic(&srp, public, &publicSz));
+
+    /* success */
+    publicSz = sizeof(public);
+    AssertIntEQ(0, wc_SrpGenPublic(&srp, NULL, NULL));
+
+    AssertIntEQ(0, wc_SrpSetPrivate(&srp, a, sizeof(a)));
+    AssertIntEQ(0, wc_SrpGenPublic(&srp, public, &publicSz));
+    AssertIntEQ(publicSz, sizeof(A));
+    AssertIntEQ(0, XMEMCMP(public, A, publicSz));
+
+    wc_SrpTerm(&srp);
+    AssertIntEQ(0, wc_SrpInit(&srp, SRP_TYPE_SHA, SRP_SERVER_SIDE));
+
+    AssertIntEQ(0, wc_SrpSetUsername(&srp, username, usernameSz));
+    AssertIntEQ(0, wc_SrpSetParams(&srp, N,    sizeof(N),
+                                         g,    sizeof(g),
+                                         salt, sizeof(salt)));
+
+    /* invalid call order */
+    AssertIntEQ(SRP_CALL_ORDER_E, wc_SrpGenPublic(&srp, public, &publicSz));
+
+    /* fix call order */
+    AssertIntEQ(0, wc_SrpSetVerifier(&srp, verifier, sizeof(verifier)));
+
+    /* success */
+    AssertIntEQ(0, wc_SrpGenPublic(&srp, NULL, NULL));
+
+    AssertIntEQ(0, wc_SrpSetPrivate(&srp, b, sizeof(b)));
+    AssertIntEQ(0, wc_SrpGenPublic(&srp, public, &publicSz));
+    AssertIntEQ(publicSz, sizeof(B));
+    AssertIntEQ(0, XMEMCMP(public, B, publicSz));
+
+    wc_SrpTerm(&srp);
+}
+
 #endif
 
 void SrpTest(void)
@@ -127,5 +283,7 @@ void SrpTest(void)
     test_SrpInit();
     test_SrpSetUsername();
     test_SrpSetParams();
+    test_SrpSetPassword();
+    test_SrpGenPublic();
 #endif
 }
diff --git a/tests/unit.h b/tests/unit.h
index 997186291..1a038a21f 100644
--- a/tests/unit.h
+++ b/tests/unit.h
@@ -27,8 +27,8 @@
 
 #define Fail(description, result) do {                                         \
     printf("\nERROR - %s line %d failed with:", __FILE__, __LINE__);           \
-    printf("\n\n    test:   "); printf description;                            \
-    printf("\n\n    result: "); printf result;                                 \
+    printf("\n    expected: "); printf description;                            \
+    printf("\n    result:   "); printf result; printf("\n\n");                 \
     abort();                                                                   \
 } while(0)
 
diff --git a/wolfcrypt/src/srp.c b/wolfcrypt/src/srp.c
index 73d79ad4f..48219d49b 100644
--- a/wolfcrypt/src/srp.c
+++ b/wolfcrypt/src/srp.c
@@ -28,6 +28,7 @@
 #ifdef WOLFCRYPT_HAVE_SRP
 
 #include <wolfssl/wolfcrypt/srp.h>
+#include <wolfssl/wolfcrypt/random.h>
 #include <wolfssl/wolfcrypt/error-crypt.h>
 
 static int SrpHashInit(SrpHash* hash, int type)
@@ -218,21 +219,20 @@ void wc_SrpTerm(Srp* srp)
     }
 }
 
-int wc_SrpSetUsername(Srp* srp, const char* user)
+int wc_SrpSetUsername(Srp* srp, const byte* username, word32 size)
 {
-    if (!srp || !user)
+    if (!srp || !username)
         return BAD_FUNC_ARG;
 
-    srp->user = (byte*)XMALLOC(XSTRLEN(user), NULL, DYNAMIC_TYPE_SRP);
+    srp->user = (byte*)XMALLOC(size, NULL, DYNAMIC_TYPE_SRP);
     if (srp->user == NULL)
         return MEMORY_E;
 
-    srp->userSz = (word32) XSTRLEN(user);
-    XMEMCPY(srp->user, user, srp->userSz);
+    srp->userSz = size;
+    XMEMCPY(srp->user, username, srp->userSz);
 
     return 0;
 }
-
 int wc_SrpSetParams(Srp* srp, const byte* N,    word32 nSz,
                               const byte* g,    word32 gSz,
                               const byte* salt, word32 saltSz)
@@ -240,11 +240,15 @@ int wc_SrpSetParams(Srp* srp, const byte* N,    word32 nSz,
     SrpHash hash;
     byte digest1[SRP_MAX_DIGEST_SIZE];
     byte digest2[SRP_MAX_DIGEST_SIZE];
+    byte pad = 0;
     int i, j, r;
 
-    if (!srp || !srp->user || !N || !g || !salt)
+    if (!srp || !N || !g || !salt || nSz < gSz)
         return BAD_FUNC_ARG;
 
+    if (!srp->user)
+        return SRP_CALL_ORDER_E;
+
     /* Set N */
     if (mp_read_unsigned_bin(&srp->N, N, nSz) != MP_OKAY)
         return MP_READ_E;
@@ -269,6 +273,8 @@ int wc_SrpSetParams(Srp* srp, const byte* N,    word32 nSz,
     /* Set k = H(N, g) */
             r = SrpHashInit(&hash, srp->type);
     if (!r) r = SrpHashUpdate(&hash, (byte*) N, nSz);
+    for (i = 0; (word32)i < nSz - gSz; i++)
+        SrpHashUpdate(&hash, &pad, 1);
     if (!r) r = SrpHashUpdate(&hash, (byte*) g, gSz);
     if (!r) r = SrpHashFinal(&hash, srp->k);
 
@@ -307,9 +313,12 @@ int wc_SrpSetPassword(Srp* srp, const byte* password, word32 size)
     byte digest[SRP_MAX_DIGEST_SIZE];
     int r;
 
-    if (!srp || !srp->user || !password || srp->side != SRP_CLIENT_SIDE)
+    if (!srp || !password || srp->side != SRP_CLIENT_SIDE)
         return BAD_FUNC_ARG;
 
+    if (!srp->salt)
+        return SRP_CALL_ORDER_E;
+
     /* digest = H(username | ':' | password) */
             r = SrpHashInit(&hash, srp->type);
     if (!r) r = SrpHashUpdate(&hash, srp->user, srp->userSz);
@@ -341,13 +350,16 @@ int wc_SrpGetVerifier(Srp* srp, byte* verifier, word32* size)
     if (!srp || !verifier || !size || srp->side != SRP_CLIENT_SIDE)
         return BAD_FUNC_ARG;
 
+    if (mp_iszero(&srp->specific.client.x))
+        return SRP_CALL_ORDER_E;
+
     r = mp_init(&v);
 
     /* v = g ^ x % N */
     if (!r) r = mp_exptmod(&srp->g, &srp->specific.client.x, &srp->N, &v);
-    if (!r) r = (int)*size < mp_unsigned_bin_size(&v) ? BUFFER_E : MP_OKAY;
+    if (!r) r = *size < (word32)mp_unsigned_bin_size(&v) ? BUFFER_E : MP_OKAY;
     if (!r) r = mp_to_unsigned_bin(&v, verifier);
-    if (!r) *size = mp_unsigned_bin_size(&srp->specific.server.v);
+    if (!r) *size = mp_unsigned_bin_size(&v);
 
     mp_clear(&v);
 
@@ -366,4 +378,107 @@ int wc_SrpSetVerifier(Srp* srp, const byte* verifier, word32 size)
     return 0;
 }
 
+int wc_SrpSetPrivate(Srp* srp, const byte* private, word32 size) {
+    if (!srp || !private || !size)
+        return BAD_FUNC_ARG;
+
+    return mp_read_unsigned_bin(srp->type == SRP_CLIENT_SIDE
+                                ? &srp->specific.client.a
+                                : &srp->specific.server.b, private, size);
+}
+
+static int wc_SrpGenPrivate(Srp* srp, byte* private, word32 size) {
+    RNG rng;
+    int r = wc_InitRng(&rng);
+
+    if (!r) r = wc_RNG_GenerateBlock(&rng, private, size);
+    if (!r) r = wc_SrpSetPrivate(srp, private, size);
+    if (!r) wc_FreeRng(&rng);
+
+    return r;
+}
+
+int wc_SrpGenPublic(Srp* srp, byte* public, word32* size)
+{
+    byte* buf;
+    word32 len;
+    int r = 0;
+
+    if (!srp || (!public && size) || (public && !size))
+        return BAD_FUNC_ARG;
+
+    if (srp->side == SRP_CLIENT_SIDE && mp_iszero(&srp->N))
+        return SRP_CALL_ORDER_E;
+
+    if (srp->side == SRP_SERVER_SIDE && (mp_iszero(&srp->N) ||
+                                         mp_iszero(&srp->specific.server.v)))
+        return SRP_CALL_ORDER_E;
+
+    len = mp_unsigned_bin_size(&srp->N);
+    if (size && *size < len)
+        return BUFFER_E;
+
+    buf = public ? public : (byte*)XMALLOC(len, NULL, DYNAMIC_TYPE_SRP);
+    if (!buf)
+        return MEMORY_E;
+
+    if (srp->side == SRP_CLIENT_SIDE) {
+        /* a = random() */
+        if (mp_iszero(&srp->specific.client.a))
+            r = wc_SrpGenPrivate(srp, buf, len);
+
+        /* A = g ^ a % N */
+        if (!r) r = mp_exptmod(&srp->g, &srp->specific.client.a,
+                               &srp->N, &srp->specific.client.A);
+
+        /* extract public key to buffer */
+        XMEMSET(buf, 0, len);
+        if (!r) r   = mp_to_unsigned_bin(&srp->specific.client.A, buf);
+        if (!r) len = mp_unsigned_bin_size(&srp->specific.client.A);
+
+        /* Client proof = H( H(N) ^ H(g) | H(user) | salt | A) */
+        if (!r) r = SrpHashUpdate(&srp->client_proof, buf, len);
+
+        /* Server proof = H(A) */
+        if (!r) r = SrpHashUpdate(&srp->server_proof, buf, len);
+
+    } else {
+        mp_int i, j;
+
+        if (mp_init_multi(&i, &j, 0, 0, 0, 0) == MP_OKAY) {
+            /* b = random() */
+            if (mp_iszero(&srp->specific.server.b))
+                r = wc_SrpGenPrivate(srp, buf, len);
+
+            /* B = (k * v + (g ^ b % N)) % N */
+            if (!r) r = mp_read_unsigned_bin(&i, srp->k,SrpHashSize(srp->type));
+            if (!r) r = mp_exptmod(&srp->g, &srp->specific.server.b,
+                                   &srp->N, &srp->specific.server.B);
+            if (!r) r = mp_mul(&i, &srp->specific.server.v, &j);
+            if (!r) r = mp_add(&j, &srp->specific.server.B, &i);
+            if (!r) r = mp_mod(&i, &srp->N, &srp->specific.server.B);
+
+            /* extract public key to buffer */
+            XMEMSET(buf, 0, len);
+            if (!r) r   = mp_to_unsigned_bin(&srp->specific.server.B, buf);
+            if (!r) len = mp_unsigned_bin_size(&srp->specific.server.B);
+
+            /* Client proof = H( H(N) ^ H(g) | H(user) | salt | A) */
+            if (!r) r = SrpHashUpdate(&srp->client_proof, buf, len);
+
+            /* Server proof = H(A) */
+            if (!r) r = SrpHashUpdate(&srp->server_proof, buf, len);
+
+            mp_clear(&i); mp_clear(&j);
+        }
+    }
+
+    if (public)
+        *size = len;
+    else
+        XFREE(buf, NULL, DYNAMIC_TYPE_SRP);
+
+    return r;
+}
+
 #endif /* WOLFCRYPT_HAVE_SRP */
diff --git a/wolfssl/wolfcrypt/error-crypt.h b/wolfssl/wolfcrypt/error-crypt.h
index 79991fdf4..31847de9c 100644
--- a/wolfssl/wolfcrypt/error-crypt.h
+++ b/wolfssl/wolfcrypt/error-crypt.h
@@ -151,6 +151,8 @@ enum {
     ECC_INF_E           = -215,  /* ECC point infinity error */
     ECC_PRIV_KEY_E      = -216,  /* ECC private key not valid error */
 
+    SRP_CALL_ORDER_E    = -217,  /* SRP function called in the wrong order. */
+
     MIN_CODE_E          = -300   /* errors -101 - -299 */
 };
 
@@ -163,5 +165,3 @@ WOLFSSL_API const char* wc_GetErrorString(int error);
     } /* extern "C" */
 #endif
 #endif /* WOLF_CRYPT_ERROR_H */
-
-
diff --git a/wolfssl/wolfcrypt/srp.h b/wolfssl/wolfcrypt/srp.h
index b89733847..8f6f9c081 100644
--- a/wolfssl/wolfcrypt/srp.h
+++ b/wolfssl/wolfcrypt/srp.h
@@ -116,20 +116,24 @@ typedef struct {
     } specific;
 } Srp;
 
-WOLFSSL_API int  wc_SrpInit(Srp* srp, byte type, byte side);
+WOLFSSL_API int wc_SrpInit(Srp* srp, byte type, byte side);
 WOLFSSL_API void wc_SrpTerm(Srp* srp);
 
-WOLFSSL_API int  wc_SrpSetUsername(Srp* srp, const char* user);
+WOLFSSL_API int wc_SrpSetUsername(Srp* srp, const byte* username, word32 size);
 
-WOLFSSL_API int  wc_SrpSetParams(Srp* srp, const byte* N,    word32 nSz,
-                                           const byte* g,    word32 gSz,
-                                           const byte* salt, word32 saltSz);
+WOLFSSL_API int wc_SrpSetParams(Srp* srp, const byte* N,    word32 nSz,
+                                          const byte* g,    word32 gSz,
+                                          const byte* salt, word32 saltSz);
 
-WOLFSSL_API int  wc_SrpSetPassword(Srp* srp, const byte* password, word32 size);
+WOLFSSL_API int wc_SrpSetPassword(Srp* srp, const byte* password, word32 size);
 
-WOLFSSL_API int  wc_SrpSetVerifier(Srp* srp, const byte* verifier, word32 size);
+WOLFSSL_API int wc_SrpSetVerifier(Srp* srp, const byte* verifier, word32 size);
 
-WOLFSSL_API int  wc_SrpGetVerifier(Srp* srp, byte* verifier, word32* size);
+WOLFSSL_API int wc_SrpGetVerifier(Srp* srp, byte* verifier, word32* size);
+
+WOLFSSL_API int wc_SrpSetPrivate(Srp* srp, const byte* private, word32 size);
+
+WOLFSSL_API int wc_SrpGenPublic(Srp* srp, byte* public, word32* size);
 
 #ifdef __cplusplus
    } /* extern "C" */

From ba0c75011b519011f09a834bbc67ebb85efe97ff Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= <moises@wolfssl.com>
Date: Tue, 28 Jul 2015 14:55:46 -0300
Subject: [PATCH 284/350] adds secret computation.

---
 wolfcrypt/src/srp.c     | 278 ++++++++++++++++++++++++++--------------
 wolfssl/wolfcrypt/srp.h |  39 ++----
 2 files changed, 193 insertions(+), 124 deletions(-)

diff --git a/wolfcrypt/src/srp.c b/wolfcrypt/src/srp.c
index 48219d49b..03345ac21 100644
--- a/wolfcrypt/src/srp.c
+++ b/wolfcrypt/src/srp.c
@@ -150,6 +150,7 @@ int wc_SrpInit(Srp* srp, byte type, byte side)
     int r;
 
     /* validating params */
+
     if (!srp)
         return BAD_FUNC_ARG;
 
@@ -160,61 +161,46 @@ int wc_SrpInit(Srp* srp, byte type, byte side)
         type != SRP_TYPE_SHA384 && type != SRP_TYPE_SHA512)
         return BAD_FUNC_ARG;
 
-    /* initializing common data */
+    /* initializing variables */
+
+    if ((r = SrpHashInit(&srp->client_proof, type)) != 0)
+        return r;
+
+    if ((r = SrpHashInit(&srp->server_proof, type)) != 0)
+        return r;
+
+    if ((r = mp_init_multi(&srp->N, &srp->g, &srp->s, &srp->u, 0, 0)) != 0)
+        return r;
+
+    if ((r = mp_init_multi(&srp->auth, &srp->peer, &srp->priv, &srp->pub,
+                                                                  0, 0)) != 0) {
+        /* undo previous initializations on error */
+        mp_clear(&srp->N); mp_clear(&srp->g);
+        mp_clear(&srp->s); mp_clear(&srp->u);
+
+        return r;
+    }
+
     srp->side = side;    srp->type   = type;
     srp->salt = NULL;    srp->saltSz = 0;
     srp->user = NULL;    srp->userSz = 0;
 
-    if (mp_init_multi(&srp->N, &srp->g, &srp->s, &srp->u, 0, 0) != MP_OKAY)
-        return MP_INIT_E;
-
-            r = SrpHashInit(&srp->client_proof, type);
-    if (!r) r = SrpHashInit(&srp->server_proof, type);
-
-    /* initializing client specific data */
-    if (!r && srp->side == SRP_CLIENT_SIDE)
-        r = mp_init_multi(&srp->specific.client.a, &srp->specific.client.A,
-                          &srp->specific.client.B, &srp->specific.client.x,0,0);
-
-    /* initializing server specific data */
-    if (!r && srp->side == SRP_SERVER_SIDE)
-        r = mp_init_multi(&srp->specific.server.b, &srp->specific.server.B,
-                          &srp->specific.server.A, &srp->specific.server.v,0,0);
-
-    /* undo initializations on error */
-    if (r != 0) {
-        mp_clear(&srp->N); mp_clear(&srp->g);
-        mp_clear(&srp->s); mp_clear(&srp->u);
-    }
-
-    return r;
+    return 0;
 }
 
 void wc_SrpTerm(Srp* srp)
 {
     if (srp) {
-        mp_clear(&srp->N); mp_clear(&srp->g);
-        mp_clear(&srp->s); mp_clear(&srp->u);
+        mp_clear(&srp->N);    mp_clear(&srp->g);
+        mp_clear(&srp->s);    mp_clear(&srp->u);
+        mp_clear(&srp->auth); mp_clear(&srp->peer);
+        mp_clear(&srp->priv); mp_clear(&srp->pub);
 
         XMEMSET(srp->salt, 0, srp->saltSz);
         XFREE(srp->salt, NULL, DYNAMIC_TYPE_SRP);
         XMEMSET(srp->user, 0, srp->userSz);
         XFREE(srp->user, NULL, DYNAMIC_TYPE_SRP);
 
-        if (srp->side == SRP_CLIENT_SIDE) {
-            mp_clear(&srp->specific.client.a);
-            mp_clear(&srp->specific.client.A);
-            mp_clear(&srp->specific.client.B);
-            mp_clear(&srp->specific.client.x);
-        }
-
-        if (srp->side == SRP_SERVER_SIDE) {
-            mp_clear(&srp->specific.server.b);
-            mp_clear(&srp->specific.server.B);
-            mp_clear(&srp->specific.server.A);
-            mp_clear(&srp->specific.server.v);
-        }
-
         XMEMSET(srp, 0, sizeof(Srp));
     }
 }
@@ -233,6 +219,7 @@ int wc_SrpSetUsername(Srp* srp, const byte* username, word32 size)
 
     return 0;
 }
+
 int wc_SrpSetParams(Srp* srp, const byte* N,    word32 nSz,
                               const byte* g,    word32 gSz,
                               const byte* salt, word32 saltSz)
@@ -311,6 +298,7 @@ int wc_SrpSetPassword(Srp* srp, const byte* password, word32 size)
 {
     SrpHash hash;
     byte digest[SRP_MAX_DIGEST_SIZE];
+    word32 digestSz;
     int r;
 
     if (!srp || !password || srp->side != SRP_CLIENT_SIDE)
@@ -319,6 +307,8 @@ int wc_SrpSetPassword(Srp* srp, const byte* password, word32 size)
     if (!srp->salt)
         return SRP_CALL_ORDER_E;
 
+    digestSz = SrpHashSize(srp->type);
+
     /* digest = H(username | ':' | password) */
             r = SrpHashInit(&hash, srp->type);
     if (!r) r = SrpHashUpdate(&hash, srp->user, srp->userSz);
@@ -329,13 +319,11 @@ int wc_SrpSetPassword(Srp* srp, const byte* password, word32 size)
     /* digest = H(salt | H(username | ':' | password)) */
     if (!r) r = SrpHashInit(&hash, srp->type);
     if (!r) r = SrpHashUpdate(&hash, srp->salt, srp->saltSz);
-    if (!r) r = SrpHashUpdate(&hash, digest, SrpHashSize(srp->type));
+    if (!r) r = SrpHashUpdate(&hash, digest, digestSz);
     if (!r) r = SrpHashFinal(&hash, digest);
 
     /* Set x (private key) */
-    if (!r && mp_read_unsigned_bin(&srp->specific.client.x, digest,
-                                             SrpHashSize(srp->type)) != MP_OKAY)
-            r = MP_READ_E;
+    if (!r) r = mp_read_unsigned_bin(&srp->auth, digest, digestSz);
 
     XMEMSET(digest, 0, SRP_MAX_DIGEST_SIZE);
 
@@ -350,13 +338,13 @@ int wc_SrpGetVerifier(Srp* srp, byte* verifier, word32* size)
     if (!srp || !verifier || !size || srp->side != SRP_CLIENT_SIDE)
         return BAD_FUNC_ARG;
 
-    if (mp_iszero(&srp->specific.client.x))
+    if (mp_iszero(&srp->auth))
         return SRP_CALL_ORDER_E;
 
     r = mp_init(&v);
 
     /* v = g ^ x % N */
-    if (!r) r = mp_exptmod(&srp->g, &srp->specific.client.x, &srp->N, &v);
+    if (!r) r = mp_exptmod(&srp->g, &srp->auth, &srp->N, &v);
     if (!r) r = *size < (word32)mp_unsigned_bin_size(&v) ? BUFFER_E : MP_OKAY;
     if (!r) r = mp_to_unsigned_bin(&v, verifier);
     if (!r) *size = mp_unsigned_bin_size(&v);
@@ -371,23 +359,19 @@ int wc_SrpSetVerifier(Srp* srp, const byte* verifier, word32 size)
     if (!srp || !verifier || srp->side != SRP_SERVER_SIDE)
         return BAD_FUNC_ARG;
 
-    if (mp_read_unsigned_bin(&srp->specific.server.v, verifier, size)
-                                                                     != MP_OKAY)
-        return MP_READ_E;
-
-    return 0;
+    return mp_read_unsigned_bin(&srp->auth, verifier, size);
 }
 
-int wc_SrpSetPrivate(Srp* srp, const byte* private, word32 size) {
+int wc_SrpSetPrivate(Srp* srp, const byte* private, word32 size)
+{
     if (!srp || !private || !size)
         return BAD_FUNC_ARG;
 
-    return mp_read_unsigned_bin(srp->type == SRP_CLIENT_SIDE
-                                ? &srp->specific.client.a
-                                : &srp->specific.server.b, private, size);
+    return mp_read_unsigned_bin(&srp->priv, private, size);
 }
 
-static int wc_SrpGenPrivate(Srp* srp, byte* private, word32 size) {
+static int wc_SrpGenPrivate(Srp* srp, byte* private, word32 size)
+{
     RNG rng;
     int r = wc_InitRng(&rng);
 
@@ -407,11 +391,10 @@ int wc_SrpGenPublic(Srp* srp, byte* public, word32* size)
     if (!srp || (!public && size) || (public && !size))
         return BAD_FUNC_ARG;
 
-    if (srp->side == SRP_CLIENT_SIDE && mp_iszero(&srp->N))
+    if (mp_iszero(&srp->N))
         return SRP_CALL_ORDER_E;
 
-    if (srp->side == SRP_SERVER_SIDE && (mp_iszero(&srp->N) ||
-                                         mp_iszero(&srp->specific.server.v)))
+    if (srp->side == SRP_SERVER_SIDE && mp_iszero(&srp->auth))
         return SRP_CALL_ORDER_E;
 
     len = mp_unsigned_bin_size(&srp->N);
@@ -422,55 +405,44 @@ int wc_SrpGenPublic(Srp* srp, byte* public, word32* size)
     if (!buf)
         return MEMORY_E;
 
+    /* priv = random() */
+    if (mp_iszero(&srp->priv))
+        r = wc_SrpGenPrivate(srp, buf, len);
+
+    /* client side: A = g ^ a % N */
     if (srp->side == SRP_CLIENT_SIDE) {
-        /* a = random() */
-        if (mp_iszero(&srp->specific.client.a))
-            r = wc_SrpGenPrivate(srp, buf, len);
 
-        /* A = g ^ a % N */
-        if (!r) r = mp_exptmod(&srp->g, &srp->specific.client.a,
-                               &srp->N, &srp->specific.client.A);
+        if (!r) r = mp_exptmod(&srp->g, &srp->priv,
+                               &srp->N, &srp->pub);
 
-        /* extract public key to buffer */
-        XMEMSET(buf, 0, len);
-        if (!r) r   = mp_to_unsigned_bin(&srp->specific.client.A, buf);
-        if (!r) len = mp_unsigned_bin_size(&srp->specific.client.A);
+    /* server side: B = (k * v + (g ^ b % N)) % N */
+    } else {
+        mp_int i, j;
 
+        if (mp_init_multi(&i, &j, 0, 0, 0, 0) == MP_OKAY) {
+            if (!r) r = mp_read_unsigned_bin(&i, srp->k,SrpHashSize(srp->type));
+            if (!r) r = mp_exptmod(&srp->g, &srp->priv,
+                                   &srp->N, &srp->pub);
+            if (!r) r = mp_mulmod(&i, &srp->auth, &srp->N, &j);
+            if (!r) r = mp_add(&j, &srp->pub, &i);
+            if (!r) r = mp_mod(&i, &srp->N, &srp->pub);
+
+            mp_clear(&i); mp_clear(&j);
+        }
+    }
+
+    /* extract public key to buffer */
+    XMEMSET(buf, 0, len);
+    if (!r) r   = mp_to_unsigned_bin(&srp->pub, buf);
+    if (!r) len = mp_unsigned_bin_size(&srp->pub);
+
+    /* update proofs */
+    if (srp->side == SRP_CLIENT_SIDE) {
         /* Client proof = H( H(N) ^ H(g) | H(user) | salt | A) */
         if (!r) r = SrpHashUpdate(&srp->client_proof, buf, len);
 
         /* Server proof = H(A) */
         if (!r) r = SrpHashUpdate(&srp->server_proof, buf, len);
-
-    } else {
-        mp_int i, j;
-
-        if (mp_init_multi(&i, &j, 0, 0, 0, 0) == MP_OKAY) {
-            /* b = random() */
-            if (mp_iszero(&srp->specific.server.b))
-                r = wc_SrpGenPrivate(srp, buf, len);
-
-            /* B = (k * v + (g ^ b % N)) % N */
-            if (!r) r = mp_read_unsigned_bin(&i, srp->k,SrpHashSize(srp->type));
-            if (!r) r = mp_exptmod(&srp->g, &srp->specific.server.b,
-                                   &srp->N, &srp->specific.server.B);
-            if (!r) r = mp_mul(&i, &srp->specific.server.v, &j);
-            if (!r) r = mp_add(&j, &srp->specific.server.B, &i);
-            if (!r) r = mp_mod(&i, &srp->N, &srp->specific.server.B);
-
-            /* extract public key to buffer */
-            XMEMSET(buf, 0, len);
-            if (!r) r   = mp_to_unsigned_bin(&srp->specific.server.B, buf);
-            if (!r) len = mp_unsigned_bin_size(&srp->specific.server.B);
-
-            /* Client proof = H( H(N) ^ H(g) | H(user) | salt | A) */
-            if (!r) r = SrpHashUpdate(&srp->client_proof, buf, len);
-
-            /* Server proof = H(A) */
-            if (!r) r = SrpHashUpdate(&srp->server_proof, buf, len);
-
-            mp_clear(&i); mp_clear(&j);
-        }
     }
 
     if (public)
@@ -481,4 +453,112 @@ int wc_SrpGenPublic(Srp* srp, byte* public, word32* size)
     return r;
 }
 
+static int wc_SrpSetU(Srp* srp, byte* peersKey, word32 peersKeySz)
+{
+    SrpHash hash;
+    byte    digest[SRP_MAX_DIGEST_SIZE];
+    byte*   public = NULL;
+    word32  publicSz = 0;
+    word32  modulusSz = mp_unsigned_bin_size(&srp->N);
+    byte    pad = 0;
+    word32  i;
+    int     r = SrpHashInit(&hash, srp->type);
+
+    if (!r && srp->side == SRP_CLIENT_SIDE) {
+        publicSz = mp_unsigned_bin_size(&srp->pub);
+        public   = (byte*)XMALLOC(publicSz, NULL, DYNAMIC_TYPE_SRP);
+
+        if (public == NULL)
+            r = MEMORY_E;
+
+        /* H(A) */
+        if (!r) r = mp_to_unsigned_bin(&srp->pub, public);
+        for (i = 0; i < modulusSz - publicSz; i++)
+            SrpHashUpdate(&hash, &pad, 1);
+        if (!r) r = SrpHashUpdate(&hash, public, publicSz);
+
+        /* H(A | B) */
+        if (!r) r = mp_read_unsigned_bin(&srp->peer,
+                                         peersKey, peersKeySz);
+        for (i = 0; i < modulusSz - peersKeySz; i++)
+            SrpHashUpdate(&hash, &pad, 1);
+        if (!r) r = SrpHashUpdate(&hash, peersKey, peersKeySz);
+
+        /* Client proof = H( H(N) ^ H(g) | H(user) | salt | A | B) */
+        if (!r) r = SrpHashUpdate(&srp->client_proof, peersKey, peersKeySz);
+
+    } else if (!r && srp->side == SRP_SERVER_SIDE) {
+        publicSz = mp_unsigned_bin_size(&srp->pub);
+        public   = (byte*)XMALLOC(publicSz, NULL, DYNAMIC_TYPE_SRP);
+
+        if (public == NULL)
+            r = MEMORY_E;
+
+        /* H(A) */
+        if (!r) r = mp_read_unsigned_bin(&srp->peer,
+                                         peersKey, peersKeySz);
+        for (i = 0; i < modulusSz - peersKeySz; i++)
+            SrpHashUpdate(&hash, &pad, 1);
+        if (!r) r = SrpHashUpdate(&hash, peersKey, peersKeySz);
+
+        /* H(A | B) */
+        if (!r) r = mp_to_unsigned_bin(&srp->pub, public);
+        for (i = 0; i < modulusSz - publicSz; i++)
+            SrpHashUpdate(&hash, &pad, 1);
+        if (!r) r = SrpHashUpdate(&hash, public, publicSz);
+    }
+
+    if (!r) r = SrpHashFinal(&hash, digest);
+    if (!r) r = mp_read_unsigned_bin(&srp->u, digest, SrpHashSize(srp->type));
+
+    XFREE(public, NULL, DYNAMIC_TYPE_SRP);
+
+    return r;
+}
+
+WOLFSSL_API int wc_SrpComputeKey(Srp* srp, byte* peersKey, word32 peersKeySz)
+{
+    mp_int i, j;
+    int r;
+
+    if (!srp || !peersKey || peersKeySz == 0)
+        return BAD_FUNC_ARG;
+
+    if ((r = mp_init_multi(&i, &j, 0, 0, 0, 0)) != MP_OKAY)
+        return r;
+
+    r = wc_SrpSetU(srp, peersKey, peersKeySz);
+
+    if (!r && srp->side == SRP_CLIENT_SIDE) {
+        r = mp_read_unsigned_bin(&i, srp->k, SrpHashSize(srp->type));
+
+        /* i = B - k * v */
+        if (!r) r = mp_exptmod(&srp->g, &srp->auth, &srp->N, &j);
+        if (!r) r = mp_mulmod(&i, &j, &srp->N, &srp->s);
+        if (!r) r = mp_sub(&srp->peer, &srp->s, &i);
+
+        /* j = a + u * x */
+        if (!r) r = mp_mulmod(&srp->u, &srp->auth, &srp->N, &srp->s);
+        if (!r) r = mp_add(&srp->priv, &srp->s, &j);
+
+        /* s = i ^ j % N */
+        if (!r) r = mp_exptmod(&i, &j, &srp->N, &srp->s);
+
+    } else if (!r && srp->side == SRP_SERVER_SIDE) {
+        /* i = v ^ u % N */
+        if (!r) r = mp_exptmod(&srp->auth, &srp->u, &srp->N, &i);
+
+        /* j = A * i % N */
+        if (!r) r = mp_mulmod(&srp->peer, &i, &srp->N, &j);
+
+        /* s = j * b % N */
+        if (!r) r = mp_exptmod(&j, &srp->priv, &srp->N, &srp->s);
+    }
+
+    mp_clear(&i);
+    mp_clear(&j);
+
+    return r;
+}
+
 #endif /* WOLFCRYPT_HAVE_SRP */
diff --git a/wolfssl/wolfcrypt/srp.h b/wolfssl/wolfcrypt/srp.h
index 8f6f9c081..7b19a4025 100644
--- a/wolfssl/wolfcrypt/srp.h
+++ b/wolfssl/wolfcrypt/srp.h
@@ -83,40 +83,27 @@ typedef struct {
 } SrpHash;
 
 typedef struct {
-    mp_int a;                      /**< Private ephemeral value. Random.      */
-    mp_int A;                      /**< Public ephemeral value. pow(g, a, N)  */
-    mp_int B;                      /**< Server's public ephemeral value.      */
-    mp_int x;                      /**< Priv key. H(salt, H(user, ":", pswd)) */
-} SrpClient;
-
-typedef struct {
-    mp_int b;                      /**< Private ephemeral value.              */
-    mp_int B;                      /**< Public ephemeral value.               */
-    mp_int A;                      /**< Client's public ephemeral value.      */
-    mp_int v;                      /**< Verifier. v = pow(g, x, N)            */
-} SrpServer;
-
-typedef struct {
-    byte   side;                   /**< Client or Server side.                */
-    byte   type;                   /**< Hash type, SHA[1:256:384:512]         */
-    mp_int N;                      /**< Modulus. N = 2q+1, [q, N] are primes. */
-    mp_int g;                      /**< Generator. A generator modulo N.      */
-    mp_int s;                      /**< Session key.                          */
-    byte   k[SRP_MAX_DIGEST_SIZE]; /**< Multiplier parameeter. H(N, g)        */
-    mp_int u;                      /**< Random scrambling parameeter.         */
+    byte   side; /**< SRP_CLIENT_SIDE or SRP_SERVER_SIDE */
+    byte   type; /**< Hash type, one of SRP_TYPE_SHA[|256|384|512] */
     byte*  user;                   /**< Username, login.                      */
     word32 userSz;                 /**< Username length.                      */
     byte*  salt;                   /**< Small salt.                           */
     word32 saltSz;                 /**< Salt length.                          */
+    mp_int N;                      /**< Modulus. N = 2q+1, [q, N] are primes. */
+    mp_int g;                      /**< Generator. A generator modulo N.      */
+    byte   k[SRP_MAX_DIGEST_SIZE]; /**< Multiplier parameeter. H(N, g)        */
+    mp_int auth;                   /**< Priv key. H(salt, H(user, ":", pswd)) */
+    mp_int priv;                   /**< Private ephemeral value.              */
+    mp_int pub;                    /**< Public ephemeral value.               */
+    mp_int peer;                   /**< Peer's public ephemeral value.        */
+    mp_int u;                      /**< Random scrambling parameeter.         */
     SrpHash client_proof;          /**< Client proof. Sent to Server.         */
     SrpHash server_proof;          /**< Server proof. Sent to Client.         */
-    union {
-        SrpClient client;
-        SrpServer server;
-    } specific;
+    mp_int s;                      /**< Session key.                          */
 } Srp;
 
 WOLFSSL_API int wc_SrpInit(Srp* srp, byte type, byte side);
+
 WOLFSSL_API void wc_SrpTerm(Srp* srp);
 
 WOLFSSL_API int wc_SrpSetUsername(Srp* srp, const byte* username, word32 size);
@@ -135,6 +122,8 @@ WOLFSSL_API int wc_SrpSetPrivate(Srp* srp, const byte* private, word32 size);
 
 WOLFSSL_API int wc_SrpGenPublic(Srp* srp, byte* public, word32* size);
 
+WOLFSSL_API int wc_SrpComputeKey(Srp* srp, byte* peersKey, word32 peersKeySz);
+
 #ifdef __cplusplus
    } /* extern "C" */
 #endif

From 490d063deca5c9103172a6fb6cfd5be72562c88d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= <moises@wolfssl.com>
Date: Tue, 28 Jul 2015 18:59:15 -0300
Subject: [PATCH 285/350] adds key computation. removes unnecessary fields from
 the srp struct.

---
 tests/srp.c             | 115 +++++++++++++++----
 wolfcrypt/src/srp.c     | 239 ++++++++++++++++++++--------------------
 wolfssl/wolfcrypt/srp.h |  37 +++----
 3 files changed, 233 insertions(+), 158 deletions(-)

diff --git a/tests/srp.c b/tests/srp.c
index 7ec4a25c8..02e97d0f4 100644
--- a/tests/srp.c
+++ b/tests/srp.c
@@ -5,16 +5,16 @@
  * This file is part of wolfSSL. (formerly known as CyaSSL)
  *
  * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
+ * it under the terms of the GNU Geteral Public License as published by
  * the Free Software Foundation; either version 2 of the License, or
  * (at your option) any later version.
  *
  * wolfSSL is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
+ * GNU Geteral Public License for more details.
  *
- * You should have received a copy of the GNU General Public License
+ * You should have received a copy of the GNU Geteral Public License
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
  */
@@ -92,6 +92,13 @@ static byte B[] = {
     0x0E, 0xC7, 0x92, 0xAD
 };
 
+static byte key[] = {
+    0x66, 0x00, 0x9D, 0x58, 0xB3, 0xD2, 0x0D, 0x4B, 0x69, 0x7F, 0xCF, 0x48,
+    0xFF, 0x8F, 0x15, 0x81, 0x4C, 0x4B, 0xFE, 0x9D, 0x85, 0x77, 0x88, 0x60,
+    0x1D, 0x1E, 0x51, 0xCF, 0x75, 0xCC, 0x58, 0x00, 0xE7, 0x8D, 0x22, 0x87,
+    0x13, 0x6C, 0x88, 0x55
+};
+
 static void test_SrpInit(void)
 {
     Srp srp;
@@ -218,63 +225,126 @@ static void test_SrpSetPassword(void)
     wc_SrpTerm(&srp);
 }
 
-static void test_SrpGenPublic(void)
+static void test_SrpGetPublic(void)
 {
     Srp srp;
     byte public[64];
     word32 publicSz = 0;
 
     AssertIntEQ(0, wc_SrpInit(&srp, SRP_TYPE_SHA, SRP_CLIENT_SIDE));
-
-    /* invalid call order */
-    AssertIntEQ(SRP_CALL_ORDER_E, wc_SrpGenPublic(&srp, public, &publicSz));
-
-    /* fix call order */
     AssertIntEQ(0, wc_SrpSetUsername(&srp, username, usernameSz));
     AssertIntEQ(0, wc_SrpSetParams(&srp, N,    sizeof(N),
                                          g,    sizeof(g),
                                          salt, sizeof(salt)));
 
+    /* invalid call order */
+    AssertIntEQ(SRP_CALL_ORDER_E, wc_SrpGetPublic(&srp, public, &publicSz));
+
+    /* fix call order */
+    AssertIntEQ(0, wc_SrpSetPassword(&srp, password, passwordSz));
+
     /* invalid params */
-    AssertIntEQ(BAD_FUNC_ARG, wc_SrpGenPublic(NULL, public, &publicSz));
-    AssertIntEQ(BAD_FUNC_ARG, wc_SrpGenPublic(&srp, NULL,   &publicSz));
-    AssertIntEQ(BAD_FUNC_ARG, wc_SrpGenPublic(&srp, public, NULL));
-    AssertIntEQ(BUFFER_E,     wc_SrpGenPublic(&srp, public, &publicSz));
+    AssertIntEQ(BAD_FUNC_ARG, wc_SrpGetPublic(NULL, public, &publicSz));
+    AssertIntEQ(BAD_FUNC_ARG, wc_SrpGetPublic(&srp, NULL,   &publicSz));
+    AssertIntEQ(BAD_FUNC_ARG, wc_SrpGetPublic(&srp, public, NULL));
+    AssertIntEQ(BUFFER_E,     wc_SrpGetPublic(&srp, public, &publicSz));
 
     /* success */
     publicSz = sizeof(public);
-    AssertIntEQ(0, wc_SrpGenPublic(&srp, NULL, NULL));
-
     AssertIntEQ(0, wc_SrpSetPrivate(&srp, a, sizeof(a)));
-    AssertIntEQ(0, wc_SrpGenPublic(&srp, public, &publicSz));
+    AssertIntEQ(0, wc_SrpGetPublic(&srp, public, &publicSz));
     AssertIntEQ(publicSz, sizeof(A));
     AssertIntEQ(0, XMEMCMP(public, A, publicSz));
 
     wc_SrpTerm(&srp);
-    AssertIntEQ(0, wc_SrpInit(&srp, SRP_TYPE_SHA, SRP_SERVER_SIDE));
 
+    AssertIntEQ(0, wc_SrpInit(&srp, SRP_TYPE_SHA, SRP_SERVER_SIDE));
     AssertIntEQ(0, wc_SrpSetUsername(&srp, username, usernameSz));
     AssertIntEQ(0, wc_SrpSetParams(&srp, N,    sizeof(N),
                                          g,    sizeof(g),
                                          salt, sizeof(salt)));
 
     /* invalid call order */
-    AssertIntEQ(SRP_CALL_ORDER_E, wc_SrpGenPublic(&srp, public, &publicSz));
+    AssertIntEQ(SRP_CALL_ORDER_E, wc_SrpGetPublic(&srp, public, &publicSz));
 
     /* fix call order */
     AssertIntEQ(0, wc_SrpSetVerifier(&srp, verifier, sizeof(verifier)));
 
     /* success */
-    AssertIntEQ(0, wc_SrpGenPublic(&srp, NULL, NULL));
-
     AssertIntEQ(0, wc_SrpSetPrivate(&srp, b, sizeof(b)));
-    AssertIntEQ(0, wc_SrpGenPublic(&srp, public, &publicSz));
+    AssertIntEQ(0, wc_SrpGetPublic(&srp, public, &publicSz));
     AssertIntEQ(publicSz, sizeof(B));
     AssertIntEQ(0, XMEMCMP(public, B, publicSz));
 
     wc_SrpTerm(&srp);
 }
 
+static void test_SrpComputeKey(void)
+{
+    Srp cli, srv;
+    byte clientPubKey[64];
+    byte serverPubKey[64];
+    word32 clientPubKeySz = 64;
+    word32 serverPubKeySz = 64;
+
+    AssertIntEQ(0, wc_SrpInit(&cli, SRP_TYPE_SHA, SRP_CLIENT_SIDE));
+    AssertIntEQ(0, wc_SrpInit(&srv, SRP_TYPE_SHA, SRP_SERVER_SIDE));
+
+    /* invalid call order */
+    AssertIntEQ(SRP_CALL_ORDER_E, wc_SrpComputeKey(&cli,
+                                                   clientPubKey, clientPubKeySz,
+                                                   serverPubKey, serverPubKeySz));
+
+    /* fix call order */
+    AssertIntEQ(0, wc_SrpSetUsername(&cli, username, usernameSz));
+    AssertIntEQ(0, wc_SrpSetUsername(&srv, username, usernameSz));
+
+    AssertIntEQ(0, wc_SrpSetParams(&cli, N,    sizeof(N),
+                                         g,    sizeof(g),
+                                         salt, sizeof(salt)));
+    AssertIntEQ(0, wc_SrpSetParams(&srv, N,    sizeof(N),
+                                         g,    sizeof(g),
+                                         salt, sizeof(salt)));
+
+    AssertIntEQ(0, wc_SrpSetPassword(&cli, password, passwordSz));
+    AssertIntEQ(0, wc_SrpSetVerifier(&srv, verifier, sizeof(verifier)));
+
+    AssertIntEQ(0, wc_SrpSetPrivate(&cli, a, sizeof(a)));
+    AssertIntEQ(0, wc_SrpGetPublic(&cli, clientPubKey, &clientPubKeySz));
+    AssertIntEQ(0, XMEMCMP(clientPubKey, A, clientPubKeySz));
+    AssertIntEQ(0, wc_SrpSetPrivate(&srv, b, sizeof(b)));
+    AssertIntEQ(0, wc_SrpGetPublic(&srv, serverPubKey, &serverPubKeySz));
+    AssertIntEQ(0, XMEMCMP(serverPubKey, B, serverPubKeySz));
+
+    /* invalid params */
+    AssertIntEQ(BAD_FUNC_ARG, wc_SrpComputeKey(NULL,
+                                               clientPubKey, clientPubKeySz,
+                                               serverPubKey, serverPubKeySz));
+    AssertIntEQ(BAD_FUNC_ARG, wc_SrpComputeKey(&cli,
+                                               NULL,         clientPubKeySz,
+                                               serverPubKey, serverPubKeySz));
+    AssertIntEQ(BAD_FUNC_ARG, wc_SrpComputeKey(&cli,
+                                               clientPubKey, 0,
+                                               serverPubKey, serverPubKeySz));
+    AssertIntEQ(BAD_FUNC_ARG, wc_SrpComputeKey(&cli,
+                                               clientPubKey, clientPubKeySz,
+                                               NULL,         serverPubKeySz));
+    AssertIntEQ(BAD_FUNC_ARG, wc_SrpComputeKey(&cli,
+                                               clientPubKey, clientPubKeySz,
+                                               serverPubKey, 0));
+
+    /* success */
+    AssertIntEQ(0, wc_SrpComputeKey(&cli, clientPubKey, clientPubKeySz,
+                                          serverPubKey, serverPubKeySz));
+    AssertIntEQ(0, wc_SrpComputeKey(&srv, clientPubKey, clientPubKeySz,
+                                          serverPubKey, serverPubKeySz));
+    AssertIntEQ(0, XMEMCMP(cli.key, key, sizeof(key)));
+    AssertIntEQ(0, XMEMCMP(srv.key, key, sizeof(key)));
+
+    wc_SrpTerm(&cli);
+    wc_SrpTerm(&srv);
+}
+
 #endif
 
 void SrpTest(void)
@@ -284,6 +354,7 @@ void SrpTest(void)
     test_SrpSetUsername();
     test_SrpSetParams();
     test_SrpSetPassword();
-    test_SrpGenPublic();
+    test_SrpGetPublic();
+    test_SrpComputeKey();
 #endif
 }
diff --git a/wolfcrypt/src/srp.c b/wolfcrypt/src/srp.c
index 03345ac21..a41c43109 100644
--- a/wolfcrypt/src/srp.c
+++ b/wolfcrypt/src/srp.c
@@ -169,18 +169,10 @@ int wc_SrpInit(Srp* srp, byte type, byte side)
     if ((r = SrpHashInit(&srp->server_proof, type)) != 0)
         return r;
 
-    if ((r = mp_init_multi(&srp->N, &srp->g, &srp->s, &srp->u, 0, 0)) != 0)
+    if ((r = mp_init_multi(&srp->N,    &srp->g, &srp->auth,
+                           &srp->priv, &srp->u, 0)) != 0)
         return r;
 
-    if ((r = mp_init_multi(&srp->auth, &srp->peer, &srp->priv, &srp->pub,
-                                                                  0, 0)) != 0) {
-        /* undo previous initializations on error */
-        mp_clear(&srp->N); mp_clear(&srp->g);
-        mp_clear(&srp->s); mp_clear(&srp->u);
-
-        return r;
-    }
-
     srp->side = side;    srp->type   = type;
     srp->salt = NULL;    srp->saltSz = 0;
     srp->user = NULL;    srp->userSz = 0;
@@ -192,9 +184,8 @@ void wc_SrpTerm(Srp* srp)
 {
     if (srp) {
         mp_clear(&srp->N);    mp_clear(&srp->g);
-        mp_clear(&srp->s);    mp_clear(&srp->u);
-        mp_clear(&srp->auth); mp_clear(&srp->peer);
-        mp_clear(&srp->priv); mp_clear(&srp->pub);
+        mp_clear(&srp->auth); mp_clear(&srp->priv);
+        mp_clear(&srp->u);
 
         XMEMSET(srp->salt, 0, srp->saltSz);
         XFREE(srp->salt, NULL, DYNAMIC_TYPE_SRP);
@@ -367,6 +358,9 @@ int wc_SrpSetPrivate(Srp* srp, const byte* private, word32 size)
     if (!srp || !private || !size)
         return BAD_FUNC_ARG;
 
+    if (mp_iszero(&srp->auth))
+        return SRP_CALL_ORDER_E;
+
     return mp_read_unsigned_bin(&srp->priv, private, size);
 }
 
@@ -382,38 +376,32 @@ static int wc_SrpGenPrivate(Srp* srp, byte* private, word32 size)
     return r;
 }
 
-int wc_SrpGenPublic(Srp* srp, byte* public, word32* size)
+int wc_SrpGetPublic(Srp* srp, byte* public, word32* size)
 {
-    byte* buf;
-    word32 len;
-    int r = 0;
+    mp_int pubkey;
+    word32 modulusSz;
+    int r = mp_init(&pubkey);
 
-    if (!srp || (!public && size) || (public && !size))
+    if (r != 0)
+        return r;
+
+    if (!srp || !public || !size)
         return BAD_FUNC_ARG;
 
-    if (mp_iszero(&srp->N))
+    if (mp_iszero(&srp->auth))
         return SRP_CALL_ORDER_E;
 
-    if (srp->side == SRP_SERVER_SIDE && mp_iszero(&srp->auth))
-        return SRP_CALL_ORDER_E;
-
-    len = mp_unsigned_bin_size(&srp->N);
-    if (size && *size < len)
+    modulusSz = mp_unsigned_bin_size(&srp->N);
+    if (*size < modulusSz)
         return BUFFER_E;
 
-    buf = public ? public : (byte*)XMALLOC(len, NULL, DYNAMIC_TYPE_SRP);
-    if (!buf)
-        return MEMORY_E;
-
     /* priv = random() */
     if (mp_iszero(&srp->priv))
-        r = wc_SrpGenPrivate(srp, buf, len);
+        r = wc_SrpGenPrivate(srp, public, modulusSz);
 
     /* client side: A = g ^ a % N */
     if (srp->side == SRP_CLIENT_SIDE) {
-
-        if (!r) r = mp_exptmod(&srp->g, &srp->priv,
-                               &srp->N, &srp->pub);
+        if (!r) r = mp_exptmod(&srp->g, &srp->priv, &srp->N, &pubkey);
 
     /* server side: B = (k * v + (g ^ b % N)) % N */
     } else {
@@ -421,142 +409,159 @@ int wc_SrpGenPublic(Srp* srp, byte* public, word32* size)
 
         if (mp_init_multi(&i, &j, 0, 0, 0, 0) == MP_OKAY) {
             if (!r) r = mp_read_unsigned_bin(&i, srp->k,SrpHashSize(srp->type));
-            if (!r) r = mp_exptmod(&srp->g, &srp->priv,
-                                   &srp->N, &srp->pub);
+            if (!r) r = mp_exptmod(&srp->g, &srp->priv, &srp->N, &pubkey);
             if (!r) r = mp_mulmod(&i, &srp->auth, &srp->N, &j);
-            if (!r) r = mp_add(&j, &srp->pub, &i);
-            if (!r) r = mp_mod(&i, &srp->N, &srp->pub);
+            if (!r) r = mp_add(&j, &pubkey, &i);
+            if (!r) r = mp_mod(&i, &srp->N, &pubkey);
 
             mp_clear(&i); mp_clear(&j);
         }
     }
 
     /* extract public key to buffer */
-    XMEMSET(buf, 0, len);
-    if (!r) r   = mp_to_unsigned_bin(&srp->pub, buf);
-    if (!r) len = mp_unsigned_bin_size(&srp->pub);
-
-    /* update proofs */
-    if (srp->side == SRP_CLIENT_SIDE) {
-        /* Client proof = H( H(N) ^ H(g) | H(user) | salt | A) */
-        if (!r) r = SrpHashUpdate(&srp->client_proof, buf, len);
-
-        /* Server proof = H(A) */
-        if (!r) r = SrpHashUpdate(&srp->server_proof, buf, len);
-    }
-
-    if (public)
-        *size = len;
-    else
-        XFREE(buf, NULL, DYNAMIC_TYPE_SRP);
+    XMEMSET(public, 0, modulusSz);
+    if (!r) r = mp_to_unsigned_bin(&pubkey, public);
+    if (!r) *size = mp_unsigned_bin_size(&pubkey);
+    mp_clear(&pubkey);
 
     return r;
 }
 
-static int wc_SrpSetU(Srp* srp, byte* peersKey, word32 peersKeySz)
+static int wc_SrpSetU(Srp* srp, byte* clientPubKey, word32 clientPubKeySz,
+                                byte* serverPubKey, word32 serverPubKeySz)
 {
     SrpHash hash;
     byte    digest[SRP_MAX_DIGEST_SIZE];
-    byte*   public = NULL;
-    word32  publicSz = 0;
     word32  modulusSz = mp_unsigned_bin_size(&srp->N);
     byte    pad = 0;
     word32  i;
     int     r = SrpHashInit(&hash, srp->type);
 
-    if (!r && srp->side == SRP_CLIENT_SIDE) {
-        publicSz = mp_unsigned_bin_size(&srp->pub);
-        public   = (byte*)XMALLOC(publicSz, NULL, DYNAMIC_TYPE_SRP);
+    /* H(A) */
+    for (i = 0; !r && i < modulusSz - clientPubKeySz; i++)
+        r = SrpHashUpdate(&hash, &pad, 1);
+    if (!r) r = SrpHashUpdate(&hash, clientPubKey, clientPubKeySz);
 
-        if (public == NULL)
-            r = MEMORY_E;
+    /* H(A | B) */
+    for (i = 0; !r && i < modulusSz - serverPubKeySz; i++)
+        r = SrpHashUpdate(&hash, &pad, 1);
+    if (!r) r = SrpHashUpdate(&hash, serverPubKey, serverPubKeySz);
 
-        /* H(A) */
-        if (!r) r = mp_to_unsigned_bin(&srp->pub, public);
-        for (i = 0; i < modulusSz - publicSz; i++)
-            SrpHashUpdate(&hash, &pad, 1);
-        if (!r) r = SrpHashUpdate(&hash, public, publicSz);
+    /* client proof = H( H(N) ^ H(g) | H(user) | salt | A | B) */
+    if (!r) r = SrpHashUpdate(&srp->client_proof, clientPubKey, clientPubKeySz);
+    if (!r) r = SrpHashUpdate(&srp->client_proof, serverPubKey, serverPubKeySz);
 
-        /* H(A | B) */
-        if (!r) r = mp_read_unsigned_bin(&srp->peer,
-                                         peersKey, peersKeySz);
-        for (i = 0; i < modulusSz - peersKeySz; i++)
-            SrpHashUpdate(&hash, &pad, 1);
-        if (!r) r = SrpHashUpdate(&hash, peersKey, peersKeySz);
-
-        /* Client proof = H( H(N) ^ H(g) | H(user) | salt | A | B) */
-        if (!r) r = SrpHashUpdate(&srp->client_proof, peersKey, peersKeySz);
-
-    } else if (!r && srp->side == SRP_SERVER_SIDE) {
-        publicSz = mp_unsigned_bin_size(&srp->pub);
-        public   = (byte*)XMALLOC(publicSz, NULL, DYNAMIC_TYPE_SRP);
-
-        if (public == NULL)
-            r = MEMORY_E;
-
-        /* H(A) */
-        if (!r) r = mp_read_unsigned_bin(&srp->peer,
-                                         peersKey, peersKeySz);
-        for (i = 0; i < modulusSz - peersKeySz; i++)
-            SrpHashUpdate(&hash, &pad, 1);
-        if (!r) r = SrpHashUpdate(&hash, peersKey, peersKeySz);
-
-        /* H(A | B) */
-        if (!r) r = mp_to_unsigned_bin(&srp->pub, public);
-        for (i = 0; i < modulusSz - publicSz; i++)
-            SrpHashUpdate(&hash, &pad, 1);
-        if (!r) r = SrpHashUpdate(&hash, public, publicSz);
-    }
+    /* server proof = H(A) */
+    if (!r) r = SrpHashUpdate(&srp->server_proof, clientPubKey, clientPubKeySz);
 
+    /* set u */
     if (!r) r = SrpHashFinal(&hash, digest);
     if (!r) r = mp_read_unsigned_bin(&srp->u, digest, SrpHashSize(srp->type));
 
-    XFREE(public, NULL, DYNAMIC_TYPE_SRP);
-
     return r;
 }
 
-WOLFSSL_API int wc_SrpComputeKey(Srp* srp, byte* peersKey, word32 peersKeySz)
+static int wc_SrpSetK(Srp* srp, byte* secret, word32 size)
 {
-    mp_int i, j;
+    SrpHash hash;
+    byte digest[SRP_MAX_DIGEST_SIZE];
+    word32 digestSz = SrpHashSize(srp->type);
+    int r;
+    word32 i = 0;
+    word32 pos = 0;
+    byte cnt[4];
+
+    for (i = 0; pos < digestSz * 2; i++) {
+        cnt[0] = (i >> 24) & 0xFF;
+        cnt[1] = (i >> 16) & 0xFF;
+        cnt[2] = (i >>  8) & 0xFF;
+        cnt[3] =  i        & 0xFF;
+
+        r = SrpHashInit(&hash, srp->type);
+        if (!r) r = SrpHashUpdate(&hash, secret, size);
+        if (!r) r = SrpHashUpdate(&hash, cnt, 4);
+
+        if(pos + digestSz > digestSz * 2) {
+            if (!r) r = SrpHashFinal(&hash, digest);
+            XMEMCPY(srp->key + pos, digest, digestSz * 2 - pos);
+            pos = digestSz * 2;
+        }
+        else {
+            if (!r) r = SrpHashFinal(&hash, srp->key + pos);
+            pos += digestSz;
+        }
+    }
+
+    XMEMSET(digest, 0, sizeof(digest));
+    XMEMSET(&hash, 0, sizeof(SrpHash));
+
+    return r;
+}
+
+WOLFSSL_API int wc_SrpComputeKey(Srp* srp,
+                                 byte* clientPubKey, word32 clientPubKeySz,
+                                 byte* serverPubKey, word32 serverPubKeySz)
+{
+    byte* secret;
+    word32 secretSz;
+    mp_int i, j, s;
     int r;
 
-    if (!srp || !peersKey || peersKeySz == 0)
+    if (!srp || !clientPubKey || clientPubKeySz == 0
+             || !serverPubKey || serverPubKeySz == 0)
         return BAD_FUNC_ARG;
 
-    if ((r = mp_init_multi(&i, &j, 0, 0, 0, 0)) != MP_OKAY)
+    if (mp_iszero(&srp->priv))
+        return SRP_CALL_ORDER_E;
+
+    if ((r = mp_init_multi(&i, &j, &s, 0, 0, 0)) != MP_OKAY)
         return r;
 
-    r = wc_SrpSetU(srp, peersKey, peersKeySz);
+    secretSz = mp_unsigned_bin_size(&srp->N);
+    secret = (byte*)XMALLOC(secretSz, NULL, DYNAMIC_TYPE_SRP);
+    if (secret == NULL) {
+        mp_clear(&i); mp_clear(&j); mp_clear(&s);
+        return MEMORY_E;
+    }
+
+    r = wc_SrpSetU(srp, clientPubKey, clientPubKeySz,
+                        serverPubKey, serverPubKeySz);
 
     if (!r && srp->side == SRP_CLIENT_SIDE) {
-        r = mp_read_unsigned_bin(&i, srp->k, SrpHashSize(srp->type));
-
         /* i = B - k * v */
+        r = mp_read_unsigned_bin(&i, srp->k, SrpHashSize(srp->type));
         if (!r) r = mp_exptmod(&srp->g, &srp->auth, &srp->N, &j);
-        if (!r) r = mp_mulmod(&i, &j, &srp->N, &srp->s);
-        if (!r) r = mp_sub(&srp->peer, &srp->s, &i);
+        if (!r) r = mp_mulmod(&i, &j, &srp->N, &s);
+        if (!r) r = mp_read_unsigned_bin(&j, serverPubKey, serverPubKeySz);
+        if (!r) r = mp_sub(&j, &s, &i);
 
         /* j = a + u * x */
-        if (!r) r = mp_mulmod(&srp->u, &srp->auth, &srp->N, &srp->s);
-        if (!r) r = mp_add(&srp->priv, &srp->s, &j);
+        if (!r) r = mp_mulmod(&srp->u, &srp->auth, &srp->N, &s);
+        if (!r) r = mp_add(&srp->priv, &s, &j);
 
-        /* s = i ^ j % N */
-        if (!r) r = mp_exptmod(&i, &j, &srp->N, &srp->s);
+        /* secret = i ^ j % N */
+        if (!r) r = mp_exptmod(&i, &j, &srp->N, &s);
 
     } else if (!r && srp->side == SRP_SERVER_SIDE) {
         /* i = v ^ u % N */
-        if (!r) r = mp_exptmod(&srp->auth, &srp->u, &srp->N, &i);
+        r = mp_exptmod(&srp->auth, &srp->u, &srp->N, &i);
 
         /* j = A * i % N */
-        if (!r) r = mp_mulmod(&srp->peer, &i, &srp->N, &j);
+        if (!r) r = mp_read_unsigned_bin(&s, clientPubKey, clientPubKeySz);
+        if (!r) r = mp_mulmod(&s, &i, &srp->N, &j);
 
-        /* s = j * b % N */
-        if (!r) r = mp_exptmod(&j, &srp->priv, &srp->N, &srp->s);
+        /* secret = j * b % N */
+        if (!r) r = mp_exptmod(&j, &srp->priv, &srp->N, &s);
     }
 
-    mp_clear(&i);
-    mp_clear(&j);
+    if (!r) r = mp_to_unsigned_bin(&s, secret);
+    if (!r) r = wc_SrpSetK(srp, secret, mp_unsigned_bin_size(&s));
+
+    /* client proof = H( H(N) ^ H(g) | H(user) | salt | A | B | K) */
+    if (!r) r = SrpHashUpdate(&srp->client_proof, srp->key, sizeof(srp->key));
+
+    XFREE(secret, NULL, DYNAMIC_TYPE_SRP);
+    mp_clear(&i); mp_clear(&j); mp_clear(&s);
 
     return r;
 }
diff --git a/wolfssl/wolfcrypt/srp.h b/wolfssl/wolfcrypt/srp.h
index 7b19a4025..9b76de8b4 100644
--- a/wolfssl/wolfcrypt/srp.h
+++ b/wolfssl/wolfcrypt/srp.h
@@ -83,23 +83,21 @@ typedef struct {
 } SrpHash;
 
 typedef struct {
-    byte   side; /**< SRP_CLIENT_SIDE or SRP_SERVER_SIDE */
-    byte   type; /**< Hash type, one of SRP_TYPE_SHA[|256|384|512] */
-    byte*  user;                   /**< Username, login.                      */
-    word32 userSz;                 /**< Username length.                      */
-    byte*  salt;                   /**< Small salt.                           */
-    word32 saltSz;                 /**< Salt length.                          */
-    mp_int N;                      /**< Modulus. N = 2q+1, [q, N] are primes. */
-    mp_int g;                      /**< Generator. A generator modulo N.      */
-    byte   k[SRP_MAX_DIGEST_SIZE]; /**< Multiplier parameeter. H(N, g)        */
-    mp_int auth;                   /**< Priv key. H(salt, H(user, ":", pswd)) */
-    mp_int priv;                   /**< Private ephemeral value.              */
-    mp_int pub;                    /**< Public ephemeral value.               */
-    mp_int peer;                   /**< Peer's public ephemeral value.        */
-    mp_int u;                      /**< Random scrambling parameeter.         */
-    SrpHash client_proof;          /**< Client proof. Sent to Server.         */
-    SrpHash server_proof;          /**< Server proof. Sent to Client.         */
-    mp_int s;                      /**< Session key.                          */
+    byte    side;                         /**< SRP_CLIENT_SIDE or SRP_SERVER_SIDE */
+    byte    type;                         /**< Hash type, one of SRP_TYPE_SHA[|256|384|512] */
+    byte*   user;                         /**< Username, login.                      */
+    word32  userSz;                       /**< Username length.                      */
+    byte*   salt;                         /**< Small salt.                           */
+    word32  saltSz;                       /**< Salt length.                          */
+    mp_int  N;                            /**< Modulus. N = 2q+1, [q, N] are primes. */
+    mp_int  g;                            /**< Generator. A generator modulo N.      */
+    byte    k[SRP_MAX_DIGEST_SIZE];       /**< Multiplier parameeter. H(N, g)        */
+    mp_int  auth;                         /**< client: x = H(salt, H(user, ":", pswd)) */
+    mp_int  priv;                         /**< Private ephemeral value.              */
+    mp_int  u;                            /**< Random scrambling parameeter.         */
+    SrpHash client_proof;                 /**< Client proof. Sent to Server.         */
+    SrpHash server_proof;                 /**< Server proof. Sent to Client.         */
+    byte    key[2 * SRP_MAX_DIGEST_SIZE]; /**< Session key.                          */
 } Srp;
 
 WOLFSSL_API int wc_SrpInit(Srp* srp, byte type, byte side);
@@ -120,9 +118,10 @@ WOLFSSL_API int wc_SrpGetVerifier(Srp* srp, byte* verifier, word32* size);
 
 WOLFSSL_API int wc_SrpSetPrivate(Srp* srp, const byte* private, word32 size);
 
-WOLFSSL_API int wc_SrpGenPublic(Srp* srp, byte* public, word32* size);
+WOLFSSL_API int wc_SrpGetPublic(Srp* srp, byte* public, word32* size);
 
-WOLFSSL_API int wc_SrpComputeKey(Srp* srp, byte* peersKey, word32 peersKeySz);
+WOLFSSL_API int wc_SrpComputeKey(Srp* srp, byte* clientPubKey, word32 clientPubKeySz,
+                                           byte* serverPubKey, word32 serverPubKeySz);
 
 #ifdef __cplusplus
    } /* extern "C" */

From 53224281d2091f2555a4eadbfba545f7ec26e536 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= <moises@wolfssl.com>
Date: Thu, 30 Jul 2015 16:27:12 -0300
Subject: [PATCH 286/350] adds proof getter and verifier for both sides.

---
 tests/srp.c                     | 82 +++++++++++++++++++++++++++++++++
 wolfcrypt/src/srp.c             | 66 ++++++++++++++++++++++++--
 wolfssl/wolfcrypt/error-crypt.h |  1 +
 wolfssl/wolfcrypt/srp.h         |  4 ++
 4 files changed, 148 insertions(+), 5 deletions(-)

diff --git a/tests/srp.c b/tests/srp.c
index 02e97d0f4..0e3af9c4a 100644
--- a/tests/srp.c
+++ b/tests/srp.c
@@ -99,6 +99,16 @@ static byte key[] = {
     0x13, 0x6C, 0x88, 0x55
 };
 
+static byte client_proof[] = {
+    0x0D, 0x49, 0xE1, 0x9C, 0x3A, 0x88, 0x43, 0x15, 0x45, 0xA8, 0xAC, 0xAB,
+    0xEA, 0x15, 0x1A, 0xEE, 0xF9, 0x38, 0x4D, 0x21
+};
+
+static byte server_proof[] = {
+    0xBD, 0xB1, 0x20, 0x70, 0x46, 0xC9, 0xD6, 0xCC, 0xE2, 0x1D, 0x75, 0xA2,
+    0xD0, 0xAF, 0xC5, 0xBC, 0xAE, 0x12, 0xFC, 0x75
+};
+
 static void test_SrpInit(void)
 {
     Srp srp;
@@ -345,6 +355,77 @@ static void test_SrpComputeKey(void)
     wc_SrpTerm(&srv);
 }
 
+static void test_SrpGetProofAndVerify(void)
+{
+    Srp cli, srv;
+    byte clientPubKey[64];
+    byte serverPubKey[64];
+    word32 clientPubKeySz = 64;
+    word32 serverPubKeySz = 64;
+    byte clientProof[SRP_MAX_DIGEST_SIZE];
+    byte serverProof[SRP_MAX_DIGEST_SIZE];
+    word32 clientProofSz = SRP_MAX_DIGEST_SIZE;
+    word32 serverProofSz = SRP_MAX_DIGEST_SIZE;
+
+    AssertIntEQ(0, wc_SrpInit(&cli, SRP_TYPE_SHA, SRP_CLIENT_SIDE));
+    AssertIntEQ(0, wc_SrpInit(&srv, SRP_TYPE_SHA, SRP_SERVER_SIDE));
+
+    AssertIntEQ(0, wc_SrpSetUsername(&cli, username, usernameSz));
+    AssertIntEQ(0, wc_SrpSetUsername(&srv, username, usernameSz));
+
+    AssertIntEQ(0, wc_SrpSetParams(&cli, N,    sizeof(N),
+                                         g,    sizeof(g),
+                                         salt, sizeof(salt)));
+    AssertIntEQ(0, wc_SrpSetParams(&srv, N,    sizeof(N),
+                                         g,    sizeof(g),
+                                         salt, sizeof(salt)));
+
+    AssertIntEQ(0, wc_SrpSetPassword(&cli, password, passwordSz));
+    AssertIntEQ(0, wc_SrpSetVerifier(&srv, verifier, sizeof(verifier)));
+
+    AssertIntEQ(0, wc_SrpSetPrivate(&cli, a, sizeof(a)));
+    AssertIntEQ(0, wc_SrpGetPublic(&cli, clientPubKey, &clientPubKeySz));
+    AssertIntEQ(0, XMEMCMP(clientPubKey, A, clientPubKeySz));
+
+    AssertIntEQ(0, wc_SrpSetPrivate(&srv, b, sizeof(b)));
+    AssertIntEQ(0, wc_SrpGetPublic(&srv, serverPubKey, &serverPubKeySz));
+    AssertIntEQ(0, XMEMCMP(serverPubKey, B, serverPubKeySz));
+
+    AssertIntEQ(0, wc_SrpComputeKey(&cli, clientPubKey, clientPubKeySz,
+                                          serverPubKey, serverPubKeySz));
+    AssertIntEQ(0, XMEMCMP(cli.key, key, sizeof(key)));
+
+    AssertIntEQ(0, wc_SrpComputeKey(&srv, clientPubKey, clientPubKeySz,
+                                          serverPubKey, serverPubKeySz));
+    AssertIntEQ(0, XMEMCMP(srv.key, key, sizeof(key)));
+
+    /* invalid params */
+    serverProofSz = 0;
+    AssertIntEQ(BAD_FUNC_ARG, wc_SrpGetProof(NULL, clientProof,&clientProofSz));
+    AssertIntEQ(BAD_FUNC_ARG, wc_SrpGetProof(&cli, NULL,       &clientProofSz));
+    AssertIntEQ(BAD_FUNC_ARG, wc_SrpGetProof(&cli, clientProof,NULL));
+    AssertIntEQ(BUFFER_E,     wc_SrpGetProof(&srv, serverProof,&serverProofSz));
+
+    AssertIntEQ(BAD_FUNC_ARG,
+                wc_SrpVerifyPeersProof(NULL, clientProof, clientProofSz));
+    AssertIntEQ(BAD_FUNC_ARG,
+                wc_SrpVerifyPeersProof(&cli, NULL,        clientProofSz));
+    AssertIntEQ(BUFFER_E,
+                wc_SrpVerifyPeersProof(&srv, serverProof, serverProofSz));
+    serverProofSz = SRP_MAX_DIGEST_SIZE;
+
+    /* success */
+    AssertIntEQ(0, wc_SrpGetProof(&cli, clientProof, &clientProofSz));
+    AssertIntEQ(0, XMEMCMP(clientProof, client_proof, sizeof(client_proof)));
+    AssertIntEQ(0, wc_SrpVerifyPeersProof(&srv, clientProof, clientProofSz));
+    AssertIntEQ(0, wc_SrpGetProof(&srv, serverProof, &serverProofSz));
+    AssertIntEQ(0, XMEMCMP(serverProof, server_proof, sizeof(server_proof)));
+    AssertIntEQ(0, wc_SrpVerifyPeersProof(&cli, serverProof, serverProofSz));
+
+    wc_SrpTerm(&cli);
+    wc_SrpTerm(&srv);
+}
+
 #endif
 
 void SrpTest(void)
@@ -356,5 +437,6 @@ void SrpTest(void)
     test_SrpSetPassword();
     test_SrpGetPublic();
     test_SrpComputeKey();
+    test_SrpGetProofAndVerify();
 #endif
 }
diff --git a/wolfcrypt/src/srp.c b/wolfcrypt/src/srp.c
index a41c43109..95881b9c9 100644
--- a/wolfcrypt/src/srp.c
+++ b/wolfcrypt/src/srp.c
@@ -163,6 +163,8 @@ int wc_SrpInit(Srp* srp, byte type, byte side)
 
     /* initializing variables */
 
+    XMEMSET(srp, 0, sizeof(Srp));
+
     if ((r = SrpHashInit(&srp->client_proof, type)) != 0)
         return r;
 
@@ -498,11 +500,11 @@ static int wc_SrpSetK(Srp* srp, byte* secret, word32 size)
     return r;
 }
 
-WOLFSSL_API int wc_SrpComputeKey(Srp* srp,
-                                 byte* clientPubKey, word32 clientPubKeySz,
-                                 byte* serverPubKey, word32 serverPubKeySz)
+int wc_SrpComputeKey(Srp* srp, byte* clientPubKey, word32 clientPubKeySz,
+                               byte* serverPubKey, word32 serverPubKeySz)
 {
     byte* secret;
+    word32 digestSz;
     word32 secretSz;
     mp_int i, j, s;
     int r;
@@ -524,12 +526,14 @@ WOLFSSL_API int wc_SrpComputeKey(Srp* srp,
         return MEMORY_E;
     }
 
+    digestSz = SrpHashSize(srp->type);
+
     r = wc_SrpSetU(srp, clientPubKey, clientPubKeySz,
                         serverPubKey, serverPubKeySz);
 
     if (!r && srp->side == SRP_CLIENT_SIDE) {
         /* i = B - k * v */
-        r = mp_read_unsigned_bin(&i, srp->k, SrpHashSize(srp->type));
+        r = mp_read_unsigned_bin(&i, srp->k, digestSz);
         if (!r) r = mp_exptmod(&srp->g, &srp->auth, &srp->N, &j);
         if (!r) r = mp_mulmod(&i, &j, &srp->N, &s);
         if (!r) r = mp_read_unsigned_bin(&j, serverPubKey, serverPubKeySz);
@@ -558,7 +562,7 @@ WOLFSSL_API int wc_SrpComputeKey(Srp* srp,
     if (!r) r = wc_SrpSetK(srp, secret, mp_unsigned_bin_size(&s));
 
     /* client proof = H( H(N) ^ H(g) | H(user) | salt | A | B | K) */
-    if (!r) r = SrpHashUpdate(&srp->client_proof, srp->key, sizeof(srp->key));
+    if (!r) r = SrpHashUpdate(&srp->client_proof, srp->key, digestSz * 2);
 
     XFREE(secret, NULL, DYNAMIC_TYPE_SRP);
     mp_clear(&i); mp_clear(&j); mp_clear(&s);
@@ -566,4 +570,56 @@ WOLFSSL_API int wc_SrpComputeKey(Srp* srp,
     return r;
 }
 
+int wc_SrpGetProof(Srp* srp, byte* proof, word32* size)
+{
+    int r;
+
+    if (!srp || !proof || !size)
+        return BAD_FUNC_ARG;
+
+    if (*size < SrpHashSize(srp->type))
+        return BUFFER_E;
+
+    if ((r = SrpHashFinal(srp->side == SRP_CLIENT_SIDE
+                          ? &srp->client_proof
+                          : &srp->server_proof, proof)) != 0)
+        return r;
+
+    *size = SrpHashSize(srp->type);
+
+    if (srp->side == SRP_CLIENT_SIDE) {
+        /* server proof = H( A | client proof | K) */
+        if (!r) r = SrpHashUpdate(&srp->server_proof, proof, *size);
+        if (!r) r = SrpHashUpdate(&srp->server_proof, srp->key, (*size) * 2);
+    }
+
+    return r;
+}
+
+int wc_SrpVerifyPeersProof(Srp* srp, byte* proof, word32 size)
+{
+    byte digest[SRP_MAX_DIGEST_SIZE];
+    int r;
+
+    if (!srp || !proof)
+        return BAD_FUNC_ARG;
+
+    if (size != SrpHashSize(srp->type))
+        return BUFFER_E;
+
+    r = SrpHashFinal(srp->side == SRP_CLIENT_SIDE ? &srp->server_proof
+                                                  : &srp->client_proof, digest);
+
+    if (srp->side == SRP_SERVER_SIDE) {
+        /* server proof = H( A | client proof | K) */
+        if (!r) r = SrpHashUpdate(&srp->server_proof, proof, size);
+        if (!r) r = SrpHashUpdate(&srp->server_proof, srp->key, size * 2);
+    }
+
+    if (!r && XMEMCMP(proof, digest, size) != 0)
+        r = SRP_VERIFY_E;
+
+    return r;
+}
+
 #endif /* WOLFCRYPT_HAVE_SRP */
diff --git a/wolfssl/wolfcrypt/error-crypt.h b/wolfssl/wolfcrypt/error-crypt.h
index 31847de9c..84714e462 100644
--- a/wolfssl/wolfcrypt/error-crypt.h
+++ b/wolfssl/wolfcrypt/error-crypt.h
@@ -152,6 +152,7 @@ enum {
     ECC_PRIV_KEY_E      = -216,  /* ECC private key not valid error */
 
     SRP_CALL_ORDER_E    = -217,  /* SRP function called in the wrong order. */
+    SRP_VERIFY_E        = -218,  /* SRP proof verification failed. */
 
     MIN_CODE_E          = -300   /* errors -101 - -299 */
 };
diff --git a/wolfssl/wolfcrypt/srp.h b/wolfssl/wolfcrypt/srp.h
index 9b76de8b4..56cf41329 100644
--- a/wolfssl/wolfcrypt/srp.h
+++ b/wolfssl/wolfcrypt/srp.h
@@ -123,6 +123,10 @@ WOLFSSL_API int wc_SrpGetPublic(Srp* srp, byte* public, word32* size);
 WOLFSSL_API int wc_SrpComputeKey(Srp* srp, byte* clientPubKey, word32 clientPubKeySz,
                                            byte* serverPubKey, word32 serverPubKeySz);
 
+WOLFSSL_API int wc_SrpGetProof(Srp* srp, byte* proof, word32* size);
+
+WOLFSSL_API int wc_SrpVerifyPeersProof(Srp* srp, byte* proof, word32 size);
+
 #ifdef __cplusplus
    } /* extern "C" */
 #endif

From 1d99bd333903c3bfd28dc2f633cf282ca7191d3d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= <moises@wolfssl.com>
Date: Mon, 3 Aug 2015 12:30:56 -0300
Subject: [PATCH 287/350] removes u from srp struct.

---
 wolfcrypt/src/srp.c     | 179 +++++++++++++++++++++-------------------
 wolfssl/wolfcrypt/srp.h |   3 +-
 2 files changed, 97 insertions(+), 85 deletions(-)

diff --git a/wolfcrypt/src/srp.c b/wolfcrypt/src/srp.c
index 95881b9c9..96dda59a3 100644
--- a/wolfcrypt/src/srp.c
+++ b/wolfcrypt/src/srp.c
@@ -172,7 +172,7 @@ int wc_SrpInit(Srp* srp, byte type, byte side)
         return r;
 
     if ((r = mp_init_multi(&srp->N,    &srp->g, &srp->auth,
-                           &srp->priv, &srp->u, 0)) != 0)
+                           &srp->priv, 0, 0)) != 0)
         return r;
 
     srp->side = side;    srp->type   = type;
@@ -187,7 +187,6 @@ void wc_SrpTerm(Srp* srp)
     if (srp) {
         mp_clear(&srp->N);    mp_clear(&srp->g);
         mp_clear(&srp->auth); mp_clear(&srp->priv);
-        mp_clear(&srp->u);
 
         XMEMSET(srp->salt, 0, srp->saltSz);
         XFREE(srp->salt, NULL, DYNAMIC_TYPE_SRP);
@@ -429,68 +428,32 @@ int wc_SrpGetPublic(Srp* srp, byte* public, word32* size)
     return r;
 }
 
-static int wc_SrpSetU(Srp* srp, byte* clientPubKey, word32 clientPubKeySz,
-                                byte* serverPubKey, word32 serverPubKeySz)
-{
-    SrpHash hash;
-    byte    digest[SRP_MAX_DIGEST_SIZE];
-    word32  modulusSz = mp_unsigned_bin_size(&srp->N);
-    byte    pad = 0;
-    word32  i;
-    int     r = SrpHashInit(&hash, srp->type);
-
-    /* H(A) */
-    for (i = 0; !r && i < modulusSz - clientPubKeySz; i++)
-        r = SrpHashUpdate(&hash, &pad, 1);
-    if (!r) r = SrpHashUpdate(&hash, clientPubKey, clientPubKeySz);
-
-    /* H(A | B) */
-    for (i = 0; !r && i < modulusSz - serverPubKeySz; i++)
-        r = SrpHashUpdate(&hash, &pad, 1);
-    if (!r) r = SrpHashUpdate(&hash, serverPubKey, serverPubKeySz);
-
-    /* client proof = H( H(N) ^ H(g) | H(user) | salt | A | B) */
-    if (!r) r = SrpHashUpdate(&srp->client_proof, clientPubKey, clientPubKeySz);
-    if (!r) r = SrpHashUpdate(&srp->client_proof, serverPubKey, serverPubKeySz);
-
-    /* server proof = H(A) */
-    if (!r) r = SrpHashUpdate(&srp->server_proof, clientPubKey, clientPubKeySz);
-
-    /* set u */
-    if (!r) r = SrpHashFinal(&hash, digest);
-    if (!r) r = mp_read_unsigned_bin(&srp->u, digest, SrpHashSize(srp->type));
-
-    return r;
-}
-
 static int wc_SrpSetK(Srp* srp, byte* secret, word32 size)
 {
     SrpHash hash;
     byte digest[SRP_MAX_DIGEST_SIZE];
-    word32 digestSz = SrpHashSize(srp->type);
+    word32 i, j, digestSz = SrpHashSize(srp->type);
+    byte counter[4];
     int r;
-    word32 i = 0;
-    word32 pos = 0;
-    byte cnt[4];
 
-    for (i = 0; pos < digestSz * 2; i++) {
-        cnt[0] = (i >> 24) & 0xFF;
-        cnt[1] = (i >> 16) & 0xFF;
-        cnt[2] = (i >>  8) & 0xFF;
-        cnt[3] =  i        & 0xFF;
+    for (i = j = 0; j < 2 * digestSz; i++) {
+        counter[0] = (i >> 24) & 0xFF;
+        counter[1] = (i >> 16) & 0xFF;
+        counter[2] = (i >>  8) & 0xFF;
+        counter[3] =  i        & 0xFF;
 
         r = SrpHashInit(&hash, srp->type);
         if (!r) r = SrpHashUpdate(&hash, secret, size);
-        if (!r) r = SrpHashUpdate(&hash, cnt, 4);
+        if (!r) r = SrpHashUpdate(&hash, counter, 4);
 
-        if(pos + digestSz > digestSz * 2) {
+        if(j + digestSz > 2 * digestSz) {
             if (!r) r = SrpHashFinal(&hash, digest);
-            XMEMCPY(srp->key + pos, digest, digestSz * 2 - pos);
-            pos = digestSz * 2;
+            XMEMCPY(srp->key + j, digest, 2 * digestSz - j);
+            j = 2 * digestSz;
         }
         else {
-            if (!r) r = SrpHashFinal(&hash, srp->key + pos);
-            pos += digestSz;
+            if (!r) r = SrpHashFinal(&hash, srp->key + j);
+            j += digestSz;
         }
     }
 
@@ -503,12 +466,16 @@ static int wc_SrpSetK(Srp* srp, byte* secret, word32 size)
 int wc_SrpComputeKey(Srp* srp, byte* clientPubKey, word32 clientPubKeySz,
                                byte* serverPubKey, word32 serverPubKeySz)
 {
-    byte* secret;
-    word32 digestSz;
-    word32 secretSz;
-    mp_int i, j, s;
+    SrpHash hash;
+    byte *secret;
+    byte digest[SRP_MAX_DIGEST_SIZE];
+    word32 i, secretSz, digestSz;
+    mp_int u, s, temp1, temp2;
+    byte pad = 0;
     int r;
 
+    /* validating params */
+
     if (!srp || !clientPubKey || clientPubKeySz == 0
              || !serverPubKey || serverPubKeySz == 0)
         return BAD_FUNC_ARG;
@@ -516,56 +483,84 @@ int wc_SrpComputeKey(Srp* srp, byte* clientPubKey, word32 clientPubKeySz,
     if (mp_iszero(&srp->priv))
         return SRP_CALL_ORDER_E;
 
-    if ((r = mp_init_multi(&i, &j, &s, 0, 0, 0)) != MP_OKAY)
+    /* initializing variables */
+
+    if ((r = SrpHashInit(&hash, srp->type)) != 0)
         return r;
 
+    digestSz = SrpHashSize(srp->type);
     secretSz = mp_unsigned_bin_size(&srp->N);
-    secret = (byte*)XMALLOC(secretSz, NULL, DYNAMIC_TYPE_SRP);
-    if (secret == NULL) {
-        mp_clear(&i); mp_clear(&j); mp_clear(&s);
+
+    if ((secret = (byte*)XMALLOC(secretSz, NULL, DYNAMIC_TYPE_SRP)) == NULL)
         return MEMORY_E;
+
+    if ((r = mp_init_multi(&u, &s, &temp1, &temp2, 0, 0)) != MP_OKAY) {
+        XFREE(secret, NULL, DYNAMIC_TYPE_SRP);
+        return r;
     }
 
-    digestSz = SrpHashSize(srp->type);
+    /* building u (random scrambling parameeter) */
 
-    r = wc_SrpSetU(srp, clientPubKey, clientPubKeySz,
-                        serverPubKey, serverPubKeySz);
+    /* H(A) */
+    for (i = 0; !r && i < secretSz - clientPubKeySz; i++)
+        r = SrpHashUpdate(&hash, &pad, 1);
+    if (!r) r = SrpHashUpdate(&hash, clientPubKey, clientPubKeySz);
+
+    /* H(A | B) */
+    for (i = 0; !r && i < secretSz - serverPubKeySz; i++)
+        r = SrpHashUpdate(&hash, &pad, 1);
+    if (!r) r = SrpHashUpdate(&hash, serverPubKey, serverPubKeySz);
+
+    /* set u */
+    if (!r) r = SrpHashFinal(&hash, digest);
+    if (!r) r = mp_read_unsigned_bin(&u, digest, SrpHashSize(srp->type));
+
+    /* building s (secret) */
 
     if (!r && srp->side == SRP_CLIENT_SIDE) {
-        /* i = B - k * v */
-        r = mp_read_unsigned_bin(&i, srp->k, digestSz);
-        if (!r) r = mp_exptmod(&srp->g, &srp->auth, &srp->N, &j);
-        if (!r) r = mp_mulmod(&i, &j, &srp->N, &s);
-        if (!r) r = mp_read_unsigned_bin(&j, serverPubKey, serverPubKeySz);
-        if (!r) r = mp_sub(&j, &s, &i);
+        /* temp1 = B - k * v */
+        r = mp_read_unsigned_bin(&temp1, srp->k, digestSz);
+        if (!r) r = mp_exptmod(&srp->g, &srp->auth, &srp->N, &temp2);
+        if (!r) r = mp_mulmod(&temp1, &temp2, &srp->N, &s);
+        if (!r) r = mp_read_unsigned_bin(&temp2, serverPubKey, serverPubKeySz);
+        if (!r) r = mp_sub(&temp2, &s, &temp1);
 
-        /* j = a + u * x */
-        if (!r) r = mp_mulmod(&srp->u, &srp->auth, &srp->N, &s);
-        if (!r) r = mp_add(&srp->priv, &s, &j);
+        /* temp2 = a + u * x */
+        if (!r) r = mp_mulmod(&u, &srp->auth, &srp->N, &s);
+        if (!r) r = mp_add(&srp->priv, &s, &temp2);
 
-        /* secret = i ^ j % N */
-        if (!r) r = mp_exptmod(&i, &j, &srp->N, &s);
+        /* secret = temp1 ^ temp2 % N */
+        if (!r) r = mp_exptmod(&temp1, &temp2, &srp->N, &s);
 
     } else if (!r && srp->side == SRP_SERVER_SIDE) {
-        /* i = v ^ u % N */
-        r = mp_exptmod(&srp->auth, &srp->u, &srp->N, &i);
+        /* temp1 = v ^ u % N */
+        r = mp_exptmod(&srp->auth, &u, &srp->N, &temp1);
 
-        /* j = A * i % N */
+        /* temp2 = A * temp1 % N */
         if (!r) r = mp_read_unsigned_bin(&s, clientPubKey, clientPubKeySz);
-        if (!r) r = mp_mulmod(&s, &i, &srp->N, &j);
+        if (!r) r = mp_mulmod(&s, &temp1, &srp->N, &temp2);
 
-        /* secret = j * b % N */
-        if (!r) r = mp_exptmod(&j, &srp->priv, &srp->N, &s);
+        /* secret = temp2 * b % N */
+        if (!r) r = mp_exptmod(&temp2, &srp->priv, &srp->N, &s);
     }
 
+    /* building session key from secret */
+
     if (!r) r = mp_to_unsigned_bin(&s, secret);
     if (!r) r = wc_SrpSetK(srp, secret, mp_unsigned_bin_size(&s));
 
-    /* client proof = H( H(N) ^ H(g) | H(user) | salt | A | B | K) */
-    if (!r) r = SrpHashUpdate(&srp->client_proof, srp->key, digestSz * 2);
+    /* updating client proof = H( H(N) ^ H(g) | H(user) | salt | A | B | K) */
+
+    if (!r) r = SrpHashUpdate(&srp->client_proof, clientPubKey, clientPubKeySz);
+    if (!r) r = SrpHashUpdate(&srp->client_proof, serverPubKey, serverPubKeySz);
+    if (!r) r = SrpHashUpdate(&srp->client_proof, srp->key, 2 * digestSz);
+
+    /* updating server proof = H(A) */
+
+    if (!r) r = SrpHashUpdate(&srp->server_proof, clientPubKey, clientPubKeySz);
 
     XFREE(secret, NULL, DYNAMIC_TYPE_SRP);
-    mp_clear(&i); mp_clear(&j); mp_clear(&s);
+    mp_clear(&u); mp_clear(&s); mp_clear(&temp1); mp_clear(&temp2);
 
     return r;
 }
@@ -590,7 +585,7 @@ int wc_SrpGetProof(Srp* srp, byte* proof, word32* size)
     if (srp->side == SRP_CLIENT_SIDE) {
         /* server proof = H( A | client proof | K) */
         if (!r) r = SrpHashUpdate(&srp->server_proof, proof, *size);
-        if (!r) r = SrpHashUpdate(&srp->server_proof, srp->key, (*size) * 2);
+        if (!r) r = SrpHashUpdate(&srp->server_proof, srp->key, 2 * (*size));
     }
 
     return r;
@@ -613,7 +608,7 @@ int wc_SrpVerifyPeersProof(Srp* srp, byte* proof, word32 size)
     if (srp->side == SRP_SERVER_SIDE) {
         /* server proof = H( A | client proof | K) */
         if (!r) r = SrpHashUpdate(&srp->server_proof, proof, size);
-        if (!r) r = SrpHashUpdate(&srp->server_proof, srp->key, size * 2);
+        if (!r) r = SrpHashUpdate(&srp->server_proof, srp->key, 2 * size);
     }
 
     if (!r && XMEMCMP(proof, digest, size) != 0)
@@ -622,4 +617,20 @@ int wc_SrpVerifyPeersProof(Srp* srp, byte* proof, word32 size)
     return r;
 }
 
+int wc_SrpGetSessionKey(Srp* srp, byte* key, word32* size)
+{
+    word32 sz;
+
+    if (!srp || !key || !size)
+        return BAD_FUNC_ARG;
+
+    if (*size < (sz = SrpHashSize(srp->type)))
+        return BUFFER_E;
+
+    XMEMCPY(key, srp->key, sz);
+    *size = sz;
+
+    return 0;
+}
+
 #endif /* WOLFCRYPT_HAVE_SRP */
diff --git a/wolfssl/wolfcrypt/srp.h b/wolfssl/wolfcrypt/srp.h
index 56cf41329..7dd4808e2 100644
--- a/wolfssl/wolfcrypt/srp.h
+++ b/wolfssl/wolfcrypt/srp.h
@@ -94,7 +94,6 @@ typedef struct {
     byte    k[SRP_MAX_DIGEST_SIZE];       /**< Multiplier parameeter. H(N, g)        */
     mp_int  auth;                         /**< client: x = H(salt, H(user, ":", pswd)) */
     mp_int  priv;                         /**< Private ephemeral value.              */
-    mp_int  u;                            /**< Random scrambling parameeter.         */
     SrpHash client_proof;                 /**< Client proof. Sent to Server.         */
     SrpHash server_proof;                 /**< Server proof. Sent to Client.         */
     byte    key[2 * SRP_MAX_DIGEST_SIZE]; /**< Session key.                          */
@@ -127,6 +126,8 @@ WOLFSSL_API int wc_SrpGetProof(Srp* srp, byte* proof, word32* size);
 
 WOLFSSL_API int wc_SrpVerifyPeersProof(Srp* srp, byte* proof, word32 size);
 
+WOLFSSL_API int wc_SrpGetSessionKey(Srp* srp, byte* key, word32* size);
+
 #ifdef __cplusplus
    } /* extern "C" */
 #endif

From f31c32bea24e011e9d01559d6dce494e11f0e2f0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= <moises@wolfssl.com>
Date: Mon, 3 Aug 2015 17:47:19 -0300
Subject: [PATCH 288/350] adds docs using doxygen style.

---
 wolfcrypt/src/srp.c     |  12 +-
 wolfssl/wolfcrypt/srp.h | 252 ++++++++++++++++++++++++++++++++++------
 2 files changed, 221 insertions(+), 43 deletions(-)

diff --git a/wolfcrypt/src/srp.c b/wolfcrypt/src/srp.c
index 96dda59a3..be3a39c3b 100644
--- a/wolfcrypt/src/srp.c
+++ b/wolfcrypt/src/srp.c
@@ -31,7 +31,7 @@
 #include <wolfssl/wolfcrypt/random.h>
 #include <wolfssl/wolfcrypt/error-crypt.h>
 
-static int SrpHashInit(SrpHash* hash, int type)
+static int SrpHashInit(SrpHash* hash, SrpType type)
 {
     hash->type = type;
 
@@ -117,7 +117,7 @@ static int SrpHashFinal(SrpHash* hash, byte* digest)
     }
 }
 
-static word32 SrpHashSize(byte type)
+static word32 SrpHashSize(SrpType type)
 {
     switch (type) {
     #ifndef NO_SHA
@@ -145,7 +145,7 @@ static word32 SrpHashSize(byte type)
     }
 }
 
-int wc_SrpInit(Srp* srp, byte type, byte side)
+int wc_SrpInit(Srp* srp, SrpType type, SrpSide side)
 {
     int r;
 
@@ -257,7 +257,7 @@ int wc_SrpSetParams(Srp* srp, const byte* N,    word32 nSz,
     if (!r) r = SrpHashUpdate(&hash, (byte*) g, gSz);
     if (!r) r = SrpHashFinal(&hash, srp->k);
 
-    /* Update client proof */
+    /* update client proof */
 
     /* digest1 = H(N) */
     if (!r) r = SrpHashInit(&hash, srp->type);
@@ -278,7 +278,7 @@ int wc_SrpSetParams(Srp* srp, const byte* N,    word32 nSz,
     if (!r) r = SrpHashUpdate(&hash, srp->user, srp->userSz);
     if (!r) r = SrpHashFinal(&hash, digest2);
 
-    /* Client proof = H( H(N) ^ H(g) | H(user) | salt) */
+    /* client proof = H( H(N) ^ H(g) | H(user) | salt) */
     if (!r) r = SrpHashUpdate(&srp->client_proof, digest1, j);
     if (!r) r = SrpHashUpdate(&srp->client_proof, digest2, j);
     if (!r) r = SrpHashUpdate(&srp->client_proof, salt, saltSz);
@@ -365,6 +365,7 @@ int wc_SrpSetPrivate(Srp* srp, const byte* private, word32 size)
     return mp_read_unsigned_bin(&srp->priv, private, size);
 }
 
+/** Generates random data using wolfcrypt RNG. */
 static int wc_SrpGenPrivate(Srp* srp, byte* private, word32 size)
 {
     RNG rng;
@@ -428,6 +429,7 @@ int wc_SrpGetPublic(Srp* srp, byte* public, word32* size)
     return r;
 }
 
+/** Computes the session key using the interleaved hash. */
 static int wc_SrpSetK(Srp* srp, byte* secret, word32 size)
 {
     SrpHash hash;
diff --git a/wolfssl/wolfcrypt/srp.h b/wolfssl/wolfcrypt/srp.h
index 7dd4808e2..639468cf7 100644
--- a/wolfssl/wolfcrypt/srp.h
+++ b/wolfssl/wolfcrypt/srp.h
@@ -34,36 +34,48 @@
     extern "C" {
 #endif
 
-enum {
-    SRP_CLIENT_SIDE  = 0,
-    SRP_SERVER_SIDE  = 1,
-#ifndef NO_SHA
-    SRP_TYPE_SHA     = 1,
-#endif
-#ifndef NO_SHA256
-    SRP_TYPE_SHA256  = 2,
-#endif
-#ifdef WOLFSSL_SHA384
-    SRP_TYPE_SHA384  = 3,
-#endif
-#ifdef WOLFSSL_SHA512
-    SRP_TYPE_SHA512  = 4,
-#endif
-
 /* Select the largest available hash for the buffer size. */
 #if defined(WOLFSSL_SHA512)
-    SRP_MAX_DIGEST_SIZE = SHA512_DIGEST_SIZE,
+    #define SRP_MAX_DIGEST_SIZE SHA512_DIGEST_SIZE
 #elif defined(WOLFSSL_SHA384)
-    SRP_MAX_DIGEST_SIZE = SHA384_DIGEST_SIZE,
+    #define SRP_MAX_DIGEST_SIZE SHA384_DIGEST_SIZE
 #elif !defined(NO_SHA256)
-    SRP_MAX_DIGEST_SIZE = SHA256_DIGEST_SIZE,
+    #define SRP_MAX_DIGEST_SIZE SHA256_DIGEST_SIZE
 #elif !defined(NO_SHA)
-    SRP_MAX_DIGEST_SIZE = SHA_DIGEST_SIZE,
+    #define SRP_MAX_DIGEST_SIZE SHA_DIGEST_SIZE
 #else
     #error "You have to have some kind of SHA hash if you want to use SRP."
 #endif
-};
 
+/**
+ * SRP side, client or server.
+ */
+typedef enum {
+    SRP_CLIENT_SIDE  = 0,
+    SRP_SERVER_SIDE  = 1,
+} SrpSide;
+
+/**
+ * SRP hash type, SHA[1|256|384|512].
+ */
+typedef enum {
+    #ifndef NO_SHA
+        SRP_TYPE_SHA    = 1,
+    #endif
+    #ifndef NO_SHA256
+        SRP_TYPE_SHA256 = 2,
+    #endif
+    #ifdef WOLFSSL_SHA384
+        SRP_TYPE_SHA384 = 3,
+    #endif
+    #ifdef WOLFSSL_SHA512
+        SRP_TYPE_SHA512 = 4,
+    #endif
+} SrpType;
+
+/**
+ * SRP hash struct.
+ */
 typedef struct {
     byte type;
     union {
@@ -83,49 +95,213 @@ typedef struct {
 } SrpHash;
 
 typedef struct {
-    byte    side;                         /**< SRP_CLIENT_SIDE or SRP_SERVER_SIDE */
-    byte    type;                         /**< Hash type, one of SRP_TYPE_SHA[|256|384|512] */
-    byte*   user;                         /**< Username, login.                      */
-    word32  userSz;                       /**< Username length.                      */
-    byte*   salt;                         /**< Small salt.                           */
-    word32  saltSz;                       /**< Salt length.                          */
-    mp_int  N;                            /**< Modulus. N = 2q+1, [q, N] are primes. */
-    mp_int  g;                            /**< Generator. A generator modulo N.      */
-    byte    k[SRP_MAX_DIGEST_SIZE];       /**< Multiplier parameeter. H(N, g)        */
-    mp_int  auth;                         /**< client: x = H(salt, H(user, ":", pswd)) */
-    mp_int  priv;                         /**< Private ephemeral value.              */
-    SrpHash client_proof;                 /**< Client proof. Sent to Server.         */
-    SrpHash server_proof;                 /**< Server proof. Sent to Client.         */
-    byte    key[2 * SRP_MAX_DIGEST_SIZE]; /**< Session key.                          */
+    SrpSide side;                         /**< Client or Server, @see SrpSide.*/
+    SrpType type;                         /**< Hash type, @see SrpType.       */
+    byte*   user;                         /**< Username, login.               */
+    word32  userSz;                       /**< Username length.               */
+    byte*   salt;                         /**< Small salt.                    */
+    word32  saltSz;                       /**< Salt length.                   */
+    mp_int  N;                            /**< N = 2q+1, [q, N] are primes.   */
+                                          /**< a.k.a. modulus.                */
+    mp_int  g;                            /**< Generator modulo N.            */
+    byte    k[SRP_MAX_DIGEST_SIZE];       /**< Multiplier parameeter. H(N, g) */
+    mp_int  auth;                         /**< x = H(salt + H(user:pswd))     */
+                                          /**< v = g ^ x % N                  */
+    mp_int  priv;                         /**< Private ephemeral value.       */
+    SrpHash client_proof;                 /**< Client proof. Sent to Server.  */
+    SrpHash server_proof;                 /**< Server proof. Sent to Client.  */
+    byte    key[2 * SRP_MAX_DIGEST_SIZE]; /**< Session key.                   */
 } Srp;
 
-WOLFSSL_API int wc_SrpInit(Srp* srp, byte type, byte side);
+/**
+ * Initializes the Srp struct for usage.
+ *
+ * @param[out] srp   the Srp structure to be initialized.
+ * @param[in]  type  the hash type to be used.
+ * @param[in]  side  the side of the communication.
+ *
+ * @return 0 on success, {@literal <} 0 on error. @see error-crypt.h
+ */
+WOLFSSL_API int wc_SrpInit(Srp* srp, SrpType type, SrpSide side);
 
+/**
+ * Releases the Srp struct resources after usage.
+ *
+ * @param[in,out] srp    the Srp structure to be terminated.
+ */
 WOLFSSL_API void wc_SrpTerm(Srp* srp);
 
+/**
+ * Sets the username.
+ *
+ * This function MUST be called after wc_SrpInit.
+ *
+ * @param[in,out] srp       the Srp structure.
+ * @param[in]     username  the buffer containing the username.
+ * @param[in]     size      the username size in bytes
+ *
+ * @return 0 on success, {@literal <} 0 on error. @see error-crypt.h
+ */
 WOLFSSL_API int wc_SrpSetUsername(Srp* srp, const byte* username, word32 size);
 
+
+/**
+ * Sets the srp parameeters based on the username.
+ *
+ * This function MUST be called after wc_SrpSetUsername.
+ *
+ * @param[in,out] srp       the Srp structure.
+ * @param[in]     N         the Modulus. N = 2q+1, [q, N] are primes.
+ * @param[in]     nSz       the N size in bytes.
+ * @param[in]     g         the Generator modulo N.
+ * @param[in]     gSz       the g size in bytes
+ * @param[in]     salt      a small random salt. Specific for each username.
+ * @param[in]     saltSz    the salt size in bytes
+ *
+ * @return 0 on success, {@literal <} 0 on error. @see error-crypt.h
+ */
 WOLFSSL_API int wc_SrpSetParams(Srp* srp, const byte* N,    word32 nSz,
                                           const byte* g,    word32 gSz,
                                           const byte* salt, word32 saltSz);
 
+/**
+ * Sets the password.
+ *
+ * Setting the password does not persists the clear password data in the
+ * srp structure. The client calculates x = H(salt + H(user:pswd)) and stores
+ * it in the auth field.
+ *
+ * This function MUST be called after wc_SrpSetParams and is CLIENT SIDE ONLY.
+ *
+ * @param[in,out] srp       the Srp structure.
+ * @param[in]     password  the buffer containing the password.
+ * @param[in]     size      the password size in bytes.
+ *
+ * @return 0 on success, {@literal <} 0 on error. @see error-crypt.h
+ */
 WOLFSSL_API int wc_SrpSetPassword(Srp* srp, const byte* password, word32 size);
 
+/**
+ * Sets the password.
+ *
+ * This function MUST be called after wc_SrpSetParams and is SERVER SIDE ONLY.
+ *
+ * @param[in,out] srp       the Srp structure.
+ * @param[in]     verifier  the buffer containing the verifier.
+ * @param[in]     size      the verifier size in bytes.
+ *
+ * @return 0 on success, {@literal <} 0 on error. @see error-crypt.h
+ */
 WOLFSSL_API int wc_SrpSetVerifier(Srp* srp, const byte* verifier, word32 size);
 
+/**
+ * Gets the verifier.
+ *
+ * The client calculates the verifier with v = g ^ x % N.
+ * This function MAY be called after wc_SrpSetPassword and is SERVER SIDE ONLY.
+ *
+ * @param[in,out] srp       the Srp structure.
+ * @param[out]    verifier  the buffer to write the verifier.
+ * @param[in,out] size      the buffer size in bytes. Will be updated with the
+ *                          verifier size.
+ *
+ * @return 0 on success, {@literal <} 0 on error. @see error-crypt.h
+ */
 WOLFSSL_API int wc_SrpGetVerifier(Srp* srp, byte* verifier, word32* size);
 
+/**
+ * Sets the private ephemeral value.
+ *
+ * The private ephemeral value is known as:
+ *   a at the client side. a = random()
+ *   b at the server side. b = random()
+ * This function is handy for unit test cases or if the developer wants to use
+ * an external random source to set the ephemeral value.
+ * This function MAY be called before wc_SrpGetPublic.
+ *
+ * @param[in,out] srp       the Srp structure.
+ * @param[in]     private   the ephemeral value.
+ * @param[in]     size      the private size in bytes.
+ *
+ * @return 0 on success, {@literal <} 0 on error. @see error-crypt.h
+ */
 WOLFSSL_API int wc_SrpSetPrivate(Srp* srp, const byte* private, word32 size);
 
+/**
+ * Gets the public ephemeral value.
+ *
+ * The public ephemeral value is known as:
+ *   A at the client side. A = g ^ a % N
+ *   B at the server side. B = (k * v + (g ˆ b % N)) % N
+ * This function MUST be called after wc_SrpSetPassword or wc_SrpSetVerifier.
+ *
+ * @param[in,out] srp       the Srp structure.
+ * @param[out]    public    the buffer to write the public ephemeral value.
+ * @param[in,out] size      the the buffer size in bytes. Will be updated with
+ *                          the ephemeral value size.
+ *
+ * @return 0 on success, {@literal <} 0 on error. @see error-crypt.h
+ */
 WOLFSSL_API int wc_SrpGetPublic(Srp* srp, byte* public, word32* size);
 
-WOLFSSL_API int wc_SrpComputeKey(Srp* srp, byte* clientPubKey, word32 clientPubKeySz,
-                                           byte* serverPubKey, word32 serverPubKeySz);
 
+/**
+ * Computes the session key.
+ *
+ * This function is handy for unit test cases or if the developer wants to use
+ * an external random source to set the ephemeral value.
+ * This function MUST be called after wc_SrpSetPassword or wc_SrpSetVerifier.
+ *
+ * @param[in,out] srp       the Srp structure.
+ * @param[out]    public    the buffer to write the public ephemeral value.
+ * @param[in,out] size      the the buffer size in bytes. Will be updated with
+                            the ephemeral value size.
+ *
+ * @return 0 on success, {@literal <} 0 on error. @see error-crypt.h
+ */
+WOLFSSL_API int wc_SrpComputeKey(Srp* srp,
+                                 byte* clientPubKey, word32 clientPubKeySz,
+                                 byte* serverPubKey, word32 serverPubKeySz);
+
+/**
+ * Gets the proof.
+ *
+ * This function MUST be called after wc_SrpComputeKey.
+ *
+ * @param[in,out] srp   the Srp structure.
+ * @param[out]    proof the buffer to write the proof.
+ * @param[in,out] size  the buffer size in bytes. Will be updated with the
+ *                          proof size.
+ *
+ * @return 0 on success, {@literal <} 0 on error. @see error-crypt.h
+ */
 WOLFSSL_API int wc_SrpGetProof(Srp* srp, byte* proof, word32* size);
 
+/**
+ * Verifies the peers proof.
+ *
+ * This function MUST be called before wc_SrpGetSessionKey.
+ *
+ * @param[in,out] srp   the Srp structure.
+ * @param[in]     proof the peers proof.
+ * @param[in]     size  the proof size in bytes.
+ *
+ * @return 0 on success, {@literal <} 0 on error. @see error-crypt.h
+ */
 WOLFSSL_API int wc_SrpVerifyPeersProof(Srp* srp, byte* proof, word32 size);
 
+/**
+ * Gets the session key.
+ *
+ * This function MUST be called after wc_SrpVerifyPeersProof.
+ *
+ * @param[in,out] srp   the Srp structure.
+ * @param[out]    key   the buffer to write the key.
+ * @param[in,out] size  the buffer size in bytes. Will be updated with the
+ *                          key size.
+ *
+ * @return 0 on success, {@literal <} 0 on error. @see error-crypt.h
+ */
 WOLFSSL_API int wc_SrpGetSessionKey(Srp* srp, byte* key, word32* size);
 
 #ifdef __cplusplus

From 12b84451531fcda54ae8eca9c8927609f4902df0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= <moises@wolfssl.com>
Date: Tue, 4 Aug 2015 13:36:58 -0300
Subject: [PATCH 289/350] adds key generation function callback option.

---
 tests/srp.c             | 254 ++++++++++++++++++++++++++++++++++++++++
 wolfcrypt/src/srp.c     |  82 +++++++++----
 wolfssl/wolfcrypt/srp.h |  55 ++++-----
 3 files changed, 335 insertions(+), 56 deletions(-)

diff --git a/tests/srp.c b/tests/srp.c
index 0e3af9c4a..691bbdabe 100644
--- a/tests/srp.c
+++ b/tests/srp.c
@@ -26,6 +26,7 @@
 #include <wolfssl/wolfcrypt/settings.h>
 
 #include <tests/unit.h>
+#include <wolfssl/wolfcrypt/sha512.h>
 #include <wolfssl/wolfcrypt/srp.h>
 
 #ifdef WOLFCRYPT_HAVE_SRP
@@ -426,6 +427,258 @@ static void test_SrpGetProofAndVerify(void)
     wc_SrpTerm(&srv);
 }
 
+static int sha512_key_gen(Srp* srp, byte* secret, word32 size)
+{
+    Sha512 hash;
+    int r;
+
+    srp->key = (byte*)XMALLOC(SHA512_DIGEST_SIZE, NULL, DYNAMIC_TYPE_SRP);
+    if (srp->key == NULL)
+        return MEMORY_E;
+
+    srp->keySz = SHA512_DIGEST_SIZE;
+
+    r = wc_InitSha512(&hash);
+    if (!r) r = wc_Sha512Update(&hash, secret, size);
+    if (!r) r = wc_Sha512Final(&hash, srp->key);
+
+    XMEMSET(&hash, 0, sizeof(Sha512));
+
+    return r;
+}
+
+static void test_SrpKeyGenFunc_cb(void)
+{
+    Srp cli, srv;
+    byte clientPubKey[1024];
+    byte serverPubKey[1024];
+    word32 clientPubKeySz = 1024;
+    word32 serverPubKeySz = 1024;
+    byte clientProof[SRP_MAX_DIGEST_SIZE];
+    byte serverProof[SRP_MAX_DIGEST_SIZE];
+    word32 clientProofSz = SRP_MAX_DIGEST_SIZE;
+    word32 serverProofSz = SRP_MAX_DIGEST_SIZE;
+
+    byte username_[] = "alice";
+    word32 usernameSz_ = 5;
+
+    byte password_[] = "password123";
+    word32 passwordSz_ = 11;
+
+    byte N_[] = {
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2,
+        0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
+        0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6,
+        0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
+        0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D,
+        0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
+        0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9,
+        0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
+        0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11,
+        0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D,
+        0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36,
+        0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
+        0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56,
+        0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D,
+        0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, 0xF1, 0x74, 0x6C, 0x08,
+        0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,
+        0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2,
+        0xEC, 0x07, 0xA2, 0x8F, 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9,
+        0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, 0x39, 0x95, 0x49, 0x7C,
+        0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,
+        0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, 0xAD, 0x33, 0x17, 0x0D,
+        0x04, 0x50, 0x7A, 0x33, 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64,
+        0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, 0x8A, 0xEA, 0x71, 0x57,
+        0x5D, 0x06, 0x0C, 0x7D, 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7,
+        0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, 0x1E, 0x8C, 0x94, 0xE0,
+        0x4A, 0x25, 0x61, 0x9D, 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B,
+        0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64, 0xD8, 0x76, 0x02, 0x73,
+        0x3E, 0xC8, 0x6A, 0x64, 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C,
+        0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, 0x77, 0x09, 0x88, 0xC0,
+        0xBA, 0xD9, 0x46, 0xE2, 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31,
+        0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E, 0x4B, 0x82, 0xD1, 0x20,
+        0xA9, 0x3A, 0xD2, 0xCA, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
+    };
+
+    byte g_[] = {
+        0x05
+    };
+
+    byte salt_[] = {
+        0xBE, 0xB2, 0x53, 0x79, 0xD1, 0xA8, 0x58, 0x1E, 0xB5, 0xA7, 0x27, 0x67,
+        0x3A, 0x24, 0x41, 0xEE
+    };
+
+    byte verifier_[] = {
+        0x9B, 0x5E, 0x06, 0x17, 0x01, 0xEA, 0x7A, 0xEB, 0x39, 0xCF, 0x6E, 0x35,
+        0x19, 0x65, 0x5A, 0x85, 0x3C, 0xF9, 0x4C, 0x75, 0xCA, 0xF2, 0x55, 0x5E,
+        0xF1, 0xFA, 0xF7, 0x59, 0xBB, 0x79, 0xCB, 0x47, 0x70, 0x14, 0xE0, 0x4A,
+        0x88, 0xD6, 0x8F, 0xFC, 0x05, 0x32, 0x38, 0x91, 0xD4, 0xC2, 0x05, 0xB8,
+        0xDE, 0x81, 0xC2, 0xF2, 0x03, 0xD8, 0xFA, 0xD1, 0xB2, 0x4D, 0x2C, 0x10,
+        0x97, 0x37, 0xF1, 0xBE, 0xBB, 0xD7, 0x1F, 0x91, 0x24, 0x47, 0xC4, 0xA0,
+        0x3C, 0x26, 0xB9, 0xFA, 0xD8, 0xED, 0xB3, 0xE7, 0x80, 0x77, 0x8E, 0x30,
+        0x25, 0x29, 0xED, 0x1E, 0xE1, 0x38, 0xCC, 0xFC, 0x36, 0xD4, 0xBA, 0x31,
+        0x3C, 0xC4, 0x8B, 0x14, 0xEA, 0x8C, 0x22, 0xA0, 0x18, 0x6B, 0x22, 0x2E,
+        0x65, 0x5F, 0x2D, 0xF5, 0x60, 0x3F, 0xD7, 0x5D, 0xF7, 0x6B, 0x3B, 0x08,
+        0xFF, 0x89, 0x50, 0x06, 0x9A, 0xDD, 0x03, 0xA7, 0x54, 0xEE, 0x4A, 0xE8,
+        0x85, 0x87, 0xCC, 0xE1, 0xBF, 0xDE, 0x36, 0x79, 0x4D, 0xBA, 0xE4, 0x59,
+        0x2B, 0x7B, 0x90, 0x4F, 0x44, 0x2B, 0x04, 0x1C, 0xB1, 0x7A, 0xEB, 0xAD,
+        0x1E, 0x3A, 0xEB, 0xE3, 0xCB, 0xE9, 0x9D, 0xE6, 0x5F, 0x4B, 0xB1, 0xFA,
+        0x00, 0xB0, 0xE7, 0xAF, 0x06, 0x86, 0x3D, 0xB5, 0x3B, 0x02, 0x25, 0x4E,
+        0xC6, 0x6E, 0x78, 0x1E, 0x3B, 0x62, 0xA8, 0x21, 0x2C, 0x86, 0xBE, 0xB0,
+        0xD5, 0x0B, 0x5B, 0xA6, 0xD0, 0xB4, 0x78, 0xD8, 0xC4, 0xE9, 0xBB, 0xCE,
+        0xC2, 0x17, 0x65, 0x32, 0x6F, 0xBD, 0x14, 0x05, 0x8D, 0x2B, 0xBD, 0xE2,
+        0xC3, 0x30, 0x45, 0xF0, 0x38, 0x73, 0xE5, 0x39, 0x48, 0xD7, 0x8B, 0x79,
+        0x4F, 0x07, 0x90, 0xE4, 0x8C, 0x36, 0xAE, 0xD6, 0xE8, 0x80, 0xF5, 0x57,
+        0x42, 0x7B, 0x2F, 0xC0, 0x6D, 0xB5, 0xE1, 0xE2, 0xE1, 0xD7, 0xE6, 0x61,
+        0xAC, 0x48, 0x2D, 0x18, 0xE5, 0x28, 0xD7, 0x29, 0x5E, 0xF7, 0x43, 0x72,
+        0x95, 0xFF, 0x1A, 0x72, 0xD4, 0x02, 0x77, 0x17, 0x13, 0xF1, 0x68, 0x76,
+        0xDD, 0x05, 0x0A, 0xE5, 0xB7, 0xAD, 0x53, 0xCC, 0xB9, 0x08, 0x55, 0xC9,
+        0x39, 0x56, 0x64, 0x83, 0x58, 0xAD, 0xFD, 0x96, 0x64, 0x22, 0xF5, 0x24,
+        0x98, 0x73, 0x2D, 0x68, 0xD1, 0xD7, 0xFB, 0xEF, 0x10, 0xD7, 0x80, 0x34,
+        0xAB, 0x8D, 0xCB, 0x6F, 0x0F, 0xCF, 0x88, 0x5C, 0xC2, 0xB2, 0xEA, 0x2C,
+        0x3E, 0x6A, 0xC8, 0x66, 0x09, 0xEA, 0x05, 0x8A, 0x9D, 0xA8, 0xCC, 0x63,
+        0x53, 0x1D, 0xC9, 0x15, 0x41, 0x4D, 0xF5, 0x68, 0xB0, 0x94, 0x82, 0xDD,
+        0xAC, 0x19, 0x54, 0xDE, 0xC7, 0xEB, 0x71, 0x4F, 0x6F, 0xF7, 0xD4, 0x4C,
+        0xD5, 0xB8, 0x6F, 0x6B, 0xD1, 0x15, 0x81, 0x09, 0x30, 0x63, 0x7C, 0x01,
+        0xD0, 0xF6, 0x01, 0x3B, 0xC9, 0x74, 0x0F, 0xA2, 0xC6, 0x33, 0xBA, 0x89
+    };
+
+    byte a_[] = {
+        0x60, 0x97, 0x55, 0x27, 0x03, 0x5C, 0xF2, 0xAD, 0x19, 0x89, 0x80, 0x6F,
+        0x04, 0x07, 0x21, 0x0B, 0xC8, 0x1E, 0xDC, 0x04, 0xE2, 0x76, 0x2A, 0x56,
+        0xAF, 0xD5, 0x29, 0xDD, 0xDA, 0x2D, 0x43, 0x93
+    };
+
+    byte A_[] = {
+        0xFA, 0xB6, 0xF5, 0xD2, 0x61, 0x5D, 0x1E, 0x32, 0x35, 0x12, 0xE7, 0x99,
+        0x1C, 0xC3, 0x74, 0x43, 0xF4, 0x87, 0xDA, 0x60, 0x4C, 0xA8, 0xC9, 0x23,
+        0x0F, 0xCB, 0x04, 0xE5, 0x41, 0xDC, 0xE6, 0x28, 0x0B, 0x27, 0xCA, 0x46,
+        0x80, 0xB0, 0x37, 0x4F, 0x17, 0x9D, 0xC3, 0xBD, 0xC7, 0x55, 0x3F, 0xE6,
+        0x24, 0x59, 0x79, 0x8C, 0x70, 0x1A, 0xD8, 0x64, 0xA9, 0x13, 0x90, 0xA2,
+        0x8C, 0x93, 0xB6, 0x44, 0xAD, 0xBF, 0x9C, 0x00, 0x74, 0x5B, 0x94, 0x2B,
+        0x79, 0xF9, 0x01, 0x2A, 0x21, 0xB9, 0xB7, 0x87, 0x82, 0x31, 0x9D, 0x83,
+        0xA1, 0xF8, 0x36, 0x28, 0x66, 0xFB, 0xD6, 0xF4, 0x6B, 0xFC, 0x0D, 0xDB,
+        0x2E, 0x1A, 0xB6, 0xE4, 0xB4, 0x5A, 0x99, 0x06, 0xB8, 0x2E, 0x37, 0xF0,
+        0x5D, 0x6F, 0x97, 0xF6, 0xA3, 0xEB, 0x6E, 0x18, 0x20, 0x79, 0x75, 0x9C,
+        0x4F, 0x68, 0x47, 0x83, 0x7B, 0x62, 0x32, 0x1A, 0xC1, 0xB4, 0xFA, 0x68,
+        0x64, 0x1F, 0xCB, 0x4B, 0xB9, 0x8D, 0xD6, 0x97, 0xA0, 0xC7, 0x36, 0x41,
+        0x38, 0x5F, 0x4B, 0xAB, 0x25, 0xB7, 0x93, 0x58, 0x4C, 0xC3, 0x9F, 0xC8,
+        0xD4, 0x8D, 0x4B, 0xD8, 0x67, 0xA9, 0xA3, 0xC1, 0x0F, 0x8E, 0xA1, 0x21,
+        0x70, 0x26, 0x8E, 0x34, 0xFE, 0x3B, 0xBE, 0x6F, 0xF8, 0x99, 0x98, 0xD6,
+        0x0D, 0xA2, 0xF3, 0xE4, 0x28, 0x3C, 0xBE, 0xC1, 0x39, 0x3D, 0x52, 0xAF,
+        0x72, 0x4A, 0x57, 0x23, 0x0C, 0x60, 0x4E, 0x9F, 0xBC, 0xE5, 0x83, 0xD7,
+        0x61, 0x3E, 0x6B, 0xFF, 0xD6, 0x75, 0x96, 0xAD, 0x12, 0x1A, 0x87, 0x07,
+        0xEE, 0xC4, 0x69, 0x44, 0x95, 0x70, 0x33, 0x68, 0x6A, 0x15, 0x5F, 0x64,
+        0x4D, 0x5C, 0x58, 0x63, 0xB4, 0x8F, 0x61, 0xBD, 0xBF, 0x19, 0xA5, 0x3E,
+        0xAB, 0x6D, 0xAD, 0x0A, 0x18, 0x6B, 0x8C, 0x15, 0x2E, 0x5F, 0x5D, 0x8C,
+        0xAD, 0x4B, 0x0E, 0xF8, 0xAA, 0x4E, 0xA5, 0x00, 0x88, 0x34, 0xC3, 0xCD,
+        0x34, 0x2E, 0x5E, 0x0F, 0x16, 0x7A, 0xD0, 0x45, 0x92, 0xCD, 0x8B, 0xD2,
+        0x79, 0x63, 0x93, 0x98, 0xEF, 0x9E, 0x11, 0x4D, 0xFA, 0xAA, 0xB9, 0x19,
+        0xE1, 0x4E, 0x85, 0x09, 0x89, 0x22, 0x4D, 0xDD, 0x98, 0x57, 0x6D, 0x79,
+        0x38, 0x5D, 0x22, 0x10, 0x90, 0x2E, 0x9F, 0x9B, 0x1F, 0x2D, 0x86, 0xCF,
+        0xA4, 0x7E, 0xE2, 0x44, 0x63, 0x54, 0x65, 0xF7, 0x10, 0x58, 0x42, 0x1A,
+        0x01, 0x84, 0xBE, 0x51, 0xDD, 0x10, 0xCC, 0x9D, 0x07, 0x9E, 0x6F, 0x16,
+        0x04, 0xE7, 0xAA, 0x9B, 0x7C, 0xF7, 0x88, 0x3C, 0x7D, 0x4C, 0xE1, 0x2B,
+        0x06, 0xEB, 0xE1, 0x60, 0x81, 0xE2, 0x3F, 0x27, 0xA2, 0x31, 0xD1, 0x84,
+        0x32, 0xD7, 0xD1, 0xBB, 0x55, 0xC2, 0x8A, 0xE2, 0x1F, 0xFC, 0xF0, 0x05,
+        0xF5, 0x75, 0x28, 0xD1, 0x5A, 0x88, 0x88, 0x1B, 0xB3, 0xBB, 0xB7, 0xFE
+    };
+
+    byte b_[] = {
+        0xE4, 0x87, 0xCB, 0x59, 0xD3, 0x1A, 0xC5, 0x50, 0x47, 0x1E, 0x81, 0xF0,
+        0x0F, 0x69, 0x28, 0xE0, 0x1D, 0xDA, 0x08, 0xE9, 0x74, 0xA0, 0x04, 0xF4,
+        0x9E, 0x61, 0xF5, 0xD1, 0x05, 0x28, 0x4D, 0x20
+    };
+
+    byte B_[] = {
+        0x40, 0xF5, 0x70, 0x88, 0xA4, 0x82, 0xD4, 0xC7, 0x73, 0x33, 0x84, 0xFE,
+        0x0D, 0x30, 0x1F, 0xDD, 0xCA, 0x90, 0x80, 0xAD, 0x7D, 0x4F, 0x6F, 0xDF,
+        0x09, 0xA0, 0x10, 0x06, 0xC3, 0xCB, 0x6D, 0x56, 0x2E, 0x41, 0x63, 0x9A,
+        0xE8, 0xFA, 0x21, 0xDE, 0x3B, 0x5D, 0xBA, 0x75, 0x85, 0xB2, 0x75, 0x58,
+        0x9B, 0xDB, 0x27, 0x98, 0x63, 0xC5, 0x62, 0x80, 0x7B, 0x2B, 0x99, 0x08,
+        0x3C, 0xD1, 0x42, 0x9C, 0xDB, 0xE8, 0x9E, 0x25, 0xBF, 0xBD, 0x7E, 0x3C,
+        0xAD, 0x31, 0x73, 0xB2, 0xE3, 0xC5, 0xA0, 0xB1, 0x74, 0xDA, 0x6D, 0x53,
+        0x91, 0xE6, 0xA0, 0x6E, 0x46, 0x5F, 0x03, 0x7A, 0x40, 0x06, 0x25, 0x48,
+        0x39, 0xA5, 0x6B, 0xF7, 0x6D, 0xA8, 0x4B, 0x1C, 0x94, 0xE0, 0xAE, 0x20,
+        0x85, 0x76, 0x15, 0x6F, 0xE5, 0xC1, 0x40, 0xA4, 0xBA, 0x4F, 0xFC, 0x9E,
+        0x38, 0xC3, 0xB0, 0x7B, 0x88, 0x84, 0x5F, 0xC6, 0xF7, 0xDD, 0xDA, 0x93,
+        0x38, 0x1F, 0xE0, 0xCA, 0x60, 0x84, 0xC4, 0xCD, 0x2D, 0x33, 0x6E, 0x54,
+        0x51, 0xC4, 0x64, 0xCC, 0xB6, 0xEC, 0x65, 0xE7, 0xD1, 0x6E, 0x54, 0x8A,
+        0x27, 0x3E, 0x82, 0x62, 0x84, 0xAF, 0x25, 0x59, 0xB6, 0x26, 0x42, 0x74,
+        0x21, 0x59, 0x60, 0xFF, 0xF4, 0x7B, 0xDD, 0x63, 0xD3, 0xAF, 0xF0, 0x64,
+        0xD6, 0x13, 0x7A, 0xF7, 0x69, 0x66, 0x1C, 0x9D, 0x4F, 0xEE, 0x47, 0x38,
+        0x26, 0x03, 0xC8, 0x8E, 0xAA, 0x09, 0x80, 0x58, 0x1D, 0x07, 0x75, 0x84,
+        0x61, 0xB7, 0x77, 0xE4, 0x35, 0x6D, 0xDA, 0x58, 0x35, 0x19, 0x8B, 0x51,
+        0xFE, 0xEA, 0x30, 0x8D, 0x70, 0xF7, 0x54, 0x50, 0xB7, 0x16, 0x75, 0xC0,
+        0x8C, 0x7D, 0x83, 0x02, 0xFD, 0x75, 0x39, 0xDD, 0x1F, 0xF2, 0xA1, 0x1C,
+        0xB4, 0x25, 0x8A, 0xA7, 0x0D, 0x23, 0x44, 0x36, 0xAA, 0x42, 0xB6, 0xA0,
+        0x61, 0x5F, 0x3F, 0x91, 0x5D, 0x55, 0xCC, 0x3B, 0x96, 0x6B, 0x27, 0x16,
+        0xB3, 0x6E, 0x4D, 0x1A, 0x06, 0xCE, 0x5E, 0x5D, 0x2E, 0xA3, 0xBE, 0xE5,
+        0xA1, 0x27, 0x0E, 0x87, 0x51, 0xDA, 0x45, 0xB6, 0x0B, 0x99, 0x7B, 0x0F,
+        0xFD, 0xB0, 0xF9, 0x96, 0x2F, 0xEE, 0x4F, 0x03, 0xBE, 0xE7, 0x80, 0xBA,
+        0x0A, 0x84, 0x5B, 0x1D, 0x92, 0x71, 0x42, 0x17, 0x83, 0xAE, 0x66, 0x01,
+        0xA6, 0x1E, 0xA2, 0xE3, 0x42, 0xE4, 0xF2, 0xE8, 0xBC, 0x93, 0x5A, 0x40,
+        0x9E, 0xAD, 0x19, 0xF2, 0x21, 0xBD, 0x1B, 0x74, 0xE2, 0x96, 0x4D, 0xD1,
+        0x9F, 0xC8, 0x45, 0xF6, 0x0E, 0xFC, 0x09, 0x33, 0x8B, 0x60, 0xB6, 0xB2,
+        0x56, 0xD8, 0xCA, 0xC8, 0x89, 0xCC, 0xA3, 0x06, 0xCC, 0x37, 0x0A, 0x0B,
+        0x18, 0xC8, 0xB8, 0x86, 0xE9, 0x5D, 0xA0, 0xAF, 0x52, 0x35, 0xFE, 0xF4,
+        0x39, 0x30, 0x20, 0xD2, 0xB7, 0xF3, 0x05, 0x69, 0x04, 0x75, 0x90, 0x42
+    };
+
+    byte key_[] = {
+        0x5C, 0xBC, 0x21, 0x9D, 0xB0, 0x52, 0x13, 0x8E, 0xE1, 0x14, 0x8C, 0x71,
+        0xCD, 0x44, 0x98, 0x96, 0x3D, 0x68, 0x25, 0x49, 0xCE, 0x91, 0xCA, 0x24,
+        0xF0, 0x98, 0x46, 0x8F, 0x06, 0x01, 0x5B, 0xEB, 0x6A, 0xF2, 0x45, 0xC2,
+        0x09, 0x3F, 0x98, 0xC3, 0x65, 0x1B, 0xCA, 0x83, 0xAB, 0x8C, 0xAB, 0x2B,
+        0x58, 0x0B, 0xBF, 0x02, 0x18, 0x4F, 0xEF, 0xDF, 0x26, 0x14, 0x2F, 0x73,
+        0xDF, 0x95, 0xAC, 0x50
+    };
+
+    AssertIntEQ(0, wc_SrpInit(&cli, SRP_TYPE_SHA512, SRP_CLIENT_SIDE));
+    AssertIntEQ(0, wc_SrpInit(&srv, SRP_TYPE_SHA512, SRP_SERVER_SIDE));
+
+    AssertIntEQ(0, wc_SrpSetUsername(&cli, username_, usernameSz_));
+    AssertIntEQ(0, wc_SrpSetUsername(&srv, username_, usernameSz_));
+
+    AssertIntEQ(0, wc_SrpSetParams(&cli, N_,    sizeof(N_),
+                                         g_,    sizeof(g_),
+                                         salt_, sizeof(salt_)));
+    AssertIntEQ(0, wc_SrpSetParams(&srv, N_,    sizeof(N_),
+                                         g_,    sizeof(g_),
+                                         salt_, sizeof(salt_)));
+
+    AssertIntEQ(0, wc_SrpSetPassword(&cli, password_, passwordSz_));
+    AssertIntEQ(0, wc_SrpSetVerifier(&srv, verifier_, sizeof(verifier_)));
+
+    AssertIntEQ(0, wc_SrpSetPrivate(&cli, a_, sizeof(a_)));
+    AssertIntEQ(0, wc_SrpGetPublic(&cli, clientPubKey, &clientPubKeySz));
+    AssertIntEQ(0, XMEMCMP(clientPubKey, A_, clientPubKeySz));
+
+    AssertIntEQ(0, wc_SrpSetPrivate(&srv, b_, sizeof(b_)));
+    AssertIntEQ(0, wc_SrpGetPublic(&srv, serverPubKey, &serverPubKeySz));
+    AssertIntEQ(0, XMEMCMP(serverPubKey, B_, serverPubKeySz));
+
+    cli.keyGenFunc_cb = sha512_key_gen;
+    AssertIntEQ(0, wc_SrpComputeKey(&cli, clientPubKey, clientPubKeySz,
+                                          serverPubKey, serverPubKeySz));
+    AssertIntEQ(0, XMEMCMP(cli.key, key_, sizeof(key_)));
+
+    srv.keyGenFunc_cb = sha512_key_gen;
+    AssertIntEQ(0, wc_SrpComputeKey(&srv, clientPubKey, clientPubKeySz,
+                                          serverPubKey, serverPubKeySz));
+    AssertIntEQ(0, XMEMCMP(srv.key, key_, sizeof(key_)));
+
+    AssertIntEQ(0, wc_SrpGetProof(&cli, clientProof, &clientProofSz));
+    AssertIntEQ(0, wc_SrpVerifyPeersProof(&srv, clientProof, clientProofSz));
+
+    AssertIntEQ(0, wc_SrpGetProof(&srv, serverProof, &serverProofSz));
+    AssertIntEQ(0, wc_SrpVerifyPeersProof(&cli, serverProof, serverProofSz));
+
+    wc_SrpTerm(&cli);
+    wc_SrpTerm(&srv);
+}
+
 #endif
 
 void SrpTest(void)
@@ -438,5 +691,6 @@ void SrpTest(void)
     test_SrpGetPublic();
     test_SrpComputeKey();
     test_SrpGetProofAndVerify();
+    test_SrpKeyGenFunc_cb();
 #endif
 }
diff --git a/wolfcrypt/src/srp.c b/wolfcrypt/src/srp.c
index be3a39c3b..66e7e7fda 100644
--- a/wolfcrypt/src/srp.c
+++ b/wolfcrypt/src/srp.c
@@ -31,6 +31,42 @@
 #include <wolfssl/wolfcrypt/random.h>
 #include <wolfssl/wolfcrypt/error-crypt.h>
 
+/** Computes the session key using the Mask Generation Function 1. */
+static int wc_SrpSetK(Srp* srp, byte* secret, word32 size);
+
+#include <stdio.h>
+static inline void LogHex(byte* data, word32 length)
+{
+    #define LINE_LEN 16
+
+    word32 i;
+
+    printf("\t");
+
+    if (!data) {
+        printf("NULL\n");
+        return;
+    }
+
+    for (i = 0; i < LINE_LEN; i++) {
+        if (i < length)
+            printf("%02x ", data[i]);
+        else
+            printf("   ");
+    }
+
+    printf("| ");
+
+    for (i = 0; i < LINE_LEN; i++)
+        if (i < length)
+            printf("%c", 31 < data[i] && data[i] < 127 ? data[i] : '.');
+
+    printf("\n");
+
+    if (length > LINE_LEN)
+        LogHex(data + LINE_LEN, length - LINE_LEN);
+}
+
 static int SrpHashInit(SrpHash* hash, SrpType type)
 {
     hash->type = type;
@@ -178,6 +214,9 @@ int wc_SrpInit(Srp* srp, SrpType type, SrpSide side)
     srp->side = side;    srp->type   = type;
     srp->salt = NULL;    srp->saltSz = 0;
     srp->user = NULL;    srp->userSz = 0;
+    srp->key  = NULL;    srp->keySz  = 0;
+
+    srp->keyGenFunc_cb = wc_SrpSetK;
 
     return 0;
 }
@@ -192,6 +231,8 @@ void wc_SrpTerm(Srp* srp)
         XFREE(srp->salt, NULL, DYNAMIC_TYPE_SRP);
         XMEMSET(srp->user, 0, srp->userSz);
         XFREE(srp->user, NULL, DYNAMIC_TYPE_SRP);
+        XMEMSET(srp->key, 0, srp->keySz);
+        XFREE(srp->key, NULL, DYNAMIC_TYPE_SRP);
 
         XMEMSET(srp, 0, sizeof(Srp));
     }
@@ -429,7 +470,6 @@ int wc_SrpGetPublic(Srp* srp, byte* public, word32* size)
     return r;
 }
 
-/** Computes the session key using the interleaved hash. */
 static int wc_SrpSetK(Srp* srp, byte* secret, word32 size)
 {
     SrpHash hash;
@@ -438,7 +478,13 @@ static int wc_SrpSetK(Srp* srp, byte* secret, word32 size)
     byte counter[4];
     int r;
 
-    for (i = j = 0; j < 2 * digestSz; i++) {
+    srp->key = (byte*)XMALLOC(2 * digestSz, NULL, DYNAMIC_TYPE_SRP);
+    if (srp->key == NULL)
+        return MEMORY_E;
+
+    srp->keySz = 2 * digestSz;
+
+    for (i = j = 0; j < srp->keySz; i++) {
         counter[0] = (i >> 24) & 0xFF;
         counter[1] = (i >> 16) & 0xFF;
         counter[2] = (i >>  8) & 0xFF;
@@ -448,10 +494,10 @@ static int wc_SrpSetK(Srp* srp, byte* secret, word32 size)
         if (!r) r = SrpHashUpdate(&hash, secret, size);
         if (!r) r = SrpHashUpdate(&hash, counter, 4);
 
-        if(j + digestSz > 2 * digestSz) {
+        if(j + digestSz > srp->keySz) {
             if (!r) r = SrpHashFinal(&hash, digest);
-            XMEMCPY(srp->key + j, digest, 2 * digestSz - j);
-            j = 2 * digestSz;
+            XMEMCPY(srp->key + j, digest, srp->keySz - j);
+            j = srp->keySz;
         }
         else {
             if (!r) r = SrpHashFinal(&hash, srp->key + j);
@@ -549,13 +595,15 @@ int wc_SrpComputeKey(Srp* srp, byte* clientPubKey, word32 clientPubKeySz,
     /* building session key from secret */
 
     if (!r) r = mp_to_unsigned_bin(&s, secret);
-    if (!r) r = wc_SrpSetK(srp, secret, mp_unsigned_bin_size(&s));
+    if (!r) r = srp->keyGenFunc_cb(srp, secret, mp_unsigned_bin_size(&s));
+    printf("key\n");
+    LogHex(srp->key, srp->keySz);
 
     /* updating client proof = H( H(N) ^ H(g) | H(user) | salt | A | B | K) */
 
     if (!r) r = SrpHashUpdate(&srp->client_proof, clientPubKey, clientPubKeySz);
     if (!r) r = SrpHashUpdate(&srp->client_proof, serverPubKey, serverPubKeySz);
-    if (!r) r = SrpHashUpdate(&srp->client_proof, srp->key, 2 * digestSz);
+    if (!r) r = SrpHashUpdate(&srp->client_proof, srp->key,     srp->keySz);
 
     /* updating server proof = H(A) */
 
@@ -587,7 +635,7 @@ int wc_SrpGetProof(Srp* srp, byte* proof, word32* size)
     if (srp->side == SRP_CLIENT_SIDE) {
         /* server proof = H( A | client proof | K) */
         if (!r) r = SrpHashUpdate(&srp->server_proof, proof, *size);
-        if (!r) r = SrpHashUpdate(&srp->server_proof, srp->key, 2 * (*size));
+        if (!r) r = SrpHashUpdate(&srp->server_proof, srp->key, srp->keySz);
     }
 
     return r;
@@ -610,7 +658,7 @@ int wc_SrpVerifyPeersProof(Srp* srp, byte* proof, word32 size)
     if (srp->side == SRP_SERVER_SIDE) {
         /* server proof = H( A | client proof | K) */
         if (!r) r = SrpHashUpdate(&srp->server_proof, proof, size);
-        if (!r) r = SrpHashUpdate(&srp->server_proof, srp->key, 2 * size);
+        if (!r) r = SrpHashUpdate(&srp->server_proof, srp->key, srp->keySz);
     }
 
     if (!r && XMEMCMP(proof, digest, size) != 0)
@@ -619,20 +667,4 @@ int wc_SrpVerifyPeersProof(Srp* srp, byte* proof, word32 size)
     return r;
 }
 
-int wc_SrpGetSessionKey(Srp* srp, byte* key, word32* size)
-{
-    word32 sz;
-
-    if (!srp || !key || !size)
-        return BAD_FUNC_ARG;
-
-    if (*size < (sz = SrpHashSize(srp->type)))
-        return BUFFER_E;
-
-    XMEMCPY(key, srp->key, sz);
-    *size = sz;
-
-    return 0;
-}
-
 #endif /* WOLFCRYPT_HAVE_SRP */
diff --git a/wolfssl/wolfcrypt/srp.h b/wolfssl/wolfcrypt/srp.h
index 639468cf7..ba917d2ad 100644
--- a/wolfssl/wolfcrypt/srp.h
+++ b/wolfssl/wolfcrypt/srp.h
@@ -94,23 +94,30 @@ typedef struct {
     } data;
 } SrpHash;
 
-typedef struct {
-    SrpSide side;                         /**< Client or Server, @see SrpSide.*/
-    SrpType type;                         /**< Hash type, @see SrpType.       */
-    byte*   user;                         /**< Username, login.               */
-    word32  userSz;                       /**< Username length.               */
-    byte*   salt;                         /**< Small salt.                    */
-    word32  saltSz;                       /**< Salt length.                   */
-    mp_int  N;                            /**< N = 2q+1, [q, N] are primes.   */
-                                          /**< a.k.a. modulus.                */
-    mp_int  g;                            /**< Generator modulo N.            */
-    byte    k[SRP_MAX_DIGEST_SIZE];       /**< Multiplier parameeter. H(N, g) */
-    mp_int  auth;                         /**< x = H(salt + H(user:pswd))     */
-                                          /**< v = g ^ x % N                  */
-    mp_int  priv;                         /**< Private ephemeral value.       */
-    SrpHash client_proof;                 /**< Client proof. Sent to Server.  */
-    SrpHash server_proof;                 /**< Server proof. Sent to Client.  */
-    byte    key[2 * SRP_MAX_DIGEST_SIZE]; /**< Session key.                   */
+typedef struct Srp {
+    SrpSide side;                   /**< Client or Server, @see SrpSide.      */
+    SrpType type;                   /**< Hash type, @see SrpType.             */
+    byte*   user;                   /**< Username, login.                     */
+    word32  userSz;                 /**< Username length.                     */
+    byte*   salt;                   /**< Small salt.                          */
+    word32  saltSz;                 /**< Salt length.                         */
+    mp_int  N;                      /**< Modulus. N = 2q+1, [q, N] are primes.*/
+    mp_int  g;                      /**< Generator. A generator modulo N.     */
+    byte    k[SRP_MAX_DIGEST_SIZE]; /**< Multiplier parameeter. k = H(N, g)   */
+    mp_int  auth;                   /**< Client: x = H(salt + H(user:pswd))   */
+                                    /**< Server: v = g ^ x % N                */
+    mp_int  priv;                   /**< Private ephemeral value.             */
+    SrpHash client_proof;           /**< Client proof. Sent to the Server.    */
+    SrpHash server_proof;           /**< Server proof. Sent to the Client.    */
+    byte*   key;                    /**< Session key.                         */
+    word32  keySz;                  /**< Session key length.                  */
+    int (*keyGenFunc_cb) (struct Srp* srp, byte* secret, word32 size);
+        /**< Function responsible for generating the session key.             */
+        /**< It MUST use XMALLOC with type DYNAMIC_TYPE_SRP to allocate the   */
+        /**< key buffer for this structure and set keySz to the buffer size.  */
+        /**< The default function used by this implementation is a modified   */
+        /**< version of t_mgf1 that uses the proper hash function according   */
+        /**< to srp->type.                                                    */
 } Srp;
 
 /**
@@ -290,20 +297,6 @@ WOLFSSL_API int wc_SrpGetProof(Srp* srp, byte* proof, word32* size);
  */
 WOLFSSL_API int wc_SrpVerifyPeersProof(Srp* srp, byte* proof, word32 size);
 
-/**
- * Gets the session key.
- *
- * This function MUST be called after wc_SrpVerifyPeersProof.
- *
- * @param[in,out] srp   the Srp structure.
- * @param[out]    key   the buffer to write the key.
- * @param[in,out] size  the buffer size in bytes. Will be updated with the
- *                          key size.
- *
- * @return 0 on success, {@literal <} 0 on error. @see error-crypt.h
- */
-WOLFSSL_API int wc_SrpGetSessionKey(Srp* srp, byte* key, word32* size);
-
 #ifdef __cplusplus
    } /* extern "C" */
 #endif

From 690cb147465532a0d45df40b5b6bb28cbf5401bd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= <moises@wolfssl.com>
Date: Tue, 4 Aug 2015 14:48:17 -0300
Subject: [PATCH 290/350] makes sure random values are safe.

---
 wolfcrypt/src/error.c           |  9 ++++
 wolfcrypt/src/srp.c             | 76 +++++++++++++++------------------
 wolfssl/wolfcrypt/error-crypt.h |  1 +
 wolfssl/wolfcrypt/srp.h         |  3 ++
 4 files changed, 48 insertions(+), 41 deletions(-)

diff --git a/wolfcrypt/src/error.c b/wolfcrypt/src/error.c
index 7d1d5ebe7..37b78422a 100644
--- a/wolfcrypt/src/error.c
+++ b/wolfcrypt/src/error.c
@@ -328,6 +328,15 @@ const char* wc_GetErrorString(int error)
     case ECC_PRIV_KEY_E:
         return " ECC private key is not valid error";
 
+    case SRP_CALL_ORDER_E:
+        return "SRP function called in the wrong order error";
+
+    case SRP_VERIFY_E:
+        return "SRP proof verification error";
+
+    case SRP_BAD_KEY_E:
+        return "SRP bad key values error";
+
     default:
         return "unknown error number";
 
diff --git a/wolfcrypt/src/srp.c b/wolfcrypt/src/srp.c
index 66e7e7fda..6e8b22d2f 100644
--- a/wolfcrypt/src/srp.c
+++ b/wolfcrypt/src/srp.c
@@ -32,40 +32,7 @@
 #include <wolfssl/wolfcrypt/error-crypt.h>
 
 /** Computes the session key using the Mask Generation Function 1. */
-static int wc_SrpSetK(Srp* srp, byte* secret, word32 size);
-
-#include <stdio.h>
-static inline void LogHex(byte* data, word32 length)
-{
-    #define LINE_LEN 16
-
-    word32 i;
-
-    printf("\t");
-
-    if (!data) {
-        printf("NULL\n");
-        return;
-    }
-
-    for (i = 0; i < LINE_LEN; i++) {
-        if (i < length)
-            printf("%02x ", data[i]);
-        else
-            printf("   ");
-    }
-
-    printf("| ");
-
-    for (i = 0; i < LINE_LEN; i++)
-        if (i < length)
-            printf("%c", 31 < data[i] && data[i] < 127 ? data[i] : '.');
-
-    printf("\n");
-
-    if (length > LINE_LEN)
-        LogHex(data + LINE_LEN, length - LINE_LEN);
-}
+static int wc_SrpSetKey(Srp* srp, byte* secret, word32 size);
 
 static int SrpHashInit(SrpHash* hash, SrpType type)
 {
@@ -216,7 +183,7 @@ int wc_SrpInit(Srp* srp, SrpType type, SrpSide side)
     srp->user = NULL;    srp->userSz = 0;
     srp->key  = NULL;    srp->keySz  = 0;
 
-    srp->keyGenFunc_cb = wc_SrpSetK;
+    srp->keyGenFunc_cb = wc_SrpSetKey;
 
     return 0;
 }
@@ -273,10 +240,16 @@ int wc_SrpSetParams(Srp* srp, const byte* N,    word32 nSz,
     if (mp_read_unsigned_bin(&srp->N, N, nSz) != MP_OKAY)
         return MP_READ_E;
 
+    if (mp_count_bits(&srp->N) < SRP_DEFAULT_MIN_BITS)
+        return BAD_FUNC_ARG;
+
     /* Set g */
     if (mp_read_unsigned_bin(&srp->g, g, gSz) != MP_OKAY)
         return MP_READ_E;
 
+    if (mp_cmp(&srp->N, &srp->g) != MP_GT)
+        return BAD_FUNC_ARG;
+
     /* Set salt */
     if (srp->salt) {
         XMEMSET(srp->salt, 0, srp->saltSz);
@@ -397,13 +370,23 @@ int wc_SrpSetVerifier(Srp* srp, const byte* verifier, word32 size)
 
 int wc_SrpSetPrivate(Srp* srp, const byte* private, word32 size)
 {
+    mp_int p;
+    int r;
+
     if (!srp || !private || !size)
         return BAD_FUNC_ARG;
 
     if (mp_iszero(&srp->auth))
         return SRP_CALL_ORDER_E;
 
-    return mp_read_unsigned_bin(&srp->priv, private, size);
+    r = mp_init(&p);
+    if (!r) r = mp_read_unsigned_bin(&p, private, size);
+    if (!r) r = mp_mod(&p, &srp->N, &srp->priv);
+    if (!r) r = mp_iszero(&srp->priv) ? SRP_BAD_KEY_E : 0;
+
+    mp_clear(&p);
+
+    return r;
 }
 
 /** Generates random data using wolfcrypt RNG. */
@@ -452,6 +435,7 @@ int wc_SrpGetPublic(Srp* srp, byte* public, word32* size)
 
         if (mp_init_multi(&i, &j, 0, 0, 0, 0) == MP_OKAY) {
             if (!r) r = mp_read_unsigned_bin(&i, srp->k,SrpHashSize(srp->type));
+            if (!r) r = mp_iszero(&i) ? SRP_BAD_KEY_E : 0;
             if (!r) r = mp_exptmod(&srp->g, &srp->priv, &srp->N, &pubkey);
             if (!r) r = mp_mulmod(&i, &srp->auth, &srp->N, &j);
             if (!r) r = mp_add(&j, &pubkey, &i);
@@ -470,7 +454,7 @@ int wc_SrpGetPublic(Srp* srp, byte* public, word32* size)
     return r;
 }
 
-static int wc_SrpSetK(Srp* srp, byte* secret, word32 size)
+static int wc_SrpSetKey(Srp* srp, byte* secret, word32 size)
 {
     SrpHash hash;
     byte digest[SRP_MAX_DIGEST_SIZE];
@@ -566,11 +550,15 @@ int wc_SrpComputeKey(Srp* srp, byte* clientPubKey, word32 clientPubKeySz,
     /* building s (secret) */
 
     if (!r && srp->side == SRP_CLIENT_SIDE) {
-        /* temp1 = B - k * v */
+
+        /* temp1 = B - k * v; rejects k == 0, B == 0 and B >= N. */
         r = mp_read_unsigned_bin(&temp1, srp->k, digestSz);
+        if (!r) r = mp_iszero(&temp1) ? SRP_BAD_KEY_E : 0;
         if (!r) r = mp_exptmod(&srp->g, &srp->auth, &srp->N, &temp2);
         if (!r) r = mp_mulmod(&temp1, &temp2, &srp->N, &s);
         if (!r) r = mp_read_unsigned_bin(&temp2, serverPubKey, serverPubKeySz);
+        if (!r) r = mp_iszero(&temp2) ? SRP_BAD_KEY_E : 0;
+        if (!r) r = mp_cmp(&temp2, &srp->N) != MP_LT ? SRP_BAD_KEY_E : 0;
         if (!r) r = mp_sub(&temp2, &s, &temp1);
 
         /* temp2 = a + u * x */
@@ -584,10 +572,18 @@ int wc_SrpComputeKey(Srp* srp, byte* clientPubKey, word32 clientPubKeySz,
         /* temp1 = v ^ u % N */
         r = mp_exptmod(&srp->auth, &u, &srp->N, &temp1);
 
-        /* temp2 = A * temp1 % N */
+        /* temp2 = A * temp1 % N; rejects A == 0, A >= N */
         if (!r) r = mp_read_unsigned_bin(&s, clientPubKey, clientPubKeySz);
+        if (!r) r = mp_iszero(&s) ? SRP_BAD_KEY_E : 0;
+        if (!r) r = mp_cmp(&s, &srp->N) != MP_LT ? SRP_BAD_KEY_E : 0;
         if (!r) r = mp_mulmod(&s, &temp1, &srp->N, &temp2);
 
+        /* rejects A * v ^ u % N >= 1, A * v ^ u % N == -1 % N */
+        if (!r) r = mp_read_unsigned_bin(&temp1, (const byte*)"\001", 1);
+        if (!r) r = mp_cmp(&temp2, &temp1) != MP_GT ? SRP_BAD_KEY_E : 0;
+        if (!r) r = mp_sub(&srp->N, &temp1, &s);
+        if (!r) r = mp_cmp(&temp2, &s) == MP_EQ ? SRP_BAD_KEY_E : 0;
+
         /* secret = temp2 * b % N */
         if (!r) r = mp_exptmod(&temp2, &srp->priv, &srp->N, &s);
     }
@@ -596,8 +592,6 @@ int wc_SrpComputeKey(Srp* srp, byte* clientPubKey, word32 clientPubKeySz,
 
     if (!r) r = mp_to_unsigned_bin(&s, secret);
     if (!r) r = srp->keyGenFunc_cb(srp, secret, mp_unsigned_bin_size(&s));
-    printf("key\n");
-    LogHex(srp->key, srp->keySz);
 
     /* updating client proof = H( H(N) ^ H(g) | H(user) | salt | A | B | K) */
 
diff --git a/wolfssl/wolfcrypt/error-crypt.h b/wolfssl/wolfcrypt/error-crypt.h
index 84714e462..340d1db75 100644
--- a/wolfssl/wolfcrypt/error-crypt.h
+++ b/wolfssl/wolfcrypt/error-crypt.h
@@ -153,6 +153,7 @@ enum {
 
     SRP_CALL_ORDER_E    = -217,  /* SRP function called in the wrong order. */
     SRP_VERIFY_E        = -218,  /* SRP proof verification failed. */
+    SRP_BAD_KEY_E       = -219,  /* SRP bad ephemeral values. */
 
     MIN_CODE_E          = -300   /* errors -101 - -299 */
 };
diff --git a/wolfssl/wolfcrypt/srp.h b/wolfssl/wolfcrypt/srp.h
index ba917d2ad..3992a07ea 100644
--- a/wolfssl/wolfcrypt/srp.h
+++ b/wolfssl/wolfcrypt/srp.h
@@ -47,6 +47,9 @@
     #error "You have to have some kind of SHA hash if you want to use SRP."
 #endif
 
+/* Set the minimum number of bits acceptable in an SRP modulus */
+#define SRP_DEFAULT_MIN_BITS 512
+
 /**
  * SRP side, client or server.
  */

From 114e3edc279d99ef01f1e804d1f49acf9c5f517f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= <moises@wolfssl.com>
Date: Tue, 4 Aug 2015 16:02:44 -0300
Subject: [PATCH 291/350] add srp example to test.c

---
 wolfcrypt/test/test.c | 104 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 104 insertions(+)

diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c
index f85ee6373..b7888b0c2 100644
--- a/wolfcrypt/test/test.c
+++ b/wolfcrypt/test/test.c
@@ -53,6 +53,7 @@
 #include <wolfssl/wolfcrypt/hmac.h>
 #include <wolfssl/wolfcrypt/dh.h>
 #include <wolfssl/wolfcrypt/dsa.h>
+#include <wolfssl/wolfcrypt/srp.h>
 #include <wolfssl/wolfcrypt/hc128.h>
 #include <wolfssl/wolfcrypt/rabbit.h>
 #include <wolfssl/wolfcrypt/chacha.h>
@@ -179,6 +180,7 @@ int  camellia_test(void);
 int  rsa_test(void);
 int  dh_test(void);
 int  dsa_test(void);
+int  srp_test(void);
 int  random_test(void);
 int  pwdbased_test(void);
 int  ripemd_test(void);
@@ -500,6 +502,13 @@ int wolfcrypt_test(void* args)
         printf( "DSA      test passed!\n");
 #endif
 
+#ifdef WOLFCRYPT_HAVE_SRP
+    if ( (ret = srp_test()) != 0)
+        return err_sys("SRP      test failed!\n", ret);
+    else
+        printf( "SRP      test passed!\n");
+#endif
+
 #ifndef NO_PWDBASED
     if ( (ret = pwdbased_test()) != 0)
         return err_sys("PWDBASED test failed!\n", ret);
@@ -4541,6 +4550,101 @@ int dsa_test(void)
 
 #endif /* NO_DSA */
 
+#ifdef WOLFCRYPT_HAVE_SRP
+
+int srp_test(void)
+{
+    Srp cli, srv;
+    int r;
+
+    byte clientPubKey[80]; /* A */
+    byte serverPubKey[80]; /* B */
+    word32 clientPubKeySz = 80;
+    word32 serverPubKeySz = 80;
+    byte clientProof[SRP_MAX_DIGEST_SIZE]; /* M1 */
+    byte serverProof[SRP_MAX_DIGEST_SIZE]; /* M2 */
+    word32 clientProofSz = SRP_MAX_DIGEST_SIZE;
+    word32 serverProofSz = SRP_MAX_DIGEST_SIZE;
+
+    byte username[] = "user";
+    word32 usernameSz = 4;
+
+    byte password[] = "password";
+    word32 passwordSz = 8;
+
+    byte N[] = {
+        0xC9, 0x4D, 0x67, 0xEB, 0x5B, 0x1A, 0x23, 0x46, 0xE8, 0xAB, 0x42, 0x2F,
+        0xC6, 0xA0, 0xED, 0xAE, 0xDA, 0x8C, 0x7F, 0x89, 0x4C, 0x9E, 0xEE, 0xC4,
+        0x2F, 0x9E, 0xD2, 0x50, 0xFD, 0x7F, 0x00, 0x46, 0xE5, 0xAF, 0x2C, 0xF7,
+        0x3D, 0x6B, 0x2F, 0xA2, 0x6B, 0xB0, 0x80, 0x33, 0xDA, 0x4D, 0xE3, 0x22,
+        0xE1, 0x44, 0xE7, 0xA8, 0xE9, 0xB1, 0x2A, 0x0E, 0x46, 0x37, 0xF6, 0x37,
+        0x1F, 0x34, 0xA2, 0x07, 0x1C, 0x4B, 0x38, 0x36, 0xCB, 0xEE, 0xAB, 0x15,
+        0x03, 0x44, 0x60, 0xFA, 0xA7, 0xAD, 0xF4, 0x83
+    };
+
+    byte g[] = {
+        0x02
+    };
+
+    byte salt[] = {
+        0xB2, 0xE5, 0x8E, 0xCC, 0xD0, 0xCF, 0x9D, 0x10, 0x3A, 0x56
+    };
+
+    byte verifier[] = {
+        0x7C, 0xAB, 0x17, 0xFE, 0x54, 0x3E, 0x8C, 0x13, 0xF2, 0x3D, 0x21, 0xE7,
+        0xD2, 0xAF, 0xAF, 0xDB, 0xA1, 0x52, 0x69, 0x9D, 0x49, 0x01, 0x79, 0x91,
+        0xCF, 0xD1, 0x3F, 0xE5, 0x28, 0x72, 0xCA, 0xBE, 0x13, 0xD1, 0xC2, 0xDA,
+        0x65, 0x34, 0x55, 0x8F, 0x34, 0x0E, 0x05, 0xB8, 0xB4, 0x0F, 0x7F, 0x6B,
+        0xBB, 0xB0, 0x6B, 0x50, 0xD8, 0xB1, 0xCC, 0xB7, 0x81, 0xFE, 0xD4, 0x42,
+        0xF5, 0x11, 0xBC, 0x8A, 0x28, 0xEB, 0x50, 0xB3, 0x46, 0x08, 0xBA, 0x24,
+        0xA2, 0xFB, 0x7F, 0x2E, 0x0A, 0xA5, 0x33, 0xCC
+    };
+
+    /* client knows username and password.   */
+    /* server knows N, g, salt and verifier. */
+
+            r = wc_SrpInit(&cli, SRP_TYPE_SHA, SRP_CLIENT_SIDE);
+    if (!r) r = wc_SrpSetUsername(&cli, username, usernameSz);
+
+    /* client sends username to server */
+
+    if (!r) r = wc_SrpInit(&srv, SRP_TYPE_SHA, SRP_SERVER_SIDE);
+    if (!r) r = wc_SrpSetUsername(&srv, username, usernameSz);
+    if (!r) r = wc_SrpSetParams(&srv, N,    sizeof(N),
+                                      g,    sizeof(g),
+                                      salt, sizeof(salt));
+    if (!r) r = wc_SrpSetVerifier(&srv, verifier, sizeof(verifier));
+    if (!r) r = wc_SrpGetPublic(&srv, serverPubKey, &serverPubKeySz);
+
+    /* server sends N, g, salt and B to client */
+
+    if (!r) r = wc_SrpSetParams(&cli, N,    sizeof(N),
+                                      g,    sizeof(g),
+                                      salt, sizeof(salt));
+    if (!r) r = wc_SrpSetPassword(&cli, password, passwordSz);
+    if (!r) r = wc_SrpGetPublic(&cli, clientPubKey, &clientPubKeySz);
+    if (!r) r = wc_SrpComputeKey(&cli, clientPubKey, clientPubKeySz,
+                                       serverPubKey, serverPubKeySz);
+    if (!r) r = wc_SrpGetProof(&cli, clientProof, &clientProofSz);
+
+    /* client sends A and M1 to server */
+
+    if (!r) r = wc_SrpComputeKey(&srv, clientPubKey, clientPubKeySz,
+                                       serverPubKey, serverPubKeySz);
+    if (!r) r = wc_SrpVerifyPeersProof(&srv, clientProof, clientProofSz);
+    if (!r) r = wc_SrpGetProof(&srv, serverProof, &serverProofSz);
+
+    /* server sends M2 to client */
+
+    if (!r) r = wc_SrpVerifyPeersProof(&cli, serverProof, serverProofSz);
+
+    wc_SrpTerm(&cli);
+    wc_SrpTerm(&srv);
+
+    return r;
+}
+
+#endif /* WOLFCRYPT_HAVE_SRP */
 
 #ifdef OPENSSL_EXTRA
 

From 121a24ba152050b5588c98cc9546abf4be92d800 Mon Sep 17 00:00:00 2001
From: kaleb-himes <kaleb@wolfssl.com>
Date: Tue, 4 Aug 2015 15:11:01 -0600
Subject: [PATCH 292/350] update logic for ECC FASTMATH KEY-GEN and COMP-KEY

---
 wolfcrypt/src/integer.c     | 4 +++-
 wolfcrypt/src/tfm.c         | 9 ++++++---
 wolfssl/wolfcrypt/integer.h | 2 +-
 wolfssl/wolfcrypt/types.h   | 2 +-
 4 files changed, 11 insertions(+), 6 deletions(-)

diff --git a/wolfcrypt/src/integer.c b/wolfcrypt/src/integer.c
index 5a79191b6..da58dd0a6 100644
--- a/wolfcrypt/src/integer.c
+++ b/wolfcrypt/src/integer.c
@@ -4535,12 +4535,14 @@ LBL_U:mp_clear (&v);
 #endif /* WOLFSSL_KEY_GEN */
 
 
-#ifdef HAVE_ECC
+#if defined(HAVE_ECC) || defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY)
 
 /* chars used in radix conversions */
 const char *mp_s_rmap = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ\
                          abcdefghijklmnopqrstuvwxyz+/";
+#endif
 
+#ifdef HAVE_ECC
 /* read a string [ASCII] in a given radix */
 int mp_read_radix (mp_int * a, const char *str, int radix)
 {
diff --git a/wolfcrypt/src/tfm.c b/wolfcrypt/src/tfm.c
index 5c5f60bda..7e45f1f6d 100755
--- a/wolfcrypt/src/tfm.c
+++ b/wolfcrypt/src/tfm.c
@@ -2264,6 +2264,7 @@ static const int lnz[16] = {
    4, 0, 1, 0, 2, 0, 1, 0, 3, 0, 1, 0, 2, 0, 1, 0
 };
 
+#ifdef WOLFSSL_KEY_GEN
 /* swap the elements of two integers, for cases where you can't simply swap the
  * mp_int pointers around
  */
@@ -2275,6 +2276,7 @@ static void fp_exch (fp_int * a, fp_int * b)
     *a = *b;
     *b = t;
 }
+#endif
 
 /* Counts the number of lsbs which are zero before the first zero bit */
 int fp_cnt_lsb(fp_int *a)
@@ -2724,12 +2726,14 @@ int mp_add_d(fp_int *a, fp_digit b, fp_int *c)
 #endif  /* HAVE_ECC || !NO_PWDBASED */
 
 
-#ifdef HAVE_ECC
+#if defined(HAVE_ECC) || defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY)
 
 /* chars used in radix conversions */
 static const char *fp_s_rmap = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ\
                                 abcdefghijklmnopqrstuvwxyz+/";
+#endif
 
+#ifdef HAVE_ECC
 static int fp_read_radix(fp_int *a, const char *str, int radix)
 {
   int     y, neg;
@@ -2842,6 +2846,7 @@ int mp_cnt_lsb(fp_int* a)
 
 #endif /* HAVE_COMP_KEY */
 
+#endif /* HAVE_ECC */
 
 #if defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY)
 
@@ -2953,7 +2958,5 @@ int mp_toradix (mp_int *a, char *str, int radix)
 
 #endif /* defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) */
 
-#endif /* HAVE_ECC */
-
 #endif /* USE_FAST_MATH */
 
diff --git a/wolfssl/wolfcrypt/integer.h b/wolfssl/wolfcrypt/integer.h
index 8e43a395b..16ee0cc7b 100644
--- a/wolfssl/wolfcrypt/integer.h
+++ b/wolfssl/wolfcrypt/integer.h
@@ -307,7 +307,7 @@ int mp_radix_size (mp_int * a, int radix, int *size);
 #if defined(HAVE_ECC) || defined(WOLFSSL_KEY_GEN)
     int mp_sqrmod(mp_int* a, mp_int* b, mp_int* c);
 #endif
-#ifdef HAVE_ECC
+#if defined(HAVE_ECC) || defined(WOLFSSL_KEY_GEN)
     int mp_read_radix(mp_int* a, const char* str, int radix);
 #endif
 
diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h
index 795d2c9c5..3d379e216 100644
--- a/wolfssl/wolfcrypt/types.h
+++ b/wolfssl/wolfcrypt/types.h
@@ -215,7 +215,7 @@
 
 	#ifndef CTYPE_USER
 	    #include <ctype.h>
-	    #if defined(HAVE_ECC) || defined(HAVE_OCSP)
+	    #if defined(HAVE_ECC) || defined(HAVE_OCSP) || defined(WOLFSSL_KEY_GEN)
 	        #define XTOUPPER(c)     toupper((c))
 	        #define XISALPHA(c)     isalpha((c))
 	    #endif

From b15e5b1747a4622140312d5cf023429ffe9c2c66 Mon Sep 17 00:00:00 2001
From: kaleb-himes <kaleb@wolfssl.com>
Date: Tue, 4 Aug 2015 15:31:40 -0600
Subject: [PATCH 293/350] updated existing projects to include wc_encrypt.c

---
 wolfssl.vcproj  | 4 ++++
 wolfssl.vcxproj | 1 +
 2 files changed, 5 insertions(+)

diff --git a/wolfssl.vcproj b/wolfssl.vcproj
index b4a4543ad..f81f47fbd 100755
--- a/wolfssl.vcproj
+++ b/wolfssl.vcproj
@@ -291,6 +291,10 @@
 				RelativePath=".\src\tls.c"
 				>
 			</File>
+			<File
+				RelativePath="wolfcrypt\src\wc_encrypt.c"
+				>
+			</File>
 		</Filter>
 		<Filter
 			Name="Header Files"
diff --git a/wolfssl.vcxproj b/wolfssl.vcxproj
index 24b29bb81..947a3ac2b 100644
--- a/wolfssl.vcxproj
+++ b/wolfssl.vcxproj
@@ -308,6 +308,7 @@
     <ClCompile Include="wolfcrypt\src\sha.c" />
     <ClCompile Include="wolfcrypt\src\sha256.c" />
     <ClCompile Include="wolfcrypt\src\sha512.c" />
+	<ClCompile Include="wolfcrypt\src\wc_encrypt.c" />
     <ClCompile Include="src\ssl.c" />
     <ClCompile Include="src\tls.c" />
   </ItemGroup>

From 92b725dfd769005780f8ebd99d80855d0ccbe26d Mon Sep 17 00:00:00 2001
From: unknown <kaleb@wolfssl.com>
Date: Wed, 5 Aug 2015 11:16:21 -0600
Subject: [PATCH 294/350] DLL-Debug-32 tested and linking properly

---
 IDE/WIN/test.vcxproj         | 13 ++++++++-----
 IDE/WIN/wolfssl-fips.vcxproj | 14 +++++++++-----
 2 files changed, 17 insertions(+), 10 deletions(-)

diff --git a/IDE/WIN/test.vcxproj b/IDE/WIN/test.vcxproj
index 38e264b20..73d6d0864 100644
--- a/IDE/WIN/test.vcxproj
+++ b/IDE/WIN/test.vcxproj
@@ -140,6 +140,7 @@
     <Link>
       <GenerateDebugInformation>true</GenerateDebugInformation>
       <SubSystem>Console</SubSystem>
+      <TargetMachine>MachineX86</TargetMachine>
       <AdditionalDependencies>ws2_32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies)</AdditionalDependencies>
       <RandomizedBaseAddress>false</RandomizedBaseAddress>
     </Link>
@@ -187,7 +188,7 @@
     <ClCompile>
       <Optimization>Disabled</Optimization>
       <AdditionalIncludeDirectories>..\..\;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;USE_CERT_BUFFERS_2048;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;USE_CERT_BUFFERS_2048;CYASSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
       <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
       <PrecompiledHeader />
@@ -200,13 +201,14 @@
       <SubSystem>Console</SubSystem>
       <TargetMachine>MachineX86</TargetMachine>
       <AdditionalDependencies>ws2_32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <RandomizedBaseAddress>false</RandomizedBaseAddress>
     </Link>
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Debug|x64'">
     <ClCompile>
       <Optimization>Disabled</Optimization>
       <AdditionalIncludeDirectories>..\..\;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;USE_CERT_BUFFERS_2048;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;USE_CERT_BUFFERS_2048;CYASSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
       <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
       <PrecompiledHeader />
@@ -216,6 +218,7 @@
     <Link>
       <GenerateDebugInformation>true</GenerateDebugInformation>
       <SubSystem>Console</SubSystem>
+      <TargetMachine>MachineX86</TargetMachine>
       <AdditionalDependencies>ws2_32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies)</AdditionalDependencies>
       <RandomizedBaseAddress>false</RandomizedBaseAddress>
     </Link>
@@ -223,7 +226,7 @@
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'">
     <ClCompile>
       <AdditionalIncludeDirectories>..\..\;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;USE_CERT_BUFFERS_2048;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;USE_CERT_BUFFERS_2048;CYASSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
       <PrecompiledHeader />
       <WarningLevel>Level3</WarningLevel>
@@ -243,7 +246,7 @@
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|x64'">
     <ClCompile>
       <AdditionalIncludeDirectories>..\..\;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;USE_CERT_BUFFERS_2048;WOLFSSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;USE_CERT_BUFFERS_2048;CYASSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
       <PrecompiledHeader />
       <WarningLevel>Level3</WarningLevel>
@@ -271,4 +274,4 @@
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
   <ImportGroup Label="ExtensionTargets">
   </ImportGroup>
-</Project>
+</Project>
\ No newline at end of file
diff --git a/IDE/WIN/wolfssl-fips.vcxproj b/IDE/WIN/wolfssl-fips.vcxproj
index c63c79bd1..62d288e6c 100644
--- a/IDE/WIN/wolfssl-fips.vcxproj
+++ b/IDE/WIN/wolfssl-fips.vcxproj
@@ -132,7 +132,7 @@
     <ClCompile>
       <Optimization>Disabled</Optimization>
       <AdditionalIncludeDirectories>./;../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>OPENSSL_EXTRA;HAVE_THREAD_LS;WOLFSSL_KEY_GEN;BUILDING_WOLFSSL;WOLFSSL_DLL;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>OPENSSL_EXTRA;HAVE_THREAD_LS;WOLFSSL_KEY_GEN;BUILDING_WOLFSSL;CYASSL_DLL;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <MinimalRebuild>true</MinimalRebuild>
       <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
       <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
@@ -140,6 +140,9 @@
       <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
       <DisableSpecificWarnings>4206;4214;4706;%(DisableSpecificWarnings)</DisableSpecificWarnings>
     </ClCompile>
+    <Link>
+      <AdditionalDependencies>ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+    </Link>
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
     <ClCompile>
@@ -157,7 +160,7 @@
     <ClCompile>
       <Optimization>Disabled</Optimization>
       <AdditionalIncludeDirectories>./;../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>OPENSSL_EXTRA;HAVE_THREAD_LS;WOLFSSL_KEY_GEN;BUILDING_WOLFSSL;WOLFSSL_DLL;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>OPENSSL_EXTRA;HAVE_THREAD_LS;WOLFSSL_KEY_GEN;BUILDING_WOLFSSL;CYASSL_DLL;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
       <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
       <WarningLevel>Level4</WarningLevel>
@@ -187,7 +190,7 @@
       <Optimization>MaxSpeed</Optimization>
       <IntrinsicFunctions>true</IntrinsicFunctions>
       <AdditionalIncludeDirectories>./;../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>OPENSSL_EXTRA;HAVE_THREAD_LS;WOLFSSL_KEY_GEN;BUILDING_WOLFSSL;WOLFSSL_DLL;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>OPENSSL_EXTRA;HAVE_THREAD_LS;WOLFSSL_KEY_GEN;BUILDING_WOLFSSL;CYASSL_DLL;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
       <FunctionLevelLinking>true</FunctionLevelLinking>
       <WarningLevel>Level3</WarningLevel>
@@ -212,7 +215,7 @@
       <Optimization>MaxSpeed</Optimization>
       <IntrinsicFunctions>true</IntrinsicFunctions>
       <AdditionalIncludeDirectories>./;../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>OPENSSL_EXTRA;HAVE_THREAD_LS;WOLFSSL_KEY_GEN;BUILDING_WOLFSSL;WOLFSSL_DLL;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>OPENSSL_EXTRA;HAVE_THREAD_LS;WOLFSSL_KEY_GEN;BUILDING_WOLFSSL;CYASSL_DLL;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
       <FunctionLevelLinking>true</FunctionLevelLinking>
       <WarningLevel>Level3</WarningLevel>
@@ -287,6 +290,7 @@
     <ClCompile Include="..\..\wolfcrypt\src\sha512.c" />
     <ClCompile Include="..\..\src\ssl.c" />
     <ClCompile Include="..\..\src\tls.c" />
+	<ClCompile Include="..\..\wolfcrypt\src\wc_encrypt.c" />
   </ItemGroup>
   <ItemGroup>
     <CustomBuild Include="..\..\wolfcrypt\src\aes_asm.asm">
@@ -307,4 +311,4 @@
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
   <ImportGroup Label="ExtensionTargets">
   </ImportGroup>
-</Project>
+</Project>
\ No newline at end of file

From f45ef26977455844c79faf139c71938d2e8cb440 Mon Sep 17 00:00:00 2001
From: unknown <kaleb@wolfssl.com>
Date: Wed, 5 Aug 2015 11:28:07 -0600
Subject: [PATCH 295/350] DLL-x64 and Debug-x64 removed x86 constraint

---
 IDE/WIN/test.vcxproj | 2 --
 1 file changed, 2 deletions(-)

diff --git a/IDE/WIN/test.vcxproj b/IDE/WIN/test.vcxproj
index 73d6d0864..a06928cf5 100644
--- a/IDE/WIN/test.vcxproj
+++ b/IDE/WIN/test.vcxproj
@@ -140,7 +140,6 @@
     <Link>
       <GenerateDebugInformation>true</GenerateDebugInformation>
       <SubSystem>Console</SubSystem>
-      <TargetMachine>MachineX86</TargetMachine>
       <AdditionalDependencies>ws2_32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies)</AdditionalDependencies>
       <RandomizedBaseAddress>false</RandomizedBaseAddress>
     </Link>
@@ -218,7 +217,6 @@
     <Link>
       <GenerateDebugInformation>true</GenerateDebugInformation>
       <SubSystem>Console</SubSystem>
-      <TargetMachine>MachineX86</TargetMachine>
       <AdditionalDependencies>ws2_32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies)</AdditionalDependencies>
       <RandomizedBaseAddress>false</RandomizedBaseAddress>
     </Link>

From 42a50d2caf4f609c99dca923d39a14eb69db85a7 Mon Sep 17 00:00:00 2001
From: unknown <kaleb@wolfssl.com>
Date: Wed, 5 Aug 2015 15:41:46 -0600
Subject: [PATCH 296/350] Release x64 tested and working

---
 IDE/WIN/test.vcxproj         | 9 +++++----
 IDE/WIN/wolfssl-fips.vcxproj | 5 +----
 2 files changed, 6 insertions(+), 8 deletions(-)

diff --git a/IDE/WIN/test.vcxproj b/IDE/WIN/test.vcxproj
index a06928cf5..41a53901c 100644
--- a/IDE/WIN/test.vcxproj
+++ b/IDE/WIN/test.vcxproj
@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="utf-8"?>
-<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+<Project DefaultTargets="Build" ToolsVersion="12.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
   <ItemGroup Label="ProjectConfigurations">
     <ProjectConfiguration Include="Debug|Win32">
       <Configuration>Debug</Configuration>
@@ -152,16 +152,16 @@
       <PrecompiledHeader />
       <WarningLevel>Level3</WarningLevel>
       <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+      <WholeProgramOptimization>true</WholeProgramOptimization>
     </ClCompile>
     <Link>
       <GenerateDebugInformation>true</GenerateDebugInformation>
       <SubSystem>Console</SubSystem>
+      <TargetMachine>MachineX86</TargetMachine>
       <AdditionalDependencies>ws2_32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies)</AdditionalDependencies>
       <OptimizeReferences>true</OptimizeReferences>
       <EnableCOMDATFolding>true</EnableCOMDATFolding>
-      <TargetMachine>MachineX86</TargetMachine>
       <LinkTimeCodeGeneration>UseLinkTimeCodeGeneration</LinkTimeCodeGeneration>
-      <RandomizedBaseAddress>false</RandomizedBaseAddress>
     </Link>
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
@@ -207,12 +207,13 @@
     <ClCompile>
       <Optimization>Disabled</Optimization>
       <AdditionalIncludeDirectories>..\..\;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;USE_CERT_BUFFERS_2048;CYASSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>_DEBUG;_CONSOLE;OPENSSL_EXTRA;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;USE_CERT_BUFFERS_2048;CYASSL_DLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
       <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
       <PrecompiledHeader />
       <WarningLevel>Level3</WarningLevel>
       <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+      <RandomizedBaseAddress>false</RandomizedBaseAddress>
     </ClCompile>
     <Link>
       <GenerateDebugInformation>true</GenerateDebugInformation>
diff --git a/IDE/WIN/wolfssl-fips.vcxproj b/IDE/WIN/wolfssl-fips.vcxproj
index 62d288e6c..70af4ad98 100644
--- a/IDE/WIN/wolfssl-fips.vcxproj
+++ b/IDE/WIN/wolfssl-fips.vcxproj
@@ -169,8 +169,6 @@
     </ClCompile>
     <Link>
       <AdditionalDependencies>ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
-      <OptimizeReferences>false</OptimizeReferences>
-      <GenerateDebugInformation>true</GenerateDebugInformation>
     </Link>
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
@@ -178,11 +176,10 @@
       <Optimization>MaxSpeed</Optimization>
       <IntrinsicFunctions>true</IntrinsicFunctions>
       <AdditionalIncludeDirectories>./;../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>OPENSSL_EXTRA;HAVE_THREAD_LS;WOLFSSL_KEY_GEN;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>WIN32;OPENSSL_EXTRA;HAVE_THREAD_LS;WOLFSSL_KEY_GEN;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
       <FunctionLevelLinking>true</FunctionLevelLinking>
       <WarningLevel>Level3</WarningLevel>
-      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
     </ClCompile>
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'">

From 865d88ce3e79c975bbd5ac5c5548de6d0ae4a904 Mon Sep 17 00:00:00 2001
From: unknown <kaleb@wolfssl.com>
Date: Wed, 5 Aug 2015 15:55:05 -0600
Subject: [PATCH 297/350] rewind tool version

---
 IDE/WIN/test.vcxproj | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/IDE/WIN/test.vcxproj b/IDE/WIN/test.vcxproj
index 41a53901c..06ad22bd3 100644
--- a/IDE/WIN/test.vcxproj
+++ b/IDE/WIN/test.vcxproj
@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="utf-8"?>
-<Project DefaultTargets="Build" ToolsVersion="12.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
   <ItemGroup Label="ProjectConfigurations">
     <ProjectConfiguration Include="Debug|Win32">
       <Configuration>Debug</Configuration>

From d050c1058128a7532e68d176dfcaf7847ffa46ae Mon Sep 17 00:00:00 2001
From: Ludovic FLAMENT <ludovic.flament@cryptograph-ic.com>
Date: Sat, 1 Aug 2015 18:28:18 +0200
Subject: [PATCH 298/350] add support for curve 25519 and Ed25519 in OpenSSH
 refactor curve25519 and Ed25519 code fix warning in PEM_xxx_mem_xxx functions

---
 configure.ac                   |  10 +
 cyassl/openssl/ec25519.h       |   3 +
 cyassl/openssl/ed25519.h       |   3 +
 cyassl/openssl/include.am      |   2 +
 src/ssl.c                      | 323 ++++++++++++++++++++++++++++++++-
 wolfcrypt/src/curve25519.c     | 310 +++++++++++++++++++++----------
 wolfcrypt/src/ed25519.c        | 278 ++++++++++++++++++----------
 wolfcrypt/src/fe_operations.c  |  21 ++-
 wolfcrypt/test/test.c          |  21 +++
 wolfssl/openssl/ec25519.h      |  23 +++
 wolfssl/openssl/ed25519.h      |  26 +++
 wolfssl/openssl/include.am     |   2 +
 wolfssl/openssl/pem.h          |   6 +-
 wolfssl/wolfcrypt/curve25519.h |  43 ++++-
 wolfssl/wolfcrypt/ed25519.h    |  21 ++-
 15 files changed, 888 insertions(+), 204 deletions(-)
 create mode 100644 cyassl/openssl/ec25519.h
 create mode 100644 cyassl/openssl/ed25519.h
 create mode 100644 wolfssl/openssl/ec25519.h
 create mode 100644 wolfssl/openssl/ed25519.h

diff --git a/configure.ac b/configure.ac
index bc15219aa..0acd28feb 100644
--- a/configure.ac
+++ b/configure.ac
@@ -733,6 +733,11 @@ AC_ARG_ENABLE([curve25519],
     )
 
 
+if test "$ENABLED_OPENSSH" = "yes"
+then
+    ENABLED_CURVE25519="yes"
+fi
+
 if test "$ENABLED_CURVE25519" = "small"
 then
     AM_CFLAGS="$AM_CFLAGS -DCURVED25519_SMALL"
@@ -758,6 +763,11 @@ AC_ARG_ENABLE([ed25519],
     )
 
 
+if test "$ENABLED_OPENSSH" = "yes"
+then
+    ENABLED_ED25519="yes"
+fi
+
 if test "$ENABLED_ED25519" = "small"
 then
     AM_CFLAGS="$AM_CFLAGS -DCURVED25519_SMALL"
diff --git a/cyassl/openssl/ec25519.h b/cyassl/openssl/ec25519.h
new file mode 100644
index 000000000..6ee894506
--- /dev/null
+++ b/cyassl/openssl/ec25519.h
@@ -0,0 +1,3 @@
+/* ec25519.h  */
+
+#include <wolfssl/openssl/ec25519.h>
diff --git a/cyassl/openssl/ed25519.h b/cyassl/openssl/ed25519.h
new file mode 100644
index 000000000..240cbcaaf
--- /dev/null
+++ b/cyassl/openssl/ed25519.h
@@ -0,0 +1,3 @@
+/* ed25519.h  */
+
+#include <wolfssl/openssl/ed25519.h>
diff --git a/cyassl/openssl/include.am b/cyassl/openssl/include.am
index 88950eeec..f5c3c56e9 100644
--- a/cyassl/openssl/include.am
+++ b/cyassl/openssl/include.am
@@ -13,6 +13,8 @@ nobase_include_HEADERS+= \
                          cyassl/openssl/ecdsa.h \
                          cyassl/openssl/ecdh.h \
                          cyassl/openssl/ec.h \
+                         cyassl/openssl/ec25519.h \
+                         cyassl/openssl/ed25519.h \
                          cyassl/openssl/engine.h \
                          cyassl/openssl/err.h \
                          cyassl/openssl/evp.h \
diff --git a/src/ssl.c b/src/ssl.c
index e543e68d3..358879f19 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -50,6 +50,8 @@
     #include <wolfssl/openssl/rsa.h>
     #include <wolfssl/openssl/pem.h>
     #include <wolfssl/openssl/ec.h>
+    #include <wolfssl/openssl/ec25519.h>
+    #include <wolfssl/openssl/ed25519.h>
     #include <wolfssl/openssl/ecdsa.h>
     #include <wolfssl/openssl/ecdh.h>
     /* openssl headers end, wolfssl internal headers next */
@@ -59,6 +61,8 @@
     #include <wolfssl/wolfcrypt/md4.h>
     #include <wolfssl/wolfcrypt/md5.h>
     #include <wolfssl/wolfcrypt/arc4.h>
+    #include <wolfssl/wolfcrypt/curve25519.h>
+    #include <wolfssl/wolfcrypt/ed25519.h>
     #ifdef WOLFSSL_SHA512
         #include <wolfssl/wolfcrypt/sha512.h>
     #endif
@@ -12635,8 +12639,7 @@ int wolfSSL_DSA_generate_key(WOLFSSL_DSA* dsa)
         return SSL_FAILURE;
     }
 
-    if (dsa->inSet == 0)
-    {
+    if (dsa->inSet == 0) {
         WOLFSSL_MSG("No DSA internal set, do it");
 
         if (SetDsaInternal(dsa) != SSL_SUCCESS) {
@@ -13496,7 +13499,7 @@ static int EncryptDerKey(byte *der, int *derSz, const EVP_CIPHER* cipher,
  */
 int wolfSSL_PEM_write_mem_RSAPrivateKey(RSA* rsa, const EVP_CIPHER* cipher,
                                         unsigned char* passwd, int passwdSz,
-                                        byte **pem, int *plen)
+                                        unsigned char **pem, int *plen)
 {
     byte *der, *tmp, *cipherInfo = NULL;
     int  der_max_len = 0, derSz = 0;
@@ -14867,7 +14870,7 @@ int wolfSSL_PEM_write_bio_ECPrivateKey(WOLFSSL_BIO* bio, WOLFSSL_EC_KEY* ecc,
 int wolfSSL_PEM_write_mem_ECPrivateKey(WOLFSSL_EC_KEY* ecc,
                                        const EVP_CIPHER* cipher,
                                        unsigned char* passwd, int passwdSz,
-                                       byte **pem, int *plen)
+                                       unsigned char **pem, int *plen)
 {
     byte *der, *tmp, *cipherInfo = NULL;
     int  der_max_len = 0, derSz = 0;
@@ -15040,7 +15043,7 @@ int wolfSSL_PEM_write_bio_DSAPrivateKey(WOLFSSL_BIO* bio, WOLFSSL_DSA* dsa,
 int wolfSSL_PEM_write_mem_DSAPrivateKey(WOLFSSL_DSA* dsa,
                                         const EVP_CIPHER* cipher,
                                         unsigned char* passwd, int passwdSz,
-                                        byte **pem, int *plen)
+                                        unsigned char **pem, int *plen)
 {
     byte *der, *tmp, *cipherInfo = NULL;
     int  der_max_len = 0, derSz = 0;
@@ -16330,3 +16333,313 @@ const byte* wolfSSL_SESSION_get_id(WOLFSSL_SESSION* sess, unsigned int* idLen)
     return sess->sessionID;
 }
 #endif /* OPENSSL_EXTRA and HAVE_STUNNEL */
+
+#if defined(OPENSSL_EXTRA) && defined(HAVE_CURVE25519)
+/* return 1 if success, 0 if error
+ * output keys are little endian format
+ */
+int wolfSSL_EC25519_generate_key(unsigned char *priv, unsigned int *privSz,
+                                 unsigned char *pub, unsigned int *pubSz)
+{
+#ifndef WOLFSSL_KEY_GEN
+    WOLFSSL_MSG("No Key Gen built in");
+    return SSL_FAILURE;
+#else /* WOLFSSL_KEY_GEN */
+    int ret = SSL_FAILURE;
+    int initTmpRng = 0;
+    RNG *rng = NULL;
+#ifdef WOLFSSL_SMALL_STACK
+    RNG *tmpRNG = NULL;
+#else
+    RNG tmpRNG[1];
+#endif
+
+    WOLFSSL_ENTER("wolfSSL_EC25519_generate_key");
+
+    if (priv == NULL || privSz == NULL || *privSz < CURVE25519_KEYSIZE ||
+        pub == NULL || pubSz == NULL || *pubSz < CURVE25519_KEYSIZE) {
+        WOLFSSL_MSG("Bad arguments");
+        return SSL_FAILURE;
+    }
+
+#ifdef WOLFSSL_SMALL_STACK
+    tmpRNG = (RNG*)XMALLOC(sizeof(RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    if (tmpRNG == NULL)
+        return SSL_FAILURE;
+#endif
+    if (wc_InitRng(tmpRNG) == 0) {
+        rng = tmpRNG;
+        initTmpRng = 1;
+    }
+    else {
+        WOLFSSL_MSG("Bad RNG Init, trying global");
+        if (initGlobalRNG == 0)
+            WOLFSSL_MSG("Global RNG no Init");
+        else
+            rng = &globalRNG;
+    }
+
+    if (rng) {
+        curve25519_key key;
+
+        if (wc_curve25519_init(&key) != MP_OKAY)
+            WOLFSSL_MSG("wc_curve25519_init failed");
+        else if (wc_curve25519_make_key(rng, CURVE25519_KEYSIZE, &key)!=MP_OKAY)
+            WOLFSSL_MSG("wc_curve25519_make_key failed");
+        /* export key pair */
+        else if (wc_curve25519_export_key_raw_ex(&key, priv, privSz, pub,
+                                                 pubSz, EC25519_LITTLE_ENDIAN)
+                 != MP_OKAY)
+            WOLFSSL_MSG("wc_curve25519_export_key_raw_ex failed");
+        else
+            ret = SSL_SUCCESS;
+
+        wc_curve25519_free(&key);
+    }
+
+    if (initTmpRng)
+        wc_FreeRng(tmpRNG);
+
+#ifdef WOLFSSL_SMALL_STACK
+    XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+
+    return ret;
+#endif /* WOLFSSL_KEY_GEN */
+}
+
+/* return 1 if success, 0 if error
+ * input and output keys are little endian format
+ */
+int wolfSSL_EC25519_shared_key(unsigned char *shared, unsigned int *sharedSz,
+                               const unsigned char *priv, unsigned int privSz,
+                               const unsigned char *pub, unsigned int pubSz)
+{
+#ifndef WOLFSSL_KEY_GEN
+    WOLFSSL_MSG("No Key Gen built in");
+    return SSL_FAILURE;
+#else /* WOLFSSL_KEY_GEN */
+    int ret = SSL_FAILURE;
+    curve25519_key privkey, pubkey;
+
+    WOLFSSL_ENTER("wolfSSL_EC25519_shared_key");
+
+    if (shared == NULL || sharedSz == NULL || *sharedSz < CURVE25519_KEYSIZE ||
+        priv == NULL || privSz < CURVE25519_KEYSIZE ||
+        pub == NULL || pubSz < CURVE25519_KEYSIZE) {
+        WOLFSSL_MSG("Bad arguments");
+        return SSL_FAILURE;
+    }
+
+    /* import private key */
+    if (wc_curve25519_init(&privkey) != MP_OKAY) {
+        WOLFSSL_MSG("wc_curve25519_init privkey failed");
+        return ret;
+    }
+    if (wc_curve25519_import_private_ex(priv, privSz, &privkey,
+                                        EC25519_LITTLE_ENDIAN) != MP_OKAY) {
+        WOLFSSL_MSG("wc_curve25519_import_private_ex failed");
+        wc_curve25519_free(&privkey);
+        return ret;
+    }
+
+    /* import public key */
+    if (wc_curve25519_init(&pubkey) != MP_OKAY) {
+        WOLFSSL_MSG("wc_curve25519_init pubkey failed");
+        wc_curve25519_free(&privkey);
+        return ret;
+    }
+    if (wc_curve25519_import_public_ex(pub, pubSz, &pubkey,
+                                       EC25519_LITTLE_ENDIAN) != MP_OKAY) {
+        WOLFSSL_MSG("wc_curve25519_import_public_ex failed");
+        wc_curve25519_free(&privkey);
+        wc_curve25519_free(&pubkey);
+        return ret;
+    }
+
+    if (wc_curve25519_shared_secret_ex(&privkey, &pubkey,
+                                       shared, sharedSz,
+                                       EC25519_LITTLE_ENDIAN) != MP_OKAY)
+        WOLFSSL_MSG("wc_curve25519_shared_secret_ex failed");
+    else
+        ret = SSL_SUCCESS;
+
+    wc_curve25519_free(&privkey);
+    wc_curve25519_free(&pubkey);
+
+    return ret;
+#endif /* WOLFSSL_KEY_GEN */
+}
+#endif /* OPENSSL_EXTRA && HAVE_CURVE25519 */
+
+#if defined(OPENSSL_EXTRA) && defined(HAVE_ED25519)
+/* return 1 if success, 0 if error
+ * output keys are little endian format
+ */
+int wolfSSL_ED25519_generate_key(unsigned char *priv, unsigned int *privSz,
+                                 unsigned char *pub, unsigned int *pubSz)
+{
+#ifndef WOLFSSL_KEY_GEN
+    WOLFSSL_MSG("No Key Gen built in");
+    return SSL_FAILURE;
+#else /* WOLFSSL_KEY_GEN */
+    int ret = SSL_FAILURE;
+    int initTmpRng = 0;
+    RNG *rng = NULL;
+#ifdef WOLFSSL_SMALL_STACK
+    RNG *tmpRNG = NULL;
+#else
+    RNG tmpRNG[1];
+#endif
+
+    WOLFSSL_ENTER("wolfSSL_ED25519_generate_key");
+
+    if (priv == NULL || privSz == NULL || *privSz < ED25519_PRV_KEY_SIZE ||
+        pub == NULL || pubSz == NULL || *pubSz < ED25519_PUB_KEY_SIZE) {
+        WOLFSSL_MSG("Bad arguments");
+        return SSL_FAILURE;
+    }
+
+#ifdef WOLFSSL_SMALL_STACK
+    tmpRNG = (RNG*)XMALLOC(sizeof(RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    if (tmpRNG == NULL)
+        return SSL_FATAL_ERROR;
+#endif
+    if (wc_InitRng(tmpRNG) == 0) {
+        rng = tmpRNG;
+        initTmpRng = 1;
+    }
+    else {
+        WOLFSSL_MSG("Bad RNG Init, trying global");
+        if (initGlobalRNG == 0)
+            WOLFSSL_MSG("Global RNG no Init");
+        else
+            rng = &globalRNG;
+    }
+
+    if (rng) {
+        ed25519_key key;
+
+        if (wc_ed25519_init(&key) != MP_OKAY)
+            WOLFSSL_MSG("wc_ed25519_init failed");
+        else if (wc_ed25519_make_key(rng, ED25519_KEY_SIZE, &key)!=MP_OKAY)
+            WOLFSSL_MSG("wc_ed25519_make_key failed");
+        /* export private key */
+        else if (wc_ed25519_export_key(&key, priv, privSz, pub, pubSz)!=MP_OKAY)
+            WOLFSSL_MSG("wc_ed25519_export_key failed");
+        else
+            ret = SSL_SUCCESS;
+
+        wc_ed25519_free(&key);
+    }
+
+    if (initTmpRng)
+        wc_FreeRng(tmpRNG);
+
+#ifdef WOLFSSL_SMALL_STACK
+    XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+
+    return ret;
+#endif /* WOLFSSL_KEY_GEN */
+}
+
+/* return 1 if success, 0 if error
+ * input and output keys are little endian format
+ * priv is a buffer containing private and public part of key
+ */
+int wolfSSL_ED25519_sign(const unsigned char *msg, unsigned int msgSz,
+                         const unsigned char *priv, unsigned int privSz,
+                         unsigned char *sig, unsigned int *sigSz)
+{
+#ifndef WOLFSSL_KEY_GEN
+    WOLFSSL_MSG("No Key Gen built in");
+    return SSL_FAILURE;
+#else /* WOLFSSL_KEY_GEN */
+    ed25519_key key;
+    int ret = SSL_FAILURE;
+
+    WOLFSSL_ENTER("wolfSSL_ED25519_sign");
+
+    if (priv == NULL || privSz != ED25519_PRV_KEY_SIZE ||
+        msg == NULL || sig == NULL || *sigSz < ED25519_SIG_SIZE) {
+        WOLFSSL_MSG("Bad arguments");
+        return SSL_FAILURE;
+    }
+
+    /* import key */
+    if (wc_ed25519_init(&key) != MP_OKAY) {
+        WOLFSSL_MSG("wc_curve25519_init failed");
+        return ret;
+    }
+    if (wc_ed25519_import_private_key(priv, privSz/2,
+                                      priv+(privSz/2), ED25519_PUB_KEY_SIZE,
+                                      &key) != MP_OKAY){
+        WOLFSSL_MSG("wc_ed25519_import_private failed");
+        wc_ed25519_free(&key);
+        return ret;
+    }
+
+    if (wc_ed25519_sign_msg(msg, msgSz, sig, sigSz, &key) != MP_OKAY)
+        WOLFSSL_MSG("wc_curve25519_shared_secret_ex failed");
+    else
+        ret = SSL_SUCCESS;
+
+    wc_ed25519_free(&key);
+
+    return ret;
+#endif /* WOLFSSL_KEY_GEN */
+}
+
+/* return 1 if success, 0 if error
+ * input and output keys are little endian format
+ * pub is a buffer containing public part of key
+ */
+int wolfSSL_ED25519_verify(const unsigned char *msg, unsigned int msgSz,
+                           const unsigned char *pub, unsigned int pubSz,
+                           const unsigned char *sig, unsigned int sigSz)
+{
+#ifndef WOLFSSL_KEY_GEN
+    WOLFSSL_MSG("No Key Gen built in");
+    return SSL_FAILURE;
+#else /* WOLFSSL_KEY_GEN */
+    ed25519_key key;
+    int ret = SSL_FAILURE, check = 0;
+
+    WOLFSSL_ENTER("wolfSSL_ED25519_verify");
+
+    if (pub == NULL || pubSz != ED25519_PUB_KEY_SIZE ||
+        msg == NULL || sig == NULL || sigSz != ED25519_SIG_SIZE) {
+        WOLFSSL_MSG("Bad arguments");
+        return SSL_FAILURE;
+    }
+
+    /* import key */
+    if (wc_ed25519_init(&key) != MP_OKAY) {
+        WOLFSSL_MSG("wc_curve25519_init failed");
+        return ret;
+    }
+    if (wc_ed25519_import_public(pub, pubSz, &key) != MP_OKAY){
+        WOLFSSL_MSG("wc_ed25519_import_public failed");
+        wc_ed25519_free(&key);
+        return ret;
+    }
+
+    if ((ret = wc_ed25519_verify_msg((byte*)sig, sigSz, msg, msgSz,
+                                     &check, &key)) != MP_OKAY) {
+        WOLFSSL_MSG("wc_ed25519_verify_msg failed");
+        fprintf(stderr, "err code = %d, sigSz=%d, msgSz=%d\n", ret, sigSz, msgSz);
+    }
+    else if (!check)
+        WOLFSSL_MSG("wc_ed25519_verify_msg failed (signature invalid)");
+    else
+        ret = SSL_SUCCESS;
+
+    wc_ed25519_free(&key);
+
+    return ret;
+#endif /* WOLFSSL_KEY_GEN */
+}
+
+#endif /* OPENSSL_EXTRA && HAVE_ED25519 */
+
diff --git a/wolfcrypt/src/curve25519.c b/wolfcrypt/src/curve25519.c
index b745a046c..2380e371e 100644
--- a/wolfcrypt/src/curve25519.c
+++ b/wolfcrypt/src/curve25519.c
@@ -46,94 +46,96 @@ const curve25519_set_type curve25519_sets[] = {
 };
 
 
-
 int wc_curve25519_make_key(RNG* rng, int keysize, curve25519_key* key)
 {
-  unsigned char basepoint[CURVE25519_KEYSIZE] = {9};
-  unsigned char n[CURVE25519_KEYSIZE];
-  unsigned char p[CURVE25519_KEYSIZE];
-  int  i;
-  int  ret;
+    unsigned char basepoint[CURVE25519_KEYSIZE] = {9};
+    int  ret;
 
-  if (key == NULL || rng == NULL)
-      return ECC_BAD_ARG_E;
+    if (key == NULL || rng == NULL)
+        return BAD_FUNC_ARG;
 
-  /* currently only a key size of 32 bytes is used */
-  if (keysize != CURVE25519_KEYSIZE)
-      return ECC_BAD_ARG_E;
+    /* currently only a key size of 32 bytes is used */
+    if (keysize != CURVE25519_KEYSIZE)
+        return ECC_BAD_ARG_E;
 
-  /* get random number from RNG */
-  ret = wc_RNG_GenerateBlock(rng, n, keysize);
-  if (ret != 0)
-      return ret;
+    /* random number for private key */
+    ret = wc_RNG_GenerateBlock(rng, key->k.point, keysize);
+    if (ret != 0)
+        return ret;
 
-  for (i = 0; i < keysize; ++i) key->k.point[i] = n[i];
-  key->k.point[ 0] &= 248;
-  key->k.point[31] &= 127;
-  key->k.point[31] |= 64;
+    /* Clamp the private key */
+    key->k.point[0] &= 248;
+    key->k.point[CURVE25519_KEYSIZE-1] &= 63; /* same &=127 because |=64 after */
+    key->k.point[CURVE25519_KEYSIZE-1] |= 64;
 
-  /* compute public key */
-  ret = curve25519(p, key->k.point, basepoint);
+    /* compute public key */
+    ret = curve25519(key->p.point, key->k.point, basepoint);
+    if (ret != 0) {
+        ForceZero(key->k.point, keysize);
+        ForceZero(key->p.point, keysize);
+        return ret;
+    }
 
-  /* store keys in big endian format */
-  for (i = 0; i < keysize; ++i) n[i] = key->k.point[i];
-  for (i = 0; i < keysize; ++i) {
-      key->p.point[keysize - i - 1] = p[i];
-      key->k.point[keysize - i - 1] = n[i];
-  }
-
-  ForceZero(n, keysize);
-  ForceZero(p, keysize);
-
-  return ret;
+    return ret;
 }
 
-
 int wc_curve25519_shared_secret(curve25519_key* private_key,
                                 curve25519_key* public_key,
                                 byte* out, word32* outlen)
 {
-    unsigned char k[CURVE25519_KEYSIZE];
-    unsigned char p[CURVE25519_KEYSIZE];
+    return wc_curve25519_shared_secret_ex(private_key, public_key,
+                                          out, outlen, EC25519_BIG_ENDIAN);
+}
+
+int wc_curve25519_shared_secret_ex(curve25519_key* private_key,
+                                   curve25519_key* public_key,
+                                   byte* out, word32* outlen, int endian)
+{
     unsigned char o[CURVE25519_KEYSIZE];
     int ret = 0;
-    int i;
 
     /* sanity check */
-    if (private_key == NULL || public_key == NULL || out == NULL ||
-            outlen == NULL)
+    if (private_key == NULL || public_key == NULL ||
+        out == NULL || outlen == NULL || *outlen < CURVE25519_KEYSIZE)
         return BAD_FUNC_ARG;
 
     /* avoid implementation fingerprinting */
-    if (public_key->p.point[0] > 0x7F)
+    if (public_key->p.point[CURVE25519_KEYSIZE-1] > 0x7F)
         return ECC_BAD_ARG_E;
 
-    XMEMSET(p,   0, sizeof(p));
-    XMEMSET(k,   0, sizeof(k));
-    XMEMSET(out, 0, CURVE25519_KEYSIZE);
-
-    for (i = 0; i < CURVE25519_KEYSIZE; ++i) {
-        p[i] = public_key->p.point [CURVE25519_KEYSIZE - i - 1];
-        k[i] = private_key->k.point[CURVE25519_KEYSIZE - i - 1];
+    ret = curve25519(o, private_key->k.point, public_key->p.point);
+    if (ret != 0) {
+        ForceZero(o, CURVE25519_KEYSIZE);
+        return ret;
     }
 
-    ret     = curve25519(o , k, p);
+    if (endian == EC25519_BIG_ENDIAN) {
+        int i;
+        /* put shared secret key in Big Endian format */
+        for (i = 0; i < CURVE25519_KEYSIZE; i++)
+            out[i] = o[CURVE25519_KEYSIZE - i -1];
+    }
+    else /* put shared secret key in Little Endian format */
+        XMEMCPY(out, o, CURVE25519_KEYSIZE);
+
     *outlen = CURVE25519_KEYSIZE;
 
-    for (i = 0; i < CURVE25519_KEYSIZE; ++i) {
-        out[i] = o[CURVE25519_KEYSIZE - i -1];
-    }
-
-    ForceZero(p, sizeof(p));
-    ForceZero(k, sizeof(k));
     ForceZero(o, sizeof(o));
 
     return ret;
 }
 
-
-/* curve25519 uses a serialized string for key representation */
+/* export curve25519 public key (Big endian)
+ * return 0 on success */
 int wc_curve25519_export_public(curve25519_key* key, byte* out, word32* outLen)
+{
+    return wc_curve25519_export_public_ex(key, out, outLen, EC25519_BIG_ENDIAN);
+}
+
+/* export curve25519 public key (Big or Little endian)
+ * return 0 on success */
+int wc_curve25519_export_public_ex(curve25519_key* key, byte* out,
+                                   word32* outLen, int endian)
 {
     word32 keySz;
 
@@ -143,30 +145,59 @@ int wc_curve25519_export_public(curve25519_key* key, byte* out, word32* outLen)
     /* check size of outgoing key */
     keySz  = wc_curve25519_size(key);
 
-    /* copy in public key */
-    XMEMCPY(out, key->p.point, keySz);
+    /* check and set outgoing key size */
+    if (*outLen < keySz) {
+        *outLen = keySz;
+        return ECC_BAD_ARG_E;
+    }
     *outLen = keySz;
 
+    if (endian == EC25519_BIG_ENDIAN) {
+        int i;
+
+        /* read keys in Big Endian format */
+        for (i = 0; i < CURVE25519_KEYSIZE; i++)
+            out[i] = key->p.point[CURVE25519_KEYSIZE - i - 1];
+    }
+    else
+        XMEMCPY(out, key->p.point, keySz);
+
     return 0;
 }
 
-/* import curve25519 public key
-   return 0 on success */
+/* import curve25519 public key (Big endian)
+ *  return 0 on success */
 int wc_curve25519_import_public(const byte* in, word32 inLen,
                                 curve25519_key* key)
+{
+    return wc_curve25519_import_public_ex(in, inLen, key, EC25519_BIG_ENDIAN);
+}
+
+/* import curve25519 public key (Big or Little endian)
+ * return 0 on success */
+int wc_curve25519_import_public_ex(const byte* in, word32 inLen,
+                                curve25519_key* key, int endian)
 {
     word32 keySz;
 
     /* sanity check */
     if (key == NULL || in == NULL)
-        return ECC_BAD_ARG_E;
+        return BAD_FUNC_ARG;
 
     /* check size of incoming keys */
     keySz = wc_curve25519_size(key);
     if (inLen != keySz)
        return ECC_BAD_ARG_E;
 
-    XMEMCPY(key->p.point, in, inLen);
+    if (endian == EC25519_BIG_ENDIAN) {
+        int i;
+
+        /* read keys in Big Endian format */
+        for (i = 0; i < CURVE25519_KEYSIZE; i++)
+            key->p.point[i] = in[CURVE25519_KEYSIZE - i - 1];
+    }
+    else
+        XMEMCPY(key->p.point, in, inLen);
 
     key->dp = &curve25519_sets[0];
 
@@ -174,63 +205,159 @@ int wc_curve25519_import_public(const byte* in, word32 inLen,
 }
 
 
-/* export curve25519 private key only raw, outLen is in/out size
-   return 0 on success */
+/* export curve25519 private key only raw (Big endian)
+ * outLen is in/out size
+ * return 0 on success */
 int wc_curve25519_export_private_raw(curve25519_key* key, byte* out,
                                      word32* outLen)
+{
+    return wc_curve25519_export_private_raw_ex(key, out, outLen,
+                                               EC25519_BIG_ENDIAN);
+}
+
+/* export curve25519 private key only raw (Big or Little endian)
+ * outLen is in/out size
+ * return 0 on success */
+int wc_curve25519_export_private_raw_ex(curve25519_key* key, byte* out,
+                                        word32* outLen, int endian)
 {
     word32 keySz;
 
     /* sanity check */
     if (key == NULL || out == NULL || outLen == NULL)
-        return ECC_BAD_ARG_E;
+        return BAD_FUNC_ARG;
 
+    /* check size of outgoing buffer */
     keySz = wc_curve25519_size(key);
+    if (*outLen < keySz) {
+        *outLen = keySz;
+        return ECC_BAD_ARG_E;
+    }
     *outLen = keySz;
-    XMEMSET(out, 0, keySz);
-    XMEMCPY(out, key->k.point, keySz);
+
+    if (endian == EC25519_BIG_ENDIAN) {
+        int i;
+
+        /* put the key in Big Endian format */
+        for (i = 0; i < CURVE25519_KEYSIZE; i++)
+            out[i] = key->k.point[CURVE25519_KEYSIZE - i - 1];
+    }
+    else
+        XMEMCPY(out, key->k.point, keySz);
 
     return 0;
 }
 
-
-/* curve25519 private key import.
-   Public key to match private key needs to be imported too */
-int wc_curve25519_import_private_raw(const byte* priv, word32 privSz,
-                             const byte* pub, word32 pubSz, curve25519_key* key)
+/* curve25519 key pair export (Big or Little endian)
+ * return 0 on success */
+int wc_curve25519_export_key_raw(curve25519_key* key,
+                                 byte* priv, word32 *privSz,
+                                 byte* pub, word32 *pubSz)
 {
-    int ret = 0;
-    word32 keySz;
+    return wc_curve25519_export_key_raw_ex(key, priv, privSz,
+                                           pub, pubSz, EC25519_BIG_ENDIAN);
+}
 
-    /* sanity check */
-    if (key == NULL || priv == NULL || pub == NULL)
-        return ECC_BAD_ARG_E;
+/* curve25519 key pair export (Big or Little endian)
+ * return 0 on success */
+int wc_curve25519_export_key_raw_ex(curve25519_key* key,
+                                    byte* priv, word32 *privSz,
+                                    byte* pub, word32 *pubSz,
+                                    int endian)
+{
+    int ret;
 
-    /* check size of incoming keys */
-    keySz = wc_curve25519_size(key);
-    if (privSz != keySz || pubSz != keySz)
-       return ECC_BAD_ARG_E;
+    /* export private part */
+    ret = wc_curve25519_export_private_raw_ex(key, priv, privSz, endian);
+    if (ret != 0)
+        return ret;
 
-    XMEMCPY(key->k.point, priv, privSz);
-    XMEMCPY(key->p.point, pub, pubSz);
-
-    return ret;
+    /* export public part */
+    return wc_curve25519_export_public_ex(key, pub, pubSz, endian);
 }
 
 
+/* curve25519 private key import (Big endian)
+ * Public key to match private key needs to be imported too
+ * return 0 on success */
+int wc_curve25519_import_private_raw(const byte* priv, word32 privSz,
+                                     const byte* pub, word32 pubSz,
+                                     curve25519_key* key)
+{
+    return wc_curve25519_import_private_raw_ex(priv, privSz, pub, pubSz,
+                                               key, EC25519_BIG_ENDIAN);
+}
+
+/* curve25519 private key import (Big or Little endian)
+ * Public key to match private key needs to be imported too
+ * return 0 on success */
+int wc_curve25519_import_private_raw_ex(const byte* priv, word32 privSz,
+                                        const byte* pub, word32 pubSz,
+                                        curve25519_key* key, int endian)
+{
+    int ret;
+
+    /* import private part */
+    ret = wc_curve25519_import_private_ex(priv, privSz, key, endian);
+    if (ret != 0)
+        return ret;
+
+    /* import public part */
+    return wc_curve25519_import_public_ex(pub, pubSz, key, endian);
+}
+
+/* curve25519 private key import only. (Big endian)
+ * return 0 on success */
+int wc_curve25519_import_private(const byte* priv, word32 privSz,
+                                 curve25519_key* key)
+{
+    return wc_curve25519_import_private_ex(priv, privSz,
+                                           key, EC25519_BIG_ENDIAN);
+}
+
+/* curve25519 private key import only. (Big or Little endian)
+ * return 0 on success */
+int wc_curve25519_import_private_ex(const byte* priv, word32 privSz,
+                                    curve25519_key* key, int endian)
+{
+    /* sanity check */
+    if (key == NULL || priv == NULL)
+        return BAD_FUNC_ARG;
+
+    /* check size of incoming keys */
+    if ((int)privSz != wc_curve25519_size(key))
+        return ECC_BAD_ARG_E;
+
+    if (endian == EC25519_BIG_ENDIAN) {
+        int i;
+
+        /* read the key in Big Endian format */
+        for (i = 0; i < CURVE25519_KEYSIZE; i++)
+            key->k.point[i] = priv[CURVE25519_KEYSIZE - i - 1];
+    }
+    else
+        XMEMCPY(key->k.point, priv, privSz);
+
+    key->dp = &curve25519_sets[0];
+
+    /* Clamp the key */
+    key->k.point[0] &= 248;
+    key->k.point[privSz-1] &= 63; /* same &=127 because |=64 after */
+    key->k.point[privSz-1] |= 64;
+
+    return 0;
+}
+
 int wc_curve25519_init(curve25519_key* key)
 {
-    word32 keySz;
-
     if (key == NULL)
-       return ECC_BAD_ARG_E;
+       return BAD_FUNC_ARG;
 
     /* currently the format for curve25519 */
     key->dp = &curve25519_sets[0];
-    keySz   = key->dp->size;
 
-    XMEMSET(key->k.point, 0, keySz);
-    XMEMSET(key->p.point, 0, keySz);
+    XMEMSET(key->k.point, 0, key->dp->size);
+    XMEMSET(key->p.point, 0, key->dp->size);
 
     return 0;
 }
@@ -251,7 +378,8 @@ void wc_curve25519_free(curve25519_key* key)
 /* get key size */
 int wc_curve25519_size(curve25519_key* key)
 {
-    if (key == NULL) return 0;
+    if (key == NULL)
+        return 0;
 
     return key->dp->size;
 }
diff --git a/wolfcrypt/src/ed25519.c b/wolfcrypt/src/ed25519.c
index b6f6434b4..7ddfc3af2 100644
--- a/wolfcrypt/src/ed25519.c
+++ b/wolfcrypt/src/ed25519.c
@@ -39,14 +39,12 @@
     #include <wolfcrypt/src/misc.c>
 #endif
 
-
-/*
-    generate an ed25519 key pair.
-    returns 0 on success
+/* generate an ed25519 key pair.
+ * returns 0 on success
  */
 int wc_ed25519_make_key(RNG* rng, int keySz, ed25519_key* key)
 {
-    byte  az[64];
+    byte  az[ED25519_PRV_KEY_SIZE];
     int   ret;
     ge_p3 A;
 
@@ -57,16 +55,25 @@ int wc_ed25519_make_key(RNG* rng, int keySz, ed25519_key* key)
     if (keySz != ED25519_KEY_SIZE)
         return BAD_FUNC_ARG;
 
-    ret = 0;
-    ret |= wc_RNG_GenerateBlock(rng, key->k, 32);
-    ret |= wc_Sha512Hash(key->k, 32, az);
-    az[0] &= 248;
-    az[31] &= 63;
+    ret  = wc_RNG_GenerateBlock(rng, key->k, ED25519_KEY_SIZE);
+    if (ret != 0)
+        return ret;
+    ret = wc_Sha512Hash(key->k, ED25519_KEY_SIZE, az);
+    if (ret != 0) {
+        ForceZero(key->k, ED25519_KEY_SIZE);
+        return ret;
+    }
+
+    /* apply clamp */
+    az[0]  &= 248;
+    az[31] &= 63; /* same than az[31] &= 127 because of az[31] |= 64 */
     az[31] |= 64;
 
     ge_scalarmult_base(&A, az);
     ge_p3_tobytes(key->p, &A);
-    XMEMMOVE(key->k + 32, key->p, 32);
+
+    /* put public key after private key, on the same buffer */
+    XMEMMOVE(key->k + ED25519_KEY_SIZE, key->p, ED25519_PUB_KEY_SIZE);
 
     return ret;
 }
@@ -76,43 +83,54 @@ int wc_ed25519_make_key(RNG* rng, int keySz, ed25519_key* key)
     in     contains the message to sign
     inlen  is the length of the message to sign
     out    is the buffer to write the signature
-    outlen [in/out] input size of out buf
-                    output gets set as the final length of out
+    outLen [in/out] input size of out buf
+                     output gets set as the final length of out
     key    is the ed25519 key to use when signing
     return 0 on success
  */
 int wc_ed25519_sign_msg(const byte* in, word32 inlen, byte* out,
-                        word32 *outlen, ed25519_key* key)
+                        word32 *outLen, ed25519_key* key)
 {
     ge_p3  R;
     byte   nonce[SHA512_DIGEST_SIZE];
     byte   hram[SHA512_DIGEST_SIZE];
-    byte   az[64];
-    word32 sigSz;
+    byte   az[ED25519_PRV_KEY_SIZE];
     Sha512 sha;
-    int    ret = 0;
+    int    ret;
 
     /* sanity check on arguments */
-    if (in == NULL || out == NULL || outlen == NULL || key == NULL)
+    if (in == NULL || out == NULL || outLen == NULL || key == NULL)
         return BAD_FUNC_ARG;
 
     /* check and set up out length */
-    ret   = 0;
-    sigSz = wc_ed25519_sig_size(key);
-    if (*outlen < sigSz)
-        return BAD_FUNC_ARG;
-    *outlen = sigSz;
+    if (*outLen < ED25519_SIG_SIZE) {
+        *outLen = ED25519_SIG_SIZE;
+        return BUFFER_E;
+    }
+    *outLen = ED25519_SIG_SIZE;
 
     /* step 1: create nonce to use where nonce is r in
        r = H(h_b, ... ,h_2b-1,M) */
-    ret |= wc_Sha512Hash(key->k,32,az);
+    ret = wc_Sha512Hash(key->k, ED25519_KEY_SIZE, az);
+
+    /* apply clamp */
     az[0]  &= 248;
-    az[31] &= 63;
+    az[31] &= 63; /* same than az[31] &= 127 because of az[31] |= 64 */
     az[31] |= 64;
-    ret |= wc_InitSha512(&sha);
-    ret |= wc_Sha512Update(&sha, az + 32, 32);
-    ret |= wc_Sha512Update(&sha, in, inlen);
-    ret |= wc_Sha512Final(&sha, nonce);
+
+    ret = wc_InitSha512(&sha);
+    if (ret != 0)
+        return ret;
+    ret = wc_Sha512Update(&sha, az + ED25519_KEY_SIZE, ED25519_KEY_SIZE);
+    if (ret != 0)
+        return ret;
+    ret = wc_Sha512Update(&sha, in, inlen);
+    if (ret != 0)
+        return ret;
+    ret = wc_Sha512Final(&sha, nonce);
+    if (ret != 0)
+        return ret;
+    
     sc_reduce(nonce);
 
     /* step 2: computing R = rB where rB is the scalar multiplication of
@@ -122,13 +140,24 @@ int wc_ed25519_sign_msg(const byte* in, word32 inlen, byte* out,
 
     /* step 3: hash R + public key + message getting H(R,A,M) then
        creating S = (r + H(R,A,M)a) mod l */
-    ret |= wc_InitSha512(&sha);
-    ret |= wc_Sha512Update(&sha, out, 32);
-    ret |= wc_Sha512Update(&sha, key->p, 32);
-    ret |= wc_Sha512Update(&sha, in, inlen);
-    ret |= wc_Sha512Final(&sha, hram);
+    ret = wc_InitSha512(&sha);
+    if (ret != 0)
+        return ret;
+    ret = wc_Sha512Update(&sha, out, ED25519_SIG_SIZE/2);
+    if (ret != 0)
+        return ret;
+    ret = wc_Sha512Update(&sha, key->p, ED25519_PUB_KEY_SIZE);
+    if (ret != 0)
+        return ret;
+    ret = wc_Sha512Update(&sha, in, inlen);
+    if (ret != 0)
+        return ret;
+    ret = wc_Sha512Final(&sha, hram);
+    if (ret != 0)
+        return ret;
+
     sc_reduce(hram);
-    sc_muladd(out + 32, hram, az, nonce);
+    sc_muladd(out + (ED25519_SIG_SIZE/2), hram, az, nonce);
 
     return ret;
 }
@@ -144,11 +173,10 @@ int wc_ed25519_sign_msg(const byte* in, word32 inlen, byte* out,
 int wc_ed25519_verify_msg(byte* sig, word32 siglen, const byte* msg,
                           word32 msglen, int* stat, ed25519_key* key)
 {
-    byte   rcheck[32];
+    byte   rcheck[ED25519_KEY_SIZE];
     byte   h[SHA512_DIGEST_SIZE];
     ge_p3  A;
     ge_p2  R;
-    word32 sigSz;
     int    ret;
     Sha512 sha;
 
@@ -156,14 +184,11 @@ int wc_ed25519_verify_msg(byte* sig, word32 siglen, const byte* msg,
     if (sig == NULL || msg == NULL || stat == NULL || key == NULL)
         return BAD_FUNC_ARG;
 
-    ret   = 0;
+    /* set verification failed by default */
     *stat = 0;
-    sigSz = wc_ed25519_size(key);
 
     /* check on basics needed to verify signature */
-    if (siglen < sigSz)
-        return BAD_FUNC_ARG;
-    if (sig[63] & 224)
+    if (siglen < ED25519_SIG_SIZE || (sig[ED25519_SIG_SIZE-1] & 224))
         return BAD_FUNC_ARG;
 
     /* uncompress A (public key), test if valid, and negate it */
@@ -171,24 +196,41 @@ int wc_ed25519_verify_msg(byte* sig, word32 siglen, const byte* msg,
         return BAD_FUNC_ARG;
 
     /* find H(R,A,M) and store it as h */
-    ret |= wc_InitSha512(&sha);
-    ret |= wc_Sha512Update(&sha, sig,    32);
-    ret |= wc_Sha512Update(&sha, key->p, 32);
-    ret |= wc_Sha512Update(&sha, msg,    msglen);
-    ret |= wc_Sha512Final(&sha,  h);
+    ret  = wc_InitSha512(&sha);
+    if (ret != 0)
+        return ret;
+    ret = wc_Sha512Update(&sha, sig,    ED25519_SIG_SIZE/2);
+    if (ret != 0)
+        return ret;
+    ret = wc_Sha512Update(&sha, key->p, ED25519_PUB_KEY_SIZE);
+    if (ret != 0)
+        return ret;
+    ret = wc_Sha512Update(&sha, msg,    msglen);
+    if (ret != 0)
+        return ret;
+    ret = wc_Sha512Final(&sha,  h);
+    if (ret != 0)
+        return ret;
+
     sc_reduce(h);
 
     /*
        Uses a fast single-signature verification SB = R + H(R,A,M)A becomes
        SB - H(R,A,M)A saving decompression of R
     */
-    ret |= ge_double_scalarmult_vartime(&R, h, &A, sig + 32);
+    ret = ge_double_scalarmult_vartime(&R, h, &A, sig + (ED25519_SIG_SIZE/2));
+    if (ret != 0)
+        return ret;
+
     ge_tobytes(rcheck, &R);
 
     /* comparison of R created to R in sig */
-    ret  |= ConstantCompare(rcheck, sig, 32);
+    ret = ConstantCompare(rcheck, sig, ED25519_SIG_SIZE/2);
+    if (ret != 0)
+        return ret;
 
-    *stat = (ret == 0)? 1: 0;
+    /* set the verification status */
+    *stat = 1;
 
     return ret;
 }
@@ -223,19 +265,17 @@ void wc_ed25519_free(ed25519_key* key)
  */
 int wc_ed25519_export_public(ed25519_key* key, byte* out, word32* outLen)
 {
-    word32 keySz;
-
     /* sanity check on arguments */
     if (key == NULL || out == NULL || outLen == NULL)
         return BAD_FUNC_ARG;
 
-    keySz = wc_ed25519_size(key);
-    if (*outLen < keySz) {
-        *outLen = keySz;
+    if (*outLen < ED25519_PUB_KEY_SIZE) {
+        *outLen = ED25519_PUB_KEY_SIZE;
         return BUFFER_E;
     }
-    *outLen = keySz;
-    XMEMCPY(out, key->p, keySz);
+
+    *outLen = ED25519_PUB_KEY_SIZE;
+    XMEMCPY(out, key->p, ED25519_PUB_KEY_SIZE);
 
     return 0;
 }
@@ -249,37 +289,35 @@ int wc_ed25519_export_public(ed25519_key* key, byte* out, word32* outLen)
  */
 int wc_ed25519_import_public(const byte* in, word32 inLen, ed25519_key* key)
 {
-    word32 keySz;
     int    ret;
 
     /* sanity check on arguments */
     if (in == NULL || key == NULL)
         return BAD_FUNC_ARG;
 
-    keySz = wc_ed25519_size(key);
-
-    if (inLen < keySz)
+    if (inLen < ED25519_PUB_KEY_SIZE)
         return BAD_FUNC_ARG;
 
     /* compressed prefix according to draft
        http://www.ietf.org/id/draft-koch-eddsa-for-openpgp-02.txt */
-    if (in[0] == 0x40) {
+    if (in[0] == 0x40 && inLen > ED25519_PUB_KEY_SIZE) {
         /* key is stored in compressed format so just copy in */
-        XMEMCPY(key->p, (in + 1), keySz);
+        XMEMCPY(key->p, (in + 1), ED25519_PUB_KEY_SIZE);
         return 0;
     }
 
     /* importing uncompressed public key */
-    if (in[0] == 0x04) {
+    if (in[0] == 0x04 && inLen > 2*ED25519_PUB_KEY_SIZE) {
         /* pass in (x,y) and store compressed key */
-        ret = ge_compress_key(key->p, (in+1), (in+1+keySz), keySz);
+        ret = ge_compress_key(key->p, in+1,
+                              in+1+ED25519_PUB_KEY_SIZE, ED25519_PUB_KEY_SIZE);
         return ret;
     }
 
     /* if not specified compressed or uncompressed check key size
        if key size is equal to compressed key size copy in key */
-    if (inLen == keySz) {
-        XMEMCPY(key->p, in, keySz);
+    if (inLen == ED25519_PUB_KEY_SIZE) {
+        XMEMCPY(key->p, in, ED25519_PUB_KEY_SIZE);
         return 0;
     }
 
@@ -294,77 +332,129 @@ int wc_ed25519_import_public(const byte* in, word32 inLen, ed25519_key* key)
 int wc_ed25519_import_private_key(const byte* priv, word32 privSz,
                                 const byte* pub, word32 pubSz, ed25519_key* key)
 {
-    word32 keySz;
     int    ret;
 
     /* sanity check on arguments */
     if (priv == NULL || pub == NULL || key == NULL)
         return BAD_FUNC_ARG;
 
-    keySz = wc_ed25519_size(key);
-
     /* key size check */
-    if (privSz < keySz || pubSz < keySz)
+    if (privSz < ED25519_KEY_SIZE || pubSz < ED25519_PUB_KEY_SIZE)
         return BAD_FUNC_ARG;
 
-    XMEMCPY(key->k, priv, keySz);
+    /* import public key */
     ret = wc_ed25519_import_public(pub, pubSz, key);
-    XMEMCPY((key->k + keySz), key->p, keySz);
+    if (ret != 0)
+        return ret;
+
+    /* make the private key (priv + pub) */
+    XMEMCPY(key->k, priv, ED25519_KEY_SIZE);
+    XMEMCPY(key->k + ED25519_KEY_SIZE, key->p, ED25519_PUB_KEY_SIZE);
 
     return ret;
 }
 
 
 /*
-    outLen should contain the size of out buffer when input. outLen is than set
-    to the final output length.
-    returns 0 on success
+ export private key only (secret part so 32 bytes)
+ outLen should contain the size of out buffer when input. outLen is than set
+ to the final output length.
+ returns 0 on success
  */
 int wc_ed25519_export_private_only(ed25519_key* key, byte* out, word32* outLen)
 {
-    word32 keySz;
-
     /* sanity checks on arguments */
     if (key == NULL || out == NULL || outLen == NULL)
         return BAD_FUNC_ARG;
 
-    keySz = wc_ed25519_size(key);
-    if (*outLen < keySz) {
-        *outLen = keySz;
+    if (*outLen < ED25519_KEY_SIZE) {
+        *outLen = ED25519_KEY_SIZE;
         return BUFFER_E;
     }
-    *outLen = keySz;
-    XMEMCPY(out, key->k, keySz);
+
+    *outLen = ED25519_KEY_SIZE;
+    XMEMCPY(out, key->k, ED25519_KEY_SIZE);
 
     return 0;
 }
 
+/*
+ export private key, including public part
+ outLen should contain the size of out buffer when input. outLen is than set
+ to the final output length.
+ returns 0 on success
+ */
+int wc_ed25519_export_private(ed25519_key* key, byte* out, word32* outLen)
+{
+    /* sanity checks on arguments */
+    if (key == NULL || out == NULL || outLen == NULL)
+        return BAD_FUNC_ARG;
 
-/* is the compressed key size in bytes */
+    if (*outLen < ED25519_PRV_KEY_SIZE) {
+        *outLen = ED25519_PRV_KEY_SIZE;
+        return BUFFER_E;
+    }
+
+    *outLen = ED25519_PRV_KEY_SIZE;
+    XMEMCPY(out, key->k, ED25519_PRV_KEY_SIZE);
+
+    return 0;
+}
+
+/* export full private key and public key
+   return 0 on success
+ */
+int wc_ed25519_export_key(ed25519_key* key,
+                          byte* priv, word32 *privSz,
+                          byte* pub, word32 *pubSz)
+{
+    int ret;
+
+    /* export 'full' private part */
+    ret = wc_ed25519_export_private(key, priv, privSz);
+    if (ret != 0)
+        return ret;
+
+    /* export public part */
+    ret = wc_ed25519_export_public(key, pub, pubSz);
+
+    return ret;
+}
+
+/* returns the private key size (secret only) in bytes */
 int wc_ed25519_size(ed25519_key* key)
 {
-    word32 keySz;
-
     if (key == NULL)
         return BAD_FUNC_ARG;
 
-    keySz = ED25519_KEY_SIZE;
-
-    return keySz;
+    return ED25519_KEY_SIZE;
 }
 
+/* returns the private key size (secret + public) in bytes */
+int wc_ed25519_priv_size(ed25519_key* key)
+{
+    if (key == NULL)
+        return BAD_FUNC_ARG;
+
+    return ED25519_PRV_KEY_SIZE;
+}
+
+/* returns the compressed key size in bytes (public key) */
+int wc_ed25519_pub_size(ed25519_key* key)
+{
+    if (key == NULL)
+        return BAD_FUNC_ARG;
+
+    return ED25519_PUB_KEY_SIZE;
+}
 
 /* returns the size of signature in bytes */
 int wc_ed25519_sig_size(ed25519_key* key)
 {
-    word32 sigSz;
-
     if (key == NULL)
         return BAD_FUNC_ARG;
 
-    sigSz = ED25519_SIG_SIZE;
-
-    return sigSz;
+    return ED25519_SIG_SIZE;
 }
 
 #endif /* HAVE_ED25519 */
diff --git a/wolfcrypt/src/fe_operations.c b/wolfcrypt/src/fe_operations.c
index da07c951c..d78467e21 100644
--- a/wolfcrypt/src/fe_operations.c
+++ b/wolfcrypt/src/fe_operations.c
@@ -107,8 +107,9 @@ void fe_0(fe h)
 
 int curve25519(byte* q, byte* n, byte* p)
 {
+#if 0
   unsigned char e[32];
-  unsigned int i;
+#endif
   fe x1;
   fe x2;
   fe z2;
@@ -120,10 +121,16 @@ int curve25519(byte* q, byte* n, byte* p)
   unsigned int swap;
   unsigned int b;
 
-  for (i = 0;i < 32;++i) e[i] = n[i];
-  e[0] &= 248;
-  e[31] &= 127;
-  e[31] |= 64;
+  /* Clamp already done during key generation and import */
+#if 0
+  {
+    unsigned int i;
+    for (i = 0;i < 32;++i) e[i] = n[i];
+    e[0] &= 248;
+    e[31] &= 127;
+    e[31] |= 64;
+  }
+#endif
 
   fe_frombytes(x1,p);
   fe_1(x2);
@@ -133,7 +140,11 @@ int curve25519(byte* q, byte* n, byte* p)
 
   swap = 0;
   for (pos = 254;pos >= 0;--pos) {
+#if 0
     b = e[pos / 8] >> (pos & 7);
+#else
+    b = n[pos / 8] >> (pos & 7);
+#endif
     b &= 1;
     swap ^= b;
     fe_cswap(x2,x3,swap);
diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c
index f85ee6373..6f26c9d06 100644
--- a/wolfcrypt/test/test.c
+++ b/wolfcrypt/test/test.c
@@ -5514,6 +5514,27 @@ int curve25519_test(void)
     if (XMEMCMP(ss, sharedB, y))
         return -1017;
 
+    /* test with 1 generated key and 1 from known test vector */
+    if (wc_curve25519_import_private_raw(sa, sizeof(sa), pa, sizeof(pa), &userA)
+        != 0)
+        return -1018;
+
+    if (wc_curve25519_make_key(&rng, 32, &userB) != 0)
+        return -1019;
+
+    if (wc_curve25519_shared_secret(&userA, &userB, sharedA, &x) != 0)
+        return -1020;
+
+    if (wc_curve25519_shared_secret(&userB, &userA, sharedB, &y) != 0)
+        return -1021;
+
+    /* compare shared secret keys to test they are the same */
+    if (y != x)
+        return -1022;
+
+    if (XMEMCMP(sharedA, sharedB, x))
+        return -1023;
+
     /* clean up keys when done */
     wc_curve25519_free(&pubKey);
     wc_curve25519_free(&userB);
diff --git a/wolfssl/openssl/ec25519.h b/wolfssl/openssl/ec25519.h
new file mode 100644
index 000000000..9ae255c6d
--- /dev/null
+++ b/wolfssl/openssl/ec25519.h
@@ -0,0 +1,23 @@
+/* ec25519.h */
+
+#ifndef WOLFSSL_EC25519_H_
+#define WOLFSSL_EC25519_H_
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+WOLFSSL_API
+int wolfSSL_EC25519_generate_key(unsigned char *priv, unsigned int *privSz,
+                                 unsigned char *pub, unsigned int *pubSz);
+
+WOLFSSL_API
+int wolfSSL_EC25519_shared_key(unsigned char *shared, unsigned int *sharedSz,
+                               const unsigned char *priv, unsigned int privSz,
+                               const unsigned char *pub, unsigned int pubSz);
+
+#ifdef __cplusplus
+}  /* extern "C" */
+#endif
+
+#endif /* header */
diff --git a/wolfssl/openssl/ed25519.h b/wolfssl/openssl/ed25519.h
new file mode 100644
index 000000000..8244555df
--- /dev/null
+++ b/wolfssl/openssl/ed25519.h
@@ -0,0 +1,26 @@
+/* ed25519.h */
+
+#ifndef WOLFSSL_ED25519_H_
+#define WOLFSSL_ED25519_H_
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+WOLFSSL_API
+int wolfSSL_ED25519_generate_key(unsigned char *priv, unsigned int *privSz,
+                                 unsigned char *pub, unsigned int *pubSz);
+WOLFSSL_API
+int wolfSSL_ED25519_sign(const unsigned char *msg, unsigned int msgSz,
+                         const unsigned char *priv, unsigned int privSz,
+                         unsigned char *sig, unsigned int *sigSz);
+WOLFSSL_API
+int wolfSSL_ED25519_verify(const unsigned char *msg, unsigned int msgSz,
+                           const unsigned char *pub, unsigned int pubSz,
+                           const unsigned char *sig, unsigned int sigSz);
+
+#ifdef __cplusplus
+}  /* extern "C" */
+#endif
+
+#endif /* header */
diff --git a/wolfssl/openssl/include.am b/wolfssl/openssl/include.am
index 9d415962f..21d99ef00 100644
--- a/wolfssl/openssl/include.am
+++ b/wolfssl/openssl/include.am
@@ -13,6 +13,8 @@ nobase_include_HEADERS+= \
                          wolfssl/openssl/ecdsa.h \
                          wolfssl/openssl/ecdh.h \
                          wolfssl/openssl/ec.h \
+                         wolfssl/openssl/ec25519.h \
+                         wolfssl/openssl/ed25519.h \
                          wolfssl/openssl/engine.h \
                          wolfssl/openssl/err.h \
                          wolfssl/openssl/evp.h \
diff --git a/wolfssl/openssl/pem.h b/wolfssl/openssl/pem.h
index 7da6074a9..f21525818 100644
--- a/wolfssl/openssl/pem.h
+++ b/wolfssl/openssl/pem.h
@@ -28,7 +28,7 @@ int wolfSSL_PEM_write_RSAPrivateKey(FILE *fp, WOLFSSL_RSA *rsa,
 WOLFSSL_API
 int wolfSSL_PEM_write_mem_RSAPrivateKey(RSA* rsa, const EVP_CIPHER* cipher,
                                         unsigned char* passwd, int len,
-                                        byte **pem, int *plen);
+                                        unsigned char **pem, int *plen);
 WOLFSSL_API
 WOLFSSL_RSA *wolfSSL_PEM_read_RSAPublicKey(FILE *fp, WOLFSSL_RSA **x,
                                            pem_password_cb *cb, void *u);
@@ -54,7 +54,7 @@ WOLFSSL_API
 int wolfSSL_PEM_write_mem_DSAPrivateKey(WOLFSSL_DSA* dsa,
                                         const EVP_CIPHER* cipher,
                                         unsigned char* passwd, int len,
-                                        byte **pem, int *plen);
+                                        unsigned char **pem, int *plen);
 WOLFSSL_API
 int wolfSSL_PEM_write_DSA_PUBKEY(FILE *fp, WOLFSSL_DSA *x);
 
@@ -73,7 +73,7 @@ WOLFSSL_API
 int wolfSSL_PEM_write_mem_ECPrivateKey(WOLFSSL_EC_KEY* key,
                                        const EVP_CIPHER* cipher,
                                        unsigned char* passwd, int len,
-                                       byte **pem, int *plen);
+                                       unsigned char **pem, int *plen);
 WOLFSSL_API
 int wolfSSL_PEM_write_EC_PUBKEY(FILE *fp, WOLFSSL_EC_KEY *key);
 
diff --git a/wolfssl/wolfcrypt/curve25519.h b/wolfssl/wolfcrypt/curve25519.h
index 11715775f..ae795baca 100644
--- a/wolfssl/wolfcrypt/curve25519.h
+++ b/wolfssl/wolfcrypt/curve25519.h
@@ -42,7 +42,8 @@ typedef struct {
 } curve25519_set_type;
 
 
-/* ECC point */
+/* ECC point, the internal structure is Little endian
+ * the mathematical functions used the endianess */
 typedef struct {
     byte point[CURVE25519_KEYSIZE];
 }ECPoint;
@@ -58,6 +59,11 @@ typedef struct {
     ECPoint   k;        /* private key */
 } curve25519_key;
 
+enum {
+    EC25519_LITTLE_ENDIAN=0,
+    EC25519_BIG_ENDIAN=1
+};
+
 WOLFSSL_API
 int wc_curve25519_make_key(RNG* rng, int keysize, curve25519_key* key);
 
@@ -66,6 +72,11 @@ int wc_curve25519_shared_secret(curve25519_key* private_key,
                                 curve25519_key* public_key,
                                 byte* out, word32* outlen);
 
+WOLFSSL_API
+int wc_curve25519_shared_secret_ex(curve25519_key* private_key,
+                                   curve25519_key* public_key,
+                                   byte* out, word32* outlen, int endian);
+
 WOLFSSL_API
 int wc_curve25519_init(curve25519_key* key);
 
@@ -74,21 +85,49 @@ void wc_curve25519_free(curve25519_key* key);
 
 
 /* raw key helpers */
+WOLFSSL_API
+int wc_curve25519_import_private(const byte* priv, word32 privSz,
+                                 curve25519_key* key);
+WOLFSSL_API
+int wc_curve25519_import_private_ex(const byte* priv, word32 privSz,
+                                    curve25519_key* key, int endian);
+
 WOLFSSL_API
 int wc_curve25519_import_private_raw(const byte* priv, word32 privSz,
                             const byte* pub, word32 pubSz, curve25519_key* key);
 WOLFSSL_API
+int wc_curve25519_import_private_raw_ex(const byte* priv, word32 privSz,
+                                        const byte* pub, word32 pubSz,
+                                        curve25519_key* key, int endian);
+WOLFSSL_API
 int wc_curve25519_export_private_raw(curve25519_key* key, byte* out,
                                      word32* outLen);
+WOLFSSL_API
+int wc_curve25519_export_private_raw_ex(curve25519_key* key, byte* out,
+                                        word32* outLen, int endian);
 
 WOLFSSL_API
 int wc_curve25519_import_public(const byte* in, word32 inLen,
                                 curve25519_key* key);
+WOLFSSL_API
+int wc_curve25519_import_public_ex(const byte* in, word32 inLen,
+                                   curve25519_key* key, int endian);
 
 WOLFSSL_API
 int wc_curve25519_export_public(curve25519_key* key, byte* out, word32* outLen);
+WOLFSSL_API
+int wc_curve25519_export_public_ex(curve25519_key* key, byte* out,
+                                   word32* outLen, int endian);
 
-
+WOLFSSL_API
+int wc_curve25519_export_key_raw(curve25519_key* key,
+                                 byte* priv, word32 *privSz,
+                                 byte* pub, word32 *pubSz);
+WOLFSSL_API
+int wc_curve25519_export_key_raw_ex(curve25519_key* key,
+                                    byte* priv, word32 *privSz,
+                                    byte* pub, word32 *pubSz,
+                                    int endian);
 /* size helper */
 WOLFSSL_API
 int wc_curve25519_size(curve25519_key* key);
diff --git a/wolfssl/wolfcrypt/ed25519.h b/wolfssl/wolfcrypt/ed25519.h
index 6f9a19989..3a8e287b3 100644
--- a/wolfssl/wolfcrypt/ed25519.h
+++ b/wolfssl/wolfcrypt/ed25519.h
@@ -46,14 +46,17 @@
     "-121665/121666",  value of d
 */
 
-#define ED25519_KEY_SIZE 32
-#define ED25519_SIG_SIZE 64
+#define ED25519_KEY_SIZE     32 /* private key only */
+#define ED25519_SIG_SIZE     64
 
+#define ED25519_PUB_KEY_SIZE 32 /* compressed */
+/* both private and public key */
+#define ED25519_PRV_KEY_SIZE (ED25519_PUB_KEY_SIZE+ED25519_KEY_SIZE)
 
 /* An ED25519 Key */
 typedef struct {
-    byte    p[32];        /* compressed public key */
-    byte    k[64];        /* private key : 32 secret -- 32 public */
+    byte    p[ED25519_PUB_KEY_SIZE]; /* compressed public key */
+    byte    k[ED25519_PRV_KEY_SIZE]; /* private key : 32 secret -- 32 public */
 } ed25519_key;
 
 
@@ -78,11 +81,21 @@ WOLFSSL_API
 int wc_ed25519_export_public(ed25519_key*, byte* out, word32* outLen);
 WOLFSSL_API
 int wc_ed25519_export_private_only(ed25519_key* key, byte* out, word32* outLen);
+WOLFSSL_API
+int wc_ed25519_export_private(ed25519_key* key, byte* out, word32* outLen);
+WOLFSSL_API
+int wc_ed25519_export_key(ed25519_key* key,
+                          byte* priv, word32 *privSz,
+                          byte* pub, word32 *pubSz);
 
 /* size helper */
 WOLFSSL_API
 int wc_ed25519_size(ed25519_key* key);
 WOLFSSL_API
+int wc_ed25519_priv_size(ed25519_key* key);
+WOLFSSL_API
+int wc_ed25519_pub_size(ed25519_key* key);
+WOLFSSL_API
 int wc_ed25519_sig_size(ed25519_key* key);
 
 #ifdef __cplusplus

From aa0852bf719dd255a560432e3770008a4a434376 Mon Sep 17 00:00:00 2001
From: Ludovic FLAMENT <ludovic.flament@cryptograph-ic.com>
Date: Mon, 3 Aug 2015 09:05:02 +0200
Subject: [PATCH 299/350] Fix Curve25519 test

---
 wolfcrypt/test/test.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c
index 6f26c9d06..c5d79f3d3 100644
--- a/wolfcrypt/test/test.c
+++ b/wolfcrypt/test/test.c
@@ -5461,9 +5461,11 @@ int curve25519_test(void)
         return -1003;
 
     /* find shared secret key */
+    x = sizeof(sharedA);
     if (wc_curve25519_shared_secret(&userA, &userB, sharedA, &x) != 0)
         return -1004;
 
+    y = sizeof(sharedB);
     if (wc_curve25519_shared_secret(&userB, &userA, sharedB, &y) != 0)
         return -1005;
 
@@ -5475,6 +5477,7 @@ int curve25519_test(void)
         return -1007;
 
     /* export a public key and import it for another user */
+    x = sizeof(exportBuf);
     if (wc_curve25519_export_public(&userA, exportBuf, &x) != 0)
         return -1008;
 
@@ -5483,6 +5486,7 @@ int curve25519_test(void)
 
     /* test shared key after importing a public key */
     XMEMSET(sharedB, 0, sizeof(sharedB));
+    y = sizeof(sharedB);
     if (wc_curve25519_shared_secret(&userB, &pubKey, sharedB, &y) != 0)
         return -1010;
 
@@ -5500,6 +5504,7 @@ int curve25519_test(void)
 
     /* test against known test vector */
     XMEMSET(sharedB, 0, sizeof(sharedB));
+    y = sizeof(sharedB);
     if (wc_curve25519_shared_secret(&userA, &userB, sharedB, &y) != 0)
         return -1014;
 
@@ -5508,6 +5513,7 @@ int curve25519_test(void)
 
     /* test swaping roles of keys and generating same shared key */
     XMEMSET(sharedB, 0, sizeof(sharedB));
+    y = sizeof(sharedB);
     if (wc_curve25519_shared_secret(&userB, &userA, sharedB, &y) != 0)
         return -1016;
 
@@ -5522,9 +5528,11 @@ int curve25519_test(void)
     if (wc_curve25519_make_key(&rng, 32, &userB) != 0)
         return -1019;
 
+    x = sizeof(sharedA);
     if (wc_curve25519_shared_secret(&userA, &userB, sharedA, &x) != 0)
         return -1020;
 
+    y = sizeof(sharedB);
     if (wc_curve25519_shared_secret(&userB, &userA, sharedB, &y) != 0)
         return -1021;
 

From 590f3e1ca04c54ddc1604cf1f6b453e17df03cbd Mon Sep 17 00:00:00 2001
From: Jacob Barthelmeh <jacob@wolfssl.com>
Date: Thu, 6 Aug 2015 08:50:16 -0700
Subject: [PATCH 300/350] Merge pull request #113 from lfcrypto/wolfssl

add check of ret value
---
 wolfcrypt/src/ed25519.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/wolfcrypt/src/ed25519.c b/wolfcrypt/src/ed25519.c
index 7ddfc3af2..e3d6d06db 100644
--- a/wolfcrypt/src/ed25519.c
+++ b/wolfcrypt/src/ed25519.c
@@ -112,6 +112,8 @@ int wc_ed25519_sign_msg(const byte* in, word32 inlen, byte* out,
     /* step 1: create nonce to use where nonce is r in
        r = H(h_b, ... ,h_2b-1,M) */
     ret = wc_Sha512Hash(key->k, ED25519_KEY_SIZE, az);
+    if (ret != 0)
+        return ret;
 
     /* apply clamp */
     az[0]  &= 248;
@@ -130,7 +132,7 @@ int wc_ed25519_sign_msg(const byte* in, word32 inlen, byte* out,
     ret = wc_Sha512Final(&sha, nonce);
     if (ret != 0)
         return ret;
-    
+
     sc_reduce(nonce);
 
     /* step 2: computing R = rB where rB is the scalar multiplication of

From 716ab20afaa71610d2b606dc41d1c866c5860788 Mon Sep 17 00:00:00 2001
From: Chris Conlon <chris@wolfssl.com>
Date: Thu, 6 Aug 2015 10:25:47 -0600
Subject: [PATCH 301/350] Update MPLABX project files, define WOLFSSL_HAVE_MIN
 in MICROCHIP_PIC32

---
 mplabx/wolfssl.X/nbproject/configurations.xml | 11 ++++++++++-
 wolfssl/wolfcrypt/settings.h                  |  1 +
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/mplabx/wolfssl.X/nbproject/configurations.xml b/mplabx/wolfssl.X/nbproject/configurations.xml
index 3eab93236..043adc04e 100755
--- a/mplabx/wolfssl.X/nbproject/configurations.xml
+++ b/mplabx/wolfssl.X/nbproject/configurations.xml
@@ -50,6 +50,15 @@
         <itemPath>../../wolfcrypt/src/tfm.c</itemPath>
         <itemPath>../../wolfcrypt/src/wc_port.c</itemPath>
         <itemPath>../../wolfcrypt/src/port/pic32/pic32mz-hash.c</itemPath>
+        <itemPath>../../wolfcrypt/src/hash.c</itemPath>
+        <itemPath>../../wolfcrypt/src/chacha20_poly1305.c</itemPath>
+        <itemPath>../../wolfcrypt/src/curve25519.c</itemPath>
+        <itemPath>../../wolfcrypt/src/ed25519.c</itemPath>
+        <itemPath>../../wolfcrypt/src/fe_low_mem.c</itemPath>
+        <itemPath>../../wolfcrypt/src/fe_operations.c</itemPath>
+        <itemPath>../../wolfcrypt/src/ge_low_mem.c</itemPath>
+        <itemPath>../../wolfcrypt/src/ge_operations.c</itemPath>
+        <itemPath>../../wolfcrypt/src/wc_encrypt.c</itemPath>
       </logicalFolder>
       <logicalFolder name="f1" displayName="wolfssl" projectFiles="true">
         <itemPath>../../src/crl.c</itemPath>
@@ -85,7 +94,7 @@
         <targetPluginBoard></targetPluginBoard>
         <platformTool>PKOBSKDEPlatformTool</platformTool>
         <languageToolchain>XC32</languageToolchain>
-        <languageToolchainVersion></languageToolchainVersion>
+        <languageToolchainVersion>1.33</languageToolchainVersion>
         <platform>4</platform>
       </toolsSet>
       <compileType>
diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h
index 34c5dc8eb..567afd746 100644
--- a/wolfssl/wolfcrypt/settings.h
+++ b/wolfssl/wolfcrypt/settings.h
@@ -178,6 +178,7 @@
     #define USE_FAST_MATH
     #define TFM_TIMING_RESISTANT
     #define NEED_AES_TABLES
+    #define WOLFSSL_HAVE_MIN
 #endif
 
 #ifdef WOLFSSL_MICROCHIP_PIC32MZ

From 08111ab59fa67a29114c76f05926278e567c6038 Mon Sep 17 00:00:00 2001
From: kaleb-himes <kaleb@wolfssl.com>
Date: Thu, 6 Aug 2015 10:43:55 -0600
Subject: [PATCH 302/350] fix for test failure with --enable-hc128
 --disable-md5

---
 wolfssl/internal.h | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/wolfssl/internal.h b/wolfssl/internal.h
index bed49725b..4bf21ae56 100644
--- a/wolfssl/internal.h
+++ b/wolfssl/internal.h
@@ -331,7 +331,9 @@ typedef byte word24[3];
     #endif
 
     #if !defined(NO_HC128) && !defined(NO_RSA) && !defined(NO_TLS)
-        #define BUILD_TLS_RSA_WITH_HC_128_MD5
+        #ifndef NO_MD5
+            #define BUILD_TLS_RSA_WITH_HC_128_MD5
+        #endif
         #if !defined(NO_SHA)
             #define BUILD_TLS_RSA_WITH_HC_128_SHA
         #endif

From 9397b9e10f0fc9c57c42dda72c6c63a2b0f2cb39 Mon Sep 17 00:00:00 2001
From: lchristina26 <leah@wolfssl.com>
Date: Thu, 6 Aug 2015 16:40:36 -0600
Subject: [PATCH 303/350] move MBED GenerateSeed() due to duplicated code

---
 wolfcrypt/src/random.c | 14 +-------------
 1 file changed, 1 insertion(+), 13 deletions(-)

diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c
index 4a1f7ea5b..3dbb26dfd 100755
--- a/wolfcrypt/src/random.c
+++ b/wolfcrypt/src/random.c
@@ -1017,18 +1017,6 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
     return 0;
 }
 
-#elif defined(MBED)
-
-/* write a real one !!!, just for testing board */
-int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
-{
-    int i;
-    for (i = 0; i < sz; i++ )
-        output[i] = i;
-
-    return 0;
-}
-
 #elif defined(MICROCHIP_PIC32)
 
 #ifdef MICROCHIP_MPLAB_HARMONY
@@ -1225,7 +1213,7 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
 
         return 0;
     }
-#elif defined(WOLFSSL_LPC43xx) || defined(WOLFSSL_STM32F2xx)
+#elif defined(WOLFSSL_LPC43xx) || defined(WOLFSSL_STM32F2xx) || defined(MBED)
 
     #warning "write a real random seed!!!!, just for testing now"
 

From 0a037d39fff06f26a7dd4b624e4f0aa332dfa8ff Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Fri, 7 Aug 2015 09:37:22 -0700
Subject: [PATCH 304/350] fix srp request; forcezero, check mp_init(), no leaks

---
 wolfcrypt/src/srp.c | 43 ++++++++++++++++++++++++++++---------------
 1 file changed, 28 insertions(+), 15 deletions(-)

diff --git a/wolfcrypt/src/srp.c b/wolfcrypt/src/srp.c
index 6e8b22d2f..7d9560911 100644
--- a/wolfcrypt/src/srp.c
+++ b/wolfcrypt/src/srp.c
@@ -31,6 +31,12 @@
 #include <wolfssl/wolfcrypt/random.h>
 #include <wolfssl/wolfcrypt/error-crypt.h>
 
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #include <wolfcrypt/src/misc.c>
+#endif
+
 /** Computes the session key using the Mask Generation Function 1. */
 static int wc_SrpSetKey(Srp* srp, byte* secret, word32 size);
 
@@ -194,14 +200,14 @@ void wc_SrpTerm(Srp* srp)
         mp_clear(&srp->N);    mp_clear(&srp->g);
         mp_clear(&srp->auth); mp_clear(&srp->priv);
 
-        XMEMSET(srp->salt, 0, srp->saltSz);
+        ForceZero(srp->salt, srp->saltSz);
         XFREE(srp->salt, NULL, DYNAMIC_TYPE_SRP);
-        XMEMSET(srp->user, 0, srp->userSz);
+        ForceZero(srp->user, srp->userSz);
         XFREE(srp->user, NULL, DYNAMIC_TYPE_SRP);
-        XMEMSET(srp->key, 0, srp->keySz);
+        ForceZero(srp->key, srp->keySz);
         XFREE(srp->key, NULL, DYNAMIC_TYPE_SRP);
 
-        XMEMSET(srp, 0, sizeof(Srp));
+        ForceZero(srp, sizeof(Srp));
     }
 }
 
@@ -252,7 +258,7 @@ int wc_SrpSetParams(Srp* srp, const byte* N,    word32 nSz,
 
     /* Set salt */
     if (srp->salt) {
-        XMEMSET(srp->salt, 0, srp->saltSz);
+        ForceZero(srp->salt, srp->saltSz);
         XFREE(srp->salt, NULL, DYNAMIC_TYPE_SRP);
     }
 
@@ -284,8 +290,10 @@ int wc_SrpSetParams(Srp* srp, const byte* N,    word32 nSz,
     if (!r) r = SrpHashFinal(&hash, digest2);
 
     /* digest1 = H(N) ^ H(g) */
-    for (i = 0, j = SrpHashSize(srp->type); i < j; i++)
-        digest1[i] ^= digest2[i];
+    if (r == 0) {
+        for (i = 0, j = SrpHashSize(srp->type); i < j; i++)
+            digest1[i] ^= digest2[i];
+    }
 
     /* digest2 = H(user) */
     if (!r) r = SrpHashInit(&hash, srp->type);
@@ -331,7 +339,7 @@ int wc_SrpSetPassword(Srp* srp, const byte* password, word32 size)
     /* Set x (private key) */
     if (!r) r = mp_read_unsigned_bin(&srp->auth, digest, digestSz);
 
-    XMEMSET(digest, 0, SRP_MAX_DIGEST_SIZE);
+    ForceZero(digest, SRP_MAX_DIGEST_SIZE);
 
     return r;
 }
@@ -348,6 +356,8 @@ int wc_SrpGetVerifier(Srp* srp, byte* verifier, word32* size)
         return SRP_CALL_ORDER_E;
 
     r = mp_init(&v);
+    if (r != MP_OKAY)
+        return MP_INIT_E;
 
     /* v = g ^ x % N */
     if (!r) r = mp_exptmod(&srp->g, &srp->auth, &srp->N, &v);
@@ -380,6 +390,8 @@ int wc_SrpSetPrivate(Srp* srp, const byte* private, word32 size)
         return SRP_CALL_ORDER_E;
 
     r = mp_init(&p);
+    if (r != MP_OKAY)
+        return MP_INIT_E;
     if (!r) r = mp_read_unsigned_bin(&p, private, size);
     if (!r) r = mp_mod(&p, &srp->N, &srp->priv);
     if (!r) r = mp_iszero(&srp->priv) ? SRP_BAD_KEY_E : 0;
@@ -406,10 +418,7 @@ int wc_SrpGetPublic(Srp* srp, byte* public, word32* size)
 {
     mp_int pubkey;
     word32 modulusSz;
-    int r = mp_init(&pubkey);
-
-    if (r != 0)
-        return r;
+    int r;
 
     if (!srp || !public || !size)
         return BAD_FUNC_ARG;
@@ -421,6 +430,10 @@ int wc_SrpGetPublic(Srp* srp, byte* public, word32* size)
     if (*size < modulusSz)
         return BUFFER_E;
 
+    r = mp_init(&pubkey);
+    if (r != MP_OKAY)
+        return MP_INIT_E;
+
     /* priv = random() */
     if (mp_iszero(&srp->priv))
         r = wc_SrpGenPrivate(srp, public, modulusSz);
@@ -460,7 +473,7 @@ static int wc_SrpSetKey(Srp* srp, byte* secret, word32 size)
     byte digest[SRP_MAX_DIGEST_SIZE];
     word32 i, j, digestSz = SrpHashSize(srp->type);
     byte counter[4];
-    int r;
+    int r = BAD_FUNC_ARG;
 
     srp->key = (byte*)XMALLOC(2 * digestSz, NULL, DYNAMIC_TYPE_SRP);
     if (srp->key == NULL)
@@ -489,8 +502,8 @@ static int wc_SrpSetKey(Srp* srp, byte* secret, word32 size)
         }
     }
 
-    XMEMSET(digest, 0, sizeof(digest));
-    XMEMSET(&hash, 0, sizeof(SrpHash));
+    ForceZero(digest, sizeof(digest));
+    ForceZero(&hash, sizeof(SrpHash));
 
     return r;
 }

From 5d40c5f566cd872f349113102dfe6b287a0684b0 Mon Sep 17 00:00:00 2001
From: Chris Conlon <chris@wolfssl.com>
Date: Fri, 7 Aug 2015 11:53:19 -0600
Subject: [PATCH 305/350] Rename RNG to WC_RNG for Freescale, add
 NO_OLD_RNGNAME define to completely remove RNG type usage

---
 .../Projects/CryptBenchmark/benchmark.c       |   2 +-
 IDE/MDK5-ARM/Projects/CryptTest/test.c        |  16 +--
 IDE/MDK5-ARM/Projects/CyaSSL-Full/benchmark.c |   2 +-
 IDE/MDK5-ARM/Projects/CyaSSL-Full/test.c      |  18 +--
 mcapi/crypto.c                                |  14 +-
 mcapi/mcapi_test.c                            |   2 +-
 src/internal.c                                |   6 +-
 src/ssl.c                                     | 124 +++++++++---------
 src/tls.c                                     |   4 +-
 swig/wolfssl.i                                |   6 +-
 swig/wolfssl_adds.c                           |   4 +-
 wolfcrypt/benchmark/benchmark.c               |   2 +-
 wolfcrypt/src/asn.c                           |  16 +--
 wolfcrypt/src/curve25519.c                    |   2 +-
 wolfcrypt/src/dh.c                            |   4 +-
 wolfcrypt/src/dsa.c                           |   6 +-
 wolfcrypt/src/ecc.c                           |  14 +-
 wolfcrypt/src/ed25519.c                       |   2 +-
 wolfcrypt/src/integer.c                       |   2 +-
 wolfcrypt/src/pkcs7.c                         |   4 +-
 wolfcrypt/src/random.c                        |  32 ++---
 wolfcrypt/src/rsa.c                           |  14 +-
 wolfcrypt/src/srp.c                           |   2 +-
 wolfcrypt/src/tfm.c                           |   6 +-
 wolfcrypt/test/test.c                         |  22 ++--
 wolfssl/internal.h                            |   2 +-
 wolfssl/test.h                                |  12 +-
 wolfssl/wolfcrypt/asn_public.h                |   9 +-
 wolfssl/wolfcrypt/curve25519.h                |   2 +-
 wolfssl/wolfcrypt/dh.h                        |   2 +-
 wolfssl/wolfcrypt/dsa.h                       |   6 +-
 wolfssl/wolfcrypt/ecc.h                       |  10 +-
 wolfssl/wolfcrypt/ed25519.h                   |   2 +-
 wolfssl/wolfcrypt/integer.h                   |   2 +-
 wolfssl/wolfcrypt/pkcs7.h                     |   4 +-
 wolfssl/wolfcrypt/random.h                    |  24 ++--
 wolfssl/wolfcrypt/rsa.h                       |   6 +-
 wolfssl/wolfcrypt/settings.h                  |   6 +
 wolfssl/wolfcrypt/tfm.h                       |   2 +-
 39 files changed, 214 insertions(+), 201 deletions(-)

diff --git a/IDE/MDK5-ARM/Projects/CryptBenchmark/benchmark.c b/IDE/MDK5-ARM/Projects/CryptBenchmark/benchmark.c
index fa13b8b80..9ee281329 100644
--- a/IDE/MDK5-ARM/Projects/CryptBenchmark/benchmark.c
+++ b/IDE/MDK5-ARM/Projects/CryptBenchmark/benchmark.c
@@ -797,7 +797,7 @@ void bench_blake2(void)
 
 #if !defined(NO_RSA) || !defined(NO_DH) \
                                 || defined(CYASSL_KEYGEN) || defined(HAVE_ECC)
-static RNG rng;
+static WC_RNG rng;
 #endif
 
 #ifndef NO_RSA
diff --git a/IDE/MDK5-ARM/Projects/CryptTest/test.c b/IDE/MDK5-ARM/Projects/CryptTest/test.c
index 167832eae..9b9bf3537 100644
--- a/IDE/MDK5-ARM/Projects/CryptTest/test.c
+++ b/IDE/MDK5-ARM/Projects/CryptTest/test.c
@@ -2667,7 +2667,7 @@ int random_test(void)
 
 int random_test(void)
 {
-    RNG  rng;
+    WC_RNG rng;
     byte block[32];
     int ret;
 
@@ -2693,7 +2693,7 @@ byte GetEntropy(ENTROPY_CMD cmd, byte* out);
 
 byte GetEntropy(ENTROPY_CMD cmd, byte* out)
 {
-    static RNG rng;
+    static WC_RNG rng;
 
     if (cmd == INIT)
         return (InitRng(&rng) == 0) ? 1 : 0;
@@ -2768,7 +2768,7 @@ int rsa_test(void)
     byte*   tmp;
     size_t bytes;
     RsaKey key;
-    RNG    rng;
+    WC_RNG rng;
     word32 idx = 0;
     int    ret;
     byte   in[] = "Everyone gets Friday off.";
@@ -3652,7 +3652,7 @@ int dh_test(void)
     byte   agree2[256];
     DhKey  key;
     DhKey  key2;
-    RNG    rng;
+    WC_RNG rng;
 
 
 #ifdef USE_CERT_BUFFERS_1024
@@ -3725,7 +3725,7 @@ int dsa_test(void)
     word32 idx = 0;
     byte   tmp[1024];
     DsaKey key;
-    RNG    rng;
+    WC_RNG rng;
     Sha    sha;
     byte   hash[SHA_DIGEST_SIZE];
     byte   signature[40];
@@ -4200,7 +4200,7 @@ int hkdf_test(void)
 
 int ecc_test(void)
 {
-    RNG     rng;
+    WC_RNG  rng;
     byte    sharedA[1024];
     byte    sharedB[1024];
     byte    sig[1024];
@@ -4300,7 +4300,7 @@ int ecc_test(void)
 
 int ecc_encrypt_test(void)
 {
-    RNG     rng;
+    WC_RNG  rng;
     int     ret;
     ecc_key userA, userB;
     byte    msg[48];
@@ -4669,7 +4669,7 @@ int pkcs7signed_test(void)
     char data[] = "Hello World";
     word32 dataSz, outSz, certDerSz, keyDerSz;
     PKCS7 msg;
-    RNG rng;
+    WC_RNG rng;
 
     byte transIdOid[] =
                { 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01,
diff --git a/IDE/MDK5-ARM/Projects/CyaSSL-Full/benchmark.c b/IDE/MDK5-ARM/Projects/CyaSSL-Full/benchmark.c
index 528c0a76f..faf6b7793 100644
--- a/IDE/MDK5-ARM/Projects/CyaSSL-Full/benchmark.c
+++ b/IDE/MDK5-ARM/Projects/CyaSSL-Full/benchmark.c
@@ -772,7 +772,7 @@ void bench_blake2(void)
 
 #if !defined(NO_RSA) || !defined(NO_DH) \
                                 || defined(CYASSL_KEYGEN) || defined(HAVE_ECC)
-static RNG rng;
+static WC_RNG rng;
 #endif
 
 #ifndef NO_RSA
diff --git a/IDE/MDK5-ARM/Projects/CyaSSL-Full/test.c b/IDE/MDK5-ARM/Projects/CyaSSL-Full/test.c
index 43f9e7952..751cfdf85 100644
--- a/IDE/MDK5-ARM/Projects/CyaSSL-Full/test.c
+++ b/IDE/MDK5-ARM/Projects/CyaSSL-Full/test.c
@@ -2583,7 +2583,7 @@ int camellia_test(void)
 
 int random_test(void)
 {
-    RNG  rng;
+    WC_RNG rng;
     byte block[32];
     int ret;
 
@@ -2607,7 +2607,7 @@ byte GetEntropy(ENTROPY_CMD cmd, byte* out);
 
 byte GetEntropy(ENTROPY_CMD cmd, byte* out)
 {
-    static RNG rng;
+    static WC_RNG rng;
 
     if (cmd == INIT)
         return (InitRng(&rng) == 0) ? 1 : 0;
@@ -2682,7 +2682,7 @@ int rsa_test(void)
     byte*   tmp;
     size_t bytes;
     RsaKey key;
-    RNG    rng;
+    WC_RNG rng;
     word32 idx = 0;
     int    ret;
     byte   in[] = "Everyone gets Friday off.";
@@ -3558,7 +3558,7 @@ int dh_test(void)
     byte   agree2[256];
     DhKey  key;
     DhKey  key2;
-    RNG    rng;
+    WC_RNG rng;
 
 
 #ifdef USE_CERT_BUFFERS_1024
@@ -3631,7 +3631,7 @@ int dsa_test(void)
     word32 idx = 0;
     byte   tmp[1024];
     DsaKey key;
-    RNG    rng;
+    WC_RNG rng;
     Sha    sha;
     byte   hash[SHA_DIGEST_SIZE];
     byte   signature[40];
@@ -4098,7 +4098,7 @@ int hkdf_test(void)
 
 int ecc_test(void)
 {
-    RNG     rng;
+    WC_RNG  rng;
     byte    sharedA[1024];
     byte    sharedB[1024];
     byte    sig[1024];
@@ -4198,7 +4198,7 @@ int ecc_test(void)
 
 int ecc_encrypt_test(void)
 {
-    RNG     rng;
+    WC_RNG  rng;
     int     ret;
     ecc_key userA, userB;
     byte    msg[48];
@@ -4563,8 +4563,8 @@ int pkcs7signed_test(void)
     byte* out;
     char data[] = "Hello World";
     word32 dataSz, outSz, certDerSz, keyDerSz;
-    PKCS7 msg;
-    RNG rng;
+    PKCS7  msg;
+    WC_RNG rng;
 
     byte transIdOid[] =
                { 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01,
diff --git a/mcapi/crypto.c b/mcapi/crypto.c
index ef947567b..4cb890c48 100644
--- a/mcapi/crypto.c
+++ b/mcapi/crypto.c
@@ -285,13 +285,13 @@ int CRYPT_HUFFMAN_DeCompress(unsigned char* out, unsigned int outSz,
 /* RNG Initialize, < 0 on error */
 int CRYPT_RNG_Initialize(CRYPT_RNG_CTX* rng)
 {
-    typedef char rng_test[sizeof(CRYPT_RNG_CTX) >= sizeof(RNG) ? 1 : -1];
+    typedef char rng_test[sizeof(CRYPT_RNG_CTX) >= sizeof(WC_RNG) ? 1 : -1];
     (void)sizeof(rng_test);
 
     if (rng == NULL)
         return BAD_FUNC_ARG;
 
-    return InitRng((RNG*)rng);
+    return InitRng((WC_RNG*)rng);
 }
 
 
@@ -301,7 +301,7 @@ int CRYPT_RNG_Get(CRYPT_RNG_CTX* rng, unsigned char* b)
     if (rng == NULL || b == NULL)
         return BAD_FUNC_ARG;
 
-    return RNG_GenerateByte((RNG*)rng, (byte*)b);
+    return RNG_GenerateByte((WC_RNG*)rng, (byte*)b);
 }
 
 
@@ -312,7 +312,7 @@ int CRYPT_RNG_BlockGenerate(CRYPT_RNG_CTX* rng, unsigned char* b,
     if (rng == NULL || b == NULL)
         return BAD_FUNC_ARG;
 
-    return RNG_GenerateBlock((RNG*)rng, b, sz);
+    return RNG_GenerateBlock((WC_RNG*)rng, b, sz);
 }
 
 
@@ -512,7 +512,7 @@ int CRYPT_RSA_PublicEncrypt(CRYPT_RSA_CTX* rsa, unsigned char* out,
         return BAD_FUNC_ARG;
 
     return RsaPublicEncrypt(in, inSz, out, outSz, (RsaKey*)rsa->holder,
-                            (RNG*)rng);
+                            (WC_RNG*)rng);
 }
 
 
@@ -614,7 +614,7 @@ int CRYPT_ECC_DHE_KeyMake(CRYPT_ECC_CTX* ecc, CRYPT_RNG_CTX* rng, int keySz)
     if (ecc == NULL || rng == NULL)
         return BAD_FUNC_ARG;
 
-    return wc_ecc_make_key((RNG*)rng, keySz, (ecc_key*)ecc->holder);
+    return wc_ecc_make_key((WC_RNG*)rng, keySz, (ecc_key*)ecc->holder);
 }
 
 
@@ -649,7 +649,7 @@ int CRYPT_ECC_DSA_HashSign(CRYPT_ECC_CTX* ecc, CRYPT_RNG_CTX* rng,
                                                                 in == NULL)
         return BAD_FUNC_ARG;
 
-    ret = wc_ecc_sign_hash(in, inSz, sig, &inOut, (RNG*)rng,
+    ret = wc_ecc_sign_hash(in, inSz, sig, &inOut, (WC_RNG*)rng,
                        (ecc_key*)ecc->holder);
     *usedSz = inOut;
 
diff --git a/mcapi/mcapi_test.c b/mcapi/mcapi_test.c
index e7d9665ed..b7bf06292 100644
--- a/mcapi/mcapi_test.c
+++ b/mcapi/mcapi_test.c
@@ -69,7 +69,7 @@ static byte ourData[OUR_DATA_SIZE];
 static byte* key = NULL;
 static byte* iv  = NULL;
 static CRYPT_RNG_CTX mcRng;
-static RNG           defRng;
+static WC_RNG        defRng;
 
 static int check_md5(void);
 static int check_sha(void);
diff --git a/src/internal.c b/src/internal.c
index e4b6d9536..4a822dcaa 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -244,7 +244,7 @@ static int QSH_FreeAll(WOLFSSL* ssl)
 
 
 #ifdef HAVE_NTRU
-static RNG* rng;
+static WC_RNG* rng;
 static wolfSSL_Mutex* rngMutex;
 
 static word32 GetEntropy(unsigned char* out, word32 num_bytes)
@@ -252,7 +252,7 @@ static word32 GetEntropy(unsigned char* out, word32 num_bytes)
     int ret = 0;
 
     if (rng == NULL) {
-        if ((rng = XMALLOC(sizeof(RNG), 0, DYNAMIC_TYPE_TLSX)) == NULL)
+        if ((rng = XMALLOC(sizeof(WC_RNG), 0, DYNAMIC_TYPE_TLSX)) == NULL)
             return DRBG_OUT_OF_MEMORY;
         wc_InitRng(rng);
     }
@@ -1765,7 +1765,7 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx)
 #endif /* NO_PSK */
 
     /* RNG */
-    ssl->rng = (RNG*)XMALLOC(sizeof(RNG), ssl->heap, DYNAMIC_TYPE_RNG);
+    ssl->rng = (WC_RNG*)XMALLOC(sizeof(WC_RNG), ssl->heap, DYNAMIC_TYPE_RNG);
     if (ssl->rng == NULL) {
         WOLFSSL_MSG("RNG Memory error");
         return MEMORY_E;
diff --git a/src/ssl.c b/src/ssl.c
index 358879f19..3cb82827f 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -10920,7 +10920,7 @@ int wolfSSL_cmp_peer_cert_to_file(WOLFSSL* ssl, const char *fname)
 #endif
 
 
-static RNG globalRNG;
+static WC_RNG globalRNG;
 static int initGlobalRNG = 0;
 
 /* SSL_SUCCESS on ok */
@@ -10947,19 +10947,19 @@ int wolfSSL_RAND_seed(const void* seed, int len)
 /* SSL_SUCCESS on ok */
 int wolfSSL_RAND_bytes(unsigned char* buf, int num)
 {
-    int    ret = 0;
-    int    initTmpRng = 0;
-    RNG*   rng = NULL;
+    int     ret = 0;
+    int     initTmpRng = 0;
+    WC_RNG* rng = NULL;
 #ifdef WOLFSSL_SMALL_STACK
-    RNG*   tmpRNG = NULL;
+    WC_RNG* tmpRNG = NULL;
 #else
-    RNG    tmpRNG[1];
+    WC_RNG  tmpRNG[1];
 #endif
 
     WOLFSSL_ENTER("wolfSSL_RAND_bytes");
 
 #ifdef WOLFSSL_SMALL_STACK
-    tmpRNG = (RNG*)XMALLOC(sizeof(RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
     if (tmpRNG == NULL)
         return ret;
 #endif
@@ -11285,12 +11285,12 @@ int wolfSSL_BN_rand(WOLFSSL_BIGNUM* bn, int bits, int top, int bottom)
     int           ret    = 0;
     int           len    = bits / 8;
     int           initTmpRng = 0;
-    RNG*          rng    = NULL;
+    WC_RNG*       rng    = NULL;
 #ifdef WOLFSSL_SMALL_STACK
-    RNG*          tmpRNG = NULL;
+    WC_RNG*       tmpRNG = NULL;
     byte*         buff   = NULL;
 #else
-    RNG           tmpRNG[1];
+    WC_RNG        tmpRNG[1];
     byte          buff[1024];
 #endif
 
@@ -11303,7 +11303,7 @@ int wolfSSL_BN_rand(WOLFSSL_BIGNUM* bn, int bits, int top, int bottom)
 
 #ifdef WOLFSSL_SMALL_STACK
     buff   = (byte*)XMALLOC(1024,        NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    tmpRNG = (RNG*) XMALLOC(sizeof(RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    tmpRNG = (WC_RNG*) XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
     if (buff == NULL || tmpRNG == NULL) {
         XFREE(buff,   NULL, DYNAMIC_TYPE_TMP_BUFFER);
         XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -11926,23 +11926,23 @@ int wolfSSL_DH_generate_key(WOLFSSL_DH* dh)
     word32         pubSz  = 768;
     word32         privSz = 768;
     int            initTmpRng = 0;
-    RNG*           rng    = NULL;
+    WC_RNG*        rng    = NULL;
 #ifdef WOLFSSL_SMALL_STACK
     unsigned char* pub    = NULL;
     unsigned char* priv   = NULL;
-    RNG*           tmpRNG = NULL;
+    WC_RNG*        tmpRNG = NULL;
 #else
     unsigned char  pub [768];
     unsigned char  priv[768];
-    RNG            tmpRNG[1];
+    WC_RNG         tmpRNG[1];
 #endif
 
     WOLFSSL_MSG("wolfSSL_DH_generate_key");
 
 #ifdef WOLFSSL_SMALL_STACK
-    tmpRNG = (RNG*)XMALLOC(sizeof(RNG),      NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    pub    = (unsigned char*)XMALLOC(pubSz,  NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    priv   = (unsigned char*)XMALLOC(privSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    pub    = (unsigned char*)XMALLOC(pubSz,   NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    priv   = (unsigned char*)XMALLOC(privSz,  NULL, DYNAMIC_TYPE_TMP_BUFFER);
 
     if (tmpRNG == NULL || pub == NULL || priv == NULL) {
         XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -12530,13 +12530,13 @@ int wolfSSL_RSA_generate_key_ex(WOLFSSL_RSA* rsa, int bits, WOLFSSL_BIGNUM* bn,
 #ifdef WOLFSSL_KEY_GEN
     {
     #ifdef WOLFSSL_SMALL_STACK
-        RNG* rng = NULL;
+        WC_RNG* rng = NULL;
     #else
-        RNG  rng[1];
+        WC_RNG  rng[1];
     #endif
 
     #ifdef WOLFSSL_SMALL_STACK
-        rng = (RNG*)XMALLOC(sizeof(RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        rng = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
         if (rng == NULL)
             return SSL_FAILURE;
     #endif
@@ -12651,15 +12651,15 @@ int wolfSSL_DSA_generate_key(WOLFSSL_DSA* dsa)
 #ifdef WOLFSSL_KEY_GEN
     {
         int initTmpRng = 0;
-        RNG *rng = NULL;
+        WC_RNG *rng = NULL;
 #ifdef WOLFSSL_SMALL_STACK
-        RNG *tmpRNG = NULL;
+        WC_RNG *tmpRNG = NULL;
 #else
-        RNG tmpRNG[1];
+        WC_RNG tmpRNG[1];
 #endif
 
 #ifdef WOLFSSL_SMALL_STACK
-        tmpRNG = (RNG*)XMALLOC(sizeof(RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
         if (tmpRNG == NULL)
             return SSL_FATAL_ERROR;
 #endif
@@ -12724,15 +12724,15 @@ int wolfSSL_DSA_generate_parameters_ex(WOLFSSL_DSA* dsa, int bits,
 #ifdef WOLFSSL_KEY_GEN
     {
         int initTmpRng = 0;
-        RNG *rng = NULL;
+        WC_RNG *rng = NULL;
 #ifdef WOLFSSL_SMALL_STACK
-        RNG *tmpRNG = NULL;
+        WC_RNG *tmpRNG = NULL;
 #else
-        RNG tmpRNG[1];
+        WC_RNG tmpRNG[1];
 #endif
 
 #ifdef WOLFSSL_SMALL_STACK
-        tmpRNG = (RNG*)XMALLOC(sizeof(RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
         if (tmpRNG == NULL)
             return SSL_FATAL_ERROR;
 #endif
@@ -12776,13 +12776,13 @@ int wolfSSL_DSA_generate_parameters_ex(WOLFSSL_DSA* dsa, int bits,
 int wolfSSL_DSA_do_sign(const unsigned char* d, unsigned char* sigRet,
                        WOLFSSL_DSA* dsa)
 {
-    int    ret = SSL_FATAL_ERROR;
-    int    initTmpRng = 0;
-    RNG*   rng = NULL;
+    int     ret = SSL_FATAL_ERROR;
+    int     initTmpRng = 0;
+    WC_RNG* rng = NULL;
 #ifdef WOLFSSL_SMALL_STACK
-    RNG*   tmpRNG = NULL;
+    WC_RNG* tmpRNG = NULL;
 #else
-    RNG    tmpRNG[1];
+    WC_RNG  tmpRNG[1];
 #endif
 
     WOLFSSL_ENTER("wolfSSL_DSA_do_sign");
@@ -12803,7 +12803,7 @@ int wolfSSL_DSA_do_sign(const unsigned char* d, unsigned char* sigRet,
     }
 
 #ifdef WOLFSSL_SMALL_STACK
-    tmpRNG = (RNG*)XMALLOC(sizeof(RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
     if (tmpRNG == NULL)
         return SSL_FATAL_ERROR;
 #endif
@@ -12875,17 +12875,17 @@ int wolfSSL_RSA_sign(int type, const unsigned char* m,
                            unsigned int mLen, unsigned char* sigRet,
                            unsigned int* sigLen, WOLFSSL_RSA* rsa)
 {
-    word32 outLen;
-    word32 signSz;
-    int    initTmpRng = 0;
-    RNG*   rng        = NULL;
-    int    ret        = 0;
+    word32  outLen;
+    word32  signSz;
+    int     initTmpRng = 0;
+    WC_RNG* rng        = NULL;
+    int     ret        = 0;
 #ifdef WOLFSSL_SMALL_STACK
-    RNG*   tmpRNG     = NULL;
-    byte*  encodedSig = NULL;
+    WC_RNG* tmpRNG     = NULL;
+    byte*   encodedSig = NULL;
 #else
-    RNG    tmpRNG[1];
-    byte   encodedSig[MAX_ENCODED_SIG_SZ];
+    WC_RNG  tmpRNG[1];
+    byte    encodedSig[MAX_ENCODED_SIG_SZ];
 #endif
 
     WOLFSSL_MSG("wolfSSL_RSA_sign");
@@ -12913,7 +12913,7 @@ int wolfSSL_RSA_sign(int type, const unsigned char* m,
     outLen = (word32)wolfSSL_BN_num_bytes(rsa->n);
 
 #ifdef WOLFSSL_SMALL_STACK
-    tmpRNG = (RNG*)XMALLOC(sizeof(RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
     if (tmpRNG == NULL)
         return 0;
 
@@ -14024,12 +14024,12 @@ int wolfSSL_EC_KEY_set_group(WOLFSSL_EC_KEY *key, WOLFSSL_EC_GROUP *group)
 
 int wolfSSL_EC_KEY_generate_key(WOLFSSL_EC_KEY *key)
 {
-    int    initTmpRng = 0;
-    RNG*   rng = NULL;
+    int     initTmpRng = 0;
+    WC_RNG* rng = NULL;
 #ifdef WOLFSSL_SMALL_STACK
-    RNG*   tmpRNG = NULL;
+    WC_RNG* tmpRNG = NULL;
 #else
-    RNG    tmpRNG[1];
+    WC_RNG  tmpRNG[1];
 #endif
 
     WOLFSSL_ENTER("wolfSSL_EC_KEY_generate_key");
@@ -14041,7 +14041,7 @@ int wolfSSL_EC_KEY_generate_key(WOLFSSL_EC_KEY *key)
     }
 
 #ifdef WOLFSSL_SMALL_STACK
-    tmpRNG = (RNG*)XMALLOC(sizeof(RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
     if (tmpRNG == NULL)
         return 0;
 #endif
@@ -14659,12 +14659,12 @@ WOLFSSL_ECDSA_SIG *wolfSSL_ECDSA_do_sign(const unsigned char *d, int dlen,
                                          WOLFSSL_EC_KEY *key)
 {
     WOLFSSL_ECDSA_SIG *sig = NULL;
-    int    initTmpRng = 0;
-    RNG*   rng = NULL;
+    int     initTmpRng = 0;
+    WC_RNG* rng = NULL;
 #ifdef WOLFSSL_SMALL_STACK
-    RNG*   tmpRNG = NULL;
+    WC_RNG* tmpRNG = NULL;
 #else
-    RNG    tmpRNG[1];
+    WC_RNG  tmpRNG[1];
 #endif
 
     WOLFSSL_ENTER("wolfSSL_ECDSA_do_sign");
@@ -14686,7 +14686,7 @@ WOLFSSL_ECDSA_SIG *wolfSSL_ECDSA_do_sign(const unsigned char *d, int dlen,
     }
 
 #ifdef WOLFSSL_SMALL_STACK
-    tmpRNG = (RNG*)XMALLOC(sizeof(RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
     if (tmpRNG == NULL)
         return NULL;
 #endif
@@ -16347,11 +16347,11 @@ int wolfSSL_EC25519_generate_key(unsigned char *priv, unsigned int *privSz,
 #else /* WOLFSSL_KEY_GEN */
     int ret = SSL_FAILURE;
     int initTmpRng = 0;
-    RNG *rng = NULL;
+    WC_RNG *rng = NULL;
 #ifdef WOLFSSL_SMALL_STACK
-    RNG *tmpRNG = NULL;
+    WC_RNG *tmpRNG = NULL;
 #else
-    RNG tmpRNG[1];
+    WC_RNG tmpRNG[1];
 #endif
 
     WOLFSSL_ENTER("wolfSSL_EC25519_generate_key");
@@ -16363,7 +16363,7 @@ int wolfSSL_EC25519_generate_key(unsigned char *priv, unsigned int *privSz,
     }
 
 #ifdef WOLFSSL_SMALL_STACK
-    tmpRNG = (RNG*)XMALLOC(sizeof(RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
     if (tmpRNG == NULL)
         return SSL_FAILURE;
 #endif
@@ -16485,11 +16485,11 @@ int wolfSSL_ED25519_generate_key(unsigned char *priv, unsigned int *privSz,
 #else /* WOLFSSL_KEY_GEN */
     int ret = SSL_FAILURE;
     int initTmpRng = 0;
-    RNG *rng = NULL;
+    WC_RNG *rng = NULL;
 #ifdef WOLFSSL_SMALL_STACK
-    RNG *tmpRNG = NULL;
+    WC_RNG *tmpRNG = NULL;
 #else
-    RNG tmpRNG[1];
+    WC_RNG tmpRNG[1];
 #endif
 
     WOLFSSL_ENTER("wolfSSL_ED25519_generate_key");
@@ -16501,7 +16501,7 @@ int wolfSSL_ED25519_generate_key(unsigned char *priv, unsigned int *privSz,
     }
 
 #ifdef WOLFSSL_SMALL_STACK
-    tmpRNG = (RNG*)XMALLOC(sizeof(RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
     if (tmpRNG == NULL)
         return SSL_FATAL_ERROR;
 #endif
diff --git a/src/tls.c b/src/tls.c
index 8c61557ce..59bafa0ed 100644
--- a/src/tls.c
+++ b/src/tls.c
@@ -2058,7 +2058,7 @@ int TLSX_UseSessionTicket(TLSX** extensions, SessionTicket* ticket)
 
 
 #ifdef HAVE_QSH
-static RNG* rng;
+static WC_RNG* rng;
 static wolfSSL_Mutex* rngMutex;
 
 static void TLSX_QSH_FreeAll(QSHScheme* list)
@@ -2841,7 +2841,7 @@ static word32 GetEntropy(unsigned char* out, word32 num_bytes)
     int ret = 0;
 
     if (rng == NULL) {
-        if ((rng = XMALLOC(sizeof(RNG), 0, DYNAMIC_TYPE_TLSX)) == NULL)
+        if ((rng = XMALLOC(sizeof(WC_RNG), 0, DYNAMIC_TYPE_TLSX)) == NULL)
             return DRBG_OUT_OF_MEMORY;
         wc_InitRng(rng);
     }
diff --git a/swig/wolfssl.i b/swig/wolfssl.i
index a03e79cbc..286e263e4 100644
--- a/swig/wolfssl.i
+++ b/swig/wolfssl.i
@@ -27,7 +27,7 @@
     /* defn adds */
     char* wolfSSL_error_string(int err);
     int   wolfSSL_swig_connect(WOLFSSL*, const char* server, int port);
-    RNG*  GetRng(void);
+    WC_RNG* GetRng(void);
     RsaKey* GetRsaPrivateKey(const char* file);
     void    FillSignStr(unsigned char*, const char*, int);
 %}
@@ -44,11 +44,11 @@ int             wolfSSL_Init(void);
 char*           wolfSSL_error_string(int);
 int             wolfSSL_swig_connect(WOLFSSL*, const char* server, int port);
 
-int         wc_RsaSSL_Sign(const unsigned char* in, int inLen, unsigned char* out, int outLen, RsaKey* key, RNG* rng);
+int         wc_RsaSSL_Sign(const unsigned char* in, int inLen, unsigned char* out, int outLen, RsaKey* key, WC_RNG* rng);
 
 int         wc_RsaSSL_Verify(const unsigned char* in, int inLen, unsigned char* out, int outLen, RsaKey* key);
 
-RNG* GetRng(void);
+WC_RNG* GetRng(void);
 RsaKey* GetRsaPrivateKey(const char* file);
 void    FillSignStr(unsigned char*, const char*, int);
 
diff --git a/swig/wolfssl_adds.c b/swig/wolfssl_adds.c
index e12ccac74..00267c926 100644
--- a/swig/wolfssl_adds.c
+++ b/swig/wolfssl_adds.c
@@ -182,9 +182,9 @@ char* wolfSSL_error_string(int err)
 }
 
 
-RNG* GetRng(void)
+WC_RNG* GetRng(void)
 {
-    RNG* rng = (RNG*)malloc(sizeof(RNG));
+    WC_RNG* rng = (WC_RNG*)malloc(sizeof(WC_RNG));
 
     if (rng)
         if (wc_InitRng(rng) != 0) {
diff --git a/wolfcrypt/benchmark/benchmark.c b/wolfcrypt/benchmark/benchmark.c
index e68af6177..c9a15e277 100644
--- a/wolfcrypt/benchmark/benchmark.c
+++ b/wolfcrypt/benchmark/benchmark.c
@@ -194,7 +194,7 @@ static int OpenNitroxDevice(int dma_mode,int dev_id)
 #if !defined(NO_RSA) || !defined(NO_DH) \
                                 || defined(WOLFSSL_KEYGEN) || defined(HAVE_ECC)
     #define HAVE_LOCAL_RNG
-    static RNG rng;
+    static WC_RNG rng;
 #endif
 
 /* use kB instead of mB for embedded benchmarking */
diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
index 5629bfc75..c9aafe289 100644
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -5761,7 +5761,7 @@ static int SetName(byte* output, CertName* name)
 
 /* encode info from cert into DER encoded format */
 static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey,
-                      RNG* rng, const byte* ntruKey, word16 ntruSz)
+                      WC_RNG* rng, const byte* ntruKey, word16 ntruSz)
 {
     int ret;
 
@@ -5933,7 +5933,7 @@ static int WriteCertBody(DerCert* der, byte* buffer)
 
 /* Make RSA signature from buffer (sz), write to sig (sigSz) */
 static int MakeSignature(const byte* buffer, int sz, byte* sig, int sigSz,
-                         RsaKey* rsaKey, ecc_key* eccKey, RNG* rng,
+                         RsaKey* rsaKey, ecc_key* eccKey, WC_RNG* rng,
                          int sigAlgoType)
 {
     int encSigSz, digestSz, typeH = 0, ret = 0;
@@ -6058,7 +6058,7 @@ static int AddSignature(byte* buffer, int bodySz, const byte* sig, int sigSz,
 
 /* Make an x509 Certificate v3 any key type from cert input, write to buffer */
 static int MakeAnyCert(Cert* cert, byte* derBuffer, word32 derSz,
-                       RsaKey* rsaKey, ecc_key* eccKey, RNG* rng,
+                       RsaKey* rsaKey, ecc_key* eccKey, WC_RNG* rng,
                        const byte* ntruKey, word16 ntruSz)
 {
     int ret;
@@ -6095,7 +6095,7 @@ static int MakeAnyCert(Cert* cert, byte* derBuffer, word32 derSz,
 
 /* Make an x509 Certificate v3 RSA or ECC from cert input, write to buffer */
 int wc_MakeCert(Cert* cert, byte* derBuffer, word32 derSz, RsaKey* rsaKey,
-             ecc_key* eccKey, RNG* rng)
+             ecc_key* eccKey, WC_RNG* rng)
 {
     return MakeAnyCert(cert, derBuffer, derSz, rsaKey, eccKey, rng, NULL, 0);
 }
@@ -6104,7 +6104,7 @@ int wc_MakeCert(Cert* cert, byte* derBuffer, word32 derSz, RsaKey* rsaKey,
 #ifdef HAVE_NTRU
 
 int wc_MakeNtruCert(Cert* cert, byte* derBuffer, word32 derSz,
-                  const byte* ntruKey, word16 keySz, RNG* rng)
+                  const byte* ntruKey, word16 keySz, WC_RNG* rng)
 {
     return MakeAnyCert(cert, derBuffer, derSz, NULL, NULL, rng, ntruKey, keySz);
 }
@@ -6320,7 +6320,7 @@ int wc_MakeCertReq(Cert* cert, byte* derBuffer, word32 derSz,
 
 
 int wc_SignCert(int requestSz, int sType, byte* buffer, word32 buffSz,
-             RsaKey* rsaKey, ecc_key* eccKey, RNG* rng)
+             RsaKey* rsaKey, ecc_key* eccKey, WC_RNG* rng)
 {
     int sigSz;
 #ifdef WOLFSSL_SMALL_STACK
@@ -6357,7 +6357,7 @@ int wc_SignCert(int requestSz, int sType, byte* buffer, word32 buffSz,
 
 
 int wc_MakeSelfCert(Cert* cert, byte* buffer, word32 buffSz,
-                    RsaKey* key, RNG* rng)
+                    RsaKey* key, WC_RNG* rng)
 {
     int ret = wc_MakeCert(cert, buffer, buffSz, key, NULL, rng);
 
@@ -7589,7 +7589,7 @@ int EncodeOcspRequest(OcspRequest* req)
 
     extSz = 0;
     if (req->useNonce) {
-        RNG rng;
+        WC_RNG rng;
         if (wc_InitRng(&rng) != 0) {
             WOLFSSL_MSG("\tCannot initialize RNG. Skipping the OSCP Nonce.");
         } else {
diff --git a/wolfcrypt/src/curve25519.c b/wolfcrypt/src/curve25519.c
index 2380e371e..56c5f04e0 100644
--- a/wolfcrypt/src/curve25519.c
+++ b/wolfcrypt/src/curve25519.c
@@ -46,7 +46,7 @@ const curve25519_set_type curve25519_sets[] = {
 };
 
 
-int wc_curve25519_make_key(RNG* rng, int keysize, curve25519_key* key)
+int wc_curve25519_make_key(WC_RNG* rng, int keysize, curve25519_key* key)
 {
     unsigned char basepoint[CURVE25519_KEYSIZE] = {9};
     int  ret;
diff --git a/wolfcrypt/src/dh.c b/wolfcrypt/src/dh.c
index bc4ce11d3..22db2298b 100644
--- a/wolfcrypt/src/dh.c
+++ b/wolfcrypt/src/dh.c
@@ -83,7 +83,7 @@ static word32 DiscreteLogWorkFactor(word32 n)
 }
 
 
-static int GeneratePrivate(DhKey* key, RNG* rng, byte* priv, word32* privSz)
+static int GeneratePrivate(DhKey* key, WC_RNG* rng, byte* priv, word32* privSz)
 {
     int ret;
     word32 sz = mp_unsigned_bin_size(&key->p);
@@ -132,7 +132,7 @@ static int GeneratePublic(DhKey* key, const byte* priv, word32 privSz,
 }
 
 
-int wc_DhGenerateKeyPair(DhKey* key, RNG* rng, byte* priv, word32* privSz,
+int wc_DhGenerateKeyPair(DhKey* key, WC_RNG* rng, byte* priv, word32* privSz,
                       byte* pub, word32* pubSz)
 {
     int ret = GeneratePrivate(key, rng, priv, privSz);
diff --git a/wolfcrypt/src/dsa.c b/wolfcrypt/src/dsa.c
index dc0e20e4b..d7f523653 100644
--- a/wolfcrypt/src/dsa.c
+++ b/wolfcrypt/src/dsa.c
@@ -85,7 +85,7 @@ void wc_FreeDsaKey(DsaKey* key)
 
 #ifdef WOLFSSL_KEY_GEN
 
-int wc_MakeDsaKey(RNG *rng, DsaKey *dsa)
+int wc_MakeDsaKey(WC_RNG *rng, DsaKey *dsa)
 {
     unsigned char *buf;
     int qsize, err;
@@ -146,7 +146,7 @@ int wc_MakeDsaKey(RNG *rng, DsaKey *dsa)
 }
 
 /* modulus_size in bits */
-int wc_MakeDsaParameters(RNG *rng, int modulus_size, DsaKey *dsa)
+int wc_MakeDsaParameters(WC_RNG *rng, int modulus_size, DsaKey *dsa)
 {
     mp_int  tmp, tmp2;
     int     err, msize, qsize,
@@ -341,7 +341,7 @@ int wc_MakeDsaParameters(RNG *rng, int modulus_size, DsaKey *dsa)
 #endif /* WOLFSSL_KEY_GEN */
 
 
-int wc_DsaSign(const byte* digest, byte* out, DsaKey* key, RNG* rng)
+int wc_DsaSign(const byte* digest, byte* out, DsaKey* key, WC_RNG* rng)
 {
     mp_int k, kInv, r, s, H;
     int    ret, sz;
diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c
index ea5fb0a3d..c8a8f87e6 100755
--- a/wolfcrypt/src/ecc.c
+++ b/wolfcrypt/src/ecc.c
@@ -1652,7 +1652,7 @@ int wc_ecc_point_is_at_infinity(ecc_point* p)
 }
 
 
-static int wc_ecc_make_key_ex(RNG* rng, ecc_key* key, const ecc_set_type* dp)
+static int wc_ecc_make_key_ex(WC_RNG* rng, ecc_key* key, const ecc_set_type* dp)
 {
    int            err;
    ecc_point*     base;
@@ -1775,7 +1775,7 @@ static int wc_ecc_make_key_ex(RNG* rng, ecc_key* key, const ecc_set_type* dp)
  return       MP_OKAY if successful,
  upon error all allocated memory will be freed
  */
-int wc_ecc_make_key(RNG* rng, int keysize, ecc_key* key)
+int wc_ecc_make_key(WC_RNG* rng, int keysize, ecc_key* key)
 {
     int x, err;
 
@@ -1835,7 +1835,7 @@ int wc_ecc_init(ecc_key* key)
  return    MP_OKAY if successful
  */
 int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen,
-                     RNG* rng, ecc_key* key)
+                     WC_RNG* rng, ecc_key* key)
 {
     mp_int    r;
     mp_int    s;
@@ -1870,7 +1870,7 @@ int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen,
   s            [out] The destination for s component of the signature
   return    MP_OKAY if successful
 */
-int wc_ecc_sign_hash_ex(const byte* in, word32 inlen, RNG* rng,
+int wc_ecc_sign_hash_ex(const byte* in, word32 inlen, WC_RNG* rng,
                      ecc_key* key, mp_int *r, mp_int *s)
 {
    mp_int        e;
@@ -4834,7 +4834,7 @@ int wc_ecc_ctx_set_peer_salt(ecEncCtx* ctx, const byte* salt)
 }
 
 
-static int ecc_ctx_set_salt(ecEncCtx* ctx, int flags, RNG* rng)
+static int ecc_ctx_set_salt(ecEncCtx* ctx, int flags, WC_RNG* rng)
 {
     byte* saltBuffer = NULL;
 
@@ -4866,7 +4866,7 @@ static void ecc_ctx_init(ecEncCtx* ctx, int flags)
 
 
 /* allow ecc context reset so user doesn't have to init/free for resue */
-int wc_ecc_ctx_reset(ecEncCtx* ctx, RNG* rng)
+int wc_ecc_ctx_reset(ecEncCtx* ctx, WC_RNG* rng)
 {
     if (ctx == NULL || rng == NULL)
         return BAD_FUNC_ARG;
@@ -4877,7 +4877,7 @@ int wc_ecc_ctx_reset(ecEncCtx* ctx, RNG* rng)
 
 
 /* alloc/init and set defaults, return new Context  */
-ecEncCtx* wc_ecc_ctx_new(int flags, RNG* rng)
+ecEncCtx* wc_ecc_ctx_new(int flags, WC_RNG* rng)
 {
     int       ret = 0;
     ecEncCtx* ctx = (ecEncCtx*)XMALLOC(sizeof(ecEncCtx), 0, DYNAMIC_TYPE_ECC);
diff --git a/wolfcrypt/src/ed25519.c b/wolfcrypt/src/ed25519.c
index e3d6d06db..2e5f6545e 100644
--- a/wolfcrypt/src/ed25519.c
+++ b/wolfcrypt/src/ed25519.c
@@ -42,7 +42,7 @@
 /* generate an ed25519 key pair.
  * returns 0 on success
  */
-int wc_ed25519_make_key(RNG* rng, int keySz, ed25519_key* key)
+int wc_ed25519_make_key(WC_RNG* rng, int keySz, ed25519_key* key)
 {
     byte  az[ED25519_PRV_KEY_SIZE];
     int   ret;
diff --git a/wolfcrypt/src/integer.c b/wolfcrypt/src/integer.c
index da58dd0a6..aadc04ed4 100644
--- a/wolfcrypt/src/integer.c
+++ b/wolfcrypt/src/integer.c
@@ -4284,7 +4284,7 @@ static int mp_prime_is_divisible (mp_int * a, int *result)
 
 static const int USE_BBS = 1;
 
-int mp_rand_prime(mp_int* N, int len, RNG* rng, void* heap)
+int mp_rand_prime(mp_int* N, int len, WC_RNG* rng, void* heap)
 {
     int   err, res, type;
     byte* buf;
diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c
index 84c26421a..c581cf5fb 100644
--- a/wolfcrypt/src/pkcs7.c
+++ b/wolfcrypt/src/pkcs7.c
@@ -945,7 +945,7 @@ int wc_PKCS7_VerifySignedData(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz)
 /* create ASN.1 fomatted RecipientInfo structure, returns sequence size */
 WOLFSSL_LOCAL int wc_CreateRecipientInfo(const byte* cert, word32 certSz,
                                      int keyEncAlgo, int blockKeySz,
-                                     RNG* rng, byte* contentKeyPlain,
+                                     WC_RNG* rng, byte* contentKeyPlain,
                                      byte* contentKeyEnc,
                                      int* keyEncSz, byte* out, word32 outSz)
 {
@@ -1178,7 +1178,7 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz)
     byte envDataSeq[MAX_SEQ_SZ];
     byte ver[MAX_VERSION_SZ];
 
-    RNG rng;
+    WC_RNG rng;
     int contentKeyEncSz, blockKeySz;
     byte contentKeyPlain[MAX_CONTENT_KEY_LEN];
 #ifdef WOLFSSL_SMALL_STACK
diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c
index 3dbb26dfd..339114d96 100755
--- a/wolfcrypt/src/random.c
+++ b/wolfcrypt/src/random.c
@@ -39,33 +39,33 @@ int wc_GenerateSeed(OS_Seed* os, byte* seed, word32 sz)
 }
 
 #ifdef HAVE_CAVIUM
-    int  wc_InitRngCavium(RNG* rng, int i)
+    int  wc_InitRngCavium(WC_RNG* rng, int i)
     {
         return InitRngCavium(rng, i);
     }
 #endif
 
 
-int  wc_InitRng(RNG* rng)
+int  wc_InitRng(WC_RNG* rng)
 {
     return InitRng_fips(rng);
 }
 
 
-int  wc_RNG_GenerateBlock(RNG* rng, byte* b, word32 sz)
+int  wc_RNG_GenerateBlock(WC_RNG* rng, byte* b, word32 sz)
 {
     return RNG_GenerateBlock_fips(rng, b, sz);
 }
 
 
-int  wc_RNG_GenerateByte(RNG* rng, byte* b)
+int  wc_RNG_GenerateByte(WC_RNG* rng, byte* b)
 {
     return RNG_GenerateByte(rng, b);
 }
 
 #if defined(HAVE_HASHDRBG) || defined(NO_RC4)
 
-    int wc_FreeRng(RNG* rng)
+    int wc_FreeRng(WC_RNG* rng)
     {
         return FreeRng_fips(rng);
     }
@@ -434,7 +434,7 @@ static int Hash_DRBG_Uninstantiate(DRBG* drbg)
 
 
 /* Get seed and key cipher */
-int wc_InitRng(RNG* rng)
+int wc_InitRng(WC_RNG* rng)
 {
     int ret = BAD_FUNC_ARG;
 
@@ -487,7 +487,7 @@ int wc_InitRng(RNG* rng)
 
 
 /* place a generated block in output */
-int wc_RNG_GenerateBlock(RNG* rng, byte* output, word32 sz)
+int wc_RNG_GenerateBlock(WC_RNG* rng, byte* output, word32 sz)
 {
     int ret;
 
@@ -536,13 +536,13 @@ int wc_RNG_GenerateBlock(RNG* rng, byte* output, word32 sz)
 }
 
 
-int wc_RNG_GenerateByte(RNG* rng, byte* b)
+int wc_RNG_GenerateByte(WC_RNG* rng, byte* b)
 {
     return wc_RNG_GenerateBlock(rng, b, 1);
 }
 
 
-int wc_FreeRng(RNG* rng)
+int wc_FreeRng(WC_RNG* rng)
 {
     int ret = BAD_FUNC_ARG;
 
@@ -687,7 +687,7 @@ static int wc_RNG_HealthTestLocal(int reseed)
 #else /* HAVE_HASHDRBG || NO_RC4 */
 
 /* Get seed and key cipher */
-int wc_InitRng(RNG* rng)
+int wc_InitRng(WC_RNG* rng)
 {
     int  ret;
 #ifdef WOLFSSL_SMALL_STACK
@@ -736,11 +736,11 @@ int wc_InitRng(RNG* rng)
 }
 
 #ifdef HAVE_CAVIUM
-    static void CaviumRNG_GenerateBlock(RNG* rng, byte* output, word32 sz);
+    static void CaviumRNG_GenerateBlock(WC_RNG* rng, byte* output, word32 sz);
 #endif
 
 /* place a generated block in output */
-int wc_RNG_GenerateBlock(RNG* rng, byte* output, word32 sz)
+int wc_RNG_GenerateBlock(WC_RNG* rng, byte* output, word32 sz)
 {
 #ifdef HAVE_INTEL_RDGEN
     if(IS_INTEL_RDRAND)
@@ -757,13 +757,13 @@ int wc_RNG_GenerateBlock(RNG* rng, byte* output, word32 sz)
 }
 
 
-int wc_RNG_GenerateByte(RNG* rng, byte* b)
+int wc_RNG_GenerateByte(WC_RNG* rng, byte* b)
 {
     return wc_RNG_GenerateBlock(rng, b, 1);
 }
 
 
-int wc_FreeRng(RNG* rng)
+int wc_FreeRng(WC_RNG* rng)
 {
     (void)rng;
     return 0;
@@ -776,7 +776,7 @@ int wc_FreeRng(RNG* rng)
 #include "cavium_common.h"
 
 /* Initiliaze RNG for use with Nitrox device */
-int wc_InitRngCavium(RNG* rng, int devId)
+int wc_InitRngCavium(WC_RNG* rng, int devId)
 {
     if (rng == NULL)
         return -1;
@@ -788,7 +788,7 @@ int wc_InitRngCavium(RNG* rng, int devId)
 }
 
 
-static void CaviumRNG_GenerateBlock(RNG* rng, byte* output, word32 sz)
+static void CaviumRNG_GenerateBlock(WC_RNG* rng, byte* output, word32 sz)
 {
     wolfssl_word offset = 0;
     word32      requestId;
diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c
index 5cd6e6331..6f4c3a595 100644
--- a/wolfcrypt/src/rsa.c
+++ b/wolfcrypt/src/rsa.c
@@ -43,7 +43,7 @@ int  wc_FreeRsaKey(RsaKey* key)
 
 
 int  wc_RsaPublicEncrypt(const byte* in, word32 inLen, byte* out,
-                                 word32 outLen, RsaKey* key, RNG* rng)
+                                 word32 outLen, RsaKey* key, WC_RNG* rng)
 {
     return RsaPublicEncrypt_fips(in, inLen, out, outLen, key, rng);
 }
@@ -64,7 +64,7 @@ int  wc_RsaPrivateDecrypt(const byte* in, word32 inLen, byte* out,
 
 
 int  wc_RsaSSL_Sign(const byte* in, word32 inLen, byte* out,
-                            word32 outLen, RsaKey* key, RNG* rng)
+                            word32 outLen, RsaKey* key, WC_RNG* rng)
 {
     return RsaSSL_Sign_fips(in, inLen, out, outLen, key, rng);
 }
@@ -96,7 +96,7 @@ int wc_RsaFlattenPublicKey(RsaKey* key, byte* a, word32* aSz, byte* b,
     return RsaFlattenPublicKey(key, a, aSz, b, bSz);
 }
 #ifdef WOLFSSL_KEY_GEN
-    int wc_MakeRsaKey(RsaKey* key, int size, long e, RNG* rng)
+    int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng)
     {
         return MakeRsaKey(key, size, e, rng);
     }
@@ -219,7 +219,7 @@ int wc_FreeRsaKey(RsaKey* key)
 }
 
 static int wc_RsaPad(const byte* input, word32 inputLen, byte* pkcsBlock,
-                   word32 pkcsBlockLen, byte padValue, RNG* rng)
+                   word32 pkcsBlockLen, byte padValue, WC_RNG* rng)
 {
     if (inputLen == 0)
         return 0;
@@ -391,7 +391,7 @@ done:
 
 
 int wc_RsaPublicEncrypt(const byte* in, word32 inLen, byte* out, word32 outLen,
-                     RsaKey* key, RNG* rng)
+                     RsaKey* key, WC_RNG* rng)
 {
     int sz, ret;
 
@@ -537,7 +537,7 @@ int wc_RsaSSL_Verify(const byte* in, word32 inLen, byte* out, word32 outLen,
 
 /* for Rsa Sign */
 int wc_RsaSSL_Sign(const byte* in, word32 inLen, byte* out, word32 outLen,
-                      RsaKey* key, RNG* rng)
+                      RsaKey* key, WC_RNG* rng)
 {
     int sz, ret;
 
@@ -604,7 +604,7 @@ int wc_RsaFlattenPublicKey(RsaKey* key, byte* e, word32* eSz, byte* n,
 
 #ifdef WOLFSSL_KEY_GEN
 /* Make an RSA key for size bits, with e specified, 65537 is a good e */
-int wc_MakeRsaKey(RsaKey* key, int size, long e, RNG* rng)
+int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng)
 {
     mp_int p, q, tmp1, tmp2, tmp3;
     int    err;
diff --git a/wolfcrypt/src/srp.c b/wolfcrypt/src/srp.c
index 7d9560911..5d893c929 100644
--- a/wolfcrypt/src/srp.c
+++ b/wolfcrypt/src/srp.c
@@ -404,7 +404,7 @@ int wc_SrpSetPrivate(Srp* srp, const byte* private, word32 size)
 /** Generates random data using wolfcrypt RNG. */
 static int wc_SrpGenPrivate(Srp* srp, byte* private, word32 size)
 {
-    RNG rng;
+    WC_RNG rng;
     int r = wc_InitRng(&rng);
 
     if (!r) r = wc_RNG_GenerateBlock(&rng, private, size);
diff --git a/wolfcrypt/src/tfm.c b/wolfcrypt/src/tfm.c
index 7e45f1f6d..021928d6e 100755
--- a/wolfcrypt/src/tfm.c
+++ b/wolfcrypt/src/tfm.c
@@ -2412,7 +2412,7 @@ int mp_mod_d(fp_int *a, fp_digit b, fp_digit *c)
 void fp_gcd(fp_int *a, fp_int *b, fp_int *c);
 void fp_lcm(fp_int *a, fp_int *b, fp_int *c);
 int  fp_isprime(fp_int *a);
-int  fp_randprime(fp_int* N, int len, RNG* rng, void* heap);
+int  fp_randprime(fp_int* N, int len, WC_RNG* rng, void* heap);
 
 int mp_gcd(fp_int *a, fp_int *b, fp_int *c)
 {
@@ -2435,7 +2435,7 @@ int mp_prime_is_prime(mp_int* a, int t, int* result)
     return MP_OKAY;
 }
 
-int mp_rand_prime(mp_int* N, int len, RNG* rng, void* heap)
+int mp_rand_prime(mp_int* N, int len, WC_RNG* rng, void* heap)
 {
     int err;
 
@@ -2589,7 +2589,7 @@ int fp_isprime(fp_int *a)
    return FP_YES;
 }
 
-int fp_randprime(fp_int* N, int len, RNG* rng, void* heap)
+int fp_randprime(fp_int* N, int len, WC_RNG* rng, void* heap)
 {
     static const int USE_BBS = 1;
     int   err, type;
diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c
index d81f9d288..c11e77034 100644
--- a/wolfcrypt/test/test.c
+++ b/wolfcrypt/test/test.c
@@ -3253,7 +3253,7 @@ int random_test(void)
 
 int random_test(void)
 {
-    RNG  rng;
+    WC_RNG rng;
     byte block[32];
     int ret;
 
@@ -3281,7 +3281,7 @@ byte GetEntropy(ENTROPY_CMD cmd, byte* out);
 
 byte GetEntropy(ENTROPY_CMD cmd, byte* out)
 {
-    static RNG rng;
+    static WC_RNG rng;
 
     if (cmd == INIT)
         return (wc_InitRng(&rng) == 0) ? 1 : 0;
@@ -3353,7 +3353,7 @@ int rsa_test(void)
     byte*   tmp;
     size_t bytes;
     RsaKey key;
-    RNG    rng;
+    WC_RNG rng;
     word32 idx = 0;
     int    ret;
     byte   in[] = "Everyone gets Friday off.";
@@ -4308,7 +4308,7 @@ int dh_test(void)
     byte   agree2[256];
     DhKey  key;
     DhKey  key2;
-    RNG    rng;
+    WC_RNG rng;
 
 #ifdef USE_CERT_BUFFERS_1024
     XMEMCPY(tmp, dh_key_der_1024, sizeof_dh_key_der_1024);
@@ -4397,7 +4397,7 @@ int dsa_test(void)
     word32 idx = 0;
     byte   tmp[1024];
     DsaKey key;
-    RNG    rng;
+    WC_RNG rng;
     Sha    sha;
     byte   hash[SHA_DIGEST_SIZE];
     byte   signature[40];
@@ -5108,7 +5108,7 @@ typedef struct rawEccVector {
 
 int ecc_test(void)
 {
-    RNG     rng;
+    WC_RNG  rng;
     byte    sharedA[1024];
     byte    sharedB[1024];
     byte    sig[1024];
@@ -5364,7 +5364,7 @@ int ecc_test(void)
 
 int ecc_encrypt_test(void)
 {
-    RNG     rng;
+    WC_RNG  rng;
     int     ret;
     ecc_key userA, userB;
     byte    msg[48];
@@ -5499,7 +5499,7 @@ int ecc_encrypt_test(void)
 
 int curve25519_test(void)
 {
-    RNG     rng;
+    WC_RNG  rng;
     byte    sharedA[32];
     byte    sharedB[32];
     byte    exportBuf[32];
@@ -5662,7 +5662,7 @@ int curve25519_test(void)
 #ifdef HAVE_ED25519
 int ed25519_test(void)
 {
-    RNG    rng;
+    WC_RNG rng;
     byte   out[ED25519_SIG_SIZE];
     byte   exportPKey[ED25519_KEY_SIZE];
     byte   exportSKey[ED25519_KEY_SIZE];
@@ -6312,8 +6312,8 @@ int pkcs7signed_test(void)
     byte* out;
     char data[] = "Hello World";
     word32 dataSz, outSz, certDerSz, keyDerSz;
-    PKCS7 msg;
-    RNG rng;
+    PKCS7  msg;
+    WC_RNG rng;
 
     byte transIdOid[] =
                { 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01,
diff --git a/wolfssl/internal.h b/wolfssl/internal.h
index 4bf21ae56..7950cf056 100644
--- a/wolfssl/internal.h
+++ b/wolfssl/internal.h
@@ -2221,7 +2221,7 @@ struct WOLFSSL {
     HS_Hashes*      hsHashes;
     void*           IOCB_ReadCtx;
     void*           IOCB_WriteCtx;
-    RNG*            rng;
+    WC_RNG*         rng;
     void*           verifyCbCtx;        /* cert verify callback user ctx*/
     VerifyCallback  verifyCallback;     /* cert verification callback */
     void*           heap;               /* for user overrides */
diff --git a/wolfssl/test.h b/wolfssl/test.h
index 4c95d72c8..028e81be3 100644
--- a/wolfssl/test.h
+++ b/wolfssl/test.h
@@ -1606,7 +1606,7 @@ static INLINE void FreeAtomicUser(WOLFSSL* ssl)
 static INLINE int myEccSign(WOLFSSL* ssl, const byte* in, word32 inSz,
         byte* out, word32* outSz, const byte* key, word32 keySz, void* ctx)
 {
-    RNG     rng;
+    WC_RNG  rng;
     int     ret;
     word32  idx = 0;
     ecc_key myKey;
@@ -1657,7 +1657,7 @@ static INLINE int myEccVerify(WOLFSSL* ssl, const byte* sig, word32 sigSz,
 static INLINE int myRsaSign(WOLFSSL* ssl, const byte* in, word32 inSz,
         byte* out, word32* outSz, const byte* key, word32 keySz, void* ctx)
 {
-    RNG     rng;
+    WC_RNG  rng;
     int     ret;
     word32  idx = 0;
     RsaKey  myKey;
@@ -1715,7 +1715,7 @@ static INLINE int myRsaEnc(WOLFSSL* ssl, const byte* in, word32 inSz,
     int     ret;
     word32  idx = 0;
     RsaKey  myKey;
-    RNG     rng;
+    WC_RNG  rng;
 
     (void)ssl;
     (void)ctx;
@@ -1820,8 +1820,8 @@ static INLINE const char* mymktemp(char *tempfn, int len, int num)
     int x, size;
     static const char alphanum[] = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ"
                                    "abcdefghijklmnopqrstuvwxyz";
-    RNG rng;
-    byte out;
+    WC_RNG rng;
+    byte   out;
 
     if (tempfn == NULL || len < 1 || num < 1 || len <= num) {
         printf("Bad input\n");
@@ -1862,7 +1862,7 @@ static INLINE const char* mymktemp(char *tempfn, int len, int num)
     } key_ctx;
 
     static key_ctx myKey_ctx;
-    static RNG rng;
+    static WC_RNG rng;
 
     static INLINE int TicketInit(void)
     {
diff --git a/wolfssl/wolfcrypt/asn_public.h b/wolfssl/wolfcrypt/asn_public.h
index 04f77851a..7aea6f927 100644
--- a/wolfssl/wolfcrypt/asn_public.h
+++ b/wolfssl/wolfcrypt/asn_public.h
@@ -149,15 +149,15 @@ typedef struct Cert {
 */
 WOLFSSL_API void wc_InitCert(Cert*);
 WOLFSSL_API int  wc_MakeCert(Cert*, byte* derBuffer, word32 derSz, RsaKey*,
-                         ecc_key*, RNG*);
+                         ecc_key*, WC_RNG*);
 #ifdef WOLFSSL_CERT_REQ
     WOLFSSL_API int  wc_MakeCertReq(Cert*, byte* derBuffer, word32 derSz,
                                     RsaKey*, ecc_key*);
 #endif
 WOLFSSL_API int  wc_SignCert(int requestSz, int sigType, byte* derBuffer,
-                         word32 derSz, RsaKey*, ecc_key*, RNG*);
+                         word32 derSz, RsaKey*, ecc_key*, WC_RNG*);
 WOLFSSL_API int  wc_MakeSelfCert(Cert*, byte* derBuffer, word32 derSz, RsaKey*,
-                             RNG*);
+                             WC_RNG*);
 WOLFSSL_API int  wc_SetIssuer(Cert*, const char*);
 WOLFSSL_API int  wc_SetSubject(Cert*, const char*);
 #ifdef WOLFSSL_ALT_NAMES
@@ -170,7 +170,8 @@ WOLFSSL_API int  wc_SetDatesBuffer(Cert*, const byte*, int);
 
     #ifdef HAVE_NTRU
         WOLFSSL_API int  wc_MakeNtruCert(Cert*, byte* derBuffer, word32 derSz,
-                                     const byte* ntruKey, word16 keySz, RNG*);
+                                     const byte* ntruKey, word16 keySz,
+                                     WC_RNG*);
     #endif
 
 #endif /* WOLFSSL_CERT_GEN */
diff --git a/wolfssl/wolfcrypt/curve25519.h b/wolfssl/wolfcrypt/curve25519.h
index ae795baca..cb1dad032 100644
--- a/wolfssl/wolfcrypt/curve25519.h
+++ b/wolfssl/wolfcrypt/curve25519.h
@@ -65,7 +65,7 @@ enum {
 };
 
 WOLFSSL_API
-int wc_curve25519_make_key(RNG* rng, int keysize, curve25519_key* key);
+int wc_curve25519_make_key(WC_RNG* rng, int keysize, curve25519_key* key);
 
 WOLFSSL_API
 int wc_curve25519_shared_secret(curve25519_key* private_key,
diff --git a/wolfssl/wolfcrypt/dh.h b/wolfssl/wolfcrypt/dh.h
index 7cee7dce3..a116eab7c 100644
--- a/wolfssl/wolfcrypt/dh.h
+++ b/wolfssl/wolfcrypt/dh.h
@@ -43,7 +43,7 @@ typedef struct DhKey {
 WOLFSSL_API void wc_InitDhKey(DhKey* key);
 WOLFSSL_API void wc_FreeDhKey(DhKey* key);
 
-WOLFSSL_API int wc_DhGenerateKeyPair(DhKey* key, RNG* rng, byte* priv,
+WOLFSSL_API int wc_DhGenerateKeyPair(DhKey* key, WC_RNG* rng, byte* priv,
                                  word32* privSz, byte* pub, word32* pubSz);
 WOLFSSL_API int wc_DhAgree(DhKey* key, byte* agree, word32* agreeSz,
                        const byte* priv, word32 privSz, const byte* otherPub,
diff --git a/wolfssl/wolfcrypt/dsa.h b/wolfssl/wolfcrypt/dsa.h
index 115c18c6e..1d26a3d69 100644
--- a/wolfssl/wolfcrypt/dsa.h
+++ b/wolfssl/wolfcrypt/dsa.h
@@ -57,7 +57,7 @@ typedef struct DsaKey {
 WOLFSSL_API void wc_InitDsaKey(DsaKey* key);
 WOLFSSL_API void wc_FreeDsaKey(DsaKey* key);
 WOLFSSL_API int wc_DsaSign(const byte* digest, byte* out,
-                           DsaKey* key, RNG* rng);
+                           DsaKey* key, WC_RNG* rng);
 WOLFSSL_API int wc_DsaVerify(const byte* digest, const byte* sig,
                              DsaKey* key, int* answer);
 WOLFSSL_API int wc_DsaPublicKeyDecode(const byte* input, word32* inOutIdx,
@@ -67,8 +67,8 @@ WOLFSSL_API int wc_DsaPrivateKeyDecode(const byte* input, word32* inOutIdx,
 WOLFSSL_API int wc_DsaKeyToDer(DsaKey* key, byte* output, word32 inLen);
 
 #ifdef WOLFSSL_KEY_GEN
-WOLFSSL_API int wc_MakeDsaKey(RNG *rng, DsaKey *dsa);
-WOLFSSL_API int wc_MakeDsaParameters(RNG *rng, int modulus_size, DsaKey *dsa);
+WOLFSSL_API int wc_MakeDsaKey(WC_RNG *rng, DsaKey *dsa);
+WOLFSSL_API int wc_MakeDsaParameters(WC_RNG *rng, int modulus_size, DsaKey *dsa);
 #endif
 
 #ifdef __cplusplus
diff --git a/wolfssl/wolfcrypt/ecc.h b/wolfssl/wolfcrypt/ecc.h
index 6630a1ae8..0075f0d14 100644
--- a/wolfssl/wolfcrypt/ecc.h
+++ b/wolfssl/wolfcrypt/ecc.h
@@ -134,7 +134,7 @@ extern const ecc_set_type ecc_sets[];
 
 
 WOLFSSL_API
-int wc_ecc_make_key(RNG* rng, int keysize, ecc_key* key);
+int wc_ecc_make_key(WC_RNG* rng, int keysize, ecc_key* key);
 WOLFSSL_API
 int wc_ecc_check_key(ecc_key* key);
 WOLFSSL_API
@@ -145,9 +145,9 @@ int wc_ecc_shared_secret_ssh(ecc_key* private_key, ecc_point* point,
                              byte* out, word32 *outlen);
 WOLFSSL_API
 int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen,
-                     RNG* rng, ecc_key* key);
+                     WC_RNG* rng, ecc_key* key);
 WOLFSSL_API
-int wc_ecc_sign_hash_ex(const byte* in, word32 inlen, RNG* rng,
+int wc_ecc_sign_hash_ex(const byte* in, word32 inlen, WC_RNG* rng,
                         ecc_key* key, mp_int *r, mp_int *s);
 WOLFSSL_API
 int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash,
@@ -248,11 +248,11 @@ enum ecFlags {
 typedef struct ecEncCtx ecEncCtx;
 
 WOLFSSL_API
-ecEncCtx* wc_ecc_ctx_new(int flags, RNG* rng);
+ecEncCtx* wc_ecc_ctx_new(int flags, WC_RNG* rng);
 WOLFSSL_API
 void wc_ecc_ctx_free(ecEncCtx*);
 WOLFSSL_API
-int wc_ecc_ctx_reset(ecEncCtx*, RNG*);  /* reset for use again w/o alloc/free */
+int wc_ecc_ctx_reset(ecEncCtx*, WC_RNG*);  /* reset for use again w/o alloc/free */
 
 WOLFSSL_API
 const byte* wc_ecc_ctx_get_own_salt(ecEncCtx*);
diff --git a/wolfssl/wolfcrypt/ed25519.h b/wolfssl/wolfcrypt/ed25519.h
index 3a8e287b3..606ff4145 100644
--- a/wolfssl/wolfcrypt/ed25519.h
+++ b/wolfssl/wolfcrypt/ed25519.h
@@ -61,7 +61,7 @@ typedef struct {
 
 
 WOLFSSL_API
-int wc_ed25519_make_key(RNG* rng, int keysize, ed25519_key* key);
+int wc_ed25519_make_key(WC_RNG* rng, int keysize, ed25519_key* key);
 WOLFSSL_API
 int wc_ed25519_sign_msg(const byte* in, word32 inlen, byte* out,
                         word32 *outlen, ed25519_key* key);
diff --git a/wolfssl/wolfcrypt/integer.h b/wolfssl/wolfcrypt/integer.h
index 16ee0cc7b..099b9f4e3 100644
--- a/wolfssl/wolfcrypt/integer.h
+++ b/wolfssl/wolfcrypt/integer.h
@@ -315,7 +315,7 @@ int mp_radix_size (mp_int * a, int radix, int *size);
     int mp_prime_is_prime (mp_int * a, int t, int *result);
     int mp_gcd (mp_int * a, mp_int * b, mp_int * c);
     int mp_lcm (mp_int * a, mp_int * b, mp_int * c);
-    int mp_rand_prime(mp_int* N, int len, RNG* rng, void* heap);
+    int mp_rand_prime(mp_int* N, int len, WC_RNG* rng, void* heap);
 #endif
 
 int mp_cnt_lsb(mp_int *a);
diff --git a/wolfssl/wolfcrypt/pkcs7.h b/wolfssl/wolfcrypt/pkcs7.h
index e39a12b9d..32a46faf2 100644
--- a/wolfssl/wolfcrypt/pkcs7.h
+++ b/wolfssl/wolfcrypt/pkcs7.h
@@ -73,7 +73,7 @@ typedef struct PKCS7 {
     word32 contentSz;             /* content size                         */
     int contentOID;               /* PKCS#7 content type OID sum          */
 
-    RNG* rng;
+    WC_RNG* rng;
 
     int hashOID;
     int encryptOID;               /* key encryption algorithm OID         */
@@ -100,7 +100,7 @@ WOLFSSL_LOCAL int wc_GetContentType(const byte* input, word32* inOutIdx,
                                 word32* oid, word32 maxIdx);
 WOLFSSL_LOCAL int wc_CreateRecipientInfo(const byte* cert, word32 certSz,
                                      int keyEncAlgo, int blockKeySz,
-                                     RNG* rng, byte* contentKeyPlain,
+                                     WC_RNG* rng, byte* contentKeyPlain,
                                      byte* contentKeyEnc,
                                      int* keyEncSz, byte* out, word32 outSz);
 
diff --git a/wolfssl/wolfcrypt/random.h b/wolfssl/wolfcrypt/random.h
index 989e53230..741d2531f 100644
--- a/wolfssl/wolfcrypt/random.h
+++ b/wolfssl/wolfcrypt/random.h
@@ -84,11 +84,11 @@ struct DRBG; /* Private DRBG state */
 
 
 /* Hash-based Deterministic Random Bit Generator */
-typedef struct RNG {
+typedef struct WC_RNG {
     struct DRBG* drbg;
     OS_Seed seed;
     byte status;
-} RNG;
+} WC_RNG;
 
 
 #else /* HAVE_HASHDRBG || NO_RC4 */
@@ -99,36 +99,42 @@ typedef struct RNG {
 /* secure Random Number Generator */
 
 
-typedef struct RNG {
+typedef struct WC_RNG {
     OS_Seed seed;
     Arc4    cipher;
 #ifdef HAVE_CAVIUM
     int    devId;           /* nitrox device id */
     word32 magic;           /* using cavium magic */
 #endif
-} RNG;
+} WC_RNG;
 
 
 #endif /* HAVE_HASH_DRBG || NO_RC4 */
 
 #endif /* HAVE_FIPS */
 
+/* NO_OLD_RNGNAME removes RNG struct name to prevent possible type conflicts,
+ * can't be used with CTaoCrypt FIPS */
+#if !defined(NO_OLD_RNGNAME) && !defined(HAVE_FIPS)
+    #define RNG WC_RNG
+#endif
+
 WOLFSSL_LOCAL
 int wc_GenerateSeed(OS_Seed* os, byte* seed, word32 sz);
 
 #if defined(HAVE_HASHDRBG) || defined(NO_RC4)
 
 #ifdef HAVE_CAVIUM
-    WOLFSSL_API int  wc_InitRngCavium(RNG*, int);
+    WOLFSSL_API int  wc_InitRngCavium(WC_RNG*, int);
 #endif
 
 #endif /* HAVE_HASH_DRBG || NO_RC4 */
 
 
-WOLFSSL_API int  wc_InitRng(RNG*);
-WOLFSSL_API int  wc_RNG_GenerateBlock(RNG*, byte*, word32 sz);
-WOLFSSL_API int  wc_RNG_GenerateByte(RNG*, byte*);
-WOLFSSL_API int  wc_FreeRng(RNG*);
+WOLFSSL_API int  wc_InitRng(WC_RNG*);
+WOLFSSL_API int  wc_RNG_GenerateBlock(WC_RNG*, byte*, word32 sz);
+WOLFSSL_API int  wc_RNG_GenerateByte(WC_RNG*, byte*);
+WOLFSSL_API int  wc_FreeRng(WC_RNG*);
 
 
 #if defined(HAVE_HASHDRBG) || defined(NO_RC4)
diff --git a/wolfssl/wolfcrypt/rsa.h b/wolfssl/wolfcrypt/rsa.h
index df650b3db..ec6ef7b91 100644
--- a/wolfssl/wolfcrypt/rsa.h
+++ b/wolfssl/wolfcrypt/rsa.h
@@ -77,13 +77,13 @@ WOLFSSL_API int  wc_InitRsaKey(RsaKey* key, void*);
 WOLFSSL_API int  wc_FreeRsaKey(RsaKey* key);
 
 WOLFSSL_API int  wc_RsaPublicEncrypt(const byte* in, word32 inLen, byte* out,
-                                 word32 outLen, RsaKey* key, RNG* rng);
+                                 word32 outLen, RsaKey* key, WC_RNG* rng);
 WOLFSSL_API int  wc_RsaPrivateDecryptInline(byte* in, word32 inLen, byte** out,
                                         RsaKey* key);
 WOLFSSL_API int  wc_RsaPrivateDecrypt(const byte* in, word32 inLen, byte* out,
                                   word32 outLen, RsaKey* key);
 WOLFSSL_API int  wc_RsaSSL_Sign(const byte* in, word32 inLen, byte* out,
-                            word32 outLen, RsaKey* key, RNG* rng);
+                            word32 outLen, RsaKey* key, WC_RNG* rng);
 WOLFSSL_API int  wc_RsaSSL_VerifyInline(byte* in, word32 inLen, byte** out,
                                     RsaKey* key);
 WOLFSSL_API int  wc_RsaSSL_Verify(const byte* in, word32 inLen, byte* out,
@@ -105,7 +105,7 @@ WOLFSSL_API int  wc_RsaFlattenPublicKey(RsaKey*, byte*, word32*, byte*,
                                                                        word32*);
 
 #ifdef WOLFSSL_KEY_GEN
-    WOLFSSL_API int wc_MakeRsaKey(RsaKey* key, int size, long e, RNG* rng);
+    WOLFSSL_API int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng);
 #endif
 
 #ifdef HAVE_CAVIUM
diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h
index 567afd746..5fb09d2b6 100644
--- a/wolfssl/wolfcrypt/settings.h
+++ b/wolfssl/wolfcrypt/settings.h
@@ -118,6 +118,12 @@
 #endif
 
 
+/* make sure old RNG name is used with CTaoCrypt FIPS */
+#ifdef HAVE_FIPS
+    #define WC_RNG RNG
+#endif
+
+
 #ifdef IPHONE
     #define SIZEOF_LONG_LONG 8
 #endif
diff --git a/wolfssl/wolfcrypt/tfm.h b/wolfssl/wolfcrypt/tfm.h
index 157d58da4..ac24eb93c 100644
--- a/wolfssl/wolfcrypt/tfm.h
+++ b/wolfssl/wolfcrypt/tfm.h
@@ -718,7 +718,7 @@ int mp_radix_size (mp_int * a, int radix, int *size);
 int  mp_gcd(fp_int *a, fp_int *b, fp_int *c);
 int  mp_lcm(fp_int *a, fp_int *b, fp_int *c);
 int  mp_prime_is_prime(mp_int* a, int t, int* result);
-int  mp_rand_prime(mp_int* N, int len, RNG* rng, void* heap);
+int  mp_rand_prime(mp_int* N, int len, WC_RNG* rng, void* heap);
 int  mp_exch(mp_int *a, mp_int *b);
 #endif /* WOLFSSL_KEY_GEN */
 

From a80777179b9780577e80b96181531aa5565fa4bd Mon Sep 17 00:00:00 2001
From: Chris Conlon <chris@wolfssl.com>
Date: Fri, 7 Aug 2015 14:36:47 -0600
Subject: [PATCH 306/350] update MPLABX README

---
 mplabx/README | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/mplabx/README b/mplabx/README
index fcc6c00c1..a78955cde 100644
--- a/mplabx/README
+++ b/mplabx/README
@@ -25,13 +25,13 @@ Included Project Files
     <wolfssl_root>/mplabx/wolfssl.X/dist/default/production/wolfssl.X.a
 
 2. wolfCrypt Test App (wolfcrypt_test.X)
-    
+
     This project tests the wolfCrypt cryptography modules. It is generally
     a good idea to run this first on an embedded system after compiling
     wolfSSL in order to verify all underlying crypto is working correctly.
 
 3. wolfCrypt Benchmark App (wolfcrypt_benchmark.X)
-    
+
     This project builds the wolfCrypt benchmark application.
     For the benchmark timer, adjust CLOCK value under
     "#elif defined MICROCHIP_PIC32" in wolfcrypt/benchmark/benchmark.c
@@ -40,7 +40,7 @@ PIC32MX/PIC32MZ
 ---------------
 
 The projects are set for PIC32MX by default. For PIC32MZ, change project
-properties->Devices and add "CYASSL_MICROCHIP_PIC32M" to 
+properties->Devices and add "WOLFSSL_MICROCHIP_PIC32MZ" to
 XC32-gcc->Preprocessing and messages-> Preprocessor macros.
 
 

From 0cd893a51b561be08cdbe77aab47f832fae22d4c Mon Sep 17 00:00:00 2001
From: Chris Conlon <chris@wolfssl.com>
Date: Fri, 7 Aug 2015 16:22:31 -0600
Subject: [PATCH 307/350] Freescale: Use new I/O where applicable

---
 src/internal.c                  | 6 +++++-
 src/keys.c                      | 6 +++++-
 wolfcrypt/benchmark/benchmark.c | 6 +++++-
 wolfcrypt/src/asn.c             | 6 +++++-
 wolfcrypt/src/integer.c         | 6 +++++-
 wolfcrypt/src/logging.c         | 6 +++++-
 wolfcrypt/test/test.c           | 6 +++++-
 wolfssl/ssl.h                   | 6 +++++-
 wolfssl/wolfcrypt/settings.h    | 6 +++++-
 9 files changed, 45 insertions(+), 9 deletions(-)

diff --git a/src/internal.c b/src/internal.c
index 4a822dcaa..ac18d46ec 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -46,7 +46,11 @@
 
 #if defined(DEBUG_WOLFSSL) || defined(SHOW_SECRETS) || defined(CHACHA_AEAD_TEST)
     #ifdef FREESCALE_MQX
-        #include <fio.h>
+        #if MQX_USE_IO_OLD
+            #include <fio.h>
+        #else
+            #include <nio.h>
+        #endif
     #else
         #include <stdio.h>
     #endif
diff --git a/src/keys.c b/src/keys.c
index 1b15dbb93..2c232a762 100644
--- a/src/keys.c
+++ b/src/keys.c
@@ -31,7 +31,11 @@
 #include <wolfssl/error-ssl.h>
 #if defined(SHOW_SECRETS) || defined(CHACHA_AEAD_TEST)
     #ifdef FREESCALE_MQX
-        #include <fio.h>
+        #if MQX_USE_IO_OLD
+            #include <fio.h>
+        #else
+            #include <nio.h>
+        #endif
     #else
         #include <stdio.h>
     #endif
diff --git a/wolfcrypt/benchmark/benchmark.c b/wolfcrypt/benchmark/benchmark.c
index c9a15e277..ba36e1563 100644
--- a/wolfcrypt/benchmark/benchmark.c
+++ b/wolfcrypt/benchmark/benchmark.c
@@ -32,7 +32,11 @@
 
 #ifdef FREESCALE_MQX
     #include <mqx.h>
-    #include <fio.h>
+    #if MQX_USE_IO_OLD
+        #include <fio.h>
+    #else
+        #include <nio.h>
+    #endif
 #else
     #include <stdio.h>
 #endif
diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
index c9aafe289..b17b44154 100644
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -67,7 +67,11 @@
 
 #ifdef WOLFSSL_DEBUG_ENCODING
     #ifdef FREESCALE_MQX
-        #include <fio.h>
+        #if MQX_USE_IO_OLD
+            #include <fio.h>
+        #else
+            #include <nio.h>
+        #endif
     #else
         #include <stdio.h>
     #endif
diff --git a/wolfcrypt/src/integer.c b/wolfcrypt/src/integer.c
index aadc04ed4..49b3fe195 100644
--- a/wolfcrypt/src/integer.c
+++ b/wolfcrypt/src/integer.c
@@ -47,7 +47,11 @@
 
 #ifdef SHOW_GEN
     #ifdef FREESCALE_MQX
-        #include <fio.h>
+        #if MQX_USE_IO_OLD
+            #include <fio.h>
+        #else
+            #include <nio.h>
+        #endif
     #else
         #include <stdio.h>
     #endif
diff --git a/wolfcrypt/src/logging.c b/wolfcrypt/src/logging.c
index 321530616..f2d155bb0 100644
--- a/wolfcrypt/src/logging.c
+++ b/wolfcrypt/src/logging.c
@@ -90,7 +90,11 @@ void wolfSSL_Debugging_OFF(void)
 #ifdef DEBUG_WOLFSSL
 
 #ifdef FREESCALE_MQX
-    #include <fio.h>
+    #if MQX_USE_IO_OLD
+        #include <fio.h>
+    #else
+        #include <nio.h>
+    #endif
 #else
     #include <stdio.h>   /* for default printf stuff */
 #endif
diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c
index c11e77034..71c62f99b 100644
--- a/wolfcrypt/test/test.c
+++ b/wolfcrypt/test/test.c
@@ -126,8 +126,12 @@
 
 #ifdef FREESCALE_MQX
     #include <mqx.h>
-    #include <fio.h>
     #include <stdlib.h>
+    #if MQX_USE_IO_OLD
+        #include <fio.h>
+    #else
+        #include <nio.h>
+    #endif
 #else
     #include <stdio.h>
 #endif
diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h
index 25b86a6c5..863dcb0c9 100644
--- a/wolfssl/ssl.h
+++ b/wolfssl/ssl.h
@@ -32,7 +32,11 @@
 
 #ifndef NO_FILESYSTEM
     #ifdef FREESCALE_MQX
-        #include <fio.h>
+        #if MQX_USE_IO_OLD
+            #include <fio.h>
+        #else
+            #include <nio.h>
+        #endif
     #else
         #include <stdio.h>   /* ERR_printf */
     #endif
diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h
index 5fb09d2b6..6c10ddf2a 100644
--- a/wolfssl/wolfcrypt/settings.h
+++ b/wolfssl/wolfcrypt/settings.h
@@ -464,7 +464,11 @@
     #include "mqx.h"
     #ifndef NO_FILESYSTEM
         #include "mfs.h"
-        #include "fio.h"
+        #if MQX_USE_IO_OLD
+            #include "fio.h"
+        #else
+            #include "nio.h"
+        #endif
     #endif
     #ifndef SINGLE_THREADED
         #include "mutex.h"

From 8b0d7cc8da80bcb4e81f4c9a107fb6397a5fe2b4 Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Fri, 7 Aug 2015 15:43:34 -0700
Subject: [PATCH 308/350] don't let sniffer try to parse handshake messages
 after the handshake has completed, new error for secure renegotiation not
 supported

---
 src/sniffer.c            | 11 ++++++++++-
 wolfssl/sniffer_error.h  |  1 +
 wolfssl/sniffer_error.rc |  1 +
 3 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/src/sniffer.c b/src/sniffer.c
index b961f7bd7..a12dafe57 100644
--- a/src/sniffer.c
+++ b/src/sniffer.c
@@ -239,7 +239,8 @@ static const char* const msgTable[] =
     "Decrypt Keys Not Set Up",
     "Late Key Load Error",
     "Got Certificate Status msg",
-    "RSA Key Missing Error"
+    "RSA Key Missing Error",
+    "Secure Renegotiation Not Supported"
 };
 
 
@@ -1816,6 +1817,14 @@ static int DoHandShake(const byte* input, int* sslBytes,
         SetError(HANDSHAKE_INPUT_STR, error, session, FATAL_ERROR_STATE);
         return -1;
     }
+
+    /* A session's arrays are released when the handshake is completed. */
+    if (session->sslServer->arrays == NULL &&
+        session->sslClient->arrays == NULL) {
+
+        SetError(NO_SECURE_RENEGOTIATION, error, session, FATAL_ERROR_STATE);
+        return -1;
+    }
     
     switch (type) {
         case hello_verify_request:
diff --git a/wolfssl/sniffer_error.h b/wolfssl/sniffer_error.h
index ad89a50d9..56fada416 100644
--- a/wolfssl/sniffer_error.h
+++ b/wolfssl/sniffer_error.h
@@ -107,6 +107,7 @@
 #define CLIENT_HELLO_LATE_KEY_STR 72
 #define GOT_CERT_STATUS_STR 73
 #define RSA_KEY_MISSING_STR 74
+#define NO_SECURE_RENEGOTIATION 75
 /* !!!! also add to msgTable in sniffer.c and .rc file !!!! */
 
 
diff --git a/wolfssl/sniffer_error.rc b/wolfssl/sniffer_error.rc
index 8bcd6926c..3c748193e 100644
--- a/wolfssl/sniffer_error.rc
+++ b/wolfssl/sniffer_error.rc
@@ -89,5 +89,6 @@ STRINGTABLE
     72, "Late Key Load Error"
     73, "Got Certificate Status msg"
     74, "RSA Key Missing Error"
+    75, "Secure Renegotiation Not Supported"
 }
 

From e16ff732730c04fdcf12bfe00fd552028c284575 Mon Sep 17 00:00:00 2001
From: Takashi Kojo <kojo@wolfssl.com>
Date: Sat, 8 Aug 2015 10:12:05 +0900
Subject: [PATCH 309/350] Added wc_encrypt.c and other *.c files.

---
 IDE/IAR-EWARM/Projects/lib/wolfSSL-Lib.ewp | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/IDE/IAR-EWARM/Projects/lib/wolfSSL-Lib.ewp b/IDE/IAR-EWARM/Projects/lib/wolfSSL-Lib.ewp
index 3888c46f6..61982d704 100644
--- a/IDE/IAR-EWARM/Projects/lib/wolfSSL-Lib.ewp
+++ b/IDE/IAR-EWARM/Projects/lib/wolfSSL-Lib.ewp
@@ -1956,9 +1956,15 @@
     <file>
       <name>$PROJ_DIR$\..\..\..\..\wolfcrypt\src\error.c</name>
     </file>
+    <file>
+      <name>$PROJ_DIR$\..\..\..\..\wolfcrypt\src\fe_low_mem.c</name>
+    </file>
     <file>
       <name>$PROJ_DIR$\..\..\..\..\wolfcrypt\src\fe_operations.c</name>
     </file>
+    <file>
+      <name>$PROJ_DIR$\..\..\..\..\wolfcrypt\src\ge_low_mem.c</name>
+    </file>
     <file>
       <name>$PROJ_DIR$\..\..\..\..\wolfcrypt\src\ge_operations.c</name>
     </file>
@@ -2022,9 +2028,15 @@
     <file>
       <name>$PROJ_DIR$\..\..\..\..\wolfcrypt\src\sha512.c</name>
     </file>
+    <file>
+      <name>$PROJ_DIR$\..\..\..\..\wolfcrypt\src\srp.c</name>
+    </file>
     <file>
       <name>$PROJ_DIR$\..\..\..\..\wolfcrypt\src\tfm.c</name>
     </file>
+    <file>
+      <name>$PROJ_DIR$\..\..\..\..\wolfcrypt\src\wc_encrypt.c</name>
+    </file>
     <file>
       <name>$PROJ_DIR$\..\..\..\..\wolfcrypt\src\wc_port.c</name>
     </file>

From 106abb873f25a861b49d7c48c631e48c72c36081 Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Sat, 8 Aug 2015 23:52:32 -0700
Subject: [PATCH 310/350] skip the sanity check on a duplicate change cipher
 spec message in DTLS mode, they are allowed

---
 src/internal.c | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/src/internal.c b/src/internal.c
index ac18d46ec..dd83b86ae 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -6686,6 +6686,22 @@ int ProcessReply(WOLFSSL* ssl)
                         }
                     #endif
 
+                    /* Check for duplicate CCS message in DTLS mode.
+                     * DTLS allows for duplicate messages, and it should be
+                     * skipped. */
+                    if (ssl->options.dtls &&
+                        ssl->msgsReceived.got_change_cipher) {
+
+                        WOLFSSL_MSG("Duplicate ChangeCipher msg");
+                        if (ssl->curSize != 1) {
+                            WOLFSSL_MSG("Malicious or corrupted"
+                                        " duplicate ChangeCipher msg");
+                            return LENGTH_ERROR;
+                        }
+                        ssl->buffers.inputBuffer.idx++;
+                        break;
+                    }
+
                     ret = SanityCheckMsgReceived(ssl, change_cipher_hs);
                     if (ret != 0)
                         return ret;

From e179da07d035113b343a1e9d843bd5948732d3fa Mon Sep 17 00:00:00 2001
From: Jay Satiro <raysatiro@yahoo.com>
Date: Mon, 10 Aug 2015 01:54:25 -0400
Subject: [PATCH 311/350] fix mixed declarations by moving them to their block
 start

In Visual Studio <= 2012 C99 mixed declarations aren't supported.
---
 src/internal.c      | 9 ++++++---
 wolfcrypt/src/asn.c | 4 +++-
 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/src/internal.c b/src/internal.c
index dd83b86ae..3c7704a8a 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -14069,15 +14069,18 @@ int DoSessionTicket(WOLFSSL* ssl,
         #endif
             if (TLSX_SupportExtensions(ssl)) {
                 int ret = 0;
-                /* auto populate extensions supported unless user defined */
-                if ((ret = TLSX_PopulateExtensions(ssl, 1)) != 0)
-                    return ret;
 #else
             if (IsAtLeastTLSv1_2(ssl)) {
 #endif
                 /* Process the hello extension. Skip unsupported. */
                 word16 totalExtSz;
 
+#ifdef HAVE_TLS_EXTENSIONS
+                /* auto populate extensions supported unless user defined */
+                if ((ret = TLSX_PopulateExtensions(ssl, 1)) != 0)
+                    return ret;
+#endif
+
                 if ((i - begin) + OPAQUE16_LEN > helloSz)
                     return BUFFER_ERROR;
 
diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
index b17b44154..7b21b0aab 100644
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -1492,11 +1492,13 @@ int wc_DsaKeyToDer(DsaKey* key, byte* output, word32 inLen)
         sizes[i] = SetLength(rawLen, tmps[i] + 1) + 1 + lbit; /* tag & lbit */
 
         if (sizes[i] <= MAX_SEQ_SZ) {
+            int err;
+
             /* leading zero */
             if (lbit)
                 tmps[i][sizes[i]-1] = 0x00;
 
-            int err = mp_to_unsigned_bin(keyInt, tmps[i] + sizes[i]);
+            err = mp_to_unsigned_bin(keyInt, tmps[i] + sizes[i]);
             if (err == MP_OKAY) {
                 sizes[i] += (rawLen-lbit); /* lbit included in rawLen */
                 intTotalLen += sizes[i];

From 4b74e9654276bafd8659df8a23b9954ccd52d19b Mon Sep 17 00:00:00 2001
From: Chris Conlon <chris@wolfssl.com>
Date: Mon, 10 Aug 2015 09:34:16 -0600
Subject: [PATCH 312/350] remove stdio.h from dsa.c

---
 wolfcrypt/src/dsa.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/wolfcrypt/src/dsa.c b/wolfcrypt/src/dsa.c
index d7f523653..13d4c9bb9 100644
--- a/wolfcrypt/src/dsa.c
+++ b/wolfcrypt/src/dsa.c
@@ -18,7 +18,6 @@
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
  */
-#include <stdio.h>
 
 #ifdef HAVE_CONFIG_H
     #include <config.h>

From 51b9d2bf9dc71fc17c7ebf876a62b7ce0e0be22d Mon Sep 17 00:00:00 2001
From: unknown <kaleb@wolfssl.com>
Date: Mon, 10 Aug 2015 10:25:00 -0600
Subject: [PATCH 313/350] DLL-Debug-x64 working

---
 IDE/WIN/wolfssl-fips.vcxproj | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/IDE/WIN/wolfssl-fips.vcxproj b/IDE/WIN/wolfssl-fips.vcxproj
index 70af4ad98..a73963c9d 100644
--- a/IDE/WIN/wolfssl-fips.vcxproj
+++ b/IDE/WIN/wolfssl-fips.vcxproj
@@ -161,7 +161,8 @@
       <Optimization>Disabled</Optimization>
       <AdditionalIncludeDirectories>./;../../;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
       <PreprocessorDefinitions>OPENSSL_EXTRA;HAVE_THREAD_LS;WOLFSSL_KEY_GEN;BUILDING_WOLFSSL;CYASSL_DLL;HAVE_FIPS;HAVE_AESGCM;HAVE_HASHDRBG;WOLFSSL_SHA384;WOLFSSL_SHA512;NO_PSK;NO_HC128;NO_RC4;NO_RABBIT;NO_DSA;NO_MD4;%(PreprocessorDefinitions)</PreprocessorDefinitions>
-      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <MinimalRebuild>true</MinimalRebuild>
+	  <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
       <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
       <WarningLevel>Level4</WarningLevel>
       <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
@@ -169,6 +170,7 @@
     </ClCompile>
     <Link>
       <AdditionalDependencies>ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+	  <RandomizedBaseAddress>false</RandomizedBaseAddress>
     </Link>
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
@@ -193,6 +195,9 @@
       <WarningLevel>Level3</WarningLevel>
       <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
     </ClCompile>
+	<Link>
+      <AdditionalDependencies>ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+    </Link>
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
     <ClCompile>
@@ -218,6 +223,9 @@
       <WarningLevel>Level3</WarningLevel>
       <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
     </ClCompile>
+	<Link>
+      <AdditionalDependencies>ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+    </Link>
   </ItemDefinitionGroup>
   <ItemGroup>
     <ClCompile Include="..\..\ctaocrypt\src\wolfcrypt_first.c">

From c4cbcff6e097a6067d029c6e74aa5b1e47364003 Mon Sep 17 00:00:00 2001
From: unknown <kaleb@wolfssl.com>
Date: Mon, 10 Aug 2015 10:27:24 -0600
Subject: [PATCH 314/350] remove hard tabs

---
 IDE/WIN/wolfssl-fips.vcxproj | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/IDE/WIN/wolfssl-fips.vcxproj b/IDE/WIN/wolfssl-fips.vcxproj
index a73963c9d..18b40270a 100644
--- a/IDE/WIN/wolfssl-fips.vcxproj
+++ b/IDE/WIN/wolfssl-fips.vcxproj
@@ -195,7 +195,7 @@
       <WarningLevel>Level3</WarningLevel>
       <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
     </ClCompile>
-	<Link>
+    <Link>
       <AdditionalDependencies>ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
     </Link>
   </ItemDefinitionGroup>
@@ -223,7 +223,7 @@
       <WarningLevel>Level3</WarningLevel>
       <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
     </ClCompile>
-	<Link>
+    <Link>
       <AdditionalDependencies>ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
     </Link>
   </ItemDefinitionGroup>

From d367f7ac937bac932900567b569c7ca54be00af3 Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Mon, 10 Aug 2015 11:59:19 -0700
Subject: [PATCH 315/350] Add wc_encrypt.c to the iOS Xcode project files.

---
 IDE/iOS/wolfssl-FIPS.xcodeproj/project.pbxproj | 8 ++++++++
 IDE/iOS/wolfssl.xcodeproj/project.pbxproj      | 8 ++++++++
 2 files changed, 16 insertions(+)

diff --git a/IDE/iOS/wolfssl-FIPS.xcodeproj/project.pbxproj b/IDE/iOS/wolfssl-FIPS.xcodeproj/project.pbxproj
index e24cc16eb..e2ae6f02b 100644
--- a/IDE/iOS/wolfssl-FIPS.xcodeproj/project.pbxproj
+++ b/IDE/iOS/wolfssl-FIPS.xcodeproj/project.pbxproj
@@ -165,6 +165,8 @@
 		521648271A8AC2990062516A /* sha512.c in Sources */ = {isa = PBXBuildFile; fileRef = 5216481A1A8AC2990062516A /* sha512.c */; };
 		521648281A8AC2990062516A /* wolfcrypt_first.c in Sources */ = {isa = PBXBuildFile; fileRef = 5216481B1A8AC2990062516A /* wolfcrypt_first.c */; };
 		521648291A8AC2990062516A /* wolfcrypt_last.c in Sources */ = {isa = PBXBuildFile; fileRef = 5216481C1A8AC2990062516A /* wolfcrypt_last.c */; };
+		522DBE111B7929C80031F454 /* wc_encrypt.c in Sources */ = {isa = PBXBuildFile; fileRef = 522DBE101B7929C80031F454 /* wc_encrypt.c */; };
+		522DBE131B792A190031F454 /* wc_encrypt.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 522DBE121B7929E70031F454 /* wc_encrypt.h */; };
 		525BE5BA1B38853E0054BBCD /* hash.c in Sources */ = {isa = PBXBuildFile; fileRef = 525BE5B91B38853E0054BBCD /* hash.c */; };
 		525BE5BC1B3885750054BBCD /* hash.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 525BE5BB1B3885580054BBCD /* hash.h */; };
 /* End PBXBuildFile section */
@@ -176,6 +178,7 @@
 			dstPath = include/wolfssl/wolfcrypt;
 			dstSubfolderSpec = 7;
 			files = (
+				522DBE131B792A190031F454 /* wc_encrypt.h in CopyFiles */,
 				525BE5BC1B3885750054BBCD /* hash.h in CopyFiles */,
 				521646CD1A8A7FF30062516A /* aes.h in CopyFiles */,
 				521646CE1A8A7FF30062516A /* arc4.h in CopyFiles */,
@@ -473,6 +476,8 @@
 		5216481A1A8AC2990062516A /* sha512.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = sha512.c; path = ../../ctaocrypt/src/sha512.c; sourceTree = "<group>"; };
 		5216481B1A8AC2990062516A /* wolfcrypt_first.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = wolfcrypt_first.c; path = ../../ctaocrypt/src/wolfcrypt_first.c; sourceTree = "<group>"; };
 		5216481C1A8AC2990062516A /* wolfcrypt_last.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = wolfcrypt_last.c; path = ../../ctaocrypt/src/wolfcrypt_last.c; sourceTree = "<group>"; };
+		522DBE101B7929C80031F454 /* wc_encrypt.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = wc_encrypt.c; path = ../../wolfcrypt/src/wc_encrypt.c; sourceTree = SOURCE_ROOT; };
+		522DBE121B7929E70031F454 /* wc_encrypt.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = wc_encrypt.h; path = ../../wolfssl/wolfcrypt/wc_encrypt.h; sourceTree = "<group>"; };
 		525BE5B91B38853E0054BBCD /* hash.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = hash.c; path = ../../wolfcrypt/src/hash.c; sourceTree = "<group>"; };
 		525BE5BB1B3885580054BBCD /* hash.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = hash.h; path = ../../wolfssl/wolfcrypt/hash.h; sourceTree = "<group>"; };
 		52B1344D16F3C9E800C07B32 /* libwolfssl.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = libwolfssl.a; sourceTree = BUILT_PRODUCTS_DIR; };
@@ -613,6 +618,7 @@
 				521646861A8993770062516A /* tfm.h */,
 				521646871A8993770062516A /* types.h */,
 				521646881A8993770062516A /* visibility.h */,
+				522DBE121B7929E70031F454 /* wc_encrypt.h */,
 				521646891A8993770062516A /* wc_port.h */,
 			);
 			name = wolfCrypt;
@@ -680,6 +686,7 @@
 				5216462E1A8992CC0062516A /* sha256.c */,
 				5216462F1A8992CC0062516A /* sha512.c */,
 				521646301A8992CC0062516A /* tfm.c */,
+				522DBE101B7929C80031F454 /* wc_encrypt.c */,
 				521646311A8992CC0062516A /* wc_port.c */,
 			);
 			name = wolfCrypt;
@@ -828,6 +835,7 @@
 				521646351A8992CC0062516A /* blake2b.c in Sources */,
 				5216464C1A8992CC0062516A /* ripemd.c in Sources */,
 				521646451A8992CC0062516A /* memory.c in Sources */,
+				522DBE111B7929C80031F454 /* wc_encrypt.c in Sources */,
 				5216463C1A8992CC0062516A /* ecc.c in Sources */,
 				5216464F1A8992CC0062516A /* sha256.c in Sources */,
 				521646371A8992CC0062516A /* chacha.c in Sources */,
diff --git a/IDE/iOS/wolfssl.xcodeproj/project.pbxproj b/IDE/iOS/wolfssl.xcodeproj/project.pbxproj
index 96743a577..9b6943fda 100644
--- a/IDE/iOS/wolfssl.xcodeproj/project.pbxproj
+++ b/IDE/iOS/wolfssl.xcodeproj/project.pbxproj
@@ -153,6 +153,8 @@
 		5216472A1A8A80100062516A /* types.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 521646BE1A8993F50062516A /* types.h */; };
 		5216472B1A8A80100062516A /* visibility.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 521646BF1A8993F50062516A /* visibility.h */; };
 		5216472C1A8A80100062516A /* wc_port.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 521646C01A8993F50062516A /* wc_port.h */; };
+		522DBE0D1B7926FB0031F454 /* wc_encrypt.c in Sources */ = {isa = PBXBuildFile; fileRef = 522DBE0C1B7926FB0031F454 /* wc_encrypt.c */; };
+		522DBE0F1B7927A50031F454 /* wc_encrypt.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 522DBE0E1B7927290031F454 /* wc_encrypt.h */; };
 		525BE5341B3869110054BBCD /* hash.c in Sources */ = {isa = PBXBuildFile; fileRef = 525BE5331B3869110054BBCD /* hash.c */; };
 		525BE5361B3869780054BBCD /* hash.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 525BE5351B3869430054BBCD /* hash.h */; };
 /* End PBXBuildFile section */
@@ -164,6 +166,7 @@
 			dstPath = include/wolfssl/wolfcrypt;
 			dstSubfolderSpec = 7;
 			files = (
+				522DBE0F1B7927A50031F454 /* wc_encrypt.h in CopyFiles */,
 				525BE5361B3869780054BBCD /* hash.h in CopyFiles */,
 				521646CD1A8A7FF30062516A /* aes.h in CopyFiles */,
 				521646CE1A8A7FF30062516A /* arc4.h in CopyFiles */,
@@ -449,6 +452,8 @@
 		521646BE1A8993F50062516A /* types.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = types.h; path = ../../cyassl/ctaocrypt/types.h; sourceTree = "<group>"; };
 		521646BF1A8993F50062516A /* visibility.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = visibility.h; path = ../../cyassl/ctaocrypt/visibility.h; sourceTree = "<group>"; };
 		521646C01A8993F50062516A /* wc_port.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = wc_port.h; path = ../../cyassl/ctaocrypt/wc_port.h; sourceTree = "<group>"; };
+		522DBE0C1B7926FB0031F454 /* wc_encrypt.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = wc_encrypt.c; path = ../../wolfcrypt/src/wc_encrypt.c; sourceTree = SOURCE_ROOT; };
+		522DBE0E1B7927290031F454 /* wc_encrypt.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = wc_encrypt.h; path = ../../wolfssl/wolfcrypt/wc_encrypt.h; sourceTree = "<group>"; };
 		525BE5331B3869110054BBCD /* hash.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = hash.c; path = ../../wolfcrypt/src/hash.c; sourceTree = "<group>"; };
 		525BE5351B3869430054BBCD /* hash.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = hash.h; path = ../../wolfssl/wolfcrypt/hash.h; sourceTree = "<group>"; };
 		52B1344D16F3C9E800C07B32 /* libwolfssl.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = libwolfssl.a; sourceTree = BUILT_PRODUCTS_DIR; };
@@ -589,6 +594,7 @@
 				521646861A8993770062516A /* tfm.h */,
 				521646871A8993770062516A /* types.h */,
 				521646881A8993770062516A /* visibility.h */,
+				522DBE0E1B7927290031F454 /* wc_encrypt.h */,
 				521646891A8993770062516A /* wc_port.h */,
 			);
 			name = wolfCrypt;
@@ -655,6 +661,7 @@
 				5216462E1A8992CC0062516A /* sha256.c */,
 				5216462F1A8992CC0062516A /* sha512.c */,
 				521646301A8992CC0062516A /* tfm.c */,
+				522DBE0C1B7926FB0031F454 /* wc_encrypt.c */,
 				521646311A8992CC0062516A /* wc_port.c */,
 			);
 			name = wolfCrypt;
@@ -764,6 +771,7 @@
 				5216460F1A89928E0062516A /* ssl.c in Sources */,
 				5216464D1A8992CC0062516A /* rsa.c in Sources */,
 				5216464B1A8992CC0062516A /* random.c in Sources */,
+				522DBE0D1B7926FB0031F454 /* wc_encrypt.c in Sources */,
 				521646101A89928E0062516A /* tls.c in Sources */,
 				5216460D1A89928E0062516A /* ocsp.c in Sources */,
 				521646431A8992CC0062516A /* md4.c in Sources */,

From 241e375b3404ebe75a462e5f2e037436d4f04e55 Mon Sep 17 00:00:00 2001
From: Jacob Barthelmeh <jacob@wolfssl.com>
Date: Mon, 10 Aug 2015 13:30:57 -0600
Subject: [PATCH 316/350] add wc_encrypt and hash to the MYSQL cmake

---
 IDE/MYSQL/CMakeLists_wolfCrypt.txt | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/IDE/MYSQL/CMakeLists_wolfCrypt.txt b/IDE/MYSQL/CMakeLists_wolfCrypt.txt
index 6c6f6b13f..62184780b 100644
--- a/IDE/MYSQL/CMakeLists_wolfCrypt.txt
+++ b/IDE/MYSQL/CMakeLists_wolfCrypt.txt
@@ -29,14 +29,15 @@ SET(WOLFCRYPT_SOURCES		src/aes.c src/arc4.c src/asn.c src/blake2b.c
         src/integer.c src/logging.c src/md2.c src/md4.c src/md5.c src/memory.c
         src/misc.c src/pkcs7.c src/poly1305.c src/pwdbased.c src/rabbit.c
         src/random.c src/ripemd.c src/rsa.c src/sha.c src/sha256.c src/sha512.c
-        src/tfm.c src/wc_port.c
+        src/tfm.c src/wc_port.c src/wc_encrypt.c src/hash.c
         ../wolfssl/wolfcrypt/aes.h ../wolfssl/wolfcrypt/arc4.h ../wolfssl/wolfcrypt/asn.h ../wolfssl/wolfcrypt/blake2.h
         ../wolfssl/wolfcrypt/camellia.h ../wolfssl/wolfcrypt/chacha.h ../wolfssl/wolfcrypt/coding.h ../wolfssl/wolfcrypt/compress.h ../wolfssl/wolfcrypt/des3.h
         ../wolfssl/wolfcrypt/dh.h ../wolfssl/wolfcrypt/dsa.h ../wolfssl/wolfcrypt/ecc.h ../wolfssl/wolfcrypt/error-crypt.h ../wolfssl/wolfcrypt/hc128.h ../wolfssl/wolfcrypt/hmac.h
         ../wolfssl/wolfcrypt/integer.h ../wolfssl/wolfcrypt/logging.h ../wolfssl/wolfcrypt/md2.h ../wolfssl/wolfcrypt/md4.h ../wolfssl/wolfcrypt/md5.h ../wolfssl/wolfcrypt/memory.h
         ../wolfssl/wolfcrypt/misc.h ../wolfssl/wolfcrypt/pkcs7.h ../wolfssl/wolfcrypt/poly1305.h ../wolfssl/wolfcrypt/pwdbased.h ../wolfssl/wolfcrypt/rabbit.h
         ../wolfssl/wolfcrypt/random.h ../wolfssl/wolfcrypt/ripemd.h ../wolfssl/wolfcrypt/rsa.h ../wolfssl/wolfcrypt/sha.h ../wolfssl/wolfcrypt/sha256.h ../wolfssl/wolfcrypt/sha512.h
-        ../wolfssl/wolfcrypt/tfm.h ../wolfssl/wolfcrypt/wc_port.h
+        ../wolfssl/wolfcrypt/tfm.h ../wolfssl/wolfcrypt/wc_port.h ../wolfssl/wolfcrypt/wc_encrypt.h
+        ../wolfssl/wolfcrypt/hash.h
    )
 
 ADD_CONVENIENCE_LIBRARY(wolfcrypt ${WOLFCRYPT_SOURCES})

From ffa75d40e02bd1079439722c18bd1031aca70632 Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Tue, 11 Aug 2015 12:25:40 -0700
Subject: [PATCH 317/350] disable static dh cipher suites in non max strength
 build by default

---
 wolfssl/internal.h           | 60 ++++++++++++++++++++++++++----------
 wolfssl/wolfcrypt/settings.h |  3 ++
 2 files changed, 47 insertions(+), 16 deletions(-)

diff --git a/wolfssl/internal.h b/wolfssl/internal.h
index 7950cf056..898356645 100644
--- a/wolfssl/internal.h
+++ b/wolfssl/internal.h
@@ -391,46 +391,66 @@ typedef byte word24[3];
                 #if !defined(NO_RSA)
                     #define BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
                     #define BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
-                    #define BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
-                    #define BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
+                    #if defined(WOLFSSL_STATIC_DH)
+                        #define BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
+                        #define BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
+                    #endif
                 #endif
 
                 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
                 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
 
-                #define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
-                #define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
+                #if defined(WOLFSSL_STATIC_DH)
+                    #define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
+                    #define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
+                #endif
             #endif /* NO_SHA */
             #ifndef NO_SHA256
                 #if !defined(NO_RSA)
                     #define BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
-                    #define BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
+                    #if defined(WOLFSSL_STATIC_DH)
+                        #define BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
+                    #endif
                 #endif
                 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
-                #define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
+                #if defined(WOLFSSL_STATIC_DH)
+                    #define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
+                #endif
             #endif
 
             #ifdef WOLFSSL_SHA384
                 #if !defined(NO_RSA)
                     #define BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
-                    #define BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
+                    #if defined(WOLFSSL_STATIC_DH)
+                        #define BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
+                    #endif
                 #endif
                 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
-                #define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
+                #if defined(WOLFSSL_STATIC_DH)
+                    #define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
+                #endif
             #endif
 
             #if defined (HAVE_AESGCM)
                 #if !defined(NO_RSA)
-                    #define BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
+                    #if defined(WOLFSSL_STATIC_DH)
+                        #define BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
+                    #endif
                     #if defined(WOLFSSL_SHA384)
-                        #define BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
+                        #if defined(WOLFSSL_STATIC_DH)
+                            #define BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
+                        #endif
                     #endif
                 #endif
 
-                #define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
+                #if defined(WOLFSSL_STATIC_DH)
+                    #define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
+                #endif
 
                 #if defined(WOLFSSL_SHA384)
-                    #define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
+                    #if defined(WOLFSSL_STATIC_DH)
+                        #define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
+                    #endif
                 #endif
             #endif
         #endif /* NO_AES */
@@ -438,22 +458,30 @@ typedef byte word24[3];
             #if !defined(NO_SHA)
                 #if !defined(NO_RSA)
                     #define BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA
-                    #define BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA
+                    #if defined(WOLFSSL_STATIC_DH)
+                        #define BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA
+                    #endif
                 #endif
 
                 #define BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
-                #define BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
+                #if defined(WOLFSSL_STATIC_DH)
+                    #define BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
+                #endif
             #endif
         #endif
         #if !defined(NO_DES3)
             #ifndef NO_SHA
                 #if !defined(NO_RSA)
                     #define BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
-                    #define BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
+                    #if defined(WOLFSSL_STATIC_DH)
+                        #define BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
+                    #endif
                 #endif
 
                 #define BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
-                #define BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
+                #if defined(WOLFSSL_STATIC_DH)
+                    #define BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
+                #endif
             #endif /* NO_SHA */
         #endif
     #endif
diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h
index 6c10ddf2a..fb6f9543a 100644
--- a/wolfssl/wolfcrypt/settings.h
+++ b/wolfssl/wolfcrypt/settings.h
@@ -111,6 +111,9 @@
 /* Uncomment next line if building for VxWorks */
 /* #define WOLFSSL_VXWORKS */
 
+/* Uncomment next line to enable deprecated less secure static DH suites */
+/* #define WOLFSSL_STATIC_DH */
+
 #include <wolfssl/wolfcrypt/visibility.h>
 
 #ifdef WOLFSSL_USER_SETTINGS

From b0bc9e0f0d77f61dbf848b9f549f872f557690a7 Mon Sep 17 00:00:00 2001
From: unknown <kaleb@wolfssl.com>
Date: Tue, 11 Aug 2015 15:14:19 -0600
Subject: [PATCH 318/350] Remove hard tabs, update DLL-x64-Release

---
 IDE/WIN/wolfssl-fips.vcxproj | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/IDE/WIN/wolfssl-fips.vcxproj b/IDE/WIN/wolfssl-fips.vcxproj
index 18b40270a..898eb020f 100644
--- a/IDE/WIN/wolfssl-fips.vcxproj
+++ b/IDE/WIN/wolfssl-fips.vcxproj
@@ -170,7 +170,7 @@
     </ClCompile>
     <Link>
       <AdditionalDependencies>ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
-	  <RandomizedBaseAddress>false</RandomizedBaseAddress>
+      <RandomizedBaseAddress>false</RandomizedBaseAddress>
     </Link>
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
@@ -225,6 +225,7 @@
     </ClCompile>
     <Link>
       <AdditionalDependencies>ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <RandomizedBaseAddress>false</RandomizedBaseAddress>
     </Link>
   </ItemDefinitionGroup>
   <ItemGroup>

From 30f6bc1e2743acb7626da41fa5b06a7584b69785 Mon Sep 17 00:00:00 2001
From: Takashi Kojo <kojo@wolfssl.com>
Date: Wed, 12 Aug 2015 16:45:40 +0900
Subject: [PATCH 319/350] MDK4, wolfSSL name change

---
 .../MDK-ARM/CyaSSL/config-BARE-METAL.h        |  291 --
 IDE/MDK-ARM/MDK-ARM/CyaSSL/config-FS.h        |  329 --
 .../MDK-ARM/CyaSSL/config-RTX-TCP-FS.h        |  351 --
 .../MDK-ARM/{CyaSSL => wolfSSL}/Retarget.c    |    6 +-
 .../MDK-ARM/{CyaSSL => wolfSSL}/cert_data.c   |    2 +-
 .../MDK-ARM/{CyaSSL => wolfSSL}/cert_data.h   |    4 +-
 .../MDK-ARM/{CyaSSL => wolfSSL}/main.c        |   34 +-
 .../MDK-ARM/{CyaSSL => wolfSSL}/shell.c       |   86 +-
 .../ssl-dummy.c => wolfSSL/time-CortexM3-4.c} |   36 +-
 .../{CyaSSL/config.h => wolfSSL/time-dummy.c} |   40 +-
 .../wolfssl_MDK_ARM.c}                        |  108 +-
 .../wolfssl_MDK_ARM.h}                        |   67 +-
 IDE/MDK-ARM/Projects/MDK-ARM-LPC43xx.uvproj   | 3510 -----------------
 IDE/MDK-ARM/Projects/MDK-ARM-STM32F2xx.uvopt  | 1187 ++----
 IDE/MDK-ARM/Projects/MDK-ARM-STM32F2xx.uvproj | 2699 ++++---------
 ...PC43xx.uvopt => MDK-ARM-wolfSSL-Lib.uvopt} | 2241 +++++------
 .../Projects/MDK-ARM-wolfSSL-Lib.uvproj       | 2138 ++++++++++
 IDE/MDK-ARM/Projects/Readme.txt               |    8 +
 IDE/MDK-ARM/Projects/conifg-WOLFLIB.h         |    0
 examples/echoclient/echoclient.c              |   16 +-
 examples/echoserver/echoserver.c              |   10 +-
 examples/server/server.c                      |   12 +-
 wolfcrypt/src/asn.c                           |   19 +-
 wolfcrypt/test/test.c                         |    6 -
 wolfssl/wolfcrypt/random.h                    |    7 -
 25 files changed, 4385 insertions(+), 8822 deletions(-)
 delete mode 100644 IDE/MDK-ARM/MDK-ARM/CyaSSL/config-BARE-METAL.h
 delete mode 100644 IDE/MDK-ARM/MDK-ARM/CyaSSL/config-FS.h
 delete mode 100644 IDE/MDK-ARM/MDK-ARM/CyaSSL/config-RTX-TCP-FS.h
 rename IDE/MDK-ARM/MDK-ARM/{CyaSSL => wolfSSL}/Retarget.c (98%)
 rename IDE/MDK-ARM/MDK-ARM/{CyaSSL => wolfSSL}/cert_data.c (96%)
 rename IDE/MDK-ARM/MDK-ARM/{CyaSSL => wolfSSL}/cert_data.h (95%)
 rename IDE/MDK-ARM/MDK-ARM/{CyaSSL => wolfSSL}/main.c (85%)
 rename IDE/MDK-ARM/MDK-ARM/{CyaSSL => wolfSSL}/shell.c (90%)
 rename IDE/MDK-ARM/MDK-ARM/{CyaSSL/ssl-dummy.c => wolfSSL/time-CortexM3-4.c} (61%)
 rename IDE/MDK-ARM/MDK-ARM/{CyaSSL/config.h => wolfSSL/time-dummy.c} (56%)
 rename IDE/MDK-ARM/MDK-ARM/{CyaSSL/cyassl_MDK_ARM.c => wolfSSL/wolfssl_MDK_ARM.c} (71%)
 rename IDE/MDK-ARM/MDK-ARM/{CyaSSL/cyassl_MDK_ARM.h => wolfSSL/wolfssl_MDK_ARM.h} (58%)
 delete mode 100644 IDE/MDK-ARM/Projects/MDK-ARM-LPC43xx.uvproj
 rename IDE/MDK-ARM/Projects/{MDK-ARM-LPC43xx.uvopt => MDK-ARM-wolfSSL-Lib.uvopt} (55%)
 create mode 100644 IDE/MDK-ARM/Projects/MDK-ARM-wolfSSL-Lib.uvproj
 create mode 100644 IDE/MDK-ARM/Projects/Readme.txt
 create mode 100644 IDE/MDK-ARM/Projects/conifg-WOLFLIB.h

diff --git a/IDE/MDK-ARM/MDK-ARM/CyaSSL/config-BARE-METAL.h b/IDE/MDK-ARM/MDK-ARM/CyaSSL/config-BARE-METAL.h
deleted file mode 100644
index 56178bf79..000000000
--- a/IDE/MDK-ARM/MDK-ARM/CyaSSL/config-BARE-METAL.h
+++ /dev/null
@@ -1,291 +0,0 @@
-/* config-BEREFOOT.h
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-
-/**** CyaSSL for KEIL-RL Configuration ****/
-
-#define __CORTEX_M3__
-#define CYASSL_MDK_ARM
-#define NO_WRITEV
-#define NO_CYASSL_DIR
-#define NO_MAIN_DRIVER
-
-#define CYASSL_DER_LOAD
-#define HAVE_NULL_CIPHER
-
-#define SINGLE_THREADED
-#define NO_FILESYSTEM
-#define NO_TLS
-
-#define NO_ECHOSERVER
-#define NO_ECHOCLIENT
-#define NO_SIMPLE_SERVER
-#define NO_SIMPLE_CLIENT
-
-// <<< Use Configuration Wizard in Context Menu >>>
-
-// <h> Build Target: KEIL-BAREFOOT
-//  <h> Single Threaded, No File System, No TCP-net
-//   </h>
-//      <e>Command Shell
-#define MDK_CONF_SHELL 1
-#if MDK_CONF_SHELL  == 1
-#define CYASSL_MDK_SHELL
-#endif
-//  </e>
-//  <h>CyaSSL Apps
-//  <h>Crypt/Cipher
-//        <o>Cert Storage <1=> Mem Buff (1024bytes) <2=> Mem Buff (2048bytes)
-#define MDK_CONF_CERT_BUFF 1
-#if MDK_CONF_CERT_BUFF == 1
-#define USE_CERT_BUFFERS_1024
-#elif MDK_CONF_CERT_BUFF == 2
-#define USE_CERT_BUFFERS_2048
-#endif
-
-//      <e>Crypt/Cipher Test Suite
-#define MDK_CONF_CTaoCryptTest 1
-#if MDK_CONF_CTaoCryptTest  == 0
-#define NO_CRYPT_TEST
-#endif
-//  </e>
-//      <e>Crypt/Cipher Benchmark
-#define MDK_CONF_CTaoCryptBenchmark 1
-#if MDK_CONF_CTaoCryptBenchmark == 0
-#define NO_CRYPT_BENCHMARK 
-#define BENCH_EMBEDDED
-#endif
-//  </e>
-//   </h>
-
-//  <h>STM32 Hardware Crypt
-//      <e>STM32F2 Hardware RNG
-#define MDK_CONF_STM32F2_RNG 0
-#if MDK_CONF_STM32F2_RNG == 1
-#define STM32F2_RNG
-#else
-#define NO_DEV_RANDOM
-#endif
-//  </e>
-//      <e>STM32F2 Hardware Crypt
-#define MDK_CONF_STM32F2_CRYPTO 0
-#if MDK_CONF_STM32F2_CRYPTO == 1
-#define STM32F2_CRYPTO
-#endif
-//  </e>
-
-// </h>
-
-
-//  <h>CTaoCrypt Library
-
-//       <h>MD5, SHA, SHA-256, AES, RC4, ASN, RSA
-//        </h>
-//      <e>MD2
-#define MDK_CONF_MD2 0
-#if MDK_CONF_MD2 == 1
-#define CYASSL_MD2
-#endif
-//  </e>
-//      <e>MD4
-#define MDK_CONF_MD4 1
-#if MDK_CONF_MD4 == 0
-#define NO_MD4
-#endif
-//  </e>
-//      <e>SHA-384
-//          <i>This has to be with SHA512
-#define MDK_CONF_SHA384 0
-#if MDK_CONF_SHA384 == 1
-#define CYASSL_SHA384
-#endif
-//  </e>
-//      <e>SHA-512          
-#define MDK_CONF_SHA512     0
-#if MDK_CONF_SHA512     == 1
-#define CYASSL_SHA512   
-#endif
-//  </e>
-//      <e>RIPEMD
-#define MDK_CONF_RIPEMD 0
-#if MDK_CONF_RIPEMD == 1
-#define CYASSL_RIPEMD
-#endif
-//  </e>
-//      <e>HMAC
-#define MDK_CONF_HMAC 1
-#if MDK_CONF_HMAC == 0
-#define NO_HMAC
-#endif
-//  </e>
-//      <e>HC128
-#define MDK_CONF_HC128 0
-#if MDK_CONF_HC128 == 1
-#define HAVE_HC128
-#endif
-//  </e>
-//  <e>RABBIT
-#define MDK_CONF_RABBIT 1
-#if MDK_CONF_RABBI == 0
-#define NO_RABBIT
-#endif
-//  </e>
-
-//      <e>AEAD     
-#define MDK_CONF_AEAD 0
-#if MDK_CONF_AEAD == 1
-#define HAVE_AEAD
-#endif
-//  </e>
-//      <e>DES3
-#define MDK_CONF_DES3 1
-#if MDK_CONF_DES3 == 0
-#define NO_DES3
-#endif
-//  </e>
-//      <e>CAMELLIA
-#define MDK_CONF_CAMELLIA 0
-#if MDK_CONF_CAMELLIA == 1
-#define HAVE_CAMELLIA
-#endif
-//  </e>
-
-//      <e>DH
-//              <i>need this for CYASSL_SERVER, OPENSSL_EXTRA
-#define MDK_CONF_DH 1
-#if MDK_CONF_DH == 0
-#define NO_DH
-#endif
-//  </e>
-//      <e>DSA
-#define MDK_CONF_DSA 1 
-#if MDK_CONF_DSA == 0
-#define NO_DSA
-#endif
-//  </e>
-//      <e>PWDBASED
-#define MDK_CONF_PWDBASED 1
-#if MDK_CONF_PWDBASED == 0
-#define NO_PWDBASED
-#endif
-//  </e>
-
-//      <e>ECC
-#define MDK_CONF_ECC 0
-#if MDK_CONF_ECC == 1
-#define HAVE_ECC
-#endif
-//  </e>
-//      <e>PSK
-#define MDK_CONF_PSK 1
-#if MDK_CONF_PSK == 0
-#define NO_PSK
-#endif
-//  </e>
-//      <e>AESCCM (Turn off Hardware Crypt)
-#define MDK_CONF_AESCCM 0
-#if MDK_CONF_AESCCM == 1
-#define HAVE_AESCCM
-#endif
-//  </e>
-//      <e>AESGCM (Turn off Hardware Crypt)
-#define MDK_CONF_AESGCM 0
-#if MDK_CONF_AESGCM == 1
-#define HAVE_AESGCM
-#define BUILD_AESGCM
-#endif
-//  </e>
-//      <e>NTRU (need License, "crypto_ntru.h")
-#define MDK_CONF_NTRU 0
-#if MDK_CONF_NTRU == 1
-#define HAVE_NTRU
-#endif
-//  </e>
-//  </h>
-
-//  <h>Others
-
-//      <e>Inline
-#define MDK_CONF_INLINE 0
-#if MDK_CONF_INLINE == 0
-#define NO_INLINE
-#endif
-//  </e>
-//      <h>Debug
-//              <e>Debug Message
-#define MDK_CONF_DebugMessage 0
-#if MDK_CONF_DebugMessage == 1
-#define DEBUG_CYASSL
-#endif
-//         </e>
-//              <e>Check malloc
-#define MDK_CONF_CheckMalloc 1
-#if MDK_CONF_CheckMalloc == 1
-#define CYASSL_MALLOC_CHECK
-#endif
-//         </e>
-
-
-//  </h>
-//      <e>ErrNo.h
-#define MDK_CONF_ErrNo 0
-#if MDK_CONF_ErrNo == 1
-#define HAVE_ERRNO
-#endif
-//  </e>
-//      <e>zlib (need "zlib.h")
-#define MDK_CONF_LIBZ 0
-#if MDK_CONF_LIBZ == 1
-#define HAVE_LIBZ
-#endif
-//  </e>
-//      <e>CAVIUM (need CAVIUM headers)
-#define MDK_CONF_CAVIUM 0
-#if MDK_CONF_CAVIUM == 1
-#define HAVE_CAVIUM
-#endif
-//  </e>
-
-//      <e>Error Strings
-#define MDK_CONF_ErrorStrings 1
-#if MDK_CONF_ErrorStrings == 0
-#define NO_ERROR_STRINGS
-#endif
-//  </e>
-
-//      <e>Small Stack
-#define MDK_CONF_SmallStack 1
-#if MDK_CONF_SmallStack == 0
-#define NO_CYASSL_SMALL_STACK
-#endif
-//  </e>
-//      <e>Use Fast Math
-#define MDK_CONF_FASTMATH 0
-#if MDK_CONF_FASTMATH == 1
-#define USE_FAST_MATH
-#endif
-//  </e>
-
-
-//  </h>
-
-//</h>
-// <<< end of configuration section >>>
diff --git a/IDE/MDK-ARM/MDK-ARM/CyaSSL/config-FS.h b/IDE/MDK-ARM/MDK-ARM/CyaSSL/config-FS.h
deleted file mode 100644
index 6d348a719..000000000
--- a/IDE/MDK-ARM/MDK-ARM/CyaSSL/config-FS.h
+++ /dev/null
@@ -1,329 +0,0 @@
-/* config-FS.h
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-
-/**** CyaSSL for KEIL-RL Configuration ****/
-
-#define __CORTEX_M3__
-#define CYASSL_KEIL_RL
-#define NO_WRITEV
-#define NO_CYASSL_DIR
-#define NO_MAIN_DRIVER
-
-
-#define CYASSL_DER_LOAD
-#define HAVE_NULL_CIPHER
-
-#define SINGLE_THREADED
-
-#define NO_ECHOSERVER
-#define NO_ECHOCLIENT
-#define NO_SIMPLE_SERVER
-#define NO_SIMPLE_CLIENT
-
-// <<< Use Configuration Wizard in Context Menu >>>
-
-// <h> Build Target: KEIL-FS
-//  <h> Single Threaded, With File System, No TCP-net
-//   </h>
-//      <e>Command Shell
-#define MDK_CONF_SHELL 1
-#if MDK_CONF_SHELL  == 1
-#define CYASSL_MDK_SHELL
-#endif
-//  </e>
-//  <h>CyaSSL Apps
-//  <h>Crypt/Cipher
-//        <o>Cert Storage <0=> SD Card <1=> Mem Buff (1024bytes) <2=> Mem Buff (2048bytes)
-#define MDK_CONF_CERT_BUFF 0
-#if MDK_CONF_CERT_BUFF== 1
-#define USE_CERT_BUFFERS_1024
-#elif MDK_CONF_CERT_BUFF == 2
-#define USE_CERT_BUFFERS_2048
-#endif
-
-//      <e>Crypt/Cipher Test Suite
-#define MDK_CONF_CTaoCryptTest 1
-#if MDK_CONF_CTaoCryptTest  == 0
-#define NO_CRYPT_TEST
-#endif
-//  </e>
-//      <e>Crypt/Cipher Benchmark
-#define MDK_CONF_CTaoCryptBenchmark 1
-#if MDK_CONF_CTaoCryptBenchmark == 0
-#define NO_CRYPT_BENCHMARK 
-#endif
-//  </e>
-//   </h>
-
-//  <h>STM32 Hardware Crypt
-//      <e>STM32F2 Hardware RNG
-#define MDK_CONF_STM32F2_RNG 0
-#if MDK_CONF_STM32F2_RNG == 1
-#define STM32F2_RNG
-#else
-#define NO_DEV_RANDOM
-#endif
-//  </e>
-//      <e>STM32F2 Hardware Crypt
-#define MDK_CONF_STM32F2_CRYPTO 0
-#if MDK_CONF_STM32F2_CRYPTO == 1
-#define STM32F2_CRYPTO
-#endif
-//  </e>
-
-// </h>
-
-//  <h>CyaSSL Library
-//     <h>SSL (Included by default)
-//     </h>
-
-//      <e>TLS 
-#define MDK_CONF_TLS 1
-#if MDK_CONF_TLS == 0
-#define NO_TLS
-#endif
-//  </e>
-
-//      <e>CertGen
-#define MDK_CONF_CERT_GEN 0
-#if MDK_CONF_CERT_GEN == 1
-#define CYASSL_CERT_GEN
-#endif
-//  </e>
-//      <e>KeyGen
-#define MDK_CONF_KEY_GEN 0
-#if MDK_CONF_KEY_GEN == 1
-#define CYASSL_KEY_GEN
-#endif
-//  </e>
-//      <e>CRL
-#define MDK_CONF_DER_LOAD 0
-#if MDK_CONF_DER_LOAD == 1
-#define CYASSL_DER_LOAD
-#endif
-//  </e>
-//      <e>OpenSSL Extra
-#define MDK_CONF_OPENSSL_EXTRA 0
-#if MDK_CONF_OPENSSL_EXTRA == 1
-#define OPENSSL_EXTRA
-#endif
-//  </e>
-//      <h>CRL Monitor, OCSP (not supported with KEIL)
-//     </h>
-
-// </h>
-
-//  <h>CTaoCrypt Library
-
-//       <h>MD5, SHA, SHA-256, AES, RC4, ASN, RSA
-//        </h>
-
-//      <e>MD2
-#define MDK_CONF_MD2 0
-#if MDK_CONF_MD2 == 1
-#define CYASSL_MD2
-#endif
-//  </e>
-//      <e>MD4
-#define MDK_CONF_MD4 1
-#if MDK_CONF_MD4 == 0
-#define NO_MD4
-#endif
-//  </e>
-//      <e>SHA-384
-//          <i>This has to be with SHA512
-#define MDK_CONF_SHA384 0
-#if MDK_CONF_SHA384 == 1
-#define CYASSL_SHA384
-#endif
-//  </e>
-//      <e>SHA-512          
-#define MDK_CONF_SHA512     0
-#if MDK_CONF_SHA512     == 1
-#define CYASSL_SHA512   
-#endif
-//  </e>
-//      <e>RIPEMD
-#define MDK_CONF_RIPEMD 0
-#if MDK_CONF_RIPEMD == 1
-#define CYASSL_RIPEMD
-#endif
-//  </e>
-//      <e>HMAC
-#define MDK_CONF_HMAC 1
-#if MDK_CONF_HMAC == 0
-#define NO_HMAC
-#endif
-//  </e>
-//      <e>HC128
-#define MDK_CONF_HC128 0
-#if MDK_CONF_HC128 == 1
-#define HAVE_HC128
-#endif
-//  </e>
-//  <e>RABBIT
-#define MDK_CONF_RABBIT 1
-#if MDK_CONF_RABBI == 0
-#define NO_RABBIT
-#endif
-//  </e>
-
-//      <e>AEAD     
-#define MDK_CONF_AEAD 0
-#if MDK_CONF_AEAD == 1
-#define HAVE_AEAD
-#endif
-//  </e>
-//      <e>DES3
-#define MDK_CONF_DES3 1
-#if MDK_CONF_DES3 == 0
-#define NO_DES3
-#endif
-//  </e>
-//      <e>CAMELLIA
-#define MDK_CONF_CAMELLIA 0
-#if MDK_CONF_CAMELLIA == 1
-#define HAVE_CAMELLIA
-#endif
-//  </e>
-
-//      <e>DH
-//              <i>need this for CYASSL_SERVER, OPENSSL_EXTRA
-#define MDK_CONF_DH 1
-#if MDK_CONF_DH == 0
-#define NO_DH
-#endif
-//  </e>
-//      <e>DSA
-#define MDK_CONF_DSA 1 
-#if MDK_CONF_DSA == 0
-#define NO_DSA
-#endif
-//  </e>
-//      <e>PWDBASED
-#define MDK_CONF_PWDBASED 1
-#if MDK_CONF_PWDBASED == 0
-#define NO_PWDBASED
-#endif
-//  </e>
-
-//      <e>ECC
-#define MDK_CONF_ECC 0
-#if MDK_CONF_ECC == 1
-#define HAVE_ECC
-#endif
-//  </e>
-//      <e>PSK
-#define MDK_CONF_PSK 1
-#if MDK_CONF_PSK == 0
-#define NO_PSK
-#endif
-//  </e>
-//      <e>AESCCM (Turn off Hardware Crypt)
-#define MDK_CONF_AESCCM 0
-#if MDK_CONF_AESCCM == 1
-#define HAVE_AESCCM
-#endif
-//  </e>
-//      <e>AESGCM (Turn off Hardware Crypt)
-#define MDK_CONF_AESGCM 0
-#if MDK_CONF_AESGCM == 1
-#define HAVE_AESGCM
-#define BUILD_AESGCM
-#endif
-//  </e>
-//      <e>NTRU (need License, "crypto_ntru.h")
-#define MDK_CONF_NTRU 0
-#if MDK_CONF_NTRU == 1
-#define HAVE_NTRU
-#endif
-//  </e>
-//  </h>
-
-//  <h>Others
-
-//      <e>Inline
-#define MDK_CONF_INLINE 0
-#if MDK_CONF_INLINE == 0
-#define NO_INLINE
-#endif
-//  </e>
-//      <h>Debug
-//              <e>Debug Message
-#define MDK_CONF_DebugMessage 0
-#if MDK_CONF_DebugMessage == 1
-#define DEBUG_CYASSL
-#endif
-//         </e>
-//              <e>Check malloc
-#define MDK_CONF_CheckMalloc 1
-#if MDK_CONF_CheckMalloc == 1
-#define CYASSL_MALLOC_CHECK
-#endif
-//         </e>
-
-
-//  </h>
-//      <e>ErrNo.h
-#define MDK_CONF_ErrNo 0
-#if MDK_CONF_ErrNo == 1
-#define HAVE_ERRNO
-#endif
-//  </e>
-//      <e>zlib (need "zlib.h")
-#define MDK_CONF_LIBZ 0
-#if MDK_CONF_LIBZ == 1
-#define HAVE_LIBZ
-#endif
-//  </e>
-//      <e>CAVIUM (need CAVIUM headers)
-#define MDK_CONF_CAVIUM 0
-#if MDK_CONF_CAVIUM == 1
-#define HAVE_CAVIUM
-#endif
-//  </e>
-
-//      <e>Error Strings
-#define MDK_CONF_ErrorStrings 1
-#if MDK_CONF_ErrorStrings == 0
-#define NO_ERROR_STRINGS
-#endif
-//  </e>
-
-//      <e>Small Stack
-#define MDK_CONF_SmallStack 1
-#if MDK_CONF_SmallStack == 0
-#define NO_CYASSL_SMALL_STACK
-#endif
-//  </e>
-//      <e>Use Fast Math
-#define MDK_CONF_FASTMATH 0
-#if MDK_CONF_FASTMATH == 1
-#define USE_FAST_MATH
-#endif
-//  </e>
-
-
-//  </h>
-
-//</h>
-// <<< end of configuration section >>>
diff --git a/IDE/MDK-ARM/MDK-ARM/CyaSSL/config-RTX-TCP-FS.h b/IDE/MDK-ARM/MDK-ARM/CyaSSL/config-RTX-TCP-FS.h
deleted file mode 100644
index 4f513ef14..000000000
--- a/IDE/MDK-ARM/MDK-ARM/CyaSSL/config-RTX-TCP-FS.h
+++ /dev/null
@@ -1,351 +0,0 @@
-/* config-RTX-TCP-FS.h
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-
-/**** CyaSSL for KEIL-RL Configuration ****/
-
-#define __CORTEX_M3__
-#define CYASSL_MDK_ARM
-#define NO_WRITEV
-#define NO_CYASSL_DIR
-#define NO_MAIN_DRIVER
-
-
-#define CYASSL_DER_LOAD
-#define HAVE_NULL_CIPHER
-
-#define HAVE_KEIL_RTX
-#define CYASSL_KEIL_TCP_NET
-
-
-// <<< Use Configuration Wizard in Context Menu >>>
-// <h> Build Target: KEIL-RTX-TCP-FS
-//  <h> RTOS, File System and TCP-net
-//  </h>
-//      <e>Command Shell
-#define MDK_CONF_SHELL 1
-#if MDK_CONF_SHELL  == 1
-#define CYASSL_MDK_SHELL
-#endif
-//  </e>
-//  <h>CyaSSL Apps
-//  <h>Crypt/Cipher
-//        <o>Cert Storage <0=> SD Card <1=> Mem Buff (1024bytes) <2=> Mem Buff (2048bytes)
-#define MDK_CONF_CERT_BUFF 0
-#if MDK_CONF_CERT_BUFF== 1
-#define USE_CERT_BUFFERS_1024
-#elif MDK_CONF_CERT_BUFF == 2
-#define USE_CERT_BUFFERS_2048
-#endif
-
-//      <e>Crypt/Cipher Test Suite
-#define MDK_CONF_CTaoCryptTest 1
-#if MDK_CONF_CTaoCryptTest  == 0
-#define NO_CRYPT_TEST
-#endif
-//  </e>
-//      <e>Crypt/Cipher Benchmark
-#define MDK_CONF_CTaoCryptBenchmark 1
-#if MDK_CONF_CTaoCryptBenchmark == 0
-#define NO_CRYPT_BENCHMARK 
-#define BENCH_EMBEDDED
-#endif
-//  </e>
-//   </h>
-//   <h>SSL/TLS Server/Client
-//      <e>echoServer
-#define MDK_CONF_echoServer 1
-#if MDK_CONF_echoServer == 0
-#define NO_ECHOSERVER
-#endif
-//  </e>
-//      <e>echoClient
-#define MDK_CONF_echoClient 1
-#if MDK_CONF_echoClient == 0
-#define NO_ECHOCLIENT
-#endif
-//  </e>
-//      <e>SimpleServer
-#define MDK_CONF_simpleServer 1
-#if MDK_CONF_simpleServer == 0
-#define NO_SIMPLE_SERVER
-#endif
-//  </e>
-//      <e>SimpleCliet
-#define MDK_CONF_simpleClient 1
-#if MDK_CONF_simpleClient == 0
-#define NO_SIMPLE_CLIENT
-#endif
-//  </e>
-// </h>
-// </h>
-//  <h>STM32 Hardware Crypt
-//      <e>STM32F2 Hardware RNG
-#define MDK_CONF_STM32F2_RNG 0
-#if MDK_CONF_STM32F2_RNG == 1
-#define STM32F2_RNG
-#else
-#define NO_DEV_RANDOM
-#endif
-//  </e>
-//      <e>STM32F2 Hardware Crypt
-#define MDK_CONF_STM32F2_CRYPTO 0
-#if MDK_CONF_STM32F2_CRYPTO == 1
-#define STM32F2_CRYPTO
-#endif
-//  </e>
-
-// </h>
-
-//  <h>CyaSSL Library
-//     <h>SSL (Included by default)
-//     </h>
-
-//      <e>TLS 
-#define MDK_CONF_TLS 1
-#if MDK_CONF_TLS == 0
-#define NO_TLS
-#endif
-//  </e>
-
-//      <e>CertGen
-#define MDK_CONF_CERT_GEN 0
-#if MDK_CONF_CERT_GEN == 1
-#define CYASSL_CERT_GEN
-#endif
-//  </e>
-//      <e>KeyGen
-#define MDK_CONF_KEY_GEN 0
-#if MDK_CONF_KEY_GEN == 1
-#define CYASSL_KEY_GEN
-#endif
-//  </e>
-//      <e>CRL
-#define MDK_CONF_DER_LOAD 0
-#if MDK_CONF_DER_LOAD == 1
-#define CYASSL_DER_LOAD
-#endif
-//  </e>
-//      <e>OpenSSL Extra
-#define MDK_CONF_OPENSSL_EXTRA 1
-#if MDK_CONF_OPENSSL_EXTRA == 1
-#define OPENSSL_EXTRA
-#endif
-//  </e>
-//      <h>CRL Monitor, OCSP (not supported with KEIL)
-//     </h>
-
-// </h>
-
-//  <h>CTaoCrypt Library
-
-//       <h>MD5, SHA, SHA-256, AES, RC4, ASN, RSA
-//        </h>
-//      <e>MD2
-#define MDK_CONF_MD2 0
-#if MDK_CONF_MD2 == 1
-#define CYASSL_MD2
-#endif
-//  </e>
-//      <e>MD4
-#define MDK_CONF_MD4 1
-#if MDK_CONF_MD4 == 0
-#define NO_MD4
-#endif
-//  </e>
-//      <e>SHA-384
-//          <i>This has to be with SHA512
-#define MDK_CONF_SHA384 0
-#if MDK_CONF_SHA384 == 1
-#define CYASSL_SHA384
-#endif
-//  </e>
-//      <e>SHA-512          
-#define MDK_CONF_SHA512     0
-#if MDK_CONF_SHA512     == 1
-#define CYASSL_SHA512   
-#endif
-//  </e>
-//      <e>RIPEMD
-#define MDK_CONF_RIPEMD 1
-#if MDK_CONF_RIPEMD == 1
-#define CYASSL_RIPEMD
-#endif
-//  </e>
-//      <e>HMAC
-#define MDK_CONF_HMAC 1
-#if MDK_CONF_HMAC == 0
-#define NO_HMAC
-#endif
-//  </e>
-//      <e>HC128
-#define MDK_CONF_HC128 0
-#if MDK_CONF_HC128 == 1
-#define HAVE_HC128
-#endif
-//  </e>
-//  <e>RABBIT
-#define MDK_CONF_RABBIT 1
-#if MDK_CONF_RABBI == 0
-#define NO_RABBIT
-#endif
-//  </e>
-
-//      <e>AEAD     
-#define MDK_CONF_AEAD 0
-#if MDK_CONF_AEAD == 1
-#define HAVE_AEAD
-#endif
-//  </e>
-//      <e>DES3
-#define MDK_CONF_DES3 1
-#if MDK_CONF_DES3 == 0
-#define NO_DES3
-#endif
-//  </e>
-//      <e>CAMELLIA
-#define MDK_CONF_CAMELLIA 0
-#if MDK_CONF_CAMELLIA == 1
-#define HAVE_CAMELLIA
-#endif
-//  </e>
-
-//      <e>DH
-//              <i>need this for CYASSL_SERVER, OPENSSL_EXTRA
-#define MDK_CONF_DH 1
-#if MDK_CONF_DH == 0
-#define NO_DH
-#endif
-//  </e>
-//      <e>DSA
-#define MDK_CONF_DSA 1 
-#if MDK_CONF_DSA == 0
-#define NO_DSA
-#endif
-//  </e>
-//      <e>PWDBASED
-#define MDK_CONF_PWDBASED 1
-#if MDK_CONF_PWDBASED == 0
-#define NO_PWDBASED
-#endif
-//  </e>
-
-//      <e>ECC
-#define MDK_CONF_ECC 1
-#if MDK_CONF_ECC == 1
-#define HAVE_ECC
-#endif
-//  </e>
-//      <e>PSK
-#define MDK_CONF_PSK 1
-#if MDK_CONF_PSK == 0
-#define NO_PSK
-#endif
-//  </e>
-//      <e>AESCCM (Turn off Hardware Crypt)
-#define MDK_CONF_AESCCM 0
-#if MDK_CONF_AESCCM == 1
-#define HAVE_AESCCM
-#endif
-//  </e>
-//      <e>AESGCM (Turn off Hardware Crypt)
-#define MDK_CONF_AESGCM 0
-#if MDK_CONF_AESGCM == 1
-#define HAVE_AESGCM
-#define BUILD_AESGCM
-#endif
-//  </e>
-//      <e>NTRU (need License, "crypto_ntru.h")
-#define MDK_CONF_NTRU 0
-#if MDK_CONF_NTRU == 1
-#define HAVE_NTRU
-#endif
-//  </e>
-//  </h>
-
-//  <h>Others
-
-//      <e>Inline
-#define MDK_CONF_INLINE 0
-#if MDK_CONF_INLINE == 0
-#define NO_INLINE
-#endif
-//  </e>
-//      <h>Debug
-//              <e>Debug Message
-#define MDK_CONF_DEBUG_MSG 0
-#if MDK_CONF_DEBUG_MSG == 1
-#define DEBUG_CYASSL
-#endif
-//         </e>
-//              <e>Check malloc
-#define MDK_CONF_CHECK_MALLOC 1
-#if MDK_CONF_CHECK_MALLOC == 1
-#define CYASSL_MALLOC_CHECK
-#endif
-//         </e>
-
-
-//  </h>
-//      <e>ErrNo.h
-#define MDK_CONF_ERR_NO 0
-#if MDK_CONF_ERR_NO == 1
-#define HAVE_ERRNO
-#endif
-//  </e>
-//      <e>zlib (need "zlib.h")
-#define MDK_CONF_LIBZ 0
-#if MDK_CONF_LIBZ == 1
-#define HAVE_LIBZ
-#endif
-//  </e>
-//      <e>CAVIUM (need CAVIUM headers)
-#define MDK_CONF_CAVIUM 0
-#if MDK_CONF_CAVIUM == 1
-#define HAVE_CAVIUM
-#endif
-//  </e>
-
-//      <e>Error Strings
-#define MDK_CONF_ErrorStrings 1
-#if MDK_CONF_ErrorStrings == 0
-#define NO_ERROR_STRINGS
-#endif
-//  </e>
-
-//      <e>Small Stack
-#define MDK_CONF_SMALL_STACK 1
-#if MDK_CONF_SMALL_STACK == 0
-#define NO_CYASSL_SMALL_STACK
-#endif
-//  </e>
-//      <e>Use Fast Math
-#define MDK_CONF_FASTMATH 0
-#if MDK_CONF_FASTMATH == 1
-#define USE_FAST_MATH
-#endif
-//  </e>
-
-
-//  </h>
-
-//</h>
-// <<< end of configuration section >>>
diff --git a/IDE/MDK-ARM/MDK-ARM/CyaSSL/Retarget.c b/IDE/MDK-ARM/MDK-ARM/wolfSSL/Retarget.c
similarity index 98%
rename from IDE/MDK-ARM/MDK-ARM/CyaSSL/Retarget.c
rename to IDE/MDK-ARM/MDK-ARM/wolfSSL/Retarget.c
index bb59c8ce1..573247983 100644
--- a/IDE/MDK-ARM/MDK-ARM/CyaSSL/Retarget.c
+++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/Retarget.c
@@ -55,7 +55,9 @@ int sendchar (int c)
 int getkey (void) 
 {
     int ch = SER_GetChar();
-
+        #if defined (HAVE_KEIL_RTX)
+        os_itv_wait ();
+        #endif
     if (ch < 0) {
         return 0;
     }
@@ -250,7 +252,7 @@ char *_sys_command_string (char *cmd, int len)
 
 void _sys_exit (int return_code) 
 {
-#ifdef CYASSL_MDK_SHELL
+#ifdef WOLFSSL_MDK_SHELL
     return ;
 #else
     /* Endless loop. */
diff --git a/IDE/MDK-ARM/MDK-ARM/CyaSSL/cert_data.c b/IDE/MDK-ARM/MDK-ARM/wolfSSL/cert_data.c
similarity index 96%
rename from IDE/MDK-ARM/MDK-ARM/CyaSSL/cert_data.c
rename to IDE/MDK-ARM/MDK-ARM/wolfSSL/cert_data.c
index d6cef016d..a29e8fcbb 100644
--- a/IDE/MDK-ARM/MDK-ARM/CyaSSL/cert_data.c
+++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/cert_data.c
@@ -24,5 +24,5 @@
 #endif
 
 /* Define initial data for cert buffers */
-#include <cyassl/certs_test.h>
+#include <wolfssl/certs_test.h>
 
diff --git a/IDE/MDK-ARM/MDK-ARM/CyaSSL/cert_data.h b/IDE/MDK-ARM/MDK-ARM/wolfSSL/cert_data.h
similarity index 95%
rename from IDE/MDK-ARM/MDK-ARM/CyaSSL/cert_data.h
rename to IDE/MDK-ARM/MDK-ARM/wolfSSL/cert_data.h
index 6629ee051..d06afdd1d 100644
--- a/IDE/MDK-ARM/MDK-ARM/CyaSSL/cert_data.h
+++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/cert_data.h
@@ -1,5 +1,5 @@
-#ifndef CYASSL_CERT_DATA_H
-#define CYASSL_CERT_DATA_H
+#ifndef WOLFSSL_CERT_DATA_H
+#define WOLFSSL_CERT_DATA_H
 
 #ifdef USE_CERT_BUFFERS_1024
 extern const unsigned char client_key_der_1024[]  ;
diff --git a/IDE/MDK-ARM/MDK-ARM/CyaSSL/main.c b/IDE/MDK-ARM/MDK-ARM/wolfSSL/main.c
similarity index 85%
rename from IDE/MDK-ARM/MDK-ARM/CyaSSL/main.c
rename to IDE/MDK-ARM/MDK-ARM/wolfSSL/main.c
index db48b833d..a12d16249 100644
--- a/IDE/MDK-ARM/MDK-ARM/CyaSSL/main.c
+++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/main.c
@@ -23,12 +23,12 @@
     #include <config.h>
 #endif
 
-#include <cyassl/ctaocrypt/visibility.h>
-#include <cyassl/ctaocrypt/logging.h>
+#include <wolfssl/wolfcrypt/visibility.h>
+#include <wolfssl/wolfcrypt/logging.h>
 
 #include <RTL.h>
 #include <stdio.h>
-#include "cyassl_MDK_ARM.h"
+#include "wolfssl_MDK_ARM.h"
 
 /*-----------------------------------------------------------------------------
  *        Initialize a Flash Memory Card
@@ -53,11 +53,11 @@ static void init_card (void)
 /*-----------------------------------------------------------------------------
  *        TCP/IP tasks
  *----------------------------------------------------------------------------*/
-#ifdef CYASSL_KEIL_TCP_NET
+#ifdef WOLFSSL_KEIL_TCP_NET
 __task void tcp_tick (void) 
 {
     
-    CYASSL_MSG("Time tick started.") ;
+    WOLFSSL_MSG("Time tick started.") ;
     #if defined (HAVE_KEIL_RTX)
     os_itv_set (10);
     #endif
@@ -73,7 +73,7 @@ __task void tcp_tick (void)
 
 __task void tcp_poll (void)
 {
-    CYASSL_MSG("TCP polling started.\n") ;
+    WOLFSSL_MSG("TCP polling started.\n") ;
     while (1) {
         main_TcpNet ();
         #if defined (HAVE_KEIL_RTX)
@@ -83,13 +83,13 @@ __task void tcp_poll (void)
 }
 #endif
 
-#if defined(HAVE_KEIL_RTX) && defined(CYASSL_MDK_SHELL)
+#if defined(HAVE_KEIL_RTX) && defined(WOLFSSL_MDK_SHELL)
 #define SHELL_STACKSIZE 1000
 static unsigned char Shell_stack[SHELL_STACKSIZE] ;
 #endif
 
 
-#if  defined(CYASSL_MDK_SHELL)
+#if  defined(WOLFSSL_MDK_SHELL)
 extern void shell_main(void) ;
 #endif
 
@@ -104,14 +104,14 @@ extern void SER_Init(void) ;
 /*** This is the parent task entry ***/
 void main_task (void) 
 {
-    #ifdef CYASSL_KEIL_TCP_NET
+    #ifdef WOLFSSL_KEIL_TCP_NET
     init_TcpNet ();
 
     os_tsk_create (tcp_tick, 2);
     os_tsk_create (tcp_poll, 1);
     #endif
     
-    #ifdef CYASSL_MDK_SHELL 
+    #ifdef WOLFSSL_MDK_SHELL 
         #ifdef  HAVE_KEIL_RTX
            os_tsk_create_user(shell_main, 1, Shell_stack, SHELL_STACKSIZE) ;
        #else
@@ -127,7 +127,7 @@ void main_task (void)
     #endif 
 
     #ifdef   HAVE_KEIL_RTX
-    CYASSL_MSG("Terminating tcp_main\n") ;
+    WOLFSSL_MSG("Terminating tcp_main\n") ;
     os_tsk_delete_self ();
     #endif
 
@@ -137,28 +137,24 @@ void main_task (void)
     int myoptind = 0;
     char* myoptarg = NULL;
 
-#if defined(DEBUG_CYASSL)
-    extern void CyaSSL_Debugging_ON(void) ;
+#if defined(DEBUG_WOLFSSL)
+    extern void wolfSSL_Debugging_ON(void) ;
 #endif
 
 
 /*** main entry ***/
-extern void init_time(void) ;
 extern void 	SystemInit(void);
 
 int main() {
 
     SystemInit();  
-    SER_Init() ;
     #if !defined(NO_FILESYSTEM)
     init_card () ;     /* initializing SD card */
     #endif
 
-    init_time() ;
-
-    #if defined(DEBUG_CYASSL)
+    #if defined(DEBUG_WOLFSSL)
          printf("Turning ON Debug message\n") ;
-         CyaSSL_Debugging_ON() ;
+         wolfSSL_Debugging_ON() ;
     #endif
     
     #ifdef   HAVE_KEIL_RTX
diff --git a/IDE/MDK-ARM/MDK-ARM/CyaSSL/shell.c b/IDE/MDK-ARM/MDK-ARM/wolfSSL/shell.c
similarity index 90%
rename from IDE/MDK-ARM/MDK-ARM/CyaSSL/shell.c
rename to IDE/MDK-ARM/MDK-ARM/wolfSSL/shell.c
index 58b645e0e..446efbe20 100644
--- a/IDE/MDK-ARM/MDK-ARM/CyaSSL/shell.c
+++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/shell.c
@@ -19,26 +19,26 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
  */
  
- /*** tiny Shell for CyaSSL apps ***/
+ /*** tiny Shell for wolfSSL apps ***/
  
  #ifdef HAVE_CONFIG_H
     #include <config.h>
 #endif
 
-#include "cyassl/internal.h"
-#undef RNG
-#include <cyassl/ctaocrypt/logging.h>
+#include <wolfssl/wolfcrypt/logging.h>
 
-#if defined(CYASSL_MDK_ARM)
+#include <stdio.h>
+
+#if defined(WOLFSSL_MDK_ARM)
     #include <stdio.h>
     #include <string.h>
     #include <stdlib.h>
     #include <rtl.h>
-    #include "cyassl_MDK_ARM.h"
+    #include "wolfssl_MDK_ARM.h"
 #endif
 
-#ifdef CYASSL_KEIL_NET
-#include "cyassl/test.h"
+#ifdef WOLFSSL_KEIL_NET
+#include "wolfassl/test.h"
 #else
 typedef struct func_args {
     int    argc;
@@ -66,7 +66,7 @@ typedef struct func_args {
 #define ctaocrypt_test command_not_found
 #endif
 
-#ifndef CYASSL_KEIL_NET
+#ifndef WOLFSSL_KEIL_NET
 #define ipaddr_comm command_not_found
 #endif
 
@@ -75,7 +75,7 @@ typedef struct func_args {
 #endif
 
 
-#if !defined(DEBUG_CYASSL)
+#if !defined(DEBUG_WOLFSSL)
 #define dbg_comm command_not_found
 #endif
 
@@ -87,11 +87,11 @@ void command_not_found(void *argv) {
 extern void echoclient_test(void *args) ;
 extern void echoserver_test(void *args) ;
 extern void benchmark_test(void *args) ;
-extern void ctaocrypt_test(void *args) ;
+extern void wolfcrypt_test(void *args) ;
 extern void client_test(void *args) ;
 extern void server_test(void *args) ;
 extern void kill_task(void *args) ;
-extern void time_main(void *args) ;
+
 extern void ipaddr_comm(void *args) ;
 extern void stack_comm(void *args) ;
 extern void for_command(void *args) ;
@@ -103,7 +103,7 @@ extern void help_comm(void *arg) ;
 #ifndef NO_MD5
 extern void md5_test(void *arg) ;
 #endif
-#ifdef CYASSL_MD2
+#ifdef WOLFSSL_MD2
 extern void md2_test(void *arg) ;
 #endif
 #ifndef NO_MD4
@@ -115,15 +115,15 @@ extern void sha_test(void *arg) ;
 #ifndef NO_SHA256
 extern void sha256_test(void *arg) ;
 #endif
-#ifdef CYASSL_SHA384
+#ifdef WOLFSSL_SHA384
 extern void sha384_test(void *arg) ;
 #endif
 
-#ifdef CYASSL_SHA512
+#ifdef WOLFSSL_SHA512
 extern void sha512_test(void *arg) ;
 #endif
 
-#ifdef CYASSL_RIPEMD
+#ifdef WOLFSSL_RIPEMD
 extern void ripemd_test(void *arg) ;
 #endif
 #ifndef NO_HMAC
@@ -136,7 +136,7 @@ extern void hmac_sha_test(void *arg) ;
 extern void hmac_sha256_test(void *arg) ;
     #endif
 
-    #ifdef CYASSL_SHA384
+    #ifdef WOLFSSL_SHA384
 extern void hmac_sha384_test(void *arg) ;
     #endif
 #endif
@@ -206,10 +206,9 @@ static struct {
     "echoclient", echoclient_test,
     "echoserver", echoserver_test,
     "benchmark", benchmark_test,
-    "test", ctaocrypt_test,
+    "test", wolfcrypt_test,
     "client", client_test,
     "server", server_test,
-    "time", time_main,          /* get/set RTC:  [-d yy/mm/dd] [-t hh:mm:ss]*/
     "ipaddr", ipaddr_comm,      /* TBD */
     "stack", stack_comm,        /* On/Off check stack size */
     "for", for_command,         /* iterate next command X times */
@@ -220,7 +219,7 @@ static struct {
     "ec", echoclient_test,
     "es", echoserver_test,
     "bm", benchmark_test,
-    "te", ctaocrypt_test,
+    "te", wolfcrypt_test,
     "cl", client_test,
     "sv", server_test,
     "ip", ipaddr_comm,
@@ -233,7 +232,7 @@ static struct {
 #ifndef NO_MD5
   "md5",  md5_test,
 #endif
-#ifdef CYASSL_MD2
+#ifdef WOLFSSL_MD2
   "md2",  md2_test,
 #endif
 #ifndef NO_MD4
@@ -243,13 +242,13 @@ static struct {
 #ifndef NO_SHA256
   "sha256",  sha256_test,
 #endif
-#ifdef CYASSL_SHA384
+#ifdef WOLFSSL_SHA384
   "sha384",  sha384_test,
 #endif
-#ifdef CYASSL_SHA512
+#ifdef WOLFSSL_SHA512
   "sha512",  sha512_test,
 #endif
-#ifdef CYASSL_RIPEMD
+#ifdef WOLFSSL_RIPEMD
   "ripemd",  ripemd_test,
 #endif
 #ifndef NO_HMAC
@@ -260,7 +259,7 @@ static struct {
     #ifndef NO_SHA256
   "hmac_sha256",  hmac_sha256_test,
     #endif
-    #ifdef CYASSL_SHA384
+    #ifdef WOLFSSL_SHA384
   "hmac_sha384",  hmac_sha384_test,
   #endif
 #endif
@@ -362,18 +361,18 @@ static int BackGround = 0 ; /* 1: background job is running */
 /************* Embedded Shell Commands **********************************/
 #define IP_SIZE 16
 
-#ifdef CYASSL_KEIL_NET
+#ifdef WOLFSSL_KEIL_NET
 static void ipaddr_comm(void *args) 
 {
     if(((func_args *)args)->argc == 1) {
-            printf("IP addr: %s, port %d\n", yasslIP, yasslPort) ;
+            printf("IP addr: %s, port %d\n", wolfSSLIP, wolfSSLPort) ;
     } else {
         if(BackGround != 0) {
         printf("Cannot change IP addr while background server is running\n") ;
         } else if(((func_args *)args)->argc == 3 && 
                   ((func_args *)args)->argv[1][0] == '-'&& 
                   ((func_args *)args)->argv[1][1] == 'a' ) {
-/*          strcpy(yasslIP, ((func_args *)args)->argv[2]) ; */
+/*          strcpy(wolfSSLIP, ((func_args *)args)->argv[2]) ; */
         } else if(((func_args *)args)->argc == 3 && 
                   ((func_args *)args)->argv[1][0] == '-' && 
                   ((func_args *)args)->argv[1][1] == 'p' ) {
@@ -442,20 +441,20 @@ static void for_command(void *args)
 }
 
 
-#if defined(DEBUG_CYASSL)
+#if defined(DEBUG_WOLFSSL)
 
-static int CyasslDebug = 1 ;
+static int wolfsslDebug = 1 ;
 
 static void dbg_comm(void *args) 
 {
-    if(CyasslDebug == 1) {
-        CyasslDebug = 0 ;
+    if(wolfsslDebug == 1) {
+        wolfsslDebug = 0 ;
         printf("Turning OFF Debug message\n") ;
-        CyaSSL_Debugging_OFF() ;
+        wolfSSL_Debugging_OFF() ;
     } else {
-        CyasslDebug = 1 ;
+        wolfsslDebug = 1 ;
         printf("Turning ON Debug message\n") ;
-        CyaSSL_Debugging_ON() ;
+        wolfSSL_Debugging_ON() ;
     }
 }
 #endif
@@ -467,20 +466,20 @@ static void help_comm(void *args)
 
 
 
-#define BG_JOB_STACK_SIZE 12000
+#define BG_JOB_STACK_SIZE 16000
 #if (!defined(NO_SIMPLE_SERVER) && !defined(NO_ECHOSERVER)) && \
                                                    defined(HAVE_KEIL_RTX)
 static char bg_job_stack[BG_JOB_STACK_SIZE] ;
 #endif
 
-#define COMMAND_STACK_SIZE 12000
+#define COMMAND_STACK_SIZE 16000
 #if defined(HAVE_KEIL_RTX)
 static char command_stack[COMMAND_STACK_SIZE] ;
 #endif
 
 
 #ifdef  HAVE_KEIL_RTX
-static   CyaSSL_Mutex command_mutex ;
+static   wolfSSL_Mutex command_mutex ;
 #endif
 
 /***********    Invoke Forground Command  *********************/
@@ -491,7 +490,7 @@ static void command_invoke(void *args)
 
     func = (void(*)(void *))((func_args *)args)->argv[0] ; 
     #ifdef  HAVE_KEIL_RTX
-    LockMutex((CyaSSL_Mutex *)&command_mutex) ;
+    LockMutex((wolfSSL_Mutex *)&command_mutex) ;
     #endif
     iteration = for_iteration ;
     for(i=0; i< iteration; i++) {
@@ -509,7 +508,7 @@ static void command_invoke(void *args)
     if(iteration > 1) 
         for_iteration = 1 ;
     #ifdef HAVE_KEIL_RTX
-    UnLockMutex((CyaSSL_Mutex *)&command_mutex) ;
+    UnLockMutex((wolfSSL_Mutex *)&command_mutex) ;
     os_tsk_delete_self() ;
     #endif
 }
@@ -525,7 +524,7 @@ static void bg_job_invoke(void *args)
     func = (void(*)(void *))((func_args *)args)->argv[0] ; 
     func(args) ;        /* invoke command */
     stack_check(bg_job_stack, BG_JOB_STACK_SIZE) ;
-    #ifdef CYASSL_KEIL_NET
+    #ifdef WOLFSSL_KEIL_NET
     init_TcpNet ();
     #endif
     BackGround = 0 ;
@@ -550,7 +549,6 @@ void shell_main(void) {
  #if defined(HAVE_KEIL_RTX)
     InitMutex(&command_mutex) ;
 #endif
-    time_main(NULL) ;
     printf("Starting Shell\n") ;
     while(1) {
         if(getline(line,  LINESIZE, &args, &bf_flg) > 0) {
@@ -559,14 +557,14 @@ void shell_main(void) {
             args.argv[0] = (char *) commandTable[i].func ;
                 if(bf_flg == FORGROUND) {
                     #ifdef  HAVE_KEIL_RTX
-                    UnLockMutex((CyaSSL_Mutex *)&command_mutex) ;
+                    UnLockMutex((wolfSSL_Mutex *)&command_mutex) ;
                     os_tsk_create_user_ex( (void(*)(void *))&command_invoke, 7,
                             command_stack, COMMAND_STACK_SIZE, &args) ;
                     #else
                     command_invoke(&args) ;
                     #endif
                     #ifdef  HAVE_KEIL_RTX
-                    LockMutex((CyaSSL_Mutex *)&command_mutex) ;
+                    LockMutex((wolfSSL_Mutex *)&command_mutex) ;
                     #endif
                 } else {
                     #if (!defined(NO_SIMPLE_SERVER) && \
diff --git a/IDE/MDK-ARM/MDK-ARM/CyaSSL/ssl-dummy.c b/IDE/MDK-ARM/MDK-ARM/wolfSSL/time-CortexM3-4.c
similarity index 61%
rename from IDE/MDK-ARM/MDK-ARM/CyaSSL/ssl-dummy.c
rename to IDE/MDK-ARM/MDK-ARM/wolfSSL/time-CortexM3-4.c
index aee366966..ca5046138 100644
--- a/IDE/MDK-ARM/MDK-ARM/CyaSSL/ssl-dummy.c
+++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/time-CortexM3-4.c
@@ -1,4 +1,4 @@
-/* ssl-dummy.c
+/* time-STM32F2.c
  *
  * Copyright (C) 2006-2015 wolfSSL Inc.
  *
@@ -18,36 +18,24 @@
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
  */
-
+ 
 #ifdef HAVE_CONFIG_H
     #include <config.h>
 #endif
 
-#include <cyassl/ssl.h>
-#include <cyassl/internal.h>
-#include <cyassl/error-ssl.h>
-#include <cyassl/ctaocrypt/coding.h>
 
-Signer* GetCA(void* vp, byte* hash) 
-{ 
-    Signer*s ;
-    return  s ;
-}
-
-int CyaSSL_dtls(CYASSL* ssl)
+#include <stdint.h>       
+#define DWT                 ((DWT_Type       *)     (0xE0001000UL)     ) 
+typedef struct
 {
-    return ssl->options.dtls;
-}
+  uint32_t CTRL;                    /*!< Offset: 0x000 (R/W)  Control Register                          */
+  uint32_t CYCCNT;                  /*!< Offset: 0x004 (R/W)  Cycle Count Register                      */
+} DWT_Type;
 
-int CyaSSL_get_using_nonblock(CYASSL* ssl)
-{
-    CYASSL_ENTER("CyaSSL_get_using_nonblock");
-    CYASSL_LEAVE("CyaSSL_get_using_nonblock", ssl->options.usingNonblock);
-    return ssl->options.usingNonblock;
-}
+extern uint32_t SystemCoreClock ;
 
-Signer* GetCAByName(void* vp, byte* hash)
+double current_time(int reset) 
 {
-    Signer * ca ;
-    return(ca) ;
+      if(reset) DWT->CYCCNT = 0 ;
+      return ((double)DWT->CYCCNT/SystemCoreClock) ;
 }
diff --git a/IDE/MDK-ARM/MDK-ARM/CyaSSL/config.h b/IDE/MDK-ARM/MDK-ARM/wolfSSL/time-dummy.c
similarity index 56%
rename from IDE/MDK-ARM/MDK-ARM/CyaSSL/config.h
rename to IDE/MDK-ARM/MDK-ARM/wolfSSL/time-dummy.c
index fff7a5ab8..ba1a6a734 100644
--- a/IDE/MDK-ARM/MDK-ARM/CyaSSL/config.h
+++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/time-dummy.c
@@ -1,4 +1,4 @@
-/* config.h
+/* time-dummy.c.c
  *
  * Copyright (C) 2006-2015 wolfSSL Inc.
  *
@@ -16,31 +16,19 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
  */
-
-
-/**** CyaSSL for KEIL-RL Configuration ****/
-
-#define __CORTEX_M3__
-#define CYASSL_MDK_ARM
-#define NO_WRITEV
-#define NO_CYASSL_DIR
-
-/* for Retarget.c */
-#define  STDIO
-#define BENCH_EMBEDDED
-
-#define CYASSL_DER_LOAD
-#define HAVE_NULL_CIPHER
-
-#if    defined(MDK_CONF_RTX_TCP_FS)
-#include "config-RTX-TCP-FS.h"
-#elif  defined(MDK_CONF_TCP_FS)
-#include "config-TCP-FS.h"
-#elif  defined(MDK_CONF_FS)
-#include "config-FS.h"
-#elif  defined(MDK_CONF_BARE_METAL)
-#include "config-BARE-METAL.h"
+ 
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
 #endif
 
+#include "time.h"
+
+struct tm *wolfssl_MDK_gmtime(const time_t *c) 
+{ 
+    static struct tm date ; 
+    return(&date) ;
+}
+
+time_t time(time_t * t) { return 0 ; }
diff --git a/IDE/MDK-ARM/MDK-ARM/CyaSSL/cyassl_MDK_ARM.c b/IDE/MDK-ARM/MDK-ARM/wolfSSL/wolfssl_MDK_ARM.c
similarity index 71%
rename from IDE/MDK-ARM/MDK-ARM/CyaSSL/cyassl_MDK_ARM.c
rename to IDE/MDK-ARM/MDK-ARM/wolfSSL/wolfssl_MDK_ARM.c
index 23ca2f63c..ab71b87ab 100644
--- a/IDE/MDK-ARM/MDK-ARM/CyaSSL/cyassl_MDK_ARM.c
+++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/wolfssl_MDK_ARM.c
@@ -1,4 +1,4 @@
-/* cyassl_MDK_ARM.c
+/* wolfssl_KEIL_RL.c
     *
     * Copyright (C) 2006-2015 wolfSSL Inc.
     *
@@ -27,22 +27,29 @@
     #include <config.h>
 #endif
 
-#include <stdio.h>
-#if defined (CYASSL_MDK5)
-    #include "cmsis_os.h"
-    #if defined(CYASSL_KEIL_TCP_NET)
-        #include "rl_net.h"
-    #endif
-#else
-    #include <rtl.h>
+#include <wolfssl/wolfcrypt/settings.h>
+
+#if defined(WOLFSSL_MDK_ARM)
+        #include <stdio.h>
+        #include <string.h>
+
+        #if defined(WOLFSSL_MDK5)
+            #include "cmsis_os.h"
+            #include "rl_fs.h" 
+            #include "rl_net.h" 
+        #else
+            #include "rtl.h"
+        #endif
+
+        #include "wolfssl_MDK_ARM.h"
 #endif
 
-#include "cyassl_MDK_ARM.h"
+#include "wolfssl_MDK_ARM.h"
 
-#include <cyassl/ctaocrypt/visibility.h>
-#include <cyassl/ctaocrypt/logging.h>
+#include <wolfssl/wolfcrypt/visibility.h>
+#include <wolfssl/wolfcrypt/logging.h>
 
-#if defined (CYASSL_CMSIS_RTOS)
+#if defined (WOLFSSL_CMSIS_RTOS)
         #define os_dly_wait(t)    osDelay(10*t)
 #endif
 
@@ -50,7 +57,7 @@
 /** KEIL-RL TCPnet ****/
 /** TCPnet BSD socket does not have following functions. **/
 
-#if defined(CYASSL_KEIL_TCP_NET)
+#if defined(WOLFSSL_KEIL_TCP_NET)
 char *inet_ntoa(struct in_addr in) 
 {
     #define NAMESIZE 16
@@ -69,10 +76,10 @@ unsigned long inet_addr(const char *cp)
 
 
 /*** tcp_connect is actually associated with following syassl_tcp_connect. ***/
-int Cyassl_connect(int sd, const  struct sockaddr* sa, int sz) 
+int wolfssl_connect(int sd, const  struct sockaddr* sa, int sz) 
 {
     int ret = 0 ;
-    #if defined(CYASSL_KEIL_TCP_NET)  
+    #if defined(WOLFSSL_KEIL_TCP_NET)  
     
     SOCKADDR_IN addr ;
 
@@ -83,100 +90,100 @@ int Cyassl_connect(int sd, const  struct sockaddr* sa, int sz)
         ret = connect(sd, (SOCKADDR *)&addr, sizeof(addr)) ;
         os_dly_wait(50);
     } while(ret == SCK_EWOULDBLOCK) ;
-    #ifdef DEBUG_CYASSL
+    #ifdef DEBUG_WOLFSSL
     { 
         char msg[50] ;
         sprintf(msg, "BSD Connect return code: %d\n", ret) ;
-        CYASSL_MSG(msg) ;
+        WOLFSSL_MSG(msg) ;
     }
     #endif
     
-    #endif /* CYASSL_KEIL_TCP_NET */
+    #endif /* WOLFSSL_KEIL_TCP_NET */
     return(ret ) ;
 }
 
 
-int Cyassl_accept(int sd, struct sockaddr *addr, int *addrlen) 
+int wolfssl_accept(int sd, struct sockaddr *addr, int *addrlen) 
 {
     int ret = 0 ;
 
-    #if defined(CYASSL_KEIL_TCP_NET)
+    #if defined(WOLFSSL_KEIL_TCP_NET)
     while(1) {
         #undef accept  /* Go to KEIL TCPnet accept */
         ret = accept(sd, addr,  addrlen) ;
         if(ret != SCK_EWOULDBLOCK) break ;
         os_dly_wait(1);
     } 
-    #ifdef DEBUG_CYASSL
+    #ifdef DEBUG_WOLFSSL
     {
         char msg[50] ;
         sprintf(msg, "BSD Accept return code: %d\n", ret) ;
-        CYASSL_MSG(msg) ;   
+        WOLFSSL_MSG(msg) ;   
     }
     #endif
     
-    #endif /* CYASSL_KEIL_TCP_NET */
+    #endif /* WOLFSSL_KEIL_TCP_NET */
     return(ret ) ;
 
 }
     
-int Cyassl_recv(int sd, void *buf, size_t len, int flags) 
+int wolfssl_recv(int sd, void *buf, size_t len, int flags) 
 {
     int ret  = 0;
-    #if defined(CYASSL_KEIL_TCP_NET)  
+    #if defined(WOLFSSL_KEIL_TCP_NET)  
     while(1) {
         #undef recv  /* Go to KEIL TCPnet recv */
         ret = recv(sd, buf, len,  flags) ;
         if((ret != SCK_EWOULDBLOCK) &&( ret != SCK_ETIMEOUT)) break ;
         os_dly_wait(1);
     }
-    #ifdef DEBUG_CYASSL
+    #ifdef DEBUG_WOLFSSL
     {       
         char msg[50] ;
         sprintf(msg, "BSD Recv return code: %d\n", ret) ;
-        CYASSL_MSG(msg) ;   
+        WOLFSSL_MSG(msg) ;   
     }
     #endif
 
-    #endif  /* CYASSL_KEIL_TCP_NET */
+    #endif  /* WOLFSSL_KEIL_TCP_NET */
     return(ret ) ;
 }
 
-int Cyassl_send(int sd, const void *buf, size_t len, int flags) 
+int wolfssl_send(int sd, const void *buf, size_t len, int flags) 
 {
     int  ret = 0 ;
 
-    #if defined(CYASSL_KEIL_TCP_NET)  
+    #if defined(WOLFSSL_KEIL_TCP_NET)  
     while(1) {
     #undef send  /* Go to KEIL TCPnet send */
         ret = send(sd, buf, len,  flags) ;
         if(ret != SCK_EWOULDBLOCK) break ;
         os_dly_wait(1);
     } 
-    #ifdef DEBUG_CYASSL
+    #ifdef DEBUG_WOLFSSL
     {
         char msg[50] ;
         sprintf(msg, "BSD Send return code: %d\n", ret) ;
-        CYASSL_MSG(msg) ;   
+        WOLFSSL_MSG(msg) ;   
     }
     #endif
 
-#endif  /* CYASSL_KEIL_TCP_NET */
+#endif  /* WOLFSSL_KEIL_TCP_NET */
     return(ret) ;
 
 }
 
-#endif /* CYASSL_KEIL_TCP_NET */
+#endif /* WOLFSSL_KEIL_TCP_NET */
 
-#if defined(CYASSL_KEIL_TCP_NET)  
-void Cyassl_sleep(int t) 
+#if defined(WOLFSSL_KEIL_TCP_NET)  
+void wolfssl_sleep(int t) 
 {
     #if defined(HAVE_KEIL_RTX)
     os_dly_wait(t/1000+1) ;
     #endif
 }
 
-int Cyassl_tcp_select(int sd, int timeout) 
+int wolfssl_tcp_select(int sd, int timeout) 
 {
     
     return 0 ;
@@ -184,9 +191,7 @@ int Cyassl_tcp_select(int sd, int timeout)
 }
 #endif
 
-extern int strlen(const char *s) ;
-
-FILE * CyaSSL_fopen(const char *name, const char *openmode) 
+FILE * wolfSSL_fopen(const char *name, const char *openmode) 
 {
     int i ;  FILE * ret ;
     #define PATHSIZE 100
@@ -206,30 +211,23 @@ FILE * CyaSSL_fopen(const char *name, const char *openmode)
     return(ret) ;
 }
 
-#if defined (CYASSL_MDK5)
 #define getkey getchar
 #define sendchar putchar
-#else
-extern int getkey(void) ;
-extern int sendchar(int c) ;
-#endif
 
-char * Cyassl_fgets ( char * str, int num, FILE * f ) 
+char * wolfssl_fgets ( char * str, int num, FILE * f ) 
 {
     int i ;
     
     for(i = 0 ; i< num ; i++) {
             while((str[i] = getkey()) == 0) {
-            #if defined (HAVE_KEIL_RTX) 
-						    #if !defined(CYASSL_CMSIS_RTOS)
-                    os_tsk_pass ();
-					      #else 
-                    osThreadYield ();
-                #endif
-				    #endif
+            #if defined (HAVE_KEIL_RTX) && !defined(WOLFSSL_CMSIS_RTOS)
+                os_tsk_pass ();
+            #elif defined(WOLFSSL_CMSIS_RTOS)
+                osThreadYield ();
+            #endif
         }
         if(str[i] == '\n' || str[i] == '\012' || str[i] == '\015')  {
-            sendchar('\n') ;    
+            sendchar('\n') ;
             str[i++] = '\n' ; 
             str[i] = '\0' ; 
             break ;
diff --git a/IDE/MDK-ARM/MDK-ARM/CyaSSL/cyassl_MDK_ARM.h b/IDE/MDK-ARM/MDK-ARM/wolfSSL/wolfssl_MDK_ARM.h
similarity index 58%
rename from IDE/MDK-ARM/MDK-ARM/CyaSSL/cyassl_MDK_ARM.h
rename to IDE/MDK-ARM/MDK-ARM/wolfSSL/wolfssl_MDK_ARM.h
index dbcfcf68e..665fc62c0 100644
--- a/IDE/MDK-ARM/MDK-ARM/CyaSSL/cyassl_MDK_ARM.h
+++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/wolfssl_MDK_ARM.h
@@ -1,4 +1,4 @@
-/* cyassl_KEIL_RL.h
+/* wolfssl_KEIL_RL.h
  *
  * Copyright (C) 2006-2015 wolfSSL Inc.
  *
@@ -22,16 +22,16 @@
 /******************************************************************************/
 /**   This file is for defining types, values for specific to KEIL-MDK-ARM.  **/
 /******************************************************************************/
-#ifndef CYASSL_KEIL_RL_H
-#define CYASSL_KEIL_RL_H
+#ifndef WOLFSSL_KEIL_RL_H
+#define WOLFSSL_KEIL_RL_H
 
 
 
 #include <stdio.h>
 
 /* Go to STDIN */
-#define fgets(buff, sz, fd)   Cyassl_fgets(buff, sz, fd) 
-extern char * Cyassl_fgets ( char * str, int num, FILE * f ) ;
+#define fgets(buff, sz, fd)   wolfssl_fgets(buff, sz, fd) 
+extern char * wolfssl_fgets ( char * str, int num, FILE * f ) ;
 
 #define SOCKET_T int
 
@@ -43,7 +43,7 @@ typedef long fd_mask;
 #define NFDBITS   (sizeof(fd_mask) * NUMBITSPERBYTE)  /* bits per mask */
 
 typedef struct fd_set {
-  fd_mask fds_bits[(FD_SETSIZE + NFDBITS - 1) / NFDBITS];
+    fd_mask fds_bits[(FD_SETSIZE + NFDBITS - 1) / NFDBITS];
 } fd_set;
 
 /*** #include <sys/types.h> ***/
@@ -52,39 +52,37 @@ struct timeval {
    long tv_usec;    /* microseconds */
 };
 
+#if defined(WOLFSSL_KEIL_TCP_NET) 
 
-/***  #include <unistd.h>  **/
-/*
- int select(int nfds, fd_set *readfds, fd_set *writefds,
-            fd_set *exceptfds, const struct timeval *timeout);
-  void FD_CLR(int fd, fd_set *set);
-  int  FD_ISSET(int fd, fd_set *set);
-  void FD_SET(int fd, fd_set *set);
-  void FD_ZERO(fd_set *set);
-*/
+#if defined(WOLFSSL_MDK5)
+#define SCK_EWOULDBLOCK     BSD_ERROR_WOULDBLOCK
+#define SCK_ETIMEOUT        BSD_ERROR_TIMEOUT
+#include "rl_net.h" 
+#endif
+ 
 typedef int socklen_t ;
 
 /* for avoiding conflict with KEIL-TCPnet BSD socket */
-/* Bodies are in cyassl_KEIL_RL.c                    */
-#define connect             Cyassl_connect
-#define accept              Cyassl_accept
-#define recv                Cyassl_recv
-#define send                Cyassl_send
-#define sleep               Cyassl_sleep
+/* Bodies are in wolfssl_KEIL_RL.c                    */
+#define connect(a,b,c)             wolfssl_connect(a,  (struct sockaddr* )(b), c) 
+#define accept              wolfssl_accept
+#define recv                wolfssl_recv
+#define send                wolfssl_send
+#define sleep               wolfssl_sleep
 
 /* for avoiding conflicting with KEIL-TCPnet TCP socket */
 /* Bodies are in test.h */
-#define tcp_connect Cyassl_tcp_connect    
-#define tcp_socket    Cyassl_tcp_soket
-#define tcp_listen      Cyassl_tcp_listen
-#define tcp_select     Cyassl_tcp_select
+#define tcp_connect wolfssl_tcp_connect    
+#define tcp_socket    wolfssl_tcp_soket
+#define tcp_listen      wolfssl_tcp_listen
+#define tcp_select     wolfssl_tcp_select
 
-extern int Cyassl_connect(int sd, const struct sockaddr * sa, int sz) ;
-extern int Cyassl_accept(int sd, struct sockaddr *addr, socklen_t *addrlen);
-extern int Cyassl_recv(int sd, void *buf, size_t len, int flags);
-extern int Cyassl_send(int sd, const void *buf, size_t len, int flags);
-extern void Cyassl_sleep(int sec) ;
-extern int Cyassl_tcp_select(int sd, int timeout) ;
+extern int wolfssl_connect(int sd,  const  struct sockaddr* sa, 	int sz) ;
+extern int wolfssl_accept(int sd, struct sockaddr*addr, socklen_t *addrlen);
+extern int wolfssl_recv(int sd, void *buf, size_t len, int flags);
+extern int wolfssl_send(int sd, const void *buf, size_t len, int flags);
+extern void wolfssl_sleep(int sec) ;
+extern int wolfssl_tcp_select(int sd, int timeout) ;
 
 /** KEIL-RL TCPnet ****/
 /* TCPnet BSD socket does not have following functions. */
@@ -95,9 +93,6 @@ extern int setsockopt(int sockfd, int level, int optname,
 extern int select(int nfds, fd_set *readfds, fd_set *writefds,
                           fd_set *exceptfds, const struct timeval *timeout);
 
-/* CyaSSL MDK-ARM time functions */
-#include <time.h>
-struct tm *Cyassl_MDK_gmtime(const time_t *c) ;
-extern double current_time(void) ;
+#endif /* WOLFSSL_KEIL_TCP_NET */
 
-#endif /* CYASSL_KEIL_RL_H */
+#endif /* WOLFSSL_KEIL_RL_H */
diff --git a/IDE/MDK-ARM/Projects/MDK-ARM-LPC43xx.uvproj b/IDE/MDK-ARM/Projects/MDK-ARM-LPC43xx.uvproj
deleted file mode 100644
index 6504d782a..000000000
--- a/IDE/MDK-ARM/Projects/MDK-ARM-LPC43xx.uvproj
+++ /dev/null
@@ -1,3510 +0,0 @@
-<?xml version="1.0" encoding="UTF-8" standalone="no" ?>
-<Project xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="project_proj.xsd">
-
-  <SchemaVersion>1.1</SchemaVersion>
-
-  <Header>### uVision Project, (C) Keil Software</Header>
-
-  <Targets>
-    <Target>
-      <TargetName>MDK-RTX-TCP-FS</TargetName>
-      <ToolsetNumber>0x4</ToolsetNumber>
-      <ToolsetName>ARM-ADS</ToolsetName>
-      <TargetOption>
-        <TargetCommonOption>
-          <Device>LPC4357</Device>
-          <Vendor>NXP (founded by Philips)</Vendor>
-          <Cpu>IRAM(0x10000000-0x10007FFF) IRAM2(0x20000000-0x2000FFFF) IROM(0x1A000000-0x1A07FFFF) IROM2(0x1B000000-0x1B07FFFF) CLOCK(12000000) CPUTYPE("Cortex-M4") FPU2</Cpu>
-          <FlashUtilSpec></FlashUtilSpec>
-          <StartupFile>"STARTUP\NXP\LPC43xx\startup_LPC43xx.s" ("NXP LPC43xx Startup Code")</StartupFile>
-          <FlashDriverDll>UL2CM3(-O975 -S0 -C0 -FO7 -FD10000000 -FC800 -FN2 -FF0LPC18xx43xx_512_BA -FS01A000000 -FL080000 -FF1LPC18xx43xx_512_BB -FS11B000000 -FL180000)</FlashDriverDll>
-          <DeviceId>6414</DeviceId>
-          <RegisterFile>LPC43xx.H</RegisterFile>
-          <MemoryEnv></MemoryEnv>
-          <Cmp></Cmp>
-          <Asm></Asm>
-          <Linker></Linker>
-          <OHString></OHString>
-          <InfinionOptionDll></InfinionOptionDll>
-          <SLE66CMisc></SLE66CMisc>
-          <SLE66AMisc></SLE66AMisc>
-          <SLE66LinkerMisc></SLE66LinkerMisc>
-          <SFDFile>SFD\NXP\LPC43xx\LPC43xx.SFR</SFDFile>
-          <UseEnv>0</UseEnv>
-          <BinPath></BinPath>
-          <IncludePath></IncludePath>
-          <LibPath></LibPath>
-          <RegisterFilePath>NXP\LPC43xx\</RegisterFilePath>
-          <DBRegisterFilePath>NXP\LPC43xx\</DBRegisterFilePath>
-          <TargetStatus>
-            <Error>0</Error>
-            <ExitCodeStop>0</ExitCodeStop>
-            <ButtonStop>0</ButtonStop>
-            <NotGenerated>0</NotGenerated>
-            <InvalidFlash>1</InvalidFlash>
-          </TargetStatus>
-          <OutputDirectory>.\MDK-RTX-TCP-FS\</OutputDirectory>
-          <OutputName>LCP43xx-MDK-RTX-TCP-FS</OutputName>
-          <CreateExecutable>1</CreateExecutable>
-          <CreateLib>0</CreateLib>
-          <CreateHexFile>0</CreateHexFile>
-          <DebugInformation>1</DebugInformation>
-          <BrowseInformation>1</BrowseInformation>
-          <ListingPath>.\Lst\</ListingPath>
-          <HexFormatSelection>1</HexFormatSelection>
-          <Merge32K>0</Merge32K>
-          <CreateBatchFile>0</CreateBatchFile>
-          <BeforeCompile>
-            <RunUserProg1>0</RunUserProg1>
-            <RunUserProg2>0</RunUserProg2>
-            <UserProg1Name></UserProg1Name>
-            <UserProg2Name></UserProg2Name>
-            <UserProg1Dos16Mode>0</UserProg1Dos16Mode>
-            <UserProg2Dos16Mode>0</UserProg2Dos16Mode>
-            <nStopU1X>0</nStopU1X>
-            <nStopU2X>0</nStopU2X>
-          </BeforeCompile>
-          <BeforeMake>
-            <RunUserProg1>0</RunUserProg1>
-            <RunUserProg2>0</RunUserProg2>
-            <UserProg1Name></UserProg1Name>
-            <UserProg2Name></UserProg2Name>
-            <UserProg1Dos16Mode>0</UserProg1Dos16Mode>
-            <UserProg2Dos16Mode>0</UserProg2Dos16Mode>
-          </BeforeMake>
-          <AfterMake>
-            <RunUserProg1>1</RunUserProg1>
-            <RunUserProg2>0</RunUserProg2>
-            <UserProg1Name>$K\ARM\BIN\ElfDwT.exe !L BASEADDRESS(0x1A000000)</UserProg1Name>
-            <UserProg2Name></UserProg2Name>
-            <UserProg1Dos16Mode>0</UserProg1Dos16Mode>
-            <UserProg2Dos16Mode>0</UserProg2Dos16Mode>
-          </AfterMake>
-          <SelectedForBatchBuild>0</SelectedForBatchBuild>
-          <SVCSIdString></SVCSIdString>
-        </TargetCommonOption>
-        <CommonProperty>
-          <UseCPPCompiler>0</UseCPPCompiler>
-          <RVCTCodeConst>0</RVCTCodeConst>
-          <RVCTZI>0</RVCTZI>
-          <RVCTOtherData>0</RVCTOtherData>
-          <ModuleSelection>0</ModuleSelection>
-          <IncludeInBuild>1</IncludeInBuild>
-          <AlwaysBuild>0</AlwaysBuild>
-          <GenerateAssemblyFile>0</GenerateAssemblyFile>
-          <AssembleAssemblyFile>0</AssembleAssemblyFile>
-          <PublicsOnly>0</PublicsOnly>
-          <StopOnExitCode>3</StopOnExitCode>
-          <CustomArgument></CustomArgument>
-          <IncludeLibraryModules></IncludeLibraryModules>
-        </CommonProperty>
-        <DllOption>
-          <SimDllName>SARMCM3.DLL</SimDllName>
-          <SimDllArguments>-MPU</SimDllArguments>
-          <SimDlgDll>DCM.DLL</SimDlgDll>
-          <SimDlgDllArguments>-pCM4</SimDlgDllArguments>
-          <TargetDllName>SARMCM3.DLL</TargetDllName>
-          <TargetDllArguments>-MPU</TargetDllArguments>
-          <TargetDlgDll>TCM.DLL</TargetDlgDll>
-          <TargetDlgDllArguments>-pCM4</TargetDlgDllArguments>
-        </DllOption>
-        <DebugOption>
-          <OPTHX>
-            <HexSelection>1</HexSelection>
-            <HexRangeLowAddress>0</HexRangeLowAddress>
-            <HexRangeHighAddress>0</HexRangeHighAddress>
-            <HexOffset>0</HexOffset>
-            <Oh166RecLen>16</Oh166RecLen>
-          </OPTHX>
-          <Simulator>
-            <UseSimulator>0</UseSimulator>
-            <LoadApplicationAtStartup>1</LoadApplicationAtStartup>
-            <RunToMain>1</RunToMain>
-            <RestoreBreakpoints>1</RestoreBreakpoints>
-            <RestoreWatchpoints>1</RestoreWatchpoints>
-            <RestoreMemoryDisplay>1</RestoreMemoryDisplay>
-            <RestoreFunctions>1</RestoreFunctions>
-            <RestoreToolbox>1</RestoreToolbox>
-            <LimitSpeedToRealTime>0</LimitSpeedToRealTime>
-          </Simulator>
-          <Target>
-            <UseTarget>1</UseTarget>
-            <LoadApplicationAtStartup>1</LoadApplicationAtStartup>
-            <RunToMain>0</RunToMain>
-            <RestoreBreakpoints>1</RestoreBreakpoints>
-            <RestoreWatchpoints>1</RestoreWatchpoints>
-            <RestoreMemoryDisplay>1</RestoreMemoryDisplay>
-            <RestoreFunctions>0</RestoreFunctions>
-            <RestoreToolbox>1</RestoreToolbox>
-            <RestoreTracepoints>0</RestoreTracepoints>
-          </Target>
-          <RunDebugAfterBuild>0</RunDebugAfterBuild>
-          <TargetSelection>9</TargetSelection>
-          <SimDlls>
-            <CpuDll></CpuDll>
-            <CpuDllArguments></CpuDllArguments>
-            <PeripheralDll></PeripheralDll>
-            <PeripheralDllArguments></PeripheralDllArguments>
-            <InitializationFile></InitializationFile>
-          </SimDlls>
-          <TargetDlls>
-            <CpuDll></CpuDll>
-            <CpuDllArguments></CpuDllArguments>
-            <PeripheralDll></PeripheralDll>
-            <PeripheralDllArguments></PeripheralDllArguments>
-            <InitializationFile>..\MDK-ARM\config\Dbg_Flash.ini</InitializationFile>
-            <Driver>BIN\ULP2CM3.DLL</Driver>
-          </TargetDlls>
-        </DebugOption>
-        <Utilities>
-          <Flash1>
-            <UseTargetDll>1</UseTargetDll>
-            <UseExternalTool>0</UseExternalTool>
-            <RunIndependent>0</RunIndependent>
-            <UpdateFlashBeforeDebugging>1</UpdateFlashBeforeDebugging>
-            <Capability>1</Capability>
-            <DriverSelection>4100</DriverSelection>
-          </Flash1>
-          <bUseTDR>0</bUseTDR>
-          <Flash2>BIN\ULP2CM3.DLL</Flash2>
-          <Flash3>"" ()</Flash3>
-          <Flash4></Flash4>
-        </Utilities>
-        <TargetArmAds>
-          <ArmAdsMisc>
-            <GenerateListings>0</GenerateListings>
-            <asHll>1</asHll>
-            <asAsm>1</asAsm>
-            <asMacX>1</asMacX>
-            <asSyms>1</asSyms>
-            <asFals>1</asFals>
-            <asDbgD>1</asDbgD>
-            <asForm>1</asForm>
-            <ldLst>0</ldLst>
-            <ldmm>1</ldmm>
-            <ldXref>1</ldXref>
-            <BigEnd>0</BigEnd>
-            <AdsALst>1</AdsALst>
-            <AdsACrf>1</AdsACrf>
-            <AdsANop>0</AdsANop>
-            <AdsANot>0</AdsANot>
-            <AdsLLst>1</AdsLLst>
-            <AdsLmap>1</AdsLmap>
-            <AdsLcgr>1</AdsLcgr>
-            <AdsLsym>1</AdsLsym>
-            <AdsLszi>1</AdsLszi>
-            <AdsLtoi>1</AdsLtoi>
-            <AdsLsun>1</AdsLsun>
-            <AdsLven>1</AdsLven>
-            <AdsLsxf>1</AdsLsxf>
-            <RvctClst>0</RvctClst>
-            <GenPPlst>0</GenPPlst>
-            <AdsCpuType>"Cortex-M4"</AdsCpuType>
-            <RvctDeviceName></RvctDeviceName>
-            <mOS>1</mOS>
-            <uocRom>0</uocRom>
-            <uocRam>0</uocRam>
-            <hadIROM>1</hadIROM>
-            <hadIRAM>1</hadIRAM>
-            <hadXRAM>0</hadXRAM>
-            <uocXRam>0</uocXRam>
-            <RvdsVP>1</RvdsVP>
-            <hadIRAM2>1</hadIRAM2>
-            <hadIROM2>1</hadIROM2>
-            <StupSel>8</StupSel>
-            <useUlib>0</useUlib>
-            <EndSel>0</EndSel>
-            <uLtcg>0</uLtcg>
-            <RoSelD>3</RoSelD>
-            <RwSelD>3</RwSelD>
-            <CodeSel>1</CodeSel>
-            <OptFeed>0</OptFeed>
-            <NoZi1>0</NoZi1>
-            <NoZi2>0</NoZi2>
-            <NoZi3>0</NoZi3>
-            <NoZi4>0</NoZi4>
-            <NoZi5>0</NoZi5>
-            <Ro1Chk>0</Ro1Chk>
-            <Ro2Chk>0</Ro2Chk>
-            <Ro3Chk>0</Ro3Chk>
-            <Ir1Chk>1</Ir1Chk>
-            <Ir2Chk>1</Ir2Chk>
-            <Ra1Chk>1</Ra1Chk>
-            <Ra2Chk>0</Ra2Chk>
-            <Ra3Chk>0</Ra3Chk>
-            <Im1Chk>1</Im1Chk>
-            <Im2Chk>1</Im2Chk>
-            <OnChipMemories>
-              <Ocm1>
-                <Type>0</Type>
-                <StartAddress>0x0</StartAddress>
-                <Size>0x0</Size>
-              </Ocm1>
-              <Ocm2>
-                <Type>0</Type>
-                <StartAddress>0x0</StartAddress>
-                <Size>0x0</Size>
-              </Ocm2>
-              <Ocm3>
-                <Type>0</Type>
-                <StartAddress>0x0</StartAddress>
-                <Size>0x0</Size>
-              </Ocm3>
-              <Ocm4>
-                <Type>0</Type>
-                <StartAddress>0x0</StartAddress>
-                <Size>0x0</Size>
-              </Ocm4>
-              <Ocm5>
-                <Type>0</Type>
-                <StartAddress>0x0</StartAddress>
-                <Size>0x0</Size>
-              </Ocm5>
-              <Ocm6>
-                <Type>0</Type>
-                <StartAddress>0x0</StartAddress>
-                <Size>0x0</Size>
-              </Ocm6>
-              <IRAM>
-                <Type>0</Type>
-                <StartAddress>0x10000000</StartAddress>
-                <Size>0x8000</Size>
-              </IRAM>
-              <IROM>
-                <Type>1</Type>
-                <StartAddress>0x1a000000</StartAddress>
-                <Size>0x80000</Size>
-              </IROM>
-              <XRAM>
-                <Type>0</Type>
-                <StartAddress>0x0</StartAddress>
-                <Size>0x0</Size>
-              </XRAM>
-              <OCR_RVCT1>
-                <Type>1</Type>
-                <StartAddress>0x0</StartAddress>
-                <Size>0x0</Size>
-              </OCR_RVCT1>
-              <OCR_RVCT2>
-                <Type>1</Type>
-                <StartAddress>0x0</StartAddress>
-                <Size>0x0</Size>
-              </OCR_RVCT2>
-              <OCR_RVCT3>
-                <Type>1</Type>
-                <StartAddress>0x0</StartAddress>
-                <Size>0x0</Size>
-              </OCR_RVCT3>
-              <OCR_RVCT4>
-                <Type>1</Type>
-                <StartAddress>0x1a000000</StartAddress>
-                <Size>0x80000</Size>
-              </OCR_RVCT4>
-              <OCR_RVCT5>
-                <Type>1</Type>
-                <StartAddress>0x1b000000</StartAddress>
-                <Size>0x80000</Size>
-              </OCR_RVCT5>
-              <OCR_RVCT6>
-                <Type>0</Type>
-                <StartAddress>0x10080000</StartAddress>
-                <Size>0xa000</Size>
-              </OCR_RVCT6>
-              <OCR_RVCT7>
-                <Type>0</Type>
-                <StartAddress>0x0</StartAddress>
-                <Size>0x0</Size>
-              </OCR_RVCT7>
-              <OCR_RVCT8>
-                <Type>0</Type>
-                <StartAddress>0x0</StartAddress>
-                <Size>0x0</Size>
-              </OCR_RVCT8>
-              <OCR_RVCT9>
-                <Type>0</Type>
-                <StartAddress>0x10000000</StartAddress>
-                <Size>0x8000</Size>
-              </OCR_RVCT9>
-              <OCR_RVCT10>
-                <Type>0</Type>
-                <StartAddress>0x20000000</StartAddress>
-                <Size>0x10000</Size>
-              </OCR_RVCT10>
-            </OnChipMemories>
-            <RvctStartVector></RvctStartVector>
-          </ArmAdsMisc>
-          <Cads>
-            <interw>1</interw>
-            <Optim>4</Optim>
-            <oTime>0</oTime>
-            <SplitLS>0</SplitLS>
-            <OneElfS>0</OneElfS>
-            <Strict>0</Strict>
-            <EnumInt>0</EnumInt>
-            <PlainCh>0</PlainCh>
-            <Ropi>0</Ropi>
-            <Rwpi>0</Rwpi>
-            <wLevel>0</wLevel>
-            <uThumb>0</uThumb>
-            <uSurpInc>0</uSurpInc>
-            <VariousControls>
-              <MiscControls></MiscControls>
-              <Define>HAVE_CONFIG_H CYASSL_LPC43xx  __DBG_ITM  CORE_M4  __RTX USE_STDPERIPH_DRIVER  MDK_CONF_RTX_TCP_FS</Define>
-              <Undefine></Undefine>
-              <IncludePath>..\MDK-ARM\CyaSSL;../../..;..\LPC43xx\Drivers\include;..\LPC43xx\LPC43xx\Include</IncludePath>
-            </VariousControls>
-          </Cads>
-          <Aads>
-            <interw>1</interw>
-            <Ropi>0</Ropi>
-            <Rwpi>0</Rwpi>
-            <thumb>1</thumb>
-            <SplitLS>0</SplitLS>
-            <SwStkChk>0</SwStkChk>
-            <NoWarn>0</NoWarn>
-            <uSurpInc>0</uSurpInc>
-            <VariousControls>
-              <MiscControls></MiscControls>
-              <Define></Define>
-              <Undefine></Undefine>
-              <IncludePath></IncludePath>
-            </VariousControls>
-          </Aads>
-          <LDads>
-            <umfTarg>1</umfTarg>
-            <Ropi>0</Ropi>
-            <Rwpi>0</Rwpi>
-            <noStLib>0</noStLib>
-            <RepFail>1</RepFail>
-            <useFile>0</useFile>
-            <TextAddressRange></TextAddressRange>
-            <DataAddressRange></DataAddressRange>
-            <ScatterFile></ScatterFile>
-            <IncludeLibs></IncludeLibs>
-            <IncludeLibsPath></IncludeLibsPath>
-            <Misc></Misc>
-            <LinkerInputFile></LinkerInputFile>
-            <DisabledWarnings></DisabledWarnings>
-          </LDads>
-        </TargetArmAds>
-      </TargetOption>
-      <Groups>
-        <Group>
-          <GroupName>CyaSSL Apps</GroupName>
-          <Files>
-            <File>
-              <FileName>echoclient.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\examples\echoclient\echoclient.c</FilePath>
-            </File>
-            <File>
-              <FileName>echoserver.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\examples\echoserver\echoserver.c</FilePath>
-            </File>
-            <File>
-              <FileName>test.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\test\test.c</FilePath>
-            </File>
-            <File>
-              <FileName>benchmark.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\benchmark\benchmark.c</FilePath>
-            </File>
-            <File>
-              <FileName>client.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\examples\client\client.c</FilePath>
-            </File>
-            <File>
-              <FileName>server.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\examples\server\server.c</FilePath>
-            </File>
-            <File>
-              <FileName>shell.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\MDK-ARM\CyaSSL\shell.c</FilePath>
-            </File>
-            <File>
-              <FileName>main.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\MDK-ARM\CyaSSL\main.c</FilePath>
-            </File>
-            <File>
-              <FileName>cert_data.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\MDK-ARM\CyaSSL\cert_data.c</FilePath>
-            </File>
-          </Files>
-        </Group>
-        <Group>
-          <GroupName>LPC43xx</GroupName>
-          <Files>
-            <File>
-              <FileName>lpc43xx_rtc.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\LPC43xx\Drivers\source\lpc43xx_rtc.c</FilePath>
-            </File>
-            <File>
-              <FileName>lpc43xx_timer.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\LPC43xx\Drivers\source\lpc43xx_timer.c</FilePath>
-            </File>
-            <File>
-              <FileName>lpc43xx_cgu.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\LPC43xx\Drivers\source\lpc43xx_cgu.c</FilePath>
-            </File>
-            <File>
-              <FileName>lpc43xx_scu.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\LPC43xx\Drivers\source\lpc43xx_scu.c</FilePath>
-            </File>
-          </Files>
-        </Group>
-        <Group>
-          <GroupName>MDK-ARM</GroupName>
-          <Files>
-            <File>
-              <FileName>FS_CM3.lib</FileName>
-              <FileType>4</FileType>
-              <FilePath>c:\Keil\ARM\RV31\LIB\FS_CM3.lib</FilePath>
-            </File>
-            <File>
-              <FileName>RTX_CM3.lib</FileName>
-              <FileType>4</FileType>
-              <FilePath>c:\Keil\ARM\RV31\LIB\\RTX_CM3.lib</FilePath>
-            </File>
-            <File>
-              <FileName>TCPD_CM3.lib</FileName>
-              <FileType>4</FileType>
-              <FilePath>c:\Keil\ARM\RV31\LIB\TCPD_CM3.lib</FilePath>
-              <FileOption>
-                <CommonProperty>
-                  <UseCPPCompiler>2</UseCPPCompiler>
-                  <RVCTCodeConst>0</RVCTCodeConst>
-                  <RVCTZI>0</RVCTZI>
-                  <RVCTOtherData>0</RVCTOtherData>
-                  <ModuleSelection>0</ModuleSelection>
-                  <IncludeInBuild>0</IncludeInBuild>
-                  <AlwaysBuild>2</AlwaysBuild>
-                  <GenerateAssemblyFile>2</GenerateAssemblyFile>
-                  <AssembleAssemblyFile>2</AssembleAssemblyFile>
-                  <PublicsOnly>2</PublicsOnly>
-                  <StopOnExitCode>11</StopOnExitCode>
-                  <CustomArgument></CustomArgument>
-                  <IncludeLibraryModules></IncludeLibraryModules>
-                </CommonProperty>
-                <FileArmAds/>
-              </FileOption>
-            </File>
-            <File>
-              <FileName>TCP_CM3.lib</FileName>
-              <FileType>4</FileType>
-              <FilePath>c:\Keil\ARM\RV31\LIB\TCP_CM3.lib</FilePath>
-            </File>
-            <File>
-              <FileName>Serial.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>C:\Keil\ARM\Boards\Keil\MCB4300\RL\FlashFS\SD_File\Serial.c</FilePath>
-            </File>
-            <File>
-              <FileName>ETH_LPC43xx.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>C:\Keil\ARM\RL\TCPnet\Drivers\ETH_LPC43xx.c</FilePath>
-            </File>
-            <File>
-              <FileName>SDIO_LPC43xx.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>C:\Keil\ARM\Boards\Keil\MCB4300\RL\FlashFS\SD_File\SDIO_LPC43xx.c</FilePath>
-            </File>
-            <File>
-              <FileName>system_LPC43xx.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>C:\Keil\ARM\Boards\Keil\MCB4300\RL\FlashFS\SD_File\system_LPC43xx.c</FilePath>
-            </File>
-          </Files>
-        </Group>
-        <Group>
-          <GroupName>CyaSSL Library</GroupName>
-          <Files>
-            <File>
-              <FileName>crl.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\src\crl.c</FilePath>
-            </File>
-            <File>
-              <FileName>internal.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\src\internal.c</FilePath>
-            </File>
-            <File>
-              <FileName>io.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\src\io.c</FilePath>
-            </File>
-            <File>
-              <FileName>keys.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\src\keys.c</FilePath>
-            </File>
-            <File>
-              <FileName>ocsp.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\src\ocsp.c</FilePath>
-            </File>
-            <File>
-              <FileName>sniffer.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\src\sniffer.c</FilePath>
-            </File>
-            <File>
-              <FileName>ssl.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\src\ssl.c</FilePath>
-            </File>
-            <File>
-              <FileName>tls.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\src\tls.c</FilePath>
-            </File>
-            <File>
-              <FileName>ssl-dummy.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\MDK-ARM\CyaSSL\ssl-dummy.c</FilePath>
-              <FileOption>
-                <CommonProperty>
-                  <UseCPPCompiler>2</UseCPPCompiler>
-                  <RVCTCodeConst>0</RVCTCodeConst>
-                  <RVCTZI>0</RVCTZI>
-                  <RVCTOtherData>0</RVCTOtherData>
-                  <ModuleSelection>0</ModuleSelection>
-                  <IncludeInBuild>0</IncludeInBuild>
-                  <AlwaysBuild>2</AlwaysBuild>
-                  <GenerateAssemblyFile>2</GenerateAssemblyFile>
-                  <AssembleAssemblyFile>2</AssembleAssemblyFile>
-                  <PublicsOnly>2</PublicsOnly>
-                  <StopOnExitCode>11</StopOnExitCode>
-                  <CustomArgument></CustomArgument>
-                  <IncludeLibraryModules></IncludeLibraryModules>
-                </CommonProperty>
-                <FileArmAds>
-                  <Cads>
-                    <interw>2</interw>
-                    <Optim>0</Optim>
-                    <oTime>2</oTime>
-                    <SplitLS>2</SplitLS>
-                    <OneElfS>2</OneElfS>
-                    <Strict>2</Strict>
-                    <EnumInt>2</EnumInt>
-                    <PlainCh>2</PlainCh>
-                    <Ropi>2</Ropi>
-                    <Rwpi>2</Rwpi>
-                    <wLevel>0</wLevel>
-                    <uThumb>2</uThumb>
-                    <uSurpInc>2</uSurpInc>
-                    <VariousControls>
-                      <MiscControls></MiscControls>
-                      <Define></Define>
-                      <Undefine></Undefine>
-                      <IncludePath></IncludePath>
-                    </VariousControls>
-                  </Cads>
-                </FileArmAds>
-              </FileOption>
-            </File>
-          </Files>
-        </Group>
-        <Group>
-          <GroupName>Crypt/Cipher Library</GroupName>
-          <Files>
-            <File>
-              <FileName>aes.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\aes.c</FilePath>
-            </File>
-            <File>
-              <FileName>arc4.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\arc4.c</FilePath>
-            </File>
-            <File>
-              <FileName>asm.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\asm.c</FilePath>
-            </File>
-            <File>
-              <FileName>asn.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\asn.c</FilePath>
-            </File>
-            <File>
-              <FileName>camellia.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\camellia.c</FilePath>
-            </File>
-            <File>
-              <FileName>coding.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\coding.c</FilePath>
-            </File>
-            <File>
-              <FileName>des3.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\des3.c</FilePath>
-            </File>
-            <File>
-              <FileName>dh.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\dh.c</FilePath>
-            </File>
-            <File>
-              <FileName>dsa.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\dsa.c</FilePath>
-            </File>
-            <File>
-              <FileName>ecc.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\ecc.c</FilePath>
-            </File>
-            <File>
-              <FileName>ecc_fp.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\ecc_fp.c</FilePath>
-            </File>
-            <File>
-              <FileName>error.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\error.c</FilePath>
-            </File>
-            <File>
-              <FileName>hc128.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\hc128.c</FilePath>
-            </File>
-            <File>
-              <FileName>hmac.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\hmac.c</FilePath>
-            </File>
-            <File>
-              <FileName>integer.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\integer.c</FilePath>
-            </File>
-            <File>
-              <FileName>logging.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\logging.c</FilePath>
-            </File>
-            <File>
-              <FileName>md2.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\md2.c</FilePath>
-            </File>
-            <File>
-              <FileName>md4.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\md4.c</FilePath>
-            </File>
-            <File>
-              <FileName>md5.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\md5.c</FilePath>
-            </File>
-            <File>
-              <FileName>memory.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\memory.c</FilePath>
-            </File>
-            <File>
-              <FileName>misc.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\misc.c</FilePath>
-            </File>
-            <File>
-              <FileName>wc_port.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\wc_port.c</FilePath>
-            </File>
-            <File>
-              <FileName>pwdbased.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\pwdbased.c</FilePath>
-            </File>
-            <File>
-              <FileName>rabbit.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\rabbit.c</FilePath>
-            </File>
-            <File>
-              <FileName>random.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\random.c</FilePath>
-            </File>
-            <File>
-              <FileName>ripemd.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\ripemd.c</FilePath>
-            </File>
-            <File>
-              <FileName>rsa.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\rsa.c</FilePath>
-            </File>
-            <File>
-              <FileName>sha.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\sha.c</FilePath>
-            </File>
-            <File>
-              <FileName>sha256.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\sha256.c</FilePath>
-            </File>
-            <File>
-              <FileName>sha512.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\sha512.c</FilePath>
-            </File>
-            <File>
-              <FileName>tfm.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\tfm.c</FilePath>
-              <FileOption>
-                <CommonProperty>
-                  <UseCPPCompiler>2</UseCPPCompiler>
-                  <RVCTCodeConst>0</RVCTCodeConst>
-                  <RVCTZI>0</RVCTZI>
-                  <RVCTOtherData>0</RVCTOtherData>
-                  <ModuleSelection>0</ModuleSelection>
-                  <IncludeInBuild>0</IncludeInBuild>
-                  <AlwaysBuild>2</AlwaysBuild>
-                  <GenerateAssemblyFile>2</GenerateAssemblyFile>
-                  <AssembleAssemblyFile>2</AssembleAssemblyFile>
-                  <PublicsOnly>2</PublicsOnly>
-                  <StopOnExitCode>11</StopOnExitCode>
-                  <CustomArgument></CustomArgument>
-                  <IncludeLibraryModules></IncludeLibraryModules>
-                </CommonProperty>
-                <FileArmAds>
-                  <Cads>
-                    <interw>2</interw>
-                    <Optim>0</Optim>
-                    <oTime>2</oTime>
-                    <SplitLS>2</SplitLS>
-                    <OneElfS>2</OneElfS>
-                    <Strict>2</Strict>
-                    <EnumInt>2</EnumInt>
-                    <PlainCh>2</PlainCh>
-                    <Ropi>2</Ropi>
-                    <Rwpi>2</Rwpi>
-                    <wLevel>0</wLevel>
-                    <uThumb>2</uThumb>
-                    <uSurpInc>2</uSurpInc>
-                    <VariousControls>
-                      <MiscControls></MiscControls>
-                      <Define></Define>
-                      <Undefine></Undefine>
-                      <IncludePath></IncludePath>
-                    </VariousControls>
-                  </Cads>
-                </FileArmAds>
-              </FileOption>
-            </File>
-          </Files>
-        </Group>
-        <Group>
-          <GroupName>Configuration</GroupName>
-          <Files>
-            <File>
-              <FileName>File_Config.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\MDK-ARM\config\File_Config.c</FilePath>
-            </File>
-            <File>
-              <FileName>Net_Config.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\MDK-ARM\config\Net_Config.c</FilePath>
-            </File>
-            <File>
-              <FileName>config.h</FileName>
-              <FileType>5</FileType>
-              <FilePath>..\MDK-ARM\CyaSSL\config.h</FilePath>
-            </File>
-            <File>
-              <FileName>RTX_Conf_CM.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\MDK-ARM\config\RTX_Conf_CM.c</FilePath>
-            </File>
-            <File>
-              <FileName>Net_Debug.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\MDK-ARM\config\Net_Debug.c</FilePath>
-              <FileOption>
-                <CommonProperty>
-                  <UseCPPCompiler>2</UseCPPCompiler>
-                  <RVCTCodeConst>0</RVCTCodeConst>
-                  <RVCTZI>0</RVCTZI>
-                  <RVCTOtherData>0</RVCTOtherData>
-                  <ModuleSelection>0</ModuleSelection>
-                  <IncludeInBuild>0</IncludeInBuild>
-                  <AlwaysBuild>2</AlwaysBuild>
-                  <GenerateAssemblyFile>2</GenerateAssemblyFile>
-                  <AssembleAssemblyFile>2</AssembleAssemblyFile>
-                  <PublicsOnly>2</PublicsOnly>
-                  <StopOnExitCode>11</StopOnExitCode>
-                  <CustomArgument></CustomArgument>
-                  <IncludeLibraryModules></IncludeLibraryModules>
-                </CommonProperty>
-                <FileArmAds>
-                  <Cads>
-                    <interw>2</interw>
-                    <Optim>0</Optim>
-                    <oTime>2</oTime>
-                    <SplitLS>2</SplitLS>
-                    <OneElfS>2</OneElfS>
-                    <Strict>2</Strict>
-                    <EnumInt>2</EnumInt>
-                    <PlainCh>2</PlainCh>
-                    <Ropi>2</Ropi>
-                    <Rwpi>2</Rwpi>
-                    <wLevel>0</wLevel>
-                    <uThumb>2</uThumb>
-                    <uSurpInc>2</uSurpInc>
-                    <VariousControls>
-                      <MiscControls></MiscControls>
-                      <Define></Define>
-                      <Undefine></Undefine>
-                      <IncludePath></IncludePath>
-                    </VariousControls>
-                  </Cads>
-                </FileArmAds>
-              </FileOption>
-            </File>
-            <File>
-              <FileName>config-FS.h</FileName>
-              <FileType>5</FileType>
-              <FilePath>..\MDK-ARM\CyaSSL\config-FS.h</FilePath>
-            </File>
-            <File>
-              <FileName>config-RTX-TCP-FS.h</FileName>
-              <FileType>5</FileType>
-              <FilePath>..\MDK-ARM\CyaSSL\config-RTX-TCP-FS.h</FilePath>
-            </File>
-            <File>
-              <FileName>config-BARE-METAL.h</FileName>
-              <FileType>5</FileType>
-              <FilePath>..\MDK-ARM\CyaSSL\config-BARE-METAL.h</FilePath>
-            </File>
-            <File>
-              <FileName>startup_LPC43xx.s</FileName>
-              <FileType>2</FileType>
-              <FilePath>..\LPC43xx\startup_LPC43xx.s</FilePath>
-            </File>
-          </Files>
-        </Group>
-        <Group>
-          <GroupName>CyaSSL-MDK</GroupName>
-          <Files>
-            <File>
-              <FileName>cyassl_MDK_ARM.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\MDK-ARM\CyaSSL\cyassl_MDK_ARM.c</FilePath>
-            </File>
-            <File>
-              <FileName>Retarget.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\MDK-ARM\CyaSSL\Retarget.c</FilePath>
-            </File>
-            <File>
-              <FileName>time-LCP43xx.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\LPC43xx\time-LCP43xx.c</FilePath>
-            </File>
-          </Files>
-        </Group>
-      </Groups>
-    </Target>
-    <Target>
-      <TargetName>MDK-FS</TargetName>
-      <ToolsetNumber>0x4</ToolsetNumber>
-      <ToolsetName>ARM-ADS</ToolsetName>
-      <TargetOption>
-        <TargetCommonOption>
-          <Device>LPC4357</Device>
-          <Vendor>NXP (founded by Philips)</Vendor>
-          <Cpu>IRAM(0x10000000-0x10007FFF) IRAM2(0x20000000-0x2000FFFF) IROM(0x1A000000-0x1A07FFFF) IROM2(0x1B000000-0x1B07FFFF) CLOCK(12000000) CPUTYPE("Cortex-M4") FPU2</Cpu>
-          <FlashUtilSpec></FlashUtilSpec>
-          <StartupFile>"STARTUP\NXP\LPC43xx\startup_LPC43xx.s" ("NXP LPC43xx Startup Code")</StartupFile>
-          <FlashDriverDll>UL2CM3(-O975 -S0 -C0 -FO7 -FD10000000 -FC800 -FN2 -FF0LPC18xx43xx_512_BA -FS01A000000 -FL080000 -FF1LPC18xx43xx_512_BB -FS11B000000 -FL180000)</FlashDriverDll>
-          <DeviceId>6414</DeviceId>
-          <RegisterFile>LPC43xx.H</RegisterFile>
-          <MemoryEnv></MemoryEnv>
-          <Cmp></Cmp>
-          <Asm></Asm>
-          <Linker></Linker>
-          <OHString></OHString>
-          <InfinionOptionDll></InfinionOptionDll>
-          <SLE66CMisc></SLE66CMisc>
-          <SLE66AMisc></SLE66AMisc>
-          <SLE66LinkerMisc></SLE66LinkerMisc>
-          <SFDFile>SFD\NXP\LPC43xx\LPC43xx.SFR</SFDFile>
-          <UseEnv>0</UseEnv>
-          <BinPath></BinPath>
-          <IncludePath></IncludePath>
-          <LibPath></LibPath>
-          <RegisterFilePath>NXP\LPC43xx\</RegisterFilePath>
-          <DBRegisterFilePath>NXP\LPC43xx\</DBRegisterFilePath>
-          <TargetStatus>
-            <Error>0</Error>
-            <ExitCodeStop>0</ExitCodeStop>
-            <ButtonStop>0</ButtonStop>
-            <NotGenerated>0</NotGenerated>
-            <InvalidFlash>1</InvalidFlash>
-          </TargetStatus>
-          <OutputDirectory>.\MDK-FS\</OutputDirectory>
-          <OutputName>LCP43xx-MDK-FS</OutputName>
-          <CreateExecutable>1</CreateExecutable>
-          <CreateLib>0</CreateLib>
-          <CreateHexFile>0</CreateHexFile>
-          <DebugInformation>1</DebugInformation>
-          <BrowseInformation>1</BrowseInformation>
-          <ListingPath>.\Lst\</ListingPath>
-          <HexFormatSelection>1</HexFormatSelection>
-          <Merge32K>0</Merge32K>
-          <CreateBatchFile>0</CreateBatchFile>
-          <BeforeCompile>
-            <RunUserProg1>0</RunUserProg1>
-            <RunUserProg2>0</RunUserProg2>
-            <UserProg1Name></UserProg1Name>
-            <UserProg2Name></UserProg2Name>
-            <UserProg1Dos16Mode>0</UserProg1Dos16Mode>
-            <UserProg2Dos16Mode>0</UserProg2Dos16Mode>
-            <nStopU1X>0</nStopU1X>
-            <nStopU2X>0</nStopU2X>
-          </BeforeCompile>
-          <BeforeMake>
-            <RunUserProg1>0</RunUserProg1>
-            <RunUserProg2>0</RunUserProg2>
-            <UserProg1Name></UserProg1Name>
-            <UserProg2Name></UserProg2Name>
-            <UserProg1Dos16Mode>0</UserProg1Dos16Mode>
-            <UserProg2Dos16Mode>0</UserProg2Dos16Mode>
-          </BeforeMake>
-          <AfterMake>
-            <RunUserProg1>1</RunUserProg1>
-            <RunUserProg2>0</RunUserProg2>
-            <UserProg1Name>$K\ARM\BIN\ElfDwT.exe !L BASEADDRESS(0x1A000000)</UserProg1Name>
-            <UserProg2Name></UserProg2Name>
-            <UserProg1Dos16Mode>0</UserProg1Dos16Mode>
-            <UserProg2Dos16Mode>0</UserProg2Dos16Mode>
-          </AfterMake>
-          <SelectedForBatchBuild>0</SelectedForBatchBuild>
-          <SVCSIdString></SVCSIdString>
-        </TargetCommonOption>
-        <CommonProperty>
-          <UseCPPCompiler>0</UseCPPCompiler>
-          <RVCTCodeConst>0</RVCTCodeConst>
-          <RVCTZI>0</RVCTZI>
-          <RVCTOtherData>0</RVCTOtherData>
-          <ModuleSelection>0</ModuleSelection>
-          <IncludeInBuild>1</IncludeInBuild>
-          <AlwaysBuild>0</AlwaysBuild>
-          <GenerateAssemblyFile>0</GenerateAssemblyFile>
-          <AssembleAssemblyFile>0</AssembleAssemblyFile>
-          <PublicsOnly>0</PublicsOnly>
-          <StopOnExitCode>3</StopOnExitCode>
-          <CustomArgument></CustomArgument>
-          <IncludeLibraryModules></IncludeLibraryModules>
-        </CommonProperty>
-        <DllOption>
-          <SimDllName>SARMCM3.DLL</SimDllName>
-          <SimDllArguments>-MPU</SimDllArguments>
-          <SimDlgDll>DCM.DLL</SimDlgDll>
-          <SimDlgDllArguments>-pCM4</SimDlgDllArguments>
-          <TargetDllName>SARMCM3.DLL</TargetDllName>
-          <TargetDllArguments>-MPU</TargetDllArguments>
-          <TargetDlgDll>TCM.DLL</TargetDlgDll>
-          <TargetDlgDllArguments>-pCM4</TargetDlgDllArguments>
-        </DllOption>
-        <DebugOption>
-          <OPTHX>
-            <HexSelection>1</HexSelection>
-            <HexRangeLowAddress>0</HexRangeLowAddress>
-            <HexRangeHighAddress>0</HexRangeHighAddress>
-            <HexOffset>0</HexOffset>
-            <Oh166RecLen>16</Oh166RecLen>
-          </OPTHX>
-          <Simulator>
-            <UseSimulator>0</UseSimulator>
-            <LoadApplicationAtStartup>1</LoadApplicationAtStartup>
-            <RunToMain>1</RunToMain>
-            <RestoreBreakpoints>1</RestoreBreakpoints>
-            <RestoreWatchpoints>1</RestoreWatchpoints>
-            <RestoreMemoryDisplay>1</RestoreMemoryDisplay>
-            <RestoreFunctions>1</RestoreFunctions>
-            <RestoreToolbox>1</RestoreToolbox>
-            <LimitSpeedToRealTime>0</LimitSpeedToRealTime>
-          </Simulator>
-          <Target>
-            <UseTarget>1</UseTarget>
-            <LoadApplicationAtStartup>1</LoadApplicationAtStartup>
-            <RunToMain>1</RunToMain>
-            <RestoreBreakpoints>1</RestoreBreakpoints>
-            <RestoreWatchpoints>1</RestoreWatchpoints>
-            <RestoreMemoryDisplay>1</RestoreMemoryDisplay>
-            <RestoreFunctions>0</RestoreFunctions>
-            <RestoreToolbox>1</RestoreToolbox>
-            <RestoreTracepoints>0</RestoreTracepoints>
-          </Target>
-          <RunDebugAfterBuild>0</RunDebugAfterBuild>
-          <TargetSelection>9</TargetSelection>
-          <SimDlls>
-            <CpuDll></CpuDll>
-            <CpuDllArguments></CpuDllArguments>
-            <PeripheralDll></PeripheralDll>
-            <PeripheralDllArguments></PeripheralDllArguments>
-            <InitializationFile></InitializationFile>
-          </SimDlls>
-          <TargetDlls>
-            <CpuDll></CpuDll>
-            <CpuDllArguments></CpuDllArguments>
-            <PeripheralDll></PeripheralDll>
-            <PeripheralDllArguments></PeripheralDllArguments>
-            <InitializationFile>..\MDK-ARM\config\Dbg_Flash.ini</InitializationFile>
-            <Driver>BIN\ULP2CM3.DLL</Driver>
-          </TargetDlls>
-        </DebugOption>
-        <Utilities>
-          <Flash1>
-            <UseTargetDll>1</UseTargetDll>
-            <UseExternalTool>0</UseExternalTool>
-            <RunIndependent>0</RunIndependent>
-            <UpdateFlashBeforeDebugging>1</UpdateFlashBeforeDebugging>
-            <Capability>1</Capability>
-            <DriverSelection>4100</DriverSelection>
-          </Flash1>
-          <bUseTDR>0</bUseTDR>
-          <Flash2>BIN\ULP2CM3.DLL</Flash2>
-          <Flash3>"" ()</Flash3>
-          <Flash4></Flash4>
-        </Utilities>
-        <TargetArmAds>
-          <ArmAdsMisc>
-            <GenerateListings>0</GenerateListings>
-            <asHll>1</asHll>
-            <asAsm>1</asAsm>
-            <asMacX>1</asMacX>
-            <asSyms>1</asSyms>
-            <asFals>1</asFals>
-            <asDbgD>1</asDbgD>
-            <asForm>1</asForm>
-            <ldLst>0</ldLst>
-            <ldmm>1</ldmm>
-            <ldXref>1</ldXref>
-            <BigEnd>0</BigEnd>
-            <AdsALst>1</AdsALst>
-            <AdsACrf>1</AdsACrf>
-            <AdsANop>0</AdsANop>
-            <AdsANot>0</AdsANot>
-            <AdsLLst>1</AdsLLst>
-            <AdsLmap>1</AdsLmap>
-            <AdsLcgr>1</AdsLcgr>
-            <AdsLsym>1</AdsLsym>
-            <AdsLszi>1</AdsLszi>
-            <AdsLtoi>1</AdsLtoi>
-            <AdsLsun>1</AdsLsun>
-            <AdsLven>1</AdsLven>
-            <AdsLsxf>1</AdsLsxf>
-            <RvctClst>0</RvctClst>
-            <GenPPlst>0</GenPPlst>
-            <AdsCpuType>"Cortex-M4"</AdsCpuType>
-            <RvctDeviceName></RvctDeviceName>
-            <mOS>0</mOS>
-            <uocRom>0</uocRom>
-            <uocRam>0</uocRam>
-            <hadIROM>1</hadIROM>
-            <hadIRAM>1</hadIRAM>
-            <hadXRAM>0</hadXRAM>
-            <uocXRam>0</uocXRam>
-            <RvdsVP>1</RvdsVP>
-            <hadIRAM2>1</hadIRAM2>
-            <hadIROM2>1</hadIROM2>
-            <StupSel>8</StupSel>
-            <useUlib>0</useUlib>
-            <EndSel>0</EndSel>
-            <uLtcg>0</uLtcg>
-            <RoSelD>3</RoSelD>
-            <RwSelD>3</RwSelD>
-            <CodeSel>1</CodeSel>
-            <OptFeed>0</OptFeed>
-            <NoZi1>0</NoZi1>
-            <NoZi2>0</NoZi2>
-            <NoZi3>0</NoZi3>
-            <NoZi4>0</NoZi4>
-            <NoZi5>0</NoZi5>
-            <Ro1Chk>0</Ro1Chk>
-            <Ro2Chk>0</Ro2Chk>
-            <Ro3Chk>0</Ro3Chk>
-            <Ir1Chk>1</Ir1Chk>
-            <Ir2Chk>1</Ir2Chk>
-            <Ra1Chk>1</Ra1Chk>
-            <Ra2Chk>0</Ra2Chk>
-            <Ra3Chk>0</Ra3Chk>
-            <Im1Chk>1</Im1Chk>
-            <Im2Chk>1</Im2Chk>
-            <OnChipMemories>
-              <Ocm1>
-                <Type>0</Type>
-                <StartAddress>0x0</StartAddress>
-                <Size>0x0</Size>
-              </Ocm1>
-              <Ocm2>
-                <Type>0</Type>
-                <StartAddress>0x0</StartAddress>
-                <Size>0x0</Size>
-              </Ocm2>
-              <Ocm3>
-                <Type>0</Type>
-                <StartAddress>0x0</StartAddress>
-                <Size>0x0</Size>
-              </Ocm3>
-              <Ocm4>
-                <Type>0</Type>
-                <StartAddress>0x0</StartAddress>
-                <Size>0x0</Size>
-              </Ocm4>
-              <Ocm5>
-                <Type>0</Type>
-                <StartAddress>0x0</StartAddress>
-                <Size>0x0</Size>
-              </Ocm5>
-              <Ocm6>
-                <Type>0</Type>
-                <StartAddress>0x0</StartAddress>
-                <Size>0x0</Size>
-              </Ocm6>
-              <IRAM>
-                <Type>0</Type>
-                <StartAddress>0x10000000</StartAddress>
-                <Size>0x8000</Size>
-              </IRAM>
-              <IROM>
-                <Type>1</Type>
-                <StartAddress>0x1a000000</StartAddress>
-                <Size>0x80000</Size>
-              </IROM>
-              <XRAM>
-                <Type>0</Type>
-                <StartAddress>0x0</StartAddress>
-                <Size>0x0</Size>
-              </XRAM>
-              <OCR_RVCT1>
-                <Type>1</Type>
-                <StartAddress>0x0</StartAddress>
-                <Size>0x0</Size>
-              </OCR_RVCT1>
-              <OCR_RVCT2>
-                <Type>1</Type>
-                <StartAddress>0x0</StartAddress>
-                <Size>0x0</Size>
-              </OCR_RVCT2>
-              <OCR_RVCT3>
-                <Type>1</Type>
-                <StartAddress>0x0</StartAddress>
-                <Size>0x0</Size>
-              </OCR_RVCT3>
-              <OCR_RVCT4>
-                <Type>1</Type>
-                <StartAddress>0x1a000000</StartAddress>
-                <Size>0x80000</Size>
-              </OCR_RVCT4>
-              <OCR_RVCT5>
-                <Type>1</Type>
-                <StartAddress>0x1b000000</StartAddress>
-                <Size>0x80000</Size>
-              </OCR_RVCT5>
-              <OCR_RVCT6>
-                <Type>0</Type>
-                <StartAddress>0x10080000</StartAddress>
-                <Size>0xa000</Size>
-              </OCR_RVCT6>
-              <OCR_RVCT7>
-                <Type>0</Type>
-                <StartAddress>0x0</StartAddress>
-                <Size>0x0</Size>
-              </OCR_RVCT7>
-              <OCR_RVCT8>
-                <Type>0</Type>
-                <StartAddress>0x0</StartAddress>
-                <Size>0x0</Size>
-              </OCR_RVCT8>
-              <OCR_RVCT9>
-                <Type>0</Type>
-                <StartAddress>0x10000000</StartAddress>
-                <Size>0x8000</Size>
-              </OCR_RVCT9>
-              <OCR_RVCT10>
-                <Type>0</Type>
-                <StartAddress>0x20000000</StartAddress>
-                <Size>0x10000</Size>
-              </OCR_RVCT10>
-            </OnChipMemories>
-            <RvctStartVector></RvctStartVector>
-          </ArmAdsMisc>
-          <Cads>
-            <interw>1</interw>
-            <Optim>4</Optim>
-            <oTime>0</oTime>
-            <SplitLS>0</SplitLS>
-            <OneElfS>0</OneElfS>
-            <Strict>0</Strict>
-            <EnumInt>0</EnumInt>
-            <PlainCh>0</PlainCh>
-            <Ropi>0</Ropi>
-            <Rwpi>0</Rwpi>
-            <wLevel>0</wLevel>
-            <uThumb>0</uThumb>
-            <uSurpInc>0</uSurpInc>
-            <VariousControls>
-              <MiscControls></MiscControls>
-              <Define>HAVE_CONFIG_H CYASSL_LPC43xx  __DBG_ITM CORE_M4  __RTX USE_STDPERIPH_DRIVER  MDK_CONF_FS</Define>
-              <Undefine></Undefine>
-              <IncludePath>..\MDK-ARM\CyaSSL;../../..;..\LPC43xx\Drivers\include;..\LPC43xx\LPC43xx\Include</IncludePath>
-            </VariousControls>
-          </Cads>
-          <Aads>
-            <interw>1</interw>
-            <Ropi>0</Ropi>
-            <Rwpi>0</Rwpi>
-            <thumb>1</thumb>
-            <SplitLS>0</SplitLS>
-            <SwStkChk>0</SwStkChk>
-            <NoWarn>0</NoWarn>
-            <uSurpInc>0</uSurpInc>
-            <VariousControls>
-              <MiscControls></MiscControls>
-              <Define></Define>
-              <Undefine></Undefine>
-              <IncludePath></IncludePath>
-            </VariousControls>
-          </Aads>
-          <LDads>
-            <umfTarg>1</umfTarg>
-            <Ropi>0</Ropi>
-            <Rwpi>0</Rwpi>
-            <noStLib>0</noStLib>
-            <RepFail>1</RepFail>
-            <useFile>0</useFile>
-            <TextAddressRange></TextAddressRange>
-            <DataAddressRange></DataAddressRange>
-            <ScatterFile></ScatterFile>
-            <IncludeLibs></IncludeLibs>
-            <IncludeLibsPath></IncludeLibsPath>
-            <Misc></Misc>
-            <LinkerInputFile></LinkerInputFile>
-            <DisabledWarnings></DisabledWarnings>
-          </LDads>
-        </TargetArmAds>
-      </TargetOption>
-      <Groups>
-        <Group>
-          <GroupName>CyaSSL Apps</GroupName>
-          <Files>
-            <File>
-              <FileName>echoclient.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\examples\echoclient\echoclient.c</FilePath>
-              <FileOption>
-                <CommonProperty>
-                  <UseCPPCompiler>2</UseCPPCompiler>
-                  <RVCTCodeConst>0</RVCTCodeConst>
-                  <RVCTZI>0</RVCTZI>
-                  <RVCTOtherData>0</RVCTOtherData>
-                  <ModuleSelection>0</ModuleSelection>
-                  <IncludeInBuild>0</IncludeInBuild>
-                  <AlwaysBuild>2</AlwaysBuild>
-                  <GenerateAssemblyFile>2</GenerateAssemblyFile>
-                  <AssembleAssemblyFile>2</AssembleAssemblyFile>
-                  <PublicsOnly>2</PublicsOnly>
-                  <StopOnExitCode>11</StopOnExitCode>
-                  <CustomArgument></CustomArgument>
-                  <IncludeLibraryModules></IncludeLibraryModules>
-                </CommonProperty>
-                <FileArmAds>
-                  <Cads>
-                    <interw>2</interw>
-                    <Optim>0</Optim>
-                    <oTime>2</oTime>
-                    <SplitLS>2</SplitLS>
-                    <OneElfS>2</OneElfS>
-                    <Strict>2</Strict>
-                    <EnumInt>2</EnumInt>
-                    <PlainCh>2</PlainCh>
-                    <Ropi>2</Ropi>
-                    <Rwpi>2</Rwpi>
-                    <wLevel>0</wLevel>
-                    <uThumb>2</uThumb>
-                    <uSurpInc>2</uSurpInc>
-                    <VariousControls>
-                      <MiscControls></MiscControls>
-                      <Define></Define>
-                      <Undefine></Undefine>
-                      <IncludePath></IncludePath>
-                    </VariousControls>
-                  </Cads>
-                </FileArmAds>
-              </FileOption>
-            </File>
-            <File>
-              <FileName>echoserver.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\examples\echoserver\echoserver.c</FilePath>
-              <FileOption>
-                <CommonProperty>
-                  <UseCPPCompiler>2</UseCPPCompiler>
-                  <RVCTCodeConst>0</RVCTCodeConst>
-                  <RVCTZI>0</RVCTZI>
-                  <RVCTOtherData>0</RVCTOtherData>
-                  <ModuleSelection>0</ModuleSelection>
-                  <IncludeInBuild>0</IncludeInBuild>
-                  <AlwaysBuild>2</AlwaysBuild>
-                  <GenerateAssemblyFile>2</GenerateAssemblyFile>
-                  <AssembleAssemblyFile>2</AssembleAssemblyFile>
-                  <PublicsOnly>2</PublicsOnly>
-                  <StopOnExitCode>11</StopOnExitCode>
-                  <CustomArgument></CustomArgument>
-                  <IncludeLibraryModules></IncludeLibraryModules>
-                </CommonProperty>
-                <FileArmAds>
-                  <Cads>
-                    <interw>2</interw>
-                    <Optim>0</Optim>
-                    <oTime>2</oTime>
-                    <SplitLS>2</SplitLS>
-                    <OneElfS>2</OneElfS>
-                    <Strict>2</Strict>
-                    <EnumInt>2</EnumInt>
-                    <PlainCh>2</PlainCh>
-                    <Ropi>2</Ropi>
-                    <Rwpi>2</Rwpi>
-                    <wLevel>0</wLevel>
-                    <uThumb>2</uThumb>
-                    <uSurpInc>2</uSurpInc>
-                    <VariousControls>
-                      <MiscControls></MiscControls>
-                      <Define></Define>
-                      <Undefine></Undefine>
-                      <IncludePath></IncludePath>
-                    </VariousControls>
-                  </Cads>
-                </FileArmAds>
-              </FileOption>
-            </File>
-            <File>
-              <FileName>test.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\test\test.c</FilePath>
-            </File>
-            <File>
-              <FileName>benchmark.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\benchmark\benchmark.c</FilePath>
-            </File>
-            <File>
-              <FileName>client.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\examples\client\client.c</FilePath>
-              <FileOption>
-                <CommonProperty>
-                  <UseCPPCompiler>2</UseCPPCompiler>
-                  <RVCTCodeConst>0</RVCTCodeConst>
-                  <RVCTZI>0</RVCTZI>
-                  <RVCTOtherData>0</RVCTOtherData>
-                  <ModuleSelection>0</ModuleSelection>
-                  <IncludeInBuild>0</IncludeInBuild>
-                  <AlwaysBuild>2</AlwaysBuild>
-                  <GenerateAssemblyFile>2</GenerateAssemblyFile>
-                  <AssembleAssemblyFile>2</AssembleAssemblyFile>
-                  <PublicsOnly>2</PublicsOnly>
-                  <StopOnExitCode>11</StopOnExitCode>
-                  <CustomArgument></CustomArgument>
-                  <IncludeLibraryModules></IncludeLibraryModules>
-                </CommonProperty>
-                <FileArmAds>
-                  <Cads>
-                    <interw>2</interw>
-                    <Optim>0</Optim>
-                    <oTime>2</oTime>
-                    <SplitLS>2</SplitLS>
-                    <OneElfS>2</OneElfS>
-                    <Strict>2</Strict>
-                    <EnumInt>2</EnumInt>
-                    <PlainCh>2</PlainCh>
-                    <Ropi>2</Ropi>
-                    <Rwpi>2</Rwpi>
-                    <wLevel>0</wLevel>
-                    <uThumb>2</uThumb>
-                    <uSurpInc>2</uSurpInc>
-                    <VariousControls>
-                      <MiscControls></MiscControls>
-                      <Define></Define>
-                      <Undefine></Undefine>
-                      <IncludePath></IncludePath>
-                    </VariousControls>
-                  </Cads>
-                </FileArmAds>
-              </FileOption>
-            </File>
-            <File>
-              <FileName>server.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\examples\server\server.c</FilePath>
-              <FileOption>
-                <CommonProperty>
-                  <UseCPPCompiler>2</UseCPPCompiler>
-                  <RVCTCodeConst>0</RVCTCodeConst>
-                  <RVCTZI>0</RVCTZI>
-                  <RVCTOtherData>0</RVCTOtherData>
-                  <ModuleSelection>0</ModuleSelection>
-                  <IncludeInBuild>0</IncludeInBuild>
-                  <AlwaysBuild>2</AlwaysBuild>
-                  <GenerateAssemblyFile>2</GenerateAssemblyFile>
-                  <AssembleAssemblyFile>2</AssembleAssemblyFile>
-                  <PublicsOnly>2</PublicsOnly>
-                  <StopOnExitCode>11</StopOnExitCode>
-                  <CustomArgument></CustomArgument>
-                  <IncludeLibraryModules></IncludeLibraryModules>
-                </CommonProperty>
-                <FileArmAds>
-                  <Cads>
-                    <interw>2</interw>
-                    <Optim>0</Optim>
-                    <oTime>2</oTime>
-                    <SplitLS>2</SplitLS>
-                    <OneElfS>2</OneElfS>
-                    <Strict>2</Strict>
-                    <EnumInt>2</EnumInt>
-                    <PlainCh>2</PlainCh>
-                    <Ropi>2</Ropi>
-                    <Rwpi>2</Rwpi>
-                    <wLevel>0</wLevel>
-                    <uThumb>2</uThumb>
-                    <uSurpInc>2</uSurpInc>
-                    <VariousControls>
-                      <MiscControls></MiscControls>
-                      <Define></Define>
-                      <Undefine></Undefine>
-                      <IncludePath></IncludePath>
-                    </VariousControls>
-                  </Cads>
-                </FileArmAds>
-              </FileOption>
-            </File>
-            <File>
-              <FileName>shell.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\MDK-ARM\CyaSSL\shell.c</FilePath>
-            </File>
-            <File>
-              <FileName>main.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\MDK-ARM\CyaSSL\main.c</FilePath>
-            </File>
-            <File>
-              <FileName>cert_data.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\MDK-ARM\CyaSSL\cert_data.c</FilePath>
-            </File>
-          </Files>
-        </Group>
-        <Group>
-          <GroupName>LPC43xx</GroupName>
-          <Files>
-            <File>
-              <FileName>lpc43xx_rtc.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\LPC43xx\Drivers\source\lpc43xx_rtc.c</FilePath>
-            </File>
-            <File>
-              <FileName>lpc43xx_timer.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\LPC43xx\Drivers\source\lpc43xx_timer.c</FilePath>
-            </File>
-            <File>
-              <FileName>lpc43xx_cgu.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\LPC43xx\Drivers\source\lpc43xx_cgu.c</FilePath>
-            </File>
-            <File>
-              <FileName>lpc43xx_scu.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\LPC43xx\Drivers\source\lpc43xx_scu.c</FilePath>
-            </File>
-          </Files>
-        </Group>
-        <Group>
-          <GroupName>MDK-ARM</GroupName>
-          <Files>
-            <File>
-              <FileName>FS_CM3.lib</FileName>
-              <FileType>4</FileType>
-              <FilePath>c:\Keil\ARM\RV31\LIB\FS_CM3.lib</FilePath>
-            </File>
-            <File>
-              <FileName>RTX_CM3.lib</FileName>
-              <FileType>4</FileType>
-              <FilePath>c:\Keil\ARM\RV31\LIB\\RTX_CM3.lib</FilePath>
-              <FileOption>
-                <CommonProperty>
-                  <UseCPPCompiler>2</UseCPPCompiler>
-                  <RVCTCodeConst>0</RVCTCodeConst>
-                  <RVCTZI>0</RVCTZI>
-                  <RVCTOtherData>0</RVCTOtherData>
-                  <ModuleSelection>0</ModuleSelection>
-                  <IncludeInBuild>0</IncludeInBuild>
-                  <AlwaysBuild>2</AlwaysBuild>
-                  <GenerateAssemblyFile>2</GenerateAssemblyFile>
-                  <AssembleAssemblyFile>2</AssembleAssemblyFile>
-                  <PublicsOnly>2</PublicsOnly>
-                  <StopOnExitCode>11</StopOnExitCode>
-                  <CustomArgument></CustomArgument>
-                  <IncludeLibraryModules></IncludeLibraryModules>
-                </CommonProperty>
-                <FileArmAds/>
-              </FileOption>
-            </File>
-            <File>
-              <FileName>TCPD_CM3.lib</FileName>
-              <FileType>4</FileType>
-              <FilePath>c:\Keil\ARM\RV31\LIB\TCPD_CM3.lib</FilePath>
-              <FileOption>
-                <CommonProperty>
-                  <UseCPPCompiler>2</UseCPPCompiler>
-                  <RVCTCodeConst>0</RVCTCodeConst>
-                  <RVCTZI>0</RVCTZI>
-                  <RVCTOtherData>0</RVCTOtherData>
-                  <ModuleSelection>0</ModuleSelection>
-                  <IncludeInBuild>0</IncludeInBuild>
-                  <AlwaysBuild>2</AlwaysBuild>
-                  <GenerateAssemblyFile>2</GenerateAssemblyFile>
-                  <AssembleAssemblyFile>2</AssembleAssemblyFile>
-                  <PublicsOnly>2</PublicsOnly>
-                  <StopOnExitCode>11</StopOnExitCode>
-                  <CustomArgument></CustomArgument>
-                  <IncludeLibraryModules></IncludeLibraryModules>
-                </CommonProperty>
-                <FileArmAds/>
-              </FileOption>
-            </File>
-            <File>
-              <FileName>TCP_CM3.lib</FileName>
-              <FileType>4</FileType>
-              <FilePath>c:\Keil\ARM\RV31\LIB\TCP_CM3.lib</FilePath>
-              <FileOption>
-                <CommonProperty>
-                  <UseCPPCompiler>2</UseCPPCompiler>
-                  <RVCTCodeConst>0</RVCTCodeConst>
-                  <RVCTZI>0</RVCTZI>
-                  <RVCTOtherData>0</RVCTOtherData>
-                  <ModuleSelection>0</ModuleSelection>
-                  <IncludeInBuild>0</IncludeInBuild>
-                  <AlwaysBuild>2</AlwaysBuild>
-                  <GenerateAssemblyFile>2</GenerateAssemblyFile>
-                  <AssembleAssemblyFile>2</AssembleAssemblyFile>
-                  <PublicsOnly>2</PublicsOnly>
-                  <StopOnExitCode>11</StopOnExitCode>
-                  <CustomArgument></CustomArgument>
-                  <IncludeLibraryModules></IncludeLibraryModules>
-                </CommonProperty>
-                <FileArmAds/>
-              </FileOption>
-            </File>
-            <File>
-              <FileName>Serial.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>C:\Keil\ARM\Boards\Keil\MCB4300\RL\FlashFS\SD_File\Serial.c</FilePath>
-            </File>
-            <File>
-              <FileName>ETH_LPC43xx.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>C:\Keil\ARM\RL\TCPnet\Drivers\ETH_LPC43xx.c</FilePath>
-              <FileOption>
-                <CommonProperty>
-                  <UseCPPCompiler>2</UseCPPCompiler>
-                  <RVCTCodeConst>0</RVCTCodeConst>
-                  <RVCTZI>0</RVCTZI>
-                  <RVCTOtherData>0</RVCTOtherData>
-                  <ModuleSelection>0</ModuleSelection>
-                  <IncludeInBuild>0</IncludeInBuild>
-                  <AlwaysBuild>2</AlwaysBuild>
-                  <GenerateAssemblyFile>2</GenerateAssemblyFile>
-                  <AssembleAssemblyFile>2</AssembleAssemblyFile>
-                  <PublicsOnly>2</PublicsOnly>
-                  <StopOnExitCode>11</StopOnExitCode>
-                  <CustomArgument></CustomArgument>
-                  <IncludeLibraryModules></IncludeLibraryModules>
-                </CommonProperty>
-                <FileArmAds>
-                  <Cads>
-                    <interw>2</interw>
-                    <Optim>0</Optim>
-                    <oTime>2</oTime>
-                    <SplitLS>2</SplitLS>
-                    <OneElfS>2</OneElfS>
-                    <Strict>2</Strict>
-                    <EnumInt>2</EnumInt>
-                    <PlainCh>2</PlainCh>
-                    <Ropi>2</Ropi>
-                    <Rwpi>2</Rwpi>
-                    <wLevel>0</wLevel>
-                    <uThumb>2</uThumb>
-                    <uSurpInc>2</uSurpInc>
-                    <VariousControls>
-                      <MiscControls></MiscControls>
-                      <Define></Define>
-                      <Undefine></Undefine>
-                      <IncludePath></IncludePath>
-                    </VariousControls>
-                  </Cads>
-                </FileArmAds>
-              </FileOption>
-            </File>
-            <File>
-              <FileName>SDIO_LPC43xx.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>C:\Keil\ARM\Boards\Keil\MCB4300\RL\FlashFS\SD_File\SDIO_LPC43xx.c</FilePath>
-            </File>
-            <File>
-              <FileName>system_LPC43xx.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>C:\Keil\ARM\Boards\Keil\MCB4300\RL\FlashFS\SD_File\system_LPC43xx.c</FilePath>
-            </File>
-          </Files>
-        </Group>
-        <Group>
-          <GroupName>CyaSSL Library</GroupName>
-          <Files>
-            <File>
-              <FileName>crl.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\src\crl.c</FilePath>
-            </File>
-            <File>
-              <FileName>internal.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\src\internal.c</FilePath>
-            </File>
-            <File>
-              <FileName>io.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\src\io.c</FilePath>
-            </File>
-            <File>
-              <FileName>keys.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\src\keys.c</FilePath>
-            </File>
-            <File>
-              <FileName>ocsp.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\src\ocsp.c</FilePath>
-            </File>
-            <File>
-              <FileName>sniffer.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\src\sniffer.c</FilePath>
-            </File>
-            <File>
-              <FileName>ssl.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\src\ssl.c</FilePath>
-            </File>
-            <File>
-              <FileName>tls.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\src\tls.c</FilePath>
-            </File>
-            <File>
-              <FileName>ssl-dummy.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\MDK-ARM\CyaSSL\ssl-dummy.c</FilePath>
-              <FileOption>
-                <CommonProperty>
-                  <UseCPPCompiler>2</UseCPPCompiler>
-                  <RVCTCodeConst>0</RVCTCodeConst>
-                  <RVCTZI>0</RVCTZI>
-                  <RVCTOtherData>0</RVCTOtherData>
-                  <ModuleSelection>0</ModuleSelection>
-                  <IncludeInBuild>0</IncludeInBuild>
-                  <AlwaysBuild>2</AlwaysBuild>
-                  <GenerateAssemblyFile>2</GenerateAssemblyFile>
-                  <AssembleAssemblyFile>2</AssembleAssemblyFile>
-                  <PublicsOnly>2</PublicsOnly>
-                  <StopOnExitCode>11</StopOnExitCode>
-                  <CustomArgument></CustomArgument>
-                  <IncludeLibraryModules></IncludeLibraryModules>
-                </CommonProperty>
-                <FileArmAds>
-                  <Cads>
-                    <interw>2</interw>
-                    <Optim>0</Optim>
-                    <oTime>2</oTime>
-                    <SplitLS>2</SplitLS>
-                    <OneElfS>2</OneElfS>
-                    <Strict>2</Strict>
-                    <EnumInt>2</EnumInt>
-                    <PlainCh>2</PlainCh>
-                    <Ropi>2</Ropi>
-                    <Rwpi>2</Rwpi>
-                    <wLevel>0</wLevel>
-                    <uThumb>2</uThumb>
-                    <uSurpInc>2</uSurpInc>
-                    <VariousControls>
-                      <MiscControls></MiscControls>
-                      <Define></Define>
-                      <Undefine></Undefine>
-                      <IncludePath></IncludePath>
-                    </VariousControls>
-                  </Cads>
-                </FileArmAds>
-              </FileOption>
-            </File>
-          </Files>
-        </Group>
-        <Group>
-          <GroupName>Crypt/Cipher Library</GroupName>
-          <Files>
-            <File>
-              <FileName>aes.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\aes.c</FilePath>
-            </File>
-            <File>
-              <FileName>arc4.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\arc4.c</FilePath>
-            </File>
-            <File>
-              <FileName>asm.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\asm.c</FilePath>
-            </File>
-            <File>
-              <FileName>asn.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\asn.c</FilePath>
-            </File>
-            <File>
-              <FileName>camellia.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\camellia.c</FilePath>
-            </File>
-            <File>
-              <FileName>coding.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\coding.c</FilePath>
-            </File>
-            <File>
-              <FileName>des3.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\des3.c</FilePath>
-            </File>
-            <File>
-              <FileName>dh.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\dh.c</FilePath>
-            </File>
-            <File>
-              <FileName>dsa.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\dsa.c</FilePath>
-            </File>
-            <File>
-              <FileName>ecc.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\ecc.c</FilePath>
-            </File>
-            <File>
-              <FileName>ecc_fp.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\ecc_fp.c</FilePath>
-            </File>
-            <File>
-              <FileName>error.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\error.c</FilePath>
-            </File>
-            <File>
-              <FileName>hc128.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\hc128.c</FilePath>
-            </File>
-            <File>
-              <FileName>hmac.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\hmac.c</FilePath>
-            </File>
-            <File>
-              <FileName>integer.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\integer.c</FilePath>
-            </File>
-            <File>
-              <FileName>logging.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\logging.c</FilePath>
-            </File>
-            <File>
-              <FileName>md2.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\md2.c</FilePath>
-            </File>
-            <File>
-              <FileName>md4.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\md4.c</FilePath>
-            </File>
-            <File>
-              <FileName>md5.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\md5.c</FilePath>
-            </File>
-            <File>
-              <FileName>memory.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\memory.c</FilePath>
-            </File>
-            <File>
-              <FileName>misc.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\misc.c</FilePath>
-            </File>
-            <File>
-              <FileName>pwdbased.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\pwdbased.c</FilePath>
-            </File>
-            <File>
-              <FileName>rabbit.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\rabbit.c</FilePath>
-            </File>
-            <File>
-              <FileName>random.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\random.c</FilePath>
-            </File>
-            <File>
-              <FileName>ripemd.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\ripemd.c</FilePath>
-            </File>
-            <File>
-              <FileName>rsa.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\rsa.c</FilePath>
-            </File>
-            <File>
-              <FileName>sha.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\sha.c</FilePath>
-            </File>
-            <File>
-              <FileName>sha256.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\sha256.c</FilePath>
-            </File>
-            <File>
-              <FileName>sha512.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\sha512.c</FilePath>
-            </File>
-            <File>
-              <FileName>tfm.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\tfm.c</FilePath>
-              <FileOption>
-                <CommonProperty>
-                  <UseCPPCompiler>2</UseCPPCompiler>
-                  <RVCTCodeConst>0</RVCTCodeConst>
-                  <RVCTZI>0</RVCTZI>
-                  <RVCTOtherData>0</RVCTOtherData>
-                  <ModuleSelection>0</ModuleSelection>
-                  <IncludeInBuild>0</IncludeInBuild>
-                  <AlwaysBuild>2</AlwaysBuild>
-                  <GenerateAssemblyFile>2</GenerateAssemblyFile>
-                  <AssembleAssemblyFile>2</AssembleAssemblyFile>
-                  <PublicsOnly>2</PublicsOnly>
-                  <StopOnExitCode>11</StopOnExitCode>
-                  <CustomArgument></CustomArgument>
-                  <IncludeLibraryModules></IncludeLibraryModules>
-                </CommonProperty>
-                <FileArmAds>
-                  <Cads>
-                    <interw>2</interw>
-                    <Optim>0</Optim>
-                    <oTime>2</oTime>
-                    <SplitLS>2</SplitLS>
-                    <OneElfS>2</OneElfS>
-                    <Strict>2</Strict>
-                    <EnumInt>2</EnumInt>
-                    <PlainCh>2</PlainCh>
-                    <Ropi>2</Ropi>
-                    <Rwpi>2</Rwpi>
-                    <wLevel>0</wLevel>
-                    <uThumb>2</uThumb>
-                    <uSurpInc>2</uSurpInc>
-                    <VariousControls>
-                      <MiscControls></MiscControls>
-                      <Define></Define>
-                      <Undefine></Undefine>
-                      <IncludePath></IncludePath>
-                    </VariousControls>
-                  </Cads>
-                </FileArmAds>
-              </FileOption>
-            </File>
-            <File>
-              <FileName>wc_port.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\wc_port.c</FilePath>
-            </File>
-          </Files>
-        </Group>
-        <Group>
-          <GroupName>Configuration</GroupName>
-          <Files>
-            <File>
-              <FileName>File_Config.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\MDK-ARM\config\File_Config.c</FilePath>
-            </File>
-            <File>
-              <FileName>Net_Config.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\MDK-ARM\config\Net_Config.c</FilePath>
-              <FileOption>
-                <CommonProperty>
-                  <UseCPPCompiler>2</UseCPPCompiler>
-                  <RVCTCodeConst>0</RVCTCodeConst>
-                  <RVCTZI>0</RVCTZI>
-                  <RVCTOtherData>0</RVCTOtherData>
-                  <ModuleSelection>0</ModuleSelection>
-                  <IncludeInBuild>0</IncludeInBuild>
-                  <AlwaysBuild>2</AlwaysBuild>
-                  <GenerateAssemblyFile>2</GenerateAssemblyFile>
-                  <AssembleAssemblyFile>2</AssembleAssemblyFile>
-                  <PublicsOnly>2</PublicsOnly>
-                  <StopOnExitCode>11</StopOnExitCode>
-                  <CustomArgument></CustomArgument>
-                  <IncludeLibraryModules></IncludeLibraryModules>
-                </CommonProperty>
-                <FileArmAds>
-                  <Cads>
-                    <interw>2</interw>
-                    <Optim>0</Optim>
-                    <oTime>2</oTime>
-                    <SplitLS>2</SplitLS>
-                    <OneElfS>2</OneElfS>
-                    <Strict>2</Strict>
-                    <EnumInt>2</EnumInt>
-                    <PlainCh>2</PlainCh>
-                    <Ropi>2</Ropi>
-                    <Rwpi>2</Rwpi>
-                    <wLevel>0</wLevel>
-                    <uThumb>2</uThumb>
-                    <uSurpInc>2</uSurpInc>
-                    <VariousControls>
-                      <MiscControls></MiscControls>
-                      <Define></Define>
-                      <Undefine></Undefine>
-                      <IncludePath></IncludePath>
-                    </VariousControls>
-                  </Cads>
-                </FileArmAds>
-              </FileOption>
-            </File>
-            <File>
-              <FileName>config.h</FileName>
-              <FileType>5</FileType>
-              <FilePath>..\MDK-ARM\CyaSSL\config.h</FilePath>
-            </File>
-            <File>
-              <FileName>RTX_Conf_CM.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\MDK-ARM\config\RTX_Conf_CM.c</FilePath>
-              <FileOption>
-                <CommonProperty>
-                  <UseCPPCompiler>2</UseCPPCompiler>
-                  <RVCTCodeConst>0</RVCTCodeConst>
-                  <RVCTZI>0</RVCTZI>
-                  <RVCTOtherData>0</RVCTOtherData>
-                  <ModuleSelection>0</ModuleSelection>
-                  <IncludeInBuild>0</IncludeInBuild>
-                  <AlwaysBuild>2</AlwaysBuild>
-                  <GenerateAssemblyFile>2</GenerateAssemblyFile>
-                  <AssembleAssemblyFile>2</AssembleAssemblyFile>
-                  <PublicsOnly>2</PublicsOnly>
-                  <StopOnExitCode>11</StopOnExitCode>
-                  <CustomArgument></CustomArgument>
-                  <IncludeLibraryModules></IncludeLibraryModules>
-                </CommonProperty>
-                <FileArmAds>
-                  <Cads>
-                    <interw>2</interw>
-                    <Optim>0</Optim>
-                    <oTime>2</oTime>
-                    <SplitLS>2</SplitLS>
-                    <OneElfS>2</OneElfS>
-                    <Strict>2</Strict>
-                    <EnumInt>2</EnumInt>
-                    <PlainCh>2</PlainCh>
-                    <Ropi>2</Ropi>
-                    <Rwpi>2</Rwpi>
-                    <wLevel>0</wLevel>
-                    <uThumb>2</uThumb>
-                    <uSurpInc>2</uSurpInc>
-                    <VariousControls>
-                      <MiscControls></MiscControls>
-                      <Define></Define>
-                      <Undefine></Undefine>
-                      <IncludePath></IncludePath>
-                    </VariousControls>
-                  </Cads>
-                </FileArmAds>
-              </FileOption>
-            </File>
-            <File>
-              <FileName>Net_Debug.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\MDK-ARM\config\Net_Debug.c</FilePath>
-              <FileOption>
-                <CommonProperty>
-                  <UseCPPCompiler>2</UseCPPCompiler>
-                  <RVCTCodeConst>0</RVCTCodeConst>
-                  <RVCTZI>0</RVCTZI>
-                  <RVCTOtherData>0</RVCTOtherData>
-                  <ModuleSelection>0</ModuleSelection>
-                  <IncludeInBuild>0</IncludeInBuild>
-                  <AlwaysBuild>2</AlwaysBuild>
-                  <GenerateAssemblyFile>2</GenerateAssemblyFile>
-                  <AssembleAssemblyFile>2</AssembleAssemblyFile>
-                  <PublicsOnly>2</PublicsOnly>
-                  <StopOnExitCode>11</StopOnExitCode>
-                  <CustomArgument></CustomArgument>
-                  <IncludeLibraryModules></IncludeLibraryModules>
-                </CommonProperty>
-                <FileArmAds>
-                  <Cads>
-                    <interw>2</interw>
-                    <Optim>0</Optim>
-                    <oTime>2</oTime>
-                    <SplitLS>2</SplitLS>
-                    <OneElfS>2</OneElfS>
-                    <Strict>2</Strict>
-                    <EnumInt>2</EnumInt>
-                    <PlainCh>2</PlainCh>
-                    <Ropi>2</Ropi>
-                    <Rwpi>2</Rwpi>
-                    <wLevel>0</wLevel>
-                    <uThumb>2</uThumb>
-                    <uSurpInc>2</uSurpInc>
-                    <VariousControls>
-                      <MiscControls></MiscControls>
-                      <Define></Define>
-                      <Undefine></Undefine>
-                      <IncludePath></IncludePath>
-                    </VariousControls>
-                  </Cads>
-                </FileArmAds>
-              </FileOption>
-            </File>
-            <File>
-              <FileName>config-FS.h</FileName>
-              <FileType>5</FileType>
-              <FilePath>..\MDK-ARM\CyaSSL\config-FS.h</FilePath>
-            </File>
-            <File>
-              <FileName>config-RTX-TCP-FS.h</FileName>
-              <FileType>5</FileType>
-              <FilePath>..\MDK-ARM\CyaSSL\config-RTX-TCP-FS.h</FilePath>
-            </File>
-            <File>
-              <FileName>config-BARE-METAL.h</FileName>
-              <FileType>5</FileType>
-              <FilePath>..\MDK-ARM\CyaSSL\config-BARE-METAL.h</FilePath>
-            </File>
-            <File>
-              <FileName>startup_LPC43xx.s</FileName>
-              <FileType>2</FileType>
-              <FilePath>..\LPC43xx\startup_LPC43xx.s</FilePath>
-            </File>
-          </Files>
-        </Group>
-        <Group>
-          <GroupName>CyaSSL-MDK</GroupName>
-          <Files>
-            <File>
-              <FileName>cyassl_MDK_ARM.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\MDK-ARM\CyaSSL\cyassl_MDK_ARM.c</FilePath>
-            </File>
-            <File>
-              <FileName>Retarget.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\MDK-ARM\CyaSSL\Retarget.c</FilePath>
-            </File>
-            <File>
-              <FileName>time-LCP43xx.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\LPC43xx\time-LCP43xx.c</FilePath>
-            </File>
-          </Files>
-        </Group>
-      </Groups>
-    </Target>
-    <Target>
-      <TargetName>MDK-BARE-METAL</TargetName>
-      <ToolsetNumber>0x4</ToolsetNumber>
-      <ToolsetName>ARM-ADS</ToolsetName>
-      <TargetOption>
-        <TargetCommonOption>
-          <Device>LPC4357</Device>
-          <Vendor>NXP (founded by Philips)</Vendor>
-          <Cpu>IRAM(0x10000000-0x10007FFF) IRAM2(0x20000000-0x2000FFFF) IROM(0x1A000000-0x1A07FFFF) IROM2(0x1B000000-0x1B07FFFF) CLOCK(12000000) CPUTYPE("Cortex-M4") FPU2</Cpu>
-          <FlashUtilSpec></FlashUtilSpec>
-          <StartupFile>"STARTUP\NXP\LPC43xx\startup_LPC43xx.s" ("NXP LPC43xx Startup Code")</StartupFile>
-          <FlashDriverDll>UL2CM3(-O975 -S0 -C0 -FO7 -FD10000000 -FC800 -FN2 -FF0LPC18xx43xx_512_BA -FS01A000000 -FL080000 -FF1LPC18xx43xx_512_BB -FS11B000000 -FL180000)</FlashDriverDll>
-          <DeviceId>6414</DeviceId>
-          <RegisterFile>LPC43xx.H</RegisterFile>
-          <MemoryEnv></MemoryEnv>
-          <Cmp></Cmp>
-          <Asm></Asm>
-          <Linker></Linker>
-          <OHString></OHString>
-          <InfinionOptionDll></InfinionOptionDll>
-          <SLE66CMisc></SLE66CMisc>
-          <SLE66AMisc></SLE66AMisc>
-          <SLE66LinkerMisc></SLE66LinkerMisc>
-          <SFDFile>SFD\NXP\LPC43xx\LPC43xx.SFR</SFDFile>
-          <UseEnv>0</UseEnv>
-          <BinPath></BinPath>
-          <IncludePath></IncludePath>
-          <LibPath></LibPath>
-          <RegisterFilePath>NXP\LPC43xx\</RegisterFilePath>
-          <DBRegisterFilePath>NXP\LPC43xx\</DBRegisterFilePath>
-          <TargetStatus>
-            <Error>0</Error>
-            <ExitCodeStop>0</ExitCodeStop>
-            <ButtonStop>0</ButtonStop>
-            <NotGenerated>0</NotGenerated>
-            <InvalidFlash>1</InvalidFlash>
-          </TargetStatus>
-          <OutputDirectory>.\MDK-BARE-METAL\</OutputDirectory>
-          <OutputName>LCP43xx-MDK-BARE-METAL</OutputName>
-          <CreateExecutable>1</CreateExecutable>
-          <CreateLib>0</CreateLib>
-          <CreateHexFile>0</CreateHexFile>
-          <DebugInformation>1</DebugInformation>
-          <BrowseInformation>1</BrowseInformation>
-          <ListingPath>.\Lst\</ListingPath>
-          <HexFormatSelection>1</HexFormatSelection>
-          <Merge32K>0</Merge32K>
-          <CreateBatchFile>0</CreateBatchFile>
-          <BeforeCompile>
-            <RunUserProg1>0</RunUserProg1>
-            <RunUserProg2>0</RunUserProg2>
-            <UserProg1Name></UserProg1Name>
-            <UserProg2Name></UserProg2Name>
-            <UserProg1Dos16Mode>0</UserProg1Dos16Mode>
-            <UserProg2Dos16Mode>0</UserProg2Dos16Mode>
-            <nStopU1X>0</nStopU1X>
-            <nStopU2X>0</nStopU2X>
-          </BeforeCompile>
-          <BeforeMake>
-            <RunUserProg1>0</RunUserProg1>
-            <RunUserProg2>0</RunUserProg2>
-            <UserProg1Name></UserProg1Name>
-            <UserProg2Name></UserProg2Name>
-            <UserProg1Dos16Mode>0</UserProg1Dos16Mode>
-            <UserProg2Dos16Mode>0</UserProg2Dos16Mode>
-          </BeforeMake>
-          <AfterMake>
-            <RunUserProg1>1</RunUserProg1>
-            <RunUserProg2>0</RunUserProg2>
-            <UserProg1Name>$K\ARM\BIN\ElfDwT.exe !L BASEADDRESS(0x1A000000)</UserProg1Name>
-            <UserProg2Name></UserProg2Name>
-            <UserProg1Dos16Mode>0</UserProg1Dos16Mode>
-            <UserProg2Dos16Mode>0</UserProg2Dos16Mode>
-          </AfterMake>
-          <SelectedForBatchBuild>0</SelectedForBatchBuild>
-          <SVCSIdString></SVCSIdString>
-        </TargetCommonOption>
-        <CommonProperty>
-          <UseCPPCompiler>0</UseCPPCompiler>
-          <RVCTCodeConst>0</RVCTCodeConst>
-          <RVCTZI>0</RVCTZI>
-          <RVCTOtherData>0</RVCTOtherData>
-          <ModuleSelection>0</ModuleSelection>
-          <IncludeInBuild>1</IncludeInBuild>
-          <AlwaysBuild>0</AlwaysBuild>
-          <GenerateAssemblyFile>0</GenerateAssemblyFile>
-          <AssembleAssemblyFile>0</AssembleAssemblyFile>
-          <PublicsOnly>0</PublicsOnly>
-          <StopOnExitCode>3</StopOnExitCode>
-          <CustomArgument></CustomArgument>
-          <IncludeLibraryModules></IncludeLibraryModules>
-        </CommonProperty>
-        <DllOption>
-          <SimDllName>SARMCM3.DLL</SimDllName>
-          <SimDllArguments>-MPU</SimDllArguments>
-          <SimDlgDll>DCM.DLL</SimDlgDll>
-          <SimDlgDllArguments>-pCM4</SimDlgDllArguments>
-          <TargetDllName>SARMCM3.DLL</TargetDllName>
-          <TargetDllArguments>-MPU</TargetDllArguments>
-          <TargetDlgDll>TCM.DLL</TargetDlgDll>
-          <TargetDlgDllArguments>-pCM4</TargetDlgDllArguments>
-        </DllOption>
-        <DebugOption>
-          <OPTHX>
-            <HexSelection>1</HexSelection>
-            <HexRangeLowAddress>0</HexRangeLowAddress>
-            <HexRangeHighAddress>0</HexRangeHighAddress>
-            <HexOffset>0</HexOffset>
-            <Oh166RecLen>16</Oh166RecLen>
-          </OPTHX>
-          <Simulator>
-            <UseSimulator>0</UseSimulator>
-            <LoadApplicationAtStartup>1</LoadApplicationAtStartup>
-            <RunToMain>1</RunToMain>
-            <RestoreBreakpoints>1</RestoreBreakpoints>
-            <RestoreWatchpoints>1</RestoreWatchpoints>
-            <RestoreMemoryDisplay>1</RestoreMemoryDisplay>
-            <RestoreFunctions>1</RestoreFunctions>
-            <RestoreToolbox>1</RestoreToolbox>
-            <LimitSpeedToRealTime>0</LimitSpeedToRealTime>
-          </Simulator>
-          <Target>
-            <UseTarget>1</UseTarget>
-            <LoadApplicationAtStartup>1</LoadApplicationAtStartup>
-            <RunToMain>1</RunToMain>
-            <RestoreBreakpoints>1</RestoreBreakpoints>
-            <RestoreWatchpoints>1</RestoreWatchpoints>
-            <RestoreMemoryDisplay>1</RestoreMemoryDisplay>
-            <RestoreFunctions>0</RestoreFunctions>
-            <RestoreToolbox>1</RestoreToolbox>
-            <RestoreTracepoints>0</RestoreTracepoints>
-          </Target>
-          <RunDebugAfterBuild>0</RunDebugAfterBuild>
-          <TargetSelection>9</TargetSelection>
-          <SimDlls>
-            <CpuDll></CpuDll>
-            <CpuDllArguments></CpuDllArguments>
-            <PeripheralDll></PeripheralDll>
-            <PeripheralDllArguments></PeripheralDllArguments>
-            <InitializationFile></InitializationFile>
-          </SimDlls>
-          <TargetDlls>
-            <CpuDll></CpuDll>
-            <CpuDllArguments></CpuDllArguments>
-            <PeripheralDll></PeripheralDll>
-            <PeripheralDllArguments></PeripheralDllArguments>
-            <InitializationFile>..\MDK-ARM\config\Dbg_Flash.ini</InitializationFile>
-            <Driver>BIN\ULP2CM3.DLL</Driver>
-          </TargetDlls>
-        </DebugOption>
-        <Utilities>
-          <Flash1>
-            <UseTargetDll>1</UseTargetDll>
-            <UseExternalTool>0</UseExternalTool>
-            <RunIndependent>0</RunIndependent>
-            <UpdateFlashBeforeDebugging>1</UpdateFlashBeforeDebugging>
-            <Capability>1</Capability>
-            <DriverSelection>4100</DriverSelection>
-          </Flash1>
-          <bUseTDR>0</bUseTDR>
-          <Flash2>BIN\ULP2CM3.DLL</Flash2>
-          <Flash3>"" ()</Flash3>
-          <Flash4></Flash4>
-        </Utilities>
-        <TargetArmAds>
-          <ArmAdsMisc>
-            <GenerateListings>0</GenerateListings>
-            <asHll>1</asHll>
-            <asAsm>1</asAsm>
-            <asMacX>1</asMacX>
-            <asSyms>1</asSyms>
-            <asFals>1</asFals>
-            <asDbgD>1</asDbgD>
-            <asForm>1</asForm>
-            <ldLst>0</ldLst>
-            <ldmm>1</ldmm>
-            <ldXref>1</ldXref>
-            <BigEnd>0</BigEnd>
-            <AdsALst>1</AdsALst>
-            <AdsACrf>1</AdsACrf>
-            <AdsANop>0</AdsANop>
-            <AdsANot>0</AdsANot>
-            <AdsLLst>1</AdsLLst>
-            <AdsLmap>1</AdsLmap>
-            <AdsLcgr>1</AdsLcgr>
-            <AdsLsym>1</AdsLsym>
-            <AdsLszi>1</AdsLszi>
-            <AdsLtoi>1</AdsLtoi>
-            <AdsLsun>1</AdsLsun>
-            <AdsLven>1</AdsLven>
-            <AdsLsxf>1</AdsLsxf>
-            <RvctClst>0</RvctClst>
-            <GenPPlst>0</GenPPlst>
-            <AdsCpuType>"Cortex-M4"</AdsCpuType>
-            <RvctDeviceName></RvctDeviceName>
-            <mOS>0</mOS>
-            <uocRom>0</uocRom>
-            <uocRam>0</uocRam>
-            <hadIROM>1</hadIROM>
-            <hadIRAM>1</hadIRAM>
-            <hadXRAM>0</hadXRAM>
-            <uocXRam>0</uocXRam>
-            <RvdsVP>1</RvdsVP>
-            <hadIRAM2>1</hadIRAM2>
-            <hadIROM2>1</hadIROM2>
-            <StupSel>8</StupSel>
-            <useUlib>0</useUlib>
-            <EndSel>0</EndSel>
-            <uLtcg>0</uLtcg>
-            <RoSelD>3</RoSelD>
-            <RwSelD>3</RwSelD>
-            <CodeSel>1</CodeSel>
-            <OptFeed>0</OptFeed>
-            <NoZi1>0</NoZi1>
-            <NoZi2>0</NoZi2>
-            <NoZi3>0</NoZi3>
-            <NoZi4>0</NoZi4>
-            <NoZi5>0</NoZi5>
-            <Ro1Chk>0</Ro1Chk>
-            <Ro2Chk>0</Ro2Chk>
-            <Ro3Chk>0</Ro3Chk>
-            <Ir1Chk>1</Ir1Chk>
-            <Ir2Chk>1</Ir2Chk>
-            <Ra1Chk>1</Ra1Chk>
-            <Ra2Chk>0</Ra2Chk>
-            <Ra3Chk>0</Ra3Chk>
-            <Im1Chk>1</Im1Chk>
-            <Im2Chk>1</Im2Chk>
-            <OnChipMemories>
-              <Ocm1>
-                <Type>0</Type>
-                <StartAddress>0x0</StartAddress>
-                <Size>0x0</Size>
-              </Ocm1>
-              <Ocm2>
-                <Type>0</Type>
-                <StartAddress>0x0</StartAddress>
-                <Size>0x0</Size>
-              </Ocm2>
-              <Ocm3>
-                <Type>0</Type>
-                <StartAddress>0x0</StartAddress>
-                <Size>0x0</Size>
-              </Ocm3>
-              <Ocm4>
-                <Type>0</Type>
-                <StartAddress>0x0</StartAddress>
-                <Size>0x0</Size>
-              </Ocm4>
-              <Ocm5>
-                <Type>0</Type>
-                <StartAddress>0x0</StartAddress>
-                <Size>0x0</Size>
-              </Ocm5>
-              <Ocm6>
-                <Type>0</Type>
-                <StartAddress>0x0</StartAddress>
-                <Size>0x0</Size>
-              </Ocm6>
-              <IRAM>
-                <Type>0</Type>
-                <StartAddress>0x10000000</StartAddress>
-                <Size>0x8000</Size>
-              </IRAM>
-              <IROM>
-                <Type>1</Type>
-                <StartAddress>0x1a000000</StartAddress>
-                <Size>0x80000</Size>
-              </IROM>
-              <XRAM>
-                <Type>0</Type>
-                <StartAddress>0x0</StartAddress>
-                <Size>0x0</Size>
-              </XRAM>
-              <OCR_RVCT1>
-                <Type>1</Type>
-                <StartAddress>0x0</StartAddress>
-                <Size>0x0</Size>
-              </OCR_RVCT1>
-              <OCR_RVCT2>
-                <Type>1</Type>
-                <StartAddress>0x0</StartAddress>
-                <Size>0x0</Size>
-              </OCR_RVCT2>
-              <OCR_RVCT3>
-                <Type>1</Type>
-                <StartAddress>0x0</StartAddress>
-                <Size>0x0</Size>
-              </OCR_RVCT3>
-              <OCR_RVCT4>
-                <Type>1</Type>
-                <StartAddress>0x1a000000</StartAddress>
-                <Size>0x80000</Size>
-              </OCR_RVCT4>
-              <OCR_RVCT5>
-                <Type>1</Type>
-                <StartAddress>0x1b000000</StartAddress>
-                <Size>0x80000</Size>
-              </OCR_RVCT5>
-              <OCR_RVCT6>
-                <Type>0</Type>
-                <StartAddress>0x10080000</StartAddress>
-                <Size>0xa000</Size>
-              </OCR_RVCT6>
-              <OCR_RVCT7>
-                <Type>0</Type>
-                <StartAddress>0x0</StartAddress>
-                <Size>0x0</Size>
-              </OCR_RVCT7>
-              <OCR_RVCT8>
-                <Type>0</Type>
-                <StartAddress>0x0</StartAddress>
-                <Size>0x0</Size>
-              </OCR_RVCT8>
-              <OCR_RVCT9>
-                <Type>0</Type>
-                <StartAddress>0x10000000</StartAddress>
-                <Size>0x8000</Size>
-              </OCR_RVCT9>
-              <OCR_RVCT10>
-                <Type>0</Type>
-                <StartAddress>0x20000000</StartAddress>
-                <Size>0x10000</Size>
-              </OCR_RVCT10>
-            </OnChipMemories>
-            <RvctStartVector></RvctStartVector>
-          </ArmAdsMisc>
-          <Cads>
-            <interw>1</interw>
-            <Optim>4</Optim>
-            <oTime>0</oTime>
-            <SplitLS>0</SplitLS>
-            <OneElfS>0</OneElfS>
-            <Strict>0</Strict>
-            <EnumInt>0</EnumInt>
-            <PlainCh>0</PlainCh>
-            <Ropi>0</Ropi>
-            <Rwpi>0</Rwpi>
-            <wLevel>0</wLevel>
-            <uThumb>0</uThumb>
-            <uSurpInc>0</uSurpInc>
-            <VariousControls>
-              <MiscControls></MiscControls>
-              <Define>HAVE_CONFIG_H CYASSL_LPC43xx  __DBG_ITM  CORE_M4  __RTX USE_STDPERIPH_DRIVER  MDK_CONF_BARE_METAL</Define>
-              <Undefine></Undefine>
-              <IncludePath>..\MDK-ARM\CyaSSL;../../..;..\LPC43xx\Drivers\include;..\LPC43xx\LPC43xx\Include</IncludePath>
-            </VariousControls>
-          </Cads>
-          <Aads>
-            <interw>1</interw>
-            <Ropi>0</Ropi>
-            <Rwpi>0</Rwpi>
-            <thumb>1</thumb>
-            <SplitLS>0</SplitLS>
-            <SwStkChk>0</SwStkChk>
-            <NoWarn>0</NoWarn>
-            <uSurpInc>0</uSurpInc>
-            <VariousControls>
-              <MiscControls></MiscControls>
-              <Define></Define>
-              <Undefine></Undefine>
-              <IncludePath></IncludePath>
-            </VariousControls>
-          </Aads>
-          <LDads>
-            <umfTarg>1</umfTarg>
-            <Ropi>0</Ropi>
-            <Rwpi>0</Rwpi>
-            <noStLib>0</noStLib>
-            <RepFail>1</RepFail>
-            <useFile>0</useFile>
-            <TextAddressRange></TextAddressRange>
-            <DataAddressRange></DataAddressRange>
-            <ScatterFile></ScatterFile>
-            <IncludeLibs></IncludeLibs>
-            <IncludeLibsPath></IncludeLibsPath>
-            <Misc></Misc>
-            <LinkerInputFile></LinkerInputFile>
-            <DisabledWarnings></DisabledWarnings>
-          </LDads>
-        </TargetArmAds>
-      </TargetOption>
-      <Groups>
-        <Group>
-          <GroupName>CyaSSL Apps</GroupName>
-          <Files>
-            <File>
-              <FileName>echoclient.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\examples\echoclient\echoclient.c</FilePath>
-              <FileOption>
-                <CommonProperty>
-                  <UseCPPCompiler>2</UseCPPCompiler>
-                  <RVCTCodeConst>0</RVCTCodeConst>
-                  <RVCTZI>0</RVCTZI>
-                  <RVCTOtherData>0</RVCTOtherData>
-                  <ModuleSelection>0</ModuleSelection>
-                  <IncludeInBuild>0</IncludeInBuild>
-                  <AlwaysBuild>2</AlwaysBuild>
-                  <GenerateAssemblyFile>2</GenerateAssemblyFile>
-                  <AssembleAssemblyFile>2</AssembleAssemblyFile>
-                  <PublicsOnly>2</PublicsOnly>
-                  <StopOnExitCode>11</StopOnExitCode>
-                  <CustomArgument></CustomArgument>
-                  <IncludeLibraryModules></IncludeLibraryModules>
-                </CommonProperty>
-                <FileArmAds>
-                  <Cads>
-                    <interw>2</interw>
-                    <Optim>0</Optim>
-                    <oTime>2</oTime>
-                    <SplitLS>2</SplitLS>
-                    <OneElfS>2</OneElfS>
-                    <Strict>2</Strict>
-                    <EnumInt>2</EnumInt>
-                    <PlainCh>2</PlainCh>
-                    <Ropi>2</Ropi>
-                    <Rwpi>2</Rwpi>
-                    <wLevel>0</wLevel>
-                    <uThumb>2</uThumb>
-                    <uSurpInc>2</uSurpInc>
-                    <VariousControls>
-                      <MiscControls></MiscControls>
-                      <Define></Define>
-                      <Undefine></Undefine>
-                      <IncludePath></IncludePath>
-                    </VariousControls>
-                  </Cads>
-                </FileArmAds>
-              </FileOption>
-            </File>
-            <File>
-              <FileName>echoserver.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\examples\echoserver\echoserver.c</FilePath>
-              <FileOption>
-                <CommonProperty>
-                  <UseCPPCompiler>2</UseCPPCompiler>
-                  <RVCTCodeConst>0</RVCTCodeConst>
-                  <RVCTZI>0</RVCTZI>
-                  <RVCTOtherData>0</RVCTOtherData>
-                  <ModuleSelection>0</ModuleSelection>
-                  <IncludeInBuild>0</IncludeInBuild>
-                  <AlwaysBuild>2</AlwaysBuild>
-                  <GenerateAssemblyFile>2</GenerateAssemblyFile>
-                  <AssembleAssemblyFile>2</AssembleAssemblyFile>
-                  <PublicsOnly>2</PublicsOnly>
-                  <StopOnExitCode>11</StopOnExitCode>
-                  <CustomArgument></CustomArgument>
-                  <IncludeLibraryModules></IncludeLibraryModules>
-                </CommonProperty>
-                <FileArmAds>
-                  <Cads>
-                    <interw>2</interw>
-                    <Optim>0</Optim>
-                    <oTime>2</oTime>
-                    <SplitLS>2</SplitLS>
-                    <OneElfS>2</OneElfS>
-                    <Strict>2</Strict>
-                    <EnumInt>2</EnumInt>
-                    <PlainCh>2</PlainCh>
-                    <Ropi>2</Ropi>
-                    <Rwpi>2</Rwpi>
-                    <wLevel>0</wLevel>
-                    <uThumb>2</uThumb>
-                    <uSurpInc>2</uSurpInc>
-                    <VariousControls>
-                      <MiscControls></MiscControls>
-                      <Define></Define>
-                      <Undefine></Undefine>
-                      <IncludePath></IncludePath>
-                    </VariousControls>
-                  </Cads>
-                </FileArmAds>
-              </FileOption>
-            </File>
-            <File>
-              <FileName>test.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\test\test.c</FilePath>
-            </File>
-            <File>
-              <FileName>benchmark.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\benchmark\benchmark.c</FilePath>
-            </File>
-            <File>
-              <FileName>client.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\examples\client\client.c</FilePath>
-              <FileOption>
-                <CommonProperty>
-                  <UseCPPCompiler>2</UseCPPCompiler>
-                  <RVCTCodeConst>0</RVCTCodeConst>
-                  <RVCTZI>0</RVCTZI>
-                  <RVCTOtherData>0</RVCTOtherData>
-                  <ModuleSelection>0</ModuleSelection>
-                  <IncludeInBuild>0</IncludeInBuild>
-                  <AlwaysBuild>2</AlwaysBuild>
-                  <GenerateAssemblyFile>2</GenerateAssemblyFile>
-                  <AssembleAssemblyFile>2</AssembleAssemblyFile>
-                  <PublicsOnly>2</PublicsOnly>
-                  <StopOnExitCode>11</StopOnExitCode>
-                  <CustomArgument></CustomArgument>
-                  <IncludeLibraryModules></IncludeLibraryModules>
-                </CommonProperty>
-                <FileArmAds>
-                  <Cads>
-                    <interw>2</interw>
-                    <Optim>0</Optim>
-                    <oTime>2</oTime>
-                    <SplitLS>2</SplitLS>
-                    <OneElfS>2</OneElfS>
-                    <Strict>2</Strict>
-                    <EnumInt>2</EnumInt>
-                    <PlainCh>2</PlainCh>
-                    <Ropi>2</Ropi>
-                    <Rwpi>2</Rwpi>
-                    <wLevel>0</wLevel>
-                    <uThumb>2</uThumb>
-                    <uSurpInc>2</uSurpInc>
-                    <VariousControls>
-                      <MiscControls></MiscControls>
-                      <Define></Define>
-                      <Undefine></Undefine>
-                      <IncludePath></IncludePath>
-                    </VariousControls>
-                  </Cads>
-                </FileArmAds>
-              </FileOption>
-            </File>
-            <File>
-              <FileName>server.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\examples\server\server.c</FilePath>
-              <FileOption>
-                <CommonProperty>
-                  <UseCPPCompiler>2</UseCPPCompiler>
-                  <RVCTCodeConst>0</RVCTCodeConst>
-                  <RVCTZI>0</RVCTZI>
-                  <RVCTOtherData>0</RVCTOtherData>
-                  <ModuleSelection>0</ModuleSelection>
-                  <IncludeInBuild>0</IncludeInBuild>
-                  <AlwaysBuild>2</AlwaysBuild>
-                  <GenerateAssemblyFile>2</GenerateAssemblyFile>
-                  <AssembleAssemblyFile>2</AssembleAssemblyFile>
-                  <PublicsOnly>2</PublicsOnly>
-                  <StopOnExitCode>11</StopOnExitCode>
-                  <CustomArgument></CustomArgument>
-                  <IncludeLibraryModules></IncludeLibraryModules>
-                </CommonProperty>
-                <FileArmAds>
-                  <Cads>
-                    <interw>2</interw>
-                    <Optim>0</Optim>
-                    <oTime>2</oTime>
-                    <SplitLS>2</SplitLS>
-                    <OneElfS>2</OneElfS>
-                    <Strict>2</Strict>
-                    <EnumInt>2</EnumInt>
-                    <PlainCh>2</PlainCh>
-                    <Ropi>2</Ropi>
-                    <Rwpi>2</Rwpi>
-                    <wLevel>0</wLevel>
-                    <uThumb>2</uThumb>
-                    <uSurpInc>2</uSurpInc>
-                    <VariousControls>
-                      <MiscControls></MiscControls>
-                      <Define></Define>
-                      <Undefine></Undefine>
-                      <IncludePath></IncludePath>
-                    </VariousControls>
-                  </Cads>
-                </FileArmAds>
-              </FileOption>
-            </File>
-            <File>
-              <FileName>shell.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\MDK-ARM\CyaSSL\shell.c</FilePath>
-            </File>
-            <File>
-              <FileName>main.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\MDK-ARM\CyaSSL\main.c</FilePath>
-            </File>
-            <File>
-              <FileName>cert_data.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\MDK-ARM\CyaSSL\cert_data.c</FilePath>
-            </File>
-          </Files>
-        </Group>
-        <Group>
-          <GroupName>LPC43xx</GroupName>
-          <Files>
-            <File>
-              <FileName>lpc43xx_rtc.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\LPC43xx\Drivers\source\lpc43xx_rtc.c</FilePath>
-            </File>
-            <File>
-              <FileName>lpc43xx_timer.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\LPC43xx\Drivers\source\lpc43xx_timer.c</FilePath>
-            </File>
-            <File>
-              <FileName>lpc43xx_cgu.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\LPC43xx\Drivers\source\lpc43xx_cgu.c</FilePath>
-            </File>
-            <File>
-              <FileName>lpc43xx_scu.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\LPC43xx\Drivers\source\lpc43xx_scu.c</FilePath>
-            </File>
-          </Files>
-        </Group>
-        <Group>
-          <GroupName>MDK-ARM</GroupName>
-          <Files>
-            <File>
-              <FileName>FS_CM3.lib</FileName>
-              <FileType>4</FileType>
-              <FilePath>c:\Keil\ARM\RV31\LIB\FS_CM3.lib</FilePath>
-              <FileOption>
-                <CommonProperty>
-                  <UseCPPCompiler>2</UseCPPCompiler>
-                  <RVCTCodeConst>0</RVCTCodeConst>
-                  <RVCTZI>0</RVCTZI>
-                  <RVCTOtherData>0</RVCTOtherData>
-                  <ModuleSelection>0</ModuleSelection>
-                  <IncludeInBuild>0</IncludeInBuild>
-                  <AlwaysBuild>2</AlwaysBuild>
-                  <GenerateAssemblyFile>2</GenerateAssemblyFile>
-                  <AssembleAssemblyFile>2</AssembleAssemblyFile>
-                  <PublicsOnly>2</PublicsOnly>
-                  <StopOnExitCode>11</StopOnExitCode>
-                  <CustomArgument></CustomArgument>
-                  <IncludeLibraryModules></IncludeLibraryModules>
-                </CommonProperty>
-                <FileArmAds/>
-              </FileOption>
-            </File>
-            <File>
-              <FileName>RTX_CM3.lib</FileName>
-              <FileType>4</FileType>
-              <FilePath>c:\Keil\ARM\RV31\LIB\\RTX_CM3.lib</FilePath>
-              <FileOption>
-                <CommonProperty>
-                  <UseCPPCompiler>2</UseCPPCompiler>
-                  <RVCTCodeConst>0</RVCTCodeConst>
-                  <RVCTZI>0</RVCTZI>
-                  <RVCTOtherData>0</RVCTOtherData>
-                  <ModuleSelection>0</ModuleSelection>
-                  <IncludeInBuild>0</IncludeInBuild>
-                  <AlwaysBuild>2</AlwaysBuild>
-                  <GenerateAssemblyFile>2</GenerateAssemblyFile>
-                  <AssembleAssemblyFile>2</AssembleAssemblyFile>
-                  <PublicsOnly>2</PublicsOnly>
-                  <StopOnExitCode>11</StopOnExitCode>
-                  <CustomArgument></CustomArgument>
-                  <IncludeLibraryModules></IncludeLibraryModules>
-                </CommonProperty>
-                <FileArmAds/>
-              </FileOption>
-            </File>
-            <File>
-              <FileName>TCPD_CM3.lib</FileName>
-              <FileType>4</FileType>
-              <FilePath>c:\Keil\ARM\RV31\LIB\TCPD_CM3.lib</FilePath>
-              <FileOption>
-                <CommonProperty>
-                  <UseCPPCompiler>2</UseCPPCompiler>
-                  <RVCTCodeConst>0</RVCTCodeConst>
-                  <RVCTZI>0</RVCTZI>
-                  <RVCTOtherData>0</RVCTOtherData>
-                  <ModuleSelection>0</ModuleSelection>
-                  <IncludeInBuild>0</IncludeInBuild>
-                  <AlwaysBuild>2</AlwaysBuild>
-                  <GenerateAssemblyFile>2</GenerateAssemblyFile>
-                  <AssembleAssemblyFile>2</AssembleAssemblyFile>
-                  <PublicsOnly>2</PublicsOnly>
-                  <StopOnExitCode>11</StopOnExitCode>
-                  <CustomArgument></CustomArgument>
-                  <IncludeLibraryModules></IncludeLibraryModules>
-                </CommonProperty>
-                <FileArmAds/>
-              </FileOption>
-            </File>
-            <File>
-              <FileName>TCP_CM3.lib</FileName>
-              <FileType>4</FileType>
-              <FilePath>c:\Keil\ARM\RV31\LIB\TCP_CM3.lib</FilePath>
-              <FileOption>
-                <CommonProperty>
-                  <UseCPPCompiler>2</UseCPPCompiler>
-                  <RVCTCodeConst>0</RVCTCodeConst>
-                  <RVCTZI>0</RVCTZI>
-                  <RVCTOtherData>0</RVCTOtherData>
-                  <ModuleSelection>0</ModuleSelection>
-                  <IncludeInBuild>0</IncludeInBuild>
-                  <AlwaysBuild>2</AlwaysBuild>
-                  <GenerateAssemblyFile>2</GenerateAssemblyFile>
-                  <AssembleAssemblyFile>2</AssembleAssemblyFile>
-                  <PublicsOnly>2</PublicsOnly>
-                  <StopOnExitCode>11</StopOnExitCode>
-                  <CustomArgument></CustomArgument>
-                  <IncludeLibraryModules></IncludeLibraryModules>
-                </CommonProperty>
-                <FileArmAds/>
-              </FileOption>
-            </File>
-            <File>
-              <FileName>Serial.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>C:\Keil\ARM\Boards\Keil\MCB4300\RL\FlashFS\SD_File\Serial.c</FilePath>
-            </File>
-            <File>
-              <FileName>ETH_LPC43xx.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>C:\Keil\ARM\RL\TCPnet\Drivers\ETH_LPC43xx.c</FilePath>
-              <FileOption>
-                <CommonProperty>
-                  <UseCPPCompiler>2</UseCPPCompiler>
-                  <RVCTCodeConst>0</RVCTCodeConst>
-                  <RVCTZI>0</RVCTZI>
-                  <RVCTOtherData>0</RVCTOtherData>
-                  <ModuleSelection>0</ModuleSelection>
-                  <IncludeInBuild>0</IncludeInBuild>
-                  <AlwaysBuild>2</AlwaysBuild>
-                  <GenerateAssemblyFile>2</GenerateAssemblyFile>
-                  <AssembleAssemblyFile>2</AssembleAssemblyFile>
-                  <PublicsOnly>2</PublicsOnly>
-                  <StopOnExitCode>11</StopOnExitCode>
-                  <CustomArgument></CustomArgument>
-                  <IncludeLibraryModules></IncludeLibraryModules>
-                </CommonProperty>
-                <FileArmAds>
-                  <Cads>
-                    <interw>2</interw>
-                    <Optim>0</Optim>
-                    <oTime>2</oTime>
-                    <SplitLS>2</SplitLS>
-                    <OneElfS>2</OneElfS>
-                    <Strict>2</Strict>
-                    <EnumInt>2</EnumInt>
-                    <PlainCh>2</PlainCh>
-                    <Ropi>2</Ropi>
-                    <Rwpi>2</Rwpi>
-                    <wLevel>0</wLevel>
-                    <uThumb>2</uThumb>
-                    <uSurpInc>2</uSurpInc>
-                    <VariousControls>
-                      <MiscControls></MiscControls>
-                      <Define></Define>
-                      <Undefine></Undefine>
-                      <IncludePath></IncludePath>
-                    </VariousControls>
-                  </Cads>
-                </FileArmAds>
-              </FileOption>
-            </File>
-            <File>
-              <FileName>SDIO_LPC43xx.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>C:\Keil\ARM\Boards\Keil\MCB4300\RL\FlashFS\SD_File\SDIO_LPC43xx.c</FilePath>
-              <FileOption>
-                <CommonProperty>
-                  <UseCPPCompiler>2</UseCPPCompiler>
-                  <RVCTCodeConst>0</RVCTCodeConst>
-                  <RVCTZI>0</RVCTZI>
-                  <RVCTOtherData>0</RVCTOtherData>
-                  <ModuleSelection>0</ModuleSelection>
-                  <IncludeInBuild>0</IncludeInBuild>
-                  <AlwaysBuild>2</AlwaysBuild>
-                  <GenerateAssemblyFile>2</GenerateAssemblyFile>
-                  <AssembleAssemblyFile>2</AssembleAssemblyFile>
-                  <PublicsOnly>2</PublicsOnly>
-                  <StopOnExitCode>11</StopOnExitCode>
-                  <CustomArgument></CustomArgument>
-                  <IncludeLibraryModules></IncludeLibraryModules>
-                </CommonProperty>
-                <FileArmAds>
-                  <Cads>
-                    <interw>2</interw>
-                    <Optim>0</Optim>
-                    <oTime>2</oTime>
-                    <SplitLS>2</SplitLS>
-                    <OneElfS>2</OneElfS>
-                    <Strict>2</Strict>
-                    <EnumInt>2</EnumInt>
-                    <PlainCh>2</PlainCh>
-                    <Ropi>2</Ropi>
-                    <Rwpi>2</Rwpi>
-                    <wLevel>0</wLevel>
-                    <uThumb>2</uThumb>
-                    <uSurpInc>2</uSurpInc>
-                    <VariousControls>
-                      <MiscControls></MiscControls>
-                      <Define></Define>
-                      <Undefine></Undefine>
-                      <IncludePath></IncludePath>
-                    </VariousControls>
-                  </Cads>
-                </FileArmAds>
-              </FileOption>
-            </File>
-            <File>
-              <FileName>system_LPC43xx.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>C:\Keil\ARM\Boards\Keil\MCB4300\RL\FlashFS\SD_File\system_LPC43xx.c</FilePath>
-            </File>
-          </Files>
-        </Group>
-        <Group>
-          <GroupName>CyaSSL Library</GroupName>
-          <Files>
-            <File>
-              <FileName>crl.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\src\crl.c</FilePath>
-            </File>
-            <File>
-              <FileName>internal.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\src\internal.c</FilePath>
-            </File>
-            <File>
-              <FileName>io.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\src\io.c</FilePath>
-            </File>
-            <File>
-              <FileName>keys.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\src\keys.c</FilePath>
-            </File>
-            <File>
-              <FileName>ocsp.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\src\ocsp.c</FilePath>
-            </File>
-            <File>
-              <FileName>sniffer.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\src\sniffer.c</FilePath>
-            </File>
-            <File>
-              <FileName>ssl.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\src\ssl.c</FilePath>
-            </File>
-            <File>
-              <FileName>tls.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\src\tls.c</FilePath>
-            </File>
-            <File>
-              <FileName>ssl-dummy.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\MDK-ARM\CyaSSL\ssl-dummy.c</FilePath>
-              <FileOption>
-                <CommonProperty>
-                  <UseCPPCompiler>2</UseCPPCompiler>
-                  <RVCTCodeConst>0</RVCTCodeConst>
-                  <RVCTZI>0</RVCTZI>
-                  <RVCTOtherData>0</RVCTOtherData>
-                  <ModuleSelection>0</ModuleSelection>
-                  <IncludeInBuild>0</IncludeInBuild>
-                  <AlwaysBuild>2</AlwaysBuild>
-                  <GenerateAssemblyFile>2</GenerateAssemblyFile>
-                  <AssembleAssemblyFile>2</AssembleAssemblyFile>
-                  <PublicsOnly>2</PublicsOnly>
-                  <StopOnExitCode>11</StopOnExitCode>
-                  <CustomArgument></CustomArgument>
-                  <IncludeLibraryModules></IncludeLibraryModules>
-                </CommonProperty>
-                <FileArmAds>
-                  <Cads>
-                    <interw>2</interw>
-                    <Optim>0</Optim>
-                    <oTime>2</oTime>
-                    <SplitLS>2</SplitLS>
-                    <OneElfS>2</OneElfS>
-                    <Strict>2</Strict>
-                    <EnumInt>2</EnumInt>
-                    <PlainCh>2</PlainCh>
-                    <Ropi>2</Ropi>
-                    <Rwpi>2</Rwpi>
-                    <wLevel>0</wLevel>
-                    <uThumb>2</uThumb>
-                    <uSurpInc>2</uSurpInc>
-                    <VariousControls>
-                      <MiscControls></MiscControls>
-                      <Define></Define>
-                      <Undefine></Undefine>
-                      <IncludePath></IncludePath>
-                    </VariousControls>
-                  </Cads>
-                </FileArmAds>
-              </FileOption>
-            </File>
-          </Files>
-        </Group>
-        <Group>
-          <GroupName>Crypt/Cipher Library</GroupName>
-          <Files>
-            <File>
-              <FileName>aes.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\aes.c</FilePath>
-            </File>
-            <File>
-              <FileName>arc4.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\arc4.c</FilePath>
-            </File>
-            <File>
-              <FileName>asm.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\asm.c</FilePath>
-            </File>
-            <File>
-              <FileName>asn.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\asn.c</FilePath>
-            </File>
-            <File>
-              <FileName>camellia.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\camellia.c</FilePath>
-            </File>
-            <File>
-              <FileName>coding.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\coding.c</FilePath>
-            </File>
-            <File>
-              <FileName>des3.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\des3.c</FilePath>
-            </File>
-            <File>
-              <FileName>dh.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\dh.c</FilePath>
-            </File>
-            <File>
-              <FileName>dsa.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\dsa.c</FilePath>
-            </File>
-            <File>
-              <FileName>ecc.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\ecc.c</FilePath>
-            </File>
-            <File>
-              <FileName>ecc_fp.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\ecc_fp.c</FilePath>
-            </File>
-            <File>
-              <FileName>error.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\error.c</FilePath>
-            </File>
-            <File>
-              <FileName>hc128.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\hc128.c</FilePath>
-            </File>
-            <File>
-              <FileName>hmac.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\hmac.c</FilePath>
-            </File>
-            <File>
-              <FileName>integer.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\integer.c</FilePath>
-            </File>
-            <File>
-              <FileName>logging.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\logging.c</FilePath>
-            </File>
-            <File>
-              <FileName>md2.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\md2.c</FilePath>
-            </File>
-            <File>
-              <FileName>md4.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\md4.c</FilePath>
-            </File>
-            <File>
-              <FileName>md5.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\md5.c</FilePath>
-            </File>
-            <File>
-              <FileName>memory.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\memory.c</FilePath>
-            </File>
-            <File>
-              <FileName>misc.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\misc.c</FilePath>
-            </File>
-            <File>
-              <FileName>pwdbased.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\pwdbased.c</FilePath>
-            </File>
-            <File>
-              <FileName>rabbit.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\rabbit.c</FilePath>
-            </File>
-            <File>
-              <FileName>random.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\random.c</FilePath>
-            </File>
-            <File>
-              <FileName>ripemd.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\ripemd.c</FilePath>
-            </File>
-            <File>
-              <FileName>rsa.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\rsa.c</FilePath>
-            </File>
-            <File>
-              <FileName>sha.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\sha.c</FilePath>
-            </File>
-            <File>
-              <FileName>sha256.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\sha256.c</FilePath>
-            </File>
-            <File>
-              <FileName>sha512.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\sha512.c</FilePath>
-            </File>
-            <File>
-              <FileName>tfm.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\tfm.c</FilePath>
-              <FileOption>
-                <CommonProperty>
-                  <UseCPPCompiler>2</UseCPPCompiler>
-                  <RVCTCodeConst>0</RVCTCodeConst>
-                  <RVCTZI>0</RVCTZI>
-                  <RVCTOtherData>0</RVCTOtherData>
-                  <ModuleSelection>0</ModuleSelection>
-                  <IncludeInBuild>0</IncludeInBuild>
-                  <AlwaysBuild>2</AlwaysBuild>
-                  <GenerateAssemblyFile>2</GenerateAssemblyFile>
-                  <AssembleAssemblyFile>2</AssembleAssemblyFile>
-                  <PublicsOnly>2</PublicsOnly>
-                  <StopOnExitCode>11</StopOnExitCode>
-                  <CustomArgument></CustomArgument>
-                  <IncludeLibraryModules></IncludeLibraryModules>
-                </CommonProperty>
-                <FileArmAds>
-                  <Cads>
-                    <interw>2</interw>
-                    <Optim>0</Optim>
-                    <oTime>2</oTime>
-                    <SplitLS>2</SplitLS>
-                    <OneElfS>2</OneElfS>
-                    <Strict>2</Strict>
-                    <EnumInt>2</EnumInt>
-                    <PlainCh>2</PlainCh>
-                    <Ropi>2</Ropi>
-                    <Rwpi>2</Rwpi>
-                    <wLevel>0</wLevel>
-                    <uThumb>2</uThumb>
-                    <uSurpInc>2</uSurpInc>
-                    <VariousControls>
-                      <MiscControls></MiscControls>
-                      <Define></Define>
-                      <Undefine></Undefine>
-                      <IncludePath></IncludePath>
-                    </VariousControls>
-                  </Cads>
-                </FileArmAds>
-              </FileOption>
-            </File>
-            <File>
-              <FileName>wc_port.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\wc_port.c</FilePath>
-            </File>
-          </Files>
-        </Group>
-        <Group>
-          <GroupName>Configuration</GroupName>
-          <Files>
-            <File>
-              <FileName>File_Config.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\MDK-ARM\config\File_Config.c</FilePath>
-              <FileOption>
-                <CommonProperty>
-                  <UseCPPCompiler>2</UseCPPCompiler>
-                  <RVCTCodeConst>0</RVCTCodeConst>
-                  <RVCTZI>0</RVCTZI>
-                  <RVCTOtherData>0</RVCTOtherData>
-                  <ModuleSelection>0</ModuleSelection>
-                  <IncludeInBuild>0</IncludeInBuild>
-                  <AlwaysBuild>2</AlwaysBuild>
-                  <GenerateAssemblyFile>2</GenerateAssemblyFile>
-                  <AssembleAssemblyFile>2</AssembleAssemblyFile>
-                  <PublicsOnly>2</PublicsOnly>
-                  <StopOnExitCode>11</StopOnExitCode>
-                  <CustomArgument></CustomArgument>
-                  <IncludeLibraryModules></IncludeLibraryModules>
-                </CommonProperty>
-                <FileArmAds>
-                  <Cads>
-                    <interw>2</interw>
-                    <Optim>0</Optim>
-                    <oTime>2</oTime>
-                    <SplitLS>2</SplitLS>
-                    <OneElfS>2</OneElfS>
-                    <Strict>2</Strict>
-                    <EnumInt>2</EnumInt>
-                    <PlainCh>2</PlainCh>
-                    <Ropi>2</Ropi>
-                    <Rwpi>2</Rwpi>
-                    <wLevel>0</wLevel>
-                    <uThumb>2</uThumb>
-                    <uSurpInc>2</uSurpInc>
-                    <VariousControls>
-                      <MiscControls></MiscControls>
-                      <Define></Define>
-                      <Undefine></Undefine>
-                      <IncludePath></IncludePath>
-                    </VariousControls>
-                  </Cads>
-                </FileArmAds>
-              </FileOption>
-            </File>
-            <File>
-              <FileName>Net_Config.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\MDK-ARM\config\Net_Config.c</FilePath>
-              <FileOption>
-                <CommonProperty>
-                  <UseCPPCompiler>2</UseCPPCompiler>
-                  <RVCTCodeConst>0</RVCTCodeConst>
-                  <RVCTZI>0</RVCTZI>
-                  <RVCTOtherData>0</RVCTOtherData>
-                  <ModuleSelection>0</ModuleSelection>
-                  <IncludeInBuild>0</IncludeInBuild>
-                  <AlwaysBuild>2</AlwaysBuild>
-                  <GenerateAssemblyFile>2</GenerateAssemblyFile>
-                  <AssembleAssemblyFile>2</AssembleAssemblyFile>
-                  <PublicsOnly>2</PublicsOnly>
-                  <StopOnExitCode>11</StopOnExitCode>
-                  <CustomArgument></CustomArgument>
-                  <IncludeLibraryModules></IncludeLibraryModules>
-                </CommonProperty>
-                <FileArmAds>
-                  <Cads>
-                    <interw>2</interw>
-                    <Optim>0</Optim>
-                    <oTime>2</oTime>
-                    <SplitLS>2</SplitLS>
-                    <OneElfS>2</OneElfS>
-                    <Strict>2</Strict>
-                    <EnumInt>2</EnumInt>
-                    <PlainCh>2</PlainCh>
-                    <Ropi>2</Ropi>
-                    <Rwpi>2</Rwpi>
-                    <wLevel>0</wLevel>
-                    <uThumb>2</uThumb>
-                    <uSurpInc>2</uSurpInc>
-                    <VariousControls>
-                      <MiscControls></MiscControls>
-                      <Define></Define>
-                      <Undefine></Undefine>
-                      <IncludePath></IncludePath>
-                    </VariousControls>
-                  </Cads>
-                </FileArmAds>
-              </FileOption>
-            </File>
-            <File>
-              <FileName>config.h</FileName>
-              <FileType>5</FileType>
-              <FilePath>..\MDK-ARM\CyaSSL\config.h</FilePath>
-            </File>
-            <File>
-              <FileName>RTX_Conf_CM.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\MDK-ARM\config\RTX_Conf_CM.c</FilePath>
-              <FileOption>
-                <CommonProperty>
-                  <UseCPPCompiler>2</UseCPPCompiler>
-                  <RVCTCodeConst>0</RVCTCodeConst>
-                  <RVCTZI>0</RVCTZI>
-                  <RVCTOtherData>0</RVCTOtherData>
-                  <ModuleSelection>0</ModuleSelection>
-                  <IncludeInBuild>0</IncludeInBuild>
-                  <AlwaysBuild>2</AlwaysBuild>
-                  <GenerateAssemblyFile>2</GenerateAssemblyFile>
-                  <AssembleAssemblyFile>2</AssembleAssemblyFile>
-                  <PublicsOnly>2</PublicsOnly>
-                  <StopOnExitCode>11</StopOnExitCode>
-                  <CustomArgument></CustomArgument>
-                  <IncludeLibraryModules></IncludeLibraryModules>
-                </CommonProperty>
-                <FileArmAds>
-                  <Cads>
-                    <interw>2</interw>
-                    <Optim>0</Optim>
-                    <oTime>2</oTime>
-                    <SplitLS>2</SplitLS>
-                    <OneElfS>2</OneElfS>
-                    <Strict>2</Strict>
-                    <EnumInt>2</EnumInt>
-                    <PlainCh>2</PlainCh>
-                    <Ropi>2</Ropi>
-                    <Rwpi>2</Rwpi>
-                    <wLevel>0</wLevel>
-                    <uThumb>2</uThumb>
-                    <uSurpInc>2</uSurpInc>
-                    <VariousControls>
-                      <MiscControls></MiscControls>
-                      <Define></Define>
-                      <Undefine></Undefine>
-                      <IncludePath></IncludePath>
-                    </VariousControls>
-                  </Cads>
-                </FileArmAds>
-              </FileOption>
-            </File>
-            <File>
-              <FileName>Net_Debug.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\MDK-ARM\config\Net_Debug.c</FilePath>
-              <FileOption>
-                <CommonProperty>
-                  <UseCPPCompiler>2</UseCPPCompiler>
-                  <RVCTCodeConst>0</RVCTCodeConst>
-                  <RVCTZI>0</RVCTZI>
-                  <RVCTOtherData>0</RVCTOtherData>
-                  <ModuleSelection>0</ModuleSelection>
-                  <IncludeInBuild>0</IncludeInBuild>
-                  <AlwaysBuild>2</AlwaysBuild>
-                  <GenerateAssemblyFile>2</GenerateAssemblyFile>
-                  <AssembleAssemblyFile>2</AssembleAssemblyFile>
-                  <PublicsOnly>2</PublicsOnly>
-                  <StopOnExitCode>11</StopOnExitCode>
-                  <CustomArgument></CustomArgument>
-                  <IncludeLibraryModules></IncludeLibraryModules>
-                </CommonProperty>
-                <FileArmAds>
-                  <Cads>
-                    <interw>2</interw>
-                    <Optim>0</Optim>
-                    <oTime>2</oTime>
-                    <SplitLS>2</SplitLS>
-                    <OneElfS>2</OneElfS>
-                    <Strict>2</Strict>
-                    <EnumInt>2</EnumInt>
-                    <PlainCh>2</PlainCh>
-                    <Ropi>2</Ropi>
-                    <Rwpi>2</Rwpi>
-                    <wLevel>0</wLevel>
-                    <uThumb>2</uThumb>
-                    <uSurpInc>2</uSurpInc>
-                    <VariousControls>
-                      <MiscControls></MiscControls>
-                      <Define></Define>
-                      <Undefine></Undefine>
-                      <IncludePath></IncludePath>
-                    </VariousControls>
-                  </Cads>
-                </FileArmAds>
-              </FileOption>
-            </File>
-            <File>
-              <FileName>config-FS.h</FileName>
-              <FileType>5</FileType>
-              <FilePath>..\MDK-ARM\CyaSSL\config-FS.h</FilePath>
-            </File>
-            <File>
-              <FileName>config-RTX-TCP-FS.h</FileName>
-              <FileType>5</FileType>
-              <FilePath>..\MDK-ARM\CyaSSL\config-RTX-TCP-FS.h</FilePath>
-            </File>
-            <File>
-              <FileName>config-BARE-METAL.h</FileName>
-              <FileType>5</FileType>
-              <FilePath>..\MDK-ARM\CyaSSL\config-BARE-METAL.h</FilePath>
-            </File>
-            <File>
-              <FileName>startup_LPC43xx.s</FileName>
-              <FileType>2</FileType>
-              <FilePath>..\LPC43xx\startup_LPC43xx.s</FilePath>
-            </File>
-          </Files>
-        </Group>
-        <Group>
-          <GroupName>CyaSSL-MDK</GroupName>
-          <Files>
-            <File>
-              <FileName>cyassl_MDK_ARM.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\MDK-ARM\CyaSSL\cyassl_MDK_ARM.c</FilePath>
-            </File>
-            <File>
-              <FileName>Retarget.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\MDK-ARM\CyaSSL\Retarget.c</FilePath>
-            </File>
-            <File>
-              <FileName>time-LCP43xx.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\LPC43xx\time-LCP43xx.c</FilePath>
-            </File>
-          </Files>
-        </Group>
-      </Groups>
-    </Target>
-  </Targets>
-
-</Project>
diff --git a/IDE/MDK-ARM/Projects/MDK-ARM-STM32F2xx.uvopt b/IDE/MDK-ARM/Projects/MDK-ARM-STM32F2xx.uvopt
index f051310b2..cb7029ea6 100644
--- a/IDE/MDK-ARM/Projects/MDK-ARM-STM32F2xx.uvopt
+++ b/IDE/MDK-ARM/Projects/MDK-ARM-STM32F2xx.uvopt
@@ -13,6 +13,7 @@
     <tExt>*.txt; *.h; *.inc</tExt>
     <pExt>*.plm</pExt>
     <CppX>*.cpp</CppX>
+    <nMigrate>0</nMigrate>
   </Extensions>
 
   <DaveTm>
@@ -31,6 +32,7 @@
         <BeepAtEnd>1</BeepAtEnd>
         <RunSim>0</RunSim>
         <RunTarget>1</RunTarget>
+        <RunAbUc>0</RunAbUc>
       </OPTTT>
       <OPTHX>
         <HexSelection>1</HexSelection>
@@ -76,16 +78,6 @@
         <IsCurrentTarget>0</IsCurrentTarget>
       </OPTFL>
       <CpuCode>255</CpuCode>
-      <DllOpt>
-        <SimDllName>SARMCM3.DLL</SimDllName>
-        <SimDllArguments>-MPU</SimDllArguments>
-        <SimDlgDllName>DARMSTM.DLL</SimDlgDllName>
-        <SimDlgDllArguments>-pSTM32F207IG</SimDlgDllArguments>
-        <TargetDllName>SARMCM3.DLL</TargetDllName>
-        <TargetDllArguments>-MPU</TargetDllArguments>
-        <TargetDlgDllName>TARMSTM.DLL</TargetDlgDllName>
-        <TargetDlgDllArguments>-pSTM32F207IG</TargetDlgDllArguments>
-      </DllOpt>
       <DebugOpt>
         <uSim>0</uSim>
         <uTrg>1</uTrg>
@@ -97,16 +89,18 @@
         <sRfunc>1</sRfunc>
         <sRbox>1</sRbox>
         <tLdApp>1</tLdApp>
-        <tGomain>0</tGomain>
+        <tGomain>1</tGomain>
         <tRbreak>1</tRbreak>
         <tRwatch>1</tRwatch>
         <tRmem>1</tRmem>
         <tRfunc>0</tRfunc>
         <tRbox>1</tRbox>
         <tRtrace>0</tRtrace>
+        <sRSysVw>1</sRSysVw>
+        <tRSysVw>1</tRSysVw>
         <sRunDeb>0</sRunDeb>
         <sLrtime>0</sLrtime>
-        <nTsel>9</nTsel>
+        <nTsel>7</nTsel>
         <sDll></sDll>
         <sDllPa></sDllPa>
         <sDlgDll></sDlgDll>
@@ -116,14 +110,19 @@
         <tDllPa></tDllPa>
         <tDlgDll></tDlgDll>
         <tDlgPa></tDlgPa>
-        <tIfile>..\MDK-ARM\config\STM32_SWO.ini</tIfile>
+        <tIfile>c:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\Blinky_ULp\STM32_SWO.ini</tIfile>
         <pMon>BIN\ULP2CM3.DLL</pMon>
       </DebugOpt>
       <TargetDriverDllRegistry>
+        <SetRegEntry>
+          <Number>0</Number>
+          <Key>ARMRTXEVENTFLAGS</Key>
+          <Name>-L70 -Z18 -C0 -M0 -T1</Name>
+        </SetRegEntry>
         <SetRegEntry>
           <Number>0</Number>
           <Key>UL2CM3</Key>
-          <Name>UL2CM3(-S0 -C0 -P0 -FD20000000 -FC1000 -FN1 -FF0STM32F2xx_1024 -FS08000000 -FL0100000 -FP0($$Device:STM32F207IG$Flash\STM32F2xx_1024.flm))</Name>
+          <Name>-UM1020ADE -O206 -S8 -C0 -P00 -N00("ARM CoreSight SW-DP") -D00(2BA01477) -L00(0) -TO23 -TC120000000 -TP21 -TDS801F -TDT0 -TDC10 -TIE1 -TIP9 -FO7 -FD20000000 -FC1000 -FN1 -FF0STM32F2xx_1024 -FS08000000 -FL0100000</Name>
         </SetRegEntry>
         <SetRegEntry>
           <Number>0</Number>
@@ -143,10 +142,18 @@
         <SetRegEntry>
           <Number>0</Number>
           <Key>ULP2CM3</Key>
-          <Name>-UP1135060 -O206 -S0 -C0 -P00 -N00("ARM CoreSight SW-DP") -D00(2BA01477) -L00(0) -TO23 -TC10000000 -TP18 -TDX0 -TDD0 -TDS7 -TDT0 -TDC1F -TIEFFFFFFFF -TIP8 -FO7 -FD20000000 -FC800 -FN1 -FF0STM32F2xx_1024 -FS08000000 -FL0100000</Name>
+          <Name>-UP1135060 -O206 -S8 -C0 -P00 -N00("ARM CoreSight SW-DP") -D00(2BA01477) -L00(0) -TO23 -TC120000000 -TP18 -TDX0 -TDD0 -TDS8000 -TDT0 -TDC1F -TIE1 -TIP1 -FO7 -FD20000000 -FC800 -FN1 -FF0STM32F2xx_1024 -FS08000000 -FL0100000</Name>
         </SetRegEntry>
       </TargetDriverDllRegistry>
       <Breakpoint/>
+      <MemoryWindow1>
+        <Mm>
+          <WinNumber>1</WinNumber>
+          <SubType>0</SubType>
+          <ItemText>0x802f36c</ItemText>
+          <AccSizeX>0</AccSizeX>
+        </Mm>
+      </MemoryWindow1>
       <Tracepoint>
         <THDelay>0</THDelay>
       </Tracepoint>
@@ -192,6 +199,7 @@
         <BeepAtEnd>1</BeepAtEnd>
         <RunSim>1</RunSim>
         <RunTarget>0</RunTarget>
+        <RunAbUc>0</RunAbUc>
       </OPTTT>
       <OPTHX>
         <HexSelection>1</HexSelection>
@@ -234,19 +242,9 @@
       <OPTFL>
         <tvExp>1</tvExp>
         <tvExpOptDlg>0</tvExpOptDlg>
-        <IsCurrentTarget>1</IsCurrentTarget>
+        <IsCurrentTarget>0</IsCurrentTarget>
       </OPTFL>
       <CpuCode>255</CpuCode>
-      <DllOpt>
-        <SimDllName>SARMCM3.DLL</SimDllName>
-        <SimDllArguments>-MPU</SimDllArguments>
-        <SimDlgDllName>DARMSTM.DLL</SimDlgDllName>
-        <SimDlgDllArguments>-pSTM32F207IG</SimDlgDllArguments>
-        <TargetDllName>SARMCM3.DLL</TargetDllName>
-        <TargetDllArguments>-MPU</TargetDllArguments>
-        <TargetDlgDllName>TARMSTM.DLL</TargetDlgDllName>
-        <TargetDlgDllArguments>-pSTM32F207IG</TargetDlgDllArguments>
-      </DllOpt>
       <DebugOpt>
         <uSim>0</uSim>
         <uTrg>1</uTrg>
@@ -265,9 +263,11 @@
         <tRfunc>0</tRfunc>
         <tRbox>1</tRbox>
         <tRtrace>0</tRtrace>
+        <sRSysVw>1</sRSysVw>
+        <tRSysVw>1</tRSysVw>
         <sRunDeb>0</sRunDeb>
         <sLrtime>0</sLrtime>
-        <nTsel>9</nTsel>
+        <nTsel>1</nTsel>
         <sDll></sDll>
         <sDllPa></sDllPa>
         <sDlgDll></sDlgDll>
@@ -277,10 +277,20 @@
         <tDllPa></tDllPa>
         <tDlgDll></tDlgDll>
         <tDlgPa></tDlgPa>
-        <tIfile>..\MDK-ARM\config\STM32_SWO.ini</tIfile>
-        <pMon>BIN\ULP2CM3.DLL</pMon>
+        <tIfile>..\..\..\..\..\..\..\Keil\ARM\Boards\Keil\MCBSTM32F200\Blinky_ULp\STM32_SWO.ini</tIfile>
+        <pMon>BIN\UL2CM3.DLL</pMon>
       </DebugOpt>
       <TargetDriverDllRegistry>
+        <SetRegEntry>
+          <Number>0</Number>
+          <Key>ARMRTXEVENTFLAGS</Key>
+          <Name>-L70 -Z18 -C0 -M0 -T1</Name>
+        </SetRegEntry>
+        <SetRegEntry>
+          <Number>0</Number>
+          <Key>UL2CM3</Key>
+          <Name>-UM1020ADE -O207 -S0 -C0 -P00 -N00("ARM CoreSight SW-DP") -D00(2BA01477) -L00(0) -TO23 -TC120000000 -TP21 -TDS801F -TDT0 -TDC1F -TIE1 -TIP9 -FO7 -FD20000000 -FC800 -FN1 -FF0STM32F2xx_1024 -FS08000000 -FL0100000</Name>
+        </SetRegEntry>
         <SetRegEntry>
           <Number>0</Number>
           <Key>DLGTARM</Key>
@@ -294,12 +304,12 @@
         <SetRegEntry>
           <Number>0</Number>
           <Key>DLGUARM</Key>
-          <Name></Name>
+          <Name>(105=-1,-1,-1,-1,0)</Name>
         </SetRegEntry>
         <SetRegEntry>
           <Number>0</Number>
           <Key>ULP2CM3</Key>
-          <Name>-UP1135060 -O206 -S0 -C0 -P00 -N00("ARM CoreSight SW-DP") -D00(2BA01477) -L00(0) -TO23 -TC10000000 -TP18 -TDX0 -TDD0 -TDS7 -TDT0 -TDC1F -TIEFFFFFFFF -TIP8 -FO7 -FD20000000 -FC800 -FN1 -FF0STM32F2xx_1024 -FS08000000 -FL0100000</Name>
+          <Name>-UP1135060 -O206 -S0 -C0 -P00 -N00("ARM CoreSight SW-DP") -D00(2BA01477) -L00(0) -TO23 -TC10000000 -TP18 -TDX0 -TDD0 -TDS7 -TDT0 -TDC1F -TIEFFFFFFFF -TIP9 -FO7 -FD20000000 -FC800 -FN1 -FF0STM32F2xx_1024 -FS08000000 -FL0100000</Name>
         </SetRegEntry>
       </TargetDriverDllRegistry>
       <Breakpoint/>
@@ -348,6 +358,7 @@
         <BeepAtEnd>1</BeepAtEnd>
         <RunSim>1</RunSim>
         <RunTarget>0</RunTarget>
+        <RunAbUc>0</RunAbUc>
       </OPTTT>
       <OPTHX>
         <HexSelection>1</HexSelection>
@@ -390,19 +401,9 @@
       <OPTFL>
         <tvExp>1</tvExp>
         <tvExpOptDlg>0</tvExpOptDlg>
-        <IsCurrentTarget>0</IsCurrentTarget>
+        <IsCurrentTarget>1</IsCurrentTarget>
       </OPTFL>
       <CpuCode>255</CpuCode>
-      <DllOpt>
-        <SimDllName>SARMCM3.DLL</SimDllName>
-        <SimDllArguments>-MPU</SimDllArguments>
-        <SimDlgDllName>DARMSTM.DLL</SimDlgDllName>
-        <SimDlgDllArguments>-pSTM32F207IG</SimDlgDllArguments>
-        <TargetDllName>SARMCM3.DLL</TargetDllName>
-        <TargetDllArguments>-MPU</TargetDllArguments>
-        <TargetDlgDllName>TARMSTM.DLL</TargetDlgDllName>
-        <TargetDlgDllArguments>-pSTM32F207IG</TargetDlgDllArguments>
-      </DllOpt>
       <DebugOpt>
         <uSim>0</uSim>
         <uTrg>1</uTrg>
@@ -421,9 +422,11 @@
         <tRfunc>0</tRfunc>
         <tRbox>1</tRbox>
         <tRtrace>0</tRtrace>
+        <sRSysVw>1</sRSysVw>
+        <tRSysVw>1</tRSysVw>
         <sRunDeb>0</sRunDeb>
         <sLrtime>0</sLrtime>
-        <nTsel>9</nTsel>
+        <nTsel>1</nTsel>
         <sDll></sDll>
         <sDllPa></sDllPa>
         <sDlgDll></sDlgDll>
@@ -433,10 +436,20 @@
         <tDllPa></tDllPa>
         <tDlgDll></tDlgDll>
         <tDlgPa></tDlgPa>
-        <tIfile>..\MDK-ARM\config\STM32_SWO.ini</tIfile>
-        <pMon>BIN\ULP2CM3.DLL</pMon>
+        <tIfile>..\..\..\..\..\..\..\Keil\ARM\Boards\Keil\MCBSTM32F200\Blinky_ULp\STM32_SWO.ini</tIfile>
+        <pMon>BIN\UL2CM3.DLL</pMon>
       </DebugOpt>
       <TargetDriverDllRegistry>
+        <SetRegEntry>
+          <Number>0</Number>
+          <Key>ARMRTXEVENTFLAGS</Key>
+          <Name>-L70 -Z18 -C0 -M0 -T1</Name>
+        </SetRegEntry>
+        <SetRegEntry>
+          <Number>0</Number>
+          <Key>UL2CM3</Key>
+          <Name>-UM1020ADE -O79 -S8 -C0 -P00 -N00("ARM CoreSight SW-DP") -D00(2BA01477) -L00(0) -TO23 -TC120000000 -TP21 -TDS801F -TDT0 -TDC1F -TIE1 -TIP9 -FO7 -FD20000000 -FC800 -FN1 -FF0STM32F2xx_1024 -FS08000000 -FL0100000</Name>
+        </SetRegEntry>
         <SetRegEntry>
           <Number>0</Number>
           <Key>DLGTARM</Key>
@@ -450,15 +463,64 @@
         <SetRegEntry>
           <Number>0</Number>
           <Key>DLGUARM</Key>
-          <Name></Name>
+          <Name>(105=-1,-1,-1,-1,0)</Name>
         </SetRegEntry>
         <SetRegEntry>
           <Number>0</Number>
           <Key>ULP2CM3</Key>
-          <Name>-UP1135060 -O206 -S0 -C0 -P00 -N00("ARM CoreSight SW-DP") -D00(2BA01477) -L00(0) -TO23 -TC10000000 -TP18 -TDX0 -TDD0 -TDS7 -TDT0 -TDC1F -TIEFFFFFFFF -TIP0 -FO7 -FD20000000 -FC800 -FN1 -FF0STM32F2xx_1024 -FS08000000 -FL0100000</Name>
+          <Name>-UP1135060 -O206 -S8 -C0 -P00 -N00("ARM CoreSight SW-DP") -D00(2BA01477) -L00(0) -TO23 -TC120000000 -TP18 -TDX0 -TDD0 -TDS8000 -TDT0 -TDC1F -TIE1 -TIP1 -FO7 -FD20000000 -FC800 -FN1 -FF0STM32F2xx_1024 -FS08000000 -FL0100000</Name>
         </SetRegEntry>
       </TargetDriverDllRegistry>
-      <Breakpoint/>
+      <Breakpoint>
+        <Bp>
+          <Number>0</Number>
+          <Type>0</Type>
+          <LineNumber>542</LineNumber>
+          <EnabledFlag>1</EnabledFlag>
+          <Address>0</Address>
+          <ByteObject>0</ByteObject>
+          <HtxType>0</HtxType>
+          <ManyObjects>0</ManyObjects>
+          <SizeOfObject>0</SizeOfObject>
+          <BreakByAccess>0</BreakByAccess>
+          <BreakIfRCount>0</BreakIfRCount>
+          <Filename>..\MDK-ARM\wolfSSL\shell.c</Filename>
+          <ExecCommand></ExecCommand>
+          <Expression></Expression>
+        </Bp>
+        <Bp>
+          <Number>1</Number>
+          <Type>0</Type>
+          <LineNumber>150</LineNumber>
+          <EnabledFlag>1</EnabledFlag>
+          <Address>0</Address>
+          <ByteObject>0</ByteObject>
+          <HtxType>0</HtxType>
+          <ManyObjects>0</ManyObjects>
+          <SizeOfObject>0</SizeOfObject>
+          <BreakByAccess>0</BreakByAccess>
+          <BreakIfRCount>0</BreakIfRCount>
+          <Filename>..\MDK-ARM\wolfSSL\main.c</Filename>
+          <ExecCommand></ExecCommand>
+          <Expression></Expression>
+        </Bp>
+        <Bp>
+          <Number>2</Number>
+          <Type>0</Type>
+          <LineNumber>540</LineNumber>
+          <EnabledFlag>1</EnabledFlag>
+          <Address>0</Address>
+          <ByteObject>0</ByteObject>
+          <HtxType>0</HtxType>
+          <ManyObjects>0</ManyObjects>
+          <SizeOfObject>0</SizeOfObject>
+          <BreakByAccess>0</BreakByAccess>
+          <BreakIfRCount>0</BreakIfRCount>
+          <Filename>..\MDK-ARM\wolfSSL\shell.c</Filename>
+          <ExecCommand></ExecCommand>
+          <Expression></Expression>
+        </Bp>
+      </Breakpoint>
       <Tracepoint>
         <THDelay>0</THDelay>
       </Tracepoint>
@@ -494,7 +556,7 @@
   </Target>
 
   <Group>
-    <GroupName>CyaSSL Apps</GroupName>
+    <GroupName>wolfSSL Apps</GroupName>
     <tvExp>1</tvExp>
     <tvExpOptDlg>0</tvExpOptDlg>
     <cbSel>0</cbSel>
@@ -505,13 +567,10 @@
       <FileType>1</FileType>
       <tvExp>0</tvExp>
       <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
       <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
       <bDave2>0</bDave2>
-      <PathWithFileName>..\..\..\examples\echoclient\echoclient.c</PathWithFileName>
-      <FilenameWithoutPath>echoclient.c</FilenameWithoutPath>
+      <PathWithFileName>..\..\..\examples\client\client.c</PathWithFileName>
+      <FilenameWithoutPath>client.c</FilenameWithoutPath>
       <RteFlg>0</RteFlg>
       <bShared>0</bShared>
     </File>
@@ -521,13 +580,10 @@
       <FileType>1</FileType>
       <tvExp>0</tvExp>
       <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
       <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
       <bDave2>0</bDave2>
-      <PathWithFileName>..\..\..\examples\echoserver\echoserver.c</PathWithFileName>
-      <FilenameWithoutPath>echoserver.c</FilenameWithoutPath>
+      <PathWithFileName>..\MDK-ARM\wolfSSL\shell.c</PathWithFileName>
+      <FilenameWithoutPath>shell.c</FilenameWithoutPath>
       <RteFlg>0</RteFlg>
       <bShared>0</bShared>
     </File>
@@ -537,13 +593,10 @@
       <FileType>1</FileType>
       <tvExp>0</tvExp>
       <Focus>0</Focus>
-      <ColumnNumber>5</ColumnNumber>
       <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
       <bDave2>0</bDave2>
-      <PathWithFileName>..\..\..\ctaocrypt\test\test.c</PathWithFileName>
-      <FilenameWithoutPath>test.c</FilenameWithoutPath>
+      <PathWithFileName>..\..\..\examples\server\server.c</PathWithFileName>
+      <FilenameWithoutPath>server.c</FilenameWithoutPath>
       <RteFlg>0</RteFlg>
       <bShared>0</bShared>
     </File>
@@ -553,13 +606,10 @@
       <FileType>1</FileType>
       <tvExp>0</tvExp>
       <Focus>0</Focus>
-      <ColumnNumber>21</ColumnNumber>
       <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
       <bDave2>0</bDave2>
-      <PathWithFileName>..\..\..\ctaocrypt\benchmark\benchmark.c</PathWithFileName>
-      <FilenameWithoutPath>benchmark.c</FilenameWithoutPath>
+      <PathWithFileName>..\MDK-ARM\wolfSSL\main.c</PathWithFileName>
+      <FilenameWithoutPath>main.c</FilenameWithoutPath>
       <RteFlg>0</RteFlg>
       <bShared>0</bShared>
     </File>
@@ -569,13 +619,10 @@
       <FileType>1</FileType>
       <tvExp>0</tvExp>
       <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
       <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
       <bDave2>0</bDave2>
-      <PathWithFileName>..\..\..\examples\client\client.c</PathWithFileName>
-      <FilenameWithoutPath>client.c</FilenameWithoutPath>
+      <PathWithFileName>..\..\..\wolfcrypt\test\test.c</PathWithFileName>
+      <FilenameWithoutPath>test.c</FilenameWithoutPath>
       <RteFlg>0</RteFlg>
       <bShared>0</bShared>
     </File>
@@ -585,13 +632,10 @@
       <FileType>1</FileType>
       <tvExp>0</tvExp>
       <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
       <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
       <bDave2>0</bDave2>
-      <PathWithFileName>..\..\..\examples\server\server.c</PathWithFileName>
-      <FilenameWithoutPath>server.c</FilenameWithoutPath>
+      <PathWithFileName>..\..\..\wolfcrypt\benchmark\benchmark.c</PathWithFileName>
+      <FilenameWithoutPath>benchmark.c</FilenameWithoutPath>
       <RteFlg>0</RteFlg>
       <bShared>0</bShared>
     </File>
@@ -601,13 +645,10 @@
       <FileType>1</FileType>
       <tvExp>0</tvExp>
       <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
       <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
       <bDave2>0</bDave2>
-      <PathWithFileName>..\MDK-ARM\CyaSSL\shell.c</PathWithFileName>
-      <FilenameWithoutPath>shell.c</FilenameWithoutPath>
+      <PathWithFileName>..\..\..\examples\echoclient\echoclient.c</PathWithFileName>
+      <FilenameWithoutPath>echoclient.c</FilenameWithoutPath>
       <RteFlg>0</RteFlg>
       <bShared>0</bShared>
     </File>
@@ -617,40 +658,13 @@
       <FileType>1</FileType>
       <tvExp>0</tvExp>
       <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
       <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>106</TopLine>
-      <CurrentLine>149</CurrentLine>
       <bDave2>0</bDave2>
-      <PathWithFileName>..\MDK-ARM\CyaSSL\main.c</PathWithFileName>
-      <FilenameWithoutPath>main.c</FilenameWithoutPath>
+      <PathWithFileName>..\..\..\examples\echoserver\echoserver.c</PathWithFileName>
+      <FilenameWithoutPath>echoserver.c</FilenameWithoutPath>
       <RteFlg>0</RteFlg>
       <bShared>0</bShared>
     </File>
-    <File>
-      <GroupNumber>1</GroupNumber>
-      <FileNumber>9</FileNumber>
-      <FileType>1</FileType>
-      <tvExp>0</tvExp>
-      <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
-      <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
-      <bDave2>0</bDave2>
-      <PathWithFileName>..\MDK-ARM\CyaSSL\cert_data.c</PathWithFileName>
-      <FilenameWithoutPath>cert_data.c</FilenameWithoutPath>
-      <RteFlg>0</RteFlg>
-      <bShared>0</bShared>
-    </File>
-  </Group>
-
-  <Group>
-    <GroupName>STM32F2xx_StdPeriph_Lib</GroupName>
-    <tvExp>1</tvExp>
-    <tvExpOptDlg>0</tvExpOptDlg>
-    <cbSel>0</cbSel>
-    <RteFlg>0</RteFlg>
   </Group>
 
   <Group>
@@ -660,786 +674,93 @@
     <cbSel>0</cbSel>
     <RteFlg>0</RteFlg>
     <File>
-      <GroupNumber>3</GroupNumber>
-      <FileNumber>10</FileNumber>
-      <FileType>1</FileType>
-      <tvExp>0</tvExp>
-      <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
-      <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
-      <bDave2>0</bDave2>
-      <PathWithFileName>c:\Keil\ARM\Boards\Keil\MCBSTM32F200\RL\FlashFS\SD_File\Serial.c</PathWithFileName>
-      <FilenameWithoutPath>Serial.c</FilenameWithoutPath>
-      <RteFlg>0</RteFlg>
-      <bShared>0</bShared>
-    </File>
-    <File>
-      <GroupNumber>3</GroupNumber>
-      <FileNumber>11</FileNumber>
-      <FileType>1</FileType>
-      <tvExp>0</tvExp>
-      <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
-      <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
-      <bDave2>0</bDave2>
-      <PathWithFileName>c:\Keil\ARM\RL\FlashFS\Drivers\SDIO_STM32F2xx.c</PathWithFileName>
-      <FilenameWithoutPath>SDIO_STM32F2xx.c</FilenameWithoutPath>
-      <RteFlg>0</RteFlg>
-      <bShared>0</bShared>
-    </File>
-    <File>
-      <GroupNumber>3</GroupNumber>
-      <FileNumber>12</FileNumber>
+      <GroupNumber>2</GroupNumber>
+      <FileNumber>9</FileNumber>
       <FileType>4</FileType>
       <tvExp>0</tvExp>
       <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
       <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
       <bDave2>0</bDave2>
-      <PathWithFileName>c:\Keil\ARM\RV31\LIB\FS_CM3.lib</PathWithFileName>
-      <FilenameWithoutPath>FS_CM3.lib</FilenameWithoutPath>
-      <RteFlg>0</RteFlg>
-      <bShared>0</bShared>
-    </File>
-    <File>
-      <GroupNumber>3</GroupNumber>
-      <FileNumber>13</FileNumber>
-      <FileType>4</FileType>
-      <tvExp>0</tvExp>
-      <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
-      <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
-      <bDave2>0</bDave2>
-      <PathWithFileName>c:\Keil\ARM\RV31\LIB\\RTX_CM3.lib</PathWithFileName>
+      <PathWithFileName>c:\Keil_v5\ARM\RV31\LIB\\RTX_CM3.lib</PathWithFileName>
       <FilenameWithoutPath>RTX_CM3.lib</FilenameWithoutPath>
       <RteFlg>0</RteFlg>
       <bShared>0</bShared>
     </File>
     <File>
-      <GroupNumber>3</GroupNumber>
-      <FileNumber>14</FileNumber>
+      <GroupNumber>2</GroupNumber>
+      <FileNumber>10</FileNumber>
       <FileType>1</FileType>
       <tvExp>0</tvExp>
       <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
       <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
       <bDave2>0</bDave2>
-      <PathWithFileName>c:\Keil\ARM\RL\TCPnet\Drivers\ETH_STM32F2xx.c</PathWithFileName>
+      <PathWithFileName>c:\Keil_v5\ARM\RL\TCPnet\Drivers\ETH_STM32F2xx.c</PathWithFileName>
       <FilenameWithoutPath>ETH_STM32F2xx.c</FilenameWithoutPath>
       <RteFlg>0</RteFlg>
       <bShared>0</bShared>
     </File>
     <File>
-      <GroupNumber>3</GroupNumber>
-      <FileNumber>15</FileNumber>
+      <GroupNumber>2</GroupNumber>
+      <FileNumber>11</FileNumber>
       <FileType>4</FileType>
       <tvExp>0</tvExp>
       <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
       <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
       <bDave2>0</bDave2>
-      <PathWithFileName>c:\Keil\ARM\RV31\LIB\TCPD_CM3.lib</PathWithFileName>
+      <PathWithFileName>c:\Keil_v5\ARM\RV31\LIB\TCPD_CM3.lib</PathWithFileName>
       <FilenameWithoutPath>TCPD_CM3.lib</FilenameWithoutPath>
       <RteFlg>0</RteFlg>
       <bShared>0</bShared>
     </File>
     <File>
-      <GroupNumber>3</GroupNumber>
-      <FileNumber>16</FileNumber>
+      <GroupNumber>2</GroupNumber>
+      <FileNumber>12</FileNumber>
       <FileType>4</FileType>
       <tvExp>0</tvExp>
       <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
       <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
       <bDave2>0</bDave2>
-      <PathWithFileName>c:\Keil\ARM\RV31\LIB\TCP_CM3.lib</PathWithFileName>
+      <PathWithFileName>c:\Keil_v5\ARM\RV31\LIB\TCP_CM3.lib</PathWithFileName>
       <FilenameWithoutPath>TCP_CM3.lib</FilenameWithoutPath>
       <RteFlg>0</RteFlg>
       <bShared>0</bShared>
     </File>
     <File>
-      <GroupNumber>3</GroupNumber>
-      <FileNumber>17</FileNumber>
+      <GroupNumber>2</GroupNumber>
+      <FileNumber>13</FileNumber>
       <FileType>1</FileType>
       <tvExp>0</tvExp>
       <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
       <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
       <bDave2>0</bDave2>
-      <PathWithFileName>C:\Keil\ARM\Startup\ST\STM32F2xx\system_stm32f2xx.c</PathWithFileName>
+      <PathWithFileName>C:\Keil_v5\ARM\Startup\ST\STM32F2xx\system_stm32f2xx.c</PathWithFileName>
       <FilenameWithoutPath>system_stm32f2xx.c</FilenameWithoutPath>
       <RteFlg>0</RteFlg>
       <bShared>0</bShared>
     </File>
-  </Group>
-
-  <Group>
-    <GroupName>CyaSSL Library</GroupName>
-    <tvExp>1</tvExp>
-    <tvExpOptDlg>0</tvExpOptDlg>
-    <cbSel>0</cbSel>
-    <RteFlg>0</RteFlg>
     <File>
-      <GroupNumber>4</GroupNumber>
-      <FileNumber>18</FileNumber>
+      <GroupNumber>2</GroupNumber>
+      <FileNumber>14</FileNumber>
       <FileType>1</FileType>
       <tvExp>0</tvExp>
       <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
       <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
       <bDave2>0</bDave2>
-      <PathWithFileName>..\..\..\src\crl.c</PathWithFileName>
-      <FilenameWithoutPath>crl.c</FilenameWithoutPath>
+      <PathWithFileName>C:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\RL\FlashFS\SD_File\SDIO_STM32F2xx.c</PathWithFileName>
+      <FilenameWithoutPath>SDIO_STM32F2xx.c</FilenameWithoutPath>
       <RteFlg>0</RteFlg>
       <bShared>0</bShared>
     </File>
     <File>
-      <GroupNumber>4</GroupNumber>
-      <FileNumber>19</FileNumber>
-      <FileType>1</FileType>
+      <GroupNumber>2</GroupNumber>
+      <FileNumber>15</FileNumber>
+      <FileType>4</FileType>
       <tvExp>0</tvExp>
       <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
       <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
       <bDave2>0</bDave2>
-      <PathWithFileName>..\..\..\src\internal.c</PathWithFileName>
-      <FilenameWithoutPath>internal.c</FilenameWithoutPath>
-      <RteFlg>0</RteFlg>
-      <bShared>0</bShared>
-    </File>
-    <File>
-      <GroupNumber>4</GroupNumber>
-      <FileNumber>20</FileNumber>
-      <FileType>1</FileType>
-      <tvExp>0</tvExp>
-      <Focus>0</Focus>
-      <ColumnNumber>23</ColumnNumber>
-      <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
-      <bDave2>0</bDave2>
-      <PathWithFileName>..\..\..\src\io.c</PathWithFileName>
-      <FilenameWithoutPath>io.c</FilenameWithoutPath>
-      <RteFlg>0</RteFlg>
-      <bShared>0</bShared>
-    </File>
-    <File>
-      <GroupNumber>4</GroupNumber>
-      <FileNumber>21</FileNumber>
-      <FileType>1</FileType>
-      <tvExp>0</tvExp>
-      <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
-      <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
-      <bDave2>0</bDave2>
-      <PathWithFileName>..\..\..\src\keys.c</PathWithFileName>
-      <FilenameWithoutPath>keys.c</FilenameWithoutPath>
-      <RteFlg>0</RteFlg>
-      <bShared>0</bShared>
-    </File>
-    <File>
-      <GroupNumber>4</GroupNumber>
-      <FileNumber>22</FileNumber>
-      <FileType>1</FileType>
-      <tvExp>0</tvExp>
-      <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
-      <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
-      <bDave2>0</bDave2>
-      <PathWithFileName>..\..\..\src\ocsp.c</PathWithFileName>
-      <FilenameWithoutPath>ocsp.c</FilenameWithoutPath>
-      <RteFlg>0</RteFlg>
-      <bShared>0</bShared>
-    </File>
-    <File>
-      <GroupNumber>4</GroupNumber>
-      <FileNumber>23</FileNumber>
-      <FileType>1</FileType>
-      <tvExp>0</tvExp>
-      <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
-      <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
-      <bDave2>0</bDave2>
-      <PathWithFileName>..\..\..\src\sniffer.c</PathWithFileName>
-      <FilenameWithoutPath>sniffer.c</FilenameWithoutPath>
-      <RteFlg>0</RteFlg>
-      <bShared>0</bShared>
-    </File>
-    <File>
-      <GroupNumber>4</GroupNumber>
-      <FileNumber>24</FileNumber>
-      <FileType>1</FileType>
-      <tvExp>0</tvExp>
-      <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
-      <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
-      <bDave2>0</bDave2>
-      <PathWithFileName>..\..\..\src\ssl.c</PathWithFileName>
-      <FilenameWithoutPath>ssl.c</FilenameWithoutPath>
-      <RteFlg>0</RteFlg>
-      <bShared>0</bShared>
-    </File>
-    <File>
-      <GroupNumber>4</GroupNumber>
-      <FileNumber>25</FileNumber>
-      <FileType>1</FileType>
-      <tvExp>0</tvExp>
-      <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
-      <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
-      <bDave2>0</bDave2>
-      <PathWithFileName>..\..\..\src\tls.c</PathWithFileName>
-      <FilenameWithoutPath>tls.c</FilenameWithoutPath>
-      <RteFlg>0</RteFlg>
-      <bShared>0</bShared>
-    </File>
-    <File>
-      <GroupNumber>4</GroupNumber>
-      <FileNumber>26</FileNumber>
-      <FileType>1</FileType>
-      <tvExp>0</tvExp>
-      <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
-      <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
-      <bDave2>0</bDave2>
-      <PathWithFileName>..\MDK-ARM\CyaSSL\ssl-dummy.c</PathWithFileName>
-      <FilenameWithoutPath>ssl-dummy.c</FilenameWithoutPath>
-      <RteFlg>0</RteFlg>
-      <bShared>0</bShared>
-    </File>
-  </Group>
-
-  <Group>
-    <GroupName>Crypt/Cipher Library</GroupName>
-    <tvExp>1</tvExp>
-    <tvExpOptDlg>0</tvExpOptDlg>
-    <cbSel>0</cbSel>
-    <RteFlg>0</RteFlg>
-    <File>
-      <GroupNumber>5</GroupNumber>
-      <FileNumber>27</FileNumber>
-      <FileType>1</FileType>
-      <tvExp>0</tvExp>
-      <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
-      <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
-      <bDave2>0</bDave2>
-      <PathWithFileName>..\..\..\ctaocrypt\src\aes.c</PathWithFileName>
-      <FilenameWithoutPath>aes.c</FilenameWithoutPath>
-      <RteFlg>0</RteFlg>
-      <bShared>0</bShared>
-    </File>
-    <File>
-      <GroupNumber>5</GroupNumber>
-      <FileNumber>28</FileNumber>
-      <FileType>1</FileType>
-      <tvExp>0</tvExp>
-      <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
-      <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
-      <bDave2>0</bDave2>
-      <PathWithFileName>..\..\..\ctaocrypt\src\arc4.c</PathWithFileName>
-      <FilenameWithoutPath>arc4.c</FilenameWithoutPath>
-      <RteFlg>0</RteFlg>
-      <bShared>0</bShared>
-    </File>
-    <File>
-      <GroupNumber>5</GroupNumber>
-      <FileNumber>29</FileNumber>
-      <FileType>1</FileType>
-      <tvExp>0</tvExp>
-      <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
-      <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
-      <bDave2>0</bDave2>
-      <PathWithFileName>..\..\..\ctaocrypt\src\asm.c</PathWithFileName>
-      <FilenameWithoutPath>asm.c</FilenameWithoutPath>
-      <RteFlg>0</RteFlg>
-      <bShared>0</bShared>
-    </File>
-    <File>
-      <GroupNumber>5</GroupNumber>
-      <FileNumber>30</FileNumber>
-      <FileType>1</FileType>
-      <tvExp>0</tvExp>
-      <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
-      <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
-      <bDave2>0</bDave2>
-      <PathWithFileName>..\..\..\ctaocrypt\src\asn.c</PathWithFileName>
-      <FilenameWithoutPath>asn.c</FilenameWithoutPath>
-      <RteFlg>0</RteFlg>
-      <bShared>0</bShared>
-    </File>
-    <File>
-      <GroupNumber>5</GroupNumber>
-      <FileNumber>31</FileNumber>
-      <FileType>1</FileType>
-      <tvExp>0</tvExp>
-      <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
-      <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
-      <bDave2>0</bDave2>
-      <PathWithFileName>..\..\..\ctaocrypt\src\camellia.c</PathWithFileName>
-      <FilenameWithoutPath>camellia.c</FilenameWithoutPath>
-      <RteFlg>0</RteFlg>
-      <bShared>0</bShared>
-    </File>
-    <File>
-      <GroupNumber>5</GroupNumber>
-      <FileNumber>32</FileNumber>
-      <FileType>1</FileType>
-      <tvExp>0</tvExp>
-      <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
-      <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
-      <bDave2>0</bDave2>
-      <PathWithFileName>..\..\..\ctaocrypt\src\coding.c</PathWithFileName>
-      <FilenameWithoutPath>coding.c</FilenameWithoutPath>
-      <RteFlg>0</RteFlg>
-      <bShared>0</bShared>
-    </File>
-    <File>
-      <GroupNumber>5</GroupNumber>
-      <FileNumber>33</FileNumber>
-      <FileType>1</FileType>
-      <tvExp>0</tvExp>
-      <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
-      <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
-      <bDave2>0</bDave2>
-      <PathWithFileName>..\..\..\ctaocrypt\src\des3.c</PathWithFileName>
-      <FilenameWithoutPath>des3.c</FilenameWithoutPath>
-      <RteFlg>0</RteFlg>
-      <bShared>0</bShared>
-    </File>
-    <File>
-      <GroupNumber>5</GroupNumber>
-      <FileNumber>34</FileNumber>
-      <FileType>1</FileType>
-      <tvExp>0</tvExp>
-      <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
-      <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
-      <bDave2>0</bDave2>
-      <PathWithFileName>..\..\..\ctaocrypt\src\dh.c</PathWithFileName>
-      <FilenameWithoutPath>dh.c</FilenameWithoutPath>
-      <RteFlg>0</RteFlg>
-      <bShared>0</bShared>
-    </File>
-    <File>
-      <GroupNumber>5</GroupNumber>
-      <FileNumber>35</FileNumber>
-      <FileType>1</FileType>
-      <tvExp>0</tvExp>
-      <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
-      <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
-      <bDave2>0</bDave2>
-      <PathWithFileName>..\..\..\ctaocrypt\src\dsa.c</PathWithFileName>
-      <FilenameWithoutPath>dsa.c</FilenameWithoutPath>
-      <RteFlg>0</RteFlg>
-      <bShared>0</bShared>
-    </File>
-    <File>
-      <GroupNumber>5</GroupNumber>
-      <FileNumber>36</FileNumber>
-      <FileType>1</FileType>
-      <tvExp>0</tvExp>
-      <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
-      <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
-      <bDave2>0</bDave2>
-      <PathWithFileName>..\..\..\ctaocrypt\src\ecc.c</PathWithFileName>
-      <FilenameWithoutPath>ecc.c</FilenameWithoutPath>
-      <RteFlg>0</RteFlg>
-      <bShared>0</bShared>
-    </File>
-    <File>
-      <GroupNumber>5</GroupNumber>
-      <FileNumber>37</FileNumber>
-      <FileType>1</FileType>
-      <tvExp>0</tvExp>
-      <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
-      <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
-      <bDave2>0</bDave2>
-      <PathWithFileName>..\..\..\ctaocrypt\src\ecc_fp.c</PathWithFileName>
-      <FilenameWithoutPath>ecc_fp.c</FilenameWithoutPath>
-      <RteFlg>0</RteFlg>
-      <bShared>0</bShared>
-    </File>
-    <File>
-      <GroupNumber>5</GroupNumber>
-      <FileNumber>38</FileNumber>
-      <FileType>1</FileType>
-      <tvExp>0</tvExp>
-      <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
-      <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
-      <bDave2>0</bDave2>
-      <PathWithFileName>..\..\..\ctaocrypt\src\error.c</PathWithFileName>
-      <FilenameWithoutPath>error.c</FilenameWithoutPath>
-      <RteFlg>0</RteFlg>
-      <bShared>0</bShared>
-    </File>
-    <File>
-      <GroupNumber>5</GroupNumber>
-      <FileNumber>39</FileNumber>
-      <FileType>1</FileType>
-      <tvExp>0</tvExp>
-      <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
-      <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
-      <bDave2>0</bDave2>
-      <PathWithFileName>..\..\..\ctaocrypt\src\hc128.c</PathWithFileName>
-      <FilenameWithoutPath>hc128.c</FilenameWithoutPath>
-      <RteFlg>0</RteFlg>
-      <bShared>0</bShared>
-    </File>
-    <File>
-      <GroupNumber>5</GroupNumber>
-      <FileNumber>40</FileNumber>
-      <FileType>1</FileType>
-      <tvExp>0</tvExp>
-      <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
-      <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
-      <bDave2>0</bDave2>
-      <PathWithFileName>..\..\..\ctaocrypt\src\hmac.c</PathWithFileName>
-      <FilenameWithoutPath>hmac.c</FilenameWithoutPath>
-      <RteFlg>0</RteFlg>
-      <bShared>0</bShared>
-    </File>
-    <File>
-      <GroupNumber>5</GroupNumber>
-      <FileNumber>41</FileNumber>
-      <FileType>1</FileType>
-      <tvExp>0</tvExp>
-      <Focus>0</Focus>
-      <ColumnNumber>19</ColumnNumber>
-      <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
-      <bDave2>0</bDave2>
-      <PathWithFileName>..\..\..\ctaocrypt\src\integer.c</PathWithFileName>
-      <FilenameWithoutPath>integer.c</FilenameWithoutPath>
-      <RteFlg>0</RteFlg>
-      <bShared>0</bShared>
-    </File>
-    <File>
-      <GroupNumber>5</GroupNumber>
-      <FileNumber>42</FileNumber>
-      <FileType>1</FileType>
-      <tvExp>0</tvExp>
-      <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
-      <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
-      <bDave2>0</bDave2>
-      <PathWithFileName>..\..\..\ctaocrypt\src\logging.c</PathWithFileName>
-      <FilenameWithoutPath>logging.c</FilenameWithoutPath>
-      <RteFlg>0</RteFlg>
-      <bShared>0</bShared>
-    </File>
-    <File>
-      <GroupNumber>5</GroupNumber>
-      <FileNumber>43</FileNumber>
-      <FileType>1</FileType>
-      <tvExp>0</tvExp>
-      <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
-      <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
-      <bDave2>0</bDave2>
-      <PathWithFileName>..\..\..\ctaocrypt\src\md2.c</PathWithFileName>
-      <FilenameWithoutPath>md2.c</FilenameWithoutPath>
-      <RteFlg>0</RteFlg>
-      <bShared>0</bShared>
-    </File>
-    <File>
-      <GroupNumber>5</GroupNumber>
-      <FileNumber>44</FileNumber>
-      <FileType>1</FileType>
-      <tvExp>0</tvExp>
-      <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
-      <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
-      <bDave2>0</bDave2>
-      <PathWithFileName>..\..\..\ctaocrypt\src\md4.c</PathWithFileName>
-      <FilenameWithoutPath>md4.c</FilenameWithoutPath>
-      <RteFlg>0</RteFlg>
-      <bShared>0</bShared>
-    </File>
-    <File>
-      <GroupNumber>5</GroupNumber>
-      <FileNumber>45</FileNumber>
-      <FileType>1</FileType>
-      <tvExp>0</tvExp>
-      <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
-      <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
-      <bDave2>0</bDave2>
-      <PathWithFileName>..\..\..\ctaocrypt\src\md5.c</PathWithFileName>
-      <FilenameWithoutPath>md5.c</FilenameWithoutPath>
-      <RteFlg>0</RteFlg>
-      <bShared>0</bShared>
-    </File>
-    <File>
-      <GroupNumber>5</GroupNumber>
-      <FileNumber>46</FileNumber>
-      <FileType>1</FileType>
-      <tvExp>0</tvExp>
-      <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
-      <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
-      <bDave2>0</bDave2>
-      <PathWithFileName>..\..\..\ctaocrypt\src\memory.c</PathWithFileName>
-      <FilenameWithoutPath>memory.c</FilenameWithoutPath>
-      <RteFlg>0</RteFlg>
-      <bShared>0</bShared>
-    </File>
-    <File>
-      <GroupNumber>5</GroupNumber>
-      <FileNumber>47</FileNumber>
-      <FileType>1</FileType>
-      <tvExp>0</tvExp>
-      <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
-      <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
-      <bDave2>0</bDave2>
-      <PathWithFileName>..\..\..\ctaocrypt\src\misc.c</PathWithFileName>
-      <FilenameWithoutPath>misc.c</FilenameWithoutPath>
-      <RteFlg>0</RteFlg>
-      <bShared>0</bShared>
-    </File>
-    <File>
-      <GroupNumber>5</GroupNumber>
-      <FileNumber>48</FileNumber>
-      <FileType>1</FileType>
-      <tvExp>0</tvExp>
-      <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
-      <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
-      <bDave2>0</bDave2>
-      <PathWithFileName>..\..\..\ctaocrypt\src\wc_port.c</PathWithFileName>
-      <FilenameWithoutPath>wc_port.c</FilenameWithoutPath>
-      <RteFlg>0</RteFlg>
-      <bShared>0</bShared>
-    </File>
-    <File>
-      <GroupNumber>5</GroupNumber>
-      <FileNumber>49</FileNumber>
-      <FileType>1</FileType>
-      <tvExp>0</tvExp>
-      <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
-      <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
-      <bDave2>0</bDave2>
-      <PathWithFileName>..\..\..\ctaocrypt\src\pwdbased.c</PathWithFileName>
-      <FilenameWithoutPath>pwdbased.c</FilenameWithoutPath>
-      <RteFlg>0</RteFlg>
-      <bShared>0</bShared>
-    </File>
-    <File>
-      <GroupNumber>5</GroupNumber>
-      <FileNumber>50</FileNumber>
-      <FileType>1</FileType>
-      <tvExp>0</tvExp>
-      <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
-      <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
-      <bDave2>0</bDave2>
-      <PathWithFileName>..\..\..\ctaocrypt\src\rabbit.c</PathWithFileName>
-      <FilenameWithoutPath>rabbit.c</FilenameWithoutPath>
-      <RteFlg>0</RteFlg>
-      <bShared>0</bShared>
-    </File>
-    <File>
-      <GroupNumber>5</GroupNumber>
-      <FileNumber>51</FileNumber>
-      <FileType>1</FileType>
-      <tvExp>0</tvExp>
-      <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
-      <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
-      <bDave2>0</bDave2>
-      <PathWithFileName>..\..\..\ctaocrypt\src\random.c</PathWithFileName>
-      <FilenameWithoutPath>random.c</FilenameWithoutPath>
-      <RteFlg>0</RteFlg>
-      <bShared>0</bShared>
-    </File>
-    <File>
-      <GroupNumber>5</GroupNumber>
-      <FileNumber>52</FileNumber>
-      <FileType>1</FileType>
-      <tvExp>0</tvExp>
-      <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
-      <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
-      <bDave2>0</bDave2>
-      <PathWithFileName>..\..\..\ctaocrypt\src\ripemd.c</PathWithFileName>
-      <FilenameWithoutPath>ripemd.c</FilenameWithoutPath>
-      <RteFlg>0</RteFlg>
-      <bShared>0</bShared>
-    </File>
-    <File>
-      <GroupNumber>5</GroupNumber>
-      <FileNumber>53</FileNumber>
-      <FileType>1</FileType>
-      <tvExp>0</tvExp>
-      <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
-      <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
-      <bDave2>0</bDave2>
-      <PathWithFileName>..\..\..\ctaocrypt\src\rsa.c</PathWithFileName>
-      <FilenameWithoutPath>rsa.c</FilenameWithoutPath>
-      <RteFlg>0</RteFlg>
-      <bShared>0</bShared>
-    </File>
-    <File>
-      <GroupNumber>5</GroupNumber>
-      <FileNumber>54</FileNumber>
-      <FileType>1</FileType>
-      <tvExp>0</tvExp>
-      <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
-      <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
-      <bDave2>0</bDave2>
-      <PathWithFileName>..\..\..\ctaocrypt\src\sha.c</PathWithFileName>
-      <FilenameWithoutPath>sha.c</FilenameWithoutPath>
-      <RteFlg>0</RteFlg>
-      <bShared>0</bShared>
-    </File>
-    <File>
-      <GroupNumber>5</GroupNumber>
-      <FileNumber>55</FileNumber>
-      <FileType>1</FileType>
-      <tvExp>0</tvExp>
-      <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
-      <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
-      <bDave2>0</bDave2>
-      <PathWithFileName>..\..\..\ctaocrypt\src\sha256.c</PathWithFileName>
-      <FilenameWithoutPath>sha256.c</FilenameWithoutPath>
-      <RteFlg>0</RteFlg>
-      <bShared>0</bShared>
-    </File>
-    <File>
-      <GroupNumber>5</GroupNumber>
-      <FileNumber>56</FileNumber>
-      <FileType>1</FileType>
-      <tvExp>0</tvExp>
-      <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
-      <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
-      <bDave2>0</bDave2>
-      <PathWithFileName>..\..\..\ctaocrypt\src\sha512.c</PathWithFileName>
-      <FilenameWithoutPath>sha512.c</FilenameWithoutPath>
-      <RteFlg>0</RteFlg>
-      <bShared>0</bShared>
-    </File>
-    <File>
-      <GroupNumber>5</GroupNumber>
-      <FileNumber>57</FileNumber>
-      <FileType>1</FileType>
-      <tvExp>0</tvExp>
-      <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
-      <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
-      <bDave2>0</bDave2>
-      <PathWithFileName>..\..\..\ctaocrypt\src\tfm.c</PathWithFileName>
-      <FilenameWithoutPath>tfm.c</FilenameWithoutPath>
+      <PathWithFileName>C:\Keil_v5\ARM\RV31\LIB\FS_CM3.lib</PathWithFileName>
+      <FilenameWithoutPath>FS_CM3.lib</FilenameWithoutPath>
       <RteFlg>0</RteFlg>
       <bShared>0</bShared>
     </File>
@@ -1452,31 +773,12 @@
     <cbSel>0</cbSel>
     <RteFlg>0</RteFlg>
     <File>
-      <GroupNumber>6</GroupNumber>
-      <FileNumber>58</FileNumber>
+      <GroupNumber>3</GroupNumber>
+      <FileNumber>16</FileNumber>
       <FileType>1</FileType>
       <tvExp>0</tvExp>
       <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
       <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
-      <bDave2>0</bDave2>
-      <PathWithFileName>..\MDK-ARM\config\File_Config.c</PathWithFileName>
-      <FilenameWithoutPath>File_Config.c</FilenameWithoutPath>
-      <RteFlg>0</RteFlg>
-      <bShared>0</bShared>
-    </File>
-    <File>
-      <GroupNumber>6</GroupNumber>
-      <FileNumber>59</FileNumber>
-      <FileType>1</FileType>
-      <tvExp>0</tvExp>
-      <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
-      <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
       <bDave2>0</bDave2>
       <PathWithFileName>..\MDK-ARM\config\Net_Config.c</PathWithFileName>
       <FilenameWithoutPath>Net_Config.c</FilenameWithoutPath>
@@ -1484,31 +786,25 @@
       <bShared>0</bShared>
     </File>
     <File>
-      <GroupNumber>6</GroupNumber>
-      <FileNumber>60</FileNumber>
+      <GroupNumber>3</GroupNumber>
+      <FileNumber>17</FileNumber>
       <FileType>5</FileType>
       <tvExp>0</tvExp>
       <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
       <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
       <bDave2>0</bDave2>
-      <PathWithFileName>..\MDK-ARM\CyaSSL\config.h</PathWithFileName>
+      <PathWithFileName>..\MDK-ARM\wolfSSL\config.h</PathWithFileName>
       <FilenameWithoutPath>config.h</FilenameWithoutPath>
       <RteFlg>0</RteFlg>
       <bShared>0</bShared>
     </File>
     <File>
-      <GroupNumber>6</GroupNumber>
-      <FileNumber>61</FileNumber>
+      <GroupNumber>3</GroupNumber>
+      <FileNumber>18</FileNumber>
       <FileType>1</FileType>
       <tvExp>0</tvExp>
       <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
       <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
       <bDave2>0</bDave2>
       <PathWithFileName>..\MDK-ARM\config\RTX_Conf_CM.c</PathWithFileName>
       <FilenameWithoutPath>RTX_Conf_CM.c</FilenameWithoutPath>
@@ -1516,15 +812,12 @@
       <bShared>0</bShared>
     </File>
     <File>
-      <GroupNumber>6</GroupNumber>
-      <FileNumber>62</FileNumber>
+      <GroupNumber>3</GroupNumber>
+      <FileNumber>19</FileNumber>
       <FileType>1</FileType>
       <tvExp>0</tvExp>
       <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
       <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
       <bDave2>0</bDave2>
       <PathWithFileName>..\MDK-ARM\config\Net_Debug.c</PathWithFileName>
       <FilenameWithoutPath>Net_Debug.c</FilenameWithoutPath>
@@ -1532,122 +825,174 @@
       <bShared>0</bShared>
     </File>
     <File>
-      <GroupNumber>6</GroupNumber>
-      <FileNumber>63</FileNumber>
+      <GroupNumber>3</GroupNumber>
+      <FileNumber>20</FileNumber>
       <FileType>5</FileType>
       <tvExp>0</tvExp>
       <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
       <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>1</TopLine>
-      <CurrentLine>1</CurrentLine>
       <bDave2>0</bDave2>
-      <PathWithFileName>..\MDK-ARM\CyaSSL\config-FS.h</PathWithFileName>
+      <PathWithFileName>..\MDK-ARM\wolfSSL\config-FS.h</PathWithFileName>
       <FilenameWithoutPath>config-FS.h</FilenameWithoutPath>
       <RteFlg>0</RteFlg>
       <bShared>0</bShared>
     </File>
     <File>
-      <GroupNumber>6</GroupNumber>
-      <FileNumber>64</FileNumber>
+      <GroupNumber>3</GroupNumber>
+      <FileNumber>21</FileNumber>
       <FileType>5</FileType>
       <tvExp>0</tvExp>
       <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
       <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
       <bDave2>0</bDave2>
-      <PathWithFileName>..\MDK-ARM\CyaSSL\config-RTX-TCP-FS.h</PathWithFileName>
+      <PathWithFileName>..\MDK-ARM\wolfSSL\config-RTX-TCP-FS.h</PathWithFileName>
       <FilenameWithoutPath>config-RTX-TCP-FS.h</FilenameWithoutPath>
       <RteFlg>0</RteFlg>
       <bShared>0</bShared>
     </File>
     <File>
-      <GroupNumber>6</GroupNumber>
-      <FileNumber>65</FileNumber>
+      <GroupNumber>3</GroupNumber>
+      <FileNumber>22</FileNumber>
       <FileType>5</FileType>
       <tvExp>0</tvExp>
       <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
       <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
       <bDave2>0</bDave2>
-      <PathWithFileName>..\MDK-ARM\CyaSSL\config-BARE-METAL.h</PathWithFileName>
+      <PathWithFileName>..\MDK-ARM\wolfSSL\config-BARE-METAL.h</PathWithFileName>
       <FilenameWithoutPath>config-BARE-METAL.h</FilenameWithoutPath>
       <RteFlg>0</RteFlg>
       <bShared>0</bShared>
     </File>
     <File>
-      <GroupNumber>6</GroupNumber>
-      <FileNumber>66</FileNumber>
+      <GroupNumber>3</GroupNumber>
+      <FileNumber>23</FileNumber>
       <FileType>2</FileType>
       <tvExp>0</tvExp>
       <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
       <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>152</TopLine>
-      <CurrentLine>169</CurrentLine>
       <bDave2>0</bDave2>
-      <PathWithFileName>..\MDK-ARM\config\startup_stm32f2xx.s</PathWithFileName>
+      <PathWithFileName>..\STM32F2xx\startup_stm32f2xx.s</PathWithFileName>
       <FilenameWithoutPath>startup_stm32f2xx.s</FilenameWithoutPath>
       <RteFlg>0</RteFlg>
       <bShared>0</bShared>
     </File>
+    <File>
+      <GroupNumber>3</GroupNumber>
+      <FileNumber>24</FileNumber>
+      <FileType>1</FileType>
+      <tvExp>0</tvExp>
+      <Focus>0</Focus>
+      <tvExpOptDlg>0</tvExpOptDlg>
+      <bDave2>0</bDave2>
+      <PathWithFileName>C:\Keil\ARM\Boards\Keil\MCBSTM32F200\RL\FlashFS\SD_File\File_Config.c</PathWithFileName>
+      <FilenameWithoutPath>File_Config.c</FilenameWithoutPath>
+      <RteFlg>0</RteFlg>
+      <bShared>0</bShared>
+    </File>
+    <File>
+      <GroupNumber>3</GroupNumber>
+      <FileNumber>25</FileNumber>
+      <FileType>5</FileType>
+      <tvExp>0</tvExp>
+      <Focus>0</Focus>
+      <tvExpOptDlg>0</tvExpOptDlg>
+      <bDave2>0</bDave2>
+      <PathWithFileName>..\MDK-ARM\wolfSSL\config-WOLFLIB.h</PathWithFileName>
+      <FilenameWithoutPath>config-WOLFLIB.h</FilenameWithoutPath>
+      <RteFlg>0</RteFlg>
+      <bShared>0</bShared>
+    </File>
   </Group>
 
   <Group>
-    <GroupName>CyaSSL-MDK</GroupName>
+    <GroupName>wolfSSL-MDK</GroupName>
     <tvExp>1</tvExp>
     <tvExpOptDlg>0</tvExpOptDlg>
     <cbSel>0</cbSel>
     <RteFlg>0</RteFlg>
     <File>
-      <GroupNumber>7</GroupNumber>
-      <FileNumber>67</FileNumber>
+      <GroupNumber>4</GroupNumber>
+      <FileNumber>26</FileNumber>
       <FileType>1</FileType>
       <tvExp>0</tvExp>
       <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
       <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>182</TopLine>
-      <CurrentLine>222</CurrentLine>
       <bDave2>0</bDave2>
-      <PathWithFileName>..\MDK-ARM\CyaSSL\cyassl_MDK_ARM.c</PathWithFileName>
-      <FilenameWithoutPath>cyassl_MDK_ARM.c</FilenameWithoutPath>
-      <RteFlg>0</RteFlg>
-      <bShared>0</bShared>
-    </File>
-    <File>
-      <GroupNumber>7</GroupNumber>
-      <FileNumber>68</FileNumber>
-      <FileType>1</FileType>
-      <tvExp>1</tvExp>
-      <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
-      <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
-      <bDave2>0</bDave2>
-      <PathWithFileName>..\MDK-ARM\CyaSSL\Retarget.c</PathWithFileName>
+      <PathWithFileName>..\MDK-ARM\wolfSSL\Retarget.c</PathWithFileName>
       <FilenameWithoutPath>Retarget.c</FilenameWithoutPath>
       <RteFlg>0</RteFlg>
       <bShared>0</bShared>
     </File>
     <File>
-      <GroupNumber>7</GroupNumber>
-      <FileNumber>69</FileNumber>
+      <GroupNumber>4</GroupNumber>
+      <FileNumber>27</FileNumber>
       <FileType>1</FileType>
       <tvExp>0</tvExp>
       <Focus>0</Focus>
-      <ColumnNumber>1</ColumnNumber>
       <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
       <bDave2>0</bDave2>
-      <PathWithFileName>..\STM32F2xx_StdPeriph_Lib\time-STM32F2xx.c</PathWithFileName>
-      <FilenameWithoutPath>time-STM32F2xx.c</FilenameWithoutPath>
+      <PathWithFileName>..\MDK-ARM\wolfSSL\time-CortexM3-4.c</PathWithFileName>
+      <FilenameWithoutPath>time-CortexM3-4.c</FilenameWithoutPath>
+      <RteFlg>0</RteFlg>
+      <bShared>0</bShared>
+    </File>
+    <File>
+      <GroupNumber>4</GroupNumber>
+      <FileNumber>28</FileNumber>
+      <FileType>1</FileType>
+      <tvExp>0</tvExp>
+      <Focus>0</Focus>
+      <tvExpOptDlg>0</tvExpOptDlg>
+      <bDave2>0</bDave2>
+      <PathWithFileName>..\MDK-ARM\wolfSSL\time-dummy.c</PathWithFileName>
+      <FilenameWithoutPath>time-dummy.c</FilenameWithoutPath>
+      <RteFlg>0</RteFlg>
+      <bShared>0</bShared>
+    </File>
+    <File>
+      <GroupNumber>4</GroupNumber>
+      <FileNumber>29</FileNumber>
+      <FileType>1</FileType>
+      <tvExp>0</tvExp>
+      <Focus>0</Focus>
+      <tvExpOptDlg>0</tvExpOptDlg>
+      <bDave2>0</bDave2>
+      <PathWithFileName>..\MDK-ARM\wolfSSL\wolfssl_MDK_ARM.c</PathWithFileName>
+      <FilenameWithoutPath>wolfssl_MDK_ARM.c</FilenameWithoutPath>
+      <RteFlg>0</RteFlg>
+      <bShared>0</bShared>
+    </File>
+    <File>
+      <GroupNumber>4</GroupNumber>
+      <FileNumber>30</FileNumber>
+      <FileType>1</FileType>
+      <tvExp>0</tvExp>
+      <Focus>0</Focus>
+      <tvExpOptDlg>0</tvExpOptDlg>
+      <bDave2>0</bDave2>
+      <PathWithFileName>C:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\Blinky_ULp\Serial.c</PathWithFileName>
+      <FilenameWithoutPath>Serial.c</FilenameWithoutPath>
+      <RteFlg>0</RteFlg>
+      <bShared>0</bShared>
+    </File>
+  </Group>
+
+  <Group>
+    <GroupName>wolfSSL-Lib</GroupName>
+    <tvExp>1</tvExp>
+    <tvExpOptDlg>0</tvExpOptDlg>
+    <cbSel>0</cbSel>
+    <RteFlg>0</RteFlg>
+    <File>
+      <GroupNumber>5</GroupNumber>
+      <FileNumber>31</FileNumber>
+      <FileType>4</FileType>
+      <tvExp>0</tvExp>
+      <Focus>0</Focus>
+      <tvExpOptDlg>0</tvExpOptDlg>
+      <bDave2>0</bDave2>
+      <PathWithFileName>.\wolfSSL-lib\wolfSSL.lib</PathWithFileName>
+      <FilenameWithoutPath>wolfSSL.lib</FilenameWithoutPath>
       <RteFlg>0</RteFlg>
       <bShared>0</bShared>
     </File>
diff --git a/IDE/MDK-ARM/Projects/MDK-ARM-STM32F2xx.uvproj b/IDE/MDK-ARM/Projects/MDK-ARM-STM32F2xx.uvproj
index f7cf9b176..345a4d485 100644
--- a/IDE/MDK-ARM/Projects/MDK-ARM-STM32F2xx.uvproj
+++ b/IDE/MDK-ARM/Projects/MDK-ARM-STM32F2xx.uvproj
@@ -30,6 +30,7 @@
           <SLE66AMisc></SLE66AMisc>
           <SLE66LinkerMisc></SLE66LinkerMisc>
           <SFDFile>SFD\ST\STM32F2xx\STM32F20x.sfr</SFDFile>
+          <bCustSvd>0</bCustSvd>
           <UseEnv>0</UseEnv>
           <BinPath></BinPath>
           <IncludePath></IncludePath>
@@ -71,6 +72,8 @@
             <UserProg2Name></UserProg2Name>
             <UserProg1Dos16Mode>0</UserProg1Dos16Mode>
             <UserProg2Dos16Mode>0</UserProg2Dos16Mode>
+            <nStopB1X>0</nStopB1X>
+            <nStopB2X>0</nStopB2X>
           </BeforeMake>
           <AfterMake>
             <RunUserProg1>0</RunUserProg1>
@@ -97,6 +100,7 @@
           <StopOnExitCode>3</StopOnExitCode>
           <CustomArgument></CustomArgument>
           <IncludeLibraryModules></IncludeLibraryModules>
+          <ComprImg>1</ComprImg>
         </CommonProperty>
         <DllOption>
           <SimDllName>SARMCM3.DLL</SimDllName>
@@ -126,20 +130,22 @@
             <RestoreFunctions>1</RestoreFunctions>
             <RestoreToolbox>1</RestoreToolbox>
             <LimitSpeedToRealTime>0</LimitSpeedToRealTime>
+            <RestoreSysVw>1</RestoreSysVw>
           </Simulator>
           <Target>
             <UseTarget>1</UseTarget>
             <LoadApplicationAtStartup>1</LoadApplicationAtStartup>
-            <RunToMain>0</RunToMain>
+            <RunToMain>1</RunToMain>
             <RestoreBreakpoints>1</RestoreBreakpoints>
             <RestoreWatchpoints>1</RestoreWatchpoints>
             <RestoreMemoryDisplay>1</RestoreMemoryDisplay>
             <RestoreFunctions>0</RestoreFunctions>
             <RestoreToolbox>1</RestoreToolbox>
             <RestoreTracepoints>0</RestoreTracepoints>
+            <RestoreSysVw>1</RestoreSysVw>
           </Target>
           <RunDebugAfterBuild>0</RunDebugAfterBuild>
-          <TargetSelection>9</TargetSelection>
+          <TargetSelection>7</TargetSelection>
           <SimDlls>
             <CpuDll></CpuDll>
             <CpuDllArguments></CpuDllArguments>
@@ -152,7 +158,7 @@
             <CpuDllArguments></CpuDllArguments>
             <PeripheralDll></PeripheralDll>
             <PeripheralDllArguments></PeripheralDllArguments>
-            <InitializationFile>..\MDK-ARM\config\STM32_SWO.ini</InitializationFile>
+            <InitializationFile>c:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\Blinky_ULp\STM32_SWO.ini</InitializationFile>
             <Driver>BIN\ULP2CM3.DLL</Driver>
           </TargetDlls>
         </DebugOption>
@@ -169,6 +175,10 @@
           <Flash2>BIN\ULP2CM3.DLL</Flash2>
           <Flash3>"" ()</Flash3>
           <Flash4></Flash4>
+          <pFcarmOut></pFcarmOut>
+          <pFcarmGrp></pFcarmGrp>
+          <pFcArmRoot></pFcArmRoot>
+          <FcArmLst>0</FcArmLst>
         </Utilities>
         <TargetArmAds>
           <ArmAdsMisc>
@@ -347,11 +357,13 @@
             <wLevel>0</wLevel>
             <uThumb>0</uThumb>
             <uSurpInc>0</uSurpInc>
+            <uC99>0</uC99>
+            <useXO>0</useXO>
             <VariousControls>
               <MiscControls></MiscControls>
               <Define>HAVE_CONFIG_H CYASSL_STM32F2xx __DBG_ITM __RTX MDK_CONF_RTX_TCP_FS</Define>
               <Undefine></Undefine>
-              <IncludePath>..\MDK-ARM\CyaSSL;C:..\STM32F2xx_StdPeriph_Lib\inc;..\..\..\</IncludePath>
+              <IncludePath>..\MDK-ARM\wolfSSL;..\..\..\; .\; C:\Keil_v5\ARM\RV31\INC</IncludePath>
             </VariousControls>
           </Cads>
           <Aads>
@@ -363,6 +375,7 @@
             <SwStkChk>0</SwStkChk>
             <NoWarn>0</NoWarn>
             <uSurpInc>0</uSurpInc>
+            <useXO>0</useXO>
             <VariousControls>
               <MiscControls></MiscControls>
               <Define></Define>
@@ -379,6 +392,7 @@
             <useFile>0</useFile>
             <TextAddressRange>0x08000000</TextAddressRange>
             <DataAddressRange>0x20000000</DataAddressRange>
+            <pXoBase></pXoBase>
             <ScatterFile></ScatterFile>
             <IncludeLibs></IncludeLibs>
             <IncludeLibsPath></IncludeLibsPath>
@@ -390,8 +404,38 @@
       </TargetOption>
       <Groups>
         <Group>
-          <GroupName>CyaSSL Apps</GroupName>
+          <GroupName>wolfSSL Apps</GroupName>
           <Files>
+            <File>
+              <FileName>client.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\examples\client\client.c</FilePath>
+            </File>
+            <File>
+              <FileName>shell.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\MDK-ARM\wolfSSL\shell.c</FilePath>
+            </File>
+            <File>
+              <FileName>server.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\examples\server\server.c</FilePath>
+            </File>
+            <File>
+              <FileName>main.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\MDK-ARM\wolfSSL\main.c</FilePath>
+            </File>
+            <File>
+              <FileName>test.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\test\test.c</FilePath>
+            </File>
+            <File>
+              <FileName>benchmark.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\benchmark\benchmark.c</FilePath>
+            </File>
             <File>
               <FileName>echoclient.c</FileName>
               <FileType>1</FileType>
@@ -402,78 +446,25 @@
               <FileType>1</FileType>
               <FilePath>..\..\..\examples\echoserver\echoserver.c</FilePath>
             </File>
-            <File>
-              <FileName>test.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\test\test.c</FilePath>
-            </File>
-            <File>
-              <FileName>benchmark.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\benchmark\benchmark.c</FilePath>
-            </File>
-            <File>
-              <FileName>client.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\examples\client\client.c</FilePath>
-            </File>
-            <File>
-              <FileName>server.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\examples\server\server.c</FilePath>
-            </File>
-            <File>
-              <FileName>shell.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\MDK-ARM\CyaSSL\shell.c</FilePath>
-            </File>
-            <File>
-              <FileName>main.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\MDK-ARM\CyaSSL\main.c</FilePath>
-            </File>
-            <File>
-              <FileName>cert_data.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\MDK-ARM\CyaSSL\cert_data.c</FilePath>
-            </File>
           </Files>
         </Group>
-        <Group>
-          <GroupName>STM32F2xx_StdPeriph_Lib</GroupName>
-        </Group>
         <Group>
           <GroupName>MDK-ARM</GroupName>
           <Files>
-            <File>
-              <FileName>Serial.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>c:\Keil\ARM\Boards\Keil\MCBSTM32F200\RL\FlashFS\SD_File\Serial.c</FilePath>
-            </File>
-            <File>
-              <FileName>SDIO_STM32F2xx.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>c:\Keil\ARM\RL\FlashFS\Drivers\SDIO_STM32F2xx.c</FilePath>
-            </File>
-            <File>
-              <FileName>FS_CM3.lib</FileName>
-              <FileType>4</FileType>
-              <FilePath>c:\Keil\ARM\RV31\LIB\FS_CM3.lib</FilePath>
-            </File>
             <File>
               <FileName>RTX_CM3.lib</FileName>
               <FileType>4</FileType>
-              <FilePath>c:\Keil\ARM\RV31\LIB\\RTX_CM3.lib</FilePath>
+              <FilePath>c:\Keil_v5\ARM\RV31\LIB\\RTX_CM3.lib</FilePath>
             </File>
             <File>
               <FileName>ETH_STM32F2xx.c</FileName>
               <FileType>1</FileType>
-              <FilePath>c:\Keil\ARM\RL\TCPnet\Drivers\ETH_STM32F2xx.c</FilePath>
+              <FilePath>c:\Keil_v5\ARM\RL\TCPnet\Drivers\ETH_STM32F2xx.c</FilePath>
             </File>
             <File>
               <FileName>TCPD_CM3.lib</FileName>
               <FileType>4</FileType>
-              <FilePath>c:\Keil\ARM\RV31\LIB\TCPD_CM3.lib</FilePath>
+              <FilePath>c:\Keil_v5\ARM\RV31\LIB\TCPD_CM3.lib</FilePath>
               <FileOption>
                 <CommonProperty>
                   <UseCPPCompiler>2</UseCPPCompiler>
@@ -489,6 +480,7 @@
                   <StopOnExitCode>11</StopOnExitCode>
                   <CustomArgument></CustomArgument>
                   <IncludeLibraryModules></IncludeLibraryModules>
+                  <ComprImg>1</ComprImg>
                 </CommonProperty>
                 <FileArmAds/>
               </FileOption>
@@ -496,313 +488,28 @@
             <File>
               <FileName>TCP_CM3.lib</FileName>
               <FileType>4</FileType>
-              <FilePath>c:\Keil\ARM\RV31\LIB\TCP_CM3.lib</FilePath>
+              <FilePath>c:\Keil_v5\ARM\RV31\LIB\TCP_CM3.lib</FilePath>
             </File>
             <File>
               <FileName>system_stm32f2xx.c</FileName>
               <FileType>1</FileType>
-              <FilePath>C:\Keil\ARM\Startup\ST\STM32F2xx\system_stm32f2xx.c</FilePath>
-            </File>
-          </Files>
-        </Group>
-        <Group>
-          <GroupName>CyaSSL Library</GroupName>
-          <Files>
-            <File>
-              <FileName>crl.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\src\crl.c</FilePath>
+              <FilePath>C:\Keil_v5\ARM\Startup\ST\STM32F2xx\system_stm32f2xx.c</FilePath>
             </File>
             <File>
-              <FileName>internal.c</FileName>
+              <FileName>SDIO_STM32F2xx.c</FileName>
               <FileType>1</FileType>
-              <FilePath>..\..\..\src\internal.c</FilePath>
+              <FilePath>C:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\RL\FlashFS\SD_File\SDIO_STM32F2xx.c</FilePath>
             </File>
             <File>
-              <FileName>io.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\src\io.c</FilePath>
-            </File>
-            <File>
-              <FileName>keys.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\src\keys.c</FilePath>
-            </File>
-            <File>
-              <FileName>ocsp.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\src\ocsp.c</FilePath>
-            </File>
-            <File>
-              <FileName>sniffer.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\src\sniffer.c</FilePath>
-            </File>
-            <File>
-              <FileName>ssl.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\src\ssl.c</FilePath>
-            </File>
-            <File>
-              <FileName>tls.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\src\tls.c</FilePath>
-            </File>
-            <File>
-              <FileName>ssl-dummy.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\MDK-ARM\CyaSSL\ssl-dummy.c</FilePath>
-              <FileOption>
-                <CommonProperty>
-                  <UseCPPCompiler>2</UseCPPCompiler>
-                  <RVCTCodeConst>0</RVCTCodeConst>
-                  <RVCTZI>0</RVCTZI>
-                  <RVCTOtherData>0</RVCTOtherData>
-                  <ModuleSelection>0</ModuleSelection>
-                  <IncludeInBuild>0</IncludeInBuild>
-                  <AlwaysBuild>2</AlwaysBuild>
-                  <GenerateAssemblyFile>2</GenerateAssemblyFile>
-                  <AssembleAssemblyFile>2</AssembleAssemblyFile>
-                  <PublicsOnly>2</PublicsOnly>
-                  <StopOnExitCode>11</StopOnExitCode>
-                  <CustomArgument></CustomArgument>
-                  <IncludeLibraryModules></IncludeLibraryModules>
-                </CommonProperty>
-                <FileArmAds>
-                  <Cads>
-                    <interw>2</interw>
-                    <Optim>0</Optim>
-                    <oTime>2</oTime>
-                    <SplitLS>2</SplitLS>
-                    <OneElfS>2</OneElfS>
-                    <Strict>2</Strict>
-                    <EnumInt>2</EnumInt>
-                    <PlainCh>2</PlainCh>
-                    <Ropi>2</Ropi>
-                    <Rwpi>2</Rwpi>
-                    <wLevel>0</wLevel>
-                    <uThumb>2</uThumb>
-                    <uSurpInc>2</uSurpInc>
-                    <VariousControls>
-                      <MiscControls></MiscControls>
-                      <Define></Define>
-                      <Undefine></Undefine>
-                      <IncludePath></IncludePath>
-                    </VariousControls>
-                  </Cads>
-                </FileArmAds>
-              </FileOption>
-            </File>
-          </Files>
-        </Group>
-        <Group>
-          <GroupName>Crypt/Cipher Library</GroupName>
-          <Files>
-            <File>
-              <FileName>aes.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\aes.c</FilePath>
-            </File>
-            <File>
-              <FileName>arc4.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\arc4.c</FilePath>
-            </File>
-            <File>
-              <FileName>asm.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\asm.c</FilePath>
-            </File>
-            <File>
-              <FileName>asn.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\asn.c</FilePath>
-            </File>
-            <File>
-              <FileName>camellia.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\camellia.c</FilePath>
-            </File>
-            <File>
-              <FileName>coding.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\coding.c</FilePath>
-            </File>
-            <File>
-              <FileName>des3.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\des3.c</FilePath>
-            </File>
-            <File>
-              <FileName>dh.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\dh.c</FilePath>
-            </File>
-            <File>
-              <FileName>dsa.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\dsa.c</FilePath>
-            </File>
-            <File>
-              <FileName>ecc.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\ecc.c</FilePath>
-            </File>
-            <File>
-              <FileName>ecc_fp.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\ecc_fp.c</FilePath>
-            </File>
-            <File>
-              <FileName>error.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\error.c</FilePath>
-            </File>
-            <File>
-              <FileName>hc128.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\hc128.c</FilePath>
-            </File>
-            <File>
-              <FileName>hmac.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\hmac.c</FilePath>
-            </File>
-            <File>
-              <FileName>integer.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\integer.c</FilePath>
-            </File>
-            <File>
-              <FileName>logging.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\logging.c</FilePath>
-            </File>
-            <File>
-              <FileName>md2.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\md2.c</FilePath>
-            </File>
-            <File>
-              <FileName>md4.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\md4.c</FilePath>
-            </File>
-            <File>
-              <FileName>md5.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\md5.c</FilePath>
-            </File>
-            <File>
-              <FileName>memory.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\memory.c</FilePath>
-            </File>
-            <File>
-              <FileName>misc.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\misc.c</FilePath>
-            </File>
-            <File>
-              <FileName>wc_port.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\wc_port.c</FilePath>
-            </File>
-            <File>
-              <FileName>pwdbased.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\pwdbased.c</FilePath>
-            </File>
-            <File>
-              <FileName>rabbit.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\rabbit.c</FilePath>
-            </File>
-            <File>
-              <FileName>random.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\random.c</FilePath>
-            </File>
-            <File>
-              <FileName>ripemd.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\ripemd.c</FilePath>
-            </File>
-            <File>
-              <FileName>rsa.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\rsa.c</FilePath>
-            </File>
-            <File>
-              <FileName>sha.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\sha.c</FilePath>
-            </File>
-            <File>
-              <FileName>sha256.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\sha256.c</FilePath>
-            </File>
-            <File>
-              <FileName>sha512.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\sha512.c</FilePath>
-            </File>
-            <File>
-              <FileName>tfm.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\tfm.c</FilePath>
-              <FileOption>
-                <CommonProperty>
-                  <UseCPPCompiler>2</UseCPPCompiler>
-                  <RVCTCodeConst>0</RVCTCodeConst>
-                  <RVCTZI>0</RVCTZI>
-                  <RVCTOtherData>0</RVCTOtherData>
-                  <ModuleSelection>0</ModuleSelection>
-                  <IncludeInBuild>0</IncludeInBuild>
-                  <AlwaysBuild>2</AlwaysBuild>
-                  <GenerateAssemblyFile>2</GenerateAssemblyFile>
-                  <AssembleAssemblyFile>2</AssembleAssemblyFile>
-                  <PublicsOnly>2</PublicsOnly>
-                  <StopOnExitCode>11</StopOnExitCode>
-                  <CustomArgument></CustomArgument>
-                  <IncludeLibraryModules></IncludeLibraryModules>
-                </CommonProperty>
-                <FileArmAds>
-                  <Cads>
-                    <interw>2</interw>
-                    <Optim>0</Optim>
-                    <oTime>2</oTime>
-                    <SplitLS>2</SplitLS>
-                    <OneElfS>2</OneElfS>
-                    <Strict>2</Strict>
-                    <EnumInt>2</EnumInt>
-                    <PlainCh>2</PlainCh>
-                    <Ropi>2</Ropi>
-                    <Rwpi>2</Rwpi>
-                    <wLevel>0</wLevel>
-                    <uThumb>2</uThumb>
-                    <uSurpInc>2</uSurpInc>
-                    <VariousControls>
-                      <MiscControls></MiscControls>
-                      <Define></Define>
-                      <Undefine></Undefine>
-                      <IncludePath></IncludePath>
-                    </VariousControls>
-                  </Cads>
-                </FileArmAds>
-              </FileOption>
+              <FileName>FS_CM3.lib</FileName>
+              <FileType>4</FileType>
+              <FilePath>C:\Keil_v5\ARM\RV31\LIB\FS_CM3.lib</FilePath>
             </File>
           </Files>
         </Group>
         <Group>
           <GroupName>Configuration</GroupName>
           <Files>
-            <File>
-              <FileName>File_Config.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\MDK-ARM\config\File_Config.c</FilePath>
-            </File>
             <File>
               <FileName>Net_Config.c</FileName>
               <FileType>1</FileType>
@@ -811,7 +518,7 @@
             <File>
               <FileName>config.h</FileName>
               <FileType>5</FileType>
-              <FilePath>..\MDK-ARM\CyaSSL\config.h</FilePath>
+              <FilePath>..\MDK-ARM\wolfSSL\config.h</FilePath>
             </File>
             <File>
               <FileName>RTX_Conf_CM.c</FileName>
@@ -837,6 +544,7 @@
                   <StopOnExitCode>11</StopOnExitCode>
                   <CustomArgument></CustomArgument>
                   <IncludeLibraryModules></IncludeLibraryModules>
+                  <ComprImg>1</ComprImg>
                 </CommonProperty>
                 <FileArmAds>
                   <Cads>
@@ -853,6 +561,8 @@
                     <wLevel>0</wLevel>
                     <uThumb>2</uThumb>
                     <uSurpInc>2</uSurpInc>
+                    <uC99>2</uC99>
+                    <useXO>2</useXO>
                     <VariousControls>
                       <MiscControls></MiscControls>
                       <Define></Define>
@@ -866,42 +576,91 @@
             <File>
               <FileName>config-FS.h</FileName>
               <FileType>5</FileType>
-              <FilePath>..\MDK-ARM\CyaSSL\config-FS.h</FilePath>
+              <FilePath>..\MDK-ARM\wolfSSL\config-FS.h</FilePath>
             </File>
             <File>
               <FileName>config-RTX-TCP-FS.h</FileName>
               <FileType>5</FileType>
-              <FilePath>..\MDK-ARM\CyaSSL\config-RTX-TCP-FS.h</FilePath>
+              <FilePath>..\MDK-ARM\wolfSSL\config-RTX-TCP-FS.h</FilePath>
             </File>
             <File>
               <FileName>config-BARE-METAL.h</FileName>
               <FileType>5</FileType>
-              <FilePath>..\MDK-ARM\CyaSSL\config-BARE-METAL.h</FilePath>
+              <FilePath>..\MDK-ARM\wolfSSL\config-BARE-METAL.h</FilePath>
             </File>
             <File>
               <FileName>startup_stm32f2xx.s</FileName>
               <FileType>2</FileType>
-              <FilePath>..\MDK-ARM\config\startup_stm32f2xx.s</FilePath>
+              <FilePath>..\STM32F2xx\startup_stm32f2xx.s</FilePath>
+            </File>
+            <File>
+              <FileName>File_Config.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>C:\Keil\ARM\Boards\Keil\MCBSTM32F200\RL\FlashFS\SD_File\File_Config.c</FilePath>
+            </File>
+            <File>
+              <FileName>config-WOLFLIB.h</FileName>
+              <FileType>5</FileType>
+              <FilePath>..\MDK-ARM\wolfSSL\config-WOLFLIB.h</FilePath>
             </File>
           </Files>
         </Group>
         <Group>
-          <GroupName>CyaSSL-MDK</GroupName>
+          <GroupName>wolfSSL-MDK</GroupName>
           <Files>
-            <File>
-              <FileName>cyassl_MDK_ARM.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\MDK-ARM\CyaSSL\cyassl_MDK_ARM.c</FilePath>
-            </File>
             <File>
               <FileName>Retarget.c</FileName>
               <FileType>1</FileType>
-              <FilePath>..\MDK-ARM\CyaSSL\Retarget.c</FilePath>
+              <FilePath>..\MDK-ARM\wolfSSL\Retarget.c</FilePath>
             </File>
             <File>
-              <FileName>time-STM32F2xx.c</FileName>
+              <FileName>time-CortexM3-4.c</FileName>
               <FileType>1</FileType>
-              <FilePath>..\STM32F2xx_StdPeriph_Lib\time-STM32F2xx.c</FilePath>
+              <FilePath>..\MDK-ARM\wolfSSL\time-CortexM3-4.c</FilePath>
+            </File>
+            <File>
+              <FileName>time-dummy.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\MDK-ARM\wolfSSL\time-dummy.c</FilePath>
+            </File>
+            <File>
+              <FileName>wolfssl_MDK_ARM.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\MDK-ARM\wolfSSL\wolfssl_MDK_ARM.c</FilePath>
+            </File>
+            <File>
+              <FileName>Serial.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>C:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\Blinky_ULp\Serial.c</FilePath>
+            </File>
+          </Files>
+        </Group>
+        <Group>
+          <GroupName>wolfSSL-Lib</GroupName>
+          <Files>
+            <File>
+              <FileName>wolfSSL.lib</FileName>
+              <FileType>4</FileType>
+              <FilePath>.\wolfSSL-lib\wolfSSL.lib</FilePath>
+              <FileOption>
+                <CommonProperty>
+                  <UseCPPCompiler>2</UseCPPCompiler>
+                  <RVCTCodeConst>0</RVCTCodeConst>
+                  <RVCTZI>0</RVCTZI>
+                  <RVCTOtherData>0</RVCTOtherData>
+                  <ModuleSelection>0</ModuleSelection>
+                  <IncludeInBuild>1</IncludeInBuild>
+                  <AlwaysBuild>2</AlwaysBuild>
+                  <GenerateAssemblyFile>2</GenerateAssemblyFile>
+                  <AssembleAssemblyFile>2</AssembleAssemblyFile>
+                  <PublicsOnly>2</PublicsOnly>
+                  <StopOnExitCode>11</StopOnExitCode>
+                  <CustomArgument></CustomArgument>
+                  <IncludeLibraryModules></IncludeLibraryModules>
+                  <ComprImg>1</ComprImg>
+                </CommonProperty>
+                <FileArmAds/>
+              </FileOption>
             </File>
           </Files>
         </Group>
@@ -931,6 +690,7 @@
           <SLE66AMisc></SLE66AMisc>
           <SLE66LinkerMisc></SLE66LinkerMisc>
           <SFDFile>SFD\ST\STM32F2xx\STM32F20x.sfr</SFDFile>
+          <bCustSvd>0</bCustSvd>
           <UseEnv>0</UseEnv>
           <BinPath></BinPath>
           <IncludePath></IncludePath>
@@ -972,6 +732,8 @@
             <UserProg2Name></UserProg2Name>
             <UserProg1Dos16Mode>0</UserProg1Dos16Mode>
             <UserProg2Dos16Mode>0</UserProg2Dos16Mode>
+            <nStopB1X>0</nStopB1X>
+            <nStopB2X>0</nStopB2X>
           </BeforeMake>
           <AfterMake>
             <RunUserProg1>0</RunUserProg1>
@@ -998,6 +760,7 @@
           <StopOnExitCode>3</StopOnExitCode>
           <CustomArgument></CustomArgument>
           <IncludeLibraryModules></IncludeLibraryModules>
+          <ComprImg>1</ComprImg>
         </CommonProperty>
         <DllOption>
           <SimDllName>SARMCM3.DLL</SimDllName>
@@ -1027,6 +790,7 @@
             <RestoreFunctions>1</RestoreFunctions>
             <RestoreToolbox>1</RestoreToolbox>
             <LimitSpeedToRealTime>0</LimitSpeedToRealTime>
+            <RestoreSysVw>1</RestoreSysVw>
           </Simulator>
           <Target>
             <UseTarget>1</UseTarget>
@@ -1038,9 +802,10 @@
             <RestoreFunctions>0</RestoreFunctions>
             <RestoreToolbox>1</RestoreToolbox>
             <RestoreTracepoints>0</RestoreTracepoints>
+            <RestoreSysVw>1</RestoreSysVw>
           </Target>
           <RunDebugAfterBuild>0</RunDebugAfterBuild>
-          <TargetSelection>9</TargetSelection>
+          <TargetSelection>1</TargetSelection>
           <SimDlls>
             <CpuDll></CpuDll>
             <CpuDllArguments></CpuDllArguments>
@@ -1053,8 +818,8 @@
             <CpuDllArguments></CpuDllArguments>
             <PeripheralDll></PeripheralDll>
             <PeripheralDllArguments></PeripheralDllArguments>
-            <InitializationFile>..\MDK-ARM\config\STM32_SWO.ini</InitializationFile>
-            <Driver>BIN\ULP2CM3.DLL</Driver>
+            <InitializationFile>..\..\..\..\..\..\..\Keil\ARM\Boards\Keil\MCBSTM32F200\Blinky_ULp\STM32_SWO.ini</InitializationFile>
+            <Driver>BIN\UL2CM3.DLL</Driver>
           </TargetDlls>
         </DebugOption>
         <Utilities>
@@ -1066,10 +831,14 @@
             <Capability>1</Capability>
             <DriverSelection>4100</DriverSelection>
           </Flash1>
-          <bUseTDR>0</bUseTDR>
+          <bUseTDR>1</bUseTDR>
           <Flash2>BIN\ULP2CM3.DLL</Flash2>
           <Flash3>"" ()</Flash3>
           <Flash4></Flash4>
+          <pFcarmOut></pFcarmOut>
+          <pFcarmGrp></pFcarmGrp>
+          <pFcArmRoot></pFcArmRoot>
+          <FcArmLst>0</FcArmLst>
         </Utilities>
         <TargetArmAds>
           <ArmAdsMisc>
@@ -1248,11 +1017,13 @@
             <wLevel>0</wLevel>
             <uThumb>0</uThumb>
             <uSurpInc>0</uSurpInc>
+            <uC99>0</uC99>
+            <useXO>0</useXO>
             <VariousControls>
               <MiscControls></MiscControls>
-              <Define>HAVE_CONFIG_H  CYASSL_STM32F2xx __DBG_ITM MDK_CONF_FS</Define>
+              <Define>HAVE_CONFIG_H WOLFSSL_STM32F2xx __DBG_ITM MDK_CONF_FS</Define>
               <Undefine></Undefine>
-              <IncludePath>..\MDK-ARM\CyaSSL;..\MDK-ARM\inc;..\STM32F2xx_StdPeriph_Lib\inc;..\POSIX\..\..\..\</IncludePath>
+              <IncludePath>..\MDK-ARM\wolfSSL;..\MDK-ARM\inc;..\..\..\</IncludePath>
             </VariousControls>
           </Cads>
           <Aads>
@@ -1264,6 +1035,7 @@
             <SwStkChk>0</SwStkChk>
             <NoWarn>0</NoWarn>
             <uSurpInc>0</uSurpInc>
+            <useXO>0</useXO>
             <VariousControls>
               <MiscControls></MiscControls>
               <Define></Define>
@@ -1280,6 +1052,7 @@
             <useFile>0</useFile>
             <TextAddressRange>0x08000000</TextAddressRange>
             <DataAddressRange>0x20000000</DataAddressRange>
+            <pXoBase></pXoBase>
             <ScatterFile></ScatterFile>
             <IncludeLibs></IncludeLibs>
             <IncludeLibsPath></IncludeLibsPath>
@@ -1291,8 +1064,124 @@
       </TargetOption>
       <Groups>
         <Group>
-          <GroupName>CyaSSL Apps</GroupName>
+          <GroupName>wolfSSL Apps</GroupName>
           <Files>
+            <File>
+              <FileName>client.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\examples\client\client.c</FilePath>
+              <FileOption>
+                <CommonProperty>
+                  <UseCPPCompiler>2</UseCPPCompiler>
+                  <RVCTCodeConst>0</RVCTCodeConst>
+                  <RVCTZI>0</RVCTZI>
+                  <RVCTOtherData>0</RVCTOtherData>
+                  <ModuleSelection>0</ModuleSelection>
+                  <IncludeInBuild>0</IncludeInBuild>
+                  <AlwaysBuild>2</AlwaysBuild>
+                  <GenerateAssemblyFile>2</GenerateAssemblyFile>
+                  <AssembleAssemblyFile>2</AssembleAssemblyFile>
+                  <PublicsOnly>2</PublicsOnly>
+                  <StopOnExitCode>11</StopOnExitCode>
+                  <CustomArgument></CustomArgument>
+                  <IncludeLibraryModules></IncludeLibraryModules>
+                  <ComprImg>1</ComprImg>
+                </CommonProperty>
+                <FileArmAds>
+                  <Cads>
+                    <interw>2</interw>
+                    <Optim>0</Optim>
+                    <oTime>2</oTime>
+                    <SplitLS>2</SplitLS>
+                    <OneElfS>2</OneElfS>
+                    <Strict>2</Strict>
+                    <EnumInt>2</EnumInt>
+                    <PlainCh>2</PlainCh>
+                    <Ropi>2</Ropi>
+                    <Rwpi>2</Rwpi>
+                    <wLevel>0</wLevel>
+                    <uThumb>2</uThumb>
+                    <uSurpInc>2</uSurpInc>
+                    <uC99>2</uC99>
+                    <useXO>2</useXO>
+                    <VariousControls>
+                      <MiscControls></MiscControls>
+                      <Define></Define>
+                      <Undefine></Undefine>
+                      <IncludePath></IncludePath>
+                    </VariousControls>
+                  </Cads>
+                </FileArmAds>
+              </FileOption>
+            </File>
+            <File>
+              <FileName>shell.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\MDK-ARM\wolfSSL\shell.c</FilePath>
+            </File>
+            <File>
+              <FileName>server.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\examples\server\server.c</FilePath>
+              <FileOption>
+                <CommonProperty>
+                  <UseCPPCompiler>2</UseCPPCompiler>
+                  <RVCTCodeConst>0</RVCTCodeConst>
+                  <RVCTZI>0</RVCTZI>
+                  <RVCTOtherData>0</RVCTOtherData>
+                  <ModuleSelection>0</ModuleSelection>
+                  <IncludeInBuild>0</IncludeInBuild>
+                  <AlwaysBuild>2</AlwaysBuild>
+                  <GenerateAssemblyFile>2</GenerateAssemblyFile>
+                  <AssembleAssemblyFile>2</AssembleAssemblyFile>
+                  <PublicsOnly>2</PublicsOnly>
+                  <StopOnExitCode>11</StopOnExitCode>
+                  <CustomArgument></CustomArgument>
+                  <IncludeLibraryModules></IncludeLibraryModules>
+                  <ComprImg>1</ComprImg>
+                </CommonProperty>
+                <FileArmAds>
+                  <Cads>
+                    <interw>2</interw>
+                    <Optim>0</Optim>
+                    <oTime>2</oTime>
+                    <SplitLS>2</SplitLS>
+                    <OneElfS>2</OneElfS>
+                    <Strict>2</Strict>
+                    <EnumInt>2</EnumInt>
+                    <PlainCh>2</PlainCh>
+                    <Ropi>2</Ropi>
+                    <Rwpi>2</Rwpi>
+                    <wLevel>0</wLevel>
+                    <uThumb>2</uThumb>
+                    <uSurpInc>2</uSurpInc>
+                    <uC99>2</uC99>
+                    <useXO>2</useXO>
+                    <VariousControls>
+                      <MiscControls></MiscControls>
+                      <Define></Define>
+                      <Undefine></Undefine>
+                      <IncludePath></IncludePath>
+                    </VariousControls>
+                  </Cads>
+                </FileArmAds>
+              </FileOption>
+            </File>
+            <File>
+              <FileName>main.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\MDK-ARM\wolfSSL\main.c</FilePath>
+            </File>
+            <File>
+              <FileName>test.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\test\test.c</FilePath>
+            </File>
+            <File>
+              <FileName>benchmark.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\benchmark\benchmark.c</FilePath>
+            </File>
             <File>
               <FileName>echoclient.c</FileName>
               <FileType>1</FileType>
@@ -1312,6 +1201,7 @@
                   <StopOnExitCode>11</StopOnExitCode>
                   <CustomArgument></CustomArgument>
                   <IncludeLibraryModules></IncludeLibraryModules>
+                  <ComprImg>1</ComprImg>
                 </CommonProperty>
                 <FileArmAds>
                   <Cads>
@@ -1325,9 +1215,11 @@
                     <PlainCh>2</PlainCh>
                     <Ropi>2</Ropi>
                     <Rwpi>2</Rwpi>
-                    <wLevel>0</wLevel>
+                    <wLevel>2</wLevel>
                     <uThumb>2</uThumb>
                     <uSurpInc>2</uSurpInc>
+                    <uC99>2</uC99>
+                    <useXO>2</useXO>
                     <VariousControls>
                       <MiscControls></MiscControls>
                       <Define></Define>
@@ -1357,6 +1249,7 @@
                   <StopOnExitCode>11</StopOnExitCode>
                   <CustomArgument></CustomArgument>
                   <IncludeLibraryModules></IncludeLibraryModules>
+                  <ComprImg>1</ComprImg>
                 </CommonProperty>
                 <FileArmAds>
                   <Cads>
@@ -1370,9 +1263,11 @@
                     <PlainCh>2</PlainCh>
                     <Ropi>2</Ropi>
                     <Rwpi>2</Rwpi>
-                    <wLevel>0</wLevel>
+                    <wLevel>2</wLevel>
                     <uThumb>2</uThumb>
                     <uSurpInc>2</uSurpInc>
+                    <uC99>2</uC99>
+                    <useXO>2</useXO>
                     <VariousControls>
                       <MiscControls></MiscControls>
                       <Define></Define>
@@ -1383,148 +1278,15 @@
                 </FileArmAds>
               </FileOption>
             </File>
-            <File>
-              <FileName>test.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\test\test.c</FilePath>
-            </File>
-            <File>
-              <FileName>benchmark.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\benchmark\benchmark.c</FilePath>
-            </File>
-            <File>
-              <FileName>client.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\examples\client\client.c</FilePath>
-              <FileOption>
-                <CommonProperty>
-                  <UseCPPCompiler>2</UseCPPCompiler>
-                  <RVCTCodeConst>0</RVCTCodeConst>
-                  <RVCTZI>0</RVCTZI>
-                  <RVCTOtherData>0</RVCTOtherData>
-                  <ModuleSelection>0</ModuleSelection>
-                  <IncludeInBuild>0</IncludeInBuild>
-                  <AlwaysBuild>2</AlwaysBuild>
-                  <GenerateAssemblyFile>2</GenerateAssemblyFile>
-                  <AssembleAssemblyFile>2</AssembleAssemblyFile>
-                  <PublicsOnly>2</PublicsOnly>
-                  <StopOnExitCode>11</StopOnExitCode>
-                  <CustomArgument></CustomArgument>
-                  <IncludeLibraryModules></IncludeLibraryModules>
-                </CommonProperty>
-                <FileArmAds>
-                  <Cads>
-                    <interw>2</interw>
-                    <Optim>0</Optim>
-                    <oTime>2</oTime>
-                    <SplitLS>2</SplitLS>
-                    <OneElfS>2</OneElfS>
-                    <Strict>2</Strict>
-                    <EnumInt>2</EnumInt>
-                    <PlainCh>2</PlainCh>
-                    <Ropi>2</Ropi>
-                    <Rwpi>2</Rwpi>
-                    <wLevel>0</wLevel>
-                    <uThumb>2</uThumb>
-                    <uSurpInc>2</uSurpInc>
-                    <VariousControls>
-                      <MiscControls></MiscControls>
-                      <Define></Define>
-                      <Undefine></Undefine>
-                      <IncludePath></IncludePath>
-                    </VariousControls>
-                  </Cads>
-                </FileArmAds>
-              </FileOption>
-            </File>
-            <File>
-              <FileName>server.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\examples\server\server.c</FilePath>
-              <FileOption>
-                <CommonProperty>
-                  <UseCPPCompiler>2</UseCPPCompiler>
-                  <RVCTCodeConst>0</RVCTCodeConst>
-                  <RVCTZI>0</RVCTZI>
-                  <RVCTOtherData>0</RVCTOtherData>
-                  <ModuleSelection>0</ModuleSelection>
-                  <IncludeInBuild>0</IncludeInBuild>
-                  <AlwaysBuild>2</AlwaysBuild>
-                  <GenerateAssemblyFile>2</GenerateAssemblyFile>
-                  <AssembleAssemblyFile>2</AssembleAssemblyFile>
-                  <PublicsOnly>2</PublicsOnly>
-                  <StopOnExitCode>11</StopOnExitCode>
-                  <CustomArgument></CustomArgument>
-                  <IncludeLibraryModules></IncludeLibraryModules>
-                </CommonProperty>
-                <FileArmAds>
-                  <Cads>
-                    <interw>2</interw>
-                    <Optim>0</Optim>
-                    <oTime>2</oTime>
-                    <SplitLS>2</SplitLS>
-                    <OneElfS>2</OneElfS>
-                    <Strict>2</Strict>
-                    <EnumInt>2</EnumInt>
-                    <PlainCh>2</PlainCh>
-                    <Ropi>2</Ropi>
-                    <Rwpi>2</Rwpi>
-                    <wLevel>0</wLevel>
-                    <uThumb>2</uThumb>
-                    <uSurpInc>2</uSurpInc>
-                    <VariousControls>
-                      <MiscControls></MiscControls>
-                      <Define></Define>
-                      <Undefine></Undefine>
-                      <IncludePath></IncludePath>
-                    </VariousControls>
-                  </Cads>
-                </FileArmAds>
-              </FileOption>
-            </File>
-            <File>
-              <FileName>shell.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\MDK-ARM\CyaSSL\shell.c</FilePath>
-            </File>
-            <File>
-              <FileName>main.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\MDK-ARM\CyaSSL\main.c</FilePath>
-            </File>
-            <File>
-              <FileName>cert_data.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\MDK-ARM\CyaSSL\cert_data.c</FilePath>
-            </File>
           </Files>
         </Group>
-        <Group>
-          <GroupName>STM32F2xx_StdPeriph_Lib</GroupName>
-        </Group>
         <Group>
           <GroupName>MDK-ARM</GroupName>
           <Files>
-            <File>
-              <FileName>Serial.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>c:\Keil\ARM\Boards\Keil\MCBSTM32F200\RL\FlashFS\SD_File\Serial.c</FilePath>
-            </File>
-            <File>
-              <FileName>SDIO_STM32F2xx.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>c:\Keil\ARM\RL\FlashFS\Drivers\SDIO_STM32F2xx.c</FilePath>
-            </File>
-            <File>
-              <FileName>FS_CM3.lib</FileName>
-              <FileType>4</FileType>
-              <FilePath>c:\Keil\ARM\RV31\LIB\FS_CM3.lib</FilePath>
-            </File>
             <File>
               <FileName>RTX_CM3.lib</FileName>
               <FileType>4</FileType>
-              <FilePath>c:\Keil\ARM\RV31\LIB\\RTX_CM3.lib</FilePath>
+              <FilePath>c:\Keil_v5\ARM\RV31\LIB\\RTX_CM3.lib</FilePath>
               <FileOption>
                 <CommonProperty>
                   <UseCPPCompiler>2</UseCPPCompiler>
@@ -1532,7 +1294,7 @@
                   <RVCTZI>0</RVCTZI>
                   <RVCTOtherData>0</RVCTOtherData>
                   <ModuleSelection>0</ModuleSelection>
-                  <IncludeInBuild>0</IncludeInBuild>
+                  <IncludeInBuild>1</IncludeInBuild>
                   <AlwaysBuild>2</AlwaysBuild>
                   <GenerateAssemblyFile>2</GenerateAssemblyFile>
                   <AssembleAssemblyFile>2</AssembleAssemblyFile>
@@ -1540,6 +1302,7 @@
                   <StopOnExitCode>11</StopOnExitCode>
                   <CustomArgument></CustomArgument>
                   <IncludeLibraryModules></IncludeLibraryModules>
+                  <ComprImg>1</ComprImg>
                 </CommonProperty>
                 <FileArmAds/>
               </FileOption>
@@ -1547,7 +1310,7 @@
             <File>
               <FileName>ETH_STM32F2xx.c</FileName>
               <FileType>1</FileType>
-              <FilePath>c:\Keil\ARM\RL\TCPnet\Drivers\ETH_STM32F2xx.c</FilePath>
+              <FilePath>c:\Keil_v5\ARM\RL\TCPnet\Drivers\ETH_STM32F2xx.c</FilePath>
               <FileOption>
                 <CommonProperty>
                   <UseCPPCompiler>2</UseCPPCompiler>
@@ -1563,6 +1326,7 @@
                   <StopOnExitCode>11</StopOnExitCode>
                   <CustomArgument></CustomArgument>
                   <IncludeLibraryModules></IncludeLibraryModules>
+                  <ComprImg>1</ComprImg>
                 </CommonProperty>
                 <FileArmAds>
                   <Cads>
@@ -1579,6 +1343,8 @@
                     <wLevel>0</wLevel>
                     <uThumb>2</uThumb>
                     <uSurpInc>2</uSurpInc>
+                    <uC99>2</uC99>
+                    <useXO>2</useXO>
                     <VariousControls>
                       <MiscControls></MiscControls>
                       <Define></Define>
@@ -1592,7 +1358,7 @@
             <File>
               <FileName>TCPD_CM3.lib</FileName>
               <FileType>4</FileType>
-              <FilePath>c:\Keil\ARM\RV31\LIB\TCPD_CM3.lib</FilePath>
+              <FilePath>c:\Keil_v5\ARM\RV31\LIB\TCPD_CM3.lib</FilePath>
               <FileOption>
                 <CommonProperty>
                   <UseCPPCompiler>2</UseCPPCompiler>
@@ -1608,6 +1374,7 @@
                   <StopOnExitCode>11</StopOnExitCode>
                   <CustomArgument></CustomArgument>
                   <IncludeLibraryModules></IncludeLibraryModules>
+                  <ComprImg>1</ComprImg>
                 </CommonProperty>
                 <FileArmAds/>
               </FileOption>
@@ -1615,7 +1382,7 @@
             <File>
               <FileName>TCP_CM3.lib</FileName>
               <FileType>4</FileType>
-              <FilePath>c:\Keil\ARM\RV31\LIB\TCP_CM3.lib</FilePath>
+              <FilePath>c:\Keil_v5\ARM\RV31\LIB\TCP_CM3.lib</FilePath>
               <FileOption>
                 <CommonProperty>
                   <UseCPPCompiler>2</UseCPPCompiler>
@@ -1631,6 +1398,7 @@
                   <StopOnExitCode>11</StopOnExitCode>
                   <CustomArgument></CustomArgument>
                   <IncludeLibraryModules></IncludeLibraryModules>
+                  <ComprImg>1</ComprImg>
                 </CommonProperty>
                 <FileArmAds/>
               </FileOption>
@@ -1638,548 +1406,23 @@
             <File>
               <FileName>system_stm32f2xx.c</FileName>
               <FileType>1</FileType>
-              <FilePath>C:\Keil\ARM\Startup\ST\STM32F2xx\system_stm32f2xx.c</FilePath>
-            </File>
-          </Files>
-        </Group>
-        <Group>
-          <GroupName>CyaSSL Library</GroupName>
-          <Files>
-            <File>
-              <FileName>crl.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\src\crl.c</FilePath>
-              <FileOption>
-                <CommonProperty>
-                  <UseCPPCompiler>2</UseCPPCompiler>
-                  <RVCTCodeConst>0</RVCTCodeConst>
-                  <RVCTZI>0</RVCTZI>
-                  <RVCTOtherData>0</RVCTOtherData>
-                  <ModuleSelection>0</ModuleSelection>
-                  <IncludeInBuild>0</IncludeInBuild>
-                  <AlwaysBuild>2</AlwaysBuild>
-                  <GenerateAssemblyFile>2</GenerateAssemblyFile>
-                  <AssembleAssemblyFile>2</AssembleAssemblyFile>
-                  <PublicsOnly>2</PublicsOnly>
-                  <StopOnExitCode>11</StopOnExitCode>
-                  <CustomArgument></CustomArgument>
-                  <IncludeLibraryModules></IncludeLibraryModules>
-                </CommonProperty>
-                <FileArmAds>
-                  <Cads>
-                    <interw>2</interw>
-                    <Optim>0</Optim>
-                    <oTime>2</oTime>
-                    <SplitLS>2</SplitLS>
-                    <OneElfS>2</OneElfS>
-                    <Strict>2</Strict>
-                    <EnumInt>2</EnumInt>
-                    <PlainCh>2</PlainCh>
-                    <Ropi>2</Ropi>
-                    <Rwpi>2</Rwpi>
-                    <wLevel>0</wLevel>
-                    <uThumb>2</uThumb>
-                    <uSurpInc>2</uSurpInc>
-                    <VariousControls>
-                      <MiscControls></MiscControls>
-                      <Define></Define>
-                      <Undefine></Undefine>
-                      <IncludePath></IncludePath>
-                    </VariousControls>
-                  </Cads>
-                </FileArmAds>
-              </FileOption>
+              <FilePath>C:\Keil_v5\ARM\Startup\ST\STM32F2xx\system_stm32f2xx.c</FilePath>
             </File>
             <File>
-              <FileName>internal.c</FileName>
+              <FileName>SDIO_STM32F2xx.c</FileName>
               <FileType>1</FileType>
-              <FilePath>..\..\..\src\internal.c</FilePath>
-              <FileOption>
-                <CommonProperty>
-                  <UseCPPCompiler>2</UseCPPCompiler>
-                  <RVCTCodeConst>0</RVCTCodeConst>
-                  <RVCTZI>0</RVCTZI>
-                  <RVCTOtherData>0</RVCTOtherData>
-                  <ModuleSelection>0</ModuleSelection>
-                  <IncludeInBuild>0</IncludeInBuild>
-                  <AlwaysBuild>2</AlwaysBuild>
-                  <GenerateAssemblyFile>2</GenerateAssemblyFile>
-                  <AssembleAssemblyFile>2</AssembleAssemblyFile>
-                  <PublicsOnly>2</PublicsOnly>
-                  <StopOnExitCode>11</StopOnExitCode>
-                  <CustomArgument></CustomArgument>
-                  <IncludeLibraryModules></IncludeLibraryModules>
-                </CommonProperty>
-                <FileArmAds>
-                  <Cads>
-                    <interw>2</interw>
-                    <Optim>0</Optim>
-                    <oTime>2</oTime>
-                    <SplitLS>2</SplitLS>
-                    <OneElfS>2</OneElfS>
-                    <Strict>2</Strict>
-                    <EnumInt>2</EnumInt>
-                    <PlainCh>2</PlainCh>
-                    <Ropi>2</Ropi>
-                    <Rwpi>2</Rwpi>
-                    <wLevel>0</wLevel>
-                    <uThumb>2</uThumb>
-                    <uSurpInc>2</uSurpInc>
-                    <VariousControls>
-                      <MiscControls></MiscControls>
-                      <Define></Define>
-                      <Undefine></Undefine>
-                      <IncludePath></IncludePath>
-                    </VariousControls>
-                  </Cads>
-                </FileArmAds>
-              </FileOption>
+              <FilePath>C:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\RL\FlashFS\SD_File\SDIO_STM32F2xx.c</FilePath>
             </File>
             <File>
-              <FileName>io.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\src\io.c</FilePath>
-              <FileOption>
-                <CommonProperty>
-                  <UseCPPCompiler>2</UseCPPCompiler>
-                  <RVCTCodeConst>0</RVCTCodeConst>
-                  <RVCTZI>0</RVCTZI>
-                  <RVCTOtherData>0</RVCTOtherData>
-                  <ModuleSelection>0</ModuleSelection>
-                  <IncludeInBuild>0</IncludeInBuild>
-                  <AlwaysBuild>2</AlwaysBuild>
-                  <GenerateAssemblyFile>2</GenerateAssemblyFile>
-                  <AssembleAssemblyFile>2</AssembleAssemblyFile>
-                  <PublicsOnly>2</PublicsOnly>
-                  <StopOnExitCode>11</StopOnExitCode>
-                  <CustomArgument></CustomArgument>
-                  <IncludeLibraryModules></IncludeLibraryModules>
-                </CommonProperty>
-                <FileArmAds>
-                  <Cads>
-                    <interw>2</interw>
-                    <Optim>0</Optim>
-                    <oTime>2</oTime>
-                    <SplitLS>2</SplitLS>
-                    <OneElfS>2</OneElfS>
-                    <Strict>2</Strict>
-                    <EnumInt>2</EnumInt>
-                    <PlainCh>2</PlainCh>
-                    <Ropi>2</Ropi>
-                    <Rwpi>2</Rwpi>
-                    <wLevel>0</wLevel>
-                    <uThumb>2</uThumb>
-                    <uSurpInc>2</uSurpInc>
-                    <VariousControls>
-                      <MiscControls></MiscControls>
-                      <Define></Define>
-                      <Undefine></Undefine>
-                      <IncludePath></IncludePath>
-                    </VariousControls>
-                  </Cads>
-                </FileArmAds>
-              </FileOption>
-            </File>
-            <File>
-              <FileName>keys.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\src\keys.c</FilePath>
-              <FileOption>
-                <CommonProperty>
-                  <UseCPPCompiler>2</UseCPPCompiler>
-                  <RVCTCodeConst>0</RVCTCodeConst>
-                  <RVCTZI>0</RVCTZI>
-                  <RVCTOtherData>0</RVCTOtherData>
-                  <ModuleSelection>0</ModuleSelection>
-                  <IncludeInBuild>0</IncludeInBuild>
-                  <AlwaysBuild>2</AlwaysBuild>
-                  <GenerateAssemblyFile>2</GenerateAssemblyFile>
-                  <AssembleAssemblyFile>2</AssembleAssemblyFile>
-                  <PublicsOnly>2</PublicsOnly>
-                  <StopOnExitCode>11</StopOnExitCode>
-                  <CustomArgument></CustomArgument>
-                  <IncludeLibraryModules></IncludeLibraryModules>
-                </CommonProperty>
-                <FileArmAds>
-                  <Cads>
-                    <interw>2</interw>
-                    <Optim>0</Optim>
-                    <oTime>2</oTime>
-                    <SplitLS>2</SplitLS>
-                    <OneElfS>2</OneElfS>
-                    <Strict>2</Strict>
-                    <EnumInt>2</EnumInt>
-                    <PlainCh>2</PlainCh>
-                    <Ropi>2</Ropi>
-                    <Rwpi>2</Rwpi>
-                    <wLevel>0</wLevel>
-                    <uThumb>2</uThumb>
-                    <uSurpInc>2</uSurpInc>
-                    <VariousControls>
-                      <MiscControls></MiscControls>
-                      <Define></Define>
-                      <Undefine></Undefine>
-                      <IncludePath></IncludePath>
-                    </VariousControls>
-                  </Cads>
-                </FileArmAds>
-              </FileOption>
-            </File>
-            <File>
-              <FileName>ocsp.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\src\ocsp.c</FilePath>
-              <FileOption>
-                <CommonProperty>
-                  <UseCPPCompiler>2</UseCPPCompiler>
-                  <RVCTCodeConst>0</RVCTCodeConst>
-                  <RVCTZI>0</RVCTZI>
-                  <RVCTOtherData>0</RVCTOtherData>
-                  <ModuleSelection>0</ModuleSelection>
-                  <IncludeInBuild>0</IncludeInBuild>
-                  <AlwaysBuild>2</AlwaysBuild>
-                  <GenerateAssemblyFile>2</GenerateAssemblyFile>
-                  <AssembleAssemblyFile>2</AssembleAssemblyFile>
-                  <PublicsOnly>2</PublicsOnly>
-                  <StopOnExitCode>11</StopOnExitCode>
-                  <CustomArgument></CustomArgument>
-                  <IncludeLibraryModules></IncludeLibraryModules>
-                </CommonProperty>
-                <FileArmAds>
-                  <Cads>
-                    <interw>2</interw>
-                    <Optim>0</Optim>
-                    <oTime>2</oTime>
-                    <SplitLS>2</SplitLS>
-                    <OneElfS>2</OneElfS>
-                    <Strict>2</Strict>
-                    <EnumInt>2</EnumInt>
-                    <PlainCh>2</PlainCh>
-                    <Ropi>2</Ropi>
-                    <Rwpi>2</Rwpi>
-                    <wLevel>0</wLevel>
-                    <uThumb>2</uThumb>
-                    <uSurpInc>2</uSurpInc>
-                    <VariousControls>
-                      <MiscControls></MiscControls>
-                      <Define></Define>
-                      <Undefine></Undefine>
-                      <IncludePath></IncludePath>
-                    </VariousControls>
-                  </Cads>
-                </FileArmAds>
-              </FileOption>
-            </File>
-            <File>
-              <FileName>sniffer.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\src\sniffer.c</FilePath>
-              <FileOption>
-                <CommonProperty>
-                  <UseCPPCompiler>2</UseCPPCompiler>
-                  <RVCTCodeConst>0</RVCTCodeConst>
-                  <RVCTZI>0</RVCTZI>
-                  <RVCTOtherData>0</RVCTOtherData>
-                  <ModuleSelection>0</ModuleSelection>
-                  <IncludeInBuild>0</IncludeInBuild>
-                  <AlwaysBuild>2</AlwaysBuild>
-                  <GenerateAssemblyFile>2</GenerateAssemblyFile>
-                  <AssembleAssemblyFile>2</AssembleAssemblyFile>
-                  <PublicsOnly>2</PublicsOnly>
-                  <StopOnExitCode>11</StopOnExitCode>
-                  <CustomArgument></CustomArgument>
-                  <IncludeLibraryModules></IncludeLibraryModules>
-                </CommonProperty>
-                <FileArmAds>
-                  <Cads>
-                    <interw>2</interw>
-                    <Optim>0</Optim>
-                    <oTime>2</oTime>
-                    <SplitLS>2</SplitLS>
-                    <OneElfS>2</OneElfS>
-                    <Strict>2</Strict>
-                    <EnumInt>2</EnumInt>
-                    <PlainCh>2</PlainCh>
-                    <Ropi>2</Ropi>
-                    <Rwpi>2</Rwpi>
-                    <wLevel>0</wLevel>
-                    <uThumb>2</uThumb>
-                    <uSurpInc>2</uSurpInc>
-                    <VariousControls>
-                      <MiscControls></MiscControls>
-                      <Define></Define>
-                      <Undefine></Undefine>
-                      <IncludePath></IncludePath>
-                    </VariousControls>
-                  </Cads>
-                </FileArmAds>
-              </FileOption>
-            </File>
-            <File>
-              <FileName>ssl.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\src\ssl.c</FilePath>
-              <FileOption>
-                <CommonProperty>
-                  <UseCPPCompiler>2</UseCPPCompiler>
-                  <RVCTCodeConst>0</RVCTCodeConst>
-                  <RVCTZI>0</RVCTZI>
-                  <RVCTOtherData>0</RVCTOtherData>
-                  <ModuleSelection>0</ModuleSelection>
-                  <IncludeInBuild>0</IncludeInBuild>
-                  <AlwaysBuild>2</AlwaysBuild>
-                  <GenerateAssemblyFile>2</GenerateAssemblyFile>
-                  <AssembleAssemblyFile>2</AssembleAssemblyFile>
-                  <PublicsOnly>2</PublicsOnly>
-                  <StopOnExitCode>11</StopOnExitCode>
-                  <CustomArgument></CustomArgument>
-                  <IncludeLibraryModules></IncludeLibraryModules>
-                </CommonProperty>
-                <FileArmAds>
-                  <Cads>
-                    <interw>2</interw>
-                    <Optim>0</Optim>
-                    <oTime>2</oTime>
-                    <SplitLS>2</SplitLS>
-                    <OneElfS>2</OneElfS>
-                    <Strict>2</Strict>
-                    <EnumInt>2</EnumInt>
-                    <PlainCh>2</PlainCh>
-                    <Ropi>2</Ropi>
-                    <Rwpi>2</Rwpi>
-                    <wLevel>0</wLevel>
-                    <uThumb>2</uThumb>
-                    <uSurpInc>2</uSurpInc>
-                    <VariousControls>
-                      <MiscControls></MiscControls>
-                      <Define></Define>
-                      <Undefine></Undefine>
-                      <IncludePath></IncludePath>
-                    </VariousControls>
-                  </Cads>
-                </FileArmAds>
-              </FileOption>
-            </File>
-            <File>
-              <FileName>tls.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\src\tls.c</FilePath>
-              <FileOption>
-                <CommonProperty>
-                  <UseCPPCompiler>2</UseCPPCompiler>
-                  <RVCTCodeConst>0</RVCTCodeConst>
-                  <RVCTZI>0</RVCTZI>
-                  <RVCTOtherData>0</RVCTOtherData>
-                  <ModuleSelection>0</ModuleSelection>
-                  <IncludeInBuild>0</IncludeInBuild>
-                  <AlwaysBuild>2</AlwaysBuild>
-                  <GenerateAssemblyFile>2</GenerateAssemblyFile>
-                  <AssembleAssemblyFile>2</AssembleAssemblyFile>
-                  <PublicsOnly>2</PublicsOnly>
-                  <StopOnExitCode>11</StopOnExitCode>
-                  <CustomArgument></CustomArgument>
-                  <IncludeLibraryModules></IncludeLibraryModules>
-                </CommonProperty>
-                <FileArmAds>
-                  <Cads>
-                    <interw>2</interw>
-                    <Optim>0</Optim>
-                    <oTime>2</oTime>
-                    <SplitLS>2</SplitLS>
-                    <OneElfS>2</OneElfS>
-                    <Strict>2</Strict>
-                    <EnumInt>2</EnumInt>
-                    <PlainCh>2</PlainCh>
-                    <Ropi>2</Ropi>
-                    <Rwpi>2</Rwpi>
-                    <wLevel>0</wLevel>
-                    <uThumb>2</uThumb>
-                    <uSurpInc>2</uSurpInc>
-                    <VariousControls>
-                      <MiscControls></MiscControls>
-                      <Define></Define>
-                      <Undefine></Undefine>
-                      <IncludePath></IncludePath>
-                    </VariousControls>
-                  </Cads>
-                </FileArmAds>
-              </FileOption>
-            </File>
-            <File>
-              <FileName>ssl-dummy.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\MDK-ARM\CyaSSL\ssl-dummy.c</FilePath>
-            </File>
-          </Files>
-        </Group>
-        <Group>
-          <GroupName>Crypt/Cipher Library</GroupName>
-          <Files>
-            <File>
-              <FileName>aes.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\aes.c</FilePath>
-            </File>
-            <File>
-              <FileName>arc4.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\arc4.c</FilePath>
-            </File>
-            <File>
-              <FileName>asm.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\asm.c</FilePath>
-            </File>
-            <File>
-              <FileName>asn.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\asn.c</FilePath>
-            </File>
-            <File>
-              <FileName>camellia.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\camellia.c</FilePath>
-            </File>
-            <File>
-              <FileName>coding.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\coding.c</FilePath>
-            </File>
-            <File>
-              <FileName>des3.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\des3.c</FilePath>
-            </File>
-            <File>
-              <FileName>dh.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\dh.c</FilePath>
-            </File>
-            <File>
-              <FileName>dsa.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\dsa.c</FilePath>
-            </File>
-            <File>
-              <FileName>ecc.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\ecc.c</FilePath>
-            </File>
-            <File>
-              <FileName>ecc_fp.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\ecc_fp.c</FilePath>
-            </File>
-            <File>
-              <FileName>error.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\error.c</FilePath>
-            </File>
-            <File>
-              <FileName>hc128.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\hc128.c</FilePath>
-            </File>
-            <File>
-              <FileName>hmac.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\hmac.c</FilePath>
-            </File>
-            <File>
-              <FileName>integer.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\integer.c</FilePath>
-            </File>
-            <File>
-              <FileName>logging.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\logging.c</FilePath>
-            </File>
-            <File>
-              <FileName>md2.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\md2.c</FilePath>
-            </File>
-            <File>
-              <FileName>md4.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\md4.c</FilePath>
-            </File>
-            <File>
-              <FileName>md5.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\md5.c</FilePath>
-            </File>
-            <File>
-              <FileName>memory.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\memory.c</FilePath>
-            </File>
-            <File>
-              <FileName>misc.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\misc.c</FilePath>
-            </File>
-            <File>
-              <FileName>wc_port.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\wc_port.c</FilePath>
-            </File>
-            <File>
-              <FileName>pwdbased.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\pwdbased.c</FilePath>
-            </File>
-            <File>
-              <FileName>rabbit.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\rabbit.c</FilePath>
-            </File>
-            <File>
-              <FileName>random.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\random.c</FilePath>
-            </File>
-            <File>
-              <FileName>ripemd.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\ripemd.c</FilePath>
-            </File>
-            <File>
-              <FileName>rsa.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\rsa.c</FilePath>
-            </File>
-            <File>
-              <FileName>sha.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\sha.c</FilePath>
-            </File>
-            <File>
-              <FileName>sha256.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\sha256.c</FilePath>
-            </File>
-            <File>
-              <FileName>sha512.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\sha512.c</FilePath>
-            </File>
-            <File>
-              <FileName>tfm.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\tfm.c</FilePath>
+              <FileName>FS_CM3.lib</FileName>
+              <FileType>4</FileType>
+              <FilePath>C:\Keil_v5\ARM\RV31\LIB\FS_CM3.lib</FilePath>
             </File>
           </Files>
         </Group>
         <Group>
           <GroupName>Configuration</GroupName>
           <Files>
-            <File>
-              <FileName>File_Config.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\MDK-ARM\config\File_Config.c</FilePath>
-            </File>
             <File>
               <FileName>Net_Config.c</FileName>
               <FileType>1</FileType>
@@ -2199,6 +1442,7 @@
                   <StopOnExitCode>11</StopOnExitCode>
                   <CustomArgument></CustomArgument>
                   <IncludeLibraryModules></IncludeLibraryModules>
+                  <ComprImg>1</ComprImg>
                 </CommonProperty>
                 <FileArmAds>
                   <Cads>
@@ -2215,6 +1459,8 @@
                     <wLevel>0</wLevel>
                     <uThumb>2</uThumb>
                     <uSurpInc>2</uSurpInc>
+                    <uC99>2</uC99>
+                    <useXO>2</useXO>
                     <VariousControls>
                       <MiscControls></MiscControls>
                       <Define></Define>
@@ -2228,7 +1474,7 @@
             <File>
               <FileName>config.h</FileName>
               <FileType>5</FileType>
-              <FilePath>..\MDK-ARM\CyaSSL\config.h</FilePath>
+              <FilePath>..\MDK-ARM\wolfSSL\config.h</FilePath>
             </File>
             <File>
               <FileName>RTX_Conf_CM.c</FileName>
@@ -2249,6 +1495,7 @@
                   <StopOnExitCode>11</StopOnExitCode>
                   <CustomArgument></CustomArgument>
                   <IncludeLibraryModules></IncludeLibraryModules>
+                  <ComprImg>1</ComprImg>
                 </CommonProperty>
                 <FileArmAds>
                   <Cads>
@@ -2265,6 +1512,8 @@
                     <wLevel>0</wLevel>
                     <uThumb>2</uThumb>
                     <uSurpInc>2</uSurpInc>
+                    <uC99>2</uC99>
+                    <useXO>2</useXO>
                     <VariousControls>
                       <MiscControls></MiscControls>
                       <Define></Define>
@@ -2294,6 +1543,7 @@
                   <StopOnExitCode>11</StopOnExitCode>
                   <CustomArgument></CustomArgument>
                   <IncludeLibraryModules></IncludeLibraryModules>
+                  <ComprImg>1</ComprImg>
                 </CommonProperty>
                 <FileArmAds>
                   <Cads>
@@ -2310,6 +1560,8 @@
                     <wLevel>0</wLevel>
                     <uThumb>2</uThumb>
                     <uSurpInc>2</uSurpInc>
+                    <uC99>2</uC99>
+                    <useXO>2</useXO>
                     <VariousControls>
                       <MiscControls></MiscControls>
                       <Define></Define>
@@ -2323,42 +1575,72 @@
             <File>
               <FileName>config-FS.h</FileName>
               <FileType>5</FileType>
-              <FilePath>..\MDK-ARM\CyaSSL\config-FS.h</FilePath>
+              <FilePath>..\MDK-ARM\wolfSSL\config-FS.h</FilePath>
             </File>
             <File>
               <FileName>config-RTX-TCP-FS.h</FileName>
               <FileType>5</FileType>
-              <FilePath>..\MDK-ARM\CyaSSL\config-RTX-TCP-FS.h</FilePath>
+              <FilePath>..\MDK-ARM\wolfSSL\config-RTX-TCP-FS.h</FilePath>
             </File>
             <File>
               <FileName>config-BARE-METAL.h</FileName>
               <FileType>5</FileType>
-              <FilePath>..\MDK-ARM\CyaSSL\config-BARE-METAL.h</FilePath>
+              <FilePath>..\MDK-ARM\wolfSSL\config-BARE-METAL.h</FilePath>
             </File>
             <File>
               <FileName>startup_stm32f2xx.s</FileName>
               <FileType>2</FileType>
-              <FilePath>..\MDK-ARM\config\startup_stm32f2xx.s</FilePath>
+              <FilePath>..\STM32F2xx\startup_stm32f2xx.s</FilePath>
+            </File>
+            <File>
+              <FileName>File_Config.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>C:\Keil\ARM\Boards\Keil\MCBSTM32F200\RL\FlashFS\SD_File\File_Config.c</FilePath>
+            </File>
+            <File>
+              <FileName>config-WOLFLIB.h</FileName>
+              <FileType>5</FileType>
+              <FilePath>..\MDK-ARM\wolfSSL\config-WOLFLIB.h</FilePath>
             </File>
           </Files>
         </Group>
         <Group>
-          <GroupName>CyaSSL-MDK</GroupName>
+          <GroupName>wolfSSL-MDK</GroupName>
           <Files>
-            <File>
-              <FileName>cyassl_MDK_ARM.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\MDK-ARM\CyaSSL\cyassl_MDK_ARM.c</FilePath>
-            </File>
             <File>
               <FileName>Retarget.c</FileName>
               <FileType>1</FileType>
-              <FilePath>..\MDK-ARM\CyaSSL\Retarget.c</FilePath>
+              <FilePath>..\MDK-ARM\wolfSSL\Retarget.c</FilePath>
             </File>
             <File>
-              <FileName>time-STM32F2xx.c</FileName>
+              <FileName>time-CortexM3-4.c</FileName>
               <FileType>1</FileType>
-              <FilePath>..\STM32F2xx_StdPeriph_Lib\time-STM32F2xx.c</FilePath>
+              <FilePath>..\MDK-ARM\wolfSSL\time-CortexM3-4.c</FilePath>
+            </File>
+            <File>
+              <FileName>time-dummy.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\MDK-ARM\wolfSSL\time-dummy.c</FilePath>
+            </File>
+            <File>
+              <FileName>wolfssl_MDK_ARM.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\MDK-ARM\wolfSSL\wolfssl_MDK_ARM.c</FilePath>
+            </File>
+            <File>
+              <FileName>Serial.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>C:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\Blinky_ULp\Serial.c</FilePath>
+            </File>
+          </Files>
+        </Group>
+        <Group>
+          <GroupName>wolfSSL-Lib</GroupName>
+          <Files>
+            <File>
+              <FileName>wolfSSL.lib</FileName>
+              <FileType>4</FileType>
+              <FilePath>.\wolfSSL-lib\wolfSSL.lib</FilePath>
             </File>
           </Files>
         </Group>
@@ -2388,6 +1670,7 @@
           <SLE66AMisc></SLE66AMisc>
           <SLE66LinkerMisc></SLE66LinkerMisc>
           <SFDFile>SFD\ST\STM32F2xx\STM32F20x.sfr</SFDFile>
+          <bCustSvd>0</bCustSvd>
           <UseEnv>0</UseEnv>
           <BinPath></BinPath>
           <IncludePath></IncludePath>
@@ -2401,8 +1684,8 @@
             <NotGenerated>0</NotGenerated>
             <InvalidFlash>1</InvalidFlash>
           </TargetStatus>
-          <OutputDirectory>.\MDK-BARE-METAL\</OutputDirectory>
-          <OutputName>STM32F2xx-MDK-BARE-METAL</OutputName>
+          <OutputDirectory>.\MDK-BAREMETAL\</OutputDirectory>
+          <OutputName>STM32F2xx-BARE-METAL</OutputName>
           <CreateExecutable>1</CreateExecutable>
           <CreateLib>0</CreateLib>
           <CreateHexFile>0</CreateHexFile>
@@ -2429,6 +1712,8 @@
             <UserProg2Name></UserProg2Name>
             <UserProg1Dos16Mode>0</UserProg1Dos16Mode>
             <UserProg2Dos16Mode>0</UserProg2Dos16Mode>
+            <nStopB1X>0</nStopB1X>
+            <nStopB2X>0</nStopB2X>
           </BeforeMake>
           <AfterMake>
             <RunUserProg1>0</RunUserProg1>
@@ -2455,6 +1740,7 @@
           <StopOnExitCode>3</StopOnExitCode>
           <CustomArgument></CustomArgument>
           <IncludeLibraryModules></IncludeLibraryModules>
+          <ComprImg>1</ComprImg>
         </CommonProperty>
         <DllOption>
           <SimDllName>SARMCM3.DLL</SimDllName>
@@ -2484,6 +1770,7 @@
             <RestoreFunctions>1</RestoreFunctions>
             <RestoreToolbox>1</RestoreToolbox>
             <LimitSpeedToRealTime>0</LimitSpeedToRealTime>
+            <RestoreSysVw>1</RestoreSysVw>
           </Simulator>
           <Target>
             <UseTarget>1</UseTarget>
@@ -2495,9 +1782,10 @@
             <RestoreFunctions>0</RestoreFunctions>
             <RestoreToolbox>1</RestoreToolbox>
             <RestoreTracepoints>0</RestoreTracepoints>
+            <RestoreSysVw>1</RestoreSysVw>
           </Target>
           <RunDebugAfterBuild>0</RunDebugAfterBuild>
-          <TargetSelection>9</TargetSelection>
+          <TargetSelection>1</TargetSelection>
           <SimDlls>
             <CpuDll></CpuDll>
             <CpuDllArguments></CpuDllArguments>
@@ -2510,8 +1798,8 @@
             <CpuDllArguments></CpuDllArguments>
             <PeripheralDll></PeripheralDll>
             <PeripheralDllArguments></PeripheralDllArguments>
-            <InitializationFile>..\MDK-ARM\config\STM32_SWO.ini</InitializationFile>
-            <Driver>BIN\ULP2CM3.DLL</Driver>
+            <InitializationFile>..\..\..\..\..\..\..\Keil\ARM\Boards\Keil\MCBSTM32F200\Blinky_ULp\STM32_SWO.ini</InitializationFile>
+            <Driver>BIN\UL2CM3.DLL</Driver>
           </TargetDlls>
         </DebugOption>
         <Utilities>
@@ -2523,10 +1811,14 @@
             <Capability>1</Capability>
             <DriverSelection>4100</DriverSelection>
           </Flash1>
-          <bUseTDR>0</bUseTDR>
+          <bUseTDR>1</bUseTDR>
           <Flash2>BIN\ULP2CM3.DLL</Flash2>
           <Flash3>"" ()</Flash3>
           <Flash4></Flash4>
+          <pFcarmOut></pFcarmOut>
+          <pFcarmGrp></pFcarmGrp>
+          <pFcArmRoot></pFcArmRoot>
+          <FcArmLst>0</FcArmLst>
         </Utilities>
         <TargetArmAds>
           <ArmAdsMisc>
@@ -2542,11 +1834,11 @@
             <ldmm>1</ldmm>
             <ldXref>1</ldXref>
             <BigEnd>0</BigEnd>
-            <AdsALst>1</AdsALst>
+            <AdsALst>0</AdsALst>
             <AdsACrf>1</AdsACrf>
             <AdsANop>0</AdsANop>
             <AdsANot>0</AdsANot>
-            <AdsLLst>1</AdsLLst>
+            <AdsLLst>0</AdsLLst>
             <AdsLmap>1</AdsLmap>
             <AdsLcgr>1</AdsLcgr>
             <AdsLsym>1</AdsLsym>
@@ -2705,11 +1997,13 @@
             <wLevel>0</wLevel>
             <uThumb>0</uThumb>
             <uSurpInc>0</uSurpInc>
+            <uC99>0</uC99>
+            <useXO>0</useXO>
             <VariousControls>
               <MiscControls></MiscControls>
               <Define>HAVE_CONFIG_H  CYASSL_STM32F2xx  __DBG_ITM MDK_CONF_BARE_METAL</Define>
               <Undefine></Undefine>
-              <IncludePath>..\MDK-ARM\CyaSSL;..\MDK-ARM\inc;..\STM32F2xx_StdPeriph_Lib\inc;..\POSIX;..\..\..\</IncludePath>
+              <IncludePath>..\MDK-ARM\wolfSSL;..\MDK-ARM\inc;..\..\..\</IncludePath>
             </VariousControls>
           </Cads>
           <Aads>
@@ -2721,6 +2015,7 @@
             <SwStkChk>0</SwStkChk>
             <NoWarn>0</NoWarn>
             <uSurpInc>0</uSurpInc>
+            <useXO>0</useXO>
             <VariousControls>
               <MiscControls></MiscControls>
               <Define></Define>
@@ -2737,6 +2032,7 @@
             <useFile>0</useFile>
             <TextAddressRange>0x08000000</TextAddressRange>
             <DataAddressRange>0x20000000</DataAddressRange>
+            <pXoBase></pXoBase>
             <ScatterFile></ScatterFile>
             <IncludeLibs></IncludeLibs>
             <IncludeLibsPath></IncludeLibsPath>
@@ -2748,108 +2044,8 @@
       </TargetOption>
       <Groups>
         <Group>
-          <GroupName>CyaSSL Apps</GroupName>
+          <GroupName>wolfSSL Apps</GroupName>
           <Files>
-            <File>
-              <FileName>echoclient.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\examples\echoclient\echoclient.c</FilePath>
-              <FileOption>
-                <CommonProperty>
-                  <UseCPPCompiler>2</UseCPPCompiler>
-                  <RVCTCodeConst>0</RVCTCodeConst>
-                  <RVCTZI>0</RVCTZI>
-                  <RVCTOtherData>0</RVCTOtherData>
-                  <ModuleSelection>0</ModuleSelection>
-                  <IncludeInBuild>0</IncludeInBuild>
-                  <AlwaysBuild>2</AlwaysBuild>
-                  <GenerateAssemblyFile>2</GenerateAssemblyFile>
-                  <AssembleAssemblyFile>2</AssembleAssemblyFile>
-                  <PublicsOnly>2</PublicsOnly>
-                  <StopOnExitCode>11</StopOnExitCode>
-                  <CustomArgument></CustomArgument>
-                  <IncludeLibraryModules></IncludeLibraryModules>
-                </CommonProperty>
-                <FileArmAds>
-                  <Cads>
-                    <interw>2</interw>
-                    <Optim>0</Optim>
-                    <oTime>2</oTime>
-                    <SplitLS>2</SplitLS>
-                    <OneElfS>2</OneElfS>
-                    <Strict>2</Strict>
-                    <EnumInt>2</EnumInt>
-                    <PlainCh>2</PlainCh>
-                    <Ropi>2</Ropi>
-                    <Rwpi>2</Rwpi>
-                    <wLevel>0</wLevel>
-                    <uThumb>2</uThumb>
-                    <uSurpInc>2</uSurpInc>
-                    <VariousControls>
-                      <MiscControls></MiscControls>
-                      <Define></Define>
-                      <Undefine></Undefine>
-                      <IncludePath></IncludePath>
-                    </VariousControls>
-                  </Cads>
-                </FileArmAds>
-              </FileOption>
-            </File>
-            <File>
-              <FileName>echoserver.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\examples\echoserver\echoserver.c</FilePath>
-              <FileOption>
-                <CommonProperty>
-                  <UseCPPCompiler>2</UseCPPCompiler>
-                  <RVCTCodeConst>0</RVCTCodeConst>
-                  <RVCTZI>0</RVCTZI>
-                  <RVCTOtherData>0</RVCTOtherData>
-                  <ModuleSelection>0</ModuleSelection>
-                  <IncludeInBuild>0</IncludeInBuild>
-                  <AlwaysBuild>2</AlwaysBuild>
-                  <GenerateAssemblyFile>2</GenerateAssemblyFile>
-                  <AssembleAssemblyFile>2</AssembleAssemblyFile>
-                  <PublicsOnly>2</PublicsOnly>
-                  <StopOnExitCode>11</StopOnExitCode>
-                  <CustomArgument></CustomArgument>
-                  <IncludeLibraryModules></IncludeLibraryModules>
-                </CommonProperty>
-                <FileArmAds>
-                  <Cads>
-                    <interw>2</interw>
-                    <Optim>0</Optim>
-                    <oTime>2</oTime>
-                    <SplitLS>2</SplitLS>
-                    <OneElfS>2</OneElfS>
-                    <Strict>2</Strict>
-                    <EnumInt>2</EnumInt>
-                    <PlainCh>2</PlainCh>
-                    <Ropi>2</Ropi>
-                    <Rwpi>2</Rwpi>
-                    <wLevel>0</wLevel>
-                    <uThumb>2</uThumb>
-                    <uSurpInc>2</uSurpInc>
-                    <VariousControls>
-                      <MiscControls></MiscControls>
-                      <Define></Define>
-                      <Undefine></Undefine>
-                      <IncludePath></IncludePath>
-                    </VariousControls>
-                  </Cads>
-                </FileArmAds>
-              </FileOption>
-            </File>
-            <File>
-              <FileName>test.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\test\test.c</FilePath>
-            </File>
-            <File>
-              <FileName>benchmark.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\benchmark\benchmark.c</FilePath>
-            </File>
             <File>
               <FileName>client.c</FileName>
               <FileType>1</FileType>
@@ -2869,6 +2065,7 @@
                   <StopOnExitCode>11</StopOnExitCode>
                   <CustomArgument></CustomArgument>
                   <IncludeLibraryModules></IncludeLibraryModules>
+                  <ComprImg>1</ComprImg>
                 </CommonProperty>
                 <FileArmAds>
                   <Cads>
@@ -2885,6 +2082,56 @@
                     <wLevel>0</wLevel>
                     <uThumb>2</uThumb>
                     <uSurpInc>2</uSurpInc>
+                    <uC99>2</uC99>
+                    <useXO>2</useXO>
+                    <VariousControls>
+                      <MiscControls></MiscControls>
+                      <Define></Define>
+                      <Undefine></Undefine>
+                      <IncludePath></IncludePath>
+                    </VariousControls>
+                  </Cads>
+                </FileArmAds>
+              </FileOption>
+            </File>
+            <File>
+              <FileName>shell.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\MDK-ARM\wolfSSL\shell.c</FilePath>
+              <FileOption>
+                <CommonProperty>
+                  <UseCPPCompiler>2</UseCPPCompiler>
+                  <RVCTCodeConst>0</RVCTCodeConst>
+                  <RVCTZI>0</RVCTZI>
+                  <RVCTOtherData>0</RVCTOtherData>
+                  <ModuleSelection>0</ModuleSelection>
+                  <IncludeInBuild>1</IncludeInBuild>
+                  <AlwaysBuild>2</AlwaysBuild>
+                  <GenerateAssemblyFile>2</GenerateAssemblyFile>
+                  <AssembleAssemblyFile>2</AssembleAssemblyFile>
+                  <PublicsOnly>2</PublicsOnly>
+                  <StopOnExitCode>11</StopOnExitCode>
+                  <CustomArgument></CustomArgument>
+                  <IncludeLibraryModules></IncludeLibraryModules>
+                  <ComprImg>1</ComprImg>
+                </CommonProperty>
+                <FileArmAds>
+                  <Cads>
+                    <interw>2</interw>
+                    <Optim>0</Optim>
+                    <oTime>2</oTime>
+                    <SplitLS>2</SplitLS>
+                    <OneElfS>2</OneElfS>
+                    <Strict>2</Strict>
+                    <EnumInt>2</EnumInt>
+                    <PlainCh>2</PlainCh>
+                    <Ropi>2</Ropi>
+                    <Rwpi>2</Rwpi>
+                    <wLevel>2</wLevel>
+                    <uThumb>2</uThumb>
+                    <uSurpInc>2</uSurpInc>
+                    <uC99>2</uC99>
+                    <useXO>2</useXO>
                     <VariousControls>
                       <MiscControls></MiscControls>
                       <Define></Define>
@@ -2914,6 +2161,7 @@
                   <StopOnExitCode>11</StopOnExitCode>
                   <CustomArgument></CustomArgument>
                   <IncludeLibraryModules></IncludeLibraryModules>
+                  <ComprImg>1</ComprImg>
                 </CommonProperty>
                 <FileArmAds>
                   <Cads>
@@ -2930,6 +2178,8 @@
                     <wLevel>0</wLevel>
                     <uThumb>2</uThumb>
                     <uSurpInc>2</uSurpInc>
+                    <uC99>2</uC99>
+                    <useXO>2</useXO>
                     <VariousControls>
                       <MiscControls></MiscControls>
                       <Define></Define>
@@ -2940,106 +2190,212 @@
                 </FileArmAds>
               </FileOption>
             </File>
-            <File>
-              <FileName>shell.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\MDK-ARM\CyaSSL\shell.c</FilePath>
-            </File>
             <File>
               <FileName>main.c</FileName>
               <FileType>1</FileType>
-              <FilePath>..\MDK-ARM\CyaSSL\main.c</FilePath>
+              <FilePath>..\MDK-ARM\wolfSSL\main.c</FilePath>
+              <FileOption>
+                <CommonProperty>
+                  <UseCPPCompiler>2</UseCPPCompiler>
+                  <RVCTCodeConst>0</RVCTCodeConst>
+                  <RVCTZI>0</RVCTZI>
+                  <RVCTOtherData>0</RVCTOtherData>
+                  <ModuleSelection>0</ModuleSelection>
+                  <IncludeInBuild>1</IncludeInBuild>
+                  <AlwaysBuild>2</AlwaysBuild>
+                  <GenerateAssemblyFile>2</GenerateAssemblyFile>
+                  <AssembleAssemblyFile>2</AssembleAssemblyFile>
+                  <PublicsOnly>2</PublicsOnly>
+                  <StopOnExitCode>11</StopOnExitCode>
+                  <CustomArgument></CustomArgument>
+                  <IncludeLibraryModules></IncludeLibraryModules>
+                  <ComprImg>1</ComprImg>
+                </CommonProperty>
+                <FileArmAds>
+                  <Cads>
+                    <interw>2</interw>
+                    <Optim>0</Optim>
+                    <oTime>2</oTime>
+                    <SplitLS>2</SplitLS>
+                    <OneElfS>2</OneElfS>
+                    <Strict>2</Strict>
+                    <EnumInt>2</EnumInt>
+                    <PlainCh>2</PlainCh>
+                    <Ropi>2</Ropi>
+                    <Rwpi>2</Rwpi>
+                    <wLevel>2</wLevel>
+                    <uThumb>2</uThumb>
+                    <uSurpInc>2</uSurpInc>
+                    <uC99>2</uC99>
+                    <useXO>2</useXO>
+                    <VariousControls>
+                      <MiscControls></MiscControls>
+                      <Define></Define>
+                      <Undefine></Undefine>
+                      <IncludePath></IncludePath>
+                    </VariousControls>
+                  </Cads>
+                </FileArmAds>
+              </FileOption>
             </File>
             <File>
-              <FileName>cert_data.c</FileName>
+              <FileName>test.c</FileName>
               <FileType>1</FileType>
-              <FilePath>..\MDK-ARM\CyaSSL\cert_data.c</FilePath>
+              <FilePath>..\..\..\wolfcrypt\test\test.c</FilePath>
+            </File>
+            <File>
+              <FileName>benchmark.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\benchmark\benchmark.c</FilePath>
+              <FileOption>
+                <CommonProperty>
+                  <UseCPPCompiler>2</UseCPPCompiler>
+                  <RVCTCodeConst>0</RVCTCodeConst>
+                  <RVCTZI>0</RVCTZI>
+                  <RVCTOtherData>0</RVCTOtherData>
+                  <ModuleSelection>0</ModuleSelection>
+                  <IncludeInBuild>1</IncludeInBuild>
+                  <AlwaysBuild>2</AlwaysBuild>
+                  <GenerateAssemblyFile>2</GenerateAssemblyFile>
+                  <AssembleAssemblyFile>2</AssembleAssemblyFile>
+                  <PublicsOnly>2</PublicsOnly>
+                  <StopOnExitCode>11</StopOnExitCode>
+                  <CustomArgument></CustomArgument>
+                  <IncludeLibraryModules></IncludeLibraryModules>
+                  <ComprImg>1</ComprImg>
+                </CommonProperty>
+                <FileArmAds>
+                  <Cads>
+                    <interw>2</interw>
+                    <Optim>0</Optim>
+                    <oTime>2</oTime>
+                    <SplitLS>2</SplitLS>
+                    <OneElfS>2</OneElfS>
+                    <Strict>2</Strict>
+                    <EnumInt>2</EnumInt>
+                    <PlainCh>2</PlainCh>
+                    <Ropi>2</Ropi>
+                    <Rwpi>2</Rwpi>
+                    <wLevel>2</wLevel>
+                    <uThumb>2</uThumb>
+                    <uSurpInc>2</uSurpInc>
+                    <uC99>2</uC99>
+                    <useXO>2</useXO>
+                    <VariousControls>
+                      <MiscControls></MiscControls>
+                      <Define></Define>
+                      <Undefine></Undefine>
+                      <IncludePath></IncludePath>
+                    </VariousControls>
+                  </Cads>
+                </FileArmAds>
+              </FileOption>
+            </File>
+            <File>
+              <FileName>echoclient.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\examples\echoclient\echoclient.c</FilePath>
+              <FileOption>
+                <CommonProperty>
+                  <UseCPPCompiler>2</UseCPPCompiler>
+                  <RVCTCodeConst>0</RVCTCodeConst>
+                  <RVCTZI>0</RVCTZI>
+                  <RVCTOtherData>0</RVCTOtherData>
+                  <ModuleSelection>0</ModuleSelection>
+                  <IncludeInBuild>0</IncludeInBuild>
+                  <AlwaysBuild>2</AlwaysBuild>
+                  <GenerateAssemblyFile>2</GenerateAssemblyFile>
+                  <AssembleAssemblyFile>2</AssembleAssemblyFile>
+                  <PublicsOnly>2</PublicsOnly>
+                  <StopOnExitCode>11</StopOnExitCode>
+                  <CustomArgument></CustomArgument>
+                  <IncludeLibraryModules></IncludeLibraryModules>
+                  <ComprImg>1</ComprImg>
+                </CommonProperty>
+                <FileArmAds>
+                  <Cads>
+                    <interw>2</interw>
+                    <Optim>0</Optim>
+                    <oTime>2</oTime>
+                    <SplitLS>2</SplitLS>
+                    <OneElfS>2</OneElfS>
+                    <Strict>2</Strict>
+                    <EnumInt>2</EnumInt>
+                    <PlainCh>2</PlainCh>
+                    <Ropi>2</Ropi>
+                    <Rwpi>2</Rwpi>
+                    <wLevel>2</wLevel>
+                    <uThumb>2</uThumb>
+                    <uSurpInc>2</uSurpInc>
+                    <uC99>2</uC99>
+                    <useXO>2</useXO>
+                    <VariousControls>
+                      <MiscControls></MiscControls>
+                      <Define></Define>
+                      <Undefine></Undefine>
+                      <IncludePath></IncludePath>
+                    </VariousControls>
+                  </Cads>
+                </FileArmAds>
+              </FileOption>
+            </File>
+            <File>
+              <FileName>echoserver.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\examples\echoserver\echoserver.c</FilePath>
+              <FileOption>
+                <CommonProperty>
+                  <UseCPPCompiler>2</UseCPPCompiler>
+                  <RVCTCodeConst>0</RVCTCodeConst>
+                  <RVCTZI>0</RVCTZI>
+                  <RVCTOtherData>0</RVCTOtherData>
+                  <ModuleSelection>0</ModuleSelection>
+                  <IncludeInBuild>0</IncludeInBuild>
+                  <AlwaysBuild>2</AlwaysBuild>
+                  <GenerateAssemblyFile>2</GenerateAssemblyFile>
+                  <AssembleAssemblyFile>2</AssembleAssemblyFile>
+                  <PublicsOnly>2</PublicsOnly>
+                  <StopOnExitCode>11</StopOnExitCode>
+                  <CustomArgument></CustomArgument>
+                  <IncludeLibraryModules></IncludeLibraryModules>
+                  <ComprImg>1</ComprImg>
+                </CommonProperty>
+                <FileArmAds>
+                  <Cads>
+                    <interw>2</interw>
+                    <Optim>0</Optim>
+                    <oTime>2</oTime>
+                    <SplitLS>2</SplitLS>
+                    <OneElfS>2</OneElfS>
+                    <Strict>2</Strict>
+                    <EnumInt>2</EnumInt>
+                    <PlainCh>2</PlainCh>
+                    <Ropi>2</Ropi>
+                    <Rwpi>2</Rwpi>
+                    <wLevel>2</wLevel>
+                    <uThumb>2</uThumb>
+                    <uSurpInc>2</uSurpInc>
+                    <uC99>2</uC99>
+                    <useXO>2</useXO>
+                    <VariousControls>
+                      <MiscControls></MiscControls>
+                      <Define></Define>
+                      <Undefine></Undefine>
+                      <IncludePath></IncludePath>
+                    </VariousControls>
+                  </Cads>
+                </FileArmAds>
+              </FileOption>
             </File>
           </Files>
         </Group>
-        <Group>
-          <GroupName>STM32F2xx_StdPeriph_Lib</GroupName>
-        </Group>
         <Group>
           <GroupName>MDK-ARM</GroupName>
           <Files>
-            <File>
-              <FileName>Serial.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>c:\Keil\ARM\Boards\Keil\MCBSTM32F200\RL\FlashFS\SD_File\Serial.c</FilePath>
-            </File>
-            <File>
-              <FileName>SDIO_STM32F2xx.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>c:\Keil\ARM\RL\FlashFS\Drivers\SDIO_STM32F2xx.c</FilePath>
-              <FileOption>
-                <CommonProperty>
-                  <UseCPPCompiler>2</UseCPPCompiler>
-                  <RVCTCodeConst>0</RVCTCodeConst>
-                  <RVCTZI>0</RVCTZI>
-                  <RVCTOtherData>0</RVCTOtherData>
-                  <ModuleSelection>0</ModuleSelection>
-                  <IncludeInBuild>0</IncludeInBuild>
-                  <AlwaysBuild>2</AlwaysBuild>
-                  <GenerateAssemblyFile>2</GenerateAssemblyFile>
-                  <AssembleAssemblyFile>2</AssembleAssemblyFile>
-                  <PublicsOnly>2</PublicsOnly>
-                  <StopOnExitCode>11</StopOnExitCode>
-                  <CustomArgument></CustomArgument>
-                  <IncludeLibraryModules></IncludeLibraryModules>
-                </CommonProperty>
-                <FileArmAds>
-                  <Cads>
-                    <interw>2</interw>
-                    <Optim>0</Optim>
-                    <oTime>2</oTime>
-                    <SplitLS>2</SplitLS>
-                    <OneElfS>2</OneElfS>
-                    <Strict>2</Strict>
-                    <EnumInt>2</EnumInt>
-                    <PlainCh>2</PlainCh>
-                    <Ropi>2</Ropi>
-                    <Rwpi>2</Rwpi>
-                    <wLevel>0</wLevel>
-                    <uThumb>2</uThumb>
-                    <uSurpInc>2</uSurpInc>
-                    <VariousControls>
-                      <MiscControls></MiscControls>
-                      <Define></Define>
-                      <Undefine></Undefine>
-                      <IncludePath></IncludePath>
-                    </VariousControls>
-                  </Cads>
-                </FileArmAds>
-              </FileOption>
-            </File>
-            <File>
-              <FileName>FS_CM3.lib</FileName>
-              <FileType>4</FileType>
-              <FilePath>c:\Keil\ARM\RV31\LIB\FS_CM3.lib</FilePath>
-              <FileOption>
-                <CommonProperty>
-                  <UseCPPCompiler>2</UseCPPCompiler>
-                  <RVCTCodeConst>0</RVCTCodeConst>
-                  <RVCTZI>0</RVCTZI>
-                  <RVCTOtherData>0</RVCTOtherData>
-                  <ModuleSelection>0</ModuleSelection>
-                  <IncludeInBuild>0</IncludeInBuild>
-                  <AlwaysBuild>2</AlwaysBuild>
-                  <GenerateAssemblyFile>2</GenerateAssemblyFile>
-                  <AssembleAssemblyFile>2</AssembleAssemblyFile>
-                  <PublicsOnly>2</PublicsOnly>
-                  <StopOnExitCode>11</StopOnExitCode>
-                  <CustomArgument></CustomArgument>
-                  <IncludeLibraryModules></IncludeLibraryModules>
-                </CommonProperty>
-                <FileArmAds/>
-              </FileOption>
-            </File>
             <File>
               <FileName>RTX_CM3.lib</FileName>
               <FileType>4</FileType>
-              <FilePath>c:\Keil\ARM\RV31\LIB\\RTX_CM3.lib</FilePath>
+              <FilePath>c:\Keil_v5\ARM\RV31\LIB\\RTX_CM3.lib</FilePath>
               <FileOption>
                 <CommonProperty>
                   <UseCPPCompiler>2</UseCPPCompiler>
@@ -3047,7 +2403,7 @@
                   <RVCTZI>0</RVCTZI>
                   <RVCTOtherData>0</RVCTOtherData>
                   <ModuleSelection>0</ModuleSelection>
-                  <IncludeInBuild>0</IncludeInBuild>
+                  <IncludeInBuild>1</IncludeInBuild>
                   <AlwaysBuild>2</AlwaysBuild>
                   <GenerateAssemblyFile>2</GenerateAssemblyFile>
                   <AssembleAssemblyFile>2</AssembleAssemblyFile>
@@ -3055,6 +2411,7 @@
                   <StopOnExitCode>11</StopOnExitCode>
                   <CustomArgument></CustomArgument>
                   <IncludeLibraryModules></IncludeLibraryModules>
+                  <ComprImg>1</ComprImg>
                 </CommonProperty>
                 <FileArmAds/>
               </FileOption>
@@ -3062,7 +2419,7 @@
             <File>
               <FileName>ETH_STM32F2xx.c</FileName>
               <FileType>1</FileType>
-              <FilePath>c:\Keil\ARM\RL\TCPnet\Drivers\ETH_STM32F2xx.c</FilePath>
+              <FilePath>c:\Keil_v5\ARM\RL\TCPnet\Drivers\ETH_STM32F2xx.c</FilePath>
               <FileOption>
                 <CommonProperty>
                   <UseCPPCompiler>2</UseCPPCompiler>
@@ -3078,6 +2435,7 @@
                   <StopOnExitCode>11</StopOnExitCode>
                   <CustomArgument></CustomArgument>
                   <IncludeLibraryModules></IncludeLibraryModules>
+                  <ComprImg>1</ComprImg>
                 </CommonProperty>
                 <FileArmAds>
                   <Cads>
@@ -3094,6 +2452,8 @@
                     <wLevel>0</wLevel>
                     <uThumb>2</uThumb>
                     <uSurpInc>2</uSurpInc>
+                    <uC99>2</uC99>
+                    <useXO>2</useXO>
                     <VariousControls>
                       <MiscControls></MiscControls>
                       <Define></Define>
@@ -3107,7 +2467,7 @@
             <File>
               <FileName>TCPD_CM3.lib</FileName>
               <FileType>4</FileType>
-              <FilePath>c:\Keil\ARM\RV31\LIB\TCPD_CM3.lib</FilePath>
+              <FilePath>c:\Keil_v5\ARM\RV31\LIB\TCPD_CM3.lib</FilePath>
               <FileOption>
                 <CommonProperty>
                   <UseCPPCompiler>2</UseCPPCompiler>
@@ -3123,6 +2483,7 @@
                   <StopOnExitCode>11</StopOnExitCode>
                   <CustomArgument></CustomArgument>
                   <IncludeLibraryModules></IncludeLibraryModules>
+                  <ComprImg>1</ComprImg>
                 </CommonProperty>
                 <FileArmAds/>
               </FileOption>
@@ -3130,7 +2491,7 @@
             <File>
               <FileName>TCP_CM3.lib</FileName>
               <FileType>4</FileType>
-              <FilePath>c:\Keil\ARM\RV31\LIB\TCP_CM3.lib</FilePath>
+              <FilePath>c:\Keil_v5\ARM\RV31\LIB\TCP_CM3.lib</FilePath>
               <FileOption>
                 <CommonProperty>
                   <UseCPPCompiler>2</UseCPPCompiler>
@@ -3146,6 +2507,7 @@
                   <StopOnExitCode>11</StopOnExitCode>
                   <CustomArgument></CustomArgument>
                   <IncludeLibraryModules></IncludeLibraryModules>
+                  <ComprImg>1</ComprImg>
                 </CommonProperty>
                 <FileArmAds/>
               </FileOption>
@@ -3153,17 +2515,12 @@
             <File>
               <FileName>system_stm32f2xx.c</FileName>
               <FileType>1</FileType>
-              <FilePath>C:\Keil\ARM\Startup\ST\STM32F2xx\system_stm32f2xx.c</FilePath>
+              <FilePath>C:\Keil_v5\ARM\Startup\ST\STM32F2xx\system_stm32f2xx.c</FilePath>
             </File>
-          </Files>
-        </Group>
-        <Group>
-          <GroupName>CyaSSL Library</GroupName>
-          <Files>
             <File>
-              <FileName>crl.c</FileName>
+              <FileName>SDIO_STM32F2xx.c</FileName>
               <FileType>1</FileType>
-              <FilePath>..\..\..\src\crl.c</FilePath>
+              <FilePath>C:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\RL\FlashFS\SD_File\SDIO_STM32F2xx.c</FilePath>
               <FileOption>
                 <CommonProperty>
                   <UseCPPCompiler>2</UseCPPCompiler>
@@ -3179,6 +2536,7 @@
                   <StopOnExitCode>11</StopOnExitCode>
                   <CustomArgument></CustomArgument>
                   <IncludeLibraryModules></IncludeLibraryModules>
+                  <ComprImg>1</ComprImg>
                 </CommonProperty>
                 <FileArmAds>
                   <Cads>
@@ -3192,9 +2550,11 @@
                     <PlainCh>2</PlainCh>
                     <Ropi>2</Ropi>
                     <Rwpi>2</Rwpi>
-                    <wLevel>0</wLevel>
+                    <wLevel>2</wLevel>
                     <uThumb>2</uThumb>
                     <uSurpInc>2</uSurpInc>
+                    <uC99>2</uC99>
+                    <useXO>2</useXO>
                     <VariousControls>
                       <MiscControls></MiscControls>
                       <Define></Define>
@@ -3206,575 +2566,15 @@
               </FileOption>
             </File>
             <File>
-              <FileName>internal.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\src\internal.c</FilePath>
-              <FileOption>
-                <CommonProperty>
-                  <UseCPPCompiler>2</UseCPPCompiler>
-                  <RVCTCodeConst>0</RVCTCodeConst>
-                  <RVCTZI>0</RVCTZI>
-                  <RVCTOtherData>0</RVCTOtherData>
-                  <ModuleSelection>0</ModuleSelection>
-                  <IncludeInBuild>0</IncludeInBuild>
-                  <AlwaysBuild>2</AlwaysBuild>
-                  <GenerateAssemblyFile>2</GenerateAssemblyFile>
-                  <AssembleAssemblyFile>2</AssembleAssemblyFile>
-                  <PublicsOnly>2</PublicsOnly>
-                  <StopOnExitCode>11</StopOnExitCode>
-                  <CustomArgument></CustomArgument>
-                  <IncludeLibraryModules></IncludeLibraryModules>
-                </CommonProperty>
-                <FileArmAds>
-                  <Cads>
-                    <interw>2</interw>
-                    <Optim>0</Optim>
-                    <oTime>2</oTime>
-                    <SplitLS>2</SplitLS>
-                    <OneElfS>2</OneElfS>
-                    <Strict>2</Strict>
-                    <EnumInt>2</EnumInt>
-                    <PlainCh>2</PlainCh>
-                    <Ropi>2</Ropi>
-                    <Rwpi>2</Rwpi>
-                    <wLevel>0</wLevel>
-                    <uThumb>2</uThumb>
-                    <uSurpInc>2</uSurpInc>
-                    <VariousControls>
-                      <MiscControls></MiscControls>
-                      <Define></Define>
-                      <Undefine></Undefine>
-                      <IncludePath></IncludePath>
-                    </VariousControls>
-                  </Cads>
-                </FileArmAds>
-              </FileOption>
-            </File>
-            <File>
-              <FileName>io.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\src\io.c</FilePath>
-              <FileOption>
-                <CommonProperty>
-                  <UseCPPCompiler>2</UseCPPCompiler>
-                  <RVCTCodeConst>0</RVCTCodeConst>
-                  <RVCTZI>0</RVCTZI>
-                  <RVCTOtherData>0</RVCTOtherData>
-                  <ModuleSelection>0</ModuleSelection>
-                  <IncludeInBuild>0</IncludeInBuild>
-                  <AlwaysBuild>2</AlwaysBuild>
-                  <GenerateAssemblyFile>2</GenerateAssemblyFile>
-                  <AssembleAssemblyFile>2</AssembleAssemblyFile>
-                  <PublicsOnly>2</PublicsOnly>
-                  <StopOnExitCode>11</StopOnExitCode>
-                  <CustomArgument></CustomArgument>
-                  <IncludeLibraryModules></IncludeLibraryModules>
-                </CommonProperty>
-                <FileArmAds>
-                  <Cads>
-                    <interw>2</interw>
-                    <Optim>0</Optim>
-                    <oTime>2</oTime>
-                    <SplitLS>2</SplitLS>
-                    <OneElfS>2</OneElfS>
-                    <Strict>2</Strict>
-                    <EnumInt>2</EnumInt>
-                    <PlainCh>2</PlainCh>
-                    <Ropi>2</Ropi>
-                    <Rwpi>2</Rwpi>
-                    <wLevel>0</wLevel>
-                    <uThumb>2</uThumb>
-                    <uSurpInc>2</uSurpInc>
-                    <VariousControls>
-                      <MiscControls></MiscControls>
-                      <Define></Define>
-                      <Undefine></Undefine>
-                      <IncludePath></IncludePath>
-                    </VariousControls>
-                  </Cads>
-                </FileArmAds>
-              </FileOption>
-            </File>
-            <File>
-              <FileName>keys.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\src\keys.c</FilePath>
-              <FileOption>
-                <CommonProperty>
-                  <UseCPPCompiler>2</UseCPPCompiler>
-                  <RVCTCodeConst>0</RVCTCodeConst>
-                  <RVCTZI>0</RVCTZI>
-                  <RVCTOtherData>0</RVCTOtherData>
-                  <ModuleSelection>0</ModuleSelection>
-                  <IncludeInBuild>0</IncludeInBuild>
-                  <AlwaysBuild>2</AlwaysBuild>
-                  <GenerateAssemblyFile>2</GenerateAssemblyFile>
-                  <AssembleAssemblyFile>2</AssembleAssemblyFile>
-                  <PublicsOnly>2</PublicsOnly>
-                  <StopOnExitCode>11</StopOnExitCode>
-                  <CustomArgument></CustomArgument>
-                  <IncludeLibraryModules></IncludeLibraryModules>
-                </CommonProperty>
-                <FileArmAds>
-                  <Cads>
-                    <interw>2</interw>
-                    <Optim>0</Optim>
-                    <oTime>2</oTime>
-                    <SplitLS>2</SplitLS>
-                    <OneElfS>2</OneElfS>
-                    <Strict>2</Strict>
-                    <EnumInt>2</EnumInt>
-                    <PlainCh>2</PlainCh>
-                    <Ropi>2</Ropi>
-                    <Rwpi>2</Rwpi>
-                    <wLevel>0</wLevel>
-                    <uThumb>2</uThumb>
-                    <uSurpInc>2</uSurpInc>
-                    <VariousControls>
-                      <MiscControls></MiscControls>
-                      <Define></Define>
-                      <Undefine></Undefine>
-                      <IncludePath></IncludePath>
-                    </VariousControls>
-                  </Cads>
-                </FileArmAds>
-              </FileOption>
-            </File>
-            <File>
-              <FileName>ocsp.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\src\ocsp.c</FilePath>
-              <FileOption>
-                <CommonProperty>
-                  <UseCPPCompiler>2</UseCPPCompiler>
-                  <RVCTCodeConst>0</RVCTCodeConst>
-                  <RVCTZI>0</RVCTZI>
-                  <RVCTOtherData>0</RVCTOtherData>
-                  <ModuleSelection>0</ModuleSelection>
-                  <IncludeInBuild>0</IncludeInBuild>
-                  <AlwaysBuild>2</AlwaysBuild>
-                  <GenerateAssemblyFile>2</GenerateAssemblyFile>
-                  <AssembleAssemblyFile>2</AssembleAssemblyFile>
-                  <PublicsOnly>2</PublicsOnly>
-                  <StopOnExitCode>11</StopOnExitCode>
-                  <CustomArgument></CustomArgument>
-                  <IncludeLibraryModules></IncludeLibraryModules>
-                </CommonProperty>
-                <FileArmAds>
-                  <Cads>
-                    <interw>2</interw>
-                    <Optim>0</Optim>
-                    <oTime>2</oTime>
-                    <SplitLS>2</SplitLS>
-                    <OneElfS>2</OneElfS>
-                    <Strict>2</Strict>
-                    <EnumInt>2</EnumInt>
-                    <PlainCh>2</PlainCh>
-                    <Ropi>2</Ropi>
-                    <Rwpi>2</Rwpi>
-                    <wLevel>0</wLevel>
-                    <uThumb>2</uThumb>
-                    <uSurpInc>2</uSurpInc>
-                    <VariousControls>
-                      <MiscControls></MiscControls>
-                      <Define></Define>
-                      <Undefine></Undefine>
-                      <IncludePath></IncludePath>
-                    </VariousControls>
-                  </Cads>
-                </FileArmAds>
-              </FileOption>
-            </File>
-            <File>
-              <FileName>sniffer.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\src\sniffer.c</FilePath>
-              <FileOption>
-                <CommonProperty>
-                  <UseCPPCompiler>2</UseCPPCompiler>
-                  <RVCTCodeConst>0</RVCTCodeConst>
-                  <RVCTZI>0</RVCTZI>
-                  <RVCTOtherData>0</RVCTOtherData>
-                  <ModuleSelection>0</ModuleSelection>
-                  <IncludeInBuild>0</IncludeInBuild>
-                  <AlwaysBuild>2</AlwaysBuild>
-                  <GenerateAssemblyFile>2</GenerateAssemblyFile>
-                  <AssembleAssemblyFile>2</AssembleAssemblyFile>
-                  <PublicsOnly>2</PublicsOnly>
-                  <StopOnExitCode>11</StopOnExitCode>
-                  <CustomArgument></CustomArgument>
-                  <IncludeLibraryModules></IncludeLibraryModules>
-                </CommonProperty>
-                <FileArmAds>
-                  <Cads>
-                    <interw>2</interw>
-                    <Optim>0</Optim>
-                    <oTime>2</oTime>
-                    <SplitLS>2</SplitLS>
-                    <OneElfS>2</OneElfS>
-                    <Strict>2</Strict>
-                    <EnumInt>2</EnumInt>
-                    <PlainCh>2</PlainCh>
-                    <Ropi>2</Ropi>
-                    <Rwpi>2</Rwpi>
-                    <wLevel>0</wLevel>
-                    <uThumb>2</uThumb>
-                    <uSurpInc>2</uSurpInc>
-                    <VariousControls>
-                      <MiscControls></MiscControls>
-                      <Define></Define>
-                      <Undefine></Undefine>
-                      <IncludePath></IncludePath>
-                    </VariousControls>
-                  </Cads>
-                </FileArmAds>
-              </FileOption>
-            </File>
-            <File>
-              <FileName>ssl.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\src\ssl.c</FilePath>
-              <FileOption>
-                <CommonProperty>
-                  <UseCPPCompiler>2</UseCPPCompiler>
-                  <RVCTCodeConst>0</RVCTCodeConst>
-                  <RVCTZI>0</RVCTZI>
-                  <RVCTOtherData>0</RVCTOtherData>
-                  <ModuleSelection>0</ModuleSelection>
-                  <IncludeInBuild>0</IncludeInBuild>
-                  <AlwaysBuild>2</AlwaysBuild>
-                  <GenerateAssemblyFile>2</GenerateAssemblyFile>
-                  <AssembleAssemblyFile>2</AssembleAssemblyFile>
-                  <PublicsOnly>2</PublicsOnly>
-                  <StopOnExitCode>11</StopOnExitCode>
-                  <CustomArgument></CustomArgument>
-                  <IncludeLibraryModules></IncludeLibraryModules>
-                </CommonProperty>
-                <FileArmAds>
-                  <Cads>
-                    <interw>2</interw>
-                    <Optim>0</Optim>
-                    <oTime>2</oTime>
-                    <SplitLS>2</SplitLS>
-                    <OneElfS>2</OneElfS>
-                    <Strict>2</Strict>
-                    <EnumInt>2</EnumInt>
-                    <PlainCh>2</PlainCh>
-                    <Ropi>2</Ropi>
-                    <Rwpi>2</Rwpi>
-                    <wLevel>0</wLevel>
-                    <uThumb>2</uThumb>
-                    <uSurpInc>2</uSurpInc>
-                    <VariousControls>
-                      <MiscControls></MiscControls>
-                      <Define></Define>
-                      <Undefine></Undefine>
-                      <IncludePath></IncludePath>
-                    </VariousControls>
-                  </Cads>
-                </FileArmAds>
-              </FileOption>
-            </File>
-            <File>
-              <FileName>tls.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\src\tls.c</FilePath>
-              <FileOption>
-                <CommonProperty>
-                  <UseCPPCompiler>2</UseCPPCompiler>
-                  <RVCTCodeConst>0</RVCTCodeConst>
-                  <RVCTZI>0</RVCTZI>
-                  <RVCTOtherData>0</RVCTOtherData>
-                  <ModuleSelection>0</ModuleSelection>
-                  <IncludeInBuild>0</IncludeInBuild>
-                  <AlwaysBuild>2</AlwaysBuild>
-                  <GenerateAssemblyFile>2</GenerateAssemblyFile>
-                  <AssembleAssemblyFile>2</AssembleAssemblyFile>
-                  <PublicsOnly>2</PublicsOnly>
-                  <StopOnExitCode>11</StopOnExitCode>
-                  <CustomArgument></CustomArgument>
-                  <IncludeLibraryModules></IncludeLibraryModules>
-                </CommonProperty>
-                <FileArmAds>
-                  <Cads>
-                    <interw>2</interw>
-                    <Optim>0</Optim>
-                    <oTime>2</oTime>
-                    <SplitLS>2</SplitLS>
-                    <OneElfS>2</OneElfS>
-                    <Strict>2</Strict>
-                    <EnumInt>2</EnumInt>
-                    <PlainCh>2</PlainCh>
-                    <Ropi>2</Ropi>
-                    <Rwpi>2</Rwpi>
-                    <wLevel>0</wLevel>
-                    <uThumb>2</uThumb>
-                    <uSurpInc>2</uSurpInc>
-                    <VariousControls>
-                      <MiscControls></MiscControls>
-                      <Define></Define>
-                      <Undefine></Undefine>
-                      <IncludePath></IncludePath>
-                    </VariousControls>
-                  </Cads>
-                </FileArmAds>
-              </FileOption>
-            </File>
-            <File>
-              <FileName>ssl-dummy.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\MDK-ARM\CyaSSL\ssl-dummy.c</FilePath>
-            </File>
-          </Files>
-        </Group>
-        <Group>
-          <GroupName>Crypt/Cipher Library</GroupName>
-          <Files>
-            <File>
-              <FileName>aes.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\aes.c</FilePath>
-            </File>
-            <File>
-              <FileName>arc4.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\arc4.c</FilePath>
-            </File>
-            <File>
-              <FileName>asm.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\asm.c</FilePath>
-            </File>
-            <File>
-              <FileName>asn.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\asn.c</FilePath>
-            </File>
-            <File>
-              <FileName>camellia.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\camellia.c</FilePath>
-            </File>
-            <File>
-              <FileName>coding.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\coding.c</FilePath>
-            </File>
-            <File>
-              <FileName>des3.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\des3.c</FilePath>
-            </File>
-            <File>
-              <FileName>dh.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\dh.c</FilePath>
-            </File>
-            <File>
-              <FileName>dsa.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\dsa.c</FilePath>
-            </File>
-            <File>
-              <FileName>ecc.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\ecc.c</FilePath>
-            </File>
-            <File>
-              <FileName>ecc_fp.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\ecc_fp.c</FilePath>
-            </File>
-            <File>
-              <FileName>error.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\error.c</FilePath>
-            </File>
-            <File>
-              <FileName>hc128.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\hc128.c</FilePath>
-            </File>
-            <File>
-              <FileName>hmac.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\hmac.c</FilePath>
-            </File>
-            <File>
-              <FileName>integer.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\integer.c</FilePath>
-            </File>
-            <File>
-              <FileName>logging.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\logging.c</FilePath>
-            </File>
-            <File>
-              <FileName>md2.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\md2.c</FilePath>
-            </File>
-            <File>
-              <FileName>md4.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\md4.c</FilePath>
-            </File>
-            <File>
-              <FileName>md5.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\md5.c</FilePath>
-            </File>
-            <File>
-              <FileName>memory.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\memory.c</FilePath>
-            </File>
-            <File>
-              <FileName>misc.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\misc.c</FilePath>
-            </File>
-            <File>
-              <FileName>wc_port.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\wc_port.c</FilePath>
-            </File>
-            <File>
-              <FileName>pwdbased.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\pwdbased.c</FilePath>
-            </File>
-            <File>
-              <FileName>rabbit.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\rabbit.c</FilePath>
-            </File>
-            <File>
-              <FileName>random.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\random.c</FilePath>
-            </File>
-            <File>
-              <FileName>ripemd.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\ripemd.c</FilePath>
-            </File>
-            <File>
-              <FileName>rsa.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\rsa.c</FilePath>
-            </File>
-            <File>
-              <FileName>sha.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\sha.c</FilePath>
-            </File>
-            <File>
-              <FileName>sha256.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\sha256.c</FilePath>
-            </File>
-            <File>
-              <FileName>sha512.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\sha512.c</FilePath>
-            </File>
-            <File>
-              <FileName>tfm.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\..\..\ctaocrypt\src\tfm.c</FilePath>
-              <FileOption>
-                <CommonProperty>
-                  <UseCPPCompiler>2</UseCPPCompiler>
-                  <RVCTCodeConst>0</RVCTCodeConst>
-                  <RVCTZI>0</RVCTZI>
-                  <RVCTOtherData>0</RVCTOtherData>
-                  <ModuleSelection>0</ModuleSelection>
-                  <IncludeInBuild>0</IncludeInBuild>
-                  <AlwaysBuild>2</AlwaysBuild>
-                  <GenerateAssemblyFile>2</GenerateAssemblyFile>
-                  <AssembleAssemblyFile>2</AssembleAssemblyFile>
-                  <PublicsOnly>2</PublicsOnly>
-                  <StopOnExitCode>11</StopOnExitCode>
-                  <CustomArgument></CustomArgument>
-                  <IncludeLibraryModules></IncludeLibraryModules>
-                </CommonProperty>
-                <FileArmAds>
-                  <Cads>
-                    <interw>2</interw>
-                    <Optim>0</Optim>
-                    <oTime>2</oTime>
-                    <SplitLS>2</SplitLS>
-                    <OneElfS>2</OneElfS>
-                    <Strict>2</Strict>
-                    <EnumInt>2</EnumInt>
-                    <PlainCh>2</PlainCh>
-                    <Ropi>2</Ropi>
-                    <Rwpi>2</Rwpi>
-                    <wLevel>0</wLevel>
-                    <uThumb>2</uThumb>
-                    <uSurpInc>2</uSurpInc>
-                    <VariousControls>
-                      <MiscControls></MiscControls>
-                      <Define></Define>
-                      <Undefine></Undefine>
-                      <IncludePath></IncludePath>
-                    </VariousControls>
-                  </Cads>
-                </FileArmAds>
-              </FileOption>
+              <FileName>FS_CM3.lib</FileName>
+              <FileType>4</FileType>
+              <FilePath>C:\Keil_v5\ARM\RV31\LIB\FS_CM3.lib</FilePath>
             </File>
           </Files>
         </Group>
         <Group>
           <GroupName>Configuration</GroupName>
           <Files>
-            <File>
-              <FileName>File_Config.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\MDK-ARM\config\File_Config.c</FilePath>
-              <FileOption>
-                <CommonProperty>
-                  <UseCPPCompiler>2</UseCPPCompiler>
-                  <RVCTCodeConst>0</RVCTCodeConst>
-                  <RVCTZI>0</RVCTZI>
-                  <RVCTOtherData>0</RVCTOtherData>
-                  <ModuleSelection>0</ModuleSelection>
-                  <IncludeInBuild>0</IncludeInBuild>
-                  <AlwaysBuild>2</AlwaysBuild>
-                  <GenerateAssemblyFile>2</GenerateAssemblyFile>
-                  <AssembleAssemblyFile>2</AssembleAssemblyFile>
-                  <PublicsOnly>2</PublicsOnly>
-                  <StopOnExitCode>11</StopOnExitCode>
-                  <CustomArgument></CustomArgument>
-                  <IncludeLibraryModules></IncludeLibraryModules>
-                </CommonProperty>
-                <FileArmAds>
-                  <Cads>
-                    <interw>2</interw>
-                    <Optim>0</Optim>
-                    <oTime>2</oTime>
-                    <SplitLS>2</SplitLS>
-                    <OneElfS>2</OneElfS>
-                    <Strict>2</Strict>
-                    <EnumInt>2</EnumInt>
-                    <PlainCh>2</PlainCh>
-                    <Ropi>2</Ropi>
-                    <Rwpi>2</Rwpi>
-                    <wLevel>0</wLevel>
-                    <uThumb>2</uThumb>
-                    <uSurpInc>2</uSurpInc>
-                    <VariousControls>
-                      <MiscControls></MiscControls>
-                      <Define></Define>
-                      <Undefine></Undefine>
-                      <IncludePath></IncludePath>
-                    </VariousControls>
-                  </Cads>
-                </FileArmAds>
-              </FileOption>
-            </File>
             <File>
               <FileName>Net_Config.c</FileName>
               <FileType>1</FileType>
@@ -3794,6 +2594,7 @@
                   <StopOnExitCode>11</StopOnExitCode>
                   <CustomArgument></CustomArgument>
                   <IncludeLibraryModules></IncludeLibraryModules>
+                  <ComprImg>1</ComprImg>
                 </CommonProperty>
                 <FileArmAds>
                   <Cads>
@@ -3810,6 +2611,8 @@
                     <wLevel>0</wLevel>
                     <uThumb>2</uThumb>
                     <uSurpInc>2</uSurpInc>
+                    <uC99>2</uC99>
+                    <useXO>2</useXO>
                     <VariousControls>
                       <MiscControls></MiscControls>
                       <Define></Define>
@@ -3823,7 +2626,7 @@
             <File>
               <FileName>config.h</FileName>
               <FileType>5</FileType>
-              <FilePath>..\MDK-ARM\CyaSSL\config.h</FilePath>
+              <FilePath>..\MDK-ARM\wolfSSL\config.h</FilePath>
             </File>
             <File>
               <FileName>RTX_Conf_CM.c</FileName>
@@ -3844,6 +2647,7 @@
                   <StopOnExitCode>11</StopOnExitCode>
                   <CustomArgument></CustomArgument>
                   <IncludeLibraryModules></IncludeLibraryModules>
+                  <ComprImg>1</ComprImg>
                 </CommonProperty>
                 <FileArmAds>
                   <Cads>
@@ -3860,6 +2664,8 @@
                     <wLevel>0</wLevel>
                     <uThumb>2</uThumb>
                     <uSurpInc>2</uSurpInc>
+                    <uC99>2</uC99>
+                    <useXO>2</useXO>
                     <VariousControls>
                       <MiscControls></MiscControls>
                       <Define></Define>
@@ -3889,6 +2695,7 @@
                   <StopOnExitCode>11</StopOnExitCode>
                   <CustomArgument></CustomArgument>
                   <IncludeLibraryModules></IncludeLibraryModules>
+                  <ComprImg>1</ComprImg>
                 </CommonProperty>
                 <FileArmAds>
                   <Cads>
@@ -3905,6 +2712,8 @@
                     <wLevel>0</wLevel>
                     <uThumb>2</uThumb>
                     <uSurpInc>2</uSurpInc>
+                    <uC99>2</uC99>
+                    <useXO>2</useXO>
                     <VariousControls>
                       <MiscControls></MiscControls>
                       <Define></Define>
@@ -3918,42 +2727,244 @@
             <File>
               <FileName>config-FS.h</FileName>
               <FileType>5</FileType>
-              <FilePath>..\MDK-ARM\CyaSSL\config-FS.h</FilePath>
+              <FilePath>..\MDK-ARM\wolfSSL\config-FS.h</FilePath>
             </File>
             <File>
               <FileName>config-RTX-TCP-FS.h</FileName>
               <FileType>5</FileType>
-              <FilePath>..\MDK-ARM\CyaSSL\config-RTX-TCP-FS.h</FilePath>
+              <FilePath>..\MDK-ARM\wolfSSL\config-RTX-TCP-FS.h</FilePath>
             </File>
             <File>
               <FileName>config-BARE-METAL.h</FileName>
               <FileType>5</FileType>
-              <FilePath>..\MDK-ARM\CyaSSL\config-BARE-METAL.h</FilePath>
+              <FilePath>..\MDK-ARM\wolfSSL\config-BARE-METAL.h</FilePath>
             </File>
             <File>
               <FileName>startup_stm32f2xx.s</FileName>
               <FileType>2</FileType>
-              <FilePath>..\MDK-ARM\config\startup_stm32f2xx.s</FilePath>
+              <FilePath>..\STM32F2xx\startup_stm32f2xx.s</FilePath>
+            </File>
+            <File>
+              <FileName>File_Config.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>C:\Keil\ARM\Boards\Keil\MCBSTM32F200\RL\FlashFS\SD_File\File_Config.c</FilePath>
+              <FileOption>
+                <CommonProperty>
+                  <UseCPPCompiler>2</UseCPPCompiler>
+                  <RVCTCodeConst>0</RVCTCodeConst>
+                  <RVCTZI>0</RVCTZI>
+                  <RVCTOtherData>0</RVCTOtherData>
+                  <ModuleSelection>0</ModuleSelection>
+                  <IncludeInBuild>0</IncludeInBuild>
+                  <AlwaysBuild>2</AlwaysBuild>
+                  <GenerateAssemblyFile>2</GenerateAssemblyFile>
+                  <AssembleAssemblyFile>2</AssembleAssemblyFile>
+                  <PublicsOnly>2</PublicsOnly>
+                  <StopOnExitCode>11</StopOnExitCode>
+                  <CustomArgument></CustomArgument>
+                  <IncludeLibraryModules></IncludeLibraryModules>
+                  <ComprImg>1</ComprImg>
+                </CommonProperty>
+                <FileArmAds>
+                  <Cads>
+                    <interw>2</interw>
+                    <Optim>0</Optim>
+                    <oTime>2</oTime>
+                    <SplitLS>2</SplitLS>
+                    <OneElfS>2</OneElfS>
+                    <Strict>2</Strict>
+                    <EnumInt>2</EnumInt>
+                    <PlainCh>2</PlainCh>
+                    <Ropi>2</Ropi>
+                    <Rwpi>2</Rwpi>
+                    <wLevel>2</wLevel>
+                    <uThumb>2</uThumb>
+                    <uSurpInc>2</uSurpInc>
+                    <uC99>2</uC99>
+                    <useXO>2</useXO>
+                    <VariousControls>
+                      <MiscControls></MiscControls>
+                      <Define></Define>
+                      <Undefine></Undefine>
+                      <IncludePath></IncludePath>
+                    </VariousControls>
+                  </Cads>
+                </FileArmAds>
+              </FileOption>
+            </File>
+            <File>
+              <FileName>config-WOLFLIB.h</FileName>
+              <FileType>5</FileType>
+              <FilePath>..\MDK-ARM\wolfSSL\config-WOLFLIB.h</FilePath>
             </File>
           </Files>
         </Group>
         <Group>
-          <GroupName>CyaSSL-MDK</GroupName>
+          <GroupName>wolfSSL-MDK</GroupName>
           <Files>
-            <File>
-              <FileName>cyassl_MDK_ARM.c</FileName>
-              <FileType>1</FileType>
-              <FilePath>..\MDK-ARM\CyaSSL\cyassl_MDK_ARM.c</FilePath>
-            </File>
             <File>
               <FileName>Retarget.c</FileName>
               <FileType>1</FileType>
-              <FilePath>..\MDK-ARM\CyaSSL\Retarget.c</FilePath>
+              <FilePath>..\MDK-ARM\wolfSSL\Retarget.c</FilePath>
+              <FileOption>
+                <CommonProperty>
+                  <UseCPPCompiler>2</UseCPPCompiler>
+                  <RVCTCodeConst>0</RVCTCodeConst>
+                  <RVCTZI>0</RVCTZI>
+                  <RVCTOtherData>0</RVCTOtherData>
+                  <ModuleSelection>0</ModuleSelection>
+                  <IncludeInBuild>1</IncludeInBuild>
+                  <AlwaysBuild>2</AlwaysBuild>
+                  <GenerateAssemblyFile>2</GenerateAssemblyFile>
+                  <AssembleAssemblyFile>2</AssembleAssemblyFile>
+                  <PublicsOnly>2</PublicsOnly>
+                  <StopOnExitCode>11</StopOnExitCode>
+                  <CustomArgument></CustomArgument>
+                  <IncludeLibraryModules></IncludeLibraryModules>
+                  <ComprImg>1</ComprImg>
+                </CommonProperty>
+                <FileArmAds>
+                  <Cads>
+                    <interw>2</interw>
+                    <Optim>0</Optim>
+                    <oTime>2</oTime>
+                    <SplitLS>2</SplitLS>
+                    <OneElfS>2</OneElfS>
+                    <Strict>2</Strict>
+                    <EnumInt>2</EnumInt>
+                    <PlainCh>2</PlainCh>
+                    <Ropi>2</Ropi>
+                    <Rwpi>2</Rwpi>
+                    <wLevel>2</wLevel>
+                    <uThumb>2</uThumb>
+                    <uSurpInc>2</uSurpInc>
+                    <uC99>2</uC99>
+                    <useXO>2</useXO>
+                    <VariousControls>
+                      <MiscControls></MiscControls>
+                      <Define></Define>
+                      <Undefine></Undefine>
+                      <IncludePath></IncludePath>
+                    </VariousControls>
+                  </Cads>
+                </FileArmAds>
+              </FileOption>
             </File>
             <File>
-              <FileName>time-STM32F2xx.c</FileName>
+              <FileName>time-CortexM3-4.c</FileName>
               <FileType>1</FileType>
-              <FilePath>..\STM32F2xx_StdPeriph_Lib\time-STM32F2xx.c</FilePath>
+              <FilePath>..\MDK-ARM\wolfSSL\time-CortexM3-4.c</FilePath>
+            </File>
+            <File>
+              <FileName>time-dummy.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\MDK-ARM\wolfSSL\time-dummy.c</FilePath>
+              <FileOption>
+                <CommonProperty>
+                  <UseCPPCompiler>2</UseCPPCompiler>
+                  <RVCTCodeConst>0</RVCTCodeConst>
+                  <RVCTZI>0</RVCTZI>
+                  <RVCTOtherData>0</RVCTOtherData>
+                  <ModuleSelection>0</ModuleSelection>
+                  <IncludeInBuild>1</IncludeInBuild>
+                  <AlwaysBuild>2</AlwaysBuild>
+                  <GenerateAssemblyFile>2</GenerateAssemblyFile>
+                  <AssembleAssemblyFile>2</AssembleAssemblyFile>
+                  <PublicsOnly>2</PublicsOnly>
+                  <StopOnExitCode>11</StopOnExitCode>
+                  <CustomArgument></CustomArgument>
+                  <IncludeLibraryModules></IncludeLibraryModules>
+                  <ComprImg>1</ComprImg>
+                </CommonProperty>
+                <FileArmAds>
+                  <Cads>
+                    <interw>2</interw>
+                    <Optim>0</Optim>
+                    <oTime>2</oTime>
+                    <SplitLS>2</SplitLS>
+                    <OneElfS>2</OneElfS>
+                    <Strict>2</Strict>
+                    <EnumInt>2</EnumInt>
+                    <PlainCh>2</PlainCh>
+                    <Ropi>2</Ropi>
+                    <Rwpi>2</Rwpi>
+                    <wLevel>2</wLevel>
+                    <uThumb>2</uThumb>
+                    <uSurpInc>2</uSurpInc>
+                    <uC99>2</uC99>
+                    <useXO>2</useXO>
+                    <VariousControls>
+                      <MiscControls></MiscControls>
+                      <Define></Define>
+                      <Undefine></Undefine>
+                      <IncludePath></IncludePath>
+                    </VariousControls>
+                  </Cads>
+                </FileArmAds>
+              </FileOption>
+            </File>
+            <File>
+              <FileName>wolfssl_MDK_ARM.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\MDK-ARM\wolfSSL\wolfssl_MDK_ARM.c</FilePath>
+              <FileOption>
+                <CommonProperty>
+                  <UseCPPCompiler>2</UseCPPCompiler>
+                  <RVCTCodeConst>0</RVCTCodeConst>
+                  <RVCTZI>0</RVCTZI>
+                  <RVCTOtherData>0</RVCTOtherData>
+                  <ModuleSelection>0</ModuleSelection>
+                  <IncludeInBuild>1</IncludeInBuild>
+                  <AlwaysBuild>2</AlwaysBuild>
+                  <GenerateAssemblyFile>2</GenerateAssemblyFile>
+                  <AssembleAssemblyFile>2</AssembleAssemblyFile>
+                  <PublicsOnly>2</PublicsOnly>
+                  <StopOnExitCode>11</StopOnExitCode>
+                  <CustomArgument></CustomArgument>
+                  <IncludeLibraryModules></IncludeLibraryModules>
+                  <ComprImg>1</ComprImg>
+                </CommonProperty>
+                <FileArmAds>
+                  <Cads>
+                    <interw>2</interw>
+                    <Optim>0</Optim>
+                    <oTime>2</oTime>
+                    <SplitLS>2</SplitLS>
+                    <OneElfS>2</OneElfS>
+                    <Strict>2</Strict>
+                    <EnumInt>2</EnumInt>
+                    <PlainCh>2</PlainCh>
+                    <Ropi>2</Ropi>
+                    <Rwpi>2</Rwpi>
+                    <wLevel>2</wLevel>
+                    <uThumb>2</uThumb>
+                    <uSurpInc>2</uSurpInc>
+                    <uC99>2</uC99>
+                    <useXO>2</useXO>
+                    <VariousControls>
+                      <MiscControls></MiscControls>
+                      <Define></Define>
+                      <Undefine></Undefine>
+                      <IncludePath></IncludePath>
+                    </VariousControls>
+                  </Cads>
+                </FileArmAds>
+              </FileOption>
+            </File>
+            <File>
+              <FileName>Serial.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>C:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\Blinky_ULp\Serial.c</FilePath>
+            </File>
+          </Files>
+        </Group>
+        <Group>
+          <GroupName>wolfSSL-Lib</GroupName>
+          <Files>
+            <File>
+              <FileName>wolfSSL.lib</FileName>
+              <FileType>4</FileType>
+              <FilePath>.\wolfSSL-lib\wolfSSL.lib</FilePath>
             </File>
           </Files>
         </Group>
diff --git a/IDE/MDK-ARM/Projects/MDK-ARM-LPC43xx.uvopt b/IDE/MDK-ARM/Projects/MDK-ARM-wolfSSL-Lib.uvopt
similarity index 55%
rename from IDE/MDK-ARM/Projects/MDK-ARM-LPC43xx.uvopt
rename to IDE/MDK-ARM/Projects/MDK-ARM-wolfSSL-Lib.uvopt
index 1e83de18e..973311568 100644
--- a/IDE/MDK-ARM/Projects/MDK-ARM-LPC43xx.uvopt
+++ b/IDE/MDK-ARM/Projects/MDK-ARM-wolfSSL-Lib.uvopt
@@ -13,6 +13,7 @@
     <tExt>*.txt; *.h; *.inc</tExt>
     <pExt>*.plm</pExt>
     <CppX>*.cpp</CppX>
+    <nMigrate>0</nMigrate>
   </Extensions>
 
   <DaveTm>
@@ -21,16 +22,17 @@
   </DaveTm>
 
   <Target>
-    <TargetName>MDK-RTX-TCP-FS</TargetName>
+    <TargetName>MDK-RTX-TCP-FS-Lib</TargetName>
     <ToolsetNumber>0x4</ToolsetNumber>
     <ToolsetName>ARM-ADS</ToolsetName>
     <TargetOption>
-      <CLKADS>12000000</CLKADS>
+      <CLKADS>25000000</CLKADS>
       <OPTTT>
         <gFlags>1</gFlags>
-        <BeepAtEnd>0</BeepAtEnd>
-        <RunSim>1</RunSim>
-        <RunTarget>0</RunTarget>
+        <BeepAtEnd>1</BeepAtEnd>
+        <RunSim>0</RunSim>
+        <RunTarget>1</RunTarget>
+        <RunAbUc>0</RunAbUc>
       </OPTTT>
       <OPTHX>
         <HexSelection>1</HexSelection>
@@ -43,7 +45,7 @@
         <PageWidth>79</PageWidth>
         <PageLength>66</PageLength>
         <TabStop>8</TabStop>
-        <ListingPath>.\Lst\</ListingPath>
+        <ListingPath>.\Flash\</ListingPath>
       </OPTLEX>
       <ListingPage>
         <CreateCListing>1</CreateCListing>
@@ -75,17 +77,358 @@
         <tvExpOptDlg>0</tvExpOptDlg>
         <IsCurrentTarget>1</IsCurrentTarget>
       </OPTFL>
-      <CpuCode>8</CpuCode>
-      <DllOpt>
-        <SimDllName>SARMCM3.DLL</SimDllName>
-        <SimDllArguments>-MPU</SimDllArguments>
-        <SimDlgDllName>DCM.DLL</SimDlgDllName>
-        <SimDlgDllArguments>-pCM4</SimDlgDllArguments>
-        <TargetDllName>SARMCM3.DLL</TargetDllName>
-        <TargetDllArguments>-MPU</TargetDllArguments>
-        <TargetDlgDllName>TCM.DLL</TargetDlgDllName>
-        <TargetDlgDllArguments>-pCM4</TargetDlgDllArguments>
-      </DllOpt>
+      <CpuCode>255</CpuCode>
+      <DebugOpt>
+        <uSim>0</uSim>
+        <uTrg>1</uTrg>
+        <sLdApp>1</sLdApp>
+        <sGomain>1</sGomain>
+        <sRbreak>1</sRbreak>
+        <sRwatch>1</sRwatch>
+        <sRmem>1</sRmem>
+        <sRfunc>1</sRfunc>
+        <sRbox>1</sRbox>
+        <tLdApp>1</tLdApp>
+        <tGomain>1</tGomain>
+        <tRbreak>1</tRbreak>
+        <tRwatch>1</tRwatch>
+        <tRmem>1</tRmem>
+        <tRfunc>0</tRfunc>
+        <tRbox>1</tRbox>
+        <tRtrace>0</tRtrace>
+        <sRSysVw>1</sRSysVw>
+        <tRSysVw>1</tRSysVw>
+        <sRunDeb>0</sRunDeb>
+        <sLrtime>0</sLrtime>
+        <nTsel>7</nTsel>
+        <sDll></sDll>
+        <sDllPa></sDllPa>
+        <sDlgDll></sDlgDll>
+        <sDlgPa></sDlgPa>
+        <sIfile></sIfile>
+        <tDll></tDll>
+        <tDllPa></tDllPa>
+        <tDlgDll></tDlgDll>
+        <tDlgPa></tDlgPa>
+        <tIfile>c:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\Blinky_ULp\STM32_SWO.ini</tIfile>
+        <pMon>BIN\ULP2CM3.DLL</pMon>
+      </DebugOpt>
+      <TargetDriverDllRegistry>
+        <SetRegEntry>
+          <Number>0</Number>
+          <Key>ARMRTXEVENTFLAGS</Key>
+          <Name>-L70 -Z18 -C0 -M0 -T1</Name>
+        </SetRegEntry>
+        <SetRegEntry>
+          <Number>0</Number>
+          <Key>UL2CM3</Key>
+          <Name>-UM1020ADE -O206 -S8 -C0 -P00 -N00("ARM CoreSight SW-DP") -D00(2BA01477) -L00(0) -TO23 -TC120000000 -TP21 -TDS801F -TDT0 -TDC10 -TIE1 -TIP9 -FO7 -FD20000000 -FC1000 -FN1 -FF0STM32F2xx_1024 -FS08000000 -FL0100000</Name>
+        </SetRegEntry>
+        <SetRegEntry>
+          <Number>0</Number>
+          <Key>DLGTARM</Key>
+          <Name>(1010=-1,-1,-1,-1,0)(1007=-1,-1,-1,-1,0)(1008=-1,-1,-1,-1,0)(1009=-1,-1,-1,-1,0)(1012=-1,-1,-1,-1,0)</Name>
+        </SetRegEntry>
+        <SetRegEntry>
+          <Number>0</Number>
+          <Key>ARMDBGFLAGS</Key>
+          <Name></Name>
+        </SetRegEntry>
+        <SetRegEntry>
+          <Number>0</Number>
+          <Key>DLGUARM</Key>
+          <Name></Name>
+        </SetRegEntry>
+        <SetRegEntry>
+          <Number>0</Number>
+          <Key>ULP2CM3</Key>
+          <Name>-UP1135060 -O206 -S8 -C0 -P00 -N00("ARM CoreSight SW-DP") -D00(2BA01477) -L00(0) -TO23 -TC120000000 -TP18 -TDX0 -TDD0 -TDS8000 -TDT0 -TDC1F -TIE1 -TIP1 -FO7 -FD20000000 -FC800 -FN1 -FF0STM32F2xx_1024 -FS08000000 -FL0100000</Name>
+        </SetRegEntry>
+      </TargetDriverDllRegistry>
+      <Breakpoint/>
+      <Tracepoint>
+        <THDelay>0</THDelay>
+      </Tracepoint>
+      <DebugFlag>
+        <trace>0</trace>
+        <periodic>0</periodic>
+        <aLwin>1</aLwin>
+        <aCover>0</aCover>
+        <aSer1>0</aSer1>
+        <aSer2>0</aSer2>
+        <aPa>0</aPa>
+        <viewmode>1</viewmode>
+        <vrSel>0</vrSel>
+        <aSym>0</aSym>
+        <aTbox>0</aTbox>
+        <AscS1>0</AscS1>
+        <AscS2>0</AscS2>
+        <AscS3>0</AscS3>
+        <aSer3>0</aSer3>
+        <eProf>0</eProf>
+        <aLa>0</aLa>
+        <aPa1>0</aPa1>
+        <AscS4>0</AscS4>
+        <aSer4>1</aSer4>
+        <StkLoc>1</StkLoc>
+        <TrcWin>0</TrcWin>
+        <newCpu>0</newCpu>
+        <uProt>0</uProt>
+      </DebugFlag>
+      <LintExecutable></LintExecutable>
+      <LintConfigFile></LintConfigFile>
+    </TargetOption>
+  </Target>
+
+  <Target>
+    <TargetName>MDK-FS-Lib</TargetName>
+    <ToolsetNumber>0x4</ToolsetNumber>
+    <ToolsetName>ARM-ADS</ToolsetName>
+    <TargetOption>
+      <CLKADS>25000000</CLKADS>
+      <OPTTT>
+        <gFlags>1</gFlags>
+        <BeepAtEnd>1</BeepAtEnd>
+        <RunSim>1</RunSim>
+        <RunTarget>0</RunTarget>
+        <RunAbUc>0</RunAbUc>
+      </OPTTT>
+      <OPTHX>
+        <HexSelection>1</HexSelection>
+        <FlashByte>65535</FlashByte>
+        <HexRangeLowAddress>0</HexRangeLowAddress>
+        <HexRangeHighAddress>0</HexRangeHighAddress>
+        <HexOffset>0</HexOffset>
+      </OPTHX>
+      <OPTLEX>
+        <PageWidth>79</PageWidth>
+        <PageLength>66</PageLength>
+        <TabStop>8</TabStop>
+        <ListingPath>.\Flash\</ListingPath>
+      </OPTLEX>
+      <ListingPage>
+        <CreateCListing>1</CreateCListing>
+        <CreateAListing>1</CreateAListing>
+        <CreateLListing>1</CreateLListing>
+        <CreateIListing>0</CreateIListing>
+        <AsmCond>1</AsmCond>
+        <AsmSymb>1</AsmSymb>
+        <AsmXref>0</AsmXref>
+        <CCond>1</CCond>
+        <CCode>0</CCode>
+        <CListInc>0</CListInc>
+        <CSymb>0</CSymb>
+        <LinkerCodeListing>0</LinkerCodeListing>
+      </ListingPage>
+      <OPTXL>
+        <LMap>1</LMap>
+        <LComments>1</LComments>
+        <LGenerateSymbols>1</LGenerateSymbols>
+        <LLibSym>1</LLibSym>
+        <LLines>1</LLines>
+        <LLocSym>1</LLocSym>
+        <LPubSym>1</LPubSym>
+        <LXref>0</LXref>
+        <LExpSel>0</LExpSel>
+      </OPTXL>
+      <OPTFL>
+        <tvExp>1</tvExp>
+        <tvExpOptDlg>0</tvExpOptDlg>
+        <IsCurrentTarget>0</IsCurrentTarget>
+      </OPTFL>
+      <CpuCode>255</CpuCode>
+      <DebugOpt>
+        <uSim>0</uSim>
+        <uTrg>1</uTrg>
+        <sLdApp>1</sLdApp>
+        <sGomain>1</sGomain>
+        <sRbreak>1</sRbreak>
+        <sRwatch>1</sRwatch>
+        <sRmem>1</sRmem>
+        <sRfunc>1</sRfunc>
+        <sRbox>1</sRbox>
+        <tLdApp>1</tLdApp>
+        <tGomain>1</tGomain>
+        <tRbreak>1</tRbreak>
+        <tRwatch>1</tRwatch>
+        <tRmem>1</tRmem>
+        <tRfunc>0</tRfunc>
+        <tRbox>1</tRbox>
+        <tRtrace>0</tRtrace>
+        <sRSysVw>1</sRSysVw>
+        <tRSysVw>1</tRSysVw>
+        <sRunDeb>0</sRunDeb>
+        <sLrtime>0</sLrtime>
+        <nTsel>1</nTsel>
+        <sDll></sDll>
+        <sDllPa></sDllPa>
+        <sDlgDll></sDlgDll>
+        <sDlgPa></sDlgPa>
+        <sIfile></sIfile>
+        <tDll></tDll>
+        <tDllPa></tDllPa>
+        <tDlgDll></tDlgDll>
+        <tDlgPa></tDlgPa>
+        <tIfile>..\..\..\..\..\..\..\Keil\ARM\Boards\Keil\MCBSTM32F200\Blinky_ULp\STM32_SWO.ini</tIfile>
+        <pMon>BIN\UL2CM3.DLL</pMon>
+      </DebugOpt>
+      <TargetDriverDllRegistry>
+        <SetRegEntry>
+          <Number>0</Number>
+          <Key>ARMRTXEVENTFLAGS</Key>
+          <Name>-L70 -Z18 -C0 -M0 -T1</Name>
+        </SetRegEntry>
+        <SetRegEntry>
+          <Number>0</Number>
+          <Key>UL2CM3</Key>
+          <Name>-UM1020ADE -O207 -S0 -C0 -P00 -N00("ARM CoreSight SW-DP") -D00(2BA01477) -L00(0) -TO23 -TC120000000 -TP21 -TDS801F -TDT0 -TDC1F -TIE1 -TIP9 -FO7 -FD20000000 -FC800 -FN1 -FF0STM32F2xx_1024 -FS08000000 -FL0100000</Name>
+        </SetRegEntry>
+        <SetRegEntry>
+          <Number>0</Number>
+          <Key>DLGTARM</Key>
+          <Name>(1010=-1,-1,-1,-1,0)(1007=-1,-1,-1,-1,0)(1008=-1,-1,-1,-1,0)(1009=-1,-1,-1,-1,0)(1012=-1,-1,-1,-1,0)</Name>
+        </SetRegEntry>
+        <SetRegEntry>
+          <Number>0</Number>
+          <Key>ARMDBGFLAGS</Key>
+          <Name></Name>
+        </SetRegEntry>
+        <SetRegEntry>
+          <Number>0</Number>
+          <Key>DLGUARM</Key>
+          <Name>(105=-1,-1,-1,-1,0)</Name>
+        </SetRegEntry>
+        <SetRegEntry>
+          <Number>0</Number>
+          <Key>ULP2CM3</Key>
+          <Name>-UP1135060 -O206 -S0 -C0 -P00 -N00("ARM CoreSight SW-DP") -D00(2BA01477) -L00(0) -TO23 -TC10000000 -TP18 -TDX0 -TDD0 -TDS7 -TDT0 -TDC1F -TIEFFFFFFFF -TIP9 -FO7 -FD20000000 -FC800 -FN1 -FF0STM32F2xx_1024 -FS08000000 -FL0100000</Name>
+        </SetRegEntry>
+      </TargetDriverDllRegistry>
+      <Breakpoint>
+        <Bp>
+          <Number>0</Number>
+          <Type>0</Type>
+          <LineNumber>150</LineNumber>
+          <EnabledFlag>1</EnabledFlag>
+          <Address>134219020</Address>
+          <ByteObject>0</ByteObject>
+          <HtxType>0</HtxType>
+          <ManyObjects>0</ManyObjects>
+          <SizeOfObject>0</SizeOfObject>
+          <BreakByAccess>0</BreakByAccess>
+          <BreakIfRCount>1</BreakIfRCount>
+          <Filename>C:\ROOT\CyaSSL-Support\MDK4\wolfssl-3.4.6\IDE\MDK-ARM\MDK-ARM\wolfSSL\main.c</Filename>
+          <ExecCommand></ExecCommand>
+          <Expression></Expression>
+        </Bp>
+        <Bp>
+          <Number>1</Number>
+          <Type>0</Type>
+          <LineNumber>542</LineNumber>
+          <EnabledFlag>1</EnabledFlag>
+          <Address>0</Address>
+          <ByteObject>0</ByteObject>
+          <HtxType>0</HtxType>
+          <ManyObjects>0</ManyObjects>
+          <SizeOfObject>0</SizeOfObject>
+          <BreakByAccess>0</BreakByAccess>
+          <BreakIfRCount>0</BreakIfRCount>
+          <Filename>C:\ROOT\CyaSSL-Support\MDK4\wolfssl-3.4.6\IDE\MDK-ARM\MDK-ARM\wolfSSL\shell.c</Filename>
+          <ExecCommand></ExecCommand>
+          <Expression></Expression>
+        </Bp>
+      </Breakpoint>
+      <Tracepoint>
+        <THDelay>0</THDelay>
+      </Tracepoint>
+      <DebugFlag>
+        <trace>0</trace>
+        <periodic>0</periodic>
+        <aLwin>1</aLwin>
+        <aCover>0</aCover>
+        <aSer1>0</aSer1>
+        <aSer2>0</aSer2>
+        <aPa>0</aPa>
+        <viewmode>1</viewmode>
+        <vrSel>0</vrSel>
+        <aSym>0</aSym>
+        <aTbox>0</aTbox>
+        <AscS1>0</AscS1>
+        <AscS2>0</AscS2>
+        <AscS3>0</AscS3>
+        <aSer3>0</aSer3>
+        <eProf>0</eProf>
+        <aLa>0</aLa>
+        <aPa1>0</aPa1>
+        <AscS4>0</AscS4>
+        <aSer4>1</aSer4>
+        <StkLoc>0</StkLoc>
+        <TrcWin>0</TrcWin>
+        <newCpu>0</newCpu>
+        <uProt>0</uProt>
+      </DebugFlag>
+      <LintExecutable></LintExecutable>
+      <LintConfigFile></LintConfigFile>
+    </TargetOption>
+  </Target>
+
+  <Target>
+    <TargetName>wolfSSL-Lib</TargetName>
+    <ToolsetNumber>0x4</ToolsetNumber>
+    <ToolsetName>ARM-ADS</ToolsetName>
+    <TargetOption>
+      <CLKADS>25000000</CLKADS>
+      <OPTTT>
+        <gFlags>1</gFlags>
+        <BeepAtEnd>1</BeepAtEnd>
+        <RunSim>1</RunSim>
+        <RunTarget>0</RunTarget>
+        <RunAbUc>0</RunAbUc>
+      </OPTTT>
+      <OPTHX>
+        <HexSelection>1</HexSelection>
+        <FlashByte>65535</FlashByte>
+        <HexRangeLowAddress>0</HexRangeLowAddress>
+        <HexRangeHighAddress>0</HexRangeHighAddress>
+        <HexOffset>0</HexOffset>
+      </OPTHX>
+      <OPTLEX>
+        <PageWidth>79</PageWidth>
+        <PageLength>66</PageLength>
+        <TabStop>8</TabStop>
+        <ListingPath>.\Flash\</ListingPath>
+      </OPTLEX>
+      <ListingPage>
+        <CreateCListing>1</CreateCListing>
+        <CreateAListing>1</CreateAListing>
+        <CreateLListing>1</CreateLListing>
+        <CreateIListing>0</CreateIListing>
+        <AsmCond>1</AsmCond>
+        <AsmSymb>1</AsmSymb>
+        <AsmXref>0</AsmXref>
+        <CCond>1</CCond>
+        <CCode>0</CCode>
+        <CListInc>0</CListInc>
+        <CSymb>0</CSymb>
+        <LinkerCodeListing>0</LinkerCodeListing>
+      </ListingPage>
+      <OPTXL>
+        <LMap>1</LMap>
+        <LComments>1</LComments>
+        <LGenerateSymbols>1</LGenerateSymbols>
+        <LLibSym>1</LLibSym>
+        <LLines>1</LLines>
+        <LLocSym>1</LLocSym>
+        <LPubSym>1</LPubSym>
+        <LXref>0</LXref>
+        <LExpSel>0</LExpSel>
+      </OPTXL>
+      <OPTFL>
+        <tvExp>1</tvExp>
+        <tvExpOptDlg>0</tvExpOptDlg>
+        <IsCurrentTarget>0</IsCurrentTarget>
+      </OPTFL>
+      <CpuCode>255</CpuCode>
       <DebugOpt>
         <uSim>0</uSim>
         <uTrg>1</uTrg>
@@ -104,9 +447,11 @@
         <tRfunc>0</tRfunc>
         <tRbox>1</tRbox>
         <tRtrace>0</tRtrace>
+        <sRSysVw>1</sRSysVw>
+        <tRSysVw>1</tRSysVw>
         <sRunDeb>0</sRunDeb>
         <sLrtime>0</sLrtime>
-        <nTsel>9</nTsel>
+        <nTsel>1</nTsel>
         <sDll></sDll>
         <sDllPa></sDllPa>
         <sDlgDll></sDlgDll>
@@ -116,10 +461,20 @@
         <tDllPa></tDllPa>
         <tDlgDll></tDlgDll>
         <tDlgPa></tDlgPa>
-        <tIfile>..\MDK-ARM\config\Dbg_Flash.ini</tIfile>
-        <pMon>BIN\ULP2CM3.DLL</pMon>
+        <tIfile>..\..\..\..\..\..\..\Keil\ARM\Boards\Keil\MCBSTM32F200\Blinky_ULp\STM32_SWO.ini</tIfile>
+        <pMon>BIN\UL2CM3.DLL</pMon>
       </DebugOpt>
       <TargetDriverDllRegistry>
+        <SetRegEntry>
+          <Number>0</Number>
+          <Key>ARMRTXEVENTFLAGS</Key>
+          <Name>-L70 -Z18 -C0 -M0 -T1</Name>
+        </SetRegEntry>
+        <SetRegEntry>
+          <Number>0</Number>
+          <Key>UL2CM3</Key>
+          <Name>-UM1020ADE -O79 -S8 -C0 -P00 -N00("ARM CoreSight SW-DP") -D00(2BA01477) -L00(0) -TO23 -TC120000000 -TP21 -TDS801F -TDT0 -TDC1F -TIE1 -TIP9 -FO7 -FD20000000 -FC800 -FN1 -FF0STM32F2xx_1024 -FS08000000 -FL0100000</Name>
+        </SetRegEntry>
         <SetRegEntry>
           <Number>0</Number>
           <Key>DLGTARM</Key>
@@ -133,29 +488,48 @@
         <SetRegEntry>
           <Number>0</Number>
           <Key>DLGUARM</Key>
-          <Name></Name>
+          <Name>(105=-1,-1,-1,-1,0)</Name>
         </SetRegEntry>
         <SetRegEntry>
           <Number>0</Number>
           <Key>ULP2CM3</Key>
-          <Name>-UP1135060 -O974 -S8 -C0 -P00 -N00("ARM CoreSight SW-DP") -D00(2BA01477) -L00(0) -TO23 -TC10000000 -TP18 -TDX0 -TDD0 -TDS7 -TDT0 -TDC1F -TIEFFFFFFFF -TIP8 -FO7 -FD10000000 -FC800 -FN2 -FF0LPC18xx43xx_512_BA -FS01A000000 -FL080000 -FF1LPC18xx43xx_512_BB -FS11B000000 -FL180000</Name>
+          <Name>-UP1135060 -O206 -S8 -C0 -P00 -N00("ARM CoreSight SW-DP") -D00(2BA01477) -L00(0) -TO23 -TC120000000 -TP18 -TDX0 -TDD0 -TDS8000 -TDT0 -TDC1F -TIE1 -TIP1 -FO7 -FD20000000 -FC800 -FN1 -FF0STM32F2xx_1024 -FS08000000 -FL0100000</Name>
         </SetRegEntry>
       </TargetDriverDllRegistry>
-      <Breakpoint/>
-      <MemoryWindow1>
-        <Mm>
-          <WinNumber>1</WinNumber>
-          <SubType>0</SubType>
-          <ItemText>0x10005960</ItemText>
-        </Mm>
-      </MemoryWindow1>
-      <ToolboxButtons>
-        <Wi>
-          <IntNumber>0</IntNumber>
-          <FirstString>Reset Peripherals</FirstString>
-          <SecondString>Per_Reset()</SecondString>
-        </Wi>
-      </ToolboxButtons>
+      <Breakpoint>
+        <Bp>
+          <Number>0</Number>
+          <Type>0</Type>
+          <LineNumber>150</LineNumber>
+          <EnabledFlag>1</EnabledFlag>
+          <Address>134218980</Address>
+          <ByteObject>0</ByteObject>
+          <HtxType>0</HtxType>
+          <ManyObjects>0</ManyObjects>
+          <SizeOfObject>0</SizeOfObject>
+          <BreakByAccess>0</BreakByAccess>
+          <BreakIfRCount>1</BreakIfRCount>
+          <Filename>C:\ROOT\CyaSSL-Support\MDK4\wolfssl-3.4.6\IDE\MDK-ARM\MDK-ARM\wolfSSL\main.c</Filename>
+          <ExecCommand></ExecCommand>
+          <Expression></Expression>
+        </Bp>
+        <Bp>
+          <Number>1</Number>
+          <Type>0</Type>
+          <LineNumber>542</LineNumber>
+          <EnabledFlag>1</EnabledFlag>
+          <Address>0</Address>
+          <ByteObject>0</ByteObject>
+          <HtxType>0</HtxType>
+          <ManyObjects>0</ManyObjects>
+          <SizeOfObject>0</SizeOfObject>
+          <BreakByAccess>0</BreakByAccess>
+          <BreakIfRCount>0</BreakIfRCount>
+          <Filename>C:\ROOT\CyaSSL-Support\MDK4\wolfssl-3.4.6\IDE\MDK-ARM\MDK-ARM\wolfSSL\shell.c</Filename>
+          <ExecCommand></ExecCommand>
+          <Expression></Expression>
+        </Bp>
+      </Breakpoint>
       <Tracepoint>
         <THDelay>0</THDelay>
       </Tracepoint>
@@ -170,347 +544,7 @@
         <viewmode>1</viewmode>
         <vrSel>0</vrSel>
         <aSym>0</aSym>
-        <aTbox>1</aTbox>
-        <AscS1>0</AscS1>
-        <AscS2>0</AscS2>
-        <AscS3>0</AscS3>
-        <aSer3>0</aSer3>
-        <eProf>0</eProf>
-        <aLa>0</aLa>
-        <aPa1>0</aPa1>
-        <AscS4>0</AscS4>
-        <aSer4>1</aSer4>
-        <StkLoc>0</StkLoc>
-        <TrcWin>0</TrcWin>
-        <newCpu>0</newCpu>
-        <uProt>0</uProt>
-      </DebugFlag>
-      <LintExecutable></LintExecutable>
-      <LintConfigFile></LintConfigFile>
-    </TargetOption>
-  </Target>
-
-  <Target>
-    <TargetName>MDK-FS</TargetName>
-    <ToolsetNumber>0x4</ToolsetNumber>
-    <ToolsetName>ARM-ADS</ToolsetName>
-    <TargetOption>
-      <CLKADS>12000000</CLKADS>
-      <OPTTT>
-        <gFlags>1</gFlags>
-        <BeepAtEnd>1</BeepAtEnd>
-        <RunSim>1</RunSim>
-        <RunTarget>0</RunTarget>
-      </OPTTT>
-      <OPTHX>
-        <HexSelection>1</HexSelection>
-        <FlashByte>65535</FlashByte>
-        <HexRangeLowAddress>0</HexRangeLowAddress>
-        <HexRangeHighAddress>0</HexRangeHighAddress>
-        <HexOffset>0</HexOffset>
-      </OPTHX>
-      <OPTLEX>
-        <PageWidth>79</PageWidth>
-        <PageLength>66</PageLength>
-        <TabStop>8</TabStop>
-        <ListingPath>.\Lst\</ListingPath>
-      </OPTLEX>
-      <ListingPage>
-        <CreateCListing>1</CreateCListing>
-        <CreateAListing>1</CreateAListing>
-        <CreateLListing>1</CreateLListing>
-        <CreateIListing>0</CreateIListing>
-        <AsmCond>1</AsmCond>
-        <AsmSymb>1</AsmSymb>
-        <AsmXref>0</AsmXref>
-        <CCond>1</CCond>
-        <CCode>0</CCode>
-        <CListInc>0</CListInc>
-        <CSymb>0</CSymb>
-        <LinkerCodeListing>0</LinkerCodeListing>
-      </ListingPage>
-      <OPTXL>
-        <LMap>1</LMap>
-        <LComments>1</LComments>
-        <LGenerateSymbols>1</LGenerateSymbols>
-        <LLibSym>1</LLibSym>
-        <LLines>1</LLines>
-        <LLocSym>1</LLocSym>
-        <LPubSym>1</LPubSym>
-        <LXref>0</LXref>
-        <LExpSel>0</LExpSel>
-      </OPTXL>
-      <OPTFL>
-        <tvExp>1</tvExp>
-        <tvExpOptDlg>0</tvExpOptDlg>
-        <IsCurrentTarget>0</IsCurrentTarget>
-      </OPTFL>
-      <CpuCode>8</CpuCode>
-      <DllOpt>
-        <SimDllName>SARMCM3.DLL</SimDllName>
-        <SimDllArguments>-MPU</SimDllArguments>
-        <SimDlgDllName>DCM.DLL</SimDlgDllName>
-        <SimDlgDllArguments>-pCM4</SimDlgDllArguments>
-        <TargetDllName>SARMCM3.DLL</TargetDllName>
-        <TargetDllArguments>-MPU</TargetDllArguments>
-        <TargetDlgDllName>TCM.DLL</TargetDlgDllName>
-        <TargetDlgDllArguments>-pCM4</TargetDlgDllArguments>
-      </DllOpt>
-      <DebugOpt>
-        <uSim>0</uSim>
-        <uTrg>1</uTrg>
-        <sLdApp>1</sLdApp>
-        <sGomain>1</sGomain>
-        <sRbreak>1</sRbreak>
-        <sRwatch>1</sRwatch>
-        <sRmem>1</sRmem>
-        <sRfunc>1</sRfunc>
-        <sRbox>1</sRbox>
-        <tLdApp>1</tLdApp>
-        <tGomain>1</tGomain>
-        <tRbreak>1</tRbreak>
-        <tRwatch>1</tRwatch>
-        <tRmem>1</tRmem>
-        <tRfunc>0</tRfunc>
-        <tRbox>1</tRbox>
-        <tRtrace>0</tRtrace>
-        <sRunDeb>0</sRunDeb>
-        <sLrtime>0</sLrtime>
-        <nTsel>9</nTsel>
-        <sDll></sDll>
-        <sDllPa></sDllPa>
-        <sDlgDll></sDlgDll>
-        <sDlgPa></sDlgPa>
-        <sIfile></sIfile>
-        <tDll></tDll>
-        <tDllPa></tDllPa>
-        <tDlgDll></tDlgDll>
-        <tDlgPa></tDlgPa>
-        <tIfile>..\MDK-ARM\config\Dbg_Flash.ini</tIfile>
-        <pMon>BIN\ULP2CM3.DLL</pMon>
-      </DebugOpt>
-      <TargetDriverDllRegistry>
-        <SetRegEntry>
-          <Number>0</Number>
-          <Key>DLGTARM</Key>
-          <Name>(1010=-1,-1,-1,-1,0)(1007=-1,-1,-1,-1,0)(1008=-1,-1,-1,-1,0)(1009=-1,-1,-1,-1,0)(1012=-1,-1,-1,-1,0)</Name>
-        </SetRegEntry>
-        <SetRegEntry>
-          <Number>0</Number>
-          <Key>ARMDBGFLAGS</Key>
-          <Name></Name>
-        </SetRegEntry>
-        <SetRegEntry>
-          <Number>0</Number>
-          <Key>DLGUARM</Key>
-          <Name></Name>
-        </SetRegEntry>
-        <SetRegEntry>
-          <Number>0</Number>
-          <Key>ULP2CM3</Key>
-          <Name>-UP1135060 -O974 -S8 -C0 -P00 -N00("ARM CoreSight SW-DP") -D00(2BA01477) -L00(0) -TO23 -TC10000000 -TP18 -TDX0 -TDD0 -TDS7 -TDT0 -TDC1F -TIEFFFFFFFF -TIP8 -FO7 -FD10000000 -FC800 -FN2 -FF0LPC18xx43xx_512_BA -FS01A000000 -FL080000 -FF1LPC18xx43xx_512_BB -FS11B000000 -FL180000</Name>
-        </SetRegEntry>
-      </TargetDriverDllRegistry>
-      <Breakpoint/>
-      <MemoryWindow1>
-        <Mm>
-          <WinNumber>1</WinNumber>
-          <SubType>0</SubType>
-          <ItemText>0x10005960</ItemText>
-        </Mm>
-      </MemoryWindow1>
-      <ToolboxButtons>
-        <Wi>
-          <IntNumber>0</IntNumber>
-          <FirstString>Reset Peripherals</FirstString>
-          <SecondString>Per_Reset()</SecondString>
-        </Wi>
-      </ToolboxButtons>
-      <Tracepoint>
-        <THDelay>0</THDelay>
-      </Tracepoint>
-      <DebugFlag>
-        <trace>0</trace>
-        <periodic>0</periodic>
-        <aLwin>1</aLwin>
-        <aCover>0</aCover>
-        <aSer1>0</aSer1>
-        <aSer2>0</aSer2>
-        <aPa>0</aPa>
-        <viewmode>1</viewmode>
-        <vrSel>0</vrSel>
-        <aSym>0</aSym>
-        <aTbox>1</aTbox>
-        <AscS1>0</AscS1>
-        <AscS2>0</AscS2>
-        <AscS3>0</AscS3>
-        <aSer3>0</aSer3>
-        <eProf>0</eProf>
-        <aLa>0</aLa>
-        <aPa1>0</aPa1>
-        <AscS4>0</AscS4>
-        <aSer4>1</aSer4>
-        <StkLoc>0</StkLoc>
-        <TrcWin>0</TrcWin>
-        <newCpu>0</newCpu>
-        <uProt>0</uProt>
-      </DebugFlag>
-      <LintExecutable></LintExecutable>
-      <LintConfigFile></LintConfigFile>
-    </TargetOption>
-  </Target>
-
-  <Target>
-    <TargetName>MDK-BARE-METAL</TargetName>
-    <ToolsetNumber>0x4</ToolsetNumber>
-    <ToolsetName>ARM-ADS</ToolsetName>
-    <TargetOption>
-      <CLKADS>12000000</CLKADS>
-      <OPTTT>
-        <gFlags>1</gFlags>
-        <BeepAtEnd>1</BeepAtEnd>
-        <RunSim>1</RunSim>
-        <RunTarget>0</RunTarget>
-      </OPTTT>
-      <OPTHX>
-        <HexSelection>1</HexSelection>
-        <FlashByte>65535</FlashByte>
-        <HexRangeLowAddress>0</HexRangeLowAddress>
-        <HexRangeHighAddress>0</HexRangeHighAddress>
-        <HexOffset>0</HexOffset>
-      </OPTHX>
-      <OPTLEX>
-        <PageWidth>79</PageWidth>
-        <PageLength>66</PageLength>
-        <TabStop>8</TabStop>
-        <ListingPath>.\Lst\</ListingPath>
-      </OPTLEX>
-      <ListingPage>
-        <CreateCListing>1</CreateCListing>
-        <CreateAListing>1</CreateAListing>
-        <CreateLListing>1</CreateLListing>
-        <CreateIListing>0</CreateIListing>
-        <AsmCond>1</AsmCond>
-        <AsmSymb>1</AsmSymb>
-        <AsmXref>0</AsmXref>
-        <CCond>1</CCond>
-        <CCode>0</CCode>
-        <CListInc>0</CListInc>
-        <CSymb>0</CSymb>
-        <LinkerCodeListing>0</LinkerCodeListing>
-      </ListingPage>
-      <OPTXL>
-        <LMap>1</LMap>
-        <LComments>1</LComments>
-        <LGenerateSymbols>1</LGenerateSymbols>
-        <LLibSym>1</LLibSym>
-        <LLines>1</LLines>
-        <LLocSym>1</LLocSym>
-        <LPubSym>1</LPubSym>
-        <LXref>0</LXref>
-        <LExpSel>0</LExpSel>
-      </OPTXL>
-      <OPTFL>
-        <tvExp>1</tvExp>
-        <tvExpOptDlg>0</tvExpOptDlg>
-        <IsCurrentTarget>0</IsCurrentTarget>
-      </OPTFL>
-      <CpuCode>8</CpuCode>
-      <DllOpt>
-        <SimDllName>SARMCM3.DLL</SimDllName>
-        <SimDllArguments>-MPU</SimDllArguments>
-        <SimDlgDllName>DCM.DLL</SimDlgDllName>
-        <SimDlgDllArguments>-pCM4</SimDlgDllArguments>
-        <TargetDllName>SARMCM3.DLL</TargetDllName>
-        <TargetDllArguments>-MPU</TargetDllArguments>
-        <TargetDlgDllName>TCM.DLL</TargetDlgDllName>
-        <TargetDlgDllArguments>-pCM4</TargetDlgDllArguments>
-      </DllOpt>
-      <DebugOpt>
-        <uSim>0</uSim>
-        <uTrg>1</uTrg>
-        <sLdApp>1</sLdApp>
-        <sGomain>1</sGomain>
-        <sRbreak>1</sRbreak>
-        <sRwatch>1</sRwatch>
-        <sRmem>1</sRmem>
-        <sRfunc>1</sRfunc>
-        <sRbox>1</sRbox>
-        <tLdApp>1</tLdApp>
-        <tGomain>1</tGomain>
-        <tRbreak>1</tRbreak>
-        <tRwatch>1</tRwatch>
-        <tRmem>1</tRmem>
-        <tRfunc>0</tRfunc>
-        <tRbox>1</tRbox>
-        <tRtrace>0</tRtrace>
-        <sRunDeb>0</sRunDeb>
-        <sLrtime>0</sLrtime>
-        <nTsel>9</nTsel>
-        <sDll></sDll>
-        <sDllPa></sDllPa>
-        <sDlgDll></sDlgDll>
-        <sDlgPa></sDlgPa>
-        <sIfile></sIfile>
-        <tDll></tDll>
-        <tDllPa></tDllPa>
-        <tDlgDll></tDlgDll>
-        <tDlgPa></tDlgPa>
-        <tIfile>..\MDK-ARM\config\Dbg_Flash.ini</tIfile>
-        <pMon>BIN\ULP2CM3.DLL</pMon>
-      </DebugOpt>
-      <TargetDriverDllRegistry>
-        <SetRegEntry>
-          <Number>0</Number>
-          <Key>DLGTARM</Key>
-          <Name>(1010=-1,-1,-1,-1,0)(1007=-1,-1,-1,-1,0)(1008=-1,-1,-1,-1,0)(1009=-1,-1,-1,-1,0)(1012=-1,-1,-1,-1,0)</Name>
-        </SetRegEntry>
-        <SetRegEntry>
-          <Number>0</Number>
-          <Key>ARMDBGFLAGS</Key>
-          <Name></Name>
-        </SetRegEntry>
-        <SetRegEntry>
-          <Number>0</Number>
-          <Key>DLGUARM</Key>
-          <Name></Name>
-        </SetRegEntry>
-        <SetRegEntry>
-          <Number>0</Number>
-          <Key>ULP2CM3</Key>
-          <Name>-UP1135060 -O975 -S8 -C0 -P00 -N00("ARM CoreSight SW-DP") -D00(2BA01477) -L00(0) -TO23 -TC120000000 -TP18 -TDX0 -TDD0 -TDS7 -TDT0 -TDC1F -TIEFFFFFFFF -TIP9 -FO7 -FD10000000 -FC800 -FN2 -FF0LPC18xx43xx_512_BA -FS01A000000 -FL080000 -FF1LPC18xx43xx_512_BB -FS11B000000 -FL180000</Name>
-        </SetRegEntry>
-      </TargetDriverDllRegistry>
-      <Breakpoint/>
-      <MemoryWindow1>
-        <Mm>
-          <WinNumber>1</WinNumber>
-          <SubType>0</SubType>
-          <ItemText>0x10005960</ItemText>
-        </Mm>
-      </MemoryWindow1>
-      <ToolboxButtons>
-        <Wi>
-          <IntNumber>0</IntNumber>
-          <FirstString>Reset Peripherals</FirstString>
-          <SecondString>Per_Reset()</SecondString>
-        </Wi>
-      </ToolboxButtons>
-      <Tracepoint>
-        <THDelay>0</THDelay>
-      </Tracepoint>
-      <DebugFlag>
-        <trace>0</trace>
-        <periodic>0</periodic>
-        <aLwin>1</aLwin>
-        <aCover>0</aCover>
-        <aSer1>0</aSer1>
-        <aSer2>0</aSer2>
-        <aPa>0</aPa>
-        <viewmode>1</viewmode>
-        <vrSel>0</vrSel>
-        <aSym>0</aSym>
-        <aTbox>1</aTbox>
+        <aTbox>0</aTbox>
         <AscS1>0</AscS1>
         <AscS2>0</AscS2>
         <AscS3>0</AscS3>
@@ -531,24 +565,21 @@
   </Target>
 
   <Group>
-    <GroupName>CyaSSL Apps</GroupName>
-    <tvExp>1</tvExp>
+    <GroupName>Crypt</GroupName>
+    <tvExp>0</tvExp>
     <tvExpOptDlg>0</tvExpOptDlg>
     <cbSel>0</cbSel>
     <RteFlg>0</RteFlg>
     <File>
       <GroupNumber>1</GroupNumber>
       <FileNumber>1</FileNumber>
-      <FileType>1</FileType>
+      <FileType>5</FileType>
       <tvExp>0</tvExp>
       <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
       <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
       <bDave2>0</bDave2>
-      <PathWithFileName>..\..\..\examples\echoclient\echoclient.c</PathWithFileName>
-      <FilenameWithoutPath>echoclient.c</FilenameWithoutPath>
+      <PathWithFileName>..\MDK-ARM\wolfSSL\config-FS.h</PathWithFileName>
+      <FilenameWithoutPath>config-FS.h</FilenameWithoutPath>
       <RteFlg>0</RteFlg>
       <bShared>0</bShared>
     </File>
@@ -558,13 +589,10 @@
       <FileType>1</FileType>
       <tvExp>0</tvExp>
       <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
       <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
       <bDave2>0</bDave2>
-      <PathWithFileName>..\..\..\examples\echoserver\echoserver.c</PathWithFileName>
-      <FilenameWithoutPath>echoserver.c</FilenameWithoutPath>
+      <PathWithFileName>..\..\..\wolfcrypt\src\aes.c</PathWithFileName>
+      <FilenameWithoutPath>aes.c</FilenameWithoutPath>
       <RteFlg>0</RteFlg>
       <bShared>0</bShared>
     </File>
@@ -574,13 +602,10 @@
       <FileType>1</FileType>
       <tvExp>0</tvExp>
       <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
       <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
       <bDave2>0</bDave2>
-      <PathWithFileName>..\..\..\ctaocrypt\test\test.c</PathWithFileName>
-      <FilenameWithoutPath>test.c</FilenameWithoutPath>
+      <PathWithFileName>..\..\..\wolfcrypt\src\arc4.c</PathWithFileName>
+      <FilenameWithoutPath>arc4.c</FilenameWithoutPath>
       <RteFlg>0</RteFlg>
       <bShared>0</bShared>
     </File>
@@ -590,13 +615,10 @@
       <FileType>1</FileType>
       <tvExp>0</tvExp>
       <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
       <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
       <bDave2>0</bDave2>
-      <PathWithFileName>..\..\..\ctaocrypt\benchmark\benchmark.c</PathWithFileName>
-      <FilenameWithoutPath>benchmark.c</FilenameWithoutPath>
+      <PathWithFileName>..\..\..\wolfcrypt\src\asm.c</PathWithFileName>
+      <FilenameWithoutPath>asm.c</FilenameWithoutPath>
       <RteFlg>0</RteFlg>
       <bShared>0</bShared>
     </File>
@@ -606,13 +628,10 @@
       <FileType>1</FileType>
       <tvExp>0</tvExp>
       <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
       <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
       <bDave2>0</bDave2>
-      <PathWithFileName>..\..\..\examples\client\client.c</PathWithFileName>
-      <FilenameWithoutPath>client.c</FilenameWithoutPath>
+      <PathWithFileName>..\..\..\wolfcrypt\src\asn.c</PathWithFileName>
+      <FilenameWithoutPath>asn.c</FilenameWithoutPath>
       <RteFlg>0</RteFlg>
       <bShared>0</bShared>
     </File>
@@ -622,13 +641,10 @@
       <FileType>1</FileType>
       <tvExp>0</tvExp>
       <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
       <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
       <bDave2>0</bDave2>
-      <PathWithFileName>..\..\..\examples\server\server.c</PathWithFileName>
-      <FilenameWithoutPath>server.c</FilenameWithoutPath>
+      <PathWithFileName>..\..\..\wolfcrypt\src\blake2b.c</PathWithFileName>
+      <FilenameWithoutPath>blake2b.c</FilenameWithoutPath>
       <RteFlg>0</RteFlg>
       <bShared>0</bShared>
     </File>
@@ -638,13 +654,10 @@
       <FileType>1</FileType>
       <tvExp>0</tvExp>
       <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
       <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
       <bDave2>0</bDave2>
-      <PathWithFileName>..\MDK-ARM\CyaSSL\shell.c</PathWithFileName>
-      <FilenameWithoutPath>shell.c</FilenameWithoutPath>
+      <PathWithFileName>..\..\..\wolfcrypt\src\camellia.c</PathWithFileName>
+      <FilenameWithoutPath>camellia.c</FilenameWithoutPath>
       <RteFlg>0</RteFlg>
       <bShared>0</bShared>
     </File>
@@ -654,13 +667,10 @@
       <FileType>1</FileType>
       <tvExp>0</tvExp>
       <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
       <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
       <bDave2>0</bDave2>
-      <PathWithFileName>..\MDK-ARM\CyaSSL\main.c</PathWithFileName>
-      <FilenameWithoutPath>main.c</FilenameWithoutPath>
+      <PathWithFileName>..\..\..\wolfcrypt\src\chacha.c</PathWithFileName>
+      <FilenameWithoutPath>chacha.c</FilenameWithoutPath>
       <RteFlg>0</RteFlg>
       <bShared>0</bShared>
     </File>
@@ -670,242 +680,522 @@
       <FileType>1</FileType>
       <tvExp>0</tvExp>
       <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
       <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
       <bDave2>0</bDave2>
-      <PathWithFileName>..\MDK-ARM\CyaSSL\cert_data.c</PathWithFileName>
-      <FilenameWithoutPath>cert_data.c</FilenameWithoutPath>
+      <PathWithFileName>..\..\..\wolfcrypt\src\chacha20_poly1305.c</PathWithFileName>
+      <FilenameWithoutPath>chacha20_poly1305.c</FilenameWithoutPath>
       <RteFlg>0</RteFlg>
       <bShared>0</bShared>
     </File>
-  </Group>
-
-  <Group>
-    <GroupName>LPC43xx</GroupName>
-    <tvExp>1</tvExp>
-    <tvExpOptDlg>0</tvExpOptDlg>
-    <cbSel>0</cbSel>
-    <RteFlg>0</RteFlg>
     <File>
-      <GroupNumber>2</GroupNumber>
+      <GroupNumber>1</GroupNumber>
       <FileNumber>10</FileNumber>
       <FileType>1</FileType>
       <tvExp>0</tvExp>
       <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
       <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
       <bDave2>0</bDave2>
-      <PathWithFileName>..\LPC43xx\Drivers\source\lpc43xx_rtc.c</PathWithFileName>
-      <FilenameWithoutPath>lpc43xx_rtc.c</FilenameWithoutPath>
+      <PathWithFileName>..\..\..\wolfcrypt\src\coding.c</PathWithFileName>
+      <FilenameWithoutPath>coding.c</FilenameWithoutPath>
       <RteFlg>0</RteFlg>
       <bShared>0</bShared>
     </File>
     <File>
-      <GroupNumber>2</GroupNumber>
+      <GroupNumber>1</GroupNumber>
       <FileNumber>11</FileNumber>
       <FileType>1</FileType>
       <tvExp>0</tvExp>
       <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
       <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
       <bDave2>0</bDave2>
-      <PathWithFileName>..\LPC43xx\Drivers\source\lpc43xx_timer.c</PathWithFileName>
-      <FilenameWithoutPath>lpc43xx_timer.c</FilenameWithoutPath>
+      <PathWithFileName>..\..\..\wolfcrypt\src\compress.c</PathWithFileName>
+      <FilenameWithoutPath>compress.c</FilenameWithoutPath>
       <RteFlg>0</RteFlg>
       <bShared>0</bShared>
     </File>
     <File>
-      <GroupNumber>2</GroupNumber>
+      <GroupNumber>1</GroupNumber>
       <FileNumber>12</FileNumber>
       <FileType>1</FileType>
       <tvExp>0</tvExp>
       <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
       <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
       <bDave2>0</bDave2>
-      <PathWithFileName>..\LPC43xx\Drivers\source\lpc43xx_cgu.c</PathWithFileName>
-      <FilenameWithoutPath>lpc43xx_cgu.c</FilenameWithoutPath>
+      <PathWithFileName>..\..\..\wolfcrypt\src\curve25519.c</PathWithFileName>
+      <FilenameWithoutPath>curve25519.c</FilenameWithoutPath>
       <RteFlg>0</RteFlg>
       <bShared>0</bShared>
     </File>
     <File>
-      <GroupNumber>2</GroupNumber>
+      <GroupNumber>1</GroupNumber>
       <FileNumber>13</FileNumber>
       <FileType>1</FileType>
       <tvExp>0</tvExp>
       <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
       <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
       <bDave2>0</bDave2>
-      <PathWithFileName>..\LPC43xx\Drivers\source\lpc43xx_scu.c</PathWithFileName>
-      <FilenameWithoutPath>lpc43xx_scu.c</FilenameWithoutPath>
+      <PathWithFileName>..\..\..\wolfcrypt\src\des3.c</PathWithFileName>
+      <FilenameWithoutPath>des3.c</FilenameWithoutPath>
+      <RteFlg>0</RteFlg>
+      <bShared>0</bShared>
+    </File>
+    <File>
+      <GroupNumber>1</GroupNumber>
+      <FileNumber>14</FileNumber>
+      <FileType>1</FileType>
+      <tvExp>0</tvExp>
+      <Focus>0</Focus>
+      <tvExpOptDlg>0</tvExpOptDlg>
+      <bDave2>0</bDave2>
+      <PathWithFileName>..\..\..\wolfcrypt\src\dh.c</PathWithFileName>
+      <FilenameWithoutPath>dh.c</FilenameWithoutPath>
+      <RteFlg>0</RteFlg>
+      <bShared>0</bShared>
+    </File>
+    <File>
+      <GroupNumber>1</GroupNumber>
+      <FileNumber>15</FileNumber>
+      <FileType>1</FileType>
+      <tvExp>0</tvExp>
+      <Focus>0</Focus>
+      <tvExpOptDlg>0</tvExpOptDlg>
+      <bDave2>0</bDave2>
+      <PathWithFileName>..\..\..\wolfcrypt\src\dsa.c</PathWithFileName>
+      <FilenameWithoutPath>dsa.c</FilenameWithoutPath>
+      <RteFlg>0</RteFlg>
+      <bShared>0</bShared>
+    </File>
+    <File>
+      <GroupNumber>1</GroupNumber>
+      <FileNumber>16</FileNumber>
+      <FileType>1</FileType>
+      <tvExp>0</tvExp>
+      <Focus>0</Focus>
+      <tvExpOptDlg>0</tvExpOptDlg>
+      <bDave2>0</bDave2>
+      <PathWithFileName>..\..\..\wolfcrypt\src\ecc.c</PathWithFileName>
+      <FilenameWithoutPath>ecc.c</FilenameWithoutPath>
+      <RteFlg>0</RteFlg>
+      <bShared>0</bShared>
+    </File>
+    <File>
+      <GroupNumber>1</GroupNumber>
+      <FileNumber>17</FileNumber>
+      <FileType>1</FileType>
+      <tvExp>0</tvExp>
+      <Focus>0</Focus>
+      <tvExpOptDlg>0</tvExpOptDlg>
+      <bDave2>0</bDave2>
+      <PathWithFileName>..\..\..\wolfcrypt\src\ecc_fp.c</PathWithFileName>
+      <FilenameWithoutPath>ecc_fp.c</FilenameWithoutPath>
+      <RteFlg>0</RteFlg>
+      <bShared>0</bShared>
+    </File>
+    <File>
+      <GroupNumber>1</GroupNumber>
+      <FileNumber>18</FileNumber>
+      <FileType>1</FileType>
+      <tvExp>0</tvExp>
+      <Focus>0</Focus>
+      <tvExpOptDlg>0</tvExpOptDlg>
+      <bDave2>0</bDave2>
+      <PathWithFileName>..\..\..\wolfcrypt\src\ed25519.c</PathWithFileName>
+      <FilenameWithoutPath>ed25519.c</FilenameWithoutPath>
+      <RteFlg>0</RteFlg>
+      <bShared>0</bShared>
+    </File>
+    <File>
+      <GroupNumber>1</GroupNumber>
+      <FileNumber>19</FileNumber>
+      <FileType>1</FileType>
+      <tvExp>0</tvExp>
+      <Focus>0</Focus>
+      <tvExpOptDlg>0</tvExpOptDlg>
+      <bDave2>0</bDave2>
+      <PathWithFileName>..\..\..\wolfcrypt\src\error.c</PathWithFileName>
+      <FilenameWithoutPath>error.c</FilenameWithoutPath>
+      <RteFlg>0</RteFlg>
+      <bShared>0</bShared>
+    </File>
+    <File>
+      <GroupNumber>1</GroupNumber>
+      <FileNumber>20</FileNumber>
+      <FileType>1</FileType>
+      <tvExp>0</tvExp>
+      <Focus>0</Focus>
+      <tvExpOptDlg>0</tvExpOptDlg>
+      <bDave2>0</bDave2>
+      <PathWithFileName>..\..\..\wolfcrypt\src\fe_operations.c</PathWithFileName>
+      <FilenameWithoutPath>fe_operations.c</FilenameWithoutPath>
+      <RteFlg>0</RteFlg>
+      <bShared>0</bShared>
+    </File>
+    <File>
+      <GroupNumber>1</GroupNumber>
+      <FileNumber>21</FileNumber>
+      <FileType>1</FileType>
+      <tvExp>0</tvExp>
+      <Focus>0</Focus>
+      <tvExpOptDlg>0</tvExpOptDlg>
+      <bDave2>0</bDave2>
+      <PathWithFileName>..\..\..\wolfcrypt\src\ge_operations.c</PathWithFileName>
+      <FilenameWithoutPath>ge_operations.c</FilenameWithoutPath>
+      <RteFlg>0</RteFlg>
+      <bShared>0</bShared>
+    </File>
+    <File>
+      <GroupNumber>1</GroupNumber>
+      <FileNumber>22</FileNumber>
+      <FileType>1</FileType>
+      <tvExp>0</tvExp>
+      <Focus>0</Focus>
+      <tvExpOptDlg>0</tvExpOptDlg>
+      <bDave2>0</bDave2>
+      <PathWithFileName>..\..\..\wolfcrypt\src\hc128.c</PathWithFileName>
+      <FilenameWithoutPath>hc128.c</FilenameWithoutPath>
+      <RteFlg>0</RteFlg>
+      <bShared>0</bShared>
+    </File>
+    <File>
+      <GroupNumber>1</GroupNumber>
+      <FileNumber>23</FileNumber>
+      <FileType>1</FileType>
+      <tvExp>0</tvExp>
+      <Focus>0</Focus>
+      <tvExpOptDlg>0</tvExpOptDlg>
+      <bDave2>0</bDave2>
+      <PathWithFileName>..\..\..\wolfcrypt\src\hmac.c</PathWithFileName>
+      <FilenameWithoutPath>hmac.c</FilenameWithoutPath>
+      <RteFlg>0</RteFlg>
+      <bShared>0</bShared>
+    </File>
+    <File>
+      <GroupNumber>1</GroupNumber>
+      <FileNumber>24</FileNumber>
+      <FileType>1</FileType>
+      <tvExp>0</tvExp>
+      <Focus>0</Focus>
+      <tvExpOptDlg>0</tvExpOptDlg>
+      <bDave2>0</bDave2>
+      <PathWithFileName>..\..\..\wolfcrypt\src\integer.c</PathWithFileName>
+      <FilenameWithoutPath>integer.c</FilenameWithoutPath>
+      <RteFlg>0</RteFlg>
+      <bShared>0</bShared>
+    </File>
+    <File>
+      <GroupNumber>1</GroupNumber>
+      <FileNumber>25</FileNumber>
+      <FileType>1</FileType>
+      <tvExp>0</tvExp>
+      <Focus>0</Focus>
+      <tvExpOptDlg>0</tvExpOptDlg>
+      <bDave2>0</bDave2>
+      <PathWithFileName>..\..\..\wolfcrypt\src\logging.c</PathWithFileName>
+      <FilenameWithoutPath>logging.c</FilenameWithoutPath>
+      <RteFlg>0</RteFlg>
+      <bShared>0</bShared>
+    </File>
+    <File>
+      <GroupNumber>1</GroupNumber>
+      <FileNumber>26</FileNumber>
+      <FileType>1</FileType>
+      <tvExp>0</tvExp>
+      <Focus>0</Focus>
+      <tvExpOptDlg>0</tvExpOptDlg>
+      <bDave2>0</bDave2>
+      <PathWithFileName>..\..\..\wolfcrypt\src\md2.c</PathWithFileName>
+      <FilenameWithoutPath>md2.c</FilenameWithoutPath>
+      <RteFlg>0</RteFlg>
+      <bShared>0</bShared>
+    </File>
+    <File>
+      <GroupNumber>1</GroupNumber>
+      <FileNumber>27</FileNumber>
+      <FileType>1</FileType>
+      <tvExp>0</tvExp>
+      <Focus>0</Focus>
+      <tvExpOptDlg>0</tvExpOptDlg>
+      <bDave2>0</bDave2>
+      <PathWithFileName>..\..\..\wolfcrypt\src\md4.c</PathWithFileName>
+      <FilenameWithoutPath>md4.c</FilenameWithoutPath>
+      <RteFlg>0</RteFlg>
+      <bShared>0</bShared>
+    </File>
+    <File>
+      <GroupNumber>1</GroupNumber>
+      <FileNumber>28</FileNumber>
+      <FileType>1</FileType>
+      <tvExp>0</tvExp>
+      <Focus>0</Focus>
+      <tvExpOptDlg>0</tvExpOptDlg>
+      <bDave2>0</bDave2>
+      <PathWithFileName>..\..\..\wolfcrypt\src\md5.c</PathWithFileName>
+      <FilenameWithoutPath>md5.c</FilenameWithoutPath>
+      <RteFlg>0</RteFlg>
+      <bShared>0</bShared>
+    </File>
+    <File>
+      <GroupNumber>1</GroupNumber>
+      <FileNumber>29</FileNumber>
+      <FileType>1</FileType>
+      <tvExp>0</tvExp>
+      <Focus>0</Focus>
+      <tvExpOptDlg>0</tvExpOptDlg>
+      <bDave2>0</bDave2>
+      <PathWithFileName>..\..\..\wolfcrypt\src\memory.c</PathWithFileName>
+      <FilenameWithoutPath>memory.c</FilenameWithoutPath>
+      <RteFlg>0</RteFlg>
+      <bShared>0</bShared>
+    </File>
+    <File>
+      <GroupNumber>1</GroupNumber>
+      <FileNumber>30</FileNumber>
+      <FileType>1</FileType>
+      <tvExp>0</tvExp>
+      <Focus>0</Focus>
+      <tvExpOptDlg>0</tvExpOptDlg>
+      <bDave2>0</bDave2>
+      <PathWithFileName>..\..\..\wolfcrypt\src\pkcs7.c</PathWithFileName>
+      <FilenameWithoutPath>pkcs7.c</FilenameWithoutPath>
+      <RteFlg>0</RteFlg>
+      <bShared>0</bShared>
+    </File>
+    <File>
+      <GroupNumber>1</GroupNumber>
+      <FileNumber>31</FileNumber>
+      <FileType>1</FileType>
+      <tvExp>0</tvExp>
+      <Focus>0</Focus>
+      <tvExpOptDlg>0</tvExpOptDlg>
+      <bDave2>0</bDave2>
+      <PathWithFileName>..\..\..\wolfcrypt\src\poly1305.c</PathWithFileName>
+      <FilenameWithoutPath>poly1305.c</FilenameWithoutPath>
+      <RteFlg>0</RteFlg>
+      <bShared>0</bShared>
+    </File>
+    <File>
+      <GroupNumber>1</GroupNumber>
+      <FileNumber>32</FileNumber>
+      <FileType>1</FileType>
+      <tvExp>0</tvExp>
+      <Focus>0</Focus>
+      <tvExpOptDlg>0</tvExpOptDlg>
+      <bDave2>0</bDave2>
+      <PathWithFileName>..\..\..\wolfcrypt\src\pwdbased.c</PathWithFileName>
+      <FilenameWithoutPath>pwdbased.c</FilenameWithoutPath>
+      <RteFlg>0</RteFlg>
+      <bShared>0</bShared>
+    </File>
+    <File>
+      <GroupNumber>1</GroupNumber>
+      <FileNumber>33</FileNumber>
+      <FileType>1</FileType>
+      <tvExp>0</tvExp>
+      <Focus>0</Focus>
+      <tvExpOptDlg>0</tvExpOptDlg>
+      <bDave2>0</bDave2>
+      <PathWithFileName>..\..\..\wolfcrypt\src\rabbit.c</PathWithFileName>
+      <FilenameWithoutPath>rabbit.c</FilenameWithoutPath>
+      <RteFlg>0</RteFlg>
+      <bShared>0</bShared>
+    </File>
+    <File>
+      <GroupNumber>1</GroupNumber>
+      <FileNumber>34</FileNumber>
+      <FileType>1</FileType>
+      <tvExp>0</tvExp>
+      <Focus>0</Focus>
+      <tvExpOptDlg>0</tvExpOptDlg>
+      <bDave2>0</bDave2>
+      <PathWithFileName>..\..\..\wolfcrypt\src\random.c</PathWithFileName>
+      <FilenameWithoutPath>random.c</FilenameWithoutPath>
+      <RteFlg>0</RteFlg>
+      <bShared>0</bShared>
+    </File>
+    <File>
+      <GroupNumber>1</GroupNumber>
+      <FileNumber>35</FileNumber>
+      <FileType>1</FileType>
+      <tvExp>0</tvExp>
+      <Focus>0</Focus>
+      <tvExpOptDlg>0</tvExpOptDlg>
+      <bDave2>0</bDave2>
+      <PathWithFileName>..\..\..\wolfcrypt\src\ripemd.c</PathWithFileName>
+      <FilenameWithoutPath>ripemd.c</FilenameWithoutPath>
+      <RteFlg>0</RteFlg>
+      <bShared>0</bShared>
+    </File>
+    <File>
+      <GroupNumber>1</GroupNumber>
+      <FileNumber>36</FileNumber>
+      <FileType>1</FileType>
+      <tvExp>0</tvExp>
+      <Focus>0</Focus>
+      <tvExpOptDlg>0</tvExpOptDlg>
+      <bDave2>0</bDave2>
+      <PathWithFileName>..\..\..\wolfcrypt\src\rsa.c</PathWithFileName>
+      <FilenameWithoutPath>rsa.c</FilenameWithoutPath>
+      <RteFlg>0</RteFlg>
+      <bShared>0</bShared>
+    </File>
+    <File>
+      <GroupNumber>1</GroupNumber>
+      <FileNumber>37</FileNumber>
+      <FileType>1</FileType>
+      <tvExp>0</tvExp>
+      <Focus>0</Focus>
+      <tvExpOptDlg>0</tvExpOptDlg>
+      <bDave2>0</bDave2>
+      <PathWithFileName>..\..\..\wolfcrypt\src\sha.c</PathWithFileName>
+      <FilenameWithoutPath>sha.c</FilenameWithoutPath>
+      <RteFlg>0</RteFlg>
+      <bShared>0</bShared>
+    </File>
+    <File>
+      <GroupNumber>1</GroupNumber>
+      <FileNumber>38</FileNumber>
+      <FileType>1</FileType>
+      <tvExp>0</tvExp>
+      <Focus>0</Focus>
+      <tvExpOptDlg>0</tvExpOptDlg>
+      <bDave2>0</bDave2>
+      <PathWithFileName>..\..\..\wolfcrypt\src\sha256.c</PathWithFileName>
+      <FilenameWithoutPath>sha256.c</FilenameWithoutPath>
+      <RteFlg>0</RteFlg>
+      <bShared>0</bShared>
+    </File>
+    <File>
+      <GroupNumber>1</GroupNumber>
+      <FileNumber>39</FileNumber>
+      <FileType>1</FileType>
+      <tvExp>0</tvExp>
+      <Focus>0</Focus>
+      <tvExpOptDlg>0</tvExpOptDlg>
+      <bDave2>0</bDave2>
+      <PathWithFileName>..\..\..\wolfcrypt\src\sha512.c</PathWithFileName>
+      <FilenameWithoutPath>sha512.c</FilenameWithoutPath>
+      <RteFlg>0</RteFlg>
+      <bShared>0</bShared>
+    </File>
+    <File>
+      <GroupNumber>1</GroupNumber>
+      <FileNumber>40</FileNumber>
+      <FileType>1</FileType>
+      <tvExp>1</tvExp>
+      <Focus>0</Focus>
+      <tvExpOptDlg>0</tvExpOptDlg>
+      <bDave2>0</bDave2>
+      <PathWithFileName>..\..\..\wolfcrypt\src\tfm.c</PathWithFileName>
+      <FilenameWithoutPath>tfm.c</FilenameWithoutPath>
+      <RteFlg>0</RteFlg>
+      <bShared>0</bShared>
+    </File>
+    <File>
+      <GroupNumber>1</GroupNumber>
+      <FileNumber>41</FileNumber>
+      <FileType>1</FileType>
+      <tvExp>0</tvExp>
+      <Focus>0</Focus>
+      <tvExpOptDlg>0</tvExpOptDlg>
+      <bDave2>0</bDave2>
+      <PathWithFileName>..\..\..\wolfcrypt\src\wc_port.c</PathWithFileName>
+      <FilenameWithoutPath>wc_port.c</FilenameWithoutPath>
+      <RteFlg>0</RteFlg>
+      <bShared>0</bShared>
+    </File>
+    <File>
+      <GroupNumber>1</GroupNumber>
+      <FileNumber>42</FileNumber>
+      <FileType>1</FileType>
+      <tvExp>0</tvExp>
+      <Focus>0</Focus>
+      <tvExpOptDlg>0</tvExpOptDlg>
+      <bDave2>0</bDave2>
+      <PathWithFileName>..\..\..\wolfcrypt\src\fe_low_mem.c</PathWithFileName>
+      <FilenameWithoutPath>fe_low_mem.c</FilenameWithoutPath>
+      <RteFlg>0</RteFlg>
+      <bShared>0</bShared>
+    </File>
+    <File>
+      <GroupNumber>1</GroupNumber>
+      <FileNumber>43</FileNumber>
+      <FileType>1</FileType>
+      <tvExp>0</tvExp>
+      <Focus>0</Focus>
+      <tvExpOptDlg>0</tvExpOptDlg>
+      <bDave2>0</bDave2>
+      <PathWithFileName>..\..\..\wolfcrypt\src\ge_low_mem.c</PathWithFileName>
+      <FilenameWithoutPath>ge_low_mem.c</FilenameWithoutPath>
+      <RteFlg>0</RteFlg>
+      <bShared>0</bShared>
+    </File>
+    <File>
+      <GroupNumber>1</GroupNumber>
+      <FileNumber>44</FileNumber>
+      <FileType>1</FileType>
+      <tvExp>0</tvExp>
+      <Focus>0</Focus>
+      <tvExpOptDlg>0</tvExpOptDlg>
+      <bDave2>0</bDave2>
+      <PathWithFileName>..\..\..\wolfcrypt\src\hash.c</PathWithFileName>
+      <FilenameWithoutPath>hash.c</FilenameWithoutPath>
+      <RteFlg>0</RteFlg>
+      <bShared>0</bShared>
+    </File>
+    <File>
+      <GroupNumber>1</GroupNumber>
+      <FileNumber>45</FileNumber>
+      <FileType>1</FileType>
+      <tvExp>0</tvExp>
+      <Focus>0</Focus>
+      <tvExpOptDlg>0</tvExpOptDlg>
+      <bDave2>0</bDave2>
+      <PathWithFileName>..\..\..\wolfcrypt\src\misc.c</PathWithFileName>
+      <FilenameWithoutPath>misc.c</FilenameWithoutPath>
+      <RteFlg>0</RteFlg>
+      <bShared>0</bShared>
+    </File>
+    <File>
+      <GroupNumber>1</GroupNumber>
+      <FileNumber>46</FileNumber>
+      <FileType>1</FileType>
+      <tvExp>0</tvExp>
+      <Focus>0</Focus>
+      <tvExpOptDlg>0</tvExpOptDlg>
+      <bDave2>0</bDave2>
+      <PathWithFileName>..\..\..\wolfcrypt\src\srp.c</PathWithFileName>
+      <FilenameWithoutPath>srp.c</FilenameWithoutPath>
+      <RteFlg>0</RteFlg>
+      <bShared>0</bShared>
+    </File>
+    <File>
+      <GroupNumber>1</GroupNumber>
+      <FileNumber>47</FileNumber>
+      <FileType>1</FileType>
+      <tvExp>0</tvExp>
+      <Focus>0</Focus>
+      <tvExpOptDlg>0</tvExpOptDlg>
+      <bDave2>0</bDave2>
+      <PathWithFileName>..\..\..\wolfcrypt\src\wc_encrypt.c</PathWithFileName>
+      <FilenameWithoutPath>wc_encrypt.c</FilenameWithoutPath>
       <RteFlg>0</RteFlg>
       <bShared>0</bShared>
     </File>
   </Group>
 
   <Group>
-    <GroupName>MDK-ARM</GroupName>
+    <GroupName>SSL</GroupName>
     <tvExp>1</tvExp>
     <tvExpOptDlg>0</tvExpOptDlg>
     <cbSel>0</cbSel>
     <RteFlg>0</RteFlg>
     <File>
-      <GroupNumber>3</GroupNumber>
-      <FileNumber>14</FileNumber>
-      <FileType>4</FileType>
-      <tvExp>0</tvExp>
-      <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
-      <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
-      <bDave2>0</bDave2>
-      <PathWithFileName>c:\Keil\ARM\RV31\LIB\FS_CM3.lib</PathWithFileName>
-      <FilenameWithoutPath>FS_CM3.lib</FilenameWithoutPath>
-      <RteFlg>0</RteFlg>
-      <bShared>0</bShared>
-    </File>
-    <File>
-      <GroupNumber>3</GroupNumber>
-      <FileNumber>15</FileNumber>
-      <FileType>4</FileType>
-      <tvExp>0</tvExp>
-      <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
-      <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
-      <bDave2>0</bDave2>
-      <PathWithFileName>c:\Keil\ARM\RV31\LIB\\RTX_CM3.lib</PathWithFileName>
-      <FilenameWithoutPath>RTX_CM3.lib</FilenameWithoutPath>
-      <RteFlg>0</RteFlg>
-      <bShared>0</bShared>
-    </File>
-    <File>
-      <GroupNumber>3</GroupNumber>
-      <FileNumber>16</FileNumber>
-      <FileType>4</FileType>
-      <tvExp>0</tvExp>
-      <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
-      <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
-      <bDave2>0</bDave2>
-      <PathWithFileName>c:\Keil\ARM\RV31\LIB\TCPD_CM3.lib</PathWithFileName>
-      <FilenameWithoutPath>TCPD_CM3.lib</FilenameWithoutPath>
-      <RteFlg>0</RteFlg>
-      <bShared>0</bShared>
-    </File>
-    <File>
-      <GroupNumber>3</GroupNumber>
-      <FileNumber>17</FileNumber>
-      <FileType>4</FileType>
-      <tvExp>0</tvExp>
-      <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
-      <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
-      <bDave2>0</bDave2>
-      <PathWithFileName>c:\Keil\ARM\RV31\LIB\TCP_CM3.lib</PathWithFileName>
-      <FilenameWithoutPath>TCP_CM3.lib</FilenameWithoutPath>
-      <RteFlg>0</RteFlg>
-      <bShared>0</bShared>
-    </File>
-    <File>
-      <GroupNumber>3</GroupNumber>
-      <FileNumber>18</FileNumber>
+      <GroupNumber>2</GroupNumber>
+      <FileNumber>48</FileNumber>
       <FileType>1</FileType>
       <tvExp>0</tvExp>
       <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
       <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
-      <bDave2>0</bDave2>
-      <PathWithFileName>C:\Keil\ARM\Boards\Keil\MCB4300\RL\FlashFS\SD_File\Serial.c</PathWithFileName>
-      <FilenameWithoutPath>Serial.c</FilenameWithoutPath>
-      <RteFlg>0</RteFlg>
-      <bShared>0</bShared>
-    </File>
-    <File>
-      <GroupNumber>3</GroupNumber>
-      <FileNumber>19</FileNumber>
-      <FileType>1</FileType>
-      <tvExp>0</tvExp>
-      <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
-      <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
-      <bDave2>0</bDave2>
-      <PathWithFileName>C:\Keil\ARM\RL\TCPnet\Drivers\ETH_LPC43xx.c</PathWithFileName>
-      <FilenameWithoutPath>ETH_LPC43xx.c</FilenameWithoutPath>
-      <RteFlg>0</RteFlg>
-      <bShared>0</bShared>
-    </File>
-    <File>
-      <GroupNumber>3</GroupNumber>
-      <FileNumber>20</FileNumber>
-      <FileType>1</FileType>
-      <tvExp>0</tvExp>
-      <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
-      <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
-      <bDave2>0</bDave2>
-      <PathWithFileName>C:\Keil\ARM\Boards\Keil\MCB4300\RL\FlashFS\SD_File\SDIO_LPC43xx.c</PathWithFileName>
-      <FilenameWithoutPath>SDIO_LPC43xx.c</FilenameWithoutPath>
-      <RteFlg>0</RteFlg>
-      <bShared>0</bShared>
-    </File>
-    <File>
-      <GroupNumber>3</GroupNumber>
-      <FileNumber>21</FileNumber>
-      <FileType>1</FileType>
-      <tvExp>0</tvExp>
-      <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
-      <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
-      <bDave2>0</bDave2>
-      <PathWithFileName>C:\Keil\ARM\Boards\Keil\MCB4300\RL\FlashFS\SD_File\system_LPC43xx.c</PathWithFileName>
-      <FilenameWithoutPath>system_LPC43xx.c</FilenameWithoutPath>
-      <RteFlg>0</RteFlg>
-      <bShared>0</bShared>
-    </File>
-  </Group>
-
-  <Group>
-    <GroupName>CyaSSL Library</GroupName>
-    <tvExp>0</tvExp>
-    <tvExpOptDlg>0</tvExpOptDlg>
-    <cbSel>0</cbSel>
-    <RteFlg>0</RteFlg>
-    <File>
-      <GroupNumber>4</GroupNumber>
-      <FileNumber>22</FileNumber>
-      <FileType>1</FileType>
-      <tvExp>0</tvExp>
-      <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
-      <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
       <bDave2>0</bDave2>
       <PathWithFileName>..\..\..\src\crl.c</PathWithFileName>
       <FilenameWithoutPath>crl.c</FilenameWithoutPath>
@@ -913,15 +1203,12 @@
       <bShared>0</bShared>
     </File>
     <File>
-      <GroupNumber>4</GroupNumber>
-      <FileNumber>23</FileNumber>
+      <GroupNumber>2</GroupNumber>
+      <FileNumber>49</FileNumber>
       <FileType>1</FileType>
       <tvExp>0</tvExp>
       <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
       <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
       <bDave2>0</bDave2>
       <PathWithFileName>..\..\..\src\internal.c</PathWithFileName>
       <FilenameWithoutPath>internal.c</FilenameWithoutPath>
@@ -929,15 +1216,12 @@
       <bShared>0</bShared>
     </File>
     <File>
-      <GroupNumber>4</GroupNumber>
-      <FileNumber>24</FileNumber>
+      <GroupNumber>2</GroupNumber>
+      <FileNumber>50</FileNumber>
       <FileType>1</FileType>
       <tvExp>0</tvExp>
       <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
       <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
       <bDave2>0</bDave2>
       <PathWithFileName>..\..\..\src\io.c</PathWithFileName>
       <FilenameWithoutPath>io.c</FilenameWithoutPath>
@@ -945,15 +1229,12 @@
       <bShared>0</bShared>
     </File>
     <File>
-      <GroupNumber>4</GroupNumber>
-      <FileNumber>25</FileNumber>
+      <GroupNumber>2</GroupNumber>
+      <FileNumber>51</FileNumber>
       <FileType>1</FileType>
       <tvExp>0</tvExp>
       <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
       <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
       <bDave2>0</bDave2>
       <PathWithFileName>..\..\..\src\keys.c</PathWithFileName>
       <FilenameWithoutPath>keys.c</FilenameWithoutPath>
@@ -961,15 +1242,12 @@
       <bShared>0</bShared>
     </File>
     <File>
-      <GroupNumber>4</GroupNumber>
-      <FileNumber>26</FileNumber>
+      <GroupNumber>2</GroupNumber>
+      <FileNumber>52</FileNumber>
       <FileType>1</FileType>
       <tvExp>0</tvExp>
       <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
       <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
       <bDave2>0</bDave2>
       <PathWithFileName>..\..\..\src\ocsp.c</PathWithFileName>
       <FilenameWithoutPath>ocsp.c</FilenameWithoutPath>
@@ -977,15 +1255,12 @@
       <bShared>0</bShared>
     </File>
     <File>
-      <GroupNumber>4</GroupNumber>
-      <FileNumber>27</FileNumber>
+      <GroupNumber>2</GroupNumber>
+      <FileNumber>53</FileNumber>
       <FileType>1</FileType>
       <tvExp>0</tvExp>
       <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
       <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
       <bDave2>0</bDave2>
       <PathWithFileName>..\..\..\src\sniffer.c</PathWithFileName>
       <FilenameWithoutPath>sniffer.c</FilenameWithoutPath>
@@ -993,15 +1268,12 @@
       <bShared>0</bShared>
     </File>
     <File>
-      <GroupNumber>4</GroupNumber>
-      <FileNumber>28</FileNumber>
+      <GroupNumber>2</GroupNumber>
+      <FileNumber>54</FileNumber>
       <FileType>1</FileType>
       <tvExp>0</tvExp>
       <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
       <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
       <bDave2>0</bDave2>
       <PathWithFileName>..\..\..\src\ssl.c</PathWithFileName>
       <FilenameWithoutPath>ssl.c</FilenameWithoutPath>
@@ -1009,746 +1281,75 @@
       <bShared>0</bShared>
     </File>
     <File>
-      <GroupNumber>4</GroupNumber>
-      <FileNumber>29</FileNumber>
+      <GroupNumber>2</GroupNumber>
+      <FileNumber>55</FileNumber>
       <FileType>1</FileType>
       <tvExp>0</tvExp>
       <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
       <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
       <bDave2>0</bDave2>
       <PathWithFileName>..\..\..\src\tls.c</PathWithFileName>
       <FilenameWithoutPath>tls.c</FilenameWithoutPath>
       <RteFlg>0</RteFlg>
       <bShared>0</bShared>
     </File>
-    <File>
-      <GroupNumber>4</GroupNumber>
-      <FileNumber>30</FileNumber>
-      <FileType>1</FileType>
-      <tvExp>0</tvExp>
-      <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
-      <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
-      <bDave2>0</bDave2>
-      <PathWithFileName>..\MDK-ARM\CyaSSL\ssl-dummy.c</PathWithFileName>
-      <FilenameWithoutPath>ssl-dummy.c</FilenameWithoutPath>
-      <RteFlg>0</RteFlg>
-      <bShared>0</bShared>
-    </File>
   </Group>
 
   <Group>
-    <GroupName>Crypt/Cipher Library</GroupName>
+    <GroupName>Config</GroupName>
     <tvExp>1</tvExp>
     <tvExpOptDlg>0</tvExpOptDlg>
     <cbSel>0</cbSel>
     <RteFlg>0</RteFlg>
     <File>
-      <GroupNumber>5</GroupNumber>
-      <FileNumber>31</FileNumber>
-      <FileType>1</FileType>
-      <tvExp>0</tvExp>
-      <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
-      <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
-      <bDave2>0</bDave2>
-      <PathWithFileName>..\..\..\ctaocrypt\src\aes.c</PathWithFileName>
-      <FilenameWithoutPath>aes.c</FilenameWithoutPath>
-      <RteFlg>0</RteFlg>
-      <bShared>0</bShared>
-    </File>
-    <File>
-      <GroupNumber>5</GroupNumber>
-      <FileNumber>32</FileNumber>
-      <FileType>1</FileType>
-      <tvExp>0</tvExp>
-      <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
-      <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
-      <bDave2>0</bDave2>
-      <PathWithFileName>..\..\..\ctaocrypt\src\arc4.c</PathWithFileName>
-      <FilenameWithoutPath>arc4.c</FilenameWithoutPath>
-      <RteFlg>0</RteFlg>
-      <bShared>0</bShared>
-    </File>
-    <File>
-      <GroupNumber>5</GroupNumber>
-      <FileNumber>33</FileNumber>
-      <FileType>1</FileType>
-      <tvExp>0</tvExp>
-      <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
-      <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
-      <bDave2>0</bDave2>
-      <PathWithFileName>..\..\..\ctaocrypt\src\asm.c</PathWithFileName>
-      <FilenameWithoutPath>asm.c</FilenameWithoutPath>
-      <RteFlg>0</RteFlg>
-      <bShared>0</bShared>
-    </File>
-    <File>
-      <GroupNumber>5</GroupNumber>
-      <FileNumber>34</FileNumber>
-      <FileType>1</FileType>
-      <tvExp>0</tvExp>
-      <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
-      <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
-      <bDave2>0</bDave2>
-      <PathWithFileName>..\..\..\ctaocrypt\src\asn.c</PathWithFileName>
-      <FilenameWithoutPath>asn.c</FilenameWithoutPath>
-      <RteFlg>0</RteFlg>
-      <bShared>0</bShared>
-    </File>
-    <File>
-      <GroupNumber>5</GroupNumber>
-      <FileNumber>35</FileNumber>
-      <FileType>1</FileType>
-      <tvExp>0</tvExp>
-      <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
-      <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
-      <bDave2>0</bDave2>
-      <PathWithFileName>..\..\..\ctaocrypt\src\camellia.c</PathWithFileName>
-      <FilenameWithoutPath>camellia.c</FilenameWithoutPath>
-      <RteFlg>0</RteFlg>
-      <bShared>0</bShared>
-    </File>
-    <File>
-      <GroupNumber>5</GroupNumber>
-      <FileNumber>36</FileNumber>
-      <FileType>1</FileType>
-      <tvExp>0</tvExp>
-      <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
-      <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
-      <bDave2>0</bDave2>
-      <PathWithFileName>..\..\..\ctaocrypt\src\coding.c</PathWithFileName>
-      <FilenameWithoutPath>coding.c</FilenameWithoutPath>
-      <RteFlg>0</RteFlg>
-      <bShared>0</bShared>
-    </File>
-    <File>
-      <GroupNumber>5</GroupNumber>
-      <FileNumber>37</FileNumber>
-      <FileType>1</FileType>
-      <tvExp>0</tvExp>
-      <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
-      <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
-      <bDave2>0</bDave2>
-      <PathWithFileName>..\..\..\ctaocrypt\src\des3.c</PathWithFileName>
-      <FilenameWithoutPath>des3.c</FilenameWithoutPath>
-      <RteFlg>0</RteFlg>
-      <bShared>0</bShared>
-    </File>
-    <File>
-      <GroupNumber>5</GroupNumber>
-      <FileNumber>38</FileNumber>
-      <FileType>1</FileType>
-      <tvExp>0</tvExp>
-      <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
-      <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
-      <bDave2>0</bDave2>
-      <PathWithFileName>..\..\..\ctaocrypt\src\dh.c</PathWithFileName>
-      <FilenameWithoutPath>dh.c</FilenameWithoutPath>
-      <RteFlg>0</RteFlg>
-      <bShared>0</bShared>
-    </File>
-    <File>
-      <GroupNumber>5</GroupNumber>
-      <FileNumber>39</FileNumber>
-      <FileType>1</FileType>
-      <tvExp>0</tvExp>
-      <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
-      <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
-      <bDave2>0</bDave2>
-      <PathWithFileName>..\..\..\ctaocrypt\src\dsa.c</PathWithFileName>
-      <FilenameWithoutPath>dsa.c</FilenameWithoutPath>
-      <RteFlg>0</RteFlg>
-      <bShared>0</bShared>
-    </File>
-    <File>
-      <GroupNumber>5</GroupNumber>
-      <FileNumber>40</FileNumber>
-      <FileType>1</FileType>
-      <tvExp>0</tvExp>
-      <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
-      <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
-      <bDave2>0</bDave2>
-      <PathWithFileName>..\..\..\ctaocrypt\src\ecc.c</PathWithFileName>
-      <FilenameWithoutPath>ecc.c</FilenameWithoutPath>
-      <RteFlg>0</RteFlg>
-      <bShared>0</bShared>
-    </File>
-    <File>
-      <GroupNumber>5</GroupNumber>
-      <FileNumber>41</FileNumber>
-      <FileType>1</FileType>
-      <tvExp>0</tvExp>
-      <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
-      <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
-      <bDave2>0</bDave2>
-      <PathWithFileName>..\..\..\ctaocrypt\src\ecc_fp.c</PathWithFileName>
-      <FilenameWithoutPath>ecc_fp.c</FilenameWithoutPath>
-      <RteFlg>0</RteFlg>
-      <bShared>0</bShared>
-    </File>
-    <File>
-      <GroupNumber>5</GroupNumber>
-      <FileNumber>42</FileNumber>
-      <FileType>1</FileType>
-      <tvExp>0</tvExp>
-      <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
-      <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
-      <bDave2>0</bDave2>
-      <PathWithFileName>..\..\..\ctaocrypt\src\error.c</PathWithFileName>
-      <FilenameWithoutPath>error.c</FilenameWithoutPath>
-      <RteFlg>0</RteFlg>
-      <bShared>0</bShared>
-    </File>
-    <File>
-      <GroupNumber>5</GroupNumber>
-      <FileNumber>43</FileNumber>
-      <FileType>1</FileType>
-      <tvExp>0</tvExp>
-      <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
-      <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
-      <bDave2>0</bDave2>
-      <PathWithFileName>..\..\..\ctaocrypt\src\hc128.c</PathWithFileName>
-      <FilenameWithoutPath>hc128.c</FilenameWithoutPath>
-      <RteFlg>0</RteFlg>
-      <bShared>0</bShared>
-    </File>
-    <File>
-      <GroupNumber>5</GroupNumber>
-      <FileNumber>44</FileNumber>
-      <FileType>1</FileType>
-      <tvExp>0</tvExp>
-      <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
-      <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
-      <bDave2>0</bDave2>
-      <PathWithFileName>..\..\..\ctaocrypt\src\hmac.c</PathWithFileName>
-      <FilenameWithoutPath>hmac.c</FilenameWithoutPath>
-      <RteFlg>0</RteFlg>
-      <bShared>0</bShared>
-    </File>
-    <File>
-      <GroupNumber>5</GroupNumber>
-      <FileNumber>45</FileNumber>
-      <FileType>1</FileType>
-      <tvExp>0</tvExp>
-      <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
-      <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
-      <bDave2>0</bDave2>
-      <PathWithFileName>..\..\..\ctaocrypt\src\integer.c</PathWithFileName>
-      <FilenameWithoutPath>integer.c</FilenameWithoutPath>
-      <RteFlg>0</RteFlg>
-      <bShared>0</bShared>
-    </File>
-    <File>
-      <GroupNumber>5</GroupNumber>
-      <FileNumber>46</FileNumber>
-      <FileType>1</FileType>
-      <tvExp>0</tvExp>
-      <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
-      <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
-      <bDave2>0</bDave2>
-      <PathWithFileName>..\..\..\ctaocrypt\src\logging.c</PathWithFileName>
-      <FilenameWithoutPath>logging.c</FilenameWithoutPath>
-      <RteFlg>0</RteFlg>
-      <bShared>0</bShared>
-    </File>
-    <File>
-      <GroupNumber>5</GroupNumber>
-      <FileNumber>47</FileNumber>
-      <FileType>1</FileType>
-      <tvExp>0</tvExp>
-      <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
-      <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
-      <bDave2>0</bDave2>
-      <PathWithFileName>..\..\..\ctaocrypt\src\md2.c</PathWithFileName>
-      <FilenameWithoutPath>md2.c</FilenameWithoutPath>
-      <RteFlg>0</RteFlg>
-      <bShared>0</bShared>
-    </File>
-    <File>
-      <GroupNumber>5</GroupNumber>
-      <FileNumber>48</FileNumber>
-      <FileType>1</FileType>
-      <tvExp>0</tvExp>
-      <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
-      <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
-      <bDave2>0</bDave2>
-      <PathWithFileName>..\..\..\ctaocrypt\src\md4.c</PathWithFileName>
-      <FilenameWithoutPath>md4.c</FilenameWithoutPath>
-      <RteFlg>0</RteFlg>
-      <bShared>0</bShared>
-    </File>
-    <File>
-      <GroupNumber>5</GroupNumber>
-      <FileNumber>49</FileNumber>
-      <FileType>1</FileType>
-      <tvExp>0</tvExp>
-      <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
-      <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
-      <bDave2>0</bDave2>
-      <PathWithFileName>..\..\..\ctaocrypt\src\md5.c</PathWithFileName>
-      <FilenameWithoutPath>md5.c</FilenameWithoutPath>
-      <RteFlg>0</RteFlg>
-      <bShared>0</bShared>
-    </File>
-    <File>
-      <GroupNumber>5</GroupNumber>
-      <FileNumber>50</FileNumber>
-      <FileType>1</FileType>
-      <tvExp>0</tvExp>
-      <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
-      <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
-      <bDave2>0</bDave2>
-      <PathWithFileName>..\..\..\ctaocrypt\src\memory.c</PathWithFileName>
-      <FilenameWithoutPath>memory.c</FilenameWithoutPath>
-      <RteFlg>0</RteFlg>
-      <bShared>0</bShared>
-    </File>
-    <File>
-      <GroupNumber>5</GroupNumber>
-      <FileNumber>51</FileNumber>
-      <FileType>1</FileType>
-      <tvExp>0</tvExp>
-      <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
-      <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
-      <bDave2>0</bDave2>
-      <PathWithFileName>..\..\..\ctaocrypt\src\misc.c</PathWithFileName>
-      <FilenameWithoutPath>misc.c</FilenameWithoutPath>
-      <RteFlg>0</RteFlg>
-      <bShared>0</bShared>
-    </File>
-    <File>
-      <GroupNumber>5</GroupNumber>
-      <FileNumber>52</FileNumber>
-      <FileType>1</FileType>
-      <tvExp>0</tvExp>
-      <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
-      <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
-      <bDave2>0</bDave2>
-      <PathWithFileName>..\..\..\ctaocrypt\src\pwdbased.c</PathWithFileName>
-      <FilenameWithoutPath>pwdbased.c</FilenameWithoutPath>
-      <RteFlg>0</RteFlg>
-      <bShared>0</bShared>
-    </File>
-    <File>
-      <GroupNumber>5</GroupNumber>
-      <FileNumber>53</FileNumber>
-      <FileType>1</FileType>
-      <tvExp>0</tvExp>
-      <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
-      <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
-      <bDave2>0</bDave2>
-      <PathWithFileName>..\..\..\ctaocrypt\src\rabbit.c</PathWithFileName>
-      <FilenameWithoutPath>rabbit.c</FilenameWithoutPath>
-      <RteFlg>0</RteFlg>
-      <bShared>0</bShared>
-    </File>
-    <File>
-      <GroupNumber>5</GroupNumber>
-      <FileNumber>54</FileNumber>
-      <FileType>1</FileType>
-      <tvExp>0</tvExp>
-      <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
-      <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
-      <bDave2>0</bDave2>
-      <PathWithFileName>..\..\..\ctaocrypt\src\random.c</PathWithFileName>
-      <FilenameWithoutPath>random.c</FilenameWithoutPath>
-      <RteFlg>0</RteFlg>
-      <bShared>0</bShared>
-    </File>
-    <File>
-      <GroupNumber>5</GroupNumber>
-      <FileNumber>55</FileNumber>
-      <FileType>1</FileType>
-      <tvExp>0</tvExp>
-      <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
-      <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
-      <bDave2>0</bDave2>
-      <PathWithFileName>..\..\..\ctaocrypt\src\ripemd.c</PathWithFileName>
-      <FilenameWithoutPath>ripemd.c</FilenameWithoutPath>
-      <RteFlg>0</RteFlg>
-      <bShared>0</bShared>
-    </File>
-    <File>
-      <GroupNumber>5</GroupNumber>
+      <GroupNumber>3</GroupNumber>
       <FileNumber>56</FileNumber>
-      <FileType>1</FileType>
+      <FileType>5</FileType>
       <tvExp>0</tvExp>
       <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
       <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
       <bDave2>0</bDave2>
-      <PathWithFileName>..\..\..\ctaocrypt\src\rsa.c</PathWithFileName>
-      <FilenameWithoutPath>rsa.c</FilenameWithoutPath>
+      <PathWithFileName>.\Readme.txt</PathWithFileName>
+      <FilenameWithoutPath>Readme.txt</FilenameWithoutPath>
       <RteFlg>0</RteFlg>
       <bShared>0</bShared>
     </File>
     <File>
-      <GroupNumber>5</GroupNumber>
+      <GroupNumber>3</GroupNumber>
       <FileNumber>57</FileNumber>
-      <FileType>1</FileType>
-      <tvExp>0</tvExp>
-      <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
-      <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
-      <bDave2>0</bDave2>
-      <PathWithFileName>..\..\..\ctaocrypt\src\sha.c</PathWithFileName>
-      <FilenameWithoutPath>sha.c</FilenameWithoutPath>
-      <RteFlg>0</RteFlg>
-      <bShared>0</bShared>
-    </File>
-    <File>
-      <GroupNumber>5</GroupNumber>
-      <FileNumber>58</FileNumber>
-      <FileType>1</FileType>
-      <tvExp>0</tvExp>
-      <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
-      <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
-      <bDave2>0</bDave2>
-      <PathWithFileName>..\..\..\ctaocrypt\src\sha256.c</PathWithFileName>
-      <FilenameWithoutPath>sha256.c</FilenameWithoutPath>
-      <RteFlg>0</RteFlg>
-      <bShared>0</bShared>
-    </File>
-    <File>
-      <GroupNumber>5</GroupNumber>
-      <FileNumber>59</FileNumber>
-      <FileType>1</FileType>
-      <tvExp>0</tvExp>
-      <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
-      <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
-      <bDave2>0</bDave2>
-      <PathWithFileName>..\..\..\ctaocrypt\src\sha512.c</PathWithFileName>
-      <FilenameWithoutPath>sha512.c</FilenameWithoutPath>
-      <RteFlg>0</RteFlg>
-      <bShared>0</bShared>
-    </File>
-    <File>
-      <GroupNumber>5</GroupNumber>
-      <FileNumber>60</FileNumber>
-      <FileType>1</FileType>
-      <tvExp>0</tvExp>
-      <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
-      <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
-      <bDave2>0</bDave2>
-      <PathWithFileName>..\..\..\ctaocrypt\src\tfm.c</PathWithFileName>
-      <FilenameWithoutPath>tfm.c</FilenameWithoutPath>
-      <RteFlg>0</RteFlg>
-      <bShared>0</bShared>
-    </File>
-    <File>
-      <GroupNumber>5</GroupNumber>
-      <FileNumber>61</FileNumber>
-      <FileType>1</FileType>
-      <tvExp>0</tvExp>
-      <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
-      <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
-      <bDave2>0</bDave2>
-      <PathWithFileName>..\..\..\ctaocrypt\src\wc_port.c</PathWithFileName>
-      <FilenameWithoutPath>wc_port.c</FilenameWithoutPath>
-      <RteFlg>0</RteFlg>
-      <bShared>0</bShared>
-    </File>
-  </Group>
-
-  <Group>
-    <GroupName>Configuration</GroupName>
-    <tvExp>1</tvExp>
-    <tvExpOptDlg>0</tvExpOptDlg>
-    <cbSel>0</cbSel>
-    <RteFlg>0</RteFlg>
-    <File>
-      <GroupNumber>6</GroupNumber>
-      <FileNumber>62</FileNumber>
-      <FileType>1</FileType>
-      <tvExp>0</tvExp>
-      <Focus>0</Focus>
-      <ColumnNumber>1</ColumnNumber>
-      <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
-      <bDave2>0</bDave2>
-      <PathWithFileName>..\MDK-ARM\config\File_Config.c</PathWithFileName>
-      <FilenameWithoutPath>File_Config.c</FilenameWithoutPath>
-      <RteFlg>0</RteFlg>
-      <bShared>0</bShared>
-    </File>
-    <File>
-      <GroupNumber>6</GroupNumber>
-      <FileNumber>63</FileNumber>
-      <FileType>1</FileType>
-      <tvExp>0</tvExp>
-      <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
-      <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
-      <bDave2>0</bDave2>
-      <PathWithFileName>..\MDK-ARM\config\Net_Config.c</PathWithFileName>
-      <FilenameWithoutPath>Net_Config.c</FilenameWithoutPath>
-      <RteFlg>0</RteFlg>
-      <bShared>0</bShared>
-    </File>
-    <File>
-      <GroupNumber>6</GroupNumber>
-      <FileNumber>64</FileNumber>
       <FileType>5</FileType>
       <tvExp>0</tvExp>
       <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
       <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
       <bDave2>0</bDave2>
-      <PathWithFileName>..\MDK-ARM\CyaSSL\config.h</PathWithFileName>
-      <FilenameWithoutPath>config.h</FilenameWithoutPath>
-      <RteFlg>0</RteFlg>
-      <bShared>0</bShared>
-    </File>
-    <File>
-      <GroupNumber>6</GroupNumber>
-      <FileNumber>65</FileNumber>
-      <FileType>1</FileType>
-      <tvExp>0</tvExp>
-      <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
-      <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
-      <bDave2>0</bDave2>
-      <PathWithFileName>..\MDK-ARM\config\RTX_Conf_CM.c</PathWithFileName>
-      <FilenameWithoutPath>RTX_Conf_CM.c</FilenameWithoutPath>
-      <RteFlg>0</RteFlg>
-      <bShared>0</bShared>
-    </File>
-    <File>
-      <GroupNumber>6</GroupNumber>
-      <FileNumber>66</FileNumber>
-      <FileType>1</FileType>
-      <tvExp>0</tvExp>
-      <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
-      <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
-      <bDave2>0</bDave2>
-      <PathWithFileName>..\MDK-ARM\config\Net_Debug.c</PathWithFileName>
-      <FilenameWithoutPath>Net_Debug.c</FilenameWithoutPath>
-      <RteFlg>0</RteFlg>
-      <bShared>0</bShared>
-    </File>
-    <File>
-      <GroupNumber>6</GroupNumber>
-      <FileNumber>67</FileNumber>
-      <FileType>5</FileType>
-      <tvExp>0</tvExp>
-      <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
-      <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
-      <bDave2>0</bDave2>
-      <PathWithFileName>..\MDK-ARM\CyaSSL\config-FS.h</PathWithFileName>
-      <FilenameWithoutPath>config-FS.h</FilenameWithoutPath>
-      <RteFlg>0</RteFlg>
-      <bShared>0</bShared>
-    </File>
-    <File>
-      <GroupNumber>6</GroupNumber>
-      <FileNumber>68</FileNumber>
-      <FileType>5</FileType>
-      <tvExp>0</tvExp>
-      <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
-      <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
-      <bDave2>0</bDave2>
-      <PathWithFileName>..\MDK-ARM\CyaSSL\config-RTX-TCP-FS.h</PathWithFileName>
-      <FilenameWithoutPath>config-RTX-TCP-FS.h</FilenameWithoutPath>
-      <RteFlg>0</RteFlg>
-      <bShared>0</bShared>
-    </File>
-    <File>
-      <GroupNumber>6</GroupNumber>
-      <FileNumber>69</FileNumber>
-      <FileType>5</FileType>
-      <tvExp>0</tvExp>
-      <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
-      <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
-      <bDave2>0</bDave2>
-      <PathWithFileName>..\MDK-ARM\CyaSSL\config-BARE-METAL.h</PathWithFileName>
+      <PathWithFileName>..\MDK-ARM\wolfSSL\config-BARE-METAL.h</PathWithFileName>
       <FilenameWithoutPath>config-BARE-METAL.h</FilenameWithoutPath>
       <RteFlg>0</RteFlg>
       <bShared>0</bShared>
     </File>
     <File>
-      <GroupNumber>6</GroupNumber>
-      <FileNumber>70</FileNumber>
-      <FileType>2</FileType>
+      <GroupNumber>3</GroupNumber>
+      <FileNumber>58</FileNumber>
+      <FileType>5</FileType>
       <tvExp>0</tvExp>
       <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
       <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
       <bDave2>0</bDave2>
-      <PathWithFileName>..\LPC43xx\startup_LPC43xx.s</PathWithFileName>
-      <FilenameWithoutPath>startup_LPC43xx.s</FilenameWithoutPath>
-      <RteFlg>0</RteFlg>
-      <bShared>0</bShared>
-    </File>
-  </Group>
-
-  <Group>
-    <GroupName>CyaSSL-MDK</GroupName>
-    <tvExp>1</tvExp>
-    <tvExpOptDlg>0</tvExpOptDlg>
-    <cbSel>0</cbSel>
-    <RteFlg>0</RteFlg>
-    <File>
-      <GroupNumber>7</GroupNumber>
-      <FileNumber>71</FileNumber>
-      <FileType>1</FileType>
-      <tvExp>0</tvExp>
-      <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
-      <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
-      <bDave2>0</bDave2>
-      <PathWithFileName>..\MDK-ARM\CyaSSL\cyassl_MDK_ARM.c</PathWithFileName>
-      <FilenameWithoutPath>cyassl_MDK_ARM.c</FilenameWithoutPath>
+      <PathWithFileName>..\MDK-ARM\wolfSSL\config-RTX-TCP-FS.h</PathWithFileName>
+      <FilenameWithoutPath>config-RTX-TCP-FS.h</FilenameWithoutPath>
       <RteFlg>0</RteFlg>
       <bShared>0</bShared>
     </File>
     <File>
-      <GroupNumber>7</GroupNumber>
-      <FileNumber>72</FileNumber>
-      <FileType>1</FileType>
+      <GroupNumber>3</GroupNumber>
+      <FileNumber>59</FileNumber>
+      <FileType>5</FileType>
       <tvExp>0</tvExp>
       <Focus>0</Focus>
-      <ColumnNumber>8</ColumnNumber>
       <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
       <bDave2>0</bDave2>
-      <PathWithFileName>..\MDK-ARM\CyaSSL\Retarget.c</PathWithFileName>
-      <FilenameWithoutPath>Retarget.c</FilenameWithoutPath>
-      <RteFlg>0</RteFlg>
-      <bShared>0</bShared>
-    </File>
-    <File>
-      <GroupNumber>7</GroupNumber>
-      <FileNumber>73</FileNumber>
-      <FileType>1</FileType>
-      <tvExp>0</tvExp>
-      <Focus>0</Focus>
-      <ColumnNumber>0</ColumnNumber>
-      <tvExpOptDlg>0</tvExpOptDlg>
-      <TopLine>0</TopLine>
-      <CurrentLine>0</CurrentLine>
-      <bDave2>0</bDave2>
-      <PathWithFileName>..\LPC43xx\time-LCP43xx.c</PathWithFileName>
-      <FilenameWithoutPath>time-LCP43xx.c</FilenameWithoutPath>
+      <PathWithFileName>..\MDK-ARM\wolfSSL\config-WOLFLIB.h</PathWithFileName>
+      <FilenameWithoutPath>config-WOLFLIB.h</FilenameWithoutPath>
       <RteFlg>0</RteFlg>
       <bShared>0</bShared>
     </File>
diff --git a/IDE/MDK-ARM/Projects/MDK-ARM-wolfSSL-Lib.uvproj b/IDE/MDK-ARM/Projects/MDK-ARM-wolfSSL-Lib.uvproj
new file mode 100644
index 000000000..7997abb80
--- /dev/null
+++ b/IDE/MDK-ARM/Projects/MDK-ARM-wolfSSL-Lib.uvproj
@@ -0,0 +1,2138 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no" ?>
+<Project xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="project_proj.xsd">
+
+  <SchemaVersion>1.1</SchemaVersion>
+
+  <Header>### uVision Project, (C) Keil Software</Header>
+
+  <Targets>
+    <Target>
+      <TargetName>MDK-RTX-TCP-FS-Lib</TargetName>
+      <ToolsetNumber>0x4</ToolsetNumber>
+      <ToolsetName>ARM-ADS</ToolsetName>
+      <TargetOption>
+        <TargetCommonOption>
+          <Device>STM32F207IG</Device>
+          <Vendor>STMicroelectronics</Vendor>
+          <Cpu>IRAM(0x20000000-0x2001FFFF) IROM(0x8000000-0x80FFFFF) CLOCK(25000000) CPUTYPE("Cortex-M3")</Cpu>
+          <FlashUtilSpec></FlashUtilSpec>
+          <StartupFile>"STARTUP\ST\STM32F2xx\startup_stm32f2xx.s" ("STM32F2xx Startup Code")</StartupFile>
+          <FlashDriverDll>UL2CM3(-O207 -S0 -C0 -FO7 -FD20000000 -FC800 -FN1 -FF0STM32F2xx_1024 -FS08000000 -FL0100000)</FlashDriverDll>
+          <DeviceId>5124</DeviceId>
+          <RegisterFile>stm32f2xx.h</RegisterFile>
+          <MemoryEnv></MemoryEnv>
+          <Cmp></Cmp>
+          <Asm></Asm>
+          <Linker></Linker>
+          <OHString></OHString>
+          <InfinionOptionDll></InfinionOptionDll>
+          <SLE66CMisc></SLE66CMisc>
+          <SLE66AMisc></SLE66AMisc>
+          <SLE66LinkerMisc></SLE66LinkerMisc>
+          <SFDFile>SFD\ST\STM32F2xx\STM32F20x.sfr</SFDFile>
+          <bCustSvd>0</bCustSvd>
+          <UseEnv>0</UseEnv>
+          <BinPath></BinPath>
+          <IncludePath></IncludePath>
+          <LibPath></LibPath>
+          <RegisterFilePath>ST\STM32F2xx\</RegisterFilePath>
+          <DBRegisterFilePath>ST\STM32F2xx\</DBRegisterFilePath>
+          <TargetStatus>
+            <Error>0</Error>
+            <ExitCodeStop>0</ExitCodeStop>
+            <ButtonStop>0</ButtonStop>
+            <NotGenerated>0</NotGenerated>
+            <InvalidFlash>1</InvalidFlash>
+          </TargetStatus>
+          <OutputDirectory>.\wolfSSL-Lib\</OutputDirectory>
+          <OutputName>wolfSSL</OutputName>
+          <CreateExecutable>0</CreateExecutable>
+          <CreateLib>1</CreateLib>
+          <CreateHexFile>0</CreateHexFile>
+          <DebugInformation>1</DebugInformation>
+          <BrowseInformation>1</BrowseInformation>
+          <ListingPath>.\Flash\</ListingPath>
+          <HexFormatSelection>1</HexFormatSelection>
+          <Merge32K>0</Merge32K>
+          <CreateBatchFile>0</CreateBatchFile>
+          <BeforeCompile>
+            <RunUserProg1>0</RunUserProg1>
+            <RunUserProg2>0</RunUserProg2>
+            <UserProg1Name></UserProg1Name>
+            <UserProg2Name></UserProg2Name>
+            <UserProg1Dos16Mode>0</UserProg1Dos16Mode>
+            <UserProg2Dos16Mode>0</UserProg2Dos16Mode>
+            <nStopU1X>0</nStopU1X>
+            <nStopU2X>0</nStopU2X>
+          </BeforeCompile>
+          <BeforeMake>
+            <RunUserProg1>0</RunUserProg1>
+            <RunUserProg2>0</RunUserProg2>
+            <UserProg1Name></UserProg1Name>
+            <UserProg2Name></UserProg2Name>
+            <UserProg1Dos16Mode>0</UserProg1Dos16Mode>
+            <UserProg2Dos16Mode>0</UserProg2Dos16Mode>
+            <nStopB1X>0</nStopB1X>
+            <nStopB2X>0</nStopB2X>
+          </BeforeMake>
+          <AfterMake>
+            <RunUserProg1>0</RunUserProg1>
+            <RunUserProg2>0</RunUserProg2>
+            <UserProg1Name></UserProg1Name>
+            <UserProg2Name></UserProg2Name>
+            <UserProg1Dos16Mode>0</UserProg1Dos16Mode>
+            <UserProg2Dos16Mode>0</UserProg2Dos16Mode>
+          </AfterMake>
+          <SelectedForBatchBuild>0</SelectedForBatchBuild>
+          <SVCSIdString></SVCSIdString>
+        </TargetCommonOption>
+        <CommonProperty>
+          <UseCPPCompiler>0</UseCPPCompiler>
+          <RVCTCodeConst>0</RVCTCodeConst>
+          <RVCTZI>0</RVCTZI>
+          <RVCTOtherData>0</RVCTOtherData>
+          <ModuleSelection>0</ModuleSelection>
+          <IncludeInBuild>1</IncludeInBuild>
+          <AlwaysBuild>0</AlwaysBuild>
+          <GenerateAssemblyFile>0</GenerateAssemblyFile>
+          <AssembleAssemblyFile>0</AssembleAssemblyFile>
+          <PublicsOnly>0</PublicsOnly>
+          <StopOnExitCode>3</StopOnExitCode>
+          <CustomArgument></CustomArgument>
+          <IncludeLibraryModules></IncludeLibraryModules>
+          <ComprImg>1</ComprImg>
+        </CommonProperty>
+        <DllOption>
+          <SimDllName>SARMCM3.DLL</SimDllName>
+          <SimDllArguments>-MPU</SimDllArguments>
+          <SimDlgDll>DARMSTM.DLL</SimDlgDll>
+          <SimDlgDllArguments>-pSTM32F207IG</SimDlgDllArguments>
+          <TargetDllName>SARMCM3.DLL</TargetDllName>
+          <TargetDllArguments>-MPU</TargetDllArguments>
+          <TargetDlgDll>TARMSTM.DLL</TargetDlgDll>
+          <TargetDlgDllArguments>-pSTM32F207IG</TargetDlgDllArguments>
+        </DllOption>
+        <DebugOption>
+          <OPTHX>
+            <HexSelection>1</HexSelection>
+            <HexRangeLowAddress>0</HexRangeLowAddress>
+            <HexRangeHighAddress>0</HexRangeHighAddress>
+            <HexOffset>0</HexOffset>
+            <Oh166RecLen>16</Oh166RecLen>
+          </OPTHX>
+          <Simulator>
+            <UseSimulator>0</UseSimulator>
+            <LoadApplicationAtStartup>1</LoadApplicationAtStartup>
+            <RunToMain>1</RunToMain>
+            <RestoreBreakpoints>1</RestoreBreakpoints>
+            <RestoreWatchpoints>1</RestoreWatchpoints>
+            <RestoreMemoryDisplay>1</RestoreMemoryDisplay>
+            <RestoreFunctions>1</RestoreFunctions>
+            <RestoreToolbox>1</RestoreToolbox>
+            <LimitSpeedToRealTime>0</LimitSpeedToRealTime>
+            <RestoreSysVw>1</RestoreSysVw>
+          </Simulator>
+          <Target>
+            <UseTarget>1</UseTarget>
+            <LoadApplicationAtStartup>1</LoadApplicationAtStartup>
+            <RunToMain>1</RunToMain>
+            <RestoreBreakpoints>1</RestoreBreakpoints>
+            <RestoreWatchpoints>1</RestoreWatchpoints>
+            <RestoreMemoryDisplay>1</RestoreMemoryDisplay>
+            <RestoreFunctions>0</RestoreFunctions>
+            <RestoreToolbox>1</RestoreToolbox>
+            <RestoreTracepoints>0</RestoreTracepoints>
+            <RestoreSysVw>1</RestoreSysVw>
+          </Target>
+          <RunDebugAfterBuild>0</RunDebugAfterBuild>
+          <TargetSelection>7</TargetSelection>
+          <SimDlls>
+            <CpuDll></CpuDll>
+            <CpuDllArguments></CpuDllArguments>
+            <PeripheralDll></PeripheralDll>
+            <PeripheralDllArguments></PeripheralDllArguments>
+            <InitializationFile></InitializationFile>
+          </SimDlls>
+          <TargetDlls>
+            <CpuDll></CpuDll>
+            <CpuDllArguments></CpuDllArguments>
+            <PeripheralDll></PeripheralDll>
+            <PeripheralDllArguments></PeripheralDllArguments>
+            <InitializationFile>c:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\Blinky_ULp\STM32_SWO.ini</InitializationFile>
+            <Driver>BIN\ULP2CM3.DLL</Driver>
+          </TargetDlls>
+        </DebugOption>
+        <Utilities>
+          <Flash1>
+            <UseTargetDll>1</UseTargetDll>
+            <UseExternalTool>0</UseExternalTool>
+            <RunIndependent>0</RunIndependent>
+            <UpdateFlashBeforeDebugging>1</UpdateFlashBeforeDebugging>
+            <Capability>1</Capability>
+            <DriverSelection>4100</DriverSelection>
+          </Flash1>
+          <bUseTDR>1</bUseTDR>
+          <Flash2>BIN\ULP2CM3.DLL</Flash2>
+          <Flash3>"" ()</Flash3>
+          <Flash4></Flash4>
+          <pFcarmOut></pFcarmOut>
+          <pFcarmGrp></pFcarmGrp>
+          <pFcArmRoot></pFcArmRoot>
+          <FcArmLst>0</FcArmLst>
+        </Utilities>
+        <TargetArmAds>
+          <ArmAdsMisc>
+            <GenerateListings>0</GenerateListings>
+            <asHll>1</asHll>
+            <asAsm>1</asAsm>
+            <asMacX>1</asMacX>
+            <asSyms>1</asSyms>
+            <asFals>1</asFals>
+            <asDbgD>1</asDbgD>
+            <asForm>1</asForm>
+            <ldLst>0</ldLst>
+            <ldmm>1</ldmm>
+            <ldXref>1</ldXref>
+            <BigEnd>0</BigEnd>
+            <AdsALst>1</AdsALst>
+            <AdsACrf>1</AdsACrf>
+            <AdsANop>0</AdsANop>
+            <AdsANot>0</AdsANot>
+            <AdsLLst>1</AdsLLst>
+            <AdsLmap>1</AdsLmap>
+            <AdsLcgr>1</AdsLcgr>
+            <AdsLsym>1</AdsLsym>
+            <AdsLszi>1</AdsLszi>
+            <AdsLtoi>1</AdsLtoi>
+            <AdsLsun>1</AdsLsun>
+            <AdsLven>1</AdsLven>
+            <AdsLsxf>1</AdsLsxf>
+            <RvctClst>0</RvctClst>
+            <GenPPlst>0</GenPPlst>
+            <AdsCpuType>"Cortex-M3"</AdsCpuType>
+            <RvctDeviceName></RvctDeviceName>
+            <mOS>1</mOS>
+            <uocRom>0</uocRom>
+            <uocRam>0</uocRam>
+            <hadIROM>1</hadIROM>
+            <hadIRAM>1</hadIRAM>
+            <hadXRAM>0</hadXRAM>
+            <uocXRam>0</uocXRam>
+            <RvdsVP>0</RvdsVP>
+            <hadIRAM2>0</hadIRAM2>
+            <hadIROM2>0</hadIROM2>
+            <StupSel>8</StupSel>
+            <useUlib>0</useUlib>
+            <EndSel>0</EndSel>
+            <uLtcg>0</uLtcg>
+            <RoSelD>3</RoSelD>
+            <RwSelD>3</RwSelD>
+            <CodeSel>0</CodeSel>
+            <OptFeed>0</OptFeed>
+            <NoZi1>0</NoZi1>
+            <NoZi2>0</NoZi2>
+            <NoZi3>0</NoZi3>
+            <NoZi4>0</NoZi4>
+            <NoZi5>0</NoZi5>
+            <Ro1Chk>0</Ro1Chk>
+            <Ro2Chk>0</Ro2Chk>
+            <Ro3Chk>0</Ro3Chk>
+            <Ir1Chk>1</Ir1Chk>
+            <Ir2Chk>0</Ir2Chk>
+            <Ra1Chk>0</Ra1Chk>
+            <Ra2Chk>0</Ra2Chk>
+            <Ra3Chk>0</Ra3Chk>
+            <Im1Chk>1</Im1Chk>
+            <Im2Chk>0</Im2Chk>
+            <OnChipMemories>
+              <Ocm1>
+                <Type>0</Type>
+                <StartAddress>0x0</StartAddress>
+                <Size>0x0</Size>
+              </Ocm1>
+              <Ocm2>
+                <Type>0</Type>
+                <StartAddress>0x0</StartAddress>
+                <Size>0x0</Size>
+              </Ocm2>
+              <Ocm3>
+                <Type>0</Type>
+                <StartAddress>0x0</StartAddress>
+                <Size>0x0</Size>
+              </Ocm3>
+              <Ocm4>
+                <Type>0</Type>
+                <StartAddress>0x0</StartAddress>
+                <Size>0x0</Size>
+              </Ocm4>
+              <Ocm5>
+                <Type>0</Type>
+                <StartAddress>0x0</StartAddress>
+                <Size>0x0</Size>
+              </Ocm5>
+              <Ocm6>
+                <Type>0</Type>
+                <StartAddress>0x0</StartAddress>
+                <Size>0x0</Size>
+              </Ocm6>
+              <IRAM>
+                <Type>0</Type>
+                <StartAddress>0x20000000</StartAddress>
+                <Size>0x20000</Size>
+              </IRAM>
+              <IROM>
+                <Type>1</Type>
+                <StartAddress>0x8000000</StartAddress>
+                <Size>0x100000</Size>
+              </IROM>
+              <XRAM>
+                <Type>0</Type>
+                <StartAddress>0x0</StartAddress>
+                <Size>0x0</Size>
+              </XRAM>
+              <OCR_RVCT1>
+                <Type>1</Type>
+                <StartAddress>0x0</StartAddress>
+                <Size>0x0</Size>
+              </OCR_RVCT1>
+              <OCR_RVCT2>
+                <Type>1</Type>
+                <StartAddress>0x0</StartAddress>
+                <Size>0x0</Size>
+              </OCR_RVCT2>
+              <OCR_RVCT3>
+                <Type>1</Type>
+                <StartAddress>0x0</StartAddress>
+                <Size>0x0</Size>
+              </OCR_RVCT3>
+              <OCR_RVCT4>
+                <Type>1</Type>
+                <StartAddress>0x8000000</StartAddress>
+                <Size>0x100000</Size>
+              </OCR_RVCT4>
+              <OCR_RVCT5>
+                <Type>1</Type>
+                <StartAddress>0x0</StartAddress>
+                <Size>0x0</Size>
+              </OCR_RVCT5>
+              <OCR_RVCT6>
+                <Type>0</Type>
+                <StartAddress>0x0</StartAddress>
+                <Size>0x0</Size>
+              </OCR_RVCT6>
+              <OCR_RVCT7>
+                <Type>0</Type>
+                <StartAddress>0x0</StartAddress>
+                <Size>0x0</Size>
+              </OCR_RVCT7>
+              <OCR_RVCT8>
+                <Type>0</Type>
+                <StartAddress>0x0</StartAddress>
+                <Size>0x0</Size>
+              </OCR_RVCT8>
+              <OCR_RVCT9>
+                <Type>0</Type>
+                <StartAddress>0x20000000</StartAddress>
+                <Size>0x20000</Size>
+              </OCR_RVCT9>
+              <OCR_RVCT10>
+                <Type>0</Type>
+                <StartAddress>0x0</StartAddress>
+                <Size>0x0</Size>
+              </OCR_RVCT10>
+            </OnChipMemories>
+            <RvctStartVector></RvctStartVector>
+          </ArmAdsMisc>
+          <Cads>
+            <interw>1</interw>
+            <Optim>4</Optim>
+            <oTime>0</oTime>
+            <SplitLS>0</SplitLS>
+            <OneElfS>0</OneElfS>
+            <Strict>0</Strict>
+            <EnumInt>0</EnumInt>
+            <PlainCh>0</PlainCh>
+            <Ropi>0</Ropi>
+            <Rwpi>0</Rwpi>
+            <wLevel>0</wLevel>
+            <uThumb>0</uThumb>
+            <uSurpInc>0</uSurpInc>
+            <uC99>0</uC99>
+            <useXO>0</useXO>
+            <VariousControls>
+              <MiscControls></MiscControls>
+              <Define>HAVE_CONFIG_H WOLFSSL_STM32F2xx __DBG_ITM __RTX MDK_CONF_RTX_TCP_FS</Define>
+              <Undefine></Undefine>
+              <IncludePath>..\MDK-ARM\wolfSSL;..\..\..\; .\; C:\Keil_v5\ARM\RV31\INC</IncludePath>
+            </VariousControls>
+          </Cads>
+          <Aads>
+            <interw>1</interw>
+            <Ropi>0</Ropi>
+            <Rwpi>0</Rwpi>
+            <thumb>0</thumb>
+            <SplitLS>0</SplitLS>
+            <SwStkChk>0</SwStkChk>
+            <NoWarn>0</NoWarn>
+            <uSurpInc>0</uSurpInc>
+            <useXO>0</useXO>
+            <VariousControls>
+              <MiscControls></MiscControls>
+              <Define></Define>
+              <Undefine></Undefine>
+              <IncludePath></IncludePath>
+            </VariousControls>
+          </Aads>
+          <LDads>
+            <umfTarg>1</umfTarg>
+            <Ropi>0</Ropi>
+            <Rwpi>0</Rwpi>
+            <noStLib>0</noStLib>
+            <RepFail>1</RepFail>
+            <useFile>0</useFile>
+            <TextAddressRange>0x08000000</TextAddressRange>
+            <DataAddressRange>0x20000000</DataAddressRange>
+            <pXoBase></pXoBase>
+            <ScatterFile></ScatterFile>
+            <IncludeLibs></IncludeLibs>
+            <IncludeLibsPath></IncludeLibsPath>
+            <Misc>
+</Misc>            <LinkerInputFile></LinkerInputFile>
+            <DisabledWarnings></DisabledWarnings>
+          </LDads>
+        </TargetArmAds>
+      </TargetOption>
+      <Groups>
+        <Group>
+          <GroupName>Crypt</GroupName>
+          <Files>
+            <File>
+              <FileName>config-FS.h</FileName>
+              <FileType>5</FileType>
+              <FilePath>..\MDK-ARM\wolfSSL\config-FS.h</FilePath>
+            </File>
+            <File>
+              <FileName>aes.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\aes.c</FilePath>
+            </File>
+            <File>
+              <FileName>arc4.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\arc4.c</FilePath>
+            </File>
+            <File>
+              <FileName>asm.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\asm.c</FilePath>
+            </File>
+            <File>
+              <FileName>asn.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\asn.c</FilePath>
+            </File>
+            <File>
+              <FileName>blake2b.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\blake2b.c</FilePath>
+            </File>
+            <File>
+              <FileName>camellia.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\camellia.c</FilePath>
+            </File>
+            <File>
+              <FileName>chacha.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\chacha.c</FilePath>
+            </File>
+            <File>
+              <FileName>chacha20_poly1305.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\chacha20_poly1305.c</FilePath>
+            </File>
+            <File>
+              <FileName>coding.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\coding.c</FilePath>
+            </File>
+            <File>
+              <FileName>compress.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\compress.c</FilePath>
+            </File>
+            <File>
+              <FileName>curve25519.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\curve25519.c</FilePath>
+            </File>
+            <File>
+              <FileName>des3.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\des3.c</FilePath>
+            </File>
+            <File>
+              <FileName>dh.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\dh.c</FilePath>
+            </File>
+            <File>
+              <FileName>dsa.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\dsa.c</FilePath>
+            </File>
+            <File>
+              <FileName>ecc.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\ecc.c</FilePath>
+            </File>
+            <File>
+              <FileName>ecc_fp.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\ecc_fp.c</FilePath>
+            </File>
+            <File>
+              <FileName>ed25519.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\ed25519.c</FilePath>
+            </File>
+            <File>
+              <FileName>error.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\error.c</FilePath>
+            </File>
+            <File>
+              <FileName>fe_operations.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\fe_operations.c</FilePath>
+            </File>
+            <File>
+              <FileName>ge_operations.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\ge_operations.c</FilePath>
+            </File>
+            <File>
+              <FileName>hc128.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\hc128.c</FilePath>
+            </File>
+            <File>
+              <FileName>hmac.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\hmac.c</FilePath>
+            </File>
+            <File>
+              <FileName>integer.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\integer.c</FilePath>
+            </File>
+            <File>
+              <FileName>logging.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\logging.c</FilePath>
+            </File>
+            <File>
+              <FileName>md2.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\md2.c</FilePath>
+            </File>
+            <File>
+              <FileName>md4.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\md4.c</FilePath>
+            </File>
+            <File>
+              <FileName>md5.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\md5.c</FilePath>
+            </File>
+            <File>
+              <FileName>memory.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\memory.c</FilePath>
+            </File>
+            <File>
+              <FileName>pkcs7.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\pkcs7.c</FilePath>
+            </File>
+            <File>
+              <FileName>poly1305.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\poly1305.c</FilePath>
+            </File>
+            <File>
+              <FileName>pwdbased.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\pwdbased.c</FilePath>
+            </File>
+            <File>
+              <FileName>rabbit.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\rabbit.c</FilePath>
+            </File>
+            <File>
+              <FileName>random.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\random.c</FilePath>
+            </File>
+            <File>
+              <FileName>ripemd.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\ripemd.c</FilePath>
+            </File>
+            <File>
+              <FileName>rsa.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\rsa.c</FilePath>
+            </File>
+            <File>
+              <FileName>sha.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\sha.c</FilePath>
+            </File>
+            <File>
+              <FileName>sha256.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\sha256.c</FilePath>
+            </File>
+            <File>
+              <FileName>sha512.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\sha512.c</FilePath>
+            </File>
+            <File>
+              <FileName>tfm.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\tfm.c</FilePath>
+            </File>
+            <File>
+              <FileName>wc_port.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\wc_port.c</FilePath>
+            </File>
+            <File>
+              <FileName>fe_low_mem.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\fe_low_mem.c</FilePath>
+            </File>
+            <File>
+              <FileName>ge_low_mem.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\ge_low_mem.c</FilePath>
+            </File>
+            <File>
+              <FileName>hash.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\hash.c</FilePath>
+            </File>
+            <File>
+              <FileName>misc.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\misc.c</FilePath>
+            </File>
+            <File>
+              <FileName>srp.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\srp.c</FilePath>
+            </File>
+            <File>
+              <FileName>wc_encrypt.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\wc_encrypt.c</FilePath>
+            </File>
+          </Files>
+        </Group>
+        <Group>
+          <GroupName>SSL</GroupName>
+          <Files>
+            <File>
+              <FileName>crl.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\src\crl.c</FilePath>
+            </File>
+            <File>
+              <FileName>internal.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\src\internal.c</FilePath>
+            </File>
+            <File>
+              <FileName>io.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\src\io.c</FilePath>
+            </File>
+            <File>
+              <FileName>keys.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\src\keys.c</FilePath>
+            </File>
+            <File>
+              <FileName>ocsp.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\src\ocsp.c</FilePath>
+            </File>
+            <File>
+              <FileName>sniffer.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\src\sniffer.c</FilePath>
+            </File>
+            <File>
+              <FileName>ssl.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\src\ssl.c</FilePath>
+            </File>
+            <File>
+              <FileName>tls.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\src\tls.c</FilePath>
+            </File>
+          </Files>
+        </Group>
+        <Group>
+          <GroupName>Config</GroupName>
+          <Files>
+            <File>
+              <FileName>Readme.txt</FileName>
+              <FileType>5</FileType>
+              <FilePath>.\Readme.txt</FilePath>
+            </File>
+            <File>
+              <FileName>config-BARE-METAL.h</FileName>
+              <FileType>5</FileType>
+              <FilePath>..\MDK-ARM\wolfSSL\config-BARE-METAL.h</FilePath>
+            </File>
+            <File>
+              <FileName>config-RTX-TCP-FS.h</FileName>
+              <FileType>5</FileType>
+              <FilePath>..\MDK-ARM\wolfSSL\config-RTX-TCP-FS.h</FilePath>
+            </File>
+            <File>
+              <FileName>config-WOLFLIB.h</FileName>
+              <FileType>5</FileType>
+              <FilePath>..\MDK-ARM\wolfSSL\config-WOLFLIB.h</FilePath>
+            </File>
+          </Files>
+        </Group>
+      </Groups>
+    </Target>
+    <Target>
+      <TargetName>MDK-FS-Lib</TargetName>
+      <ToolsetNumber>0x4</ToolsetNumber>
+      <ToolsetName>ARM-ADS</ToolsetName>
+      <TargetOption>
+        <TargetCommonOption>
+          <Device>STM32F207IG</Device>
+          <Vendor>STMicroelectronics</Vendor>
+          <Cpu>IRAM(0x20000000-0x2001FFFF) IROM(0x8000000-0x80FFFFF) CLOCK(25000000) CPUTYPE("Cortex-M3")</Cpu>
+          <FlashUtilSpec></FlashUtilSpec>
+          <StartupFile>"STARTUP\ST\STM32F2xx\startup_stm32f2xx.s" ("STM32F2xx Startup Code")</StartupFile>
+          <FlashDriverDll>UL2CM3(-O207 -S0 -C0 -FO7 -FD20000000 -FC800 -FN1 -FF0STM32F2xx_1024 -FS08000000 -FL0100000)</FlashDriverDll>
+          <DeviceId>5124</DeviceId>
+          <RegisterFile>stm32f2xx.h</RegisterFile>
+          <MemoryEnv></MemoryEnv>
+          <Cmp></Cmp>
+          <Asm></Asm>
+          <Linker></Linker>
+          <OHString></OHString>
+          <InfinionOptionDll></InfinionOptionDll>
+          <SLE66CMisc></SLE66CMisc>
+          <SLE66AMisc></SLE66AMisc>
+          <SLE66LinkerMisc></SLE66LinkerMisc>
+          <SFDFile>SFD\ST\STM32F2xx\STM32F20x.sfr</SFDFile>
+          <bCustSvd>0</bCustSvd>
+          <UseEnv>0</UseEnv>
+          <BinPath></BinPath>
+          <IncludePath></IncludePath>
+          <LibPath></LibPath>
+          <RegisterFilePath>ST\STM32F2xx\</RegisterFilePath>
+          <DBRegisterFilePath>ST\STM32F2xx\</DBRegisterFilePath>
+          <TargetStatus>
+            <Error>0</Error>
+            <ExitCodeStop>0</ExitCodeStop>
+            <ButtonStop>0</ButtonStop>
+            <NotGenerated>0</NotGenerated>
+            <InvalidFlash>1</InvalidFlash>
+          </TargetStatus>
+          <OutputDirectory>.\wolfSSL-Lib\</OutputDirectory>
+          <OutputName>wolfSSL</OutputName>
+          <CreateExecutable>0</CreateExecutable>
+          <CreateLib>1</CreateLib>
+          <CreateHexFile>0</CreateHexFile>
+          <DebugInformation>1</DebugInformation>
+          <BrowseInformation>1</BrowseInformation>
+          <ListingPath>.\Flash\</ListingPath>
+          <HexFormatSelection>1</HexFormatSelection>
+          <Merge32K>0</Merge32K>
+          <CreateBatchFile>0</CreateBatchFile>
+          <BeforeCompile>
+            <RunUserProg1>0</RunUserProg1>
+            <RunUserProg2>0</RunUserProg2>
+            <UserProg1Name></UserProg1Name>
+            <UserProg2Name></UserProg2Name>
+            <UserProg1Dos16Mode>0</UserProg1Dos16Mode>
+            <UserProg2Dos16Mode>0</UserProg2Dos16Mode>
+            <nStopU1X>0</nStopU1X>
+            <nStopU2X>0</nStopU2X>
+          </BeforeCompile>
+          <BeforeMake>
+            <RunUserProg1>0</RunUserProg1>
+            <RunUserProg2>0</RunUserProg2>
+            <UserProg1Name></UserProg1Name>
+            <UserProg2Name></UserProg2Name>
+            <UserProg1Dos16Mode>0</UserProg1Dos16Mode>
+            <UserProg2Dos16Mode>0</UserProg2Dos16Mode>
+            <nStopB1X>0</nStopB1X>
+            <nStopB2X>0</nStopB2X>
+          </BeforeMake>
+          <AfterMake>
+            <RunUserProg1>0</RunUserProg1>
+            <RunUserProg2>0</RunUserProg2>
+            <UserProg1Name></UserProg1Name>
+            <UserProg2Name></UserProg2Name>
+            <UserProg1Dos16Mode>0</UserProg1Dos16Mode>
+            <UserProg2Dos16Mode>0</UserProg2Dos16Mode>
+          </AfterMake>
+          <SelectedForBatchBuild>0</SelectedForBatchBuild>
+          <SVCSIdString></SVCSIdString>
+        </TargetCommonOption>
+        <CommonProperty>
+          <UseCPPCompiler>0</UseCPPCompiler>
+          <RVCTCodeConst>0</RVCTCodeConst>
+          <RVCTZI>0</RVCTZI>
+          <RVCTOtherData>0</RVCTOtherData>
+          <ModuleSelection>0</ModuleSelection>
+          <IncludeInBuild>1</IncludeInBuild>
+          <AlwaysBuild>0</AlwaysBuild>
+          <GenerateAssemblyFile>0</GenerateAssemblyFile>
+          <AssembleAssemblyFile>0</AssembleAssemblyFile>
+          <PublicsOnly>0</PublicsOnly>
+          <StopOnExitCode>3</StopOnExitCode>
+          <CustomArgument></CustomArgument>
+          <IncludeLibraryModules></IncludeLibraryModules>
+          <ComprImg>1</ComprImg>
+        </CommonProperty>
+        <DllOption>
+          <SimDllName>SARMCM3.DLL</SimDllName>
+          <SimDllArguments>-MPU</SimDllArguments>
+          <SimDlgDll>DARMSTM.DLL</SimDlgDll>
+          <SimDlgDllArguments>-pSTM32F207IG</SimDlgDllArguments>
+          <TargetDllName>SARMCM3.DLL</TargetDllName>
+          <TargetDllArguments>-MPU</TargetDllArguments>
+          <TargetDlgDll>TARMSTM.DLL</TargetDlgDll>
+          <TargetDlgDllArguments>-pSTM32F207IG</TargetDlgDllArguments>
+        </DllOption>
+        <DebugOption>
+          <OPTHX>
+            <HexSelection>1</HexSelection>
+            <HexRangeLowAddress>0</HexRangeLowAddress>
+            <HexRangeHighAddress>0</HexRangeHighAddress>
+            <HexOffset>0</HexOffset>
+            <Oh166RecLen>16</Oh166RecLen>
+          </OPTHX>
+          <Simulator>
+            <UseSimulator>0</UseSimulator>
+            <LoadApplicationAtStartup>1</LoadApplicationAtStartup>
+            <RunToMain>1</RunToMain>
+            <RestoreBreakpoints>1</RestoreBreakpoints>
+            <RestoreWatchpoints>1</RestoreWatchpoints>
+            <RestoreMemoryDisplay>1</RestoreMemoryDisplay>
+            <RestoreFunctions>1</RestoreFunctions>
+            <RestoreToolbox>1</RestoreToolbox>
+            <LimitSpeedToRealTime>0</LimitSpeedToRealTime>
+            <RestoreSysVw>1</RestoreSysVw>
+          </Simulator>
+          <Target>
+            <UseTarget>1</UseTarget>
+            <LoadApplicationAtStartup>1</LoadApplicationAtStartup>
+            <RunToMain>1</RunToMain>
+            <RestoreBreakpoints>1</RestoreBreakpoints>
+            <RestoreWatchpoints>1</RestoreWatchpoints>
+            <RestoreMemoryDisplay>1</RestoreMemoryDisplay>
+            <RestoreFunctions>0</RestoreFunctions>
+            <RestoreToolbox>1</RestoreToolbox>
+            <RestoreTracepoints>0</RestoreTracepoints>
+            <RestoreSysVw>1</RestoreSysVw>
+          </Target>
+          <RunDebugAfterBuild>0</RunDebugAfterBuild>
+          <TargetSelection>1</TargetSelection>
+          <SimDlls>
+            <CpuDll></CpuDll>
+            <CpuDllArguments></CpuDllArguments>
+            <PeripheralDll></PeripheralDll>
+            <PeripheralDllArguments></PeripheralDllArguments>
+            <InitializationFile></InitializationFile>
+          </SimDlls>
+          <TargetDlls>
+            <CpuDll></CpuDll>
+            <CpuDllArguments></CpuDllArguments>
+            <PeripheralDll></PeripheralDll>
+            <PeripheralDllArguments></PeripheralDllArguments>
+            <InitializationFile>..\..\..\..\..\..\..\Keil\ARM\Boards\Keil\MCBSTM32F200\Blinky_ULp\STM32_SWO.ini</InitializationFile>
+            <Driver>BIN\UL2CM3.DLL</Driver>
+          </TargetDlls>
+        </DebugOption>
+        <Utilities>
+          <Flash1>
+            <UseTargetDll>1</UseTargetDll>
+            <UseExternalTool>0</UseExternalTool>
+            <RunIndependent>0</RunIndependent>
+            <UpdateFlashBeforeDebugging>1</UpdateFlashBeforeDebugging>
+            <Capability>1</Capability>
+            <DriverSelection>4100</DriverSelection>
+          </Flash1>
+          <bUseTDR>1</bUseTDR>
+          <Flash2>BIN\ULP2CM3.DLL</Flash2>
+          <Flash3>"" ()</Flash3>
+          <Flash4></Flash4>
+          <pFcarmOut></pFcarmOut>
+          <pFcarmGrp></pFcarmGrp>
+          <pFcArmRoot></pFcArmRoot>
+          <FcArmLst>0</FcArmLst>
+        </Utilities>
+        <TargetArmAds>
+          <ArmAdsMisc>
+            <GenerateListings>0</GenerateListings>
+            <asHll>1</asHll>
+            <asAsm>1</asAsm>
+            <asMacX>1</asMacX>
+            <asSyms>1</asSyms>
+            <asFals>1</asFals>
+            <asDbgD>1</asDbgD>
+            <asForm>1</asForm>
+            <ldLst>0</ldLst>
+            <ldmm>1</ldmm>
+            <ldXref>1</ldXref>
+            <BigEnd>0</BigEnd>
+            <AdsALst>1</AdsALst>
+            <AdsACrf>1</AdsACrf>
+            <AdsANop>0</AdsANop>
+            <AdsANot>0</AdsANot>
+            <AdsLLst>1</AdsLLst>
+            <AdsLmap>1</AdsLmap>
+            <AdsLcgr>1</AdsLcgr>
+            <AdsLsym>1</AdsLsym>
+            <AdsLszi>1</AdsLszi>
+            <AdsLtoi>1</AdsLtoi>
+            <AdsLsun>1</AdsLsun>
+            <AdsLven>1</AdsLven>
+            <AdsLsxf>1</AdsLsxf>
+            <RvctClst>0</RvctClst>
+            <GenPPlst>0</GenPPlst>
+            <AdsCpuType>"Cortex-M3"</AdsCpuType>
+            <RvctDeviceName></RvctDeviceName>
+            <mOS>0</mOS>
+            <uocRom>0</uocRom>
+            <uocRam>0</uocRam>
+            <hadIROM>1</hadIROM>
+            <hadIRAM>1</hadIRAM>
+            <hadXRAM>0</hadXRAM>
+            <uocXRam>0</uocXRam>
+            <RvdsVP>0</RvdsVP>
+            <hadIRAM2>0</hadIRAM2>
+            <hadIROM2>0</hadIROM2>
+            <StupSel>8</StupSel>
+            <useUlib>0</useUlib>
+            <EndSel>0</EndSel>
+            <uLtcg>0</uLtcg>
+            <RoSelD>3</RoSelD>
+            <RwSelD>3</RwSelD>
+            <CodeSel>0</CodeSel>
+            <OptFeed>0</OptFeed>
+            <NoZi1>0</NoZi1>
+            <NoZi2>0</NoZi2>
+            <NoZi3>0</NoZi3>
+            <NoZi4>0</NoZi4>
+            <NoZi5>0</NoZi5>
+            <Ro1Chk>0</Ro1Chk>
+            <Ro2Chk>0</Ro2Chk>
+            <Ro3Chk>0</Ro3Chk>
+            <Ir1Chk>1</Ir1Chk>
+            <Ir2Chk>0</Ir2Chk>
+            <Ra1Chk>0</Ra1Chk>
+            <Ra2Chk>0</Ra2Chk>
+            <Ra3Chk>0</Ra3Chk>
+            <Im1Chk>1</Im1Chk>
+            <Im2Chk>0</Im2Chk>
+            <OnChipMemories>
+              <Ocm1>
+                <Type>0</Type>
+                <StartAddress>0x0</StartAddress>
+                <Size>0x0</Size>
+              </Ocm1>
+              <Ocm2>
+                <Type>0</Type>
+                <StartAddress>0x0</StartAddress>
+                <Size>0x0</Size>
+              </Ocm2>
+              <Ocm3>
+                <Type>0</Type>
+                <StartAddress>0x0</StartAddress>
+                <Size>0x0</Size>
+              </Ocm3>
+              <Ocm4>
+                <Type>0</Type>
+                <StartAddress>0x0</StartAddress>
+                <Size>0x0</Size>
+              </Ocm4>
+              <Ocm5>
+                <Type>0</Type>
+                <StartAddress>0x0</StartAddress>
+                <Size>0x0</Size>
+              </Ocm5>
+              <Ocm6>
+                <Type>0</Type>
+                <StartAddress>0x0</StartAddress>
+                <Size>0x0</Size>
+              </Ocm6>
+              <IRAM>
+                <Type>0</Type>
+                <StartAddress>0x20000000</StartAddress>
+                <Size>0x20000</Size>
+              </IRAM>
+              <IROM>
+                <Type>1</Type>
+                <StartAddress>0x8000000</StartAddress>
+                <Size>0x100000</Size>
+              </IROM>
+              <XRAM>
+                <Type>0</Type>
+                <StartAddress>0x0</StartAddress>
+                <Size>0x0</Size>
+              </XRAM>
+              <OCR_RVCT1>
+                <Type>1</Type>
+                <StartAddress>0x0</StartAddress>
+                <Size>0x0</Size>
+              </OCR_RVCT1>
+              <OCR_RVCT2>
+                <Type>1</Type>
+                <StartAddress>0x0</StartAddress>
+                <Size>0x0</Size>
+              </OCR_RVCT2>
+              <OCR_RVCT3>
+                <Type>1</Type>
+                <StartAddress>0x0</StartAddress>
+                <Size>0x0</Size>
+              </OCR_RVCT3>
+              <OCR_RVCT4>
+                <Type>1</Type>
+                <StartAddress>0x8000000</StartAddress>
+                <Size>0x100000</Size>
+              </OCR_RVCT4>
+              <OCR_RVCT5>
+                <Type>1</Type>
+                <StartAddress>0x0</StartAddress>
+                <Size>0x0</Size>
+              </OCR_RVCT5>
+              <OCR_RVCT6>
+                <Type>0</Type>
+                <StartAddress>0x0</StartAddress>
+                <Size>0x0</Size>
+              </OCR_RVCT6>
+              <OCR_RVCT7>
+                <Type>0</Type>
+                <StartAddress>0x0</StartAddress>
+                <Size>0x0</Size>
+              </OCR_RVCT7>
+              <OCR_RVCT8>
+                <Type>0</Type>
+                <StartAddress>0x0</StartAddress>
+                <Size>0x0</Size>
+              </OCR_RVCT8>
+              <OCR_RVCT9>
+                <Type>0</Type>
+                <StartAddress>0x20000000</StartAddress>
+                <Size>0x20000</Size>
+              </OCR_RVCT9>
+              <OCR_RVCT10>
+                <Type>0</Type>
+                <StartAddress>0x0</StartAddress>
+                <Size>0x0</Size>
+              </OCR_RVCT10>
+            </OnChipMemories>
+            <RvctStartVector></RvctStartVector>
+          </ArmAdsMisc>
+          <Cads>
+            <interw>1</interw>
+            <Optim>1</Optim>
+            <oTime>0</oTime>
+            <SplitLS>0</SplitLS>
+            <OneElfS>0</OneElfS>
+            <Strict>0</Strict>
+            <EnumInt>0</EnumInt>
+            <PlainCh>0</PlainCh>
+            <Ropi>0</Ropi>
+            <Rwpi>0</Rwpi>
+            <wLevel>0</wLevel>
+            <uThumb>0</uThumb>
+            <uSurpInc>0</uSurpInc>
+            <uC99>0</uC99>
+            <useXO>0</useXO>
+            <VariousControls>
+              <MiscControls></MiscControls>
+              <Define>HAVE_CONFIG_H  CYASSL_STM32F2xx __DBG_ITM MDK_CONF_FS</Define>
+              <Undefine></Undefine>
+              <IncludePath>..\MDK-ARM\wolfSSL;..\MDK-ARM\inc;..\..\..\</IncludePath>
+            </VariousControls>
+          </Cads>
+          <Aads>
+            <interw>1</interw>
+            <Ropi>0</Ropi>
+            <Rwpi>0</Rwpi>
+            <thumb>0</thumb>
+            <SplitLS>0</SplitLS>
+            <SwStkChk>0</SwStkChk>
+            <NoWarn>0</NoWarn>
+            <uSurpInc>0</uSurpInc>
+            <useXO>0</useXO>
+            <VariousControls>
+              <MiscControls></MiscControls>
+              <Define></Define>
+              <Undefine></Undefine>
+              <IncludePath></IncludePath>
+            </VariousControls>
+          </Aads>
+          <LDads>
+            <umfTarg>1</umfTarg>
+            <Ropi>0</Ropi>
+            <Rwpi>0</Rwpi>
+            <noStLib>0</noStLib>
+            <RepFail>1</RepFail>
+            <useFile>0</useFile>
+            <TextAddressRange>0x08000000</TextAddressRange>
+            <DataAddressRange>0x20000000</DataAddressRange>
+            <pXoBase></pXoBase>
+            <ScatterFile></ScatterFile>
+            <IncludeLibs></IncludeLibs>
+            <IncludeLibsPath></IncludeLibsPath>
+            <Misc></Misc>
+            <LinkerInputFile></LinkerInputFile>
+            <DisabledWarnings></DisabledWarnings>
+          </LDads>
+        </TargetArmAds>
+      </TargetOption>
+      <Groups>
+        <Group>
+          <GroupName>Crypt</GroupName>
+          <Files>
+            <File>
+              <FileName>config-FS.h</FileName>
+              <FileType>5</FileType>
+              <FilePath>..\MDK-ARM\wolfSSL\config-FS.h</FilePath>
+            </File>
+            <File>
+              <FileName>aes.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\aes.c</FilePath>
+            </File>
+            <File>
+              <FileName>arc4.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\arc4.c</FilePath>
+            </File>
+            <File>
+              <FileName>asm.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\asm.c</FilePath>
+            </File>
+            <File>
+              <FileName>asn.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\asn.c</FilePath>
+            </File>
+            <File>
+              <FileName>blake2b.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\blake2b.c</FilePath>
+            </File>
+            <File>
+              <FileName>camellia.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\camellia.c</FilePath>
+            </File>
+            <File>
+              <FileName>chacha.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\chacha.c</FilePath>
+            </File>
+            <File>
+              <FileName>chacha20_poly1305.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\chacha20_poly1305.c</FilePath>
+            </File>
+            <File>
+              <FileName>coding.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\coding.c</FilePath>
+            </File>
+            <File>
+              <FileName>compress.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\compress.c</FilePath>
+            </File>
+            <File>
+              <FileName>curve25519.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\curve25519.c</FilePath>
+            </File>
+            <File>
+              <FileName>des3.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\des3.c</FilePath>
+            </File>
+            <File>
+              <FileName>dh.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\dh.c</FilePath>
+            </File>
+            <File>
+              <FileName>dsa.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\dsa.c</FilePath>
+            </File>
+            <File>
+              <FileName>ecc.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\ecc.c</FilePath>
+            </File>
+            <File>
+              <FileName>ecc_fp.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\ecc_fp.c</FilePath>
+            </File>
+            <File>
+              <FileName>ed25519.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\ed25519.c</FilePath>
+            </File>
+            <File>
+              <FileName>error.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\error.c</FilePath>
+            </File>
+            <File>
+              <FileName>fe_operations.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\fe_operations.c</FilePath>
+            </File>
+            <File>
+              <FileName>ge_operations.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\ge_operations.c</FilePath>
+            </File>
+            <File>
+              <FileName>hc128.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\hc128.c</FilePath>
+            </File>
+            <File>
+              <FileName>hmac.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\hmac.c</FilePath>
+            </File>
+            <File>
+              <FileName>integer.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\integer.c</FilePath>
+            </File>
+            <File>
+              <FileName>logging.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\logging.c</FilePath>
+            </File>
+            <File>
+              <FileName>md2.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\md2.c</FilePath>
+            </File>
+            <File>
+              <FileName>md4.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\md4.c</FilePath>
+            </File>
+            <File>
+              <FileName>md5.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\md5.c</FilePath>
+            </File>
+            <File>
+              <FileName>memory.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\memory.c</FilePath>
+            </File>
+            <File>
+              <FileName>pkcs7.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\pkcs7.c</FilePath>
+            </File>
+            <File>
+              <FileName>poly1305.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\poly1305.c</FilePath>
+            </File>
+            <File>
+              <FileName>pwdbased.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\pwdbased.c</FilePath>
+            </File>
+            <File>
+              <FileName>rabbit.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\rabbit.c</FilePath>
+            </File>
+            <File>
+              <FileName>random.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\random.c</FilePath>
+            </File>
+            <File>
+              <FileName>ripemd.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\ripemd.c</FilePath>
+            </File>
+            <File>
+              <FileName>rsa.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\rsa.c</FilePath>
+            </File>
+            <File>
+              <FileName>sha.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\sha.c</FilePath>
+            </File>
+            <File>
+              <FileName>sha256.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\sha256.c</FilePath>
+            </File>
+            <File>
+              <FileName>sha512.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\sha512.c</FilePath>
+            </File>
+            <File>
+              <FileName>tfm.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\tfm.c</FilePath>
+            </File>
+            <File>
+              <FileName>wc_port.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\wc_port.c</FilePath>
+            </File>
+            <File>
+              <FileName>fe_low_mem.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\fe_low_mem.c</FilePath>
+            </File>
+            <File>
+              <FileName>ge_low_mem.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\ge_low_mem.c</FilePath>
+            </File>
+            <File>
+              <FileName>hash.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\hash.c</FilePath>
+            </File>
+            <File>
+              <FileName>misc.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\misc.c</FilePath>
+            </File>
+            <File>
+              <FileName>srp.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\srp.c</FilePath>
+            </File>
+            <File>
+              <FileName>wc_encrypt.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\wc_encrypt.c</FilePath>
+            </File>
+          </Files>
+        </Group>
+        <Group>
+          <GroupName>SSL</GroupName>
+          <Files>
+            <File>
+              <FileName>crl.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\src\crl.c</FilePath>
+            </File>
+            <File>
+              <FileName>internal.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\src\internal.c</FilePath>
+            </File>
+            <File>
+              <FileName>io.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\src\io.c</FilePath>
+            </File>
+            <File>
+              <FileName>keys.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\src\keys.c</FilePath>
+            </File>
+            <File>
+              <FileName>ocsp.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\src\ocsp.c</FilePath>
+            </File>
+            <File>
+              <FileName>sniffer.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\src\sniffer.c</FilePath>
+            </File>
+            <File>
+              <FileName>ssl.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\src\ssl.c</FilePath>
+            </File>
+            <File>
+              <FileName>tls.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\src\tls.c</FilePath>
+            </File>
+          </Files>
+        </Group>
+        <Group>
+          <GroupName>Config</GroupName>
+          <Files>
+            <File>
+              <FileName>Readme.txt</FileName>
+              <FileType>5</FileType>
+              <FilePath>.\Readme.txt</FilePath>
+            </File>
+            <File>
+              <FileName>config-BARE-METAL.h</FileName>
+              <FileType>5</FileType>
+              <FilePath>..\MDK-ARM\wolfSSL\config-BARE-METAL.h</FilePath>
+            </File>
+            <File>
+              <FileName>config-RTX-TCP-FS.h</FileName>
+              <FileType>5</FileType>
+              <FilePath>..\MDK-ARM\wolfSSL\config-RTX-TCP-FS.h</FilePath>
+            </File>
+            <File>
+              <FileName>config-WOLFLIB.h</FileName>
+              <FileType>5</FileType>
+              <FilePath>..\MDK-ARM\wolfSSL\config-WOLFLIB.h</FilePath>
+            </File>
+          </Files>
+        </Group>
+      </Groups>
+    </Target>
+    <Target>
+      <TargetName>wolfSSL-Lib</TargetName>
+      <ToolsetNumber>0x4</ToolsetNumber>
+      <ToolsetName>ARM-ADS</ToolsetName>
+      <TargetOption>
+        <TargetCommonOption>
+          <Device>STM32F207IG</Device>
+          <Vendor>STMicroelectronics</Vendor>
+          <Cpu>IRAM(0x20000000-0x2001FFFF) IROM(0x8000000-0x80FFFFF) CLOCK(25000000) CPUTYPE("Cortex-M3")</Cpu>
+          <FlashUtilSpec></FlashUtilSpec>
+          <StartupFile>"STARTUP\ST\STM32F2xx\startup_stm32f2xx.s" ("STM32F2xx Startup Code")</StartupFile>
+          <FlashDriverDll>UL2CM3(-O207 -S0 -C0 -FO7 -FD20000000 -FC800 -FN1 -FF0STM32F2xx_1024 -FS08000000 -FL0100000)</FlashDriverDll>
+          <DeviceId>5124</DeviceId>
+          <RegisterFile>stm32f2xx.h</RegisterFile>
+          <MemoryEnv></MemoryEnv>
+          <Cmp></Cmp>
+          <Asm></Asm>
+          <Linker></Linker>
+          <OHString></OHString>
+          <InfinionOptionDll></InfinionOptionDll>
+          <SLE66CMisc></SLE66CMisc>
+          <SLE66AMisc></SLE66AMisc>
+          <SLE66LinkerMisc></SLE66LinkerMisc>
+          <SFDFile>SFD\ST\STM32F2xx\STM32F20x.sfr</SFDFile>
+          <bCustSvd>0</bCustSvd>
+          <UseEnv>0</UseEnv>
+          <BinPath></BinPath>
+          <IncludePath></IncludePath>
+          <LibPath></LibPath>
+          <RegisterFilePath>ST\STM32F2xx\</RegisterFilePath>
+          <DBRegisterFilePath>ST\STM32F2xx\</DBRegisterFilePath>
+          <TargetStatus>
+            <Error>0</Error>
+            <ExitCodeStop>0</ExitCodeStop>
+            <ButtonStop>0</ButtonStop>
+            <NotGenerated>0</NotGenerated>
+            <InvalidFlash>1</InvalidFlash>
+          </TargetStatus>
+          <OutputDirectory>.\wolfSSL-Lib\</OutputDirectory>
+          <OutputName>wolfSSL</OutputName>
+          <CreateExecutable>0</CreateExecutable>
+          <CreateLib>1</CreateLib>
+          <CreateHexFile>0</CreateHexFile>
+          <DebugInformation>1</DebugInformation>
+          <BrowseInformation>1</BrowseInformation>
+          <ListingPath>.\Flash\</ListingPath>
+          <HexFormatSelection>1</HexFormatSelection>
+          <Merge32K>0</Merge32K>
+          <CreateBatchFile>0</CreateBatchFile>
+          <BeforeCompile>
+            <RunUserProg1>0</RunUserProg1>
+            <RunUserProg2>0</RunUserProg2>
+            <UserProg1Name></UserProg1Name>
+            <UserProg2Name></UserProg2Name>
+            <UserProg1Dos16Mode>0</UserProg1Dos16Mode>
+            <UserProg2Dos16Mode>0</UserProg2Dos16Mode>
+            <nStopU1X>0</nStopU1X>
+            <nStopU2X>0</nStopU2X>
+          </BeforeCompile>
+          <BeforeMake>
+            <RunUserProg1>0</RunUserProg1>
+            <RunUserProg2>0</RunUserProg2>
+            <UserProg1Name></UserProg1Name>
+            <UserProg2Name></UserProg2Name>
+            <UserProg1Dos16Mode>0</UserProg1Dos16Mode>
+            <UserProg2Dos16Mode>0</UserProg2Dos16Mode>
+            <nStopB1X>0</nStopB1X>
+            <nStopB2X>0</nStopB2X>
+          </BeforeMake>
+          <AfterMake>
+            <RunUserProg1>0</RunUserProg1>
+            <RunUserProg2>0</RunUserProg2>
+            <UserProg1Name></UserProg1Name>
+            <UserProg2Name></UserProg2Name>
+            <UserProg1Dos16Mode>0</UserProg1Dos16Mode>
+            <UserProg2Dos16Mode>0</UserProg2Dos16Mode>
+          </AfterMake>
+          <SelectedForBatchBuild>0</SelectedForBatchBuild>
+          <SVCSIdString></SVCSIdString>
+        </TargetCommonOption>
+        <CommonProperty>
+          <UseCPPCompiler>0</UseCPPCompiler>
+          <RVCTCodeConst>0</RVCTCodeConst>
+          <RVCTZI>0</RVCTZI>
+          <RVCTOtherData>0</RVCTOtherData>
+          <ModuleSelection>0</ModuleSelection>
+          <IncludeInBuild>1</IncludeInBuild>
+          <AlwaysBuild>0</AlwaysBuild>
+          <GenerateAssemblyFile>0</GenerateAssemblyFile>
+          <AssembleAssemblyFile>0</AssembleAssemblyFile>
+          <PublicsOnly>0</PublicsOnly>
+          <StopOnExitCode>3</StopOnExitCode>
+          <CustomArgument></CustomArgument>
+          <IncludeLibraryModules></IncludeLibraryModules>
+          <ComprImg>1</ComprImg>
+        </CommonProperty>
+        <DllOption>
+          <SimDllName>SARMCM3.DLL</SimDllName>
+          <SimDllArguments>-MPU</SimDllArguments>
+          <SimDlgDll>DARMSTM.DLL</SimDlgDll>
+          <SimDlgDllArguments>-pSTM32F207IG</SimDlgDllArguments>
+          <TargetDllName>SARMCM3.DLL</TargetDllName>
+          <TargetDllArguments>-MPU</TargetDllArguments>
+          <TargetDlgDll>TARMSTM.DLL</TargetDlgDll>
+          <TargetDlgDllArguments>-pSTM32F207IG</TargetDlgDllArguments>
+        </DllOption>
+        <DebugOption>
+          <OPTHX>
+            <HexSelection>1</HexSelection>
+            <HexRangeLowAddress>0</HexRangeLowAddress>
+            <HexRangeHighAddress>0</HexRangeHighAddress>
+            <HexOffset>0</HexOffset>
+            <Oh166RecLen>16</Oh166RecLen>
+          </OPTHX>
+          <Simulator>
+            <UseSimulator>0</UseSimulator>
+            <LoadApplicationAtStartup>1</LoadApplicationAtStartup>
+            <RunToMain>1</RunToMain>
+            <RestoreBreakpoints>1</RestoreBreakpoints>
+            <RestoreWatchpoints>1</RestoreWatchpoints>
+            <RestoreMemoryDisplay>1</RestoreMemoryDisplay>
+            <RestoreFunctions>1</RestoreFunctions>
+            <RestoreToolbox>1</RestoreToolbox>
+            <LimitSpeedToRealTime>0</LimitSpeedToRealTime>
+            <RestoreSysVw>1</RestoreSysVw>
+          </Simulator>
+          <Target>
+            <UseTarget>1</UseTarget>
+            <LoadApplicationAtStartup>1</LoadApplicationAtStartup>
+            <RunToMain>0</RunToMain>
+            <RestoreBreakpoints>1</RestoreBreakpoints>
+            <RestoreWatchpoints>1</RestoreWatchpoints>
+            <RestoreMemoryDisplay>1</RestoreMemoryDisplay>
+            <RestoreFunctions>0</RestoreFunctions>
+            <RestoreToolbox>1</RestoreToolbox>
+            <RestoreTracepoints>0</RestoreTracepoints>
+            <RestoreSysVw>1</RestoreSysVw>
+          </Target>
+          <RunDebugAfterBuild>0</RunDebugAfterBuild>
+          <TargetSelection>1</TargetSelection>
+          <SimDlls>
+            <CpuDll></CpuDll>
+            <CpuDllArguments></CpuDllArguments>
+            <PeripheralDll></PeripheralDll>
+            <PeripheralDllArguments></PeripheralDllArguments>
+            <InitializationFile></InitializationFile>
+          </SimDlls>
+          <TargetDlls>
+            <CpuDll></CpuDll>
+            <CpuDllArguments></CpuDllArguments>
+            <PeripheralDll></PeripheralDll>
+            <PeripheralDllArguments></PeripheralDllArguments>
+            <InitializationFile>..\..\..\..\..\..\..\Keil\ARM\Boards\Keil\MCBSTM32F200\Blinky_ULp\STM32_SWO.ini</InitializationFile>
+            <Driver>BIN\UL2CM3.DLL</Driver>
+          </TargetDlls>
+        </DebugOption>
+        <Utilities>
+          <Flash1>
+            <UseTargetDll>1</UseTargetDll>
+            <UseExternalTool>0</UseExternalTool>
+            <RunIndependent>0</RunIndependent>
+            <UpdateFlashBeforeDebugging>1</UpdateFlashBeforeDebugging>
+            <Capability>1</Capability>
+            <DriverSelection>4100</DriverSelection>
+          </Flash1>
+          <bUseTDR>1</bUseTDR>
+          <Flash2>BIN\ULP2CM3.DLL</Flash2>
+          <Flash3>"" ()</Flash3>
+          <Flash4></Flash4>
+          <pFcarmOut></pFcarmOut>
+          <pFcarmGrp></pFcarmGrp>
+          <pFcArmRoot></pFcArmRoot>
+          <FcArmLst>0</FcArmLst>
+        </Utilities>
+        <TargetArmAds>
+          <ArmAdsMisc>
+            <GenerateListings>0</GenerateListings>
+            <asHll>1</asHll>
+            <asAsm>1</asAsm>
+            <asMacX>1</asMacX>
+            <asSyms>1</asSyms>
+            <asFals>1</asFals>
+            <asDbgD>1</asDbgD>
+            <asForm>1</asForm>
+            <ldLst>0</ldLst>
+            <ldmm>1</ldmm>
+            <ldXref>1</ldXref>
+            <BigEnd>0</BigEnd>
+            <AdsALst>0</AdsALst>
+            <AdsACrf>1</AdsACrf>
+            <AdsANop>0</AdsANop>
+            <AdsANot>0</AdsANot>
+            <AdsLLst>0</AdsLLst>
+            <AdsLmap>1</AdsLmap>
+            <AdsLcgr>1</AdsLcgr>
+            <AdsLsym>1</AdsLsym>
+            <AdsLszi>1</AdsLszi>
+            <AdsLtoi>1</AdsLtoi>
+            <AdsLsun>1</AdsLsun>
+            <AdsLven>1</AdsLven>
+            <AdsLsxf>1</AdsLsxf>
+            <RvctClst>0</RvctClst>
+            <GenPPlst>0</GenPPlst>
+            <AdsCpuType>"Cortex-M3"</AdsCpuType>
+            <RvctDeviceName></RvctDeviceName>
+            <mOS>0</mOS>
+            <uocRom>0</uocRom>
+            <uocRam>0</uocRam>
+            <hadIROM>1</hadIROM>
+            <hadIRAM>1</hadIRAM>
+            <hadXRAM>0</hadXRAM>
+            <uocXRam>0</uocXRam>
+            <RvdsVP>0</RvdsVP>
+            <hadIRAM2>0</hadIRAM2>
+            <hadIROM2>0</hadIROM2>
+            <StupSel>8</StupSel>
+            <useUlib>0</useUlib>
+            <EndSel>0</EndSel>
+            <uLtcg>0</uLtcg>
+            <RoSelD>3</RoSelD>
+            <RwSelD>3</RwSelD>
+            <CodeSel>0</CodeSel>
+            <OptFeed>0</OptFeed>
+            <NoZi1>0</NoZi1>
+            <NoZi2>0</NoZi2>
+            <NoZi3>0</NoZi3>
+            <NoZi4>0</NoZi4>
+            <NoZi5>0</NoZi5>
+            <Ro1Chk>0</Ro1Chk>
+            <Ro2Chk>0</Ro2Chk>
+            <Ro3Chk>0</Ro3Chk>
+            <Ir1Chk>1</Ir1Chk>
+            <Ir2Chk>0</Ir2Chk>
+            <Ra1Chk>0</Ra1Chk>
+            <Ra2Chk>0</Ra2Chk>
+            <Ra3Chk>0</Ra3Chk>
+            <Im1Chk>1</Im1Chk>
+            <Im2Chk>0</Im2Chk>
+            <OnChipMemories>
+              <Ocm1>
+                <Type>0</Type>
+                <StartAddress>0x0</StartAddress>
+                <Size>0x0</Size>
+              </Ocm1>
+              <Ocm2>
+                <Type>0</Type>
+                <StartAddress>0x0</StartAddress>
+                <Size>0x0</Size>
+              </Ocm2>
+              <Ocm3>
+                <Type>0</Type>
+                <StartAddress>0x0</StartAddress>
+                <Size>0x0</Size>
+              </Ocm3>
+              <Ocm4>
+                <Type>0</Type>
+                <StartAddress>0x0</StartAddress>
+                <Size>0x0</Size>
+              </Ocm4>
+              <Ocm5>
+                <Type>0</Type>
+                <StartAddress>0x0</StartAddress>
+                <Size>0x0</Size>
+              </Ocm5>
+              <Ocm6>
+                <Type>0</Type>
+                <StartAddress>0x0</StartAddress>
+                <Size>0x0</Size>
+              </Ocm6>
+              <IRAM>
+                <Type>0</Type>
+                <StartAddress>0x20000000</StartAddress>
+                <Size>0x20000</Size>
+              </IRAM>
+              <IROM>
+                <Type>1</Type>
+                <StartAddress>0x8000000</StartAddress>
+                <Size>0x100000</Size>
+              </IROM>
+              <XRAM>
+                <Type>0</Type>
+                <StartAddress>0x0</StartAddress>
+                <Size>0x0</Size>
+              </XRAM>
+              <OCR_RVCT1>
+                <Type>1</Type>
+                <StartAddress>0x0</StartAddress>
+                <Size>0x0</Size>
+              </OCR_RVCT1>
+              <OCR_RVCT2>
+                <Type>1</Type>
+                <StartAddress>0x0</StartAddress>
+                <Size>0x0</Size>
+              </OCR_RVCT2>
+              <OCR_RVCT3>
+                <Type>1</Type>
+                <StartAddress>0x0</StartAddress>
+                <Size>0x0</Size>
+              </OCR_RVCT3>
+              <OCR_RVCT4>
+                <Type>1</Type>
+                <StartAddress>0x8000000</StartAddress>
+                <Size>0x100000</Size>
+              </OCR_RVCT4>
+              <OCR_RVCT5>
+                <Type>1</Type>
+                <StartAddress>0x0</StartAddress>
+                <Size>0x0</Size>
+              </OCR_RVCT5>
+              <OCR_RVCT6>
+                <Type>0</Type>
+                <StartAddress>0x0</StartAddress>
+                <Size>0x0</Size>
+              </OCR_RVCT6>
+              <OCR_RVCT7>
+                <Type>0</Type>
+                <StartAddress>0x0</StartAddress>
+                <Size>0x0</Size>
+              </OCR_RVCT7>
+              <OCR_RVCT8>
+                <Type>0</Type>
+                <StartAddress>0x0</StartAddress>
+                <Size>0x0</Size>
+              </OCR_RVCT8>
+              <OCR_RVCT9>
+                <Type>0</Type>
+                <StartAddress>0x20000000</StartAddress>
+                <Size>0x20000</Size>
+              </OCR_RVCT9>
+              <OCR_RVCT10>
+                <Type>0</Type>
+                <StartAddress>0x0</StartAddress>
+                <Size>0x0</Size>
+              </OCR_RVCT10>
+            </OnChipMemories>
+            <RvctStartVector></RvctStartVector>
+          </ArmAdsMisc>
+          <Cads>
+            <interw>1</interw>
+            <Optim>4</Optim>
+            <oTime>0</oTime>
+            <SplitLS>0</SplitLS>
+            <OneElfS>0</OneElfS>
+            <Strict>0</Strict>
+            <EnumInt>0</EnumInt>
+            <PlainCh>0</PlainCh>
+            <Ropi>0</Ropi>
+            <Rwpi>0</Rwpi>
+            <wLevel>0</wLevel>
+            <uThumb>0</uThumb>
+            <uSurpInc>0</uSurpInc>
+            <uC99>0</uC99>
+            <useXO>0</useXO>
+            <VariousControls>
+              <MiscControls></MiscControls>
+              <Define>HAVE_CONFIG_H   MDK_WOLFLIB</Define>
+              <Undefine></Undefine>
+              <IncludePath>..\..\..\;.\;..\MDK-ARM\wolfSSL</IncludePath>
+            </VariousControls>
+          </Cads>
+          <Aads>
+            <interw>1</interw>
+            <Ropi>0</Ropi>
+            <Rwpi>0</Rwpi>
+            <thumb>0</thumb>
+            <SplitLS>0</SplitLS>
+            <SwStkChk>0</SwStkChk>
+            <NoWarn>0</NoWarn>
+            <uSurpInc>0</uSurpInc>
+            <useXO>0</useXO>
+            <VariousControls>
+              <MiscControls></MiscControls>
+              <Define></Define>
+              <Undefine></Undefine>
+              <IncludePath></IncludePath>
+            </VariousControls>
+          </Aads>
+          <LDads>
+            <umfTarg>1</umfTarg>
+            <Ropi>0</Ropi>
+            <Rwpi>0</Rwpi>
+            <noStLib>0</noStLib>
+            <RepFail>1</RepFail>
+            <useFile>0</useFile>
+            <TextAddressRange>0x08000000</TextAddressRange>
+            <DataAddressRange>0x20000000</DataAddressRange>
+            <pXoBase></pXoBase>
+            <ScatterFile></ScatterFile>
+            <IncludeLibs></IncludeLibs>
+            <IncludeLibsPath></IncludeLibsPath>
+            <Misc>
+</Misc>            <LinkerInputFile></LinkerInputFile>
+            <DisabledWarnings></DisabledWarnings>
+          </LDads>
+        </TargetArmAds>
+      </TargetOption>
+      <Groups>
+        <Group>
+          <GroupName>Crypt</GroupName>
+          <Files>
+            <File>
+              <FileName>config-FS.h</FileName>
+              <FileType>5</FileType>
+              <FilePath>..\MDK-ARM\wolfSSL\config-FS.h</FilePath>
+            </File>
+            <File>
+              <FileName>aes.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\aes.c</FilePath>
+            </File>
+            <File>
+              <FileName>arc4.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\arc4.c</FilePath>
+            </File>
+            <File>
+              <FileName>asm.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\asm.c</FilePath>
+            </File>
+            <File>
+              <FileName>asn.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\asn.c</FilePath>
+            </File>
+            <File>
+              <FileName>blake2b.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\blake2b.c</FilePath>
+            </File>
+            <File>
+              <FileName>camellia.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\camellia.c</FilePath>
+            </File>
+            <File>
+              <FileName>chacha.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\chacha.c</FilePath>
+            </File>
+            <File>
+              <FileName>chacha20_poly1305.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\chacha20_poly1305.c</FilePath>
+            </File>
+            <File>
+              <FileName>coding.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\coding.c</FilePath>
+            </File>
+            <File>
+              <FileName>compress.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\compress.c</FilePath>
+            </File>
+            <File>
+              <FileName>curve25519.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\curve25519.c</FilePath>
+            </File>
+            <File>
+              <FileName>des3.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\des3.c</FilePath>
+            </File>
+            <File>
+              <FileName>dh.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\dh.c</FilePath>
+            </File>
+            <File>
+              <FileName>dsa.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\dsa.c</FilePath>
+            </File>
+            <File>
+              <FileName>ecc.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\ecc.c</FilePath>
+            </File>
+            <File>
+              <FileName>ecc_fp.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\ecc_fp.c</FilePath>
+            </File>
+            <File>
+              <FileName>ed25519.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\ed25519.c</FilePath>
+            </File>
+            <File>
+              <FileName>error.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\error.c</FilePath>
+            </File>
+            <File>
+              <FileName>fe_operations.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\fe_operations.c</FilePath>
+            </File>
+            <File>
+              <FileName>ge_operations.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\ge_operations.c</FilePath>
+            </File>
+            <File>
+              <FileName>hc128.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\hc128.c</FilePath>
+            </File>
+            <File>
+              <FileName>hmac.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\hmac.c</FilePath>
+            </File>
+            <File>
+              <FileName>integer.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\integer.c</FilePath>
+            </File>
+            <File>
+              <FileName>logging.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\logging.c</FilePath>
+            </File>
+            <File>
+              <FileName>md2.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\md2.c</FilePath>
+            </File>
+            <File>
+              <FileName>md4.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\md4.c</FilePath>
+            </File>
+            <File>
+              <FileName>md5.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\md5.c</FilePath>
+            </File>
+            <File>
+              <FileName>memory.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\memory.c</FilePath>
+            </File>
+            <File>
+              <FileName>pkcs7.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\pkcs7.c</FilePath>
+            </File>
+            <File>
+              <FileName>poly1305.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\poly1305.c</FilePath>
+            </File>
+            <File>
+              <FileName>pwdbased.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\pwdbased.c</FilePath>
+            </File>
+            <File>
+              <FileName>rabbit.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\rabbit.c</FilePath>
+            </File>
+            <File>
+              <FileName>random.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\random.c</FilePath>
+            </File>
+            <File>
+              <FileName>ripemd.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\ripemd.c</FilePath>
+            </File>
+            <File>
+              <FileName>rsa.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\rsa.c</FilePath>
+            </File>
+            <File>
+              <FileName>sha.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\sha.c</FilePath>
+            </File>
+            <File>
+              <FileName>sha256.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\sha256.c</FilePath>
+            </File>
+            <File>
+              <FileName>sha512.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\sha512.c</FilePath>
+            </File>
+            <File>
+              <FileName>tfm.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\tfm.c</FilePath>
+            </File>
+            <File>
+              <FileName>wc_port.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\wc_port.c</FilePath>
+            </File>
+            <File>
+              <FileName>fe_low_mem.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\fe_low_mem.c</FilePath>
+            </File>
+            <File>
+              <FileName>ge_low_mem.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\ge_low_mem.c</FilePath>
+            </File>
+            <File>
+              <FileName>hash.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\hash.c</FilePath>
+            </File>
+            <File>
+              <FileName>misc.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\misc.c</FilePath>
+            </File>
+            <File>
+              <FileName>srp.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\srp.c</FilePath>
+            </File>
+            <File>
+              <FileName>wc_encrypt.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\wolfcrypt\src\wc_encrypt.c</FilePath>
+            </File>
+          </Files>
+        </Group>
+        <Group>
+          <GroupName>SSL</GroupName>
+          <Files>
+            <File>
+              <FileName>crl.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\src\crl.c</FilePath>
+            </File>
+            <File>
+              <FileName>internal.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\src\internal.c</FilePath>
+            </File>
+            <File>
+              <FileName>io.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\src\io.c</FilePath>
+            </File>
+            <File>
+              <FileName>keys.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\src\keys.c</FilePath>
+            </File>
+            <File>
+              <FileName>ocsp.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\src\ocsp.c</FilePath>
+            </File>
+            <File>
+              <FileName>sniffer.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\src\sniffer.c</FilePath>
+            </File>
+            <File>
+              <FileName>ssl.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\src\ssl.c</FilePath>
+            </File>
+            <File>
+              <FileName>tls.c</FileName>
+              <FileType>1</FileType>
+              <FilePath>..\..\..\src\tls.c</FilePath>
+            </File>
+          </Files>
+        </Group>
+        <Group>
+          <GroupName>Config</GroupName>
+          <Files>
+            <File>
+              <FileName>Readme.txt</FileName>
+              <FileType>5</FileType>
+              <FilePath>.\Readme.txt</FilePath>
+            </File>
+            <File>
+              <FileName>config-BARE-METAL.h</FileName>
+              <FileType>5</FileType>
+              <FilePath>..\MDK-ARM\wolfSSL\config-BARE-METAL.h</FilePath>
+            </File>
+            <File>
+              <FileName>config-RTX-TCP-FS.h</FileName>
+              <FileType>5</FileType>
+              <FilePath>..\MDK-ARM\wolfSSL\config-RTX-TCP-FS.h</FilePath>
+            </File>
+            <File>
+              <FileName>config-WOLFLIB.h</FileName>
+              <FileType>5</FileType>
+              <FilePath>..\MDK-ARM\wolfSSL\config-WOLFLIB.h</FilePath>
+            </File>
+          </Files>
+        </Group>
+      </Groups>
+    </Target>
+  </Targets>
+
+</Project>
diff --git a/IDE/MDK-ARM/Projects/Readme.txt b/IDE/MDK-ARM/Projects/Readme.txt
new file mode 100644
index 000000000..87ba83c96
--- /dev/null
+++ b/IDE/MDK-ARM/Projects/Readme.txt
@@ -0,0 +1,8 @@
+
+Use appropriate config file for the target library.
+
+Configfile files               Target
+config-WOLFLIB.h:         wolfSSL-Lib                  /* for general use wolfSSL library */
+config-BARE-METAL.h:  MDK-BAREMETAL-Lib   /* for linking with MDK-BAREMETAL target in MDK-ARM-STM32F2xx project */
+config-FS.h:                  MDK-FS-Lib                 /* for linking with MDK-FS target in MDK-ARM-STM32F2xx project */
+config-RTX-TCP-FS.h:  MDK-RTX-TCP-FS-Lib  /* for linking with MDK-RTX-TCP-FS target in MDK-ARM-STM32F2xx project */
diff --git a/IDE/MDK-ARM/Projects/conifg-WOLFLIB.h b/IDE/MDK-ARM/Projects/conifg-WOLFLIB.h
new file mode 100644
index 000000000..e69de29bb
diff --git a/examples/echoclient/echoclient.c b/examples/echoclient/echoclient.c
index 594d146cf..7910d50d1 100644
--- a/examples/echoclient/echoclient.c
+++ b/examples/echoclient/echoclient.c
@@ -29,11 +29,11 @@
 #include <cyassl/ssl.h>
 #include <cyassl/openssl/ssl.h>
 
-#if defined(CYASSL_MDK_ARM)
+#if defined(WOLFSSL_MDK_ARM)
         #include <stdio.h>
         #include <string.h>
 
-        #if defined(CYASSL_MDK5)
+        #if defined(WOLFSSL_MDK5)
             #include "cmsis_os.h"
             #include "rl_fs.h" 
             #include "rl_net.h" 
@@ -41,7 +41,7 @@
             #include "rtl.h"
         #endif
 
-        #include "cyassl_MDK_ARM.h"
+        #include "wolfssl_MDK_ARM.h"
 #endif
 
 #include <cyassl/test.h>
@@ -74,7 +74,7 @@ void echoclient_test(void* args)
 
     ((func_args*)args)->return_code = -1; /* error state */
     
-#ifndef CYASSL_MDK_SHELL
+#ifndef WOLFSSL_MDK_SHELL
     argc = ((func_args*)args)->argc;
     argv = ((func_args*)args)->argv;
 #endif
@@ -103,7 +103,7 @@ void echoclient_test(void* args)
     doPSK = 1;
 #endif
 
-#if defined(NO_MAIN_DRIVER) && !defined(USE_WINDOWS_API) && !defined(CYASSL_MDK_SHELL)
+#if defined(NO_MAIN_DRIVER) && !defined(USE_WINDOWS_API) && !defined(WOLFSSL_MDK_SHELL)
     port = ((func_args*)args)->signal->port;
 #endif
 
@@ -153,7 +153,7 @@ void echoclient_test(void* args)
     SSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
 #endif
 
-    #if defined(CYASSL_MDK_ARM)
+    #if defined(WOLFSSL_MDK_ARM)
     CyaSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
     #endif
 
@@ -194,7 +194,7 @@ void echoclient_test(void* args)
             break;
         }
 
-        #ifndef CYASSL_MDK_SHELL
+        #ifndef WOLFSSL_MDK_SHELL
         while (sendSz) {
             int got;
             if ( (got = SSL_read(ssl, reply, sizeof(reply)-1)) > 0) {
@@ -260,7 +260,7 @@ void echoclient_test(void* args)
         args.argv = argv;
 
         CyaSSL_Init();
-#if defined(DEBUG_CYASSL) && !defined(CYASSL_MDK_SHELL)
+#if defined(DEBUG_CYASSL) && !defined(WOLFSSL_MDK_SHELL)
         CyaSSL_Debugging_ON();
 #endif
 #ifndef CYASSL_TIRTOS
diff --git a/examples/echoserver/echoserver.c b/examples/echoserver/echoserver.c
index db499ae08..999aa9b55 100644
--- a/examples/echoserver/echoserver.c
+++ b/examples/echoserver/echoserver.c
@@ -29,11 +29,11 @@
     #include <cyassl/ctaocrypt/ecc.h>   /* ecc_fp_free */
 #endif
 
-#if defined(CYASSL_MDK_ARM)
+#if defined(WOLFSSL_MDK_ARM)
         #include <stdio.h>
         #include <string.h>
 
-        #if defined(CYASSL_MDK5)
+        #if defined(WOLFSSL_MDK5)
             #include "cmsis_os.h"
             #include "rl_fs.h" 
             #include "rl_net.h" 
@@ -41,7 +41,7 @@
             #include "rtl.h"
         #endif
 
-        #include "cyassl_MDK_ARM.h"
+        #include "wolfssl_MDK_ARM.h"
 #endif
 
 #include <cyassl/ssl.h>
@@ -83,7 +83,7 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
     int    outCreated = 0;
     int    shutDown = 0;
     int    useAnyAddr = 0;
-    word16 port = yasslPort;
+    word16 port = wolfSSLPort;
     int    argc = ((func_args*)args)->argc;
     char** argv = ((func_args*)args)->argv;
 
@@ -114,7 +114,7 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
 #endif
 
     #if defined(NO_MAIN_DRIVER) && !defined(USE_WINDOWS_API) && \
-        !defined(CYASSL_SNIFFER) && !defined(CYASSL_MDK_SHELL) && \
+        !defined(CYASSL_SNIFFER) && !defined(WOLFSSL_MDK_SHELL) && \
         !defined(CYASSL_TIRTOS)
         port = 0;
     #endif
diff --git a/examples/server/server.c b/examples/server/server.c
index c0687a195..3163aae2f 100644
--- a/examples/server/server.c
+++ b/examples/server/server.c
@@ -34,11 +34,11 @@
     #define WOLFSSL_TRACK_MEMORY
 #endif
 
-#if defined(CYASSL_MDK_ARM)
+#if defined(WOLFSSL_MDK_ARM)
         #include <stdio.h>
         #include <string.h>
 
-        #if defined(CYASSL_MDK5)
+        #if defined(WOLFSSL_MDK5)
             #include "cmsis_os.h"
             #include "rl_fs.h" 
             #include "rl_net.h" 
@@ -46,7 +46,7 @@
             #include "rtl.h"
         #endif
 
-        #include "cyassl_MDK_ARM.h"
+        #include "wolfssl_MDK_ARM.h"
 #endif
 #include <cyassl/openssl/ssl.h>
 #include <cyassl/test.h>
@@ -179,7 +179,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
     int    version = SERVER_DEFAULT_VERSION;
     int    doCliCertCheck = 1;
     int    useAnyAddr = 0;
-    word16 port = yasslPort;
+    word16 port = wolfSSLPort;
     int    usePsk = 0;
     int    useAnon = 0;
     int    doDTLS = 0;
@@ -659,7 +659,7 @@ while (1) {  /* allow resume option */
     if (SSL_write(ssl, msg, sizeof(msg)) != sizeof(msg))
         err_sys("SSL_write failed");
         
-    #if defined(CYASSL_MDK_SHELL) && defined(HAVE_MDK_RTX)
+    #if defined(WOLFSSL_MDK_SHELL) && defined(HAVE_MDK_RTX)
         os_dly_wait(500) ;
     #elif defined (CYASSL_TIRTOS)
         Task_yield();
@@ -729,7 +729,7 @@ while (1) {  /* allow resume option */
         args.argv = argv;
 
         CyaSSL_Init();
-#if defined(DEBUG_CYASSL) && !defined(CYASSL_MDK_SHELL)
+#if defined(DEBUG_CYASSL) && !defined(WOLFSSL_MDK_SHELL)
         CyaSSL_Debugging_ON();
 #endif
         if (CurrentDir("_build"))
diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
index b17b44154..bfefcec3c 100644
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -113,19 +113,7 @@
     #define XTIME(t1)  mqx_time((t1))
     #define XGMTIME(c, t) mqx_gmtime((c), (t))
     #define XVALIDATE_DATE(d, f, t) ValidateDate((d), (f), (t))
-#elif defined(WOLFSSL_MDK_ARM)
-    #if defined(WOLFSSL_MDK5)
-        #include "cmsis_os.h"
-    #else
-        #include <rtl.h>
-    #endif
-    #undef RNG
-    #include "wolfssl_MDK_ARM.h"
-    #undef RNG
-    #define RNG wolfSSL_RNG /*for avoiding name conflict in "stm32f2xx.h" */
-    #define XTIME(tl)  (0)
-    #define XGMTIME(c, t) wolfssl_MDK_gmtime((c))
-    #define XVALIDATE_DATE(d, f, t)  ValidateDate((d), (f), (t))
+
 #elif defined(USER_TIME)
     /* user time, and gmtime compatible functions, there is a gmtime 
        implementation here that WINCE uses, so really just need some ticks
@@ -1456,7 +1444,8 @@ int wc_DsaKeyToDer(DsaKey* key, byte* output, word32 inLen)
     word32 seqSz, verSz, rawLen, intTotalLen = 0;
     word32 sizes[DSA_INTS];
     int    i, j, outLen, ret = 0, lbit;
-
+    int   err ;
+	
     byte  seq[MAX_SEQ_SZ];
     byte  ver[MAX_VERSION_SZ];
     byte* tmps[DSA_INTS];
@@ -1496,7 +1485,7 @@ int wc_DsaKeyToDer(DsaKey* key, byte* output, word32 inLen)
             if (lbit)
                 tmps[i][sizes[i]-1] = 0x00;
 
-            int err = mp_to_unsigned_bin(keyInt, tmps[i] + sizes[i]);
+            err = mp_to_unsigned_bin(keyInt, tmps[i] + sizes[i]);
             if (err == MP_OKAY) {
                 sizes[i] += (rawLen-lbit); /* lbit included in rawLen */
                 intTotalLen += sizes[i];
diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c
index 71c62f99b..273eabf02 100644
--- a/wolfcrypt/test/test.c
+++ b/wolfcrypt/test/test.c
@@ -99,13 +99,7 @@
 #if defined(USE_CERT_BUFFERS_1024) || defined(USE_CERT_BUFFERS_2048) \
                                    || !defined(NO_DH)
     /* include test cert and key buffers for use with NO_FILESYSTEM */
-    #if defined(WOLFSSL_MDK_ARM)
-        #include "cert_data.h"
-                        /* use certs_test.c for initial data, so other
-                                               commands can share the data. */
-    #else
         #include <wolfssl/certs_test.h>
-    #endif
 #endif
 
 #if defined(WOLFSSL_MDK_ARM)
diff --git a/wolfssl/wolfcrypt/random.h b/wolfssl/wolfcrypt/random.h
index 741d2531f..97048ffc2 100644
--- a/wolfssl/wolfcrypt/random.h
+++ b/wolfssl/wolfcrypt/random.h
@@ -67,13 +67,6 @@ typedef struct OS_Seed {
     #endif
 } OS_Seed;
 
-
-#if defined(WOLFSSL_MDK_ARM)
-#undef RNG
-#define RNG wolfSSL_RNG   /* for avoiding name conflict in "stm32f2xx.h" */
-#endif
-
-
 #if defined(HAVE_HASHDRBG) || defined(NO_RC4)
 
 

From 9af596dfffaf0657fdf37be7f88a35cb26ec0d89 Mon Sep 17 00:00:00 2001
From: Takashi Kojo <kojo@wolfssl.com>
Date: Wed, 12 Aug 2015 17:55:18 +0900
Subject: [PATCH 320/350] add config files

---
 .../MDK-ARM/wolfSSL/config-BARE-METAL.h       | 292 +++++++++++++++
 IDE/MDK-ARM/MDK-ARM/wolfSSL/config-FS.h       | 329 ++++++++++++++++
 .../MDK-ARM/wolfSSL/config-RTX-TCP-FS.h       | 353 ++++++++++++++++++
 IDE/MDK-ARM/MDK-ARM/wolfSSL/config-WOLFLIB.h  |  13 +
 IDE/MDK-ARM/MDK-ARM/wolfSSL/config.h          |  55 +++
 wolfcrypt/benchmark/benchmark.c               |   7 +-
 6 files changed, 1043 insertions(+), 6 deletions(-)
 create mode 100644 IDE/MDK-ARM/MDK-ARM/wolfSSL/config-BARE-METAL.h
 create mode 100644 IDE/MDK-ARM/MDK-ARM/wolfSSL/config-FS.h
 create mode 100644 IDE/MDK-ARM/MDK-ARM/wolfSSL/config-RTX-TCP-FS.h
 create mode 100644 IDE/MDK-ARM/MDK-ARM/wolfSSL/config-WOLFLIB.h
 create mode 100644 IDE/MDK-ARM/MDK-ARM/wolfSSL/config.h

diff --git a/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-BARE-METAL.h b/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-BARE-METAL.h
new file mode 100644
index 000000000..5ce08dc3d
--- /dev/null
+++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-BARE-METAL.h
@@ -0,0 +1,292 @@
+/* config-BEREFOOT.h
+ *
+ * Copyright (C) 2006-2015 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL. (formerly known as CyaSSL)
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+
+/**** wolfSSL for KEIL-RL Configuration ****/
+
+#define __CORTEX_M3__
+#define WOLFSSL_MDK_ARM
+#define NO_WRITEV
+#define NO_WOLFSSL_DIR
+//#define NO_MAIN_DRIVER
+
+#define WOLFSSL_DER_LOAD
+#define HAVE_NULL_CIPHER
+
+#define SINGLE_THREADED
+#define NO_FILESYSTEM
+#define NO_TLS
+#define WOLFSSL_USER_IO
+
+#define NO_ECHOSERVER
+#define NO_ECHOCLIENT
+#define NO_SIMPLE_SERVER
+#define NO_SIMPLE_CLIENT
+
+// <<< Use Configuration Wizard in Context Menu >>>
+
+// <h> Build Target: KEIL-BAREFOOT
+//  <h> Single Threaded, No File System, No TCP-net
+//   </h>
+//      <e>Command Shell
+#define MDK_CONF_SHELL 1
+#if MDK_CONF_SHELL  == 1
+#define WOLFSSL_MDK_SHELL
+#endif
+//  </e>
+//  <h>wolfSSL Apps
+//  <h>Crypt/Cipher
+//        <o>Cert Storage <1=> Mem Buff (1024bytes) <2=> Mem Buff (2048bytes)
+#define MDK_CONF_CERT_BUFF 1
+#if MDK_CONF_CERT_BUFF == 1
+#define USE_CERT_BUFFERS_1024
+#elif MDK_CONF_CERT_BUFF == 2
+#define USE_CERT_BUFFERS_2048
+#endif
+
+//      <e>Crypt/Cipher Test Suite
+#define MDK_CONF_CTaoCryptTest 1
+#if MDK_CONF_CTaoCryptTest  == 0
+#define NO_CRYPT_TEST
+#endif
+//  </e>
+//      <e>Crypt/Cipher Benchmark
+#define MDK_CONF_CTaoCryptBenchmark 1
+#if MDK_CONF_CTaoCryptBenchmark == 0
+#define NO_CRYPT_BENCHMARK 
+#define BENCH_EMBEDDED
+#endif
+//  </e>
+//   </h>
+
+//  <h>STM32 Hardware Crypt
+//      <e>STM32F2 Hardware RNG
+#define MDK_CONF_STM32F2_RNG 0
+#if MDK_CONF_STM32F2_RNG == 1
+#define STM32F2_RNG
+#else
+#define NO_DEV_RANDOM
+#endif
+//  </e>
+//      <e>STM32F2 Hardware Crypt
+#define MDK_CONF_STM32F2_CRYPTO 0
+#if MDK_CONF_STM32F2_CRYPTO == 1
+#define STM32F2_CRYPTO
+#endif
+//  </e>
+
+// </h>
+
+
+//  <h>wolfCrypt Library
+
+//       <h>MD5, SHA, SHA-256, AES, RC4, ASN, RSA
+//        </h>
+//      <e>MD2
+#define MDK_CONF_MD2 0
+#if MDK_CONF_MD2 == 1
+#define WOLFSSL_MD2
+#endif
+//  </e>
+//      <e>MD4
+#define MDK_CONF_MD4 1
+#if MDK_CONF_MD4 == 0
+#define NO_MD4
+#endif
+//  </e>
+//      <e>SHA-384
+//          <i>This has to be with SHA512
+#define MDK_CONF_SHA384 0
+#if MDK_CONF_SHA384 == 1
+#define WOLFSSL_SHA384
+#endif
+//  </e>
+//      <e>SHA-512          
+#define MDK_CONF_SHA512     0
+#if MDK_CONF_SHA512     == 1
+#define WOLFSSL_SHA512   
+#endif
+//  </e>
+//      <e>RIPEMD
+#define MDK_CONF_RIPEMD 0
+#if MDK_CONF_RIPEMD == 1
+#define WOLFSSL_RIPEMD
+#endif
+//  </e>
+//      <e>HMAC
+#define MDK_CONF_HMAC 1
+#if MDK_CONF_HMAC == 0
+#define NO_HMAC
+#endif
+//  </e>
+//      <e>HC128
+#define MDK_CONF_HC128 0
+#if MDK_CONF_HC128 == 1
+#define HAVE_HC128
+#endif
+//  </e>
+//  <e>RABBIT
+#define MDK_CONF_RABBIT 1
+#if MDK_CONF_RABBI == 0
+#define NO_RABBIT
+#endif
+//  </e>
+
+//      <e>AEAD     
+#define MDK_CONF_AEAD 0
+#if MDK_CONF_AEAD == 1
+#define HAVE_AEAD
+#endif
+//  </e>
+//      <e>DES3
+#define MDK_CONF_DES3 1
+#if MDK_CONF_DES3 == 0
+#define NO_DES3
+#endif
+//  </e>
+//      <e>CAMELLIA
+#define MDK_CONF_CAMELLIA 0
+#if MDK_CONF_CAMELLIA == 1
+#define HAVE_CAMELLIA
+#endif
+//  </e>
+
+//      <e>DH
+//              <i>need this for WOLFSSL_SERVER, OPENSSL_EXTRA
+#define MDK_CONF_DH 1
+#if MDK_CONF_DH == 0
+#define NO_DH
+#endif
+//  </e>
+//      <e>DSA
+#define MDK_CONF_DSA 1 
+#if MDK_CONF_DSA == 0
+#define NO_DSA
+#endif
+//  </e>
+//      <e>PWDBASED
+#define MDK_CONF_PWDBASED 1
+#if MDK_CONF_PWDBASED == 0
+#define NO_PWDBASED
+#endif
+//  </e>
+
+//      <e>ECC
+#define MDK_CONF_ECC 0
+#if MDK_CONF_ECC == 1
+#define HAVE_ECC
+#endif
+//  </e>
+//      <e>PSK
+#define MDK_CONF_PSK 1
+#if MDK_CONF_PSK == 0
+#define NO_PSK
+#endif
+//  </e>
+//      <e>AESCCM (Turn off Hardware Crypt)
+#define MDK_CONF_AESCCM 0
+#if MDK_CONF_AESCCM == 1
+#define HAVE_AESCCM
+#endif
+//  </e>
+//      <e>AESGCM (Turn off Hardware Crypt)
+#define MDK_CONF_AESGCM 0
+#if MDK_CONF_AESGCM == 1
+#define HAVE_AESGCM
+#define BUILD_AESGCM
+#endif
+//  </e>
+//      <e>NTRU (need License, "crypto_ntru.h")
+#define MDK_CONF_NTRU 0
+#if MDK_CONF_NTRU == 1
+#define HAVE_NTRU
+#endif
+//  </e>
+//  </h>
+
+//  <h>Others
+
+//      <e>Inline
+#define MDK_CONF_INLINE 0
+#if MDK_CONF_INLINE == 0
+#define NO_INLINE
+#endif
+//  </e>
+//      <h>Debug
+//              <e>Debug Message
+#define MDK_CONF_DebugMessage 0
+#if MDK_CONF_DebugMessage == 1
+#define DEBUG_WOLFSSL
+#endif
+//         </e>
+//              <e>Check malloc
+#define MDK_CONF_CheckMalloc 1
+#if MDK_CONF_CheckMalloc == 1
+#define WOLFSSL_MALLOC_CHECK
+#endif
+//         </e>
+
+
+//  </h>
+//      <e>ErrNo.h
+#define MDK_CONF_ErrNo 0
+#if MDK_CONF_ErrNo == 1
+#define HAVE_ERRNO
+#endif
+//  </e>
+//      <e>zlib (need "zlib.h")
+#define MDK_CONF_LIBZ 0
+#if MDK_CONF_LIBZ == 1
+#define HAVE_LIBZ
+#endif
+//  </e>
+//      <e>CAVIUM (need CAVIUM headers)
+#define MDK_CONF_CAVIUM 0
+#if MDK_CONF_CAVIUM == 1
+#define HAVE_CAVIUM
+#endif
+//  </e>
+
+//      <e>Error Strings
+#define MDK_CONF_ErrorStrings 1
+#if MDK_CONF_ErrorStrings == 0
+#define NO_ERROR_STRINGS
+#endif
+//  </e>
+
+//      <e>Small Stack
+#define MDK_CONF_SmallStack 1
+#if MDK_CONF_SmallStack == 0
+#define NO_WOLFSSL_SMALL_STACK
+#endif
+//  </e>
+//      <e>Use Fast Math
+#define MDK_CONF_FASTMATH 0
+#if MDK_CONF_FASTMATH == 1
+#define USE_FAST_MATH
+#endif
+//  </e>
+
+
+//  </h>
+
+//</h>
+// <<< end of configuration section >>>
diff --git a/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-FS.h b/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-FS.h
new file mode 100644
index 000000000..37c92f446
--- /dev/null
+++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-FS.h
@@ -0,0 +1,329 @@
+/* config-FS.h
+ *
+ * Copyright (C) 2006-2015 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL. (formerly known as CyaSSL)
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+
+/**** wolfSSL for KEIL-RL Configuration ****/
+
+#define __CORTEX_M3__
+#define WOLFSSL_KEIL_RL
+#define NO_WRITEV
+#define NO_WOLFSSL_DIR
+#define NO_MAIN_DRIVER
+#define WOLFSSL_USER_IO
+
+#define WOLFSSL_DER_LOAD
+#define HAVE_NULL_CIPHER
+
+#define SINGLE_THREADED
+
+#define NO_ECHOSERVER
+#define NO_ECHOCLIENT
+#define NO_SIMPLE_SERVER
+#define NO_SIMPLE_CLIENT
+
+// <<< Use Configuration Wizard in Context Menu >>>
+
+// <h> Build Target: KEIL-FS
+//  <h> Single Threaded, With File System, No TCP-net
+//   </h>
+//      <e>Command Shell
+#define MDK_CONF_SHELL 1
+#if MDK_CONF_SHELL  == 1
+#define WOLFSSL_MDK_SHELL
+#endif
+//  </e>
+//  <h>wolfSSL Apps
+//  <h>Crypt/Cipher
+//        <o>Cert Storage <0=> SD Card <1=> Mem Buff (1024bytes) <2=> Mem Buff (2048bytes)
+#define MDK_CONF_CERT_BUFF 0
+#if MDK_CONF_CERT_BUFF== 1
+#define USE_CERT_BUFFERS_1024
+#elif MDK_CONF_CERT_BUFF == 2
+#define USE_CERT_BUFFERS_2048
+#endif
+
+//      <e>Crypt/Cipher Test Suite
+#define MDK_CONF_CTaoCryptTest 1
+#if MDK_CONF_CTaoCryptTest  == 0
+#define NO_CRYPT_TEST
+#endif
+//  </e>
+//      <e>Crypt/Cipher Benchmark
+#define MDK_CONF_CTaoCryptBenchmark 1
+#if MDK_CONF_CTaoCryptBenchmark == 0
+#define NO_CRYPT_BENCHMARK 
+#endif
+//  </e>
+//   </h>
+
+//  <h>STM32 Hardware Crypt
+//      <e>STM32F2 Hardware RNG
+#define MDK_CONF_STM32F2_RNG 0
+#if MDK_CONF_STM32F2_RNG == 1
+#define STM32F2_RNG
+#else
+#define NO_DEV_RANDOM
+#endif
+//  </e>
+//      <e>STM32F2 Hardware Crypt
+#define MDK_CONF_STM32F2_CRYPTO 0
+#if MDK_CONF_STM32F2_CRYPTO == 1
+#define STM32F2_CRYPTO
+#endif
+//  </e>
+
+// </h>
+
+//  <h>wolfSSL Library
+//     <h>SSL (Included by default)
+//     </h>
+
+//      <e>TLS 
+#define MDK_CONF_TLS 1
+#if MDK_CONF_TLS == 0
+#define NO_TLS
+#endif
+//  </e>
+
+//      <e>CertGen
+#define MDK_CONF_CERT_GEN 0
+#if MDK_CONF_CERT_GEN == 1
+#define WOLFSSL_CERT_GEN
+#endif
+//  </e>
+//      <e>KeyGen
+#define MDK_CONF_KEY_GEN 0
+#if MDK_CONF_KEY_GEN == 1
+#define WOLFSSL_KEY_GEN
+#endif
+//  </e>
+//      <e>CRL
+#define MDK_CONF_DER_LOAD 0
+#if MDK_CONF_DER_LOAD == 1
+#define WOLFSSL_DER_LOAD
+#endif
+//  </e>
+//      <e>OpenSSL Extra
+#define MDK_CONF_OPENSSL_EXTRA 0
+#if MDK_CONF_OPENSSL_EXTRA == 1
+#define OPENSSL_EXTRA
+#endif
+//  </e>
+//      <h>CRL Monitor, OCSP (not supported with KEIL)
+//     </h>
+
+// </h>
+
+//  <h>wolfCrypt Library
+
+//       <h>MD5, SHA, SHA-256, AES, RC4, ASN, RSA
+//        </h>
+
+//      <e>MD2
+#define MDK_CONF_MD2 0
+#if MDK_CONF_MD2 == 1
+#define WOLFSSL_MD2
+#endif
+//  </e>
+//      <e>MD4
+#define MDK_CONF_MD4 1
+#if MDK_CONF_MD4 == 0
+#define NO_MD4
+#endif
+//  </e>
+//      <e>SHA-384
+//          <i>This has to be with SHA512
+#define MDK_CONF_SHA384 0
+#if MDK_CONF_SHA384 == 1
+#define WOLFSSL_SHA384
+#endif
+//  </e>
+//      <e>SHA-512          
+#define MDK_CONF_SHA512     0
+#if MDK_CONF_SHA512     == 1
+#define WOLFSSL_SHA512   
+#endif
+//  </e>
+//      <e>RIPEMD
+#define MDK_CONF_RIPEMD 0
+#if MDK_CONF_RIPEMD == 1
+#define WOLFSSL_RIPEMD
+#endif
+//  </e>
+//      <e>HMAC
+#define MDK_CONF_HMAC 1
+#if MDK_CONF_HMAC == 0
+#define NO_HMAC
+#endif
+//  </e>
+//      <e>HC128
+#define MDK_CONF_HC128 0
+#if MDK_CONF_HC128 == 1
+#define HAVE_HC128
+#endif
+//  </e>
+//  <e>RABBIT
+#define MDK_CONF_RABBIT 1
+#if MDK_CONF_RABBI == 0
+#define NO_RABBIT
+#endif
+//  </e>
+
+//      <e>AEAD     
+#define MDK_CONF_AEAD 0
+#if MDK_CONF_AEAD == 1
+#define HAVE_AEAD
+#endif
+//  </e>
+//      <e>DES3
+#define MDK_CONF_DES3 1
+#if MDK_CONF_DES3 == 0
+#define NO_DES3
+#endif
+//  </e>
+//      <e>CAMELLIA
+#define MDK_CONF_CAMELLIA 0
+#if MDK_CONF_CAMELLIA == 1
+#define HAVE_CAMELLIA
+#endif
+//  </e>
+
+//      <e>DH
+//              <i>need this for WOLFSSL_SERVER, OPENSSL_EXTRA
+#define MDK_CONF_DH 1
+#if MDK_CONF_DH == 0
+#define NO_DH
+#endif
+//  </e>
+//      <e>DSA
+#define MDK_CONF_DSA 1 
+#if MDK_CONF_DSA == 0
+#define NO_DSA
+#endif
+//  </e>
+//      <e>PWDBASED
+#define MDK_CONF_PWDBASED 1
+#if MDK_CONF_PWDBASED == 0
+#define NO_PWDBASED
+#endif
+//  </e>
+
+//      <e>ECC
+#define MDK_CONF_ECC 0
+#if MDK_CONF_ECC == 1
+#define HAVE_ECC
+#endif
+//  </e>
+//      <e>PSK
+#define MDK_CONF_PSK 1
+#if MDK_CONF_PSK == 0
+#define NO_PSK
+#endif
+//  </e>
+//      <e>AESCCM (Turn off Hardware Crypt)
+#define MDK_CONF_AESCCM 0
+#if MDK_CONF_AESCCM == 1
+#define HAVE_AESCCM
+#endif
+//  </e>
+//      <e>AESGCM (Turn off Hardware Crypt)
+#define MDK_CONF_AESGCM 0
+#if MDK_CONF_AESGCM == 1
+#define HAVE_AESGCM
+#define BUILD_AESGCM
+#endif
+//  </e>
+//      <e>NTRU (need License, "crypto_ntru.h")
+#define MDK_CONF_NTRU 0
+#if MDK_CONF_NTRU == 1
+#define HAVE_NTRU
+#endif
+//  </e>
+//  </h>
+
+//  <h>Others
+
+//      <e>Inline
+#define MDK_CONF_INLINE 0
+#if MDK_CONF_INLINE == 0
+#define NO_INLINE
+#endif
+//  </e>
+//      <h>Debug
+//              <e>Debug Message
+#define MDK_CONF_DebugMessage 0
+#if MDK_CONF_DebugMessage == 1
+#define DEBUG_WOLFSSL
+#endif
+//         </e>
+//              <e>Check malloc
+#define MDK_CONF_CheckMalloc 1
+#if MDK_CONF_CheckMalloc == 1
+#define WOLFSSL_MALLOC_CHECK
+#endif
+//         </e>
+
+
+//  </h>
+//      <e>ErrNo.h
+#define MDK_CONF_ErrNo 0
+#if MDK_CONF_ErrNo == 1
+#define HAVE_ERRNO
+#endif
+//  </e>
+//      <e>zlib (need "zlib.h")
+#define MDK_CONF_LIBZ 0
+#if MDK_CONF_LIBZ == 1
+#define HAVE_LIBZ
+#endif
+//  </e>
+//      <e>CAVIUM (need CAVIUM headers)
+#define MDK_CONF_CAVIUM 0
+#if MDK_CONF_CAVIUM == 1
+#define HAVE_CAVIUM
+#endif
+//  </e>
+
+//      <e>Error Strings
+#define MDK_CONF_ErrorStrings 1
+#if MDK_CONF_ErrorStrings == 0
+#define NO_ERROR_STRINGS
+#endif
+//  </e>
+
+//      <e>Small Stack
+#define MDK_CONF_SmallStack 1
+#if MDK_CONF_SmallStack == 0
+#define NO_WOLFSSL_SMALL_STACK
+#endif
+//  </e>
+//      <e>Use Fast Math
+#define MDK_CONF_FASTMATH 0
+#if MDK_CONF_FASTMATH == 1
+#define USE_FAST_MATH
+#endif
+//  </e>
+
+
+//  </h>
+
+//</h>
+// <<< end of configuration section >>>
diff --git a/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-RTX-TCP-FS.h b/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-RTX-TCP-FS.h
new file mode 100644
index 000000000..454b86bce
--- /dev/null
+++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-RTX-TCP-FS.h
@@ -0,0 +1,353 @@
+/* config-RTX-TCP-FS.h
+ *
+ * Copyright (C) 2006-2015 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL. (formerly known as CyaSSL)
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+
+
+/**** wolfSSL for MDK-RTX-TCP-FS  Configuration ****/
+
+#define __CORTEX_M3__
+#define WOLFSSL_MDK_ARM
+#define NO_WRITEV
+#define NO_WOLFSSL_DIR
+#define NO_MAIN_DRIVER
+
+#define WOLFSSL_DER_LOAD
+#define HAVE_NULL_CIPHER
+
+#define HAVE_KEIL_RTX
+#define WOLFSSL_KEIL_TCP_NET
+
+
+// <<< Use Configuration Wizard in Context Menu >>>
+// <h> Build Target: KEIL-RTX-TCP-FS
+//  <h> RTOS, File System and TCP-net
+//  </h>
+//      <e>Command Shell
+#define MDK_CONF_SHELL 1
+#if MDK_CONF_SHELL  == 1
+#define WOLFSSL_MDK_SHELL
+#endif
+//  </e>
+//  <h>wolfSSL Apps
+//  <h>Crypt/Cipher
+//        <o>Cert Storage <0=> SD Card <1=> Mem Buff (1024bytes) <2=> Mem Buff (2048bytes)
+#define MDK_CONF_CERT_BUFF 0
+#if MDK_CONF_CERT_BUFF== 1
+#define USE_CERT_BUFFERS_1024
+#elif MDK_CONF_CERT_BUFF == 2
+#define USE_CERT_BUFFERS_2048
+#endif
+
+//      <e>Crypt/Cipher Test Suite
+#define MDK_CONF_CTaoCryptTest 1
+#if MDK_CONF_CTaoCryptTest  == 0
+#define NO_CRYPT_TEST
+#endif
+//  </e>
+//      <e>Crypt/Cipher Benchmark
+#define MDK_CONF_CTaoCryptBenchmark 1
+#if MDK_CONF_CTaoCryptBenchmark == 0
+#define NO_CRYPT_BENCHMARK 
+#define BENCH_EMBEDDED
+#endif
+//  </e>
+//   </h>
+//   <h>SSL/TLS Server/Client
+//      <e>echoServer
+#define MDK_CONF_echoServer 1
+#if MDK_CONF_echoServer == 0
+#define NO_ECHOSERVER
+#endif
+//  </e>
+//      <e>echoClient
+#define MDK_CONF_echoClient 1
+#if MDK_CONF_echoClient == 0
+#define NO_ECHOCLIENT
+#endif
+//  </e>
+//      <e>SimpleServer
+#define MDK_CONF_simpleServer 1
+#if MDK_CONF_simpleServer == 0
+#define NO_SIMPLE_SERVER
+#endif
+//  </e>
+//      <e>SimpleCliet
+#define MDK_CONF_simpleClient 1
+#if MDK_CONF_simpleClient == 0
+#define NO_SIMPLE_CLIENT
+#endif
+//  </e>
+// </h>
+// </h>
+//  <h>STM32 Hardware Crypt
+//      <e>STM32F2 Hardware RNG
+#define MDK_CONF_STM32F2_RNG 0
+#if MDK_CONF_STM32F2_RNG == 1
+#define STM32F2_RNG
+#else
+#define NO_DEV_RANDOM
+#endif
+//  </e>
+//      <e>STM32F2 Hardware Crypt
+#define MDK_CONF_STM32F2_CRYPTO 0
+#if MDK_CONF_STM32F2_CRYPTO == 1
+#define STM32F2_CRYPTO
+#endif
+//  </e>
+
+// </h>
+
+//  <h>wolfSSL Library
+//     <h>SSL (Included by default)
+//     </h>
+
+//      <e>TLS 
+#define MDK_CONF_TLS 1
+#if MDK_CONF_TLS == 0
+#define NO_TLS
+#endif
+//  </e>
+
+//      <e>CertGen
+#define MDK_CONF_CERT_GEN 0
+#if MDK_CONF_CERT_GEN == 1
+#define WOLFSSL_CERT_GEN
+#endif
+//  </e>
+//      <e>KeyGen
+#define MDK_CONF_KEY_GEN 0
+#if MDK_CONF_KEY_GEN == 1
+#define WOLFSSL_KEY_GEN
+#endif
+//  </e>
+//      <e>CRL
+#define MDK_CONF_DER_LOAD 0
+#if MDK_CONF_DER_LOAD == 1
+#define WOLFSSL_DER_LOAD
+#endif
+//  </e>
+//      <e>OpenSSL Extra
+#define MDK_CONF_OPENSSL_EXTRA 0
+#if MDK_CONF_OPENSSL_EXTRA == 1
+#define OPENSSL_EXTRA
+#endif
+//  </e>
+//      <h>CRL Monitor, OCSP (not supported with KEIL)
+//     </h>
+
+// </h>
+
+//  <h>wolfCrypt Library
+
+//       <h>MD5, SHA, SHA-256, AES, RC4, ASN, RSA
+//        </h>
+//      <e>MD2
+#define MDK_CONF_MD2 0
+#if MDK_CONF_MD2 == 1
+#define WOLFSSL_MD2
+#endif
+//  </e>
+//      <e>MD4
+#define MDK_CONF_MD4 0
+#if MDK_CONF_MD4 == 0
+#define NO_MD4
+#endif
+//  </e>
+//      <e>SHA-384
+//          <i>This has to be with SHA512
+#define MDK_CONF_SHA384 0
+#if MDK_CONF_SHA384 == 1
+#define WOLFSSL_SHA384
+#endif
+//  </e>
+//      <e>SHA-512          
+#define MDK_CONF_SHA512     0
+#if MDK_CONF_SHA512     == 1
+#define WOLFSSL_SHA512   
+#endif
+//  </e>
+//      <e>RIPEMD
+#define MDK_CONF_RIPEMD 0
+#if MDK_CONF_RIPEMD == 1
+#define WOLFSSL_RIPEMD
+#endif
+//  </e>
+//      <e>HMAC
+#define MDK_CONF_HMAC 1
+#if MDK_CONF_HMAC == 0
+#define NO_HMAC
+#endif
+//  </e>
+//      <e>HC128
+#define MDK_CONF_HC128 0
+#if MDK_CONF_HC128 == 1
+#define HAVE_HC128
+#endif
+//  </e>
+//  <e>RABBIT
+#define MDK_CONF_RABBIT 1
+#if MDK_CONF_RABBI == 0
+#define NO_RABBIT
+#endif
+//  </e>
+
+//      <e>AEAD     
+#define MDK_CONF_AEAD 0
+#if MDK_CONF_AEAD == 1
+#define HAVE_AEAD
+#endif
+//  </e>
+//      <e>DES3
+#define MDK_CONF_DES3 0
+#if MDK_CONF_DES3 == 0
+#define NO_DES3
+#endif
+//  </e>
+//      <e>CAMELLIA
+#define MDK_CONF_CAMELLIA 0
+#if MDK_CONF_CAMELLIA == 1
+#define HAVE_CAMELLIA
+#endif
+//  </e>
+
+//      <e>DH
+//              <i>need this for WOLFSSL_SERVER, OPENSSL_EXTRA
+#define MDK_CONF_DH 1
+#if MDK_CONF_DH == 0
+#define NO_DH
+#endif
+//  </e>
+//      <e>DSA
+#define MDK_CONF_DSA 1 
+#if MDK_CONF_DSA == 0
+#define NO_DSA
+#endif
+//  </e>
+//      <e>PWDBASED
+#define MDK_CONF_PWDBASED 1
+#if MDK_CONF_PWDBASED == 0
+#define NO_PWDBASED
+#endif
+//  </e>
+
+//      <e>ECC
+#define MDK_CONF_ECC 0
+#if MDK_CONF_ECC == 1
+#define HAVE_ECC
+#endif
+//  </e>
+//      <e>PSK
+#define MDK_CONF_PSK 1
+#if MDK_CONF_PSK == 0
+#define NO_PSK
+#endif
+//  </e>
+//      <e>AESCCM (Turn off Hardware Crypt)
+#define MDK_CONF_AESCCM 0
+#if MDK_CONF_AESCCM == 1
+#define HAVE_AESCCM
+#endif
+//  </e>
+//      <e>AESGCM (Turn off Hardware Crypt)
+#define MDK_CONF_AESGCM 0
+#if MDK_CONF_AESGCM == 1
+#define HAVE_AESGCM
+#define BUILD_AESGCM
+#endif
+//  </e>
+//      <e>NTRU (need License, "crypto_ntru.h")
+#define MDK_CONF_NTRU 0
+#if MDK_CONF_NTRU == 1
+#define HAVE_NTRU
+#endif
+//  </e>
+//  </h>
+
+//  <h>Others
+
+//      <e>Inline
+#define MDK_CONF_INLINE 0
+#if MDK_CONF_INLINE == 0
+#define NO_INLINE
+#endif
+//  </e>
+//      <h>Debug
+//              <e>Debug Message
+#define MDK_CONF_DEBUG_MSG 0
+#if MDK_CONF_DEBUG_MSG == 1
+#define DEBUG_WOLFSSL
+#endif
+//         </e>
+//              <e>Check malloc
+#define MDK_CONF_CHECK_MALLOC 1
+#if MDK_CONF_CHECK_MALLOC == 1
+#define WOLFSSL_MALLOC_CHECK
+#endif
+//         </e>
+
+
+//  </h>
+//      <e>ErrNo.h
+#define MDK_CONF_ERR_NO 0
+#if MDK_CONF_ERR_NO == 1
+#define HAVE_ERRNO
+#endif
+//  </e>
+//      <e>zlib (need "zlib.h")
+#define MDK_CONF_LIBZ 0
+#if MDK_CONF_LIBZ == 1
+#define HAVE_LIBZ
+#endif
+//  </e>
+//      <e>CAVIUM (need CAVIUM headers)
+#define MDK_CONF_CAVIUM 0
+#if MDK_CONF_CAVIUM == 1
+#define HAVE_CAVIUM
+#endif
+//  </e>
+
+//      <e>Error Strings
+#define MDK_CONF_ErrorStrings 0
+#if MDK_CONF_ErrorStrings == 0
+#define NO_ERROR_STRINGS
+#endif
+//  </e>
+
+//      <e>Small Stack
+#define MDK_CONF_SMALL_STACK 1
+#if MDK_CONF_SMALL_STACK == 0
+#define NO_WOLFSSL_SMALL_STACK
+#endif
+//  </e>
+//      <e>Use Fast Math
+#define MDK_CONF_FASTMATH 1
+#if MDK_CONF_FASTMATH == 1
+#define USE_FAST_MATH
+#define TFM_TIMING_RESISTANT
+#endif
+//  </e>
+
+
+//  </h>
+
+//</h>
+// <<< end of configuration section >>>
+
diff --git a/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-WOLFLIB.h b/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-WOLFLIB.h
new file mode 100644
index 000000000..3f4ddf4f6
--- /dev/null
+++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-WOLFLIB.h
@@ -0,0 +1,13 @@
+
+#define SINGLE_THREADED  /* or define RTOS option */
+
+#define WOLFSSL_USER_IO  /* Use own TCP/IP lib */
+
+#define NO_DEV_RANDOM
+#define WOLFSSL_MDK_ARM
+
+#define NO_WOLFSSL_DIR
+#define NO_WRITEV
+
+#define USE_FAST_MATH
+#define TFM_TIMING_RESISTANT
diff --git a/IDE/MDK-ARM/MDK-ARM/wolfSSL/config.h b/IDE/MDK-ARM/MDK-ARM/wolfSSL/config.h
new file mode 100644
index 000000000..3f5c11191
--- /dev/null
+++ b/IDE/MDK-ARM/MDK-ARM/wolfSSL/config.h
@@ -0,0 +1,55 @@
+/* config.h
+ *
+ * Copyright (C) 2006-2015 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL. (formerly known as CyaSSL)
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+#ifndef MDK_CONFIG_H__
+#define MDK_CONFIG_H__
+/**** wolfSSL for KEIL-RL Configuration ****/
+
+#define __CORTEX_M3__
+#define WOLFSSL_MDK_ARM
+
+#define NO_WRITEV
+#define NO_WOLFSSL_DIR
+#define NO_MAIN_DRIVER
+
+/* for Retarget.c */
+#define  STDIO
+#define BENCH_EMBEDDED
+
+#define WOLFSSL_DER_LOAD
+#define HAVE_NULL_CIPHER
+#define WOLFSSL_USER_TIME
+#define NO_TIME_H
+static  int ValidateDate(const unsigned char* date, unsigned char format, int dateType){ return 1; }
+
+#if    defined(MDK_CONF_RTX_TCP_FS)
+#include "config-RTX-TCP-FS.h"
+#elif  defined(MDK_CONF_TCP_FS)
+#include "config-TCP-FS.h"
+#elif  defined(MDK_CONF_FS)
+#include "config-FS.h"
+#elif  defined(MDK_CONF_BARE_METAL)
+#include "config-BARE-METAL.h"
+#elif  defined(MDK_WOLFLIB)
+#include "config-WOLFLIB.h"
+#endif
+
+#endif
diff --git a/wolfcrypt/benchmark/benchmark.c b/wolfcrypt/benchmark/benchmark.c
index ba36e1563..938a4a641 100644
--- a/wolfcrypt/benchmark/benchmark.c
+++ b/wolfcrypt/benchmark/benchmark.c
@@ -105,19 +105,14 @@
 #if defined(USE_CERT_BUFFERS_1024) || defined(USE_CERT_BUFFERS_2048) \
                                    || !defined(NO_DH)
     /* include test cert and key buffers for use with NO_FILESYSTEM */
-    #if defined(WOLFSSL_MDK_ARM)
-        #include "cert_data.h" /* use certs_test.c for initial data, 
-                                      so other commands can share the data. */
-    #else
         #include <wolfssl/certs_test.h>
-    #endif
 #endif
 
 
 #ifdef HAVE_BLAKE2
     #include <wolfssl/wolfcrypt/blake2.h>
     void bench_blake2(void);
-#endif
+#endif 
 
 #ifdef _MSC_VER
     /* 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy */

From 3af082de395654aff041eedc0c07873a2f37561d Mon Sep 17 00:00:00 2001
From: Takashi Kojo <kojo@wolfssl.com>
Date: Wed, 12 Aug 2015 17:58:49 +0900
Subject: [PATCH 321/350] Remove unused file

---
 IDE/MDK-ARM/Projects/conifg-WOLFLIB.h | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 delete mode 100644 IDE/MDK-ARM/Projects/conifg-WOLFLIB.h

diff --git a/IDE/MDK-ARM/Projects/conifg-WOLFLIB.h b/IDE/MDK-ARM/Projects/conifg-WOLFLIB.h
deleted file mode 100644
index e69de29bb..000000000

From 2b35a8242e23dc1066719f22f7a392742b792786 Mon Sep 17 00:00:00 2001
From: Takashi Kojo <kojo@wolfssl.com>
Date: Wed, 12 Aug 2015 19:49:30 +0900
Subject: [PATCH 322/350] MKD file reference path

---
 IDE/MDK-ARM/Projects/MDK-ARM-STM32F2xx.uvopt  | 16 ++++-----
 IDE/MDK-ARM/Projects/MDK-ARM-STM32F2xx.uvproj | 36 +++++++++----------
 .../Projects/MDK-ARM-wolfSSL-Lib.uvopt        |  4 +--
 3 files changed, 28 insertions(+), 28 deletions(-)

diff --git a/IDE/MDK-ARM/Projects/MDK-ARM-STM32F2xx.uvopt b/IDE/MDK-ARM/Projects/MDK-ARM-STM32F2xx.uvopt
index cb7029ea6..173f3e1b0 100644
--- a/IDE/MDK-ARM/Projects/MDK-ARM-STM32F2xx.uvopt
+++ b/IDE/MDK-ARM/Projects/MDK-ARM-STM32F2xx.uvopt
@@ -242,7 +242,7 @@
       <OPTFL>
         <tvExp>1</tvExp>
         <tvExpOptDlg>0</tvExpOptDlg>
-        <IsCurrentTarget>0</IsCurrentTarget>
+        <IsCurrentTarget>1</IsCurrentTarget>
       </OPTFL>
       <CpuCode>255</CpuCode>
       <DebugOpt>
@@ -401,7 +401,7 @@
       <OPTFL>
         <tvExp>1</tvExp>
         <tvExpOptDlg>0</tvExpOptDlg>
-        <IsCurrentTarget>1</IsCurrentTarget>
+        <IsCurrentTarget>0</IsCurrentTarget>
       </OPTFL>
       <CpuCode>255</CpuCode>
       <DebugOpt>
@@ -780,7 +780,7 @@
       <Focus>0</Focus>
       <tvExpOptDlg>0</tvExpOptDlg>
       <bDave2>0</bDave2>
-      <PathWithFileName>..\MDK-ARM\config\Net_Config.c</PathWithFileName>
+      <PathWithFileName>C:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\RL\TCPnet\Http_demo\Net_Config.c</PathWithFileName>
       <FilenameWithoutPath>Net_Config.c</FilenameWithoutPath>
       <RteFlg>0</RteFlg>
       <bShared>0</bShared>
@@ -806,8 +806,8 @@
       <Focus>0</Focus>
       <tvExpOptDlg>0</tvExpOptDlg>
       <bDave2>0</bDave2>
-      <PathWithFileName>..\MDK-ARM\config\RTX_Conf_CM.c</PathWithFileName>
-      <FilenameWithoutPath>RTX_Conf_CM.c</FilenameWithoutPath>
+      <PathWithFileName>C:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\RL\TCPnet\Http_demo\RTX_Config.c</PathWithFileName>
+      <FilenameWithoutPath>RTX_Config.c</FilenameWithoutPath>
       <RteFlg>0</RteFlg>
       <bShared>0</bShared>
     </File>
@@ -819,7 +819,7 @@
       <Focus>0</Focus>
       <tvExpOptDlg>0</tvExpOptDlg>
       <bDave2>0</bDave2>
-      <PathWithFileName>..\MDK-ARM\config\Net_Debug.c</PathWithFileName>
+      <PathWithFileName>C:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\RL\TCPnet\Http_demo\Net_Debug.c</PathWithFileName>
       <FilenameWithoutPath>Net_Debug.c</FilenameWithoutPath>
       <RteFlg>0</RteFlg>
       <bShared>0</bShared>
@@ -871,7 +871,7 @@
       <Focus>0</Focus>
       <tvExpOptDlg>0</tvExpOptDlg>
       <bDave2>0</bDave2>
-      <PathWithFileName>..\STM32F2xx\startup_stm32f2xx.s</PathWithFileName>
+      <PathWithFileName>C:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\RL\TCPnet\Http_demo\startup_stm32f2xx.s</PathWithFileName>
       <FilenameWithoutPath>startup_stm32f2xx.s</FilenameWithoutPath>
       <RteFlg>0</RteFlg>
       <bShared>0</bShared>
@@ -884,7 +884,7 @@
       <Focus>0</Focus>
       <tvExpOptDlg>0</tvExpOptDlg>
       <bDave2>0</bDave2>
-      <PathWithFileName>C:\Keil\ARM\Boards\Keil\MCBSTM32F200\RL\FlashFS\SD_File\File_Config.c</PathWithFileName>
+      <PathWithFileName>C:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\RL\FlashFS\SD_File\File_Config.c</PathWithFileName>
       <FilenameWithoutPath>File_Config.c</FilenameWithoutPath>
       <RteFlg>0</RteFlg>
       <bShared>0</bShared>
diff --git a/IDE/MDK-ARM/Projects/MDK-ARM-STM32F2xx.uvproj b/IDE/MDK-ARM/Projects/MDK-ARM-STM32F2xx.uvproj
index 345a4d485..b194c1113 100644
--- a/IDE/MDK-ARM/Projects/MDK-ARM-STM32F2xx.uvproj
+++ b/IDE/MDK-ARM/Projects/MDK-ARM-STM32F2xx.uvproj
@@ -513,7 +513,7 @@
             <File>
               <FileName>Net_Config.c</FileName>
               <FileType>1</FileType>
-              <FilePath>..\MDK-ARM\config\Net_Config.c</FilePath>
+              <FilePath>C:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\RL\TCPnet\Http_demo\Net_Config.c</FilePath>
             </File>
             <File>
               <FileName>config.h</FileName>
@@ -521,14 +521,14 @@
               <FilePath>..\MDK-ARM\wolfSSL\config.h</FilePath>
             </File>
             <File>
-              <FileName>RTX_Conf_CM.c</FileName>
+              <FileName>RTX_Config.c</FileName>
               <FileType>1</FileType>
-              <FilePath>..\MDK-ARM\config\RTX_Conf_CM.c</FilePath>
+              <FilePath>C:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\RL\TCPnet\Http_demo\RTX_Config.c</FilePath>
             </File>
             <File>
               <FileName>Net_Debug.c</FileName>
               <FileType>1</FileType>
-              <FilePath>..\MDK-ARM\config\Net_Debug.c</FilePath>
+              <FilePath>C:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\RL\TCPnet\Http_demo\Net_Debug.c</FilePath>
               <FileOption>
                 <CommonProperty>
                   <UseCPPCompiler>2</UseCPPCompiler>
@@ -591,12 +591,12 @@
             <File>
               <FileName>startup_stm32f2xx.s</FileName>
               <FileType>2</FileType>
-              <FilePath>..\STM32F2xx\startup_stm32f2xx.s</FilePath>
+              <FilePath>C:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\RL\TCPnet\Http_demo\startup_stm32f2xx.s</FilePath>
             </File>
             <File>
               <FileName>File_Config.c</FileName>
               <FileType>1</FileType>
-              <FilePath>C:\Keil\ARM\Boards\Keil\MCBSTM32F200\RL\FlashFS\SD_File\File_Config.c</FilePath>
+              <FilePath>C:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\RL\FlashFS\SD_File\File_Config.c</FilePath>
             </File>
             <File>
               <FileName>config-WOLFLIB.h</FileName>
@@ -1426,7 +1426,7 @@
             <File>
               <FileName>Net_Config.c</FileName>
               <FileType>1</FileType>
-              <FilePath>..\MDK-ARM\config\Net_Config.c</FilePath>
+              <FilePath>C:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\RL\TCPnet\Http_demo\Net_Config.c</FilePath>
               <FileOption>
                 <CommonProperty>
                   <UseCPPCompiler>2</UseCPPCompiler>
@@ -1477,9 +1477,9 @@
               <FilePath>..\MDK-ARM\wolfSSL\config.h</FilePath>
             </File>
             <File>
-              <FileName>RTX_Conf_CM.c</FileName>
+              <FileName>RTX_Config.c</FileName>
               <FileType>1</FileType>
-              <FilePath>..\MDK-ARM\config\RTX_Conf_CM.c</FilePath>
+              <FilePath>C:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\RL\TCPnet\Http_demo\RTX_Config.c</FilePath>
               <FileOption>
                 <CommonProperty>
                   <UseCPPCompiler>2</UseCPPCompiler>
@@ -1527,7 +1527,7 @@
             <File>
               <FileName>Net_Debug.c</FileName>
               <FileType>1</FileType>
-              <FilePath>..\MDK-ARM\config\Net_Debug.c</FilePath>
+              <FilePath>C:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\RL\TCPnet\Http_demo\Net_Debug.c</FilePath>
               <FileOption>
                 <CommonProperty>
                   <UseCPPCompiler>2</UseCPPCompiler>
@@ -1590,12 +1590,12 @@
             <File>
               <FileName>startup_stm32f2xx.s</FileName>
               <FileType>2</FileType>
-              <FilePath>..\STM32F2xx\startup_stm32f2xx.s</FilePath>
+              <FilePath>C:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\RL\TCPnet\Http_demo\startup_stm32f2xx.s</FilePath>
             </File>
             <File>
               <FileName>File_Config.c</FileName>
               <FileType>1</FileType>
-              <FilePath>C:\Keil\ARM\Boards\Keil\MCBSTM32F200\RL\FlashFS\SD_File\File_Config.c</FilePath>
+              <FilePath>C:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\RL\FlashFS\SD_File\File_Config.c</FilePath>
             </File>
             <File>
               <FileName>config-WOLFLIB.h</FileName>
@@ -2578,7 +2578,7 @@
             <File>
               <FileName>Net_Config.c</FileName>
               <FileType>1</FileType>
-              <FilePath>..\MDK-ARM\config\Net_Config.c</FilePath>
+              <FilePath>C:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\RL\TCPnet\Http_demo\Net_Config.c</FilePath>
               <FileOption>
                 <CommonProperty>
                   <UseCPPCompiler>2</UseCPPCompiler>
@@ -2629,9 +2629,9 @@
               <FilePath>..\MDK-ARM\wolfSSL\config.h</FilePath>
             </File>
             <File>
-              <FileName>RTX_Conf_CM.c</FileName>
+              <FileName>RTX_Config.c</FileName>
               <FileType>1</FileType>
-              <FilePath>..\MDK-ARM\config\RTX_Conf_CM.c</FilePath>
+              <FilePath>C:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\RL\TCPnet\Http_demo\RTX_Config.c</FilePath>
               <FileOption>
                 <CommonProperty>
                   <UseCPPCompiler>2</UseCPPCompiler>
@@ -2679,7 +2679,7 @@
             <File>
               <FileName>Net_Debug.c</FileName>
               <FileType>1</FileType>
-              <FilePath>..\MDK-ARM\config\Net_Debug.c</FilePath>
+              <FilePath>C:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\RL\TCPnet\Http_demo\Net_Debug.c</FilePath>
               <FileOption>
                 <CommonProperty>
                   <UseCPPCompiler>2</UseCPPCompiler>
@@ -2742,12 +2742,12 @@
             <File>
               <FileName>startup_stm32f2xx.s</FileName>
               <FileType>2</FileType>
-              <FilePath>..\STM32F2xx\startup_stm32f2xx.s</FilePath>
+              <FilePath>C:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\RL\TCPnet\Http_demo\startup_stm32f2xx.s</FilePath>
             </File>
             <File>
               <FileName>File_Config.c</FileName>
               <FileType>1</FileType>
-              <FilePath>C:\Keil\ARM\Boards\Keil\MCBSTM32F200\RL\FlashFS\SD_File\File_Config.c</FilePath>
+              <FilePath>C:\Keil_v5\ARM\Boards\Keil\MCBSTM32F200\RL\FlashFS\SD_File\File_Config.c</FilePath>
               <FileOption>
                 <CommonProperty>
                   <UseCPPCompiler>2</UseCPPCompiler>
diff --git a/IDE/MDK-ARM/Projects/MDK-ARM-wolfSSL-Lib.uvopt b/IDE/MDK-ARM/Projects/MDK-ARM-wolfSSL-Lib.uvopt
index 973311568..69f64de42 100644
--- a/IDE/MDK-ARM/Projects/MDK-ARM-wolfSSL-Lib.uvopt
+++ b/IDE/MDK-ARM/Projects/MDK-ARM-wolfSSL-Lib.uvopt
@@ -75,7 +75,7 @@
       <OPTFL>
         <tvExp>1</tvExp>
         <tvExpOptDlg>0</tvExpOptDlg>
-        <IsCurrentTarget>1</IsCurrentTarget>
+        <IsCurrentTarget>0</IsCurrentTarget>
       </OPTFL>
       <CpuCode>255</CpuCode>
       <DebugOpt>
@@ -234,7 +234,7 @@
       <OPTFL>
         <tvExp>1</tvExp>
         <tvExpOptDlg>0</tvExpOptDlg>
-        <IsCurrentTarget>0</IsCurrentTarget>
+        <IsCurrentTarget>1</IsCurrentTarget>
       </OPTFL>
       <CpuCode>255</CpuCode>
       <DebugOpt>

From 910fd79a1d7aad3efeebe7ce46888961ecefe0e6 Mon Sep 17 00:00:00 2001
From: Nickolas Lapp <nick@wolfssl.com>
Date: Wed, 12 Aug 2015 13:58:23 -0600
Subject: [PATCH 323/350] Changes to remove scan-build warnings when compiling
 with full build

---
 src/sniffer.c         |  1 -
 wolfcrypt/test/test.c | 98 +++++++++++++++++++++++++++++++++++++++----
 wolfssl/test.h        |  2 +
 3 files changed, 93 insertions(+), 8 deletions(-)

diff --git a/src/sniffer.c b/src/sniffer.c
index a12dafe57..b71861767 100644
--- a/src/sniffer.c
+++ b/src/sniffer.c
@@ -1323,7 +1323,6 @@ static int ProcessClientKeyExchange(const byte* input, int* sslBytes,
             wc_FreeRsaKey(&key);
             return -1;
         }
-        ret = 0;  /* not in error state */
         session->sslServer->arrays->preMasterSz = SECRET_LEN;
 
         /* store for client side as well */
diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c
index 71c62f99b..c8d9b97ef 100644
--- a/wolfcrypt/test/test.c
+++ b/wolfcrypt/test/test.c
@@ -3491,19 +3491,25 @@ int rsa_test(void)
         FILE*  pemFile;
 
         ret = wc_InitRsaKey(&genKey, 0);
-        if (ret != 0)
+        if (ret != 0) {
+            free(tmp);
             return -300;
+        }
         ret = wc_MakeRsaKey(&genKey, 1024, 65537, &rng);
-        if (ret != 0)
+        if (ret != 0) {
+            free(tmp);
             return -301;
+        }
 
         der = (byte*)malloc(FOURK_BUF);
         if (der == NULL) {
+            free(tmp);
             wc_FreeRsaKey(&genKey);
             return -307;
         }
         pem = (byte*)malloc(FOURK_BUF);
         if (pem == NULL) {
+            free(tmp);
             free(der);
             wc_FreeRsaKey(&genKey);
             return -308;
@@ -3513,6 +3519,7 @@ int rsa_test(void)
         if (derSz < 0) {
             free(der);
             free(pem);
+            free(tmp);
             return -302;
         }
 
@@ -3524,6 +3531,7 @@ int rsa_test(void)
         if (!keyFile) {
             free(der);
             free(pem);
+            free(tmp);
             wc_FreeRsaKey(&genKey);
             return -303;
         }
@@ -3532,6 +3540,7 @@ int rsa_test(void)
         if (ret != derSz) {
             free(der);
             free(pem);
+            free(tmp);
             wc_FreeRsaKey(&genKey);
             return -313;
         }
@@ -3540,6 +3549,7 @@ int rsa_test(void)
         if (pemSz < 0) {
             free(der);
             free(pem);
+            free(tmp);
             wc_FreeRsaKey(&genKey);
             return -304;
         }
@@ -3552,6 +3562,7 @@ int rsa_test(void)
         if (!pemFile) {
             free(der);
             free(pem);
+            free(tmp);
             wc_FreeRsaKey(&genKey);
             return -305;
         }
@@ -3560,6 +3571,7 @@ int rsa_test(void)
         if (ret != pemSz) {
             free(der);
             free(pem);
+            free(tmp);
             wc_FreeRsaKey(&genKey);
             return -314;
         }
@@ -3568,6 +3580,7 @@ int rsa_test(void)
         if (ret != 0) {
             free(der);
             free(pem);
+            free(tmp);
             wc_FreeRsaKey(&genKey);
             return -3060;
         }
@@ -3576,6 +3589,7 @@ int rsa_test(void)
         if (ret != 0) {
             free(der);
             free(pem);
+            free(tmp);
             wc_FreeRsaKey(&derIn);
             wc_FreeRsaKey(&genKey);
             return -306;
@@ -3603,10 +3617,13 @@ int rsa_test(void)
 #endif
 
         derCert = (byte*)malloc(FOURK_BUF);
-        if (derCert == NULL)
+        if (derCert == NULL) {
+            free(tmp);
             return -309;
+        }
         pem = (byte*)malloc(FOURK_BUF);
         if (pem == NULL) {
+            free(tmp);
             free(derCert);
             return -310;
         }
@@ -3627,6 +3644,7 @@ int rsa_test(void)
         if (certSz < 0) {
             free(derCert);
             free(pem);
+            free(tmp);
             return -401;
         }
 
@@ -3636,6 +3654,7 @@ int rsa_test(void)
         if (ret != 0) {
             free(derCert);
             free(pem);
+            free(tmp);
             return -402;
         }
         FreeDecodedCert(&decode);
@@ -3649,6 +3668,7 @@ int rsa_test(void)
         if (!derFile) {
             free(derCert);
             free(pem);
+            free(tmp);
             return -403;
         }
         ret = (int)fwrite(derCert, 1, certSz, derFile);
@@ -3656,6 +3676,7 @@ int rsa_test(void)
         if (ret != certSz) {
             free(derCert);
             free(pem);
+            free(tmp);
             return -414;
         }
 
@@ -3663,6 +3684,7 @@ int rsa_test(void)
         if (pemSz < 0) {
             free(derCert);
             free(pem);
+            free(tmp);
             return -404;
         }
 
@@ -3674,6 +3696,7 @@ int rsa_test(void)
         if (!pemFile) {
             free(derCert);
             free(pem);
+            free(tmp);
             return -405;
         }
         ret = (int)fwrite(pem, 1, pemSz, pemFile);
@@ -3681,6 +3704,7 @@ int rsa_test(void)
         if (ret != pemSz) {
             free(derCert);
             free(pem);
+            free(tmp);
             return -406;
         }
         free(pem);
@@ -3704,11 +3728,14 @@ int rsa_test(void)
 #endif
 
         derCert = (byte*)malloc(FOURK_BUF);
-        if (derCert == NULL)
+        if (derCert == NULL) {
+            free(tmp);
             return -311;
+        }
         pem = (byte*)malloc(FOURK_BUF);
         if (pem == NULL) {
             free(derCert);
+            free(tmp);
             return -312;
         }
 
@@ -3717,6 +3744,7 @@ int rsa_test(void)
         if (!file3) {
             free(derCert);
             free(pem);
+            free(tmp);
             return -412;
         }
 
@@ -3727,12 +3755,14 @@ int rsa_test(void)
         if (ret != 0) {
             free(derCert);
             free(pem);
+            free(tmp);
             return -411;
         }
         ret = wc_RsaPrivateKeyDecode(tmp, &idx3, &caKey, (word32)bytes3);
         if (ret != 0) {
             free(derCert);
             free(pem);
+            free(tmp);
             wc_FreeRsaKey(&caKey);
             return -413;
         }
@@ -3755,6 +3785,7 @@ int rsa_test(void)
         if (ret < 0) {
             free(derCert);
             free(pem);
+            free(tmp);
             wc_FreeRsaKey(&caKey);
             return -405;
         }
@@ -3763,6 +3794,7 @@ int rsa_test(void)
         if (certSz < 0) {
             free(derCert);
             free(pem);
+            free(tmp);
             wc_FreeRsaKey(&caKey);
             return -407;
         }
@@ -3772,6 +3804,7 @@ int rsa_test(void)
         if (certSz < 0) {
             free(derCert);
             free(pem);
+            free(tmp);
             wc_FreeRsaKey(&caKey);
             return -408;
         }
@@ -3783,6 +3816,7 @@ int rsa_test(void)
         if (ret != 0) {
             free(derCert);
             free(pem);
+            free(tmp);
             wc_FreeRsaKey(&caKey);
             return -409;
         }
@@ -3797,6 +3831,7 @@ int rsa_test(void)
         if (!derFile) {
             free(derCert);
             free(pem);
+            free(tmp);
             wc_FreeRsaKey(&caKey);
             return -410;
         }
@@ -3805,6 +3840,7 @@ int rsa_test(void)
         if (ret != certSz) {
             free(derCert);
             free(pem);
+            free(tmp);
             wc_FreeRsaKey(&caKey);
             return -416;
         }
@@ -3813,6 +3849,7 @@ int rsa_test(void)
         if (pemSz < 0) {
             free(derCert);
             free(pem);
+            free(tmp);
             wc_FreeRsaKey(&caKey);
             return -411;
         }
@@ -3825,6 +3862,7 @@ int rsa_test(void)
         if (!pemFile) {
             free(derCert);
             free(pem);
+            free(tmp);
             wc_FreeRsaKey(&caKey);
             return -412;
         }
@@ -3832,6 +3870,7 @@ int rsa_test(void)
         if (ret != pemSz) {
             free(derCert);
             free(pem);
+            free(tmp);
             wc_FreeRsaKey(&caKey);
             return -415;
         }
@@ -3859,11 +3898,14 @@ int rsa_test(void)
 #endif
 
         derCert = (byte*)malloc(FOURK_BUF);
-        if (derCert == NULL)
+        if (derCert == NULL) {
+            free(tmp);
             return -5311;
+        }
         pem = (byte*)malloc(FOURK_BUF);
         if (pem == NULL) {
             free(derCert);
+            free(tmp);
             return -5312;
         }
 
@@ -3872,6 +3914,7 @@ int rsa_test(void)
         if (!file3) {
             free(derCert);
             free(pem);
+            free(tmp);
             return -5412;
         }
 
@@ -3883,6 +3926,7 @@ int rsa_test(void)
         if (ret != 0) {
             free(derCert);
             free(pem);
+            free(tmp);
             return -5413;
         }
 
@@ -3902,6 +3946,7 @@ int rsa_test(void)
             free(pem);
             free(derCert);
             wc_ecc_free(&caKey);
+            free(tmp);
             return -5405;
         }
 
@@ -3910,6 +3955,7 @@ int rsa_test(void)
             free(pem);
             free(derCert);
             wc_ecc_free(&caKey);
+            free(tmp);
             return -5407;
         }
 
@@ -3919,6 +3965,7 @@ int rsa_test(void)
             free(pem);
             free(derCert);
             wc_ecc_free(&caKey);
+            free(tmp);
             return -5408;
         }
 
@@ -3926,6 +3973,7 @@ int rsa_test(void)
         InitDecodedCert(&decode, derCert, certSz, 0);
         ret = ParseCert(&decode, CERT_TYPE, NO_VERIFY, 0);
         if (ret != 0) {
+            free(tmp);
             free(pem);
             free(derCert);
             wc_ecc_free(&caKey);
@@ -3943,6 +3991,7 @@ int rsa_test(void)
             free(pem);
             free(derCert);
             wc_ecc_free(&caKey);
+            free(tmp);
             return -5410;
         }
         ret = (int)fwrite(derCert, 1, certSz, derFile);
@@ -3951,6 +4000,7 @@ int rsa_test(void)
             free(pem);
             free(derCert);
             wc_ecc_free(&caKey);
+            free(tmp);
             return -5414;
         }
 
@@ -3959,6 +4009,7 @@ int rsa_test(void)
             free(pem);
             free(derCert);
             wc_ecc_free(&caKey);
+            free(tmp);
             return -5411;
         }
 
@@ -3971,6 +4022,7 @@ int rsa_test(void)
             free(pem);
             free(derCert);
             wc_ecc_free(&caKey);
+            free(tmp);
             return -5412;
         }
         ret = (int)fwrite(pem, 1, pemSz, pemFile);
@@ -3978,6 +4030,7 @@ int rsa_test(void)
             free(pem);
             free(derCert);
             wc_ecc_free(&caKey);
+            free(tmp);
             return -5415;
         }
         fclose(pemFile);
@@ -4003,11 +4056,14 @@ int rsa_test(void)
         DecodedCert decode;
 #endif
         derCert = (byte*)malloc(FOURK_BUF);
-        if (derCert == NULL)
+        if (derCert == NULL) {
+            free(tmp);
             return -311;
+        }
         pem = (byte*)malloc(FOURK_BUF);
         if (pem == NULL) {
             free(derCert);
+            free(tmp);
             return -312;
         }
 
@@ -4024,6 +4080,7 @@ int rsa_test(void)
         if (rc != DRBG_OK) {
             free(derCert);
             free(pem);
+            free(tmp);
             return -448;
         }
 
@@ -4033,6 +4090,7 @@ int rsa_test(void)
         if (rc != NTRU_OK) {
             free(derCert);
             free(pem);
+            free(tmp);
             return -449;
         }
 
@@ -4042,6 +4100,7 @@ int rsa_test(void)
         if (rc != NTRU_OK) {
             free(derCert);
             free(pem);
+            free(tmp);
             return -450;
         }
 
@@ -4050,6 +4109,7 @@ int rsa_test(void)
         if (rc != NTRU_OK) {
             free(derCert);
             free(pem);
+            free(tmp);
             return -451;
         }
 
@@ -4058,6 +4118,7 @@ int rsa_test(void)
         if (!caFile) {
             free(derCert);
             free(pem);
+            free(tmp);
             return -452;
         }
 
@@ -4068,12 +4129,14 @@ int rsa_test(void)
         if (ret != 0) {
             free(derCert);
             free(pem);
+            free(tmp);
             return -453;
         }
         ret = wc_RsaPrivateKeyDecode(tmp, &idx3, &caKey, (word32)bytes);
         if (ret != 0) {
             free(derCert);
             free(pem);
+            free(tmp);
             return -454;
         }
 
@@ -4092,6 +4155,7 @@ int rsa_test(void)
             free(derCert);
             free(pem);
             wc_FreeRsaKey(&caKey);
+            free(tmp);
             return -455;
         }
 
@@ -4101,6 +4165,7 @@ int rsa_test(void)
             free(derCert);
             free(pem);
             wc_FreeRsaKey(&caKey);
+            free(tmp);
             return -456;
         }
 
@@ -4110,6 +4175,7 @@ int rsa_test(void)
         if (certSz < 0) {
             free(derCert);
             free(pem);
+            free(tmp);
             return -457;
         }
 
@@ -4120,6 +4186,7 @@ int rsa_test(void)
         if (ret != 0) {
             free(derCert);
             free(pem);
+            free(tmp);
             return -458;
         }
         FreeDecodedCert(&decode);
@@ -4128,6 +4195,7 @@ int rsa_test(void)
         if (!derFile) {
             free(derCert);
             free(pem);
+            free(tmp);
             return -459;
         }
         ret = (int)fwrite(derCert, 1, certSz, derFile);
@@ -4135,6 +4203,7 @@ int rsa_test(void)
         if (ret != certSz) {
             free(derCert);
             free(pem);
+            free(tmp);
             return -473;
         }
 
@@ -4142,6 +4211,7 @@ int rsa_test(void)
         if (pemSz < 0) {
             free(derCert);
             free(pem);
+            free(tmp);
             return -460;
         }
 
@@ -4149,6 +4219,7 @@ int rsa_test(void)
         if (!pemFile) {
             free(derCert);
             free(pem);
+            free(tmp);
             return -461;
         }
         ret = (int)fwrite(pem, 1, pemSz, pemFile);
@@ -4156,6 +4227,7 @@ int rsa_test(void)
         if (ret != pemSz) {
             free(derCert);
             free(pem);
+            free(tmp);
             return -474;
         }
 
@@ -4163,6 +4235,7 @@ int rsa_test(void)
         if (!ntruPrivFile) {
             free(derCert);
             free(pem);
+            free(tmp);
             return -462;
         }
         ret = (int)fwrite(private_key, 1, private_key_len, ntruPrivFile);
@@ -4170,6 +4243,7 @@ int rsa_test(void)
         if (ret != private_key_len) {
             free(pem);
             free(derCert);
+            free(tmp);
             return -475;
         }
         free(pem);
@@ -4186,11 +4260,14 @@ int rsa_test(void)
         FILE*       reqFile;
 
         der = (byte*)malloc(FOURK_BUF);
-        if (der == NULL)
+        if (der == NULL) {
+            free(tmp);
             return -463;
+        }
         pem = (byte*)malloc(FOURK_BUF);
         if (pem == NULL) {
             free(der);
+            free(tmp);
             return -464;
         }
 
@@ -4212,6 +4289,7 @@ int rsa_test(void)
         if (derSz < 0) {
             free(pem);
             free(der);
+            free(tmp);
             return -465;
         }
 
@@ -4220,6 +4298,7 @@ int rsa_test(void)
         if (derSz < 0) {
             free(pem);
             free(der);
+            free(tmp);
             return -466;
         }
 
@@ -4227,6 +4306,7 @@ int rsa_test(void)
         if (pemSz < 0) {
             free(pem);
             free(der);
+            free(tmp);
             return -467;
         }
 
@@ -4238,6 +4318,7 @@ int rsa_test(void)
         if (!reqFile) {
             free(pem);
             free(der);
+            free(tmp);
             return -468;
         }
 
@@ -4246,6 +4327,7 @@ int rsa_test(void)
         if (ret != derSz) {
             free(pem);
             free(der);
+            free(tmp);
             return -471;
         }
 
@@ -4257,6 +4339,7 @@ int rsa_test(void)
         if (!reqFile) {
             free(pem);
             free(der);
+            free(tmp);
             return -469;
         }
         ret = (int)fwrite(pem, 1, pemSz, reqFile);
@@ -4264,6 +4347,7 @@ int rsa_test(void)
         if (ret != pemSz) {
             free(pem);
             free(der);
+            free(tmp);
             return -470;
         }
 
diff --git a/wolfssl/test.h b/wolfssl/test.h
index 028e81be3..add257133 100644
--- a/wolfssl/test.h
+++ b/wolfssl/test.h
@@ -1520,6 +1520,8 @@ static INLINE int myDecryptVerifyCb(WOLFSSL* ssl,
 
     /* decrypt */
     ret = wc_AesCbcDecrypt(&decCtx->aes, decOut, decIn, decSz);
+    if (ret != 0)
+        return ret;
 
     if (wolfSSL_GetCipherType(ssl) == WOLFSSL_AEAD_TYPE) {
         *padSz = wolfSSL_GetAeadMacSize(ssl);

From f6c5231e68f3ca1bb5a7a9a0fee013a2c7c04f69 Mon Sep 17 00:00:00 2001
From: Jacob Barthelmeh <jacob@wolfssl.com>
Date: Wed, 12 Aug 2015 14:30:12 -0600
Subject: [PATCH 324/350] fix shadowed declaration on power pc (shadowed asn.h
 Oid_Types enum)

---
 wolfssl/wolfcrypt/pwdbased.h | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/wolfssl/wolfcrypt/pwdbased.h b/wolfssl/wolfcrypt/pwdbased.h
index 0173beef8..068dc5149 100644
--- a/wolfssl/wolfcrypt/pwdbased.h
+++ b/wolfssl/wolfcrypt/pwdbased.h
@@ -51,9 +51,9 @@ WOLFSSL_API int wc_PKCS12_PBKDF(byte* output, const byte* passwd, int pLen,
                             int kLen, int typeH, int purpose);
 
 /* helper functions */
-WOLFSSL_LOCAL int GetDigestSize(int hashType);
-WOLFSSL_LOCAL int GetPKCS12HashSizes(int hashType, word32* v, word32* u);
-WOLFSSL_LOCAL int DoPKCS12Hash(int hashType, byte* buffer, word32 totalLen,
+WOLFSSL_LOCAL int GetDigestSize(int typeH);
+WOLFSSL_LOCAL int GetPKCS12HashSizes(int typeH, word32* v, word32* u);
+WOLFSSL_LOCAL int DoPKCS12Hash(int typeH, byte* buffer, word32 totalLen,
                                byte* Ai, word32 u, int iterations);
 
 

From 46e7e9acf94d9153f0b52180413c36fb3c17ea2a Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Wed, 12 Aug 2015 16:39:13 -0700
Subject: [PATCH 325/350] disable SSLv3 by default

---
 configure.ac                     | 18 ++++++++++++++++
 examples/client/client.c         | 11 +++++-----
 examples/echoclient/echoclient.c |  4 +++-
 examples/echoserver/echoserver.c |  4 +++-
 examples/server/server.c         |  4 +++-
 src/internal.c                   |  4 ++--
 src/sniffer.c                    |  2 +-
 src/ssl.c                        | 20 +++++++++---------
 tests/api.c                      |  6 ++++--
 tests/suites.c                   | 35 ++++++++++++++++++++++++++++++--
 10 files changed, 83 insertions(+), 25 deletions(-)

diff --git a/configure.ac b/configure.ac
index 9f11a50b3..dfce641b1 100644
--- a/configure.ac
+++ b/configure.ac
@@ -887,6 +887,19 @@ else
 fi
 
 
+# SSLv3
+AC_ARG_ENABLE([sslv3],
+    [  --enable-sslv3         Enable SSL version 3.0 (default: disabled)],
+    [ ENABLED_SSLV3=$enableval ],
+    [ ENABLED_SSLV3=no]
+    )
+
+if test "$ENABLED_SSLV3" = "yes"
+then
+    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALLOW_SSLV3"
+fi
+
+
 # STACK SIZE info for examples
 AC_ARG_ENABLE([stacksize],
     [  --enable-stacksize      Enable stack size info on examples (default: disabled)],
@@ -2128,6 +2141,10 @@ AS_IF([test "x$ENABLED_MAXSTRENGTH" = "xyes" && \
       [AM_CFLAGS="$AM_CFLAGS -DNO_OLD_TLS"
        ENABLED_OLD_TLS=no])
 
+AS_IF([test "x$ENABLED_MAXSTRENGTH" = "xyes" && \
+       test "x$ENABLED_SSLV3" = "xyes"],
+      [AC_MSG_ERROR([Cannot use Max Strength and SSLv3 at the same time.])])
+
 
 # OPTIMIZE FLAGS
 if test "$GCC" = "yes"
@@ -2359,6 +2376,7 @@ echo "   * STUNNEL:                   $ENABLED_STUNNEL"
 echo "   * ERROR_STRINGS:             $ENABLED_ERROR_STRINGS"
 echo "   * DTLS:                      $ENABLED_DTLS"
 echo "   * Old TLS Versions:          $ENABLED_OLD_TLS"
+echo "   * SSL version 3.0:           $ENABLED_SSLV3"
 echo "   * OCSP:                      $ENABLED_OCSP"
 echo "   * CRL:                       $ENABLED_CRL"
 echo "   * CRL-MONITOR:               $ENABLED_CRL_MONITOR"
diff --git a/examples/client/client.c b/examples/client/client.c
index 5838c67b9..cb9c40f33 100644
--- a/examples/client/client.c
+++ b/examples/client/client.c
@@ -525,16 +525,17 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
 
 #ifdef USE_WOLFSSL_MEMORY
     if (trackMemory)
-        InitMemoryTracker(); 
+        InitMemoryTracker();
 #endif
 
     switch (version) {
 #ifndef NO_OLD_TLS
+    #ifdef WOLFSSL_ALLOW_SSLV3
         case 0:
             method = wolfSSLv3_client_method();
             break;
-                
-                
+    #endif
+
     #ifndef NO_TLS
         case 1:
             method = wolfTLSv1_client_method();
@@ -544,9 +545,9 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
             method = wolfTLSv1_1_client_method();
             break;
     #endif /* NO_TLS */
-                
+
 #endif  /* NO_OLD_TLS */
-                
+
 #ifndef NO_TLS
         case 3:
             method = wolfTLSv1_2_client_method();
diff --git a/examples/echoclient/echoclient.c b/examples/echoclient/echoclient.c
index 594d146cf..bbf82ea9e 100644
--- a/examples/echoclient/echoclient.c
+++ b/examples/echoclient/echoclient.c
@@ -111,8 +111,10 @@ void echoclient_test(void* args)
     method  = DTLSv1_2_client_method();
 #elif  !defined(NO_TLS)
     method = CyaSSLv23_client_method();
-#else
+#elif defined(WOLFSSL_ALLOW_SSLV3)
     method = SSLv3_client_method();
+#else
+    #error "no valid client method type"
 #endif
     ctx    = SSL_CTX_new(method);
 
diff --git a/examples/echoserver/echoserver.c b/examples/echoserver/echoserver.c
index db499ae08..cb512f4d8 100644
--- a/examples/echoserver/echoserver.c
+++ b/examples/echoserver/echoserver.c
@@ -132,8 +132,10 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
     method  = CyaDTLSv1_2_server_method();
 #elif  !defined(NO_TLS)
     method = CyaSSLv23_server_method();
-#else
+#elif defined(WOLFSSL_ALLOW_SSLV3)
     method = CyaSSLv3_server_method();
+#else
+    #error "no valid server method built in"
 #endif
     ctx    = CyaSSL_CTX_new(method);
     /* CyaSSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF); */
diff --git a/examples/server/server.c b/examples/server/server.c
index c0687a195..7f0c07d61 100644
--- a/examples/server/server.c
+++ b/examples/server/server.c
@@ -402,14 +402,16 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
 
 #ifdef USE_CYASSL_MEMORY
     if (trackMemory)
-        InitMemoryTracker(); 
+        InitMemoryTracker();
 #endif
 
     switch (version) {
 #ifndef NO_OLD_TLS
+    #ifdef WOLFSSL_ALLOW_SSLV3
         case 0:
             method = SSLv3_server_method();
             break;
+    #endif
 
     #ifndef NO_TLS
         case 1:
diff --git a/src/internal.c b/src/internal.c
index 3c7704a8a..bd04bdbec 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -2371,7 +2371,7 @@ DtlsMsg* DtlsMsgInsert(DtlsMsg* head, DtlsMsg* item)
 
 #endif /* WOLFSSL_DTLS */
 
-#ifndef NO_OLD_TLS
+#if defined(WOLFSSL_ALLOW_SSLV3) && !defined(NO_OLD_TLS)
 
 ProtocolVersion MakeSSLv3(void)
 {
@@ -2382,7 +2382,7 @@ ProtocolVersion MakeSSLv3(void)
     return pv;
 }
 
-#endif /* NO_OLD_TLS */
+#endif /* WOLFSSL_ALLOW_SSLV3 && !NO_OLD_TLS */
 
 
 #ifdef WOLFSSL_DTLS
diff --git a/src/sniffer.c b/src/sniffer.c
index a12dafe57..9219d93ef 100644
--- a/src/sniffer.c
+++ b/src/sniffer.c
@@ -1118,7 +1118,7 @@ static int SetNamedPrivateKey(const char* name, const char* address, int port,
         sniffer->server = serverIp;
         sniffer->port = port;
 
-        sniffer->ctx = SSL_CTX_new(SSLv3_client_method());
+        sniffer->ctx = SSL_CTX_new(TLSv1_client_method());
         if (!sniffer->ctx) {
             SetError(MEMORY_STR, error, NULL, 0);
 #ifdef HAVE_SNI
diff --git a/src/ssl.c b/src/ssl.c
index 3cb82827f..2b34f41dc 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -1765,7 +1765,7 @@ int wolfSSL_set_group_messages(WOLFSSL* ssl)
 static int SetMinVersionHelper(byte* minVersion, int version)
 {
     switch (version) {
-#ifndef NO_OLD_TLS
+#if defined(WOLFSSL_ALLOW_SSLV3) && !defined(NO_OLD_TLS)
         case WOLFSSL_SSLV3:
             *minVersion = SSLv3_MINOR;
             break;
@@ -1836,7 +1836,7 @@ int wolfSSL_SetVersion(WOLFSSL* ssl, int version)
     }
 
     switch (version) {
-#ifndef NO_OLD_TLS
+#if defined(WOLFSSL_ALLOW_SSLV3) && !defined(NO_OLD_TLS)
         case WOLFSSL_SSLV3:
             ssl->version = MakeSSLv3();
             break;
@@ -3026,16 +3026,16 @@ static int ProcessChainBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
 static INLINE WOLFSSL_METHOD* cm_pick_method(void)
 {
     #ifndef NO_WOLFSSL_CLIENT
-        #ifdef NO_OLD_TLS
-            return wolfTLSv1_2_client_method();
-        #else
+        #if defined(WOLFSSL_ALLOW_SSLV3) && !defined(NO_OLD_TLS)
             return wolfSSLv3_client_method();
+        #else
+            return wolfTLSv1_2_client_method();
         #endif
     #elif !defined(NO_WOLFSSL_SERVER)
-        #ifdef NO_OLD_TLS
-            return wolfTLSv1_2_server_method();
-        #else
+        #if defined(WOLFSSL_ALLOW_SSLV3) && !defined(NO_OLD_TLS)
             return wolfSSLv3_server_method();
+        #else
+            return wolfTLSv1_2_server_method();
         #endif
     #else
         return NULL;
@@ -5335,7 +5335,7 @@ int wolfSSL_dtls_got_timeout(WOLFSSL* ssl)
 /* client only parts */
 #ifndef NO_WOLFSSL_CLIENT
 
-    #ifndef NO_OLD_TLS
+    #if defined(WOLFSSL_ALLOW_SSLV3) && !defined(NO_OLD_TLS)
     WOLFSSL_METHOD* wolfSSLv3_client_method(void)
     {
         WOLFSSL_METHOD* method =
@@ -5623,7 +5623,7 @@ int wolfSSL_dtls_got_timeout(WOLFSSL* ssl)
 /* server only parts */
 #ifndef NO_WOLFSSL_SERVER
 
-    #ifndef NO_OLD_TLS
+    #if defined(WOLFSSL_ALLOW_SSLV3) && !defined(NO_OLD_TLS)
     WOLFSSL_METHOD* wolfSSLv3_server_method(void)
     {
         WOLFSSL_METHOD* method =
diff --git a/tests/api.c b/tests/api.c
index 02d9cd9b6..a34ecebbc 100644
--- a/tests/api.c
+++ b/tests/api.c
@@ -101,8 +101,10 @@ static void test_wolfSSL_Method_Allocators(void)
             TEST_METHOD_ALLOCATOR(a, AssertNull)
 
 #ifndef NO_OLD_TLS
-    TEST_VALID_METHOD_ALLOCATOR(wolfSSLv3_server_method);
-    TEST_VALID_METHOD_ALLOCATOR(wolfSSLv3_client_method);
+    #ifdef WOLFSSL_ALLOW_SSLV3
+        TEST_VALID_METHOD_ALLOCATOR(wolfSSLv3_server_method);
+        TEST_VALID_METHOD_ALLOCATOR(wolfSSLv3_client_method);
+    #endif
     TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_server_method);
     TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_client_method);
     TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_1_server_method);
diff --git a/tests/suites.c b/tests/suites.c
index 4095581e9..bd8a8da3f 100644
--- a/tests/suites.c
+++ b/tests/suites.c
@@ -36,7 +36,7 @@
 #define MAX_COMMAND_SZ 240
 #define MAX_SUITE_SZ 80 
 #define NOT_BUILT_IN -123
-#ifdef NO_OLD_TLS
+#if defined(NO_OLD_TLS) || !defined(WOLFSSL_ALLOW_SSLV3)
     #define VERSION_TOO_OLD -124
 #endif
 
@@ -52,6 +52,28 @@ static char flagSep[] = " ";
 static char svrPort[] = "0";
 
 
+#ifndef WOLFSSL_ALLOW_SSLV3
+/* if the protocol version is sslv3 return 1, else 0 */
+static int IsSslVersion(const char* line)
+{
+    const char* find = "-v ";
+    char* begin = strstr(line, find);
+
+    if (begin) {
+        int version = -1;
+
+        begin += 3;
+
+        version = atoi(begin);
+
+        if (version == 0)
+            return 1;
+    }
+
+    return 0;
+}
+#endif /* !WOLFSSL_ALLOW_SSLV3 */
+
 #ifdef NO_OLD_TLS
 /* if the protocol version is less than tls 1.2 return 1, else 0 */
 static int IsOldTlsVersion(const char* line)
@@ -71,7 +93,7 @@ static int IsOldTlsVersion(const char* line)
     }
 
     return 0;
-} 
+}
 #endif /* NO_OLD_TLS */
 
 
@@ -168,6 +190,15 @@ static int execute_test_case(int svr_argc, char** svr_argv,
         return NOT_BUILT_IN;
     }
 
+#ifndef WOLFSSL_ALLOW_SSLV3
+    if (IsSslVersion(commandLine) == 1) {
+        #ifdef DEBUG_SUITE_TESTS
+            printf("protocol version on line %s is too old\n", commandLine);
+        #endif
+        return VERSION_TOO_OLD;
+    }
+#endif
+
 #ifdef NO_OLD_TLS
     if (IsOldTlsVersion(commandLine) == 1) {
         #ifdef DEBUG_SUITE_TESTS

From e9f63f0e17407b976dbc73f25731d65669b644fd Mon Sep 17 00:00:00 2001
From: unknown <kaleb@wolfssl.com>
Date: Tue, 11 Aug 2015 15:38:52 -0600
Subject: [PATCH 326/350] Release-32 working

---
 IDE/WIN/wolfssl-fips.vcxproj | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/IDE/WIN/wolfssl-fips.vcxproj b/IDE/WIN/wolfssl-fips.vcxproj
index 898eb020f..5f007c9bf 100644
--- a/IDE/WIN/wolfssl-fips.vcxproj
+++ b/IDE/WIN/wolfssl-fips.vcxproj
@@ -182,6 +182,8 @@
       <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
       <FunctionLevelLinking>true</FunctionLevelLinking>
       <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+      <WholeProgramOptimization>false</WholeProgramOptimization>
     </ClCompile>
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='DLL Release|Win32'">

From 6e2dcdbb7399e0fce2a7c38dde6be3ab6addb146 Mon Sep 17 00:00:00 2001
From: unknown <kaleb@wolfssl.com>
Date: Thu, 13 Aug 2015 11:59:29 -0600
Subject: [PATCH 327/350] reset to vs 2010 toolset in .sln file

---
 IDE/WIN/wolfssl-fips.sln | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/IDE/WIN/wolfssl-fips.sln b/IDE/WIN/wolfssl-fips.sln
index f1fecbbae..306616419 100644
--- a/IDE/WIN/wolfssl-fips.sln
+++ b/IDE/WIN/wolfssl-fips.sln
@@ -1,5 +1,5 @@
 
-Microsoft Visual Studio Solution File, Format Version 12.00
+Microsoft Visual Studio Solution File, Format Version 10.00
 # Visual Studio Express 2012 for Windows Desktop
 Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "wolfssl-fips", "wolfssl-fips.vcxproj", "{73973223-5EE8-41CA-8E88-1D60E89A237B}"
 EndProject

From fb35dc61db3d91fb9704542b71bb3119925d7edf Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Thu, 13 Aug 2015 11:05:07 -0700
Subject: [PATCH 328/350] disable static rsa cipher suites in non max strength
 build by default

---
 wolfssl/internal.h           | 80 +++++++++++++++++++++---------------
 wolfssl/wolfcrypt/settings.h | 11 +++++
 2 files changed, 58 insertions(+), 33 deletions(-)

diff --git a/wolfssl/internal.h b/wolfssl/internal.h
index 898356645..87162e935 100644
--- a/wolfssl/internal.h
+++ b/wolfssl/internal.h
@@ -211,11 +211,13 @@ typedef byte word24[3];
 #ifndef WOLFSSL_MAX_STRENGTH
 
     #if !defined(NO_RSA) && !defined(NO_RC4)
-        #if !defined(NO_SHA)
-            #define BUILD_SSL_RSA_WITH_RC4_128_SHA
-        #endif
-        #if !defined(NO_MD5)
-            #define BUILD_SSL_RSA_WITH_RC4_128_MD5
+        #if defined(WOLFSSL_STATIC_RSA)
+            #if !defined(NO_SHA)
+                #define BUILD_SSL_RSA_WITH_RC4_128_SHA
+            #endif
+            #if !defined(NO_MD5)
+                #define BUILD_SSL_RSA_WITH_RC4_128_MD5
+            #endif
         #endif
         #if !defined(NO_TLS) && defined(HAVE_NTRU) && !defined(NO_SHA)
             #define BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA
@@ -224,7 +226,9 @@ typedef byte word24[3];
 
     #if !defined(NO_RSA) && !defined(NO_DES3)
         #if !defined(NO_SHA)
-            #define BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA
+            #if defined(WOLFSSL_STATIC_RSA)
+                #define BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA
+            #endif
             #if !defined(NO_TLS) && defined(HAVE_NTRU)
                     #define BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA
             #endif
@@ -233,43 +237,49 @@ typedef byte word24[3];
 
     #if !defined(NO_RSA) && !defined(NO_AES) && !defined(NO_TLS)
         #if !defined(NO_SHA)
-            #define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA
-            #define BUILD_TLS_RSA_WITH_AES_256_CBC_SHA
+            #if defined(WOLFSSL_STATIC_RSA)
+                #define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA
+                #define BUILD_TLS_RSA_WITH_AES_256_CBC_SHA
+            #endif
             #if defined(HAVE_NTRU)
                     #define BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA
                     #define BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA
             #endif
         #endif
-        #if !defined (NO_SHA256)
-            #define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256
-            #define BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256
-        #endif
-        #if defined (HAVE_AESGCM)
-            #define BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256
-            #if defined (WOLFSSL_SHA384)
-                #define BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384
+        #if defined(WOLFSSL_STATIC_RSA)
+            #if !defined (NO_SHA256)
+                #define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256
+                #define BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256
+            #endif
+            #if defined (HAVE_AESGCM)
+                #define BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256
+                #if defined (WOLFSSL_SHA384)
+                    #define BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384
+                #endif
+            #endif
+            #if defined (HAVE_AESCCM)
+                #define BUILD_TLS_RSA_WITH_AES_128_CCM_8
+                #define BUILD_TLS_RSA_WITH_AES_256_CCM_8
+            #endif
+            #if defined(HAVE_BLAKE2)
+                #define BUILD_TLS_RSA_WITH_AES_128_CBC_B2B256
+                #define BUILD_TLS_RSA_WITH_AES_256_CBC_B2B256
             #endif
-        #endif
-        #if defined (HAVE_AESCCM)
-            #define BUILD_TLS_RSA_WITH_AES_128_CCM_8
-            #define BUILD_TLS_RSA_WITH_AES_256_CCM_8
-        #endif
-        #if defined(HAVE_BLAKE2)
-            #define BUILD_TLS_RSA_WITH_AES_128_CBC_B2B256
-            #define BUILD_TLS_RSA_WITH_AES_256_CBC_B2B256
         #endif
     #endif
 
     #if defined(HAVE_CAMELLIA) && !defined(NO_TLS)
         #ifndef NO_RSA
-          #if !defined(NO_SHA)
-            #define BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
-            #define BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
-          #endif
+          #if defined(WOLFSSL_STATIC_RSA)
+            #if !defined(NO_SHA)
+                #define BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
+                #define BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
+            #endif
             #ifndef NO_SHA256
                 #define BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
                 #define BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
             #endif
+          #endif
             #if !defined(NO_DH)
               #if !defined(NO_SHA)
                 #define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
@@ -310,11 +320,13 @@ typedef byte word24[3];
 
     #if !defined(NO_TLS) && defined(HAVE_NULL_CIPHER)
         #if !defined(NO_RSA)
-            #if !defined(NO_SHA)
-                #define BUILD_TLS_RSA_WITH_NULL_SHA
-            #endif
-            #ifndef NO_SHA256
-                #define BUILD_TLS_RSA_WITH_NULL_SHA256
+            #if defined(WOLFSSL_STATIC_RSA)
+                #if !defined(NO_SHA)
+                    #define BUILD_TLS_RSA_WITH_NULL_SHA
+                #endif
+                #ifndef NO_SHA256
+                    #define BUILD_TLS_RSA_WITH_NULL_SHA256
+                #endif
             #endif
         #endif
         #if !defined(NO_PSK)
@@ -330,6 +342,7 @@ typedef byte word24[3];
         #endif
     #endif
 
+#if defined(WOLFSSL_STATIC_RSA)
     #if !defined(NO_HC128) && !defined(NO_RSA) && !defined(NO_TLS)
         #ifndef NO_MD5
             #define BUILD_TLS_RSA_WITH_HC_128_MD5
@@ -347,6 +360,7 @@ typedef byte word24[3];
             #define BUILD_TLS_RSA_WITH_RABBIT_SHA
         #endif
     #endif
+#endif
 
     #if !defined(NO_DH) && !defined(NO_AES) && !defined(NO_TLS) && \
         !defined(NO_RSA)
diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h
index fb6f9543a..8cdd73898 100644
--- a/wolfssl/wolfcrypt/settings.h
+++ b/wolfssl/wolfcrypt/settings.h
@@ -114,6 +114,9 @@
 /* Uncomment next line to enable deprecated less secure static DH suites */
 /* #define WOLFSSL_STATIC_DH */
 
+/* Uncomment next line to enable deprecated less secure static RSA suites */
+/* #define WOLFSSL_STATIC_RSA */
+
 #include <wolfssl/wolfcrypt/visibility.h>
 
 #ifdef WOLFSSL_USER_SETTINGS
@@ -813,6 +816,14 @@
     #define HAVE_HASHDRBG
 #endif
 
+
+/* sniffer requires static RSA cipher suites */
+#ifdef WOLFSSL_SNIFFER
+    #ifndef WOLFSSL_STATIC_RSA
+        #define WOLFSSL_STATIC_RSA
+    #endif
+#endif
+
 /* Place any other flags or defines here */
 
 

From 8cc9c62911d60c2a1ca90b0b01d12d3ce707274d Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Thu, 13 Aug 2015 14:29:56 -0700
Subject: [PATCH 329/350] skip past the pad and mac when skipping a finished
 message in DTLS

---
 src/internal.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/internal.c b/src/internal.c
index bd04bdbec..25cbf17f0 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -5193,6 +5193,8 @@ static int DoDtlsHandShakeMsg(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                                 ssl->keys.dtls_expected_peer_handshake_number) {
         /* Already saw this message and processed it. It can be ignored. */
         *inOutIdx += fragSz;
+        if(type == finished )
+            *inOutIdx += ssl->keys.padSz;
         ret = 0;
     }
     else if (fragSz < size) {

From e6ab7de9239a8da565de827a2f2f679fb6d585af Mon Sep 17 00:00:00 2001
From: Takashi Kojo <kojo@wolfsssl.com>
Date: Fri, 14 Aug 2015 07:44:13 +0900
Subject: [PATCH 330/350] TI hardware hash driver memory leak in dummy rounds

---
 src/internal.c | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/src/internal.c b/src/internal.c
index 25cbf17f0..a7cd5b8e8 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -5940,11 +5940,13 @@ static INLINE void Md5Rounds(int rounds, const byte* data, int sz)
 {
     Md5 md5;
     int i;
+    byte dummy[MD5_DIGEST_SIZE] ;
 
     wc_InitMd5(&md5);
 
     for (i = 0; i < rounds; i++)
         wc_Md5Update(&md5, data, sz);
+    wc_Md5Final(&md5, dummy) ; /* in case needed to release resources */
 }
 
 
@@ -5954,11 +5956,13 @@ static INLINE void ShaRounds(int rounds, const byte* data, int sz)
 {
     Sha sha;
     int i;
+    byte dummy[SHA_DIGEST_SIZE] ;
 
     wc_InitSha(&sha);  /* no error check on purpose, dummy round */
 
     for (i = 0; i < rounds; i++)
         wc_ShaUpdate(&sha, data, sz);
+    wc_ShaFinal(&sha, dummy) ; /* in case needed to release resources */
 }
 #endif
 
@@ -5969,6 +5973,7 @@ static INLINE void Sha256Rounds(int rounds, const byte* data, int sz)
 {
     Sha256 sha256;
     int i;
+    byte dummy[SHA256_DIGEST_SIZE] ;
 
     wc_InitSha256(&sha256);  /* no error check on purpose, dummy round */
 
@@ -5976,7 +5981,7 @@ static INLINE void Sha256Rounds(int rounds, const byte* data, int sz)
         wc_Sha256Update(&sha256, data, sz);
         /* no error check on purpose, dummy round */
     }
-
+    wc_Sha256Final(&sha256, dummy) ; /* in case needed to release resources */
 }
 
 #endif
@@ -5988,6 +5993,7 @@ static INLINE void Sha384Rounds(int rounds, const byte* data, int sz)
 {
     Sha384 sha384;
     int i;
+    byte dummy[SHA384_DIGEST_SIZE] ;
 
     wc_InitSha384(&sha384);  /* no error check on purpose, dummy round */
 
@@ -5995,6 +6001,7 @@ static INLINE void Sha384Rounds(int rounds, const byte* data, int sz)
         wc_Sha384Update(&sha384, data, sz);
         /* no error check on purpose, dummy round */
     }
+    wc_Sha384Final(&sha384, dummy) ; /* in case needed to release resources */
 }
 
 #endif
@@ -6006,6 +6013,7 @@ static INLINE void Sha512Rounds(int rounds, const byte* data, int sz)
 {
     Sha512 sha512;
     int i;
+    byte dummy[SHA512_DIGEST_SIZE] ;
 
     wc_InitSha512(&sha512);  /* no error check on purpose, dummy round */
 
@@ -6013,6 +6021,7 @@ static INLINE void Sha512Rounds(int rounds, const byte* data, int sz)
         wc_Sha512Update(&sha512, data, sz);
         /* no error check on purpose, dummy round */
     }
+    wc_Sha512Final(&sha512, dummy) ; /* in case needed to release resources */
 }
 
 #endif

From 0f9f4ea7e08fc2f06e66d5cd5ffdfe47c759b7c2 Mon Sep 17 00:00:00 2001
From: Jacob Barthelmeh <jacob@wolfssl.com>
Date: Fri, 14 Aug 2015 09:58:44 -0600
Subject: [PATCH 331/350] add macro blocks to make it easier on embedded
 devices and fix declaration after executable code

---
 wolfcrypt/src/fe_low_mem.c    | 3 ++-
 wolfcrypt/src/fe_operations.c | 2 ++
 wolfcrypt/src/ge_low_mem.c    | 6 ++++--
 wolfcrypt/src/ge_operations.c | 2 ++
 4 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/wolfcrypt/src/fe_low_mem.c b/wolfcrypt/src/fe_low_mem.c
index 80834f54c..2dc914c81 100644
--- a/wolfcrypt/src/fe_low_mem.c
+++ b/wolfcrypt/src/fe_low_mem.c
@@ -27,6 +27,7 @@
 
 #include <wolfssl/wolfcrypt/settings.h>
 
+#if defined(CURVED25519_SMALL) /* use slower code that takes less memory */
 #if defined(HAVE_ED25519) || defined(HAVE_CURVE25519)
 
 #include <wolfssl/wolfcrypt/fe_operations.h>
@@ -593,4 +594,4 @@ void fe_sqrt(byte *r, const byte *a)
 }
 
 #endif /* HAVE_CURVE25519 or HAVE_ED25519 */
-
+#endif /* CURVED25519_SMALL */
diff --git a/wolfcrypt/src/fe_operations.c b/wolfcrypt/src/fe_operations.c
index d78467e21..9259403ec 100644
--- a/wolfcrypt/src/fe_operations.c
+++ b/wolfcrypt/src/fe_operations.c
@@ -27,6 +27,7 @@
 
 #include <wolfssl/wolfcrypt/settings.h>
 
+#ifndef CURVED25519_SMALL /* run when not defined to use small memory math */
 #if defined(HAVE_ED25519) || defined(HAVE_CURVE25519)
 
 #include <wolfssl/wolfcrypt/fe_operations.h>
@@ -1405,4 +1406,5 @@ void fe_cmov(fe f,const fe g,unsigned int b)
   f[9] = f9 ^ x9;
 }
 #endif /* HAVE ED25519 or CURVE25519 */
+#endif /* not defined CURVED25519_SMALL */
 
diff --git a/wolfcrypt/src/ge_low_mem.c b/wolfcrypt/src/ge_low_mem.c
index 43c533c69..f8dba9266 100644
--- a/wolfcrypt/src/ge_low_mem.c
+++ b/wolfcrypt/src/ge_low_mem.c
@@ -27,7 +27,8 @@
 
 #include <wolfssl/wolfcrypt/settings.h>
 
-#ifdef HAVE_ED25519
+#if defined(CURVED25519_SMALL) /* use slower code that takes less memory */
+#if defined(HAVE_ED25519)
 
 #include <wolfssl/wolfcrypt/ge_operations.h>
 #include <wolfssl/wolfcrypt/error-crypt.h>
@@ -71,12 +72,12 @@ int ge_compress_key(byte* out, const byte* xIn, const byte* yIn,
 {
 	byte tmp[F25519_SIZE];
 	byte parity;
+    byte pt[32];
     int     i;
 
 	fe_copy(tmp, xIn);
 	parity = (tmp[0] & 1) << 7;
 
-    byte pt[32];
 	fe_copy(pt, yIn);
 	pt[31] |= parity;
 
@@ -555,4 +556,5 @@ int ge_double_scalarmult_vartime(ge_p2* R, const unsigned char *h,
 }
 
 #endif /* HAVE_ED25519 */
+#endif /* CURVED25519_SMALL */
 
diff --git a/wolfcrypt/src/ge_operations.c b/wolfcrypt/src/ge_operations.c
index 665cfe89b..259b5b144 100644
--- a/wolfcrypt/src/ge_operations.c
+++ b/wolfcrypt/src/ge_operations.c
@@ -28,6 +28,7 @@
 
 #include <wolfssl/wolfcrypt/settings.h>
 
+#ifndef CURVED25519_SMALL /* run when not defined to use small memory math */
 #ifdef HAVE_ED25519
 
 #include <wolfssl/wolfcrypt/ge_operations.h>
@@ -2600,4 +2601,5 @@ void ge_tobytes(unsigned char *s,const ge_p2 *h)
   s[31] ^= fe_isnegative(x) << 7;
 }
 #endif /* HAVE_ED25519 */
+#endif /* not defined CURVED25519_SMALL */
 

From d12308a05325750d01dd806fbb4bd34a4a606d09 Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Fri, 14 Aug 2015 11:06:42 -0700
Subject: [PATCH 332/350] SendCertificate fragments the message based on
 max_fragment setting for TLS and DTLS.

---
 src/internal.c     | 365 ++++++++++++++++++++++++++++++++-------------
 src/ssl.c          |  12 +-
 wolfssl/internal.h |   1 +
 3 files changed, 274 insertions(+), 104 deletions(-)

diff --git a/src/internal.c b/src/internal.c
index 25cbf17f0..0755a9496 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -2277,7 +2277,7 @@ void DtlsMsgSet(DtlsMsg* msg, word32 seq, const byte* data, byte type,
             XMEMCPY(msg->buf, data - DTLS_HANDSHAKE_HEADER_SZ,
                                             fragSz + DTLS_HANDSHAKE_HEADER_SZ);
         else {
-            /* If fragOffet is non-zero, this is an additional fragment that
+            /* If fragOffset is non-zero, this is an additional fragment that
              * needs to be copied to its location in the message buffer. Also
              * copy the total size of the message over the fragment size. The
              * hash routines look at a defragmented message if it had actually
@@ -2535,6 +2535,45 @@ ProtocolVersion MakeDTLSv1_2(void)
 #endif /* USE_WINDOWS_API */
 
 
+static int HashOutputRaw(WOLFSSL* ssl, const byte* output, int sz)
+{
+#ifdef HAVE_FUZZER
+    if (ssl->fuzzerCb)
+        ssl->fuzzerCb(ssl, output, sz, FUZZ_HASH, ssl->fuzzerCtx);
+#endif
+#ifndef NO_OLD_TLS
+#ifndef NO_SHA
+    wc_ShaUpdate(&ssl->hsHashes->hashSha, output, sz);
+#endif
+#ifndef NO_MD5
+    wc_Md5Update(&ssl->hsHashes->hashMd5, output, sz);
+#endif
+#endif
+
+    if (IsAtLeastTLSv1_2(ssl)) {
+        int ret;
+
+#ifndef NO_SHA256
+        ret = wc_Sha256Update(&ssl->hsHashes->hashSha256, output, sz);
+        if (ret != 0)
+            return ret;
+#endif
+#ifdef WOLFSSL_SHA384
+        ret = wc_Sha384Update(&ssl->hsHashes->hashSha384, output, sz);
+        if (ret != 0)
+            return ret;
+#endif
+#ifdef WOLFSSL_SHA512
+        ret = wc_Sha512Update(&ssl->hsHashes->hashSha512, output, sz);
+        if (ret != 0)
+            return ret;
+#endif
+    }
+
+    return 0;
+}
+
+
 /* add output to md5 and sha handshake hashes, exclude record header */
 static int HashOutput(WOLFSSL* ssl, const byte* output, int sz, int ivSz)
 {
@@ -2658,10 +2697,13 @@ static void AddRecordHeader(byte* output, word32 length, byte type, WOLFSSL* ssl
 
 
 /* add handshake header for message */
-static void AddHandShakeHeader(byte* output, word32 length, byte type,
-                               WOLFSSL* ssl)
+static void AddHandShakeHeader(byte* output, word32 length,
+                               word32 fragOffset, word32 fragLength,
+                               byte type, WOLFSSL* ssl)
 {
     HandShakeHeader* hs;
+    (void)fragOffset;
+    (void)fragLength;
     (void)ssl;
 
     /* handshake header */
@@ -2675,8 +2717,8 @@ static void AddHandShakeHeader(byte* output, word32 length, byte type,
         /* dtls handshake header extensions */
         dtls = (DtlsHandShakeHeader*)output;
         c16toa(ssl->keys.dtls_handshake_number++, dtls->message_seq);
-        c32to24(0, dtls->fragment_offset);
-        c32to24(length, dtls->fragment_length);
+        c32to24(fragOffset, dtls->fragment_offset);
+        c32to24(fragLength, dtls->fragment_length);
     }
 #endif
 }
@@ -2685,16 +2727,37 @@ static void AddHandShakeHeader(byte* output, word32 length, byte type,
 /* add both headers for handshake message */
 static void AddHeaders(byte* output, word32 length, byte type, WOLFSSL* ssl)
 {
-    if (!ssl->options.dtls) {
-        AddRecordHeader(output, length + HANDSHAKE_HEADER_SZ, handshake, ssl);
-        AddHandShakeHeader(output + RECORD_HEADER_SZ, length, type, ssl);
-    }
+    word32 lengthAdj = HANDSHAKE_HEADER_SZ;
+    word32 outputAdj = RECORD_HEADER_SZ;
+
 #ifdef WOLFSSL_DTLS
-    else  {
-        AddRecordHeader(output, length+DTLS_HANDSHAKE_HEADER_SZ, handshake,ssl);
-        AddHandShakeHeader(output + DTLS_RECORD_HEADER_SZ, length, type, ssl);
+    if (ssl->options.dtls) {
+        lengthAdj += DTLS_HANDSHAKE_EXTRA;
+        outputAdj += DTLS_RECORD_EXTRA;
     }
 #endif
+
+    AddRecordHeader(output, length + lengthAdj, handshake, ssl);
+    AddHandShakeHeader(output + outputAdj, length, 0, length, type, ssl);
+}
+
+
+static void AddFragHeaders(byte* output, word32 fragSz, word32 fragOffset,
+                           word32 length, byte type, WOLFSSL* ssl)
+{
+    word32 lengthAdj = HANDSHAKE_HEADER_SZ;
+    word32 outputAdj = RECORD_HEADER_SZ;
+    (void)fragSz;
+
+#ifdef WOLFSSL_DTLS
+    if (ssl->options.dtls) {
+        lengthAdj += DTLS_HANDSHAKE_EXTRA;
+        outputAdj += DTLS_RECORD_EXTRA;
+    }
+#endif
+
+    AddRecordHeader(output, fragSz + lengthAdj, handshake, ssl);
+    AddHandShakeHeader(output + outputAdj, length, fragOffset, fragSz, type, ssl);
 }
 
 
@@ -4018,15 +4081,8 @@ static int DoCertificate(WOLFSSL* ssl, byte* input, word32* inOutIdx,
     c24to32(input + *inOutIdx, &listSz);
     *inOutIdx += OPAQUE24_LEN;
 
-#ifdef HAVE_MAX_FRAGMENT
-    if (listSz > ssl->max_fragment) {
-        SendAlert(ssl, alert_fatal, record_overflow);
-        return BUFFER_E;
-    }
-#else
     if (listSz > MAX_RECORD_SIZE)
         return BUFFER_E;
-#endif
 
     if ((*inOutIdx - begin) + listSz != size)
         return BUFFER_ERROR;
@@ -7281,7 +7337,7 @@ int SendFinished(WOLFSSL* ssl)
     output = ssl->buffers.outputBuffer.buffer +
              ssl->buffers.outputBuffer.length;
 
-    AddHandShakeHeader(input, finishedSz, finished, ssl);
+    AddHandShakeHeader(input, finishedSz, 0, finishedSz, finished, ssl);
 
     /* make finished hashes */
     hashes = (Hashes*)&input[headerSz];
@@ -7362,117 +7418,226 @@ int SendFinished(WOLFSSL* ssl)
     return SendBuffered(ssl);
 }
 
+
 #ifndef NO_CERTS
 int SendCertificate(WOLFSSL* ssl)
 {
-    int    sendSz, length, ret = 0;
-    word32 i = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
-    word32 certSz, listSz;
-    byte*  output = 0;
+    int    length, ret = 0;
+    word32 certSz, certChainSz, headerSz, listSz, maxFragment, payloadSz;
 
     if (ssl->options.usingPSK_cipher || ssl->options.usingAnon_cipher)
         return 0;  /* not needed */
 
     if (ssl->options.sendVerify == SEND_BLANK_CERT) {
         certSz = 0;
+        certChainSz = 0;
+        headerSz = CERT_HEADER_SZ;
         length = CERT_HEADER_SZ;
         listSz = 0;
     }
     else {
         certSz = ssl->buffers.certificate.length;
+        headerSz = 2 * CERT_HEADER_SZ;
         /* list + cert size */
-        length = certSz + 2 * CERT_HEADER_SZ;
+        length = certSz + headerSz;
         listSz = certSz + CERT_HEADER_SZ;
 
         /* may need to send rest of chain, already has leading size(s) */
-        if (ssl->buffers.certChain.buffer) {
-            length += ssl->buffers.certChain.length;
-            listSz += ssl->buffers.certChain.length;
+        if (certSz) {
+            certChainSz = ssl->buffers.certChain.length;
+            length += certChainSz;
+            listSz += certChainSz;
         }
     }
-    sendSz = length + RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
 
+    payloadSz = length;
+
+    if (ssl->fragOffset != 0)
+        length -= (ssl->fragOffset + headerSz);
+
+    if (!ssl->options.dtls) {
+        maxFragment = MAX_RECORD_SIZE;
+    }
+    else {
     #ifdef WOLFSSL_DTLS
-        if (ssl->options.dtls) {
-            sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
-            i      += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
-        }
-    #endif
-
-    if (ssl->keys.encryptionOn)
-        sendSz += MAX_MSG_EXTRA;
-
-    /* check for available size */
-    if ((ret = CheckAvailableSize(ssl, sendSz)) != 0)
-        return ret;
-
-    /* get ouput buffer */
-    output = ssl->buffers.outputBuffer.buffer +
-             ssl->buffers.outputBuffer.length;
-
-    AddHeaders(output, length, certificate, ssl);
-
-    /* list total */
-    c32to24(listSz, output + i);
-    i += CERT_HEADER_SZ;
-
-    /* member */
-    if (certSz) {
-        c32to24(certSz, output + i);
-        i += CERT_HEADER_SZ;
-        XMEMCPY(output + i, ssl->buffers.certificate.buffer, certSz);
-        i += certSz;
-
-        /* send rest of chain? */
-        if (ssl->buffers.certChain.buffer) {
-            XMEMCPY(output + i, ssl->buffers.certChain.buffer,
-                                ssl->buffers.certChain.length);
-            i += ssl->buffers.certChain.length;
-        }
+        maxFragment = MAX_MTU - DTLS_RECORD_HEADER_SZ
+                      - DTLS_HANDSHAKE_HEADER_SZ - 100;
+    #endif /* WOLFSSL_DTLS */
     }
 
-    if (ssl->keys.encryptionOn) {
-        byte* input;
-        int   inputSz = i - RECORD_HEADER_SZ; /* build msg adds rec hdr */
+    #ifdef HAVE_MAX_FRAGMENT
+    if (ssl->max_fragment != 0 && maxFragment >= ssl->max_fragment)
+        maxFragment = ssl->max_fragment;
+    #endif /* HAVE_MAX_FRAGMENT */
 
-        input = (byte*)XMALLOC(inputSz, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
-        if (input == NULL)
-            return MEMORY_E;
+    while (length > 0 && ret == 0) {
+        byte*  output = NULL;
+        word32 fragSz; /* How much of the certificate data are we copying? */
+        word32 i = RECORD_HEADER_SZ;
+        int    sendSz = RECORD_HEADER_SZ;
 
-        XMEMCPY(input, output + RECORD_HEADER_SZ, inputSz);
-        sendSz = BuildMessage(ssl, output, sendSz, input,inputSz,handshake);
-        XFREE(input, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
+        if (!ssl->options.dtls) {
+            if (ssl->fragOffset == 0)  {
+                if (headerSz + certSz + certChainSz <=
+                    maxFragment - HANDSHAKE_HEADER_SZ) {
 
-        if (sendSz < 0)
-            return sendSz;
-    } else {
-        ret = HashOutput(ssl, output, sendSz, 0);
-        if (ret != 0)
+                    fragSz = headerSz + certSz + certChainSz;
+                }
+                else {
+                    fragSz = maxFragment - HANDSHAKE_HEADER_SZ;
+                }
+                sendSz += fragSz + HANDSHAKE_HEADER_SZ;
+                i += HANDSHAKE_HEADER_SZ;
+            }
+            else {
+                fragSz = min(length, maxFragment);
+                sendSz += fragSz;
+            }
+
+            if (ssl->keys.encryptionOn)
+                sendSz += MAX_MSG_EXTRA;
+        }
+        else {
+        #ifdef WOLFSSL_DTLS
+            fragSz = min(length, maxFragment);
+            sendSz += fragSz + DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA
+                      + HANDSHAKE_HEADER_SZ;
+            i      += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA
+                      + HANDSHAKE_HEADER_SZ;
+        #endif
+        }
+
+        /* check for available size */
+        if ((ret = CheckAvailableSize(ssl, sendSz)) != 0)
             return ret;
+
+        /* get ouput buffer */
+        output = ssl->buffers.outputBuffer.buffer +
+                 ssl->buffers.outputBuffer.length;
+
+        if (ssl->fragOffset == 0) {
+            if (!ssl->options.dtls) {
+                AddFragHeaders(output, fragSz, 0, payloadSz, certificate, ssl);
+                HashOutputRaw(ssl, output + RECORD_HEADER_SZ,
+                              HANDSHAKE_HEADER_SZ);
+            }
+            else {
+            #ifdef WOLFSSL_DTLS
+                AddHeaders(output, payloadSz, certificate, ssl);
+                HashOutputRaw(ssl,
+                              output + RECORD_HEADER_SZ + DTLS_RECORD_EXTRA,
+                              HANDSHAKE_HEADER_SZ + DTLS_HANDSHAKE_EXTRA);
+                /* Adding the headers increments these, decrement them for
+                 * actual message header. */
+                ssl->keys.dtls_sequence_number--;
+                ssl->keys.dtls_handshake_number--;
+                AddFragHeaders(output, fragSz, 0, payloadSz, certificate, ssl);
+                ssl->keys.dtls_handshake_number--;
+            #endif /* WOLFSSL_DTLS */
+            }
+
+            /* list total */
+            c32to24(listSz, output + i);
+            HashOutputRaw(ssl, output + i, CERT_HEADER_SZ);
+            i += CERT_HEADER_SZ;
+            length -= CERT_HEADER_SZ;
+            fragSz -= CERT_HEADER_SZ;
+            if (certSz) {
+                c32to24(certSz, output + i);
+                HashOutputRaw(ssl, output + i, CERT_HEADER_SZ);
+                i += CERT_HEADER_SZ;
+                length -= CERT_HEADER_SZ;
+                fragSz -= CERT_HEADER_SZ;
+
+                HashOutputRaw(ssl, ssl->buffers.certificate.buffer, certSz);
+                if (certChainSz) {
+                    HashOutputRaw(ssl,
+                                  ssl->buffers.certChain.buffer, certChainSz);
+                }
+            }
+        }
+        else {
+            if (!ssl->options.dtls) {
+                AddRecordHeader(output, fragSz, handshake, ssl);
+            }
+            else {
+            #ifdef WOLFSSL_DTLS
+                AddFragHeaders(output, fragSz, ssl->fragOffset + headerSz,
+                               payloadSz, certificate, ssl);
+                ssl->keys.dtls_handshake_number--;
+            #endif /* WOLFSSL_DTLS */
+            }
+        }
+
+        /* member */
+        if (certSz && ssl->fragOffset < certSz) {
+            word32 copySz = min(certSz - ssl->fragOffset, fragSz);
+            XMEMCPY(output + i,
+                    ssl->buffers.certificate.buffer + ssl->fragOffset, copySz);
+            i += copySz;
+            ssl->fragOffset += copySz;
+            length -= copySz;
+            fragSz -= copySz;
+        }
+        if (certChainSz && fragSz) {
+            word32 copySz = min(certChainSz + certSz - ssl->fragOffset, fragSz);
+            XMEMCPY(output + i,
+                    ssl->buffers.certChain.buffer + ssl->fragOffset - certSz,
+                    copySz);
+            i += copySz;
+            ssl->fragOffset += copySz;
+            length -= copySz;
+            fragSz -= copySz;
+        }
+
+        if (ssl->keys.encryptionOn) {
+            byte* input;
+            int   inputSz = i - RECORD_HEADER_SZ; /* build msg adds rec hdr */
+
+            input = (byte*)XMALLOC(inputSz, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
+            if (input == NULL)
+                return MEMORY_E;
+
+            XMEMCPY(input, output + RECORD_HEADER_SZ, inputSz);
+            sendSz = BuildMessage(ssl, output, sendSz, input,inputSz,handshake);
+            XFREE(input, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
+
+            if (sendSz < 0)
+                return sendSz;
+        }
+
+        #ifdef WOLFSSL_DTLS
+            if (ssl->options.dtls) {
+                if ((ret = DtlsPoolSave(ssl, output, sendSz)) != 0)
+                    return ret;
+            }
+        #endif
+
+        #ifdef WOLFSSL_CALLBACKS
+            if (ssl->hsInfoOn)
+                AddPacketName("Certificate", &ssl->handShakeInfo);
+            if (ssl->toInfoOn)
+                AddPacketInfo("Certificate", &ssl->timeoutInfo, output, sendSz,
+                               ssl->heap);
+        #endif
+
+        ssl->buffers.outputBuffer.length += sendSz;
+        if (!ssl->options.groupMessages)
+            ret = SendBuffered(ssl);
     }
 
-    #ifdef WOLFSSL_DTLS
-        if (ssl->options.dtls) {
-            if ((ret = DtlsPoolSave(ssl, output, sendSz)) != 0)
-                return ret;
-        }
-    #endif
+    if (ret != WANT_WRITE) {
+        /* Clean up the fragment offset. */
+        ssl->fragOffset = 0;
+        #ifdef WOLFSSL_DTLS
+        if (ssl->options.dtls)
+            ssl->keys.dtls_handshake_number++;
+        #endif
+        if (ssl->options.side == WOLFSSL_SERVER_END)
+            ssl->options.serverState = SERVER_CERT_COMPLETE;
+    }
 
-    #ifdef WOLFSSL_CALLBACKS
-        if (ssl->hsInfoOn) AddPacketName("Certificate", &ssl->handShakeInfo);
-        if (ssl->toInfoOn)
-            AddPacketInfo("Certificate", &ssl->timeoutInfo, output, sendSz,
-                           ssl->heap);
-    #endif
-
-    if (ssl->options.side == WOLFSSL_SERVER_END)
-        ssl->options.serverState = SERVER_CERT_COMPLETE;
-
-    ssl->buffers.outputBuffer.length += sendSz;
-    if (ssl->options.groupMessages)
-        return 0;
-    else
-        return SendBuffered(ssl);
+    return ret;
 }
 
 
diff --git a/src/ssl.c b/src/ssl.c
index 2b34f41dc..b30e97537 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -5408,8 +5408,10 @@ int wolfSSL_dtls_got_timeout(WOLFSSL* ssl)
 
         if (ssl->buffers.outputBuffer.length > 0) {
             if ( (ssl->error = SendBuffered(ssl)) == 0) {
-                ssl->options.connectState++;
-                WOLFSSL_MSG("connect state: Advanced from buffered send");
+                if (ssl->fragOffset == 0) {
+                    ssl->options.connectState++;
+                    WOLFSSL_MSG("connect state: Advanced from buffered send");
+                }
             }
             else {
                 WOLFSSL_ERROR(ssl->error);
@@ -5724,8 +5726,10 @@ int wolfSSL_dtls_got_timeout(WOLFSSL* ssl)
 
         if (ssl->buffers.outputBuffer.length > 0) {
             if ( (ssl->error = SendBuffered(ssl)) == 0) {
-                ssl->options.acceptState++;
-                WOLFSSL_MSG("accept state: Advanced from buffered send");
+                if (ssl->fragOffset == 0) {
+                    ssl->options.acceptState++;
+                    WOLFSSL_MSG("accept state: Advanced from buffered send");
+                }
             }
             else {
                 WOLFSSL_ERROR(ssl->error);
diff --git a/wolfssl/internal.h b/wolfssl/internal.h
index 87162e935..dcada77e5 100644
--- a/wolfssl/internal.h
+++ b/wolfssl/internal.h
@@ -2284,6 +2284,7 @@ struct WOLFSSL {
     int             rflags;             /* user read  flags */
     int             wflags;             /* user write flags */
     word32          timeout;            /* session timeout */
+    word32          fragOffset;         /* fragment offset */
     word16          curSize;
     RecordLayerHeader curRL;
     MsgsReceived    msgsReceived;       /* peer messages received */

From 7fa4302a806d8afd6ff28cfa4e3158a790968888 Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Fri, 14 Aug 2015 12:49:30 -0700
Subject: [PATCH 333/350] disable static PSK cipher suites by default

---
 examples/echoclient/echoclient.c |  2 ++
 examples/echoserver/echoserver.c |  2 ++
 wolfssl/internal.h               | 10 +++++++---
 3 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/examples/echoclient/echoclient.c b/examples/echoclient/echoclient.c
index bbf82ea9e..257648762 100644
--- a/examples/echoclient/echoclient.c
+++ b/examples/echoclient/echoclient.c
@@ -143,6 +143,8 @@ void echoclient_test(void* args)
         CyaSSL_CTX_set_psk_client_callback(ctx, my_psk_client_cb);
         #ifdef HAVE_NULL_CIPHER
             defaultCipherList = "PSK-NULL-SHA256";
+        #elif defined(HAVE_AESGCM) && !defined(NO_DH)
+            defaultCipherList = "DHE-PSK-AES128-GCM-SHA256";
         #else
             defaultCipherList = "PSK-AES128-CBC-SHA256";
         #endif
diff --git a/examples/echoserver/echoserver.c b/examples/echoserver/echoserver.c
index cb512f4d8..1a3581069 100644
--- a/examples/echoserver/echoserver.c
+++ b/examples/echoserver/echoserver.c
@@ -210,6 +210,8 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
         CyaSSL_CTX_use_psk_identity_hint(ctx, "cyassl server");
         #ifdef HAVE_NULL_CIPHER
             defaultCipherList = "PSK-NULL-SHA256";
+        #elif defined(HAVE_AESGCM) && !defined(NO_DH)
+            defaultCipherList = "DHE-PSK-AES128-GCM-SHA256";
         #else
             defaultCipherList = "PSK-AES128-CBC-SHA256";
         #endif
diff --git a/wolfssl/internal.h b/wolfssl/internal.h
index 87162e935..79829f3a1 100644
--- a/wolfssl/internal.h
+++ b/wolfssl/internal.h
@@ -293,6 +293,7 @@ typedef byte word24[3];
         #endif
     #endif
 
+#if defined(WOLFSSL_STATIC_PSK)
     #if !defined(NO_PSK) && !defined(NO_AES) && !defined(NO_TLS)
         #if !defined(NO_SHA)
             #define BUILD_TLS_PSK_WITH_AES_128_CBC_SHA
@@ -317,6 +318,7 @@ typedef byte word24[3];
             #endif
         #endif
     #endif
+#endif
 
     #if !defined(NO_TLS) && defined(HAVE_NULL_CIPHER)
         #if !defined(NO_RSA)
@@ -329,7 +331,7 @@ typedef byte word24[3];
                 #endif
             #endif
         #endif
-        #if !defined(NO_PSK)
+        #if !defined(NO_PSK) && defined(WOLFSSL_STATIC_PSK)
             #if !defined(NO_SHA)
                 #define BUILD_TLS_PSK_WITH_NULL_SHA
             #endif
@@ -574,7 +576,8 @@ typedef byte word24[3];
 
 #if defined(BUILD_TLS_RSA_WITH_AES_128_CBC_SHA) || \
     defined(BUILD_TLS_RSA_WITH_AES_256_CBC_SHA) || \
-    defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256)
+    defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256) || \
+    defined(BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256)
     #undef  BUILD_AES
     #define BUILD_AES
 #endif
@@ -582,7 +585,8 @@ typedef byte word24[3];
 #if defined(BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256) || \
     defined(BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256) || \
     defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256) || \
-    defined(BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256)
+    defined(BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256) || \
+    defined(BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256)
     #define BUILD_AESGCM
 #endif
 

From a4cbc3b9438b2431e594d8459210605aba37cac0 Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Fri, 14 Aug 2015 12:58:00 -0700
Subject: [PATCH 334/350] fix google external test w/o ecdhe

---
 examples/client/client.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/examples/client/client.c b/examples/client/client.c
index cb9c40f33..1dedf320f 100644
--- a/examples/client/client.c
+++ b/examples/client/client.c
@@ -499,6 +499,12 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
             done = 1;  /* external cert chain most likely has SHA */
         #endif
 
+        #if !defined(HAVE_ECC) && !defined(WOLFSSL_STATIC_RSA)
+            if (!XSTRNCMP(domain, "www.google.com", 14)) {
+                done = 1;  /* google needs ECDHE or static RSA */
+            }
+        #endif
+
         if (done) {
             printf("external test can't be run in this mode");
 

From 34ac1a33f3216a67504d39d145aa9407e516c451 Mon Sep 17 00:00:00 2001
From: Chris Conlon <chris@wolfssl.com>
Date: Fri, 14 Aug 2015 15:21:23 -0600
Subject: [PATCH 335/350] Freescale: Add support for KSDK (FREESCALE_KSDK_MQX)

---
 src/internal.c               |  4 ++--
 src/io.c                     | 32 ++++++++++++++++++++---------
 wolfcrypt/src/asn.c          |  6 +++---
 wolfcrypt/src/random.c       |  2 +-
 wolfssl/internal.h           |  2 +-
 wolfssl/ssl.h                |  2 +-
 wolfssl/wolfcrypt/settings.h | 40 ++++++++++++++++++++++++++++++------
 wolfssl/wolfcrypt/types.h    |  3 ++-
 wolfssl/wolfcrypt/wc_port.h  |  4 ++--
 9 files changed, 68 insertions(+), 27 deletions(-)

diff --git a/src/internal.c b/src/internal.c
index 0755a9496..ab6f3a3e9 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -45,7 +45,7 @@
 #endif
 
 #if defined(DEBUG_WOLFSSL) || defined(SHOW_SECRETS) || defined(CHACHA_AEAD_TEST)
-    #ifdef FREESCALE_MQX
+    #if defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX)
         #if MQX_USE_IO_OLD
             #include <fio.h>
         #else
@@ -2479,7 +2479,7 @@ ProtocolVersion MakeDTLSv1_2(void)
 
     #endif
 
-#elif defined(FREESCALE_MQX)
+#elif defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX)
 
     word32 LowResTimer(void)
     {
diff --git a/src/io.c b/src/io.c
index fac843b40..5bd24273f 100644
--- a/src/io.c
+++ b/src/io.c
@@ -57,6 +57,8 @@
     #elif defined(FREESCALE_MQX)
         #include <posix.h>
         #include <rtcs.h>
+    #elif defined(FREESCALE_KSDK_MQX)
+        #include <rtcs.h>
     #elif defined(WOLFSSL_MDK_ARM)
         #if defined(WOLFSSL_MDK5)
             #include "cmsis_os.h"
@@ -129,15 +131,25 @@
     #define SOCKET_EPIPE       SYS_NET_EPIPE
     #define SOCKET_ECONNREFUSED SYS_NET_ECONNREFUSED
     #define SOCKET_ECONNABORTED SYS_NET_ECONNABORTED
-#elif defined(FREESCALE_MQX)
-    /* RTCS doesn't have an EWOULDBLOCK error */
-    #define SOCKET_EWOULDBLOCK EAGAIN
-    #define SOCKET_EAGAIN      EAGAIN
-    #define SOCKET_ECONNRESET  RTCSERR_TCP_CONN_RESET
-    #define SOCKET_EINTR       EINTR
-    #define SOCKET_EPIPE       EPIPE
-    #define SOCKET_ECONNREFUSED RTCSERR_TCP_CONN_REFUSED
-    #define SOCKET_ECONNABORTED RTCSERR_TCP_CONN_ABORTED
+#elif defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX)
+    #if MQX_USE_IO_OLD
+        /* RTCS old I/O doesn't have an EWOULDBLOCK */
+        #define SOCKET_EWOULDBLOCK  EAGAIN
+        #define SOCKET_EAGAIN       EAGAIN
+        #define SOCKET_ECONNRESET   RTCSERR_TCP_CONN_RESET
+        #define SOCKET_EINTR        EINTR
+        #define SOCKET_EPIPE        EPIPE
+        #define SOCKET_ECONNREFUSED RTCSERR_TCP_CONN_REFUSED
+        #define SOCKET_ECONNABORTED RTCSERR_TCP_CONN_ABORTED
+    #else
+        #define SOCKET_EWOULDBLOCK  NIO_EWOULDBLOCK
+        #define SOCKET_EAGAIN       NIO_EAGAIN
+        #define SOCKET_ECONNRESET   NIO_ECONNRESET
+        #define SOCKET_EINTR        NIO_EINTR
+        #define SOCKET_EPIPE        NIO_EPIPE
+        #define SOCKET_ECONNREFUSED NIO_ECONNREFUSED
+        #define SOCKET_ECONNABORTED NIO_ECONNABORTED
+    #endif
 #elif defined(WOLFSSL_MDK_ARM)
     #if defined(WOLFSSL_MDK5)
         #define SOCKET_EWOULDBLOCK BSD_ERROR_WOULDBLOCK
@@ -200,7 +212,7 @@ static INLINE int TranslateReturnCode(int old, int sd)
 {
     (void)sd;
 
-#ifdef FREESCALE_MQX
+#if defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX)
     if (old == 0) {
         errno = SOCKET_EWOULDBLOCK;
         return -1;  /* convert to BSD style wouldblock as error */
diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
index 7b21b0aab..242c341b5 100644
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -66,7 +66,7 @@
 #endif
 
 #ifdef WOLFSSL_DEBUG_ENCODING
-    #ifdef FREESCALE_MQX
+    #if defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX)
         #if MQX_USE_IO_OLD
             #include <fio.h>
         #else
@@ -109,7 +109,7 @@
     #define XTIME(t1) pic32_time((t1))
     #define XGMTIME(c, t) gmtime((c))
     #define XVALIDATE_DATE(d, f, t) ValidateDate((d), (f), (t))
-#elif defined(FREESCALE_MQX)
+#elif defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX)
     #define XTIME(t1)  mqx_time((t1))
     #define XGMTIME(c, t) mqx_gmtime((c), (t))
     #define XVALIDATE_DATE(d, f, t) ValidateDate((d), (f), (t))
@@ -338,7 +338,7 @@ time_t pic32_time(time_t* timer)
 #endif /* MICROCHIP_TCPIP */
 
 
-#ifdef FREESCALE_MQX
+#if defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX)
 
 time_t mqx_time(time_t* timer)
 {
diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c
index 339114d96..dbf608f2e 100755
--- a/wolfcrypt/src/random.c
+++ b/wolfcrypt/src/random.c
@@ -1080,7 +1080,7 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
         }
     #endif /* WOLFSSL_MIC32MZ_RNG */
 
-#elif defined(FREESCALE_MQX)
+#elif defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX)
 
     #ifdef FREESCALE_K70_RNGA
         /*
diff --git a/wolfssl/internal.h b/wolfssl/internal.h
index 028ce0bed..6fe87a9f1 100644
--- a/wolfssl/internal.h
+++ b/wolfssl/internal.h
@@ -115,7 +115,7 @@
     /* do nothing */
 #elif defined(EBSNET)
     /* do nothing */
-#elif defined(FREESCALE_MQX)
+#elif defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX)
     /* do nothing */
 #elif defined(WOLFSSL_MDK_ARM)
     #if defined(WOLFSSL_MDK5)
diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h
index 863dcb0c9..f1c492afa 100644
--- a/wolfssl/ssl.h
+++ b/wolfssl/ssl.h
@@ -31,7 +31,7 @@
 #include <wolfssl/version.h>
 
 #ifndef NO_FILESYSTEM
-    #ifdef FREESCALE_MQX
+    #if defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX)
         #if MQX_USE_IO_OLD
             #include <fio.h>
         #else
diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h
index 8cdd73898..717ea6391 100644
--- a/wolfssl/wolfcrypt/settings.h
+++ b/wolfssl/wolfcrypt/settings.h
@@ -72,9 +72,12 @@
 /* Uncomment next line if building wolfSSL for LSR */
 /* #define WOLFSSL_LSR */
 
-/* Uncomment next line if building wolfSSL for Freescale MQX/RTCS/MFS */
+/* Uncomment next line if building for Freescale Classic MQX/RTCS/MFS */
 /* #define FREESCALE_MQX */
 
+/* Uncomment next line if building for Freescale KSDK MQX/RTCS/MFS */
+/* #define FREESCALE_KSDK_MQX */
+
 /* Uncomment next line if using STM32F2 */
 /* #define WOLFSSL_STM32F2 */
 
@@ -470,11 +473,7 @@
     #include "mqx.h"
     #ifndef NO_FILESYSTEM
         #include "mfs.h"
-        #if MQX_USE_IO_OLD
-            #include "fio.h"
-        #else
-            #include "nio.h"
-        #endif
+        #include "fio.h"
     #endif
     #ifndef SINGLE_THREADED
         #include "mutex.h"
@@ -485,6 +484,35 @@
     /* Note: MQX has no realloc, using fastmath above */
 #endif
 
+#ifdef FREESCALE_KSDK_MQX
+    #define SIZEOF_LONG_LONG 8
+    #define NO_WRITEV
+    #define NO_DEV_RANDOM
+    #define NO_RABBIT
+    #define NO_WOLFSSL_DIR
+    #define USE_FAST_MATH
+    #define TFM_TIMING_RESISTANT
+    #define NO_OLD_RNGNAME
+    #define FREESCALE_K70_RNGA
+    /* #define FREESCALE_K53_RNGB */
+    #include <mqx.h>
+    #ifndef NO_FILESYSTEM
+        #if MQX_USE_IO_OLD
+            #include <fio.h>
+        #else
+            #include <stdio.h>
+            #include <nio.h>
+        #endif
+    #endif
+    #ifndef SINGLE_THREADED
+        #include <mutex.h>
+    #endif
+
+    #define XMALLOC(s, h, t)    (void *)_mem_alloc_system((s))
+    #define XFREE(p, h, t)      {void* xp = (p); if ((xp)) _mem_free((xp));}
+    #define XREALLOC(p, n, h, t) _mem_realloc((p), (n)) /* since MQX 4.1.2 */
+#endif
+
 #ifdef WOLFSSL_STM32F2
     #define SIZEOF_LONG_LONG 8
     #define NO_DEV_RANDOM
diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h
index 0675af337..4a1dc31f8 100644
--- a/wolfssl/wolfcrypt/types.h
+++ b/wolfssl/wolfcrypt/types.h
@@ -179,7 +179,8 @@
 	    #define XREALLOC(p, n, h, t) realloc((p), (n))
 	#elif !defined(MICRIUM_MALLOC) && !defined(EBSNET) \
 	        && !defined(WOLFSSL_SAFERTOS) && !defined(FREESCALE_MQX) \
-	        && !defined(WOLFSSL_LEANPSK) && !defined(FREERTOS)
+	        && !defined(FREESCALE_KSDK_MQX) && !defined(WOLFSSL_LEANPSK) \
+            && !defined(FREERTOS)
 	    /* default C runtime, can install different routines at runtime via cbs */
 	    #include <wolfssl/wolfcrypt/memory.h>
 	    #define XMALLOC(s, h, t)     ((void)h, (void)t, wolfSSL_Malloc((s)))
diff --git a/wolfssl/wolfcrypt/wc_port.h b/wolfssl/wolfcrypt/wc_port.h
index c13f394f6..b525b5d54 100644
--- a/wolfssl/wolfcrypt/wc_port.h
+++ b/wolfssl/wolfcrypt/wc_port.h
@@ -53,7 +53,7 @@
     /* do nothing */
 #elif defined(EBSNET)
     /* do nothing */
-#elif defined(FREESCALE_MQX)
+#elif defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX)
     /* do nothing */
 #elif defined(WOLFSSL_MDK_ARM)
     #if defined(WOLFSSL_MDK5)
@@ -98,7 +98,7 @@
         typedef OS_MUTEX wolfSSL_Mutex;
     #elif defined(EBSNET)
         typedef RTP_MUTEX wolfSSL_Mutex;
-    #elif defined(FREESCALE_MQX)
+    #elif defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX)
         typedef MUTEX_STRUCT wolfSSL_Mutex;
     #elif defined(WOLFSSL_MDK_ARM)
         #if defined(WOLFSSL_CMSIS_RTOS)

From 4fb0519b37665e5c02ef27baabdee74b2cc6f1c8 Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Fri, 14 Aug 2015 15:06:12 -0700
Subject: [PATCH 336/350] clean up GCC and VS build warnings

---
 src/internal.c              |  9 ++++++---
 src/ssl.c                   |  6 ++----
 wolfssl/wolfcrypt/wc_port.h | 11 ++++++++---
 3 files changed, 16 insertions(+), 10 deletions(-)

diff --git a/src/internal.c b/src/internal.c
index ab6f3a3e9..26841116c 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -7422,8 +7422,9 @@ int SendFinished(WOLFSSL* ssl)
 #ifndef NO_CERTS
 int SendCertificate(WOLFSSL* ssl)
 {
-    int    length, ret = 0;
-    word32 certSz, certChainSz, headerSz, listSz, maxFragment, payloadSz;
+    int    ret = 0;
+    word32 certSz, certChainSz, headerSz, listSz, payloadSz;
+    word32 length, maxFragment;
 
     if (ssl->options.usingPSK_cipher || ssl->options.usingAnon_cipher)
         return 0;  /* not needed */
@@ -7448,6 +7449,8 @@ int SendCertificate(WOLFSSL* ssl)
             length += certChainSz;
             listSz += certChainSz;
         }
+        else
+            certChainSz = 0;
     }
 
     payloadSz = length;
@@ -7472,7 +7475,7 @@ int SendCertificate(WOLFSSL* ssl)
 
     while (length > 0 && ret == 0) {
         byte*  output = NULL;
-        word32 fragSz; /* How much of the certificate data are we copying? */
+        word32 fragSz = 0;
         word32 i = RECORD_HEADER_SZ;
         int    sendSz = RECORD_HEADER_SZ;
 
diff --git a/src/ssl.c b/src/ssl.c
index b30e97537..2676c0c17 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -97,17 +97,15 @@
 
 #endif /* WOLFSSSL_HAVE_MIN */
 
-#ifndef WOLFSSL_HAVE_MAX
+#if defined(WOLFSSL_DTLS) && !defined(WOLFSSL_HAVE_MAX)
 #define WOLFSSL_HAVE_MAX
 
-#ifdef WOLFSSL_DTLS
     static INLINE word32 max(word32 a, word32 b)
     {
         return a > b ? a : b;
     }
-#endif /* WOLFSSL_DTLS */
 
-#endif /* WOLFSSL_HAVE_MAX */
+#endif /* WOLFSSL_DTLS && !WOLFSSL_HAVE_MAX */
 
 
 #ifndef WOLFSSL_LEANPSK
diff --git a/wolfssl/wolfcrypt/wc_port.h b/wolfssl/wolfcrypt/wc_port.h
index b525b5d54..da747f017 100644
--- a/wolfssl/wolfcrypt/wc_port.h
+++ b/wolfssl/wolfcrypt/wc_port.h
@@ -194,9 +194,14 @@ WOLFSSL_LOCAL int UnLockMutex(wolfSSL_Mutex*);
 
 
 /* Windows API defines its own min() macro. */
-#if defined(USE_WINDOWS_API) && defined(min)
-    #define WOLFSSL_HAVE_MIN
-#endif
+#if defined(USE_WINDOWS_API)
+    #ifdef min
+        #define WOLFSSL_HAVE_MIN
+    #endif /* min */
+    #ifdef max
+        #define WOLFSSL_HAVE_MAX
+    #endif /* max */
+#endif /* USE_WINDOWS_API */
 
 
 #ifdef __cplusplus

From 6376736129ec972fbd9f300d9f35ac62a0971b65 Mon Sep 17 00:00:00 2001
From: Takashi Kojo <kojo@wolfsssl.com>
Date: Sat, 15 Aug 2015 16:51:23 +0900
Subject: [PATCH 337/350] HashFree for TI hash memory leak

---
 src/internal.c                  | 15 +++++----------
 wolfcrypt/src/hash.c            | 16 +++++++++++++---
 wolfcrypt/src/port/ti/ti-hash.c | 28 ++++++++++++++++++++++++++++
 wolfssl/wolfcrypt/hash.h        |  5 +++++
 4 files changed, 51 insertions(+), 13 deletions(-)
 mode change 100644 => 100755 wolfcrypt/src/hash.c
 mode change 100644 => 100755 wolfcrypt/src/port/ti/ti-hash.c
 mode change 100644 => 100755 wolfssl/wolfcrypt/hash.h

diff --git a/src/internal.c b/src/internal.c
index a7cd5b8e8..b2e5a360e 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -5940,13 +5940,12 @@ static INLINE void Md5Rounds(int rounds, const byte* data, int sz)
 {
     Md5 md5;
     int i;
-    byte dummy[MD5_DIGEST_SIZE] ;
 
     wc_InitMd5(&md5);
 
     for (i = 0; i < rounds; i++)
         wc_Md5Update(&md5, data, sz);
-    wc_Md5Final(&md5, dummy) ; /* in case needed to release resources */
+    wc_Md5Free(&md5) ; /* in case needed to release resources */
 }
 
 
@@ -5956,13 +5955,12 @@ static INLINE void ShaRounds(int rounds, const byte* data, int sz)
 {
     Sha sha;
     int i;
-    byte dummy[SHA_DIGEST_SIZE] ;
 
     wc_InitSha(&sha);  /* no error check on purpose, dummy round */
 
     for (i = 0; i < rounds; i++)
         wc_ShaUpdate(&sha, data, sz);
-    wc_ShaFinal(&sha, dummy) ; /* in case needed to release resources */
+    wc_ShaFree(&sha) ; /* in case needed to release resources */
 }
 #endif
 
@@ -5973,7 +5971,6 @@ static INLINE void Sha256Rounds(int rounds, const byte* data, int sz)
 {
     Sha256 sha256;
     int i;
-    byte dummy[SHA256_DIGEST_SIZE] ;
 
     wc_InitSha256(&sha256);  /* no error check on purpose, dummy round */
 
@@ -5981,7 +5978,7 @@ static INLINE void Sha256Rounds(int rounds, const byte* data, int sz)
         wc_Sha256Update(&sha256, data, sz);
         /* no error check on purpose, dummy round */
     }
-    wc_Sha256Final(&sha256, dummy) ; /* in case needed to release resources */
+    wc_Sha256Free(&sha256) ; /* in case needed to release resources */
 }
 
 #endif
@@ -5993,7 +5990,6 @@ static INLINE void Sha384Rounds(int rounds, const byte* data, int sz)
 {
     Sha384 sha384;
     int i;
-    byte dummy[SHA384_DIGEST_SIZE] ;
 
     wc_InitSha384(&sha384);  /* no error check on purpose, dummy round */
 
@@ -6001,7 +5997,7 @@ static INLINE void Sha384Rounds(int rounds, const byte* data, int sz)
         wc_Sha384Update(&sha384, data, sz);
         /* no error check on purpose, dummy round */
     }
-    wc_Sha384Final(&sha384, dummy) ; /* in case needed to release resources */
+    wc_Sha384Free(&sha384) ; /* in case needed to release resources */
 }
 
 #endif
@@ -6013,7 +6009,6 @@ static INLINE void Sha512Rounds(int rounds, const byte* data, int sz)
 {
     Sha512 sha512;
     int i;
-    byte dummy[SHA512_DIGEST_SIZE] ;
 
     wc_InitSha512(&sha512);  /* no error check on purpose, dummy round */
 
@@ -6021,7 +6016,7 @@ static INLINE void Sha512Rounds(int rounds, const byte* data, int sz)
         wc_Sha512Update(&sha512, data, sz);
         /* no error check on purpose, dummy round */
     }
-    wc_Sha512Final(&sha512, dummy) ; /* in case needed to release resources */
+    wc_Sha512Free(&sha512) ; /* in case needed to release resources */
 }
 
 #endif
diff --git a/wolfcrypt/src/hash.c b/wolfcrypt/src/hash.c
old mode 100644
new mode 100755
index d397e91fa..5adb06552
--- a/wolfcrypt/src/hash.c
+++ b/wolfcrypt/src/hash.c
@@ -42,6 +42,9 @@ void wc_Md5GetHash(Md5* md5, byte* hash)
 WOLFSSL_API void wc_Md5RestorePos(Md5* m1, Md5* m2) {
     *m1 = *m2 ;
 }
+
+WOLFSSL_API void wc_Md5Free(Md5* md5) { (void) md5 ; }
+
 #endif
 
 #if !defined(NO_SHA)
@@ -89,6 +92,8 @@ int wc_ShaHash(const byte* data, word32 len, byte* hash)
 
 }
 
+WOLFSSL_API void wc_ShaFree(Sha* sha) { (void) sha ; }
+
 #endif /* !defined(NO_SHA) */
 
 #if !defined(NO_SHA256)
@@ -136,8 +141,12 @@ int wc_Sha256Hash(const byte* data, word32 len, byte* hash)
 
     return ret;
 }
+
+WOLFSSL_API void wc_Sha256Free(Sha256* sha256) { (void)sha256 ; }
+
 #endif /* !defined(NO_SHA256) */
 
+#endif /* !defined(WOLFSSL_TI_HASH) */
 
 #if defined(WOLFSSL_SHA512)
 int wc_Sha512Hash(const byte* data, word32 len, byte* hash)
@@ -172,6 +181,8 @@ int wc_Sha512Hash(const byte* data, word32 len, byte* hash)
     return ret;
 }
 
+WOLFSSL_API void wc_Sha512Free(Sha512* sha512) { (void)sha512 ; }
+
 #if defined(WOLFSSL_SHA384)
 int wc_Sha384Hash(const byte* data, word32 len, byte* hash)
 {
@@ -205,8 +216,7 @@ int wc_Sha384Hash(const byte* data, word32 len, byte* hash)
     return ret;
 }
 
+WOLFSSL_API void wc_Sha384Free(Sha384* sha384) { (void) sha384 ; }
+
 #endif /* defined(WOLFSSL_SHA384) */
 #endif /* defined(WOLFSSL_SHA512) */
-
-#endif /* !defined(WOLFSSL_TI_HASH) */
-
diff --git a/wolfcrypt/src/port/ti/ti-hash.c b/wolfcrypt/src/port/ti/ti-hash.c
old mode 100644
new mode 100755
index 04e6650b6..56526af86
--- a/wolfcrypt/src/port/ti/ti-hash.c
+++ b/wolfcrypt/src/port/ti/ti-hash.c
@@ -151,6 +151,13 @@ static int hashHash(const byte* data, word32 len, byte* hash, word32 algo, word3
     return ret;
 }
 
+static int hashFree(wolfssl_TI_Hash *hash)
+{   
+    XFREE(hash->msg, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    hashInit(hash) ;
+    return 0 ;
+}
+
 #if !defined(NO_MD5)
 WOLFSSL_API void wc_InitMd5(Md5* md5)
 {
@@ -183,6 +190,11 @@ WOLFSSL_API int wc_Md5Hash(const byte*data, word32 len, byte*hash)
     return hashHash(data, len, hash, SHAMD5_ALGO_MD5, MD5_DIGEST_SIZE) ;
 }
 
+WOLFSSL_API void wc_Md5Free(Md5* md5)
+{
+    hashFree((wolfssl_TI_Hash *)md5) ;
+}
+
 #endif /* NO_MD5 */
 
 #if !defined(NO_SHA)
@@ -217,6 +229,11 @@ WOLFSSL_API int wc_ShaHash(const byte*data, word32 len, byte*hash)
     return hashHash(data, len, hash, SHAMD5_ALGO_SHA1, SHA_DIGEST_SIZE) ;
 }
 
+WOLFSSL_API void wc_ShaFree(Sha* sha)
+{
+    hashFree((wolfssl_TI_Hash *)sha) ;
+}
+
 #endif /* NO_SHA */
 
 #if defined(HAVE_SHA224)
@@ -251,6 +268,11 @@ WOLFSSL_API int wc_Sha224Hash(const byte* data, word32 len, byte*hash)
     return hashHash(data, len, hash, SHAMD5_ALGO_SHA224, SHA224_DIGEST_SIZE) ;
 }
 
+WOLFSSL_API void wc_Sha224Free(Sha224* sha224)
+{
+    hashFree((wolfssl_TI_Hash *)sha224) ;
+}
+
 #endif /* HAVE_SHA224 */
 
 #if !defined(NO_SHA256)
@@ -284,6 +306,12 @@ WOLFSSL_API int wc_Sha256Hash(const byte* data, word32 len, byte*hash)
 {
     return hashHash(data, len, hash, SHAMD5_ALGO_SHA256, SHA256_DIGEST_SIZE) ;
 }
+
+WOLFSSL_API void wc_Sha256Free(Sha256* sha256)
+{
+    hashFree((wolfssl_TI_Hash *)sha256) ;
+}
+
 #endif
 
 #endif
diff --git a/wolfssl/wolfcrypt/hash.h b/wolfssl/wolfcrypt/hash.h
old mode 100644
new mode 100755
index 2b35d5a6a..3b4e33af8
--- a/wolfssl/wolfcrypt/hash.h
+++ b/wolfssl/wolfcrypt/hash.h
@@ -28,6 +28,7 @@
 #include <wolfssl/wolfcrypt/md5.h>
 WOLFSSL_API void wc_Md5GetHash(Md5*, byte*);
 WOLFSSL_API void wc_Md5RestorePos(Md5*, Md5*) ;
+WOLFSSL_API void wc_Md5Free(Md5*);
 #endif
 
 #ifndef NO_SHA
@@ -35,6 +36,7 @@ WOLFSSL_API void wc_Md5RestorePos(Md5*, Md5*) ;
 WOLFSSL_API int wc_ShaGetHash(Sha*, byte*);
 WOLFSSL_API void wc_ShaRestorePos(Sha*, Sha*) ;
 WOLFSSL_API int wc_ShaHash(const byte*, word32, byte*);
+WOLFSSL_API void wc_ShaFree(Sha*);
 #endif
 
 #ifndef NO_SHA256
@@ -42,13 +44,16 @@ WOLFSSL_API int wc_ShaHash(const byte*, word32, byte*);
 WOLFSSL_API int wc_Sha256GetHash(Sha256*, byte*);
 WOLFSSL_API void wc_Sha256RestorePos(Sha256*, Sha256*) ;
 WOLFSSL_API int wc_Sha256Hash(const byte*, word32, byte*);
+WOLFSSL_API void wc_Sha256Free(Sha256*);
 #endif
 
 #ifdef WOLFSSL_SHA512
 #include <wolfssl/wolfcrypt/sha512.h>
 WOLFSSL_API int wc_Sha512Hash(const byte*, word32, byte*);
+WOLFSSL_API void wc_Sha512Free(Sha512*);
     #if defined(WOLFSSL_SHA384)
         WOLFSSL_API int wc_Sha384Hash(const byte*, word32, byte*);
+        WOLFSSL_API void wc_Sha384Free(Sha384*);
     #endif /* defined(WOLFSSL_SHA384) */
 #endif /* WOLFSSL_SHA512 */
 

From c812379924bb730357966a080057a39ccfa37c5d Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Mon, 17 Aug 2015 14:39:40 -0700
Subject: [PATCH 338/350] fix shadow decl in DsaKeyToDer()

---
 wolfcrypt/src/asn.c | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
index ac1f68d2d..1640072a4 100644
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -1444,8 +1444,8 @@ int wc_DsaKeyToDer(DsaKey* key, byte* output, word32 inLen)
     word32 seqSz, verSz, rawLen, intTotalLen = 0;
     word32 sizes[DSA_INTS];
     int    i, j, outLen, ret = 0, lbit;
-    int   err ;
-	
+    int    err;
+
     byte  seq[MAX_SEQ_SZ];
     byte  ver[MAX_VERSION_SZ];
     byte* tmps[DSA_INTS];
@@ -1481,8 +1481,6 @@ int wc_DsaKeyToDer(DsaKey* key, byte* output, word32 inLen)
         sizes[i] = SetLength(rawLen, tmps[i] + 1) + 1 + lbit; /* tag & lbit */
 
         if (sizes[i] <= MAX_SEQ_SZ) {
-            int err;
-
             /* leading zero */
             if (lbit)
                 tmps[i][sizes[i]-1] = 0x00;

From 049a4c64603154a85965f9d362afdd166e00ffb6 Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Mon, 17 Aug 2015 16:47:39 -0700
Subject: [PATCH 339/350] fix C++ mode warnings

---
 src/ssl.c                     | 36 ++++++++++++++++++-----------------
 tests/suites.c                |  4 ++--
 wolfcrypt/src/fe_operations.c |  2 +-
 3 files changed, 22 insertions(+), 20 deletions(-)

diff --git a/src/ssl.c b/src/ssl.c
index 2676c0c17..30e266011 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -13534,7 +13534,7 @@ int wolfSSL_PEM_write_mem_RSAPrivateKey(RSA* rsa, const EVP_CIPHER* cipher,
     }
 
     /* Key to DER */
-    derSz = wc_RsaKeyToDer(rsa->internal, der, der_max_len);
+    derSz = wc_RsaKeyToDer((RsaKey*)rsa->internal, der, der_max_len);
     if (derSz < 0) {
         WOLFSSL_MSG("wc_RsaKeyToDer failed");
         XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -13747,7 +13747,8 @@ static int SetECKeyExternal(WOLFSSL_EC_KEY* eckey)
 
     if (eckey->pub_key->internal != NULL) {
         /* set the internal public key */
-        if (wc_ecc_copy_point(&key->pubkey, eckey->pub_key->internal) != MP_OKAY) {
+        if (wc_ecc_copy_point(&key->pubkey,
+                             (ecc_point*)eckey->pub_key->internal) != MP_OKAY) {
             WOLFSSL_MSG("SetECKeyExternal ecc_copy_point failed");
             return SSL_FATAL_ERROR;
         }
@@ -13958,7 +13959,7 @@ WOLFSSL_EC_KEY *wolfSSL_EC_KEY_new(void)
     }
     XMEMSET(external->internal, 0, sizeof(ecc_key));
 
-    wc_ecc_init(external->internal);
+    wc_ecc_init((ecc_key*)external->internal);
 
     /* public key */
     external->pub_key = (WOLFSSL_EC_POINT*)XMALLOC(sizeof(WOLFSSL_EC_POINT),
@@ -13970,7 +13971,7 @@ WOLFSSL_EC_KEY *wolfSSL_EC_KEY_new(void)
     }
     XMEMSET(external->pub_key, 0, sizeof(WOLFSSL_EC_POINT));
 
-    key = external->internal;
+    key = (ecc_key*)external->internal;
     external->pub_key->internal = (ecc_point*)&key->pubkey;
 
     /* curve group */
@@ -14309,15 +14310,15 @@ int wolfSSL_EC_GROUP_get_order(const WOLFSSL_EC_GROUP *group,
         return SSL_FAILURE;
     }
 
-    if (mp_init(order->internal) != MP_OKAY) {
+    if (mp_init((mp_int*)order->internal) != MP_OKAY) {
         WOLFSSL_MSG("wolfSSL_EC_GROUP_get_order mp_init failure");
         return SSL_FAILURE;
     }
 
-    if (mp_read_radix(order->internal, ecc_sets[group->curve_idx].order,
-                      16) != MP_OKAY) {
+    if (mp_read_radix((mp_int*)order->internal,
+                      ecc_sets[group->curve_idx].order, 16) != MP_OKAY) {
         WOLFSSL_MSG("wolfSSL_EC_GROUP_get_order mp_read order failure");
-        mp_clear(order->internal);
+        mp_clear((mp_int*)order->internal);
         return SSL_FAILURE;
     }
 
@@ -14356,7 +14357,8 @@ int wolfSSL_ECPoint_i2d(const WOLFSSL_EC_GROUP *group,
     if (out != NULL)
         wolfssl_EC_POINT_dump("i2d p", p);
 #endif
-    err = wc_ecc_export_point_der(group->curve_idx, p->internal, out, len);
+    err = wc_ecc_export_point_der(group->curve_idx, (ecc_point*)p->internal,
+                                  out, len);
     if (err != MP_OKAY && !(out == NULL && err == LENGTH_ONLY_E)) {
         WOLFSSL_MSG("wolfSSL_ECPoint_i2d wc_ecc_export_point_der failed");
         return SSL_FAILURE;
@@ -14379,7 +14381,7 @@ int wolfSSL_ECPoint_d2i(unsigned char *in, unsigned int len,
     }
 
     if (wc_ecc_import_point_der(in, len, group->curve_idx,
-                                p->internal) != MP_OKAY) {
+                                (ecc_point*)p->internal) != MP_OKAY) {
         WOLFSSL_MSG("wc_ecc_import_point_der failed");
         return SSL_FAILURE;
     }
@@ -14602,7 +14604,7 @@ int wolfSSL_EC_POINT_is_at_infinity(const WOLFSSL_EC_GROUP *group,
         }
     }
 
-    ret = wc_ecc_point_is_at_infinity(point->internal);
+    ret = wc_ecc_point_is_at_infinity((ecc_point*)point->internal);
     if (ret <= 0) {
         WOLFSSL_MSG("ecc_point_is_at_infinity failure");
         return SSL_FAILURE;
@@ -14904,7 +14906,7 @@ int wolfSSL_PEM_write_mem_ECPrivateKey(WOLFSSL_EC_KEY* ecc,
     }
 
     /* Key to DER */
-    derSz = wc_EccKeyToDer(ecc->internal, der, der_max_len);
+    derSz = wc_EccKeyToDer((ecc_key*)ecc->internal, der, der_max_len);
     if (derSz < 0) {
         WOLFSSL_MSG("wc_DsaKeyToDer failed");
         XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -15077,7 +15079,7 @@ int wolfSSL_PEM_write_mem_DSAPrivateKey(WOLFSSL_DSA* dsa,
     }
 
     /* Key to DER */
-    derSz = wc_DsaKeyToDer(dsa->internal, der, der_max_len);
+    derSz = wc_DsaKeyToDer((DsaKey*)dsa->internal, der, der_max_len);
     if (derSz < 0) {
         WOLFSSL_MSG("wc_DsaKeyToDer failed");
         XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -16020,11 +16022,11 @@ long wolfSSL_CTX_set_tmp_dh(WOLFSSL_CTX* ctx, WOLFSSL_DH* dh)
     if(pSz <= 0 || gSz <= 0)
         return SSL_FATAL_ERROR;
 
-    p = XMALLOC(pSz, ctx->heap, DYNAMIC_TYPE_DH);
+    p = (byte*)XMALLOC(pSz, ctx->heap, DYNAMIC_TYPE_DH);
     if(!p)
         return MEMORY_E;
 
-    g = XMALLOC(gSz, ctx->heap, DYNAMIC_TYPE_DH);
+    g = (byte*)XMALLOC(gSz, ctx->heap, DYNAMIC_TYPE_DH);
     if(!g) {
         XFREE(p, ctx->heap, DYNAMIC_TYPE_DH);
         return MEMORY_E;
@@ -16066,10 +16068,10 @@ int wolfSSL_SESSION_get_ex_new_index(long idx, void* data, void* cb1,
     (void)cb1;
     (void)cb2;
     (void)cb3;
-    if(XSTRNCMP(data, "redirect index", 14) == 0) {
+    if(XSTRNCMP((const char*)data, "redirect index", 14) == 0) {
         return 0;
     }
-    else if(XSTRNCMP(data, "addr index", 10) == 0) {
+    else if(XSTRNCMP((const char*)data, "addr index", 10) == 0) {
         return 1;
     }
     return SSL_FAILURE;
diff --git a/tests/suites.c b/tests/suites.c
index bd8a8da3f..4ffe25398 100644
--- a/tests/suites.c
+++ b/tests/suites.c
@@ -57,7 +57,7 @@ static char svrPort[] = "0";
 static int IsSslVersion(const char* line)
 {
     const char* find = "-v ";
-    char* begin = strstr(line, find);
+    const char* begin = strstr(line, find);
 
     if (begin) {
         int version = -1;
@@ -79,7 +79,7 @@ static int IsSslVersion(const char* line)
 static int IsOldTlsVersion(const char* line)
 {
     const char* find = "-v ";
-    char* begin = strstr(line, find);
+    const char* begin = strstr(line, find);
 
     if (begin) {
         int version = -1;
diff --git a/wolfcrypt/src/fe_operations.c b/wolfcrypt/src/fe_operations.c
index 9259403ec..0908a755c 100644
--- a/wolfcrypt/src/fe_operations.c
+++ b/wolfcrypt/src/fe_operations.c
@@ -1318,7 +1318,7 @@ Preconditions:
    |f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
 */
 
-static const unsigned char zero[32];
+static const unsigned char zero[32] = {0};
 
 int fe_isnonzero(const fe f)
 {

From 5cffea7aac43c855ce9e74086b5bd348410be25d Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Mon, 17 Aug 2015 17:27:29 -0700
Subject: [PATCH 340/350] clean static analysis report in cert fragmentation

---
 src/internal.c | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/src/internal.c b/src/internal.c
index 26841116c..36d2086ab 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -7458,10 +7458,8 @@ int SendCertificate(WOLFSSL* ssl)
     if (ssl->fragOffset != 0)
         length -= (ssl->fragOffset + headerSz);
 
-    if (!ssl->options.dtls) {
-        maxFragment = MAX_RECORD_SIZE;
-    }
-    else {
+    maxFragment = MAX_RECORD_SIZE;
+    if (ssl->options.dtls) {
     #ifdef WOLFSSL_DTLS
         maxFragment = MAX_MTU - DTLS_RECORD_HEADER_SZ
                       - DTLS_HANDSHAKE_HEADER_SZ - 100;
@@ -7590,7 +7588,6 @@ int SendCertificate(WOLFSSL* ssl)
             i += copySz;
             ssl->fragOffset += copySz;
             length -= copySz;
-            fragSz -= copySz;
         }
 
         if (ssl->keys.encryptionOn) {

From 82aaff9e43046b30d5aa96596155099142a99e3f Mon Sep 17 00:00:00 2001
From: Takashi Kojo <kojo@wolfsssl.com>
Date: Tue, 18 Aug 2015 11:22:51 +0900
Subject: [PATCH 341/350] Eliminate hash free in DoRound with non-TI case

---
 wolfcrypt/src/hash.c     | 10 ----------
 wolfssl/wolfcrypt/hash.h | 26 +++++++++++++++++++++++---
 2 files changed, 23 insertions(+), 13 deletions(-)

diff --git a/wolfcrypt/src/hash.c b/wolfcrypt/src/hash.c
index 5adb06552..58fce69f8 100755
--- a/wolfcrypt/src/hash.c
+++ b/wolfcrypt/src/hash.c
@@ -43,8 +43,6 @@ WOLFSSL_API void wc_Md5RestorePos(Md5* m1, Md5* m2) {
     *m1 = *m2 ;
 }
 
-WOLFSSL_API void wc_Md5Free(Md5* md5) { (void) md5 ; }
-
 #endif
 
 #if !defined(NO_SHA)
@@ -92,8 +90,6 @@ int wc_ShaHash(const byte* data, word32 len, byte* hash)
 
 }
 
-WOLFSSL_API void wc_ShaFree(Sha* sha) { (void) sha ; }
-
 #endif /* !defined(NO_SHA) */
 
 #if !defined(NO_SHA256)
@@ -142,8 +138,6 @@ int wc_Sha256Hash(const byte* data, word32 len, byte* hash)
     return ret;
 }
 
-WOLFSSL_API void wc_Sha256Free(Sha256* sha256) { (void)sha256 ; }
-
 #endif /* !defined(NO_SHA256) */
 
 #endif /* !defined(WOLFSSL_TI_HASH) */
@@ -181,8 +175,6 @@ int wc_Sha512Hash(const byte* data, word32 len, byte* hash)
     return ret;
 }
 
-WOLFSSL_API void wc_Sha512Free(Sha512* sha512) { (void)sha512 ; }
-
 #if defined(WOLFSSL_SHA384)
 int wc_Sha384Hash(const byte* data, word32 len, byte* hash)
 {
@@ -216,7 +208,5 @@ int wc_Sha384Hash(const byte* data, word32 len, byte* hash)
     return ret;
 }
 
-WOLFSSL_API void wc_Sha384Free(Sha384* sha384) { (void) sha384 ; }
-
 #endif /* defined(WOLFSSL_SHA384) */
 #endif /* defined(WOLFSSL_SHA512) */
diff --git a/wolfssl/wolfcrypt/hash.h b/wolfssl/wolfcrypt/hash.h
index 3b4e33af8..50e5d88be 100755
--- a/wolfssl/wolfcrypt/hash.h
+++ b/wolfssl/wolfcrypt/hash.h
@@ -28,7 +28,11 @@
 #include <wolfssl/wolfcrypt/md5.h>
 WOLFSSL_API void wc_Md5GetHash(Md5*, byte*);
 WOLFSSL_API void wc_Md5RestorePos(Md5*, Md5*) ;
-WOLFSSL_API void wc_Md5Free(Md5*);
+#if defined(WOLFSSL_TI_HASH)
+    WOLFSSL_API void wc_Md5Free(Md5*);
+#else
+    #define wc_Md5Free(d)
+#endif
 #endif
 
 #ifndef NO_SHA
@@ -36,7 +40,11 @@ WOLFSSL_API void wc_Md5Free(Md5*);
 WOLFSSL_API int wc_ShaGetHash(Sha*, byte*);
 WOLFSSL_API void wc_ShaRestorePos(Sha*, Sha*) ;
 WOLFSSL_API int wc_ShaHash(const byte*, word32, byte*);
-WOLFSSL_API void wc_ShaFree(Sha*);
+#if defined(WOLFSSL_TI_HASH)
+     WOLFSSL_API void wc_ShaFree(Sha*);
+#else
+    #define wc_ShaFree(d)
+#endif
 #endif
 
 #ifndef NO_SHA256
@@ -44,16 +52,28 @@ WOLFSSL_API void wc_ShaFree(Sha*);
 WOLFSSL_API int wc_Sha256GetHash(Sha256*, byte*);
 WOLFSSL_API void wc_Sha256RestorePos(Sha256*, Sha256*) ;
 WOLFSSL_API int wc_Sha256Hash(const byte*, word32, byte*);
-WOLFSSL_API void wc_Sha256Free(Sha256*);
+#if defined(WOLFSSL_TI_HASH)
+    WOLFSSL_API void wc_Sha256Free(Sha256*);
+#else
+    #define wc_Sha256Free(d)
+#endif
 #endif
 
 #ifdef WOLFSSL_SHA512
 #include <wolfssl/wolfcrypt/sha512.h>
 WOLFSSL_API int wc_Sha512Hash(const byte*, word32, byte*);
+#if defined(WOLFSSL_TI_HASH)
 WOLFSSL_API void wc_Sha512Free(Sha512*);
+#else
+#define wc_Sha512Free(d)
+#endif
     #if defined(WOLFSSL_SHA384)
         WOLFSSL_API int wc_Sha384Hash(const byte*, word32, byte*);
+        #if defined(WOLFSSL_TI_HASH)
         WOLFSSL_API void wc_Sha384Free(Sha384*);
+        #else
+        #define wc_Sha384Free(d)
+        #endif
     #endif /* defined(WOLFSSL_SHA384) */
 #endif /* WOLFSSL_SHA512 */
 

From 3b9ec2c1199fb467f5b60d39626d6204c02db5cb Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Tue, 18 Aug 2015 12:31:34 -0700
Subject: [PATCH 342/350] add extern C to hash.h

---
 wolfssl/wolfcrypt/hash.h | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/wolfssl/wolfcrypt/hash.h b/wolfssl/wolfcrypt/hash.h
index 50e5d88be..4cdd85f11 100755
--- a/wolfssl/wolfcrypt/hash.h
+++ b/wolfssl/wolfcrypt/hash.h
@@ -24,6 +24,10 @@
 
 #include <wolfssl/wolfcrypt/types.h>
 
+#ifdef __cplusplus
+    extern "C" {
+#endif
+
 #ifndef NO_MD5
 #include <wolfssl/wolfcrypt/md5.h>
 WOLFSSL_API void wc_Md5GetHash(Md5*, byte*);
@@ -63,19 +67,23 @@ WOLFSSL_API int wc_Sha256Hash(const byte*, word32, byte*);
 #include <wolfssl/wolfcrypt/sha512.h>
 WOLFSSL_API int wc_Sha512Hash(const byte*, word32, byte*);
 #if defined(WOLFSSL_TI_HASH)
-WOLFSSL_API void wc_Sha512Free(Sha512*);
+    WOLFSSL_API void wc_Sha512Free(Sha512*);
 #else
-#define wc_Sha512Free(d)
+    #define wc_Sha512Free(d)
 #endif
     #if defined(WOLFSSL_SHA384)
         WOLFSSL_API int wc_Sha384Hash(const byte*, word32, byte*);
         #if defined(WOLFSSL_TI_HASH)
-        WOLFSSL_API void wc_Sha384Free(Sha384*);
+            WOLFSSL_API void wc_Sha384Free(Sha384*);
         #else
-        #define wc_Sha384Free(d)
+            #define wc_Sha384Free(d)
         #endif
     #endif /* defined(WOLFSSL_SHA384) */
 #endif /* WOLFSSL_SHA512 */
 
 
+#ifdef __cplusplus
+    } /* extern "C" */
+#endif
+
 #endif /* WOLF_CRYPT_HASH_H */

From b0d90918f9ee0d6da5a5d9916e9b09a9aa14c156 Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Tue, 18 Aug 2015 21:00:17 -0700
Subject: [PATCH 343/350] fix issue between certificate fragmentation and
 secure renegotiation

---
 src/internal.c | 27 ++++++++++++++++-----------
 1 file changed, 16 insertions(+), 11 deletions(-)

diff --git a/src/internal.c b/src/internal.c
index 8844c9ac8..73d837847 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -7523,15 +7523,17 @@ int SendCertificate(WOLFSSL* ssl)
         if (ssl->fragOffset == 0) {
             if (!ssl->options.dtls) {
                 AddFragHeaders(output, fragSz, 0, payloadSz, certificate, ssl);
-                HashOutputRaw(ssl, output + RECORD_HEADER_SZ,
-                              HANDSHAKE_HEADER_SZ);
+                if (!ssl->keys.encryptionOn)
+                    HashOutputRaw(ssl, output + RECORD_HEADER_SZ,
+                                  HANDSHAKE_HEADER_SZ);
             }
             else {
             #ifdef WOLFSSL_DTLS
                 AddHeaders(output, payloadSz, certificate, ssl);
-                HashOutputRaw(ssl,
-                              output + RECORD_HEADER_SZ + DTLS_RECORD_EXTRA,
-                              HANDSHAKE_HEADER_SZ + DTLS_HANDSHAKE_EXTRA);
+                if (!ssl->keys.encryptionOn)
+                    HashOutputRaw(ssl,
+                                  output + RECORD_HEADER_SZ + DTLS_RECORD_EXTRA,
+                                  HANDSHAKE_HEADER_SZ + DTLS_HANDSHAKE_EXTRA);
                 /* Adding the headers increments these, decrement them for
                  * actual message header. */
                 ssl->keys.dtls_sequence_number--;
@@ -7543,21 +7545,24 @@ int SendCertificate(WOLFSSL* ssl)
 
             /* list total */
             c32to24(listSz, output + i);
-            HashOutputRaw(ssl, output + i, CERT_HEADER_SZ);
+            if (!ssl->keys.encryptionOn)
+                HashOutputRaw(ssl, output + i, CERT_HEADER_SZ);
             i += CERT_HEADER_SZ;
             length -= CERT_HEADER_SZ;
             fragSz -= CERT_HEADER_SZ;
             if (certSz) {
                 c32to24(certSz, output + i);
-                HashOutputRaw(ssl, output + i, CERT_HEADER_SZ);
+                if (!ssl->keys.encryptionOn)
+                    HashOutputRaw(ssl, output + i, CERT_HEADER_SZ);
                 i += CERT_HEADER_SZ;
                 length -= CERT_HEADER_SZ;
                 fragSz -= CERT_HEADER_SZ;
 
-                HashOutputRaw(ssl, ssl->buffers.certificate.buffer, certSz);
-                if (certChainSz) {
-                    HashOutputRaw(ssl,
-                                  ssl->buffers.certChain.buffer, certChainSz);
+                if (!ssl->keys.encryptionOn) {
+                    HashOutputRaw(ssl, ssl->buffers.certificate.buffer, certSz);
+                    if (certChainSz)
+                        HashOutputRaw(ssl, ssl->buffers.certChain.buffer,
+                                      certChainSz);
                 }
             }
         }

From b3aa98147ad02106a535b8cf293af023f971d761 Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Wed, 19 Aug 2015 12:29:20 -0700
Subject: [PATCH 344/350] fix description text for enable-sslv3 configure
 option

---
 configure.ac | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/configure.ac b/configure.ac
index dfce641b1..73aab6651 100644
--- a/configure.ac
+++ b/configure.ac
@@ -889,7 +889,7 @@ fi
 
 # SSLv3
 AC_ARG_ENABLE([sslv3],
-    [  --enable-sslv3         Enable SSL version 3.0 (default: disabled)],
+    [AS_HELP_STRING([--enable-sslv3],[Enable SSL version 3.0 (default: disabled)])],
     [ ENABLED_SSLV3=$enableval ],
     [ ENABLED_SSLV3=no]
     )

From dfb8d34d0b06099f612f050a1887b316023ffbc0 Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Wed, 19 Aug 2015 14:18:48 -0700
Subject: [PATCH 345/350] 3.6.6 release notes

---
 README             | 20 ++++++++++++++++++--
 README.md          | 20 ++++++++++++++++++--
 configure.ac       |  4 ++--
 rpm/spec.in        |  2 +-
 support/wolfssl.pc |  2 +-
 wolfssl/version.h  |  4 ++--
 6 files changed, 42 insertions(+), 10 deletions(-)

diff --git a/README b/README
index 74abbb0e8..84a0acb92 100644
--- a/README
+++ b/README
@@ -34,13 +34,29 @@ before calling wolfSSL_new();  Though it's not recommended.
 
 *** end Notes ***
 
-wolfSSL (Formerly CyaSSL) Release 3.6.2 (07/20/2015)
+wolfSSL (Formerly CyaSSL) Release 3.6.6 (08/20/2015)
 
-Release 3.6.2 of wolfSSL is an intermediate custom release including:
+Release 3.6.6 of wolfSSL has bug fixes and new features including:
 
 - OpenSSH  compatibility with --enable-openssh
 - stunnel  compatibility with --enable-stunnel
 - lighttpd compatibility with --enable-lighty
+- SSLv3 is now disabled by default, can be enabled with --enable-sslv3
+- Ephemeral key cipher suites only are now supported by default
+    To enable static ECDH cipher suites define WOLFSSL_STATIC_DH
+    To enable static  RSA cipher suites define WOLFSSL_STATIC_RSA
+    To enable static  PSK cipher suites define WOLFSSL_STATIC_PSK
+- Added QSH (quantum-safe handshake) extension with --enable-ntru
+- SRP is now part of wolfCrypt, enable with --enabe-srp
+- Certificate handshake messages can now be sent fragmented if the record
+  size is smaller than the total message size, no user action required.
+- DTLS duplicate message fixes
+- Visual Studio project files now support DLL and static builds for 32/64bit.
+- Support for new Freesacle I/O
+- FreeRTOS FIPS support
+
+- No high level security fixes that requires an update though we always
+  recommend updating to the latest
 
 See INSTALL file for build instructions.
 More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html
diff --git a/README.md b/README.md
index edbfb9d35..e5e7bcb85 100644
--- a/README.md
+++ b/README.md
@@ -38,13 +38,29 @@ before calling wolfSSL_new();  Though it's not recommended.
 - GNU Binutils 2.24 ld has problems with some debug builds, to fix an ld error
   add -fdebug-types-section to C_EXTRA_FLAGS
 
-#wolfSSL (Formerly CyaSSL) Release 3.6.2 (07/20/2015)
+#wolfSSL (Formerly CyaSSL) Release 3.6.6 (08/20/2015)
 
-##Release 3.6.2 of wolfSSL is an intermediate custom release including:
+##Release 3.6.6 of wolfSSL has bug fixes and new features including:
 
 - OpenSSH  compatibility with --enable-openssh
 - stunnel  compatibility with --enable-stunnel
 - lighttpd compatibility with --enable-lighty
+- SSLv3 is now disabled by default, can be enabled with --enable-sslv3
+- Ephemeral key cipher suites only are now supported by default
+    To enable static ECDH cipher suites define WOLFSSL_STATIC_DH
+    To enable static  RSA cipher suites define WOLFSSL_STATIC_RSA
+    To enable static  PSK cipher suites define WOLFSSL_STATIC_PSK
+- Added QSH (quantum-safe handshake) extension with --enable-ntru
+- SRP is now part of wolfCrypt, enable with --enabe-srp
+- Certificate handshake messages can now be sent fragmented if the record
+  size is smaller than the total message size, no user action required.
+- DTLS duplicate message fixes
+- Visual Studio project files now support DLL and static builds for 32/64bit.
+- Support for new Freesacle I/O
+- FreeRTOS FIPS support
+
+- No high level security fixes that requires an update though we always
+  recommend updating to the latest
 
 See INSTALL file for build instructions.
 More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html
diff --git a/configure.ac b/configure.ac
index 73aab6651..57d6eb83d 100644
--- a/configure.ac
+++ b/configure.ac
@@ -6,7 +6,7 @@
 #
 #
 
-AC_INIT([wolfssl],[3.6.3],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[http://www.wolfssl.com])
+AC_INIT([wolfssl],[3.6.6],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[http://www.wolfssl.com])
 
 AC_CONFIG_AUX_DIR([build-aux])
 
@@ -31,7 +31,7 @@ AC_CONFIG_MACRO_DIR([m4])
 AC_CONFIG_HEADERS([config.h:config.in])dnl Keep filename to 8.3 for MS-DOS.
 
 #shared library versioning
-WOLFSSL_LIBRARY_VERSION=0:2:0
+WOLFSSL_LIBRARY_VERSION=0:3:0
 #                       | | |
 #                +------+ | +---+
 #                |        |     |
diff --git a/rpm/spec.in b/rpm/spec.in
index 2c5de469b..b9d4b21c7 100644
--- a/rpm/spec.in
+++ b/rpm/spec.in
@@ -69,7 +69,7 @@ mkdir -p $RPM_BUILD_ROOT/
 %{_libdir}/libwolfssl.la
 %{_libdir}/libwolfssl.so
 %{_libdir}/libwolfssl.so.0
-%{_libdir}/libwolfssl.so.0.0.2
+%{_libdir}/libwolfssl.so.0.0.3
 
 %files devel
 %defattr(-,root,root,-)
diff --git a/support/wolfssl.pc b/support/wolfssl.pc
index 619d3a7c2..a461151f9 100644
--- a/support/wolfssl.pc
+++ b/support/wolfssl.pc
@@ -5,6 +5,6 @@ includedir=${prefix}/include
 
 Name: wolfssl
 Description: wolfssl C library.
-Version: 3.6.3
+Version: 3.6.6
 Libs: -L${libdir} -lwolfssl
 Cflags: -I${includedir}
diff --git a/wolfssl/version.h b/wolfssl/version.h
index c14cdc514..8f69cdc53 100644
--- a/wolfssl/version.h
+++ b/wolfssl/version.h
@@ -26,8 +26,8 @@
 extern "C" {
 #endif
 
-#define LIBWOLFSSL_VERSION_STRING "3.6.3"
-#define LIBWOLFSSL_VERSION_HEX 0x03006003
+#define LIBWOLFSSL_VERSION_STRING "3.6.6"
+#define LIBWOLFSSL_VERSION_HEX 0x03006006
 
 #ifdef __cplusplus
 }

From 2f1836d9852835e5befa52c3ae328c693c3c4d01 Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Wed, 19 Aug 2015 16:52:16 -0700
Subject: [PATCH 346/350] fix snifftest bsd build

---
 sslSniffer/sslSnifferTest/snifftest.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/sslSniffer/sslSnifferTest/snifftest.c b/sslSniffer/sslSnifferTest/snifftest.c
index 8ffe24d5a..155a14954 100755
--- a/sslSniffer/sslSnifferTest/snifftest.c
+++ b/sslSniffer/sslSnifferTest/snifftest.c
@@ -60,6 +60,7 @@ int main(void)
 #ifndef _WIN32
     #include <sys/socket.h>    /* AF_INET */
     #include <arpa/inet.h>
+    #include <netinet/in.h>
 #endif
 
 typedef unsigned char byte;

From a47af476d1ef7d7de301e0f88a77fe09a5d0b55a Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Thu, 20 Aug 2015 17:11:00 -0700
Subject: [PATCH 347/350] add REAMDE note about static cipher suites disabled
 and compiler error detection

---
 README    | 30 ++++++++++++++----------------
 README.md | 33 +++++++++++++++------------------
 src/ssl.c |  7 +++++++
 3 files changed, 36 insertions(+), 34 deletions(-)

diff --git a/README b/README
index 84a0acb92..ae115e98d 100644
--- a/README
+++ b/README
@@ -1,24 +1,22 @@
 *** Notes, Please read ***
 
 Note 1)
-wolfSSL now needs all examples and tests to be run from the wolfSSL home
-directory.  This is because it finds certs and keys from ./certs/.  Trying to
-maintain the ability to run each program from its own directory, the testsuite
-directory, the main directory (for make check/test), and for the various
-different project layouts (with or without config) was becoming harder and
-harder.  Now to run testsuite just do:
+wolfSSL as of 3.6.6 no longer enables SSLv3 by default.  wolfSSL also no
+longer supports static key cipher suites with PSK, RSA, or ECDH.  This means
+if you plan to use TLS cipher suites you must enable DH (DH is on  by default),
+or enable ECC (ECC is on by default on 64bit systems), or you must enable static
+key cipher suites with
+    WOLFSSL_STATI_DH
+    WOLFSSL_STATIC_RSA
+    or
+    WOLFSSL_STATIC_PSK
 
-./testsuite/testsuite
-
-or
-
-make check    (when using autoconf)
-
-On *nix or Windows the examples and testsuite will check to see if the current
-directory is the source directory and if so, attempt to change to the wolfSSL
-home directory.  This should work in most setup cases, if not, just follow the
-beginning of the note and specify the full path.
+though static key cipher suites are deprecated and will be removed from future
+versions of TLS.  They also lower your security by removing PFS.
 
+When compiling ssl.c wolfSSL will now issue a comipler error if no cipher suites
+are available.  You can remove this error by defining WOLFSSL_ALLOW_NO_SUITES
+in the event that you desire that, i.e., you're not using TLS cipher suites.
 
 Note 2)
 wolfSSL takes a different approach to certificate verification than OpenSSL
diff --git a/README.md b/README.md
index e5e7bcb85..87874f2e6 100644
--- a/README.md
+++ b/README.md
@@ -2,27 +2,27 @@
 
 ## Note 1
 ```
-wolfSSL now needs all examples and tests to be run from the wolfSSL home
-directory.  This is because it finds certs and keys from ./certs/.  Trying to
-maintain the ability to run each program from its own directory, the testsuite
-directory, the main directory (for make check/test), and for the various
-different project layouts (with or without config) was becoming harder and 
-harder.  Now to run testsuite just do:
+wolfSSL as of 3.6.6 no longer enables SSLv3 by default.  wolfSSL also no
+longer supports static key cipher suites with PSK, RSA, or ECDH.  This means
+if you plan to use TLS cipher suites you must enable DH (DH is on  by default),
+or enable ECC (ECC is on by default on 64bit systems), or you must enable static
+key cipher suites with
+    WOLFSSL_STATI_DH
+    WOLFSSL_STATIC_RSA
+    or
+    WOLFSSL_STATIC_PSK
 
-./testsuite/testsuite
+though static key cipher suites are deprecated and will be removed from future
+versions of TLS.  They also lower your security by removing PFS.
 
-or 
-
-make check    (when using autoconf)
-
-On *nix or Windows the examples and testsuite will check to see if the current
-directory is the source directory and if so, attempt to change to the wolfSSL
-home directory.  This should work in most setup cases, if not, just follow the
-beginning of the note and specify the full path.
+When compiling ssl.c wolfSSL will now issue a comipler error if no cipher suites
+are available.  You can remove this error by defining WOLFSSL_ALLOW_NO_SUITES
+in the event that you desire that, i.e., you're not using TLS cipher suites.
 ```
 
 ## Note 2
 ```
+
 wolfSSL takes a different approach to certificate verification than OpenSSL
 does.  The default policy for the client is to verify the server, this means
 that if you don't load CAs to verify the server you'll get a connect error,
@@ -35,9 +35,6 @@ wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
 before calling wolfSSL_new();  Though it's not recommended.
 ```
 
-- GNU Binutils 2.24 ld has problems with some debug builds, to fix an ld error
-  add -fdebug-types-section to C_EXTRA_FLAGS
-
 #wolfSSL (Formerly CyaSSL) Release 3.6.6 (08/20/2015)
 
 ##Release 3.6.6 of wolfSSL has bug fixes and new features including:
diff --git a/src/ssl.c b/src/ssl.c
index 30e266011..74194b2ca 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -33,6 +33,13 @@
 #include <wolfssl/error-ssl.h>
 #include <wolfssl/wolfcrypt/coding.h>
 
+#ifndef WOLFSSL_ALLOW_NO_SUITES
+    #if defined(NO_DH) && !defined(HAVE_ECC) && !defined(WOLFSSL_STATIC_RSA) \
+                  && !defined(WOLFSSL_STATIC_DH) && !defined(WOLFSSL_STATIC_PSK)
+        #error "No cipher suites defined becuase DH disabled, ECC disabled, and no static suites defined. Please see top of README"
+    #endif
+#endif
+
 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || \
                               defined(WOLFSSL_KEY_GEN)
     #include <wolfssl/openssl/evp.h>

From a93aa8972ecb6f036255fcf0f701ecca05eaf9af Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Thu, 20 Aug 2015 13:33:44 -0700
Subject: [PATCH 348/350] fix sniffer crash with reassembly processing

---
 src/sniffer.c | 24 +++++++++++++-----------
 1 file changed, 13 insertions(+), 11 deletions(-)

diff --git a/src/sniffer.c b/src/sniffer.c
index b2e1f3b48..938eea225 100644
--- a/src/sniffer.c
+++ b/src/sniffer.c
@@ -2617,30 +2617,32 @@ static int HaveMoreInput(SnifferSession* session, const byte** sslFrame,
     word32*        length = (session->flags.side == WOLFSSL_SERVER_END) ?
                                &session->sslServer->buffers.inputBuffer.length :
                                &session->sslClient->buffers.inputBuffer.length;
-    byte*          myBuffer = (session->flags.side == WOLFSSL_SERVER_END) ?
-                                session->sslServer->buffers.inputBuffer.buffer :
-                                session->sslClient->buffers.inputBuffer.buffer;
-    word32       bufferSize = (session->flags.side == WOLFSSL_SERVER_END) ?
-                            session->sslServer->buffers.inputBuffer.bufferSize :
-                            session->sslClient->buffers.inputBuffer.bufferSize;
+    byte**         myBuffer = (session->flags.side == WOLFSSL_SERVER_END) ?
+                               &session->sslServer->buffers.inputBuffer.buffer :
+                               &session->sslClient->buffers.inputBuffer.buffer;
+    word32*       bufferSize = (session->flags.side == WOLFSSL_SERVER_END) ?
+                           &session->sslServer->buffers.inputBuffer.bufferSize :
+                           &session->sslClient->buffers.inputBuffer.bufferSize;
     SSL*               ssl  = (session->flags.side == WOLFSSL_SERVER_END) ?
                             session->sslServer : session->sslClient;
     
     while (*front && ((*front)->begin == *expected) ) {
-        word32 room = bufferSize - *length;
+        word32 room = *bufferSize - *length;
         word32 packetLen = (*front)->end - (*front)->begin + 1;
 
-        if (packetLen > room && bufferSize < MAX_INPUT_SZ) {
+        if (packetLen > room && *bufferSize < MAX_INPUT_SZ) {
             if (GrowInputBuffer(ssl, packetLen, *length) < 0) {
                 SetError(MEMORY_STR, error, session, FATAL_ERROR_STATE);
                 return 0;
             }
+            room = *bufferSize - *length;   /* bufferSize is now bigger */
         }
         
         if (packetLen <= room) {
             PacketBuffer* del = *front;
+            byte*         buf = *myBuffer;
             
-            XMEMCPY(&myBuffer[*length], (*front)->data, packetLen);
+            XMEMCPY(&buf[*length], (*front)->data, packetLen);
             *length   += packetLen;
             *expected += packetLen;
             
@@ -2654,9 +2656,9 @@ static int HaveMoreInput(SnifferSession* session, const byte** sslFrame,
             break;
     }
     if (moreInput) {
-        *sslFrame = myBuffer;
+        *sslFrame = *myBuffer;
         *sslBytes = *length;
-        *end      = myBuffer + *length;
+        *end      = *myBuffer + *length;
     }
     return moreInput;
 }

From 5ce39e147d681ba9deeb0172d190562eef223ffe Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Thu, 20 Aug 2015 14:48:53 -0700
Subject: [PATCH 349/350] clean up sniffer packet overlap issue

---
 src/sniffer.c | 29 ++++++++++++++++++++++++++++-
 1 file changed, 28 insertions(+), 1 deletion(-)

diff --git a/src/sniffer.c b/src/sniffer.c
index 938eea225..25a46ef09 100644
--- a/src/sniffer.c
+++ b/src/sniffer.c
@@ -2429,7 +2429,10 @@ static int AdjustSequence(TcpInfo* tcpInfo, SnifferSession* session,
             /* adjust to expected, remove duplicate */
             *sslFrame += overlap;
             *sslBytes -= overlap;
-                
+
+            /* The following conditional block is duplicated below. It is the
+             * same action but for a different setup case. If changing this
+             * block be sure to also update the block below. */
             if (reassemblyList) {
                 word32 newEnd = *expected + *sslBytes;
                     
@@ -2461,6 +2464,30 @@ static int AdjustSequence(TcpInfo* tcpInfo, SnifferSession* session,
         else if (tcpInfo->fin)
             return AddFinCapture(session, real);
     }
+    else {
+        /* The following conditional block is duplicated above. It is the
+         * same action but for a different setup case. If changing this
+         * block be sure to also update the block above. */
+        if (reassemblyList) {
+            word32 newEnd = *expected + *sslBytes;
+
+            if (newEnd > reassemblyList->begin) {
+                Trace(OVERLAP_REASSEMBLY_BEGIN_STR);
+
+                /* remove bytes already on reassembly list */
+                *sslBytes -= newEnd - reassemblyList->begin;
+            }
+            if (newEnd > reassemblyList->end) {
+                Trace(OVERLAP_REASSEMBLY_END_STR);
+
+                /* may be past reassembly list end (could have more on list)
+                   so try to add what's past the front->end */
+                AddToReassembly(session->flags.side, reassemblyList->end +1,
+                            *sslFrame + reassemblyList->end - *expected + 1,
+                             newEnd - reassemblyList->end, session, error);
+            }
+        }
+    }
     /* got expected sequence */
     *expected += *sslBytes;
     if (tcpInfo->fin)

From bd65b06459513463513cc28a8299c4ac107b5443 Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Fri, 21 Aug 2015 21:49:43 -0700
Subject: [PATCH 350/350] remove name decorator from wolfcrypt error reporting
 function prototypes

---
 wolfssl/wolfcrypt/error-crypt.h | 2 --
 1 file changed, 2 deletions(-)

diff --git a/wolfssl/wolfcrypt/error-crypt.h b/wolfssl/wolfcrypt/error-crypt.h
index 340d1db75..6e783085c 100644
--- a/wolfssl/wolfcrypt/error-crypt.h
+++ b/wolfssl/wolfcrypt/error-crypt.h
@@ -27,8 +27,6 @@
 
 #ifdef HAVE_FIPS
 	#include <cyassl/ctaocrypt/error-crypt.h>
-	#define wc_ErrorString    CTaoCryptErrorString
-	#define wc_GetErrorString CTaoCryptGetErrorString
 #endif /* HAVE_FIPS */
 
 #ifdef __cplusplus