bump dev version

allow ecc.c to read settings
minor warnings fixes
2025-07-29 18:27:29 +02:00 · 2012-11-14 17:57:27 -08:00 · 2012-11-14 17:55:20 -08:00 · 2012-11-13 18:32:13 -08:00 · 2012-11-12 14:25:59 -07:00 · 2012-11-07 17:10:34 -08:00
230 changed files with 38158 additions and 3524 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,3 +1,4 @@
+*.swp
 *.lo
 *.la
 *.o
@ -11,9 +12,12 @@ config*
 *Release/
 *.ncb
 *.suo
+build-aux/
+rpm/spec
 stamp-h
 libtool.m4
 aclocal.m4
+aminclude.am
 lt*.m4
 INSTALL
 Makefile.in
@ -22,6 +26,9 @@ depcomp
 missing
 libtool
 tags
+.tags*
+cyassl-config
+cyassl.sublime*
 ctaocrypt/benchmark/benchmark
 ctaocrypt/test/testctaocrypt
 examples/client/client
@ -31,6 +38,7 @@ examples/server/server
 snifftest
 output
 testsuite/testsuite
+tests/unit
 testsuite/*.der
 testsuite/*.pem
 testsuite/*.raw
@ -57,7 +65,13 @@ cyassl.xcodeproj/
 cyassl*rc*
 autoscan.log
 TAGS
+.DS_Store
 support/libcyassl.pc
-cyassl/version.h
 cyassl/ctaocrypt/stamp-h1
+swig/_cyassl.so
+swig/cyassl.py
+swig/cyassl.pyc
+swig/cyassl_wrap.c
 stamp-h1
+clang_output_*
+internal.plist
--- a/Makefile.am
+++ b/Makefile.am
@ -15,19 +15,16 @@ check_PROGRAMS =
 EXTRA_HEADERS =
 BUILT_SOURCES=
 EXTRA_DIST=
-doc_DATA=
+dist_doc_DATA=

-exampledir = $(docdir)/@PACKAGE@/example
-example_DATA=
-EXTRA_DIST+= $(example_DATA)
+#includes additional rules from aminclude.am
+@INC_AMINCLUDE@
+DISTCLEANFILES+= aminclude.am

-certsdir = $(sysconfdir)/ssl/certs
-certs_DATA=
-EXTRA_DIST+= $(certs_DATA)
+exampledir = $(docdir)/example
+dist_example_DATA=

-EXTRA_DIST+= $(doc_DATA)
-
-ACLOCAL_AMFLAGS= -I m4 --install
+ACLOCAL_AMFLAGS= -I m4

 EXTRA_DIST+= lib/dummy

@ -39,6 +36,7 @@ EXTRA_DIST+= cyassl.sln

 include cyassl/include.am
 include certs/include.am
+include certs/crl/include.am
 include doc/include.am
 include swig/include.am

@ -51,11 +49,38 @@ include examples/server/include.am
 include examples/echoclient/include.am
 include examples/echoserver/include.am
 include testsuite/include.am
+include tests/include.am
 include sslSniffer/sslSnifferTest/include.am
+include rpm/include.am

 TESTS += $(check_PROGRAMS)
 test: check

+maintainer-clean-local:
+	-rm Makefile.in
+	-rm aclocal.m4
+	-rm build-aux/compile
+	-rm build-aux/config.guess
+	-rm build-aux/config.sub
+	-rm build-aux/depcomp
+	-rm build-aux/install-sh
+	-rm build-aux/ltmain.sh
+	-rm build-aux/missing
+	-rm cyassl-config
+	-rmdir build-aux
+	-rm configure
+	-rm config.log
+	-rm config.status
+	-rm config.in
+	-rm m4/libtool.m4
+	-rm m4/ltoptions.m4
+	-rm m4/ltsugar.m4
+	-rm m4/ltversion.m4
+	-rm m4/lt~obsolete.m4
+	find . -type f -name '*~' -exec rm -f '{}' \;
+	-rm -f @PACKAGE@-*.tar.gz
+	-rm -f @PACKAGE@-*.rpm
+
 # !!!! first line of rule has to start with a hard (real) tab, not spaces
 egs:
 	$(MAKE) examples/client/client; \
@ -67,6 +92,12 @@ ctc:
 	$(MAKE) ctaocrypt/test/testctaocrypt; \
 	$(MAKE) ctaocrypt/benchmark/benchmark; 

+install-exec-local:	install-generic-config
+
+install-generic-config:
+	$(mkinstalldirs) $(DESTDIR)$(bindir)
+	$(INSTALL_SCRIPT) @GENERIC_CONFIG@ $(DESTDIR)$(bindir)
+
 merge-clean:
 	@find ./ | $(GREP) \.gcda | xargs rm -f
 	@find ./ | $(GREP) \.gcno | xargs rm -f
--- a/120
+++ b/120
@ -1,4 +1,4 @@
-*** Note, Please read ***
+*** Notes, Please read ***

 Note 1)
 CyaSSL now needs all examples and tests to be run from the CyaSSL home
@ -24,17 +24,127 @@ Note 2)
 CyaSSL takes a different approach to certificate verification than OpenSSL does.
 The default policy for the client is to verify the server, this means that if
 you don't load CAs to verify the server you'll get a connect error, unable to 
-verify.  It you want to mimic OpenSSL behavior of having SSL_connect succeed
-even if verifying the server fails and reducing security you can do this by
-calling:
+verify (-155).  It you want to mimic OpenSSL behavior of having SSL_connect
+succeed even if verifying the server fails and reducing security you can do
+this by calling:

 SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);

 before calling SSL_new();  Though it's not recommended.

+
+Note 3)
+The Freescale Kinetis K70 RNGA documentation can be found in Chapter 37 of the
+K70 Sub-Family Reference Manual:
+http://cache.freescale.com/files/microcontrollers/doc/ref_manual/K70P256M150SF3RM.pdf
+
 *** end Note ***

-CyaSSL Release 2.0.0rc3 (9/28/2011)
+CyaSSL Release 2.4.0 (10/10/2012)
+
+Release 2.4.0 CyaSSL has bug fixes and a few new features including:
+- DTLS reliability
+- Reduced memory usage after handshake
+- Updated build process
+
+The CyaSSL manual is available at:
+http://www.yassl.com/documentation/CyaSSL-Manual.pdf.  For build instructions 
+and comments about the new features please check the manual.
+
+
+
+*************** CyaSSL Release 2.3.0 (8/10/2012)
+
+Release 2.3.0 CyaSSL has bug fixes and a few new features including:
+- AES-GCM crypto and cipher suites
+- make test cipher suite checks
+- Subject AltName processing
+- Command line support for client/server examples
+- Sniffer SessionTicket support
+- SHA-384 cipher suites
+- Verify cipher suite validity when user overrides
+- CRL dir monitoring
+- DTLS Cookie support, reliability coming soon
+
+The CyaSSL manual is available at:
+http://www.yassl.com/documentation/CyaSSL-Manual.pdf.  For build instructions 
+and comments about the new features please check the manual.
+
+
+
+***************CyaSSL Release 2.2.0 (5/18/2012)
+
+Release 2.2.0 CyaSSL has bug fixes and a few new features including:
+- Initial CRL support (--enable-crl)
+- Initial OCSP support (--enable-ocsp)
+- Add static ECDH suites
+- SHA-384 support
+- ECC client certificate support
+- Add medium session cache size (1055 sessions) 
+- Updated unit tests
+- Protection against mutex reinitialization
+
+
+The CyaSSL manual is available at:
+http://www.yassl.com/documentation/CyaSSL-Manual.pdf.  For build instructions 
+and comments about the new features please check the manual.
+
+
+
+***************CyaSSL Release 2.0.8 (2/24/2012)
+
+Release 2.0.8 CyaSSL has bug fixes and a few new features including:
+- A fix for malicious certificates pointed out by Remi Gacogne (thanks)
+  resulting in NULL pointer use.
+- Respond to renegotiation attempt with no_renegoatation alert
+- Add basic path support for load_verify_locations()
+- Add set Temp EC-DHE key size
+- Extra checks on rsa test when porting into
+
+
+The CyaSSL manual is available at:
+http://www.yassl.com/documentation/CyaSSL-Manual.pdf.  For build instructions 
+and comments about the new features please check the manual.
+
+
+
+************* CyaSSL Release 2.0.6 (1/27/2012)
+
+Release 2.0.6 CyaSSL has bug fixes and a few new features including:
+- Fixes for CA basis constraint check
+- CTX reference counting
+- Initial unit test additions
+- Lean and Mean Windows fix
+- ECC benchmarking
+- SSMTP build support
+- Ability to group handshake messages with set_group_messages(ctx/ssl)
+- CA cache addition callback
+- Export Base64_Encode for general use
+
+The CyaSSL manual is available at:
+http://www.yassl.com/documentation/CyaSSL-Manual.pdf.  For build instructions 
+and comments about the new features please check the manual.
+
+
+
+************* CyaSSL Release 2.0.2 (12/05/2011)
+
+Release 2.0.2 CyaSSL has bug fixes and a few new features including:
+- CTaoCrypt Runtime library detection settings when directly using the crypto
+  library
+- Default certificate generation now uses SHAwRSA and adds SHA256wRSA generation
+- All test certificates now use 2048bit and SHA-1 for better modern browser
+  support
+- Direct AES block access and AES-CTR (counter) mode
+- Microchip pic32 support
+
+The CyaSSL manual is available at:
+http://www.yassl.com/documentation/CyaSSL-Manual.pdf.  For build instructions 
+and comments about the new features please check the manual.
+
+
+
+************* CyaSSL Release 2.0.0rc3 (9/28/2011)

 Release 2.0.0rc3 for CyaSSL has bug fixes and a few new features including:
 - updated autoconf support
--- a/autogen.sh
+++ b/autogen.sh
@ -3,4 +3,11 @@
 # Create configure and makefile stuff...
 #

-autoreconf -ivf -Wall
+if test -d .git; then
+  WARNINGS="all,error"
+else
+  WARNINGS="all"
+fi
+
+autoreconf --install --force --verbose
+ln -s -f ../../pre-commit.sh .git/hooks/pre-commit
--- a/certs/ca-cert.pem
+++ b/certs/ca-cert.pem
@ -1,56 +1,87 @@
+-----BEGIN CERTIFICATE-----
+MIIEnjCCA4agAwIBAgIJAOnQp195JfQ8MA0GCSqGSIb3DQEBBQUAMIGQMQswCQYD
+VQQGEwJVUzEQMA4GA1UECBMHTW9udGFuYTEQMA4GA1UEBxMHQm96ZW1hbjERMA8G
+A1UEChMIU2F3dG9vdGgxEzARBgNVBAsTCkNvbnN1bHRpbmcxFjAUBgNVBAMTDXd3
+dy55YXNzbC5jb20xHTAbBgkqhkiG9w0BCQEWDmluZm9AeWFzc2wuY29tMB4XDTEx
+MTAyNDE4MTgxNVoXDTE0MDcyMDE4MTgxNVowgZAxCzAJBgNVBAYTAlVTMRAwDgYD
+VQQIEwdNb250YW5hMRAwDgYDVQQHEwdCb3plbWFuMREwDwYDVQQKEwhTYXd0b290
+aDETMBEGA1UECxMKQ29uc3VsdGluZzEWMBQGA1UEAxMNd3d3Lnlhc3NsLmNvbTEd
+MBsGCSqGSIb3DQEJARYOaW5mb0B5YXNzbC5jb20wggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQC/DMotFLIehEJbzTgfSvJNdRDxtjWf38p9A5jTrN4DZu4q
+8diwfW4HVAsQmCFNgMsSIOfMT95FfclydzLqypC7aVIQAy+o85XF8YtiVhvvZ2+k
+EEGVrQqb46XAsNJwdlAwW6joCCx87aeieo04KRysx+3yfJWwlYJ9SVw4zXcl772A
+dVOUPD3KY1ufFbXTHRMvGdE823Y6zLh9yeXC19pAb9gh3HMbQi1TnP4a/H2rejY/
+mN6EfAVnzmoUOIep8Yy1aMtof3EgK/WgY/VWL6Mm0rdvsVoX1ziZCP6TWG/+wxNJ
+CBYLp01nAFIxZyNOmO1RRR25BNkL7Ngos0u97TZ5AgMBAAGjgfgwgfUwHQYDVR0O
+BBYEFCeOZxF0wyYdP+0zY7Ok2B0w5ejVMIHFBgNVHSMEgb0wgbqAFCeOZxF0wyYd
+P+0zY7Ok2B0w5ejVoYGWpIGTMIGQMQswCQYDVQQGEwJVUzEQMA4GA1UECBMHTW9u
+dGFuYTEQMA4GA1UEBxMHQm96ZW1hbjERMA8GA1UEChMIU2F3dG9vdGgxEzARBgNV
+BAsTCkNvbnN1bHRpbmcxFjAUBgNVBAMTDXd3dy55YXNzbC5jb20xHTAbBgkqhkiG
+9w0BCQEWDmluZm9AeWFzc2wuY29tggkA6dCnX3kl9DwwDAYDVR0TBAUwAwEB/zAN
+BgkqhkiG9w0BAQUFAAOCAQEAX4YU9FGLvKVOMNperJr4bNkmS5P54xyJb57us513
+PokgdqPm6IYVIdviM7I01dCf88Gkh5Jc+dH/MC+OA7yzPAwyo5BfGpAer53zntcH
+Aql9J2ZjL68Y16wYmIyDjzjzC6w2EHX7ynYTUFsCj3O/46Dug1IlVM4mzpy9L3mr
+G2C4kvEDwPw7CNnArdVyCCWAYS3cn6eDYgdH4AdMSwcwBKmHHFV/BxLQy0Jdy89m
+ARoX7vkPYLfbb2jlTkFibtNvYE9LJ97PGAfxE13LP6klRNpSXMgE4VYS9SqQTtHi
+rwG1I6HsMdp7Y2nEuPPnzqE9wNtt87LZRsifw7hwWh9/yg==
+-----END CERTIFICATE-----
 Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
-            8a:37:22:65:73:f5:aa:e8
-        Signature Algorithm: md5WithRSAEncryption
-        Issuer: C=US, ST=Montana, L=Bozeman, O=sawtooth, OU=consulting, CN=www.sawtooth-consulting.com/emailAddress=info@yassl.com
+            e9:d0:a7:5f:79:25:f4:3c
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.yassl.com/emailAddress=info@yassl.com
        Validity
-            Not Before: Jun 30 18:47:10 2010 GMT
-            Not After : Mar 26 18:47:10 2013 GMT
-        Subject: C=US, ST=Montana, L=Bozeman, O=sawtooth, OU=consulting, CN=www.sawtooth-consulting.com/emailAddress=info@yassl.com
+            Not Before: Oct 24 18:18:15 2011 GMT
+            Not After : Jul 20 18:18:15 2014 GMT
+        Subject: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.yassl.com/emailAddress=info@yassl.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (512 bit)
-                Modulus (512 bit):
-                    00:97:30:b9:1a:92:ef:25:4f:ca:4c:11:31:95:1a:
-                    e1:c0:10:19:0a:20:b9:37:80:1a:57:38:02:4e:1b:
-                    c5:0f:28:4f:da:e3:c9:16:aa:50:bd:4a:fb:b7:71:
-                    c7:35:cc:63:81:c1:dd:9d:33:f9:38:16:88:32:a0:
-                    aa:56:23:03:a3
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:bf:0c:ca:2d:14:b2:1e:84:42:5b:cd:38:1f:4a:
+                    f2:4d:75:10:f1:b6:35:9f:df:ca:7d:03:98:d3:ac:
+                    de:03:66:ee:2a:f1:d8:b0:7d:6e:07:54:0b:10:98:
+                    21:4d:80:cb:12:20:e7:cc:4f:de:45:7d:c9:72:77:
+                    32:ea:ca:90:bb:69:52:10:03:2f:a8:f3:95:c5:f1:
+                    8b:62:56:1b:ef:67:6f:a4:10:41:95:ad:0a:9b:e3:
+                    a5:c0:b0:d2:70:76:50:30:5b:a8:e8:08:2c:7c:ed:
+                    a7:a2:7a:8d:38:29:1c:ac:c7:ed:f2:7c:95:b0:95:
+                    82:7d:49:5c:38:cd:77:25:ef:bd:80:75:53:94:3c:
+                    3d:ca:63:5b:9f:15:b5:d3:1d:13:2f:19:d1:3c:db:
+                    76:3a:cc:b8:7d:c9:e5:c2:d7:da:40:6f:d8:21:dc:
+                    73:1b:42:2d:53:9c:fe:1a:fc:7d:ab:7a:36:3f:98:
+                    de:84:7c:05:67:ce:6a:14:38:87:a9:f1:8c:b5:68:
+                    cb:68:7f:71:20:2b:f5:a0:63:f5:56:2f:a3:26:d2:
+                    b7:6f:b1:5a:17:d7:38:99:08:fe:93:58:6f:fe:c3:
+                    13:49:08:16:0b:a7:4d:67:00:52:31:67:23:4e:98:
+                    ed:51:45:1d:b9:04:d9:0b:ec:d8:28:b3:4b:bd:ed:
+                    36:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
-                3B:66:FD:A0:40:C6:F4:E2:70:CF:21:1A:0C:4F:67:FE:B7:4B:42:09
+                27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
            X509v3 Authority Key Identifier: 
-                keyid:3B:66:FD:A0:40:C6:F4:E2:70:CF:21:1A:0C:4F:67:FE:B7:4B:42:09
-                DirName:/C=US/ST=Montana/L=Bozeman/O=sawtooth/OU=consulting/CN=www.sawtooth-consulting.com/emailAddress=info@yassl.com
-                serial:8A:37:22:65:73:F5:AA:E8
+                keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
+                DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.yassl.com/emailAddress=info@yassl.com
+                serial:E9:D0:A7:5F:79:25:F4:3C

            X509v3 Basic Constraints: 
                CA:TRUE
-    Signature Algorithm: md5WithRSAEncryption
-        32:65:a2:b1:dc:6d:e0:8d:8b:c8:58:29:8e:b8:18:4b:62:88:
-        13:67:f8:6c:75:46:75:8f:8a:19:a6:a3:d5:3c:fc:57:4e:7a:
-        68:a9:fc:93:dc:ae:29:7d:bb:4e:ec:ea:55:fa:a4:e3:00:61:
-        f4:b0:34:6d:d1:d5:a4:64:24:f8
-----BEGIN CERTIFICATE-----
-MIIDQDCCAuqgAwIBAgIJAIo3ImVz9aroMA0GCSqGSIb3DQEBBAUAMIGeMQswCQYD
-VQQGEwJVUzEQMA4GA1UECBMHTW9udGFuYTEQMA4GA1UEBxMHQm96ZW1hbjERMA8G
-A1UEChMIc2F3dG9vdGgxEzARBgNVBAsTCmNvbnN1bHRpbmcxJDAiBgNVBAMTG3d3
-dy5zYXd0b290aC1jb25zdWx0aW5nLmNvbTEdMBsGCSqGSIb3DQEJARYOaW5mb0B5
-YXNzbC5jb20wHhcNMTAwNjMwMTg0NzEwWhcNMTMwMzI2MTg0NzEwWjCBnjELMAkG
-A1UEBhMCVVMxEDAOBgNVBAgTB01vbnRhbmExEDAOBgNVBAcTB0JvemVtYW4xETAP
-BgNVBAoTCHNhd3Rvb3RoMRMwEQYDVQQLEwpjb25zdWx0aW5nMSQwIgYDVQQDExt3
-d3cuc2F3dG9vdGgtY29uc3VsdGluZy5jb20xHTAbBgkqhkiG9w0BCQEWDmluZm9A
-eWFzc2wuY29tMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJcwuRqS7yVPykwRMZUa
-4cAQGQoguTeAGlc4Ak4bxQ8oT9rjyRaqUL1K+7dxxzXMY4HB3Z0z+TgWiDKgqlYj
-A6MCAwEAAaOCAQcwggEDMB0GA1UdDgQWBBQ7Zv2gQMb04nDPIRoMT2f+t0tCCTCB
-0wYDVR0jBIHLMIHIgBQ7Zv2gQMb04nDPIRoMT2f+t0tCCaGBpKSBoTCBnjELMAkG
-A1UEBhMCVVMxEDAOBgNVBAgTB01vbnRhbmExEDAOBgNVBAcTB0JvemVtYW4xETAP
-BgNVBAoTCHNhd3Rvb3RoMRMwEQYDVQQLEwpjb25zdWx0aW5nMSQwIgYDVQQDExt3
-d3cuc2F3dG9vdGgtY29uc3VsdGluZy5jb20xHTAbBgkqhkiG9w0BCQEWDmluZm9A
-eWFzc2wuY29tggkAijciZXP1qugwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQF
-AANBADJlorHcbeCNi8hYKY64GEtiiBNn+Gx1RnWPihmmo9U8/FdOemip/JPcril9
-u07s6lX6pOMAYfSwNG3R1aRkJPg=
-----END CERTIFICATE-----
+    Signature Algorithm: sha1WithRSAEncryption
+        5f:86:14:f4:51:8b:bc:a5:4e:30:da:5e:ac:9a:f8:6c:d9:26:
+        4b:93:f9:e3:1c:89:6f:9e:ee:b3:9d:77:3e:89:20:76:a3:e6:
+        e8:86:15:21:db:e2:33:b2:34:d5:d0:9f:f3:c1:a4:87:92:5c:
+        f9:d1:ff:30:2f:8e:03:bc:b3:3c:0c:32:a3:90:5f:1a:90:1e:
+        af:9d:f3:9e:d7:07:02:a9:7d:27:66:63:2f:af:18:d7:ac:18:
+        98:8c:83:8f:38:f3:0b:ac:36:10:75:fb:ca:76:13:50:5b:02:
+        8f:73:bf:e3:a0:ee:83:52:25:54:ce:26:ce:9c:bd:2f:79:ab:
+        1b:60:b8:92:f1:03:c0:fc:3b:08:d9:c0:ad:d5:72:08:25:80:
+        61:2d:dc:9f:a7:83:62:07:47:e0:07:4c:4b:07:30:04:a9:87:
+        1c:55:7f:07:12:d0:cb:42:5d:cb:cf:66:01:1a:17:ee:f9:0f:
+        60:b7:db:6f:68:e5:4e:41:62:6e:d3:6f:60:4f:4b:27:de:cf:
+        18:07:f1:13:5d:cb:3f:a9:25:44:da:52:5c:c8:04:e1:56:12:
+        f5:2a:90:4e:d1:e2:af:01:b5:23:a1:ec:31:da:7b:63:69:c4:
+        b8:f3:e7:ce:a1:3d:c0:db:6d:f3:b2:d9:46:c8:9f:c3:b8:70:
+        5a:1f:7f:ca
--- a/certs/ca-key.der
+++ b/certs/ca-key.der
--- a/certs/ca-key.pem
+++ b/certs/ca-key.pem
@ -1,9 +1,27 @@
 -----BEGIN RSA PRIVATE KEY-----
-MIIBOQIBAAJBAJcwuRqS7yVPykwRMZUa4cAQGQoguTeAGlc4Ak4bxQ8oT9rjyRaq
-UL1K+7dxxzXMY4HB3Z0z+TgWiDKgqlYjA6MCAwEAAQJAEQ9TY7c+uuQU/J5YDO4a
-mRR37tegbq3Kyxqrz+p8QuhqLDtVh13GaF7rVU70vyNHm+cgihUyzho/PViAkPBo
-qQIhAMU8/RDhDLgL5BxID4sxKIVBtg+imFSbyKVyg7oQLUcXAiEAxDu94O45Cf4a
-np9R0thumY/QqWpCkycWAB7fFEuaf1UCIEH+bg4/vqm2ENUFp23DPPOZUPlaRe3J
-UhFJh5mx3/RxAiBq++8vfHFYg1Lb/BxOCXVy/zdRxf753ytdcXdJx1Y56QIgVgpN
-FNfYJofQfWaP96sjlc0usrT28uceHx0QmHqolVc=
+MIIEpAIBAAKCAQEAvwzKLRSyHoRCW804H0ryTXUQ8bY1n9/KfQOY06zeA2buKvHY
+sH1uB1QLEJghTYDLEiDnzE/eRX3Jcncy6sqQu2lSEAMvqPOVxfGLYlYb72dvpBBB
+la0Km+OlwLDScHZQMFuo6AgsfO2nonqNOCkcrMft8nyVsJWCfUlcOM13Je+9gHVT
+lDw9ymNbnxW10x0TLxnRPNt2Osy4fcnlwtfaQG/YIdxzG0ItU5z+Gvx9q3o2P5je
+hHwFZ85qFDiHqfGMtWjLaH9xICv1oGP1Vi+jJtK3b7FaF9c4mQj+k1hv/sMTSQgW
+C6dNZwBSMWcjTpjtUUUduQTZC+zYKLNLve02eQIDAQABAoIBAD1uTmAahH+dhXzh
+Swd84NaZKt6d+TY0DncOPgjqT+UGJtT2OPffDQ8cLgai9CponGNy4zXmBJGRtcGx
+pFSs18b7QaDWdW+9C06/sVLoX0kmmFZHx97p6jxgAb8o3DG/SV+TSYd6gVuWS03K
+XDhPt+Gy08ch2jwShwfkG9xD7OjsVGHn9u2mCy7134J/xh9hGZykgznfIYWJb3ev
+hhUyCKJaCyZh+3AMypw4fbwi7uujqBYA+YqAHgCEqEpB+IQDZy8jWy+baybDBzSU
+owM7ctWfcuCtzDSrvcfV9SYwhQ8wIzlS/zzLmSFNiKWr7mK5x+C7R4fBac9z8zC+
+zjkEnOUCgYEA4XZFgFm200nfCu8S1g/wt8sqN7+n+LVN9TE1reSjlKHb8ZattQVk
+hYP8G1spqr74Jj92fq0c8MvXJrQbBY5Whn4IYiHBhtZHeT63XaTGOtexdCD2UJdB
+BFPtPybWb5H6aCbsKtya8efc+3PweUMbIaNZBGNSB8nX5tEbXV6W+lMCgYEA2O1O
+ZGFrkQxhAbUPu0RnUx7cB8Qkfp5shCORDOQSBBZNeJjMlj0gTg9Fmrb4s5MNsqIb
+KfImecjF0nh+XnPy13Bhu0DOYQX+aR6CKeYUuKHnltAjPwWTAPLhTX7tt5Zs9/Dk
+0c8BmE/cdFSqbV5aQTH+/5q2oAXdqRBU+GvQqoMCgYAh0wSKROtQt3xmv4cr5ihO
+6oPi6TXh8hFH/6H1/J8t5TqB/AEDb1OtVCe2Uu7lVtETq+GzD3WQCoS0ocCMDNae
+RrorPrUx7WO7pNUNj3LN0R4mNeu+G3L9mzm0h7cT9eqDRZOYuo/kSsy0TKh/CLpB
+SahJKD1ePcHONwDL+SzdUQKBgQChV58+udavg22DP4/70NyozgMJI7GhG2PKxElW
+NSvRLmVglQVVmRE1/dXfRMeliHJfsoJRqHFFkzbPXB9hUQwFgOivxXu6XiLjPHXD
+hAVVbdY6LYSJkzPLONqqMQXNzmwt3VXTVwvwpTVqsK4xukOWygDHS+MZEkPTQvpv
+6oDA0QKBgQC524kgNCdwYjTqXyViEvOdgb9I7poOwY0Q/2WanS0aipRayMClpYRh
+ntQkue+pncl3C8dwZj26yFTf0jPh9X/5J2G+V0Xdt0UXJPUj5DgOkSfu4yDYFMiU
+R3dAd0UYng3OeT9XMVYJSWe+lFhP9sSr4onj44rABVUsJMBKlwQnmg==
 -----END RSA PRIVATE KEY-----
--- a/certs/client-cert.der
+++ b/certs/client-cert.der
--- a/certs/client-cert.pem
+++ b/certs/client-cert.pem
@ -2,54 +2,86 @@ Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
-            c5:d7:6c:11:36:f0:35:e1
-        Signature Algorithm: md5WithRSAEncryption
-        Issuer: C=US, ST=Oregon, L=Portland, O=yaSSL, OU=programming, CN=www.yassl.com/emailAddress=info@yassl.com
+            87:4a:75:be:91:66:d8:3d
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, ST=Oregon, L=Portland, O=yaSSL, OU=Programming, CN=www.yassl.com/emailAddress=info@yassl.com
        Validity
-            Not Before: Jun 30 18:39:39 2010 GMT
-            Not After : Mar 26 18:39:40 2013 GMT
-        Subject: C=US, ST=Oregon, L=Portland, O=yaSSL, OU=programming, CN=www.yassl.com/emailAddress=info@yassl.com
+            Not Before: Oct 24 18:21:55 2011 GMT
+            Not After : Jul 20 18:21:55 2014 GMT
+        Subject: C=US, ST=Oregon, L=Portland, O=yaSSL, OU=Programming, CN=www.yassl.com/emailAddress=info@yassl.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (512 bit)
-                Modulus (512 bit):
-                    00:bd:51:4a:14:fd:6a:19:84:0c:33:38:fc:27:32:
-                    9c:97:0b:fc:a4:18:60:69:4e:d9:d8:78:50:0b:e9:
-                    20:5d:d6:1d:70:1c:0c:24:9f:23:82:cc:3a:01:d5:
-                    97:17:b2:73:6c:86:cf:b5:f1:e5:ce:68:0c:d9:a2:
-                    12:39:7c:f2:53
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:c3:03:d1:2b:fe:39:a4:32:45:3b:53:c8:84:2b:
+                    2a:7c:74:9a:bd:aa:2a:52:07:47:d6:a6:36:b2:07:
+                    32:8e:d0:ba:69:7b:c6:c3:44:9e:d4:81:48:fd:2d:
+                    68:a2:8b:67:bb:a1:75:c8:36:2c:4a:d2:1b:f7:8b:
+                    ba:cf:0d:f9:ef:ec:f1:81:1e:7b:9b:03:47:9a:bf:
+                    65:cc:7f:65:24:69:a6:e8:14:89:5b:e4:34:f7:c5:
+                    b0:14:93:f5:67:7b:3a:7a:78:e1:01:56:56:91:a6:
+                    13:42:8d:d2:3c:40:9c:4c:ef:d1:86:df:37:51:1b:
+                    0c:a1:3b:f5:f1:a3:4a:35:e4:e1:ce:96:df:1b:7e:
+                    bf:4e:97:d0:10:e8:a8:08:30:81:af:20:0b:43:14:
+                    c5:74:67:b4:32:82:6f:8d:86:c2:88:40:99:36:83:
+                    ba:1e:40:72:22:17:d7:52:65:24:73:b0:ce:ef:19:
+                    cd:ae:ff:78:6c:7b:c0:12:03:d4:4e:72:0d:50:6d:
+                    3b:a3:3b:a3:99:5e:9d:c8:d9:0c:85:b3:d9:8a:d9:
+                    54:26:db:6d:fa:ac:bb:ff:25:4c:c4:d1:79:f4:71:
+                    d3:86:40:18:13:b0:63:b5:72:4e:30:c4:97:84:86:
+                    2d:56:2f:d7:15:f7:7f:c0:ae:f5:fc:5b:e5:fb:a1:
+                    ba:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
-                5C:F7:29:21:69:7A:09:78:9E:7B:CD:53:42:02:EC:CE:29:0D:11:DF
+                33:D8:45:66:D7:68:87:18:7E:54:0D:70:27:91:C7:26:D7:85:65:C0
            X509v3 Authority Key Identifier: 
-                keyid:5C:F7:29:21:69:7A:09:78:9E:7B:CD:53:42:02:EC:CE:29:0D:11:DF
-                DirName:/C=US/ST=Oregon/L=Portland/O=yaSSL/OU=programming/CN=www.yassl.com/emailAddress=info@yassl.com
-                serial:C5:D7:6C:11:36:F0:35:E1
+                keyid:33:D8:45:66:D7:68:87:18:7E:54:0D:70:27:91:C7:26:D7:85:65:C0
+                DirName:/C=US/ST=Oregon/L=Portland/O=yaSSL/OU=Programming/CN=www.yassl.com/emailAddress=info@yassl.com
+                serial:87:4A:75:BE:91:66:D8:3D

            X509v3 Basic Constraints: 
                CA:TRUE
-    Signature Algorithm: md5WithRSAEncryption
-        b4:a5:f1:71:26:4d:b9:ff:54:f3:09:1f:ac:e1:19:59:e5:ec:
-        57:e3:f1:0b:b2:8f:f3:29:eb:6b:c6:fa:27:33:3e:91:d0:77:
-        43:c9:ce:1e:0f:71:07:a9:f7:26:e0:7e:ff:30:7d:52:0a:e1:
-        80:48:46:bb:99:e9:d9:77:ce:75
+    Signature Algorithm: sha1WithRSAEncryption
+        1c:7c:42:81:29:9e:21:cf:d0:d8:c1:54:6f:cc:ae:14:09:38:
+        ff:68:98:9a:95:53:76:18:7b:e6:30:76:ec:28:0d:75:a7:de:
+        e0:cd:8e:d5:55:23:6a:47:2b:4e:8d:fc:7d:06:a3:d8:0f:ad:
+        5e:d6:04:c9:00:33:fb:77:27:d3:b5:03:b3:7b:21:74:31:0b:
+        4a:af:2d:1a:b3:93:8e:cc:f3:5f:3d:90:3f:cc:e3:55:19:91:
+        7b:78:24:2e:4a:09:bb:18:4e:61:2d:9c:c6:0a:a0:34:91:88:
+        70:6b:3b:48:47:bc:79:94:a2:a0:4d:32:47:54:c2:a3:dc:2e:
+        d2:51:4c:29:39:11:ff:e2:15:5e:58:97:36:f6:e9:06:06:86:
+        0e:8d:9d:95:03:72:b2:8b:19:7c:e9:14:6e:a1:88:73:68:58:
+        6d:71:5e:c2:d5:d3:13:d2:5f:de:ea:03:be:e2:00:40:e5:ce:
+        fd:e6:92:31:57:c3:eb:bb:66:ac:cb:2f:1a:fa:e0:62:a2:47:
+        f4:93:43:2a:4b:6c:5e:0a:2f:f9:e7:e6:4a:63:86:b0:ac:2a:
+        a1:eb:b4:5b:67:cd:32:e4:b6:11:4b:9a:72:66:0d:a2:4a:76:
+        8f:fe:22:bc:83:fd:db:b7:d5:a9:ee:05:c9:b1:71:7e:1b:2b:
+        e1:e3:af:c0
 -----BEGIN CERTIFICATE-----
-MIIDDjCCArigAwIBAgIJAMXXbBE28DXhMA0GCSqGSIb3DQEBBAUAMIGOMQswCQYD
+MIIEmDCCA4CgAwIBAgIJAIdKdb6RZtg9MA0GCSqGSIb3DQEBBQUAMIGOMQswCQYD
 VQQGEwJVUzEPMA0GA1UECBMGT3JlZ29uMREwDwYDVQQHEwhQb3J0bGFuZDEOMAwG
-A1UEChMFeWFTU0wxFDASBgNVBAsTC3Byb2dyYW1taW5nMRYwFAYDVQQDEw13d3cu
-eWFzc2wuY29tMR0wGwYJKoZIhvcNAQkBFg5pbmZvQHlhc3NsLmNvbTAeFw0xMDA2
-MzAxODM5MzlaFw0xMzAzMjYxODM5NDBaMIGOMQswCQYDVQQGEwJVUzEPMA0GA1UE
+A1UEChMFeWFTU0wxFDASBgNVBAsTC1Byb2dyYW1taW5nMRYwFAYDVQQDEw13d3cu
+eWFzc2wuY29tMR0wGwYJKoZIhvcNAQkBFg5pbmZvQHlhc3NsLmNvbTAeFw0xMTEw
+MjQxODIxNTVaFw0xNDA3MjAxODIxNTVaMIGOMQswCQYDVQQGEwJVUzEPMA0GA1UE
 CBMGT3JlZ29uMREwDwYDVQQHEwhQb3J0bGFuZDEOMAwGA1UEChMFeWFTU0wxFDAS
-BgNVBAsTC3Byb2dyYW1taW5nMRYwFAYDVQQDEw13d3cueWFzc2wuY29tMR0wGwYJ
-KoZIhvcNAQkBFg5pbmZvQHlhc3NsLmNvbTBcMA0GCSqGSIb3DQEBAQUAA0sAMEgC
-QQC9UUoU/WoZhAwzOPwnMpyXC/ykGGBpTtnYeFAL6SBd1h1wHAwknyOCzDoB1ZcX
-snNshs+18eXOaAzZohI5fPJTAgMBAAGjgfYwgfMwHQYDVR0OBBYEFFz3KSFpegl4
-nnvNU0IC7M4pDRHfMIHDBgNVHSMEgbswgbiAFFz3KSFpegl4nnvNU0IC7M4pDRHf
-oYGUpIGRMIGOMQswCQYDVQQGEwJVUzEPMA0GA1UECBMGT3JlZ29uMREwDwYDVQQH
-EwhQb3J0bGFuZDEOMAwGA1UEChMFeWFTU0wxFDASBgNVBAsTC3Byb2dyYW1taW5n
-MRYwFAYDVQQDEw13d3cueWFzc2wuY29tMR0wGwYJKoZIhvcNAQkBFg5pbmZvQHlh
-c3NsLmNvbYIJAMXXbBE28DXhMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQAD
-QQC0pfFxJk25/1TzCR+s4RlZ5exX4/ELso/zKetrxvonMz6R0HdDyc4eD3EHqfcm
-4H7/MH1SCuGASEa7menZd851
+BgNVBAsTC1Byb2dyYW1taW5nMRYwFAYDVQQDEw13d3cueWFzc2wuY29tMR0wGwYJ
+KoZIhvcNAQkBFg5pbmZvQHlhc3NsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBAMMD0Sv+OaQyRTtTyIQrKnx0mr2qKlIHR9amNrIHMo7Quml7xsNE
+ntSBSP0taKKLZ7uhdcg2LErSG/eLus8N+e/s8YEee5sDR5q/Zcx/ZSRppugUiVvk
+NPfFsBST9Wd7Onp44QFWVpGmE0KN0jxAnEzv0YbfN1EbDKE79fGjSjXk4c6W3xt+
+v06X0BDoqAgwga8gC0MUxXRntDKCb42GwohAmTaDuh5AciIX11JlJHOwzu8Zza7/
+eGx7wBID1E5yDVBtO6M7o5lencjZDIWz2YrZVCbbbfqsu/8lTMTRefRx04ZAGBOw
+Y7VyTjDEl4SGLVYv1xX3f8Cu9fxb5fuhutMCAwEAAaOB9jCB8zAdBgNVHQ4EFgQU
+M9hFZtdohxh+VA1wJ5HHJteFZcAwgcMGA1UdIwSBuzCBuIAUM9hFZtdohxh+VA1w
+J5HHJteFZcChgZSkgZEwgY4xCzAJBgNVBAYTAlVTMQ8wDQYDVQQIEwZPcmVnb24x
+ETAPBgNVBAcTCFBvcnRsYW5kMQ4wDAYDVQQKEwV5YVNTTDEUMBIGA1UECxMLUHJv
+Z3JhbW1pbmcxFjAUBgNVBAMTDXd3dy55YXNzbC5jb20xHTAbBgkqhkiG9w0BCQEW
+DmluZm9AeWFzc2wuY29tggkAh0p1vpFm2D0wDAYDVR0TBAUwAwEB/zANBgkqhkiG
+9w0BAQUFAAOCAQEAHHxCgSmeIc/Q2MFUb8yuFAk4/2iYmpVTdhh75jB27CgNdafe
+4M2O1VUjakcrTo38fQaj2A+tXtYEyQAz+3cn07UDs3shdDELSq8tGrOTjszzXz2Q
+P8zjVRmRe3gkLkoJuxhOYS2cxgqgNJGIcGs7SEe8eZSioE0yR1TCo9wu0lFMKTkR
+/+IVXliXNvbpBgaGDo2dlQNysosZfOkUbqGIc2hYbXFewtXTE9Jf3uoDvuIAQOXO
+/eaSMVfD67tmrMsvGvrgYqJH9JNDKktsXgov+efmSmOGsKwqoeu0W2fNMuS2EUua
+cmYNokp2j/4ivIP927fVqe4FybFxfhsr4eOvwA==
 -----END CERTIFICATE-----
--- a/certs/client-ecc-cert.pem
+++ b/certs/client-ecc-cert.pem
@ -0,0 +1,54 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            bf:cc:cb:7a:0a:07:42:82
+        Signature Algorithm: ecdsa-with-SHA1
+        Issuer: C=US, ST=Oregon, L=Salem, O=Client ECC, OU=Fast, CN=www.yassl.com/emailAddress=info@yassl.com
+        Validity
+            Not Before: May  1 23:51:33 2012 GMT
+            Not After : Jan 26 23:51:33 2015 GMT
+        Subject: C=US, ST=Oregon, L=Salem, O=Client ECC, OU=Fast, CN=www.yassl.com/emailAddress=info@yassl.com
+        Subject Public Key Info:
+            Public Key Algorithm: id-ecPublicKey
+            EC Public Key:
+                pub: 
+                    04:55:bf:f4:0f:44:50:9a:3d:ce:9b:b7:f0:c5:4d:
+                    f5:70:7b:d4:ec:24:8e:19:80:ec:5a:4c:a2:24:03:
+                    62:2c:9b:da:ef:a2:35:12:43:84:76:16:c6:56:95:
+                    06:cc:01:a9:bd:f6:75:1a:42:f7:bd:a9:b2:36:22:
+                    5f:c7:5d:7f:b4
+                ASN1 OID: prime256v1
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                EB:D4:4B:59:6B:95:61:3F:51:57:B6:04:4D:89:41:88:44:5C:AB:F2
+            X509v3 Authority Key Identifier: 
+                keyid:EB:D4:4B:59:6B:95:61:3F:51:57:B6:04:4D:89:41:88:44:5C:AB:F2
+                DirName:/C=US/ST=Oregon/L=Salem/O=Client ECC/OU=Fast/CN=www.yassl.com/emailAddress=info@yassl.com
+                serial:BF:CC:CB:7A:0A:07:42:82
+
+            X509v3 Basic Constraints: 
+                CA:TRUE
+    Signature Algorithm: ecdsa-with-SHA1
+        30:44:02:20:26:08:44:95:35:2e:fa:9d:20:01:a6:79:60:ed:
+        35:a7:0a:dd:7a:0e:75:c5:80:d2:0b:9f:6a:90:d6:31:76:75:
+        02:20:2d:87:a2:bb:d5:e2:42:61:35:19:59:40:1d:fd:71:4f:
+        28:65:96:99:e6:85:1b:09:ad:d4:58:71:56:63:0b:c7
+-----BEGIN CERTIFICATE-----
+MIIC+jCCAqKgAwIBAgIJAL/My3oKB0KCMAkGByqGSM49BAEwgYkxCzAJBgNVBAYT
+AlVTMQ8wDQYDVQQIEwZPcmVnb24xDjAMBgNVBAcTBVNhbGVtMRMwEQYDVQQKEwpD
+bGllbnQgRUNDMQ0wCwYDVQQLEwRGYXN0MRYwFAYDVQQDEw13d3cueWFzc2wuY29t
+MR0wGwYJKoZIhvcNAQkBFg5pbmZvQHlhc3NsLmNvbTAeFw0xMjA1MDEyMzUxMzNa
+Fw0xNTAxMjYyMzUxMzNaMIGJMQswCQYDVQQGEwJVUzEPMA0GA1UECBMGT3JlZ29u
+MQ4wDAYDVQQHEwVTYWxlbTETMBEGA1UEChMKQ2xpZW50IEVDQzENMAsGA1UECxME
+RmFzdDEWMBQGA1UEAxMNd3d3Lnlhc3NsLmNvbTEdMBsGCSqGSIb3DQEJARYOaW5m
+b0B5YXNzbC5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARVv/QPRFCaPc6b
+t/DFTfVwe9TsJI4ZgOxaTKIkA2Ism9rvojUSQ4R2FsZWlQbMAam99nUaQve9qbI2
+Il/HXX+0o4HxMIHuMB0GA1UdDgQWBBTr1EtZa5VhP1FXtgRNiUGIRFyr8jCBvgYD
+VR0jBIG2MIGzgBTr1EtZa5VhP1FXtgRNiUGIRFyr8qGBj6SBjDCBiTELMAkGA1UE
+BhMCVVMxDzANBgNVBAgTBk9yZWdvbjEOMAwGA1UEBxMFU2FsZW0xEzARBgNVBAoT
+CkNsaWVudCBFQ0MxDTALBgNVBAsTBEZhc3QxFjAUBgNVBAMTDXd3dy55YXNzbC5j
+b20xHTAbBgkqhkiG9w0BCQEWDmluZm9AeWFzc2wuY29tggkAv8zLegoHQoIwDAYD
+VR0TBAUwAwEB/zAJBgcqhkjOPQQBA0cAMEQCICYIRJU1LvqdIAGmeWDtNacK3XoO
+dcWA0gufapDWMXZ1AiAth6K71eJCYTUZWUAd/XFPKGWWmeaFGwmt1FhxVmMLxw==
+-----END CERTIFICATE-----
--- a/certs/client-key.der
+++ b/certs/client-key.der
--- a/certs/client-key.pem
+++ b/certs/client-key.pem
@ -1,9 +1,27 @@
 -----BEGIN RSA PRIVATE KEY-----
-MIIBPAIBAAJBAL1RShT9ahmEDDM4/CcynJcL/KQYYGlO2dh4UAvpIF3WHXAcDCSf
-I4LMOgHVlxeyc2yGz7Xx5c5oDNmiEjl88lMCAwEAAQJAVGHWLlLhpqvXsEEXCvWh
-HCYono+K8YVGzhiaPSTU212fCoQryIxsXQKGBjhFdZm96DZWp+Vd/t/u+B4ZeaqY
-+QIhAOBEfbFtdZqk5OmbbRsRVPI7+YYmubgY1TVIPqmxHQ4NAiEA2BrTQkjOb3ul
-A/SZO04fJUZsm7Ng92FWHDJsRancSd8CIQCmGbQqZBK1TamJZ6dAY+7RViAx/p6Q
-vjuzMeXPUrFdRQIhAMkfBhg9bCqjFyt8PBPOm/vz8+ZgZlE0/JAXeV7IPCVfAiEA
-gZwCFm1ghGxmaoB424YC4DHeDeN/g9xwJHT7EuM9Mvc=
+MIIEpAIBAAKCAQEAwwPRK/45pDJFO1PIhCsqfHSavaoqUgdH1qY2sgcyjtC6aXvG
+w0Se1IFI/S1oootnu6F1yDYsStIb94u6zw357+zxgR57mwNHmr9lzH9lJGmm6BSJ
+W+Q098WwFJP1Z3s6enjhAVZWkaYTQo3SPECcTO/Rht83URsMoTv18aNKNeThzpbf
+G36/TpfQEOioCDCBryALQxTFdGe0MoJvjYbCiECZNoO6HkByIhfXUmUkc7DO7xnN
+rv94bHvAEgPUTnINUG07ozujmV6dyNkMhbPZitlUJttt+qy7/yVMxNF59HHThkAY
+E7BjtXJOMMSXhIYtVi/XFfd/wK71/Fvl+6G60wIDAQABAoIBAQCi5thfEHFkCJ4u
+bdFtHoXSCrGMR84sUWqgEp5T3pFMHW3qWXvyd6rZxtmKq9jhFuRjJv+1bBNZuOOl
+yHIXLgyfb+VZP3ZvSbERwlouFikN3reO3EDVou7gHqH0vpfbhmOWFM2YCWAtMHac
+PM3miO5HknkLWgDiXl8RfH35CLcgBokqXf0AqyLh8LO8JKleJg4fAC3+IZpTW23T
+K6uUgmhDNtj2L8Yi/LVBXQ0zYOqkfX7oS1WRVtNcV48flBcvqt7pnqj0z4pMjqDk
+VnOyz0+GxWk88yQgi1yWDPprEjuaZ8HfxpaypdWSDZsJQmgkEEXUUOQXOUjQNYuU
+bRHej8pZAoGBAOokp/lpM+lx3FJ9iCEoL0neunIW6cxHeogNlFeEWBY6gbA/os+m
+bB6wBikAj+d3dqzbysfZXps/JpBSrvw4kAAUu7QPWJTnL2p+HE9BIdQxWR9OihqN
+p1dsItjl9H4yphDLZKVVA4emJwWMw9e2J7JNujDaR49U0z2LhI2UmFilAoGBANU4
+G8OPxZMMRwtvNZLFsI1GyJIYj/WACvfvof6AubUqusoYsF2lB9CTjdicBBzUYo6m
+JoEB/86KKmM0NUCqbYDeiSNqV02ebq2TTlaQC22dc4sMric93k7wqsVseGdslFKc
+N2dsLe+7r9+mkDzER8+Nlp6YqbSfxaZQ3LPw+3QXAoGAXoMJYr26fKK/QnT1fBzS
+ackEDYV+Pj0kEsMYe/Mp818OdmxZdeRBhGmdMvPNIquwNbpKsjzl2Vi2Yk9d3uWe
+CspTsiz3nrNrClt5ZexukU6SIPb8/Bbt03YM4ux/smkTa3gOWkZktF63JaBadTpL
+78c8Pvf9JrggxJkKmnO+wxkCgYEAukSTFKw0GTtfkWCs97TWgQU2UVM96GXcry7c
+YT7Jfbh/h/A7mwOCKTfOck4R1bHBDAegmZFKjX/sec/xObXphexi99p9vGRNIjwO
+8tZR9YfYmcARIF0PKf1b4q7ZHNkhVm38hNBf7RAVHBgh58Q9S9fQnmqVzyLJA3ue
+42AB/C8CgYAR0EvPG2e5nxB1R4ZlrjHCxjCsWQZQ2Q+1cAb38NPIYnyo2m72IT/T
+f1/qiqs/2Spe81HSwjA34y2jdQ0eTSE01VdwXIm/cuxKbmjVzRh0M06MOkWP5pZA
+62P5GYY6Ud2JS7Dz+Z9dKJU4vjWrylznk1M0oUVdEzllQkahn831vw==
 -----END RSA PRIVATE KEY-----
--- a/certs/crl/cliCrl.pem
+++ b/certs/crl/cliCrl.pem
@ -0,0 +1,39 @@
+Certificate Revocation List (CRL):
+        Version 2 (0x1)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: /C=US/ST=Oregon/L=Portland/O=yaSSL/OU=Programming/CN=www.yassl.com/emailAddress=info@yassl.com
+        Last Update: Aug 10 18:01:01 2012 GMT
+        Next Update: Dec  8 18:01:01 2012 GMT
+        CRL extensions:
+            X509v3 CRL Number: 
+                62
+No Revoked Certificates.
+    Signature Algorithm: sha1WithRSAEncryption
+        1e:69:b2:c4:72:a7:b2:c9:e1:b9:ac:06:40:2c:c5:66:9a:07:
+        6c:91:2e:17:09:c7:86:b4:62:2d:0f:1f:a3:a3:1c:93:ce:45:
+        53:d5:57:94:a6:77:af:51:da:86:e4:1e:6f:57:c8:cc:5f:07:
+        8d:a5:db:bd:b3:f7:cf:e2:11:3c:e2:51:79:7e:b3:a9:47:f7:
+        c1:17:12:5b:7c:e5:c3:71:17:d2:ce:59:d4:0d:dc:45:ff:bc:
+        fe:a7:76:7b:92:88:52:0c:a5:e0:79:75:86:50:27:15:2a:01:
+        66:a6:ba:96:d4:9a:14:1d:92:7d:63:72:5f:25:9b:05:72:cb:
+        ed:6d:7c:92:1f:4f:3e:64:cb:5d:80:9e:ad:c8:47:83:88:5b:
+        3d:07:3f:d3:6a:2c:dd:c9:f7:09:bb:05:2f:9a:f4:73:15:f4:
+        61:b1:47:87:9c:bf:c9:61:42:19:14:b8:67:9c:c5:c1:86:f1:
+        e8:63:71:40:6c:2f:b1:c1:0c:1f:f4:c4:80:e2:d0:cb:88:6b:
+        51:1e:e9:b0:06:19:7c:6d:85:cf:05:7f:fe:3d:35:79:9e:f0:
+        5b:f4:06:63:d4:eb:d2:e2:70:29:a9:02:b4:c1:b4:bd:53:f4:
+        8f:b3:df:37:91:44:d5:e8:c4:10:86:76:0e:49:2b:ba:9a:a4:
+        dd:33:0e:7e
+-----BEGIN X509 CRL-----
+MIIB6DCB0QIBATANBgkqhkiG9w0BAQUFADCBjjELMAkGA1UEBhMCVVMxDzANBgNV
+BAgTBk9yZWdvbjERMA8GA1UEBxMIUG9ydGxhbmQxDjAMBgNVBAoTBXlhU1NMMRQw
+EgYDVQQLEwtQcm9ncmFtbWluZzEWMBQGA1UEAxMNd3d3Lnlhc3NsLmNvbTEdMBsG
+CSqGSIb3DQEJARYOaW5mb0B5YXNzbC5jb20XDTEyMDgxMDE4MDEwMVoXDTEyMTIw
+ODE4MDEwMVqgDjAMMAoGA1UdFAQDAgE+MA0GCSqGSIb3DQEBBQUAA4IBAQAeabLE
+cqeyyeG5rAZALMVmmgdskS4XCceGtGItDx+joxyTzkVT1VeUpnevUdqG5B5vV8jM
+XweNpdu9s/fP4hE84lF5frOpR/fBFxJbfOXDcRfSzlnUDdxF/7z+p3Z7kohSDKXg
+eXWGUCcVKgFmprqW1JoUHZJ9Y3JfJZsFcsvtbXySH08+ZMtdgJ6tyEeDiFs9Bz/T
+aizdyfcJuwUvmvRzFfRhsUeHnL/JYUIZFLhnnMXBhvHoY3FAbC+xwQwf9MSA4tDL
+iGtRHumwBhl8bYXPBX/+PTV5nvBb9AZj1OvS4nApqQK0wbS9U/SPs983kUTV6MQQ
+hnYOSSu6mqTdMw5+
+-----END X509 CRL-----
--- a/certs/crl/crl.pem
+++ b/certs/crl/crl.pem
@ -0,0 +1,39 @@
+Certificate Revocation List (CRL):
+        Version 2 (0x1)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: /C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.yassl.com/emailAddress=info@yassl.com
+        Last Update: Aug 10 18:01:01 2012 GMT
+        Next Update: Dec  8 18:01:01 2012 GMT
+        CRL extensions:
+            X509v3 CRL Number: 
+                60
+No Revoked Certificates.
+    Signature Algorithm: sha1WithRSAEncryption
+        26:1c:06:6a:42:ff:8b:18:71:4e:ef:7c:02:74:43:6f:7b:83:
+        99:2f:e1:4e:74:0f:f9:99:62:a1:90:88:11:1b:d8:59:3b:1e:
+        34:dd:f4:92:81:6f:49:2c:9a:5f:ba:21:6f:11:95:19:6e:da:
+        38:a4:4e:a0:7e:4a:fb:7c:c6:9f:c8:26:2d:9b:cd:e8:30:14:
+        10:38:56:63:89:bf:a7:eb:11:0f:7c:81:60:d7:c3:ab:07:ef:
+        6c:af:81:4d:b9:cd:6e:91:c6:42:13:01:d8:1a:62:cb:52:fd:
+        44:0b:fa:9f:34:de:75:ba:5a:3d:df:d4:b1:7e:a0:b9:3f:f5:
+        ed:a3:e6:ef:ef:20:95:45:3c:75:8c:a8:5c:ae:8c:e9:3c:f1:
+        e6:34:fd:65:bb:9a:f9:5f:8c:96:7c:32:12:50:43:2b:30:94:
+        4e:8a:f0:c3:5e:c9:e2:49:08:83:64:7a:3b:f3:d5:30:f3:78:
+        4b:20:3c:51:d0:da:37:14:f4:c8:f2:ab:41:d2:c3:b9:7a:7f:
+        42:17:42:79:a4:10:67:4e:84:d4:e9:a9:e8:dd:46:5d:b2:f4:
+        e8:3d:1c:24:3c:81:e7:56:bb:43:11:e2:d9:a2:9d:ce:b5:78:
+        ad:19:14:7c:d7:37:e8:bf:f7:30:fc:4d:05:a9:33:6b:12:9f:
+        24:19:39:35
+-----BEGIN X509 CRL-----
+MIIB6jCB0wIBATANBgkqhkiG9w0BAQUFADCBkDELMAkGA1UEBhMCVVMxEDAOBgNV
+BAgTB01vbnRhbmExEDAOBgNVBAcTB0JvemVtYW4xETAPBgNVBAoTCFNhd3Rvb3Ro
+MRMwEQYDVQQLEwpDb25zdWx0aW5nMRYwFAYDVQQDEw13d3cueWFzc2wuY29tMR0w
+GwYJKoZIhvcNAQkBFg5pbmZvQHlhc3NsLmNvbRcNMTIwODEwMTgwMTAxWhcNMTIx
+MjA4MTgwMTAxWqAOMAwwCgYDVR0UBAMCATwwDQYJKoZIhvcNAQEFBQADggEBACYc
+BmpC/4sYcU7vfAJ0Q297g5kv4U50D/mZYqGQiBEb2Fk7HjTd9JKBb0ksml+6IW8R
+lRlu2jikTqB+Svt8xp/IJi2bzegwFBA4VmOJv6frEQ98gWDXw6sH72yvgU25zW6R
+xkITAdgaYstS/UQL+p803nW6Wj3f1LF+oLk/9e2j5u/vIJVFPHWMqFyujOk88eY0
+/WW7mvlfjJZ8MhJQQyswlE6K8MNeyeJJCINkejvz1TDzeEsgPFHQ2jcU9Mjyq0HS
+w7l6f0IXQnmkEGdOhNTpqejdRl2y9Og9HCQ8gedWu0MR4tminc61eK0ZFHzXN+i/
+9zD8TQWpM2sSnyQZOTU=
+-----END X509 CRL-----
--- a/certs/crl/crl.revoked
+++ b/certs/crl/crl.revoked
@ -0,0 +1,41 @@
+Certificate Revocation List (CRL):
+        Version 2 (0x1)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: /C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.yassl.com/emailAddress=info@yassl.com
+        Last Update: Aug 10 18:01:01 2012 GMT
+        Next Update: Dec  8 18:01:01 2012 GMT
+        CRL extensions:
+            X509v3 CRL Number: 
+                61
+Revoked Certificates:
+    Serial Number: 02
+        Revocation Date: Aug 10 18:01:01 2012 GMT
+    Signature Algorithm: sha1WithRSAEncryption
+        5c:eb:53:33:02:74:bb:c1:37:37:81:1a:36:9c:eb:d0:28:87:
+        12:56:1a:d8:ec:ae:8e:ef:42:d0:61:07:f0:f0:b5:e8:2a:16:
+        5e:78:ab:e9:ad:62:f3:6c:c5:fe:7a:b5:c7:0e:8a:e3:0a:2d:
+        63:b5:ec:c4:c1:1f:1e:c3:77:b7:24:10:4b:09:b1:d8:ea:40:
+        4f:74:6a:9a:d7:57:bd:b9:d3:e2:42:81:81:b2:5c:42:d8:d3:
+        21:3f:f2:05:e2:11:8f:ce:60:cc:3b:76:55:e6:5f:6d:71:13:
+        b1:7e:2c:50:d2:29:fe:f2:ad:96:f9:ee:8f:5c:c3:0a:73:e7:
+        78:c5:8f:6e:0d:35:66:64:4a:76:05:93:9f:eb:05:b2:c3:a1:
+        f5:d5:4c:4b:6e:79:f2:8d:51:90:7c:9d:a9:f5:94:7f:93:fe:
+        39:da:c1:fb:8c:94:66:1d:d4:40:a9:48:ee:3b:91:14:83:4e:
+        b4:ea:93:07:f6:be:48:4a:ec:4c:26:61:2d:a2:66:01:c5:d8:
+        d3:18:f6:d0:1b:d2:94:13:c9:94:84:54:e4:44:10:01:66:25:
+        47:ee:b2:19:4a:65:e3:79:42:9e:12:af:a7:4a:a4:66:35:e3:
+        1a:db:2c:80:ff:a4:9c:2e:6e:32:8e:50:5d:ec:7e:de:1a:01:
+        a9:08:fc:a2
+-----BEGIN X509 CRL-----
+MIICADCB6QIBATANBgkqhkiG9w0BAQUFADCBkDELMAkGA1UEBhMCVVMxEDAOBgNV
+BAgTB01vbnRhbmExEDAOBgNVBAcTB0JvemVtYW4xETAPBgNVBAoTCFNhd3Rvb3Ro
+MRMwEQYDVQQLEwpDb25zdWx0aW5nMRYwFAYDVQQDEw13d3cueWFzc2wuY29tMR0w
+GwYJKoZIhvcNAQkBFg5pbmZvQHlhc3NsLmNvbRcNMTIwODEwMTgwMTAxWhcNMTIx
+MjA4MTgwMTAxWjAUMBICAQIXDTEyMDgxMDE4MDEwMVqgDjAMMAoGA1UdFAQDAgE9
+MA0GCSqGSIb3DQEBBQUAA4IBAQBc61MzAnS7wTc3gRo2nOvQKIcSVhrY7K6O70LQ
+YQfw8LXoKhZeeKvprWLzbMX+erXHDorjCi1jtezEwR8ew3e3JBBLCbHY6kBPdGqa
+11e9udPiQoGBslxC2NMhP/IF4hGPzmDMO3ZV5l9tcROxfixQ0in+8q2W+e6PXMMK
+c+d4xY9uDTVmZEp2BZOf6wWyw6H11UxLbnnyjVGQfJ2p9ZR/k/452sH7jJRmHdRA
+qUjuO5EUg0606pMH9r5ISuxMJmEtomYBxdjTGPbQG9KUE8mUhFTkRBABZiVH7rIZ
+SmXjeUKeEq+nSqRmNeMa2yyA/6ScLm4yjlBd7H7eGgGpCPyi
+-----END X509 CRL-----
--- a/certs/crl/eccCliCRL.pem
+++ b/certs/crl/eccCliCRL.pem
@ -0,0 +1,24 @@
+Certificate Revocation List (CRL):
+        Version 2 (0x1)
+        Signature Algorithm: ecdsa-with-SHA1
+        Issuer: /C=US/ST=Oregon/L=Salem/O=Client ECC/OU=Fast/CN=www.yassl.com/emailAddress=info@yassl.com
+        Last Update: Aug 10 18:01:01 2012 GMT
+        Next Update: Dec  8 18:01:01 2012 GMT
+        CRL extensions:
+            X509v3 CRL Number: 
+                63
+No Revoked Certificates.
+    Signature Algorithm: ecdsa-with-SHA1
+        30:44:02:20:7f:8d:d7:28:61:96:4c:b7:a8:17:0a:7f:9d:cf:
+        fa:29:e1:1d:cb:30:61:1b:b3:6b:f0:61:68:15:25:76:62:32:
+        02:20:55:ca:fc:37:b4:4c:f9:78:99:b3:c9:d4:1a:e1:fa:f7:
+        8a:4a:94:ce:31:ed:b0:1f:dc:64:d7:2a:59:47:b9:2d
+-----BEGIN X509 CRL-----
+MIIBHzCByAIBATAJBgcqhkjOPQQBMIGJMQswCQYDVQQGEwJVUzEPMA0GA1UECBMG
+T3JlZ29uMQ4wDAYDVQQHEwVTYWxlbTETMBEGA1UEChMKQ2xpZW50IEVDQzENMAsG
+A1UECxMERmFzdDEWMBQGA1UEAxMNd3d3Lnlhc3NsLmNvbTEdMBsGCSqGSIb3DQEJ
+ARYOaW5mb0B5YXNzbC5jb20XDTEyMDgxMDE4MDEwMVoXDTEyMTIwODE4MDEwMVqg
+DjAMMAoGA1UdFAQDAgE/MAkGByqGSM49BAEDRwAwRAIgf43XKGGWTLeoFwp/nc/6
+KeEdyzBhG7Nr8GFoFSV2YjICIFXK/De0TPl4mbPJ1Brh+veKSpTOMe2wH9xk1ypZ
+R7kt
+-----END X509 CRL-----
--- a/certs/crl/eccSrvCRL.pem
+++ b/certs/crl/eccSrvCRL.pem
@ -0,0 +1,24 @@
+Certificate Revocation List (CRL):
+        Version 2 (0x1)
+        Signature Algorithm: ecdsa-with-SHA1
+        Issuer: /C=US/ST=Washington/L=Seattle/O=Eliptic/OU=ECC/CN=www.yassl.com/emailAddress=info@yassl.com
+        Last Update: Aug 10 18:01:01 2012 GMT
+        Next Update: Dec  8 18:01:01 2012 GMT
+        CRL extensions:
+            X509v3 CRL Number: 
+                64
+No Revoked Certificates.
+    Signature Algorithm: ecdsa-with-SHA1
+        30:44:02:20:59:42:06:a7:73:69:03:08:05:e8:4b:95:ca:cf:
+        f1:30:9e:84:4b:3c:52:c8:10:b9:c8:36:c8:07:64:65:fd:bf:
+        02:20:71:60:a7:35:d6:8c:52:c2:df:06:dc:40:52:c5:ef:4c:
+        8b:ec:96:4b:72:b0:c4:36:3e:c8:9d:62:5e:49:f2:5f
+-----BEGIN X509 CRL-----
+MIIBITCBygIBATAJBgcqhkjOPQQBMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMK
+V2FzaGluZ3RvbjEQMA4GA1UEBxMHU2VhdHRsZTEQMA4GA1UEChMHRWxpcHRpYzEM
+MAoGA1UECxMDRUNDMRYwFAYDVQQDEw13d3cueWFzc2wuY29tMR0wGwYJKoZIhvcN
+AQkBFg5pbmZvQHlhc3NsLmNvbRcNMTIwODEwMTgwMTAxWhcNMTIxMjA4MTgwMTAx
+WqAOMAwwCgYDVR0UBAMCAUAwCQYHKoZIzj0EAQNHADBEAiBZQganc2kDCAXoS5XK
+z/EwnoRLPFLIELnINsgHZGX9vwIgcWCnNdaMUsLfBtxAUsXvTIvslktysMQ2Psid
+Yl5J8l8=
+-----END X509 CRL-----
--- a/certs/crl/gencrls.sh
+++ b/certs/crl/gencrls.sh
@ -0,0 +1,57 @@
+#!/bin/bash
+
+# gencrls, crl config already done, see taoCerts.txt for setup
+
+
+
+# caCrl
+openssl ca -gencrl -crldays 120 -out crl.pem -keyfile ~/cyassl/certs/ca-key.pem -cert ~/cyassl/certs/ca-cert.pem
+
+# metadata
+openssl crl -in crl.pem -text > tmp
+mv tmp crl.pem
+# install
+cp crl.pem ~/cyassl/certs/crl/crl.pem
+
+# caCrl server revoked
+openssl ca -revoke ~/cyassl/certs/server-cert.pem -keyfile ~/cyassl/certs/ca-key.pem -cert ~/cyassl/certs/ca-cert.pem
+
+# caCrl server revoked generation
+openssl ca -gencrl -crldays 120 -out crl.revoked -keyfile ~/cyassl/certs/ca-key.pem -cert ~/cyassl/certs/ca-cert.pem
+
+# metadata
+openssl crl -in crl.revoked -text > tmp
+mv tmp crl.revoked
+# install
+cp crl.revoked ~/cyassl/certs/crl/crl.revoked
+
+# remove revoked so next time through the normal CA won't have server revoked
+cp blank.index.txt demoCA/index.txt
+
+# cliCrl
+openssl ca -gencrl -crldays 120 -out cliCrl.pem -keyfile ~/cyassl/certs/client-key.pem -cert ~/cyassl/certs/client-cert.pem
+
+# metadata
+openssl crl -in cliCrl.pem -text > tmp
+mv tmp cliCrl.pem
+# install
+cp cliCrl.pem ~/cyassl/certs/crl/cliCrl.pem
+
+# eccCliCRL
+openssl ca -gencrl -crldays 120 -out eccCliCRL.pem -keyfile ~/cyassl/certs/ecc-client-key.pem -cert ~/cyassl/certs/client-ecc-cert.pem
+
+# metadata
+openssl crl -in eccCliCRL.pem -text > tmp
+mv tmp eccCliCRL.pem
+# install
+cp eccCliCRL.pem ~/cyassl/certs/crl/eccCliCRL.pem
+
+# eccSrvCRL
+openssl ca -gencrl -crldays 120 -out eccSrvCRL.pem -keyfile ~/cyassl/certs/ecc-key.pem -cert ~/cyassl/certs/server-ecc.pem
+
+# metadata
+openssl crl -in eccSrvCRL.pem -text > tmp
+mv tmp eccSrvCRL.pem
+# install
+cp eccSrvCRL.pem ~/cyassl/certs/crl/eccSrvCRL.pem
+
--- a/certs/crl/include.am
+++ b/certs/crl/include.am
@ -0,0 +1,14 @@
+# vim:ft=automake
+# All paths should be given relative to the root
+#
+
+EXTRA_DIST += \
+	     certs/crl/crl.pem \
+	     certs/crl/cliCrl.pem \
+	     certs/crl/eccSrvCRL.pem \
+	     certs/crl/eccCliCRL.pem
+
+EXTRA_DIST += \
+	     certs/crl/crl.revoked
+
+
--- a/certs/dh1024.der
+++ b/certs/dh1024.der
--- a/certs/dh2048.der
+++ b/certs/dh2048.der
--- a/certs/dh2048.pem
+++ b/certs/dh2048.pem
@ -0,0 +1,29 @@
+Diffie-Hellman-Parameters: (2048 bit)
+    prime:
+        00:b0:a1:08:06:9c:08:13:ba:59:06:3c:bc:30:d5:
+        f5:00:c1:4f:44:a7:d6:ef:4a:c6:25:27:1c:e8:d2:
+        96:53:0a:5c:91:dd:a2:c2:94:84:bf:7d:b2:44:9f:
+        9b:d2:c1:8a:c5:be:72:5c:a7:e7:91:e6:d4:9f:73:
+        07:85:5b:66:48:c7:70:fa:b4:ee:02:c9:3d:9a:4a:
+        da:3d:c1:46:3e:19:69:d1:17:46:07:a3:4d:9f:2b:
+        96:17:39:6d:30:8d:2a:f3:94:d3:75:cf:a0:75:e6:
+        f2:92:1f:1a:70:05:aa:04:83:57:30:fb:da:76:93:
+        38:50:e8:27:fd:63:ee:3c:e5:b7:c8:09:ae:6f:50:
+        35:8e:84:ce:4a:00:e9:12:7e:5a:31:d7:33:fc:21:
+        13:76:cc:16:30:db:0c:fc:c5:62:a7:35:b8:ef:b7:
+        b0:ac:c0:36:f6:d9:c9:46:48:f9:40:90:00:2b:1b:
+        aa:6c:e3:1a:c3:0b:03:9e:1b:c2:46:e4:48:4e:22:
+        73:6f:c3:5f:d4:9a:d6:30:07:48:d6:8c:90:ab:d4:
+        f6:f1:e3:48:d3:58:4b:a6:b9:cd:29:bf:68:1f:08:
+        4b:63:86:2f:5c:6b:d6:b6:06:65:f7:a6:dc:00:67:
+        6b:bb:c3:a9:41:83:fb:c7:fa:c8:e2:1e:7e:af:00:
+        3f:93
+    generator: 2 (0x2)
+-----BEGIN DH PARAMETERS-----
+MIIBCAKCAQEAsKEIBpwIE7pZBjy8MNX1AMFPRKfW70rGJScc6NKWUwpckd2iwpSE
+v32yRJ+b0sGKxb5yXKfnkebUn3MHhVtmSMdw+rTuAsk9mkraPcFGPhlp0RdGB6NN
+nyuWFzltMI0q85TTdc+gdebykh8acAWqBINXMPvadpM4UOgn/WPuPOW3yAmub1A1
+joTOSgDpEn5aMdcz/CETdswWMNsM/MVipzW477ewrMA29tnJRkj5QJAAKxuqbOMa
+wwsDnhvCRuRITiJzb8Nf1JrWMAdI1oyQq9T28eNI01hLprnNKb9oHwhLY4YvXGvW
+tgZl96bcAGdru8OpQYP7x/rI4h5+rwA/kwIBAg==
+-----END DH PARAMETERS-----
--- a/certs/dsa-cert.pem
+++ b/certs/dsa-cert.pem
@ -1,70 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number:
-            ce:df:23:31:64:b4:13:da
-        Signature Algorithm: dsaWithSHA1
-        Issuer: C=US, ST=Oregon, L=Portland, O=yaSSL, OU=testing, CN=www.yassl.com/emailAddress=info@yassl.com
-        Validity
-            Not Before: Jun 30 18:56:38 2010 GMT
-            Not After : Mar 26 18:56:39 2013 GMT
-        Subject: C=US, ST=Oregon, L=Portland, O=yaSSL, OU=testing, CN=www.yassl.com/emailAddress=info@yassl.com
-        Subject Public Key Info:
-            Public Key Algorithm: dsaEncryption
-            DSA Public Key:
-                pub: 
-                    04:84:a0:26:31:72:0c:e8:4f:5d:53:17:62:b1:80:
-                    ca:c0:16:5f:c3:1e:ea:c5:d9:98:38:f9:be:56:53:
-                    47:68:ce:08:22:57:1c:bb:0d:77:91:cf:5b:36:ed:
-                    f3:24:82:90:8a:cd:90:7c:db:77:f9:17:2d:73:73:
-                    ef:bb:b9:82
-                P:   
-                    00:99:29:69:80:c9:3c:98:68:45:a9:82:fe:67:eb:
-                    95:88:c5:b4:0c:d6:26:45:95:19:2c:a0:20:5b:7e:
-                    df:69:e9:dc:c3:0f:f3:61:0a:25:9b:f2:21:01:6a:
-                    cd:aa:8c:37:e7:ca:66:db:56:f4:0f:7d:7a:d1:18:
-                    b9:42:fd:1b:11
-                Q:   
-                    00:ad:25:29:ab:0a:9f:09:1c:c1:ad:03:20:76:7f:
-                    a6:b7:dd:4d:03:09
-                G:   
-                    12:88:99:da:e7:d0:0b:93:9b:e6:ee:3c:21:7f:9c:
-                    b3:b4:8d:a5:8c:e2:37:80:3f:17:d1:81:4f:bd:f0:
-                    71:b6:32:08:54:dd:bf:01:e2:b3:77:06:64:75:8a:
-                    04:d6:79:39:b1:02:03:03:c6:06:74:e5:90:05:0a:
-                    10:46:19:31
-        X509v3 extensions:
-            X509v3 Subject Key Identifier: 
-                BE:F9:8C:5D:D6:1C:B4:EE:81:DD:36:56:0A:21:E4:61:44:73:E9:E2
-            X509v3 Authority Key Identifier: 
-                keyid:BE:F9:8C:5D:D6:1C:B4:EE:81:DD:36:56:0A:21:E4:61:44:73:E9:E2
-                DirName:/C=US/ST=Oregon/L=Portland/O=yaSSL/OU=testing/CN=www.yassl.com/emailAddress=info@yassl.com
-                serial:CE:DF:23:31:64:B4:13:DA
-
-            X509v3 Basic Constraints: 
-                CA:TRUE
-    Signature Algorithm: dsaWithSHA1
-        30:2d:02:14:00:a3:21:20:34:6a:2c:f9:fb:76:d7:20:c9:c0:
-        35:1b:64:9a:c2:83:02:15:00:a4:59:ac:6d:da:85:48:ff:f5:
-        0d:49:72:c8:cd:91:fc:ec:2f:5c:63
-----BEGIN CERTIFICATE-----
-MIIDfjCCAz2gAwIBAgIJAM7fIzFktBPaMAkGByqGSM44BAMwgYoxCzAJBgNVBAYT
-AlVTMQ8wDQYDVQQIEwZPcmVnb24xETAPBgNVBAcTCFBvcnRsYW5kMQ4wDAYDVQQK
-EwV5YVNTTDEQMA4GA1UECxMHdGVzdGluZzEWMBQGA1UEAxMNd3d3Lnlhc3NsLmNv
-bTEdMBsGCSqGSIb3DQEJARYOaW5mb0B5YXNzbC5jb20wHhcNMTAwNjMwMTg1NjM4
-WhcNMTMwMzI2MTg1NjM5WjCBijELMAkGA1UEBhMCVVMxDzANBgNVBAgTBk9yZWdv
-bjERMA8GA1UEBxMIUG9ydGxhbmQxDjAMBgNVBAoTBXlhU1NMMRAwDgYDVQQLEwd0
-ZXN0aW5nMRYwFAYDVQQDEw13d3cueWFzc2wuY29tMR0wGwYJKoZIhvcNAQkBFg5p
-bmZvQHlhc3NsLmNvbTCB8DCBqAYHKoZIzjgEATCBnAJBAJkpaYDJPJhoRamC/mfr
-lYjFtAzWJkWVGSygIFt+32np3MMP82EKJZvyIQFqzaqMN+fKZttW9A99etEYuUL9
-GxECFQCtJSmrCp8JHMGtAyB2f6a33U0DCQJAEoiZ2ufQC5Ob5u48IX+cs7SNpYzi
-N4A/F9GBT73wcbYyCFTdvwHis3cGZHWKBNZ5ObECAwPGBnTlkAUKEEYZMQNDAAJA
-BISgJjFyDOhPXVMXYrGAysAWX8Me6sXZmDj5vlZTR2jOCCJXHLsNd5HPWzbt8ySC
-kIrNkHzbd/kXLXNz77u5gqOB8jCB7zAdBgNVHQ4EFgQUvvmMXdYctO6B3TZWCiHk
-YURz6eIwgb8GA1UdIwSBtzCBtIAUvvmMXdYctO6B3TZWCiHkYURz6eKhgZCkgY0w
-gYoxCzAJBgNVBAYTAlVTMQ8wDQYDVQQIEwZPcmVnb24xETAPBgNVBAcTCFBvcnRs
-YW5kMQ4wDAYDVQQKEwV5YVNTTDEQMA4GA1UECxMHdGVzdGluZzEWMBQGA1UEAxMN
-d3d3Lnlhc3NsLmNvbTEdMBsGCSqGSIb3DQEJARYOaW5mb0B5YXNzbC5jb22CCQDO
-3yMxZLQT2jAMBgNVHRMEBTADAQH/MAkGByqGSM44BAMDMAAwLQIUAKMhIDRqLPn7
-dtcgycA1G2SawoMCFQCkWaxt2oVI//UNSXLIzZH87C9cYw==
-----END CERTIFICATE-----
--- a/certs/dsa2048.der
+++ b/certs/dsa2048.der
--- a/certs/dsa512.der
+++ b/certs/dsa512.der
--- a/certs/dsa512.pem
+++ b/certs/dsa512.pem
@ -1,8 +0,0 @@
-----BEGIN DSA PRIVATE KEY-----
-MIH3AgEAAkEAmSlpgMk8mGhFqYL+Z+uViMW0DNYmRZUZLKAgW37faencww/zYQol
-m/IhAWrNqow358pm21b0D3160Ri5Qv0bEQIVAK0lKasKnwkcwa0DIHZ/prfdTQMJ
-AkASiJna59ALk5vm7jwhf5yztI2ljOI3gD8X0YFPvfBxtjIIVN2/AeKzdwZkdYoE
-1nk5sQIDA8YGdOWQBQoQRhkxAkAEhKAmMXIM6E9dUxdisYDKwBZfwx7qxdmYOPm+
-VlNHaM4IIlccuw13kc9bNu3zJIKQis2QfNt3+Rctc3Pvu7mCAhQjg+e+aqykxwwc
-E2V27tjDFY02uA==
-----END DSA PRIVATE KEY-----
--- a/certs/ecc-client-key.pem
+++ b/certs/ecc-client-key.pem
@ -0,0 +1,9 @@
+ASN1 OID: prime256v1
+-----BEGIN EC PARAMETERS-----
+BggqhkjOPQMBBw==
+-----END EC PARAMETERS-----
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIPjPkmu9HijxqKuhI08ydBiIUK1+x+yS+I+XTa9WiWXHoAoGCCqGSM49
+AwEHoUQDQgAEVb/0D0RQmj3Om7fwxU31cHvU7CSOGYDsWkyiJANiLJva76I1EkOE
+dhbGVpUGzAGpvfZ1GkL3vamyNiJfx11/tA==
+-----END EC PRIVATE KEY-----
--- a/certs/ecc-keyPkcs8.pem
+++ b/certs/ecc-keyPkcs8.pem
@ -0,0 +1,5 @@
+-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgRbZpAnOcbIWhOFty
+6OjHrMQDjVM1BPpsKNw0jeGoCYyhRANCAAS7M6xMJ1BKxkqlBMM83p8223ItzpTq
+K/rLIAk5LBboYQLpr03TApOaMVuXkiF/8M8Y2pERAjSG6CBYMwuANInY
+-----END PRIVATE KEY-----
--- a/certs/include.am
+++ b/certs/include.am
@ -2,18 +2,21 @@
 # All paths should be given relative to the root
 #

-certs_DATA+= \
+EXTRA_DIST += \
 	     certs/ca-cert.pem \
 	     certs/ca-key.pem \
 	     certs/client-cert.pem \
 	     certs/client-keyEnc.pem \
 	     certs/client-key.pem \
-	     certs/dsa512.pem \
-	     certs/dsa-cert.pem \
 	     certs/ecc-key.pem \
+	     certs/ecc-keyPkcs8.pem \
+	     certs/ecc-client-key.pem \
+	     certs/client-ecc-cert.pem \
 	     certs/ntru-cert.pem \
+	     certs/dh2048.pem \
 	     certs/server-cert.pem \
 	     certs/server-ecc.pem \
+	     certs/server-ecc-rsa.pem \
 	     certs/server-keyEnc.pem \
 	     certs/server-key.pem \
 	     certs/server-keyPkcs8Enc12.pem \
@ -21,18 +24,17 @@ certs_DATA+= \
 	     certs/server-keyPkcs8Enc.pem \
 	     certs/server-keyPkcs8.pem

-certs_DATA+= \
+EXTRA_DIST += \
 	     certs/ca-key.der \
 	     certs/client-cert.der \
 	     certs/client-key.der \
-	     certs/dh1024.der \
-	     certs/rsa1024.der \
-	     certs/dsa512.der \
+	     certs/dh2048.der \
+	     certs/rsa2048.der \
+	     certs/dsa2048.der \
 	     certs/ecc-key.der

-EXTRA_DIST+= ${certs_DATA}

-doc_DATA+= certs/taoCert.txt
+dist_doc_DATA+= certs/taoCert.txt

 EXTRA_DIST+= certs/ntru-key.raw

--- a/certs/ntru-cert.pem
+++ b/certs/ntru-cert.pem
@ -1,24 +1,28 @@
 -----BEGIN CERTIFICATE-----
-MIIEFTCCA7+gAwIBAgIIAbqUI6ioaAswDQYJKoZIhvcNAQEEBQAwgZ4xCzAJBgNV
+MIIEyTCCA7GgAwIBAgIIASZ+ezr7rN0wDQYJKoZIhvcNAQEFBQAwgZAxCzAJBgNV
 BAYTAlVTMRAwDgYDVQQIEwdNb250YW5hMRAwDgYDVQQHEwdCb3plbWFuMREwDwYD
-VQQKEwhzYXd0b290aDETMBEGA1UECxMKY29uc3VsdGluZzEkMCIGA1UEAxMbd3d3
-LnNhd3Rvb3RoLWNvbnN1bHRpbmcuY29tMR0wGwYJKoZIhvcNAQkBFg5pbmZvQHlh
-c3NsLmNvbTAiGA8yMDEwMTIxNDIwMjQ0MVoYDzIwMTIwNDI3MjEyNDQxWjCBijEL
-MAkGA1UEBhMCVVMxCzAJBgNVBAgTAk9SMREwDwYDVQQHEwhQb3J0bGFuZDEOMAwG
-A1UEChMFeWFTU0wxFDASBgNVBAsTC0RldmVsb3BtZW50MRYwFAYDVQQDEw13d3cu
-eWFzc2wuY29tMR0wGwYJKoZIhvcNAQkBFg5pbmZvQHlhc3NsLmNvbTCCAkswGAYK
-KwYBBAHBcAEBAgYKKwYBBAHBcAECLgOCAi0ABIICKCz+/AE/vwkKbIeZgGF2aIEx
-8Tgb8wSs7pLV97VJhdtoPE6uACTmMGAsKou1ZXZ7Wx/vo+DSEdRF4DMlny3clNoU
-ISPnfubo5oDo8zFzBkI24v7euq885RZGkrqPJLsEPkdWxbsH9hVA9Q6KiL3WkqyJ
-p6F+FseE//rJ8V++prytwhTdBzGWtpY43Wkh6Sqej7Vyh/gQAQuYSFPtWhSb0Xjh
-/tFG17lSPhPrf6xD+YtABxUG2hlWY+4wkHSVyTqkPx1/2frlMctA9J3aktEEJkWu
-bbbHVgBDkQ4E+58iljlzArep+sRs5d//KZil9fFJf1qUXo9mo3BekISGZJ5fUi/r
-4PNyJhYPJfTc0qZwas26VKiMWlAYFlxMNOdTAH9oLYRo85n+FlmkYzkaFuW/1h0u
-SSVJ25XcqWYVZL4W11bAVEut80DIZPsHAOpxaol2Ul+3TtyuYIXaGxVdWYZKVAV3
-meDa8HusJlRbRNGNJR83/lT5haFizcUkWD/QMtlnu+PgX11pUD+mZedVgYhElpfd
-GfFwBUJcStP2iMMynZkQHxvoaNS761BiNiqMJceuvE9a+2fFt9WkAAYaYHoVQNGf
-HMVv6lPeVL0S688Bq6/Y39quJQGlcDDY1jy4nOJgNrAGv/cbSFnoC12lGzHVh6pI
-3s0ekDf/bjMmIP2w3krhTyGm0pZ5D1mEXYWUkEMHVcjGNM9IBlXp1WHTWdNwINCM
-Cos5UHRX4DANBgkqhkiG9w0BAQQFAANBAHvy5p2SJtQlc5defUNYtHaAwrk7Nzcu
-qlaoBL1HCtwMI4W5Q7INKShS238uZJXYxcHQXlvxswf0IFtqT8lIFt0=
+VQQKEwhTYXd0b290aDETMBEGA1UECxMKQ29uc3VsdGluZzEWMBQGA1UEAxMNd3d3
+Lnlhc3NsLmNvbTEdMBsGCSqGSIb3DQEJARYOaW5mb0B5YXNzbC5jb20wIhgPMjAx
+MTEyMDUwMDE2MzdaGA8yMDEzMDQxOTAxMTYzN1owgYoxCzAJBgNVBAYTAlVTMQsw
+CQYDVQQIEwJPUjERMA8GA1UEBxMIUG9ydGxhbmQxDjAMBgNVBAoTBXlhU1NMMRQw
+EgYDVQQLEwtEZXZlbG9wbWVudDEWMBQGA1UEAxMNd3d3Lnlhc3NsLmNvbTEdMBsG
+CSqGSIb3DQEJARYOaW5mb0B5YXNzbC5jb20wggJLMBgGCisGAQQBwXABAQIGCisG
+AQQBwXABAi4DggItAASCAihFDRAy0fOBZth/IRQFJeuEUgrViJfGvKOUuNW6yYmn
+9/YXT2I3/aiBZ/udSehoEFVPNgLs/ZWwNrsIuETH5TPkS1e9Ig4I5G839deKT89M
+Qpq7GiKLwlLY3He/a6O+/UMEFH4ShdhDopsH2+IsWCX0H7Lvp8L8RqURrQNFXvlr
+xRAFiBixEQNry2HyEcVz/9TQSdifE4KGUtneErqsk1/Sms1m1/NqW30H77YerJfs
+QWsOEgasoJnYWS6knJC4XsUbJKqKcHRc6XeODOyf72J3ESvES2C+cqEsShxVP7zG
+hDiHurwfyvIAUL4bZSBtlAqt60iOEsXScXwdbNrj+4iuFAyjX8+JrxGMbDNi3X5l
+L2RLUiEIKUSGUozbDlR3jU2WoHUm76mZwjGe1+vOKpvqh5yrRoyqiDERj8wsGrDO
+MdoheW1xSjQ3p5fQ/UOtagWA5Lh/MqbCIHdMzMLpbOmfhFJA5BXaNg/qThhjpmvf
+csYfwWCWukKKbjfY7cxOVMuUN0VvoYBjOxt5UQhXuPjH/+5s4J7E/IxQrWz6fhcG
+wfvJjWJjedfhP23Jm4zodbwtU6MgPF641DcAwcnBqSi/Ugi7d0YeHMqTJkSnIJZV
+r3v1YLuqiFDzB6bx69DGpCxFMxIpdOPq4a9WpeQQ9H7cBK0HFl4tRPNnQ2XCrKMc
+86gQ35aaM2vPvgj0d/zgC0AG8WFQEG1wYBvLEgfiQsi7auXoScYZA8AwDQYJKoZI
+hvcNAQEFBQADggEBAJ7eyiJIGiyyrhAdaYOit3U3CUkGSatNXTkn8PRO8SwzPWCi
+FQ+4AePYV+/ovtNZiqLwm7mVa3s2CS8LCk2s9/ld22cDJNV+gDkzrelUyTLUi0jr
+zZJwEiaNXIEkYrLGifSzoNUgQBTzDmOSkm2UpIX70GTsXF73FKdqonf1VTnopVKa
+XZDpIG3/TKyh8jCwowMrkxnHS886FhXiHGCBzM1rnp3S+r3b+rTqoKoeuZQnDgJP
+IZwnZL6agtwbUfmZj6/868irlsLtC9M5nKBtj/U/tQIrW52XEhBqChmTXIq0JNL1
++kWLLeu9t0T53Pth3VxMT/ePV0aURQvjINm60o=
 -----END CERTIFICATE-----
--- a/certs/ntru-key.raw
+++ b/certs/ntru-key.raw
--- a/certs/rsa1024.der
+++ b/certs/rsa1024.der
--- a/certs/rsa2048.der
+++ b/certs/rsa2048.der
--- a/certs/server-cert.pem
+++ b/certs/server-cert.pem
@ -1,95 +1,158 @@
 Certificate:
    Data:
        Version: 1 (0x0)
-        Serial Number: 1 (0x1)
-        Signature Algorithm: md5WithRSAEncryption
-        Issuer: C=US, ST=Montana, L=Bozeman, O=sawtooth, OU=consulting, CN=www.sawtooth-consulting.com/emailAddress=info@yassl.com
+        Serial Number: 2 (0x2)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.yassl.com/emailAddress=info@yassl.com
        Validity
-            Not Before: Jun 30 18:52:17 2010 GMT
-            Not After : Mar 26 18:52:17 2013 GMT
-        Subject: C=US, ST=Montana, L=Bozeman, O=yaSSL, OU=support, CN=www.yassl.com/emailAddress=info@yassl.com
+            Not Before: Oct 24 18:27:13 2011 GMT
+            Not After : Jul 20 18:27:13 2014 GMT
+        Subject: C=US, ST=Montana, L=Bozeman, O=yaSSL, OU=Support, CN=www.yassl.com/emailAddress=info@yassl.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (512 bit)
-                Modulus (512 bit):
-                    00:c6:7b:c0:68:81:2f:de:82:3f:f9:ac:c3:86:4a:
-                    66:b7:ec:d4:f1:f6:64:21:ff:f5:a2:34:42:d0:38:
-                    9f:c6:dd:3b:6e:26:65:6a:54:96:dd:d2:7b:eb:36:
-                    a2:ae:7e:2a:9e:7e:56:a5:b6:87:9f:15:c7:18:66:
-                    7e:16:77:e2:a7
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27:
+                    01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6:
+                    f6:1c:88:bc:7c:9f:fb:a8:67:7f:fe:5c:9c:51:75:
+                    f7:8a:ca:07:e7:35:2f:8f:e1:bd:7b:c0:2f:7c:ab:
+                    64:a8:17:fc:ca:5d:7b:ba:e0:21:e5:72:2e:6f:2e:
+                    86:d8:95:73:da:ac:1b:53:b9:5f:3f:d7:19:0d:25:
+                    4f:e1:63:63:51:8b:0b:64:3f:ad:43:b8:a5:1c:5c:
+                    34:b3:ae:00:a0:63:c5:f6:7f:0b:59:68:78:73:a6:
+                    8c:18:a9:02:6d:af:c3:19:01:2e:b8:10:e3:c6:cc:
+                    40:b4:69:a3:46:33:69:87:6e:c4:bb:17:a6:f3:e8:
+                    dd:ad:73:bc:7b:2f:21:b5:fd:66:51:0c:bd:54:b3:
+                    e1:6d:5f:1c:bc:23:73:d1:09:03:89:14:d2:10:b9:
+                    64:c3:2a:d0:a1:96:4a:bc:e1:d4:1a:5b:c7:a0:c0:
+                    c1:63:78:0f:44:37:30:32:96:80:32:23:95:a1:77:
+                    ba:13:d2:97:73:e2:5d:25:c9:6a:0d:c3:39:60:a4:
+                    b4:b0:69:42:42:09:e9:d8:08:bc:33:20:b3:58:22:
+                    a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f:
+                    ad:d7
                Exponent: 65537 (0x10001)
-    Signature Algorithm: md5WithRSAEncryption
-        58:a9:98:e7:16:52:4c:40:e7:e1:47:92:19:1b:3a:8f:97:6c:
-        7b:b7:b0:cb:20:6d:ad:b5:d3:47:58:d8:e4:f2:3e:32:e9:ef:
-        87:77:e5:54:36:f4:8d:50:8d:07:b4:77:45:ea:9d:a4:33:36:
-        9b:0b:e0:74:58:11:c5:01:7b:4d
+    Signature Algorithm: sha1WithRSAEncryption
+        71:4e:d3:62:df:cc:4c:f7:cd:b7:6e:52:0b:6c:6e:e0:bd:c2:
+        2d:07:d7:c0:b0:6e:43:1e:35:bc:30:01:50:f0:ff:99:23:6c:
+        18:1a:41:b6:11:d6:d4:19:61:fd:e4:77:97:1c:39:e1:57:ab:
+        c5:15:63:77:11:36:5e:74:e2:24:0b:1f:41:78:ad:b7:81:e7:
+        b4:40:66:80:f0:4b:91:a0:6d:a8:6e:3d:53:d9:8b:ce:2a:e1:
+        0b:45:65:87:a1:96:ae:ee:3e:88:d5:12:1f:78:17:ae:2c:c5:
+        73:44:d8:dc:f4:af:d8:cc:ae:4c:e1:0c:be:55:a4:99:f7:6e:
+        96:c0:c8:45:87:bf:dc:51:57:ff:9e:73:37:6a:18:9c:c3:f9:
+        22:7a:f4:b0:52:bd:fc:21:30:f8:c5:ff:1e:87:7d:ad:a2:5a:
+        35:f5:22:a8:b4:0a:76:38:e6:76:b0:98:af:1b:ec:8a:0a:43:
+        74:d2:85:34:37:84:07:e1:f6:23:b2:29:de:a6:b6:b7:4c:57:
+        7e:96:06:cb:a9:16:25:29:3a:03:2d:55:7d:a6:8c:a4:f7:9e:
+        81:c9:95:b6:7c:c1:4a:ce:94:66:0c:ca:88:eb:d2:09:f5:5b:
+        19:58:82:df:27:fd:67:95:78:b7:02:06:d5:a7:61:bd:ef:3a:
+        fc:b2:61:cd
 -----BEGIN CERTIFICATE-----
-MIICFDCCAb4CAQEwDQYJKoZIhvcNAQEEBQAwgZ4xCzAJBgNVBAYTAlVTMRAwDgYD
-VQQIEwdNb250YW5hMRAwDgYDVQQHEwdCb3plbWFuMREwDwYDVQQKEwhzYXd0b290
-aDETMBEGA1UECxMKY29uc3VsdGluZzEkMCIGA1UEAxMbd3d3LnNhd3Rvb3RoLWNv
-bnN1bHRpbmcuY29tMR0wGwYJKoZIhvcNAQkBFg5pbmZvQHlhc3NsLmNvbTAeFw0x
-MDA2MzAxODUyMTdaFw0xMzAzMjYxODUyMTdaMIGKMQswCQYDVQQGEwJVUzEQMA4G
-A1UECBMHTW9udGFuYTEQMA4GA1UEBxMHQm96ZW1hbjEOMAwGA1UEChMFeWFTU0wx
-EDAOBgNVBAsTB3N1cHBvcnQxFjAUBgNVBAMTDXd3dy55YXNzbC5jb20xHTAbBgkq
-hkiG9w0BCQEWDmluZm9AeWFzc2wuY29tMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJB
-AMZ7wGiBL96CP/msw4ZKZrfs1PH2ZCH/9aI0QtA4n8bdO24mZWpUlt3Se+s2oq5+
-Kp5+VqW2h58VxxhmfhZ34qcCAwEAATANBgkqhkiG9w0BAQQFAANBAFipmOcWUkxA
-5+FHkhkbOo+XbHu3sMsgba2100dY2OTyPjLp74d35VQ29I1QjQe0d0XqnaQzNpsL
-4HRYEcUBe00=
+MIIDkDCCAngCAQIwDQYJKoZIhvcNAQEFBQAwgZAxCzAJBgNVBAYTAlVTMRAwDgYD
+VQQIEwdNb250YW5hMRAwDgYDVQQHEwdCb3plbWFuMREwDwYDVQQKEwhTYXd0b290
+aDETMBEGA1UECxMKQ29uc3VsdGluZzEWMBQGA1UEAxMNd3d3Lnlhc3NsLmNvbTEd
+MBsGCSqGSIb3DQEJARYOaW5mb0B5YXNzbC5jb20wHhcNMTExMDI0MTgyNzEzWhcN
+MTQwNzIwMTgyNzEzWjCBijELMAkGA1UEBhMCVVMxEDAOBgNVBAgTB01vbnRhbmEx
+EDAOBgNVBAcTB0JvemVtYW4xDjAMBgNVBAoTBXlhU1NMMRAwDgYDVQQLEwdTdXBw
+b3J0MRYwFAYDVQQDEw13d3cueWFzc2wuY29tMR0wGwYJKoZIhvcNAQkBFg5pbmZv
+QHlhc3NsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMCVCOFX
+QfJxbbfSRUEnAWXGRa7yvCQwuJXOL07W9hyIvHyf+6hnf/5cnFF194rKB+c1L4/h
+vXvAL3yrZKgX/Mpde7rgIeVyLm8uhtiVc9qsG1O5Xz/XGQ0lT+FjY1GLC2Q/rUO4
+pRxcNLOuAKBjxfZ/C1loeHOmjBipAm2vwxkBLrgQ48bMQLRpo0YzaYduxLsXpvPo
+3a1zvHsvIbX9ZlEMvVSz4W1fHLwjc9EJA4kU0hC5ZMMq0KGWSrzh1Bpbx6DAwWN4
+D0Q3MDKWgDIjlaF3uhPSl3PiXSXJag3DOWCktLBpQkIJ6dgIvDMgs1gip6rrxOHm
+YYPF0pbf2dBPrdcCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAcU7TYt/MTPfNt25S
+C2xu4L3CLQfXwLBuQx41vDABUPD/mSNsGBpBthHW1Blh/eR3lxw54VerxRVjdxE2
+XnTiJAsfQXitt4HntEBmgPBLkaBtqG49U9mLzirhC0Vlh6GWru4+iNUSH3gXrizF
+c0TY3PSv2MyuTOEMvlWkmfdulsDIRYe/3FFX/55zN2oYnMP5Inr0sFK9/CEw+MX/
+Hod9raJaNfUiqLQKdjjmdrCYrxvsigpDdNKFNDeEB+H2I7Ip3qa2t0xXfpYGy6kW
+JSk6Ay1VfaaMpPeegcmVtnzBSs6UZgzKiOvSCfVbGViC3yf9Z5V4twIG1adhve86
+/LJhzQ==
 -----END CERTIFICATE-----
 Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
-            8a:37:22:65:73:f5:aa:e8
-        Signature Algorithm: md5WithRSAEncryption
-        Issuer: C=US, ST=Montana, L=Bozeman, O=sawtooth, OU=consulting, CN=www.sawtooth-consulting.com/emailAddress=info@yassl.com
+            e9:d0:a7:5f:79:25:f4:3c
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.yassl.com/emailAddress=info@yassl.com
        Validity
-            Not Before: Jun 30 18:47:10 2010 GMT
-            Not After : Mar 26 18:47:10 2013 GMT
-        Subject: C=US, ST=Montana, L=Bozeman, O=sawtooth, OU=consulting, CN=www.sawtooth-consulting.com/emailAddress=info@yassl.com
+            Not Before: Oct 24 18:18:15 2011 GMT
+            Not After : Jul 20 18:18:15 2014 GMT
+        Subject: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.yassl.com/emailAddress=info@yassl.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (512 bit)
-                Modulus (512 bit):
-                    00:97:30:b9:1a:92:ef:25:4f:ca:4c:11:31:95:1a:
-                    e1:c0:10:19:0a:20:b9:37:80:1a:57:38:02:4e:1b:
-                    c5:0f:28:4f:da:e3:c9:16:aa:50:bd:4a:fb:b7:71:
-                    c7:35:cc:63:81:c1:dd:9d:33:f9:38:16:88:32:a0:
-                    aa:56:23:03:a3
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:bf:0c:ca:2d:14:b2:1e:84:42:5b:cd:38:1f:4a:
+                    f2:4d:75:10:f1:b6:35:9f:df:ca:7d:03:98:d3:ac:
+                    de:03:66:ee:2a:f1:d8:b0:7d:6e:07:54:0b:10:98:
+                    21:4d:80:cb:12:20:e7:cc:4f:de:45:7d:c9:72:77:
+                    32:ea:ca:90:bb:69:52:10:03:2f:a8:f3:95:c5:f1:
+                    8b:62:56:1b:ef:67:6f:a4:10:41:95:ad:0a:9b:e3:
+                    a5:c0:b0:d2:70:76:50:30:5b:a8:e8:08:2c:7c:ed:
+                    a7:a2:7a:8d:38:29:1c:ac:c7:ed:f2:7c:95:b0:95:
+                    82:7d:49:5c:38:cd:77:25:ef:bd:80:75:53:94:3c:
+                    3d:ca:63:5b:9f:15:b5:d3:1d:13:2f:19:d1:3c:db:
+                    76:3a:cc:b8:7d:c9:e5:c2:d7:da:40:6f:d8:21:dc:
+                    73:1b:42:2d:53:9c:fe:1a:fc:7d:ab:7a:36:3f:98:
+                    de:84:7c:05:67:ce:6a:14:38:87:a9:f1:8c:b5:68:
+                    cb:68:7f:71:20:2b:f5:a0:63:f5:56:2f:a3:26:d2:
+                    b7:6f:b1:5a:17:d7:38:99:08:fe:93:58:6f:fe:c3:
+                    13:49:08:16:0b:a7:4d:67:00:52:31:67:23:4e:98:
+                    ed:51:45:1d:b9:04:d9:0b:ec:d8:28:b3:4b:bd:ed:
+                    36:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
-                3B:66:FD:A0:40:C6:F4:E2:70:CF:21:1A:0C:4F:67:FE:B7:4B:42:09
+                27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
            X509v3 Authority Key Identifier: 
-                keyid:3B:66:FD:A0:40:C6:F4:E2:70:CF:21:1A:0C:4F:67:FE:B7:4B:42:09
-                DirName:/C=US/ST=Montana/L=Bozeman/O=sawtooth/OU=consulting/CN=www.sawtooth-consulting.com/emailAddress=info@yassl.com
-                serial:8A:37:22:65:73:F5:AA:E8
+                keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
+                DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.yassl.com/emailAddress=info@yassl.com
+                serial:E9:D0:A7:5F:79:25:F4:3C

            X509v3 Basic Constraints: 
                CA:TRUE
-    Signature Algorithm: md5WithRSAEncryption
-        32:65:a2:b1:dc:6d:e0:8d:8b:c8:58:29:8e:b8:18:4b:62:88:
-        13:67:f8:6c:75:46:75:8f:8a:19:a6:a3:d5:3c:fc:57:4e:7a:
-        68:a9:fc:93:dc:ae:29:7d:bb:4e:ec:ea:55:fa:a4:e3:00:61:
-        f4:b0:34:6d:d1:d5:a4:64:24:f8
+    Signature Algorithm: sha1WithRSAEncryption
+        5f:86:14:f4:51:8b:bc:a5:4e:30:da:5e:ac:9a:f8:6c:d9:26:
+        4b:93:f9:e3:1c:89:6f:9e:ee:b3:9d:77:3e:89:20:76:a3:e6:
+        e8:86:15:21:db:e2:33:b2:34:d5:d0:9f:f3:c1:a4:87:92:5c:
+        f9:d1:ff:30:2f:8e:03:bc:b3:3c:0c:32:a3:90:5f:1a:90:1e:
+        af:9d:f3:9e:d7:07:02:a9:7d:27:66:63:2f:af:18:d7:ac:18:
+        98:8c:83:8f:38:f3:0b:ac:36:10:75:fb:ca:76:13:50:5b:02:
+        8f:73:bf:e3:a0:ee:83:52:25:54:ce:26:ce:9c:bd:2f:79:ab:
+        1b:60:b8:92:f1:03:c0:fc:3b:08:d9:c0:ad:d5:72:08:25:80:
+        61:2d:dc:9f:a7:83:62:07:47:e0:07:4c:4b:07:30:04:a9:87:
+        1c:55:7f:07:12:d0:cb:42:5d:cb:cf:66:01:1a:17:ee:f9:0f:
+        60:b7:db:6f:68:e5:4e:41:62:6e:d3:6f:60:4f:4b:27:de:cf:
+        18:07:f1:13:5d:cb:3f:a9:25:44:da:52:5c:c8:04:e1:56:12:
+        f5:2a:90:4e:d1:e2:af:01:b5:23:a1:ec:31:da:7b:63:69:c4:
+        b8:f3:e7:ce:a1:3d:c0:db:6d:f3:b2:d9:46:c8:9f:c3:b8:70:
+        5a:1f:7f:ca
 -----BEGIN CERTIFICATE-----
-MIIDQDCCAuqgAwIBAgIJAIo3ImVz9aroMA0GCSqGSIb3DQEBBAUAMIGeMQswCQYD
+MIIEnjCCA4agAwIBAgIJAOnQp195JfQ8MA0GCSqGSIb3DQEBBQUAMIGQMQswCQYD
 VQQGEwJVUzEQMA4GA1UECBMHTW9udGFuYTEQMA4GA1UEBxMHQm96ZW1hbjERMA8G
-A1UEChMIc2F3dG9vdGgxEzARBgNVBAsTCmNvbnN1bHRpbmcxJDAiBgNVBAMTG3d3
-dy5zYXd0b290aC1jb25zdWx0aW5nLmNvbTEdMBsGCSqGSIb3DQEJARYOaW5mb0B5
-YXNzbC5jb20wHhcNMTAwNjMwMTg0NzEwWhcNMTMwMzI2MTg0NzEwWjCBnjELMAkG
-A1UEBhMCVVMxEDAOBgNVBAgTB01vbnRhbmExEDAOBgNVBAcTB0JvemVtYW4xETAP
-BgNVBAoTCHNhd3Rvb3RoMRMwEQYDVQQLEwpjb25zdWx0aW5nMSQwIgYDVQQDExt3
-d3cuc2F3dG9vdGgtY29uc3VsdGluZy5jb20xHTAbBgkqhkiG9w0BCQEWDmluZm9A
-eWFzc2wuY29tMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJcwuRqS7yVPykwRMZUa
-4cAQGQoguTeAGlc4Ak4bxQ8oT9rjyRaqUL1K+7dxxzXMY4HB3Z0z+TgWiDKgqlYj
-A6MCAwEAAaOCAQcwggEDMB0GA1UdDgQWBBQ7Zv2gQMb04nDPIRoMT2f+t0tCCTCB
-0wYDVR0jBIHLMIHIgBQ7Zv2gQMb04nDPIRoMT2f+t0tCCaGBpKSBoTCBnjELMAkG
-A1UEBhMCVVMxEDAOBgNVBAgTB01vbnRhbmExEDAOBgNVBAcTB0JvemVtYW4xETAP
-BgNVBAoTCHNhd3Rvb3RoMRMwEQYDVQQLEwpjb25zdWx0aW5nMSQwIgYDVQQDExt3
-d3cuc2F3dG9vdGgtY29uc3VsdGluZy5jb20xHTAbBgkqhkiG9w0BCQEWDmluZm9A
-eWFzc2wuY29tggkAijciZXP1qugwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQF
-AANBADJlorHcbeCNi8hYKY64GEtiiBNn+Gx1RnWPihmmo9U8/FdOemip/JPcril9
-u07s6lX6pOMAYfSwNG3R1aRkJPg=
+A1UEChMIU2F3dG9vdGgxEzARBgNVBAsTCkNvbnN1bHRpbmcxFjAUBgNVBAMTDXd3
+dy55YXNzbC5jb20xHTAbBgkqhkiG9w0BCQEWDmluZm9AeWFzc2wuY29tMB4XDTEx
+MTAyNDE4MTgxNVoXDTE0MDcyMDE4MTgxNVowgZAxCzAJBgNVBAYTAlVTMRAwDgYD
+VQQIEwdNb250YW5hMRAwDgYDVQQHEwdCb3plbWFuMREwDwYDVQQKEwhTYXd0b290
+aDETMBEGA1UECxMKQ29uc3VsdGluZzEWMBQGA1UEAxMNd3d3Lnlhc3NsLmNvbTEd
+MBsGCSqGSIb3DQEJARYOaW5mb0B5YXNzbC5jb20wggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQC/DMotFLIehEJbzTgfSvJNdRDxtjWf38p9A5jTrN4DZu4q
+8diwfW4HVAsQmCFNgMsSIOfMT95FfclydzLqypC7aVIQAy+o85XF8YtiVhvvZ2+k
+EEGVrQqb46XAsNJwdlAwW6joCCx87aeieo04KRysx+3yfJWwlYJ9SVw4zXcl772A
+dVOUPD3KY1ufFbXTHRMvGdE823Y6zLh9yeXC19pAb9gh3HMbQi1TnP4a/H2rejY/
+mN6EfAVnzmoUOIep8Yy1aMtof3EgK/WgY/VWL6Mm0rdvsVoX1ziZCP6TWG/+wxNJ
+CBYLp01nAFIxZyNOmO1RRR25BNkL7Ngos0u97TZ5AgMBAAGjgfgwgfUwHQYDVR0O
+BBYEFCeOZxF0wyYdP+0zY7Ok2B0w5ejVMIHFBgNVHSMEgb0wgbqAFCeOZxF0wyYd
+P+0zY7Ok2B0w5ejVoYGWpIGTMIGQMQswCQYDVQQGEwJVUzEQMA4GA1UECBMHTW9u
+dGFuYTEQMA4GA1UEBxMHQm96ZW1hbjERMA8GA1UEChMIU2F3dG9vdGgxEzARBgNV
+BAsTCkNvbnN1bHRpbmcxFjAUBgNVBAMTDXd3dy55YXNzbC5jb20xHTAbBgkqhkiG
+9w0BCQEWDmluZm9AeWFzc2wuY29tggkA6dCnX3kl9DwwDAYDVR0TBAUwAwEB/zAN
+BgkqhkiG9w0BAQUFAAOCAQEAX4YU9FGLvKVOMNperJr4bNkmS5P54xyJb57us513
+PokgdqPm6IYVIdviM7I01dCf88Gkh5Jc+dH/MC+OA7yzPAwyo5BfGpAer53zntcH
+Aql9J2ZjL68Y16wYmIyDjzjzC6w2EHX7ynYTUFsCj3O/46Dug1IlVM4mzpy9L3mr
+G2C4kvEDwPw7CNnArdVyCCWAYS3cn6eDYgdH4AdMSwcwBKmHHFV/BxLQy0Jdy89m
+ARoX7vkPYLfbb2jlTkFibtNvYE9LJ97PGAfxE13LP6klRNpSXMgE4VYS9SqQTtHi
+rwG1I6HsMdp7Y2nEuPPnzqE9wNtt87LZRsifw7hwWh9/yg==
 -----END CERTIFICATE-----
--- a/certs/server-ecc-rsa.pem
+++ b/certs/server-ecc-rsa.pem
@ -0,0 +1,54 @@
+Certificate:
+    Data:
+        Version: 1 (0x0)
+        Serial Number: 9 (0x9)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.yassl.com/emailAddress=info@yassl.com
+        Validity
+            Not Before: Aug  8 21:58:29 2012 GMT
+            Not After : May  5 21:58:29 2015 GMT
+        Subject: C=US, ST=Washington, L=Seattle, O=Elliptic - RSAsig, OU=ECC-RSAsig, CN=www.yassl.com/emailAddress=info@yassl.com
+        Subject Public Key Info:
+            Public Key Algorithm: id-ecPublicKey
+            EC Public Key:
+                pub: 
+                    04:bb:33:ac:4c:27:50:4a:c6:4a:a5:04:c3:3c:de:
+                    9f:36:db:72:2d:ce:94:ea:2b:fa:cb:20:09:39:2c:
+                    16:e8:61:02:e9:af:4d:d3:02:93:9a:31:5b:97:92:
+                    21:7f:f0:cf:18:da:91:11:02:34:86:e8:20:58:33:
+                    0b:80:34:89:d8
+                ASN1 OID: prime256v1
+    Signature Algorithm: sha1WithRSAEncryption
+        a0:1c:de:98:e8:61:c8:fb:0a:0e:af:ea:99:4b:c0:49:e6:66:
+        68:5e:7a:18:b8:0c:e3:0f:16:86:bc:b5:86:79:02:69:1c:b7:
+        e7:ff:53:d9:05:5d:27:39:24:54:67:14:de:ef:8e:c2:a0:11:
+        ca:c8:27:99:b9:d6:e9:71:1f:86:c9:8f:b1:74:a2:9f:93:6a:
+        0c:74:cf:17:77:8c:26:08:6e:a8:ac:69:d4:55:15:a2:95:87:
+        43:7a:ab:72:93:73:40:58:c2:bb:9c:89:f2:73:20:69:df:f1:
+        f3:65:08:9c:00:67:97:a6:71:00:2b:31:84:10:ac:bd:54:ac:
+        fd:b3:eb:12:36:77:f6:0a:e3:9a:96:d2:a6:22:bc:1d:6b:ce:
+        3c:0d:7b:d9:1c:1d:f1:ee:ec:ce:83:c8:98:c9:65:3e:06:31:
+        c3:b2:87:da:09:b4:90:0b:e2:6b:29:0e:d6:ae:53:1d:10:98:
+        e2:dc:f9:63:38:a1:a2:af:46:23:a4:4c:ab:0c:0b:08:be:cd:
+        a4:a6:6d:46:f0:f8:e0:31:99:85:39:10:4a:a0:04:54:3b:21:
+        e1:e9:b4:f3:a5:06:cd:37:ae:2c:ca:5d:ac:90:b5:ab:92:81:
+        aa:bf:2d:3f:8e:ee:4d:12:81:0a:8e:a4:ca:87:93:af:b0:25:
+        7e:e2:07:f7
+-----BEGIN CERTIFICATE-----
+MIIC1zCCAb8CAQkwDQYJKoZIhvcNAQEFBQAwgZAxCzAJBgNVBAYTAlVTMRAwDgYD
+VQQIEwdNb250YW5hMRAwDgYDVQQHEwdCb3plbWFuMREwDwYDVQQKEwhTYXd0b290
+aDETMBEGA1UECxMKQ29uc3VsdGluZzEWMBQGA1UEAxMNd3d3Lnlhc3NsLmNvbTEd
+MBsGCSqGSIb3DQEJARYOaW5mb0B5YXNzbC5jb20wHhcNMTIwODA4MjE1ODI5WhcN
+MTUwNTA1MjE1ODI5WjCBnDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0
+b24xEDAOBgNVBAcTB1NlYXR0bGUxGjAYBgNVBAoTEUVsbGlwdGljIC0gUlNBc2ln
+MRMwEQYDVQQLEwpFQ0MtUlNBc2lnMRYwFAYDVQQDEw13d3cueWFzc2wuY29tMR0w
+GwYJKoZIhvcNAQkBFg5pbmZvQHlhc3NsLmNvbTBZMBMGByqGSM49AgEGCCqGSM49
+AwEHA0IABLszrEwnUErGSqUEwzzenzbbci3OlOor+ssgCTksFuhhAumvTdMCk5ox
+W5eSIX/wzxjakRECNIboIFgzC4A0idgwDQYJKoZIhvcNAQEFBQADggEBAKAc3pjo
+Ycj7Cg6v6plLwEnmZmheehi4DOMPFoa8tYZ5Amkct+f/U9kFXSc5JFRnFN7vjsKg
+EcrIJ5m51ulxH4bJj7F0op+Tagx0zxd3jCYIbqisadRVFaKVh0N6q3KTc0BYwruc
+ifJzIGnf8fNlCJwAZ5emcQArMYQQrL1UrP2z6xI2d/YK45qW0qYivB1rzjwNe9kc
+HfHu7M6DyJjJZT4GMcOyh9oJtJAL4mspDtauUx0QmOLc+WM4oaKvRiOkTKsMCwi+
+zaSmbUbw+OAxmYU5EEqgBFQ7IeHptPOlBs03rizKXayQtauSgaq/LT+O7k0SgQqO
+pMqHk6+wJX7iB/c=
+-----END CERTIFICATE-----
--- a/certs/server-key.pem
+++ b/certs/server-key.pem
@ -1,9 +1,27 @@
 -----BEGIN RSA PRIVATE KEY-----
-MIIBOwIBAAJBAMZ7wGiBL96CP/msw4ZKZrfs1PH2ZCH/9aI0QtA4n8bdO24mZWpU
-lt3Se+s2oq5+Kp5+VqW2h58VxxhmfhZ34qcCAwEAAQJBAJSbGxgjgV+rTZL2Ev58
-viN/IoB25cm/Bn4Heu7DNn2A2kpdGX2cCaf7rEQoIKCiHxvopvxOcd/7nLS/gNli
-dCECIQD/cX/9fvB1Uajw0fmvwNON9+3P9uJSqpig90zL32pwjQIhAMbqee9TBMN4
-TxXbgWqA92PrCXe8WDZ3PwoJqdR6MRUDAiEAny+TDF1z6hiWiGTCDgXDkKBlwgjf
-p5aKgR077XzwLu0CICVpWEGg1ZaF/CnaPP7w/pZ2UDOK4vRrfRnAM4bY7H5NAiBS
-1eXJ/MCZ2uPfpl7XK2BU9P69KdKUk5WHxdRchVvcDg==
+MIIEpQIBAAKCAQEAwJUI4VdB8nFtt9JFQScBZcZFrvK8JDC4lc4vTtb2HIi8fJ/7
+qGd//lycUXX3isoH5zUvj+G9e8AvfKtkqBf8yl17uuAh5XIuby6G2JVz2qwbU7lf
+P9cZDSVP4WNjUYsLZD+tQ7ilHFw0s64AoGPF9n8LWWh4c6aMGKkCba/DGQEuuBDj
+xsxAtGmjRjNph27Euxem8+jdrXO8ey8htf1mUQy9VLPhbV8cvCNz0QkDiRTSELlk
+wyrQoZZKvOHUGlvHoMDBY3gPRDcwMpaAMiOVoXe6E9KXc+JdJclqDcM5YKS0sGlC
+Qgnp2Ai8MyCzWCKnquvE4eZhg8XSlt/Z0E+t1wIDAQABAoIBAQCa0DQPUmIFUAHv
+n+1kbsLE2hryhNeSEEiSxOlq64t1bMZ5OPLJckqGZFSVd8vDmp231B2kAMieTuTd
+x7pnFsF0vKnWlI8rMBr77d8hBSPZSjm9mGtlmrjcxH3upkMVLj2+HSJgKnMw1T7Y
+oqyGQy7E9WReP4l1DxHYUSVOn9iqo85gs+KK2X4b8GTKmlsFC1uqy+XjP24yIgXz
+0PrvdFKB4l90073/MYNFdfpjepcu1rYZxpIm5CgGUFAOeC6peA0Ul7QS2DFAq6EB
+QcIw+AdfFuRhd9Jg8p+N6PS662PeKpeB70xs5lU0USsoNPRTHMRYCj+7r7X3SoVD
+LTzxWFiBAoGBAPIsVHY5I2PJEDK3k62vvhl1loFk5rW4iUJB0W3QHBv4G6xpyzY8
+ZH3c9Bm4w2CxV0hfUk9ZOlV/MsAZQ1A/rs5vF/MOn0DKTq0VO8l56cBZOHNwnAp8
+yTpIMqfYSXUKhcLC/RVz2pkJKmmanwpxv7AEpox6Wm9IWlQ7xrFTF9/nAoGBAMuT
+3ncVXbdcXHzYkKmYLdZpDmOzo9ymzItqpKISjI57SCyySzfcBhh96v52odSh6T8N
+zRtfr1+elltbD6F8r7ObkNtXczrtsCNErkFPHwdCEyNMy/r0FKTV9542fFufqDzB
+hV900jkt/9CE3/uzIHoumxeu5roLrl9TpFLtG8SRAoGBAOyY2rvV/vlSSn0CVUlv
+VW5SL4SjK7OGYrNU0mNS2uOIdqDvixWl0xgUcndex6MEH54ZYrUbG57D8rUy+UzB
+qusMJn3UX0pRXKRFBnBEp1bA1CIUdp7YY1CJkNPiv4GVkjFBhzkaQwsYpVMfORpf
+H0O8h2rfbtMiAP4imHBOGhkpAoGBAIpBVihRnl/Ungs7mKNU8mxW1KrpaTOFJAza
+1AwtxL9PAmk4fNTm3Ezt1xYRwz4A58MmwFEC3rt1nG9WnHrzju/PisUr0toGakTJ
+c/5umYf4W77xfOZltU9s8MnF/xbKixsX4lg9ojerAby/QM5TjI7t7+5ZneBj5nxe
+9Y5L8TvBAoGATUX5QIzFW/QqGoq08hysa+kMVja3TnKW1eWK0uL/8fEYEz2GCbjY
+dqfJHHFSlDBD4PF4dP1hG0wJzOZoKnGtHN9DvFbbpaS+NXCkXs9P/ABVmTo9I89n
+WvUi+LUp0EQR6zUuRr79jhiyX6i/GTKh9dwD5nyaHwx8qbAOITc78bA=
 -----END RSA PRIVATE KEY-----
--- a/certs/server-keyEnc.pem
+++ b/certs/server-keyEnc.pem
@ -1,12 +1,30 @@
 -----BEGIN RSA PRIVATE KEY-----
 Proc-Type: 4,ENCRYPTED
-DEK-Info: DES-CBC,08132C1FFF5BC8CC
+DEK-Info: DES-CBC,136C7D8A69656668

-gsvuAsGmB8AkR23M25w4E6wuywfBey1Jqh3g71gJcnsUYwynex9dvfAU0lTowOXh
-sb7ld1KNjEMzrht9AC1IC0iE1rLqvRQZOdJ7h3n7aHZQ4a/HjcwAhqJq0ZW45m6Q
-mpoO5fRISjx2VbKFRUz6Xj2x0/do3IjQhpuUDVrTFFe1sEySM6APZ6CVpcnTOyPR
-ADyLDKzOi2E+sj1UXs58pct56FaqTIZPUEflICU3k6q9FPU6gsYANRLfzegclkv4
-JAx6mKVSJuYnjCCppx8WBwGJa1J1GcYRJ3qFfdbUzL4bcXTvoFkJEnDkHsXgDUS6
-xmT0XGT3IMaW8cwQ8KD8m5YYI/L26Mas/w3eA2ekyMR8pYICjXp/YZtcKxxkQSVE
-Uv/+D+20KbNAHIW5Mrxf61cX/CggGEbVP8ZhDY1flh8=
+jvNTyPaztxPIoAzbdmZnD0Zw2+60tMxNc0GMHNmeOyG25aHP/dT+TWiKFpFVkkkY
+uoCIhYUyw7gmpw+CnRJwWd+ans4nrvAjwy5oWJvarvsyUpjqvnPoIlAqd+d4TDKN
+eESzcI76+gHdisAtCrQD+fGqgTZhli5TgDbnpasL/QnY2qDlutvakkVw7gPXe156
+2Phy8WN+efr65J6wt3K/dj7Datl9u4JeHQK81gYyWBVX+EagEjPGDzkFQCj9Z0q7
+8K3iB5GW1JAqJS0IfZPB40AnSTF/n1TL1SN3qfU3l7hTGNrx9o7580bgDEoAR7pI
+F8eZlS15KHtZmh11AnU1KTKZ6kmgnNqeMTGMN6N0ct2wMKW1dV87eTDlF0oiR2ol
+XwtFgKmrIjfpmzkdWjbJmWnGMjD56KdiFZga/ZyKMsPrVoYLgfJEpn36iQspfygx
+HCGNTf0PjIsjEWU0WyQiF86t+c45W3wNFsv/AxVyfMl+su02yrd6u2ecuQDir3Cs
+b2k8IKtQgVe/NIpEWLKuiHG5oedIPPQyDYK5uq+gHxCGeOoKnWlsWFEHZRiza4X5
+tbgTrJB8Sw0ENWrvVGGmQZN4pSImlsMwzQ2qik5CQ00N1b3+56/obn0z75I3bUSb
+tC5g8DRjl6oclAenNgh/MYMT287y5W2dD4npxHcekX4O3J2CDXNfg4vV2j5GRxtg
+LVJdYE2p7bpYePCDHrYng8b9ubBprx0CrEnkIvvtUjzNPf6VDL0+MBKl+XgR2/nz
+iRqTuZnlGGOyM+KYDwXpgwfs/HfvFGksxTAlO/40GkGh+WGPaIoNyCK0SgQKhyb4
+JIkR0vd2/yLg3lWMJrGwh7A0Gm07Z/781oURP3uWd+PaCOgGcd5ipcAjcEyuxNly
+AthipWqmQWUcbf6Z2N9j3OA22Hv2Uzk8HSfi9VOZtL9svdEEZ0NnOekJgnc6stQp
+bXiknlK/T5WdrWxSyCfgUq68Vf6DFfIRAVuFdJ3WHT2wVXHrDfft6D+Ne/XCxPoE
+8zGmkyusaph33UHQ1oNyUbLbwcDCDSmOo8gYoedD3IwxtMA3wJRugomqosItwV8X
+vkgmcy8eSE/+gZUxJEN2gnLcfKFhCkC80J6oFhmoDD6vuUnPHcFdKZgVPw2rzPk5
+Vb1kX+gpORplYmKpq1vz/ujscL4T0TmYLz02hkIS4edpW55ncTTv7JWefpRiTB1J
+RB3td3me4htqR+YIDWJ+emrOmqsCG2WvpAS+MTw2mj1jYk9LL/ZYobTjSCEWmuwT
+yVK6m303irR7HQDauxhslRFgoK21w63viOyj5NKIU1gQtaAANGDxcgORC1XLjjgt
+oNutSQA+7P42vfHSHK4cnTBXl6V32H/GyVpdHQOZqSrqIjgLmUZodSmRPROxosZF
+a46B1O7m/rJFxkiKW4vod+/WqjoE0Hhfrb8rRrkRjzGeCqqSSnQ3vrunVkvF8hlA
+b6FOv4ZBJL4piC1GKH+rscqke9NEiDqXN8C3iYz86jbck/Ha21yUS8T3X7N52sg+
+B3AmOGnLK6BebYeto9vZxQjacChJZSixSxLV+l9/nVQ0+mW42azHdzk0ru59TGAj
 -----END RSA PRIVATE KEY-----
--- a/certs/server-keyPkcs8.pem
+++ b/certs/server-keyPkcs8.pem
@ -1,10 +1,28 @@
 -----BEGIN PRIVATE KEY-----
-MIIBVQIBADANBgkqhkiG9w0BAQEFAASCAT8wggE7AgEAAkEAxnvAaIEv3oI/+azD
-hkpmt+zU8fZkIf/1ojRC0Difxt07biZlalSW3dJ76zairn4qnn5WpbaHnxXHGGZ+
-FnfipwIDAQABAkEAlJsbGCOBX6tNkvYS/ny+I38igHblyb8Gfgd67sM2fYDaSl0Z
-fZwJp/usRCggoKIfG+im/E5x3/uctL+A2WJ0IQIhAP9xf/1+8HVRqPDR+a/A0433
-7c/24lKqmKD3TMvfanCNAiEAxup571MEw3hPFduBaoD3Y+sJd7xYNnc/Cgmp1Hox
-FQMCIQCfL5MMXXPqGJaIZMIOBcOQoGXCCN+nloqBHTvtfPAu7QIgJWlYQaDVloX8
-Kdo8/vD+lnZQM4ri9Gt9GcAzhtjsfk0CIFLV5cn8wJna49+mXtcrYFT0/r0p0pST
-lYfF1FyFW9wO
+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDAlQjhV0HycW23
+0kVBJwFlxkWu8rwkMLiVzi9O1vYciLx8n/uoZ3/+XJxRdfeKygfnNS+P4b17wC98
+q2SoF/zKXXu64CHlci5vLobYlXParBtTuV8/1xkNJU/hY2NRiwtkP61DuKUcXDSz
+rgCgY8X2fwtZaHhzpowYqQJtr8MZAS64EOPGzEC0aaNGM2mHbsS7F6bz6N2tc7x7
+LyG1/WZRDL1Us+FtXxy8I3PRCQOJFNIQuWTDKtChlkq84dQaW8egwMFjeA9ENzAy
+loAyI5Whd7oT0pdz4l0lyWoNwzlgpLSwaUJCCenYCLwzILNYIqeq68Th5mGDxdKW
+39nQT63XAgMBAAECggEBAJrQNA9SYgVQAe+f7WRuwsTaGvKE15IQSJLE6Wrri3Vs
+xnk48slySoZkVJV3y8OanbfUHaQAyJ5O5N3HumcWwXS8qdaUjyswGvvt3yEFI9lK
+Ob2Ya2WauNzEfe6mQxUuPb4dImAqczDVPtiirIZDLsT1ZF4/iXUPEdhRJU6f2Kqj
+zmCz4orZfhvwZMqaWwULW6rL5eM/bjIiBfPQ+u90UoHiX3TTvf8xg0V1+mN6ly7W
+thnGkibkKAZQUA54Lql4DRSXtBLYMUCroQFBwjD4B18W5GF30mDyn43o9LrrY94q
+l4HvTGzmVTRRKyg09FMcxFgKP7uvtfdKhUMtPPFYWIECgYEA8ixUdjkjY8kQMreT
+ra++GXWWgWTmtbiJQkHRbdAcG/gbrGnLNjxkfdz0GbjDYLFXSF9ST1k6VX8ywBlD
+UD+uzm8X8w6fQMpOrRU7yXnpwFk4c3CcCnzJOkgyp9hJdQqFwsL9FXPamQkqaZqf
+CnG/sASmjHpab0haVDvGsVMX3+cCgYEAy5PedxVdt1xcfNiQqZgt1mkOY7Oj3KbM
+i2qkohKMjntILLJLN9wGGH3q/nah1KHpPw3NG1+vX56WW1sPoXyvs5uQ21dzOu2w
+I0SuQU8fB0ITI0zL+vQUpNX3njZ8W5+oPMGFX3TSOS3/0ITf+7Mgei6bF67muguu
+X1OkUu0bxJECgYEA7Jjau9X++VJKfQJVSW9VblIvhKMrs4Zis1TSY1La44h2oO+L
+FaXTGBRyd17HowQfnhlitRsbnsPytTL5TMGq6wwmfdRfSlFcpEUGcESnVsDUIhR2
+nthjUImQ0+K/gZWSMUGHORpDCxilUx85Gl8fQ7yHat9u0yIA/iKYcE4aGSkCgYEA
+ikFWKFGeX9SeCzuYo1TybFbUqulpM4UkDNrUDC3Ev08CaTh81ObcTO3XFhHDPgDn
+wybAUQLeu3Wcb1acevOO78+KxSvS2gZqRMlz/m6Zh/hbvvF85mW1T2zwycX/FsqL
+GxfiWD2iN6sBvL9AzlOMju3v7lmd4GPmfF71jkvxO8ECgYBNRflAjMVb9CoairTy
+HKxr6QxWNrdOcpbV5YrS4v/x8RgTPYYJuNh2p8kccVKUMEPg8Xh0/WEbTAnM5mgq
+ca0c30O8VtulpL41cKRez0/8AFWZOj0jz2da9SL4tSnQRBHrNS5Gvv2OGLJfqL8Z
+MqH13APmfJofDHypsA4hNzvxsA==
 -----END PRIVATE KEY-----
--- a/certs/server-keyPkcs8Enc.pem
+++ b/certs/server-keyPkcs8Enc.pem
@ -1,11 +1,29 @@
 -----BEGIN ENCRYPTED PRIVATE KEY-----
-MIIBgTAbBgkqhkiG9w0BBQMwDgQIMbn/uK6tvZcCAggABIIBYK9oQl9uOmp/LC3j
-VxEoo+imbDLwS+ybpjbvcnfyWja4TRpRdCHCB/PLHRmVGCf/pBMG8UkobxbVbjpg
-DE5Mr69rOVOreNVIBkfAt0B8PgmLPRdKXtp6Y8IJ85R9Aic1g1+s5XeBcvEZRUHm
-ZvKd+oV4y8OUpnZkAZdN4In/8ZvWEfZf6ZPplGbcmoqM7eoLrCCiJ1zLvTt3CPm5
-yi/F8jJxPYM2iNj86y9hlpwk4lS+TvdAwmO/RGQQWverEQmX9MPob23s5ouBdHe5
-7TnBldo/Hq6YVtBYHuvOlx99kaMuumhYdhRONRnWbXedqymaMMG0xA4RgCljv0ud
-JrWK1YNGB7gl7/ANoqyy4ZODBUoH33qDR0NzkqwGXMIexlUZIjbwMmUPZZ/XBqMB
-tEDrOxAnauE12K3DbfviE40Py8uloXiZf94RnPWbttGp874EOpyiEYjUooo3ii6G
-jscqox0=
+MIIE6TAbBgkqhkiG9w0BBQMwDgQIr3AyvPqfFRQCAggABIIEyPUs6wCboqtKmExH
+zfez3vfHn2cp6s3X563Bz73hYn/8vXtI/q0oDNOpgav60/N7rMy50fno3LmW0/6E
+UN4MwofmBS3lp1ZVY3KmzDy6lz5vcFo4GCCj+X6dacsyBQ4lFOge5BihQ3R9cKt
+dSrd1EFKwGGu3qTDG7ajTZukmYjxuRqpyHqPO5OJO7yXxHOB7B7sSKIyJRCkkucd
+oBC86kQdWraweSYj+Klza6VjKzmNzDBx9Fyhrj9XGXJ3rJLhjgNpelwX+PIMU31i
+/yklI4jm0aMSoAvXgdBXZuOsnsI27GXxy//i7AOgLLWi+Bu4dJSSl5PMtespf83u
+5jSysJymXiNcN6vEautGyjCujdMs5c/FEMbgubAMXymCI9DsAN+5dNMDY8Zrfqdl
+hFKfctcu8BxFa+0tavJ28fOEBuEyJLsQ9OvvS7dn4AV502JRKWObfsw7fi+mMzMu
+oxhYo99MRqic6a9uDmYB3SPeU31eOHiEi0n51D7Gtcn++F+IaDFwSHMirThzakGn
+go3nj0yq62euzVcEuhIfTTAe3F2tqzpzznVFbs1XgrGVREJ6gp5vRgMUUGYIqQir
+p5oW0HVRI4iuoSjdN4/wNAxIP9zakwYx+vWx1VXhDVEJfgNmxDRvEbF+OOz+iJCf
+7A2e8L+kZ/5oC3HO8h7GdHNTUjRRdh8FUM8lGo+HbMYDznMy/bJlIP2bx9hIIha7
+U70i09glS2Z7Ei+VecJbvFzdro0vdYyGO2ef8bWwCc5JMucxDcRklWdUxK6amKJN
+VpXL3TW0VYCfr1rLmZXUfBGk/KXM20/BoM04WLjeR3oiV/2b7SYK7GnJ7kBmAHHx
+gnrwMDO3JvH89CwlHRizVSQl59ViqEMGLmbHThcMqkEOkFphB2xox7/IOVyp6cFn
+mY0ZCrbhdX+L6t5jiyq/4us5bzF7FOBYsJr6n1Rm9b8eeOL693y/6uM3CvTJcTOb
+5RqWiHgTgmefeOeUQ0/dVgvEOIWz2yqBQmHKiB4+0CGGIRwUOXBrTKSLilumsjQe
+qGhJ6yw25VIpdXsMD1WVviczgRTNYjdldIJoHQdvpCEAhQ1RR3rkuIPniTumJFmY
+CnjfNqjtkaZWIN1nOCmcu50tswksWEEFEfkcP1xyzhr3EVCYAoFncLTp5vHBtdmg
+6KBdar40/OFGAcbDGDX1g3XEEi6jHmy0Lyz7M3DwESgaMgwzscsQLr+wMITk1IUN
+yfiXHl1CQjGxhDj8KoAhdDjjPENkSlCSd1vEO+lg1/IFb1dtnL2DJp6BQt9/VLHo
+Fp3pdZ7r95H20+pEhCZp0HXLNo1o8xjJQ5RWUCs1Zc1cauDOAh8lAjps6MBxTa3a
+LOgTW9lgiAQ+S1g2jK4BmqbLvZUF+Z6xupc8uE3E3HhJolmDRYojMNFNmmvODa8M
+CneWmj3T1KvqEToAIq46mStlTfQufSMpaJ73Wds4gmIiGwn5hIuUN6f3kybbt4f2
+4DLZXMcjYweLi9tJtFC+JaO0rS5gtX/k/ys1QSblSU5qfRu1XfwNAcZO1ReKgGYN
+ymI78cSACGIcEvAwin8CdRu3W99NbMqHW9AcCETFlTsC3wNlQxyYSem75sjPaWVF
+sxLy7YxEJ8tDEJZbSQ==
 -----END ENCRYPTED PRIVATE KEY-----
--- a/certs/server-keyPkcs8Enc12.pem
+++ b/certs/server-keyPkcs8Enc12.pem
@ -1,11 +1,29 @@
 -----BEGIN ENCRYPTED PRIVATE KEY-----
-MIIBgjAcBgoqhkiG9w0BDAEDMA4ECDkwZMQEXsc8AgIIAASCAWAswojJ2ac33Tak
-A8ol6daT+VLEtVwgh9AMO8NE/2xvPZFd3758j/9136k/dsci59ZbvnAVnOURf8Sa
-MW0jaE+JnrnEdGDZAuODONGCtKdBx3fntHw6qRYIY0t7yhLCCRdeoVH6XK60JUtS
-vzi+Hitvg5ObzV1RpiockVCxGJDAizDrXMgQO7N7doeb9fypoBx5IFgLztWONFAg
-A9rQrd5CnkgEbOygRYMduv6fX+uEXWrHEB3vDI6HY5k+VHjx2XLGmNOH1goiv+9p
-DA4n4YpN45xRQUDKmx2T6kyULnMoG7Tf/le2qtJ2nja7697yk8zeEkZnR+UD2IXh
-/A5eyhAquiM5qDbbV46ydOh2Aji6vI8E8/ZnYk2SJ2/VVlNro/tL0XELYdjBBFnI
-SfEtCp1QWWtQdCAPipWzgmsEHKkk4ihmHQqTjmoJ0Pl9XbhxvqHUUrKdHXVJtksZ
-TmvgXItk
+MIIE5TAcBgoqhkiG9w0BDAEBMA4ECFytdly5R2o9AgIIAASCBMOa6fgAUIR5GokK
+Z81YZMxC3sNqAwjLEkOwmez2za2fq+2mw6T8tB5W75lFpWyXD1MDPa1PpLzyw27c
+d2C8nipCzp37yYLmXr+aS519CBJR80ily/WLcdv+ScsA6pjOEW2p+VDY55jFp2pr
+n94/K2nFQpMxAdjxnqQCF5ewMLqzy3o3s6U3V9zIxy/xlLYi//UWFI8fqtOikqs4
+apWLNqJONRZq95OITKO/Nhz7GyEfjrewJmv4zVToEnSagSwbR4IVFn5Lok8rSpI9
+qwey9wsB1CguVwR0O2NjDVKUGXinfhdr+zMQlCoz+xY/Q1TkH4gEY5wpln4cBvtm
+PL/BnD4wEWHh8vS61wfOQ7wPgY+cdCe75stTrKzc6amVJB+40Qi3Vt4TEPGwcP16
+/qGl0zpYuAgilPtuEBw3GX3LiigpHmSt43D3DiYNGzv+Aran2Ei9iGSGeI2zHz8r
+WFZEnptAwlqeyL7+MZjAOXlu6QG1yix8HvZLmtBHrE2MhuR4KbS3fAUCNQpn8OKu
+zxYzs1ti5F2V4c9yK63gSz3H1ObRNsM2OkpUbSVGqLUN6a8HsI6yYh4we6q0gxKD
+VGdzEz4S1BFEBfXWVSPnRNMR4YD8kiQEPutUZFLiWWZ7WliH5yNfHZUia8dovxFa
+MWmAbSjMKRGvV+LvAGQHYBVfJSQO6VvBfBDtu0H4rLr8urmcPY+hbw1XxGfKSQp1
+iIdvVwjefl8wM9LSRsvqY5l4mu+XDPanQlFbzKBOSyLQts97ys3AR+jkK8Bmv14l
+xmCF8bJzzz5a2wAqbPhWIbk4J4VfcJEXNMzd19w4SxGv9fUXNiZZElUdNE+wtRsQ
+YvACYn9sZ6JUwg9hNTLXuXZY47LuQrrdTDHupoVA9zLvUYMKgO+pjwS8uy1dLQao
+0aztHLZEXuVJvpiRoMtYZl37ZNoLHQJeZUNyNATshAoD1+uSc7aywl8yqdTzXRR2
+g0rkExXEVJ5OPyzbFdOQSC5HoOC7dInIBmkrSFEJMKDkMzwYI+uSoIbn+8i+Gjzy
+Vh3/lftts/BIvr4NAh1ZAq/215jZSdAGo+1VZeuBeybwh3RBdBl8PhDBviTvbxSk
+P+F1T+UcbAz9bgjQJgNvDb9XHNI8rfEhfDPX/Pr4VvxBZNndmRJVQDKi23YD/7yF
+WAwXy418M7DPqp7NYmUHFe7JRm9bHk41EeknLZaZGW5qHwQKA10RoJCgjoOIFTsd
+kD3Qq/0mEuOiuJn5UPE19xtUpvFWamDf3s3zSHM7VJ+gGNrS/WbQ+KmTimj0Wucd
+2vWiNCGbhWwmp3LLKQlB5xDwXJy099SZUUkgcxGmfcT7FOpd3QSLYnwtPz8uLW0N
+76zbiUTYCQ/ASLrwcKFGCKKBz62DlRreK23E/RjqkKKCVFzzg8AzQTa02ml+wQyG
+5EOwEF2yIrhV0p4hY/GDAIe3cdchiy1EQf6xH/IxPF/QsKNp0CfHVPgdFwLzjM2
+oFD3analGblxp9CMiDbiKTOdFPL8XcguufqpWra2jtUbe07HQaeU2NcM2TeB2KsU
+PhgBwgdNxW69K55iHReaZtuLw0GhD+KBrm7gSteVniiYLzLKzxmMycGGtoNwpbGi
+MMJBE+BYZylG
 -----END ENCRYPTED PRIVATE KEY-----
--- a/certs/server-keyPkcs8Enc2.pem
+++ b/certs/server-keyPkcs8Enc2.pem
@ -1,11 +1,30 @@
 -----BEGIN ENCRYPTED PRIVATE KEY-----
-MIIBpjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIBI6Zodac3rQCAggA
-MBQGCCqGSIb3DQMHBAjJZP0y7jYpRwSCAWDKV70/DSueiztJHeMKow93Fd/KXDpU
-PGTtlz+lfmOUcGTTt5PwSI2rjHX+QeFTCeb2j9bekcWcaW2iIO8FDRJm1djdKVh0
-mO2kAxM0W2s+GoR7T6ByQSrqKp2NL6Ug/B6od2xZ6/0tvcB4Ig+10ljL3/pT3T9M
-EYCQ5gjaGhPlJIZhFIwmh6x+Pz+d2bkmXObasKEhwRMhJU9GYhKhWB2fOfl8zWlb
-tIDcWBf2rCZUfk3LFx/FrV0NOIY5Jmpm/xQt2gdBIos9LNV16HQOqHkhPBhGXP9D
-WZGTrpxgClpZhCUJ+LvqZbAp1dXbfrrElrux0y2zmSGxWP9z8cmfC1SHgBIxcD36
-CymYSD0s1hPMH4sFoCM6uyEFfK5KwRpYc3IKfEzvkk9+ZTBYpryzJNDqR1Xpfklp
-19m2qz9aJjkIgV4afydQWHYEKVm5IS/PcRVl0ZWkgxJXNHRmLd7HWysS
+MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIxaI9IblN3acCAggA
+MBQGCCqGSIb3DQMHBAi7kwdRvCrqMgSCBMjkSOSVfmu42O0q2GzFrJVr3cam9ZKe
+InQsxqtgADdBxMgJJVnr360tUNPQyyvfCH//Duhz+aJIC0MQZkWR3ZSy5pfHX+vr
+C3wd741VOlI44uEdzRktlPc11saMDyKS04/K9aaYIDqspOiobt9WZLQildXl1n8j
+N+7Laj7A/vxJ5GUJ4hdPwQOIeuJXTDDzn+Ld12XXGH+Iw1M5Cx3tBw1TNizSnmXQ
+vf/MsfsWsZbHBppCXZbF27jJA+6Bg7dGT0OZM0pI+ZQvyHr+qjog0hollY9KjwTG
+h+hsM7umWFJdeRMrmkTrX/R9HY/c5I4ExNSp1AtMmFeeU8h2VTJtYcoykUU1q2pF
+KHfjPghwmYromQGR4nPA9sqa9s+VMq9OaqoJDoBwNobdFr7sEtMLT08vTa0+rMX7
+bmjAF44/dVBYpBxXjTQ0pXVeb24Q00Sn6NOI4fTsBnkR+WTtuwz/L0qaGnJlh10y
+sQ3+95cUtZc3SZS67yYUx5auswqT3V4JCmhJcHNi+/jHyrj9D8nVWibQ2TBmgUf+
+0NzvdKb7sraEx7PSgFWDMLoQrd2+cqsJArpY9TbLSLhBDrOVc8v/lXYuK6QI0gMd
+HIwAZARUZMoI3WS6icTLYyLdQPMsFzI6U0arkbrdhjNNd3kVqeFEJ+oF0rkuAcJJ
+K8eUcsby1AIBS/9tuW1gSYubmuXsZX8xbYbJnHUqGOTAVa7jo8eVUTiyUfPXa+0N
+s1tTpZXtOOlqncZ08mPHppshdKF2cpuh0JNjiR6fHvXytGWFGMsKtxdwKs/14UCg
+qoTW0EQU4ONfBxR2PtX8PlNV4bOt704HP8Vc0H9JV2uWpJaLRzY2bBiPgKcrO9Eh
+83zFrPu/0obBQTxnP3mMihxvCndflHQqeJ0V1YYw9n4+XbgBqULXDQs7OetRohnY
+gYyc//NdC2I8mbdabFYvUTWSH6oMA6lqkwTjTTwtn5E8BJkRi1sIq4jNFUekpm2T
+5AwP7xWn//PM+B12CPoIgYtYT6Yhbf8arXuGU28y1Ahhi/hKcpR9HRPQeyaR62vi
+skjjycfn38wcj0WrIVnOceGgPa3EBrkkTaPUHvMQ5G/xzMZ82o3CnmwdnH+lp3eg
+TLcLm8Yp9InkMJNVOrGLxFvmTljl3h9x2JVuE0wtuWt91QVmfCZo0k3Cx46ad7xB
+eK20veTy+PySy2U3W1twGfsXXXRwaQiXXRrgPciK0LcGXZneShZuebk04U31sq4F
+rYaMAzIDDmvwbjh+UpNcl1VdBDGGePxzzOD3HHYPbm240HVMPuS85P2kFjak3PdJ
+GqsRUS1SRp1e451aFGjzggPLXFjAfDMaxrgjSWapRzu78i+xvcvf69979oX0KO9Y
+KMSC14RnmnT1+UdKxX+p9r1AwfH/vJxM34AOSva1uLiSJckRGYGOzuaYsTT9ZAx/
+q3CNALF4qFUMWmJnvQDYmCUnw6lJl3CazbtV5RI2ILQX6ZHR6YAHT5hYY43k+AnZ
+mFW6BGKoX/f4iVqYtjQWiGWAJAf6C9+548O2t9MiVcgQf4Nvj6lFLM00pzFn7jW4
+DsDFUBmmrSF8wfR7SRpOc/ViVZBRleYPLsMu0tmD29fowqqBY0MEkxqSahFAGTgk
+sao=
 -----END ENCRYPTED PRIVATE KEY-----
--- a/certs/taoCert.txt
+++ b/certs/taoCert.txt
@ -75,12 +75,28 @@ openssl pkcs8 -topk8 -in server-key.pem -out server-keyPkcs8Enc.pem

 passwd: yassl123

+to use PKCS#5 v2 instead of v1.5 which is default add
+
+-v2 des3       # file Pkcs8Enc2
+
+to use PKCS#12 instead use -v1 witch a 12 algo like
+
+-v1 PBE-SHA1-RC4-128   # file Pkcs8Enc12 , see man pkcs8 for more info
+

 **** To convert from pkcs8 to traditional ****

 openssl pkcs8 -nocrypt -in server-keyPkcs8.pem -out server-key.pem


+*** DH paramters ***
+
+openssl dhparam 2048 > dh2048.param
+
+to add metadata
+
+openssl dhparam -in dh2048.param -text > dh2048.pem
+
 **** ECC ******

 1) make a key
@ -91,3 +107,51 @@ openssl pkcs8 -nocrypt -in server-keyPkcs8.pem -out server-key.pem
    make a new key
        openssl ecparam -genkey -text -name secp256r1 -out ecc-key.pem

+
+*** CRL ***
+
+1) create a crl
+
+a) openssl ca -gencrl -crldays 120 -out crl.pem -keyfile ./ca-key.pem -cert ./ca-cert.pem
+
+Error No ./CA root/index.txt so:
+
+b) touch ./CA root/index.txt
+
+a) again
+
+Error No ./CA root/crlnumber so:
+
+c) touch ./CA root/crlnumber
+
+a) again
+
+Error unable to load CRL number
+
+d) add '01' to crlnumber file
+
+a) again
+
+2)  view crl file
+
+openssl crl -in crl.pem -text
+
+3) revoke
+
+openssl ca -revoke server-cert.pem -keyfile ./ca-key.pem -cert ./ca-cert.pem
+
+Then regenerate crl with a)
+
+4) verify
+
+openssl verify -CAfile ./ca-cert.pem  ./server-cert.pem
+
+OK
+
+Make file with both ca and crl
+
+cat ca-cert.pem crl.pem > ca-crl.pem
+
+openssl verify -CAfile ./ca-crl.pem -crl_check ./ca-cert.pem
+
+revoked
--- a/commit-tests.sh
+++ b/commit-tests.sh
@ -0,0 +1,34 @@
+#!/bin/bash
+
+#commit-tests.sh
+
+
+# make sure current config is ok
+echo -e "\n\nTesting current config...\n\n"
+make clean; make -j 8 test;
+RESULT=$?
+[ $RESULT -ne 0 ] && echo -e "\n\nCurrent config make test failed" && exit 1
+
+
+# make sure basic config is ok
+echo -e "\n\nTesting basic config too...\n\n"
+./configure;
+RESULT=$?
+[ $RESULT -ne 0 ] && echo -e "\n\nBasic config ./configure failed" && exit 1
+
+make clean; make -j 8 test;
+RESULT=$?
+[ $RESULT -ne 0 ] && echo -e "\n\nBasic config make test failed" && exit 1
+
+
+# make sure full config is ok
+echo -e "\n\nTesting full config as well...\n\n"
+./configure --enable-opensslExtra --enable-fastmath --enable-dtls --enable-aesgcm --enable-hc128 --enable-sniffer --enable-psk --enable-rabbit;
+RESULT=$?
+[ $RESULT -ne 0 ] && echo -e "\n\nFull config ./configure failed" && exit 1
+
+make clean; make -j 8 test;
+RESULT=$?
+[ $RESULT -ne 0 ] && echo -e "\n\nFull config make test failed" && exit 1
+
+exit 0
--- a/configure.ac
+++ b/configure.ac
@ -1,31 +1,32 @@
 # configure.ac
 #
-# Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+# Copyright (C) 2006-2012 Sawtooth Consulting Ltd.
 #
 # This file is part of CyaSSL.
 #
 #

-AC_INIT([cyassl],[2.0.0rc3],[http://www.yassl.com])
+AC_INIT([cyassl],[2.4.2],[http://www.yassl.com])

-AC_CONFIG_AUX_DIR(config)
+AC_CONFIG_AUX_DIR([build-aux])
+AC_CONFIG_MACRO_DIR([m4])

 AC_CANONICAL_TARGET
+AC_USE_SYSTEM_EXTENSIONS

-AM_INIT_AUTOMAKE(-Wall -Werror -Wno-portability foreign tar-ustar subdir-objects)
+AM_INIT_AUTOMAKE([-Wall -Werror -Wno-portability foreign tar-ustar subdir-objects])

 AC_CANONICAL_HOST
 AC_CANONICAL_BUILD

 AC_PREREQ([2.61])

-AC_CONFIG_MACRO_DIR(m4)

 AC_CONFIG_HEADERS([config.h:config.in])dnl Keep filename to 8.3 for MS-DOS.


 #shared library versioning
-CYASSL_LIBRARY_VERSION=3:0:0
+CYASSL_LIBRARY_VERSION=3:3:0
 #                      | | |
 #               +------+ | +---+
 #               |        |     |
@ -39,16 +40,23 @@ CYASSL_LIBRARY_VERSION=3:0:0
 #               +- increment if interfaces have been added, removed or changed
 AC_SUBST(CYASSL_LIBRARY_VERSION)

-# Make sure configure doesn't add to CFLAGS
-CFLAGS="$CFLAGS $C_EXTRA_FLAGS"
+# capture user C_EXTRA_FLAGS from ./configure line, CFLAGS may hold -g -O2 even
+# if user doesn't override, no way to tell
+USER_C_EXTRA_FLAGS="$C_EXTRA_FLAGS"

 LT_INIT([win32-dll])
 LT_LANG([C++])
 LT_LANG([C])
 gl_VISIBILITY
+AS_IF([ test -n "$CFLAG_VISIBILITY" ], [
+       AM_CPPFLAGS="$AM_CPPFLAGS $CFLAG_VISIBILITY"
+       CPPFLAGS="$CPPFLAGS $CFLAG_VISIBILITY"
+       ])

 m4_ifdef([AM_SILENT_RULES],[AM_SILENT_RULES([yes])])

+AX_CXX_COMPILER_VERSION
+
 AC_CHECK_FUNCS([gethostbyname])
 AC_CHECK_FUNCS([gettimeofday])
 AC_CHECK_FUNCS([inet_ntoa])
@ -63,16 +71,15 @@ AC_CHECK_HEADERS([stddef.h])
 AC_CHECK_HEADERS([sys/ioctl.h])
 AC_CHECK_HEADERS([sys/socket.h])
 AC_CHECK_HEADERS([sys/time.h])
-AC_CHECK_HEADERS(errno.h)
+AC_CHECK_HEADERS([errno.h])
 AC_CHECK_LIB(network,socket)
 AC_CHECK_SIZEOF(long long, 8)
 AC_CHECK_SIZEOF(long, 4)
 AC_C_BIGENDIAN
 AC_DISABLE_STATIC
-AC_DISABLE_STATIC
-AC_FUNC_MALLOC
-AC_FUNC_MKTIME
-AC_FUNC_REALLOC
+# mktime check takes forever on some systems, if time supported it would be
+# highly unusual for mktime to be missing
+#AC_FUNC_MKTIME 

 AC_PROG_CC
 AC_PROG_CC_C_O
@ -92,19 +99,10 @@ DEBUG_CFLAGS="-g -DDEBUG -DDEBUG_CYASSL"


 # DEBUG
-AC_ARG_ENABLE(debug,
-    [  --enable-debug          Enable CyaSSL debugging support (default: disabled)],
-    [ ENABLED_DEBUG=$enableval ],
-    [ ENABLED_DEBUG=no ]
-    )
-if test "$ENABLED_DEBUG" = "yes"
-then
-  # Full debug. Very slow in some cases
-  AM_CFLAGS="$DEBUG_CFLAGS $AM_CFLAGS"
-else
-  # Optimized version. No debug
-  AM_CFLAGS="$AM_CFLAGS -DNDEBUG"
-fi
+AX_DEBUG
+AS_IF([test "$ax_enable_debug" = "yes"],
+      [AM_CFLAGS="$DEBUG_CFLAGS $AM_CFLAGS"],
+      [AM_CFLAGS="$AM_CFLAGS -DNDEBUG"])


 # SMALL BUILD
@ -127,12 +125,18 @@ fi
 AC_ARG_ENABLE(singleThreaded,
    [  --enable-singleThreaded Enable CyaSSL single threaded (default: disabled)],
    [ ENABLED_SINGLETHREADED=$enableval ],
-    [ ENABLED_SINGLETHREADED=no ]
-    )
-if test "$ENABLED_SINGLETHREADED" = "yes"
-then
-  AM_CFLAGS="-DSINGLE_THREADED $AM_CFLAGS"
-fi
+    [ ENABLED_SINGLETHREADED=no ])
+
+AS_IF([ test "x$ENABLED_SINGLETHREADED" = "xno" ],[
+       AX_PTHREAD([
+                   AC_DEFINE([HAVE_PTHREAD], [1], [Define if you have POSIX threads libraries and header files.])
+                   AM_CFLAGS="-D_POSIX_THREADS $AM_CFLAGS"
+                   ],[
+                      ENABLED_SINGLETHREADED=yes
+                      ])
+       ])
+
+AS_IF([ test "x$ENABLED_SINGLETHREADED" = "xyes" ],[ AM_CFLAGS="-DSINGLE_THREADED $AM_CFLAGS" ])


 # DTLS
@ -177,6 +181,19 @@ then
 fi


+# Fortress build 
+AC_ARG_ENABLE(fortress,
+    [  --enable-fortress       Enable SSL fortress build (default: disabled)],
+    [ ENABLED_FORTRESS=$enableval ],
+    [ ENABLED_FORTRESS=no ]
+    )
+
+if test "$ENABLED_FORTRESS" = "yes"
+then
+    AM_CFLAGS="$AM_CFLAGS -DFORTRESS -DOPENSSL_EXTRA -DCYASSL_DES_ECB -DCYASSL_AES_COUNTER -DCYASSL_AES_DIRECT -DCYASSL_DER_LOAD -DCYASSL_SHA512 -DCYASSL_SHA384 -DCYASSL_KEY_GEN"
+fi
+
+
 # ssl bump build 
 AC_ARG_ENABLE(bump,
    [  --enable-bump           Enable SSL Bump build (default: disabled)],
@ -186,9 +203,27 @@ AC_ARG_ENABLE(bump,

 if test "$ENABLED_BUMP" = "yes"
 then
-    AM_CFLAGS="$AM_CFLAGS -DSESSION_CERTS -DLARGE_STATIC_BUFFERS -DCYASSL_CERT_GEN -DCYASSL_KEY_GEN -DHUGE_SESSION_CACHE -DOPENSSL_EXTRA -DFP_MAX_BITS=8192"
+    AM_CFLAGS="$AM_CFLAGS -DLARGE_STATIC_BUFFERS -DCYASSL_CERT_GEN -DCYASSL_KEY_GEN -DHUGE_SESSION_CACHE -DOPENSSL_EXTRA -DFP_MAX_BITS=8192 -DCYASSL_DER_LOAD -DCYASSL_ALT_NAMES -DCYASSL_TEST_CERT"
 fi

+ENABLED_SLOWMATH="yes"
+
+# lean psk build 
+AC_ARG_ENABLE(leanpsk,
+    [  --enable-leanpsk        Enable Lean PSK build (default: disabled)],
+    [ ENABLED_LEANPSK=$enableval ],
+    [ ENABLED_LEANPSK=no ]
+    )
+
+if test "$ENABLED_LEANPSK" = "yes"
+then
+    AM_CFLAGS="$AM_CFLAGS -DCYASSL_LEANPSK -DHAVE_NULL_CIPHER -DNO_AES -DNO_FILESYSTEM -DNO_RSA -DNO_DSA -DNO_DH -DNO_CERTS -DNO_PWDBASED -DNO_DES3 -DNO_MD4 -DNO_ERROR_STRINGS"
+    ENABLED_SLOWMATH="no"
+fi
+
+AM_CONDITIONAL([BUILD_LEANPSK], [test "x$ENABLED_LEANPSK" = "xyes"])
+
+
 # fastmath
 AC_ARG_ENABLE(fastmath,
    [  --enable-fastmath       Enable fast math for BigInts (default: disabled)],
@ -199,6 +234,7 @@ AC_ARG_ENABLE(fastmath,
 if test "x$ENABLED_FASTMATH" = "xyes"
 then
    AM_CFLAGS="$AM_CFLAGS -DUSE_FAST_MATH"
+    ENABLED_SLOWMATH="no"
 fi


@ -218,10 +254,11 @@ if test "$ENABLED_FASTHUGEMATH" = "yes"
 then
    ENABLED_FASTMATH="yes"
    AM_CFLAGS="$AM_CFLAGS -DUSE_FAST_MATH"
+    ENABLED_SLOWMATH="no"
 fi

 AM_CONDITIONAL([BUILD_FASTMATH], [test "x$ENABLED_FASTMATH" = "xyes"])
-
+AM_CONDITIONAL([BUILD_SLOWMATH], [test "x$ENABLED_SLOWMATH" = "xyes"])

 # big cache
 AC_ARG_ENABLE(bigcache,
@ -263,18 +300,49 @@ fi


 # SNIFFER
-AC_ARG_ENABLE(sniffer,
-    [  --enable-sniffer        Enable CyaSSL sniffer support (default: disabled)],
-    [ ENABLED_SNIFFER=$enableval ],
-    [ ENABLED_SNIFFER=no ]
+AC_ARG_ENABLE([sniffer],
+              [AS_HELP_STRING([--enable-sniffer],[ Enable CyaSSL sniffer support (default: disabled) ])],[
+               AS_IF([ test "x$enableval" = "xyes" ],[ AC_CHECK_HEADERS([pcap/pcap.h],[ 
+                      ENABLED_SNIFFER=yes 
+                      AM_CFLAGS="$AM_CFLAGS -DCYASSL_SNIFFER -DOPENSSL_EXTRA"
+                      ],[ ENABLED_SNIFFER=no ]) ])
+               ],[
+                  ENABLED_SNIFFER=no
+                  ])
+
+AM_CONDITIONAL([BUILD_SNIFFER], [ test "x$ENABLED_SNIFFER" = "xyes" ])
+
+# AES-GCM
+AC_ARG_ENABLE(aesgcm,
+    [  --enable-aesgcm         Enable CyaSSL AES-GCM support (default: disabled)],
+    [ ENABLED_AESGCM=$enableval ],
+    [ ENABLED_AESGCM=no ]
    )

-if test "$ENABLED_SNIFFER" = "yes"
+if test "$ENABLED_AESGCM" = "word32"
 then
-    AM_CFLAGS="$AM_CFLAGS -DCYASSL_SNIFFER -DOPENSSL_EXTRA"
+    AM_CFLAGS="$AM_CFLAGS -DGCM_WORD32"
+    ENABLED_AESGCM=yes
 fi

-AM_CONDITIONAL([BUILD_SNIFFER], [test "x$ENABLED_SNIFFER" = "xyes"])
+if test "$ENABLED_AESGCM" = "small"
+then
+    AM_CFLAGS="$AM_CFLAGS -DGCM_SMALL"
+    ENABLED_AESGCM=yes
+fi
+
+if test "$ENABLED_AESGCM" = "table"
+then
+    AM_CFLAGS="$AM_CFLAGS -DGCM_TABLE"
+    ENABLED_AESGCM=yes
+fi
+
+if test "$ENABLED_AESGCM" = "yes"
+then
+    AM_CFLAGS="$AM_CFLAGS -DHAVE_AESGCM -DCYASSL_SHA384 -DCYASSL_SHA512"
+fi
+
+AM_CONDITIONAL([BUILD_AESGCM], [test "x$ENABLED_AESGCM" = "xyes"])

 # AES-NI
 AC_ARG_ENABLE(aesni,
@ -296,6 +364,26 @@ fi
 AM_CONDITIONAL([BUILD_AESNI], [test "x$ENABLED_AESNI" = "xyes"])


+# MD2
+AC_ARG_ENABLE(md2,
+    [  --enable-md2            Enable CyaSSL MD2 support (default: disabled)],
+    [ ENABLED_MD2=$enableval ],
+    [ ENABLED_MD2=no ]
+    )
+
+if test "$ENABLED_BUMP" = "yes"
+then
+    ENABLED_MD2="yes"
+fi
+
+if test "$ENABLED_MD2" = "yes"
+then
+    AM_CFLAGS="$AM_CFLAGS -DCYASSL_MD2"
+fi
+
+AM_CONDITIONAL([BUILD_MD2], [test "x$ENABLED_MD2" = "xyes"])
+
+
 # RIPEMD
 AC_ARG_ENABLE(ripemd,
    [  --enable-ripemd         Enable CyaSSL RIPEMD-160 support (default: disabled)],
@ -313,7 +401,7 @@ AM_CONDITIONAL([BUILD_RIPEMD], [test "x$ENABLED_RIPEMD" = "xyes"])

 # SHA512
 AC_ARG_ENABLE(sha512,
-    [  --enable-sha512         Enable CyaSSL SHA-160 support (default: disabled)],
+    [  --enable-sha512         Enable CyaSSL SHA-512 support (default: disabled)],
    [ ENABLED_SHA512=$enableval ],
    [ ENABLED_SHA512=no ]
    )
@ -323,6 +411,17 @@ then
    AM_CFLAGS="$AM_CFLAGS -DCYASSL_SHA512"
 fi

+if test "$ENABLED_FORTRESS" = "yes"
+then
+    ENABLED_SHA512="yes"
+fi
+
+if test "$ENABLED_AESGCM" = "yes"
+then
+    ENABLED_SHA512="yes"
+fi
+
+
 AM_CONDITIONAL([BUILD_SHA512], [test "x$ENABLED_SHA512" = "xyes"])


@ -382,6 +481,23 @@ fi
 AM_CONDITIONAL([BUILD_HC128], [test "x$ENABLED_HC128" = "xyes"])


+# RABBIT
+AC_ARG_ENABLE(rabbit,
+    [  --enable-rabbit         Enable RABBIT (default: disabled)],
+    [ ENABLED_RABBIT=$enableval ],
+    [ ENABLED_RABBIT=no ]
+    )
+
+if test "$ENABLED_RABBIT" = "no"
+then
+    AM_CFLAGS="$AM_CFLAGS -DNO_RABBIT"
+else
+    AM_CFLAGS="$AM_CFLAGS -DHAVE_RABBIT"
+fi
+
+AM_CONDITIONAL([BUILD_RABBIT], [test "x$ENABLED_RABBIT" = "xyes"])
+
+
 # PSK 
 AC_ARG_ENABLE(psk,
    [  --enable-psk            Enable PSK (default: disabled)],
@ -389,7 +505,7 @@ AC_ARG_ENABLE(psk,
    [ ENABLED_PSK=no ]
    )

-if test "$ENABLED_PSK" = "no"
+if test "$ENABLED_PSK" = "no" && test "$ENABLED_LEANPSK" = "no"
 then
    AM_CFLAGS="$AM_CFLAGS -DNO_PSK"
 fi
@ -457,6 +573,51 @@ then
 fi


+# OCSP
+AC_ARG_ENABLE(ocsp,
+    [  --enable-ocsp           Enable OCSP (default: disabled)],
+    [ ENABLED_OCSP=$enableval ],
+    [ ENABLED_OCSP=no ],
+    )
+
+if test "$ENABLED_OCSP" = "yes"
+then
+    AM_CFLAGS="$AM_CFLAGS -DHAVE_OCSP"
+fi
+
+AM_CONDITIONAL([BUILD_OCSP], [test "x$ENABLED_OCSP" = "xyes"])
+
+
+# CRL 
+AC_ARG_ENABLE(crl,
+    [  --enable-crl            Enable CRL (default: disabled)],
+    [ ENABLED_CRL=$enableval ],
+    [ ENABLED_CRL=no ],
+    )
+
+if test "$ENABLED_CRL" = "yes"
+then
+    AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL"
+fi
+
+AM_CONDITIONAL([BUILD_CRL], [test "x$ENABLED_CRL" = "xyes"])
+
+
+# CRL Monitor
+AC_ARG_ENABLE(crl-monitor,
+    [  --enable-crl-monitor    Enable CRL Monitor (default: disabled)],
+    [ ENABLED_CRL_MONITOR=$enableval ],
+    [ ENABLED_CRL_MONITOR=no ],
+    )
+
+if test "$ENABLED_CRL_MONITOR" = "yes"
+then
+    AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL_MONITOR"
+fi
+
+AM_CONDITIONAL([BUILD_CRL_MONITOR], [test "x$ENABLED_CRL_MONITOR" = "xyes"])
+
+
 # NTRU
 ntruHome=`pwd`/NTRU_algorithm
 ntruInclude=$ntruHome/cryptolib
@ -536,7 +697,7 @@ AC_ARG_WITH(libz,
 if test "$GCC" = "yes"
 then
    AM_CFLAGS="$AM_CFLAGS -Wall -Wno-unused"
-    if test "$ENABLED_DEBUG" = "no"
+    if test "$ax_enable_debug" = "no"
    then
        if test "$ENABLED_FASTMATH" = "yes"
        then
@ -551,33 +712,8 @@ then
    fi
 fi

-AX_PTHREAD([
-            AC_DEFINE([HAVE_PTHREAD], [1], [Define if you have POSIX threads libraries and header files.])
-            ],
-            [
-             AC_DEFINE([HAVE_PTHREAD], [0], [Define if you have POSIX threads libraries and header files.])
-             ])
-
 LIB_SOCKET_NSL

-dnl Various GCC warnings that should never fire for release quality code
-GCCWARNINGS="-Wall -fno-strict-aliasing -W -Wfloat-equal -Wundef        \
-  -Wpointer-arith -Wstrict-prototypes -Wmissing-prototypes                \
-  -Wwrite-strings -Wredundant-decls -Wchar-subscripts -Wcomment           \
-  -Wformat=2 -Wwrite-strings -Wmissing-declarations -Wredundant-decls     \
-  -Wnested-externs -Wbad-function-cast -Wswitch-enum -Winit-self          \
-  -Wmissing-field-initializers -Wdeclaration-after-statement              \
-  -Wold-style-definition -Waddress -Wmissing-noreturn -Wnormalized=id     \
-  -Woverride-init -Wstrict-overflow=1 -Wextra -Warray-bounds              \
-  -Wstack-protector -Wformat -Wformat-security -Wpointer-sign -Wshadow    \
-  -Wswitch-default"
-
-AC_ARG_ENABLE(gcc-lots-o-warnings,
-AS_HELP_STRING(--enable-gcc-lots-o-warnings, Enable lots of gcc warnings (default: disabled)),
-[if test x$enableval = xyes; then
-    AM_CFLAGS="$AM_CFLAGS $GCCWARNINGS"
-fi])
-
 AC_ARG_ENABLE(gcc-hardening,
 AS_HELP_STRING(--enable-gcc-hardening, Enable compiler security checks (default: disabled)),
 [if test x$enableval = xyes; then
@ -587,24 +723,65 @@ AS_HELP_STRING(--enable-gcc-hardening, Enable compiler security checks (default:
    LDFLAGS="$LDFLAGS -pie"
 fi])

-dnl Linker hardening options
-dnl Currently these options are ELF specific - you can't use this with MacOSX
-AC_ARG_ENABLE(linker-hardening,
-AS_HELP_STRING(--enable-linker-hardening, Enable linker security fixups (default: disabled)),
-[if test x$enableval = xyes; then
-    LDFLAGS="$LDFLAGS -z relro -z now"
-fi])
+AX_HARDEN_CC_COMPILER_FLAGS
+
+# add user C_EXTRA_FLAGS back
+CFLAGS="$CFLAGS $USER_C_EXTRA_FLAGS"

 CREATE_HEX_VERSION
-AM_CFLAGS="$AM_CFLAGS $CFLAG_VISIBILITY"
-AC_SUBST(AM_CFLAGS)
-AC_SUBST(AM_LDFLAGS)
+AC_SUBST([AM_CPPFLAGS])
+AC_SUBST([AM_CFLAGS])
+AC_SUBST([AM_LDFLAGS])

 # FINAL
 AC_CONFIG_FILES([stamp-h], [echo timestamp > stamp-h])
 AC_CONFIG_FILES([Makefile])
 AC_CONFIG_FILES([cyassl/version.h])
 AC_CONFIG_FILES([support/libcyassl.pc])
+AC_CONFIG_FILES([rpm/spec])
+
+AX_CREATE_GENERIC_CONFIG
+AX_AM_JOBSERVER([yes])

 AC_OUTPUT

+echo "---"
+echo "Configuration summary for $PACKAGE_NAME version $VERSION"
+echo ""
+echo "   * Installation prefix:       $prefix"
+echo "   * System type:               $host_vendor-$host_os"
+echo "   * Host CPU:                  $host_cpu"
+echo "   * C Compiler:                $CC_VERSION"
+echo "   * C Flags:                   $CFLAGS"
+echo "   * C++ Compiler:              $CXX_VERSION"
+echo "   * C++ Flags:                 $CXXFLAGS"
+echo "   * CPP Flags:                 $CPPFLAGS"
+echo "   * LIB Flags:                 $LIB"
+echo "   * Debug enabled:             $ax_enable_debug"
+echo "   * Warnings as failure:       $ac_cv_warnings_as_errors"
+echo "   * make -j:                   $enable_jobserver"
+echo "   * VCS checkout:              $ac_cv_vcs_checkout"
+echo 
+echo "   Features "
+echo "   * Enable smallest build:     $ENABLED_SMALL"
+echo "   * Single threaded:           $ENABLED_SINGLETHREADED"
+echo "   * DTLS:                      $ENABLED_DTLS"
+echo "   * Enable extra OpenSSL API:  $ENABLED_OPENSSLEXTRA"
+echo "   * fastmath:                  $ENABLED_FASTMATH"
+echo "   * sniffer:                   $ENABLED_SNIFFER"
+echo "   * AES-NI:                    $ENABLED_AESNI"
+echo "   * AES-GCM:                   $ENABLED_AESGCM"
+echo "   * RIPEMD:                    $ENABLED_RIPEMD"
+echo "   * SHA-512:                   $ENABLED_SHA512"
+echo "   * keygen:                    $ENABLED_KEYGEN"
+echo "   * certgen:                   $ENABLED_CERTGEN"
+echo "   * HC-128:                    $ENABLED_HC128"
+echo "   * RABBIT:                    $ENABLED_RABBIT"
+echo "   * PSK:                       $ENABLED_PSK"
+echo "   * LEANPSK:                   $ENABLED_LEANPSK"
+echo "   * ECC:                       $ENABLED_ECC"
+echo "   * OCSP:                      $ENABLED_OCSP"
+echo "   * CRL:                       $ENABLED_CRL"
+echo "   * NTRU:                      $ENABLED_NTRU"
+echo ""
+echo "---"
--- a/ctaocrypt/benchmark/benchmark.c
+++ b/ctaocrypt/benchmark/benchmark.c
@ -1,6 +1,6 @@
 /* benchmark.c
 *
- * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ * Copyright (C) 2006-2012 Sawtooth Consulting Ltd.
 *
 * This file is part of CyaSSL.
 *
@ -40,6 +40,7 @@
 #include <cyassl/ctaocrypt/rsa.h>
 #include <cyassl/ctaocrypt/asn.h>
 #include <cyassl/ctaocrypt/ripemd.h>
+#include <cyassl/ctaocrypt/ecc.h>

 #include <cyassl/ctaocrypt/dh.h>

@ -48,31 +49,41 @@
    #pragma warning(disable: 4996)
 #endif

-void bench_des();
-void bench_arc4();
-void bench_hc128();
-void bench_rabbit();
+void bench_des(void);
+void bench_arc4(void);
+void bench_hc128(void);
+void bench_rabbit(void);
 void bench_aes(int);
+void bench_aesgcm(void);

-void bench_md5();
-void bench_sha();
-void bench_sha256();
-void bench_sha512();
-void bench_ripemd();
+void bench_md5(void);
+void bench_sha(void);
+void bench_sha256(void);
+void bench_sha512(void);
+void bench_ripemd(void);

-void bench_rsa();
-void bench_rsaKeyGen();
-void bench_dh();
+void bench_rsa(void);
+void bench_rsaKeyGen(void);
+void bench_dh(void);
+#ifdef HAVE_ECC
+void bench_eccKeyGen(void);
+void bench_eccKeyAgree(void);
+#endif

-double current_time();
+double current_time(void);



 int main(int argc, char** argv)
 {
+  (void)argc;
+  (void)argv;
 #ifndef NO_AES
    bench_aes(0);
    bench_aes(1);
+#endif
+#ifdef HAVE_AESGCM
+    bench_aesgcm();
 #endif
    bench_arc4();
 #ifdef HAVE_HC128
@ -100,17 +111,24 @@ int main(int argc, char** argv)
 #endif

    printf("\n");
-    
+
+#ifndef NO_RSA
    bench_rsa();
+#endif

 #ifndef NO_DH
    bench_dh();
 #endif

-#ifdef CYASSL_KEY_GEN
+#if defined(CYASSL_KEY_GEN) && !defined(NO_RSA)
    bench_rsaKeyGen();
 #endif

+#ifdef HAVE_ECC 
+    bench_eccKeyGen();
+    bench_eccKeyAgree();
+#endif
+
    return 0;
 }

@ -161,8 +179,36 @@ void bench_aes(int show)
 #endif


+byte additional[13];
+byte tag[16];
+
+
+#ifdef HAVE_AESGCM
+void bench_aesgcm(void)
+{
+    Aes    enc;
+    double start, total, persec;
+    int    i;
+
+    AesGcmSetKey(&enc, key, 16, iv);
+    AesGcmSetExpIV(&enc, iv+4);
+    start = current_time();
+
+    for(i = 0; i < megs; i++)
+        AesGcmEncrypt(&enc, cipher, plain, sizeof(plain),
+                        tag, 16, additional, 13);
+
+    total = current_time() - start;
+
+    persec = 1 / total * megs;
+    printf("AES-GCM  %d megs took %5.3f seconds, %6.2f MB/s\n", megs, total,
+                                                                    persec);
+}
+#endif
+
+
 #ifndef NO_DES3
-void bench_des()
+void bench_des(void)
 {
    Des3   enc;
    double start, total, persec;
@ -184,7 +230,7 @@ void bench_des()
 #endif


-void bench_arc4()
+void bench_arc4(void)
 {
    Arc4   enc;
    double start, total, persec;
@ -205,7 +251,7 @@ void bench_arc4()


 #ifdef HAVE_HC128
-void bench_hc128()
+void bench_hc128(void)
 {
    HC128  enc;
    double start, total, persec;
@ -227,7 +273,7 @@ void bench_hc128()


 #ifndef NO_RABBIT
-void bench_rabbit()
+void bench_rabbit(void)
 {
    Rabbit  enc;
    double start, total, persec;
@ -248,7 +294,7 @@ void bench_rabbit()
 #endif /* NO_RABBIT */


-void bench_md5()
+void bench_md5(void)
 {
    Md5    hash;
    byte   digest[MD5_DIGEST_SIZE];
@ -271,7 +317,7 @@ void bench_md5()
 }


-void bench_sha()
+void bench_sha(void)
 {
    Sha    hash;
    byte   digest[SHA_DIGEST_SIZE];
@ -295,7 +341,7 @@ void bench_sha()


 #ifndef NO_SHA256
-void bench_sha256()
+void bench_sha256(void)
 {
    Sha256 hash;
    byte   digest[SHA256_DIGEST_SIZE];
@ -319,7 +365,7 @@ void bench_sha256()
 #endif

 #ifdef CYASSL_SHA512
-void bench_sha512()
+void bench_sha512(void)
 {
    Sha512 hash;
    byte   digest[SHA512_DIGEST_SIZE];
@ -343,7 +389,7 @@ void bench_sha512()
 #endif

 #ifdef CYASSL_RIPEMD
-void bench_ripemd()
+void bench_ripemd(void)
 {
    RipeMd hash;
    byte   digest[RIPEMD_DIGEST_SIZE];
@ -367,124 +413,129 @@ void bench_ripemd()
 #endif


+#if !defined(NO_RSA) || !defined(NO_DH) \
+                                || defined(CYASSL_KEYGEN) || defined(HAVE_ECC)
 RNG rng;
+#endif

-void bench_rsa()
+#ifndef NO_RSA
+void bench_rsa(void)
 {
    int    i;
-    byte   tmp[4096];
+    byte   tmp[3072];
    size_t bytes;
    word32 idx = 0;

    byte      message[] = "Everyone gets Friday off.";
-    byte      cipher[512];  /* for up to 4096 bit */
+    byte      enc[512];  /* for up to 4096 bit */
    byte*     output;
    const int len = (int)strlen((char*)message);
    double    start, total, each, milliEach;
    
-    RsaKey key;
-    FILE*  file = fopen("./certs/rsa1024.der", "rb");
+    RsaKey rsaKey;
+    FILE*  file = fopen("./certs/rsa2048.der", "rb");

    if (!file) {
-        printf("can't find ./certs/rsa1024.der, "
+        printf("can't find ./certs/rsa2048.der, "
               "Please run from CyaSSL home dir\n");
        return;
    }

    InitRng(&rng);
    bytes = fread(tmp, 1, sizeof(tmp), file);
-    InitRsaKey(&key, 0);
-    bytes = RsaPrivateKeyDecode(tmp, &idx, &key, (word32)bytes);
+    InitRsaKey(&rsaKey, 0);
+    bytes = RsaPrivateKeyDecode(tmp, &idx, &rsaKey, (word32)bytes);
    
    start = current_time();

    for (i = 0; i < times; i++)
-        bytes = RsaPublicEncrypt(message,len,cipher,sizeof(cipher), &key, &rng);
+        bytes = RsaPublicEncrypt(message,len,enc,sizeof(enc), &rsaKey, &rng);

    total = current_time() - start;
    each  = total / times;   /* per second   */
    milliEach = each * 1000; /* milliseconds */

-    printf("RSA 1024 encryption took %6.2f milliseconds, avg over %d" 
+    printf("RSA 2048 encryption took %6.2f milliseconds, avg over %d" 
           " iterations\n", milliEach, times);

    start = current_time();

    for (i = 0; i < times; i++)
-        RsaPrivateDecryptInline(cipher, (word32)bytes, &output, &key);
+        RsaPrivateDecryptInline(enc, (word32)bytes, &output, &rsaKey);

    total = current_time() - start;
    each  = total / times;   /* per second   */
    milliEach = each * 1000; /* milliseconds */

-    printf("RSA 1024 decryption took %6.2f milliseconds, avg over %d" 
+    printf("RSA 2048 decryption took %6.2f milliseconds, avg over %d" 
           " iterations\n", milliEach, times);

    fclose(file);
-    FreeRsaKey(&key);
+    FreeRsaKey(&rsaKey);
 }
+#endif


 #ifndef NO_DH
-void bench_dh()
+void bench_dh(void)
 {
    int    i;
    byte   tmp[1024];
    size_t bytes;
    word32 idx = 0, pubSz, privSz, pubSz2, privSz2, agreeSz;

-    byte   pub[128];    /* for 1024 bit */
-    byte   priv[128];   /* for 1024 bit */
-    byte   pub2[128];   /* for 1024 bit */
-    byte   priv2[128];  /* for 1024 bit */
-    byte   agree[128];  /* for 1024 bit */
+    byte   pub[256];    /* for 2048 bit */
+    byte   priv[256];   /* for 2048 bit */
+    byte   pub2[256];   /* for 2048 bit */
+    byte   priv2[256];  /* for 2048 bit */
+    byte   agree[256];  /* for 2048 bit */
    
    double start, total, each, milliEach;
-    DhKey  key;
-    FILE*  file = fopen("./certs/dh1024.der", "rb");
+    DhKey  dhKey;
+    FILE*  file = fopen("./certs/dh2048.der", "rb");

    if (!file) {
-        printf("can't find ./certs/dh1024.der, "
+        printf("can't find ./certs/dh2048.der, "
               "Please run from CyaSSL home dir\n");
        return;
    }

-    bytes = fread(tmp, 1, 1024, file);
-    InitDhKey(&key);
-    bytes = DhKeyDecode(tmp, &idx, &key, (word32)bytes);
+    bytes = fread(tmp, 1, sizeof(tmp), file);
+    InitDhKey(&dhKey);
+    bytes = DhKeyDecode(tmp, &idx, &dhKey, (word32)bytes);

    start = current_time();

    for (i = 0; i < times; i++)
-        DhGenerateKeyPair(&key, &rng, priv, &privSz, pub, &pubSz);
+        DhGenerateKeyPair(&dhKey, &rng, priv, &privSz, pub, &pubSz);

    total = current_time() - start;
    each  = total / times;   /* per second   */
    milliEach = each * 1000; /* milliseconds */

-    printf("DH  1024 key generation  %6.2f milliseconds, avg over %d" 
+    printf("DH  2048 key generation  %6.2f milliseconds, avg over %d" 
           " iterations\n", milliEach, times);

-    DhGenerateKeyPair(&key, &rng, priv2, &privSz2, pub2, &pubSz2);
+    DhGenerateKeyPair(&dhKey, &rng, priv2, &privSz2, pub2, &pubSz2);
    start = current_time();

    for (i = 0; i < times; i++)
-        DhAgree(&key, agree, &agreeSz, priv, privSz, pub2, pubSz2);
+        DhAgree(&dhKey, agree, &agreeSz, priv, privSz, pub2, pubSz2);

    total = current_time() - start;
    each  = total / times;   /* per second   */
    milliEach = each * 1000; /* milliseconds */

-    printf("DH  1024 key agreement   %6.2f milliseconds, avg over %d" 
+    printf("DH  2048 key agreement   %6.2f milliseconds, avg over %d" 
           " iterations\n", milliEach, times);

    fclose(file);
-    FreeDhKey(&key);
+    FreeDhKey(&dhKey);
 }
 #endif

-#ifdef CYASSL_KEY_GEN
-void bench_rsaKeyGen()
+#if defined(CYASSL_KEY_GEN) && !defined(NO_RSA)
+void bench_rsaKeyGen(void)
 {
    RsaKey genKey;
    double start, total, each, milliEach;
@ -524,6 +575,82 @@ void bench_rsaKeyGen()
 }
 #endif /* CYASSL_KEY_GEN */

+#ifdef HAVE_ECC 
+void bench_eccKeyGen(void)
+{
+    ecc_key genKey;
+    double start, total, each, milliEach;
+    int    i;
+    const int genTimes = 5;
+  
+    /* 256 bit */ 
+    start = current_time();
+
+    for(i = 0; i < genTimes; i++) {
+        ecc_make_key(&rng, 32, &genKey);
+        ecc_free(&genKey);
+    }
+
+    total = current_time() - start;
+    each  = total / genTimes;  /* per second  */
+    milliEach = each * 1000;   /* millisconds */
+    printf("\n");
+    printf("ECC  256 key generation  %6.2f milliseconds, avg over %d" 
+           " iterations\n", milliEach, genTimes);
+}
+
+
+void bench_eccKeyAgree(void)
+{
+    ecc_key genKey, genKey2;
+    double start, total, each, milliEach;
+    int    i;
+    const int agreeTimes = 5;
+    byte   shared[1024];
+    byte   sig[1024];
+    byte   digest[32];
+    word32 x;
+  
+    ecc_make_key(&rng, 32, &genKey);
+    ecc_make_key(&rng, 32, &genKey2);
+
+    /* 256 bit */ 
+    start = current_time();
+
+    for(i = 0; i < agreeTimes; i++) {
+        x = sizeof(shared);
+        ecc_shared_secret(&genKey, &genKey2, shared, &x);
+    }
+
+    total = current_time() - start;
+    each  = total / agreeTimes;  /* per second  */
+    milliEach = each * 1000;   /* millisconds */
+    printf("EC-DHE   key agreement   %6.2f milliseconds, avg over %d" 
+           " iterations\n", milliEach, agreeTimes);
+
+    /* make dummy digest */
+    for (i = 0; i < (int)sizeof(digest); i++)
+        digest[i] = i;
+
+
+    start = current_time();
+
+    for(i = 0; i < agreeTimes; i++) {
+        x = sizeof(sig);
+        ecc_sign_hash(digest, sizeof(digest), sig, &x, &rng, &genKey);
+    }
+
+    total = current_time() - start;
+    each  = total / agreeTimes;  /* per second  */
+    milliEach = each * 1000;   /* millisconds */
+    printf("EC-DSA   sign time       %6.2f milliseconds, avg over %d" 
+           " iterations\n", milliEach, agreeTimes);
+
+    ecc_free(&genKey2);
+    ecc_free(&genKey);
+}
+#endif /* HAVE_ECC */
+

 #ifdef _WIN32

@ -551,7 +678,7 @@ void bench_rsaKeyGen()

    #include <sys/time.h>

-    double current_time()
+    double current_time(void)
    {
        struct timeval tv;
        gettimeofday(&tv, 0);
--- a/ctaocrypt/src/aes.c
+++ b/ctaocrypt/src/aes.c
@ -1,6 +1,6 @@
 /* aes.c
 *
- * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ * Copyright (C) 2006-2012 Sawtooth Consulting Ltd.
 *
 * This file is part of CyaSSL.
 *
@ -724,11 +724,26 @@ static const word32 Td[5][256] = {

 #ifdef CYASSL_AESNI

-#define cpuid(func,ax,bx,cx,dx)\
+#ifndef _MSC_VER
+
+    #define cpuid(func,ax,bx,cx,dx)\
        __asm__ __volatile__ ("cpuid":\
                       "=a" (ax), "=b" (bx), "=c" (cx), "=d" (dx) : "a" (func));

-static int Check_CPU_support_AES()
+#else
+
+    #define cpuid(func,ax,bx,cx,dx)\
+        __asm mov eax, func \
+        __asm cpuid \
+        __asm mov ax, eax \
+        __asm mov bx, ebx \
+        __asm mov cx, ecx \
+        __asm mov dx, edx
+
+#endif /* _MSC_VER */
+
+            
+static int Check_CPU_support_AES(void)
 {
    unsigned int a,b,c,d;
    cpuid(1,a,b,c,d);
@ -762,8 +777,8 @@ void AES_256_Key_Expansion(const unsigned char* userkey,
                           unsigned char* key_schedule);


-int AES_set_encrypt_key (const unsigned char *userKey, const int bits,
-                         Aes* aes)
+static int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
+                               Aes* aes)
 { 
    if (!userKey || !aes)
        return BAD_FUNC_ARG;
@ -784,8 +799,8 @@ int AES_set_encrypt_key (const unsigned char *userKey, const int bits,
 }


-int AES_set_decrypt_key (const unsigned char* userKey, const int bits,
-                         Aes* aes)
+static int AES_set_decrypt_key(const unsigned char* userKey, const int bits,
+                               Aes* aes)
 {
    int nr;
    Aes temp_key;
@ -832,29 +847,27 @@ int AES_set_decrypt_key (const unsigned char* userKey, const int bits,
 #endif /* CYASSL_AESNI */


-int AesSetKey(Aes* aes, const byte* userKey, word32 keylen, const byte* iv,
-               int dir)
+int AesSetIV(Aes* aes, const byte* iv)
+{
+    if (aes == NULL)
+        return BAD_FUNC_ARG;
+
+    if (iv)
+        XMEMCPY(aes->reg, iv, AES_BLOCK_SIZE);
+
+    return 0;
+}
+
+
+static int AesSetKeyLocal(Aes* aes, const byte* userKey, word32 keylen,
+            const byte* iv, int dir)
 {
    word32 temp, *rk = aes->key;
    unsigned int i = 0;

-    if (!((keylen == 16) || (keylen == 24) || (keylen == 32)))
-        return BAD_FUNC_ARG;
-
-#ifdef CYASSL_AESNI
-    if (checkAESNI == 0) {
-        haveAESNI  = Check_CPU_support_AES();
-        checkAESNI = 1;
-    }
-    if (haveAESNI) {
-        XMEMCPY(aes->reg, iv, AES_BLOCK_SIZE);
-        if (dir == AES_ENCRYPTION)
-            return AES_set_encrypt_key(userKey, keylen * 8, aes);
-        else
-            return AES_set_decrypt_key(userKey, keylen * 8, aes);
-    }
-#endif /* CYASSL_AESNI */
-
+    #ifdef CYASSL_AESNI
+        aes->use_aesni = 0;
+    #endif /* CYASSL_AESNI */
    aes->rounds = keylen/4 + 6;

    XMEMCPY(rk, userKey, keylen);
@ -975,9 +988,35 @@ int AesSetKey(Aes* aes, const byte* userKey, word32 keylen, const byte* iv,
                Td[3][Te[4][GETBYTE(rk[3], 0)] & 0xff];
        }
    }
-    XMEMCPY(aes->reg, iv, AES_BLOCK_SIZE);

-    return 0;
+    return AesSetIV(aes, iv);
+}
+
+
+int AesSetKey(Aes* aes, const byte* userKey, word32 keylen, const byte* iv,
+              int dir)
+{
+
+    if (!((keylen == 16) || (keylen == 24) || (keylen == 32)))
+        return BAD_FUNC_ARG;
+
+#ifdef CYASSL_AESNI
+    if (checkAESNI == 0) {
+        haveAESNI  = Check_CPU_support_AES();
+        checkAESNI = 1;
+    }
+    if (haveAESNI) {
+        aes->use_aesni = 1;
+        if (iv)
+            XMEMCPY(aes->reg, iv, AES_BLOCK_SIZE);
+        if (dir == AES_ENCRYPTION)
+            return AES_set_encrypt_key(userKey, keylen * 8, aes);
+        else
+            return AES_set_decrypt_key(userKey, keylen * 8, aes);
+    }
+#endif /* CYASSL_AESNI */
+
+    return AesSetKeyLocal(aes, userKey, keylen, iv, dir);
 }


@ -992,6 +1031,13 @@ static void AesEncrypt(Aes* aes, const byte* inBlock, byte* outBlock)
        CYASSL_MSG("AesEncrypt encountered improper key, set it up");
        return;  /* stop instead of segfaulting, set up your keys! */
    }
+#ifdef CYASSL_AESNI
+    if (aes->use_aesni) {
+        CYASSL_MSG("AesEncrypt encountered aesni keysetup, don't use direct");
+        return;  /* just stop now */
+    } 
+#endif
+
    /*
     * map byte array block to cipher state
     * and add initial round key:
@ -1130,6 +1176,13 @@ static void AesDecrypt(Aes* aes, const byte* inBlock, byte* outBlock)
        CYASSL_MSG("AesDecrypt encountered improper key, set it up");
        return;  /* stop instead of segfaulting, set up your keys! */
    }
+#ifdef CYASSL_AESNI
+    if (aes->use_aesni) {
+        CYASSL_MSG("AesEncrypt encountered aesni keysetup, don't use direct");
+        return;  /* just stop now */
+    } 
+#endif
+
    /*
     * map byte array block to cipher state
     * and add initial round key:
@ -1327,5 +1380,818 @@ void AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
 }


+#ifdef CYASSL_AES_DIRECT
+
+/* Allow direct access to one block encrypt */
+void AesEncryptDirect(Aes* aes, byte* out, const byte* in)
+{
+    return AesEncrypt(aes, in, out);
+}
+
+
+/* Allow direct access to one block decrypt */
+void AesDecryptDirect(Aes* aes, byte* out, const byte* in)
+{
+    return AesDecrypt(aes, in, out);
+}
+
+
+#endif /* CYASSL_AES_DIRECT */
+
+
+#if defined(CYASSL_AES_DIRECT) || defined(CYASSL_AES_COUNTER)
+
+/* AES-CTR and AES-DIRECT need to use this for key setup, no aesni yet */
+int AesSetKeyDirect(Aes* aes, const byte* userKey, word32 keylen,
+                    const byte* iv, int dir)
+{
+    return AesSetKeyLocal(aes, userKey, keylen, iv, dir);
+}
+
+#endif /* CYASSL_AES_DIRECT || CYASSL_AES_COUNTER */
+
+
+#ifdef CYASSL_AES_COUNTER
+
+/* Increment AES counter */
+static INLINE void IncrementAesCounter(byte* inOutCtr)
+{
+    int i;
+
+    /* in network byte order so start at end and work back */
+    for (i = AES_BLOCK_SIZE - 1; i >= 0; i--) {
+        if (++inOutCtr[i])  /* we're done unless we overflow */
+            return;
+    }
+}
+  
+
+void AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
+{
+    word32 blocks = sz / AES_BLOCK_SIZE;
+
+    while (blocks--) {
+        AesEncrypt(aes, (byte*)aes->reg, out);
+        IncrementAesCounter((byte*)aes->reg);
+        xorbuf(out, in, AES_BLOCK_SIZE);
+
+        out += AES_BLOCK_SIZE;
+        in  += AES_BLOCK_SIZE; 
+    }
+}
+
+#endif /* CYASSL_AES_COUNTER */
+
+
+#ifdef HAVE_AESGCM
+
+/*
+ * The IV for AES GCM, stored in struct Aes's member reg, is comprised of
+ * three parts in order:
+ *   1. The implicit IV. This is generated from the PRF using the shared
+ *      secrets between endpoints. It is 4 bytes long.
+ *   2. The explicit IV. This is set by the user of the AES. It needs to be
+ *      unique for each call to encrypt. The explicit IV is shared with the
+ *      other end of the transaction in the clear.
+ *   3. The counter. Each block of data is encrypted with its own sequence
+ *      number counter.
+ */
+
+enum {
+    IMPLICIT_IV_SZ = 4,
+    EXPLICIT_IV_SZ = 8,
+    CTR_SZ = 4
+};
+
+
+static INLINE void InitGcmCounter(byte* inOutCtr)
+{
+    inOutCtr[AES_BLOCK_SIZE - 4] = 0;
+    inOutCtr[AES_BLOCK_SIZE - 3] = 0;
+    inOutCtr[AES_BLOCK_SIZE - 2] = 0;
+    inOutCtr[AES_BLOCK_SIZE - 1] = 1;
+}
+
+
+static INLINE void IncrementGcmCounter(byte* inOutCtr)
+{
+    int i;
+
+    /* in network byte order so start at end and work back */
+    for (i = AES_BLOCK_SIZE - 1; i >= AES_BLOCK_SIZE - CTR_SZ; i--) {
+        if (++inOutCtr[i])  /* we're done unless we overflow */
+            return;
+    }
+}
+
+
+/*
+ * The explicit IV is set by the caller. A common practice is to treat it as
+ * a sequence number seeded with a random number. The caller manages
+ * incrementing the explicit IV when appropriate.
+ */
+
+void AesGcmSetExpIV(Aes* aes, const byte* iv)
+{
+    XMEMCPY((byte*)aes->reg + IMPLICIT_IV_SZ, iv, EXPLICIT_IV_SZ);
+}
+
+
+void AesGcmGetExpIV(Aes* aes, byte* iv)
+{
+    XMEMCPY(iv, (byte*)aes->reg + IMPLICIT_IV_SZ, EXPLICIT_IV_SZ);
+}
+
+
+void AesGcmIncExpIV(Aes* aes)
+{
+    int i;
+    byte* iv = (byte*)aes->reg + IMPLICIT_IV_SZ;
+
+    for (i = EXPLICIT_IV_SZ - 1; i >= 0; i--) {
+        if (++iv[i])
+            return;
+    }
+}
+
+
+#if defined(GCM_SMALL) || defined(GCM_TABLE)
+
+static INLINE void FlattenSzInBits(byte* buf, word32 sz)
+{
+    /* Multiply the sz by 8 */
+    word32 szHi = (sz >> (8*sizeof(sz) - 3));
+    sz <<= 3;
+
+    /* copy over the words of the sz into the destination buffer */
+    buf[0] = (szHi >> 24) & 0xff;
+    buf[1] = (szHi >> 16) & 0xff;
+    buf[2] = (szHi >>  8) & 0xff;
+    buf[3] = szHi & 0xff;
+    buf[4] = (sz >> 24) & 0xff;
+    buf[5] = (sz >> 16) & 0xff;
+    buf[6] = (sz >>  8) & 0xff;
+    buf[7] = sz & 0xff;
+}
+
+
+static INLINE void RIGHTSHIFTX(byte* x)
+{
+    int i;
+    int carryOut = 0;
+    int carryIn = 0;
+    int borrow = x[15] & 0x01;
+
+    for (i = 0; i < AES_BLOCK_SIZE; i++) {
+        carryOut = x[i] & 0x01;
+        x[i] = (x[i] >> 1) | (carryIn ? 0x80 : 0);
+        carryIn = carryOut;
+    }
+    if (borrow) x[0] ^= 0xE1;
+}
+
+#endif /* defined(GCM_SMALL) || defined(GCM_TABLE) */
+
+
+#ifdef GCM_TABLE
+
+static void GenerateM0(Aes* aes)
+{
+    int i, j;
+    byte (*m)[AES_BLOCK_SIZE] = aes->M0;
+
+    XMEMCPY(m[128], aes->H, AES_BLOCK_SIZE);
+
+    for (i = 64; i > 0; i /= 2) {
+        XMEMCPY(m[i], m[i*2], AES_BLOCK_SIZE);
+        RIGHTSHIFTX(m[i]);
+    }
+
+    for (i = 2; i < 256; i *= 2) {
+        for (j = 1; j < i; j++) {
+            XMEMCPY(m[i+j], m[i], AES_BLOCK_SIZE);
+            xorbuf(m[i+j], m[j], AES_BLOCK_SIZE);
+        }
+    }
+
+    XMEMSET(m[0], 0, AES_BLOCK_SIZE);
+}
+
+#endif /* GCM_TABLE */
+
+
+void AesGcmSetKey(Aes* aes, const byte* key, word32 len,
+                                                    const byte* implicitIV)
+{
+    byte fullIV[AES_BLOCK_SIZE];
+
+    if (!((len == 16) || (len == 24) || (len == 32)))
+        return;
+
+    XMEMSET(fullIV, 0, AES_BLOCK_SIZE);
+    XMEMCPY(fullIV, implicitIV, IMPLICIT_IV_SZ);
+    AesSetKeyLocal(aes, key, len, fullIV, AES_ENCRYPTION);
+
+    XMEMSET(fullIV, 0, AES_BLOCK_SIZE);
+    AesEncrypt(aes, fullIV, aes->H);
+#ifdef GCM_TABLE
+    GenerateM0(aes);
+#endif /* GCM_TABLE */
+}
+
+
+#if defined(GCM_SMALL)
+
+static void GMULT(byte* X, byte* Y)
+{
+    byte Z[AES_BLOCK_SIZE];
+    byte V[AES_BLOCK_SIZE];
+    int i, j;
+
+    XMEMSET(Z, 0, AES_BLOCK_SIZE);
+    XMEMCPY(V, X, AES_BLOCK_SIZE);
+    for (i = 0; i < AES_BLOCK_SIZE; i++)
+    {
+        byte y = Y[i];
+        for (j = 0; j < 8; j++)
+        {
+            if (y & 0x80) {
+                xorbuf(Z, V, AES_BLOCK_SIZE);
+            }
+
+            RIGHTSHIFTX(V);
+            y = y << 1;
+        }
+    }
+    XMEMCPY(X, Z, AES_BLOCK_SIZE);
+}
+
+
+static void GHASH(Aes* aes, const byte* a, word32 aSz,
+                                const byte* c, word32 cSz, byte* s, word32 sSz)
+{
+    byte x[AES_BLOCK_SIZE];
+    byte scratch[AES_BLOCK_SIZE];
+    word32 blocks, partial;
+    byte* h = aes->H;
+
+    XMEMSET(x, 0, AES_BLOCK_SIZE);
+
+    /* Hash in A, the Additional Authentication Data */
+    if (aSz != 0 && a != NULL) {
+        blocks = aSz / AES_BLOCK_SIZE;
+        partial = aSz % AES_BLOCK_SIZE;
+        while (blocks--) {
+            xorbuf(x, a, AES_BLOCK_SIZE);
+            GMULT(x, h);
+            a += AES_BLOCK_SIZE;
+        }
+        if (partial != 0) {
+            XMEMSET(scratch, 0, AES_BLOCK_SIZE);
+            XMEMCPY(scratch, a, partial);
+            xorbuf(x, scratch, AES_BLOCK_SIZE);
+            GMULT(x, h);
+        }
+    }
+
+    /* Hash in C, the Ciphertext */
+    if (cSz != 0 && c != NULL) {
+        blocks = cSz / AES_BLOCK_SIZE;
+        partial = cSz % AES_BLOCK_SIZE;
+        while (blocks--) {
+            xorbuf(x, c, AES_BLOCK_SIZE);
+            GMULT(x, h);
+            c += AES_BLOCK_SIZE;
+        }
+        if (partial != 0) {
+            XMEMSET(scratch, 0, AES_BLOCK_SIZE);
+            XMEMCPY(scratch, c, partial);
+            xorbuf(x, scratch, AES_BLOCK_SIZE);
+            GMULT(x, h);
+        }
+    }
+
+    /* Hash in the lengths of A and C in bits */
+    FlattenSzInBits(&scratch[0], aSz);
+    FlattenSzInBits(&scratch[8], cSz);
+    xorbuf(x, scratch, AES_BLOCK_SIZE);
+    GMULT(x, h);
+
+    /* Copy the result into s. */
+    XMEMCPY(s, x, sSz);
+}
+
+/* end GCM_SMALL */
+#elif defined(GCM_TABLE)
+
+static const byte R[256][2] = {
+    {0x00, 0x00}, {0x01, 0xc2}, {0x03, 0x84}, {0x02, 0x46},
+    {0x07, 0x08}, {0x06, 0xca}, {0x04, 0x8c}, {0x05, 0x4e},
+    {0x0e, 0x10}, {0x0f, 0xd2}, {0x0d, 0x94}, {0x0c, 0x56},
+    {0x09, 0x18}, {0x08, 0xda}, {0x0a, 0x9c}, {0x0b, 0x5e},
+    {0x1c, 0x20}, {0x1d, 0xe2}, {0x1f, 0xa4}, {0x1e, 0x66},
+    {0x1b, 0x28}, {0x1a, 0xea}, {0x18, 0xac}, {0x19, 0x6e},
+    {0x12, 0x30}, {0x13, 0xf2}, {0x11, 0xb4}, {0x10, 0x76},
+    {0x15, 0x38}, {0x14, 0xfa}, {0x16, 0xbc}, {0x17, 0x7e},
+    {0x38, 0x40}, {0x39, 0x82}, {0x3b, 0xc4}, {0x3a, 0x06},
+    {0x3f, 0x48}, {0x3e, 0x8a}, {0x3c, 0xcc}, {0x3d, 0x0e},
+    {0x36, 0x50}, {0x37, 0x92}, {0x35, 0xd4}, {0x34, 0x16},
+    {0x31, 0x58}, {0x30, 0x9a}, {0x32, 0xdc}, {0x33, 0x1e},
+    {0x24, 0x60}, {0x25, 0xa2}, {0x27, 0xe4}, {0x26, 0x26},
+    {0x23, 0x68}, {0x22, 0xaa}, {0x20, 0xec}, {0x21, 0x2e},
+    {0x2a, 0x70}, {0x2b, 0xb2}, {0x29, 0xf4}, {0x28, 0x36},
+    {0x2d, 0x78}, {0x2c, 0xba}, {0x2e, 0xfc}, {0x2f, 0x3e},
+    {0x70, 0x80}, {0x71, 0x42}, {0x73, 0x04}, {0x72, 0xc6},
+    {0x77, 0x88}, {0x76, 0x4a}, {0x74, 0x0c}, {0x75, 0xce},
+    {0x7e, 0x90}, {0x7f, 0x52}, {0x7d, 0x14}, {0x7c, 0xd6},
+    {0x79, 0x98}, {0x78, 0x5a}, {0x7a, 0x1c}, {0x7b, 0xde},
+    {0x6c, 0xa0}, {0x6d, 0x62}, {0x6f, 0x24}, {0x6e, 0xe6},
+    {0x6b, 0xa8}, {0x6a, 0x6a}, {0x68, 0x2c}, {0x69, 0xee},
+    {0x62, 0xb0}, {0x63, 0x72}, {0x61, 0x34}, {0x60, 0xf6},
+    {0x65, 0xb8}, {0x64, 0x7a}, {0x66, 0x3c}, {0x67, 0xfe},
+    {0x48, 0xc0}, {0x49, 0x02}, {0x4b, 0x44}, {0x4a, 0x86},
+    {0x4f, 0xc8}, {0x4e, 0x0a}, {0x4c, 0x4c}, {0x4d, 0x8e},
+    {0x46, 0xd0}, {0x47, 0x12}, {0x45, 0x54}, {0x44, 0x96},
+    {0x41, 0xd8}, {0x40, 0x1a}, {0x42, 0x5c}, {0x43, 0x9e},
+    {0x54, 0xe0}, {0x55, 0x22}, {0x57, 0x64}, {0x56, 0xa6},
+    {0x53, 0xe8}, {0x52, 0x2a}, {0x50, 0x6c}, {0x51, 0xae},
+    {0x5a, 0xf0}, {0x5b, 0x32}, {0x59, 0x74}, {0x58, 0xb6},
+    {0x5d, 0xf8}, {0x5c, 0x3a}, {0x5e, 0x7c}, {0x5f, 0xbe},
+    {0xe1, 0x00}, {0xe0, 0xc2}, {0xe2, 0x84}, {0xe3, 0x46},
+    {0xe6, 0x08}, {0xe7, 0xca}, {0xe5, 0x8c}, {0xe4, 0x4e},
+    {0xef, 0x10}, {0xee, 0xd2}, {0xec, 0x94}, {0xed, 0x56},
+    {0xe8, 0x18}, {0xe9, 0xda}, {0xeb, 0x9c}, {0xea, 0x5e},
+    {0xfd, 0x20}, {0xfc, 0xe2}, {0xfe, 0xa4}, {0xff, 0x66},
+    {0xfa, 0x28}, {0xfb, 0xea}, {0xf9, 0xac}, {0xf8, 0x6e},
+    {0xf3, 0x30}, {0xf2, 0xf2}, {0xf0, 0xb4}, {0xf1, 0x76},
+    {0xf4, 0x38}, {0xf5, 0xfa}, {0xf7, 0xbc}, {0xf6, 0x7e},
+    {0xd9, 0x40}, {0xd8, 0x82}, {0xda, 0xc4}, {0xdb, 0x06},
+    {0xde, 0x48}, {0xdf, 0x8a}, {0xdd, 0xcc}, {0xdc, 0x0e},
+    {0xd7, 0x50}, {0xd6, 0x92}, {0xd4, 0xd4}, {0xd5, 0x16},
+    {0xd0, 0x58}, {0xd1, 0x9a}, {0xd3, 0xdc}, {0xd2, 0x1e},
+    {0xc5, 0x60}, {0xc4, 0xa2}, {0xc6, 0xe4}, {0xc7, 0x26},
+    {0xc2, 0x68}, {0xc3, 0xaa}, {0xc1, 0xec}, {0xc0, 0x2e},
+    {0xcb, 0x70}, {0xca, 0xb2}, {0xc8, 0xf4}, {0xc9, 0x36},
+    {0xcc, 0x78}, {0xcd, 0xba}, {0xcf, 0xfc}, {0xce, 0x3e},
+    {0x91, 0x80}, {0x90, 0x42}, {0x92, 0x04}, {0x93, 0xc6},
+    {0x96, 0x88}, {0x97, 0x4a}, {0x95, 0x0c}, {0x94, 0xce},
+    {0x9f, 0x90}, {0x9e, 0x52}, {0x9c, 0x14}, {0x9d, 0xd6},
+    {0x98, 0x98}, {0x99, 0x5a}, {0x9b, 0x1c}, {0x9a, 0xde},
+    {0x8d, 0xa0}, {0x8c, 0x62}, {0x8e, 0x24}, {0x8f, 0xe6},
+    {0x8a, 0xa8}, {0x8b, 0x6a}, {0x89, 0x2c}, {0x88, 0xee},
+    {0x83, 0xb0}, {0x82, 0x72}, {0x80, 0x34}, {0x81, 0xf6},
+    {0x84, 0xb8}, {0x85, 0x7a}, {0x87, 0x3c}, {0x86, 0xfe},
+    {0xa9, 0xc0}, {0xa8, 0x02}, {0xaa, 0x44}, {0xab, 0x86},
+    {0xae, 0xc8}, {0xaf, 0x0a}, {0xad, 0x4c}, {0xac, 0x8e},
+    {0xa7, 0xd0}, {0xa6, 0x12}, {0xa4, 0x54}, {0xa5, 0x96},
+    {0xa0, 0xd8}, {0xa1, 0x1a}, {0xa3, 0x5c}, {0xa2, 0x9e},
+    {0xb5, 0xe0}, {0xb4, 0x22}, {0xb6, 0x64}, {0xb7, 0xa6},
+    {0xb2, 0xe8}, {0xb3, 0x2a}, {0xb1, 0x6c}, {0xb0, 0xae},
+    {0xbb, 0xf0}, {0xba, 0x32}, {0xb8, 0x74}, {0xb9, 0xb6},
+    {0xbc, 0xf8}, {0xbd, 0x3a}, {0xbf, 0x7c}, {0xbe, 0xbe} };
+
+
+static void GMULT(byte *x, byte m[256][AES_BLOCK_SIZE])
+{
+    int i, j;
+    byte Z[AES_BLOCK_SIZE];
+    byte a;
+
+    XMEMSET(Z, 0, sizeof(Z));
+
+    for (i = 15; i > 0; i--) {
+        xorbuf(Z, m[x[i]], AES_BLOCK_SIZE);
+        a = Z[15];
+
+        for (j = 15; j > 0; j--) {
+            Z[j] = Z[j-1];
+        }
+
+        Z[0] = R[a][0];
+        Z[1] ^= R[a][1];
+    }
+    xorbuf(Z, m[x[0]], AES_BLOCK_SIZE);
+
+    XMEMCPY(x, Z, AES_BLOCK_SIZE);
+}
+
+
+static void GHASH(Aes* aes, const byte* a, word32 aSz,
+                                const byte* c, word32 cSz, byte* s, word32 sSz)
+{
+    byte x[AES_BLOCK_SIZE];
+    byte scratch[AES_BLOCK_SIZE];
+    word32 blocks, partial;
+
+    XMEMSET(x, 0, AES_BLOCK_SIZE);
+
+    /* Hash in A, the Additional Authentication Data */
+    if (aSz != 0 && a != NULL) {
+        blocks = aSz / AES_BLOCK_SIZE;
+        partial = aSz % AES_BLOCK_SIZE;
+        while (blocks--) {
+            xorbuf(x, a, AES_BLOCK_SIZE);
+            GMULT(x, aes->M0);
+            a += AES_BLOCK_SIZE;
+        }
+        if (partial != 0) {
+            XMEMSET(scratch, 0, AES_BLOCK_SIZE);
+            XMEMCPY(scratch, a, partial);
+            xorbuf(x, scratch, AES_BLOCK_SIZE);
+            GMULT(x, aes->M0);
+        }
+    }
+
+    /* Hash in C, the Ciphertext */
+    if (cSz != 0 && c != NULL) {
+        blocks = cSz / AES_BLOCK_SIZE;
+        partial = cSz % AES_BLOCK_SIZE;
+        while (blocks--) {
+            xorbuf(x, c, AES_BLOCK_SIZE);
+            GMULT(x, aes->M0);
+            c += AES_BLOCK_SIZE;
+        }
+        if (partial != 0) {
+            XMEMSET(scratch, 0, AES_BLOCK_SIZE);
+            XMEMCPY(scratch, c, partial);
+            xorbuf(x, scratch, AES_BLOCK_SIZE);
+            GMULT(x, aes->M0);
+        }
+    }
+
+    /* Hash in the lengths of A and C in bits */
+    FlattenSzInBits(&scratch[0], aSz);
+    FlattenSzInBits(&scratch[8], cSz);
+    xorbuf(x, scratch, AES_BLOCK_SIZE);
+    GMULT(x, aes->M0);
+
+    /* Copy the result into s. */
+    XMEMCPY(s, x, sSz);
+}
+
+/* end GCM_TABLE */
+#elif defined(WORD64_AVAILABLE) && !defined(GCM_WORD32)
+
+static void GMULT(word64* X, word64* Y)
+{
+    word64 Z[2] = {0,0};
+    word64 V[2] = {X[0], X[1]};
+    int i, j;
+
+    for (i = 0; i < 2; i++)
+    {
+        word64 y = Y[i];
+        for (j = 0; j < 64; j++)
+        {
+            if (y & 0x8000000000000000) {
+                Z[0] ^= V[0];
+                Z[1] ^= V[1];
+            }
+
+            if (V[1] & 0x0000000000000001) {
+                V[1] >>= 1;
+                V[1] |= ((V[0] & 0x0000000000000001) ? 0x8000000000000000 : 0);
+                V[0] >>= 1;
+                V[0] ^= 0xE100000000000000;
+            }
+            else {
+                V[1] >>= 1;
+                V[1] |= ((V[0] & 0x0000000000000001) ? 0x8000000000000000 : 0);
+                V[0] >>= 1;
+            }
+            y <<= 1;
+        }
+    }
+    X[0] = Z[0];
+    X[1] = Z[1];
+}
+
+
+static void GHASH(Aes* aes, const byte* a, word32 aSz,
+                                const byte* c, word32 cSz, byte* s, word32 sSz)
+{
+    word64 x[2] = {0,0};
+    word32 blocks, partial;
+    word64 bigH[2];
+
+    XMEMCPY(bigH, aes->H, AES_BLOCK_SIZE);
+    #ifdef LITTLE_ENDIAN_ORDER
+        ByteReverseWords64(bigH, bigH, AES_BLOCK_SIZE); 
+    #endif
+
+    /* Hash in A, the Additional Authentication Data */
+    if (aSz != 0 && a != NULL) {
+        word64 bigA[2];
+        blocks = aSz / AES_BLOCK_SIZE;
+        partial = aSz % AES_BLOCK_SIZE;
+        while (blocks--) {
+            XMEMCPY(bigA, a, AES_BLOCK_SIZE);
+            #ifdef LITTLE_ENDIAN_ORDER
+                ByteReverseWords64(bigA, bigA, AES_BLOCK_SIZE);
+            #endif
+            x[0] ^= bigA[0];
+            x[1] ^= bigA[1];
+            GMULT(x, bigH);
+            a += AES_BLOCK_SIZE;
+        }
+        if (partial != 0) {
+            XMEMSET(bigA, 0, AES_BLOCK_SIZE);
+            XMEMCPY(bigA, a, partial);
+            #ifdef LITTLE_ENDIAN_ORDER
+                ByteReverseWords64(bigA, bigA, AES_BLOCK_SIZE);
+            #endif
+            x[0] ^= bigA[0];
+            x[1] ^= bigA[1];
+            GMULT(x, bigH);
+        }
+    }
+
+    /* Hash in C, the Ciphertext */
+    if (cSz != 0 && c != NULL) {
+        word64 bigC[2];
+        blocks = cSz / AES_BLOCK_SIZE;
+        partial = cSz % AES_BLOCK_SIZE;
+        while (blocks--) {
+            XMEMCPY(bigC, c, AES_BLOCK_SIZE);
+            #ifdef LITTLE_ENDIAN_ORDER
+                ByteReverseWords64(bigC, bigC, AES_BLOCK_SIZE);
+            #endif
+            x[0] ^= bigC[0];
+            x[1] ^= bigC[1];
+            GMULT(x, bigH);
+            c += AES_BLOCK_SIZE;
+        }
+        if (partial != 0) {
+            XMEMSET(bigC, 0, AES_BLOCK_SIZE);
+            XMEMCPY(bigC, c, partial);
+            #ifdef LITTLE_ENDIAN_ORDER
+                ByteReverseWords64(bigC, bigC, AES_BLOCK_SIZE);
+            #endif
+            x[0] ^= bigC[0];
+            x[1] ^= bigC[1];
+            GMULT(x, bigH);
+        }
+    }
+
+    /* Hash in the lengths in bits of A and C */
+    {
+        word64 len[2] = {aSz, cSz};
+
+        /* Lengths are in bytes. Convert to bits. */
+        len[0] *= 8;
+        len[1] *= 8;
+
+        x[0] ^= len[0];
+        x[1] ^= len[1];
+        GMULT(x, bigH);
+    }
+    #ifdef LITTLE_ENDIAN_ORDER
+        ByteReverseWords64(x, x, AES_BLOCK_SIZE);
+    #endif
+    XMEMCPY(s, x, sSz);
+}
+
+/* end defined(WORD64_AVAILABLE) && !defined(GCM_WORD32) */
+#else /* GCM_WORD32 */
+
+static void GMULT(word32* X, word32* Y)
+{
+    word32 Z[4] = {0,0,0,0};
+    word32 V[4] = {X[0], X[1], X[2], X[3]};
+    int i, j;
+
+    for (i = 0; i < 4; i++)
+    {
+        word32 y = Y[i];
+        for (j = 0; j < 32; j++)
+        {
+            if (y & 0x80000000) {
+                Z[0] ^= V[0];
+                Z[1] ^= V[1];
+                Z[2] ^= V[2];
+                Z[3] ^= V[3];
+            }
+
+            if (V[3] & 0x00000001) {
+                V[3] >>= 1;
+                V[3] |= ((V[2] & 0x00000001) ? 0x80000000 : 0);
+                V[2] >>= 1;
+                V[2] |= ((V[1] & 0x00000001) ? 0x80000000 : 0);
+                V[1] >>= 1;
+                V[1] |= ((V[0] & 0x00000001) ? 0x80000000 : 0);
+                V[0] >>= 1;
+                V[0] ^= 0xE1000000;
+            } else {
+                V[3] >>= 1;
+                V[3] |= ((V[2] & 0x00000001) ? 0x80000000 : 0);
+                V[2] >>= 1;
+                V[2] |= ((V[1] & 0x00000001) ? 0x80000000 : 0);
+                V[1] >>= 1;
+                V[1] |= ((V[0] & 0x00000001) ? 0x80000000 : 0);
+                V[0] >>= 1;
+            }
+            y <<= 1;
+        }
+    }
+    X[0] = Z[0];
+    X[1] = Z[1];
+    X[2] = Z[2];
+    X[3] = Z[3];
+}
+
+
+static void GHASH(Aes* aes, const byte* a, word32 aSz,
+                                const byte* c, word32 cSz, byte* s, word32 sSz)
+{
+    word32 x[4] = {0,0,0,0};
+    word32 blocks, partial;
+    word32 bigH[4];
+
+    XMEMCPY(bigH, aes->H, AES_BLOCK_SIZE);
+    #ifdef LITTLE_ENDIAN_ORDER
+        ByteReverseWords(bigH, bigH, AES_BLOCK_SIZE); 
+    #endif
+
+    /* Hash in A, the Additional Authentication Data */
+    if (aSz != 0 && a != NULL) {
+        word32 bigA[4];
+        blocks = aSz / AES_BLOCK_SIZE;
+        partial = aSz % AES_BLOCK_SIZE;
+        while (blocks--) {
+            XMEMCPY(bigA, a, AES_BLOCK_SIZE);
+            #ifdef LITTLE_ENDIAN_ORDER
+                ByteReverseWords(bigA, bigA, AES_BLOCK_SIZE);
+            #endif
+            x[0] ^= bigA[0];
+            x[1] ^= bigA[1];
+            x[2] ^= bigA[2];
+            x[3] ^= bigA[3];
+            GMULT(x, bigH);
+            a += AES_BLOCK_SIZE;
+        }
+        if (partial != 0) {
+            XMEMSET(bigA, 0, AES_BLOCK_SIZE);
+            XMEMCPY(bigA, a, partial);
+            #ifdef LITTLE_ENDIAN_ORDER
+                ByteReverseWords(bigA, bigA, AES_BLOCK_SIZE);
+            #endif
+            x[0] ^= bigA[0];
+            x[1] ^= bigA[1];
+            x[2] ^= bigA[2];
+            x[3] ^= bigA[3];
+            GMULT(x, bigH);
+        }
+    }
+
+    /* Hash in C, the Ciphertext */
+    if (cSz != 0 && c != NULL) {
+        word32 bigC[4];
+        blocks = cSz / AES_BLOCK_SIZE;
+        partial = cSz % AES_BLOCK_SIZE;
+        while (blocks--) {
+            XMEMCPY(bigC, c, AES_BLOCK_SIZE);
+            #ifdef LITTLE_ENDIAN_ORDER
+                ByteReverseWords(bigC, bigC, AES_BLOCK_SIZE);
+            #endif
+            x[0] ^= bigC[0];
+            x[1] ^= bigC[1];
+            x[2] ^= bigC[2];
+            x[3] ^= bigC[3];
+            GMULT(x, bigH);
+            c += AES_BLOCK_SIZE;
+        }
+        if (partial != 0) {
+            XMEMSET(bigC, 0, AES_BLOCK_SIZE);
+            XMEMCPY(bigC, c, partial);
+            #ifdef LITTLE_ENDIAN_ORDER
+                ByteReverseWords(bigC, bigC, AES_BLOCK_SIZE);
+            #endif
+            x[0] ^= bigC[0];
+            x[1] ^= bigC[1];
+            x[2] ^= bigC[2];
+            x[3] ^= bigC[3];
+            GMULT(x, bigH);
+        }
+    }
+
+    /* Hash in the lengths in bits of A and C */
+    {
+        word32 len[4];
+
+        /* Lengths are in bytes. Convert to bits. */
+        len[0] = (aSz >> (8*sizeof(aSz) - 3));
+        len[1] = aSz << 3;
+        len[2] = (cSz >> (8*sizeof(cSz) - 3));
+        len[3] = cSz << 3;
+
+        x[0] ^= len[0];
+        x[1] ^= len[1];
+        x[2] ^= len[2];
+        x[3] ^= len[3];
+        GMULT(x, bigH);
+    }
+    #ifdef LITTLE_ENDIAN_ORDER
+        ByteReverseWords(x, x, AES_BLOCK_SIZE);
+    #endif
+    XMEMCPY(s, x, sSz);
+}
+
+#endif /* end GCM_WORD32 */
+
+
+void AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
+                   byte* authTag, word32 authTagSz,
+                   const byte* authIn, word32 authInSz)
+{
+    word32 blocks = sz / AES_BLOCK_SIZE;
+    word32 partial = sz % AES_BLOCK_SIZE;
+    const byte* p = in;
+    byte* c = out;
+    byte ctr[AES_BLOCK_SIZE];
+    byte scratch[AES_BLOCK_SIZE];
+
+    CYASSL_ENTER("AesGcmEncrypt");
+
+    /* Initialize the counter with the MS 96 bits of IV, and the counter
+     * portion set to "1". */
+    XMEMCPY(ctr, aes->reg, AES_BLOCK_SIZE);
+    InitGcmCounter(ctr);
+
+    while (blocks--) {
+        IncrementGcmCounter(ctr);
+        AesEncrypt(aes, ctr, scratch);
+        xorbuf(scratch, p, AES_BLOCK_SIZE);
+        XMEMCPY(c, scratch, AES_BLOCK_SIZE);
+
+        p += AES_BLOCK_SIZE;
+        c += AES_BLOCK_SIZE;
+    }
+    if (partial != 0) {
+        IncrementGcmCounter(ctr);
+        AesEncrypt(aes, ctr, scratch);
+        xorbuf(scratch, p, partial);
+        XMEMCPY(c, scratch, partial);
+    }
+    GHASH(aes, authIn, authInSz, out, sz, authTag, authTagSz);
+    InitGcmCounter(ctr);
+    AesEncrypt(aes, ctr, scratch);
+    xorbuf(authTag, scratch, authTagSz);
+}
+
+
+int  AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
+                   const byte* authTag, word32 authTagSz,
+                   const byte* authIn, word32 authInSz)
+{
+    word32 blocks = sz / AES_BLOCK_SIZE;
+    word32 partial = sz % AES_BLOCK_SIZE;
+    const byte* c = in;
+    byte* p = out;
+    byte ctr[AES_BLOCK_SIZE];
+    byte scratch[AES_BLOCK_SIZE];
+
+    CYASSL_ENTER("AesGcmDecrypt");
+
+    /* Initialize the counter with the MS 96 bits of IV, and the counter
+     * portion set to "1". */
+    XMEMCPY(ctr, aes->reg, AES_BLOCK_SIZE);
+    InitGcmCounter(ctr);
+
+    /* Calculate the authTag again using the received auth data and the
+     * cipher text. */
+    {
+        byte Tprime[AES_BLOCK_SIZE];
+        byte EKY0[AES_BLOCK_SIZE];
+
+        GHASH(aes, authIn, authInSz, in, sz, Tprime, sizeof(Tprime));
+        AesEncrypt(aes, ctr, EKY0);
+        xorbuf(Tprime, EKY0, sizeof(Tprime));
+        if (XMEMCMP(authTag, Tprime, authTagSz) != 0) {
+            return AES_GCM_AUTH_E;
+        }
+    }
+
+    while (blocks--) {
+        IncrementGcmCounter(ctr);
+        AesEncrypt(aes, ctr, scratch);
+        xorbuf(scratch, c, AES_BLOCK_SIZE);
+        XMEMCPY(p, scratch, AES_BLOCK_SIZE);
+
+        p += AES_BLOCK_SIZE;
+        c += AES_BLOCK_SIZE;
+    }
+    if (partial != 0) {
+        IncrementGcmCounter(ctr);
+        AesEncrypt(aes, ctr, scratch);
+        xorbuf(scratch, c, partial);
+        XMEMCPY(p, scratch, partial);
+    }
+
+    return 0;
+}
+
+#endif /* HAVE_AESGCM */
+
+
 #endif /* NO_AES */

--- a/ctaocrypt/src/arc4.c
+++ b/ctaocrypt/src/arc4.c
@ -1,6 +1,6 @@
 /* arc4.c
 *
- * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ * Copyright (C) 2006-2012 Sawtooth Consulting Ltd.
 *
 * This file is part of CyaSSL.
 *
--- a/ctaocrypt/src/asm.c
+++ b/ctaocrypt/src/asm.c
@ -1,6 +1,6 @@
 /* asm.c
 *
- * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ * Copyright (C) 2006-2012 Sawtooth Consulting Ltd.
 *
 * This file is part of CyaSSL.
 *
@ -41,7 +41,7 @@
   mu = c[x] * mp

 #define INNERMUL                                          \
-asm(                                                      \
+__asm__(                                                      \
   "movl %5,%%eax \n\t"                                   \
   "mull %4       \n\t"                                   \
   "addl %1,%%eax \n\t"                                   \
@ -54,7 +54,7 @@ asm(                                                      \
 : "%eax", "%edx", "%cc")

 #define PROPCARRY                           \
-asm(                                        \
+__asm__(                                        \
   "addl   %1,%0    \n\t"                   \
   "setb   %%al     \n\t"                   \
   "movzbl %%al,%1 \n\t"                    \
@ -73,7 +73,7 @@ asm(                                        \
   mu = c[x] * mp

 #define INNERMUL                                          \
-asm(                                                      \
+__asm__(                                                      \
   "movq %5,%%rax \n\t"                                   \
   "mulq %4       \n\t"                                   \
   "addq %1,%%rax \n\t"                                   \
@ -86,7 +86,7 @@ asm(                                                      \
 : "%rax", "%rdx", "%cc")

 #define INNERMUL8 \
- asm(                  \
+ __asm__(                  \
 "movq 0(%5),%%rax    \n\t"  \
 "movq 0(%2),%%r10    \n\t"  \
 "movq 0x8(%5),%%r11  \n\t"  \
@ -180,7 +180,7 @@ asm(                                                      \


 #define PROPCARRY                           \
-asm(                                        \
+__asm__(                                        \
   "addq   %1,%0    \n\t"                   \
   "setb   %%al     \n\t"                   \
   "movzbq %%al,%1 \n\t"                    \
@ -200,13 +200,13 @@ asm(                                        \
 */

 #define MONT_START \
-   asm("movd %0,%%mm2"::"g"(mp))
+   __asm__("movd %0,%%mm2"::"g"(mp))

 #define MONT_FINI \
-   asm("emms")
+   __asm__("emms")

 #define LOOP_START          \
-asm(                        \
+__asm__(                        \
 "movd %0,%%mm1        \n\t" \
 "pxor %%mm3,%%mm3     \n\t" \
 "pmuludq %%mm2,%%mm1  \n\t" \
@ -214,7 +214,7 @@ asm(                        \

 /* pmuludq on mmx registers does a 32x32->64 multiply. */
 #define INNERMUL               \
-asm(                           \
+__asm__(                           \
   "movd %1,%%mm4        \n\t" \
   "movd %2,%%mm0        \n\t" \
   "paddq %%mm4,%%mm3    \n\t" \
@ -225,7 +225,7 @@ asm(                           \
 :"=g"(_c[LO]) : "0"(_c[LO]), "g"(*tmpm++) );

 #define INNERMUL8 \
-asm(                           \
+__asm__(                           \
   "movd 0(%1),%%mm4     \n\t" \
   "movd 0(%2),%%mm0     \n\t" \
   "paddq %%mm4,%%mm3    \n\t" \
@ -295,10 +295,10 @@ asm(                           \
   pointer */

 #define LOOP_END \
-asm( "movd %%mm3,%0  \n" :"=r"(cy))
+__asm__( "movd %%mm3,%0  \n" :"=r"(cy))

 #define PROPCARRY                           \
-asm(                                        \
+__asm__(                                        \
   "addl   %1,%0    \n\t"                   \
   "setb   %%al     \n\t"                   \
   "movzbl %%al,%1 \n\t"                    \
@ -317,7 +317,7 @@ asm(                                        \
   mu = c[x] * mp

 #define INNERMUL                    \
-asm(                                \
+__asm__(                                \
    " LDR    r0,%1            \n\t" \
    " ADDS   r0,r0,%0         \n\t" \
    " MOVCS  %0,#1            \n\t" \
@ -327,7 +327,7 @@ asm(                                \
 :"=r"(cy),"=m"(_c[0]):"0"(cy),"r"(mu),"r"(*tmpm++),"1"(_c[0]):"r0","%cc");

 #define PROPCARRY                  \
-asm(                               \
+__asm__(                               \
    " LDR   r0,%1            \n\t" \
    " ADDS  r0,r0,%0         \n\t" \
    " STR   r0,%1            \n\t" \
@ -345,7 +345,7 @@ asm(                               \
   mu = c[x] * mp

 #define INNERMUL                     \
-asm(                                 \
+__asm__(                                 \
   " mullw    16,%3,%4       \n\t"   \
   " mulhwu   17,%3,%4       \n\t"   \
   " addc     16,16,%0       \n\t"   \
@ -357,7 +357,7 @@ asm(                                 \
 :"=r"(cy),"=m"(_c[0]):"0"(cy),"r"(mu),"r"(tmpm[0]),"1"(_c[0]):"16", "17", "18","%cc"); ++tmpm;

 #define PROPCARRY                    \
-asm(                                 \
+__asm__(                                 \
   " lwz      16,%1         \n\t"    \
   " addc     16,16,%0      \n\t"    \
   " stw      16,%1         \n\t"    \
@ -375,7 +375,7 @@ asm(                                 \
   mu = c[x] * mp

 #define INNERMUL                     \
-asm(                                 \
+__asm__(                                 \
   " mulld    16,%3,%4       \n\t"   \
   " mulhdu   17,%3,%4       \n\t"   \
   " addc     16,16,%0       \n\t"   \
@ -387,7 +387,7 @@ asm(                                 \
 :"=r"(cy),"=m"(_c[0]):"0"(cy),"r"(mu),"r"(tmpm[0]),"1"(_c[0]):"16", "17", "18","%cc"); ++tmpm;

 #define PROPCARRY                    \
-asm(                                 \
+__asm__(                                 \
   " ldx      16,0,%1       \n\t"    \
   " addc     16,16,%0      \n\t"    \
   " sdx      16,0,%1       \n\t"    \
@ -407,7 +407,7 @@ asm(                                 \
   mu = c[x] * mp

 #define INNERMUL                    \
-asm(                                \
+__asm__(                                \
    " ld.w   r2,%1            \n\t" \
    " add    r2,%0            \n\t" \
    " eor    r3,r3            \n\t" \
@ -418,7 +418,7 @@ asm(                                \
 :"=r"(cy),"=r"(_c):"0"(cy),"r"(mu),"r"(*tmpm++),"1"(_c):"r2","r3");

 #define PROPCARRY                    \
-asm(                                 \
+__asm__(                                 \
   " ld.w     r2,%1         \n\t"    \
   " add      r2,%0         \n\t"    \
   " st.w     %1,r2         \n\t"    \
@ -475,7 +475,7 @@ asm(                                 \
 #define COMBA_FINI

 #define SQRADD(i, j)                                      \
-asm(                                            \
+__asm__(                                            \
     "movl  %6,%%eax     \n\t"                            \
     "mull  %%eax        \n\t"                            \
     "addl  %%eax,%0     \n\t"                            \
@ -484,7 +484,7 @@ asm(                                            \
     :"=r"(c0), "=r"(c1), "=r"(c2): "0"(c0), "1"(c1), "2"(c2), "m"(i) :"%eax","%edx","%cc");

 #define SQRADD2(i, j)                                     \
-asm(                                            \
+__asm__(                                            \
     "movl  %6,%%eax     \n\t"                            \
     "mull  %7           \n\t"                            \
     "addl  %%eax,%0     \n\t"                            \
@ -496,7 +496,7 @@ asm(                                            \
     :"=r"(c0), "=r"(c1), "=r"(c2): "0"(c0), "1"(c1), "2"(c2), "m"(i), "m"(j)  :"%eax","%edx", "%cc");

 #define SQRADDSC(i, j)                                    \
-asm(                                                     \
+__asm__(                                                     \
     "movl  %3,%%eax     \n\t"                            \
     "mull  %4           \n\t"                            \
     "movl  %%eax,%0     \n\t"                            \
@ -507,7 +507,7 @@ asm(                                                     \
 /* TAO removed sc0,1,2 as input to remove warning so %6,%7 become %3,%4 */

 #define SQRADDAC(i, j)                                    \
-asm(                                                     \
+__asm__(                                                     \
     "movl  %6,%%eax     \n\t"                            \
     "mull  %7           \n\t"                            \
     "addl  %%eax,%0     \n\t"                            \
@ -516,7 +516,7 @@ asm(                                                     \
     :"=r"(sc0), "=r"(sc1), "=r"(sc2): "0"(sc0), "1"(sc1), "2"(sc2), "g"(i), "g"(j) :"%eax","%edx","%cc");

 #define SQRADDDB                                          \
-asm(                                                     \
+__asm__(                                                     \
     "addl %6,%0         \n\t"                            \
     "adcl %7,%1         \n\t"                            \
     "adcl %8,%2         \n\t"                            \
@ -545,7 +545,7 @@ asm(                                                     \
 #define COMBA_FINI

 #define SQRADD(i, j)                                      \
-asm(                                                     \
+__asm__(                                                     \
     "movq  %6,%%rax     \n\t"                            \
     "mulq  %%rax        \n\t"                            \
     "addq  %%rax,%0     \n\t"                            \
@ -554,7 +554,7 @@ asm(                                                     \
     :"=r"(c0), "=r"(c1), "=r"(c2): "0"(c0), "1"(c1), "2"(c2), "g"(i) :"%rax","%rdx","%cc");

 #define SQRADD2(i, j)                                     \
-asm(                                                     \
+__asm__(                                                     \
     "movq  %6,%%rax     \n\t"                            \
     "mulq  %7           \n\t"                            \
     "addq  %%rax,%0     \n\t"                            \
@ -566,7 +566,7 @@ asm(                                                     \
     :"=r"(c0), "=r"(c1), "=r"(c2): "0"(c0), "1"(c1), "2"(c2), "g"(i), "g"(j)  :"%rax","%rdx","%cc");

 #define SQRADDSC(i, j)                                    \
-asm(                                                     \
+__asm__(                                                     \
     "movq  %3,%%rax     \n\t"                            \
     "mulq  %4           \n\t"                            \
     "movq  %%rax,%0     \n\t"                            \
@ -577,7 +577,7 @@ asm(                                                     \
 /* TAO removed sc0,1,2 as input to remove warning so %6,%7 become %3,%4 */

 #define SQRADDAC(i, j)                                                         \
-asm(                                                     \
+__asm__(                                                     \
     "movq  %6,%%rax     \n\t"                            \
     "mulq  %7           \n\t"                            \
     "addq  %%rax,%0     \n\t"                            \
@ -586,7 +586,7 @@ asm(                                                     \
     :"=r"(sc0), "=r"(sc1), "=r"(sc2): "0"(sc0), "1"(sc1), "2"(sc2), "g"(i), "g"(j) :"%rax","%rdx","%cc");

 #define SQRADDDB                                          \
-asm(                                                     \
+__asm__(                                                     \
     "addq %6,%0         \n\t"                            \
     "adcq %7,%1         \n\t"                            \
     "adcq %8,%2         \n\t"                            \
@ -613,10 +613,10 @@ asm(                                                     \
   do { c0 = c1; c1 = c2; c2 = 0; } while (0);

 #define COMBA_FINI \
-   asm("emms");
+   __asm__("emms");

 #define SQRADD(i, j)                                      \
-asm(                                            \
+__asm__(                                            \
     "movd  %6,%%mm0     \n\t"                            \
     "pmuludq %%mm0,%%mm0\n\t"                            \
     "movd  %%mm0,%%eax  \n\t"                            \
@ -628,7 +628,7 @@ asm(                                            \
     :"=r"(c0), "=r"(c1), "=r"(c2): "0"(c0), "1"(c1), "2"(c2), "m"(i) :"%eax","%cc");

 #define SQRADD2(i, j)                                     \
-asm(                                            \
+__asm__(                                            \
     "movd  %6,%%mm0     \n\t"                            \
     "movd  %7,%%mm1     \n\t"                            \
     "pmuludq %%mm1,%%mm0\n\t"                            \
@ -644,7 +644,7 @@ asm(                                            \
     :"=r"(c0), "=r"(c1), "=r"(c2): "0"(c0), "1"(c1), "2"(c2), "m"(i), "m"(j)  :"%eax","%edx","%cc");

 #define SQRADDSC(i, j)                                                         \
-asm(                                            \
+__asm__(                                            \
     "movd  %3,%%mm0     \n\t"                            \
     "movd  %4,%%mm1     \n\t"                            \
     "pmuludq %%mm1,%%mm0\n\t"                            \
@ -657,7 +657,7 @@ asm(                                            \
 /* TAO removed sc0,1,2 as input to remove warning so %6,%7 become %3,%4 */

 #define SQRADDAC(i, j)                                                         \
-asm(                                            \
+__asm__(                                            \
     "movd  %6,%%mm0     \n\t"                            \
     "movd  %7,%%mm1     \n\t"                            \
     "pmuludq %%mm1,%%mm0\n\t"                            \
@ -670,7 +670,7 @@ asm(                                            \
     :"=r"(sc0), "=r"(sc1), "=r"(sc2): "0"(sc0), "1"(sc1), "2"(sc2), "m"(i), "m"(j)  :"%eax","%edx","%cc");

 #define SQRADDDB                                          \
-asm(                                                     \
+__asm__(                                                     \
     "addl %6,%0         \n\t"                            \
     "adcl %7,%1         \n\t"                            \
     "adcl %8,%2         \n\t"                            \
@ -701,7 +701,7 @@ asm(                                                     \

 /* multiplies point i and j, updates carry "c1" and digit c2 */
 #define SQRADD(i, j)                                             \
-asm(                                                             \
+__asm__(                                                             \
 "  UMULL  r0,r1,%6,%6              \n\t"                         \
 "  ADDS   %0,%0,r0                 \n\t"                         \
 "  ADCS   %1,%1,r1                 \n\t"                         \
@ -710,7 +710,7 @@ asm(                                                             \
 	
 /* for squaring some of the terms are doubled... */
 #define SQRADD2(i, j)                                            \
-asm(                                                             \
+__asm__(                                                             \
 "  UMULL  r0,r1,%6,%7              \n\t"                         \
 "  ADDS   %0,%0,r0                 \n\t"                         \
 "  ADCS   %1,%1,r1                 \n\t"                         \
@ -721,13 +721,13 @@ asm(                                                             \
 :"=r"(c0), "=r"(c1), "=r"(c2) : "0"(c0), "1"(c1), "2"(c2), "r"(i), "r"(j) : "r0", "r1", "%cc");

 #define SQRADDSC(i, j)                                           \
-asm(                                                             \
+__asm__(                                                             \
 "  UMULL  %0,%1,%6,%7              \n\t"                         \
 "  SUB    %2,%2,%2                 \n\t"                         \
 :"=r"(sc0), "=r"(sc1), "=r"(sc2) : "0"(sc0), "1"(sc1), "2"(sc2), "r"(i), "r"(j) : "%cc");

 #define SQRADDAC(i, j)                                           \
-asm(                                                             \
+__asm__(                                                             \
 "  UMULL  r0,r1,%6,%7              \n\t"                         \
 "  ADDS   %0,%0,r0                 \n\t"                         \
 "  ADCS   %1,%1,r1                 \n\t"                         \
@ -735,7 +735,7 @@ asm(                                                             \
 :"=r"(sc0), "=r"(sc1), "=r"(sc2) : "0"(sc0), "1"(sc1), "2"(sc2), "r"(i), "r"(j) : "r0", "r1", "%cc");

 #define SQRADDDB                                                 \
-asm(                                                             \
+__asm__(                                                             \
 "  ADDS  %0,%0,%3                     \n\t"                      \
 "  ADCS  %1,%1,%4                     \n\t"                      \
 "  ADC   %2,%2,%5                     \n\t"                      \
@ -766,7 +766,7 @@ asm(                                                             \

 /* multiplies point i and j, updates carry "c1" and digit c2 */
 #define SQRADD(i, j)             \
-asm(                             \
+__asm__(                             \
   " mullw  16,%6,%6       \n\t" \
   " addc   %0,%0,16       \n\t" \
   " mulhwu 16,%6,%6       \n\t" \
@ -776,7 +776,7 @@ asm(                             \

 /* for squaring some of the terms are doubled... */
 #define SQRADD2(i, j)            \
-asm(                             \
+__asm__(                             \
   " mullw  16,%6,%7       \n\t" \
   " mulhwu 17,%6,%7       \n\t" \
   " addc   %0,%0,16       \n\t" \
@ -788,14 +788,14 @@ asm(                             \
 :"=r"(c0), "=r"(c1), "=r"(c2):"0"(c0), "1"(c1), "2"(c2), "r"(i), "r"(j):"16", "17","%cc");

 #define SQRADDSC(i, j)            \
-asm(                              \
+__asm__(                              \
   " mullw  %0,%6,%7        \n\t" \
   " mulhwu %1,%6,%7        \n\t" \
   " xor    %2,%2,%2        \n\t" \
 :"=r"(sc0), "=r"(sc1), "=r"(sc2):"0"(sc0), "1"(sc1), "2"(sc2), "r"(i),"r"(j) : "%cc");

 #define SQRADDAC(i, j)           \
-asm(                             \
+__asm__(                             \
   " mullw  16,%6,%7       \n\t" \
   " addc   %0,%0,16       \n\t" \
   " mulhwu 16,%6,%7       \n\t" \
@ -804,7 +804,7 @@ asm(                             \
 :"=r"(sc0), "=r"(sc1), "=r"(sc2):"0"(sc0), "1"(sc1), "2"(sc2), "r"(i), "r"(j):"16", "%cc");

 #define SQRADDDB                  \
-asm(                              \
+__asm__(                              \
   " addc   %0,%0,%3        \n\t" \
   " adde   %1,%1,%4        \n\t" \
   " adde   %2,%2,%5        \n\t" \
@ -834,7 +834,7 @@ asm(                              \

 /* multiplies point i and j, updates carry "c1" and digit c2 */
 #define SQRADD(i, j)             \
-asm(                             \
+__asm__(                             \
   " mulld  16,%6,%6       \n\t" \
   " addc   %0,%0,16       \n\t" \
   " mulhdu 16,%6,%6       \n\t" \
@ -844,7 +844,7 @@ asm(                             \

 /* for squaring some of the terms are doubled... */
 #define SQRADD2(i, j)            \
-asm(                             \
+__asm__(                             \
   " mulld  16,%6,%7       \n\t" \
   " mulhdu 17,%6,%7       \n\t" \
   " addc   %0,%0,16       \n\t" \
@ -856,14 +856,14 @@ asm(                             \
 :"=r"(c0), "=r"(c1), "=r"(c2):"0"(c0), "1"(c1), "2"(c2), "r"(i), "r"(j):"16", "17","%cc");

 #define SQRADDSC(i, j)            \
-asm(                              \
+__asm__(                              \
   " mulld  %0,%6,%7        \n\t" \
   " mulhdu %1,%6,%7        \n\t" \
   " xor    %2,%2,%2        \n\t" \
 :"=r"(sc0), "=r"(sc1), "=r"(sc2):"0"(sc0), "1"(sc1), "2"(sc2), "r"(i),"r"(j) : "%cc");

 #define SQRADDAC(i, j)           \
-asm(                             \
+__asm__(                             \
   " mulld  16,%6,%7       \n\t" \
   " addc   %0,%0,16       \n\t" \
   " mulhdu 16,%6,%7       \n\t" \
@ -872,7 +872,7 @@ asm(                             \
 :"=r"(sc0), "=r"(sc1), "=r"(sc2):"0"(sc0), "1"(sc1), "2"(sc2), "r"(i), "r"(j):"16", "%cc");

 #define SQRADDDB                  \
-asm(                              \
+__asm__(                              \
   " addc   %0,%0,%3        \n\t" \
   " adde   %1,%1,%4        \n\t" \
   " adde   %2,%2,%5        \n\t" \
@ -904,7 +904,7 @@ asm(                              \

 /* multiplies point i and j, updates carry "c1" and digit c2 */
 #define SQRADD(i, j)             \
-asm(                             \
+__asm__(                             \
   " mulu.d r2,%6,%6       \n\t" \
   " add    %0,%0,r2       \n\t" \
   " adc    %1,%1,r3       \n\t" \
@ -913,7 +913,7 @@ asm(                             \

 /* for squaring some of the terms are doubled... */
 #define SQRADD2(i, j)            \
-asm(                             \
+__asm__(                             \
   " mulu.d r2,%6,%7       \n\t" \
   " add    %0,%0,r2       \n\t" \
   " adc    %1,%1,r3       \n\t" \
@ -924,7 +924,7 @@ asm(                             \
 :"=r"(c0), "=r"(c1), "=r"(c2):"0"(c0), "1"(c1), "2"(c2), "r"(i), "r"(j):"r2", "r3");

 #define SQRADDSC(i, j)            \
-asm(                              \
+__asm__(                              \
   " mulu.d r2,%6,%7        \n\t" \
   " mov    %0,r2           \n\t" \
   " mov    %1,r3           \n\t" \
@ -932,7 +932,7 @@ asm(                              \
 :"=r"(sc0), "=r"(sc1), "=r"(sc2):"0"(sc0), "1"(sc1), "2"(sc2), "r"(i),"r"(j) : "r2", "r3");

 #define SQRADDAC(i, j)           \
-asm(                             \
+__asm__(                             \
   " mulu.d r2,%6,%7       \n\t" \
   " add    %0,%0,r2       \n\t" \
   " adc    %1,%1,r3       \n\t" \
@ -940,7 +940,7 @@ asm(                             \
 :"=r"(sc0), "=r"(sc1), "=r"(sc2):"0"(sc0), "1"(sc1), "2"(sc2), "r"(i), "r"(j):"r2", "r3");

 #define SQRADDDB                  \
-asm(                              \
+__asm__(                              \
   " add    %0,%0,%3        \n\t" \
   " adc    %1,%1,%4        \n\t" \
   " adc    %2,%2,%5        \n\t" \
@ -1059,7 +1059,7 @@ asm(                              \

 /* this should multiply i and j  */
 #define MULADD(i, j)                                      \
-asm(                                                      \
+__asm__(                                                      \
     "movl  %6,%%eax     \n\t"                            \
     "mull  %7           \n\t"                            \
     "addl  %%eax,%0     \n\t"                            \
@ -1094,7 +1094,7 @@ asm(                                                      \

 /* this should multiply i and j  */
 #define MULADD(i, j)                                      \
-asm  (                                                    \
+__asm__  (                                                    \
     "movq  %6,%%rax     \n\t"                            \
     "mulq  %7           \n\t"                            \
     "addq  %%rax,%0     \n\t"                            \
@ -1126,11 +1126,11 @@ asm  (                                                    \

 /* anything you need at the end */
 #define COMBA_FINI \
-   asm("emms");
+   __asm__("emms");

 /* this should multiply i and j  */
 #define MULADD(i, j)                                     \
-asm(                                                     \
+__asm__(                                                     \
    "movd  %6,%%mm0     \n\t"                            \
    "movd  %7,%%mm1     \n\t"                            \
    "pmuludq %%mm1,%%mm0\n\t"                            \
@ -1162,7 +1162,7 @@ asm(                                                     \
 #define COMBA_FINI

 #define MULADD(i, j)                                          \
-asm(                                                          \
+__asm__(                                                          \
 "  UMULL  r0,r1,%6,%7           \n\t"                         \
 "  ADDS   %0,%0,r0              \n\t"                         \
 "  ADCS   %1,%1,r1              \n\t"                         \
@ -1190,7 +1190,7 @@ asm(                                                          \
   
 /* untested: will mulhwu change the flags?  Docs say no */
 #define MULADD(i, j)              \
-asm(                              \
+__asm__(                              \
   " mullw  16,%6,%7       \n\t" \
   " addc   %0,%0,16       \n\t" \
   " mulhwu 16,%6,%7       \n\t" \
@ -1219,7 +1219,7 @@ asm(                              \
   
 /* untested: will mulhwu change the flags?  Docs say no */
 #define MULADD(i, j)              \
-asm(                              \
+____asm__(                              \
   " mulld  16,%6,%7       \n\t" \
   " addc   %0,%0,16       \n\t" \
   " mulhdu 16,%6,%7       \n\t" \
@ -1248,7 +1248,7 @@ asm(                              \
 #define COMBA_FINI 
   
 #define MULADD(i, j)             \
-asm(                             \
+____asm__(                             \
   " mulu.d r2,%6,%7        \n\t"\
   " add    %0,r2           \n\t"\
   " adc    %1,%1,r3        \n\t"\
--- a/ctaocrypt/src/asn.c
+++ b/ctaocrypt/src/asn.c
--- a/ctaocrypt/src/coding.c
+++ b/ctaocrypt/src/coding.c
@ -1,6 +1,6 @@
 /* coding.c
 *
- * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ * Copyright (C) 2006-2012 Sawtooth Consulting Ltd.
 *
 * This file is part of CyaSSL.
 *
@ -49,11 +49,12 @@ const byte base64Decode[] = { 62, BAD, BAD, BAD, 63,   /* + starts at 0x2B */
                            };


-int Base64Decode(const byte* in, word32 inLen, byte* out, word32* outLen)
+int Base64_Decode(const byte* in, word32 inLen, byte* out, word32* outLen)
 {
    word32 i = 0;
    word32 j = 0;
    word32 plainSz = inLen - ((inLen + (PEM_LINE_SZ - 1)) / PEM_LINE_SZ );
+    const byte maxIdx = (byte)sizeof(base64Decode) + 0x2B - 1;

    plainSz = (plainSz * 3 + 3) / 4;
    if (plainSz > *outLen) return BAD_FUNC_ARG;
@ -75,6 +76,16 @@ int Base64Decode(const byte* in, word32 inLen, byte* out, word32* outLen)
        if (e4 == PAD)
            pad4 = 1;

+        if (e1 < 0x2B || e2 < 0x2B || e3 < 0x2B || e4 < 0x2B) {
+            CYASSL_MSG("Bad Base64 Decode data, too small");
+            return ASN_INPUT_E;
+        }
+
+        if (e1 > maxIdx || e2 > maxIdx || e3 > maxIdx || e4 > maxIdx) {
+            CYASSL_MSG("Bad Base64 Decode data, too big");
+            return ASN_INPUT_E;
+        }
+
        e1 = base64Decode[e1 - 0x2B];
        e2 = base64Decode[e2 - 0x2B];
        e3 = (e3 == PAD) ? 0 : base64Decode[e3 - 0x2B];
@ -131,7 +142,7 @@ const byte base64Encode[] = { 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J',


 /* porting assistance from yaSSL by Raphael HUCK */
-int Base64Encode(const byte* in, word32 inLen, byte* out, word32* outLen)
+int Base64_Encode(const byte* in, word32 inLen, byte* out, word32* outLen)
 {
    word32 i = 0,
           j = 0,
@ -197,11 +208,29 @@ const byte hexDecode[] = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9,
                           10, 11, 12, 13, 14, 15 
                         };  /* A starts at 0x41 not 0x3A */

-int Base16Decode(const byte* in, word32 inLen, byte* out, word32* outLen)
+int Base16_Decode(const byte* in, word32 inLen, byte* out, word32* outLen)
 {
    word32 inIdx  = 0;
    word32 outIdx = 0;

+    if (inLen == 1 && *outLen && in) {
+        byte b = in[inIdx++] - 0x30;  /* 0 starts at 0x30 */
+
+        /* sanity check */
+        if (b >=  sizeof(hexDecode)/sizeof(hexDecode[0]))
+            return ASN_INPUT_E;
+
+        b  = hexDecode[b];
+
+        if (b == BAD)
+            return ASN_INPUT_E;
+        
+        out[outIdx++] = b;
+
+        *outLen = outIdx;
+        return 0;
+    }
+
    if (inLen % 2)
        return BAD_FUNC_ARG;

@ -233,4 +262,4 @@ int Base16Decode(const byte* in, word32 inLen, byte* out, word32* outLen)
 }


-#endif  /* OPENSSL_EXTRA */
+#endif  /* defined(OPENSSL_EXTRA) || defined (SESSION_CERTS) || defined(CYASSL_KEY_GEN) || defined(CYASSL_CERT_GEN) || defined(HAVE_WEBSERVER) */
--- a/ctaocrypt/src/des3.c
+++ b/ctaocrypt/src/des3.c
@ -1,6 +1,6 @@
 /* des3.c
 *
- * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ * Copyright (C) 2006-2012 Sawtooth Consulting Ltd.
 *
 * This file is part of CyaSSL.
 *
@ -327,11 +327,25 @@ static INLINE int Reverse(int dir)
 }


+void Des_SetIV(Des* des, const byte* iv)
+{
+    if (des && iv)
+        XMEMCPY(des->reg, iv, DES_BLOCK_SIZE);
+}
+
+
+void Des3_SetIV(Des3* des, const byte* iv)
+{
+    if (des && iv)
+        XMEMCPY(des->reg, iv, DES_BLOCK_SIZE);
+}
+
+
 void Des_SetKey(Des* des, const byte* key, const byte* iv, int dir)
 {
    DesSetKey(key, dir, des->key);
-    
-    XMEMCPY(des->reg, iv, DES_BLOCK_SIZE);
+
+    Des_SetIV(des, iv);
 }


@ -340,8 +354,8 @@ void Des3_SetKey(Des3* des, const byte* key, const byte* iv, int dir)
    DesSetKey(key + (dir == DES_ENCRYPTION ? 0 : 16), dir, des->key[0]);
    DesSetKey(key + 8, Reverse(dir), des->key[1]);
    DesSetKey(key + (dir == DES_DECRYPTION ? 0 : 16), dir, des->key[2]);
-    
-    XMEMCPY(des->reg, iv, DES_BLOCK_SIZE);
+
+    Des3_SetIV(des, iv);  
 }


@ -493,5 +507,22 @@ void Des3_CbcDecrypt(Des3* des, byte* out, const byte* in, word32 sz)
    }
 }

+#ifdef CYASSL_DES_ECB
+
+/* One block, compatibility only */
+void Des_EcbEncrypt(Des* des, byte* out, const byte* in, word32 sz)
+{
+    word32 blocks = sz / DES_BLOCK_SIZE;
+
+    while (blocks--) {
+        DesProcessBlock(des, in, out);
+
+        out += DES_BLOCK_SIZE;
+        in  += DES_BLOCK_SIZE; 
+    }
+}
+
+#endif /* CYASSL_DES_ECB */
+

 #endif /* NO_DES3 */
--- a/ctaocrypt/src/dh.c
+++ b/ctaocrypt/src/dh.c
@ -1,6 +1,6 @@
 /* dh.c
 *
- * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ * Copyright (C) 2006-2012 Sawtooth Consulting Ltd.
 *
 * This file is part of CyaSSL.
 *
--- a/ctaocrypt/src/dsa.c
+++ b/ctaocrypt/src/dsa.c
@ -1,6 +1,6 @@
 /* dsa.c
 *
- * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ * Copyright (C) 2006-2012 Sawtooth Consulting Ltd.
 *
 * This file is part of CyaSSL.
 *
--- a/ctaocrypt/src/ecc.c
+++ b/ctaocrypt/src/ecc.c
--- a/ctaocrypt/src/error.c
+++ b/ctaocrypt/src/error.c
@ -0,0 +1,283 @@
+/* error.c
+ *
+ * Copyright (C) 2006-2012 Sawtooth Consulting Ltd.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+ 
+#include <cyassl/ctaocrypt/error.h>
+
+#ifdef _MSC_VER
+    /* 4996 warning to use MS extensions e.g., strcpy_s instead of XSTRNCPY */
+    #pragma warning(disable: 4996)
+#endif
+
+
+void CTaoCryptErrorString(int error, char* buffer)
+{
+    const int max = MAX_ERROR_SZ;   /* shorthand */
+
+#ifdef NO_ERROR_STRINGS
+
+    (void)error;
+    XSTRNCPY(buffer, "no support for error strings built in", max);
+
+#else
+
+    switch (error) {
+
+    case OPEN_RAN_E :        
+        XSTRNCPY(buffer, "opening random device error", max);
+        break;
+
+    case READ_RAN_E :
+        XSTRNCPY(buffer, "reading random device error", max);
+        break;
+
+    case WINCRYPT_E :
+        XSTRNCPY(buffer, "windows crypt init error", max);
+        break;
+
+    case CRYPTGEN_E : 
+        XSTRNCPY(buffer, "windows crypt generation error", max);
+        break;
+
+    case RAN_BLOCK_E : 
+        XSTRNCPY(buffer, "random device read would block error", max);
+        break;
+
+    case MP_INIT_E :
+        XSTRNCPY(buffer, "mp_init error state", max);
+        break;
+
+    case MP_READ_E :
+        XSTRNCPY(buffer, "mp_read error state", max);
+        break;
+
+    case MP_EXPTMOD_E :
+        XSTRNCPY(buffer, "mp_exptmod error state", max);
+        break;
+
+    case MP_TO_E :
+        XSTRNCPY(buffer, "mp_to_xxx error state, can't convert", max);
+        break;
+
+    case MP_SUB_E :
+        XSTRNCPY(buffer, "mp_sub error state, can't subtract", max);
+        break;
+
+    case MP_ADD_E :
+        XSTRNCPY(buffer, "mp_add error state, can't add", max);
+        break;
+
+    case MP_MUL_E :
+        XSTRNCPY(buffer, "mp_mul error state, can't multiply", max);
+        break;
+
+    case MP_MULMOD_E :
+        XSTRNCPY(buffer, "mp_mulmod error state, can't multiply mod", max);
+        break;
+
+    case MP_MOD_E :
+        XSTRNCPY(buffer, "mp_mod error state, can't mod", max);
+        break;
+
+    case MP_INVMOD_E :
+        XSTRNCPY(buffer, "mp_invmod error state, can't inv mod", max);
+        break; 
+        
+    case MP_CMP_E :
+        XSTRNCPY(buffer, "mp_cmp error state", max);
+        break; 
+        
+    case MP_ZERO_E :
+        XSTRNCPY(buffer, "mp zero result, not expected", max);
+        break; 
+        
+    case MEMORY_E :
+        XSTRNCPY(buffer, "out of memory error", max);
+        break;
+
+    case RSA_WRONG_TYPE_E :
+        XSTRNCPY(buffer, "RSA wrong block type for RSA function", max);
+        break; 
+
+    case RSA_BUFFER_E :
+        XSTRNCPY(buffer, "RSA buffer error, output too small or input too big",
+                max);
+        break; 
+
+    case BUFFER_E :
+        XSTRNCPY(buffer, "Buffer error, output too small or input too big",max);
+        break; 
+
+    case ALGO_ID_E :
+        XSTRNCPY(buffer, "Setting Cert AlogID error", max);
+        break; 
+
+    case PUBLIC_KEY_E :
+        XSTRNCPY(buffer, "Setting Cert Public Key error", max);
+        break; 
+
+    case DATE_E :
+        XSTRNCPY(buffer, "Setting Cert Date validity error", max);
+        break; 
+
+    case SUBJECT_E :
+        XSTRNCPY(buffer, "Setting Cert Subject name error", max);
+        break; 
+
+    case ISSUER_E :
+        XSTRNCPY(buffer, "Setting Cert Issuer name error", max);
+        break; 
+
+    case CA_TRUE_E :
+        XSTRNCPY(buffer, "Setting basic constraint CA true error", max);
+        break; 
+
+    case EXTENSIONS_E :
+        XSTRNCPY(buffer, "Setting extensions error", max);
+        break; 
+
+    case ASN_PARSE_E :
+        XSTRNCPY(buffer, "ASN parsing error, invalid input", max);
+        break;
+
+    case ASN_VERSION_E :
+        XSTRNCPY(buffer, "ASN version error, invalid number", max);
+        break;
+
+    case ASN_GETINT_E :
+        XSTRNCPY(buffer, "ASN get big int error, invalid data", max);
+        break;
+
+    case ASN_RSA_KEY_E :
+        XSTRNCPY(buffer, "ASN key init error, invalid input", max);
+        break;
+
+    case ASN_OBJECT_ID_E :
+        XSTRNCPY(buffer, "ASN object id error, invalid id", max);
+        break;
+
+    case ASN_TAG_NULL_E :
+        XSTRNCPY(buffer, "ASN tag error, not null", max);
+        break;
+
+    case ASN_EXPECT_0_E :
+        XSTRNCPY(buffer, "ASN expect error, not zero", max);
+        break;
+
+    case ASN_BITSTR_E :
+        XSTRNCPY(buffer, "ASN bit string error, wrong id", max);
+        break;
+
+    case ASN_UNKNOWN_OID_E :
+        XSTRNCPY(buffer, "ASN oid error, unknown sum id", max);
+        break;
+
+    case ASN_DATE_SZ_E :
+        XSTRNCPY(buffer, "ASN date error, bad size", max);
+        break;
+
+    case ASN_BEFORE_DATE_E :
+        XSTRNCPY(buffer, "ASN date error, current date before", max);
+        break;
+
+    case ASN_AFTER_DATE_E :
+        XSTRNCPY(buffer, "ASN date error, current date after", max);
+        break;
+
+    case ASN_SIG_OID_E :
+        XSTRNCPY(buffer, "ASN signature error, mismatched oid", max);
+        break;
+
+    case ASN_TIME_E :
+        XSTRNCPY(buffer, "ASN time error, unkown time type", max);
+        break;
+
+    case ASN_INPUT_E :
+        XSTRNCPY(buffer, "ASN input error, not enough data", max);
+        break;
+
+    case ASN_SIG_CONFIRM_E :
+        XSTRNCPY(buffer, "ASN sig error, confirm failure", max);
+        break;
+
+    case ASN_SIG_HASH_E :
+        XSTRNCPY(buffer, "ASN sig error, unsupported hash type", max);
+        break;
+
+    case ASN_SIG_KEY_E :
+        XSTRNCPY(buffer, "ASN sig error, unsupported key type", max);
+        break;
+
+    case ASN_DH_KEY_E :
+        XSTRNCPY(buffer, "ASN key init error, invalid input", max);
+        break;
+
+    case ASN_NTRU_KEY_E :
+        XSTRNCPY(buffer, "ASN NTRU key decode error, invalid input", max);
+        break;
+
+    case ECC_BAD_ARG_E :
+        XSTRNCPY(buffer, "ECC input argument wrong type, invalid input", max);
+        break;
+
+    case ASN_ECC_KEY_E :
+        XSTRNCPY(buffer, "ECC ASN1 bad key data, invalid input", max);
+        break;
+
+    case ECC_CURVE_OID_E :
+        XSTRNCPY(buffer, "ECC curve sum OID unsupported, invalid input", max);
+        break;
+
+    case BAD_FUNC_ARG :
+        XSTRNCPY(buffer, "Bad function argument", max);
+        break;
+
+    case NOT_COMPILED_IN :
+        XSTRNCPY(buffer, "Feature not compiled in", max);
+        break;
+
+    case UNICODE_SIZE_E :
+        XSTRNCPY(buffer, "Unicode password too big", max);
+        break;
+
+    case NO_PASSWORD :
+        XSTRNCPY(buffer, "No password provided by user", max);
+        break;
+
+    case ALT_NAME_E :
+        XSTRNCPY(buffer, "Alt Name problem, too big", max);
+        break;
+
+    case AES_GCM_AUTH_E:
+        XSTRNCPY(buffer, "AES-GCM Authentication check fail", max);
+        break;
+
+    default:
+        XSTRNCPY(buffer, "unknown error number", max);
+
+    }
+
+#endif /* NO_ERROR_STRINGS */
+
+}
--- a/ctaocrypt/src/hc128.c
+++ b/ctaocrypt/src/hc128.c
@ -1,6 +1,6 @@
 /* hc128.c
 *
- * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ * Copyright (C) 2006-2012 Sawtooth Consulting Ltd.
 *
 * This file is part of CyaSSL.
 *
--- a/ctaocrypt/src/hmac.c
+++ b/ctaocrypt/src/hmac.c
@ -1,6 +1,6 @@
 /* hmac.c
 *
- * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ * Copyright (C) 2006-2012 Sawtooth Consulting Ltd.
 *
 * This file is part of CyaSSL.
 *
@ -34,7 +34,7 @@ static int InitHmac(Hmac* hmac, int type)
    hmac->innerHashKeyed = 0;
    hmac->macType = (byte)type;

-    if (!(type == MD5 || type == SHA || type == SHA256))
+    if (!(type == MD5 || type == SHA || type == SHA256 || type == SHA384))
        return BAD_FUNC_ARG;

    if (type == MD5)
@ -45,6 +45,10 @@ static int InitHmac(Hmac* hmac, int type)
    else if (type == SHA256)
        InitSha256(&hmac->hash.sha256);
 #endif
+#ifdef CYASSL_SHA384
+    else if (type == SHA384)
+        InitSha384(&hmac->hash.sha384);
+#endif

    return 0;
 }
@ -54,34 +58,60 @@ void HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length)
 {
    byte*  ip = (byte*) hmac->ipad;
    byte*  op = (byte*) hmac->opad;
-    word32 i;
+    word32 i, hmac_block_size = MD5_BLOCK_SIZE;

    InitHmac(hmac, type);

-    if (length <= HMAC_BLOCK_SIZE)
-        XMEMCPY(ip, key, length);
-    else {
-        if (hmac->macType == MD5) {
+    if (hmac->macType == MD5) {
+        if (length <= MD5_BLOCK_SIZE) {
+            XMEMCPY(ip, key, length);
+        }
+        else {
            Md5Update(&hmac->hash.md5, key, length);
            Md5Final(&hmac->hash.md5, ip);
            length = MD5_DIGEST_SIZE;
        }
-        else if (hmac->macType == SHA) {
+    }
+    else if (hmac->macType == SHA) {
+		hmac_block_size = SHA_BLOCK_SIZE;
+        if (length <= SHA_BLOCK_SIZE) {
+            XMEMCPY(ip, key, length);
+        }
+        else {
            ShaUpdate(&hmac->hash.sha, key, length);
            ShaFinal(&hmac->hash.sha, ip);
            length = SHA_DIGEST_SIZE;
        }
+    }
 #ifndef NO_SHA256
-        else if (hmac->macType == SHA256) {
+    else if (hmac->macType == SHA256) {
+		hmac_block_size = SHA256_BLOCK_SIZE;
+        if (length <= SHA256_BLOCK_SIZE) {
+            XMEMCPY(ip, key, length);
+        }
+        else {
            Sha256Update(&hmac->hash.sha256, key, length);
            Sha256Final(&hmac->hash.sha256, ip);
            length = SHA256_DIGEST_SIZE;
        }
-#endif
    }
-    XMEMSET(ip + length, 0, HMAC_BLOCK_SIZE - length);
+#endif
+#ifdef CYASSL_SHA384
+    else if (hmac->macType == SHA384) {
+        hmac_block_size = SHA384_BLOCK_SIZE;
+        if (length <= SHA384_BLOCK_SIZE) {
+            XMEMCPY(ip, key, length);
+        }
+        else {
+            Sha384Update(&hmac->hash.sha384, key, length);
+            Sha384Final(&hmac->hash.sha384, ip);
+            length = SHA384_DIGEST_SIZE;
+        }
+    }
+#endif
+    XMEMSET(ip + length, 0, hmac_block_size - length);

-    for(i = 0; i < HMAC_BLOCK_SIZE; i++) {
+    for(i = 0; i < hmac_block_size; i++) {
        op[i] = ip[i] ^ OPAD;
        ip[i] ^= IPAD;
    }
@ -91,12 +121,16 @@ void HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length)
 static void HmacKeyInnerHash(Hmac* hmac)
 {
    if (hmac->macType == MD5)
-        Md5Update(&hmac->hash.md5, (byte*) hmac->ipad, HMAC_BLOCK_SIZE);
+        Md5Update(&hmac->hash.md5, (byte*) hmac->ipad, MD5_BLOCK_SIZE);
    else if (hmac->macType == SHA)
-        ShaUpdate(&hmac->hash.sha, (byte*) hmac->ipad, HMAC_BLOCK_SIZE);
+        ShaUpdate(&hmac->hash.sha, (byte*) hmac->ipad, SHA_BLOCK_SIZE);
 #ifndef NO_SHA256
    else if (hmac->macType == SHA256)
-        Sha256Update(&hmac->hash.sha256, (byte*) hmac->ipad, HMAC_BLOCK_SIZE);
+        Sha256Update(&hmac->hash.sha256, (byte*) hmac->ipad, SHA256_BLOCK_SIZE);
+#endif
+#ifdef CYASSL_SHA384
+    else if (hmac->macType == SHA384)
+        Sha384Update(&hmac->hash.sha384, (byte*) hmac->ipad, SHA384_BLOCK_SIZE);
 #endif

    hmac->innerHashKeyed = 1;
@ -116,6 +150,10 @@ void HmacUpdate(Hmac* hmac, const byte* msg, word32 length)
    else if (hmac->macType == SHA256)
        Sha256Update(&hmac->hash.sha256, msg, length);
 #endif
+#ifdef CYASSL_SHA384
+    else if (hmac->macType == SHA384)
+        Sha384Update(&hmac->hash.sha384, msg, length);
+#endif

 }

@ -128,30 +166,41 @@ void HmacFinal(Hmac* hmac, byte* hash)
    if (hmac->macType == MD5) {
        Md5Final(&hmac->hash.md5, (byte*) hmac->innerHash);

-        Md5Update(&hmac->hash.md5, (byte*) hmac->opad, HMAC_BLOCK_SIZE);
+        Md5Update(&hmac->hash.md5, (byte*) hmac->opad, MD5_BLOCK_SIZE);
        Md5Update(&hmac->hash.md5, (byte*) hmac->innerHash, MD5_DIGEST_SIZE);

        Md5Final(&hmac->hash.md5, hash);
    }
-    else if (hmac->macType ==SHA) {
+    else if (hmac->macType == SHA) {
        ShaFinal(&hmac->hash.sha, (byte*) hmac->innerHash);

-        ShaUpdate(&hmac->hash.sha, (byte*) hmac->opad, HMAC_BLOCK_SIZE);
+        ShaUpdate(&hmac->hash.sha, (byte*) hmac->opad, SHA_BLOCK_SIZE);
        ShaUpdate(&hmac->hash.sha, (byte*) hmac->innerHash, SHA_DIGEST_SIZE);

        ShaFinal(&hmac->hash.sha, hash);
    }
 #ifndef NO_SHA256
-    else if (hmac->macType ==SHA256) {
+    else if (hmac->macType == SHA256) {
        Sha256Final(&hmac->hash.sha256, (byte*) hmac->innerHash);

-        Sha256Update(&hmac->hash.sha256, (byte*) hmac->opad, HMAC_BLOCK_SIZE);
+        Sha256Update(&hmac->hash.sha256, (byte*) hmac->opad, SHA256_BLOCK_SIZE);
        Sha256Update(&hmac->hash.sha256, (byte*) hmac->innerHash,
                     SHA256_DIGEST_SIZE);

        Sha256Final(&hmac->hash.sha256, hash);
    }
 #endif
+#ifdef CYASSL_SHA384
+    else if (hmac->macType == SHA384) {
+        Sha384Final(&hmac->hash.sha384, (byte*) hmac->innerHash);
+
+        Sha384Update(&hmac->hash.sha384, (byte*) hmac->opad, SHA384_BLOCK_SIZE);
+        Sha384Update(&hmac->hash.sha384, (byte*) hmac->innerHash,
+                     SHA384_DIGEST_SIZE);
+
+        Sha384Final(&hmac->hash.sha384, hash);
+    }
+#endif

    hmac->innerHashKeyed = 0;
 }
--- a/ctaocrypt/src/integer.c
+++ b/ctaocrypt/src/integer.c
@ -1,6 +1,6 @@
 /* integer.c
 *
- * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ * Copyright (C) 2006-2012 Sawtooth Consulting Ltd.
 *
 * This file is part of CyaSSL.
 *
@ -37,6 +37,11 @@

 #include <cyassl/ctaocrypt/integer.h>

+#ifndef NO_CYASSL_SMALL_STACK
+    #ifndef CYASSL_SMALL_STACK
+        #define CYASSL_SMALL_STACK
+    #endif
+#endif

 /* math settings check */
 word32 CheckRunTimeSettings(void)
@ -116,6 +121,9 @@ mp_clear (mp_int * a)
 {
  int i;

+  if (a == NULL)
+      return;
+
  /* only do anything if a hasn't been freed previously */
  if (a->dp != NULL) {
    /* first zero the digits */
@ -1857,7 +1865,7 @@ int mp_exptmod_fast (mp_int * G, mp_int * X, mp_int * P, mp_int * Y,
    }

    /* grab the next msb from the exponent */
-    y     = (mp_digit)(buf >> (DIGIT_BIT - 1)) & 1;
+    y     = (int)(buf >> (DIGIT_BIT - 1)) & 1;
    buf <<= (mp_digit)1;

    /* if the bit is zero and mode == 0 then we ignore it
@ -2762,6 +2770,9 @@ int fast_s_mp_sqr (mp_int * a, mp_int * b)
    }
  }

+  if (pa > MP_WARRAY)
+    return MP_RANGE;  /* TAO range check */
+
 #ifdef CYASSL_SMALL_STACK
  W = (mp_digit*)XMALLOC(sizeof(mp_digit) * MP_WARRAY, 0, DYNAMIC_TYPE_BIGINT);
  if (W == NULL)    
@ -2878,6 +2889,8 @@ int fast_s_mp_mul_digs (mp_int * a, mp_int * b, mp_int * c, int digs)

  /* number of output digits to produce */
  pa = MIN(digs, a->used + b->used);
+  if (pa > MP_WARRAY)
+    return MP_RANGE;  /* TAO range check */

 #ifdef CYASSL_SMALL_STACK
  W = (mp_digit*)XMALLOC(sizeof(mp_digit) * MP_WARRAY, 0, DYNAMIC_TYPE_BIGINT);
@ -3260,7 +3273,7 @@ int s_mp_exptmod (mp_int * G, mp_int * X, mp_int * P, mp_int * Y, int redmode)
    }

    /* grab the next msb from the exponent */
-    y     = (buf >> (mp_digit)(DIGIT_BIT - 1)) & 1;
+    y     = (int)(buf >> (mp_digit)(DIGIT_BIT - 1)) & 1;
    buf <<= (mp_digit)1;

    /* if the bit is zero and mode == 0 then we ignore it
@ -3598,6 +3611,9 @@ int fast_s_mp_mul_high_digs (mp_int * a, mp_int * b, mp_int * c, int digs)
    }
  }

+  if (pa > MP_WARRAY)
+    return MP_RANGE;  /* TAO range check */
+  
 #ifdef CYASSL_SMALL_STACK
  W = (mp_digit*)XMALLOC(sizeof(mp_digit) * MP_WARRAY, 0, DYNAMIC_TYPE_BIGINT);
  if (W == NULL)    
@ -3664,6 +3680,34 @@ int fast_s_mp_mul_high_digs (mp_int * a, mp_int * b, mp_int * c, int digs)
 }


+/* set a 32-bit const */
+int mp_set_int (mp_int * a, unsigned long b)
+{
+  int     x, res;
+
+  mp_zero (a);
+  
+  /* set four bits at a time */
+  for (x = 0; x < 8; x++) {
+    /* shift the number up four bits */
+    if ((res = mp_mul_2d (a, 4, a)) != MP_OKAY) {
+      return res;
+    }
+
+    /* OR in the top four bits of the source */
+    a->dp[0] |= (b >> 28) & 15;
+
+    /* shift the source up to the next four bits */
+    b <<= 4;
+
+    /* ensure that digits are not clamped off */
+    a->used += 1;
+  }
+  mp_clamp (a);
+  return MP_OKAY;
+}
+
+
 #if defined(CYASSL_KEY_GEN) || defined(HAVE_ECC)

 /* c = a * a (mod b) */
@ -4329,32 +4373,6 @@ LBL_U:mp_clear (&v);
 }


-/* set a 32-bit const */
-int mp_set_int (mp_int * a, unsigned long b)
-{
-  int     x, res;
-
-  mp_zero (a);
-  
-  /* set four bits at a time */
-  for (x = 0; x < 8; x++) {
-    /* shift the number up four bits */
-    if ((res = mp_mul_2d (a, 4, a)) != MP_OKAY) {
-      return res;
-    }
-
-    /* OR in the top four bits of the source */
-    a->dp[0] |= (b >> 28) & 15;
-
-    /* shift the source up to the next four bits */
-    b <<= 4;
-
-    /* ensure that digits are not clamped off */
-    a->used += 1;
-  }
-  mp_clamp (a);
-  return MP_OKAY;
-}

 #endif /* CYASSL_KEY_GEN */

--- a/ctaocrypt/src/logging.c
+++ b/ctaocrypt/src/logging.c
@ -1,6 +1,6 @@
 /* logging.c
 *
- * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ * Copyright (C) 2006-2012 Sawtooth Consulting Ltd.
 *
 * This file is part of CyaSSL.
 *
@ -30,8 +30,15 @@
 #include <cyassl/ctaocrypt/error.h>


-CYASSL_API int  CyaSSL_Debugging_ON(void);
-CYASSL_API void CyaSSL_Debugging_OFF(void);
+#ifdef __cplusplus
+    extern "C" {
+#endif
+    CYASSL_API int  CyaSSL_Debugging_ON(void);
+    CYASSL_API void CyaSSL_Debugging_OFF(void);
+#ifdef __cplusplus
+    } 
+#endif
+

 #ifdef DEBUG_CYASSL

@ -81,7 +88,11 @@ void CyaSSL_Debugging_OFF(void)

 #ifdef DEBUG_CYASSL

-#include <stdio.h>   /* for default printf stuff */
+#ifdef FREESCALE_MQX
+    #include <fio.h>
+#else
+    #include <stdio.h>   /* for default printf stuff */
+#endif

 #ifdef THREADX
    int dc_log_printf(char*, ...);
--- a/ctaocrypt/src/md2.c
+++ b/ctaocrypt/src/md2.c
@ -0,0 +1,129 @@
+/* md2.c
+ *
+ * Copyright (C) 2006-2012 Sawtooth Consulting Ltd.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#ifdef CYASSL_MD2
+
+#include <cyassl/ctaocrypt/md2.h>
+#ifdef NO_INLINE
+    #include <cyassl/ctaocrypt/misc.h>
+#else
+    #include <ctaocrypt/src/misc.c>
+#endif
+
+
+void InitMd2(Md2* md2)
+{
+    XMEMSET(md2->X, 0, MD2_X_SIZE);
+    XMEMSET(md2->C, 0, MD2_BLOCK_SIZE);
+    XMEMSET(md2->buffer, 0, MD2_BLOCK_SIZE);
+    md2->count = 0;
+}
+
+
+void Md2Update(Md2* md2, const byte* data, word32 len)
+{
+    static const byte S[256] = 
+    {
+        41, 46, 67, 201, 162, 216, 124, 1, 61, 54, 84, 161, 236, 240, 6,
+        19, 98, 167, 5, 243, 192, 199, 115, 140, 152, 147, 43, 217, 188,
+        76, 130, 202, 30, 155, 87, 60, 253, 212, 224, 22, 103, 66, 111, 24,
+        138, 23, 229, 18, 190, 78, 196, 214, 218, 158, 222, 73, 160, 251,
+        245, 142, 187, 47, 238, 122, 169, 104, 121, 145, 21, 178, 7, 63,
+        148, 194, 16, 137, 11, 34, 95, 33, 128, 127, 93, 154, 90, 144, 50,
+        39, 53, 62, 204, 231, 191, 247, 151, 3, 255, 25, 48, 179, 72, 165,
+        181, 209, 215, 94, 146, 42, 172, 86, 170, 198, 79, 184, 56, 210,
+        150, 164, 125, 182, 118, 252, 107, 226, 156, 116, 4, 241, 69, 157,
+        112, 89, 100, 113, 135, 32, 134, 91, 207, 101, 230, 45, 168, 2, 27,
+        96, 37, 173, 174, 176, 185, 246, 28, 70, 97, 105, 52, 64, 126, 15,
+        85, 71, 163, 35, 221, 81, 175, 58, 195, 92, 249, 206, 186, 197,
+        234, 38, 44, 83, 13, 110, 133, 40, 132, 9, 211, 223, 205, 244, 65,
+        129, 77, 82, 106, 220, 55, 200, 108, 193, 171, 250, 36, 225, 123,
+        8, 12, 189, 177, 74, 120, 136, 149, 139, 227, 99, 232, 109, 233,
+        203, 213, 254, 59, 0, 29, 57, 242, 239, 183, 14, 102, 88, 208, 228,
+        166, 119, 114, 248, 235, 117, 75, 10, 49, 68, 80, 180, 143, 237,
+        31, 26, 219, 153, 141, 51, 159, 17, 131, 20
+    };
+
+    while (len) {
+        word32 L = (MD2_PAD_SIZE - md2->count) < len ?
+                   (MD2_PAD_SIZE - md2->count) : len;
+        XMEMCPY(md2->buffer + md2->count, data, L);
+        md2->count += L;
+        data += L;
+        len  -= L;
+
+        if (md2->count == MD2_PAD_SIZE) {
+            int  i;
+            byte t;
+
+            md2->count = 0;
+            XMEMCPY(md2->X + MD2_PAD_SIZE, md2->buffer, MD2_PAD_SIZE);
+            t = md2->C[15];
+
+            for(i = 0; i < MD2_PAD_SIZE; i++) {
+                md2->X[32 + i] = md2->X[MD2_PAD_SIZE + i] ^ md2->X[i];
+                t = md2->C[i] ^= S[md2->buffer[i] ^ t];
+            }
+
+            t=0;
+            for(i = 0; i < 18; i++) {
+                int j;
+                for(j = 0; j < MD2_X_SIZE; j += 8) {
+                    t = md2->X[j+0] ^= S[t];
+                    t = md2->X[j+1] ^= S[t];
+                    t = md2->X[j+2] ^= S[t];
+                    t = md2->X[j+3] ^= S[t];
+                    t = md2->X[j+4] ^= S[t];
+                    t = md2->X[j+5] ^= S[t];
+                    t = md2->X[j+6] ^= S[t];
+                    t = md2->X[j+7] ^= S[t];
+                }
+                t = (t + i) & 0xFF;
+            }
+        }
+    }
+}
+
+
+void Md2Final(Md2* md2, byte* hash)
+{
+    byte   padding[MD2_BLOCK_SIZE];
+    word32 padLen = MD2_PAD_SIZE - md2->count;
+    word32 i;
+
+    for (i = 0; i < padLen; i++)
+        padding[i] = (byte)padLen;
+
+    Md2Update(md2, padding, padLen);
+    Md2Update(md2, md2->C, MD2_BLOCK_SIZE);
+
+    XMEMCPY(hash, md2->X, MD2_DIGEST_SIZE);
+
+    InitMd2(md2);
+}
+
+
+#endif /* CYASSL_MD2 */
--- a/ctaocrypt/src/md4.c
+++ b/ctaocrypt/src/md4.c
@ -1,6 +1,6 @@
 /* md4.c
 *
- * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ * Copyright (C) 2006-2012 Sawtooth Consulting Ltd.
 *
 * This file is part of CyaSSL.
 *
@ -192,9 +192,9 @@ void Md4Final(Md4* md4, byte* hash)
    XMEMSET(&local[md4->buffLen], 0, MD4_PAD_SIZE - md4->buffLen);
   
    /* put lengths in bits */
-    md4->loLen = md4->loLen << 3;
    md4->hiLen = (md4->loLen >> (8*sizeof(md4->loLen) - 3)) + 
                 (md4->hiLen << 3);
+    md4->loLen = md4->loLen << 3;

    /* store lengths */
    #ifdef BIG_ENDIAN_ORDER
--- a/ctaocrypt/src/md5.c
+++ b/ctaocrypt/src/md5.c
@ -1,6 +1,6 @@
 /* md5.c
 *
- * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ * Copyright (C) 2006-2012 Sawtooth Consulting Ltd.
 *
 * This file is part of CyaSSL.
 *
@ -203,9 +203,9 @@ void Md5Final(Md5* md5, byte* hash)
    XMEMSET(&local[md5->buffLen], 0, MD5_PAD_SIZE - md5->buffLen);
   
    /* put lengths in bits */
-    md5->loLen = md5->loLen << 3;
    md5->hiLen = (md5->loLen >> (8*sizeof(md5->loLen) - 3)) + 
                 (md5->hiLen << 3);
+    md5->loLen = md5->loLen << 3;

    /* store lengths */
    #ifdef BIG_ENDIAN_ORDER
--- a/ctaocrypt/src/memory.c
+++ b/ctaocrypt/src/memory.c
@ -1,6 +1,6 @@
 /* memory.c 
 *
- * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ * Copyright (C) 2006-2012 Sawtooth Consulting Ltd.
 *
 * This file is part of CyaSSL.
 *
--- a/ctaocrypt/src/misc.c
+++ b/ctaocrypt/src/misc.c
@ -1,6 +1,6 @@
 /* misc.c
 *
- * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ * Copyright (C) 2006-2012 Sawtooth Consulting Ltd.
 *
 * This file is part of CyaSSL.
 *
@ -91,7 +91,7 @@ STATIC INLINE word32 ByteReverseWord32(word32 value)
 STATIC INLINE void ByteReverseWords(word32* out, const word32* in,
                                    word32 byteCount)
 {
-    word32 count = byteCount/sizeof(word32), i;
+    word32 count = byteCount/(word32)sizeof(word32), i;

    for (i = 0; i < count; i++)
        out[i] = ByteReverseWord32(in[i]);
@ -132,7 +132,7 @@ STATIC INLINE word64 ByteReverseWord64(word64 value)
 STATIC INLINE void ByteReverseWords64(word64* out, const word64* in,
                                      word32 byteCount)
 {
-    word32 count = byteCount/sizeof(word64), i;
+    word32 count = byteCount/(word32)sizeof(word64), i;

    for (i = 0; i < count; i++)
        out[i] = ByteReverseWord64(in[i]);
--- a/ctaocrypt/src/pwdbased.c
+++ b/ctaocrypt/src/pwdbased.c
@ -1,6 +1,6 @@
 /* pwdbased.c
 *
- * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ * Copyright (C) 2006-2012 Sawtooth Consulting Ltd.
 *
 * This file is part of CyaSSL.
 *
@ -54,7 +54,7 @@ int PBKDF1(byte* output, const byte* passwd, int pLen, const byte* salt,
 {
    Md5  md5;
    Sha  sha;
-    int  hLen = (hashType == MD5) ? MD5_DIGEST_SIZE : SHA_DIGEST_SIZE;
+    int  hLen = (hashType == MD5) ? (int)MD5_DIGEST_SIZE : (int)SHA_DIGEST_SIZE;
    int  i;
    byte buffer[SHA_DIGEST_SIZE];  /* max size */

@ -236,6 +236,16 @@ int PKCS12_PBKDF(byte* output, const byte* passwd, int passLen,const byte* salt,
        mp_int B1;

        if (hashType == MD5) {
+            Md5 md5;
+
+            InitMd5(&md5);
+            Md5Update(&md5, buffer, totalLen);
+            Md5Final(&md5, Ai);
+
+            for (i = 1; i < iterations; i++) {
+                Md5Update(&md5, Ai, u);
+                Md5Final(&md5, Ai);
+            }
        }
        else if (hashType == SHA) {
            Sha sha;
@ -251,21 +261,44 @@ int PKCS12_PBKDF(byte* output, const byte* passwd, int passLen,const byte* salt,
        }
 #ifndef NO_SHA256
        else if (hashType == SHA256) {
+            Sha256 sha256;
+
+            InitSha256(&sha256);
+            Sha256Update(&sha256, buffer, totalLen);
+            Sha256Final(&sha256, Ai);
+
+            for (i = 1; i < iterations; i++) {
+                Sha256Update(&sha256, Ai, u);
+                Sha256Final(&sha256, Ai);
+            }
        }
 #endif
 #ifdef CYASSL_SHA512
        else if (hashType == SHA512) {
+            Sha512 sha512;
+
+            InitSha512(&sha512);
+            Sha512Update(&sha512, buffer, totalLen);
+            Sha512Final(&sha512, Ai);
+
+            for (i = 1; i < iterations; i++) {
+                Sha512Update(&sha512, Ai, u);
+                Sha512Final(&sha512, Ai);
+            }
        }
 #endif

        for (i = 0; i < (int)v; i++)
            B[i] = Ai[i % u];

-        mp_init(&B1);
-        if (mp_read_unsigned_bin(&B1, B, v) != MP_OKAY)
+        if (mp_init(&B1) != MP_OKAY)
+            ret = MP_INIT_E;
+        else if (mp_read_unsigned_bin(&B1, B, v) != MP_OKAY)
            ret = MP_READ_E;
-        else if (mp_add_d(&B1, (mp_digit)1, &B1) != MP_OKAY) {
+        else if (mp_add_d(&B1, (mp_digit)1, &B1) != MP_OKAY)
            ret = MP_ADD_E;
+
+        if (ret != 0) {
            mp_clear(&B1);
            break;
        }
@ -275,9 +308,10 @@ int PKCS12_PBKDF(byte* output, const byte* passwd, int passLen,const byte* salt,
            mp_int i1;
            mp_int res;

-            mp_init(&i1);
-            mp_init(&res);
-
+            if (mp_init_multi(&i1, &res, NULL, NULL, NULL, NULL) != MP_OKAY) {
+                ret = MP_INIT_E;
+                break;
+            }
            if (mp_read_unsigned_bin(&i1, I + i, v) != MP_OKAY)
                ret = MP_READ_E;
            else if (mp_add(&i1, &B1, &res) != MP_OKAY)
--- a/ctaocrypt/src/rabbit.c
+++ b/ctaocrypt/src/rabbit.c
@ -1,6 +1,6 @@
 /* rabbit.c
 *
- * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ * Copyright (C) 2006-2012 Sawtooth Consulting Ltd.
 *
 * This file is part of CyaSSL.
 *
@ -39,7 +39,7 @@
    #define LITTLE32(x) (x)
 #endif

-#define U32V(x) (word32)(x)
+#define U32V(x) ((word32)(x) & 0xFFFFFFFFU)


 /* Square a 32-bit unsigned integer to obtain the 64-bit result and return */
@ -210,7 +210,7 @@ void RabbitProcess(Rabbit* ctx, byte* output, const byte* input, word32 msglen)
                   U32V(ctx->workCtx.x[1]<<16));

        /* Increment pointers and decrement length */
-        input += 16;
+        input  += 16;
        output += 16;
        msglen -= 16;
    }
@ -219,25 +219,25 @@ void RabbitProcess(Rabbit* ctx, byte* output, const byte* input, word32 msglen)
    if (msglen) {

        word32 i;
-        word32 tmp[4];
-        byte*  buffer = (byte*)tmp;
+        byte   buffer[16];

        /* Iterate the system */
        RABBIT_next_state(&(ctx->workCtx));

        /* Generate 16 bytes of pseudo-random data */
-        tmp[0] = LITTLE32(ctx->workCtx.x[0] ^
+        *(word32*)(buffer+ 0) = LITTLE32(ctx->workCtx.x[0] ^
                  (ctx->workCtx.x[5]>>16) ^ U32V(ctx->workCtx.x[3]<<16));
-        tmp[1] = LITTLE32(ctx->workCtx.x[2] ^ 
+        *(word32*)(buffer+ 4) = LITTLE32(ctx->workCtx.x[2] ^ 
                  (ctx->workCtx.x[7]>>16) ^ U32V(ctx->workCtx.x[5]<<16));
-        tmp[2] = LITTLE32(ctx->workCtx.x[4] ^ 
+        *(word32*)(buffer+ 8) = LITTLE32(ctx->workCtx.x[4] ^ 
                  (ctx->workCtx.x[1]>>16) ^ U32V(ctx->workCtx.x[7]<<16));
-        tmp[3] = LITTLE32(ctx->workCtx.x[6] ^ 
+        *(word32*)(buffer+12) = LITTLE32(ctx->workCtx.x[6] ^ 
                  (ctx->workCtx.x[3]>>16) ^ U32V(ctx->workCtx.x[1]<<16));

        /* Encrypt/decrypt the data */
        for (i=0; i<msglen; i++)
-            output[i] = input[i] ^ buffer[i];
+            output[i] = input[i] ^ buffer[i];  /* scan-build thinks buffer[i] */
+                                               /* is garbage, it is not! */ 
    }
 }

--- a/ctaocrypt/src/random.c
+++ b/ctaocrypt/src/random.c
@ -1,6 +1,6 @@
 /* random.c
 *
- * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ * Copyright (C) 2006-2012 Sawtooth Consulting Ltd.
 *
 * This file is part of CyaSSL.
 *
@ -33,13 +33,17 @@


 #if defined(USE_WINDOWS_API)
-    #define _WIN32_WINNT 0x0400
+    #ifndef _WIN32_WINNT
+        #define _WIN32_WINNT 0x0400
+    #endif
    #include <windows.h>
    #include <wincrypt.h>
 #else
    #ifndef NO_DEV_RANDOM
        #include <fcntl.h>
-        #include <unistd.h>
+        #ifndef EBSNET
+            #include <unistd.h>
+        #endif
    #else
        /* include headers that may be needed to get good seed */
    #endif
@ -99,7 +103,7 @@ int GenerateSeed(OS_Seed* os, byte* output, word32 sz)
 }


-#elif defined(THREADX)
+#elif defined(THREADX) || defined(EBSNET)

 #include "rtprand.h"   /* rtp_rand () */
 #include "rtptime.h"   /* rtp_get_system_msec() */
@ -142,6 +146,67 @@ int GenerateSeed(OS_Seed* os, byte* output, word32 sz)
    return 0;
 }

+#elif defined(CYASSL_SAFERTOS)
+
+#warning "write a real random seed!!!!, just for testing now"
+
+int GenerateSeed(OS_Seed* os, byte* output, word32 sz)
+{
+    int i;
+    for (i = 0; i < sz; i++ )
+        output[i] = i;
+
+    return 0;
+}
+
+#elif defined(FREESCALE_MQX)
+
+    #ifdef FREESCALE_K70_RNGA
+        /*
+         * Generates a RNG seed using the Random Number Generator Accelerator
+         * on the Kinetis K70. Documentation located in Chapter 37 of
+         * K70 Sub-Family Reference Manual (see Note 3 in the README for link).
+         */
+        int GenerateSeed(OS_Seed* os, byte* output, word32 sz)
+        {
+            int i;
+
+            /* turn on RNGA module */
+            SIM_SCGC3 |= SIM_SCGC3_RNGA_MASK;
+
+            /* set SLP bit to 0 - "RNGA is not in sleep mode" */
+            RNG_CR &= ~RNG_CR_SLP_MASK;
+
+            /* set HA bit to 1 - "security violations masked" */
+            RNG_CR |= RNG_CR_HA_MASK;
+
+            /* set GO bit to 1 - "output register loaded with data" */
+            RNG_CR |= RNG_CR_GO_MASK;
+
+            for (i = 0; i < sz; i++) {
+
+                /* wait for RNG FIFO to be full */
+                while((RNG_SR & RNG_SR_OREG_LVL(0xF)) == 0) {}
+
+                /* get value */
+                output[i] = RNG_OR;
+            }
+
+            return 0;
+        }
+	#else
+        #warning "write a real random seed!!!!, just for testing now"
+
+        int GenerateSeed(OS_Seed* os, byte* output, word32 sz)
+        {
+            int i;
+            for (i = 0; i < sz; i++ )
+                output[i] = i;
+
+            return 0;
+        }
+	#endif /* FREESCALE_K70_RNGA */
+
 #elif defined(NO_DEV_RANDOM)

 #error "you need to write an os specific GenerateSeed() here"
@ -164,7 +229,7 @@ int GenerateSeed(OS_Seed* os, byte* output, word32 sz)
    }

    while (sz) {
-        int len = read(os->fd, output, sz);
+        int len = (int)read(os->fd, output, sz);
        if (len == -1) { 
            ret = READ_RAN_E;
            break;
--- a/ctaocrypt/src/ripemd.c
+++ b/ctaocrypt/src/ripemd.c
@ -1,6 +1,6 @@
 /* ripemd.c
 *
- * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ * Copyright (C) 2006-2012 Sawtooth Consulting Ltd.
 *
 * This file is part of CyaSSL.
 *
--- a/ctaocrypt/src/rsa.c
+++ b/ctaocrypt/src/rsa.c
@ -1,6 +1,6 @@
 /* rsa.c
 *
- * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ * Copyright (C) 2006-2012 Sawtooth Consulting Ltd.
 *
 * This file is part of CyaSSL.
 *
@ -24,13 +24,19 @@
    #include <config.h>
 #endif

+#ifndef NO_RSA
+
 #include <cyassl/ctaocrypt/rsa.h>
 #include <cyassl/ctaocrypt/random.h>
 #include <cyassl/ctaocrypt/error.h>
 #include <cyassl/ctaocrypt/logging.h>

 #ifdef SHOW_GEN
-    #include <stdio.h>
+    #ifdef FREESCALE_MQX
+        #include <fio.h>
+    #else
+        #include <stdio.h>
+    #endif
 #endif


@ -406,7 +412,7 @@ static int rand_prime(mp_int* N, int len, RNG* rng, void* heap)
    }
   
    /* allocate buffer to work with */
-    buf = XMALLOC(len, heap, DYNAMIC_TYPE_RSA);
+    buf = (byte*)XMALLOC(len, heap, DYNAMIC_TYPE_RSA);
    if (buf == NULL) {
        return MEMORY_E;
    }
@ -496,7 +502,7 @@ int MakeRsaKey(RsaKey* key, int size, long e, RNG* rng)
        err = mp_init_multi(&key->n, &key->e, &key->d, &key->p, &key->q, NULL);

    if (err == MP_OKAY)
-        err = mp_init_multi(&key->dP, &key->dP, &key->u, NULL, NULL, NULL);
+        err = mp_init_multi(&key->dP, &key->dQ, &key->u, NULL, NULL, NULL);

    if (err == MP_OKAY)
        err = mp_sub_d(&p, 1, &tmp2);  /* tmp2 = p-1 */
@ -553,5 +559,6 @@ int MakeRsaKey(RsaKey* key, int size, long e, RNG* rng)
 }


-#endif /* CYASLS_KEY_GEN */
+#endif /* CYASSL_KEY_GEN */

+#endif /* NO_RSA */
--- a/ctaocrypt/src/sha.c
+++ b/ctaocrypt/src/sha.c
@ -1,6 +1,6 @@
 /* sha.c
 *
- * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ * Copyright (C) 2006-2012 Sawtooth Consulting Ltd.
 *
 * This file is part of CyaSSL.
 *
@ -178,9 +178,9 @@ void ShaFinal(Sha* sha, byte* hash)
    XMEMSET(&local[sha->buffLen], 0, SHA_PAD_SIZE - sha->buffLen);
   
    /* put lengths in bits */
-    sha->loLen = sha->loLen << 3;
    sha->hiLen = (sha->loLen >> (8*sizeof(sha->loLen) - 3)) + 
                 (sha->hiLen << 3);
+    sha->loLen = sha->loLen << 3;

    /* store lengths */
    #ifdef LITTLE_ENDIAN_ORDER
--- a/ctaocrypt/src/sha256.c
+++ b/ctaocrypt/src/sha256.c
@ -1,6 +1,6 @@
 /* sha256.c
 *
- * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ * Copyright (C) 2006-2012 Sawtooth Consulting Ltd.
 *
 * This file is part of CyaSSL.
 *
@ -81,7 +81,7 @@ static const word32 K[64] = {
 #define Ch(x,y,z)       (z ^ (x & (y ^ z)))
 #define Maj(x,y,z)      (((x | y) & z) | (x & y))
 #define S(x, n)         rotrFixed(x, n)
-#define R(x, n)         (((x)&0xFFFFFFFFL)>>(n))
+#define R(x, n)         (((x)&0xFFFFFFFFU)>>(n))
 #define Sigma0(x)       (S(x, 2) ^ S(x, 13) ^ S(x, 22))
 #define Sigma1(x)       (S(x, 6) ^ S(x, 11) ^ S(x, 25))
 #define Gamma0(x)       (S(x, 7) ^ S(x, 18) ^ R(x, 3))
@ -182,9 +182,9 @@ void Sha256Final(Sha256* sha256, byte* hash)
    XMEMSET(&local[sha256->buffLen], 0, SHA256_PAD_SIZE - sha256->buffLen);

    /* put lengths in bits */
-    sha256->loLen = sha256->loLen << 3;
    sha256->hiLen = (sha256->loLen >> (8*sizeof(sha256->loLen) - 3)) +
                 (sha256->hiLen << 3);
+    sha256->loLen = sha256->loLen << 3;

    /* store lengths */
    #ifdef LITTLE_ENDIAN_ORDER
--- a/ctaocrypt/src/sha512.c
+++ b/ctaocrypt/src/sha512.c
@ -1,6 +1,6 @@
 /* sha512.c
 *
- * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ * Copyright (C) 2006-2012 Sawtooth Consulting Ltd.
 *
 * This file is part of CyaSSL.
 *
@ -128,6 +128,11 @@ static const word64 K512[80] = {
 #define R(i) h(i)+=S1(e(i))+Ch(e(i),f(i),g(i))+K[i+j]+(j?blk2(i):blk0(i));\
 	d(i)+=h(i);h(i)+=S0(a(i))+Maj(a(i),b(i),c(i))

+#define blk384(i) (W[i] = sha384->buffer[i])
+
+#define R2(i) h(i)+=S1(e(i))+Ch(e(i),f(i),g(i))+K[i+j]+(j?blk2(i):blk384(i));\
+	d(i)+=h(i);h(i)+=S0(a(i))+Maj(a(i),b(i),c(i))
+

 static void Transform(Sha512* sha512)
 {
@ -209,7 +214,7 @@ void Sha512Final(Sha512* sha512, byte* hash)

    /* pad with zeros */
    if (sha512->buffLen > SHA512_PAD_SIZE) {
-        XMEMSET(&local[sha512->buffLen], 0, SHA512_BLOCK_SIZE - sha512->buffLen);
+        XMEMSET(&local[sha512->buffLen], 0, SHA512_BLOCK_SIZE -sha512->buffLen);
        sha512->buffLen += SHA512_BLOCK_SIZE - sha512->buffLen;

        #ifdef LITTLE_ENDIAN_ORDER
@ -221,9 +226,9 @@ void Sha512Final(Sha512* sha512, byte* hash)
    XMEMSET(&local[sha512->buffLen], 0, SHA512_PAD_SIZE - sha512->buffLen);
   
    /* put lengths in bits */
-    sha512->loLen = sha512->loLen << 3;
    sha512->hiLen = (sha512->loLen >> (8*sizeof(sha512->loLen) - 3)) + 
                 (sha512->hiLen << 3);
+    sha512->loLen = sha512->loLen << 3;

    /* store lengths */
    #ifdef LITTLE_ENDIAN_ORDER
@ -243,4 +248,139 @@ void Sha512Final(Sha512* sha512, byte* hash)
 }


+
+#ifdef CYASSL_SHA384
+
+void InitSha384(Sha384* sha384)
+{
+    sha384->digest[0] = W64LIT(0xcbbb9d5dc1059ed8);
+    sha384->digest[1] = W64LIT(0x629a292a367cd507);
+    sha384->digest[2] = W64LIT(0x9159015a3070dd17);
+    sha384->digest[3] = W64LIT(0x152fecd8f70e5939);
+    sha384->digest[4] = W64LIT(0x67332667ffc00b31);
+    sha384->digest[5] = W64LIT(0x8eb44a8768581511);
+    sha384->digest[6] = W64LIT(0xdb0c2e0d64f98fa7);
+    sha384->digest[7] = W64LIT(0x47b5481dbefa4fa4);
+
+    sha384->buffLen = 0;
+    sha384->loLen   = 0;
+    sha384->hiLen   = 0;
+}
+
+
+static void Transform384(Sha384* sha384)
+{
+    const word64* K = K512;
+
+    word32 j;
+    word64 W[16];
+    word64 T[8];
+
+    /* Copy digest to working vars */
+    XMEMCPY(T, sha384->digest, sizeof(T));
+
+    /* 64 operations, partially loop unrolled */
+    for (j = 0; j < 80; j += 16) {
+        R2( 0); R2( 1); R2( 2); R2( 3);
+        R2( 4); R2( 5); R2( 6); R2( 7);
+        R2( 8); R2( 9); R2(10); R2(11);
+        R2(12); R2(13); R2(14); R2(15);
+    }
+
+    /* Add the working vars back into digest */
+
+    sha384->digest[0] += a(0);
+    sha384->digest[1] += b(0);
+    sha384->digest[2] += c(0);
+    sha384->digest[3] += d(0);
+    sha384->digest[4] += e(0);
+    sha384->digest[5] += f(0);
+    sha384->digest[6] += g(0);
+    sha384->digest[7] += h(0);
+
+    /* Wipe variables */
+    XMEMSET(W, 0, sizeof(W));
+    XMEMSET(T, 0, sizeof(T));
+}
+
+
+static INLINE void AddLength384(Sha384* sha384, word32 len)
+{
+    word32 tmp = sha384->loLen;
+    if ( (sha384->loLen += len) < tmp)
+        sha384->hiLen++;                       /* carry low to high */
+}
+
+
+void Sha384Update(Sha384* sha384, const byte* data, word32 len)
+{
+    /* do block size increments */
+    byte* local = (byte*)sha384->buffer;
+
+    while (len) {
+        word32 add = min(len, SHA384_BLOCK_SIZE - sha384->buffLen);
+        XMEMCPY(&local[sha384->buffLen], data, add);
+
+        sha384->buffLen += add;
+        data         += add;
+        len          -= add;
+
+        if (sha384->buffLen == SHA384_BLOCK_SIZE) {
+            #ifdef LITTLE_ENDIAN_ORDER
+                ByteReverseWords64(sha384->buffer, sha384->buffer,
+                                   SHA384_BLOCK_SIZE);
+            #endif
+            Transform384(sha384);
+            AddLength384(sha384, SHA384_BLOCK_SIZE);
+            sha384->buffLen = 0;
+        }
+    }
+}
+
+
+void Sha384Final(Sha384* sha384, byte* hash)
+{
+    byte* local = (byte*)sha384->buffer;
+
+    AddLength384(sha384, sha384->buffLen);              /* before adding pads */
+
+    local[sha384->buffLen++] = 0x80;  /* add 1 */
+
+    /* pad with zeros */
+    if (sha384->buffLen > SHA384_PAD_SIZE) {
+        XMEMSET(&local[sha384->buffLen], 0, SHA384_BLOCK_SIZE -sha384->buffLen);
+        sha384->buffLen += SHA384_BLOCK_SIZE - sha384->buffLen;
+
+        #ifdef LITTLE_ENDIAN_ORDER
+            ByteReverseWords64(sha384->buffer,sha384->buffer,SHA384_BLOCK_SIZE);
+        #endif
+        Transform384(sha384);
+        sha384->buffLen = 0;
+    }
+    XMEMSET(&local[sha384->buffLen], 0, SHA384_PAD_SIZE - sha384->buffLen);
+   
+    /* put lengths in bits */
+    sha384->hiLen = (sha384->loLen >> (8*sizeof(sha384->loLen) - 3)) + 
+                 (sha384->hiLen << 3);
+    sha384->loLen = sha384->loLen << 3;
+
+    /* store lengths */
+    #ifdef LITTLE_ENDIAN_ORDER
+        ByteReverseWords64(sha384->buffer, sha384->buffer, SHA384_PAD_SIZE);
+    #endif
+    /* ! length ordering dependent on digest endian type ! */
+    sha384->buffer[SHA384_BLOCK_SIZE / sizeof(word64) - 2] = sha384->hiLen;
+    sha384->buffer[SHA384_BLOCK_SIZE / sizeof(word64) - 1] = sha384->loLen;
+
+    Transform384(sha384);
+    #ifdef LITTLE_ENDIAN_ORDER
+        ByteReverseWords64(sha384->digest, sha384->digest, SHA384_DIGEST_SIZE);
+    #endif
+    XMEMCPY(hash, sha384->digest, SHA384_DIGEST_SIZE);
+
+    InitSha384(sha384);  /* reset state */
+}
+
+#endif /* CYASSL_SHA384 */
+
 #endif /* CYASSL_SHA512 */
--- a/ctaocrypt/src/tfm.c
+++ b/ctaocrypt/src/tfm.c
@ -1,6 +1,6 @@
 /* tfm.c
 *
- * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ * Copyright (C) 2006-2012 Sawtooth Consulting Ltd.
 *
 * This file is part of CyaSSL.
 *
@ -1005,7 +1005,7 @@ static int _fp_exptmod(fp_int * G, fp_int * X, fp_int * P, fp_int * Y)
    }

    /* grab the next msb from the exponent */
-    y     = (fp_digit)(buf >> (DIGIT_BIT - 1)) & 1;
+    y     = (int)(buf >> (DIGIT_BIT - 1)) & 1;
    buf <<= (fp_digit)1;

    /* do ops */
@ -1107,7 +1107,7 @@ static int _fp_exptmod(fp_int * G, fp_int * X, fp_int * P, fp_int * Y)
    }

    /* grab the next msb from the exponent */
-    y     = (fp_digit)(buf >> (DIGIT_BIT - 1)) & 1;
+    y     = (int)(buf >> (DIGIT_BIT - 1)) & 1;
    buf <<= (fp_digit)1;

    /* if the bit is zero and mode == 0 then we ignore it
@ -1548,7 +1548,7 @@ void fp_montgomery_calc_normalization(fp_int *a, fp_int *b)
 /* computes x/R == x (mod N) via Montgomery Reduction */
 void fp_montgomery_reduce(fp_int *a, fp_int *m, fp_digit mp)
 {
-   fp_digit c[FP_SIZE], *_c, *tmpm, mu;
+   fp_digit c[FP_SIZE], *_c, *tmpm, mu = 0;
   int      oldused, x, y, pa;

   /* bail if too large */
@ -1800,6 +1800,15 @@ void fp_reverse (unsigned char *s, int len)
 }


+/* c = a - b */
+void fp_sub_d(fp_int *a, fp_digit b, fp_int *c)
+{
+   fp_int tmp;
+   fp_set(&tmp, b);
+   fp_sub(a, &tmp, c);
+}
+
+
 /* CyaSSL callers from normal lib */

 /* init a new mp_int */
@ -1917,6 +1926,50 @@ int mp_read_unsigned_bin (mp_int * a, const unsigned char *b, int c)
 }


+int mp_sub_d(fp_int *a, fp_digit b, fp_int *c)
+{
+    fp_sub_d(a, b, c);
+    return MP_OKAY;
+}
+
+
+/* fast math conversion */
+int mp_copy(fp_int* a, fp_int* b)
+{
+    fp_copy(a, b);
+    return MP_OKAY;
+}
+
+
+/* fast math conversion */
+int mp_isodd(mp_int* a)
+{
+    return fp_isodd(a);
+}
+
+
+/* fast math conversion */
+int mp_iszero(mp_int* a)
+{
+    return fp_iszero(a);
+}
+
+
+/* fast math conversion */
+int mp_count_bits (mp_int* a)
+{
+    return fp_count_bits(a);
+}
+
+
+/* fast math wrappers */
+int mp_set_int(fp_int *a, fp_digit b)
+{
+    fp_set(a, b);
+    return MP_OKAY;
+}
+
+
 #if defined(CYASSL_KEY_GEN) || defined (HAVE_ECC)

 /* c = a * a (mod b) */
@ -1941,14 +1994,6 @@ int mp_montgomery_calc_normalization(mp_int *a, mp_int *b)
    return MP_OKAY;
 }

-/* fast math conversion */
-int mp_copy(fp_int* a, fp_int* b)
-{
-    fp_copy(a, b);
-    return MP_OKAY;
-}
-
-
 #endif /* CYASSL_KEYGEN || HAVE_ECC */


@ -1956,18 +2001,9 @@ int mp_copy(fp_int* a, fp_int* b)

 void fp_gcd(fp_int *a, fp_int *b, fp_int *c);
 void fp_lcm(fp_int *a, fp_int *b, fp_int *c);
-void fp_sub_d(fp_int *a, fp_digit b, fp_int *c);
 int  fp_isprime(fp_int *a);
 int  fp_cnt_lsb(fp_int *a);

-/* fast math wrappers */
-int mp_set_int(fp_int *a, fp_digit b)
-{
-    fp_set(a, b);
-    return MP_OKAY;
-}
-
-
 int mp_gcd(fp_int *a, fp_int *b, fp_int *c)
 {
    fp_gcd(a, b, c);
@ -1982,13 +2018,6 @@ int mp_lcm(fp_int *a, fp_int *b, fp_int *c)
 }


-int mp_sub_d(fp_int *a, fp_digit b, fp_int *c)
-{
-    fp_sub_d(a, b, c);
-    return MP_OKAY;
-}
-
-
 int mp_prime_is_prime(mp_int* a, int t, int* result)
 {
    (void)t;
@ -1998,15 +2027,6 @@ int mp_prime_is_prime(mp_int* a, int t, int* result)



-/* c = a - b */
-void fp_sub_d(fp_int *a, fp_digit b, fp_int *c)
-{
-   fp_int tmp;
-   fp_set(&tmp, b);
-   fp_sub(a, &tmp, c);
-}
-
-
 static int s_is_power_of_two(fp_digit b, int *p)
 {
   int x;
@ -2408,12 +2428,6 @@ int mp_read_radix(mp_int *a, const char *str, int radix)
    return fp_read_radix(a, str, radix);
 }

-/* fast math conversion */
-int mp_iszero(mp_int* a)
-{
-    return fp_iszero(a);
-}
-
 /* fast math conversion */
 int mp_set(fp_int *a, fp_digit b)
 {
@ -2442,19 +2456,21 @@ int mp_montgomery_setup(fp_int *a, fp_digit *rho)
    return fp_montgomery_setup(a, rho);
 }

-/* fast math conversion */
-int mp_isodd(mp_int* a)
-{
-    return fp_isodd(a);
-}
-
-
 int mp_div_2(fp_int * a, fp_int * b)
 {
    fp_div_2(a, b);
    return MP_OKAY;
 }

+
+int mp_init_copy(fp_int * a, fp_int * b)
+{
+    fp_init_copy(a, b);
+    return MP_OKAY;
+}
+
+
+
 #endif /* HAVE_ECC */

 #endif /* USE_FAST_MATH */
--- a/ctaocrypt/test/include.am
+++ b/ctaocrypt/test/include.am
@ -5,5 +5,6 @@ noinst_PROGRAMS+= ctaocrypt/test/testctaocrypt
 ctaocrypt_test_testctaocrypt_SOURCES      = ctaocrypt/test/test.c
 ctaocrypt_test_testctaocrypt_LDADD        = src/libcyassl.la
 ctaocrypt_test_testctaocrypt_DEPENDENCIES = src/libcyassl.la
+noinst_HEADERS += ctaocrypt/test/test.h
 EXTRA_DIST += ctaocrypt/test/test.sln
 EXTRA_DIST += ctaocrypt/test/test.vcproj
--- a/ctaocrypt/test/test.c
+++ b/ctaocrypt/test/test.c
--- a/ctaocrypt/test/test.h
+++ b/ctaocrypt/test/test.h
@ -0,0 +1,33 @@
+/* ctaocrypt/test/test.h
+ *
+ * Copyright (C) 2006-2012 Sawtooth Consulting Ltd.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+#pragma once
+
+#ifdef __cplusplus
+    extern "C" {
+#endif
+
+void ctaocrypt_test(void* args);
+
+#ifdef __cplusplus
+    }  /* extern "C" */
+#endif
+
--- a/cyassl-ntru.vcproj
+++ b/cyassl-ntru.vcproj
@ -182,6 +182,10 @@
 				RelativePath=".\ctaocrypt\src\dsa.c"
 				>
 			</File>
+			<File
+				RelativePath=".\ctaocrypt\src\error.c"
+				>
+			</File>
 			<File
 				RelativePath=".\ctaocrypt\src\hc128.c"
 				>
--- a/cyassl.vcproj
+++ b/cyassl.vcproj
@ -178,6 +178,10 @@
 				RelativePath=".\ctaocrypt\src\dsa.c"
 				>
 			</File>
+			<File
+				RelativePath=".\ctaocrypt\src\error.c"
+				>
+			</File>
 			<File
 				RelativePath=".\ctaocrypt\src\hc128.c"
 				>
--- a/cyassl/callbacks.h
+++ b/cyassl/callbacks.h
@ -1,6 +1,6 @@
 /* cyassl_callbacks.h
 *
- * Copyright (C) 2011 Sawtooth Consulting Ltd.
+ * Copyright (C) 2012 Sawtooth Consulting Ltd.
 *
 * This file is part of CyaSSL.
 *
--- a/cyassl/crl.h
+++ b/cyassl/crl.h
@ -0,0 +1,47 @@
+/* crl.h
+ *
+ * Copyright (C) 2006-2012 Sawtooth Consulting Ltd.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+
+#ifndef CYASSL_CRL_H
+#define CYASSL_CRL_H
+
+#include <cyassl/ssl.h>
+#include <cyassl/ctaocrypt/asn.h>
+
+#ifdef __cplusplus
+    extern "C" {
+#endif
+
+typedef struct CYASSL_CRL CYASSL_CRL;
+
+CYASSL_LOCAL int  InitCRL(CYASSL_CRL*, CYASSL_CERT_MANAGER*);
+CYASSL_LOCAL void FreeCRL(CYASSL_CRL*);
+
+CYASSL_LOCAL int  LoadCRL(CYASSL_CRL* crl, const char* path, int type, int mon);
+CYASSL_LOCAL int  BufferLoadCRL(CYASSL_CRL*, const byte*, long, int);
+CYASSL_LOCAL int  CheckCertCRL(CYASSL_CRL*, DecodedCert*);
+
+
+#ifdef __cplusplus
+    }  /* extern "C" */
+#endif
+
+#endif /* CYASSL_CRL_H */
--- a/cyassl/ctaocrypt/aes.h
+++ b/cyassl/ctaocrypt/aes.h
@ -1,6 +1,6 @@
 /* aes.h
 *
- * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ * Copyright (C) 2006-2012 Sawtooth Consulting Ltd.
 *
 * This file is part of CyaSSL.
 *
@ -54,6 +54,7 @@


 enum {
+    AES_ENC_TYPE   = 1,   /* cipher unique type */
    AES_ENCRYPTION = 0,
    AES_DECRYPTION = 1,
    AES_BLOCK_SIZE = 16
@ -67,13 +68,43 @@ typedef struct Aes {

    ALIGN16 word32 reg[AES_BLOCK_SIZE / sizeof(word32)];      /* for CBC mode */
    ALIGN16 word32 tmp[AES_BLOCK_SIZE / sizeof(word32)];      /* same         */
+
+#ifdef HAVE_AESGCM
+    ALIGN16 byte H[AES_BLOCK_SIZE];
+#ifdef GCM_TABLE
+    /* key-based fast multiplication table. */
+    ALIGN16 byte M0[256][AES_BLOCK_SIZE];
+#endif /* GCM_TABLE */
+#endif /* HAVE_AESGCM */
+#ifdef CYASSL_AESNI
+    byte use_aesni;
+#endif /* CYASSL_AESNI */
 } Aes;


 CYASSL_API int  AesSetKey(Aes* aes, const byte* key, word32 len, const byte* iv,
                          int dir);
+CYASSL_API int  AesSetIV(Aes* aes, const byte* iv);
 CYASSL_API void AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz);
 CYASSL_API void AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz);
+CYASSL_API void AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz);
+CYASSL_API void AesEncryptDirect(Aes* aes, byte* out, const byte* in);
+CYASSL_API void AesDecryptDirect(Aes* aes, byte* out, const byte* in);
+CYASSL_API int  AesSetKeyDirect(Aes* aes, const byte* key, word32 len,
+                                const byte* iv, int dir);
+#ifdef HAVE_AESGCM
+CYASSL_API void AesGcmSetKey(Aes* aes, const byte* key, word32 len,
+                              const byte* implicitIV);
+CYASSL_API void AesGcmSetExpIV(Aes* aes, const byte* iv);
+CYASSL_API void AesGcmGetExpIV(Aes* aes, byte* iv);
+CYASSL_API void AesGcmIncExpIV(Aes* aes);
+CYASSL_API void AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
+                              byte* authTag, word32 authTagSz,
+                              const byte* authIn, word32 authInSz);
+CYASSL_API int  AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
+                              const byte* authTag, word32 authTagSz,
+                              const byte* authIn, word32 authInSz);
+#endif /* HAVE_AESGCM */


 #ifdef __cplusplus
--- a/cyassl/ctaocrypt/arc4.h
+++ b/cyassl/ctaocrypt/arc4.h
@ -1,6 +1,6 @@
 /* arc4.h
 *
- * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ * Copyright (C) 2006-2012 Sawtooth Consulting Ltd.
 *
 * This file is part of CyaSSL.
 *
@ -33,6 +33,7 @@


 enum {
+	ARC4_ENC_TYPE   = 4,    /* cipher unique type */
    ARC4_STATE_SIZE = 256
 };

--- a/cyassl/ctaocrypt/asn.h
+++ b/cyassl/ctaocrypt/asn.h
@ -1,6 +1,6 @@
 /* asn.h
 *
- * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ * Copyright (C) 2006-2012 Sawtooth Consulting Ltd.
 *
 * This file is part of CyaSSL.
 *
@ -19,6 +19,7 @@
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
 */

+#ifndef NO_ASN

 #ifndef CTAO_CRYPT_ASN_H
 #define CTAO_CRYPT_ASN_H
@ -28,6 +29,7 @@
 #include <cyassl/ctaocrypt/dh.h>
 #include <cyassl/ctaocrypt/dsa.h>
 #include <cyassl/ctaocrypt/sha.h>
+#include <cyassl/ctaocrypt/md5.h>
 #include <cyassl/ctaocrypt/asn_public.h>   /* public interface */
 #ifdef HAVE_ECC
    #include <cyassl/ctaocrypt/ecc.h>
@ -50,15 +52,19 @@ enum {

 /* ASN Tags   */
 enum ASN_Tags {        
+    ASN_BOOLEAN           = 0x01,
    ASN_INTEGER           = 0x02,
    ASN_BIT_STRING        = 0x03,
    ASN_OCTET_STRING      = 0x04,
    ASN_TAG_NULL          = 0x05,
    ASN_OBJECT_ID         = 0x06,
+    ASN_ENUMERATED        = 0x0a,
    ASN_SEQUENCE          = 0x10,
    ASN_SET               = 0x11,
    ASN_UTC_TIME          = 0x17,
+    ASN_DNS_TYPE          = 0x02,
    ASN_GENERALIZED_TIME  = 0x18,
+    CRL_EXTENSIONS        = 0xa0,
    ASN_EXTENSIONS        = 0xa3,
    ASN_LONG_LENGTH       = 0x80
 };
@ -92,6 +98,11 @@ enum ENCRYPTION_TYPES {
    RC4_TYPE  = 2
 };

+enum ECC_TYPES {
+    ECC_PREFIX_0 = 160,
+    ECC_PREFIX_1 = 161
+};
+
 enum Misc_ASN { 
    ASN_NAME_MAX        = 256,
    MAX_SALT_SIZE       =  64,     /* MAX PKCS Salt length */
@ -101,6 +112,7 @@ enum Misc_ASN {
    PKCS5v2             =   6,     /* PKCS #5 v2.0 */
    PKCS12              =  12,     /* PKCS #12 */
    MAX_UNICODE_SZ      = 256,
+    ASN_BOOL_SIZE       =   2,     /* including type */
    SHA_SIZE            =  20,
    RSA_INTS            =   8,     /* RSA ints in private key */
    MIN_DATE_SIZE       =  13,
@ -119,10 +131,18 @@ enum Misc_ASN {
    MAX_LENGTH_SZ       =   4,     /* Max length size for DER encoding */
    MAX_RSA_E_SZ        =  16,     /* Max RSA public e size */
    MAX_CA_SZ           =  32,     /* Max encoded CA basic constraint length */
+    MAX_SN_SZ           =  35,     /* Max encoded serial number (INT) length */
 #ifdef CYASSL_CERT_GEN
-    MAX_EXTENSIONS_SZ   = 1 + MAX_LENGTH_SZ + CTC_MAX_ALT_SIZE,
+    #ifdef CYASSL_ALT_NAMES
+        MAX_EXTENSIONS_SZ   = 1 + MAX_LENGTH_SZ + CTC_MAX_ALT_SIZE,
+    #else
+        MAX_EXTENSIONS_SZ   = 1 + MAX_LENGTH_SZ + MAX_CA_SZ,
+    #endif
                                   /* Max total extensions, id + len + others */
 #endif
+    MAX_OCSP_EXT_SZ     = 58,      /* Max OCSP Extension length */
+    MAX_OCSP_NONCE_SZ   = 18,      /* OCSP Nonce size           */
+    EIGHTK_BUF          = 8192,    /* Tmp buffer size           */
    MAX_PUBLIC_KEY_SZ   = MAX_NTRU_ENC_SZ + MAX_ALGO_SZ + MAX_SEQ_SZ * 2
                                   /* use bigger NTRU size */
 };
@ -135,23 +155,16 @@ enum Oid_Types {
 };


-enum Sig_Sum  {
-    SHAwDSA    = 517,
-    MD2wRSA    = 646,
-    MD5wRSA    = 648,
-    SHAwRSA    = 649,
-    SHAwECDSA  = 520,
-    SHA256wRSA   = 655,
-    SHA256wECDSA = 524
-};
-
 enum Hash_Sum  {
    MD2h    = 646,
    MD5h    = 649,
    SHAh    =  88,
-    SHA256h = 414
+    SHA256h = 414,
+    SHA384h = 415,
+    SHA512h = 416
 };

+
 enum Key_Sum {
    DSAk   = 515,
    RSAk   = 645,
@ -159,6 +172,7 @@ enum Key_Sum {
    ECDSAk = 518
 };

+
 enum Ecc_Sum {
    ECC_256R1 = 526,
    ECC_384R1 = 210,
@ -175,7 +189,11 @@ enum KDF_Sum {


 enum Extensions_Sum {
-    ALT_NAMES_OID = 131 
+    BASIC_CA_OID  = 133,
+    ALT_NAMES_OID = 131,
+    CRL_DIST_OID  = 145,
+    AUTH_INFO_OID = 69,
+    CA_ISSUER_OID = 117
 };


@ -185,6 +203,13 @@ enum VerifyType {
 };


+typedef struct DNS_entry   DNS_entry;
+
+struct DNS_entry {
+    DNS_entry* next;   /* next on DNS list */
+    char*      name;   /* actual DNS name */
+};
+
 typedef struct DecodedCert DecodedCert;
 typedef struct Signer      Signer;

@ -198,11 +223,16 @@ struct DecodedCert {
    word32  sigLength;               /* length of signature              */
    word32  signatureOID;            /* sum of algorithm object id       */
    word32  keyOID;                  /* sum of key algo  object id       */
+    DNS_entry* altNames;             /* alt names list of dns entries    */
    byte    subjectHash[SHA_SIZE];   /* hash of all Names                */
    byte    issuerHash[SHA_SIZE];    /* hash of all Names                */
+#ifdef HAVE_OCSP
+    byte    issuerKeyHash[SHA_SIZE]; /* hash of the public Key           */
+#endif /* HAVE_OCSP */
    byte*   signature;               /* not owned, points into raw cert  */
    char*   subjectCN;               /* CommonName                       */
    int     subjectCNLen;
+    int     subjectCNStored;         /* have we saved a copy we own      */
    char    issuer[ASN_NAME_MAX];    /* full name including common name  */
    char    subject[ASN_NAME_MAX];   /* full name including common name  */
    int     verify;                  /* Default to yes, but could be off */
@ -215,6 +245,11 @@ struct DecodedCert {
    byte*   extensions;              /* not owned, points into raw cert  */
    int     extensionsSz;            /* length of cert extensions */
    word32  extensionsIdx;           /* if want to go back and parse later */
+    byte*   extAuthInfo;             /* Authority Information Access URI */
+    int     extAuthInfoSz;           /* length of the URI                */
+    byte*   extCrlInfo;              /* CRL Distribution Points          */
+    int     extCrlInfoSz;            /* length of the URI                */
+    byte    isCA;                    /* CA basic constraint true */
 #ifdef CYASSL_CERT_GEN
    /* easy access to subject info for other sign */
    char*   subjectSN;
@ -231,6 +266,10 @@ struct DecodedCert {
    int     subjectOULen;
    char*   subjectEmail;
    int     subjectEmailLen;
+    byte*   beforeDate;
+    int     beforeDateLen;
+    byte*   afterDate;
+    int     afterDateLen;
 #endif /* CYASSL_CERT_GEN */
 };

@ -253,13 +292,13 @@ struct Signer {
    #define CYASSL_TEST_API CYASSL_LOCAL
 #endif

+CYASSL_TEST_API void FreeAltNames(DNS_entry*, void*);
 CYASSL_TEST_API void InitDecodedCert(DecodedCert*, byte*, word32, void*);
 CYASSL_TEST_API void FreeDecodedCert(DecodedCert*);
-CYASSL_TEST_API int  ParseCert(DecodedCert*, int type, int verify,
-                               Signer* signer);
+CYASSL_TEST_API int  ParseCert(DecodedCert*, int type, int verify, void* cm);

-CYASSL_LOCAL int ParseCertRelative(DecodedCert*, int type, int verify,
-                                   Signer* signer);
+CYASSL_LOCAL int ParseCertRelative(DecodedCert*, int type, int verify,void* cm);
+CYASSL_LOCAL int DecodeToKey(DecodedCert*, int verify);

 CYASSL_LOCAL word32 EncodeSignature(byte* out, const byte* digest, word32 digSz,
                                    int hashOID);
@ -271,6 +310,7 @@ CYASSL_LOCAL void    FreeSigners(Signer*, void*);
 CYASSL_LOCAL int ToTraditional(byte* buffer, word32 length);
 CYASSL_LOCAL int ToTraditionalEnc(byte* buffer, word32 length,const char*, int);

+CYASSL_LOCAL int ValidateDate(const byte* date, byte format, int dateType);

 #ifdef HAVE_ECC
    /* ASN sig helpers */
@ -297,9 +337,152 @@ enum cert_enums {
 #endif /* CYASSL_CERT_GEN */


+
+/* for pointer use */
+typedef struct CertStatus CertStatus;
+
+#ifdef HAVE_OCSP
+
+enum Ocsp_Response_Status {
+    OCSP_SUCCESSFUL        = 0, /* Response has valid confirmations */
+    OCSP_MALFORMED_REQUEST = 1, /* Illegal confirmation request */
+    OCSP_INTERNAL_ERROR    = 2, /* Internal error in issuer */
+    OCSP_TRY_LATER         = 3, /* Try again later */
+    OCSP_SIG_REQUIRED      = 5, /* Must sign the request (4 is skipped) */
+    OCSP_UNAUTHROIZED      = 6  /* Request unauthorized */
+};
+
+
+enum Ocsp_Cert_Status {
+    CERT_GOOD    = 0,
+    CERT_REVOKED = 1,
+    CERT_UNKNOWN = 2
+};
+
+
+enum Ocsp_Sums {
+    OCSP_BASIC_OID = 117,
+    OCSP_NONCE_OID = 118
+};
+
+
+typedef struct OcspRequest  OcspRequest;
+typedef struct OcspResponse OcspResponse;
+
+
+struct CertStatus {
+    CertStatus* next;
+
+    byte serial[EXTERNAL_SERIAL_SIZE];
+    int serialSz;
+
+    int status;
+
+    byte thisDate[MAX_DATE_SIZE];
+    byte nextDate[MAX_DATE_SIZE];
+    byte thisDateFormat;
+    byte nextDateFormat;
+};
+
+
+struct OcspResponse {
+    int     responseStatus;  /* return code from Responder */
+
+    byte*   response;        /* Pointer to beginning of OCSP Response */
+    word32  responseSz;      /* length of the OCSP Response */
+
+    byte    producedDate[MAX_DATE_SIZE];
+							 /* Date at which this response was signed */
+    byte    producedDateFormat; /* format of the producedDate */
+    byte*   issuerHash;
+    byte*   issuerKeyHash;
+
+    byte*   cert;
+    word32  certSz;
+
+    byte*   sig;             /* Pointer to sig in source */
+    word32  sigSz;           /* Length in octets for the sig */
+    word32  sigOID;          /* OID for hash used for sig */
+
+    CertStatus* status;      /* certificate status to fill out */
+
+    byte*   nonce;           /* pointer to nonce inside ASN.1 response */
+    int     nonceSz;         /* length of the nonce string */
+
+    byte*   source;          /* pointer to source buffer, not owned */
+    word32  maxIdx;          /* max offset based on init size */
+};
+
+
+struct OcspRequest {
+    DecodedCert* cert;
+
+    byte    nonce[MAX_OCSP_NONCE_SZ];
+    int     nonceSz;
+
+    byte*   issuerHash;      /* pointer to issuerHash in source cert */
+    byte*   issuerKeyHash;   /* pointer to issuerKeyHash in source cert */
+    byte*   serial;          /* pointer to serial number in source cert */
+    int     serialSz;        /* length of the serial number */
+
+    byte*   dest;            /* pointer to the destination ASN.1 buffer */
+    word32  destSz;          /* length of the destination buffer */
+};
+
+
+CYASSL_LOCAL void InitOcspResponse(OcspResponse*, CertStatus*, byte*, word32);
+CYASSL_LOCAL int  OcspResponseDecode(OcspResponse*);
+
+CYASSL_LOCAL void InitOcspRequest(OcspRequest*, DecodedCert*, byte*, word32);
+CYASSL_LOCAL int  EncodeOcspRequest(OcspRequest*);
+
+CYASSL_LOCAL int  CompareOcspReqResp(OcspRequest*, OcspResponse*);
+
+
+#endif /* HAVE_OCSP */
+
+
+/* for pointer use */
+typedef struct RevokedCert RevokedCert;
+
+#ifdef HAVE_CRL
+
+struct RevokedCert {
+    byte         serialNumber[EXTERNAL_SERIAL_SIZE];
+    int          serialSz;
+    RevokedCert* next;
+};
+
+typedef struct DecodedCRL DecodedCRL;
+
+struct DecodedCRL {
+    word32  certBegin;               /* offset to start of cert          */
+    word32  sigIndex;                /* offset to start of signature     */
+    word32  sigLength;               /* length of signature              */
+    word32  signatureOID;            /* sum of algorithm object id       */
+    byte*   signature;               /* pointer into raw source, not owned */
+    byte    issuerHash[SHA_DIGEST_SIZE];  /* issuer hash                 */ 
+    byte    crlHash[MD5_DIGEST_SIZE];     /* raw crl data hash           */ 
+    byte    lastDate[MAX_DATE_SIZE]; /* last date updated  */
+    byte    nextDate[MAX_DATE_SIZE]; /* next update date   */
+    byte    lastDateFormat;          /* format of last date */
+    byte    nextDateFormat;          /* format of next date */
+    RevokedCert* certs;              /* revoked cert list  */
+    int          totalCerts;         /* number on list     */
+};
+
+CYASSL_LOCAL void InitDecodedCRL(DecodedCRL*);
+CYASSL_LOCAL int  ParseCRL(DecodedCRL*, const byte* buff, word32 sz, void* cm);
+CYASSL_LOCAL void FreeDecodedCRL(DecodedCRL*);
+
+
+#endif /* HAVE_CRL */
+
+
 #ifdef __cplusplus
    } /* extern "C" */
 #endif

 #endif /* CTAO_CRYPT_ASN_H */

+#endif /* !NO_ASN */
--- a/cyassl/ctaocrypt/asn_public.h
+++ b/cyassl/ctaocrypt/asn_public.h
@ -1,6 +1,6 @@
 /* asn_public.h
 *
- * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ * Copyright (C) 2006-2012 Sawtooth Consulting Ltd.
 *
 * This file is part of CyaSSL.
 *
@ -38,15 +38,35 @@
 enum CertType {
    CERT_TYPE       = 0, 
    PRIVATEKEY_TYPE,
+    DH_PARAM_TYPE,
+    CRL_TYPE,
    CA_TYPE
 };

+
+/* Signature type, by OID sum */
+enum Ctc_SigType {
+    CTC_SHAwDSA      = 517,
+    CTC_MD2wRSA      = 646,
+    CTC_MD5wRSA      = 648,
+    CTC_SHAwRSA      = 649,
+    CTC_SHAwECDSA    = 520,
+    CTC_SHA256wRSA   = 655,
+    CTC_SHA256wECDSA = 524,
+    CTC_SHA384wRSA   = 656,
+    CTC_SHA384wECDSA = 525,
+    CTC_SHA512wRSA   = 657,
+    CTC_SHA512wECDSA = 526
+};
+
+
 #ifdef CYASSL_CERT_GEN

 enum Ctc_Misc {
-    CTC_NAME_SIZE       =  64,
-    CTC_MAX_ALT_SIZE    = 512,
-    CTC_SERIAL_SIZE     =   8
+    CTC_NAME_SIZE    =   64,
+    CTC_DATE_SIZE    =   32,
+    CTC_MAX_ALT_SIZE = 8192,    /* may be huge */
+    CTC_SERIAL_SIZE  =    8
 };

 typedef struct CertName {
@ -74,8 +94,14 @@ typedef struct Cert {
    /* internal use only */
    int      bodySz;                    /* pre sign total size */
    int      keyType;                   /* public key type of subject */
+#ifdef CYASSL_ALT_NAMES
    byte     altNames[CTC_MAX_ALT_SIZE]; /* altNames copy */
    int      altNamesSz;                 /* altNames size in bytes */
+    byte     beforeDate[CTC_DATE_SIZE];  /* before date copy */
+    int      beforeDateSz;               /* size of copy */
+    byte     afterDate[CTC_DATE_SIZE];   /* after date copy */
+    int      afterDateSz;                /* size of copy */
+#endif
 } Cert;


@ -84,7 +110,7 @@ typedef struct Cert {
 /* Initialize and Set Certficate defaults:
   version    = 3 (0x2)
   serial     = 0 (Will be randomly generated)
-   sigType    = MD5_WITH_RSA
+   sigType    = SHA_WITH_RSA
   issuer     = blank
   daysValid  = 500
   selfSigned = 1 (true) use subject as issuer
@ -99,10 +125,13 @@ CYASSL_API int  MakeSelfCert(Cert*, byte* derBuffer, word32 derSz, RsaKey*,
                             RNG*);
 CYASSL_API int  SetIssuer(Cert*, const char*);
 CYASSL_API int  SetSubject(Cert*, const char*);
-CYASSL_API int  SetAltNames(Cert*, const char*);
+#ifdef CYASSL_ALT_NAMES
+    CYASSL_API int  SetAltNames(Cert*, const char*);
+#endif
 CYASSL_API int  SetIssuerBuffer(Cert*, const byte*, int);
 CYASSL_API int  SetSubjectBuffer(Cert*, const byte*, int);
 CYASSL_API int  SetAltNamesBuffer(Cert*, const byte*, int);
+CYASSL_API int  SetDatesBuffer(Cert*, const byte*, int);

    #ifdef HAVE_NTRU
        CYASSL_API int  MakeNtruCert(Cert*, byte* derBuffer, word32 derSz,
--- a/cyassl/ctaocrypt/coding.h
+++ b/cyassl/ctaocrypt/coding.h
@ -1,6 +1,6 @@
 /* coding.h
 *
- * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ * Copyright (C) 2006-2012 Sawtooth Consulting Ltd.
 *
 * This file is part of CyaSSL.
 *
@ -31,16 +31,16 @@


 /* decode needed by CyaSSL */
-CYASSL_LOCAL int Base64Decode(const byte* in, word32 inLen, byte* out,
-                              word32* outLen);
+CYASSL_LOCAL int Base64_Decode(const byte* in, word32 inLen, byte* out,
+                               word32* outLen);

 #if defined(OPENSSL_EXTRA) || defined(SESSION_CERTS) || defined(CYASSL_KEY_GEN)  || defined(CYASSL_CERT_GEN) || defined(HAVE_WEBSERVER)
    /* encode isn't */
-    CYASSL_LOCAL
-    int Base64Encode(const byte* in, word32 inLen, byte* out,
+    CYASSL_API
+    int Base64_Encode(const byte* in, word32 inLen, byte* out,
                                  word32* outLen);
    CYASSL_LOCAL 
-    int Base16Decode(const byte* in, word32 inLen, byte* out, word32* outLen);
+    int Base16_Decode(const byte* in, word32 inLen, byte* out, word32* outLen);
 #endif

 #ifdef __cplusplus
--- a/cyassl/ctaocrypt/des3.h
+++ b/cyassl/ctaocrypt/des3.h
@ -1,6 +1,6 @@
 /* des3.h
 *
- * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ * Copyright (C) 2006-2012 Sawtooth Consulting Ltd.
 *
 * This file is part of CyaSSL.
 *
@ -34,11 +34,13 @@
 #endif

 enum {
+    DES_ENC_TYPE    = 2,     /* cipher unique type */
+    DES3_ENC_TYPE   = 3,     /* cipher unique type */
    DES_BLOCK_SIZE  = 8,
    DES_KS_SIZE     = 32,

    DES_ENCRYPTION  = 0,
-    DES_DECRYPTION  = 1,
+    DES_DECRYPTION  = 1
 };


@ -59,10 +61,13 @@ typedef struct Des3 {


 CYASSL_API void Des_SetKey(Des* des, const byte* key, const byte* iv, int dir);
+CYASSL_API void Des_SetIV(Des* des, const byte* iv);
 CYASSL_API void Des_CbcEncrypt(Des* des, byte* out, const byte* in, word32 sz);
 CYASSL_API void Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 sz);
+CYASSL_API void Des_EcbEncrypt(Des* des, byte* out, const byte* in, word32 sz);

 CYASSL_API void Des3_SetKey(Des3* des, const byte* key, const byte* iv,int dir);
+CYASSL_API void Des3_SetIV(Des3* des, const byte* iv);
 CYASSL_API void Des3_CbcEncrypt(Des3* des, byte* out, const byte* in,word32 sz);
 CYASSL_API void Des3_CbcDecrypt(Des3* des, byte* out, const byte* in,word32 sz);

--- a/cyassl/ctaocrypt/dh.h
+++ b/cyassl/ctaocrypt/dh.h
@ -1,6 +1,6 @@
 /* dh.h
 *
- * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ * Copyright (C) 2006-2012 Sawtooth Consulting Ltd.
 *
 * This file is part of CyaSSL.
 *
@ -53,6 +53,8 @@ CYASSL_API int DhKeyDecode(const byte* input, word32* inOutIdx, DhKey* key,
                           word32);
 CYASSL_API int DhSetKey(DhKey* key, const byte* p, word32 pSz, const byte* g,
                        word32 gSz);
+CYASSL_API int DhParamsLoad(const byte* input, word32 inSz, byte* p,
+                            word32* pInOutSz, byte* g, word32* gInOutSz);


 #ifdef __cplusplus
--- a/cyassl/ctaocrypt/dsa.h
+++ b/cyassl/ctaocrypt/dsa.h
@ -1,6 +1,6 @@
 /* dsa.h
 *
- * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ * Copyright (C) 2006-2012 Sawtooth Consulting Ltd.
 *
 * This file is part of CyaSSL.
 *
--- a/cyassl/ctaocrypt/ecc.h
+++ b/cyassl/ctaocrypt/ecc.h
@ -1,6 +1,6 @@
 /* ecc.h
 *
- * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ * Copyright (C) 2006-2012 Sawtooth Consulting Ltd.
 *
 * This file is part of CyaSSL.
 *
@ -39,7 +39,8 @@ enum {
    ECC_MAXNAME    = 16,     /* MAX CURVE NAME LENGTH */
    SIG_HEADER_SZ  =  6,     /* ECC signature header size */
    ECC_BUFSIZE    = 256,    /* for exported keys temp buffer */
-    ECC_MAXSIZE    = 66      /* MAX Private Key size  */
+    ECC_MINSIZE    = 20,     /* MIN Private Key size */
+    ECC_MAXSIZE    = 66      /* MAX Private Key size */
 };


--- a/cyassl/ctaocrypt/error.h
+++ b/cyassl/ctaocrypt/error.h
@ -1,6 +1,6 @@
 /* error.h
 *
- * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ * Copyright (C) 2006-2012 Sawtooth Consulting Ltd.
 *
 * This file is part of CyaSSL.
 *
@ -96,6 +96,9 @@ enum {
    NOT_COMPILED_IN    = -174,  /* Feature not compiled in */
    UNICODE_SIZE_E     = -175,  /* Unicode password too big */
    NO_PASSWORD        = -176,  /* no password provided by user */
+    ALT_NAME_E         = -177,  /* alt name size problem, too big */
+
+    AES_GCM_AUTH_E     = -180,  /* AES-GCM Authentication check failure */

    MIN_CODE_E         = -200   /* errors -101 - -199 */
 };
--- a/cyassl/ctaocrypt/hc128.h
+++ b/cyassl/ctaocrypt/hc128.h
@ -1,6 +1,6 @@
 /* hc128.h
 *
- * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ * Copyright (C) 2006-2012 Sawtooth Consulting Ltd.
 *
 * This file is part of CyaSSL.
 *
@ -32,6 +32,10 @@
 #endif


+enum {
+	HC128_ENC_TYPE    =  6    /* cipher unique type */
+};
+
 /* HC-128 stream cipher */
 typedef struct HC128 {
    word32 T[1024];             /* P[i] = T[i];  Q[i] = T[1024 + i ]; */
--- a/cyassl/ctaocrypt/hmac.h
+++ b/cyassl/ctaocrypt/hmac.h
@ -1,6 +1,6 @@
 /* hmac.h
 *
- * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ * Copyright (C) 2006-2012 Sawtooth Consulting Ltd.
 *
 * This file is part of CyaSSL.
 *
@ -32,6 +32,10 @@
    #include <cyassl/ctaocrypt/sha256.h>
 #endif

+#ifdef CYASSL_SHA384
+    #include <cyassl/ctaocrypt/sha512.h>
+#endif
+
 #ifdef __cplusplus
    extern "C" {
 #endif
@ -40,13 +44,19 @@
 enum {
    IPAD    = 0x36,
    OPAD    = 0x5C,
-#ifndef NO_SHA256
+#if defined(CYASSL_SHA384)
+    INNER_HASH_SIZE = SHA384_DIGEST_SIZE,
+    HMAC_BLOCK_SIZE = SHA384_BLOCK_SIZE
+#elif !defined(NO_SHA256)
    INNER_HASH_SIZE = SHA256_DIGEST_SIZE,
+    HMAC_BLOCK_SIZE = SHA256_BLOCK_SIZE,
+    SHA384          = 5
 #else
    INNER_HASH_SIZE = SHA_DIGEST_SIZE,
+    HMAC_BLOCK_SIZE = SHA_BLOCK_SIZE,
    SHA256          = 2,                     /* hash type unique */
+    SHA384          = 5
 #endif
-    HMAC_BLOCK_SIZE = MD5_BLOCK_SIZE
 };


@ -57,6 +67,9 @@ typedef union {
    #ifndef NO_SHA256
        Sha256 sha256;
    #endif
+    #ifdef CYASSL_SHA384
+        Sha384 sha384;
+    #endif
 } Hash;

 /* Hmac digest */
--- a/cyassl/ctaocrypt/include.am
+++ b/cyassl/ctaocrypt/include.am
@ -15,6 +15,7 @@ nobase_include_HEADERS+= \
                         cyassl/ctaocrypt/hc128.h \
                         cyassl/ctaocrypt/hmac.h \
                         cyassl/ctaocrypt/integer.h \
+                         cyassl/ctaocrypt/md2.h \
                         cyassl/ctaocrypt/md4.h \
                         cyassl/ctaocrypt/md5.h \
                         cyassl/ctaocrypt/misc.h \
--- a/cyassl/ctaocrypt/integer.h
+++ b/cyassl/ctaocrypt/integer.h
@ -1,6 +1,6 @@
 /* integer.h
 *
- * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ * Copyright (C) 2006-2012 Sawtooth Consulting Ltd.
 *
 * This file is part of CyaSSL.
 *
@ -110,7 +110,7 @@ extern "C" {
   #endif
 #endif

-   typedef unsigned long      mp_digit;
+   typedef unsigned int       mp_digit;  /* long could be 64 now, changed TAO */
   typedef ulong64            mp_word;

 #ifdef MP_31BIT   
@ -294,6 +294,7 @@ int  mp_mul_d (mp_int * a, mp_digit b, mp_int * c);
 int  mp_2expt (mp_int * a, int b);
 int  mp_reduce_2k_setup(mp_int *a, mp_digit *d);
 int  mp_add_d (mp_int* a, mp_digit b, mp_int* c);
+int mp_set_int (mp_int * a, unsigned long b);
 /* end support added functions */

 /* added */
@ -309,7 +310,6 @@ int mp_init_multi(mp_int* a, mp_int* b, mp_int* c, mp_int* d, mp_int* e,

 #ifdef CYASSL_KEY_GEN
    int mp_prime_is_prime (mp_int * a, int t, int *result);
-    int mp_set_int (mp_int * a, unsigned long b);
    int mp_gcd (mp_int * a, mp_int * b, mp_int * c);
    int mp_lcm (mp_int * a, mp_int * b, mp_int * c);
 #endif
--- a/cyassl/ctaocrypt/logging.h
+++ b/cyassl/ctaocrypt/logging.h
@ -1,6 +1,6 @@
 /* logging.h
 *
- * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ * Copyright (C) 2006-2012 Sawtooth Consulting Ltd.
 *
 * This file is part of CyaSSL.
 *
--- a/cyassl/ctaocrypt/md2.h
+++ b/cyassl/ctaocrypt/md2.h
@ -0,0 +1,64 @@
+/* md2.h
+ *
+ * Copyright (C) 2006-2012 Sawtooth Consulting Ltd.
+ *
+ * This file is part of CyaSSL.
+ *
+ * CyaSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * CyaSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+
+#ifdef CYASSL_MD2
+
+#ifndef CTAO_CRYPT_MD2_H
+#define CTAO_CRYPT_MD2_H
+
+#include <cyassl/ctaocrypt/types.h>
+
+#ifdef __cplusplus
+    extern "C" {
+#endif
+
+
+/* in bytes */
+enum {
+    MD2             =  6,    /* hash type unique */
+    MD2_BLOCK_SIZE  = 16,
+    MD2_DIGEST_SIZE = 16,
+    MD2_PAD_SIZE    = 16,
+    MD2_X_SIZE      = 48
+};
+
+
+/* Md2 digest */
+typedef struct Md2 {
+    word32  count;   /* bytes % PAD_SIZE  */
+    byte    X[MD2_X_SIZE];
+    byte    C[MD2_BLOCK_SIZE];
+    byte    buffer[MD2_BLOCK_SIZE];
+} Md2;
+
+
+CYASSL_API void InitMd2(Md2*);
+CYASSL_API void Md2Update(Md2*, const byte*, word32);
+CYASSL_API void Md2Final(Md2*, byte*);
+
+
+#ifdef __cplusplus
+    } /* extern "C" */
+#endif
+
+#endif /* CTAO_CRYPT_MD2_H */
+#endif /* CYASSL_MD2 */
--- a/cyassl/ctaocrypt/md4.h
+++ b/cyassl/ctaocrypt/md4.h
@ -1,6 +1,6 @@
 /* md4.h
 *
- * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ * Copyright (C) 2006-2012 Sawtooth Consulting Ltd.
 *
 * This file is part of CyaSSL.
 *
--- a/cyassl/ctaocrypt/md5.h
+++ b/cyassl/ctaocrypt/md5.h
@ -1,6 +1,6 @@
 /* md5.h
 *
- * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ * Copyright (C) 2006-2012 Sawtooth Consulting Ltd.
 *
 * This file is part of CyaSSL.
 *
--- a/cyassl/ctaocrypt/memory.h
+++ b/cyassl/ctaocrypt/memory.h
@ -1,6 +1,6 @@
 /* memory.h
 *
- * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ * Copyright (C) 2006-2012 Sawtooth Consulting Ltd.
 *
 * This file is part of CyaSSL.
 *
--- a/cyassl/ctaocrypt/misc.h
+++ b/cyassl/ctaocrypt/misc.h
@ -1,6 +1,6 @@
 /* misc.h
 *
- * Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+ * Copyright (C) 2006-2012 Sawtooth Consulting Ltd.
 *
 * This file is part of CyaSSL.
 *
@ -49,6 +49,19 @@ CYASSL_LOCAL
 void XorWords(word*, const word*, word32);
 CYASSL_LOCAL
 void xorbuf(byte*, const byte*, word32);
+
+#ifdef WORD64_AVAILABLE
+CYASSL_LOCAL
+word64 rotlFixed64(word64, word64);
+CYASSL_LOCAL
+word64 rotrFixed64(word64, word64);
+
+CYASSL_LOCAL
+word64 ByteReverseWord64(word64);
+CYASSL_LOCAL
+void   ByteReverseWords64(word64*, const word64*, word32);
+#endif /* WORD64_AVAILABLE */
+
 #endif /* NO_INLINE */


--- a/Show More
+++ b/Show More