Prepare for V7.2.0 release.

2025-04-19 21:11:57 -04:00 · 2012-08-14 12:14:48 +00:00 · 2012-08-14 12:14:48 +00:00 · e0bab5981a
parent 73ad4387e2
commit e0bab5981a
1071 changed files with 8726 additions and 2457 deletions
--- a/FreeRTOS-Plus/CyaSSL/Makefile.am
+++ b/FreeRTOS-Plus/CyaSSL/Makefile.am
@ -21,10 +21,6 @@ exampledir = $(docdir)/@PACKAGE@/example
 example_DATA=
 EXTRA_DIST+= $(example_DATA)
 certsdir = $(sysconfdir)/ssl/certs
 certs_DATA=
 EXTRA_DIST+= $(certs_DATA)
 EXTRA_DIST+= $(doc_DATA)
 ACLOCAL_AMFLAGS= -I m4 --install
--- a/FreeRTOS-Plus/CyaSSL/Makefile.in
+++ b/FreeRTOS-Plus/CyaSSL/Makefile.in
@ -134,16 +134,19 @@ DIST_COMMON = README $(am__configure_deps) $(include_HEADERS) \
 	config/config.sub config/depcomp config/install-sh \
 	config/ltmain.sh config/missing
@BUILD_AESNI_TRUE@am__append_1 = ctaocrypt/src/aes_asm.s
-@BUILD_RIPEMD_TRUE@am__append_2 = ctaocrypt/src/ripemd.c
+@BUILD_MD2_TRUE@am__append_2 = ctaocrypt/src/md2.c
-@BUILD_SHA512_TRUE@am__append_3 = ctaocrypt/src/sha512.c
+@BUILD_RIPEMD_TRUE@am__append_3 = ctaocrypt/src/ripemd.c
-@BUILD_SNIFFER_TRUE@am__append_4 = src/sniffer.c
+@BUILD_SHA512_TRUE@am__append_4 = ctaocrypt/src/sha512.c
-@BUILD_HC128_TRUE@am__append_5 = ctaocrypt/src/hc128.c
+@BUILD_SNIFFER_TRUE@am__append_5 = src/sniffer.c
-@BUILD_NOINLINE_TRUE@am__append_6 = ctaocrypt/src/misc.c
+@BUILD_HC128_TRUE@am__append_6 = ctaocrypt/src/hc128.c
-@BUILD_FASTMATH_TRUE@am__append_7 = ctaocrypt/src/tfm.c
+@BUILD_NOINLINE_TRUE@am__append_7 = ctaocrypt/src/misc.c
-@BUILD_FASTMATH_FALSE@am__append_8 = ctaocrypt/src/integer.c
+@BUILD_FASTMATH_TRUE@am__append_8 = ctaocrypt/src/tfm.c
-@BUILD_ECC_TRUE@am__append_9 = ctaocrypt/src/ecc.c
+@BUILD_FASTMATH_FALSE@am__append_9 = ctaocrypt/src/integer.c
-@BUILD_OCSP_TRUE@am__append_10 = src/ocsp.c
+@BUILD_ECC_TRUE@am__append_10 = ctaocrypt/src/ecc.c
-@BUILD_CRL_TRUE@am__append_11 = src/crl.c
+@BUILD_OCSP_TRUE@am__append_11 = src/ocsp.c
@BUILD_CRL_TRUE@am__append_12 = src/crl.c
@BUILD_CRL_MONITOR_TRUE@am__append_13 = $(PTHREAD_CFLAGS)
@BUILD_CRL_MONITOR_TRUE@am__append_14 = $(PTHREAD_LIBS)
 subdir = .
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/ax_pthread.m4 \
@ -166,13 +169,14 @@ am__vpath_adj = case $$p in \
  esac;
 am__strip_dir = `echo $$p | sed -e 's|^.*/||'`;
 am__installdirs = "$(DESTDIR)$(libdir)" "$(DESTDIR)$(bindir)" \
-	"$(DESTDIR)$(certsdir)" "$(DESTDIR)$(docdir)" \
+	"$(DESTDIR)$(docdir)" "$(DESTDIR)$(exampledir)" \
-	"$(DESTDIR)$(exampledir)" "$(DESTDIR)$(includedir)" \
+	"$(DESTDIR)$(includedir)" "$(DESTDIR)$(includedir)"
 	"$(DESTDIR)$(includedir)"
 libLTLIBRARIES_INSTALL = $(INSTALL)
 LTLIBRARIES = $(lib_LTLIBRARIES) $(noinst_LTLIBRARIES)
 am__DEPENDENCIES_1 =
-src_libcyassl_la_DEPENDENCIES = $(am__DEPENDENCIES_1)
+@BUILD_CRL_MONITOR_TRUE@am__DEPENDENCIES_2 = $(am__DEPENDENCIES_1)
 src_libcyassl_la_DEPENDENCIES = $(am__DEPENDENCIES_1) \
 	$(am__DEPENDENCIES_2)
 am__src_libcyassl_la_SOURCES_DIST = src/internal.c src/io.c src/keys.c \
 	src/ssl.c src/tls.c ctaocrypt/src/asn.c ctaocrypt/src/coding.c \
 	ctaocrypt/src/des3.c ctaocrypt/src/hmac.c ctaocrypt/src/md5.c \
@ -181,28 +185,30 @@ am__src_libcyassl_la_SOURCES_DIST = src/internal.c src/io.c src/keys.c \
 	ctaocrypt/src/dh.c ctaocrypt/src/dsa.c ctaocrypt/src/arc4.c \
 	ctaocrypt/src/rabbit.c ctaocrypt/src/pwdbased.c \
 	ctaocrypt/src/logging.c ctaocrypt/src/memory.c \
-	ctaocrypt/src/aes_asm.s ctaocrypt/src/ripemd.c \
+	ctaocrypt/src/aes_asm.s ctaocrypt/src/md2.c \
-	ctaocrypt/src/sha512.c src/sniffer.c ctaocrypt/src/hc128.c \
+	ctaocrypt/src/ripemd.c ctaocrypt/src/sha512.c src/sniffer.c \
-	ctaocrypt/src/misc.c ctaocrypt/src/tfm.c \
+	ctaocrypt/src/hc128.c ctaocrypt/src/misc.c ctaocrypt/src/tfm.c \
 	ctaocrypt/src/integer.c ctaocrypt/src/ecc.c src/ocsp.c \
 	src/crl.c
 am__dirstamp = $(am__leading_dot)dirstamp
@BUILD_AESNI_TRUE@am__objects_1 = ctaocrypt/src/aes_asm.lo
-@BUILD_RIPEMD_TRUE@am__objects_2 =  \
+@BUILD_MD2_TRUE@am__objects_2 = ctaocrypt/src/src_libcyassl_la-md2.lo
@BUILD_RIPEMD_TRUE@am__objects_3 =  \
@BUILD_RIPEMD_TRUE@	ctaocrypt/src/src_libcyassl_la-ripemd.lo
-@BUILD_SHA512_TRUE@am__objects_3 =  \
+@BUILD_SHA512_TRUE@am__objects_4 =  \
@BUILD_SHA512_TRUE@	ctaocrypt/src/src_libcyassl_la-sha512.lo
-@BUILD_SNIFFER_TRUE@am__objects_4 = src/src_libcyassl_la-sniffer.lo
+@BUILD_SNIFFER_TRUE@am__objects_5 = src/src_libcyassl_la-sniffer.lo
-@BUILD_HC128_TRUE@am__objects_5 =  \
+@BUILD_HC128_TRUE@am__objects_6 =  \
@BUILD_HC128_TRUE@	ctaocrypt/src/src_libcyassl_la-hc128.lo
-@BUILD_NOINLINE_TRUE@am__objects_6 =  \
+@BUILD_NOINLINE_TRUE@am__objects_7 =  \
@BUILD_NOINLINE_TRUE@	ctaocrypt/src/src_libcyassl_la-misc.lo
-@BUILD_FASTMATH_TRUE@am__objects_7 =  \
+@BUILD_FASTMATH_TRUE@am__objects_8 =  \
@BUILD_FASTMATH_TRUE@	ctaocrypt/src/src_libcyassl_la-tfm.lo
-@BUILD_FASTMATH_FALSE@am__objects_8 = ctaocrypt/src/src_libcyassl_la-integer.lo
+@BUILD_FASTMATH_FALSE@am__objects_9 = ctaocrypt/src/src_libcyassl_la-integer.lo
-@BUILD_ECC_TRUE@am__objects_9 = ctaocrypt/src/src_libcyassl_la-ecc.lo
+@BUILD_ECC_TRUE@am__objects_10 =  \
-@BUILD_OCSP_TRUE@am__objects_10 = src/src_libcyassl_la-ocsp.lo
+@BUILD_ECC_TRUE@	ctaocrypt/src/src_libcyassl_la-ecc.lo
-@BUILD_CRL_TRUE@am__objects_11 = src/src_libcyassl_la-crl.lo
+@BUILD_OCSP_TRUE@am__objects_11 = src/src_libcyassl_la-ocsp.lo
@BUILD_CRL_TRUE@am__objects_12 = src/src_libcyassl_la-crl.lo
 am_src_libcyassl_la_OBJECTS = src/src_libcyassl_la-internal.lo \
 	src/src_libcyassl_la-io.lo src/src_libcyassl_la-keys.lo \
 	src/src_libcyassl_la-ssl.lo src/src_libcyassl_la-tls.lo \
@ -227,7 +233,7 @@ am_src_libcyassl_la_OBJECTS = src/src_libcyassl_la-internal.lo \
 	$(am__objects_2) $(am__objects_3) $(am__objects_4) \
 	$(am__objects_5) $(am__objects_6) $(am__objects_7) \
 	$(am__objects_8) $(am__objects_9) $(am__objects_10) \
-	$(am__objects_11)
+	$(am__objects_11) $(am__objects_12)
 src_libcyassl_la_OBJECTS = $(am_src_libcyassl_la_OBJECTS)
 src_libcyassl_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
 	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(src_libcyassl_la_CFLAGS) \
@ -261,7 +267,9 @@ sslSniffer_sslSnifferTest_snifftest_OBJECTS =  \
 am_tests_unit_OBJECTS = tests/tests_unit-unit.$(OBJEXT) \
 	tests/tests_unit-api.$(OBJEXT) \
 	tests/tests_unit-suites.$(OBJEXT) \
-	tests/tests_unit-hash.$(OBJEXT)
+	tests/tests_unit-hash.$(OBJEXT) \
 	examples/client/tests_unit-client.$(OBJEXT) \
 	examples/server/tests_unit-server.$(OBJEXT)
 tests_unit_OBJECTS = $(am_tests_unit_OBJECTS)
 tests_unit_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
 	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(tests_unit_CFLAGS) \
@ -311,10 +319,9 @@ DIST_SOURCES = $(am__src_libcyassl_la_SOURCES_DIST) \
 	$(examples_server_server_SOURCES) \
 	$(sslSniffer_sslSnifferTest_snifftest_SOURCES) \
 	$(tests_unit_SOURCES) $(testsuite_testsuite_SOURCES)
 certsDATA_INSTALL = $(INSTALL_DATA)
 docDATA_INSTALL = $(INSTALL_DATA)
 exampleDATA_INSTALL = $(INSTALL_DATA)
-DATA = $(certs_DATA) $(doc_DATA) $(example_DATA)
+DATA = $(doc_DATA) $(example_DATA)
 includeHEADERS_INSTALL = $(INSTALL_HEADER)
 nobase_includeHEADERS_INSTALL = $(install_sh_DATA)
 HEADERS = $(include_HEADERS) $(nobase_include_HEADERS) \
@ -483,19 +490,19 @@ nobase_include_HEADERS = cyassl/ctaocrypt/aes.h \
 	cyassl/ctaocrypt/dsa.h cyassl/ctaocrypt/ecc.h \
 	cyassl/ctaocrypt/error.h cyassl/ctaocrypt/hc128.h \
 	cyassl/ctaocrypt/hmac.h cyassl/ctaocrypt/integer.h \
-	cyassl/ctaocrypt/md4.h cyassl/ctaocrypt/md5.h \
+	cyassl/ctaocrypt/md2.h cyassl/ctaocrypt/md4.h \
-	cyassl/ctaocrypt/misc.h cyassl/ctaocrypt/pwdbased.h \
+	cyassl/ctaocrypt/md5.h cyassl/ctaocrypt/misc.h \
-	cyassl/ctaocrypt/rabbit.h cyassl/ctaocrypt/random.h \
+	cyassl/ctaocrypt/pwdbased.h cyassl/ctaocrypt/rabbit.h \
-	cyassl/ctaocrypt/ripemd.h cyassl/ctaocrypt/rsa.h \
+	cyassl/ctaocrypt/random.h cyassl/ctaocrypt/ripemd.h \
-	cyassl/ctaocrypt/settings.h cyassl/ctaocrypt/sha256.h \
+	cyassl/ctaocrypt/rsa.h cyassl/ctaocrypt/settings.h \
-	cyassl/ctaocrypt/sha512.h cyassl/ctaocrypt/sha.h \
+	cyassl/ctaocrypt/sha256.h cyassl/ctaocrypt/sha512.h \
-	cyassl/ctaocrypt/tfm.h cyassl/ctaocrypt/types.h \
+	cyassl/ctaocrypt/sha.h cyassl/ctaocrypt/tfm.h \
-	cyassl/ctaocrypt/visibility.h cyassl/ctaocrypt/logging.h \
+	cyassl/ctaocrypt/types.h cyassl/ctaocrypt/visibility.h \
-	cyassl/ctaocrypt/memory.h cyassl/ctaocrypt/mpi_class.h \
+	cyassl/ctaocrypt/logging.h cyassl/ctaocrypt/memory.h \
-	cyassl/ctaocrypt/mpi_superclass.h cyassl/openssl/asn1.h \
+	cyassl/ctaocrypt/mpi_class.h cyassl/ctaocrypt/mpi_superclass.h \
-	cyassl/openssl/bio.h cyassl/openssl/bn.h cyassl/openssl/conf.h \
+	cyassl/openssl/asn1.h cyassl/openssl/bio.h cyassl/openssl/bn.h \
-	cyassl/openssl/crypto.h cyassl/openssl/des.h \
+	cyassl/openssl/conf.h cyassl/openssl/crypto.h \
-	cyassl/openssl/dh.h cyassl/openssl/dsa.h \
+	cyassl/openssl/des.h cyassl/openssl/dh.h cyassl/openssl/dsa.h \
 	cyassl/openssl/ecdsa.h cyassl/openssl/ec.h \
 	cyassl/openssl/engine.h cyassl/openssl/err.h \
 	cyassl/openssl/evp.h cyassl/openssl/hmac.h \
@ -513,13 +520,25 @@ nobase_include_HEADERS = cyassl/ctaocrypt/aes.h \
 	cyassl/version.h cyassl/ocsp.h cyassl/crl.h
 EXTRA_HEADERS = 
 BUILT_SOURCES = 
-EXTRA_DIST = $(example_DATA) $(certs_DATA) $(doc_DATA) lib/dummy \
+EXTRA_DIST = $(example_DATA) $(doc_DATA) lib/dummy cyassl-ntru.vcproj \
-	cyassl-ntru.vcproj cyassl.vcproj \
+	cyassl.vcproj cyassl-iphone.xcodeproj/project.pbxproj \
-	cyassl-iphone.xcodeproj/project.pbxproj cyassl-ntru.sln \
+	cyassl-ntru.sln cyassl.sln cyassl/sniffer_error.rc \
-	cyassl.sln cyassl/sniffer_error.rc ${certs_DATA} \
+	certs/ca-cert.pem certs/ca-key.pem certs/client-cert.pem \
-	certs/ntru-key.raw ${certs_DATA} swig/PythonBuild.sh \
+	certs/client-keyEnc.pem certs/client-key.pem certs/ecc-key.pem \
-	swig/README swig/cyassl.i swig/cyassl_adds.c \
+	certs/ecc-keyPkcs8.pem certs/ecc-client-key.pem \
-	swig/python_cyassl.vcproj swig/rsasign.py swig/runme.py \
+	certs/client-ecc-cert.pem certs/ntru-cert.pem certs/dh2048.pem \
 	certs/server-cert.pem certs/server-ecc.pem \
 	certs/server-ecc-rsa.pem certs/server-keyEnc.pem \
 	certs/server-key.pem certs/server-keyPkcs8Enc12.pem \
 	certs/server-keyPkcs8Enc2.pem certs/server-keyPkcs8Enc.pem \
 	certs/server-keyPkcs8.pem certs/ca-key.der \
 	certs/client-cert.der certs/client-key.der certs/dh2048.der \
 	certs/rsa2048.der certs/dsa2048.der certs/ecc-key.der \
 	certs/ntru-key.raw certs/crl/crl.pem certs/crl/cliCrl.pem \
 	certs/crl/eccSrvCRL.pem certs/crl/eccCliCRL.pem \
 	certs/crl/crl.revoked swig/PythonBuild.sh swig/README \
 	swig/cyassl.i swig/cyassl_adds.c swig/python_cyassl.vcproj \
 	swig/rsasign.py swig/runme.py \
 	ctaocrypt/benchmark/benchmark.sln \
 	ctaocrypt/benchmark/benchmark.vcproj ctaocrypt/src/misc.c \
 	ctaocrypt/src/asm.c ctaocrypt/src/ecc_fp.c \
@ -557,25 +576,18 @@ EXTRA_DIST = $(example_DATA) $(certs_DATA) $(doc_DATA) lib/dummy \
 	examples/echoserver/echoserver-ntru.vcproj \
 	examples/echoserver/echoserver.vcproj testsuite/testsuite.sln \
 	testsuite/testsuite-ntru.vcproj testsuite/testsuite.vcproj \
-	input quit tests/unit.h sslSniffer/sslSniffer.vcproj \
+	input quit tests/unit.h tests/test.conf \
 	tests/test-openssl.conf tests/test-hc128.conf \
 	tests/test-psk.conf tests/test-ntru.conf tests/test-ecc.conf \
 	tests/test-aesgcm.conf tests/test-aesgcm-ecc.conf \
 	tests/test-aesgcm-openssl.conf tests/test-dtls.conf \
 	sslSniffer/sslSniffer.vcproj \
 	sslSniffer/sslSnifferTest/sslSniffTest.vcproj
 doc_DATA = certs/taoCert.txt doc/README.txt
 exampledir = $(docdir)/@PACKAGE@/example
 example_DATA = examples/client/client.c examples/server/server.c \
 	examples/echoclient/echoclient.c \
 	examples/echoserver/echoserver.c
 certsdir = $(sysconfdir)/ssl/certs
 certs_DATA = certs/ca-cert.pem certs/ca-key.pem certs/client-cert.pem \
 	certs/client-keyEnc.pem certs/client-key.pem certs/ecc-key.pem \
 	certs/ecc-keyPkcs8.pem certs/ecc-client-key.pem \
 	certs/client-ecc-cert.pem certs/ntru-cert.pem certs/dh2048.pem \
 	certs/server-cert.pem certs/server-ecc.pem \
 	certs/server-keyEnc.pem certs/server-key.pem \
 	certs/server-keyPkcs8Enc12.pem certs/server-keyPkcs8Enc2.pem \
 	certs/server-keyPkcs8Enc.pem certs/server-keyPkcs8.pem \
 	certs/ca-key.der certs/client-cert.der certs/client-key.der \
 	certs/dh2048.der certs/rsa2048.der certs/dsa2048.der \
 	certs/ecc-key.der certs/crl/crl.pem
 ACLOCAL_AMFLAGS = -I m4 --install
 src_libcyassl_la_SOURCES = src/internal.c src/io.c src/keys.c \
 	src/ssl.c src/tls.c ctaocrypt/src/asn.c ctaocrypt/src/coding.c \
@ -588,10 +600,11 @@ src_libcyassl_la_SOURCES = src/internal.c src/io.c src/keys.c \
 	$(am__append_2) $(am__append_3) $(am__append_4) \
 	$(am__append_5) $(am__append_6) $(am__append_7) \
 	$(am__append_8) $(am__append_9) $(am__append_10) \
-	$(am__append_11)
+	$(am__append_11) $(am__append_12)
 src_libcyassl_la_LDFLAGS = ${AM_LDFLAGS} -no-undefined -version-info ${CYASSL_LIBRARY_VERSION}
-src_libcyassl_la_LIBADD = $(LIBM)
+src_libcyassl_la_LIBADD = $(LIBM) $(am__append_14)
-src_libcyassl_la_CFLAGS = -DBUILDING_CYASSL $(AM_CFLAGS)
+src_libcyassl_la_CFLAGS = -DBUILDING_CYASSL $(AM_CFLAGS) \
 	$(am__append_13)
 src_libcyassl_la_CPPFLAGS = -DBUILDING_CYASSL $(AM_CPPFLAGS)
 ctaocrypt_benchmark_benchmark_SOURCES = ctaocrypt/benchmark/benchmark.c
 ctaocrypt_benchmark_benchmark_LDADD = src/libcyassl.la
@ -626,9 +639,11 @@ tests_unit_SOURCES = \
 			      tests/unit.c \
 			      tests/api.c \
 			      tests/suites.c \
-                  tests/hash.c
+                  tests/hash.c \
 			      examples/client/client.c \
 			      examples/server/server.c
-tests_unit_CFLAGS = $(AM_CFLAGS) $(PTHREAD_CFLAGS)
+tests_unit_CFLAGS = -DNO_MAIN_DRIVER $(AM_CFLAGS) $(PTHREAD_CFLAGS)
 tests_unit_LDADD = src/libcyassl.la  $(PTHREAD_LIBS)
 tests_unit_DEPENDENCIES = src/libcyassl.la
 sslSniffer_sslSnifferTest_snifftest_SOURCES = sslSniffer/sslSnifferTest/snifftest.c
@ -798,6 +813,8 @@ ctaocrypt/src/src_libcyassl_la-memory.lo:  \
 	ctaocrypt/src/$(DEPDIR)/$(am__dirstamp)
 ctaocrypt/src/aes_asm.lo: ctaocrypt/src/$(am__dirstamp) \
 	ctaocrypt/src/$(DEPDIR)/$(am__dirstamp)
 ctaocrypt/src/src_libcyassl_la-md2.lo: ctaocrypt/src/$(am__dirstamp) \
 	ctaocrypt/src/$(DEPDIR)/$(am__dirstamp)
 ctaocrypt/src/src_libcyassl_la-ripemd.lo:  \
 	ctaocrypt/src/$(am__dirstamp) \
 	ctaocrypt/src/$(DEPDIR)/$(am__dirstamp)
@ -961,6 +978,12 @@ tests/tests_unit-suites.$(OBJEXT): tests/$(am__dirstamp) \
 	tests/$(DEPDIR)/$(am__dirstamp)
 tests/tests_unit-hash.$(OBJEXT): tests/$(am__dirstamp) \
 	tests/$(DEPDIR)/$(am__dirstamp)
 examples/client/tests_unit-client.$(OBJEXT):  \
 	examples/client/$(am__dirstamp) \
 	examples/client/$(DEPDIR)/$(am__dirstamp)
 examples/server/tests_unit-server.$(OBJEXT):  \
 	examples/server/$(am__dirstamp) \
 	examples/server/$(DEPDIR)/$(am__dirstamp)
 tests/unit$(EXEEXT): $(tests_unit_OBJECTS) $(tests_unit_DEPENDENCIES) tests/$(am__dirstamp)
 	@rm -f tests/unit$(EXEEXT)
 	$(tests_unit_LINK) $(tests_unit_OBJECTS) $(tests_unit_LDADD) $(LIBS)
@ -1020,6 +1043,8 @@ mostlyclean-compile:
 	-rm -f ctaocrypt/src/src_libcyassl_la-integer.lo
 	-rm -f ctaocrypt/src/src_libcyassl_la-logging.$(OBJEXT)
 	-rm -f ctaocrypt/src/src_libcyassl_la-logging.lo
 	-rm -f ctaocrypt/src/src_libcyassl_la-md2.$(OBJEXT)
 	-rm -f ctaocrypt/src/src_libcyassl_la-md2.lo
 	-rm -f ctaocrypt/src/src_libcyassl_la-md4.$(OBJEXT)
 	-rm -f ctaocrypt/src/src_libcyassl_la-md4.lo
 	-rm -f ctaocrypt/src/src_libcyassl_la-md5.$(OBJEXT)
@ -1049,12 +1074,14 @@ mostlyclean-compile:
 	-rm -f ctaocrypt/test/test.$(OBJEXT)
 	-rm -f ctaocrypt/test/testsuite_testsuite-test.$(OBJEXT)
 	-rm -f examples/client/client.$(OBJEXT)
 	-rm -f examples/client/tests_unit-client.$(OBJEXT)
 	-rm -f examples/client/testsuite_testsuite-client.$(OBJEXT)
 	-rm -f examples/echoclient/echoclient.$(OBJEXT)
 	-rm -f examples/echoclient/testsuite_testsuite-echoclient.$(OBJEXT)
 	-rm -f examples/echoserver/echoserver.$(OBJEXT)
 	-rm -f examples/echoserver/testsuite_testsuite-echoserver.$(OBJEXT)
 	-rm -f examples/server/server.$(OBJEXT)
 	-rm -f examples/server/tests_unit-server.$(OBJEXT)
 	-rm -f examples/server/testsuite_testsuite-server.$(OBJEXT)
 	-rm -f src/src_libcyassl_la-crl.$(OBJEXT)
 	-rm -f src/src_libcyassl_la-crl.lo
@ -1095,6 +1122,7 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@ctaocrypt/src/$(DEPDIR)/src_libcyassl_la-hmac.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@ctaocrypt/src/$(DEPDIR)/src_libcyassl_la-integer.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@ctaocrypt/src/$(DEPDIR)/src_libcyassl_la-logging.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@ctaocrypt/src/$(DEPDIR)/src_libcyassl_la-md2.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@ctaocrypt/src/$(DEPDIR)/src_libcyassl_la-md4.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@ctaocrypt/src/$(DEPDIR)/src_libcyassl_la-md5.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@ctaocrypt/src/$(DEPDIR)/src_libcyassl_la-memory.Plo@am__quote@
@ -1111,12 +1139,14 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@ctaocrypt/test/$(DEPDIR)/test.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@ctaocrypt/test/$(DEPDIR)/testsuite_testsuite-test.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@examples/client/$(DEPDIR)/client.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@examples/client/$(DEPDIR)/tests_unit-client.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@examples/client/$(DEPDIR)/testsuite_testsuite-client.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@examples/echoclient/$(DEPDIR)/echoclient.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@examples/echoclient/$(DEPDIR)/testsuite_testsuite-echoclient.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@examples/echoserver/$(DEPDIR)/echoserver.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@examples/echoserver/$(DEPDIR)/testsuite_testsuite-echoserver.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@examples/server/$(DEPDIR)/server.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@examples/server/$(DEPDIR)/tests_unit-server.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@examples/server/$(DEPDIR)/testsuite_testsuite-server.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@src/$(DEPDIR)/src_libcyassl_la-crl.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@src/$(DEPDIR)/src_libcyassl_la-internal.Plo@am__quote@
@ -1318,6 +1348,13 @@ ctaocrypt/src/src_libcyassl_la-memory.lo: ctaocrypt/src/memory.c
@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(src_libcyassl_la_CPPFLAGS) $(CPPFLAGS) $(src_libcyassl_la_CFLAGS) $(CFLAGS) -c -o ctaocrypt/src/src_libcyassl_la-memory.lo `test -f 'ctaocrypt/src/memory.c' || echo '$(srcdir)/'`ctaocrypt/src/memory.c
 ctaocrypt/src/src_libcyassl_la-md2.lo: ctaocrypt/src/md2.c
@am__fastdepCC_TRUE@	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(src_libcyassl_la_CPPFLAGS) $(CPPFLAGS) $(src_libcyassl_la_CFLAGS) $(CFLAGS) -MT ctaocrypt/src/src_libcyassl_la-md2.lo -MD -MP -MF ctaocrypt/src/$(DEPDIR)/src_libcyassl_la-md2.Tpo -c -o ctaocrypt/src/src_libcyassl_la-md2.lo `test -f 'ctaocrypt/src/md2.c' || echo '$(srcdir)/'`ctaocrypt/src/md2.c
@am__fastdepCC_TRUE@	mv -f ctaocrypt/src/$(DEPDIR)/src_libcyassl_la-md2.Tpo ctaocrypt/src/$(DEPDIR)/src_libcyassl_la-md2.Plo
@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='ctaocrypt/src/md2.c' object='ctaocrypt/src/src_libcyassl_la-md2.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(src_libcyassl_la_CPPFLAGS) $(CPPFLAGS) $(src_libcyassl_la_CFLAGS) $(CFLAGS) -c -o ctaocrypt/src/src_libcyassl_la-md2.lo `test -f 'ctaocrypt/src/md2.c' || echo '$(srcdir)/'`ctaocrypt/src/md2.c
 ctaocrypt/src/src_libcyassl_la-ripemd.lo: ctaocrypt/src/ripemd.c
@am__fastdepCC_TRUE@	$(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(src_libcyassl_la_CPPFLAGS) $(CPPFLAGS) $(src_libcyassl_la_CFLAGS) $(CFLAGS) -MT ctaocrypt/src/src_libcyassl_la-ripemd.lo -MD -MP -MF ctaocrypt/src/$(DEPDIR)/src_libcyassl_la-ripemd.Tpo -c -o ctaocrypt/src/src_libcyassl_la-ripemd.lo `test -f 'ctaocrypt/src/ripemd.c' || echo '$(srcdir)/'`ctaocrypt/src/ripemd.c
@am__fastdepCC_TRUE@	mv -f ctaocrypt/src/$(DEPDIR)/src_libcyassl_la-ripemd.Tpo ctaocrypt/src/$(DEPDIR)/src_libcyassl_la-ripemd.Plo
@ -1444,6 +1481,34 @@ tests/tests_unit-hash.obj: tests/hash.c
@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_unit_CFLAGS) $(CFLAGS) -c -o tests/tests_unit-hash.obj `if test -f 'tests/hash.c'; then $(CYGPATH_W) 'tests/hash.c'; else $(CYGPATH_W) '$(srcdir)/tests/hash.c'; fi`
 examples/client/tests_unit-client.o: examples/client/client.c
@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_unit_CFLAGS) $(CFLAGS) -MT examples/client/tests_unit-client.o -MD -MP -MF examples/client/$(DEPDIR)/tests_unit-client.Tpo -c -o examples/client/tests_unit-client.o `test -f 'examples/client/client.c' || echo '$(srcdir)/'`examples/client/client.c
@am__fastdepCC_TRUE@	mv -f examples/client/$(DEPDIR)/tests_unit-client.Tpo examples/client/$(DEPDIR)/tests_unit-client.Po
@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='examples/client/client.c' object='examples/client/tests_unit-client.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_unit_CFLAGS) $(CFLAGS) -c -o examples/client/tests_unit-client.o `test -f 'examples/client/client.c' || echo '$(srcdir)/'`examples/client/client.c
 examples/client/tests_unit-client.obj: examples/client/client.c
@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_unit_CFLAGS) $(CFLAGS) -MT examples/client/tests_unit-client.obj -MD -MP -MF examples/client/$(DEPDIR)/tests_unit-client.Tpo -c -o examples/client/tests_unit-client.obj `if test -f 'examples/client/client.c'; then $(CYGPATH_W) 'examples/client/client.c'; else $(CYGPATH_W) '$(srcdir)/examples/client/client.c'; fi`
@am__fastdepCC_TRUE@	mv -f examples/client/$(DEPDIR)/tests_unit-client.Tpo examples/client/$(DEPDIR)/tests_unit-client.Po
@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='examples/client/client.c' object='examples/client/tests_unit-client.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_unit_CFLAGS) $(CFLAGS) -c -o examples/client/tests_unit-client.obj `if test -f 'examples/client/client.c'; then $(CYGPATH_W) 'examples/client/client.c'; else $(CYGPATH_W) '$(srcdir)/examples/client/client.c'; fi`
 examples/server/tests_unit-server.o: examples/server/server.c
@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_unit_CFLAGS) $(CFLAGS) -MT examples/server/tests_unit-server.o -MD -MP -MF examples/server/$(DEPDIR)/tests_unit-server.Tpo -c -o examples/server/tests_unit-server.o `test -f 'examples/server/server.c' || echo '$(srcdir)/'`examples/server/server.c
@am__fastdepCC_TRUE@	mv -f examples/server/$(DEPDIR)/tests_unit-server.Tpo examples/server/$(DEPDIR)/tests_unit-server.Po
@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='examples/server/server.c' object='examples/server/tests_unit-server.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_unit_CFLAGS) $(CFLAGS) -c -o examples/server/tests_unit-server.o `test -f 'examples/server/server.c' || echo '$(srcdir)/'`examples/server/server.c
 examples/server/tests_unit-server.obj: examples/server/server.c
@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_unit_CFLAGS) $(CFLAGS) -MT examples/server/tests_unit-server.obj -MD -MP -MF examples/server/$(DEPDIR)/tests_unit-server.Tpo -c -o examples/server/tests_unit-server.obj `if test -f 'examples/server/server.c'; then $(CYGPATH_W) 'examples/server/server.c'; else $(CYGPATH_W) '$(srcdir)/examples/server/server.c'; fi`
@am__fastdepCC_TRUE@	mv -f examples/server/$(DEPDIR)/tests_unit-server.Tpo examples/server/$(DEPDIR)/tests_unit-server.Po
@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='examples/server/server.c' object='examples/server/tests_unit-server.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_unit_CFLAGS) $(CFLAGS) -c -o examples/server/tests_unit-server.obj `if test -f 'examples/server/server.c'; then $(CYGPATH_W) 'examples/server/server.c'; else $(CYGPATH_W) '$(srcdir)/examples/server/server.c'; fi`
 ctaocrypt/test/testsuite_testsuite-test.o: ctaocrypt/test/test.c
@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(testsuite_testsuite_CFLAGS) $(CFLAGS) -MT ctaocrypt/test/testsuite_testsuite-test.o -MD -MP -MF ctaocrypt/test/$(DEPDIR)/testsuite_testsuite-test.Tpo -c -o ctaocrypt/test/testsuite_testsuite-test.o `test -f 'ctaocrypt/test/test.c' || echo '$(srcdir)/'`ctaocrypt/test/test.c
@am__fastdepCC_TRUE@	mv -f ctaocrypt/test/$(DEPDIR)/testsuite_testsuite-test.Tpo ctaocrypt/test/$(DEPDIR)/testsuite_testsuite-test.Po
@ -1547,23 +1612,6 @@ clean-libtool:
 distclean-libtool:
 	-rm -f libtool
 install-certsDATA: $(certs_DATA)
 	@$(NORMAL_INSTALL)
 	test -z "$(certsdir)" || $(MKDIR_P) "$(DESTDIR)$(certsdir)"
 	@list='$(certs_DATA)'; for p in $$list; do \
 	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
 	  f=$(am__strip_dir) \
 	  echo " $(certsDATA_INSTALL) '$$d$$p' '$(DESTDIR)$(certsdir)/$$f'"; \
 	  $(certsDATA_INSTALL) "$$d$$p" "$(DESTDIR)$(certsdir)/$$f"; \
 	done
 uninstall-certsDATA:
 	@$(NORMAL_UNINSTALL)
 	@list='$(certs_DATA)'; for p in $$list; do \
 	  f=$(am__strip_dir) \
 	  echo " rm -f '$(DESTDIR)$(certsdir)/$$f'"; \
 	  rm -f "$(DESTDIR)$(certsdir)/$$f"; \
 	done
 install-docDATA: $(doc_DATA)
 	@$(NORMAL_INSTALL)
 	test -z "$(docdir)" || $(MKDIR_P) "$(DESTDIR)$(docdir)"
@ -1891,7 +1939,7 @@ all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) $(DATA) $(HEADERS) \
 install-binPROGRAMS: install-libLTLIBRARIES
 installdirs:
-	for dir in "$(DESTDIR)$(libdir)" "$(DESTDIR)$(bindir)" "$(DESTDIR)$(certsdir)" "$(DESTDIR)$(docdir)" "$(DESTDIR)$(exampledir)" "$(DESTDIR)$(includedir)" "$(DESTDIR)$(includedir)"; do \
+	for dir in "$(DESTDIR)$(libdir)" "$(DESTDIR)$(bindir)" "$(DESTDIR)$(docdir)" "$(DESTDIR)$(exampledir)" "$(DESTDIR)$(includedir)" "$(DESTDIR)$(includedir)"; do \
 	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
 	done
 install: $(BUILT_SOURCES)
@ -1967,7 +2015,7 @@ info: info-am
 info-am:
-install-data-am: install-certsDATA install-docDATA install-exampleDATA \
+install-data-am: install-docDATA install-exampleDATA \
 	install-includeHEADERS install-nobase_includeHEADERS
 install-dvi: install-dvi-am
@ -2006,10 +2054,9 @@ ps: ps-am
 ps-am:
-uninstall-am: uninstall-binPROGRAMS uninstall-certsDATA \
+uninstall-am: uninstall-binPROGRAMS uninstall-docDATA \
-	uninstall-docDATA uninstall-exampleDATA \
+	uninstall-exampleDATA uninstall-includeHEADERS \
-	uninstall-includeHEADERS uninstall-libLTLIBRARIES \
+	uninstall-libLTLIBRARIES uninstall-nobase_includeHEADERS
 	uninstall-nobase_includeHEADERS
 .MAKE: install-am install-strip
@ -2021,19 +2068,18 @@ uninstall-am: uninstall-binPROGRAMS uninstall-certsDATA \
 	distclean-compile distclean-generic distclean-hdr \
 	distclean-libtool distclean-tags distcleancheck distdir \
 	distuninstallcheck dvi dvi-am html html-am info info-am \
-	install install-am install-binPROGRAMS install-certsDATA \
+	install install-am install-binPROGRAMS install-data \
-	install-data install-data-am install-docDATA install-dvi \
+	install-data-am install-docDATA install-dvi install-dvi-am \
-	install-dvi-am install-exampleDATA install-exec \
+	install-exampleDATA install-exec install-exec-am install-html \
-	install-exec-am install-html install-html-am \
+	install-html-am install-includeHEADERS install-info \
-	install-includeHEADERS install-info install-info-am \
+	install-info-am install-libLTLIBRARIES install-man \
 	install-libLTLIBRARIES install-man \
 	install-nobase_includeHEADERS install-pdf install-pdf-am \
 	install-ps install-ps-am install-strip installcheck \
 	installcheck-am installdirs maintainer-clean \
 	maintainer-clean-generic mostlyclean mostlyclean-compile \
 	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
 	tags uninstall uninstall-am uninstall-binPROGRAMS \
-	uninstall-certsDATA uninstall-docDATA uninstall-exampleDATA \
+	uninstall-docDATA uninstall-exampleDATA \
 	uninstall-includeHEADERS uninstall-libLTLIBRARIES \
 	uninstall-nobase_includeHEADERS
--- a/FreeRTOS-Plus/CyaSSL/README
+++ b/FreeRTOS-Plus/CyaSSL/README
@ -34,7 +34,26 @@ before calling SSL_new();  Though it's not recommended.
 *** end Note ***
-CyaSSL Release 2.2.0 (5/18/2012)
+CyaSSL Release 2.3.0 (8/10/2012)
 Release 2.3.0 CyaSSL has bug fixes and a few new features including:
 - AES-GCM crypto and cipher suites
 - make test cipher suite checks
 - Subject AltName processing
 - Command line support for client/server examples
 - Sniffer SessionTicket support
 - SHA-384 cipher suites
 - Verify cipher suite validity when user overrides
 - CRL dir monitoring
 - DTLS Cookie support, reliability coming soon
 The CyaSSL manual is available at:
 http://www.yassl.com/documentation/CyaSSL-Manual.pdf.  For build instructions 
 and comments about the new features please check the manual.
 ***************CyaSSL Release 2.2.0 (5/18/2012)
 Release 2.2.0 CyaSSL has bug fixes and a few new features including:
 - Initial CRL support (--enable-crl)
--- a/FreeRTOS-Plus/CyaSSL/certs/crl/cliCrl.pem
+++ b/FreeRTOS-Plus/CyaSSL/certs/crl/cliCrl.pem
@ -0,0 +1,39 @@
 Certificate Revocation List (CRL):
        Version 2 (0x1)
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: /C=US/ST=Oregon/L=Portland/O=yaSSL/OU=Programming/CN=www.yassl.com/emailAddress=info@yassl.com
        Last Update: Aug 10 18:01:01 2012 GMT
        Next Update: Dec  8 18:01:01 2012 GMT
        CRL extensions:
            X509v3 CRL Number: 
                62
 No Revoked Certificates.
    Signature Algorithm: sha1WithRSAEncryption
        1e:69:b2:c4:72:a7:b2:c9:e1:b9:ac:06:40:2c:c5:66:9a:07:
        6c:91:2e:17:09:c7:86:b4:62:2d:0f:1f:a3:a3:1c:93:ce:45:
        53:d5:57:94:a6:77:af:51:da:86:e4:1e:6f:57:c8:cc:5f:07:
        8d:a5:db:bd:b3:f7:cf:e2:11:3c:e2:51:79:7e:b3:a9:47:f7:
        c1:17:12:5b:7c:e5:c3:71:17:d2:ce:59:d4:0d:dc:45:ff:bc:
        fe:a7:76:7b:92:88:52:0c:a5:e0:79:75:86:50:27:15:2a:01:
        66:a6:ba:96:d4:9a:14:1d:92:7d:63:72:5f:25:9b:05:72:cb:
        ed:6d:7c:92:1f:4f:3e:64:cb:5d:80:9e:ad:c8:47:83:88:5b:
        3d:07:3f:d3:6a:2c:dd:c9:f7:09:bb:05:2f:9a:f4:73:15:f4:
        61:b1:47:87:9c:bf:c9:61:42:19:14:b8:67:9c:c5:c1:86:f1:
        e8:63:71:40:6c:2f:b1:c1:0c:1f:f4:c4:80:e2:d0:cb:88:6b:
        51:1e:e9:b0:06:19:7c:6d:85:cf:05:7f:fe:3d:35:79:9e:f0:
        5b:f4:06:63:d4:eb:d2:e2:70:29:a9:02:b4:c1:b4:bd:53:f4:
        8f:b3:df:37:91:44:d5:e8:c4:10:86:76:0e:49:2b:ba:9a:a4:
        dd:33:0e:7e
 -----BEGIN X509 CRL-----
 MIIB6DCB0QIBATANBgkqhkiG9w0BAQUFADCBjjELMAkGA1UEBhMCVVMxDzANBgNV
 BAgTBk9yZWdvbjERMA8GA1UEBxMIUG9ydGxhbmQxDjAMBgNVBAoTBXlhU1NMMRQw
 EgYDVQQLEwtQcm9ncmFtbWluZzEWMBQGA1UEAxMNd3d3Lnlhc3NsLmNvbTEdMBsG
 CSqGSIb3DQEJARYOaW5mb0B5YXNzbC5jb20XDTEyMDgxMDE4MDEwMVoXDTEyMTIw
 ODE4MDEwMVqgDjAMMAoGA1UdFAQDAgE+MA0GCSqGSIb3DQEBBQUAA4IBAQAeabLE
 cqeyyeG5rAZALMVmmgdskS4XCceGtGItDx+joxyTzkVT1VeUpnevUdqG5B5vV8jM
 XweNpdu9s/fP4hE84lF5frOpR/fBFxJbfOXDcRfSzlnUDdxF/7z+p3Z7kohSDKXg
 eXWGUCcVKgFmprqW1JoUHZJ9Y3JfJZsFcsvtbXySH08+ZMtdgJ6tyEeDiFs9Bz/T
 aizdyfcJuwUvmvRzFfRhsUeHnL/JYUIZFLhnnMXBhvHoY3FAbC+xwQwf9MSA4tDL
 iGtRHumwBhl8bYXPBX/+PTV5nvBb9AZj1OvS4nApqQK0wbS9U/SPs983kUTV6MQQ
 hnYOSSu6mqTdMw5+
 -----END X509 CRL-----
--- a/FreeRTOS-Plus/CyaSSL/certs/crl/crl.pem
+++ b/FreeRTOS-Plus/CyaSSL/certs/crl/crl.pem
@ -2,40 +2,38 @@ Certificate Revocation List (CRL):
        Version 2 (0x1)
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: /C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.yassl.com/emailAddress=info@yassl.com
-        Last Update: May 15 23:51:25 2012 GMT
+        Last Update: Aug 10 18:01:01 2012 GMT
-        Next Update: Jun 14 23:51:25 2012 GMT
+        Next Update: Dec  8 18:01:01 2012 GMT
        CRL extensions:
            X509v3 CRL Number: 
-                4
+                60
-Revoked Certificates:
+No Revoked Certificates.
    Serial Number: 02
        Revocation Date: May  4 17:06:05 2012 GMT
    Signature Algorithm: sha1WithRSAEncryption
-        aa:e4:44:9b:6b:c9:0b:d3:6f:ba:09:3d:90:93:ae:96:86:73:
+        26:1c:06:6a:42:ff:8b:18:71:4e:ef:7c:02:74:43:6f:7b:83:
-        f6:90:28:ba:93:3b:95:0c:91:c9:10:53:f1:15:fd:43:9a:ba:
+        99:2f:e1:4e:74:0f:f9:99:62:a1:90:88:11:1b:d8:59:3b:1e:
-        4e:dc:8e:e8:10:4d:d8:8b:be:a8:a2:12:4c:19:c1:13:9f:3c:
+        34:dd:f4:92:81:6f:49:2c:9a:5f:ba:21:6f:11:95:19:6e:da:
-        fe:54:60:32:b7:45:77:17:2a:40:f2:16:52:9e:68:fe:be:03:
+        38:a4:4e:a0:7e:4a:fb:7c:c6:9f:c8:26:2d:9b:cd:e8:30:14:
-        99:9c:b1:d3:4b:be:87:5b:f4:12:3c:9e:3d:59:c8:b9:a2:2c:
+        10:38:56:63:89:bf:a7:eb:11:0f:7c:81:60:d7:c3:ab:07:ef:
-        78:94:9c:cd:b0:17:d0:b3:bd:86:99:2b:1d:38:b5:03:d8:d1:
+        6c:af:81:4d:b9:cd:6e:91:c6:42:13:01:d8:1a:62:cb:52:fd:
-        0d:8f:1a:8c:97:ff:87:01:4f:91:22:30:c2:a5:10:bb:e3:fb:
+        44:0b:fa:9f:34:de:75:ba:5a:3d:df:d4:b1:7e:a0:b9:3f:f5:
-        31:b7:44:8a:5a:82:e1:e5:30:69:84:d1:4b:c2:d3:07:bf:21:
+        ed:a3:e6:ef:ef:20:95:45:3c:75:8c:a8:5c:ae:8c:e9:3c:f1:
-        d5:33:2d:ad:4b:e4:6f:83:c1:66:16:74:31:7d:f9:d6:1e:10:
+        e6:34:fd:65:bb:9a:f9:5f:8c:96:7c:32:12:50:43:2b:30:94:
-        66:fd:7d:ad:66:3c:32:cc:a3:98:75:63:16:5c:df:e1:37:3d:
+        4e:8a:f0:c3:5e:c9:e2:49:08:83:64:7a:3b:f3:d5:30:f3:78:
-        e9:08:d2:7b:05:dd:4c:31:92:53:0c:f1:ea:8e:be:31:d1:eb:
+        4b:20:3c:51:d0:da:37:14:f4:c8:f2:ab:41:d2:c3:b9:7a:7f:
-        ac:37:a8:cd:c4:30:c5:91:cc:38:a3:55:4a:51:01:39:cf:7d:
+        42:17:42:79:a4:10:67:4e:84:d4:e9:a9:e8:dd:46:5d:b2:f4:
-        50:57:d2:f2:47:4a:1d:7f:3a:32:16:89:e8:5a:1b:f8:64:33:
+        e8:3d:1c:24:3c:81:e7:56:bb:43:11:e2:d9:a2:9d:ce:b5:78:
-        48:e5:b8:ef:ba:2e:f3:52:7e:ba:28:0e:9b:f7:07:b8:b6:38:
+        ad:19:14:7c:d7:37:e8:bf:f7:30:fc:4d:05:a9:33:6b:12:9f:
-        f9:d0:dd:78
+        24:19:39:35
 -----BEGIN X509 CRL-----
-MIICADCB6QIBATANBgkqhkiG9w0BAQUFADCBkDELMAkGA1UEBhMCVVMxEDAOBgNV
+MIIB6jCB0wIBATANBgkqhkiG9w0BAQUFADCBkDELMAkGA1UEBhMCVVMxEDAOBgNV
 BAgTB01vbnRhbmExEDAOBgNVBAcTB0JvemVtYW4xETAPBgNVBAoTCFNhd3Rvb3Ro
 MRMwEQYDVQQLEwpDb25zdWx0aW5nMRYwFAYDVQQDEw13d3cueWFzc2wuY29tMR0w
-GwYJKoZIhvcNAQkBFg5pbmZvQHlhc3NsLmNvbRcNMTIwNTE1MjM1MTI1WhcNMTIw
+GwYJKoZIhvcNAQkBFg5pbmZvQHlhc3NsLmNvbRcNMTIwODEwMTgwMTAxWhcNMTIx
-NjE0MjM1MTI1WjAUMBICAQIXDTEyMDUwNDE3MDYwNVqgDjAMMAoGA1UdFAQDAgEE
+MjA4MTgwMTAxWqAOMAwwCgYDVR0UBAMCATwwDQYJKoZIhvcNAQEFBQADggEBACYc
-MA0GCSqGSIb3DQEBBQUAA4IBAQCq5ESba8kL02+6CT2Qk66WhnP2kCi6kzuVDJHJ
+BmpC/4sYcU7vfAJ0Q297g5kv4U50D/mZYqGQiBEb2Fk7HjTd9JKBb0ksml+6IW8R
-EFPxFf1DmrpO3I7oEE3Yi76oohJMGcETnzz+VGAyt0V3FypA8hZSnmj+vgOZnLHT
+lRlu2jikTqB+Svt8xp/IJi2bzegwFBA4VmOJv6frEQ98gWDXw6sH72yvgU25zW6R
-S76HW/QSPJ49Wci5oix4lJzNsBfQs72GmSsdOLUD2NENjxqMl/+HAU+RIjDCpRC7
+xkITAdgaYstS/UQL+p803nW6Wj3f1LF+oLk/9e2j5u/vIJVFPHWMqFyujOk88eY0
-4/sxt0SKWoLh5TBphNFLwtMHvyHVMy2tS+Rvg8FmFnQxffnWHhBm/X2tZjwyzKOY
+/WW7mvlfjJZ8MhJQQyswlE6K8MNeyeJJCINkejvz1TDzeEsgPFHQ2jcU9Mjyq0HS
-dWMWXN/hNz3pCNJ7Bd1MMZJTDPHqjr4x0eusN6jNxDDFkcw4o1VKUQE5z31QV9Ly
+w7l6f0IXQnmkEGdOhNTpqejdRl2y9Og9HCQ8gedWu0MR4tminc61eK0ZFHzXN+i/
-R0odfzoyFonoWhv4ZDNI5bjvui7zUn66KA6b9we4tjj50N14
+9zD8TQWpM2sSnyQZOTU=
 -----END X509 CRL-----
--- a/FreeRTOS-Plus/CyaSSL/certs/crl/crl.revoked
+++ b/FreeRTOS-Plus/CyaSSL/certs/crl/crl.revoked
@ -0,0 +1,41 @@
 Certificate Revocation List (CRL):
        Version 2 (0x1)
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: /C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.yassl.com/emailAddress=info@yassl.com
        Last Update: Aug 10 18:01:01 2012 GMT
        Next Update: Dec  8 18:01:01 2012 GMT
        CRL extensions:
            X509v3 CRL Number: 
                61
 Revoked Certificates:
    Serial Number: 02
        Revocation Date: Aug 10 18:01:01 2012 GMT
    Signature Algorithm: sha1WithRSAEncryption
        5c:eb:53:33:02:74:bb:c1:37:37:81:1a:36:9c:eb:d0:28:87:
        12:56:1a:d8:ec:ae:8e:ef:42:d0:61:07:f0:f0:b5:e8:2a:16:
        5e:78:ab:e9:ad:62:f3:6c:c5:fe:7a:b5:c7:0e:8a:e3:0a:2d:
        63:b5:ec:c4:c1:1f:1e:c3:77:b7:24:10:4b:09:b1:d8:ea:40:
        4f:74:6a:9a:d7:57:bd:b9:d3:e2:42:81:81:b2:5c:42:d8:d3:
        21:3f:f2:05:e2:11:8f:ce:60:cc:3b:76:55:e6:5f:6d:71:13:
        b1:7e:2c:50:d2:29:fe:f2:ad:96:f9:ee:8f:5c:c3:0a:73:e7:
        78:c5:8f:6e:0d:35:66:64:4a:76:05:93:9f:eb:05:b2:c3:a1:
        f5:d5:4c:4b:6e:79:f2:8d:51:90:7c:9d:a9:f5:94:7f:93:fe:
        39:da:c1:fb:8c:94:66:1d:d4:40:a9:48:ee:3b:91:14:83:4e:
        b4:ea:93:07:f6:be:48:4a:ec:4c:26:61:2d:a2:66:01:c5:d8:
        d3:18:f6:d0:1b:d2:94:13:c9:94:84:54:e4:44:10:01:66:25:
        47:ee:b2:19:4a:65:e3:79:42:9e:12:af:a7:4a:a4:66:35:e3:
        1a:db:2c:80:ff:a4:9c:2e:6e:32:8e:50:5d:ec:7e:de:1a:01:
        a9:08:fc:a2
 -----BEGIN X509 CRL-----
 MIICADCB6QIBATANBgkqhkiG9w0BAQUFADCBkDELMAkGA1UEBhMCVVMxEDAOBgNV
 BAgTB01vbnRhbmExEDAOBgNVBAcTB0JvemVtYW4xETAPBgNVBAoTCFNhd3Rvb3Ro
 MRMwEQYDVQQLEwpDb25zdWx0aW5nMRYwFAYDVQQDEw13d3cueWFzc2wuY29tMR0w
 GwYJKoZIhvcNAQkBFg5pbmZvQHlhc3NsLmNvbRcNMTIwODEwMTgwMTAxWhcNMTIx
 MjA4MTgwMTAxWjAUMBICAQIXDTEyMDgxMDE4MDEwMVqgDjAMMAoGA1UdFAQDAgE9
 MA0GCSqGSIb3DQEBBQUAA4IBAQBc61MzAnS7wTc3gRo2nOvQKIcSVhrY7K6O70LQ
 YQfw8LXoKhZeeKvprWLzbMX+erXHDorjCi1jtezEwR8ew3e3JBBLCbHY6kBPdGqa
 11e9udPiQoGBslxC2NMhP/IF4hGPzmDMO3ZV5l9tcROxfixQ0in+8q2W+e6PXMMK
 c+d4xY9uDTVmZEp2BZOf6wWyw6H11UxLbnnyjVGQfJ2p9ZR/k/452sH7jJRmHdRA
 qUjuO5EUg0606pMH9r5ISuxMJmEtomYBxdjTGPbQG9KUE8mUhFTkRBABZiVH7rIZ
 SmXjeUKeEq+nSqRmNeMa2yyA/6ScLm4yjlBd7H7eGgGpCPyi
 -----END X509 CRL-----
--- a/FreeRTOS-Plus/CyaSSL/certs/crl/eccCliCRL.pem
+++ b/FreeRTOS-Plus/CyaSSL/certs/crl/eccCliCRL.pem
@ -0,0 +1,24 @@
 Certificate Revocation List (CRL):
        Version 2 (0x1)
        Signature Algorithm: ecdsa-with-SHA1
        Issuer: /C=US/ST=Oregon/L=Salem/O=Client ECC/OU=Fast/CN=www.yassl.com/emailAddress=info@yassl.com
        Last Update: Aug 10 18:01:01 2012 GMT
        Next Update: Dec  8 18:01:01 2012 GMT
        CRL extensions:
            X509v3 CRL Number: 
                63
 No Revoked Certificates.
    Signature Algorithm: ecdsa-with-SHA1
        30:44:02:20:7f:8d:d7:28:61:96:4c:b7:a8:17:0a:7f:9d:cf:
        fa:29:e1:1d:cb:30:61:1b:b3:6b:f0:61:68:15:25:76:62:32:
        02:20:55:ca:fc:37:b4:4c:f9:78:99:b3:c9:d4:1a:e1:fa:f7:
        8a:4a:94:ce:31:ed:b0:1f:dc:64:d7:2a:59:47:b9:2d
 -----BEGIN X509 CRL-----
 MIIBHzCByAIBATAJBgcqhkjOPQQBMIGJMQswCQYDVQQGEwJVUzEPMA0GA1UECBMG
 T3JlZ29uMQ4wDAYDVQQHEwVTYWxlbTETMBEGA1UEChMKQ2xpZW50IEVDQzENMAsG
 A1UECxMERmFzdDEWMBQGA1UEAxMNd3d3Lnlhc3NsLmNvbTEdMBsGCSqGSIb3DQEJ
 ARYOaW5mb0B5YXNzbC5jb20XDTEyMDgxMDE4MDEwMVoXDTEyMTIwODE4MDEwMVqg
 DjAMMAoGA1UdFAQDAgE/MAkGByqGSM49BAEDRwAwRAIgf43XKGGWTLeoFwp/nc/6
 KeEdyzBhG7Nr8GFoFSV2YjICIFXK/De0TPl4mbPJ1Brh+veKSpTOMe2wH9xk1ypZ
 R7kt
 -----END X509 CRL-----
--- a/FreeRTOS-Plus/CyaSSL/certs/crl/eccSrvCRL.pem
+++ b/FreeRTOS-Plus/CyaSSL/certs/crl/eccSrvCRL.pem
@ -0,0 +1,24 @@
 Certificate Revocation List (CRL):
        Version 2 (0x1)
        Signature Algorithm: ecdsa-with-SHA1
        Issuer: /C=US/ST=Washington/L=Seattle/O=Eliptic/OU=ECC/CN=www.yassl.com/emailAddress=info@yassl.com
        Last Update: Aug 10 18:01:01 2012 GMT
        Next Update: Dec  8 18:01:01 2012 GMT
        CRL extensions:
            X509v3 CRL Number: 
                64
 No Revoked Certificates.
    Signature Algorithm: ecdsa-with-SHA1
        30:44:02:20:59:42:06:a7:73:69:03:08:05:e8:4b:95:ca:cf:
        f1:30:9e:84:4b:3c:52:c8:10:b9:c8:36:c8:07:64:65:fd:bf:
        02:20:71:60:a7:35:d6:8c:52:c2:df:06:dc:40:52:c5:ef:4c:
        8b:ec:96:4b:72:b0:c4:36:3e:c8:9d:62:5e:49:f2:5f
 -----BEGIN X509 CRL-----
 MIIBITCBygIBATAJBgcqhkjOPQQBMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMK
 V2FzaGluZ3RvbjEQMA4GA1UEBxMHU2VhdHRsZTEQMA4GA1UEChMHRWxpcHRpYzEM
 MAoGA1UECxMDRUNDMRYwFAYDVQQDEw13d3cueWFzc2wuY29tMR0wGwYJKoZIhvcN
 AQkBFg5pbmZvQHlhc3NsLmNvbRcNMTIwODEwMTgwMTAxWhcNMTIxMjA4MTgwMTAx
 WqAOMAwwCgYDVR0UBAMCAUAwCQYHKoZIzj0EAQNHADBEAiBZQganc2kDCAXoS5XK
 z/EwnoRLPFLIELnINsgHZGX9vwIgcWCnNdaMUsLfBtxAUsXvTIvslktysMQ2Psid
 Yl5J8l8=
 -----END X509 CRL-----
--- a/FreeRTOS-Plus/CyaSSL/certs/crl/include.am
+++ b/FreeRTOS-Plus/CyaSSL/certs/crl/include.am
@ -2,8 +2,13 @@
 # All paths should be given relative to the root
 #
-certs_DATA+= \
+EXTRA_DIST += \
-	     certs/crl/crl.pem
+	     certs/crl/crl.pem \
 	     certs/crl/cliCrl.pem \
 	     certs/crl/eccSrvCRL.pem \
 	     certs/crl/eccCliCRL.pem
 EXTRA_DIST += \
 	     certs/crl/crl.revoked
 EXTRA_DIST+= ${certs_DATA}
--- a/FreeRTOS-Plus/CyaSSL/certs/include.am
+++ b/FreeRTOS-Plus/CyaSSL/certs/include.am
@ -2,7 +2,7 @@
 # All paths should be given relative to the root
 #
-certs_DATA+= \
+EXTRA_DIST += \
 	     certs/ca-cert.pem \
 	     certs/ca-key.pem \
 	     certs/client-cert.pem \
@ -16,6 +16,7 @@ certs_DATA+= \
 	     certs/dh2048.pem \
 	     certs/server-cert.pem \
 	     certs/server-ecc.pem \
 	     certs/server-ecc-rsa.pem \
 	     certs/server-keyEnc.pem \
 	     certs/server-key.pem \
 	     certs/server-keyPkcs8Enc12.pem \
@ -23,7 +24,7 @@ certs_DATA+= \
 	     certs/server-keyPkcs8Enc.pem \
 	     certs/server-keyPkcs8.pem
-certs_DATA+= \
+EXTRA_DIST += \
 	     certs/ca-key.der \
 	     certs/client-cert.der \
 	     certs/client-key.der \
@ -32,7 +33,6 @@ certs_DATA+= \
 	     certs/dsa2048.der \
 	     certs/ecc-key.der
 EXTRA_DIST+= ${certs_DATA}
 doc_DATA+= certs/taoCert.txt
--- a/FreeRTOS-Plus/CyaSSL/certs/server-ecc-rsa.pem
+++ b/FreeRTOS-Plus/CyaSSL/certs/server-ecc-rsa.pem
@ -0,0 +1,54 @@
 Certificate:
    Data:
        Version: 1 (0x0)
        Serial Number: 9 (0x9)
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.yassl.com/emailAddress=info@yassl.com
        Validity
            Not Before: Aug  8 21:58:29 2012 GMT
            Not After : May  5 21:58:29 2015 GMT
        Subject: C=US, ST=Washington, L=Seattle, O=Elliptic - RSAsig, OU=ECC-RSAsig, CN=www.yassl.com/emailAddress=info@yassl.com
        Subject Public Key Info:
            Public Key Algorithm: id-ecPublicKey
            EC Public Key:
                pub: 
                    04:bb:33:ac:4c:27:50:4a:c6:4a:a5:04:c3:3c:de:
                    9f:36:db:72:2d:ce:94:ea:2b:fa:cb:20:09:39:2c:
                    16:e8:61:02:e9:af:4d:d3:02:93:9a:31:5b:97:92:
                    21:7f:f0:cf:18:da:91:11:02:34:86:e8:20:58:33:
                    0b:80:34:89:d8
                ASN1 OID: prime256v1
    Signature Algorithm: sha1WithRSAEncryption
        a0:1c:de:98:e8:61:c8:fb:0a:0e:af:ea:99:4b:c0:49:e6:66:
        68:5e:7a:18:b8:0c:e3:0f:16:86:bc:b5:86:79:02:69:1c:b7:
        e7:ff:53:d9:05:5d:27:39:24:54:67:14:de:ef:8e:c2:a0:11:
        ca:c8:27:99:b9:d6:e9:71:1f:86:c9:8f:b1:74:a2:9f:93:6a:
        0c:74:cf:17:77:8c:26:08:6e:a8:ac:69:d4:55:15:a2:95:87:
        43:7a:ab:72:93:73:40:58:c2:bb:9c:89:f2:73:20:69:df:f1:
        f3:65:08:9c:00:67:97:a6:71:00:2b:31:84:10:ac:bd:54:ac:
        fd:b3:eb:12:36:77:f6:0a:e3:9a:96:d2:a6:22:bc:1d:6b:ce:
        3c:0d:7b:d9:1c:1d:f1:ee:ec:ce:83:c8:98:c9:65:3e:06:31:
        c3:b2:87:da:09:b4:90:0b:e2:6b:29:0e:d6:ae:53:1d:10:98:
        e2:dc:f9:63:38:a1:a2:af:46:23:a4:4c:ab:0c:0b:08:be:cd:
        a4:a6:6d:46:f0:f8:e0:31:99:85:39:10:4a:a0:04:54:3b:21:
        e1:e9:b4:f3:a5:06:cd:37:ae:2c:ca:5d:ac:90:b5:ab:92:81:
        aa:bf:2d:3f:8e:ee:4d:12:81:0a:8e:a4:ca:87:93:af:b0:25:
        7e:e2:07:f7
 -----BEGIN CERTIFICATE-----
 MIIC1zCCAb8CAQkwDQYJKoZIhvcNAQEFBQAwgZAxCzAJBgNVBAYTAlVTMRAwDgYD
 VQQIEwdNb250YW5hMRAwDgYDVQQHEwdCb3plbWFuMREwDwYDVQQKEwhTYXd0b290
 aDETMBEGA1UECxMKQ29uc3VsdGluZzEWMBQGA1UEAxMNd3d3Lnlhc3NsLmNvbTEd
 MBsGCSqGSIb3DQEJARYOaW5mb0B5YXNzbC5jb20wHhcNMTIwODA4MjE1ODI5WhcN
 MTUwNTA1MjE1ODI5WjCBnDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0
 b24xEDAOBgNVBAcTB1NlYXR0bGUxGjAYBgNVBAoTEUVsbGlwdGljIC0gUlNBc2ln
 MRMwEQYDVQQLEwpFQ0MtUlNBc2lnMRYwFAYDVQQDEw13d3cueWFzc2wuY29tMR0w
 GwYJKoZIhvcNAQkBFg5pbmZvQHlhc3NsLmNvbTBZMBMGByqGSM49AgEGCCqGSM49
 AwEHA0IABLszrEwnUErGSqUEwzzenzbbci3OlOor+ssgCTksFuhhAumvTdMCk5ox
 W5eSIX/wzxjakRECNIboIFgzC4A0idgwDQYJKoZIhvcNAQEFBQADggEBAKAc3pjo
 Ycj7Cg6v6plLwEnmZmheehi4DOMPFoa8tYZ5Amkct+f/U9kFXSc5JFRnFN7vjsKg
 EcrIJ5m51ulxH4bJj7F0op+Tagx0zxd3jCYIbqisadRVFaKVh0N6q3KTc0BYwruc
 ifJzIGnf8fNlCJwAZ5emcQArMYQQrL1UrP2z6xI2d/YK45qW0qYivB1rzjwNe9kc
 HfHu7M6DyJjJZT4GMcOyh9oJtJAL4mspDtauUx0QmOLc+WM4oaKvRiOkTKsMCwi+
 zaSmbUbw+OAxmYU5EEqgBFQ7IeHptPOlBs03rizKXayQtauSgaq/LT+O7k0SgQqO
 pMqHk6+wJX7iB/c=
 -----END CERTIFICATE-----
--- a/FreeRTOS-Plus/CyaSSL/certs/taoCert.txt
+++ b/FreeRTOS-Plus/CyaSSL/certs/taoCert.txt
@ -112,7 +112,7 @@ openssl dhparam -in dh2048.param -text > dh2048.pem
 1) create a crl
-a) openssl ca -gencrl -out crl.pem -keyfile ./ca-key.pem -cert ./ca-cert.pem
+a) openssl ca -gencrl -crldays 120 -out crl.pem -keyfile ./ca-key.pem -cert ./ca-cert.pem
 Error No ./CA root/index.txt so:
--- a/FreeRTOS-Plus/CyaSSL/configure
+++ b/FreeRTOS-Plus/CyaSSL/configure
@ -1,6 +1,6 @@
 #! /bin/sh
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.61 for cyassl 2.2.0.
+# Generated by GNU Autoconf 2.61 for cyassl 2.3.0.
 #
 # Report bugs to <http://www.yassl.com>.
 #
@ -594,8 +594,8 @@ SHELL=${CONFIG_SHELL-/bin/sh}
 # Identity of this package.
 PACKAGE_NAME='cyassl'
 PACKAGE_TARNAME='cyassl'
-PACKAGE_VERSION='2.2.0'
+PACKAGE_VERSION='2.3.0'
-PACKAGE_STRING='cyassl 2.2.0'
+PACKAGE_STRING='cyassl 2.3.0'
 PACKAGE_BUGREPORT='http://www.yassl.com'
 # Factoring default headers for most tests.
@ -765,8 +765,12 @@ BUILD_FASTMATH_TRUE
 BUILD_FASTMATH_FALSE
 BUILD_SNIFFER_TRUE
 BUILD_SNIFFER_FALSE
 BUILD_AESGCM_TRUE
 BUILD_AESGCM_FALSE
 BUILD_AESNI_TRUE
 BUILD_AESNI_FALSE
 BUILD_MD2_TRUE
 BUILD_MD2_FALSE
 BUILD_RIPEMD_TRUE
 BUILD_RIPEMD_FALSE
 BUILD_SHA512_TRUE
@ -781,6 +785,8 @@ BUILD_OCSP_TRUE
 BUILD_OCSP_FALSE
 BUILD_CRL_TRUE
 BUILD_CRL_FALSE
 BUILD_CRL_MONITOR_TRUE
 BUILD_CRL_MONITOR_FALSE
 BUILD_NTRU_TRUE
 BUILD_NTRU_FALSE
 ax_pthread_config
@ -1309,7 +1315,7 @@ if test "$ac_init_help" = "long"; then
  # Omit some internal or obsolete options to make the list less imposing.
  # This message is too long to be a string in the A/UX 3.1 sh.
  cat <<_ACEOF
-\`configure' configures cyassl 2.2.0 to adapt to many kinds of systems.
+\`configure' configures cyassl 2.3.0 to adapt to many kinds of systems.
 Usage: $0 [OPTION]... [VAR=VALUE]...
@ -1380,7 +1386,7 @@ fi
 if test -n "$ac_init_help"; then
  case $ac_init_help in
-     short | recursive ) echo "Configuration of cyassl 2.2.0:";;
+     short | recursive ) echo "Configuration of cyassl 2.3.0:";;
   esac
  cat <<\_ACEOF
@ -1408,9 +1414,11 @@ Optional Features:
  --enable-hugecache      Enable huge session cache (default: disabled)
  --enable-smallcache     Enable small session cache (default: disabled)
  --enable-sniffer        Enable CyaSSL sniffer support (default: disabled)
  --enable-aesgcm         Enable CyaSSL AES-GCM support (default: disabled)
  --enable-aesni          Enable CyaSSL AES-NI support (default: disabled)
  --enable-md2            Enable CyaSSL MD2 support (default: disabled)
  --enable-ripemd         Enable CyaSSL RIPEMD-160 support (default: disabled)
-  --enable-sha512         Enable CyaSSL SHA-160 support (default: disabled)
+  --enable-sha512         Enable CyaSSL SHA-512 support (default: disabled)
  --enable-sessioncerts   Enable session cert storing (default: disabled)
  --enable-keygen         Enable key generation (default: disabled)
  --enable-certgen        Enable cert generation (default: disabled)
@ -1422,6 +1430,7 @@ Optional Features:
  --enable-ecc            Enable ECC (default: disabled)
  --enable-ocsp           Enable OCSP (default: disabled)
  --enable-crl            Enable CRL (default: disabled)
  --enable-crl-monitor    Enable CRL Monitor (default: disabled)
  --enable-ntru           Enable NTRU (default: disabled)
  --enable-testcert       Enable Test Cert (default: disabled)
  --enable-gcc-lots-o-warnings
@ -1517,7 +1526,7 @@ fi
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
  cat <<\_ACEOF
-cyassl configure 2.2.0
+cyassl configure 2.3.0
 generated by GNU Autoconf 2.61
 Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001,
@ -1531,7 +1540,7 @@ cat >config.log <<_ACEOF
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
-It was created by cyassl $as_me 2.2.0, which was
+It was created by cyassl $as_me 2.3.0, which was
 generated by GNU Autoconf 2.61.  Invocation command line was
  $ $0 $@
@ -2353,7 +2362,7 @@ fi
 # Define the identity of the package.
 PACKAGE='cyassl'
- VERSION='2.2.0'
+ VERSION='2.3.0'
 cat >>confdefs.h <<_ACEOF
@ -21826,6 +21835,48 @@ else
 fi
 # AES-GCM
 # Check whether --enable-aesgcm was given.
 if test "${enable_aesgcm+set}" = set; then
  enableval=$enable_aesgcm;  ENABLED_AESGCM=$enableval
 else
   ENABLED_AESGCM=no
 fi
 if test "$ENABLED_AESGCM" = "word32"
 then
    AM_CFLAGS="$AM_CFLAGS -DGCM_WORD32"
    ENABLED_AESGCM=yes
 fi
 if test "$ENABLED_AESGCM" = "small"
 then
    AM_CFLAGS="$AM_CFLAGS -DGCM_SMALL"
    ENABLED_AESGCM=yes
 fi
 if test "$ENABLED_AESGCM" = "table"
 then
    AM_CFLAGS="$AM_CFLAGS -DGCM_TABLE"
    ENABLED_AESGCM=yes
 fi
 if test "$ENABLED_AESGCM" = "yes"
 then
    AM_CFLAGS="$AM_CFLAGS -DHAVE_AESGCM -DCYASSL_SHA384 -DCYASSL_SHA512"
 fi
 if test "x$ENABLED_AESGCM" = "xyes"; then
  BUILD_AESGCM_TRUE=
  BUILD_AESGCM_FALSE='#'
 else
  BUILD_AESGCM_TRUE='#'
  BUILD_AESGCM_FALSE=
 fi
 # AES-NI
 # Check whether --enable-aesni was given.
 if test "${enable_aesni+set}" = set; then
@ -21856,6 +21907,36 @@ fi
 # MD2
 # Check whether --enable-md2 was given.
 if test "${enable_md2+set}" = set; then
  enableval=$enable_md2;  ENABLED_MD2=$enableval
 else
   ENABLED_MD2=no
 fi
 if test "$ENABLED_BUMP" = "yes"
 then
    ENABLED_MD2="yes"
 fi
 if test "$ENABLED_MD2" = "yes"
 then
    AM_CFLAGS="$AM_CFLAGS -DCYASSL_MD2"
 fi
 if test "x$ENABLED_MD2" = "xyes"; then
  BUILD_MD2_TRUE=
  BUILD_MD2_FALSE='#'
 else
  BUILD_MD2_TRUE='#'
  BUILD_MD2_FALSE=
 fi
 # RIPEMD
 # Check whether --enable-ripemd was given.
 if test "${enable_ripemd+set}" = set; then
@ -21901,6 +21982,11 @@ then
    ENABLED_SHA512="yes"
 fi
 if test "$ENABLED_AESGCM" = "yes"
 then
    ENABLED_SHA512="yes"
 fi
 if test "x$ENABLED_SHA512" = "xyes"; then
  BUILD_SHA512_TRUE=
@ -22141,6 +22227,30 @@ fi
 # CRL Monitor
 # Check whether --enable-crl-monitor was given.
 if test "${enable_crl_monitor+set}" = set; then
  enableval=$enable_crl_monitor;  ENABLED_CRL_MONITOR=$enableval
 else
   ENABLED_CRL_MONITOR=no
 fi
 if test "$ENABLED_CRL_MONITOR" = "yes"
 then
    AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL_MONITOR"
 fi
 if test "x$ENABLED_CRL_MONITOR" = "xyes"; then
  BUILD_CRL_MONITOR_TRUE=
  BUILD_CRL_MONITOR_FALSE='#'
 else
  BUILD_CRL_MONITOR_TRUE='#'
  BUILD_CRL_MONITOR_FALSE=
 fi
 # NTRU
 ntruHome=`pwd`/NTRU_algorithm
 ntruInclude=$ntruHome/cryptolib
@ -23095,9 +23205,14 @@ GCCWARNINGS="-Wall -fno-strict-aliasing -W -Wfloat-equal -Wundef        \
  -Wnested-externs -Wbad-function-cast -Wswitch-enum -Winit-self          \
  -Wmissing-field-initializers -Wdeclaration-after-statement              \
  -Wold-style-definition -Waddress -Wmissing-noreturn -Wnormalized=id     \
-  -Woverride-init -Wstrict-overflow=1 -Wextra -Warray-bounds              \
+  -Woverride-init -Wstrict-overflow=1 -Wextra -Wstack-protector -Wformat  \
-  -Wstack-protector -Wformat -Wformat-security -Wpointer-sign -Wshadow    \
+  -Wformat-security -Wpointer-sign -Wshadow -Wswitch-default"
-  -Wswitch-default"
+
 case "$host_os" in
  *linux*)
 GCCWARNINGS="$GCCWARNINGS -Warray-bounds"
  ;;
 esac
 # Check whether --enable-gcc-lots-o-warnings was given.
 if test "${enable_gcc_lots_o_warnings+set}" = set; then
@ -23298,6 +23413,13 @@ echo "$as_me: error: conditional \"BUILD_SNIFFER\" was never defined.
 Usually this means the macro was only invoked conditionally." >&2;}
   { (exit 1); exit 1; }; }
 fi
 if test -z "${BUILD_AESGCM_TRUE}" && test -z "${BUILD_AESGCM_FALSE}"; then
  { { echo "$as_me:$LINENO: error: conditional \"BUILD_AESGCM\" was never defined.
 Usually this means the macro was only invoked conditionally." >&5
 echo "$as_me: error: conditional \"BUILD_AESGCM\" was never defined.
 Usually this means the macro was only invoked conditionally." >&2;}
   { (exit 1); exit 1; }; }
 fi
 if test -z "${BUILD_AESNI_TRUE}" && test -z "${BUILD_AESNI_FALSE}"; then
  { { echo "$as_me:$LINENO: error: conditional \"BUILD_AESNI\" was never defined.
 Usually this means the macro was only invoked conditionally." >&5
@ -23305,6 +23427,13 @@ echo "$as_me: error: conditional \"BUILD_AESNI\" was never defined.
 Usually this means the macro was only invoked conditionally." >&2;}
   { (exit 1); exit 1; }; }
 fi
 if test -z "${BUILD_MD2_TRUE}" && test -z "${BUILD_MD2_FALSE}"; then
  { { echo "$as_me:$LINENO: error: conditional \"BUILD_MD2\" was never defined.
 Usually this means the macro was only invoked conditionally." >&5
 echo "$as_me: error: conditional \"BUILD_MD2\" was never defined.
 Usually this means the macro was only invoked conditionally." >&2;}
   { (exit 1); exit 1; }; }
 fi
 if test -z "${BUILD_RIPEMD_TRUE}" && test -z "${BUILD_RIPEMD_FALSE}"; then
  { { echo "$as_me:$LINENO: error: conditional \"BUILD_RIPEMD\" was never defined.
 Usually this means the macro was only invoked conditionally." >&5
@ -23354,6 +23483,13 @@ echo "$as_me: error: conditional \"BUILD_CRL\" was never defined.
 Usually this means the macro was only invoked conditionally." >&2;}
   { (exit 1); exit 1; }; }
 fi
 if test -z "${BUILD_CRL_MONITOR_TRUE}" && test -z "${BUILD_CRL_MONITOR_FALSE}"; then
  { { echo "$as_me:$LINENO: error: conditional \"BUILD_CRL_MONITOR\" was never defined.
 Usually this means the macro was only invoked conditionally." >&5
 echo "$as_me: error: conditional \"BUILD_CRL_MONITOR\" was never defined.
 Usually this means the macro was only invoked conditionally." >&2;}
   { (exit 1); exit 1; }; }
 fi
 if test -z "${BUILD_NTRU_TRUE}" && test -z "${BUILD_NTRU_FALSE}"; then
  { { echo "$as_me:$LINENO: error: conditional \"BUILD_NTRU\" was never defined.
 Usually this means the macro was only invoked conditionally." >&5
@ -23661,7 +23797,7 @@ exec 6>&1
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by cyassl $as_me 2.2.0, which was
+This file was extended by cyassl $as_me 2.3.0, which was
 generated by GNU Autoconf 2.61.  Invocation command line was
  CONFIG_FILES    = $CONFIG_FILES
@ -23714,7 +23850,7 @@ Report bugs to <bug-autoconf@gnu.org>."
 _ACEOF
 cat >>$CONFIG_STATUS <<_ACEOF
 ac_cs_version="\\
-cyassl config.status 2.2.0
+cyassl config.status 2.3.0
 configured by $0, generated by GNU Autoconf 2.61,
  with options \\"`echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`\\"
@ -24431,8 +24567,12 @@ BUILD_FASTMATH_TRUE!$BUILD_FASTMATH_TRUE$ac_delim
 BUILD_FASTMATH_FALSE!$BUILD_FASTMATH_FALSE$ac_delim
 BUILD_SNIFFER_TRUE!$BUILD_SNIFFER_TRUE$ac_delim
 BUILD_SNIFFER_FALSE!$BUILD_SNIFFER_FALSE$ac_delim
 BUILD_AESGCM_TRUE!$BUILD_AESGCM_TRUE$ac_delim
 BUILD_AESGCM_FALSE!$BUILD_AESGCM_FALSE$ac_delim
 BUILD_AESNI_TRUE!$BUILD_AESNI_TRUE$ac_delim
 BUILD_AESNI_FALSE!$BUILD_AESNI_FALSE$ac_delim
 BUILD_MD2_TRUE!$BUILD_MD2_TRUE$ac_delim
 BUILD_MD2_FALSE!$BUILD_MD2_FALSE$ac_delim
 BUILD_RIPEMD_TRUE!$BUILD_RIPEMD_TRUE$ac_delim
 BUILD_RIPEMD_FALSE!$BUILD_RIPEMD_FALSE$ac_delim
 BUILD_SHA512_TRUE!$BUILD_SHA512_TRUE$ac_delim
@ -24447,6 +24587,8 @@ BUILD_OCSP_TRUE!$BUILD_OCSP_TRUE$ac_delim
 BUILD_OCSP_FALSE!$BUILD_OCSP_FALSE$ac_delim
 BUILD_CRL_TRUE!$BUILD_CRL_TRUE$ac_delim
 BUILD_CRL_FALSE!$BUILD_CRL_FALSE$ac_delim
 BUILD_CRL_MONITOR_TRUE!$BUILD_CRL_MONITOR_TRUE$ac_delim
 BUILD_CRL_MONITOR_FALSE!$BUILD_CRL_MONITOR_FALSE$ac_delim
 BUILD_NTRU_TRUE!$BUILD_NTRU_TRUE$ac_delim
 BUILD_NTRU_FALSE!$BUILD_NTRU_FALSE$ac_delim
 ax_pthread_config!$ax_pthread_config$ac_delim
@ -24459,7 +24601,7 @@ AM_LDFLAGS!$AM_LDFLAGS$ac_delim
 LTLIBOBJS!$LTLIBOBJS$ac_delim
 _ACEOF
-  if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 58; then
+  if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 64; then
    break
  elif $ac_last_try; then
    { { echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5
--- a/FreeRTOS-Plus/CyaSSL/configure.ac
+++ b/FreeRTOS-Plus/CyaSSL/configure.ac
@ -1,12 +1,12 @@
 # configure.ac
 #
-# Copyright (C) 2006-2011 Sawtooth Consulting Ltd.
+# Copyright (C) 2006-2012 Sawtooth Consulting Ltd.
 #
 # This file is part of CyaSSL.
 #
 #
-AC_INIT([cyassl],[2.2.0],[http://www.yassl.com])
+AC_INIT([cyassl],[2.3.0],[http://www.yassl.com])
 AC_CONFIG_AUX_DIR(config)
@ -289,6 +289,38 @@ fi
 AM_CONDITIONAL([BUILD_SNIFFER], [test "x$ENABLED_SNIFFER" = "xyes"])
 # AES-GCM
 AC_ARG_ENABLE(aesgcm,
    [  --enable-aesgcm         Enable CyaSSL AES-GCM support (default: disabled)],
    [ ENABLED_AESGCM=$enableval ],
    [ ENABLED_AESGCM=no ]
    )
 if test "$ENABLED_AESGCM" = "word32"
 then
    AM_CFLAGS="$AM_CFLAGS -DGCM_WORD32"
    ENABLED_AESGCM=yes
 fi
 if test "$ENABLED_AESGCM" = "small"
 then
    AM_CFLAGS="$AM_CFLAGS -DGCM_SMALL"
    ENABLED_AESGCM=yes
 fi
 if test "$ENABLED_AESGCM" = "table"
 then
    AM_CFLAGS="$AM_CFLAGS -DGCM_TABLE"
    ENABLED_AESGCM=yes
 fi
 if test "$ENABLED_AESGCM" = "yes"
 then
    AM_CFLAGS="$AM_CFLAGS -DHAVE_AESGCM -DCYASSL_SHA384 -DCYASSL_SHA512"
 fi
 AM_CONDITIONAL([BUILD_AESGCM], [test "x$ENABLED_AESGCM" = "xyes"])
 # AES-NI
 AC_ARG_ENABLE(aesni,
    [  --enable-aesni          Enable CyaSSL AES-NI support (default: disabled)],
@ -309,6 +341,26 @@ fi
 AM_CONDITIONAL([BUILD_AESNI], [test "x$ENABLED_AESNI" = "xyes"])
 # MD2
 AC_ARG_ENABLE(md2,
    [  --enable-md2            Enable CyaSSL MD2 support (default: disabled)],
    [ ENABLED_MD2=$enableval ],
    [ ENABLED_MD2=no ]
    )
 if test "$ENABLED_BUMP" = "yes"
 then
    ENABLED_MD2="yes"
 fi
 if test "$ENABLED_MD2" = "yes"
 then
    AM_CFLAGS="$AM_CFLAGS -DCYASSL_MD2"
 fi
 AM_CONDITIONAL([BUILD_MD2], [test "x$ENABLED_MD2" = "xyes"])
 # RIPEMD
 AC_ARG_ENABLE(ripemd,
    [  --enable-ripemd         Enable CyaSSL RIPEMD-160 support (default: disabled)],
@ -326,7 +378,7 @@ AM_CONDITIONAL([BUILD_RIPEMD], [test "x$ENABLED_RIPEMD" = "xyes"])
 # SHA512
 AC_ARG_ENABLE(sha512,
-    [  --enable-sha512         Enable CyaSSL SHA-160 support (default: disabled)],
+    [  --enable-sha512         Enable CyaSSL SHA-512 support (default: disabled)],
    [ ENABLED_SHA512=$enableval ],
    [ ENABLED_SHA512=no ]
    )
@ -341,6 +393,11 @@ then
    ENABLED_SHA512="yes"
 fi
 if test "$ENABLED_AESGCM" = "yes"
 then
    ENABLED_SHA512="yes"
 fi
 AM_CONDITIONAL([BUILD_SHA512], [test "x$ENABLED_SHA512" = "xyes"])
@ -506,6 +563,21 @@ fi
 AM_CONDITIONAL([BUILD_CRL], [test "x$ENABLED_CRL" = "xyes"])
 # CRL Monitor
 AC_ARG_ENABLE(crl-monitor,
    [  --enable-crl-monitor    Enable CRL Monitor (default: disabled)],
    [ ENABLED_CRL_MONITOR=$enableval ],
    [ ENABLED_CRL_MONITOR=no ],
    )
 if test "$ENABLED_CRL_MONITOR" = "yes"
 then
    AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL_MONITOR"
 fi
 AM_CONDITIONAL([BUILD_CRL_MONITOR], [test "x$ENABLED_CRL_MONITOR" = "xyes"])
 # NTRU
 ntruHome=`pwd`/NTRU_algorithm
 ntruInclude=$ntruHome/cryptolib
@ -617,9 +689,14 @@ GCCWARNINGS="-Wall -fno-strict-aliasing -W -Wfloat-equal -Wundef        \
  -Wnested-externs -Wbad-function-cast -Wswitch-enum -Winit-self          \
  -Wmissing-field-initializers -Wdeclaration-after-statement              \
  -Wold-style-definition -Waddress -Wmissing-noreturn -Wnormalized=id     \
-  -Woverride-init -Wstrict-overflow=1 -Wextra -Warray-bounds              \
+  -Woverride-init -Wstrict-overflow=1 -Wextra -Wstack-protector -Wformat  \
-  -Wstack-protector -Wformat -Wformat-security -Wpointer-sign -Wshadow    \
+  -Wformat-security -Wpointer-sign -Wshadow -Wswitch-default"
-  -Wswitch-default"
+
 case "$host_os" in
  *linux*)
 GCCWARNINGS="$GCCWARNINGS -Warray-bounds"
  ;;
 esac
 AC_ARG_ENABLE(gcc-lots-o-warnings,
 AS_HELP_STRING(--enable-gcc-lots-o-warnings, Enable lots of gcc warnings (default: disabled)),
--- a/FreeRTOS-Plus/CyaSSL/ctaocrypt/benchmark/benchmark.c
+++ b/FreeRTOS-Plus/CyaSSL/ctaocrypt/benchmark/benchmark.c
@ -54,6 +54,7 @@ void bench_arc4();
 void bench_hc128();
 void bench_rabbit();
 void bench_aes(int);
 void bench_aesgcm();
 void bench_md5();
 void bench_sha();
@ -78,6 +79,9 @@ int main(int argc, char** argv)
 #ifndef NO_AES
    bench_aes(0);
    bench_aes(1);
 #endif
 #ifdef HAVE_AESGCM
    bench_aesgcm();
 #endif
    bench_arc4();
 #ifdef HAVE_HC128
@ -171,6 +175,34 @@ void bench_aes(int show)
 #endif
 byte additional[13];
 byte tag[16];
 #ifdef HAVE_AESGCM
 void bench_aesgcm()
 {
    Aes    enc;
    double start, total, persec;
    int    i;
    AesGcmSetKey(&enc, key, 16, iv);
    AesGcmSetExpIV(&enc, iv+4);
    start = current_time();
    for(i = 0; i < megs; i++)
        AesGcmEncrypt(&enc, cipher, plain, sizeof(plain),
                        tag, 16, additional, 13);
    total = current_time() - start;
    persec = 1 / total * megs;
    printf("AES-GCM  %d megs took %5.3f seconds, %6.2f MB/s\n", megs, total,
                                                                    persec);
 }
 #endif
 #ifndef NO_DES3
 void bench_des()
 {
--- a/FreeRTOS-Plus/CyaSSL/ctaocrypt/src/aes.c
+++ b/FreeRTOS-Plus/CyaSSL/ctaocrypt/src/aes.c
@ -1404,5 +1404,753 @@ void AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
 #endif /* CYASSL_AES_COUNTER */
 #ifdef HAVE_AESGCM
 /*
 * The IV for AES GCM, stored in struct Aes's member reg, is comprised of
 * three parts in order:
 *   1. The implicit IV. This is generated from the PRF using the shared
 *      secrets between endpoints. It is 4 bytes long.
 *   2. The explicit IV. This is set by the user of the AES. It needs to be
 *      unique for each call to encrypt. The explicit IV is shared with the
 *      other end of the transaction in the clear.
 *   3. The counter. Each block of data is encrypted with its own sequence
 *      number counter.
 */
 enum {
    IMPLICIT_IV_SZ = 4,
    EXPLICIT_IV_SZ = 8,
    CTR_SZ = 4
 };
 static INLINE void InitGcmCounter(byte* inOutCtr)
 {
    inOutCtr[AES_BLOCK_SIZE - 4] = 0;
    inOutCtr[AES_BLOCK_SIZE - 3] = 0;
    inOutCtr[AES_BLOCK_SIZE - 2] = 0;
    inOutCtr[AES_BLOCK_SIZE - 1] = 1;
 }
 static INLINE void IncrementGcmCounter(byte* inOutCtr)
 {
    int i;
    /* in network byte order so start at end and work back */
    for (i = AES_BLOCK_SIZE - 1; i >= AES_BLOCK_SIZE - CTR_SZ; i--) {
        if (++inOutCtr[i])  /* we're done unless we overflow */
            return;
    }
 }
 /*
 * The explicit IV is set by the caller. A common practice is to treat it as
 * a sequence number seeded with a random number. The caller manages
 * incrementing the explicit IV when appropriate.
 */
 void AesGcmSetExpIV(Aes* aes, const byte* iv)
 {
    XMEMCPY((byte*)aes->reg + IMPLICIT_IV_SZ, iv, EXPLICIT_IV_SZ);
 }
 void AesGcmGetExpIV(Aes* aes, byte* iv)
 {
    XMEMCPY(iv, (byte*)aes->reg + IMPLICIT_IV_SZ, EXPLICIT_IV_SZ);
 }
 void AesGcmIncExpIV(Aes* aes)
 {
    int i;
    byte* iv = (byte*)aes->reg + IMPLICIT_IV_SZ;
    for (i = EXPLICIT_IV_SZ - 1; i >= 0; i--) {
        if (++iv[i])
            return;
    }
 }
 #if defined(GCM_SMALL) || defined(GCM_TABLE)
 static INLINE void FlattenSzInBits(byte* buf, word32 sz)
 {
    /* Multiply the sz by 8 */
    word32 szHi = (sz >> (8*sizeof(sz) - 3));
    sz <<= 3;
    /* copy over the words of the sz into the destination buffer */
    buf[0] = (szHi >> 24) & 0xff;
    buf[1] = (szHi >> 16) & 0xff;
    buf[2] = (szHi >>  8) & 0xff;
    buf[3] = szHi & 0xff;
    buf[4] = (sz >> 24) & 0xff;
    buf[5] = (sz >> 16) & 0xff;
    buf[6] = (sz >>  8) & 0xff;
    buf[7] = sz & 0xff;
 }
 static INLINE void RIGHTSHIFTX(byte* x)
 {
    int i;
    int carryOut = 0;
    int carryIn = 0;
    int borrow = x[15] & 0x01;
    for (i = 0; i < AES_BLOCK_SIZE; i++) {
        carryOut = x[i] & 0x01;
        x[i] = (x[i] >> 1) | (carryIn ? 0x80 : 0);
        carryIn = carryOut;
    }
    if (borrow) x[0] ^= 0xE1;
 }
 #endif /* defined(GCM_SMALL) || defined(GCM_TABLE) */
 #ifdef GCM_TABLE
 static void GenerateM0(Aes* aes)
 {
    int i, j;
    byte (*m)[AES_BLOCK_SIZE] = aes->M0;
    XMEMCPY(m[128], aes->H, AES_BLOCK_SIZE);
    for (i = 64; i > 0; i /= 2) {
        XMEMCPY(m[i], m[i*2], AES_BLOCK_SIZE);
        RIGHTSHIFTX(m[i]);
    }
    for (i = 2; i < 256; i *= 2) {
        for (j = 1; j < i; j++) {
            XMEMCPY(m[i+j], m[i], AES_BLOCK_SIZE);
            xorbuf(m[i+j], m[j], AES_BLOCK_SIZE);
        }
    }
    XMEMSET(m[0], 0, AES_BLOCK_SIZE);
 }
 #endif /* GCM_TABLE */
 void AesGcmSetKey(Aes* aes, const byte* key, word32 len,
                                                    const byte* implicitIV)
 {
    byte fullIV[AES_BLOCK_SIZE];
    XMEMSET(fullIV, 0, AES_BLOCK_SIZE);
    XMEMCPY(fullIV, implicitIV, IMPLICIT_IV_SZ);
    AesSetKey(aes, key, len, fullIV, AES_ENCRYPTION);
    XMEMSET(fullIV, 0, AES_BLOCK_SIZE);
    AesEncrypt(aes, fullIV, aes->H);
 #ifdef GCM_TABLE
    GenerateM0(aes);
 #endif /* GCM_TABLE */
 }
 #if defined(GCM_SMALL)
 static void GMULT(byte* X, byte* Y)
 {
    byte Z[AES_BLOCK_SIZE];
    byte V[AES_BLOCK_SIZE];
    int i, j;
    XMEMSET(Z, 0, AES_BLOCK_SIZE);
    XMEMCPY(V, X, AES_BLOCK_SIZE);
    for (i = 0; i < AES_BLOCK_SIZE; i++)
    {
        byte y = Y[i];
        for (j = 0; j < 8; j++)
        {
            if (y & 0x80) {
                xorbuf(Z, V, AES_BLOCK_SIZE);
            }
            RIGHTSHIFTX(V);
            y = y << 1;
        }
    }
    XMEMCPY(X, Z, AES_BLOCK_SIZE);
 }
 static void GHASH(Aes* aes, const byte* a, word32 aSz,
                                const byte* c, word32 cSz, byte* s, word32 sSz)
 {
    byte x[AES_BLOCK_SIZE];
    byte scratch[AES_BLOCK_SIZE];
    word32 blocks, partial;
    byte* h = aes->H;
    XMEMSET(x, 0, AES_BLOCK_SIZE);
    /* Hash in A, the Additional Authentication Data */
    if (aSz != 0 && a != NULL) {
        blocks = aSz / AES_BLOCK_SIZE;
        partial = aSz % AES_BLOCK_SIZE;
        while (blocks--) {
            xorbuf(x, a, AES_BLOCK_SIZE);
            GMULT(x, h);
            a += AES_BLOCK_SIZE;
        }
        if (partial != 0) {
            XMEMSET(scratch, 0, AES_BLOCK_SIZE);
            XMEMCPY(scratch, a, partial);
            xorbuf(x, scratch, AES_BLOCK_SIZE);
            GMULT(x, h);
        }
    }
    /* Hash in C, the Ciphertext */
    if (cSz != 0 && c != NULL) {
        blocks = cSz / AES_BLOCK_SIZE;
        partial = cSz % AES_BLOCK_SIZE;
        while (blocks--) {
            xorbuf(x, c, AES_BLOCK_SIZE);
            GMULT(x, h);
            c += AES_BLOCK_SIZE;
        }
        if (partial != 0) {
            XMEMSET(scratch, 0, AES_BLOCK_SIZE);
            XMEMCPY(scratch, c, partial);
            xorbuf(x, scratch, AES_BLOCK_SIZE);
            GMULT(x, h);
        }
    }
    /* Hash in the lengths of A and C in bits */
    FlattenSzInBits(&scratch[0], aSz);
    FlattenSzInBits(&scratch[8], cSz);
    xorbuf(x, scratch, AES_BLOCK_SIZE);
    GMULT(x, h);
    /* Copy the result into s. */
    XMEMCPY(s, x, sSz);
 }
 /* end GCM_SMALL */
 #elif defined(GCM_TABLE)
 static const byte R[256][2] = {
    {0x00, 0x00}, {0x01, 0xc2}, {0x03, 0x84}, {0x02, 0x46},
    {0x07, 0x08}, {0x06, 0xca}, {0x04, 0x8c}, {0x05, 0x4e},
    {0x0e, 0x10}, {0x0f, 0xd2}, {0x0d, 0x94}, {0x0c, 0x56},
    {0x09, 0x18}, {0x08, 0xda}, {0x0a, 0x9c}, {0x0b, 0x5e},
    {0x1c, 0x20}, {0x1d, 0xe2}, {0x1f, 0xa4}, {0x1e, 0x66},
    {0x1b, 0x28}, {0x1a, 0xea}, {0x18, 0xac}, {0x19, 0x6e},
    {0x12, 0x30}, {0x13, 0xf2}, {0x11, 0xb4}, {0x10, 0x76},
    {0x15, 0x38}, {0x14, 0xfa}, {0x16, 0xbc}, {0x17, 0x7e},
    {0x38, 0x40}, {0x39, 0x82}, {0x3b, 0xc4}, {0x3a, 0x06},
    {0x3f, 0x48}, {0x3e, 0x8a}, {0x3c, 0xcc}, {0x3d, 0x0e},
    {0x36, 0x50}, {0x37, 0x92}, {0x35, 0xd4}, {0x34, 0x16},
    {0x31, 0x58}, {0x30, 0x9a}, {0x32, 0xdc}, {0x33, 0x1e},
    {0x24, 0x60}, {0x25, 0xa2}, {0x27, 0xe4}, {0x26, 0x26},
    {0x23, 0x68}, {0x22, 0xaa}, {0x20, 0xec}, {0x21, 0x2e},
    {0x2a, 0x70}, {0x2b, 0xb2}, {0x29, 0xf4}, {0x28, 0x36},
    {0x2d, 0x78}, {0x2c, 0xba}, {0x2e, 0xfc}, {0x2f, 0x3e},
    {0x70, 0x80}, {0x71, 0x42}, {0x73, 0x04}, {0x72, 0xc6},
    {0x77, 0x88}, {0x76, 0x4a}, {0x74, 0x0c}, {0x75, 0xce},
    {0x7e, 0x90}, {0x7f, 0x52}, {0x7d, 0x14}, {0x7c, 0xd6},
    {0x79, 0x98}, {0x78, 0x5a}, {0x7a, 0x1c}, {0x7b, 0xde},
    {0x6c, 0xa0}, {0x6d, 0x62}, {0x6f, 0x24}, {0x6e, 0xe6},
    {0x6b, 0xa8}, {0x6a, 0x6a}, {0x68, 0x2c}, {0x69, 0xee},
    {0x62, 0xb0}, {0x63, 0x72}, {0x61, 0x34}, {0x60, 0xf6},
    {0x65, 0xb8}, {0x64, 0x7a}, {0x66, 0x3c}, {0x67, 0xfe},
    {0x48, 0xc0}, {0x49, 0x02}, {0x4b, 0x44}, {0x4a, 0x86},
    {0x4f, 0xc8}, {0x4e, 0x0a}, {0x4c, 0x4c}, {0x4d, 0x8e},
    {0x46, 0xd0}, {0x47, 0x12}, {0x45, 0x54}, {0x44, 0x96},
    {0x41, 0xd8}, {0x40, 0x1a}, {0x42, 0x5c}, {0x43, 0x9e},
    {0x54, 0xe0}, {0x55, 0x22}, {0x57, 0x64}, {0x56, 0xa6},
    {0x53, 0xe8}, {0x52, 0x2a}, {0x50, 0x6c}, {0x51, 0xae},
    {0x5a, 0xf0}, {0x5b, 0x32}, {0x59, 0x74}, {0x58, 0xb6},
    {0x5d, 0xf8}, {0x5c, 0x3a}, {0x5e, 0x7c}, {0x5f, 0xbe},
    {0xe1, 0x00}, {0xe0, 0xc2}, {0xe2, 0x84}, {0xe3, 0x46},
    {0xe6, 0x08}, {0xe7, 0xca}, {0xe5, 0x8c}, {0xe4, 0x4e},
    {0xef, 0x10}, {0xee, 0xd2}, {0xec, 0x94}, {0xed, 0x56},
    {0xe8, 0x18}, {0xe9, 0xda}, {0xeb, 0x9c}, {0xea, 0x5e},
    {0xfd, 0x20}, {0xfc, 0xe2}, {0xfe, 0xa4}, {0xff, 0x66},
    {0xfa, 0x28}, {0xfb, 0xea}, {0xf9, 0xac}, {0xf8, 0x6e},
    {0xf3, 0x30}, {0xf2, 0xf2}, {0xf0, 0xb4}, {0xf1, 0x76},
    {0xf4, 0x38}, {0xf5, 0xfa}, {0xf7, 0xbc}, {0xf6, 0x7e},
    {0xd9, 0x40}, {0xd8, 0x82}, {0xda, 0xc4}, {0xdb, 0x06},
    {0xde, 0x48}, {0xdf, 0x8a}, {0xdd, 0xcc}, {0xdc, 0x0e},
    {0xd7, 0x50}, {0xd6, 0x92}, {0xd4, 0xd4}, {0xd5, 0x16},
    {0xd0, 0x58}, {0xd1, 0x9a}, {0xd3, 0xdc}, {0xd2, 0x1e},
    {0xc5, 0x60}, {0xc4, 0xa2}, {0xc6, 0xe4}, {0xc7, 0x26},
    {0xc2, 0x68}, {0xc3, 0xaa}, {0xc1, 0xec}, {0xc0, 0x2e},
    {0xcb, 0x70}, {0xca, 0xb2}, {0xc8, 0xf4}, {0xc9, 0x36},
    {0xcc, 0x78}, {0xcd, 0xba}, {0xcf, 0xfc}, {0xce, 0x3e},
    {0x91, 0x80}, {0x90, 0x42}, {0x92, 0x04}, {0x93, 0xc6},
    {0x96, 0x88}, {0x97, 0x4a}, {0x95, 0x0c}, {0x94, 0xce},
    {0x9f, 0x90}, {0x9e, 0x52}, {0x9c, 0x14}, {0x9d, 0xd6},
    {0x98, 0x98}, {0x99, 0x5a}, {0x9b, 0x1c}, {0x9a, 0xde},
    {0x8d, 0xa0}, {0x8c, 0x62}, {0x8e, 0x24}, {0x8f, 0xe6},
    {0x8a, 0xa8}, {0x8b, 0x6a}, {0x89, 0x2c}, {0x88, 0xee},
    {0x83, 0xb0}, {0x82, 0x72}, {0x80, 0x34}, {0x81, 0xf6},
    {0x84, 0xb8}, {0x85, 0x7a}, {0x87, 0x3c}, {0x86, 0xfe},
    {0xa9, 0xc0}, {0xa8, 0x02}, {0xaa, 0x44}, {0xab, 0x86},
    {0xae, 0xc8}, {0xaf, 0x0a}, {0xad, 0x4c}, {0xac, 0x8e},
    {0xa7, 0xd0}, {0xa6, 0x12}, {0xa4, 0x54}, {0xa5, 0x96},
    {0xa0, 0xd8}, {0xa1, 0x1a}, {0xa3, 0x5c}, {0xa2, 0x9e},
    {0xb5, 0xe0}, {0xb4, 0x22}, {0xb6, 0x64}, {0xb7, 0xa6},
    {0xb2, 0xe8}, {0xb3, 0x2a}, {0xb1, 0x6c}, {0xb0, 0xae},
    {0xbb, 0xf0}, {0xba, 0x32}, {0xb8, 0x74}, {0xb9, 0xb6},
    {0xbc, 0xf8}, {0xbd, 0x3a}, {0xbf, 0x7c}, {0xbe, 0xbe} };
 static void GMULT(byte *x, byte m[256][AES_BLOCK_SIZE])
 {
    int i, j;
    byte Z[AES_BLOCK_SIZE];
    byte a;
    XMEMSET(Z, 0, sizeof(Z));
    for (i = 15; i > 0; i--) {
        xorbuf(Z, m[x[i]], AES_BLOCK_SIZE);
        a = Z[15];
        for (j = 15; j > 0; j--) {
            Z[j] = Z[j-1];
        }
        Z[0] = R[a][0];
        Z[1] ^= R[a][1];
    }
    xorbuf(Z, m[x[0]], AES_BLOCK_SIZE);
    XMEMCPY(x, Z, AES_BLOCK_SIZE);
 }
 static void GHASH(Aes* aes, const byte* a, word32 aSz,
                                const byte* c, word32 cSz, byte* s, word32 sSz)
 {
    byte x[AES_BLOCK_SIZE];
    byte scratch[AES_BLOCK_SIZE];
    word32 blocks, partial;
    XMEMSET(x, 0, AES_BLOCK_SIZE);
    /* Hash in A, the Additional Authentication Data */
    if (aSz != 0 && a != NULL) {
        blocks = aSz / AES_BLOCK_SIZE;
        partial = aSz % AES_BLOCK_SIZE;
        while (blocks--) {
            xorbuf(x, a, AES_BLOCK_SIZE);
            GMULT(x, aes->M0);
            a += AES_BLOCK_SIZE;
        }
        if (partial != 0) {
            XMEMSET(scratch, 0, AES_BLOCK_SIZE);
            XMEMCPY(scratch, a, partial);
            xorbuf(x, scratch, AES_BLOCK_SIZE);
            GMULT(x, aes->M0);
        }
    }
    /* Hash in C, the Ciphertext */
    if (cSz != 0 && c != NULL) {
        blocks = cSz / AES_BLOCK_SIZE;
        partial = cSz % AES_BLOCK_SIZE;
        while (blocks--) {
            xorbuf(x, c, AES_BLOCK_SIZE);
            GMULT(x, aes->M0);
            c += AES_BLOCK_SIZE;
        }
        if (partial != 0) {
            XMEMSET(scratch, 0, AES_BLOCK_SIZE);
            XMEMCPY(scratch, c, partial);
            xorbuf(x, scratch, AES_BLOCK_SIZE);
            GMULT(x, aes->M0);
        }
    }
    /* Hash in the lengths of A and C in bits */
    FlattenSzInBits(&scratch[0], aSz);
    FlattenSzInBits(&scratch[8], cSz);
    xorbuf(x, scratch, AES_BLOCK_SIZE);
    GMULT(x, aes->M0);
    /* Copy the result into s. */
    XMEMCPY(s, x, sSz);
 }
 /* end GCM_TABLE */
 #elif defined(WORD64_AVAILABLE) && !defined(GCM_WORD32)
 static void GMULT(word64* X, word64* Y)
 {
    word64 Z[2] = {0,0};
    word64 V[2] = {X[0], X[1]};
    int i, j;
    for (i = 0; i < 2; i++)
    {
        word64 y = Y[i];
        for (j = 0; j < 64; j++)
        {
            if (y & 0x8000000000000000) {
                Z[0] ^= V[0];
                Z[1] ^= V[1];
            }
            if (V[1] & 0x0000000000000001) {
                V[1] >>= 1;
                V[1] |= ((V[0] & 0x0000000000000001) ? 0x8000000000000000 : 0);
                V[0] >>= 1;
                V[0] ^= 0xE100000000000000;
            }
            else {
                V[1] >>= 1;
                V[1] |= ((V[0] & 0x0000000000000001) ? 0x8000000000000000 : 0);
                V[0] >>= 1;
            }
            y <<= 1;
        }
    }
    X[0] = Z[0];
    X[1] = Z[1];
 }
 static void GHASH(Aes* aes, const byte* a, word32 aSz,
                                const byte* c, word32 cSz, byte* s, word32 sSz)
 {
    word64 x[2] = {0,0};
    word32 blocks, partial;
    word64 bigH[2];
    XMEMCPY(bigH, aes->H, AES_BLOCK_SIZE);
    #ifdef LITTLE_ENDIAN_ORDER
        ByteReverseWords64(bigH, bigH, AES_BLOCK_SIZE); 
    #endif
    /* Hash in A, the Additional Authentication Data */
    if (aSz != 0 && a != NULL) {
        word64 bigA[2];
        blocks = aSz / AES_BLOCK_SIZE;
        partial = aSz % AES_BLOCK_SIZE;
        while (blocks--) {
            XMEMCPY(bigA, a, AES_BLOCK_SIZE);
            #ifdef LITTLE_ENDIAN_ORDER
                ByteReverseWords64(bigA, bigA, AES_BLOCK_SIZE);
            #endif
            x[0] ^= bigA[0];
            x[1] ^= bigA[1];
            GMULT(x, bigH);
            a += AES_BLOCK_SIZE;
        }
        if (partial != 0) {
            XMEMSET(bigA, 0, AES_BLOCK_SIZE);
            XMEMCPY(bigA, a, partial);
            #ifdef LITTLE_ENDIAN_ORDER
                ByteReverseWords64(bigA, bigA, AES_BLOCK_SIZE);
            #endif
            x[0] ^= bigA[0];
            x[1] ^= bigA[1];
            GMULT(x, bigH);
        }
    }
    /* Hash in C, the Ciphertext */
    if (cSz != 0 && c != NULL) {
        word64 bigC[2];
        blocks = cSz / AES_BLOCK_SIZE;
        partial = cSz % AES_BLOCK_SIZE;
        while (blocks--) {
            XMEMCPY(bigC, c, AES_BLOCK_SIZE);
            #ifdef LITTLE_ENDIAN_ORDER
                ByteReverseWords64(bigC, bigC, AES_BLOCK_SIZE);
            #endif
            x[0] ^= bigC[0];
            x[1] ^= bigC[1];
            GMULT(x, bigH);
            c += AES_BLOCK_SIZE;
        }
        if (partial != 0) {
            XMEMSET(bigC, 0, AES_BLOCK_SIZE);
            XMEMCPY(bigC, c, partial);
            #ifdef LITTLE_ENDIAN_ORDER
                ByteReverseWords64(bigC, bigC, AES_BLOCK_SIZE);
            #endif
            x[0] ^= bigC[0];
            x[1] ^= bigC[1];
            GMULT(x, bigH);
        }
    }
    /* Hash in the lengths in bits of A and C */
    {
        word64 len[2] = {aSz, cSz};
        /* Lengths are in bytes. Convert to bits. */
        len[0] *= 8;
        len[1] *= 8;
        x[0] ^= len[0];
        x[1] ^= len[1];
        GMULT(x, bigH);
    }
    #ifdef LITTLE_ENDIAN_ORDER
        ByteReverseWords64(x, x, AES_BLOCK_SIZE);
    #endif
    XMEMCPY(s, x, sSz);
 }
 /* end defined(WORD64_AVAILABLE) && !defined(GCM_WORD32) */
 #else /* GCM_WORD32 */
 static void GMULT(word32* X, word32* Y)
 {
    word32 Z[4] = {0,0,0,0};
    word32 V[4] = {X[0], X[1], X[2], X[3]};
    int i, j;
    for (i = 0; i < 4; i++)
    {
        word32 y = Y[i];
        for (j = 0; j < 32; j++)
        {
            if (y & 0x80000000) {
                Z[0] ^= V[0];
                Z[1] ^= V[1];
                Z[2] ^= V[2];
                Z[3] ^= V[3];
            }
            if (V[3] & 0x00000001) {
                V[3] >>= 1;
                V[3] |= ((V[2] & 0x00000001) ? 0x80000000 : 0);
                V[2] >>= 1;
                V[2] |= ((V[1] & 0x00000001) ? 0x80000000 : 0);
                V[1] >>= 1;
                V[1] |= ((V[0] & 0x00000001) ? 0x80000000 : 0);
                V[0] >>= 1;
                V[0] ^= 0xE1000000;
            } else {
                V[3] >>= 1;
                V[3] |= ((V[2] & 0x00000001) ? 0x80000000 : 0);
                V[2] >>= 1;
                V[2] |= ((V[1] & 0x00000001) ? 0x80000000 : 0);
                V[1] >>= 1;
                V[1] |= ((V[0] & 0x00000001) ? 0x80000000 : 0);
                V[0] >>= 1;
            }
            y <<= 1;
        }
    }
    X[0] = Z[0];
    X[1] = Z[1];
    X[2] = Z[2];
    X[3] = Z[3];
 }
 static void GHASH(Aes* aes, const byte* a, word32 aSz,
                                const byte* c, word32 cSz, byte* s, word32 sSz)
 {
    word32 x[4] = {0,0,0,0};
    word32 blocks, partial;
    word32 bigH[4];
    XMEMCPY(bigH, aes->H, AES_BLOCK_SIZE);
    #ifdef LITTLE_ENDIAN_ORDER
        ByteReverseWords(bigH, bigH, AES_BLOCK_SIZE); 
    #endif
    /* Hash in A, the Additional Authentication Data */
    if (aSz != 0 && a != NULL) {
        word32 bigA[4];
        blocks = aSz / AES_BLOCK_SIZE;
        partial = aSz % AES_BLOCK_SIZE;
        while (blocks--) {
            XMEMCPY(bigA, a, AES_BLOCK_SIZE);
            #ifdef LITTLE_ENDIAN_ORDER
                ByteReverseWords(bigA, bigA, AES_BLOCK_SIZE);
            #endif
            x[0] ^= bigA[0];
            x[1] ^= bigA[1];
            x[2] ^= bigA[2];
            x[3] ^= bigA[3];
            GMULT(x, bigH);
            a += AES_BLOCK_SIZE;
        }
        if (partial != 0) {
            XMEMSET(bigA, 0, AES_BLOCK_SIZE);
            XMEMCPY(bigA, a, partial);
            #ifdef LITTLE_ENDIAN_ORDER
                ByteReverseWords(bigA, bigA, AES_BLOCK_SIZE);
            #endif
            x[0] ^= bigA[0];
            x[1] ^= bigA[1];
            x[2] ^= bigA[2];
            x[3] ^= bigA[3];
            GMULT(x, bigH);
        }
    }
    /* Hash in C, the Ciphertext */
    if (cSz != 0 && c != NULL) {
        word32 bigC[4];
        blocks = cSz / AES_BLOCK_SIZE;
        partial = cSz % AES_BLOCK_SIZE;
        while (blocks--) {
            XMEMCPY(bigC, c, AES_BLOCK_SIZE);
            #ifdef LITTLE_ENDIAN_ORDER
                ByteReverseWords(bigC, bigC, AES_BLOCK_SIZE);
            #endif
            x[0] ^= bigC[0];
            x[1] ^= bigC[1];
            x[2] ^= bigC[2];
            x[3] ^= bigC[3];
            GMULT(x, bigH);
            c += AES_BLOCK_SIZE;
        }
        if (partial != 0) {
            XMEMSET(bigC, 0, AES_BLOCK_SIZE);
            XMEMCPY(bigC, c, partial);
            #ifdef LITTLE_ENDIAN_ORDER
                ByteReverseWords(bigC, bigC, AES_BLOCK_SIZE);
            #endif
            x[0] ^= bigC[0];
            x[1] ^= bigC[1];
            x[2] ^= bigC[2];
            x[3] ^= bigC[3];
            GMULT(x, bigH);
        }
    }
    /* Hash in the lengths in bits of A and C */
    {
        word32 len[4];
        /* Lengths are in bytes. Convert to bits. */
        len[0] = (aSz >> (8*sizeof(aSz) - 3));
        len[1] = aSz << 3;
        len[2] = (cSz >> (8*sizeof(cSz) - 3));
        len[3] = cSz << 3;
        x[0] ^= len[0];
        x[1] ^= len[1];
        x[2] ^= len[2];
        x[3] ^= len[3];
        GMULT(x, bigH);
    }
    #ifdef LITTLE_ENDIAN_ORDER
        ByteReverseWords(x, x, AES_BLOCK_SIZE);
    #endif
    XMEMCPY(s, x, sSz);
 }
 #endif /* end GCM_WORD32 */
 void AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
                   byte* authTag, word32 authTagSz,
                   const byte* authIn, word32 authInSz)
 {
    word32 blocks = sz / AES_BLOCK_SIZE;
    word32 partial = sz % AES_BLOCK_SIZE;
    const byte* p = in;
    byte* c = out;
    byte ctr[AES_BLOCK_SIZE];
    byte scratch[AES_BLOCK_SIZE];
    CYASSL_ENTER("AesGcmEncrypt");
    /* Initialize the counter with the MS 96 bits of IV, and the counter
     * portion set to "1". */
    XMEMCPY(ctr, aes->reg, AES_BLOCK_SIZE);
    InitGcmCounter(ctr);
    while (blocks--) {
        IncrementGcmCounter(ctr);
        AesEncrypt(aes, ctr, scratch);
        xorbuf(scratch, p, AES_BLOCK_SIZE);
        XMEMCPY(c, scratch, AES_BLOCK_SIZE);
        p += AES_BLOCK_SIZE;
        c += AES_BLOCK_SIZE;
    }
    if (partial != 0) {
        IncrementGcmCounter(ctr);
        AesEncrypt(aes, ctr, scratch);
        xorbuf(scratch, p, partial);
        XMEMCPY(c, scratch, partial);
    }
    GHASH(aes, authIn, authInSz, out, sz, authTag, authTagSz);
    InitGcmCounter(ctr);
    AesEncrypt(aes, ctr, scratch);
    xorbuf(authTag, scratch, authTagSz);
 }
 int  AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
                   const byte* authTag, word32 authTagSz,
                   const byte* authIn, word32 authInSz)
 {
    word32 blocks = sz / AES_BLOCK_SIZE;
    word32 partial = sz % AES_BLOCK_SIZE;
    const byte* c = in;
    byte* p = out;
    byte ctr[AES_BLOCK_SIZE];
    byte scratch[AES_BLOCK_SIZE];
    CYASSL_ENTER("AesGcmDecrypt");
    /* Initialize the counter with the MS 96 bits of IV, and the counter
     * portion set to "1". */
    XMEMCPY(ctr, aes->reg, AES_BLOCK_SIZE);
    InitGcmCounter(ctr);
    /* Calculate the authTag again using the received auth data and the
     * cipher text. */
    {
        byte Tprime[AES_BLOCK_SIZE];
        byte EKY0[AES_BLOCK_SIZE];
        GHASH(aes, authIn, authInSz, in, sz, Tprime, sizeof(Tprime));
        AesEncrypt(aes, ctr, EKY0);
        xorbuf(Tprime, EKY0, sizeof(Tprime));
        if (XMEMCMP(authTag, Tprime, authTagSz) != 0) {
            return AES_GCM_AUTH_E;
        }
    }
    while (blocks--) {
        IncrementGcmCounter(ctr);
        AesEncrypt(aes, ctr, scratch);
        xorbuf(scratch, c, AES_BLOCK_SIZE);
        XMEMCPY(p, scratch, AES_BLOCK_SIZE);
        p += AES_BLOCK_SIZE;
        c += AES_BLOCK_SIZE;
    }
    if (partial != 0) {
        IncrementGcmCounter(ctr);
        AesEncrypt(aes, ctr, scratch);
        xorbuf(scratch, c, partial);
        XMEMCPY(p, scratch, partial);
    }
    return 0;
 }
 #endif /* HAVE_AESGCM */
 #endif /* NO_AES */
--- a/FreeRTOS-Plus/CyaSSL/ctaocrypt/src/asn.c
+++ b/FreeRTOS-Plus/CyaSSL/ctaocrypt/src/asn.c
--- a/FreeRTOS-Plus/CyaSSL/ctaocrypt/src/coding.c
+++ b/FreeRTOS-Plus/CyaSSL/ctaocrypt/src/coding.c
@ -54,6 +54,7 @@ int Base64_Decode(const byte* in, word32 inLen, byte* out, word32* outLen)
    word32 i = 0;
    word32 j = 0;
    word32 plainSz = inLen - ((inLen + (PEM_LINE_SZ - 1)) / PEM_LINE_SZ );
    const byte maxIdx = (byte)sizeof(base64Decode) + 0x2B - 1;
    plainSz = (plainSz * 3 + 3) / 4;
    if (plainSz > *outLen) return BAD_FUNC_ARG;
@ -75,6 +76,16 @@ int Base64_Decode(const byte* in, word32 inLen, byte* out, word32* outLen)
        if (e4 == PAD)
            pad4 = 1;
        if (e1 < 0x2B || e2 < 0x2B || e3 < 0x2B || e4 < 0x2B) {
            CYASSL_MSG("Bad Base64 Decode data, too small");
            return ASN_INPUT_E;
        }
        if (e1 > maxIdx || e2 > maxIdx || e3 > maxIdx || e4 > maxIdx) {
            CYASSL_MSG("Bad Base64 Decode data, too big");
            return ASN_INPUT_E;
        }
        e1 = base64Decode[e1 - 0x2B];
        e2 = base64Decode[e2 - 0x2B];
        e3 = (e3 == PAD) ? 0 : base64Decode[e3 - 0x2B];
--- a/FreeRTOS-Plus/CyaSSL/ctaocrypt/src/hmac.c
+++ b/FreeRTOS-Plus/CyaSSL/ctaocrypt/src/hmac.c
@ -34,7 +34,7 @@ static int InitHmac(Hmac* hmac, int type)
    hmac->innerHashKeyed = 0;
    hmac->macType = (byte)type;
-    if (!(type == MD5 || type == SHA || type == SHA256))
+    if (!(type == MD5 || type == SHA || type == SHA256 || type == SHA384))
        return BAD_FUNC_ARG;
    if (type == MD5)
@ -45,6 +45,10 @@ static int InitHmac(Hmac* hmac, int type)
    else if (type == SHA256)
        InitSha256(&hmac->hash.sha256);
 #endif
 #ifdef CYASSL_SHA384
    else if (type == SHA384)
        InitSha384(&hmac->hash.sha384);
 #endif
    return 0;
 }
@ -54,34 +58,60 @@ void HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length)
 {
    byte*  ip = (byte*) hmac->ipad;
    byte*  op = (byte*) hmac->opad;
-    word32 i;
+    word32 i, hmac_block_size = MD5_BLOCK_SIZE;
    InitHmac(hmac, type);
    if (length <= HMAC_BLOCK_SIZE)
        XMEMCPY(ip, key, length);
    else {
    if (hmac->macType == MD5) {
        if (length <= MD5_BLOCK_SIZE) {
            XMEMCPY(ip, key, length);
        }
        else {
            Md5Update(&hmac->hash.md5, key, length);
            Md5Final(&hmac->hash.md5, ip);
            length = MD5_DIGEST_SIZE;
        }
    }
    else if (hmac->macType == SHA) {
 		hmac_block_size = SHA_BLOCK_SIZE;
        if (length <= SHA_BLOCK_SIZE) {
            XMEMCPY(ip, key, length);
        }
        else {
            ShaUpdate(&hmac->hash.sha, key, length);
            ShaFinal(&hmac->hash.sha, ip);
            length = SHA_DIGEST_SIZE;
        }
    }
 #ifndef NO_SHA256
    else if (hmac->macType == SHA256) {
 		hmac_block_size = SHA256_BLOCK_SIZE;
        if (length <= SHA256_BLOCK_SIZE) {
            XMEMCPY(ip, key, length);
        }
        else {
            Sha256Update(&hmac->hash.sha256, key, length);
            Sha256Final(&hmac->hash.sha256, ip);
            length = SHA256_DIGEST_SIZE;
        }
 #endif
    }
-    XMEMSET(ip + length, 0, HMAC_BLOCK_SIZE - length);
+#endif
 #ifdef CYASSL_SHA384
    else if (hmac->macType == SHA384) {
        hmac_block_size = SHA384_BLOCK_SIZE;
        if (length <= SHA384_BLOCK_SIZE) {
            XMEMCPY(ip, key, length);
        }
        else {
            Sha384Update(&hmac->hash.sha384, key, length);
            Sha384Final(&hmac->hash.sha384, ip);
            length = SHA384_DIGEST_SIZE;
        }
    }
 #endif
    XMEMSET(ip + length, 0, hmac_block_size - length);
-    for(i = 0; i < HMAC_BLOCK_SIZE; i++) {
+    for(i = 0; i < hmac_block_size; i++) {
        op[i] = ip[i] ^ OPAD;
        ip[i] ^= IPAD;
    }
@ -91,12 +121,16 @@ void HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length)
 static void HmacKeyInnerHash(Hmac* hmac)
 {
    if (hmac->macType == MD5)
-        Md5Update(&hmac->hash.md5, (byte*) hmac->ipad, HMAC_BLOCK_SIZE);
+        Md5Update(&hmac->hash.md5, (byte*) hmac->ipad, MD5_BLOCK_SIZE);
    else if (hmac->macType == SHA)
-        ShaUpdate(&hmac->hash.sha, (byte*) hmac->ipad, HMAC_BLOCK_SIZE);
+        ShaUpdate(&hmac->hash.sha, (byte*) hmac->ipad, SHA_BLOCK_SIZE);
 #ifndef NO_SHA256
    else if (hmac->macType == SHA256)
-        Sha256Update(&hmac->hash.sha256, (byte*) hmac->ipad, HMAC_BLOCK_SIZE);
+        Sha256Update(&hmac->hash.sha256, (byte*) hmac->ipad, SHA256_BLOCK_SIZE);
 #endif
 #ifdef CYASSL_SHA384
    else if (hmac->macType == SHA384)
        Sha384Update(&hmac->hash.sha384, (byte*) hmac->ipad, SHA384_BLOCK_SIZE);
 #endif
    hmac->innerHashKeyed = 1;
@ -116,6 +150,10 @@ void HmacUpdate(Hmac* hmac, const byte* msg, word32 length)
    else if (hmac->macType == SHA256)
        Sha256Update(&hmac->hash.sha256, msg, length);
 #endif
 #ifdef CYASSL_SHA384
    else if (hmac->macType == SHA384)
        Sha384Update(&hmac->hash.sha384, msg, length);
 #endif
 }
@ -128,30 +166,41 @@ void HmacFinal(Hmac* hmac, byte* hash)
    if (hmac->macType == MD5) {
        Md5Final(&hmac->hash.md5, (byte*) hmac->innerHash);
-        Md5Update(&hmac->hash.md5, (byte*) hmac->opad, HMAC_BLOCK_SIZE);
+        Md5Update(&hmac->hash.md5, (byte*) hmac->opad, MD5_BLOCK_SIZE);
        Md5Update(&hmac->hash.md5, (byte*) hmac->innerHash, MD5_DIGEST_SIZE);
        Md5Final(&hmac->hash.md5, hash);
    }
-    else if (hmac->macType ==SHA) {
+    else if (hmac->macType == SHA) {
        ShaFinal(&hmac->hash.sha, (byte*) hmac->innerHash);
-        ShaUpdate(&hmac->hash.sha, (byte*) hmac->opad, HMAC_BLOCK_SIZE);
+        ShaUpdate(&hmac->hash.sha, (byte*) hmac->opad, SHA_BLOCK_SIZE);
        ShaUpdate(&hmac->hash.sha, (byte*) hmac->innerHash, SHA_DIGEST_SIZE);
        ShaFinal(&hmac->hash.sha, hash);
    }
 #ifndef NO_SHA256
-    else if (hmac->macType ==SHA256) {
+    else if (hmac->macType == SHA256) {
        Sha256Final(&hmac->hash.sha256, (byte*) hmac->innerHash);
-        Sha256Update(&hmac->hash.sha256, (byte*) hmac->opad, HMAC_BLOCK_SIZE);
+        Sha256Update(&hmac->hash.sha256, (byte*) hmac->opad, SHA256_BLOCK_SIZE);
        Sha256Update(&hmac->hash.sha256, (byte*) hmac->innerHash,
                     SHA256_DIGEST_SIZE);
        Sha256Final(&hmac->hash.sha256, hash);
    }
 #endif
 #ifdef CYASSL_SHA384
    else if (hmac->macType == SHA384) {
        Sha384Final(&hmac->hash.sha384, (byte*) hmac->innerHash);
        Sha384Update(&hmac->hash.sha384, (byte*) hmac->opad, SHA384_BLOCK_SIZE);
        Sha384Update(&hmac->hash.sha384, (byte*) hmac->innerHash,
                     SHA384_DIGEST_SIZE);
        Sha384Final(&hmac->hash.sha384, hash);
    }
 #endif
    hmac->innerHashKeyed = 0;
 }
--- a/FreeRTOS-Plus/CyaSSL/ctaocrypt/src/integer.c
+++ b/FreeRTOS-Plus/CyaSSL/ctaocrypt/src/integer.c
@ -2762,6 +2762,9 @@ int fast_s_mp_sqr (mp_int * a, mp_int * b)
    }
  }
  if (pa > MP_WARRAY)
    return MP_RANGE;  /* TAO range check */
 #ifdef CYASSL_SMALL_STACK
  W = (mp_digit*)XMALLOC(sizeof(mp_digit) * MP_WARRAY, 0, DYNAMIC_TYPE_BIGINT);
  if (W == NULL)    
@ -2878,6 +2881,8 @@ int fast_s_mp_mul_digs (mp_int * a, mp_int * b, mp_int * c, int digs)
  /* number of output digits to produce */
  pa = MIN(digs, a->used + b->used);
  if (pa > MP_WARRAY)
    return MP_RANGE;  /* TAO range check */
 #ifdef CYASSL_SMALL_STACK
  W = (mp_digit*)XMALLOC(sizeof(mp_digit) * MP_WARRAY, 0, DYNAMIC_TYPE_BIGINT);
@ -3598,6 +3603,9 @@ int fast_s_mp_mul_high_digs (mp_int * a, mp_int * b, mp_int * c, int digs)
    }
  }
  if (pa > MP_WARRAY)
    return MP_RANGE;  /* TAO range check */
 #ifdef CYASSL_SMALL_STACK
  W = (mp_digit*)XMALLOC(sizeof(mp_digit) * MP_WARRAY, 0, DYNAMIC_TYPE_BIGINT);
  if (W == NULL)    
--- a/FreeRTOS-Plus/CyaSSL/ctaocrypt/src/md2.c
+++ b/FreeRTOS-Plus/CyaSSL/ctaocrypt/src/md2.c
@ -0,0 +1,129 @@
 /* md2.c
 *
 * Copyright (C) 2006-2012 Sawtooth Consulting Ltd.
 *
 * This file is part of CyaSSL.
 *
 * CyaSSL is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * CyaSSL is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
 */
 #ifdef HAVE_CONFIG_H
    #include <config.h>
 #endif
 #ifdef CYASSL_MD2
 #include <cyassl/ctaocrypt/md2.h>
 #ifdef NO_INLINE
    #include <cyassl/ctaocrypt/misc.h>
 #else
    #include <ctaocrypt/src/misc.c>
 #endif
 void InitMd2(Md2* md2)
 {
    XMEMSET(md2->X, 0, MD2_X_SIZE);
    XMEMSET(md2->C, 0, MD2_BLOCK_SIZE);
    XMEMSET(md2->buffer, 0, MD2_BLOCK_SIZE);
    md2->count = 0;
 }
 void Md2Update(Md2* md2, const byte* data, word32 len)
 {
    static const byte S[256] = 
    {
        41, 46, 67, 201, 162, 216, 124, 1, 61, 54, 84, 161, 236, 240, 6,
        19, 98, 167, 5, 243, 192, 199, 115, 140, 152, 147, 43, 217, 188,
        76, 130, 202, 30, 155, 87, 60, 253, 212, 224, 22, 103, 66, 111, 24,
        138, 23, 229, 18, 190, 78, 196, 214, 218, 158, 222, 73, 160, 251,
        245, 142, 187, 47, 238, 122, 169, 104, 121, 145, 21, 178, 7, 63,
        148, 194, 16, 137, 11, 34, 95, 33, 128, 127, 93, 154, 90, 144, 50,
        39, 53, 62, 204, 231, 191, 247, 151, 3, 255, 25, 48, 179, 72, 165,
        181, 209, 215, 94, 146, 42, 172, 86, 170, 198, 79, 184, 56, 210,
        150, 164, 125, 182, 118, 252, 107, 226, 156, 116, 4, 241, 69, 157,
        112, 89, 100, 113, 135, 32, 134, 91, 207, 101, 230, 45, 168, 2, 27,
        96, 37, 173, 174, 176, 185, 246, 28, 70, 97, 105, 52, 64, 126, 15,
        85, 71, 163, 35, 221, 81, 175, 58, 195, 92, 249, 206, 186, 197,
        234, 38, 44, 83, 13, 110, 133, 40, 132, 9, 211, 223, 205, 244, 65,
        129, 77, 82, 106, 220, 55, 200, 108, 193, 171, 250, 36, 225, 123,
        8, 12, 189, 177, 74, 120, 136, 149, 139, 227, 99, 232, 109, 233,
        203, 213, 254, 59, 0, 29, 57, 242, 239, 183, 14, 102, 88, 208, 228,
        166, 119, 114, 248, 235, 117, 75, 10, 49, 68, 80, 180, 143, 237,
        31, 26, 219, 153, 141, 51, 159, 17, 131, 20
    };
    while (len) {
        word32 L = (MD2_PAD_SIZE - md2->count) < len ?
                   (MD2_PAD_SIZE - md2->count) : len;
        XMEMCPY(md2->buffer + md2->count, data, L);
        md2->count += L;
        data += L;
        len  -= L;
        if (md2->count == MD2_PAD_SIZE) {
            int  i;
            byte t;
            md2->count = 0;
            XMEMCPY(md2->X + MD2_PAD_SIZE, md2->buffer, MD2_PAD_SIZE);
            t = md2->C[15];
            for(i = 0; i < MD2_PAD_SIZE; i++) {
                md2->X[32 + i] = md2->X[MD2_PAD_SIZE + i] ^ md2->X[i];
                t = md2->C[i] ^= S[md2->buffer[i] ^ t];
            }
            t=0;
            for(i = 0; i < 18; i++) {
                int j;
                for(j = 0; j < MD2_X_SIZE; j += 8) {
                    t = md2->X[j+0] ^= S[t];
                    t = md2->X[j+1] ^= S[t];
                    t = md2->X[j+2] ^= S[t];
                    t = md2->X[j+3] ^= S[t];
                    t = md2->X[j+4] ^= S[t];
                    t = md2->X[j+5] ^= S[t];
                    t = md2->X[j+6] ^= S[t];
                    t = md2->X[j+7] ^= S[t];
                }
                t = (t + i) & 0xFF;
            }
        }
    }
 }
 void Md2Final(Md2* md2, byte* hash)
 {
    byte   padding[MD2_BLOCK_SIZE];
    word32 padLen = MD2_PAD_SIZE - md2->count;
    word32 i;
    for (i = 0; i < padLen; i++)
        padding[i] = (byte)padLen;
    Md2Update(md2, padding, padLen);
    Md2Update(md2, md2->C, MD2_BLOCK_SIZE);
    XMEMCPY(hash, md2->X, MD2_DIGEST_SIZE);
    InitMd2(md2);
 }
 #endif /* CYASSL_MD2 */
--- a/FreeRTOS-Plus/CyaSSL/ctaocrypt/test/test.c
+++ b/FreeRTOS-Plus/CyaSSL/ctaocrypt/test/test.c
@ -32,6 +32,7 @@
 #else
    #include <cyassl/ctaocrypt/asn_public.h>
 #endif
 #include <cyassl/ctaocrypt/md2.h>
 #include <cyassl/ctaocrypt/md5.h>
 #include <cyassl/ctaocrypt/md4.h>
 #include <cyassl/ctaocrypt/sha.h>
@ -86,6 +87,7 @@ typedef struct testVector {
    size_t outLen;
 } testVector;
 int  md2_test();
 int  md5_test();
 int  md4_test();
 int  sha_test();
@ -99,6 +101,7 @@ int  rabbit_test();
 int  des_test();
 int  des3_test();
 int  aes_test();
 int  aesgcm_test();
 int  rsa_test();
 int  dh_test();
 int  dsa_test();
@ -148,6 +151,13 @@ void ctaocrypt_test(void* args)
    else
        printf( "MD5      test passed!\n");
 #ifdef CYASSL_MD2
    if ( (ret = md2_test()) ) 
        err_sys("MD2      test failed!\n", ret);
    else
        printf( "MD2      test passed!\n");
 #endif
 #ifndef NO_MD4
    if ( (ret = md4_test()) ) 
        err_sys("MD4      test failed!\n", ret);
@ -233,6 +243,13 @@ void ctaocrypt_test(void* args)
        err_sys("AES      test failed!\n", ret);
    else
        printf( "AES      test passed!\n");
 #ifdef HAVE_AESGCM
    if ( (ret = aesgcm_test()) )
        err_sys("AES-GCM  test failed!\n", ret);
    else
        printf( "AES-GCM  test passed!\n");
 #endif
 #endif
    if ( (ret = random_test()) )
@ -301,6 +318,83 @@ void ctaocrypt_test(void* args)
 #endif /* NO_MAIN_DRIVER */
 #ifdef CYASSL_MD2
 int md2_test()
 {
    Md2  md2;
    byte hash[MD2_DIGEST_SIZE];
    testVector a, b, c, d, e, f, g;
    testVector test_md2[7];
    int times = sizeof(test_md2) / sizeof(testVector), i;
    a.input  = "";
    a.output = "\x83\x50\xe5\xa3\xe2\x4c\x15\x3d\xf2\x27\x5c\x9f\x80\x69"
               "\x27\x73";
    a.inLen  = strlen(a.input);
    a.outLen = strlen(a.output);
    b.input  = "a";
    b.output = "\x32\xec\x01\xec\x4a\x6d\xac\x72\xc0\xab\x96\xfb\x34\xc0"
               "\xb5\xd1";
    b.inLen  = strlen(b.input);
    b.outLen = strlen(b.output);
    c.input  = "abc";
    c.output = "\xda\x85\x3b\x0d\x3f\x88\xd9\x9b\x30\x28\x3a\x69\xe6\xde"
               "\xd6\xbb";
    c.inLen  = strlen(c.input);
    c.outLen = strlen(c.output);
    d.input  = "message digest";
    d.output = "\xab\x4f\x49\x6b\xfb\x2a\x53\x0b\x21\x9f\xf3\x30\x31\xfe"
               "\x06\xb0";
    d.inLen  = strlen(d.input);
    d.outLen = strlen(d.output);
    e.input  = "abcdefghijklmnopqrstuvwxyz";
    e.output = "\x4e\x8d\xdf\xf3\x65\x02\x92\xab\x5a\x41\x08\xc3\xaa\x47"
               "\x94\x0b";
    e.inLen  = strlen(e.input);
    e.outLen = strlen(e.output);
    f.input  = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz012345"
               "6789";
    f.output = "\xda\x33\xde\xf2\xa4\x2d\xf1\x39\x75\x35\x28\x46\xc3\x03"
               "\x38\xcd";
    f.inLen  = strlen(f.input);
    f.outLen = strlen(f.output);
    g.input  = "1234567890123456789012345678901234567890123456789012345678"
               "9012345678901234567890";
    g.output = "\xd5\x97\x6f\x79\xd8\x3d\x3a\x0d\xc9\x80\x6c\x3c\x66\xf3"
               "\xef\xd8";
    g.inLen  = strlen(g.input);
    g.outLen = strlen(g.output);
    test_md2[0] = a;
    test_md2[1] = b;
    test_md2[2] = c;
    test_md2[3] = d;
    test_md2[4] = e;
    test_md2[5] = f;
    test_md2[6] = g;
    InitMd2(&md2);
    for (i = 0; i < times; ++i) {
        Md2Update(&md2, (byte*)test_md2[i].input, (word32)test_md2[i].inLen);
        Md2Final(&md2, hash);
        if (memcmp(hash, test_md2[i].output, MD2_DIGEST_SIZE) != 0)
            return -155 - i;
    }
    return 0;
 }
 #endif 
 int md5_test()
 {
    Md5  md5;
@ -1146,6 +1240,99 @@ int aes_test()
    return 0;
 }
 #ifdef HAVE_AESGCM
 int aesgcm_test()
 {
    Aes enc;
    /*
     * This is Test Case 16 from the document Galois/
     * Counter Mode of Operation (GCM) by McGrew and
     * Viega.
     */
    const byte k[] =
    {
        0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
        0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
        0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
        0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
    };
    const byte iv[] =
    {
        0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
        0xde, 0xca, 0xf8, 0x88, 0x00, 0x00, 0x00, 0x00
    };
    const byte p[] =
    {
        0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
        0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
        0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
        0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
        0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
        0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
        0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
        0xba, 0x63, 0x7b, 0x39
    };
    const byte a[] =
    {
        0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
        0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
        0xab, 0xad, 0xda, 0xd2
    };
    const byte c[] =
    {
        0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07,
        0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d,
        0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
        0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa,
        0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d,
        0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
        0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a,
        0xbc, 0xc9, 0xf6, 0x62
    };
    const byte t[] =
    {
        0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68,
        0xcd, 0xdf, 0x88, 0x53, 0xbb, 0x2d, 0x55, 0x1b
    };
    byte t2[16];
    byte p2[60];
    byte c2[60];
    int result;
    memset(t2, 0, 16);
    memset(c2, 0, 60);
    memset(p2, 0, 60);
    AesGcmSetKey(&enc, k, sizeof(k), iv);
    AesGcmSetExpIV(&enc, iv + /*AES_GCM_IMP_IV_SZ*/ 4);
    /* AES-GCM encrypt and decrypt both use AES encrypt internally */
    AesGcmEncrypt(&enc, c2, p, sizeof(c2), t2, sizeof(t2), a, sizeof(a));
    if (memcmp(c, c2, sizeof(c2)))
        return -68;
    if (memcmp(t, t2, sizeof(t2)))
        return -69;
    result = AesGcmDecrypt(&enc,
                        p2, c2, sizeof(p2), t2, sizeof(t2), a, sizeof(a));
    if (result != 0)
        return -70;
    if (memcmp(p, p2, sizeof(p2)))
        return -71;
    return 0;
 }
 #endif /* HAVE_AESGCM */
 #endif /* NO_AES */
--- a/FreeRTOS-Plus/CyaSSL/cyassl/ctaocrypt/aes.h
+++ b/FreeRTOS-Plus/CyaSSL/cyassl/ctaocrypt/aes.h
@ -68,6 +68,14 @@ typedef struct Aes {
    ALIGN16 word32 reg[AES_BLOCK_SIZE / sizeof(word32)];      /* for CBC mode */
    ALIGN16 word32 tmp[AES_BLOCK_SIZE / sizeof(word32)];      /* same         */
 #ifdef HAVE_AESGCM
    ALIGN16 byte H[AES_BLOCK_SIZE];
 #ifdef GCM_TABLE
    /* key-based fast multiplication table. */
    ALIGN16 byte M0[256][AES_BLOCK_SIZE];
 #endif /* GCM_TABLE */
 #endif /* HAVE_AESGCM */
 } Aes;
@ -80,6 +88,20 @@ CYASSL_API void AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz);
 CYASSL_API void AesEncryptDirect(Aes* aes, byte* out, const byte* in);
 CYASSL_API void AesDecryptDirect(Aes* aes, byte* out, const byte* in);
 #ifdef HAVE_AESGCM
 CYASSL_API void AesGcmSetKey(Aes* aes, const byte* key, word32 len,
                              const byte* implicitIV);
 CYASSL_API void AesGcmSetExpIV(Aes* aes, const byte* iv);
 CYASSL_API void AesGcmGetExpIV(Aes* aes, byte* iv);
 CYASSL_API void AesGcmIncExpIV(Aes* aes);
 CYASSL_API void AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
                              byte* authTag, word32 authTagSz,
                              const byte* authIn, word32 authInSz);
 CYASSL_API int  AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
                              const byte* authTag, word32 authTagSz,
                              const byte* authIn, word32 authInSz);
 #endif /* HAVE_AESGCM */
 #ifdef __cplusplus
    } /* extern "C" */
--- a/FreeRTOS-Plus/CyaSSL/cyassl/ctaocrypt/asn.h
+++ b/FreeRTOS-Plus/CyaSSL/cyassl/ctaocrypt/asn.h
@ -61,6 +61,7 @@ enum ASN_Tags {
    ASN_SEQUENCE          = 0x10,
    ASN_SET               = 0x11,
    ASN_UTC_TIME          = 0x17,
    ASN_DNS_TYPE          = 0x02,
    ASN_GENERALIZED_TIME  = 0x18,
    CRL_EXTENSIONS        = 0xa0,
    ASN_EXTENSIONS        = 0xa3,
@ -138,6 +139,8 @@ enum Misc_ASN {
    #endif
                                   /* Max total extensions, id + len + others */
 #endif
    MAX_OCSP_EXT_SZ     = 58,      /* Max OCSP Extension length */
    MAX_OCSP_NONCE_SZ   = 18,      /* OCSP Nonce size           */
    MAX_PUBLIC_KEY_SZ   = MAX_NTRU_ENC_SZ + MAX_ALGO_SZ + MAX_SEQ_SZ * 2
                                   /* use bigger NTRU size */
 };
@ -198,6 +201,13 @@ enum VerifyType {
 };
 typedef struct DNS_entry   DNS_entry;
 struct DNS_entry {
    DNS_entry* next;   /* next on DNS list */
    char*      name;   /* actual DNS name */
 };
 typedef struct DecodedCert DecodedCert;
 typedef struct Signer      Signer;
@ -211,6 +221,7 @@ struct DecodedCert {
    word32  sigLength;               /* length of signature              */
    word32  signatureOID;            /* sum of algorithm object id       */
    word32  keyOID;                  /* sum of key algo  object id       */
    DNS_entry* altNames;             /* alt names list of dns entries    */
    byte    subjectHash[SHA_SIZE];   /* hash of all Names                */
    byte    issuerHash[SHA_SIZE];    /* hash of all Names                */
 #ifdef HAVE_OCSP
@ -219,6 +230,7 @@ struct DecodedCert {
    byte*   signature;               /* not owned, points into raw cert  */
    char*   subjectCN;               /* CommonName                       */
    int     subjectCNLen;
    int     subjectCNStored;         /* have we saved a copy we own      */
    char    issuer[ASN_NAME_MAX];    /* full name including common name  */
    char    subject[ASN_NAME_MAX];   /* full name including common name  */
    int     verify;                  /* Default to yes, but could be off */
@ -278,6 +290,7 @@ struct Signer {
    #define CYASSL_TEST_API CYASSL_LOCAL
 #endif
 CYASSL_TEST_API void FreeAltNames(DNS_entry*, void*);
 CYASSL_TEST_API void InitDecodedCert(DecodedCert*, byte*, word32, void*);
 CYASSL_TEST_API void FreeDecodedCert(DecodedCert*);
 CYASSL_TEST_API int  ParseCert(DecodedCert*, int type, int verify, void* cm);
@ -295,6 +308,7 @@ CYASSL_LOCAL void    FreeSigners(Signer*, void*);
 CYASSL_LOCAL int ToTraditional(byte* buffer, word32 length);
 CYASSL_LOCAL int ToTraditionalEnc(byte* buffer, word32 length,const char*, int);
 CYASSL_LOCAL int ValidateDate(const byte* date, byte format, int dateType);
 #ifdef HAVE_ECC
    /* ASN sig helpers */
@ -321,6 +335,10 @@ enum cert_enums {
 #endif /* CYASSL_CERT_GEN */
 /* for pointer use */
 typedef struct CertStatus CertStatus;
 #ifdef HAVE_OCSP
 enum Ocsp_Response_Status {
@ -341,47 +359,82 @@ enum Ocsp_Cert_Status {
 enum Ocsp_Sums {
-    OCSP_BASIC_OID = 117
+    OCSP_BASIC_OID = 117,
    OCSP_NONCE_OID = 118
 };
-#define STATUS_LIST_SIZE 5
+typedef struct OcspRequest  OcspRequest;
 typedef struct OcspResponse OcspResponse;
 struct CertStatus {
    CertStatus* next;
    byte serial[EXTERNAL_SERIAL_SIZE];
    int serialSz;
    int status;
    byte thisDate[MAX_DATE_SIZE];
    byte nextDate[MAX_DATE_SIZE];
    byte thisDateFormat;
    byte nextDateFormat;
 };
 struct OcspResponse {
    int     responseStatus;  /* return code from Responder */
-    word32  respBegin;       /* index to beginning of OCSP Response */
+    byte*   response;        /* Pointer to beginning of OCSP Response */
-    word32  respLength;      /* length of the OCSP Response */
+    word32  responseSz;      /* length of the OCSP Response */
-    int     version;         /* Response version number */
+    byte    producedDate[MAX_DATE_SIZE];
 							 /* Date at which this response was signed */
    byte    producedDateFormat; /* format of the producedDate */
    byte*   issuerHash;
    byte*   issuerKeyHash;
-    word32  sigIndex;        /* Index into source for start of sig */
+    byte*   cert;
-    word32  sigLength;       /* Length in octets for the sig */
+    word32  certSz;
    byte*   sig;             /* Pointer to sig in source */
    word32  sigSz;           /* Length in octets for the sig */
    word32  sigOID;          /* OID for hash used for sig */
-    int     certStatusCount; /* Count of certificate statuses, Note
+    CertStatus* status;      /* certificate status to fill out */
-                              * 1:1 correspondence between certStatus
+
-                              * and certSerialNumber */
+    byte*   nonce;           /* pointer to nonce inside ASN.1 response */
-    byte    certSN[STATUS_LIST_SIZE][EXTERNAL_SERIAL_SIZE];
+    int     nonceSz;         /* length of the nonce string */
    int     certSNsz[STATUS_LIST_SIZE];
                             /* Certificate serial number array. */
    word32  certStatus[STATUS_LIST_SIZE];
                             /* Certificate status array */
    byte*   source;          /* pointer to source buffer, not owned */
    word32  maxIdx;          /* max offset based on init size */
    void*   heap;            /* for user memory overrides */
 };
-CYASSL_LOCAL void InitOcspResponse(OcspResponse*, byte*, word32, void*);
+struct OcspRequest {
-CYASSL_LOCAL void FreeOcspResponse(OcspResponse*);
+    DecodedCert* cert;
    byte    nonce[MAX_OCSP_NONCE_SZ];
    int     nonceSz;
    byte*   issuerHash;      /* pointer to issuerHash in source cert */
    byte*   issuerKeyHash;   /* pointer to issuerKeyHash in source cert */
    byte*   serial;          /* pointer to serial number in source cert */
    int     serialSz;        /* length of the serial number */
    byte*   dest;            /* pointer to the destination ASN.1 buffer */
    word32  destSz;          /* length of the destination buffer */
 };
 CYASSL_LOCAL void InitOcspResponse(OcspResponse*, CertStatus*, byte*, word32);
 CYASSL_LOCAL int  OcspResponseDecode(OcspResponse*);
-CYASSL_LOCAL int  EncodeOcspRequest(DecodedCert*, byte*, word32);
+
 CYASSL_LOCAL void InitOcspRequest(OcspRequest*, DecodedCert*, byte*, word32);
 CYASSL_LOCAL int  EncodeOcspRequest(OcspRequest*);
 CYASSL_LOCAL int  CompareOcspReqResp(OcspRequest*, OcspResponse*);
 #endif /* HAVE_OCSP */
@ -410,12 +463,14 @@ struct DecodedCRL {
    byte    crlHash[MD5_DIGEST_SIZE];     /* raw crl data hash           */ 
    byte    lastDate[MAX_DATE_SIZE]; /* last date updated  */
    byte    nextDate[MAX_DATE_SIZE]; /* next update date   */
    byte    lastDateFormat;          /* format of last date */
    byte    nextDateFormat;          /* format of next date */
    RevokedCert* certs;              /* revoked cert list  */
    int          totalCerts;         /* number on list     */
 };
 CYASSL_LOCAL void InitDecodedCRL(DecodedCRL*);
-CYASSL_LOCAL int  ParseCRL(DecodedCRL*, const byte* buff, long sz);
+CYASSL_LOCAL int  ParseCRL(DecodedCRL*, const byte* buff, long sz, void* cm);
 CYASSL_LOCAL void FreeDecodedCRL(DecodedCRL*);
--- a/FreeRTOS-Plus/CyaSSL/cyassl/ctaocrypt/error.h
+++ b/FreeRTOS-Plus/CyaSSL/cyassl/ctaocrypt/error.h
@ -98,6 +98,8 @@ enum {
    NO_PASSWORD        = -176,  /* no password provided by user */
    ALT_NAME_E         = -177,  /* alt name size problem, too big */
    AES_GCM_AUTH_E     = -180,  /* AES-GCM Authentication check failure */
    MIN_CODE_E         = -200   /* errors -101 - -199 */
 };
--- a/FreeRTOS-Plus/CyaSSL/cyassl/ctaocrypt/hmac.h
+++ b/FreeRTOS-Plus/CyaSSL/cyassl/ctaocrypt/hmac.h
@ -32,6 +32,10 @@
    #include <cyassl/ctaocrypt/sha256.h>
 #endif
 #ifdef CYASSL_SHA384
    #include <cyassl/ctaocrypt/sha512.h>
 #endif
 #ifdef __cplusplus
    extern "C" {
 #endif
@ -40,13 +44,19 @@
 enum {
    IPAD    = 0x36,
    OPAD    = 0x5C,
-#ifndef NO_SHA256
+#if defined(CYASSL_SHA384)
    INNER_HASH_SIZE = SHA384_DIGEST_SIZE,
    HMAC_BLOCK_SIZE = SHA384_BLOCK_SIZE
 #elif !defined(NO_SHA256)
    INNER_HASH_SIZE = SHA256_DIGEST_SIZE,
    HMAC_BLOCK_SIZE = SHA256_BLOCK_SIZE,
    SHA384          = 5
 #else
    INNER_HASH_SIZE = SHA_DIGEST_SIZE,
    HMAC_BLOCK_SIZE = SHA_BLOCK_SIZE,
    SHA256          = 2,                     /* hash type unique */
    SHA384          = 5
 #endif
    HMAC_BLOCK_SIZE = MD5_BLOCK_SIZE
 };
@ -57,6 +67,9 @@ typedef union {
    #ifndef NO_SHA256
        Sha256 sha256;
    #endif
    #ifdef CYASSL_SHA384
        Sha384 sha384;
    #endif
 } Hash;
 /* Hmac digest */
--- a/FreeRTOS-Plus/CyaSSL/cyassl/ctaocrypt/include.am
+++ b/FreeRTOS-Plus/CyaSSL/cyassl/ctaocrypt/include.am
@ -15,6 +15,7 @@ nobase_include_HEADERS+= \
                         cyassl/ctaocrypt/hc128.h \
                         cyassl/ctaocrypt/hmac.h \
                         cyassl/ctaocrypt/integer.h \
                         cyassl/ctaocrypt/md2.h \
                         cyassl/ctaocrypt/md4.h \
                         cyassl/ctaocrypt/md5.h \
                         cyassl/ctaocrypt/misc.h \
--- a/FreeRTOS-Plus/CyaSSL/cyassl/ctaocrypt/md2.h
+++ b/FreeRTOS-Plus/CyaSSL/cyassl/ctaocrypt/md2.h
@ -0,0 +1,64 @@
 /* md2.h
 *
 * Copyright (C) 2006-2012 Sawtooth Consulting Ltd.
 *
 * This file is part of CyaSSL.
 *
 * CyaSSL is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * CyaSSL is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
 */
 #ifdef CYASSL_MD2
 #ifndef CTAO_CRYPT_MD2_H
 #define CTAO_CRYPT_MD2_H
 #include <cyassl/ctaocrypt/types.h>
 #ifdef __cplusplus
    extern "C" {
 #endif
 /* in bytes */
 enum {
    MD2             =  6,    /* hash type unique */
    MD2_BLOCK_SIZE  = 16,
    MD2_DIGEST_SIZE = 16,
    MD2_PAD_SIZE    = 16,
    MD2_X_SIZE      = 48
 };
 /* Md2 digest */
 typedef struct Md2 {
    word32  count;   /* bytes % PAD_SIZE  */
    byte    X[MD2_X_SIZE];
    byte    C[MD2_BLOCK_SIZE];
    byte    buffer[MD2_BLOCK_SIZE];
 } Md2;
 CYASSL_API void InitMd2(Md2*);
 CYASSL_API void Md2Update(Md2*, const byte*, word32);
 CYASSL_API void Md2Final(Md2*, byte*);
 #ifdef __cplusplus
    } /* extern "C" */
 #endif
 #endif /* CTAO_CRYPT_MD2_H */
 #endif /* CYASSL_MD2 */
--- a/FreeRTOS-Plus/CyaSSL/cyassl/ctaocrypt/misc.h
+++ b/FreeRTOS-Plus/CyaSSL/cyassl/ctaocrypt/misc.h
@ -49,6 +49,19 @@ CYASSL_LOCAL
 void XorWords(word*, const word*, word32);
 CYASSL_LOCAL
 void xorbuf(byte*, const byte*, word32);
 #ifdef WORD64_AVAILABLE
 CYASSL_LOCAL
 word64 rotlFixed64(word64, word64);
 CYASSL_LOCAL
 word64 rotrFixed64(word64, word64);
 CYASSL_LOCAL
 word64 ByteReverseWord64(word64);
 CYASSL_LOCAL
 void   ByteReverseWords64(word64*, const word64*, word32);
 #endif /* WORD64_AVAILABLE */
 #endif /* NO_INLINE */
--- a/FreeRTOS-Plus/CyaSSL/cyassl/ctaocrypt/settings.h
+++ b/FreeRTOS-Plus/CyaSSL/cyassl/ctaocrypt/settings.h
@ -85,17 +85,22 @@
    #define NO_HC128
 #endif /* MBED */
 #ifdef FREERTOS_WINSIM
    #define FREERTOS
    #define USE_WINDOWS_API
 #endif
 #ifdef FREERTOS
    #define NO_WRITEV
    #define NO_SHA512
    #define NO_DH
    #define NO_DSA
    #define NO_HC128
 #endif
-#ifdef FREERTOS_WINSIM
+    #ifndef SINGLE_THREADED
-    #define FREERTOS
+        #include "FreeRTOS.h"
-    #define USE_WINDOWS_API
+        #include "semphr.h"
    #endif
 #endif
 #ifdef CYASSL_GAME_BUILD
--- a/FreeRTOS-Plus/CyaSSL/cyassl/ctaocrypt/types.h
+++ b/FreeRTOS-Plus/CyaSSL/cyassl/ctaocrypt/types.h
@ -157,6 +157,8 @@ enum {
 #ifndef STRING_USER
    #include <string.h>
    char* mystrnstr(const char* s1, const char* s2, unsigned int n);
    #define XMEMCPY(d,s,l)    memcpy((d),(s),(l))
    #define XMEMSET(b,c,l)    memset((b),(c),(l))
    #define XMEMCMP(s1,s2,n)  memcmp((s1),(s2),(n))
@ -167,6 +169,7 @@ enum {
    /* strstr, strncmp, and strncat only used by CyaSSL proper, not required for
       CTaoCrypt only */
    #define XSTRSTR(s1,s2)    strstr((s1),(s2))
    #define XSTRNSTR(s1,s2,n) mystrnstr((s1),(s2),(n))
    #define XSTRNCMP(s1,s2,n) strncmp((s1),(s2),(n))
    #define XSTRNCAT(s1,s2,n) strncat((s1),(s2),(n))
 #endif
@ -205,7 +208,11 @@ enum {
    DYNAMIC_TYPE_CRL        = 22,
    DYNAMIC_TYPE_REVOKED    = 23,
    DYNAMIC_TYPE_CRL_ENTRY  = 24,
-    DYNAMIC_TYPE_CERT_MANAGER = 25
+    DYNAMIC_TYPE_CERT_MANAGER = 25,
    DYNAMIC_TYPE_CRL_MONITOR  = 26,
    DYNAMIC_TYPE_OCSP_STATUS  = 27,
    DYNAMIC_TYPE_OCSP_ENTRY   = 28,
    DYNAMIC_TYPE_ALTNAME      = 29
 };
 /* stack protection */
--- a/FreeRTOS-Plus/CyaSSL/cyassl/error.h
+++ b/FreeRTOS-Plus/CyaSSL/cyassl/error.h
@ -92,14 +92,21 @@ enum CyaSSL_ErrorCodes {
    NOT_CA_ERROR           = -257,            /* Not a CA cert error */
    BAD_PATH_ERROR         = -258,            /* Bad path for opendir */
    BAD_CERT_MANAGER_ERROR = -259,            /* Bad Cert Manager */
-    OCSP_CERT_REVOKED      = -260,
+    OCSP_CERT_REVOKED      = -260,            /* OCSP Certificate revoked */
    CRL_CERT_REVOKED       = -261,            /* CRL Certificate revoked */
    CRL_MISSING            = -262,            /* CRL Not loaded */
    MONITOR_RUNNING_E      = -263,            /* CRL Monitor already running */
    THREAD_CREATE_E        = -264,            /* Thread Create Error */
    OCSP_NEED_URL          = -265,            /* OCSP need an URL for lookup */
    OCSP_CERT_UNKNOWN      = -266,            /* OCSP responder doesn't know */
    OCSP_LOOKUP_FAIL       = -267,            /* OCSP lookup not successful */
    MAX_CHAIN_ERROR        = -268,            /* max chain depth exceeded */
    COOKIE_ERROR           = -269,            /* dtls cookie error */
    /* add strings to SetErrorString !!!!! */
    /* begin negotiation parameter errors */
-    UNSUPPORTED_SUITE      = -270,            /* unsupported cipher suite */
+    UNSUPPORTED_SUITE      = -290,            /* unsupported cipher suite */
-    MATCH_SUITE_ERROR      = -271             /* can't match cipher suite */
+    MATCH_SUITE_ERROR      = -291             /* can't match cipher suite */
    /* end negotiation parameter errors only 10 for now */
    /* add strings to SetErrorString !!!!! */
 };
--- a/FreeRTOS-Plus/CyaSSL/cyassl/internal.h
+++ b/FreeRTOS-Plus/CyaSSL/cyassl/internal.h
@ -44,6 +44,9 @@
 #ifdef HAVE_OCSP
    #include <cyassl/ocsp.h>
 #endif
 #ifdef CYASSL_SHA512
    #include <cyassl/ctaocrypt/sha512.h>
 #endif
 #ifdef CYASSL_CALLBACKS
    #include <cyassl/openssl/cyassl_callbacks.h>
@ -59,10 +62,6 @@
            #include <winsock2.h>
        #endif
        #include <windows.h>
        #if defined(FREERTOS_WINSIM) && !defined(SINGLE_THREADED)
            #include "FreeRTOS.h"
            #include "semphr.h"
        #endif
    #endif
 #elif defined(THREADX)
    #ifndef SINGLE_THREADED
@ -71,10 +70,7 @@
 #elif defined(MICRIUM)
    /* do nothing, just don't pick Unix */
 #elif defined(FREERTOS)
-    #ifndef SINGLE_THREADED
+    /* do nothing */
 		#include "FreeRTOS.h"
 		#include "semphr.h"
    #endif
 #else
    #ifndef SINGLE_THREADED
        #define CYASSL_PTHREADS
@ -156,6 +152,10 @@ void c32to24(word32 in, word24 out);
        #define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256
        #define BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256
    #endif
    #if defined (HAVE_AESGCM)
        #define BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256
        #define BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384
    #endif
 #endif
 #if !defined(NO_HC128) && !defined(NO_TLS)
@ -173,6 +173,10 @@ void c32to24(word32 in, word24 out);
    #if !defined (NO_SHA256)
        #define BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
        #define BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
        #if defined (HAVE_AESGCM)
            #define BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
            #define BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
        #endif
    #endif
 #endif
@ -187,6 +191,18 @@ void c32to24(word32 in, word24 out);
        #define BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
        #define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
        #define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
        #if defined (HAVE_AESGCM)
            #define BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
            #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
            #define BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
            #define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
            #define BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
            #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
            #define BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
            #define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
        #endif
    #endif
    #if !defined(NO_RC4)
        #define BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA
@ -219,6 +235,10 @@ void c32to24(word32 in, word24 out);
    #define BUILD_AES
 #endif
 #if defined(BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256)
    #define BUILD_AESGCM
 #endif
 #if defined(BUILD_TLS_RSA_WITH_HC_128_CBC_SHA) || \
    defined(BUILD_TLS_RSA_WITH_HC_128_CBC_MD5)
    #define BUILD_HC128
@ -284,7 +304,23 @@ enum {
    TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 = 0x6b,
    TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 = 0x67,
    TLS_RSA_WITH_AES_256_CBC_SHA256     = 0x3d,
-    TLS_RSA_WITH_AES_128_CBC_SHA256     = 0x3c
+    TLS_RSA_WITH_AES_128_CBC_SHA256     = 0x3c,
    /* AES-GCM */
    TLS_RSA_WITH_AES_128_GCM_SHA256          = 0x9c,
    TLS_RSA_WITH_AES_256_GCM_SHA384          = 0x9d,
    TLS_DHE_RSA_WITH_AES_128_GCM_SHA256      = 0x9e,
    TLS_DHE_RSA_WITH_AES_256_GCM_SHA384      = 0x9f,
    /* ECC AES-GCM, first byte is 0xC0 (ECC_BYTE) */
    TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256  = 0x2b,
    TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384  = 0x2c,
    TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256   = 0x2d,
    TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384   = 0x2e,
    TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256    = 0x2f,
    TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384    = 0x30,
    TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256     = 0x31,
    TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384     = 0x32
 };
@ -306,12 +342,15 @@ enum Misc {
    TLSv1_2_MINOR   = 3,        /* TLSv1_2 minor version number */
    NO_COMPRESSION  =  0,
    ZLIB_COMPRESSION = 221,     /* CyaSSL zlib compression */
    HELLO_EXT_SIG_ALGO = 13,    /* ID for the sig_algo hello extension */
    SECRET_LEN      = 48,       /* pre RSA and all master */
    ENCRYPT_LEN     = 512,      /* allow 4096 bit static buffer */
    SIZEOF_SENDER   =  4,       /* clnt or srvr           */
    FINISHED_SZ     = MD5_DIGEST_SIZE + SHA_DIGEST_SIZE,
    MAX_RECORD_SIZE = 16384,    /* 2^14, max size by standard */
-    MAX_MSG_EXTRA   = 68,       /* max added to msg, mac + pad */
+    MAX_MSG_EXTRA   = 70,       /* max added to msg, mac + pad  from */
                                /* RECORD_HEADER_SZ + BLOCK_SZ (pad) + SHA_256
                                   digest sz + BLOC_SZ (iv) + pad byte (1) */
    MAX_COMP_EXTRA  = 1024,     /* max compression extra */
    MAX_MTU         = 1500,     /* max expected MTU */
    MAX_UDP_SIZE    = MAX_MTU - 100,   /* don't exceed MTU w/ 100 byte header */
@ -335,6 +374,7 @@ enum Misc {
    SEED_LEN     = RAN_LEN * 2, /* tls prf seed length    */
    ID_LEN       = 32,         /* session id length       */
    MAX_COOKIE_LEN = 32,       /* max dtls cookie size    */
    COOKIE_SZ    = 20,         /* use a 20 byte cookie    */
    SUITE_LEN    =  2,         /* cipher suite sz length  */
    ENUM_LEN     =  1,         /* always a byte           */
    COMP_LEN     =  1,         /* compression length      */
@ -345,6 +385,10 @@ enum Misc {
    CERT_HEADER_SZ      = 3,   /* always 3 bytes          */
    REQ_HEADER_SZ       = 2,   /* cert request header sz  */
    HINT_LEN_SZ         = 2,   /* length of hint size field */
    HELLO_EXT_SZ        = 14,  /* total length of the lazy hello extensions */
    HELLO_EXT_LEN       = 12,  /* length of the lazy hello extensions */
    HELLO_EXT_SIGALGO_SZ  = 8, /* length of signature algo extension  */
    HELLO_EXT_SIGALGO_LEN = 6, /* number of items in the signature algo list */
    DTLS_HANDSHAKE_HEADER_SZ = 12, /* normal + seq(2) + offset(3) + length(3) */
    DTLS_RECORD_HEADER_SZ    = 13, /* normal + epoch(2) + seq_num(6) */
@ -368,8 +412,19 @@ enum Misc {
    AES_256_KEY_SIZE    = 32,  /* for 256 bit             */
    AES_192_KEY_SIZE    = 24,  /* for 192 bit             */
    AES_IV_SIZE         = 16,  /* always block size       */
    AES_GCM_IMP_IV_SZ   = 4,   /* Implicit part of IV     */
    AES_GCM_EXP_IV_SZ   = 8,   /* Explicit part of IV     */
    AES_GCM_CTR_IV_SZ   = 4,   /* Counter part of IV      */
    AES_128_KEY_SIZE    = 16,  /* for 128 bit             */
    AEAD_SEQ_OFFSET     = 4,        /* Auth Data: Sequence number */
    AEAD_TYPE_OFFSET    = 8,        /* Auth Data: Type            */
    AEAD_VMAJ_OFFSET    = 9,        /* Auth Data: Major Version   */
    AEAD_VMIN_OFFSET    = 10,       /* Auth Data: Minor Version   */
    AEAD_LEN_OFFSET     = 11,       /* Auth Data: Length          */
    AEAD_AUTH_TAG_SZ    = 16,       /* Size of the authentication tag   */
    AEAD_AUTH_DATA_SZ   = 13,       /* Size of the data to authenticate */
    HC_128_KEY_SIZE     = 16,  /* 128 bits                */
    HC_128_IV_SIZE      = 16,  /* also 128 bits           */
@ -394,7 +449,7 @@ enum Misc {
    MAX_EX_DATA        =   3,  /* allow for three items of ex_data */
    MAX_CHAIN_DEPTH    =   9,  /* max cert chain peer depth, FORTRESS option */
 #else
-    MAX_CHAIN_DEPTH    =   4,  /* max cert chain peer depth */
+    MAX_CHAIN_DEPTH    =   6,  /* max cert chain peer depth */
 #endif
    MAX_X509_SIZE      = 2048, /* max static x509 buffer size */
    CERT_MIN_SIZE      =  256, /* min PEM cert size with header/footer */
@ -484,9 +539,6 @@ struct CYASSL_BIO {
 struct CYASSL_METHOD {
    ProtocolVersion version;
    byte            side;         /* connection side, server or client */
    byte            verifyPeer;   /* request or send certificate       */
    byte            verifyNone;   /* whether to verify certificate     */
    byte            failNoCert;   /* fail if no certificate            */
    byte            downgrade;    /* whether to downgrade version, default no */
 };
@ -520,9 +572,9 @@ enum {
    #define COMP_EXTRA 0
 #endif
-/* only the sniffer needs space in the buffer for an extra MTU record */
+/* only the sniffer needs space in the buffer for extra MTU record(s) */
 #ifdef CYASSL_SNIFFER
-    #define MTU_EXTRA MAX_MTU
+    #define MTU_EXTRA MAX_MTU * 3 
 #else
    #define MTU_EXTRA 0
 #endif
@ -599,6 +651,8 @@ int  SetCipherList(Suites*, const char* list);
 #endif
 #ifdef CYASSL_DTLS
    CYASSL_LOCAL
    int EmbedGenerateCookie(byte *buf, int sz, void *ctx);
    CYASSL_LOCAL
    int IsUDP(void*);
 #endif
@ -613,7 +667,7 @@ struct CYASSL_CIPHER {
 #ifdef SINGLE_THREADED
    typedef int CyaSSL_Mutex;
 #else /* MULTI_THREADED */
-    /* Comes first to enable use of FreeRTOS Windows simulator only. */
+    /* FREERTOS comes first to enable use of FreeRTOS Windows simulator only */
    #ifdef FREERTOS
        typedef xSemaphoreHandle CyaSSL_Mutex;
    #elif defined(USE_WINDOWS_API)
@ -636,6 +690,28 @@ CYASSL_LOCAL int UnLockMutex(CyaSSL_Mutex*);
 typedef struct OCSP_Entry OCSP_Entry;
 struct OCSP_Entry {
    OCSP_Entry* next;                       /* next entry             */
    byte    issuerHash[SHA_DIGEST_SIZE];    /* issuer hash            */ 
    byte    issuerKeyHash[SHA_DIGEST_SIZE]; /* issuer public key hash */
    CertStatus* status;                     /* OCSP response list     */
    int         totalStatus;                /* number on list         */
 };
 /* CyaSSL OCSP controller */
 struct CYASSL_OCSP {
    byte enabled;
    byte useOverrideUrl;
    char overrideName[80];
    char overridePath[80];
    int  overridePort;
    OCSP_Entry* ocspList;
 };
 typedef struct CRL_Entry CRL_Entry;
 /* Complete CRL */
@ -645,16 +721,31 @@ struct CRL_Entry {
    byte    crlHash[MD5_DIGEST_SIZE];     /* raw crl data hash           */ 
    byte    lastDate[MAX_DATE_SIZE]; /* last date updated  */
    byte    nextDate[MAX_DATE_SIZE]; /* next update date   */
    byte    lastDateFormat;          /* last date format */
    byte    nextDateFormat;          /* next date format */
    RevokedCert* certs;              /* revoked cert list  */
    int          totalCerts;         /* number on list     */
 };
 typedef struct CRL_Monitor CRL_Monitor;
 /* CRL directory monitor */
 struct CRL_Monitor {
    char* path;      /* full dir path, if valid pointer we're using */
    int   type;      /* PEM or ASN1 type */
 };
 /* CyaSSL CRL controller */
 struct CYASSL_CRL {
    CYASSL_CERT_MANAGER* cm;            /* pointer back to cert manager */
    CRL_Entry*           crlList;       /* our CRL list */
    CyaSSL_Mutex         crlLock;       /* CRL list lock */
    CRL_Monitor          monitors[2];   /* PEM and DER possible */
 #ifdef HAVE_CRL_MONITOR
    pthread_t            tid;           /* monitoring thread */
 #endif
 };
@ -693,7 +784,7 @@ struct CYASSL_CTX {
    byte        sendVerify;       /* for client side */
    byte        haveDH;           /* server DH parms set by user */
    byte        haveNTRU;         /* server private NTRU  key loaded */
-    byte        haveECDSA;        /* server cert signed w/ ECDSA loaded */
+    byte        haveECDSAsig;     /* server cert signed w/ ECDSA */
    byte        haveStaticECC;    /* static server ECC private key */
    byte        partialWrite;     /* only one msg per write call */
    byte        quietShutdown;    /* don't send close notify */
@ -741,7 +832,7 @@ int AlreadySigner(CYASSL_CERT_MANAGER* cm, byte* hash);
 /* All cipher suite related info */
 typedef struct CipherSpecs {
    byte bulk_cipher_algorithm;
-    byte cipher_type;               /* block or stream */
+    byte cipher_type;               /* block, stream, or aead */
    byte mac_algorithm;
    byte kea;                       /* key exchange algo */
    byte sig_algo;
@ -765,6 +856,7 @@ enum BulkCipherAlgorithm {
    des40,
    idea,
    aes,
    aes_gcm,
    hc128,                  /* CyaSSL extensions */
    rabbit
 };
@ -772,7 +864,7 @@ enum BulkCipherAlgorithm {
 /* Supported Message Authentication Codes from page 43 */
 enum MACAlgorithm { 
-    no_mac = 0,
+    no_mac,
    md5_mac,
    sha_mac,
    sha224_mac,
@ -785,19 +877,20 @@ enum MACAlgorithm {
 /* Supported Key Exchange Protocols */
 enum KeyExchangeAlgorithm { 
-    no_kea = 0,
+    no_kea,
    rsa_kea, 
    diffie_hellman_kea, 
    fortezza_kea,
    psk_kea,
    ntru_kea,
-    ecc_diffie_hellman_kea
+    ecc_diffie_hellman_kea,
    ecc_static_diffie_hellman_kea       /* for verify suite only */
 };
 /* Supported Authentication Schemes */
 enum SignatureAlgorithm {
-    anonymous_sa_algo = 0,
+    anonymous_sa_algo,
    rsa_sa_algo,
    dsa_sa_algo,
    ecc_dsa_sa_algo
@ -834,7 +927,7 @@ enum ClientCertificateType {
 };
-enum CipherType { stream, block };
+enum CipherType { stream, block, aead };
 /* keys and secrets */
@ -1011,7 +1104,7 @@ typedef struct Options {
    byte            usingCompression;   /* are we using compression */
    byte            haveDH;             /* server DH parms set by user */
    byte            haveNTRU;           /* server NTRU  private key loaded */
-    byte            haveECDSA;          /* server ECDSA signed cert */
+    byte            haveECDSAsig;       /* server ECDSA signed cert */
    byte            haveStaticECC;      /* static server ECC private key */
    byte            havePeerCert;       /* do we have peer's cert */
    byte            usingPSK_cipher;    /* whether we're using psk as cipher */
@ -1037,6 +1130,7 @@ typedef struct Arrays {
    byte            masterSecret[SECRET_LEN];
 #ifdef CYASSL_DTLS
    byte            cookie[MAX_COOKIE_LEN];
    byte            cookieSz;
 #endif
 #ifndef NO_PSK
    char            client_identity[MAX_PSK_ID_LEN];
@ -1061,6 +1155,8 @@ struct CYASSL_X509 {
    byte             serial[EXTERNAL_SERIAL_SIZE];
    char             subjectCN[ASN_NAME_MAX];        /* common name short cut */
    buffer           derCert;                        /* may need  */
    DNS_entry*       altNames;                       /* alt names list */
    DNS_entry*       altNamesNext;                   /* hint for retrieval */
 };
@ -1104,6 +1200,9 @@ struct CYASSL {
    Sha             hashSha;            /* sha hash of handshake msgs */
 #ifndef NO_SHA256
    Sha256          hashSha256;         /* sha256 hash of handshake msgs */
 #endif
 #ifdef CYASSL_SHA384
    Sha384          hashSha384;         /* sha384 hash of handshake msgs */
 #endif
    Hashes          verifyHashes;
    Hashes          certHashes;         /* for cert verify */
@ -1241,6 +1340,7 @@ enum HandShakeType {
    client_hello        = 1, 
    server_hello        = 2,
    hello_verify_request = 3,       /* DTLS addition */
    session_ticket      =  4,
    certificate         = 11, 
    server_key_exchange = 12,
    certificate_request = 13, 
--- a/FreeRTOS-Plus/CyaSSL/cyassl/ocsp.h
+++ b/FreeRTOS-Plus/CyaSSL/cyassl/ocsp.h
@ -26,38 +26,18 @@
 #define CYASSL_OCSP_H
 #include <cyassl/ssl.h>
 #include <cyassl/ctaocrypt/asn.h>
 #ifdef __cplusplus
    extern "C" {
 #endif
 typedef struct CYASSL_OCSP CYASSL_OCSP;
 typedef struct CertStatus CertStatus;
 struct CertStatus {
    byte issuerHash[SHA_SIZE];
    byte issuerKeyHash[SHA_SIZE];
    byte serial[EXTERNAL_SERIAL_SIZE];
    int serialSz;
    int status;
 };
 struct CYASSL_OCSP {
    byte enabled;
    byte useOverrideUrl;
    char overrideName[80];
    char overridePath[80];
    int  overridePort;
    int statusLen;
    CertStatus status[1];
 };
 CYASSL_LOCAL int  CyaSSL_OCSP_Init(CYASSL_OCSP*);
 CYASSL_LOCAL void CyaSSL_OCSP_Cleanup(CYASSL_OCSP*);
 CYASSL_LOCAL int  CyaSSL_OCSP_set_override_url(CYASSL_OCSP*, const char*);
 CYASSL_LOCAL int  CyaSSL_OCSP_Lookup_Cert(CYASSL_OCSP*, DecodedCert*);
--- a/FreeRTOS-Plus/CyaSSL/cyassl/openssl/ssl.h
+++ b/FreeRTOS-Plus/CyaSSL/cyassl/openssl/ssl.h
@ -37,8 +37,6 @@
 #ifdef _WIN32
    /* wincrypt.h clashes */
    #undef X509_NAME
    #undef OCSP_REQUEST 
    #undef OCSP_RESPONSE
 #endif
--- a/FreeRTOS-Plus/CyaSSL/cyassl/sniffer_error.h
+++ b/FreeRTOS-Plus/CyaSSL/cyassl/sniffer_error.h
@ -90,9 +90,15 @@
 #define OUT_OF_ORDER_STR 57
 #define OVERLAP_DUPLICATE_STR 58
 #define OVERLAP_REASSEMBLY_BEGIN_STR 59
 #define OVERLAP_REASSEMBLY_END_STR 60
 #define MISSED_CLIENT_HELLO_STR 61
 #define GOT_HELLO_REQUEST_STR 62
 #define GOT_SESSION_TICKET_STR 63
 #define BAD_INPUT_STR 64
 #define BAD_DECRYPT_TYPE 65
 #define BAD_FINISHED_MSG 66
 #define BAD_COMPRESSION_STR 67
 /* !!!! also add to msgTable in sniffer.c and .rc file !!!! */
--- a/FreeRTOS-Plus/CyaSSL/cyassl/sniffer_error.rc
+++ b/FreeRTOS-Plus/CyaSSL/cyassl/sniffer_error.rc
@ -74,5 +74,12 @@ STRINGTABLE
    60, "Received an Overlap Reassembly End Duplicate Packet"
    61, "Missed the Client Hello Entirely"
    62, "Got Hello Request msg"
    63, "Got Session Ticket msg"
    64, "Bad Input"
    65, "Bad Decrypt Type"
    66, "Bad Finished Message Processing"
    67, "Bad Compression Type"
 }
--- a/FreeRTOS-Plus/CyaSSL/cyassl/ssl.h
+++ b/FreeRTOS-Plus/CyaSSL/cyassl/ssl.h
@ -43,6 +43,12 @@
    #define CYASSL_VERSION LIBCYASSL_VERSION_STRING
 #endif
 #ifdef _WIN32
    /* wincrypt.h clashes */
    #undef OCSP_REQUEST
    #undef OCSP_RESPONSE
 #endif
 #ifdef __cplusplus
@ -686,6 +692,8 @@ CYASSL_API const unsigned char* CyaSSL_X509_get_der(CYASSL_X509*, int*);
 CYASSL_API int CyaSSL_cmp_peer_cert_to_file(CYASSL*, const char*);
 CYASSL_API char* CyaSSL_X509_get_next_altname(CYASSL_X509*);
 /* connect enough to get peer cert */
 CYASSL_API int  CyaSSL_connect_cert(CYASSL* ssl);
@ -763,10 +771,15 @@ CYASSL_API void CyaSSL_SetIOWriteCtx(CYASSL* ssl, void *ctx);
 /* CA cache callbacks */
 enum {
    CYASSL_SSLV3    = 0,
    CYASSL_TLSV1    = 1,
    CYASSL_TLSV1_1  = 2,
    CYASSL_TLSV1_2  = 3,
    CYASSL_USER_CA  = 1,          /* user added as trusted */
    CYASSL_CHAIN_CA = 2           /* added to cache from trusted chain */
 };
 CYASSL_API int CyaSSL_SetVersion(CYASSL* ssl, int version);
 CYASSL_API int CyaSSL_KeyPemToDer(const unsigned char*, int sz, unsigned char*,
                                  int, const char*);
@ -783,6 +796,8 @@ CYASSL_API int CyaSSL_CertManagerLoadCA(CYASSL_CERT_MANAGER*, const char* f,
                                        const char* d);
 CYASSL_API int CyaSSL_CertManagerVerify(CYASSL_CERT_MANAGER*, const char* f,
                                        int format);
 CYASSL_API int CyaSSL_CertManagerVerifyBuffer(CYASSL_CERT_MANAGER* cm,
                                 const unsigned char* buff, int sz, int format);
 CYASSL_API int CyaSSL_CertManagerCheckCRL(CYASSL_CERT_MANAGER*, unsigned char*,
                                          int sz);
 CYASSL_API int CyaSSL_CertManagerEnableCRL(CYASSL_CERT_MANAGER*, int options);
@ -801,7 +816,8 @@ CYASSL_API int CyaSSL_CTX_DisableCRL(CYASSL_CTX* ctx);
 CYASSL_API int CyaSSL_CTX_LoadCRL(CYASSL_CTX*, const char*, int, int);
 CYASSL_API int CyaSSL_CTX_SetCRL_Cb(CYASSL_CTX*, CbMissingCRL);
-
+#define CYASSL_CRL_MONITOR   0x01   /* monitor this dir flag */
 #define CYASSL_CRL_START_MON 0x02   /* start monitoring flag */
 #ifdef CYASSL_CALLBACKS
--- a/FreeRTOS-Plus/CyaSSL/cyassl/test.h
+++ b/FreeRTOS-Plus/CyaSSL/cyassl/test.h
@ -7,6 +7,7 @@
 #include <stdlib.h>
 #include <assert.h>
 #include <ctype.h>
 #include <cyassl/ssl.h>
 #include <cyassl/ctaocrypt/types.h>
 #ifdef USE_WINDOWS_API 
@ -44,6 +45,7 @@
    #pragma warning(disable:4244 4996)
 #endif
 #if defined(__MACH__) || defined(USE_WINDOWS_API)
    #ifndef _SOCKLEN_T
        typedef int socklen_t;
@ -96,20 +98,23 @@
 #endif
 #define SERVER_DEFAULT_VERSION 3
 #define CLIENT_DEFAULT_VERSION 3
 /* all certs relative to CyaSSL home directory now */
-static const char* caCert   = "./certs/ca-cert.pem";
+#define caCert     "./certs/ca-cert.pem"
-static const char* eccCert  = "./certs/server-ecc.pem";
+#define eccCert    "./certs/server-ecc.pem"
-static const char* eccKey   = "./certs/ecc-key.pem";
+#define eccKey     "./certs/ecc-key.pem"
-static const char* svrCert  = "./certs/server-cert.pem";
+#define svrCert    "./certs/server-cert.pem"
-static const char* svrKey   = "./certs/server-key.pem";
+#define svrKey     "./certs/server-key.pem"
-static const char* cliCert  = "./certs/client-cert.pem";
+#define cliCert    "./certs/client-cert.pem"
-static const char* cliKey   = "./certs/client-key.pem";
+#define cliKey     "./certs/client-key.pem"
-static const char* ntruCert = "./certs/ntru-cert.pem";
+#define ntruCert   "./certs/ntru-cert.pem"
-static const char* ntruKey  = "./certs/ntru-key.raw";
+#define ntruKey    "./certs/ntru-key.raw"
-static const char* dhParam  = "./certs/dh2048.pem";
+#define dhParam    "./certs/dh2048.pem"
-static const char* cliEccKey  = "./certs/ecc-client-key.pem";
+#define cliEccKey  "./certs/ecc-client-key.pem"
-static const char* cliEccCert = "./certs/client-ecc-cert.pem";
+#define cliEccCert "./certs/client-ecc-cert.pem"
-static const char* crlPemDir  = "./certs/crl";
+#define crlPemDir  "./certs/crl"
 typedef struct tcp_ready {
    int ready;              /* predicate */
@ -131,6 +136,7 @@ typedef struct func_args {
    tcp_ready* signal;
 } func_args;
 void wait_tcp_ready(func_args*);
 typedef THREAD_RETURN CYASSL_THREAD THREAD_FUNC(void*);
@ -149,9 +155,77 @@ static INLINE void err_sys(const char* msg)
 }
 #define MY_EX_USAGE 2
 extern int   myoptind;
 extern char* myoptarg;
 static INLINE int mygetopt(int argc, char** argv, char* optstring)
 {
    static char* next = NULL;
    char  c;
    char* cp;
    if (myoptind == 0)
        next = NULL;   /* we're starting new/over */
    if (next == NULL || *next == '\0') {
        if (myoptind == 0)
            myoptind++;
        if (myoptind >= argc || argv[myoptind][0] != '-' ||
                                argv[myoptind][1] == '\0') {
            myoptarg = NULL;
            if (myoptind < argc)
                myoptarg = argv[myoptind];
            return -1;
        }
        if (strcmp(argv[myoptind], "--") == 0) {
            myoptind++;
            myoptarg = NULL;
            if (myoptind < argc)
                myoptarg = argv[myoptind];
            return -1;
        }
        next = argv[myoptind];
        next++;                  /* skip - */
        myoptind++;
    }
    c  = *next++;
    cp = strchr(optstring, c);
    if (cp == NULL || c == ':') 
        return '?';
    cp++;
    if (*cp == ':') {
        if (*next != '\0') {
            myoptarg = next;
            next     = NULL;
        }
        else if (myoptind < argc) {
            myoptarg = argv[myoptind];
            myoptind++;
        }
        else 
            return '?';
    }
    return c;
 }
 #ifdef OPENSSL_EXTRA
-static int PasswordCallBack(char* passwd, int sz, int rw, void* userdata)
+static INLINE int PasswordCallBack(char* passwd, int sz, int rw, void* userdata)
 {
    strncpy(passwd, "yassl123", sz);
    return 8;
@ -167,6 +241,7 @@ static INLINE void showPeer(CYASSL* ssl)
    CYASSL_CIPHER* cipher;
    CYASSL_X509*   peer = CyaSSL_get_peer_certificate(ssl);
    if (peer) {
        char* altName;
        char* issuer  = CyaSSL_X509_NAME_oneline(
                                       CyaSSL_X509_get_issuer_name(peer), 0, 0);
        char* subject = CyaSSL_X509_NAME_oneline(
@ -177,6 +252,10 @@ static INLINE void showPeer(CYASSL* ssl)
        printf("peer's cert info:\n issuer : %s\n subject: %s\n", issuer,
                                                                  subject);
        while ( (altName = CyaSSL_X509_get_next_altname(peer)) )
            printf(" altname = %s\n", altName);
        ret = CyaSSL_X509_get_serial_number(peer, serial, &sz);
        if (ret == 0) {
            int  i;
@ -204,7 +283,7 @@ static INLINE void showPeer(CYASSL* ssl)
 #if defined(SESSION_CERTS) && defined(SHOW_CERTS)
    {
-        X509_CHAIN* chain = CyaSSL_get_peer_chain(ssl);
+        CYASSL_X509_CHAIN* chain = CyaSSL_get_peer_chain(ssl);
        int                count = CyaSSL_get_chain_count(chain);
        int i;
@ -223,7 +302,7 @@ static INLINE void showPeer(CYASSL* ssl)
 static INLINE void tcp_socket(SOCKET_T* sockfd, SOCKADDR_IN_T* addr,
-                              const char* peer, word16 port)
+                              const char* peer, word16 port, int udp)
 {
 #ifndef TEST_IPV6
    const char* host = peer;
@ -244,11 +323,10 @@ static INLINE void tcp_socket(SOCKET_T* sockfd, SOCKADDR_IN_T* addr,
    }
 #endif
-#ifdef CYASSL_DTLS
+    if (udp)
        *sockfd = socket(AF_INET_V, SOCK_DGRAM, 0);
-#else
+    else
        *sockfd = socket(AF_INET_V, SOCK_STREAM, 0);
 #endif
    memset(addr, 0, sizeof(SOCKADDR_IN_T));
 #ifndef TEST_IPV6
@ -275,7 +353,8 @@ static INLINE void tcp_socket(SOCKET_T* sockfd, SOCKADDR_IN_T* addr,
    }
 #endif
-#if defined(TCP_NODELAY) && !defined(CYASSL_DTLS)
+#if defined(TCP_NODELAY)
    if (!udp)
    {
        int       on = 1;
        socklen_t len = sizeof(on);
@ -288,27 +367,28 @@ static INLINE void tcp_socket(SOCKET_T* sockfd, SOCKADDR_IN_T* addr,
 }
-static INLINE void tcp_connect(SOCKET_T* sockfd, const char* ip, word16 port)
+static INLINE void tcp_connect(SOCKET_T* sockfd, const char* ip, word16 port,
                               int udp)
 {
    SOCKADDR_IN_T addr;
-    tcp_socket(sockfd, &addr, ip, port);
+    tcp_socket(sockfd, &addr, ip, port, udp);
    if (connect(*sockfd, (const struct sockaddr*)&addr, sizeof(addr)) != 0)
        err_sys("tcp connect failed");
 }
-static INLINE void tcp_listen(SOCKET_T* sockfd)
+static INLINE void tcp_listen(SOCKET_T* sockfd, int port, int useAnyAddr,
                              int udp)
 {
    SOCKADDR_IN_T addr;
    /* don't use INADDR_ANY by default, firewall may block, make user switch
       on */
-#ifdef USE_ANY_ADDR
+    if (useAnyAddr)
-    tcp_socket(sockfd, &addr, INADDR_ANY, yasslPort);
+        tcp_socket(sockfd, &addr, INADDR_ANY, port, udp);
-#else
+    else
-    tcp_socket(sockfd, &addr, yasslIP, yasslPort);
+        tcp_socket(sockfd, &addr, yasslIP, port, udp);
 #endif
 #ifndef USE_WINDOWS_API 
    {
@ -320,10 +400,10 @@ static INLINE void tcp_listen(SOCKET_T* sockfd)
    if (bind(*sockfd, (const struct sockaddr*)&addr, sizeof(addr)) != 0)
        err_sys("tcp bind failed");
-#ifndef CYASSL_DTLS
+    if (!udp) {
        if (listen(*sockfd, 5) != 0)
            err_sys("tcp listen failed");
-#endif
+    }
 }
@ -351,7 +431,7 @@ static INLINE void udp_accept(SOCKET_T* sockfd, int* clientfd, func_args* args)
 {
    SOCKADDR_IN_T addr;
-    tcp_socket(sockfd, &addr, yasslIP, yasslPort);
+    tcp_socket(sockfd, &addr, yasslIP, yasslPort, 1);
 #ifndef USE_WINDOWS_API 
@ -379,17 +459,18 @@ static INLINE void udp_accept(SOCKET_T* sockfd, int* clientfd, func_args* args)
    *clientfd = udp_read_connect(*sockfd);
 }
-static INLINE void tcp_accept(SOCKET_T* sockfd, int* clientfd, func_args* args)
+static INLINE void tcp_accept(SOCKET_T* sockfd, int* clientfd, func_args* args,
                              int port, int useAnyAddr, int udp)
 {
    SOCKADDR_IN_T client;
    socklen_t client_len = sizeof(client);
-    #ifdef CYASSL_DTLS
+    if (udp) {
        udp_accept(sockfd, clientfd, args);
        return;
-    #endif
+    }
-    tcp_listen(sockfd);
+    tcp_listen(sockfd, port, useAnyAddr, udp);
 #if defined(_POSIX_THREADS) && defined(NO_MAIN_DRIVER)
    /* signal ready to tcp_accept */
@ -545,7 +626,7 @@ static INLINE unsigned int my_psk_server_cb(CYASSL* ssl, const char* identity,
 #ifdef VERIFY_CALLBACK
-static int myVerify(int preverify, CYASSL_X509_STORE_CTX* store)
+static INLINE int myVerify(int preverify, CYASSL_X509_STORE_CTX* store)
 {
    char buffer[80];
@ -577,7 +658,7 @@ static int myVerify(int preverify, CYASSL_X509_STORE_CTX* store)
 #ifdef HAVE_CRL
-static void CRL_CallBack(char* url)
+static void INLINE CRL_CallBack(const char* url)
 {
    printf("CRL callback url = %s\n", url);
 }
--- a/FreeRTOS-Plus/CyaSSL/cyassl/version.h
+++ b/FreeRTOS-Plus/CyaSSL/cyassl/version.h
@ -26,8 +26,8 @@
 extern "C" {
 #endif
-#define LIBCYASSL_VERSION_STRING "2.2.0"
+#define LIBCYASSL_VERSION_STRING "2.3.0"
-#define LIBCYASSL_VERSION_HEX 0x02002000
+#define LIBCYASSL_VERSION_HEX 0x02003000
 #ifdef __cplusplus
 }
--- a/FreeRTOS-Plus/CyaSSL/examples/client/client.c
+++ b/FreeRTOS-Plus/CyaSSL/examples/client/client.c
@ -38,7 +38,7 @@
 #endif
 #if defined(NON_BLOCKING) || defined(CYASSL_CALLBACKS)
-    void NonBlockingSSL_Connect(CyaSSL* ssl)
+    void NonBlockingSSL_Connect(CYASSL* ssl)
    {
 #ifndef CYASSL_CALLBACKS
        int ret = CyaSSL_connect(ssl);
@ -70,6 +70,28 @@
 #endif
 static void Usage(void)
 {
    printf("client "    LIBCYASSL_VERSION_STRING
           " NOTE: All files relative to CyaSSL home dir\n");
    printf("-?          Help, print this usage\n");
    printf("-h <host>   Host to connect to, default %s\n", yasslIP);
    printf("-p <num>    Port to connect on, default %d\n", yasslPort);
    printf("-v <num>    SSL version [0-3], SSLv3(0) - TLS1.2(3)), default %d\n",
                                 CLIENT_DEFAULT_VERSION);
    printf("-l <str>    Cipher list\n");
    printf("-c <file>   Certificate file,           default %s\n", cliCert);
    printf("-k <file>   Key file,                   default %s\n", cliKey);
    printf("-A <file>   Certificate Authority file, default %s\n", caCert);
    printf("-b <num>    Benchmark <num> connections and print stats\n");
    printf("-s          Use pre Shared keys\n");
    printf("-d          Disable peer checks\n");
    printf("-g          Send server HTTP GET\n");
    printf("-u          Use UDP DTLS\n");
    printf("-m          Match domain name in cert\n");
 }
 void client_test(void* args)
 {
    SOCKET_T sockfd = 0;
@ -90,21 +112,148 @@ void client_test(void* args)
    int  input;
    int  msgSz = strlen(msg);
    int   port   = yasslPort;
    char* host   = (char*)yasslIP;
    char* domain = "www.yassl.com";
    int    ch;
    int    version = CLIENT_DEFAULT_VERSION;
    int    usePsk   = 0;
    int    sendGET  = 0;
    int    benchmark = 0;
    int    doDTLS    = 0;
    int    matchName = 0;
    int    doPeerCheck = 1;
    char*  cipherList = NULL;
    char*  verifyCert = (char*)caCert;
    char*  ourCert    = (char*)cliCert;
    char*  ourKey     = (char*)cliKey;
    int     argc = ((func_args*)args)->argc;
    char**  argv = ((func_args*)args)->argv;
    ((func_args*)args)->return_code = -1; /* error state */
-#if defined(CYASSL_DTLS)
+    while ((ch = mygetopt(argc, argv, "?gdusmh:p:v:l:A:c:k:b:")) != -1) {
-    method  = CyaDTLSv1_client_method();
+        switch (ch) {
-#elif  !defined(NO_TLS)
+            case '?' :
-    method  = CyaSSLv23_client_method();
+                Usage();
-#else
+                exit(EXIT_SUCCESS);
            case 'g' :
                sendGET = 1;
                break;
            case 'd' :
                doPeerCheck = 0;
                break;
            case 'u' :
                doDTLS  = 1;
                version = -1;  /* DTLS flag */
                break;
            case 's' :
                usePsk = 1;
                break;
            case 'm' :
                matchName = 1;
                break;
            case 'h' :
                host   = myoptarg;
                domain = myoptarg;
                break;
            case 'p' :
                port = atoi(myoptarg);
                break;
            case 'v' :
                version = atoi(myoptarg);
                if (version < 0 || version > 3) {
                    Usage();
                    exit(MY_EX_USAGE);
                }
                if (doDTLS)
                    version = -1;   /* DTLS flag */
                break;
            case 'l' :
                cipherList = myoptarg;
                break;
            case 'A' :
                verifyCert = myoptarg;
                break;
            case 'c' :
                ourCert = myoptarg;
                break;
            case 'k' :
                ourKey = myoptarg;
                break;
            case 'b' :
                benchmark = atoi(myoptarg);
                if (benchmark < 0 || benchmark > 1000000) {
                    Usage();
                    exit(MY_EX_USAGE);
                }
                break;
            default:
                Usage();
                exit(MY_EX_USAGE);
        }
    }
    argc -= myoptind;
    argv += myoptind;
    myoptind = 0;      /* reset for test cases */
    switch (version) {
        case 0:
            method = CyaSSLv3_client_method();
            break;
        case 1:
            method = CyaTLSv1_client_method();
            break;
        case 2:
            method = CyaTLSv1_1_client_method();
            break;
        case 3:
            method = CyaTLSv1_2_client_method();
            break;
 #ifdef CYASSL_DTLS
        case -1:
            method = CyaDTLSv1_client_method();
            break;
 #endif
        default:
            err_sys("Bad SSL version");
    }
    if (method == NULL)
        err_sys("unable to get method");
    ctx = CyaSSL_CTX_new(method);
    if (ctx == NULL)
        err_sys("unable to get ctx");
    if (cipherList)
        if (CyaSSL_CTX_set_cipher_list(ctx, cipherList) != SSL_SUCCESS)
            err_sys("can't set cipher list");
 #ifndef NO_PSK
    if (usePsk)
        CyaSSL_CTX_set_psk_client_callback(ctx, my_psk_client_cb);
 #endif
@ -114,76 +263,44 @@ void client_test(void* args)
 #if defined(CYASSL_SNIFFER) && !defined(HAVE_NTRU) && !defined(HAVE_ECC)
    /* don't use EDH, can't sniff tmp keys */
-    CyaSSL_CTX_set_cipher_list(ctx, "AES256-SHA");
+    if (cipherList == NULL)
        if (CyaSSL_CTX_set_cipher_list(ctx, "AES256-SHA") != SSL_SUCCESS)
            err_sys("can't set cipher list");
 #endif
 #ifdef USER_CA_CB
    CyaSSL_CTX_SetCACb(ctx, CaCb);
 #endif
 #ifndef NO_FILESYSTEM
    if (CyaSSL_CTX_load_verify_locations(ctx, caCert, 0) != SSL_SUCCESS)
        err_sys("can't load ca file, Please run from CyaSSL home dir");
    #ifdef HAVE_ECC
        if (CyaSSL_CTX_load_verify_locations(ctx, eccCert, 0) != SSL_SUCCESS)
            err_sys("can't load ca file, Please run from CyaSSL home dir");
    #endif
 #else
    load_buffer(ctx, caCert, CYASSL_CA);
 #endif
 #ifdef VERIFY_CALLBACK
    CyaSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, myVerify);
 #endif
-
+    if (CyaSSL_CTX_use_certificate_file(ctx, ourCert, SSL_FILETYPE_PEM)
    if (argc == 3) {
        /*  ./client server securePort  */
        CyaSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);  /* TODO: add ca cert */
                    /* this is just to allow easy testing of other servers */
        tcp_connect(&sockfd, argv[1], (short)atoi(argv[2]));
    }
    else if (argc == 1) {
        /* ./client          // plain mode */
        /* for client cert authentication if server requests */
 #ifndef NO_FILESYSTEM
    #ifdef HAVE_ECC
        if (CyaSSL_CTX_use_certificate_file(ctx, cliEccCert, SSL_FILETYPE_PEM)
                                     != SSL_SUCCESS)
-            err_sys("can't load ecc client cert file, "
+        err_sys("can't load client cert file, check file and run from"
-                    "Please run from CyaSSL home dir");
+                " CyaSSL home dir");
-        if (CyaSSL_CTX_use_PrivateKey_file(ctx, cliEccKey, SSL_FILETYPE_PEM)
+    if (CyaSSL_CTX_use_PrivateKey_file(ctx, ourKey, SSL_FILETYPE_PEM)
                                     != SSL_SUCCESS)
-            err_sys("can't load ecc client key file, "
+        err_sys("can't load client cert file, check file and run from"
-                    "Please run from CyaSSL home dir");
+                " CyaSSL home dir");    
    #else
        if (CyaSSL_CTX_use_certificate_file(ctx, cliCert, SSL_FILETYPE_PEM)
                != SSL_SUCCESS)
            err_sys("can't load client cert file, "
                    "Please run from CyaSSL home dir");
-        if (CyaSSL_CTX_use_PrivateKey_file(ctx, cliKey, SSL_FILETYPE_PEM)
+    if (CyaSSL_CTX_load_verify_locations(ctx, verifyCert, 0) != SSL_SUCCESS)
-                != SSL_SUCCESS)
+            err_sys("can't load ca file, Please run from CyaSSL home dir");
            err_sys("can't load client key file, "
                    "Please run from CyaSSL home dir");
    #endif /* HAVE_ECC */
 #else
        load_buffer(ctx, cliCert, CYASSL_CERT);
        load_buffer(ctx, cliKey, CYASSL_KEY);
 #endif
-        tcp_connect(&sockfd, yasslIP, yasslPort);
+    if (doPeerCheck == 0)
-    }
+        CyaSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
-    else if (argc == 2) {
+
    if (benchmark) {
        /* time passed in number of connects give average */
-        int times = atoi(argv[1]);
+        int times = benchmark;
        int i = 0;
        double start = current_time(), avg;
        for (i = 0; i < times; i++) {
-            tcp_connect(&sockfd, yasslIP, yasslPort);
+            tcp_connect(&sockfd, host, port, doDTLS);
            ssl = CyaSSL_new(ctx);
            CyaSSL_set_fd(ssl, sockfd);
            if (CyaSSL_connect(ssl) != SSL_SUCCESS)
@ -196,24 +313,29 @@ void client_test(void* args)
        avg = current_time() - start;
        avg /= times;
        avg *= 1000;   /* milliseconds */
-        printf("SSL_connect avg took:%6.3f milliseconds\n", avg);
+        printf("CyaSSL_connect avg took: %8.3f milliseconds\n", avg);
        CyaSSL_CTX_free(ctx);
        ((func_args*)args)->return_code = 0;
        return;
    }
    else
        err_sys("usage: ./client server securePort");
        exit(EXIT_SUCCESS);
    }
    tcp_connect(&sockfd, host, port, doDTLS);
    ssl = CyaSSL_new(ctx);
    if (ssl == NULL)
        err_sys("unable to get SSL object");
    CyaSSL_set_fd(ssl, sockfd);
 #ifdef HAVE_CRL
-    CyaSSL_EnableCRL(ssl, 0);
+    if (CyaSSL_EnableCRL(ssl, CYASSL_CRL_CHECKALL) != SSL_SUCCESS)
-    CyaSSL_LoadCRL(ssl, crlPemDir, SSL_FILETYPE_PEM, 0);
+        err_sys("can't enable crl check");
-    CyaSSL_SetCRL_Cb(ssl, CRL_CallBack);
+    if (CyaSSL_LoadCRL(ssl, crlPemDir, SSL_FILETYPE_PEM, 0) != SSL_SUCCESS)
        err_sys("can't load crl, check crlfile and date validity");
    if (CyaSSL_SetCRL_Cb(ssl, CRL_CallBack) != SSL_SUCCESS)
        err_sys("can't set crl callback");
 #endif
-    if (argc != 3)
+    if (matchName && doPeerCheck)
-        CyaSSL_check_domain_name(ssl, "www.yassl.com");
+        CyaSSL_check_domain_name(ssl, domain);
 #ifdef NON_BLOCKING
    tcp_set_nonblocking(&sockfd);
    NonBlockingSSL_Connect(ssl);
@ -233,7 +355,7 @@ void client_test(void* args)
 #endif
    showPeer(ssl);
-    if (argc == 3) {
+    if (sendGET) {
        printf("SSL connect ok, sending GET...\n");
        msgSz = 28;
        strncpy(msg, "GET /index.html HTTP/1.0\r\n\r\n", msgSz);
@ -246,7 +368,7 @@ void client_test(void* args)
        reply[input] = 0;
        printf("Server response: %s\n", reply);
-        if (argc == 3) {  /* get html */
+        if (sendGET) {  /* get html */
            while (1) {
                input = CyaSSL_read(ssl, reply, sizeof(reply));
                if (input > 0) {
@ -260,12 +382,12 @@ void client_test(void* args)
    }
 #ifdef TEST_RESUME
-    #ifdef CYASSL_DTLS
+    if (doDTLS) {
        strncpy(msg, "break", 6);
        msgSz = (int)strlen(msg);
        /* try to send session close */
        CyaSSL_write(ssl, msg, msgSz);
-    #endif
+    }
    session   = CyaSSL_get_session(ssl);
    sslResume = CyaSSL_new(ctx);
 #endif
@ -275,17 +397,14 @@ void client_test(void* args)
    CloseSocket(sockfd);
 #ifdef TEST_RESUME
-    #ifdef CYASSL_DTLS
+    if (doDTLS) {
        #ifdef USE_WINDOWS_API 
            Sleep(500);
        #else
            sleep(1);
        #endif
-    #endif
+    }
-    if (argc == 3)
+    tcp_connect(&sockfd, host, port);
        tcp_connect(&sockfd, argv[1], (short)atoi(argv[2]));
    else
        tcp_connect(&sockfd, yasslIP, yasslPort);
    CyaSSL_set_fd(sslResume, sockfd);
    CyaSSL_set_session(sslResume, session);
@ -347,6 +466,9 @@ void client_test(void* args)
        return args.return_code;
    }
    int myoptind = 0;
    char* myoptarg = NULL;
 #endif /* NO_MAIN_DRIVER */
--- a/FreeRTOS-Plus/CyaSSL/examples/echoclient/echoclient.c
+++ b/FreeRTOS-Plus/CyaSSL/examples/echoclient/echoclient.c
@ -44,6 +44,7 @@ void echoclient_test(void* args)
    SSL_CTX*    ctx    = 0;
    SSL*        ssl    = 0;
    int doDTLS = 0;
    int sendSz;
    int argc    = 0;
    char** argv = 0;
@ -64,12 +65,16 @@ void echoclient_test(void* args)
    if (!fin)  err_sys("can't open input file");
    if (!fout) err_sys("can't open output file");
-    tcp_connect(&sockfd, yasslIP, yasslPort);
+#ifdef CYASSL_DTLS
    doDTLS  = 1;
 #endif
    tcp_connect(&sockfd, yasslIP, yasslPort, doDTLS);
 #if defined(CYASSL_DTLS)
    method  = DTLSv1_client_method();
 #elif  !defined(NO_TLS)
-    method = TLSv1_client_method();
+    method = CyaSSLv23_client_method();
 #else
    method = SSLv3_client_method();
 #endif
@ -105,7 +110,7 @@ void echoclient_test(void* args)
    while (fgets(send, sizeof(send), fin)) {
-        sendSz = (int)strlen(send) + 1;
+        sendSz = (int)strlen(send);
        if (SSL_write(ssl, send, sendSz) != sendSz)
            err_sys("SSL_write failed");
@ -115,7 +120,7 @@ void echoclient_test(void* args)
            break;
        }
-        if (strncmp(send, "break", 4) == 0) {
+        if (strncmp(send, "break", 5) == 0) {
            fputs("sending server session close: break!\n", fout);
            break;
        }
@ -123,6 +128,7 @@ void echoclient_test(void* args)
        while (sendSz) {
            int got;
            if ( (got = SSL_read(ssl, reply, sizeof(reply))) > 0) {
                reply[got] = 0;
                fputs(reply, fout);
                sendSz -= got;
            }
@ -165,6 +171,9 @@ void echoclient_test(void* args)
        args.argv = argv;
        CyaSSL_Init();
 #ifdef DEBUG_CYASSL
        CyaSSL_Debugging_ON();
 #endif
        if (CurrentDir("echoclient") || CurrentDir("build"))
            ChangeDirBack(2);
        echoclient_test(&args);
@ -173,6 +182,9 @@ void echoclient_test(void* args)
        return args.return_code;
    }
    int myoptind = 0;
    char* myoptarg = NULL;
 #endif /* NO_MAIN_DRIVER */
--- a/FreeRTOS-Plus/CyaSSL/examples/echoserver/echoserver.c
+++ b/FreeRTOS-Plus/CyaSSL/examples/echoserver/echoserver.c
@ -56,8 +56,10 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
    CYASSL_METHOD* method = 0;
    CYASSL_CTX*    ctx    = 0;
    int    doDTLS = 0;
    int    outCreated = 0;
    int    shutdown = 0;
    int    useAnyAddr = 0;
    int    argc = ((func_args*)args)->argc;
    char** argv = ((func_args*)args)->argv;
@ -72,7 +74,11 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
    ((func_args*)args)->return_code = -1; /* error state */
-    tcp_listen(&sockfd);
+#ifdef CYASSL_DTLS
    doDTLS  = 1;
 #endif
    tcp_listen(&sockfd, yasslPort, useAnyAddr, doDTLS);
 #if defined(CYASSL_DTLS)
    method  = CyaDTLSv1_server_method();
@ -128,6 +134,11 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
    load_buffer(ctx, svrKey,  CYASSL_KEY);
 #endif
 #if defined(CYASSL_SNIFFER) && !defined(HAVE_NTRU) && !defined(HAVE_ECC)
    /* don't use EDH, can't sniff tmp keys */
    CyaSSL_CTX_set_cipher_list(ctx, "AES256-SHA");
 #endif
    SignalReady(args);
    while (!shutdown) {
@ -231,7 +242,7 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
        CyaSSL_free(ssl);
        CloseSocket(clientfd);
 #ifdef CYASSL_DTLS
-        tcp_listen(&sockfd);
+        tcp_listen(&sockfd, yasslPort, useAnyAddr, doDTLS);
        SignalReady(args);
 #endif
    }
@ -273,6 +284,9 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
        return args.return_code;
    }
    int myoptind = 0;
    char* myoptarg = NULL;
 #endif /* NO_MAIN_DRIVER */
--- a/FreeRTOS-Plus/CyaSSL/examples/server/server.c
+++ b/FreeRTOS-Plus/CyaSSL/examples/server/server.c
@ -63,6 +63,25 @@
 #endif
 static void Usage(void)
 {
    printf("server "    LIBCYASSL_VERSION_STRING
           " NOTE: All files relative to CyaSSL home dir\n");
    printf("-?          Help, print this usage\n");
    printf("-p <num>    Port to listen on, default %d\n", yasslPort);
    printf("-v <num>    SSL version [0-3], SSLv3(0) - TLS1.2(3)), default %d\n",
                                 SERVER_DEFAULT_VERSION);
    printf("-l <str>    Cipher list\n");
    printf("-c <file>   Certificate file,           default %s\n", svrCert);
    printf("-k <file>   Key file,                   default %s\n", svrKey);
    printf("-A <file>   Certificate Authority file, default %s\n", cliCert);
    printf("-d          Disable client cert check\n");
    printf("-b          Bind to any interface instead of localhost only\n");
    printf("-s          Use pre Shared keys\n");
    printf("-u          Use UDP DTLS\n");
 }
 THREAD_RETURN CYASSL_THREAD server_test(void* args)
 {
    SOCKET_T sockfd   = 0;
@ -75,82 +94,191 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
    char   msg[] = "I hear you fa shizzle!";
    char   input[1024];
    int    idx;
    int    ch;
    int    version = SERVER_DEFAULT_VERSION;
    int    doCliCertCheck = 1;
    int    useAnyAddr = 0;
    int    port = yasslPort;
    int    usePsk = 0;
    int    doDTLS = 0;
    int    useNtruKey = 0;
    char*  cipherList = NULL;
    char*  verifyCert = (char*)cliCert;
    char*  ourCert    = (char*)svrCert;
    char*  ourKey     = (char*)svrKey;
    int    argc = ((func_args*)args)->argc;
    char** argv = ((func_args*)args)->argv;
    ((func_args*)args)->return_code = -1; /* error state */
-#if defined(CYASSL_DTLS)
+
-    method  = DTLSv1_server_method();
+    while ((ch = mygetopt(argc, argv, "?dbsnup:v:l:A:c:k:")) != -1) {
-#elif  !defined(NO_TLS)
+        switch (ch) {
-    method = SSLv23_server_method();
+            case '?' :
-#else
+                Usage();
                exit(EXIT_SUCCESS);
            case 'd' :
                doCliCertCheck = 0;
                break;
            case 'b' :
                useAnyAddr = 1;
                break;
            case 's' :
                usePsk = 1;
                break;
            case 'n' :
                useNtruKey = 1;
                break;
            case 'u' :
                doDTLS  = 1;
                version = -1;  /* DTLS flag */
                break;
            case 'p' :
                port = atoi(myoptarg);
                break;
            case 'v' :
                version = atoi(myoptarg);
                if (version < 0 || version > 3) {
                    Usage();
                    exit(MY_EX_USAGE);
                }
                if (doDTLS)
                    version = -1;  /* stay with DTLS */
                break;
            case 'l' :
                cipherList = myoptarg;
                break;
            case 'A' :
                verifyCert = myoptarg;
                break;
            case 'c' :
                ourCert = myoptarg;
                break;
            case 'k' :
                ourKey = myoptarg;
                break;
            default:
                Usage();
                exit(MY_EX_USAGE);
        }
    }
    argc -= myoptind;
    argv += myoptind;
    myoptind = 0;      /* reset for test cases */
    switch (version) {
        case 0:
            method = SSLv3_server_method();
            break;
        case 1:
            method = TLSv1_server_method();
            break;
        case 2:
            method = TLSv1_1_server_method();
            break;
        case 3:
            method = TLSv1_2_server_method();
            break;
 #ifdef CYASSL_DTLS
        case -1:
            method = DTLSv1_server_method();
            break;
 #endif
        default:
            err_sys("Bad SSL version");
    }
    if (method == NULL)
        err_sys("unable to get method");
    ctx = SSL_CTX_new(method);
    if (ctx == NULL)
        err_sys("unable to get ctx");
    if (cipherList)
        if (SSL_CTX_set_cipher_list(ctx, cipherList) != SSL_SUCCESS)
            err_sys("can't set cipher list");
    if (SSL_CTX_use_certificate_file(ctx, ourCert, SSL_FILETYPE_PEM)
                                     != SSL_SUCCESS)
        err_sys("can't load server cert file, check file and run from"
                " CyaSSL home dir");
 #ifdef HAVE_NTRU
    if (useNtruKey) {
        if (CyaSSL_CTX_use_NTRUPrivateKey_file(ctx, ourKey)
                                               != SSL_SUCCESS)
            err_sys("can't load ntru key file, "
                    "Please run from CyaSSL home dir");
    }
 #endif
    if (!useNtruKey) {
        if (SSL_CTX_use_PrivateKey_file(ctx, ourKey, SSL_FILETYPE_PEM)
                                         != SSL_SUCCESS)
            err_sys("can't load server cert file, check file and run from"
                " CyaSSL home dir");
    }
 #ifndef NO_PSK
-    /* do PSK */
+    if (usePsk) {
        SSL_CTX_set_psk_server_callback(ctx, my_psk_server_cb);
        SSL_CTX_use_psk_identity_hint(ctx, "cyassl server");
-    SSL_CTX_set_cipher_list(ctx, "PSK-AES256-CBC-SHA");
+        if (cipherList == NULL)
-#else
+            if (SSL_CTX_set_cipher_list(ctx,"PSK-AES256-CBC-SHA") !=SSL_SUCCESS)
-    /* not using PSK, verify peer with certs */
+                err_sys("can't set cipher list");
-    SSL_CTX_set_verify(ctx,SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,0);
+    }
 #endif
    /* if not using PSK, verify peer with certs */
    if (doCliCertCheck && usePsk == 0) {
        SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER |
                                SSL_VERIFY_FAIL_IF_NO_PEER_CERT,0);
        if (SSL_CTX_load_verify_locations(ctx, verifyCert, 0) != SSL_SUCCESS)
            err_sys("can't load ca file, Please run from CyaSSL home dir");
    }
 #ifdef OPENSSL_EXTRA
    SSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
 #endif
-#ifndef NO_FILESYSTEM
+#if defined(CYASSL_SNIFFER) && !defined(HAVE_NTRU) && !defined(HAVE_ECC)
-    /* for client auth */
+    /* don't use EDH, can't sniff tmp keys */
-    if (SSL_CTX_load_verify_locations(ctx, cliCert, 0) != SSL_SUCCESS)
+    if (SSL_CTX_set_cipher_list(ctx, "AES256-SHA") != SSL_SUCCESS)
-        err_sys("can't load ca file, Please run from CyaSSL home dir");
+        err_sys("can't set cipher list");
-
+#endif
    #ifdef HAVE_ECC
        if (SSL_CTX_use_certificate_file(ctx, eccCert, SSL_FILETYPE_PEM)
                != SSL_SUCCESS)
            err_sys("can't load server ecc cert file, "
                    "Please run from CyaSSL home dir");
        if (SSL_CTX_use_PrivateKey_file(ctx, eccKey, SSL_FILETYPE_PEM)
                != SSL_SUCCESS)
            err_sys("can't load server ecc key file, "
                    "Please run from CyaSSL home dir");
        /* for client auth */
        if (SSL_CTX_load_verify_locations(ctx, cliEccCert, 0) != SSL_SUCCESS)
            err_sys("can't load ecc ca file, Please run from CyaSSL home dir");
    #elif HAVE_NTRU
        if (SSL_CTX_use_certificate_file(ctx, ntruCert, SSL_FILETYPE_PEM)
                != SSL_SUCCESS)
            err_sys("can't load ntru cert file, "
                    "Please run from CyaSSL home dir");
        if (CyaSSL_CTX_use_NTRUPrivateKey_file(ctx, ntruKey)
                != SSL_SUCCESS)
            err_sys("can't load ntru key file, "
                    "Please run from CyaSSL home dir");
    #else  /* normal */
        if (SSL_CTX_use_certificate_file(ctx, svrCert, SSL_FILETYPE_PEM)
                != SSL_SUCCESS)
            err_sys("can't load server cert chain file, "
                    "Please run from CyaSSL home dir");
        if (SSL_CTX_use_PrivateKey_file(ctx, svrKey, SSL_FILETYPE_PEM)
                != SSL_SUCCESS)
            err_sys("can't load server key file, "
                    "Please run from CyaSSL home dir");
    #endif /* NTRU */
 #else
    load_buffer(ctx, cliCert, CYASSL_CA);
    load_buffer(ctx, svrCert, CYASSL_CERT);
    load_buffer(ctx, svrKey,  CYASSL_KEY);
 #endif /* NO_FILESYSTEM */
    ssl = SSL_new(ctx);
-    tcp_accept(&sockfd, &clientfd, (func_args*)args);
+    if (ssl == NULL)
-#ifndef CYASSL_DTLS
+        err_sys("unable to get SSL");
-    CloseSocket(sockfd);
+
 #ifdef HAVE_CRL
    CyaSSL_EnableCRL(ssl, 0);
    CyaSSL_LoadCRL(ssl, crlPemDir, SSL_FILETYPE_PEM, CYASSL_CRL_MONITOR |
                                                     CYASSL_CRL_START_MON);
    CyaSSL_SetCRL_Cb(ssl, CRL_CallBack);
 #endif
    tcp_accept(&sockfd, &clientfd, (func_args*)args, port, useAnyAddr, doDTLS);
    if (!doDTLS) 
        CloseSocket(sockfd);
    SSL_set_fd(ssl, clientfd);
 #ifdef NO_PSK
@ -222,6 +350,9 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
        return args.return_code;
    }
    int myoptind = 0;
    char* myoptarg = NULL;
 #endif /* NO_MAIN_DRIVER */
--- a/FreeRTOS-Plus/CyaSSL/src/crl.c
+++ b/FreeRTOS-Plus/CyaSSL/src/crl.c
@ -40,6 +40,11 @@ int InitCRL(CYASSL_CRL* crl, CYASSL_CERT_MANAGER* cm)
    crl->cm = cm;
    crl->crlList = NULL;
    crl->monitors[0].path = NULL;
    crl->monitors[1].path = NULL;
 #ifdef HAVE_CRL_MONITOR
    crl->tid = 0;
 #endif
    if (InitMutex(&crl->crlLock) != 0)
        return BAD_MUTEX_ERROR; 
@ -50,12 +55,14 @@ int InitCRL(CYASSL_CRL* crl, CYASSL_CERT_MANAGER* cm)
 /* Initialze CRL Entry */
 static int InitCRL_Entry(CRL_Entry* crle, DecodedCRL* dcrl)
 {
-	CYASSL_ENTER("FreeCRL_Entry");
+    CYASSL_ENTER("InitCRL_Entry");
    XMEMCPY(crle->issuerHash, dcrl->issuerHash, SHA_DIGEST_SIZE);
    XMEMCPY(crle->crlHash, dcrl->crlHash, MD5_DIGEST_SIZE);
    XMEMCPY(crle->lastDate, dcrl->lastDate, MAX_DATE_SIZE);
    XMEMCPY(crle->nextDate, dcrl->nextDate, MAX_DATE_SIZE);
    crle->lastDateFormat = dcrl->lastDateFormat;
    crle->nextDateFormat = dcrl->nextDateFormat;
    crle->certs = dcrl->certs;   /* take ownsership */
    dcrl->certs = NULL;
@ -88,6 +95,12 @@ void FreeCRL(CYASSL_CRL* crl)
    CYASSL_ENTER("FreeCRL");
    if (crl->monitors[0].path)
        XFREE(crl->monitors[0].path, NULL, DYNAMIC_TYPE_CRL_MONITOR);
    if (crl->monitors[1].path)
        XFREE(crl->monitors[1].path, NULL, DYNAMIC_TYPE_CRL_MONITOR);
    while(tmp) {
        CRL_Entry* next = tmp->next;
        FreeCRL_Entry(tmp);
@ -95,6 +108,12 @@ void FreeCRL(CYASSL_CRL* crl)
        tmp = next;
    }	
 #ifdef HAVE_CRL_MONITOR
    if (crl->tid != 0) {
        CYASSL_MSG("Canceling monitor thread");
        pthread_cancel(crl->tid);
    }
 #endif
    FreeMutex(&crl->crlLock);
 }
@ -119,6 +138,13 @@ int CheckCertCRL(CYASSL_CRL* crl, DecodedCert* cert)
    while (crle) {
        if (XMEMCMP(crle->issuerHash, cert->issuerHash, SHA_DIGEST_SIZE) == 0) {
            CYASSL_MSG("Found CRL Entry on list");
            CYASSL_MSG("Checking next date validity");
            if (!ValidateDate(crle->nextDate, crle->nextDateFormat, AFTER)) {
                CYASSL_MSG("CRL next date is no longer valid");
                ret = ASN_AFTER_DATE_E;
            }
            else
                foundEntry = 1;
            break;
        }
@ -180,12 +206,14 @@ static int AddCRL(CYASSL_CRL* crl, DecodedCRL* dcrl)
    if (InitCRL_Entry(crle, dcrl) < 0) {
        CYASSL_MSG("Init CRL Entry failed");
        XFREE(crle, NULL, DYNAMIC_TYPE_CRL_ENTRY);
        return -1;
    }
    if (LockMutex(&crl->crlLock) != 0) {
        CYASSL_MSG("LockMutex failed");
        FreeCRL_Entry(crle);
        XFREE(crle, NULL, DYNAMIC_TYPE_CRL_ENTRY);
        return BAD_MUTEX_ERROR;
    }
    crle->next = crl->crlList;
@ -228,7 +256,7 @@ int BufferLoadCRL(CYASSL_CRL* crl, const byte* buff, long sz, int type)
    }
    InitDecodedCRL(&dcrl);
-	ret = ParseCRL(&dcrl, myBuffer, sz);
+    ret = ParseCRL(&dcrl, myBuffer, sz, crl->cm);
    if (ret != 0) {
        CYASSL_MSG("ParseCRL error");
    }
@ -249,6 +277,230 @@ int BufferLoadCRL(CYASSL_CRL* crl, const byte* buff, long sz, int type)
 }
 #ifdef HAVE_CRL_MONITOR
 /* read in new CRL entries and save new list */
 static int SwapLists(CYASSL_CRL* crl)
 {
    int        ret;
    CYASSL_CRL tmp;
    CRL_Entry* newList;
    if (InitCRL(&tmp, crl->cm) < 0) {
        CYASSL_MSG("Init tmp CRL failed");
        return -1;
    }
    if (crl->monitors[0].path) {
        ret = LoadCRL(&tmp, crl->monitors[0].path, SSL_FILETYPE_PEM, 0);
        if (ret != SSL_SUCCESS) {
            CYASSL_MSG("PEM LoadCRL on dir change failed");
            FreeCRL(&tmp);
            return -1;
        }
    }
    if (crl->monitors[1].path) {
        ret = LoadCRL(&tmp, crl->monitors[1].path, SSL_FILETYPE_ASN1, 0);
        if (ret != SSL_SUCCESS) {
            CYASSL_MSG("DER LoadCRL on dir change failed");
            FreeCRL(&tmp);
            return -1;
        }
    }
    if (LockMutex(&crl->crlLock) != 0) {
        CYASSL_MSG("LockMutex failed");
        FreeCRL(&tmp);
        return -1;
    }
    newList = tmp.crlList;
    /* swap lists */
    tmp.crlList  = crl->crlList;
    crl->crlList = newList;
    UnLockMutex(&crl->crlLock);
    FreeCRL(&tmp);
    return 0;
 }
 #ifdef __MACH__
 #include <sys/event.h>
 #include <sys/time.h>
 #include <fcntl.h>
 /* OS X  monitoring */
 static void* DoMonitor(void* arg)
 {
    int fPEM, fDER, kq;
    struct kevent change;
    CYASSL_CRL* crl = (CYASSL_CRL*)arg;
    CYASSL_ENTER("DoMonitor");
    kq = kqueue();
    if (kq == -1) {
        CYASSL_MSG("kqueue failed");
        return NULL;
    }
    fPEM = -1;
    fDER = -1;
    if (crl->monitors[0].path) {
        fPEM = open(crl->monitors[0].path, O_EVTONLY);
        if (fPEM == -1) {
            CYASSL_MSG("PEM event dir open failed");
            return NULL;
        }
    }
    if (crl->monitors[1].path) {
        fDER = open(crl->monitors[1].path, O_EVTONLY);
        if (fDER == -1) {
            CYASSL_MSG("DER event dir open failed");
            return NULL;
        }
    }
    if (fPEM != -1)
        EV_SET(&change, fPEM, EVFILT_VNODE, EV_ADD | EV_ENABLE | EV_ONESHOT,
                NOTE_DELETE | NOTE_EXTEND | NOTE_WRITE | NOTE_ATTRIB, 0, 0);
    if (fDER != -1)
        EV_SET(&change, fDER, EVFILT_VNODE, EV_ADD | EV_ENABLE | EV_ONESHOT,
                NOTE_DELETE | NOTE_EXTEND | NOTE_WRITE | NOTE_ATTRIB, 0, 0);
    for (;;) {
        struct kevent event;
        int           numEvents = kevent(kq, &change, 1, &event, 1, NULL);
        CYASSL_MSG("Got kevent");
        if (numEvents == -1) {
            CYASSL_MSG("kevent problem, continue");
            continue;
        }
        if (SwapLists(crl) < 0) {
            CYASSL_MSG("SwapLists problem, continue");
        }
    }
    return NULL;
 }
 #elif __linux__
 #include <sys/types.h>
 #include <sys/inotify.h>
 #include <unistd.h>
 /* linux monitoring */
 static void* DoMonitor(void* arg)
 {
    int         notifyFd;
    int         wd;
    CYASSL_CRL* crl = (CYASSL_CRL*)arg;
    CYASSL_ENTER("DoMonitor");
    notifyFd = inotify_init();
    if (notifyFd < 0) {
        CYASSL_MSG("inotify failed");
        return NULL;
    }
    if (crl->monitors[0].path) {
        wd = inotify_add_watch(notifyFd, crl->monitors[0].path, IN_CLOSE_WRITE |
                                                                IN_DELETE);
        if (wd < 0) {
            CYASSL_MSG("PEM notify add watch failed");
            return NULL;
        }
    }
    if (crl->monitors[1].path) {
        wd = inotify_add_watch(notifyFd, crl->monitors[1].path, IN_CLOSE_WRITE |
                                                                IN_DELETE);
        if (wd < 0) {
            CYASSL_MSG("DER notify add watch failed");
            return NULL;
        }
    }
    for (;;) {
        char          buffer[8192];
        int           length = read(notifyFd, buffer, sizeof(buffer));
        CYASSL_MSG("Got notify event");
        if (length < 0) {
            CYASSL_MSG("notify read problem, continue");
            continue;
        } 
        if (SwapLists(crl) < 0) {
            CYASSL_MSG("SwapLists problem, continue");
        }
    }
    return NULL;
 }
 #endif /* MACH or linux */
 /* Start Monitoring the CRL path(s) in a thread */
 static int StartMonitorCRL(CYASSL_CRL* crl)
 {
    pthread_attr_t attr;
    CYASSL_ENTER("StartMonitorCRL");
    if (crl == NULL) 
        return BAD_FUNC_ARG;
    if (crl->tid != 0) {
        CYASSL_MSG("Monitor thread already running");
        return MONITOR_RUNNING_E;
    }
    pthread_attr_init(&attr);
    if (pthread_create(&crl->tid, &attr, DoMonitor, crl) != 0) {
        CYASSL_MSG("Thread creation error");
        return THREAD_CREATE_E;
    }
    return SSL_SUCCESS;
 }
 #else /* HAVE_CRL_MONITOR */
 static int StartMonitorCRL(CYASSL_CRL* crl)
 {
    CYASSL_ENTER("StartMonitorCRL");
    CYASSL_MSG("Not compiled in");
    return NOT_COMPILED_IN;
 }
 #endif  /* HAVE_CRL_MONITOR */
 /* Load CRL path files of type, SSL_SUCCESS on ok */ 
 int LoadCRL(CYASSL_CRL* crl, const char* path, int type, int monitor)
 {
@ -265,7 +517,7 @@ int LoadCRL(CYASSL_CRL* crl, const char* path, int type, int monitor)
        CYASSL_MSG("opendir path crl load failed");
        return BAD_PATH_ERROR;
    }
-	while ( ret == SSL_SUCCESS && (entry = readdir(dir)) != NULL) {
+    while ( (entry = readdir(dir)) != NULL) {
        if (entry->d_type & DT_REG) {
            char name[MAX_FILENAME_SZ];
@ -289,15 +541,36 @@ int LoadCRL(CYASSL_CRL* crl, const char* path, int type, int monitor)
            XSTRNCAT(name, "/", 1);
            XSTRNCAT(name, entry->d_name, MAX_FILENAME_SZ/2);
-			ret = ProcessFile(NULL, name, type, CRL_TYPE, NULL, 0, crl);
+            if (ProcessFile(NULL, name, type, CRL_TYPE, NULL, 0, crl)
                                                               != SSL_SUCCESS) {
                CYASSL_MSG("CRL file load failed, continuing");
            }
        }
    }
-    if (monitor) {
+    if (monitor & CYASSL_CRL_MONITOR) {
        CYASSL_MSG("monitor path requested");
        if (type == SSL_FILETYPE_PEM) {
            crl->monitors[0].path = strdup(path);
            crl->monitors[0].type = SSL_FILETYPE_PEM;
            if (crl->monitors[0].path == NULL)
                ret = MEMORY_E;
        } else {
            crl->monitors[1].path = strdup(path);
            crl->monitors[1].type = SSL_FILETYPE_ASN1;
            if (crl->monitors[1].path == NULL)
                ret = MEMORY_E;
        }
-	return SSL_SUCCESS;
+        if (monitor & CYASSL_CRL_START_MON) {
            CYASSL_MSG("start monitoring requested");
            ret = StartMonitorCRL(crl);
       } 
    }
    return ret;
 }
 #endif /* HAVE_CRL */
--- a/FreeRTOS-Plus/CyaSSL/src/include.am
+++ b/FreeRTOS-Plus/CyaSSL/src/include.am
@ -36,6 +36,10 @@ if BUILD_AESNI
 src_libcyassl_la_SOURCES += ctaocrypt/src/aes_asm.s
 endif
 if BUILD_MD2
 src_libcyassl_la_SOURCES += ctaocrypt/src/md2.c
 endif
 if BUILD_RIPEMD
 src_libcyassl_la_SOURCES += ctaocrypt/src/ripemd.c
 endif
@ -74,3 +78,8 @@ if BUILD_CRL
 src_libcyassl_la_SOURCES += src/crl.c
 endif
 if BUILD_CRL_MONITOR
 src_libcyassl_la_CFLAGS += $(PTHREAD_CFLAGS)
 src_libcyassl_la_LIBADD += $(PTHREAD_LIBS)
 endif
--- a/FreeRTOS-Plus/CyaSSL/src/internal.c
+++ b/FreeRTOS-Plus/CyaSSL/src/internal.c
--- a/FreeRTOS-Plus/CyaSSL/src/io.c
+++ b/FreeRTOS-Plus/CyaSSL/src/io.c
@ -200,6 +200,52 @@ int EmbedSend(char *buf, int sz, void *ctx)
 }
 #ifdef CYASSL_DTLS
 #include <cyassl/ctaocrypt/sha.h>
 /* The DTLS Generate Cookie callback
 *  return : number of bytes copied into buf, or error
 */
 int EmbedGenerateCookie(byte *buf, int sz, void *ctx)
 {
    CYASSL* ssl = (CYASSL*)ctx;
    int sd = ssl->wfd;
    struct sockaddr_storage peer;
    socklen_t peerSz = sizeof(peer);
    byte cookieSrc[sizeof(struct in6_addr) + sizeof(int)];
    int cookieSrcSz = 0;
    Sha sha;
    getpeername(sd, (struct sockaddr*)&peer, &peerSz);
    if (peer.ss_family == AF_INET) {
        struct sockaddr_in *s = (struct sockaddr_in*)&peer;
        cookieSrcSz = sizeof(struct in_addr) + sizeof(s->sin_port);
        XMEMCPY(cookieSrc, &s->sin_port, sizeof(s->sin_port));
        XMEMCPY(cookieSrc + sizeof(s->sin_port),
                                     &s->sin_addr, sizeof(struct in_addr));
    }
    else if (peer.ss_family == AF_INET6) {
        struct sockaddr_in6 *s = (struct sockaddr_in6*)&peer;
        cookieSrcSz = sizeof(struct in6_addr) + sizeof(s->sin6_port);
        XMEMCPY(cookieSrc, &s->sin6_port, sizeof(s->sin6_port));
        XMEMCPY(cookieSrc + sizeof(s->sin6_port),
                                    &s->sin6_addr, sizeof(struct in6_addr));
    }
    InitSha(&sha);
    ShaUpdate(&sha, cookieSrc, cookieSrcSz);
    ShaFinal(&sha, buf);
    return SHA_DIGEST_SIZE;
 }
 #endif /* CYASSL_DTLS */
 #endif /* CYASSL_USER_IO */
 CYASSL_API void CyaSSL_SetIORecv(CYASSL_CTX *ctx, CallbackIORecv CBIORecv)
--- a/FreeRTOS-Plus/CyaSSL/src/keys.c
+++ b/FreeRTOS-Plus/CyaSSL/src/keys.c
@ -311,6 +311,142 @@ int SetCipherSpecs(CYASSL* ssl)
        break;
 #endif
 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
    case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 :
        ssl->specs.bulk_cipher_algorithm = aes_gcm;
        ssl->specs.cipher_type           = aead;
        ssl->specs.mac_algorithm         = sha256_mac;
        ssl->specs.kea                   = ecc_diffie_hellman_kea;
        ssl->specs.sig_algo              = rsa_sa_algo;
        ssl->specs.hash_size             = SHA256_DIGEST_SIZE;
        ssl->specs.pad_size              = PAD_SHA;
        ssl->specs.static_ecdh           = 0;
        ssl->specs.key_size              = AES_128_KEY_SIZE;
        ssl->specs.block_size            = AES_BLOCK_SIZE;
        ssl->specs.iv_size               = AES_GCM_IMP_IV_SZ;
        break;
 #endif
 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
    case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 :
        ssl->specs.bulk_cipher_algorithm = aes_gcm;
        ssl->specs.cipher_type           = aead;
        ssl->specs.mac_algorithm         = sha384_mac;
        ssl->specs.kea                   = ecc_diffie_hellman_kea;
        ssl->specs.sig_algo              = rsa_sa_algo;
        ssl->specs.hash_size             = SHA384_DIGEST_SIZE;
        ssl->specs.pad_size              = PAD_SHA;
        ssl->specs.static_ecdh           = 0;
        ssl->specs.key_size              = AES_256_KEY_SIZE;
        ssl->specs.block_size            = AES_BLOCK_SIZE;
        ssl->specs.iv_size               = AES_GCM_IMP_IV_SZ;
        break;
 #endif
 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
    case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 :
        ssl->specs.bulk_cipher_algorithm = aes_gcm;
        ssl->specs.cipher_type           = aead;
        ssl->specs.mac_algorithm         = sha256_mac;
        ssl->specs.kea                   = ecc_diffie_hellman_kea;
        ssl->specs.sig_algo              = ecc_dsa_sa_algo;
        ssl->specs.hash_size             = SHA256_DIGEST_SIZE;
        ssl->specs.pad_size              = PAD_SHA;
        ssl->specs.static_ecdh           = 0;
        ssl->specs.key_size              = AES_128_KEY_SIZE;
        ssl->specs.block_size            = AES_BLOCK_SIZE;
        ssl->specs.iv_size               = AES_GCM_IMP_IV_SZ;
        break;
 #endif
 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
    case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 :
        ssl->specs.bulk_cipher_algorithm = aes_gcm;
        ssl->specs.cipher_type           = aead;
        ssl->specs.mac_algorithm         = sha384_mac;
        ssl->specs.kea                   = ecc_diffie_hellman_kea;
        ssl->specs.sig_algo              = ecc_dsa_sa_algo;
        ssl->specs.hash_size             = SHA384_DIGEST_SIZE;
        ssl->specs.pad_size              = PAD_SHA;
        ssl->specs.static_ecdh           = 0;
        ssl->specs.key_size              = AES_256_KEY_SIZE;
        ssl->specs.block_size            = AES_BLOCK_SIZE;
        ssl->specs.iv_size               = AES_GCM_IMP_IV_SZ;
        break;
 #endif
 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
    case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 :
        ssl->specs.bulk_cipher_algorithm = aes_gcm;
        ssl->specs.cipher_type           = aead;
        ssl->specs.mac_algorithm         = sha256_mac;
        ssl->specs.kea                   = ecc_diffie_hellman_kea;
        ssl->specs.sig_algo              = rsa_sa_algo;
        ssl->specs.hash_size             = SHA256_DIGEST_SIZE;
        ssl->specs.pad_size              = PAD_SHA;
        ssl->specs.static_ecdh           = 1;
        ssl->specs.key_size              = AES_128_KEY_SIZE;
        ssl->specs.block_size            = AES_BLOCK_SIZE;
        ssl->specs.iv_size               = AES_GCM_IMP_IV_SZ;
        break;
 #endif
 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
    case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 :
        ssl->specs.bulk_cipher_algorithm = aes_gcm;
        ssl->specs.cipher_type           = aead;
        ssl->specs.mac_algorithm         = sha384_mac;
        ssl->specs.kea                   = ecc_diffie_hellman_kea;
        ssl->specs.sig_algo              = rsa_sa_algo;
        ssl->specs.hash_size             = SHA384_DIGEST_SIZE;
        ssl->specs.pad_size              = PAD_SHA;
        ssl->specs.static_ecdh           = 1;
        ssl->specs.key_size              = AES_256_KEY_SIZE;
        ssl->specs.block_size            = AES_BLOCK_SIZE;
        ssl->specs.iv_size               = AES_GCM_IMP_IV_SZ;
        break;
 #endif
 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
    case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 :
        ssl->specs.bulk_cipher_algorithm = aes_gcm;
        ssl->specs.cipher_type           = aead;
        ssl->specs.mac_algorithm         = sha256_mac;
        ssl->specs.kea                   = ecc_diffie_hellman_kea;
        ssl->specs.sig_algo              = ecc_dsa_sa_algo;
        ssl->specs.hash_size             = SHA256_DIGEST_SIZE;
        ssl->specs.pad_size              = PAD_SHA;
        ssl->specs.static_ecdh           = 1;
        ssl->specs.key_size              = AES_128_KEY_SIZE;
        ssl->specs.block_size            = AES_BLOCK_SIZE;
        ssl->specs.iv_size               = AES_GCM_IMP_IV_SZ;
        break;
 #endif
 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
    case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 :
        ssl->specs.bulk_cipher_algorithm = aes_gcm;
        ssl->specs.cipher_type           = aead;
        ssl->specs.mac_algorithm         = sha384_mac;
        ssl->specs.kea                   = ecc_diffie_hellman_kea;
        ssl->specs.sig_algo              = ecc_dsa_sa_algo;
        ssl->specs.hash_size             = SHA384_DIGEST_SIZE;
        ssl->specs.pad_size              = PAD_SHA;
        ssl->specs.static_ecdh           = 1;
        ssl->specs.key_size              = AES_256_KEY_SIZE;
        ssl->specs.block_size            = AES_BLOCK_SIZE;
        ssl->specs.iv_size               = AES_GCM_IMP_IV_SZ;
        break;
 #endif
    default:
        CYASSL_MSG("Unsupported cipher suite, SetCipherSpecs ECC");
        return UNSUPPORTED_SUITE;
@ -646,6 +782,74 @@ int SetCipherSpecs(CYASSL* ssl)
        break;
 #endif
 #ifdef BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256
    case TLS_RSA_WITH_AES_128_GCM_SHA256 :
        ssl->specs.bulk_cipher_algorithm = aes_gcm;
        ssl->specs.cipher_type           = aead;
        ssl->specs.mac_algorithm         = sha256_mac;
        ssl->specs.kea                   = rsa_kea;
        ssl->specs.sig_algo              = rsa_sa_algo;
        ssl->specs.hash_size             = SHA256_DIGEST_SIZE;
        ssl->specs.pad_size              = PAD_SHA;
        ssl->specs.static_ecdh           = 0;
        ssl->specs.key_size              = AES_128_KEY_SIZE;
        ssl->specs.block_size            = AES_BLOCK_SIZE;
        ssl->specs.iv_size               = AES_GCM_IMP_IV_SZ;
        break;
 #endif
 #ifdef BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384
    case TLS_RSA_WITH_AES_256_GCM_SHA384 :
        ssl->specs.bulk_cipher_algorithm = aes_gcm;
        ssl->specs.cipher_type           = aead;
        ssl->specs.mac_algorithm         = sha384_mac;
        ssl->specs.kea                   = rsa_kea;
        ssl->specs.sig_algo              = rsa_sa_algo;
        ssl->specs.hash_size             = SHA384_DIGEST_SIZE;
        ssl->specs.pad_size              = PAD_SHA;
        ssl->specs.static_ecdh           = 0;
        ssl->specs.key_size              = AES_256_KEY_SIZE;
        ssl->specs.block_size            = AES_BLOCK_SIZE;
        ssl->specs.iv_size               = AES_GCM_IMP_IV_SZ;
        break;
 #endif
 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
    case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 :
        ssl->specs.bulk_cipher_algorithm = aes_gcm;
        ssl->specs.cipher_type           = aead;
        ssl->specs.mac_algorithm         = sha256_mac;
        ssl->specs.kea                   = diffie_hellman_kea;
        ssl->specs.sig_algo              = rsa_sa_algo;
        ssl->specs.hash_size             = SHA256_DIGEST_SIZE;
        ssl->specs.pad_size              = PAD_SHA;
        ssl->specs.static_ecdh           = 0;
        ssl->specs.key_size              = AES_128_KEY_SIZE;
        ssl->specs.block_size            = AES_BLOCK_SIZE;
        ssl->specs.iv_size               = AES_GCM_IMP_IV_SZ;
        break;
 #endif
 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
    case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 :
        ssl->specs.bulk_cipher_algorithm = aes_gcm;
        ssl->specs.cipher_type           = aead;
        ssl->specs.mac_algorithm         = sha384_mac;
        ssl->specs.kea                   = diffie_hellman_kea;
        ssl->specs.sig_algo              = rsa_sa_algo;
        ssl->specs.hash_size             = SHA384_DIGEST_SIZE;
        ssl->specs.pad_size              = PAD_SHA;
        ssl->specs.static_ecdh           = 0;
        ssl->specs.key_size              = AES_256_KEY_SIZE;
        ssl->specs.block_size            = AES_BLOCK_SIZE;
        ssl->specs.iv_size               = AES_GCM_IMP_IV_SZ;
        break;
 #endif
    default:
        CYASSL_MSG("Unsupported cipher suite, SetCipherSpecs");
        return UNSUPPORTED_SUITE;
@ -802,6 +1006,23 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
    }
 #endif
 #ifdef BUILD_AESGCM
    if (specs->bulk_cipher_algorithm == aes_gcm) {
        if (side == CLIENT_END) {
            AesGcmSetKey(&enc->aes, keys->client_write_key, specs->key_size,
                        keys->client_write_IV);
            AesGcmSetKey(&dec->aes, keys->server_write_key, specs->key_size,
                        keys->server_write_IV);
        }
        else {
            AesGcmSetKey(&enc->aes, keys->server_write_key, specs->key_size,
                        keys->server_write_IV);
            AesGcmSetKey(&dec->aes, keys->client_write_key, specs->key_size,
                        keys->client_write_IV);
        }
    }
 #endif
    keys->sequence_number      = 0;
    keys->peer_sequence_number = 0;
    keys->encryptionOn         = 0;
@ -813,12 +1034,24 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
 /* TLS can call too */
 int StoreKeys(CYASSL* ssl, const byte* keyData)
 {
-    int sz = ssl->specs.hash_size, i;
+    int sz, i = 0;
-    XMEMCPY(ssl->keys.client_write_MAC_secret, keyData, sz);
+    if (ssl->specs.cipher_type != aead) {
-    i = sz;
+        sz = ssl->specs.hash_size;
        XMEMCPY(ssl->keys.client_write_MAC_secret,&keyData[i], sz);
        i += sz;
        XMEMCPY(ssl->keys.server_write_MAC_secret,&keyData[i], sz);
        i += sz;
    }
 #ifdef BUILD_AESGCM
    else if (ssl->specs.bulk_cipher_algorithm == aes_gcm) {
        byte iv[AES_GCM_EXP_IV_SZ];
        /* Initialize the AES-GCM explicit IV to a random number. */
        RNG_GenerateBlock(&ssl->rng, iv, sizeof(iv));
        AesGcmSetExpIV(&ssl->encrypt.aes, iv);
    }
 #endif
    sz = ssl->specs.key_size;
    XMEMCPY(ssl->keys.client_write_key, &keyData[i], sz);
--- a/FreeRTOS-Plus/CyaSSL/src/ocsp.c
+++ b/FreeRTOS-Plus/CyaSSL/src/ocsp.c
@ -23,6 +23,8 @@
    #include <config.h>
 #endif
 #ifdef HAVE_OCSP
 #include <cyassl/error.h>
 #include <cyassl/ocsp.h>
 #include <cyassl/internal.h>
@ -40,7 +42,6 @@
 #include <sys/socket.h>
 #ifdef HAVE_OCSP
 CYASSL_API int ocsp_test(unsigned char* buf, int sz);
 #define CYASSL_OCSP_ENABLE       0x0001 /* Enable OCSP lookups */
 #define CYASSL_OCSP_URL_OVERRIDE 0x0002 /* Use the override URL instead of URL
@ -51,29 +52,6 @@ typedef struct sockaddr_in  SOCKADDR_IN_T;
 #define SOCKET_T unsigned int
 int ocsp_test(unsigned char* buf, int sz)
 {
    CYASSL_OCSP ocsp;
    OcspResponse resp;
    int result;
    CyaSSL_OCSP_Init(&ocsp);
    InitOcspResponse(&resp, buf, sz, NULL);
    ocsp.enabled = 1;
    ocsp.useOverrideUrl = 1;
    CyaSSL_OCSP_set_override_url(&ocsp, "http://ocsp.example.com:8080/bob");
    CyaSSL_OCSP_Lookup_Cert(&ocsp, NULL);
    result = OcspResponseDecode(&resp);
    FreeOcspResponse(&resp);
    CyaSSL_OCSP_Cleanup(&ocsp);
    return result;
 }
 int CyaSSL_OCSP_Init(CYASSL_OCSP* ocsp)
 {
    if (ocsp != NULL) {
@ -85,16 +63,48 @@ int CyaSSL_OCSP_Init(CYASSL_OCSP* ocsp)
 }
-void CyaSSL_OCSP_Cleanup(CYASSL_OCSP* ocsp)
+static void FreeOCSP_Entry(OCSP_Entry* ocspe)
 {
-    ocsp->enabled = 0;
+    CertStatus* tmp = ocspe->status;
    CYASSL_ENTER("FreeOCSP_Entry");
    while (tmp) {
        CertStatus* next = tmp->next;
        XFREE(tmp, NULL, DYNAMIC_TYPE_OCSP_STATUS);
        tmp = next;
    }
 }
-int CyaSSL_OCSP_set_override_url(CYASSL_OCSP* ocsp, const char* url)
+void CyaSSL_OCSP_Cleanup(CYASSL_OCSP* ocsp)
 {
-    if (ocsp != NULL && url != NULL) {
+    OCSP_Entry* tmp = ocsp->ocspList;
-        int i, cur, hostname;
+
    ocsp->enabled = 0;
    while (tmp) {
        OCSP_Entry* next = tmp->next;
        FreeOCSP_Entry(tmp);
        XFREE(tmp, NULL, DYNAMIC_TYPE_OCSP_ENTRY);
        tmp = next;
    }
 }
 static int decode_url(const char* url, int urlSz,
    char* outName, char* outPath, int* outPort)
 {
    if (outName != NULL && outPath != NULL && outPort != NULL)
    {
        if (url == NULL || urlSz == 0)
        {
            *outName = 0;
            *outPath = 0;
            *outPort = 0;
        }
        else
        {
            int i, cur;
            /* need to break the url down into scheme, address, and port */
            /* "http://example.com:8080/" */
@ -104,43 +114,54 @@ int CyaSSL_OCSP_set_override_url(CYASSL_OCSP* ocsp, const char* url)
            i = 0;
            while (url[cur] != 0 && url[cur] != ':' && url[cur] != '/') {
-            ocsp->overrideName[i++] = url[cur++];
+                outName[i++] = url[cur++];
            }
-        ocsp->overrideName[i] = 0;
+            outName[i] = 0;
            /* Need to pick out the path after the domain name */
-        if (url[cur] == ':') {
+            if (cur < urlSz && url[cur] == ':') {
                char port[6];
                int j;
                i = 0;
                cur++;
-            while (url[cur] != 0 && url[cur] != '/' && i < 6) {
+                while (cur < urlSz && url[cur] != 0 && url[cur] != '/' &&
                        i < 6) {
                    port[i++] = url[cur++];
                }
-            ocsp->overridePort = 0;
+                *outPort = 0;
                for (j = 0; j < i; j++) {
                    if (port[j] < '0' || port[j] > '9') return -1;
-                ocsp->overridePort = 
+                    *outPort = (*outPort * 10) + (port[j] - '0');
                            (ocsp->overridePort * 10) + (port[j] - '0');
                }
            }
            else
-            ocsp->overridePort = 80;
+                *outPort = 80;
-        if (url[cur] == '/') {
+            if (cur < urlSz && url[cur] == '/') {
                i = 0;
-            while (url[cur] != 0 && i < 80) {
+                while (cur < urlSz && url[cur] != 0 && i < 80) {
-                ocsp->overridePath[i++] = url[cur++];
+                    outPath[i++] = url[cur++];
                }
-            ocsp->overridePath[i] = 0;
+                outPath[i] = 0;
            }
            else {
-            ocsp->overridePath[0] = '/';
+                outPath[0] = '/';
-            ocsp->overridePath[1] = 0;
+                outPath[1] = 0;
            }
        }
    }
    return 0;
 }
 int CyaSSL_OCSP_set_override_url(CYASSL_OCSP* ocsp, const char* url)
 {
    if (ocsp != NULL) {
        int urlSz = strlen(url);
        decode_url(url, urlSz,
            ocsp->overrideName, ocsp->overridePath, &ocsp->overridePort);
        return 1;
    }
@ -164,9 +185,10 @@ static INLINE void tcp_socket(SOCKET_T* sockfd, SOCKADDR_IN_T* addr,
                   entry->h_length);
            host = inet_ntoa(tmp.sin_addr);
        }
-        else
+        else {
            CYASSL_MSG("no entry for host");
        }
    }
    *sockfd = socket(AF_INET_V, SOCK_STREAM, 0);
    memset(addr, 0, sizeof(SOCKADDR_IN_T));
@ -185,13 +207,14 @@ static INLINE void tcp_connect(SOCKET_T* sockfd, const char* ip, word16 port)
    SOCKADDR_IN_T addr;
    tcp_socket(sockfd, &addr, ip, port);
-    if (connect(*sockfd, (const struct sockaddr*)&addr, sizeof(addr)) != 0)
+    if (connect(*sockfd, (const struct sockaddr*)&addr, sizeof(addr)) != 0) {
        CYASSL_MSG("tcp connect failed");
    }
 }
-static int build_http_request(CYASSL_OCSP* ocsp, int ocspReqSz,
+static int build_http_request(const char* domainName, const char* path,
-                                                        byte* buf, int bufSize)
+                                    int ocspReqSz, byte* buf, int bufSize)
 {
    return snprintf((char*)buf, bufSize,
        "POST %s HTTP/1.1\r\n"
@ -199,47 +222,27 @@ static int build_http_request(CYASSL_OCSP* ocsp, int ocspReqSz,
        "Content-Length: %d\r\n"
        "Content-Type: application/ocsp-request\r\n"
        "\r\n", 
-        ocsp->overridePath, ocsp->overrideName, ocspReqSz);
+        path, domainName, ocspReqSz);
 }
 #if 0
 static const char foo[] = \
        "\x30\x81\xB7\x30\x81\xB4\x30\x81\x8C\x30\x44\x30\x42\x30\x09\x06\x05\x2B\x0E\x03" \
        "\x02\x1A\x05\x00\x04\x14\x49\x2D\x52\x83\x4B\x40\x37\xF5\xA9\x9E\x26\xA2\x3E\x48" \
        "\x2F\x2E\x37\x34\xC9\x54\x04\x14\x21\xA2\x25\xEE\x57\x38\x34\x5A\x24\x9D\xF3\x7C" \
        "\x18\x60\x59\x7A\x04\x3D\xF5\x69\x02\x09\x00\x89\x5A\xA2\xBD\xFE\x26\x8B\xEE\x30" \
        "\x44\x30\x42\x30\x09\x06\x05\x2B\x0E\x03\x02\x1A\x05\x00\x04\x14\x49\x2D\x52\x83" \
        "\x4B\x40\x37\xF5\xA9\x9E\x26\xA2\x3E\x48\x2F\x2E\x37\x34\xC9\x54\x04\x14\x21\xA2" \
        "\x25\xEE\x57\x38\x34\x5A\x24\x9D\xF3\x7C\x18\x60\x59\x7A\x04\x3D\xF5\x69\x02\x09" \
        "\x00\x89\x5A\xA2\xBD\xFE\x26\x8B\xEF\xA2\x23\x30\x21\x30\x1F\x06\x09\x2B\x06\x01" \
        "\x05\x05\x07\x30\x01\x02\x04\x12\x04\x10\x20\x56\x47\x19\x65\x33\xB6\xB5\xAD\x39" \
        "\x1F\x21\x65\xE0\x44\x1E";
-
+static int decode_http_response(byte* httpBuf, int httpBufSz, byte** dst)
 static int build_ocsp_request(CYASSL_OCSP* ocsp, byte* buf, int bufSz)
 {
    memcpy(buf, foo, sizeof(foo));
    return sizeof(foo) - 1;
 }
 #endif
 static byte* decode_http_response(byte* httpBuf, int httpBufSz, int* ocspRespSz)
 {
    int idx = 0;
    int stop = 0;
    int len = 0;
    byte* contentType = NULL;
    byte* contentLength = NULL;
    byte* content = NULL;
    char* buf = (char*)httpBuf; /* kludge so I'm not constantly casting */
    if (strncasecmp(buf, "HTTP/1", 6) != 0)
-        return NULL;
+        return 0;
    idx = 9; /* sets to the first byte after "HTTP/1.X ", which should be the
              * HTTP result code */
     if (strncasecmp(&buf[idx], "200 OK", 6) != 0)
-        return NULL;
+        return 0;
    idx += 8;
@ -254,18 +257,16 @@ static byte* decode_http_response(byte* httpBuf, int httpBufSz, int* ocspRespSz)
                idx += 13;
                if (buf[idx] == ' ') idx++;
                if (strncasecmp(&buf[idx], "application/ocsp-response", 25) != 0)
-                    return NULL;
+                    return 0;
                idx += 27;
            } else if (contentLength == NULL &&
                strncasecmp(&buf[idx], "Content-Length:", 15) == 0) {
                int len = 0;
                idx += 15;
                if (buf[idx] == ' ') idx++;
-                while (buf[idx] > '0' && buf[idx] < '9' && idx < httpBufSz) {
+                while (buf[idx] >= '0' && buf[idx] <= '9' && idx < httpBufSz) {
                    len = (len * 10) + (buf[idx] - '0');
                    idx++;
                }
                *ocspRespSz = len;
                idx += 2; /* skip the crlf */
            } else {
                /* Advance idx past the next \r\n */
@ -275,78 +276,251 @@ static byte* decode_http_response(byte* httpBuf, int httpBufSz, int* ocspRespSz)
            }
        }
    }
-    return &httpBuf[idx];
+    
    if (len > 0) {
        *dst = (byte*)XMALLOC(len, NULL, DYNAMIC_TYPE_IN_BUFFER);
        XMEMCPY(*dst, httpBuf + idx, len);
    }
    return len;
 }
 static int InitOCSP_Entry(OCSP_Entry* ocspe, DecodedCert* cert)
 {
    CYASSL_ENTER("InitOCSP_Entry");
    ocspe->next = NULL;
    XMEMCPY(ocspe->issuerHash, cert->issuerHash, SHA_DIGEST_SIZE);
    XMEMCPY(ocspe->issuerKeyHash, cert->issuerKeyHash, SHA_DIGEST_SIZE);
    ocspe->status = NULL;
    ocspe->totalStatus = 0;
    return 0;
 }
 static OCSP_Entry* find_ocsp_entry(CYASSL_OCSP* ocsp, DecodedCert* cert)
 {
    OCSP_Entry* entry = ocsp->ocspList;
    while (entry)
    {
        if (XMEMCMP(entry->issuerHash, cert->issuerHash, SHA_DIGEST_SIZE) == 0
            && XMEMCMP(entry->issuerKeyHash, cert->issuerKeyHash,
                                                        SHA_DIGEST_SIZE) == 0)
        {
            CYASSL_MSG("Found OCSP responder");
            break;
        }
        else
        {
            entry = entry->next;
        }
    }
    if (entry == NULL)
    {
        CYASSL_MSG("Add a new OCSP entry");
        entry = (OCSP_Entry*)XMALLOC(sizeof(OCSP_Entry),
                                                NULL, DYNAMIC_TYPE_OCSP_ENTRY);
        if (entry != NULL)
        {
            InitOCSP_Entry(entry, cert);
            entry->next = ocsp->ocspList;
            ocsp->ocspList = entry;
        }
    }
    return entry;
 }
 static CertStatus* find_cert_status(OCSP_Entry* ocspe, DecodedCert* cert)
 {
    CertStatus* stat = ocspe->status;
    while (stat)
    {
        if(stat->serialSz == cert->serialSz &&
            (XMEMCMP(stat->serial, cert->serial, cert->serialSz) == 0))
        {
            break;
        }
        else
        {
            stat = stat->next;
        }
    }
    if (stat == NULL)
    {
        stat = (CertStatus*)XMALLOC(sizeof(CertStatus),
                                            NULL, DYNAMIC_TYPE_OCSP_STATUS);
        if (stat != NULL)
        {
            XMEMCPY(stat->serial, cert->serial, cert->serialSz);
            stat->serialSz = cert->serialSz;
            stat->status = -1;
            stat->nextDate[0] = 0;
            ocspe->totalStatus++;
            stat->next = ocspe->status;
            ocspe->status = stat;
        }
    }
    return stat;
 }
 #define SCRATCH_BUFFER_SIZE 2048
-int CyaSSL_OCSP_Lookup_Cert(CYASSL_OCSP* ocsp, DecodedCert* cert)
+static int http_ocsp_transaction(CYASSL_OCSP* ocsp, DecodedCert* cert,
                        byte* ocspReqBuf, int ocspReqSz, byte** ocspRespBuf)
 {
    SOCKET_T sfd = -1;
-    byte buf[SCRATCH_BUFFER_SIZE];
+    byte httpBuf[SCRATCH_BUFFER_SIZE];
-    byte* httpBuf = &buf[0];
+    int httpBufSz = SCRATCH_BUFFER_SIZE;
-    int httpBufSz = SCRATCH_BUFFER_SIZE/4;
+    char domainName[80], path[80];
-    byte* ocspReqBuf = &buf[httpBufSz];
+    int port, ocspRespSz;
    int ocspReqSz = SCRATCH_BUFFER_SIZE - httpBufSz;
    OcspResponse ocspResponse;
    int result = CERT_UNKNOWN;
-    /* If OCSP lookups are disabled, return success. */
+    if (ocsp->useOverrideUrl || cert->extAuthInfo == NULL) {
-    if (!ocsp->enabled) {
+        if (ocsp->overrideName != NULL) {
-        CYASSL_MSG("OCSP lookup disabled, assuming CERT_GOOD");
+            XMEMCPY(domainName, ocsp->overrideName, 80);
-        return CERT_GOOD;
+            XMEMCPY(path, ocsp->overridePath, 80);
            port = ocsp->overridePort;
        } else
            return OCSP_NEED_URL;
    } else {
        if (!decode_url((const char*)cert->extAuthInfo, cert->extAuthInfoSz,
                                                    domainName, path, &port))
            return OCSP_NEED_URL;
    }
-    /* If OCSP lookups are enabled, but URL Override is disabled, return 
+    httpBufSz = build_http_request(domainName, path, ocspReqSz,
-    ** a failure. Need to have an override URL for right now. */
+                                                        httpBuf, httpBufSz);
    if (!ocsp->useOverrideUrl || cert == NULL) {
        CYASSL_MSG("OCSP lookup enabled, but URL Override disabled");
        return CERT_UNKNOWN;
    }
-    XMEMCPY(ocsp->status[0].issuerHash, cert->issuerHash, SHA_SIZE);
+    tcp_connect(&sfd, domainName, port);
    XMEMCPY(ocsp->status[0].issuerKeyHash, cert->issuerKeyHash, SHA_SIZE);
    XMEMCPY(ocsp->status[0].serial, cert->serial, cert->serialSz);
    ocsp->status[0].serialSz = cert->serialSz;
    ocsp->statusLen = 1;
    /*ocspReqSz = build_ocsp_request(ocsp, ocspReqBuf, ocspReqSz);*/
    ocspReqSz = EncodeOcspRequest(cert, ocspReqBuf, ocspReqSz);
    httpBufSz = build_http_request(ocsp, ocspReqSz, httpBuf, httpBufSz);
    tcp_connect(&sfd, ocsp->overrideName, ocsp->overridePort);
    if (sfd > 0) {
        int written;
        written = write(sfd, httpBuf, httpBufSz);
        if (written == httpBufSz) {
            written = write(sfd, ocspReqBuf, ocspReqSz);
            if (written == ocspReqSz) {
-                httpBufSz = read(sfd, buf, SCRATCH_BUFFER_SIZE);
+                httpBufSz = read(sfd, httpBuf, SCRATCH_BUFFER_SIZE);
                if (httpBufSz > 0) {
-                    ocspReqBuf = decode_http_response(buf, httpBufSz,
+                    ocspRespSz = decode_http_response(httpBuf, httpBufSz,
-                        &ocspReqSz);
+                        ocspRespBuf);
                }
            }
        }
        close(sfd);
-        if (ocspReqBuf == NULL) {
+        if (ocspRespSz == 0) {
            CYASSL_MSG("HTTP response was not OK, no OCSP response");
-            return CERT_UNKNOWN;
+            return OCSP_LOOKUP_FAIL;
        }
    } else {
        CYASSL_MSG("OCSP Responder connection failed");
-        return CERT_UNKNOWN;
+        return OCSP_LOOKUP_FAIL;
    }
-    InitOcspResponse(&ocspResponse, ocspReqBuf, ocspReqSz, NULL);
+    return ocspRespSz;
 }
 static int xstat2err(int stat)
 {
    switch (stat) {
        case CERT_GOOD:
            return 0;
            break;
        case CERT_REVOKED:
            return OCSP_CERT_REVOKED;
            break;
        default:
            return OCSP_CERT_UNKNOWN;
            break;
    }
 }
 int CyaSSL_OCSP_Lookup_Cert(CYASSL_OCSP* ocsp, DecodedCert* cert)
 {
    byte ocspReqBuf[SCRATCH_BUFFER_SIZE];
    int ocspReqSz = SCRATCH_BUFFER_SIZE;
    byte* ocspRespBuf = NULL;
    int ocspRespSz;
    OcspRequest ocspRequest;
    OcspResponse ocspResponse;
    int result = 0;
    OCSP_Entry* ocspe;
    CertStatus* certStatus;
    /* If OCSP lookups are disabled, return success. */
    if (!ocsp->enabled) {
        CYASSL_MSG("OCSP lookup disabled, assuming CERT_GOOD");
        return 0;
    }
    ocspe = find_ocsp_entry(ocsp, cert);
    if (ocspe == NULL) {
        CYASSL_MSG("alloc OCSP entry failed");
        return MEMORY_ERROR;
    }
    certStatus = find_cert_status(ocspe, cert);
    if (certStatus == NULL)
    {
        CYASSL_MSG("alloc OCSP cert status failed");
        return MEMORY_ERROR;
    }
    if (certStatus->status != -1)
    {
        if (!ValidateDate(certStatus->thisDate,
                                        certStatus->thisDateFormat, BEFORE) ||
            (certStatus->nextDate[0] == 0) ||
            !ValidateDate(certStatus->nextDate,
                                        certStatus->nextDateFormat, AFTER))
        {
            CYASSL_MSG("\tinvalid status date, looking up cert");
            certStatus->status = -1;
        }
        else
        {
            CYASSL_MSG("\tusing cached status");
            result = xstat2err(certStatus->status);
            return result;
        }
    }
    InitOcspRequest(&ocspRequest, cert, ocspReqBuf, ocspReqSz);
    ocspReqSz = EncodeOcspRequest(&ocspRequest);
    result = http_ocsp_transaction(ocsp, cert,
                                        ocspReqBuf, ocspReqSz, &ocspRespBuf);
    if (result < 0) return result;
        /* If the transaction failed, return that result. */
    InitOcspResponse(&ocspResponse, certStatus, ocspRespBuf, ocspRespSz);
    OcspResponseDecode(&ocspResponse);
    if (ocspResponse.responseStatus != OCSP_SUCCESSFUL) {
        CYASSL_MSG("OCSP Responder failure");
        result = OCSP_LOOKUP_FAIL;
    } else {
-        result = ocspResponse.certStatus[0];
+        if (CompareOcspReqResp(&ocspRequest, &ocspResponse) == 0)
        {
            result = xstat2err(ocspResponse.status->status);
        }
        else
        {
            CYASSL_MSG("OCSP Response incorrect for Request");
            result = OCSP_LOOKUP_FAIL;
        }
    }
    if (ocspReqBuf != NULL) {
        XFREE(ocspRespBuf, NULL, DYNAMIC_TYPE_IN_BUFFER);
    }
    FreeOcspResponse(&ocspResponse);
    return result;
 }
--- a/FreeRTOS-Plus/CyaSSL/src/sniffer.c
+++ b/FreeRTOS-Plus/CyaSSL/src/sniffer.c
@ -45,6 +45,17 @@
 #include <cyassl/sniffer.h>
 #include <cyassl/sniffer_error.h>
 #ifndef min
 static INLINE word32 min(word32 a, word32 b)
 {
    return a > b ? b : a;
 }
 #endif
 /* Misc constants */
 enum {
    MAX_SERVER_ADDRESS = 128, /* maximum server address length */
@ -61,6 +72,9 @@ enum {
    PSEUDO_HDR_SZ      = 12,  /* TCP Pseudo Header size in bytes */
    FATAL_ERROR_STATE  =  1,  /* SnifferSession fatal error state */
    SNIFFER_TIMEOUT    = 900, /* Cache unclosed Sessions for 15 minutes */
    TICKET_HINT_LEN    = 4,   /* Session Ticket Hint length */
    EXT_TYPE_SZ        = 2,   /* Extension length */
    TICKET_EXT_ID      = 0x23 /* Session Ticket Extension ID */
 };
@ -196,6 +210,14 @@ static const char* const msgTable[] =
    /* 61 */
    "Missed the Client Hello Entirely",
    "Got Hello Request msg",
    "Got Session Ticket msg",
    "Bad Input",
    "Bad Decrypt Type",
    /* 66 */
    "Bad Finished Message Processing",
    "Bad Compression Type"
 };
@ -280,6 +302,7 @@ typedef struct SnifferSession {
    PacketBuffer*  cliReassemblyList; /* client out of order packets */
    PacketBuffer*  srvReassemblyList; /* server out of order packets */
    struct SnifferSession* next;      /* for hash table list */
    byte*          ticketID;          /* mac ID of session ticket */
 } SnifferSession;
@ -347,6 +370,8 @@ static void FreeSnifferSession(SnifferSession* session)
        FreePacketList(session->cliReassemblyList);
        FreePacketList(session->srvReassemblyList);
        free(session->ticketID);
    }
    free(session);
 }
@ -442,6 +467,7 @@ static void InitSession(SnifferSession* session)
    session->cliReassemblyList = 0;
    session->srvReassemblyList = 0;
    session->next           = 0;
    session->ticketID       = 0;
    InitFlags(&session->flags);
    InitFinCapture(&session->finCaputre);
@ -1067,6 +1093,39 @@ static int ProcessClientKeyExchange(const byte* input, int* sslBytes,
 }
 /* Process Session Ticket */
 static int ProcessSessionTicket(const byte* input, int* sslBytes,
                                SnifferSession* session, char* error)
 {
    word16 len;
    /* make sure can read through hint and len */
    if (TICKET_HINT_LEN + LENGTH_SZ > *sslBytes) {
        SetError(BAD_INPUT_STR, error, session, FATAL_ERROR_STATE);
        return -1;
    }
    input     += TICKET_HINT_LEN;  /* skip over hint */
    *sslBytes -= TICKET_HINT_LEN;
    len = (input[0] << 8) | input[1];
    input     += LENGTH_SZ;
    *sslBytes -= LENGTH_SZ;
    /* make sure can read through ticket */
    if (len > *sslBytes || len < ID_LEN) {
        SetError(BAD_INPUT_STR, error, session, FATAL_ERROR_STATE);
        return -1;
    }
    /* store session with macID as sessionID */
    session->sslServer->options.haveSessionId = 1;
    XMEMCPY(session->sslServer->arrays.sessionID, input + len - ID_LEN, ID_LEN);
    return 0;
 }
 /* Process Server Hello */
 static int ProcessServerHello(const byte* input, int* sslBytes,
                              SnifferSession* session, char* error)
@ -1074,6 +1133,7 @@ static int ProcessServerHello(const byte* input, int* sslBytes,
    ProtocolVersion pv;
    byte            b;
    int             toRead = sizeof(ProtocolVersion) + RAN_LEN + ENUM_LEN;
    int             doResume     = 0;
    /* make sure we didn't miss ClientHello */
    if (session->flags.clientHello == 0) {
@ -1107,19 +1167,44 @@ static int ProcessServerHello(const byte* input, int* sslBytes,
        SetError(SERVER_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
        return -1;
    }
    if (b) {
        XMEMCPY(session->sslServer->arrays.sessionID, input, ID_LEN);
        session->sslServer->options.haveSessionId = 1;
    }
    input     += b;
    *sslBytes -= b;
    /* cipher suite */ 
    (void)*input++;  /* eat first byte, always 0 */
    b = *input++;
    session->sslServer->options.cipherSuite = b;
    session->sslClient->options.cipherSuite = b;
    *sslBytes -= SUITE_LEN;
-    if (XMEMCMP(session->sslServer->arrays.sessionID,
+    /* compression */
-               session->sslClient->arrays.sessionID, ID_LEN) == 0) {
+    b = *input++;
-        /* resuming */
+    *sslBytes -= ENUM_LEN;
    if (b) {
        SetError(BAD_COMPRESSION_STR, error, session, FATAL_ERROR_STATE);
        return -1;
    }
    if (session->sslServer->options.haveSessionId &&
            XMEMCMP(session->sslServer->arrays.sessionID,
                    session->sslClient->arrays.sessionID, ID_LEN) == 0)
        doResume = 1;
    else if (session->sslClient->options.haveSessionId == 0 &&
             session->sslServer->options.haveSessionId == 0 &&
             session->ticketID)
        doResume = 1;
    if (session->ticketID && doResume) {
        /* use ticketID to retrieve from session */
        XMEMCPY(session->sslServer->arrays.sessionID, session->ticketID,ID_LEN);
    }
    if (doResume ) {
        SSL_SESSION* resume = GetSession(session->sslServer,
                                       session->sslServer->arrays.masterSecret);
        if (resume == NULL) {
@ -1170,7 +1255,8 @@ static int ProcessServerHello(const byte* input, int* sslBytes,
 static int ProcessClientHello(const byte* input, int* sslBytes, 
                              SnifferSession* session, char* error)
 {
-    byte sessionLen;
+    byte   bLen;
    word16 len;
    int    toRead = sizeof(ProtocolVersion) + RAN_LEN + ENUM_LEN;
    session->flags.clientHello = 1;  /* don't process again */
@ -1192,14 +1278,16 @@ static int ProcessClientHello(const byte* input, int* sslBytes,
    *sslBytes -= RAN_LEN;
    /* store session in case trying to resume */
-    sessionLen = *input++;
+    bLen = *input++;
-    if (sessionLen) {
+    *sslBytes -= ENUM_LEN;
    if (bLen) {
        if (ID_LEN > *sslBytes) {
            SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
            return -1;
        }
        Trace(CLIENT_RESUME_TRY_STR);
        XMEMCPY(session->sslClient->arrays.sessionID, input, ID_LEN);
        session->sslClient->options.haveSessionId = 1;
    }
 #ifdef SHOW_SECRETS
    {
@ -1211,7 +1299,138 @@ static int ProcessClientHello(const byte* input, int* sslBytes,
    }
 #endif
    input     += bLen;
    *sslBytes -= bLen;
    /* skip cipher suites */
    /* make sure can read len */
    if (SUITE_LEN > *sslBytes) {
        SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
        return -1;
    }
    len = (input[0] << 8) | input[1];
    input     += SUITE_LEN;
    *sslBytes -= SUITE_LEN;
    /* make sure can read suites + comp len */
    if (len + ENUM_LEN > *sslBytes) {
        SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
        return -1;
    }
    input     += len;
    *sslBytes -= len;
    /* skip compression */
    bLen       = *input++;
    *sslBytes -= ENUM_LEN;
    /* make sure can read len */
    if (bLen > *sslBytes) {
        SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
        return -1;
    }
    input     += bLen;
    *sslBytes -= bLen;
    if (*sslBytes == 0) {
        /* no extensions */
        return 0;
    }
    /* skip extensions until session ticket */
    /* make sure can read len */
    if (SUITE_LEN > *sslBytes) {
        SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
        return -1;
    }
    len = (input[0] << 8) | input[1];
    input     += SUITE_LEN;
    *sslBytes -= SUITE_LEN;
    /* make sure can read through all extensions */
    if (len > *sslBytes) {
        SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
        return -1;
    }
    while (len > EXT_TYPE_SZ + LENGTH_SZ) {
        byte   extType[EXT_TYPE_SZ];
        word16 extLen;
        extType[0] = input[0];
        extType[1] = input[1];
        input     += EXT_TYPE_SZ;
        *sslBytes -= EXT_TYPE_SZ;
        extLen = (input[0] << 8) | input[1];
        input     += LENGTH_SZ;
        *sslBytes -= LENGTH_SZ;
        /* make sure can read through individual extension */
        if (extLen > *sslBytes) {
            SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE);
            return -1;
        }
        if (extType[0] == 0x00 && extType[1] == TICKET_EXT_ID) {
            /* make sure can read through ticket if there is a non blank one */
            if (extLen && extLen < ID_LEN) {
                SetError(CLIENT_HELLO_INPUT_STR, error, session,
                         FATAL_ERROR_STATE);
                return -1;
            }
            if (extLen) {
                if (session->ticketID == 0) {
                    session->ticketID = (byte*)malloc(ID_LEN);
                    if (session->ticketID == 0) {
                        SetError(MEMORY_STR, error, session,
                                 FATAL_ERROR_STATE);
                        return -1;
                    }
                }
                XMEMCPY(session->ticketID, input + extLen - ID_LEN, ID_LEN);
            }
        }
        input     += extLen;
        *sslBytes -= extLen;
        len       -= extLen + EXT_TYPE_SZ + LENGTH_SZ;
    }
    return 0;
 }
 /* Process Finished */
 static int ProcessFinished(const byte* input, int* sslBytes, 
                           SnifferSession* session, char* error)
 {
    SSL*   ssl;
    word32 inOutIdx = 0;
    int    ret;
    if (session->flags.side == SERVER_END)
        ssl = session->sslServer;
    else
        ssl = session->sslClient;
    ret = DoFinished(ssl, input, &inOutIdx, SNIFF);
    *sslBytes -= (int)inOutIdx;
    if (ret < 0) {
        SetError(BAD_FINISHED_MSG, error, session, FATAL_ERROR_STATE);
        return ret;
    }
    if (ret == 0 && session->flags.cached == 0) {
        if (session->sslServer->options.haveSessionId) {
            CYASSL_SESSION* sess = GetSession(session->sslServer, NULL);
            if (sess == NULL)
                AddSession(session->sslServer);  /* don't re add */
            session->flags.cached = 1;
         }
    }
    return ret;
 }
@ -1242,6 +1461,13 @@ static int DoHandShake(const byte* input, int* sslBytes,
        case hello_verify_request:
            Trace(GOT_HELLO_VERIFY_STR);
            break;
        case hello_request:
            Trace(GOT_HELLO_REQUEST_STR);
            break;
        case session_ticket:
            Trace(GOT_SESSION_TICKET_STR);
            ret = ProcessSessionTicket(input, sslBytes, session, error);
            break;
        case server_hello:
            Trace(GOT_SERVER_HELLO_STR);
            ret = ProcessServerHello(input, sslBytes, session, error);
@ -1251,6 +1477,9 @@ static int DoHandShake(const byte* input, int* sslBytes,
            break;
        case server_key_exchange:
            Trace(GOT_SERVER_KEY_EX_STR);
            /* can't know temp key passively */
            SetError(BAD_CIPHER_SPEC_STR, error, session, FATAL_ERROR_STATE);
            ret = -1;
            break;
        case certificate:
            Trace(GOT_CERT_STR);
@ -1260,21 +1489,7 @@ static int DoHandShake(const byte* input, int* sslBytes,
            break;
        case finished:
            Trace(GOT_FINISHED_STR);
-            {
+            ret = ProcessFinished(input, sslBytes, session, error);
                SSL*   ssl;
                word32 inOutIdx = 0;
                if (session->flags.side == SERVER_END)
                    ssl = session->sslServer;
                else
                    ssl = session->sslClient;
                ret = DoFinished(ssl, input, &inOutIdx, SNIFF);
                if (ret == 0 && session->flags.cached == 0) {
                    AddSession(session->sslServer);
                    session->flags.cached = 1;
                }
            }
            break;
        case client_hello:
            Trace(GOT_CLIENT_HELLO_STR);
@ -1329,6 +1544,10 @@ static void Decrypt(SSL* ssl, byte* output, const byte* input, word32 sz)
            RabbitProcess(&ssl->decrypt.rabbit, output, input, sz);
            break;
        #endif
        default:
            Trace(BAD_DECRYPT_TYPE);
            break;
    }
 }
@ -1644,16 +1863,6 @@ static int CheckSession(IpInfo* ipInfo, TcpInfo* tcpInfo, int sslBytes,
 }
 #ifndef min
 static INLINE word32 min(word32 a, word32 b)
 {
    return a > b ? b : a;
 }
 #endif
 /* Create a Packet Buffer from *begin - end, adjust new *begin and bytesLeft */
 static PacketBuffer* CreateBuffer(word32* begin, word32 end, const byte* data,
                                  int* bytesLeft)
--- a/FreeRTOS-Plus/CyaSSL/src/ssl.c
+++ b/FreeRTOS-Plus/CyaSSL/src/ssl.c
@ -77,6 +77,24 @@
 #endif /* min */
 char* mystrnstr(const char* s1, const char* s2, unsigned int n)
 {
    unsigned int s2_len = XSTRLEN(s2);
    if (s2_len == 0)
        return (char*)s1;
    while (n >= s2_len && s1[0]) {
        if (s1[0] == s2[0])
            if (XMEMCMP(s1, s2, s2_len) == 0)
                return (char*)s1;
        s1++;
        n--;
    }
    return NULL;
 }
 CYASSL_CTX* CyaSSL_CTX_new(CYASSL_METHOD* method)
 {
@ -227,8 +245,8 @@ int CyaSSL_SetTmpDH(CYASSL* ssl, const unsigned char* p, int pSz,
        havePSK = ssl->options.havePSK;
    #endif
    InitSuites(&ssl->suites, ssl->version, ssl->options.haveDH,
-               havePSK, ssl->options.haveNTRU, ssl->options.haveECDSA,
+               havePSK, ssl->options.haveNTRU, ssl->options.haveECDSAsig,
-               ssl->options.haveStaticECC, ssl->ctx->method->side);
+               ssl->options.haveStaticECC, ssl->options.side);
    CYASSL_LEAVE("CyaSSL_SetTmpDH", 0);
    return 0;
@ -473,6 +491,53 @@ int CyaSSL_set_group_messages(CYASSL* ssl)
 }
 int CyaSSL_SetVersion(CYASSL* ssl, int version)
 {
    byte havePSK = 0;
    CYASSL_ENTER("CyaSSL_SetVersion");
    if (ssl == NULL) {
        CYASSL_MSG("Bad function argument");
        return BAD_FUNC_ARG;
    }
    switch (version) {
        case CYASSL_SSLV3:
            ssl->version = MakeSSLv3();
            break;
 #ifndef NO_TLS
        case CYASSL_TLSV1:
            ssl->version = MakeTLSv1();
            break;
        case CYASSL_TLSV1_1:
            ssl->version = MakeTLSv1_1();
            break;
        case CYASSL_TLSV1_2:
            ssl->version = MakeTLSv1_2();
            break;
 #endif
        default:
            CYASSL_MSG("Bad function argument");
            return BAD_FUNC_ARG;
    }
    #ifndef NO_PSK
        havePSK = ssl->options.havePSK;
    #endif
    InitSuites(&ssl->suites, ssl->version, ssl->options.haveDH, havePSK,
                ssl->options.haveNTRU, ssl->options.haveECDSAsig,
                ssl->options.haveStaticECC, ssl->options.side);
    return SSL_SUCCESS;
 }
 /* does CA already exist on signer list */
 int AlreadySigner(CYASSL_CERT_MANAGER* cm, byte* hash)
 {
@ -674,12 +739,12 @@ int AddCA(CYASSL_CERT_MANAGER* cm, buffer der, int type, int verify)
        }
        /* find header */
-        headerEnd = XSTRSTR((char*)buff, header);
+        headerEnd = XSTRNSTR((char*)buff, header, sz);
        if (!headerEnd && type == PRIVATEKEY_TYPE) {  /* may be pkcs8 */
            XSTRNCPY(header, "-----BEGIN PRIVATE KEY-----", sizeof(header));
            XSTRNCPY(footer, "-----END PRIVATE KEY-----", sizeof(footer));
-            headerEnd = XSTRSTR((char*)buff, header);
+            headerEnd = XSTRNSTR((char*)buff, header, sz);
            if (headerEnd)
                pkcs8 = 1;
            else {
@ -688,7 +753,7 @@ int AddCA(CYASSL_CERT_MANAGER* cm, buffer der, int type, int verify)
                XSTRNCPY(footer, "-----END ENCRYPTED PRIVATE KEY-----",
                        sizeof(footer));
-                headerEnd = XSTRSTR((char*)buff, header);
+                headerEnd = XSTRNSTR((char*)buff, header, sz);
                if (headerEnd)
                    pkcs8Enc = 1;
            }
@ -697,7 +762,7 @@ int AddCA(CYASSL_CERT_MANAGER* cm, buffer der, int type, int verify)
            XSTRNCPY(header, "-----BEGIN EC PRIVATE KEY-----", sizeof(header));
            XSTRNCPY(footer, "-----END EC PRIVATE KEY-----", sizeof(footer));
-            headerEnd = XSTRSTR((char*)buff, header);
+            headerEnd = XSTRNSTR((char*)buff, header, sz);
            if (headerEnd)
                *eccKey = 1;
        }
@ -705,7 +770,7 @@ int AddCA(CYASSL_CERT_MANAGER* cm, buffer der, int type, int verify)
            XSTRNCPY(header, "-----BEGIN DSA PRIVATE KEY-----", sizeof(header));
            XSTRNCPY(footer, "-----END DSA PRIVATE KEY-----", sizeof(footer));
-            headerEnd = XSTRSTR((char*)buff, header);
+            headerEnd = XSTRNSTR((char*)buff, header, sz);
        }
        if (!headerEnd)
            return SSL_BAD_FILE;
@ -723,28 +788,28 @@ int AddCA(CYASSL_CERT_MANAGER* cm, buffer der, int type, int verify)
    {
        /* remove encrypted header if there */
        char encHeader[] = "Proc-Type";
-        char* line = XSTRSTR((char*)buff, encHeader);
+        char* line = XSTRNSTR((char*)buff, encHeader, PEM_LINE_LEN);
        if (line) {
            char* newline;
            char* finish;
-            char* start  = XSTRSTR(line, "DES");
+            char* start  = XSTRNSTR(line, "DES", PEM_LINE_LEN);
            if (!start)
-                start = XSTRSTR(line, "AES");
+                start = XSTRNSTR(line, "AES", PEM_LINE_LEN);
            if (!start) return SSL_BAD_FILE;
            if (!info)  return SSL_BAD_FILE;
-            finish = XSTRSTR(start, ",");
+            finish = XSTRNSTR(start, ",", PEM_LINE_LEN);
            if (start && finish && (start < finish)) {
-                newline = XSTRSTR(finish, "\r");
+                newline = XSTRNSTR(finish, "\r", PEM_LINE_LEN);
                XMEMCPY(info->name, start, finish - start);
                info->name[finish - start] = 0;
                XMEMCPY(info->iv, finish + 1, sizeof(info->iv));
-                if (!newline) newline = XSTRSTR(finish, "\n");
+                if (!newline) newline = XSTRNSTR(finish, "\n", PEM_LINE_LEN);
                if (newline && (newline > finish)) {
                    info->ivSz = (word32)(newline - (finish + 1));
                    info->set = 1;
@ -764,7 +829,7 @@ int AddCA(CYASSL_CERT_MANAGER* cm, buffer der, int type, int verify)
 #endif /* OPENSSL_EXTRA || HAVE_WEBSERVER */
        /* find footer */
-        footerEnd = XSTRSTR((char*)buff, footer);
+        footerEnd = XSTRNSTR((char*)buff, footer, sz);
        if (!footerEnd) return SSL_BAD_FILE;
        consumedEnd = footerEnd + XSTRLEN(footer);
@ -1085,9 +1150,9 @@ int AddCA(CYASSL_CERT_MANAGER* cm, buffer der, int type, int verify)
                case CTC_SHA384wECDSA:
                case CTC_SHA512wECDSA:
                    CYASSL_MSG("ECDSA cert signature");
-                    ctx->haveECDSA = 1;
+                    ctx->haveECDSAsig = 1;
                    if (ssl)
-                        ssl->options.haveECDSA = 1;
+                        ssl->options.haveECDSAsig = 1;
                    break;
                default:
                    CYASSL_MSG("Not ECDSA cert signature");
@ -1280,28 +1345,64 @@ int CyaSSL_CTX_load_verify_locations(CYASSL_CTX* ctx, const char* file,
 }
 /* Verify the ceritficate, 1 for success, < 0 for error */
 int CyaSSL_CertManagerVerifyBuffer(CYASSL_CERT_MANAGER* cm, const byte* buff,
                                   int sz, int format)
 {
    int ret = 0;
    int eccKey = 0;  /* not used */
    DecodedCert cert;
    buffer      der;
    CYASSL_ENTER("CyaSSL_CertManagerVerifyBuffer");
    der.buffer = NULL;
    if (format == SSL_FILETYPE_PEM) { 
        EncryptedInfo info;
        info.set      = 0;
        info.ctx      = NULL;
        info.consumed = 0;
        ret = PemToDer(buff, sz, CERT_TYPE, &der, cm->heap, &info, &eccKey);
        InitDecodedCert(&cert, der.buffer, der.length, cm->heap);
    }
    else
        InitDecodedCert(&cert, (byte*)buff, sz, cm->heap);
    if (ret == 0)
        ret = ParseCertRelative(&cert, CERT_TYPE, 1, cm);
 #ifdef HAVE_CRL
    if (ret == 0 && cm->crlEnabled)
        ret = CheckCertCRL(cm->crl, &cert);
 #endif
    FreeDecodedCert(&cert);
    XFREE(der.buffer, cm->heap, DYNAMIC_TYPE_CERT);
    return ret;
 }
 /* Verify the ceritficate, 1 for success, < 0 for error */
 int CyaSSL_CertManagerVerify(CYASSL_CERT_MANAGER* cm, const char* fname,
                             int format)
 {
    int    ret = SSL_FATAL_ERROR;
    int           eccKey = 0;  /* not used */
    DecodedCert   cert;
    byte   staticBuffer[FILE_BUFFER_SIZE];
    byte*  myBuffer = staticBuffer;
    int    dynamic = 0;
    long   sz = 0;
    buffer der;
    XFILE* file = XFOPEN(fname, "rb"); 
    CYASSL_ENTER("CyaSSL_CertManagerVerify");
    if (!file) return SSL_BAD_FILE;
    XFSEEK(file, 0, XSEEK_END);
    sz = XFTELL(file);
    XREWIND(file);
    der.buffer = NULL;
    if (sz > (long)sizeof(staticBuffer)) {
        CYASSL_MSG("Getting dynamic buffer");
        myBuffer = (byte*) XMALLOC(sz, cm->heap, DYNAMIC_TYPE_FILE);
@ -1314,32 +1415,9 @@ int CyaSSL_CertManagerVerify(CYASSL_CERT_MANAGER* cm, const char* fname,
    if ( (ret = XFREAD(myBuffer, sz, 1, file)) < 0)
        ret = SSL_BAD_FILE;
    else {
        ret = 0;  /* ok */
        if (format == SSL_FILETYPE_PEM) { 
            EncryptedInfo info;
            info.set       = 0;
            info.ctx      = NULL;
            info.consumed = 0;
            ret = PemToDer(myBuffer, sz, CERT_TYPE, &der, cm->heap, &info,
                           &eccKey);
            InitDecodedCert(&cert, der.buffer, der.length, cm->heap);
        }
    else 
-            InitDecodedCert(&cert, myBuffer, sz, cm->heap);
+        ret = CyaSSL_CertManagerVerifyBuffer(cm, myBuffer, sz, format);
        if (ret == 0)
            ret = ParseCertRelative(&cert, CERT_TYPE, 1, cm);
 #ifdef HAVE_CRL
        if (ret == 0 && cm->crlEnabled)
            ret = CheckCertCRL(cm->crl, &cert);
 #endif
    }
    FreeDecodedCert(&cert);
    XFREE(der.buffer, cm->heap, DYNAMIC_TYPE_CERT);
    XFCLOSE(file);
    if (dynamic) XFREE(myBuffer, cm->heap, DYNAMIC_TYPE_FILE);
@ -1432,6 +1510,15 @@ int CyaSSL_CertManagerDisableCRL(CYASSL_CERT_MANAGER* cm)
 }
 int CyaSSL_CTX_check_private_key(CYASSL_CTX* ctx)
 {
    /* TODO: check private against public for RSA match */
    (void)ctx; 
    CYASSL_ENTER("SSL_CTX_check_private_key");
    return SSL_SUCCESS;
 }
 #ifdef HAVE_CRL
@ -1474,7 +1561,7 @@ int CyaSSL_CertManagerCheckCRL(CYASSL_CERT_MANAGER* cm, byte* der, int sz)
 int CyaSSL_CertManagerSetCRL_Cb(CYASSL_CERT_MANAGER* cm, CbMissingCRL cb)
 {
-    CYASSL_ENTER("CyaSSL_CertManagerLoadCRL");
+    CYASSL_ENTER("CyaSSL_CertManagerSetCRL_Cb");
    if (cm == NULL)
        return BAD_FUNC_ARG;
@ -2050,8 +2137,8 @@ int CyaSSL_set_cipher_list(CYASSL* ssl, const char* list)
        #endif
        InitSuites(&ssl->suites, ssl->version, ssl->options.haveDH, havePSK,
-                   ssl->options.haveNTRU, ssl->options.haveECDSA,
+                   ssl->options.haveNTRU, ssl->options.haveECDSAsig,
-                   ssl->options.haveStaticECC, ssl->ctx->method->side);
+                   ssl->options.haveStaticECC, ssl->options.side);
        return SSL_SUCCESS;
    }
@ -3074,8 +3161,8 @@ int CyaSSL_set_compression(CYASSL* ssl)
        ssl->options.client_psk_cb = cb;
        InitSuites(&ssl->suites, ssl->version,TRUE,TRUE, ssl->options.haveNTRU,
-                   ssl->options.haveECDSA, ssl->options.haveStaticECC,
+                   ssl->options.haveECDSAsig, ssl->options.haveStaticECC,
-                   ssl->ctx->method->side);
+                   ssl->options.side);
    }
@ -3095,8 +3182,8 @@ int CyaSSL_set_compression(CYASSL* ssl)
        ssl->options.server_psk_cb = cb;
        InitSuites(&ssl->suites, ssl->version, ssl->options.haveDH, TRUE,
-                   ssl->options.haveNTRU, ssl->options.haveECDSA,
+                   ssl->options.haveNTRU, ssl->options.haveECDSAsig,
-                   ssl->options.haveStaticECC, ssl->ctx->method->side);
+                   ssl->options.haveStaticECC, ssl->options.side);
    }
@ -3244,15 +3331,6 @@ int CyaSSL_set_compression(CYASSL* ssl)
    }
    int CyaSSL_CTX_check_private_key(CYASSL_CTX* ctx)
    {
        /* TODO: check private against public for RSA match */
        (void)ctx; 
        CYASSL_ENTER("SSL_CTX_check_private_key");
        return SSL_SUCCESS;
    }
    void CyaSSL_set_bio(CYASSL* ssl, CYASSL_BIO* rd, CYASSL_BIO* wr)
    {
        CYASSL_ENTER("SSL_set_bio");
@ -3329,8 +3407,8 @@ int CyaSSL_set_compression(CYASSL* ssl)
        havePSK = ssl->options.havePSK;
 #endif
        InitSuites(&ssl->suites, ssl->version, ssl->options.haveDH, havePSK,
-                   ssl->options.haveNTRU, ssl->options.haveECDSA,
+                   ssl->options.haveNTRU, ssl->options.haveECDSAsig,
-                   ssl->options.haveStaticECC, ssl->ctx->method->side);
+                   ssl->options.haveStaticECC, ssl->options.side);
    }
@ -3407,6 +3485,27 @@ int CyaSSL_set_compression(CYASSL* ssl)
    }
    /* return the next, if any, altname from the peer cert */
    char* CyaSSL_X509_get_next_altname(CYASSL_X509* cert)
    {
        char* ret = NULL;
        CYASSL_ENTER("CyaSSL_X509_get_next_altname");
        /* don't have any to work with */
        if (cert == NULL || cert->altNames == NULL)
            return NULL;
        /* already went through them */
        if (cert->altNamesNext == NULL)
            return NULL;
        ret = cert->altNamesNext->name;
        cert->altNamesNext = cert->altNamesNext->next;
        return ret;
    }
    CYASSL_X509_NAME* CyaSSL_X509_get_issuer_name(CYASSL_X509* cert)
    {
        CYASSL_ENTER("X509_get_issuer_name");
@ -4942,6 +5041,23 @@ int CyaSSL_set_compression(CYASSL* ssl)
                case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA :
                    return "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA";
                case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 :
                    return "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256";
                case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 :
                    return "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384";
                case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 :
                    return "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256";
                case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 :
                    return "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384";
                case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 :
                    return "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256";
                case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 :
                    return "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384";
                case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 :
                    return "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256";
                case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 :
                    return "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384";
                default:
                    return "NONE";
            }
@ -4990,6 +5106,14 @@ int CyaSSL_set_compression(CYASSL* ssl)
                    return "TLS_NTRU_RSA_WITH_AES_128_CBC_SHA";
                case TLS_NTRU_RSA_WITH_AES_256_CBC_SHA :
                    return "TLS_NTRU_RSA_WITH_AES_256_CBC_SHA";
                case TLS_RSA_WITH_AES_128_GCM_SHA256 :
                    return "TLS_RSA_WITH_AES_128_GCM_SHA256";
                case TLS_RSA_WITH_AES_256_GCM_SHA384 :
                    return "TLS_RSA_WITH_AES_256_GCM_SHA384";
                case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 :
                    return "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256";
                case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 :
                    return "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384";
                default:
                    return "NONE";
            }  /* switch */
@ -7695,25 +7819,34 @@ const byte* CyaSSL_get_sessionID(const CYASSL_SESSION* session)
 #endif /* SESSION_CERTS */
 #ifdef HAVE_OCSP
 long CyaSSL_CTX_OCSP_set_options(CYASSL_CTX* ctx, long options)
 {
    CYASSL_ENTER("CyaSSL_CTX_OCSP_set_options");
 #ifdef HAVE_OCSP
    if (ctx != NULL) {
-        ctx->ocsp.enabled = (options && CYASSL_OCSP_ENABLE) != 0;
+        ctx->ocsp.enabled = (options & CYASSL_OCSP_ENABLE) != 0;
-        ctx->ocsp.useOverrideUrl = (options && CYASSL_OCSP_URL_OVERRIDE) != 0;
+        ctx->ocsp.useOverrideUrl = (options & CYASSL_OCSP_URL_OVERRIDE) != 0;
        return 1;
    }
    return 0;
 #else
    (void)ctx;
    (void)options;
    return NOT_COMPILED_IN;
 #endif
 }
 int CyaSSL_CTX_OCSP_set_override_url(CYASSL_CTX* ctx, const char* url)
 {
    CYASSL_ENTER("CyaSSL_CTX_OCSP_set_override_url");
 #ifdef HAVE_OCSP
    return CyaSSL_OCSP_set_override_url(&ctx->ocsp, url);
 #else
    (void)ctx;
    (void)url;
    return NOT_COMPILED_IN;
 #endif
 }
 #endif
--- a/FreeRTOS-Plus/CyaSSL/src/tls.c
+++ b/FreeRTOS-Plus/CyaSSL/src/tls.c
@ -33,6 +33,16 @@
 #ifndef NO_TLS
 #ifndef min
    static INLINE word32 min(word32 a, word32 b)
    {
        return a > b ? b : a;
    }
 #endif /* min */
 /* calculate XOR for TLSv1 PRF */
 static INLINE void get_xor(byte *digest, word32 digLen, byte* md5, byte* sha)
 {
@ -43,28 +53,51 @@ static INLINE void get_xor(byte *digest, word32 digLen, byte* md5, byte* sha)
 }
 #ifdef CYASSL_SHA384
    #define PHASH_MAX_DIGEST_SIZE SHA384_DIGEST_SIZE
 #else
    #define PHASH_MAX_DIGEST_SIZE SHA256_DIGEST_SIZE
 #endif
-/* compute p_hash for MD5, SHA-1, or SHA-256 for TLSv1 PRF */
+/* compute p_hash for MD5, SHA-1, SHA-256, or SHA-384 for TLSv1 PRF */
 static void p_hash(byte* result, word32 resLen, const byte* secret,
                   word32 secLen, const byte* seed, word32 seedLen, int hash)
 {
-    word32   len = hash == md5_mac ? MD5_DIGEST_SIZE : hash == sha_mac ?
+    word32   len = MD5_DIGEST_SIZE;
-                                           SHA_DIGEST_SIZE : SHA256_DIGEST_SIZE;
+    word32   times;
-    word32   times = resLen / len;
+    word32   lastLen;
    word32   lastLen = resLen % len;
    word32   lastTime;
    word32   i;
    word32   idx = 0;
-    byte     previous[SHA256_DIGEST_SIZE];  /* max size */
+    byte     previous[PHASH_MAX_DIGEST_SIZE];  /* max size */
-    byte     current[SHA256_DIGEST_SIZE];   /* max size */
+    byte     current[PHASH_MAX_DIGEST_SIZE];   /* max size */
    Hmac hmac;
    if (hash == md5_mac) {
        hash = MD5;
    }
    else if (hash == sha_mac) {
        len = SHA_DIGEST_SIZE;
        hash = SHA;
    } else if (hash == sha256_mac) {
        len = SHA256_DIGEST_SIZE;
        hash = SHA256;
    }
 #ifdef CYASSL_SHA384
    else if (hash == sha384_mac)
    {
        len = SHA384_DIGEST_SIZE;
        hash = SHA384;
    }
 #endif
    times = resLen / len;
    lastLen = resLen % len;
    if (lastLen) times += 1;
    lastTime = times - 1;
-    HmacSetKey(&hmac, hash == md5_mac ? MD5 : hash == sha_mac ? SHA : SHA256,
+    HmacSetKey(&hmac, hash, secret, secLen);
               secret, secLen);
    HmacUpdate(&hmac, seed, seedLen);       /* A0 = seed */
    HmacFinal(&hmac, previous);             /* A1 */
@ -74,7 +107,7 @@ static void p_hash(byte* result, word32 resLen, const byte* secret,
        HmacFinal(&hmac, current);
        if ( (i == lastTime) && lastLen)
-            XMEMCPY(&result[idx], current, lastLen);
+            XMEMCPY(&result[idx], current, min(lastLen, sizeof(current)));
        else {
            XMEMCPY(&result[idx], current, len);
            idx += len;
@ -89,7 +122,7 @@ static void p_hash(byte* result, word32 resLen, const byte* secret,
 /* compute TLSv1 PRF (pseudo random function using HMAC) */
 static void PRF(byte* digest, word32 digLen, const byte* secret, word32 secLen,
            const byte* label, word32 labLen, const byte* seed, word32 seedLen,
-            int useSha256)
+            int useAtLeastSha256, int hash_type)
 {
    word32 half = (secLen + 1) / 2;
@ -112,9 +145,13 @@ static void PRF(byte* digest, word32 digLen, const byte* secret, word32 secLen,
    XMEMCPY(labelSeed, label, labLen);
    XMEMCPY(labelSeed + labLen, seed, seedLen);
-    if (useSha256) {
+    if (useAtLeastSha256) {
        /* If a cipher suite wants an algorithm better than sha256, it
         * should use better. */
        if (hash_type < sha256_mac)
            hash_type = sha256_mac;
        p_hash(digest, digLen, secret, secLen, labelSeed, labLen + seedLen,
-               sha256_mac);
+               hash_type);
        return;
    }
@ -126,20 +163,35 @@ static void PRF(byte* digest, word32 digLen, const byte* secret, word32 secLen,
 }
 #ifdef CYASSL_SHA384
    #define HSHASH_SZ SHA384_DIGEST_SIZE
 #else
    #define HSHASH_SZ FINISHED_SZ
 #endif
 void BuildTlsFinished(CYASSL* ssl, Hashes* hashes, const byte* sender)
 {
    const byte* side;
-    byte        handshake_hash[FINISHED_SZ];
+    byte        handshake_hash[HSHASH_SZ];
    word32      hashSz = FINISHED_SZ;
    Md5Final(&ssl->hashMd5, handshake_hash);
    ShaFinal(&ssl->hashSha, &handshake_hash[MD5_DIGEST_SIZE]);
 #ifndef NO_SHA256
    if (IsAtLeastTLSv1_2(ssl)) {
 #ifndef NO_SHA256
        if (ssl->specs.mac_algorithm <= sha256_mac) {
            Sha256Final(&ssl->hashSha256, handshake_hash);
            hashSz = SHA256_DIGEST_SIZE;
        }
 #endif
 #ifdef CYASSL_SHA384
        if (ssl->specs.mac_algorithm == sha384_mac) {
            Sha384Final(&ssl->hashSha384, handshake_hash);
            hashSz = SHA384_DIGEST_SIZE;
        }
 #endif
    }
    if ( XSTRNCMP((const char*)sender, (const char*)client, SIZEOF_SENDER) == 0)
        side = tls_client;
@ -147,7 +199,8 @@ void BuildTlsFinished(CYASSL* ssl, Hashes* hashes, const byte* sender)
        side = tls_server;
    PRF(hashes->md5, TLS_FINISHED_SZ, ssl->arrays.masterSecret, SECRET_LEN,
-        side, FINISHED_LABEL_SZ, handshake_hash, hashSz, IsAtLeastTLSv1_2(ssl));
+        side, FINISHED_LABEL_SZ, handshake_hash, hashSz, IsAtLeastTLSv1_2(ssl),
        ssl->specs.mac_algorithm);
 }
@ -197,7 +250,8 @@ int DeriveTlsKeys(CYASSL* ssl)
    XMEMCPY(&seed[RAN_LEN], ssl->arrays.clientRandom, RAN_LEN);
    PRF(key_data, length, ssl->arrays.masterSecret, SECRET_LEN, key_label,
-        KEY_LABEL_SZ, seed, SEED_LEN, IsAtLeastTLSv1_2(ssl));
+        KEY_LABEL_SZ, seed, SEED_LEN, IsAtLeastTLSv1_2(ssl),
        ssl->specs.mac_algorithm);
    return StoreKeys(ssl, key_data);
 }
@ -213,7 +267,7 @@ int MakeTlsMasterSecret(CYASSL* ssl)
    PRF(ssl->arrays.masterSecret, SECRET_LEN,
        ssl->arrays.preMasterSecret, ssl->arrays.preMasterSz,
        master_label, MASTER_LABEL_SZ, 
-        seed, SEED_LEN, IsAtLeastTLSv1_2(ssl));
+        seed, SEED_LEN, IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm);
 #ifdef SHOW_SECRETS
    {
--- a/FreeRTOS-Plus/CyaSSL/sslSniffer/sslSnifferTest/snifftest.c
+++ b/FreeRTOS-Plus/CyaSSL/sslSniffer/sslSnifferTest/snifftest.c
@ -49,6 +49,7 @@ int main()
 #include <pcap/pcap.h>     /* pcap stuff */
 #include <stdio.h>         /* printf */
 #include <stdlib.h>        /* EXIT_SUCCESS */
 #include <string.h>        /* strcmp */
 #include <signal.h>        /* signal */
 #include <cyassl/sniffer.h>
@ -62,7 +63,7 @@ typedef unsigned char byte;
 enum {
    ETHER_IF_FRAME_LEN = 14,   /* ethernet interface frame length */
-    LOCAL_IF_FRAME_LEN =  4,   /* localhost interface frame length  */
+    NULL_IF_FRAME_LEN =   4,   /* no link interface frame length  */
 };
@ -71,7 +72,7 @@ pcap_if_t *alldevs;
 static void sig_handler(const int sig) 
 {
-    printf("SIGINT handled.\n");
+    printf("SIGINT handled = %d.\n", sig);
    if (pcap)
        pcap_close(pcap);
 	pcap_freealldevs(alldevs);
@ -82,7 +83,7 @@ static void sig_handler(const int sig)
 }
-void err_sys(const char* msg)
+static void err_sys(const char* msg)
 {
 	fprintf(stderr, "%s\n", msg);
 	exit(EXIT_FAILURE);
@ -96,7 +97,7 @@ void err_sys(const char* msg)
 #endif
-char* iptos(unsigned int addr)
+static char* iptos(unsigned int addr)
 {
 	static char    output[32];
 	byte *p = (byte*)&addr;
@ -112,11 +113,12 @@ int main(int argc, char** argv)
    int          ret;
 	int		     inum;
 	int		     port;
    int          saveFile = 0;
 	int		     i = 0;
    int          frame = ETHER_IF_FRAME_LEN; 
    char         err[PCAP_ERRBUF_SIZE];
 	char         filter[32];
-	char         loopback = 0;
+	const char  *server = NULL;
 	char        *server = NULL;
 	struct       bpf_program fp;
 	pcap_if_t   *d;
 	pcap_addr_t *a;
@ -124,10 +126,13 @@ int main(int argc, char** argv)
    signal(SIGINT, sig_handler);
 #ifndef _WIN32
-    ssl_InitSniffer();
+    ssl_InitSniffer();   /* dll load on Windows */
 #endif
    ssl_Trace("./tracefile.txt", err);
    if (argc == 1) {
        /* normal case, user chooses device and port */
 	    if (pcap_findalldevs(&alldevs, err) == -1)
 		    err_sys("Error in pcap_findalldevs");
@ -140,8 +145,8 @@ int main(int argc, char** argv)
 	    }
 	    if (i == 0)
-		err_sys("No interfaces found! Make sure pcap or WinPcap is installed "
+		    err_sys("No interfaces found! Make sure pcap or WinPcap is"
-                "correctly and you have sufficient permissions");
+                    " installed correctly and you have sufficient permissions");
 	    printf("Enter the interface number (1-%d): ", i);
 	    scanf("%d", &inum);
@ -156,17 +161,18 @@ int main(int argc, char** argv)
        if (pcap == NULL) printf("pcap_create failed %s\n", err);
 	if (d->flags & PCAP_IF_LOOPBACK)
 		loopback = 1;
 	    /* get an IPv4 address */
 	    for (a = d->addresses; a; a = a->next) {
 		    switch(a->addr->sa_family)
 		    {
 			    case AF_INET:
-				server =iptos(((struct sockaddr_in *)a->addr)->sin_addr.s_addr);
+				    server = 
                        iptos(((struct sockaddr_in *)a->addr)->sin_addr.s_addr);
 				    printf("server = %s\n", server);
 				    break;
                default:
                    break;
 		    }
 	    }
 	    if (server == NULL)
@ -202,9 +208,42 @@ int main(int argc, char** argv)
        ret = ssl_SetPrivateKey(server, port, "../../certs/server-key.pem",
                               FILETYPE_PEM, NULL, err);
    }
    else if (argc >= 3) {
        saveFile = 1;
        pcap = pcap_open_offline(argv[1], err);
        if (pcap == NULL) {
            printf("pcap_open_offline failed %s\n", err);
            ret = -1;
        }
        else {
            /* defaults for server and port */
            port = 443;
            server = "127.0.0.1";
            if (argc >= 4)
                server = argv[3];
            if (argc >= 5)
                port = atoi(argv[4]);
            ret = ssl_SetPrivateKey(server, port, argv[2],
                                    FILETYPE_PEM, NULL, err);
        }
    }
    else {
        /* usage error */
        printf(
             "usage: ./snifftest or ./snifftest dump pemKey [server] [port]\n");
        exit(EXIT_FAILURE);
    }
    if (ret != 0)
        err_sys(err);
    if (pcap_datalink(pcap) == DLT_NULL) 
        frame = NULL_IF_FRAME_LEN;
    while (1) {
        struct pcap_pkthdr header;
        const unsigned char* packet = pcap_next(pcap, &header);
@ -213,9 +252,6 @@ int main(int argc, char** argv)
            byte data[65535];
            if (header.caplen > 40)  { /* min ip(20) + min tcp(20) */
 				int frame = ETHER_IF_FRAME_LEN;
 				if (loopback)
 					frame = LOCAL_IF_FRAME_LEN;
 				packet        += frame;
 				header.caplen -= frame;					
            }
@ -230,6 +266,8 @@ int main(int argc, char** argv)
 				printf("SSL App Data:%s\n", data);
            }
        }
        else if (saveFile)
            break;      /* we're done reading file */
    }
    return EXIT_SUCCESS;
--- a/FreeRTOS-Plus/CyaSSL/tests/api.c
+++ b/FreeRTOS-Plus/CyaSSL/tests/api.c
@ -21,9 +21,8 @@
 #include <stdlib.h>
 #include <cyassl/ssl.h>
 #define NO_MAIN_DRIVER
 #include <cyassl/test.h>
-#include "unit.h"
+#include <tests/unit.h>
 #define TEST_FAIL       (-1)
 #define TEST_SUCCESS    (0)
@ -54,7 +53,6 @@ static int test_lvl(CYASSL_CTX *ctx, const char* file, const char* path,
 THREAD_RETURN CYASSL_THREAD test_server_nofail(void*);
 void test_client_nofail(void*);
 void wait_tcp_ready(func_args*);
 #endif
 static const char* bogusFile  = "/dev/null";
@ -603,10 +601,8 @@ THREAD_RETURN CYASSL_THREAD test_server_nofail(void* args)
        return 0;
    }
    ssl = CyaSSL_new(ctx);
-    tcp_accept(&sockfd, &clientfd, (func_args*)args);
+    tcp_accept(&sockfd, &clientfd, (func_args*)args, yasslPort, 0, 0);
 #ifndef CYASSL_DTLS
    CloseSocket(sockfd);
 #endif
    CyaSSL_set_fd(ssl, clientfd);
@ -691,7 +687,7 @@ void test_client_nofail(void* args)
        return;
    }
-    tcp_connect(&sockfd, yasslIP, yasslPort);
+    tcp_connect(&sockfd, yasslIP, yasslPort, 0);
    ssl = CyaSSL_new(ctx);
    CyaSSL_set_fd(ssl, sockfd);
@ -723,61 +719,7 @@ void test_client_nofail(void* args)
 void wait_tcp_ready(func_args* args)
 {
 #ifdef _POSIX_THREADS
    pthread_mutex_lock(&args->signal->mutex);
    if (!args->signal->ready)
        pthread_cond_wait(&args->signal->cond, &args->signal->mutex);
    args->signal->ready = 0; /* reset */
    pthread_mutex_unlock(&args->signal->mutex);
 #endif
 }
 void start_thread(THREAD_FUNC fun, func_args* args, THREAD_TYPE* thread)
 {
 #ifdef _POSIX_THREADS
    pthread_create(thread, 0, fun, args);
    return;
 #else
    *thread = (THREAD_TYPE)_beginthreadex(0, 0, fun, args, 0, 0);
 #endif
 }
 void join_thread(THREAD_TYPE thread)
 {
 #ifdef _POSIX_THREADS
    pthread_join(thread, 0);
 #else
    int res = WaitForSingleObject(thread, INFINITE);
    assert(res == WAIT_OBJECT_0);
    res = CloseHandle(thread);
    assert(res);
 #endif
 }
 void InitTcpReady(tcp_ready* ready)
 {
    ready->ready = 0;
 #ifdef _POSIX_THREADS
      pthread_mutex_init(&ready->mutex, 0);
      pthread_cond_init(&ready->cond, 0);
 #endif
 }
 void FreeTcpReady(tcp_ready* ready)
 {
 #ifdef _POSIX_THREADS
    pthread_mutex_destroy(&ready->mutex);
    pthread_cond_destroy(&ready->cond);
 #endif
 }
 #endif /* NO_FILESYSTEM */
--- a/FreeRTOS-Plus/CyaSSL/tests/hash.c
+++ b/FreeRTOS-Plus/CyaSSL/tests/hash.c
@ -33,7 +33,7 @@
 #include <cyassl/ctaocrypt/ripemd.h>
 #include <cyassl/ctaocrypt/hmac.h>
-#include "unit.h"
+#include <tests/unit.h>
 typedef struct testVector {
    char*  input;
@ -55,6 +55,8 @@ int HashTest(void)
 {
    int ret = 0;
    printf(" Begin HASH Tests\n");
 #ifndef NO_MD4
    if ( (ret = md4_test()) ) {
        printf( "   MD4      test failed!\n");
@ -115,6 +117,8 @@ int HashTest(void)
        printf( "   HMAC     test passed!\n");
 #endif
    printf(" End HASH Tests\n");
    return 0;
 }
--- a/FreeRTOS-Plus/CyaSSL/tests/include.am
+++ b/FreeRTOS-Plus/CyaSSL/tests/include.am
@ -9,8 +9,20 @@ tests_unit_SOURCES = \
 			      tests/unit.c \
 			      tests/api.c \
 			      tests/suites.c \
-                  tests/hash.c
+                  tests/hash.c \
-tests_unit_CFLAGS       = $(AM_CFLAGS) $(PTHREAD_CFLAGS)
+			      examples/client/client.c \
 			      examples/server/server.c
 tests_unit_CFLAGS       = -DNO_MAIN_DRIVER $(AM_CFLAGS) $(PTHREAD_CFLAGS)
 tests_unit_LDADD        = src/libcyassl.la  $(PTHREAD_LIBS)
 tests_unit_DEPENDENCIES = src/libcyassl.la
-EXTRA_DIST+=tests/unit.h
+EXTRA_DIST += tests/unit.h
 EXTRA_DIST += tests/test.conf \
              tests/test-openssl.conf \
              tests/test-hc128.conf \
              tests/test-psk.conf \
              tests/test-ntru.conf \
              tests/test-ecc.conf \
              tests/test-aesgcm.conf \
              tests/test-aesgcm-ecc.conf \
              tests/test-aesgcm-openssl.conf \
              tests/test-dtls.conf
--- a/FreeRTOS-Plus/CyaSSL/tests/suites.c
+++ b/FreeRTOS-Plus/CyaSSL/tests/suites.c
@ -1 +1,343 @@
-/* suites.c cipher suite unit tests */
+/* suites.c
 *
 * Copyright (C) 2006-2012 Sawtooth Consulting Ltd.
 *
 * This file is part of CyaSSL.
 *
 * CyaSSL is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * CyaSSL is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
 */
 #include <stdlib.h>
 #include <stdio.h>
 #include <cyassl/ssl.h>
 #include <tests/unit.h>
 #define MAX_ARGS 40
 #define MAX_COMMAND_SZ 240
 void client_test(void*);
 THREAD_RETURN CYASSL_THREAD server_test(void*);
 static void execute_test_case(int svr_argc, char** svr_argv,
                              int cli_argc, char** cli_argv)
 {
    func_args cliArgs = {cli_argc, cli_argv, 0, NULL};
    func_args svrArgs = {svr_argc, svr_argv, 0, NULL};
    tcp_ready   ready;
    THREAD_TYPE serverThread;
    char        commandLine[MAX_COMMAND_SZ];
    int         i;
    static      int tests = 1;
    commandLine[0] = '\0';
    for (i = 0; i < svr_argc; i++) {
        strcat(commandLine, svr_argv[i]);
        strcat(commandLine, " ");
    }
    printf("trying server command line[%d]: %s\n", tests, commandLine);
    commandLine[0] = '\0';
    for (i = 0; i < cli_argc; i++) {
        strcat(commandLine, cli_argv[i]);
        strcat(commandLine, " ");
    }
    printf("trying client command line[%d]: %s\n", tests++, commandLine);
    InitTcpReady(&ready);
    /* start server */
    svrArgs.signal = &ready;
    start_thread(server_test, &svrArgs, &serverThread);
    wait_tcp_ready(&svrArgs);
    /* start client */
    client_test(&cliArgs);
    /* verify results */ 
    if (cliArgs.return_code != 0) {
        printf("client_test failed\n");
        exit(EXIT_FAILURE);
    }
    join_thread(serverThread);
    if (svrArgs.return_code != 0) { 
        printf("server_test failed\n");
        exit(EXIT_FAILURE);
    }
    FreeTcpReady(&ready);
 }
 void test_harness(void* vargs)
 {
    func_args* args = (func_args*)vargs;
    char* script;
    long  sz, len;
    int   cliMode = 0;   /* server or client command flag, server first */
    FILE* file;
    char* svrArgs[MAX_ARGS];
    int   svrArgsSz;
    char* cliArgs[MAX_ARGS];
    int   cliArgsSz;
    char* cursor;
    char* comment;
    char* fname = "tests/test.conf";
    if (args->argc == 1) {
        printf("notice: using default file %s\n", fname);
    }
    else if(args->argc != 2) {
        printf("usage: harness [FILE]\n");
        args->return_code = 1;
        return;
    }
    else {
        fname = args->argv[1];
    }
    file = fopen(fname, "r");
    if (file == NULL) {
        fprintf(stderr, "unable to open %s\n", fname);
        args->return_code = 1;
        return;
    }
    fseek(file, 0, SEEK_END);
    sz = ftell(file);
    rewind(file);
    if (sz == 0) {
        fprintf(stderr, "%s is empty\n", fname);
        fclose(file);
        args->return_code = 1;
        return;
    }
    script = (char*)malloc(sz+1);
    if (script == 0) {
        fprintf(stderr, "unable to allocte script buffer\n");
        fclose(file);
        args->return_code = 1;
        return;
    }
    len = fread(script, 1, sz, file);
    if (len != sz) {
        fprintf(stderr, "read error\n");
        fclose(file);
        args->return_code = 1;
        return;
    }
    fclose(file);
    script[sz] = 0;
    cursor = script;
    svrArgsSz = 1;
    svrArgs[0] = args->argv[0];
    cliArgsSz = 1;
    cliArgs[0] = args->argv[0];
    while (*cursor != 0) {
        int do_it = 0;
        switch (*cursor) {
            case '\n':
                /* A blank line triggers test case execution or switches
                   to client mode if we don't have the client command yet */
                if (cliMode == 0)
                    cliMode = 1;  /* switch to client mode processing */
                else
                    do_it = 1;    /* Do It, we have server and client */
                cursor++;
                break;
            case '#':
                /* Ignore lines that start with a #. */
                comment = strsep(&cursor, "\n");
                printf("%s\n", comment);
                break;
            case '-':
                /* Parameters start with a -. They end in either a newline
                 * or a space. Capture until either, save in Args list. */
                if (cliMode)
                    cliArgs[cliArgsSz++] = strsep(&cursor, " \n");
                else
                    svrArgs[svrArgsSz++] = strsep(&cursor, " \n");
                break;
            default:
                /* Anything from cursor until end of line that isn't the above
                 * is data for a paramter. Just up until the next newline in
                 * the Args list. */
                if (cliMode)
                    cliArgs[cliArgsSz++] = strsep(&cursor, "\n");
                else
                    svrArgs[svrArgsSz++] = strsep(&cursor, "\n");
                if (*cursor == 0)  /* eof */
                    do_it = 1; 
        }
        if (svrArgsSz == MAX_ARGS || cliArgsSz == MAX_ARGS) {
            fprintf(stderr, "too many arguments, forcing test run\n");
            do_it = 1;
        }
        if (do_it) {
            execute_test_case(svrArgsSz, svrArgs, cliArgsSz, cliArgs);
            svrArgsSz = 1;
            cliArgsSz = 1;
            cliMode   = 0;
        }
    }
    free(script);
    args->return_code = 0;
 }
 int SuiteTest(void)
 {
    func_args args;
    char argv0[2][32];
    char* myArgv[2];
    printf(" Begin Cipher Suite Tests\n");
    /* setup */
    myArgv[0] = argv0[0];
    myArgv[1] = argv0[1];
    args.argv = myArgv;
    strcpy(argv0[0], "SuiteTest");
    /* default case */
    args.argc = 1;
    printf("starting default cipher suite tests\n");
    test_harness(&args);
    if (args.return_code != 0) {
        printf("error from script %d\n", args.return_code);
        exit(EXIT_FAILURE);  
    }
    /* any extra cases will need another argument */
    args.argc = 2;
 #ifdef OPENSSL_EXTRA
    /* add openssl extra suites */
    strcpy(argv0[1], "tests/test-openssl.conf");
    printf("starting openssl extra cipher suite tests\n");
    test_harness(&args);
    if (args.return_code != 0) {
        printf("error from script %d\n", args.return_code);
        exit(EXIT_FAILURE);  
    }
 #endif
 #ifdef HAVE_HC128 
    /* add hc128 extra suites */
    strcpy(argv0[1], "tests/test-hc128.conf");
    printf("starting hc128 extra cipher suite tests\n");
    test_harness(&args);
    if (args.return_code != 0) {
        printf("error from script %d\n", args.return_code);
        exit(EXIT_FAILURE);  
    }
 #endif
 #ifndef NO_PSK
    /* add psk extra suites */
    strcpy(argv0[1], "tests/test-psk.conf");
    printf("starting psk extra cipher suite tests\n");
    test_harness(&args);
    if (args.return_code != 0) {
        printf("error from script %d\n", args.return_code);
        exit(EXIT_FAILURE);  
    }
 #endif
 #ifdef HAVE_NTRU
    /* add ntru extra suites */
    strcpy(argv0[1], "tests/test-ntru.conf");
    printf("starting ntru extra cipher suite tests\n");
    test_harness(&args);
    if (args.return_code != 0) {
        printf("error from script %d\n", args.return_code);
        exit(EXIT_FAILURE);  
    }
 #endif
 #ifdef HAVE_ECC
    /* add ecc extra suites */
    strcpy(argv0[1], "tests/test-ecc.conf");
    printf("starting ecc extra cipher suite tests\n");
    test_harness(&args);
    if (args.return_code != 0) {
        printf("error from script %d\n", args.return_code);
        exit(EXIT_FAILURE);  
    }
 #endif
 #ifdef HAVE_AESGCM
    /* add aesgcm extra suites */
    strcpy(argv0[1], "tests/test-aesgcm.conf");
    printf("starting aesgcm extra cipher suite tests\n");
    test_harness(&args);
    if (args.return_code != 0) {
        printf("error from script %d\n", args.return_code);
        exit(EXIT_FAILURE);  
    }
 #endif
 #if defined(HAVE_AESGCM) && defined(OPENSSL_EXTRA)
    /* add aesgcm openssl extra suites */
    strcpy(argv0[1], "tests/test-aesgcm-openssl.conf");
    printf("starting aesgcm openssl extra cipher suite tests\n");
    test_harness(&args);
    if (args.return_code != 0) {
        printf("error from script %d\n", args.return_code);
        exit(EXIT_FAILURE);  
    }
 #endif
 #if defined(HAVE_AESGCM) && defined(HAVE_ECC)
    /* add aesgcm ecc extra suites */
    strcpy(argv0[1], "tests/test-aesgcm-ecc.conf");
    printf("starting aesgcm ecc extra cipher suite tests\n");
    test_harness(&args);
    if (args.return_code != 0) {
        printf("error from script %d\n", args.return_code);
        exit(EXIT_FAILURE);  
    }
 #endif
 #ifdef CYASSL_DTLS 
    /* add dtls extra suites */
    strcpy(argv0[1], "tests/test-dtls.conf");
    printf("starting dtls extra cipher suite tests\n");
    test_harness(&args);
    if (args.return_code != 0) {
        printf("error from script %d\n", args.return_code);
        exit(EXIT_FAILURE);  
    }
 #endif
    printf(" End Cipher Suite Tests\n");
    return args.return_code;
 }
--- a/FreeRTOS-Plus/CyaSSL/tests/test-aesgcm-ecc.conf
+++ b/FreeRTOS-Plus/CyaSSL/tests/test-aesgcm-ecc.conf
@ -0,0 +1,80 @@
 # server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 
 -v 3
 -l ECDHE-ECDSA-AES128-GCM-SHA256
 -c ./certs/server-ecc.pem
 -k ./certs/ecc-key.pem
 # client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 
 -v 3
 -l ECDHE-ECDSA-AES128-GCM-SHA256
 -A ./certs/server-ecc.pem
 # server TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
 -v 3
 -l ECDHE-ECDSA-AES256-GCM-SHA384
 -c ./certs/server-ecc.pem
 -k ./certs/ecc-key.pem
 # client TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
 -v 3
 -l ECDHE-ECDSA-AES256-GCM-SHA384
 -A ./certs/server-ecc.pem
 # server TLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256 
 -v 3
 -l ECDH-ECDSA-AES128-GCM-SHA256
 -c ./certs/server-ecc.pem
 -k ./certs/ecc-key.pem
 # client TLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256 
 -v 3
 -l ECDH-ECDSA-AES128-GCM-SHA256
 -A ./certs/server-ecc.pem
 # server TLSv1.2 ECDH-ECDSA-AES256-GCM-SHA384
 -v 3
 -l ECDH-ECDSA-AES256-GCM-SHA384
 -c ./certs/server-ecc.pem
 -k ./certs/ecc-key.pem
 # client TLSv1.2 ECDH-ECDSA-AES256-GCM-SHA384
 -v 3
 -l ECDH-ECDSA-AES256-GCM-SHA384
 -A ./certs/server-ecc.pem
 # server TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 
 -v 3
 -l ECDHE-RSA-AES128-GCM-SHA256
 # client TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 
 -v 3
 -l ECDHE-RSA-AES128-GCM-SHA256
 # server TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
 -v 3
 -l ECDHE-RSA-AES256-GCM-SHA384
 # client TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
 -v 3
 -l ECDHE-RSA-AES256-GCM-SHA384
 # server TLSv1.2 ECDH-RSA-AES128-GCM-SHA256 
 -v 3
 -l ECDH-RSA-AES128-GCM-SHA256
 -c ./certs/server-ecc-rsa.pem
 -k ./certs/ecc-key.pem
 # client TLSv1.2 ECDH-RSA-AES128-GCM-SHA256 
 -v 3
 -l ECDH-RSA-AES128-GCM-SHA256
 # server TLSv1.2 ECDH-RSA-AES256-GCM-SHA384
 -v 3
 -l ECDH-RSA-AES256-GCM-SHA384
 -c ./certs/server-ecc-rsa.pem
 -k ./certs/ecc-key.pem
 # client TLSv1.2 ECDH-RSA-AES256-GCM-SHA384
 -v 3
 -l ECDH-RSA-AES256-GCM-SHA384
--- a/FreeRTOS-Plus/CyaSSL/tests/test-aesgcm-openssl.conf
+++ b/FreeRTOS-Plus/CyaSSL/tests/test-aesgcm-openssl.conf
@ -0,0 +1,16 @@
 # server TLSv1.2 DHE-RSA-AES128-GCM-SHA256 
 -v 3
 -l DHE-RSA-AES128-GCM-SHA256
 # client TLSv1.2 DHE-RSA-AES128-GCM-SHA256 
 -v 3
 -l DHE-RSA-AES128-GCM-SHA256
 # server TLSv1.2 DHE-RSA-AES256-GCM-SHA384
 -v 3
 -l DHE-RSA-AES256-GCM-SHA384
 # client TLSv1.2 DHE-RSA-AES256-GCM-SHA384
 -v 3
 -l DHE-RSA-AES256-GCM-SHA384
--- a/FreeRTOS-Plus/CyaSSL/tests/test-aesgcm.conf
+++ b/FreeRTOS-Plus/CyaSSL/tests/test-aesgcm.conf
@ -0,0 +1,16 @@
 # server TLSv1.2 RSA-AES128-GCM-SHA256 
 -v 3
 -l AES128-GCM-SHA256
 # client TLSv1.2 RSA-AES128-GCM-SHA256 
 -v 3
 -l AES128-GCM-SHA256
 # server TLSv1.2 RSA-AES256-GCM-SHA384
 -v 3
 -l AES256-GCM-SHA384
 # client TLSv1.2 RSA-AES256-GCM-SHA384
 -v 3
 -l AES256-GCM-SHA384
--- a/FreeRTOS-Plus/CyaSSL/tests/test-dtls.conf
+++ b/FreeRTOS-Plus/CyaSSL/tests/test-dtls.conf
@ -0,0 +1,64 @@
 # server DTLSv1 RC4-SHA
 -u
 -l RC4-SHA
 # client DTLSv1 RC4-SHA
 -u
 -l RC4-SHA
 # server DTLSv1 RC4-MD5
 -u
 -l RC4-MD5
 # client DTLSv1 RC4-MD5
 -u
 -l RC4-MD5
 # server DTLSv1 DES-CBC3-SHA
 -u
 -l DES-CBC3-SHA
 # client DTLSv1 DES-CBC3-SHA
 -u
 -l DES-CBC3-SHA
 # server DTLSv1 AES128-SHA
 -u
 -l AES128-SHA
 # client DTLSv1 AES128-SHA
 -u
 -l AES128-SHA
 # server DTLSv1 AES256-SHA
 -u
 -l AES256-SHA
 # client DTLSv1 AES256-SHA
 -u
 -l AES256-SHA
 # server DTLSv1 AES128-SHA256
 -u
 -l AES128-SHA256
 # client DTLSv1 AES128-SHA256
 -u
 -l AES128-SHA256
 # server DTLSv1 AES256-SHA256
 -u
 -l AES256-SHA256
 # client DTLSv1 AES256-SHA256
 -u
 -l AES256-SHA256
 # server DTLSv1 RABBIT-SHA
 -u
 -l RABBIT-SHA
 # client DTLSv1 RABBIT-SHA
 -u
 -l RABBIT-SHA
--- a/FreeRTOS-Plus/CyaSSL/tests/test-ecc.conf
+++ b/FreeRTOS-Plus/CyaSSL/tests/test-ecc.conf
@ -0,0 +1,480 @@
 # server TLSv1 ECDHE-RSA-RC4
 -v 1
 -l ECDHE-RSA-RC4-SHA
 # client TLSv1 ECDHE-RSA-RC4
 -v 1
 -l ECDHE-RSA-RC4-SHA
 # server TLSv1 ECDHE-RSA-DES3
 -v 1
 -l ECDHE-RSA-DES-CBC3-SHA
 # client TLSv1 ECDHE-RSA-DES3
 -v 1
 -l ECDHE-RSA-DES-CBC3-SHA
 # server TLSv1 ECDHE-RSA-AES128 
 -v 1
 -l ECDHE-RSA-AES128-SHA
 # client TLSv1 ECDHE-RSA-AES128 
 -v 1
 -l ECDHE-RSA-AES128-SHA
 # server TLSv1 ECDHE-RSA-AES256
 -v 1
 -l ECDHE-RSA-AES256-SHA
 # client TLSv1 ECDHE-RSA-AES256
 -v 1
 -l ECDHE-RSA-AES256-SHA
 # server TLSv1.1 ECDHE-RSA-RC4
 -v 2
 -l ECDHE-RSA-RC4-SHA
 # client TLSv1.1 ECDHE-RSA-RC4
 -v 2
 -l ECDHE-RSA-RC4-SHA
 # server TLSv1.1 ECDHE-RSA-DES3
 -v 2
 -l ECDHE-RSA-DES-CBC3-SHA
 # client TLSv1.1 ECDHE-RSA-DES3
 -v 2
 -l ECDHE-RSA-DES-CBC3-SHA
 # server TLSv1.1 ECDHE-RSA-AES128 
 -v 2
 -l ECDHE-RSA-AES128-SHA
 # client TLSv1.1 ECDHE-RSA-AES128 
 -v 2
 -l ECDHE-RSA-AES128-SHA
 # server TLSv1.1 ECDHE-RSA-AES256
 -v 2
 -l ECDHE-RSA-AES256-SHA
 # client TLSv1.1 ECDHE-RSA-AES256
 -v 2
 -l ECDHE-RSA-AES256-SHA
 # server TLSv1.2 ECDHE-RSA-RC4
 -v 3
 -l ECDHE-RSA-RC4-SHA
 # client TLSv1.2 ECDHE-RSA-RC4
 -v 3
 -l ECDHE-RSA-RC4-SHA
 # server TLSv1.2 ECDHE-RSA-DES3
 -v 3
 -l ECDHE-RSA-DES-CBC3-SHA
 # client TLSv1.2 ECDHE-RSA-DES3
 -v 3
 -l ECDHE-RSA-DES-CBC3-SHA
 # server TLSv1.2 ECDHE-RSA-AES128 
 -v 3
 -l ECDHE-RSA-AES128-SHA
 # client TLSv1.2 ECDHE-RSA-AES128 
 -v 3
 -l ECDHE-RSA-AES128-SHA
 # server TLSv1.2 ECDHE-RSA-AES256
 -v 3
 -l ECDHE-RSA-AES256-SHA
 # client TLSv1.2 ECDHE-RSA-AES256
 -v 3
 -l ECDHE-RSA-AES256-SHA
 # server TLSv1 ECDHE-ECDSA-RC4
 -v 1
 -l ECDHE-ECDSA-RC4-SHA
 -c ./certs/server-ecc.pem
 -k ./certs/ecc-key.pem
 # client TLSv1 ECDHE-ECDSA-RC4
 -v 1
 -l ECDHE-ECDSA-RC4-SHA
 -A ./certs/server-ecc.pem
 # server TLSv1 ECDHE-ECDSA-DES3
 -v 1
 -l ECDHE-ECDSA-DES-CBC3-SHA
 -c ./certs/server-ecc.pem
 -k ./certs/ecc-key.pem
 # client TLSv1 ECDHE-ECDSA-DES3
 -v 1
 -l ECDHE-ECDSA-DES-CBC3-SHA
 -A ./certs/server-ecc.pem
 # server TLSv1 ECDHE-ECDSA-AES128 
 -v 1
 -l ECDHE-ECDSA-AES128-SHA
 -c ./certs/server-ecc.pem
 -k ./certs/ecc-key.pem
 # client TLSv1 ECDHE-ECDSA-AES128 
 -v 1
 -l ECDHE-ECDSA-AES128-SHA
 -A ./certs/server-ecc.pem
 # server TLSv1 ECDHE-ECDSA-AES256
 -v 1
 -l ECDHE-ECDSA-AES256-SHA
 -c ./certs/server-ecc.pem
 -k ./certs/ecc-key.pem
 # client TLSv1 ECDHE-ECDSA-AES256
 -v 1
 -l ECDHE-ECDSA-AES256-SHA
 -A ./certs/server-ecc.pem
 # server TLSv1.1 ECDHE-EDCSA-RC4
 -v 2
 -l ECDHE-ECDSA-RC4-SHA
 -c ./certs/server-ecc.pem
 -k ./certs/ecc-key.pem
 # client TLSv1.1 ECDHE-ECDSA-RC4
 -v 2
 -l ECDHE-ECDSA-RC4-SHA
 -A ./certs/server-ecc.pem
 # server TLSv1.1 ECDHE-ECDSA-DES3
 -v 2
 -l ECDHE-ECDSA-DES-CBC3-SHA
 -c ./certs/server-ecc.pem
 -k ./certs/ecc-key.pem
 # client TLSv1.1 ECDHE-ECDSA-DES3
 -v 2
 -l ECDHE-ECDSA-DES-CBC3-SHA
 -A ./certs/server-ecc.pem
 # server TLSv1.1 ECDHE-ECDSA-AES128 
 -v 2
 -l ECDHE-ECDSA-AES128-SHA
 -c ./certs/server-ecc.pem
 -k ./certs/ecc-key.pem
 # client TLSv1.1 ECDHE-ECDSA-AES128 
 -v 2
 -l ECDHE-ECDSA-AES128-SHA
 -A ./certs/server-ecc.pem
 # server TLSv1.1 ECDHE-ECDSA-AES256
 -v 2
 -l ECDHE-ECDSA-AES256-SHA
 -c ./certs/server-ecc.pem
 -k ./certs/ecc-key.pem
 # client TLSv1.1 ECDHE-ECDSA-AES256
 -v 2
 -l ECDHE-ECDSA-AES256-SHA
 -A ./certs/server-ecc.pem
 # server TLSv1.2 ECDHE-ECDSA-RC4
 -v 3
 -l ECDHE-ECDSA-RC4-SHA
 -c ./certs/server-ecc.pem
 -k ./certs/ecc-key.pem
 # client TLSv1.2 ECDHE-ECDSA-RC4
 -v 3
 -l ECDHE-ECDSA-RC4-SHA
 -A ./certs/server-ecc.pem
 # server TLSv1.2 ECDHE-ECDSA-DES3
 -v 3
 -l ECDHE-ECDSA-DES-CBC3-SHA
 -c ./certs/server-ecc.pem
 -k ./certs/ecc-key.pem
 # client TLSv1.2 ECDHE-ECDSA-DES3
 -v 3
 -l ECDHE-ECDSA-DES-CBC3-SHA
 -A ./certs/server-ecc.pem
 # server TLSv1.2 ECDHE-ECDSA-AES128 
 -v 3
 -l ECDHE-ECDSA-AES128-SHA
 -c ./certs/server-ecc.pem
 -k ./certs/ecc-key.pem
 # client TLSv1.2 ECDHE-ECDSA-AES128 
 -v 3
 -l ECDHE-ECDSA-AES128-SHA
 -A ./certs/server-ecc.pem
 # server TLSv1.2 ECDHE-ECDSA-AES256
 -v 3
 -l ECDHE-ECDSA-AES256-SHA
 -c ./certs/server-ecc.pem
 -k ./certs/ecc-key.pem
 # client TLSv1.2 ECDHE-ECDSA-AES256
 -v 3
 -l ECDHE-ECDSA-AES256-SHA
 -A ./certs/server-ecc.pem
 # server TLSv1 ECDH-RSA-RC4
 -v 1
 -l ECDH-RSA-RC4-SHA
 -c ./certs/server-ecc-rsa.pem
 -k ./certs/ecc-key.pem
 # client TLSv1 ECDH-RSA-RC4
 -v 1
 -l ECDH-RSA-RC4-SHA
 # server TLSv1 ECDH-RSA-DES3
 -v 1
 -l ECDH-RSA-DES-CBC3-SHA
 -c ./certs/server-ecc-rsa.pem
 -k ./certs/ecc-key.pem
 # client TLSv1 ECDH-RSA-DES3
 -v 1
 -l ECDH-RSA-DES-CBC3-SHA
 # server TLSv1 ECDH-RSA-AES128 
 -v 1
 -l ECDH-RSA-AES128-SHA
 -c ./certs/server-ecc-rsa.pem
 -k ./certs/ecc-key.pem
 # client TLSv1 ECDH-RSA-AES128 
 -v 1
 -l ECDH-RSA-AES128-SHA
 # server TLSv1 ECDH-RSA-AES256
 -v 1
 -l ECDH-RSA-AES256-SHA
 -c ./certs/server-ecc-rsa.pem
 -k ./certs/ecc-key.pem
 # client TLSv1 ECDH-RSA-AES256
 -v 1
 -l ECDH-RSA-AES256-SHA
 # server TLSv1.1 ECDH-RSA-RC4
 -v 2
 -l ECDH-RSA-RC4-SHA
 -c ./certs/server-ecc-rsa.pem
 -k ./certs/ecc-key.pem
 # client TLSv1.1 ECDH-RSA-RC4
 -v 2
 -l ECDH-RSA-RC4-SHA
 # server TLSv1.1 ECDH-RSA-DES3
 -v 2
 -l ECDH-RSA-DES-CBC3-SHA
 -c ./certs/server-ecc-rsa.pem
 -k ./certs/ecc-key.pem
 # client TLSv1.1 ECDH-RSA-DES3
 -v 2
 -l ECDH-RSA-DES-CBC3-SHA
 # server TLSv1.1 ECDH-RSA-AES128 
 -v 2
 -l ECDH-RSA-AES128-SHA
 -c ./certs/server-ecc-rsa.pem
 -k ./certs/ecc-key.pem
 # client TLSv1.1 ECDH-RSA-AES128 
 -v 2
 -l ECDH-RSA-AES128-SHA
 # server TLSv1.1 ECDH-RSA-AES256
 -v 2
 -l ECDH-RSA-AES256-SHA
 -c ./certs/server-ecc-rsa.pem
 -k ./certs/ecc-key.pem
 # client TLSv1.1 ECDH-RSA-AES256
 -v 2
 -l ECDH-RSA-AES256-SHA
 # server TLSv1.2 ECDH-RSA-RC4
 -v 3
 -l ECDH-RSA-RC4-SHA
 -c ./certs/server-ecc-rsa.pem
 -k ./certs/ecc-key.pem
 # client TLSv1.2 ECDH-RSA-RC4
 -v 3
 -l ECDH-RSA-RC4-SHA
 # server TLSv1.2 ECDH-RSA-DES3
 -v 3
 -l ECDH-RSA-DES-CBC3-SHA
 -c ./certs/server-ecc-rsa.pem
 -k ./certs/ecc-key.pem
 # client TLSv1.2 ECDH-RSA-DES3
 -v 3
 -l ECDH-RSA-DES-CBC3-SHA
 # server TLSv1.2 ECDH-RSA-AES128 
 -v 3
 -l ECDH-RSA-AES128-SHA
 -c ./certs/server-ecc-rsa.pem
 -k ./certs/ecc-key.pem
 # client TLSv1.2 ECDH-RSA-AES128 
 -v 3
 -l ECDH-RSA-AES128-SHA
 # server TLSv1.2 ECDH-RSA-AES256
 -v 3
 -l ECDH-RSA-AES256-SHA
 -c ./certs/server-ecc-rsa.pem
 -k ./certs/ecc-key.pem
 # client TLSv1.2 ECDH-RSA-AES256
 -v 3
 -l ECDH-RSA-AES256-SHA
 # server TLSv1 ECDH-ECDSA-RC4
 -v 1
 -l ECDH-ECDSA-RC4-SHA
 -c ./certs/server-ecc.pem
 -k ./certs/ecc-key.pem
 # client TLSv1 ECDH-ECDSA-RC4
 -v 1
 -l ECDH-ECDSA-RC4-SHA
 -A ./certs/server-ecc.pem
 # server TLSv1 ECDH-ECDSA-DES3
 -v 1
 -l ECDH-ECDSA-DES-CBC3-SHA
 -c ./certs/server-ecc.pem
 -k ./certs/ecc-key.pem
 # client TLSv1 ECDH-ECDSA-DES3
 -v 1
 -l ECDH-ECDSA-DES-CBC3-SHA
 -A ./certs/server-ecc.pem
 # server TLSv1 ECDH-ECDSA-AES128 
 -v 1
 -l ECDH-ECDSA-AES128-SHA
 -c ./certs/server-ecc.pem
 -k ./certs/ecc-key.pem
 # client TLSv1 ECDH-ECDSA-AES128 
 -v 1
 -l ECDH-ECDSA-AES128-SHA
 -A ./certs/server-ecc.pem
 # server TLSv1 ECDH-ECDSA-AES256
 -v 1
 -l ECDH-ECDSA-AES256-SHA
 -c ./certs/server-ecc.pem
 -k ./certs/ecc-key.pem
 # client TLSv1 ECDH-ECDSA-AES256
 -v 1
 -l ECDH-ECDSA-AES256-SHA
 -A ./certs/server-ecc.pem
 # server TLSv1.1 ECDH-EDCSA-RC4
 -v 2
 -l ECDH-ECDSA-RC4-SHA
 -c ./certs/server-ecc.pem
 -k ./certs/ecc-key.pem
 # client TLSv1.1 ECDH-ECDSA-RC4
 -v 2
 -l ECDH-ECDSA-RC4-SHA
 -A ./certs/server-ecc.pem
 # server TLSv1.1 ECDH-ECDSA-DES3
 -v 2
 -l ECDH-ECDSA-DES-CBC3-SHA
 -c ./certs/server-ecc.pem
 -k ./certs/ecc-key.pem
 # client TLSv1.1 ECDH-ECDSA-DES3
 -v 2
 -l ECDH-ECDSA-DES-CBC3-SHA
 -A ./certs/server-ecc.pem
 # server TLSv1.1 ECDH-ECDSA-AES128 
 -v 2
 -l ECDH-ECDSA-AES128-SHA
 -c ./certs/server-ecc.pem
 -k ./certs/ecc-key.pem
 # client TLSv1.1 ECDH-ECDSA-AES128 
 -v 2
 -l ECDH-ECDSA-AES128-SHA
 -A ./certs/server-ecc.pem
 # server TLSv1.1 ECDH-ECDSA-AES256
 -v 2
 -l ECDH-ECDSA-AES256-SHA
 -c ./certs/server-ecc.pem
 -k ./certs/ecc-key.pem
 # client TLSv1.1 ECDH-ECDSA-AES256
 -v 2
 -l ECDH-ECDSA-AES256-SHA
 -A ./certs/server-ecc.pem
 # server TLSv1.2 ECDHE-ECDSA-RC4
 -v 3
 -l ECDH-ECDSA-RC4-SHA
 -c ./certs/server-ecc.pem
 -k ./certs/ecc-key.pem
 # client TLSv1.2 ECDH-ECDSA-RC4
 -v 3
 -l ECDH-ECDSA-RC4-SHA
 -A ./certs/server-ecc.pem
 # server TLSv1.2 ECDH-ECDSA-DES3
 -v 3
 -l ECDH-ECDSA-DES-CBC3-SHA
 -c ./certs/server-ecc.pem
 -k ./certs/ecc-key.pem
 # client TLSv1.2 ECDH-ECDSA-DES3
 -v 3
 -l ECDH-ECDSA-DES-CBC3-SHA
 -A ./certs/server-ecc.pem
 # server TLSv1.2 ECDH-ECDSA-AES128 
 -v 3
 -l ECDH-ECDSA-AES128-SHA
 -c ./certs/server-ecc.pem
 -k ./certs/ecc-key.pem
 # client TLSv1.2 ECDH-ECDSA-AES128 
 -v 3
 -l ECDH-ECDSA-AES128-SHA
 -A ./certs/server-ecc.pem
 # server TLSv1.2 ECDH-ECDSA-AES256
 -v 3
 -l ECDH-ECDSA-AES256-SHA
 -c ./certs/server-ecc.pem
 -k ./certs/ecc-key.pem
 # client TLSv1.2 ECDH-ECDSA-AES256
 -v 3
 -l ECDH-ECDSA-AES256-SHA
 -A ./certs/server-ecc.pem
--- a/FreeRTOS-Plus/CyaSSL/tests/test-hc128.conf
+++ b/FreeRTOS-Plus/CyaSSL/tests/test-hc128.conf
@ -0,0 +1,48 @@
 # server TLSv1 HC128-SHA
 -v 1
 -l HC128-SHA
 # client TLSv1 HC128-SHA
 -v 1
 -l HC128-SHA
 # server TLSv1 HC128-MD5
 -v 1
 -l HC128-MD5
 # client TLSv1 HC128-MD5
 -v 1
 -l HC128-MD5
 # server TLSv1.1 HC128-SHA
 -v 2
 -l HC128-SHA
 # client TLSv1.1 HC128-SHA
 -v 2
 -l HC128-SHA
 # server TLSv1.1 HC128-MD5
 -v 2
 -l HC128-MD5
 # client TLSv1.1 HC128-MD5
 -v 2
 -l HC128-MD5
 # server TLSv1.2 HC128-SHA
 -v 3
 -l HC128-SHA
 # client TLSv1.2 HC128-SHA
 -v 3
 -l HC128-SHA
 # server TLSv1.2 HC128-MD5
 -v 3
 -l HC128-MD5
 # client TLSv1.2 HC128-MD5
 -v 3
 -l HC128-MD5
--- a/FreeRTOS-Plus/CyaSSL/tests/test-ntru.conf
+++ b/FreeRTOS-Plus/CyaSSL/tests/test-ntru.conf
@ -0,0 +1,132 @@
 # server TLSv1 NTRU_RC4
 -v 1
 -l NTRU-RC4-SHA
 -n
 -c ./certs/ntru-cert.pem
 -k ./certs/ntru-key.raw
 # client TLSv1 NTRU_RC4
 -v 1
 -l NTRU-RC4-SHA
 # server TLSv1 NTRU_DES3
 -v 1
 -l NTRU-DES-CBC3-SHA
 -n
 -c ./certs/ntru-cert.pem
 -k ./certs/ntru-key.raw
 # client TLSv1 NTRU_DES3
 -v 1
 -l NTRU-DES-CBC3-SHA
 # server TLSv1 NTRU_AES128
 -v 1
 -l NTRU-AES128-SHA
 -n
 -c ./certs/ntru-cert.pem
 -k ./certs/ntru-key.raw
 # client TLSv1 NTRU_AES128
 -v 1
 -l NTRU-AES128-SHA
 # server TLSv1 NTRU_AES256
 -v 1
 -l NTRU-AES256-SHA
 -n
 -c ./certs/ntru-cert.pem
 -k ./certs/ntru-key.raw
 # client TLSv1 NTRU_AES256
 -v 1
 -l NTRU-AES256-SHA
 # server TLSv1.1 NTRU_RC4
 -v 2
 -l NTRU-RC4-SHA
 -n
 -c ./certs/ntru-cert.pem
 -k ./certs/ntru-key.raw
 # client TLSv1.1 NTRU_RC4
 -v 2
 -l NTRU-RC4-SHA
 # server TLSv1.1 NTRU_DES3
 -v 2
 -l NTRU-DES-CBC3-SHA
 -n
 -c ./certs/ntru-cert.pem
 -k ./certs/ntru-key.raw
 # client TLSv1.1 NTRU_DES3
 -v 2
 -l NTRU-DES-CBC3-SHA
 # server TLSv1.1 NTRU_AES128
 -v 2
 -l NTRU-AES128-SHA
 -n
 -c ./certs/ntru-cert.pem
 -k ./certs/ntru-key.raw
 # client TLSv1.1 NTRU_AES128
 -v 2
 -l NTRU-AES128-SHA
 # server TLSv1.1 NTRU_AES256
 -v 2
 -l NTRU-AES256-SHA
 -n
 -c ./certs/ntru-cert.pem
 -k ./certs/ntru-key.raw
 # client TLSv1.1 NTRU_AES256
 -v 2
 -l NTRU-AES256-SHA
 # server TLSv1.2 NTRU_RC4
 -v 3
 -l NTRU-RC4-SHA
 -n
 -c ./certs/ntru-cert.pem
 -k ./certs/ntru-key.raw
 # client TLSv1.2 NTRU_RC4
 -v 3
 -l NTRU-RC4-SHA
 # server TLSv1.2 NTRU_DES3
 -v 3
 -l NTRU-DES-CBC3-SHA
 -n
 -c ./certs/ntru-cert.pem
 -k ./certs/ntru-key.raw
 # client TLSv1.2 NTRU_DES3
 -v 3
 -l NTRU-DES-CBC3-SHA
 # server TLSv1.2 NTRU_AES128
 -v 3
 -l NTRU-AES128-SHA
 -n
 -c ./certs/ntru-cert.pem
 -k ./certs/ntru-key.raw
 # client TLSv1.2 NTRU_AES128
 -v 3
 -l NTRU-AES128-SHA
 # server TLSv1.2 NTRU_AES256
 -v 3
 -l NTRU-AES256-SHA
 -n
 -c ./certs/ntru-cert.pem
 -k ./certs/ntru-key.raw
 # client TLSv1.2 NTRU_AES256
 -v 3
 -l NTRU-AES256-SHA
--- a/FreeRTOS-Plus/CyaSSL/tests/test-openssl.conf
+++ b/FreeRTOS-Plus/CyaSSL/tests/test-openssl.conf
@ -0,0 +1,96 @@
 # server TLSv1 DHE AES128
 -v 1
 -l DHE-RSA-AES128-SHA
 # client TLSv1 DHE AES128
 -v 1
 -l DHE-RSA-AES128-SHA
 # server TLSv1 DHE AES256
 -v 1
 -l DHE-RSA-AES256-SHA
 # client TLSv1 DHE AES256
 -v 1
 -l DHE-RSA-AES256-SHA
 # server TLSv1 DHE AES128-SHA256
 -v 1
 -l DHE-RSA-AES128-SHA256
 # client TLSv1 DHE AES128-SHA256
 -v 1
 -l DHE-RSA-AES128-SHA256
 # server TLSv1 DHE AES256-SHA256
 -v 1
 -l DHE-RSA-AES256-SHA256
 # client TLSv1 DHE AES256-SHA256
 -v 1
 -l DHE-RSA-AES256-SHA256
 # server TLSv1.1 DHE AES128
 -v 2
 -l DHE-RSA-AES128-SHA
 # client TLSv1.1 DHE AES128
 -v 2
 -l DHE-RSA-AES128-SHA
 # server TLSv1.1 DHE AES256
 -v 2
 -l DHE-RSA-AES256-SHA
 # client TLSv1.1 DHE AES256
 -v 2
 -l DHE-RSA-AES256-SHA
 # server TLSv1.1 DHE AES128-SHA256
 -v 2
 -l DHE-RSA-AES128-SHA256
 # client TLSv1.1 DHE AES128-SHA256
 -v 2
 -l DHE-RSA-AES128-SHA256
 # server TLSv1.1 DHE AES256-SHA256
 -v 2
 -l DHE-RSA-AES256-SHA256
 # client TLSv1.1 DHE AES256-SHA256
 -v 2
 -l DHE-RSA-AES256-SHA256
 # server TLSv1.2 DHE AES128
 -v 3
 -l DHE-RSA-AES128-SHA
 # client TLSv1.2 DHE AES128
 -v 3
 -l DHE-RSA-AES128-SHA
 # server TLSv1.2 DHE AES256
 -v 3
 -l DHE-RSA-AES256-SHA
 # client TLSv1.2 DHE AES256
 -v 3
 -l DHE-RSA-AES256-SHA
 # server TLSv1.2 DHE AES128-SHA256
 -v 3
 -l DHE-RSA-AES128-SHA256
 # client TLSv1.2 DHE AES128-SHA256
 -v 3
 -l DHE-RSA-AES128-SHA256
 # server TLSv1.2 DHE AES256-SHA256
 -v 3
 -l DHE-RSA-AES256-SHA256
 # client TLSv1.2 DHE AES256-SHA256
 -v 3
 -l DHE-RSA-AES256-SHA256
--- a/FreeRTOS-Plus/CyaSSL/tests/test-psk.conf
+++ b/FreeRTOS-Plus/CyaSSL/tests/test-psk.conf
@ -0,0 +1,60 @@
 # server TLSv1 PSK-AES128
 -s
 -v 1
 -l PSK-AES128-CBC-SHA
 # client TLSv1 PSK-AES128
 -s
 -v 1
 -l PSK-AES128-CBC-SHA
 # server TLSv1 PSK-AES256
 -s
 -v 1
 -l PSK-AES256-CBC-SHA
 # client TLSv1 PSK-AES256
 -s
 -v 1
 -l PSK-AES256-CBC-SHA
 # server TLSv1.1 PSK-AES128
 -s
 -v 2
 -l PSK-AES128-CBC-SHA
 # client TLSv1.1 PSK-AES128
 -s
 -v 2
 -l PSK-AES128-CBC-SHA
 # server TLSv1.1 PSK-AES256
 -s
 -v 2
 -l PSK-AES256-CBC-SHA
 # client TLSv1.1 PSK-AES256
 -s
 -v 2
 -l PSK-AES256-CBC-SHA
 # server TLSv1.2 PSK-AES128
 -s
 -v 3
 -l PSK-AES128-CBC-SHA
 # client TLSv1.2 PSK-AES128
 -s
 -v 3
 -l PSK-AES128-CBC-SHA
 # server TLSv1.2 PSK-AES256
 -s
 -v 3
 -l PSK-AES256-CBC-SHA
 # client TLSv1.2 PSK-AES256
 -s
 -v 3
 -l PSK-AES256-CBC-SHA
--- a/FreeRTOS-Plus/CyaSSL/tests/test.conf
+++ b/FreeRTOS-Plus/CyaSSL/tests/test.conf
@ -0,0 +1,216 @@
 # server SSLv3 RC4-SHA
 -v 0
 -l RC4-SHA
 # client SSLv3 RC4-SHA
 -v 0
 -l RC4-SHA
 # server SSLv3 RC4-MD5
 -v 0
 -l RC4-MD5
 # client SSLv3 RC4-MD5
 -v 0
 -l RC4-MD5
 # server SSLv3 DES-CBC3-SHA
 -v 0
 -l DES-CBC3-SHA
 # client SSLv3 DES-CBC3-SHA
 -v 0
 -l DES-CBC3-SHA
 # server TLSv1 RC4-SHA
 -v 1
 -l RC4-SHA
 # client TLSv1 RC4-SHA
 -v 1
 -l RC4-SHA
 # server TLSv1 RC4-MD5
 -v 1
 -l RC4-MD5
 # client TLSv1 RC4-MD5
 -v 1
 -l RC4-MD5
 # server TLSv1 DES-CBC3-SHA
 -v 1
 -l DES-CBC3-SHA
 # client TLSv1 DES-CBC3-SHA
 -v 1
 -l DES-CBC3-SHA
 # server TLSv1 AES128-SHA
 -v 1
 -l AES128-SHA
 # client TLSv1 AES128-SHA
 -v 1
 -l AES128-SHA
 # server TLSv1 AES256-SHA
 -v 1
 -l AES256-SHA
 # client TLSv1 AES256-SHA
 -v 1
 -l AES256-SHA
 # server TLSv1 AES128-SHA256
 -v 1
 -l AES128-SHA256
 # client TLSv1 AES128-SHA256
 -v 1
 -l AES128-SHA256
 # server TLSv1 AES256-SHA256
 -v 1
 -l AES256-SHA256
 # client TLSv1 AES256-SHA256
 -v 1
 -l AES256-SHA256
 # server TLSv1 RABBIT-SHA
 -v 1
 -l RABBIT-SHA
 # client TLSv1 RABBIT-SHA
 -v 1
 -l RABBIT-SHA
 # server TLSv1.1 RC4-SHA
 -v 2
 -l RC4-SHA
 # client TLSv1.1 RC4-SHA
 -v 2
 -l RC4-SHA
 # server TLSv1.1 RC4-MD5
 -v 2
 -l RC4-MD5
 # client TLSv1.1 RC4-MD5
 -v 2
 -l RC4-MD5
 # server TLSv1.1 DES-CBC3-SHA
 -v 2
 -l DES-CBC3-SHA
 # client TLSv1.1 DES-CBC3-SHA
 -v 2
 -l DES-CBC3-SHA
 # server TLSv1.1 AES128-SHA
 -v 2
 -l AES128-SHA
 # client TLSv1.1 AES128-SHA
 -v 2
 -l AES128-SHA
 # server TLSv1.1 AES256-SHA
 -v 2
 -l AES256-SHA
 # client TLSv1.1 AES256-SHA
 -v 2
 -l AES256-SHA
 # server TLSv1.1 AES128-SHA256
 -v 2
 -l AES128-SHA256
 # client TLSv1.1 AES128-SHA256
 -v 2
 -l AES128-SHA256
 # server TLSv1.1 AES256-SHA256
 -v 2
 -l AES256-SHA256
 # client TLSv1.1 AES256-SHA256
 -v 2
 -l AES256-SHA256
 # server TLSv1.1 RABBIT-SHA
 -v 2
 -l RABBIT-SHA
 # client TLSv1.1 RABBIT-SHA
 -v 2
 -l RABBIT-SHA
 # server TLSv1.2 RC4-SHA
 -v 3
 -l RC4-SHA
 # client TLSv1.2 RC4-SHA
 -v 3
 -l RC4-SHA
 # server TLSv1.2 RC4-MD5
 -v 3
 -l RC4-MD5
 # client TLSv1.2 RC4-MD5
 -v 3
 -l RC4-MD5
 # server TLSv1.2 DES-CBC3-SHA
 -v 3
 -l DES-CBC3-SHA
 # client TLSv1.2 DES-CBC3-SHA
 -v 3
 -l DES-CBC3-SHA
 # server TLSv1.2 AES128-SHA
 -v 3
 -l AES128-SHA
 # client TLSv1.2 AES128-SHA
 -v 3
 -l AES128-SHA
 # server TLSv1.2 AES256-SHA
 -v 3
 -l AES256-SHA
 # client TLSv1.2 AES256-SHA
 -v 3
 -l AES256-SHA
 # server TLSv1.2 AES128-SHA256
 -v 3
 -l AES128-SHA256
 # client TLSv1.2 AES128-SHA256
 -v 3
 -l AES128-SHA256
 # server TLSv1.2 AES256-SHA256
 -v 3
 -l AES256-SHA256
 # client TLSv1.2 AES256-SHA256
 -v 3
 -l AES256-SHA256
 # server TLSv1.2 RABBIT-SHA
 -v 3
 -l RABBIT-SHA
 # client TLSv1.2 RABBIT-SHA
 -v 3
 -l RABBIT-SHA
--- a/FreeRTOS-Plus/CyaSSL/tests/unit.c
+++ b/FreeRTOS-Plus/CyaSSL/tests/unit.c
@ -1,16 +1,89 @@
 /* unit.c unit tests driver */
 #include <stdio.h>
-#include "unit.h"
+#include <tests/unit.h>
 int myoptind = 0;
 char* myoptarg = NULL;
 int main(int argc, char** argv)
 {
-    printf("hello unit tests\n");
+    int ret;
-    if (ApiTest() != 0)
+    printf("staring unit tests...\n");
        printf("api test failed\n");
-    if (HashTest() != 0)
+    if ( (ret = ApiTest()) != 0) {
-        printf("hash test failed\n");
+        printf("api test failed with %d\n", ret);
        return ret;
    }
    if ( (ret = HashTest()) != 0){
        printf("hash test failed with %d\n", ret);
        return ret;
    }
    if ( (ret = SuiteTest()) != 0){
        printf("suite test failed with %d\n", ret);
        return ret;
    }
    return 0;
 }
 void wait_tcp_ready(func_args* args)
 {
 #ifdef _POSIX_THREADS
    pthread_mutex_lock(&args->signal->mutex);
    if (!args->signal->ready)
        pthread_cond_wait(&args->signal->cond, &args->signal->mutex);
    args->signal->ready = 0; /* reset */
    pthread_mutex_unlock(&args->signal->mutex);
 #endif
 }
 void start_thread(THREAD_FUNC fun, func_args* args, THREAD_TYPE* thread)
 {
 #ifdef _POSIX_THREADS
    pthread_create(thread, 0, fun, args);
    return;
 #else
    *thread = (THREAD_TYPE)_beginthreadex(0, 0, fun, args, 0, 0);
 #endif
 }
 void join_thread(THREAD_TYPE thread)
 {
 #ifdef _POSIX_THREADS
    pthread_join(thread, 0);
 #else
    int res = WaitForSingleObject(thread, INFINITE);
    assert(res == WAIT_OBJECT_0);
    res = CloseHandle(thread);
    assert(res);
 #endif
 }
 void InitTcpReady(tcp_ready* ready)
 {
    ready->ready = 0;
 #ifdef _POSIX_THREADS
      pthread_mutex_init(&ready->mutex, 0);
      pthread_cond_init(&ready->cond, 0);
 #endif
 }
 void FreeTcpReady(tcp_ready* ready)
 {
 #ifdef _POSIX_THREADS
    pthread_mutex_destroy(&ready->mutex);
    pthread_cond_destroy(&ready->cond);
 #endif
 }
--- a/FreeRTOS-Plus/CyaSSL/tests/unit.h
+++ b/FreeRTOS-Plus/CyaSSL/tests/unit.h
@ -1,6 +1,13 @@
 /* unit.h unit tests driver */
 #ifndef CyaSSL_UNIT_H
 #define CyaSSL_UNIT_H
 #include <cyassl/test.h>    /* thread and tcp stuff */
 int ApiTest(void);
 int SuiteTest(void);
 int HashTest(void);
 #endif /* CyaSSL_UNIT_H */
--- a/FreeRTOS-Plus/CyaSSL/testsuite/testsuite.c
+++ b/FreeRTOS-Plus/CyaSSL/testsuite/testsuite.c
@ -32,7 +32,6 @@
           and the examples/ individually
 #endif
 void wait_tcp_ready(func_args*);
 void ctaocrypt_test(void*);
 void client_test(void*);
@ -48,6 +47,10 @@ enum {
 };
 int myoptind = 0;
 char* myoptarg = NULL;
 int main(int argc, char** argv)
 {
    func_args args;
--- a/FreeRTOS-Plus/Demo_Projects_Using_FreeRTOS_Simulator/FreeRTOS_Plus_CLI_with_Trace/CLI-commands.c
+++ b/FreeRTOS-Plus/Demo_Projects_Using_FreeRTOS_Simulator/FreeRTOS_Plus_CLI_with_Trace/CLI-commands.c
@ -108,7 +108,7 @@ static portBASE_TYPE prvStartStopTraceCommand( int8_t *pcWriteBuffer, size_t xWr
 static const CLI_Command_Definition_t xRunTimeStats =
 {
 	( const int8_t * const ) "run-time-stats", /* The command string to type. */
-	( const int8_t * const ) "run-time-stats: Displays a table showing how much processing time each FreeRTOS task has used\r\n",
+	( const int8_t * const ) "\r\nrun-time-stats:\r\n Displays a table showing how much processing time each FreeRTOS task has used\r\n\r\n",
 	prvRunTimeStatsCommand, /* The function to run. */
 	0 /* No parameters are expected. */
 };
@ -117,7 +117,7 @@ static const CLI_Command_Definition_t xRunTimeStats =
 static const CLI_Command_Definition_t xTaskStats =
 {
 	( const int8_t * const ) "task-stats", /* The command string to type. */
-	( const int8_t * const ) "task-stats: Displays a table showing the state of each FreeRTOS task\r\n",
+	( const int8_t * const ) "\r\ntask-stats:\r\n Displays a table showing the state of each FreeRTOS task\r\n\r\n",
 	prvTaskStatsCommand, /* The function to run. */
 	0 /* No parameters are expected. */
 };
@ -128,7 +128,7 @@ time. */
 static const CLI_Command_Definition_t xThreeParameterEcho =
 {
 	( const int8_t * const ) "echo_3_parameters",
-	( const int8_t * const ) "echo_3_parameters: <param1> <param2> <param3> Expects three parameters, echos each in turn\r\n",
+	( const int8_t * const ) "\r\necho_3_parameters <param1> <param2> <param3>:\r\n Expects three parameters, echos each in turn\r\n\r\n",
 	prvThreeParameterEchoCommand, /* The function to run. */
 	3 /* Three parameters are expected, which can take any value. */
 };
@ -139,7 +139,7 @@ a time. */
 static const CLI_Command_Definition_t xParameterEcho =
 {
 	( const int8_t * const ) "echo_parameters",
-	( const int8_t * const ) "echo_parameters: <...> Take variable number of parameters, echos each in turn\r\n",
+	( const int8_t * const ) "\r\necho_parameters <...>:\r\n Take variable number of parameters, echos each in turn\r\n\r\n",
 	prvParameterEchoCommand, /* The function to run. */
 	-1 /* The user can enter any number of commands. */
 };
@ -149,7 +149,7 @@ parameter, which can be either "start" or "stop". */
 static const CLI_Command_Definition_t xStartTrace =
 {
 	( const int8_t * const ) "trace",
-	( const int8_t * const ) "trace: [start | stop] Starts or stops a trace recording for viewing in FreeRTOS+Trace\r\n",
+	( const int8_t * const ) "\r\ntrace [start | stop]:\r\n Starts or stops a trace recording for viewing in FreeRTOS+Trace\r\n\r\n",
 	prvStartStopTraceCommand, /* The function to run. */
 	1 /* One parameter is expected.  Valid values are "start" and "stop". */
 };
--- a/FreeRTOS/Demo/ARM7_AT91FR40008_GCC/FreeRTOSConfig.h
+++ b/FreeRTOS/Demo/ARM7_AT91FR40008_GCC/FreeRTOSConfig.h
@ -1,5 +1,5 @@
 /*
-    FreeRTOS V7.1.1 - Copyright (C) 2012 Real Time Engineers Ltd.
+    FreeRTOS V7.2.0 - Copyright (C) 2012 Real Time Engineers Ltd.
    ***************************************************************************
--- a/FreeRTOS/Demo/ARM7_AT91FR40008_GCC/Makefile
+++ b/FreeRTOS/Demo/ARM7_AT91FR40008_GCC/Makefile
@ -1,5 +1,5 @@
 #/*
-#    FreeRTOS V7.1.1 - Copyright (C) 2012 Real Time Engineers Ltd.
+#    FreeRTOS V7.2.0 - Copyright (C) 2012 Real Time Engineers Ltd.
 #	
 #
 #    ***************************************************************************
--- a/FreeRTOS/Demo/ARM7_AT91FR40008_GCC/ParTest/ParTest.c
+++ b/FreeRTOS/Demo/ARM7_AT91FR40008_GCC/ParTest/ParTest.c
@ -1,5 +1,5 @@
 /*
-    FreeRTOS V7.1.1 - Copyright (C) 2012 Real Time Engineers Ltd.
+    FreeRTOS V7.2.0 - Copyright (C) 2012 Real Time Engineers Ltd.
    ***************************************************************************
--- a/FreeRTOS/Demo/ARM7_AT91FR40008_GCC/main.c
+++ b/FreeRTOS/Demo/ARM7_AT91FR40008_GCC/main.c
@ -1,5 +1,5 @@
 /*
-    FreeRTOS V7.1.1 - Copyright (C) 2012 Real Time Engineers Ltd.
+    FreeRTOS V7.2.0 - Copyright (C) 2012 Real Time Engineers Ltd.
    ***************************************************************************
--- a/FreeRTOS/Demo/ARM7_AT91FR40008_GCC/serial/serial.c
+++ b/FreeRTOS/Demo/ARM7_AT91FR40008_GCC/serial/serial.c
@ -1,5 +1,5 @@
 /*
-    FreeRTOS V7.1.1 - Copyright (C) 2012 Real Time Engineers Ltd.
+    FreeRTOS V7.2.0 - Copyright (C) 2012 Real Time Engineers Ltd.
    ***************************************************************************
--- a/FreeRTOS/Demo/ARM7_AT91FR40008_GCC/serial/serialISR.c
+++ b/FreeRTOS/Demo/ARM7_AT91FR40008_GCC/serial/serialISR.c
@ -1,5 +1,5 @@
 /*
-    FreeRTOS V7.1.1 - Copyright (C) 2012 Real Time Engineers Ltd.
+    FreeRTOS V7.2.0 - Copyright (C) 2012 Real Time Engineers Ltd.
    ***************************************************************************
--- a/FreeRTOS/Demo/ARM7_AT91SAM7S64_IAR/FreeRTOSConfig.h
+++ b/FreeRTOS/Demo/ARM7_AT91SAM7S64_IAR/FreeRTOSConfig.h
@ -1,5 +1,5 @@
 /*
-    FreeRTOS V7.1.1 - Copyright (C) 2012 Real Time Engineers Ltd.
+    FreeRTOS V7.2.0 - Copyright (C) 2012 Real Time Engineers Ltd.
    ***************************************************************************
--- a/FreeRTOS/Demo/ARM7_AT91SAM7S64_IAR/ParTest/ParTest.c
+++ b/FreeRTOS/Demo/ARM7_AT91SAM7S64_IAR/ParTest/ParTest.c
@ -1,5 +1,5 @@
 /*
-    FreeRTOS V7.1.1 - Copyright (C) 2012 Real Time Engineers Ltd.
+    FreeRTOS V7.2.0 - Copyright (C) 2012 Real Time Engineers Ltd.
    ***************************************************************************
--- a/FreeRTOS/Demo/ARM7_AT91SAM7S64_IAR/USB/USBSample.c
+++ b/FreeRTOS/Demo/ARM7_AT91SAM7S64_IAR/USB/USBSample.c
@ -1,5 +1,5 @@
 /*
-    FreeRTOS V7.1.1 - Copyright (C) 2012 Real Time Engineers Ltd.
+    FreeRTOS V7.2.0 - Copyright (C) 2012 Real Time Engineers Ltd.
    ***************************************************************************
--- a/FreeRTOS/Demo/ARM7_AT91SAM7S64_IAR/main.c
+++ b/FreeRTOS/Demo/ARM7_AT91SAM7S64_IAR/main.c
@ -1,5 +1,5 @@
 /*
-    FreeRTOS V7.1.1 - Copyright (C) 2012 Real Time Engineers Ltd.
+    FreeRTOS V7.2.0 - Copyright (C) 2012 Real Time Engineers Ltd.
    ***************************************************************************
--- a/FreeRTOS/Demo/ARM7_AT91SAM7S64_IAR/serial/serial.c
+++ b/FreeRTOS/Demo/ARM7_AT91SAM7S64_IAR/serial/serial.c
@ -1,5 +1,5 @@
 /*
-    FreeRTOS V7.1.1 - Copyright (C) 2012 Real Time Engineers Ltd.
+    FreeRTOS V7.2.0 - Copyright (C) 2012 Real Time Engineers Ltd.
    ***************************************************************************
--- a/FreeRTOS/Demo/ARM7_AT91SAM7X256_Eclipse/RTOSDemo/FreeRTOSConfig.h
+++ b/FreeRTOS/Demo/ARM7_AT91SAM7X256_Eclipse/RTOSDemo/FreeRTOSConfig.h
@ -1,5 +1,5 @@
 /*
-    FreeRTOS V7.1.1 - Copyright (C) 2012 Real Time Engineers Ltd.
+    FreeRTOS V7.2.0 - Copyright (C) 2012 Real Time Engineers Ltd.
    ***************************************************************************
--- a/FreeRTOS/Demo/ARM7_AT91SAM7X256_Eclipse/RTOSDemo/Makefile
+++ b/FreeRTOS/Demo/ARM7_AT91SAM7X256_Eclipse/RTOSDemo/Makefile
@ -1,5 +1,5 @@
 #/*
-#    FreeRTOS V7.1.1 - Copyright (C) 2012 Real Time Engineers Ltd.
+#    FreeRTOS V7.2.0 - Copyright (C) 2012 Real Time Engineers Ltd.
 #	
 #
 #    ***************************************************************************
--- a/FreeRTOS/Demo/ARM7_AT91SAM7X256_Eclipse/RTOSDemo/ParTest/ParTest.c
+++ b/FreeRTOS/Demo/ARM7_AT91SAM7X256_Eclipse/RTOSDemo/ParTest/ParTest.c
@ -1,5 +1,5 @@
 /*
-    FreeRTOS V7.1.1 - Copyright (C) 2012 Real Time Engineers Ltd.
+    FreeRTOS V7.2.0 - Copyright (C) 2012 Real Time Engineers Ltd.
    ***************************************************************************
--- a/FreeRTOS/Demo/ARM7_AT91SAM7X256_Eclipse/RTOSDemo/USB/USBSample.c
+++ b/FreeRTOS/Demo/ARM7_AT91SAM7X256_Eclipse/RTOSDemo/USB/USBSample.c
@ -1,5 +1,5 @@
 /*
-    FreeRTOS V7.1.1 - Copyright (C) 2012 Real Time Engineers Ltd.
+    FreeRTOS V7.2.0 - Copyright (C) 2012 Real Time Engineers Ltd.
    ***************************************************************************
--- a/FreeRTOS/Demo/ARM7_AT91SAM7X256_Eclipse/RTOSDemo/USB/USBSample.h
+++ b/FreeRTOS/Demo/ARM7_AT91SAM7X256_Eclipse/RTOSDemo/USB/USBSample.h
@ -1,5 +1,5 @@
 /*
-    FreeRTOS V7.1.1 - Copyright (C) 2012 Real Time Engineers Ltd.
+    FreeRTOS V7.2.0 - Copyright (C) 2012 Real Time Engineers Ltd.
    ***************************************************************************
--- a/FreeRTOS/Demo/ARM7_AT91SAM7X256_Eclipse/RTOSDemo/USB/USB_ISR.c
+++ b/FreeRTOS/Demo/ARM7_AT91SAM7X256_Eclipse/RTOSDemo/USB/USB_ISR.c
@ -1,5 +1,5 @@
 /*
-    FreeRTOS V7.1.1 - Copyright (C) 2012 Real Time Engineers Ltd.
+    FreeRTOS V7.2.0 - Copyright (C) 2012 Real Time Engineers Ltd.
    ***************************************************************************
--- a/FreeRTOS/Demo/ARM7_AT91SAM7X256_Eclipse/RTOSDemo/main.c
+++ b/FreeRTOS/Demo/ARM7_AT91SAM7X256_Eclipse/RTOSDemo/main.c
@ -1,5 +1,5 @@
 /*
-    FreeRTOS V7.1.1 - Copyright (C) 2012 Real Time Engineers Ltd.
+    FreeRTOS V7.2.0 - Copyright (C) 2012 Real Time Engineers Ltd.
    ***************************************************************************
--- a/FreeRTOS/Demo/ARM7_AT91SAM7X256_Eclipse/RTOSDemo/webserver/EMAC_ISR.c
+++ b/FreeRTOS/Demo/ARM7_AT91SAM7X256_Eclipse/RTOSDemo/webserver/EMAC_ISR.c
@ -1,5 +1,5 @@
 /*
-    FreeRTOS V7.1.1 - Copyright (C) 2012 Real Time Engineers Ltd.
+    FreeRTOS V7.2.0 - Copyright (C) 2012 Real Time Engineers Ltd.
    ***************************************************************************
--- a/FreeRTOS/Demo/ARM7_AT91SAM7X256_Eclipse/RTOSDemo/webserver/SAM7_EMAC.c
+++ b/FreeRTOS/Demo/ARM7_AT91SAM7X256_Eclipse/RTOSDemo/webserver/SAM7_EMAC.c
@ -1,5 +1,5 @@
 /*
-    FreeRTOS V7.1.1 - Copyright (C) 2012 Real Time Engineers Ltd.
+    FreeRTOS V7.2.0 - Copyright (C) 2012 Real Time Engineers Ltd.
    ***************************************************************************
--- a/FreeRTOS/Demo/ARM7_AT91SAM7X256_Eclipse/RTOSDemo/webserver/SAM7_EMAC.h
+++ b/FreeRTOS/Demo/ARM7_AT91SAM7X256_Eclipse/RTOSDemo/webserver/SAM7_EMAC.h
@ -1,5 +1,5 @@
 /*
-    FreeRTOS V7.1.1 - Copyright (C) 2012 Real Time Engineers Ltd.
+    FreeRTOS V7.2.0 - Copyright (C) 2012 Real Time Engineers Ltd.
    ***************************************************************************
--- a/FreeRTOS/Demo/ARM7_AT91SAM7X256_Eclipse/RTOSDemo/webserver/uIP_Task.h
+++ b/FreeRTOS/Demo/ARM7_AT91SAM7X256_Eclipse/RTOSDemo/webserver/uIP_Task.h
@ -1,5 +1,5 @@
 /*
-    FreeRTOS V7.1.1 - Copyright (C) 2012 Real Time Engineers Ltd.
+    FreeRTOS V7.2.0 - Copyright (C) 2012 Real Time Engineers Ltd.
    ***************************************************************************
--- a/FreeRTOS/Demo/ARM7_LPC2106_GCC/FreeRTOSConfig.h
+++ b/FreeRTOS/Demo/ARM7_LPC2106_GCC/FreeRTOSConfig.h
@ -1,5 +1,5 @@
 /*
-    FreeRTOS V7.1.1 - Copyright (C) 2012 Real Time Engineers Ltd.
+    FreeRTOS V7.2.0 - Copyright (C) 2012 Real Time Engineers Ltd.
    ***************************************************************************
--- a/FreeRTOS/Demo/ARM7_LPC2106_GCC/Makefile
+++ b/FreeRTOS/Demo/ARM7_LPC2106_GCC/Makefile
@ -1,5 +1,5 @@
 #/*
-#    FreeRTOS V7.1.1 - Copyright (C) 2012 Real Time Engineers Ltd.
+#    FreeRTOS V7.2.0 - Copyright (C) 2012 Real Time Engineers Ltd.
 #	
 #
 #    ***************************************************************************
--- a/FreeRTOS/Demo/ARM7_LPC2106_GCC/ParTest/ParTest.c
+++ b/FreeRTOS/Demo/ARM7_LPC2106_GCC/ParTest/ParTest.c
@ -1,5 +1,5 @@
 /*
-    FreeRTOS V7.1.1 - Copyright (C) 2012 Real Time Engineers Ltd.
+    FreeRTOS V7.2.0 - Copyright (C) 2012 Real Time Engineers Ltd.
    ***************************************************************************
--- a/FreeRTOS/Demo/ARM7_LPC2106_GCC/main.c
+++ b/FreeRTOS/Demo/ARM7_LPC2106_GCC/main.c
@ -1,5 +1,5 @@
 /*
-    FreeRTOS V7.1.1 - Copyright (C) 2012 Real Time Engineers Ltd.
+    FreeRTOS V7.2.0 - Copyright (C) 2012 Real Time Engineers Ltd.
    ***************************************************************************
--- a/FreeRTOS/Demo/ARM7_LPC2106_GCC/serial/serial.c
+++ b/FreeRTOS/Demo/ARM7_LPC2106_GCC/serial/serial.c
@ -1,5 +1,5 @@
 /*
-    FreeRTOS V7.1.1 - Copyright (C) 2012 Real Time Engineers Ltd.
+    FreeRTOS V7.2.0 - Copyright (C) 2012 Real Time Engineers Ltd.
    ***************************************************************************
--- a/FreeRTOS/Demo/ARM7_LPC2106_GCC/serial/serialISR.c
+++ b/FreeRTOS/Demo/ARM7_LPC2106_GCC/serial/serialISR.c
@ -1,5 +1,5 @@
 /*
-    FreeRTOS V7.1.1 - Copyright (C) 2012 Real Time Engineers Ltd.
+    FreeRTOS V7.2.0 - Copyright (C) 2012 Real Time Engineers Ltd.
    ***************************************************************************
--- a/Show more
+++ b/Show more