List:Commits« Previous MessageNext Message »
From:Georgi Kodinov Date:May 17 2012 12:11pm
Subject:bzr push into mysql-trunk branch (Georgi.Kodinov:3866 to 3867) Bug#13713205
View as plain text  
 3867 Georgi Kodinov	2012-05-17
      Bug #13713205: upgrade yassl from 1.7.2 to 2.1.4 for mysql-trunk 
         
      Upgraded the baseline yassl library to 2.1.4. 
      Done by taking the diff against the previous baseline (1.7.2) and 
      applying it to the new baseline (2.1.4).

    removed:
      extra/yassl/taocrypt/test.dsp
      extra/yassl/taocrypt/test.dsw
    added:
      extra/yassl/src/template_instnt.cpp
      extra/yassl/taocrypt/include/hc128.hpp
      extra/yassl/taocrypt/include/rabbit.hpp
      extra/yassl/taocrypt/src/hc128.cpp
      extra/yassl/taocrypt/src/rabbit.cpp
      extra/yassl/taocrypt/src/template_instnt.cpp
    modified:
      extra/yassl/INSTALL
      extra/yassl/README
      extra/yassl/certs/ca-cert.pem
      extra/yassl/certs/client-cert.pem
      extra/yassl/certs/client-key.pem
      extra/yassl/certs/dsa-cert.pem
      extra/yassl/certs/server-cert.pem
      extra/yassl/certs/server-key.pem
      extra/yassl/certs/taoCert.txt
      extra/yassl/examples/client/client.cpp
      extra/yassl/examples/echoclient/echoclient.cpp
      extra/yassl/examples/echoserver/echoserver.cpp
      extra/yassl/examples/server/server.cpp
      extra/yassl/include/buffer.hpp
      extra/yassl/include/cert_wrapper.hpp
      extra/yassl/include/crypto_wrapper.hpp
      extra/yassl/include/factory.hpp
      extra/yassl/include/handshake.hpp
      extra/yassl/include/lock.hpp
      extra/yassl/include/log.hpp
      extra/yassl/include/openssl/ssl.h
      extra/yassl/include/socket_wrapper.hpp
      extra/yassl/include/timer.hpp
      extra/yassl/include/yassl.hpp
      extra/yassl/include/yassl_error.hpp
      extra/yassl/include/yassl_imp.hpp
      extra/yassl/include/yassl_int.hpp
      extra/yassl/include/yassl_types.hpp
      extra/yassl/src/buffer.cpp
      extra/yassl/src/cert_wrapper.cpp
      extra/yassl/src/crypto_wrapper.cpp
      extra/yassl/src/handshake.cpp
      extra/yassl/src/lock.cpp
      extra/yassl/src/log.cpp
      extra/yassl/src/socket_wrapper.cpp
      extra/yassl/src/ssl.cpp
      extra/yassl/src/timer.cpp
      extra/yassl/src/yassl.cpp
      extra/yassl/src/yassl_error.cpp
      extra/yassl/src/yassl_imp.cpp
      extra/yassl/src/yassl_int.cpp
      extra/yassl/taocrypt/README
      extra/yassl/taocrypt/benchmark/benchmark.cpp
      extra/yassl/taocrypt/benchmark/benchmark.dsp
      extra/yassl/taocrypt/include/aes.hpp
      extra/yassl/taocrypt/include/algebra.hpp
      extra/yassl/taocrypt/include/arc4.hpp
      extra/yassl/taocrypt/include/asn.hpp
      extra/yassl/taocrypt/include/block.hpp
      extra/yassl/taocrypt/include/blowfish.hpp
      extra/yassl/taocrypt/include/coding.hpp
      extra/yassl/taocrypt/include/des.hpp
      extra/yassl/taocrypt/include/dh.hpp
      extra/yassl/taocrypt/include/dsa.hpp
      extra/yassl/taocrypt/include/error.hpp
      extra/yassl/taocrypt/include/file.hpp
      extra/yassl/taocrypt/include/hash.hpp
      extra/yassl/taocrypt/include/hmac.hpp
      extra/yassl/taocrypt/include/integer.hpp
      extra/yassl/taocrypt/include/kernelc.hpp
      extra/yassl/taocrypt/include/md2.hpp
      extra/yassl/taocrypt/include/md4.hpp
      extra/yassl/taocrypt/include/md5.hpp
      extra/yassl/taocrypt/include/misc.hpp
      extra/yassl/taocrypt/include/modarith.hpp
      extra/yassl/taocrypt/include/modes.hpp
      extra/yassl/taocrypt/include/pwdbased.hpp
      extra/yassl/taocrypt/include/random.hpp
      extra/yassl/taocrypt/include/ripemd.hpp
      extra/yassl/taocrypt/include/rsa.hpp
      extra/yassl/taocrypt/include/runtime.hpp
      extra/yassl/taocrypt/include/sha.hpp
      extra/yassl/taocrypt/include/twofish.hpp
      extra/yassl/taocrypt/include/type_traits.hpp
      extra/yassl/taocrypt/include/types.hpp
      extra/yassl/taocrypt/mySTL/algorithm.hpp
      extra/yassl/taocrypt/mySTL/helpers.hpp
      extra/yassl/taocrypt/mySTL/list.hpp
      extra/yassl/taocrypt/mySTL/memory.hpp
      extra/yassl/taocrypt/mySTL/memory_array.hpp
      extra/yassl/taocrypt/mySTL/pair.hpp
      extra/yassl/taocrypt/mySTL/stdexcept.hpp
      extra/yassl/taocrypt/mySTL/vector.hpp
      extra/yassl/taocrypt/src/aes.cpp
      extra/yassl/taocrypt/src/aestables.cpp
      extra/yassl/taocrypt/src/algebra.cpp
      extra/yassl/taocrypt/src/arc4.cpp
      extra/yassl/taocrypt/src/asn.cpp
      extra/yassl/taocrypt/src/bftables.cpp
      extra/yassl/taocrypt/src/blowfish.cpp
      extra/yassl/taocrypt/src/coding.cpp
      extra/yassl/taocrypt/src/crypto.cpp
      extra/yassl/taocrypt/src/des.cpp
      extra/yassl/taocrypt/src/dh.cpp
      extra/yassl/taocrypt/src/dsa.cpp
      extra/yassl/taocrypt/src/file.cpp
      extra/yassl/taocrypt/src/hash.cpp
      extra/yassl/taocrypt/src/integer.cpp
      extra/yassl/taocrypt/src/md2.cpp
      extra/yassl/taocrypt/src/md4.cpp
      extra/yassl/taocrypt/src/md5.cpp
      extra/yassl/taocrypt/src/misc.cpp
      extra/yassl/taocrypt/src/random.cpp
      extra/yassl/taocrypt/src/ripemd.cpp
      extra/yassl/taocrypt/src/rsa.cpp
      extra/yassl/taocrypt/src/sha.cpp
      extra/yassl/taocrypt/src/tftables.cpp
      extra/yassl/taocrypt/src/twofish.cpp
      extra/yassl/taocrypt/taocrypt.dsp
      extra/yassl/taocrypt/test/memory.cpp
      extra/yassl/taocrypt/test/test.cpp
      extra/yassl/testsuite/test.hpp
      extra/yassl/testsuite/testsuite.cpp
 3866 Alexander Nozdrin	2012-05-17
      Bug#14057174: VALGRIND FAILURE OBSERVED IN MAIN.SP-BUGS ON MYSQL-TRUNK.
      
      The cause of this bug was wrong merge.

    modified:
      sql/sql_class.cc
=== modified file 'extra/yassl/INSTALL'
--- a/extra/yassl/INSTALL	2012-03-21 14:27:34 +0000
+++ b/extra/yassl/INSTALL	2012-05-17 12:10:48 +0000
@@ -1,13 +1,19 @@
-Copyright (C) 1994, 1995, 1996, 1999, 2000, 2001, 2002 Free Software
-Foundation, Inc.
+Installation Instructions
+*************************
 
-   This file is free documentation; the Free Software Foundation gives
+Copyright (C) 1994, 1995, 1996, 1999, 2000, 2001, 2002, 2004, 2005,
+2006 Free Software Foundation, Inc.
+
+This file is free documentation; the Free Software Foundation gives
 unlimited permission to copy, distribute and modify it.
 
 Basic Installation
 ==================
 
-   These are generic installation instructions.
+Briefly, the shell commands `./configure; make; make install' should
+configure, build, and install this package.  The following
+more-detailed instructions are generic; see the `README' file for
+instructions specific to this package.
 
    The `configure' shell script attempts to guess correct values for
 various system-dependent variables used during compilation.  It uses
@@ -20,9 +26,9 @@ debugging `configure').
 
    It can also use an optional file (typically called `config.cache'
 and enabled with `--cache-file=config.cache' or simply `-C') that saves
-the results of its tests to speed up reconfiguring.  (Caching is
+the results of its tests to speed up reconfiguring.  Caching is
 disabled by default to prevent problems with accidental use of stale
-cache files.)
+cache files.
 
    If you need to do unusual things to compile the package, please try
 to figure out how `configure' could check whether to do them, and mail
@@ -32,20 +38,17 @@ some point `config.cache' contains resul
 may remove or edit it.
 
    The file `configure.ac' (or `configure.in') is used to create
-`configure' by a program called `autoconf'.  You only need
-`configure.ac' if you want to change it or regenerate `configure' using
-a newer version of `autoconf'.
+`configure' by a program called `autoconf'.  You need `configure.ac' if
+you want to change it or regenerate `configure' using a newer version
+of `autoconf'.
 
 The simplest way to compile this package is:
 
   1. `cd' to the directory containing the package's source code and type
-     `./configure' to configure the package for your system.  If you're
-     using `csh' on an old version of System V, you might need to type
-     `sh ./configure' instead to prevent `csh' from trying to execute
-     `configure' itself.
+     `./configure' to configure the package for your system.
 
-     Running `configure' takes awhile.  While running, it prints some
-     messages telling which features it is checking for.
+     Running `configure' might take a while.  While running, it prints
+     some messages telling which features it is checking for.
 
   2. Type `make' to compile the package.
 
@@ -67,51 +70,49 @@ The simplest way to compile this package
 Compilers and Options
 =====================
 
-   Some systems require unusual options for compilation or linking that
-the `configure' script does not know about.  Run `./configure --help'
-for details on some of the pertinent environment variables.
+Some systems require unusual options for compilation or linking that the
+`configure' script does not know about.  Run `./configure --help' for
+details on some of the pertinent environment variables.
 
    You can give `configure' initial values for configuration parameters
 by setting variables in the command line or in the environment.  Here
 is an example:
 
-     ./configure CC=c89 CFLAGS=-O2 LIBS=-lposix
+     ./configure CC=c99 CFLAGS=-g LIBS=-lposix
 
    *Note Defining Variables::, for more details.
 
 Compiling For Multiple Architectures
 ====================================
 
-   You can compile the package for more than one kind of computer at the
+You can compile the package for more than one kind of computer at the
 same time, by placing the object files for each architecture in their
-own directory.  To do this, you must use a version of `make' that
-supports the `VPATH' variable, such as GNU `make'.  `cd' to the
+own directory.  To do this, you can use GNU `make'.  `cd' to the
 directory where you want the object files and executables to go and run
 the `configure' script.  `configure' automatically checks for the
 source code in the directory that `configure' is in and in `..'.
 
-   If you have to use a `make' that does not support the `VPATH'
-variable, you have to compile the package for one architecture at a
-time in the source code directory.  After you have installed the
-package for one architecture, use `make distclean' before reconfiguring
-for another architecture.
+   With a non-GNU `make', it is safer to compile the package for one
+architecture at a time in the source code directory.  After you have
+installed the package for one architecture, use `make distclean' before
+reconfiguring for another architecture.
 
 Installation Names
 ==================
 
-   By default, `make install' will install the package's files in
-`/usr/local/bin', `/usr/local/man', etc.  You can specify an
-installation prefix other than `/usr/local' by giving `configure' the
-option `--prefix=PATH'.
+By default, `make install' installs the package's commands under
+`/usr/local/bin', include files under `/usr/local/include', etc.  You
+can specify an installation prefix other than `/usr/local' by giving
+`configure' the option `--prefix=PREFIX'.
 
    You can specify separate installation prefixes for
 architecture-specific files and architecture-independent files.  If you
-give `configure' the option `--exec-prefix=PATH', the package will use
-PATH as the prefix for installing programs and libraries.
-Documentation and other data files will still use the regular prefix.
+pass the option `--exec-prefix=PREFIX' to `configure', the package uses
+PREFIX as the prefix for installing programs and libraries.
+Documentation and other data files still use the regular prefix.
 
    In addition, if you use an unusual directory layout you can give
-options like `--bindir=PATH' to specify different values for particular
+options like `--bindir=DIR' to specify different values for particular
 kinds of files.  Run `configure --help' for a list of the directories
 you can set and what kinds of files go in them.
 
@@ -122,7 +123,7 @@ option `--program-prefix=PREFIX' or `--p
 Optional Features
 =================
 
-   Some packages pay attention to `--enable-FEATURE' options to
+Some packages pay attention to `--enable-FEATURE' options to
 `configure', where FEATURE indicates an optional part of the package.
 They may also pay attention to `--with-PACKAGE' options, where PACKAGE
 is something like `gnu-as' or `x' (for the X Window System).  The
@@ -137,11 +138,11 @@ you can use the `configure' options `--x
 Specifying the System Type
 ==========================
 
-   There may be some features `configure' cannot figure out
-automatically, but needs to determine by the type of machine the package
-will run on.  Usually, assuming the package is built to be run on the
-_same_ architectures, `configure' can figure that out, but if it prints
-a message saying it cannot guess the machine type, give it the
+There may be some features `configure' cannot figure out automatically,
+but needs to determine by the type of machine the package will run on.
+Usually, assuming the package is built to be run on the _same_
+architectures, `configure' can figure that out, but if it prints a
+message saying it cannot guess the machine type, give it the
 `--build=TYPE' option.  TYPE can either be a short name for the system
 type, such as `sun4', or a canonical name which has the form:
 
@@ -156,7 +157,7 @@ where SYSTEM can have one of these forms
 need to know the machine type.
 
    If you are _building_ compiler tools for cross-compiling, you should
-use the `--target=TYPE' option to select the type of system they will
+use the option `--target=TYPE' to select the type of system they will
 produce code for.
 
    If you want to _use_ a cross compiler, that generates code for a
@@ -167,9 +168,9 @@ eventually be run) with `--host=TYPE'.
 Sharing Defaults
 ================
 
-   If you want to set default values for `configure' scripts to share,
-you can create a site shell script called `config.site' that gives
-default values for variables like `CC', `cache_file', and `prefix'.
+If you want to set default values for `configure' scripts to share, you
+can create a site shell script called `config.site' that gives default
+values for variables like `CC', `cache_file', and `prefix'.
 `configure' looks for `PREFIX/share/config.site' if it exists, then
 `PREFIX/etc/config.site' if it exists.  Or, you can set the
 `CONFIG_SITE' environment variable to the location of the site script.
@@ -178,7 +179,7 @@ A warning: not all `configure' scripts l
 Defining Variables
 ==================
 
-   Variables not defined in a site shell script can be set in the
+Variables not defined in a site shell script can be set in the
 environment passed to `configure'.  However, some packages may run
 configure again during the build, and the customized values of these
 variables may be lost.  In order to avoid this problem, you should set
@@ -186,14 +187,18 @@ them in the `configure' command line, us
 
      ./configure CC=/usr/local2/bin/gcc
 
-will cause the specified gcc to be used as the C compiler (unless it is
+causes the specified `gcc' to be used as the C compiler (unless it is
 overridden in the site shell script).
 
+Unfortunately, this technique does not work for `CONFIG_SHELL' due to
+an Autoconf bug.  Until the bug is fixed you can use this workaround:
+
+     CONFIG_SHELL=/bin/bash /bin/bash ./configure CONFIG_SHELL=/bin/bash
+
 `configure' Invocation
 ======================
 
-   `configure' recognizes the following options to control how it
-operates.
+`configure' recognizes the following options to control how it operates.
 
 `--help'
 `-h'

=== modified file 'extra/yassl/README'
--- a/extra/yassl/README	2012-03-21 14:27:34 +0000
+++ b/extra/yassl/README	2012-05-17 12:10:48 +0000
@@ -1,3 +1,121 @@
+*** Note, Please read ***
+
+yaSSL takes a different approach to certificate verification than OpenSSL does.
+The default policy for the client is to verify the server, this means that if
+you don't load CAs to verify the server you'll get a connect error, unable to 
+verify.  It you want to mimic OpenSSL behavior of not verifying the server and
+reducing security you can do this by calling:
+
+SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
+
+before calling SSL_new();
+
+*** end Note ***
+
+yaSSL Release notes, version 2.1.2 (9/2/2011)
+
+    This release of yaSSL contains bug fixes, better non-blocking support with
+    SSL_write, and OpenSSL RSA public key format support.
+
+See normal  build instructions below under 1.0.6.
+See libcurl build instructions below under 1.3.0 and note in 1.5.8.
+
+
+*****************yaSSL Release notes, version 1.9.9 (1/26/2010)
+yaSSL Release notes, version 2.0.0 (7/6/2010)
+
+    This release of yaSSL contains bug fixes, new testing certs,
+    and a security patch for a potential heap overflow on forged application
+    data processing.  Vulnerability discovered by Matthieu Bonetti from VUPEN
+    Security http://www.vupen.com.
+
+See normal  build instructions below under 1.0.6.
+See libcurl build instructions below under 1.3.0 and note in 1.5.8.
+
+
+*****************yaSSL Release notes, version 1.9.9 (1/26/2010)
+
+    This release of yaSSL contains bug fixes, the removal of assert() s and
+    a security patch for a buffer overflow possibility in certificate name
+    processing. 
+
+See normal  build instructions below under 1.0.6.
+See libcurl build instructions below under 1.3.0 and note in 1.5.8.
+
+
+*****************yaSSL Release notes, version 1.9.8 (10/14/09)
+
+    This release of yaSSL contains bug fixes and adds new stream ciphers
+    Rabbit and HC-128
+
+See normal  build instructions below under 1.0.6.
+See libcurl build instructions below under 1.3.0 and note in 1.5.8.
+
+
+*****************yaSSL Release notes, version 1.9.6 (11/13/08)
+
+    This release of yaSSL contains bug fixes, adds autconf shared library
+    support and has better server suite detection based on certficate and
+    private key.
+
+See normal  build instructions below under 1.0.6.
+See libcurl build instructions below under 1.3.0 and note in 1.5.8.
+
+
+*****************yaSSL Release notes, version 1.9.2 (9/24/08)
+
+    This release of yaSSL contains bug fixes and improved certificate verify
+    callback support. 
+
+See normal  build instructions below under 1.0.6.
+See libcurl build instructions below under 1.3.0 and note in 1.5.8.
+
+
+*****************yaSSL Release notes, version 1.8.8 (5/7/08)
+
+    This release of yaSSL contains bug fixes, and better socket handling. 
+
+See normal  build instructions below under 1.0.6.
+See libcurl build instructions below under 1.3.0 and note in 1.5.8.
+
+
+*****************yaSSL Release notes, version 1.8.6 (1/31/08)
+
+    This release of yaSSL contains bug fixes, and fixes security problems
+    associated with using SSL 2.0 client hellos and improper input handling.
+    Please upgrade to this version if you are using a previous one. 
+
+See normal  build instructions below under 1.0.6.
+See libcurl build instructions below under 1.3.0 and note in 1.5.8.
+
+
+*****************yaSSL Release notes, version 1.7.5 (10/15/07)
+
+    This release of yaSSL contains bug fixes, adds MSVC 2005 project support,
+    GCC 4.2 support, IPV6 support and test, and new test certificates. 
+
+See normal  build instructions below under 1.0.6.
+See libcurl build instructions below under 1.3.0 and note in 1.5.8.
+
+
+*****************yaSSL Release notes, version 1.7.2 (8/20/07)
+
+    This release of yaSSL contains bug fixes and adds initial OpenVPN support.
+    Just configure at this point and beginning of build. 
+
+See normal  build instructions below under 1.0.6.
+See libcurl build instructions below under 1.3.0 and note in 1.5.8.
+
+
+*****************yaSSL Release notes, version 1.6.8 (4/16/07)
+
+    This release of yaSSL contains bug fixes and adds SHA-256, SHA-512, SHA-224,
+    and SHA-384.
+
+See normal  build instructions below under 1.0.6.
+See libcurl build instructions below under 1.3.0 and note in 1.5.8.
+
+
 *****************yaSSL Release notes, version 1.6.0 (2/22/07)
 
     This release of yaSSL contains bug fixes, portability enhancements, and
@@ -13,7 +131,7 @@ See libcurl build instructions below und
 
 
 
-    Since yaSSL now supports zlib, as does libcur, the libcurl build test can
+    Since yaSSL now supports zlib, as does libcurl, the libcurl build test can
     fail if yaSSL is built with zlib support since the zlib library isn't 
     passed.  You can do two things to fix this: 
 
@@ -518,7 +636,7 @@ in the source and include files.
 *********************
 
 Contact: please send comments or questions to Todd A Ouska at todd@stripped
-and/or Larry Stefonic at larry@stripped or 425-741-6858.
+and/or Larry Stefonic at larry@stripped.
 
 
 

=== modified file 'extra/yassl/certs/ca-cert.pem'
--- a/extra/yassl/certs/ca-cert.pem	2012-03-21 14:27:34 +0000
+++ b/extra/yassl/certs/ca-cert.pem	2012-05-17 12:10:48 +0000
@@ -1,53 +1,56 @@
 Certificate:
     Data:
         Version: 3 (0x2)
-        Serial Number: 0 (0x0)
+        Serial Number:
+            8a:37:22:65:73:f5:aa:e8
         Signature Algorithm: md5WithRSAEncryption
-        Issuer: C=US, ST=Oregon, L=Portland, O=sawtooth, CN=www.sawtooth-consulting.com/emailAddress=info@stripped
+        Issuer: C=US, ST=Montana, L=Bozeman, O=sawtooth, OU=consulting, CN=www.sawtooth-consulting.com/emailAddress=info@stripped
         Validity
-            Not Before: Mar  7 03:10:11 2005 GMT
-            Not After : Apr  1 03:10:11 2046 GMT
-        Subject: C=US, ST=Oregon, L=Portland, O=sawtooth, CN=www.sawtooth-consulting.com/emailAddress=info@stripped
+            Not Before: Jun 30 18:47:10 2010 GMT
+            Not After : Mar 26 18:47:10 2013 GMT
+        Subject: C=US, ST=Montana, L=Bozeman, O=sawtooth, OU=consulting, CN=www.sawtooth-consulting.com/emailAddress=info@stripped
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
             RSA Public Key: (512 bit)
                 Modulus (512 bit):
-                    00:ef:c1:e3:9a:3c:6e:6e:cb:26:6f:05:be:e0:cb:
-                    57:a0:4b:68:e6:1b:f9:95:db:01:92:aa:6e:a6:b5:
-                    2d:b1:2b:50:fd:db:13:f2:c5:d8:b8:4f:75:28:53:
-                    72:e8:e5:11:9d:bb:c3:4f:4f:09:fd:4c:e7:46:d5:
-                    1d:bb:35:02:af
+                    00:97:30:b9:1a:92:ef:25:4f:ca:4c:11:31:95:1a:
+                    e1:c0:10:19:0a:20:b9:37:80:1a:57:38:02:4e:1b:
+                    c5:0f:28:4f:da:e3:c9:16:aa:50:bd:4a:fb:b7:71:
+                    c7:35:cc:63:81:c1:dd:9d:33:f9:38:16:88:32:a0:
+                    aa:56:23:03:a3
                 Exponent: 65537 (0x10001)
         X509v3 extensions:
             X509v3 Subject Key Identifier: 
-                1D:EF:A1:B8:81:78:12:47:E8:57:06:08:74:18:F7:D3:AA:D8:F7:BD
+                3B:66:FD:A0:40:C6:F4:E2:70:CF:21:1A:0C:4F:67:FE:B7:4B:42:09
             X509v3 Authority Key Identifier: 
-                keyid:1D:EF:A1:B8:81:78:12:47:E8:57:06:08:74:18:F7:D3:AA:D8:F7:BD
-                DirName:/C=US/ST=Oregon/L=Portland/O=sawtooth/CN=www.sawtooth-consulting.com/emailAddress=info@stripped
-                serial:00
+                keyid:3B:66:FD:A0:40:C6:F4:E2:70:CF:21:1A:0C:4F:67:FE:B7:4B:42:09
+                DirName:/C=US/ST=Montana/L=Bozeman/O=sawtooth/OU=consulting/CN=www.sawtooth-consulting.com/emailAddress=info@stripped
+                serial:8A:37:22:65:73:F5:AA:E8
 
             X509v3 Basic Constraints: 
                 CA:TRUE
     Signature Algorithm: md5WithRSAEncryption
-        d9:77:e3:07:d9:2e:ec:2f:9b:8e:9e:ca:b4:00:0b:ef:c7:74:
-        cb:f4:f6:44:2f:02:75:17:a5:74:3e:26:b2:26:fd:1f:ab:3a:
-        df:d5:e3:05:14:08:d0:8c:1d:c9:3e:e1:59:6f:b3:38:5d:af:
-        78:60:e3:c5:6a:69:96:80:7d:00
+        32:65:a2:b1:dc:6d:e0:8d:8b:c8:58:29:8e:b8:18:4b:62:88:
+        13:67:f8:6c:75:46:75:8f:8a:19:a6:a3:d5:3c:fc:57:4e:7a:
+        68:a9:fc:93:dc:ae:29:7d:bb:4e:ec:ea:55:fa:a4:e3:00:61:
+        f4:b0:34:6d:d1:d5:a4:64:24:f8
 -----BEGIN CERTIFICATE-----
-MIIC7zCCApmgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBiTELMAkGA1UEBhMCVVMx
-DzANBgNVBAgTBk9yZWdvbjERMA8GA1UEBxMIUG9ydGxhbmQxETAPBgNVBAoTCHNh
-d3Rvb3RoMSQwIgYDVQQDExt3d3cuc2F3dG9vdGgtY29uc3VsdGluZy5jb20xHTAb
-BgkqhkiG9w0BCQEWDmluZm9AeWFzc2wuY29tMB4XDTA1MDMwNzAzMTAxMVoXDTQ2
-MDQwMTAzMTAxMVowgYkxCzAJBgNVBAYTAlVTMQ8wDQYDVQQIEwZPcmVnb24xETAP
-BgNVBAcTCFBvcnRsYW5kMREwDwYDVQQKEwhzYXd0b290aDEkMCIGA1UEAxMbd3d3
-LnNhd3Rvb3RoLWNvbnN1bHRpbmcuY29tMR0wGwYJKoZIhvcNAQkBFg5pbmZvQHlh
-c3NsLmNvbTBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQDvweOaPG5uyyZvBb7gy1eg
-S2jmG/mV2wGSqm6mtS2xK1D92xPyxdi4T3UoU3Lo5RGdu8NPTwn9TOdG1R27NQKv
-AgMBAAGjgekwgeYwHQYDVR0OBBYEFB3vobiBeBJH6FcGCHQY99Oq2Pe9MIG2BgNV
-HSMEga4wgauAFB3vobiBeBJH6FcGCHQY99Oq2Pe9oYGPpIGMMIGJMQswCQYDVQQG
-EwJVUzEPMA0GA1UECBMGT3JlZ29uMREwDwYDVQQHEwhQb3J0bGFuZDERMA8GA1UE
-ChMIc2F3dG9vdGgxJDAiBgNVBAMTG3d3dy5zYXd0b290aC1jb25zdWx0aW5nLmNv
-bTEdMBsGCSqGSIb3DQEJARYOaW5mb0B5YXNzbC5jb22CAQAwDAYDVR0TBAUwAwEB
-/zANBgkqhkiG9w0BAQQFAANBANl34wfZLuwvm46eyrQAC+/HdMv09kQvAnUXpXQ+
-JrIm/R+rOt/V4wUUCNCMHck+4Vlvszhdr3hg48VqaZaAfQA=
+MIIDQDCCAuqgAwIBAgIJAIo3ImVz9aroMA0GCSqGSIb3DQEBBAUAMIGeMQswCQYD
+VQQGEwJVUzEQMA4GA1UECBMHTW9udGFuYTEQMA4GA1UEBxMHQm96ZW1hbjERMA8G
+A1UEChMIc2F3dG9vdGgxEzARBgNVBAsTCmNvbnN1bHRpbmcxJDAiBgNVBAMTG3d3
+dy5zYXd0b290aC1jb25zdWx0aW5nLmNvbTEdMBsGCSqGSIb3DQEJARYOaW5mb0B5
+YXNzbC5jb20wHhcNMTAwNjMwMTg0NzEwWhcNMTMwMzI2MTg0NzEwWjCBnjELMAkG
+A1UEBhMCVVMxEDAOBgNVBAgTB01vbnRhbmExEDAOBgNVBAcTB0JvemVtYW4xETAP
+BgNVBAoTCHNhd3Rvb3RoMRMwEQYDVQQLEwpjb25zdWx0aW5nMSQwIgYDVQQDExt3
+d3cuc2F3dG9vdGgtY29uc3VsdGluZy5jb20xHTAbBgkqhkiG9w0BCQEWDmluZm9A
+eWFzc2wuY29tMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJcwuRqS7yVPykwRMZUa
+4cAQGQoguTeAGlc4Ak4bxQ8oT9rjyRaqUL1K+7dxxzXMY4HB3Z0z+TgWiDKgqlYj
+A6MCAwEAAaOCAQcwggEDMB0GA1UdDgQWBBQ7Zv2gQMb04nDPIRoMT2f+t0tCCTCB
+0wYDVR0jBIHLMIHIgBQ7Zv2gQMb04nDPIRoMT2f+t0tCCaGBpKSBoTCBnjELMAkG
+A1UEBhMCVVMxEDAOBgNVBAgTB01vbnRhbmExEDAOBgNVBAcTB0JvemVtYW4xETAP
+BgNVBAoTCHNhd3Rvb3RoMRMwEQYDVQQLEwpjb25zdWx0aW5nMSQwIgYDVQQDExt3
+d3cuc2F3dG9vdGgtY29uc3VsdGluZy5jb20xHTAbBgkqhkiG9w0BCQEWDmluZm9A
+eWFzc2wuY29tggkAijciZXP1qugwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQF
+AANBADJlorHcbeCNi8hYKY64GEtiiBNn+Gx1RnWPihmmo9U8/FdOemip/JPcril9
+u07s6lX6pOMAYfSwNG3R1aRkJPg=
 -----END CERTIFICATE-----

=== modified file 'extra/yassl/certs/client-cert.pem'
--- a/extra/yassl/certs/client-cert.pem	2012-03-21 14:27:34 +0000
+++ b/extra/yassl/certs/client-cert.pem	2012-05-17 12:10:48 +0000
@@ -1,52 +1,55 @@
 Certificate:
     Data:
         Version: 3 (0x2)
-        Serial Number: 0 (0x0)
+        Serial Number:
+            c5:d7:6c:11:36:f0:35:e1
         Signature Algorithm: md5WithRSAEncryption
-        Issuer: C=US, ST=Oregon, L=Portland, O=yaSSL, CN=www.yassl.com/emailAddress=info@stripped
+        Issuer: C=US, ST=Oregon, L=Portland, O=yaSSL, OU=programming, CN=www.yassl.com/emailAddress=info@stripped
         Validity
-            Not Before: Mar  7 03:00:31 2005 GMT
-            Not After : Apr  1 03:00:31 2046 GMT
-        Subject: C=US, ST=Oregon, L=Portland, O=yaSSL, CN=www.yassl.com/emailAddress=info@stripped
+            Not Before: Jun 30 18:39:39 2010 GMT
+            Not After : Mar 26 18:39:40 2013 GMT
+        Subject: C=US, ST=Oregon, L=Portland, O=yaSSL, OU=programming, CN=www.yassl.com/emailAddress=info@stripped
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
             RSA Public Key: (512 bit)
                 Modulus (512 bit):
-                    00:cd:1f:78:47:f8:b8:d6:08:bf:bd:7c:23:61:86:
-                    36:28:ac:ee:3c:a8:9a:94:e6:d5:26:e8:71:50:b2:
-                    26:8b:1c:1e:3f:75:b2:d3:b3:67:95:0c:fd:76:28:
-                    65:d5:ce:12:82:9e:06:00:a2:09:dd:ce:3a:26:dd:
-                    46:2a:a0:45:71
+                    00:bd:51:4a:14:fd:6a:19:84:0c:33:38:fc:27:32:
+                    9c:97:0b:fc:a4:18:60:69:4e:d9:d8:78:50:0b:e9:
+                    20:5d:d6:1d:70:1c:0c:24:9f:23:82:cc:3a:01:d5:
+                    97:17:b2:73:6c:86:cf:b5:f1:e5:ce:68:0c:d9:a2:
+                    12:39:7c:f2:53
                 Exponent: 65537 (0x10001)
         X509v3 extensions:
             X509v3 Subject Key Identifier: 
-                AE:25:5E:FA:4D:A3:5B:2B:87:DE:F1:2A:F5:42:C0:FF:CE:B5:B4:AD
+                5C:F7:29:21:69:7A:09:78:9E:7B:CD:53:42:02:EC:CE:29:0D:11:DF
             X509v3 Authority Key Identifier: 
-                keyid:AE:25:5E:FA:4D:A3:5B:2B:87:DE:F1:2A:F5:42:C0:FF:CE:B5:B4:AD
-                DirName:/C=US/ST=Oregon/L=Portland/O=yaSSL/CN=www.yassl.com/emailAddress=info@stripped
-                serial:00
+                keyid:5C:F7:29:21:69:7A:09:78:9E:7B:CD:53:42:02:EC:CE:29:0D:11:DF
+                DirName:/C=US/ST=Oregon/L=Portland/O=yaSSL/OU=programming/CN=www.yassl.com/emailAddress=info@stripped
+                serial:C5:D7:6C:11:36:F0:35:E1
 
             X509v3 Basic Constraints: 
                 CA:TRUE
     Signature Algorithm: md5WithRSAEncryption
-        59:19:ae:1b:4e:65:9e:ca:f1:b8:3d:ff:c7:5e:15:86:10:97:
-        8c:3e:22:32:ab:4e:75:a7:70:83:f2:fb:2f:af:fe:26:28:e9:
-        4f:d4:c9:49:7c:6f:51:7e:2a:ff:a0:5b:25:45:2e:66:d9:0d:
-        92:94:e5:b8:60:c6:67:1a:f3:03
+        b4:a5:f1:71:26:4d:b9:ff:54:f3:09:1f:ac:e1:19:59:e5:ec:
+        57:e3:f1:0b:b2:8f:f3:29:eb:6b:c6:fa:27:33:3e:91:d0:77:
+        43:c9:ce:1e:0f:71:07:a9:f7:26:e0:7e:ff:30:7d:52:0a:e1:
+        80:48:46:bb:99:e9:d9:77:ce:75
 -----BEGIN CERTIFICATE-----
-MIICtzCCAmGgAwIBAgIBADANBgkqhkiG9w0BAQQFADB4MQswCQYDVQQGEwJVUzEP
-MA0GA1UECBMGT3JlZ29uMREwDwYDVQQHEwhQb3J0bGFuZDEOMAwGA1UEChMFeWFT
-U0wxFjAUBgNVBAMTDXd3dy55YXNzbC5jb20xHTAbBgkqhkiG9w0BCQEWDmluZm9A
-eWFzc2wuY29tMB4XDTA1MDMwNzAzMDAzMVoXDTQ2MDQwMTAzMDAzMVoweDELMAkG
-A1UEBhMCVVMxDzANBgNVBAgTBk9yZWdvbjERMA8GA1UEBxMIUG9ydGxhbmQxDjAM
-BgNVBAoTBXlhU1NMMRYwFAYDVQQDEw13d3cueWFzc2wuY29tMR0wGwYJKoZIhvcN
-AQkBFg5pbmZvQHlhc3NsLmNvbTBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQDNH3hH
-+LjWCL+9fCNhhjYorO48qJqU5tUm6HFQsiaLHB4/dbLTs2eVDP12KGXVzhKCngYA
-ogndzjom3UYqoEVxAgMBAAGjgdUwgdIwHQYDVR0OBBYEFK4lXvpNo1srh97xKvVC
-wP/OtbStMIGiBgNVHSMEgZowgZeAFK4lXvpNo1srh97xKvVCwP/OtbStoXykejB4
-MQswCQYDVQQGEwJVUzEPMA0GA1UECBMGT3JlZ29uMREwDwYDVQQHEwhQb3J0bGFu
-ZDEOMAwGA1UEChMFeWFTU0wxFjAUBgNVBAMTDXd3dy55YXNzbC5jb20xHTAbBgkq
-hkiG9w0BCQEWDmluZm9AeWFzc2wuY29tggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZI
-hvcNAQEEBQADQQBZGa4bTmWeyvG4Pf/HXhWGEJeMPiIyq051p3CD8vsvr/4mKOlP
-1MlJfG9Rfir/oFslRS5m2Q2SlOW4YMZnGvMD
+MIIDDjCCArigAwIBAgIJAMXXbBE28DXhMA0GCSqGSIb3DQEBBAUAMIGOMQswCQYD
+VQQGEwJVUzEPMA0GA1UECBMGT3JlZ29uMREwDwYDVQQHEwhQb3J0bGFuZDEOMAwG
+A1UEChMFeWFTU0wxFDASBgNVBAsTC3Byb2dyYW1taW5nMRYwFAYDVQQDEw13d3cu
+eWFzc2wuY29tMR0wGwYJKoZIhvcNAQkBFg5pbmZvQHlhc3NsLmNvbTAeFw0xMDA2
+MzAxODM5MzlaFw0xMzAzMjYxODM5NDBaMIGOMQswCQYDVQQGEwJVUzEPMA0GA1UE
+CBMGT3JlZ29uMREwDwYDVQQHEwhQb3J0bGFuZDEOMAwGA1UEChMFeWFTU0wxFDAS
+BgNVBAsTC3Byb2dyYW1taW5nMRYwFAYDVQQDEw13d3cueWFzc2wuY29tMR0wGwYJ
+KoZIhvcNAQkBFg5pbmZvQHlhc3NsLmNvbTBcMA0GCSqGSIb3DQEBAQUAA0sAMEgC
+QQC9UUoU/WoZhAwzOPwnMpyXC/ykGGBpTtnYeFAL6SBd1h1wHAwknyOCzDoB1ZcX
+snNshs+18eXOaAzZohI5fPJTAgMBAAGjgfYwgfMwHQYDVR0OBBYEFFz3KSFpegl4
+nnvNU0IC7M4pDRHfMIHDBgNVHSMEgbswgbiAFFz3KSFpegl4nnvNU0IC7M4pDRHf
+oYGUpIGRMIGOMQswCQYDVQQGEwJVUzEPMA0GA1UECBMGT3JlZ29uMREwDwYDVQQH
+EwhQb3J0bGFuZDEOMAwGA1UEChMFeWFTU0wxFDASBgNVBAsTC3Byb2dyYW1taW5n
+MRYwFAYDVQQDEw13d3cueWFzc2wuY29tMR0wGwYJKoZIhvcNAQkBFg5pbmZvQHlh
+c3NsLmNvbYIJAMXXbBE28DXhMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQAD
+QQC0pfFxJk25/1TzCR+s4RlZ5exX4/ELso/zKetrxvonMz6R0HdDyc4eD3EHqfcm
+4H7/MH1SCuGASEa7menZd851
 -----END CERTIFICATE-----

=== modified file 'extra/yassl/certs/client-key.pem'
--- a/extra/yassl/certs/client-key.pem	2012-03-21 14:27:34 +0000
+++ b/extra/yassl/certs/client-key.pem	2012-05-17 12:10:48 +0000
@@ -1,9 +1,9 @@
 -----BEGIN RSA PRIVATE KEY-----
-MIIBOgIBAAJBAM0feEf4uNYIv718I2GGNiis7jyompTm1SbocVCyJoscHj91stOz
-Z5UM/XYoZdXOEoKeBgCiCd3OOibdRiqgRXECAwEAAQJAXwa6OVVvg7Bv63+MAI0l
-n/hlMfLGEj9R9gFvJXwywPSEQhijOZmedpHALufFPNHtwba9dmbqMkBAw9JDaAgg
-QQIhAO+mBaSmoG5AYVKYQZiASe/2wMZjaQSN+zFLyF97OX8ZAiEA2x5iRmXUkbOT
-8Td/vx8R9mq9W5CJu+cN+SWGwTYhPBkCIGZFM6NQeKaUUvQshdHO7b66Twpa4jZP
-YSNoc9pLe/4BAiB+jIvBkKo2A/rbg2waG32qTXdTXKTPiuA9Fnk/OV30cQIhANuA
-uMdo+T+rYcNGJ1hCYKDe9JWBpNfSQ+H/A7sWuW8L
+MIIBPAIBAAJBAL1RShT9ahmEDDM4/CcynJcL/KQYYGlO2dh4UAvpIF3WHXAcDCSf
+I4LMOgHVlxeyc2yGz7Xx5c5oDNmiEjl88lMCAwEAAQJAVGHWLlLhpqvXsEEXCvWh
+HCYono+K8YVGzhiaPSTU212fCoQryIxsXQKGBjhFdZm96DZWp+Vd/t/u+B4ZeaqY
++QIhAOBEfbFtdZqk5OmbbRsRVPI7+YYmubgY1TVIPqmxHQ4NAiEA2BrTQkjOb3ul
+A/SZO04fJUZsm7Ng92FWHDJsRancSd8CIQCmGbQqZBK1TamJZ6dAY+7RViAx/p6Q
+vjuzMeXPUrFdRQIhAMkfBhg9bCqjFyt8PBPOm/vz8+ZgZlE0/JAXeV7IPCVfAiEA
+gZwCFm1ghGxmaoB424YC4DHeDeN/g9xwJHT7EuM9Mvc=
 -----END RSA PRIVATE KEY-----

=== modified file 'extra/yassl/certs/dsa-cert.pem'
--- a/extra/yassl/certs/dsa-cert.pem	2012-03-21 14:27:34 +0000
+++ b/extra/yassl/certs/dsa-cert.pem	2012-05-17 12:10:48 +0000
@@ -1,13 +1,14 @@
 Certificate:
     Data:
         Version: 3 (0x2)
-        Serial Number: 0 (0x0)
+        Serial Number:
+            ce:df:23:31:64:b4:13:da
         Signature Algorithm: dsaWithSHA1
-        Issuer: C=US, ST=Oregon, L=Portland, O=yaSSL DSA, CN=yaSSL DSA/emailAddress=info@stripped
+        Issuer: C=US, ST=Oregon, L=Portland, O=yaSSL, OU=testing, CN=www.yassl.com/emailAddress=info@stripped
         Validity
-            Not Before: Mar  7 03:22:00 2005 GMT
-            Not After : Apr  1 03:22:00 2046 GMT
-        Subject: C=US, ST=Oregon, L=Portland, O=yaSSL DSA, CN=yaSSL DSA/emailAddress=info@stripped
+            Not Before: Jun 30 18:56:38 2010 GMT
+            Not After : Mar 26 18:56:39 2013 GMT
+        Subject: C=US, ST=Oregon, L=Portland, O=yaSSL, OU=testing, CN=www.yassl.com/emailAddress=info@stripped
         Subject Public Key Info:
             Public Key Algorithm: dsaEncryption
             DSA Public Key:
@@ -37,32 +38,33 @@ Certificate:
                 BE:F9:8C:5D:D6:1C:B4:EE:81:DD:36:56:0A:21:E4:61:44:73:E9:E2
             X509v3 Authority Key Identifier: 
                 keyid:BE:F9:8C:5D:D6:1C:B4:EE:81:DD:36:56:0A:21:E4:61:44:73:E9:E2
-                DirName:/C=US/ST=Oregon/L=Portland/O=yaSSL DSA/CN=yaSSL DSA/emailAddress=info@stripped
-                serial:00
+                DirName:/C=US/ST=Oregon/L=Portland/O=yaSSL/OU=testing/CN=www.yassl.com/emailAddress=info@stripped
+                serial:CE:DF:23:31:64:B4:13:DA
 
             X509v3 Basic Constraints: 
                 CA:TRUE
     Signature Algorithm: dsaWithSHA1
-        30:2c:02:14:7e:5e:94:fc:7f:ca:81:ab:b3:32:f7:21:83:48:
-        48:5f:0a:f1:13:ca:02:14:73:54:32:14:51:22:bf:0b:ec:d7:
-        6a:6a:fa:a7:1d:46:b4:c2:a3:b5
+        30:2d:02:14:00:a3:21:20:34:6a:2c:f9:fb:76:d7:20:c9:c0:
+        35:1b:64:9a:c2:83:02:15:00:a4:59:ac:6d:da:85:48:ff:f5:
+        0d:49:72:c8:cd:91:fc:ec:2f:5c:63
 -----BEGIN CERTIFICATE-----
-MIIDMjCCAvKgAwIBAgIBADAJBgcqhkjOOAQDMHgxCzAJBgNVBAYTAlVTMQ8wDQYD
-VQQIEwZPcmVnb24xETAPBgNVBAcTCFBvcnRsYW5kMRIwEAYDVQQKEwl5YVNTTCBE
-U0ExEjAQBgNVBAMTCXlhU1NMIERTQTEdMBsGCSqGSIb3DQEJARYOaW5mb0B5YXNz
-bC5jb20wHhcNMDUwMzA3MDMyMjAwWhcNNDYwNDAxMDMyMjAwWjB4MQswCQYDVQQG
-EwJVUzEPMA0GA1UECBMGT3JlZ29uMREwDwYDVQQHEwhQb3J0bGFuZDESMBAGA1UE
-ChMJeWFTU0wgRFNBMRIwEAYDVQQDEwl5YVNTTCBEU0ExHTAbBgkqhkiG9w0BCQEW
-DmluZm9AeWFzc2wuY29tMIHwMIGoBgcqhkjOOAQBMIGcAkEAmSlpgMk8mGhFqYL+
-Z+uViMW0DNYmRZUZLKAgW37faencww/zYQolm/IhAWrNqow358pm21b0D3160Ri5
-Qv0bEQIVAK0lKasKnwkcwa0DIHZ/prfdTQMJAkASiJna59ALk5vm7jwhf5yztI2l
-jOI3gD8X0YFPvfBxtjIIVN2/AeKzdwZkdYoE1nk5sQIDA8YGdOWQBQoQRhkxA0MA
-AkAEhKAmMXIM6E9dUxdisYDKwBZfwx7qxdmYOPm+VlNHaM4IIlccuw13kc9bNu3z
-JIKQis2QfNt3+Rctc3Pvu7mCo4HVMIHSMB0GA1UdDgQWBBS++Yxd1hy07oHdNlYK
-IeRhRHPp4jCBogYDVR0jBIGaMIGXgBS++Yxd1hy07oHdNlYKIeRhRHPp4qF8pHow
-eDELMAkGA1UEBhMCVVMxDzANBgNVBAgTBk9yZWdvbjERMA8GA1UEBxMIUG9ydGxh
-bmQxEjAQBgNVBAoTCXlhU1NMIERTQTESMBAGA1UEAxMJeWFTU0wgRFNBMR0wGwYJ
-KoZIhvcNAQkBFg5pbmZvQHlhc3NsLmNvbYIBADAMBgNVHRMEBTADAQH/MAkGByqG
-SM44BAMDLwAwLAIUfl6U/H/KgauzMvchg0hIXwrxE8oCFHNUMhRRIr8L7Ndqavqn
-HUa0wqO1
+MIIDfjCCAz2gAwIBAgIJAM7fIzFktBPaMAkGByqGSM44BAMwgYoxCzAJBgNVBAYT
+AlVTMQ8wDQYDVQQIEwZPcmVnb24xETAPBgNVBAcTCFBvcnRsYW5kMQ4wDAYDVQQK
+EwV5YVNTTDEQMA4GA1UECxMHdGVzdGluZzEWMBQGA1UEAxMNd3d3Lnlhc3NsLmNv
+bTEdMBsGCSqGSIb3DQEJARYOaW5mb0B5YXNzbC5jb20wHhcNMTAwNjMwMTg1NjM4
+WhcNMTMwMzI2MTg1NjM5WjCBijELMAkGA1UEBhMCVVMxDzANBgNVBAgTBk9yZWdv
+bjERMA8GA1UEBxMIUG9ydGxhbmQxDjAMBgNVBAoTBXlhU1NMMRAwDgYDVQQLEwd0
+ZXN0aW5nMRYwFAYDVQQDEw13d3cueWFzc2wuY29tMR0wGwYJKoZIhvcNAQkBFg5p
+bmZvQHlhc3NsLmNvbTCB8DCBqAYHKoZIzjgEATCBnAJBAJkpaYDJPJhoRamC/mfr
+lYjFtAzWJkWVGSygIFt+32np3MMP82EKJZvyIQFqzaqMN+fKZttW9A99etEYuUL9
+GxECFQCtJSmrCp8JHMGtAyB2f6a33U0DCQJAEoiZ2ufQC5Ob5u48IX+cs7SNpYzi
+N4A/F9GBT73wcbYyCFTdvwHis3cGZHWKBNZ5ObECAwPGBnTlkAUKEEYZMQNDAAJA
+BISgJjFyDOhPXVMXYrGAysAWX8Me6sXZmDj5vlZTR2jOCCJXHLsNd5HPWzbt8ySC
+kIrNkHzbd/kXLXNz77u5gqOB8jCB7zAdBgNVHQ4EFgQUvvmMXdYctO6B3TZWCiHk
+YURz6eIwgb8GA1UdIwSBtzCBtIAUvvmMXdYctO6B3TZWCiHkYURz6eKhgZCkgY0w
+gYoxCzAJBgNVBAYTAlVTMQ8wDQYDVQQIEwZPcmVnb24xETAPBgNVBAcTCFBvcnRs
+YW5kMQ4wDAYDVQQKEwV5YVNTTDEQMA4GA1UECxMHdGVzdGluZzEWMBQGA1UEAxMN
+d3d3Lnlhc3NsLmNvbTEdMBsGCSqGSIb3DQEJARYOaW5mb0B5YXNzbC5jb22CCQDO
+3yMxZLQT2jAMBgNVHRMEBTADAQH/MAkGByqGSM44BAMDMAAwLQIUAKMhIDRqLPn7
+dtcgycA1G2SawoMCFQCkWaxt2oVI//UNSXLIzZH87C9cYw==
 -----END CERTIFICATE-----

=== modified file 'extra/yassl/certs/server-cert.pem'
--- a/extra/yassl/certs/server-cert.pem	2012-03-21 14:27:34 +0000
+++ b/extra/yassl/certs/server-cert.pem	2012-05-17 12:10:48 +0000
@@ -3,36 +3,37 @@ Certificate:
         Version: 1 (0x0)
         Serial Number: 1 (0x1)
         Signature Algorithm: md5WithRSAEncryption
-        Issuer: C=US, ST=Oregon, L=Portland, O=sawtooth, CN=www.sawtooth-consulting.com/emailAddress=info@stripped
+        Issuer: C=US, ST=Montana, L=Bozeman, O=sawtooth, OU=consulting, CN=www.sawtooth-consulting.com/emailAddress=info@stripped
         Validity
-            Not Before: Mar  8 03:00:47 2005 GMT
-            Not After : Apr  2 03:00:47 2046 GMT
-        Subject: C=US, ST=Oregon, L=Portland, O=taoSoftDev, CN=www.taosoftdev.com/emailAddress=info@stripped
+            Not Before: Jun 30 18:52:17 2010 GMT
+            Not After : Mar 26 18:52:17 2013 GMT
+        Subject: C=US, ST=Montana, L=Bozeman, O=yaSSL, OU=support, CN=www.yassl.com/emailAddress=info@stripped
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
             RSA Public Key: (512 bit)
                 Modulus (512 bit):
-                    00:a4:68:bb:bc:b7:27:5f:3c:f5:78:c6:1a:af:b9:
-                    95:fc:7e:61:1f:a8:81:0a:ca:43:88:9a:03:e0:d0:
-                    a6:79:70:16:34:b9:7c:75:54:ca:70:19:66:38:be:
-                    6e:28:7e:a5:ff:6b:3c:83:2f:39:42:c3:15:f3:bd:
-                    f2:25:93:22:e7
+                    00:c6:7b:c0:68:81:2f:de:82:3f:f9:ac:c3:86:4a:
+                    66:b7:ec:d4:f1:f6:64:21:ff:f5:a2:34:42:d0:38:
+                    9f:c6:dd:3b:6e:26:65:6a:54:96:dd:d2:7b:eb:36:
+                    a2:ae:7e:2a:9e:7e:56:a5:b6:87:9f:15:c7:18:66:
+                    7e:16:77:e2:a7
                 Exponent: 65537 (0x10001)
     Signature Algorithm: md5WithRSAEncryption
-        36:72:12:3b:ac:e4:58:83:09:86:4f:71:2a:3a:0d:8a:05:27:
-        75:f3:3e:62:4f:ab:b8:70:20:cd:ad:70:ab:91:11:68:f8:82:
-        33:e2:78:85:a8:16:f5:66:bd:68:2c:5a:26:15:12:1e:6e:83:
-        c7:6d:62:b9:c3:ff:e1:86:e4:e6
+        58:a9:98:e7:16:52:4c:40:e7:e1:47:92:19:1b:3a:8f:97:6c:
+        7b:b7:b0:cb:20:6d:ad:b5:d3:47:58:d8:e4:f2:3e:32:e9:ef:
+        87:77:e5:54:36:f4:8d:50:8d:07:b4:77:45:ea:9d:a4:33:36:
+        9b:0b:e0:74:58:11:c5:01:7b:4d
 -----BEGIN CERTIFICATE-----
-MIIB9zCCAaECAQEwDQYJKoZIhvcNAQEEBQAwgYkxCzAJBgNVBAYTAlVTMQ8wDQYD
-VQQIEwZPcmVnb24xETAPBgNVBAcTCFBvcnRsYW5kMREwDwYDVQQKEwhzYXd0b290
-aDEkMCIGA1UEAxMbd3d3LnNhd3Rvb3RoLWNvbnN1bHRpbmcuY29tMR0wGwYJKoZI
-hvcNAQkBFg5pbmZvQHlhc3NsLmNvbTAeFw0wNTAzMDgwMzAwNDdaFw00NjA0MDIw
-MzAwNDdaMIGCMQswCQYDVQQGEwJVUzEPMA0GA1UECBMGT3JlZ29uMREwDwYDVQQH
-EwhQb3J0bGFuZDETMBEGA1UEChMKdGFvU29mdERldjEbMBkGA1UEAxMSd3d3LnRh
-b3NvZnRkZXYuY29tMR0wGwYJKoZIhvcNAQkBFg5pbmZvQHlhc3NsLmNvbTBcMA0G
-CSqGSIb3DQEBAQUAA0sAMEgCQQCkaLu8tydfPPV4xhqvuZX8fmEfqIEKykOImgPg
-0KZ5cBY0uXx1VMpwGWY4vm4ofqX/azyDLzlCwxXzvfIlkyLnAgMBAAEwDQYJKoZI
-hvcNAQEEBQADQQA2chI7rORYgwmGT3EqOg2KBSd18z5iT6u4cCDNrXCrkRFo+IIz
-4niFqBb1Zr1oLFomFRIeboPHbWK5w//hhuTm
+MIICFDCCAb4CAQEwDQYJKoZIhvcNAQEEBQAwgZ4xCzAJBgNVBAYTAlVTMRAwDgYD
+VQQIEwdNb250YW5hMRAwDgYDVQQHEwdCb3plbWFuMREwDwYDVQQKEwhzYXd0b290
+aDETMBEGA1UECxMKY29uc3VsdGluZzEkMCIGA1UEAxMbd3d3LnNhd3Rvb3RoLWNv
+bnN1bHRpbmcuY29tMR0wGwYJKoZIhvcNAQkBFg5pbmZvQHlhc3NsLmNvbTAeFw0x
+MDA2MzAxODUyMTdaFw0xMzAzMjYxODUyMTdaMIGKMQswCQYDVQQGEwJVUzEQMA4G
+A1UECBMHTW9udGFuYTEQMA4GA1UEBxMHQm96ZW1hbjEOMAwGA1UEChMFeWFTU0wx
+EDAOBgNVBAsTB3N1cHBvcnQxFjAUBgNVBAMTDXd3dy55YXNzbC5jb20xHTAbBgkq
+hkiG9w0BCQEWDmluZm9AeWFzc2wuY29tMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJB
+AMZ7wGiBL96CP/msw4ZKZrfs1PH2ZCH/9aI0QtA4n8bdO24mZWpUlt3Se+s2oq5+
+Kp5+VqW2h58VxxhmfhZ34qcCAwEAATANBgkqhkiG9w0BAQQFAANBAFipmOcWUkxA
+5+FHkhkbOo+XbHu3sMsgba2100dY2OTyPjLp74d35VQ29I1QjQe0d0XqnaQzNpsL
+4HRYEcUBe00=
 -----END CERTIFICATE-----

=== modified file 'extra/yassl/certs/server-key.pem'
--- a/extra/yassl/certs/server-key.pem	2012-03-21 14:27:34 +0000
+++ b/extra/yassl/certs/server-key.pem	2012-05-17 12:10:48 +0000
@@ -1,9 +1,9 @@
 -----BEGIN RSA PRIVATE KEY-----
-MIIBOQIBAAJBAKRou7y3J1889XjGGq+5lfx+YR+ogQrKQ4iaA+DQpnlwFjS5fHVU
-ynAZZji+bih+pf9rPIMvOULDFfO98iWTIucCAwEAAQJABLVvMw931DV1vljGKORC
-1HF2LKbx0zJJzt7CX6z6J54vcE79K3NYXdU6o7/j1WTtfD47tFG+4ljGvSYPmrCI
-2QIhANfiY6is6JUJGGgeMxyWeQRPXfaE9Yrk6OhxHhpYf5CTAiEAwvWraeLPy/NE
-B+0w80mh8tCv2tpuKaYMOG53XpYX3N0CIDy/Bj3rUZLGOWjqvoUXzjupPY5lgVYw
-7Vyin87YAiUjAiAgM8X5em5KSMc+6+2+8bWfTtsNMjEqDfRMyepLpE0SvQIgTSYL
-WWfcZoRUPDM9GEuQ40nifVNjobzvjTW4aYyHCEI=
+MIIBOwIBAAJBAMZ7wGiBL96CP/msw4ZKZrfs1PH2ZCH/9aI0QtA4n8bdO24mZWpU
+lt3Se+s2oq5+Kp5+VqW2h58VxxhmfhZ34qcCAwEAAQJBAJSbGxgjgV+rTZL2Ev58
+viN/IoB25cm/Bn4Heu7DNn2A2kpdGX2cCaf7rEQoIKCiHxvopvxOcd/7nLS/gNli
+dCECIQD/cX/9fvB1Uajw0fmvwNON9+3P9uJSqpig90zL32pwjQIhAMbqee9TBMN4
+TxXbgWqA92PrCXe8WDZ3PwoJqdR6MRUDAiEAny+TDF1z6hiWiGTCDgXDkKBlwgjf
+p5aKgR077XzwLu0CICVpWEGg1ZaF/CnaPP7w/pZ2UDOK4vRrfRnAM4bY7H5NAiBS
+1eXJ/MCZ2uPfpl7XK2BU9P69KdKUk5WHxdRchVvcDg==
 -----END RSA PRIVATE KEY-----

=== modified file 'extra/yassl/certs/taoCert.txt'
--- a/extra/yassl/certs/taoCert.txt	2012-03-21 14:27:34 +0000
+++ b/extra/yassl/certs/taoCert.txt	2012-05-17 12:10:48 +0000
@@ -47,4 +47,16 @@ to convert rsa private PEM to DER :
 b) openssl rsa -in key.pem -outform DER -out key.der
 
 
+**** To encrypt rsa key already in pem **********
+
+a) openssl rsa <server-key.pem.bak -des >server-keyEnc.pem
+
+note location of des, pass = yassl123
+
+
+*** To make a public key from a private key ******
+
+
+openssl rsa -in 1024rsa.priv -pubout -out 1024rsa.pub
+
 

=== modified file 'extra/yassl/examples/client/client.cpp'
--- a/extra/yassl/examples/client/client.cpp	2012-03-21 14:27:34 +0000
+++ b/extra/yassl/examples/client/client.cpp	2012-05-17 12:10:48 +0000
@@ -36,15 +36,20 @@ void ClientError(SSL_CTX* ctx, SSL* ssl,
     void NonBlockingSSL_Connect(SSL* ssl, SSL_CTX* ctx, SOCKET_T& sockfd)
     {
         int ret = SSL_connect(ssl);
-        while (ret =! SSL_SUCCESS && SSL_get_error(ssl, 0) ==
-                                     SSL_ERROR_WANT_READ) {
-            printf("... client would block\n");
+        int err = SSL_get_error(ssl, 0);
+        while (ret != SSL_SUCCESS && (err == SSL_ERROR_WANT_READ ||
+                                      err == SSL_ERROR_WANT_WRITE)) {
+            if (err == SSL_ERROR_WANT_READ)
+                printf("... client would read block\n");
+            else
+                printf("... client would write block\n");
             #ifdef _WIN32
                 Sleep(1000);
             #else
                 sleep(1);
             #endif
             ret = SSL_connect(ssl);
+            err = SSL_get_error(ssl, 0);
         }
         if (ret != SSL_SUCCESS)
             ClientError(ctx, ssl, sockfd, "SSL_connect failed");
@@ -81,7 +86,8 @@ void client_test(void* args)
 #ifdef NON_BLOCKING
     NonBlockingSSL_Connect(ssl, ctx, sockfd);
 #else
-    if (SSL_connect(ssl) != SSL_SUCCESS)
+    // if you get an error here see note at top of README
+    if (SSL_connect(ssl) != SSL_SUCCESS)   
         ClientError(ctx, ssl, sockfd, "SSL_connect failed");
 #endif
     showPeer(ssl);
@@ -105,7 +111,7 @@ void client_test(void* args)
     int input = SSL_read(ssl, reply, sizeof(reply));
     if (input > 0) {
         reply[input] = 0;
-    printf("Server response: %s\n", reply);
+        printf("Server response: %s\n", reply);
     }
 
 #ifdef TEST_RESUME
@@ -121,18 +127,18 @@ void client_test(void* args)
     tcp_connect(sockfd);
     SSL_set_fd(sslResume, sockfd);
     SSL_set_session(sslResume, session);
-    
+
     if (SSL_connect(sslResume) != SSL_SUCCESS)
         ClientError(ctx, sslResume, sockfd, "SSL_resume failed");
     showPeer(sslResume);
-  
+
     if (SSL_write(sslResume, msg, sizeof(msg)) != sizeof(msg))
         ClientError(ctx, sslResume, sockfd, "SSL_write failed");
 
     input = SSL_read(sslResume, reply, sizeof(reply));
     if (input > 0) {
         reply[input] = 0;
-    printf("Server response: %s\n", reply);
+        printf("Server response: %s\n", reply);
     }
 
     SSL_shutdown(sslResume);

=== modified file 'extra/yassl/examples/echoclient/echoclient.cpp'
--- a/extra/yassl/examples/echoclient/echoclient.cpp	2012-03-21 14:27:34 +0000
+++ b/extra/yassl/examples/echoclient/echoclient.cpp	2012-05-17 12:10:48 +0000
@@ -74,10 +74,10 @@ void echoclient_test(void* args)
 
     char send[1024];
     char reply[1024];
- 
+
     while (fgets(send, sizeof(send), fin)) {
 
-        int sendSz = strlen(send) + 1;
+        int sendSz = (int)strlen(send) + 1;
         if (SSL_write(ssl, send, sendSz) != sendSz)
             EchoClientError(ctx, ssl, sockfd, "SSL_write failed");
 
@@ -86,7 +86,7 @@ void echoclient_test(void* args)
             break;
         }
 
-        if (SSL_read(ssl, reply, sizeof(reply)) > 0) 
+        if (SSL_read(ssl, reply, sizeof(reply)) > 0)
             fputs(reply, fout);
     }
 

=== modified file 'extra/yassl/examples/echoserver/echoserver.cpp'
--- a/extra/yassl/examples/echoserver/echoserver.cpp	2012-03-21 14:27:34 +0000
+++ b/extra/yassl/examples/echoserver/echoserver.cpp	2012-05-17 12:10:48 +0000
@@ -93,11 +93,11 @@ THREAD_RETURN YASSL_API echoserver_test(
 #endif
 
     while (!shutdown) {
-        sockaddr_in client;
+        SOCKADDR_IN_T client;
         socklen_t   client_len = sizeof(client);
         SOCKET_T    clientfd   = accept(sockfd, (sockaddr*)&client,
                                       (ACCEPT_THIRD_T)&client_len);
-        if (clientfd == -1) {
+        if (clientfd == (SOCKET_T) -1) {
             SSL_CTX_free(ctx);
             tcp_close(sockfd);
             err_sys("tcp accept failed");
@@ -111,11 +111,11 @@ THREAD_RETURN YASSL_API echoserver_test(
             tcp_close(clientfd);
             continue; 
         }
-
+       
         char command[1024];
         int echoSz(0);
         while ( (echoSz = SSL_read(ssl, command, sizeof(command))) > 0) {
-           
+
             if ( strncmp(command, "quit", 4) == 0) {
                 printf("client sent quit command: shutting down!\n");
                 shutdown = true;
@@ -127,7 +127,7 @@ THREAD_RETURN YASSL_API echoserver_test(
                 char header[] = "<html><body BGCOLOR=\"#ffffff\">\n<pre>\n";
                 char body[]   = "greetings from yaSSL\n";
                 char footer[] = "</body></html>\r\n\r\n";
-            
+
                 strncpy(command, type, sizeof(type));
                 echoSz = sizeof(type) - 1;
 
@@ -140,7 +140,7 @@ THREAD_RETURN YASSL_API echoserver_test(
 
                 if (SSL_write(ssl, command, echoSz) != echoSz)
                     EchoError(ctx, ssl, sockfd, clientfd, "SSL_write failed");
-
+               
                 break;
             }
             command[echoSz] = 0;

=== modified file 'extra/yassl/examples/server/server.cpp'
--- a/extra/yassl/examples/server/server.cpp	2012-03-21 14:27:34 +0000
+++ b/extra/yassl/examples/server/server.cpp	2012-05-17 12:10:48 +0000
@@ -35,15 +35,20 @@ void ServerError(SSL_CTX* ctx, SSL* ssl,
     void NonBlockingSSL_Accept(SSL* ssl, SSL_CTX* ctx, SOCKET_T& clientfd)
     {
         int ret = SSL_accept(ssl);
-        while (ret != SSL_SUCCESS && SSL_get_error(ssl, 0) ==
-                                     SSL_ERROR_WANT_READ) {
-            printf("... server would block\n");
+        int err = SSL_get_error(ssl, 0);
+        while (ret != SSL_SUCCESS && (err == SSL_ERROR_WANT_READ ||
+                                      err == SSL_ERROR_WANT_WRITE)) {
+            if (err == SSL_ERROR_WANT_READ)
+                printf("... server would read block\n");
+            else
+                printf("... server would write block\n");
             #ifdef _WIN32
                 Sleep(1000);
             #else
                 sleep(1);
             #endif
             ret = SSL_accept(ssl);
+            err = SSL_get_error(ssl, 0);
         }
         if (ret != SSL_SUCCESS)
             ServerError(ctx, ssl, clientfd, "SSL_accept failed");
@@ -78,14 +83,14 @@ THREAD_RETURN YASSL_API server_test(void
 
     SSL* ssl = SSL_new(ctx);
     SSL_set_fd(ssl, clientfd);
-   
+
 #ifdef NON_BLOCKING
     NonBlockingSSL_Accept(ssl, ctx, clientfd);
 #else
     if (SSL_accept(ssl) != SSL_SUCCESS)
         ServerError(ctx, ssl, clientfd, "SSL_accept failed");
 #endif
-
+     
     showPeer(ssl);
     printf("Using Cipher Suite: %s\n", SSL_get_cipher(ssl));
 
@@ -93,7 +98,7 @@ THREAD_RETURN YASSL_API server_test(void
     int input = SSL_read(ssl, command, sizeof(command));
     if (input > 0) {
         command[input] = 0;
-    printf("First client command: %s\n", command);
+        printf("First client command: %s\n", command);
     }
 
     char msg[] = "I hear you, fa shizzle!";

=== modified file 'extra/yassl/include/buffer.hpp'
--- a/extra/yassl/include/buffer.hpp	2012-03-21 15:59:46 +0000
+++ b/extra/yassl/include/buffer.hpp	2012-05-17 12:10:48 +0000
@@ -14,7 +14,7 @@
    along with this program; see the file COPYING. If not, write to the
    Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
    MA  02110-1301  USA.
-*/
+ */
 
 
 /* yaSSL buffer header defines input and output buffers to simulate streaming
@@ -24,7 +24,6 @@
 #ifndef yaSSL_BUFFER_HPP
 #define yaSSL_BUFFER_HPP
 
-#include <assert.h>             // assert
 #include "yassl_types.hpp"      // ysDelete
 #include "memory.hpp"           // mySTL::auto_ptr
 #include STL_ALGORITHM_FILE
@@ -46,12 +45,6 @@ typedef unsigned int  uint;
 const uint AUTO = 0xFEEDBEEF;
 
 
-// Checking Policy should implement a check function that tests whether the
-// index is within the size limit of the array
-struct Check {
-    void check(uint i, uint limit);
-};
-
 
 struct NoCheck {
     void check(uint, uint);
@@ -66,7 +59,7 @@ struct NoCheck {
  * write to the buffer bulk wise and have the correct size
  */
 
-class input_buffer : public Check {
+class input_buffer : public NoCheck {
     uint   size_;                // number of elements in buffer
     uint   current_;             // current offset position in buffer
     byte*  buffer_;              // storage for buffer
@@ -132,7 +125,7 @@ private:
  * Not using vector because need checked []access and the ability to
  * write to the buffer bulk wise and retain correct size
  */
-class output_buffer : public Check {
+class output_buffer : public NoCheck {
     uint    current_;                // current offset and elements in buffer
     byte*   buffer_;                 // storage for buffer
     byte*   end_;                    // end of storage marker

=== modified file 'extra/yassl/include/cert_wrapper.hpp'
--- a/extra/yassl/include/cert_wrapper.hpp	2012-03-21 15:59:46 +0000
+++ b/extra/yassl/include/cert_wrapper.hpp	2012-05-17 12:10:48 +0000
@@ -14,7 +14,7 @@
    along with this program; see the file COPYING. If not, write to the
    Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
    MA  02110-1301  USA.
-*/
+ */
 
 
 /*  The certificate wrapper header defines certificate management functions

=== modified file 'extra/yassl/include/crypto_wrapper.hpp'
--- a/extra/yassl/include/crypto_wrapper.hpp	2010-10-27 11:32:32 +0000
+++ b/extra/yassl/include/crypto_wrapper.hpp	2012-05-17 12:10:48 +0000
@@ -14,7 +14,7 @@
    along with this program; see the file COPYING. If not, write to the
    Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
    MA  02110-1301  USA.
-*/
+ */
 
 
 /*  The crypto wrapper header is used to define policies for the cipher 

=== modified file 'extra/yassl/include/factory.hpp'
--- a/extra/yassl/include/factory.hpp	2010-10-27 11:32:32 +0000
+++ b/extra/yassl/include/factory.hpp	2012-05-17 12:10:48 +0000
@@ -14,7 +14,7 @@
    along with this program; see the file COPYING. If not, write to the
    Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
    MA  02110-1301  USA.
-*/
+ */
 
 /*  The factory header defines an Object Factory, used by SSL message and
  *  handshake types.

=== modified file 'extra/yassl/include/handshake.hpp'
--- a/extra/yassl/include/handshake.hpp	2010-10-27 11:32:32 +0000
+++ b/extra/yassl/include/handshake.hpp	2012-05-17 12:10:48 +0000
@@ -14,7 +14,7 @@
    along with this program; see the file COPYING. If not, write to the
    Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
    MA  02110-1301  USA.
-*/
+ */
 
 /* The handshake header declares function prototypes for creating and reading
  * the various handshake messages.

=== modified file 'extra/yassl/include/lock.hpp'
--- a/extra/yassl/include/lock.hpp	2011-04-14 15:40:04 +0000
+++ b/extra/yassl/include/lock.hpp	2012-05-17 12:10:48 +0000
@@ -14,7 +14,7 @@
    along with this program; see the file COPYING. If not, write to the
    Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
    MA  02110-1301  USA.
-*/
+ */
 
 /* lock.hpp provides an os specific Lock, locks mutex on entry and unlocks
  * automatically upon exit, no-ops provided for Single Threaded

=== modified file 'extra/yassl/include/log.hpp'
--- a/extra/yassl/include/log.hpp	2010-10-27 11:32:32 +0000
+++ b/extra/yassl/include/log.hpp	2012-05-17 12:10:48 +0000
@@ -14,7 +14,7 @@
    along with this program; see the file COPYING. If not, write to the
    Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
    MA  02110-1301  USA.
-*/
+ */
 
 
 /* yaSSL log interface

=== modified file 'extra/yassl/include/openssl/ssl.h'
--- a/extra/yassl/include/openssl/ssl.h	2012-03-21 15:59:46 +0000
+++ b/extra/yassl/include/openssl/ssl.h	2012-05-17 12:10:48 +0000
@@ -14,7 +14,7 @@
    along with this program; see the file COPYING. If not, write to the
    Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
    MA  02110-1301  USA.
-*/
+ */
 
 /*  ssl.h defines openssl compatibility layer 
  *
@@ -29,12 +29,12 @@
 #include "prefix_ssl.h"
 #endif
 
-#include <stdio.h>   /* ERR_print fp */
+#include <stdio.h>    /* ERR_print fp */
 #include "opensslv.h" /* for version number */
 #include "rsa.h"
 
 
-#define YASSL_VERSION "1.7.2"
+#define YASSL_VERSION "2.1.4"
 
 
 #if defined(__cplusplus)
@@ -42,9 +42,9 @@ extern "C" {
 #endif
 
  void yaSSL_CleanUp();   /* call once at end of application use to
-                                      free static singleton memory holders,
-                                      not a leak per se, but helpful when 
-                                      looking for them                      */
+                            free static singleton memory holders,
+                            not a leak per se, but helpful when
+                            looking for them                      */
 
 #if defined(__cplusplus)
 } // extern
@@ -69,11 +69,11 @@ extern "C" {
     class X509;
     class X509_NAME;
 #else
-    typedef struct SSL         SSL;          
+    typedef struct SSL          SSL;          
     typedef struct SSL_SESSION  SSL_SESSION;
-    typedef struct SSL_METHOD  SSL_METHOD;
-    typedef struct SSL_CTX     SSL_CTX;
-    typedef struct SSL_CIPHER  SSL_CIPHER;
+    typedef struct SSL_METHOD   SSL_METHOD;
+    typedef struct SSL_CTX      SSL_CTX;
+    typedef struct SSL_CIPHER   SSL_CIPHER;
 
     typedef struct RSA RSA;
 
@@ -106,6 +106,15 @@ RSA* RSA_generate_key(int, unsigned long
 
 /* X509 stuff, different file? */
 
+/* because mySQL dereferences to use error and current_cert, even after calling
+ * get functions for local references */
+typedef struct X509_STORE_CTX {
+    int   error;
+    int   error_depth;
+    X509* current_cert;
+} X509_STORE_CTX;
+
+
 typedef struct X509_STORE         X509_STORE;
 typedef struct X509_LOOKUP        X509_LOOKUP;
 typedef struct X509_OBJECT { char c; } X509_OBJECT;
@@ -124,16 +133,6 @@ typedef struct BIO BIO;
 
 
 
-/* because mySQL dereferences to use error and current_cert, even after calling
- * get functions for local references */
-typedef struct X509_STORE_CTX {
-    int   error;
-    int   error_depth;
-    X509* current_cert;
-} X509_STORE_CTX;
-
-
-
 X509* X509_STORE_CTX_get_current_cert(X509_STORE_CTX*);
 int   X509_STORE_CTX_get_error(X509_STORE_CTX*);
 int   X509_STORE_CTX_get_error_depth(X509_STORE_CTX*);
@@ -204,7 +203,7 @@ SSL* SSL_new(SSL_CTX*);
 int  SSL_set_fd (SSL*, YASSL_SOCKET_T);
 YASSL_SOCKET_T SSL_get_fd(const SSL*);
 int  SSL_connect(SSL*);                    /* if you get an error from connect
-                                              see note at top of REAMDE */
+                                              see note at top of README       */
 int  SSL_write(SSL*, const void*, int);
 int  SSL_read(SSL*, void*, int);
 int  SSL_accept(SSL*);
@@ -350,11 +349,11 @@ enum { /* ssl Constants */
     SSL_ERROR_ZERO_RETURN      = 84,
     SSL_ERROR_SSL              = 85,
 
-    SSL_SENT_SHUTDOWN     = 90,
-    SSL_RECEIVED_SHUTDOWN = 91,
+    SSL_ST_CONNECT        = 90,
+    SSL_ST_ACCEPT         = 91,
     SSL_CB_LOOP           = 92,
-    SSL_ST_CONNECT        = 93,
-    SSL_ST_ACCEPT         = 94,
+    SSL_SENT_SHUTDOWN     = 93,
+    SSL_RECEIVED_SHUTDOWN = 94,
     SSL_CB_ALERT          = 95,
     SSL_CB_READ           = 96,
     SSL_CB_HANDSHAKE_DONE = 97
@@ -365,7 +364,7 @@ enum { /* ssl Constants */
 SSL_METHOD *SSLv3_method(void);
 SSL_METHOD *SSLv3_server_method(void);
 SSL_METHOD *SSLv3_client_method(void);
-SSL_METHOD *TLSv1_server_method(void);  
+SSL_METHOD *TLSv1_server_method(void);
 SSL_METHOD *TLSv1_client_method(void);
 SSL_METHOD *TLSv1_1_server_method(void);
 SSL_METHOD *TLSv1_1_client_method(void);

=== modified file 'extra/yassl/include/socket_wrapper.hpp'
--- a/extra/yassl/include/socket_wrapper.hpp	2012-03-21 15:59:46 +0000
+++ b/extra/yassl/include/socket_wrapper.hpp	2012-05-17 12:10:48 +0000
@@ -14,7 +14,7 @@
    along with this program; see the file COPYING. If not, write to the
    Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
    MA  02110-1301  USA.
-*/
+ */
 
 
 /* The socket wrapper header defines a Socket class that hides the differences
@@ -26,7 +26,6 @@
 #ifndef yaSSL_SOCKET_WRAPPER_HPP
 #define yaSSL_SOCKET_WRAPPER_HPP
 
-#include <assert.h>
 
 #ifdef _WIN32
     #include <winsock2.h>
@@ -82,9 +81,10 @@ public:
     void set_transport_recv_function(yaSSL_recv_func_t recv_func);
     void set_transport_send_function(yaSSL_send_func_t send_func);
 
-    uint send(const byte* buf, unsigned int len) const;
+    uint send(const byte* buf, unsigned int len, unsigned int& sent);
     uint receive(byte* buf, unsigned int len);
 
+    bool wait();
     bool WouldBlock() const;
     bool IsNonBlocking() const;
 

=== modified file 'extra/yassl/include/timer.hpp'
--- a/extra/yassl/include/timer.hpp	2010-10-27 11:32:32 +0000
+++ b/extra/yassl/include/timer.hpp	2012-05-17 12:10:48 +0000
@@ -14,7 +14,7 @@
    along with this program; see the file COPYING. If not, write to the
    Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
    MA  02110-1301  USA.
-*/
+ */
 
 /* timer.hpp provides a high res and low res timers
  *

=== modified file 'extra/yassl/include/yassl.hpp'
--- a/extra/yassl/include/yassl.hpp	2010-10-27 11:32:32 +0000
+++ b/extra/yassl/include/yassl.hpp	2012-05-17 12:10:48 +0000
@@ -14,7 +14,7 @@
    along with this program; see the file COPYING. If not, write to the
    Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
    MA  02110-1301  USA.
-*/
+ */
 
 
 /* yaSSL externel header defines yaSSL API

=== modified file 'extra/yassl/include/yassl_error.hpp'
--- a/extra/yassl/include/yassl_error.hpp	2012-03-21 15:59:46 +0000
+++ b/extra/yassl/include/yassl_error.hpp	2012-05-17 12:10:48 +0000
@@ -15,7 +15,7 @@
    along with this program; see the file COPYING. If not, write to the
    Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
    MA  02110-1301  USA.
-*/
+ */
 
 
 /* yaSSL error header defines error codes and an exception class

=== modified file 'extra/yassl/include/yassl_imp.hpp'
--- a/extra/yassl/include/yassl_imp.hpp	2012-03-21 15:59:46 +0000
+++ b/extra/yassl/include/yassl_imp.hpp	2012-05-17 12:10:48 +0000
@@ -15,7 +15,7 @@
    along with this program; see the file COPYING. If not, write to the
    Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
    MA  02110-1301  USA.
-*/
+ */
 
 /*  yaSSL implementation header defines all strucutres from the SSL.v3 
  *  specification "draft-freier-ssl-version3-02.txt"

=== modified file 'extra/yassl/include/yassl_int.hpp'
--- a/extra/yassl/include/yassl_int.hpp	2012-03-21 15:59:46 +0000
+++ b/extra/yassl/include/yassl_int.hpp	2012-05-17 12:10:48 +0000
@@ -14,7 +14,7 @@
    along with this program; see the file COPYING. If not, write to the
    Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
    MA  02110-1301  USA.
-*/
+ */
 
 
 /* yaSSL internal header defines SSL supporting types not specified in the
@@ -168,7 +168,7 @@ private:
 
 // openSSL X509 names
 class X509_NAME {
-    char* name_;
+    char*       name_;
     size_t      sz_;
     ASN1_STRING entry_;
 public:
@@ -246,11 +246,11 @@ public:
     SSL_SESSION(const SSL&, RandomPool&);
     ~SSL_SESSION();
 
-    const opaque* GetID()      const;
-    const opaque* GetSecret()  const;
-    const Cipher* GetSuite()   const;
-          uint    GetBornOn()  const;
-          uint    GetTimeOut() const;
+    const opaque* GetID()       const;
+    const opaque* GetSecret()   const;
+    const Cipher* GetSuite()    const;
+          uint    GetBornOn()   const;
+          uint    GetTimeOut()  const;
           X509*   GetPeerX509() const;
           void    SetTimeOut(uint);
 
@@ -417,33 +417,33 @@ class SSL_CTX {
 public:
     typedef STL::list<x509*> CertList;
 private:
-    SSL_METHOD* method_;
-    x509*       certificate_;
-    x509*       privateKey_;
-    CertList    caList_;
-    Ciphers     ciphers_;
-    DH_Parms    dhParms_;
+    SSL_METHOD*     method_;
+    x509*           certificate_;
+    x509*           privateKey_;
+    CertList        caList_;
+    Ciphers         ciphers_;
+    DH_Parms        dhParms_;
     pem_password_cb passwordCb_;
     void*           userData_;
     bool            sessionCacheOff_;
     bool            sessionCacheFlushOff_;
-    Stats       stats_;
-    Mutex       mutex_;         // for Stats
+    Stats           stats_;
+    Mutex           mutex_;         // for Stats
     VerifyCallback  verifyCallback_;
 public:
     explicit SSL_CTX(SSL_METHOD* meth);
     ~SSL_CTX();
 
-    const x509*       getCert()     const;
-    const x509*       getKey()      const;
-    const SSL_METHOD* getMethod()   const;
-    const Ciphers&    GetCiphers()  const;
-    const DH_Parms&   GetDH_Parms() const;
-    const Stats&      GetStats()    const;
-    VerifyCallback    getVerifyCallback() const;
+    const x509*       getCert()       const;
+    const x509*       getKey()        const;
+    const SSL_METHOD* getMethod()     const;
+    const Ciphers&    GetCiphers()    const;
+    const DH_Parms&   GetDH_Parms()   const;
+    const Stats&      GetStats()      const;
+    const VerifyCallback getVerifyCallback() const;
     pem_password_cb   GetPasswordCb() const;
           void*       GetUserData()   const;
-          bool        GetSessionCacheOff() const;
+          bool        GetSessionCacheOff()      const;
           bool        GetSessionCacheFlushOff() const;
 
     void setVerifyPeer();
@@ -532,10 +532,13 @@ class Buffers {
 public: 
     typedef STL::list<input_buffer*>  inputList;
     typedef STL::list<output_buffer*> outputList;
+    int prevSent;     // previous plain text bytes sent when got WANT_WRITE
+    int plainSz;      // plain text bytes in buffer to send when got WANT_WRITE 
 private:
-    inputList  dataList_;                // list of users app data / handshake
-    outputList handShakeList_;           // buffered handshake msgs
-    input_buffer* rawInput_;             // buffered raw input yet to process
+    inputList      dataList_;             // list of users app data / handshake
+    outputList     handShakeList_;        // buffered handshake msgs
+    input_buffer*  rawInput_;             // buffered raw input yet to process
+    output_buffer* output_;               // WANT_WRITE buffered output 
 public:
     Buffers();
     ~Buffers();
@@ -546,11 +549,13 @@ public:
     inputList&  useData();
     outputList& useHandShake();
 
-    void          SetRawInput(input_buffer*);  // takes ownership
-    input_buffer* TakeRawInput();              // takes ownership 
+    void           SetRawInput(input_buffer*);  // takes ownership
+    input_buffer*  TakeRawInput();              // takes ownership 
+    void           SetOutput(output_buffer*);   // takes ownership
+    output_buffer* TakeOutput();                // takes ownership 
 private:
     Buffers(const Buffers&);             // hide copy
-    Buffers& operator=(const Buffers&); // and assign   
+    Buffers& operator=(const Buffers&);  // and assign   
 };
 
 
@@ -652,6 +657,7 @@ public:
     void deriveKeys();
     void deriveTLSKeys();
     void Send(const byte*, uint);
+    void SendWriteBuffered();
 
     uint bufferedData();
     uint get_SEQIncrement(bool);

=== modified file 'extra/yassl/include/yassl_types.hpp'
--- a/extra/yassl/include/yassl_types.hpp	2012-03-21 15:59:46 +0000
+++ b/extra/yassl/include/yassl_types.hpp	2012-05-17 12:10:48 +0000
@@ -15,7 +15,7 @@
    along with this program; see the file COPYING. If not, write to the
    Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
    MA  02110-1301  USA.
-*/
+ */
 
 /*  yaSSL types  header defines all constants, enums, and typedefs
  *  from the SSL.v3 specification "draft-freier-ssl-version3-02.txt"
@@ -26,7 +26,6 @@
 #define yaSSL_TYPES_HPP
 
 #include <stddef.h>
-#include <assert.h>
 #include "type_traits.hpp"
 
 
@@ -37,6 +36,13 @@
 #endif
 
 
+#ifdef _MSC_VER
+    // disable conversion warning
+    // 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy
+    #pragma warning(disable:4244 4996)
+#endif
+
+
 namespace yaSSL {
 
 #define YASSL_LIB
@@ -63,35 +69,34 @@ namespace yaSSL {
     template<typename T>
     void ysDelete(T* ptr)
     {
-    if (ptr) ptr->~T();
-    ::operator delete(ptr, yaSSL::ys);
+        if (ptr) ptr->~T();
+        ::operator delete(ptr, yaSSL::ys);
     }
 
     template<typename T>
     void ysArrayDelete(T* ptr)
     {
-    // can't do array placement destruction since not tracking size in
-    // allocation, only allow builtins to use array placement since they
-    // don't need destructors called
-    typedef char builtin[TaoCrypt::IsFundamentalType<T>::Yes ? 1 : -1];
-    (void)sizeof(builtin);
+        // can't do array placement destruction since not tracking size in
+        // allocation, only allow builtins to use array placement since they
+        // don't need destructors called
+        typedef char builtin[TaoCrypt::IsFundamentalType<T>::Yes ? 1 : -1];
+        (void)sizeof(builtin);
 
-    ::operator delete[](ptr, yaSSL::ys);
+        ::operator delete[](ptr, yaSSL::ys);
     }
 
     #define NEW_YS new (yaSSL::ys)
 
     // to resolve compiler generated operator delete on base classes with
-    // virtual destructors (when on stack), make sure doesn't get called
+    // virtual destructors (when on stack)
     class virtual_base {
     public:
-    static void operator delete(void*) { assert(0); }
+        static void operator delete(void*) { }
     };
 
 
 #else   // YASSL_PURE_C
 
-
     template<typename T>
     void ysDelete(T* ptr)
     {
@@ -124,7 +129,7 @@ typedef opaque byte;
 
 typedef unsigned int uint;
 
- 
+
 #ifdef USE_SYS_STL
     // use system STL
     #define STL_VECTOR_FILE    <vector>

=== modified file 'extra/yassl/src/buffer.cpp'
--- a/extra/yassl/src/buffer.cpp	2012-04-10 11:47:39 +0000
+++ b/extra/yassl/src/buffer.cpp	2012-05-17 12:10:48 +0000
@@ -15,7 +15,7 @@
    along with this program; see the file COPYING. If not, write to the
    Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
    MA  02110-1301  USA.
-*/
+ */
 
 
 /* yaSSL buffer header implements input/output buffers to simulate streaming
@@ -32,14 +32,6 @@ namespace yaSSL {
 
 
 
-// Checking Policy should implement a check function that tests whether the
-// index is within the size limit of the array
-
-void Check::check(uint i, uint limit) 
-{ 
-    assert(i < limit);
-}
-
 
 void NoCheck::check(uint, uint) 
 {
@@ -83,7 +75,6 @@ input_buffer::~input_buffer() 
 // users can pass defualt zero length buffer and then allocate
 void input_buffer::allocate(uint s) 
 { 
-    assert(!buffer_);       // find realloc error
     buffer_ = NEW_YS byte[s];
     end_ = buffer_ + s; 
 }
@@ -141,7 +132,6 @@ void input_buffer::set_current(uint i) 
 // user passes in AUTO index for ease of use
 const byte& input_buffer::operator[](uint i) 
 {
-    assert (i == AUTO);
     check(current_, size_);
     return buffer_[current_++];
 }
@@ -238,7 +228,6 @@ void output_buffer::set_current(uint c) 
 // users can pass defualt zero length buffer and then allocate
 void output_buffer::allocate(uint s) 
 { 
-    assert(!buffer_);   // find realloc error
     buffer_ = NEW_YS byte[s]; end_ = buffer_ + s; 
 }
 
@@ -254,7 +243,6 @@ const byte* output_buffer::get_buffer() 
 // user passes in AUTO as index for ease of use
 byte& output_buffer::operator[](uint i) 
 {
-    assert(i == AUTO);
     check(current_, get_capacity());
     return buffer_[current_++];
 }

=== modified file 'extra/yassl/src/cert_wrapper.cpp'
--- a/extra/yassl/src/cert_wrapper.cpp	2012-03-21 15:59:46 +0000
+++ b/extra/yassl/src/cert_wrapper.cpp	2012-05-17 12:10:48 +0000
@@ -14,7 +14,7 @@
    along with this program; see the file COPYING. If not, write to the
    Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
    MA  02110-1301  USA.
-*/
+ */
 
 
 /*  The certificate wrapper source implements certificate management functions
@@ -256,7 +256,8 @@ int CertManager::Validate()
         TaoCrypt::Source source((*last)->get_buffer(), (*last)->get_length());
         TaoCrypt::CertDecoder cert(source, true, &signers_, verifyNone_);
 
-        if (int err = cert.GetError().What())
+        int err = cert.GetError().What();
+        if ( err )
             return err;
 
         const TaoCrypt::PublicKey& key = cert.GetPublicKey();
@@ -272,7 +273,7 @@ int CertManager::Validate()
         TaoCrypt::CertDecoder cert(source, true, &signers_, verifyNone_);
 
         int err = cert.GetError().What();
-        if ( err )
+        if ( err && err != TaoCrypt::SIG_OTHER_E)
             return err;
 
         uint sz = cert.GetPublicKey().size();
@@ -349,7 +350,6 @@ int CertManager::SetPrivateKey(const x50
 // Store OpenSSL type peer's cert
 void CertManager::setPeerX509(X509* x)
 {
-    assert(peerX509_ == 0);
     if (x == 0) return;
 
     X509_NAME* issuer   = x->GetIssuer();

=== modified file 'extra/yassl/src/crypto_wrapper.cpp'
--- a/extra/yassl/src/crypto_wrapper.cpp	2012-03-21 15:59:46 +0000
+++ b/extra/yassl/src/crypto_wrapper.cpp	2012-05-17 12:10:48 +0000
@@ -952,7 +952,7 @@ x509* PemToDer(FILE* file, CertType type
             }
             // get blank line
             if (fgets(line, sizeof(line), file))
-              begin = ftell(file);
+            begin = ftell(file);
         }
           
     }

=== modified file 'extra/yassl/src/handshake.cpp'
--- a/extra/yassl/src/handshake.cpp	2012-03-21 15:59:46 +0000
+++ b/extra/yassl/src/handshake.cpp	2012-05-17 12:10:48 +0000
@@ -14,7 +14,7 @@
    along with this program; see the file COPYING. If not, write to the
    Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
    MA  02110-1301  USA.
-*/
+ */
 
 
 /* The handshake source implements functions for creating and reading
@@ -49,7 +49,7 @@ void buildClientHello(SSL& ssl, ClientHe
     hello.suite_len_ = ssl.getSecurity().get_parms().suites_size_;
     memcpy(hello.cipher_suites_, ssl.getSecurity().get_parms().suites_,
            hello.suite_len_);
-    hello.comp_len_ = 1;                   
+    hello.comp_len_ = 1;
 
     hello.set_length(sizeof(ProtocolVersion) +
                      RAN_LEN +
@@ -533,6 +533,12 @@ void ProcessOldClientHello(input_buffer&
         return;
     }
 
+    if (ch.suite_len_ > MAX_SUITE_SZ || sessionLen > ID_LEN ||
+                                        randomLen > RAN_LEN) {
+        ssl.SetError(bad_input);
+        return;
+    }
+
     int j = 0;
     for (uint16 i = 0; i < ch.suite_len_; i += 3) {    
         byte first = input[AUTO];
@@ -745,8 +751,8 @@ int DoProcessReply(SSL& ssl)
         if (static_cast<uint>(RECORD_HEADER) > buffer.get_remaining())
             needHdr = true;
         else {
-        buffer >> hdr;
-        ssl.verifyState(hdr);
+            buffer >> hdr;
+            ssl.verifyState(hdr);
         }
 
         // make sure we have enough input in buffer to process this record
@@ -784,9 +790,8 @@ int DoProcessReply(SSL& ssl)
 void processReply(SSL& ssl)
 {
     if (ssl.GetError()) return;
-
-    if (DoProcessReply(ssl))
-    {
+  
+    if (DoProcessReply(ssl)) {
         // didn't complete process
         if (!ssl.getSocket().IsNonBlocking()) {
             // keep trying now, blocking ok
@@ -852,6 +857,7 @@ void sendServerKeyExchange(SSL& ssl, Buf
     if (ssl.GetError()) return;
     ServerKeyExchange sk(ssl);
     sk.build(ssl);
+    if (ssl.GetError()) return;
 
     RecordLayerHeader rlHeader;
     HandShakeHeader   hsHeader;
@@ -870,8 +876,7 @@ void sendServerKeyExchange(SSL& ssl, Buf
 // send change cipher
 void sendChangeCipher(SSL& ssl, BufferOutput buffer)
 {
-    if (ssl.getSecurity().get_parms().entity_ == server_end)
-    {
+    if (ssl.getSecurity().get_parms().entity_ == server_end) {
         if (ssl.getSecurity().get_resuming())
             ssl.verifyState(clientKeyExchangeComplete);
         else
@@ -908,7 +913,7 @@ void sendFinished(SSL& ssl, ConnectionEn
     }
     else {
         if (!ssl.getSecurity().GetContext()->GetSessionCacheOff())
-        GetSessions().add(ssl);  // store session
+            GetSessions().add(ssl);  // store session
         if (side == client_end)
             buildFinished(ssl, ssl.useHashes().use_verify(), server); // server
     }   
@@ -924,12 +929,22 @@ void sendFinished(SSL& ssl, ConnectionEn
 // send data
 int sendData(SSL& ssl, const void* buffer, int sz)
 {
+    int sent = 0;
+
     if (ssl.GetError() == YasslError(SSL_ERROR_WANT_READ))
         ssl.SetError(no_error);
 
+    if (ssl.GetError() == YasslError(SSL_ERROR_WANT_WRITE)) {
+        ssl.SetError(no_error);
+        ssl.SendWriteBuffered();
+        if (!ssl.GetError()) {
+            // advance sent to prvevious sent + plain size just sent
+            sent = ssl.useBuffers().prevSent + ssl.useBuffers().plainSz;
+        }
+    }
+
     ssl.verfiyHandShakeComplete();
     if (ssl.GetError()) return -1;
-    int sent = 0;
 
     for (;;) {
         int len = min(sz - sent, MAX_RECORD_SIZE);
@@ -938,6 +953,8 @@ int sendData(SSL& ssl, const void* buffe
 
         Data data;
 
+        if (sent == sz) break;
+
         if (ssl.CompressionOn()) {
             if (Compress(static_cast<const opaque*>(buffer) + sent, len,
                          tmp) == -1) {
@@ -952,9 +969,14 @@ int sendData(SSL& ssl, const void* buffe
         buildMessage(ssl, out, data);
         ssl.Send(out.get_buffer(), out.get_size());
 
-        if (ssl.GetError()) return -1;
+        if (ssl.GetError()) {
+            if (ssl.GetError() == YasslError(SSL_ERROR_WANT_WRITE)) {
+                ssl.useBuffers().plainSz  = len;
+                ssl.useBuffers().prevSent = sent;
+            }
+            return -1;
+        }
         sent += len;
-        if (sent == sz) break;
     }
     ssl.useLog().ShowData(sent, true);
     return sent;
@@ -987,7 +1009,7 @@ int receiveData(SSL& ssl, Data& data, bo
     if (peek)
         ssl.PeekData(data);
     else
-    ssl.fillData(data);
+        ssl.fillData(data);
 
     ssl.useLog().ShowData(data.get_length());
     if (ssl.GetError()) return -1;

=== modified file 'extra/yassl/src/lock.cpp'
--- a/extra/yassl/src/lock.cpp	2011-04-14 15:40:04 +0000
+++ b/extra/yassl/src/lock.cpp	2012-05-17 12:10:48 +0000
@@ -14,7 +14,7 @@
    along with this program; see the file COPYING. If not, write to the
    Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
    MA  02110-1301  USA.
-*/
+ */
 
 /*  Locking functions
  */

=== modified file 'extra/yassl/src/log.cpp'
--- a/extra/yassl/src/log.cpp	2010-10-27 11:32:32 +0000
+++ b/extra/yassl/src/log.cpp	2012-05-17 12:10:48 +0000
@@ -14,7 +14,7 @@
    along with this program; see the file COPYING. If not, write to the
    Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
    MA  02110-1301  USA.
-*/
+ */
 
 /*  Debug logging functions
  */

=== modified file 'extra/yassl/src/socket_wrapper.cpp'
--- a/extra/yassl/src/socket_wrapper.cpp	2012-03-21 15:59:46 +0000
+++ b/extra/yassl/src/socket_wrapper.cpp	2012-05-17 12:10:48 +0000
@@ -14,7 +14,7 @@
    along with this program; see the file COPYING. If not, write to the
    Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
    MA  02110-1301  USA.
-*/
+ */
 
 
 /* The socket wrapper source implements a Socket class that hides the 
@@ -129,6 +129,7 @@ uint Socket::get_ready() const
     return ready;
 }
 
+
 void Socket::set_transport_ptr(void *ptr)
 {
   ptr_ = ptr;
@@ -147,19 +148,27 @@ void Socket::set_transport_send_function
 }
 
 
-uint Socket::send(const byte* buf, unsigned int sz) const
+uint Socket::send(const byte* buf, unsigned int sz, unsigned int& written)
 {
     const byte* pos = buf;
     const byte* end = pos + sz;
 
+    wouldBlock_ = false;
+
     /* Remove send()/recv() hooks once non-blocking send is implemented. */
     while (pos != end) {
         int sent = send_func_(ptr_, pos, static_cast<int>(end - pos));
-
-    if (sent == -1)
-        return 0;
-
+        if (sent == -1) {
+            if (get_lastError() == SOCKET_EWOULDBLOCK || 
+                get_lastError() == SOCKET_EAGAIN) {
+                wouldBlock_  = true; // would have blocked this time only
+                nonBlocking_ = true; // nonblocking, win32 only way to tell 
+                return 0;
+            }
+            return static_cast<uint>(-1);
+        }
         pos += sent;
+        written += sent;
     }
 
     return sz;
@@ -178,8 +187,8 @@ uint Socket::receive(byte* buf, unsigned
             get_lastError() == SOCKET_EAGAIN) {
             wouldBlock_  = true; // would have blocked this time only
             nonBlocking_ = true; // socket nonblocking, win32 only way to tell
-        return 0;
-    }
+            return 0;
+        }
     }
     else if (recvd == 0)
         return static_cast<uint>(-1);

=== modified file 'extra/yassl/src/ssl.cpp'
--- a/extra/yassl/src/ssl.cpp	2012-03-21 15:59:46 +0000
+++ b/extra/yassl/src/ssl.cpp	2012-05-17 12:10:48 +0000
@@ -14,7 +14,7 @@
    along with this program; see the file COPYING. If not, write to the
    Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
    MA  02110-1301  USA.
-*/
+ */
 
 /*  SSL source implements all openssl compatibility API functions
  *
@@ -26,7 +26,6 @@
 
 
 
-
 /*  see man pages for function descriptions */
 
 #include "runtime.hpp"
@@ -251,60 +250,73 @@ int SSL_connect(SSL* ssl)
     if (ssl->GetError() == YasslError(SSL_ERROR_WANT_READ))
         ssl->SetError(no_error);
 
+    if (ssl->GetError() == YasslError(SSL_ERROR_WANT_WRITE)) {
+    
+        ssl->SetError(no_error);
+        ssl->SendWriteBuffered();
+        if (!ssl->GetError())
+            ssl->useStates().UseConnect() =
+                             ConnectState(ssl->getStates().GetConnect() + 1);
+    }
+
     ClientState neededState;
 
     switch (ssl->getStates().GetConnect()) {
 
     case CONNECT_BEGIN :
-    sendClientHello(*ssl);
+        sendClientHello(*ssl);
         if (!ssl->GetError())
             ssl->useStates().UseConnect() = CLIENT_HELLO_SENT;
 
     case CLIENT_HELLO_SENT :
         neededState = ssl->getSecurity().get_resuming() ?
-        serverFinishedComplete : serverHelloDoneComplete;
-    while (ssl->getStates().getClient() < neededState) {
-        if (ssl->GetError()) break;
-    processReply(*ssl);
-    }
+                      serverFinishedComplete : serverHelloDoneComplete;
+        while (ssl->getStates().getClient() < neededState) {
+            if (ssl->GetError()) break;
+            processReply(*ssl);
+            // if resumption failed, reset needed state 
+            if (neededState == serverFinishedComplete)
+                if (!ssl->getSecurity().get_resuming())
+                    neededState = serverHelloDoneComplete;
+        }
         if (!ssl->GetError())
             ssl->useStates().UseConnect() = FIRST_REPLY_DONE;
 
     case FIRST_REPLY_DONE :
-    if(ssl->getCrypto().get_certManager().sendVerify())
-        sendCertificate(*ssl);
+        if(ssl->getCrypto().get_certManager().sendVerify())
+            sendCertificate(*ssl);
 
-    if (!ssl->getSecurity().get_resuming())
-        sendClientKeyExchange(*ssl);
+        if (!ssl->getSecurity().get_resuming())
+            sendClientKeyExchange(*ssl);
 
-    if(ssl->getCrypto().get_certManager().sendVerify())
-        sendCertificateVerify(*ssl);
+        if(ssl->getCrypto().get_certManager().sendVerify())
+            sendCertificateVerify(*ssl);
 
-    sendChangeCipher(*ssl);
-    sendFinished(*ssl, client_end);
-    ssl->flushBuffer();
+        sendChangeCipher(*ssl);
+        sendFinished(*ssl, client_end);
+        ssl->flushBuffer();
 
         if (!ssl->GetError())
             ssl->useStates().UseConnect() = FINISHED_DONE;
 
     case FINISHED_DONE :
-    if (!ssl->getSecurity().get_resuming())
-        while (ssl->getStates().getClient() < serverFinishedComplete) {
-            if (ssl->GetError()) break;
-        processReply(*ssl);
-        }
+        if (!ssl->getSecurity().get_resuming())
+            while (ssl->getStates().getClient() < serverFinishedComplete) {
+                if (ssl->GetError()) break;
+                processReply(*ssl);
+            }
         if (!ssl->GetError())
             ssl->useStates().UseConnect() = SECOND_REPLY_DONE;
 
     case SECOND_REPLY_DONE :
-    ssl->verifyState(serverFinishedComplete);
-    ssl->useLog().ShowTCP(ssl->getSocket().get_fd());
+        ssl->verifyState(serverFinishedComplete);
+        ssl->useLog().ShowTCP(ssl->getSocket().get_fd());
 
         if (ssl->GetError()) {
             GetErrors().Add(ssl->GetError());
-        return SSL_FATAL_ERROR;
+            return SSL_FATAL_ERROR;
         }   
-    return SSL_SUCCESS;
+        return SSL_SUCCESS;
 
     default :
         return SSL_FATAL_ERROR; // unkown state
@@ -330,27 +342,36 @@ int SSL_accept(SSL* ssl)
     if (ssl->GetError() == YasslError(SSL_ERROR_WANT_READ))
         ssl->SetError(no_error);
 
+    if (ssl->GetError() == YasslError(SSL_ERROR_WANT_WRITE)) {
+    
+        ssl->SetError(no_error);
+        ssl->SendWriteBuffered();
+        if (!ssl->GetError())
+            ssl->useStates().UseAccept() =
+                             AcceptState(ssl->getStates().GetAccept() + 1);
+    }
+
     switch (ssl->getStates().GetAccept()) {
 
     case ACCEPT_BEGIN :
-    processReply(*ssl);
+        processReply(*ssl);
         if (!ssl->GetError())
             ssl->useStates().UseAccept() = ACCEPT_FIRST_REPLY_DONE;
 
     case ACCEPT_FIRST_REPLY_DONE :
-    sendServerHello(*ssl);
+        sendServerHello(*ssl);
 
-    if (!ssl->getSecurity().get_resuming()) {
-        sendCertificate(*ssl);
+        if (!ssl->getSecurity().get_resuming()) {
+            sendCertificate(*ssl);
 
-        if (ssl->getSecurity().get_connection().send_server_key_)
-            sendServerKeyExchange(*ssl);
+            if (ssl->getSecurity().get_connection().send_server_key_)
+                sendServerKeyExchange(*ssl);
 
-        if(ssl->getCrypto().get_certManager().verifyPeer())
-            sendCertificateRequest(*ssl);
+            if(ssl->getCrypto().get_certManager().verifyPeer())
+                sendCertificateRequest(*ssl);
 
-        sendServerHelloDone(*ssl);
-        ssl->flushBuffer();
+            sendServerHelloDone(*ssl);
+            ssl->flushBuffer();
         }
       
         if (!ssl->GetError())
@@ -358,40 +379,40 @@ int SSL_accept(SSL* ssl)
 
     case SERVER_HELLO_DONE :
         if (!ssl->getSecurity().get_resuming()) {
-        while (ssl->getStates().getServer() < clientFinishedComplete) {
-            if (ssl->GetError()) break;
-            processReply(*ssl);
+            while (ssl->getStates().getServer() < clientFinishedComplete) {
+                if (ssl->GetError()) break;
+                processReply(*ssl);
+            }
         }
-    }
         if (!ssl->GetError())
             ssl->useStates().UseAccept() = ACCEPT_SECOND_REPLY_DONE;
 
     case ACCEPT_SECOND_REPLY_DONE :
-    sendChangeCipher(*ssl);
-    sendFinished(*ssl, server_end);
-    ssl->flushBuffer();
+        sendChangeCipher(*ssl);
+        sendFinished(*ssl, server_end);
+        ssl->flushBuffer();
 
         if (!ssl->GetError())
             ssl->useStates().UseAccept() = ACCEPT_FINISHED_DONE;
 
     case ACCEPT_FINISHED_DONE :
-    if (ssl->getSecurity().get_resuming()) {
-        while (ssl->getStates().getServer() < clientFinishedComplete) {
-          if (ssl->GetError()) break;
-          processReply(*ssl);
-      }
-    }
+        if (ssl->getSecurity().get_resuming()) {
+            while (ssl->getStates().getServer() < clientFinishedComplete) {
+                if (ssl->GetError()) break;
+                processReply(*ssl);
+            }
+        }
         if (!ssl->GetError())
             ssl->useStates().UseAccept() = ACCEPT_THIRD_REPLY_DONE;
 
     case ACCEPT_THIRD_REPLY_DONE :
-    ssl->useLog().ShowTCP(ssl->getSocket().get_fd());
+        ssl->useLog().ShowTCP(ssl->getSocket().get_fd());
 
         if (ssl->GetError()) {
             GetErrors().Add(ssl->GetError());
-        return SSL_FATAL_ERROR;
+            return SSL_FATAL_ERROR;
         }
-    return SSL_SUCCESS;
+        return SSL_SUCCESS;
 
     default:
         return SSL_FATAL_ERROR; // unknown state
@@ -1096,7 +1117,6 @@ int EVP_BytesToKey(const EVP_CIPHER* typ
             ivLeft    -= store;
         }
     }
-    assert(keyOutput == (keyLen + ivLen));
     return keyOutput;
 }
 

=== added file 'extra/yassl/src/template_instnt.cpp'
--- a/extra/yassl/src/template_instnt.cpp	1970-01-01 00:00:00 +0000
+++ b/extra/yassl/src/template_instnt.cpp	2012-05-17 12:10:48 +0000
@@ -0,0 +1,109 @@
+/*
+   Copyright (c) 2005, 2011, Oracle and/or its affiliates. All rights reserved.
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; version 2 of the License.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; see the file COPYING. If not, write to the
+   Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
+   MA  02110-1301  USA.
+*/
+
+/*  Explicit template instantiation requests 
+ */
+
+
+#include "runtime.hpp"
+#include "handshake.hpp"
+#include "yassl_int.hpp"
+#include "crypto_wrapper.hpp"
+#include "hmac.hpp"
+#include "md5.hpp"
+#include "sha.hpp"
+#include "ripemd.hpp"
+#include "openssl/ssl.h"
+
+#ifdef HAVE_EXPLICIT_TEMPLATE_INSTANTIATION
+
+namespace mySTL {
+template class list<unsigned char*>;
+template yaSSL::del_ptr_zero for_each(mySTL::list<unsigned char*>::iterator, mySTL::list<unsigned char*>::iterator, yaSSL::del_ptr_zero);
+template pair<int, yaSSL::Message* (*)()>* uninit_copy<mySTL::pair<int, yaSSL::Message* (*)()>*, mySTL::pair<int, yaSSL::Message* (*)()>*>(mySTL::pair<int, yaSSL::Message* (*)()>*, mySTL::pair<int, yaSSL::Message* (*)()>*, mySTL::pair<int, yaSSL::Message* (*)()>*);
+template pair<int, yaSSL::HandShakeBase* (*)()>* uninit_copy<mySTL::pair<int, yaSSL::HandShakeBase* (*)()>*, mySTL::pair<int, yaSSL::HandShakeBase* (*)()>*>(mySTL::pair<int, yaSSL::HandShakeBase* (*)()>*, mySTL::pair<int, yaSSL::HandShakeBase* (*)()>*, mySTL::pair<int, yaSSL::HandShakeBase* (*)()>*);
+template void destroy<mySTL::pair<int, yaSSL::Message* (*)()>*>(mySTL::pair<int, yaSSL::Message* (*)()>*, mySTL::pair<int, yaSSL::Message* (*)()>*);
+template void destroy<mySTL::pair<int, yaSSL::HandShakeBase* (*)()>*>(mySTL::pair<int, yaSSL::HandShakeBase* (*)()>*, mySTL::pair<int, yaSSL::HandShakeBase* (*)()>*);
+template pair<int, yaSSL::ServerKeyBase* (*)()>* uninit_copy<mySTL::pair<int, yaSSL::ServerKeyBase* (*)()>*, mySTL::pair<int, yaSSL::ServerKeyBase* (*)()>*>(mySTL::pair<int, yaSSL::ServerKeyBase* (*)()>*, mySTL::pair<int, yaSSL::ServerKeyBase* (*)()>*, mySTL::pair<int, yaSSL::ServerKeyBase* (*)()>*);
+template void destroy<mySTL::pair<int, yaSSL::ServerKeyBase* (*)()>*>(mySTL::pair<int, yaSSL::ServerKeyBase* (*)()>*, mySTL::pair<int, yaSSL::ServerKeyBase* (*)()>*);
+template pair<int, yaSSL::ClientKeyBase* (*)()>* uninit_copy<mySTL::pair<int, yaSSL::ClientKeyBase* (*)()>*, mySTL::pair<int, yaSSL::ClientKeyBase* (*)()>*>(mySTL::pair<int, yaSSL::ClientKeyBase* (*)()>*, mySTL::pair<int, yaSSL::ClientKeyBase* (*)()>*, mySTL::pair<int, yaSSL::ClientKeyBase* (*)()>*);
+template class list<TaoCrypt::Signer*>;
+template class list<yaSSL::SSL_SESSION*>;
+template class list<yaSSL::input_buffer*>;
+template class list<yaSSL::output_buffer*>;
+template class list<yaSSL::x509*>;
+template class list<yaSSL::Digest*>;
+template class list<yaSSL::BulkCipher*>;
+template void destroy<mySTL::pair<int, yaSSL::ClientKeyBase* (*)()>*>(mySTL::pair<int, yaSSL::ClientKeyBase* (*)()>*, mySTL::pair<int, yaSSL::ClientKeyBase* (*)()>*);
+template yaSSL::del_ptr_zero for_each<mySTL::list<TaoCrypt::Signer*>::iterator, yaSSL::del_ptr_zero>(mySTL::list<TaoCrypt::Signer*>::iterator, mySTL::list<TaoCrypt::Signer*>::iterator, yaSSL::del_ptr_zero);
+template yaSSL::del_ptr_zero for_each<mySTL::list<yaSSL::SSL_SESSION*>::iterator, yaSSL::del_ptr_zero>(mySTL::list<yaSSL::SSL_SESSION*>::iterator, mySTL::list<yaSSL::SSL_SESSION*>::iterator, yaSSL::del_ptr_zero);
+template yaSSL::del_ptr_zero for_each<mySTL::list<yaSSL::input_buffer*>::iterator, yaSSL::del_ptr_zero>(mySTL::list<yaSSL::input_buffer*>::iterator, mySTL::list<yaSSL::input_buffer*>::iterator, yaSSL::del_ptr_zero);
+template yaSSL::del_ptr_zero for_each<mySTL::list<yaSSL::output_buffer*>::iterator, yaSSL::del_ptr_zero>(mySTL::list<yaSSL::output_buffer*>::iterator, mySTL::list<yaSSL::output_buffer*>::iterator, yaSSL::del_ptr_zero);
+template yaSSL::del_ptr_zero for_each<mySTL::list<yaSSL::x509*>::iterator, yaSSL::del_ptr_zero>(mySTL::list<yaSSL::x509*>::iterator, mySTL::list<yaSSL::x509*>::iterator, yaSSL::del_ptr_zero);
+template yaSSL::del_ptr_zero for_each<mySTL::list<yaSSL::Digest*>::iterator, yaSSL::del_ptr_zero>(mySTL::list<yaSSL::Digest*>::iterator, mySTL::list<yaSSL::Digest*>::iterator, yaSSL::del_ptr_zero);
+template yaSSL::del_ptr_zero for_each<mySTL::list<yaSSL::BulkCipher*>::iterator, yaSSL::del_ptr_zero>(mySTL::list<yaSSL::BulkCipher*>::iterator, mySTL::list<yaSSL::BulkCipher*>::iterator, yaSSL::del_ptr_zero);
+template bool list<yaSSL::ThreadError>::erase(list<yaSSL::ThreadError>::iterator);
+template void list<yaSSL::ThreadError>::push_back(yaSSL::ThreadError);
+template void list<yaSSL::ThreadError>::pop_front();
+template void list<yaSSL::ThreadError>::pop_back();
+template list<yaSSL::ThreadError>::~list();
+template pair<int, yaSSL::Message* (*)()>* GetArrayMemory<pair<int, yaSSL::Message* (*)()> >(size_t);
+template void FreeArrayMemory<pair<int, yaSSL::Message* (*)()> >(pair<int, yaSSL::Message* (*)()>*);
+template pair<int, yaSSL::HandShakeBase* (*)()>* GetArrayMemory<pair<int, yaSSL::HandShakeBase* (*)()> >(size_t);
+template void FreeArrayMemory<pair<int, yaSSL::HandShakeBase* (*)()> >(pair<int, yaSSL::HandShakeBase* (*)()>*);
+template pair<int, yaSSL::ServerKeyBase* (*)()>* GetArrayMemory<pair<int, yaSSL::ServerKeyBase* (*)()> >(size_t);
+template void FreeArrayMemory<pair<int, yaSSL::ServerKeyBase* (*)()> >(pair<int, yaSSL::ServerKeyBase* (*)()>*);
+template pair<int, yaSSL::ClientKeyBase* (*)()>* GetArrayMemory<pair<int, yaSSL::ClientKeyBase* (*)()> >(size_t);
+template void FreeArrayMemory<pair<int, yaSSL::ClientKeyBase* (*)()> >(pair<int, yaSSL::ClientKeyBase* (*)()>*);
+}
+
+namespace yaSSL {
+template void ysDelete<SSL_CTX>(yaSSL::SSL_CTX*);
+template void ysDelete<SSL>(yaSSL::SSL*);
+template void ysDelete<BIGNUM>(yaSSL::BIGNUM*);
+template void ysDelete<unsigned char>(unsigned char*);
+template void ysDelete<DH>(yaSSL::DH*);
+template void ysDelete<TaoCrypt::Signer>(TaoCrypt::Signer*);
+template void ysDelete<SSL_SESSION>(yaSSL::SSL_SESSION*);
+template void ysDelete<input_buffer>(input_buffer*);
+template void ysDelete<output_buffer>(output_buffer*);
+template void ysDelete<x509>(x509*);
+template void ysDelete<Auth>(Auth*);
+template void ysDelete<HandShakeBase>(HandShakeBase*);
+template void ysDelete<ServerKeyBase>(ServerKeyBase*);
+template void ysDelete<ClientKeyBase>(ClientKeyBase*);
+template void ysDelete<SSL_METHOD>(SSL_METHOD*);
+template void ysDelete<DiffieHellman>(DiffieHellman*);
+template void ysDelete<BulkCipher>(BulkCipher*);
+template void ysDelete<Digest>(Digest*);
+template void ysDelete<X509>(X509*);
+template void ysDelete<Message>(Message*);
+template void ysDelete<sslFactory>(sslFactory*);
+template void ysDelete<Sessions>(Sessions*);
+template void ysDelete<Errors>(Errors*);
+template void ysArrayDelete<unsigned char>(unsigned char*);
+template void ysArrayDelete<char>(char*);
+
+template int min<int>(int, int);
+template uint16 min<uint16>(uint16, uint16);
+template unsigned int min<unsigned int>(unsigned int, unsigned int);
+template unsigned long min<unsigned long>(unsigned long, unsigned long);
+}
+
+#endif // HAVE_EXPLICIT_TEMPLATE_INSTANTIATION
+

=== modified file 'extra/yassl/src/timer.cpp'
--- a/extra/yassl/src/timer.cpp	2010-10-27 11:32:32 +0000
+++ b/extra/yassl/src/timer.cpp	2012-05-17 12:10:48 +0000
@@ -14,7 +14,7 @@
    along with this program; see the file COPYING. If not, write to the
    Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
    MA  02110-1301  USA.
-*/
+ */
 
 /* timer.cpp implements a high res and low res timer
  *

=== modified file 'extra/yassl/src/yassl.cpp'
--- a/extra/yassl/src/yassl.cpp	2012-03-21 15:59:46 +0000
+++ b/extra/yassl/src/yassl.cpp	2012-05-17 12:10:48 +0000
@@ -14,7 +14,7 @@
    along with this program; see the file COPYING. If not, write to the
    Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
    MA  02110-1301  USA.
-*/
+ */
 
 
 /* yaSSL implements external API
@@ -69,13 +69,13 @@ void SetUpBase(Base& base, ConnectionEnd
 
     if (base.ca_)
         if (SSL_CTX_load_verify_locations(base.ctx_,
-            base.ca_, 0) != SSL_SUCCESS) assert(0);
+            base.ca_, 0) != SSL_SUCCESS) throw(0);
     if (base.cert_)
         if (SSL_CTX_use_certificate_file(base.ctx_,
-            base.cert_, SSL_FILETYPE_PEM) != SSL_SUCCESS) assert(0);
+            base.cert_, SSL_FILETYPE_PEM) != SSL_SUCCESS) throw(0);
     if (base.key_)
         if (SSL_CTX_use_PrivateKey_file(base.ctx_, base.key_,
-            SSL_FILETYPE_PEM) != SSL_SUCCESS) assert(0);
+            SSL_FILETYPE_PEM) != SSL_SUCCESS) throw(0);
 
     if (end == server_end) SetDH(base);
 

=== modified file 'extra/yassl/src/yassl_error.cpp'
--- a/extra/yassl/src/yassl_error.cpp	2012-03-21 15:59:46 +0000
+++ b/extra/yassl/src/yassl_error.cpp	2012-05-17 12:10:48 +0000
@@ -14,7 +14,7 @@
    along with this program; see the file COPYING. If not, write to the
    Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
    MA  02110-1301  USA.
-*/
+ */
 
 
 /* yaSSL error implements and an exception class
@@ -31,6 +31,11 @@
     #pragma warning(disable: 4996)
 #endif
 
+#ifdef _MSC_VER
+    // 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy
+    #pragma warning(disable: 4996)
+#endif
+
 namespace yaSSL {
 
 
@@ -59,8 +64,9 @@ void SetErrorString(unsigned long error,
 {
     using namespace TaoCrypt;
     const int max = MAX_ERROR_SZ;  // shorthand
+    int localError = error;        // errors from a few enums 
 
-    switch (error) {
+    switch (localError) {
 
         // yaSSL proper errors
     case range_error :
@@ -121,7 +127,7 @@ void SetErrorString(unsigned long error,
 
     case certificate_error :
         strncpy(buffer, "unable to proccess cerificate", max);
-        break; 
+        break;
 
     case privateKey_error :
         strncpy(buffer, "unable to proccess private key, bad format", max);
@@ -130,7 +136,7 @@ void SetErrorString(unsigned long error,
     case badVersion_error :
         strncpy(buffer, "protocol version mismatch", max);
         break;
-        
+
     case compress_error :
         strncpy(buffer, "compression error", max);
         break;
@@ -148,6 +154,10 @@ void SetErrorString(unsigned long error,
         strncpy(buffer, "the read operation would block", max);
         break;
 
+    case SSL_ERROR_WANT_WRITE :
+        strncpy(buffer, "the write operation would block", max);
+        break;
+
     case CERTFICATE_ERROR :
         strncpy(buffer, "Unable to verify certificate", max);
         break;

=== modified file 'extra/yassl/src/yassl_imp.cpp'
--- a/extra/yassl/src/yassl_imp.cpp	2012-03-21 15:59:46 +0000
+++ b/extra/yassl/src/yassl_imp.cpp	2012-05-17 12:10:48 +0000
@@ -14,7 +14,7 @@
    along with this program; see the file COPYING. If not, write to the
    Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
    MA  02110-1301  USA.
-*/
+ */
 
 /*  yaSSL source implements all SSL.v3 secification structures.
  */
@@ -117,7 +117,7 @@ void ClientDiffieHellmanPublic::build(SS
     if (*dhClient.get_agreedKey() == 0) 
         ssl.set_preMaster(dhClient.get_agreedKey() + 1, keyLength - 1);
     else
-    ssl.set_preMaster(dhClient.get_agreedKey(), keyLength);
+        ssl.set_preMaster(dhClient.get_agreedKey(), keyLength);
 }
 
 
@@ -135,8 +135,7 @@ void DH_Server::build(SSL& ssl)
     mySTL::auto_ptr<Auth> auth;
     const CertManager& cert = ssl.getCrypto().get_certManager();
     
-    if (ssl.getSecurity().get_parms().sig_algo_ == rsa_sa_algo)
-    {
+    if (ssl.getSecurity().get_parms().sig_algo_ == rsa_sa_algo) {
         if (cert.get_keyType() != rsa_sa_algo) {
             ssl.SetError(privateKey_error);
             return;
@@ -925,8 +924,6 @@ Data::Data(uint16 len, opaque* b)
 
 void Data::SetData(uint16 len, const opaque* buffer)
 {
-    assert(write_buffer_ == 0);
-
     length_ = len;
     write_buffer_ = buffer;
 }
@@ -992,6 +989,11 @@ void Data::Process(input_buffer& input, 
     int dataSz = msgSz - ivExtra - digestSz - pad - padSz;
     opaque verify[SHA_LEN];
 
+    if (dataSz < 0) {
+        ssl.SetError(bad_input);
+        return;
+    }
+
     const byte* rawData = input.get_buffer() + input.get_current();
 
     // read data
@@ -1006,10 +1008,10 @@ void Data::Process(input_buffer& input, 
                                             tmp.get_buffer(), tmp.get_size()));
         }
         else {
-        input_buffer* data;
-        ssl.addData(data = NEW_YS input_buffer(dataSz));
-        input.read(data->get_buffer(), dataSz);
-        data->add_size(dataSz);
+            input_buffer* data;
+            ssl.addData(data = NEW_YS input_buffer(dataSz));
+            input.read(data->get_buffer(), dataSz);
+            data->add_size(dataSz);
         }
 
         if (ssl.isTLS())
@@ -1294,12 +1296,11 @@ void ServerHello::Process(input_buffer&,
     ssl.set_pending(cipher_suite_[1]);
     ssl.set_random(random_, server_end);
     if (id_len_)
-    ssl.set_sessionID(session_id_);
+        ssl.set_sessionID(session_id_);
     else
         ssl.useSecurity().use_connection().sessionID_Set_ = false;
 
-    if (ssl.getSecurity().get_resuming())
-    {
+    if (ssl.getSecurity().get_resuming()) {
         if (memcmp(session_id_, ssl.getSecurity().get_resume().GetID(),
                    ID_LEN) == 0) {
             ssl.set_masterSecret(ssl.getSecurity().get_resume().GetSecret());
@@ -1423,7 +1424,7 @@ input_buffer& operator>>(input_buffer& i
     if (hello.id_len_) input.read(hello.session_id_, ID_LEN);
     
     // Suites
-    byte tmp[2];
+    byte   tmp[2];
     uint16 len;
     tmp[0] = input[AUTO];
     tmp[1] = input[AUTO];
@@ -1431,8 +1432,8 @@ input_buffer& operator>>(input_buffer& i
 
     hello.suite_len_ = min(len, static_cast<uint16>(MAX_SUITE_SZ));
     input.read(hello.cipher_suites_, hello.suite_len_);
-    if (len > hello.suite_len_) // ignore extra suites
-        input.set_current(input.get_current() + len -  hello.suite_len_);
+    if (len > hello.suite_len_)  // ignore extra suites
+        input.set_current(input.get_current() + len - hello.suite_len_);
 
     // Compression
     hello.comp_len_ = input[AUTO];
@@ -1496,8 +1497,9 @@ void ClientHello::Process(input_buffer&,
     if (ssl.GetMultiProtocol()) {   // SSLv23 support
         if (ssl.isTLS() && client_version_.minor_ < 1) {
             // downgrade to SSLv3
-        ssl.useSecurity().use_connection().TurnOffTLS();
-        ProtocolVersion pv = ssl.getSecurity().get_connection().version_;
+            ssl.useSecurity().use_connection().TurnOffTLS();
+            
+            ProtocolVersion pv = ssl.getSecurity().get_connection().version_;
             bool removeDH  = ssl.getSecurity().get_parms().removeDH_;
             bool removeRSA = false;
             bool removeDSA = false;
@@ -1511,7 +1513,7 @@ void ClientHello::Process(input_buffer&,
             // reset w/ SSL suites
             ssl.useSecurity().use_parms().SetSuites(pv, removeDH, removeRSA,
                                                     removeDSA);
-    }
+        }
         else if (ssl.isTLSv1_1() && client_version_.minor_ == 1)
             // downgrade to TLSv1, but use same suites
             ssl.useSecurity().use_connection().TurnOffTLS1_1();
@@ -1542,6 +1544,7 @@ void ClientHello::Process(input_buffer&,
         ssl.set_session(session);
         ssl.useSecurity().set_resuming(true);
         ssl.matchSuite(session->GetSuite(), SUITE_LEN);
+        if (ssl.GetError()) return;
         ssl.set_pending(ssl.getSecurity().get_parms().suite_[1]);
         ssl.set_masterSecret(session->GetSecret());
 
@@ -2038,7 +2041,7 @@ void Finished::Process(input_buffer& inp
     // verify hashes
     const  Finished& verify = ssl.getHashes().get_verify();
     uint finishedSz = ssl.isTLS() ? TLS_FINISHED_SZ : FINISHED_SZ;
-
+    
     input.read(hashes_.md5_, finishedSz);
 
     if (memcmp(&hashes_, &verify.hashes_, finishedSz)) {

=== modified file 'extra/yassl/src/yassl_int.cpp'
--- a/extra/yassl/src/yassl_int.cpp	2012-03-21 15:59:46 +0000
+++ b/extra/yassl/src/yassl_int.cpp	2012-05-17 12:10:48 +0000
@@ -1126,8 +1126,28 @@ void SSL::flushBuffer()
 
 void SSL::Send(const byte* buffer, uint sz)
 {
-    if (socket_.send(buffer, sz) != sz)
-        SetError(send_error);
+    unsigned int sent = 0;
+
+    if (socket_.send(buffer, sz, sent) != sz) {
+        if (socket_.WouldBlock()) {
+            buffers_.SetOutput(NEW_YS output_buffer(sz - sent, buffer + sent,
+                                                    sz - sent));
+            SetError(YasslError(SSL_ERROR_WANT_WRITE));
+        }
+        else
+            SetError(send_error);
+    }
+}
+
+
+void SSL::SendWriteBuffered()
+{
+    output_buffer* out = buffers_.TakeOutput();
+
+    if (out) {
+        mySTL::auto_ptr<output_buffer> tmp(out);
+        Send(out->get_buffer(), out->get_size());
+    }
 }
 
 
@@ -1289,7 +1309,6 @@ void SSL::matchSuite(const opaque* peer,
             if (secure_.use_parms().suites_[i] == peer[j]) {
                 secure_.use_parms().suite_[0] = 0x00;
                 secure_.use_parms().suite_[1] = peer[j];
-
                 return;
             }
 
@@ -1433,7 +1452,6 @@ void SSL::addBuffer(output_buffer* b)
 
 void SSL_SESSION::CopyX509(X509* x)
 {
-    assert(peerX509_ == 0);
     if (x == 0) return;
 
     X509_NAME* issuer   = x->GetIssuer();
@@ -1869,7 +1887,7 @@ SSL_CTX::GetCA_List() const
 }
 
 
-VerifyCallback SSL_CTX::getVerifyCallback() const
+const VerifyCallback SSL_CTX::getVerifyCallback() const
 {
     return verifyCallback_;
 }
@@ -2268,7 +2286,7 @@ Hashes& sslHashes::use_certVerify()
 }
 
 
-Buffers::Buffers() : rawInput_(0)
+Buffers::Buffers() : prevSent(0), plainSz(0), rawInput_(0), output_(0)
 {}
 
 
@@ -2279,12 +2297,18 @@ Buffers::~Buffers()
     STL::for_each(dataList_.begin(), dataList_.end(),
                   del_ptr_zero()) ;
     ysDelete(rawInput_);
+    ysDelete(output_);
+}
+
+
+void Buffers::SetOutput(output_buffer* ob)
+{
+    output_ = ob;
 }
 
 
 void Buffers::SetRawInput(input_buffer* ib)
 {
-    assert(rawInput_ == 0);
     rawInput_ = ib;
 }
 
@@ -2298,6 +2322,15 @@ input_buffer* Buffers::TakeRawInput()
 }
 
 
+output_buffer* Buffers::TakeOutput()
+{
+    output_buffer* ret = output_;
+    output_ = 0;
+
+    return ret;
+}
+
+
 const Buffers::inputList& Buffers::getData() const
 {
     return dataList_;
@@ -2573,14 +2606,12 @@ ASN1_STRING* StringHolder::GetString()
     // these versions should never get called
     int Compress(const byte* in, int sz, input_buffer& buffer)
     {
-        assert(0);  
         return -1;
     } 
 
 
     int DeCompress(input_buffer& in, int sz, input_buffer& out)
     {
-        assert(0);  
         return -1;
     } 
 

=== modified file 'extra/yassl/taocrypt/README'
--- a/extra/yassl/taocrypt/README	2012-03-21 14:27:34 +0000
+++ b/extra/yassl/taocrypt/README	2012-05-17 12:10:48 +0000
@@ -21,7 +21,7 @@ Stream Ciphers: ARC4
 Public Key Crypto: RSA, DSA, Diffie-Hellman
 Password based key derivation: PBKDF2 from PKCS #5
 Pseudo Random Number Generators
-Lare Integer Support
+Large Integer Support
 Base 16/64 encoding/decoding
 DER encoding/decoding
 X.509 processing

=== modified file 'extra/yassl/taocrypt/benchmark/benchmark.cpp'
--- a/extra/yassl/taocrypt/benchmark/benchmark.cpp	2012-03-21 14:27:34 +0000
+++ b/extra/yassl/taocrypt/benchmark/benchmark.cpp	2012-05-17 12:10:48 +0000
@@ -117,7 +117,7 @@ void bench_des()
 
     double persec = 1 / total * megs;
 
-    printf("3DES     %d megs took %5.3f seconds, %5.2f MB/s\n", megs, total,
+    printf("3DES     %d megs took %5.3f seconds, %6.2f MB/s\n", megs, total,
                                                              persec);
 }
 
@@ -137,7 +137,7 @@ void bench_aes(bool show)
     double persec = 1 / total * megs;
 
     if (show)
-        printf("AES      %d megs took %5.3f seconds, %5.2f MB/s\n", megs, total,
+        printf("AES      %d megs took %5.3f seconds, %6.2f MB/s\n", megs, total,
                                                                  persec);
 }
 
@@ -156,7 +156,7 @@ void bench_twofish()
 
     double persec = 1 / total * megs;
 
-    printf("Twofish  %d megs took %5.3f seconds, %5.2f MB/s\n", megs, total,
+    printf("Twofish  %d megs took %5.3f seconds, %6.2f MB/s\n", megs, total,
                                                             persec);
 
 }
@@ -176,7 +176,7 @@ void bench_blowfish()
 
     double persec = 1 / total * megs;
 
-    printf("Blowfish %d megs took %5.3f seconds, %5.2f MB/s\n", megs, total,
+    printf("Blowfish %d megs took %5.3f seconds, %6.2f MB/s\n", megs, total,
                                                              persec);
 }
 
@@ -195,7 +195,7 @@ void bench_arc4()
 
     double persec = 1 / total * megs;
 
-    printf("ARC4     %d megs took %5.3f seconds, %5.2f MB/s\n", megs, total,
+    printf("ARC4     %d megs took %5.3f seconds, %6.2f MB/s\n", megs, total,
                                                              persec);
 }
 
@@ -217,7 +217,7 @@ void bench_md5()
 
     double persec = 1 / total * megs;
 
-    printf("MD5      %d megs took %5.3f seconds, %5.2f MB/s\n", megs, total,
+    printf("MD5      %d megs took %5.3f seconds, %6.2f MB/s\n", megs, total,
                                                              persec);
 }
 
@@ -245,7 +245,7 @@ void bench_sha()
 
     double persec = 1 / total * megs;
 
-    printf("SHA      %d megs took %5.3f seconds, %5.2f MB/s\n", megs, total,
+    printf("SHA      %d megs took %5.3f seconds, %6.2f MB/s\n", megs, total,
                                                              persec);
 }
 
@@ -267,7 +267,7 @@ void bench_ripemd()
 
     double persec = 1 / total * megs;
 
-    printf("RIPEMD   %d megs took %5.3f seconds, %5.2f MB/s\n", megs, total,
+    printf("RIPEMD   %d megs took %5.3f seconds, %6.2f MB/s\n", megs, total,
                                                              persec);
 }
 
@@ -290,7 +290,7 @@ void bench_rsa()
     byte      message[] = "Everyone gets Friday off.";
     byte      cipher[128];  // for 1024 bit
     byte      plain[128];   // for 1024 bit
-    const int len = strlen((char*)message);
+    const int len = (word32)strlen((char*)message);
     
     int i;    
     double start = current_time();

=== modified file 'extra/yassl/taocrypt/benchmark/benchmark.dsp'
--- a/extra/yassl/taocrypt/benchmark/benchmark.dsp	2012-03-21 14:27:34 +0000
+++ b/extra/yassl/taocrypt/benchmark/benchmark.dsp	2012-05-17 12:10:48 +0000
@@ -49,8 +49,8 @@ BSC32=bscmake.exe
 # ADD BASE BSC32 /nologo
 # ADD BSC32 /nologo
 LINK32=link.exe
-# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib  kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386
-# ADD LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib  kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386
+# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386
+# ADD LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386
 
 !ELSEIF  "$(CFG)" == "benchmark - Win32 Debug"
 
@@ -64,7 +64,7 @@ LINK32=link.exe
 # PROP Output_Dir "Debug"
 # PROP Intermediate_Dir "Debug"
 # PROP Target_Dir ""
-# ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ  /c
+# ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c
 # ADD CPP /nologo /MTd /W3 /Gm /GX /ZI /Od /I "..\include" /I "..\mySTL" /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ  /c
 # ADD BASE RSC /l 0x409 /d "_DEBUG"
 # ADD RSC /l 0x409 /d "_DEBUG"
@@ -72,8 +72,8 @@ BSC32=bscmake.exe
 # ADD BASE BSC32 /nologo
 # ADD BSC32 /nologo
 LINK32=link.exe
-# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib  kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept
-# ADD LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib  kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept
+# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept
+# ADD LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept
 
 !ENDIF 
 

=== modified file 'extra/yassl/taocrypt/include/aes.hpp'
--- a/extra/yassl/taocrypt/include/aes.hpp	2010-10-27 11:32:32 +0000
+++ b/extra/yassl/taocrypt/include/aes.hpp	2012-05-17 12:10:48 +0000
@@ -14,7 +14,7 @@
    along with this program; see the file COPYING. If not, write to the
    Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
    MA  02110-1301  USA.
-*/
+ */
 
 /* aes.hpp defines AES
 */
@@ -92,7 +92,6 @@ typedef BlockCipher<ENCRYPTION, AES, CBC
 typedef BlockCipher<DECRYPTION, AES, CBC> AES_CBC_Decryption;
 
 
-
 } // naemspace
 
 #endif // TAO_CRYPT_AES_HPP

=== modified file 'extra/yassl/taocrypt/include/algebra.hpp'
--- a/extra/yassl/taocrypt/include/algebra.hpp	2010-10-27 11:32:32 +0000
+++ b/extra/yassl/taocrypt/include/algebra.hpp	2012-05-17 12:10:48 +0000
@@ -14,7 +14,7 @@
    along with this program; see the file COPYING. If not, write to the
    Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
    MA  02110-1301  USA.
-*/
+ */
 
 /* based on Wei Dai's algebra.h from CryptoPP */
 

=== modified file 'extra/yassl/taocrypt/include/arc4.hpp'
--- a/extra/yassl/taocrypt/include/arc4.hpp	2010-10-27 11:32:32 +0000
+++ b/extra/yassl/taocrypt/include/arc4.hpp	2012-05-17 12:10:48 +0000
@@ -14,7 +14,7 @@
    along with this program; see the file COPYING. If not, write to the
    Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
    MA  02110-1301  USA.
-*/
+ */
 
 /* arc4.hpp defines ARC4
 */

=== modified file 'extra/yassl/taocrypt/include/asn.hpp'
--- a/extra/yassl/taocrypt/include/asn.hpp	2012-03-21 15:59:46 +0000
+++ b/extra/yassl/taocrypt/include/asn.hpp	2012-05-17 12:10:48 +0000
@@ -14,7 +14,7 @@
    along with this program; see the file COPYING. If not, write to the
    Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
    MA  02110-1301  USA.
-*/
+ */
 
 /* asn.hpp provides ASN1 BER, PublicKey, and x509v3 decoding 
 */
@@ -23,6 +23,7 @@
 #ifndef TAO_CRYPT_ASN_HPP
 #define TAO_CRYPT_ASN_HPP
 
+
 #include <time.h>
 #include "misc.hpp"
 #include "block.hpp"
@@ -166,6 +167,7 @@ public:
     void Decode(RSA_PublicKey&);
 private:
     void ReadHeader();
+    void ReadHeaderOpenSSL();
 };
 
 
@@ -371,7 +373,7 @@ int GetCert(Source&);
 // Get Cert in PEM format from pkcs12 file
 int GetPKCS_Cert(const char* password, Source&);
 
-void ASN1_TIME_extract(const unsigned char* date, unsigned char format,
+bool ASN1_TIME_extract(const unsigned char* date, unsigned char format,
                        tm *parsed_time);
 
 } // namespace

=== modified file 'extra/yassl/taocrypt/include/block.hpp'
--- a/extra/yassl/taocrypt/include/block.hpp	2012-03-21 15:59:46 +0000
+++ b/extra/yassl/taocrypt/include/block.hpp	2012-05-17 12:10:48 +0000
@@ -15,7 +15,7 @@
    along with this program; see the file COPYING. If not, write to the
    Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
    MA  02110-1301  USA.
-*/
+ */
 
 
 /* block.hpp provides word and byte blocks with configurable allocators
@@ -61,10 +61,6 @@ public:
     void          destroy(pointer p) {p->~T();}
     size_type     max_size() const {return ~size_type(0)/sizeof(T);}
 protected:
-    static void CheckSize(size_t n)
-    {
-        assert(n <= ~size_t(0) / sizeof(T));
-    }
 };
 
 
@@ -101,7 +97,8 @@ public:
 
     pointer allocate(size_type n, const void* = 0)
     {
-        this->CheckSize(n);
+        if (n > this->max_size())
+            return 0;
         if (n == 0)
             return 0;
         return NEW_TC T[n];
@@ -144,9 +141,8 @@ public:
         return *this;
     }
 
-    T& operator[] (word32 i) { assert(i < sz_); return buffer_[i]; }
-    const T& operator[] (word32 i) const 
-        { assert(i < sz_); return buffer_[i]; }
+    T& operator[] (word32 i) { return buffer_[i]; }
+    const T& operator[] (word32 i) const { return buffer_[i]; }
 
     T* operator+ (word32 i) { return buffer_ + i; }
     const T* operator+ (word32 i) const { return buffer_ + i; }

=== modified file 'extra/yassl/taocrypt/include/blowfish.hpp'
--- a/extra/yassl/taocrypt/include/blowfish.hpp	2012-03-21 15:59:46 +0000
+++ b/extra/yassl/taocrypt/include/blowfish.hpp	2012-05-17 12:10:48 +0000
@@ -14,7 +14,7 @@
    along with this program; see the file COPYING. If not, write to the
    Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
    MA  02110-1301  USA.
-*/
+ */
 
 /* blowfish.hpp defines Blowfish
 */
@@ -59,11 +59,11 @@ public:
     void SetKey(const byte* key, word32 sz, CipherDir fake = ENCRYPTION);
     void SetIV(const byte* iv) { memcpy(r_, iv, BLOCK_SIZE); }
 private:
-	static const word32 p_init_[ROUNDS + 2];
-	static const word32 s_init_[4 * 256];
+    static const word32 p_init_[ROUNDS + 2];
+    static const word32 s_init_[4 * 256];
 
-	word32 pbox_[ROUNDS + 2 + 4 * 256];
-	word32* sbox_;
+    word32 pbox_[ROUNDS + 2 + 4 * 256];
+    word32* sbox_;
 
     void crypt_block(const word32 in[2], word32 out[2]) const;
     void AsmProcess(const byte* in, byte* out) const;

=== modified file 'extra/yassl/taocrypt/include/coding.hpp'
--- a/extra/yassl/taocrypt/include/coding.hpp	2010-10-27 11:32:32 +0000
+++ b/extra/yassl/taocrypt/include/coding.hpp	2012-05-17 12:10:48 +0000
@@ -14,7 +14,7 @@
    along with this program; see the file COPYING. If not, write to the
    Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
    MA  02110-1301  USA.
-*/
+ */
 
 /* coding.hpp defines hex and base64 encoding/decoing
 */

=== modified file 'extra/yassl/taocrypt/include/des.hpp'
--- a/extra/yassl/taocrypt/include/des.hpp	2012-03-21 15:59:46 +0000
+++ b/extra/yassl/taocrypt/include/des.hpp	2012-05-17 12:10:48 +0000
@@ -14,7 +14,7 @@
    along with this program; see the file COPYING. If not, write to the
    Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
    MA  02110-1301  USA.
-*/
+ */
 
 /* des.hpp defines DES, DES_EDE2, and DES_EDE3
    see FIPS 46-2 and FIPS 81
@@ -84,7 +84,7 @@ private:
 // DES_EDE3
 class DES_EDE3 : public Mode_BASE {
 public:
-    DES_EDE3(CipherDir DIR, Mode MODE) 
+    DES_EDE3(CipherDir DIR, Mode MODE)
         : Mode_BASE(DES_BLOCK_SIZE, DIR, MODE) {}
 
     void SetKey(const byte*, word32, CipherDir dir);

=== modified file 'extra/yassl/taocrypt/include/dh.hpp'
--- a/extra/yassl/taocrypt/include/dh.hpp	2010-10-27 11:32:32 +0000
+++ b/extra/yassl/taocrypt/include/dh.hpp	2012-05-17 12:10:48 +0000
@@ -14,7 +14,7 @@
    along with this program; see the file COPYING. If not, write to the
    Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
    MA  02110-1301  USA.
-*/
+ */
 
 /* dh.hpp provides Diffie-Hellman support
 */

=== modified file 'extra/yassl/taocrypt/include/dsa.hpp'
--- a/extra/yassl/taocrypt/include/dsa.hpp	2010-10-27 11:32:32 +0000
+++ b/extra/yassl/taocrypt/include/dsa.hpp	2012-05-17 12:10:48 +0000
@@ -14,7 +14,7 @@
    along with this program; see the file COPYING. If not, write to the
    Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
    MA  02110-1301  USA.
-*/
+ */
 
 /* dsa.hpp provides Digitial Signautre Algorithm see FIPS 186-2
 */

=== modified file 'extra/yassl/taocrypt/include/error.hpp'
--- a/extra/yassl/taocrypt/include/error.hpp	2010-10-27 11:32:32 +0000
+++ b/extra/yassl/taocrypt/include/error.hpp	2012-05-17 12:10:48 +0000
@@ -14,7 +14,7 @@
    along with this program; see the file COPYING. If not, write to the
    Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
    MA  02110-1301  USA.
-*/
+ */
 
 /* error.hpp provides a taocrypt error numbers
  *

=== modified file 'extra/yassl/taocrypt/include/file.hpp'
--- a/extra/yassl/taocrypt/include/file.hpp	2012-03-21 06:42:54 +0000
+++ b/extra/yassl/taocrypt/include/file.hpp	2012-05-17 12:10:48 +0000
@@ -14,7 +14,7 @@
    along with this program; see the file COPYING. If not, write to the
    Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
    MA  02110-1301  USA.
-*/
+ */
 
 /* file.hpp provies File Sources and Sinks
 */

=== modified file 'extra/yassl/taocrypt/include/hash.hpp'
--- a/extra/yassl/taocrypt/include/hash.hpp	2012-03-21 15:59:46 +0000
+++ b/extra/yassl/taocrypt/include/hash.hpp	2012-05-17 12:10:48 +0000
@@ -14,7 +14,7 @@
    along with this program; see the file COPYING. If not, write to the
    Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
    MA  02110-1301  USA.
-*/
+ */
 
 /* hash.hpp provides a base for digest types
 */
@@ -63,8 +63,8 @@ protected:
     word32          buffLen_;   // in bytes
     HashLengthType  loLen_;     // length in bytes
     HashLengthType  hiLen_;     // length in bytes
-    word32  digest_[MaxDigestSz];
-    word32  buffer_[MaxBufferSz / sizeof(word32)];
+    word32          digest_[MaxDigestSz];
+    word32          buffer_[MaxBufferSz / sizeof(word32)];
 
     virtual void Transform() = 0;
 

=== added file 'extra/yassl/taocrypt/include/hc128.hpp'
--- a/extra/yassl/taocrypt/include/hc128.hpp	1970-01-01 00:00:00 +0000
+++ b/extra/yassl/taocrypt/include/hc128.hpp	2012-05-17 12:10:48 +0000
@@ -0,0 +1,63 @@
+/*
+   Copyright (c) 2005, 2011, Oracle and/or its affiliates. All rights reserved.
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; version 2 of the License.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; see the file COPYING. If not, write to the
+   Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
+   MA  02110-1301  USA.
+*/
+
+/* hc128.hpp defines HC128
+*/
+
+
+#ifndef TAO_CRYPT_HC128_HPP
+#define TAO_CRYPT_HC128_HPP
+
+#include "misc.hpp"
+
+namespace TaoCrypt {
+
+
+// HC128 encryption and decryption
+class HC128 {
+public:
+
+    typedef HC128 Encryption;
+    typedef HC128 Decryption;
+
+
+    HC128() {}
+
+    void Process(byte*, const byte*, word32);
+    void SetKey(const byte*, const byte*);
+private:
+    word32 T_[1024];             /* P[i] = T[i];  Q[i] = T[1024 + i ]; */
+    word32 X_[16];
+    word32 Y_[16];
+    word32 counter1024_;         /* counter1024 = i mod 1024 at the ith step */
+    word32 key_[8];
+    word32 iv_[8];
+
+    void SetIV(const byte*);
+    void GenerateKeystream(word32*);
+    void SetupUpdate();
+
+    HC128(const HC128&);                  // hide copy
+    const HC128 operator=(const HC128&);  // and assign
+};
+
+} // namespace
+
+
+#endif // TAO_CRYPT_HC128_HPP
+

=== modified file 'extra/yassl/taocrypt/include/hmac.hpp'
--- a/extra/yassl/taocrypt/include/hmac.hpp	2010-10-27 11:32:32 +0000
+++ b/extra/yassl/taocrypt/include/hmac.hpp	2012-05-17 12:10:48 +0000
@@ -14,7 +14,7 @@
    along with this program; see the file COPYING. If not, write to the
    Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
    MA  02110-1301  USA.
-*/
+ */
 
 /* hamc.hpp implements HMAC, see RFC 2104
 */

=== modified file 'extra/yassl/taocrypt/include/integer.hpp'
--- a/extra/yassl/taocrypt/include/integer.hpp	2012-03-21 15:59:46 +0000
+++ b/extra/yassl/taocrypt/include/integer.hpp	2012-05-17 12:10:48 +0000
@@ -14,7 +14,7 @@
    along with this program; see the file COPYING. If not, write to the
    Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
    MA  02110-1301  USA.
-*/
+ */
 
 /* based on Wei Dai's integer.h from CryptoPP */
 
@@ -110,13 +110,6 @@ namespace TaoCrypt {
 #endif
 
 
-// general MIN
-template<typename T> inline
-const T& min(const T& a, const T& b)
-{
-    return a < b ? a : b;
-}
-
 
 // general MAX
 template<typename T> inline

=== modified file 'extra/yassl/taocrypt/include/kernelc.hpp'
--- a/extra/yassl/taocrypt/include/kernelc.hpp	2012-03-21 15:59:46 +0000
+++ b/extra/yassl/taocrypt/include/kernelc.hpp	2012-05-17 12:10:48 +0000
@@ -14,7 +14,7 @@
    along with this program; see the file COPYING. If not, write to the
    Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
    MA  02110-1301  USA.
-*/
+ */
 
 /* kernelc.hpp provides support for C std lib when compiled in kernel mode
 */
@@ -30,17 +30,5 @@ extern "C" void* memcpy(void*, const voi
 extern "C" void* memset(void*, int, size_t);
 extern "C" void  printk(char *fmt, ...);
 
-#define KERN_ERR "<3>"   /* error conditions */
-
-#if defined(NDEBUG)
-    #define assert(p)  	((void)0)
-#else
-    #define assert(expr)   \
-    if (!(expr))         { \
-         printk(KERN_ERR "Assertion failed! %s,%s,%s,line=%d\n", \
-         #expr,__FILE__,__FUNCTION__,__LINE__); }
-#endif
-
-
 
 #endif // TAOCRYPT_KERNELC_HPP

=== modified file 'extra/yassl/taocrypt/include/md2.hpp'
--- a/extra/yassl/taocrypt/include/md2.hpp	2010-10-27 11:32:32 +0000
+++ b/extra/yassl/taocrypt/include/md2.hpp	2012-05-17 12:10:48 +0000
@@ -14,7 +14,7 @@
    along with this program; see the file COPYING. If not, write to the
    Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
    MA  02110-1301  USA.
-*/
+ */
 
 /* md2.hpp provides MD2 digest support, see RFC 1319
 */

=== modified file 'extra/yassl/taocrypt/include/md4.hpp'
--- a/extra/yassl/taocrypt/include/md4.hpp	2010-10-27 11:32:32 +0000
+++ b/extra/yassl/taocrypt/include/md4.hpp	2012-05-17 12:10:48 +0000
@@ -14,7 +14,7 @@
    along with this program; see the file COPYING. If not, write to the
    Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
    MA  02110-1301  USA.
-*/
+ */
 
 /* md4.hpp provides MD4 digest support
  * WANRING: MD4 is considered insecure, only use if you have to, e.g., yaSSL

=== modified file 'extra/yassl/taocrypt/include/md5.hpp'
--- a/extra/yassl/taocrypt/include/md5.hpp	2010-10-27 11:32:32 +0000
+++ b/extra/yassl/taocrypt/include/md5.hpp	2012-05-17 12:10:48 +0000
@@ -14,7 +14,7 @@
    along with this program; see the file COPYING. If not, write to the
    Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
    MA  02110-1301  USA.
-*/
+ */
 
 /* md5.hpp provides MD5 digest support, see RFC 1321
 */

=== modified file 'extra/yassl/taocrypt/include/misc.hpp'
--- a/extra/yassl/taocrypt/include/misc.hpp	2012-03-21 15:59:46 +0000
+++ b/extra/yassl/taocrypt/include/misc.hpp	2012-05-17 12:10:48 +0000
@@ -14,7 +14,7 @@
    along with this program; see the file COPYING. If not, write to the
    Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
    MA  02110-1301  USA.
-*/
+ */
 
 /* based on Wei Dai's misc.h from CryptoPP */
 
@@ -24,7 +24,6 @@
 
 #if !defined(DO_TAOCRYPT_KERNEL_MODE)
     #include <stdlib.h>
-    #include <assert.h>
     #include <string.h>
 #else
     #include "kernelc.hpp"
@@ -62,30 +61,30 @@ void CleanUp();
     template<typename T>
     void tcDelete(T* ptr)
     {
-    if (ptr) ptr->~T();
-    ::operator delete(ptr, TaoCrypt::tc);
+        if (ptr) ptr->~T();
+        ::operator delete(ptr, TaoCrypt::tc);
     }
 
     template<typename T>
     void tcArrayDelete(T* ptr)
     {
-    // can't do array placement destruction since not tracking size in
-    // allocation, only allow builtins to use array placement since they
-    // don't need destructors called
-    typedef char builtin[IsFundamentalType<T>::Yes ? 1 : -1];
-    (void)sizeof(builtin);
+        // can't do array placement destruction since not tracking size in
+        // allocation, only allow builtins to use array placement since they
+        // don't need destructors called
+        typedef char builtin[IsFundamentalType<T>::Yes ? 1 : -1];
+        (void)sizeof(builtin);
 
-    ::operator delete[](ptr, TaoCrypt::tc);
+        ::operator delete[](ptr, TaoCrypt::tc);
     }
 
     #define NEW_TC new (TaoCrypt::tc)
 
 
     // to resolve compiler generated operator delete on base classes with
-    // virtual destructors (when on stack), make sure doesn't get called
+    // virtual destructors (when on stack)
     class virtual_base {
     public:
-    static void operator delete(void*) { assert(0); }
+        static void operator delete(void*) { }
     };
 
 #else // YASSL_PURE_C
@@ -366,7 +365,6 @@ inline bool IsPowerOf2(T n)
 template <class T1, class T2>
 inline T2 ModPowerOf2(T1 a, T2 b)
 {
-    assert(IsPowerOf2(b));
     return T2(a) & (b-1);
 }
 
@@ -409,14 +407,12 @@ inline bool IsAligned(const void* p, T* 
 
 template <class T> inline T rotlFixed(T x, unsigned int y)
 {
-    assert(y < sizeof(T)*8);
-        return (x<<y) | (x>>(sizeof(T)*8-y));
+    return (x<<y) | (x>>(sizeof(T)*8-y));
 }
 
 template <class T> inline T rotrFixed(T x, unsigned int y)
 {
-    assert(y < sizeof(T)*8);
-        return (x>>y) | (x<<(sizeof(T)*8-y));
+    return (x>>y) | (x<<(sizeof(T)*8-y));
 }
 
 #ifdef INTEL_INTRINSICS
@@ -425,13 +421,11 @@ template <class T> inline T rotrFixed(T 
 
 template<> inline word32 rotlFixed(word32 x, word32 y)
 {
-    assert(y < 32);
     return y ? _lrotl(x, y) : x;
 }
 
 template<> inline word32 rotrFixed(word32 x, word32 y)
 {
-    assert(y < 32);
     return y ? _lrotr(x, y) : x;
 }
 
@@ -441,7 +435,9 @@ template<> inline word32 rotrFixed(word3
 #undef min
 #endif 
 
-inline word32 min(word32 a, word32 b)
+
+template <class T>
+inline const T& min(const T& a, const T& b)
 {
     return a < b ? a : b;
 }
@@ -486,7 +482,6 @@ inline word64 ByteReverse(word64 value)
 template <typename T>
 inline void ByteReverse(T* out, const T* in, word32 byteCount)
 {
-    assert(byteCount % sizeof(T) == 0);
     word32 count = byteCount/sizeof(T);
     for (word32 i=0; i<count; i++)
         out[i] = ByteReverse(in[i]);
@@ -574,7 +569,6 @@ inline void GetUserKey(ByteOrder order, 
                        word32 inlen)
 {
     const unsigned int U = sizeof(T);
-    assert(inlen <= outlen*U);
     memcpy(out, in, inlen);
     memset((byte *)out+inlen, 0, outlen*U-inlen);
     ByteReverseIf(out, out, RoundUpToMultipleOf(inlen, U), order);
@@ -583,7 +577,8 @@ inline void GetUserKey(ByteOrder order, 
 
 #ifdef _MSC_VER
     // disable conversion warning
-    #pragma warning(disable:4244)
+    // 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy
+    #pragma warning(disable:4244 4996)
 #endif
 
 
@@ -678,10 +673,7 @@ template <class T>
 inline T GetWord(bool assumeAligned, ByteOrder order, const byte *block)
 {
     if (assumeAligned)
-    {
-        assert(IsAligned<T>(block));
         return ByteReverseIf(*reinterpret_cast<const T *>(block), order);
-    }
     else
         return UnalignedGetWord<T>(order, block);
 }
@@ -699,7 +691,6 @@ inline void PutWord(bool assumeAligned, 
 {
     if (assumeAligned)
     {
-        assert(IsAligned<T>(block));
         if (xorBlock)
             *reinterpret_cast<T *>(block) = ByteReverseIf(value, order) 
                 ^ *reinterpret_cast<const T *>(xorBlock);
@@ -812,7 +803,6 @@ inline T SafeLeftShift(T value)
 inline
 word ShiftWordsLeftByBits(word* r, unsigned int n, unsigned int shiftBits)
 {
-    assert (shiftBits<WORD_BITS);
     word u, carry=0;
     if (shiftBits)
         for (unsigned int i=0; i<n; i++)
@@ -828,7 +818,6 @@ word ShiftWordsLeftByBits(word* r, unsig
 inline
 word ShiftWordsRightByBits(word* r, unsigned int n, unsigned int shiftBits)
 {
-    assert (shiftBits<WORD_BITS);
     word u, carry=0;
     if (shiftBits)
         for (int i=n-1; i>=0; i--)

=== modified file 'extra/yassl/taocrypt/include/modarith.hpp'
--- a/extra/yassl/taocrypt/include/modarith.hpp	2010-10-27 11:32:32 +0000
+++ b/extra/yassl/taocrypt/include/modarith.hpp	2012-05-17 12:10:48 +0000
@@ -14,7 +14,7 @@
    along with this program; see the file COPYING. If not, write to the
    Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
    MA  02110-1301  USA.
-*/
+ */
 
 
 /* based on Wei Dai's modarith.h from CryptoPP */

=== modified file 'extra/yassl/taocrypt/include/modes.hpp'
--- a/extra/yassl/taocrypt/include/modes.hpp	2012-03-21 15:59:46 +0000
+++ b/extra/yassl/taocrypt/include/modes.hpp	2012-05-17 12:10:48 +0000
@@ -15,7 +15,7 @@
    along with this program; see the file COPYING. If not, write to the
    Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
    MA  02110-1301  USA.
-*/
+ */
 
 /* modes.hpp provides ECB and CBC modes for block cipher encryption/decryption
 */
@@ -61,9 +61,7 @@ public:
     explicit Mode_BASE(int sz, CipherDir dir, Mode mode) 
         : blockSz_(sz), reg_(reinterpret_cast<byte*>(r_)),
           tmp_(reinterpret_cast<byte*>(t_)), dir_(dir), mode_(mode)
-    { 
-        assert(sz <= MaxBlockSz);
-    }
+    {}
     virtual ~Mode_BASE() {}
 
     virtual void Process(byte*, const byte*, word32);
@@ -96,8 +94,7 @@ inline void Mode_BASE::Process(byte* out
 {
     if (mode_ == ECB)
         ECB_Process(out, in, sz);
-    else if (mode_ == CBC)
-    {
+    else if (mode_ == CBC) {
         if (dir_ == ENCRYPTION)
             CBC_Encrypt(out, in, sz);
         else

=== modified file 'extra/yassl/taocrypt/include/pwdbased.hpp'
--- a/extra/yassl/taocrypt/include/pwdbased.hpp	2012-03-21 15:59:46 +0000
+++ b/extra/yassl/taocrypt/include/pwdbased.hpp	2012-05-17 12:10:48 +0000
@@ -14,7 +14,7 @@
    along with this program; see the file COPYING. If not, write to the
    Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
    MA  02110-1301  USA.
-*/
+ */
 
 /* pwdbased.hpp defines PBKDF2 from PKCS #5
 */
@@ -48,8 +48,11 @@ word32 PBKDF2_HMAC<T>::DeriveKey(byte* d
                                  word32 pLen, const byte* salt, word32 sLen,
                                  word32 iterations) const
 {
-	assert(dLen <= MaxDerivedKeyLength());
-	assert(iterations > 0);
+	if (dLen > MaxDerivedKeyLength())
+        return 0;
+
+    if (iterations < 0)
+        return 0;
 
     ByteBlock buffer(T::DIGEST_SIZE);
 	HMAC<T>   hmac;

=== added file 'extra/yassl/taocrypt/include/rabbit.hpp'
--- a/extra/yassl/taocrypt/include/rabbit.hpp	1970-01-01 00:00:00 +0000
+++ b/extra/yassl/taocrypt/include/rabbit.hpp	2012-05-17 12:10:48 +0000
@@ -0,0 +1,65 @@
+/*
+   Copyright (c) 2005, 2011, Oracle and/or its affiliates. All rights reserved.
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; version 2 of the License.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; see the file COPYING. If not, write to the
+   Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
+   MA  02110-1301  USA.
+*/
+
+/* rabbit.hpp defines Rabbit
+*/
+
+
+#ifndef TAO_CRYPT_RABBIT_HPP
+#define TAO_CRYPT_RABBIT_HPP
+
+#include "misc.hpp"
+
+namespace TaoCrypt {
+
+
+// Rabbit encryption and decryption
+class Rabbit {
+public:
+
+    typedef Rabbit Encryption;
+    typedef Rabbit Decryption;
+
+    enum RabbitCtx { Master = 0, Work = 1 };
+
+    Rabbit() {}
+
+    void Process(byte*, const byte*, word32);
+    void SetKey(const byte*, const byte*);
+private:
+    struct Ctx {
+        word32 x[8];
+        word32 c[8];
+        word32 carry;
+    };
+
+    Ctx masterCtx_;
+    Ctx workCtx_;
+
+    void NextState(RabbitCtx);
+    void SetIV(const byte*);
+
+    Rabbit(const Rabbit&);                  // hide copy
+    const Rabbit operator=(const Rabbit&);  // and assign
+};
+
+} // namespace
+
+
+#endif // TAO_CRYPT_RABBIT_HPP
+

=== modified file 'extra/yassl/taocrypt/include/random.hpp'
--- a/extra/yassl/taocrypt/include/random.hpp	2010-10-27 11:32:32 +0000
+++ b/extra/yassl/taocrypt/include/random.hpp	2012-05-17 12:10:48 +0000
@@ -14,7 +14,7 @@
    along with this program; see the file COPYING. If not, write to the
    Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
    MA  02110-1301  USA.
-*/
+ */
 
 /* random.hpp provides a crypto secure Random Number Generator using an OS
    specific seed

=== modified file 'extra/yassl/taocrypt/include/ripemd.hpp'
--- a/extra/yassl/taocrypt/include/ripemd.hpp	2010-10-27 11:32:32 +0000
+++ b/extra/yassl/taocrypt/include/ripemd.hpp	2012-05-17 12:10:48 +0000
@@ -14,7 +14,7 @@
    along with this program; see the file COPYING. If not, write to the
    Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
    MA  02110-1301  USA.
-*/
+ */
 
 /* ripemd.hpp provides RIPEMD digest support
 */

=== modified file 'extra/yassl/taocrypt/include/rsa.hpp'
--- a/extra/yassl/taocrypt/include/rsa.hpp	2012-03-21 15:59:46 +0000
+++ b/extra/yassl/taocrypt/include/rsa.hpp	2012-05-17 12:10:48 +0000
@@ -14,7 +14,7 @@
    along with this program; see the file COPYING. If not, write to the
    Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
    MA  02110-1301  USA.
-*/
+ */
 
 /* rsa.hpp provides RSA ES encrypt/decrypt, SSL (block type 1) sign and verify
 */
@@ -178,7 +178,8 @@ void RSA_Encryptor<Pad>::Encrypt(const b
                                  RandomNumberGenerator& rng)
 {
     PK_Lengths lengths(key_.GetModulus());
-    assert(sz <= lengths.FixedMaxPlaintextLength());
+    if (sz > lengths.FixedMaxPlaintextLength())
+        return;
 
     ByteBlock paddedBlock(lengths.PaddedBlockByteLength());
     padding_.Pad(plain, sz, paddedBlock.get_buffer(),
@@ -195,7 +196,6 @@ word32 RSA_Decryptor<Pad>::Decrypt(const
                                    RandomNumberGenerator& rng)
 {
     PK_Lengths lengths(key_.GetModulus());
-    assert(sz == lengths.FixedCiphertextLength());
 
     if (sz != lengths.FixedCiphertextLength())
         return 0;

=== modified file 'extra/yassl/taocrypt/include/runtime.hpp'
--- a/extra/yassl/taocrypt/include/runtime.hpp	2012-03-21 15:59:46 +0000
+++ b/extra/yassl/taocrypt/include/runtime.hpp	2012-05-17 12:10:48 +0000
@@ -14,7 +14,7 @@
    along with this program; see the file COPYING. If not, write to the
    Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
    MA  02110-1301  USA.
-*/
+ */
 
 /* runtime.hpp provides C++ runtime support functions when building a pure C
  * version of yaSSL, user must define YASSL_PURE_C
@@ -31,7 +31,6 @@
 
 #ifdef __sun
  
-#include <assert.h>
 
 // Handler for pure virtual functions
 namespace __Crun {
@@ -46,9 +45,7 @@ namespace __Crun {
 #if __GNUC__ > 2
 
 extern "C" {
-#if !defined(DO_TAOCRYPT_KERNEL_MODE)
-    #include <assert.h>
-#else
+#if defined(DO_TAOCRYPT_KERNEL_MODE)
     #include "kernelc.hpp"
 #endif
     int __cxa_pure_virtual () __attribute__ ((weak));

=== modified file 'extra/yassl/taocrypt/include/sha.hpp'
--- a/extra/yassl/taocrypt/include/sha.hpp	2010-10-27 11:32:32 +0000
+++ b/extra/yassl/taocrypt/include/sha.hpp	2012-05-17 12:10:48 +0000
@@ -14,7 +14,7 @@
    along with this program; see the file COPYING. If not, write to the
    Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
    MA  02110-1301  USA.
-*/
+ */
 
 /* sha.hpp provides SHA-1 digests, see RFC 3174
 */

=== modified file 'extra/yassl/taocrypt/include/twofish.hpp'
--- a/extra/yassl/taocrypt/include/twofish.hpp	2010-10-27 11:32:32 +0000
+++ b/extra/yassl/taocrypt/include/twofish.hpp	2012-05-17 12:10:48 +0000
@@ -14,7 +14,7 @@
    along with this program; see the file COPYING. If not, write to the
    Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
    MA  02110-1301  USA.
-*/
+ */
 
 /* twofish.hpp defines Twofish
 */

=== modified file 'extra/yassl/taocrypt/include/type_traits.hpp'
--- a/extra/yassl/taocrypt/include/type_traits.hpp	2010-10-27 11:32:32 +0000
+++ b/extra/yassl/taocrypt/include/type_traits.hpp	2012-05-17 12:10:48 +0000
@@ -14,7 +14,7 @@
    along with this program; see the file COPYING. If not, write to the
    Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
    MA  02110-1301  USA.
-*/
+ */
 
 /* type_traits defines fundamental types
  * see discussion in C++ Templates, $19.1

=== modified file 'extra/yassl/taocrypt/include/types.hpp'
--- a/extra/yassl/taocrypt/include/types.hpp	2012-03-21 15:59:46 +0000
+++ b/extra/yassl/taocrypt/include/types.hpp	2012-05-17 12:10:48 +0000
@@ -14,7 +14,7 @@
    along with this program; see the file COPYING. If not, write to the
    Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
    MA  02110-1301  USA.
-*/
+ */
 
 /* based on Wei Dai's misc.h from CryptoPP, basic crypt types */
 
@@ -62,7 +62,7 @@ typedef unsigned int   word32;
 // compilers we've found 64-bit multiply insructions for
 #if defined(__GNUC__) || defined(_MSC_VER) || defined(__DECCXX)
     #if !(defined(__ICC) || defined(__INTEL_COMPILER))
-    #define HAVE_64_MULTIPLY
+        #define HAVE_64_MULTIPLY
     #endif
 #endif
 

=== modified file 'extra/yassl/taocrypt/mySTL/algorithm.hpp'
--- a/extra/yassl/taocrypt/mySTL/algorithm.hpp	2010-10-27 11:32:32 +0000
+++ b/extra/yassl/taocrypt/mySTL/algorithm.hpp	2012-05-17 12:10:48 +0000
@@ -14,7 +14,7 @@
    along with this program; see the file COPYING. If not, write to the
    Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
    MA  02110-1301  USA.
-*/
+ */
 
 
 /* mySTL algorithm implements max, min, for_each, swap, find_if, copy,

=== modified file 'extra/yassl/taocrypt/mySTL/helpers.hpp'
--- a/extra/yassl/taocrypt/mySTL/helpers.hpp	2010-10-27 11:32:32 +0000
+++ b/extra/yassl/taocrypt/mySTL/helpers.hpp	2012-05-17 12:10:48 +0000
@@ -14,7 +14,7 @@
    along with this program; see the file COPYING. If not, write to the
    Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
    MA  02110-1301  USA.
-*/
+ */
 
 
 /* mySTL helpers implements misc constructs for vector and list

=== modified file 'extra/yassl/taocrypt/mySTL/list.hpp'
--- a/extra/yassl/taocrypt/mySTL/list.hpp	2010-10-27 11:32:32 +0000
+++ b/extra/yassl/taocrypt/mySTL/list.hpp	2012-05-17 12:10:48 +0000
@@ -14,7 +14,7 @@
    along with this program; see the file COPYING. If not, write to the
    Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
    MA  02110-1301  USA.
-*/
+ */
 
 
 /* mySTL list implements a simple list

=== modified file 'extra/yassl/taocrypt/mySTL/memory.hpp'
--- a/extra/yassl/taocrypt/mySTL/memory.hpp	2010-10-27 11:32:32 +0000
+++ b/extra/yassl/taocrypt/mySTL/memory.hpp	2012-05-17 12:10:48 +0000
@@ -14,7 +14,7 @@
    along with this program; see the file COPYING. If not, write to the
    Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
    MA  02110-1301  USA.
-*/
+ */
 
 
 /* mySTL memory implements auto_ptr

=== modified file 'extra/yassl/taocrypt/mySTL/memory_array.hpp'
--- a/extra/yassl/taocrypt/mySTL/memory_array.hpp	2010-10-27 11:32:32 +0000
+++ b/extra/yassl/taocrypt/mySTL/memory_array.hpp	2012-05-17 12:10:48 +0000
@@ -14,7 +14,7 @@
    along with this program; see the file COPYING. If not, write to the
    Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
    MA  02110-1301  USA.
-*/
+ */
 
 
 /* mySTL memory_arry implements auto_array

=== modified file 'extra/yassl/taocrypt/mySTL/pair.hpp'
--- a/extra/yassl/taocrypt/mySTL/pair.hpp	2010-10-27 11:32:32 +0000
+++ b/extra/yassl/taocrypt/mySTL/pair.hpp	2012-05-17 12:10:48 +0000
@@ -14,7 +14,7 @@
    along with this program; see the file COPYING. If not, write to the
    Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
    MA  02110-1301  USA.
-*/
+ */
 
 
 /* mySTL pair implements pair

=== modified file 'extra/yassl/taocrypt/mySTL/stdexcept.hpp'
--- a/extra/yassl/taocrypt/mySTL/stdexcept.hpp	2012-03-21 15:59:46 +0000
+++ b/extra/yassl/taocrypt/mySTL/stdexcept.hpp	2012-05-17 12:10:48 +0000
@@ -14,7 +14,7 @@
    along with this program; see the file COPYING. If not, write to the
    Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
    MA  02110-1301  USA.
-*/
+ */
 
 
 /* mySTL memory implements exception, runtime_error
@@ -26,7 +26,6 @@
 
 
 #include <string.h>  // strncpy
-#include <assert.h>  // assert
 #include <stdlib.h>  // size_t
 
 
@@ -41,7 +40,7 @@ public:
     virtual const char* what() const { return ""; }
 
     // for compiler generated call, never used
-    static void operator delete(void*) { assert(0); }
+    static void operator delete(void*) { }
 private:
     // don't allow dynamic creation of exceptions
     static void* operator new(size_t);

=== modified file 'extra/yassl/taocrypt/mySTL/vector.hpp'
--- a/extra/yassl/taocrypt/mySTL/vector.hpp	2012-03-21 15:59:46 +0000
+++ b/extra/yassl/taocrypt/mySTL/vector.hpp	2012-05-17 12:10:48 +0000
@@ -14,7 +14,7 @@
    along with this program; see the file COPYING. If not, write to the
    Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
    MA  02110-1301  USA.
-*/
+ */
 
 
 /* mySTL vector implements simple vector, w/ swap
@@ -26,7 +26,6 @@
 
 #include "helpers.hpp"    // construct, destory, fill, etc.
 #include "algorithm.hpp"  // swap
-#include <assert.h>       // assert
 
 
 namespace mySTL {
@@ -141,9 +140,9 @@ private:
     // for growing, n must be bigger than other size
     vector(size_t n, const vector& other) : vec_(n)
     {
-        assert(n > other.size());
-        vec_.finish_ = uninit_copy(other.vec_.start_, other.vec_.finish_,
-                                   vec_.start_);   
+        if (n > other.size())
+            vec_.finish_ = uninit_copy(other.vec_.start_, other.vec_.finish_,
+                                       vec_.start_);
     }
 };
 

=== modified file 'extra/yassl/taocrypt/src/aes.cpp'
--- a/extra/yassl/taocrypt/src/aes.cpp	2012-03-21 15:59:46 +0000
+++ b/extra/yassl/taocrypt/src/aes.cpp	2012-05-17 12:10:48 +0000
@@ -14,7 +14,7 @@
    along with this program; see the file COPYING. If not, write to the
    Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
    MA  02110-1301  USA.
-*/
+ */
 
 /* C++ based on Wei Dai's aes.cpp from CryptoPP */
 /* x86 asm original */
@@ -78,7 +78,7 @@ void AES::Process(byte* out, const byte*
                 out += BLOCK_SIZE;
                 in  += BLOCK_SIZE;
             }
-    }
+}
 }
 
 #endif // DO_AES_ASM
@@ -86,8 +86,13 @@ void AES::Process(byte* out, const byte*
 
 void AES::SetKey(const byte* userKey, word32 keylen, CipherDir /*dummy*/)
 {
-    assert( (keylen == 16) || (keylen == 24) || (keylen == 32) );
-
+    if (keylen <= 16)
+        keylen = 16;
+    else if (keylen >= 32)
+        keylen = 32;
+    else if (keylen != 24)
+        keylen = 24;
+    
     rounds_ = keylen/4 + 6;
 
     word32 temp, *rk = key_;
@@ -245,34 +250,34 @@ void AES::encrypt(const byte* inBlock, c
     for (;;) {
         t0 =
             Te0[GETBYTE(s0, 3)] ^
-            Te1[GETBYTE(s1, 2)] ^
-            Te2[GETBYTE(s2, 1)] ^
-            Te3[GETBYTE(s3, 0)] ^
+            Te1[GETBYTE(s1, 2)]  ^
+            Te2[GETBYTE(s2, 1)]  ^
+            Te3[GETBYTE(s3, 0)]  ^
             rk[4];
         t1 =
             Te0[GETBYTE(s1, 3)] ^
-            Te1[GETBYTE(s2, 2)] ^
-            Te2[GETBYTE(s3, 1)] ^
-            Te3[GETBYTE(s0, 0)] ^
+            Te1[GETBYTE(s2, 2)]  ^
+            Te2[GETBYTE(s3, 1)]  ^
+            Te3[GETBYTE(s0, 0)]  ^
             rk[5];
         t2 =
             Te0[GETBYTE(s2, 3)] ^
-            Te1[GETBYTE(s3, 2)] ^
-            Te2[GETBYTE(s0, 1)] ^
-            Te3[GETBYTE(s1, 0)] ^
+            Te1[GETBYTE(s3, 2)]  ^
+            Te2[GETBYTE(s0, 1)]  ^
+            Te3[GETBYTE(s1, 0)]  ^
             rk[6];
         t3 =
             Te0[GETBYTE(s3, 3)] ^
-            Te1[GETBYTE(s0, 2)] ^
-            Te2[GETBYTE(s1, 1)] ^
-            Te3[GETBYTE(s2, 0)] ^
+            Te1[GETBYTE(s0, 2)]  ^
+            Te2[GETBYTE(s1, 1)]  ^
+            Te3[GETBYTE(s2, 0)]  ^
             rk[7];
 
         rk += 8;
         if (--r == 0) {
             break;
         }
-
+        
         s0 =
             Te0[GETBYTE(t0, 3)] ^
             Te1[GETBYTE(t1, 2)] ^
@@ -421,7 +426,7 @@ void AES::decrypt(const byte* inBlock, c
         (Td4[GETBYTE(t3, 2)] & 0x00ff0000) ^
         (Td4[GETBYTE(t2, 1)] & 0x0000ff00) ^
         (Td4[GETBYTE(t1, 0)] & 0x000000ff) ^
-    rk[0];
+        rk[0];
     s1 =
         (Td4[GETBYTE(t1, 3)] & 0xff000000) ^
         (Td4[GETBYTE(t0, 2)] & 0x00ff0000) ^

=== modified file 'extra/yassl/taocrypt/src/aestables.cpp'
--- a/extra/yassl/taocrypt/src/aestables.cpp	2012-03-21 15:59:46 +0000
+++ b/extra/yassl/taocrypt/src/aestables.cpp	2012-05-17 12:10:48 +0000
@@ -14,7 +14,7 @@
    along with this program; see the file COPYING. If not, write to the
    Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
    MA  02110-1301  USA.
-*/
+ */
 
 /* based on Wei Dai's aestables.cpp from CryptoPP */
 
@@ -33,6 +33,4 @@ const word32 AES::rcon_[] = {
 };
 
 
-
-
 } // namespace

=== modified file 'extra/yassl/taocrypt/src/algebra.cpp'
--- a/extra/yassl/taocrypt/src/algebra.cpp	2012-03-21 15:59:46 +0000
+++ b/extra/yassl/taocrypt/src/algebra.cpp	2012-05-17 12:10:48 +0000
@@ -244,7 +244,6 @@ void AbstractGroup::SimultaneousMultiply
 
     for (i=0; i<expCount; i++)
     {
-        assert(expBegin->NotNegative());
         exponents.push_back(WindowSlider(*expBegin++, InversionIsFast(), 0));
         exponents[i].FindNextWindow();
         buckets[i].resize(1<<(exponents[i].windowSize-1), Identity());
@@ -285,7 +284,7 @@ void AbstractGroup::SimultaneousMultiply
         r = buckets[i][buckets[i].size()-1];
         if (buckets[i].size() > 1)
         {
-            for (int j= (unsigned int) (buckets[i].size()) - 2; j >= 1; j--)
+            for (size_t j = buckets[i].size()-2; j >= 1; j--)
             {
                 Accumulate(buckets[i][j], buckets[i][j+1]);
                 Accumulate(r, buckets[i][j]);

=== modified file 'extra/yassl/taocrypt/src/arc4.cpp'
--- a/extra/yassl/taocrypt/src/arc4.cpp	2012-03-21 15:59:46 +0000
+++ b/extra/yassl/taocrypt/src/arc4.cpp	2012-05-17 12:10:48 +0000
@@ -14,7 +14,7 @@
    along with this program; see the file COPYING. If not, write to the
    Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
    MA  02110-1301  USA.
-*/
+ */
 
 /* based on Wei Dai's arc4.cpp from CryptoPP */
 
@@ -104,7 +104,7 @@ void ARC4::Process(byte* out, const byte
 #ifdef DO_ARC4_ASM
 
 #ifdef _MSC_VER
-    __declspec(naked) 
+    __declspec(naked)
 #else
     __attribute__ ((noinline))
 #endif

=== modified file 'extra/yassl/taocrypt/src/asn.cpp'
--- a/extra/yassl/taocrypt/src/asn.cpp	2012-05-15 10:33:25 +0000
+++ b/extra/yassl/taocrypt/src/asn.cpp	2012-05-17 12:10:48 +0000
@@ -14,7 +14,7 @@
    along with this program; see the file COPYING. If not, write to the
    Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
    MA  02110-1301  USA.
-*/
+ */
 
 /* asn.cpp implements ASN1 BER, PublicKey, and x509v3 decoding 
 */
@@ -51,13 +51,14 @@ void GetTime(int *value, const byte* dat
 }
 
 
-void ASN1_TIME_extract(const unsigned char* date, unsigned char format,
+bool ASN1_TIME_extract(const unsigned char* date, unsigned char format,
                        tm *t)
 {
   int i = 0;
   memset(t, 0, sizeof (tm));
 
-  assert(format == UTC_TIME || format == GENERALIZED_TIME);
+  if (format != UTC_TIME && format != GENERALIZED_TIME)
+    return false;
 
   if (format == UTC_TIME) {
     if (btoi(date[0]) >= 5)
@@ -77,7 +78,9 @@ void ASN1_TIME_extract(const unsigned ch
   GetTime(&t->tm_min,  date, i);
   GetTime(&t->tm_sec,  date, i);
 
-  assert(date[i] == 'Z');     // only Zulu supported for this profile
+  if (date[i] != 'Z')     // only Zulu supported for this profile
+    return false;
+  return true;
 }
 
 
@@ -119,11 +122,13 @@ bool operator<(tm& a, tm&b)
 bool ValidateDate(const byte* date, byte format, CertDecoder::DateType dt)
 {
     tm certTime;
+
+    if (!ASN1_TIME_extract(date, format, &certTime))
+        return false;
+
     time_t ltime = time(0);
     tm* localTime = gmtime(&ltime);
 
-    ASN1_TIME_extract(date, format, &certTime);
-
     if (dt == CertDecoder::BEFORE) {
         if (*localTime < certTime)
             return false;
@@ -222,9 +227,9 @@ void PublicKey::AddToEnd(const byte* dat
 Signer::Signer(const byte* k, word32 kSz, const char* n, const byte* h)
     : key_(k, kSz)
 {
-        size_t sz = strlen(n);
-        memcpy(name_, n, sz);
-        name_[sz] = 0;
+    size_t sz = strlen(n);
+    memcpy(name_, n, sz);
+    name_[sz] = 0;
 
     memcpy(hash_, h, SHA::DIGEST_SIZE);
 }
@@ -372,12 +377,59 @@ void RSA_Public_Decoder::Decode(RSA_Publ
     ReadHeader();
     if (source_.GetError().What()) return;
 
+    ReadHeaderOpenSSL();   // may or may not be
+    if (source_.GetError().What()) return;
+
     // public key
     key.SetModulus(GetInteger(Integer().Ref()));
     key.SetPublicExponent(GetInteger(Integer().Ref()));
 }
 
 
+// Read OpenSSL format public header
+void RSA_Public_Decoder::ReadHeaderOpenSSL()
+{
+    byte b = source_.next();  // peek
+    source_.prev();
+
+    if (b != INTEGER) { // have OpenSSL public format
+        GetSequence();
+        b = source_.next();
+        if (b != OBJECT_IDENTIFIER) {
+            source_.SetError(OBJECT_ID_E);
+            return;
+        }
+
+        word32 len = GetLength(source_);
+        source_.advance(len);
+
+        b = source_.next();
+        if (b == TAG_NULL) {   // could have NULL tag and 0 terminator, may not 
+            b = source_.next();
+            if (b != 0) {
+                source_.SetError(EXPECT_0_E);
+                return; 
+            }
+        }
+        else
+            source_.prev();   // put back
+
+        b = source_.next();
+        if (b != BIT_STRING) {   
+            source_.SetError(BIT_STR_E);
+            return; 
+        }
+
+        len = GetLength(source_); 
+        b = source_.next();
+        if (b != 0)           // could have 0
+            source_.prev();   // put back
+        
+        GetSequence();
+    }
+}
+
+
 void RSA_Public_Decoder::ReadHeader()
 {
     GetSequence();
@@ -428,12 +480,12 @@ CertDecoder::CertDecoder(Source& s, bool
                          bool noVerify, CertType ct)
     : BER_Decoder(s), certBegin_(0), sigIndex_(0), sigLength_(0),
       signature_(0), verify_(!noVerify)
-{ 
+{
     issuer_[0] = 0;
     subject_[0] = 0;
 
     if (decode)
-        Decode(signers, ct); 
+        Decode(signers, ct);
 
 }
 
@@ -478,9 +530,9 @@ void CertDecoder::Decode(SignerList* sig
         source_.SetError(SIG_OID_E);
         return;
     }
-
+    
     if (ct != CA && verify_ && !ValidateSignature(signers))
-            source_.SetError(SIG_OTHER_E);
+        source_.SetError(SIG_OTHER_E);
 }
 
 
@@ -593,21 +645,19 @@ word32 CertDecoder::GetAlgoId()
     while(length--)
         oid += source_.next();        // just sum it up for now
 
-    if (oid != SHAwDSA && oid != DSAk) {
-        b = source_.next();               // should have NULL tag and 0
-
-        if (b != TAG_NULL) {
-            source_.SetError(TAG_NULL_E);
-            return 0;
-        }
-
+    // could have NULL tag and 0 terminator, but may not
+    b = source_.next();
+    if (b == TAG_NULL) {
         b = source_.next();
         if (b != 0) {
             source_.SetError(EXPECT_0_E);
             return 0;
         }
     }
- 
+    else
+        // go back, didn't have it
+        b = source_.prev();
+
     return oid;
 }
 
@@ -661,20 +711,22 @@ word32 CertDecoder::GetDigest()
 }
 
 
-char *CertDecoder::AddTag(char *ptr, const char *buf_end, 
-                          const char *tag_name, word32 tag_name_length,
-                          word32 tag_value_length)
+// memory length checked add tag to buffer
+char* CertDecoder::AddTag(char* ptr, const char* buf_end, const char* tag_name,
+                          word32 tag_name_length, word32 tag_value_length)
 {
-  if (ptr + tag_name_length + tag_value_length > buf_end)
-      return 0;
-    
-  memcpy(ptr, tag_name, tag_name_length);
-  ptr+= tag_name_length;
-  
-  memcpy(ptr, source_.get_current(), tag_value_length);
-  ptr+= tag_value_length;
-  
-  return ptr;
+    if (ptr + tag_name_length + tag_value_length > buf_end) {
+        source_.SetError(CONTENT_E);
+        return 0;
+    }
+
+    memcpy(ptr, tag_name, tag_name_length);
+    ptr += tag_name_length;
+
+    memcpy(ptr, source_.get_current(), tag_value_length);
+    ptr += tag_value_length;
+
+    return ptr;
 }
 
 
@@ -687,18 +739,19 @@ void CertDecoder::GetName(NameType nt)
     word32 length = GetSequence();  // length of all distinguished names
 
     if (length >= ASN_NAME_MAX)
-        goto err;
+        return;
     length += source_.get_index();
-
-    char *ptr, *buf_end;
+    
+    char* ptr;
+    char* buf_end;
 
     if (nt == ISSUER) {
-        ptr= issuer_;
-        buf_end= ptr + sizeof(issuer_) - 1;  // 1 byte for trailing 0
+        ptr = issuer_;
+        buf_end = ptr + sizeof(issuer_) - 1;   // 1 byte for trailing 0
     }
     else {
-        ptr= subject_;
-        buf_end= ptr + sizeof(subject_) - 1;  // 1 byte for trailing 0
+        ptr = subject_;
+        buf_end = ptr + sizeof(subject_) - 1;  // 1 byte for trailing 0
     }
 
     while (source_.get_index() < length) {
@@ -728,39 +781,39 @@ void CertDecoder::GetName(NameType nt)
 
             switch (id) {
             case COMMON_NAME:
-                if (!(ptr= AddTag(ptr, buf_end, "/CN=", 4, strLen)))
-                  goto err;
+                if (!(ptr = AddTag(ptr, buf_end, "/CN=", 4, strLen)))
+                    return;
                 break;
             case SUR_NAME:
-                if (!(ptr= AddTag(ptr, buf_end, "/SN=", 4, strLen)))
-                  goto err;
+                if (!(ptr = AddTag(ptr, buf_end, "/SN=", 4, strLen)))
+                    return;
                 break;
             case COUNTRY_NAME:
-                if (!(ptr= AddTag(ptr, buf_end, "/C=", 3, strLen)))
-                  goto err;
+                if (!(ptr = AddTag(ptr, buf_end, "/C=", 3, strLen)))
+                    return;
                 break;
             case LOCALITY_NAME:
-                if (!(ptr= AddTag(ptr, buf_end, "/L=", 3, strLen)))
-                  goto err;
+                if (!(ptr = AddTag(ptr, buf_end, "/L=", 3, strLen)))
+                    return;
                 break;
             case STATE_NAME:
-                if (!(ptr= AddTag(ptr, buf_end, "/ST=", 4, strLen)))
-                  goto err;
+                if (!(ptr = AddTag(ptr, buf_end, "/ST=", 4, strLen)))
+                    return;
                 break;
             case ORG_NAME:
-                if (!(ptr= AddTag(ptr, buf_end, "/O=", 3, strLen)))
-                  goto err;
+                if (!(ptr = AddTag(ptr, buf_end, "/O=", 3, strLen)))
+                    return;
                 break;
             case ORGUNIT_NAME:
-                if (!(ptr= AddTag(ptr, buf_end, "/OU=", 4, strLen)))
-                  goto err;
+                if (!(ptr = AddTag(ptr, buf_end, "/OU=", 4, strLen)))
+                    return;
                 break;
             }
 
             sha.Update(source_.get_current(), strLen);
             source_.advance(strLen);
         }
-        else {
+        else { 
             bool email = false;
             if (joint[0] == 0x2a && joint[1] == 0x86)  // email id hdr
                 email = true;
@@ -768,20 +821,21 @@ void CertDecoder::GetName(NameType nt)
             source_.advance(oidSz + 1);
             word32 length = GetLength(source_);
 
-            if (email && !(ptr= AddTag(ptr, buf_end, "/emailAddress=", 14, length)))
-                goto err;
+            if (email) {
+                if (!(ptr = AddTag(ptr, buf_end, "/emailAddress=", 14, length)))
+                    return; 
+            }
 
             source_.advance(length);
         }
     }
-    *ptr= 0;
 
-    sha.Final(nt == ISSUER ? issuerHash_ : subjectHash_);
-        
-    return;
-    
-err:
-    source_.SetError(CONTENT_E);
+    *ptr = 0;
+
+    if (nt == ISSUER)
+        sha.Final(issuerHash_);
+    else
+        sha.Final(subjectHash_);
 }
 
 
@@ -806,8 +860,7 @@ void CertDecoder::GetDate(DateType dt)
     memcpy(date, source_.get_current(), length);
     source_.advance(length);
 
-    if (!ValidateDate(date, b, dt) && verify_)
-    {
+    if (!ValidateDate(date, b, dt) && verify_) {
         if (dt == BEFORE)
             source_.SetError(BEFORE_DATE_E);
         else
@@ -870,7 +923,8 @@ void CertDecoder::GetCompareHash(const b
 // validate signature signed by someone else
 bool CertDecoder::ValidateSignature(SignerList* signers)
 {
-    assert(signers);
+    if (!signers)
+        return false;
 
     SignerList::iterator first = signers->begin();
     SignerList::iterator last  = signers->end();
@@ -1091,8 +1145,7 @@ word32 DecodeDSA_Signature(byte* decoded
         return 0;
     }
     word32 rLen = GetLength(source);
-    if (rLen != 20)
-    {
+    if (rLen != 20) {
         if (rLen == 21) {       // zero at front, eat
             source.next();
             --rLen;
@@ -1115,8 +1168,7 @@ word32 DecodeDSA_Signature(byte* decoded
         return 0;
     }
     word32 sLen = GetLength(source);
-    if (sLen != 20)
-    {
+    if (sLen != 20) {
         if (sLen == 21) {
             source.next();          // zero at front, eat
             --sLen;
@@ -1137,6 +1189,7 @@ word32 DecodeDSA_Signature(byte* decoded
 }
 
 
+/*
 // Get Cert in PEM format from BEGIN to END
 int GetCert(Source& source)
 {
@@ -1188,12 +1241,10 @@ void PKCS12_Decoder::Decode()
 
 
     // Get MacData optional
-    /*
-    mac     digestInfo  like certdecoder::getdigest?
-    macsalt octet string
-    iter    integer
+    // mac     digestInfo  like certdecoder::getdigest?
+    // macsalt octet string
+    // iter    integer
     
-    */
 }
 
 
@@ -1213,6 +1264,7 @@ int GetPKCS_Cert(const char* password, S
 
     return 0;
 }
+*/
 
 
 

=== modified file 'extra/yassl/taocrypt/src/bftables.cpp'
--- a/extra/yassl/taocrypt/src/bftables.cpp	2010-10-27 11:32:32 +0000
+++ b/extra/yassl/taocrypt/src/bftables.cpp	2012-05-17 12:10:48 +0000
@@ -14,7 +14,7 @@
    along with this program; see the file COPYING. If not, write to the
    Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
    MA  02110-1301  USA.
-*/
+ */
 
 /* based on Wei Dai's bfinit.cpp from CryptoPP */
 

=== modified file 'extra/yassl/taocrypt/src/blowfish.cpp'
--- a/extra/yassl/taocrypt/src/blowfish.cpp	2012-03-21 15:59:46 +0000
+++ b/extra/yassl/taocrypt/src/blowfish.cpp	2012-05-17 12:10:48 +0000
@@ -14,7 +14,7 @@
    along with this program; see the file COPYING. If not, write to the
    Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
    MA  02110-1301  USA.
-*/
+ */
 
 /* C++ code based on Wei Dai's blowfish.cpp from CryptoPP */
 /* x86 asm is original */
@@ -78,7 +78,7 @@ void Blowfish::Process(byte* out, const 
                 out += BLOCK_SIZE;
                 in  += BLOCK_SIZE;
             }
-    }
+}
 }
 
 #endif // DO_BLOWFISH_ASM
@@ -86,7 +86,10 @@ void Blowfish::Process(byte* out, const 
 
 void Blowfish::SetKey(const byte* key_string, word32 keylength, CipherDir dir)
 {
-	assert(keylength >= 4 && keylength <= 56);
+    if (keylength < 4)
+        keylength = 4;
+    else if (keylength > 56)
+        keylength = 56;
 
 	unsigned i, j=0, k;
 	word32 data, dspace[2] = {0, 0};
@@ -165,16 +168,21 @@ void Blowfish::crypt_block(const word32 
 	word32 left  = in[0];
 	word32 right = in[1];
 
+	const word32  *const s = sbox_;
 	const word32* p = pbox_;
-    word32 tmp;
 
 	left ^= p[0];
 
-    BF_ROUNDS
-
-#if ROUNDS == 20
-    BF_EXTRA_ROUNDS
-#endif
+    // roll back up and use s and p index instead of just p
+    for (unsigned i = 0; i < ROUNDS / 2; i++) {
+        right ^= (((s[GETBYTE(left,3)] + s[256+GETBYTE(left,2)])
+            ^ s[2*256+GETBYTE(left,1)]) + s[3*256+GETBYTE(left,0)])
+            ^ p[2*i+1];
+
+        left ^= (((s[GETBYTE(right,3)] + s[256+GETBYTE(right,2)])
+            ^ s[2*256+GETBYTE(right,1)]) + s[3*256+GETBYTE(right,0)])
+            ^ p[2*i+2];
+    }
 
 	right ^= p[ROUNDS + 1];
 
@@ -188,17 +196,23 @@ typedef BlockGetAndPut<word32, BigEndian
 void Blowfish::ProcessAndXorBlock(const byte* in, const byte* xOr, byte* out)
     const
 {
-    word32 tmp, left, right;
+    word32 left, right;
+	const word32  *const s = sbox_;
     const word32* p = pbox_;
     
     gpBlock::Get(in)(left)(right);
 	left ^= p[0];
 
-    BF_ROUNDS
-
-#if ROUNDS == 20
-    BF_EXTRA_ROUNDS
-#endif
+    // roll back up and use s and p index instead of just p
+    for (unsigned i = 0; i < ROUNDS / 2; i++) {
+        right ^= (((s[GETBYTE(left,3)] + s[256+GETBYTE(left,2)])
+            ^ s[2*256+GETBYTE(left,1)]) + s[3*256+GETBYTE(left,0)])
+            ^ p[2*i+1];
+
+        left ^= (((s[GETBYTE(right,3)] + s[256+GETBYTE(right,2)])
+            ^ s[2*256+GETBYTE(right,1)]) + s[3*256+GETBYTE(right,0)])
+            ^ p[2*i+2];
+    }
 
 	right ^= p[ROUNDS + 1];
 

=== modified file 'extra/yassl/taocrypt/src/coding.cpp'
--- a/extra/yassl/taocrypt/src/coding.cpp	2012-03-21 15:59:46 +0000
+++ b/extra/yassl/taocrypt/src/coding.cpp	2012-05-17 12:10:48 +0000
@@ -14,7 +14,7 @@
    along with this program; see the file COPYING. If not, write to the
    Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
    MA  02110-1301  USA.
-*/
+ */
 
 /* coding.cpp implements hex and base64 encoding/decoing
 */
@@ -95,7 +95,6 @@ void HexEncoder::Encode()
 void HexDecoder::Decode()
 {
     word32 bytes = coded_.size();
-    assert((bytes % 2) == 0);
     decoded_.New(bytes / 2);
 
     word32 i(0);
@@ -104,15 +103,9 @@ void HexDecoder::Decode()
         byte b  = coded_.next() - 0x30;  // 0 starts at 0x30
         byte b2 = coded_.next() - 0x30;
 
-        // sanity checks
-        assert( b  < sizeof(hexDecode)/sizeof(hexDecode[0]) );
-        assert( b2 < sizeof(hexDecode)/sizeof(hexDecode[0]) );
-
         b  = hexDecode[b];
         b2 = hexDecode[b2];
-        
-        assert( b != bad && b2 != bad );
-        
+
         decoded_[i++] = (b << 4) | b2;
         bytes -= 2;
     }
@@ -174,9 +167,9 @@ void Base64Encoder::Encode()
     } 
 
     encoded_[i++] = '\n';
-    assert(i == outSz);
-
-    plain_.reset(encoded_);
+    
+    if (i == outSz)
+        plain_.reset(encoded_);
 }
 
 
@@ -197,7 +190,6 @@ void Base64Decoder::Decode()
         byte e3 = coded_.next();
         byte e4 = coded_.next();
 
-        // do asserts first
         if (e1 == 0)            // end file 0's
             break;
 

=== modified file 'extra/yassl/taocrypt/src/crypto.cpp'
--- a/extra/yassl/taocrypt/src/crypto.cpp	2010-10-27 11:32:32 +0000
+++ b/extra/yassl/taocrypt/src/crypto.cpp	2012-05-17 12:10:48 +0000
@@ -14,7 +14,7 @@
    along with this program; see the file COPYING. If not, write to the
    Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
    MA  02110-1301  USA.
-*/
+ */
 
 /* put features that other apps expect from OpenSSL type crypto */
 

=== modified file 'extra/yassl/taocrypt/src/des.cpp'
--- a/extra/yassl/taocrypt/src/des.cpp	2010-10-27 11:32:32 +0000
+++ b/extra/yassl/taocrypt/src/des.cpp	2012-05-17 12:10:48 +0000
@@ -14,7 +14,7 @@
    along with this program; see the file COPYING. If not, write to the
    Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
    MA  02110-1301  USA.
-*/
+ */
 
 /* C++ part based on Wei Dai's des.cpp from CryptoPP */
 /* x86 asm is original */

=== modified file 'extra/yassl/taocrypt/src/dh.cpp'
--- a/extra/yassl/taocrypt/src/dh.cpp	2010-10-27 11:32:32 +0000
+++ b/extra/yassl/taocrypt/src/dh.cpp	2012-05-17 12:10:48 +0000
@@ -14,7 +14,7 @@
    along with this program; see the file COPYING. If not, write to the
    Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
    MA  02110-1301  USA.
-*/
+ */
 
 
 /* dh.cpp implements Diffie-Hellman support

=== modified file 'extra/yassl/taocrypt/src/dsa.cpp'
--- a/extra/yassl/taocrypt/src/dsa.cpp	2012-03-21 15:59:46 +0000
+++ b/extra/yassl/taocrypt/src/dsa.cpp	2012-05-17 12:10:48 +0000
@@ -14,7 +14,7 @@
    along with this program; see the file COPYING. If not, write to the
    Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
    MA  02110-1301  USA.
-*/
+ */
 
 
 #include "runtime.hpp"
@@ -183,7 +183,8 @@ word32 DSA_Signer::Sign(const byte* sha_
     Integer kInv = k.InverseMod(q);
     s_ = (kInv * (H + x*r_)) % q;
 
-    assert(!!r_ && !!s_);
+    if (!(!!r_ && !!s_))
+        return -1;
 
     int rSz = r_.ByteCount();
 

=== modified file 'extra/yassl/taocrypt/src/file.cpp'
--- a/extra/yassl/taocrypt/src/file.cpp	2010-10-27 11:32:32 +0000
+++ b/extra/yassl/taocrypt/src/file.cpp	2012-05-17 12:10:48 +0000
@@ -14,7 +14,7 @@
    along with this program; see the file COPYING. If not, write to the
    Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
    MA  02110-1301  USA.
-*/
+ */
 
 /* file.cpp implements File Sources and Sinks
 */

=== modified file 'extra/yassl/taocrypt/src/hash.cpp'
--- a/extra/yassl/taocrypt/src/hash.cpp	2012-03-21 15:59:46 +0000
+++ b/extra/yassl/taocrypt/src/hash.cpp	2012-05-17 12:10:48 +0000
@@ -14,14 +14,13 @@
    along with this program; see the file COPYING. If not, write to the
    Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
    MA  02110-1301  USA.
-*/
+ */
 
 /* hash.cpp implements a base for digest types
 */
 
 #include "runtime.hpp"
 #include <string.h>
-#include <assert.h>
 
 #include "hash.hpp"
 
@@ -31,8 +30,6 @@ namespace TaoCrypt {
 
 HASHwithTransform::HASHwithTransform(word32 digSz, word32 buffSz)
 {
-    assert(digSz  <= MaxDigestSz);
-    assert(buffSz <= MaxBufferSz);
 }
 
 
@@ -73,15 +70,15 @@ void HASHwithTransform::Update(const byt
 // Final process, place digest in hash
 void HASHwithTransform::Final(byte* hash)
 {
-    word32    blockSz   = getBlockSize();
-    word32    digestSz  = getDigestSize();
-    word32    padSz     = getPadSize();
-    ByteOrder order     = getByteOrder();
+    word32    blockSz  = getBlockSize();
+    word32    digestSz = getDigestSize();
+    word32    padSz    = getPadSize();
+    ByteOrder order    = getByteOrder();
 
     AddLength(buffLen_);                        // before adding pads
     HashLengthType preLoLen = GetBitCountLo();
     HashLengthType preHiLen = GetBitCountHi();
-    byte*     local     = reinterpret_cast<byte*>(buffer_);
+    byte*     local         = reinterpret_cast<byte*>(buffer_);
 
     local[buffLen_++] = 0x80;  // add 1
 
@@ -95,7 +92,7 @@ void HASHwithTransform::Final(byte* hash
         buffLen_ = 0;
     }
     memset(&local[buffLen_], 0, padSz - buffLen_);
-
+   
     ByteReverseIf(local, local, blockSz, order);
     
     memcpy(&local[padSz],   order ? &preHiLen : &preLoLen, sizeof(preLoLen));
@@ -113,8 +110,6 @@ void HASHwithTransform::Final(byte* hash
 
 HASH64withTransform::HASH64withTransform(word32 digSz, word32 buffSz)
 {
-    assert(digSz  <= MaxDigestSz);
-    assert(buffSz <= MaxBufferSz);
 }
 
 

=== added file 'extra/yassl/taocrypt/src/hc128.cpp'
--- a/extra/yassl/taocrypt/src/hc128.cpp	1970-01-01 00:00:00 +0000
+++ b/extra/yassl/taocrypt/src/hc128.cpp	2012-05-17 12:10:48 +0000
@@ -0,0 +1,317 @@
+/*
+   Copyright (c) 2005, 2011, Oracle and/or its affiliates. All rights reserved.
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; version 2 of the License.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; see the file COPYING. If not, write to the
+   Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
+   MA  02110-1301  USA.
+*/
+
+
+#include "runtime.hpp"
+#include "hc128.hpp"
+
+
+
+namespace TaoCrypt {
+
+
+
+
+#ifdef BIG_ENDIAN_ORDER
+    #define LITTLE32(x) ByteReverse((word32)x)
+#else
+    #define LITTLE32(x) (x)
+#endif
+
+
+/*h1 function*/
+#define h1(x, y) {                              \
+     byte a,c;                                  \
+     a = (byte) (x);                            \
+     c = (byte) ((x) >> 16);                    \
+     y = (T_[512+a])+(T_[512+256+c]);           \
+}
+
+/*h2 function*/
+#define h2(x, y) {                              \
+     byte a,c;                                  \
+     a = (byte) (x);                            \
+     c = (byte) ((x) >> 16);                    \
+     y = (T_[a])+(T_[256+c]);                   \
+}
+
+/*one step of HC-128, update P and generate 32 bits keystream*/
+#define step_P(u,v,a,b,c,d,n){                  \
+     word32 tem0,tem1,tem2,tem3;                \
+     h1((X_[(d)]),tem3);                        \
+     tem0 = rotrFixed((T_[(v)]),23);            \
+     tem1 = rotrFixed((X_[(c)]),10);            \
+     tem2 = rotrFixed((X_[(b)]),8);             \
+     (T_[(u)]) += tem2+(tem0 ^ tem1);           \
+     (X_[(a)]) = (T_[(u)]);                     \
+     (n) = tem3 ^ (T_[(u)]) ;                   \
+}       
+
+/*one step of HC-128, update Q and generate 32 bits keystream*/
+#define step_Q(u,v,a,b,c,d,n){                  \
+     word32 tem0,tem1,tem2,tem3;                \
+     h2((Y_[(d)]),tem3);                        \
+     tem0 = rotrFixed((T_[(v)]),(32-23));       \
+     tem1 = rotrFixed((Y_[(c)]),(32-10));       \
+     tem2 = rotrFixed((Y_[(b)]),(32-8));        \
+     (T_[(u)]) += tem2 + (tem0 ^ tem1);         \
+     (Y_[(a)]) = (T_[(u)]);                     \
+     (n) = tem3 ^ (T_[(u)]) ;                   \
+}   
+
+
+/*16 steps of HC-128, generate 512 bits keystream*/
+void HC128::GenerateKeystream(word32* keystream)  
+{
+   word32 cc,dd;
+   cc = counter1024_ & 0x1ff;
+   dd = (cc+16)&0x1ff;
+
+   if (counter1024_ < 512)	
+   {   		
+      counter1024_ = (counter1024_ + 16) & 0x3ff;
+      step_P(cc+0, cc+1, 0, 6, 13,4, keystream[0]);
+      step_P(cc+1, cc+2, 1, 7, 14,5, keystream[1]);
+      step_P(cc+2, cc+3, 2, 8, 15,6, keystream[2]);
+      step_P(cc+3, cc+4, 3, 9, 0, 7, keystream[3]);
+      step_P(cc+4, cc+5, 4, 10,1, 8, keystream[4]);
+      step_P(cc+5, cc+6, 5, 11,2, 9, keystream[5]);
+      step_P(cc+6, cc+7, 6, 12,3, 10,keystream[6]);
+      step_P(cc+7, cc+8, 7, 13,4, 11,keystream[7]);
+      step_P(cc+8, cc+9, 8, 14,5, 12,keystream[8]);
+      step_P(cc+9, cc+10,9, 15,6, 13,keystream[9]);
+      step_P(cc+10,cc+11,10,0, 7, 14,keystream[10]);
+      step_P(cc+11,cc+12,11,1, 8, 15,keystream[11]);
+      step_P(cc+12,cc+13,12,2, 9, 0, keystream[12]);
+      step_P(cc+13,cc+14,13,3, 10,1, keystream[13]);
+      step_P(cc+14,cc+15,14,4, 11,2, keystream[14]);
+      step_P(cc+15,dd+0, 15,5, 12,3, keystream[15]);
+   }
+   else				    
+   {
+	  counter1024_ = (counter1024_ + 16) & 0x3ff;
+      step_Q(512+cc+0, 512+cc+1, 0, 6, 13,4, keystream[0]);
+      step_Q(512+cc+1, 512+cc+2, 1, 7, 14,5, keystream[1]);
+      step_Q(512+cc+2, 512+cc+3, 2, 8, 15,6, keystream[2]);
+      step_Q(512+cc+3, 512+cc+4, 3, 9, 0, 7, keystream[3]);
+      step_Q(512+cc+4, 512+cc+5, 4, 10,1, 8, keystream[4]);
+      step_Q(512+cc+5, 512+cc+6, 5, 11,2, 9, keystream[5]);
+      step_Q(512+cc+6, 512+cc+7, 6, 12,3, 10,keystream[6]);
+      step_Q(512+cc+7, 512+cc+8, 7, 13,4, 11,keystream[7]);
+      step_Q(512+cc+8, 512+cc+9, 8, 14,5, 12,keystream[8]);
+      step_Q(512+cc+9, 512+cc+10,9, 15,6, 13,keystream[9]);
+      step_Q(512+cc+10,512+cc+11,10,0, 7, 14,keystream[10]);
+      step_Q(512+cc+11,512+cc+12,11,1, 8, 15,keystream[11]);
+      step_Q(512+cc+12,512+cc+13,12,2, 9, 0, keystream[12]);
+      step_Q(512+cc+13,512+cc+14,13,3, 10,1, keystream[13]);
+      step_Q(512+cc+14,512+cc+15,14,4, 11,2, keystream[14]);
+      step_Q(512+cc+15,512+dd+0, 15,5, 12,3, keystream[15]);
+   }
+}
+
+
+/* The following defines the initialization functions */
+#define f1(x)  (rotrFixed((x),7)  ^ rotrFixed((x),18) ^ ((x) >> 3))
+#define f2(x)  (rotrFixed((x),17) ^ rotrFixed((x),19) ^ ((x) >> 10))
+
+/*update table P*/
+#define update_P(u,v,a,b,c,d){                      \
+     word32 tem0,tem1,tem2,tem3;                    \
+     tem0 = rotrFixed((T_[(v)]),23);                \
+     tem1 = rotrFixed((X_[(c)]),10);                \
+     tem2 = rotrFixed((X_[(b)]),8);                 \
+     h1((X_[(d)]),tem3);                            \
+     (T_[(u)]) = ((T_[(u)]) + tem2+(tem0^tem1)) ^ tem3;     \
+     (X_[(a)]) = (T_[(u)]);                         \
+}  
+
+/*update table Q*/
+#define update_Q(u,v,a,b,c,d){                      \
+     word32 tem0,tem1,tem2,tem3;                    \
+     tem0 = rotrFixed((T_[(v)]),(32-23));           \
+     tem1 = rotrFixed((Y_[(c)]),(32-10));           \
+     tem2 = rotrFixed((Y_[(b)]),(32-8));            \
+     h2((Y_[(d)]),tem3);                            \
+     (T_[(u)]) = ((T_[(u)]) + tem2+(tem0^tem1)) ^ tem3;     \
+     (Y_[(a)]) = (T_[(u)]);                         \
+}     
+
+/*16 steps of HC-128, without generating keystream, */
+/*but use the outputs to update P and Q*/
+void HC128::SetupUpdate()  /*each time 16 steps*/
+{
+   word32 cc,dd;
+   cc = counter1024_ & 0x1ff;
+   dd = (cc+16)&0x1ff;
+
+   if (counter1024_ < 512)	
+   {   		
+      counter1024_ = (counter1024_ + 16) & 0x3ff;
+      update_P(cc+0, cc+1, 0, 6, 13, 4);
+      update_P(cc+1, cc+2, 1, 7, 14, 5);
+      update_P(cc+2, cc+3, 2, 8, 15, 6);
+      update_P(cc+3, cc+4, 3, 9, 0,  7);
+      update_P(cc+4, cc+5, 4, 10,1,  8);
+      update_P(cc+5, cc+6, 5, 11,2,  9);
+      update_P(cc+6, cc+7, 6, 12,3,  10);
+      update_P(cc+7, cc+8, 7, 13,4,  11);
+      update_P(cc+8, cc+9, 8, 14,5,  12);
+      update_P(cc+9, cc+10,9, 15,6,  13);
+      update_P(cc+10,cc+11,10,0, 7,  14);
+      update_P(cc+11,cc+12,11,1, 8,  15);
+      update_P(cc+12,cc+13,12,2, 9,  0);
+      update_P(cc+13,cc+14,13,3, 10, 1);
+      update_P(cc+14,cc+15,14,4, 11, 2);
+      update_P(cc+15,dd+0, 15,5, 12, 3);   
+   }
+   else				    
+   {
+      counter1024_ = (counter1024_ + 16) & 0x3ff;
+      update_Q(512+cc+0, 512+cc+1, 0, 6, 13, 4);
+      update_Q(512+cc+1, 512+cc+2, 1, 7, 14, 5);
+      update_Q(512+cc+2, 512+cc+3, 2, 8, 15, 6);
+      update_Q(512+cc+3, 512+cc+4, 3, 9, 0,  7);
+      update_Q(512+cc+4, 512+cc+5, 4, 10,1,  8);
+      update_Q(512+cc+5, 512+cc+6, 5, 11,2,  9);
+      update_Q(512+cc+6, 512+cc+7, 6, 12,3,  10);
+      update_Q(512+cc+7, 512+cc+8, 7, 13,4,  11);
+      update_Q(512+cc+8, 512+cc+9, 8, 14,5,  12);
+      update_Q(512+cc+9, 512+cc+10,9, 15,6,  13);
+      update_Q(512+cc+10,512+cc+11,10,0, 7,  14);
+      update_Q(512+cc+11,512+cc+12,11,1, 8,  15);
+      update_Q(512+cc+12,512+cc+13,12,2, 9,  0);
+      update_Q(512+cc+13,512+cc+14,13,3, 10, 1);
+      update_Q(512+cc+14,512+cc+15,14,4, 11, 2);
+      update_Q(512+cc+15,512+dd+0, 15,5, 12, 3); 
+   }       
+}
+
+
+/* for the 128-bit key:  key[0]...key[15]
+*  key[0] is the least significant byte of ctx->key[0] (K_0);
+*  key[3] is the most significant byte of ctx->key[0]  (K_0);
+*  ...
+*  key[12] is the least significant byte of ctx->key[3] (K_3)
+*  key[15] is the most significant byte of ctx->key[3]  (K_3)
+*
+*  for the 128-bit iv:  iv[0]...iv[15]
+*  iv[0] is the least significant byte of ctx->iv[0] (IV_0);
+*  iv[3] is the most significant byte of ctx->iv[0]  (IV_0);
+*  ...
+*  iv[12] is the least significant byte of ctx->iv[3] (IV_3)
+*  iv[15] is the most significant byte of ctx->iv[3]  (IV_3)
+*/
+
+
+
+void HC128::SetIV(const byte* iv)
+{ 
+    word32 i;
+	
+	for (i = 0; i < (128 >> 5); i++)
+        iv_[i] = LITTLE32(((word32*)iv)[i]);
+	
+    for (; i < 8; i++) iv_[i] = iv_[i-4];
+  
+    /* expand the key and IV into the table T */ 
+    /* (expand the key and IV into the table P and Q) */ 
+	
+	for (i = 0; i < 8;  i++)   T_[i] = key_[i];
+	for (i = 8; i < 16; i++)   T_[i] = iv_[i-8];
+
+    for (i = 16; i < (256+16); i++) 
+		T_[i] = f2(T_[i-2]) + T_[i-7] + f1(T_[i-15]) + T_[i-16]+i;
+    
+	for (i = 0; i < 16;  i++)  T_[i] = T_[256+i];
+
+	for (i = 16; i < 1024; i++) 
+		T_[i] = f2(T_[i-2]) + T_[i-7] + f1(T_[i-15]) + T_[i-16]+256+i;
+    
+    /* initialize counter1024, X and Y */
+	counter1024_ = 0;
+	for (i = 0; i < 16; i++) X_[i] = T_[512-16+i];
+    for (i = 0; i < 16; i++) Y_[i] = T_[512+512-16+i];
+    
+    /* run the cipher 1024 steps before generating the output */
+	for (i = 0; i < 64; i++)  SetupUpdate();  
+}
+
+
+void HC128::SetKey(const byte* key, const byte* iv)
+{ 
+  word32 i;  
+
+  /* Key size in bits 128 */ 
+  for (i = 0; i < (128 >> 5); i++)
+      key_[i] = LITTLE32(((word32*)key)[i]);
+ 
+  for ( ; i < 8 ; i++) key_[i] = key_[i-4];
+
+  SetIV(iv);
+}
+
+
+/* The following defines the encryption of data stream */
+void HC128::Process(byte* output, const byte* input, word32 msglen)
+{
+  word32 i, keystream[16];
+
+  for ( ; msglen >= 64; msglen -= 64, input += 64, output += 64)
+  {
+	  GenerateKeystream(keystream);
+
+      /* unroll loop */
+	  ((word32*)output)[0]  = ((word32*)input)[0]  ^ LITTLE32(keystream[0]);
+	  ((word32*)output)[1]  = ((word32*)input)[1]  ^ LITTLE32(keystream[1]);
+	  ((word32*)output)[2]  = ((word32*)input)[2]  ^ LITTLE32(keystream[2]);
+	  ((word32*)output)[3]  = ((word32*)input)[3]  ^ LITTLE32(keystream[3]);
+	  ((word32*)output)[4]  = ((word32*)input)[4]  ^ LITTLE32(keystream[4]);
+	  ((word32*)output)[5]  = ((word32*)input)[5]  ^ LITTLE32(keystream[5]);
+	  ((word32*)output)[6]  = ((word32*)input)[6]  ^ LITTLE32(keystream[6]);
+	  ((word32*)output)[7]  = ((word32*)input)[7]  ^ LITTLE32(keystream[7]);
+	  ((word32*)output)[8]  = ((word32*)input)[8]  ^ LITTLE32(keystream[8]);
+	  ((word32*)output)[9]  = ((word32*)input)[9]  ^ LITTLE32(keystream[9]);
+	  ((word32*)output)[10] = ((word32*)input)[10] ^ LITTLE32(keystream[10]);
+	  ((word32*)output)[11] = ((word32*)input)[11] ^ LITTLE32(keystream[11]);
+	  ((word32*)output)[12] = ((word32*)input)[12] ^ LITTLE32(keystream[12]);
+	  ((word32*)output)[13] = ((word32*)input)[13] ^ LITTLE32(keystream[13]);
+	  ((word32*)output)[14] = ((word32*)input)[14] ^ LITTLE32(keystream[14]);
+	  ((word32*)output)[15] = ((word32*)input)[15] ^ LITTLE32(keystream[15]);
+  }
+
+  if (msglen > 0)
+  {
+      GenerateKeystream(keystream);
+
+#ifdef BIG_ENDIAN_ORDER
+      {
+          word32 wordsLeft = msglen / sizeof(word32);
+          if (msglen % sizeof(word32)) wordsLeft++;
+          
+          ByteReverse(keystream, keystream, wordsLeft * sizeof(word32));
+      }
+#endif
+
+      for (i = 0; i < msglen; i++)
+	      output[i] = input[i] ^ ((byte*)keystream)[i];
+  }
+
+}
+
+
+}  // namespace

=== modified file 'extra/yassl/taocrypt/src/integer.cpp'
--- a/extra/yassl/taocrypt/src/integer.cpp	2012-03-21 15:59:46 +0000
+++ b/extra/yassl/taocrypt/src/integer.cpp	2012-05-17 12:10:48 +0000
@@ -68,7 +68,8 @@ template <class T>
 CPP_TYPENAME AlignedAllocator<T>::pointer AlignedAllocator<T>::allocate(
                                            size_type n, const void *)
 {
-    CheckSize(n);
+    if (n > max_size())
+        return 0;
     if (n == 0)
         return 0;
     if (n >= 4)
@@ -86,16 +87,13 @@ CPP_TYPENAME AlignedAllocator<T>::pointe
     #endif
 
     #ifdef TAOCRYPT_NO_ALIGNED_ALLOC
-        assert(m_pBlock == 0);
         m_pBlock = p;
         if (!IsAlignedOn(p, 16))
         {
-            assert(IsAlignedOn(p, 8));
             p = (byte *)p + 8;
         }
     #endif
 
-        assert(IsAlignedOn(p, 16));
         return (T*)p;
     }
     return NEW_TC T[n];
@@ -111,7 +109,6 @@ void AlignedAllocator<T>::deallocate(voi
         #ifdef TAOCRYPT_MM_MALLOC_AVAILABLE
             _mm_free(p);
         #elif defined(TAOCRYPT_NO_ALIGNED_ALLOC)
-            assert(m_pBlock == p || (byte*)m_pBlock+8 == p);
             free(m_pBlock);
             m_pBlock = 0;
         #else
@@ -279,14 +276,14 @@ DWord() {}
 
 private:
     struct dword_struct
-    {
-    #ifdef LITTLE_ENDIAN_ORDER
-        word low;
-        word high;
-    #else
-        word high;
-        word low;
-    #endif
+        {
+        #ifdef LITTLE_ENDIAN_ORDER
+            word low;
+            word high;
+        #else
+            word high;
+            word low;
+        #endif
     };
 
     union
@@ -360,9 +357,6 @@ private:
 template <class S, class D>
 S DivideThreeWordsByTwo(S* A, S B0, S B1, D* dummy_VC6_WorkAround = 0)
 {
-    // assert {A[2],A[1]} < {B1,B0}, so quotient can fit in a S
-    assert(A[2] < B1 || (A[2]==B1 && A[1] < B0));
-
     // estimate the quotient: do a 2 S by 1 S divide
     S Q;
     if (S(B1+1) == 0)
@@ -388,7 +382,6 @@ S DivideThreeWordsByTwo(S* A, S B0, S B1
         A[1] = u.GetLowHalf();
         A[2] += u.GetHighHalf();
         Q++;
-        assert(Q);	// shouldn't overflow
     }
 
     return Q;
@@ -486,7 +479,6 @@ static int Compare(const word *A, const 
 
 static word Increment(word *A, unsigned int N, word B=1)
 {
-    assert(N);
     word t = A[0];
     A[0] = t+B;
     if (A[0] >= t)
@@ -499,7 +491,6 @@ static word Increment(word *A, unsigned 
 
 static word Decrement(word *A, unsigned int N, word B=1)
 {
-    assert(N);
     word t = A[0];
     A[0] = t-B;
     if (A[0] <= t)
@@ -533,14 +524,11 @@ static word LinearMultiply(word *C, cons
 
 static word AtomicInverseModPower2(word A)
 {
-    assert(A%2==1);
-
     word R=A%8;
 
     for (unsigned i=3; i<WORD_BITS; i*=2)
         R = R*(2-R*A);
 
-    assert(word(R*A)==1);
     return R;
 }
 
@@ -571,14 +559,11 @@ public:
 
     static void TAOCRYPT_CDECL Square2(word *R, const word *A);
     static void TAOCRYPT_CDECL Square4(word *R, const word *A);
-    static void TAOCRYPT_CDECL Square8(word *R, const word *A) {assert(false);}
     static unsigned int TAOCRYPT_CDECL SquareRecursionLimit() {return 4;}
 };
 
 word Portable::Add(word *C, const word *A, const word *B, unsigned int N)
 {
-    assert (N%2 == 0);
-
     DWord u(0, 0);
     for (unsigned int i = 0; i < N; i+=2)
     {
@@ -592,8 +577,6 @@ word Portable::Add(word *C, const word *
 
 word Portable::Subtract(word *C, const word *A, const word *B, unsigned int N)
 {
-    assert (N%2 == 0);
-
     DWord u(0, 0);
     for (unsigned int i = 0; i < N; i+=2)
     {
@@ -1008,7 +991,7 @@ void Portable::Multiply8Bottom(word *R, 
     static jmp_buf s_env;
     static void SigIllHandler(int)
     {
-    longjmp(s_env, 1);
+        longjmp(s_env, 1);
     }
 #endif
 
@@ -2125,8 +2108,6 @@ void P4Optimized::Multiply8Bottom(word *
 void RecursiveMultiply(word *R, word *T, const word *A, const word *B,
                        unsigned int N)
 {
-    assert(N>=2 && N%2==0);
-
     if (LowLevel::MultiplyRecursionLimit() >= 8 && N==8)
         LowLevel::Multiply8(R, A, B);
     else if (LowLevel::MultiplyRecursionLimit() >= 4 && N==4)
@@ -2183,7 +2164,6 @@ void RecursiveMultiply(word *R, word *T,
         carry += LowLevel::Add(T0, T0, R2, N);
         carry += LowLevel::Add(R1, R1, T0, N);
 
-        assert (carry >= 0 && carry <= 2);
         Increment(R3, N2, carry);
     }
 }
@@ -2191,9 +2171,6 @@ void RecursiveMultiply(word *R, word *T,
 
 void RecursiveSquare(word *R, word *T, const word *A, unsigned int N)                     
 {
-    assert(N && N%2==0);
-    if (LowLevel::SquareRecursionLimit() >= 8 && N==8)
-        LowLevel::Square8(R, A);
     if (LowLevel::SquareRecursionLimit() >= 4 && N==4)
         LowLevel::Square4(R, A);
     else if (N==2)
@@ -2222,7 +2199,6 @@ void RecursiveSquare(word *R, word *T, c
 void RecursiveMultiplyBottom(word *R, word *T, const word *A, const word *B,
                              unsigned int N)
 {
-    assert(N>=2 && N%2==0);
     if (LowLevel::MultiplyBottomRecursionLimit() >= 8 && N==8)
         LowLevel::Multiply8Bottom(R, A, B);
     else if (LowLevel::MultiplyBottomRecursionLimit() >= 4 && N==4)
@@ -2245,8 +2221,6 @@ void RecursiveMultiplyBottom(word *R, wo
 void RecursiveMultiplyTop(word *R, word *T, const word *L, const word *A,
                           const word *B, unsigned int N)
 {
-    assert(N>=2 && N%2==0);
-
     if (N==4)
     {
         LowLevel::Multiply4(T, A, B);
@@ -2310,7 +2284,6 @@ void RecursiveMultiplyTop(word *R, word 
         carry += Increment(R0, N2, c2+t);
         carry += LowLevel::Add(R0, R0, T1, N2);
         carry += LowLevel::Add(R0, R0, T3, N2);
-        assert (carry >= 0 && carry <= 2);
 
         CopyWords(R1, T3, N2);
         Increment(R1, N2, carry);
@@ -2359,9 +2332,6 @@ void AsymmetricMultiply(word *R, word *T
         STL::swap(NA, NB);
     }
 
-    assert(NB % NA == 0);
-    assert((NB/NA)%2 == 0); 	// NB is an even multiple of NA
-
     if (NA==2 && !A[1])
     {
         switch (A[0])
@@ -2428,8 +2398,6 @@ static inline unsigned int EvenWordCount
 unsigned int AlmostInverse(word *R, word *T, const word *A, unsigned int NA,
                            const word *M, unsigned int N)
 {
-    assert(NA<=N && N && N%2==0);
-
     word *b = T;
     word *c = T+N;
     word *f = T+2*N;
@@ -2455,7 +2423,6 @@ unsigned int AlmostInverse(word *R, word
 
             ShiftWordsRightByWords(f, fgLen, 1);
             if (c[bcLen-1]) bcLen+=2;
-            assert(bcLen <= N);
             ShiftWordsLeftByWords(c, bcLen, 1);
             k+=WORD_BITS;
             t=f[0];
@@ -2484,7 +2451,6 @@ unsigned int AlmostInverse(word *R, word
         {
             c[bcLen] = t;
             bcLen+=2;
-            assert(bcLen <= N);
         }
 
         if (f[fgLen-2]==0 && g[fgLen-2]==0 && f[fgLen-1]==0 && g[fgLen-1]==0)
@@ -2503,7 +2469,6 @@ unsigned int AlmostInverse(word *R, word
         {
             b[bcLen] = 1;
             bcLen+=2;
-            assert(bcLen <= N);
         }
     }
 }
@@ -2736,8 +2701,6 @@ void Integer::Randomize(RandomNumberGene
 void Integer::Randomize(RandomNumberGenerator& rng, const Integer& min,
                         const Integer& max)
 {
-    assert(min <= max);
-
     Integer range = max - min;
     const unsigned int nbits = range.BitCount();
 
@@ -2876,7 +2839,7 @@ Integer& Integer::operator++()
     else
     {
         word borrow = Decrement(reg_.get_buffer(), reg_.size());
-        assert(!borrow);
+        (void)borrow;           // shut up compiler
         if (WordCount()==0)
             *this = Zero();
     }
@@ -2993,7 +2956,6 @@ void PositiveSubtract(Integer &diff, con
                                b.reg_.get_buffer(), bSize);
         CopyWords(diff.reg_+bSize, a.reg_+bSize, aSize-bSize);
         borrow = Decrement(diff.reg_+bSize, aSize-bSize, borrow);
-        assert(!borrow);
         diff.sign_ = Integer::POSITIVE;
     }
     else
@@ -3002,7 +2964,6 @@ void PositiveSubtract(Integer &diff, con
                                a.reg_.get_buffer(), aSize);
         CopyWords(diff.reg_+aSize, b.reg_+aSize, bSize-aSize);
         borrow = Decrement(diff.reg_+aSize, bSize-aSize, borrow);
-        assert(!borrow);
         diff.sign_ = Integer::NEGATIVE;
     }
 }
@@ -3062,7 +3023,6 @@ bool Integer::GetBit(unsigned int n) con
 
 unsigned long Integer::GetBits(unsigned int i, unsigned int n) const
 {
-    assert(n <= sizeof(unsigned long)*8);
     unsigned long v = 0;
     for (unsigned int j=0; j<n; j++)
         v |= GetBit(i+j) << j;
@@ -3122,8 +3082,6 @@ bool Integer::IsConvertableToLong() cons
 
 signed long Integer::ConvertToLong() const
 {
-    assert(IsConvertableToLong());
-
     unsigned long value = reg_[0];
     value += SafeLeftShift<WORD_BITS, unsigned long>(reg_[1]);
     return sign_ == POSITIVE ? value : -(signed long)value;
@@ -3222,11 +3180,9 @@ static inline void AtomicDivide(word *Q,
     {
         // multiply quotient and divisor and add remainder, make sure it 
         // equals dividend
-        assert(!T[2] && !T[3] && (T[1] < B[1] || (T[1]==B[1] && T[0]<B[0])));
         word P[4];
         Portable::Multiply2(P, Q, B);
         Add(P, P, T, 4);
-        assert(memcmp(P, A, 4*WORD_SIZE)==0);
     }
 #endif
 }
@@ -3236,8 +3192,6 @@ static inline void AtomicDivide(word *Q,
 static void CorrectQuotientEstimate(word *R, word *T, word *Q, const word *B,
                                     unsigned int N)
 {
-    assert(N && N%2==0);
-
     if (Q[1])
     {
         T[N] = T[N+1] = 0;
@@ -3255,13 +3209,12 @@ static void CorrectQuotientEstimate(word
     }
 
     word borrow = Subtract(R, R, T, N+2);
-    assert(!borrow && !R[N+1]);
+    (void)borrow;       // shut up compiler
 
     while (R[N] || Compare(R, B, N) >= 0)
     {
         R[N] -= Subtract(R, R, B, N);
         Q[1] += (++Q[0]==0);
-        assert(Q[0] || Q[1]); // no overflow
     }
 }
 
@@ -3275,10 +3228,6 @@ static void CorrectQuotientEstimate(word
 void Divide(word* R, word* Q, word* T, const word* A, unsigned int NA,
             const word* B, unsigned int NB)
 {
-    assert(NA && NB && NA%2==0 && NB%2==0);
-    assert(B[NB-1] || B[NB-2]);
-    assert(NB <= NA);
-
     // set up temporary work space
     word *const TA=T;
     word *const TB=T+NA+2;
@@ -3289,7 +3238,6 @@ void Divide(word* R, word* Q, word* T, c
     TB[0] = TB[NB-1] = 0;
     CopyWords(TB+shiftWords, B, NB-shiftWords);
     unsigned shiftBits = WORD_BITS - BitPrecision(TB[NB-1]);
-    assert(shiftBits < WORD_BITS);
     ShiftWordsLeftByBits(TB, NB, shiftBits);
 
     // copy A into TA and normalize it
@@ -3309,7 +3257,6 @@ void Divide(word* R, word* Q, word* T, c
     else
     {
         NA+=2;
-        assert(Compare(TA+NA-NB, TB, NB) < 0);
     }
 
     word BT[2];
@@ -3335,8 +3282,6 @@ void PositiveDivide(Integer& remainder, 
     unsigned aSize = a.WordCount();
     unsigned bSize = b.WordCount();
 
-    assert(bSize);
-
     if (a.PositiveCompare(b) == -1)
     {
         remainder = a;
@@ -3424,8 +3369,6 @@ Integer Integer::Modulo(const Integer &b
 void Integer::Divide(word &remainder, Integer &quotient,
                      const Integer &dividend, word divisor)
 {
-    assert(divisor);
-
     if ((divisor & (divisor-1)) == 0)	// divisor is a power of 2
     {
         quotient = dividend >> (BitPrecision(divisor)-1);
@@ -3465,8 +3408,6 @@ Integer Integer::DividedBy(word b) const
 
 word Integer::Modulo(word divisor) const
 {
-    assert(divisor);
-
     word remainder;
 
     if ((divisor & (divisor-1)) == 0)	// divisor is a power of 2
@@ -3512,7 +3453,6 @@ Integer Integer::SquareRoot() const
 
     // overestimate square root
     Integer x, y = Power2((BitCount()+1)/2);
-    assert(y*y >= *this);
 
     do
     {
@@ -3557,8 +3497,6 @@ Integer Integer::Gcd(const Integer &a, c
 
 Integer Integer::InverseMod(const Integer &m) const
 {
-    assert(m.NotNegative());
-
     if (IsNegative() || *this>=m)
         return (*this%m).InverseMod(m);
 
@@ -3801,7 +3739,7 @@ void MontgomeryReduce(word *R, word *T, 
     word borrow = Subtract(T, X+N, T, N);
     // defend against timing attack by doing this Add even when not needed
     word carry = Add(T+N, T, M, N);
-    assert(carry || !borrow);
+    (void)carry;            // shut up compiler
     CopyWords(R, T + (borrow ? N : 0), N);
 }
 
@@ -3857,7 +3795,6 @@ MontgomeryRepresentation::MontgomeryRepr
       u((word)0, modulus.reg_.size()),
       workspace(5*modulus.reg_.size())
 {
-    assert(modulus.IsOdd());
     RecursiveInverseModPower2(u.reg_.get_buffer(), workspace.get_buffer(),
                               modulus.reg_.get_buffer(), modulus.reg_.size());
 }
@@ -3868,7 +3805,6 @@ const Integer& MontgomeryRepresentation:
     word *const T = workspace.begin();
     word *const R = result.reg_.begin();
     const unsigned int N = modulus.reg_.size();
-    assert(a.reg_.size()<=N && b.reg_.size()<=N);
 
     AsymmetricMultiply(T, T+2*N, a.reg_.get_buffer(), a.reg_.size(),
                        b.reg_.get_buffer(), b.reg_.size());
@@ -3883,7 +3819,6 @@ const Integer& MontgomeryRepresentation:
     word *const T = workspace.begin();
     word *const R = result.reg_.begin();
     const unsigned int N = modulus.reg_.size();
-    assert(a.reg_.size()<=N);
 
     TaoCrypt::Square(T, T+2*N, a.reg_.get_buffer(), a.reg_.size());
     SetWords(T+2*a.reg_.size(), 0, 2*N-2*a.reg_.size());
@@ -3897,7 +3832,6 @@ Integer MontgomeryRepresentation::Conver
     word *const T = workspace.begin();
     word *const R = result.reg_.begin();
     const unsigned int N = modulus.reg_.size();
-    assert(a.reg_.size()<=N);
 
     CopyWords(T, a.reg_.get_buffer(), a.reg_.size());
     SetWords(T+a.reg_.size(), 0, 2*N-a.reg_.size());
@@ -3914,7 +3848,6 @@ const Integer& MontgomeryRepresentation:
     word *const T = workspace.begin();
     word *const R = result.reg_.begin();
     const unsigned int N = modulus.reg_.size();
-    assert(a.reg_.size()<=N);
 
     CopyWords(T, a.reg_.get_buffer(), a.reg_.size());
     SetWords(T+a.reg_.size(), 0, 2*N-a.reg_.size());

=== modified file 'extra/yassl/taocrypt/src/md2.cpp'
--- a/extra/yassl/taocrypt/src/md2.cpp	2010-10-27 11:32:32 +0000
+++ b/extra/yassl/taocrypt/src/md2.cpp	2012-05-17 12:10:48 +0000
@@ -14,7 +14,7 @@
    along with this program; see the file COPYING. If not, write to the
    Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
    MA  02110-1301  USA.
-*/
+ */
 
 
 /* based on Wei Dai's md2.cpp from CryptoPP */

=== modified file 'extra/yassl/taocrypt/src/md4.cpp'
--- a/extra/yassl/taocrypt/src/md4.cpp	2012-03-21 15:59:46 +0000
+++ b/extra/yassl/taocrypt/src/md4.cpp	2012-05-17 12:10:48 +0000
@@ -14,7 +14,7 @@
    along with this program; see the file COPYING. If not, write to the
    Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
    MA  02110-1301  USA.
-*/
+ */
 
 
 /* based on Wei Dai's md4.cpp from CryptoPP */
@@ -27,7 +27,7 @@
     #include "algorithm.hpp"
 #endif
 
-   
+
 namespace STL = STL_NAMESPACE;
    
 

=== modified file 'extra/yassl/taocrypt/src/md5.cpp'
--- a/extra/yassl/taocrypt/src/md5.cpp	2012-03-21 15:59:46 +0000
+++ b/extra/yassl/taocrypt/src/md5.cpp	2012-05-17 12:10:48 +0000
@@ -14,7 +14,7 @@
    along with this program; see the file COPYING. If not, write to the
    Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
    MA  02110-1301  USA.
-*/
+ */
 
 
 /* based on Wei Dai's md5.cpp from CryptoPP */
@@ -30,7 +30,7 @@
 
 namespace STL = STL_NAMESPACE;
 
-   
+
 
 namespace TaoCrypt {
 
@@ -108,14 +108,14 @@ void MD5::Update(const byte* data, word3
 
     // at once for asm
     if (buffLen_ == 0) {
-            word32 times = len / BLOCK_SIZE;
-            if (times) {
-                AsmTransform(data, times);
-                const word32 add = BLOCK_SIZE * times;
-                AddLength(add);
-                len  -= add;
-                data += add;
-            }
+        word32 times = len / BLOCK_SIZE;
+        if (times) {
+            AsmTransform(data, times);
+            const word32 add = BLOCK_SIZE * times;
+            AddLength(add);
+            len  -= add;
+            data += add;
+        }
     }
 
     // cache any data left

=== modified file 'extra/yassl/taocrypt/src/misc.cpp'
--- a/extra/yassl/taocrypt/src/misc.cpp	2012-03-21 15:59:46 +0000
+++ b/extra/yassl/taocrypt/src/misc.cpp	2012-05-17 12:10:48 +0000
@@ -14,7 +14,7 @@
    along with this program; see the file COPYING. If not, write to the
    Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
    MA  02110-1301  USA.
-*/
+ */
 
 /* based on Wei Dai's misc.cpp from CryptoPP */
 
@@ -41,28 +41,28 @@ namespace STL = STL_NAMESPACE;
 
     void* operator new(size_t sz, TaoCrypt::new_t)
     {
-    void* ptr = malloc(sz ? sz : 1);
-    if (!ptr) abort();
+        void* ptr = malloc(sz ? sz : 1);
+        if (!ptr) abort();
 
-    return ptr;
+        return ptr;
     }
 
 
     void operator delete(void* ptr, TaoCrypt::new_t)
     {
-    if (ptr) free(ptr);
+        if (ptr) free(ptr);
     }
 
 
     void* operator new[](size_t sz, TaoCrypt::new_t nt)
     {
-    return ::operator new(sz, nt);
+        return ::operator new(sz, nt);
     }
 
 
     void operator delete[](void* ptr, TaoCrypt::new_t nt)
     {
-    ::operator delete(ptr, nt);
+        ::operator delete(ptr, nt);
     }
 
 
@@ -89,7 +89,6 @@ namespace STL = STL_NAMESPACE;
 // Handler for pure virtual functions
 namespace __Crun {
     void pure_error() {
-      assert(!"Aborted: pure virtual method called.");
     }
 }
 
@@ -100,7 +99,6 @@ namespace __Crun {
 extern "C" {
 
     int __cxa_pure_virtual() {
-      assert(!"Aborted: pure virtual method called.");
       return 0;
     }
 
@@ -196,8 +194,8 @@ bool HaveCpuId()
     return true;
 #else
     word32 eax, ebx;
-        __asm__ __volatile
-        (
+    __asm__ __volatile
+    (
         /* Put EFLAGS in eax and ebx */
         "pushf;"
         "pushf;"
@@ -214,9 +212,9 @@ bool HaveCpuId()
         "pop %0;"
         "popf"
         : "=r" (eax), "=r" (ebx)
-            :
+        :
         : "cc"
-        );
+    );
 
     if (eax == ebx)
         return false;

=== added file 'extra/yassl/taocrypt/src/rabbit.cpp'
--- a/extra/yassl/taocrypt/src/rabbit.cpp	1970-01-01 00:00:00 +0000
+++ b/extra/yassl/taocrypt/src/rabbit.cpp	2012-05-17 12:10:48 +0000
@@ -0,0 +1,250 @@
+/*
+   Copyright (c) 2005, 2011, Oracle and/or its affiliates. All rights reserved.
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; version 2 of the License.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; see the file COPYING. If not, write to the
+   Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
+   MA  02110-1301  USA.
+*/
+
+
+#include "runtime.hpp"
+#include "rabbit.hpp"
+
+
+
+namespace TaoCrypt {
+
+
+#define U32V(x)  (word32)(x)
+
+
+#ifdef BIG_ENDIAN_ORDER
+    #define LITTLE32(x) ByteReverse((word32)x)
+#else
+    #define LITTLE32(x) (x)
+#endif
+
+
+// local
+namespace {
+
+
+/* Square a 32-bit unsigned integer to obtain the 64-bit result and return */
+/* the upper 32 bits XOR the lower 32 bits */
+word32 RABBIT_g_func(word32 x)
+{
+    /* Temporary variables */
+    word32 a, b, h, l;
+
+    /* Construct high and low argument for squaring */
+    a = x&0xFFFF;
+    b = x>>16;
+
+    /* Calculate high and low result of squaring */
+    h = (((U32V(a*a)>>17) + U32V(a*b))>>15) + b*b;
+    l = x*x;
+
+    /* Return high XOR low */
+    return U32V(h^l);
+}
+
+
+} // namespace local
+
+
+/* Calculate the next internal state */
+void Rabbit::NextState(RabbitCtx which)
+{
+    /* Temporary variables */
+    word32 g[8], c_old[8], i;
+
+    Ctx* ctx;
+
+    if (which == Master)
+        ctx = &masterCtx_;
+    else
+        ctx = &workCtx_;
+
+    /* Save old counter values */
+    for (i=0; i<8; i++)
+        c_old[i] = ctx->c[i];
+
+    /* Calculate new counter values */
+    ctx->c[0] = U32V(ctx->c[0] + 0x4D34D34D + ctx->carry);
+    ctx->c[1] = U32V(ctx->c[1] + 0xD34D34D3 + (ctx->c[0] < c_old[0]));
+    ctx->c[2] = U32V(ctx->c[2] + 0x34D34D34 + (ctx->c[1] < c_old[1]));
+    ctx->c[3] = U32V(ctx->c[3] + 0x4D34D34D + (ctx->c[2] < c_old[2]));
+    ctx->c[4] = U32V(ctx->c[4] + 0xD34D34D3 + (ctx->c[3] < c_old[3]));
+    ctx->c[5] = U32V(ctx->c[5] + 0x34D34D34 + (ctx->c[4] < c_old[4]));
+    ctx->c[6] = U32V(ctx->c[6] + 0x4D34D34D + (ctx->c[5] < c_old[5]));
+    ctx->c[7] = U32V(ctx->c[7] + 0xD34D34D3 + (ctx->c[6] < c_old[6]));
+    ctx->carry = (ctx->c[7] < c_old[7]);
+   
+    /* Calculate the g-values */
+    for (i=0;i<8;i++)
+        g[i] = RABBIT_g_func(U32V(ctx->x[i] + ctx->c[i]));
+
+    /* Calculate new state values */
+    ctx->x[0] = U32V(g[0] + rotlFixed(g[7],16) + rotlFixed(g[6], 16));
+    ctx->x[1] = U32V(g[1] + rotlFixed(g[0], 8) + g[7]);
+    ctx->x[2] = U32V(g[2] + rotlFixed(g[1],16) + rotlFixed(g[0], 16));
+    ctx->x[3] = U32V(g[3] + rotlFixed(g[2], 8) + g[1]);
+    ctx->x[4] = U32V(g[4] + rotlFixed(g[3],16) + rotlFixed(g[2], 16));
+    ctx->x[5] = U32V(g[5] + rotlFixed(g[4], 8) + g[3]);
+    ctx->x[6] = U32V(g[6] + rotlFixed(g[5],16) + rotlFixed(g[4], 16));
+    ctx->x[7] = U32V(g[7] + rotlFixed(g[6], 8) + g[5]);
+}
+
+
+/* IV setup */
+void Rabbit::SetIV(const byte* iv)
+{
+    /* Temporary variables */
+    word32 i0, i1, i2, i3, i;
+      
+    /* Generate four subvectors */
+    i0 = LITTLE32(*(word32*)(iv+0));
+    i2 = LITTLE32(*(word32*)(iv+4));
+    i1 = (i0>>16) | (i2&0xFFFF0000);
+    i3 = (i2<<16) | (i0&0x0000FFFF);
+
+    /* Modify counter values */
+    workCtx_.c[0] = masterCtx_.c[0] ^ i0;
+    workCtx_.c[1] = masterCtx_.c[1] ^ i1;
+    workCtx_.c[2] = masterCtx_.c[2] ^ i2;
+    workCtx_.c[3] = masterCtx_.c[3] ^ i3;
+    workCtx_.c[4] = masterCtx_.c[4] ^ i0;
+    workCtx_.c[5] = masterCtx_.c[5] ^ i1;
+    workCtx_.c[6] = masterCtx_.c[6] ^ i2;
+    workCtx_.c[7] = masterCtx_.c[7] ^ i3;
+
+    /* Copy state variables */
+    for (i=0; i<8; i++)
+        workCtx_.x[i] = masterCtx_.x[i];
+    workCtx_.carry = masterCtx_.carry;
+
+    /* Iterate the system four times */
+    for (i=0; i<4; i++)
+        NextState(Work);
+}
+
+
+/* Key setup */
+void Rabbit::SetKey(const byte* key, const byte* iv)
+{
+    /* Temporary variables */
+    word32 k0, k1, k2, k3, i;
+
+    /* Generate four subkeys */
+    k0 = LITTLE32(*(word32*)(key+ 0));
+    k1 = LITTLE32(*(word32*)(key+ 4));
+    k2 = LITTLE32(*(word32*)(key+ 8));
+    k3 = LITTLE32(*(word32*)(key+12));
+
+    /* Generate initial state variables */
+    masterCtx_.x[0] = k0;
+    masterCtx_.x[2] = k1;
+    masterCtx_.x[4] = k2;
+    masterCtx_.x[6] = k3;
+    masterCtx_.x[1] = U32V(k3<<16) | (k2>>16);
+    masterCtx_.x[3] = U32V(k0<<16) | (k3>>16);
+    masterCtx_.x[5] = U32V(k1<<16) | (k0>>16);
+    masterCtx_.x[7] = U32V(k2<<16) | (k1>>16);
+
+    /* Generate initial counter values */
+    masterCtx_.c[0] = rotlFixed(k2, 16);
+    masterCtx_.c[2] = rotlFixed(k3, 16);
+    masterCtx_.c[4] = rotlFixed(k0, 16);
+    masterCtx_.c[6] = rotlFixed(k1, 16);
+    masterCtx_.c[1] = (k0&0xFFFF0000) | (k1&0xFFFF);
+    masterCtx_.c[3] = (k1&0xFFFF0000) | (k2&0xFFFF);
+    masterCtx_.c[5] = (k2&0xFFFF0000) | (k3&0xFFFF);
+    masterCtx_.c[7] = (k3&0xFFFF0000) | (k0&0xFFFF);
+
+    /* Clear carry bit */
+    masterCtx_.carry = 0;
+
+    /* Iterate the system four times */
+    for (i=0; i<4; i++)
+        NextState(Master);
+
+    /* Modify the counters */
+    for (i=0; i<8; i++)
+        masterCtx_.c[i] ^= masterCtx_.x[(i+4)&0x7];
+
+    /* Copy master instance to work instance */
+    for (i=0; i<8; i++) {
+        workCtx_.x[i] = masterCtx_.x[i];
+        workCtx_.c[i] = masterCtx_.c[i];
+    }
+    workCtx_.carry = masterCtx_.carry;
+
+    if (iv) SetIV(iv);    
+}
+
+
+/* Encrypt/decrypt a message of any size */
+void Rabbit::Process(byte* output, const byte* input, word32 msglen)
+{
+    /* Temporary variables */
+    word32 i;
+    byte buffer[16];
+
+    /* Encrypt/decrypt all full blocks */
+    while (msglen >= 16) {
+        /* Iterate the system */
+        NextState(Work);
+
+        /* Encrypt/decrypt 16 bytes of data */
+        *(word32*)(output+ 0) = *(word32*)(input+ 0) ^
+                   LITTLE32(workCtx_.x[0] ^ (workCtx_.x[5]>>16) ^
+                   U32V(workCtx_.x[3]<<16));
+        *(word32*)(output+ 4) = *(word32*)(input+ 4) ^
+                   LITTLE32(workCtx_.x[2] ^ (workCtx_.x[7]>>16) ^
+                   U32V(workCtx_.x[5]<<16));
+        *(word32*)(output+ 8) = *(word32*)(input+ 8) ^
+                   LITTLE32(workCtx_.x[4] ^ (workCtx_.x[1]>>16) ^
+                   U32V(workCtx_.x[7]<<16));
+        *(word32*)(output+12) = *(word32*)(input+12) ^
+                   LITTLE32(workCtx_.x[6] ^ (workCtx_.x[3]>>16) ^
+                   U32V(workCtx_.x[1]<<16));
+
+        /* Increment pointers and decrement length */
+        input  += 16;
+        output += 16;
+        msglen -= 16;
+    }
+
+    /* Encrypt/decrypt remaining data */
+    if (msglen) {
+        /* Iterate the system */
+        NextState(Work);
+
+        /* Generate 16 bytes of pseudo-random data */
+        *(word32*)(buffer+ 0) = LITTLE32(workCtx_.x[0] ^
+                  (workCtx_.x[5]>>16) ^ U32V(workCtx_.x[3]<<16));
+        *(word32*)(buffer+ 4) = LITTLE32(workCtx_.x[2] ^ 
+                  (workCtx_.x[7]>>16) ^ U32V(workCtx_.x[5]<<16));
+        *(word32*)(buffer+ 8) = LITTLE32(workCtx_.x[4] ^ 
+                  (workCtx_.x[1]>>16) ^ U32V(workCtx_.x[7]<<16));
+        *(word32*)(buffer+12) = LITTLE32(workCtx_.x[6] ^ 
+                  (workCtx_.x[3]>>16) ^ U32V(workCtx_.x[1]<<16));
+
+        /* Encrypt/decrypt the data */
+        for (i=0; i<msglen; i++)
+            output[i] = input[i] ^ buffer[i];
+    }
+}
+
+
+}  // namespace

=== modified file 'extra/yassl/taocrypt/src/random.cpp'
--- a/extra/yassl/taocrypt/src/random.cpp	2012-03-21 15:59:46 +0000
+++ b/extra/yassl/taocrypt/src/random.cpp	2012-05-17 12:10:48 +0000
@@ -14,7 +14,7 @@
    along with this program; see the file COPYING. If not, write to the
    Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
    MA  02110-1301  USA.
-*/
+ */
 
 
 /* random.cpp implements a crypto secure Random Number Generator using an OS
@@ -96,13 +96,13 @@ void OS_Seed::GenerateSeed(byte* output,
 
 /* The default OS_Seed implementation */
 
-OS_Seed::OS_Seed() 
+OS_Seed::OS_Seed()
 {
     fd_ = open("/dev/urandom",O_RDONLY);
     if (fd_ == -1) {
         fd_ = open("/dev/random",O_RDONLY);
-    if (fd_ == -1)
-        error_.SetError(OPEN_RAN_E);
+        if (fd_ == -1)
+            error_.SetError(OPEN_RAN_E);
     }
 }
 

=== modified file 'extra/yassl/taocrypt/src/ripemd.cpp'
--- a/extra/yassl/taocrypt/src/ripemd.cpp	2012-03-21 15:59:46 +0000
+++ b/extra/yassl/taocrypt/src/ripemd.cpp	2012-05-17 12:10:48 +0000
@@ -14,7 +14,7 @@
    along with this program; see the file COPYING. If not, write to the
    Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
    MA  02110-1301  USA.
-*/
+ */
 
 
 /* based on Wei Dai's ripemd.cpp from CryptoPP */
@@ -110,14 +110,14 @@ void RIPEMD160::Update(const byte* data,
 
     // all at once for asm
     if (buffLen_ == 0) {
-            word32 times = len / BLOCK_SIZE;
-            if (times) {
-                AsmTransform(data, times);
-                const word32 add = BLOCK_SIZE * times;
-                AddLength(add);
-                len  -= add;
-                data += add;
-            }
+        word32 times = len / BLOCK_SIZE;
+        if (times) {
+            AsmTransform(data, times);
+            const word32 add = BLOCK_SIZE * times;
+            AddLength(add);
+            len  -= add;
+            data += add;
+        }
     }
 
     // cache any data left

=== modified file 'extra/yassl/taocrypt/src/rsa.cpp'
--- a/extra/yassl/taocrypt/src/rsa.cpp	2012-03-21 15:59:46 +0000
+++ b/extra/yassl/taocrypt/src/rsa.cpp	2012-05-17 12:10:48 +0000
@@ -14,7 +14,7 @@
    along with this program; see the file COPYING. If not, write to the
    Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
    MA  02110-1301  USA.
-*/
+ */
 
 /* based on Wei Dai's rsa.cpp from CryptoPP */
 
@@ -61,7 +61,6 @@ Integer RSA_PrivateKey::CalculateInverse
 
     Integer y = ModularRoot(re, dq_, dp_, q_, p_, u_);
     y = modn.Divide(y, r);				    // unblind
-    assert(modn.Exponentiate(y, e_) == x);  // check
        
     return y;
 }
@@ -124,7 +123,8 @@ word32 RSA_BlockType2::UnPad(const byte 
     unsigned i=1;
     while (i<pkcsBlockLen && pkcsBlock[i++]) { // null body
         }
-    assert(i==pkcsBlockLen || pkcsBlock[i-1]==0);
+    if (!(i==pkcsBlockLen || pkcsBlock[i-1]==0))
+        return 0;
 
     unsigned int outputLen = pkcsBlockLen - i;
     invalid = (outputLen > maxOutputLen) || invalid;
@@ -179,7 +179,8 @@ word32 RSA_BlockType1::UnPad(const byte*
     unsigned i=1;
     while (i<pkcsBlockLen && pkcsBlock[i++]) { // null body
         }
-    assert(i==pkcsBlockLen || pkcsBlock[i-1]==0);
+    if (!(i==pkcsBlockLen || pkcsBlock[i-1]==0))
+        return 0;
 
     unsigned int outputLen = pkcsBlockLen - i;
     invalid = (outputLen > maxOutputLen) || invalid;

=== modified file 'extra/yassl/taocrypt/src/sha.cpp'
--- a/extra/yassl/taocrypt/src/sha.cpp	2012-03-21 15:59:46 +0000
+++ b/extra/yassl/taocrypt/src/sha.cpp	2012-05-17 12:10:48 +0000
@@ -14,7 +14,7 @@
    along with this program; see the file COPYING. If not, write to the
    Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
    MA  02110-1301  USA.
-*/
+ */
 
 /* based on Wei Dai's sha.cpp from CryptoPP */
 
@@ -344,14 +344,14 @@ void SHA::Update(const byte* data, word3
 
     // all at once for asm
     if (buffLen_ == 0) {
-            word32 times = len / BLOCK_SIZE;
-            if (times) {
-                AsmTransform(data, times);
-                const word32 add = BLOCK_SIZE * times;
-                AddLength(add);
-                 len  -= add;
-                data += add;
-            }
+        word32 times = len / BLOCK_SIZE;
+        if (times) {
+            AsmTransform(data, times);
+            const word32 add = BLOCK_SIZE * times;
+            AddLength(add);
+            len  -= add;
+            data += add;
+        }
     }
 
     // cache any data left

=== added file 'extra/yassl/taocrypt/src/template_instnt.cpp'
--- a/extra/yassl/taocrypt/src/template_instnt.cpp	1970-01-01 00:00:00 +0000
+++ b/extra/yassl/taocrypt/src/template_instnt.cpp	2012-05-17 12:10:48 +0000
@@ -0,0 +1,81 @@
+/*
+   Copyright (c) 2005, 2011, Oracle and/or its affiliates. All rights reserved.
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; version 2 of the License.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; see the file COPYING. If not, write to the
+   Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
+   MA  02110-1301  USA.
+*/
+
+
+/*  Explicit template instantiation requests 
+ */
+
+
+#include "runtime.hpp"
+#include "integer.hpp"
+#include "rsa.hpp"
+#include "sha.hpp"
+#include "md5.hpp"
+#include "hmac.hpp"
+#include "ripemd.hpp"
+#include "pwdbased.hpp"
+#include "algebra.hpp"
+#include "vector.hpp"
+#include "hash.hpp"
+
+#ifdef HAVE_EXPLICIT_TEMPLATE_INSTANTIATION
+namespace TaoCrypt {
+
+#if defined(SSE2_INTRINSICS_AVAILABLE)
+template AlignedAllocator<unsigned int>::pointer StdReallocate<unsigned int, AlignedAllocator<unsigned int> >(AlignedAllocator<unsigned int>&, unsigned int*, AlignedAllocator<unsigned int>::size_type, AlignedAllocator<unsigned int>::size_type, bool);
+#endif
+
+template class RSA_Decryptor<RSA_BlockType2>;
+template class RSA_Encryptor<RSA_BlockType1>;
+template class RSA_Encryptor<RSA_BlockType2>;
+template void tcDelete<HASH>(HASH*);
+template void tcDelete<Integer>(Integer*);
+template void tcArrayDelete<byte>(byte*);
+template AllocatorWithCleanup<byte>::pointer StdReallocate<byte, AllocatorWithCleanup<byte> >(AllocatorWithCleanup<byte>&, byte*, AllocatorWithCleanup<byte>::size_type, AllocatorWithCleanup<byte>::size_type, bool);
+template void tcArrayDelete<word>(word*);
+template AllocatorWithCleanup<word>::pointer StdReallocate<word, AllocatorWithCleanup<word> >(AllocatorWithCleanup<word>&, word*, AllocatorWithCleanup<word>::size_type, AllocatorWithCleanup<word>::size_type, bool);
+
+#ifndef TAOCRYPT_SLOW_WORD64 // defined when word != word32
+template void tcArrayDelete<word32>(word32*);
+template AllocatorWithCleanup<word32>::pointer StdReallocate<word32, AllocatorWithCleanup<word32> >(AllocatorWithCleanup<word32>&, word32*, AllocatorWithCleanup<word32>::size_type, AllocatorWithCleanup<word32>::size_type, bool);
+#endif
+
+template void tcArrayDelete<char>(char*);
+
+template class PBKDF2_HMAC<SHA>;
+template class HMAC<MD5>;
+template class HMAC<SHA>;
+template class HMAC<RIPEMD160>;
+}
+
+namespace mySTL {
+template vector<TaoCrypt::Integer>* uninit_fill_n<vector<TaoCrypt::Integer>*, size_t, vector<TaoCrypt::Integer> >(vector<TaoCrypt::Integer>*, size_t, vector<TaoCrypt::Integer> const&);
+template void destroy<vector<TaoCrypt::Integer>*>(vector<TaoCrypt::Integer>*, vector<TaoCrypt::Integer>*);
+template TaoCrypt::Integer* uninit_copy<TaoCrypt::Integer*, TaoCrypt::Integer*>(TaoCrypt::Integer*, TaoCrypt::Integer*, TaoCrypt::Integer*);
+template TaoCrypt::Integer* uninit_fill_n<TaoCrypt::Integer*, size_t, TaoCrypt::Integer>(TaoCrypt::Integer*, size_t, TaoCrypt::Integer const&);
+template void destroy<TaoCrypt::Integer*>(TaoCrypt::Integer*, TaoCrypt::Integer*);
+template TaoCrypt::byte* GetArrayMemory<TaoCrypt::byte>(size_t);
+template void FreeArrayMemory<TaoCrypt::byte>(TaoCrypt::byte*);
+template TaoCrypt::Integer* GetArrayMemory<TaoCrypt::Integer>(size_t);
+template void FreeArrayMemory<TaoCrypt::Integer>(TaoCrypt::Integer*);
+template vector<TaoCrypt::Integer>* GetArrayMemory<vector<TaoCrypt::Integer> >(size_t);
+template void FreeArrayMemory<vector<TaoCrypt::Integer> >(vector<TaoCrypt::Integer>*);
+template void FreeArrayMemory<void>(void*);
+}
+
+#endif

=== modified file 'extra/yassl/taocrypt/src/tftables.cpp'
--- a/extra/yassl/taocrypt/src/tftables.cpp	2010-10-27 11:32:32 +0000
+++ b/extra/yassl/taocrypt/src/tftables.cpp	2012-05-17 12:10:48 +0000
@@ -14,7 +14,7 @@
    along with this program; see the file COPYING. If not, write to the
    Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
    MA  02110-1301  USA.
-*/
+ */
 
 /* based on Wei Dai's tftables.cpp from CryptoPP */
 

=== modified file 'extra/yassl/taocrypt/src/twofish.cpp'
--- a/extra/yassl/taocrypt/src/twofish.cpp	2012-03-21 15:59:46 +0000
+++ b/extra/yassl/taocrypt/src/twofish.cpp	2012-05-17 12:10:48 +0000
@@ -14,7 +14,7 @@
    along with this program; see the file COPYING. If not, write to the
    Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
    MA  02110-1301  USA.
-*/
+ */
 
 /* C++ based on Wei Dai's twofish.cpp from CryptoPP */
 /* x86 asm original */
@@ -82,7 +82,7 @@ void Twofish::Process(byte* out, const b
                 out += BLOCK_SIZE;
                 in  += BLOCK_SIZE;
             }
-    }
+}
 }
 
 #endif // DO_TWOFISH_ASM
@@ -140,8 +140,6 @@ inline word32 Twofish::h(word32 x, const
 
 void Twofish::SetKey(const byte* userKey, word32 keylen, CipherDir /*dummy*/)
 {
-	assert(keylen >= 16 && keylen <= 32);
-
 	unsigned int len = (keylen <= 16 ? 2 : (keylen <= 24 ? 3 : 4));
     word32 key[8];
 	GetUserKey(LittleEndianOrder, key, len*2, userKey, keylen);

=== modified file 'extra/yassl/taocrypt/taocrypt.dsp'
--- a/extra/yassl/taocrypt/taocrypt.dsp	2012-03-21 14:27:34 +0000
+++ b/extra/yassl/taocrypt/taocrypt.dsp	2012-05-17 12:10:48 +0000
@@ -138,6 +138,10 @@ SOURCE=.\src\hash.cpp
 # End Source File
 # Begin Source File
 
+SOURCE=.\src\hc128.cpp
+# End Source File
+# Begin Source File
+
 SOURCE=.\src\integer.cpp
 # End Source File
 # Begin Source File
@@ -158,6 +162,10 @@ SOURCE=.\src\misc.cpp
 # End Source File
 # Begin Source File
 
+SOURCE=.\src\rabbit.cpp
+# End Source File
+# Begin Source File
+
 SOURCE=.\src\random.cpp
 # End Source File
 # Begin Source File
@@ -238,6 +246,10 @@ SOURCE=.\include\hash.hpp
 # End Source File
 # Begin Source File
 
+SOURCE=.\include\hc128.hpp
+# End Source File
+# Begin Source File
+
 SOURCE=.\include\hmac.hpp
 # End Source File
 # Begin Source File
@@ -274,6 +286,10 @@ SOURCE=.\include\pwdbased.hpp
 # End Source File
 # Begin Source File
 
+SOURCE=.\include\rabbit.hpp
+# End Source File
+# Begin Source File
+
 SOURCE=.\include\random.hpp
 # End Source File
 # Begin Source File

=== removed file 'extra/yassl/taocrypt/test.dsp'
--- a/extra/yassl/taocrypt/test.dsp	2006-11-29 13:35:59 +0000
+++ b/extra/yassl/taocrypt/test.dsp	1970-01-01 00:00:00 +0000
@@ -1,102 +0,0 @@
-# Microsoft Developer Studio Project File - Name="test" - Package Owner=<4>
-# Microsoft Developer Studio Generated Build File, Format Version 6.00
-# ** DO NOT EDIT **
-
-# TARGTYPE "Win32 (x86) Console Application" 0x0103
-
-CFG=test - Win32 Debug
-!MESSAGE This is not a valid makefile. To build this project using NMAKE,
-!MESSAGE use the Export Makefile command and run
-!MESSAGE 
-!MESSAGE NMAKE /f "test.mak".
-!MESSAGE 
-!MESSAGE You can specify a configuration when running NMAKE
-!MESSAGE by defining the macro CFG on the command line. For example:
-!MESSAGE 
-!MESSAGE NMAKE /f "test.mak" CFG="test - Win32 Debug"
-!MESSAGE 
-!MESSAGE Possible choices for configuration are:
-!MESSAGE 
-!MESSAGE "test - Win32 Release" (based on "Win32 (x86) Console Application")
-!MESSAGE "test - Win32 Debug" (based on "Win32 (x86) Console Application")
-!MESSAGE 
-
-# Begin Project
-# PROP AllowPerConfigDependencies 0
-# PROP Scc_ProjName ""
-# PROP Scc_LocalPath ""
-CPP=cl.exe
-RSC=rc.exe
-
-!IF  "$(CFG)" == "test - Win32 Release"
-
-# PROP BASE Use_MFC 0
-# PROP BASE Use_Debug_Libraries 0
-# PROP BASE Output_Dir "test___Win32_Release"
-# PROP BASE Intermediate_Dir "test___Win32_Release"
-# PROP BASE Target_Dir ""
-# PROP Use_MFC 0
-# PROP Use_Debug_Libraries 0
-# PROP Output_Dir "test\Release"
-# PROP Intermediate_Dir "test\Release"
-# PROP Ignore_Export_Lib 0
-# PROP Target_Dir ""
-# ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
-# ADD CPP /nologo /MT /W3 /O2 /I "include" /I "mySTL" /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /FR /YX /FD /c
-# ADD BASE RSC /l 0x409 /d "NDEBUG"
-# ADD RSC /l 0x409 /d "NDEBUG"
-BSC32=bscmake.exe
-# ADD BASE BSC32 /nologo
-# ADD BSC32 /nologo
-LINK32=link.exe
-# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386
-# ADD LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386
-
-!ELSEIF  "$(CFG)" == "test - Win32 Debug"
-
-# PROP BASE Use_MFC 0
-# PROP BASE Use_Debug_Libraries 1
-# PROP BASE Output_Dir "test___Win32_Debug"
-# PROP BASE Intermediate_Dir "test___Win32_Debug"
-# PROP BASE Target_Dir ""
-# PROP Use_MFC 0
-# PROP Use_Debug_Libraries 1
-# PROP Output_Dir "test\Debug"
-# PROP Intermediate_Dir "test\Debug"
-# PROP Ignore_Export_Lib 0
-# PROP Target_Dir ""
-# ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c
-# ADD CPP /nologo /MTd /W3 /Gm /ZI /Od /I "include" /I "mySTL" /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /FR /YX /FD /GZ /c
-# ADD BASE RSC /l 0x409 /d "_DEBUG"
-# ADD RSC /l 0x409 /d "_DEBUG"
-BSC32=bscmake.exe
-# ADD BASE BSC32 /nologo
-# ADD BSC32 /nologo
-LINK32=link.exe
-# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept
-# ADD LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept
-
-!ENDIF 
-
-# Begin Target
-
-# Name "test - Win32 Release"
-# Name "test - Win32 Debug"
-# Begin Group "Source Files"
-
-# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
-# Begin Source File
-
-SOURCE=.\test\test.cpp
-# End Source File
-# End Group
-# Begin Group "Header Files"
-
-# PROP Default_Filter "h;hpp;hxx;hm;inl"
-# End Group
-# Begin Group "Resource Files"
-
-# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"
-# End Group
-# End Target
-# End Project

=== removed file 'extra/yassl/taocrypt/test.dsw'
--- a/extra/yassl/taocrypt/test.dsw	2006-04-07 09:35:12 +0000
+++ b/extra/yassl/taocrypt/test.dsw	1970-01-01 00:00:00 +0000
@@ -1,29 +0,0 @@
-Microsoft Developer Studio Workspace File, Format Version 6.00
-# WARNING: DO NOT EDIT OR DELETE THIS WORKSPACE FILE!
-
-###############################################################################
-
-Project: "test"=.\test.dsp - Package Owner=<4>
-
-Package=<5>
-{{{
-}}}
-
-Package=<4>
-{{{
-}}}
-
-###############################################################################
-
-Global:
-
-Package=<5>
-{{{
-}}}
-
-Package=<3>
-{{{
-}}}
-
-###############################################################################
-

=== modified file 'extra/yassl/taocrypt/test/memory.cpp'
--- a/extra/yassl/taocrypt/test/memory.cpp	2012-03-21 14:27:34 +0000
+++ b/extra/yassl/taocrypt/test/memory.cpp	2012-05-17 12:10:48 +0000
@@ -328,3 +328,32 @@ void operator delete[](void* ptr)
 {
     ::operator delete(ptr);
 }
+
+
+extern "C" {
+
+void* XMALLOC(size_t sz, void* head)
+{
+    return ::operator new(sz);
+}
+
+void* XREALLOC(void* ptr, size_t sz, void* heap)
+{
+    void* ret = ::operator new(sz);
+
+    if (ret && ptr)
+        memcpy(ret, ptr, sz);
+
+    if (ret)
+        ::operator delete(ptr);
+    return ret;
+}
+
+
+void XFREE(void* ptr, void* heap)
+{
+    ::operator delete(ptr);
+}
+
+}  // extern "C"
+

=== modified file 'extra/yassl/taocrypt/test/test.cpp'
--- a/extra/yassl/taocrypt/test/test.cpp	2012-03-21 14:27:34 +0000
+++ b/extra/yassl/taocrypt/test/test.cpp	2012-05-17 12:10:48 +0000
@@ -41,6 +41,8 @@
 #include "coding.hpp"
 #include "random.hpp"
 #include "pwdbased.hpp"
+#include "rabbit.hpp"
+#include "hc128.hpp"
 
 
 
@@ -100,16 +102,18 @@ using TaoCrypt::PBKDF2_HMAC;
 using TaoCrypt::tcArrayDelete;
 using TaoCrypt::GetCert;
 using TaoCrypt::GetPKCS_Cert;
-
+using TaoCrypt::Rabbit;
+using TaoCrypt::HC128;
 
 struct testVector {
     byte*  input_;
     byte*  output_; 
-    size_t inLen_;
-    size_t outLen_;
+    word32 inLen_;
+    word32 outLen_;
 
     testVector(const char* in, const char* out) : input_((byte*)in),
-               output_((byte*)out), inLen_(strlen(in)), outLen_(strlen(out)) {}
+               output_((byte*)out), inLen_((word32)strlen(in)),
+               outLen_((word32)strlen(out)) {}
 };
 
 int  sha_test();
@@ -134,13 +138,15 @@ int  dsa_test();
 int  dh_test();
 int  pwdbased_test();
 int  pkcs12_test();
+int  rabbit_test();
+int  hc128_test();
 
 TaoCrypt::RandomNumberGenerator rng;
 
 
 void err_sys(const char* msg, int es)
 {
-    printf("%s", msg);
+    printf("%s\n", msg);
     exit(es);    
 }
 
@@ -176,7 +182,7 @@ byte* cipher = 0;   // block output
 void taocrypt_test(void* args)
 {
     ((func_args*)args)->return_code = -1; // error state
-    
+
     msg    = NEW_TC byte[24];
     plain  = NEW_TC byte[24];
     cipher = NEW_TC byte[24];
@@ -243,6 +249,16 @@ void taocrypt_test(void* args)
     else
         printf( "ARC4     test passed!\n");
 
+    if ( (ret = rabbit_test()) )
+        err_sys("Rabbit   test failed!\n", ret);
+    else
+        printf( "Rabbit   test passed!\n");
+
+    if ( (ret = hc128_test()) )
+        err_sys("HC128    test failed!\n", ret);
+    else
+        printf( "HC128    test passed!\n");
+
     if ( (ret = des_test()) )
         err_sys("DES      test failed!\n", ret);
     else
@@ -320,16 +336,16 @@ void taocrypt_test(void* args)
 void file_test(const char* file, byte* check)
 {
     FILE* f;
-    int   i(0);
-    MD5   md5;
-    byte  buf[1024];
-    byte  md5sum[MD5::DIGEST_SIZE];
+    int i = 0;
+    MD5    md5;
+    byte   buf[1024];
+    byte   md5sum[MD5::DIGEST_SIZE];
     
     if( !( f = fopen( file, "rb" ) )) {
         printf("Can't open %s\n", file);
         return;
     }
-    while( ( i = fread(buf, 1, sizeof(buf), f )) > 0 )
+    while( ( i = (int)fread(buf, 1, sizeof(buf), f )) > 0 )
         md5.Update(buf, i);
     
     md5.Final(md5sum);
@@ -718,7 +734,7 @@ int hmac_test()
 
     int times( sizeof(test_hmacMD5) / sizeof(testVector) );
     for (int i = 0; i < times; ++i) {
-        hmacMD5.SetKey((byte*)keys[i], strlen(keys[i]));
+        hmacMD5.SetKey((byte*)keys[i], (word32)strlen(keys[i]));
         hmacMD5.Update(test_hmacMD5[i].input_, test_hmacMD5[i].inLen_);
         hmacMD5.Final(hash);
 
@@ -761,8 +777,8 @@ int arc4_test()
         ARC4::Encryption enc;
         ARC4::Decryption dec;
 
-        enc.SetKey((byte*)keys[i], strlen(keys[i]));
-        dec.SetKey((byte*)keys[i], strlen(keys[i]));
+        enc.SetKey((byte*)keys[i], (word32)strlen(keys[i]));
+        dec.SetKey((byte*)keys[i], (word32)strlen(keys[i]));
 
         enc.Process(cipher, test_arc4[i].input_, test_arc4[i].outLen_);
         dec.Process(plain,  cipher, test_arc4[i].outLen_);
@@ -778,6 +794,114 @@ int arc4_test()
 }
 
 
+int rabbit_test()
+{
+    byte cipher[16];
+    byte plain[16];
+
+    const char* keys[] = 
+    {           
+        "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
+        "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
+        "\xAC\xC3\x51\xDC\xF1\x62\xFC\x3B\xFE\x36\x3D\x2E\x29\x13\x28\x91"
+    };
+
+    const char* ivs[] =
+    {
+        "\x00\x00\x00\x00\x00\x00\x00\x00",
+        "\x59\x7E\x26\xC1\x75\xF5\x73\xC3",
+        0
+    };
+
+
+    testVector test_rabbit[] =
+    {
+        testVector("\x00\x00\x00\x00\x00\x00\x00\x00",
+                   "\xED\xB7\x05\x67\x37\x5D\xCD\x7C"),
+        testVector("\x00\x00\x00\x00\x00\x00\x00\x00",
+                   "\x6D\x7D\x01\x22\x92\xCC\xDC\xE0"),
+        testVector("\x00\x00\x00\x00\x00\x00\x00\x00",
+                   "\x9C\x51\xE2\x87\x84\xC3\x7F\xE9")
+    };
+
+
+    int times( sizeof(test_rabbit) / sizeof(testVector) );
+    for (int i = 0; i < times; ++i) {
+        Rabbit::Encryption enc;
+        Rabbit::Decryption dec;
+
+        enc.SetKey((byte*)keys[i], (byte*)ivs[i]);
+        dec.SetKey((byte*)keys[i], (byte*)ivs[i]);
+
+        enc.Process(cipher, test_rabbit[i].input_, test_rabbit[i].outLen_);
+        dec.Process(plain,  cipher, test_rabbit[i].outLen_);
+
+        if (memcmp(plain, test_rabbit[i].input_, test_rabbit[i].outLen_))
+            return -230 - i;
+
+        if (memcmp(cipher, test_rabbit[i].output_, test_rabbit[i].outLen_))
+            return -240 - i;
+    }
+
+    return 0;
+}
+
+
+int hc128_test()
+{
+    byte cipher[16];
+    byte plain[16];
+
+    const char* keys[] = 
+    {           
+        "\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
+        "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
+        "\x00\x53\xA6\xF9\x4C\x9F\xF2\x45\x98\xEB\x3E\x91\xE4\x37\x8A\xDD",
+        "\x0F\x62\xB5\x08\x5B\xAE\x01\x54\xA7\xFA\x4D\xA0\xF3\x46\x99\xEC"
+    };
+
+    const char* ivs[] =
+    {
+        "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
+        "\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
+        "\x0D\x74\xDB\x42\xA9\x10\x77\xDE\x45\xAC\x13\x7A\xE1\x48\xAF\x16",
+        "\x28\x8F\xF6\x5D\xC4\x2B\x92\xF9\x60\xC7\x2E\x95\xFC\x63\xCA\x31"
+    };
+
+    testVector test_hc128[] =
+    {
+        testVector("\x00\x00\x00\x00\x00\x00\x00\x00",
+                   "\x37\x86\x02\xB9\x8F\x32\xA7\x48"),
+        testVector("\x00\x00\x00\x00\x00\x00\x00\x00",
+                   "\x33\x7F\x86\x11\xC6\xED\x61\x5F"),
+        testVector("\x00\x00\x00\x00\x00\x00\x00\x00",
+                   "\x2E\x1E\xD1\x2A\x85\x51\xC0\x5A"),
+      testVector("\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
+                 "\x1C\xD8\xAE\xDD\xFE\x52\xE2\x17\xE8\x35\xD0\xB7\xE8\x4E\x29")
+    };
+
+    int times( sizeof(test_hc128) / sizeof(testVector) );
+    for (int i = 0; i < times; ++i) {
+        HC128::Encryption enc;
+        HC128::Decryption dec;
+
+        enc.SetKey((byte*)keys[i], (byte*)ivs[i]);
+        dec.SetKey((byte*)keys[i], (byte*)ivs[i]);
+
+        enc.Process(cipher, test_hc128[i].input_, test_hc128[i].outLen_);
+        dec.Process(plain,  cipher, test_hc128[i].outLen_);
+
+        if (memcmp(plain, test_hc128[i].input_, test_hc128[i].outLen_))
+            return -330 - i;
+
+        if (memcmp(cipher, test_hc128[i].output_, test_hc128[i].outLen_))
+            return -340 - i;
+    }
+
+    return 0;
+}
+
+
 int des_test()
 {
     //ECB mode
@@ -1040,7 +1164,7 @@ int rsa_test()
 
     RSAES_Encryptor enc(priv);
     byte message[] = "Everyone gets Friday off.";
-    const int len(strlen((char*)message));
+    const word32 len = (word32)strlen((char*)message);
     byte cipher[64];
     enc.Encrypt(message, len, cipher, rng);
 
@@ -1068,6 +1192,8 @@ int rsa_test()
         }
     }
     CertDecoder cd(source2, true, 0, false, CertDecoder::CA);
+    if (cd.GetError().What())
+        err_sys("cert error", -80);
     Source source3(cd.GetPublicKey().GetKey(), cd.GetPublicKey().size());
     RSA_PublicKey pub(source3);
  
@@ -1188,6 +1314,7 @@ int pwdbased_test()
 }
 
 
+/*
 int pkcs12_test()
 {
     Source cert;
@@ -1220,4 +1347,5 @@ int pkcs12_test()
 
     return 0;
 }
+*/
 

=== modified file 'extra/yassl/testsuite/test.hpp'
--- a/extra/yassl/testsuite/test.hpp	2012-03-21 15:59:46 +0000
+++ b/extra/yassl/testsuite/test.hpp	2012-05-17 12:10:48 +0000
@@ -23,6 +23,7 @@
 
 #include "runtime.hpp"
 #include "openssl/ssl.h"   /* openssl compatibility test */
+#include "error.hpp"
 #include <stdio.h>
 #include <stdlib.h>
 #include <assert.h>
@@ -32,6 +33,10 @@
 #ifdef _WIN32
     #include <winsock2.h>
     #include <process.h>
+    #ifdef TEST_IPV6            // don't require newer SDK for IPV4
+	    #include <ws2tcpip.h>
+        #include <wspiapi.h>
+    #endif
     #define SOCKET_T unsigned int
 #else
     #include <string.h>
@@ -42,6 +47,9 @@
     #include <sys/time.h>
     #include <sys/types.h>
     #include <sys/socket.h>
+    #ifdef TEST_IPV6
+        #include <netdb.h>
+    #endif
     #include <pthread.h>
 #ifdef NON_BLOCKING
     #include <fcntl.h>
@@ -50,6 +58,13 @@
 #endif /* _WIN32 */
 
 
+#ifdef _MSC_VER
+    // disable conversion warning
+    // 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy
+    #pragma warning(disable:4244 4996)
+#endif
+
+
 #if !defined(_SOCKLEN_T) && (defined(_WIN32) || defined(__APPLE__))
     typedef int socklen_t;
 #endif
@@ -64,16 +79,26 @@
 #endif
 
 
+#ifdef TEST_IPV6
+    typedef sockaddr_in6 SOCKADDR_IN_T;
+    #define AF_INET_V    AF_INET6
+#else
+    typedef sockaddr_in  SOCKADDR_IN_T;
+    #define AF_INET_V    AF_INET
+#endif
+   
+
 // Check if _POSIX_THREADS should be forced
 #if !defined(_POSIX_THREADS) && defined(__hpux)
 // HPUX does not define _POSIX_THREADS as it's not _fully_ implemented
+// Netware supports pthreads but does not announce it
 #define _POSIX_THREADS
 #endif
 
 
 #ifndef _POSIX_THREADS
     typedef unsigned int  THREAD_RETURN;
-    typedef unsigned long THREAD_TYPE;
+    typedef HANDLE        THREAD_TYPE;
     #define YASSL_API __stdcall
 #else
     typedef void*         THREAD_RETURN;
@@ -120,8 +145,8 @@ void start_thread(THREAD_FUNC, func_args
 void join_thread(THREAD_TYPE);
 
 // yaSSL
-const char* const    yasslIP   = "127.0.0.1";
-const unsigned short yasslPort = 11111;
+const char* const    yasslIP      = "127.0.0.1";
+const unsigned short yasslPort    =  11111;
 
 
 // client
@@ -180,7 +205,7 @@ extern "C" {
 
 static int PasswordCallBack(char* passwd, int sz, int rw, void* userdata)
 {
-    strncpy(passwd, "12345678", sz);
+    strncpy(passwd, "yassl123", sz);
     return 8;
 }
 
@@ -300,14 +325,35 @@ inline void tcp_set_nonblocking(SOCKET_T
 }
 
 
-inline void tcp_socket(SOCKET_T& sockfd, sockaddr_in& addr)
+inline void tcp_socket(SOCKET_T& sockfd, SOCKADDR_IN_T& addr)
 {
-    sockfd = socket(AF_INET, SOCK_STREAM, 0);
+    sockfd = socket(AF_INET_V, SOCK_STREAM, 0);
     memset(&addr, 0, sizeof(addr));
-    addr.sin_family = AF_INET;
 
+#ifdef TEST_IPV6
+    addr.sin6_family = AF_INET_V;
+    addr.sin6_port = htons(yasslPort);
+    addr.sin6_addr = in6addr_loopback;
+
+    /* // for external testing later 
+    addrinfo hints;
+    memset(&hints, 0, sizeof(hints));
+    hints.ai_family   = AF_INET_V;
+    hints.ai_socktype = SOCK_STREAM;
+    hints.ai_flags    = AI_PASSIVE;
+
+    getaddrinfo(yasslIP6, yasslPortStr, &hints, info);
+    // then use info connect(sockfd, info->ai_addr, info->ai_addrlen)
+
+    if (*info == 0)
+        err_sys("getaddrinfo failed");
+        */   // end external testing later
+#else
+    addr.sin_family = AF_INET_V;
     addr.sin_port = htons(yasslPort);
     addr.sin_addr.s_addr = inet_addr(yasslIP);
+#endif
+
 }
 
 
@@ -318,13 +364,13 @@ inline void tcp_close(SOCKET_T& sockfd)
 #else
     close(sockfd);
 #endif
-    sockfd = -1;
+    sockfd = (SOCKET_T) -1;
 }
 
 
 inline void tcp_connect(SOCKET_T& sockfd)
 {
-    sockaddr_in addr;
+    SOCKADDR_IN_T addr;
     tcp_socket(sockfd, addr);
 
     if (connect(sockfd, (const sockaddr*)&addr, sizeof(addr)) != 0) {
@@ -336,9 +382,15 @@ inline void tcp_connect(SOCKET_T& sockfd
 
 inline void tcp_listen(SOCKET_T& sockfd)
 {
-    sockaddr_in addr;
+    SOCKADDR_IN_T addr;
     tcp_socket(sockfd, addr);
 
+#ifndef _WIN32
+    int       on  = 1;
+    socklen_t len = sizeof(on);
+    setsockopt(sockfd, SOL_SOCKET, SO_REUSEADDR, &on, len);
+#endif
+
     if (bind(sockfd, (const sockaddr*)&addr, sizeof(addr)) != 0) {
         tcp_close(sockfd);
         err_sys("tcp bind failed");
@@ -355,7 +407,7 @@ inline void tcp_accept(SOCKET_T& sockfd,
 {
     tcp_listen(sockfd);
 
-    sockaddr_in client;
+    SOCKADDR_IN_T client;
     socklen_t client_len = sizeof(client);
 
 #if defined(_POSIX_THREADS) && defined(NO_MAIN_DRIVER)
@@ -369,7 +421,7 @@ inline void tcp_accept(SOCKET_T& sockfd,
 
     clientfd = accept(sockfd, (sockaddr*)&client, (ACCEPT_THIRD_T)&client_len);
 
-    if (clientfd == -1) {
+    if (clientfd == (SOCKET_T) -1) {
         tcp_close(sockfd);
         err_sys("tcp accept failed");
     }
@@ -387,10 +439,8 @@ inline void showPeer(SSL* ssl)
         char* issuer  = X509_NAME_oneline(X509_get_issuer_name(peer), 0, 0);
         char* subject = X509_NAME_oneline(X509_get_subject_name(peer), 0, 0);
 
-        printf("peer's cert info:\n");
-        printf("issuer : %s\n", issuer);
-        printf("subject: %s\n", subject);
-
+        printf("peer's cert info:\n issuer : %s\n subject: %s\n", issuer,
+                                                                  subject);
         free(subject);
         free(issuer);
     }
@@ -436,5 +486,19 @@ inline DH* set_tmpDH(SSL_CTX* ctx)
 }
 
 
+inline int verify_callback(int preverify_ok, X509_STORE_CTX* ctx)
+{
+    X509* err_cert = X509_STORE_CTX_get_current_cert(ctx);
+    int   err      = X509_STORE_CTX_get_error(ctx);
+    int   depth    = X509_STORE_CTX_get_error_depth(ctx);
+
+    // test allow self signed
+    if (err_cert && depth == 0 && err == TaoCrypt::SIG_OTHER_E)
+        return 1;
+
+    return 0;
+}
+
+
 #endif // yaSSL_TEST_HPP
 

=== modified file 'extra/yassl/testsuite/testsuite.cpp'
--- a/extra/yassl/testsuite/testsuite.cpp	2012-03-21 14:27:34 +0000
+++ b/extra/yassl/testsuite/testsuite.cpp	2012-05-17 12:10:48 +0000
@@ -119,7 +119,7 @@ int main(int argc, char** argv)
 void start_thread(THREAD_FUNC fun, func_args* args, THREAD_TYPE* thread)
 {
 #ifndef _POSIX_THREADS
-    *thread = _beginthreadex(0, 0, fun, args, 0, 0);
+    *thread = (HANDLE)_beginthreadex(0, 0, fun, args, 0, 0);
 #else
     pthread_create(thread, 0, fun, args);
 #endif
@@ -129,9 +129,9 @@ void start_thread(THREAD_FUNC fun, func_
 void join_thread(THREAD_TYPE thread)
 {
 #ifndef _POSIX_THREADS
-    int res = WaitForSingleObject(reinterpret_cast<HANDLE>(thread), INFINITE);
+    int res = WaitForSingleObject(thread, INFINITE);
     assert(res == WAIT_OBJECT_0);
-    res = CloseHandle(reinterpret_cast<HANDLE>(thread));
+    res = CloseHandle(thread);
     assert(res);
 #else
     pthread_join(thread, 0);
@@ -158,7 +158,7 @@ int test_openSSL_des()
 {
     /* test des encrypt/decrypt */
     char data[] = "this is my data ";
-    int  dataSz = strlen(data);
+    int  dataSz = (int)strlen(data);
     DES_key_schedule key[3];
     byte iv[8];
     EVP_BytesToKey(EVP_des_ede3_cbc(), EVP_md5(), NULL, (byte*)data, dataSz, 1,

No bundle (reason: useless for push emails).
Thread
bzr push into mysql-trunk branch (Georgi.Kodinov:3866 to 3867) Bug#13713205Georgi Kodinov18 May